From 7f78ab437c18bb9830131e60aa1c60bf925ab528 Mon Sep 17 00:00:00 2001 From: Manu Herrera Date: Tue, 1 Oct 2019 12:06:19 -0300 Subject: [PATCH] Release v0.1.0 --- V1.go | 73 + V2.go | 106 + V2_test.go | 56 + V3.go | 84 + V3_test.go | 56 + address.go | 252 ++ address_test.go | 225 + aes.go | 70 + bip70.pb.go | 431 ++ bip70.proto | 44 + challenge_keys.go | 124 + challenge_keys_test.go | 54 + challenge_public_key.go | 76 + derivationpath.go | 79 + derivationpath_test.go | 66 + go.mod | 12 + go.sum | 191 + hdkeycommon.go | 29 + hdprivatekey.go | 136 + hdprivatekey_test.go | 277 ++ hdpublickey.go | 96 + invoice.go | 67 + invoice_test.go | 182 + keycrypter.go | 168 + keycrypter_test.go | 81 + network.go | 34 + network_test.go | 75 + partiallysignedtransaction.go | 149 + partiallysignedtransaction_test.go | 350 ++ ripemd160.go | 15 + ripemd160_test.go | 42 + scrypt.go | 27 + segwit.go | 46 + submarineSwap.go | 215 + submarineSwap_test.go | 27 + vendor/github.com/btcsuite/btcd/LICENSE | 16 + .../github.com/btcsuite/btcd/btcec/README.md | 68 + .../github.com/btcsuite/btcd/btcec/btcec.go | 958 +++++ .../btcsuite/btcd/btcec/ciphering.go | 216 + vendor/github.com/btcsuite/btcd/btcec/doc.go | 21 + .../github.com/btcsuite/btcd/btcec/field.go | 1223 ++++++ .../btcsuite/btcd/btcec/genprecomps.go | 63 + .../btcsuite/btcd/btcec/gensecp256k1.go | 203 + .../btcsuite/btcd/btcec/precompute.go | 67 + .../github.com/btcsuite/btcd/btcec/privkey.go | 73 + .../github.com/btcsuite/btcd/btcec/pubkey.go | 192 + .../btcsuite/btcd/btcec/secp256k1.go | 10 + .../btcsuite/btcd/btcec/signature.go | 540 +++ .../btcsuite/btcd/chaincfg/README.md | 85 + .../btcd/chaincfg/chainhash/README.md | 41 + .../btcsuite/btcd/chaincfg/chainhash/doc.go | 5 + .../btcsuite/btcd/chaincfg/chainhash/hash.go | 128 + .../btcd/chaincfg/chainhash/hashfuncs.go | 33 + .../github.com/btcsuite/btcd/chaincfg/doc.go | 61 + .../btcsuite/btcd/chaincfg/genesis.go | 172 + .../btcsuite/btcd/chaincfg/params.go | 712 ++++ .../btcsuite/btcd/connmgr/README.md | 37 + .../btcsuite/btcd/connmgr/connmanager.go | 577 +++ .../github.com/btcsuite/btcd/connmgr/doc.go | 14 + .../btcsuite/btcd/connmgr/dynamicbanscore.go | 146 + .../github.com/btcsuite/btcd/connmgr/log.go | 30 + .../github.com/btcsuite/btcd/connmgr/seed.go | 75 + .../github.com/btcsuite/btcd/connmgr/tor.go | 129 + .../btcsuite/btcd/txscript/README.md | 63 + .../btcsuite/btcd/txscript/consensus.go | 13 + .../github.com/btcsuite/btcd/txscript/doc.go | 42 + .../btcsuite/btcd/txscript/engine.go | 1004 +++++ .../btcsuite/btcd/txscript/error.go | 453 +++ .../btcsuite/btcd/txscript/hashcache.go | 89 + .../github.com/btcsuite/btcd/txscript/log.go | 43 + .../btcsuite/btcd/txscript/opcode.go | 2447 +++++++++++ .../btcsuite/btcd/txscript/pkscript.go | 279 ++ .../btcsuite/btcd/txscript/script.go | 860 ++++ .../btcsuite/btcd/txscript/scriptbuilder.go | 274 ++ .../btcsuite/btcd/txscript/scriptnum.go | 225 + .../btcsuite/btcd/txscript/sigcache.go | 99 + .../github.com/btcsuite/btcd/txscript/sign.go | 464 +++ .../btcsuite/btcd/txscript/stack.go | 361 ++ .../btcsuite/btcd/txscript/standard.go | 707 ++++ .../github.com/btcsuite/btcd/wire/README.md | 113 + .../btcsuite/btcd/wire/blockheader.go | 128 + .../github.com/btcsuite/btcd/wire/common.go | 689 ++++ vendor/github.com/btcsuite/btcd/wire/doc.go | 162 + vendor/github.com/btcsuite/btcd/wire/error.go | 34 + .../github.com/btcsuite/btcd/wire/invvect.go | 86 + .../github.com/btcsuite/btcd/wire/message.go | 440 ++ .../github.com/btcsuite/btcd/wire/msgaddr.go | 143 + .../github.com/btcsuite/btcd/wire/msgalert.go | 407 ++ .../github.com/btcsuite/btcd/wire/msgblock.go | 290 ++ .../btcsuite/btcd/wire/msgcfcheckpt.go | 164 + .../btcsuite/btcd/wire/msgcfheaders.go | 180 + .../btcsuite/btcd/wire/msgcfilter.go | 119 + .../btcsuite/btcd/wire/msgfeefilter.go | 64 + .../btcsuite/btcd/wire/msgfilteradd.go | 81 + .../btcsuite/btcd/wire/msgfilterclear.go | 59 + .../btcsuite/btcd/wire/msgfilterload.go | 136 + .../btcsuite/btcd/wire/msggetaddr.go | 47 + .../btcsuite/btcd/wire/msggetblocks.go | 139 + .../btcsuite/btcd/wire/msggetcfcheckpt.go | 64 + .../btcsuite/btcd/wire/msggetcfheaders.go | 77 + .../btcsuite/btcd/wire/msggetcfilters.go | 81 + .../btcsuite/btcd/wire/msggetdata.go | 133 + .../btcsuite/btcd/wire/msggetheaders.go | 136 + .../btcsuite/btcd/wire/msgheaders.go | 136 + .../github.com/btcsuite/btcd/wire/msginv.go | 141 + .../btcsuite/btcd/wire/msgmempool.go | 60 + .../btcsuite/btcd/wire/msgmerkleblock.go | 159 + .../btcsuite/btcd/wire/msgnotfound.go | 110 + .../github.com/btcsuite/btcd/wire/msgping.go | 87 + .../github.com/btcsuite/btcd/wire/msgpong.go | 78 + .../btcsuite/btcd/wire/msgreject.go | 186 + .../btcsuite/btcd/wire/msgsendheaders.go | 60 + vendor/github.com/btcsuite/btcd/wire/msgtx.go | 1027 +++++ .../btcsuite/btcd/wire/msgverack.go | 46 + .../btcsuite/btcd/wire/msgversion.go | 269 ++ .../btcsuite/btcd/wire/netaddress.go | 149 + .../github.com/btcsuite/btcd/wire/protocol.go | 178 + vendor/github.com/btcsuite/btclog/.gitignore | 28 + vendor/github.com/btcsuite/btclog/.travis.yml | 13 + vendor/github.com/btcsuite/btclog/LICENSE | 15 + vendor/github.com/btcsuite/btclog/README.md | 40 + vendor/github.com/btcsuite/btclog/doc.go | 27 + vendor/github.com/btcsuite/btclog/goclean.sh | 37 + .../github.com/btcsuite/btclog/interface.go | 64 + vendor/github.com/btcsuite/btclog/log.go | 480 +++ vendor/github.com/btcsuite/btcutil/.gitignore | 28 + .../github.com/btcsuite/btcutil/.travis.yml | 15 + vendor/github.com/btcsuite/btcutil/LICENSE | 16 + vendor/github.com/btcsuite/btcutil/README.md | 50 + vendor/github.com/btcsuite/btcutil/address.go | 683 ++++ vendor/github.com/btcsuite/btcutil/amount.go | 122 + vendor/github.com/btcsuite/btcutil/appdata.go | 105 + .../btcsuite/btcutil/base58/README.md | 34 + .../btcsuite/btcutil/base58/alphabet.go | 49 + .../btcsuite/btcutil/base58/base58.go | 75 + .../btcsuite/btcutil/base58/base58check.go | 52 + .../btcsuite/btcutil/base58/cov_report.sh | 17 + .../github.com/btcsuite/btcutil/base58/doc.go | 29 + .../btcsuite/btcutil/base58/genalphabet.go | 79 + .../btcsuite/btcutil/bech32/README.md | 29 + .../btcsuite/btcutil/bech32/bech32.go | 252 ++ .../github.com/btcsuite/btcutil/bech32/doc.go | 15 + vendor/github.com/btcsuite/btcutil/block.go | 265 ++ vendor/github.com/btcsuite/btcutil/certgen.go | 144 + vendor/github.com/btcsuite/btcutil/const.go | 16 + .../github.com/btcsuite/btcutil/cov_report.sh | 17 + vendor/github.com/btcsuite/btcutil/doc.go | 46 + vendor/github.com/btcsuite/btcutil/goclean.sh | 48 + vendor/github.com/btcsuite/btcutil/hash160.go | 23 + .../btcsuite/btcutil/hdkeychain/README.md | 59 + .../btcsuite/btcutil/hdkeychain/cov_report.sh | 17 + .../btcsuite/btcutil/hdkeychain/doc.go | 84 + .../btcutil/hdkeychain/extendedkey.go | 577 +++ .../btcutil/hdkeychain/test_coverage.txt | 20 + vendor/github.com/btcsuite/btcutil/net.go | 18 + .../github.com/btcsuite/btcutil/net_noop.go | 19 + .../btcsuite/btcutil/test_coverage.txt | 72 + vendor/github.com/btcsuite/btcutil/tx.go | 124 + vendor/github.com/btcsuite/btcutil/wif.go | 169 + vendor/github.com/davecgh/go-spew/LICENSE | 15 + .../github.com/davecgh/go-spew/spew/bypass.go | 145 + .../davecgh/go-spew/spew/bypasssafe.go | 38 + .../github.com/davecgh/go-spew/spew/common.go | 341 ++ .../github.com/davecgh/go-spew/spew/config.go | 306 ++ vendor/github.com/davecgh/go-spew/spew/doc.go | 211 + .../github.com/davecgh/go-spew/spew/dump.go | 509 +++ .../github.com/davecgh/go-spew/spew/format.go | 419 ++ .../github.com/davecgh/go-spew/spew/spew.go | 148 + .../github.com/go-errors/errors/.travis.yml | 5 + .../github.com/go-errors/errors/LICENSE.MIT | 7 + vendor/github.com/go-errors/errors/README.md | 66 + vendor/github.com/go-errors/errors/cover.out | 89 + vendor/github.com/go-errors/errors/error.go | 217 + .../go-errors/errors/parse_panic.go | 127 + .../github.com/go-errors/errors/stackframe.go | 102 + vendor/github.com/golang/protobuf/AUTHORS | 3 + .../github.com/golang/protobuf/CONTRIBUTORS | 3 + vendor/github.com/golang/protobuf/LICENSE | 28 + .../github.com/golang/protobuf/proto/clone.go | 253 ++ .../golang/protobuf/proto/decode.go | 427 ++ .../golang/protobuf/proto/deprecated.go | 63 + .../golang/protobuf/proto/discard.go | 350 ++ .../golang/protobuf/proto/encode.go | 203 + .../github.com/golang/protobuf/proto/equal.go | 301 ++ .../golang/protobuf/proto/extensions.go | 607 +++ .../github.com/golang/protobuf/proto/lib.go | 965 +++++ .../golang/protobuf/proto/message_set.go | 181 + .../golang/protobuf/proto/pointer_reflect.go | 360 ++ .../golang/protobuf/proto/pointer_unsafe.go | 313 ++ .../golang/protobuf/proto/properties.go | 544 +++ .../golang/protobuf/proto/table_marshal.go | 2776 +++++++++++++ .../golang/protobuf/proto/table_merge.go | 654 +++ .../golang/protobuf/proto/table_unmarshal.go | 2053 ++++++++++ .../github.com/golang/protobuf/proto/text.go | 843 ++++ .../golang/protobuf/proto/text_parser.go | 880 ++++ .../github.com/lightningnetwork/lnd/LICENSE | 19 + .../lightningnetwork/lnd/lnwire/README.md | 18 + .../lnd/lnwire/accept_channel.go | 158 + .../lnd/lnwire/announcement_signatures.go | 108 + .../lnd/lnwire/channel_announcement.go | 160 + .../lightningnetwork/lnd/lnwire/channel_id.go | 91 + .../lnd/lnwire/channel_reestablish.go | 166 + .../lnd/lnwire/channel_update.go | 253 ++ .../lnd/lnwire/closing_signed.go | 88 + .../lightningnetwork/lnd/lnwire/commit_sig.go | 85 + .../lightningnetwork/lnd/lnwire/error.go | 127 + .../lightningnetwork/lnd/lnwire/features.go | 263 ++ .../lnd/lnwire/funding_created.go | 66 + .../lnd/lnwire/funding_locked.go | 83 + .../lnd/lnwire/funding_signed.go | 55 + .../lnd/lnwire/gossip_timestamp_range.go | 80 + .../lnd/lnwire/init_message.go | 67 + .../lightningnetwork/lnd/lnwire/lnwire.go | 857 ++++ .../lightningnetwork/lnd/lnwire/message.go | 296 ++ .../lightningnetwork/lnd/lnwire/msat.go | 45 + .../lightningnetwork/lnd/lnwire/netaddress.go | 54 + .../lnd/lnwire/node_announcement.go | 205 + .../lnd/lnwire/onion_error.go | 1292 ++++++ .../lnd/lnwire/open_channel.go | 202 + .../lightningnetwork/lnd/lnwire/ping.go | 67 + .../lightningnetwork/lnd/lnwire/pong.go | 63 + .../lnd/lnwire/query_channel_range.go | 77 + .../lnd/lnwire/query_short_chan_ids.go | 371 ++ .../lnd/lnwire/reply_channel_range.go | 84 + .../lnd/lnwire/reply_short_chan_ids_end.go | 74 + .../lnd/lnwire/revoke_and_ack.go | 83 + .../lnd/lnwire/short_channel_id.go | 48 + .../lightningnetwork/lnd/lnwire/shutdown.go | 81 + .../lightningnetwork/lnd/lnwire/signature.go | 128 + .../lnd/lnwire/update_add_htlc.go | 109 + .../lnd/lnwire/update_fail_htlc.go | 85 + .../lnd/lnwire/update_fail_malformed_htlc.go | 75 + .../lightningnetwork/lnd/lnwire/update_fee.go | 70 + .../lnd/lnwire/update_fulfill_htlc.go | 78 + .../lightningnetwork/lnd/tor/README.md | 21 + .../lightningnetwork/lnd/tor/controller.go | 530 +++ .../lightningnetwork/lnd/tor/net.go | 104 + .../lightningnetwork/lnd/tor/onionaddr.go | 63 + .../lightningnetwork/lnd/tor/tor.go | 243 ++ .../lightningnetwork/lnd/zpay32/README.md | 22 + .../lnd/zpay32/amountunits.go | 162 + .../lightningnetwork/lnd/zpay32/bech32.go | 168 + .../lightningnetwork/lnd/zpay32/hophint.go | 43 + .../lightningnetwork/lnd/zpay32/invoice.go | 1097 +++++ vendor/github.com/miekg/dns/.gitignore | 4 + vendor/github.com/miekg/dns/.travis.yml | 20 + vendor/github.com/miekg/dns/AUTHORS | 1 + vendor/github.com/miekg/dns/CONTRIBUTORS | 10 + vendor/github.com/miekg/dns/COPYRIGHT | 9 + vendor/github.com/miekg/dns/LICENSE | 32 + vendor/github.com/miekg/dns/Makefile.fuzz | 33 + vendor/github.com/miekg/dns/README.md | 164 + vendor/github.com/miekg/dns/client.go | 507 +++ vendor/github.com/miekg/dns/clientconfig.go | 137 + .../github.com/miekg/dns/compress_generate.go | 189 + vendor/github.com/miekg/dns/dane.go | 43 + vendor/github.com/miekg/dns/defaults.go | 285 ++ vendor/github.com/miekg/dns/dns.go | 107 + vendor/github.com/miekg/dns/dnssec.go | 736 ++++ vendor/github.com/miekg/dns/dnssec_keygen.go | 156 + vendor/github.com/miekg/dns/dnssec_keyscan.go | 259 ++ vendor/github.com/miekg/dns/dnssec_privkey.go | 85 + vendor/github.com/miekg/dns/doc.go | 272 ++ vendor/github.com/miekg/dns/edns.go | 634 +++ vendor/github.com/miekg/dns/format.go | 87 + vendor/github.com/miekg/dns/fuzz.go | 23 + vendor/github.com/miekg/dns/generate.go | 159 + .../miekg/dns/internal/socket/cmsghdr.go | 7 + .../internal/socket/cmsghdr_linux_32bit.go | 20 + .../internal/socket/cmsghdr_linux_64bit.go | 20 + .../dns/internal/socket/cmsghdr_other.go | 13 + .../dns/internal/socket/controlmessage.go | 118 + .../miekg/dns/internal/socket/socket.go | 4 + .../miekg/dns/internal/socket/sys.go | 14 + vendor/github.com/miekg/dns/labels.go | 191 + vendor/github.com/miekg/dns/msg.go | 1148 ++++++ vendor/github.com/miekg/dns/msg_generate.go | 349 ++ vendor/github.com/miekg/dns/msg_helpers.go | 640 +++ vendor/github.com/miekg/dns/nsecx.go | 106 + vendor/github.com/miekg/dns/privaterr.go | 149 + vendor/github.com/miekg/dns/rawmsg.go | 49 + vendor/github.com/miekg/dns/reverse.go | 38 + vendor/github.com/miekg/dns/sanitize.go | 84 + vendor/github.com/miekg/dns/scan.go | 996 +++++ vendor/github.com/miekg/dns/scan_rr.go | 2153 ++++++++++ vendor/github.com/miekg/dns/scanner.go | 56 + vendor/github.com/miekg/dns/server.go | 713 ++++ vendor/github.com/miekg/dns/sig0.go | 218 + vendor/github.com/miekg/dns/singleinflight.go | 57 + vendor/github.com/miekg/dns/smimea.go | 47 + vendor/github.com/miekg/dns/tlsa.go | 47 + vendor/github.com/miekg/dns/tsig.go | 386 ++ vendor/github.com/miekg/dns/types.go | 1377 +++++++ vendor/github.com/miekg/dns/types_generate.go | 271 ++ vendor/github.com/miekg/dns/udp.go | 45 + vendor/github.com/miekg/dns/udp_linux.go | 220 + vendor/github.com/miekg/dns/udp_other.go | 17 + vendor/github.com/miekg/dns/udp_windows.go | 30 + vendor/github.com/miekg/dns/update.go | 106 + vendor/github.com/miekg/dns/xfr.go | 260 ++ vendor/github.com/miekg/dns/zcompress.go | 119 + vendor/github.com/miekg/dns/zmsg.go | 3619 +++++++++++++++++ vendor/github.com/miekg/dns/ztypes.go | 864 ++++ vendor/github.com/pkg/errors/.gitignore | 24 + vendor/github.com/pkg/errors/.travis.yml | 15 + vendor/github.com/pkg/errors/LICENSE | 23 + vendor/github.com/pkg/errors/README.md | 52 + vendor/github.com/pkg/errors/appveyor.yml | 32 + vendor/github.com/pkg/errors/errors.go | 282 ++ vendor/github.com/pkg/errors/stack.go | 147 + vendor/golang.org/x/crypto/AUTHORS | 3 + vendor/golang.org/x/crypto/CONTRIBUTORS | 3 + vendor/golang.org/x/crypto/LICENSE | 27 + vendor/golang.org/x/crypto/PATENTS | 22 + vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go | 77 + .../x/crypto/ripemd160/ripemd160.go | 124 + .../x/crypto/ripemd160/ripemd160block.go | 165 + vendor/golang.org/x/crypto/scrypt/scrypt.go | 213 + vendor/golang.org/x/net/AUTHORS | 3 + vendor/golang.org/x/net/CONTRIBUTORS | 3 + vendor/golang.org/x/net/LICENSE | 27 + vendor/golang.org/x/net/PATENTS | 22 + .../golang.org/x/net/internal/socks/client.go | 168 + .../golang.org/x/net/internal/socks/socks.go | 317 ++ vendor/golang.org/x/net/proxy/direct.go | 18 + vendor/golang.org/x/net/proxy/per_host.go | 140 + vendor/golang.org/x/net/proxy/proxy.go | 139 + vendor/golang.org/x/net/proxy/socks5.go | 36 + vendor/google.golang.org/grpc/AUTHORS | 1 + vendor/google.golang.org/grpc/LICENSE | 202 + .../grpc/codes/code_string.go | 62 + vendor/google.golang.org/grpc/codes/codes.go | 197 + vendor/modules.txt | 38 + 333 files changed, 72484 insertions(+) create mode 100644 V1.go create mode 100644 V2.go create mode 100644 V2_test.go create mode 100644 V3.go create mode 100644 V3_test.go create mode 100644 address.go create mode 100644 address_test.go create mode 100644 aes.go create mode 100644 bip70.pb.go create mode 100644 bip70.proto create mode 100644 challenge_keys.go create mode 100644 challenge_keys_test.go create mode 100644 challenge_public_key.go create mode 100644 derivationpath.go create mode 100644 derivationpath_test.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 hdkeycommon.go create mode 100644 hdprivatekey.go create mode 100644 hdprivatekey_test.go create mode 100644 hdpublickey.go create mode 100644 invoice.go create mode 100644 invoice_test.go create mode 100644 keycrypter.go create mode 100644 keycrypter_test.go create mode 100644 network.go create mode 100644 network_test.go create mode 100644 partiallysignedtransaction.go create mode 100644 partiallysignedtransaction_test.go create mode 100644 ripemd160.go create mode 100644 ripemd160_test.go create mode 100644 scrypt.go create mode 100644 segwit.go create mode 100644 submarineSwap.go create mode 100644 submarineSwap_test.go create mode 100644 vendor/github.com/btcsuite/btcd/LICENSE create mode 100644 vendor/github.com/btcsuite/btcd/btcec/README.md create mode 100644 vendor/github.com/btcsuite/btcd/btcec/btcec.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/ciphering.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/doc.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/field.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/genprecomps.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/gensecp256k1.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/precompute.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/privkey.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/pubkey.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/secp256k1.go create mode 100644 vendor/github.com/btcsuite/btcd/btcec/signature.go create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/README.md create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/chainhash/README.md create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/chainhash/doc.go create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hash.go create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hashfuncs.go create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/doc.go create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/genesis.go create mode 100644 vendor/github.com/btcsuite/btcd/chaincfg/params.go create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/README.md create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/connmanager.go create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/doc.go create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/dynamicbanscore.go create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/log.go create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/seed.go create mode 100644 vendor/github.com/btcsuite/btcd/connmgr/tor.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/README.md create mode 100644 vendor/github.com/btcsuite/btcd/txscript/consensus.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/doc.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/engine.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/error.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/hashcache.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/log.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/opcode.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/pkscript.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/script.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/scriptbuilder.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/scriptnum.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/sigcache.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/sign.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/stack.go create mode 100644 vendor/github.com/btcsuite/btcd/txscript/standard.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/README.md create mode 100644 vendor/github.com/btcsuite/btcd/wire/blockheader.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/common.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/doc.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/error.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/invvect.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/message.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgaddr.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgalert.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgblock.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgcfcheckpt.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgcfheaders.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgcfilter.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgfeefilter.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgfilteradd.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgfilterclear.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgfilterload.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetaddr.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetblocks.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetcfcheckpt.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetcfheaders.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetcfilters.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetdata.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msggetheaders.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgheaders.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msginv.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgmempool.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgmerkleblock.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgnotfound.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgping.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgpong.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgreject.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgsendheaders.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgtx.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgverack.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/msgversion.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/netaddress.go create mode 100644 vendor/github.com/btcsuite/btcd/wire/protocol.go create mode 100644 vendor/github.com/btcsuite/btclog/.gitignore create mode 100644 vendor/github.com/btcsuite/btclog/.travis.yml create mode 100644 vendor/github.com/btcsuite/btclog/LICENSE create mode 100644 vendor/github.com/btcsuite/btclog/README.md create mode 100644 vendor/github.com/btcsuite/btclog/doc.go create mode 100644 vendor/github.com/btcsuite/btclog/goclean.sh create mode 100644 vendor/github.com/btcsuite/btclog/interface.go create mode 100644 vendor/github.com/btcsuite/btclog/log.go create mode 100644 vendor/github.com/btcsuite/btcutil/.gitignore create mode 100644 vendor/github.com/btcsuite/btcutil/.travis.yml create mode 100644 vendor/github.com/btcsuite/btcutil/LICENSE create mode 100644 vendor/github.com/btcsuite/btcutil/README.md create mode 100644 vendor/github.com/btcsuite/btcutil/address.go create mode 100644 vendor/github.com/btcsuite/btcutil/amount.go create mode 100644 vendor/github.com/btcsuite/btcutil/appdata.go create mode 100644 vendor/github.com/btcsuite/btcutil/base58/README.md create mode 100644 vendor/github.com/btcsuite/btcutil/base58/alphabet.go create mode 100644 vendor/github.com/btcsuite/btcutil/base58/base58.go create mode 100644 vendor/github.com/btcsuite/btcutil/base58/base58check.go create mode 100644 vendor/github.com/btcsuite/btcutil/base58/cov_report.sh create mode 100644 vendor/github.com/btcsuite/btcutil/base58/doc.go create mode 100644 vendor/github.com/btcsuite/btcutil/base58/genalphabet.go create mode 100644 vendor/github.com/btcsuite/btcutil/bech32/README.md create mode 100644 vendor/github.com/btcsuite/btcutil/bech32/bech32.go create mode 100644 vendor/github.com/btcsuite/btcutil/bech32/doc.go create mode 100644 vendor/github.com/btcsuite/btcutil/block.go create mode 100644 vendor/github.com/btcsuite/btcutil/certgen.go create mode 100644 vendor/github.com/btcsuite/btcutil/const.go create mode 100644 vendor/github.com/btcsuite/btcutil/cov_report.sh create mode 100644 vendor/github.com/btcsuite/btcutil/doc.go create mode 100644 vendor/github.com/btcsuite/btcutil/goclean.sh create mode 100644 vendor/github.com/btcsuite/btcutil/hash160.go create mode 100644 vendor/github.com/btcsuite/btcutil/hdkeychain/README.md create mode 100644 vendor/github.com/btcsuite/btcutil/hdkeychain/cov_report.sh create mode 100644 vendor/github.com/btcsuite/btcutil/hdkeychain/doc.go create mode 100644 vendor/github.com/btcsuite/btcutil/hdkeychain/extendedkey.go create mode 100644 vendor/github.com/btcsuite/btcutil/hdkeychain/test_coverage.txt create mode 100644 vendor/github.com/btcsuite/btcutil/net.go create mode 100644 vendor/github.com/btcsuite/btcutil/net_noop.go create mode 100644 vendor/github.com/btcsuite/btcutil/test_coverage.txt create mode 100644 vendor/github.com/btcsuite/btcutil/tx.go create mode 100644 vendor/github.com/btcsuite/btcutil/wif.go create mode 100644 vendor/github.com/davecgh/go-spew/LICENSE create mode 100644 vendor/github.com/davecgh/go-spew/spew/bypass.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/bypasssafe.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/common.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/config.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/doc.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/dump.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/format.go create mode 100644 vendor/github.com/davecgh/go-spew/spew/spew.go create mode 100644 vendor/github.com/go-errors/errors/.travis.yml create mode 100644 vendor/github.com/go-errors/errors/LICENSE.MIT create mode 100644 vendor/github.com/go-errors/errors/README.md create mode 100644 vendor/github.com/go-errors/errors/cover.out create mode 100644 vendor/github.com/go-errors/errors/error.go create mode 100644 vendor/github.com/go-errors/errors/parse_panic.go create mode 100644 vendor/github.com/go-errors/errors/stackframe.go create mode 100644 vendor/github.com/golang/protobuf/AUTHORS create mode 100644 vendor/github.com/golang/protobuf/CONTRIBUTORS create mode 100644 vendor/github.com/golang/protobuf/LICENSE create mode 100644 vendor/github.com/golang/protobuf/proto/clone.go create mode 100644 vendor/github.com/golang/protobuf/proto/decode.go create mode 100644 vendor/github.com/golang/protobuf/proto/deprecated.go create mode 100644 vendor/github.com/golang/protobuf/proto/discard.go create mode 100644 vendor/github.com/golang/protobuf/proto/encode.go create mode 100644 vendor/github.com/golang/protobuf/proto/equal.go create mode 100644 vendor/github.com/golang/protobuf/proto/extensions.go create mode 100644 vendor/github.com/golang/protobuf/proto/lib.go create mode 100644 vendor/github.com/golang/protobuf/proto/message_set.go create mode 100644 vendor/github.com/golang/protobuf/proto/pointer_reflect.go create mode 100644 vendor/github.com/golang/protobuf/proto/pointer_unsafe.go create mode 100644 vendor/github.com/golang/protobuf/proto/properties.go create mode 100644 vendor/github.com/golang/protobuf/proto/table_marshal.go create mode 100644 vendor/github.com/golang/protobuf/proto/table_merge.go create mode 100644 vendor/github.com/golang/protobuf/proto/table_unmarshal.go create mode 100644 vendor/github.com/golang/protobuf/proto/text.go create mode 100644 vendor/github.com/golang/protobuf/proto/text_parser.go create mode 100644 vendor/github.com/lightningnetwork/lnd/LICENSE create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/README.md create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/accept_channel.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/announcement_signatures.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/channel_announcement.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/channel_id.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/channel_reestablish.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/channel_update.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/closing_signed.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/commit_sig.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/error.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/features.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/funding_created.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/funding_locked.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/funding_signed.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/gossip_timestamp_range.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/init_message.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/lnwire.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/message.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/msat.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/netaddress.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/node_announcement.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/onion_error.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/open_channel.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/ping.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/pong.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/query_channel_range.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/query_short_chan_ids.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/reply_channel_range.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/reply_short_chan_ids_end.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/revoke_and_ack.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/short_channel_id.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/shutdown.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/signature.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/update_add_htlc.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_htlc.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_malformed_htlc.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/update_fee.go create mode 100644 vendor/github.com/lightningnetwork/lnd/lnwire/update_fulfill_htlc.go create mode 100644 vendor/github.com/lightningnetwork/lnd/tor/README.md create mode 100644 vendor/github.com/lightningnetwork/lnd/tor/controller.go create mode 100644 vendor/github.com/lightningnetwork/lnd/tor/net.go create mode 100644 vendor/github.com/lightningnetwork/lnd/tor/onionaddr.go create mode 100644 vendor/github.com/lightningnetwork/lnd/tor/tor.go create mode 100644 vendor/github.com/lightningnetwork/lnd/zpay32/README.md create mode 100644 vendor/github.com/lightningnetwork/lnd/zpay32/amountunits.go create mode 100644 vendor/github.com/lightningnetwork/lnd/zpay32/bech32.go create mode 100644 vendor/github.com/lightningnetwork/lnd/zpay32/hophint.go create mode 100644 vendor/github.com/lightningnetwork/lnd/zpay32/invoice.go create mode 100644 vendor/github.com/miekg/dns/.gitignore create mode 100644 vendor/github.com/miekg/dns/.travis.yml create mode 100644 vendor/github.com/miekg/dns/AUTHORS create mode 100644 vendor/github.com/miekg/dns/CONTRIBUTORS create mode 100644 vendor/github.com/miekg/dns/COPYRIGHT create mode 100644 vendor/github.com/miekg/dns/LICENSE create mode 100644 vendor/github.com/miekg/dns/Makefile.fuzz create mode 100644 vendor/github.com/miekg/dns/README.md create mode 100644 vendor/github.com/miekg/dns/client.go create mode 100644 vendor/github.com/miekg/dns/clientconfig.go create mode 100644 vendor/github.com/miekg/dns/compress_generate.go create mode 100644 vendor/github.com/miekg/dns/dane.go create mode 100644 vendor/github.com/miekg/dns/defaults.go create mode 100644 vendor/github.com/miekg/dns/dns.go create mode 100644 vendor/github.com/miekg/dns/dnssec.go create mode 100644 vendor/github.com/miekg/dns/dnssec_keygen.go create mode 100644 vendor/github.com/miekg/dns/dnssec_keyscan.go create mode 100644 vendor/github.com/miekg/dns/dnssec_privkey.go create mode 100644 vendor/github.com/miekg/dns/doc.go create mode 100644 vendor/github.com/miekg/dns/edns.go create mode 100644 vendor/github.com/miekg/dns/format.go create mode 100644 vendor/github.com/miekg/dns/fuzz.go create mode 100644 vendor/github.com/miekg/dns/generate.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/cmsghdr.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_32bit.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_64bit.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/cmsghdr_other.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/controlmessage.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/socket.go create mode 100644 vendor/github.com/miekg/dns/internal/socket/sys.go create mode 100644 vendor/github.com/miekg/dns/labels.go create mode 100644 vendor/github.com/miekg/dns/msg.go create mode 100644 vendor/github.com/miekg/dns/msg_generate.go create mode 100644 vendor/github.com/miekg/dns/msg_helpers.go create mode 100644 vendor/github.com/miekg/dns/nsecx.go create mode 100644 vendor/github.com/miekg/dns/privaterr.go create mode 100644 vendor/github.com/miekg/dns/rawmsg.go create mode 100644 vendor/github.com/miekg/dns/reverse.go create mode 100644 vendor/github.com/miekg/dns/sanitize.go create mode 100644 vendor/github.com/miekg/dns/scan.go create mode 100644 vendor/github.com/miekg/dns/scan_rr.go create mode 100644 vendor/github.com/miekg/dns/scanner.go create mode 100644 vendor/github.com/miekg/dns/server.go create mode 100644 vendor/github.com/miekg/dns/sig0.go create mode 100644 vendor/github.com/miekg/dns/singleinflight.go create mode 100644 vendor/github.com/miekg/dns/smimea.go create mode 100644 vendor/github.com/miekg/dns/tlsa.go create mode 100644 vendor/github.com/miekg/dns/tsig.go create mode 100644 vendor/github.com/miekg/dns/types.go create mode 100644 vendor/github.com/miekg/dns/types_generate.go create mode 100644 vendor/github.com/miekg/dns/udp.go create mode 100644 vendor/github.com/miekg/dns/udp_linux.go create mode 100644 vendor/github.com/miekg/dns/udp_other.go create mode 100644 vendor/github.com/miekg/dns/udp_windows.go create mode 100644 vendor/github.com/miekg/dns/update.go create mode 100644 vendor/github.com/miekg/dns/xfr.go create mode 100644 vendor/github.com/miekg/dns/zcompress.go create mode 100644 vendor/github.com/miekg/dns/zmsg.go create mode 100644 vendor/github.com/miekg/dns/ztypes.go create mode 100644 vendor/github.com/pkg/errors/.gitignore create mode 100644 vendor/github.com/pkg/errors/.travis.yml create mode 100644 vendor/github.com/pkg/errors/LICENSE create mode 100644 vendor/github.com/pkg/errors/README.md create mode 100644 vendor/github.com/pkg/errors/appveyor.yml create mode 100644 vendor/github.com/pkg/errors/errors.go create mode 100644 vendor/github.com/pkg/errors/stack.go create mode 100644 vendor/golang.org/x/crypto/AUTHORS create mode 100644 vendor/golang.org/x/crypto/CONTRIBUTORS create mode 100644 vendor/golang.org/x/crypto/LICENSE create mode 100644 vendor/golang.org/x/crypto/PATENTS create mode 100644 vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go create mode 100644 vendor/golang.org/x/crypto/ripemd160/ripemd160.go create mode 100644 vendor/golang.org/x/crypto/ripemd160/ripemd160block.go create mode 100644 vendor/golang.org/x/crypto/scrypt/scrypt.go create mode 100644 vendor/golang.org/x/net/AUTHORS create mode 100644 vendor/golang.org/x/net/CONTRIBUTORS create mode 100644 vendor/golang.org/x/net/LICENSE create mode 100644 vendor/golang.org/x/net/PATENTS create mode 100644 vendor/golang.org/x/net/internal/socks/client.go create mode 100644 vendor/golang.org/x/net/internal/socks/socks.go create mode 100644 vendor/golang.org/x/net/proxy/direct.go create mode 100644 vendor/golang.org/x/net/proxy/per_host.go create mode 100644 vendor/golang.org/x/net/proxy/proxy.go create mode 100644 vendor/golang.org/x/net/proxy/socks5.go create mode 100644 vendor/google.golang.org/grpc/AUTHORS create mode 100644 vendor/google.golang.org/grpc/LICENSE create mode 100644 vendor/google.golang.org/grpc/codes/code_string.go create mode 100644 vendor/google.golang.org/grpc/codes/codes.go create mode 100644 vendor/modules.txt diff --git a/V1.go b/V1.go new file mode 100644 index 0000000..9dc66a1 --- /dev/null +++ b/V1.go @@ -0,0 +1,73 @@ +package libwallet + +import ( + "github.com/btcsuite/btcd/txscript" + "github.com/btcsuite/btcd/wire" + "github.com/btcsuite/btcutil" + "github.com/pkg/errors" +) + +// CreateAddressV1 returns a P2PKH MuunAddress from a publicKey for using in TransactionSchameV1 +func CreateAddressV1(publicKey *HDPublicKey) (MuunAddress, error) { + pubkey, err := btcutil.NewAddressPubKey(publicKey.Raw(), publicKey.Network.network) + if err != nil { + return nil, err + } + + pubkeyHash := pubkey.AddressPubKeyHash() + address := pubkeyHash.String() + + return &muunAddress{address: address, version: addressV1, derivationPath: publicKey.Path}, nil +} + +func addUserSignatureInputV1(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey) (*wire.TxIn, error) { + + txInput := tx.TxIn[index] + + sig, err := signInputV1(input, index, tx, privateKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to sign V1 input") + } + + builder := txscript.NewScriptBuilder() + builder.AddData(sig) + builder.AddData(privateKey.PublicKey().Raw()) + script, err := builder.Script() + if err != nil { + return nil, errors.Wrapf(err, "failed to generate signing script") + } + + txInput.SignatureScript = script + + return txInput, nil +} + +func createRedeemScriptV1(publicKey *HDPublicKey) ([]byte, error) { + + userAddress, err := btcutil.NewAddressPubKey(publicKey.Raw(), publicKey.Network.network) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate address for user") + } + + return txscript.PayToAddrScript(userAddress.AddressPubKeyHash()) +} + +func signInputV1(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey) ([]byte, error) { + + redeemScript, err := createRedeemScriptV1(privateKey.PublicKey()) + if err != nil { + return nil, errors.Wrapf(err, "failed to build reedem script for signing") + } + + privKey, err := privateKey.key.ECPrivKey() + if err != nil { + return nil, errors.Wrapf(err, "failed to produce EC priv key for signing") + } + + sig, err := txscript.RawTxInSignature(tx, index, redeemScript, txscript.SigHashAll, privKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to sign V1 input") + } + + return sig, nil +} diff --git a/V2.go b/V2.go new file mode 100644 index 0000000..11dc1f7 --- /dev/null +++ b/V2.go @@ -0,0 +1,106 @@ +package libwallet + +import ( + "github.com/btcsuite/btcd/txscript" + "github.com/btcsuite/btcutil" + "github.com/pkg/errors" + + "github.com/btcsuite/btcd/wire" +) + +func CreateAddressV2(userKey, muunKey *HDPublicKey) (MuunAddress, error) { + + script, err := createRedeemScriptV2(userKey, muunKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate redeem script v2") + } + + address, err := btcutil.NewAddressScriptHash(script, userKey.Network.network) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate multisig address") + } + + return &muunAddress{ + address: address.String(), + version: addressV2, + derivationPath: userKey.Path, + redeemScript: script, + }, nil +} + +func createRedeemScriptV2(userKey, muunKey *HDPublicKey) ([]byte, error) { + + userAddress, err := btcutil.NewAddressPubKey(userKey.Raw(), userKey.Network.network) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate address for user") + } + + muunAddress, err := btcutil.NewAddressPubKey(muunKey.Raw(), muunKey.Network.network) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate address for muun") + } + + return txscript.MultiSigScript([]*btcutil.AddressPubKey{ + userAddress, + muunAddress, + }, 2) +} + +func addUserSignatureInputV2(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey, + muunKey *HDPublicKey) (*wire.TxIn, error) { + + if len(input.MuunSignature()) == 0 { + return nil, errors.Errorf("muun signature must be present") + } + + txInput := tx.TxIn[index] + + redeemScript, err := createRedeemScriptV2(privateKey.PublicKey(), muunKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to build reedem script for signing") + } + + sig, err := signInputV2(input, index, tx, privateKey.PublicKey(), muunKey, privateKey) + if err != nil { + return nil, err + } + + // This is a standard 2 of 2 multisig script + // 0 because of a bug in bitcoind + // Then the 2 sigs: first the users and then muuns + // Last, the script that contains the two pub keys and OP_CHECKMULTISIG + builder := txscript.NewScriptBuilder() + builder.AddInt64(0) + builder.AddData(sig) + builder.AddData(input.MuunSignature()) + builder.AddData(redeemScript) + script, err := builder.Script() + if err != nil { + return nil, errors.Wrapf(err, "failed to generate signing script") + } + + txInput.SignatureScript = script + + return txInput, nil +} + +func signInputV2(input Input, index int, tx *wire.MsgTx, userKey, muunKey *HDPublicKey, + signingKey *HDPrivateKey) ([]byte, error) { + + redeemScript, err := createRedeemScriptV2(userKey, muunKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to build reedem script for signing") + } + + privKey, err := signingKey.key.ECPrivKey() + if err != nil { + return nil, errors.Wrapf(err, "failed to produce EC priv key for signing") + } + + sig, err := txscript.RawTxInSignature(tx, index, redeemScript, txscript.SigHashAll, privKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to sign V2 output") + } + + return sig, nil +} diff --git a/V2_test.go b/V2_test.go new file mode 100644 index 0000000..acd34fd --- /dev/null +++ b/V2_test.go @@ -0,0 +1,56 @@ +package libwallet + +import ( + "encoding/hex" + "reflect" + "testing" +) + +func Test_CreateAddressV2(t *testing.T) { + + const ( + addressPath = "m/schema:1'/recovery:1'/external:1/0" + originAddress = "2NDeWrsJEwvxwVnvtWzPjhDC5B2LYkFuX2s" + + encodedMuunKey = "tpubDBYMnFoxYLdMBZThTk4uARTe4kGPeEYWdKcaEzaUxt1cesetnxtTqmAxVkzDRou51emWytommyLWcF91SdF5KecA6Ja8oHK1FF7d5U2hMxX" + encodedUserKey = "tprv8dfM4H5fYJirMai5Er3LguicgUAyxmcSQbFub5ens16amX1e1HAFiW4SXnFVw9nu9FedFQqTPGTTjPEmgfvvXMKww3UcRpFbbC4DFjbCcTb" + basePath = "m/schema:1'/recovery:1'" + v2EncodedScript = "5221029fa5af7a34c142c1ce348b360abeb7de01df25b1d50129e58a67a6b846c9303b21025714f6b3670d4a38f5e2d6e8f239c9fc072543ce33dca54fcb4f4886a5cb87a652ae" + ) + + v2Script := make([]byte, 71) + hex.Decode(v2Script[:], []byte(v2EncodedScript)) + + baseMuunKey, _ := NewHDPublicKeyFromString(encodedMuunKey, basePath) + muunKey, _ := baseMuunKey.DeriveTo(addressPath) + + baseUserKey, _ := NewHDPrivateKeyFromString(encodedUserKey, basePath) + userKey, _ := baseUserKey.DeriveTo(addressPath) + + type args struct { + userKey *HDPublicKey + muunKey *HDPublicKey + } + tests := []struct { + name string + args args + want MuunAddress + wantErr bool + }{ + {name: "gen address", + args: args{userKey: userKey.PublicKey(), muunKey: muunKey}, + want: &muunAddress{address: originAddress, derivationPath: addressPath, version: addressV2, redeemScript: v2Script}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := CreateAddressV2(tt.args.userKey, tt.args.muunKey) + if (err != nil) != tt.wantErr { + t.Errorf("CreateAddressV2() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("CreateAddressV2() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/V3.go b/V3.go new file mode 100644 index 0000000..5f01805 --- /dev/null +++ b/V3.go @@ -0,0 +1,84 @@ +package libwallet + +import ( + "github.com/btcsuite/btcutil" + + "github.com/pkg/errors" + + "github.com/btcsuite/btcd/wire" +) + +func CreateAddressV3(userKey, muunKey *HDPublicKey) (MuunAddress, error) { + + redeemScript, err := createRedeemScriptV3(userKey, muunKey) + if err != nil { + return nil, err + } + + address, err := btcutil.NewAddressScriptHash(redeemScript, userKey.Network.network) + if err != nil { + return nil, err + } + + return &muunAddress{ + address: address.EncodeAddress(), + version: addressV3, + derivationPath: userKey.Path, + redeemScript: redeemScript, + }, nil +} + +func createRedeemScriptV3(userKey, muunKey *HDPublicKey) ([]byte, error) { + witnessScript, err := createWitnessScriptV3(userKey, muunKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate redeem script v3") + } + + return createNonNativeSegwitRedeemScript(witnessScript) +} + +func createWitnessScriptV3(userKey, muunKey *HDPublicKey) ([]byte, error) { + // createRedeemScriptV2 creates a valid script for both V2 and V3 schemes + return createRedeemScriptV2(userKey, muunKey) +} + +func addUserSignatureInputV3(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey, muunKey *HDPublicKey) (*wire.TxIn, error) { + + if len(input.MuunSignature()) == 0 { + return nil, errors.Errorf("muun signature must be present") + } + + + witnessScript, err := createWitnessScriptV3(privateKey.PublicKey(), muunKey) + if err != nil { + return nil, err + } + + sig, err := signInputV3(input, index, tx, privateKey.PublicKey(), muunKey, privateKey) + if err != nil { + return nil, err + } + + zeroByteArray := []byte{} + + txInput := tx.TxIn[index] + txInput.Witness = wire.TxWitness{zeroByteArray, sig, input.MuunSignature(), witnessScript} + + return txInput, nil +} + +func signInputV3(input Input, index int, tx *wire.MsgTx, userKey *HDPublicKey, muunKey *HDPublicKey, + signingKey *HDPrivateKey) ([]byte, error) { + + witnessScript, err := createWitnessScriptV3(userKey, muunKey) + if err != nil { + return nil, err + } + + redeemScript, err := createRedeemScriptV3(userKey, muunKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to build reedem script for signing") + } + + return signNonNativeSegwitInput(input, index, tx, signingKey, redeemScript, witnessScript) +} diff --git a/V3_test.go b/V3_test.go new file mode 100644 index 0000000..5faf4a6 --- /dev/null +++ b/V3_test.go @@ -0,0 +1,56 @@ +package libwallet + +import ( + "encoding/hex" + "reflect" + "testing" +) + +func Test_CreateAddressV3(t *testing.T) { + + const ( + addressPath = "m/schema:1'/recovery:1'/external:1/0" + + v3Address = "2MswEXmCLaHQq6pUTtnUVF8wVArfYSqUec5" + basePK = "tpubDAN21T1DFREQQS4FvpUktKRBzXXsj5ddenAa5u198hLXvErFFR4Lj8bt8xMG3xnZr6u8mx1vrFW9RwCDXQwQuYRCLq1j9Nr2VJUrENzteQH" + baseCosigningPK = "tpubDAsVhzq6otpasovieofhiaY38bSFGyJaBGvrJjBv9whhSnftUXfMTMVrq4BbTXT5A9b78CqqbPuM2j1ZGWdiggd7JHUTZAHh8GXDTt4Pkj9" + basePath = "m/schema:1'/recovery:1'" + v3EncodedScript = "0020e1fbfbd395aff8b4087fee3e4488815ef659b559b3cd0d6800b5a591efd99f38" + ) + + v3Script := make([]byte, 34) + hex.Decode(v3Script[:], []byte(v3EncodedScript)) + + baseMuunKey, _ := NewHDPublicKeyFromString(baseCosigningPK, basePath) + muunKey, _ := baseMuunKey.DeriveTo(addressPath) + + baseUserKey, _ := NewHDPublicKeyFromString(basePK, basePath) + userKey, _ := baseUserKey.DeriveTo(addressPath) + + type args struct { + userKey *HDPublicKey + muunKey *HDPublicKey + } + tests := []struct { + name string + args args + want MuunAddress + wantErr bool + }{ + {name: "gen address", + args: args{userKey: userKey, muunKey: muunKey}, + want: &muunAddress{address: v3Address, derivationPath: addressPath, version: addressV3, redeemScript: v3Script}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := CreateAddressV3(tt.args.userKey, tt.args.muunKey) + if (err != nil) != tt.wantErr { + t.Errorf("CreateAddressV3() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("CreateAddressV3() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/address.go b/address.go new file mode 100644 index 0000000..8201bb0 --- /dev/null +++ b/address.go @@ -0,0 +1,252 @@ +package libwallet + +import ( + "io/ioutil" + "net/http" + "net/url" + "strconv" + "strings" + + "github.com/btcsuite/btcd/txscript" + "github.com/btcsuite/btcutil" + "github.com/golang/protobuf/proto" + "github.com/pkg/errors" +) + +type AddressVersion int + +const ( + addressV1 AddressVersion = 1 + addressV2 AddressVersion = 2 + addressV3 AddressVersion = 3 + addressSubmarineSwap AddressVersion = 101 +) + +type muunAddress struct { + version AddressVersion + derivationPath string + address string + redeemScript []byte +} + +func newMuunAddress(version AddressVersion, userPublicKey, muunPublicKey *HDPublicKey) (MuunAddress, error) { + if userPublicKey.Path != muunPublicKey.Path { + return nil, errors.Errorf("paths must match for address generation (%v != %v)", userPublicKey.Path, muunPublicKey.Path) + } + + switch version { + case addressV1: + return CreateAddressV1(userPublicKey) + case addressV2: + return CreateAddressV2(userPublicKey, muunPublicKey) + case addressV3: + return CreateAddressV3(userPublicKey, muunPublicKey) + case addressSubmarineSwap: + return CreateAddressSubmarineSwap(userPublicKey) + } + + return nil, errors.Errorf("unknown version %v", version) +} + +func (a *muunAddress) Version() int { + return int(a.version) +} + +func (a *muunAddress) DerivationPath() string { + return a.derivationPath +} + +func (a *muunAddress) Address() string { + return a.address +} + +func (a *muunAddress) RedeemScript() []byte { + return a.redeemScript +} + +// MuunPaymentURI is muun's uri struct +type MuunPaymentURI struct { + Address string + Label string + Message string + Amount string + URI string + BIP70Url string + CreationTime string + ExpiresTime string + Invoice *Invoice +} + +const ( + bitcoinScheme = "bitcoin:" + muunScheme = "muun:" +) + +// GetPaymentURI builds a MuunPaymentURI from an address and a network +func GetPaymentURI(address string, network *Network) (*MuunPaymentURI, error) { + + uriAddress := normalizeAddress(address) + + components, err := url.Parse(uriAddress) + if err != nil { + return nil, err + } + + if components.Scheme != "bitcoin" { + return nil, errors.New("Invalid scheme") + } + + base58Address := components.Opaque + + // When URIs are bitcoin:// the address comes in host + // this happens in iOS that mostly ignores bitcoin: format + if len(base58Address) == 0 { + base58Address = components.Host + } + + queryValues, err := url.ParseQuery(components.RawQuery) + if err != nil { + return nil, errors.Wrapf(err, "Couldnt parse query") + } + + var label, message, amount string + + if len(queryValues["label"]) != 0 { + label = queryValues["label"][0] + } + + if len(queryValues["message"]) != 0 { + message = queryValues["message"][0] + } + + if len(queryValues["amount"]) != 0 { + amount = queryValues["amount"][0] + } + + if len(queryValues["lightning"]) != 0 { + invoice, err := ParseInvoice(queryValues["lightning"][0], network) + + if err == nil { + return &MuunPaymentURI{Invoice:invoice}, nil + } + } + + //BIP70 check + if len(queryValues["r"]) != 0 { + if len(base58Address) > 0 { + return &MuunPaymentURI{ + Address: base58Address, + Label: label, + Message: message, + Amount: amount, + URI: uriAddress, + BIP70Url: queryValues["r"][0], + }, nil + } + return &MuunPaymentURI{ + Label: label, + Message: message, + Amount: amount, + URI: uriAddress, + BIP70Url: queryValues["r"][0], + }, nil + } + + // Bech32 check + validatedBase58Address, err := btcutil.DecodeAddress(base58Address, network.network) + if err != nil { + return nil, err + } + + if !validatedBase58Address.IsForNet(network.network) { + return nil, errors.Errorf("Network mismatch") + } + + return &MuunPaymentURI{ + Address: validatedBase58Address.String(), + Label: label, + Message: message, + Amount: amount, + URI: uriAddress, + }, nil + +} + +// DoPaymentRequestCall builds a MuunPaymentUri from a url and a network. Handling BIP70 to 72 +func DoPaymentRequestCall(url string, network *Network) (*MuunPaymentURI, error) { + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return nil, errors.Wrapf(err, "Failed to create request to: %s", url) + } + + req.Header.Set("Accept", "application/bitcoin-paymentrequest") + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return nil, errors.Wrapf(err, "Failed to make request to: %s", url) + } + defer resp.Body.Close() + + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, errors.Wrapf(err, "Failed to read body response") + } + + payReq := &PaymentRequest{} + err = proto.Unmarshal(body, payReq) + if err != nil { + return nil, errors.Wrapf(err, "Failed to Unmarshall paymentRequest") + } + + payDetails := &PaymentDetails{} + + err = proto.Unmarshal(payReq.SerializedPaymentDetails, payDetails) + if err != nil { + return nil, errors.Wrapf(err, "Failed to Unmarshall paymentDetails") + } + + if len(payDetails.Outputs) == 0 { + return nil, errors.New("No outputs provided") + } + + address, err := getAddressFromScript(payDetails.Outputs[0].Script, network) + if err != nil { + errors.Wrapf(err, "Failed to get address") + } + + return &MuunPaymentURI{ + Address: address, + Message: *payDetails.Memo, + Amount: strconv.FormatUint(*payDetails.Outputs[0].Amount, 10), + BIP70Url: url, + CreationTime: strconv.FormatUint(*payDetails.Time, 10), + ExpiresTime: strconv.FormatUint(*payDetails.Expires, 10), + }, nil +} + +func getAddressFromScript(script []byte, network *Network) (string, error) { + pkScript, err := txscript.ParsePkScript(script) + if err != nil { + return "", err + } + address, err := pkScript.Address(network.network) + if err != nil { + return "", err + } + return address.String(), nil +} + +func normalizeAddress(rawAddress string) string { + newAddress := rawAddress + + if strings.Contains(newAddress, muunScheme) { + newAddress = strings.Replace(newAddress, muunScheme, bitcoinScheme, 1) + } + + if !strings.Contains(newAddress, bitcoinScheme) { + newAddress = bitcoinScheme + rawAddress + } + + return newAddress +} diff --git a/address_test.go b/address_test.go new file mode 100644 index 0000000..3fad7ea --- /dev/null +++ b/address_test.go @@ -0,0 +1,225 @@ +package libwallet + +import ( + "encoding/hex" + "reflect" + "testing" +) + +const ( + address = "2NDhvuRPCYXq4fB8SprminieZ2a1i3JFXyS" + amountURI = address + "?amount=1.2" + completeURI = amountURI + "&label=hola&message=mensaje%20con%20espacios" + uriWithSlashes = "bitcoin://" + amountURI + + invalidAddress = "2NDhvuRPCYXq4fB8SprminieZ2a1i3JFXya" + + bip70URL = "https://bitpay.com/i/KXCEAtJQssR9vG2BxdjFwx" + bip70NonRetroCompatAddress = bitcoinScheme + "?r=" + bip70URL + bip70RetroCompatAddress = bitcoinScheme + address + "?r=" + bip70URL + +) + +func TestGetPaymentURI(t *testing.T) { + + const ( + invoice = "lnbcrt1pwtpd4xpp55meuklpslk5jtxytyh7u2q490c2xhm68dm3a94486zntsg7ad4vsdqqcqzys763w70h39ze44ngzhdt2mag84wlkefqkphuy7ssg4la5gt9vcpmqts00fnapf8frs928mc5ujfutzyu8apkezhrfvydx82l40w0fckqqmerzjc" + invoiceHashHex = "a6f3cb7c30fda925988b25fdc502a57e146bef476ee3d2d6a7d0a6b823dd6d59" + invoiceDestinationHex = "028cfad4e092191a41f081bedfbe5a6e8f441603c78bf9001b8fb62ac0858f20edasd" + ) + + invoiceDestination, _ := hex.DecodeString(invoiceDestinationHex) + invoicePaymentHash := [32]byte{} + hex.Decode(invoicePaymentHash[:], []byte(invoiceHashHex)) + + type args struct { + address string + network Network + } + + tests := []struct { + name string + args args + want *MuunPaymentURI + wantErr bool + }{ + + { + name: "validAddress", + args: args{ + address: address, + network: *Regtest(), + }, + want: &MuunPaymentURI{ + Address: address, + URI: bitcoinScheme + address, + }, + }, + { + name: "amountValidAddress", + args: args{ + address: amountURI, + network: *Regtest(), + }, + want: &MuunPaymentURI{ + Address: address, + Amount: "1.2", + URI: bitcoinScheme + amountURI, + }, + }, + { + name: "completeValidAddress", + args: args{ + address: completeURI, + network: *Regtest(), + }, + want: &MuunPaymentURI{ + Address: address, + Amount: "1.2", + Label: "hola", + Message: "mensaje con espacios", + URI: bitcoinScheme + completeURI, + }, + }, + { + name: "invalidAddress", + args: args{ + address: invalidAddress, + network: *Regtest(), + }, + wantErr: true, + }, + { + name: "BIP70NonRetroCompatAddress", + args: args{ + address: bip70NonRetroCompatAddress, + network: *Regtest(), + }, + want: &MuunPaymentURI{ + URI: bip70NonRetroCompatAddress, + BIP70Url: bip70URL, + }, + }, + { + name: "BIP70RetroCompatAddress", + args: args{ + address: bip70RetroCompatAddress, + network: *Regtest(), + }, + want: &MuunPaymentURI{ + Address: address, + URI: bip70RetroCompatAddress, + BIP70Url: bip70URL, + }, + }, + { + name: "URL like address", + args: args{ + address: uriWithSlashes, + network: *Regtest(), + }, + want: &MuunPaymentURI{ + Address: address, + URI: uriWithSlashes, + Amount: "1.2", + }, + }, + { + name: "bad url", + args: args{ + address: ":foo#%--", + network: *Regtest(), + }, + wantErr: true, + }, + { + name: "bad query", + args: args{ + address: "bitcoin:123123?%&-=asd", + network: *Regtest(), + }, + wantErr: true, + }, + { + name: "network mismatch", + args: args{ + address: amountURI, + network: *Mainnet(), + }, + wantErr: true, + }, + { + name: "BIP with lightning", + args: args{ + address: "bitcoin:123123?lightning=" + invoice, + network: *network, + }, + want: &MuunPaymentURI{Invoice: &Invoice{ + RawInvoice: invoice, + FallbackAddress: nil, + Network: network, + MilliSat: "", + Destination: invoiceDestination, + PaymentHash: invoicePaymentHash, + Description: "", + }}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := GetPaymentURI(tt.args.address, &tt.args.network) + if (err != nil) != tt.wantErr { + t.Errorf("GetPaymentURI() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != nil && got.Invoice != nil { + // expiry is relative to now, so ignore it + got.Invoice.Expiry = 0 + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("GetPaymentURI() = %+v, want %+v", got, tt.want) + } + }) + } +} + +func Test_normalizeAddress(t *testing.T) { + type args struct { + rawAddress string + } + tests := []struct { + name string + args args + want string + }{ + { + name: "normalAddress", + args: args{ + rawAddress: address, + }, + want: bitcoinScheme + address, + }, + { + name: "bitcoinAddress", + args: args{ + rawAddress: bitcoinScheme + address, + }, + want: bitcoinScheme + address, + }, + { + name: "muunAddress", + args: args{ + rawAddress: muunScheme + address, + }, + want: bitcoinScheme + address, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := normalizeAddress(tt.args.rawAddress); got != tt.want { + t.Errorf("normalizeAddress() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/aes.go b/aes.go new file mode 100644 index 0000000..dfa5738 --- /dev/null +++ b/aes.go @@ -0,0 +1,70 @@ +package libwallet + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + + "github.com/pkg/errors" +) + +func encrypt(key []byte, iv []byte, plaintext []byte) ([]byte, error) { + + plaintext = pkcs7Padding(plaintext) + + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + + ciphertext := make([]byte, len(plaintext)) + + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(ciphertext, plaintext) + + return ciphertext, nil +} + +func decrypt(key []byte, iv []byte, cypertext []byte) ([]byte, error) { + + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + + plaintext := make([]byte, len(cypertext)) + + mode := cipher.NewCBCDecrypter(block, iv) + mode.CryptBlocks(plaintext, cypertext) + + plaintext, err = pkcs7UnPadding(plaintext) + if err != nil { + return nil, err + } + + return plaintext, nil +} + +func pkcs7Padding(src []byte) []byte { + padding := aes.BlockSize - len(src)%aes.BlockSize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(src, padtext...) +} + +func pkcs7UnPadding(src []byte) ([]byte, error) { + length := len(src) + unpadding := int(src[length-1]) + + if unpadding > aes.BlockSize || unpadding == 0 { + return nil, errors.New("invalid pkcs7 padding (unpadding > aes.BlockSize || unpadding == 0)") + } + + pad := src[len(src)-unpadding:] + for i := 0; i < unpadding; i++ { + if pad[i] != byte(unpadding) { + return nil, errors.New("invalid pkcs7 padding (pad[i] != unpadding)") + } + } + + return src[:(length - unpadding)], nil +} diff --git a/bip70.pb.go b/bip70.pb.go new file mode 100644 index 0000000..ce53759 --- /dev/null +++ b/bip70.pb.go @@ -0,0 +1,431 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: bip70.proto + +package libwallet + +import ( + fmt "fmt" + math "math" + + proto "github.com/golang/protobuf/proto" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +// Generalized form of "send payment to this/these bitcoin addresses" +type Output struct { + Amount *uint64 `protobuf:"varint,1,opt,name=amount,def=0" json:"amount,omitempty"` + Script []byte `protobuf:"bytes,2,req,name=script" json:"script,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Output) Reset() { *m = Output{} } +func (m *Output) String() string { return proto.CompactTextString(m) } +func (*Output) ProtoMessage() {} +func (*Output) Descriptor() ([]byte, []int) { + return fileDescriptor_de204c4c8d465ce4, []int{0} +} + +func (m *Output) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_Output.Unmarshal(m, b) +} +func (m *Output) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_Output.Marshal(b, m, deterministic) +} +func (m *Output) XXX_Merge(src proto.Message) { + xxx_messageInfo_Output.Merge(m, src) +} +func (m *Output) XXX_Size() int { + return xxx_messageInfo_Output.Size(m) +} +func (m *Output) XXX_DiscardUnknown() { + xxx_messageInfo_Output.DiscardUnknown(m) +} + +var xxx_messageInfo_Output proto.InternalMessageInfo + +const Default_Output_Amount uint64 = 0 + +func (m *Output) GetAmount() uint64 { + if m != nil && m.Amount != nil { + return *m.Amount + } + return Default_Output_Amount +} + +func (m *Output) GetScript() []byte { + if m != nil { + return m.Script + } + return nil +} + +type PaymentDetails struct { + Network *string `protobuf:"bytes,1,opt,name=network,def=main" json:"network,omitempty"` + Outputs []*Output `protobuf:"bytes,2,rep,name=outputs" json:"outputs,omitempty"` + Time *uint64 `protobuf:"varint,3,req,name=time" json:"time,omitempty"` + Expires *uint64 `protobuf:"varint,4,opt,name=expires" json:"expires,omitempty"` + Memo *string `protobuf:"bytes,5,opt,name=memo" json:"memo,omitempty"` + PaymentUrl *string `protobuf:"bytes,6,opt,name=payment_url,json=paymentUrl" json:"payment_url,omitempty"` + MerchantData []byte `protobuf:"bytes,7,opt,name=merchant_data,json=merchantData" json:"merchant_data,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *PaymentDetails) Reset() { *m = PaymentDetails{} } +func (m *PaymentDetails) String() string { return proto.CompactTextString(m) } +func (*PaymentDetails) ProtoMessage() {} +func (*PaymentDetails) Descriptor() ([]byte, []int) { + return fileDescriptor_de204c4c8d465ce4, []int{1} +} + +func (m *PaymentDetails) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_PaymentDetails.Unmarshal(m, b) +} +func (m *PaymentDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_PaymentDetails.Marshal(b, m, deterministic) +} +func (m *PaymentDetails) XXX_Merge(src proto.Message) { + xxx_messageInfo_PaymentDetails.Merge(m, src) +} +func (m *PaymentDetails) XXX_Size() int { + return xxx_messageInfo_PaymentDetails.Size(m) +} +func (m *PaymentDetails) XXX_DiscardUnknown() { + xxx_messageInfo_PaymentDetails.DiscardUnknown(m) +} + +var xxx_messageInfo_PaymentDetails proto.InternalMessageInfo + +const Default_PaymentDetails_Network string = "main" + +func (m *PaymentDetails) GetNetwork() string { + if m != nil && m.Network != nil { + return *m.Network + } + return Default_PaymentDetails_Network +} + +func (m *PaymentDetails) GetOutputs() []*Output { + if m != nil { + return m.Outputs + } + return nil +} + +func (m *PaymentDetails) GetTime() uint64 { + if m != nil && m.Time != nil { + return *m.Time + } + return 0 +} + +func (m *PaymentDetails) GetExpires() uint64 { + if m != nil && m.Expires != nil { + return *m.Expires + } + return 0 +} + +func (m *PaymentDetails) GetMemo() string { + if m != nil && m.Memo != nil { + return *m.Memo + } + return "" +} + +func (m *PaymentDetails) GetPaymentUrl() string { + if m != nil && m.PaymentUrl != nil { + return *m.PaymentUrl + } + return "" +} + +func (m *PaymentDetails) GetMerchantData() []byte { + if m != nil { + return m.MerchantData + } + return nil +} + +type PaymentRequest struct { + PaymentDetailsVersion *uint32 `protobuf:"varint,1,opt,name=payment_details_version,json=paymentDetailsVersion,def=1" json:"payment_details_version,omitempty"` + PkiType *string `protobuf:"bytes,2,opt,name=pki_type,json=pkiType,def=none" json:"pki_type,omitempty"` + PkiData []byte `protobuf:"bytes,3,opt,name=pki_data,json=pkiData" json:"pki_data,omitempty"` + SerializedPaymentDetails []byte `protobuf:"bytes,4,req,name=serialized_payment_details,json=serializedPaymentDetails" json:"serialized_payment_details,omitempty"` + Signature []byte `protobuf:"bytes,5,opt,name=signature" json:"signature,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *PaymentRequest) Reset() { *m = PaymentRequest{} } +func (m *PaymentRequest) String() string { return proto.CompactTextString(m) } +func (*PaymentRequest) ProtoMessage() {} +func (*PaymentRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_de204c4c8d465ce4, []int{2} +} + +func (m *PaymentRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_PaymentRequest.Unmarshal(m, b) +} +func (m *PaymentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_PaymentRequest.Marshal(b, m, deterministic) +} +func (m *PaymentRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_PaymentRequest.Merge(m, src) +} +func (m *PaymentRequest) XXX_Size() int { + return xxx_messageInfo_PaymentRequest.Size(m) +} +func (m *PaymentRequest) XXX_DiscardUnknown() { + xxx_messageInfo_PaymentRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_PaymentRequest proto.InternalMessageInfo + +const Default_PaymentRequest_PaymentDetailsVersion uint32 = 1 +const Default_PaymentRequest_PkiType string = "none" + +func (m *PaymentRequest) GetPaymentDetailsVersion() uint32 { + if m != nil && m.PaymentDetailsVersion != nil { + return *m.PaymentDetailsVersion + } + return Default_PaymentRequest_PaymentDetailsVersion +} + +func (m *PaymentRequest) GetPkiType() string { + if m != nil && m.PkiType != nil { + return *m.PkiType + } + return Default_PaymentRequest_PkiType +} + +func (m *PaymentRequest) GetPkiData() []byte { + if m != nil { + return m.PkiData + } + return nil +} + +func (m *PaymentRequest) GetSerializedPaymentDetails() []byte { + if m != nil { + return m.SerializedPaymentDetails + } + return nil +} + +func (m *PaymentRequest) GetSignature() []byte { + if m != nil { + return m.Signature + } + return nil +} + +type X509Certificates struct { + Certificate [][]byte `protobuf:"bytes,1,rep,name=certificate" json:"certificate,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *X509Certificates) Reset() { *m = X509Certificates{} } +func (m *X509Certificates) String() string { return proto.CompactTextString(m) } +func (*X509Certificates) ProtoMessage() {} +func (*X509Certificates) Descriptor() ([]byte, []int) { + return fileDescriptor_de204c4c8d465ce4, []int{3} +} + +func (m *X509Certificates) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_X509Certificates.Unmarshal(m, b) +} +func (m *X509Certificates) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_X509Certificates.Marshal(b, m, deterministic) +} +func (m *X509Certificates) XXX_Merge(src proto.Message) { + xxx_messageInfo_X509Certificates.Merge(m, src) +} +func (m *X509Certificates) XXX_Size() int { + return xxx_messageInfo_X509Certificates.Size(m) +} +func (m *X509Certificates) XXX_DiscardUnknown() { + xxx_messageInfo_X509Certificates.DiscardUnknown(m) +} + +var xxx_messageInfo_X509Certificates proto.InternalMessageInfo + +func (m *X509Certificates) GetCertificate() [][]byte { + if m != nil { + return m.Certificate + } + return nil +} + +type Payment struct { + MerchantData []byte `protobuf:"bytes,1,opt,name=merchant_data,json=merchantData" json:"merchant_data,omitempty"` + Transactions [][]byte `protobuf:"bytes,2,rep,name=transactions" json:"transactions,omitempty"` + RefundTo []*Output `protobuf:"bytes,3,rep,name=refund_to,json=refundTo" json:"refund_to,omitempty"` + Memo *string `protobuf:"bytes,4,opt,name=memo" json:"memo,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Payment) Reset() { *m = Payment{} } +func (m *Payment) String() string { return proto.CompactTextString(m) } +func (*Payment) ProtoMessage() {} +func (*Payment) Descriptor() ([]byte, []int) { + return fileDescriptor_de204c4c8d465ce4, []int{4} +} + +func (m *Payment) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_Payment.Unmarshal(m, b) +} +func (m *Payment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_Payment.Marshal(b, m, deterministic) +} +func (m *Payment) XXX_Merge(src proto.Message) { + xxx_messageInfo_Payment.Merge(m, src) +} +func (m *Payment) XXX_Size() int { + return xxx_messageInfo_Payment.Size(m) +} +func (m *Payment) XXX_DiscardUnknown() { + xxx_messageInfo_Payment.DiscardUnknown(m) +} + +var xxx_messageInfo_Payment proto.InternalMessageInfo + +func (m *Payment) GetMerchantData() []byte { + if m != nil { + return m.MerchantData + } + return nil +} + +func (m *Payment) GetTransactions() [][]byte { + if m != nil { + return m.Transactions + } + return nil +} + +func (m *Payment) GetRefundTo() []*Output { + if m != nil { + return m.RefundTo + } + return nil +} + +func (m *Payment) GetMemo() string { + if m != nil && m.Memo != nil { + return *m.Memo + } + return "" +} + +type PaymentACK struct { + Payment *Payment `protobuf:"bytes,1,req,name=payment" json:"payment,omitempty"` + Memo *string `protobuf:"bytes,2,opt,name=memo" json:"memo,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *PaymentACK) Reset() { *m = PaymentACK{} } +func (m *PaymentACK) String() string { return proto.CompactTextString(m) } +func (*PaymentACK) ProtoMessage() {} +func (*PaymentACK) Descriptor() ([]byte, []int) { + return fileDescriptor_de204c4c8d465ce4, []int{5} +} + +func (m *PaymentACK) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_PaymentACK.Unmarshal(m, b) +} +func (m *PaymentACK) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_PaymentACK.Marshal(b, m, deterministic) +} +func (m *PaymentACK) XXX_Merge(src proto.Message) { + xxx_messageInfo_PaymentACK.Merge(m, src) +} +func (m *PaymentACK) XXX_Size() int { + return xxx_messageInfo_PaymentACK.Size(m) +} +func (m *PaymentACK) XXX_DiscardUnknown() { + xxx_messageInfo_PaymentACK.DiscardUnknown(m) +} + +var xxx_messageInfo_PaymentACK proto.InternalMessageInfo + +func (m *PaymentACK) GetPayment() *Payment { + if m != nil { + return m.Payment + } + return nil +} + +func (m *PaymentACK) GetMemo() string { + if m != nil && m.Memo != nil { + return *m.Memo + } + return "" +} + +func init() { + proto.RegisterType((*Output)(nil), "payments.Output") + proto.RegisterType((*PaymentDetails)(nil), "payments.PaymentDetails") + proto.RegisterType((*PaymentRequest)(nil), "payments.PaymentRequest") + proto.RegisterType((*X509Certificates)(nil), "payments.X509Certificates") + proto.RegisterType((*Payment)(nil), "payments.Payment") + proto.RegisterType((*PaymentACK)(nil), "payments.PaymentACK") +} + +func init() { proto.RegisterFile("bip70.proto", fileDescriptor_de204c4c8d465ce4) } + +var fileDescriptor_de204c4c8d465ce4 = []byte{ + // 499 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x5f, 0x6f, 0xd3, 0x3e, + 0x14, 0x55, 0xd2, 0xfc, 0x9a, 0xf6, 0x36, 0xfb, 0x69, 0x58, 0x02, 0x3c, 0x84, 0xb6, 0x28, 0xbc, + 0x44, 0x20, 0xaa, 0x32, 0x81, 0xd0, 0x0a, 0x2f, 0x6c, 0x7b, 0x43, 0x88, 0xc9, 0x1a, 0x88, 0xb7, + 0xc8, 0x4b, 0xbd, 0x61, 0x35, 0xb1, 0x8d, 0x7d, 0x03, 0x94, 0xef, 0xc1, 0x27, 0x84, 0x0f, 0x82, + 0xf2, 0xaf, 0x61, 0x9b, 0x78, 0xb3, 0xcf, 0x3d, 0x39, 0xf7, 0xdc, 0x7b, 0x1c, 0x98, 0x5d, 0x48, + 0xf3, 0x72, 0x31, 0x37, 0x56, 0xa3, 0x26, 0x13, 0xc3, 0x37, 0xa5, 0x50, 0xe8, 0x92, 0x57, 0x30, + 0x7e, 0x5f, 0xa1, 0xa9, 0x90, 0xec, 0xc1, 0x98, 0x97, 0xba, 0x52, 0x48, 0xbd, 0xd8, 0x4b, 0x83, + 0xa5, 0xb7, 0x60, 0x1d, 0x40, 0xee, 0xc1, 0xd8, 0xe5, 0x56, 0x1a, 0xa4, 0x7e, 0xec, 0xa7, 0x11, + 0xeb, 0x6e, 0xc9, 0x6f, 0x0f, 0xfe, 0x3f, 0x6b, 0x95, 0x4e, 0x05, 0x72, 0x59, 0x38, 0xb2, 0x0f, + 0xa1, 0x12, 0xf8, 0x4d, 0xdb, 0x75, 0x23, 0x33, 0x5d, 0x06, 0x25, 0x97, 0x8a, 0xf5, 0x20, 0x79, + 0x0c, 0xa1, 0x6e, 0xfa, 0x39, 0xea, 0xc7, 0xa3, 0x74, 0x76, 0xb8, 0x3b, 0xef, 0xbd, 0xcc, 0x5b, + 0x23, 0xac, 0x27, 0x10, 0x02, 0x01, 0xca, 0x52, 0xd0, 0x51, 0xec, 0xa7, 0x01, 0x6b, 0xce, 0x84, + 0x42, 0x28, 0xbe, 0x1b, 0x69, 0x85, 0xa3, 0x41, 0x6d, 0x93, 0xf5, 0xd7, 0x9a, 0x5d, 0x8a, 0x52, + 0xd3, 0xff, 0xea, 0xb6, 0xac, 0x39, 0x93, 0x03, 0x98, 0x75, 0xea, 0x59, 0x65, 0x0b, 0x3a, 0x6e, + 0x4a, 0xd0, 0x41, 0x1f, 0x6c, 0x41, 0x1e, 0xc1, 0x4e, 0x29, 0x6c, 0xfe, 0x99, 0x2b, 0xcc, 0x56, + 0x1c, 0x39, 0x0d, 0x63, 0x2f, 0x8d, 0x58, 0xd4, 0x83, 0xa7, 0x1c, 0x79, 0xf2, 0x6b, 0x18, 0x93, + 0x89, 0x2f, 0x95, 0x70, 0x48, 0x8e, 0xe0, 0x7e, 0x2f, 0xbc, 0x6a, 0x27, 0xcf, 0xbe, 0x0a, 0xeb, + 0xa4, 0x56, 0xcd, 0xd8, 0x3b, 0x4b, 0xef, 0x19, 0xbb, 0x6b, 0xae, 0xad, 0xe6, 0x63, 0x5b, 0x27, + 0x07, 0x30, 0x31, 0x6b, 0x99, 0xe1, 0xc6, 0x08, 0xea, 0xb7, 0x2b, 0x52, 0x5a, 0x09, 0x16, 0x9a, + 0xb5, 0x3c, 0xdf, 0x18, 0x41, 0xf6, 0x5a, 0x42, 0x63, 0x67, 0xd4, 0xd8, 0xa9, 0x4b, 0xb5, 0x13, + 0xf2, 0x1a, 0x1e, 0x38, 0x61, 0x25, 0x2f, 0xe4, 0x0f, 0xb1, 0xca, 0x6e, 0x38, 0xa0, 0x41, 0x13, + 0x0e, 0x1d, 0x18, 0x37, 0xb2, 0x79, 0x08, 0x53, 0x27, 0xaf, 0x14, 0xc7, 0xca, 0x8a, 0x66, 0x4d, + 0x11, 0x1b, 0x80, 0xe4, 0x39, 0xec, 0x7e, 0x7a, 0xb1, 0x38, 0x3a, 0x11, 0x16, 0xe5, 0xa5, 0xcc, + 0x39, 0x0a, 0x47, 0x62, 0x98, 0xe5, 0xc3, 0x9d, 0x7a, 0xf1, 0x28, 0x8d, 0xd8, 0xdf, 0x50, 0xf2, + 0xd3, 0x83, 0xb0, 0x6b, 0x73, 0x7b, 0x99, 0xde, 0xed, 0x65, 0x92, 0x04, 0x22, 0xb4, 0x5c, 0x39, + 0x9e, 0xa3, 0xd4, 0xaa, 0x7d, 0x05, 0x11, 0xbb, 0x86, 0x91, 0xa7, 0x30, 0xb5, 0xe2, 0xb2, 0x52, + 0xab, 0x0c, 0x35, 0x1d, 0xfd, 0xe3, 0x99, 0x4c, 0x5a, 0xca, 0xb9, 0xde, 0x26, 0x1f, 0x0c, 0xc9, + 0x27, 0xef, 0x00, 0x3a, 0x5b, 0x6f, 0x4e, 0xde, 0x92, 0x27, 0x10, 0x76, 0x9f, 0x53, 0x2f, 0xf6, + 0xd3, 0xd9, 0xe1, 0x9d, 0x41, 0xae, 0x4f, 0xb6, 0x67, 0x6c, 0xe5, 0xfc, 0x41, 0xee, 0x38, 0x85, + 0x7d, 0x6d, 0xaf, 0xe6, 0x17, 0x12, 0x73, 0x2d, 0x55, 0xfb, 0x17, 0xe5, 0xba, 0x70, 0x5b, 0x99, + 0xe3, 0xf1, 0x59, 0x8d, 0xb9, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x27, 0x08, 0xfa, 0xe5, 0x68, + 0x03, 0x00, 0x00, +} diff --git a/bip70.proto b/bip70.proto new file mode 100644 index 0000000..fcc4007 --- /dev/null +++ b/bip70.proto @@ -0,0 +1,44 @@ +// +// Simple Bitcoin Payment Protocol messages +// +// Use fields 1000+ for extensions; +// to avoid conflicts, register extensions via pull-req at +// https://github.com/bitcoin/bips/blob/master/bip-0070/extensions.mediawiki +// + +syntax = "proto3"; + +// Generalized form of "send payment to this/these bitcoin addresses" +message Output { + optional uint64 amount = 1 [default = 0]; // amount is integer-number-of-satoshis + required bytes script = 2; // usually one of the standard Script forms +} +message PaymentDetails { + optional string network = 1 [default = "main"]; // "main" or "test" + repeated Output outputs = 2; // Where payment should be sent + required uint64 time = 3; // Timestamp; when payment request created + optional uint64 expires = 4; // Timestamp; when this request should be considered invalid + optional string memo = 5; // Human-readable description of request for the customer + optional string payment_url = 6; // URL to send Payment and get PaymentACK + optional bytes merchant_data = 7; // Arbitrary data to include in the Payment message +} +message PaymentRequest { + optional uint32 payment_details_version = 1 [default = 1]; + optional string pki_type = 2 [default = "none"]; // none / x509+sha256 / x509+sha1 + optional bytes pki_data = 3; // depends on pki_type + required bytes serialized_payment_details = 4; // PaymentDetails + optional bytes signature = 5; // pki-dependent signature +} +message X509Certificates { + repeated bytes certificate = 1; // DER-encoded X.509 certificate chain +} +message Payment { + optional bytes merchant_data = 1; // From PaymentDetails.merchant_data + repeated bytes transactions = 2; // Signed transactions that satisfy PaymentDetails.outputs + repeated Output refund_to = 3; // Where to send refunds, if a refund is necessary + optional string memo = 4; // Human-readable message for the merchant +} +message PaymentACK { + required Payment payment = 1; // Payment message that triggered this ACK + optional string memo = 2; // human-readable message for customer +} diff --git a/challenge_keys.go b/challenge_keys.go new file mode 100644 index 0000000..6a769bb --- /dev/null +++ b/challenge_keys.go @@ -0,0 +1,124 @@ +package libwallet + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/sha256" + "encoding/binary" + "encoding/hex" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcutil/base58" + "github.com/pkg/errors" +) + +type ChallengePrivateKey struct { + key *btcec.PrivateKey +} + +type DecryptedPrivateKey struct { + Key *HDPrivateKey + Birthday int +} + +func NewChallengePrivateKey(input, salt []byte) *ChallengePrivateKey { + + key := Scrypt256(input, salt) + + // 2nd return value is the pub key which we don't need right now + priv, _ := btcec.PrivKeyFromBytes(btcec.S256(), key) + + return &ChallengePrivateKey{key: priv} +} + +func (k *ChallengePrivateKey) SignSha(payload []byte) ([]byte, error) { + + hash := sha256.Sum256(payload) + sig, err := k.key.Sign(hash[:]) + + if err != nil { + return nil, errors.Wrapf(err, "failed to sign payload") + } + + return sig.Serialize(), nil +} + +func (k *ChallengePrivateKey) PubKeyHex() string { + rawKey := k.key.PubKey().SerializeCompressed() + return hex.EncodeToString(rawKey) +} + +func (k *ChallengePrivateKey) PubKey() *ChallengePublicKey { + return &ChallengePublicKey{pubKey: k.key.PubKey()} +} + +func (k *ChallengePrivateKey) DecryptKey(encryptedKey string, network *Network) (*DecryptedPrivateKey, error) { + + reader := bytes.NewReader(base58.Decode(encryptedKey)) + version, err := reader.ReadByte() + if err != nil { + return nil, errors.Wrapf(err, "decrypting key") + } + if version != 2 { + return nil, errors.Errorf("decrypting key: found key version %v, expected 2", version) + } + + birthdayBytes := make([]byte, 2) + rawPubEph := make([]byte, 33) + ciphertext := make([]byte, 64) + recoveryCodeSalt := make([]byte, 8) + + n, err := reader.Read(birthdayBytes) + if err != nil || n != 2 { + return nil, errors.Errorf("decrypting key: failed to read birthday") + } + birthday := binary.BigEndian.Uint16(birthdayBytes) + + n, err = reader.Read(rawPubEph) + if err != nil || n != 33 { + return nil, errors.Errorf("decrypting key: failed to read pubeph") + } + + n, err = reader.Read(ciphertext) + if err != nil || n != 64 { + return nil, errors.Errorf("decrypting key: failed to read ciphertext") + } + + n, err = reader.Read(recoveryCodeSalt) + if err != nil || n != 8 { + return nil, errors.Errorf("decrypting key: failed to read recoveryCodeSalt") + } + + pubEph, err := btcec.ParsePubKey(rawPubEph, btcec.S256()) + if err != nil { + return nil, errors.Wrapf(err, "decrypting key: failed to parse pub eph") + } + + sharedSecret, _ := pubEph.ScalarMult(pubEph.X, pubEph.Y, k.key.D.Bytes()) + + iv := rawPubEph[len(rawPubEph)-aes.BlockSize:] + + block, err := aes.NewCipher(sharedSecret.Bytes()) + if err != nil { + return nil, err + } + + plaintext := make([]byte, len(ciphertext)) + + mode := cipher.NewCBCDecrypter(block, iv) + mode.CryptBlocks(plaintext, ciphertext) + + rawPrivKey := plaintext[0:32] + rawChainCode := plaintext[32:] + + privKey, err := NewHDPrivateKeyFromBytes(rawPrivKey, rawChainCode, network) + if err != nil { + return nil, errors.Wrapf(err, "decrypting key: failed to parse key") + } + + return &DecryptedPrivateKey{ + privKey, + int(birthday), + }, nil +} diff --git a/challenge_keys_test.go b/challenge_keys_test.go new file mode 100644 index 0000000..dff085c --- /dev/null +++ b/challenge_keys_test.go @@ -0,0 +1,54 @@ +package libwallet + +import ( + "reflect" + "testing" +) + +func TestNewChallengePrivateKey(t *testing.T) { + type args struct { + input []byte + salt []byte + } + tests := []struct { + name string + args args + want *ChallengePrivateKey + }{ + // TODO: Add test cases. + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := NewChallengePrivateKey(tt.args.input, tt.args.salt); !reflect.DeepEqual(got, tt.want) { + t.Errorf("NewChallengePrivateKey() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestChallengeKeyCrypto(t *testing.T) { + + const birthday = 376 + network := Mainnet() + salt := randomBytes(8) + + privKey, _ := NewHDPrivateKey(randomBytes(32), network) + challengePrivKey := NewChallengePrivateKey([]byte("viva peron"), salt) + + encryptedKey, err := challengePrivKey.PubKey().EncryptKey(privKey, salt, birthday) + if err != nil { + t.Fatal(err) + } + + decryptedKey, err := challengePrivKey.DecryptKey(encryptedKey, network) + if err != nil { + t.Fatal(err) + } + + if privKey.String() != decryptedKey.Key.String() { + t.Fatalf("keys dont match: orig %v vs decrypted %v", privKey.String(), decryptedKey.Key.String()) + } + if birthday != decryptedKey.Birthday { + t.Fatalf("birthdays dont match: expected %v got %v", birthday, decryptedKey.Birthday) + } +} \ No newline at end of file diff --git a/challenge_public_key.go b/challenge_public_key.go new file mode 100644 index 0000000..4a63125 --- /dev/null +++ b/challenge_public_key.go @@ -0,0 +1,76 @@ +package libwallet + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "encoding/binary" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcutil/base58" + "github.com/pkg/errors" +) + +type ChallengePublicKey struct { + pubKey *btcec.PublicKey +} + +func NewChallengePublicKeyFromSerialized(serializedKey []byte) (*ChallengePublicKey, error) { + + pubKey, err := btcec.ParsePubKey(serializedKey, btcec.S256()) + if err != nil { + return nil, err + } + + return &ChallengePublicKey{pubKey}, nil +} + +func (k *ChallengePublicKey) EncryptKey(privKey *HDPrivateKey, recoveryCodeSalt []byte, birthday int) (string, error) { + + const ( + chainCodeStart = 13 + chainCodeLength = 32 + privKeyStart = 46 + privKeyLength = 32 + ) + + rawHDKey := base58.Decode(privKey.String()) + plaintext := make([]byte, 0) + plaintext = append(plaintext, rawHDKey[privKeyStart:privKeyStart+privKeyLength]...) + plaintext = append(plaintext, rawHDKey[chainCodeStart:chainCodeStart+chainCodeLength]...) + if len(plaintext) != 64 { + return "", errors.Errorf("failed to encrypt key: expected payload of 64 bytes, found %v", len(plaintext)) + } + + privEph, err := btcec.NewPrivateKey(btcec.S256()) + if err != nil { + return "", errors.Wrapf(err, "failed to encrypt key") + } + + sharedSecret, _ := k.pubKey.ScalarMult(k.pubKey.X, k.pubKey.Y, privEph.D.Bytes()) + serializedPubkey := privEph.PubKey().SerializeCompressed() + iv := serializedPubkey[len(serializedPubkey)-aes.BlockSize:] + + block, err := aes.NewCipher(sharedSecret.Bytes()) + if err != nil { + return "", err + } + + ciphertext := make([]byte, len(plaintext)) + + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(ciphertext, plaintext) + + birthdayBytes := make([]byte, 2) + binary.BigEndian.PutUint16(birthdayBytes, uint16(birthday)) + + result := make([]byte, 0, 1+2+33+len(ciphertext)+len(recoveryCodeSalt)) + buf := bytes.NewBuffer(result) + buf.WriteByte(2) + buf.Write(birthdayBytes) + buf.Write(privEph.PubKey().SerializeCompressed()) + buf.Write(ciphertext) + buf.Write(recoveryCodeSalt) + + return base58.Encode(buf.Bytes()), nil +} \ No newline at end of file diff --git a/derivationpath.go b/derivationpath.go new file mode 100644 index 0000000..bfc0f23 --- /dev/null +++ b/derivationpath.go @@ -0,0 +1,79 @@ +package libwallet + +import ( + "strconv" + "strings" + + "github.com/pkg/errors" +) + +type derivationIndex struct { + i uint32 + hardened bool + name string +} + +type derivationPath struct { + indexes []derivationIndex +} + +const ( + hardenedSymbol = "'" +) + +// parseDerivationPath parses BIP32 paths +// The following paths are valid: +// +// "" (root key) +// "m" (root key) +// "/" (root key) +// "m/0'" (hardened child #0 of the root key) +// "/0'" (hardened child #0 of the root key) +// "0'" (hardened child #0 of the root key) +// "m/44'/1'/2'" (BIP44 testnet account #2) +// "/44'/1'/2'" (BIP44 testnet account #2) +// "44'/1'/2'" (BIP44 testnet account #2) +// "m/schema:1'" (Muun schema path) +// +// The following paths are invalid: +// +// "m / 0 / 1" (contains spaces) +// "m/b/c" (alphabetical characters instead of numerical indexes) +// "m/1.2^3" (contains illegal characters) +func parseDerivationPath(path string) (*derivationPath, error) { + if path == "m" || path == "/" || path == "" { + return &derivationPath{indexes: make([]derivationIndex, 0)}, nil + } + + var indexes []derivationIndex + path = strings.TrimPrefix(path, "m") + path = strings.TrimPrefix(path, "/") + + for _, chunk := range strings.Split(path, "/") { + hardened := false + indexText := chunk + if strings.HasSuffix(indexText, hardenedSymbol) { + hardened = true + indexText = strings.TrimSuffix(indexText, hardenedSymbol) + } + + parts := strings.Split(indexText, ":") + if len(parts) > 2 { + return nil, errors.New("path is malformed: " + path) + } + + var name string + if len(parts) == 2 { + name = parts[0] + } + + index, err := strconv.ParseUint(parts[len(parts)-1], 10, 32) + if err != nil { + return nil, errors.New("path is malformed " + err.Error()) + } + + indexes = append(indexes, derivationIndex{i: uint32(index), hardened: hardened, name: name}) + } + + return &derivationPath{indexes: indexes}, nil +} diff --git a/derivationpath_test.go b/derivationpath_test.go new file mode 100644 index 0000000..ae08164 --- /dev/null +++ b/derivationpath_test.go @@ -0,0 +1,66 @@ +package libwallet + +import ( + "reflect" + "testing" +) + +var ( + rootPath = &derivationPath{make([]derivationIndex, 0)} + shortPath = &derivationPath{[]derivationIndex{ + derivationIndex{i: 0, hardened: true}, + }} + longPath = &derivationPath{[]derivationIndex{ + derivationIndex{i: 44, hardened: true}, + derivationIndex{i: 1, hardened: true}, + derivationIndex{i: 2, hardened: false}, + }} + shortMuunPath = &derivationPath{[]derivationIndex{ + derivationIndex{i: 1, hardened: true, name: "schema"}, + }} + longMuunPath = &derivationPath{[]derivationIndex{ + derivationIndex{i: 1, hardened: true, name: "schema"}, + derivationIndex{i: 1, hardened: true, name: "recovery"}, + }} +) + +func Test_parseDerivationPath(t *testing.T) { + + type args struct { + path string + } + tests := []struct { + name string + args args + want *derivationPath + wantErr bool + }{ + {name: "root1", args: args{path: ""}, want: rootPath}, + {name: "root2", args: args{path: "m"}, want: rootPath}, + {name: "root3", args: args{path: "/"}, want: rootPath}, + {name: "short1", args: args{path: "m/0'"}, want: shortPath}, + {name: "short2", args: args{path: "0'"}, want: shortPath}, + {name: "short3", args: args{path: "/0'"}, want: shortPath}, + {name: "long1", args: args{path: "m/44'/1'/2"}, want: longPath}, + {name: "long2", args: args{path: "/44'/1'/2"}, want: longPath}, + {name: "long3", args: args{path: "44'/1'/2"}, want: longPath}, + {name: "shortMuun", args: args{path: "m/schema:1'"}, want: shortMuunPath}, + {name: "longMuun", args: args{path: "m/schema:1'/recovery:1'"}, want: longMuunPath}, + {name: "has spaces", args: args{path: "m / 0 / 1"}, wantErr: true}, + {name: "has no indexes", args: args{path: "m/b/c"}, wantErr: true}, + {name: "has weird chars", args: args{path: "m/1.2^3"}, wantErr: true}, + {name: "has several :", args: args{path: "m/recovery:1:1"}, wantErr: true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := parseDerivationPath(tt.args.path) + if (err != nil) != tt.wantErr { + t.Errorf("parseDerivationPath() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("parseDerivationPath() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..9e1f254 --- /dev/null +++ b/go.mod @@ -0,0 +1,12 @@ +module libwallet + +go 1.12 + +require ( + github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3 + github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d + github.com/golang/protobuf v1.3.2 + github.com/lightningnetwork/lnd v0.7.1-beta-rc2 + github.com/pkg/errors v0.8.1 + golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7 +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..b2ef8e0 --- /dev/null +++ b/go.sum @@ -0,0 +1,191 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +git.schwanenlied.me/yawning/bsaes.git v0.0.0-20180720073208-c0276d75487e/go.mod h1:BWqTsj8PgcPriQJGl7el20J/7TuT1d/hSyFDXMEpoEo= +github.com/NebulousLabs/fastrand v0.0.0-20180208210444-3cf7173006a0/go.mod h1:Bdzq+51GR4/0DIhaICZEOm+OHvXGwwB2trKZ8B4Y6eQ= +github.com/NebulousLabs/go-upnp v0.0.0-20180202185039-29b680b06c82/go.mod h1:GbuBk21JqF+driLX3XtJYNZjGa45YDoa9IqCTzNSfEc= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/Yawning/aez v0.0.0-20180114000226-4dad034d9db2/go.mod h1:9pIqrY6SXNL8vjRQE5Hd/OL5GyK/9MrGUWs87z/eFfk= +github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= +github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= +github.com/btcsuite/btcd v0.0.0-20180823030728-d81d8877b8f3/go.mod h1:Dmm/EzmjnCiweXmzRIAiUWCInVmPgjkzgv5k4tVyXiQ= +github.com/btcsuite/btcd v0.0.0-20181130015935-7d2daa5bfef2/go.mod h1:Jr9bmNVGZ7TH2Ux1QuP0ec+yGgh0gE9FIlkzQiI5bR0= +github.com/btcsuite/btcd v0.0.0-20190213025234-306aecffea32/go.mod h1:DrZx5ec/dmnfpw9KyYoQyYo7d0KEvTkk/5M/vbZjAr8= +github.com/btcsuite/btcd v0.0.0-20190523000118-16327141da8c/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI= +github.com/btcsuite/btcd v0.0.0-20190605094302-a0d1e3e36d50/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI= +github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI= +github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3 h1:A/EVblehb75cUgXA5njHPn0kLAsykn6mJGz7rnmW5W0= +github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI= +github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo= +github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= +github.com/btcsuite/btcutil v0.0.0-20180706230648-ab6388e0c60a/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= +github.com/btcsuite/btcutil v0.0.0-20190207003914-4c204d697803/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= +github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d h1:yJzD/yFppdVCf6ApMkVy8cUxV0XrxdP9rVf6D87/Mng= +github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= +github.com/btcsuite/btcwallet v0.0.0-20180904010540-284e2e0e696e33d5be388f7f3d9a26db703e0c06/go.mod h1:/d7QHZsfUAruXuBhyPITqoYOmJ+nq35qPsJjz/aSpCg= +github.com/btcsuite/btcwallet v0.0.0-20190313032608-acf3b04b0273/go.mod h1:mkOYY8/psBiL5E+Wb0V7M0o+N7NXi2SZJz6+RKkncIc= +github.com/btcsuite/btcwallet v0.0.0-20190319010515-89ab2044f962/go.mod h1:qMi4jGpAO6YRsd81RYDG7o5pBIGqN9faCioJdagLu64= +github.com/btcsuite/btcwallet v0.0.0-20190712034938-7a3a3e82cbb6/go.mod h1:sXVxjjP5YeWqWsiQbQDXvAw6J6Qvr8swu7MONoNaF9k= +github.com/btcsuite/fastsha256 v0.0.0-20160815193821-637e65642941/go.mod h1:QcFA8DZHtuIAdYKCq/BzELOaznRsCvwf4zTPmaYwaig= +github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg= +github.com/btcsuite/golangcrypto v0.0.0-20150304025918-53f62d9b43e8/go.mod h1:tYvUd8KLhm/oXvUeSEs2VlLghFjQt9+ZaF9ghH0JNjc= +github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVaaLLH7j4eDXPRvw78tMflu7Ie2bzYOH4Y8rRKBY= +github.com/btcsuite/goleveldb v1.0.0/go.mod h1:QiK9vBlgftBg6rWQIj6wFzbPfRjiykIEhBH4obrXJ/I= +github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc= +github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc= +github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY= +github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/coreos/bbolt v0.0.0-20180223184059-7ee3ded59d4835e10f3e7d0f7603c42aa5e83820/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v0.0.0-20180821051752-b27b920f9e71/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v0.0.0-20170724004829-f2862b476edc/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/jackpal/gateway v1.0.5/go.mod h1:lTpwd4ACLXmpyiCTRtfiNyVnUmqT9RivzCDQetPfnjA= +github.com/jackpal/go-nat-pmp v0.0.0-20170405195558-28a68d0c24ad/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc= +github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ= +github.com/juju/clock v0.0.0-20180808021310-bab88fc67299/go.mod h1:nD0vlnrUjcjJhqN5WuCWZyzfd5AHZAC9/ajvbSx69xA= +github.com/juju/errors v0.0.0-20181118221551-089d3ea4e4d5/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q= +github.com/juju/loggo v0.0.0-20180524022052-584905176618/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U= +github.com/juju/retry v0.0.0-20180821225755-9058e192b216/go.mod h1:OohPQGsr4pnxwD5YljhQ+TZnuVRYpa5irjugL1Yuif4= +github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA= +github.com/juju/utils v0.0.0-20180820210520-bf9cc5bdd62d/go.mod h1:6/KLg8Wz/y2KVGWEpkK9vMNGkOnu4k/cqs8Z1fKjTOk= +github.com/juju/version v0.0.0-20180108022336-b64dbd566305/go.mod h1:kE8gK5X0CImdr7qpSKl3xB2PmpySSmfj7zVbkZFs81U= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4= +github.com/kkdai/bstream v0.0.0-20181106074824-b3251f7901ec/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lightninglabs/gozmq v0.0.0-20180324010646-462a8a753885/go.mod h1:KUh15naRlx/TmUMFS/p4JJrCrE6F7RGF7rsnvuu45E4= +github.com/lightninglabs/gozmq v0.0.0-20190710231225-cea2a031735d/go.mod h1:vxmQPeIQxPf6Jf9rM8R+B4rKBqLA2AjttNxkFBL2Plk= +github.com/lightninglabs/neutrino v0.0.0-20181017011010-4d6069299130/go.mod h1:KJq43Fu9ceitbJsSXMILcT4mGDNI/crKmPIkDOZXFyM= +github.com/lightninglabs/neutrino v0.0.0-20190213031021-ae4583a89cfb/go.mod h1:g6cMQd+hfAU8pQTJAdjm6/EQREhupyd22f+CL0qYFOE= +github.com/lightninglabs/neutrino v0.0.0-20190313035638-e1ad4c33fb18/go.mod h1:v6tz6jbuAubTrRpX8ke2KH9sJxml8KlPQTKgo9mAp1Q= +github.com/lightninglabs/neutrino v0.0.0-20190725230401-ddf667a8b5c4/go.mod h1:vzLU75ll8qbRJIzW5dvK/UXtR9c2FecJ6VNOM8chyVM= +github.com/lightningnetwork/lightning-onion v0.0.0-20190703000913-ecc936dc56c9/go.mod h1:Sooe/CoCqa85JxqHV+IBR2HW+6t2Cv+36awSmoccswM= +github.com/lightningnetwork/lnd v0.7.1-beta-rc2 h1:N0AuHo4wI6TogabvOfpwg1LkR3RxGCvqYq0Wb7GL+ck= +github.com/lightningnetwork/lnd v0.7.1-beta-rc2/go.mod h1:ODASBFcJwVlb4aqO3m090whpP2kfA9zEvmG/pj+fOfg= +github.com/lightningnetwork/lnd/queue v1.0.1/go.mod h1:vaQwexir73flPW43Mrm7JOgJHmcEFBWWSl9HlyASoms= +github.com/lightningnetwork/lnd/ticker v1.0.0/go.mod h1:iaLXJiVgI1sPANIF2qYYUJXjoksPNvGNYowB8aRbpX0= +github.com/ltcsuite/ltcd v0.0.0-20190101042124-f37f8bf35796 h1:sjOGyegMIhvgfq5oaue6Td+hxZuf3tDC8lAPrFldqFw= +github.com/ltcsuite/ltcd v0.0.0-20190101042124-f37f8bf35796/go.mod h1:3p7ZTf9V1sNPI5H8P3NkTFF4LuwMdPl2DodF60qAKqY= +github.com/ltcsuite/ltcutil v0.0.0-20181217130922-17f3b04680b6/go.mod h1:8Vg/LTOO0KYa/vlHWJ6XZAevPQThGH5sufO0Hrou/lA= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v0.0.0-20171125082028-79bfde677fa8 h1:PRMAcldsl4mXKJeRNB/KVNz6TlbS6hk2Rs42PqgU3Ws= +github.com/miekg/dns v0.0.0-20171125082028-79bfde677fa8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/tv42/zbase32 v0.0.0-20160707012821-501572607d02/go.mod h1:tHlrkM198S068ZqfrO6S8HsoJq2bF3ETfTL+kt4tInY= +github.com/urfave/cli v1.18.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +go.etcd.io/bbolt v1.3.0/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7 h1:0hQKqeLdqlt5iIwVOBErRisrHJAN57yOiPRQItI20fU= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180821023952-922f4815f713/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180821140842-3b58ed4ad339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190102155601-82a175fd1598/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190201180003-4b09977fb922/go.mod h1:L3J43x8/uS+qIUoksaLKe6OS3nUKxOKuIFz1sl2/jx4= +google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= +google.golang.org/grpc v1.18.0 h1:IZl7mfBGfbhYx2p2rKRtYgDFw6SBz+kclmxYrCksPPA= +google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v1 v1.0.0/go.mod h1:CxwszS/Xz1C49Ucd2i6Zil5UToP1EmyrFhKaMVbg1mk= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/macaroon-bakery.v2 v2.0.1/go.mod h1:B4/T17l+ZWGwxFSZQmlBwp25x+og7OkhETfr3S9MbIA= +gopkg.in/macaroon.v2 v2.0.0/go.mod h1:+I6LnTMkm/uV5ew/0nsulNjL16SK4+C8yDmRUzHR17I= +gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/hdkeycommon.go b/hdkeycommon.go new file mode 100644 index 0000000..959edc9 --- /dev/null +++ b/hdkeycommon.go @@ -0,0 +1,29 @@ +package libwallet + +import ( + "github.com/pkg/errors" + + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcutil/hdkeychain" +) + +func keyFromString(str string) (*hdkeychain.ExtendedKey, *Network, error) { + + key, err := hdkeychain.NewKeyFromString(str) + if err != nil { + return nil, nil, err + } + + var params *chaincfg.Params + if key.IsForNet(&chaincfg.MainNetParams) { + params = &chaincfg.MainNetParams + } else if key.IsForNet(&chaincfg.TestNet3Params) { + params = &chaincfg.TestNet3Params + } else if key.IsForNet(&chaincfg.RegressionNetParams) { + params = &chaincfg.RegressionNetParams + } else { + return nil, nil, errors.New("this key is for an unknown network") + } + + return key, newNetwork(params), nil +} diff --git a/hdprivatekey.go b/hdprivatekey.go new file mode 100644 index 0000000..1ce2ade --- /dev/null +++ b/hdprivatekey.go @@ -0,0 +1,136 @@ +package libwallet + +import ( + "fmt" + "strings" + + "github.com/pkg/errors" + + "github.com/btcsuite/btcutil/hdkeychain" +) + +// HDPrivateKey is an HD capable priv key +type HDPrivateKey struct { + key hdkeychain.ExtendedKey + Network *Network + Path string +} + +// NewHDPrivateKey builds an HD priv key from a seed for a given network +func NewHDPrivateKey(seed []byte, network *Network) (*HDPrivateKey, error) { + + key, err := hdkeychain.NewMaster(seed, network.network) + if err != nil { + return nil, err + } + + return &HDPrivateKey{key: *key, Network: network, Path: "m"}, nil +} + +// NewHDPrivateKey builds an HD priv key from the compress priv and chain code for a given network +func NewHDPrivateKeyFromBytes(rawKey, chainCode []byte, network *Network) (*HDPrivateKey, error) { + + parentFP := []byte{0, 0, 0, 0} + key := hdkeychain.NewExtendedKey(network.network.HDPrivateKeyID[:], + rawKey, chainCode, parentFP, 0, 0, true) + + return &HDPrivateKey{key: *key, Network: network, Path: "m"}, nil +} + +// NewHDPrivateKeyFromString creates an HD priv key from a base58-encoded string +// If the parsed key is public, it returns an error +func NewHDPrivateKeyFromString(str, path string) (*HDPrivateKey, error) { + + key, network, err := keyFromString(str) + if err != nil { + return nil, err + } + + if !key.IsPrivate() { + return nil, errors.New("encoded key was not a private key") + } + + return &HDPrivateKey{key: *key, Network: network, Path: path}, nil +} + +// PublicKey returns the matching pub key +func (p *HDPrivateKey) PublicKey() *HDPublicKey { + + key, err := p.key.Neuter() + if err != nil { + panic("original key was invalid") + } + + return &HDPublicKey{key: *key, Network: p.Network, Path: p.Path} +} + +// String return the key base58-encoded +func (p *HDPrivateKey) String() string { + return p.key.String() +} + +// DerivedAt derives a new child priv key, which may be hardened +// index should be uint32 but for java compat we use int64 +func (p *HDPrivateKey) DerivedAt(index int64, hardened bool) (*HDPrivateKey, error) { + + path := fmt.Sprintf("%v/%v", p.Path, index) + + var modifier uint32 + if hardened { + modifier = hdkeychain.HardenedKeyStart + path = path + hardenedSymbol + } + + child, err := p.key.Child(uint32(index) | modifier) + if err != nil { + return nil, err + } + + return &HDPrivateKey{key: *child, Network: p.Network, Path: path}, nil +} + +func (p *HDPrivateKey) DeriveTo(path string) (*HDPrivateKey, error) { + + if !strings.HasPrefix(path, p.Path) { + return nil, errors.Errorf("derivation path %v is not prefix of the keys path %v", path, p.Path) + } + + firstPath, err := parseDerivationPath(p.Path) + if err != nil { + return nil, errors.Wrapf(err, "couldn't parse derivation path %v", p.Path) + } + + secondPath, err := parseDerivationPath(path) + if err != nil { + return nil, errors.Wrapf(err, "couldn't parse derivation path %v", path) + } + + indexes := secondPath.indexes[len(firstPath.indexes):] + derivedKey := p + for depth, index := range indexes { + derivedKey, err = derivedKey.DerivedAt(int64(index.i), index.hardened) + if err != nil { + return nil, errors.Wrapf(err, "failed to derive key at path %v on depth %v", path, depth) + } + } + // The generated path has no names in it, so replace it + derivedKey.Path = path + + return derivedKey, nil +} + +// Sign a payload using the backing EC key +func (p *HDPrivateKey) Sign(data []byte) ([]byte, error) { + + signingKey, err := p.key.ECPrivKey() + if err != nil { + return nil, err + } + + sig, err := signingKey.Sign(data) + if err != nil { + return nil, err + } + + return sig.Serialize(), nil +} diff --git a/hdprivatekey_test.go b/hdprivatekey_test.go new file mode 100644 index 0000000..b3b69b0 --- /dev/null +++ b/hdprivatekey_test.go @@ -0,0 +1,277 @@ +package libwallet + +import ( + "testing" + + "github.com/btcsuite/btcd/chaincfg" +) + +const ( + // m + vector1PrivKey = "xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi" + vector1PubKey = "xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8" + + vector1FirstPath = "m/0'/1" + vector1FirstPriv = "xprv9wTYmMFdV23N2TdNG573QoEsfRrWKQgWeibmLntzniatZvR9BmLnvSxqu53Kw1UmYPxLgboyZQaXwTCg8MSY3H2EU4pWcQDnRnrVA1xe8fs" + vector1FirstPub = "xpub6ASuArnXKPbfEwhqN6e3mwBcDTgzisQN1wXN9BJcM47sSikHjJf3UFHKkNAWbWMiGj7Wf5uMash7SyYq527Hqck2AxYysAA7xmALppuCkwQ" + + vector1SecondPath = "m/0'/1/2'/2" + vector1SecondPriv = "xprvA2JDeKCSNNZky6uBCviVfJSKyQ1mDYahRjijr5idH2WwLsEd4Hsb2Tyh8RfQMuPh7f7RtyzTtdrbdqqsunu5Mm3wDvUAKRHSC34sJ7in334" + vector1SecondPub = "xpub6FHa3pjLCk84BayeJxFW2SP4XRrFd1JYnxeLeU8EqN3vDfZmbqBqaGJAyiLjTAwm6ZLRQUMv1ZACTj37sR62cfN7fe5JnJ7dh8zL4fiyLHV" + + vector2PrivKey = "xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U" + vector2PubKey = "xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB" + + vector2FirstPath = "m/0" + vector2FirstPriv = "xprv9vHkqa6EV4sPZHYqZznhT2NPtPCjKuDKGY38FBWLvgaDx45zo9WQRUT3dKYnjwih2yJD9mkrocEZXo1ex8G81dwSM1fwqWpWkeS3v86pgKt" + vector2FirstPub = "xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH" + + vector2SecondPath = "m/0/2147483647'/1" + vector2SecondPriv = "xprv9zFnWC6h2cLgpmSA46vutJzBcfJ8yaJGg8cX1e5StJh45BBciYTRXSd25UEPVuesF9yog62tGAQtHjXajPPdbRCHuWS6T8XA2ECKADdw4Ef" + vector2SecondPub = "xpub6DF8uhdarytz3FWdA8TvFSvvAh8dP3283MY7p2V4SeE2wyWmG5mg5EwVvmdMVCQcoNJxGoWaU9DCWh89LojfZ537wTfunKau47EL2dhHKon" + + vector2ThirdPath = "m/0/2147483647'/1/2147483646'" + vector2ThirdPriv = "xprvA1RpRA33e1JQ7ifknakTFpgNXPmW2YvmhqLQYMmrj4xJXXWYpDPS3xz7iAxn8L39njGVyuoseXzU6rcxFLJ8HFsTjSyQbLYnMpCqE2VbFWc" + vector2ThirdPub = "xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL" + + vector3PrivKey = "xprv9s21ZrQH143K25QhxbucbDDuQ4naNntJRi4KUfWT7xo4EKsHt2QJDu7KXp1A3u7Bi1j8ph3EGsZ9Xvz9dGuVrtHHs7pXeTzjuxBrCmmhgC6" + vector3PubKey = "xpub661MyMwAqRbcEZVB4dScxMAdx6d4nFc9nvyvH3v4gJL378CSRZiYmhRoP7mBy6gSPSCYk6SzXPTf3ND1cZAceL7SfJ1Z3GC8vBgp2epUt13" + + vector3FirstPath = "m/0'" + vector3FirstPriv = "xprv9uPDJpEQgRQfDcW7BkF7eTya6RPxXeJCqCJGHuCJ4GiRVLzkTXBAJMu2qaMWPrS7AANYqdq6vcBcBUdJCVVFceUvJFjaPdGZ2y9WACViL4L" + vector3FirstPub = "xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y" + + symmetricPrivKey = "xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U" + symmetricPubKey = "xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB" + + symmetricFirstPath = "m/0" + symmetricFirstPriv = "xprv9vHkqa6EV4sPZHYqZznhT2NPtPCjKuDKGY38FBWLvgaDx45zo9WQRUT3dKYnjwih2yJD9mkrocEZXo1ex8G81dwSM1fwqWpWkeS3v86pgKt" + symmetricFirstPub = "xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH" + + symmetricSecondPath = "m/0/2147483647'/1" + symmetricSecondPriv = "xprv9zFnWC6h2cLgpmSA46vutJzBcfJ8yaJGg8cX1e5StJh45BBciYTRXSd25UEPVuesF9yog62tGAQtHjXajPPdbRCHuWS6T8XA2ECKADdw4Ef" + symmetricSecondPub = "xpub6DF8uhdarytz3FWdA8TvFSvvAh8dP3283MY7p2V4SeE2wyWmG5mg5EwVvmdMVCQcoNJxGoWaU9DCWh89LojfZ537wTfunKau47EL2dhHKon" + + symmetricThirdPath = "m/0/2147483647'/1/2147483646'" + symmetricThirdPriv = "xprvA1RpRA33e1JQ7ifknakTFpgNXPmW2YvmhqLQYMmrj4xJXXWYpDPS3xz7iAxn8L39njGVyuoseXzU6rcxFLJ8HFsTjSyQbLYnMpCqE2VbFWc" + symmetricThirdPub = "xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL" +) + +var ( + network = Regtest() +) + +func TestNewHDPrivateKeySerialization(t *testing.T) { + + t.Run("bad key generation", func(t *testing.T) { + badKey, err := NewHDPrivateKey(randomBytes(1), network) + if badKey != nil || err == nil { + t.Errorf("keys with only 1 byte should return error, got %v, %v", badKey, err) + } + }) + + t.Run("invalid key deserialization", func(t *testing.T) { + badKey, err := NewHDPrivateKeyFromString("fooo", "m") + if badKey != nil || err == nil { + t.Errorf("bad key should only return error returned %v, %v", badKey, err) + } + + // Create a new key and set a random chain + randomKey, _ := NewHDPrivateKey(randomBytes(16), network) + randomKey.key.SetNet(&chaincfg.Params{HDPrivateKeyID: [4]byte{1, 2, 3, 4}}) + + // Parsing it should fail since we check we know the chain + badKey, err = NewHDPrivateKeyFromString(randomKey.String(), "m") + if badKey != nil || err == nil { + t.Errorf("expected failure when parsing key with fake chain, got %v, %v", badKey, err) + } + + badKey, err = NewHDPrivateKeyFromString(vector1FirstPub, "m") + if badKey != nil || err == nil { + t.Errorf("expected failure when parsing pub key as priv key, got %v, %v", badKey, err) + } + + badPubKey, err := NewHDPublicKeyFromString(vector1FirstPriv, "m") + if badPubKey != nil || err == nil { + t.Errorf("expected failure when parsing priv key as pub key, got %v, %v", badPubKey, err) + } + }) + + t.Run("test regtest address serialization", func(t *testing.T) { + // Create a new key and set regtest as chain + randomKey, _ := NewHDPrivateKey(randomBytes(16), network) + randomKey.key.SetNet(&chaincfg.RegressionNetParams) + + // Parsing it should fail since we check we know the chain + key, err := NewHDPrivateKeyFromString(randomKey.String(), "m") + if key == nil || err != nil { + t.Errorf("failed to parse regtest key, got err %v", err) + } + }) + + t.Run("Random key serialization", func(t *testing.T) { + seed := randomBytes(16) + randomKey, err := NewHDPrivateKey(seed, network) + if err != nil { + t.Fatalf("couldn't generate priv key") + } + + serialized := randomKey.String() + deserialized, err := NewHDPrivateKeyFromString(serialized, "m") + if err != nil { + t.Fatalf("failed to deserialize key") + } + + if serialized != deserialized.String() { + t.Errorf("keys are different") + } + }) + + t.Run("Child key serialization", func(t *testing.T) { + root, err := NewHDPrivateKeyFromString( + "tprv8ZgxMBicQKsPdGCzsJ31BsQnFL1TSQ82dfsZYTtsWJ1T8g7xTfnV19gf8nYPqzkzk6yLL9kzDYshmUrYyXt7uXsGbk9eN7juRxg9sjaxSjn", "m") + if err != nil { + t.Fatalf("failed to parse root key") + } + + key1, _ := root.DerivedAt(1, true) + key2, _ := key1.DerivedAt(1, true) + + const encodedKey = "tprv8e8vMhwEcLr1ZfZETKTQSpxJ6KfZuczALe8KrRCDLpSbXPwp7PY1ZVHtqUkFsYZETPRcfjVSCv8DiYP9RyAZrFhnLE8aYdaSaZEWyT5c8Ji" + if key2.String() != encodedKey { + t.Fatalf("derived key doesn't match serialized") + } + + decodedKey, _ := NewHDPrivateKeyFromString(encodedKey, "m") + + if decodedKey.String() != encodedKey { + t.Fatalf("decoded key doesn't match encoded string") + } + + }) +} + +// These tests are based on the test vectors in BIP 32 +// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#test-vectors +func TestKeyDerivation(t *testing.T) { + + testPath := func(t *testing.T, privKey *HDPrivateKey, path, priv, pub string) { + key, _ := privKey.DeriveTo(path) + if key.String() != priv { + t.Errorf("%v priv doesn't match", path) + } + + if key.PublicKey().String() != pub { + t.Errorf("%v pub doesn't match", path) + } + } + + t.Run("vector1", func(t *testing.T) { + privKey, _ := NewHDPrivateKeyFromString(vector1PrivKey, "m") + if privKey.PublicKey().String() != vector1PubKey { + t.Errorf("pub key doesnt match") + } + + testPath(t, privKey, vector1FirstPath, vector1FirstPriv, vector1FirstPub) + testPath(t, privKey, vector1SecondPath, vector1SecondPriv, vector1SecondPub) + }) + + t.Run("vector2", func(t *testing.T) { + privKey, _ := NewHDPrivateKeyFromString(vector2PrivKey, "m") + if privKey.PublicKey().String() != vector2PubKey { + t.Errorf("pub key doesnt match") + } + + testPath(t, privKey, vector2FirstPath, vector2FirstPriv, vector2FirstPub) + testPath(t, privKey, vector2SecondPath, vector2SecondPriv, vector2SecondPub) + testPath(t, privKey, vector2ThirdPath, vector2ThirdPriv, vector2ThirdPub) + }) + + t.Run("vector3", func(t *testing.T) { + privKey, _ := NewHDPrivateKeyFromString(vector3PrivKey, "m") + if privKey.PublicKey().String() != vector3PubKey { + t.Errorf("pub key doesnt match") + } + + testPath(t, privKey, vector3FirstPath, vector3FirstPriv, vector3FirstPub) + }) +} + +func TestSymmetricDerivation(t *testing.T) { + + privKey, _ := NewHDPrivateKeyFromString(symmetricPrivKey, "m") + pubKey := privKey.PublicKey() + + t.Run("basic check", func(t *testing.T) { + if pubKey.String() != symmetricPubKey { + t.Fatalf("pub key doesn't match") + } + }) + + t.Run("first path", func(t *testing.T) { + newPriv, _ := privKey.DeriveTo(symmetricFirstPath) + if newPriv.String() != symmetricFirstPriv { + t.Errorf("priv key doesn't match") + } + + if newPriv.PublicKey().String() != symmetricFirstPub { + t.Errorf("pub key doesn't match") + } + + newPub, _ := pubKey.DeriveTo(symmetricFirstPath) + if newPub.String() != newPriv.PublicKey().String() { + t.Errorf("extracted and derived pub key don't match") + } + }) + + t.Run("second path", func(t *testing.T) { + newPriv, _ := privKey.DeriveTo(symmetricSecondPath) + if newPriv.String() != symmetricSecondPriv { + t.Errorf("priv key doesn't match") + } + + if newPriv.PublicKey().String() != symmetricSecondPub { + t.Errorf("pub key doesn't match") + } + + hPriv, _ := privKey.DeriveTo("m/0/2147483647'") + newPub, _ := hPriv.PublicKey().DeriveTo(symmetricSecondPath) + if newPub.String() != newPriv.PublicKey().String() { + t.Errorf("extracted and derived pub key don't match") + } + }) + + t.Run("third path", func(t *testing.T) { + newPriv, _ := privKey.DeriveTo(symmetricThirdPath) + if newPriv.String() != symmetricThirdPriv { + t.Errorf("priv key doesn't match") + } + + if newPriv.PublicKey().String() != symmetricThirdPub { + t.Errorf("pub key doesn't match") + } + }) + + testBadDerivation := func(t *testing.T, path string) { + privKey, _ := NewHDPrivateKeyFromString(vector1PrivKey, "m/123") + pubKey := privKey.PublicKey() + + badKey, err := privKey.DeriveTo(path) + if badKey != nil || err == nil { + t.Errorf("derivation should fail got %v, %v", badKey, err) + } + + badPubKey, err := pubKey.DeriveTo(path) + if badPubKey != nil || err == nil { + t.Errorf("derivation should fail got %v, %v", badPubKey, err) + } + } + + t.Run("new path is not prefix of old path", func(t *testing.T) { + testBadDerivation(t, "m/45") + }) + + t.Run("derivation path is invalid", func(t *testing.T) { + testBadDerivation(t, "m/123/asd45") + }) +} diff --git a/hdpublickey.go b/hdpublickey.go new file mode 100644 index 0000000..09703ac --- /dev/null +++ b/hdpublickey.go @@ -0,0 +1,96 @@ +package libwallet + +import ( + "fmt" + "strings" + + "github.com/pkg/errors" + + "github.com/btcsuite/btcutil/hdkeychain" +) + +// HDPublicKey is an HD capable pub key +type HDPublicKey struct { + key hdkeychain.ExtendedKey + Network *Network + Path string +} + +// NewHDPublicKeyFromString creates an HD pub key from a base58-encoded string +// If the parsed key is private, it returns an error +func NewHDPublicKeyFromString(str, path string) (*HDPublicKey, error) { + + key, network, err := keyFromString(str) + if err != nil { + return nil, err + } + + if key.IsPrivate() { + return nil, errors.New("encoded key was not a public key") + } + + return &HDPublicKey{key: *key, Network: network, Path: path}, nil +} + +// String return the key base58-encoded +func (p *HDPublicKey) String() string { + return p.key.String() +} + +// DerivedAt derives a new child pub key +// index should be uint32 but for java compat we use int64 +func (p *HDPublicKey) DerivedAt(index int64) (*HDPublicKey, error) { + + child, err := p.key.Child(uint32(index)) + if err != nil { + return nil, err + } + + path := fmt.Sprintf("%v/%v", p.Path, index) + return &HDPublicKey{key: *child, Network: p.Network, Path: path}, nil +} + +func (p *HDPublicKey) DeriveTo(path string) (*HDPublicKey, error) { + + if !strings.HasPrefix(path, p.Path) { + return nil, errors.Errorf("derivation path %v is not prefix of the keys path %v", path, p.Path) + } + + firstPath, err := parseDerivationPath(p.Path) + if err != nil { + return nil, errors.Wrapf(err, "couldn't parse derivation path %v", p.Path) + } + + secondPath, err := parseDerivationPath(path) + if err != nil { + return nil, errors.Wrapf(err, "couldn't parse derivation path %v", path) + } + + indexes := secondPath.indexes[len(firstPath.indexes):] + derivedKey := p + for depth, index := range indexes { + if index.hardened { + return nil, errors.Errorf("can't derive a hardened pub key (path %v)", path) + } + + derivedKey, err = derivedKey.DerivedAt(int64(index.i)) + if err != nil { + return nil, errors.Wrapf(err, "failed to derive key at path %v on depth %v", path, depth) + } + } + // The generated path has no names in it, so replace it + derivedKey.Path = path + + return derivedKey, nil +} + +// Raw returns the backing EC compressed raw key +func (p *HDPublicKey) Raw() []byte { + + key, err := p.key.ECPubKey() + if err != nil { + panic("failed to extract pub key") + } + + return key.SerializeCompressed() +} diff --git a/invoice.go b/invoice.go new file mode 100644 index 0000000..a6ae0dc --- /dev/null +++ b/invoice.go @@ -0,0 +1,67 @@ +package libwallet + +import ( + fmt "fmt" + "strings" + + "github.com/lightningnetwork/lnd/zpay32" + "github.com/pkg/errors" +) + +// Invoice is muun's invoice struct +type Invoice struct { + RawInvoice string + FallbackAddress *MuunPaymentURI + Network *Network + MilliSat string + Destination []byte + PaymentHash [32]byte + Expiry int64 + Description string +} + +const lightningScheme = "lightning:" + +// ParseInvoice parses an Invoice from an invoice string and a network +func ParseInvoice(invoice string, network *Network) (*Invoice, error) { + + if strings.HasPrefix(strings.ToLower(invoice), lightningScheme) { + // Remove lightning scheme from rawInvoice + invoice = invoice[len(lightningScheme):len(invoice)] + } + + parsedInvoice, err := zpay32.Decode(invoice, network.network) + if err != nil { + return nil, errors.Wrapf(err, "Couldnt parse invoice") + } + + var fallbackAdd *MuunPaymentURI + + if parsedInvoice.FallbackAddr != nil { + fallbackAdd, err = GetPaymentURI(parsedInvoice.FallbackAddr.String(), network) + if err != nil { + return nil, errors.Wrapf(err, "Couldnt get address") + } + } + + var description string + if parsedInvoice.Description != nil { + description = *parsedInvoice.Description + } + + var milliSats string + if parsedInvoice.MilliSat != nil { + milliSats = fmt.Sprintf("%v", uint64(*parsedInvoice.MilliSat)) + } + + return &Invoice{ + RawInvoice: invoice, + FallbackAddress: fallbackAdd, + Network: network, + MilliSat: milliSats, + Destination: parsedInvoice.Destination.SerializeCompressed(), + PaymentHash: *parsedInvoice.PaymentHash, + Expiry: parsedInvoice.Timestamp.Unix() + int64(parsedInvoice.Expiry().Seconds()), + Description: description, + }, nil +} diff --git a/invoice_test.go b/invoice_test.go new file mode 100644 index 0000000..62cdb42 --- /dev/null +++ b/invoice_test.go @@ -0,0 +1,182 @@ +package libwallet + +import ( + "encoding/hex" + "reflect" + "testing" +) + +func TestParseInvoice(t *testing.T) { + + const ( + invoice = "lnbcrt1pwtpd4xpp55meuklpslk5jtxytyh7u2q490c2xhm68dm3a94486zntsg7ad4vsdqqcqzys763w70h39ze44ngzhdt2mag84wlkefqkphuy7ssg4la5gt9vcpmqts00fnapf8frs928mc5ujfutzyu8apkezhrfvydx82l40w0fckqqmerzjc" + invoiceWithAmount = "lnbcrt10u1pwtpd4jpp5lh0p9amq02xel0gduna95ta5ve9q5dwyk8tglvpa258yzzvcgynsdqqcqzysrukfteknjzcqpu8kfnm76dhdtnkmyr3j42xrl89axhqxmpgusyqhn28u2uaave3nr8sk3mg5nug6t8hcnj2aw8t2l5wtksh6w0yyntgqjrrgqk" + invoiceWithDescription = "lnbcrt1pwtpdh7pp5celcayxvuw9pm9f8420n2dyd3css8ahzlr4nl69uczhf2sf99ydqdqswe5hvcfqwpjhymmwcqzysx7gwcf9a559rxrah9yp0u7dnk4vuvq2ywy6dyqtwzna9c92q058qppmv9p094vq9g6nv46d3sc7jd8faglzjj2h0w7j06wcu2h3e27cqc5zm4d" + invoiceWithFallbackAdrr = "lnbcrt1pwtpduxpp57xglq4thtrerzzxt8wzg4wresfclewh8pk8xghahwq8kgek3qslqdqqcqzysfppqhv0a0uhrt2crdehgfge8e8e6texw3q4hpmge888yuu6076utcrhgc97wu7vydmudyagkz25ahuyp4fqrc9e945ff248cpa3krn7vvgcqq6spyuqltd245sjvwh23gz220cegadspkn3lx0" + + invoiceHashHex = "a6f3cb7c30fda925988b25fdc502a57e146bef476ee3d2d6a7d0a6b823dd6d59" + invoiceWithAmountHashHex = "fdde12f7607a8d9fbd0de4fa5a2fb4664a0a35c4b1d68fb03d550e4109984127" + invoiceWithDescriptionHashHex = "c67f8e90cce38a1d9527aa9f35348d8e2103f6e2f8eb3fe8bcc0ae954125291a" + invoiceWithFallbackAddrHashHex = "f191f0557758f23108cb3b848ab8798271fcbae70d8e645fb7700f6466d1043e" + + invoiceDestinationHex = "028cfad4e092191a41f081bedfbe5a6e8f441603c78bf9001b8fb62ac0858f20edasd" + ) + + invoiceDestination, _ := hex.DecodeString(invoiceDestinationHex) + + invoicePaymentHash := [32]byte{} + hex.Decode(invoicePaymentHash[:], []byte(invoiceHashHex)) + + invoiceWithAmountPaymentHash := [32]byte{} + hex.Decode(invoiceWithAmountPaymentHash[:], []byte(invoiceWithAmountHashHex)) + invoiceWithDescriptionPaymentHash := [32]byte{} + hex.Decode(invoiceWithDescriptionPaymentHash[:], []byte(invoiceWithDescriptionHashHex)) + invoiceWithFallbackAddrPaymentHash := [32]byte{} + hex.Decode(invoiceWithFallbackAddrPaymentHash[:], []byte(invoiceWithFallbackAddrHashHex)) + + fallbackAddr, _ := GetPaymentURI("bcrt1qhv0a0uhrt2crdehgfge8e8e6texw3q4has8jh7", network) + + type args struct { + invoice string + network *Network + } + tests := []struct { + name string + args args + want *Invoice + wantErr bool + }{ + { + name: "simple invoice", + args: args{ + invoice: invoice, + network: network, + }, + want: &Invoice{ + RawInvoice: invoice, + FallbackAddress: nil, + Network: network, + MilliSat: "", + Destination: invoiceDestination, + PaymentHash: invoicePaymentHash, + Description: "", + }, + }, + { + name: "simple invoice with scheme", + args: args{ + invoice: lightningScheme + invoice, + network: network, + }, + want: &Invoice{ + RawInvoice: invoice, + FallbackAddress: nil, + Network: network, + MilliSat: "", + Destination: invoiceDestination, + PaymentHash: invoicePaymentHash, + Description: "", + }, + }, + { + name: "simple invoice with uppercased scheme", + args: args{ + invoice: "LIGHTNING:" + invoice, + network: network, + }, + want: &Invoice{ + RawInvoice: invoice, + FallbackAddress: nil, + Network: network, + MilliSat: "", + Destination: invoiceDestination, + PaymentHash: invoicePaymentHash, + Description: "", + }, + }, + { + // -amt 1000 + name: "invoice with amount", + args: args{ + invoice: invoiceWithAmount, + network: network, + }, + want: &Invoice{ + RawInvoice: invoiceWithAmount, + FallbackAddress: nil, + Network: network, + MilliSat: "1000000", + Destination: invoiceDestination, + PaymentHash: invoiceWithAmountPaymentHash, + Description: "", + }, + }, + { + // "viva peron" + name: "invoice with description", + args: args{ + invoice: invoiceWithDescription, + network: network, + }, + want: &Invoice{ + RawInvoice: invoiceWithDescription, + FallbackAddress: nil, + Network: network, + MilliSat: "", + Destination: invoiceDestination, + PaymentHash: invoiceWithDescriptionPaymentHash, + Description: "viva peron", + }, + }, + { + // addr bcrt1qhv0a0uhrt2crdehgfge8e8e6texw3q4has8jh7 + name: "invoice with fallback address", + args: args{ + invoice: invoiceWithFallbackAdrr, + network: network, + }, + want: &Invoice{ + RawInvoice: invoiceWithFallbackAdrr, + FallbackAddress: fallbackAddr, + Network: network, + MilliSat: "", + Destination: invoiceDestination, + PaymentHash: invoiceWithFallbackAddrPaymentHash, + Description: "", + }, + }, + { + name: "invoice with invalid fallback address", + args: args{ + invoice: "lnbcrt1pwtpduxpp57xglq4thtrerzzxt8wzg4wresfclewh8pk8xghahwq8kgek3qslqdqqcqzysfppqhv0a0uhrt2crdehgfge8e8e6texw3q4hpmge888yuu6076utcrhgc97wu7vydmudyagkz25ahuyp4fqrc9e945ff248cpa3krn7vvgcqq6spyuqltd245sjvwh23gz220cegadspkn3lx0", + network: Mainnet(), + }, + wantErr: true, + }, + { + name: "malformed invoice", + args: args{ + invoice: "asdasd", + network: network, + }, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := ParseInvoice(tt.args.invoice, tt.args.network) + if (err != nil) != tt.wantErr { + t.Errorf("ParseInvoice() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != nil { + // expiry is relative to now, so ignore it + got.Expiry = 0 + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("ParseInvoice() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/keycrypter.go b/keycrypter.go new file mode 100644 index 0000000..c20f2f7 --- /dev/null +++ b/keycrypter.go @@ -0,0 +1,168 @@ +package libwallet + +import ( + "strconv" + "strings" + "unicode/utf16" + + "github.com/pkg/errors" + + "crypto/rand" + "encoding/hex" +) + +const ( + ivLength = 16 + saltLength = 8 + + scryptIterations = 512 + scryptBlockSize = 8 + scryptParallelizationFactor = 1 + + seperator = ":" +) + +type DecryptedKey struct { + Key *HDPrivateKey + Path string +} + +// KeyEncrypt encrypts an HD priv key using a user-provided secret into a string +// We use SCrypt256 for key derivation and AES-CBC-PKCS7 for encryption. +// The returned string has information about version, derivation path, scrypt and AES parameters. +func KeyEncrypt(key *HDPrivateKey, passphrase string) (string, error) { + + privateKeyBytes := []byte(key.String()) + iv := randomBytes(ivLength) + salt := randomBytes(saltLength) + + inputSecret := scrypt256(stringToBytes(passphrase), + salt, + scryptIterations, + scryptBlockSize, + scryptParallelizationFactor) + + encrypted, err := encrypt(inputSecret, iv, privateKeyBytes) + if err != nil { + return "", err + } + + derivationPathBytes := []byte(key.Path) + + elements := []string{ + "v1", + strconv.Itoa(scryptIterations), + strconv.Itoa(scryptParallelizationFactor), + strconv.Itoa(scryptBlockSize), + hex.EncodeToString(salt), + hex.EncodeToString(iv), + hex.EncodeToString(encrypted), + hex.EncodeToString(derivationPathBytes), + } + + return strings.Join(elements, seperator), nil +} + +// KeyDecrypt decrypts a key encrypted with KeyEncrypt +func KeyDecrypt(value, passphrase string) (*DecryptedKey, error) { + + elements := strings.Split(value, seperator) + + if len(elements) != 8 { + return nil, errors.New("KeyCrypter: invalid format") + } + + version := elements[0] + iterations, err := strconv.Atoi(elements[1]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid iterations: " + err.Error()) + } + + parallelizationFactor, err := strconv.Atoi(elements[2]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid p: " + err.Error()) + } + + blockSize, err := strconv.Atoi(elements[3]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid blocksize: " + err.Error()) + } + + salt, err := hex.DecodeString(elements[4]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid salt: " + err.Error()) + } + + iv, err := hex.DecodeString(elements[5]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid iv: " + err.Error()) + } + + payload, err := hex.DecodeString(elements[6]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid payload: " + err.Error()) + } + + pathBytes, err := hex.DecodeString(elements[7]) + if err != nil { + return nil, errors.New("KeyCrypter: invalid path: " + err.Error()) + } + + if version != "v1" { + return nil, errors.New("KeyCrypter: invalid version " + version) + } + + inputSecret := scrypt256(stringToBytes(passphrase), + salt, + iterations, + blockSize, + parallelizationFactor) + + decryptedBytes, err := decrypt(inputSecret, iv, payload) + if err != nil { + return nil, errors.New("KeyCrypter: failed to decrypt pk: " + err.Error()) + } + + encodedPrivateKey := string(decryptedBytes[:]) + path := string(pathBytes[:]) + + privateKey, err := NewHDPrivateKeyFromString(encodedPrivateKey, path) + if err != nil { + return nil, errors.New("KeyCrypter: failed to decode pk: " + err.Error()) + } + + return &DecryptedKey{Key: privateKey, Path: path}, nil +} + +func randomBytes(count int) []byte { + buf := make([]byte, count) + _, err := rand.Read(buf) + if err != nil { + panic("couldn't read random bytes") + } + + return buf +} + +func stringToBytes(str string) []byte { + + // You might wonder why this code exists.... + // Turns out that the scrypt implementation used in android is hardwired + // to use strings as UTF16 (which is Java's native format). So we need to + // use the same exact byte array encoding. + + // There seems no way to convert a strint to code points directly + // for range iterates strings in a rune basis, so we do that + var runes []rune + for _, rune := range str { + runes = append(runes, rune) + } + + result := make([]byte, 0) + for _, char := range utf16.Encode(runes) { + result = append(result, byte((char&0xFF00)>>8)) + result = append(result, byte(char&0x00FF)) + } + + return result +} diff --git a/keycrypter_test.go b/keycrypter_test.go new file mode 100644 index 0000000..05aa4ff --- /dev/null +++ b/keycrypter_test.go @@ -0,0 +1,81 @@ +package libwallet + +import ( + "reflect" + "testing" +) + +const ( + testPassphrase = "asdasdasd" +) + +func TestKeyCrypt(t *testing.T) { + + key, _ := NewHDPrivateKey(randomBytes(16), Regtest()) + key, _ = key.DeriveTo("m/123'/1") + + t.Run("simple encrypt", func(t *testing.T) { + _, err := KeyEncrypt(key, testPassphrase) + if err != nil { + t.Errorf("KeyEncrypt() error = %v", err) + return + } + }) + + t.Run("encrypt & decrypt", func(t *testing.T) { + + encrypted, err := KeyEncrypt(key, testPassphrase) + if err != nil { + t.Fatalf("KeyEncrypt() error = %v", err) + } + + decrypted, err := KeyDecrypt(encrypted, testPassphrase) + if err != nil { + t.Fatalf("KeyEncrypt() error = %v", err) + } + + if decrypted.Key.String() != key.String() { + t.Errorf("KeyEncrypt() expected key %v got %v", key, decrypted.Key) + } + + if decrypted.Path != key.Path { + t.Errorf("KeyEncrypt() expected path %v got %v", key.Path, decrypted.Path) + } + }) + + t.Run("bad passpharse", func(t *testing.T) { + + encrypted, err := KeyEncrypt(key, testPassphrase) + if err != nil { + t.Fatalf("KeyEncrypt() error = %v", err) + } + + _, err = KeyDecrypt(encrypted, testPassphrase+"foo") + if err == nil { + t.Fatalf("expected decryption error") + } + }) +} + +func Test_stringToBytes(t *testing.T) { + type args struct { + str string + } + tests := []struct { + name string + args args + want []byte + }{ + {name: "no data", args: args{str: ""}, want: []byte{}}, + {name: "one char", args: args{str: "a"}, want: []byte{0, 97}}, + {name: "multi byte char", args: args{str: "€"}, want: []byte{0x20, 0xAC}}, + {name: "complex string", args: args{str: "€aह"}, want: []byte{0x20, 0xAC, 0, 97, 0x09, 0x39}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := stringToBytes(tt.args.str); !reflect.DeepEqual(got, tt.want) { + t.Errorf("stringToBytes() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/network.go b/network.go new file mode 100644 index 0000000..17dec5a --- /dev/null +++ b/network.go @@ -0,0 +1,34 @@ +package libwallet + +import ( + "github.com/btcsuite/btcd/chaincfg" +) + +// Network has the parameters for operating in a given Bitcoin network +type Network struct { + network *chaincfg.Params +} + +func newNetwork(params *chaincfg.Params) *Network { + return &Network{network: params} +} + +// Mainnet returns an instance of the Bitcoin Main Network +func Mainnet() *Network { + return &Network{network: &chaincfg.MainNetParams} +} + +// Testnet returns an instance of the Bitcoin Test Network +func Testnet() *Network { + return &Network{network: &chaincfg.TestNet3Params} +} + +// Regtest returns an instance of the Bitcoin Regression Network +func Regtest() *Network { + return &Network{network: &chaincfg.RegressionNetParams} +} + +// Name returns the Network's name +func (n *Network) Name() string { + return n.network.Name +} diff --git a/network_test.go b/network_test.go new file mode 100644 index 0000000..eafef60 --- /dev/null +++ b/network_test.go @@ -0,0 +1,75 @@ +package libwallet + +import ( + "reflect" + "testing" + + "github.com/btcsuite/btcd/chaincfg" +) + +func TestMainnet(t *testing.T) { + tests := []struct { + name string + want *Network + }{ + {name: "Get", want: &Network{network: &chaincfg.MainNetParams}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := Mainnet(); !reflect.DeepEqual(got, tt.want) { + t.Errorf("Mainnet() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestTestnet(t *testing.T) { + tests := []struct { + name string + want *Network + }{ + {name: "Get", want: &Network{network: &chaincfg.TestNet3Params}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := Testnet(); !reflect.DeepEqual(got, tt.want) { + t.Errorf("Testnet() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRegtest(t *testing.T) { + tests := []struct { + name string + want *Network + }{ + {name: "Get", want: &Network{network: &chaincfg.RegressionNetParams}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := Regtest(); !reflect.DeepEqual(got, tt.want) { + t.Errorf("Regtest() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestNetwork_Name(t *testing.T) { + tests := []struct { + name string + instance *Network + want string + }{ + {name: "regtest", instance: Regtest(), want: "regtest"}, + {name: "mainnet", instance: Mainnet(), want: "mainnet"}, + {name: "testnet", instance: Testnet(), want: "testnet3"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := tt.instance.Name(); got != tt.want { + t.Errorf("Network.Name() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/partiallysignedtransaction.go b/partiallysignedtransaction.go new file mode 100644 index 0000000..dc86e86 --- /dev/null +++ b/partiallysignedtransaction.go @@ -0,0 +1,149 @@ +package libwallet + +import ( + "bytes" + "encoding/hex" + + "github.com/btcsuite/btcd/wire" + "github.com/pkg/errors" +) + +type MuunAddress interface { + Version() int + DerivationPath() string + Address() string +} + +// TODO: Change name +type RedeemableAddress interface { + RedeemScript() []byte +} + +type Outpoint interface { + TxId() []byte + Index() int + Amount() int64 +} + +type InputSubmarineSwap interface { + RefundAddress() string + PaymentHash256() []byte + ServerPublicKey() []byte + LockTime() int64 +} + +type Input interface { + OutPoint() Outpoint + Address() MuunAddress + UserSignature() []byte + MuunSignature() []byte + SubmarineSwap() InputSubmarineSwap +} + +type PartiallySignedTransaction struct { + tx *wire.MsgTx + inputs []Input +} + +type Transaction struct { + Hash string + Bytes []byte +} + +func NewPartiallySignedTransaction(hexTx string) (*PartiallySignedTransaction, error) { + + rawTx, err := hex.DecodeString(hexTx) + if err != nil { + return nil, errors.Wrapf(err, "failed to decode hex tx") + } + + tx := wire.NewMsgTx(0) + err = tx.BtcDecode(bytes.NewBuffer(rawTx), 0, wire.WitnessEncoding) + if err != nil { + return nil, errors.Wrapf(err, "failed to decode tx") + } + + return &PartiallySignedTransaction{tx: tx, inputs: []Input{}}, nil +} + +func (p *PartiallySignedTransaction) AddInput(input Input) { + p.inputs = append(p.inputs, input) +} + +func (p *PartiallySignedTransaction) Sign(key *HDPrivateKey, muunKey *HDPublicKey) (*Transaction, error) { + + for i, input := range p.inputs { + + derivedKey, err := key.DeriveTo(input.Address().DerivationPath()) + if err != nil { + return nil, errors.Wrapf(err, "failed to derive user key") + } + + derivedMuunKey, err := muunKey.DeriveTo(input.Address().DerivationPath()) + if err != nil { + return nil, errors.Wrapf(err, "failed to derive muun key") + } + + var txIn *wire.TxIn + + switch AddressVersion(input.Address().Version()) { + case addressV1: + txIn, err = addUserSignatureInputV1(input, i, p.tx, derivedKey) + case addressV2: + txIn, err = addUserSignatureInputV2(input, i, p.tx, derivedKey, derivedMuunKey) + case addressV3: + txIn, err = addUserSignatureInputV3(input, i, p.tx, derivedKey, derivedMuunKey) + case addressSubmarineSwap: + txIn, err = addUserSignatureInputSubmarineSwap(input, i, p.tx, derivedKey, derivedMuunKey) + default: + return nil, errors.Errorf("cant sign transaction of version %v", input.Address().Version()) + } + + if err != nil { + return nil, errors.Wrapf(err, "failed to sign input using version %v", input.Address().Version()) + } + + p.tx.TxIn[i] = txIn + } + + var writer bytes.Buffer + err := p.tx.BtcEncode(&writer, 0, wire.WitnessEncoding) + if err != nil { + return nil, errors.Wrapf(err, "failed to encode tx") + } + + return &Transaction{ + Hash: p.tx.TxHash().String(), + Bytes: writer.Bytes(), + }, nil + +} + +func (p *PartiallySignedTransaction) MuunSignatureForInput(index int, userKey *HDPublicKey, + muunKey *HDPrivateKey) ([]byte, error) { + + input := p.inputs[index] + + derivedUserKey, err := userKey.DeriveTo(input.Address().DerivationPath()) + if err != nil { + return nil, errors.Wrapf(err, "failed to derive user key") + } + + derivedMuunKey, err := muunKey.DeriveTo(input.Address().DerivationPath()) + if err != nil { + return nil, errors.Wrapf(err, "failed to derive muun key") + } + + switch AddressVersion(input.Address().Version()) { + case addressV1: + return []byte{}, nil + case addressV2: + return signInputV2(input, index, p.tx, derivedUserKey, derivedMuunKey.PublicKey(), derivedMuunKey) + case addressV3: + return signInputV3(input, index, p.tx, derivedUserKey, derivedMuunKey.PublicKey(), derivedMuunKey) + case addressSubmarineSwap: + return nil, errors.New("cant sign arbitrary submarine swap inputs") + } + + return nil, errors.New("unknown address scheme") +} \ No newline at end of file diff --git a/partiallysignedtransaction_test.go b/partiallysignedtransaction_test.go new file mode 100644 index 0000000..f3a394d --- /dev/null +++ b/partiallysignedtransaction_test.go @@ -0,0 +1,350 @@ +package libwallet + +import ( + "bytes" + "encoding/hex" + "testing" + + "github.com/btcsuite/btcd/txscript" + "github.com/btcsuite/btcd/wire" +) + +const ( + basePath = "m/schema:1'/recovery:1'" +) + +type input struct { + outpoint outpoint + address muunAddress + userSignature []byte + muunSignature []byte + submarineSwap inputSubmarineSwap +} + +func (i *input) OutPoint() Outpoint { + return &i.outpoint +} + +func (i *input) Address() MuunAddress { + return &i.address +} + +func (i *input) UserSignature() []byte { + return i.userSignature +} + +func (i *input) MuunSignature() []byte { + return i.muunSignature +} + +func (i *input) SubmarineSwap() InputSubmarineSwap { + return &i.submarineSwap +} + +type outpoint struct { + txId []byte + index int + amount int64 +} + +func (o *outpoint) TxId() []byte { + return o.txId +} + +func (o *outpoint) Index() int { + return o.index +} + +func (o *outpoint) Amount() int64 { + return o.amount +} + +type inputSubmarineSwap struct { + refundAddress string + paymentHash256 []byte + serverPublicKey []byte + lockTime int64 +} + +func (i *inputSubmarineSwap) RefundAddress() string { + return i.refundAddress +} + +func (i *inputSubmarineSwap) PaymentHash256() []byte { + return i.paymentHash256 +} + +func (i *inputSubmarineSwap) ServerPublicKey() []byte { + return i.serverPublicKey +} + +func (i *inputSubmarineSwap) LockTime() int64 { + return i.lockTime +} + +func TestPartillySignedTransaction_SignV1(t *testing.T) { + const ( + hexTx = "0100000001706bcabdcdcfd519bdb4534f8ace9f8a3cd614e7b00f074cce0a58913eadfffb0100000000ffffffff022cf46905000000001976a914072b22dfb34153d4e084dce8c6655430d37f12d088aca4de8b00000000001976a914fded0987447ef3273cde87bf8b65a11d1fd9caca88ac00000000" + hexTxOut = "fbffad3e91580ace4c070fb0e714d63c8a9fce8a4f53b4bd19d5cfcdbdca6b70" + txIndex = 1 + txAmount = 100000000 + + addressPath = "m/schema:1'/recovery:1'/external:1/1" + originAddress = "n4fbDDpmfZgyjHsp93C5z7rd68Wq5kS2tj" + + encodedUserKey = "tprv8eJiUjHpVRyTUM1p4XDRUdRZPJLfud22swAv48my1MxaCZztUNRrWxmN6ycdd9a2xfJwLchq5jW9m2jkNpwruijwvygCv41e6YrsqUvw7hQ" + ) + + txOut1, _ := hex.DecodeString(hexTxOut) + + inputs := []Input{ + &input{ + outpoint: outpoint{index: txIndex, amount: txAmount, txId: txOut1}, + address: muunAddress{address: originAddress, derivationPath: addressPath, version: addressV1}, + }, + } + + partial, _ := NewPartiallySignedTransaction(hexTx) + partial.inputs = inputs + + userKey, _ := NewHDPrivateKeyFromString(encodedUserKey, basePath) + // We dont need to use the muunKey in V1 + signedRawTx, err := partial.Sign(userKey, userKey.PublicKey()) + + if err != nil { + t.Fatalf("failed to sign tx due to %v", err) + } + + signedTx := wire.NewMsgTx(0) + signedTx.BtcDecode(bytes.NewBuffer(signedRawTx.Bytes), 0, wire.WitnessEncoding) + + verifyInput(t, signedTx, hexTx, txIndex, 0) + +} +func TestPartiallySignedTransaction_SignV2(t *testing.T) { + + const ( + hexTx = "0100000004f3c15d23060a622bef5e0346ba3410ec118b959be0058c282a1e2045af511b720100000000ffffffffb8ac53a0702e45f7d0164cf6164b48fe66b56af23308e9478cb75e3a2627b74a0100000000ffffffff4e54dc96b07fb29f709c30007fc12abdcde6a20bcad73c8ec6124f34ce096f9b0000000000ffffffff4c11c4284a8e48baa4527fd26e7d0c3dda25ffb3a7f92aa2a248b5a76981d8a40000000000ffffffff01a9cbea0b0000000017a914dfca2abd2bb72cf911940a9d16de126cc1cd60368700000000" + + txIndex1 = 1 + txAmount1 = 50000000 + hexTxOut1 = "721b51af45201e2a288c05e09b958b11ec1034ba46035eef2b620a06235dc1f3" + hexMuunSig1 = "3045022100d07028674c49d8dabc536db47f1371c2f61fc578cb2c8797a570e3176f5e91c902206a83db8ad5b63e88c48d0ae4e67646fcf6e33d0177a88996c15b280494885e7b01" + hexTx1 = "0200000001020678c852c6d943cf0d3a9b5102b1a4e2ebccdb4ca2eaae7731c8f59b81172a000000004847304402204a3958c1bd6abcd7b5ec2291bd43391dcfe757068ff0e340dd8f502cb25435b0022076e865730e49e4d126b94675d276545e35afa84feea2873bb5f923b842d90f4801feffffff0224bf45220000000017a914cb81f4e1ff68249e6f4f17a7995007b5a478705b8780f0fa020000000017a914dfca2abd2bb72cf911940a9d16de126cc1cd60368794020000" + + txIndex2 = 1 + txAmount2 = 50000000 + hexTxOut2 = "4ab727263a5eb78c47e90833f26ab566fe484b16f64c16d0f7452e70a053acb8" + hexMuunSig2 = "304402201b0c35179a5fa8e6255115450979a77dbb97d89157e236783df0312a5d7bdb2c022064bae7ad0cdc72e4339421067cc65e0c3d03690a5c2d98c32a6ef67f883558a001" + hexTx2 = "0200000001ff3f3b16506ef957b9ea80287f276ee415380597a4ede7ae45fff6e18d3e13d8000000004847304402204dbe876d7f0761a72ecc2d0e0e45c1ab32d6bd69d5062068984e26af02c4b27102202f2bd18a17821bdce155b13ea2c379bb78c9157f7f44e2e6a8cef1a154ec68ac01feffffff0224bf45220000000017a914684830d4ef58c54b6b3db6b4a3eb7818d418ae258780f0fa020000000017a914dfca2abd2bb72cf911940a9d16de126cc1cd60368794020000" + + txIndex3 = 0 + txAmount3 = 50000000 + hexTxOut3 = "9b6f09ce344f12c68e3cd7ca0ba2e6cdbd2ac17f00309c709fb27fb096dc544e" + hexMuunSig3 = "30440220076b14b1c906089546cb40ce05dab38f0388ca65d0bc5183d3c3f7dcb98be52c022001eea4635d56726d990daa92ac26c52c9030c96dddcc92e5d623546580aaaef401" + hexTx3 = "02000000019fdde3b7eb40584d103a04dd253ffa0ceb458776db56fbee6489aee0d34402d6000000004847304402206abfb750561acac1be3d6ec3eabc1c88ac7ce11f28f5c8162428ce78dabb4d8e0220753c03bf8b9af9c9bf592f52586d39d8aa10c1111f105fea0ce0cf5c82a4574101feffffff0280f0fa020000000017a914dfca2abd2bb72cf911940a9d16de126cc1cd60368724bf45220000000017a9148d7814264268f1f0f98870f95dc69017bd0cce708794020000" + + txIndex4 = 0 + txAmount4 = 50000000 + hexTxOut4 = "a4d88169a7b548a2a22af9a7b3ff25da3d0c7d6ed27f52a4ba488e4a28c4114c" + hexMuunSig4 = "30440220145dcce0bf6cceda98b3a9635bd7611d92085ff3ad27690bcf471a6b39620e6c02205ca0a0bd93550e86468e236b291457a3ff84a3b5dedeb10067cc9d3233b5dafa01" + hexTx4 = "02000000019d657207178c19bb4fd45de6a5f83caadf86bd7519e1569c8daf078a46e565310000000048473044022033c864f4a6ab42ba29d09bb2dd110e55a3c4118fd0a68cbe5c461926cc64d3e9022029a5b57a2a6e24e6f66f4354b74d7ffc7affa6d43843797faa70c84ec47b7b8501feffffff0280f0fa020000000017a914dfca2abd2bb72cf911940a9d16de126cc1cd60368724bf45220000000017a914b392913e36a7017404c60424da4ebb48a53b5bb18794020000" + + addressPath = "m/schema:1'/recovery:1'/external:1/0" + originAddress = "2NDeWrsJEwvxwVnvtWzPjhDC5B2LYkFuX2s" + + encodedMuunKey = "tpubDBYMnFoxYLdMBZThTk4uARTe4kGPeEYWdKcaEzaUxt1cesetnxtTqmAxVkzDRou51emWytommyLWcF91SdF5KecA6Ja8oHK1FF7d5U2hMxX" + encodedUserKey = "tprv8dfM4H5fYJirMai5Er3LguicgUAyxmcSQbFub5ens16amX1e1HAFiW4SXnFVw9nu9FedFQqTPGTTjPEmgfvvXMKww3UcRpFbbC4DFjbCcTb" + basePath = "m/schema:1'/recovery:1'" + ) + + txOut1, _ := hex.DecodeString(hexTxOut1) + muunSig1, _ := hex.DecodeString(hexMuunSig1) + txOut2, _ := hex.DecodeString(hexTxOut2) + muunSig2, _ := hex.DecodeString(hexMuunSig2) + txOut3, _ := hex.DecodeString(hexTxOut3) + muunSig3, _ := hex.DecodeString(hexMuunSig3) + txOut4, _ := hex.DecodeString(hexTxOut4) + muunSig4, _ := hex.DecodeString(hexMuunSig4) + + inputs := []Input{ + &input{ + outpoint: outpoint{index: txIndex1, amount: txAmount1, txId: txOut1}, + address: muunAddress{address: originAddress, derivationPath: addressPath, version: 2}, + muunSignature: muunSig1}, + &input{ + outpoint: outpoint{index: txIndex2, amount: txAmount2, txId: txOut2}, + address: muunAddress{address: originAddress, derivationPath: addressPath, version: 2}, + muunSignature: muunSig2}, + &input{ + outpoint: outpoint{index: txIndex3, amount: txAmount3, txId: txOut3}, + address: muunAddress{address: originAddress, derivationPath: addressPath, version: 2}, + muunSignature: muunSig3}, + &input{ + outpoint: outpoint{index: txIndex4, amount: txAmount4, txId: txOut4}, + address: muunAddress{address: originAddress, derivationPath: addressPath, version: 2}, + muunSignature: muunSig4}, + } + + partial, _ := NewPartiallySignedTransaction(hexTx) + partial.inputs = inputs + + muunKey, _ := NewHDPublicKeyFromString(encodedMuunKey, basePath) + userKey, _ := NewHDPrivateKeyFromString(encodedUserKey, basePath) + signedRawTx, err := partial.Sign(userKey, muunKey) + + if err != nil { + t.Fatalf("failed to sign tx due to %v", err) + } + + signedTx := wire.NewMsgTx(0) + signedTx.BtcDecode(bytes.NewBuffer(signedRawTx.Bytes), 0, wire.WitnessEncoding) + + verifyInput(t, signedTx, hexTx1, txIndex1, 0) + verifyInput(t, signedTx, hexTx2, txIndex2, 0) + verifyInput(t, signedTx, hexTx3, txIndex3, 0) + verifyInput(t, signedTx, hexTx4, txIndex4, 0) + +} + +func TestPartiallySignedTransaction_SignV3(t *testing.T) { + const ( + hexTx = "01000000014a4ca718419999e9bfb675dc9f7deff6b65512c11469a23d169038267cd097040100000000ffffffff02916067590000000017a91437a2fceeb0c454b22b427c34eb565d8b1dc953ed8797c400000000000017a9142b0cabe5d058bc3c58f8a656dec2601d117262538700000000" + + txIndex1 = 1 + txAmount1 = 1500000000 + hexTxOut1 = "0497d07c263890163da26914c11255b6f6ef7d9fdc75b6bfe999994118a74c4a" + hexMuunSig1 = "3045022100d138caf8d3c19db84363b33e1ad002e1aee7907302ab5110edaf78d980c94e48022019e841da8759f63596fbcd81a3544219573288877206f8f651cae1023c397f0c01" + hexTx1 = "02000000014f1e7a952c72670bf03a040faa183687ec8c9e0fb7adf606d1ce13395fb663000000000017160014a89e2ded102b2dde96e8bc87219113c6d31a1fe4feffffff02240e5ea9cf00000017a9142773c1a1651ad774f4b867d955ae8b816ac806ad87002f68590000000017a9142b0cabe5d058bc3c58f8a656dec2601d117262538736010000" + + encodedMuunKey = "tpubDABPYHYrYQHXY2pYFdcsFd41aE2uZmMQZpRRGiKfgz7G7nU7PoSwrzMKeHHnoMjmn9woC87coUanF2T911R8X5HpUtZRJRf56u4r51gTrqD" + encodedUserKey = "tprv8ezdJAiJTZz4BJo1VysKviVqto1f8CAS3d2M9LWZ5oygiMrtb6NYcPnkWTcdP8b2AuKVVegnWe3Czzo7geDqH2MzXvzDu1SiKucVAG6KFvE" + + addressPath = "m/schema:1'/recovery:1'/external:1/0" + originAddress = "2MwArDxm83HCWKvoLKcKAg1Nv6ZG7fWYzMa" + ) + + txOut1, _ := hex.DecodeString(hexTxOut1) + muunSig1, _ := hex.DecodeString(hexMuunSig1) + + inputs := []Input{ + &input{ + outpoint: outpoint{index: txIndex1, amount: txAmount1, txId: txOut1}, + address: muunAddress{address: originAddress, derivationPath: addressPath, version: addressV3}, + muunSignature: muunSig1}, + } + + partial, _ := NewPartiallySignedTransaction(hexTx) + partial.inputs = inputs + + muunKey, _ := NewHDPublicKeyFromString(encodedMuunKey, basePath) + userKey, _ := NewHDPrivateKeyFromString(encodedUserKey, basePath) + signedRawTx, err := partial.Sign(userKey, muunKey) + + if err != nil { + t.Fatalf("failed to sign tx due to %v", err) + } + + signedTx := wire.NewMsgTx(0) + signedTx.BtcDecode(bytes.NewBuffer(signedRawTx.Bytes), 0, wire.WitnessEncoding) + + verifyInput(t, signedTx, hexTx1, txIndex1, 0) +} + +func TestPartiallySignedTransaction_SignSubmarineSwap(t *testing.T) { + const ( + hexTx = "01000000021a608c7d6e40586806c33b3b1036fbd305c37e9d38990d912cc02de7e7cec05e0000000000fffffffff18bce10875329410641316bf7c4d984e00780174b6983080e9225dc26e5bd8c0100000000feffffff01705bc0230000000017a91470fcbc29723c85fdbf9fb5189220f279e9be4508878f030000" + + txIndex1 = 0 + txAmount1 = 599817960 + hexTxOut1 = "5ec0cee7e72dc02c910d99389d7ec305d3fb36103b3bc3066858406e7d8c601a" + hexTx1 = "0100000006f65ae1c782a5b37795a203a8820719100b1c82f59a4aa1cf3bbcc121442636a50000000023220020f1dcb100a8f4249af53e2ef831e2164545f329a5e8cda589210c033896cd1f12fffffffff21cc482a9359d2762f0a3621eb825e4e728b848588767aecdd8f906833e578e0100000023220020f1dcb100a8f4249af53e2ef831e2164545f329a5e8cda589210c033896cd1f12ffffffff68b507462f19a913b7a6a2a6956cd1c514e66b669d50b3f6228cc21935b78b7f00000000232200203ec9de492dfda91c6d7e84a14f478b1fd6c4b3432aeb4262482133975f94e8f2fffffffff18bce10875329410641316bf7c4d984e00780174b6983080e9225dc26e5bd8c00000000232200209f60ba93792ab212523ad6e6daaefb06d3d0c14ba02ddeaa38582031578bbbd3ffffffff741c42cabd1464b5752e4050acc9d9dfa7ccb296d3847a0e7da6d90effa0d80b0000000023220020d4cf5b8c1ddaa1e2788596655df089cbe10ad33bae149160e07dd76b54e2a1e3ffffffffa609573ae63856433d80793d44d05b077b2c5ef1cc04d820de0d107303ce831b0000000023220020b90f5d2eaf489a24ec6f6d93a47536145fbae13b745fbc7ef9fc5a16d1fa2408ffffffff01e87ec0230000000017a91417c1f13d6ba17a62d6f1f784927c0d45ba22f6fa8700000000" + txAddressPath1 = "m/schema:1'/recovery:1'/external:1/2" + txAddress1 = "2MuQqs3e42GpYteWDGEN16TqCQDC8oGCpiV" + txMuunSigHex1 = "3044022032b35746170883b2f46c2f14019eb95e2e7e4d800248e6a8b372e504dc48674b02202ff47b29abf8f1be8719e757cbd218a4111c214b0c1aa4bdfc7debaf1b46880f01" + + txIndex2 = 1 + txAmount2 = 18400 + hexTxOut2 = "8cbde526dc25920e0883694b178007e084d9c4f76b3141064129538710ce8bf1" + hexTx2 = "0100000001c00ee241359fa47d45f4f08b67e37f7a31ebe996da59513dfc6c5af97a3959610100000023220020f1dcb100a8f4249af53e2ef831e2164545f329a5e8cda589210c033896cd1f12ffffffff02a064f5050000000017a914d2bf8b44779443e9a7571ab416c72cdee9e9d06e87e04700000000000017a9140c02072aee07d46ab06edb7d75d538c133ebd8c38700000000" + txAddressPath2 = "m/schema:1'/recovery:1'/change:0/7" + txAddress2 = "2MtLiXVbDBQdHKDAKwAL5AnsTo6LoCakjvg" + txPaymentHashHex2 = "0634be42f7a600c0457ace25f2502e9e473b7d5f0e50172dcce25044c8538936" + txServerPubKeyHex2 = "035560f6c13e630b4a4b58dac162d4cebd97eb7a96c7ba3636a0bece5c19c2c6dd" + txLockTime2 = 911 + txRefundAddress2 = "n3yUtyw6xAnYNpfkbuVKPSqnGdbqsLNePr" + + encodedMuunKey = "tpubDBZaivUL3Hv8r25JDupShPuWVkGcwM7NgbMBwkhQLfWu18iBbyQCbRdyg1wRMjoWdZN7Afg3F25zs4c8E6Q4VJrGqAw51DJeqacTFABV9u8" + encodedUserKey = "tprv8fFtghPy2BsdB8nrBZcrHSihQDb65yVJa5DfLcFdtjnRc8SQcV4d59hZAzn2auLdEom9KscWv5JAuxUG65gDYiBxwbGarcix7H2Vp8xXPnX" + ) + + txOut1, _ := hex.DecodeString(hexTxOut1) + txOut2, _ := hex.DecodeString(hexTxOut2) + + muunSig1, _ := hex.DecodeString(txMuunSigHex1) + paymentHash2, _ := hex.DecodeString(txPaymentHashHex2) + serverPubKey2, _ := hex.DecodeString(txServerPubKeyHex2) + + inputs := []Input{ + &input{ + outpoint: outpoint{index: txIndex1, amount: txAmount1, txId: txOut1}, + address: muunAddress{address: txAddress1, derivationPath: txAddressPath1, version: addressV3}, + muunSignature: muunSig1, + }, + &input{ + outpoint: outpoint{index: txIndex2, amount: txAmount2, txId: txOut2}, + address: muunAddress{address: txAddress2, derivationPath: txAddressPath2, version: addressSubmarineSwap}, + submarineSwap: inputSubmarineSwap{ + refundAddress: txRefundAddress2, + paymentHash256: paymentHash2, + serverPublicKey: serverPubKey2, + lockTime: txLockTime2, + }, + }, + } + + partial, _ := NewPartiallySignedTransaction(hexTx) + partial.inputs = inputs + + muunKey, _ := NewHDPublicKeyFromString(encodedMuunKey, basePath) + userKey, _ := NewHDPrivateKeyFromString(encodedUserKey, basePath) + signedRawTx, err := partial.Sign(userKey, muunKey) + + if err != nil { + t.Fatalf("failed to sign tx due to %v", err) + } + + signedTx := wire.NewMsgTx(0) + signedTx.BtcDecode(bytes.NewBuffer(signedRawTx.Bytes), 0, wire.WitnessEncoding) + + verifyInput(t, signedTx, hexTx1, txIndex1, 0) + verifyInput(t, signedTx, hexTx2, txIndex2, 1) +} + +func verifyInput(t *testing.T, signedTx *wire.MsgTx, hexPrevTx string, prevIndex, index int) { + + // Uncomment the next block if you need to see what the script engine outputs + txscript.DisableLog() + // logger := btclog.NewBackend(os.Stderr).Logger("test") + // logger.SetLevel(btclog.LevelTrace) + // txscript.UseLogger(logger) + + prevTx := wire.NewMsgTx(0) + + rawPrevTx, _ := hex.DecodeString(hexPrevTx) + prevTx.BtcDecode(bytes.NewBuffer(rawPrevTx), 0, wire.WitnessEncoding) + + flags := txscript.ScriptBip16 | txscript.ScriptVerifyDERSignatures | + txscript.ScriptStrictMultiSig | txscript.ScriptDiscourageUpgradableNops | + txscript.ScriptVerifyStrictEncoding | txscript.ScriptVerifyLowS | + txscript.ScriptVerifyWitness | txscript.ScriptVerifyCheckLockTimeVerify + + vm, err := txscript.NewEngine(prevTx.TxOut[prevIndex].PkScript, signedTx, index, flags, nil, nil, prevTx.TxOut[prevIndex].Value) + if err != nil { + t.Fatalf("failed to build script engine: %v", err) + } + + if err := vm.Execute(); err != nil { + t.Fatalf("failed to verify script: %v", err) + } +} diff --git a/ripemd160.go b/ripemd160.go new file mode 100644 index 0000000..fbd6af4 --- /dev/null +++ b/ripemd160.go @@ -0,0 +1,15 @@ +package libwallet + +import ( + hash "golang.org/x/crypto/ripemd160" +) + +func ripemd160(data []byte) []byte { + hasher := hash.New() + _, err := hasher.Write(data) + if err != nil { + panic("failed to hash") + } + + return hasher.Sum([]byte{}) +} diff --git a/ripemd160_test.go b/ripemd160_test.go new file mode 100644 index 0000000..27f1cd8 --- /dev/null +++ b/ripemd160_test.go @@ -0,0 +1,42 @@ +package libwallet + +import ( + "reflect" + "testing" +) + +func Test_ripemd160(t *testing.T) { + type args struct { + data []byte + } + tests := []struct { + name string + args args + want []byte + }{ + {name: "simple", + args: args{data: []byte{1, 2, 3}}, + want: []byte{121, 249, 1, 218, 38, 9, 240, 32, 173, 173, 191, 46, 95, 104, 161, 108, 140, 63, 125, 87}}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := ripemd160(tt.args.data); !reflect.DeepEqual(got, tt.want) { + t.Errorf("ripemd160() = %v, want %v", got, tt.want) + } + }) + } + + t.Run("random input", func(t *testing.T) { + small := randomBytes(8) + smallRes := ripemd160(small) + if smallRes == nil || len(smallRes) != 20 { + t.Errorf("result is not of expected size for input (%v, %v)", smallRes, small) + } + + big := randomBytes(120) + bigRes := ripemd160(big) + if bigRes == nil || len(bigRes) != 20 { + t.Errorf("result is not of expected size for input (%v, %v)", bigRes, big) + } + }) +} diff --git a/scrypt.go b/scrypt.go new file mode 100644 index 0000000..431ddf9 --- /dev/null +++ b/scrypt.go @@ -0,0 +1,27 @@ +package libwallet + +import ( + "golang.org/x/crypto/scrypt" +) + +const ( + iterations = 512 + blockSize = 8 + parallelizationFactor = 1 + outputLength = 32 +) + +func Scrypt256(data, salt []byte) []byte { + return scrypt256(data, salt, iterations, blockSize, parallelizationFactor) +} + +func scrypt256(data, salt []byte, iterations, blockSize, parallelizationFactor int) []byte { + + key, err := scrypt.Key(data, salt, iterations, blockSize, parallelizationFactor, outputLength) + + if err != nil { + panic("scrypt parameters are bad") + } + + return key +} diff --git a/segwit.go b/segwit.go new file mode 100644 index 0000000..7dd3f57 --- /dev/null +++ b/segwit.go @@ -0,0 +1,46 @@ +package libwallet + +import ( + "crypto/sha256" + + "github.com/btcsuite/btcd/txscript" + "github.com/btcsuite/btcd/wire" + "github.com/pkg/errors" +) + +func createNonNativeSegwitRedeemScript(witnessScript []byte) ([]byte, error) { + witnessScriptHash := sha256.Sum256(witnessScript) + + builder := txscript.NewScriptBuilder() + builder.AddInt64(0) + builder.AddData(witnessScriptHash[:]) + + return builder.Script() +} + +func signNonNativeSegwitInput(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey, + redeemScript, witnessScript []byte) ([]byte, error) { + + txInput := tx.TxIn[index] + + builder := txscript.NewScriptBuilder() + builder.AddData(redeemScript) + script, err := builder.Script() + if err != nil { + return nil, errors.Wrapf(err, "failed to generate signing script") + } + txInput.SignatureScript = script + + privKey, err := privateKey.key.ECPrivKey() + if err != nil { + return nil, errors.Wrapf(err, "failed to produce EC priv key for signing") + } + + sigHashes := txscript.NewTxSigHashes(tx) + sig, err := txscript.RawTxInWitnessSignature(tx, sigHashes, index, input.OutPoint().Amount(), witnessScript, txscript.SigHashAll, privKey) + if err != nil { + return nil, errors.Wrapf(err, "failed to sign V3 input") + } + + return sig, nil +} diff --git a/submarineSwap.go b/submarineSwap.go new file mode 100644 index 0000000..e60089a --- /dev/null +++ b/submarineSwap.go @@ -0,0 +1,215 @@ +package libwallet + +import ( + "bytes" + "crypto/sha256" + "encoding/hex" + + "github.com/btcsuite/btcd/txscript" + "github.com/btcsuite/btcd/wire" + "github.com/btcsuite/btcutil" + "github.com/pkg/errors" +) + +type SubmarineSwap interface { + SwapUuid() string + Invoice() string + Receiver() SubmarineSwapReceiver + FundingOutput() SubmarineSwapFundingOutput + + PreimageInHex() string +} + +type SubmarineSwapReceiver interface { + Alias() string + PublicKey() string +} + +type SubmarineSwapFundingOutput interface { + OutputAddress() string + OutputAmount() int64 + ConfirmationsNeeded() int + UserLockTime() int64 + UserRefundAddress() MuunAddress + ServerPaymentHashInHex() string + ServerPublicKeyInHex() string +} + +func CreateAddressSubmarineSwap(publicKey *HDPublicKey) (MuunAddress, error) { + pubkey, err := btcutil.NewAddressPubKey(publicKey.Raw(), publicKey.Network.network) + if err != nil { + return nil, err + } + + pubkeyHash := pubkey.AddressPubKeyHash() + address := pubkeyHash.String() + + return &muunAddress{address: address, version: addressSubmarineSwap, derivationPath: publicKey.Path}, nil +} + +func addUserSignatureInputSubmarineSwap(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey, + muunKey *HDPublicKey) (*wire.TxIn, error) { + + submarineSwap := input.SubmarineSwap() + if submarineSwap == nil { + return nil, errors.Errorf("submarine swap data is nil for ss input") + } + + witnessScript, err := createWitnessScriptSubmarineSwap(submarineSwap.RefundAddress(), + submarineSwap.PaymentHash256(), + submarineSwap.ServerPublicKey(), + submarineSwap.LockTime(), + privateKey.Network) + if err != nil { + return nil, err + } + + redeemScript, err := createNonNativeSegwitRedeemScript(witnessScript) + if err != nil { + return nil, errors.Wrapf(err, "failed to build reedem script for signing") + } + + sig, err := signNonNativeSegwitInput(input, index, tx, privateKey, redeemScript, witnessScript) + if err != nil { + return nil, err + } + + txInput := tx.TxIn[index] + txInput.Witness = wire.TxWitness{sig, privateKey.PublicKey().Raw(), witnessScript} + + return txInput, nil +} + +func createRedeemScriptSubmarineSwapForUser(publicKey *HDPublicKey) { + +} + +func createWitnessScriptSubmarineSwap(refundAddress string, paymentHash []byte, swapServerPubKey []byte, lockTime int64, network *Network) ([]byte, error) { + + // It turns out that the payment hash present in an invoice is just the SHA256 of the + // payment preimage, so we still have to do a pass of RIPEMD160 before pushing it to the + // script + paymentHash160 := ripemd160(paymentHash) + decodedRefundAddress, err := btcutil.DecodeAddress(refundAddress, network.network) + if err != nil { + return nil, errors.Wrapf(err, "refund address is invalid") + } + + refundAddressHash := decodedRefundAddress.ScriptAddress() + + builder := txscript.NewScriptBuilder() + builder.AddOp(txscript.OP_DUP) + + // Condition to decide which branch to follow: + builder.AddOp(txscript.OP_HASH160). + AddData(paymentHash160). + AddOp(txscript.OP_EQUAL) + + // SubmarineSwap service spending script, for successful LN payments: + builder.AddOp(txscript.OP_IF). + AddOp(txscript.OP_DROP). + AddData(swapServerPubKey) + + // User spending script, for failed LN payments: + builder.AddOp(txscript.OP_ELSE). + AddInt64(lockTime). + AddOp(txscript.OP_CHECKLOCKTIMEVERIFY). + AddOp(txscript.OP_DROP). + AddOp(txscript.OP_DUP). + AddOp(txscript.OP_HASH160). + AddData(refundAddressHash). + AddOp(txscript.OP_EQUALVERIFY) + + // Final verification for both branches: + builder.AddOp(txscript.OP_ENDIF). + AddOp(txscript.OP_CHECKSIG) + + return builder.Script() +} + +func ValidateSubmarineSwap(rawInvoice string, userPublicKey *HDPublicKey, muunPublicKey *HDPublicKey, swap SubmarineSwap, network *Network) error { + + invoice, err := ParseInvoice(rawInvoice, network) + if err != nil { + return errors.Wrapf(err, "failed to decode invoice") + } + + // Check the payment hash matches + + serverPaymentHash, err := hex.DecodeString(swap.FundingOutput().ServerPaymentHashInHex()) + if err != nil { + return errors.Wrapf(err, "server payment hash is not valid hex") + } + + if !bytes.Equal(invoice.PaymentHash[:], serverPaymentHash) { + return errors.Errorf("payment hash doesn't match %v != %v", invoice.PaymentHash, swap.FundingOutput().ServerPaymentHashInHex()) + } + + // TODO: check that timelock is acceptable + + // Validate that the refund address is one we can derive + + swapRefundAddress := swap.FundingOutput().UserRefundAddress() + derivedUserKey, err := userPublicKey.DeriveTo(swapRefundAddress.DerivationPath()) + if err != nil { + return errors.Wrapf(err, "failed to derive user key") + } + derivedMuunKey, err := muunPublicKey.DeriveTo(swapRefundAddress.DerivationPath()) + if err != nil { + return errors.Wrapf(err, "failed to derive muun key") + } + + refundAddress, err := newMuunAddress(AddressVersion(swapRefundAddress.Version()), derivedUserKey, derivedMuunKey) + if err != nil { + return errors.Wrapf(err, "failed to generate refund address") + } + + if refundAddress.Address() != swapRefundAddress.Address() { + return errors.Errorf("refund address doesn't match generated (%v != %v)", swapRefundAddress.Address(), refundAddress.Address()) + } + + // Check the swap's witness script is a valid swap script + + serverPubKey, err := hex.DecodeString(swap.FundingOutput().ServerPublicKeyInHex()) + if err != nil { + return errors.Wrapf(err, "server pub key is not hex") + } + + witnessScript, err := createWitnessScriptSubmarineSwap( + swapRefundAddress.Address(), + serverPaymentHash, + serverPubKey, + swap.FundingOutput().UserLockTime(), + network) + if err != nil { + return errors.Wrapf(err, "failed to compute witness script") + } + + redeemScript, err := createNonNativeSegwitRedeemScript(witnessScript) + if err != nil { + return errors.Wrapf(err, "failed to build redeem script") + } + + address, err := btcutil.NewAddressScriptHash(redeemScript, network.network) + if err != nil { + return errors.Wrapf(err, "failed to build address for swap script") + } + + if address.EncodeAddress() != swap.FundingOutput().OutputAddress() { + return errors.Errorf("address for swap script mismatch (%v != %v)", address.EncodeAddress(), swap.FundingOutput().OutputAddress()) + } + + if len(swap.PreimageInHex()) > 0 { + preimage, err := hex.DecodeString(swap.PreimageInHex()) + if err != nil { + return errors.Wrapf(err, "preimagehex is not actually hex 🤔") + } + + calculatedPaymentHash := sha256.Sum256(preimage) + if !bytes.Equal(invoice.PaymentHash[:], calculatedPaymentHash[:]) { + return errors.Errorf("payment hash doesn't match preimage (%v != hash(%v)", invoice.PaymentHash, swap.PreimageInHex()) + } + } + + return nil +} diff --git a/submarineSwap_test.go b/submarineSwap_test.go new file mode 100644 index 0000000..b46990f --- /dev/null +++ b/submarineSwap_test.go @@ -0,0 +1,27 @@ +package libwallet + +import "testing" + +func TestValidateSubmarineSwap(t *testing.T) { + type args struct { + rawInvoice string + userPublicKey *HDPublicKey + muunPublicKey *HDPublicKey + swap SubmarineSwap + network *Network + } + tests := []struct { + name string + args args + wantErr bool + }{ + // TODO: Add test cases. + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := ValidateSubmarineSwap(tt.args.rawInvoice, tt.args.userPublicKey, tt.args.muunPublicKey, tt.args.swap, tt.args.network); (err != nil) != tt.wantErr { + t.Errorf("ValidateSubmarineSwap() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/vendor/github.com/btcsuite/btcd/LICENSE b/vendor/github.com/btcsuite/btcd/LICENSE new file mode 100644 index 0000000..53ba0c5 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/LICENSE @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) 2013-2017 The btcsuite developers +Copyright (c) 2015-2016 The Decred developers + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/vendor/github.com/btcsuite/btcd/btcec/README.md b/vendor/github.com/btcsuite/btcd/btcec/README.md new file mode 100644 index 0000000..130bd20 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/README.md @@ -0,0 +1,68 @@ +btcec +===== + +[![Build Status](https://travis-ci.org/btcsuite/btcd.png?branch=master)](https://travis-ci.org/btcsuite/btcec) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://godoc.org/github.com/btcsuite/btcd/btcec?status.png)](http://godoc.org/github.com/btcsuite/btcd/btcec) + +Package btcec implements elliptic curve cryptography needed for working with +Bitcoin (secp256k1 only for now). It is designed so that it may be used with the +standard crypto/ecdsa packages provided with go. A comprehensive suite of test +is provided to ensure proper functionality. Package btcec was originally based +on work from ThePiachu which is licensed under the same terms as Go, but it has +signficantly diverged since then. The btcsuite developers original is licensed +under the liberal ISC license. + +Although this package was primarily written for btcd, it has intentionally been +designed so it can be used as a standalone package for any projects needing to +use secp256k1 elliptic curve cryptography. + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcd/btcec +``` + +## Examples + +* [Sign Message](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--SignMessage) + Demonstrates signing a message with a secp256k1 private key that is first + parsed form raw bytes and serializing the generated signature. + +* [Verify Signature](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--VerifySignature) + Demonstrates verifying a secp256k1 signature against a public key that is + first parsed from raw bytes. The signature is also parsed from raw bytes. + +* [Encryption](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--EncryptMessage) + Demonstrates encrypting a message for a public key that is first parsed from + raw bytes, then decrypting it using the corresponding private key. + +* [Decryption](http://godoc.org/github.com/btcsuite/btcd/btcec#example-package--DecryptMessage) + Demonstrates decrypting a message using a private key that is first parsed + from raw bytes. + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package btcec is licensed under the [copyfree](http://copyfree.org) ISC License +except for btcec.go and btcec_test.go which is under the same license as Go. + diff --git a/vendor/github.com/btcsuite/btcd/btcec/btcec.go b/vendor/github.com/btcsuite/btcd/btcec/btcec.go new file mode 100644 index 0000000..5e7ce87 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/btcec.go @@ -0,0 +1,958 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Copyright 2011 ThePiachu. All rights reserved. +// Copyright 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +// References: +// [SECG]: Recommended Elliptic Curve Domain Parameters +// http://www.secg.org/sec2-v2.pdf +// +// [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone) + +// This package operates, internally, on Jacobian coordinates. For a given +// (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1) +// where x = x1/z1² and y = y1/z1³. The greatest speedups come when the whole +// calculation can be performed within the transform (as in ScalarMult and +// ScalarBaseMult). But even for Add and Double, it's faster to apply and +// reverse the transform than to operate in affine coordinates. + +import ( + "crypto/elliptic" + "math/big" + "sync" +) + +var ( + // fieldOne is simply the integer 1 in field representation. It is + // used to avoid needing to create it multiple times during the internal + // arithmetic. + fieldOne = new(fieldVal).SetInt(1) +) + +// KoblitzCurve supports a koblitz curve implementation that fits the ECC Curve +// interface from crypto/elliptic. +type KoblitzCurve struct { + *elliptic.CurveParams + q *big.Int + H int // cofactor of the curve. + halfOrder *big.Int // half the order N + + // byteSize is simply the bit size / 8 and is provided for convenience + // since it is calculated repeatedly. + byteSize int + + // bytePoints + bytePoints *[32][256][3]fieldVal + + // The next 6 values are used specifically for endomorphism + // optimizations in ScalarMult. + + // lambda must fulfill lambda^3 = 1 mod N where N is the order of G. + lambda *big.Int + + // beta must fulfill beta^3 = 1 mod P where P is the prime field of the + // curve. + beta *fieldVal + + // See the EndomorphismVectors in gensecp256k1.go to see how these are + // derived. + a1 *big.Int + b1 *big.Int + a2 *big.Int + b2 *big.Int +} + +// Params returns the parameters for the curve. +func (curve *KoblitzCurve) Params() *elliptic.CurveParams { + return curve.CurveParams +} + +// bigAffineToField takes an affine point (x, y) as big integers and converts +// it to an affine point as field values. +func (curve *KoblitzCurve) bigAffineToField(x, y *big.Int) (*fieldVal, *fieldVal) { + x3, y3 := new(fieldVal), new(fieldVal) + x3.SetByteSlice(x.Bytes()) + y3.SetByteSlice(y.Bytes()) + + return x3, y3 +} + +// fieldJacobianToBigAffine takes a Jacobian point (x, y, z) as field values and +// converts it to an affine point as big integers. +func (curve *KoblitzCurve) fieldJacobianToBigAffine(x, y, z *fieldVal) (*big.Int, *big.Int) { + // Inversions are expensive and both point addition and point doubling + // are faster when working with points that have a z value of one. So, + // if the point needs to be converted to affine, go ahead and normalize + // the point itself at the same time as the calculation is the same. + var zInv, tempZ fieldVal + zInv.Set(z).Inverse() // zInv = Z^-1 + tempZ.SquareVal(&zInv) // tempZ = Z^-2 + x.Mul(&tempZ) // X = X/Z^2 (mag: 1) + y.Mul(tempZ.Mul(&zInv)) // Y = Y/Z^3 (mag: 1) + z.SetInt(1) // Z = 1 (mag: 1) + + // Normalize the x and y values. + x.Normalize() + y.Normalize() + + // Convert the field values for the now affine point to big.Ints. + x3, y3 := new(big.Int), new(big.Int) + x3.SetBytes(x.Bytes()[:]) + y3.SetBytes(y.Bytes()[:]) + return x3, y3 +} + +// IsOnCurve returns boolean if the point (x,y) is on the curve. +// Part of the elliptic.Curve interface. This function differs from the +// crypto/elliptic algorithm since a = 0 not -3. +func (curve *KoblitzCurve) IsOnCurve(x, y *big.Int) bool { + // Convert big ints to field values for faster arithmetic. + fx, fy := curve.bigAffineToField(x, y) + + // Elliptic curve equation for secp256k1 is: y^2 = x^3 + 7 + y2 := new(fieldVal).SquareVal(fy).Normalize() + result := new(fieldVal).SquareVal(fx).Mul(fx).AddInt(7).Normalize() + return y2.Equals(result) +} + +// addZ1AndZ2EqualsOne adds two Jacobian points that are already known to have +// z values of 1 and stores the result in (x3, y3, z3). That is to say +// (x1, y1, 1) + (x2, y2, 1) = (x3, y3, z3). It performs faster addition than +// the generic add routine since less arithmetic is needed due to the ability to +// avoid the z value multiplications. +func (curve *KoblitzCurve) addZ1AndZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3 *fieldVal) { + // To compute the point addition efficiently, this implementation splits + // the equation into intermediate elements which are used to minimize + // the number of field multiplications using the method shown at: + // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-mmadd-2007-bl + // + // In particular it performs the calculations using the following: + // H = X2-X1, HH = H^2, I = 4*HH, J = H*I, r = 2*(Y2-Y1), V = X1*I + // X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*Y1*J, Z3 = 2*H + // + // This results in a cost of 4 field multiplications, 2 field squarings, + // 6 field additions, and 5 integer multiplications. + + // When the x coordinates are the same for two points on the curve, the + // y coordinates either must be the same, in which case it is point + // doubling, or they are opposite and the result is the point at + // infinity per the group law for elliptic curve cryptography. + x1.Normalize() + y1.Normalize() + x2.Normalize() + y2.Normalize() + if x1.Equals(x2) { + if y1.Equals(y2) { + // Since x1 == x2 and y1 == y2, point doubling must be + // done, otherwise the addition would end up dividing + // by zero. + curve.doubleJacobian(x1, y1, z1, x3, y3, z3) + return + } + + // Since x1 == x2 and y1 == -y2, the sum is the point at + // infinity per the group law. + x3.SetInt(0) + y3.SetInt(0) + z3.SetInt(0) + return + } + + // Calculate X3, Y3, and Z3 according to the intermediate elements + // breakdown above. + var h, i, j, r, v fieldVal + var negJ, neg2V, negX3 fieldVal + h.Set(x1).Negate(1).Add(x2) // H = X2-X1 (mag: 3) + i.SquareVal(&h).MulInt(4) // I = 4*H^2 (mag: 4) + j.Mul2(&h, &i) // J = H*I (mag: 1) + r.Set(y1).Negate(1).Add(y2).MulInt(2) // r = 2*(Y2-Y1) (mag: 6) + v.Mul2(x1, &i) // V = X1*I (mag: 1) + negJ.Set(&j).Negate(1) // negJ = -J (mag: 2) + neg2V.Set(&v).MulInt(2).Negate(2) // neg2V = -(2*V) (mag: 3) + x3.Set(&r).Square().Add(&negJ).Add(&neg2V) // X3 = r^2-J-2*V (mag: 6) + negX3.Set(x3).Negate(6) // negX3 = -X3 (mag: 7) + j.Mul(y1).MulInt(2).Negate(2) // J = -(2*Y1*J) (mag: 3) + y3.Set(&v).Add(&negX3).Mul(&r).Add(&j) // Y3 = r*(V-X3)-2*Y1*J (mag: 4) + z3.Set(&h).MulInt(2) // Z3 = 2*H (mag: 6) + + // Normalize the resulting field values to a magnitude of 1 as needed. + x3.Normalize() + y3.Normalize() + z3.Normalize() +} + +// addZ1EqualsZ2 adds two Jacobian points that are already known to have the +// same z value and stores the result in (x3, y3, z3). That is to say +// (x1, y1, z1) + (x2, y2, z1) = (x3, y3, z3). It performs faster addition than +// the generic add routine since less arithmetic is needed due to the known +// equivalence. +func (curve *KoblitzCurve) addZ1EqualsZ2(x1, y1, z1, x2, y2, x3, y3, z3 *fieldVal) { + // To compute the point addition efficiently, this implementation splits + // the equation into intermediate elements which are used to minimize + // the number of field multiplications using a slightly modified version + // of the method shown at: + // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-mmadd-2007-bl + // + // In particular it performs the calculations using the following: + // A = X2-X1, B = A^2, C=Y2-Y1, D = C^2, E = X1*B, F = X2*B + // X3 = D-E-F, Y3 = C*(E-X3)-Y1*(F-E), Z3 = Z1*A + // + // This results in a cost of 5 field multiplications, 2 field squarings, + // 9 field additions, and 0 integer multiplications. + + // When the x coordinates are the same for two points on the curve, the + // y coordinates either must be the same, in which case it is point + // doubling, or they are opposite and the result is the point at + // infinity per the group law for elliptic curve cryptography. + x1.Normalize() + y1.Normalize() + x2.Normalize() + y2.Normalize() + if x1.Equals(x2) { + if y1.Equals(y2) { + // Since x1 == x2 and y1 == y2, point doubling must be + // done, otherwise the addition would end up dividing + // by zero. + curve.doubleJacobian(x1, y1, z1, x3, y3, z3) + return + } + + // Since x1 == x2 and y1 == -y2, the sum is the point at + // infinity per the group law. + x3.SetInt(0) + y3.SetInt(0) + z3.SetInt(0) + return + } + + // Calculate X3, Y3, and Z3 according to the intermediate elements + // breakdown above. + var a, b, c, d, e, f fieldVal + var negX1, negY1, negE, negX3 fieldVal + negX1.Set(x1).Negate(1) // negX1 = -X1 (mag: 2) + negY1.Set(y1).Negate(1) // negY1 = -Y1 (mag: 2) + a.Set(&negX1).Add(x2) // A = X2-X1 (mag: 3) + b.SquareVal(&a) // B = A^2 (mag: 1) + c.Set(&negY1).Add(y2) // C = Y2-Y1 (mag: 3) + d.SquareVal(&c) // D = C^2 (mag: 1) + e.Mul2(x1, &b) // E = X1*B (mag: 1) + negE.Set(&e).Negate(1) // negE = -E (mag: 2) + f.Mul2(x2, &b) // F = X2*B (mag: 1) + x3.Add2(&e, &f).Negate(3).Add(&d) // X3 = D-E-F (mag: 5) + negX3.Set(x3).Negate(5).Normalize() // negX3 = -X3 (mag: 1) + y3.Set(y1).Mul(f.Add(&negE)).Negate(3) // Y3 = -(Y1*(F-E)) (mag: 4) + y3.Add(e.Add(&negX3).Mul(&c)) // Y3 = C*(E-X3)+Y3 (mag: 5) + z3.Mul2(z1, &a) // Z3 = Z1*A (mag: 1) + + // Normalize the resulting field values to a magnitude of 1 as needed. + x3.Normalize() + y3.Normalize() +} + +// addZ2EqualsOne adds two Jacobian points when the second point is already +// known to have a z value of 1 (and the z value for the first point is not 1) +// and stores the result in (x3, y3, z3). That is to say (x1, y1, z1) + +// (x2, y2, 1) = (x3, y3, z3). It performs faster addition than the generic +// add routine since less arithmetic is needed due to the ability to avoid +// multiplications by the second point's z value. +func (curve *KoblitzCurve) addZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3 *fieldVal) { + // To compute the point addition efficiently, this implementation splits + // the equation into intermediate elements which are used to minimize + // the number of field multiplications using the method shown at: + // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl + // + // In particular it performs the calculations using the following: + // Z1Z1 = Z1^2, U2 = X2*Z1Z1, S2 = Y2*Z1*Z1Z1, H = U2-X1, HH = H^2, + // I = 4*HH, J = H*I, r = 2*(S2-Y1), V = X1*I + // X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*Y1*J, Z3 = (Z1+H)^2-Z1Z1-HH + // + // This results in a cost of 7 field multiplications, 4 field squarings, + // 9 field additions, and 4 integer multiplications. + + // When the x coordinates are the same for two points on the curve, the + // y coordinates either must be the same, in which case it is point + // doubling, or they are opposite and the result is the point at + // infinity per the group law for elliptic curve cryptography. Since + // any number of Jacobian coordinates can represent the same affine + // point, the x and y values need to be converted to like terms. Due to + // the assumption made for this function that the second point has a z + // value of 1 (z2=1), the first point is already "converted". + var z1z1, u2, s2 fieldVal + x1.Normalize() + y1.Normalize() + z1z1.SquareVal(z1) // Z1Z1 = Z1^2 (mag: 1) + u2.Set(x2).Mul(&z1z1).Normalize() // U2 = X2*Z1Z1 (mag: 1) + s2.Set(y2).Mul(&z1z1).Mul(z1).Normalize() // S2 = Y2*Z1*Z1Z1 (mag: 1) + if x1.Equals(&u2) { + if y1.Equals(&s2) { + // Since x1 == x2 and y1 == y2, point doubling must be + // done, otherwise the addition would end up dividing + // by zero. + curve.doubleJacobian(x1, y1, z1, x3, y3, z3) + return + } + + // Since x1 == x2 and y1 == -y2, the sum is the point at + // infinity per the group law. + x3.SetInt(0) + y3.SetInt(0) + z3.SetInt(0) + return + } + + // Calculate X3, Y3, and Z3 according to the intermediate elements + // breakdown above. + var h, hh, i, j, r, rr, v fieldVal + var negX1, negY1, negX3 fieldVal + negX1.Set(x1).Negate(1) // negX1 = -X1 (mag: 2) + h.Add2(&u2, &negX1) // H = U2-X1 (mag: 3) + hh.SquareVal(&h) // HH = H^2 (mag: 1) + i.Set(&hh).MulInt(4) // I = 4 * HH (mag: 4) + j.Mul2(&h, &i) // J = H*I (mag: 1) + negY1.Set(y1).Negate(1) // negY1 = -Y1 (mag: 2) + r.Set(&s2).Add(&negY1).MulInt(2) // r = 2*(S2-Y1) (mag: 6) + rr.SquareVal(&r) // rr = r^2 (mag: 1) + v.Mul2(x1, &i) // V = X1*I (mag: 1) + x3.Set(&v).MulInt(2).Add(&j).Negate(3) // X3 = -(J+2*V) (mag: 4) + x3.Add(&rr) // X3 = r^2+X3 (mag: 5) + negX3.Set(x3).Negate(5) // negX3 = -X3 (mag: 6) + y3.Set(y1).Mul(&j).MulInt(2).Negate(2) // Y3 = -(2*Y1*J) (mag: 3) + y3.Add(v.Add(&negX3).Mul(&r)) // Y3 = r*(V-X3)+Y3 (mag: 4) + z3.Add2(z1, &h).Square() // Z3 = (Z1+H)^2 (mag: 1) + z3.Add(z1z1.Add(&hh).Negate(2)) // Z3 = Z3-(Z1Z1+HH) (mag: 4) + + // Normalize the resulting field values to a magnitude of 1 as needed. + x3.Normalize() + y3.Normalize() + z3.Normalize() +} + +// addGeneric adds two Jacobian points (x1, y1, z1) and (x2, y2, z2) without any +// assumptions about the z values of the two points and stores the result in +// (x3, y3, z3). That is to say (x1, y1, z1) + (x2, y2, z2) = (x3, y3, z3). It +// is the slowest of the add routines due to requiring the most arithmetic. +func (curve *KoblitzCurve) addGeneric(x1, y1, z1, x2, y2, z2, x3, y3, z3 *fieldVal) { + // To compute the point addition efficiently, this implementation splits + // the equation into intermediate elements which are used to minimize + // the number of field multiplications using the method shown at: + // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl + // + // In particular it performs the calculations using the following: + // Z1Z1 = Z1^2, Z2Z2 = Z2^2, U1 = X1*Z2Z2, U2 = X2*Z1Z1, S1 = Y1*Z2*Z2Z2 + // S2 = Y2*Z1*Z1Z1, H = U2-U1, I = (2*H)^2, J = H*I, r = 2*(S2-S1) + // V = U1*I + // X3 = r^2-J-2*V, Y3 = r*(V-X3)-2*S1*J, Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2)*H + // + // This results in a cost of 11 field multiplications, 5 field squarings, + // 9 field additions, and 4 integer multiplications. + + // When the x coordinates are the same for two points on the curve, the + // y coordinates either must be the same, in which case it is point + // doubling, or they are opposite and the result is the point at + // infinity. Since any number of Jacobian coordinates can represent the + // same affine point, the x and y values need to be converted to like + // terms. + var z1z1, z2z2, u1, u2, s1, s2 fieldVal + z1z1.SquareVal(z1) // Z1Z1 = Z1^2 (mag: 1) + z2z2.SquareVal(z2) // Z2Z2 = Z2^2 (mag: 1) + u1.Set(x1).Mul(&z2z2).Normalize() // U1 = X1*Z2Z2 (mag: 1) + u2.Set(x2).Mul(&z1z1).Normalize() // U2 = X2*Z1Z1 (mag: 1) + s1.Set(y1).Mul(&z2z2).Mul(z2).Normalize() // S1 = Y1*Z2*Z2Z2 (mag: 1) + s2.Set(y2).Mul(&z1z1).Mul(z1).Normalize() // S2 = Y2*Z1*Z1Z1 (mag: 1) + if u1.Equals(&u2) { + if s1.Equals(&s2) { + // Since x1 == x2 and y1 == y2, point doubling must be + // done, otherwise the addition would end up dividing + // by zero. + curve.doubleJacobian(x1, y1, z1, x3, y3, z3) + return + } + + // Since x1 == x2 and y1 == -y2, the sum is the point at + // infinity per the group law. + x3.SetInt(0) + y3.SetInt(0) + z3.SetInt(0) + return + } + + // Calculate X3, Y3, and Z3 according to the intermediate elements + // breakdown above. + var h, i, j, r, rr, v fieldVal + var negU1, negS1, negX3 fieldVal + negU1.Set(&u1).Negate(1) // negU1 = -U1 (mag: 2) + h.Add2(&u2, &negU1) // H = U2-U1 (mag: 3) + i.Set(&h).MulInt(2).Square() // I = (2*H)^2 (mag: 2) + j.Mul2(&h, &i) // J = H*I (mag: 1) + negS1.Set(&s1).Negate(1) // negS1 = -S1 (mag: 2) + r.Set(&s2).Add(&negS1).MulInt(2) // r = 2*(S2-S1) (mag: 6) + rr.SquareVal(&r) // rr = r^2 (mag: 1) + v.Mul2(&u1, &i) // V = U1*I (mag: 1) + x3.Set(&v).MulInt(2).Add(&j).Negate(3) // X3 = -(J+2*V) (mag: 4) + x3.Add(&rr) // X3 = r^2+X3 (mag: 5) + negX3.Set(x3).Negate(5) // negX3 = -X3 (mag: 6) + y3.Mul2(&s1, &j).MulInt(2).Negate(2) // Y3 = -(2*S1*J) (mag: 3) + y3.Add(v.Add(&negX3).Mul(&r)) // Y3 = r*(V-X3)+Y3 (mag: 4) + z3.Add2(z1, z2).Square() // Z3 = (Z1+Z2)^2 (mag: 1) + z3.Add(z1z1.Add(&z2z2).Negate(2)) // Z3 = Z3-(Z1Z1+Z2Z2) (mag: 4) + z3.Mul(&h) // Z3 = Z3*H (mag: 1) + + // Normalize the resulting field values to a magnitude of 1 as needed. + x3.Normalize() + y3.Normalize() +} + +// addJacobian adds the passed Jacobian points (x1, y1, z1) and (x2, y2, z2) +// together and stores the result in (x3, y3, z3). +func (curve *KoblitzCurve) addJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3 *fieldVal) { + // A point at infinity is the identity according to the group law for + // elliptic curve cryptography. Thus, ∞ + P = P and P + ∞ = P. + if (x1.IsZero() && y1.IsZero()) || z1.IsZero() { + x3.Set(x2) + y3.Set(y2) + z3.Set(z2) + return + } + if (x2.IsZero() && y2.IsZero()) || z2.IsZero() { + x3.Set(x1) + y3.Set(y1) + z3.Set(z1) + return + } + + // Faster point addition can be achieved when certain assumptions are + // met. For example, when both points have the same z value, arithmetic + // on the z values can be avoided. This section thus checks for these + // conditions and calls an appropriate add function which is accelerated + // by using those assumptions. + z1.Normalize() + z2.Normalize() + isZ1One := z1.Equals(fieldOne) + isZ2One := z2.Equals(fieldOne) + switch { + case isZ1One && isZ2One: + curve.addZ1AndZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3) + return + case z1.Equals(z2): + curve.addZ1EqualsZ2(x1, y1, z1, x2, y2, x3, y3, z3) + return + case isZ2One: + curve.addZ2EqualsOne(x1, y1, z1, x2, y2, x3, y3, z3) + return + } + + // None of the above assumptions are true, so fall back to generic + // point addition. + curve.addGeneric(x1, y1, z1, x2, y2, z2, x3, y3, z3) +} + +// Add returns the sum of (x1,y1) and (x2,y2). Part of the elliptic.Curve +// interface. +func (curve *KoblitzCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) { + // A point at infinity is the identity according to the group law for + // elliptic curve cryptography. Thus, ∞ + P = P and P + ∞ = P. + if x1.Sign() == 0 && y1.Sign() == 0 { + return x2, y2 + } + if x2.Sign() == 0 && y2.Sign() == 0 { + return x1, y1 + } + + // Convert the affine coordinates from big integers to field values + // and do the point addition in Jacobian projective space. + fx1, fy1 := curve.bigAffineToField(x1, y1) + fx2, fy2 := curve.bigAffineToField(x2, y2) + fx3, fy3, fz3 := new(fieldVal), new(fieldVal), new(fieldVal) + fOne := new(fieldVal).SetInt(1) + curve.addJacobian(fx1, fy1, fOne, fx2, fy2, fOne, fx3, fy3, fz3) + + // Convert the Jacobian coordinate field values back to affine big + // integers. + return curve.fieldJacobianToBigAffine(fx3, fy3, fz3) +} + +// doubleZ1EqualsOne performs point doubling on the passed Jacobian point +// when the point is already known to have a z value of 1 and stores +// the result in (x3, y3, z3). That is to say (x3, y3, z3) = 2*(x1, y1, 1). It +// performs faster point doubling than the generic routine since less arithmetic +// is needed due to the ability to avoid multiplication by the z value. +func (curve *KoblitzCurve) doubleZ1EqualsOne(x1, y1, x3, y3, z3 *fieldVal) { + // This function uses the assumptions that z1 is 1, thus the point + // doubling formulas reduce to: + // + // X3 = (3*X1^2)^2 - 8*X1*Y1^2 + // Y3 = (3*X1^2)*(4*X1*Y1^2 - X3) - 8*Y1^4 + // Z3 = 2*Y1 + // + // To compute the above efficiently, this implementation splits the + // equation into intermediate elements which are used to minimize the + // number of field multiplications in favor of field squarings which + // are roughly 35% faster than field multiplications with the current + // implementation at the time this was written. + // + // This uses a slightly modified version of the method shown at: + // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-mdbl-2007-bl + // + // In particular it performs the calculations using the following: + // A = X1^2, B = Y1^2, C = B^2, D = 2*((X1+B)^2-A-C) + // E = 3*A, F = E^2, X3 = F-2*D, Y3 = E*(D-X3)-8*C + // Z3 = 2*Y1 + // + // This results in a cost of 1 field multiplication, 5 field squarings, + // 6 field additions, and 5 integer multiplications. + var a, b, c, d, e, f fieldVal + z3.Set(y1).MulInt(2) // Z3 = 2*Y1 (mag: 2) + a.SquareVal(x1) // A = X1^2 (mag: 1) + b.SquareVal(y1) // B = Y1^2 (mag: 1) + c.SquareVal(&b) // C = B^2 (mag: 1) + b.Add(x1).Square() // B = (X1+B)^2 (mag: 1) + d.Set(&a).Add(&c).Negate(2) // D = -(A+C) (mag: 3) + d.Add(&b).MulInt(2) // D = 2*(B+D)(mag: 8) + e.Set(&a).MulInt(3) // E = 3*A (mag: 3) + f.SquareVal(&e) // F = E^2 (mag: 1) + x3.Set(&d).MulInt(2).Negate(16) // X3 = -(2*D) (mag: 17) + x3.Add(&f) // X3 = F+X3 (mag: 18) + f.Set(x3).Negate(18).Add(&d).Normalize() // F = D-X3 (mag: 1) + y3.Set(&c).MulInt(8).Negate(8) // Y3 = -(8*C) (mag: 9) + y3.Add(f.Mul(&e)) // Y3 = E*F+Y3 (mag: 10) + + // Normalize the field values back to a magnitude of 1. + x3.Normalize() + y3.Normalize() + z3.Normalize() +} + +// doubleGeneric performs point doubling on the passed Jacobian point without +// any assumptions about the z value and stores the result in (x3, y3, z3). +// That is to say (x3, y3, z3) = 2*(x1, y1, z1). It is the slowest of the point +// doubling routines due to requiring the most arithmetic. +func (curve *KoblitzCurve) doubleGeneric(x1, y1, z1, x3, y3, z3 *fieldVal) { + // Point doubling formula for Jacobian coordinates for the secp256k1 + // curve: + // X3 = (3*X1^2)^2 - 8*X1*Y1^2 + // Y3 = (3*X1^2)*(4*X1*Y1^2 - X3) - 8*Y1^4 + // Z3 = 2*Y1*Z1 + // + // To compute the above efficiently, this implementation splits the + // equation into intermediate elements which are used to minimize the + // number of field multiplications in favor of field squarings which + // are roughly 35% faster than field multiplications with the current + // implementation at the time this was written. + // + // This uses a slightly modified version of the method shown at: + // http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l + // + // In particular it performs the calculations using the following: + // A = X1^2, B = Y1^2, C = B^2, D = 2*((X1+B)^2-A-C) + // E = 3*A, F = E^2, X3 = F-2*D, Y3 = E*(D-X3)-8*C + // Z3 = 2*Y1*Z1 + // + // This results in a cost of 1 field multiplication, 5 field squarings, + // 6 field additions, and 5 integer multiplications. + var a, b, c, d, e, f fieldVal + z3.Mul2(y1, z1).MulInt(2) // Z3 = 2*Y1*Z1 (mag: 2) + a.SquareVal(x1) // A = X1^2 (mag: 1) + b.SquareVal(y1) // B = Y1^2 (mag: 1) + c.SquareVal(&b) // C = B^2 (mag: 1) + b.Add(x1).Square() // B = (X1+B)^2 (mag: 1) + d.Set(&a).Add(&c).Negate(2) // D = -(A+C) (mag: 3) + d.Add(&b).MulInt(2) // D = 2*(B+D)(mag: 8) + e.Set(&a).MulInt(3) // E = 3*A (mag: 3) + f.SquareVal(&e) // F = E^2 (mag: 1) + x3.Set(&d).MulInt(2).Negate(16) // X3 = -(2*D) (mag: 17) + x3.Add(&f) // X3 = F+X3 (mag: 18) + f.Set(x3).Negate(18).Add(&d).Normalize() // F = D-X3 (mag: 1) + y3.Set(&c).MulInt(8).Negate(8) // Y3 = -(8*C) (mag: 9) + y3.Add(f.Mul(&e)) // Y3 = E*F+Y3 (mag: 10) + + // Normalize the field values back to a magnitude of 1. + x3.Normalize() + y3.Normalize() + z3.Normalize() +} + +// doubleJacobian doubles the passed Jacobian point (x1, y1, z1) and stores the +// result in (x3, y3, z3). +func (curve *KoblitzCurve) doubleJacobian(x1, y1, z1, x3, y3, z3 *fieldVal) { + // Doubling a point at infinity is still infinity. + if y1.IsZero() || z1.IsZero() { + x3.SetInt(0) + y3.SetInt(0) + z3.SetInt(0) + return + } + + // Slightly faster point doubling can be achieved when the z value is 1 + // by avoiding the multiplication on the z value. This section calls + // a point doubling function which is accelerated by using that + // assumption when possible. + if z1.Normalize().Equals(fieldOne) { + curve.doubleZ1EqualsOne(x1, y1, x3, y3, z3) + return + } + + // Fall back to generic point doubling which works with arbitrary z + // values. + curve.doubleGeneric(x1, y1, z1, x3, y3, z3) +} + +// Double returns 2*(x1,y1). Part of the elliptic.Curve interface. +func (curve *KoblitzCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) { + if y1.Sign() == 0 { + return new(big.Int), new(big.Int) + } + + // Convert the affine coordinates from big integers to field values + // and do the point doubling in Jacobian projective space. + fx1, fy1 := curve.bigAffineToField(x1, y1) + fx3, fy3, fz3 := new(fieldVal), new(fieldVal), new(fieldVal) + fOne := new(fieldVal).SetInt(1) + curve.doubleJacobian(fx1, fy1, fOne, fx3, fy3, fz3) + + // Convert the Jacobian coordinate field values back to affine big + // integers. + return curve.fieldJacobianToBigAffine(fx3, fy3, fz3) +} + +// splitK returns a balanced length-two representation of k and their signs. +// This is algorithm 3.74 from [GECC]. +// +// One thing of note about this algorithm is that no matter what c1 and c2 are, +// the final equation of k = k1 + k2 * lambda (mod n) will hold. This is +// provable mathematically due to how a1/b1/a2/b2 are computed. +// +// c1 and c2 are chosen to minimize the max(k1,k2). +func (curve *KoblitzCurve) splitK(k []byte) ([]byte, []byte, int, int) { + // All math here is done with big.Int, which is slow. + // At some point, it might be useful to write something similar to + // fieldVal but for N instead of P as the prime field if this ends up + // being a bottleneck. + bigIntK := new(big.Int) + c1, c2 := new(big.Int), new(big.Int) + tmp1, tmp2 := new(big.Int), new(big.Int) + k1, k2 := new(big.Int), new(big.Int) + + bigIntK.SetBytes(k) + // c1 = round(b2 * k / n) from step 4. + // Rounding isn't really necessary and costs too much, hence skipped + c1.Mul(curve.b2, bigIntK) + c1.Div(c1, curve.N) + // c2 = round(b1 * k / n) from step 4 (sign reversed to optimize one step) + // Rounding isn't really necessary and costs too much, hence skipped + c2.Mul(curve.b1, bigIntK) + c2.Div(c2, curve.N) + // k1 = k - c1 * a1 - c2 * a2 from step 5 (note c2's sign is reversed) + tmp1.Mul(c1, curve.a1) + tmp2.Mul(c2, curve.a2) + k1.Sub(bigIntK, tmp1) + k1.Add(k1, tmp2) + // k2 = - c1 * b1 - c2 * b2 from step 5 (note c2's sign is reversed) + tmp1.Mul(c1, curve.b1) + tmp2.Mul(c2, curve.b2) + k2.Sub(tmp2, tmp1) + + // Note Bytes() throws out the sign of k1 and k2. This matters + // since k1 and/or k2 can be negative. Hence, we pass that + // back separately. + return k1.Bytes(), k2.Bytes(), k1.Sign(), k2.Sign() +} + +// moduloReduce reduces k from more than 32 bytes to 32 bytes and under. This +// is done by doing a simple modulo curve.N. We can do this since G^N = 1 and +// thus any other valid point on the elliptic curve has the same order. +func (curve *KoblitzCurve) moduloReduce(k []byte) []byte { + // Since the order of G is curve.N, we can use a much smaller number + // by doing modulo curve.N + if len(k) > curve.byteSize { + // Reduce k by performing modulo curve.N. + tmpK := new(big.Int).SetBytes(k) + tmpK.Mod(tmpK, curve.N) + return tmpK.Bytes() + } + + return k +} + +// NAF takes a positive integer k and returns the Non-Adjacent Form (NAF) as two +// byte slices. The first is where 1s will be. The second is where -1s will +// be. NAF is convenient in that on average, only 1/3rd of its values are +// non-zero. This is algorithm 3.30 from [GECC]. +// +// Essentially, this makes it possible to minimize the number of operations +// since the resulting ints returned will be at least 50% 0s. +func NAF(k []byte) ([]byte, []byte) { + // The essence of this algorithm is that whenever we have consecutive 1s + // in the binary, we want to put a -1 in the lowest bit and get a bunch + // of 0s up to the highest bit of consecutive 1s. This is due to this + // identity: + // 2^n + 2^(n-1) + 2^(n-2) + ... + 2^(n-k) = 2^(n+1) - 2^(n-k) + // + // The algorithm thus may need to go 1 more bit than the length of the + // bits we actually have, hence bits being 1 bit longer than was + // necessary. Since we need to know whether adding will cause a carry, + // we go from right-to-left in this addition. + var carry, curIsOne, nextIsOne bool + // these default to zero + retPos := make([]byte, len(k)+1) + retNeg := make([]byte, len(k)+1) + for i := len(k) - 1; i >= 0; i-- { + curByte := k[i] + for j := uint(0); j < 8; j++ { + curIsOne = curByte&1 == 1 + if j == 7 { + if i == 0 { + nextIsOne = false + } else { + nextIsOne = k[i-1]&1 == 1 + } + } else { + nextIsOne = curByte&2 == 2 + } + if carry { + if curIsOne { + // This bit is 1, so continue to carry + // and don't need to do anything. + } else { + // We've hit a 0 after some number of + // 1s. + if nextIsOne { + // Start carrying again since + // a new sequence of 1s is + // starting. + retNeg[i+1] += 1 << j + } else { + // Stop carrying since 1s have + // stopped. + carry = false + retPos[i+1] += 1 << j + } + } + } else if curIsOne { + if nextIsOne { + // If this is the start of at least 2 + // consecutive 1s, set the current one + // to -1 and start carrying. + retNeg[i+1] += 1 << j + carry = true + } else { + // This is a singleton, not consecutive + // 1s. + retPos[i+1] += 1 << j + } + } + curByte >>= 1 + } + } + if carry { + retPos[0] = 1 + return retPos, retNeg + } + return retPos[1:], retNeg[1:] +} + +// ScalarMult returns k*(Bx, By) where k is a big endian integer. +// Part of the elliptic.Curve interface. +func (curve *KoblitzCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) { + // Point Q = ∞ (point at infinity). + qx, qy, qz := new(fieldVal), new(fieldVal), new(fieldVal) + + // Decompose K into k1 and k2 in order to halve the number of EC ops. + // See Algorithm 3.74 in [GECC]. + k1, k2, signK1, signK2 := curve.splitK(curve.moduloReduce(k)) + + // The main equation here to remember is: + // k * P = k1 * P + k2 * ϕ(P) + // + // P1 below is P in the equation, P2 below is ϕ(P) in the equation + p1x, p1y := curve.bigAffineToField(Bx, By) + p1yNeg := new(fieldVal).NegateVal(p1y, 1) + p1z := new(fieldVal).SetInt(1) + + // NOTE: ϕ(x,y) = (βx,y). The Jacobian z coordinate is 1, so this math + // goes through. + p2x := new(fieldVal).Mul2(p1x, curve.beta) + p2y := new(fieldVal).Set(p1y) + p2yNeg := new(fieldVal).NegateVal(p2y, 1) + p2z := new(fieldVal).SetInt(1) + + // Flip the positive and negative values of the points as needed + // depending on the signs of k1 and k2. As mentioned in the equation + // above, each of k1 and k2 are multiplied by the respective point. + // Since -k * P is the same thing as k * -P, and the group law for + // elliptic curves states that P(x, y) = -P(x, -y), it's faster and + // simplifies the code to just make the point negative. + if signK1 == -1 { + p1y, p1yNeg = p1yNeg, p1y + } + if signK2 == -1 { + p2y, p2yNeg = p2yNeg, p2y + } + + // NAF versions of k1 and k2 should have a lot more zeros. + // + // The Pos version of the bytes contain the +1s and the Neg versions + // contain the -1s. + k1PosNAF, k1NegNAF := NAF(k1) + k2PosNAF, k2NegNAF := NAF(k2) + k1Len := len(k1PosNAF) + k2Len := len(k2PosNAF) + + m := k1Len + if m < k2Len { + m = k2Len + } + + // Add left-to-right using the NAF optimization. See algorithm 3.77 + // from [GECC]. This should be faster overall since there will be a lot + // more instances of 0, hence reducing the number of Jacobian additions + // at the cost of 1 possible extra doubling. + var k1BytePos, k1ByteNeg, k2BytePos, k2ByteNeg byte + for i := 0; i < m; i++ { + // Since we're going left-to-right, pad the front with 0s. + if i < m-k1Len { + k1BytePos = 0 + k1ByteNeg = 0 + } else { + k1BytePos = k1PosNAF[i-(m-k1Len)] + k1ByteNeg = k1NegNAF[i-(m-k1Len)] + } + if i < m-k2Len { + k2BytePos = 0 + k2ByteNeg = 0 + } else { + k2BytePos = k2PosNAF[i-(m-k2Len)] + k2ByteNeg = k2NegNAF[i-(m-k2Len)] + } + + for j := 7; j >= 0; j-- { + // Q = 2 * Q + curve.doubleJacobian(qx, qy, qz, qx, qy, qz) + + if k1BytePos&0x80 == 0x80 { + curve.addJacobian(qx, qy, qz, p1x, p1y, p1z, + qx, qy, qz) + } else if k1ByteNeg&0x80 == 0x80 { + curve.addJacobian(qx, qy, qz, p1x, p1yNeg, p1z, + qx, qy, qz) + } + + if k2BytePos&0x80 == 0x80 { + curve.addJacobian(qx, qy, qz, p2x, p2y, p2z, + qx, qy, qz) + } else if k2ByteNeg&0x80 == 0x80 { + curve.addJacobian(qx, qy, qz, p2x, p2yNeg, p2z, + qx, qy, qz) + } + k1BytePos <<= 1 + k1ByteNeg <<= 1 + k2BytePos <<= 1 + k2ByteNeg <<= 1 + } + } + + // Convert the Jacobian coordinate field values back to affine big.Ints. + return curve.fieldJacobianToBigAffine(qx, qy, qz) +} + +// ScalarBaseMult returns k*G where G is the base point of the group and k is a +// big endian integer. +// Part of the elliptic.Curve interface. +func (curve *KoblitzCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) { + newK := curve.moduloReduce(k) + diff := len(curve.bytePoints) - len(newK) + + // Point Q = ∞ (point at infinity). + qx, qy, qz := new(fieldVal), new(fieldVal), new(fieldVal) + + // curve.bytePoints has all 256 byte points for each 8-bit window. The + // strategy is to add up the byte points. This is best understood by + // expressing k in base-256 which it already sort of is. + // Each "digit" in the 8-bit window can be looked up using bytePoints + // and added together. + for i, byteVal := range newK { + p := curve.bytePoints[diff+i][byteVal] + curve.addJacobian(qx, qy, qz, &p[0], &p[1], &p[2], qx, qy, qz) + } + return curve.fieldJacobianToBigAffine(qx, qy, qz) +} + +// QPlus1Div4 returns the Q+1/4 constant for the curve for use in calculating +// square roots via exponention. +func (curve *KoblitzCurve) QPlus1Div4() *big.Int { + return curve.q +} + +var initonce sync.Once +var secp256k1 KoblitzCurve + +func initAll() { + initS256() +} + +// fromHex converts the passed hex string into a big integer pointer and will +// panic is there is an error. This is only provided for the hard-coded +// constants so errors in the source code can bet detected. It will only (and +// must only) be called for initialization purposes. +func fromHex(s string) *big.Int { + r, ok := new(big.Int).SetString(s, 16) + if !ok { + panic("invalid hex in source file: " + s) + } + return r +} + +func initS256() { + // Curve parameters taken from [SECG] section 2.4.1. + secp256k1.CurveParams = new(elliptic.CurveParams) + secp256k1.P = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F") + secp256k1.N = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141") + secp256k1.B = fromHex("0000000000000000000000000000000000000000000000000000000000000007") + secp256k1.Gx = fromHex("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798") + secp256k1.Gy = fromHex("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8") + secp256k1.BitSize = 256 + secp256k1.q = new(big.Int).Div(new(big.Int).Add(secp256k1.P, + big.NewInt(1)), big.NewInt(4)) + secp256k1.H = 1 + secp256k1.halfOrder = new(big.Int).Rsh(secp256k1.N, 1) + + // Provided for convenience since this gets computed repeatedly. + secp256k1.byteSize = secp256k1.BitSize / 8 + + // Deserialize and set the pre-computed table used to accelerate scalar + // base multiplication. This is hard-coded data, so any errors are + // panics because it means something is wrong in the source code. + if err := loadS256BytePoints(); err != nil { + panic(err) + } + + // Next 6 constants are from Hal Finney's bitcointalk.org post: + // https://bitcointalk.org/index.php?topic=3238.msg45565#msg45565 + // May he rest in peace. + // + // They have also been independently derived from the code in the + // EndomorphismVectors function in gensecp256k1.go. + secp256k1.lambda = fromHex("5363AD4CC05C30E0A5261C028812645A122E22EA20816678DF02967C1B23BD72") + secp256k1.beta = new(fieldVal).SetHex("7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE") + secp256k1.a1 = fromHex("3086D221A7D46BCDE86C90E49284EB15") + secp256k1.b1 = fromHex("-E4437ED6010E88286F547FA90ABFE4C3") + secp256k1.a2 = fromHex("114CA50F7A8E2F3F657C1108D9D44CFD8") + secp256k1.b2 = fromHex("3086D221A7D46BCDE86C90E49284EB15") + + // Alternatively, we can use the parameters below, however, they seem + // to be about 8% slower. + // secp256k1.lambda = fromHex("AC9C52B33FA3CF1F5AD9E3FD77ED9BA4A880B9FC8EC739C2E0CFC810B51283CE") + // secp256k1.beta = new(fieldVal).SetHex("851695D49A83F8EF919BB86153CBCB16630FB68AED0A766A3EC693D68E6AFA40") + // secp256k1.a1 = fromHex("E4437ED6010E88286F547FA90ABFE4C3") + // secp256k1.b1 = fromHex("-3086D221A7D46BCDE86C90E49284EB15") + // secp256k1.a2 = fromHex("3086D221A7D46BCDE86C90E49284EB15") + // secp256k1.b2 = fromHex("114CA50F7A8E2F3F657C1108D9D44CFD8") +} + +// S256 returns a Curve which implements secp256k1. +func S256() *KoblitzCurve { + initonce.Do(initAll) + return &secp256k1 +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/ciphering.go b/vendor/github.com/btcsuite/btcd/btcec/ciphering.go new file mode 100644 index 0000000..b18c9b7 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/ciphering.go @@ -0,0 +1,216 @@ +// Copyright (c) 2015-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/hmac" + "crypto/rand" + "crypto/sha256" + "crypto/sha512" + "errors" + "io" +) + +var ( + // ErrInvalidMAC occurs when Message Authentication Check (MAC) fails + // during decryption. This happens because of either invalid private key or + // corrupt ciphertext. + ErrInvalidMAC = errors.New("invalid mac hash") + + // errInputTooShort occurs when the input ciphertext to the Decrypt + // function is less than 134 bytes long. + errInputTooShort = errors.New("ciphertext too short") + + // errUnsupportedCurve occurs when the first two bytes of the encrypted + // text aren't 0x02CA (= 712 = secp256k1, from OpenSSL). + errUnsupportedCurve = errors.New("unsupported curve") + + errInvalidXLength = errors.New("invalid X length, must be 32") + errInvalidYLength = errors.New("invalid Y length, must be 32") + errInvalidPadding = errors.New("invalid PKCS#7 padding") + + // 0x02CA = 714 + ciphCurveBytes = [2]byte{0x02, 0xCA} + // 0x20 = 32 + ciphCoordLength = [2]byte{0x00, 0x20} +) + +// GenerateSharedSecret generates a shared secret based on a private key and a +// public key using Diffie-Hellman key exchange (ECDH) (RFC 4753). +// RFC5903 Section 9 states we should only return x. +func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte { + x, _ := pubkey.Curve.ScalarMult(pubkey.X, pubkey.Y, privkey.D.Bytes()) + return x.Bytes() +} + +// Encrypt encrypts data for the target public key using AES-256-CBC. It also +// generates a private key (the pubkey of which is also in the output). The only +// supported curve is secp256k1. The `structure' that it encodes everything into +// is: +// +// struct { +// // Initialization Vector used for AES-256-CBC +// IV [16]byte +// // Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyX + +// // len_of_pubkeyY(2) + pubkeyY (curve = 714) +// PublicKey [70]byte +// // Cipher text +// Data []byte +// // HMAC-SHA-256 Message Authentication Code +// HMAC [32]byte +// } +// +// The primary aim is to ensure byte compatibility with Pyelliptic. Also, refer +// to section 5.8.1 of ANSI X9.63 for rationale on this format. +func Encrypt(pubkey *PublicKey, in []byte) ([]byte, error) { + ephemeral, err := NewPrivateKey(S256()) + if err != nil { + return nil, err + } + ecdhKey := GenerateSharedSecret(ephemeral, pubkey) + derivedKey := sha512.Sum512(ecdhKey) + keyE := derivedKey[:32] + keyM := derivedKey[32:] + + paddedIn := addPKCSPadding(in) + // IV + Curve params/X/Y + padded plaintext/ciphertext + HMAC-256 + out := make([]byte, aes.BlockSize+70+len(paddedIn)+sha256.Size) + iv := out[:aes.BlockSize] + if _, err = io.ReadFull(rand.Reader, iv); err != nil { + return nil, err + } + // start writing public key + pb := ephemeral.PubKey().SerializeUncompressed() + offset := aes.BlockSize + + // curve and X length + copy(out[offset:offset+4], append(ciphCurveBytes[:], ciphCoordLength[:]...)) + offset += 4 + // X + copy(out[offset:offset+32], pb[1:33]) + offset += 32 + // Y length + copy(out[offset:offset+2], ciphCoordLength[:]) + offset += 2 + // Y + copy(out[offset:offset+32], pb[33:]) + offset += 32 + + // start encryption + block, err := aes.NewCipher(keyE) + if err != nil { + return nil, err + } + mode := cipher.NewCBCEncrypter(block, iv) + mode.CryptBlocks(out[offset:len(out)-sha256.Size], paddedIn) + + // start HMAC-SHA-256 + hm := hmac.New(sha256.New, keyM) + hm.Write(out[:len(out)-sha256.Size]) // everything is hashed + copy(out[len(out)-sha256.Size:], hm.Sum(nil)) // write checksum + + return out, nil +} + +// Decrypt decrypts data that was encrypted using the Encrypt function. +func Decrypt(priv *PrivateKey, in []byte) ([]byte, error) { + // IV + Curve params/X/Y + 1 block + HMAC-256 + if len(in) < aes.BlockSize+70+aes.BlockSize+sha256.Size { + return nil, errInputTooShort + } + + // read iv + iv := in[:aes.BlockSize] + offset := aes.BlockSize + + // start reading pubkey + if !bytes.Equal(in[offset:offset+2], ciphCurveBytes[:]) { + return nil, errUnsupportedCurve + } + offset += 2 + + if !bytes.Equal(in[offset:offset+2], ciphCoordLength[:]) { + return nil, errInvalidXLength + } + offset += 2 + + xBytes := in[offset : offset+32] + offset += 32 + + if !bytes.Equal(in[offset:offset+2], ciphCoordLength[:]) { + return nil, errInvalidYLength + } + offset += 2 + + yBytes := in[offset : offset+32] + offset += 32 + + pb := make([]byte, 65) + pb[0] = byte(0x04) // uncompressed + copy(pb[1:33], xBytes) + copy(pb[33:], yBytes) + // check if (X, Y) lies on the curve and create a Pubkey if it does + pubkey, err := ParsePubKey(pb, S256()) + if err != nil { + return nil, err + } + + // check for cipher text length + if (len(in)-aes.BlockSize-offset-sha256.Size)%aes.BlockSize != 0 { + return nil, errInvalidPadding // not padded to 16 bytes + } + + // read hmac + messageMAC := in[len(in)-sha256.Size:] + + // generate shared secret + ecdhKey := GenerateSharedSecret(priv, pubkey) + derivedKey := sha512.Sum512(ecdhKey) + keyE := derivedKey[:32] + keyM := derivedKey[32:] + + // verify mac + hm := hmac.New(sha256.New, keyM) + hm.Write(in[:len(in)-sha256.Size]) // everything is hashed + expectedMAC := hm.Sum(nil) + if !hmac.Equal(messageMAC, expectedMAC) { + return nil, ErrInvalidMAC + } + + // start decryption + block, err := aes.NewCipher(keyE) + if err != nil { + return nil, err + } + mode := cipher.NewCBCDecrypter(block, iv) + // same length as ciphertext + plaintext := make([]byte, len(in)-offset-sha256.Size) + mode.CryptBlocks(plaintext, in[offset:len(in)-sha256.Size]) + + return removePKCSPadding(plaintext) +} + +// Implement PKCS#7 padding with block size of 16 (AES block size). + +// addPKCSPadding adds padding to a block of data +func addPKCSPadding(src []byte) []byte { + padding := aes.BlockSize - len(src)%aes.BlockSize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(src, padtext...) +} + +// removePKCSPadding removes padding from data that was added with addPKCSPadding +func removePKCSPadding(src []byte) ([]byte, error) { + length := len(src) + padLength := int(src[length-1]) + if padLength > aes.BlockSize || length < aes.BlockSize { + return nil, errInvalidPadding + } + + return src[:length-padLength], nil +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/doc.go b/vendor/github.com/btcsuite/btcd/btcec/doc.go new file mode 100644 index 0000000..fa8346a --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/doc.go @@ -0,0 +1,21 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package btcec implements support for the elliptic curves needed for bitcoin. + +Bitcoin uses elliptic curve cryptography using koblitz curves +(specifically secp256k1) for cryptographic functions. See +http://www.secg.org/collateral/sec2_final.pdf for details on the +standard. + +This package provides the data structures and functions implementing the +crypto/elliptic Curve interface in order to permit using these curves +with the standard crypto/ecdsa package provided with go. Helper +functionality is provided to parse signatures and public keys from +standard formats. It was designed for use with btcd, but should be +general enough for other uses of elliptic curve crypto. It was originally based +on some initial work by ThePiachu, but has significantly diverged since then. +*/ +package btcec diff --git a/vendor/github.com/btcsuite/btcd/btcec/field.go b/vendor/github.com/btcsuite/btcd/btcec/field.go new file mode 100644 index 0000000..0f2be74 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/field.go @@ -0,0 +1,1223 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Copyright (c) 2013-2016 Dave Collins +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +// References: +// [HAC]: Handbook of Applied Cryptography Menezes, van Oorschot, Vanstone. +// http://cacr.uwaterloo.ca/hac/ + +// All elliptic curve operations for secp256k1 are done in a finite field +// characterized by a 256-bit prime. Given this precision is larger than the +// biggest available native type, obviously some form of bignum math is needed. +// This package implements specialized fixed-precision field arithmetic rather +// than relying on an arbitrary-precision arithmetic package such as math/big +// for dealing with the field math since the size is known. As a result, rather +// large performance gains are achieved by taking advantage of many +// optimizations not available to arbitrary-precision arithmetic and generic +// modular arithmetic algorithms. +// +// There are various ways to internally represent each finite field element. +// For example, the most obvious representation would be to use an array of 4 +// uint64s (64 bits * 4 = 256 bits). However, that representation suffers from +// a couple of issues. First, there is no native Go type large enough to handle +// the intermediate results while adding or multiplying two 64-bit numbers, and +// second there is no space left for overflows when performing the intermediate +// arithmetic between each array element which would lead to expensive carry +// propagation. +// +// Given the above, this implementation represents the the field elements as +// 10 uint32s with each word (array entry) treated as base 2^26. This was +// chosen for the following reasons: +// 1) Most systems at the current time are 64-bit (or at least have 64-bit +// registers available for specialized purposes such as MMX) so the +// intermediate results can typically be done using a native register (and +// using uint64s to avoid the need for additional half-word arithmetic) +// 2) In order to allow addition of the internal words without having to +// propagate the the carry, the max normalized value for each register must +// be less than the number of bits available in the register +// 3) Since we're dealing with 32-bit values, 64-bits of overflow is a +// reasonable choice for #2 +// 4) Given the need for 256-bits of precision and the properties stated in #1, +// #2, and #3, the representation which best accommodates this is 10 uint32s +// with base 2^26 (26 bits * 10 = 260 bits, so the final word only needs 22 +// bits) which leaves the desired 64 bits (32 * 10 = 320, 320 - 256 = 64) for +// overflow +// +// Since it is so important that the field arithmetic is extremely fast for +// high performance crypto, this package does not perform any validation where +// it ordinarily would. For example, some functions only give the correct +// result is the field is normalized and there is no checking to ensure it is. +// While I typically prefer to ensure all state and input is valid for most +// packages, this code is really only used internally and every extra check +// counts. + +import ( + "encoding/hex" +) + +// Constants used to make the code more readable. +const ( + twoBitsMask = 0x3 + fourBitsMask = 0xf + sixBitsMask = 0x3f + eightBitsMask = 0xff +) + +// Constants related to the field representation. +const ( + // fieldWords is the number of words used to internally represent the + // 256-bit value. + fieldWords = 10 + + // fieldBase is the exponent used to form the numeric base of each word. + // 2^(fieldBase*i) where i is the word position. + fieldBase = 26 + + // fieldOverflowBits is the minimum number of "overflow" bits for each + // word in the field value. + fieldOverflowBits = 32 - fieldBase + + // fieldBaseMask is the mask for the bits in each word needed to + // represent the numeric base of each word (except the most significant + // word). + fieldBaseMask = (1 << fieldBase) - 1 + + // fieldMSBBits is the number of bits in the most significant word used + // to represent the value. + fieldMSBBits = 256 - (fieldBase * (fieldWords - 1)) + + // fieldMSBMask is the mask for the bits in the most significant word + // needed to represent the value. + fieldMSBMask = (1 << fieldMSBBits) - 1 + + // fieldPrimeWordZero is word zero of the secp256k1 prime in the + // internal field representation. It is used during negation. + fieldPrimeWordZero = 0x3fffc2f + + // fieldPrimeWordOne is word one of the secp256k1 prime in the + // internal field representation. It is used during negation. + fieldPrimeWordOne = 0x3ffffbf +) + +// fieldVal implements optimized fixed-precision arithmetic over the +// secp256k1 finite field. This means all arithmetic is performed modulo +// 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f. It +// represents each 256-bit value as 10 32-bit integers in base 2^26. This +// provides 6 bits of overflow in each word (10 bits in the most significant +// word) for a total of 64 bits of overflow (9*6 + 10 = 64). It only implements +// the arithmetic needed for elliptic curve operations. +// +// The following depicts the internal representation: +// ----------------------------------------------------------------- +// | n[9] | n[8] | ... | n[0] | +// | 32 bits available | 32 bits available | ... | 32 bits available | +// | 22 bits for value | 26 bits for value | ... | 26 bits for value | +// | 10 bits overflow | 6 bits overflow | ... | 6 bits overflow | +// | Mult: 2^(26*9) | Mult: 2^(26*8) | ... | Mult: 2^(26*0) | +// ----------------------------------------------------------------- +// +// For example, consider the number 2^49 + 1. It would be represented as: +// n[0] = 1 +// n[1] = 2^23 +// n[2..9] = 0 +// +// The full 256-bit value is then calculated by looping i from 9..0 and +// doing sum(n[i] * 2^(26i)) like so: +// n[9] * 2^(26*9) = 0 * 2^234 = 0 +// n[8] * 2^(26*8) = 0 * 2^208 = 0 +// ... +// n[1] * 2^(26*1) = 2^23 * 2^26 = 2^49 +// n[0] * 2^(26*0) = 1 * 2^0 = 1 +// Sum: 0 + 0 + ... + 2^49 + 1 = 2^49 + 1 +type fieldVal struct { + n [10]uint32 +} + +// String returns the field value as a human-readable hex string. +func (f fieldVal) String() string { + t := new(fieldVal).Set(&f).Normalize() + return hex.EncodeToString(t.Bytes()[:]) +} + +// Zero sets the field value to zero. A newly created field value is already +// set to zero. This function can be useful to clear an existing field value +// for reuse. +func (f *fieldVal) Zero() { + f.n[0] = 0 + f.n[1] = 0 + f.n[2] = 0 + f.n[3] = 0 + f.n[4] = 0 + f.n[5] = 0 + f.n[6] = 0 + f.n[7] = 0 + f.n[8] = 0 + f.n[9] = 0 +} + +// Set sets the field value equal to the passed value. +// +// The field value is returned to support chaining. This enables syntax like: +// f := new(fieldVal).Set(f2).Add(1) so that f = f2 + 1 where f2 is not +// modified. +func (f *fieldVal) Set(val *fieldVal) *fieldVal { + *f = *val + return f +} + +// SetInt sets the field value to the passed integer. This is a convenience +// function since it is fairly common to perform some arithemetic with small +// native integers. +// +// The field value is returned to support chaining. This enables syntax such +// as f := new(fieldVal).SetInt(2).Mul(f2) so that f = 2 * f2. +func (f *fieldVal) SetInt(ui uint) *fieldVal { + f.Zero() + f.n[0] = uint32(ui) + return f +} + +// SetBytes packs the passed 32-byte big-endian value into the internal field +// value representation. +// +// The field value is returned to support chaining. This enables syntax like: +// f := new(fieldVal).SetBytes(byteArray).Mul(f2) so that f = ba * f2. +func (f *fieldVal) SetBytes(b *[32]byte) *fieldVal { + // Pack the 256 total bits across the 10 uint32 words with a max of + // 26-bits per word. This could be done with a couple of for loops, + // but this unrolled version is significantly faster. Benchmarks show + // this is about 34 times faster than the variant which uses loops. + f.n[0] = uint32(b[31]) | uint32(b[30])<<8 | uint32(b[29])<<16 | + (uint32(b[28])&twoBitsMask)<<24 + f.n[1] = uint32(b[28])>>2 | uint32(b[27])<<6 | uint32(b[26])<<14 | + (uint32(b[25])&fourBitsMask)<<22 + f.n[2] = uint32(b[25])>>4 | uint32(b[24])<<4 | uint32(b[23])<<12 | + (uint32(b[22])&sixBitsMask)<<20 + f.n[3] = uint32(b[22])>>6 | uint32(b[21])<<2 | uint32(b[20])<<10 | + uint32(b[19])<<18 + f.n[4] = uint32(b[18]) | uint32(b[17])<<8 | uint32(b[16])<<16 | + (uint32(b[15])&twoBitsMask)<<24 + f.n[5] = uint32(b[15])>>2 | uint32(b[14])<<6 | uint32(b[13])<<14 | + (uint32(b[12])&fourBitsMask)<<22 + f.n[6] = uint32(b[12])>>4 | uint32(b[11])<<4 | uint32(b[10])<<12 | + (uint32(b[9])&sixBitsMask)<<20 + f.n[7] = uint32(b[9])>>6 | uint32(b[8])<<2 | uint32(b[7])<<10 | + uint32(b[6])<<18 + f.n[8] = uint32(b[5]) | uint32(b[4])<<8 | uint32(b[3])<<16 | + (uint32(b[2])&twoBitsMask)<<24 + f.n[9] = uint32(b[2])>>2 | uint32(b[1])<<6 | uint32(b[0])<<14 + return f +} + +// SetByteSlice packs the passed big-endian value into the internal field value +// representation. Only the first 32-bytes are used. As a result, it is up to +// the caller to ensure numbers of the appropriate size are used or the value +// will be truncated. +// +// The field value is returned to support chaining. This enables syntax like: +// f := new(fieldVal).SetByteSlice(byteSlice) +func (f *fieldVal) SetByteSlice(b []byte) *fieldVal { + var b32 [32]byte + for i := 0; i < len(b); i++ { + if i < 32 { + b32[i+(32-len(b))] = b[i] + } + } + return f.SetBytes(&b32) +} + +// SetHex decodes the passed big-endian hex string into the internal field value +// representation. Only the first 32-bytes are used. +// +// The field value is returned to support chaining. This enables syntax like: +// f := new(fieldVal).SetHex("0abc").Add(1) so that f = 0x0abc + 1 +func (f *fieldVal) SetHex(hexString string) *fieldVal { + if len(hexString)%2 != 0 { + hexString = "0" + hexString + } + bytes, _ := hex.DecodeString(hexString) + return f.SetByteSlice(bytes) +} + +// Normalize normalizes the internal field words into the desired range and +// performs fast modular reduction over the secp256k1 prime by making use of the +// special form of the prime. +func (f *fieldVal) Normalize() *fieldVal { + // The field representation leaves 6 bits of overflow in each word so + // intermediate calculations can be performed without needing to + // propagate the carry to each higher word during the calculations. In + // order to normalize, we need to "compact" the full 256-bit value to + // the right while propagating any carries through to the high order + // word. + // + // Since this field is doing arithmetic modulo the secp256k1 prime, we + // also need to perform modular reduction over the prime. + // + // Per [HAC] section 14.3.4: Reduction method of moduli of special form, + // when the modulus is of the special form m = b^t - c, highly efficient + // reduction can be achieved. + // + // The secp256k1 prime is equivalent to 2^256 - 4294968273, so it fits + // this criteria. + // + // 4294968273 in field representation (base 2^26) is: + // n[0] = 977 + // n[1] = 64 + // That is to say (2^26 * 64) + 977 = 4294968273 + // + // The algorithm presented in the referenced section typically repeats + // until the quotient is zero. However, due to our field representation + // we already know to within one reduction how many times we would need + // to repeat as it's the uppermost bits of the high order word. Thus we + // can simply multiply the magnitude by the field representation of the + // prime and do a single iteration. After this step there might be an + // additional carry to bit 256 (bit 22 of the high order word). + t9 := f.n[9] + m := t9 >> fieldMSBBits + t9 = t9 & fieldMSBMask + t0 := f.n[0] + m*977 + t1 := (t0 >> fieldBase) + f.n[1] + (m << 6) + t0 = t0 & fieldBaseMask + t2 := (t1 >> fieldBase) + f.n[2] + t1 = t1 & fieldBaseMask + t3 := (t2 >> fieldBase) + f.n[3] + t2 = t2 & fieldBaseMask + t4 := (t3 >> fieldBase) + f.n[4] + t3 = t3 & fieldBaseMask + t5 := (t4 >> fieldBase) + f.n[5] + t4 = t4 & fieldBaseMask + t6 := (t5 >> fieldBase) + f.n[6] + t5 = t5 & fieldBaseMask + t7 := (t6 >> fieldBase) + f.n[7] + t6 = t6 & fieldBaseMask + t8 := (t7 >> fieldBase) + f.n[8] + t7 = t7 & fieldBaseMask + t9 = (t8 >> fieldBase) + t9 + t8 = t8 & fieldBaseMask + + // At this point, the magnitude is guaranteed to be one, however, the + // value could still be greater than the prime if there was either a + // carry through to bit 256 (bit 22 of the higher order word) or the + // value is greater than or equal to the field characteristic. The + // following determines if either or these conditions are true and does + // the final reduction in constant time. + // + // Note that the if/else statements here intentionally do the bitwise + // operators even when it won't change the value to ensure constant time + // between the branches. Also note that 'm' will be zero when neither + // of the aforementioned conditions are true and the value will not be + // changed when 'm' is zero. + m = 1 + if t9 == fieldMSBMask { + m &= 1 + } else { + m &= 0 + } + if t2&t3&t4&t5&t6&t7&t8 == fieldBaseMask { + m &= 1 + } else { + m &= 0 + } + if ((t0+977)>>fieldBase + t1 + 64) > fieldBaseMask { + m &= 1 + } else { + m &= 0 + } + if t9>>fieldMSBBits != 0 { + m |= 1 + } else { + m |= 0 + } + t0 = t0 + m*977 + t1 = (t0 >> fieldBase) + t1 + (m << 6) + t0 = t0 & fieldBaseMask + t2 = (t1 >> fieldBase) + t2 + t1 = t1 & fieldBaseMask + t3 = (t2 >> fieldBase) + t3 + t2 = t2 & fieldBaseMask + t4 = (t3 >> fieldBase) + t4 + t3 = t3 & fieldBaseMask + t5 = (t4 >> fieldBase) + t5 + t4 = t4 & fieldBaseMask + t6 = (t5 >> fieldBase) + t6 + t5 = t5 & fieldBaseMask + t7 = (t6 >> fieldBase) + t7 + t6 = t6 & fieldBaseMask + t8 = (t7 >> fieldBase) + t8 + t7 = t7 & fieldBaseMask + t9 = (t8 >> fieldBase) + t9 + t8 = t8 & fieldBaseMask + t9 = t9 & fieldMSBMask // Remove potential multiple of 2^256. + + // Finally, set the normalized and reduced words. + f.n[0] = t0 + f.n[1] = t1 + f.n[2] = t2 + f.n[3] = t3 + f.n[4] = t4 + f.n[5] = t5 + f.n[6] = t6 + f.n[7] = t7 + f.n[8] = t8 + f.n[9] = t9 + return f +} + +// PutBytes unpacks the field value to a 32-byte big-endian value using the +// passed byte array. There is a similar function, Bytes, which unpacks the +// field value into a new array and returns that. This version is provided +// since it can be useful to cut down on the number of allocations by allowing +// the caller to reuse a buffer. +// +// The field value must be normalized for this function to return the correct +// result. +func (f *fieldVal) PutBytes(b *[32]byte) { + // Unpack the 256 total bits from the 10 uint32 words with a max of + // 26-bits per word. This could be done with a couple of for loops, + // but this unrolled version is a bit faster. Benchmarks show this is + // about 10 times faster than the variant which uses loops. + b[31] = byte(f.n[0] & eightBitsMask) + b[30] = byte((f.n[0] >> 8) & eightBitsMask) + b[29] = byte((f.n[0] >> 16) & eightBitsMask) + b[28] = byte((f.n[0]>>24)&twoBitsMask | (f.n[1]&sixBitsMask)<<2) + b[27] = byte((f.n[1] >> 6) & eightBitsMask) + b[26] = byte((f.n[1] >> 14) & eightBitsMask) + b[25] = byte((f.n[1]>>22)&fourBitsMask | (f.n[2]&fourBitsMask)<<4) + b[24] = byte((f.n[2] >> 4) & eightBitsMask) + b[23] = byte((f.n[2] >> 12) & eightBitsMask) + b[22] = byte((f.n[2]>>20)&sixBitsMask | (f.n[3]&twoBitsMask)<<6) + b[21] = byte((f.n[3] >> 2) & eightBitsMask) + b[20] = byte((f.n[3] >> 10) & eightBitsMask) + b[19] = byte((f.n[3] >> 18) & eightBitsMask) + b[18] = byte(f.n[4] & eightBitsMask) + b[17] = byte((f.n[4] >> 8) & eightBitsMask) + b[16] = byte((f.n[4] >> 16) & eightBitsMask) + b[15] = byte((f.n[4]>>24)&twoBitsMask | (f.n[5]&sixBitsMask)<<2) + b[14] = byte((f.n[5] >> 6) & eightBitsMask) + b[13] = byte((f.n[5] >> 14) & eightBitsMask) + b[12] = byte((f.n[5]>>22)&fourBitsMask | (f.n[6]&fourBitsMask)<<4) + b[11] = byte((f.n[6] >> 4) & eightBitsMask) + b[10] = byte((f.n[6] >> 12) & eightBitsMask) + b[9] = byte((f.n[6]>>20)&sixBitsMask | (f.n[7]&twoBitsMask)<<6) + b[8] = byte((f.n[7] >> 2) & eightBitsMask) + b[7] = byte((f.n[7] >> 10) & eightBitsMask) + b[6] = byte((f.n[7] >> 18) & eightBitsMask) + b[5] = byte(f.n[8] & eightBitsMask) + b[4] = byte((f.n[8] >> 8) & eightBitsMask) + b[3] = byte((f.n[8] >> 16) & eightBitsMask) + b[2] = byte((f.n[8]>>24)&twoBitsMask | (f.n[9]&sixBitsMask)<<2) + b[1] = byte((f.n[9] >> 6) & eightBitsMask) + b[0] = byte((f.n[9] >> 14) & eightBitsMask) +} + +// Bytes unpacks the field value to a 32-byte big-endian value. See PutBytes +// for a variant that allows the a buffer to be passed which can be useful to +// to cut down on the number of allocations by allowing the caller to reuse a +// buffer. +// +// The field value must be normalized for this function to return correct +// result. +func (f *fieldVal) Bytes() *[32]byte { + b := new([32]byte) + f.PutBytes(b) + return b +} + +// IsZero returns whether or not the field value is equal to zero. +func (f *fieldVal) IsZero() bool { + // The value can only be zero if no bits are set in any of the words. + // This is a constant time implementation. + bits := f.n[0] | f.n[1] | f.n[2] | f.n[3] | f.n[4] | + f.n[5] | f.n[6] | f.n[7] | f.n[8] | f.n[9] + + return bits == 0 +} + +// IsOdd returns whether or not the field value is an odd number. +// +// The field value must be normalized for this function to return correct +// result. +func (f *fieldVal) IsOdd() bool { + // Only odd numbers have the bottom bit set. + return f.n[0]&1 == 1 +} + +// Equals returns whether or not the two field values are the same. Both +// field values being compared must be normalized for this function to return +// the correct result. +func (f *fieldVal) Equals(val *fieldVal) bool { + // Xor only sets bits when they are different, so the two field values + // can only be the same if no bits are set after xoring each word. + // This is a constant time implementation. + bits := (f.n[0] ^ val.n[0]) | (f.n[1] ^ val.n[1]) | (f.n[2] ^ val.n[2]) | + (f.n[3] ^ val.n[3]) | (f.n[4] ^ val.n[4]) | (f.n[5] ^ val.n[5]) | + (f.n[6] ^ val.n[6]) | (f.n[7] ^ val.n[7]) | (f.n[8] ^ val.n[8]) | + (f.n[9] ^ val.n[9]) + + return bits == 0 +} + +// NegateVal negates the passed value and stores the result in f. The caller +// must provide the magnitude of the passed value for a correct result. +// +// The field value is returned to support chaining. This enables syntax like: +// f.NegateVal(f2).AddInt(1) so that f = -f2 + 1. +func (f *fieldVal) NegateVal(val *fieldVal, magnitude uint32) *fieldVal { + // Negation in the field is just the prime minus the value. However, + // in order to allow negation against a field value without having to + // normalize/reduce it first, multiply by the magnitude (that is how + // "far" away it is from the normalized value) to adjust. Also, since + // negating a value pushes it one more order of magnitude away from the + // normalized range, add 1 to compensate. + // + // For some intuition here, imagine you're performing mod 12 arithmetic + // (picture a clock) and you are negating the number 7. So you start at + // 12 (which is of course 0 under mod 12) and count backwards (left on + // the clock) 7 times to arrive at 5. Notice this is just 12-7 = 5. + // Now, assume you're starting with 19, which is a number that is + // already larger than the modulus and congruent to 7 (mod 12). When a + // value is already in the desired range, its magnitude is 1. Since 19 + // is an additional "step", its magnitude (mod 12) is 2. Since any + // multiple of the modulus is conguent to zero (mod m), the answer can + // be shortcut by simply mulplying the magnitude by the modulus and + // subtracting. Keeping with the example, this would be (2*12)-19 = 5. + f.n[0] = (magnitude+1)*fieldPrimeWordZero - val.n[0] + f.n[1] = (magnitude+1)*fieldPrimeWordOne - val.n[1] + f.n[2] = (magnitude+1)*fieldBaseMask - val.n[2] + f.n[3] = (magnitude+1)*fieldBaseMask - val.n[3] + f.n[4] = (magnitude+1)*fieldBaseMask - val.n[4] + f.n[5] = (magnitude+1)*fieldBaseMask - val.n[5] + f.n[6] = (magnitude+1)*fieldBaseMask - val.n[6] + f.n[7] = (magnitude+1)*fieldBaseMask - val.n[7] + f.n[8] = (magnitude+1)*fieldBaseMask - val.n[8] + f.n[9] = (magnitude+1)*fieldMSBMask - val.n[9] + + return f +} + +// Negate negates the field value. The existing field value is modified. The +// caller must provide the magnitude of the field value for a correct result. +// +// The field value is returned to support chaining. This enables syntax like: +// f.Negate().AddInt(1) so that f = -f + 1. +func (f *fieldVal) Negate(magnitude uint32) *fieldVal { + return f.NegateVal(f, magnitude) +} + +// AddInt adds the passed integer to the existing field value and stores the +// result in f. This is a convenience function since it is fairly common to +// perform some arithemetic with small native integers. +// +// The field value is returned to support chaining. This enables syntax like: +// f.AddInt(1).Add(f2) so that f = f + 1 + f2. +func (f *fieldVal) AddInt(ui uint) *fieldVal { + // Since the field representation intentionally provides overflow bits, + // it's ok to use carryless addition as the carry bit is safely part of + // the word and will be normalized out. + f.n[0] += uint32(ui) + + return f +} + +// Add adds the passed value to the existing field value and stores the result +// in f. +// +// The field value is returned to support chaining. This enables syntax like: +// f.Add(f2).AddInt(1) so that f = f + f2 + 1. +func (f *fieldVal) Add(val *fieldVal) *fieldVal { + // Since the field representation intentionally provides overflow bits, + // it's ok to use carryless addition as the carry bit is safely part of + // each word and will be normalized out. This could obviously be done + // in a loop, but the unrolled version is faster. + f.n[0] += val.n[0] + f.n[1] += val.n[1] + f.n[2] += val.n[2] + f.n[3] += val.n[3] + f.n[4] += val.n[4] + f.n[5] += val.n[5] + f.n[6] += val.n[6] + f.n[7] += val.n[7] + f.n[8] += val.n[8] + f.n[9] += val.n[9] + + return f +} + +// Add2 adds the passed two field values together and stores the result in f. +// +// The field value is returned to support chaining. This enables syntax like: +// f3.Add2(f, f2).AddInt(1) so that f3 = f + f2 + 1. +func (f *fieldVal) Add2(val *fieldVal, val2 *fieldVal) *fieldVal { + // Since the field representation intentionally provides overflow bits, + // it's ok to use carryless addition as the carry bit is safely part of + // each word and will be normalized out. This could obviously be done + // in a loop, but the unrolled version is faster. + f.n[0] = val.n[0] + val2.n[0] + f.n[1] = val.n[1] + val2.n[1] + f.n[2] = val.n[2] + val2.n[2] + f.n[3] = val.n[3] + val2.n[3] + f.n[4] = val.n[4] + val2.n[4] + f.n[5] = val.n[5] + val2.n[5] + f.n[6] = val.n[6] + val2.n[6] + f.n[7] = val.n[7] + val2.n[7] + f.n[8] = val.n[8] + val2.n[8] + f.n[9] = val.n[9] + val2.n[9] + + return f +} + +// MulInt multiplies the field value by the passed int and stores the result in +// f. Note that this function can overflow if multiplying the value by any of +// the individual words exceeds a max uint32. Therefore it is important that +// the caller ensures no overflows will occur before using this function. +// +// The field value is returned to support chaining. This enables syntax like: +// f.MulInt(2).Add(f2) so that f = 2 * f + f2. +func (f *fieldVal) MulInt(val uint) *fieldVal { + // Since each word of the field representation can hold up to + // fieldOverflowBits extra bits which will be normalized out, it's safe + // to multiply each word without using a larger type or carry + // propagation so long as the values won't overflow a uint32. This + // could obviously be done in a loop, but the unrolled version is + // faster. + ui := uint32(val) + f.n[0] *= ui + f.n[1] *= ui + f.n[2] *= ui + f.n[3] *= ui + f.n[4] *= ui + f.n[5] *= ui + f.n[6] *= ui + f.n[7] *= ui + f.n[8] *= ui + f.n[9] *= ui + + return f +} + +// Mul multiplies the passed value to the existing field value and stores the +// result in f. Note that this function can overflow if multiplying any +// of the individual words exceeds a max uint32. In practice, this means the +// magnitude of either value involved in the multiplication must be a max of +// 8. +// +// The field value is returned to support chaining. This enables syntax like: +// f.Mul(f2).AddInt(1) so that f = (f * f2) + 1. +func (f *fieldVal) Mul(val *fieldVal) *fieldVal { + return f.Mul2(f, val) +} + +// Mul2 multiplies the passed two field values together and stores the result +// result in f. Note that this function can overflow if multiplying any of +// the individual words exceeds a max uint32. In practice, this means the +// magnitude of either value involved in the multiplication must be a max of +// 8. +// +// The field value is returned to support chaining. This enables syntax like: +// f3.Mul2(f, f2).AddInt(1) so that f3 = (f * f2) + 1. +func (f *fieldVal) Mul2(val *fieldVal, val2 *fieldVal) *fieldVal { + // This could be done with a couple of for loops and an array to store + // the intermediate terms, but this unrolled version is significantly + // faster. + + // Terms for 2^(fieldBase*0). + m := uint64(val.n[0]) * uint64(val2.n[0]) + t0 := m & fieldBaseMask + + // Terms for 2^(fieldBase*1). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[1]) + + uint64(val.n[1])*uint64(val2.n[0]) + t1 := m & fieldBaseMask + + // Terms for 2^(fieldBase*2). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[2]) + + uint64(val.n[1])*uint64(val2.n[1]) + + uint64(val.n[2])*uint64(val2.n[0]) + t2 := m & fieldBaseMask + + // Terms for 2^(fieldBase*3). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[3]) + + uint64(val.n[1])*uint64(val2.n[2]) + + uint64(val.n[2])*uint64(val2.n[1]) + + uint64(val.n[3])*uint64(val2.n[0]) + t3 := m & fieldBaseMask + + // Terms for 2^(fieldBase*4). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[4]) + + uint64(val.n[1])*uint64(val2.n[3]) + + uint64(val.n[2])*uint64(val2.n[2]) + + uint64(val.n[3])*uint64(val2.n[1]) + + uint64(val.n[4])*uint64(val2.n[0]) + t4 := m & fieldBaseMask + + // Terms for 2^(fieldBase*5). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[5]) + + uint64(val.n[1])*uint64(val2.n[4]) + + uint64(val.n[2])*uint64(val2.n[3]) + + uint64(val.n[3])*uint64(val2.n[2]) + + uint64(val.n[4])*uint64(val2.n[1]) + + uint64(val.n[5])*uint64(val2.n[0]) + t5 := m & fieldBaseMask + + // Terms for 2^(fieldBase*6). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[6]) + + uint64(val.n[1])*uint64(val2.n[5]) + + uint64(val.n[2])*uint64(val2.n[4]) + + uint64(val.n[3])*uint64(val2.n[3]) + + uint64(val.n[4])*uint64(val2.n[2]) + + uint64(val.n[5])*uint64(val2.n[1]) + + uint64(val.n[6])*uint64(val2.n[0]) + t6 := m & fieldBaseMask + + // Terms for 2^(fieldBase*7). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[7]) + + uint64(val.n[1])*uint64(val2.n[6]) + + uint64(val.n[2])*uint64(val2.n[5]) + + uint64(val.n[3])*uint64(val2.n[4]) + + uint64(val.n[4])*uint64(val2.n[3]) + + uint64(val.n[5])*uint64(val2.n[2]) + + uint64(val.n[6])*uint64(val2.n[1]) + + uint64(val.n[7])*uint64(val2.n[0]) + t7 := m & fieldBaseMask + + // Terms for 2^(fieldBase*8). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[8]) + + uint64(val.n[1])*uint64(val2.n[7]) + + uint64(val.n[2])*uint64(val2.n[6]) + + uint64(val.n[3])*uint64(val2.n[5]) + + uint64(val.n[4])*uint64(val2.n[4]) + + uint64(val.n[5])*uint64(val2.n[3]) + + uint64(val.n[6])*uint64(val2.n[2]) + + uint64(val.n[7])*uint64(val2.n[1]) + + uint64(val.n[8])*uint64(val2.n[0]) + t8 := m & fieldBaseMask + + // Terms for 2^(fieldBase*9). + m = (m >> fieldBase) + + uint64(val.n[0])*uint64(val2.n[9]) + + uint64(val.n[1])*uint64(val2.n[8]) + + uint64(val.n[2])*uint64(val2.n[7]) + + uint64(val.n[3])*uint64(val2.n[6]) + + uint64(val.n[4])*uint64(val2.n[5]) + + uint64(val.n[5])*uint64(val2.n[4]) + + uint64(val.n[6])*uint64(val2.n[3]) + + uint64(val.n[7])*uint64(val2.n[2]) + + uint64(val.n[8])*uint64(val2.n[1]) + + uint64(val.n[9])*uint64(val2.n[0]) + t9 := m & fieldBaseMask + + // Terms for 2^(fieldBase*10). + m = (m >> fieldBase) + + uint64(val.n[1])*uint64(val2.n[9]) + + uint64(val.n[2])*uint64(val2.n[8]) + + uint64(val.n[3])*uint64(val2.n[7]) + + uint64(val.n[4])*uint64(val2.n[6]) + + uint64(val.n[5])*uint64(val2.n[5]) + + uint64(val.n[6])*uint64(val2.n[4]) + + uint64(val.n[7])*uint64(val2.n[3]) + + uint64(val.n[8])*uint64(val2.n[2]) + + uint64(val.n[9])*uint64(val2.n[1]) + t10 := m & fieldBaseMask + + // Terms for 2^(fieldBase*11). + m = (m >> fieldBase) + + uint64(val.n[2])*uint64(val2.n[9]) + + uint64(val.n[3])*uint64(val2.n[8]) + + uint64(val.n[4])*uint64(val2.n[7]) + + uint64(val.n[5])*uint64(val2.n[6]) + + uint64(val.n[6])*uint64(val2.n[5]) + + uint64(val.n[7])*uint64(val2.n[4]) + + uint64(val.n[8])*uint64(val2.n[3]) + + uint64(val.n[9])*uint64(val2.n[2]) + t11 := m & fieldBaseMask + + // Terms for 2^(fieldBase*12). + m = (m >> fieldBase) + + uint64(val.n[3])*uint64(val2.n[9]) + + uint64(val.n[4])*uint64(val2.n[8]) + + uint64(val.n[5])*uint64(val2.n[7]) + + uint64(val.n[6])*uint64(val2.n[6]) + + uint64(val.n[7])*uint64(val2.n[5]) + + uint64(val.n[8])*uint64(val2.n[4]) + + uint64(val.n[9])*uint64(val2.n[3]) + t12 := m & fieldBaseMask + + // Terms for 2^(fieldBase*13). + m = (m >> fieldBase) + + uint64(val.n[4])*uint64(val2.n[9]) + + uint64(val.n[5])*uint64(val2.n[8]) + + uint64(val.n[6])*uint64(val2.n[7]) + + uint64(val.n[7])*uint64(val2.n[6]) + + uint64(val.n[8])*uint64(val2.n[5]) + + uint64(val.n[9])*uint64(val2.n[4]) + t13 := m & fieldBaseMask + + // Terms for 2^(fieldBase*14). + m = (m >> fieldBase) + + uint64(val.n[5])*uint64(val2.n[9]) + + uint64(val.n[6])*uint64(val2.n[8]) + + uint64(val.n[7])*uint64(val2.n[7]) + + uint64(val.n[8])*uint64(val2.n[6]) + + uint64(val.n[9])*uint64(val2.n[5]) + t14 := m & fieldBaseMask + + // Terms for 2^(fieldBase*15). + m = (m >> fieldBase) + + uint64(val.n[6])*uint64(val2.n[9]) + + uint64(val.n[7])*uint64(val2.n[8]) + + uint64(val.n[8])*uint64(val2.n[7]) + + uint64(val.n[9])*uint64(val2.n[6]) + t15 := m & fieldBaseMask + + // Terms for 2^(fieldBase*16). + m = (m >> fieldBase) + + uint64(val.n[7])*uint64(val2.n[9]) + + uint64(val.n[8])*uint64(val2.n[8]) + + uint64(val.n[9])*uint64(val2.n[7]) + t16 := m & fieldBaseMask + + // Terms for 2^(fieldBase*17). + m = (m >> fieldBase) + + uint64(val.n[8])*uint64(val2.n[9]) + + uint64(val.n[9])*uint64(val2.n[8]) + t17 := m & fieldBaseMask + + // Terms for 2^(fieldBase*18). + m = (m >> fieldBase) + uint64(val.n[9])*uint64(val2.n[9]) + t18 := m & fieldBaseMask + + // What's left is for 2^(fieldBase*19). + t19 := m >> fieldBase + + // At this point, all of the terms are grouped into their respective + // base. + // + // Per [HAC] section 14.3.4: Reduction method of moduli of special form, + // when the modulus is of the special form m = b^t - c, highly efficient + // reduction can be achieved per the provided algorithm. + // + // The secp256k1 prime is equivalent to 2^256 - 4294968273, so it fits + // this criteria. + // + // 4294968273 in field representation (base 2^26) is: + // n[0] = 977 + // n[1] = 64 + // That is to say (2^26 * 64) + 977 = 4294968273 + // + // Since each word is in base 26, the upper terms (t10 and up) start + // at 260 bits (versus the final desired range of 256 bits), so the + // field representation of 'c' from above needs to be adjusted for the + // extra 4 bits by multiplying it by 2^4 = 16. 4294968273 * 16 = + // 68719492368. Thus, the adjusted field representation of 'c' is: + // n[0] = 977 * 16 = 15632 + // n[1] = 64 * 16 = 1024 + // That is to say (2^26 * 1024) + 15632 = 68719492368 + // + // To reduce the final term, t19, the entire 'c' value is needed instead + // of only n[0] because there are no more terms left to handle n[1]. + // This means there might be some magnitude left in the upper bits that + // is handled below. + m = t0 + t10*15632 + t0 = m & fieldBaseMask + m = (m >> fieldBase) + t1 + t10*1024 + t11*15632 + t1 = m & fieldBaseMask + m = (m >> fieldBase) + t2 + t11*1024 + t12*15632 + t2 = m & fieldBaseMask + m = (m >> fieldBase) + t3 + t12*1024 + t13*15632 + t3 = m & fieldBaseMask + m = (m >> fieldBase) + t4 + t13*1024 + t14*15632 + t4 = m & fieldBaseMask + m = (m >> fieldBase) + t5 + t14*1024 + t15*15632 + t5 = m & fieldBaseMask + m = (m >> fieldBase) + t6 + t15*1024 + t16*15632 + t6 = m & fieldBaseMask + m = (m >> fieldBase) + t7 + t16*1024 + t17*15632 + t7 = m & fieldBaseMask + m = (m >> fieldBase) + t8 + t17*1024 + t18*15632 + t8 = m & fieldBaseMask + m = (m >> fieldBase) + t9 + t18*1024 + t19*68719492368 + t9 = m & fieldMSBMask + m = m >> fieldMSBBits + + // At this point, if the magnitude is greater than 0, the overall value + // is greater than the max possible 256-bit value. In particular, it is + // "how many times larger" than the max value it is. + // + // The algorithm presented in [HAC] section 14.3.4 repeats until the + // quotient is zero. However, due to the above, we already know at + // least how many times we would need to repeat as it's the value + // currently in m. Thus we can simply multiply the magnitude by the + // field representation of the prime and do a single iteration. Notice + // that nothing will be changed when the magnitude is zero, so we could + // skip this in that case, however always running regardless allows it + // to run in constant time. The final result will be in the range + // 0 <= result <= prime + (2^64 - c), so it is guaranteed to have a + // magnitude of 1, but it is denormalized. + d := t0 + m*977 + f.n[0] = uint32(d & fieldBaseMask) + d = (d >> fieldBase) + t1 + m*64 + f.n[1] = uint32(d & fieldBaseMask) + f.n[2] = uint32((d >> fieldBase) + t2) + f.n[3] = uint32(t3) + f.n[4] = uint32(t4) + f.n[5] = uint32(t5) + f.n[6] = uint32(t6) + f.n[7] = uint32(t7) + f.n[8] = uint32(t8) + f.n[9] = uint32(t9) + + return f +} + +// Square squares the field value. The existing field value is modified. Note +// that this function can overflow if multiplying any of the individual words +// exceeds a max uint32. In practice, this means the magnitude of the field +// must be a max of 8 to prevent overflow. +// +// The field value is returned to support chaining. This enables syntax like: +// f.Square().Mul(f2) so that f = f^2 * f2. +func (f *fieldVal) Square() *fieldVal { + return f.SquareVal(f) +} + +// SquareVal squares the passed value and stores the result in f. Note that +// this function can overflow if multiplying any of the individual words +// exceeds a max uint32. In practice, this means the magnitude of the field +// being squred must be a max of 8 to prevent overflow. +// +// The field value is returned to support chaining. This enables syntax like: +// f3.SquareVal(f).Mul(f) so that f3 = f^2 * f = f^3. +func (f *fieldVal) SquareVal(val *fieldVal) *fieldVal { + // This could be done with a couple of for loops and an array to store + // the intermediate terms, but this unrolled version is significantly + // faster. + + // Terms for 2^(fieldBase*0). + m := uint64(val.n[0]) * uint64(val.n[0]) + t0 := m & fieldBaseMask + + // Terms for 2^(fieldBase*1). + m = (m >> fieldBase) + 2*uint64(val.n[0])*uint64(val.n[1]) + t1 := m & fieldBaseMask + + // Terms for 2^(fieldBase*2). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[2]) + + uint64(val.n[1])*uint64(val.n[1]) + t2 := m & fieldBaseMask + + // Terms for 2^(fieldBase*3). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[3]) + + 2*uint64(val.n[1])*uint64(val.n[2]) + t3 := m & fieldBaseMask + + // Terms for 2^(fieldBase*4). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[4]) + + 2*uint64(val.n[1])*uint64(val.n[3]) + + uint64(val.n[2])*uint64(val.n[2]) + t4 := m & fieldBaseMask + + // Terms for 2^(fieldBase*5). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[5]) + + 2*uint64(val.n[1])*uint64(val.n[4]) + + 2*uint64(val.n[2])*uint64(val.n[3]) + t5 := m & fieldBaseMask + + // Terms for 2^(fieldBase*6). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[6]) + + 2*uint64(val.n[1])*uint64(val.n[5]) + + 2*uint64(val.n[2])*uint64(val.n[4]) + + uint64(val.n[3])*uint64(val.n[3]) + t6 := m & fieldBaseMask + + // Terms for 2^(fieldBase*7). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[7]) + + 2*uint64(val.n[1])*uint64(val.n[6]) + + 2*uint64(val.n[2])*uint64(val.n[5]) + + 2*uint64(val.n[3])*uint64(val.n[4]) + t7 := m & fieldBaseMask + + // Terms for 2^(fieldBase*8). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[8]) + + 2*uint64(val.n[1])*uint64(val.n[7]) + + 2*uint64(val.n[2])*uint64(val.n[6]) + + 2*uint64(val.n[3])*uint64(val.n[5]) + + uint64(val.n[4])*uint64(val.n[4]) + t8 := m & fieldBaseMask + + // Terms for 2^(fieldBase*9). + m = (m >> fieldBase) + + 2*uint64(val.n[0])*uint64(val.n[9]) + + 2*uint64(val.n[1])*uint64(val.n[8]) + + 2*uint64(val.n[2])*uint64(val.n[7]) + + 2*uint64(val.n[3])*uint64(val.n[6]) + + 2*uint64(val.n[4])*uint64(val.n[5]) + t9 := m & fieldBaseMask + + // Terms for 2^(fieldBase*10). + m = (m >> fieldBase) + + 2*uint64(val.n[1])*uint64(val.n[9]) + + 2*uint64(val.n[2])*uint64(val.n[8]) + + 2*uint64(val.n[3])*uint64(val.n[7]) + + 2*uint64(val.n[4])*uint64(val.n[6]) + + uint64(val.n[5])*uint64(val.n[5]) + t10 := m & fieldBaseMask + + // Terms for 2^(fieldBase*11). + m = (m >> fieldBase) + + 2*uint64(val.n[2])*uint64(val.n[9]) + + 2*uint64(val.n[3])*uint64(val.n[8]) + + 2*uint64(val.n[4])*uint64(val.n[7]) + + 2*uint64(val.n[5])*uint64(val.n[6]) + t11 := m & fieldBaseMask + + // Terms for 2^(fieldBase*12). + m = (m >> fieldBase) + + 2*uint64(val.n[3])*uint64(val.n[9]) + + 2*uint64(val.n[4])*uint64(val.n[8]) + + 2*uint64(val.n[5])*uint64(val.n[7]) + + uint64(val.n[6])*uint64(val.n[6]) + t12 := m & fieldBaseMask + + // Terms for 2^(fieldBase*13). + m = (m >> fieldBase) + + 2*uint64(val.n[4])*uint64(val.n[9]) + + 2*uint64(val.n[5])*uint64(val.n[8]) + + 2*uint64(val.n[6])*uint64(val.n[7]) + t13 := m & fieldBaseMask + + // Terms for 2^(fieldBase*14). + m = (m >> fieldBase) + + 2*uint64(val.n[5])*uint64(val.n[9]) + + 2*uint64(val.n[6])*uint64(val.n[8]) + + uint64(val.n[7])*uint64(val.n[7]) + t14 := m & fieldBaseMask + + // Terms for 2^(fieldBase*15). + m = (m >> fieldBase) + + 2*uint64(val.n[6])*uint64(val.n[9]) + + 2*uint64(val.n[7])*uint64(val.n[8]) + t15 := m & fieldBaseMask + + // Terms for 2^(fieldBase*16). + m = (m >> fieldBase) + + 2*uint64(val.n[7])*uint64(val.n[9]) + + uint64(val.n[8])*uint64(val.n[8]) + t16 := m & fieldBaseMask + + // Terms for 2^(fieldBase*17). + m = (m >> fieldBase) + 2*uint64(val.n[8])*uint64(val.n[9]) + t17 := m & fieldBaseMask + + // Terms for 2^(fieldBase*18). + m = (m >> fieldBase) + uint64(val.n[9])*uint64(val.n[9]) + t18 := m & fieldBaseMask + + // What's left is for 2^(fieldBase*19). + t19 := m >> fieldBase + + // At this point, all of the terms are grouped into their respective + // base. + // + // Per [HAC] section 14.3.4: Reduction method of moduli of special form, + // when the modulus is of the special form m = b^t - c, highly efficient + // reduction can be achieved per the provided algorithm. + // + // The secp256k1 prime is equivalent to 2^256 - 4294968273, so it fits + // this criteria. + // + // 4294968273 in field representation (base 2^26) is: + // n[0] = 977 + // n[1] = 64 + // That is to say (2^26 * 64) + 977 = 4294968273 + // + // Since each word is in base 26, the upper terms (t10 and up) start + // at 260 bits (versus the final desired range of 256 bits), so the + // field representation of 'c' from above needs to be adjusted for the + // extra 4 bits by multiplying it by 2^4 = 16. 4294968273 * 16 = + // 68719492368. Thus, the adjusted field representation of 'c' is: + // n[0] = 977 * 16 = 15632 + // n[1] = 64 * 16 = 1024 + // That is to say (2^26 * 1024) + 15632 = 68719492368 + // + // To reduce the final term, t19, the entire 'c' value is needed instead + // of only n[0] because there are no more terms left to handle n[1]. + // This means there might be some magnitude left in the upper bits that + // is handled below. + m = t0 + t10*15632 + t0 = m & fieldBaseMask + m = (m >> fieldBase) + t1 + t10*1024 + t11*15632 + t1 = m & fieldBaseMask + m = (m >> fieldBase) + t2 + t11*1024 + t12*15632 + t2 = m & fieldBaseMask + m = (m >> fieldBase) + t3 + t12*1024 + t13*15632 + t3 = m & fieldBaseMask + m = (m >> fieldBase) + t4 + t13*1024 + t14*15632 + t4 = m & fieldBaseMask + m = (m >> fieldBase) + t5 + t14*1024 + t15*15632 + t5 = m & fieldBaseMask + m = (m >> fieldBase) + t6 + t15*1024 + t16*15632 + t6 = m & fieldBaseMask + m = (m >> fieldBase) + t7 + t16*1024 + t17*15632 + t7 = m & fieldBaseMask + m = (m >> fieldBase) + t8 + t17*1024 + t18*15632 + t8 = m & fieldBaseMask + m = (m >> fieldBase) + t9 + t18*1024 + t19*68719492368 + t9 = m & fieldMSBMask + m = m >> fieldMSBBits + + // At this point, if the magnitude is greater than 0, the overall value + // is greater than the max possible 256-bit value. In particular, it is + // "how many times larger" than the max value it is. + // + // The algorithm presented in [HAC] section 14.3.4 repeats until the + // quotient is zero. However, due to the above, we already know at + // least how many times we would need to repeat as it's the value + // currently in m. Thus we can simply multiply the magnitude by the + // field representation of the prime and do a single iteration. Notice + // that nothing will be changed when the magnitude is zero, so we could + // skip this in that case, however always running regardless allows it + // to run in constant time. The final result will be in the range + // 0 <= result <= prime + (2^64 - c), so it is guaranteed to have a + // magnitude of 1, but it is denormalized. + n := t0 + m*977 + f.n[0] = uint32(n & fieldBaseMask) + n = (n >> fieldBase) + t1 + m*64 + f.n[1] = uint32(n & fieldBaseMask) + f.n[2] = uint32((n >> fieldBase) + t2) + f.n[3] = uint32(t3) + f.n[4] = uint32(t4) + f.n[5] = uint32(t5) + f.n[6] = uint32(t6) + f.n[7] = uint32(t7) + f.n[8] = uint32(t8) + f.n[9] = uint32(t9) + + return f +} + +// Inverse finds the modular multiplicative inverse of the field value. The +// existing field value is modified. +// +// The field value is returned to support chaining. This enables syntax like: +// f.Inverse().Mul(f2) so that f = f^-1 * f2. +func (f *fieldVal) Inverse() *fieldVal { + // Fermat's little theorem states that for a nonzero number a and prime + // prime p, a^(p-1) = 1 (mod p). Since the multipliciative inverse is + // a*b = 1 (mod p), it follows that b = a*a^(p-2) = a^(p-1) = 1 (mod p). + // Thus, a^(p-2) is the multiplicative inverse. + // + // In order to efficiently compute a^(p-2), p-2 needs to be split into + // a sequence of squares and multipications that minimizes the number of + // multiplications needed (since they are more costly than squarings). + // Intermediate results are saved and reused as well. + // + // The secp256k1 prime - 2 is 2^256 - 4294968275. + // + // This has a cost of 258 field squarings and 33 field multiplications. + var a2, a3, a4, a10, a11, a21, a42, a45, a63, a1019, a1023 fieldVal + a2.SquareVal(f) + a3.Mul2(&a2, f) + a4.SquareVal(&a2) + a10.SquareVal(&a4).Mul(&a2) + a11.Mul2(&a10, f) + a21.Mul2(&a10, &a11) + a42.SquareVal(&a21) + a45.Mul2(&a42, &a3) + a63.Mul2(&a42, &a21) + a1019.SquareVal(&a63).Square().Square().Square().Mul(&a11) + a1023.Mul2(&a1019, &a4) + f.Set(&a63) // f = a^(2^6 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^11 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^16 - 1024) + f.Mul(&a1023) // f = a^(2^16 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^21 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^26 - 1024) + f.Mul(&a1023) // f = a^(2^26 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^31 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^36 - 1024) + f.Mul(&a1023) // f = a^(2^36 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^41 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^46 - 1024) + f.Mul(&a1023) // f = a^(2^46 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^51 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^56 - 1024) + f.Mul(&a1023) // f = a^(2^56 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^61 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^66 - 1024) + f.Mul(&a1023) // f = a^(2^66 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^71 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^76 - 1024) + f.Mul(&a1023) // f = a^(2^76 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^81 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^86 - 1024) + f.Mul(&a1023) // f = a^(2^86 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^91 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^96 - 1024) + f.Mul(&a1023) // f = a^(2^96 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^101 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^106 - 1024) + f.Mul(&a1023) // f = a^(2^106 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^111 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^116 - 1024) + f.Mul(&a1023) // f = a^(2^116 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^121 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^126 - 1024) + f.Mul(&a1023) // f = a^(2^126 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^131 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^136 - 1024) + f.Mul(&a1023) // f = a^(2^136 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^141 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^146 - 1024) + f.Mul(&a1023) // f = a^(2^146 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^151 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^156 - 1024) + f.Mul(&a1023) // f = a^(2^156 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^161 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^166 - 1024) + f.Mul(&a1023) // f = a^(2^166 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^171 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^176 - 1024) + f.Mul(&a1023) // f = a^(2^176 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^181 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^186 - 1024) + f.Mul(&a1023) // f = a^(2^186 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^191 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^196 - 1024) + f.Mul(&a1023) // f = a^(2^196 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^201 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^206 - 1024) + f.Mul(&a1023) // f = a^(2^206 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^211 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^216 - 1024) + f.Mul(&a1023) // f = a^(2^216 - 1) + f.Square().Square().Square().Square().Square() // f = a^(2^221 - 32) + f.Square().Square().Square().Square().Square() // f = a^(2^226 - 1024) + f.Mul(&a1019) // f = a^(2^226 - 5) + f.Square().Square().Square().Square().Square() // f = a^(2^231 - 160) + f.Square().Square().Square().Square().Square() // f = a^(2^236 - 5120) + f.Mul(&a1023) // f = a^(2^236 - 4097) + f.Square().Square().Square().Square().Square() // f = a^(2^241 - 131104) + f.Square().Square().Square().Square().Square() // f = a^(2^246 - 4195328) + f.Mul(&a1023) // f = a^(2^246 - 4194305) + f.Square().Square().Square().Square().Square() // f = a^(2^251 - 134217760) + f.Square().Square().Square().Square().Square() // f = a^(2^256 - 4294968320) + return f.Mul(&a45) // f = a^(2^256 - 4294968275) = a^(p-2) +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/genprecomps.go b/vendor/github.com/btcsuite/btcd/btcec/genprecomps.go new file mode 100644 index 0000000..d4a9c1b --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/genprecomps.go @@ -0,0 +1,63 @@ +// Copyright 2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +// This file is ignored during the regular build due to the following build tag. +// It is called by go generate and used to automatically generate pre-computed +// tables used to accelerate operations. +// +build ignore + +package main + +import ( + "bytes" + "compress/zlib" + "encoding/base64" + "fmt" + "log" + "os" + + "github.com/btcsuite/btcd/btcec" +) + +func main() { + fi, err := os.Create("secp256k1.go") + if err != nil { + log.Fatal(err) + } + defer fi.Close() + + // Compress the serialized byte points. + serialized := btcec.S256().SerializedBytePoints() + var compressed bytes.Buffer + w := zlib.NewWriter(&compressed) + if _, err := w.Write(serialized); err != nil { + fmt.Println(err) + os.Exit(1) + } + w.Close() + + // Encode the compressed byte points with base64. + encoded := make([]byte, base64.StdEncoding.EncodedLen(compressed.Len())) + base64.StdEncoding.Encode(encoded, compressed.Bytes()) + + fmt.Fprintln(fi, "// Copyright (c) 2015 The btcsuite developers") + fmt.Fprintln(fi, "// Use of this source code is governed by an ISC") + fmt.Fprintln(fi, "// license that can be found in the LICENSE file.") + fmt.Fprintln(fi) + fmt.Fprintln(fi, "package btcec") + fmt.Fprintln(fi) + fmt.Fprintln(fi, "// Auto-generated file (see genprecomps.go)") + fmt.Fprintln(fi, "// DO NOT EDIT") + fmt.Fprintln(fi) + fmt.Fprintf(fi, "var secp256k1BytePoints = %q\n", string(encoded)) + + a1, b1, a2, b2 := btcec.S256().EndomorphismVectors() + fmt.Println("The following values are the computed linearly " + + "independent vectors needed to make use of the secp256k1 " + + "endomorphism:") + fmt.Printf("a1: %x\n", a1) + fmt.Printf("b1: %x\n", b1) + fmt.Printf("a2: %x\n", a2) + fmt.Printf("b2: %x\n", b2) +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/gensecp256k1.go b/vendor/github.com/btcsuite/btcd/btcec/gensecp256k1.go new file mode 100644 index 0000000..1928702 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/gensecp256k1.go @@ -0,0 +1,203 @@ +// Copyright (c) 2014-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +// This file is ignored during the regular build due to the following build tag. +// This build tag is set during go generate. +// +build gensecp256k1 + +package btcec + +// References: +// [GECC]: Guide to Elliptic Curve Cryptography (Hankerson, Menezes, Vanstone) + +import ( + "encoding/binary" + "math/big" +) + +// secp256k1BytePoints are dummy points used so the code which generates the +// real values can compile. +var secp256k1BytePoints = "" + +// getDoublingPoints returns all the possible G^(2^i) for i in +// 0..n-1 where n is the curve's bit size (256 in the case of secp256k1) +// the coordinates are recorded as Jacobian coordinates. +func (curve *KoblitzCurve) getDoublingPoints() [][3]fieldVal { + doublingPoints := make([][3]fieldVal, curve.BitSize) + + // initialize px, py, pz to the Jacobian coordinates for the base point + px, py := curve.bigAffineToField(curve.Gx, curve.Gy) + pz := new(fieldVal).SetInt(1) + for i := 0; i < curve.BitSize; i++ { + doublingPoints[i] = [3]fieldVal{*px, *py, *pz} + // P = 2*P + curve.doubleJacobian(px, py, pz, px, py, pz) + } + return doublingPoints +} + +// SerializedBytePoints returns a serialized byte slice which contains all of +// the possible points per 8-bit window. This is used to when generating +// secp256k1.go. +func (curve *KoblitzCurve) SerializedBytePoints() []byte { + doublingPoints := curve.getDoublingPoints() + + // Segregate the bits into byte-sized windows + serialized := make([]byte, curve.byteSize*256*3*10*4) + offset := 0 + for byteNum := 0; byteNum < curve.byteSize; byteNum++ { + // Grab the 8 bits that make up this byte from doublingPoints. + startingBit := 8 * (curve.byteSize - byteNum - 1) + computingPoints := doublingPoints[startingBit : startingBit+8] + + // Compute all points in this window and serialize them. + for i := 0; i < 256; i++ { + px, py, pz := new(fieldVal), new(fieldVal), new(fieldVal) + for j := 0; j < 8; j++ { + if i>>uint(j)&1 == 1 { + curve.addJacobian(px, py, pz, &computingPoints[j][0], + &computingPoints[j][1], &computingPoints[j][2], px, py, pz) + } + } + for i := 0; i < 10; i++ { + binary.LittleEndian.PutUint32(serialized[offset:], px.n[i]) + offset += 4 + } + for i := 0; i < 10; i++ { + binary.LittleEndian.PutUint32(serialized[offset:], py.n[i]) + offset += 4 + } + for i := 0; i < 10; i++ { + binary.LittleEndian.PutUint32(serialized[offset:], pz.n[i]) + offset += 4 + } + } + } + + return serialized +} + +// sqrt returns the square root of the provided big integer using Newton's +// method. It's only compiled and used during generation of pre-computed +// values, so speed is not a huge concern. +func sqrt(n *big.Int) *big.Int { + // Initial guess = 2^(log_2(n)/2) + guess := big.NewInt(2) + guess.Exp(guess, big.NewInt(int64(n.BitLen()/2)), nil) + + // Now refine using Newton's method. + big2 := big.NewInt(2) + prevGuess := big.NewInt(0) + for { + prevGuess.Set(guess) + guess.Add(guess, new(big.Int).Div(n, guess)) + guess.Div(guess, big2) + if guess.Cmp(prevGuess) == 0 { + break + } + } + return guess +} + +// EndomorphismVectors runs the first 3 steps of algorithm 3.74 from [GECC] to +// generate the linearly independent vectors needed to generate a balanced +// length-two representation of a multiplier such that k = k1 + k2λ (mod N) and +// returns them. Since the values will always be the same given the fact that N +// and λ are fixed, the final results can be accelerated by storing the +// precomputed values with the curve. +func (curve *KoblitzCurve) EndomorphismVectors() (a1, b1, a2, b2 *big.Int) { + bigMinus1 := big.NewInt(-1) + + // This section uses an extended Euclidean algorithm to generate a + // sequence of equations: + // s[i] * N + t[i] * λ = r[i] + + nSqrt := sqrt(curve.N) + u, v := new(big.Int).Set(curve.N), new(big.Int).Set(curve.lambda) + x1, y1 := big.NewInt(1), big.NewInt(0) + x2, y2 := big.NewInt(0), big.NewInt(1) + q, r := new(big.Int), new(big.Int) + qu, qx1, qy1 := new(big.Int), new(big.Int), new(big.Int) + s, t := new(big.Int), new(big.Int) + ri, ti := new(big.Int), new(big.Int) + a1, b1, a2, b2 = new(big.Int), new(big.Int), new(big.Int), new(big.Int) + found, oneMore := false, false + for u.Sign() != 0 { + // q = v/u + q.Div(v, u) + + // r = v - q*u + qu.Mul(q, u) + r.Sub(v, qu) + + // s = x2 - q*x1 + qx1.Mul(q, x1) + s.Sub(x2, qx1) + + // t = y2 - q*y1 + qy1.Mul(q, y1) + t.Sub(y2, qy1) + + // v = u, u = r, x2 = x1, x1 = s, y2 = y1, y1 = t + v.Set(u) + u.Set(r) + x2.Set(x1) + x1.Set(s) + y2.Set(y1) + y1.Set(t) + + // As soon as the remainder is less than the sqrt of n, the + // values of a1 and b1 are known. + if !found && r.Cmp(nSqrt) < 0 { + // When this condition executes ri and ti represent the + // r[i] and t[i] values such that i is the greatest + // index for which r >= sqrt(n). Meanwhile, the current + // r and t values are r[i+1] and t[i+1], respectively. + + // a1 = r[i+1], b1 = -t[i+1] + a1.Set(r) + b1.Mul(t, bigMinus1) + found = true + oneMore = true + + // Skip to the next iteration so ri and ti are not + // modified. + continue + + } else if oneMore { + // When this condition executes ri and ti still + // represent the r[i] and t[i] values while the current + // r and t are r[i+2] and t[i+2], respectively. + + // sum1 = r[i]^2 + t[i]^2 + rSquared := new(big.Int).Mul(ri, ri) + tSquared := new(big.Int).Mul(ti, ti) + sum1 := new(big.Int).Add(rSquared, tSquared) + + // sum2 = r[i+2]^2 + t[i+2]^2 + r2Squared := new(big.Int).Mul(r, r) + t2Squared := new(big.Int).Mul(t, t) + sum2 := new(big.Int).Add(r2Squared, t2Squared) + + // if (r[i]^2 + t[i]^2) <= (r[i+2]^2 + t[i+2]^2) + if sum1.Cmp(sum2) <= 0 { + // a2 = r[i], b2 = -t[i] + a2.Set(ri) + b2.Mul(ti, bigMinus1) + } else { + // a2 = r[i+2], b2 = -t[i+2] + a2.Set(r) + b2.Mul(t, bigMinus1) + } + + // All done. + break + } + + ri.Set(r) + ti.Set(t) + } + + return a1, b1, a2, b2 +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/precompute.go b/vendor/github.com/btcsuite/btcd/btcec/precompute.go new file mode 100644 index 0000000..034cd55 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/precompute.go @@ -0,0 +1,67 @@ +// Copyright 2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +import ( + "compress/zlib" + "encoding/base64" + "encoding/binary" + "io/ioutil" + "strings" +) + +//go:generate go run -tags gensecp256k1 genprecomps.go + +// loadS256BytePoints decompresses and deserializes the pre-computed byte points +// used to accelerate scalar base multiplication for the secp256k1 curve. This +// approach is used since it allows the compile to use significantly less ram +// and be performed much faster than it is with hard-coding the final in-memory +// data structure. At the same time, it is quite fast to generate the in-memory +// data structure at init time with this approach versus computing the table. +func loadS256BytePoints() error { + // There will be no byte points to load when generating them. + bp := secp256k1BytePoints + if len(bp) == 0 { + return nil + } + + // Decompress the pre-computed table used to accelerate scalar base + // multiplication. + decoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(bp)) + r, err := zlib.NewReader(decoder) + if err != nil { + return err + } + serialized, err := ioutil.ReadAll(r) + if err != nil { + return err + } + + // Deserialize the precomputed byte points and set the curve to them. + offset := 0 + var bytePoints [32][256][3]fieldVal + for byteNum := 0; byteNum < 32; byteNum++ { + // All points in this window. + for i := 0; i < 256; i++ { + px := &bytePoints[byteNum][i][0] + py := &bytePoints[byteNum][i][1] + pz := &bytePoints[byteNum][i][2] + for i := 0; i < 10; i++ { + px.n[i] = binary.LittleEndian.Uint32(serialized[offset:]) + offset += 4 + } + for i := 0; i < 10; i++ { + py.n[i] = binary.LittleEndian.Uint32(serialized[offset:]) + offset += 4 + } + for i := 0; i < 10; i++ { + pz.n[i] = binary.LittleEndian.Uint32(serialized[offset:]) + offset += 4 + } + } + } + secp256k1.bytePoints = &bytePoints + return nil +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/privkey.go b/vendor/github.com/btcsuite/btcd/btcec/privkey.go new file mode 100644 index 0000000..676a8c3 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/privkey.go @@ -0,0 +1,73 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "math/big" +) + +// PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing +// things with the the private key without having to directly import the ecdsa +// package. +type PrivateKey ecdsa.PrivateKey + +// PrivKeyFromBytes returns a private and public key for `curve' based on the +// private key passed as an argument as a byte slice. +func PrivKeyFromBytes(curve elliptic.Curve, pk []byte) (*PrivateKey, + *PublicKey) { + x, y := curve.ScalarBaseMult(pk) + + priv := &ecdsa.PrivateKey{ + PublicKey: ecdsa.PublicKey{ + Curve: curve, + X: x, + Y: y, + }, + D: new(big.Int).SetBytes(pk), + } + + return (*PrivateKey)(priv), (*PublicKey)(&priv.PublicKey) +} + +// NewPrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey +// instead of the normal ecdsa.PrivateKey. +func NewPrivateKey(curve elliptic.Curve) (*PrivateKey, error) { + key, err := ecdsa.GenerateKey(curve, rand.Reader) + if err != nil { + return nil, err + } + return (*PrivateKey)(key), nil +} + +// PubKey returns the PublicKey corresponding to this private key. +func (p *PrivateKey) PubKey() *PublicKey { + return (*PublicKey)(&p.PublicKey) +} + +// ToECDSA returns the private key as a *ecdsa.PrivateKey. +func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey { + return (*ecdsa.PrivateKey)(p) +} + +// Sign generates an ECDSA signature for the provided hash (which should be the result +// of hashing a larger message) using the private key. Produced signature +// is deterministic (same message and same key yield the same signature) and canonical +// in accordance with RFC6979 and BIP0062. +func (p *PrivateKey) Sign(hash []byte) (*Signature, error) { + return signRFC6979(p, hash) +} + +// PrivKeyBytesLen defines the length in bytes of a serialized private key. +const PrivKeyBytesLen = 32 + +// Serialize returns the private key number d as a big-endian binary-encoded +// number, padded to a length of 32 bytes. +func (p *PrivateKey) Serialize() []byte { + b := make([]byte, 0, PrivKeyBytesLen) + return paddedAppend(PrivKeyBytesLen, b, p.ToECDSA().D.Bytes()) +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/pubkey.go b/vendor/github.com/btcsuite/btcd/btcec/pubkey.go new file mode 100644 index 0000000..cf49807 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/pubkey.go @@ -0,0 +1,192 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +import ( + "crypto/ecdsa" + "errors" + "fmt" + "math/big" +) + +// These constants define the lengths of serialized public keys. +const ( + PubKeyBytesLenCompressed = 33 + PubKeyBytesLenUncompressed = 65 + PubKeyBytesLenHybrid = 65 +) + +func isOdd(a *big.Int) bool { + return a.Bit(0) == 1 +} + +// decompressPoint decompresses a point on the given curve given the X point and +// the solution to use. +func decompressPoint(curve *KoblitzCurve, x *big.Int, ybit bool) (*big.Int, error) { + // TODO: This will probably only work for secp256k1 due to + // optimizations. + + // Y = +-sqrt(x^3 + B) + x3 := new(big.Int).Mul(x, x) + x3.Mul(x3, x) + x3.Add(x3, curve.Params().B) + x3.Mod(x3, curve.Params().P) + + // Now calculate sqrt mod p of x^3 + B + // This code used to do a full sqrt based on tonelli/shanks, + // but this was replaced by the algorithms referenced in + // https://bitcointalk.org/index.php?topic=162805.msg1712294#msg1712294 + y := new(big.Int).Exp(x3, curve.QPlus1Div4(), curve.Params().P) + + if ybit != isOdd(y) { + y.Sub(curve.Params().P, y) + } + + // Check that y is a square root of x^3 + B. + y2 := new(big.Int).Mul(y, y) + y2.Mod(y2, curve.Params().P) + if y2.Cmp(x3) != 0 { + return nil, fmt.Errorf("invalid square root") + } + + // Verify that y-coord has expected parity. + if ybit != isOdd(y) { + return nil, fmt.Errorf("ybit doesn't match oddness") + } + + return y, nil +} + +const ( + pubkeyCompressed byte = 0x2 // y_bit + x coord + pubkeyUncompressed byte = 0x4 // x coord + y coord + pubkeyHybrid byte = 0x6 // y_bit + x coord + y coord +) + +// IsCompressedPubKey returns true the the passed serialized public key has +// been encoded in compressed format, and false otherwise. +func IsCompressedPubKey(pubKey []byte) bool { + // The public key is only compressed if it is the correct length and + // the format (first byte) is one of the compressed pubkey values. + return len(pubKey) == PubKeyBytesLenCompressed && + (pubKey[0]&^byte(0x1) == pubkeyCompressed) +} + +// ParsePubKey parses a public key for a koblitz curve from a bytestring into a +// ecdsa.Publickey, verifying that it is valid. It supports compressed, +// uncompressed and hybrid signature formats. +func ParsePubKey(pubKeyStr []byte, curve *KoblitzCurve) (key *PublicKey, err error) { + pubkey := PublicKey{} + pubkey.Curve = curve + + if len(pubKeyStr) == 0 { + return nil, errors.New("pubkey string is empty") + } + + format := pubKeyStr[0] + ybit := (format & 0x1) == 0x1 + format &= ^byte(0x1) + + switch len(pubKeyStr) { + case PubKeyBytesLenUncompressed: + if format != pubkeyUncompressed && format != pubkeyHybrid { + return nil, fmt.Errorf("invalid magic in pubkey str: "+ + "%d", pubKeyStr[0]) + } + + pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33]) + pubkey.Y = new(big.Int).SetBytes(pubKeyStr[33:]) + // hybrid keys have extra information, make use of it. + if format == pubkeyHybrid && ybit != isOdd(pubkey.Y) { + return nil, fmt.Errorf("ybit doesn't match oddness") + } + case PubKeyBytesLenCompressed: + // format is 0x2 | solution, + // solution determines which solution of the curve we use. + /// y^2 = x^3 + Curve.B + if format != pubkeyCompressed { + return nil, fmt.Errorf("invalid magic in compressed "+ + "pubkey string: %d", pubKeyStr[0]) + } + pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33]) + pubkey.Y, err = decompressPoint(curve, pubkey.X, ybit) + if err != nil { + return nil, err + } + default: // wrong! + return nil, fmt.Errorf("invalid pub key length %d", + len(pubKeyStr)) + } + + if pubkey.X.Cmp(pubkey.Curve.Params().P) >= 0 { + return nil, fmt.Errorf("pubkey X parameter is >= to P") + } + if pubkey.Y.Cmp(pubkey.Curve.Params().P) >= 0 { + return nil, fmt.Errorf("pubkey Y parameter is >= to P") + } + if !pubkey.Curve.IsOnCurve(pubkey.X, pubkey.Y) { + return nil, fmt.Errorf("pubkey isn't on secp256k1 curve") + } + return &pubkey, nil +} + +// PublicKey is an ecdsa.PublicKey with additional functions to +// serialize in uncompressed, compressed, and hybrid formats. +type PublicKey ecdsa.PublicKey + +// ToECDSA returns the public key as a *ecdsa.PublicKey. +func (p *PublicKey) ToECDSA() *ecdsa.PublicKey { + return (*ecdsa.PublicKey)(p) +} + +// SerializeUncompressed serializes a public key in a 65-byte uncompressed +// format. +func (p *PublicKey) SerializeUncompressed() []byte { + b := make([]byte, 0, PubKeyBytesLenUncompressed) + b = append(b, pubkeyUncompressed) + b = paddedAppend(32, b, p.X.Bytes()) + return paddedAppend(32, b, p.Y.Bytes()) +} + +// SerializeCompressed serializes a public key in a 33-byte compressed format. +func (p *PublicKey) SerializeCompressed() []byte { + b := make([]byte, 0, PubKeyBytesLenCompressed) + format := pubkeyCompressed + if isOdd(p.Y) { + format |= 0x1 + } + b = append(b, format) + return paddedAppend(32, b, p.X.Bytes()) +} + +// SerializeHybrid serializes a public key in a 65-byte hybrid format. +func (p *PublicKey) SerializeHybrid() []byte { + b := make([]byte, 0, PubKeyBytesLenHybrid) + format := pubkeyHybrid + if isOdd(p.Y) { + format |= 0x1 + } + b = append(b, format) + b = paddedAppend(32, b, p.X.Bytes()) + return paddedAppend(32, b, p.Y.Bytes()) +} + +// IsEqual compares this PublicKey instance to the one passed, returning true if +// both PublicKeys are equivalent. A PublicKey is equivalent to another, if they +// both have the same X and Y coordinate. +func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool { + return p.X.Cmp(otherPubKey.X) == 0 && + p.Y.Cmp(otherPubKey.Y) == 0 +} + +// paddedAppend appends the src byte slice to dst, returning the new slice. +// If the length of the source is smaller than the passed size, leading zero +// bytes are appended to the dst slice before appending src. +func paddedAppend(size uint, dst, src []byte) []byte { + for i := 0; i < int(size)-len(src); i++ { + dst = append(dst, 0) + } + return append(dst, src...) +} diff --git a/vendor/github.com/btcsuite/btcd/btcec/secp256k1.go b/vendor/github.com/btcsuite/btcd/btcec/secp256k1.go new file mode 100644 index 0000000..1b1b817 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/secp256k1.go @@ -0,0 +1,10 @@ +// Copyright (c) 2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +// Auto-generated file (see genprecomps.go) +// DO NOT EDIT + +var secp256k1BytePoints = "eJzEwAcjEAwaAOB32NnJzAxRUfYKRUNRymwKDZ/RIEQKTUWUlXbSpkkSyUgpo1SStNNQSEmkhPsZ98D/SV22JPy+0UETkw1YojoYD9z+SKNZij7p55CAQSeXdadRTqgC2CUE4/4QMzCa1MPez4VgcbgEdWYBBqlcxEclw4Qnx3D4YXFIHHwBY3s6Kep9LjjkJtCAQxK99f1FYmv7IKKnCwInyZJsy3hQ/3aajTTfQHZyNP16nUEDiiNoTCeBoEUpL9tlDQe1RLhQWRhMFNbjW2M/1NYYAsmlA5yjbkVzaswhtXcTt6pep+8Vxaj0TgKexLVx/LI8eHJYkwLfiPCJj3+5MeEC+V+ZiIMG5YDZU/h1yVi4eO00n+87BKYLX9O4rtVUvGARjHJ0Bb87J0C5sQqNMjMw+74ihM2Nhllpr2Hv9Gg2+Hyeb22aSyd/vET7nAU0eaYzwYKTdDFEEooERuHQ5cXwveEsNIrmk7ybGcpqVPLOkbuo7aczJGqL0INOdXjyehIe8b4L/9z34YKt17DS9hFvfDwPZgodwoxzmrgn7hC7eyvBE5PNkB+9mFZ/jOLc5+Ls9aMIZ0iMxbUmN8lpRgauUrcm1WQrMHf4hwUZDRTyIIl96mLYqHU/uR+Xg/if9Wjk24zFY3th+JsE+Mh20X+Tu+BY83ma+lwJpFfeQvM3z/i5vDzdbjtAy8cuh/45EmAWKAHmrRdgVX8FiJdc4m2ueSCdZMmjR0pAopANzSwUxkfFgjArrxnimwop0iifJNCWogZzWC5xJTp2HqSFQhvRTK0YX7sqQaG8AJlHD/JP/11YuSiMQD+TDyUU0eSv7ZBxexV8/vIbbUZpwL/N3vTNeje1d+qgWIYTbtg/wAZakrh+4Q1wd3gHiVMuQsUOJbCIGAs5xxneaNtT4I5rVDd/MxbYPOWgZ8X49Nhb0tzcQo8XmoCK5EmuCzhJKdOOsuicbbBYoIyeTVkPHkOO5GAyBrqfA2ttVIG9JSJwNySG0VmH1b/lwR6T5zi+e4C2yP3D4CuVnMU7SFRWG7Jlt8LHLyP52lAl67YGY9Kkm7x7qjA7+IRSbsAHPG3yG29JKYKg0nV06TrDHdgGXoc2kkt6I6nIfOYVt5dBz1A7hudGYlT9aAibu4dV49PowbAlBu4c5qzFY8G75R21l87nD7W/2LwyC+9+MgGPjSas63IMDp7LoZ4zGVh7YQHrvR6CqykXeM5TYficN4qK1wuAbG0TX/g9hfrX93Km6x3w3uiGIQ0HOeKTHxjcSoO01x/J2EcQ5ig4wvPWFNyaZwSbZyaBS3gzmT0tZ9z+Ab66nIKJ18r5YIYR+KRpQ7uTM2h/nYg6pa9hd9sZnO4wB2+HToH33U/w0LIMGN0jA+IzNnDwLwsqOtLF6h+HYNdDS+5+EwHNSxRI+sx2GL9rGpzZqATbfn3CBI87+GrACz9eK+VPh1/yrYSZvG5GC5i4/WOze2KQb6cCcr9buVSxjsrdllJpTDD8gga+fq4MtNxL6feFFn5oL8VXZezBcJkzjf+gzIV/b6K57w7Sk/em4tYo9D4xDNld83DJ0wsgp2kAIn9cufDXfFSQs6TddRHQmcfgQ1ZsmOGPsjrb8cqzdZwooAL/0iNAuSCLSm9eovG+BWxVlwWXh1Ip+sk3tD+2gr7fXk9PCpXA7OwKGHLJwWUTK/h2+HVuyrkE+aKNWL1REa+OO4/99sVoPVcQUs39qEgqBEytM+H8vlcwbs5HbOo6gBtiK3BNFqDUVj/4OUkP9l7bREYLfsG3s1vBVFiP7if18e/YT6C72Rhm3lkDe/PbIeWzEUz2CsG8qH/86Kczbwi4wMfGToSddaPhYYwfKGo2k27qTe4wHAEFWbt43yoPnHJiNuRPeM47Jn8G65WdcHFNEVQHVZLDClcsuSUAG79tpgXNSrTh3AwsCKrhN29m87ap9Ziz/w39do5ARe/jsJ6F4IlpLTcZuZCW0nVSeTgGBcbGw6akJ1y3bREFf9VB1S2zaeOcsbB69gxQUH7Nl4as4d/7o8iO2yhz/DBIikXTK/GN8Co/nEp3C8Gqwp98iWMg6MxJ3L7FhB9pzOINWufg4YoTaOP5FT4IOGLpyVFg5NRFC88NwoO+HvK6oc9dUtHgfqeYprWLgKigC0XPTub4X5qgousD4tWutGayC7b2nMQPk/agu+x1Wqw5gYU9TFn8hCt2LFeH/379hSGzJl4rFAFyzu08c5kmZ60qYrEUExDpPY9D1xyRnMZDfX8vGq8spN5j3nDhyGxYH9aGU+EI+GQcBrWEI7y0qh4GsqShI1ccOns6cOPZQZbXfYbmJ4Zo8o5qXjnPESrvGNH8qgHI2jwKVn8uxxFzgZqGrWj9gfd8R1GNQt2tMGh1JgY9f47T99yDmhQLOCPtzPvudfPCC6FcrefGWnEGuLbqO0+cZkdNL3v43hlnvqmiD49uB2CLfj+IdTrwK8FEwptekP5kO6ovZRKUGgMlZY788/JIMFKzY5Wi52S6qhUHnziQs1wMm/wQwvvBP8H42X0uCnzNprmGsOmIDCVsn4zrnrdA49LTGP/BnR/Oq2Ohjjtc2LkVUh6lQ9hkDfCLXQgs5Yj+5iP4wNypSDIyfP3maD5YN0ASptp8wugwhr9VgKZr4+HDiDfg2pWMGb0PwGJ9KR1KroWYGV/wgV4ap+w3xiOhEiCUqc7l9jXw2T+Vsss1yV/lHqWPuwRFpQfg+BFbPF82gxsVJ8MBvIGx4S9wQs5BtBs7FyvvycLdUX14a6oWmA134Qj5/SD0wxBUs9PgReQknilbTH1pB0A8fT5OeRlKH8yioVtLnnsvCOG1JwSpFQEseWovL5IKhLB4XZzeac4zf8qR5rc6eOHczu3khX6bCHSermS9w/V4WtyV9gXcw9wZV9FGc4CSTtnyvp4x3HF0PB+sGQX/9G6CXIQmDFw4QDq7hSBt7FmQ3/mA45NP0xm5YooddQWXeaqBl/cbeCR1gvf0feVWdUmKNtJCpdRIeNAlTBulp9GCeGlOHaUKhxe2E1YIweJ9ndCW9ZwVW75ziJII7x66wMlV4Rw35ABkYACjre+wTMgTaiYjkDwyD9ZavOYgbwOwc7jMJ2yq+PnWLWzqKg2HFGtxzN8aTtzrxjPWDOAuZSfQmf8c6qwO89jIYzwY0oi5umNhkdRabls2yCdLvWmjtBjUfKwm523m+DDRBbo6a+CLyknIVjaGixkzacchQfp8i3DE76VUEvCOmuJewjWhfZhUfh+/HGtDG9CCMar6TIG/aN5xByz7eB1uunVxb1oKXpbrI/trfVBzbBro71cGiVpHdHHOg9muu+isSB4831pO045H4O3gTlQYskS5r56wX1QcDqz9hA8vrqST42djdeFxXm1YDM+fmcLLxc1o+uw5bEtNQkdpCxCSjcR3uR/wyhxnsJqymIqMP9G70+co+sJT9PqRBtXb/tG8j2YwcLIb6i9fYhnFozjVai34HJmFk12NQKhmNK3XFELZxnykRBWYy5YcM7qGuFadMtKv0ubXHWBiHwWV50rRQXoq/AxdyIbCelDxeT4+tAiGVypb4cQqNfIcCsCitACucijmHTvW06Qae74sJQvzxQw5pcGeT8o2wyxhfYoxCuSLbeYoOOcL2sMk5Jdj8NIUXRAv1IK25UY8VHkOp9kUUn3ACWh/Nxbvve0m75hFIBWxicYPTIS+hlH4TOUwi+dfgps346go2ZQN5t4GrSFnnPCjBTX+0yG/bAFIdNJBv6XStGtxNvpcLKb+2CJ63G0Km1V2Q9P7jbyhypOH4zRg7YwsWDH/CUnfm0a57j1skPUHNxmdZ6Vvj8jxozU+mLmIKEgPrmdPxUl3NTHzzkIQNv5EL/ofcuRZUch3zYL9qzZCx/XvpBegDjM0HtDuAnneoaAIW5/08uFRsnhjyTuQ+2OABcb2sCDKEu/tMwLP9H/QM2ItCMW44r/5M3HOB3v+3WMNi72k8ZTxTrD+Vory80bBzpv25Jz8mXO9rMkrfx9//jWNurZI8T35PLodW4GGg+fgUKIEPA4aD80iIzlavwjCktZg0v5eesIStHFjBtTjdnq/vw+GUjThlWovvtyryLJb1Ehsyj284H6FzixNYnmpIJhx+Asv0XMljUXy4L3DALy0Z5KG92e+ePAJ/St7RHdHrqcEhyL6EZ/NqT9HclOgJNza2Yd9YlV4NXIKfPeNR78dB+GKSSk+fH4X9637jZIb/kF2zmQYP8kY3BSLmMcVgtfwWXzmn8+7LQ0gYHkoSjcrQanPKlolrQwFJIojhaMgcPxVDHe0Q9uj1nyxtodKttWi3p1e2iEXyIVWk8E7T4F9G5ZR7e9OapA3pNrTxyjqzlc4tukw5LlroPm7N9wyj+DR3VR6IrKRphTX4UcbKbRvzcX5759T0CMP0DvdAOpiR3CckjFIRr2j+urbrJs6hS6m/cL3Yy5hh14lrneYzcELnVHnlRyNNJKAFn0nEJXIhQ8ab+hMpgV5FE1Eiews+r03iBJy9rFGshvsnyoCf149Q80Zw7SrPp8WJlXBgYPnQHjiGrrjoMEV0oWkvdcYNy1SB7UnzuDWOMTlPelQ+GkJXJ2hwOPsovCPrS6unl/LKtU7wDBrEuiET+R65dvAEqU04OKD5UaL+e+qOZzTvBOnna7gL7+SuDzGFFaL5YPCtO98RmEY6qf2Qu3dThhrvQa+XbGFrsRNMCQuBQNnteHa0XPgab4f45KXkNNYBZZeXQvHFxmQT7wBPhE7RrXTH9H1lFGwyskWCmRqeWHAdd4sVUz/RtjxqC2n+aXWeojIuMdbR19nse168NimFU3PFuNi1MTtSja44tAuaku/wQuarKAz348tk9pgWpEi7LEsgSsh4zkz9Ao7RrfjbphIL1Kv08gl4bB8zj5+fa0JuvwNoGk7UJ/7R5yz/ywcWrEM1b5mU5jLMpouJMzRAe3YHrqFbi23hT2JQ3xphBU7b9Sl851VYN3/D8eItKPGSD8yTIsB6Wvt9LZeD7Ti0jDWL4ADwlfTjNQJFNvmD817mO70fYCLuQY4oHiCrK8IwpFdpnB5lDV1WpTCiOhC7v3PA1cdtgff/2JoNx/Eb3baEG03Cva4PuDHjYOgdXIT7+1JgENn6lhFwBU/HHgLWC2N55xCoK7DCuzPJ+Bax1oW2joWdpxQIsm/JfDIQpinhSXh67AZtPPkXEpYz3AwxA/EJ/RTzU6kQc9COOcQDHrHCojqPkHa9Me0buprKLlrDqOse2nT+xCWvatAiyNH0J+nJ2hnSxl2bHxKK64O0iqZdn440xhi1ZLhtqEdvEqZyoK7KpDLd+NfBw9UDE5iqV2FMGsgFOSEJ4JXehTtEu4lOQMh1liyGZfWAhY4TSdNhw5eJovsnPOGVDVFYbr1DQpcrwiTm8eh7b/b4P50EZnsE6S25das2BuNad+U0bpEFVblRSDAWLxyVhNnmLry2p3bqaTGmJbNOo8npafy1vtqOCdRBLQmNYPnuSn4qOwWmmgBa0lmYU/4ZZCSFcAdjQf5aB5zzGVFMBbIpH5XF4hZsIY1lk3nBMnjUCWzkiLmT4GFmkGoPlMdzpZpgrnqEkyYIskehf60UWcfB39KpzP6WrBwy0d07bPi+c828PWWUWDSu4ynhEhgo88Y2DpWnrMG7an9vjYemGlAY23rsPPsR9qrNQnUvfIgeJEhOtZr823rG7Bw0Bg9d6fz5FP9YBv0k7QHz+MpT3OQ3FXH4RZHMXFVC78xSILYHVW0LuYSD8oeo5ifjbzhYCDkxwnAt/P+fP5kFUhefEjSUhfoRMEhKM2dDDA5iyLFx9CGCdXYJ6AN6Se+wMXF5qRsMEQaK/6hz6OrULfelmJaHnFR6xDBf+u5sFkGivMtUfZcGBXZPMFNzUVQgXu43ns9LP/1DjN+BELv3R6qadeBJbIp5Nd3H4bbc2l3705oK+nG7dK/SGxpJCqFPMCfE6ogMxtg67xE+vOqEZ+vqePImyWstU4STp2y52tiL/jmjl1gGfsc924zh/saC7A6u4PSAiaQSl4jr9tvQEaoxyd8dejZMnf+nFwCGY3KcNM0iSo2a8AP/XCefi4Wo7dIsGVBAW0x7sNX1z+z3jgVdNYxgsGh31TRvg+X/2dMU0oLYd3f+/D21VbU1BAhLceL1P5DBgQdbeDPjnScpzUS6c1o5uQJMBdyqfpFFwqlZoGuuzvJhKRA7nsBkNH5TEZXDGjjwmvgZO8HlVJp5DJtIz+tOAy9dxroyOvHXH7LEAbSz2KH4xg+7nWczzqnQsl4IVAyAPAYo4OJv5/Sm7xQLGmTgvPndWmXSwl/rd9DVQbAk39Mh64AVVS9dIdCs5XpYcc6tG9UAinpNr65OR3WRP1j+TIxlCp/R53vK0h0WwNsdhnkNc+8WcTRDnqOTOXFDX8g9YIptejak0y3C/06HokCvmuxq1MZJQ98pe/ZRrBjqQcq7raHCHUviqxYwnWjbLkv7R++WP8eo1uaMTRwP0pIyEL9xOPgrb6Ifrz5y4oZx3CfqwCaCdZj+1Uv9nv6A3RnHKbN//ShpeYvZg1o4O2hXvawEiHb8f3Yb/0aqOwlJg8WQmWdBLzdYgBxSk85ulAX7w4GYEjxTDafGoVd7zLx3varELS9ik5XddMxG11wa9/NxmbaXHqkjL0uhrLamFH8aaUVdN2bi4eWn0dj24lQ3iAEuiplOEbjIYVHvAG7BSZEtzxxWl07r5nymsWWvaKyzm+gOk4PzmVbkes1La5TzMcEn0A42tZDuztPQ8rOGbgqrRHLTj+Ghy/lQK/iIJTcrsb3L1tZXOsGzFleB1dP3aUhnc88alCGdsQ+JQHV8RCb4AnKLwtAZNN5sttviEF972hOQjLaSmZwuGwPS/puQdvrxuBjpIViIb9xh/4viqux4ME58mBVbs03NhA/s3TktD8n+NFofUj6o0s/zgmRispiPOl5liJPGKNoz2z8MS6M1Eakw5TjodjaMxI0c7+T8ovTMHp3OMXtHQVrkh+A+O+TOGKMII5zWosVovPBTtAMjm88B5cOrUG3RITp2QcRqJKzMmMg4cx2Mp3swBkX6rHunCAUKIhS9KIIqp5UhaqkTZ0/kqj+kAF0uu/hfXsEufzoT9x7VQzmfPXBmfp9sDptDTTI/sBPq9+BwUcBLl+lT8m509msJxAuNevAkehWWu5Uxsei39OB4t/QNmsdBcF9iDmgQEIXbHi5yBwaLpKFD3SIV4ic59Zocy7UuMtflqfw6ylt+CtmiPY7IEt/vUUrvxJ0xyXDEcFBMh4lT2ceRPJje026fEyKVfsyueFZK5xVLKb5K1Qgr2sSOkdMROXUu7ypTZpsbW6QTqc6j2vaiSH+d8nVU4ZGaxmD8Ull8Io7BrMt9qDVolxYvHoBbDqew8villP/rJPYIaQEd0qEYbpZL8h8loAwBS/2/5yCPae30qK6ibBw5wFyi8uEmKMP4YqpCjTa/uWek+9oRsN22iJ8FfvbtXnBjBsgqRKGA2gPDTo32P+THbT23wfBrjg6WP+NfNcks/OucZioGoY1ZxwAQlToUXEduB0ThdQx12hFzisqlz+H6zx7sGS4iMxedGPuZFt0D8rGb/YiJKosD97+8RgbEcmBe2NxzAY1uH3OEIdS36Pajrd0QMYEOyvzKOakAbwrMMOo8F5o4ilwwHALSa05C5Vm1yBo71rmxedQKPgIrSlQh8Z76mzkqQC2kxsocclo3ny4mLwy16D9QDkK3OmnP0FZVK8pCQWXflBPaDwEdo/CQZ/ZtOi/zSQXupyjhlfDlru7aajKmZJvjoO021GwoaCB3947SQ7vZ5Lzj+3sf1KYF0qMorKgPxA0LpTDpBTBZb8ja9RYoG/HffbUK8DE7w3wzFWLrqbcheDqRhKVGaZVj4VA4/53EjqlRH+vmqGtUiX1q9vA46I+dFRBElgaB877R4LJSTloGtqHR6y1cKD7IiW6rsNNv3/Q/jgbfHEhlAS/leHs4WA43ToJmoyOgEHUC5w+Q4LuriiF9tofmPtagn4ts+eDd6PJ/89JSvQUBi/vaygQWcDzfTfQz5QJPOh2nKVWTYIZj5bj/NnHqWR/B/V6WQC8P4dNEmGwUjsXujclc6hCJkfRO9is2AYnWB6sFklxwFttiJ3rxjLKySzbWEJzFv9kYa1xRHOfUO+cPBQ5kg21oa74afJoeLdjJObgUgiQP8WtmR5sJzKTRgrV8I3trzEk/QgUZ8zCdyNF4dDVGM5a/xsWbFuKN7ZehKSXkynI5xgPO9TB99BGaP0XQct6zaCkbgfuPNNGBsPtcHr3CLCd/gVztgiB9pZIVh8hjNU9I+igyCjoh19kavETbqicZj+vOg5+lsNjdKPR5tcWNk39y+bi47guXhY8vlSyR00LfHeYyw9/5PCK206k6aIFpU+Xc6TkQir+dBgMdY3hj2YOeUZGUlLKOuy7tJQd0ifT15Br5JZSx1Z/BFGu/zn+jgD4u2QsClaFs+qIYnB1d8fJjT189FUo0/F8EI4YxJshlrh1kyjEa9ZgfNgXujMxlwwMh0DV4iYlpttTzswMtto+heJkQ/hLhBboP6iAUy810UDNg10Wi5DNukD4UC2GpRfkaL5EGoody4egXFlYYCSLEroTObCzA7+UPKWnJ13xy9B5Lqr1wrzQdWD4MZd7k4xg/K8fvLbuARfsaWe347Yg/KwQvofIgrf8cTbfo44Xtg1y8FplECmVIqdL4hS+4i/b6g/x7KtisG4J4lQvTzpw8ySdnaaGF34DVIn/w4Tgbqp6vo5m5baRwcg++L5iAs3f/gvb7dbz2Yse9PPyeNg3NAei6qai/I9qzrVU4559OyhyZDX/zh6BpWfNSb3hDm04YwjpC4O43rcM/P08YWtNG0+4oYul99uw91sVJvZrQ4ptHOkLq8AjtRzau+EsqodroI/FZHz6O4XGFs+mTv/bcFN9EKvL1TgyXRAmTtECepBAfpiGrc3ucPngSL7+nyca1v6FruCvZLaxEbRfASxUs4U0z9UwatoZMPEi6G8OgUE7Qb7xOZYKe7bTgyu3accNG5gQvgkXPNXGzz+O4eAXc0xXjqT4Td1wTu86diyYCSZpkvjMVQ5w6BBKmUdz/5ZafB11kU/M1UeXbWV0b9FVeKh8Cn2jBPm+rDQcMSzD171/WWiXACfeYjBXHWad7WN46Mse9vGqRXVjVdgwXhYMStQh9GYURcv1Q/OyXu4aDMb+PGkUq1xKO34k4JrxF1lTXgNObdNlU0EFytmpgk/VnSjoXyyvnBmA5lZOsOJrOO4alY3D/mLwyFARvzkmUMWfN9jwRwNcl/nQgq3feWVWNPi9CIBSjRk8skAHssaKs3zgZ8jZu5ciPARheVkxFkyt4sv1e1grLwJaTIdpV78MTJYx4UzF/9Ch9D/cpzYRDutowREvT/pstpla9yZweZg4TZ8hDzUi0jR8WxWb6jdwmmwy5D1R53IpDdR/4QZna9fAxreV7J0jDRWNg3DHrxryNt6i5MMvYeRFHXSo6OU2NRuou7EFfkWWkeEzSWhCM1KNW4CuwUUg6vsWNuw0IInnM2h7wwDgVQ+oc96NLf8ZQMyBedh16Bk/ebUYTma+419NK8lWWBtypk3DFafaYQg28KtltrD1mD3c+KFEkYsJvY794qp3pTx6Whp+9d0NeT0lYHBFk5INR4KR1D1YmCcGH6ep8BGxbpI6cx7UZh/jjI7jcHqLMR5ODOdJt5RB/YYS9+k8gL2+jdS7+Cjd19zGK8wEqGz9ODQIzqf5zdVsfkoZYq49gcTdRdQnboihom/IIOsf+GmPht6VEnB8x0sIuniaLvbbgaRzK553nsPXn9/jZg97fFXWTyK/z2Nifzb3CZjBB1dlHq+qCHywhX2fH+LSE0b44fsOOD0YQQ6RAaz3QAgsy1XxY/V9HtcF8JxsQMfrLJ5vP0qCJjNQ/3IJKKpkclmtJ/k452CCZR69djOBmXKuYCaRAl3bD+Cb7BTwOnqZyq3i6EDTUS4LVuD4f1F0qkoFEhe/xB7dyaAg9xSGzwzTldp3kCqeTmPGL8c9N7VwVEoy9jmYwfDUNXSjzwla6BY6l7VzzDs/WnVkH14LnMCnLDJBxWmAp8+fBGYLRUnu+wO6apnJMv2OvOWlMyQtckGLiSKgV7wP5tU5QNE7AzhrIMTiodawJtIKtK6qU1J7Ahh06ZBLlw1aBZyDWx810ChJD65VB8N++zB+djmB7Mdug+D1viA2bMXWIWb0bas9as7+QrbtemAdYMRO2bdYR66O7Mq0WH76QoZWBZRYMYpmeM0jpY5kLr4wAuwOniMNrSOgGicC7k3LaPw4e9j/bATpFq/A9OxZoOszH6zmGsDyxePY85ATu1RV4Mlfg1zVupT8EgKwJMGOyzc1UH3/VhxzSATWikwEv9V6JBj9DU1vmuODKEn8uSmKtk+7x1dtzyIrPefvh7Tgn4ItnB7WwDMHjMi2IYRNx5qTxuJzYPn4Al/pbCEXm376uUoMypY/RpEZiVR+0RrnuqvQA6UF2Ot/DQWufkW50Psst1qHK5R0QTCjjEISb8KKj53skL4AI+JmwHurM3R19zQI++EDcl5xVLNHFhaIj+bW559RoHs37Dn0Htf+O8NT+vJR9dY/kBdwBzeFUhIKlACHJYHc1eGEUwLEMVRkER5YYoMe73+ha6wcmd28wmeVzUjm9kRozP4Ei1TmUEqgApqLFFPdyNFUuU0RLwSNwUd+ffzhqT4/6CbY+HgEDFvdgvjsN+QjaUXujbvpd9hatv79FJRt7qHljAjav8AM4qQfUpJlMVUXfuTfHw1A/pkI+dzfj2P9bQG3n8E2D3lOO60C5hn1MLb1Je8KeYWmYy+wkP0kbHEeQR+vOdIk4XUgbbwX2vfYgqHsErS6vJcjElP4vkQwCnYVc+qHZWgsN8xfjD5xXU8LXJqnCuETC1DhVhZ/TxBnL3Vlbrpjg0eu99DbB+X4ULwd1ffPhDunZODKrFrInpCL0tY9qDK+CvYkTmf9ugqOHPwGU72mQV7BC9jnrgvTbq2GWc7yMCDhQUYzLoHmqhtQKvkftj1fh49eE1jckUSpP3IQ/lwcr9b7wO1PWhjnuwNnfrCn2N9bQEhchR+d8MU2cX8wtVODV09MYDhgImqLjaUvcZZ4WucrPO7S5oZFAzzXzJPHNGzmBSNF4cAKRfJ2FIQ3G3QwZmEIy0z5D9ZXjgTvKH0qcFuIT1OXUqqbJJheDIVfH0pwUeMXtP5dT/P8Aili7Eoc88UPQrqmw85NnVB7Uh0Kc+bipdZu7N7zjmPWJ9AiOS04eSicTdOl6ZhPDu20UCXPc4IwPt6E/IQyob8mDNODL6Dwlxw+576Cg4K+ceXqLu7+nE2pXWYweu8ahBfbUKt+Hy3+sxNzX1aS+IPleMUZ2E3kDuyb4AXLHA2hY4U6xC+6xxamD/iRwSC9GN2Huo77UHG1Hxpv2gxiPrVsYz8Suj6pMu+y4Mf5x7B7oiov2XEK60SrIVhnIW3doUiCjzyw22YsaH6opXiZZ5z16RArnWumc0V5dGTaLtIheb77dwtl2Kexap8pXEkygvXXxDh5337UmeoOI7dX8zLVtfRnwhwMOiqLJbN9IM9VFu4Uv4GJSfeZl6qzi1MmNm1Lx+9l7vhsVjS+ExmkJ+s8+NjiEWCSmQ7Psx3o9t4eStjsSQMCnuRtsoddxwfiWLeLMOWzLenmG8E1l/Gc3imJ4/TfYfmCs3Trayt/nmULTy5Ysu+d+dD3JR/+3B4JfkXidH7qT5TUKYJlBpdwkk4mh+ot5/WXNHCK0A5wmrCIIl8rg96S07DySyHmrqwgT+NQWLlsOv/Qmg5JOnsp3iIBm4S7QU1FEowz7vE8jw66HrsW5rYr8fRrnXBLYi/7u/Rgp9lOOLU+AL68FYM8odPcqWBH54/8YvB2YqcjV/m87Sj+Lv8Zv7r+40/JhPqKFrBG5jxO/TSD6gr9eUZTBkXkzIOZDR9p8sxr3PPuOOlVncIIQQHwWZSIDXOcwTNuF/+pm0v3386mU9MWcva7mzx64BJX2O2BbYtt4eDB6bBQQobu7fUly2ADEJw0irdpFhObV0F6Qi6GzdoGQpbWELLhA31ZkED52p/g7h9R+rbbgnw+R8E+vUTsnykKtW0FbP9oLBRsO4Jmm1tIueMVjP8rTfJ6nnCowo/iFMrZrLYePsZao+lyDWjcIEI1XoNoJeuDTRvf4tdDm9DpnBadHrUHFpI1Twz7SYpS4rAnqocjd/eT09qPnGVyEJXrH0LTiWNYdtuTVGYF80qdDJK8ZwoxheocrtqNJxpUmBPHY/C5O7T9vTWYBM7Bl8cuw/cQUVaMUIC0zkwy6f0G1s3R6G13k7Y3f2T7wZH010gMP/fEk97kRdgfYAQR9uXklr4MDeUm4NF1IRQ2uI6Mr92hKoUGymjyIttCKZYKV4WS7CJ4h81Y1zmWLC5Z8+2RP3iR2RkOTp/OQsvO8tLx3zl/N4H4QuKbv+bArrDvMHdfPa5cYw1JlpGUpf8OqxyUUT84lOKkCVZ/O0y7o/eB+0orXrLEEeqPn6F3UWLUlu5Jj7d3oMRvA3yePBIe+rXw1ZtP8dhywKCN59BZxYVudcnwP5kz8CrRFN+ctsRHvnog16tO7luOUXTgXTYKMscFEnPAaUIKX628hiHGSqyX/pzLFUdAQfwtDDdWwuJGQaideoLSVh+BctHNZJY1CeMnnKDzs/TAao4C3BDdCv7RV3GDSA1uvVpPN9wncfVxHaqfpc8lU314tb0zd64SAHfXV5S04Cwr/nChml5vmGU2TFuif2IoNtH1wJlwR0ATOzN0IHvfHl73Xz9+/bkIPepNMOHlPq6cuB1zZ+2HKpuF+GPFarq6ygZyg89D3oijsFYtk/z76klF8xKtjTSkoBOH2fRPOix4NpokbhnCdNGPdLl3Gmj55vM4Gy0+2iIPM8+24/yEjfRmuhNOmuMCrjJSICnrznJXq/EKH4DWuTnUKT4WFjyI4cahx2y6zATnKb3g1iZFUJBcDR807cDt2TE2rWzArONq2H9rBHVmiEIOx+KlUZfozjgJCNtew38UH+OR762wtfEqnswCtJ0ezoMuTWQ/zY/EK0fCYWMRqHuXRuOwGuUWx4LaGmW84JpMG4cswX2HJzhcaiOTZn+YeV8O1uzXA8ueLfhxtAmoP5hDyqsqWKfvOmToB/Na50m43UuUr/7RBopexYVKomBuq4UdswTZ2m86+G5Vgjx1Gxqec56b3ETwQaApbDZ8QycGAyCr/gL9Pr6WvkREwIigJVztNArcrEaxiZ0AnFS2gt2pIvD8Rx+KrWjDto5UqD7/HXx0pvCT4S5+Hx+EOee3oVjACIg1iKWJ4bvRXsOZS8rvUuLaFehffonC+73ofq8ONwx3oNrc0RCl/BaX9u8BHs6hzkm7qE97CC7diYD23GYq2aqB5dqBpKVjAVP+OeAS3xLqS1iA/l5/QbTKGGuOBpDGthQsbDmLwVYRKDrCAvLUN/C8M9tYNzQa5qmuZZfez7x4wJeevqkFnT0XYY94A5fb20LRQA+3Wm2DHvu3ODmnmN4c0GSzS22wJVeOv0j14ouJjVDeqQd/o5dTe6gbden24TEvH5h6tJQD512AqpfCuHOmLydm6+Bo14nw1zcMJP6lYfywEBuKXuV9WXkgOuI5L5WShDCTJm4dOZte39KHP/P7eM5GGdLICYTQVz30zLEG5UVmcqTERHRL0kPXwJvYXq0Fkw+mcuVHLXqZ+5Oj9G1x0rAIfL9+G7oDNEncIIu6nVr4wyNFkHrcjsuLptEnwfGUIODDS/T2ooj/IqA1apTj8QfmjfhLWU4TwKJwKk1Sb0F35wsoU7aFjpuPJf1oP6pTUOE7rtPBxnIuL/UxAhg7kia0TaeE/Qc4QlYO+lQ6GFe9wgnRB7ETMsl6ejk1yBhBfGgN51xaysedI6g9YxBVF72FpU8/cZzRTLhZ503vLRdjTvcEsHQcgjHX7vH1e9KoleZGBlu6SS/4GsxNz+fcu/ugXmcLuxQZgE3KfkovbwPPMWo87/RF0oiI5M2P/FjbtpLDb0+n6uQzHJMvDHXnN8GLowc5a7kpOkVr06xeV1y0cg3ZWhTh5cQf0DQwD0IkROHDp1S4ecKC7ucvgdov62ly5mhesHo/BB1QpaOtl/i/xmcgdEQGRhw4zMV6feDffQV07Afxv/m2KO+xEaRO78RdHjH0RqEetzYxDMxdj3sv+JCDdADLCyVhm+4YcN75l5eMlILb8VvZ+pIviOaNh6Q/41gkZhSOtHoLu/ZfYtHDSjhTWxG3/XFDj8ND0JLzgXQdR8OBPSF8xbMd6qIusXCHI0nXqEDExnreVdPNdvqxvDH3FT9zEoM/sX9RV3UjxhskkVRBAa+VPkfpo2bz3ZQC0vQOAu9fNdh4Sgom3vZH+YG3nJKcAEevC4CfZCQtOfyYQnA/3pr3kG/f+8a/ZW1BeIILnr4uy6NPRrHz81ienO6IyyVkcGTrUmwwcaAJzkboECUHPxf0o//KWhzpKYUXetzB+IMwZA95QWe5Nka9aqFZl87TNmE7WHtGEy97T8J3MyZy5jkCQbsSWOj2jM3X9cNaa0mcssqRw10IFh2IxLdVu9Gg5yvUrpOirVmzSOLhObjnZkWd38Lg9/YfcO+eMnRN1ueIKfFQO/8sbbCOxC+Vw3Th1FoaUZhIo2685LnbemDQQxL+7PjOOhZT+MU+a9wpXYgf1huyufQrvLFrLcaOk6MqEy/4Ugugn7YXhpLcKdXPCC59m0yrzjXSuqPVdFlyiB88q+OOwTuUXKEKd97NA9sqa6oOEkKZBaYoZLKTdUVi8W/BSrKN0qAXRQlkOcMCIu7pgUfsU/jIeVRxeCzubMmGyF++ZObynF2Um1kgto9fSBtB6POZZNN+gNxuHgIvVQ2Kd+nHzJRwFEtshAiFCNZ4v4YDwtRB+6kJHQ+rhsDjmhz6rhqPXjwMWSYaWKyggMJyN1nh937W/W88LIs5CzfnWvCsCmFK3j2Rur9FceVvRbT/MwJ+vani0gvZ/LtAHw74X8bMHV9IuX03em6zYsXEJj5rmMoiwTnwV/gTKeMSPK8nADZ9n0ggthj2vnBj7dPX8Mh4Mz4l8xKNoz7A+9WfqOjFTagUFwT9wkdkM8OV3FdJ0Mi7wdQRlQFL3Pei1kkhDlQ6Stu+hOOijZbQ8rGPXh52h+2nZpOg2RyUnDQTBzO8qWNLJeZfugk516vQS1gayt6Z4APnXWDnsY2a22bStlW5PErtAybsGwUr99/BjL+ptHuaPqTf1aYrxevoz8kSlLrri+4X5PGsmAwvrjCmBi1h6HAe5tGnNWHd7q0w+uNnrP19gN6u0eS2kNWYOkEdM3Uk2EZsBTz0M8IdClZwq0oEey/nsL+DCH/Te0DzIB1+Sc7HjDeJHLNzIcg3P0PZp2pg77qAhI2swf74eNpsdgRGztsFn9ssuexGDzZvL+Wd+nGwz3YMhF27SwUbFfHArChW8kqiUxVTuaLyEMY5zCCFec4QfCqF2m6YQ9+XRnhU8B5rFCWxc+omrvU2hoyOe+h75jq6LXLlIMNiuBQ1ESRKbemAsSU9PHkPzaZehANuOWy5vIebEm6ir/1nTrK5C4EjDKC09iS+n3+FTcep4t6zAmzaqcbZe+L5r2kymm+LRp/K/VC8wRQ+TA+iFypHWHu0Fu/zvELCVi78sbGQYyz0YWbPH9o9aS55ndCCWQeGeNOAO341VsRpkWtYInsuFs0J5zVdWVhzS4QuuI+G5+ONoS3HktPL3nLDpl8sY6yA2wssONhmiKOzK3EoZRlc+64G9MQUUH8/rDa8RxUWJ8BHawEd113C0y1mAbc3UJhuHC+acQk2RI6D96nZeDi/CjNkQ+Hf5500d0IlexpMovhaHVTXWgRiLj94eJkIpK9MIIX+R3TXswf85rdA/0FFeu3+hJbE3WTHok10SOgXVvyVgeJMc7SLLaWXQfm437SfF+7u4paSHNqR/wyd18bSsWQpXrZ2NORGpmCYey1eb7fD2iW5pP83n+q/xdCRi81sXzUX9D++Qh1jM7hprU9trlt588AaGGdZAGHxj/Hu1gTw/WfIi6WKwFb1LQ/ftQW5VEeQ+DlAAknHMMsPWPPwQuglH/yz9RS9E9bBq4HX4eQaG0i1rqVX51qx4oAs6OZVU3btT/bQE+dijVz01XpA0pp/aF26MoRqaGLwd3PwtNxLk3a3cyX30qclSnh57HuIzWmi6covccdaRbgSl41PV/6Cdf98UOi+BvhvWgOjz6uAUEg/q6lM4ztNi+CClBGs0JLAgUmnUE3qOJWrzuPndhXgbPaI0j4OkkOaKGw41c9JfbYw40Q8+7/fht+N8+iU7zhQqbsOT+pVUailmRtnCaIT3ob7I8TBM+s8KAdeh54/x6HorxwNv4uHO4vOsvS8bN5i8g+/fn8Gy9uFoWhbJHuOD8Q3uoN8KHwcng6xp1HzbCjG4A6eL5uBaePzuclODTYO+3JZsD+cX90N0YurYeUROziT+YrqvurBTpkIPrjRkQ2PaUCLmho42x2msGnBpP87Bj7MEKJYqRO4rNcOGmYLQ4RjBC4SYVhxcRNPdTqICoHM8a0GZDpKBhcHZkL44ymokXOF9q3S5y51VahLqOYfg1vp2+d2sjYrQDokBM1fXtOK+cms1LqT7pt9wKiRdqC9axW3Z7uxvXUrqI7VQ9nkX9C+QokKnwbAR3cNzDecDqEVijCQr4C3LzpS//2/NHzXnzIEjtHzJzcgS+0Wge1+rq1U4TtxsrBONxvK83z49L+3pNbzjub81YW+kghsnryPAhpL0TxmMR5faQv326s4RaGLBp+6cXLFbmidK8lr2v2gpmsjxZqco5aaZdj2Rw1mlTbhLcWPvCo6ixwvrYCfOVoQs/ErtnnOxqkRa9m7dQBClmtBnMUp0P1njTaXd9LEW0hbIj2556UQ9Ow5hMm+P1hM8TsHh+hD9/4xpLPBFKI8vGGU/xAuihvm9lgvWLomkjtmrwff6m8sUWsHn+wkoWy0Ll9/mo6nPR7zGkN9+tB2HK+E6XGOw3teW5JJlW7CIFyiBe+lH4Df7HPUcTCE/yt7Qeo33rP54ZP4eMVVUFsegV+f6cHMAUtQOlwPT+4UkNp3W5qSdQEDnt6j/+qc4dKGWtynmwqGsRqw2HkMTHdLo7a3wvQ5vo2OGd0id/f5oHTzCzq7+GPe5BncbKADxd+vsOBfb5rsLAVNkgtJaHE/fXIJgqojy9kh5hRVt6vhZ0k1eP/TmLUFq6Do9io6MLUbfU+48M6UbMpXzES+sZ8mHT6L16aPgKnr3nBPRh4Zyjbgw6mpuGzMbFaoVIVU42R41LIEO1gLfXN0QCI0A8YUNeOnu760cUs5/X2wEiPXR0GavgN5bn0PmrmOKPB0JExd+ZAr5e+z5NfXULBUhbpnipN79AEeqP1Hx4vKuPafG86xFQXJJhcKNzOExpNfcUDeGb7KG2Kh2QnsfrmcatorYWz+E1KbLwtTPL6Q9Q9d7j9qSnt9n9CNmeH8q8OBTHYMQ/HlTPbti4YxUpNhs2IIhUV8xQWdV3Co8zc0lE4Eb/8gsjp9kJe4J+OW44JgftEabj09Bjfqj5CclBakbb+AIv3T+HXIK5r6UIte/dbFF3r9fH2kJvyn95jMH2cxDflxjXoJf3MLwglp9/FhbQdNfpYIEraeaPSfOJh7C+L7BqTMHY84SdmFiiILMHSsE7nnJsENXVFapVnB9h9GQJe5CU3JWUovr57ib5e3cajYPd6q3sEBT7ai9KTZoG98FurOi8Gs9D7E7XGYme4MJTBIY6r0+X6BB6d5RoFL/FRcp3+CbyRJQ4B5HP4MSMecA4fRPHECH1b5Tk+7loFuXghE3rGF5okypPrCBiJ1wiBp9z56HbWN7xj9R1fDp1CHxXOsVDeEOFl72vXfOO4rQZCJfMgfz+nhAs+xHPW5E2p0m6F6Uz65l/8hWfW/4CTpyGq3jWGHdQioJH6lXe9+Ue5thvWrDCiyZjG8Cytm54J2/n55BclNsoT6Unu6uVgPOz4o0YKJZqj1RhR+aemzjWQlTug/SdoQhfM2mEBB83e6oBfFW48Qac4po6k7SsDyngibC8dQdsRFNMm6DpF35UE2Qxe27V/P2YGfucn4LXuG5VLXQSe4fzcCVB6EQl3RN65cLwm/3rZDqpIeVS1dDUZxt7ApJYTzZ3wg23HnWH3hd9gd/gnHlE+G0NjDPC34L341z+f8hj7Qt9qAH7bfoIJ+M+ypeYdN/jJosVkAHoybgBYFidgd5YHO8zSxdbo4P+MgIi7G/dpu6HdSDcWHBUHDZjTMPC5Mj1KFwHaELj9Ou4YOIS7sGRvME7u/0RbfUxCeqgLLLJ/BwMe/ILXFEOoe+ZLx/Cf8rVcMBkbtgxW6AzAmRoIrtk8C0UdRNEVoNcgcV8KoEm1smF8PgyIe2FhjC1ahQ1D65xAKHxoDGt820FX3l+gVaMlLX33kVNlA2vtSnzZKq5BZ7DwYXOcNofc1QFCT+eyK97B6Ry47u4lR/zp3HgpFqEjPQwrz5eikKpo7DeHr2gp2eHURVJ7lsWy8LFgcSKXEZYzWn5eQw9soyC/spSXXDCBnqw1hOdOTeB1QXf+Sno/YAvWTw+lL7QHye+JGdiE+lLNWAuxNp8DNOT6wW8kAlrx9B6rdYyBtZCmz1BD5RVjTQPN7qPYzA3VZB1jXvgdNvjhxje9D+q5zH5sDX8PsvAf0Uu4B5ktvpgd/7aCS3PBISCW1x35k3cJZeGnoLLnEjaCt4wQ4UWUdRe9swOBZI0HhowlsnfAAl7+6BjQojSkJE0Ah4xo5t5fA2EQr+ChbRqs87ODubSPMKToA8SPkaPWOqWza8wAywlPwQ8p6wIe7UWrNWRrVoQz+Xrmg9ViFSk/2kb9vC8jGf6NV21Zz2N9KejL5FBdHJfKK2XLwO2oBfbobgMukAnF4khdvCrKiCqGf7OT/lnfnOkHpwj+0wkAQcoXmw91+Ffjy4AP5JC4E+6er8dO6ieD9UgxaxJbg71p5snC2g7LsH/zVyBsnLL2MXWW6MOH2Y1K+voCmPkik8HM3WaO2nf1PyUCRQA0+KJCjDcNzofNgKyU/bkAPp3moqU5wyPw3Hm0RpJ8gD1PjWqH5ciEvfhTIn0S2kuDSbuoSuI8j9Tw4bKkbuMknwtxFMtBimEaFa8LoXuowJ6WchuVrf4DH1REwX+g1nHFwhCq/vyw8VRu+OgqgrP41Thb2pEwBOR4OHkCPxSP4fsUuTpnojQE5KbhASwhmKDjT9oJhOh+6CvJlSuG/bwvpLJRwW+Jtahhahrvc1KChheHEsuM0oJmK906WYpfzM6o0fY8zS5WoaGYVRd2o5mHtbqQeAaidNZPfvHjMseX2uOv1JDgtsQh/LZkPootOkfIlVz6aGYVgoAxhtj3wlX7AbTMnNFCs5LSeXrgvugvbyl5xyC1/bsnR5p/7AETPLWUf7/0srSnCCU6ZPEdXjzTf76CtazfAlfwCXK+SCQXetjDas4yUo4bwS0AY7lz5mTMxnzWfnGLNJeHw07gY2t/28Nu3BI4KMfDJcAWvv5+KVqOXwFENW/Tw96MfK4TZwCKc96TXYOBpA5gYLU6WzUkw7SJTirE2q/5TItm+taC6YicOCdfSWNUL/G6CNkTOaMa6N9Kw17UVS0yPs2znM3iqfwqFlmykx0/PU13mGRqWFoVWY080vp4MWjH3+aFaGf52CaZkyxespdgMjXdWYuWpXbgkUxfyV/YQCN0F73wnXB4wgro6otC5yQpvLAvk/jF3OKFajXtmacOdoDV0Z/R9zlSOh9obsRjgEQBnC/9H3H0oAqGoAQD+h2SECElG0rJ3iWSkQSWzIlIJiVKc0tKk0qAdQkZJKRlZmZXKigYlaSojJYmWcB/jPsm3kX9kXGCF1e/IonYXqdwaAQ2VXRD3PpdOtgXxg6AjcP5+FvyLVeMXIhFAViX0s/AkzbDQA6dYa27fNoeP+EsAujTjIZMFFGEQy/FSd+mY3lEeoeCAs+tmQeF+c2i++Jabwo9Qbug/misQwmlrXPl4x33coH6ZLpsN4OGfhhDrZ47H7/3GmQl76fPPU5i2vYqln9nBn+2B8EfBE06uGOLlcQzBcatJzsQMLIIGqb2pEyyuTccHYw7RM2sz/JgoDqqTNdFilxzMsfvGd/6W8qU5+/hMYB+J9QUTHFvE9x4r4Q+9BD4xd4B2nR4BU5ZZk3/rTdS6KwA7Hw2h4fql0KHjTiPL9sLlSg94szgKpx+aBKV/d2Jn5ST2EvXBiPr/cPElMTB1AxQ9EkRBE1dx6/4oCPMwhaUfb+PawO0gu3wa3V85Cwd2fYdmj/e0OtyV8lsiYa6lMeQvloOhBARbgXRctF8D7285Bdofj+InzS/cvX4VzC93hpvaOrDDfRwY/DvD0w/108IEc5CrNabHd5ZT2D0LWv9yPOb0zOM6tz10/5Ya6KV6UpdNP+z4oI6bopfzguEGXLe8h7a6LKZb++u5dFkM8NMR4D+7DRICSrhTfRl/3R5KnqsGuWvgF2/uqYee3UCCXjo0XUMWlhXtBMNUQRIrngOO1WmU9d9KWiqagNkn13LF8WA22XAOT9aLwS+/IPbpvYM+PxTATSYYwuI30TKVbjp6vxiLe1ox9ugQc7gqrHabSuc6PoLx5ygKKwnlef/s0FUomd7t7oKRqz+w9dkvIHJSC8z3TeCOwD88+UIinrJfChnjb9A9kzpqPf+X0s7dhaU3csk81wxmvF4MV4W8uVllMT3WngaH+/SxtvQVtcqMBdEZnzhUdTn+KTKEdxqv4GlBKcf8e0WLZUroRrYPfrlcg4bfithy63m4nxFFmn+0wcs1ArQXG2DY1xdwc/gprzi/HJc0J9DfGl3qOBGFl8/nkGqtKez56QgGBjrQ7mDCe/ILyf5XMn59epFHV88k/WkxnF55EmZXysEuI3n26PiItgWX6XKhFI12fYe9665hkVkXdHm/oL9vfsBEWYCw0Yrw2FUVpEX0OfvsUopL0eY0CT1c4zgSD1y5SR5px3DZaXVYFZuBaY86uKXZg1V7ZUg+KIl3/+rgi2HuIJ/WQUWnPHixtTmobvXj2H33+b1GJb4YJ89xZ/+gzVEvztSpwdO360hiTwq8nDsT7sxbT38eC/FBtW7OFrBlJ+VWOFNKWNNzH4/sfIjCXxQZ9wuBYFwc5Wq8oMTXxuBQc5HnjBfB5KoMat3mTFXhJzDjzU0KmSsMmS8C+LU9YsVEAz68ZTl8KNLCZaPOkPvmcP5w+CqLeB2AxA5F2Mdy+ClUBVJnnoSKtli2inrBfclbuXFZJb29yVQx4TKZnjGDRR1XqaZxLZ/zecbvT9aC+9zxNGWlI/YMfsLAx9tw0PUMO6sYQVXZVV7uPQAhuIi33Tfgu3XZJLdECiXCvoFfylJwXeIJIbqjQcRYGuV79mBabjaI9ZrjuOm1+E24AJysX0K//y6Sr29CkU/ykJesy/deIv/NUscVc8+jcdYoask5jE2Xn1OU7l5Mu+XH1dKy8EvAANeWnIcNUy5A0eRe+HC/itx+jMGYsLFQEXUQrv2KA8H/1GGU0TH+LOnOatOlof5WK3R9jYPTLRa8KeI16Mt3wodhF37mPRkMF0iA9/ksuG5fTxKjHnC25TG2/mqKhoryYNmGXCeyGkI2KsCPBwuwa9ANFNq1+OVAAcWd9Wf/fmPYfmYLsrMYhiqu56NlimD4yIbv7cokfU85iPQzwOAgLyoRreONIQEYOdyDlZ8UeM52IZCv38w7ruRAzrEPoHVSEcta9jD7/uDvAZlsnPWZm6282P+hMSyLWMCD/AFF84fhluwwBR4a5BGqL3FD/n60jpEGR8GRuGC0BjTKbOIacyteIlQM7pK5+HPSaDLM1aCSg0Gk8Kmejl66jY/nSUHem2k4VikZG0xT6M/ubrYw3IRbw+bSU5ss2h1+FKw+vme5xHEwevY3fDZCHW5/Ws7uohoUJ28EIhO+kfr+gzhf9yNLdt3AIZvR0Ct8DTJnqMK++O9senA2SG7fyNtLX9BDo/M4WtGCJT97css1A+jyRPZz20dqH9ppbJYWuvbdpBtKs+Ci3gNyojI2GnKgwQOy8Oa9P4UvnwKvn3xj3+vppJcqBcLOvbyhbBENbvJG+xEVvGTVGOj76QjqD/Nh0sI+LvCPRL2Ln3D/LH3ycn5Dj9JGcJu5F5RZ6UGHyEucG9jM37r/sMw0e/ZtbaKhbfa4ysWBw2UT+b9l6dReMAGOHqsFoS0R4FxtRgt/9GJyTBianhiHayyNQVmE6PKph2Q/XQPGqv7BgP/Oovbf86AZ4UC+R+NY2sCFay6nQFHkdprzo56cxplDh10gpRyxgfPfjGBNthX7zUQ0/3GBH6ZF8xrvRfTFx4v2FE4Htdo/qDClBt4Nj6PAqjBovvMW5HOUyHuDCc8RXEBmecdIVkgBTDd+ht/FBlTs/oo3G66n1VGbSEvbFCwLX0ONSD0UNmdy0ZeRoD/BirbfaYeIB79pQjdh+LK3uP9tOjitCcX/2sOhz/0M7yQDWH1kmL52nUM1i9skWiiLRm7ruLs6Egfvm9OaSB2e6VqAcevVwcdYliyXDfCykf1Y/aqcM1z+osac4/yxdDIPKiSCVZMmlJRPB/ljNSQy4AHjLWsxwtQWroYdJispWyy65486QgvoToEjtX6WAMcVK7mgPJKPnQsj97WvQVDhNfcvNsLgquu0V9ENb4IwVYMeHP+xhM5Y36PNeTv547Mj1I1NEG3oCwaBOuQxFbDsbB7PV5ODFy/EeWD3dyxuXIjyb/so22AAjBU/Y7PeczoWZEjNAW00csEE2ONWBc80PKl71DvyWYn04awJTDDMRofzW+nQnA14yqUX0v9ThinitnBqxip+VHcanty4DEnZQ5TzWRPWd+5gccUdMKe1nPfMFgPR18/ww75oPqryDnblaZD6rIeQ1XYF0g6GsFukH2Wd8+Fi+RHg+zcPrx2Yj4sVz8DBWjGUXKRJBx98wvmdPrB3XB2XVl6h/WMBGt+q4vCMIfg8cx9E9Ohz4LwsljCwxK8V/aD5wgunHR7NehliMLQmF3TPGMOb6SfZeU0k1JzTI7MzWrR9/hsui35P808EcdTc2eBv3cACZX/g8IJfaDuqD/NLN+Iiz1CyXXsVDUQsePmrRTywbQJcO/wYGs1UeKWuKjaOE2LVpnewNsAZEq68p5p3G/CF8mbEo7Ph/ewqWq3lAV2bulFy4k8aSOuiyFdJ/Nf7C16++Zxc34RiudAIqHgqTYKbO+CvxlaKajWg52MCILV3iDuUZGHeOTWS9cnD7zlSMGHMC0j7dRkO6Q+RnvY8eBRRA/3OtVCqtgczd2+C2zr6VBFnDOGqmznQuhq9Wu3w83hd6viiwl6njXnnBllMElyArcHVeHSvBnjbieIBcCfF/qUQefUl/+cyGWN++WGt5hG4k3eIrg+9Apcj00D/4xb02BRIwx2joeFoDAU5ZNHyUWGQbKfCm04oQfWy29xzdzykvP9Mm/44gId8GVt6ZNCDs2bs+CUJnp8shgSpaAj/L4t72/Uhcdl07DGUgPv7CuBrzghqkQqFs3vsMWdWPj297cqPtAmDTxL4PcvDMUd/wj6DKfxZxAr2zrgBXXtNaNzBe/TWsQsdLkyhp2Yy4DsUCNM2r+fZM5cAHjXgTusk1ps/E+S0TuHfV7Xw4J4Yn/WeAvsStEj8xW8cCs6BgpIYcEr8geujx6FSeTv0XY4nm9YQZhtZ2NGgzrNfiGHIkUiWmXgeKx6Vs19GLPy38SIf3GTC7ZovueSmBox/4IyWBU+54ZwCacQGwB/NXrqXKYMrlfK5MV6J9YP6wGMiQkzXMtRvnMRfVOTxqX8tv6hK5Eln7kK+cgrraFXR3xRxrlOYCNoGTF82J8Dtab30bbsGTrP0phXvTpOixzOsC3tOt17og8RIBcjPnwjHBc3ZMukTnTUCnCf9Dc7iLWjzFMGUj5tofUMBHvkwAhQ/ZsK18irS9cygsSunwc/SdCrSX07zX05CJ6F1+Lf3Opj26MJzOSsKi97KXbdvYkCOPDjXypPrx8loarKWQ68eRc83muTcJga72jtI5mwHx21MYZvPySAs9JgPSF2BtrIMHoqLpjuP7VgkWQOKFGMx97sW79gfij9n7eCsH5WUXDKbww8Xoqb2IfTt3wLFr4Vhs3EjfYwL4aVXrWlwSAsf51RCZtEPuDZlB9yL8QD5+A5uFpsJioX1+MpAhNwWSMDhG89x/tHH1C/nwTsLvHmSTR+l7y1A81+yoDDbnUT2W6Auz6bd97Kh/6ozrDRKxN6CMfTl73FqhwDw32IAU7KT+GVdGMsYrce1o8pwd9lqKqvsYZmIZJovZ8WVqb4YloKwa/NJrBQ3gOz/voLUuj7+fl+Da3K34pshA5Jdb4v+QxmUP10HttsdwNrhZEqL8aLh6YGkOKAINqkBGD1YBs9HFWB3lxeZLVKFwt5gWJdRCf/cetB471se57yMLg0mcYZAIrVf3s7ZVxyxqUIFqt7v5dcF2VS5UAWON77HHA1rll/pyZPL9BBzL8Bg+1TKcVQFnwu7+KOHAkwP1IEznf3cOEEO8i6kUnnbRtrldh7i7T6zv6cB3L/5Dxxit8EVwfHkevUOSa6/RZ8D98A2k0A4+99Jmq4ly1fu6ICM/yuK11tCC2SYT/QqYNq5EdAqtYpnbl8OfbOsQUNalmbuHgUnPBr5rTKDot4lUv78ndZWjUa5qc9wVlgDXekIxALRE+D9dxQ41N2n5aAPFtYN3HqrDzaeLqPVo73oeq4lRYg1c6PVe5pvoA5HalJ4W7gXNbkfgn+/gMsujeKqfzEokmjAUz1+Q13sPOjp1AbtUC86N1zHXTLmnOTlT/Pu5NO7BZfILzodvu0Zx7emJkKg1Ez4tnGQT0ldoDELOmBxyyVUm/KJVi28B0tbgvnO3VSsr2jDlCPjYISdKlp83cDdh9X50TVFWjpKh8wkRDHfI4gmTs6EN+erMGKtIiiNKcDzw9bo2BEJxhPzoO3+NLov6cCGqtfwbmQiFwhbce2skdAicpxfyg/zzuAqfntPhZrGD+HgvHwIL4lDkc5G6jp3jJ/ZMfyy0Ye/khogd+0hfj43hga62vFJ9lzWv4sskW+EgQtVwMRbFfY/KKMlF/SxeKslHow9R9aXSqm/ZwSn6yvjWokWCi9UIrcAEwhOcKWQKgEwtTmPDss74fjgOPjxL5ukp1/EEbmhYG1iirf8RsOa7E6uSNCF7HcTME38ILq+08J45XKeeigevHKm4ul0e7p7Vgz0xRswSWMvHXzcTCGHs2nHPVH8FaxNhuudsHGNED/8WEWnrSUhzGCYq5OM0WiJDkzpqSYXDCfTr9Z0clse6AXWseS7Y7xZZwbMyUnmDWHx+M1SBvSbq8DmZzgaZS2iSc0WJFQqxxsmh6KQpA78w2ryc5Qhnyn7eI7nFOweHIdr/lpAt0A5GUz3ZvGSYdgPRnDRYgaEJ04mwf4sNj45ltSHbnN5gS3PTFRkVYnzVOT6CShaG1J9dsHeI0dRuf0qnxj4xNc9DqOJngOmrwQekquBi3a/OaFMAOKe5kCB9HL+4CeLh2vGsr/kLyrPPo7TqqX4cOwL9rmXTB/NFOGSlwx06Z0mR69jPD81ixt7LsGXFb9IJ1ifTE1sMSZVG0MH5aHM6DzndUTQuYohSL60gu5tfQClj05yppEArPj+E/Vv2+JSMgXd/FJe9labTp/wwjlV5pAQkwpHHEeDd4wqfIcYVFI4ACc+6oFr7zO8OW0X287bCgdWfuODAzfAsL2NG5a9wpdfzemUsiaeOmEKqofLMH5kEUeuEqAbbT0oXCKPR2sqUNnLBrwnFOLZg/4gOkUFcoI90LniHvdf0KXeS9kYPi+K5zqfYiGHUjaeWEAWM7QoVlAGTk0IYOmu6/gvxJMMz0yniHXeNLJdBRKji8Fxqh99HpoCH8frwvPeKeS8q4Us3kzn0+EH6NZbEa7adYC2OwPLfPDDhuFaflgvB0b74/hBvDGXrjKiaTsTwFndhD8v6OeMe464on0nqNmr09k/OvCnKQG0s0M4KgvAqfkz48A/tJ7sQbk+77HrzDCkZmTi+CxBOHZlI4fPUCR5mfuof64cErd+whi7rWA7NRge7F0N4trz+O9UUSgWTIDTvxM4670uCxbt4KyPivQouwGOHmlGL1NdyJukRdJfZOH3l0e0cMk2ED31jrafmUkK5RF8ctNDEtjdzLXLcljPvJQuRSrANdtRdHfcSgoUrsRCM0vQfV4ElooRuHP5W97VcwhMdkVzXpghiD+eRSseT0XD5xto9YpBrv/6D8jjGyuV/0H/5TuwTsWNKixM4NpvFW7oqaB1jk/Ze2waLNT0RMN1+0E0IgDNHi8B5xdWtFXPCLqWP4b1vjEgeeQfHx6shoqud9Chl80/YlfyubBouBjZDrDICLo1v6BwxFLU/d3DMZNP8cneBBi8PICqkdPR7lEWuCTYA0zTg1OSGzlLI5p8ij/TDmVFLPcN49Uufag26zJ+enuHPK4/oAYLYfjvgiVKvflMphdjadaSFaBxPRmfmv2hrS158OBDDTirqNI4l1Ew9lorNpoNMZg/xz63EEiPCqS3Uhdh3W4bMksYywOvLSiuxRxebfOmB7ezeG7oHZ7REQKFUev5XcYyfPTjDjzKEsHaMnGwuT0DxFXt6VLOFKgveotYagKHIwQhdc9Orrv1G+v0rNn+jQIu8NGGFwP3eKJ1MKhRIBiF9fCV3ZfxSZ4CenrshdsjS6jefSYcuaoEpw4XQq6LArs3X4RMj0gKWrkdhnr04J69CJ6qcIeMUeNAvX0GfKitgaDn+bjWmPmF8gJcaXSKklO/Q+dNF6p48Z6y/NvAz18fdFec58PXS1A6ciGHyQN//3aEOgv/gNJldTogJUX9/cNosEoDnvoK0cH2Bi5/dQLW7dWFMbsmkHZhBgtPPwAZzSXw8swkitIWhKc5/2DB8Fv0+eNAV/e444fMet4/tQ2MIm5Qx6q9/GpMPw27C4BkUytESu9F550fsNjwHF9IWwbBfRPgz8JNkD1qMhQuaYDSRFHwdN3Eh/Na6ZO0Di/0fMwyldJg/Pw37pU/TCutgiFs8Xgwh5lgnbmUu/yLsGXtWTxofJnn3/mFRaOd4BzEQtojH97dfJi63UfCg+pzfCVpgD25FyqUdKDOPIqWjdpGX67q4ibVVdi4ZQNar9YH04Gt6FRsRY/eJLF10VgYFzSJb0nPQe0t7rzktiw1Tf5KZ86qgFlZCLVE9qDpwUh+9fUlbk58Qn5Pr/Lm8FoWp1d0uN8I14+YCBdFjtGT+IswPnQKTjTN5YxNlnDT8gs67WK8uk6BRHJVofbmZKh+t4TGLgji1w41NOHcSFLvtaW1zz9D+vAMUjmdQrtWS+DIcG3QKbXg0g3Z5JFwAsUGwum4lTS8vf4VJ1mv5ctC5yFrsTivLJsB95W9+ehbW3qlr4E/pafD3yRZVKBKGL96Nfz4XsUmTXkc4y4Aap1raOHBYvox+jd+e+jCD34doE3PIyld9RWMfCmAvMSPejZMhrWaFTymRZtaOxHGrz7ItlsmUWCuPbv05IDF4GkoKG1B+0xl6LdK5T+fnkHLEh0I8piBLTtGQOLilzAnVJbKbl/B+AWXoHi0DDgmqdCJsJdcd3UHLtgnBOZyt7g2JB4P6Z7mJc8SKSXCGn6/ng0RfJTbBqoo4MEedi3vZOOLp7HLQg+33vyH1zr9ICZ5BfqGasMHFCPx9hwa+JOJXk4lUP21mXUjmNTebaGmn4exaZEU3Z4wCbLvTcdT6k2kKZaKgn1F5OhWxzqm88BIz5ac7C7wJMnrNMNJEzRkcuESrSDRJ29IANeA8g1VzutWoiTN32Bnp0AOegHQHCYIZjJvaUTEKHhocJvSV2wBx+JRsNPhCCePdaBZU8P5o5YP5eTNgu8d73BK01p8jDJgX3mKErPioGWiAst4iXK9ih06VcWh7glzED0/il6cX0+SKddJ0auIb/YosG7/UTpe30UG+wVYslARfy+ShC/10ezi9ZIfHRqDK1d5w9OlClTc+52uLxSmUNWX9O/TVyzKEgA9f0Wyu3oOd6yYRN82hsGoZwXYcrobvx6tgINbGVdLuuAYP1FolPmNj1sHYf+Cp9DTPIPOeP/C+w4KcCFTBHO8EkDvxTEWWqQA7hsS6MKpTRTvXQ8rTttR0GUJQtU97PVtJ598Cixp+orrk4xAcnsy9v17zx83LYMr5x7jYr0Q7N03BXLXz8PKi0/hTbAKrPwxC8x7+/iPkxaFf01gH7mz9NHBiF7F+PLUZj0S+F1JJ/d/oVWfFGBiySpQ0pvC/hm/sbPQllQF5+DtqB5+cmE7San+xo9Hf8ARQSNwDttGM+/H0J37onwlW5EDb7/hQ8JGnDY6n9foi1LF12L4tlYGGq970sFcJVSeORlt3Mazt2sxW0QUQsr7BzDJbzR3Bv/hUy+loGnuXr6R6sBuUXf4uZ0jvr8qRLNn+eDMLX7YtSgJLaZZwIVbhmBzKg8zvc1pg9ZR8NYQgq0pW7F2axmPcjlOb60k4eGAHfwWEoLtSU3w9cMntB+9jr9H60O6VTI0BnyFMZNT8fnNSzRfdRmb6YyGtG31MPIoU7HhDZyptZdsTVVI7rk7v11WA2hwhrZJX8b0i3pw4/wq1FRKhQOfIth18V5QXJQKXzV+4IEgBXyycZCznKeAbIc0VJsIQlH3MGu17aXGdUZg1PyCU3utSSbkNVguVKZ/uSthXMN4SO8wZf20JBj1eS/9WB7BzcdlIX2GHmsknoJYo9+UMDYHHz2aDR+GWqk8JYiPPxiClFXRuOHgP1gxLENaH7Sor9cDVbamEKUQOARNxNjMe+zt8gMeG4lhf2o8rBv6iCELK+m/iGQSveuCY6bNBJAzA5+M79Q/3hLcNKdzdo0mRGkjOaURZfv0oZWtLbRuVoO3T7dTtHYKv1vzE81fybDfyFWYNSmFwcGS/3NThHFZX8h+oxycuT2fJ8c04arQGr4lHERa3bdZee811hw5gb9/nwhHFxTS3fETIXlbBe//OQS5Gx/Sz5knUeXeGPIvOIf7EgNg/6I0uvC3gScmzoAD0VdpvvdpSNMcjUf4AL5ZHcmr9tvA/JouvtH6CS7uW8blpiMgT2Euq+kcp/FGP9G6zYpHTqjFJ7rraKHyIjgRGUGFyU8hTH066DY+5Ya76/FQQgLNEMrnDbvMKD/uITyd40f592+BwcZLvLAc4F3aY5DsnQZzfZV4l6Y2P550E2yXHaAnZ/pZZ5EB2W3ShPv1DBJd9vw6fxsE2XXAqsIDqLIlEXJPNlCLwBCsvZxDud0ZtFNtBpxN+k6GJ6aB7w8dfjBTFjTUrrFk0i7+/LAUj12thK93L/L3f+PBYvVWHph1DDXwKF6fYszjVHpQ5s5s2N/3GDUWBVD4GjVcESMJEw4Uc2vefby9MQiPav3AEcn2dL80kh40nYSftxxJNv4gzwmRheLNu3GliT1MDu6D8uZeXGQqCVYpwhiQG0r5trtYunEiWGXOhrcQjAlxe+jqVw1cJlgCRj1/cX/KWK5PaoY7s5Q4TuY1rXgoD2Orp8AM0z2cf6MWhk13YmW4Ao5x90SJqyEUerGVTtu4sPAxeTh4IgX2PrWAdce1ofeSKESt/gAFRU5w30wUOmZEUNR6AwzsnA7/9h0AqrpAXaN62EXVlgMEUmnV+yRYPqcZfs2fQZ1qvshVUnDBzol9zOLwZN5y3qhhivfiH/JozyEYW+OHmyvd+NxaGx6TPAquRzFN/6bOn54lwmkaSzklYfhfkSyP+vMSzxleouPtBjToLwn1Y2RgmosaG17OouP78yF+4gV6IOoDzSPaeN5aS7rJlSh2eiqILdXj46uuceHV7VQtc5fGOa+ki74atPdUBeYEJ4PZ+i4oFTUG5wVreOeNPtg8/JrSnPTJsm4TLAyTgV6lfh59N5giuqrhTQyC05k2Xqs3lkr+syXHwn3Y33URJL4J0aXnPrhh0W8e/u8ptztIwhSzVlwk44Kz/znjgc31tHuNCZ0e2UJBl27xvxOtaPjEn53SpWHUGDlYEWhPFv8GcO3EydCtKky5+f0UfWY9Hpz2H4nQAvxePBkaK05hp2M8CUzIoyfSvZwrnsIz/VagwsABTv+yBpTMtpBesjws+paHXeGH6ZvPQ5haugHmujZxU7oIVv+p4tiS07y8yJgcRHRhh5IQ6Vlk4acbZmD86ywvbS1HwY5fYLFaDC21JGlT4i6e7acH86+VYbpWBv3yvgMl0h20/UYVNrRuBmnnBC6MLyV8+Yh/fwQoF/1Je96tJJLaRQtqLcBC3BrWGM6G2weT6WCtD0n/UYIoCUGwf5GPAWtesFbVYtpoYkl7C3PQtMGOglefwE/rbuNv06fwd4oB9PUmUIKuNcW+GQmgu5RW3ekEH98BLKhWxO6QHdgc6wdPBpUgzFyZ0pICKW1DBxx4pAjiX134uk4Gh4zugN2p12D1FDV+kaYMOWrPOUqvlE89u0+akyvp31fmQveF+Ls5gL8s2c3h6cLQ2KkCzXJzeLHfIMrJLOMUO1c2CZrF01fs4ycnlqLTURt6WPGHQjSmQ36mPAdE3+U7VwiH7aLphMR5lM00hsyaRijZK866O77wt6tTIOJmKx5L64BNHsZY7WmI1zMu88MHZyguOA6EpwuxvY8Y9xoCyL3x41mL10PGP3tcUnCD99e2Aqyowyvaz6HFLhtMQhPZaaEx1Nr8gqBvj9CtZST+GNKG7d8Pg1nqE6yzegxCo++Q2HRzuhYuC2vPVWD6ZVMSObKC167ZCkrKHyh0dyYtX/EFkkZHow1kYLsqwWNBVbDqeYPlmTKgGTcO5z1Q57Ny3ziwvhEKNoZgU4oZXugZA2NHXsK6mWfg6GU1Wi3+mmZNjebQR9VwpKUfW8z16OnDfL4cqguHyufys/1zeWvfJ7p81wEXzO/i/E5/epIbzdkjD7Jp0yDbvVEG8ehcONK0gp4pbwUpk8Xw3007ksqfgYt0VfHT9gVkrT6NDb8KQlSLLy8pDcLvRZIUmR1CEWZpACveU5XZYRo35jP8+7IapoSLQcXG5WR0T44sKuLIuUSZEr1tabb7IE/tnk75sT9ZMfEDHH8hDGOb5OBhRSec0TiLIg3zuTz/DabssSI78TI8fuIBNMWH8LPomaDw7gvdFlqDJRbCVCmzCbPqNoOH1md6amdIKz+s4wK5GJwrqAGKB3fQNsNieq4hy488X3Pv2QoULRKF+k372Ud7J0dtK6etIYpQt9gPF1z5SRMGvlDt++VYfc2e1tg/RIEIByr7VsrvF7fwJF8NCOgIhHrtTXzXogNPi+3nfDlbkFRdT2M1gsDj3VmW+7cVNwaZgb6uCX9QrKbx/1ZS+4lGnDjhBm1JmE+ez3/wj/FrKNjmCZoPTwB5ZUPOOrcKKyOMeKztWhqMeEADThv4VvZavqXeAof26LD3Pwn48/EyXnYIxuIWJbbR6YGbronYLxrFtzu02EiunG7laMD61wow/2oI+cVNw8o6bdjXU4hibjZsLbmad66spesBPXjiyi5Q6hWEY3seo9YOGXhv8RreW73m62s2wsvjvzEz7wK3PKmiiwvLcOXG8ZA8oQR/2z/lDZeDcVb9I7gotJVLu5QxrGcVT85OJAmpLsp6ThCnV4Wn/1pBskIYeyi1o2TNJBjsuQPz2oRwilEBm2TcwuF0KZj5OIM1jwng7vs/Yc6FFViVZERLL+Xy6XOfMN85Bl+0PaQSHQkYFjgL+45rwsLzmzjM4hifLkyA8qt3eJ3TIPiuXgHFm2Lh55ABlEsNUa50FwlKvKYxRxrJtsMJWq7/hnY/H1oZpINnD4nT6AglEBkfiTu+TGRzGx2uHxTE/bviKEukgkhmAJ0DfVnh+F1UmjEJYk3fgpNLOpe/PooFz05zxLXNKKF6nQr2PaGA0sng0myHC1X1YOaIZBzyeQMu12/BiHRFPDHzK9Zkh1FzdCbIvIrh9lfBfLNFAp7XrqRlb0Lps5ALH1+jQpM++0Lqpt/gNF8O7hQtBxVjfRIBWdjpMI1hZAkZfEiBJSsFaKF/Bsx7GMjfI32oqXEKhE7bBeUSE6D58jse3XwfZaac4rKAWcBT5VBIppXXfFDGqVGJPCYtBI53aMFMzzcQkn4L0caGNRqegsQlFeiPLeTAJDGasC8Q8pO9sP2MHrgVBXPoryTs921E64fVKLlZDZZfMCa/Vh84q6EDzV/TaX2PNCyY1kLjp46h/DUNcGzDWNz2ewYvFtvN41OzoOeJLTYqXeCU1Qpw+vhHWJpcjZnLBCBWNonjdy/FpcdE0GiMOnl7xGC+/wFSPUAQqhzCj5d+5eijfVCz+yLfc7vFt46vh+oTieD6bh/PHJcHVqOVYda6r2zmUU+uc4tgmssxMlogAXoCI0DvzBV6d+IQDwhuYMsSWTisa8A5EvbwPlWSRMfvph/L4mHbpJE084M1aA5F0NAIbY5arA03ki7DRrUEKMqPx3em8SwuNZt3Hp+NJeesoHPPDXb59ZTjJWaC7qXTLPDKngNOhZD1vB5YpOyKSeHHKSzgA00bdxiOCjyA8vmqsGHXJzguTJgVMIELL6VAnGkXTkzaScu2qJOFRzponu0G1xCARs9M8phRxWIXMzmm+QVptiyGK97lJD3dj4M3WuEc+ThYOE0D4nfoMO6zAc9vvtyVOw3nvPtB8pXvecc8b9r2U4jLlitg9aJZEDUvBK8tLiHR2XLok3+Sb8sYsJ1XAW8ovY8T1T9TlucgKe+UhB/pm2hrsyvap8+DDOFa/qT1CGe5feKzG+LQZGIt/RZXgh2FaqDeac57e5PAbOE0dhrhR0e0pGD5kRRcmy3GJ7NXY4DFLBB6pgi7Go3AXS2KQ5df5U1L5nPrwEu01GrkqOA7lH8hlf+bHMfZcwTAw2c5fH4tzGGv54Nuaz4bztPhFy2/qOSNB5fv7qO8WWU0J9kQBs4PwdE7YmiSO5/DrcQw86o2Pb/pCQOlK7jfxwkzjoXAWidlmHNmGJpqS0HC8SQmp+qR6cEudoRZnHRGlkNXfuHui50sWGAMlzoioXGbM8abPsPPJ1MgcmQODO+vY4EeATj1pApXCy+Fj3+UIM3xLwi1POT9gUf41b7ZeM/mKFqOy+dFMs/YOayd1kxZgiXvZ8CUpg2MTYlsr/SBSnaospKBLk6vzWKV7PE8jtzI/r0KfbspDiUnsvB5ZiWuKWnh50pPyHVRJPms3I2zkzPIVXYNRErtg/UfZWBzUhc3eTfwHlsTOF3rxAlq88Dt7maw/BoHA5PG8ByvSjDpU4JPz+Rwpc8CHilvzrvOevGECW3k0zefzilMpYyDhbxftJh2liiDg+Voeu/gxWklfqS8XglaXrRRQPEgxW/dQPfOXYGx5MJyEaIwT8wQsgvv8bNTg/BQQYcoMxc0DhSCwKsBfp4ZT3seX8c5rxlCUv7y3kkS4JTwgufb9bGb1Tz89SucxqwugKdRBTSUdBX0d02Hzm8T4SzX0YenAtBww51GTpqAOcXCZPJmBYwWt+WvY39ii/Jk8My6xfbO9/jtijOsIZtPy9ZKYKR5GfqaMFmVWYDql5HYhkKgwvvZqF8CJEUBrztqwfz1v+nyRyO+8a2FinERxE44jstGy4GDSx0sTUiD5Y194CchCjoihpg16QSkzXoJm5y1qGpSPf9JkAeZN+OguKEefbJPgpzFU9KxkqfikIfo/fUaXp6wD0dufgQnbQRh+4JVtH/VRBbe8x/vSJmE/YUmMDBajVuX+3N5tSTIm3rgCwdpGCGuDVmLj9CNbAla7/0NJscP0w/zSpqbZM09F67Dl/uLONFXBjbXXQMxc3faWiVG56WM+Ei7Cm3jefwzeRrMhwL27cxkQ0OAiYILuc0qin2dg1jHURMiu7vQvqqWtCxysK2mh9XLQuGa1jQQ0ZXBExcdsTurnFdmCOK96CTM2VoFN673IfYLgt/qxeg7YyocNY5HGQM7vFZ+FaXl1XlkkTqvU5zLe3VX4XZzZdKek8Chq8RBJuYdu+0xJfnNiXAkZwpX6mnjDIFt/FXsFMXzcjySeoQ9t80CN+l+MrO6B8+FN1GmuDZlxDZgsN5aeN8YT1eWnGDtp/p0/rUWeMfJgU+XI+iV3SG3gDSwSjLBPYsek+VZJ+jzi8FTO57Dxx3TYXgqcof9ejSc6AJFHYdhzKv5LBgfjvtQhx16J4FNkiVbnRGB0lvRaDNUxzPtRuD6lxKkVWkDB31LWPnCCa7e3kIrRA7hYicj6J6YDerlv3C6z3jadXAxBx/UR8XJriyv9xmru1VpvJ4KWTyXgL8H2qhtshM0jtkH77SNyKKmE6t/nGerzLmc8ikcpj2T4qEjgqAu8h7e2SJtUb8CfWWP2bHYirR3v+JWcxF+8SSSc8+a00DaJHig/pd1OndQ6cFimuLux60y5zlZcwJ4LgvhzwfTOerkaFrK42Dq5NdUNuRI7LsBLJbk8qzsYl6sLAxmk5qhUnYAtot0o/ZfdRiK0MKHnmIUWzubGkMfoszWJdTdXsOhYftAbvNG3L1pN+a5y8HbKw4otvMgTn56D89dtcVHQedwTMcpuHZTHYW+K+D7ezfprbA2TNz3j/0Mi9B4rAa/3T4B5tcl0PKaN7gjcQcUWI+CF6d3w/i3YhCqtAh2yS3jpt5iOKazi8ODzqLt2xg8P2INLuwYydsqHxNrC8NgrjKviNRDF4kC0g/SpRkHPDhlxTC7BwyS9LcB7vedzjnB06EudhW+GnMWRL1uY4PTRgqpvkL1U5eTTKEnrAk5D8dOyMD1ydJw8O8nyL92lluU2kDqRiw4pzaCUPUG2pFzhpvD52N6mzxpTdeEItt3PL3uJ1xY9oFle0YSd/3jOeeKSWfkEe7vm8HTdLwhfZ4OdCWXQPbWGXRvsStsFH1B19uPQEHkT1Y5uQRiH72kK26HsX/DKHiTrsCW4yfR5oPJHGC8GHoV6plBlO+mPuO+jeX8LaCb9G5rwhkFLfTP/AKxTqb0xNUTzzXUwPjHe6F4kgtWjfwHZrNVsdbGCKSTjIDG/6GfaaE0xjiXHsadonXqDjSqbjenx77lCO8gjPKRhprSfXxX0gGEpr2khc8y4EJIME99YAN7zhwGjfX9qKXSRPtOECwdNRF6FSeR46lFfP/hK9gdb4CiKnl49VEn/xV2pJsj3fhrqTic52SOqdDik5cPkK8CYYT+c/z+SYsTBBPgpPF5+DvZlNQExCDzZCd56N+lZyWeOKNICE4M+lOm3zaYuHMy0ZPTJOI+lppJCzjoHI/d5s+/LaVxapEjx5RIgPZ7F4q67ooBv/3gkLMYbVqnBKmuJdC58yqIWu0hx4xD9FqlgEQbp6C29gmQFfKEed1rAY0nwE39Rxz0MxeixbLoh2oNa8Be3lp4gLeYzYfRMouQ9yygQS9DkM54RoUFUXBJdxNE7xkBH467YLjFG9z5XQdm/PpBc24thAuzCaLvDKHWaAdctbUHhHIP0piSv1y34hH3+xtA2c/vcHrtbPiRMAvaymvYrd8EL328SWLxuyh64laUmZuGY+PPkvLSMeRSegfcPpjC972zsDz6Ij9wSkW9wN+UJyYH8RNj6PWKmygzbALiyicw9s1oWOmjwk6HvbCgQgGvZa/Du2NS6c2vQFCZl8a3xObjmsx+EsgYB9uv6ZNwph1b0zUSe7QOFIUX8FflE/jReza1T1uDRoGe7JAhAAdyA2iMVwNcLd8Nbsk1aBEVypEOwiiUpUOpO01h4mdrWHFSEuYsnkhZ6X1QUxVJOVJd9NF0JvqJHqSsOev4iXIDF3Tvhy4ZWbhspUNrvnTiQwshWFlxBaft3MzGjeVsO2cVt4tr4rPl9dwerAhWaXuwe/gn/Nc4CWzTA8Blkw7cufiaUt9KkoesBt7UtoG6GiXI/W+QU89NA9snFagyVQoXrdSmdX7VcMdEjpYs+Yu+wheh3VMNrgcf56c+tViwLxZjhZpoSUwlf3P3Rpf+HbhHM5a1NhlgdvNYuD6kyPVFNrB/szn9mulJFb5x+NuxHWLV72LfajUOz1mNb7RV4X6GCz5ap8Uix17gnvULaHShOl91S4fngY2stnQpHRhnALalAL5iUyljzC38e/k1tFUE04ct/dwupQPbxd5AseshapsmBbs1NGHbLVUcjCwmjVw/krRoA0vVbigImI050tXwcuJCWOJejmlbCa6J26J+hidNEk1CA/EOUGt7Qo5xf2HzzxkgqHYQnOP08fFIbXDyUyXXV0Ces25AvOY4CHvZQhmxI3jv7tM837iZ0j4G8F4PQfC0+QGewffp5oVqfN1pRCPjf3ORRColti1GW6s10Ow0CueEzgK1Vx/xVlsA/puTDcKKs0BWTBO7A4bw0VgJqL4zCpc59vIVPYClN3bDzc3G8GyhMkn3aPE333z+WlqG7lVqwBYGHLKjhveJCIBjmgIH/QuEN2rd/OahFFUEK/Chy2tp1R0xihv/mE48vgGL1MbBv1wvvJs1gU7tu45J1p0YsnonJqhJo8txfw79ZU6Jb1/iqHUi8MluNETWBvLJaneAc3fp70jg/17ocLJgD9S1adC4feJU3jcGZru3Q9K22SD37iAcOqZPbRZXSeOFOE++eYefT1lHi8wlwe2MMERPtYDUM8Uw/DiAF+S3UmVDNNhJqWGP/SB9r8mGtzcrIJVMQUWpCZ0sAtk4/TSZnRKiL6f+gMRUYNWSIFjbshCXzLyOTwbEQHioAg80K0GQ2T08tckT16vVo3lwGlgURNGIG454xKgSHPzHgWZnNzRvyMC/DueR3GaibGEldv5pQImmBrKdq4/PlLSQ1ipAywxxHHleHRftscMEeUt4/MuAbodMhsrNybxB/hr0Vd5l7xnaUHBHEjLsHmFnuyZvTuigyxs1eHfwUdoqLk4Cgffpq04GX/44CtwmrKLfIiJ8bFEyVbs/pzxvXwx0LsUfa77jvmN/adFOHcrz0obs35Ik3HOCT7XZY1PkLxb8u5Mq3MPIIegCzpnvjdFe19BCYSL063/n7iAbfL39Ad2T2wNTvtZCd44TvGuxZ4vZFlRf7US6YnL/L/4X9hTag0D9bT7QUY1KG0JpUskUmn4/D5PqL0Pedx/yVVkE82PMwXgD84uTATQIW+D252tYsVuMx735hRBQQgN3XGmGajQ5yiFYWonD6yh/XDV7Oq5bshTuiaqAxNvtPGLrXFrVtRTD1stCR4sQPLZTpy/HfHH6r7Ngf2Y8ats5sPK326T/toJazvhRlXAxXJWZAPb5W/j8bhmeUydPz1Nng/NXRazftZAPXOpj/6UW9CXchj7q6UMDFIDUg5u8c1MoRPRc4KfXLFj42nuYH7Sdy0Xz8NGNYj72aCqE3zpHt3uesfiSXNhjdRu9xtxgFyt1aFU6ytE68yGhoplfbhGAUtlJlCVRjc8uhkF5916I4nlQ5SNEot1vQC7VBU10Z1J0jCLMTL+Lo98r8Mv+bKqTuchnUwVIUCUa1+Ypw67SXaCePoY+2wuA3ajX+CpvAY/qXQfh9i4YePoXTN2jwE2PzlKxty/FD3wi6w0mcPhINI319YYAmSx+5HWXVl5KYn39Plj6QhF9REzgy6Ua3D9NDl48aWWP4rkUd2Qi64z0Bd2PU7j2QxR2zO/D065hPKzhACX7xWHv0U/UlSRMw7vmo7vaDNqQ4oAbnL5zuvEEnPVzGWspKNMiSYbyBDvacv8+HVghTLY3q1DLvIKS24fZfUYllN47j35jnuCcUEE4veQdRv5dADJTVeBJ+S30gY10xViS6PsZ+CuLcOk/KVh/SxTsxSejq8kHMFu9g303+8P6xgwOXzqaN/m48CKjRKiBm/RNwBiwwJXyxd/itM6prL5Qgg+LaIH0xg5Kun4elr0uhN759fjnrjnESzmT57YrlDBmA97MPcfH55jz1NwjfHhfNFiXj2dD6y60b1YHyOvjWr98fGKqAzoN+Sh9OBFyt0ZRstorSjbv4W8+4njXwgTGm7xjHKvNTr/eU1v6Sljc+4cmmezjU7cfspvYPFBMFWTPZwiOFkHw9/Vz0Ois5HPVkhQtq4orYQZ7LG0g/XHzQNVpBCxvkoZPvq2oYR7AwT0jQOLoXLxr+Z2iZBaya8coqNwBrDu1AW/UGEDn2Rbc9v0pVvtIY+q9EPz1eybmZFSTfKAPLaw4gmHVtVy5WAj6F9zCoNAsev77IkuYpaIfyPGF7gxYsGUjKRtf5tcu/lSuKQvH79aBjaU0f5F9xkELGuiDwmxSK5pAkmluKNi9BUtPacKA0RhYlfgJ/VP+UMNyWZAsvgTTcpVwg5gNvN73k9XpEq95OIQtkyXg39q7VNXmiCXST0j9ryDHtG4mqYZUXHzKnPcnMv70mM2nR2nA+9oIXGF4laa651JTzGh+4TLMCU3voCL+Goc7beBxYuocs1oBMtOe4fQcUy5cYsKLt0yGyZ8Ww5fvl8jv2jDMvVpI3xVLcETtSPCUuIbiG+Xge+cjSvP0x1VDRyhrVhqpzPsAWcNW0LBlGxcICcBQ2DMoKpSBsceBrJyX0fJ71+g/vUVwYtQolIoyxI871PFltTlsGc7Hu/FRtLGniRu7xtIfywU40N9BsXHt0LC/jIWeDsAfZ3Eo1Pakqnn9UBGymC74FmO/miLMUplJKy4I4JqSHZAf9wO6nxqC7ocDePhZFrqJ9rKfuQONHK+BZ471YtT0hexS9gvS+xVRqXQWvJa6QhGWJ3lj8BmYavqA79bocMpGA172yZc/X4qmO4cOc7K3DHResYDkqveopzoR6ix/U33+L5668DnlXUzCVz1uNC16O34dHA8HCwP4TWIjfDF5hYZzbLj6nBGrxqfylxGCvNUzBf0Vmlj65Fi443CQNjR/xKTfE+DGxFIKbB/m1m03KFIlDTZa38PWz3fhWYQgxAytY/m7Kbh1zUaaWfoLpy3bzYIyr7F1vApNm2gL75LdWWmeAHz+mIF7GmfQgo8J1FHbxyMxgVHShCzn2qOpXhVruA7xnhZTeOQ+lfpmfcbxMj9wV2gS/7DvhGPhc+D6OWsS2OKON/IPcV6BBKS8NiKpb2/QrM+GHi0dgPcn16GDrhHtX/wJ37/UA+Of3+nvMQ1IlhugksbPkPVzLxnvHYuuz1Kx4wvBrc/v+L8sUwhVCiDdFcKwsGgy372YhXfc2uDYzgo0HHOEW4QKUO+tP23Z3U5ZeSFQ5CMOd84Dqo//RvPCRVm1sgr/XB3i3EpXTtVURw3FvzT9UCwc8BkP150L+b/Vz6HwDsCLzKsg0q1GZnVNtH5LFRjnu8CsuN3QZqkJe/cuhubBXJJoMyCzs3dx3bM8Fq+OJcv6KDykZAVTL83DyiId+Dg5jS2FRTmtm0ha5DlEbLsLLaZe+E/SCxvr1PHCBYACgVFgGyNOZwVycbefIB1RTaOFMQ/5lUUP3nVXg7bB5xh7ezQqZmpC5st28qOpfFT+Dr6V/Ydzu9p40/PfHDnoD166ZWwUNAkbV5nBsqCHsOdXOB/eVURK35fj+zIl6k4Jo8gHduS86xIm227Cpn5hSOwcYDXb9Xx1lQj+p6tGgrXb4bOVE8/65kS41hYlHOeRc70k9HSrcM5yG5o16jieO9WGQbePU3bfbXLt203yYqWYGF8IXTsmwH6Lw7gkajKJr0/la7X1fG2kG622KuVbKXl8aJIVS4RogUPRVDg0eS4+/h8B8AEIBAIFAPQPKsoWsldk770VEioN0lC0aEg0CZWMNIRoaEjaitK4lBSpqCglo6gUoai0hLgXNYanLKtml69f6HitKk10+g8yxKzIa8J6kjsRAYoNWmB9/yLKxexkr+s/0Xv9ZdwhsQ2lVlihyoTjOLNMnTx2ptLMY8aw2ykNen+L43fF6fR+TgS4jKpG3/OPcHZxPVWvCYWd+o/x2U0VeNcvTEI/plPL8Gtsd25hKlZhYTdbun12KYqHrYPknsNw5YoK1Hj4QaR+FzjYyzDXXoVdm3eDuMQE6rnfwOFz1wA5j0ataFPQVlCFW+UOoBIdyx1tzpifr00Tsg7DmwfXUSN2mL+cmw0zHcVhf0A1lAo58rgTFiS5ZDQEn2Vau/4EJ/xL5VHzlKnsoxHovLOHh47f4d6mg2CVfB/NFZaCYlINS+NrnnbYEVJs3/Klo/cw/8woiLlrwQ8W2vLUenFMC57Nqq0ncO8XK7T2eM0nJdfxWcGX/HKnMhTbd+Lj7nX419EDMoxu0dV1Nhiz5hqLFUyFN4cPkHtXPS4+awiqAmm0GE7yZ9+DOKlDCjZXWaGw803QHfEYvEVEodcNyVdQFxZNiuHWuh8wZ3kEdJxMgJa8YdBtOEHVslsxIfcNeXeU8DR/DXgqfROfSdfAfXdf3hLgAJ0JkmCh+55I8imWxtnwlMpKvJwwEiwfe2Dn6J/Qd+MDWlqI4n8HuiH3qwbvkR5F+923YqKsI33QUAH1bXlknFrDfaq3+P47UyzP0sXitu1MpWKg8r6A9PJ1eHqZKtQ9a6b6z6dx6whntpp2CrVtv5HoZKY59xZjurUH7siO4LtHREBdVIgPzffCbJ9zmDRuDmQob+EwPsu/n4/Dp6wA8dPNIfjqWBhlvgQkvs6CUtVavrjZFnq1tuPV33PZyS4WI9pP8FeFYpCZaQ+Sq2WwaPta1otIghnVt0Dptgr8mfWCc+0DaFLUXc6vy6ZF6oqgb3cZpFy14ZD7L/jbUwfXfmjj9+hMKFRrp+VdYhA2ejmXB+qBv0Y5GfXvhiHFDRSnEc+yyg30ael70IGHkExlWDx2D7hZmcMxu9+wM94Ni585wpOaLDQZ44itxkZoufMNJ2h7QsmiZjDUHQVtq5H+Ku4hI/c+7qm8R8r/3uBH4VN0NrWZVpvep5ut2Tw71w6erdzLi/8G0f3ICdhZWAw7NqSD+4IoPNGuBFf6P+NB40JwDBOA6OvPwX+hPPfpCWOsUDnelzvNriuqaZ5XJbJxCIhu3cZPr00Av4x/rPBwH04X1yWFMS7Q2Hqex4Y94hVBv+jwK1PI+eKP522NwFHyHc89EQ9hCRUkuf8Tn6mthCvzJUg3wg/H9O4HzydGnBc3AS5sycLGn/dg2dYOjgqUgf9kjLFs7UJSufGKbl/fwKYaIiAzzgA+Xk+gr+pxHGGug7sltNHvhTGO+rUWZz7dDf/1uOLcXjF+rqADnvtaYZ+PGqvMdKLKaAbBF8QBX+UwYIwbD4b4grhHN8WOEgerHUa06P0D8LyxHS7q7EWx48dwKOgOSvT6s7fnfPJ12g4yFWbQIVeJsYnl1HrbACe1ZdOkG5mcWzUexKKFeYPWeRp8d5NCRkmC3+wHaBOXSIlp9+GIXysrCV2A065TuNNLh0+btkPWimLsVBODpPoQELgkQbN8/3CbfgWLzi8ko8h7aH0pAgtOHMEOizn8+aYZfPe3BKfBN3TYYD/d/XgKpgwLwZvH0/Bm2XtqWGQH12tPkHCsHhz8+BpSnpjjaolufA9tMNevjV1rQ1l/0i26pnyOupz9oaNaH0YdFKUJAXbQr9wGklfCYUXRaSIWIBNpL5ymqoROvb+gO8sIFqxaTaLPf1D8pBi4Mame/P7MJTO90bxvzBPQXB3CJ95LgOJ4hJs5dpSSWUxRn2V4qkY1GQqFULysGjyK3Et3zTdR7ux4HAe2sFLYiO+oCkPuv3sY9qcSJ4fmQvoCA76zPhj1o0ohafsBsm2VAIVzobjhXhaMaNzM9h9NwD11MtCjG6jqPpu927biOAdBWNOrAm8D5/KZofn4zkeINBX3oNmRfg45oQRTd32CuPBVJJWjj+JfneD31wMco7+BDytvA8mz8/Cx8yHcZT2C9mXKQ+/mQtIQ3QZpFsYwgkR4xkof+pDxGfN7o9gwQxJdFk2mOZ2KkFXbA5P/beXrGdYg9M2WoubNoYGCk2gjNBPnPTkGdlcd8cr3Oaih6oJF7x7QhQZdWNxoBZ7qqbhQ6ihPF9YE9fgiEol0ZDOdRE7ftgG3Pixlq4dmoLZ9gCyl3OGV6RM4WvCKM9pl0HhmKg+5jAChgxo4YX8C79AZAZm7oslvzBK0WX+OE72ng8b6cTzqrC0qFi3krswb0CtyFuipCmTWz6Jkg3fopRfGK52eQd7sz3iT56DLiPlYKncSS0Xm4ibbUTDKvxNLZhrT9KvRcNbdiQ4+bsLIZY+5Lz4JZKwqySzJn48l68O/2zdZa+wCtFhkhhfz9MHk+nFQPfWGNhU8pB+6TrTh0Cv6OWU86BUaoPvZUg5pNYF1UULsav+WJI/LwOKxBpTX/Rg/TWrFDcPK8N7tPA6fmMzevqdoceZF0FKW4Mz3VTR/oT9cXuAAWqcOgqGUMFhmL2MDGXWKPOSOXydUQ1eIDtQatIN3WxmHrTIhHR8ZkpcwgKXb72PdmXjYtn0V+4f9o6S3EtB6ZyWuDJiI056XcG2eOPcbKoHT1QTIk2+iF/eaWKL2ANtdMCbxsOn8zdyHOyW38go9B/gzWQwcaupZ+sh7uCItyiXVEfjm5RYcKBwJAhXx2OWgQndn3eJ2TT3YfGcWiR00gsGX9yBUeSvXu10kh//2sImuIiduUmXfhhD6Z2AJQfvcIfOkAVTt+o9dlI7DpioHPvxUiexjf7Lnky9QolOOHmudoCC9lVyOrcMdJ5/A9xn7+ZRpO0jSD/y8Yiuam5+hlifq+DRCF7qt93HwvXCak+dLhjIniG+fo4G3UrhmfB8M7amEwfqtYD2gCqGeKhQjMYKrRM5io5IFjTUP5OJx7pRn2sXtBRvh+KFo0i8ZBycfBsKylmzyDrsJWqnTIeJVPa+YuB8y7v+CqbomPKJnNJ+x0ASPQ+coda8AJNx+Det+3qUpM4ww2+c9/H5RgS3TtuHCE8Hwa6wYiIxl/iZfhH1/58KsM7MpbZ0020w0pMaXs+Fz5h/cUWhGHkOCsEtuLX7brg4ZT/JALk0dL+r54vsr8/ioaDQ66hlC/+IO3CxBYLXoIp7ddp5PPt0OlVtKObIvE19VPad7VYkcsuwx/2iYT53zjaBZ7SyP1PhCbg9Fqb3OnZqey9OcVb289vN9XNzVhXYSx6g9QxuGRxjTif6jfLN2EJ32bOeXcdPhU2Ehiw0dYN3R0vj8RRRlisnB/HXZVBtyn8uSxHnrvLM48cEXyixMQMV3IgiT4jHYOhnurDCHfW76dPpzIp+uHID+hU/4WsFZFhNbxlGaynArWIutWpswfZQqfNeVh4I3Jdw/0hz7+2fi6qnVMEHvN4kmLCGZ1nvgoVDGY7NkYLIc4bwZs9jWfBsdjnTiU8EeXHD5DcvBdf798Q4WbLrJyXWiIP+vhOasG2BjjWp8Y3iXVu39jUFn08nTKAdueB8BHbGHZNYtCQkOsyhgaiesu1TBNi3P+Nr8VEjPrMObT9twdzTBRxs17my1hV/TvoCZbgE2pTvT9yNPIOpYPsaYHISrLf8wxv8mjjGKw+79o8G/8B0LDHWxQaIGZ4SGgcbwP7QJu4/7qjJBu+AHy6f+R1/ERkLNEoZiy23grWaNjv+Z05sFdnDD5jY1BqrSj9kL0CTWkFYe0IL0R+t5RWcvVWZNwpfFN7i9R51rnlTA8QoZvF/XAF6HxFBNTACuz7fgXY+kYIbJRUzLugPiIW/gVoU6TDMIoRi9LlgVsw1S1ezB/XYN2C+YQFF5D3GG2BzSv/Eaop3OQ/EnBVYVOMcRDvq07LEabK1fic03LiJ+C8AVtj9pYL8FzrDuRt/2AZK+MYaVPqaSYbwN/MnNxhbZJ3xG3JC1BU9R0bJSEHA7TO+7nGHXmEvQMN+a5o8aCZKvHOm6SiWJ3/1OjrJ6YARxLBF1iYK1v3PibRdU/O2B568YQ7vDAu5MGKQovZ/gMTWS1fZMx0DXd2Axfx+qj/3NF7pzMCdVCmbOXIaOR4Tgmls731ceYndBA7zbcoYkZCM5c2IZaCm5YNznUaDXJEhBk85BXcw3CA8Xggu3XqLvozQQWWYDU/I309oebVZhayjvcYZ5Cx5S/oFqzvMX5y8aXmgbVIfxosG4zCsWLNOEqD7cAsbp9/BeSWkwfLcE7LZOQX5YRL8WWJGO7U4qMT2Ije6nWeWQFfjtaOSUhDq0f1HBTemHcUqyK/7cnEoZqZ9wSeF1rNeaA65OJnDvZAwnqLXRsGUehhxzwIcZk7HcOxez869DSOQ7ELk2Hq8Y20PAmnr6WVNAdQ7d1D56CjZ5mVPX6JXYkyxB4THjUfVpBdfl6UJfeAMER+tQWncfj39nR7tW3ISmpbp4WTId+cx7MlMKwpKFUjD8ciIYJN3ijuPf6I/UFJ52IJzg8wI4f0uNntjOo6DlA1AyUxh+mW2j3iePOTBiLYSY6TDkuWN4UB4/mzYPG8YZ0rc2fR6lKwGxDs7gev84jHivAd/F2vmB3UhwyPhOtupd0BXvQRLSV2D1BiXwLnLFzSL6GC0ejlLnFpP4+8esNv4qny835tjKSdRi8gefiTlCvudVdimaCVO/+9FQUgr9HhiAwVN74EFsIK3q2op3c6rAHyfAr/tucKBoFv1RzuWLrp84dM4CXH2vHNw3NqJLiz7PfepAgcnWkPnRkPTa9vKF7VPJsL+AzNfmkM6CKhBo/o0aD1zhac5BvhqqBxVRh5j/buLxER8JDfcibuwE58geHLn2BCXvWsJJ+oV8zUMC8jxc2baiB/LcH5DnBGs44vCdBaKf8+DfQcoT1EDPuc/wUpsVvLk2FmT6vLhmVAvx2icYsewzbn17jH1Lj9OO/FgsyrKC2/nK8ETrHblJJPDh2gew0207ykqb4aOVVvAxXwEd9pnDFq2X4CKhBdLV8eQDVWAyOw0GlwvS4vMNOG3KSx4z6hYfcW3ml1Pa6KmSIliuNYeNC1aB38kUtBJxxn/Vnaw95Qa8WvgVstZ6ceeWVZioiPBetI+CewTQR+E36O4o5pKVefDFq4QmxUmS18hrHBc8G9LiR4DZbWNY8k4Co8aX0+grSnjQcgg0P87FrfVZ7Gl6DdQXMxzTVoZdsQiXR17HWKN9bA9fOCwA4Pa9UZg61hdct9uD1scs7DEYAX8/m5Dt8HJ6GDqP+6wEsX5QC/ZNVYCkuEKwnkKw+MNh2BbhBNtiG2Ds/gScFCUKLPGBZlwyJcEcRXQpvcPlmb6cp5KFqofswWlhOm7WGY3ZL8/C1vszwPmLIHyadxsyFwL/TSgkLb/f9O6nHuSne0OnvgHOkdChpd1tfF13KpolnUaN2Zcpb7QQ/S4fBlypBaWCTZShtoenO1pQWW4hKJ7PpY5ODxZVLwXp3SnQqT4bxj8fB5eua0BpaQoONFxh2yvzoSblJ/qp9MGRk8X8LPktym5aQCtaR0LA/pHgGxCPka/W0Kn7n9HRTBJHFpfhUNU8XDTgDnPUVWDFQnM4bBAEhrcb6Pn7mZAs+ZRffm4hhz036OreYswW0cGOjbksr2IOx9NESe9XHVzy3gAeH33Y+/xV3HZ5mGodymD3zj9QcGEITGqMwNt3JIu1vebfPsdgZogl7tz1gg9WFHNPx1UsGiOBkRf0aIGEHfxOSWOtIw6kDBd5SZ0zB3Vm0NhufXrs/oDGxMTQ1keiPHDDClwDe9jdWYGTvgVTcH8K2xpvBOfvomRRc4amfBGHsMlfKatVCx5ck2JP56lo3asJRzQOwaKALXCiaSRV5/4Do/P9ON0+Dv2njgN/g7P8zXA++V/aSDMCq9Dmgh+XLEQWTVXkmvSpIOQuQBs7hKEheCd0p56gg9qz4YWvAO0x6sC64G3ovWIjydstoJIlCvREaRzMrZCGmjktVH1uDXaGnSarwCg8NaKSPJY1wdTxZ2CxfB5f1TWD8iANWpi0m8xkEyndvZm1pwbwe90P8OhYAfyUlYLRlV44XYggr1gVV1l+5kWTHlGB1B9yeHuEP1cswPmizWjqepMjtYbpts5ISFFbDQM6rzj55A/eb6MDI6098OWu3ZT43QqPLvsBVvWr8VG0LhSsleSdvwLgk5EF8oa79CU4G+Ur5lNnxwk8l7aSnxwaoB0CCLFzrLjhkQ0u+lOLp65UoqamFZroCFFy9DosdBIFq6P9ZNUoDn826PC1fR4gVqZG33dGwO6f7znvwj8UnfqGAi+as1x1B9WMBNBRfQdZ5WW06uQUEqmupUudYWj0qYX/HkjBUtMEvmO8D4Vc7CDh3ULKTpnJOY8/UtgVB1Suyef8F0FUIXMTWLGVvgZYwOA0e9Be2Qwzq0/Bg+/F8C05jK9crcc5z2zo5n96OLnmC809854e3xSBUZfn0uaYieDrrsylqTLYK9QLOpKT2FLyMkiMWkbasnvhVpccnLwjTPWe06BuwU+qy/kDMt1GND5MBB62xWH8q0j+PrMDbmmIgYWgB0KPIru92sgpa/fA0YOTQOXcHMzZcYw/nPKGVZcvU2CuCay5VEOfPvhxhJQfB3kdJbcvutg86yoodjliUMUx8Dz0C/faOcDoAzb0aHoUq087y4lNFXxqhjYKbrLnjWLXcMqaUggfrwRnfkjCgPZ3mO16kc10/sCYG3mU3HGXbU1N+NP4eiqf40yBL6aRGcvBCoMDeHpbF3zc20Jjn/wmA3lxGFp0h8KrFmKg3w7upjooeiQCyVfewf69f/hKoixveLAIcO0yKpjgRrnijRiuk8rJQVfwrK4wjNsthG61E7AspANeDevgCVtDFlbLJ9kNT1Gv/iy8sr6G3wbl4PlOeZYt+UErHOR508cktqRyGnLag+Q9Fzq3FfB6zzj03iMIo++8odmXzcHHLobLBGM4dtMiWDFeCT2zLHjp1QwK1H6MI40VIOjnAxxjuZV8xgaitIMtX36bj9W7LpB8iBTa6/ghbgwnAUD4ZJ1Ml7zXkkmIPmsppKCTZyccF42GdTpy8NJvAs4oDmFdo5EwQ3Is320UoytVQ+ju/oUuHMzlsHtbYGtOMsh1t7PDJFd2+aMJv+2ESU/kOgbclsRDVwKpPaicm/7JoL9OB/4pu8n9fj/57UsdkOxH2pT+AGyFH9GJaafJdNVh/u+eHjdJz+PA+5L41D6LYq20QH1jCEaY5fP5bZNIo2Yn+WrNAK/SRg4X7uba0XGws3A63HqiBD/M59HtD+ZwoMydnBa85CNWYrzhXAOaTp3GUonncIlNB7+yNoAzk4xp/t4bVOShSPpVHfxQuhpUI0/hvM+l9KV6JhZGa9KCBBO4uESOdy8/Bj6XGyCy8S84lu4A0B1JsT+GcbVsA76/85APuoqDV3wV/V5YBme6N0P3Yws6k+YGF8ZX8dKZt7DjVjS9rggAS68RoBAdTsVtDij29Aj8OZLDmuG93GBnQi0PzvH9UYoku3ITqSfLg5bTTP4bu4+qxJvJVfYQeXZco4WujaSlvYltx12i2uoWXBNG0OwzhFvLD8C52tmst+cKWax/Tm/upLHp8pWc8OQSBsrtx/iRdvArMgE+ryqDO32O6BdvzBkTMqDKbRM7zKsieYdHdFlpF0++LQkv9qyiMiVdfvW3BU68PAHOPyVZ8UovNS49C6/N/HjY/wmLgwrsVQ2jyhFCeMe8iWLCLWClz1gQSOpBebPzqLbciqc1S+CNVQAXXydze8ZtMl+QDhk7HmH59izeOXQaHhn9ozjxBdy3rh76u+xgwffX/GtEMjw65YNNiQu5F+ahYcpy2PAsGRWNnvB/P7dg7ViGmOzPsD++AbWSw+jcGwXWyB9Nqw66YYBDPyoEpOHtlRmQtNsOtoSG8x3/TnJTCwa9GcYI6cdg6H08Oi5LZoFzT1E0NhtUz6pDj9pPnGisRwuujWYni8k8+2UohqzqRLfIQDTctZ+KllnR9nBHOLqlB80q3+IVX3XIlm7iFZrnuWSaCBs0zyLPIXmuazwPQhkAK6Tv4Sv7m+DsuhYU1Sdw6jtRaF+cAXF1wVDOPvRLMgBXrbWFOG0drhl8zbP+W4YNog1gM5hFJ702odJMb865fBBKhfdjQybBalUXdqs3wXdXHKgj/AMpTB1g+QOJZDryPS66O8gxb5Q4cRPAJodYaEqPAFJI5aXyJ6mvyp4m3FnKnRuek/qUUeAb3QMVw7Ig91YBZNPi8K37Ky5fto8m/kvmQyZOMEZDnV6F34Rl7ufhcagDHP8cztcu72XHlnnYk/Scs2I2QNYkK5zcuhV0mitgZosmFQ5Zw9oZB2Fa7id4dy+dfrbGobJCLwlK64LD0i2Qa/+dVR+NoFVTlYHODdLjZdN4ybV2ite/ygqVZnDfLRXOKe2n6sP/eLGWCSvNMIX6KTVY8TgD+zQeQ1j6Dpy34g7s9PPFM6ulMHOvMXgOHCAFfW2Y/dUC24ZdYbLZNS7UyiAly/e4WD8HckPTWVh5O+mtUmXDLRqw3k0HjHQHcNu2ozj/y3jQNCqnvpsEd9ZGs4NABSSEu+IRbVGYkG+NLf2n2VPxKqnMGQbt4wn8PZPAXOwU3PqvEc+XyuFEZQfo0ReCK6FNJP/fZHpw+zb0W0xgsaAYvOpdjqtOXKItmkqYmK0Alnm3uF79PW+QysHLbiuw/stl+NgVBQaZHVjL57H70XKMSLSF82TOLqJLsOhRKclSDEwZ10o3emtJ3yoZtO4/4pRnn/jUN0vY8G4J+Aqbw7+L6+GzsRF/6rXn6rbFYFOmC1ejDvCIqyV8d5cCzJH6h9sW90N+lhb/nbmFyhKvUMedGrpvqQ+3G0Jhz5ANjIyWhR73zxgtrYmBc3ZQdYcwN3j4wbvjRnQncQV+CXiMhxOsaNI6Gxj/vh+6Tn6GEl93fPpqE2y5/IBenEyjMnemrmx7dHxxDr7GCUKccjlfib1Gmjrf8GiiHU3I9OWaiedQKnARaoe68yWtGZRUbgQ5F53h8dwpPM+vEqa9fc1fK0P5aWs6fc+O47umP/jKlaNQFz0B0q/GgJtuJXbmlYB38Rp8VYqo+e0frS3ZTkK3z1Bb+2uouysHTzyQqmedYePtPnhhhyzsal9EUap98MffEl6IbOCwzot4feQY+DL7In4Iz0M5jWUgnmFK1hXhHKXUDWcyG0HviiqpfBLERlEbOBLwBa4YXOfiqPm4R6YS8mxN4GvIWvy6fIBKsq7B1k9NvGMFgvq7Ooq5W0fHFJ6DsPE7MHHQxdVWx8nu1zf2s8qBOvSCz42j4drGaRRmewj3hphQaJUnTO+aBSM/BXD411n0pfYHKVySZ4sMI1CcvxUOP+vDoE8eXHfoGLw+okhLbgjgzfHa/H5gDm+YPIYdd8tB2skGUOl1hlM/9+HYQwjTVJZDfbsI3PMqhkM3vblx+R3IHmsKUyUq0e1hP4S+NaA93kMEhuPhRZ8nv3u1EQt+OoBp0VFWWmsHl17FAeX/5jvW1SBQlAku52dDj00hLarZyUsrVoOgsxiFj1GGv9WEe74p0dK+JNKffQtbD32Ck1umw0SnA1Sb8wvW7VpIXoKG8HzFKVqd/4NGTXwAe08XcOCrI6yXchItl5+nTd+rcH3Dap7SPwqi+uJpzKdC8i7yIEezZIDCkaTacQOUMzfx5yMpvKtvDfndFYMPV33orlsYNQjL09eZaXzc+BH2fW6ld73DsGXuIQrUvoaTt0qDh1cXeJseYLs9fyH48CW+1p3Hm+etZX8hI0qL6KcBnw345L0hyHWG4FC8HZm/O8YCxpU4YeYuuqS6g4S0M6jGZj3XbO/k5RMRfCuVMJ/cOPqyPvRMW8/aC8/y4RhGwzVrcUHVSqgus8KCckk4NHEZjt52i0cOhoNBrTa/WCnGywRLWcTIkwouRUC/5C76dMoO7liEwu+9Hzk89ih7FTZQws0gsH3ty/+ZfeOuB9chLf0eGMSMBPmZ1rAuYwyeOCZAa92fwgpbJXLLOUlTa+zJysGFFmx5j7ZLrKGsZwMYu+TDwfOf6JRnHCl+TeBRX+dTUKkk3snyYv8399F+lhyoTw+h29oD+DeSoEpxCf7w0EHL/EjSapbA6VNyocqmhH2aAcb/ekEhy32huDMXr165go2Jxry8xgvn9mtyaqU+pQceps4hEfjyKwg1phvTjqm7yEhoIp5zCeVC3y/85WgaSxzrJadv0ynjoxLEPtZCGc8iakj9Di7CivC704IHL/vwow97efGt5zyjZTnIf1OGLZE/uS+rmNfdU4G7wjuwRWEGea4sISW7FvZcuR7+yoyFO9N1YahTE11NguDyy24euyeLnP87wA674jG46w5t3LCaN20pA8N3wqC+UZGbjv+gjfsU+O4zL1bRmo9Rypvgu8IyyDv+i9T8X/G8ECNIep9Ck++5wC2JFnifOcB3vn3AKNNeDE2xRTnlmXw2sB9kzWVhgdwVXPvsK4p/sWWadxQ8ZpdiROFomltRRz9cq6B4Rz5o9ivCzFHvWHfuI7Lx6KL9u/NpzupTsPfLFDAicVy3PBz2X/VB2YNjYMkCf94jcIkGnZvQuSAXWgVrwWv5Ftoaf5Ov3RhJF43f0S8NNTjdXMa5ma7YEZ+EIyb8Zi/bjfT8Ry3Z58jwIvNlPCM/mY8Lm8FhMyV4/bkXVhcnc3JDPl+P/AB2yoFcJrEFowPfksztKHB8aQNyO7xoxu8I2tBSCu8/D6Lw2YucqpzHNtlmfGP+LDJeU8frJxhB97LlXKAehU0pXtT8dBP+vOcCiauUMcBCDD6qJvGXLVf4zho1MB1tRHPnPuCFHXdQJziM7+wrQ2fPmVjz7A6Vb5KBytJs3pHlAJcapEEu8QYHpWSjhfIOVkxsxv+UdpG841t8LnmVtz3TYi0wA6fgNSTx4BFuX9zM0z/dxdruXl5QEQPLWvdi24E7nNhSjun71UBx1QLsVavEBK9m2hOrCwJ6YVBZGMOOa5rpa9l2nPyzkVt3Inh5ZOLR3Ak8K2sfCcTFU3BAGulNCcd1fh9gZOg07s4klP3nCH81o/CG5Fz6eqoG73yppoJL9ryOdqJvzVOMXPKSxZ1VKGDLKJjX1AZ2O+7weulxMGKNBx8rq4YvUREw+sAYDMjPwtB3gO3uDjBjdxJoyX4B2bvNKLFvJhTMeoO+k3fhy2uC1CSeCvlX5NG9QAWu1tRisJUDjNqbBiOkHWleTzrQg6/EM1az2svJZPrSHdsyjeBFeAKWOqzDV7F7yPlhCDUvFMSqB9X41MWbVvsyrpn6nWreqsOqiDPc469M6l2XuO9pC5YIyrMVdMMoPabDE+bg+vUzqLXFEjo0j7F83XWenygMjY/MaOjfWs4+uZXiDFXx5pzt5LYzjfbnmMPnTgMe++Umev85AOVjJXFWy3o+4/qBygSFoXp7EOCZfi4qHA8TnOJ5IOcuVv5Jp1fbtanCajIMW+uy98+PaOrcTdGflWD6mfEQcmSQgk71YHD+X1bYUwImoU/JpfM9zjdaCGc2WqDIh9UoGqkMw3MR19uvRyHBfjh9fAy/Lt+Nvc8TQGr5JBT/E85HxZwxSVwIpG3cwGYoFVSihDBl6jpSPCYIsQ4JrCnwhFvm/QaZt3dA1FweLMUUqCsmgZ9Xx1PK+VzIrfqHT9wO4uyopZA88TSYSm1AEzEjyF4kDeJC3Uj/2jhEOgInX6wHrVmGPG+qGjlYTcGMqq1kEAXQlWCBS7YV0/ggRTTLMoAd58RhUs9oCnsgyi2eASD7L5sq7iNM1VoKx0Q/Ul07ge6CYGh9HUuWv1tAJrqQpsxJBWkVNdJ/ZQgfsos5fLwyy266zGIH93DEi8No+m4ax85dRoZKOrxCwQIdr1nCcacVrJraC7ODl9HP2dM5IX8hdV034fyF2/lhYCOdWVyND5rlQDa8nyvH3+XSuVdhgut6PjzOH05iKFU0arNDYTy0vXpL1cnicC/xDEXEZLPIqmG+mjEZ/8v+CBdPVaHkGy/YmW4LoZ+qUOKPGpzc+wDlJ+VR0N+zVLg7FVwPbmNJsd0cHiJPuWNH47yB5bDqtT70tcjChXlNtH6DP/X+HQNZa7/zVB0T2to1Fwcl7aj8+DMSeiEE6+se0q8lD3jyM1H++noiBu8vwE29YVjfmo+3i3o5yH0lNCWNgUPqanxr21IqYh9wnniMhw9OwlKpbgg77ogp90vx1G9zGphmAd5DPmxz5hPcalGAzFcb0N4tky9UxNLG8eI86nQ7BI4+TQs8BaHJpZCL+k/h5Hn2dL34FIS8vE3aI06jx5M9mKBzlFa2XualV1XBc5sDFLbWs/TS+3xE1YieR3rhj+pMDloUBXPdF2OjgxyMqRoFvuadsOTbVcySimQplxnkd3YVJjwp4KOG9/HQ1UQ27TpAfTkicJSl2Mt6O61UNoDitCDYU78Em1yc+GL6BlK65c3Gcy6DcZ0JtB56SUWqC9hwIIavzfuGM5IksObldcgYuRNvFudg/8xqsBC3AcmOMK6wSafDdW20Wfc2dTaao2HeKBTetJB+FGhiXPBN3vVaHzSqbPni5CTUOBtEl9aU4IrhR9iVMoNO7vyO+0WL6erCeVziJAA+sm/Bx7qb1jdq4beG1Wx4ZyLUpcWR7/GPuFegj+u9hPBGmiEI3E2lt+oHCaKUkZWbaKXlGPBPHYK1x5dDuvIxjopjPPJ4HKhoHMS1chd5/c2JJF2QRy6rpcmnsQe/eJSSUfMHSHGwwkteo2Cr0CA5j5zJ4Zu+wi/HW+h39TaWvGOKFDlGSX2fMEJ0HAnel4PBl4vxb/hO6rloxrueWiK+vY5x14bJYCAb4/YNo+SENfzvgQJc7bOBDSe1yXpWM6grrKOyLx78n7wFjNiqDA0p8nxvKJD9N48Daxs/LA2bSiKPP8AIuRu4N7WRom5W0PxxQqg5XZHOpzuhjKckvF7lw3vuKpOccRynmPZyUuh+/twoSEvibFBEu4NXmYhRbJgmHIk6yvd3NXNNsRBOOhML73omU8PLUtrxo5OMV8Sxkes9VjtkD6+PvafL6/JR4F8tFw/r88aJnmzcFQvDl69x1qEeDJhuySMKxoK6/FkolDXEQt3DqKp3nZd8NCOho9MoJm8QdhyXhv2y/XzS1wQyPSrINHMxPP96ioWCx2OF/F6uiTCg4oQtcG95I5wbfwEf7jQF78wSrH/+EE42PODfL1Ro3vF5tES/kMvsWxEjHYAejgDx+4awwGEuFx914uZ+D1occwILTgZRstQR1MSfUBwdTEqzFKmjQQjKrA/ijoOn+O+sMVCSaMeXn+2ilb7vQTt0Oj2rPkwrNuaDzTNhOMXdXPPLCjQjhkiu8gou2SJFotf28IsGcZq62Ia2K6hxpIEOaL3t4SUBSZQQNpbfVghy2Y5J+OPhR44JeU7d3jUcnhDCNvYakDgsyXOqJrGhSTS+qd9M2Yov8Xz5Bx4+2MQBd2LpaEQNdYQawrX2BWC9rYJL0tpwUKiNlTUcyVIZ4HntBaz5psbjglMhS4fBdOIAGMfEY+PeMfBgthyvGa8Hl3uF2Sh5LEtrhnKoqRfH6xlD03AtL5wsR3W2e/DF+tvkl7wEVHZEQ8PUe7jNaSzZrcihA4JysG/6I/DPisD88nH0vCGTbn2ppsKJz/G6zVsOX3OV50brcJulAbRv6YNaTKJlfAtCHltyxb1HkNW1hDKXJcB9t2V0u80KduRqglXPLd47MgCOH/LFTy8PwsmOU7ClYwUp3LuDZplufPTNDVplDTB1sB9/HtwHOdqn+Ofy+xxluhjcQw/C9EV76JFiDxt6pdP+VBsodfPnSVP82UYBQDfZE8avOwQx1TVMR0/ih6cMwmONuXa3JmyUVac33k188oUxjCnv5IeaAlg8qoy++htx15osMtyuQlrjVSDhlBKtG/yGiYrbqFBdFrJTFUGyYjsPpzygcblLOWU4GQ7WqMI71T2w4Fw+08ex7PswhGXnpOC66TdgsfMreOgQSVZvn1POeDGI6/SkPyu7wb4hj/+p6OAmd0fOmrEIK2T88O/fOZT4bg70CAnAcetJnD3nDI+c3Ew/k/pJar42qEyQwRvf6ult9A/0OzOVv6ULg2vcSD7STBx/LwilAhtx/N5FlGuQCgb/suBGwHdeGEGcvF4UUrbuRL28jXDFleHCTwE4NzUapCzGQMG+6STndBei5v8BkheADwNpFGf3A0siFalvvzJFHp4Dhnp6tGlzJs9ddQgcv8/D72utQHa8LsQMDUDNOQPwXxwAOnaX4JbCY7hs+BTzR+5g4xWMga9sQfOxCmaLFUNgpB3Y9juTxKcInuX6kMN+NuK3rePhSPoffBAgBZ9oGnYmHKP3if9IXHkG/6e2lc5JOtNLzVoYvXYx9LxW5NWn9EB22gRM/XoFjh1ugLAn7aTp8hf9f5SQzrylsMKiCmPdzHlylATML/OELE9tTJNQxPE6H3GLkBQHvWnAHqsknl+3l1SGiwg3yMPLb+1c4xqHW1b1wKoJddxi/hK/hR3CNSJ78bi1Aze+fsg6V03gam4x7A7Qgy/PX6Huyyc8Qfg77LtUyQOFd/n4p/XQffMghk4RhuxUN1jv6Ezirr+gPWAWFYfeJNFzFziyqQQ/iC2FbZpleDlYDVpCV1J3JdJ2raVw8e9OOrLfBR6/lObkjUZk7+6P37reQuQzK2hrSiEDy7dYNdjDgk4+4PxuEkZs8+KIxrnkND4NZlTagfpFa9BJmwwb7zeT780DJCZeSL1uflw09xNa7L5F634toVsayWSaqwmiF2rxzMBiOFB/Ey/0PqZKr0+YGRSM2X9GoPulA6TYOEibq/Xgu9QsXD/oznYD++j19Td8NjAWry12Y5fl+yDG/RJcRzsYv0MeGt6YgZnPbPIqGgNmJoTfgmrB0OAF/534AeZ8K+cnz0xZZYceyNR95UOTBfllhjEvzImGlY/LOfSXCXpPsMPTF1PhgXsy/xzUhKGcBHwe4U5NK+PRSC0alWc/Q6mFN/DP63ReNzDAIwVNcfkqMzg0IZKnz2fum7oExryeSQdW7uC8GVHsU1PMpUueYXDxQhqhJwIb/yTSEYkfuMr9P76bsQ92/jyIBz64UN2helrc3k4pjwfIR208hOoNwpvUGpCemsiv1i9iydP3wFgoi0zDJEByyStKnjiOjt2Sgu9psdhnv5xuxzwil3N+WJ82liRcHLEofxT41Vzi4R0duOuRAfz7fgMK1NxBJQihZ2YZHp5eDxGK0/D33xVgUhYHki8noO4Ue5B+fAyWTQyGGm01UJDv519Fl0mr8SiJy0byYYdmFMsDtF8jDkvudkJ0syiIamihX+hVNstsRqd+R55j4gJ3tFIg58MQ+topwRJTRTz6rYn9ZpST/EYRzm5z4+KeOyQ/PIp1kuRoyWMhag8bAR5XneCR60zac/8lPO24S2opezD8bC41BAjQui2/4Y/NeRb+ORJ0kiXondsw/NXvItsAeQyb8RT8/xyiPw6t1Luyk6yM/vKsSzIg4KDAda1N3OqgyS5Xc3BnD6Dw/tmcbZnBFxTq6a1NLua4i8Gelalo+L2R08oe4xmjh5z4ZzT4pURTEemDR+k3LE4dxxY5BvBh9k1UmOHOpasVscU5EnX6t6FURjTurYyklKIbtHXKJO4PNIO87CewXcMf1EfLoJfLMd61gyhtogdPbZIm05/ScOaQPJw4YwYVCybSg95JdNlNDm4P3oCTDRWQl5jC39aIYIbfei560YsdBQ6gnXECJu63RVh6lGx2FOHzbS9geeh2zMsKxHXFx8Gydojb16rBveN7IU/UGJcGI6+wtAWnL2U8vWEz7M68yHGLk2iYMjFfzQEU3p2lsJb3bL1yGn3zruJJ/93ET589wVSjgxcKCXK7jAcaPbeApGYNWNmijV0yLyhTfzTLBDpCzpAzTCkuw/sxF3hrtCD4HVODwTfD8PhUMJ+oduCC6RKo6FgD+31CefEiGzQdG46fC2XxiYwsuD3Uw80Tz/ElxxVY71iIB7WrQeFBHRUPP0LBHxdg6uxcfrFZHG7L7oW/dVPRYKYh+w5446gTR2BM61o88vA67J71FDtkL1H/JEfwEh8HZyTUoT72Gp1zsYfV+xvx/J9FfNr/HLYe1IP0mP1g99wKBNERLpEsH1qUR8bng0l5kxdkX6ynWMM+nmFvR28M7tORVGtoEp8CI+b8R0JHo6l7zy+wmCBG84rU6e9SOVr59xkW9ZtAjLcFvOpeTvNlW6F7oJiW29zGs6xOox0lOSv7NdaN6wO3/CcU+MgJxsrvYJmq5bhaV5mmzH5AFm9d0OBYL4yd285uSecYHWpJYKQjjPmqSLz8N9Snr4XsVxOp6aMejn5aRS9NI7ngkiNKPlpAO8pHwSHN52j6oY0nJk7H5ev+4hGRVfih5x+cPO1P0ww6YeEkLeg+ogVr1EuZ60/yXE19PqPzj+7657B881jytgnHetEymP3WkGws7SDC8BvsCTlP+6WHyS/UFR56iaD50j3gO2xDIdf9KP6oOLelI7w0sCbB7SX8Vp7o160PfODVOmi7WE/Z1SnYtzYXoqtT0H+3PoRFd5H/w+8sEhlNpbqSHFh2FHLtHbDmgBOkHyxh49NfUCxFAFTOZ2FuwhT+GjSD5gWnk/9QL1s8HsYph/+wx8y9WPEpkPC3GAxF/uMpCW8gdtiMlFWX4RQHLdaX+MjNza7cOXcP+o4RYs12FXiXg5S7y5KLuk9x0u9mUJpSQsY64VCYI8pNCzv52sIuaNPTAc9FL/Bb7nq6t8uQKp/M4RrnT5yruxTi/16n5HwhePxlFe9XFwfzTFHSNVGGfyNK2EMqg4wfKOC3bZ40re0DH/jqQ8rqE0luEGD+AOALJXPqPrwLIlxiMdNogKQXr6E3S41olMwp/C/rJC9QUYDjKSK4OPkfnFZvw1PNM/mt/X/sdSiAl5oX0ffPGUy3DoFAphSQwlbMlXyKMTYn2ENQF4ffFtHu0CPknVMD4uHdNOSjDG71BtDSa8zLRgyQxd8hcj5wl5Tk1/NaawHYLGxLCwdcyPeJJe9argcP5oyl+aGf2DBmJdtO+csn5U5Tse5nEtCfCarX56P5GR/y2+IIOVPsCNYfpMqkD+x0SAJHjz8NPrrf4IyXFrxRP0La2x+B+t0J0NYdhJ1uD8Fn4y+61O2E+WfcQOqWHZf9/AGtY/bQiP/SMe2gEISG9LGa7nZ4Nj+X63u28zL5NmjL+YAiU5dRkWssJb2fQQWS6nBh7kWKSbOk+2f14cj6WyBmtYaED2hw9OUW7iqQwN33F0Lvb1vY9Wo5F+jPxZhYWTI0D4SHoTG0TC4IJ0Qhq6dOxHGFk8Gq3ADqVZdja+0rjJUwpt3rI6D18DPe27+fXo1bxrG/niB+9aFCNRlYLTMWY8454zzPpZCmlElmAaXUVjmCG29WonZfEd9J88TDWpIw7mwJbni5Cnef8OZv+ZOwJ7INdrUt4RFZoXyr9xB+nJtAT6ItwCNHFs9uecjyqQlkPX0Ifazt8fKVDloslA92fBW2mg7yY3UV8Lw7jM5S+3mL1Xi85qLI+OMKjv3si1995/GWMbfh1m45/JwnDdOir6FhnQveXX4SHGu0eOVoCfgZpIrBIqnkEdtHYZPOsOUOVSh87sCl2x1ZfE4KqN+7zJUyXtyYvA/fXz6Gu1dKg4CQOeS91AD7549wi5kTnssToKONyvxc6iQs3R3Eyg9VsFK4m36Xb6JFrWMhed0K+lFzjpteWeCq1DTcfe8fWTk+hl9ZyjirOY4ffRukls2jYX/Qfhhz3pXOr00knQdfqRSPYXdfKbku0eT5OSUw3VeVlFUYLvlZwWKNIH4aJcpbgi/RdENnEnm4kmaePk1bDKaw6+QSdnltDWNNhNE6dBGtfz4dRQPFYcE4fdKP0ybjpo0UeXAfrQi+A913R4HX9VmcYWMNy9zqYPui+ehzRY7tVpvh9OVr0X1bKhUdW0/OM6RBaq0xF6tKwowbD3H9sCpeSzmHd238sVloJj6bZIL+b1MgRsQYvMpUIaQlnHYXLsFgEW+q9B3A4ZlbIN53C0VnPwHrwIW0eYMJaNQfhLSEeMzQqYVZIb1k+dqYXy4S4+Z7hbw/4DK2N+dT31MRiP/zE/5kJfLm0kBe8esYbRWfCJ/a1/Pi060wmC5Hm+ck0b5AhE295bhg3XzIyL+Fp5USWcMyhu313/JGn8vw+VIq2OfdYsX+cTDlgThJPG8Di5ZGcNmnRLdDlXn742eUrT+PdV8/px6Z93CtTwL2Ff3B9W2/0e+IIW3+MY67zm9gtJxFg8+CYXPEKlIaOMLcYAp7HhVQQ6M0JguJ4uBvIfzaPw+GH4hDdUkgHxlrA+Kz2+mtpihEXTmPAa3+cLZiIrxKDaG2T4mUuvcHS9W2Q9asfviafg/P3VCHNYZyOIAK/CopllVao1GAfpLhjd9cq54J7Sp+2P7VgNBGET43F2GxuCUfPezLCSOleeu1Gn5xJwYbfMT5P99L7Hi3GGbc14AO71z26LlHn4Y7cZZxPA9q7qLe5nIOvTARS1cIwfH+UPiZJgzJKQ+45tRUnLVXAlukE0jQtol7kv+Aol8rKCgxC9u0oKreWAh+c5Lc99zEt74XsbxoJAyc+s3WVRkoNvY522gdp5mHdvHtPICtqTvQ124YZwVr0PLrlXROqwEitqiy8DYFOi02Ha2FbQnfjQHLwXJcMaSHSuUisO3DfsirMOLZS7XxwN5u9pNaCzSiAzyv2kPJcWEceeApSjb108K9Sby1W5nPfl2OVT3fuMRIBqL2HsWvCwVBI+wHnhYaibs3KFOWXDlf+/QGzSe8pblvk6AgfRz8TT8NkU0qMBzdzDUNyrDc6gLnbkphH2dP7h1ugcHJOfRzli36bj2AW5zs4ZD9d/wkuofbQtPQOcoJvi8B6A3Xx69BD7G9qQ5WHVsKxx3Ggd7E1ZzyrJ5GCdZCkYIguBxqgexGIcizmoUCUefQpeU09AiYgeDxHejWFEBnAg/yO/F+fKwtApYX1HBm/QJsHwzm9yfEeJeBOOzzdGO16rUQN2IJT0uaxRuTN7NhyBUaW+rI5m8teVGJGmz7TxB6MpdSRaQc3OyL4f1Ch1nHtYYsFatZdd8iGFXyGOMWmlCzmypERgSyQd0g3deYxhEeQ5j7WprGr7qFqU9bwVLrCK1KyKEHQ0qglT+LU5oU0VuvAtLyuqHAR49jlbbxkTHuULlyJgmHecPa54ogUJoE2uLbaE3hIhhxmkDRLBNvn20gl2u+mFjoShXpVlAbIwVhH1LJ0eAJJ7WeIaW7vSyyWBM23l3P+1ZYwfxYa0zZXI/NRSqwpUoQRhVZQcCyhfxGcwNPO/wREy3jQbbsH0718CXLs+qcu1oAJGE737U+yqFT5fi0bhd8VllI821bcON/Rlh9XA87jrRD38Ao2LkxDDa/cseDWrP50+xEMB4aA+3eFSxSDvAWp7Jr0Fxeb2QCET6S/GNNH1VJBPOfJ3/pvHYHX/aeDmoBZ+HSL3eILYrggGVyYNzfgtL/rOhSuyjsktADxfhIHnzXRpYC8yAkYCtFbRGFJluEFeNTMbVqFV+NK+eQCmQXp5W08LwPCXTXsW5wBAybnoWfTdKgF/+TzysdwbkTJ/OIvir2KUByTRpDKqpDaHRPG47Lvyb34FFw94g6pBwbyZc/z0a1MUnwSa+Kfjtrk6vmIB3uFIcptw/wY0WADzJStFq4kIQ+a1F4hiMG1SrQ5pvLYI/mbdjh0Yf198OgUlYIjqsBzf5cT7Ou7cKl3zfBnPvxoGhVhnMMpVjnf+LuQx8Ix18A6HcgK4RIKSsySshIZYREol+LtBSVhgpJqVBSsjJChUpUZKVF0lBJGkqS0aBBKoqMROJ+7lP8n+E8wHHShd7/+im1URharuxi55G2MLojGD1+u+PiLjN8vCEE1RPnQ1mSF4RcnQdbcmVAYNZh2uwkQanJmmy2p5lW166hngMBuK9sIS8I+4AnSzbTxg8CENuizN7bbnH5igCUFMiiSJVwvjCgwS1Wptx58ADk/b5GAiEaUCg+EfU6s6HNagIv711NIfpjcMk4RzL22Ec/m2/j1fidnDmgC33XayBR2YuWi2/n1Z4GkDotD3XdN5JgwRwQXCXC5evv8BN1Avmsubjn4V/4UdkBnud6OHPMNpactwbOZ35jU9ViKFZJoMMiFvDBdTE2HDzJOaElXK9/DBsG99Dlb5u44aonb9liA8bcyRJaomDgfZ9DXoTjkNddknZ7RKNXSIPwjuX4Uu8Y8Z91NBRykp1MBMF08xi+nPsfVk06wTvfG1G4QTkbrXGjvQJxrKv0ik6f2Id3z86A8MkbKE7hH+xLDAP7tttwcvFSXtdWCHvbLmBi1GpWLVlLSbtGQHehGv+dnUmRteGQHFuHNawKX/I9edPGFPp2+xRdjfUiUQFFaD0QSH4JlnRK1JeG7m/iqfEDvO9AMGf0faHysE9couENsZ0yoJVcz2M/rObfZ7dT29qnuO2eEi9xeMu5uqZoZj6NRk8eDRqeYyA05gVqriujYEVfCD1zBMK3qfNHiyFcKWTKnTczuWWnKNRl6cGf1AT2PSyJjZ2GFF8bQBsk9XBy+ScE2X+wpr2aRd9FUkSKKFiO+0we9l9heW4l/dr4jvfMD4BdWzxRy7SdItdUU5zVAubHk2B8uDvcnCvONcEVvAzFObZ3EtcVBUKR3wSuif6KefXmMFxgApr/avH5GXWYiQ/Ioek8Lf7sjV7GufRwdTmmJ27Fqxtu49YTCLkGwXgZxFh4uzxIDBP81R9Ar1MNnPqjjUFHl5UPDZCSoylUZNrB5qdH0W1BEZeMUCfL84/YZ1scvPJtYI0NBnB0xycaGq8Hzt0x8Cp1IV0Jt+GKzc+w3U6aRaESnfv3ssThVAx+KspS/42BbcdCsD5DE7e590GjdBY+S7bF9T9F6ZizI59fehSMIkfR8zJjwDmtuO7lZbi5M4N311lh0dnVWLRZEyJb8llz8BVrxyRRwjJzgIDpHNLjA28yf9Kr++tIb6IIp/SsAZdZLzFteJiuiTvCuUhheP9ai/tD5+D98DLcdXg/hMSmkODVatq62hE9fH9ju7QNCU8TAyHTK+zhM4iW83RwTO1oMlHNwf3j/fn2gzcoEOvCbfyD+g4CDMw3hA0/J8PRiS9o4NdLyk9TpojKHrgm344pqqqw/GwJ3S6WhT8Rt+Duhj245b4MzPb1hQTFHXAuXx7eVahy5fBmviL8mtpdR8O1b94o8PkTSC0txETXBLDy3ISLrgnhGB8hnB57l65rxvBuW4b2ri0YsUYRYp//BV2j8SjXZ8dtPil4pqEHel2u8/t/oRBwThv25Eiwpf1MqClWg4zNs7D62nc6JbOAZ+WW855DCylX/R/PUdOHbllPGqnXCpN3OPCz9VNo7rRm3K72k89IBNGkH8f5yA5PVnioDl2v3+IK1wkYFfiPDj5T5Nc5znTcaimNEjfA07lGXJ+vhALDuiCvkYwHJqwhz2tL4ZypFgh9HyAJ4YlQMZgM79pWUrlwJgwPC8K7vFycrCGFWYfycJtpEjw5/AVPCvnQqHGLyWieN+QPxeDiNlE4nnUTpta/g6s3HDGzdi/v0npK9xZ8BeULI2HlKj92cFXnLhsFCBh7iZ1mzuZLcQnwry6JjM4E8NhNT3Hj7H/4Q385c9xh+F0uAXFzylmsoQDLu2bDZ6P1WCHyDT/ssKaumw9g3v4Ejo4Npjcf1OH67NMgdWc2Dn2Pwr12zjy1ZQmJjmrGcS43cJdRFwY4noYtS8xB2XMmWE+u5fuRd1BqOJL/GxXDrdmeJJFhjtUiFTTm9Gx4KaUE3zo3U+6Yq7z+VCJbP7nLJ2eIwsvRPWDmlMYamn9hT0g076waD85j4+ml90cwemOAU7KD0W/CVfi7Q4tEawVoo/5l6q0KxfDJ4+BNfCPljBDEi953wGNeAf9yL6fAL3e4a+dzdBpsxxH9a+jaQ114k/gQQ/TWQOmvfbh6ezdrCF+DyfVaECIYjS8/bIK04SGs/yAL0gfWwFmfXez5zYfjaBQoCoTQ5Y77HFn+lsP+3oIPZUJ4S8gIIvVeUq30Qfhv1Fra8UYfRxq+QNVXHRzy7DRbhRnTyNiZqC2vC9U8DutWi2Pv+Tj0XNLPnrrm3Ka5GcTHy3PNDlGSNdgDz7wIRk4xhu0rcuBPrwF89O1HMY9hmlARCinPM1lq0i/asW4LmUdMhpi0D5CT70Ezurbgcwc9sp+fDYthNp8/mc0P8i2ouNuA7veqgK1xJUjs+Ax//F1g93FRaNu5n5y6s3l7YRQvCO+mUQLNVNhoCBfT+9A78QBLT3qIei4K1KpvDbnKP/F7+1HUfJ8IhrpNKOikDc+HYuHU1U34LGAyRR/S4Em2x/m31nV4cng7r29xA/TPI+0GOTDqloeXisHIIfdAOGUJmbmVQnm8A1zPLOTmN/Vs/byZjwqrQh/N47J+LVSpLkUNnRycePQ0/JWPgpT7N3Gt5QD3bgmjgUdSkGUSTG6X1eBwcShXW2rS62P7qF5lMt6Onw8qaWL0+Zwl+jpLgeOCM2xlcRPGPW4h4zmN9KjsErUJW2BEbQAND/rSZbUmPONmBp8qzpPlsUn8fdcNDFwsQ339VpCfYs/7rSxo/+EkPLY8ke+oTQTj6m084oYL2Yi8wMWip2CseBTcs5LAhs/HQb+omX7FNMHDXfowUzmMZg5qgtFqEdYKNsMbFqK4W4egO1YId9k8hsm7VsPMeAGoSJoGu9SVcMpOU5qeZksKNx/ipeR+FLljiOM/PcQss3IMdtcAf3dFzo5NgZt7FmBRYgJM/HUVQ86MhdHpuXDcfhEtnfWY3f2kISJ7Ni67+h7eafTwkrafWKvSzQbfq3leRxj9qT1PatOl2MJeB3rD0uHVs5Hssmgt1jovJMvXGyHU1pTSM1sh7UkfJO7aDY/WWECdwwL+1TkIYms38Fe155w/xRulpfdQxLJNGHJhDgWk5hCcmAgvlrqQcvYSqBFewa2V3jD12XYuMRlFf4YVwfdUFpRO6UK5JhVw6gvEWzFRaP+1EzR6lEhmyxIW87eAUL8C+LtEFPbb2CBe0YXOXcEwMmY6mc7/gZmvYyBnlT5dfvWWzk1YhZXqdlj7KpmSKsRg2XYHVuw5SJ+NjoJ80H9UYZIK8XNH01zeTb8Op/OD8HbI+YbQ+60RzdSFWKnyAO7LtKf0L0bsVOtPOgn7Ua5Lgzd8jaY4Aw1QcxVB/WtzAaCJneadpbT0GzCuYSXcWSUJ05wWw4VTyly8RhC01WNg6XkfMjnxF8cd6cIJg0vhktgYCDndjwoTW3GRURVu9VSAq+eTIc16FH9cM8i71iTQOn6Hpp2BfPBsLp1RmEHHs09Bd48W+N8dA0e3Tyfxiw/wv+h0DLH5yY73W6nUwoCVraaRkGQtiRSMgxGVaby47ipVLsrmQ4pn8ZTXWrLKZzjq8JJebPiOc+/IYH40wrkpc3lsiySaTxWDNT0RvPW/WDZ6vJy09wFI5uvyoaL1/LpPBkQtjeGC3lyat2caCE89hw9+umPDqlH035tcsI/sBDWNvfDIVx3mHktGx6fAHYHvwLznKn6u60KLpQfZ52UIZh8dwZN0l9I4YYQqzzQayGvjWdZP2X/eCHSjFzR8dBAXV9fTQFsfvmQjrgrQh5FztDEkoJ0eS1+i4Ze/8fv6c2Ch+w0PpBfw68nP+JrXH1pZLA7Rw2rU8EeQLMpc2FqoFaojX/OrCZWkNzyGNnkPUPjdWTD6rxkM1VrSzRdyJJ7uC99vKuOrvVZgmWHG9ZICXFsXQjqhuST/SgW6MrZxW5gRRBT14e/GMChqvssTc6J5tOJKPulYD13D+ZycNRouTpKi1YY2nDFsiP/5OtB4K3mW2XKYp3vnYs20MLKpOAIVStKw3DwDMzT/kc77fqrcVwyX5cR4Y+AhDHWbgYXNSfDhWD7+6EIQ+FZJ+1w70clhJtrLnyOp+eac/esBTNvWDG/22mGL3iuct04DfnSepC0Xb9CZ6lP430RJtHPUg7wDWnR5QhjvH5pDk5yXYcCoCWCfMgP+RZfyiMPh7L7gPPa65GG56UJ6csqQI3b0ctU8a779axJ0Jqehaet7TGl7RPufbKTU/ljSe/GAo3obaH/MPdj30oCe24+AtPY0XmuzibdWp5Ldvpk8rU0bB1/XgaeYBilZHwXlgU7a+1sbDGulsaPkNIeOiqNBkQN87vgfHnNRhiOiA1Fi7yg4KV9J3tXy8C1rGtkOzEFXARDofJ7ESX//8RnqwR1ip9lP+RcIzxhNv0/JwVen47hv3VnYJNgLtZdDoU5CC1KTAkB7gTlMchKlT+0L6Le5IpxcqcA+YxNwb0gdLw2xJqO6QbiQNg8m5kvBhIOi+HvNabqcPhrU+3Nh3eVKKguVgLKRkeQS/wRlNJ3xX8tE+uQawIbbz7H4UjU4NzoOIlSSuUX9A97OXQUyL5bw+nuzwGGqL46RK+W88hd49AvDir21tHTABU+OmkMzyq5QvM5UuA+H4V7KHdT9ugv+Sk0Dvb0Ac+5Gcp6MNuurBGPDKmmwUttOKqu9SDAqA+MmTIXowgW48IE4tM5UwKu/j0LMvBiumZXBVzsUUGdnPRduPMRhgRd4fPZ3aK+fCStPOZKZegMFqW7Gk8HxfMtvPR6w7+ahEhUQvRGLx9aJ4si7E+Dd9GHM+jIKTaMXoe7SBg70HAIh5QookFzJe2uNQP5vMH0tGg8vUiqgYYQfTj9xmr9p/cN0mQkceLGI1a704uW4Lvjo/4bvOCnAjhBNkDI5DHWXnGiLpSUGFJ2gxOSH0Ks9FrOuGvHpx9dg5i4DuHj0G4gG12NsSTX8UX7MSyf8pZBFGzBshAfEzQ3jLocZMGXYCCQ/z0WBD8sg5tEaHK6WQOmbstj2R5n++M5g3dt5ODEhg/VWm0DEBlFM2n0P1q4MoiTHDaRTfI7HJDnzqwMqIJvtgIun7EcPb1F4NqGQVPLzIOunEc1/1oALzDzJT+Ic7tjiyllVT6hhZS7dTBsFVoFn4ENSHF/7nkR/1K7A+7BhfpUtQPb5V7h541kmTQkqWzYavLOQ7zrNAyM7SUgK7qLVNwwo6vpZUpe5S3+njCUvSScKn68Buwt/omq8JSpfa2TzIXvs+5lGOE0Qb0e1UK+vHIlb62GDDIHXZBW4fN6Tr/qP5vx1r0E6VZWeDE7DByOus+sHKRzZvQMTnFVgtLkrvvjViNMsFrPGSAV4HmXEYSLfeLL2EPguXwvSWpZoIy8GEccD8UDJdj43fxpaXx9DHb+UWDZ+Jn5z3k7ytyOx1uAY4rOpULnMitc/WsbRU29Cg/4v0u/7Bk9Sz6O8pxGVfjwOac+/4zltI1C73cHq+33hkrEk2ibPg+3eUaTi9Iqupt/igcvIKxY/45HLLEB3WQWtuLSG+y7foVvjKti0xomOzFnNvyuD2edsJ/imn8Dd2VOht7gBLoTIkO46cWj004Mz/rZ49dEN2pgWTn67P6FbVCh3xk6AoLR7JBEszzJdJ9jv8VFMVk6AbzMcWX7FBBATXQHq71UwpV8F8qQK4e4CY9Z49IX6b5dQ861hPpbTAGPSDDntThvd3HyKm7aMhvNLfHi53Ed0UtGHC1si6Zt8A1u6IA5pjuHLRzTZJcwD01cpgHXoX3yyIhnj7nSSi487t5q+o7K8j7BPqgan+9/AvQ6OdO/lRBCaY0Lb8h7i8afFYKVdxcuKY6H/3gqua4hjp4O/+YbdLvSRkAXnnHUwybWQagZu0VnxQtz3+TE+3miFowU7adKMuajoOh28HMZAeshffnRpM3h5RNGfbeuob209HVqQBPObnXlqaA1PckrhW3P04e2L+YhKJuAdUYpOH46DydRtgKJ7+ULJJ5CaMJl6n6mTU6c6KEh5gJz0PzZ+ZYbx/bkQNnMGh2VupGV7Ktg3cQ+eLt+PWXJCsFNTl3WqrnPTVzscX51E230ZVG0v4MldglTuPBc8382E50YTQDxfCDN3f0AR8Uckevs9rvExwQqra9SrpwG/hNz4lFgk1/sZQc56b4wqYJ4c9xK/zHCgxlXHsPWyIu0wHQVDFpHQlXKBvQPEwObNXVQvcYNXis/5rdcz/tnfATP+xGBjeyxk/vxFDjJP8aw4gfGSXnbV6oSceAm4/H4tWD7oYOGg97D3uhddN9VC36kBtGc9gOTjDhCwFeapNzdCrZ0GZlzcBonXqvGQXjbOz16H2kubeToLQ7iuHL/OWE8Pb7fQC5W93B6lh3oL71DmokzUWnCDbr3pgO56JQgYbIH21j7w1/cAy7f7MfrmCNzyrwPaXGvx53EnkNgUgxabFcAvOhq3OcSw+tPTMK9jLR4ftQ3m7dzKr95UktYNQbij6c6bPxmBar4dx95phy9PfeizlwFeXFrIGZmbqG1VMlp89oGwkE2855wAVH61R40nF9jl73j61dxA7e/E2eOjL56zygIDn3+wcL8mrfAyhAoBETzcm0r5z3/itC+dePSdDaV/dQOnbSokOKefVVvDKbHGAk7ap+HGS/l8sjCHvVZ0UZDgR/jGCmh47Q2dan3FGQq1tHiKEWzX+4G2Wh/wgEkh3z57ACTm5vHmkmLouNKHvlUzYaJBK5st0QGjQHkc8GijqabLSO5uAA3UmOGUWZ30W2UZGuQok+ZXDXqweATU5SWBl942sgmIZp3pg/hY7ApNi4jlwq7N+GaOK56u+sqS5vLwwvYBxIvvg+grw3Rm6kJcelOROgsusLr4F5Taq0Y+R4d55+Xx8M/lGz5rUoGzKXf5bJIBWPd+IVv1z+RCxzm1Jx3eLPkN1lYz4NehWkrZG8wXF5vS8dLj6N97FEJNNkDXJzl676FP+rJGJN4yGfKD9CB1uIeexAfzp/s3OGH+V7T2OAMq6X9g67AfzN8tB/q+Y6F2lgK+n7APa4+Yk86/Oqw0COWgRAN03+AMPb7f8GPyAPdHakKR3E4W2DCV7h+sgx8Tm3jhhTMsZXccQt3nolm3A1lcfYh1jjMhymEOz77uz6nesajR7UOZAT2w2p0o1fgAtcUIwQgTfbzYJA13C/uwpvQsF3x8Qj2eQBYrdVCwV4iGjkdyTUAKtg0GYtl0I+jePwu2HCCelTAF3gvLcPyXN/Ah1BxfswwWjMzBySssMNVpDDRWqkGCzn5eF/MSsow+sX5eAO72WE0z343EZ/9c6GBpPWm7T4QRngbQ+mMHhXsEcMgIQ/xXkAQtVU5U8OscVQa7wQirR6h4ZRwcyN/Aos53uP7ITr46sZ5n+NXwouY4HGWyFbRWb+V5j/ZC9QZjCDBUIP9ENyqQDKQ3I7N57oHzNPX1AByb6Yx2VWdA0lGGS7aqQqlnCMp29WDUwr/c/qcUjQvSMeNOKqjaGLNHpDWnqN3k7gNjwfDsAKvYOsHR6xtQGM14hfkXurbyNjSnRfPc/nhYO6+OPtlbAN9bBiduiMDrFSU4UXo9y+2Qw41uQfC+qxROGY/GHqFJ1FwpAFKPn3KsyTUSN5WGu4oqvERUlqcpqWFsXAZcOqWEvkGbYcVJFXDMXslzxFWoVzcK8u7s4Xkf9WH+VFvqm6/P897fgE2u2tQjOgGWZP/GKXvWovWlLbgyvx+WnO6hLTMn0Z18CfzlZAEiUyVog64IpJgagGaTPBaHiUJQ/Se2qbehqmM6KG9fRM2r36GjWA+clh8HMxd/YJ+eGiw+uAvbyg154csKsit3xbqXSWwVeggDY+eQV5gK/Pb/gzvXL8M9hxv4kvERqh67i7etKYQSycmUKf4bnScf50MeOiDqV02J4+7he/c2gh+X8JJHIA0GXUb7pOOkddKR3xj9pH9lItDs1E+/Xgbwc40iNHdZhe9uWWP5bk0y8LfC8xdCySVhBoz3HgH1P51AfkgVXDuNsGXqLnqrHclaA1PYfGEQZs114Prn0hCaPhJyNl2kXRUjOW38eY7Yc5BKfeJoUXoxLrn5DP/d6QSPlu+8wHomJMbq0oP/+sFuzTvm7W955BglPHbblw7sc8ORh/7y6K3XsaFYD8xijvFkUQv+vFkQxgkN8RvopVKbfk5+M4Vme98krQU5+LZEEO55rGfRyY4UPqUFT7VKormTD9LhaA6UugJ+GxaRZ0YNGJ0WhAVzt5P47VM4pNODZTXiUKVyg7p/R/HCsA7ME98Bm1L+kIuhAmiFTQC1TUtxclgY1T+8DbfnDOODRm+wOaFIR54uhX0bZsGO3pFwbcQqwNbDoLFTE6513YKknEwMF8nhx0X2fM5cncHgCv7ZLAL+0+ZDRq0bH1wsDwZ/l9OLJ6Xwb38NCw3m4LwCSWg1c+e0qllwJf853WZFKC7QIBX7DrTSXId6Sv9B0btCuqWzn5erh9NKR3HYOH8hPhZ5jDsWvqZjs/Ux9YcfT3T9yltH6aB7yFhUXVeIDeWjoGZHIrT9vAXHazRZomMxnFw0iaxDhVll0znMr1mK0kkVHL3ZHDwUGR5srMde6518SOEnvDLYi9a2HZjncB/fXg0F8YvzMD1sHCzeVsDVXlHkOpxFAdkS8DkwifYGPcL13tpYsvslbZ75FVvi1WDW7mbed/Mm6JRN4oc35tHfwrucESZJ+65sAet3z6mhRJ8eL9cGszXB7KcJ8PZfI+Ue6OeaFdvBccEDXPA4CRWXNMGRBafAa9NEKM7vpnW+ySD9NZEsxouxf9RzHjnyOP+M/ghzjF7w869P4NQkJbAaE8rHb90H0550CJh5AR/sKqCS9n14LW0fRb67zI0rY7lFh2C1pjU+GVzDY68a8QqDSt5aGEp730vC/Eoz0P+zAsMjenn3Vl049vgZaczbBLO+bIbZyqEQ/mElFqw1xOZOSdb/lsfjzq2CqoPGcOOlMT877sgG7wikr2pgo3cBVAQ84+geHx5X/Yf3r7wNmnojYejAfdycp4+5c/x4drUnHPAYwcNfCMyt0mFieyAINT3lm+ki4LmshyeV+pF1lzAaNWdi3K9OWCe5ClLfbOKeZbJ0pNYE7D8aQYdGPbqZX4EeEKEZxoJ0y6ebtW/E4hKJk7jZdi5XSOnAtqcaMH3dFDg1uZTC6ooo8f4iblniy0vT6uFr9zlM6fjMaR11ePG1OeiFdPDa+ATUc86ASx5DvDC2FP4zkIMNgadYLX8ADS300VVyAhwsTqHFY3fSnR3R6HYyANSlcikqP4BCJ/dxe/453GCdi7YNFpCl8h99mSZD+iiK1+0XceEsF5xv/Bos9j3j1TV6dCRkG606qQv24Q3gn7GSxbPr0XyxMarf1YOgGBEc2f+BJfclY+YIZ6y7Yg5LHOSx1MEeAlZcoEGt5bzb+DcPbMmjntDl4OVgB21KZZgUrQdvUtyg9dl7FF9yj5+rW+A2ZwvYn2HEhfmvUb9sGy/BZDZAZag4vBU6BSbhYY1SMvIS5O68dt49VY6F59/CRSM+YvDCHaDRZAy/Rsjz8XALtvtjRgcP/YahHfLwYpUMjTvwFBcZSNNbq2hKVVeC6I4lnLRfgeM7PmLleT+u3fSWE+8/wHuLbWDJ0DyyjFSkHXMILr0rppX6qrzgqzzM3GNE1UscuZbEcaS+ND0a/RFjheZz94mR0JUkzcLnjnL3YXeY3OAOaU/luCZuGtU+T8cJafM4uCKI8lTV4OKHN3RztjD55GpwEylg47kssH8izWsbu1FgaDO/c1nGq7dpQeid7fQ0PJdPaHlxy+Uq/rZEABqMgWU0pWjK4hxqGboI/r8BMnf4Yrb/L1gUHAOsZI8NMR60Jk2A70+oIj3pOyi5QJZfJyvCl9CLqNeUy4ahltw0x5aSPD6g7NlhNJtgCmvOWlP01S0YnGkEbkIBdHtyEFv3xPJ76WaYJxBCn5dGwsnyRi4+mEMN4IhHzyCkK5pSgNsxelyXSQYN+7m7PQ222gAIF31E1SMxFPloPJS5C0CTswNFm9/noJWd9E/gKqS7bcJ9I7pou9IilP7zBv6eWkl+/zHMC7PFGccauPfhIc4t14ZNk1U5/vhWOD9Vg2PGKtEul/1YlzMRGlVFeXziXRBz1+eEfgfuHnmDLutGstbFeAyI/ABJ/Ufpcao8jA2OwqAnDSD0OQlk1q+Go/9N4JrHf1jefy4Mfj5HWyT/w9up+jA2bTPmz3oCRts92VLXCYc047nb2Y+ePfgDec1WvP/JQ0iIFIMveVWUrOdAk6x2s2NDJp2LOYBtukmsG14E40VesPfvMAgLEYU5RU9xRWcbmqtPI0kRIXqqOx9j/MpZNDQMLx1qhaKcTtwsqwHbxxSQ5ogi2uPTjFa+MznsjSi1dhmQo8VeFAm/ygtXyYL+HEOQtV/EVz7qQpjlfczQL8IO+QYyb/biy/+UQbzhH3aVWlFsuCJELZ2BI48pUtbaCmgP+szDgudpescmvH3BC0YufQ7DJ2vY87UKbIl3YZfiYthUcZx0ImoxPKGSQiwegWdJKykWy/HTnl46/EkEWqsqIXhBC59al07u921pQWkhj1zzidvP91BGy3fUGTUARoJT4OnJbnD5E8eBAQlos0uHnIvN2Darl0FRFac+yeJkhxJqNhaECYK2WNrRRjE5WVSlNBPataLJzeMMkKM1mcanE/3XTPMlxUA7sxst7fuxQ+4L4UlLODNGlktW1INCny+/sutCyflb6eGAOdCdCAj6McwvOoK5OvQ2FDavYw+BUzwhLp6UXFtAOeURjeuzABwfw65x1tjn8J30vpmx0pNj5Bh7GWyPnKdfj6X4ZfZRaNg1BlKOEF9QUQG7gTZojbuBOYcTQXKjP71P7SJP41sgWulMGrtEwH6oCNzeqHLZOz9KK3+Jgv85U0ijKv9tXc0yDy9iULABOdoZwR33t2RbqIumh51RNbAXUg51gJlEAHfs3kmh/wVgSvdYmPJaEOzlE0jb1RKC51eC7FxjGDXohTsfTsZt5enUunghfa8+hEGHBeB6PNO2rcbQ0bKI96sd5hcPrVkvyJK/DtaD+BM//Jv1EKV1R8OdTaup/UQKHBnQ4Vl9X0HjejWVZD3F53VapF2myXZbR+PY74LQ11pO9gVrUULZCks1tDhcUh0TZ4zHlPfOXHj1HE5RfwDhNQTzd4TA9Ech9OrLEMy/vYe746Xgh8xLUrs/nkdM8eKfadP4zWgZsHc3Rd+jI+m63Ge60D6eXk8PI655A5HJSjxmtge6nC3ga55i4BnnimLSWqjpup73bLuADueL6WXdHWrW90W/cb8xaNIZvnJQH04LNcHJike4L10czWKeg+v4SzQu/j8S7VMEaTFLOhvpxScGDKBFpI8dXXLwlb499o2cBQXiS3GPoxV5nXkNXcm5uHuhNy+R0YGjJRW8qH0ZN3y8hc1H53DBwwaUkXen2IO3eObBenbPWEsCuQqgn+tBW/uiKOpiCLVvv4QeQVsg4+oV0M/uYwEnG96hrMTP5opD07Em/D3JgXZOucMJg2awc44pTZG4jrc9fnLwlEwqMNzF+oEEisV6tN16iKYHB+PH0BJ8ohbPDXlCIHxuLDeJt3Pvjzg4sUAZ3HYl4pvN02jsIX+40miO8nK1eMAnAC9rquDuyhQ64JYAe/0VIHW0GvTeHsZnblV0tnIZdd4MAz0rO7b+8ZpX5v+ANNl6WCCpAZGGr+Bt1nR2dvlJS/PHwe/eUdRhtxAHDc/TMyMREhvYDLljBWGIdbEvQgeHBeTRhLdAcDOD3kp5iMr1pwm3Iyl/zi7qLrOAnqZRNFszHR/+eYAq19TQ89wnWjyNMbF8AAW+jsBHh/0ocD+DTOgdyDPcCrvlV+D2iS9h4skA/CW7idS+H8GoFR/g1H+WfMh6IjgnVkN+lRpOENBjofPuFHNhHCZ/keTXh405ctkAxK+cgeMmjgHLs0k80Sed94q95w1OytAy1QoEbcfDqtfFoN5sAKOoFfoHzGDVzCSWulVD167n4ttvufxEQps/e+0jxZ6ndCWqmgLCoilrtxIsbjsGiXLJJLSlFt9wIq2c7IKZO4Jh6vlmdPTr4nVBI0G9Xg7szATxZ9FFGKU3Cvzcf/MM1SBecXc9z9CcA/rhEVw4ejdMNpAE2e/reZviSF6tP4tT0o1obkY0Xtb1hCU3qvBygBzIWz7CZxU6kK/wGqqWvsN3Jo7o39AFC+wiuHnDM2jLk8d0lVgOqVdiyTh9mPF8LfRF+GOcWBXEfL3IB/4iWtsZkIKdHqiqNPP9qHLs+jIRjodEYWp7NOpGtJPrXOQHdYii2gF8L+AmnRry5VddX+CdjzH8rieqvOuOy83D8FPYZPi+5Cwld/XgpvJP9O5fAi82SoBjW+XAovMKLjR4DJNPaiM1eYG38HeQ0nZB+wIx2tf0F4es1pFaixGUHdDhCxbWODa+DuLrZsLkkzVYlHeMLGSOo1WsIS9SWIW71omAcOALWLbNEOK7JvHp0aaYq3yX2ndGQMrPxeQRIomBjYxJ8cbg+smYI6Ir0OrCNmj4NgatNznD5/7N2NLVww1bdentrdN42Hg0jE1Ph7IjfVxc+AT8fHSx7MFUjHgohAFuReC9kbCez4Fx2Fgg9bvgecMMZw2to2aRb/RqjxGc4UpoDBBEzzGlvEtyMZi5TgC7h70cNKqLOmIuQ91pCS47/Qvm33gKilPCMZUtYceAGdtGjYRIu2nQRJfxk8pavKJwiK1z+/D76B7IvuSKcYGHaKvKVwhGM/iqWALtw1agIPsEpvh+QYsjn/jP9Tr6JSRN6Y0vsF/+Ma54ORYmFU/CNSmXWbeHWU3NF2Olk8B5bTB/sD9L4pc8ecVqQcoSloDR3fsoRkACrsqp4sNsURbYs5DMfmvj4oZd6G8dxF/y93HLhzGwfFiOf6UtgPCP3Xjn1V8+KD2V+mt+8rFH9iRQXYEyN9IhZbQwNN2bSanXq9nGtZYsNURQ2/IPtWx9TgYVJtRkG06LLIZw5EpjuMbiBM5PicaMwPvLL2FNpAk9inCFab+dyGHtDhrvthllz5nA2LWOWBXlz+6lmRhfKQvnFMfBmiZ1OPVlA3msb+SFI17wernpkGGwE8R1I/jgr3IMu9XPFQ/V6azSetQ7EARmgcLw8c0nqrtpDF/fVMLG12vpVv1x2roinuSee4GH33k+FCiH+0QGaJGPPpy+Oga8k0R4YctFrAxYxDv/NuOD+LHwu/MomWQcoHOTF0Dlsi/QqjoOVsY4QWT9Upqb6g17Kj5xQfAfODL4lFx082m8VA7Oz+2kwAfi0KuZDia6fvzb8wlOfx1LoudeolLnKZho70RloyfhmpgAqAkCUFF/xSK90+jT1ZPUuMqGdPLS4aPeflylmoEHbeXg+qbzMLx/AtgefkHmsQlwuLwR1XYA7DrQitowj5MfroTTjj6g12HEC12kwFunn7+3zof1Td54zPQH+/8Mptt2J2FmbCR1K4vQmBep9GiODognbkKbI+8w51o9ZY1ahf1pNRSrGQsPAz/iP00hEk/PZ5nZ+tAnkYMPYg9xbuFcbm4sh9ODvngo1ZYS0R6OCTxjj/X3QXSHJJytX8GDGbkw+epBikocpDL7SzzrjRQJpAVxgPAx+LDkGb/VZRh9/DmbdhjgweuW2DeUSdV/16KO7Fwon3oJHI5rwcD1VFA1mQrxf13p+1JzOH9tHXQf/Y1NTw9x/lI1vH/jCNW2mlJe1Du0mGoEJ5at4rolRvxruyT3jBCi1uTVeLFhISTRUxpSj4KICcVA39Rg/o9nUDL/Iu4RiYSCj8Z09dUDWiohDE8rfEnp9HcoXPOQntfIgcajKD64aDW7/S2Gdzs6uOzwajQzPI/FdxLx9H0j3GAUQV9dx4DJATuYtnElbhdpxPirV0jy/HRq3vOa/nOZxa1iC9jxmQ5tszGChzvtcY6MB1c+KuEdM2NxVUY0TulcDOvqGnBy/UIa372bIix0weLsBjb5tBDFwYY1jr/FuMQxkFpnwqklH3i1xUc+4V7Fbj6TIMPpI66+6E5i+5JhtkI3Ko0Lw09nWuG++TQYozaK4/A/eH5EGuaFbcG4yolUPVINs5Z+prMnYsHHbgqV72+EszIP4EutKBYvHAG6c6fAfa3zpJ/uwmFkTSMWi5Jf306ubjbFitIUcujcShemj4BHkz3hhdEoCim3h6xPifB11F9c8qST17tPhx+xHXhJq4euvVKDpzP3sE1hLZXsEKba8R+5aOgEF/0XSXuPucGlIxEcttWcxVEHcp7N4MjHgWQz+BFmBHxBq+E+FPs6jv57b8cVX12wfOoUGtWmBP+Uc1DFvI2+vhqHmZYqsPX8AwybJMihmuZwIHghCIq9xpP9DFULtvNYQXX0bNsFQ9U3OLB9MwwODFCM0CJ0WL+WFo8Vp8QbEuAfGAPzT99AafuN4IZDPH9AgfX9RcC2bCJc3fcVNc9lI5rogsHHJ+j9J45cxCNxbcZTeH7Ai9ZmV/DMUc5wNN4AX1tGY4f5eBCMdYDwNx9gbt4EEmq15cXuRnRh1276TlL0+ccuvGwpAQKTtP9n/6/CyhMQav4Z9y7J4bcbvtM377Xg1f+RJjY/4YN7GmGRwQ8sXzkZuvO8yf7gI77SZwm+979RnlcpGcp8pqvKJ/GklB2rVYjwpPWykCbdyk5Gx7gyqYzXbNxNjtalsOVWGH4oWQEHTUzonb4VRZSpw7yuOZA6fJoW26njjgV+fK7AAG73aeCZgG1o+92Afu1zQgVTQ2i8lQeGBeG4zW8F1N8M426vSPomXQGN+9UheI4CV03Lx16cDissVkDWVhHadLOR456+pD9P3uLDdTepZH8XGuhNQtU/eRx8TATufz5PCYMxWF7jhtaCZ3B8/BpIPyDKD++KQY92Fh5NfcstfbLQmLCO5q5xAzupBOz6qov6uk9xgvUXbu9KJmv9IcofvQ7zRHThwSE3XHe3HJtjhCn94Q1+c9eeQpauJ/kF3vB01Uvwa5iFgwkSAHtcoTHPl/vUl2FIhiGE6hzH6oqjcPjkfrp3OhfuFtmjw0hhaDwnQN6KCmizSguv1mSwhqsBxuwI4CafIJBbbML7h4+D6gZFmL/Yje4qXWDR7NewbHs2rfIX4qbbxex+oI8f7FrBvTrl4Ng8A6YrbuSOZ7Xoo1gPd6Z7g/2VH6Q1eh8P5nSSybQ3sCulCjcWjAfTOXn4csgatfwayDwongeWDELMWAd8p3udkjYdhhw1Vyo6JgXH9q3k4nP+6Gv4HK8NJlPZbV/4LqxNloKVeCJsBx/6Lgw7XKdB3zU3KjhmwtMH5uC2whu47OxSjndIZK3bwjSl8Q1Gu6ynycskwW9wBH0qHCbXF264VdsL5jvWsdrbkWgxtJcUrxWzyA8Rdn9oDDm/ruCEqhs89owQT5NOYRVpC558dy3sGv8Cb+aroYdHOGTenQXj332Cw+ckiI+c5a0d1XB41U/AQTsYN24ZBXqqgM67fi5ZMgUS4nfS49LR5LRnNUyT30BVz3fyLdcOjn7ynqyfOsEDeW36ZIvQ1q4FkRvvcoOrHt2dG8rhcdPR/0kvzH+xEP7rKwC7PyPJM1AefLOLsOBcKKd80CL1OcAPuw2h26QSOgX6Oe9BFMy7dpC3qWrBhQptnjfxBj0ZZ0lrjuwk7+QRvCmij8/OloaeDR6wUrgX502VgPGRUrjnyCG+t3AD7NoUjUnHZDD36FK8IH4S9XfOhnVNLuxmrAbjSh1w/7MUeNmSi+W5O3FtyyBUpfZj+fKtWOhZDwfUf5CatizIfvpHPwqn08qie3xqaAq0hT8Es+elcKP3PxLwTcfZ2d20LsUCUh80gWb8cbBCLXIMCELBLxEQsMibHdUGwPi0Eptm/oP1L6fD7rwkel0ylXut0/lx8hrucbLBI2JHuXFfAQhkfYaczEaUaTcBr6J1WLdTAsZFfcJNFh5ca/adXpMBSxt8ZAkJedru/QnO7BoDEWtPwqq1EfTt8iw6TobUEJUJjYZZdKR+CgbZXcMzP4Xxwl0zuD72PY/78opb4vwwp8uG3kdqQ9HhNIoe9kP5T0sh64wEdbbqQ8x7S8rKU4PzvUJ8IuEedR51pILwc3TGeS32lSrg+vEX8bqlHvwLMcBtZYkknP6CY++K496/aaCkq0kdlqtJfKUyWJRI4qWfs+B7UTZGdn+DiMedrC+/gKJkOnG0fSD++dyLfhprUOT1eIJFs+DJxGR63tUIH4x209TZXXwtTYuPrV1GXY+CsObpWtpgFoL3r+uCYmU1qr1wpA1117F5FPDgZxNQam8lnVmuKB6xmVwSJoHla3FYNCoZjx+YRNm3/1I7edP0Cmlcp+xG64oOYv8aDUzINqIm21Eg/8AId2dvpLjOG5D4NwvLn8pS+axt5JS5nZ1HFPGFzDK49U8QjpyfSG1LByAtbxg35Tzi9vWv6YzLTJbotETZmcowpC3IZCsDkVsPceyV3+iVk8mC97TBxVYOerJOgfaWuejfkcVTns9hw4VKoOGmig/OhNBf2/f0maaAmeMe/l36iK5tnkqrhB/CsjhDvLVUFmL+PObuUBcYFbOFnBsWI8+sxYtT4vDluHd4p6MO1KKaQOazBjw3aYLkKDfOmnWJvJWdoLHECwsHJvPiaxeh0rGU1t/ToeJpJvBomju6iuwn2eu7qdngIUt+TYWSoFVUJqaPYe8jaOFACq6PmAhObx1xYPMUPCu0iUd7JsLIDY10r8ORHL/acfOJjdBdMMjl26dCmGMMJDnNpdSmv/R2xXGUS67kVX+n8TihZk4/9Akzl23HZc3KUOAwgprGqsOft+NpTul/EDhLG18YudGFnH1QP28rF9dshKqdqmDrko6LNHLBf0YJLbr7Da3ur4UH26aifJsfOZcEg+vuTfR9ljEkHDEgSIiigRx70P0kRWnhNSist4wEZb5wuGQVpyaNJqUkC/g+LZr7Dm9gJ6F2vlq9iGfdqiLnxzdIVjKJJt4Og9WtG2FlqAlc2HoAi3+9A7td0/Fe9XLavGo6BO56TdNb31J9wm9W8thDps+MQXPRbVRIPQrKbf1oNOv//SfhlfFXaMz9HMxmdzoQKIOrLshCgtAWUH74HlY7n4a0S1E8KBQKh6w245vk0xifXYvHas0wYeIMmO3ny87j1Kls0QY2craG2+NHsI1JD4acqoS4yB2U+MoBw+bIwfOtdew38Ttfdb0FlX5KPPQzGm9MqMaCecO8Lkge3Vx2oLqhERyZEsclR8w4pK6Ux3quxcDMsSym0AHzQ3WxKEKM66uvoKPzGBCXyYZls3egx69UHL3hPIZGOuCZFWPw4BhZCN77kyRNrGij4HRYby2O5uZ7MNkaecykCrb3WgGTbxyG+d7z8bT1N3Z/mI1C2VKQfUuHN/unYGuNG7xNLWOfBaOgXeAUGq5j9NE+ThUR7/Fj3yzolAnlMajG0R8zSWTPAg5a4kCV4cYw6DXEy4M2s3/mG5IaTXDljgVsXaoNTu/EedvRNF6wPR93t1WQn24DzTTRhJsnhqE2SQ9OXHkJuk/b8a/ncvLfcAkMaxlmi57g16MW4jLdJ+y66Sd6zVaCv1Mfg8seWXrW+Jvc7bV4+fl2vv9MktQ1tHGa52o83XUeO40M4Fb5Dz520Bl0vqlizaoUurloLD/udcTEvU1wU7+EtrenoYaMCfR/6EDV3dPRU/YVbzv2Ad+/XwFdL2ZgS10OBJ04QC2rP8OSJ0YwzVSX0w+3oXLyInyleotf5e/jmpj5lFetwS+6S7G8ahNkHBMD09BTUD7GBh9l5rKA+l8wPRyOF0/X4oa9FiQa7IR3cuoosXEkmLosgf41iTB+7iC9tF2LTzNNQTHtOH+Urael0Vt4YWg3fXk6CpRib1H73MN8JlmIX7U0w+D0ZoyOHAE3ml9QddBL6B6aB1VnxCE+TB/ufRrGccezYITARnogmkiDdctx6PQQ5FRf4o4p3mD31Ay8fiphysf5EOroSq9xgNX9n+MCHwlQqKrEWvlUbDIUxZhAMzB0N6eSRatI/uoQ6VbexH1Kvpjk5Qu+N+pASnQsy1ZuIX1rFegX7cCxUeN4xYgk9jVuhuQZo8m+xJwSbH1BarECyUm2c0S8KsAWa1653QbWhJTDpPZ76L79A9eds+UNuh38Cp6T/qN+Xi6rC3sU9XCNXD0d+pSOAt8jMXpgCm4Qe0an5syh/TNL+brSGNL2nw66Z/ew3a43VLjsCo8tqaSq5HDc8TYb1Go0IeWPAg2GAvickgRJucXkff0xrX8jhCsTDVjP2opa0iSh9EoZ5vrEgznH8DQLfSjS04GeNYL8duM+fiqoh5tsLqKIcj9F+k/ikwqbyWjxfXZJkwBD+0l4u+UKi1etxRMiZaQSK49hm8ZS8j0pvusejUM6R9j7qRBcWsgoZVhBFHkXvzTk0gtZhLPf1eHCixaUWLEeU5WeYNFFZVD0ugEdvAd/v0tgt2EzbvBZT82fD5Od21aycRsFwc49cGbFDNBa7kZS1uqgkXEWjd7ugY179Fh9rDGNeOJEETMHUMdFEbIOzoKHqrNxrG0HFzTEk+H7Iixrmg5lkX246q41HJW6Dyl/Izhjthw4KsXwlLx5sNP9CFZKEzddnMTTGoTQWtGKVs4HFp6zBY1KJQH8L3Jt4WsMXDiOVqsOwtpP6ljWfZKL73jRyYUH8MyiXaz+RAJOVDnhBct1dC9YhU2WFLJ8jynFqE5GnfJIii7eQnqH9jJulYTwPc2kb/MLTt4rQI+yFyDz/TapWOfj8koRDClSp2MRF/HSJ1OQbDPmWU4+4PfKB0I9qqD232deFipHt7TVKcNOCxoLJNHj5VR44jKE+pvP4MYJn8hsWRs90HbEMYEbeEX7XIpoWIFqQ8pkVjwSzOWW0IW3mbBj1hFa9Xo/zZ44Dz9u3AgHPMvRSsQJVom1oniIIZScLoXMP0+xtXkZiS+2gsb4Epa0Midx0xZsd9dEN9VqmpmhCHJ7zkP1RxsWy3GFNzuDKLj4N5YWvuB50E029Wq8+PwrGmchDkV6MfxVvZ5E520A93s9kOFjDVsuaoPa9lbcuGYUt5u9o589ynBsuTlMNRqgnC1vKXfCY55buwCiXilR3eW7jB07sfO7Ocqdnwq+Rb9QJmgupypngfDxk7R0ihfsl9vMbeKeLCdpyOd7+sAhfiLcl72LGv5qWNfwkx/kmqBWgB2mZsyiBWbVmJnty7IhPrzm6DTgVm30b97KeFuEWnkudcQlcOvCer65/TtdsGuHPNM1oFCgA35Hmzhc7BAnrrsBY49dB5uzQvTePwOG1Qqp6bszlmf9xc54BZBWUubZbR64vO0fzTlSSp3jUlH+vC8rJc2C2YsU2O9rOmycqgjbkz+Qj78CHexN4SKPQ6gQosS6UX74zGwhWX8Wg52vhqnIUR+m3p9OP6rt8OZ+T+j+5Q6jvyaT8sE7HLk8DdwvlMNd62/418YUOlW0QTdJgO5OEGGXK7o8dkk7Z5i0YlXaVjCWl2abmi4q8BcDM/cWqNK5Tj8KfvD5PjUWH13Iyr8coTzAC9x/5IPcFicSfzoCokPj6GxPDlb/rOf2ESV0yGsEBrpsxrO/s9mvrZscrkTSdl1zeKK6lbOSH+M5G0PePbmEB1/G8Ob0IBizvoIkPCwpp8mcVA7NgI5PK0mnywJHvbcj45nL8bGrFMXa5mBaXAgOOk5Fp/PyIJuvDY+3hOLcnyvhvJAYXwn5yg43mKS3nQZNnwQ2FrtOxQdv4ZbfypDtM5/fWb6gAu9csAy2hc8L+8lSJ4HWxNrgp1dzSONgI660kgfZtEkQM+kyli1bgxqbTPH/CIAPgBAQKACgfxTtTVuh0NYeUpJRKSUaVCgrKxUllISyQtkkRSRllV0RoUglxBUlpShpahiNe0+K/nF7+CKuG96IEmabsN23BX6tGgsf9/Tx5XdzeWacGVY+O0cjWAehcAcHqL6mkqOnMe+iKpcN6MGez1u50fAFKKqv4FBTESjaZ0x3Z/3mXUEJdLLRiNd7mvOWaSLwU+oWu+1WYdWL//ha0w0IS9lBTgZP0H1oHPRqDJPdMmeS17OBmb1q2Hh+BYbmD5Bi/lj2TG3jWf6BXH/yISvUOtHVXdvI6xbB2QUOtMp3DiQEtdPLia00JuIVVbzXx8RVphTVVIne55bBBkl1iK6aSy89CWPfO2KMUjp0XVSH+Jqf+NcsCB9dXEcXz3bTaxVlCNg/Dtsis5GPHefGvD/g2TSb/c0DSbOzim+tdMeRZQb8PtUY7qbuoRtHz2JvyQVwvSONtdNbqOTILtqp2E6RZ6TJsS4DQnsF4O3e43h5rhuVXG/gI3NTqO36ZjoyeBgrHqWh+PgLMOXeFFodqQDNyy/ShBP3Ya2VBUZvfQH3hUTo3j1L2ql4DYf+5tNaj0l0V9AYfr48gpke9vReaBbfePyPFGYFcemKKB4If4QqAVW89M1hiFqjDvMMlbE+liBweCYkrirDo5UfeP4YVVjz9j2dzarDUcorIUZZHrr9nvATg1xUcXLD7rA22ExPKGP7Kni/TovLSt/x/YhAEJWdAr9v6bKwsAatqImETPNlcNzrFW81GKAJdh3QpZaGT+xO8YpLSjB9Yy8W67vxyXFTwHB0HR2zPMqOuzLJcPFklm+bDCM3qGFhmxxc6NlMU3Rz2CX3Gb+MdcCIV4uhq+UvtDlH0rfAKWifVUWftorCaq9Buk5bwb10MXeL2WCnyT3aukMOzV2foXhgPi1UW0Nb3ptAd5UaLQy4wQpa68miQJemBZxmQefH9DgpDXIbX/OCNFPYlW4IgmuD2a0IMXSMIHWnjKSEpgYW/RpAg6324CrqSqEX5+Ox7TZwpGYxv7qyF+dHX+Rp2zajaskX2NO0GFIaVfizYTC4Yw8uGK8Oq4IeoK54B7Qkf2Ofm4DdnStQNdmKPZb+o4arTSBaOMD7Z1vCpNMRnL+cSatFlpVL68lA9Al7efXyBBUBmmX6D/zVPXDgmwLIZiyA39feol1lA80arU/VL0J5UNcYTSoeY+OSSxR7XY3MlxvDUjsz+B13Gz4n2LHaHUkeMW+Qmsed46tHveluK5J6bhJzhhY4r3agHLN8bvAz5bi1e8hW9jEG9iZhR/YmECg/iulmk2lflgqojP9C628nYXVJMr0csuKXbeIsFDPInmahMH70A9pz2xsjRMdCnHcgLi7IhnEsyw9VwyAkbCTP2TCZ/Mdb4e1920EqSAX7pMdA8W0xmFp/iSW3haHphr+cNzyZDTIeQ9yAPQm/PEPLhWVRsXEEJLMhBJWHcdv1JBqxJZVaw/w5+agOLXG8CD2+sjCrxArTNGwhcrU/h4yeQzfF51D0yT3oWNJHHVKneMtyZ5QI+QDDkxPBdIcIxDVn0rjkBzTFpw+ClxhB0Kzj+ExpGr07/os3VxphPNbR5/eG0C+VwL8NvHh2TjvExaqhzllVPjlaEv2+h8HqyPuwYjdDu8x4sLTtpeH0LyxXugSDU+3RTngP2G+bjdPKl3Mo+vOtc/sp39AYvKRdUadlJAm6eLNYywSe+ssMr3pKQGPsSV4vdJiMg4pgUG0SKPusIM2lT2H8r620dWc3VET5sjPWwWvVAZ6r6wUxup8xUsoGcmV96crcMPTQbIOnmw1w7+pyFDvtB0LB/VRUVY1ZB49S0Tlz+D7yE4z65Me/7xBWttpj/uwudPx8Au8d6OJFKc+4wicHx8hNhIJKYzwb28zODjvhi+xtOPeqjfzUp9KxEdfQtL2JHh/0AO9obTj8ZTulVTAd8ljMH2RuY1ulJsRknoNvHxeA5MZz0HqvE68NG0J1kzGk9+dAtbsOeH9dREk99pz5KQejpCNJRrKUzQT6aPUbVZBeOAQvI0dj6sd6eHjIANM9siHMdCaqlkdhytd1+HDuB/g2djSYFB3GCsVcMrQZYs35m1Asw4F2XtoBEXv2k+NGaXzjkAHNCrZg0LSTrBPCSFSwheLljdhj+TALxRiho+x2ivnSwRJ7F3OAvxAIFwnhOtmtdPaBKL5R9ofJ0yTp0+EMXJ0QSArf5fBf8USeIqQGw1n+5FyxiladX42b+6+AuFQKqfp85vbuLXzokyp/mBpONT6WcD5Jn10vGpKJUDmpTwhCA9Vv4G7/EKvb7pJQdBsejdhDOYH6sNGmm0KDiqk/OoejxoSD3MR1ZCWlQ0o/ZmMvfcM1GTG0abomiB50oAixcrqyRob/XarFLdO7sG76C9gxJ4327DhN357PguqfYiC81wTCsregltdYbFLWo8+nkvjQvX/cPXY/TMxI5WyvRDyipwk7tKaiU1UCzJLQJeHYOBifdBDvWgjw5yeH+ZnMHVr9vAyE5zP8jruJb6oqeLS9IG3b2sX5J3fxXd1qTDjjhz+eHoPrHqNRJ8sQ+pMHueDreJq+7h1J9BmDyHhbuq4rRxlPRsD0liBuN9XGpcrSIGY9yKHJv2FqRAv3aiaTUtVNSnsTgd+ajoHBemcS149hgbOm0DNuH90wXMH9abmc3jcSlRXdccmB/7igwIp9b84h57BX+LRECzKyHuP3Vi1Iea2BRY+30MYtrYwXXrPXpAn4XkqbDSz62SzcALQTSrFyXwiLWDWhfro1rjnTCaX+D+lv+RscDu3F5sRUVlJi+O03hvYJ/ubJO8uoqDOITcJkILdbHi4nnuC9RV38rbiBzEsNIGPtT1zw4BtElbwEIVk70gJb8sz3puHgxzgUXEv5qeWgFzQJbmwpJ5uj2tBi1gM3HzMbXrSmPochrLlfQwErCW73z+H7RdLwcgTSLtvnWHD8Kb39cIYLopejk3UBHlULh9KC+Zgu2MWu0jagLOkCTjmBfOK/An499QX2TfWBl2/b6J2GIyvdmogPMwuwMA7hsfVScnl1iY/4FXGXYwHTDH2YMCmeL6VeAMGfITAr2Y1/gDhcqo3hQsVAMp46CPKPxmHfqnC+m9JBgfuk4WmjD3mvfUAbv46HhSUJfP2EI/2JSOEdbn48nF0Gv//LYCfjBLw3JAaJJeJsKDYaLki58GR9gswZP/FF2l/612yPMkayYLGhEiWoifeXysKnH1qQG3iCexxPcILaWZgb7MtiibP43fh2EjIQofsVu2FRlSmHiynA8mTm9PZTdHRCDYV0CnMvO2Je8l7MdPelZxu94aZ/Dp7aqABW5Am+G7zZOLYVto3QpJsHF5L+RUXQO2dBcid/IUYewrRqUZj1oI7+jPuBh1cU0ojQW/xJ5j/wnZwMJRhBx/qqePKvGRQlNRLun1kDgVGv0bq2lG8GmoKLQQasFP6OEZI/uPuWD1Vn7kafSG0YfmqHJRqraNSiG7BhtinYVe+HjSJTIcw+n6JndnLh6AdoUogwZZEMNV66z1WXRMjMIoDMY8wx+uU/rtmTwDuO9cHoOUfI8YY4uC8BOL3vGOuMmgX5xyZRoeUu+m19hI5s2EHHBeeiUb4NPlMfCetefuDgxR2UNj4ZNnYepeM3DlHPrHTYvWA+tKelk9yeEbA2TgT+a26F3otvIHvOJFhZeh5ab06AV62bqUg6k9TM19PEGEl+Y60Lbh+LoUX9PTx+5MTXGv1B3OAuqA60w+aqYtLzmwkR99+w5bEp8DfcmPvnXUO9KjlIDf2ICgq6/PqnArv81Mc12X1kM2U2nzCSA+nPn0BYhaD2biuEy3ug4Z0OiFu8AmMNUnH9Ozcm6SI6skcI1sxJhdcWZugoJwD7bwuSZW4Bb9efDjs6ltDICX+w/VgJ1xy3hFtBu6Ek+zZmSNpgdtd6aPFch7rS7nx1wzA8STnOBzSnYM7hkSAq6oYKr20oPdmPtqa+4FNhGWwkmU5F+cJcPE8K3y9qZ+fvtnBy81yYGvaL6hdI4si7tiRQ6M7dBumQvjEJKv4E0+LMy5yRJwANDt206q0+1uybgzdk1Um4xYGvuhTzR8U2nvFKGmccLYExL0fBitlDqHnWEwa0hMmqxRfcZaIpw9aF6h91Q5tyLz2QNOMAFVVYINzNub2GVJh/mqy8d2DqqsmUbRzK8/Iy4No3GcpbvYmzauRhak4yH3r8l2BjHLYdqeb4ZCAR24NUuluFq17PoafvDfjEBSOYtNqUq0Qn4NXAmfR2vw/nWN5nX4exLHDSHzIOiMMSoU7Q+zIVLOI96fAiF1oXUMOyly6wuE8eicethJF+57hyvjkfuDMJb31Whwm7n8DbV7fAcn8pR0sV083p+bS9xRmu1MWhnQ9Aqsk+uNcwAQ7W3eMJ+/twx/gC1jHVp0/zbamnLAo3ZB/ksI4cdLuewTpa2hBWEcWPhSTh0tptvGnqH2x8Gs0/t2iQXs8Jdkp6jnLXtqJEsD4kByvSqo4aikhVgeeTG/Gg20JsEnqPKg3RdK5qO19qvYB2YmLQJCUAJ9w28OSN4rDlrQH1f3iHW81NOGN4LK3Me05ndDTw9y1DOFlXCFqvKuntIhcYuWoeXhXr4tTmTZD6K5/cY5wxdsiTRmtPgKO3TfDbY3VY8jALazaE8Nn/DtIzr146MnyDLnd8hkekzh5jdGC72FNomRXAUucG2T/sC03awBxaoocT22vgayHii+BazrYZBS4iV7hxygMSONcHjuu+gMAXF05Wug+Pjwfw/huJvOyfHKLJZHi0bh0qCBWwjPNN9FFOgHvlRiRwrwVyzqlSm9oT+PyumbYfUIFdxz6w1IpQuNK6BoJebaZr1q78XHI3vFeKoIMi2RxqlQpynkKwcssJvLxDl/edE8XgCQvIyLWByqSWwMPTF1Eo3xROyN3Fl3t1oFQ4DMpq1pBkXgy4fYpA97W99PnMGawwP8TDkgn4qew77Lw5Au7bvYSLX3eTmpof73QVoJRaTdbXnIEDgyupa5YRFjz6jNM6ReHGWDEo3/UZXHcSCA9bYgcdgoD5zYjZv8FrvSltL6wEyzNT4YX5FWz2PM9vLkiTrdQUWmqtDVv61kHm76dc2O5IgWaj6KCGMBz0sOfR7ybj0RYxHDBdDgoF7+Dk6Vcwc8ZqdA0JYZG8Wj7+1gokdI9jZkovHBT1Iw4opueyciR1cTk6fnCGSVpPyMcgnWujDODy4hUgaSXBY2cnki3ZUMaHRKya/hiWv5eH1tEyeHhhKbhbMOz9fR6vRtWgY8wmOD/9FDbKD5JG+1m65ryURVwNMOZGM2p7yYBcznjcO9YV1sdLY85pwLcBbXzPdSl2SGSyo2oRVk3ZAPl9ouAtU4WTBx7zuKMPoOemGV3JDmBrpTb4sb+X8pLfYY+rB8v/ZwAvr9ZhiNACaFGNxKdr0ylduQ3VnomjfvBOLH30jp+OiaKkElW4nGFBvmLNtGtnAN7zOIcOQglQDr2k3JsCf+yeo2WaE1q8sQHrwY+YcLKNDu08ykEDwSyhtJt6tl0g+fWeKDb5HHYaGbEGWkK1eQxbuf+AZJFLbDXeDk7Hv4Uh2+dY+KGD/Q76UfqVNjRNtIbU3xkUqzkJ6j6nUW30c/A4uAAWFIrCvJKTsHq7Ez81PweX+oTgR/hDspc6St0icrDx7CYoiq7Dj2Gy9MLqNcqc76MzkkP0vmQqPF2SD90DG/hy1Vd2zrXEbME4THvZTDJ5oznD/jvbrX7CrXnisMuqhQbHmNJnI2I9DXUeGPUCZ31GljQ4QOD+CBRLf7HraGPgY1UgNuY53RRohVxJU8wzmAt+G5ZxqbIB5XxcA7+MuvCYnCWckNmHcXY1qHXmPTcIf0dlWV2k2rX46m8H/Ki6Rt2VF6jF0hLUHY6zp0cotlxLRO/N3Tym6B3NKN5G9lGNZPDnG+4L3QsH302C6UbBeLIhl26nBMHZuFNYOvMaHI67RcfuaXHQBlFUl7uNn8KswMPZFVvPSlKIhzdo1syGgeuN2DPOgnYlicPXlX8xtDyGzSfIw26/uxxqFEzDk0u5TroMZ0pPxudzWqFEaRlnr0qg8tWWoFlEMPW7Ogzd9YOJf2+T5p2toNhmh7scgqgzcD2W0z9s8mmEiDYJaBK4D5IzP9JHlRJ6MHoV6Fg+gkXy/+GerZI8gHPgedJ6svWThfeJi/nAmgPgv/EZa6f582Q7Wfz3Ejn4QQnNdtyK30r2wZ9OURCQKueWCcIkGrIGFu5XocerQ9E4spNeWBnTGFk/kA5Po89PNMC+ZSUETo7HMbdroP/+Aagf2M0u3y7h/Z/COM59gJ+cC6ENR0ZDqYkNeklehPuC+gzH8rHMt4vnXVTgZvDFg5O+8Jbz10j5/AjQ2lKD7b9OY7lXPIe7p1HNKmfeuckMZsi4kPyTfXAysRgXsCm87/LjptxEmud6mgrarGC1bABWrnQgp/qjELAziHHAE9/MUwKlX1Zs65rOx1bm8ftEezKfdhh3nrWj+X36dHy7EUUvGgM+K8bCt55dbHrBGA5praczclcoxs0Ppu9ugCMXVpD7URE4oJTL5to6oG4SBY5jj3GZ1SiwUK+npVs+UsOxcmw60YB6GwxJrPEz54oKQcV/GzFmwBmzt8Xwu3rEhFRl+N36lJL2rGLBJam4vUAGqgvF4OMZZbp4bzWZl35lHV9dXjxSESXHC7CBsy9ODoyAp3sX4Ao7CVhsZYO5tsLUpnQUpP1WopmDIW9OmotB+Qwr3p+CdpFjZFqvAo1XE9BrhCt9OFSNUiLeEDApHGx+7yPnXflYMLKeogrtwNlkEtRpqXFhdxCqHHCkZ9COixJMSNylnOctvAa5ERnQs8Gcbj6zgMyfSnxbKwZtzZThr6M6lFSL4BexNB56GEQ5Greh+fAzeHVQDrZfXYEjTcMwLPA02KaKYGz6EToi8g7eFV+G2bLJ7KYnCZJpsuDSl8Guka7ou/QGTX/ciY/uWpJ51DTsnGDNz4Tm4tSikfTnoSxoXfNk5+dG1NX2lcP9XlMexGKQ/1zQ32aEMZuuwB+hMFBN1AFd8bUcVDKBujMH4PLPGPr4tANyv6eQ7/MCVMNAtNx/io9enwol0U1oGaAJ2pMWQU36NTIfu5Bni5SS1MQpoP/fbMq+sJueX5GGFBlNmBIthfWHV+OTUR/B01kbBh5epjFvvKEo7yQPRLzAV/EErySEYdGTDzAm4haVV/6kXYlx+PjAEc75YU3eft6sMkGZLjxQhgJ5Aqfj7ZT/oIqUB8tx3JrzZDHzMr0wWQb4WBMlT3+g+MIJULrnI+zQ+4QPr67hhseH6Et7PtX+vAwVT9djQ/cBOj+4gfoTzKAjO5t3xiznlF0HIf3mbVi+yYoGdULhcsQgftlyHqd0nsb5fQqwYq0jTu7Nxg1LLcGyErAhVZ6v28fDk5n9lL24A7dIHeUF4iPAxlIVZVWvcmV8LWT1P6UxNX/whJ4pTh4fQBV5j9G6IIEmaYiBzOtx8O+LPc0MaqeKJSsxZ+FyCknNRp/IGhbvXQIem8JgKEwSwpWqaVfXbJqY5EZS25eS75IncMh2Kb45p4j5T+fTvG++aJlqDZeNb6L3UjWQWPoDruh6AHYrsw4YQabSVmwwmMRhpTvptshoaHPsp6VXl9PuZd0UYtABq3bEkLS9N/9L9KDH8TO53NGex+aZg+zqcfzW/xldFbFF0R2vWGekIJ0qEkDZL14ocWkFpllsJcdSG5iyJA3CttjSqB93MND7ER/4W4ulH0LJvWwmNjp0w5FiDZ6XbgDeYUVwaZ0YGppPQKEvS6BH7AVYCvhjbOV32hlvjpPWb6CcD3Jwd1UG+SptotvHs+HXlM/4x2cHbIwZR2kzFqKyciT4RvzBVDeG1h0eeMTEBmYdSkJrj1+oa7QASpW/4a8uM3R/Ow5nlH1AnyfacCEvlt6pfGLzcGGUuywHj8/OYYcSO1hRsobz9x6BFTeOcPDEKVA/fTJqi9yjDRJdtC1kPYT2i4PzPHW612gIUvJGoOy1Elf8mwIntxhQ82VxKErq4S9X40jyUAw8KTUBlw2BXKs/BYTEkjlUTBAUr/WwnKkddZeLg+W6XAyvfgxfItbTi6L3pLFUAEsFczF+ohB8uKcDR2UduXPQkryXDMOcn3a067klrS/ay9uW3cQJG8wx1scIVrg/oLVu4TRyqJfjPn5gqB1Bn5z20SKL9ahrNp62HDWC/J+asFh/BVidnUf7v/bhHvM5lP0+EG8F5LDWjwmo416LeUXp8F/kCNBXOYujZmzEnOkbobEriv7VaED8OS1S+ZZI34cN8c65YfqRbQavNmbQlJZtbGUdj1nJz/GQ/CgYjL/Au6bHwTrXaJRPSoJZmrpw79tltG3TpXfuwFMexqJjWz0d/dqPL38AmqhN4ko9Wxg3djyMcJnHxQut6duVJI4b/5pd7VUpsvonCPyq5BsdS8n89HLKOj0CTB2ScLBrGnj1veX5v67DA6FLtOBhCLQ/2s/1dQepOWohSY+WgGa7DVTbtx7V/67kfp9beCx2PoSsn8pDJSVUuuszB+zYD21rdCH9uAbuubaCot9soUcPrWm8yzfSsnnNLlO2060bquyxYpBJWxPUb2ri9ttjIdN1Ns99482q2rkwdHwWTrn4HNjRF/1dpsBJWzmofrGCzxnu4cakx9Cjbwb6I1vQrGkbffuvh9aIpEL1nlbe5i4JzwZdaYlXBUkcY67paMcWNWeSybxMr1rWw1aH2egTfIzeVY6EE4+noXk9oUOqMFW/3UJ1xwvI+kQKfJZ2p/D8HojYmE4L5Kzg2ShR+DU/Gyo/uGGDcDUmeSpzVkgoXXpdysFhe6m8cB0oigvCZbE7cEMkkZW2BvKSm9FUknAWvL4OoIb4d3gtYkrThpRg8T1D0AvrpbT1ojxcbcdyHho087UYKC9g8so/xWMeSqPF037OiTSFk8MmZKQbTbvrt4GOwSK0LdfmJatP0+pruzk4+Dgpp+tDSLMq9IePgE/bZlG641scu6iW9/xthudJUegVGMMXK6Op5GUKNg8YwuDwelIKziGfDftxnTjguBmVrFuqCSMeHCLDkj9QZ38HJmUrwKrFb6FkpAI5p32m3R3lnDH4hU99PM9lV09BxYXndK7uK+7PFgVDiTwAywjIDr8J/uuaIFl9Ppzt0ifVhVkg6m3KY406UeiUOVxIrKQ4HEC30eNQKG0ajO2pxsMrZ5D/+yhoGH+euvQEKWKZJUyums9nDv/AUctGgvPe0yx6wwsXby+kWxL+6Lwol0cvWwB6j/Qh8IUR5+0ejy+yFcG82Il8V7lBmncizrA5gZWnXuKvRG/cXDgaJi5M4AydKfSfkzkcczyHYT6F+MpwEY33GouVBaYUtFEEIhImw/rL0dwVeoxtm9UBbjlR689xmDBwGVvuTSTPh0/QVT0DVmXLw3LdLTz2dAwZtYoSTjxN2+zmYVzmCuwZW4gi2iF8VHshuT9Rh+WSx+FXiAg11DnDiEsn8dHMZ3RSIBpOijSDzM1tPC90CS+crQvxlIW+u9W4e1EyV623YP2B1xAfbw5yua9IsiMQPb9WolWZLegM5bNM5Un2z7oPEwLfwA3Ps7Dc5xJ9+iuKG9siqHd4Ad9J1YQD09M5+dQPsrmWyEkpbrhQ9SU91TSjYsu9WO1QCzmtZ6HunC5cF3mK9/WkCD/OB0UJD6q7eQUbxhZD4vB26stbyEk6T7DtiCzccQjkBRNO89laCRrzpwB0P3lA5e5nUDAqH4r3nuOCijI0SpCCd5XEtnfEear2X1qqFkbm98Th2stxJLi5Cu51pkD7Sm+IfqYLAjWrcJPtH/7y3w6Oi5oDRlce0s0VnvxmtzFPtGlF4TVR+F3NBvbffofzjm6CIjHAhY/7yOtTC03YuZKvDdWAV1QfmT1247IXArAuKY7/+7qZHVsOwGavKnhiGkqiuzv53vxg/jipjkXcbtMlA1EIN50HPm/kaFidsTtDmNBpLSU8mEsCRhl8ItoNn7sroaKpBRT8jiMDwTuUtUEVmncX8JwFTVjuLUZKE0LRMlYIyvJSSU0e4JWmGEik1oDntjxq9H8GR+S24og7V9C5ZgvcklTEi/JHyWT+ZFDK7yWhp5M5ba4NNZ3RQcnrzly8M4xapYl3Xaqil/MuckCbEdw62AAV9fXo1d0Klc5OUD3JnmIDfXHjnrscsMcY4/L7MdxCG7ZcuEy2ZZ1ccKQKc+2u4LpqxuKtC7HuIMJ1m3Xovq0PV81Wgev7eyE/agrmDZWhys4bOP+sLY6oDMGU10646V49nzYJgmHLKZB6toysc0bxLKeb8MRbG+cMLed/Lb8wNfsUrFdthP7HqRy+UQAsbl/kG2+VQHJJMaiFj+cjzwqgu8GWDMJica1vOtxa+YCPLtIH1Y8+kPK0ELjPk40nj+EM9V8QUziN3v6SZ/lMTzRwyae0JkNYtiqRnrnao9XXflh/ZiLMTA7ibaNX4arPItyz/i+tmT0JprkYgd2Vn2DjOoihD3Jgf2QaHW/L49g6gisWp6BmaimUz0+C1p+yUKd0G/pDhhmevaG5mdKUXGAAn9eM5yNfxpCYxAk2i9Mhx9fjYW/pHZo62IIn1RRw/seV/PrHG/r72R63HzgNrmUObB27mbxvqEHR0hMw8DeXp67YA+rnNOh7Thbs4cUwN/kc7rdfjwm6ACZTtOG/FxM5I0OSO5U3sZZ2B8fAEfoZOpVWBTvxiMKXIHntERe2CcAV9wEMULwCjjY9tMz6KFs7xlB9USDDjIsgY5tFOnvdsNxiBIQ9E4BFOnUsttWJG74m8v2q5fTguCNbC76D9c36eH1TKMzarQvPHI7zllOP6GlOFmYExpOU2gPcEhQJ/vF3cbguGhLHSNL6SHMIPr4IyTEJTh1UwDsfV/H8gUxMWa+CBh/Gk5D3K6q+sZ5tHAThfXkQuCx+RXP7m7it3YGH9GrZSMMSG5IyYXjrLqATk7jX3xw+BTnhUdMFdO7geapf6ESeQqYsKhqPxxNP0N1ZLVzhN5KOPJsKWX+O85Z3lnj4RA9bSKWRw8AAZ1+ZQjPaInnjnsX4yPg7zr0zDsLllcCveAtMPSCNN3el0BI3XQoKn4WCnqEkfMcX//j14PZlQuCUO4JrvkSQ8fP7PGrOLTbx2c0hZunUP2st5UXMYD+rLjJ31IcrJcd4TOgOiH44GdrSuvFO7gFKz9pL2Z3bIXWdEr/RWgAiFrLwquEtvjYrw3YPFfysfgNHLfWk52nLOE1QFPYqx1LTvw7YcVkJZEws4GzKcbi7dg8vki9DAe0JYD7rL5btDYQt7I3Jh8Ppo7QF7PD8j5fmAtpLDnHeh9tot0yJ3g4TRYlHwbnmSnotWAYyYhNgxFIz0NW3wTCHnfAs6zkdKn0Nf8RawfXhEf6mM0gx6x3BwkoRrt3bSf7iN7EBfoATvsC1d0Op7sw8rgvcjS8UQllqbR3eNdOHoqSdsPAhcKN0NYdMG4lxcjG04O9brBj7DF71jaUQq3Ke+k4ErEwHcIV2CQrsGQFrYtag5f4jPOX+StY2aaesPcU8+1YniKorwud1r2GBwiXqHVbn9KN/eLvtEQ44kEphI2/TE91P3NwZRoYbZKAkxRd6Hax4QFEUbqcqoKSCDZyFMpaYfxXXalwBi6I+iFXUhWOek3j7DlFcFn2TUyY3o/+dazBz0SoMdxDmpmcSlDluBZzwkYUTP5iFM2QwXGkx7PP/CMdVrXhpVBzxFTUaVP9DCSut6V25PBgV34PEmidgOdYDXisXgkLEJuj8V4T9Z16D5tgbPHtPJmcYqcCQqwp7KHVQi1gA7D8ZzGEvOqjV+BFpCb2lG3/asTE/hgtrRcA/sZCcFrtT+kd/PrnBCQaHFFFC0Ymu6hmRd3UenxdNxJvXx4CSYjRKTHXD7GpJNJtbS9t/KdJ/Eh7osyeKcx62cvw5d4xMFYQAh0lw+hbR/N4X8Kmthi64llIwjOEJehPQ00uJTkme51/HR8KL71J4puEQKdUuxDPFITjbVgWlh9bQlzdS9Fg0A/ud98KIdBtYFPGABKGCLsXfwZM2K+nIDkPctUeP/fpqOGtPIPz6tJw+N6qDs1ETe0zMhNORC/Fi2xNK9RehQs0vYNy/ibuH1OB7fQFvOCsLn7rOk9aHEpAIjqJfiRLwM7qQ152/BDsj52PBoQswdsRaum0lBWsUMvnR1z0woDKSRs9xptlyqli1Pg4VQm7DUo8YoNUnaPEOIXBRKYeXd4fhicNVSLjhCjMOnIHrHmp4994CPLfuNQ/GzKHpiZpgl2cG5NmKJx/JwEjPXSiHc6BwoRSKm0rQsRtuJBm2F/zqRCEldx0eCLyApq7DfOeBDBvvbqDE7UGcaZmGW6+Nw9i2Cl40TwrstgjTjXorilwrwsd1HtHbt7EQaGLEh88WU4upJ23Z/ZM7zghCXEY9vExwwZRNXbzNw5c2mIpwwIAZiLv0c+CuA/BcUQr0p0yA39qneO9Lhrw3I3l732zOmNtAzScm0HXrL7DLLhSjehU44a4BaAhM5LELL9LTnX9ZO3Iq+7xNg9kVTrTaZT0WZefQSTkPTtRWAkv/YMwouEA36jcTt72Hvspe3HfuC/wxSWWJj1/IxqmTn68bDaWb9pHrsX7K2m1M04N94XCdFSWqN9OeK3tpxqnpfGBGPXuBIfwXsh/OyjM4xd3GoTHrcGzbb7TfOIhxz0dR/Bw3bjBQpsm3R0Dt2J+0IrIO+3Y5s3BWEHz7+hj2rcugde31qKNqDttcHPnzOFnQiKunxBplODYwhioKP2Foowd4S/fjZhcHqFLUpKAGMSp01YOPfp9ZWP8waXieh7LfxWQxoRi9xxxn5cX9PN7ADVa1DoK7ljhc3DgPjv7RRdHPIXjqwxZQ0neDW52OoF59D6Y33kdIawSRtYIw9+sinDWhmb92xWDQ0BGc+G4HV9TsJc35Tlz22RlEvrzCmEwBSBhdwb/vpWDb+l8k1rWdGiALtvcZY/i8D1DkEIGpg6Ow3kwOpgpEYZv5XN6g1UNN4dNwyaNFoLdTF+daTcfuD6P5zO8eynIVhCdGrnAUn/Kfqiz8u20+hj0Lg/inWrjX5Bh/m/+exWTek94JhK/HO7jkgjc9UJzDgvtscMffQNKu/c6n9zjyWtDC9DJ51kjUhPrOVzBOoZ4NqJS/rPlITlrnuXtmNDdFlNKymYcpOz4Fc2XGQ+jAX4po6uHfm25T7/hKFAqwhcv3F4HC5DTWqT6IB4qVoWc2Q/s+L/L6J4LX9+9A23Xi3NglySZHw/hrBkJJ+zZSeJXE6p9lYe3Jak4cbw0Fhjc5VymWH76IY9+CzQQ//+PGhefgaLkPgYo5LFdwR81/xzhT9irGq8vwjNeCHBmyjH8K52HV0ia+ruqP1wZloGd+CSmHWLLLB3WcG7kct63t4TspP0BucQ1869uEiVZNfN5LEW5UfKCrgU/pjrYbvhHugVkjo9ivu4VD450xdn46vcp6z3IaI8GrxI/mFWTD+0fuVLbrAK8ObaRRIYPcM6OdL9hX4eLVr6l3pQ6oS76Gc10aPE3lCi088Jje+/yE4x0CtOBYAjosu0Gy2/rpZpsceKEqiFy4Cp3//lDtTTeqEvyH7yPMcZRcHgbY78RLG2wgqUccorQektfiB9xhYccny8Nwxh1f/kXyVFb7ClakhYKv4Ab4pCQCKdeu49tD7djVnUzn7ZtQ1SeKFv+No64gKXrVbY4b7+3nI+/kYczeUvoi9otv7rSEpct76ZDiU7zo74b5Br94ff1CmPZeHT+K6EPMVheM6elhHWVz2hyZQb+a+vHO+UrKH1vAr4LLqP/CeUqaPgEOSsTj/IUDUPLYDwyu6XHWQTs45D0DT66ugJ8eiIYlT+HAoVFw0mkU9VlfpRfzkRwvpkCecDxN+xqKy1Wf4HnVufzB5RzOzVQD8cv32dZ0DWjLL+DAvBD0W3eUryY2w+ZIDXR5LQL5NQl49pwVPJ6wgB/urwP9dbUo0dMGh76uBYWMGbQ4oQp81h2hwe+efCjZCDQKI+C/lEBKdNxEzxRj+JOeKo0s3gwwvAfNHobAvYEhKhEWgKlq2XR65SOevEgEXr6fzeXPFmNZRT9MmzWKFkWJkc6mRvbKsQFr+W+0aaEiSS9eBg+UZoGSoQhkrFzKXV7H4O2iUVgkfY1dflvBDD93TtWwx5etA3DoQCNz/wc2ybdhWYXdtLqvCaVmltK8sCnQ4mhNsu3msKROFk3LZ/DkP3HwruYqj+/Rwluqh6ja2hp03giCgJ8VjNjrSvDvDrdO78fZy4XB+u1PNLEu4WdFA7Du7D4oyDYFwcXj4bqkG+8+sQxfj9zIp/5bwzNVHpLqqzLcNU8P0tSTeKmOMIQ/n4P6nxbBwFwFtncfIEHjd9Rx4Td9ixVj01kI4wR3kN8DHbD5cROvJK/FBhtAr1oZmHRBD5rq3+GD2jNcI69MKpdNyf6FMdhxF0YXLIZ/Jh7k39iKq/Z08ZHZeSTeV8yhV6eD5OrlXLLaEIo0tuOyygK62aiBce7uEJVaB7bec/mI0wt4qPEGTHb4QrqwDggsXophX4Yh/+Vn3KZViYNbO3jEjMP8O+stHXwhz6/WrsS/cmNg65wC3Omlgxe009ip4jr+85vDxlFnyOrgCt4wv4i+DUrg12Ap0LxThT4TO/ic6xyYeH8X9EeO4+er74OkShO07vtC4tH2bOCsCQEXM3GiljBFmq2h0OHR/E/oJtx5NQcWqXyjZaCDt/XC+dNpQ6j+DHwnvxyXTS/hZS1/6W57AxmxNI7rNIVM3we8b84SfHdABULE3cBniyO2dVeDpZs0lL1sxP1HlvGv/bIQqPIJdlV9JtqNkJKnDL4VduxzYyscnz+KptxlvFB9F+dl1cJ/94/y7QeXeP5RBItiV551xosfWLbyw/P7MLZpiKed3AttG93IMvo9uAsFg4aIPhxSTKacTBdysL7Bxv363G9hSEcSN1LxxjsgPOUrX2udxeWfx8IK/oMSzy5QTGAzF+V/w7cvfUHi/QUAnWN0cJ8lxdZEQeshE5g4rg9zHy5lq6HL8DIhFVd6yNN8GQ86/baBvzaN5qlJB/jCqClQvDMa5T0DWUH4JhZvVAOz/WFQpyJLhQKn0Lo2lsoDDkLWXS04GFADbTkEFGMM3vHucHe9PsWft0AVr+d4qOw4vNytzE/+qcHMfZfxzK8n8P7XAgzf3saJPd103YrxXdtSvOIQwENnLNjygSLU5oYRLOsE8R+T8PeaURw5Zg+rz26GUu/v4PznByclZdB0f4LcnNWUtLWPHpacQq85o2BeykWwyf+MvU/u8KhrGRRi9h/8SgXIHbMC7QT70Lg0AOmuI6/+MA59c+ay36xjaO1hQuLVd+iMji0MRNWyrXAbjzr3nZZp34V1XfZcOLiTdf8zBUefHBpcaI/6EQTx1vn86f5TFhWIpblyyrilKxHeJsmz27RVIP6xERf/EuDsjrGQotSAWl5puEvZACwahlD9zRSK/5bP0ZNEKLaun8yCRpHYeSMoztzFet/+A+NHPnhsojpbdN3F5iMqIPz2IaZWmrJC8z42NjQAnaIW0Ks7yVnsA+28HTbriPPa7E6MOf2Xot/6gsO3E2TTJAhZiT04Y34PZV3TgicHpFFi0BN85y2k3KpPaNcrDPFZr6GmRRHivyvh1K44Ks1NwMqL2XDhhCwGfDpN1v9U8Z91E3d29nFApCVIbU8mCtEg+WTin9pf2KzlIZculsVnufvg6tyTmGcjzQl75cG8QRNfhu4D7gQwVbRnKasMmro9kzadbaG9h2PJ75MlC080h5rKFJCP/IODr95SvcNd1JNYA1NtdvGIp370SGEtV59sQaf9MtDuthMUt5/hXUtyOTB9J70YMQqa267igYNGFF1RAkV63hi/ayQYBEhiwMcrdJiWkbNXPJU9qERf30YasvpMA99fs73zIpRPl4Df8/bR5ItWNCbFE4QCPTD8sTPHSnfTkN0Wvpf5FrRUh6GuwQRMy/byLJGN2JgkBREFG8h7SAz6KBour/pM2gVa6K9XiUZjNWDPJ1UKOH+Wjz/PYFcLW+T3+eRu3c4V4Q85KXIibJPRo7lZMrBJeDLI3X+OH36uBbun9jgdZOG/40m08+19TI9Upi4jF5iDRpAQWM3yJgfpdt0TnNlri0vviVOkhiK+2abFj+bokMAGJfqlPBq+BlmDZdUpqJYzYaONHQAVRWzc6cm7/5vDlw45EItms2u+Apx4Iwy3332ig5u/YXZdFVbYL8Mxq7yh9IAleD/X4sJjw7haVB/u1l5l+ww1MjvwlY/dOcjkWYErpWVg/vhUijT1IYfN+2FxtA4crN0Np2Sec0bbMPXsqQS1VSdgDK3lnxIW+NHFCR5JvKdsO0No0wzAY4/Go1HnTzJbageZq59A1pcp6HfwOoS7NNMHe2v6fdcaMq6IkblFOFXBINmYTeeYVV/pUJoBti8s40uVxdDSuh27xwiB3/qT7KSQxkHuw+wt1sPTfQwgSW0e7A7po56TNZBZ6Is1E5XBYmsmKzeOwqvSZuBnp4mdyW5UF5YNYVPn4YmjGej6Mp7fnTKH6vJP0PykmyVeScLT3E9EE0wh+t9LtNlhAc2//MCmYC4d0BOE6rlDGJbG/Hj6PAyJWsIfu51AU3cSiT0ZIK25v3DdvrU08oUezJm5id+45GBatz2cqNWARx9jca3RfLLx6OWagmT+UivOMjtFYbr5ETq+zp3ELBfwepvnqB4XQaseMcP8XLiv3Uhlgas4r0EahpK9eKYawOAtZ276fAombJ9M8peTQNfuB+akp1G6nxlnJFtC/qkZ+G3UK+q3qQalq2o8W9OYPMf1gvrTEVx4fjn8kTgE8e/kYGNcOcQvmcc/my9igJ8RloiPZ8feOq653MUPNq7jj9Zz4WulEtzcJgDTBE/x6uWlWB2ryyoemzh+Tx71z2nkgYUFWPTdAR8n6EHdkCyL3+jDWKkkfPFUAg4YjsGu3gUY7dMKxknXuET8IdveMoYHUf8o5n4CrnzEcP9rOne4aoO/jBy+M07Apc6v6PxYSRANHQONO27RKzU/PnSyAAL8l8OpBz68yLgKpDqvAnz3Iim9Xrz0UxUefp0KLzXeQKN1Pf/4YM8fFJkeTKmkzM3jWaP/D+x01MN3tuJQsu4RyHpuhisbnFExdzV1Xx2CtqB88DufSVprHtGxgnOUYyIJk78q80OzdJDUaoRd2oGYc2I9W1SvhuUB76ixQYW3vVhEMsn6cCB+CbrvXUdGc69yiNY/PDzsBZvU6uHC400ktz2UL445Cp1jBeCfcBbuDw+mXTsPkUiUAB+eLwLKIEYhNQPkMCeaDmVNouhUXZg7FsDG5DJ1RhzGXVc284ehNPJZeIdSbzlA8qRyvvw8hc1LheBAejIZpgySwqd4VFk7CjxqZ8N5xdM8alk53Kr4Dw1qUjlu/RiwvH4b7BV6SOGBMn15eA3nLuuH1F8fUab+B02MTeH1z5fQTT9tKDZ9ygo7l+CS6zvRbXgc/fB1pgVTKqD+uRM6PqtEyZeaoOJhA/m33PH76lmkktxDUlP9cMwXQZZLEGXbQ80UGD6R2kb8ZbUHY2FIZjVv2rsP86oT6bi7L85YV4FnW9pY8twk9lp+D0QO+eAmMVvQvLiP9dapY6fXCIztX0RCabVYGDYLd888i736Oewy6Sm7nhOE/cHj+aLsbdpYdYSFvd7wtNKbFPPrM2uoSIC8bh3EClRjc6QpZI7WYge1C7jPcTpYbLIgcbckHCF7lWYO7qamNm1qlgnCGO1JcGvOCI432AnP+tejQ8hKcLhuQ6lgxZsPv+FZOwNY16gFbvRbQK1+AY+c9Jba/x2AqQd1SanvKdWUm/D0ohUYHLwM5919CYbSo2Bjwni6Hb4Fbhrao4tMO7v+/Yktmpnoz9upWGgi7SoXhdcdE8Gj4Tz3rIkHQZN7+E0tghundLLUvc2wrjKRflQVQKzpAf6QMhr6UyUx9v47+rXzLPXmvyLlKSIwclMyzd21mEtPlNMk16U0scAGYLM2j3kyTLs+zOX9FSHsVPqQT+utYKdPznhofzFOejUXfr5Tgo0aG8DylgzmxPmwpWwhbCuvgLbdMVhy/SQJZOTjXnMPzrJQho6Wu7ByjyvfHF5Ip2IZftNOnN0+l6uSh3DkqMuQ736c3k6SgPMvc3BCWj65SMyksA++GNl0jTZftufY6LGwIDeNmrOGKFhTCX5+f8DqO6ZCZm8DeTw8D4MWTlgZXAFlmmbssP0vHVVIYOVKEzg9eyXYFoxCD6NQ3nKqg/WbruPAmAs48+408HvxnQQxGN7XjIe/HXfJpMURmrSk6Wt4D23q/st3rM7h5u8D9NU9hNe9+0rf7FTATUsUFpx14KaQI9CoUUXtqVI8w/43TdDezFp3H8DppQdwfOEICOqehYI3xOF6yi7yis3mgwE2qO0rCO8n1kPV31Z8NlINJJYZwLnR32mnywISFDDmb2If2fxLBexsF6TOzZfB5PEjVJ+Xw1Jh2lC29gF/XT4Tfgh8wi+HzfD8skqW23qZIo58YluBO+Ab/4WDFDVgcvEamn/qCL6WNKM7PxPB7tEXSI86z8/GDHFxhADfneSGQbut4eL1bnCZd5+lN44nbB+B483vsEn2Q7r+W4/nRHvgAqU5GBCuCDtMz0DtnztwJbAPG57XUYG7Df2YspsWGeqhRtdBUnd+R847RMD+nBSob54Ahxd44xpvF1o6QxU/iD3kH2nFMHamBo4b+5U/6OvBuOti/LKhhQdqnuBIzWR+9Hgzvje3hEbdfWw5r4KOXlxIyZ+UoCbIDX/se4rvI5yhbo0sSwyUcFCHPy34u5Jnfr+LOWpzcPpeK3gdsJJL7KZDyIxiuD3LAV5Pqqa0F0lwMmkcXcuLpWyBLeB4fCR4au2lecaSEKmrjdqzv5DMm3LWbD7MkaLroPHHbNDLuosv0ozg0JOx8Ea6F8v8f+I38e1UPOIYJ25eiqdKIjhr+w0InNkKa/7JwnHRcCxcmAzeawdwxS1V+nq7hj6av4PHewG3lkSD3FYB+LvaBJpnL4KspXVwa+gzvT27nLZukGH17Bhe3lkCMsUWlHFtC8vbKkLw1IsQm5nDHVEOcG+fO++/9hQMrIx53M0PoOh3GtNnPgOdkSKwZEE9mGyejtPPTiBVMKKGjyWw5aIqP7KSgGfDB6jhhghvujUZ9sgfwUfTFNFGXo0V/n2F7bX1rH8MwdskDxv+nqfgC41w4cU4kHz7l/q/KdDsW+b8eN9VmHvoFP6bc4JlbofDpPRcKK/xRyc3TUit7eeNfz35wKluuD/OHex9W9jacRO3SLbQwr6RPDzdkJYOE2xxFaWPuZPIRDIHyoM2kFm8Jti9XslU/A0sYufA2AotuBcqCi+kHnD+n3A0iY3ACU+uAXwUx4a+SPp5wpfkZ82E2uhV0HBdHSQm/cSUBwkoejuKXTYvodT+sTQtLI6XFQ1ga94JKpjVDF/vqUHs60yq6niGaeGn2dn4Itf/nsEFb4uw9/J1sljAGFGFlDFRDcqe3QWldGcMnhEHN4pH027587gpv4T0r7nhgU2t7DO2H3dcHgGBn7Th/aPd3GLkAVvk7OFb9Es0ka1F/z+5sK3uHgdPl6Th1ULw7l8+j4/axeX6gri9Zg3q7nkDy4JUKWGbDdz5NoG+XJSAjgo5UEv/Cd6m4+DhWzNeE8dkuGc+nGnuoor6JVjmt5/cH9nQlHHW8G11F3do6pCSfiymC/ijd9lnkD2qDNPi6tlu5XP0XGSP+ypHwFsMxph5SfBz2gY+6l/PccEPyWSyGE82yKGK4/WU19qEXdcVITbUGlye1fMmp+swehSjasEr+K45ivKyH7LQ3rWUucARYnMZ/ifuPrSBcPwFgH+HTcooheyM7ISQraRklJGiiKiUfiotEkVIVNpFE5GUVEiUtoZRKIlKUdKw2pJ7zn2J/5N8kux6ceXOSzhaSZfVt2nhwZNp0F4ZQsc77cDj1AQO/rsXUlYwSE/O5ZARWtipLM41GlLQ/EmAt47whNdLe6F/ehSf7OjBIqmJ0BW0lDKvl3BU0SoQO5aFrIUAWQbgUxyCNxsSMLh4M6cY2YCtzQE+mv4POhWK4ZrpMnDwjGYt7cfg296Iwac+87fH0/CKjhDoSUyndWH90GG2lUtz6snv9jXqlU9lZ1F3pI0pWLXTFWZ5KIBV4Dz681MYZ9ePZ+eAbA6NsqAJNsfxi8VIcMBVbL5yMY7ptILvoXOxIs0Ybtlv4ed72nF3fyIt6rgMz9/vBIG+bPpvoz7uva4GooFf2fj2arh9dZDzWu2xHyvZ1boRwhauwlmr6iE9Xpk/nNGDMK9nFHfwKR6N3YxJI7NYfdc7CiuKw0bBTrbYfJC0PU7AR1156FrVDBd+evGJJHlqeuwHhz2f4IqqD9xx+zV6O76hVwd3kNGyUbBB9ilvWbMOTk1PBCvHATAw8YTgxcvBsXgLxqQK8Ym+Dn54Qxxq7qlQi5MabHH/SNU7bNjR7QNEbJfAzx7vubmqB/ZPfwEbmgk+an6E61szQW+nIUsWuHCX2jlSq5CBiH/RnO65D2Kbs0AS9aBjSA9PuO3Bod0t/CpFjx9caOZg2XCIaLREFZcKJsPP+K1qNJgJq2PM5R8YXVtAcUfyaenGOHT1jMRP3XPAv9SbCuxSIC9LFoSbXsIpvXHkHniHTY3jqbjuJEZVa/LgbFUe/r6YCpU+gPYnA+h88QGjl9tidf05vqVpRfM37ubxXhakGGoA/b8Seby9MeePEwDd7jss+rCSBM9awsmR52Fa9BGcUO4L6ffdUO2CEy9tlUSDLQRb3G6heEkcbhL5zJELNpOlK+F9m+Mg8HyYPc6Ko0JPOyYrjgXDN6dYLOsedcQ8QxS/hZXHlWidRSi21WXQc/UIjqyK4LzoqRB80R+ljrzgQY9dICXTR4sWXYNfU2Lwo24MyG0/C5t63nPISmk46nYLlDNug0vnJz4vfIvPtE/nN8sbOOGpJ4YphFG66yTu0NOD/ywegOenZJKdZkMWV3wo55QUvA1QoDjpZlqg9YCUt06goaNSoLajm1Qi78EFg9fQ3fkHdbLy+ORbT95mH4qCukYYajiG+sdqgv27Y5QfG4l9EbvIu04YcWcYmL1YQXfe3oTVD7/h3gezILhEFl4H6NDx9B7sXDMRPju/gfLL0jAcPQlX7krAx8+jeFS8OBclmENZnx5473uG6Rs78POSM9Rz5xYEBdShUUkuWO8YIIV/FRT5zALy1u4Dy3HzyC1HHBp4BgbZRFNsQg8aTlMgadEOlDTcS6rNgpBcPhHqBes4s7iGjHMUePWrRoz8ugDnz4oh43xxLlSKQc87I2Gv9B5a7b0VsW4xzpT7Q3/yz5Piim1sYlmOSVO0YWykFf1baggpY3tYPHkJn1MpII9PPrj74gc882csF5lO5ua2I7BIy5ztD0wBnPQF9bOLQWStHt1/NB1u/JPkEON4PL5OjCPEhbieluGRTgnwi9pKyZffwb9dyeDeMAfTT6ZAYl4uRnalkOjtHP596AwUlUlCdsEBKgiaRVV6GjDm0Gmo3OqA0nLhlHhCmaKc28nD2ZZrMy3AdP5ati+WpbjMFSB3TZVbfowEu/6b7DNQwYdTvDjreS+v3aoAPSZHcNH0hdhg+Qi3p7mBwqVR6KO+ihxnmzCtTef8TV4cFGEIhpOaedR1fzjDzH5rDHD2zBHwbmgIRo2opaTBNjKt+E6W6wUgwyWFbCM1we/ULFqZsILyzULA9aIKx4ZnQ+zdLs5RHIVvu8zhVF8rXZ68hfdZSHOo2gX+z3Mjz3Uy5bL4dXikazudr66C02la0H/tA9O+Piz/WQ79Tnr8+cdemnc1A0Zek4Mr18tx/syTHGUvBlUXmvh4whTcsN6L912TYZPjd3nl4qUU970CPmz9i9dyv2JTjhhYaWjy7IJwXCeaDubLauDA4hS++Okazx73Esaf2A6q879iiYw8lBYbUI6oLTf5deHTERJcbLuE1h4NpIJoT7x38ibkxOjixN3iMP3AJL6y2oncjMXRKL2NixoTeeXsQcoe+Yda/GXo4PMBfLVqCnw23cLLhL5z155ONI5+DEPSSmQbUcMRAj40Lvgx33xeCMoSFmC08Df993sXv7KQokNK/twTEAzDiz7TrFBJShMOhhCdOo70EYDc+IfkEBhMRgIVtDyumO4/JW5a1cm1YTPh4JkufBn4FrfkScLmo52oq9CLdz5kYt2DP7ByhD8nthny5t5A3PvSikaIxUDBVVWQu2BP01vlsW7jcnp5YQXqiAqQyt2t9C3lIIflFLDsnWl0oHMCnCntgo2l1lgY0sG6DVMxUOQBRed400ePIAw4/wZ8graxbooa5D3ZTbH36ihGNYkkbv3hmLj/6L7gR9je2oHu77zAUtQO9x1QB/VYB86268K7CXsx799lPtD3Ft6eL2OvCw+wyF0NqyZIgnC0KVSePgRt6htR4jFTSpEy+I8VhT2XaiE2u43DnTP4YP5BMjimDNcXP4b7xrXw1NkXjh/s5R7JnUgtoeDUHwpiM4RhbkMifVUfD2NDESyc2tFjQTPEDhbi8TyCuYkvObCqG96K/kePPAnrMhFqZt3kfXEtOFLXmvdKtNAi2UCeebcNs403w+LL51hutzffeGkBjxQvUX7RTzKSeQvVC+7A7AeeEPeqnZqkozjQsATCJLb9v1/WYdfJq1/Jws/h8ZD2RgcLpx/BKEUXkLMz5Hlqm2mo/jN+HLKBGY/fs9CV85Qy0g/st8XzUpFDfO+1NHmWnYYzX/U4I/kfK+UbQ3iUJyivzsAuGX14LLsYPpyMQuE1oTTooIDLTO2gp0CEcOUUCEiVBal9HnR0MA4dLo2joSnlPLCpiNZUHUKWNqILFwapJksPJr9xgBlQAJEGW+AFSPDWpIf4wuk+H8vqh/KZnrAqRpWyoywhy+81fdc8wJN2z4VBp3E4TuIHWa0awx7Rj3hNnhsKXQ2mKRcEoHnfAuia94hmGi6CvL5qfDBLGX8uN+TT9hv46utuHoz2RFN1c/hy6RKtDgnFC2+6qfftRIxMtyXmaLq4MxNdTNt4vuZoeldvCG9j4qHI8StKSL4j5ZgKCM/TpBle2qSf+h19DUu47ut9SlgiDUvXW+KX1iCuu1CFyvrJcHWuEHQoysKHfc/R39wHH/zShmtRliD+vYRrMoqgtOYXlWqsgtNDF2nSokG0y8jBEVUrIdSxC8RWycNHAeaDInZwrq0Wnhgfpzm5d8m9TA4P+2eC70ZjHj08l8d+FIfCuRH050MPretLxqr0BxBnF0A4QhgTjwbwpuPj2XFwNRuk6gPHFfNw7DlE1SVwJfAK5hX6oc0/oKW+Nlh8RA+D1qiByMJx8PXXXPio/JW214ylXfFV/PTHLD7cqAXBqy/zzUI3NvMVpYk1YhD+0gB7X1Zg1yRx2KL2B/+b/h0MEq3I1noau62Iw4HJh8Dguj7AxWXcdmEF7Dx/CLyFZPllRQYcXRgDOidmoqlVKEg5JdNVRXkoWPwXxkqksK5fPo/MLwR3M0kQfT2TtpiNxGv7FWlH3SUsLZOF14VeWMrOVJSaAX4lb5nfCwEluYLPvdMo1SOMIcOyOGEvwH753axt9xAaA2pobZ0on+YgjNEN5xGqDvDq/Bl661zIGybJgYBkH/dONefeukNgbtaPmpYHcINpErd8Ogzt+/4D15sHSfGxGdx4vBtD/RJIUcYXJksoUu2VcpqyivBHvTxpJc2goT8RHPFkLOxT2EZKo47j3oUxIJY9Ai+RBqfKuuJ8OT04cdkd6m1iualRFxT038PHtXPobsN+UO7JpjvHHaF+bCrqT3BD9dUMd08WYdXkEVB78hwP1+bBk/l7YJlXKveIXaT0ez/w44X/cH94Bmgs+QgbbARg9jWErAcCuLvRD+wf/MZkFEPBzyPZZY4ghbY4gfjCStZt04KOfbPIMSqOTEoKMUryEtgqS4L4OsaPTTdIunAJi+x/hbN8TMFv2ADVH4WS6ob38LDsExxKi6BLX2xBY8FUENh3Ew43B0Lq/akweMCOFmz1pPx76zlZPJklgr7BociDoH3uF/hZtsEVnQ7y7TCD+odxLDH8EB2nLwH/T19o5HcxWLPemtMuj6cZV4cw/GMqP5imCZIG5tQk/pBcnPpx4Ws92HY3nX7OmASqUsXUUSkFHy7Ng86dsjC6Yj4UHWxDLRVtLIweAe5zJnLrT0G6VGFK9gOP4foyGU63ngonjJCFbMxgUMQBf62+QG71U2GSqjrEex9EbdEjcGZcOJ+0sILlM4p54+NTsKdLgh/tGIOv7ObB3WOvyDwtga1+zcCrFR54aKU43I+XgOFF1zg9qQnXdmmCdp8TN6edhzsrmyDg6XLy9XxAM4OlAGa9Y5WHOaC2wAfKFx3FEcG65DVoTlNKijl0020SnfSAzL7JwrJiB1ikYs1vfj9njVeuHOtWhHnnt9JF2xtola4KX6TLyahXAvY8GqRwvSDY/8GFDC/OAZfFRqwwqoQfhq+lzK5zMG1VKpvISUOvlxieMJwOq44Okufr63zfOYwrqkvw+WA4Lf26nGQGHpJkkAWMV3LhDfXTQf5ZJppN0IfODS1QyNV4Xa0F8lt+8ybJEoxoVgV54bUwd6cVGBa+wx0fP7PdASG2F7kA7SIjcefvCzhGoJ58D5pBu+9RFBx6huLeK/nVuXa8F9AKxgqKZGL/Fd0spXGmzSc481INLrhl8f1iPbjj+gNevOiC49OPg8a6M3wrVxXkj8vx+PHRUFRqCyUv6zk9yhzCNYQwQnw/rNFV4LBRf7BW5yXd2LKZdlZuYotgfXDfH0/jc7Jpopoxyp5Yxbf/bOENE7W4wFYL2zQjQCr4Bx+drAoKk1VhX7ovDjd9BNWKCJQ0W44jNT/yrthZeKL9Mlx93YnVKyeD8PTJsPGUNPwJv8nAYyBF7DmkjoiHfa+vsa9OKNg+XkN3ZkyF/+a3sMAOW+wxbgK7/CswpHcNWo+HoHzqWyqMeEaLzMoQt4iCQK0le4yrwd9+ofTv5lm4NtqIPnko8vTSPvA7+Z4PLu8EMw1lGPR4zj0Pn9L0P5GoEW9DJ6oSsE7qO+lo7Ob5Qv2gLrOI5nydCGLFTljfr0vK29xRv/4GmViFY/WmASpv+ggDxvWYt0AdmnYJgr/WDygqPs0NJpPp6Kga2NoagKubruCZyc705JE4/bAVhgvb1aDhWQtG3RvJU0WGIDpNl35MrEdZqyA4dScOszO8MWFfBU+9awWm/vPBb/I/upToSP49v+nJ4gEa0zueU3O+o3imPappxfOSCISTnrdYfd9RTrxkB3EyN2Dbw3dgdkoRbdQMudR7KosnvIA6FSkQHHUYo2Zrw/Wkc1Do2AnfXD/ACv1YGnfnEe/TmIb1X7RB1EoNvn4Sgtr3B1F3bQXsF9nJnvHRpKnaAMfmmJBPoQ3djPtCekKTwfRQCmS5dIFBSgSsbnNF9zVbSXbVeH798gCWbjzFWseDaPsHgKS3SG4KMqRtpYR3FVxokcY2llwbCm7ylWzxYh8tN7tJweusoeHBdM4WQPTv7eGnno8x+NwoAsVn/GKhMvgvUMWnWfPwgKowmB+aQKWlubRQ6hHPireCkD2FkFs/mQcEUvFdkTQ2KQlgtagOvB1xiOXm38djmyJJ0mo3nZwqSurrvnCT1lHoHlOLHz9+olRFC7j67T3svziGvfr1ITTXmmoS1sHtMwJ0fH0NLTijjSZP3/ITf3PQbvvEZedD2co3gRZd7ac/gcXoY3yI4zQ2QdA1a/q02B9udQlCo+hiOGTZDjYJmfzO6gAGByvwauFJpDHhKe5pmc8DaYexvUwKLBRv8dnJE2iJVz1EV8Xy7iOrcamxDsYcSgaJugo20zhM3WsVwOPLTpQsl8cix4l80tqem+olueZLB0e1H8Sutc/ZzVidj4Aa3FlwAQYjNVHztwdPOLcb56pW0aJNF3m3Ug2Vx+UAGClg51p1uDP2PEdZMCfuNOGfqtP56PB0OHHjGFzpbwdPzype1L4RdvUrwfcmFzZfWwUOma9pVdlRGhd5EvYGHoXErt1wXDCG1ckZyjXlYcjVjTWDetluwwtcF/MGRtcm0KrGQn6S0kiXT1nR2e+luHO5NMw03Q11ietg6+SbVPWphezla6Et4gf7LpIDZ5staBIeydFp1jBtsI8TvefjOA4H33GaXB0/GzUbculDaBus6BtNPybuoKCn0qAs7U+3g3di32N1GipfAzK7RvDtXV9YTsaIv97QoctvpuLU6wTxHyQoqnASSygcgbzZQG9F13DzRAlwEO7Gy+BG+UrLefwvGfAa9EPJv6k8WLuJDnjsxP8yr7K5piVEnZAgfWrln99HUcJkHRgVupHyq9/iH38XoCXz8Pz8ftBUmI0nQm7TaZPL2C8yjBt0jeHvv9040fwc/xHtoLmrO6jzv3p+fPwJ1y6cxh05Y/DwL006kT0Zpoyzhi+lrXRxxni8mOyOq5zO8YM6U8xafQmmjTThStc5bJoiDu9bREFL/y8UV9iw3e9MmC29Af8Gp7HwjlgQDxqAfe79LO9rBTrDR7hi4zI41HgZZmd7w/TXiWyw5BiZv7PnTsPFXC3ynbYfV4FrC06RbeRKCnOW5KL6rRBQ9xrU69ajvf9K/nBKH8Y4LefBRlt40boEPuyZBaWNP/n4i+d8zL0W+puducwqCbLHPqdpI2eBjs1k2GPZD156E+hmTRsbp6+BRTdV+cNwOJXkJ8F065lgdTsT3B7LgDU14tPKX/jO+wvp/Avh+7ITaG27MQVsjKWb6vFgX2yMmy5awHPpTbAsdR4GR2eif0kNBvwXgQ3z/OFv7DQoT9XE4vsO2NwxARLK5PHBq3/sJbiBPW58BevgCM750oXnAvpQWLKIRVe60beZBnCqz4yTvr/mok8nsWm+Og5HLkM1Aw/cKvGUl54JBz5gyKVxapC+ZhCWeynDi1UVtDDBi4b2ebL+dSLZUQbYL+QI5yTTyWmfJSxeWEc6bvvAPU4fcy0Pwd/pEWx6rZ/CRqVAxp4g9tq3nm5f0QJ45sZq63+QVEcpge4qOm4TySohA7RLTYGlUnbyDalPPOK5HpyEU/C7yhkm7VlICQZT+UFCPXxZco/mzz1DgS6qIHtSDiZNEQcji3XszS/ZnleT0bgEzrvUxTOOl6ANmICxVAZF5oSjSsAU6I59hQV96+jd5YXotXMnmIro4PXVreSWW0S1g6cxsskWR2xQByXTGJabcw9vfnLn1LyzZHv2AxwfUwc1butw2XMJdi/2p4YeEeiffo6P7vwNFke2QkNTE9Ylh/CDccUosioZhrarcaXiXx58rQkm+wV5uacfrlo0l4ynrMB/cipYabWAn1ue5n83ajg2SJ4KTpuA24JuXHO2AZaHOMKMxM2gMFacHMt+wNg11nC89x7qzvlFY9MnwOCcC1g2VEv7UAlX7HDC+TbXMNhjKiUtscH4R0HMQ++4OGQqlO/UxLWdNjhZ5BEmOVTA8xtt3K9lTYc2B4DjvGVY9VkKBe1EIShqJ1+430k5ty5SGjyihQZeoCWrybWDZ2FIYB1nhH7GreGTYYzVdjpU7QiHxdrAoTONzBQXcJxYI93R1MPjWjbgUpaId7vkQDjQkicGeeJfp0joFQpG1Q45NhI8Q5b6W2hGzlaaY11E2kKjwDR+LP+7UE63cmyocO4xvn87B05b5/Gafco4pnssG7ia4MzdCrDK9TL86yzGMqsdcNOykNdfEqU1qp5wX/spjSx3JemUqXTh83jYoPuXqjWu4euCTxyhhXi1/in5m24nMYkpULVGkl79fsUlv6Xh7FM7qn6oCz+X1LJsyHXyKE+nEmN5rDiVC4eebMOxA7c4YpQwqG2MhrGW84jRCyxFIsF+tBvG+STygg2NEDblN6g+LKRp29RhzdkVcODxAoiWuovpA6p4ap0gPbPcw3NVell38Te8V5RDw1sEQL5bCWWd0zHwpjiJXttCeDSHZoxZxZXmymy5FeGA5DJ0rlWCgO8FvHrSO95scYyVHIkKbUNJxEmIz70OhYrzt/m4WTrXGyhD5ue9zD+BB89Mh6vvheD8nGEO/VeBExzNUWmfMjxY5MFXVU3goORfWCB1F9vXfoNrfhPhe0UDH2teBrnjEnh5+SBqnEqhNC9p6HWdBb21v6BWeTZd/B2CT6e+Jdu+azzxxlIIzjTk6OMbMO+lKWzuHcP5H+ZSybhLnFRgxHv3nuf9w+Kgv2IZVx+2oBU//PCbuRn88LCFU/H6LHvLgfjHOMqw3oXPLvRS9U11XJJejh/rgzFn5gh4rGuPjy658LS1gpzRPRkXZp7AJuUqXNEhR7krQllVMZM1Dk6FS3vs2H080ouu0ewgF0Jt6+KhtN6VHBMa+MyjUlA6NIc37paDxDEf2KLblVSnyoCLyk5Y+yiN9+Vk87HQu6wZMAJCNuVwrqg8vHJIZsO/WyAuSJyFG1bjuSfDoHI/hgfG2KMv3UEd1Rsw8FYBgt64cON0oshfTTgUGc+q766zZHQgCHyx5RaThZBweAX1WEnAogsvoH2LHucu2UZfP1TwxoPXcdZcHyxsmUqD0+rYUUyMSrQloaell4eSc+nkaR16uNuSxc+aU8+3OzR6Vwf2La2HHo0ZkKWrCxmb1/CUy36o3XeJbp5Uhz2SFZRg3kanXvnC3m9KsKTkBTzMlYPuVA+8uNCD6/x+cJvmVbov0APNdZm4qW6A0gJvoaP2dnJWs4RN1cv5gtolPJBSSI5TtnK4mjjYjzxME+9Kse+2bMrREsaxM/ThO2rzv8oflBpfyF+XvKaGa8fhJHwn9/+mY9GBP1CTMYGU3opCeGMmSf64hhXVQTxCo5k109bQ/lnbqPSOCxRkiSIotUHZdF3wKBfk4yLR7BbojMtnZEBGviClNhrD5L5QuOu2hjaJWfH6SxPguUwKufqdwcV2VixxZQdM9vWmac/ncFZJCW2UNIJ/ect54x9RSPpxiPeNjOSXKwfxca87jehzwaBCMxBfpMZO47bwf/8J07VN+rAgD7hgw0eQ7xgia608th9ry9XPtSH1sQi2jFDhhSL29CbBEGZ5j+BL6x6Q27Ju+LWgHPKl38D+MmlYmv2QVpr9ga2+v0hS3AQKK3Poa28aOIRbg17MbfwT1wL/qR+FKW+D4NIXYxrxTYBGJo4DozI5ul5WC4Ay7HyuEa8sn4vOzYFku+YKxr7rom2nKynwujWMUx4NZVl2UKt5B5X9v1G7dAHandiMOlOISp/o0uTPgXApTgqUc+/htLUO0FJqD20XW3FIeRBDPg1SxZb9sFVlFz/pq4HoujGwKeUCd6fl0qn2e3xlZAeYtRnQy98a5DCcjmZC8Ty3wB7F06XA8HA0D9yaxk+e62NnSRlsoqugue45OtvV0kG5a5R13IDeqmiApagxzbebjo9fXIF74SvpaIABZCkIolZBN1qUBNFxI3G6EmQDk3d0kfy5nbR21ACse6sJ1gKz0W1ECje395OPZAtdGfal4iQ5qEzYxOO7zlBGfSEXV5qzd5QkSm57hn+fL+PNpzV5a5wPrtaxgm6XRtjrMgVfGRvAq+wTeEM/CAR9B2ln8mfYEbKBF8zuxJs/1GA7zqAQywwKLJOnIPEdNMF3GfX/icVYo0J8f9UYfduO4C9fCciU3kD5m3+h+tNRNCOonN/V7IfV0ZkwL+wRbih5x3tlQin6DsHm85uwOMSeLATF8Hb3TWyNIMJOPxox2ptjh05jnpEovEoTgI83FLFfZw3ef1rJtOk31u9MQ8FHp6BttAj0mq0liyc7OPOoFOzs3ENnPbRJdHAjt2iPpTkRk9HdfzcFzn7Bcbu6YPs+GU7JF4VNAS7w4u9sHDVaD2I1FOnOp2500bjD1/YNgFzPEVJer8J/z2nBzs3VWNgZyp3eM/lEYAI23TwGKoGZXFWcjBF2+TxhZB8PSqlCdcZy+vBQmzxT3uP23mUcfmKIfk3rpsHVufDqSDm03bPHhbf0ILYrCe3mxWKD0XrasjiZyFqS6nTO852MBHLblkPOh9+jbqspCNalgWauDu6asZjck+fx/edZtPbDQeoL0WdvOyFeU6DGjt26sND0LUOUOy9VWE/tz8VhufNCtilKwP8e5ZHmXDf89+wzal5QgUO/6knPaRW1162H4VxVmFJ0BO+W9rPLtxiWbsqjkEuxdGujHCzRe0/yUr6ADu4g7awAN54chdUOSGPM9+Dh/zzYyiSGRlyQgc1n9lPyjs+gr+RDtuMX8Oa+MNwc34jp65+Sue0HWtk4ixVahUBQ2IQlnrmRQ6ckzn98lmVjrKFyngpYztiJDyMfkNC54yA+YAgmL37j4S2SHKA3gXbmfKLk7FfYN8GYqsWGqcG7j0XPzsA20fHQ0bGUcrT30oiWRFaqKcEsuXewNKYFxV5Xcs5vZXY1OQZtn+TgoE0H7HDz5Dzbz5Q0dQodWzkL2msjsDjIEY4N3OGMwZ94TU8G5s9O5ds+2hyYrg2OI20oc2o5+kfY8zttBS6SPgvjxk0A1UZNuDZNAw0eLaOgbRdo8vXXlPp8OWTEiWMstVOZpgZNS51L57VEwcrCn1uMszFVuISlj6ohB7ZC6NMqXD08lWO75lCVnzz0mqjAmVGJLB56ilaG+PPfNCWqkNOjB3AOEpduhtaAmfxb051O7ZGBl1lGVLvbBAK0D8CwzTM+FXKHo2JK4cc9N7iYsYZEfBx4lJ4ZdA2uwmOYjfI2yhCwowcmJF4DFYVG9Dq6h1PdnsCPE6spJNME4k98g31P07igJhSl24foulk+nFpkBN9jTSn7nROarz9HL/PlwGCGJXX5Ihl8u8Vt7wP4iPZ5DFymx1Y3b9Po89vYaNt0sik3AkNnA8j4dh6rPE9As5U4v2x4TDHG+Rz3p4Y3Vn6Hr8esafkLYZDYeo61VX/jjAcmrNjmS5+SzsLXyM20TdeFL9vuwEqBu+ijJQ2eH3PxQ2QQpJ8ph/m5teSZdAJ19U/xraMb+UhDF2RcXA3SYjKwes5mbPfZyBlLjGnkfCHw7Hfk47NKWWKWIzkFXYBUEyOelysKNW5b8EyjCDWYL+K/VyLRfOYgt9/9ga3aj1BP3xHPpiG2J6nB7l+C/OPNAAr1nIKeK0G05n4fhxWogJdgJjmEH4PbPafJ74U2dJn7UV1xNnzre4MDlW/off4f+FzozBlaGqzq+ZnyZNQx32EMjFGajdPyU/m3ZgGrXZWFbqF1+OKoOK/69ZNXbsjEoipTeKepD1cPPwLFUaK4u/kuJl3qYMeGJSyZKwNLf3yFKHFXXgVNvMzOAN44b8ZvxeZc834kr9b8zUqfzfBGgTWl1/ZBr70hzLwXhO79CuDsP59KPdvw6tn5eE5rOUVV2pNM+h0YLbwbqhSXY1JaGFj0igB4qvCCkvUouyiLehq0cHPfJUjROMqyC8vpufMY/jv7Mf9XbANO+gHspDMF9fZb85JFylB+8SqObECW3BkKN2I3YprLCC7WQli8w5CFpJyoNnUxiixeD1daXSDG+i1tmnyJnG/4QrnLbbD+pw7yu0bDxYFNtPavEk6sqYQD62xR3jAG52Tthux0Jxr1/gAt3ysPLwa2sqbXKLwy7Sq/DfzC8yrF8cWROoSYWDQ+MR0XqQTRwTmaEDH7EOodXUyykVbwZ9QLjDd1pfm6grAgfzvNTvxGGxR98Gq7PEzaooSK83fCzwsadPasH8WUNbKJeRG+NB6Aei8jOjj3Pm9iE1gpshAnffGA1d5jMHPFDdg4FIMKcw+SzPKpdLv5GYe9/Q+uaUjCAe1U8raRZS7ey5UXjnGcgAwb6njyzqvbIUBIFPQ8g/mDtBJotmRSezuybVU4hot+BjGtFRjulEhGQ23UGptJCQUK7Oc+6X/m/3aLBfJ5ES22jRJE4x3lqLnJFn6IJkEljaE3xic57zGh+WgD8NLV5EVrltIB5zssvrAVg2TM4W+HHH3oTaVohfE4VraIvgkow89d22HtTDGstFxFDobZdPWBLX/8+o4Ujv3g76lWFPCP8dyZCXD6SivlCImAU2Yxsa0JXbyxG6VHngexlL2Qc2UOSKvtw2qWhYQNAiB8fyPYPxpJo2+PZt+zsVRlqQvS9/5B1e9y0jq+g/yXqkKF03bec2I+NmQl4p1jlyD4aBjKT/KgdW+1wcStBpZO6OCub8rw+kYQvc97RkV6nizR94BmPNHBiesKsWnTeHoa0MpbH/uAv8k4qPA4g6e9X9KkhDosuG5BG5VfY+7xhxDjcQpzkkohLMcThoqsoSkrmjVFZuHRvd7gU7gIya8WhBfZwi0FdWxt8oKhpwDFazSg84UdN82rps+Zw5zl/Q3M3OTB1dIOTiX7sqiuLHwtOwg5OwmSB+rh5PsH8OuODib3y0LG3Tg+vbYWWzY50vSZWexauoRc3qjA2/Xl3H1jAycfO4Upyyay8/vv1DRbEFb8eU7FGYv5RUscL9o3AoyglFMX52OIwmTObDAA5XG/KDMvnpaG2vCXhGBMGHuZz8RNgFdbblFzYR1ObE2gOhEBEnVupOXq8rC7ZRsNb7jBXhEFvKRNA+6/bubnY6VA+KEh3WuchOZmQ7C4IJ71NJwxf8c5qH/xg1bc14Srz+Sh2UMA1p5eB5dnWfLhMidWOO8HUXEmaNIlhLWaBdCMk6A0yY+7TRyJ715k/2vS5NnmTifvFVBDzCoe/zGHNI+fhi3yE0FLtgIyFsRhe4kIuuosgrXDLuDzcBp1mLZR1RJptBdVhOxCHVi/YyPJbfRFDUUdXDtDAudeccHXjb/gtbMczRXQQbEZ72GZF0D3hEq8ZuaPYqs24Ff181T0uBCcVk7Hps/zeJz9MZjSmMyNd8dDzpxSft4iQZGVtfzI5ziYX9UlU4fz/CTmM9gYZUJwUxTv6xWCc+5OsPedOCtv+UJhtufp2VcBkBV7iX8Xa2KNZgFdKP6MujmjIU2mlRrKDQEsdWH64GtsCtPEhzfVYObkRqg4tJFvtNRjT7AKHPY1wY7yVB79dQDEfH/Q3c+tMMrenH787YFu16ugtEcFQy8agDf5k1hhCI0UGcdPyz5w6ftMUAjZR4JvJ0LXgUCcdFmNNzRYQ9jkn+T5ey75zFfnS6ffAPAk+rv+AI3M+knp83rQbuAEGX22AvXgP/jkSiP0WDbilrC7sNhPG04dnM12Mz0x+4IXOHUPYsqvSVBx35FdDyThtc1rQDRzKU/STOdX0el8YpEsBwR+wrJeFYjqtoUSz0SwmHofCjtXonjhS0iMPoNlve04eetLrjEfgWVZaZzroQKPUgVwx3pdfPCoCafav6YhheV8+WgfvLrwhK53CpDBxVuov1Ybfm7vhBu2rRSzZip8MW6loXR3FP82Bwa+L8F2I3PuKxpipwdmYOH0F9oeroN14W9Q/mQrmv9AeG2SyD9dIjjSK5V2/K6E8u0KUFp7kezEElhGzIQzm/djXfFCDMsUwUsJHTR07gdMsHvKZRfGgZ9eAJGuPgLPgBknt+Lhy6fRo/g0rxEEGP1HEN4fE+B42xFw6+Z4ir/ax29+O9NasWF8LHWJHWpE0OP9Ux7tdYYi5eTBskUGZlh+gl2L5oI39EPG/Us4OHEemE/shP1zY7mm9hNNCnrB4/tNobb0BWkYJnFzphf1qN/lyxUPKMitmV01U/G07w/ePOEnNyeJQd4eVcgcCoJss1L+MmcVyeUNgLn9bC42WMK/M+aDQ7gWO3yyge0rp4Kp0l70/HYB+xbp8XDSOzK4uZSX+6hwbkoW7Kq+y+Mlx8MJ71LuqX0BtbnGrIzRdP/6PBz1MwqzTeJoTvl+NhFKwrA9RvCmrpLqQ4JYJaCaszL28nXHGJ41v4lNnVZCWHURHmlPYclmdQiaeRaXzD6L2cJ3yXX0Z1r66QFErijit4ucgLdY8PNJnrhZVx4e/L5IyzYqY1ljNVd6mnDYg09s9ugrOuUkQmD7RHzXsAuNzkhA+X2Et4YV7DocCBUfRmCJsSjZjfBBz+kHUXrZNL4rP5urNfRg/7tj2D79BSZWB/PtlUK4eIIa6M6s5843Mzg79zFn503BxNfqMDDjFbx3igfbjscY3S2PLY2OnDx9AtkfuIG7F9jB6qKtUGw2Flb8vctPl55lUv5IbTZL4U79WFrwcCy1i23BZNpAG6rKIU55LAjdzqKZF/2wWsKOtviEQY3aT5pdvI01lNz44+if1PJ7N605xJBR6EFfdfUo9vIV9CtcACueX8JzQwfIUbCCtxb4ULzDHfj8TAS8f/pymJgI7eg0hm2zw+nB3TTM3aFI3neUOGewH7t6c+jL8QkQm1eDpTKDtFAghFanjcSjX15DlWMCDnkI01ardApZWQcWZxBapqaRi9FjmPYznhtrL0DMrlfUoeKJ37Vn8CNnXSrL3EnoIgyyb8NQfZ8C7lw4yCN7RoKTUwgpjDmILz8UgKy4AI1+mIPvdIwhTWM9D6etI6UtT8nl8z/wGhtMS3u0cYTBVG4zlgKVTyNBJMMMtFa9p/dWhuSxMREcX/7jzdGFKBTqi7GKSzj/zGn+2pHJP9fbwA6JPjY84oUrKk/TzckuaNb2DcxaK6HDq4EU3h+FTXarIfGwFAw6BqL/lGTIe7qV9+7Mwy9KTnhR1gd//j0MbmmeaIc6ON6d4X3ZJC43uQV128Tp7fzH0Gzji+ttJ7BrRRE7TdaHiOWl9MhHA8q7TeDDosW0ODGTF46YAzIdiby3IQKbRu+mt5KuEDfrMN/pGwWXpk6gpnm3cbypBOV234fFue0csGcZDM/I4NDXETD+UgU124+HhzWV1H6rhQrPiqCk6QoOmPme9W2uQMyKItIpf0S7vKLY4Y8wfO0/yZEnDmHR62qWfr4cz1ypgzkCV7msTBUbSi7yl8+vcMIfEXDsa0b3/l4u1tBH+7O7eZPOEvgcMYdeKJrihw/bqGlbOuXljYR/Lo/QeEkipGbpkHq+BYbZ7aTRnrE8eXAqSV4yJrFlcShrqgWv578khenjQW+SN4X7POWqpmno1HyMvKaZ4gjMwzsxn2iDwAho0InGnnX3aWO5LWqKuuFtU3OS7HkHS9OUofvnBp54djH08DiolTRCi/eDJLgiG+ysBdFBV5V8tTagVmMQa4pf5UUDncDyQvB8lQ//6pyCOzf6wKhXBjD6cCiHjFoJPpfP47k1k2nq2EgQaxUCra+fsVp9Me/X+4PnHi7A8W8Avh3ZBgEW/nBDWxBnDaggL5SF+0dL2PPJRy6oWIfXTuynm6uT8X74WYxSOEqulTaYmnyWZPMZVBf+gcIvV5BfRWDDhiBek/UVvGSm4OsaI3CU1Mfdo5+ih7A5JGdmQZ3aPMCgQNx1fhQ3egyxzfd8tk7fgcJ9IbxO1BsfmZnAyOpftPrLZNLPKGCDVcfo3/PtcIYjQDhQHwQ+jKQ4TUk29heB8/Mdeab0fHr7u4vkOu6Cgb8vDcRn418vEXQvX4rewVY4TkQQEmWEUf1aGT+4/owNlbypcbsm5y9UoYEWUbDRzOWVbtq0zNYIzvhZ0MHd62C/rgFoTc8Gd6tmUGg7SuL9aVgwxgh3PXuDS39Mhnl3Z9Ggzgse/VeHm+YOQAb8ISHlBi51OE3dc9tw0dJsyLE2BRURf8obl0biUcdQae1nXr58DiSHb6CQg7UYm/uEgnqrOMgOIEsxilVeBrPY9gh4NUGO4jK8sLC+jEM9T8KFx90Abd7wy9IKXpr84F/ro9hzXRaE3XPGzu9PMEo3gmTTdgCte4uxyhJ0/bwhbCl5yCcjBeB9dhdZKC5H45gRHGk9GV8lWIFioDHyzHVc908LbPS+wopsQzxbFAwDIqfgtoM8eg0Us1+/BjcPbILCV4l09aIs3A7dBX5OWlA0vQrHRB0Bd1c1dDcNxFDZUAqsUgTPijc8N18CNlSr8YIv1/ic1T10/nIQ/32M5N+vEiD+uR7dtxdFBSUH6BgtD9ZyT6FMLJzkMlxo/8M1cHDvL7YVEaftU/wgSsWd7p9dAdGh6rB6lSKcKQ2DSV/ecvs+IxRU/0M+j5vx1LciftmygBrsnVmmbQKscDCm3JJMGEz9iTfeVFGA/EYWnQN0piafurmO32k3Qby3NGxOX4zPWmSw4+oz0jPwgi/rTsLvkveobVGLWl76ONpvNl/ZMAE8akbiseY2NpfdASYf1NDm1iMuKDzHDSUB3CKbzJ8PVqJ8+hTwT/aHP49+kGKmAF2Jz4abY5WgeXQq/Bt6xx0JmVh1foj+CajBpNqttMZMh+YdPkHbXiNVJe+HiUZGtIxyeNKfj1R+0AhNj00BqVI9eBf9nSRS9Cnt1GM8tmM2vp6mTLcrjHl3QTAnCstDSaYg/PZJgwML37Od2QwK0iyEhquRcKZGA+0myaNRSTgLl4jC9tZJcMb2Ik+ZYcO2Dl84c4skJkS9APNDs3nRowZqNuglw2WXIX7LKAhc1saOq+O4VcaZxPtz6bfXL9JcEoBaf7uoJnYpNKx8Cfai1vDv3A9aqriYmxcJoJGWAj7TK+Qz7xNBtfo1Reb3wsOzC8DfTgL+C4sFt/wimLN9KY1WKoAXR76Aod9UWvU+HScePomn32dCoOYYaFiwFd8utgWYY8B/L58CXVV5XPhoKVbHLgAbdqWa9v+wU8oafmavhM1TLsAUPQ/cpvMa1roK8K1nztD+cxpoNBRjVGMuenqIwse2/9DhbTMHy1qhV4YinJVrpe4frzDw4nt0ELCBp29X4q+do+Der1gQ8BdGNYEhTC+SZqUt23Bg1SV+1C9F0VqvUWLVUhitMAkMjTZjTe0Nqr9tjFKpV1mvxpzqM/fBwLJlsOpMOHwSO0tTnktBb24mBn+1gsBmMejZ9A6VN47lnb834YvrQahbe4w21clz2lshCK8UhmpwZUd5ZRyYr4/3FTRpRdRukBk1hu+drOIjJWdor6QxiI9dRCJ96qQ8cJLUR2uCUEELTfNRB1mywLC9j6DK/SXmBlgC2WVD/MlaKP79iYtFvPlo9WcM+TfIEgPm5K/9jpN0Yziw1RxW6vtxsLY6kuslDPtvNZ59lwafd82ki7eT2XtmEedmaoDAJRtotLsNKfrT4GbAQUxNngpl8hW0I7iHv4X9Y2NXPQrTXEdTnfVgKOkv2Z09jakphzB2oJHVZk+BtB/mJDsxBBzNv7HI07E8QmoEJIvNQH5UC5fu5YHRyrVw3k6Apw6u5wnKL6m49AR7Xa9C8TxBGHnfhV7f38gx755S18EKzhMP4E+9kyGjaA0dWyQDTU9PkfkSRVgbnAq+R3NojaMOf2/uxPffdcBz+AccOTkNyzcWwn9XzlO1nTqYrFsJvbav8InCATyVJcv7tN/AtitvSe15K0+cGgqXF0+h9q+iIN94ge9Wx0PsPyYrmWASGA4heQtRnD3WAxfXH+OwyQupUVIczBvXwomsw7g5awMbFbnzYZ9qzM1V4dAG4ndPA/D7sp18StcARKK+8Da1ifjEaDRLB+1BEa8yOqiliyrCZaSnFcaakm4054gU3MxtpbiZISx7bitX3PzOVz585r+i5/jZ2NFkd90GPri20OVDcqCgIUqnf9nAQp08TtTbjao6i6g2rhe6FjaATNAlepPUyW4I4Hi7FvpuSHGA4BsQPGdCC9WCOGiqPwxrJeCIrmTINj4HpZFTYCRHg76aITUIPsE7l9Zyh+YC+v2RcNu1pdx/y5+vamjzxgJpiGjfB4LiPmiorINtRxywysUEFoqsBF2VYjp29Bltv/SX930ZCz+VC3GJeTQON5fBvPGrWW/GOtyVmEJSZ65hkG0XNO1vppANsjDD/R8o6nbjcOoSeqaoTE8WA8nP0EXFTbK0++M3mn04DFW6GTpbABoOLCJVVzmy2LcOJRUOg/FHR3YOHoEDEitw0OYqpH3XhNjhv6SZcJiVMueg6NX9NGnTERS0+ASJdadh5fAIGBn1keduN4LlIaPwe8dlXpkxiwc9SjBC8yJ7v73NX66X45IBV1xpbYHdC4yhy+cfTOo6hQ+E1chgojF52ljwjhvdNKz/Hq7f64F8/Wd44KUt/LQKguCgUCqYt4nz5v7guaOE2f6OLkyXn4hCsxfDoUfWkPlIFc61HqaFA3tAJqYerhv4s0psOUd+m0E6Lx+z3Pcj3P1NDST9RODExHRcrePEVm0eOGRpikG4CmMfNIGzmD7d/JnIKv+5Ai5XB6OWd5RsmsDFerUs5F+CF3t6qY8fsKWSH1+rXYw47ROPWysEbo1a7P5VhqeHaVHz2tuooeVHe/S+4teTpyHpgSkqtWTjg48SIKT4h54ETKfkUZ4Y2qiFKvLN4OM1Cxw7G2FaySf6eyoFSoWMIOm5CFpNNOeDKgE0+84vlogwpsYd3+hvwmz03+OOQ/Pu00lrSfi3RIrmV0bhq6Zh9NvuC/kqEuBfro+FtyRgV/xaurvEnKusNSEqAkgx/yP7hj1GhYS/XDIcBWoav2iL5g/8jS3Y0pTEmD0aIicXQqtVHTZ92AaTCrfBpuwkkr+eAnfk10C1czsl7h5H/mnjoT5zB++0cucpNlKYdL4bsr6dxtUTv3DCxY9QrnIc6gonYq/NRHB5aY1yPbNw8NcCMC98iNZft9C2gI0kPeiOCRM+QkdqCkoekoNprv0YssUP/uQtJ/wlTu8f/uE7Zas4JHw2xWS3ISreo8z1urAi3ZoGXRRJ7Egd5/h9AbsNlXxO+DOOWxoOX/We4MJrmTQrUwGkQhbw1eJjpNaQRd3K8yi/0ISVCsoxGzezvMJYcr2zFUZeHgfqnSpQYzqRPKa+wXyBYDp6zAJlss7w5Qf99E3GnYf8voD7tlEwf/JNHjW1EmNXZHHlpJkgeicflqqMh3KTv3BL+jE7TFoJAyvVYcrFcDALL+FnlWK8viOLjR+vwP/melDurTXgm1+N7UFLQei4DlhavMOYBwvw17wu2MJPufViBQ5sD6THdzaBmNpvqrkdBSJsBtkvM+hItDKb3Slm8YIVPOW/CMxSuI9r3/dz0Is0VMME6BZDaFhRyooXsuGn6UgKiJfH82OUIL+vHx6WJKHSPCX2Wx/DV1oQVn7y5s9NKVB5fCoeCopFwYB56C3xiwpObcPYc02URO2omGELK85thjXz9Li//CM3KN+C3jnivMPbgdvNrOGyyCT+LX0S+yeMha+bsniwpZlzW33AtzwFP66biLuEraA/rR8DpdXAyiGPd+6dClIT1HjaoYXgZqwJCtX6ABOt0fz5LvJNXoJHzoZit+YbfFNjAPE7D8DCZ36gUGDJvoaybK8WQ+WSG6h7WBrCRazwd+ASkFgiDIcePKZEsysQ9aAV9nv1YnzaASYJRSzvTSbv1W2g8fA8elwxgQU7mrmlNBU6635whexucvnmB/Jay3jkxOX89aYKpV2ejuvDpMDUpRKCHXpIPNuTo6pPwCY1D1wsU8kLKhfAdZtDNHzqG7Q914bkolb6+M0aH05SQjgpwPnRNvTXQQ2rdxSSs/dC0itOoRONAtAWkY2Bj77B3JtGcP+YHJWNe80RGpt5aFcSeYe54EKLFPJRGwVyP8OxJHotzNS7g34neil1+iwca7MPZveL8PjwIjqWcow8NwuBjehC+PL1Nx4PEKD71Sm4d7QF71i8BI2ebuYe1QaY8vMFmDtNBF2TFzw0UQaap6/kdeMjoNBeiRbUZ8DltkN06Oc0cGrtwPMeMtDdJ8ST1Odw0nJTUjpcyCvW/WM1pbv8d/EF3Gj2DMat78HLHyzA8VUKartWYfR/IpQ8/gYKnh6Hy+EoRLiJwP8RAB+AQCBQAED/MLNlEyLZO5WsSAOhlFGRkTKSrj0VUSIUUqg0lBJSKNpb0R4kRDSUsqJJuXdZ9T4aLYjBxw/HwHKhHApP2ID6G+5T98c+uHH/FfZ+16AX2+fQ4seBsEvzF5TdN4PIv4excrY/WIREguVhGxCZoMdHf3+CkNJzMLqlg5ZZh8CN4/KgX55Bx9ploUtFh/91TEPflF5wD19OR99JcP44RYh+GkEuTQzbgm0oTGEFSDiep3BMhm6rAdC8FsAvBeTJccIkOL/aCAI3CMGZm2dB8oosVmTVwH+5y/nPKj3Kfziek1z1obhVHYMPLuGiGoT+yj7mkCR4MX4aS77dQJndrfzQM5UvTN4Mq/VusPE/RMfvMjBL4zCHz34OyqOWwqHVb3HgbQZP0hsgpRmJ0Hl6Gb4dW4+928bAtnUnoWyOLLj4HcUFzVto6FUMNz4SwQjtEjr+yhelOzQocJcNHI0YS3VPN8AN00tgMhRKsRGjyPxkCb75EEmP7RZQUq4/bQgQhC39Vbj1phUUKBRi5chmyFF7QzcsLsIj1yvsO8UWRD56cYuSKpz8+p5zFzzH44K7aMhgiOx9P2KCUDwtPmZO5drz+dUJJ5Z7JQrPNqlC37JIqK1uocav/fS3JJ3nLWvHTx6afPmmN27Y7U5yJjIQmBICtyTDad1Bfboy7IgNrxzY7FshGUduwbS0YjJ83g0WgyIgqCKJOcXP4MPSctK8hBwza5hNbbO5fHYm3E2+DTVJ++ByqSLc67gOWoI/+a1JG/+aYs1S0RtJ7vlrVlq0E+sMbTA/ayaG7JkAYWfD6IzxIriyPQ9eF53AqaZnUFj3AJTsO8uj5cJIe9kQLw8SgK1vnfhzjBdVTWkHkRoZ0NtCcNgzFnbfl0FNsRTeX3UNZ+bowzNLS+7zeE9+yzzIp12OygeVaN/c3egypRzKisppsWcHrjqvCe7r1rDIHV/K/jkRjYVbwWqcFl1cMparekRxd5wzfd77h1pSdeFycgw8c59CV5NiWH2EB2qHfeJFrqnQM2s6j7tfz0N+NzBCUAROPVyA3neisN8zg/s075N/wFYIqrhJqfvE6No0A+oOl4Tx4arQbWmNJyWb8Vx5L9RlFcDF2jcgNuIYrr60GsasV0B75SNQ0slQXjuJ9laosHidIExRWI8XZ22mebO+4tmVD9By93huqz9CYseNQPOED+ycMZ5mFalSyOcHLJQ4kgpPuJDtaGd4v68ORk38APP2OIBkliZUyp+DA9WtsE5kOmrPzmROtqQ7MQbgKzoPFbfLcs15M0hPvY9NMy24SQdxWcp3DM79j9d9SKfum+q8Id+HZmjHYomOIPTXF+CXYTc2vPYOdidXY9RRVd4hchxaFc7ThFEfSXlMM+4QEgIdhxnocnccrUjz5eB7H7C37Bd72T6GWQZd3DM2mzfV7uQXd6VA5Uoy5s+I5xHOvRRv6ELLo07ywWM/SUTrB5k8u8ZNGxt4YJcIFLyVQEU1b8ze+hmTg6PJbYoJdnQ/ofnXlCgZ//Gj//bBsVodSMoIA4PVkzjwTCa2qJTR/CFtNNifjoPNLzh0/g44VeFIo/cqwud7/XxlzGOM6Z1Bxapv6OygOd5dv4Vd+oRQZN41Wnd0H83+Mwasvk5iuwuL+a5rCqyXZ9arFuYrlb7UInyJCq5GwZ7ZATRRSA1KvJrQJ7SaN414yEWbjrK4/lLM4SjOzxyJufaKMHO6B0i+lYHX9pbc4nGPJFMTsWraS1T2/EThnjZwKq8HWuc3sPQ4KfyyVg+2zpAhD9s7eE3Cnk1NHLDRZxpOzjuEsOMw6WQ+xZT06RAZpwZfz6ygjDk/2L23FnfFN+PKRWOowUeEX66UoQKlOSzRU8JN4bLARZZw75EvW2R0ouqOpdTdJgBfgvVpxFUdLpX7CBcvqeJvR0NwlcjB2ooeejmmHD6brYXws1Jke9eF/m18AvUOR9mmfi6fNVSAm9ZzYUJ4DHof3oxLT7XgCqt+OBz7F2sPb+W+KZU4454GiyyQgPeqgXRf1ZYVm4x5/jw/Chd2R9vR/bTM6jhmjT8McwdEYMyMiaBdlYU97Ub0Pc8Qi44Cedc+5qChR/Br9H6e/WkhbCp0xY5VyuCV7UK/x37Fc9vWYpZXLSeLj+AJ/uLwSFGKwmyD2WlTKK+5KAvlTSkUpfSC619Gccd5UxpR+Bh+SztBfnYraP0lskhqA+HMkSDX3sA6xi+hWrMBLqxJ5smddzn/0DXYt0uIZ4zcya8CgmljnRKcmfgJF0eGU/A1HZSda4PzV+aBfksNS71Ohj+aVbx7ZxZrvB0HUy8wCL2ZxAsr9/MDD2lUaxWlAe/R+G7ybxKZvJiLrbXRj+0hH8rw+TRN7LzxD8NURsA5dX2qkj5MXTiNrKw/0UPHAtAonQgSacfgo3U2xGiuxZtxN+lP3giybQzhpY2NvOpKGpn8EYNb5yZA+tpPrKMoS2GXrSCudjTdaYyi0W9D0Xi/MNlF34bFt7eh9QplMFdWxJRVC7Bl0A7Vfx3HnsYDdNx4NuTEWdCmXTPIIu4C3lwxEWQGzUD97h1wURlH6bifrbIfQc+7n5TxsBoEVg/z7Fk3IW+rLITuuoW6aZLov2gZyijUs2WZGk3Zt5RGL/PAyy+rufyrOScXmMKjJX/pzs67fLN7Dq+efpl5mzNJl2mCy6I7sGNXJSn4V0L8LkHwMcmGFLF93CP3CI2bSkHNT5A7ZwI2mSiAbbgCSuW9BlPFifA9ogfzd6zhZSHf4WbpQYovkSdXjwiKnqOJ4+x82GX+HTSwNYIv8VnQInwfhW/94fv2i/D2tA4ccJsMnstfQ0v9Z14qHgwrX0nCSz9XMD+bCwunj4bre8LY/ogzVDf9gjE9k8Fl1iFaWP6NK5aageX2RpbbWI32MkfI3fEGhakmYsW+THhY2ARSca1wTbyHWwtU4J6QKf0rfUpbDt/n7/bn0DP+K/e87wf/v4L8CP24wNaIdzgYQsm8AiiY+xtkUszghvMDmtWewbltF8D5txPEdFnTZVkHdg2QBa21ZbA3byceSh4BaS43wPG6C+nkPEKx/F64kf8Ffoq28DRpGcg0imD3NFVYfNAQl40yx0V3DDlCeBJmFlej7PxwPqp3jaQTLCF9ZAZXev3DzRXBYLl9Gr/vVACp/v/QrH0ZvfMMhYFrM9C4XwbWqIfRboPJcNDtE1Vq1VBr7CQoaTzM170csGCEOtybqs5Su+QhteE9lW6+AfWC9Yx/tpJwZh6kLJ+ITp+KadrQSrhonAJxahrwWnoQTkzxRuenuvSk+C+kpUnjCYtwOOTnRVVq+8m3/Sl/TNOAxaZnMf3WXhzxzAwcEuJ5Jf3Gzme+JO86jC79Qcw75dlvJcDaiH54vTWXXMo+osSmi7h45DqoydQlN0VZeNGzA81nSYNIjixMsHpGN79ngYvdLHB2OYYetoFopZ5G+ip/KO/zd/KZvodXx9mAwsYCbl0aiamCGzhOfBNHbquj19m6nPjhGe6d8hH7IvshLMUQXtQX8KuIUDJVecolV9U5TcsB7T/u4wMRx3iVswTkJpyDKf8JwmIdRQrOkeUVO3T552hriMwqBqEhxluTVVH81jiQ70ngOZ+swW9DHd2Wm0kXxN6DcdxNVrEUhqePvdnr2GEsuaRH94SWUIaBMsiLZcKw1X/o+/47qnu3YGdKKtQ17sGJwelUkB2Gnk3VKLvWBjyjYvnJHqTrXgM0/UMTXUyXh7y5YZgyLAoLMl7g0J23sCNAHA4nPMCChmkcknEI7E7th9kHfeCqSQRqkRPctbjAQ9sOQoyXETQHHKHpah9RWmQmTr3sD3VzTSl1KB1yV+hTtGIVqicWYIQbwU1bV06p1KJh9YP45Pl1GD05C7aPAhjaGkeHm/1wikAXusjpg+87fbYbzISzXkvR8EUEJUIu/CouwZdzn/G8U+cpvPQy1SqZQ+v9o3S7YT1P7VIgc4tzNDjBmjRulsGrr46ouTIXn4ZdppIvE8CkSZ98dY9Qh9ES0nKyIIfXUnB3TDcIVL7Ez7oHcd/n3aBsZQCBn6/yi8R3+O5aCrpJ7MfIXW+Jis6z7CFBulO4B69HneRFD8fBhEt/MfmEHaa3bKNv7IB30RguX9kB3RE3WOLqEDSddMI2i4kQYSiFUYsjqeVZDH5YfpZ/dUWzTVMYD39dBVZlbXQl7zNlLZWATauu8xuP09AnpA2dL++SrfIPjlMJYJMdP3mb5VcccBVl1SYpOFn7mK2DnuIN0yoevXMS/Chfw5cXhUBEYCnttNzNR5y7QTRZGg7sVaGxFuV8P/0cnvu8lAVsjKCjuIM9tx1jVbs40tJoZbs8Ufj6OR6/lzoyzn8AhjvPYPRpWbhxbSXf3raIc6Q7SfBBLEV12kLKpOeolbQcthp8hsAtZrhk0Wc8t9MH0vRs8XRBOrlVmjA+HwXH45/R7BWFkDLDAQM/SfLONy9hUf9j+qTzhuIt9GHudHV6sQ5AVlyPGj6/xy0vg0Hl/kQumL0azfJtoPenLj5e+R8lDq/Cv6lK4FC4iWKq70KfQg317lpLh6RP4Vbp79DZ9xl+yT/CrE8e5P1LEOwlVdH5gD9e9MnkmYs24Jr77pyaMQJL931hpc1qnG0zSGURqiA+RZTrF/ZgUfFOUoi5QfpPNGmmwil8WjxEQXeyYLB8OqZEqMJ2CTlMPpRL/kWfIKD5GA2LrMGpXtuxbGiYEuashUr57aR22gouXwuBHo/DtCmoDQLWLwGxoDf0bc4SEpWrJ+GEyWxcfAL6bmjA2Khd5Kmqyg5bF6GxfAs8Wj0f2rU3oPHES5A2rh/j5kXyzI/asCp1Nv6dsphWPR8Bt2Ym8sEFcjhqwhP8NS6eLl7poiseL0g23QTULY6wyd6zuC7mIi7sjOM/I2fjK4lmvGV8h0TLm1HZUBMXTgRIW7+Wnx4+wFk35PH6V1kOtftHe5+9wFkbVak0TAWd/k0jmXpRSNptDl7lW9jeuR/u/F4GZlcb0WfSVTjRcB97bBrhisYD1nw4Howa+7hl0J3OrDuGIQt78EF7EgyHjuT8Lwuw70kRJb2o54P7EBzVL9HYLfLYbPUEglZup3nh/8GeMQp0t9eGV8Qac2hFEN/tGAnrZv/FIk1PXCEgw8q/UklY/h2s1xeiJwneKNjYC5brHpHPDSsoLptMMyEZCj4IksxaBBUtV9pL58DkugW+1zxBE71FsUxfGeKak7lEyoUqMyXJ2Lubp99mHPX7Ovs9robVZ6fR3M2neTvKg270Dn65dQtMjluP9+a3QolxNY9RmAd7FwyjwUwtGH3gBU5eYgGB5eX0n8AoDLw+ldSr0tDCwReVtZ9SgUo79Izq5EmLtuPXLh1YPwtJ7VQUWY43xYprQzzqrj3+nWeK8gtSMM6mFKssF0HdchHo9DaHfoe1bBHzFjrVpCjM5AGd3apHPuV7oFlagKav/skzdpvA35KJ+Ox0FilsKYSrq/VowthgThKSAruQUM7e/o8rDN5Aer0efBj6TnFRc9h2ljpbibnzx//aSP3ZLLSslGf5o3dhoqMCK4EROPRuoLKmcBYquMgHfogRX1WgXbW5bOKfye9zluCnyjj+Z6sGM4Y3gJuGAfSbW6K/lS6fXjCHnxtJ0baYFNIc30n05DcudhgHqeVdaN66lCzqv/HnqGzycw8noRO2OPWLFTvsTCebMi2ODdGCPTuV+FbLBjrs+QQmHd3MErE70FhyKltUenPcZEN6mpkOek/GQ0GFJa2ZH87jx6lC4cEWSqi/SGlO3Vxi2oD5+efpw5YYvHpbC+yOi3CxcDG6WiziMQap+O9ALW97/Acj8yVYuGse3gpJgMmdcjDPZx70jX3IFcMHaZuMPnx89wtvbrbC6IuTqV1tAgmI1/PP++bQma5IM4Py6EhoBuw7kEZRD+xZ4q0V9WbGkLaQDyYVfcSQTYbwVPYRZ2wVgVkvajhsUTl5rynEpPdXwF41gG87vYGAHWmgnTsK5q6dix3dZ2C+YzsVfHbC27vMsfT0UlQyGAWNTkMUnz6Zi/tkwXC1J/r6vsC8Oerov6uNT8aWY2vUKYBXC/n0hETYdMqHhrzlwCjoD3o074Gyy984NMqcG+8Bzb+hSkuG1tEj6xQc0d+N1wvHQke9NLarCULg/Od0/nkKKm2R4c4DpuzV4E77bBfR+k+H4XC4POj5bIfSi3XcePc2pLj9g106r9Dt2QLeF2YHtSED2JRwASuvKoPDOCFaNixPj07L04lyXfY8+5VfPGpl/ebbtF1EFPwXLUWDXoD5dwLZ4oIHyC64BXGF/3HSmVJ2LFDBKVM7ye5FAa/IS8C8gZHw2FkQVlYdhKo8C7JFQTivO4ZGu8vxqfMjeJlrNg1Y2aLvRxFYe70UQvd9QcmJD7Fi+VSOk7Cms8+QTk5dik96V/GOHhty26kCg/V7mRMPQqy4Jd+VeEnSt8eQxlcNWHVhIsvIXoN9q0ZT0iUhWJ7dhr5ZE3Dc+TYQ4GZQKOvCEcXa5HfNEQo+RMJSSWfezTLgoquK45+70/Qfs+ifUyCPH5ahk48L4ctIE0pufohJLctpXqI13BkbR+Oq07nvyzw427AGBAzP0ULRWGjb48ArNJvA2sgTJaVV4JHlY5y27SEcVVzLRQccqeg64qHXfxnftGHy5+lwRyUR+6NM4ENXJCW9msuFnqlgVbSei+Yuw++/FvAf4/HgVfQGzWaU0hZXC1i16DznXoqgjTfyUbHxCf0VnQ6RSlqg2agG0hp2VHDvPO1cJgXP5R5j84aDULy2hj9cP8mDX6JQ5m8pbIiKwAVGQ/QscRUlDE6AFW7CpGA/jY6vHuAVdz8BdTlg81Ytukh/UanRDjuWN4P7qNHwaGMqih+RhuVjJ/Pf1/vZZbcOJ7jW4uboJDBNewknTixhux4V8DjaSntGB4PX93O4OmANVnyqxBPZGSAaYserfiyn2Ton6OCG0RCYMgjNu36w/VMH/G+2AV/5ag0aB/7iLSUXmuq+Hi50TOUjHuZgPmcVOnmk4WB5IMi0q6PNRwMc3zuXznkOc6elKAs/8sWHjpbgqOGH58qzSe7VVz6iOAn2zjCnhd8eQ6y+N48IzODdI9dzyD6Ci07WqHKklDxCvejm71r6uTKDly3OxYiFmnhZbAZ3JE+H2jhlWCZ3AqRnxeLhuvO8Lj6bUzUv4q6LjWi/bCV5DahQ/ms9qp2vALd1irH2SD1JKodiWKYjn83dQLU/muk/i4U8ZXEazXquzf8KJcBAYB6M3JVGcxbE43+rj+O7sHf4a/NT9JXP5n3Np/lxVTeGu8mBz9JLHPNEFkf9HIvL8A6eSNvG/aO2QrW8DLuEaOD2kfFo8XYc3FRZA3O/3gOYtQ0FVi2nPre5qOdfws/HfoTu98O8WyuRGuI0IK1yLe5ctoU2zZRCG79fcNk+lJzbTPjwjmiqO34DS6bn8sd3I2H/lD90T/oGzNiRRXLeMWB3QhmCX5/Bll5HrnpzkDqO7APlC0rQFRLEDZMkuCTBDoSixuPAulC8vWIqX9E5wJc0c6F7ZD7N+wAQIfCGrReYYqRrJL7YUM/yGSdo7cRsktB5zkec71GIVQHcW2ENQTOHcGrNFJz79jQM5A9T3QZvxpTROKQZxNLNCRylaMNvwpXhjfIfXv9ZkfZflMaysrsspFbJkif3cq3IYrj53h3k9RTA3VMD9B2v4AIRIuHTXpCp7EYbjiswhcvR8PVuEHEdS7rtIdxSpAxvps6GudmbMcplMwcKBOC6J3MoZvgOW3vMBNPtVlS/Joc7hARhjpAKFi7z4h86vXzJBGBl5jvsT13LVxb9YvMDo6nt4z3+L8UYEgqXcs+lPn54Tw1FlxvRQg9HVnDqojAlWdgbdYNjXP6y4A8bEB8bhilhm3lrnzMHRndCvGoCf/8wh84a/AAzx1Zo80igHw4TYGltDKp/PAG9u75hnHc3ZKWfhPV5ebz/+Rxs2rOfBiVaKGmqKYjXTOOjh87wDTMvUl3nwKZLZ5OnlC/oXTIDmV5llJxxHI/utQYrYWdeNe8KF1WvgJqj1pCZMJc2jtlCqyOuY0GzP0fGyFFUFEDbYj2y2PGTXN+YQFOrFc6NvA3vJkSS9bJYej9yCb5rfQJP+2xA64EPdD4x4qbn3njwaTa/W3oFrCKX4d2691DqoEVi7xyxe50BmEhFcn6pH21bMQnKBx/R8HlLuCQUjbd8x9BauxR0n/8UywJkQT1sBQZ4FpL5YQtKPNyMyqav8YyfE88Uuo6OPybxQ4dMkO7WgCfnt7C4sgHGmglxcbkFO/UL88szISh37iOvle7Gs0fKafdiLdhnv58WzkrCCdr7KCPOHNY7uCIET+NXquFwudKVbRNXssUlASj2OgsN8Z34t2A9n7TPQ5G1VvR4wVZ897qNR91tYoE2Xd6zUAjq186HKb0xqP2fPlaZ+qKIiSwePHIDnlYpwcyc/Vx4MRmbLMbAq+2BfHx/M2tNVaRww0K+0Die5GZZ8KvMcDqftIAiLteQRNxE2ON6k3NahqjS5Tv882Fe8ESDWskDHwTNx46cA/CQXpCXnw68dyA4GGfP8fazuXxrOM/7LMAP30XC4DVV8uv/wuc6NpK1uykoDXZT7bdRKP9pNU/eMUyRTr9wa64CCEYF4vpze1HxYSQ9mCwGXeM90OvnGFQ+zGh95gjE/D4B0YGjoCB3NA58kUZzVx16CPpwbs9Fdp8iSYsy7kDpfCuMqElhp6WDpPcrB1v0xaCdr3BDmDJ4mX0FY29zHOkvRfYLpejLlHx6uOkQlkkEUnXMFDA2/Q6xQhoQnaUDK2W8yP57AiaX5PAWqyb0j46m1P0OWGuQwa2iynRn5TjwH/AC6f0n+UGGE/iYJXBkzm0+cOY1bcraxDaQxAnSs0EoWgckA1O5UVkEdm0xIv8rDtjjdZqXnZmAWyp8MXLjXpBvHUd6wiqgl1lC7fKLuOl+FUtsfEzHO2/C+3dj6Wf9Bkjq8kGoaMOaNA0IfNBOVanF9Ls/HqQv6MAMgwCa5raeoj48p2nVqbhy9Tda/doUHMpusetuGXy+oxYv79rP4WKxEJTdBLG7vCAiI4Df1SnS3F5t+OhxEgP3baTaWif8+3sCFFTfxb3792Lh5J+0ReEIx62wwvhTE2DDKB0oV9TE0bMVuHHAmLQSjlHjTnMefUUClI4dQr+1FRj52AzM/cMoUkCT5DoOYcCps/BgrzJZG76n6VoisL1wK+2cd5l4gxjUL3rIsRHIsTZluMU/B71jJ1LhmUSM+FYNCYZP+PrF8fhARxqO/c3mz6WDLLH7P7aOGYsFeXu5YGMjbz72jOf2CUChcQDefkUw630P5W7aCDHd2+FxUglKnr9DicHX4OPIjahauZaO/p7CthVCcOJ3ElmrqbJj+lmwPSHPAk+rKUNChtQ7/Unet5sLPxrzitlGsD9OCOtmLMH5k/r49pMJ3IUDpH0ohU5pWlJYgS4Y+YfSQW0JWPX4GbuFm5PbQBl8eLmdaIczenm14VtRT1T1qodmB1uo7xYA+/mWJBTVxPfeC3FZ2XHMtv1F25xFoPSkI6j/TId860KoG5IGYzllFv8qgI3BMnzx2UUc663Jv2Sy+cFPeXIL6gMBMVecuVAFcq5284aCHVBwzR2DdiHs23iWFU6txp6q7eBRdgjSV0bBv3ohcP6eDlP0VvKf9aIoVLUOY6MiaWHdTkz6fhbcnFfxoR0SGHpvAkhfKcP0E6WYEpEJw9mX6E7ZJ4zxG82lnxm+FpRyf8UDUp2rBI9HFlPlUVHc/2MzTe9+RLr5lljaJkaZF7/SkXwxzMrVgeTFRrDUVIjmRczEHUILSeD0O+r73M/LPRaz6bqHeK1zERn98YOs8bqg+1wBp46xxU0f1mFEgD/WHl2MN31m83eJtTxDqgp8re5QcjRBUMloypSyxDanO1Tx4iOL5x6lemgl6bGO9ORdN008Kodfd42GG/Pfg1DCYy7SMsM5e3/xvuFC0nZqgqmistCokghaO/fC39fiYP9kKR/JyKZvSyso9e02ks98SOvk8znBO5UmqSSCveYpCq4zgP0vE2H53Avo8PIcPk25y+UPt7FvaiWT6VMMyk5C/6+H8EiqDHjJ+YP91wacaXYT9/U589EgZs9YL4j/uw1sD10nl/UDVKOL8Gf0MZwQrQT2k+xJYrchVXxcjpclZVguSJw/q4dgd8VZ1kvWhZNJB2CwbgLkKiA96hqP8pfcsFYyBTSElHjitj3Ud+EL5R5Uh7kxqWgZOsylHrv4j6wu7ru3gwU2lpJ+Qgl9U7XB9pC/9HW2DgQ3bwSfvBKUX7uIWmPj+di3o9B9zAWylO/jlbxsqoj2o/hwgvJrfjRonEHLTKtBZ1cb5m4fh5PaT/IMjyM4V3MKXm38C7eEZOGqyC+eYXQBWz8fY6eUr2D0q5nzNdUwdpsdxP6zx9G5JTSqSh9cBV7QkTgNgkmxaPsliib+9OQ/hqe45Phm+vT6N79Mk6fzNQbQdsQJt7UpUo1nKz/Ieklfn4+BNtEbIGm6GOYZ3eB1L4xgYK865Anq8NyFP9DrVwYaC0WBy5MwntOggjeC9fn0YAIpHvgFEq6GUNjtRLEjx8PTPIL99VcxefV+zO/zoq7Vnhj4PQ5tw8ogz9QKutbpcWrWZF6Z+owy6pfRnjJt2pQzlmp+jqFgwXioNo3GJhaHRO/dNP/pVQxb/5TOtRxjBYlzMCE9GOwkjeDK2nUY9+0WvqpWgluzbLn16DOOC5oFfe6aNHq5NLYqi/Kd0mFe/HUQ9rX9gLhedSjvKcK0/QGY03wBhvaIMf6airLfreH2oSp+Zv0PxhbOIO/tujCjNwXmrI1k+BCM3oG2HNDqyM91NfD0XxnWXmxHa+P2Q9UKJWjfIsRrlgXwYXkxHheyEhTeOdKMzkG8v+sopG1LRCG3bzh16SiI3hJHqaUaYH5rCE68M2HDDVNhrlA3zSsuAsWMjfRtyRcS8bODDIeptGBxFmhFW4LLdxW6PpBJsqHTcPdfT9ZuLCY7MmLlqaZw2SiPLi36Ccf03mHW5TeQt20T9jhdgk3WInx71Q0+fTuErn+UhoKWKtoif5kyv/Tiki8WfF56NiWU3yXtSbb45IQP5x88Abn6BFUowjc7XEBFaCeAuwYq93rDsHk6HJQKAGPZhZx0oIxn6+lAXPwUulr+iy/Gh9Pj/ny2XNIK8yMDQLF0NazNl0CDYml+K2EC63Yeo8nbN3GxcDD5Vz9lMWcVyOo7yv5Oi/F4XwakrZcC/Xx1CBv4C8de7uS3YWI0IzcWj821hk7pxUA969GweDW8so4CWCEFk2ang9YXP3ptugoV4i/z8oXxHHfLgfvU1GH5s0skoi0Kqu1qELl3CU1of8eF6+fyn6AjUJa5BNSljEA/9im9C5Dnu/2pqJs+Hg6p5GNWuwxOCTCi1au/Q0FmDdmuf8dHo7vp35lbMOPdP55z1QqqRi4Gi8FREDk/nLJn36e+1U54P2ksbNsVQB5TnVhS2RPWuIrCjjej4UvoRlgVks8lIW5cevsvKP3r4k98mXylLEFH2Zm3P9OGtTeek0FDEW0OeM5Lfdpx2enLvP1AP7y9fh3cvo9H1X3+nNxlBdq9D9DCUwlObc3jtORoivFoQRe9c9QoswVW+tjBk9x35N2hAr+6m/iKeBkNhYwGXJkI3/6F0oNLKjTnryAONQzQDsPHkLpNAzpKXfCGpRhMzn+FKU+aUUrOFrTcEuj0ycN88b03bMtHLKw1B9P2Kj5x/AHvtYunBXUzOWtEJU4Tm4SjOoTpipgvSq28R4dMR4BP8GpeUtOE9R918NjUQmh6KwHvRP3oRLAdnhCNoHLnw7Rlmh6Y2aVTxhNEofA4HGWlyMWaGVziK45l15ah328Ffns+iIVi9SB0oh7vNZ1CZ67fZOFzoXBh1DQoe+5Mv/sNSXfzeVJOSseeJXJgIzLIrS07cPp1DXI/dgZ6I++hqOFl9Oz9DLaCuujgaINt06VBXrCIz7pkY/2EW9CaXQ6tGtWkkjiH5x+zxUzZDlSrqqCnm9Tg/d6VFBT9hh9emgjrzu/HGqWp7H4rnv6ZjgC11zo4cHMmLt+oAnr5T3jfjzh48voBrJEeD3/SknlUQxOadNTBYcM2FA1y4dJj0jA8cxDPaidQnsITDiseJFnDW8TS6SR+pJZOv1HBopQ/rJwnBddf7yWlETepa95jcJa4yIF7KvDpzzj0dqjBE2Ez+EBiFq2VM4AtHiL4s+MCBcpFU52vJVaN3AYn961AF58XYPBfNLZXxcMlI2WYov0Q5e9H8nqvGGh/5U1yU2Zy6UZlvOpbQ3tezOKWZkHOP24LL/e6wcRecQizewFaC59g9yoplM1TpbZuP2yWl4fh9Tb0X6oNeB+2QemJ73iH0ET+MamaOvQ/scJ1hOZpEjCyZT0PTVnIEhtEobXiOL87OwdHDdaB60pZurpwK+y6uxOtqwTJpPsQbJsuRAtuTgK393nkWzofSbeeFXe34nGpbLC+VYoVdoHoSsakdXY1vvkgCNQai65OmdjgeoYnzezktoNp4NGhQi+nNoJf+hM8NfsNVs1kOHrLhOVDGFL0H9DDnXNJSH8k7QuV5eA9gUwFTpzwcAuPs9IH++0C9EXDj0tU/iOflWrwauEoqkmfSqf+ttHfrm8IJ5LxWYMmRIefBiWlE+g6ZInTxc/TWDkHunZfjc51nIXrnz3JyqkW/plYw6xxqzh72IFyJvmjYsd+fNEcir5nE2j2oBg4Cziy+70cHnbThQtmXaji8Z4Fn16Fuy6HaMYbF/DydyaeOZrmmuTwEc9tKK+rD2OeqaFa7jWa0HocXpXYcaCwBFasms1/0g9w/LJinDHPFzX6ANwffcbro9KgZXUVvr13Ek4YTwBxQTWUsfhCIaEH4bZIKb9abgvPwoXIbulTyvXbyZnrVmBo83ZY73IUy9Xmgf+8fizeGoWFvyXAoqKITxRZcGGHLb7F2Zh7OZ1u6hizkrIiDnmuw7zX5ZQ2IAX2+z9xS78mvb2bwF+LD/O7Og/s839BPi5avGOTJi1KW003ZigARzSCzi1r6NhvikeW3aacd1PJ4pA73J9RSWVn9qBLyhpUlreEvWrGNGHhCLhzLI4F3K/Ry1BL/PG7jCoPjiRU9qBfw/PoULc9WFwOJ8P6DQQZATjxdjB9dJuI/ukpHNS1lNcZbuLxqavIXEQHgps02E9DEzYGF1Fxxi1YnbiaTMaNI09pM171JgUIFtA4UR0IHwReay8B5j8P0uG3z8nqzTa+GTaEsKIRwsQ7+Uf2dq6cYgRlA9m0fOQjajd4Q72aa/iRwFQ4OHOA1s7bRK8CHMGjMBFySmRguftBtimeyXdgJIv0jMAKlXysnL4H3fr/Qq7kJ56rqMrhOuNh4v1D8OBCP+XFClHQ9U+cFBlN132usnmyA4mIycEBvyMk568NFxPz6LjgUoypEuGYSC82z2mh39ltELInCUbfioTrLy1w+Is0CFrcBof0Rs608YKceBOKvjyfL84dAlfhK/DNQ40WfFvE08TMIXtvLvASBtUlQeip+IGz/v1hj8Dj/NhUnLp6zNm69BRuylEHm6oJfFh7HHoe7QKLhaYwZ2kUGAlsof5b0iRgWcDlWo8g18wMxkVMRW+JSrr3XYniRr3AIw2WXKv1EKwynOHDson439OFqH5+EiyRNIOiKYlk+mQebD3rTjPndeHyuIcg4J9FM18sYKHqUkq+qQRXrxTTnEp7lBPUw46wcrJ27gTLZ65wrOY8zRt1AKZ898AN1ZOg63cbPtvSAmM2VdLK9QVUdPcSotsTcn+0jutTR2BdmyGNKTQBg4LZnHptN8/NLWFD/VZ2H5PKn6a9Q0xxZD+dGh55eRSoZDD8zJSid4WlFBhXAa6698mnIIkXB2WB7kNdEBH5hz0aXjA0Vh0SN/fjqW+iHJ/3Hx1SHUVFqqtxz9A6Lr6iTCMm7+FFLhehdboi3E3uodbuVl7h0sRax4Xg/Ko1lGc6GfvjvfGGmBsXt24ikWgzMK3/hu/fXqKZRqH4VuUTSu9KJxsjJz6fZMl7feZTh+5qCKgwhxzhaTwv2Q/8/O9h+7cArmuYD0/XOnLTNVMs+qrPZm+8YIe9MtT0C/Mf91DWG9oDDuGO4KftBMJOBmQzNo5/CK/idTE2lLfDAPYUZuIbvW4UnmxDIyIc0eME0p0DE8nm9CVMuTONjpsBrOrVhrcyoXDa9xPH6Dixc/gl7Jaw4vk9b+FR0QGwbWxgRRFXjn6lDBXZ9iiXlMkrFq6Cb5+EUdfIGeyypHhRynGOd6wkFUFhunhTFNoSi/j2D31emnYXBLZd5pZ7S+BrRhmdzvxGLRnlfM3KhUNfjwThLBtsMJ2AAk9C6czKfdAwpxSTbXbD1MAj7GlxhHZ7/yWp9RIw4kce2D7PoJ77OTBaxZo0IgfgUGA1HDOpYvWYaAjJt6TN1eKQMXsUiXsX4/O3JTj1VzuXWgWx+ns70nyqStqXnfHHqEX8sE4J9rd8grffjnLxLF/OLxOgf32VdF8+DMQCxNCu4QI+vzKCnwvqw3DUc86jUaB+3x2EI6xIMECL77spc6yGLz8b9YA32l2kZf/ZwtfTE0E+YDPo5sVBZzuQc3oqjS3KZHHMJO1Py7GnZg0JSUrBWStnakn15yU0EZX2H6eDycNkMOMBc9UEMtZ0o43/yshiszykr6wi3YVn4UBNJWxR1KYW+ddQV5BGK88qw5MfLnwSpXlNhAM4Ws6CVyvuQ9apCA5Q+kKT3Wxh7aP9aHF3FuqWjcO5ddnwe5wERGl84M42SZhRdYGTz+aheGo27wgqhvnXxDlc8yY27ROk2kNKYLHtHa09Z8pjo3ZAmpcPrBJUZJv5S9nqUw7t0/TnOktVXnjACCK/pZFZvA2JLW2nXwETqOP1dAgNXcbT09JwZW8eT5ndSdVdmhC1pQNiT10Bk9ZgvvwtmzWuT8Pz2zZSUGk5u3pa4ZhgQl4iCC2hnXjSI4xiR8uzd8EsEEn3R9PLH3HxvKkse0eUziTu4fUaJjB94z4uXzoIE8994plRqqA3ZhLWLBLip0HdkLinHTSKjNi7BuF0jjs19nax2BIvWh40DI0JK3Gfeyq0dc2iHg1p+qYlgctd9OBgsRpt/k+ETX6epJ1eEzmoPAgcih7Q3N3JFIzubBFuhN8HdEEg1I7tF/pRyikpCJKtIu9LtXR2ziNuGHWZ6nYM0OAfopEOY+Cjhjp8nzQCLxjuwGjBq3B5yQKIHBIDi8CbdK/Elw5E1HD6e1nwrATWdxWhJD0Z/PC7GRPC16JgyAo4bT+L209bo9GMRrj9TQbqm93xd9wLasrypdzDgviq8AM8DVYBgRJxLhkq4xt15SgerQ47f/pwkE40a00vYQFwZNOvR7herwcvr9lAE0ov4OmlaZTz3gEkL47Gpde3UX+GLI+zv0O37UWhzLMBf2o7c13Udapr/8EiHnqwb4UsquX/JJONV6j9zH5sIEXyy6mDVxelIHm7AQkaJ8CvJIK+zm7u+2rOJ9K2AlTkUs2YD6TYtBLeTpxO73u0WTIniD5MU4fOcZI4UPoP0/aacMjic6g/aScP2Znhu2FbinrdyRvXXaVBKRGI170LI72EseFaI0WrHIeilTp4MjkW1hz7hEoJJ+HVMRs4eEUMzskj9R/egIMSRXCu7xUOetpD0SZFfnM6ntf/EaLEL2Xsc9keDIqQuibeoE2T1aD1ZjBnhD7GIIU77Cvhi/dGmGNkfC0LJ0mB7dfNrPpoIS/SckD3g+PY1eA0HAsyQTeVRq6b9o1/t13jOjN9mFMbysm2+Si+4j5puPRib7MJ/IJL4PvQDD+2GmOikSxM264AJcGxNOVlAohnhFFIozDuXbSSnJ3fwJPlJTBCdAvd22WHE6QUgIwXkXduJr4sbIaqL+aYc+EtzhfcSrULk+CYoCNt1tmJQQ/lYEpKFry78we2fSkiQdfX0FCigue1VLFlzT963NaOX2Xew9taWzAckQ7eEwNI+oAiyrRkUU3hHnQdnQDmkrIgW2eIqqen4WgvGzDuIwpJuwO99WugZfl+ujLyPugdieSNE+WwOvwmxjnZwN4sMRANnwLrYCbIDD9jq4evUXzjdvp3ZydM3beaeyWc0e9PInbbWcNaek2PK8cQuzaBfmEGB1pGQ+CK3Zw5uwpVL+wADnuC+dNHQ0VBLoR8zAbxmN3sKNvPiqOCICBbH27I/wQxo81UYXIV3riYwIsL/Xi6Xh63nNyD1ydW0EvVPL4zrRd9Zw5QU/deOCC8kF8dEIDAg4fw5aYM/qa8DVPvBdCSPQo0+V8RNKip0PLdw3A/Mo7xmRzsXl+N+8TsgKNkUXagmB8nmvH5Wfvos7At6bo48KV0F3wqKQ7VJ0p506txZDlvPxWqrAGJV0g1nwpZ/udOPKTsj1rGbpSibwExm/LgQagfD+vvRZcha1S81EUFf07DcpNXuFCiAmZMs4dDqybB0bHbOd63mF2sdkOQaCd+LCthifajEBeHJHCuhUfu7uVX/ywhTWoIfWQbQEr5G5f/J4/x/xVivc0AFJtHY8YGdW6sjQQft/HQlTifP79cwYtsC0n32ykyWKWD17bbwuI3VrC7qB1CDTzgnoM1DIlWg9KN1RAydgTcbZ3HatcCQXLyYZLevoxU9b/Dkio3fnFNDIR+vSXzmUdYLS6GuqfegrTz62lNWBFv3/8T/fXvwbo3j6F6jinM+LqYQwyXUZFgHCTsbMAbxf/Bl3O1UBjZCEcVxlGh4W8OPy0GO7tieUX6f4Tv7THniTUXf5TH/cZ+2G6ym76dnAV6kX9gxRItML9zlmcp5XJKWRJteFVC5gVDUKC/lSJlK2D9vDyo61WhoYnSUJ9mgR6tviiTOwjBd01xld5Bkl48xOcXt1DW3X+YfyIYDoUIQ5Dqcqhz+ozT/Y2oSz0Nqocv4Y8ni8DaaSPLTvuO/+38wN96ZKHVZCrsFS3h1tqxVHjvCUcXHEdBudm48VomDDT18UHTo7AjQhE6LfXZOnQhN18UBt13STxLIJVuB1nC5x036GBQNH47NQ5ir4+HZeOiQObedD6NauifWsOn8r/R6/fn0bAqBepDKyk/R4XuLpkEzUpPudX5Av56l8MybRbcvl8WJ3l10cz0Epowuxv2fi2g1DYzOFl4B9L9l/Abi9V40zWQ3JQQ+M1fepImRrMrL6GcqClrJwiAq3YjzTtzCI7uEaPRFq/BNvgLqGAeOU7JpZPLVkNfthaf8dQFTbE6yFVZycfXZ8D3F4k07fB1uCVXgDN1tcjDvRF9NiVC4jYbSLLT5Ulh3+mv6j9Sv+4NzfqidO2gLTY/2wsq0dtB9pAL9S40h6UrIihq6SBN39NEA9eL+dfAD1J7eokWnIzCk1XL+FfML8waORo+X23BQHcJGnl4Dj2yKeCoDVU03+ogfPHN5N8vPTl96y14usUMhqdYUNrJ9VwR0s+Xb37FU8mzsEc5CzP+NlCOqhuuEs3FxCgrMItqwqUPBUm9poofH6iAFUNr+FDlBOg9fomXH1OiKP0alowcByavNnCh9yeaHNNE8lJjQePPcdSebAvxd8LoU7orZe+wh5NuViAU9wMaZ6nSQ9UO0rEOAjdzY6j4sIJkGqfgVXFxanJqh7fXLaHoqB5afktD/apVNKLvA2tl18PivcdpvPJVVNd9jlvlPDlNQwL0HuXhFy1RHOVWTVbE9GJdMezV7eHaUGm+uyqJBv7dBpN6KThfXIm3tl+gwEvlcEvPGBquWeFTL084fe4BzzxxiXa1SmH8Kg3YMe4FRPfXQselPqg5bY/KHv943e0SFrAfQ6YHP2O65G4qXSYDZpUWKC/xnR7HNFCtTxAM1qaST8QSzK92hR96ydCplQcxd2wg4L84yLscB2bT1lK933f4UNlCnwdecYjdT5q3kOFKgxOfC1OFK8Mp2GyJ5CI+Ag/JTaGPcQdpjb84TD7thgvhLHRnzISGPRZg5quL8Zn7cdmv6Tz1vAo/vycChVKi9KbuLsbWi8LqzUOUOd4QNJwG+GH/OOY/Y+n8Sj1c8dyYKlpnUvlsWQjevoIKxt/CmAg90DpWg+tsXoOdzim6eEKJz4kM4bj1RGkWC1AyVwOvSbyCjTcVQLe6AQV03+LUmjLq/buGkj9oUvnAcZA1WED8ewUUppXgtcWWMHdOLy3QfY7xhZ7kVfkRojclgG7/F3oTfZNquQGuLhelcU2SsER7AaamZJH703sYJbsWl4lYs16VN29I6GFbJ0NMgl7u80P4vGAsxxnaUEeUOX0dN55VTsTCfy9jWWqJOqpkV8L5FdtAdtsEsFRdQD3pG5iet+PG5DZ6aDFAuz6asmXxHLiQkMgndZR5ddMk2JYsiGd0ByBMzxQa7rzn60WOMOJoN/2q28DuumdZ/nYrjEsdB04FXuh5rZ7PG62j56e14FhyGDXJOEKFwQw2nG7BEWvCaGWfA7jkvMH5KyfhgS3VNLl6MlzRAbaPtaSdX2Xho5EhXhC7R7MHdeDPf+2kfbiLLEOsaFtKJLz6kglRunth4Tc1vGl7kuvnSEL1Kyv499OATKJTyXAfg6TGSs7QPAI6gnbgOsaFZMPXg5vCAex6ORK6Em/RjPE5eGvrWF4XrQETBlXwq6IPbnkdQuVytVzb4Uly6xxgsyVQ55FdeNfpDWmvfAJ6y//Swuh4vmi2nDZJGFN6iA2PiNaHb4vLsOR5PPvVedLyBiEcbTmdLqyRot3xM9nTNBaEj5tzQNZoCJ06i9fXTIV3uVdJaqCZhd2JK3+Z4c9vLhA5ygD+JmqCT64meG33xa3Vu8lw6Dx2xPuy5dvx+PHDDJ7n/BaPPLbiaKnfGChlBR87vtL6rUlkc1MSJnQoo32rG7uWPcdCyUJ45KYIZwZX0PSrE0D47kw4+GMO1aRX4MCnJB6ZeIZm2njhqY/RuPjwMc65m0bHVeXh4dFfWPLSlryFX4GpZhFN+fwDg3Z4wYcHkix62Zn2aWjTbFshkBav4jd73+IVYRs+erMKBZZ8watRk9h00QYOHetDdsL2uHS2Aey61gBdr57z5p/OXJHjguXlC7kjMBUu3pHn7fiO2w6PgITpIvBRqgDFi97CvAcHYOW/hfRU/C2XbCU2NFxN4pvP01nBBRxUKwyxY4rI6dEZXKC7FT1q5DEm+ix0LPXAzbWb4L6HNU+zuYWioTqw5s0SnuN/CX6XJZDf2waqEt/E/u3f0fTPRZqor0mkvJY23TSDoc4ACNZZyFVBG9jY0A/u7FgD2zwbSL3nCO8fZU/FkadIr34SXNmyFT80raEtrx7hX7VHNEr1D5bYncHguhSQaP7BG+cUs5ORGmS3DsPcQT1WifhG56e6YnB8CArZvCWBj6tgvaIfqyVYoJ38JHgWcRnWBNtyseEfbGleAsun9hEIrMOk7jxydZtDo5LFUGMKw+q766iL5PilTRVmCE4lx5QVXGq3Ae5NUUDJmq18qVobRs6ShXANb37qcYxvXI3CUN8KxPNW3DxXFba33aC1nSq8P+E6BaQwyPUJ86SL17lt02EMXqLG1otc0MBrPy/Tu0VSu+fD283Tua5LDRwNxfBZSQf82LIZLRVM6erNd6SVPRs6sjJJ//kMOnrZGSXsDUDY7i/4fhrEuWtO0aavd7B35DMeV2OKR5z2o8JjxBMXFuPlVRJgZDiTEhv1cNbyX7z3dQC0zV2BL8dHwObUSXymVBnFetzBx8ge/oyRon/CE3njnZOwW+k7xtxdCyOPvMc8g9H0+qQpqNiH8HlnZTDcUgC3NMu4LH8Sy6SJYFirHkl0PUORnDe0UU2Wr4ZuhE5xERBVXEcOi+ewWX4gzK46S2bjczEgZQLl1v3m3f+Z8U2nfFwgqQn3uIV3mT4DnmuD/xN3H4pAKGoAgP9B9hbKzB7ZIjJKIVFSKiJpHZWVEk2RaEpSSIMoqQgNtJVSsiqFllS0lAoZpbqPcZ/ku5PzC2ZvLYWctUzqyRFkeH8Tvl/gwTH/TOBWjyKMOt/IM++8oesZnXgtWYZ7x4TC7oGLkHRnBVjPySTHhXIw7k0GjirfAGKyCXDPZAlYVfiTUrshfms6h2N8huH3SwEMtDaBNisE1RN9IJP4mLyfjaZty1M5b+Fj6i6ej1G3halhuISfRZqD4fMRGBc5mi7Megz9N71QJTqffKI+osOIGeidcBb8/s1m2xgZ0BI2orujvvF8wUo82fwCF32Zzq+zRfB1ZSR4H76DlQ53YcxhJ5BTTcJ/Xb/xgm8kJ/mZ0ejdfbywIZNtVHejj04dHHKpgQMXLUHf9ibJNCxgFRFRnNBzgFs7RrKvcA1n9BpgqognH10xCKvbZcDnUTUkTNLkyVahaB6bS2lO2nzk2npeX+/MYx9dpjrPGJRRZqj9spbjpu5DK5tAEAsJ4jurLuFl7708deNJXJlTRXv6o/GMow7IX8rBO2WfqbtgMwhZjKGiCcbYm2aGXmuSQeFOPe46q05fmp1g0219CHpwkhKXH+PhmiO8QDyAoOUF1Td70WmlibS1+gmemDgKzNe/gi+hO/HVhVVY7acBYaYFdOTjcliiE0kbd+fAK7smil+pDeZ+jfh91HtMvT0Mt7YV8BOypr8T8lHWNpd2Hsnm1/8V0Jl6Q7C120+3UwuhS6Kc3W7sZZHLAnjb3Z32VK6HbpcxnJcQCf/CpUBi2nTMluzEa13h4Ckrzhp7hRge3Qfxnvtcu+sBuffG0QhjeRjzyQNvtX7nmBfBlCE6jFEj/OHojxH8Jvc0Sf1VgkRBSfjmPBpUrT5gQ+E1LNxyjRri4yHKex4MGbbBw+JNvDilCTMXrYTbHsagWKfGn6+OxkcPNSiIbnLW6+W8889bOPijlrJWDeIb1qZdP8XAPlkQt+1Yx6KeF+lq/nOMbxyGtI7HZPIzA7Z+DCWnEXoYQmOh+vIzXPoghc/pl7B+vQ6rRvjwn8uGmKj/Cs+HjwTpEgk8dg/h04c14NYSRL/cKmHy+yA2FXvKt+Zepco5Ytw5G3DaWzGYUKIGklt3QcjSP/ztpSWOOLsUV92qQZPgcJIvPA5Ll97H7wmnQPLjeAjoPoYyqs28xzIUrxi1c2PXXFI1NsfVZ4Xptc4sMu6cDibjCb7slSfBlntkmV8PjtbBNPHeXKrTLcSgr55Yw8Z8JN8Rg14ThBmdZSenGzj6Zj/PPt2NTXCU0y0EedPWNSQxMwVX6BwhIUcbKF2ky/VLzHhymRjWRXbyWm0tqpCeiw/MD4GFZw7k1wvBjA2KECCgQW8j/NnYXApajYXh9qAF/YoYwYv8B9lnSjV3JL+iHx/VoRCcqcZ2AIVWxrHdDxs6fESFBifPh/zkHtpf95OuPr/Jzy3tQGuKOdbzDDT69IA1t/RDoHo/fz+ewP7ZobRN6gGmjlnMyxsEQcbRFht/rwW5qUtootQzaM+Xg2uJQzjK1AKyzjuQm3IEXfysA+97jejjPl0YfpAIr/0fU7a1HFfCOnapFUFDCVMOksnmnqlysNtNluYtr6f49f6859Y1GFh/ggvmfuDir+95319jflLzhn91G8Nx5yA6t1uTk0sPs+64AFrfG8Drvezh3SNAX6s80pLOxtn5o0Bx0W8aN/IUHP86yALOa3jLcB0q/DWBucUT0HZqGWitzadiSSUoHfaBH6PVKP2bAQ3cukrmM+7Bz7+5MMV1It9tEAKpqW60QFMLCuSvsMJqxNtdqzn3fi8KnpxG+XtH4DTvDhK13Q1lIiso67UBnKmYwnFtyyDq3Cre0lYJg97GuOJFFDt1x8CI4YuQMU8YuE4XlIKTMU0snoa/SNL2jlH41CMK94w9woKPtDl81TrWEfmCVzbIg3uvEgyca4XiIydAYpsMu9ofJsrq4pMnPPGaQCyU5DhCx4ux0OC+A3ufdUNreQlFLdlEFYrSfF8tCS8kCtKN7EVgWvICnicyHFmbgMLXt1BSsjWUTgsFHfaAgNzH9OD5WuifFcQLf37Bm3WiEC1sxwtfnuZQ/b0gOfEEe6Z3kfzILRyWmIOja0dAzJxuCjAfD2mzWvn3i7EwtWwUvdumALF64uiUVgoiWSk44cZpPpsyj71ZFaJOF+HOjVOovyIOMg2K+UGcL+T5V7HZnPnYwPfps3cznX8sDsFja+ntpzJeI6ELU+EKSPkqw7zb9fSjToZ1F9dQ3WYTUovRhL0by1jlXhPNMO2FEx0RbCqSjzLp/bj4pDBWHjNA8zt/efipBXQXToEqq8k8868bfzikSV6n3Uj1pTC63UujosptfP+ZGw+d14Yf5U4kqv0ZUutE6O+ffNayWQmLHtRjx8YQOBnvRH/nHAexPWIwL+4t73kpRPVn4lhi4BIMSGvAKLdEElkSQFcP+lJG3BV0LB8DsydaUsZaIw40FuBu506ulbjOqf7Lmctv8J/ZrlSlb4gX9LRg6351WrJ2A8nfkeXcUfEMg1dR6PdGNGwIhw+9b1gh9AZFfzSABTJxdL5xFkS4jcB9sS4ce+oUfY5Q5PjiIbwoa8iCW6/QK3YCG729oF0+j5d5i/MfwTEcd2MWd5v/4KMNZ1DPqJIs66ZCWowBrFy0mOJDrej4mU4McN+KVrWLMXqTKzwdVQIhaM81uf8wT8oIFh3zhNE6/ljVIkeLXmhg5Z56SlmsgEmjEyl95DXevvkKGMrqw5Gzp6Bo8U3W2BaAB5ccwN6JmrxDy5YvSy1EjYmXSGp0Ex58Kw6vxd2ha/9oLOvMh0xpX7avKEGRgPXoorqCxBKUOXjyW/bOsYW5y15B5593nLMuBeOSvNlw6WZ+mWBBAvr1NHjMDg7fWwZb/tjBH1Fz3lYqxX/jcrB48w42M9GGDbcrOC4zEh2jp+JCkSPQ36MMS6R3gppJFcX+/M5PvkeTqEE5Tl7ij+Xfz+Dx4zr0sHUA/v4nBtvSH2KYqRaKXTkIA1EpkFluiVrrL7BUehHEyWvDxZsHMDVPADyH7clNwh9ybcdTTPcenjjzHEU+boZNM26T999C6mIn8HymDs+LgyhD2IKyLUI5Vd6DZIsWkHLCVuw220lZDRfgXdMC2JKsDoqrX0C5hA9WPXXFVN8FbJ56iTbZjsd3qg+w8rIuGcB2vm0gCLIRtfT6tjBlviuHP6deYsu7OC7x68ZT3fvIXiCAKvWbcEeOGDy5KIHFfBgTYt9h2wV3Vgu4TCmftWCzcCkfWOuGDUPz0E1rJGR5PYacOUtIs9MG9R0jofvEI3679ArnRi2kr/4FaHL8IX2ZpACC1y9Bv3oAxpQc44mnz+DOrL/YHDSDFcbnU81zc9a23gFDcYYwdt0TyN3oQU3lThBSnc4OT2JY4F4IzWl2wDtlgxhw8SG+TtCFvFmRlIF3+az5L+7AYyyq+hoWn2aY1xNNekPK7FJdSM6fx8DJ7tv0seoUGfgtxM3OOfBKuZZv3PDh1tI8qHfSo+gJHexv4gRJkVY0ct0AvSp7wNvFzfmM7VV4oCXDj6fZ8L7wuTT1z1r+r8oObL8xrR/1nAZLethjZS6uHXYj99Hy6Nt2gwSO7oDdZ5yoYZIiVG8uII0VAvgi+QZdi9iBbU0h+Op1HVR5bMF73uFg/34kRawwhJMaNuTcMwnlREWo474KRWjngtFkX1qpHYN/1O+jkZEJf2l2hIg17eSXfopbU05yT8VR8nnay0vO2PCvhnE48ac6Ng6JwLw/CnC3Kp36o134Z548DSSfAt3YlRQbe4Ej39XR6a125HUqCauszGG31zZ8eGQhl9kP0sK6Kj4oqkK2yWKUVDQH5pvbY+CYY2TdYAdllhexIngJiItNhnMPivhP5BG4pDSLXNr3gariBxxpmogwn8BIJxznhffDlxJZehQpSrOtV/H9lDmcnuaOqzcL452fU7kszwJyNr+iHTFLafZAPr68bgZhM3u44OVcTrhUih9LIjhhvSjuizECb588jtxuRLsaWvAO6eEpjTAM0CwmzcUSlPwwEzf4xrN+jRNEeEtg4Sdz3ityhBt3pvE2CWV+sqwJvh25AIVf2sFrWx+eeWkNkuaM0oElYCj+hZfvruInkn68/u1DPlr2gRfcf8BqghbUt1kJXj7+SVWGbeD7qxK8bvygO/SG5q1fiStkM3H+T1FUGpdEbrIyUGLykc8EraPIRXE89sNJsP01iPOlV7KZSCKuvTWZY/Wlqf+rHkjvyIe3Puuxu3sy+2ycC4tcXOGjvT2ofr5JJWeng639FT4RoQ4HRSfxl6m3IDNxDKZtdseXR9V47p0+MjN0gJNnc0DrmhwU/LWE4j4p0pD2w56NPmB1/ADuuiQGVfff0DP1jazgIMHtH1vogJ0eGBXm8MvU0zw3Rh+3FQpQfhryV5OpLBHyE2vM/wPnplLcKGQFFzLcqd/Nn9bKd7NHhSvMfP8QGpfUY1vESVx6246LOy+BmJ8QyHW9g9WS8VCcYc3Sit94d+la7rzWSnjiPJ9b6MwtLUKg1WAGOc/dIIV9cEWcP/j6zoboGmvu+9ZFk3XbuEf6DhwzHAaXeiPwjdkA8S41tKJWlc9/3ABn4q3w+8z70Kt6F6J8NNgoOgYW/5SCAyHnqXrEE9qdpYHV+3KhVLMKXr7NIid9xiUXSjBHRxSkFznAsS/laLLhMfq81MOmimNIqaIwb0kpOw6KkKXIYWxM+w+SFY3hy9AfUN1xE/emnOaI5VJ47ls3q0+VwwcRl/iWUBJHv7mOpfEG4GQ5n08svgXrlj6Bff/pUsjUB2zyrA9Gb/1EVwOt2fvXBrw/0QlKxh7k6eWrcFLuVmgPjMFR86o5ReQdfV5+HL5l7cSVfwKhaUAbXo7PhlLfBaCb/IM97abAtI4WbFhWBJb5ZpwonUOmjW5w8LY8rDD7wg6C9Xw9NA3+tVvTiOxBSI+ejjcPv+BP1UmY7GWKNQfGwqfJR1hSdDTY1f0C7efSDKFLYJ/GJ7DcPJ3TdpeA96ZEnGcmDf8FxuLhPSmkMXE/bnnrhE6oSOtNddHZL4TmSclwXtVJFO4QgJUZ5bB38loofuoKOp3v2UQ9gKImpfJGuR0oUSZHO90kaMFEAzj9+C3W92bw+WhfHpKsg5QfQ7BkoTve9jnOCt8nsK3aUdgqZA9rvVeQxCEnVmvRxf2yeaxcpkPBGy7Rkx7iK7XOdO2eFjk8FYDvf2pQbAuD9ZV6GN3mh4/ttsKh9Ym03d+K54Z8pV0F2fypSBNGKu3gq4OFDLdsQdl3PcvJTwfv+nl0QboPNL8po9kiTZRZLQsWru9IALbRrmf1EFFVy663L2P9aFdosnKCE5EB/Gf+UxqfpQkNoXV8o2Q/5g+40FKcxLfVY6Ek8DAkz26GIVVnSvI9BB3vJCCl4gIcan0AK1z1YGvLXsqZGUCrnAAuBF3H9pUlaLbRDgWWS0FIyGUalLYF7VpRKK8PBVKfj4tVvgJM8mOTnkhy3/0Xvcerg92MzeSy2BIw9C6fe/sdHhf6s/uUOLL2jIFp7kO4skaXJ58Sh1UpH7F24lycOKWJh/qGSHL8OKR/apTSuwd/1YjxxiY3TvxtAL+eHYWSml3oZOHEVvVf6arDB4boGTwg2Qnra7voTaoF+AUqw3ivHv4pOJpenj5E8UmtuC7uK8rPTeBglVwwkfah+BUv0LnKEVyvnYSOkg0cMsObBub48oJXZ+jg6tW8V1gVzA+n0a9x+qgurAdde+LhfEoyL1rYS6avFaCovZk21nbxpnHPcOPS87RFQx5PNI2FAxYCWJbXRkkVVszZ42lW1FWe+P0maRrcpbPCV8Hb3RntpMfD9eML4XTVdZK5uQCnr3eCCeWXWMlFEs/3NvH+smUsX+MFPfEGsOeuCC+XVIddymFcXLwYf639wJrNiVgZ85jytarQWtifrW6NBUvlEnjdJwzLPu3Cobnj+a1cDFTKHgeJx9nw4uFb3LFPC47rGYBCkx9cnWhN18iR5l4U5YLkx/Tefgv11D3F4aWzWWrnURBfIQjRKuPZprEb+5SsSbr5NGvUXUCjuctA/sZ+lHCIx9W/xPG+riPUOEdTL3hAQHw5Z4v+gHB7fbyiJI/q92rh+3ArWl0/jq7mNnBefBfYdU3Gra/8+cf205i+5C2anRWHpJyFOG3lfYrV9aFzixRga6M3g916VpnlAvXjnoHoOV1Y7uxA00T0aOrBNHJy8eaXOxxhxdOjGOP5EISEEjBEXxEfPz3DFaEJkJcgAIuz54Fdsz22lo+DtrpxXGtmDfOOTMYdz0/BlxRZfNb7hz9euoZkTrDq8ixIP24GBqciuX+7Lu73TIIqN2cIPVoLegVZ9G3fQc578o0ebc7j5adHwevAJ/hUTwIzD0aQRDewicY7qCv6wWUv4rhJ9wzfdQiEHfIy8HbRGHYdsZh2laTx/ZmjMe7NbgwyXAPRQVfp18pp2NSWA77zlGDcUA3v7ViI6x3NeWpLIfuHbqPUp+uB5T/hiulvqebnWdxyEOBqSROHL/fGLxM6obbRni1WJPM5+2W4z+kkVA1vJo2Fb0DukhN0ri7mB78/YtubdbygK4azzyiw299JJH9mDlR+ngrVO89DrpomOG7dAjaDyfiyWR7NM4bArHUmtME5OGg6DuJOa+L1qYtgX6wijBVg/uD/CNQTD8OGVldaq1tE5aE7ecKUzXRreR3exd+40GA8OJh44t7kBPCQzqQclUfw6z9L+OXiy3LPXtC9K0/pvMpu4gcT4JzvUTq9XxzyJ7fx2Euj6INDJsyuC2JtuQ66r3uJvFIEeN5HHTjtUEib+oY4fNd0Xn1yFGRfjIWF1gfoqbQOzmpzh23J23mDnTVUXR4Evce7WGlbO5+rHYPp9ZVYfuYFBu6yx0P5Flzr04RgowCRUtHk1rKbzDwXsc1ONTQqbuFMwWFSnSDFNy6OAdeZCqzfoAULXsXAqjWv4ffpABBQbyeVyk100XSId/+dQ1lMUOVYQeELx4B5ejU0VazH0+7G+MerA1zDuuHSpfsQIRmNM75fwhuG5/G8qAFYKvRQUkYDz9aPRN2dT8hQ8AVXZ7dgff9zvLG8AXdc9AfnQFNIsd3KbSGWdN7gHZ1NqSGf3/UUHHCI2x4XcYCaPsjOUaflS0bBBJHzeLrpBTlkPEUnQxP4MjcIx3SdhbAyQziaewPKr0pR7z19EFdXoZtFinjX6AqF7gE+WerMv8Lk4eu+SpKMDGbjXT5wU9kWJFXyIWLLXEo09OXaQ5tA0jsF9n71hs2Gs0lCahZmpQyRgpsQeNbfg/CNtjTD4hMM6U6l+G9veIzKM87fF0z11+VRxckG3NpFoTVxHV2/dQ7bbv9hqWJJ2O3SCWk/jmH34VIOKVSlY2sOs2XlCKh8a0KlgURRy+9jr80KCqwSIY+138DZoZWctvoRabfjt2EnCH2lD1sPZtLskW3c/sMGW/vcscHmOu7alQM5rkYoGBYHS0NVIaooC1QMp5P6ZTkOGu1PpCXM14J66cSpuzBJ6TycScmjizQSnuko4ur16iR3GMF1WQRNGJ3EI08m4N+0PVz/9yYnhBtQ7l0TcP8nCCC9mQcnrwF70XCYJmBKO9Jn0arj89nlghqUq+ijTeM4GDtvAWbIvIfe2u+wl+zAY+JvmPCvD+qXn6ApO3K4XWURv+lFWO0TyLuedZHRSD+scHhMBt8L4LbjdVzxbi7tfNmCat0e8MZrPKxTbae3E0/QaK+vdNTlK5iNb8QtfpW0pLueTa67U23JXNTdrAVxzbv5soghnOqZj59qX+DPfUN8q84A7k9JxIgjB7ja+BruA4BtF5BGBwyC3NMXbKQZAHI7R/HKEwQGhhZUtVYRGjIesPRCcZB4bon3Y4TBo/czJFw6z6aHvlDRgzyKefUDJ4cZUpnLHxbLNINFVqe4ZFgEIjw6yORGBDYc6+Hp+a6gdEQUkqrHsciya2zgbQHfdWOo7vxF/t1UDjkqkWzWNshvnIugfaQ+Wdl+wi239SkoWRlsPt2mE25f4UBqGLc/ccfqdWMpYIUgTIg5zOrTD/Fua2sIbzMGO6dRrH9EEY2uHKWm0t+02cgGxNp34sgp9my8Txuq5TVwhLsVYOxFWnqqkOLW3OGKtEQoM7jGS6oz0Ck3gMLrN+OGuOkYWiABmx4ZcPt4b4xskSXDjymYVXERXFNWQ1nNF76mHgf3/mvEf5L6cDivDCSn36XbboGc/j4IdwqM4Se+X/lj5w62WH4XRe7sBJioCV8Uivn24Xcspe3Hp/0q6E/6RFZ7tA4dJx9iiQwtCj76mh90joK7zoVEpyaAiPJ18P8VynafYlnN5RVNTh3AsQe2cd20bj6QZQfKD1LIYtCCn+mOY4OcgywxTwtsXg9SxSEXTvKax6f/uwWtQjLwWPgn77+wF/NeyVPXLmHel6QJdU3lbLhgGk6M1UMx3wck7WgF9heEqGrNZIyevh5vK58D1TljaaLNXMpsLyf71ZXoFf8cDQWsQTR7P6RHlrPn98W4akc5OLZd55bAG+QaKcRF5SWoUGzA1x7JQKSJIj+e8pciVurwYMhGGB58TOpVwXT53XM69vI6mv2Q4wo1W1jaaEw7P6qhR24vKPc749Honbw95jsNRWvg1ZCteENwBxQmSEDUVG/4l5hMX7reUP/McthudReerLoJH+f5ko55HAhmG/MtdUFwmm1H/ZohpBO/CpRCjuDbzlUgrdgE57r38IqLv7GvQIEbC5WhiZNhvglT+xZ3khh5EY58WI7LRozCq1ca4LzVLXbmb/RsjTYcDMviwElxbPRbnCcv76RpvmNAvPMtaL62oGS9IliQegVXdAjBoqH7oBMfzeIr4thhoQmmxt+HtrTteH3DZXJc9h5kXgzw0nMyEKG9EScYyJDSvs0s/KMHhv3/8tSwOgpN3caTfo+lYhNBFjNUAJUThbBveTd0DQtwStEsWD9Xk3/M3Uv7+rvwW+NRVvh6hr0vS8DxH9swtVGADrs2kv8iI0pOMoGC6985+ZMP1D3YxqITCvBzjB1UjbwCeW35nFTkAEaJc6h1XRKZuYfi9TFIJouk2PjnZ1zlpwur5vjhLzsFLJrUyifXJtKJsll4XS6Nr5Y9he9Sn6GgVg0bQApi1l/k6/eEKPZSGHhGz8Z4HyUYsS+T4q4+xCu5N3ikaQ0urrKEwy5fQMfyEDw6KEiJY+wp4nIx7NvUDJ9ttHijSiA6bpBC8Z+yUKsqAnvzktl2wkSu3qMN5y8Usxhspe6RgphbI8at+z7yV70RkOqM1O95E+w1xMD6tzycv5FOcypceJHYWVosXo3h34hjPW1hzQ5dkHJLgKC6Fsz+PRsmnB2LN78n0seZDbBV8z8OnzYGyg3H/9/83z8ekrxjRALVb98Dq0JWor1NG9+YfxfnTEvAwA5bdG11h3VrdeH4rUzcprCMlshmMT7xwl3iAVy9+gZFFathZtkZWpjpytnLJUFolgnZLrzNI49LQ5nrR4wMCSKBIwH0YutImPe6mmMsFOiZlwScMM+i0bfmkwG+oIcbLehB4FiuG7kDmzzP4v6u8zBrsg/ulBIHodqXbDbfCc/JtbFvkj3G55YyjGkjBxdn/tpnQq/WziTTJ44w228NTbh4GM9Y74KLURIYWfCb1bSMISzSmP6MjCOfHEdwabGBdHlCg/ufwHeLMAaqfsLhMV2o6O/MX9OnY11JNExW3Igq+SPhvWcoSUhNgjV3ujlqviEHr9hM2vsvATlmoVuACV6o3cv+r1RhUvwESNqphI+lNFCl7xHsfKGHqeQJM2RkoPBKMBybtBL3TVOCiJpRLH/vNJVGn6QFWISKMoXUNGoNmGhG8NC3k5ATbot75OXBwMURjGp+01iT67BYNAd19jSjmvQwPHQNxGLJt+A6fRpr7RgF2xTD+USjLdoePkbPS3ewqLU/+yz4h7ZDi+jl12kccPcOzHFRgYCGFFpbm4suIePYObOUFfNH4q71U2Gh81Pcp9KLW7TO8a8ECTiR8IWndRlA874IcC3eyvf9W/jRBCPccyUPzI9IsYzESGiXkIL1Z95Sqed4+DJnIaRn+vHnPYm4al4BrvwkxGlHinnViNF8pMsS0npVeaOMI5YHvqCLU/dBjcNnelokhg0tj6k/3AFO6CxjmVhZaM8LgDmazyns0Qf+YdGN3+VOgvpGddrzdhMJn5ZnUwE13JhpBKMa7/DRC/P575AL7V6diK2Ln8Bt3AiXhz7gXSlnrM6TxGebEBIz59CFj5NojX8amrn2kUbBSbhV1gzd/xJwrNBi4n3BXDDPGCqU1tDleX7c6bMeqpKdULDYDLNsLVCyyJufqSVhsGIuKS+TA+WEPrTU/sx7k35gQLwKbarMopojiayQeIkd1+yj3/NlyeaPJhSnTIcLN8ppl/JVrjvTjMEngLwWLoYanWX4oTQGZ/Znk9yx8aDioQivjJ9h78TFPPthOY0w9Qfx23EUKrwOa73UoLl4LF6ZqwBaW2awZ/xqEv19E0e8DGR8GAfSsal486QfB4XF8qiJDhAgoA+C17ypx/I9bv+ZQdsuatOrjHSOeLGCDDXbuFbpEJR57+BcGSnIikqH/djIaR0O1LIpEeVDpVh2fAxNMdvPJuhKQja/YY6ZBWhL/cX/gnM5dSAcpIy/0f3pfjBxdiAZnfxH490OYFllAz8vN4WjM0ZBpXohRPUawKxt/pC2wZyasyVgXWQubZd+SKO/vkOMsoU1phXgKbkVy7Z8xCq5HSCrNI4dl2ZTQN5d+vfuM/539h+v2KICr4/Ooj8eM0j1Yyn4fHzD/3n5st1NaRp2s+Q5b2ZzzcGptP3xaBCY9YpsdTRAtHA3twiuRrceURS4rg0+bnMp71ob758gjammVjBC/wyfLIulUSfes4KQMp38Txf2v/+PzePaqS2wmRV1DFj1iCVwkg+ciTLio492s8iLARCZvgoXpemjg0sU/BieRFuSb/DkXRqwYsdu7MV3ZF95jIQWtKOM6Fj+EHocC6+GoKSZI+WfKETbcnk4mxADtb0/Qe9hHyWUy8DHEWEglfaLunKMQXnnM5j63hK9HSSgX1afAx4c4zn/tsANEwFS9IqC0PBUVCrVZw/TaHjRIMGdwlYw+LyUJoYLcv+rCDyzaAsY+4dBQ1EPNZx/irWXXvHCFQXo+ApBoHgKteRF4diNkyDWxIw7G0bwzLFjWTsvBCe4yEHwWlN6+kEG7rydzQrhy/FlD7PG+UmkLf0BPusGcUWjPjqY5NPtY4o4WWo83NQYhBcLz1HSwUbA9ihuvwA0V/AIL6i/SackramnvZNzusXhsexmUP2rAkdT7nDCWV8crWKOtcb9JJqgBWoVm8A/xIE99AWgY/pkhIL1YKKQhzdXa7HR3L+4WOgYb26Nha8vs/h9SyXH2zvApQ3eHOh2AIOyRYhV9TkjfA+I4TwoUloCs8RtOLiqnSR/asHyEcx7epiCD2ZCw3FterRfm5QsjvHy8nT2MjxLeofL4OpTO1j9/BHn2lTBm20drGc6B3b2yePhD5/haZ0eTr69kzboXMfZ54ShbygArGLmkWF/L08qHkWPfAENNshTtXIPFz0qw6T/0iivzRB2TwmB7T+6UHzLJ8oVluagU7UokWZKk8ViOTF9Iv54Iox5gxOg+XMpvN46lW3Cc0B/4mhoP5tByW8moF3kTGy2cCDrlzEcW2ICmduNwbiUSeq/NrSvrwRePJZU9BLoQNhDqm2/hzei/+Ofk0VhjtRj6m0/DCVbi9A4ez+99zWmC0E34bjvLJTeogrv22RQQ1cRLjed45VXTejssQL+usyQcgfqWe7udJ5c6U8aDzTYQWct18w0g4O9evBrTDOaPwFafGAbf//vPbyhUlKcVUDfghbS4t3O1NslAv4xs/D4JD9qE3pNn/ZuBK/OW3jD6y2sr76F38wcqE5oL3TukYF8L1t6Smvpq/h2evf1G/xT2o3bG+Vhp4oVL8p4wU49tWipMBYG5mbjjKRTKNLbzy7WCyjjnzDec1NC9Wnv+AuehsbbldjjZgOXo/5hWNYhrM96Rd4D38Hq+lkWqc7n7ZtCuV+lnpbmRJPRGhnoj8gFd9WtlGuznntXnIGIa5vAxcIAFtjNw+ll1SBm5wK/hDXBPsyXjR9rsvTjVSR14gm3BCbQ34KvsIbNUXapASZ63UC1VCsYtPtMq0+ZocubmTRacxNueJFL6jqeJJAxhZ+e/svhzz5CYbYNyB16yR+7O1Hp6mbe+286+62fQCc/N3J42kcIefaHPAvjMFRMEKbZJvHRK9NoypFO7pi6koM2fIANS+xhZsZsmJmvTDny90C1TA7cg0VB9kITpofvBLVxf2Hz1RYuVk7E8qwu3prayjODxbDxIMOLrFSaXLocX7rfRKUvfXjW/Rx2uZTg5PdacO6oECRYTYPn70bB1ulV9F7zIAh5CKFHqzVpdXryyL3jmfaIsMLiFnx7swhSfojCOXln9rUby3/vrsWrxwTo580v6OWnDabv1yH7dPPUTwV8qGosrBhIY7W8uzTp7RFOPO8AeW7S3Hgmk01LxrFgTQtHRNvwpPHqYHM9E1ddukIJ+/fwnuNJ1PlKjFaPrUL3IGucWeOAspGy6BttDBdPPuMlAy9YWn0qbwg8wv7jx7PlvxuoKDmJ7034giv1GZe0y8OYOQZYkfURj71u5M77fqh1axaPc1vFHj0JYBo6Ckd/OoFS7cKgtvY0N+RLcarFLXj34Qw69Dqzaqgl3Z5kzVtjnLg9dgsumaQIK3RP8JSLs2G6SQcGHt8DF1ffpban9bzu8l5yk0yDgBsn6VidIuw19sen8pkce9MbV9X2UbpeK9lN8eBJ/XWwf1kIGYQKgmy8GdgHzEG916HU6zsfzPzvcZj3Fv7zeBM4bnABpZpUDB6soNXK48D0Pw9uU7lGJ4cL+bnYThRZMxq38HG45bibbt66xdpb7iONVgCFk4OU8+wlu0dVUPWgD5x5fI0K1mWgaNAd9Lz8iz78O8KLL6rBgFMp+KrEQW7lWTzUpUh1BTP47QxVuLzJGKeOXYKvVHv5vYsFuIj84Rk/l/DmrxqQs/UgcGcV3x5zFqotP8GcpGaYs7mG07epQ1H6Gn6tGoIpQlsx/O4L0tuzm69kLsa/qZ/4cNAAT/zZDSomZlAouJNvD7tB6HAK646eQV7Wf6G3xIuc8u3Idpc6uDyIxIhUW9hreJoe5SzkeRel8KKQNDk5WMKZxV60+pQdrCkL5PFWr9nvkjJ46sjB5Qf74ZHlLPw23gAzBcrYbb0Fd8T9xMstvTzDIY15rCooT3hB4n7WUPj+EC743MCdq3MxsjGE97icQUnvi3hjwnp44yYKd14Kg2i6OD6w308bs3257b01K7iWobxMMs9/Ikx/U79QgvU46F/YDHXF5bh7MJxlHjznMJpPFf88qTjyGmQueUyLG5/S8wPK8Pt+J9YkJLN1fCpl6InSyo9D5DnmDXxNfs+PfA5x9adNsK6IIUg9n/o2yOAov4dQV9FMSm0j8VlED22Y/Ig1naM4afkv7JIUgPbX13n2m+Ow9rglq376iZfVjEAalsLLj00s63+V1m1einvfjIZGs3zu6JiKZ8ROUrxeBPrpWJPu4t0stHgL1rW5UMfQMF+eIgD2vuHoIfoN1WbXwoRFH0h8yXeK2CTCG/7t5mWvu9gjy5z3J0vCn13K2CDlRuu+uZJvmiOf+XWcWx6PxF1n0yDH8jRz0H2IXWMKkxoRSjrs8egPWcha5MYeEh/w8Qk5mBQeRedoCVj/7QUxvzFw0Ow5Fyv9pJWnnaH0rQf75IRRyNBuTAI9rj28gwPfvQVTOxvY52jJ33x6ofamNL0+nIynl2ZCRSmCoL0gTjFM4nd+41BXxgF4cAov6q9C9fAFPHNvEvdEfaMdg+5UEHYAo5+dgrUz0+nNIUOoHfqHFiPSuTymEXJS5qJLsyj0/bPmL8v2s8KfCRgWugTeptgB0S88PvchdJSNpRt2l+mt7AD8kczBaMmt3FNxiUNKFPHaoB14ZT7gSxMOkJLiWDx18yWef3qa3V23APhuZ+WjitTuk8kn5QzgkJc3Ru/wILVTtjjmhgj8PDSH/I4NkXH5KfaZu5/Nk5Up0VUZ7uasp3ktC/HZ97d8NTWLx7l+hPuxGVCSFsmDF7bBtsh08BwQhIlLu7nhpzfvnvmIT+hEgE2wGXy6owFByvHolCqMn2xbOOO0ArxY5UwHxA9w3dGJ3BV0Gb/oXqZpK+KwJroC+hRrIMR6H8jP1YHORAfu+DfEx6QngNjAfZyaa0bB2mWkVLQchPJFUaHnMFSbmUCkhDR6fHDEZblqvEliHA8t/w5ya+L52DxBMm5JpYu+5Sg/3h7MFjRSY+Vn3CB0gewOdfOMkApsj35Ixi7FEH0zBYe1T2OX/Uj4MPoO1GXbwD1DZpHF5+DgHE188nAsTA2Q5j8Os3nrOA/WX+8IdhXrKFBIg6bN+E2pbxbQwvsFcOrlaLj+Nwe+iJnCTnF1fjdaExx9snDIdTlJj3mC8rcFsaFVAS5YrifzrfdRrzyFuyc8gCUl8lBwuQr97hRQU/5s+GOYhR7uS2ntlni0iRwD24WZgt6a4fUAAXhosQhkm2352LJEVpn0HC329eJ5y/k480sLzQ5WRQ60o9RUfUhSHsODgy+ZMjwgJuk/lo+/gkv2WmB/6gkcSScxN/4JR6iLQ4iqP1ep9qDH9yj2/GbF5etl4NKUWD6xuoi3YS5qVP+CNYctobOzgKTTfejDcyUe+DgVawcU4bfOUX7m9whmT+pi6+q79GOTCDh+nkkfggtwzN00VoqTxTeGjynM+SkNrG5lanajqw3vadJII7Ccs4hWHd2Em5/MwyrnXHpClaC7QIM+yvly4dw4NhRu5hFXx4Gmoj6ylxVPGO9Ac31+80ODQTr5+DGv/GSNBY/G84boMlqxUgQeloejx5sgMnu5DcICGul+kSAsiMsk3+ILJDw3m82iRqHL6HEQH3YYrUTkcaDrLceKrkP1aWNAOv8dWb9Ix5ebzKBnuI+ev7CGtNRDtNlTDKK8JGj+TFUOm1BNhx940FvrIJxR+AK+/hrBqbkEjeu0YJzMeTw5+xH8uD8PVGXq6OS7SdTx6jaPHVqL0e5rwHeRPOyriuD0V9tw1nZBoop+zARPKnOTxHfX2+CRdx8+mD4JExZYgNzE99itr8Y1T9U4Q1EKrMbeg9T9HrxrUzCO3/eb8jsD6UGaDbgWhYL3a01sjhvB+VuO0BS1S/Qhd5Ds7Kv43IxwLpJbxBrjNcH07VIs/CtGn7fMhv9arpF9tBqoJvbhp6zn9P7DLrpoqknSYSKQuCYDIrLtSPfyBDj2aD9vHj0dAv4ZUfU1P5rm0IQ7C1ZQmfx4EFXIwPb/QnDk/ulUZOkHCZ8WwMVXfiAVLctVP1ax8oMZUNyuDBf23+Uph46D9JRuvlGQRK0/kzGxVhtuCPTj1DxpTBPNhNBtBEWxM+HjGXOuuXialIRHopZGK04xT4Lftw7gWnjDv/WP08bxBnC5pJimtjjCcNlDNJ73B/5rz2aLWc/xzaWnUGC4iuN2PcRl9eNB02s/Kh23pr6RD2njSU34/FyXatZXo4rifqi+143mV0TAc7YoRBxOx8BTq1E3SY3EazdwfJ8AKEbEY/mhRJQ4aMbff0dw7c0R0B3Wgwc1dDBn6XiQGJzFWrlF9Afj+dHma3ynpAYvjT/KHg8Jep+L086tBdRyoxrNLx0nZQEr3myzgzsVP0Fr81zatKIL1KbIwLuxA3i++Rc6CTxgwd4HnDjPh+QCJNHTKYdVkh5h0a4MfBxuD122xRxUdxP25CVAtqEz6k91hh8Ny2HFPSfI2A68t1gfY8bLQu5sU/KdIcP+6pP5WLMVfVU14uDzaujwaj8/eF2Ityp1eGqGEAzP7gLB40+gJ+kxH46+RseqX9JW3Sd85vwNtKi7jRViBnh10UhYYFQML20Wwoemclg+MY90ljvjggFF7Ak+TAHfXWlZhzMYzlKHWz+7YKmDARce96IF5Te5p3AG7LGLwquv0nHhMXke1yhHSkcM4Mi8P/RU+ha2zJYlmdIAOLAA2e25McXWOMHxICn8POcmFU4Tgh+VF7g4qx5nVljjvwJpvDrpFExePgOsOmzp419TWC1cSMsejYK02rG86Esr931w5Y3vR8PEcd2o9rUNbaT7qLttJv1adofam0aB7flcfl2mhBOnfYKaRAW65JlDpVWVNMXYmGP/HkP55DnoUm8MFos0cJSVL/yQ/MfCzmqsO1BGIh1e8HD7VrbQP4f0OpiKhqRA27iW24L80Of+DA4sKuOvisU8eCwYdrAOfHUd4NfV2vT9oyFkHY+i8OJ2ul1dxCLzE8Dq0jV6H7UCI3zTqCu2B/tPiLL2M20oPbISz+suZSPrn7gr2JMy0RY6rJvgbckW3H+3kEvLt9DIe+aQahnK1QKjSLcqiI+fmkubc+2o+d0G3P6vC5/Nk8c4QTm+7mgLAtvv4Ip/dqi0VpgOnpzPNo1GLL99HY8SiwHZx8Gg4WUCpek6IOpVRU/yjPDL3SLULd4Ff3r8SebPaVKvWwqHbq/FN9ca6M9PY4jcY07rirbx8+1b8Oq4YZyfG4sPUr9BaMZ1niG2l32m/yadKDnYEd7K6tPdYLGHHHQX+XL86H/cKxxLbpNt+c+/UXQvO4f2JYrAaskvdNGmDFbEuUHU1hf8fPYtXnBnGg+8UYY9wRdpa0cr/tekBAgn6MqadA5etwUmJy3FG7Y2ML/4MDdv3sUtxcZoKtMIKxMlwd5MlsevkuE7+evoMclwv2gumH7/CZn3l9Gop9Pw11FlHFCQBT2Rw/xMcyq+uSsBKVVjsGOCPM45d4+0dshRd7Mfza8t541XFeDA6XCU1jrGahUi4DVtBZ0UGIliXWnw1CWU9C2vQWpPEkZt0wdFYysqF11MVRtvgI7RFzjCi1hLnzEr9AdIqt6EvpXCeHm5NDhauUJOVyScW7kftjivAmcXOZ7uGMteD/TZMEkb5p8ivqZuDO5O33hS9mN8ETACD7uK48MNE2iesg0ZCc/i9h5v+uy+CqLbBEHrXDr2bfLm1DWG/EXvGz89ooaji+352eadWGB/mbNT8vChuDQEylZCTFYmNwWmUt85G1wzVZK1Pm9E69cr0G+XK4YpzOe1c4Vhb3Qqpjk8g3WCe2m2xRg825+H9cNXMTYgGCZUCvOfkashrE8LrvVkwwH533hgUhiO8RyGt6YKUJ8fxNWyR2HHNGn60GmB23eqg0n7Td55ThAWxJhBv95/oH50FM5WKsLmU99Q9v1BllyTw3InjGD9v1JoCmkk89tvWKTQk1y0c9hdNJxXuavRqUpH8NkzBbFVGiau8WOxKaW8ILIBHk6Ww6Fvo0j5bQ6vsRTBUYORLPWI2a9LHkyvi5FP5j+6N0uVv+oXYPCi71gzooxWL6kj7ZpYFK8/zOOKpeC5tCp7bY+juzpf0bskDorueEDEU2Wo2fiWhcKqUd+pnZ3+s4KCRHWap5/A+8pCUG2tAShUH8MEx1/wUnA+B2+5hNazZnLAFBEwbWyis/cBa54cplGHp+OSn3aUF7WaVNVSsLxUD8JsCOWzZSANpVlhHuCL+Amw5tQImBYojqLrcvHJlE38Qjif66YfJ/UeOZDL1qCcxSeoOXAJ+Ci0sqBpErT+FecjScy7hx/hg0J3WOKmAyuOl+GZo9bUEuPLS49lwL2Oo3DozSnakNkHn/ZdhTqNTk7rN4DuxB+0YOle0FsVTsnRk1mxI4k0W7owpdWbQn7vp00zp6H4KlGobfmBrn3abPLjM69w+wQdxpX4WLKZh5fp4iv7Rq4oreVxhfoQ9EiPX+V8o5HO9qju7g9yMsXwdNcxVCmZw7dzDlKMzTnI6DWAKRXhrCtwnreu8aK9kRZwftiawpL06aeBKxnad2PsjFr2nuYANgdfwtayh+CZpEin31/CVR4PuSwpDFe2ZdG9zmbOHFHElR9HQIp0ErPAHbZasx+vbreDRxWbSKW8mhq84kFDyg4u+ehxlYgprFX3Zvu/TjjVdgc/8T9EFhk3McVkL7n3KIDjv8PUM0YWxH45QdErHR6IjaaPV7dRtfZzfpI0g4M0O8nyzh/+cyOfS95VgnCWPUhGe+ABNxPY/2sVLXt2AZ62M6nkPaF2jVR4lrMQ2+SD2Xy+Lrw7tZkVLgexy9ldFBoZBkbvBuFe5nbMls+HbTfv8oKxRbhJThdExufw2ZIrHLP2PI3+2YUN7fvRY+4gbrvrTx8mnYSms958isygdQHCHe9+CFa7iPtlPrFCgA45VKjTE+nDPLgzjp7ua8SxGdZQMOki3XFeB5fvCsGnDQ04/fEQd7zPw6vT1uKegBT+azCdXyiNAzvPIpZItiPLC+nsGnMGRs8ZT/xqJ9aftCXHiir8/MqZdn3VhqG0F5ytK8d+V3Pp0uo50HL5GKcrluJ7w7XcsNSIi4XC4MfJ8bB2wJMETohg6JUKyhtYBYEZz3D+pvmY2CoHUSPEqOdDNuT7C4GpwQm2mTaNJ4lmUNgbJS7QOo3eI25Bvste2CR0HfB1CSrMJPh8fCatm9RJKqv8+fVLB6ycnIuz7oljcFQx2Uyr5VV/mlAoYxwMPUOw7wnFo9d1Yem+cCjS9cCxs0/wtwB70EosJZkt30EvUAFU0s/DsGQrvF+XwO9tXvPvDAO8cEsV1lk00L/Zo/GZxwd4E6IEx5rPgfvXLBhr84lG6s6kM2OSYIcsUKxGGVZGZ/OZ3g5Q+ioAGZVzaZVYHY7MCocvWbU0R/IpXvOdi6efzmL5Vw2oV1wHxb5OYCr7CJMXz4O0hbtpsUA0FnhOYv+xT8HglAXsffsVlWo64HyoOeyO+0mXtrwArymdIN4AUBYlhvLzN+IOvRoKV7GgAbWVPH2ROahMksbnC4uocLk6yRnv5lXCAlQS/ASXyaqhE92hujpZOjlFDzQETuDC7cP0uqCJtt1xB4cOI5QcHiBUvgxiW1xROHMQ5K5ogs38OtTKKKKXMZM55Gck/DfFhDOmmNDP2+XQYvOP6rGAdvmJQ5fjTQ5dWkU3tVdQX5saTd0rRT/7LpLcuSg+1mkBraEHeWWLOJhqDuOD23tI7N9/7H33C2pMUYfCOxPJc8gUDiwoheXnxuHvdTYQ5mRLUV/fsuewO3XtCaNxGAMbxJ/TykxBnh8+TF8TF4DrTVXYNvI8ir32xtjOACi8PxGOqLqDRdczODHJBdRMPoN/5CQaLS0J727mo2hVKHaEVGKMuAaKqvawtcIEnOEtRz/Vsnhn4UtqbzOBc1cq8ZlAMHfxKnJzkEaJ5f1s9OEe+3y5il0q1XD2by5MW6YFZ4+Ik92VIU5418cvr6WDvUcXj0kgerToPwoWvwrul41oygdhcBO1J/3vF9k59BGGTA+EFTv+Yf+Y39BfsxtnZZuDw+lACvoyEnaM84HLb2JxwR4PHrmmD28c2AaGXw1p1Iy5qJXXDmo1aaSnYw33xymy0eR/4DaZ4VLLGtqoFYLsp0+GUtK4csYwBmXm4fFgDXBvLiT9u5ao+DEeJMSWU6xGL2kc3I63d/tw4tAn3CDvy8M7tWHnolZa3RIO5zq78cbUOmyuXob2EofRzlkAb05OpwPZyXzeyAyeFyXj4I9bKF9bxaFnIqAj+Sf1ZQvy8w2mdD+mgptCxuNSZ00YSH7PvqqHeXHjKP4a4st2fzPZc4Y6BItOxAm2UtiaUkzBWw3glKgef9gZRoteP8CY0BS2nnicc/+Lg74ZfTj9/RwWWrmRcsKUIK9VEDUHsyj/xjOK3iEDC/SCafFsazgzYED9vct5a1w2tc4yB2XHF9D7TxuOTZWmMaedSd8qjn7tnYq2G85gv8klXLJsPvyPAPgABAKBAgD6B9l7ZWTvPaMho6RSOlFoKUKLkNUUkoYKDVFpSpFoSIWoVBSlQRo0qMhKS0O5J7VCHzS2D5JtzQf+DF8h60EE3L5fgS+XH8M896d4MqiX5tY3wGh9ORA6XQD/RrwC79UD0Jg/kka190LMsdmUHFGBPclnYLa9JYrKG0GAoSG0yj2F0d5/qVFhLQ7EveE3B9aQa+dhMnIWRuEYXXry1BI+dnTQ0LQ89DpSh2aixbwq9R3Jr1SCBI14vrxtBMg3p8GlXDGQN/KAwIpMlrMohZ99Oqxa0gZu2Xf4S8h19PSNJovawziKrKBupxad3bQfxnzuJh2JLJbe0UoeJ3+DiowNGabl0/hCddLtUYRm5Up2s7qMmimb+bD1KF4btYhktk3ClUmj2H6RFg1W/eWcUSNgVFo3T3jcRnvNaqA4xQ4nJ+Vi7pQ7dPZQEzj+3gr9FT6wqkwLfMWVuEPpL237WcfvhEWpXaUC5quMAtUtqawqYMr0RguP6atAg+FomqGlSj0rf7G3twt2HomnjYU6cFtqJKYvdkKZcyWAmRaQJm+DEQueg/io9ejlooQSkwfQJVgeSPQMCfQuBueADUD7RcB15lpM7hlGz4lTob/hGP830xI8/WRpff8ISHq0mt7sOkW8diTMmuvHwRtvckNNAX3+u4vLPCrA6vF97Hi4D0xn6rFb1yo+ft8UZmo6oeSDTticcRPNf/ziUV5usDtpCUitCYHKqbO57/ht2FJHcHjeS4yzKybftrlQUnaHHpu2s098NJ3VVIfvbfps9V4ABdoBrETP8oXfLfR4fBNXXixjmQXueGTtPV51RwgXq78isdhcFDISAS+HpTjl5ClKvgHQOmoJGC6SBUoxBm+jGFwd5Ep3jwpxarkxnDlzHKvfXEO/sm3olSDN4odG4esCQeJVF3HjDk8YPbCMQ/Rk4Er4ITBfrklqY5fzya7/4JXKf/i8SJXjG425qnEXey2rgJH5GuCooI3vNyPb5gTC6LL5XF/zmye6tcKJ7mZkUSt65rUMNsfbg4ySAXs9GU/3sn7xsGQrz7n4FKLF/5DS9146FCyPqadEofWRGgiP8aHxqypp5fkKVpYzpI970tHsszsELe+CD+/O0l+/NK7JlAbLb1PY879A8NJbhvN+doDUtg0g6nGHJsYJwCO56SDYxugf6QRRQs6w9Bnze+8gKv/WArhdAfpVNMm+IYiq6yPh37bL+HVAGQ4sHmSAXHI110B/WRN4M1eQ4i0DSDzwK+X7PYfsxiL6IAPQ7RzJqd8MSCv+CZ6rG6RHJbLs93QPm2ldpC/3SqmTv/MmXYLZlRdY9v18eA2XMdioDCdm/MShM494WYALtjyaSgYlgfynxALuKKxDj21RvDX1ApgLS3P0qWf45udf6r3TyvqHzfDM7++Q2iYP3lqjUHVKEgy1boI9HS6QVNxCrzo8cURiO48/UA+/fyzkZEF7+N4zgbXO1WLezx3guOwP5p96A0N6Efju416ceT2Y3M3SyG6FDmRYGaK2QTe6eK8DlRfrKO1gHZ37epalVizDqsYeFGwxpR0rRsH0z9P5dechkjSIpmPFF9Ci15v/M95ELde2gcu9WfDD2ZYNHG3Au/c9m73Ng+51ziwV5snGkUN0+vRUsjf5y5t+K+CW3y5sEC8BP9q64EV3CK8y9IAL1e1wUL8cTH8e4oARvuBv3El7q9dS5yt9uFGcB3aNyTA+gBiHbfmiqwys+/IRJ16fR+nSdvBPwg+FtimDebg1ldi6Y6rtVT5nqQ1y667ybofFEPLpLBmmVePzAEvSH3KEG72KJBQjg8VH7vGEuAfoYrGCbo35RPo/NDD/nBnG/LuKqu/FYaHtIliVkgVJsQ9Aap0GHOySox7fUuic6AZrXqwjxVFlHP7ZGkptziLBPUyVmoIumzZCl9QVTvHeTCbCfVwycjr+1f8Ae8Kl4OznMorraMa5+9Whsugiz3xTxscnrITVERNol0c3qD5dhN9224Kt2nFQi3qMnqECtEbiMvevKCPtkmnwvnALnEzSxKBHKVR4ZhwYXzoDx7/ch9jm9RTILVzqexsP59py4YKr/GHrWRRViMG2FnFISW8g31YR1l6SiIf8PfBY5UUusiDeq7WKNnWtgNU1OljbNwLyFIRIPGIK3rzfCj8n38KdY7ZDR9YeMFp7lnQfiFGSighfrDeFq4mWJFaXyGZKkXBBzYX3vdrAIc2ZJNNDGHf+AF1s/AJDDcqwoX4ELVqyni/MvEXjd5Zx6c0kDOvw4asF29E/4y8rjPxJbu5j4NkvP0pRd+Vfma9JfEQxzelrBJWJ3tApcogWLjHgEwE/YYKXCAhdvAfHh3tp68BGGqkXhD9G3sT7Wg244sQsvLgyhAZenoeozcJwJ2kNTr8gBd9X3CD5Bxk8Y2Y7To9wg/euy8HdfC8PxDegsckEsG5JxtfPO/jJ8QCcbiuGo94vhIZ7RuQxOxcu+tRC9MPb1CSuCr5Bl0jk5W1app+BuZ8VeduTWVw+dybMMonEt5iDcmc/Qrn4SBj7fQf7/WiG4ShhqJHdBQPquyFymwEIlSyhgkUnUco5A7qj7eDS1eewoHAaN156S8b1k2BcYS7/OxEHQb/tcWKmDy8RbgUdDXOwd5Gj0w2beNVmZTb4PIGj0vXw8+JqTJBToSSrj/j52GP0z9aF0dIPoFB8CckEyvCdkM14SP8gXowQ5lcbGylkpTCLF8phWIYAzH58gBQOdaFhz1XAgR1ULnOJYyiEX7argE3sWJisEQ5PpeUg+18OBBt9wy1Hz1Key35etmAdK5ToQ0rpXH6ksIHHFx7nwb2KAA+lQcN3iF/YXYC2j4b44s0Q+W03xXhnTQyV0eSXi+eyjIg0+O0PxUH986Rg2UBxd5fBz2ZR6l71GCK6HenZlkqK+PcGhJxUQV+kjv/FK9K1dQMcZHQd46IlYU+HFFbPf8Xrp52CL6+i8LKmBEwSbOH7e6z59qaV1EX+1F6uQu9+T4Wt1q9pTd1PMhGTQHspHTghFA77nsugwJkMPrjbliQCb/JPuWbwmDiEr1Yf5T3dtbjk6mgIVBOn7mNtPCn1H9XqhLDeNwmcsluTVrY+pIiohVTv3Q4LqxXAMuMFiExfBTUjPOA+aGHVJGEUkbdDlfomCptyEloC82j4rAGcGHCCtDX7+FACsXmEEI4dMwkfeweRdONvDjOOgXGuz9m2yQ6Cp4zHYpEmfBYzAfLO92JUtgIlX33CS3sMMV0kGAtPSvP0Kbqw4Fo1VjXtpBOWAyA8eJ+nrC2At+bb2aK8GVMn+VMDnqf4tQBbt1uA28NHuH35LQpePsQFmTkwx1obW9XXwGE7S17y6j49ymEYOfEa7Hxdj+XLInB8016UfjkLQyENDirZU/sVZTB1CgTRgzLwIcgDG/yPsneIEE++o0t9Tnv5fs5qmOrI/C1pDl06UEbP72vDojR5TDV4BlPLXIkkHGnkxQQ4vNsfRu+TgqcnxpFc+2USyFSC/K/JvF3cAsYaZIPi+ZV0PbSPPoe8wIxrrzH2lAFW+Dej5QhtMNU9zBWJGfhv5kswP+ZEZ5cthUtTq3He8FNYcqYO3h30hEXG5nDW3pm+bntO10658661dTTHageuaGVwTQnD23n3KWOUE41dLgA9y9oh7eFJ+Dc0BfofbIbN+T78W/8WFzQuANQS47Dzt3hinSEcvr4Vdj1dDRLH+lj250eom6sPMsvek43EQZrsuYFzXM3pRq4oNIfOh/Qz02H9/uv4UiIS6XAOKyqtwYjDs/jbaVtk43qob7aHX58m8T69V+QQvAmH951m5WdXOX5OEOzXceO+v2vg9q7R/H2SAkiI3sFw/WvUHNPCvv+9x6woLRLcSxy6LBTVhZLx2aOfeLvHDMSVN8MfsKWjxpGs7/sBo/Ifo80YG16meBoqq+ZTaZIQvxnQg4jh25SrKM5FCzqw3jsZeqWHYNqTF7Az7ysGH91EGwYDcEKKLfiOlaTDSnLw1e4u7R9jwH73d+Lk/wawN9oRdw7c53GuHjxaVwyEJTaC8qy3fPvpZOx1D2aH43EcpbMZlH+UQVHcZBo8sQ5uzDAHJ2dVeFmezJcvX4OME6o0xyECP2ExWhbvw3lUAb2mhyjQiuC+TQPIOb/Au+E2IPwzEx+5b8RFQ2vx95QJsEN+GkyW/ASbFwiAXcBz8jnTCD98U3HK9BhqWWqOEi8fwc/Ow6R9NQaLWgd5XbsRvE3J5WxbCZR75oWrZoeTv605SRq/5+wfyhQn1UlRPzwwatN42PrMntQm9IFG1A7siQSou34b4IwVbdrXQRvSD7FTVhX9jXACl/2y/KpzJk8WasOn1YdBry6Bvu6aA1/fOfMYoQpojTbglec1wXrwKFs02fK+bZVcrXQaL0WOxHXbVFmnqYm7zVZg5swAWK+hB1XFH3jajIPoHDwO7t35w5MixkNF1AN8vE+UEw9Nhzuv9uLBcgUYp/aNpvY84D0efvw+pZO9lifCFvO5ZOgWRqqOUyl9UhAtOGUNLQtrWepEP573tiSd9R94iaMzB3ffhX193tRS0MDe20wx+aUeOKQ2U+vFNaj7dR1vaJ6Ks47/gc02ISxQvI7fJ1Ti7k3HsEdFAJQCW+jXjZV4YGU/fBCuIsHAdopQVodk1bc0WiyWfU4Ww+rr0uAq5AE9ceIsNLmUO0e3ofmEI7R/zhHMbhhGh0dLwfCEOwnaO8Gyc+00+VM1zrnUCIrCDzgkuxX7JLfRspMzcOcuO06695JMVwtDcHUm1e0bByXRZjQru4rUrkZQ9slFnLNKEw6GHkWXwJWw/7Id7BDX4/erD8ECxQcU0WeOpvNm82pbZZgevReVlkhy/p4DXFLP0Cozm1taw2jj+YPkoveBTkITOjef4B3zMtHA5Qu8ssjk07IasGxpImTW/4EZAjqYkDnECzf+xIVPc+nYPBEsvGZOQscF6H2eAiy0Sucvnu85eOMP/itZRNe3N4Cq1Dqe/WMdNY6pA98mL846OhoWpSTzPFiC09evZItpy2GNyWyyGC6nSOnHnLV8Oz/3e41bhEyhIacZhv58AxUpXbj1cgwUdbbQ45kXSEB0Ag67Z2Bd6W0a1SgDkyxN+c2sOXDJezd76pZw5qXjFPJtNa3Id6Smmnfw5HwwqXzUgE1DYZChYUFJphmw6d5YehnsDR+2f4WEoTRuH30CeqxaeXCxGHx93wU9RatAJkGfbzk85p5bLzCbFmOtxGv8a3uda5y9cISRBhz7QShxbYDnHFPBDW/DQUw/Ey68jeabKZF8xGgM3pIMwojs0XAb3/Evmyb0ETBhmy/xsPOeKN15pY5R4QUcXVfDoRFilBEiDln7htgkWRTN+5+BiV0Ed58+SBfTvlPOynFwqT0MUgwO47QKCVBM6oOZdv9IfmcvGwwR9m7wx0DfX2D8+TO9XB8JBT6a3LLGCIQ1Cil9508asIwCY/kquHj9MHVfqOHOxBE0MbACbNPnoqKaGXTHvCTJgl4wjNvBc+N68F78NyjeSez9YiE7t03AyeVToVLNCVInlXG58wqqCgI+qhOAZ/1Ws3pADL/fIIxm20Zg73w5vnqL4eghHybpBSwwrxfqqs25aUszZiS+w7VS3Vhw+gl1F+biogQB4EmXcL7/CW4qO0P5Ym3klhYOnk8SqCw3lHa7hHNf0jeyuSkJODsQ/Iv/sZTWTto4kAqxqn20fVcqdi0HzFh4huPyTNnnoSbcX5FB7TwabhSv4CyRUNbZh/h8QRRvjWsEl5tLMMXkDY9ZpQxCpICuCdX080s9zZh8H7ytHGHL02h4Vncdu4zj6WyqC05tEYDI5FF44OYXCP7sQPv9E/FVvhV9zo4iWZeVsExtDg/FdtK99zbww/AQpcWoYOmkP+B2yIc/zl7G9q+WYmH4FLJ9v51Xb/3Cm97ogNy9ZF5wQwq75LNIfJEgJ+bdpH691XBRzRxlkszAKkuRS60FoHbUEuq6VQ0Z0nFcvime7SaPxYn0HynbncARR3+y/DcjtjyuA72rG3CG6FZ8vfwKDGUMkkD0d3J4kU8Ov57SQfs2GGmdALslCJL9PtP+oitsMKjBx3zmoLCDB0VHJPKwcQ0O31GDi355YBNoCoJnbLl6833WSttBugdv8jlbRbj3bQatOxFDu8LTWSx/Lj//ZwmSd++jncANpv80OTf0E67K7yAj01FwvBQoNsGGnvS5c2TQCDCYMYtnLjfhmPsmEGQQjxeTe2nuiTd44pA/9so/oq1GVbxbRBCOWtTQoPFnKuqVA/fYbtoj9ogkp9hy0BJBdpVxpikX1kDFH1VQlI0hWa1t3BpXT7dflsNKhTpY+Wo6FDsV4/M1d2ioJZvWbHaEwv2F0JOqgxvkBWBQI573LlQjyaZwqFp3i/ysBflr0Bre/1MSim/rYPI+AYx9fgUicrthTaQuPQqfDqHbzVh35XNeGB2I/4UogtSnUHaxH4W2mn/Ab8kB3lZzmu59LKcio0149kEs+Ud9JIdIZfB7eIh/fJUD/Q0d1H3qDe55YU1p/drUk1zCaeHW0JeviO2TZaG6u5b0+osg7dg+0LlnAhG5+Xh160+O9BXjpO3rYVuQGZW/coQcz72s+EqF0g47o2qzHZw0TuPs/GDumnMc+5sYHmMLGsWqQHlmDOw5fJnKs+bzsvGfUPuFNQyeD4HhxXH0JXUPdzY4gkOFNshddWRlm6Ww5+scbhHV4Ibb1WBj6QkTP9nwv9mymBIsRlvuAMQNbKeZZnIYFbAHFdbH05ZnFXQj8h/WL3DFqQZv4H0WY90ObZD7FYVZ61tIrPQfvehrok7RcuoIu4eXLZ1Qvs+Ngr/exlMeBG13W9lm33zcKhJO+fVFXDRRgJ93/OLIqaspfnkhSau2Q0eNBZitnUOhlmPB5JIYGPe4QdWNIVrqegKOTp5K1zY0UNoFKxjtZQYndjB+VZ3MlwxNcO0JS/JflIrjmzeTym+AiIUa/HD4Gk/X0oAj9er0Opax8GA57r6zjgPuquH561Iw45oHn6nZD70jsmn1QnuIN91Kq+wfQVqDFXScj4fr8RJoQv/A85kC25nVUoboO/5+ZAQ8yKiEq7ZedOoB8r1pb9g/2RPfPZfDYOcmlliQjwWJB/jCAm04MlxISkZ3ePezSGDPXxDy7gDPCe+nepWzNHN1M9nrSVCm8gSY/04OfPNXs/PKTorO6YTFN0Np+/HNtLtyPo35XkZOwREAxirQMbcTY/pMqMGkDw9MuQUJTxNo+RN/GNMRC3IOehjMKynsvgRkbfah1HI3upF0gGI3j6VHYyeB7YY+NH/rCcKWvlAUrcNXJ6mCtbQF5Nt7w2hnJ7r4SQfTT7qQpIcFJL+ciV8FDoDnj29cpGMGmrsv45k6AvtjbjT41oZ27d0Da9snQ/W5Ck58oswTRT9wi7EUmNr8hYlz/ShCqpY+TkNkuS7aPkEJrnS/wIpZD2F/zhKqPSQAc56+pnXbEnCahABftLvKhWYneNuSVI74ewQOXX7O/okuXHdYE6x0ouHCxk5ap/wQlaZl8Yn6ejL6KkDbKwx445AGf9xgwGfdbWGRfAdqlFugkHgIe0v3UlFIFwsPvaFFu7U5YpU7lut40ZQyAVDpHA2vC3347MUS+nFJCQboH1dF/eSLE3aTQZgsx+n3gKSTCmyeMhXCxl+nuix7zL0ykY/5ZED63/3Y+WgeqERXkZd1JEtaTYD/TnTQcKcR5eWtwOP+GgzPD4P32zyqGjoOEgf+kvodIV5wxxwOnblEuz9OgK7xPaQ/KRQlmgvxyZEV1PY6EmVmfUH/rUHoO0kTKjZ8wFuNM2DEi3m0UMGVHv+WoAFnT8DKG/jdKwFkT04EA5fx8PwqwYGzRbTTcxG5jtTCJPxL0dkJ+Hh2P7w1ymXXrGlYUGoESXprWNa6lqTmneKo6gTqfzMMxzz6SG/PQzDS9CGxwhCOVhKGFPfTrHjQlbpHxtKVo6NBX24PeM/ypYn6P6CtKIPLrOTg7EdTWFezGmxKavmXihnM+DuOk1OGYIegIT9V/QK7T2uD9bvv0BAoBlEJk9FM8h2sjU6Btc568LdNnyX6wnHTf2VsvG8qa097jtAqAaW6/yDK6DKbjDVHoSXR3OBRjwk0EizlBDD8WwaNOy0PSy+Ngj0u7Ujj5kJW2T8ScrlIkdMy4Mb3KnB+1gXxV/q490U7Gio6gtT7BNxaZUIiDx9jZMFn0Cj+SMVdq7lmhQ++3jYbUiI8eWeWE+zWT6aAkJs8tfMoLOsFomwfPDe4DxyHJmGKwx/WO3AY18gog3CrNAb0NbNh2l+wOrMMmyvj6bNdDs8/Fwdjrx6DWvmN9DdKBZYJErkqOmOjqRePlxdC0RO6fHLSb2i0dIa5K+5CSMVcsO81gTnnt9KZZepQNqqNQmYtwrXrG4HCUyn5+woqqH4Ca4QFaW2pKviW/yDrUA30TR/iMwXj+dX4UZA2z49NJX4Tb9Pmz2nDKFOqD4K57pyqVM/6I7Vg9iJZ2PZ2Iy/6qA8vVomAmF44nRGdwIm1YqB7IhQtPuTit/oajCtgkkscgK6dIeAj84bfTR7CR5WJoHhDAf7995cVZwN7z8qFsqcGfNr5GChG9IF74Va8efE4rh7fyqbfdEG/fhbeqL2E08P9+WptOm483Ei9BgtR5Mh62GnmSr8GlpHXQjs4XPQfSbU4wq6gGFBeI05ZQ4i6VQZ4ri8TJdcsgqzqVxzcqQa3wlfQVLHn+GX3Qpr85wOU1hwjW8HL0DF5HIf5/EClolK2yzWB6+vm46zkg9B2phV8392CYFVZOr4vhIKLTkP+PmHWcBmg5itj4eHVMNi/YQ63kDx5vmlGNYlGCrTqoMWj+zFI6QE+dslHjURT2PpbA1MUY6hnSwG3KowAm4oneC2lmAojvnBwgBLGacSD0mYVOHR7OphLGqJ55FaybgOIueMAXVNySHthHmwQ7+I9Ej9BcJkxzBX4ivNrWnhIZi1MnWsO4olhHKRzn11ufuUVX2Mpb8lemBRuBL6nqvnuBwNcZGnACja7aW9bCgT0h5G8lS5Juw7SnLogfHR0PKx5cxCPJbnDBomfvNrpAR6Z3gZ5woEwdto8buiex5On9/OF7xaQK5yHLxOCYEvWTHoSXAG3LKV5X60Sp43yZt1LRlQSnU7uZx3gfKA3azeKs+j+6eBM3TDl1wKqFl3Mt/gq87nl9MfegZP9JsCZGjEOefMHH9a/hRjhbB5Y/AECv3uz/Aoz8goxwOKqLHg2meHPki6m5d0gor0ddH938r93qSCz9xIfnVgNJes+wCyXMjh3zAneXn/CF1KXUkWOGyn0VeJA31iMkIqgE3c1cbJ3OknqWPOKTVagGHQXV53uQUV1A6oeusVuNh/gxC5PWFrgBzLLV7HqOw8e7BcGUE9nbsyjqYGL4Of+CTw/eh0K7U3E101SdGT1ObBOTsCmS6JgWecHfx574YTRB2jK4h8wteUgDOmuoHGq13nEjGS65CeKi/dogpyaKFzuP0O6V6Lw4rP9iEt3wiz1AG6Kf0KxLQvxlOU/OhwlDtMXVfKVMYcx9sEfMv9SSaOe1PKquR9w6xg59r88mxQ1XFnttwVIPK2EWFF1Ur9XRhoa8vih1YYfnc/iMXJ3IfnwSEo+7A1Js5Ug954jbMndRyaLZ8AN5XaINZkMR6c9ADp2HANNFCHlUh18IkH47+MNbt0cz557dsLmsslU+SIQdCkN+m0/wr2sKjQezuHIAn1YO2YbBd94xI8WeJKqQSPHCDzFiNXjuTToFOh62AMl1cCPOCXoP/qNZEtuY7a5OO6YuoxDr+xil8kd2LH/Onvu/I9ulJ+lqR060GrTj5xowTfpGun9mg11YafxwT5ix3sXuNzLlhNv7wDFWHsoDx3Eez/M6UpTGrXK9uMzRUPqr1jEySFSLFGxAPu0ttHRqY4gMSsNHmaGccURcdK/PZff+ZmyxLuH0D7PiMaMvkwdOqawq1YDrmZWcOC7FFq//AbV/3PASwJvYajrOqS8zMSrp7+jlWkTvvvoBJX7Kll57mdQ/XgTlYIHIb7aDTotJ4Dxe3W03VYFX87fxZQeEThwuJ9VK5vxVM4KGK1dz4IqtrT+YQfnjReiZfvusigfgSmr9GFr0hNYXB5MQ+vM8E9TCLw9GcHawvo49bobyITk0Xn1pVSaIQlr3odSsmcFGzQg1Z5czJH6mejjN5E/J1RB8uZ+nObzmKrHCsPiIzWw2Poia5a34eVH8rzx317Ye1EUJs/+Qy5SEvDUSgfT/o2Cj6tFcYyrCngvuYWHT8XCHlsvmPc8CN9tEcGttt9w/HV/LNtvDsf/k+IHLMJ7ZsziLv99sPFeKj0iQ9rW3QxHLndCubEeDEQbwvGAJLp64yzuV7nHHaYyoOh0G7WcXnB4rwc7KllBhZwCrE63A6cv0dT8eT+LafnQYPorFh0fQK/GtbGvnQouMfXlu3cHsLlyDKzb1AQhp1LReFwJjso3pKBR9/BQnAnEXBrB1i0NmDS3ltJ5JBQ5nEKVB7H0QjmNni59xyJu/zjsoBA1zh8EI1MP/j5am15ZOsA6q27KuSCNSRsa0GHYGVxyptM5cy9aUGTGO5J24pBmHE+LNYfvqXNRz9scHQ63UafKG34wsxzV751E34PKnPBBix79+MCmpxVh3t0LrLetlHxinDAyBEhv/Gp8VvSdvD90s0rQW1g/eJb2lUiCRU0QaOoDaC0eD9rK2lw45jCw+g48ssacg9Ia+Z48kIyCJGzOq+I/BxP57rMVYNLuT1lCqXS14Csl5a/nwszfEKoaiyceOIKjYAbJ+orz5aEWSKs+TJUxjng/PJmKc9KxlNLhzNhkPtA4Dj6sU6OlUy7wj+x/NMu6mdZPOQ3RSd28+qgTWyV1ctjrCjo9aQzEz/SEtuGH0JFghoHjXsJrzw7yatuGz3JGcceIK7w8pI21joyE2Te3snPXH8pP/M3y9tsx1eUuRv+ayMkCWrzR7ANFFXrywaWWULfbBCbCK17v08chQsHAKd58P0QSPCsewdtr+TjdqYMSNcRgUvcwPLcZAYbzhtE8XZf6dr7Ak6eHaeKDHqo9Y0z7zx7An33CMLpKiDK/vcTmjC8cN5DMui8vcu5JF3atWw96XYdwp/ocHNhnCY8SVPC2WghXHuiBpZvvkZ1EJ6vkuFH7lzNkNDKapcviOFBJAnbaT6WSrNvgfcmZw0cGkU1ONss9eUDzj2ehzsYDuGxUDAYE60DZvB6aeuskZTkIYXvWInRtdcb5rUBTRxfzQbEeUBs7DTYtMYIP+7KxMAFBWfQbNoW3wrspZ1DZ1QGV1kTARBNN7h1F6NRoCbEbDSBunjn8NrIkl/ODEP95MskERKGR+BBFWx3lAJ/DcMHdHmx2+3KK0W8yjTLiW1c70WTjVJ7ywZ8S5Sz5xyVZiBRagQWyY2H+2ho4pu4IqYrhVOp2m28tb8SNan6ou7ODr8wAiHkhyJvMHeG22i0Q8vQDwcmbMFJ0E727Np7mXfCGkYGJ5BofTeGeVVxMAJ+0ZuO7PQpw7kIhd1Wfpyt6YegUGE2yJ7fg5qM6tKB9PBaISMG58GzqmBrMW3vvwmKHu1SgtA7rStdgsfNlnBaTQ+rvI8mp1hT0cvxw2Z5n+GsfQEvvdlr71pPlhR9gv/9ezp0vDFs0LvG2RCGoCEhk+XN2vMrrEZfnmdLrokP4cGcq9Pv9YXejQGyz+o0H/MRh46Ui7hPKJ4cQX/7x8DQvNVsLro0D1PJkMWZNDqEX+t8pP0UPthf+gwaHElyRcAsOuBXwPhUf7C8qB0m3LJq7ayL3qNznkguasOZLOW0fc5pnjjuGsnKhPE1QBCMmvoHiHacoxWAI80KsaayxMETyb150+yiUXQ+CB3vq8eZKA/hbvIOnTX4MOifNSSigmaoXa4JTWAS7VuZz5rSlkCa3mE36g3DH1SqwM1hPLTcPob3aMf7hYwZjjl+GhLRlMD8nCLabTWHpjzPQLLYbezqsKQ3lOVnpDxzwVASBlDYSq0xnWTsRDFt9AAaXJ3Le6llYlOzFljqB2F/zkjrrHWFJyxYM7v4J4po/4JVIE9nv28YK19xwbYwuRdtdQx/dCJh6bgyYrPpDdLyXKWQljZmlhtcmbKJ/Yjl4orUK4U0TH5ifR88+m0FR1Eaaob0dbfSD+OHr73gzLBXS/orQRvkRuHZQkBOvKFGnrTiIgyNd7XkCYa4xMG5CA2qUy9C5/eXw79ll3GQvgTVRH7msHWFI0p2cfPN4YX8FydavRYFNrTw+bQfXTInjpO0ReC9CEDqDNaFYTYZGLf8IhuntGFXYRu7bxOGJxnpUcRLFJunV2FCvgdvnm8BCxQHqPfkFr9zTw1fXDbmnOZTGihEV3Jbn/fUncbbXbZoYYgmWB7xhucF6MhL/gg2CFex5cy/aSFWz7obzeGxsMhlYlPPkBQKw0NqdD2YP8Zs3KpxuVwUiph00zjcJ1PrqKbQji742b8E8Q3uQm3waPihFsV5bP66dvgR+BBXC5b8XqN53I+xXWIaaZqmwSE0EbG4epfrpZli+zprbx0rzeauNpH/tGXbN3YyTWtbjuKMJtCRcCrbPQDQ66M9b8r7wVrc+fpayHfcV1sGRXSKgOHcr+elqIFY6gozZXlSd+QPkVqSS5EA8NcZNoPqX8uy3IQBkyv6gQO9RXt8rBPMSB/B992ZQ3HwU22XDUO/GXgzIdmX1Fz3cPt2Dk65MwjHu4rD9SifZTf7Ft3Uuo8C4drgsGEcGPxVwjrs+rFM6Bq4ZM6mgRgrcfBex3PaTfHezNC7R/YpJm26SkE8tPxEtp9UrZoHc7BXg5yoM1+b3cs4OBUyStCXzCR/g+IsKer+oFdzCBKE62xjsQBkjk8TA33cfSywfDdb/7UBFWVW4qR6Csw8Jg8NYQ7iy5h8bUAM+ENOHXceF2T9zPnqfaybDlx3Q6n8P52sEk2TpVap4epw9vGdQUtMYmHVLHT6L5tFpzV1guliXE1eZY6t+GWbrJZOvUB+dnjAC1XarQ/GknbBeRhsen3TGK3KP6M3EDhi5LoEqMZKvavmxhsdPFpEzBvnb9ehrfA3H330G3es/wa+ab/BoUwk/2zEOZuiooMz8vRQ/wg6eSUjQ7nlOdLZekmalDtLOxHxKm/Gc5P7VspduH+x9I8trqhi4ZTz/OHEf75wXoiOS52HDvDKc4ikIG6KS6FCdOh412wb1h6Qh9ulR7I1rRbOR/rTQZBe987jNVveDYdsuI47bng661w24ZZst9OttgWHBDpAO/UiiESowY7gFE9aWwpCXDkRlrGJ0W4ozuzXBsloKwLUIsmIFcZehIgVqOYPrt7PcdSIXR5vawYIgKzTNlYCQw7koIxTDV1UVaW/4L6wLkEX3Uh2sl4rjmn4r2izOvDdLCPJCHXD/4Wkc89MRrYrb+UVVMj3L0YN5eSI4odSXQ5u/04ZicQgpO4NlCco4UjIFbj0aAxLvlenmoUyK2ZIPrQqV8HRuOYk8soS0LkvIdHiDP2Ycgjl+e3Hx1ACoEJ/O6cbKqNFzF3xXBkB6pAp4VUrS9dZw+HT3LTuddOIbtyzJy9ePS00X8O0FXvgx2YpnHheCOA81KH4+G5IUDuIu0cmwyQIpRCwEggv76Pu7XXBGXZsvr7KFR2eO8If3PmQqcpj+wg7UjpzJWm0fsHPxPLh+pAXzbS5hobg+LMU0vHhKnXLLpuMm/QH0OeOC2sa5/GxtCk8KaSGzxkM44rEW9Jdc4/ihOiiumINuW6QBr00gu5DbqH1hDzzUL+Yjm7wR7owDucep/CjWDjPCZkN2WTZkHIjnfW+0qLDkBx//dg8ly1rQSngcfI+rp1uV1+mxwyR4Gr4OxfaEwLsrD9FbYgyMORFCYwOLeUqmDDjqBWHeoDpExm7h4UfKOEHmDgheMaGC8950wf0S/BkepLv1cpBY74WtuTvxl0QyJov7c0deMkRkyaPrwvHUnX2CBSeJUeFsSdi76wvP+24C4bUmAHtW4caUP9T4Xpt0ljZj4/5szuR9qLjUHhx2RONe93asnazC6s2vwVF4Dr66KEt7QqawbudeuL5xPwf9VgHhmym4tVwSc2R3UE/EMA7nt8CpESF4alMY77V8hmcXq1OLviVc+NZIMXbKLFOxkSq0CFYkfsPSNcvx87yHDAfnkZGgCFUXS8BjOWGsHJ6PmuUlMC90GmWSAOd3hZOHmw7fEP/Nna0ZlLFbHDocBaB/2Afmmrym19cusNeHO7BjhzfMEerhsqTLOPnPIXafpAaV3TvR9G4+yzXexs/JNbikVIE0Sy3gluFtjr9ewKrZaihRNArKD47GtkEZ9peKoMnHN8DS+mP4QK6CbYMN8EXbC5hv7wa2w9Iwu3wca3xcQ8MeX2necwdQnWpCthIW5CKUQnwvh8JNbKFmihA8qSxl4y5Huqx1id84ukEDaPOWs8K8OLWCDykHY2dIIyZoj4Dh/lOkcuA0hjxYAZo2kny6ax7N9PWD760h8HZzMJrcOYXSbwXg950wSB9bT2BdC1nXJEDV35SfLQvhirhQ6Oi25GK5QRh8LAFu/aOpr0QD2hd4k84xQ9Cdwry+9jcMBe/Co5P8aaxlL4p2ysK8E+6Yo+xB0+bo4J/ShfRQzAhkhvfS7juaMOvrZS5ufkKbd2mA0IhVUJ21E/VcJLhMzB0fHsnH/zTTcOZoWd4zqEqNcetxwSNhmDZ3EvdntWJeyjzOuPqXXv/ejHMPboZvbQ+xPvwWZ4qYwZvjABumr2Xs90P++g5F506AWJG5tD5Jl1616sH8KA14aCoPqW2q0BgxRCLKP8h1vgDdnNfLNwJl6NNR5PQvE+nfrFXs4NEE0vI64JCeADPSrRFuJlNOriDunJNMGVmirPbuGQ+eeMxJGmGs26EJNXcyQbqikn1zgAfS/4OtJZv5hPM4sry+B5oNltP20UrYu1UUemvEYZ7PR6q0XgZlBt3kvsAcF354TIr9dexmgKgjO8wLngJc+/aWjlqogSjMJNuiTh5fsJZ6LJrw5Ac7Mr3sA9veP0dHRQXYGn0ENqYO0i3Vb6jz8CHEzu7mczIV7MQF8Hy5Devufs3BehOgYcZJ+H4SIerKcfhr/g+s/57ks16mLJfnxR/e9OJzpWgMvmwPy5cK4h19oDsPt+H6iCP8Z8oa2DTKm7/GBNLVk6V4+uJT7EieADO2v+f4r+sorPoFC8kCKwpE0aLeScSb9oKBM7FtfB5OP64DH8xV4O+739DlVUrmQ8WgqrqD7afPwIZZm3hxvzLOuWPAM3Mk4MqmXhIvFWGTzf+o5701e09by9MFQkDlkA5+/9kDAivFaJSHGETafKG8gENwabCGDpTkc7LdfxC7q4Ufem/AAqN20kk1hzFfNUG1+woWnJahOwovqKs1ETdHpYClogX8kLrMj+bqMz+/D5ZVo+HTzGTM2hqDQgkF6P79CT388BtmbxClHQ2zWGTxBTb1M6MdKaLwaG0pCqkO4bcES6hRXY+hKesgzdGI7S0aYOQfEzR8W0JFfWPh4fk2yv59hC8v/4qlmoOs3bwUrzRaw9uqSNRZ7M41WUVceGYCWMUFocY8D/CVmANrIlfCYTVb8plug+XrNoFmciZPfvIW1JYbgem4OjxvPAIu+MZBlvh6HL1FCBYv9qGMkU5w4/QsMjedhCvDdEC57ghBRBpredhh66pEEpHYzpq149hkgyYZfQrFV9/3ouYzbbBXkMTINHE8bOZODfMEOddfDo5AHce9SefUgvNwLEMOKuPMYdbn9Tg3Ywxczm7BkMeSsFvWjz1W2dOIE4vY5sJsdJ7tCXc/qcCV37fw2Nw/0KVugkeTF9B5O3lKvXQQu42v0GYpY8z9Xo6ZV+TgpnssJ9o2UsXiUFAqncWfo7eSuas5SIsvpJFK9+jb6FqepCAJ41TW8obq77zW7ys82hhJtU5+HJPyCZST58Kd4RFk6/yVjMT0waw9jKVkH2LC+hHoZpBJQmov8cKTkeyr9BgGG6ax2ZoGlFJzBNsDROW/b+JZnxM41PMXigSS6FxCGZfkh1GDbwdrzXnFK5ergFX4adrv4c1j/BVJx+gXLHX7h3amTD6t8/lPcRQ17CymhfpaMLJ/Nr4Nf8vpF/eR/bEMds6eQAJvRmHz01bqHmEB9ycW46lKc3CRzYG7M8bxg+tbAMTuUn6nGGS8egDvhJ5ybfpCeDv+GgvOMgUNMxXQkWgEp+rjENpfhU+2mqPFWQnYLS5CnyGcnSrbKGemDoi7i0GoZDqeK7oA/x36yn9qQ3nM/GTYdYGwpHYXH9PfBksk1OCZmj7Efs6hc3k3IfSKEI12tSYdl6+grq0GO6ZPp6cjpODg/tEw7kEJeUq50Vp3YS7KX0TW7T00N2YEip4OxGiPszDJuQUXfjQEG7ce3HRHkjT/zaY8x3KSumBIw/05dOHEKY5p6eELeqHUkSYP5XeXYYrQRXStv8Gu1m1o+y+ARiZ4UGn4ENR+vcppU45guYgiaHtZge+LNCxI6qQ6mQBQO9WAurnjsE64BJ9vSccflh0QMFILnHVdYMekM+ia+R1vuPzEweledOalCTd695HBIRM+MHUU3J2oAN2fW6nkxjaebulApW0ydPXjfHj95wbUZq5GgS3ILt0l1DtaFzbGlLDW3TOk3alP8TmZrGsvywtb9rJEmCv7/XcJazY0wHkjbWgsbKb6U+o80rsLq1pOQlOLPBXf8USBmnZe1O5K7d0dsO6BKej+dsDnO9/ie6e5XPhBlz3sTHCrqCd2RVvx3tBecrFPhur3YvBzzknwv7SbvvWp09Pqn7ha7QcfWd6AZkmvSClCF+V+SeIeJV2QWT0fNF+NghWRsVhWdY2SU2sxYewH/JIYQBcXTQLroyloekEK1OqeQHClNcy21GO4p4nbVu2EDWrTeUeYP+77Ios1t0Xx9T1FWJBdwnuCEPY5l2B0RDn2CO1A6ZxvIGs6Ct3ksmnA9hhNRD0wbH8G/pMk4SvPYoEMR0pakkXGGwTZRqAX/rmm0i7fcBK4MQG6R8/hQxHbULTXncHxKTorddLw0Ukwsv8PH946Fgbj4im0TxEafEwh7u8P1B/cAWHGJ6jYIBZLC26R28f90CEgB1aJTTTYYwPvp/2CmwukiFwiWIxt+EGuOTywlYO2oCuwuDeU/B4v4Ncv5CBzfAZM/i5NlgYTuC1xD8x1icFFvX/gyLdh8r09CDNLU6hdRwQibjiSfKgKjVC7SSLZwBU7RPCOw2V8OhhLJxfeooUKDbB7hxB8mHcKDdzfovva29i79yrbxH/FI/f28RGBc7xHOgg/Xb3CzuZOoN+lB88LF6BWgT7ee5GFR8dI4V2bPSy/5j/2dEAsmbUAlxdIQ/qKT3TtSzSP0zsM/+QEsW44AvMM4/FG/RxwTH9Bizw72UtBGkapeqCN7kVsVNOARA1lzrGPhaIZB3hwcIBEPH2wUn05jfO2h0bzJH5+8g2dHP2QFVtXcEP4Lfg5ijEsbilNGZYjn4NHQfyMMmQXmWD0PnUIPnAdvAPm8MHoYphYOhP2dYtQ3+AdfCVeAFrlYtCeqsXCY77xCZseyP9QybGGe2mEfRsrXmiiPGdLONgcyVM2jocimUrOLiuD/6KXkMviS1ixaz681i/DcL3DtD92IawOzcCeTzoglqLNHXEJvO5jIWjOcsGGoEiaLnsGFl3+zD7nZLip+grGigG0f6pCv4nSbNevhDP/LYNs8S8Y7zWJWaYGyqeU0X8b1DH2iwbciSvi0Tk3qenKRH5rOhdCUhdATpQ4vL71GzObE2hZYRZ8FHWEr+mOuNLjOQT2rkOdrYEwbs1d+JfsggtaxWHWAgH+EmAEFjWCUOkWgAv2SLL7Gwc6EL6bzTeMpJV5xtTU0MJW/5nht54mDi8XgBNpxGMyFKhR6S02Dd6F04+G8Nx2oq7r0TTtTxddnmdATsoSILswH4Z3fqJIDVfYU2XHYplvYL6GIWv6ldL+8QHcMWUFqBYZwC+lkRyu85U7FryBzRK9+MLnMNRWTQTttKNMAtI078lW9HKQg8vxr+DY91KYJOPA6V1lsOmSBvx9OJ/OdL6npeenw27RSsiXUwOZdSfp2oSjPMlqMnyMVyFh0S4qGZeNr2ukqXuMLBsv+gsPRjDMTrpLx49E0y4NZfrc7ATO/iUccCENsysqITtyHuq+Daa3I0aC1kU3WmA8k+sTE1iE1sGYWyPp/unHYH++GHc5DIPNHXne6j4C4OkeVl8kQncOnibBRT58K/QHxHpZctjYfVy/cjoN904B2X0KMN4pDUa7SPJ9LKSeUIa/Vup0pvYqxxlqo7urGzje+QbVxkYgvHQSWeXcoMXiYrTRugAHIoaxcPovCLh4k+KmDkLvyzxqWWgIJvmDHF79go+8zqRPK7NJQU2TxRP386Hmy1BlqsEiQqv5sKoGnJL6ChlVbpC114EUWi/Acbnp6Lv7CJamZ9LMp1n47nwv6WaNB/9ty8FV7zWe39iEyTnZ+FxMhWO0NXH50RZYeO0maIUd41XqgmBUshFM05X53A4tRM1eCnQJoC1d/vyf90X8JTkbzNbMJmthbbBMCORiUTk4frwJilW30qV5v/Fx6mVc32MNx4MXIemP5bIkQ1g/9yHKHzvGC8Kr4HHVSVYxDmJPL10Y+OcJgyLSeLWnGCfWj4Mg7+NgUdpI82VvkaqkIc5tvUnNSxxh6ukxMPXQEfz70xK/n3GCqQVnGa595PsbLGj/SFUUbOrghx5hsCc/jRxKlsHiU4GU+XIcnLQSQ+9vR8BM8zrrfbqJ546N4nTfEpY2vk3b9XdxftktXhykDS4iHvBmyxBWqiVCRL8vf0sJpZu10/HapQCUvhROv+2qeM9qG4hNXgnTci+B+mpXnLy0AnKLVmHS7xpMajBmmQdylGhkR1flpeH1h0XwyXwFaYkirbY4RPdSBLhWLgeOzzgEusoRcHhlHTV3j4JZOXdR/mQjLdn5HNX/niSFhgOQGHufH+vU0zvvPXi+wILeyxqB8ON0MHkTRTc3neEfku+5wd2DEnZ4w9tuOzT/9pxnu7fCxQOScEnNBBKnyHLhQCBOupLLwZUvUAS16LCWHrjMucNz3xdxZswE+Hg6lwJM7HiR2TMMfmEOrjX7cflQI1tFhlDQ0ju4LmoZjBq2BvW1yZAu7MxeFkYIF9fBy+uysLzpNUc8mMnXHO4ht77gD9rmsHnXczq4fQFVnR2LBwd+kkyDJTzJKQALNVmuOTAMedEVKPpaCK4t7sT11ZfQJPI/drGMYd22V2jhU4r+ajvoqrkt7YmKI6twTVj3eggvjvgONnXCGL54AZ31OY9Ld0TjFrep3OByHN4WlsJdNyWo1Q7F7xbSGPF3HMfY1UA2hkHbnuusEyQJ99fNJ7psiTHLdWE4PIv3rtQAecEouHlhES9yv4le32+iyYA1bE/9w06HDGlGmw0sczrFA/Vf4ZgXIBbp0I0LnyDyigs/PqDCAxbSVHSkjDWqdKBR4Axa3/2ND/795AKNCfzURBoDJL9Q/GgzTMqV54tbOyGxSQy2z7sJVNBJP+6l44yFxXD67gq6f2MCeB5cQUa29+ha7kV8OE0GLOxfg8ESRVKdqI6KL9LhE1/lXP8yWv7sFJrtdMejLv5omzsSTn3Sotjge/hk/VEIvlVFDx+v5iextZg3EAw5RmNZNLGCusYJgruFFY/6EwaBYZP4/tclOONzM2SWj+FnbM7xcwNoWnwGJ1qMguanNXBavhvXf/GjviVX4MAEf5bOa8Bzn3uoTXwiZAs5YNjwSJif8orPbDOnn8v2kf77LeRrHciyVXc5W7YG/7a+xnZhU1zy0wB8BjPx/sR6znnQQqaZk8mwfxr8T9x9KAKhqAEA/ofMhFJ2KiGjSJFkhSINDUohSYokTTmkpDJKpCIlokERSUkqo0VmRUaaKBVSVIjoPsZ9kk8pJJWakgW5a/pVXOezhLsEDED+5lmevU8EE+12QER5HyvHWmHOEQVc/7oL9OespLBJR+ndElX4/NEIXqlfR8n1j/jTXhHUt/fHoopI0PSLJL81RSCvWIrdY01A5esQyC424pfDx6FKo5Riqj5DypndkJeahIvup6F1WwlMlBMHvXRdSLuxj6QzGtnuYCbMUSukkSt8yDTChQvnx8J9w/UYJS8Pb2kan1LIZD4TTdOXj6N/a8Xxge9RODT1HiV3F8Pl1WEQ6K4Ny97/4S9S8Xi/6yEEfPuKP8TuYHnXALpVXQZnxxfgfeoxnDloClPoCV7R1MQHS5Jw0sYgeLP3Lpnulqdo5VSIW2yDtSY/uKlDCJ6PN6FJB93pxyoziNQbzdpKzNOnmlKqaRFbLQ3hoJwpFNU2EvxKhthiSS4qvVrEPlnj2bgzFBXTrpBM61FaIqxLmYIl5Ck7BbaaXeFyWWW4DqU4ujyYDg/bYW7nMZ42chycH+0HH0LUMXCfIljP6cWZrjaQ/PEjRgRHcMt5OXRZdxS0eyspJus0WZz6gkqrDMBFtQ1Ftv0g58L1uPT3C/gr9o4KBrww1PUbPGjYTmOCr5KRqyToH+/h5SdvUPqrp/Cv8xPn5yF2KXTAPfUStph3EtX+vMBXr/Uga6Ex2+hFsavSP65ZsZT0S+6i+cZfFLBbD3P1CunGQCvq1U8BJ68f+CUhHMQe7aTztpvg+uP51KOSQa88zNmsZpg29XbzsanCoHQpkpaeWsISqjKcW3WBHdo9OMZpEb+YtB4Ls7rI0XoAlimPBZP2j7gm1w/Nn5yGZYf2snBjDd03uEy2Lnl0WS4ObDOiaZ6oMHxyLqTEbAXIWmzAA3eNcXafHc/w+86iKmfw4+5CVPv2i4+d0YG3KvlU3XgQv6m2ofltKZ6j4s1Cp8xQq8IT1gRJ4QKLftpbLwJFChLU++sTnfz+gUenFoLFloms+yecNBR+8EOjq7jG8Tv8OKgO4+IMwf5qH23uv8Un01bBgwkzaMx7oLKireT14DqJPV6CeVLi0F6OcMLqHAvn3qSKk1PAJb+Kspre0WEpawrZbstmS3v5+Q1JEL9UBf+lXsNLG7TRqcqGfP9pspWvKMjn+ZFLajTSCQHSODoR1LtXQ4+VFces3AQVbuq4oqoezxYXk7zILh7a9pkG7z6mfKGZMC5XHBKHj4DH6C24YeRRHnnMBA+myvFfgUEcPXiB7iu/Y09Xfbh9z49vjQiiEdXhdDDaj1dueIkuw4/hVYMTiWm4A6d846IQTYgY9RsrRIe4d0UROXufYT9DdZ5wdCc7LtDHqf6G4LK+Gq8skwOJ2R/ol9EJnlfwB3nNO3qreBXXmyymEM9mXFC2jJ5eUYHLlkawqmQYXGbdwH7nRig8/4xkp4/HI/Xz8VVtLkS+vMESs5t47nNNsJWyx8iWZLI38OEvfgYcf2QzF4+s5cv92Ri54TqW3x6FnWMFQWmMIBbnbIXkACO2CTqAtLQbhkpe0vm4XDgyMYYGX6tRy84pcHD0VH65tog9Ndw4LeYtOPscx/3phZAcexgy4A3ZXt8Lm4qE4IdoH3xa8JHd70jzVbszfGF4AfSJB5JAlhte6F1I1zX2UoOkFMzwJOo3UOSoCGucLFDGD8Ucef6+D/QoNBoDTBaxtUUByv8VB8O7+VBZEkggMZb6RbPo420NlE5ugdg5wqzp1oRHereAYNxIEN/vRpsjzXF4TxuOCN2Pq16F8oJPt9nU8CdOK2uFIvt8NIwiaFX7yoccSqnW1YNTa+bhreXEB3SWkvfc+dTiowTKLkos/W4UpMwcj7vDHqP62z9U55JDl55Eosfip2xb3Anzf1yBkIYEbFuiB88//4JLdX4w60k4G1b0UEPrIy5wbeAgjiGbd1v4843ncC9pJuxousfnFjnieM92XDruCmq3fYUDrzsBjl9A96nFKLhbgmbVCcByiVAwkFpDK++vxpqIEE7ftBSyD52l3umn8NScE2B7xRGO7jWG9qctlNOwkdsmPEP51slwTuw7zPrUTv8GJ9OW0lEYLt0GGxWlocVkFLl0CKNxfyNz7mZeNiIRP6zy54Kxq3mm8gU443Ye/nqZwuLcF/zXqom+TqnnHNEsOPRMCOUTv3FG9Rw4mCEB4V0baVT0CMhwkKOuOelQmNCDVW1BGJ9/C1d6VrGpsCHvMnmP60U2wNQQXega2IjLaiTgtYkA1qtM46kLfuLTo72gpXkf/XyGcWZPKQmHjADdoX38t6ATZqR9oPgjc3lyTgaZTJjK6de6sf3QfWwMmMB5w5PgxpdXqL1AhLSF1nJ/hjI0ZEvxBcl/dKW0HU4p7sckMXtWL9eDxZ4KtOe9E4evBbg0ZQrMHHWeN7gd4DH4Aq9eHyRhp3XwJFUbkuZ34PugIjL8bAb6VedozZQ/GHkuDQxkqkBXehUFdFuyvaMUCLwPprWViE8crpHP4yb8eU+bP278xk4t2jRv9Q9ac6gfltyYDG9yp8KzY/mgdeQRlrpqwaRro2FFxnS69WuQjqWt4i/PDEjxryLUpb2FKyceQ6pUL8YdGOD7VsfgyJ44HFW6GGUUzsPaZd3crTQDZJa0QdwGGXT7zxxGTJfHA83zaf/SW+SOe6lSMx+myjnjTwFZeL+ihENmnucNd3bCxv6lmFsbxo1+2SRnd59TrZ24YNMW6BBSgl6Pi2A0KRBvBatR8pzrVJu4B+TOdHJTgAHcEnzJZvMOceqYWbBeU5G3T95Jp6SXgLr8FeyNiOMZkTU0fKGJnNP3srWZAHX0KsGQ1QuySk7hIWNRarCdzmbZTvDr9jNaddyNEgNFWezsbgpPnw777BTpxc0KnpyZRZ6rmiFj3B148aKMb9YupiL5eNrPBqTbIAMP1qljtV88Vt/ZzoKFARCUrkA11g10IsaM1pk9hBfNX8EuVBI2TBtHRi276FE70/vbA5yt4U57xS0xYOxhnFsbilVSanxXTAVOnzPHyIA2vvmkj9rG2IBqQBP3jSsDnQe7aeuo5fDK0Yle/VUAva6rML9Yme+90aeo5IM4c6QfDPq8gHYD4CBJXdozKYJdFIQgcHEod6dX8onEfvgz0AMxcZX8q+cfrlytywIjxqJhXx1b5glC8HplEvSxg8Fjc3FvvTudMFUF2xhR1olK4Ya5L/nIlBm8ca4KpC0R5QN9RZwmLAlLo9PA4OJkct41AafrJ1Ho+DwqPfYBwsfrgNqjzXBmiS5tbpXGW7iJvbtEuWb7TPxkEQLvDiPe+f4YLpZOhkDbUh74Zwg3/pODBNknLHlmBXKYJzt11IPavR6uRy1InzMWpvUYYVh5G7ipN3LvVHP+qzWTmkcTmdy5TysV7tJWBxv+7jcRXO18+Z/NSR6fak4vvuRD0L8s8OEOagn9Qasnj8EB5ddwRVQEzN/d4asXS2DgQhs51dbi6L2+0JZ4EgbSI1BCQ4pmQDwZvFCAfRXaJOpwBTa8lsIptbr0o9MTpAuDIO1nD+xxjGYbjMWqVCMo07yGe74psP12a2wIlABzI0ksUHDgEI/N1ORihn4l42DyPRmo0VfkPZ9TUShniLvsJWCV9jRO8O5DYZUN/G51MsaPqESbO0ZwP0yUrnltxOQnkuTZq4z2C8vxmdsnPjDqN8c0WlFa03f86i8BTso3+c17Ax6yHYPRj0ZS8HpL3tQgBYvF5XFt9neecDmS1j0fDfMjy7BGXZ4+X5uBmcK/+IazHWrnfML8DHm+POISJsgrwvp5k2CMRR4pbFvKk3fvwhG1EyllRQp5TtgCwStGw8vmGtx74wzvD5sJe4TicWSVKoxbqMNL0tZjrvRh/n42nPZX3qRtNj7otlUKNzUJQM+9L1z82xOFpxuDr0wzVY/fzh594Rxg2Qw3nozgAxvSMK9OAd7aLoUN+0/wIv/tMMuumma7i5FlwUN48XczvwxtZIu2TSiWKA45L7JQu+ckTe/biuafRShXcz75NopggaUcFJrokPeDPFYzkAKXbSo4eaMMll/4w3vX7aLFmba0O/IOHzFewV80xThm+zbS7FYE/dpN9F32HQ87tPFweQotNezn32ukqUz0OR5ddQE+fBkHVjKz4ID3YTiRMwVDVqnx0a4CniehAZF/PWHAvItcRm7hONEP7L12EtztE+LEQkN6IzaDi4Pf8Q3xcJqVLA2VV6roZ7IoQJMNa2mLQnRjEs9zWIJhy+fB0nAT3HI+FNX+bcWdVn20ME8U9o8eSY8WiYHQyMNo4qNK4ltCoEpTELYU+XD0zb/svX0LNcUOYdYiVy5crwcvJ4jTg6sKWBzogqqSSzF8zmfenBkGdu3ZoC75DBa/vMS/z+jDveO5lLfqBmn4R/HO33q4cliPzoA9RI/agV9+zoO2xFS2uKgDIngSWsL7oHtPCHh89eEpEc3wSlSeNKdfwKUbL8IFDWvS6FKG/Tm5lPX9JweG3gC3uxs53D6Mj69+SGB8mTdFZDKftoKhoSkw6LOdipVDwdLtKyk+mM+3rn3kwQ9B9DFgHAqoBqD4wunU2CAAXdYXsPX7RF70vBDXrRnLhn7rKfzud7IXfsYeN1Qx69pysFo7HU7Ev4Wufam8bl0miO4Lpgf+C/no2GYMk3TmSaeVqSFCiDrVJ8DnZCOWOObPjwyf8U3Zbq5fNIVEB6PoiMcsVtp4ml6N6Webgpkwo9uWRVYaw+HZG8DpzAPas6oDO/TrweHAQnz36Cce9H4Cwj9VYdzKKoo4awtab3aS2QmiU1Pu0OjwLjjZ/YjXjY7ApWLKEOFsBlfuSVOzVhxIlCfwpuhduNm7F7TTO2CMVh4YvBHnpW+SsHGLJqTZV6JdZhN/e5DB3/yQKMGHwjR9wDIskS2633L4shQStjCANWqibH55Blg65cDD2qlYQpOxynIPTX15hdUkvPHcr3wyFjOG/Ib/UPWAEA0l/oGPOxfh5l1vcH2HFf6T8IOHLyNRI2AnT3klBBf+ZHCsah6/MNGnlxF1ZKr5DeYbjIOd8hNh0VRTMrpYhKH/NCBudRNqClrT311jeeGZPWCSpk0VwzrYZRLC31bow7hWcxrzgcF5jw94tMfiZ39ZTFn0l58ITKLEngE8Er+ABNc/grOHSljVRg/GLnaG1ZP6QK/AkIS0L8PURfJwZG42nFwjDavOCFFNzixqtpkKQslCNDRHF50jr1L/3Toes1ufDl6JIvvVIZjs7Qo1Jf9o+kMdmDa/mPwLJ6LkWiEYKi2jQyGSZDHnGbmuE2AhsZPwc5sOPlw+HrY1BZNe5yHouRWM400PcpnFXBj/MYC9V77jY9+iofu/B9xvNg7eT7kJzuYm2BIVwj3rb+DEUBHWt/5NTgMP6W62LF9vtqAKmTEQ/d8rqrywD61UtMBy1UaOqEjgSy9e8akH/+hA1W+0idmF9EIQZqtacnWoJRrkxGNL2AHwCjtDuruXgMGsx+Tm+xwaD+nxjmcjoOSmHx5JeIZ9sQrUe6gX/vgSDx2M44tHkfQkhOCjwRAsblcAUaOJZLplK4iVMU7wXkOFHbPQRqEYJbLqSH35ZNR4NhGPNgnBjT59dlKL4ve2cqQv6AxR41dDTONZ3DOkSGPu+9OCJ/5kFakIBT43QVe6n//e7QIU/EIloy1ocEwL/Zat41ORwiij+w17+gVBKnEf7ZL7RWuS51LV704uvEFQXpYNanPX0gHRWKj4cpjPf5OH1nlB+E7mMj95/x67EipJR/MvbV6+D+1GC4LXZIQfUaFQIG4GR8W76Yvndah+LcjbNrvzsMYlFH5YBH7JLjzTUJeiJx2EckUVqJkbTlLmayE2t5uvH3zPjR6FZPLcAI/sUeKPqXIY3jcLF6rPgZR782hztwmNWyfOBX+WY0noAOmlxkCe9l948Gk25N/M5o/9MyHw8BGslzbk6kV34dE4R/IdPoxynl0YLn2ARYTeUEVfH9p2zYad8vuh8MNU3OVTCoef9fCS0cao6nkEN9ich3rvHDyfE4MLrprAQMQ0cFvYBNcHO0A8px2VZC7S09nOoCn5C+9HeNDjrHcwPCQNul6/YNbqZSyx8DO3eWXiU/cLIPbeETc89CUdsTze+cwaNeskwd/Ylz69lUajW0XgYH+E6g4v45AdqZQt3ML/go7jRIeXIGwuA+ZKz+hTfDWM+ZcNsYU7cPer0+x4/g28Wbyb9E/dg7tPt+PYIxPh9qlnlNGZQSkqEaAq5EKXnv2h0B2xcKDmGzx4ugdDXn7ivv80YGhPGbcfUqOs5X9RLj+Ra4JX4dmlPnDhaxdagzOmn46HJlddeB+8HZqWrYDMlfYsVKuJF5udePfnl3QvwBZumJuz6mAZ81tFcL+YSU+730LK3jJ0bawhq0kt2Lr1IMaOm4halkUs9OweS9qZgpmsMFqsFeNfkIkJhfr059sqKuuRp1B1H5ZobcXVC6/xdiEd+J14j5o89oGQSwQ4TDiPW0s2c7LOeXhyswOCPMSx6XsvJHydAaP/xOHyzWG4jcfjmPX50KS5lebDbvQ77cSPxo6GTdeD6WfhGDgttQWzJYcpvHQA2//+YQ6vgieF1+i9TR1OEt1Gl+MVMWmnOFTa7uMWkwSK/fUAz+rdg7Gr90C53VvYU/0RbeZX0DXnZla5PhJg60G6s+caxm7R4U367uAxdhu3WbfTGasUrIm7AYMh1dSQPRFkw2yg29sG7sm95t6mIbrwFHFDyV60OyOHyuni5Gzrj9X+4v83/1dMaw8mzTakjIISfq49H3Jj8+HwyUTanRYCczsrKOzxNz6SJgTvmgbRdXs0O9ieBvsdmZiqMQ+Or7JCgzhH+hDYBH6/+1DljiycS9bk2hINqHm0Da1c3qFg/CUecO/mhn1T6IT0dPpeqsy5mYLw8LkJ1889QldODZPy8V1Yvv0fKAguZM154pzhsRmVL3Wxu7M8hHeWwTsPNy521+WPllXwS7QQ/bJuw4ygESw5rod+jk3HD9FK8M5HCQO3L4RBoUyCWfNgZqIdGukX0lbBfhrqdcQFUnYcfGgkxPt10I7Npjjt0VI0tp2KCaPcaQmZoMf4X7hs7EywVRSg+49nwMt9q3mMRR/F2MbxYBiwqYUInYl9jNYb9+B9gU745TOf3n/XBYETOnxWrApEZgZxnckAaZev4uR/+jCmWBLi9fvxyoGNLD8foXDac4rOMcct4Y3QZHmCUq/Hs5qZC40x0aONSTNwwz5NSGqeACNOrOAlN7fwroRNVODlg4cS9PhG5yFODjPDa7LroO6QKf67NQJWGPXDys07ee6ObXws/TL7rTIjpzIjiqmXoWcTx+E87XZ6ulYC9NS+QNtwNvSHVcMKe3uaMjkObdc0kfPLADby66HT0/5BY4I8ZNeJwdPAhXj5VSUKeq0H2ZdLcNW9YbwZLskLX5fS2AY3rHcUguGSNDI17IHFv99j6adEltKczSMUtsAL0Xho27ERp8hNxl0CgrCzcjvZLZXAQzayXDq/HsYIPYNT6ioYZfAD+q3uUfr7Kgj8qAFhgfOwYL0K8bLZ7DpmPpw6L0gvSlRo7eF9cPevAdLYQxQuNQ0mlhjhNdn5cFemlupWz4aLZZfRR0wS7/fEU+Oxu9QeJg3OZ6aB4SobLr7VRAfwNA1FjaTQw+boWSEBx8KKedqNGeyx5TPm946FJQukMcKkFe/6jcazod0osc6OAx230KejIfwrtQeUrGbgtsUzwSnqCl5+vZU2xG7l8RpPMCgpAF/uO4mx+7zw64F+TF57h256i0PPJsSDRc+4hefjZMuzYO7bwVe+hvDCkaZcKBgE4kkqkPHKCN7OOUUJe6aQEPlT4e8orng0AUoPp1PA2k+UF5NGfx6sgKCAWeBe9Q+/Si+DB/kyfO+kC9QelWSdrsVQ0uqJsrPeoEjEbZDbIwx5ahV0b8dF3B0ch3srrbny2DwyDNAkM80iXDTwG5PW/iDt6XJQtuA8zzyuCJW24SDtuIicpx/juPI22uicRn6Z6njocQ/aFE+H7flq0PdnJ4289QmebJLD1FmWkJ6QwcfKY3nj4xperLMbo8IYfGybYNafWlqc/IPPRVfyqDET0aisnafvlMQr08TwqM1k7PUTgTubamGDjCveJgFc/zMQxtonc7SvOU6WfAz97ftJcVczXKmdA5LWBRA4J5kyOw7A3joF1twRSW19bliRM8RC9z/wyrJm3FCsC+8rCqllxS++5tuAx+ymoqCqDUyxlqAlE/3ApPUE2UjW0rLrDOsilCFeW4dP/xpgj39dGHdVmt+pLEe3kf0w7k8xa6zVoqP/lGAo0xW+TAdyVBwJ83U7aLrYObK2ayKF2e/o9MIJUH7rJ06I0YOHl36y2JOpJC1bCuOvKNCCiHbMSq2mGoFLKFg5FyI8xSl1jBicu67NunmX6ZSpEPQ+PIu2/Ia0RvaAu+cBmD2uA3K6T/Djh3IAo5UpLtOMj02RYf+M/eineRLFFkdC+MU9qKMng2+2ONL9jUogucwH5R7F84opMrRw23UWn9ON9/oms/Krx/Bs5FYM7zwHym1mYFArANNd/HHiTTdU73MCb7XnXBJXCh0pjeDqcpLEG+sw6dJoWOHyhO96OdA5uUbOG2J+P/Ybvd1nCXd1ouj8++f0aFwU/VeqBGqPutDgxW8oV53Bp7s/Q/WltRgqf5QltkijS90INlvcimcHJSHNwxiMC+rAJrWXH7dYwyQTR2rdXwLOlXKQqZ1Cz3fZsIiXHGytTkZBl374tD4Rcw4Us4n0CnbL+Yf/HXWl68fLOPebNUysVYMJhybw5EvbYAO607XKZvz6bw5L51aDia0hHD2VBkIDVTBsOgIWX0vnP6JyLCtlSmsddTHt83TsOV6GMycb0RfjITjv2wxfUxRhgWgTlVw9xKf+VfPdnN8kKNEEHj2TccuH4/xPYiIM+qwA65PS8Fcwmb7m7+ID845Ckqs51nmr88qo5bhj/jiy+F1GofGDbL5jDui8vY/L9L6y6L+v2HjSnyuzPVDmux8uk9LjL1X2JLDTA+O3GoCG4TX8MO8efNY/RHPGT+fZsrW89vJO/G8n87nsnTA0dxlHqZrBaVcJ1HDMg+bti3DNy2lkMVTPmV2JrP6kmwIXJnGVEMKu9SZgtngZf02vxQ4NI7Z700KTQju45cElvPz8N4qYJrNv61WslUDIu2XGoVnqMOVbCs0sWYYXalQ5r6kDA7NKaaB+O75/UwNncmVBNXMA78FxnDYynnObVrGF4SW642jNgv7VHCxuyDhuE2hZ6MPSV04gayWAdr7ZPFVfmGdYbkCn92oYLHAfMqQOcvidXKieR3B1pzxvkJWh7/t/wpW5K+Ds230wploHc6WvcN3WEfhlgTA67GSICZkNAuEWpJQZSTdff+SzUw/SWUlrLPI7ioU7WvhyWyLmRElDVMsx+KOpQXUBU/HonOfcqI804J3JnqO/Y+ymMbRskz87GYwCCZ9sntTYRl9cB1nFyZ3mjlLi5Tv+4N7kS3gv5zaHes+mX3tVITxkOZflZYLK5tu4/V4z2HevpsfN55nD3/LO3Kd87lkhNZ3Qhbz8YA4vug5ObwZYNnwq1oyoJJ3zZTxSMB8OtneTw+Kp1PBoHExQC4MtKp0wtqCEBzYD1ifVQbqHG4Re+gxG1he4luNgmo8gNH5qoPwjH1i/dxkrTPAFQ8cPWDHJkp5/8qS1geFcXWpIe79KgszeDm7+qA3jbhTwV+8u3p/OtCdakRzDlnKioRre6PWgTJ+pMHnwL+e+vQOaEdUEMiFQku8JP6YHYMlUb5z7k3niYUuu7NeBrY4jUDHMAeMPOPDrsNe8vmE7yuvuw01fZGhEVT7rnBUGYSERSH76HDQXd2NX/VaQKnwPjyOOoEeRAvqNP4wrCt7xcPFrqq5UhraxM0Er5TOmnLnF3C2JDQbnyPiNGLtc0YYNk4pw34sJXHZZHjoLcll8WAUapAyoQeAsL/tdwltNLCHxti2OfBxCW1SWoKKWMmg8uMoZdZNh2u10FDcTQ50uBy4t3wmBfzspW8qcPE724s1NEmDYJ4KGfkN4pGIeHq69g/MF62jB3SByaiJIjKhmq5gOuKyhC1q399M3Dx8OXbUULb+K4Wr9UExrOQdme57wUyUzHDNqFT/tVYYysQvcJ+9MiXsEueyRBVb5ebHFDkOMuT2AO2Tu4HL+Q87t2vB+nh6u/9nEkz5u5D7B1/R070dY7jALDg6Lw58Fd9hSvB3W/9OEujo1uvSrlP+VHKXstBV0yOwt3XHMpXDjalgythheWijRD3cN6Ne9B5WCX+GBlAA8Pa6BH891cEWsO1UrOMBLh28wfoISP/whD76H/Ohowlg4O+UHZmdYQvPM3+AglE4NXp9xZ94HLnYu4tyLY0DlmAQ+GvWEnhu2kE9wLd3yK0ejxmiMspZDE5HXsH9WGK/zUYPAPWHs2huOdTqTaLeJLD+PTKYyi9Fw+oUYtdtZU1bqUzpaZgq3gppYy7EWHprVU7FJPtumV/CJ/5bTvcJRfLY+GxQ7kjnzG0MWt5NV9w84tvQrdkuZwbWiUpAUEIb39QJY8WQqp70Y4sdHx4HkjBTu6b9K0eXlPEpLHRzfi8IdrRTY7NeMfu2tUBxdi/JPxWE4NoWLpwXRq5Nh+PnGTz5Wtp1HOQyRgkMgRTtm8OxOHfQyVoGFDke4LGsBnvggT4YRr/mFbjoGn+rApVp/WP39Zvi5fBOuUZ4NC4I302ivr9idJw8elaacY6XNco9CUfLaEK4LCWWPxZ3wer0URBY3cM7CQfK74M7ZG19za2I4tb6T5jWN4XxM/C66H34E/S9NwPrYeniXs43WR0Tx+N17uHVXES/+rYAeE87DOt1F6J/qDCJVynCxv460C/05oPMazt96B+U9m3nvjc108bUy/ls8l35O1qbVOeKg7C1P385Noa6Cbhi9R5JP/HXl7XuNQfr2NWiJXQPjHRZRl9xYKBjUZPugMDqhfxSWDUbiiNd3oHasA+VdfUKV89/w+MQv5Dl6Kijd0gf7wI9YUZcK9QY70PrnH/J6fRL8RueRb3A/jPUFyAiVhG9F92Dkr7XkfLWSGob2oVfKZ4o21OEgiR5UsBaCdSq3MSJnBPxUisANZ/UhTvI/vCT2kwd3GIPEy2ns+P4In0mOBPGlt/HxEgPoiZPiSVcBAuaOoeJLSlSsE8Unozfwz45alh7+RoYXRLH0pRjogSVkxZdzUZoxi77oh7mfjfhvexc4S39An0W+NJCzGG53ToOK1fUsKw6gKjJE34IFcW1OCeGusbhRP5Ey1nbxEk9jqF2vBhLXP0DBXiswvRNO6p1m+HKEHUtuLKLClWP4Vbge6o5T5H4ZIzjcnMKb23fRSfkxaBAeRMP1kmxrEYXnK3Ppo8sy/H1Rm9RjNMDaNZFjXrfia6uNpH8olaK4EgRfOMKugCCydpiABqbuUGaoDo9s40F2yVq49joEz+m+If+NmVhZW0h+d7fBjie+pLZ2Nr9uGAWPpSeShupFOPzOFxbIPuLHkj1w7UIbm7qMJ4lNt1hncQc0ahvCCj4KGroB2G22CF/JDoH/UBFXqxrDvg2HWKu4iasObYOUAiVw6lYHDfM+8tEwo6Rt5tRpK8TYV0RJck2UNRwEzWsO47ZyJVDsSED9igmYMHsNG4Tq4tEpVnyqaxJNuKQFq06Wkc7eQZALUoVnq3woONQeBxd10JE1l6j4RSq3HDmHw5ZzYOZ3Wfa0Os8Df6bA40xpDv7kxV/1t/NhVRlueroQ9y6dhJKuWpxRdZ0CtPZAevw0UEkw5dHeS9G+7CobCxxi+6h2iBP8CFAzgCV1rnzT/g6664lBp9ZHtJoUyA7TDDl96hfu4YPwqXUBLW+vhqeiaTBW9hzteT4LRhXVk1KFBf6V+wtHNJZDmZ4Q3FByB43BGWBxYRfmxwhRavYYcL1VSZKHYujgqxIcNkjnVz8286rX/8H0tbqwvH4KxrT9QPWZBhC6axFf3v6V82Wk2fPgRIr+E8ALrhpDK9mTc+INvGrzF48HGsNyiT+g6FWDn0ru46o7U2BZ5jFUOjaaVGtmIxf4ov/CfhCuGwMnB+9CreMCfIj2GOIrQPIpN9gjqAKSvnxG2/GeOCfAko7VMNR4lYC59y7SNpTm1vEm8De8AT1hN1WvEIfGHcX8ffl3mH18FCTmG1FKwweUjQPc/24DOc/S5I8CcfAlaIASBEbijy8ToPycOLyKrIKsWY1Y8s2I30s8wU1Sx8HIUIY2K22npLgueCaxEtYoTIWCuOdUMu41PG/xwQteq8lyYy88v5JAzot0eLl6NOVYfORyzzFgVLyDuucsAIPnfXSs5ARlHDlBWbNuUqfVLvoxyYw26S4Hy4Kp4HhAlM7+Xskm3VV4Z14gvLOTJBFXa+5v+0mXIhto32U5Sr4/EXauNqdVeVl8PQfgbNMiKNr/Ae7M/0mCfvkwYtdtvl0ZxR89CaYJWOKv53rU7/AbP4u0UtXoZ6DxaBAUPdVg9e6V1J7njAGd0yDbzpykC7140t7XIJQ9gsRs6/DjXyM+O60Bby73hHGmK0BznSb4r0rj94rx5D4AmJqdync85DAnIQa6Gtvg2L7HYFizmzu2T4ZR6q9Q4lMD552u5Dq5DPBVe0NiTafxd5Enzr1TDxVjP4OnvzB0bB3mCRIn6Yf8M6pJY6w5OQU1hySx+8g+uEDXOMD8M6+MFoHKYBneoDOW+1eehnKPII4YxTDUi2jtOx1/fOiCNKcoerJ9AgxoAEioS9K1NiFcuc4V18YvolslJ7D2gQpLJqbBkTRDaI0xhj2iG7G1ahzNTCE+LhWOdXGinKvsiIVSi2Dr9d040jec15qKw57m+TTUNpuiN70lg9PbMHRGKLRYysF8y5VsK9yBshZlqKUyHiLmEAidNoaE5BgMrVBgpaBTUGY2H884mFJNgT/HvR8FjzO0Ye9WM5xlZcNm457SF9tqSP3Qi1Fz21B4dwLGe0tBr48pdP5RA9/d18j/6XdOGpXDiYKXYcXiSla/9g/3q/yg52cdOX9UP43oNYCcuONgZ19HX7Sk6dFJSYyWcOXbr6+SvLUJl70ooaUx4dR43xC0bZpZIcKLTGb5cp1vHoi4zaKIqENk3PyLInRCaZnxFq5KMoDv6ne5sP8h/awLIQt7D6xLqeUxn5p4eaQF7Xi4DjZqVoPRuhkgdzCaJu+yBvnfNbS9ygELThTQyxfeNEq+kOvnnuQrr16Q+4QxYL8sCrY5NsFpoz5ecjaL7xVsp54eW/KdJwvTnPahxvoDqM4j4OObXEpKSmM3i3LSto/jo7123CB0gNSvOFLgixC6lV8DbXcFIPttMm+wcQbvWxXQFLcAr6/Vw0tOX9gyI47ipHfx2ku58J/KLMgym0a30u6hsu4OuDglEi943cE/H2/R7qvXKFNuFX62COXt1wUh/GoUl35xRbeRWvBCVJwm2o3kl4++cO7wTDr+8xgd8P5Mx6dpg7jYb9C4dBW7Hqaz4L4yChAdDT/KzmAJ34Rsh1AKUFvDt0JmgNY3BZjRt5P3Vf/hibHNsKMzE+92bAGZpyl0TfgCf9g7H4P2zoRrm4/xqWOHudMjiSXHbYKF777DhYRcOq/hBiErCniijyngSxUokhIBu1glLgtxpy9dApxy1BY6pH1xXYYi+tWnssL6NEqfKws3vUNYfpcIHm4J49Y5Tez/fiwZB7ljgd5zLDwYTbGJN+mtqwY8M10Jd7WMwCbwFMRPuAcrHl/hFRt+wCVfJ4z5cwVOazzH/FvC8OyDGulMeoZF88/RCcMG0Nl6llBPlvR8/0NT7c2YN3kEP5wmD9/mfACzW7vhQNYQx7z+TesDc+nFy9PQducuPOwvIhs9MxBLEgbVQ1NYLlIZJASIIpo2QvBQCjrIScOM+3GQf9oZT7R+5xPrhGHGXmmyK92EZ/zzsDZyN0xb/gEVD8RQxPUokp5TyqFbOtFRcRSMOLCAPC5dx011G6Dl7DsojdoDbx+XYrbAU9JI3gvGh2VxX6wINCxsg0PrLlK5zSt6YDEarthOBsH6qxS2UgSDB06jx4yfsMJbGW4HZvKn9hv03/k0djsyil3Cv+DmEzv4bbgnGKlqkuiOJziUoABJHnNoREYS3FDfwdUfZqFyizFMnKVBoRMDYMam9VxUr0jrfk4HF/GVdDxxEMJ/S+Fbh7u0b/ZKxubneGfrYoqaFwcWatdY/5wKBEdmUiIYsar8BVKXv8/nx4zgxAQ3VlOWZ+mBB/DB+CMuRwTrzjnQOmot/nP2R7Hyn9DSGYDqVyvo0i4v8JlyDesHT8H7qSqwSfUtLS2VAQexx5ibacOXb3VTds5x/DdjCSl0SqBaQSS09MrAbDdZqlHQwARopRj3Bvrnc42ePJzAi8w+YkxlCKhFZeDigyPBaLIiLBiQwIer3uEr3VQo8/LCOyG+RJ7qJCe1A//ry6NF4hMg58B6OuI5Fi+7NfGFgzO4e9x8ODvuC+R7ruSyBQQPnlWgdrs43Ox2wAu9hhBcOgVOFAhyesJxuDcxlvP/niTFCjswftxDwi+VIXyxPlz9IEZer3JBOVaM8jPG8AGTGP53qpHG/z0AP9c4scsRBVhmrUZ+J53Ic7MdX49/TfmqqWQ2LMGn5mRjYOgSFF82HlMmTIKqu+soblEbuRa2s9j5RA70nkCiy17y/F2z8GwfYfsbT5S7PRtq9L7zk0VaPHBcBrUXLiDL/XnovasXks648LxeAZTqmgdthWYQtGQkZGEObvMaBbDbm5c+/E7ZoS9YaPVP7Em6DW7BKTzihjw4puykp5eX03uBFLoz5TmBfRM+8DGFfU39pD0hFhwOFAL90YBTy3zpv6Jk8Pr1kJZZnCY1FU9wurWLVhorgQ618PeFQdwvogU4EMw1NpM4Q7WX4098oLozm3iB8VUumq+AX+PMUKNyNGanq4Cm7Ci+1RDIlUencWGzDH5NvY1iz+6ymMkZHHViNj3KbMJdnzShqi+dFxYP8H0dUx6+pUIFh/sgS/42dQxt4q5yR55QcwGtlyL02q/Hgd4XbNHWS/F2oZxVtx1bdTo5eeJNkJrxmerPrebDUgJQvEqVm5MTaeGEkaQ+KxgFJn3AOuuTNGP8LAxv6ucFOQokZqMNzXcvY+CLb5zqEgLe+5N4hGkgrO2zh6zxilgQvB+3+R6E/duUoHWDJJc6PAbMEOPb3VNh9rVirIiSxpSIcC6J+4zhNcdwyEoU3BdXUkaBOuprp5LejUvUPvof2zs14ehqFTaQGMWuPm6UkTQV3kyYR2Xik0HzuANV3LyDFxy00GJqNb+NP84Z/83nxHdqJCgyEzw/qeKZK1Ls+ywV09o/sO0dxhx3edJVMSD7b1/JSquL81+IwjrVerYr3gquLS/R9O4AXLssQjV3J0MTbmeb2llwUTUN/00ThmkXarDMsZvfzR/kPOk9MKu1gjrmNIL6V18+WtkI41VsyH2RKihfXoMKr1xJyKmVFh5wJ4F3x7F85mEscX3Eom0mlEH2dOuSCVh+3E7frzWytJc2h54Zg8fUHPDV/sPknyLK+oPmcL9emT9NVwUDl2JqMh8Hj1L7QOTYM4qZbo1/DsuClEgTfu/V5E0lmrQoQx70N37FA70bQXTjMVCKm8bNkg3ooPSYLj8NxE+D+jAxeSGmRzNIWZRwXLgwZD3YCDIBsiQkosvrwj/g1h8AdqLT4Osjaw57oAXJ19s4ouIhrZYcwsP1l0D//CdItd7A59XCcZ7BWfYad58bnSVBsm8Azbe44e8Rv/lC52EYeV8RFy9/wga31dG8SJS99s2jnJ0Am97GgnVqPf7y7IL1HUWwflgXP/ET+vjhPVRuFcdXagvJ+rIerIlbzV+Mj7PHNncoVzbgh/qK2NhtRf8Z9HL39gCsS02BUkNNuJ16hDYNDqDhhFgo25LBOkGxEHXegz8nC3HN6z9YGqRA758qgvkVG2xKSKHo8pcU6G7IU0y1ye37Ej6esg3/S9CiZ6pRIGejClcrGzGvJ4p0zCXR5MhafH4hAaK+rQKpry6U9XAFmN7wRLdhbciP/oYLkxL4b1kBWM/LwMGWepZacIGWWbWgbpEe2bIkXBMWg/hpUyE6I5n8JC7hV5MP5NnTgjOqVpP9ZkEY//kqnNW7ST1sDKcKbvDcZVnUoShNRQNZuDZkGJa4RHBPoSRmHZxCFz4Pwad0NTjtP4DtR1bBuElxKH97Bc1Lmok88R9OCt+PkYvm8XvZySwXKwRjUhbybuk0XK/ewmNG/oN9D8S4W2otfi1vJav47yzak06xIcpQrDmRsi4lku37s1zUr49ilh7g/GYr5i+TwTc/K6DZbweofhoJ3YXDZDlhCSgZxGOQfhOUxC3CixFrsDw1kQJDV2DIkCnqtBhAXWwLn55xitOmbWX35hwwl7WC3o0nceVqEXT5bs7ZmzVhZp0WuGqXYffWfPJfcpn2ZpSi+RQNCqwfgeLzbtFzOQCjPfo4xWcWaKgJU+TbNyB67QW9mnsKPL5/JUHBl6i2JAVDrZU51DUTIx+KwMHZYSha2wZrE05g7u8DeL+pCTzmF/FM2T48uX4xrG4NAKhSgUUzxbl8VhgVtZ/G+KR0dC/tIjfT7XTz6hMy2uKLO+vsedebsfAtaSx0bC0lpz9rIeKNFlRGBHBnWQmfDD6FbcU3eeIFF/YxNYTs6afpU1cYH7G8ggfHCXCN1Dv4fFqOSmyMaJNjFP+dFojKYAbdWzLhgMlCTi4xxa1FW+Dm7h0colZBIvfSYHy1KghHhtA8KWWoyEgB04x+6HctZ/u9M/FAVQx/Mx/J+k9suWTeLggSzUIOmglZcQshumE5D986QSOCNKj72VhuN3gKLh2eFF/3lUwWDPG+kcogvjaPO+1WIElM5c56aUx/voJSeqo4R2gVLlm3mjfutKGH/02EQklvVn5hyioLGuCLySS2URnFT2VXs0WIPEqdKWb/3FaoVxSGUb3HuSq/nw0XNILbhzC+kvKBVM+roISYBRWYr4KOzxO5OkcXDMzugXVtGC+4lw5OLpNgZ+szOJ3pA7Pv3uAVyf00XuEgyXXKgbC/MtzzbmCpX8WoN/AF3S62Y8sOBbw+Opi8Mqwg9kIJmn5G2FzVjPHNS8F321NeYrgMK01kYMv1DyAU4c6LE9T5oJ0dLX01C+Z/+Q2LDM2g2s2NQ27G08v/rnDHjlKSt1tHe0cK4/RPK8lEdwrU7F5JvlcP80LnNTCuaCWXlE5H3cgjHBh8AqD1L5bNrGepvZIwLJ7NvquLseDdflrauQCSwiog8E4midtexkLvJJ5wNA5tNihBuKAvVa/Qw4UjfqNVXy7noj+enzwZ0ncfw5ZXoSR5zogPvlaAief2YcDZn3BoWgB+dzLFoB26/EXtEwikzOETb17D11+78cx0ObBSGYveb3bw4yEpMrCYRrOTy2H12SKed6aHt8qaoE/NM66UUwRd8XS84kb0c4k+Xz4ZT8/zYvHAwSXocUyfy50EqbN9LjcfHgsehg84/V8LZPtLkt23K6D36Qg8zqlG18tKLLJ5DWkb+4H3b0OwUggim7PX0XUXQOQGBQ6620GF42/AlTMJMPBrGz2JWISqjxXhUOUifE0b0abzGQaXX6fo/cMgNc2Q1N9LcrqpAddV78W3w3qwoL8K5W1kwcLxLoxZ9gplho149rKF1GB3Gyw18iCz/Q7WKCjBVe1z0FZUhies10FroSg4GdfxCCUTWie/FB76ZrPXt6vwWFYT3OoHcOhRCiZd0cc344/Tq6f5nI4jcfPubSgjJIfeqwpA/ocJNM59j00r3XHNljkg6ZjG7Y6r4JzXSFwr0Egfdq9Aa/LEjB5VqMm4gG2yAbT0egl/GZ8AG0+XU+XzbaS3byWv9jkEirEb8PftSSDUGIOV4qZ48LkMbV5zGzA2FDenVmJ2vBFW+VjgxGwtPKoqDGnbrKjR5AfXVe8HibHxqPXfANZndHLspGKob15Hz0STUbJ1NJTrOnF1sD8YqU5l5SU6cFbsOy2SnoUzVq7ES2rzqUNIFOfWaMANJXvOfxCD5Q0q4KDoQRZ/TdDov2048eBYnvS6B1652sJ5w8kQEumILXNXc0vOKh7RYoDxsbZcqTeLSx+u4bqzv+CB/0i0uWgGowp2gkQfQNKtOMi/VAVTay/jmbhg2OsgifYx2qxyu50zSQbqf8fiUYc1aPNlO4hv1qLG/7LowPhR7JK3ncdNTiJHsRF8K04HlkUd556fk3GduRYPnZ1MfeqbuDjhD1QrumLUfEH0OmFPB9sJPgXHk6bpeBQKDEWLZdOw6ZYTB3sNMnyy41/OPexSJkad4yfBKr9Kule4ls8Iv4B/Y+PJ0kQEJbv+ULoso4LYD9hxrw2vfxaHvzsYkl1/kHucOlPcO5jJizn+7TkkoVd4xccblDaZ8tTtY2FKmCQUmH/DFcvuQYr4Eo5JfMfJFx9iyjlfThp6yLor7WE3zoJOMeSqeEGc5dzD10X68J6SMavHzQGKPkvthh1846c9RuSYwKBYGfq+WgnyOzbCt6jT1Dv4l7br69HO16ug/MFaStTyZidXbaCY55D5mfD4QDTd/mWObRmDnKl8HZakyNCbGGkscV+EbdIER/ZchJdWfaRS3UrCX7/DUZKDoS/P4Pujbj5Y1Ailbml8a4M8KOd8JK+E0bxVLgO3xXhh7BYF7K/4A/oWO8hq5iESKV6BwkYMhfsC0SbsKu+2VwXdZT/xV9lOilzYTO90ftIWnc8sFFtEAU4iUPpXGkSvvKINz1XI1vYkbPo2FVPkklDe6zTIHA6FeJd4SOyfCqsen+I53XNwlpI1uHmfJvlmf1w7OoW2bzCDqX+fwIfQGdAeKAmjFu+G48PSaOk4Ad2j0uBirCmUh4jx/OVyMJe6ecMNHXo8eiz0iYezSecmeu9SDWuy/oDxuHp8rnEATkSG0eZzhxDWjUfpLFV4G+dPD2sv8t911pSruRgLZ47GEqcwUrTbSPP0mtnT8jJ6nBgJ1xrH09dNJiTR28ICj8rJokqVy8Wno6HNOc4LL8DgiWqsPFodouMewTLrOSRzPxeqM9L4V/BueNB8E2fG9OJWLx+sPRWLuGMC9J1Zi1N23OLVwzY8+dcQKJw8Bj4//4NLyjNBrCYLgq0b4HiHOHy/OJ6MU4xI6c08fDp4kyo65tK2in5a0RuNpxPe8c13a+jxqRkQPVcSEgolKD7xKL0ovktq9x7CiBme8Pz0fN65xBrnTI2mJlth+LK6BVXLOsDj6FyqKIkird1SYHtfA4W9ZUh04V9QyBsHhtITwcxyG5qkTofkf8NwqE6BiqpW0uCC+ZBzyoVVr56gsqw2zIrUgmXpy6HsiAF5blGAxxt3M0sawoxJcvzcO4cSrwiDh5QzK3YIwyhHJXg9V46mf/CgxSskwT5AGOuMX0H5yROYsHAJSu21IF+3CSBvHYl+S87xl43VkPx1BMQn36YJ2xwxoOElCvwwJKGJjyhQSh/8L0/m7E4Trl89E5wX/0dFRQ1oWVoGexsj4fjYZCrZ+YjdwsygfmUAmme9Bvm9sexeMpu/rHGHp6t/Q4zZStjlZY0j/oiQUJMIKBxIIOWReXSov5WcpZv5+9A8su6thkFhf/4iaEU2k2rBpkcR9s/zhpaI6fRzWiu9AzM2+/kek1xzca6CB6y8eAdPql7no3NGwZiU0aid8pZsZXUhcGkYpnvspCzVAdgf/4On6XrwV6NPGKk9B5waW/HpZn9OeWaAmd376NWCHBj+OQLq/Hp43yoZlvIyIzVZAOPTgzS1ZBcuun0S1lwShLkxRZQsp4/PWnt5xtYbNOZqKZ2rMoBFIUac5vENtuwqwSdy7rRIQQnw1AJccqwZJ97rwXL6C6bnZ4HpARH6HwHwAQgEAgUA9I8UIiJ7FdkjSVmZURJFFClFmSmjHW1poUR1URRKQtFOChVFkiZCkSZJZSaqe+oVmezaegE2bRjAtgm/6dK171RHFjg6RxSOzDrMAks1IMfhJKdzGBiE59HKoed8SXc/SHSHsVfdL3KZe5qmlmvz9qti8NovGSoMpsKJ/BPk8Gk/+F5N5NW3f9NNFScwNWmkJN/dMBQtDXboi8saZ+CsRDvqs73P4Q8eUM3NabTmaR4cmmcFhUOWdMLCCmRFQji1xhKnGXWzrmkWtJ5KovKiyZTd70IBq0vR9HwnX4sUhbYtCrx9WxC25K3hr3GP6dwSWbwms5Gvtmfyw59ZkNc7hMfWT4J/pg/p4QlN1JHtxlXZxJn9u3Db6XE4yUUd1H/VkY38b15RpAoLQ/to/2N7nGd/FydLHYFnuQVY8n4DWHZW8F4KRY3tL0E8Tw4CJlmwupkGfJrbj/36geS9ephuxhNKqB8iie/VGLIwCm64i8DW5l+QvsEeLttJ4I1CET7vFYoTG5Jg27iv3PNUktJ/v6Lz4TowsXIQD3Mhnl7VBlmZLRwqYUFzf/pT/X9edDz7J2VZNfF859Ewfo4neP/SoIhvZ2FoSyF4S52GmyL2XLr6Oa6+u5FHJwah+Wsz+G27H+okTqN0wAlQ3GBC2xQnMShX4NTyQT4ST2z55TXca5wMGyOs4N034HqtZtJO08RHx1NYwaKZxMu+4tNVG8nbx49HOBtAc48Ud3mVcrjicjqy4QhsCW2DggRB6OtNJqdCP05XrsDUcbogUY2s+DwItHETD1o6c8SkXdAS+oPTNivBinU+rPnlPr8PIlAbKwibvbfiUFozVLnWcMK0VD6/bwHFdDfT/rMhFLrQBfLHIKxvVoWAt0e5TWkczK7agyvqDXHKh2DsvqyHq04Lw1yV+Xz8izg8k9NHa9kUHGRFOjvyHIf+GEVZq3/Ck7v3SP3AfLDwr8SRJnIw2zIcf98XoRemCeQ9ZQqevXQaGp1+Y/ilOGqNIe7aX4I2l8zgcSlwoJwpqfWMpOD/pnGMxWr2CZeEsLrZNGvSfYzKOwOaF2Tg755heKUlRxa2K/DkjFQarSYL8wT0sShwDS1ZEcD3J3Rxds9kkKgbQ2NHfALrpGFs7lzFHmUhsCN6MS1QV4WWW/dhfXMTrHSZDAWhHdR8fzkaXVjEv1brodidj9A60IVdde68pH4NeP1ZgaJNWnB9Vgq/ym2B/Vr5qB0pxDqPN/HpOeYcvOUV14W/oRum0eSXIAexsSNpZa4k5ZSW4O3SlTD25XLsiq0nC3AC9Ws6bNlTzgvfTYRzGoNk3+oMjSYXwPVkOGZIqKN9fg1PWTeFrarHYsyZLZD9Xhruvh6iaZsCYe/BJJosiry7ZTH9aNXjvUZdVHh7DT09kcvBNtNApEMBz++ai5fNqomX7uAF9Xa4ousz/TANZufPl2lf4TFQ/a4Ji2zLOeZuI6ouE+BCNwMu1A3CphmbMXOXMH1doMSfLz+E6kk6IFa7AuTWScODtZ1wdsxbWqFXxXsqF/ApwwbKLgilyuzHHDKgBF+Uf1H9rvfYN8sORhrMRtuxMuD4UwA0RVTo9pRhdG0Mhc7RI+HA2AO0O9OYTI2doF9GggwnZeHre0c5NbCY7l+LZF3Rx7xsCYH93QGKC9KhrpZPVK+Xz5ZDCqA77yo3tE+ijyP/4MIt5iDcawAfy5eCfmoV2Q33QewXLdhqIkHnDstS0s8/3Dp4nqctd8VXeqYg8d8I2J6tjDZKe6FbYSGNFFChI/a26ClbRtZyF3Cl3id4N3cM1JyZhGt9vGifZQvGvrPC6GV+OH21A47fUYDhQhNAKqGfCi7qwufQWLSVCcVVCZUoFrgTS459hfIESbJ2CYFbBmFU3aaEW3bJg9RkYTQNvssR/6bAzsaF8CNqETaPGMRH4i9BrmQGnQxaxfBAHXYW5NCfe7vRcF47ekSeIMOK+exztxEXSNXTjlglUIjposHFI+DLVBF4KWaAb9+GQW1SI3gvqOWdyYso4/gX1jC8Sqs7DhE7iMCFDx1QsVaXkvM1uYwIGxtr+N/V21SveBjcHgviNwkJjkgxBMN7MZxTKYZKTeOo6GAgl1VfoxqrDPjxOx3bCg7hkz9tlJYiA1OSJDBebCptMvPB+zMX0DLxaBA58Jwe+xWDlIst35HLYdMtyqAXtx9sHHZge5YQG0pa0KEPWeiz5y8sviGN+SenovTfNbT8kzy4jpeExlXT8diKGyggMwu3Gazlum5/tBXvp7mwBX2HrsKMeGl4cXoRH3lvyydnC+BD9x28VqYP76kGQ6rDQz51/Qc/eq+EX0RFIPLVBfaYvILtSZomdEbj2NL5XDDyCsxwTeah5SuhTGMZXROVgaixn3HPCCN+G5ADQUbJENU0iI1mk8Dpbzxc+LKQ76x0JfvecSDTpAW+mYHsM2cd/Mj5gsIyTtyJ3yiy1p+PHumHWSpzoGuGCJhLdZOt2htYpnGfJjw9TkkHhsFjiSo3N93CiPzT2OraBl6DU2G6rjdmR/fQoyQJnBE+gM3rxaiprYQ6JmbzXc1rfEnYlONjJMHs7lx4ZuxLxbsCQcBclJslLfGq4jRWkgziv6vk8MKtrbDppThIPnpH30X88L/seLSNAHxS9QHMzq/g29MlyMjZDTdKelH/lxGwasgUTOcP8os3iTiaP3FS7Xu8nOWDF/THk8mRPXxumgq1JUrCHr06euO4HVQW1vHw5SQy1rDkhlOnWMNkCQeddIMVy67STlN5OP31MwvcMsFItxCe1nIVZ9hP4EmnLkHAQ19Y9rOVVwxNhhefRaBv5T909ioli1OCvOfwX7zRMgK9tsTTRYUX2GIfTm8vx3Gz6hg4qAb8VkSP1IqrYWZjMq6/OZK9FVopK/AuvqtXYUc9ZMNSGXhauA/Ori3B4i1X4INYFz74bw782A14WM4a8pKqgWtsYd1RK1BXWgBqogdpjtpSMPm9AS9cZn624RPnLozDmISF/D1flWKqLCF16xjsLCgmNeEUlttzER+PkQPLd9PpP/Mn4BB8gbzWGeKo8QJgN16dN45sAaO2i3xlhBD7/XoNm9/ko0lUAEj1ZPE5YScwc5CHzI274V5eCfTcq8XhmFaKKm5m3dP/IO60HO36+gZ5lC0cKR8LLSgJr57K8r8D6pz+0R8uBmwnNW1ttF11ELrrVkBl11LcUmkIn911ebujNZwUmcoZAxNxvF0Zbr5sxom5y7HNxpZ/2fyjo6IGcG7iF7wxWEQJu+LQ9K8vLt9kx2XzpmNbtiuvU9xDD07I0izZiVBZNRN3FKazdHMIL57bDxffW0BXajy82UjwCS/TnImXcNIDK1CaWory64pJe3IaLUn8RSq3KmjbzmBOfqaPRdf24oEdK2h81Hj4rv8IJ8xfyS51HZSpY4cTY9tYNmgY9dY44U4exbfFhbDtkzbkNP7Go+5WuN5tLYo1n8WppzvgzsQqFlW3giSJZtpvYcJTF6tC0ajHeFJlAfrME8H9Ts9BP+wzVTqH851oLbp3ygV+rNGDwPnKsMuwlWxTbVnYcxqtcormY5PkMei2OW9acQc7lAspbUUui9tLQ7q7GXjKIK+bZgHGTxdBiJEYvVa5wsaP59Cxafn0bJoEaOrIwRH6wEEyhZw0eJfa497B8X1CaPD4IFT66ZPyt7U8PjINR8SIQ/lLKVq4yBveTjuH9+7eR787BpCc/wFNqxUw4FwHx265Ao2HpsKV50Eo7jQBR2/QxxPi5WQwPZ2m//EC+46VrFtRzssjfmCJNsHl2L1wORJJsGcnpuf0kfb5eRSzDsC97hceG2uOc98n0uckEVAdtILwzDrOqr3NR7QEcfb499AgspM7c9OhectJnpw2jUaaW8HLhKP46MscDik1gm2/qnlWfieOurAJ1uV/xpalSfjbYyRb14iB2rMqVI/Lh4oLI6ij0B/p3Xia9xTo9Nn/MM+oGhT+W0I2y8xhcXYd2W6149CpRjRu2RmQ1XJBY+WL4D03kI0WCGOD1CHYt00bmn+Xwu+zslSo2wAndqmgWv0bat7kQ6NUx4B75RasmbIct88GkKlYzBF9jaC16DZMtdCCwGuDdMZaj/GmGr5W3gv78q6g/3kRUK6cyY5z1Pmd5zOoebqXX0TG03WX02xEW3HPqThYdHkEr9eZBBtnZlON9U8qWugGPzWT4c1JKbw9ciPVuyhBhNEokJUXY56iDnP0Z/Fp1x7qcjAiq5G6HFz8CTaDARQJV9GZ46fJ+Y0AsZEkiMfGwy19gujg+1CenALeJrb0fkwR3PpiRMMPR8Cd9oWYMWAO8dG9uBOyaM7JTP56ah+VicRyqr47T37ziD5cLwLzs5WQXcSgZlfNchl5FDPNhOL0nTAmxB3aMmZyfegjTh2hyenWNaRoagZWG2xAffQwySRdpEuhoXi2dCVrPB1Nq2eGUuXVhXBY9ir9M58IEY9vs8mN+/T7YiAv6ZiJbmMrKSluPOgKf+T59ypwwqOdBLMtYJqlP/6a+5zv1E7m9f+9YcFnieBW7oS7ShZQ3bUlrH1vDRbcN4Fdg1YgnFiJm1N0QSVyOlxc4sQBZ7+w29ffUFKjDII2rqiQqQcj7p3gDveH8H5hKT/6fRG2T90D/XtK6YLTBNxo6sUrS5rJ+RxDk1wRll27zKGPDlOXjCs5lbymM6dl8JjMFJwu0I1Kcbq4WM8MTHxNcdWD1TyQGkPqz31pzU/kKq+bkCvApLqgldYmluNDHS04sDIQbQ9U88Bmc/wxK5w6uhbR2VXjMMeyFW9c16Z3o+JAI0ELsgreUuVaP577opxTjjij2Es7eCluBzJLT9CZDbfYfsEyiL4rAot+hnLM2yoW6H1FnRGXeX5rNrw+Nxez/wSiWkoJddeMIZ9dEuCwZ4Bve7SQbsJ2fOf6gP47HIZHTLzp9vUdeEvmNQxa6LBxljl0KrnR5kua/KPVACpcb3HweWNu1M1Hgd1uKHbgC0xPU2KN3wAyBbWYdMMfN8VXwZMXGyB7nw+9PbSKD/a3UeRcH3ql8xlOfB8HGx83wz7BH6Cc3wN3TqhSWJIw+CiMIxN/Zdbf1ArV/6nDcQFp0J30Ba8nbqR48xj8NDEELNJu0qml91lXdBo8pWcYEmGHykW6IBC7GnIzrMAv2oy0r/fTXusVMHVVPEZdOUunjrmi4ixBEHquCLG9OjT+0E34VPadytaeZP/lMVA/rIIJGwBFNX5ilc8cVOkbAfVLNnG88DNo4B98/4s0Vpn44rCHBrj2R+OGkAruWUo08a8prEpUwEmRZTRKaBQe9guEd+ltJCHdSnEimnT7zmnu3lWOYvOkYa9VKEnMSCHRwy/x1KwMnuA7HzUXS9JLk824wU6c9x29BObaEyFzy0LsdSlFDec8jtyXi5ouMymbv/HZsDXUdqEAIitaYfdJaTAYfwa7gpmOqQmxr78gSsY3UKvUZdz4Uw52euXxkn8d3PLCHM4Xl3JggAqtfuyDYtNHk29JHFmlS/CasfPp55fl7H5IBRxPM5RPv4cORgK0KmY037cMh6MPTuCveT/56M01pAC9KHXTiGfaSoOyxnl86HAez1e5wkodZYxbP5vD+RQ/zHtPaZaupBC1CwRdlEB04hqcm7kVzzcvpCMRT+iTpBQKSTpjqONsnC6fjJEPQsj6tQrIqf/FIYGlOBA8AzXej4bfLvWkmboGPi07RIHFN2hyYCW/lUc42eTN/XZyMFv2H+it/kMLDomR5KF/+HjoHbvNPE9qguLYZWgGPWqxqLXUCHZ2eLNv5hSsn5mNHcFx9NPfiVdJfcNtf56A9Tt9CBQ/jtv9V9C3+WIMjxTpVE0m6ipdpjt1N1B7TiCl+maz1gstuG4iRadUotjiayd93F7Btr6e0PSmETpKn7Gg9B/Q23kH/X4bQ6GfFmpKGKBDeQV5/E7DSX91yGbaez7x0A+nNlmzcbk9NoUDzLDIpuGQ8TDnljTF2Wzilt5zJJMixfciEqj+5j72ahvmwz4CICA3DlddKCbxtdVokh8B6nN+wpfYIBQ+/RcPP7ThrzuNSeqfEEhmzsDBvpGw9e5XTDzWyyk9n7AzYw6GmYlBe88jkj08m+736YFroBLVzXqNHyTfsc3D4xQ5/ikuSdsDLiZyXFR/GtxbgNpPj4e7w78wYrc139EQpKxvfZjzvRcUv5lSWU4dLpt2CxpMp0Otqxp06b7DRNm9YLFCAj9qtOCZud5g/OUDX1PQgwPHTOi4QREct1WHOQNWXPnPhpqFUrl5oxG3fE2DCackaJ6CPx29sgGerP+AVlPlYNnzlyiTsYZ0RzdB35FxVPR+Kk6bU4/j1+8gW/dEcOp+T38VReCf0UzwMBrLdX3t0BHTRkeGfUH79kK6V6LHS43tYKflDW7dJwD5eW/ojdooWKNujUtGP+M/VfkYJKbITq/2wmivHJT41QUGsgDtwZMZx4yH6XunokzBU+7tHUTLcYtJ5d4w51l+gZeB/zD0ig78S0/G/QFXyHvkflDerUU5zk8g5m0PaJ7rgCwPxJHeAXxqxFhorbwBCqs+gkWFCz/abc0zuzNZLqOD57cyq4uoYbieKLr5ToSk5F/4xfcfO83z4+sZxXzvsCOcW/2XFizPY0fh8/RWMZQflwlCpLwRr3s0HarnOdKREjmI/vGPtcTX8tpMO+ia30Ov6A2o3pWEC9W3qduin0Nn38BCq3JMPzQWDoWZ0mupTpIJjAA1rTlwat9oiG3rByOFMLx5sh0X6+hQUec0OF6dTBf8CnikUzsNHNXh9eajofSQDvwd20pXgwS5zW0qvk7I5R2iQihnthUNjI7ym/oL8J/1aCjyXAWHw63RcP8c8lS7R+OT+0hEIAtGORSw8DcvDPdNRcM7ZiD31Boe3D3GZuM+k2WHN6mb+tPOYjt8JtaBNYde4JjZ3znzPx0IE30J/jciOH3hOhKN2w8S8Q086sg5zq/swoseJ2hJVheuaVcC95SD8DPUDlf4SmGn92y8bJNDx/OGWFLcld95D3Ps52ZcmCQGyzcHYuEYE1pf6wjusmag+J8iS123xHez06l2/2a6srgJeyMAvD+NxvSblmSR0snRVw5wz/trvPt4G577/oDLPKSpavZJUjw4Bpz2zGTX2jSuX+jEeR7zKctQjEp9+zC4IxO1Vxfy4Z+ObKkkAlNcjWD0nzWQMZdIPUoej8pchjMGUlS8agtaRfri9EAAQUVD2JqYBL3Nj+iP1zXa3lgEMpuv8OLnobDyzAJclnoZs9b00t5jYiDlfwRMHlmQx9Ze3DO4hO5oNMA3ix5MG/MOxg9MAd23d7DC2xoOeC0Ax49n8exrhGNXDXnF8Aw0ve+E/Yof6cnKl+zwZx3Iq6vCy1cekBuaA//m/YJpPa4sLimL471n870VuSxXfBXvB8zl/EdCoDpem2om+GH9tAL+7+5E9qkMA9Hrwqx9Yy1kz2mH/46ncrHIdAhrek3dH23x94bH+Gi3H2uGd9P2vAFWWUG437sFOq3/kFUiw1XrAk5USKQ4PIhJNxCTwv7wYLYB1k6xparnB/C8tTrFfNaFy2mC8OrbYXoi2o2vjNQ4LKCQm1/vY2nDm7z61WmMRlP4uNIMuFeTzZ8eIDFlT3zqEQiVv35S8JOvKOuUR7udfvD2/+RhoGQqSGn/hj3Vp2lUTzMV8S/4eTiM/EZYQ7PGHt7c5QKOYdko+xogfYc6V8QDLjjhR6brv9Linx9QIWcF/LhxA293H4c9z2ooqFoCfv2NRp8XZ+nm/BPo9rcAJ1XEc1j0ILg1qMAM0wYaY7EV5s1DUB27CY3FyqHjxyX881YU/rnMQnmvP6DucZPix+RA2fBMHvqoA0mZHVw83AnLbX7gifsHQG1eAUfCQq6pyMclhedw1PTF+GCVODxoXc/fb3gBm6ixb8VXSNonB6ljjcnp2VWo32sM0uCDjiLjYPGZfvhq/RjdX5XgkIkB0M8T9GXDIdq3/jeJbNBkHpdI631U4PDvHlqWU8ie4jPAr0OTWGw3325UoUcjXtKeGf/hjp2mbPNMGQznhUOGrTYYlLbidmNRypizEAveTuU7QjdJVeo4Hl8gS8+szeHB+Kdw7XYfpZRHgrCbHLuNXw6Kgkv4cuZ5+KjXxtlz97GX4ygY6+5Bza75HA7TuXKHHFeP0qW+kp8QKDMVdvm/Bd2ea5SrKQddDyxo4PEHXPC0HQW+WMO2VmfueOdOyeciWNxcmO1e70ODLgl4GG7M/Rc1+HnUdSrUrKb5B//ggWJddjsjCAHv7cCgzwd3fBWF+AMqPOrhIwjyqKelMu0wNW4idqpYYMDbY3hk2TZ6su8PCAbJQ7BsCfsfWoTjH27l4lo7bt1oBTMaqiHfZTynRX8EpTnjyN9jOkwueskfd23GEVp3oNw0kdUXvqSoHwOceSOT3CKPw6Efanj7pDTEVhTR6GJHGO3cCOsdU/n5FBsKCbqImh9V4ZtxJDo96wKrDePg/iYnSGLggDxTfrGjCchuLskGG2ByykQ8usKL7WU8SThXE5YqicDEmVrk+FKP1w464cEXpzD6wxxoLvuEDQ6qkLxgCVxNEoKyr9cxUO4hT1D04nILOV4mM4cHloXA4I4cfKu5HDobTCGvWgfsjq+m/8booseiAa652gQJ25M5XXYzvJwqgcfXEfllEzkNq8Djd+dZz9KNXBy84MMYDQ4RfAVzyY3Kynv4XqkfrBd5A993EsTpCFL/jQ8oOdsLZcr3wfuABL5foA+XnBTpwZAu6Nw+woMN4lAlfIev0T3cXv8XPJocIalcEu4ui+UMt81orPiTBEd5gUqSKezX1WTZc1vhTsBezjLfyZnjV+Ji8YM091QROputgzlHd3Kv3ERYFC/FtRfmUZznDdC4egMXsDf/cxDg7Dm99G2wCJae9+PXWRPAU98BzqxmVPS8xZliI1kheSL5TMjCgy/84aLSNjK9eYuXt04AhZpwPDv6I1qsVeYtz3Jh0+clGBx4jW0S3VEs3J3/lK/BqFoBWLzyAFpM7WKthXq8JKKLhbw304REBWw4Fcj33ujwdyUVzBg9Eh4GalLyjk4Kyynjk1bxILvGA9wltOhZgTSm+szmzaqD5PFLDj7E74L9R30xIOQOyJno0fgn4nRAo4MicsazqkgWfsvLptmZqjAj+Tpd7tGhJy82kOunSGo47kWjI9pgp8AReNVfQP/mLUCF8QDbbQeo+oQsHFowmrxDD2Gi0is+p1pCE8/44hMZNexOdOLnk6VATHccKYxOJBuPKoblxXRnQzkJ3BKm6MPXsVxgPq05/Jf9xEfCiidVHFdVTWZ2nlTzRJ46bvXR2/fvyP7QFhLqn4xj1vXR3VKEZQFm8KC9FyqD5QC+9tG6RndWvrwFm+bZYbH/fNy1vZp7BCdBTFg7e4QEQa+KMzTs12HdhdPxWaE+jzH5i/a1y8ApqBHNw0Xh4plSyNlrw9qyLayuUQvVY0LQfdJ0cHWoJvcD0ezy2QYtnUUhVX05JrvnwxzR+WyRtQ+tFybSxdY79DFOnx5lvybzrCMQslEOFlklET9ZSo+Mg2jG1nP4ZXMDXHl+jo+oR0PeyCMs8W8xelyYAG3rh/DXKzHwPPcEXqsPYHXdMfA49w/7UYdSbnpAjFcUT3O2BH8TLZLYXAQ7slNwr/8r+hZgBJkvhyg+dCd2DjdDk+sGrhmUBbeCM9zRawKx57+AQ40mu+3qZI2AW2S3VYXWBfjRLksrSPkwAs7vTaYNfS/xdFoc6y+/wjGCu6lBoJq0Ewdp3AwD8k17zfN0jUAxDODYvgK0e/OSSgZ2QavgD/Su3MHiNs0kPHUWbn//CVsHNKDZvIKOzQhFhRl/4XZrGeh86aWjqwPQOs6AIU2PC/bk0ObRenDL7xOf3XaRDf+YwRenO7C1dZDHhDO/0ukn5QMtdCfiHUKmKKxbfIfu7JWCJiNHjE/QwQ25q7F2pizFi+jyCt9K1jO4h8mVJqDvWMsphUG8ZPIvwhXj+PDCJ3TY9Qr6rbrOsdHFULrHFs0lAV6Ui1N+tDv42hThQYkmXLFCGzffDEPel0Ig8JUqH4bw2j5RqAhKxZN7JKhBNgq/LptPFye4UKf3czKb6obXOjtxefBdKn+tAAfD3qJzlyqGtoqTXdU7fuKnR0em72XXmWPRRTUMZQbnQEKuFOzePYGcN0dA7dTZ2HlTlrJuuGPFuItQp+UEOq+mgPWUIu6M0oMDMevB7ucNzo8IhK9BVtS1Lhef7etm86pZgFvzcP2nYio/qw4PqwZph9FjvpxpRN3Bo/ip509cnB4LnVa36bZHLGsEzUYrNTEQqPCBL/fH0kQ5M9wwt4HnVa2E9Ra1YHl0M01/+Q5zr3/H9FWmcNMsA41WX0SrriU4RjadVWx+0s88DQ4ZnQPHZl/FRROWU6yyBGToxRC+joDYfn108RailzqmYPhKDm5mN9MevaMs+NsehsYowoFsM57Ruw2Kgnp4nfIVMJWdyeM8rrJ4sjYmSurgi1t/aUyUDHwd+YAt0hJxvYMMt31YjAdkbfiy/AB7mjykVXNnU/bVJij+oQI9cwhmnX5KEr2XWAnTaHh6Dz3oHMvvhedTdOJTWi4eCqPfysLayp2sc8GSD2/dQM8fCbFeewHVW73DHTVBJOExkwRV+nnvoAGoScSwrtsy0Dq1ERL6Q8lsuSLNM3Dk1Gu7KaujntxyCvjCdFn4t0mJZEpfYHtuFEhXfoM+KwGsrlDBIXdRSm7fzw01ljCrmWBirDUsHPaBtip3WBRmCIofP0Gg93hc8voL3Bvwhj9SW/jA3zFg/BcwxCKKdm0YhaIGNyCpPpVytDdRk4cznwq7BusDo/BjyWQYdP8Ap4wmUk+IGH9dqs/t9/6Sh1A5erhf5NyFAtxobAzX5hHsMCxEIb0SmFa5hONdvEDz4gkqdT4MDiprMNVeH04vWYgxwdawpSwI6aMOB17UhDbNNLa8uBM+HPuJT0NG4H+JO1lxeg675E+B+Xt/oItFHabUBeOG62Phu+1vLtiYBY7Zeym/JhpLthnA0jujobGgGcd/lYStM3WhoHUetR56S5tiDmDA517++juVk6c4sW+pLpDsMVp9359iT76E/mVOVBZeQS21xzHl0n4S+uSJ9vO/8/EABejcsw9rLgzxMh0t8Fq/jl4oyHPl/lc8DDmotT2aZtaasuwEMXC1+wWGzeU42SKehDTXsH3qCW4Omczc8w5FskVw8d0Oan4zFv7jEhY3ywTv56VwXus8Sen+oZ9je2H8cy/U9BOAd3cqqPS9FjyJUqDulBrICxXltzcMsTLKDrvtguHb73DYcmYEbBX8g+YLtSD30lX8b7kxdQ9J41HdcJwmmMjtW0aDt2AbXxmcwg/2eLB5lh4YnMmjq017WVwhCkIPefJm/kmzxZdDwUM1vrrTgSdGhNIcO0NotKxHiSolkGm+C2dmTcXifd4YJWrJUbFzQb4znVLWjOfCE1NBsmEBidvpUddPVbSdG8nGB/dwtOdVqDsZgddPfgKb97N5grUcpPq4s7nnNa4aS9DkIELfb1+DmMvdtH3kUpqpo0ms8Zbl14vAPMHXaGouhmWHTkPhkq/kOvwaa7J04JbdBRCOrOfWLfHkVKoAk+YTK7mUob/JDIx4fhCzpz3ioXMGrNYXTWfdJ1Jvw0iQt1cEt89HMUqKSVX5Ic38Y8b2r9fi3W/+fPSzAu50v47VwuGwsEIRWj5Hgtl6hGcPT+LLtTp8W8+Ka0WuU3tgId+9WYF++VE0x0sQpBvuYcWKMOiY4gGunpepcsMPVLR6iVrholTYbE8JsSdga6QY2EyxwSKLVfztcDy3yMyiHwUOZPG6DmOTN/CuyCKaKuzFAgtkYJGCI2bN+kJ7lguR4uutNPNxHl+Jmo4nF5+jGb43SS/6M/87bwESexbA2Jwm+D3UDna6ApRwuBofr13HiQW72OTmHxRzfMARc2Rgi9wdirdJR8H+Nnr3diMMZ6fB8p9vMNprPt7tdsalKbcpNtoELszcSAknpPjLSjm+MEmHZ6cZgWreAJ7d3chxi+No0lkX/GCuBXoH02jXEgWYdSwcFzzcwFeW6sN75WW0zm0xNBzfzVsFXtErUTVQeNrOYZZ1GGyoj3faRWh28RGWrvnNxpMP0OMjv3idgx6pxYlCyr1AaJobTO0LhYDi0+BQ9DR6NeUxaj2eBjuSpbHr8yL+ZqUCQRnemPxiAqnMLqYyh2FMM7XFfdfNUE6wAyu+TILPCd+gVE0B4uvn0TtPSSx8oAL3D57ljS5VPGPCatr75yQrvRomOdUCDAyRBzXbnSjI+8FV6CBZ75+HbfcecX9ZDx2zTMSvrl54+VUXCMZIwu28u/BwIACGZQZ48bkoHm4LwHt7JlJ3SAduzCnkwJUS+ERbD2LUDPjY5G9wt6qTco2e0hXHA3z0aCvczPpHialZZHXhC+i5KUOl1nuaf3Y6u+cHkHlZKkRMN0DHHGGGFf5UJ5eHsaPmYcBuUzDbcQjLP0vwvGorahnhzbvTRfAJbsSYWZLYsGEC9+UuxGBJBfg7eSXVeprhrrDpeO+MEaQraLCF/D6oaVuJ914psIcjo/R1HXgzzgh+Gavx+NTtJJ9jzkfa3Pi3cTmfrv/Kv5zjcVnaEzD+bQAW89+gu5sy9SVfg2slunzXj/BhiRrL9JrC4KzzXPRyAjnr6oLM9Ulks6eSTs/tQH+pfoqeogzv5I15YJMPy/iNxG8Zh/heuSz8eSWLNp3/0UX7hfxltTkOHYrljq1NVBJ4knemDeLfkFnoc5ug4noX7cq1J7X+TzhgfpxE3AfAXfIDNttWgsSrpzzQkouZSyUhPzSJuxIjScfqBL7ZYMYX5fR4//QFoFyuxymHiDYnjKLvB3RgXMVD+lk4lyycGvnRc0vYZnkKvyXuYvsUcVqoo4HZ6uLcMoTQ4z2FFmW1QMlPPzyc+ZzDKk1AsHonqnTloG3NC5p9Mwz3XxSE2GujQM93J51DU/i1JxPELoWiam4dT7T/RwdH3YNrOe/okZApzO78xpHR4bBhpT0KVm5lo+qrMLQ7mAy+ZdCH3Qfo9pvj0LBDAK5NqaNRD79CxFUl+txdyZc9VFHl0XN8ttKX5wzG4ayNObByljLcWvIdrLQz6WxYNTsrz8I83fssY+FByyyegO+uCmryjaC0LAMouJSB5rPiIOedI/fN242O7uXUNl+etbWice2SRjgYYgtUTpD6KYHg6wz22DuRLepKeNtOIdIt/subv26h62ZV0BucwS5D42GFsw0/PLsMhOf/onlWqZiWeIf1RhCJduth5thusPrWS91WwjBn5h/Y3RPOy/qK2FKUWeb3HvrQvo4W2OnjhcZUTpdawqbrdSFocBV3lX3mjMDD0H/oAqidWQMlGd24Z8ZS7Dp4EJ2+vaBFPwRAyeYYvI97BZp/R/LbuYKw1UYU1qZqUaVtLZi9eoQ7V40Glz2i8OGTKQUs6qbVKaNwzY1I2Ny/HSe432W5Z7WAHgN8OiEBLVEdwtotoD1/Jdt0VvGML+L8vSuJp+/7C49fLqCcyAgoO3oEX9lpQN/GVlowKQCcr+0BN9WDZGo/DsVv2rPE1gSK0g5AV/U9EPtzImiVllLqNxn+GTqTzp21orOb0/jaPVkqeWFPgnL+dGmwgkLER8LiEnkSfTsRrtoNodoRI3j3foCeOPjAyEpl6lRTo02/K8ny2BSIWd1Gp4+c5tXtJ/HcKQ+edO8rCYgl0HoaYk316ywV0whx0xXB4PhcHiv1l27oHIO2F5bs9KWKJyU0gG3VGdx2TYs6xq6g5eMtIX9VKFnHifEUsTCIunAcZ65+RV+dw3lNeBDxph4oveKJnj/1YPpBQ4q9JMU/HQoZg69gQP0U3P7UAhbp3gZBAXl6et8b0wangN+FctLctQ8thd/wI+lTOEv1JN8z/U4Xo83xcOU0XEHq1NejCkuuzON6qb/Y3NtEdtZH2WVuMS+pc+RkmToeePuEBXzHwPu/ynAzfhwdfy0A1fKTsTxOgPIs9NnfZAD8t2nT8ivK3PjEhxbPF4B/x0/Ans+JVL6lDOcsU8JvO3PpYNhTsN4az97e8/lGvAQoBhuDqrsTnvpwmeeqTuLoJA38e3w7Lij6RYvqJcCvWIHPtE/EiyKToefiNNR0E6A/2cJ8+IAW77iiwzPPrMU4Z1eYsjmcjXIDcMHdsaBeTXQ0247M+6PoyaTLaNjuSJ/tZCGyoxBK1yyG0hXTqfj0dFDSrQBLD3HyPW5Eho4JaJg+jqsHpnJW9W5ccHknFD37wX6/x8OXiNHsmS8POm2zeevG/9AzNBiVs26BsWUikI8jXRTwJZv8SRD6Nx8eG4lw1p0E3unwjv5K6VOPUzt+6L3DDnUR6BkqAJt0VUH3tzXWeqzhsldrKO1sEMtXAb6pd4cD1ipQN2AE2dccodtSCaq6TmNjXzg+7c3nHw4hYNzTgauqn+DG23n0Vm4VJPRPxpybJpBqhZQvbAl1Wzzh3ME+miDlxM+/D9LYSIToRRFUkbYPBCzMYPyJ+/B1wz9w1vvGuhZJqH3zPK3aRiB36xhsCzej2adb6MoqaxhYaIaii3vpj/9egE06oDGgT5bX2tBs11Je0LaBj+e6w45AK5DrzmalEnfyWjuWfcd5YapKAi+PckCrUe/Ab089Stks4FIJSbi76zzLmQ9jkMEnhmpdGjDPBNJxo671Jfxvfg5ljAjmW39HQFzyNoAzYzF1iwPY1LTDloBSHlo3Fwy/1ZD0r7+4vNiehgoB1Mpb6GmLP3VMDsRYi5Ns82sX9YZbse9oNfLfcAEE2h7xlpvGAD4faWnWPFArv816alFwY6Yq5r0+TbQyhZ+rFuLJW+E0ECMKAWq1cFD4GeQaukBjlREs19QBP5UOrh7WZt8Mddqp74qPro8G/nML59pJ4Pnrnnzv8HcaYzqJnymPpXMTtrHss7ksJJDGk3xHwTSbSNLJjoXzpYYYnf0DP2t+JJ3hUJxx8DWvdAmHhN3/4Zt2Bo2DfiTVfJm2J0Zxv6cGfIwS45XxWYRKpmz/pwfEC3JZTUkOZu5vpMej1hFeKKZ5M17CyqwDqF96CJuj8tG5/wO7OQRxwZaRIPj3DwRI2ENI0xRo9RLj7DJb+BpQD+ce7cCvWzTx38lcuuIqCRlPT/FTr3044/JHKhyUph1rpkP6szlw/rws298ZoFicQ1EPhKH+xVaYkl5IayoOcEpyPlaW/cYxVQKkYyTNd1864LHNvRh5UBwqVvlCsJshNxl8x+rbHXCrbxjGlhRTvQvj4KNTuPHJK7baNQmmJgWhuNsAtdzV4aGMJRhTfpvnQQDm+N8i5Y9poG9xB5oOm0B4Qz9mm1rSGVshMq3fQkcKDNnWSQfktb5R2vAGKLFbRY8F5UAn8RRNvj4PjjzeSuOuZ4BvZw5EzDoOUac+gbN6OPg1lJK9iBooeqvz1N6ZWFF9CPvX+HL7KnVePksRel+eZy5cwpZ1N/G6owXcvT0aj9leQbHgJsyzcKCkXf/o8eJ4eJgrD4UpD1HmeQ7/EgDYf/ESLfsqy/aYAFN9XtCp/EYuzt2Hr0TMqdR3Lb3saYJXOYpwsKgUL9y/SgM3XdA7Uhi+HFHiVtlD7CBTgh0b9XHCsqec26IBniVIwkX7cblPNuYX6+J143bIW/GARIsfwXm9SC5dXkqCruIQJh0HEhf+ksF/gzDz+hFIuGcN5Z3ZeC1sLnxOGQNGz/RRboIl3BkW4aItCvQlNQo8XnmzwwgxSHk8HT3NcuHhuHFkuvc8ROUJwY4TxWBuVUXSSqfB+fQ5UB1XBHEZJSD9V4L8freyyuuv1F0jDT0zr6B3RAxKryhGaRlN0Fl9Ei/kTsZ7i3R5v1AgG+q6kIOlADg/nQhJid28M8cX3wwFw+/bO0HTIIzVD+lTksVe0Nx3EspkDMFnXRq3jL7E1rLfMOSODiXPGoVqbx8w+TvQ0/vn8MSqRnoiPAKS35rB9z8XQfx4BF823E+btllifu4W/PZuPi9tvcXuGurcfmY6XHhqjc79XoRXTsD8aYUQnmuAzg1LcNKRl/iiowcsN8bxrk45KMjdzIGzbPmHzhu8OsgccJs46MxXFNMQYd2q3WDzyJoWDcvCjLs/6dVcY1r5awCrTbopwakU9U/+4tGlC2F3TCQZztDGJsNJsOyEDip4zIa/U2bTofUILT+2wNymYvi8sI7yJhxHi9VJGKosAitNx/LsFwrgWZIEIxtuUoR9KKwd/IpJM5twZYcMmHlchuuTzeHstZP02dcArz8Q4s9inbjTfglKKwaTfs1iNMnWIkGhCfTE2ASO/FNi3PwMFB9NgN7adF6TbADCQ1nwrsYd9oScJsPKKMzsEAWx5M8wNrETzbVvgbrwR3pe18WdCx7jgWX7KOCRIzz6p0OXa8VgtdpVmP9Djw8d9mERQzPY+2Ebf8s7xjvm+4Bt5FG6JqZIffLKMEV/BGbN3oCmH3+ShPkb6r6hxFXzRkLF7zPY2hJHKDqJ5M9NhK4Rc8D9yhAM74tETL/Ppxs8cH6qI7p7COHUD+c5Z+9mit8rD3jcANzkb/Cb0Ea8m14ErwvXoLX6XqiN3ERyZstA3lkS1x6xhKMTL8Jfo7tkvqgAeWI9dumvo4H5b+m07gssi/ehJa/cYOFyYwi9cwAqLExBwWMcqohVcOuex1j1YZg2aY2l6FnO8M98OX+6qwFeL2v5sFwtdXquxpUzTDglai7aftcH2++OuEKmlo8fLsJzE5WhtOsplHtO4mWugKkyh3CMuT2OOdKOj0d5o2ipCZ25OobF5abC1eHd3JD1GaYXbIUnRkfwwRglvBksSX0Db7jJsA4uvn4Idr8nwf7cIk6vtcQ1hp6kUDaRWh7as+D3RbxxWJ2jpwujyKx0Wq6uBsZPhOhjtAv+3ezAc1Y2oKu6OpV3XgdJ1SbKbu6mESUxMGQsCmNsYqh6zDeYeq6D4kYFQ5tXLwSOKUT1a1a01+Ecp1R9wCn3BGG7wUN42ZdIn5+/pb7XGbDbfyufzV2Coe9b8fryG/wlogN235WF6z9n8f0QgnTVC8Cn7XFutTbKxhbju7tvabbXfC5WYEoKkwHhmWYgnuOISwu2855IHxIduAKaSdqsnnqYXTa6UWjqPgzQ1oBfEjpQ+zWbdrr4QMxdL1puWInaEV20bI4x582+CWuXbaMpvWIwvqIaN22XxuGIbNyaIoexZaPgv7nDqHlKAdP/DaHtkxnU0zAJbLR68RXNp3UL8vGTbQjeqzxAwV6pvM7gCDX8HuQNzYlsddgUggdb+JD/TtrUl47X/h0m8SEheu/4nHUkV+DueRqUHj0aztwbB64zWjl48hMSXX6HRw4r41j71+BXdBUdmhRZ6bEuh5ZkoWOzMARkWqJs5gR2T1nMTvXt+CNDnMUNTPCETgecXiwDPFudp3ebQ51DMdYePwPXkj2x6bUU7bawZ/8/ypS9OoFloI5b0h5D2VNpOOZ5h2Ui3nB/ug+0Otxmg029nGj7kZSPjoQ/lrN45Py7jHZSUBX7hXN2aND3pQupIT2M7nu6wSqvS7xh81usMf/IBoMH4PYYIegN302x0l2QWdYGr6UE6It0NLlJifFmjzekMFjCt56egmkSoyHjz3WSmWmMg7bFZP99Js0qeojCLUoY7rgdXBK72Ko5D+1TFGHoziM22P2TBn4o4QmTjzR19xmSNFpLjt+2Q7LyG2ov1OIAcTH4/sYLFT2fs3aSJ5w/qExneo5x8t6X4Nc+Enz7ovFOXzKdyhWG64uCoOfQY6rqsOBynWAWOnuYTpxJ5qLmbjz20ITXucrDuznjIKD3Erdc1mF7nxBMzmhgwcW/SMK+htedrqH6u5Wc/HMxbRYjmJavSquNsynvsQbo7HhM6pPLQdHwMjw8uB6fJ6SQrOMD2hAnCvUheeD/ewt551hC2ZMR2LwymT86HOYsrzUsMuoSVfck8nZtaVjheJV3XX4C0WUjcfsTNf4UlMbyDfl4P0acW1K2QVcY4weaAu6CgRhW8gm0jmriUIkCbloaDUKf1oCYWgFNDcmAcS23OMHHEi63a2PQi2W8aLQV1Pk1onakPWb7d1Nu7CNcfPswZ0vaEwSOgkubPmCG8w/IaJkCK18cRYG9e7k26AWl9uRBTUIJThWP58Sno+Bz80da5/GQs7bOonEbWjGtoYqj3WfA5TOz8ECJKU6eY0/jMpXBUOsH7NhugJKl7eSiHgjbL1SBhfYYaP02AdcfzwDnFS5kdU0X9F8dxHjvbBDJD4Ovx55iW38txdcuAIeuQCx3zoLXn0L40LZxoPlGHW2mLMNNL715q4skCB3X5dD7n6Ev4R8o77yKSy4SV+ZZwVwZQY6IK+Q3UjUoJT+ButKMed0uBWqar423d9+Cqsqb8FGUId1AFXbtmEOVnrcwcKQVLVIs4ymJK/neWW+ULFoJ7Z92cUKkCmxUVSXjafK49dBbPo92mJK4Fs7uWYbXC4S5xsuKvPRCIC1TBh5OGovWssm0VjSFlPPXwpU7QRSwWwXnlUmx8sTZ9KhkiIbum0Bm1QKwWyPP4t1hsOm7Hn8qeoDpfYZY+ukii6tGwcv2bvooZAwnNobww9kfWe+4IF+cGMPWkWdJSS0Fn+Ulw81CL355eD/bSQC8bwqhsOqJ8PdJCtzwk4AD3ofYbGABGbup0tEjMfRNqQO+BUvCqiVPaaZBLcXaD0FHUAM0nfmGBhs2g6jXLHz7eALpx86kXW1CcG59AQklX+QM6TXsKT0P7rcWsFt4OipnTKBp/apU65eCER4ScDMpBoKez6UyuRk8vSYeKiu/YdrwGeh3/cET4rfwmwoDnLZfBPwNXpChZiNdf7mUtoXEcd+DIdrn74+KRw6imPRxBtlwFmmwhsEZv8jRRR/qpqRTaXM/tr+OxpSp4nhntzupV87CmYJL4NpzBZDMtuHR93Uxo+gsqBk0w6aqFhKaGAzVQSVkGpJCPicXwYIbQqCitwNvmqnSj1EDKO+kg9/FCC49O8E1aYbU+8aBdS+mwsvGEVDi0QRvojLoZNpe0FcQ4WyvT9DU/Ii3L/oOAnaPwS1TBYbkR4LfjedwXe0v7C1+Q88SvWD0CX+ccmIrXZbdgN1NW2jMlhdc6mMFJ8e5g9ilYdJOCIbRq5VwQnsbhvmvgmMGiXTOKJC6bbOQIlVgQfwS2BFrDa2zk1G6UQfUF5/jFWLzIb88GZWK2uHoKKI1YeMh3qCWSha7QSYEU9XXJVS78iHWeodyveV8mLhWFczeZsCfCZYgdK2OvX6EYXr4eIjq30tXj32Hg7dNSeZtJMkpW9PhHy9g5b8RkLD1J43boQ7DexVI4HgKdzjbc1HJMpj32wltz1Tyl4uCEJ4zFibZDFG+/j4OK3sG+zy2UXGmDM5LfQiu2Qv4vd0a0gqXwzdZarB/pABar5ekmqOZ/NVdlBoC40BymhC/XzyFN2tfozUiF2D0RVmY8cSTpzU00uy4cLTdmY9O9pUUf3cl197rho8VqrDI+QJvcraALSGXUHd1KopQI6YXevM8pw5sXmuCu5vi+b+5gbj/SyzjJmuQ+H2fneS06UHnStrxUREqdf3Isjqc5As2YM5OTXjw5D++OEsAzlj8xc0Tu6lxyWJctDcbNl1YilZjnnFYdzZmXAmkfIkm3puqCPJZr9mv34b08tMhqLmI8o0TaH/AJBA1VYHKKiOetfs8mmeNh6n9b3GvXB3ueFEH6XLlNNpVGxQOr6Pcvkc0c7Im/0pTJoujoqBxZB9e1z2GU9VOQabjNn5f/4ZNrOz4WsJ42nhmNx6594QcbRnC9DbxS2Mbqt2+lkT2+tBC/b1w8J8nfT/lSK2ZF8By9gjYUiEFa5ybyCB4LZ3wDmHTj8U0S1SPZso5UufJSfA/cfe5D4TjLwD4O6SIzOyIKFtWdihRiYpfGSVKhUIlJUU0SVZKaYqoFEp2hYikIUqElkpDVNLWOJ9zFf+reF4+12cVQNz8erZPUYJ873Jy0JWE7TOf4ZthLX42x4GFV62AGVtn4Y3xQVjb780eK+Vh3IX16DJ5GPaVyuGSPcOwLVkIt42t449SodyzJo2bb1lRSLgyHG8m+DbrHGUXWILdUneOFyY603KMsxTvs0L7dTb6rY7H9BkOagTjrNmu0CIxAYuO/KD3heGQ/iGJQuNGsmLTLbqcZIqJ3aqgG2LGYq51GD5sSC2Pc/lcQSYpTh/FJoOBcObIWXY8mckLBCwhWlseWvq+8d6rVTz1lCGvP/Kd7c5d4Z47BZxpdBDk1Obi605l8JOwR9MQdzTX02dvIRVKTDWAmrYMsmloRai8SRV2O9BJVRPGnOmDxLH70A30+aq5A4K/I6Y6+6FcZi8duDQZ7jgeg+WPFGBF3lt0i/hCT9VukZX0KlKIVcYz76/gvGOCPKs8HYJ229GmQSMQyZ3LbrcUYJv7QvBTzOS1I/rYZUI9Px+nR/PbmkBqqI6HboyFS17RnDH+Fusu3cecog7ftk7AbTcdadjhHj455ASGf0+T3DR1UA9+iblW96hjuzd0za+nty/U+N3Y1fxmry6dzY+CmxGnsLAEwMwjGuw3C7LQjRaO/HAFigpvskPNanL1/Q8OBNfSq9A99HqHOeR/0wc1xSjQF16GbkGr0XziOB6adArLJl+Annsq9DJagOqCrWFBch1VXRCh9qmSHKVfi9s/V/DXB8Jw8p81l8T4oK96HEybqwOrhxfT4thflJtyEu4KpcLmqJMYKCeDQ48Pwt+L09HL2xB6LEbDJUk5kOhwQ8rTwB0y2qw6p4nPNMjA/gFHTPtby0c2D3NgowmMstRgi3H36VFpML7I+Ed/7TLoanYS6a6dzn/2L8Tujcp4bL02ODY+hbyV+mhIG3B/mRL9+/Ceol4cxgrdenBWkAcb31Ru260KXz0Ow+PJ67le5xUsrG2mXosfuMllCi+yeUlRFuGcOkubx0YQPBu8z7o13fC8zIwn3P6B5ieUwU9yJ04pPMoSfTawxyqd78gaQPfzqSDbaMHu+R4sIjaTFt0WhLLz53Cf3A4YEC4Dg5p80j6lAZNcg/iGkAChoC3BSGEy6NtKdV/raPepBjQY7mCR/bVwZtIkcBjRTw4jjCFCMwAzDrzDJ6e3wPqDwXTnTyMeWXSW6v4l4cs3hrBT254rBs1QWb4AYjyJ1wWW88uff0hQXwEGlLvY6OtS0G4ygN8nw+Bschx0bRug9UXH+a14G8X/yqO5Xc8gx6uL4yd/wpegBTtWrwLhX8l0SLmWxOuycO8SEdS5no27c6xQbNVrLOleC64nLGCmTg19fGKOhww9YZy0Br8R7Ufxx3PgrGour2ncydZ/rbCtWQocIvTwfb0ljlKZQw+UgqAr2xIWF7UDrAyEbePFcJ9+MOrFAHzJj6DMyiF6eCEZHo+4xtLvx5KAiya0d1xFgVJGxdxCtARRUL8ZTMvnpsLYJ6Ow6d5SGJHoQd4pNvTcYjxo5P5muaevsd1ZHk5sE6bQ4OMkBarwR/guTllTiJ2Fx3Gi3wi8cvs0NIQ8pc+vtWF71F8KPbYR8HkajY4fwqD9s4GKFKg52RMCP7eR3JR63NU8BSZEKLKl2y2KevSKD97ZgS7rPtDxr7NA7b4FqIqP49bkZfTriRzY2tTh5hPK0HuiHnKKavDwzyu8+HslOaw+T4+36oBNQB7+qdCC/rNX8fn1GJzQqcBHviRC4ipDFnjojzN1dOj03wzIlizkb8WjQN/6A1rpD5Gq7jwoj5nKEkeise/MHlxeMp4maodx/vZEGB+lCvkm78B2TDAuLXrJn99l8NIjD/Cr+xC2X19KeYdPU9XEjaglZQN3C6ahp9s4fPRrCnY/7aDgcS/pZP8dtrqkCouSmniVbxa37hKE7fau0FAUxr6f7vI4gUkktrgOXMQ1QaJ3BLjc08Cb0mWwUkUDXl4Rw8ZZK3BX+F7wjTGEoxqF7P+nCrLOuOOl3lS6tu8lCTycAkdGGOCGYQt863gBZs3URp/wQKpTKsC7Uz2xaF00FMw+QN/nasGEzXUUTYa8VeQlyo0YgzVW9bjwjRvCuGReBT/51ioj/DTaDK7GhcBW9V0wvCqLVhoIo7FeKTp4Lsckz2/oubsYzbar0IMp4iB8OQv8Emtpjv87TJZTgHEx5lyyKRCc5FVpa6AX+b1yxp+OCEupCh6HhUD4P0v+elQVjBbsptwteyguLQJEb++ljO2qqHHdGLbdDuUjvROhKegtREybTVuTXbD9SRRqys9Hwdm7cW/HYZo6aAqOlyrxfNR1Hhr7A4ubXvLXpxrUqpnOOqvTYbbYCG6+PcC7qieBwpx69nCOh1PzpXFLVBTctVlBTlZidG75YTyep0IDWYEg80QXIuJ/4yR8SLMlHRCvO+OaGbNh+TZHDnD7g5KfhPjFuSUsWa8Dy775YnzoIqrI0mStO4X4+Pgh8P0+AWdHLeSMoz2QWiuNXy2V4MlgOx9/7A7r/Ctp6gUR/Dl0B09dEMS2QF/MixTi4UXJtCxRCUSeXuCtE4bg6lFFGv/cFsaXnIZT+ypIQEGT45OK4K9WNc4UVIXTmfkwEk9DpewHVLuejDqe/TR7+hCGRl2lvPP/cUjORTxhMgHuBT+FdxayHLMrC3uDLSDoRRvkTdvAe+eegrKCLFJbdhU+HFOFlkQGmrmbXZ+1w3BnPz3GTNYsW81i1rroObwJj82LRIkjBqClkU+nzINx7k972vB7AL/1u/Gi+b640Xg8lV92hlShRpihzxBc2wjDi+6TcLIueQ1b0c7zORSeH0/ieatwVM8qWDD8FFPtbSHYbCGaW3uT8eFG+JOzn8LT02HSsTbcsHUxHFGczzZKA7CjRAzkf6ymFzPOgKuuMnjduUxOb9azqUUnlhk3g/YSGfB4NxZC7yiDS605D08IhBWtbQznr+JN4zhoywil8Qnn2cqPwelRDUb0mIKL3ETc/UeCpj86S2+zKuhEYiVtPhNHvrP6WE+oA4qOR6Cp7URwLtfkEVph0HTnCYe3mJCCVxYWfTzNk9KWs2/tGnYcMRdk1HShestMWP5YGcYIK3LD++Mc724BeVe2oKzibIz76osdS/rh11lJsDrnzkfeScMDE3n8qbwNV3EDvHTsBO/yCrwhtZN/vENyktUE+Xm/qIV/s6fkU3qoacHCxZpcYmCJo/9KUvXgNMx5KAO3FwuC9cw9oFgrwu/Ta9EoxR6XWuhzZrcIbKebPCi5iwP0WvkUIWTJ93LqaAGuC/Dn5VcPcv3oRrqm/hviA2Tg0VcDiBCeCBhnCOL3VvDTzhoQTluOFHyZpoX24vV9O7luhgxvCl+EvuvMqPaUAIjZTeeFkxyx4853LNp0j85NHuJj7tvx0hxxPnk7EmuzRqDSF114n+HH5/A6Ta7Og12XHfjSqHqwVlsHrfAMyzwLoE9MGZOGpoJmlwkqNwbzuPXzKSAoiHbplKLd2HOQ0eWDgjvNuSYjlo16ZEAtRhk1tfej+PdsFFgfx1cqSlBz+wEqlUiHqqLLVNqUxVuENSAtV4Syc58D6JWR+cf94N7yhKzF3uNHz0H+4OeAx7Md8MtkOVCQ2IjVb9Zh4N3TdOzIZvRrO4HBocto1BwvPCEYybcmfedYeyVw8ZhDVioaKKYZi3pDapgXXAgiL7RwlMEP/BUST8WH/qGV/WQgVQX+F+RPzRXx0NXmxk3P/sM/MQvhhKkgim/XheKMQbqoYAzRmROoz90VjVLceN4JZ2yzTYNMT0tQWvGVleJPkf3cPtrdogxuoi6oNNAA1Rbj0L0/H5Nvv8IXS8xpjXEZjXYdxYVCp3ielBBslFSD0c+IfzQE8squ+Zzj0EY93l4o7T0KfilVcsPZhXA/TRzemPvAy+vHsctEFkpcpnP95hz4XCSGE6Xnw07zGro+/whvGTMWbimPhPjSZpR44kSjVbRx8LoVTIjt4QusS7uKg9GmuQneL2FwSzlLda3RcCYvDgp2/gcRJ51AVymAMMUOnF5ac7OdKHUXq4HF21V0sigbv46vApuv+vxaK59NFxN8PP2IEicBym9WokttU/5n/+8C3kvRtu04RvwRyKVvY4HBdvC8bUa3ZiiDYJkAB6ZN5RvvALZk72bli308RecHuB3rQLvG+/i30RFn78vFh+/NKfSRGFw/rgTvY4Sp9vRJlM4ALnQ7Tx1bJ/LbafZ0MW6QP3SqsbrdMyw5bwtXc/3IquUq7R8cRxaOqrAlsRSUtTZR64fr/P7jA9p/SQ0OvJaGFXJXoNJ6Mhu9XAYZGv2o3pUAt6oq2K+uho6M68HKf3PA6LAUjLXOg/q7ehjo84A5tgxTcgrpVO1kkrhogYNhw9x0spi+0CSAvXp0IPQDb2zp4ymBPjTv9BZ6NL8AROzz+WXMOxY1K2GTmRrwcOV3EFmUB7c+FVGxSTKI3y5i7fDVnG8POHN1OOnc1OGf6zTAJy2FxY3m8XtvGTxsaUPLLwaywxQH1vqcAxNLskFV3pU2eIjBgOsUmt3/GD+aZ0Gp/lmEqgb69GgsP0zJ4SrLn6xa/ZAFpYzg9+IJGNh1AazWncUEB3cY/dsFzLKIV129B3XpXlC+ZAPn1puCl7gx6K8Jww2/hKnvyCgStrOFEUkDYHhpL03oPoJeCzxwTcQkaPHbCyIufbDT1hO4aTTOnjMGtwnu4hVJyvhv7XIMy22i7AFTiOpM4u1hISy9VI/HqlrjXMNQnBihyCi3hKdt98acr+PwxIANqLybQQGxIqjj30RXYlLB73Y7+D/bxyPPllN8oSp7b3In2ZdmkHLHHa4HeoCg+CO8HlPNpRqraePYMAr3yqEzgk788tR5zqvVAj2hUsp+spFuZORgrpsIKZxtpH/hy2Dnj9Hg8noXV17cTcqd4+HPyGbQ2lzGKQM3yFN8GlkcNQKP4glUMnU7lztVUcwGJ/qQOxJKpwyiusxIqI+J4kdbH6CF0QCGW91GA98GDM8WovYHovDWTRd05krQNZcDoCVWiyI/E0Gj9wc2JR2nioP/eIPPbVpd8Y+ny0vCPOdGmHi2kefMmgKaryeTwTFf2iD2GQME3kBP7jXmwkN8QE4HpNI0cW/ZZni8PglG2RznRBXC6omCGBd6k88vy8Eva+Vhp5w+vL4TQGdNk+jU9X+0YJwuT0seAiktRzic6kiN7S8oXlGSMk9awVKsg6h0S+hc5Aql1nfpv4xpnH5gG04UWgGi8qK8ObKWp29UBslYJyobe5/VelzwwOF6OqsvykU54eDacQQyxBxw3ckC/jJGDCJ/SeHQnH4YeCzI9iUJtPbrZX5rIIQNjsjLzpfTUa8IjrYWhfzfu2BRkQR4fvlDUgGnEcM3w7bsP8BDZ+HVuTgSF3OlJhM1mJtmRp5UDfN/HcXGhHQQrXKDsDJdatjyBCtSlkHYbRP+aWkB5zV8ecLKNzBLI4nEDtjBDLVULAhowcYtZeC2K5p5XTXJfpSA6wsKofAI4NqJT/jChWF0U+6FxcLjKHXRE7KU+gzf363Aoxlq0PfYH6eENEOD+2lQ/DQbux55oOLaz2S88gy+StjHo85uo30njWDR3TOwp6yLgmx/46bOarZyDKH/tzO1pAEljwxyaXkP94+bCOO05/LmSf/xkXP76bn5Mpg0sQ0a3/+l5sVLqVstBlIeuUFClj70jXGiS4dG0L9F5nT7aQg0qqfw8U99uHnkGmytnoHpNkJ0oJmgdvQIjM32AG89WdrQ3QFXZw3jk00y8Em2k+LSvjLs6KLoPyIwubUMfwRdJt9bMqwxMI8rwuRAK1qHI7Yas3dyIkbaTsE8GynwkxXFiNt3yE/GDU/fCOONOV0s6ikBK4siuSlnBGVWBPHqcA1YWzsH5qzyBd2GTygtnMgjP8yk8n8mtFu6AxIvVFDKsXDMeWMID+ghKE1upVKh85DwxJ813v3Hl5r2YbGxCWllr8PZN/15VTNAyJ0RXCJsA9MrO7BeNxi6+sRAwmuY0xaYYu3lePS32In1ISrwrkyVJCpXkpl5OG9ehfjqyw7ccH0tNN60Zz2tUjozqoOF7LVB69wUhEvf+Pv3IVCLX8+Thuvo8IQKUG2vgxpBN3xzcjnO1hSChFkyKP12J3zLeoEnMhbg4boiuvm4lTS2j0Gfnx3of+wGa2Ubg/rDblCbfBc+tl1Hx4LlcGXTSNpRqcurck7g3FPlHPJbExrPKcP1dcFgnB3BFg23aMaqo6h14Q4uVq2BRSGb0FxGHuxLunlTkxAkxjbgu4MzocqrF3Y9TmGbFwXs5HOSnNOFeE1NHcrHHCRhaVNg50O8rWs3NQh1U9v7q2A/2RWe3EnnJZMTUM7cnftmTeflR5Shy7QEtRyXwZuBVzTVtpPE7fbytp3pIHC5nmuXVYFQyBrY5WkE5rKmkNKzH+VSTqLvHS/69OoSWIgE8O/gBPLZFMWHA6Rx/4mJYLqCKet6An7RNAL72vto0JbKwwkf8Yz0Z0y4lMxFQV70VUQSLM2rQDEymeYFi2DK+XOorTIaysf2cLpNI0wbZ4ZNU5Ph47mpIBV9DXWHxWhTrBT/+JuBYYmfQfX8RdRJsEEvUsO4WyJ4uNoA1pRk8gqDZJ42ahOkZ/Tz0J2jkNY8gLvLitlAWxCLbrwm6Tvq0Pw+kaVu3uRxCu9Q4aYfdX6+BzL3NHlN8lp2UznOFfUeYNsyEUw/r6EWnzsoe/cH7JgAoCjjwR1b15JWrxut9muAGSYrcCkaQMfaJric2kxK/WcoKtOazr7+Q1c6nXFf4H54+Iwo8ssT3FZoDVOWqOG1kzfpxp9rUPYkEaIds2BHkS3/8FWnMx8W46V6CQj6BJCr9QTtO69A0+BDyF/gDOM7M2B+ThAENidANSRy4wt5lG3ShrEiGfhNvIQadexxzpcaTh5fAH9eiIPOeV9o8ZKA9JTllN2uAAV3Gjgm1Yme+NbD/W8PqKz3Ld66vRpHTNrGmlNXQ4TKEvq92hASZy5hLckWOL5cgd3qIllI6zu9iPLA6MvddFpRg5UNdaAzVx5ErObjmkVjsVnIEU+qdMGbLz+hP2U/zH1tgyULO+B0kSe1p46GxB+RIIyHsKLjPOQ+NQDbOWpQa+KETwVb2dVXCt6v28jrF42Fb4//wOGCIty45Dhf+PEELq8p5R1ZczC3roGej/rOX0IO8XL7cTBdaDFcWhlCM+ecR+fLE3lO6yt8GLqYZlfW8MOixSC+9w9ubLMC87ej6FzoBRw3MxfkX4rAjXfXSNbnC0u8qgXjm/L4b+FFqLouCwvDxFgNvVnhUzE8H0oCR+WTPNtiNz2UfE1HVnrj2+eOoHVdCQpFdKFltjH7L20ip0/XQERLiK69ieT+qo20TOUMWdoFUu5eAahcIAqfMxTAS3E/fk4QR9eL1fisbCYsmfMIzJsDwE94GfsvloU3npfRfWk+xH4IZxX3h2zuKU17vn3CMSNLYf6eR7SzQ593GgmBbms2/w5JpyLLFFwX60EFr4LhvlAJ/efew9EpAiBi9JhNrk2ABLdfvLTzLhuu6UOfm48x/rgP20SqY8ffftY+GgwPDLwpeKcCNMw8DGSzjJPfrIHzHdv5iUAK1n2Lg4kiS6hbRpIPDavDuk1K8DE/FsWm1cOeKCV6t/4HDRdexfKjpjxidCS2Zi3EeIkucLkzCpz/XKdzK2Oo+pAOb6jz5y4BE0ypqSO5eFNS2efFcdPO4P0ofVCsNwGPQnMaGekFhc+EuOfSRnpV181b/Po4OiEE5+3O4I2zROCN3w9ICd7JlcXGvGieMhqOM4FLIXrQtN0Bg149gZIrE/BNshrMSK/g3wf3U+4XCY4UWQWv1q4H2wnDmH8hDxzmHmXZmiXkeGMMNG25ysZ7K0Cm3w2H57qR+egskk6pg/GJcfRMxB6j3Dax5WkFkBd9hZn6vdCh2QnjmuUhqEAUN4kOQqPGI1qyt5Lm65pheZw0lGg3s8TgWRLe74Q3WYk/ia2nkEP1fMGoipP6p/OBJ5Jonq0KtP8OVndJ4j+TKp46byLcT5ZFuzGZcJh3cET6WVpZpoiFUmNgQ81UGPS6jsfUXKFuniT8tzMB9xeI4/6SheCz9jnUTFTEmctVIVtdjNuC6nHmrFrwabvM+lHjObZ3C+wK6OU1Uw5SRmAtFRzVg5yiZpim+QC9nC+g+zJGZS1Znp67hyKUKvlbxT8Ae2vEbaLw5Pwhmi5hBj5nb+KpNZ6Q5L+Tyzw96cakBtxnF8rSOWd5h788RErE89QjfbSnain3eqmxgo8wfdmeD19/trD1Mmt8vc0QHu+SgYJ7AyivsgusQhA6ww+hwfZlHNSYRgde78MxDjdgnMx3GD/BEs75SXNofzMe+5hM+z1seIt4Dr4LMuFZPwvoRcxDMJuzD/VvW0L8yVHQ/PUHd0rPZFy4l6bXbMCWehdyuxeMK2/kwdBbgjfFkjCpzx2NztRgtdwS/jhyLch2DlC6wUe+e34q31hvRz0J1Vh1VBgCmjOo3zaO+0Xf4Ywfjnj1XgbP9TKA031mkG4wGufPsQIdKYYTZXPZZeJffHY+h5xXrCftb/vw25cnsMd2HO1jBcwancxpyyaAe4AdN59cCuZLc/D1xd9oCfqwI2cvku9adL2XglqZbgDOU8GteTHVfopF3eYGeOofDc8vpPKV7r/wYn8kjjLxwgvG4fymZSxspmHYariD/5ytoBsrc7nMfRE9+ugMxaPSsTWykQVm1lDZDAaBnfd5Rrssvtpqx+9aMymrSQXzpjpzmIgUrVxhhB6/p9PxPBPYeNeY5iptRv0vWmwqsxHdYpLx8gVDntfQA6LXNfht/BhWPUxQ8GceRZ9ciBF/G/ic+HT+YlKFNQ8JUkM1OLZLlF57KpPevRFgu/Et7ja5BMcd16PuTHmq3yLMGzuE6dv7fBIQCcRdze54UE4RYpe6cK6QMUgp1KL2lt+0XGkEyraZoM7GDaQ+cgU8yziDs6+Zgay/Jg98SodTIfb0S6YNylWESMNsElU8bSLz/iT0cVDEF6mycHPGUS74vgP8G+PwS0wZxB42BAGrmVDqdZj6rh2EuMB+WrxdDu5saMI1L1fDeeEQrnojC2tnHKFfvSp0tiCadFpNYVHpQQheIwGbptzB6x8+4NW6ufBT0ZxbHjRxolwlfN3/EyaPWE3dH0xgTcE4cLJ8CS9mb8Lmn5ko5l8N69pd4VlpDD5SegHfvj3i9FnHUbZGGRTSDOiveCjOSUgitaFs3nJ+KVbMOojhhdP4yxcv6A0+BLqumiB1xBreWxpDveVsPpsGLO7eSHekAiE5JYedRt7klHZ5evlaB9R1LKC3+zasMr+KL54OwUyZRhj8K4zFeTd4Za4P7jGYxG8nGsO9sUZw4Y4iuby9R96HfeFwnj16rIhDy/qtZLtjLeysceJtL8aCcsBv9hjoZfzriGNmecHDU7e5LUwVDw3MoHMb2ujN1W90Ws0Ahv8rgCVf9pNT1C1I//CcVEIXY8mFIL7fZUCibe84+OwnflusDF9nh1NKgCk/WThIPdfOcPJ4Cex93EQNtl9pulciLrHShxurrSBOoQ+qbIjnTtuD993vUaL5P/LsSCC2fcRB5Q34vlYWlx8cCS2mreg5PAyZZ5JwTqsCFuqM4TA/d2gy1qT7iRFcurUPQ3P0QedJI22utOXY7Xn8wzwbxctb4Vo08mV9FXi/PoHk1GTgW4As5E0p512Swbh9vibniv2hDebpmDRyEFYpFqDrkr80N/0POMw3gckXMnn5ghRy3f4N/qhH47FCNfrXK0ulVea0y51oX5Iq/jhiAL6aEyikyRVO+yaxnU0f3E+yoYCYaey7oQ6TjLOg8e8YMPqrBtrypfDBLRuDo3+gjKEtKPyJp+k1sdg3WoC8elpgrqc3PuyUAUFXF37mXYz9D6Vw7JYM3BpuR6N37sAb04vh2uW3HGKlS6tuC8Dksr0YuaWbK5ZXwvWVwaRSacxuea74MOohyvUBn1/pgDpBCEqzznB8swXuU9Dm3C6CXYVbwF//Ngfpe9CfkyEg3b+b7HbrgHPZLV6aOZkspuqw6+JZ3P19PN/2f0wqT1RgSfIOVPCxhleW42FPTCOWC8iTXPBCbt36B0V7oyBsx3y+KPqb0h9voBdyMyDMVw5+7ciC5I3ZbOgZAV4W1qhuUYrHVYvRUuMqv643pFT/QrrlbQv2H6Zx+98MGJH5hvdqJlJ3x17SxXV42aMKQpN+YJu6HjmcEoH+hztZZmwOnVbMJP/2mZxmIwbjFmSDY5MzVWb2gvYVK+ydjHB0VCTe/F1J7j7GEDx+KdiJrsbmo96YqnINa19t4l/CJXTy6Aiou6QI89PP0KlnG6mpzAZePI3nG8cE8L9vWWjXZk3RIvfBcDzCeMHTGHU/gLe98qcLnzNRpew5R+XqsYzEXWgMy6CQqWIk9k4YLpdocUnQDBq1bR5JVonSarV0+rElmLsS2yB4qwQWl0bClhMToUynFK1zPTgxJ4ieu04io9hNsFZwKrwzr0WtaB+M3zSeRU2Vod+yHQVnRFLZ2RFscW8dfNvwj5xUnrBHUh/d/zgff/pJ4vPnCN2i3RRl4oLCs/ezZY0wiKw9jLENvvhLYSLejIvnRvkaGD/WFIxCOrD0tiFcAHFInfuaPn6dCG2ayXjE+xrtuKPNxn5ryfQTw8dlx0G+RopUNI7CmFovbJ30ig9lDNEqw0u4L/IfnYjKwFUvBUF28nTsUq+AVP/HNOv7T1qjVwcFOWXc5NmNFvuM8eH5YxS9yAwEJ4Wi7tYVqOgXSZfWDFGVWi+i5QArycZypPUSJo8lcGWhNoyb5wXVK2LJ+b8q/P3IEvpm9vPa7AegUduAT1eHgmaJAf68BjBx33cOS9nBtnvceWFxK++yGUVHipwo9MVxrE5LIY3bM0i6wRR+V3+EtQ56LHV7LQiu+gRF+c588aMEbJwtjN5z/ShZ/hnPNRWCG5Y7oXzmIDqVtvBCFudbks6QGJxJfp8LWNqgGjyxEI6Uj4CDSbfR63kpXkzSx2GNIawVr+cz0zfitcli4PfrAO+3U8dlZ+TgopATf/ngB8I97ayjYcOCLV8gvtWAbu5Yx/+kwzm+IgcH98jDq8JA8rbfxf4BtyF1dgV7/poO+J8uuXQtxg0/Glg8eiOLP58CJ4ecoGvoIpKRLngJTQKl2TdQbcduCHZPo937SnBG/GZ6e1oe1NVdYU+BDj59bQO+bu9pvPwLcjc3A4eh4+CvWEed2W2wMJZhjucBeLJ4HLnercTrfAm6nXVIc1kfj38gy52pynjwuCfe0hGAhAVqrGHog5W/PtGNlK286HYgWa7fgxoXL/NigXqcUJUGyzLEIfnoblZKaeGtFev5cGMkPjjnDs9rO9BW5jv+/vAc3rs+ouZDUrBPpQ8Oj/EioUFtPvR+MvcEiPF/5YVUFPkNnaWsIHnNTvq8wxaM837CuFgp2mxcS1/vanLtlxT0vOQBq9aasfzDM+h5XQl/NqhCv3E8bAv/hw23HlNUyk1Qc3/K+gcPU6qSG1qNM6S3JsrkfHosVOknse4jFzI6kAai77t4+eNy+HysFq9q7aeP5V/wov9LODmToTfzH5dnRrLitK8wbJpOHlvf8Cb5oxQ/5iKV+1Rh225fjk5QhvNqD7nDRwI3Vn/kNYUl7JjRhO/95rKKXC6drphEzl9tIHvbeDhRtpv/vdBnrdpyCEtawnsuhNCYzY/h7fvfKH8lC14u6qOMf9YwqduQP1YNkZ63JH4RPg1RbwLxiv4qXuD1hk8Lb4Jrvur0Zbk6xLw1BdX6IyRtu4yWn4rlQ1PscJWFMbasnYYPmjdQ4Y1RXH1aEpSFj/Pjq4nYK2TNMh2ePKD6CAtnhNDFz25w9uIptLsiQHoPBCB9Uh0W6/zkDt0aqhaex8d2TuLU2rnYfWwKte5oxdioFJLdZwwVsf5Y4upHe5w38Yftdlg0KoIsR+9D65JR8Lz7ECUKlpLY00ngc9+CNjS+A+dRJ/lC73WWlpdFt3pTltHRB9H2dIp9480bDgrCj/LJ0Hg/GMeVPqSXBy/B93wB3JZ1iTo9rqKH9TOYWhyHMiuMwH3DfvL/1UlBczNZqnwSLemfC4d+JsI+p1TueagNKdWu9MNAE8b1mpB352zqzRGGqVPvUYod4cyfP/n06yGSGdiDU28yO70aDTE/71HQk6c0OjaIDp5rI02bOEhKtIaAmck8v+UKWEyNhq1gDou3VsMCMea9es38urmYwgLL+ekYJ1jTpgGRMunUdWwHsyDA1z1juHnDaZT9r4V8DZzwWqYkd+f38qljy6Bc7xIdeHaPY321ICDkAknJZ/G9FmE6mF9CM1ubaUXCFO6enUL2v79zxV4bmJM9CYauKOAm/fP8t0gCQlafJJ3pmXzRVgzlymX4We1MHmiPwjxVcyitPAEvg+7zWPV3fDr9HzbM+UHD7fOpau81FDllja374yA7mCEzMAs6Vb5DkcYWbN9oS/Ex5vBh1WKKH3UVRiW9RjfZLDAeqQtS77fRgtK3GHFgIytlDrNtmSfN+OSJaktuwKKRs8H32wfqHdSArpE38O8YwHDbM/DqQDtu1bsP5rX5KLUpnM/JzuaIiDiMPzsWVBMUuD3VkuSH7FnjcQCtM8zhUeZT6V3AeX56VBRH3DeljFVT4PkGRy7YJYW5o73BZt1IzpV+BbKDKVRe6IbGu6+Bc+ly+PLOCF5ZO/KK0PlsVHUHqk/pYNlZS+gyEaTvQdXotWuQmw4V4Z0QIRjKFuO1EedYtVWNxSJ+0HmVUlgtpsmSPsUcv/A/Ct30Eo8Ua8D0NYcxQroUX2R+wCNvFdDiPzWU+M+HahvXoH3pZ9JQmsHi+cpgq5zHG3RO0KvGYsxL7OB1azro++zXNFtZA5cpzcCC3+2s80Yc8jaMpX3HvVjl0QA8ttmObmkrcNyxYTw0PxAMW6Pg2j0fftqhCRdOFpGvoSwYShrBA1N5Ct12BspNYyn65x7AEmdOPCXBqlXSINHlwk2nd2Pv8S0YdmQneL9bgcKtPiy6uQgG48/DEm9r8FPUh9Wd5iStvRyDq2Jxr+UBXBlkS5FLi/GlxEF8tfsU7Zi+Fha3qMKBBF0E3EgbbL6RoOV+mqbxFhd+SKV5T5tgrGoad8xPBYUsC9Aasxdm/Z1JZ8ZrkZ+5Gt8KkaZRSed59Bkh+lLvAXEds0GyVAIib3fCl1nHec2GEeAyUgcTnjpR9aA1BmYfxxbf9bwuKBGn5EvB9roGfvTiMK87HEzFdmG4U7Ya22/nUcKuCjYTyUGnG6thnbMcmFv+xIwb9axqHYIK91NpVbEsfmkogtRbR2Cqci63L10HGQ8E4excI4z4zxa07lpiVb0dRo+pxlVbx7Pzn7cYJn6CnHUryWSvFiQsmwDPnofTSr1BKPh9lX+H3MMzxdfhRYMpVQ7u4XfLS6FBTwLyOq6zitIiGNA2x8VmI2HRs9tkEa0HUm+6ydluORza/hsKjpmAz0kxCBh3kQX037PMx8m44/AH+O9jPAwuHoB2eTGKQAfMfzEaEnIVyGWEBa4pE8Ko/TshttEKLSS8+alRC0SYh7McSJJ5qzgcCzVD2y1BWONyF0TuiuHaIyo4lWajk0I+3VywGdTfC6D1mAlwlPWpc04F9tgZQq/YPRypFELjJOWoSn0X28qsRJp8hHMdEPJqn6BtoD7mZbWB91AmFNlmwVDZPz5UHINPTD7w9NaneNlSFYo3VMLglEc4ztwfLyy7xPZRr+nZ9CrWd//Crdda+J6VAby9JgM7Li3ADyY2sKyzmE9cK4Ui9XX0VXAxm7y0gpoXOrxdzJgTXEbC/rf7qay3l6p338LEW5NJ5esQv190Fm1WfqC2S9FwZls/JrvKQPbKMxB4rYHX618n3xsf6aliBlcuC0DFkSPpd8deMt5kjtKWCBsqd8O7nc/ILicCerRdoMdvAw67meOqhPOwUdIEfXvkUWmXGBgUnKVpyVOg989nvPzWn5Ka35DBjziMnt+BU8JeYfkDLShaZgJ3ul7QTJcDfNPqG+YtcuA15+6jT+c0ePH0Cm6qW40xDo14okge1K+8xOhZFqwTvZiC9u1HpVlRpHNCCO0z7Ujd5SJuea+MronWcGqjFTveOcEBK5VgU5ggaT35Dsd/ZNAf/2OU/CyUC95+p0hVAeid38POUgdwS0ko9pveApX8crqpPgHm+vyH+5/XU/PhhbByngzsNSrBAc0hXJhlRYYrGnlqTyUWuZdD7R4XlN0kSmZKlrjusQSU2IjA/cOH4IfiIzDf+48KhzNAYKQhPA4IRp4lCZEbJXhlI8HzyuV4zz2X46q76erdPdgt+xLc82qxLmAK2l6z4htvmvitmgn0to/li5eG0XbOY7ipIc5pc8OocpMv3cs/QXMHK9lQ8yXIiU4CUd8duDZ5K2V9QthicYUln1bhmH5jeNA6CyKf9tLBByMpM0UHzkWIoPMeM3JSmwDbXTLhyTNzdgzwgHItOwwp9sJMrQd47JU8yBfX89+t0lw+RgQfZhixg4MKqPdkstO3d9x7IghfXHqJ5vqyMO/SJHqiV0g9AT3k9G4mBwqHgMgOV/ribcwlVS7UEIhw9/Y4MLnlhG/KrPm3wERqVJyMy5oH0dlBjCZc3srHckdCbPUrcN8mC9diVoH2pwi2WeBK3qaF7NeVjiM/6sL82kQI1J+Cg+OmgvdkNXh9+iGWSJrR7fPusET0N7gr3oMVm5Zi5vuv7LZdiYdunqLfpZNhjUACKdo00yqD1XzGP5JwkRe13JLmsoC5cFFQmzNtfTGrUwE83ItI62s3j71nR1vkGrjdeA6v1K0FyShNMA3aw7vyD9LySnHo7JfHa8bTaXGxKpkLGJCEjzZf7euEzIfp7BzUwwmSYShhpAaLLJzI7rA47rO35/GKHziswJmvdjynC8tW4lgbC4iomM9xCjYgsvo7Rfw5wmerKumgO3CYvh0peG4CDetADOz4BBCsQDUDBP1Z2rh//C04/+wBOcs5U5fQKDw3249/qeZRtfVM/Kf+nGxkVKExZh4Xq66nxIjP0GotQxfnC0Oh6W8IHQ7C9oOCjL4nOXJgBAxqW5Ke8lU8sKkSDhhYso3+Z3xrPwbUVvlS9b2fPFVfBR4PSEHxnRr6ka/EcniIwvP1Mdf7AHRKP0Tvnmj8Ex+AZesecGzPJLi+0oOiLV3w4H0BMDJ+AZU2/iy17io8EMijUWu3o7/0MUpbqg8VE5U5JNAd3wdowjRdLZJpT+ODL4XJYNsV9P8xjR+XpaF7vBZMFFkITreNsFg0gtPVP5Lf2Xo4yuHk5FEBpgVH+L3OUXw8pAE+j53p49Z3NChbyKYDHvje4Bb+d2cav3vrB9nSz9He9RpHRJtAr7s2n9y9CgwGntGCpmrw+lTOb3ScYdN4MSylLfTPS4dilohAgrcGRi/7TY2FI8n0ZigESA+w8p7TiH8kMODDEH8bUAbPvglQ0nuZ7Toe4oIVe9lzhxO9MHVizbYYkg4bhpc+l7DeMYrUjUbD8S+z8f5aDVx+0Br0DJxpQZg0ukkMUpbyBlQ0sMfLJ16Q3y5daPpeyK3qTzij+grs836J+1aegWKNA7iSfEBwRxFmvdUDl9HjIdthGu13V+dznMSNuakwWvwB1dXqwV5HA9rWmgTxQz34Y7QGzFp6EosX3eHulng6nPGHjWI+0U/fyfRzdAaOuTkbX0hmwdh1VoDrHtBy8yQeDo4Ak+OrOf64Nb/+0wT4/BgEiT7jr2aVIHPVBpZWecK/tsXg4dDBc0wdQN1hD/WsmMo+Dnsx6fZKdsv4g6f1EC73VePy6haQUu3np5lraPrl23S/3ZGXZY0mLPXlSTLzoPauMMx0lcAPNzdhSWYyTru5DH7t/Aap6hfAeYYHrLt5k1FlK6T9ZwZFR3fy+kAr6E+v4aMG8/jY1Xvk1mhNCy/m0on6a/Q6sw0fP5sIp2fXcIViOyYpvIb+2+p8tuIdPA++A5/OubHewTqcefQDwV5JqLFYT/qpT7HifSHUXCjk6y2KoPk8nlqvLsEhzdmcD1m0c40czNtPsLXsLx088Bluqz/iWxXdpOkaS+6FwTDsnA1PXN7hXgFLuHJCl82bluGFZypo1N6PQ986+FdaGly9epw+/ygnuQ9JbPtxHFzZaom9fW9pr703NY8v4b6fMrxiZxrP29INRmN0eHNOH+q0KsOLR7/gR44i7dH0xKglZvjqSDycTZmNLgmDcO5iKL5Ydw2EPqtBmssMOjz5Lw7fDsbHAUcgLkicDT7Mo2Ode+hN4hNeGNLLYhGGkOL3BT+9CmYjhwZY9XUElDavBGe3kfB3+zK8t/wy1osRqJpNgO70PrwxfjGImNrjli1LUfTYQ67PAPgULUyGjxYy7jyGMnJW8GruLVyxyBQ9zAXAUHI+/ZjygFLeV1OwbiXeNjRlmeE+NuwXh+ktNlBw/xIKx9zhmvRYLv0tguEhtaTrPBJFWn9Bwb5Q2OfOcNf+AHH4ElqanAYWKRdxRbodFc2RIjNxWdD1vUKLl4vwrVozKFlSwpOLHkDLqrNQp2kFz8a4w8QTxyHPbh36q26AJfSZpvVYwfRAK44xGAbLxac44Fksj700lcbudgVt5z28I3QAKuWm0gtDc3B2fQr3befgf90KuO3+EIiPX4TjQrezqZUySv2aCFHRP/iK3ARY8EYK8t+l4uZV55Bnu9K1SwKgnttIa5Yboq6/BLkLvGdP0amguNMTFPVOc1/7L2wsiGYsvUYuQyLwuno7atqn8He/cjqZrwsVd6Ig6ZsZfTvVDLnRT2ie9mUIe4842UYdi7sleN25H7TgqAysfajG0tWp+ObDSjg7QwoOPLblyT3HcYl1D5S3dOJz0ZdsOagLwxpjufJ5MhhOzoP5C1fz1d1tmEry+Of+NT5yPYxomidPmWAEll+CYUWlHM14/ZvXrg0lg6abGC65iqtMJuO2p/kcdn4fHT0qAJ9bpTlZ1xJTlVvI+N446vovnDZaq7JujiZbtDSycNJkHKFuBB8KY8Bx7UrWDHWmebFhdFR4Pz/SzMaBvlkwrWklBa8nWhOlDIYXasjsXjX+MvqKN++Ox2W5jjjiURj+ue8M1jtOQ9+WGbR1jDjUp50kldEnoC3iC45YP4F0omdxx5IecLbXhL3/rQF8Ox/KtwnD06Sx8PmyGl66mQxzRqYTi/tB6ctSrLnvzIKPNnMkeNCkbTaQM2YIlyb9wtjJU+lG5DdyaziNmkOWvOd6Mhvc8AJ5WS1SOjQSNPuqKWtwDq+oHM/3uy7y3YoaVJIKRcmHR2FJ0xFcPt8ClA6OBsNLlrDPaTG9dimg7S8+8BKbSo7+4QSzfQL5ueMDlNxhjULzVcDLWxT2qs5iDQcBiDGcSzPSFnLpqzmo/ymUIkxzeK7BDOhTtYWwIzNIb6MMHI/JQdvOKiiMPU5tLIPV+4+BmesKWHBXHPv0pGG77TQ2e/YctOqzONPkP9hkmYEzNVRwSZEaG387TLrXKyEtEGHurzmslraHfq90QM1ER9Lpns95gomspLeJStJcWM5Figae6cDcqs/UbRCHvvvfkfacTA4La8TKoWh4Y+oG6P0d1651hEoba3CRyAdjp+2c0OSNe29EolCcFodNFcXAKepgmvOKzf8twpyhSfDFz5liFmdT+3pVfKrcAkL6ZpDzOpt/Dq2Eq0m/4ETRLlw5IAwisf3cPEIe/e+E4v2jV/hnwyXKb3oJny+Fc3tSIlzXGOSWJWbQa3OLt+kn05/cJPK8MYp2LDuOAoc20F6ZW/g425uEErvoZ58UzLINBN+TQSAel0iSCnoQ9O8NVt0bQ8+/rqCHO4LBp7wIlpywBYkgQxgYsY3TBMZzzMUEtFYRw4lnv4FyayEtFPrAuWarYaSGMkSPuoNrP7aizoavIHZjM1ys14bvXprg/0yXT0xKhthUedD4pQ/a+S/pce536BIpodjiYpoSt5ytnt3FdQueUUbfXXi7rJeCFcZB+4cbPO1VE4+NW8ZifhF011EO/Vc0cvdBARLeX4iZH9agdBrAWLOn9Fx3DHsEzkBL5Zt49FUovKj7gZ8L66hXKxmaPbZzb4YszL39l8V/LiOpUQ4YJ6dDjStCKHiDOZ38FwziL6ewT/kFTB+vDWaKQjQvYT7dmSHHGnIDvE3xKhwMfsevLZ9ywqhdWCWeTZN/ToHYkjf4WX0qrR51jfrEbtG00jmsJH4BtY9uRYmt7/Dj3UvoLSgDjqsssKgiGDa+EqPU8Y/oK16Be7s348npG+n5b4LXYWk45ageTHosRvlzN9NYwy44rjsNHjVKcWDnPArSm8E+foWkOLibYiIFwfm+Hjd8tsVz7cOQtOUThoXe5HP795DLGkd0utEBwtNT4OqzSSA79RT1LHKlzXL7OFvtEWppldONsn84ZbQ3qgS+4pP2d+FTiCa8T4mh5HBFHPWfA1fPRNR/5oIVFf+xs8xoXnbvHM8KdWGDB0qwwnEl/9KRxQKXu3j1ljEK72qDVcmr2e7rThr2y4GCGG3QCrcCTTPk+W6FdObBDdYevMJSRw/wz8T7NFzyAm8srMIn9lawQMEGJty8RZ0iS7F+5gNQBBV443WZVvx+yGuFnkLRxOUc2d9JuiI2cPL0a4yVVWed7hF4/FkgL9OcjtX3wunS6EiQnHmL8gftaPREYZAvu8sr40ph8TEFYHsbSLtrj9N1Z+K7aZPhe14w6O30Z3AQBuWLDzDU/jwtnemPYilPUEfjLizNu8KLH5einClBorsv1H82AfPh97QtwhyVHhxC89WqpOLuzRu/JHFfbhlIPNEG41fpVN84Ftb/q8f2XhfcMfiSum9P5P1qz6k16i/KJ87B9nOO9Oh6Cs9P0oGk0pmoHDGGOz06KUG2g+WOzODDX1Rgp74GzNq+meY7NVLXmEnQaS+AIT09fOPsXrCaswgOJ5RC7j/EvvpHtEJQmeSzd/OYcFG4sMAM8lZVgZF4PQfYfkK5/sVovXoXay+axnHzdpDevxws1peE9x0HsMv3DO+MqWWxxmCQMzSlrNtx9GnLNDgYOcSLVEeyxnOGE01zMXmWMp0+fBrCCjVhid9WdmvshygXMxbZPAd7Yv/D5mvykOH4CJacPA3DC0ZT2FxB7ssqg+YtovTxbAnUKUdzhrYRvnugDuHyhfTU1gjCIqOhV98RdVYOwieRERDmkkMiljKov+8aCunbwqB8GYVdcwThpD20fJYOO0v2w/D4PbAPj4Pl8/egMvI/kvopChe8T5C3yVjan7iNL77JxDAPS6qYlg9BBzaw75vdPOOYC24zGwXL3XZhtfBkWjt3N2SfyMNFV8Nwkb815NQeQ5lN21hsrDeEejJkrl/K2/VFYHqNPNza/RLTVnWAPFSw+q2DWKTig9Mm/ETDfzIgX3yT1PxfsGjCR07NtwO1gXRo61cH7Q2j6On82aA/ciRnLzQCYe1aLpdj6lhUj+6aZ+CBegz2nnHHya5RPEZhCfPRh/glQASkvWqp6/NOjEvppq3CDyhysi4mPP9JNVN+s+SvBFwo2kC/NabC7DU+HGC4DnoFvcmVdUHrjz6Xp58Fn6fzKXbtBT6gUAeP7FRAnQXxVHYhFNTv4LYV/TTxqARLPnPg5HQJsB5lAJ8IsL5XD+J1TrHKMzms2/mGrRcoUomxHxu9KaDaO2Ewbscv3puyCT0WKkCjNOLWJcEU7nMAPQ7tI/PuLNJo/o4GxRd56xcZcIvXwVNj5EE4PY3XuA+i7Nr7+GrXd9y1eYDq14rwZoXF7FD/Fh6REb5zUoQVP/X4XMFhpvmydKPQngUzH7J11SQokiiha0ULyWRCDam4EfTtm8h2mzzZM+gz7HkV938c2gc3EI6/gPHvsCKSlZ1kzxBCiFCUUVSaWgppS1tD5Fcks6UiiUpDKQohpVAoK5XRUAkNKol0z/++iuc853x425zDmLNaEwXKH3LOkjh0TqyjfLFxQFle+HHAFTsL3WnXtc90aNIrdp/qBlNmTOMRa+7CkoD3mPNPAs5aqeL+R3O4sOo2BMxzoczAYXgw4xdody3H9svWFCaIUL5LCqY0tXBAawOlvL5H0mfnscaFCnwx0pcCgqeTxIHXmCzxBvIkDeGi4SlUGahHf/VHNO5sGPxsVsa3k9bh35i5JHtTiOovHefmSQbQvTObWtdPBD3L1aDZnEt/D0zl/KcS0DPoyQdTAlDtni5NGwlw+L8sfldqTMn7JsLSVHfOTPWGUt3TYDV7Pmzz7yPh6gXo0yAKq1S9IcbckJbklXFLkTn8eLEP/lrl4to1Xhjd9pzmUCPMD5oAvwvFuKOunD9dlcA327yoyzYVfDfWYQLewsMVLhA3vw5nj7KFgQ9f+XvAObBRzoCQmI8QbZ5D3iyOIz8awhztmXjbzBCIRsGVQmX+87OUtpbnoorSGf4yT4K3D3/BwHFaaC1kDnJtjiQfJgtBSkbcaJhL9zYpwLfBTRx/RA6CXSI5zN2KQ23fwE2pP4SjAAKE9GH/J3MSuHMTpZu/kv2DiTRTowEnzFfg40+Y5HSiuDvBAAJdUuDBi+doeXgPHgn8xuLH1LghoZiGNxM8nt/Dik3S0KhiASPMatk11wySK93he3A/jJj0k7ocH0GT7S6Gjbnw8/1XtPhrDAf/eNC1fwdQz7Qc9IzzSH1zKhyKaYTiPT9YwPIH9x+SYf9CAzgiOwozXumhQuYFmjDyHLWWXyDb0GqY/voH3xRVozteiyFp9RjQdviOSqZXcF/fEnRR+0Pbd8uxuqg/Rcb3U1xtFE8ccYh/q4lBdcocOJOXDZm1nbj1v238xkuC82b0wZj9b/HYiCGY0VZF+qeV4WLfd86ZJskNUx/wjvgMXiz7iyvWGNOzlmiakTmfA36/5oA2O1C3PURf6lzhjYESn1p7kBvvC6C29UK8O1TDmwW1QKFcFV7EiENS8RYaSU60PPwrSU39xKs6emFRqxAc807gEX7W4FM3itr3qoB923mUE9iLHvkbaPuu5ewpWUCRxYkQau3F9W/Lqb9sOo2/ogvbtD/zZofztEPjP6qLAEhcf4fm6SZClLcqX3jtxAsEBOCxoznc9RpCnT0FtFtmNe+NdYTSY4HoeHIpiep9orqmZticpMuPxGRBeJQh+NyTQwXNASy9dQA18hrAk3zZ1G40n/NcjeGYyC+XaYCW9VHuLBjAdVcl8ZXmIXB/6UoXLpxh+1xH8rYLQrHfAHamCpAQe4hu/5kKkD+DjOu/wwvNL6QQPBeWKDoRljSjoLUJHtgmBOEj/aDyTRAX7P/OIi0amNvgCT17G1j0QxevWNMOUZvv8ctiEVCKDIfZCjvhyqzfWDBHEX5LZXHJv3bwcVJCsY22eO+NKNXe14GR4k589r4Jt+VvIG/hQbCeKA8TJgTxlYBBaM2PgJhLEZw4TQ2CawShaK4A/9zeQ90hnuCndRVffNhKwcZnwOzrET41ZzK+E9eGS/0ToataGvR8cmHJ7xB+a7ERrx9ay5ed+qnr1Hm28ZlM7d8R2sRuwqLz2ny2sI20Pc/DY1N7/KfsixOcwjjs9S443GdNwTUyYJX7ErbUyZLM1aWs2tYJyt++08XJhMt0p/LabZPIKCkQDouoQ7tqKvmMdIClcyV4uv9LIDEZmLFBlFv3viXz8/94Wv5LipIRhv42D/ybkMhukQJ04o8ZaeVPxrvne9hTxp51do4HMcEifHlgAlQtG8873j3g0YZFYB6tR7RFCQVvt2IcT+BfMWIw/nUDjgseAflwmB1+vaVpzidIEWMwZ2Eob+pL5n+TR9LOwU9cVj2P9aNlYYv4EIaOnkELo+24uCmIA+YsZN29W1m5M5WCvudx4xMVjEkfD7EqXaBgaktdfSd48Egxuu1aAYNUBFE+/vB6jS+teNqE1ZmCsDlsMrVO2ktxNfe4KmYzKQYcpPp3AXTL9RF5S+xm+1AHXnnUBFJeaiLM1MSN7qtg690NOPu5By/JW0CXwlX4/a0l4GaiBO8EteF6aTL+idbDjw+OoMqkLDxWVIhn7q/GMNt19ORyM7k+3Q0f38lCiNcgzBLcSn6zEmnTYSv2ldLAg41G1HpyFPyqcoQdTiLQaSoDDnuncqf+W94i8pE/Hj6G6x2XEgeJU8efckz1HY/qKhXoukIJzC+HYVdVH03P/cP47zI7V1qS5fFPMPRAmSs+PkF3sU7Y4UbgUHeHvC9OxsqqXfSksgJ2bDfjJTdj+JByCo67MJuDH2pxDo2BTaZBcDbxJj2c0YJXXJX4peIYip5qjVZpH/jeIuK9ludw9XwduJ+SCLukV8LX0DgYcD/JGc0qvHmRKlaZvKPEkdth37ME2CqNoLKqBbsjc2n40w8cY/OXd0TJUeLXBMgOlueihZ3kKyzC765bQqBDA+trypO8TjsPXnWAyyu76bTZU6g3NQFq/A+uKl/jA2dl4YhrFrZuToACyTJelWQAZn8cWdzIm6b61IP9MT1eIjEO1NP1oeNKEPxVFcSpUyvZecV2Lon9BHr/elBt31cWC0vC/mMeUJ9kDxNn57PE2CFov9qL6w+2s//03WQmosJav5RwwbGpWP14P90abwpr461A5NRE1v2jwh/f3IOsmrXs+uYJ54+twtn3SyBD/DaseTweYqrvsXOMJmwTC6Znx3N4q2QzfNrmTVvthXnulsNYPKMfvMbpgkBSKcqdlcKHrq8g76QPWVYo0o7P52Fw7kmaJp7D4c+1MGOPKWxzeA+FIe9YKPIfaR7xwt1XCrju6Q4QaSqgda6fWTYokHfOEYLfazxheOwnvGt+G2ePn4InRO5gWWkR+chdYJ0LgEeODpL5XHP4+U6TenOV8cjcqXg8Sh61nqpA2MMAzh0chX63btK2CBEwjdaHt4KV+FdUlrb8m4v3zwSgjHoS2sRkYqm7C7h5rKDCm7dwxIsxkHvRAgbOjsLcjK2Qmf6U+8uXoJ1aJWSojac9davozKoF5K4xDiZgNXq6p7KI5F2Iqp1Hhk4HsP2fDoedMcMtob9wb78XTqoSgfj/kmFawEx6V2qGutMIPGdmQVuZJkv9m0aqDVvwx4e1uKBdDDZfPEChm55A/Pw6HPQ6Dp0JvlBzrAUeb/2ESQ0NeGlNChyfaQOmGz/g3Nxski4v57TB85DrtxpUm6vZ/r4TX5IYIDEhc0z/MxGKynvg36Mp6DAjC+QOIApPUWMJRQ9e8u4ifx0VQe3X+jE+SRiuhHxm8QkVvOZkEpfPBJIye02Pr8qQUrYmPTlliL7qlazRoQZZyxsw92YN5L1uhICyeur8fZgFRzuT3+00Ln8VhMsVB9hDzhLUcCNsv7EJhAqeY87JCrwr4MMvH8zkIuFHPKT5HvMjpqLnXSUY1vehJ7X6KHbfhJyeTyX5ljrqCTAGJ62JxLF/8EpiKlXMHQlCJXLYVGPGYtEmPKQSDlFrblFrmROdPDIPojgUa1OWYFG4BSwdmofLHZThv7Cf7OkyjLcOzoHz1aPB5cxecu3WppsjXXAwSx7mgRVn2jlwwBwZENkRxD99M3h90EL8IrAKvkIz289dxQKFihCfnQlmrfNJ98pj5DtlUPNLiuyTtlN8dwcPazqTrUM4GibKw1iUgZaZw+h3+y/oP9zIcR/E+PZ7fZp0T4rezL2P6cePk2+GEVy++oZ+ePjC0t7NhIrKJHa5CkrMlvE+7X5+Pn8V/vPbjU0fBcEk8SElnJOj7wu38QdVDZBX7KBo+bOUa23Kc87FkrL9bDDst4YSs3CuCSvi2sIS/LonEasv6sG00hHg6nCHFPbOYvqpQEa3bUDs5yaU8C+itfXH4ZpRDc/IH+C/p1pwwfPVGGpaS++9LtA2KQG4FbEQ5nXaw/J/0fiZM2DHIQO6eaWGtj9ZQftn3EPxo0dYtEsCdGEWP7nRz8Vr5fn6xq3ceNWLGx87kFzNODZdu4yny9tT0FVl2O6xCBtNS1nt8ykS8b4OmwQPwOR7ynDkUSu/eJLPwmUMD/arw7Ix9tgVB/i02pkqo6UwZEsBS/fEUGD/bb6+sgIyi/Oxpo/g84oi6lkZwiS9Ac/JvIS1Un4cvrWCFAcQxm0vgF85W/niFx14tiIEd1mmQYT9dr7wppKKJ72i2B8iaCxehNufzyb5MWFYumUUzPjxhcaGNoGP42VUe7SRMn70sPbGAozb1EB7XGO5f+NpupluDm0f5Tlp9j+ObprJ8eZrsShWkqTfCEPwk04m4+t0d6winXyrDQauZ0GnMg0boqUo3i6ATU+5Q928aNYWu8/mF2YB1j5ny5OScKhFD6q0K1j95TL2fdIOrdszYMXdU3TqUCK/OdkOo48IceSq8fCvzpYOzpEFv0FPvFQahe//XgC7st98P02cvL26+OHCf6ivOwrcfl+A+K8yOFzym4RjbsH+S44oum0H1L1Vo5VHbVg50IUWLpCEclcL3pS9BU4XtELBXl8eenyRPw9chpxRsii0NQFFZglAI+nBk+zH6HplL9xpzMMqh8U0/nA/vF/aCTWBNnRs4DaqhDJNK1QBj6Uvwenccn6+xAzbd02CkN2euNdFCQ6pytHaPfWUMsoA771k8C5/AKN5PO0sHoZucztS7XhNMwtk8OI3AZbWceB3Led4w18TWKouhxf2TIHpigfR7MIJygg3xZ/HJOleQyo3ipbA58wn+FpWAoxTNvPiN8aweOwN7j+bBTlNk6G32RO7rQ6x91YxGhkUhaUzRUCnr5SqRhhgQaYxe4bvpThlS/A6r0j/3b/KXk3eWJ0jDdXXZWGK1SQ01daj9+eXwqDLVHZR9MBEpQSe67sFDg/Y8vsyaRhYYQuhXpbES33INGYJbV58Cqxq5VFv2SCv2e7PXuHG5LvkHu8tnwA3372g20sPYfJ4Oe7tN4P0r9dx0d7ttLDvIkRE7KPduafIeJo8CKR3wrgT/nS/+C5+Bits01kGhy1ug9vaGZx7WI/yHL5CUbwaHDnRhJmyTEHRq8HIuB6mwlrSlpvBLUJPOTY9l0NzH8NoZTl49rIRp1xwAoHbO9jftw9eFHSQf/04vjCjEJeO2gK9MRN57XVVmLqlnbA7hBeFiNNEgQCu/ZcIf6I+Y8udYbpmYYyt+WHoJDEeVuYq8YJ4Gxo6XYgB/tcp+OVldM84igUu70FJZhZtWBYJwTsQurQPwvqKZ/wqQh2OrrnNBqEfwbF7BT/IDacKZS/u7bJmP2dJcK5zwNlbZ1J09myK+KZDQ9dc0XZRP936dIE+Tw/H1gVvaU+GCYTFFsB4yWoemnYdvP/c5DSDuXRcQYrzSuawRv4juDcmGXc+lQYT16dk5HwRK0fPJYPF/+Cegg8k3MpkjSAlEBtay2riL+iDqzwk7ZtEF7uU6NjpkzhqgwTVHh7gRucP9GJrNRwI/gquIm9g3R2CJfL9aNT+HV83LYEPRgN478oQc8F0nrVrEfQ6jkP14QPQoGEGkTuV+XvtfVYUkGYVYxEymy8L19IPoMs1V3qv+Re3X5nKAg+l4e+1Q2S18jabai6Ff08qaa5AKDprRJGZRjv+arfD//bLY1WdClir3aax2zuxs/U9aGYN4tpfq2nARgEujSkEdyFGyU7C818YHgR1YSR4Qo2NOX7+VchnZy2HUZ8Ws+52pH6PWn78bS+4NytDu/1RrBrVjyUfu+jD1O/kLyRM57zWY4xDFIuJPkc1D202z9UBo7VSeOXgbjhwqBjuFV8nT7/vpFY1BC0FoSjJuyho2yCM1bcEvzWyrJ19Cn6rd/DBmzW82HA/5yn6ULaOLSicEIGaecwJiaoQ7dmDparZZLnZEi+dD6bWypvcXbwH4N5+0r+xndX+RsOjNh04MVwD5pXr2WpEAicfOgefLyjiqXWy2F7aByc2zsfTmlspWlgNBBe1YefBG2yZfozMzs/DAN1SihwQhbVG23FQWRFmqc4GFzlhkHLXxPFunqySm8tZDV9ZK9wCex7mopf6EhK0EIN1yYeoZQLB25m/0aLwE5xtikT740rkNWgKL3O16cm3nVy+HxjVstFOTAu+aHpi8eEJ4JUehZMd62HOliCSmtGNDRVb2GX+AjJz14byzbKQc3Ee5q6JQ6OHE3lFgjTtvhKGln1alDL9C2pcHYl56eE8/ackOLql0e77cWwsFALN2xZzfU4bPX/fRBu/BZLJn2tUd0oKV7gowwR1X1ztMZIW6UfAxsOnyXD0f5CgsZhkrjuSsnYo1f5K5BW+opCZYs5aOzaSV/RPjvfeCSu2HKIsMw+4aulIe8SXsOTeYbwpYw/GC77w4Oz16LjIH4u/LmXZwacgufUGFM66iue/XsL3R/fD0Cw5UP24ko+o3gBrj5N4sr4ev9sW8tlp0jwkuQQ+1A7A/lXTMWK1Cmh9W4YWzUac11pPP69dB/dfSnQqayfWLoqCM6VVYJInw8mRCjB/vRC+VxbH/rQ8uv1+LK1VusqHovphTOQlkLdXJYl3c6huogGs6ximVTKCaFznTZEmCrgoNpMjNkWz13oVNg6O4Xu6B2DyUX1Ic7Gid9sJi+VS4FjyWX57tocmjiyjcKs6eOxSjxLvwhjXaECFynZSPHIAfl+8i1sq/oOg6M8sceo2P+vLobzeXfz3UxdU7R4PM3TNaW6yBgRNKMA43Vgu3Lccr2Q5gsAkUahv68Gsw274vsoWUr/mQOt4HVybNMTOx71oRct/aB/wCHPK4jEz9zjnZRHbf5SFoNczafr1OOSvf1hyVQcbnfsMGwYFyHD0MhJtSIX3rZep344hcdMYnCXFMCytgWnPVpLRVWG8v8oHjHdPx2WXWhjPbGY9CwEwEsvF4O5nNOrYHiruVqOrze94rHwyrbtqCPvnGBDNKSdv/8nQrycEWvv3wIhn/3H+3wRsS7IkO8863P13BNt2D3Fiexx7/zSAtJZhWu+QRyID7fzhzRAkzhXnSRpT4FGfN2xpXcg0Yx0eSdMHy9F5GFL8FKwvaEPPwFtYsW8iYpgAtT4qBivJhzz+uCwV7BsPj+PswOTqdgiavJiP7zVB/cBOOlEkASZrlv+/QY1Sn8aHr0vCg/kfIK9tFtxeWI2auoN4S/swzPXsoOHYg7jqkgk5qEVh2QyG9S8uIAf9YpsNI+jz6iHoG66D5TGZVHZuF/gJWkLVncVYXDEa3l334qSga1iyKgqDtJ3xvctySjS1hZ0553lBnDmWaBpx/6ARTCQBvDgwBZPe1LNmpT29OOSJ8xQCuchwFFhpL4MeiVRQvjMWxAoMyMPOC+P3DHCzlRIP9j9EkwVfKCBNGfMNJvPX2A/oEywNEnWifGN+P6qtcWOKlcOHXmZ8dlISFF4Pp2NvF2OXYgXfCZOAgoNnKKBTFerPl8LctmdcsEgOylrmY/eOev7c400Hd7xnUV1xeDkngA71+VGhoRpvnLISNf/6Qr+tCWZaMNl89OKwnJf8KW4kiPi7YPuvPt77QJesCh5DVowPm2Vnk71iNK849BY8x+8C11cIi5Q1eaWYDKV6C+AmvyQE6Y/Q930n92gyLBdXRkkBNXr2nxB0mI/H5Q9mwLqjjO4910HB/RY/jZpHCk52kJc6m35XVnN2jwGsHJyAQ5nvwSjGl+/fSaLCDAfoy+wgX00HjnKK4yN5ehTQYQFPPynhkpJ//PuEPLiP10UFciO5KX+pKegnlyQ8A91VtWA6WgIOTKnA+uBteKn9HxqK/iZ99fXc9nYV9PXqQ1eRJ755jBiUaA8/9wTTs9uTEEbm4oPCJ2SrIwdvUxV4YWoQaFxyAN+/H+mJlT1Mb3BggwE3/vb3Jtycco1MW2LZv2wUPW8L4iK7CP4gXoG5q1RgfuknOL3uBZkv1sfZD0fDt3PToTj5MGqeVcITWfdQwv42ClbLgV5qM0+8UoaVqtms2WxD59OicU//e2h+bIWH+0/haZULYL3fDg6s2sgvAiexjbIZPFp1jFftyeZJe/J4v2UcbHr3k08eX8sz7wpB2/2jIHxdE4VeJvCcy4pYFVbDW9paadmyFhJvNOA7Is/xhr0ELPd9DZd2xrDgtGBSit9BpkfV0HX9W55Yfg6Kp3uzvZcJHTcAuBK5jV4dXcTZdrno8VgHKi60wmnZV7iiyxIy752juLe7OMVbDdadUIcfJ3xZ3UYL9MOfUciUMijsHeItJ/ppg9YIUP7WxQ3rZEDh2QSQCZBHAeUTLNxxG9TTEthRZJDVN+dgiChiQvw4avihC8GS01jWA/D77bPQukcWDx+dzfV6UWz49B8JCQrysdMSfG2VCayRqoS7DbdYdPJFFH63gqp7vMB7vhy9dIpE3isPok9HYJaUGZx1deSImFvw9XQVPupogqcP2vF5+Do8KTzIdbN6+O5MeRLJswC3e3awqXw8//CP5fBfRTjCsxQv6juyaXw/WhjHkGXUaK7XUAFzowp+s7aG5rZVkdyacOB/8Szs6057QhZSwWYTqF2Uj5vtJsPeVmGu7W6gwBUb4e/vTTAw9IV0aRcd/7wUXh+aRWAqzsqecvBo+UMurlbDpCONUPr3E45p/osjzJ5iXrsxqQzJ4MndD/izhCAE/3cdl1Smop/TDjj4fR0Vm0YSCwdRt1E+nn/oiPOjnNF5hDF8rZNjBw11Vix4yFMr3PH5bw3MmFRPtQNeaHGnDV3ax6NosjF83NNKP0LFMGCZN3f47IDGpZnoH5yPf/Wv83aRShAXNKMzu8bBjat96L1TnQM2ncBnC5rQ5cNS3r2plso2FPFiz2Ns+EweesdZwds9YfDOSIg+D1uzkKo9jHg8nZ9/O8ChezxBNlSaF6Sk8JULQrC2MAU2Xh3Lh44f4zPRc/DctxgYvrgPgj8fxBE6NZA0ZiKf2m0PJmeHeOyYYoCV3iT4bBl96d9G9M4IZ449hTcdL6DhiSR+9s0IFG/V082gRAoKvgXrl+4E+csr+MG28ZDifINe9lnzXnJHU7KGH54nack0S56dEcpfx1WzS5Qae761peDef/zt2z5Ich1L51AARlqvhgVDBXRq/HEqEzyLDmk/4Wu+Oqx2XsRN1it5p/Q5DI8zBYOGD9x4XZe3enVhYlcdO9wdhQeDb9NrhTvoNWUB76keCWabENa3e/KLhOPccLCMXjSvxHX3nvPGW4NQ9l8cec98B8X2XyFRRg7+LRrNUzq86Vy2Or+YKQxr5/WR1ffvkNP+AX8f6aJx9pY49Ngeyr9/gWDX7aSjLYyb9vXibM2xVJkYzMbf7Lh+uz10Hb/LL4MEYVG2KmY/1oWv5mto7tVeaptlyR/+dJFa6l1qFQ4E+PUa6t4aQMm4BP4xmEuRl+OouzYebZbrQUqRGhyEe6xwcjEYS29l6TptaLgyBfOkZFgkV5Ubt+7EE20unLzyEaz7dgVnL0yH3A1beZbkZFiwzxU0Iqr4RpAlHptuSs8VDlJCSBwld+mB3T1XavIZxa57NSH5yBfcLXOXhB194MvshzS97AaEzYqj1S9V4WCSBxvetoXJKtawX/QaqMVass/urzh+hz0NzOnkbyWnYe/0JuhRiuTn3b3UvXkyrDg9CgOWKHLzSXnwTnxDIX3KfH5tL8+bNQUalmvyTbdc6Fk6ES6OvsS/H6Zg5isD2rR6CWV89oKJpsK4o6UZ2tNcOKbpDO84y7DaOo82nI/DfM0fZNn4HbRUVnBJpwpJLJTgj9IR4KEUjvnLJGBFlARMH/eUFfdth2n3NXFdzFbcsWA0Ky9bBFr94hThXUEhb2XAdtVIXPj8CBW+tMcpB1JhS9RY/lNgwv6dFdy5RgCnRgey6SJl+Nxfy2MNSnHUHheWsAVWHJlJQ6Gx7KexHE841fHfnQ9RNs0GdvpOhuuOUtQi7ktrM1r5nkI8P15SCXO+9/L5i4tx0sN3sM9BGHQsXsH3W1qQUrOLOV0c9599iR73NHhS9Bay661H/pGIL6qEoCzKhk/E6ICUoC23P0jnqqgdnGWrxBK/fXDO+OV06/oI6JeZDIePjWbJHwr88J8h7ZctRTlhA57VNB9euIpxx+Aa2GLdR78kdKCxXRRGT19Niv/sacDWDQck72JDZBA9CNDElsYIzhbWpeVXDGBLnggsCHWjnBtqcCJ6Mhjle9HQga8YbWBKIrZHoCD6LP00mgitFq6gc9OH8j2TQc+5HocfC8KIwPt4ftRb0HG3JhlnXawN1IIrOT+h0eYNtLy/DRVB32HxrrdsZbIGI6fYk3erBM323MR2781A68FVEgx2Z2ePbv4p5Q1Sp07i3wUVNO5nMhZYbQHxgBeUmWQJp+zk2XZbLVjtSMfOC05gGdgD41p8UD1wAFW3+bCeVBkuXD4alpUfBPkXmWRt48qS8mfoRdE8dMsSZOE1z/HufX0Mf5yGQ97SYDhXiPQ3bmM9v3e0wWKYTnRd411O6TQxV4KPpW/ig1fHo4CpJGwLq4Dqx114edclcpLaDgp6i+jAkjQUedTJESbX4NOW57z+myEssXkKXPmGQqd50CtJB3pq1QLq93uxss6ex0rsRteq7fx6iy5I3imH+faEf/quoZ5gBXwJUWGTmiP8aksWKiZNhDXzM/jPZEuoG1dA+rNm0Vy9IjAKWUoX3hzg0O0vKXLLRPgs9wqOGOZi0xN7aBNKQfnhQ3zEMAdqZHaisa40uP/8TG8fhcA5/Rpe8cydf9mNBjGTKHj/fCOaHs8FcJ6KXdGRuGrUBth3Xg0rjorBhaVa1D1vFLzQm88PDqygdX+mwOo3zRgjnUdaWM0aG8wgLMIT16p6QV6sILxN7cV4v144emMMysqo4Is3m7B1Tzp8HFqEbabnYZaTAZ24agQb1qph1i0VTodY3lLbhvGl5YDiq8nklQjkTTPj8QJjSPSbKHSnS8KzjcvYcPpq/pXhTNsis9lUPwSHpjniGl8/Wts6hncfFQGYbM7xBi7waIcG6IasBMlPFzkjyIKTrArIdK0flrbMpaP+VsCWguQglAuNbvOgRO86vjryBz99Hc0tF2qwoTME7zkGwav9DDfbY0HrTwoZa4TDhiwt/u9ZKtxSF+Xld1ditOMfnH/wDLs9NQK3WMRnl6Rhg85VmrrKm8Y4JWCkgjJ8CU7iLNnn0O5mBr7BqqAedhAsny5nsbFV5LdYD55VebHJud84bP6Lt28tZb0FoWw52gL+KRjARJFTUFTYw7uGx1D+FH+yUt6JySeOsVLsMgi5Ow4/JxqAdboZdMi8wHDy5HlLE/C7gBJnRmylsm3RFBu4GN3UlSmtfDJUJLbRg5VOPFciALJ9DTBq4CaoQjqdeDiWb3Xps/e9SmjWnQDek4foQ64uusf2Q3LUGnD6c5zl7z3FGZt66ciV41jle4puF5jCcynC+5e7yf5ODXauDOfBbzVY7L8FRpz9i6H4AIsKzqGahRgYeKpQhvc06M8eAZ3Xc2DrIjXUclDi6REPKVVGlxY8baRnzcKgPv8W7J/xnG69e8GvRjZSqsUlmGtynufpjeayoOPQ0VQDwxka8CG6mhYMKmD541rM09wG/s1aMMfhCaO1DBssOA2v6ybR1b6RoPPfaeyUkUTBMeOgftorCjrtzjXfuvDkeoa2nnrO1HMHSYsJACuXYmBoIu9bpIIqdgY49eQwBM1YzHN3ZZNS82U4bfCCR5dbw8TDBfzgogR4/VaBWs9hHj70EcsUi+hTpgn0il+j9moNbHcZAVt7prLyuliYuXUnCX2ZS7VrXGDB6Vds3n0Bpl9Oo7QR3mjYaAqXr5biK9FHVBXvz6ntWtC4+C+c22QHq9O6OGaVMTq91+X+VTrwcVE8pI8/SwsziuDT2xXs4lhKtyzd4PLBd3h9wJc3W27H6T8nQO/xp6C91RF75D7ibl853tLghIc+XcARczsw2fYnqylrgsmLCfDQeCNu8IhDQ/mTsHK2Otr1mcK5h/ewLNuSv6qOw6Z1Fqi9Vw66fwWjU0AzXhiwxJkjbNDt8xlyv7wNwqQmgcbnuTRTZi5WKo2E73mitPmHLsbtmkD7dE5SR3UgQEk3GAZE88mQDzRqzXZcM3kcTJqaiarK+3DW5y/Q7LiJbsso4uKV8eTmdpfzL4ex/4lwuntDAwyOVaHCrSw6436Pvjh3Ut2FU9SzxphvWO7m7yG5PLDvBjZ8HAPzXdJoqdZ0ev3YlmVfy9Pt2AaoUwpl0bNeYP1mEpxxTIe4xYZQJT4XmkQ+QeXN/Zw7fzPHjFrFhr9LwELQnOeuXoKHMgLx0zhbuEdj+HncYTwl9QF9rRpIUusCW725xtmVZ2i3byL1FKexrzuCUO1meCi5k3f/2U+pi55ge88P9uk9C5Z0Bd5Ep1DExxR8ulcXFDtF0a58Do4hTTqVu5lfXXEE41UOEHgBQV8ilH0eFMLoG4JwTbkbjqtuQoUIKbi+czFXLX7MkP4E9E/F4sK0B7xt20yY3qENgWWKmJ2eQN4h2bCknHCr53lyX62IZzvWY8HOWrr7RJcj+7SgSHcIhdcsoVfz3fGDozP2LHqK5qW3qDfQh2zyZdg1uBAdRKSgpmMtLnAop6Dtavx5MIH0TC3g4gJ5qPj9F/d9+0bZP46SxihZcM7XQ3r9g/rea+PNnqU4UCrOG8Ne0oJ3gtQiakOWmTn8ttMSNny6x4O70sD0YiixwwQ43dEBykHRsMr/L+WezqH4VUrY3awMqZYdFPlnESTGKaDRIwMUWljL0dGOOOGjM+DybFSIq8JCUQ2oSrBHFZFFXHg4k72bFemtWTJkp52jtYP6ZFGQgtcTcmnOLyEw0peCQtk2aO1uA1NpebbWO0u3SwlHm5qSUn4J7atdB96CotBh3YZus23xxppWkr4lDxFmTzkpR5SX/xPiTsONEHUmAv2fisLHmxPhj78HZi1WIP3RL6nmcxMLTWgjE49CunzSjDJOhLDfKEvY0aNII2+m0YcOd4i7mE1Bm43506lwWPY9gV8Mzmaj/57Q7/6R8MG2EgxDptKUfy0grtwDic1ncfNuU0JjYdotfQkk/lvOL05NgAljI2nxuVO469UcvLMwA2ddDIaIjtUsvmk0LI0/j4/E1HGfmwRMSbwIvc0CNClmgL6pP6UJj0z5mcBIOmFyiDmpmS+Na+XEKcJwwvAg+u5XomdeDfx+wAkm7imnueND2CF/D2fG3uJtY/fCgl1yMMPyE7vf/0wJEYtQ9e4JdIxMAMt1TnhyzzC9TL4BtRcD8PgufVC8fBbG/kzjxzXzyGLiEEXMsCajDWM4Wek8Rv8NR/MdIZTyTxF2TpnEts/f8dbNq+DKja/ktEYIYoYr6DyKYtj8cFBHWb75TxpMu3MgVPg4hdp1g8dHI55l85Mu3z5J8Y+vc+xnQQg8FU4lLtKw4PsNrur6DVvmCHDqjSfsJKIOUbaP+LNNAQvN2MQF55BfdluA3O4XaLPvDMdfvkY3/vd+8735dpc7FzfJ4VbpuVQ9x4GWzjAHrfoHuDd7P+ika4B74xA06cghOyzBNIWXmOl3GZfIh9OBbfqw+MEi8HCIpYP/OXDbt9Xwbt1Ujt9ojgv1zoHMfGH8OTUQmvdNAsWcaxSuZk+a4qKwJewpnrRLRqPqEAxImUVK/laQMfkKHf6iAisN+6Aypx1UrO7i0Fh3dh3q5xW/tpCYVh89cfWGHxJL0CNHF3wkkB8t98K8X1r4R3QI584y5GPuyXBjmyksHj8ejc91c6CcFPjULCfrB+vRoD6LRyjPZPWpEmB20Rp2+Qxw+r9ZeOqyJM+zJSjuuMR1oQ54cTiEw19ZUtxlOVxp9ROS3YFrfA7DBVNXmOJqAPvDevHR6oW0qXw0znIYycNZ0SxdfQmD6ieCh9scDDK9hmd2aEH3xE2csmoHmyabcpFgPl7a9wUcZs6mqYfe091P8nwrpZOnREiAxPAR7lhlxc8P6MBW7W+oOHaQI3+NYLX2coxQGcE7Uwsx+KcujCoTxcRTiXjedxxb6zdA/eSJOGZRDzpPqqczAyPhTU0DnxaUAg/Z3fjdbgWl+8Ti1icveZSlDSTm5RNv2Mfdd3UxoFEKH6VpgO/bq+SzTIg2hzmippgMFTisBN9Lb3n5rhxebb0enFLnUNsDBVjqkMPuN9bgpfIc0lApI/2T5Xh/7xqwma+Lz8sjUbK8hN9MMQeTmDTsqpNnfU170unxI7UbCbS4yJ616udT0wchipi0jwJdJCFjngtdMXzEh6ZVIunGwuNF9bQpazo6H31Gp6b3At7ajudnaEOrRyRvKpnEHrljkTbvo/Oj3kDTiNeoc3saKlYh3tk8wOL7DSD3QQuU7LYG+6V5sLHAmvPG1NOPHe9w+c7LfO7vB8Y3fTgRR0L132YuyfrEJpGttP+8D/elzaEn+fUQ6JfL2as34pngqfi3VRB2+uxBq7xqtunaBHtbnrBwajp4BjvR/nBvKBc6CZGDLtiXaw6HqhVhx0VZMD1+CMIvjsHwFc/w1dp8ru/8zX7ep8H4aDqL/baD8x+DYVKqEzWNlOJMzQis3H0bJr/8Cr2dZ+n9ydWklD6LVzdKQmtwOH8T2Mfnpn2nnKyRIPRHBkOO/4TYQxbgniFFQjHJHLPcCPLcxlOrWznGX3yCRS3qaH8lBUvS0shmzEze83UkC37ZAGk3NGDo/lSYohFFZlNfYaKKByvuWUBNmpt4ls1LLvyTzUYV/4GvsgScvTsRbiQdpcBHeykrRZWSVh2DMqU96D/0lZLWllBssT3e07YASP8FV/cU8D3fx9ijdwYMk8bSrNptVJn+CuSj/ODj1clUm6wDXSvy8fAbV7ofuodnjj7K05u20iElGSiLmka5exaReUkSdZ1TBtPPITTX/TQfbmmBsad7KKjpEfRN0mTvS685S1ge39lIQE+XEjy26IKDlp9oqrMxj3EBDv6wlp4u+cBRyYOkL99LN18up0v1NvCnNJwm7ByLQ/cm0tH1Mvz1niomKIbRkRk6eCziN6QKWcC89Xbgll3F3rVRfFxvK3eGmINfahQqCrliyhJZ1Ixy4ppT6bj2jyUYaLpApeNM0s7aB56vpclOay90nJ+Hk8RUeYbHVDwSJswDhTJwV8WZy43y+ZeSKZwYsQ3o1EpY/b0YWhYrkGOoLIQMPsA/KZpQ75yB48dk4wTjXno6+I5GremFAyoradaCRLRo7UbtpQ70t1QK1rW/Jz8lL/CwreSaG39wab00dBwSh45T7fioxpJud2wgYd1xMPdXPHjKLUYF6SR6POYkHTyixi2wjEdEzwGdT9chc74EmkXowr2u3bxM1p8y3RKh6sxROMcjuFYkgkRCHTGs5Qy1cBkIrjaBvSlx3HZ4EdVay+MmYW20lXzPlL8BHD8X81L9Mtiz4QzONjMF0/nB/LZajK+tE6GXF7P5+dP/oM5FFI4JC7PTpF+wU/o1F4cSzLcrIy2taLyx7R12Z3njTdEn3DXdlPOnBrOfbCNvFDCi4zNtobGoGeKdj0LyrmxabyfJ60Q+wbWZx3Gg8xIeNZ0HhgeSwCRLHNbppnHV8lGcoCrHYfMiyEjVi9Wlf2GTcgvPGL2NwmpPseMsOXiXegztLcxIY+Q2dInYTrvuHyPJxSfwvV0CDBiVYr/vPUj3HAUV8w6wSxaD7Kw9NG9qEw4mfaMTg84c7HwT78/OgkNftlPGXwEYb7QAu57Io0RRO473sMDKghose5JC3Ws06Fh8Eh2UWsd+z8ShrKmJZGgAri5+TAd7nVn+RTKJSMtit9VoSl5jjsdjGAWMEfqP7aSK2Wdwq08b0rd4OP9lO/sGz2eX5HZ0ykthcZUvIGGgCSWVwvyfpQasThhFPVtWscGlI9xW/hp3x33GC73jaO7YTnhvpAG7LOshdcoJWLG4Fi7/S6HQRd6oamfLH4vWAnqqQ8fnNFx21gQOzdfF9KE7WFgYA8fqdnPtiY1kF1wDa8f6Q2zfDPS3kcKNluPB6uopUtbyg1WLpkFLYxqOU/4AtXu+UaRGM15ADx4utYHuN9IQe3oQxnxWoYr1ebB7rDp/CF3EMVIPqFXRDhrnLQeb7Bm4zYqgaU4f/n3kjKPahDj9dSN9KhDiM2M+U77oRrr2S5XWNffDf0NiYCUaR3drflPaMUcabS1Nw8+3cETTeTi79xX+OH0URVf9YHEhFfiWLY8zPXdA0btlMNfmDKYmrUIPN2XK2V4FaodbyOxgIK9R0YaN4x1p6rz3VFd0jg02J4Ok5190HmNDNdsN4VN3Amp7fGCdXhOInTiTxh7+SH98d9O6+69oc9ZqDtjxAqKMd6OFkTJu8qoAD0N1mHM7ihxldVhUdTLb5Yljq0wnz/jlQjdPvqUr8cWUvVie1v0ZCSrOVby47Ryl7TSEjr12ZO1eD60n79KxzitY5GhKC6YvgPeaUjDGM4vy+iPIK1MNci8voyS7Nnzu7IeVXgVUbytKHcFWeG6/NOQs74RdrxKp4elcVihfgxp1f9BA8j9q6JWBkrosVBcx5QQ9G+j6sZ5ic19QmWs2KB2No0vHQnnuaHcQVLnEDa3+VBV2mTsWKUNG7jkyi/HnW019kLByLfpELqavnzxYSaYX+1MDQTY/j++2CIBB038weHQW3/Fbgfd/jsZrb+7Q9h8qkGppwP5rrGnHxisw5D0C1EtseJZSKpaPDIGhlI3UlrkSp9U7U39JOf3YOJp7ekew8H1zyOMCLDxzkARe3+BLorb8xWMcyVZG87kFypjrU8FLAkdj9lKCCTNMIXuKM16+HYafKw2xUGYdfkq4zTfO2ULhNUHyV9yMCRNMoGZpME93mw09h79BZJM51ZofwmpYiSVPFjKZOcLbYz4wesAernsaUMONHp5mcpO+PH9IDVutOWxqHB+wc8IHrbOpTuskiKsagP2HDBT+1gB3J6TxtuuPcflgJJ497kLRj2v455lamLzNmz9NNIZH1vpQlHeYX0jqYkZ9NK1YjhD92h7LS0Kp0XcVfDsqTpmmlvC61hMsG4f4ZOl3tFwwGkaRLi1xXoHNC9ogxzYUVxumguBSe5i7cCLqzZcAU8HTlGM9CcNMjpDmlw2QsesnL76oBV7vL0J0pTJMe2/MwdJb4VlsGCz4sRdeDDMsHadHdycsALnNijRrwSk+msTwafpkOqvyEatzJFhhghNi3xaU2sB4+40CRuqNwVuHI3B7gTaMuxsCTrOLeH1FOwyrBuKKACfeEVvJHRl9rDzdjWaWt3PGujHwLT2a/ecZgLGSPruFp8CXS/ngs3s+vjGIoY9NLrj66DHcv0YHEoaD4WpcKUVscgfrouV8ud6Cdo61Yv2LX9jBLYTiH3yAOysNIGZFINef0YGQI8LoDlvgGr3AYyXidEexmtvum+PwjDKc3CsF5xWnwuHTofyp+h0+bJamkGRfvjPlCobptPKxt3IQeqAEFozXBNX9S0nltRR1Vv3iST3O2LtwMkk/vc4bdoriVXkzEtgaAaK71MB/nj7J/Kpgpa6r0PVuE/VLqPDHponUITgKOv/TwaYfRvxaShQqxFTxooczZmkzlGj9RrfeObygbQMbdBWR/FA0Wwh4UnLaZDiy8x+u65lDInKHSb7IiUbq70TRlbmcs3MKPph2jmMPruXoUAn4+t8tDpS8ihntZ+nDgymkFWiBX973QZiiBQSo9+GbbFGczpZgWHga9wwc5T7HYhwnOh6Pf1uDYtpprNehitJHvrBKcQ8YlalCwbI0PmhtysqFFpzSOBnnhMwHD6VUFlqmQEtexdGZFE8+lToCXl8Lo7D2MaSw9wSOCx9DsbH6WOKWxjlJNng0wA//itiRsqgdvDWyhF+b/5HeCCQJ/WRaa5zMYQ4L+L7Dd5jdtx/9vQDd96mCyMADNvTyg9j8p1R2OAoyr1ZidO12rNswDyrGqbF/rj/HrVaHuxPV0cBsCPVz9+OVYWeMMzeFwX4tMJq8Gua934PO8imcpCwCGuLH4FnhbfZdrMTivQewOn0IDsQq4N0dhE2JSzH9NJPvHx1Qoncwfu8NSHyehfIndNl9xyTK1I/n3j8h2NMnCb+V3Xh9iyLsM/4E+vcmUFTZdYhY6IIR34vAYIYepKab8pEdQaC+U4Ib3Exhkutl/mj1GmN7nvPQR0XKKkzhiKgEbtJ2x7FJw7jpuALFdAvD7BsK4PfWl6xiZ7HQoAXMujiVPbdswu4tHmh2yg6HlxzBFSpGENEQgYGmGjj0vZ2fy0tg5uUWaFx+mdv9x+DS7G+0J2sV7349Co7YiFAseuPtFCms8fGEidozUSvDlvYtvAg7/Z7ipt/K3D84FprbPelZqD36P/tIkdKBUDnUAqUjZvANretU27sQxf+MhN+SY8FmchZD3Rl+1JfGY5+fJLXGaewaqAjnlW+wg2QHl7w7iUaLZGH2dxHcIboX7LNW4vJAP+zOGIRNkRX022whmDfW0uPhtWBXKgz49jE1jbrFfeEXYF5sIa4OfcZPlWKg8FIGmjWfp+IJX2GJngi8fyDL64OUqLlRHG6J+OLS3hr6LvCdpy7qo4HHyTjZrhmWGepCR4UQcVE0hh/potrSdnKXL0CRtOuARfW4/4cuvPsvE5e+nQwJQUX/6zNahXijsdFbnLPvNd2Z851O3rzGIRFL2cAnFd5NmwghB57AMtHZ5HvrFZ++M4fzti6GjIwbMPxoHstvG4OlfzQRr+hCfm8XfTV3gWKHBr7e6IWCy8u4tMQdu+A6PnePgtK6cTSy3w7iK9ZR/Ol57L7bA++sG8dLk0X4vqAb+ra+w1/PzoF4yShodTABt9W98LclGabKWEKXqBqOOysLFvZ+yKJP+f6teprxNJF1DxhBxK5UXiEgymP8tHjvii3kGH8KB0olwDXGHYVvvkXXjyUopTQaZl0c4KcVCmAbHQKPV07AvCwJGKuiTp/Sh3FT3mS6YhXDW5eLQ6vOfdpd9h+7XpGAtYYvuPPNDRi57QGMeyuKJ9NMYIa6FX6TIfig3cspuaPJMXs/HVgH0KVwAdfsrUXVmkjuvzmJDmg/wobF1qD43glNVHLotJsCWX6o513PWqDn6FuSMltMoTvy0WeHLQp168C/Iz/ZcmkneV2vgNHtvfDvhwYFDDzHfBFVqtx2i+I2fIMpJQDZh7/wk8ci8Mp9CnSr98KaCjH6UdlD/WGjYKD4F6z5Ox/K18tBdYYKjbnXRKmP4lBsuygvUdTmjJ71HFjtg+ESgFs/Z1FwnSW0+F8EDzFxvPzKAhaOaccjWkehNfog7rwsC3LhlznrrSclVWuDQ583+fX5MD+7jfOrL9AnkQjsVN4F5oc3QNOjj+zbrU0aFzThR34xbfGTw9vHJtHWiHiOv/cZmosfw5ZpN8n+ozZ6tBazTacgBGeKcczGxVBZ/phCL56GsqQB+jr4FYZPFKFNsj7PzemF3Rr2UKd6Ft0fmOFGnSe8+/JBxLIvpNs0D8//DsHpG2LodMATTlpmCssTl4LPgnBwSguHf/LT+OSlcSC2wgxiBg/ASz1DmuGXjAdEFWHvw+M8Y3MxNY+/jr+bbtPASSPw+9cOU7R0YcYOL+rYp09S7iJwMOoRYlI1FrpV0FjRb/BFZhtZvQPqqqvCaZFP8HD6dhSlkXBnbQMuCvxCf/pHs8ZpdZjqKo/SIh9YVkELl112o23WcyHijSyYV/8D4yuK9E/uPTYLJuDdzxrwulMbYJEgx+QWkyBuYzs5hlS5Kj5SepG+HiJQkxVmz2V7sCWjHAPSzKnuTQBraSryCdNJwDELWThcliT3W8BkNTO2qzlP4HYEDqYrsMiId2T26xCa+hjDuTtfSNOolIZWbOB+kT1oGxcOLx7YwIbyOZD3y5I9bJahdpIEhE7KwSeRfzGz5AVF+l+gjOrJ3CTeTaEL+3CD71OgMX8ZhsUgc881mL5qiA/9H3H3oQiEogYA+B8iQkJWGYVkk2SPQlQSJSWVhqKoJJUOQqKElIYGiQZt0Y4GEqJEKmW1hJDRlHEf4z7Jd8+MvcTHwISbqyDCfBGu6x8NH5aOQpXV5VDiwnDqTiatva4GEQeq0HnhT5B/KwZTixfTkNp7cFsTwM75QnAnRgIOPbQD4fM9kNC1gp9tXw3tbx1ojeFD+qQpgW7Sr9k2IAGy60Xhs44+LNznB581X7DO1LOw8fJxiLuzDnV8N+DTMFFIc99E2700ILgmH2dVRpBkZye8GorEQ06beOG/8xzSd4UjxotwjZUGTT5sBNo/NwN8WoBjt7yDlM1JEFigTBsOJ/Pa3FrUvXcDeqeY4Y4QQziIivyj+C9d9ZXhX4fPk/WRYWw78x3GupSjf7I6VDj44m8zgsq/RiQebI37fUpppcAvkjAXAlODlTxZdTTIi0xgw+hiHvlLDxQcGtGW5DC0pREM72+hlcpeWCkwgq/1ngHZ80gfxK1pXKY+fP1kgNPiqvB0cTzo1pmiVlw/LVSfijG1q4hzD0KPwUM+l2sJdTCCpJ23wl6nrxCR8hsmGCfTeV9xDu9ugetPt2HtZmGatGAqLHYUoCk+pfgybgubqCtwo78Haq6pprPl0iAy1Q/2ryumtNcicCr7Bgn/Xkbu2irUxgK4rcSC7v1bhWda3vHV8d9I2cuTWF8ATnWls8pUE8y9N5lfYzfz3kKK1ejmNk8B9ta7jyc/RHHpx4mwee903j01mpffcURXwRHUtd4ORi3Zwc56Y+jtrVl09m8MJF0Vh4jFU9h43wx4M7gN1qxoxasx5ui0XYQPZlnSb8X9JOT1mBcssYR7N3W57rQE7en0wP2XUmDmA0U6WvKaLl3M5aXnpmPAJ0WsfmUKpfmLub15HigObGedmOeg+8gJr5geoulYy8IjdnGSVDCo3RoNItWzuEzkMfTfrIeca+qQtTYTjN+vJLMkZ5RLsUMnl3PcXKoCOytuk0J6DOXGjsLpBU1c7BrAQVtUSE/NA2tgM1pfSObVS02g6st1NPmewvEB9+nbKTc0Xf8PAwxb4eW2x1zbsZv9W4Xx9bAlKP53ihY+SebkpSEgc/kbb+pvwIkvg9lYtgm3zXoEo1zt4U7MFKg3boazoW5YHzwf9e8ewc6JC+n7YR+oWN4JWoISNKcgiWfumQInDzuz0IZC0Fe5R1K6xXDjZxmtVFCjzqAkOGvfB41iJfT1vTxc6xPnq+cOQ++hICr5M4hdk6N4+2MHECzYCiXix/n8OT++riQJJ5pbMHpkCy1+E02DvX/5xLUoSHiQSevDKlipYT5O1AokKz0DKJhUgbd9XOmH0Qjoq0EKtp1FoYeMeDD4LOTZHKcA3790JkodzMc6UFadC5cMvKTQXY74IiwLkrrXwZUPd9Gvah8u6orBuZHW8O3EYXTI0ud/2wsgpT+PRzYl881fI7GnASilShDWXXjEK5vGQvCFE+Ay/jXPmRTA85zT4KGqOPorp5KOcxWuy3DGaqM9rD1N9f/m/8p/6cDlWXZk+0eA6h6n8q47L9n4ZBo7vT1O00Vdaah1NfpoaYGYfyt67JXDr90LuH17F7T7/Ecf8BA8WWSHqe2pmPxrgMpLCTTFGngoRhenz5NBCc27qPpLHhd5tENm1xFq2P6VIk8IY3OQEuiMT4XaPWL0IquZ376dCAWnLnDKnClQ9HUOTlQNwoj6B1hwaATsF1ejzPebqXB+DgzJT8Nl+mU0seUiuji+ZPU1WTjz4laeaDESagc06c6vOjD+lgWuXv1wtHgXxWwLhIV53nS7aQlIOMTD8XFqMHbfepQI6aXHqrJ0Q7SMG0Q+0EjpxzTjfA2HJs/B+mwDOtUpC3XDYigS0UWB35bCohkV4B0tSplRr8j9axkFemXyg/SF9KAEoXGpKvxwfYcjBgVRq7KMOuW38F2by7TnZglu/fgG1MUfQ4OVKvREJ+AKm076qusKU3zewrdLyym6wo2XvdHEmRNc+NmcCj5fBnDyyl/0H/eTP00uwWdrM0D36lJKHmjgceqL4FnCcX744hKt368J6mt1wFxDlhZXalBl+EFW/tdOBz7OBrFbyfx96kyQ/GIOS1/IQdGry9iveh/3si8tiy/ADf914n3nQt5TtR7fzy1jabWFeLdYEnTOx7Fr3iyUUYtHy3EAyo90qb82BcpfbsCTMzaSdkADLE8xB9uIT1goOA/mH/jDH7vSaYlUAJxquQDZqaNRaLUPJFc4gUecJtjEvYS8c6N4b+cbWCFkyuXLvuOAwRyYtT2dK58U4Y5qGYweYQBdfVU4A21wj0w5mIQf5k8RD1A6fgzs3N1DEm1HUFAXIG2DITyalQM3SkJgqcltlnIX4fWm+6j24Sy6c0cFeyIa+HdlGhWNmwZmv8vRVEOP/0tK5Vl1J+HI74dUJiaKu1aOANeF37Dg7zI6EqQOdcGXqCZxGsSv84SYPHVsOBBEY88vQ4maSXzybwPlr/vDd9sFob3rDT475MX5mqFsfsefrNSdOHV5JElLHuGKO8Hs0nGR/O11QHx1NmqfnQQrDjOfd7Ig+eQptIl1SWV/C4ocPsHvT5jzqwJJkJWchscfHQP6YkNDit9RX3AcH+vx423fT3Lm58P44YAbCQxJQpC7Bos6BbDQpVpo9xmEPK80cGz4SLs9JuOI53ow6kcfx62UhBgjIzjtfINhzWxeKnActYvm0sSHkvTrmDlYLqmHFQpvIO8ewOrYAVDdN5c1bmeD64q7mLF+mGZZjOcX45M4LnwRhff08qQeBHvXkTid1emjthz1RMjjO2N1ei5bDPbfT5Nh7CpcaaBLD1zMYfFtfbww4AOrTzyBrvhuUOg7weJuq+H6uSbwXrCRjHZa8uExCvDVxpHOb9mA115WcVteO783qaQtExdR/4QFdOCpHOp0pHL/y5Hw7lEi/2otZkgwhLcLpPDRHH12fnQSZ8T50Jtl1hBu3A6lr2XBfbY5+x+9gTanhPj9hFEsj3uxPqKOCoub2bfPlF3dlqBwiyGcrI2BO0YSdIT9UEtalBuTC+j2pf2wYk4YFbSN5FIRIp8iZcAwglGzA7hqoAR0Yh5B3h9ZkFMvphBZAd6UFwQa8yXYykwcDMX98Nh0Fdb+byoMa82CVzXz6fnQRggdXks2Wo5csbyavD5YwHLvAAwePYoPOSfCAwkNWPLKmRWhmzweinLElzH0xOYMms+Thyev0/HFc386O6OadOPssOREKx861Ahp9+z5b9YTuGHvTo++T4X3Cpuw2qUTVvYEkl+5AN39akM7y7bR4Lw9NKUnFFSEPPlAiSKszD6Pjfum8iqbILbJeAodvz9jRPBf6hm+SIqV/Sx6/ztUBk2DGhNLbtydjtdvyWDbyiBqDT7EmcJz8FfqNXJPmsxrry/i3XulgF0G8di4HL7/WZ4kC/NwmnA8Kv8UBsORXqg//zlNTQqEayuMoenCX1iXKEAOGRW8OH8D6l7o5dNO33hfiTUrKSZytHE2fX/NEHxqCR18sogf1RnTK0M98nu1F7IpA5MdprPri9WUJB6A33YowCfpN7BgoTJktVyBjpJYbhjMI9dgEXB48BgSJWX42Q9rNrmmCC4tkjg9bifmRCbRW3Mhbk06Qbce3oGBJaNxqCAVzgechf7ZuqDzIYf7J/yjiNRA8J19lipszvCzOeeoRUSFNhyypQeKtqwkLA12RdvJdpkLLS3ZS6VPJvHEBYLgfPkgHn4ZgcVjhOHYlsN8q8UAtrbIo+vX07hu415qsOjge6/SqeNtHN8YE0QPhn6grF4lLFtpDJEeU+ja6kGSa5hG0St2wY4VV7BA6QcfcVlCEj7+8Nq7BgYWyMN0xfOw+rUa85WjEHlhHVyCTlqRfYMMmiTRP8+TR3fm0zMZc1g8lMYpip5kGywJkiODsaW7BZ+OaoCDM07gjUQhfJ15gkRr5KDrzmj2G/+SsqcD2SoaU8tEC5YdMYI8//zC9Cgr7vb9D4XeakGhihxsybfCK3XS6P2pAOaunM/SOmfx64hrlCwgiUtv29PrdAt4NWM+fBMa4HpNSRg+OwQXwsx4UZQY7stdDa8qGin+1VpeZCoMARrp2H3DlZdvOMqztZfBsmX7YMaMXSAfsYrWj3qOo+JXQ5G5DBisec1ZBX/w2XJhFAiMBQP1ubT3aRnFPjDBnMpquvR5FESpTABfF0nK9q+An+MOk7aMEYqqusOUqjmwcVkyCxc9p1HquSz/Tw/GJ18BdV/gjM/GfE9QnK/NP0pbI9uh/oAxX25qY2mxEJKqNIG1cV9A/Xsb1d+3hlm6TSyW2oc5D/MgYEYp5yvK8QsXc9riaQx1oYn0Ui2QM8dd47yTtVAuuQR3mzuhS3orqKyxYH/rR6SfOxY8xRbghsEaWi9iBPVfVrBahx5Uy3+hZ/lZ5D98lm/gRAzTYlj/tZP9lhiSiYY/Wso10GytFCjwNoH8cXsp9NJk/PzRAM1fiMKjTWYoV3aNTid/IN1F88Fppzvek3oIPz+vpJe3l8K9jnaQfKkF6/72ouWFjzSqpZpic8JhzJGbnHvcFnxKTlH5xwzUcLtBynUjwW74Gl90vAS/oxOoyK8QVywbhJUXj5CCJMCOPwn0o6CEv96aAsY20pT10hBWLLjIZuIt/He9Ogd1d4BAYQneuPsHTvcbg+iKEWCeuBzsF0/Hk8dPovsCHRZ79Y9iui9hbfsMqn92Gs4FnsXdpgYQXdZHYdEd7B5bAKUeHpDU2A55dhowc89HsCuu4WdjR5B85WiAQX9eM0YTFI2O0YcwAe6cpwSFq4RQbnUZdH8MYMfDnhh6QxNM3ORB6tkzmn9dDP8lO0BxmQR6yC5FuwoRDlrmC/NUl+GT0crwwmYEnjmkTe0bV6B+gyCXGUyEIbe70K5dRg92d+OXb9dJ67cN7DPxxLjgOLaTukACFEozC27iks+iuBkrWEjnBhYflsLQ76NgS/0UPO65Gjc+e0jn+j7jx0AXBiVhlFZaQx0OF+nqJmsMNleA3/E9UPk0gd9F+9OarS/41NnbOKRbCQKXI9nbXZqT//Vxndo0eH/tHDdXDGP3HnmyWHkSy5Zl4+LvL3nvvnH8ff128NlZy7fGTILXAQK4qX4y5TmNJy9xM3Q98Ivrvs/FfVIlkKYgy9uc2uCD2ETIdr0KBaZEj1OMcMkJW5g8XYc8P3jhpoZiEksTpHm6tWy4QxemlElTiGE16BVkwVr7YpR4tY+k0mzQsW8W+wRtJfjmzw2BDLZn/gO3c86wUOchOdqfZP3xpWiUr4B3lG7BhhA/NLNpxncjCdaEG7DZzApetGs5tuauYP5ygX6uuYmZp1op8ogWPm4bS/3qU+D2jC+osaoTFVYBCSbM5eD8HlK6nAbRz3Lp7bU6SBowIw19Q7j2/QN1JN+nSdufkkC9Db06IIkns9s461ImHwleB88u3sbx902hx0ic3ksN0anUP9x8fDtIyt9AoS1+SJMUaIrqKnjcmYUa1cowvC4UYc8JnBrgC1rnZGmXvg2nNF2Ff3cieNfabfj+71H0HW8BHuiD50NVSa6/CDJt0/G6ZBUP3CrEvxzEzgu80PzYBvqXrgBODa+x4Wc9F23s5c8xeay9MAScz29B7xBT1rTwR1/fH7x1IcN1p7dwx1OXTv03kxPer+SVYrFg0rGdWla5AybV8M3bJeB8Rx3e6ZVyr0Uf7VnaRt20j34VbObN6rkUfT+YNe5txSMuSvjynw34iPaDOxBeE+yATxKlZBMwD8vSIrBPowHcM9T52/xAPvHPAuRn/wEPi/dU1qjFRk/Ogc0WPUxrXgq3Hg+QSshcfuIuR6OVrWBNlD1tS5uNMVEBfLbhMHm4SfJh//MktXgjqljswawhc5QebwRzohR494nj5PBiGxzLWIejVn7HPwPaYPVoPlz/O4ezwy5hvb0aCMWa4ol5D+BDuRkGLXSELUaRaLg3DMsXTKUk3dWQVD2VP6aPgpsiYTjOfBjPOlqykKIOF1aZ8mGVjXx/SArMQiyxbFs1dYRMBPO+DhIJOE2qKj4QGz8XTMM6qOv1QRBcupecB3y5aJIozhsUgCWRwzjhgwYqZLnh7toS6vowFT/6m0FKXif4aVXTjTELoP29MLzPHosl2vrUpLOdZ61YRnWG1lzQWE86DsXwatUQi2WuQ90mITCB1aTd9pn/ZmfTBtN4lDhyjienOZLR0hbsdRhk4dnX4UyGIZSfVoeHK37i71XenH66BaMEPDgmoAh35WqTd+xovvk2iDabKICXrgP/fLcXhpe8o4z90zEhWAWrvsvCIk0bvqP2kap+K7OIqgXsN9jD0lHXKVg7lP6r0eWjecvxU/BL9AnciK5pyCEW53nnH1PYIrUPDpXGQ2xNCjh3VXP6Vx3e2T+HclR0+EHdeggXrePvW5VA5+5r2OlVCJ1zj+Axlwfk4n8SRGzi+PP+w7C69xWMkVPAahaCr0HGZLPlJyZ42ROPyaAfMnfw1zlDXKxuw1fuTWYlhT5uHW0IL2KEMDq/CT0qJkI+IzSHFHKf1Fk89UKV3s8rAV+FOSw0SxtqldSptnwXGHVOQqW0xdR09wVtz0in+QvO4JFre0EbrXFvlDzs9ymDwZbNqCg9hYS3lvFts0YObneFYJ0WTrgfyYVFEbBVZzykp5yjSxKLWNPuJjsnO5KTdzWPDQki4QeGnJGRh/dPzAbnaePg3abd4CwpAFkzU3iujx7vuV1KWz7OIa3xaWSzfiFbbesm/0YCy60ApPKaApKSILbWEF79cMTG+Sk8tUuHXKuKWfCnNS5OHgOpCem84JEPC6w+zCnGOyE91w1/Z46jU7IP8M2vHdiqfIB8+hDgnRyHKJeim4obf3sgzHWlf3FZRg6OlXdC75WNZB69kArl1MFKwgaj26Wh+fgIvlO1k+z032KZuxaKO1WT0NEhljNQoI5hOch19UQMnUHaZ2Zg4s5R7P/rGHbJzOaAdE2YWKAEf+rMYd5NTbjbK4UTlKo4UEIdn22uwrQT2aT0+jV7j/2KD8QaqPmCJ13cOBGmnxNj0eaxNNpOhx3Vitg2y5fa5rjShBOBkBuuBkYa8vhASQuSlg7AnrHLKQDKeOjXOZZwiqTNM/bDlmopdkhZz1e+OJDhRmUQzOpEu5QTNLYpE4RnLcFHIjV8YqcN7UyooyTf8dC32A8MlPRgz6mLvL5tNPQblVNYeC1d/6wA3sMyOPanGYt2rOI3GE5HOkWg6t4/XptXijNfTmWl/Vl4tj+ZNF9Eoem757hrzGHm5lQeuX4a9D13wT4ncZb8qg63XsuSWnww/XqQibtbd8GhdA8KuGtNYqIaEPgxjcY4b6M9eVWYbPyO846F8aO530Gt+ChsWydPeasWoeQ6Kzg0/xflhI/kvLyFtFTrFXl25FBybi6cWPqUJBfn4IOQubxJ2xRE9fvw88pa2hHzkPwOt/KCIVdYPv0zVk6P4MGrjrA2dB6tcySYb60Ldv+Vop7seLruugFC9nXAskmmdK32KL79EcOHcnKoIEMVzFMt8P77P/Bf2DOaNOIgjPKRJnASpDbfOI5rmU8apZ64dPloyHo7D+PEnoDUrtW8LegKHlp7HmcYOOMoAQvKnS0HhT+Y6m8IwP7eAXI/HceLFxRCT1g7jN3UTi9f2JIbX6EFkxM5YYcLOekDaDR/4ypJVwhcN47vFJyiwaj7pH/BlCN12qBgnh88LXrONrcUIe5CNb0VFqAzn39Bg2YR793hB6MVeqCtexf4SjbAjU6kTQeUocjqAIa8b4bmtF4WSZ8IFpmfeHVwILqMVOSGrJtUPlsQ4+4Lwdx/09l0iQZnH17Kqxfewac19uiSLI3P1PTYakEUR+6Ro203R8OP3FF093AB7hz0BWkTfaoP0oUxvw/j9/DL/GNfPp03CgGl5VPgU/ldOjq7h7tVV8DUwQkc2Pycm1+KYY7TB34xz5jMteThnoYmeO2LoRlLI+Cr12TQn9kJUuuRTcJn4cyEUu48tAp8SlNYIcwa4rcuo8CNAvhMQBO+PqzjKXNf8XGnTSRt9pquh1fwjvB1aKotA+GLu/C97RT00LjMPpN3o4JMFM38Fo19fcLQp+8IDS/tKXGxNjjlWaKyyQ/8Z5GP+QvySGO5H+0K9MUP9jdQ6sxNurLuAsjGWsGero3MoTNBafx2XJv9nsbZSGDIJgO+EJdEdfKbacaKbSC/ajLEC84g4aPL6dIYQBn3aBooz+Pgtn1kfojR2/Ud1P3MInENI1jd+ZULxgTjhpKNqN1Yhn/fZ6JV5CUYsb2SmmXiKdxmLp8ZGAnb2//hx9JUWG06ig3T3GjsaCGuucgYWDiK//b9RysCBbnAzQxEurex8PnvsLFHDoybTlHSs2C23JHAY6R+gX/hFnxm1E63NVWgfMU0mKFhjsYT3pHf7q8cnvGC88cfIdnMhTAY7INTDX9gpKImaAinwb5LE3nI/wo/lL2LlxXEUTv1MY+tFmJbryLOubWSJMVU4d9aH5BNeApG5clcezMZB7XCoXDbeJgbd4Qf/j4H30esg/VfLOHai/GUfjwL7LuCaOBdG+Uvz4GckqM4uOAY7l0TifE7vfDwEgPI8SrhZyIbwb1TGspWW2Cq9Swc+3sXGfmEYqTfeL43EAGvjqnAXdURYPLdjTwEj/KE5gc4/pIbd+w/iBstrmHSOuKVZx+w4mqA7XZXSMfvFlxODEdjLScQiznLkWLv6IjyRc6b0URnb6niYJc8zJ/mzGfvFoPT8GeO2e2EjomKsF4J8Pr2YOjNmUfd6MSva63h/Vlr8M95TvYtj8gk/DtusUwCTwkBuLD2A1tefc2Cd1NZ1UQEvDcHU333MLkkFtGzoBkgIzmOGzfPx44hOQy4bolKaWowv08VNk00gbvRchC0pxcwtJalfXRJJek/VCrTpkO7UnjyJXGa8dUMRniPRuPRt+jT7P2QQH8pxiMeomu/4s7hNDz/bAOOvp5GaU8ngFquBy1Z6URrf6fQTxqBcnVF9KNgGxcIPcVoqzk4pbwCa4UE4RIWw6U1FVQ6sZkHFqVAvFQdm4pL86fcch6alIJnDtnh4/1qcOqbA7wq6+fthv7w8EwU/kpQRD/vTJjUrQhNG6RYbMwn/lyhCq1Xpdl9yzoYOlEJ5m42aNtiDRvslDB3xQ++5RuPE6068Ua7EZxQeAAxii+g+h+y7zNZPKGpxKrr4/DD7nh8YatJSZ4yOE1rGnhmPuAB7/Uk9qONrpo10W5ZPR6MTmPLR6FgvfsVyUhkUESoGnyzFwTH+7JQ2/SWuusqIMbmOe96WIoSfR54JLAdBkY4kPcMCXA7rMe+vB2N9UsxxCoDX8WPgSXn+nhSWiELakvBp/H72PeXCGgUHeHFlXUcWxRLysan2b5lAN496AaNA2t4xnk7vtazEESareDzwA2OL/mDgqf8uasjDF0SyjDOzhd9FhfQYpsIdIpSI5FtaiCxxB9kZj9G8ahHaBXViouPquFHh/kohp9Zxuc6Pn85g+asVIdZQrdJvyufXCS1YUmeIGx+1cAzjYIx/E8fhCm/h72vrOlljiHYfgFK7JDiyq1P2eL+IMrbhpPo91RwS79FE2qf85utO7ikXwQuz6qjXndbUv6lBGuDsjlOXo73nRoAnK/J+QfrSSZJAm+rSkHD3+MY6a4MC9CV755F/jSkBZO3SuFvDTOyN9hCG27+Q5wuDs63k/nVog4c2X2Ez6iugIIZbfym7CXPX74FVvE0fNYcDu+yzWBHtRqWnZAigU+LQchsBFmnp5LHaGU0NbqOEVWf+WTGLFw7Qxk+Zolg9stBliz8QmWnHGBDFbDA6UU0PfE3lwkassvSGgiUMARvTWN8078LgtPi0KbGAlZ4JFAmnoeYn1LUfFKEJ30PIA9xORi+bgsfkxzxQ9YeflfQi7mnc1F80zSK6ImgXZuvg8XtnzCrWRt8VzjgcrmfHKOjjS7OSvxDxASNDnTTiKownqfnhZ4ft9DYTSpwur8GrcsVMU+nmLZpZaPzBhUWq63lkjoPLDC+g0/awnChuyjIejfwtzWTKeWFFC3olYUd87PBqH8/LYvNgGXh58A0ZxQOGMlD+/Oj3Hw6E1aPbsYVxc7gYLacZy1cjIVv8qhZvxRiEwpx2S1NwJcPad+YxeRbOwvPjk7nDzcnQt3jaHR/W4ImoZvQYF4tOd9UhkS3hXjTVIguZZnhiuIP/K/RntR6l4LPBEkoeOLIk478hYObR8Lne28pQDAVzoY9hQVzsvHoc0dql7bF8jMjyLSxC7RP7+SYH5YQMvYWCFqep/gaX8xKkAWzG7U0tuUhP3i3EuI6jOCpgjaV+OqDSNN0nD48CVpq32GHtzVe3N4DT57JgmT7Asico4Tz6npBYcgaTtvfRUWp5bT4Zz/88hii2kl/6dOJETSmdj6lLW6ADT9vYf+VceDiXUT6a7bCwJNCTBXYSYJq8Zxi9JlH1E6nvju3oVMmg/u6CaKP9dLNc0N0oOQCbfG8AKlj5dje4ic/fSXGEgrnue/6Ge7KsoT2ypmssekHDucOYc/qyyRma0sfhr5wcTjjnwNWmJajD37imtCe00tJG/+D2dZPKOuRELd3evP51DrMDG5nnek7wSQA8IWLLNhe3MZ6HrngPCUETkp8YI2o1zAvwA+djuxBmWgLFhl7BN7+Nw1UNAzQeFoX3VE5ScWOx2jRh2ZY89qTWvZ9os9+mThuyiTkLfKgrNVAAspFPCbIFc752OKDv2tw5pJBStogDMpjD6Dvj7m4yR3Br8wKTQNmotuIel4aGQMO0mvB/3EdOrR589x3IrSoJg/mxCuBdYUAP1I/AkLXXMCtaQEvl/HBu9VfYHq+ON544Uo/64bhcgXAlCsF3LR3FX7PuszlGdJ0UC8Orp/5AJdtvKFw9nNY4laMjbni4ChcS264hD+ES8FgUTWJK3/CzT/yUahPDRTfBZD0SFOsUkXIPfaWLKxXwqyQXBYvXM4Osos4atI4LMiuweta+ni2pYzmPLCBTvdSemK/FvcLWrFcgChcOduF55aPwbyVAgx1VzFoaC/IeyCoxiZiYeg49u08CCdDNrH60SN8c1woLruZTpvbzmD36wt4wkcO5qifITXXafBFLoM7H40G3tpGUy8FcfZSIpXezVz5+Dlh3ghwcBqLolq/yc12PWXcOQ/jtIRg+YIWKDPSwjLJx/xC2oQszwEs/uPOiefT6XKXBbJ6APWMvAiebbbYGlxG28bLkFCHMj59LAQ/9mtThW41PS4JxGjZIdQPXoPviuRARCqJRFp2kF3Ma8y5PhbKFSrYLc+VLgZaYkLTUc6Q7KE7IYl84UsX110uAf0jdnxPhODnivto8aGTFrbPJM+KuXTEvRF6ah6h7f11bBnzCTI0VtLAOElISe6A8CURJN3qBcO1wxQg+hIvZzbQlZZguqElxscO98Bd/bGwpf8Jq2b84zt3lmH6egkSn2lJ8Uf1WGW7CP8XL0XysXW4Vl8BBFrdKS3QlFcUScGZlfcgrCwLz/BpaB2xl+eu+k0an4ewyFUXLn6VoU6tAxSSPBsuS2qS5aRykhYrhuuNt/Fp6Wb4PpwOtQYI2jZCdLnejk0LVWHNzDRavy2d2tW08bTOa85fuhEc7eqw6ilCrPgMnlYxHgtKs3Ht86UwoKlHgRsfksSVELJTTuLpmS8xb8gMBMqaYEptAvpkGtIhyxFQ53Cea2+qUNF8exStkGPJjdXovZJhjPpClHtfQ2H+2+hoUjlIah9Dj4a93P76PYYdrCW7kl8kPkISKh9v5ZiDlzESlqGk9QdcEJ0Gf7uPwfybZXyuugi/JgzypHWToHJiN3mve4124Z48ec9T0hCsoyemayi7qphieqQ4tEaCNCzUIHGTApduWo++RU+gOtcNrDoGySviL5gZyWFHliPsXJiHHiL6sMF2EeZUlaNp3SdOvOdBtgdcyNBJjzOtI6G9Tow0e3+Af5EKPPdWxMpIpoW2DezpTxitsBVrdI9ywJwa2DdiBlcWKdN/q4zAQUsZg/YK858Z61E7dTsGX76FF6YvA4vZ2jCrdBikT09F508qoKjfwY+iAiD98iN+L6CNoxa4s7DPA6xdVI1lahJkfigfe/ZMhIuLvPHfkwGe4Ud8SsEaetN28q7YY2T+ews2lBby6RtmPHOQ4GiSLupPDmdpnwb4MvYuNw4+pj3jU+n9pQVsU7EGPz1PIbOniiB6cSld7RaD/a9d4K3yRygqnEnDIVvxhyJga+QbNJyvzgv/TYPvQyfoUMsFvvvZkFKVUtlOQQ2+1hrSRen7OKMxmePthXC/qAZ8mV9IK39IAt0yARhzBx2vBkLh22c4yeUILfPv4Q3J40F1rRY8PreSDz6+y99vqWH4uDD21NEk07x6qv+8k9dWW9KkTg2c9ksfaP80irFeSUY3Bdl440pWsDQijVBHHHf5MBa7ylKc9WpUlZ8GNj4hWCMsBJZHdbH34zOoN11Ff2Q+4a1v21jgexsVrjXBXbs1ACIdaX1bMB5YksfunY0cF3KTU9iVbeS+4v5ZOVh+oxu1xo2CiJ4e3LppM1z1UqDUpQk4MruWfgs4UvC/VSDrmc8fsqVR9rgQpHopUrFzJ7W2O/Nb7TPgfn80LV9tDPt2atMez+9wot4HQxeawCeVLAjyWkK957x4bJg9bQytI+WQWh4p2QbVXqJccCWWQ1+rwznfhdwbfhRbLo7k5SXWuF/HBIt7R7LEyLcUbTfMg+3rcZnSaCgX06ZHB/7S1YzxIGUsRFkKUuRbvARk6yXYNE8ZmkcG4i+rSfDgihQZPevn9muf8L8/r2GpSz7+/b2HBPftpROJ3bgqPAjTH4hCfJgp/rdrAVa9LEGv1s/sum0IhjXfs5fPSZrzSgD/rHsPWfXK8K/GHark7OB6917a7tHDRg9/UlTsS0zx62IZpXtYozuMLvEm0KR8iN3/3iKnHztw6pI3cHmvADlcfEN7nuxgm5d3UcZCjjOuSkFsVBRuWmQE27U+cI/7U/patQdlM4QpsO4DKTaKYf+DNCr2loDr+lVoW7qX+qx3UUngQSj+Ikdb8wd55/F/eKRoMuUOTKVeA2EIP3ePJmUe4qyzWlw/KAtVuoO4aKgQu7a1w9LHTnCpoZDT/RkOnhuNp6Km05fJ43n3rGY8NdmFvAf/srmbC8qXzqOuwhAMVbaG1AgRHtKz52MnTlDXBDUIdN2M0541k/FgDv23q5+WnRzFm+drg83nSHTubcPFs2/B+gOn4e8GEZhmHYlbbgax7cAENtE+y6lE8GaHPdVFfoLF6z6RxH+JnDZOn2pO/WatGGEK9dhBdnoK+PGbLFhZ7GbXq3eh+91MnLgjHp9Ll3CCsx0t77kPZUEv+Ut2LG7p04Xe6QL8/YQGLH3xjhT9dcBwrjBtTG7G39JB8N/3NDilcpCK3CVgU8cj6C4SYXSOZOXUcKrNnoi5Ywfx6DpxmlL9mz03FXCtiDHsdrzCV9YX4pv8bHzkPIcrv6rS35pZ8KdwGX1Q9yWRiPdY+FAJJr63gruLzuE1vAwi26v5it8x3BJRQ6pHF8EfPy0I1guG0BgtuH4yBlSuj6P8LVf57dGLmPM7hgQn69NWhXYSlpmKKTNVuH3aWOhT/84l8/aip2ICBuu3c9hwJak6boTEuOdwIkONLQ+s4EPZurDm0yE4ZPWI1poNYfykFr4vpEJ9M/N5kd0uODd+DVtpnsa4rxPAeu1O3mN5mZSt+/lqWRdk2ETTpRrAvy3/ML4hBC13rqC1/gxnrl/FybOv8Gk3Daru1qDRhxQgZBrTgKcQzkk5wKOFR9O7tWNB598rNvbUBCuV37RcHunJiTYsuG2AFZPvg9Gr9XAMADS3G0GTdgeuP2jF8xf30chxn7Gi+yN9zL/EWzwd+bB0Ko58dxr/zFaFy9rZbFadTiONP8Ha/vW4V34zh0yuxieLdtKF735w2yOMn76xhAazNmre4wsaC9/jGU9PfDEpjMacfkbyKdtJKKGFo+VSUO+PIAiK+JPq3VE85/RqMP2Zwn9/7GH1+k948mo0PX+Whrc03anQYwQ4Kt2lIMmf/GW1FV4zleO2h/ak5XyMvgTZkU98MrBuI/dYq8Fd7XK64p0F+45vhexbppDoU4l+N0bxlXVEMRtGsommKnxQE4NCNRfwD5vOE84Dh06UBv81fnj930E+GrqKPmfPZ/9t2RiyWxA+tv6AVVek2HjqErpxZxYu/pZGx+Kno+j81fwk9D68GzudKkfZwAEV5MilNlimO5OSK0pZYm8Rn/+qhDXrC2EgwwPuXbqEw08tYSlL8kKBdhCvrqepax0gaPMIjJaz4qVrNeBkYit6rOqilyOnQlG3E2ZsbIGh6wawyGo263X9A5utB9n10DoYX34ZJGU8+eZCK6gJvk8ZIjFcPCMFopbE8De7dZgjlwGxEfZ0YsZNzNUrAuVyK9C5Hwyj/kpRkutovDtRGbX6d8OuuEya3OTJ4Y2TuV1vFOy3IUge3kKiiYd5smAMH7UN56yraVD+050nnU2DOb5jofaRIQVeNodEDVV6F+zA+snDrOGtgEU+hjRy8lbo+5ANBc+qQO/nRTQ6pgYhBsq8+akbt9kl8w+HHfw9divnhjdT+OpH6FBpzZcfraD2CeJg+2w17gq1YOfZuei84ivPOfkFHlSbcI14Ek3rOgu1c5q5IUUWChfZkGlGFofG/OVViiOhWaoNLkV+xntNmbxBygHeTjjJO5W14F1DB1YfFsDK2sV8M38T+uQvxehvFfxnQwLI1E6GM0tDQD5EGcrTd+N/B57wOuGxMGpLAiccU8bYjRPIzCuYHEOO4b6J/jRjlDGY974hA7FaHqv7CRsbMqnQQwhu/F2C6rdccdqxeJ5i+ZAWaiiA9jFbONn9mQs+tkDFr+Xk6ZlIG190UdTOYrw9Zy6WvR3BGT4WEJYxCSs2ZvIrfVFc+LuFR8VeYKUbJXSlbxwenzoGZEM+8tkeI3jec5Ht7ryBaplLOELgLDqcAK51300KScP4Rj+JN7n14lV/U0jU9qJKQR1UMUD8s1UWAwbT+UD3YQgy+85VuQ5gMGc8vf1IoDOtmp89Wozfl7rDSKdckMIx/G+NCCcpfeBpJytZae07+O+PPNze+hQOFTTh+d2NZLDFj3Wb4ujInlmsf/YwnqHd9PgvsKmUEcwzL8fI0ck4ZsMWnP59Pz8OSKJ7c7PxwDtLWJ7dD4cqxnGznDRkaWdQrLgSHZ5QzgZP4qhIZyJ+vJXGT9MzKFVgC4QkrKWb4hog8eMFftHaSvMi5NF6QBgFk9dBvZM2tx2ZifyjiRe5WsKsM1Lwan0Br0+wo0mV4+hUVA9+vKTLz3MLUeTYWP79pQwuiR7EiWkIBkYXuf26K8T6ZqLY5PskF+0B3Q390NegQHodt2iD41RWq5sKt2PlMF3tFRqXb2KWfkdSb3XgT5Y4Nv6JphCPO7yrchE9X2oDSQ2zyT36Iby0+UGFqdf4pJkf/Ik04bQHu2FjwCw0LqzAA/aGoF24A4Pe3cGasyrUaFlLW2/40egJZ7HwhgHkNEzDvsg0ds7RgsOLVLDCeTrfnxhDNbvvYmtKIexTUqM21yZSdj8HKivqqKBiFGQe1AbvD+K0ObuIEjJNePu2RNzR7sPRbxPRx1GC9T89gufnVUA84x0e9H9M9b51oDAchk+SjDB9538YtuwZzDvbhI6zNTFQYBJc8VhENW4SDO+cSWfNL1gSVYFNpm1soBtFlVFfyVz1ESvdNQIon4zCwg48Zt9J8HjQh2ceW9Dm6DKaKmFA/5Wooe0GFyjvNIH1UR1QnpVOp/wyyE0sHnqzjpNS2ky4NuY09mvaYlXCL3qxXxFCcDfnXalh1syGZRLGEGWoCbukd5P61GOQVniT51ypoFk2Y2Hygx0wtisUrt5q5Tvnfal8VCAbaE+DY3XNqO1tCWpWXXTNTALspS5zmkwRpFq20JXJAyS/5R+Jv8hnK5XjsNJTHFQSBanOdwwMG7xEwU2DHHk/Fh4NH+PrZVOwzcMELm3rwvRzc8lEMZ5UDmnDvB1r8MUOaTyyq5Rkl7jTEd1Wrjj/kANFi1BqvxbtWBCPsXvMIG5jIUV+fgJ9NjbcF1lKOwW3UHOuMGTaf4C09brsfuky7pymDL/Xr0HVjffpQUw9CEQcZ/1bfmAUKMlW5fdhaspYaN6+mqddnwJWgdd576ixaJefQMUWrTjm4HXWd/OAnV92s/6TK9A1xYbGHpIHyYcjqUDtOkrO7YcnItV4cYcSXOktBeFTQewg/w0UV5pQ0G4Z6D6ohRdDpsDXqmjW3maBLZ/aUL+ng1Pz77KSmyhtuySNCS1GsCbkF+zOWYYmZ8z5+JHTsHeSF8/3nkpxwTVwY2QlrOgZwE09k6Gjch4r6T6HPeffwdQnqZBTeROjwvJ4vOESvOf0iBbunoNadmOgTHAr5X+UxcH0JPxethpESjVRRTMeDTsEKfqcHKbkzMPEUANw3/eR76SUok5AH785OxPMzgrRXQ1Z3uGaD7VVerDm6EWQvKkAp/zeonfOTlTceRDOqz0Cv0sq1La5AFpCX4POmtnwOzGWx1SpAg/4kv/WD7hELhHV3u0H065QjGw9QoUzf7H+7hV4Ni4WZLzEoE6zlTfpBcG2iGVwsGIqicS/heExWyF88jrMQUXQDNKFKtSD6rBJkLv9INWZNLPEBCl6eG8ntDrPx/MbhehiVCoPzjmHGyREoCTTGA1CEaZAGKjYbgORTyGgonUBNvXsoaKGIbjsPw6XfTWHCNvrePWTAt1ZuYlsPMfx741DHD2mke68X06Gg3ehYuY5qHhiAEWjLtN9MzkefoHwvNiIz503QI+Ee3B05TqctmsHt4f9wmIPdVD4tQK6x93DobIvvFV+DIqVHCBlvRPw46EDHTsZyeEnXvF5T2O47RlH1vt0+b8LMZDheobvuyTSDu835N9oiHTwAYYN1JJ1qyQs9JICxxAvWGV1Hj+HGHOUykjO+orcUC/E+73ewOTls6lk4QRo1e2GRZfM4KN5PPgvewYW9pW0qPM27Xj/kuZ5XYGJOyNQy1AEdupJgf2XQmx7k89OT45D6tEOXp3oAJ/v58JxMV2yXnsRlBarw6ScUKo3auSfLd08NbsfA/LtQW1eGljffc69pQ9hX3M6is+VBgvJqRie+pAvvCwDVcOP3GOewZKHV6PRdje0SL1LO8sHYIa7FGwQ+UKN2unwQTueVlr14c7ObTS3YDUv3zUfmj38yF7yC25WEIRZ4fVgH6pFO+89IediTWg/sgULH7vRlIL3EL5TEvRTmmmRhSYszRQGYbDghMw/WLF7DvWaqlJ+axFezrpKjeNb4eWme1xVZQY2zvUoOuEX6SWG8zU9Ga5/EAXLewpoW6AZ1jv/I2GpPjL+bAPZx46y/O3l0FA+hpQi+tClUx5CWqPAyTIdY5+bYc7qGByQFwbr2r3gl+aP5gmuPMXUDydHm4JaowVE7VxIYcnVtOySCZ+tMgIZ02bcfu8dOddVUMPih9A29TSc/unJC9NdSPj9Apou7oD/vdeDBeNyeIPIFQ7fcJQF0sPpn/gqtlvxiHLsbpOOWTXLy43DMz8mQ6eeGguWD2LTwtfUd+A3XlldCLPEB8EqqILNe3Jx6fw0XNwxDl7m9dLedx+hbyCIT7wZgsSnZdxvv4wCpOPI9r9c6FxTzDOErEHfyof9W86z39vTbHPAkRtNDTh9wTFUPFqAHydJoZ5EGJzLV4Cwi2G8Zs8I2qcWjUVh4RjXMBcu/Gil/1r9eR7aYu+CQTiUrAZ/d/hSmUYT1KW0cv0kW4qU94SP99z4rrE3FNx4gReGdDlWTAE2VE7AR90PoFBvNmbvEwK1z3PQ8O0BuN24Bbb/aWKVW2/BdqEBGFU74c2YcLx1zpyTBf8jsExFKd88XBtRS8NPJ2Ovnxb/dFGBYyql5HrOlN9PcQO9U3K8w3skLajvxx/V97Dn/Qo+evoelk0YAx7bOniR+VHoXeyCdlcVSFjSlRWFFFC1RoRfLYvGafdfQqCeHizyug2xfx7y4JzZXB+tgsV94exqkY0yM4RwzHJvkr00G1J09OFfnjgUhyjgn8ELtKN4NC5z6+d9ketB37qPNyHCqIY6iA6xAcWfH7jJxJX0NkzBxhdJfPqLMIJDA/RtrSDBmEwYmLcFLcJFwUuzFmqXvGEDvQP8600FfqJGaBNMRO22b9j7Ro/3d7ziZxOnwcSw+6Rnn0vC+m/w+dV4dgg9y/fD5rJXvzt4dYjBfdE+9Js7CXSOGvOAdDxdPOACJod6cPbVWXj/ihpMqoiC/26pY3vra/5yXB+mjPsIo1wfU37uOKzXz+QNZ67gYe1RfKVLjcZfnMF+ftu5rmkKtD6cy00r3OnI6GF+G28KNQcW8FWhV5zdu5IdZYfRoOkpXv0rA+puNWz37DtIfd7LszNicOUPDZAL3Muf702BhULWcCH2OB92tIRM+3Sw/+FBe55qsSOG4vbbP+mUuR2GowhaynzjrMNrsTncArq9HhAuN8fLbu9huvVxiDmTxUP7n7GXciCuu2jJ1dIzyX47w+0v+0hUrouS6RIlak6i87enQJyOPp8cKqWEitu42qwCmp/rwo9Th7liXC4ob9UigRw5mjF9JmZcEsCWikG6tVeKZD1ekk6OFQykuHBx9UUQksynmoF/cEY/GQtVFkNUhD0PqVlw4rVg8D1qDjdtPiJa7IGiKWG8tkuBXtk/ROezKXj8YzpdvLOc2cabYmMV4KS5JOz6epHHC23la24zeNv2v6Tk/o+irSfw38VVtHhDK0xx1oIto5vIe5MSz1ozxKWVcXClUw1E9IborZcoposcxAlt3rTSSxR+isaj0lMdOLlfgvv+PKPM1k3ssb2OW8R/UdHDNJqsXgzzHMzg2bQseuHhS/3aMhzzYwc0S+9Bmfrt5OBris7bI2HJ6Q7IE2NY0mrFnccqOWDUJoxY4snf+pTIx8Sevm9uYunXCHEJm8j6lwA0jr7JF/LseVmnKH/8mIxVvW9xn94O2ux6G6VnjoKpp1/DuWv68HWrJ888t5dfqKjihz219L7xCKz7uo08msNZdscqvJb/ExbET4G/EdLsmt7Ck/+UMaquoFm60jh4zILnTxwBju8HIDitEK5PmQw5ioEwvP8sTmm8xwXD0uB/XQRj38/h9u4U+vTNh34fV+d7wUYgEL2OXb81oLz4XrKY3077CqpQtO80vuMe8FzsxAYbekjpuQSM5ue4P6ICZwx4QVTDPg5aNYZslubS3reH8YylOz35JU9YJwfPe75CX48KeDrFEE0bhXRHGvMMPsP6NbfgZlMHFt7/gQ8+6sAls0X0udQA/+n3gYOkBrkXKZO6fx1d0A4E5YRfWL/lHErDWKiYkElyNrK0LtGR3999wiEy0TB+3wxa1nyP1CxToKNoNd/XV4Ztmi85JnE6Sa0yR+UbyTh7tSVcF5nK63uteeFWgDdeMRgpJgl/c5dQvtsn2NC+GG2K7Ek7WI/21DfDzxOCkG1jzlf3LcflPXrgnHKadzl2gP6fHZxqPhWPFIlitlwej6hK4Elv17HTgX/Q1ysJa9+4Iz89RiJLmqEpZhcuvExw+MAHGjfwiNPdrVDt/CJ6fUkaRuYexT2Pk2GoP49Ds2ezaKwXbJ0fjZXCO8FmUSSXjbHgtR1qYLAkipXGvIbaKRuwtEQJlJs7YfBnOWFgCraH+VJQ0AkKFTGCd0dWskS/L779I4nPsrzRz38+iaVe4s+Kk3DKI1M6+eI+LgxVAP/1a+lE+huesC6UzNOHSD9iGTkr+3JL9WaWWXOYMi3s2PerAKjvb+ahVSPoW5MSeQTexdrMfpzeshpsOhWpajJBu2MwCvuMhpszouC0ym6eN+IdfbsXzqfjmiHMUZEn+beD8wEdavwfcfehEIKiBgD4H9pbpL23NCRNRRJCQ0ZENlHKKCFklZCSWSKkISXJaipkpqRQSE5Gu6QUJXUf4z7JZxxN9TcMQVDFn04cf4L9q/ZBwB4vPiLrCgE+D+l2piqZ3b8PLTOG0GwCg1mpKTTEXAZ3TVkutLYk53EunHfACFQaTnDHy0ZcS+Wg808WPg9Hg/FW5kX5BrTdxxcPj3yFZYMxaGMUyJ0nn9HlXTL08aQZWI13IKeW5bQt9TqIHAwnF1Ut9HvzC/5yL4r2vkfxo+4cOEoQpFvT+Vu8Msjm5vPkkkc0eokoX8zZhlopc7D2ej7Osb/Np2VHwYygY9yT4sf3H04gBT037DjdAzZyi3jH5nBYUPccYfct/gdmMBTqjHcie+HqoAHKn5WAjLLV1Gu0jma92s2iz5/hpLSN0JwzCpTiPXjf1dE4IN6GWSvzeNXjsfDhixynSZ9Bn98r2DM/HBye60L5+nLeYxzFqTEbqDR1OesfPQajyufDf+PGkJ77DUq/+QrUlprB7ewgUtryCS79UKLQ7F6Ys1KXnkdbwa76MLYz8IbBswEQoy4Kjlc+84TsTdR5xI6Xxz2Fm7N8uG1xIk/rL0cJw7uwQDIR97Xagtd7WV6s8RIK0s5BwPEO6D32HrV9XCn+12Mwva9FqQKJ5FmqBv9ed8BQgAbc2r4PYn6EYb2IAT8Xm0KabQa8d7wcbfZTp4Dx9jCnVgadBY9DcKkE7xR6jAG5I4mql6Kw4WJ8oOVA5g/TQDgOoVLmAARZzuaKfWc5I+0+pBWP5srYLqq8E4lZJun4+cxbCPnuAKuXusGyVmm6oLOE3jc/5GVu42DSB2HUYw3cG/iTb0ZNYqfdDtBtsIdrX6+lxPk6/PPKF5p2s5Bzsx7DsPxGCrjbDAkejhDbqA+Pz+2ksf0OHFKBNC5Fg+I+38N9WumsUFgNPYrf+PHFQHj43Q5U3/fBUYdKhpU/YNLzCNgq944MLH7hjVl3wfnlG9RQ1Obnsgy52b7YHuaP2YeQ2iz7se7DbVr4N5g3C+5km/YPEKSUDd9TNWHVSCs+0T6XL5y9Stv05eHkQwVM/jIJsrrqoT9Rmk2ixtBisUmAnYVosS8VlP67AhcMe+i36gRsi+6GjpI4kJ2wHnOWOnNRhRJEiJzEM3N+4uFxlzC7OwUkxy2Hfcd0KWLvdf4clsw9gY8hL1YfAA+QsqceeOekoFhSK6W8a0Ytjzi62jCRfgSLYv6WjRRQYg2HWndx8rJ9IPCxhmeKDPKjn010dt40akiSpbFSn9jjUhPd/SAMJdMMuKtjM6gs6Ce93nNUb7sQu6WH2djXHGUzFoJ7yHyy8B4BGrsnYouPH79dZcfrjfXpulcuzdMRg9L6o5i0xYHUJ42nWTEaIJ5QTc4hKdR+ej9P25LGUv4hfM/6ALm8O8Ptm7owJP8MR81VhVXjpoDRzTC66hOJ5Z07MEHUjIWtW3nb6kuY0GPOwtO+celZe0hZXcSiMeIoVZsGYHKO7x3wwBsjemmjYDs93LUH6gePcUCyCoQnNoJ19jcKPnwFfreG0MuDH1in+C7NLanC/YrlMNiczCmmAvDtsivtPSAEA57G2DjlB3w6qcK7lNtIX9KMrYIuYG3jPZIPloSosXfxm/w1undfky//GYfn5YVYcB3D6cbTlNURj5U5Z+npR3NQXqCCc8YvZLE10fC+yIQ/XptHfTnKfErjE9/cVsc5Hlk4uHMs7Ha25tsX5mH0JwvutZvP37oNMeCHMXauUIO8F53svPAEa/2zAqOWFXw4LoZ/t+hDz7bNINJRjZ6lb/naQUMckSiLqhWX6dIRddgdvYjGJZ8isz0JXPClj2Xu9lLgZVW4btHAG33yYPNFF+ACIdgy0YmLbz/jVVleFLnDgQ4sPYr6hyej35q9rF99HTo9JcF1khF4fl6Dy8KjSWCXNkwmoE9vbsCldXU48Yss5VpIwojPK/D8fTXI9VzIWoYNPC7Rlfft/A7mu+6zk9Q92tc1EXQ9VpL7oCjuiZWBZU7MphcWQdeKS3x+7kkc564Px38uhe+mEWiU1gb53WsxK3Uk1OXlwk6Zasjvk2VZyV4cc/oD6edqQcb7fTzUARiWbgFecxE23VGEyxuvg2dMGDtrfoLNuyPx4Lp7oJWvgB03F0Lr5noa93UCfPU7gIPq02BJWjpdvOnI1dleHCC8m3WvJVOW/yyosr7IxzbJwev+GD5ncRzmTX2Bzeb/oF3BCrsCznNP7CV4racES5c30/IKe7j5L5HbVDLRepUpZK23B4WSM6hRvBDerA6jgJ2W3N4jDoo5NrDCah/HvPzLDSGFuPu9HQ5nP+W2+cDTqyS5xqkCR/dMxUFfBrPNuVhovQ0WL+mlTQulSVlcnvQD9OCsngS4KFVB4Ky5kDJmFCSoDcGA5SgoglJKvf6ZDx24CLf234Wd37vgrHEouN4SZElbE6jevx9lc/tAZroIpJx1psjPjzgm5iM/JTdWS59BWXHL4eWC0fBnXxyXvh0DUXQKR6ZtY3sHVYr+vR6Cpyzi7EcdvFdkChbK68KMqAQ489GGbc9shTV9axDmfoQr1135XeVYsFU8yT+/KuM0WTOwn/MSl9tNhFA/G9y2vYz0LVZA2qwhVrEvxtN1e7jBZQj0NoqDa4kYxxithCd3yqhKzYiqNRZzu85StJuqw6vK1kJD12SaMVodPOpXckp+JD3eU4u/Ha/htCvdoLkzlNLyk7F3cw49Chtm231ioGB7F/dlB+P47RdxzYlSUn2dSb3Pp8E1J3MwFhWiswMG/MRQFyw//QMbRQWwnxdNXT7G1KaggUaXt1PYxECeuU0C/cu8+UrTCPjHiihP+mAf9AbbzpqCYlkDar8357drpsOBlHo2lvgCvfN0Ya1AFY/TeE0wWRmtP1hQ014vGordAnOK57O4/nUQOlsJ50aogsWTWrps/Zw3au7H5vYadr/+D7J3p7DaSwW8vD+Xw0KzaGsaQLj0e3xctBwentgIjzOn8IgkFzh4ZwkOlpRCRuJ0dFLz4OAVCuCZ/IFcx8vgwoexsD6tnXLqRqH2gCjHnZkK89zk8Zq/Excra8NXMz1UVz7Ldx0P0aUfO3DI/BAMWnfQlGMR8HRrIpx5pwx7jwnDbncvNqpawYufZOHJ/pW8NrEI8/7+Ybmld8BV8RydVd/D73eMhDMex+Bq5RDLlqoiJS1DeZOFYB0czsol47jrlBL+PvMEuVMXVktWk17pO648JMZ/l/xkK2kTWlR8jnLN/yOr8YZ0q14DvG6NgHUBxnTLR4H+O9QDXf2H6bCGCt+pa6GP65U4UvA1V+MY+rNHC/561GPznn+Qv7OSx+SEgNqQFWY6KpHvvP3c8O0oHLj6l+1vakPngUhSNpOB35lPyGS9Pv+oScfZK70xyGiAov8UYfVPR5AWE4N3Ep9gmcRX9p/hz7eybfGR5kT2u3IbThbNwpi45eBmcpcKQs0g1EidhL4FwZska341TxXP2VnAE+FBDFfrhbo5f3GiQALdPqYLy+L+Ypd9MS+dGQsoug4vGjzB/PwOvrbanp8HvSeF1lmU2zMCPpt9gAVBk9A42h+FslL4hrk1n+0kdpxUx6k670DhahLkPpUDy4gNWHijj6dJToa1irfZ5YElmLx/SwtDzEGup5f9/pvKGzrNIXy/Nqz0eQuasutIrC4fpHRyKCpQl88EnYX7glPx5HAffYkDCNwhQc+dP4Dpsze48MBIrKpcz7KjRtFCvX04vHspD96XoncuBBlBypjbacShUnvpdMYZHngwgEtW25Papnl468E4vt4wjW6mmYDB+yj6vCGQ1jx7jf0DM+iZ6y5yHNBgAbmj2O9TgIL6UqizcByIZczEwHgpfuxvB+3eP7DGGkgs9DreUd1LxXuSUGV4M/o7M+Sci6N5KmsgYJcZH+tdAcPaniTj9QAsf0yk827DvFpmPqXjaKjb/ZR+zVPgmhmjyNpcgg5nAQVHJvMsGwUe+JnNkvWX8G/dePBakIRhdZs5KPoAnZslgMpTQlF+3gIQ3RAOh4veg3O2JC3MsAH5uCTOLlYBx6uPsKS2ga50toDeMmSntyPBdfUguZzPwZujEcY+a6VrG9xogcsfFC4cj5FXiAMWjYYcKUHSlzsDKR8ms0asMYSoufLCwgU4NuUgLRAcpHXO8RzoHYmdR6P58dUYWDDDjGKeKMDZDwBnxfpRN06C18+chA5VJ+hNTDVghxn43Y/FF0c2Id6Th5roY/wt7hev8uilIoMSqtjTgGP1AqlBSImOdq4ibbsdeMLcCLYM2tKcbVn4uEcb41L9WHjkb7Ib64ljLWtx9rYNvFT+IU+rtYB5Rg/w1eJobLwozGOc2sk99xyv6k7n57pbcObGSLYa2sQvUqRhXs05kh+eDlOjCUSrA/mGwEL0rlpEkavX4b1HErBxyTJK6BKDsxPV+cmwHbnfsQO370KoN/Mg7r9lwQdGCLCGiz4Xv8vi8uvCsFxxJTWGzmVHp69g8tsF474sAKc+T2KvAl646D7srQiCzmZNeBp+kqyP6oJg9GeM3BnJBScnwXWPwzBvZjCmJ9ny0eok+hHJMJj7myOmymL6iDugeroFlC0JS5bOw/L5CbxK4yIfyl4NutFy4FupRFublFij2h9t23LwvFQhJGXFg80XJvMzRyhoexC6W2rADsMCfBkmzjoikSzeFwUdcw9wRXgFzbx8CDsiTLDomRjPXaAJsXVxtNLrGKsOiXLIgTFUdyOSQnIjWWp1JT74Nxk8l/dTj7I+3PTWgfN7m2GtZTUnaPeyYbgcdEYFk1yfNT1yjufnG6fAjnOj4NCxqRi2Q4lC635ztKsVtX47gRcH+mn8gT48m9kF40wUYNs2Hfhn/I1Ut7+iyvrt4Cv4Dnaq5aNPqys+D7iJZl5ikPkuDf2u2EP3iNs0YlYbtVmF0mzvEtJk5Od7xDkzXJJk0ZcPqAfBgkIxqN0+RG9ffwPBv0GYcVUDzlQ7gay6MkWMHglm4h+g27UODp4QgPO7RXnl7kMYnJXDY8/7wlR9OzwqfgzvDXths/gNfF4bD6+sjCFYsRkfGxvxBb3b6LkyA+Pyz8EI60xclXEPJeXGs51oKWD5CKgNVaA1JSLsvl2aPrV48qmgv3zcwBCPJg+x8TUnnnw3ibTvjAaJuctAz0aEvw7PQpeGIJQPzEG3ljPcqp6FDw/p0c4ptrBjrgqYPM3E6D9rcLJGF2wpFCK96BuYVLAEHuz+D4LPH4a5NX9RY6s9/JeSQ5+7ZvOJL3F01NeDnnt14qkBNQqNkeIX9cIgsFsIOwIMoDd2FyybXwczRKXw8vL3lHhXg64bJ7LNnlh2WzmP/O8voJx9tjBvkTvKbAyCkquHwejLa8raMJdjTTTRM30BbHao5Ps798L2GHOwi8vFv44jWH/lOvpbtAXvcx9/WqzHCWlDmPTWhSWLE2BWmSn8urgMQ+wNYItlHF7pWcTNYd7876k7G7+W4l2N1ozu9Vijog0h6Uvot9YM+DMzio66x+Okms9kv7eMG+e/ZJ1gJN+UUXz7mhS0Fp3H/ftXUsXpXfjQoR3s+mbgVO9dJJPeB/LyU/GuSirM15WBh0tCsNjjKTz3W03liTu5L7oFFwWX8fEWN/S8qAXLr5+mW6IaMPmgMzxOu49j13/hyj5NUnkri4ObV+Pui1Nxk6YYHZURxRsCYvDVtRdvrYyklfMPkfVXB3j9w4rHup5iS8vb/Gt5KfkoP6QN5ywgbiCB73+WxqHp+6HjUzTa7w8H1VQ/Xkmn6VGmG6+YlYBlNuPg0LohnLPyGGa9TKZDCoYQl6DMqcO3Waz9CmRvMiQj93u4t8kAWuSJzKVqKCF+Akzzngwr487CvJIs7JewhjVvDDkxXgNHlZjBVuU6TK505GunWkm9fJDcVKRJ2uw98U81rF9RiO+Sk9AW1WBNrTwKVn6ha6su0EPDuXywpYeofwHC6XPkl/6A3O7LsdYbMQj81o1V9x+DsaAbhMnPwuLnqbC/dD0bP90Hz9oD0GLZbJRzsYQve8xIfEwezf1RRn+DpXFjmylvc3TkgQxvlnOUIF8vYzQtGwl7t3xh44wHMObybLiZvRXc5DfDu899bCjeTQKSHTCt4zNvOiUEbW7ptLu2k4e2zIa0a/28de4kUNFppznqcjwoWkmHpl7FviFRaC37xbfDPQAL29l41yyYXhjCWjpSvOtANY/zdCXzxzXgehfAIewyFBd/5q/fTuL2H1/ILnA0LdU5Awd2BNCEJA3yn9lH103EQdPTBKfuH+IG3QdsdU0Tzo+fzOo77oGKux1dOGvKTmLfKFHTDnbhLwh5doOvty2EZdqavFHuCj/3V2DzE7eocfYd6ivox006yqB2/jNeunmNFOpu8hebKrKZmQpy56PAeZYqXu27zeMW+1H8BjGwTUtFgUu16NtdibZVgXBg3kYYkHXH1BclJHQ5D5J/iIHKX1vQmNEOSW8N6cO7c2QvNBX/7j6L5wM6+VOMB/Tu/Qbt7xk05HUg3ek81rgYQrGxHVqlLiWZlbG89fNTPL27n3ascKFAVzMumisO3vdz2LelkXtrimDzYVmIHm7i5d3BcFg0A/RXBNDZ2HywW68AZ2atxv0uI/Bwmy1KNbtA1exqOiLhS9NO9+Kgjz5dLjzGlvIEWaqx/DENqPJsCm4Z8KUV44Vx5cT5dHWzEU1Xno2Z16ZDYb02dE98RJ62GpT3Zx9r4xceL/kP3GZcRq9xCjgmxRmNEjdiV/IoeNCpBL2OnpyRFouHCuZixpspfCF/Fx5teovPTkcC5xN8mI3QL/WSxftsOCJjFtRozuHtKln4s0YNPx4/BbJLfsOJuvko5CEB4ydeQr0x+ujgaQYtCzo5zus/ULq0D1/4m9FzrQFccMcEr7dbwGmB42y1PJRCTtymWn9F9KpUQ9nGzzAyWY9PzWnnPcnf0NReFKR27GFHq/0YnzuGSndVQ8j9HTi/14xgvTAY8TjaGBOM77QQSk5mYtWNeJql5wS7zl3nSf4hOETObMBXsCxuI9hlaFBgx0QQnfgWN0+Yje6PutBPzgF9VhVTRFsAH9BdAEG/bfiB1Q9QcxMAaSsJtBKeSmHBHvgjfQ/lFO7A8O0PuOOGKwoV7qHpgvH83kAQPqYwfU3Zw/q69rjvyWdQbNjMjl9msNmNYhz//AFm2qxmzSsCILPFAYK+/6aPCQNsK/kdW9d5kJ7YHlLVEkapxJsoNfwK9g9YQHKEIT5VEWJRyxYeFZEP2xIKYfIpK5w74w43znuMfLIBV8QiNGYshnPGOzmgrxzbI4z529EQdqrNgIWXMunGAhty8D9Gy42NINFWgsKc7WjH3kcs/XYu/dyRyA1jzSHTJJkWyX/g+/qaePq1CBSG/sLlBfnofMcZa18vwJLYxRS5PB+9d2dysc5NzFa6SWbvEY4nvILxi79ik5wXt0zS5mC7IsyMLICb+2W5wqyP45rL4EmhOSytGQu32tfRqDN/8J1HOu6e3s47xiNKRrhC8jQZLjGfwXtPakDaLiOMvnyJwmYqkrL2Enobmkjl55VJY81EdLiwkbKkk0guUhDy8+djR90i9g/ajzemiVGfWjt0GX9gNhag92k+NHKiAIWHicOVR08hKbmEHjeVgeJVBqEGNdxuFw55BTOgWVCCF6pH8Bx5AuPbEjRpZDyRbxenhqeixwh5tjy7A6/pteJ67VbCy06kNUsHJrrJ8+WlPmy1ohnvLAWMel7JwqZz0PXYEOYfNqZwtS+QXKQEKVLpbBZxhmpsFTn810l0GhpDi/LWUtjXAuoq7kN65oICCiqwLHUnlAVtwklRzyDSxILVTjJMe6CMW70tqKLFARzzKzk8bhLMH1uDZy9fgeW9X0Au4TUN3PBnr4fOUMcX8WrDJThlL0v+umPgQPpsarFzR4VnjfTPcwY73/1G2aGXSOClB19hY/gvrgeCnwlAuYIGN0nspy9PQyDIq59uyS/m/uJeOuOwjCymBrNe5Qs8bG4MsS/iyNVvEZTWpKNL+iaUmuvPbx8v41ThaFxX/IbU51yDqI0iMK/kJyXIaoCEQTPenRNNjSG3eZXaMIddtqA5FhUUNmhLMkmTYPfd77SoJIKlnwTTwWcnYbSHDacfroaLdoTdx+U4sD6S7U6qQ9ZuNR6cuBpm8losO2MOi7/Hs/WFd7hEXhNWz/Rj0bCV/N86AYhrD6DC7Sl4OTmbPih8pvUV4Wg2wwiU15lBmq0GPnZsJ8Hz6nCnzxgbDjZAauV5dtzVDbHjlUBcxZRXSN3EY2k1VPwujOw1deGG6UYuMRDnxfQAGzP+wPyiszDPWgR7RfMhw28+fdz0FswEx4Kray/15gnwioHnwMumssd0UZBZfwC+nZHFuxFpEBayEQtqRkOi+WjIrxQHYRMV0vhUQT9c/anVaQHopv7HPdsd+U/5LnA7YQyzXyTANstSftPtSiajz+ID4Rq8frKB5YvFUfXvL/44rhK0klXgcfA/unP8E42Nvw0j3gjBS8GTWDXbhqrP2JHTjbPklupBliqi4Dd9MS72CEKN2nj0zBHDRTND4cFrdzh8240mL7Kn1b3ryTtMBU74BMKltlBqe90FuoH5sDt9K0tEv4XZsyIwcvl0Li6KYPUIabiUqYnzI59B4++1MG7ZW67a+Rwr7z7CztRicn16H3eF54HobWGIcJiNf9c+o0OWrSCd7on3jq9mJeuRaGk5gLc7bHDnuomctU4ZnpzqwDMhKfC5ah+rGH4HoUhhdrfrwjPrK+BDfyaekJKA+TsEYP6GRTTprSw+edNJP/ZdhSeKE2jCuqnUrrsCdrhG8TzzMNautIfl1edZxLsbfmbdh5eGLrzmvAttCxOBe3PqOfHDY04S2I+xZxCaRNQ52JOYy7eSnlYNHo2JICncD+Lb1PhmzDC+fqnNY7c6gMy3XOqTKycZ1xmw2kiPPI7P41t9BnhBSoq0fZpx1kAPl5zSh6vXwkm7bw2M6ncjqaxFvHXlNHhltJduTf9CyZ3vqPHLc4zyt4Kmvq0kvXss3w1rRpE1/TDiYRTtHp9BU2vL4HvBQtR7uRdSZgjBZc1RaDVpkJ2ntZPN8zL6r/MeBbvOQNtJOpA+Nhpr47Th4BtN2HK7AVWvjoLa5H54WGWK7vL69LVkAz6wegTegYp0zzaM/27Wh3/V2tixeBBGT5sP4PSHdvoLQHvjNp5XFgrt59SwZtdjtMoeC8rlr+lE5yOu8Ukju5UKNPDwJigFhtCEPSdQ+qkLumXcoKOVDJYtzXBZdi5O6LWCU13ZZCPA/O6gHVRZP4Gt6hNp/br72LpcHaosYtFx1BTaK2FLY1QCeO5EbzxxZS7tlxSifxUfKSJ0An7XkYTTd5/Sqa6ZsM90DKo/nUzHly3m7pHAMmc82ds+ijZNV0fHNZPA1+EWlvz2wuM3ltG4a9Vw60EM7K39gkt+m9F59xTUWP+HtX+OhPCjvvzTxAaX/87i1SeE4JAR4PRrCnT/3FROU5sMdfru/DbGDnbk3cX711ZQq3IvN48w5O8HSzFqkT9FOCxEW+vl/D3JGCXKR8ObXwup9LEq5gokwJbOMyR3UoxiaodBW/gmvFTJoGT/ZkzdLQBqM19wlIMbqE/p4UwNEchbHkevZC1ht2g/1a5p5p4TS1HsgTWMtlyEmyISAcsfgmDSYlY/acgqU83AZep6sHB5BgWQRadM9KDN4AveFLCjPMFtPOxUjAffpkK97HfMOHENjoS2ooPoRHh7B+BDuTwHqcyil3tyeJeyEeT9yoUpqSE0WfstjtpzkSZ5XyJvNYZlc7bABd/pOHn4LeT+CACBpHSoU49AbfWdVHf5PTwVUKOHQaawqi2DT5+X5xs628HYSQILbeI5c0sfrT7TxTZSM2CpqCJ3/xwJweN76YjmMVh6pJsSfZpw2p7HSAMMLhbhNDVsGXe/VEPld0rwtc6NJ86dDWMO3mPLZdNoxfNC8lCNJYmcAky785aMd/jDx6/mcDfqLMfELYVAZym2W3OOvOU24JKtVvTl0TG8XGvISu+96E0BQaHNWnxRWQovQ+R4bm0bHi67iRXlzrQ7ZiXJxWvTo8treHebPvTMkQPtkju4ZNYpfmHYBd6Z8+lSgwqKpZSQ2RkjnlhrSc/uy4K76iDUjxOH02ap/PXuMOz9KYe3xr+Et6pv4KnhW5Ly+0qllrJwcq0m5ygdwlUdwmCy/htvuLOFHFbshyexumxllwPZfq/AycAavj0bpskjZlPz6dtobKyJr1dZs0e3BOWNLWenzvEgM16exzUawfIrziQ0/QvMllZk32h/iF/1mbNfruR6I3PQtvem4uaNODBdB7LqpqJKQyN+uOBNaf4DtMmtmXRNf1Nm2QR4GroXs4/doZ0vtADmO2KAgSGHVpXy8sH/WHFXFN1UWoHZO/9x1V8J/H3Qhk0cNOHLYWmquNGDYptr+WHCc3YM3QKbnm+kh7SAZykqQtTBWhxxXhvmyipSvowqbqMvMHGCLm14WorctgFKvHVQRtgXlBetg1N5ujDQ08MeGXa4S+gPXpg9xM1ogQ0nbiHlV9K/WXac6WJLUkcmwOnKQEy7ZYt9zdv5znJ1TtUVxjmp5mSyIIYtf8VipVUlyziNgLZ1LqRQMJrW+BdR2/QbpHwkj5xFLlB1mCfGlGynxSEv0TfZAhRm7KKjUaHYeVUZdrTVw9W2YJL4vJUbV4XCY5FC/LheAI+/l4bdB4xxwZA+l6mE8lhLb7CpEMK09CFYM9WBMg3H457TV6Bomw0cmfEKd0X641O/ZjB5mAzCdstp3Kk23jBzP6W2DuMnP18OkpMCjYpHeJxPo6JgIcaZRNOK0LkofmgyLJbOwZmvmI6zAY7SlIf40hjsKQrgjfUfASvE4WjSWXDwruS+f5b0Qk0XvqU4wYsfxiA27xni95NwefYkfrhrGpp6avG59CLcHUU87YEHVZtYYan1CNC7W8dFh3Txvo0nKtStQMM3+6FXsQ2LR+dynZo6b515GtPmCMO4tmBea5gBKj+0qXJpHvudu4XHdB/BUGomu1cfJiGNZlLOMoIRbmIkabAevfp7SebaDrZUWYzTNl/D6xPs+KivEOjcCQKN2Algev4nj97uCeLlF+HGwD5SkfgFX/Y3cmTkXlgPlRhVI4PFvnbgUnsKpmUGEyXUwsWL9Zj+oJ29gsMoRFsSgl2B0obl0PirNcjesEWxFzdhvmQgTJ59G9KOhnBSlRZIeG9F6/UM+r++UOYWCwgXWsILdNVo4Vlz2FHUBhVBm6jlzxAfNfWk15d14OHoH+R6UApG5xXx3KPq9KlYn+X6P/GiqctwoHALPhsTDJt+HuMpowEfCUqDrpsYfXtUCw6V0vj6agBPV6qi/7aOBImbbWD2eDVO2XwXBN3sIPyuC/nNzoDsuyHUHXYA7x28xtVHQ/lI2jsssge0troOavH2kCxTyXrZAhgamYkLDKtos1cxqjbeAG2HWtzU9AlvJv0BqS49mCU6BmITvaBsczhUxA7g8tM5nP1Pgy+/XsqVHeMxVa8ajisrgV/mNdS4rwrB75zI0vwijwpv4Xm7toBnXQQ7N+rz5jYxfFXpALGnrHiKyi/QHR7mpNe+1LX4H5m8SIfjOnVUWHwA+cJW2HhOGoJP/iLN+5XctOotOkuegKYoR2yXGYXhkol40FUd4+cEsp2kLHy6+5orMgQ4/nMnTn51ltak1MO+w6fx4DEBOHktmQXaXPnROFmQE+4iiXVvMEv4L17uv4POZ86g7+oPPOn9bNI4I8EdJvo8VkYVllTcQZPue+w0+iRLwnlS+RtCgqmNnL7Bhstv3yHVL6ORdsmB3PspkHzoIU8OD6LH0sY0Y/ZqKErzwFGDDby96hXPnrUWM9+qglxwIcmAGhnFLePLgTdYOiGcHmhE8vE/pvD9aASd1zAFeyFReL5fga4Gp6Ht2Qxa7jaFDZ2tYaycFk+eU4UqfxfCuIHFnPXSDCL2H+ANpxax/dUY+pW4CdYKL+EM25f0QvoJmB/6SidkHWjhr/EQovoJ5QzXw7ZvLtA28AXMju2hV+LRaFy2GYOXvqGPj97hhN82ILtOlc5k6LDLn/Vc4aMGlusmkteNGLg+uRbdWv7RAxVt+hYuBWE7f4P9vm5cd/gjm9U6UnZROr8+PpIOCIrB5acncdN9CZ762xBGbJ8Fj+f0o2tlOysNz6YCnXQolHnF/ffDICzlFP8dM5fiNhpBUUM9Ve+Rp83ZPhx+Qxz1x+7FzxFaWLHjIkDPLv5dvxNenbKFyQeu8/jrSWxfps3zOhtxc74zP/R8QeozPHHBiGxen6PB9/8BpDUBrz3xlJ4XzkZlFS089u05K3z0QO/GROi+t5Zjt06nMb4m8Mk5gh/0nQUly1BeeKQSUPsqlN5r4qbCfOwpWIDhr7NZRVcKLrUH0ofNqZjX6soqO9R41dRmql85niocSnCzvCMNRCsDnzOFGB6iC4udYL/8aZzc4AdBpfEYGuqM1l+secGRC3BeJB/SE2XgxyQTXL/tI5mL15HnjlTed2oHS3w/TqMqyiBx3GKcNzsEHbuUQVdkOu/dYYzq/z6DqEMl9ssJ4VfznfBQ5xf/2O1G/hfnk8rvsXCzYRpptk8lj49CdDJuIZvOq6WmjYWQM/spVEbuhKTVPRjzUwQO7BlHqrnCrHHnP5i33h4TvJdRzqAW2G7thIK99ixX5snaexgM1FX4jukmCBR8QwqyFyi47DAJmotCZ6kttVpUQfGcddwnKAm5B5/j2XGxuCpPkf7ufM6baqV42oA3bp2cgWoi+eRf9IJj/tjAD8thVJ9xj6EROSfCFA0K3GDKnlKoXL6JTI/OxMYZG3GLpy18rBSluSsc+LaHBueHBKDPUhGQOP0cPU4KcFVxBHxaX8k7XUXg0UAXz1y9geq8F8GXrStwTPEWOlaQi88qh/HrgdOcMy2d6qwBtm4J5OJje1j5QC/ShdOUrBTFlmHl9G6nH0zV3ox9dhe5eqEJtDQvg4teTii9dgd1eMhTpG4iaO/fghMD3Sgi8QNJCy+i1YsmQdaYDs5d9xlLy3PgsF4LX4+qoo0WWbz4hD2INz2gIYst7KQpBHXW6dA0XA52dxdSGE6nK647QctYm88F78Kj6q6o3STHHxPGw9dWO+y3m8dCAzmYSNfIO9+e52duRb8L7uQzuxiGCw5DfCPBIqyh1hpVtPR6Aetl3nLI1Cxes53gxosFvEdUnrW31NFglRGESmWS+lF19Bj2wg9H/4P8LS084C4BR+OmQexacVzx3YYTSiTgTus1NPtPArYsleGV74TRW1kMYxw/YmxpFqVuD+KEAhcwcLYG94FzLPS1AySnhrDk5TdkGhGP+5Iu0LFFrpg8fTlG2dzj4XZ9WPnGniyEI0A38xbXPvkBrypfkv8ZG5LXWQTPTl6AvBd36D87SYi9YkcP895B9+Qd/C+2CpWWuLDJwmcQYJCMf7we0fpDe7g0Whv+pLbwocF8fGrRgusyYkjFZRcJ1zfTQ+90hE8TaUNABZ5vHg9fB46DwX/ytKLDAGp+I/z5E8GGsZ/I32U1C38xp2G1ClyYIwJCgQdpx4Js+LC9AAsuTaCHcxKxYs553L12N4a2KLLlEh1ec1Aa2kKOcX/rVlq1w5EyhmN4V+wqFPxSx8kn2vn8pV9o2a4PQRcVIOW7C/Y6VINmDpLoI2fQefmaEubOQO/Ti3lN+mWo2LyU+5bbQvPL+bBUzwRDpVXh8Fpg8b+/qLYjk4RbBbDh9iDe3vue4i8S1G+Zz9fDpKDN8AUsLJHg7Y9mQLH2Rv4nFIMCw1tZI04SRuuLgeNGa/j6wwge7HtHx2M8ue6bEf7UvwjPm16R7wg33jncgFMCVaD3+yk8ctcGtJYms4F4I3VcqWB9q9/0qUoQHz2egle+mfPjUg04M/YkKa8I4/j4cJYRMqGPEg0wTewh9H0rZLUt+iDdeB4ywg3hSqs+m5+LwqUZl/hjpDAHHhziojHfaObgKzrRo4c/dN6wULQIJOxfAf/tL8SUbWJ0Om8Dr28pJIvDD1ihow8dEkW4aXErRUXZQHd0C9eKaPELdxMQUF0JDSfD+e25w9BEB0D3qAzKv+6jXTJC0La5B6tqD8LxA/MosWE74ORyNjjbATMrbMnB+hNHlo+Dwq2jQWwgkcPnrsM9S22pTV0Dg3cm4pU6PyqwvEs7v6Zy1Lrp5HPdFKbcNmE/ufs8130NpK29Bld3ydHgy724w8USDcq2w1D/bTj9cASsnNDEXjfGUJpqKi3z/4L62SF0XJfQ2N2M/D0e0Z0CfTQssodc+ecoPP0nStu4Q+D5VHpU/4Lyz5VD57rjLO30GNbsug5toaKgIi/KWnmWuKa+l17ky6FPtRjvvKiNY+wC+EmyJ3baHAflTYbw0tyXRXS2o1S0H5xNUMApH40haXQTSD0b5IqKVGy/GM+3tulBydQ9+OZXN72mCpA60QGGf8Uhd3USLZqiRZ+qGUtk/+EWBRmYtKgDpvnegfaPAxQ26w3qnUwgmScXeKDCCl6MjcK+VD30M7QAvxF63Kc5B6LuTOEnF4UYpGbwQssuaplcC4dXqsCi2Q9obKE0XBvnxuc+3+VpXh6QJ+IDtc/2gb3gSpYZ1cOP0Y8P3t6PCVWKMHu3F8v3nsJv360hQtcKHokvID+R2ZA5VpIjvSTgSrU6jNggB2l+7fis6wOt2mLATpkTQbNzCpctmQiTl3ykM7fj6Y+YCyjPU4SOAUeOaPAjvedLoX1bN7cGV2JyliYeDGvAcyqfsa75D3xYLgiqoZLsLFAEfzL0KEb6M3ZVvaDHepkYpdWIN64cwSvZb3lwliTk/adM1ZIuYNL6BJ89P07L+iVA6GkBV2ik4zGDKvzv+no4skAGZKyD6Erpdb5W08iF/43EESdXwFjfl2Czx5nECl9xlkUTGF2wh5C3K1nJz45GvNpPN5/9o3KXJJq7wwgL95yD7o4pXHC1gJJyzEHUyhxX5tXDphUroa2mik95JeGtI/YoNxABo7bV8bXjPqgVowRus2vB5/V52HhpLF4d+geffkbyjA9RpOVYxYn7NrBajiKIO1iCiQdBZ7klfhWYAp0Dv/lOnDfYvxWklalBGGp6gAZqr/G86wBdVUs4pi6XEodbyNnnEAWVPyTt9k389OhB/HRxP704kY4uPQqwvjcLfHwu8KqHPaiffhQKV6uQ46n/eJyrDfTsL8J1LvGouAJB5c8/LN4oxeWLjHE8/eJLP5PR/Zsn3ap5QJ9PjKab+RvAvGoSbO49g+J+IhDrdovhexKu2XwDBZs3016Pe6wWGUMvtUbSZjttmGi6km/dNYbOBHf+HKeMHwudYHRMNDu7boSQyGx8anUPf163B1+r7+BlMAq2FjRy0ShFGqvUzTL5O9j7iS39rUe896QWf3yygKIrnTwo6clbh9Th/HoxeJg8kZ3VOyEh+g8431hAIweN+ISQEfgqTYcO7xj0fhlP1ipGLHnGCqIGD/LhtG76PXcIu7Z9ouo/8jDO1Z5PvQ7Aa18+k5eBOJ94bMwZ6WdoTIcjdo3cATXHVUDz7wgYeUgJGlwPUtiWJZDlNJ6tf4dz3fZR9Ckln6IXh/KyP/dgT+EYUOtaTbCxnKdOPML1Fv2wfbiE/CJ+oqxaH9z5T4Fnzbelky9kwMp3HX+Uek2vxt/AVc2r+eOuHvo3+Q/eeDqCVJ0e0I/BOeBYqAkaUk4QLkygqmDBi4cM0SHME4Qe5BEI6UKdgidOexlIG3LNwHCkMa4KeIwBD0dAzF5tvF/kBAEhJ3iVXRCMyRuBwVqLMc9BA0xENvMeHQM+9ieXZ5jfo0n2oVyWMoxn5x/h2F0NUFrnjJqBY0Fj736U/FICRaY/+L+ci+Bb+Jb27MhkB4EuOnV9kMqK/tGoOwpwtUSK0biLZHtP4O7Lb3if0FksCfgMU51UadvpBTDplTTvKRkDY1tt0LnnKet31dJJmTIC2ft8ZLoBbNhbDnm/28Bj+hheu3c8hM9uBzQdz7pxjyktazbdmBbHp1gPT9oSiwTtZJ9LuZyA8jC09ia2jojGAikjPsaHIP6MIAb1i+Nse0Gc89YDHulZc2qpA0yoeQTr37azfs9eNlF+gE+9VsHLA/lYLmNHUv3W6OKuhjXRQqB3xwUr5eJA0+UxGHsM4+KiGRywNRObUo/zv7S3vCZ0H/rmqsGifxfg5lRbWNubQe+xiSQ0J1DQWmXozXIkLdEfYLj9DN5SnQR+p1zZyKsI6ypf0K/DrnT5WD1e/TMXqsdv5mZvf6j7NYUfJ9vBSLepuPPQZiq9fY+DNxvT308B2HTIhMPOneORSxpwh8p+in1pAB2XBWFCgRUljPrDgtXz4GrVFqx/P5/tfT+Tvf9ahsMhaO5kA7clTnJyYBjsn5EI8VcKUVZ5OvxKWAvawck42c4Dc3EX+9mZwDlXKzBy1odf3tIwocaZ/QyvgWXoLbx1dz7YsgiMLzCDnecNYLTrKtr05j+QeLWCOjuvUOjV4zyqgPnC+FtccnKAB7x3sv1TM+jSmoO9l+9T0wtbWFIgjmVGYyj10m0su5QBUo8Okbq0CxjYK4Nkqxh6i8zF+lGGHLw2kmYFzKHHyU/Z2Goa9/kEoVmsDDaryMCk74rw0no6WJo8xPXzHCA5uQY1vwrh/fpntNw1BXD9P/5pZQtdUR+ZDgVh3fJGjvmxiMFIikRPefIL9RfcUOeGL5baQdqQJUz+6I76q1PQZ7CEPk/voWHlSKipTef4lovwKCkbD3Z/xUn+42Cw4AluWjeLtDqcedfWZpZoW85iNuH0fMJUetL0iMcEXoW5YVogejoNOsUbcadcMj5xjKYjGkew1XYbCU72g01XVsCxyHDouK0Nkhes8aH0Z76b4A9hGbmkGNAE0y9+pt9DEiR5Yxy8T3xEyt9MQNtMh7OPvKNYfUOSPvSHS60cMahyHI2Y2A4Pl9+CDAzh25HS8NNuGVedzScT82dcbj2ZsG8RRfi/gKXTzuM6pWl862o8mZwyh7nPK6G19Du/jumnSfJGbGZiAAed/+NpKemgc+QvZjWlwdID6vA+u41Ueq7zjc5ICg4uRtNSHz43ezQUOZ+liB4r7t5Qg+t3a0LUzhaq2HSPcM4yEMxZgZP9p2CtzAsamn6XcnfmgF52J6SnjYTD1S+hrfky5igeQtt8DZSuEuFVMcP0bnAjj6/cAH0XPsGhHBkokx+BhSKuJH5+MY/gdg7N246ZqUD6O76jzfk1rOL+j1pX6UD7k3Is6lRCbxVlbNpQz5PPL8X433sw72AP8ccB+N25D3WeOkDExlOsJHCS40/0sU9tN7snL0dNgd88KyIcVm+aAYvk16H0eTX4orIPqtW2QsiW8/Dj9zlUCGmGJx4aJLjCkbRabWh7QiQsumYMP95ns4+qEp1rGQVrtFWhXGSAFy8SYhe73RBX4kZyrUdZ/uYE+Pv4JgjNXkt3bl6Auj9vaPKsAlJIWAc13Rdobp8EjF7pi7KvRoGO3wsa6g1Cg5QMvmyfy3Z6qdS2RxrTGov45t1oyOqaDv+9VIIybzfs3zeEL6IXwMLWGXBPUxNTAhUh22Y6pd9G7k09irUnJ8GrpAo80vAE+xUV0aQ5lh9IyXHT9TbUq8/n8um97Kv5kw/5TYA7n9RR+ZwfacxMx3iTdBC+1A7N/dm00nQB5we/5WuPUrBOZwIIad/lzMRGtio2p1i1jViU2IQ+OofRUesbRlQ4cP/fxzDxuCSI9W2nS/1lMDpBA8Y+cuTpdqrw+qIR/Mm5Ckvj1pLIgwj+5SoI1vX6MGFmE3vdPYjVijnstPU0T0lfxtE92aCq0YCa+47gTVUNeHN5HaY9PwZ2yXV4fGQQFW39Cb8q5vFtmwMolvQOX9wrp6pWC4h+nQJXD7rgs6KdlGPexC8PlUHUJAPqszoNIbeNaMvEf+xvrgWlYws45GMCTKwM59hYffBxj4TQTxI4r+MWRWes43FNApDzxB5qTiiQomgt3Dxbw3l3wlA4fw2pXA2BW6VjqKcuELdJnoC7ZeqwYcEcCFzsxDXOs8DazAIkLyWScMgO2rI0DiyCnkHL2lk8f545fF9ZBsN/lPE/bRFa6fOHr3x7RBniNyHG+xMOCTxDD9s3GFSqCOWV2zAjzBlHT2ikUwvPwsRdXTj6cihVOf3g/m9H8MbMafSqQg0OKxFrhEZAxL9cSumXRwGRI/zV/SrnqVuSTIs1GmqW0Y2k8SCx+DW6b41CUdW1VLHzLrjOnwFyO+sp6DbiSdtMuneG6fQ0IXhyLw23b/jGU2avYqPV7iBisQzuL9nKHkE/odFlMTz5XQ2ZQXZg03kOnpbsxeLn1XDJ7iJ8L2WYDbkQ3zUaZAY1UYBuwytDJciL6OJ2X3+6+fI4dirm0iO/DLgk7o5GL96DrIokmZb/gHuLTWCxoBOvjb/Fym15+O/7AzwUcZVr2zfy2Iy3MGtyLjZkjWGVKXJQYTUF3zxq5S11Idzp0oCare2sVGSP8pneEC9+nw6O2IpSukYgLWKDX/668tPbLTRm/ys2N1GEOx86aV7NcSouzOQuX1lqcVYDiNvKvxefwlPLdKA26zGqFvtS8B4jOGb7nqodJvGMKF8oc9YFz8XOlLjvOytVa3DUCGMYXLKMlgXr0hK7LK7Y30xLtFfj/V5rWLSxmKoHMjDVVA/PtmticksSjXhtiiE4GeYdiMWbMopcEGb+f/N/k0470F/hGTzp3yE2uODFBlfVQXwagWjtLGi8XoKa2YP0ZMYouBfRjuFS66hZYRstWqsGNWMn4bEgAa4N8YE/Fa8hzp8IREbCZLkPFKLags6bf0NLdzdFlx6Fz2bTcXVhE1rf88V921ZR5BYb8NfrhoB3p0Ht7UWqyCvF+aeVyN1mNXdk/iO5vx/gdzLThkYJaHygBGlT3Xi8xFHou+EK+jdukk8wcX+4NG56uRG/b0rhWzGKMGq9J3W5x4L3pLskfSsU3Tr0+cPyOjC9ao+yDu9pnFAY2FeLws/d5yF98CEbJdjg7Pd9aBovSwZ3JdCnUA9+vRWlNYY3OEZEG3adM6Wnqtl0MLcX4yOV6apfJZj+9MfsM3n4e0YHK1YXsOhRC3ifOROETzlBWbcjd7fa07u112njrzF8qb6JFm6eCkkvj+CVSVoQomfGEiVN2FQlw+9b2/nVyjq69TQPJX6aw0StY2T5LAFX9o2H9RP2w4dJImR6Zyq/CVgGahEr+KPBIOTm9sH0bE1c3uGD06RFYOQYczhqOArkfZtxV0sdSj/7wutWzAQh5aWsY3mHNXYEcOAzUfCZWUAnRohQxthQbFgZAAe2LuCKxg1sXl0OO7snsKxiMbs5K4PolOXU7f+IExtPcWB7AqeP20pLRlbw8YWunB9wnLYs+EBLV8jBFk1TeCIegllv8vjTgyCO/bsbF+0eT69Caunhuj38t+UmLH5tCiUNg3hO8Rq3d5tzieMlyHe1Z6fda3G/uQEp7ijn/BQLkrWRg+xqe7YYMYPeHv8A939I8qoxx6HRpBQk1frx3LMg8lh4B89ly8DU6ElUvqAB1uYxj9t8GV7VxpB4TimmXXsBa6SG8PYYe/JTMAE5HQVe0+5LAkkDVOBznpcsDATfkVrw9e9zinvtCJXF5qjvIwlrNOUwiRzAIuk4Kd9ZAKeOR8HkGVZ8zTme3U/o48k0K/66agzMeh9IR+YOkf3qRfhqnx1LX+6Hnq/d9HL8RfSbaw8t8w7gqwoj+HqwDU6L+MGyzU2ko1LKmvJeaND/nGoEizHx8wkwTIzlpHAduPdaHqqcp8PcS9U0MNYC799LgUkpwuQ1dBUeF41G5/mHWCrIDEJkVEnzTyxGJ/6mVYccYIaXNaZ/rKOd1VtYUI9B4Fo6OBsrwVrdeuyZugvWxD7lK4+HseZ/BMAHIBAIFADQP4xIKiIrQklkZITMkhBJCg2llChFQkoSSSiaJG0VikSkLk2UQoUWSiGpFFJCRrnn+QckfcQh7dVz9C9fAmciPWhmoBncz1tGhaGSfKL7Ag2+/gujl1pAsIMy/Av24PZsQcqRLMQV69RhZcwYMrvaS+/Nr1HDnSYayN+ALm82UlLOThgwC8LjhR9pftAEWCMXy1tn5AKZ2kOp/RAYTHtKE3PWU4/OLZSqmMyXL07CXYMj4GmzHuy02QVHNtfwvbJvPL3Glr5tPghhN2qgaiAQZls380CgBsyOTmYjcUk8P+8Z6YtFQ4XkQRYbK4qjDn6H1dGGbDbNEhJuGsCVokZWPv6HJiz9iv1V8zjhrjeGJL/hzTtKUVVNCZfv38SVgupw2NKYft4thqETT6DdNQs2HVmJ3p03aZHvNg5MkccowzUo1GIJf+6XYsMGQxSSt0f+LsrxW6fQDcclOKfhFC/WvspRzRNwurQclFs8IL0pBtDeMxq/f36CsipqZD+pgY99bwGvWQok4CFMsZPlwXxHG1/RUga3oteQuzgdhiJ90Ve+goNk/GCv9QksiA3gjj4FiNr4gCUdftIqywXk+t8NFOxxgxdHpoBZ8B34cTcCHz60gBUHhaDvyhi6oh1GcS9fU3WOIC0s/0fqlTm0t+Ydr7m1EM8sFOYdkuPBevVyWiu9lMwvbeIBldngUDmLM/wnQbSmMdl5Z8Gfr+F0edpYWCstgWfm9GJkcSj4W3mSachSLMoL4XPqM6Hg6Ci0jfkFh2ebQoDuDr6muJ6iopeBj/cdXLDOHcqrv+PWHgvaGvsHU8NTwXmbPpyI3U5DClN5p88Av9xgzD4NGVAYEg6Vv2bgnY23uTk1kTXr9eD4ktNwNLyHgka1U7d+OL+s3QHCgv0of62VPu2R4s1lPTipXhF+qOmB5pFJsFLqHwwWMYUE/+Y3oZa0UfcWJGSOwJ2ZHZyfNBI2AIJSynPaM9+ffrz8R23pIahfvworZN5ilfgs7s75Sf0dgnDV4CItMCnBD67L2Un0AkyNd6HNL3M4Y7IeV0nPpYajC2CDhzJUTtVjj+X1LJ/yF9o3SeKLszU0uH8TvKlMpv5nx+FC0kk4qygCFX9c6dDhVLLcM4zvYi/g2O3icLPLgYOzq8kvXZH+FbnDKSVVaIowJ5f98XD+TwKf7vfGxe3iKHO8A1qmn+VphSXUHOtK1pHq8KE/FR+UfYMv75zozeAqbpmTCT+8y7lnUzeZ9Vvx0MvlUNOjC9cv1nK/rAMdja4mgbZ29j9TxLIjl6C5cgg8kSvmRQWL0CrJDMqdCijhoxTtz0zjw39r6XhtF453+YinPL6BYIEmnCkV4upt0+G2jQ9K2Syjlh+ruL7MGoSO2IDRrzB69XkL9emPR2nHFN6mJw11XxpZ/4gzw+VQvty3DNNziOxMDalhhBuuFejFPO10fHdWCTTc+rAnUQyutB/CxFBZNJ5+DdO7itny5Ta+8V8a7lvtzV9jVUDt6XbY+fIDyURaQ1JZN9y6kcC/tH7hy4xueFHeR/lKX9hUWAOeOFZiTc1Ljl2QjD8Ob6fdNZOw/bgJX1rZxP/ujeHHe1fj8UYBePXtH3l6G9GctfZoVz0C8oqBf+l344uSNnIXC8ApYc/5RS+Diawb9jnv55mvL5Ml3ke533/40oYEyJp9DqKq97PR0xZcetQM4PwA1Q30Q5jnUVw3Uo37jx0i+VIDqE+Rxl+eDpQ1sJVX/gaQ9LbD46rAO4ud+e3HkWh6Ox7apl3nfLHfPGKDAU/vqoVWcXNYpx7CVgdiaYxKNmlE7GbZ5/akedMXrMoyaLXiYwppVYDWRmMYPrMERz6vxj4TC/zg3MFZUWc5/5c1fC/9yV7F/1BytDM8AnX4FzzEcKMHjl/czWoBh6Bo007ySDGGi6EnsMDFlz2rCrBwpwiU63bB8/nVqNSynJu+KmLdpvUg8q4TB5Sz0dbADH4t+MC/KiaCQWcmuKqLkXR1CAqnS+CFLnOMenaXJ6d857oHFSClJQE9owUg3rEYcmzWgcMjGeBTSej9LgLzBxVAXHgVvdz/AivTiURBHlT/PEThvU9w8bt1OOGKGiVGDdBcWeJ0eV1YVLKA987oA70cdXh7/wjNvPUM1hrshrWCfeSwLg8N/0Zyj+0eCs4P5du0n4yXTAaLngMcJGGA43q8uZ5teOYjHXqmEMXhY1X43p0A2B6ggSNjRsHxNika7HbnhSY1OHIgmV3CP+GBA3to5r0/tCMylq7t2YWiujqQfew9Dt+SZakAeTheWkxHDwmiulc5aVTPp2fXcuGz2EvSH6EInYV3IWfpWnp87yNWeubAx2VpbPWsCA4trABPq/NsUlLJv5UlYWPyIbZT/wd5B40hoWosSbnP54accvSv2QiyS7UZrWrQ1V8S8haVYXWeE3Q4+8FPiQS4d8uPe/0UIHCHIp0xtaAra0dCsupYGOmWQvumNKOmigFEOPjAnsVymPqugdXthdEex5Jf2GrQvQxQ1FxJt44voCXezVxfMgg/o+Rxxf0+VudsNEpywJo9pXDOVAX+Kq7mba/fwMG6/XS3Yh6emTKWCkrtgV+7c9o5Q26+Y0mFryaC75kEvKgzlbJTCRtUf4HC1GyeOVuYY98ugsv1N2lO8hy64y0Jfqmb8IS9JoSr/iUbi6koskwCL5y/RH+LypnuT4SahbFsli0Bz08ocvwlHdJ8+ZTXXXkAMi+mwb1aZ7ztnIRu4rnwZUAG97yYAbEBaykZ3/HVxFKy9LJC/VVAq73a8YvTSAwfOQu0Fk8m90ZRsH70g5+2zCWJWcfZYuMBfiA0AUKEFajg3nrYuEMVNZ9coclL9WG2/XPOSx6D3hse8hlTR/BQS0R1w06C7jQW+OGBf0sdKF5MGy5eFKX140fxyOmv8NFuAzCes4lrsq244+B9FvzvNE7etIXuvjWH6R1r2Ev6JEX8VOeBkijc+99KrE3aTXsuAV+fqUKj1VTIx5dBOCaBE3q3QUnRdSzqDoDzOpU0YcJx2Gq2AK1X6tHroevopGgJ1T/cuOxqI5Ub+tFt+WEaHrzHJyMlaPJcN5b7tIKna2jganGAx12Z+Lv1Dks0joazqWcgbdx43iT4he7lluCiKGP2F+iC5C5h2PnmDZT4K+OzKjUI3tyOVY/u0eKk/Wh8Whz7aq+hsHAmVHwH2DSiAX4qHePRu/bxsm0FLFmzA58/X8WnRKPoj9At8gsch2/KJOBA2yPeOfobf3nXhR1NW/BxagwGdh0jH+N1+KZeDt6dKSfjeHPQkkSQa0hF2wkjQUzZEO3asuFSQwzIpRymf2+rMad7Kq1/Og50BjLox5Qv7OboAeVtXuzcNwVje/fjqy015C4bQMO1zeTTbQZqN8zI9+kBvDkoyusN28Fm3RcIERjLvCMXDIw+QMfwU1RImAFOkfrwdN8O7os5QiZ708HxczwFFcXxhhVtUH7rLCav/URK9QZwX8CTl8y6Su+nCKJr5xrSeapPjxJbWX35Iv4zSg6mnyzH9e3TYNfBAI6e9ZF3SU/jhxJKWDEzGdwznDghbilciHai9gpXeqY1Bhpf6WCi8SOQLtXg/fLZ4JP9Dpu/dsCjaxpo4lzMhXknKcV2HBxfZYWDOwxg7sfbEHNTkCakmtNYE3FcnDIPR3n4Y/iD/fRk2wRwClmK+j8ec8d5UxIRj8JrL+fAin/nuCDqF0/zmcep6qOp5akZtKWocxy8Au+eRP5RN0w+DqPQZlYlr1Ab5JuPEAL9CvFF5ig48FyU/l7fTr2+4Xw6J4oDjU5AeJwfCsh9R2ntr2DWuY3UNwtAf+ZZPJgxEvME1/OVm0FUWZGJvTv9aXj6Lhxnr0BNNc/x74A2nL2phbcvfgLh8zoQ87wCdbZ8QHIYx5eCp/Ha/CC2r+3Fgn5LWB6pxvfjc7kvZzLlCPhRjmgG611wgEN2lvhtyn0uCNHAcfLi8NhvCbx+Gk8SZ0/BWa/veGBjEwfqn+LUr7tR68wgpi84AYnNiqCX8h5Deo158yVdiNNrQWe5MlDcdhCfJP6C9c9i4WYDY9kvVTjhLo+Pcy/j2L4RWFzXSb/PJLNXXhMoPVbkb9XbeETcewxStgAPuRwKkEin6zsOoPay3fzlxW6UnTGGG6oy6M/NH7Rmrgx1XVKB2llH4YdJLi8TtKU/ozphTbAu/am2pznJ+3nw2WWs8lahsAB9yBvUYbNv+SA6cwumjxTkMU9e80ozd5q1VobKa1aRp0oWuIdMB1X/KniotYfktuhxoVke/BJ8xfJjXckw9Dm6xT6haKFidp44FQ471PGdjjYo0RAl+/pyNrvgCEqHrsLMMn+yMM0jW2FLChZUheUpVnytSBMb7mpReVkPrKhMw4iNJRAlvRa+LPQBC59N3CeiB4pSG1itLoeO7DsER3Td+PZxa7DKmEIfv53A6kd3qGvxSnI6rQaHJvnxUZlwLo8QhCUesXCqzRbPCLtwPzjC9VtxbD64iZf7z4Dar8Yc4HGFdroNg83RFdy9OQqLF3VzTNwKdlp/mRdFR2FUgAzEjfIE8egBXF1tCHlfDDh6vjWOqPpC1e2nsOmNMz/59gEMxEZDteoPSjQ3BtemGJTTnIYFsxHTXt4m+dSlHNw3DHoC+TTTQQ2iJtrhE09Fsv5+i6a5buP4beV4KnuAnva6kPiEs9D2fBObP1KBq1V/0dFNlvuKJ+OAjTB+PvuPv1z0gEVPzXBc8HQSmRGHj86KgFrZCY5LYP4xy5PVzunQQqcmeHFxmOfuC4Yz7+tpWDwN1y0zhv90vVFkw0nu2vYPxrzzxjclMzl1+k2UiU+k1cIqsPWxPIYLmUL5AlvUVg7DHpiBui8uo06tMj98NQiPb+TC85/17L7yDi6fogvhxla8xU6dvk1UAo8RtpQ2+h5907oDZuPloFXsIZqO8QI5/1GgNl+SddJP4ZU3D3ioqRZN94hAXedXdHmnhg05R+nnqHr4Y6QMwSWaqO0wHxf5uPHoyzpol+fHY5zG0LWpmTBgu5J2zbkOrxMFQGSEBWQ7OOBB6T407l9Lzd55uHvqHkwvTufySyH4dft8CL8mB/d0EzF3lD26rxREJSrnWZ7bSSekn8Om3qea4Q1Uv/kFWt2WB1OLAtTf3swXVeaxeMITEJQbzwkqQZiqbod/ku3h8ihpeC03AT66vcLM71+x7YwcSRR9pkdGelwjs4rfH8ogXC/GkfNkYUb2VLB3OomJT0Op/cc6yF+WQdus9lGd1Xn+t3w87z9wCgqUpvCFoWkw8sEK+NXaik5LemkwRwfcyheQYvRutl03nc/8NuHTD/1JQVoBpr6aRZvuJ7LeaGWsk/Klmx8YBCQX4vXyBHqduR4K3wvgOTFlmF7VzRI3D+OByBru3yoB54LluGusE6hpyuKDe0kUu6YJHkZagr+SE099N4WuNmXxWrNwEtCbhne7C6Fgqgmtp3fo+nQfvL6uCz1RIeQtYAzPtmTwmaSlfEVdmL4nTWDzbRUUY5BFLxZvx/9MpkDoR2+OWlnMG04K8rgnGfRj/ET+6VtEad0d3JTVhyuHF9Dtsglg1WDCVq62tEOimK+GtkOG93mcFZiIoWvsuVzOmBdPfwCz/rOArTmSbN/aRmGey+DoCRMY/asK9qUFcFWKAYd/sodlX0eRXcBYuDljPc98F4ej86Ix6GIhXWw+g9Kl7zk0dwLI2o/DkC4lWFArDndrTXlJniw0fpPgw4Vp9GrfdTzk4sQ3VHLA8bgIHU1NZOnp06CJXtAW5RbyTZuCr2/8ww8ZqlziYc5iC2eyTo0QwddMgHW6YBW0HhoXVIOO2iDHBD2jFts61twXQb6zFwHkvUNHcxEWHikAzen76MvyLeArNBL9F6nysdw63GAUhK2ie+j6jcV0zT0SAgMAxm2zgPa0SNaLnYTfv/vAuPsbeKqhEPXmfSVl+TY8q7YfUmcbgu/jCF5a0AGdGwdwbkkz6f+aCwVHG1C57hsJvH8KOb+1+KanEfyRWcvdCQV4w/cmap8uhHT5YBzfo4a+s1/B0aCPEDkxhXW8dOD+koNsuSqOJTznYfGq6bTiZQmCxk+sCNoBywfGcMjWJlj9XAamlWXQxr+BODyjkkOUw2Cjrw8XSQyQ0qrpZNEey28UH+PsCH2YfXgAboQNsrp3MslrF7JT03M+eT0aVys1QuRhaRgRch1i5wnAooNLQG2tKGaGPqSc9bfo9vY61g+u57dLitF3SjXOUrhEG3z0YNaz7dwp9hES2vbi1Zg2PNsmBNsPmrDMRXewcnbjzQIlcM9ODO7e6gIxy9t4sPU3XJufRHtM0njhgt34pvkH6jlOw+4lS3n+DlMQOhwB4x4gVK9UIcej/Xy3tQptTt6BRaofKWHVFJj79DdqyE6CDzqS/CVBkmnZRK40O0tjv9xE5wcH6MCeRXCyfhOb1wbRcOIkOHeznl2tBWHvCzmMs1vFL/7NZtsfQRjwuZ6UPbT5VooIBljqwtMOcyjw+8Fb/pTS7KI8npPRAFJ6a8F/bjVOqj8PUta3URiVwWHdGD7/5gJ8fjYe7rouZJ2AqzxeJgbErA+j6ONHIBZpz/tHi4GXhhBuGo4gEDqHNw6MpAF1f9qcLc9lr/5ylU02Pi9s51EpgmBSuZYsevbAt8qZEPe5Cw9ufYedL56z6d7fWDapEbziLsExVwH4It2FYl4eFCORxNcPToWRoa2guv8bPynsoC57VZpVZkd7fMdDsoUBHG3fDIGLREB5yQvOFdkKqwfj6K1wMWS3viWjm80g8lkEzBZfoaTkWKIP1yk7+QF/HRvPz6PPUUyGLxzZFkDVAYf4mtxo2GOxHQ/GJ/LXO46UsugGWYntpc/ShTi8bA6ct9ImG/+JUO4gCBXf7Djjzzrc+GonL18SDaGuklzeJEsSd5LJRyoO3zuWo9d2gsTNS3DiKWtY4PyLPgy1slRWJ14yS8e42AWMgl/h88XX3GAlBBYthSSTpMPvTbQpYN1leOhhAqfDk3Fiegel1hJv1Ejn+LE6cLxpAaHpXLR9NprlV8RRSvU4iIoa4izp03y2Q5Pufd1GLROF4Lm1CRxULeR3Ww6A1Iz3kH68EE37S6EycgyW7pJlIVtdbG0bBcYrO9DmyFJ4kKuLvs2r4T/3em5fOBXn1ntAX3Y47uydRlM9J8KbdQW4eOYLnOJcBUpnJ9D7/WYg/XkfWckcReHFf6laYhMtEJkK1gY5vDJ7DIUrXaEn7QngVD+Tas2vUpJ3CPqvjSdX9ULYed4Sdgiegrn6l+Fz4xu6vnkl1j7fzn2Ck1nnvh89/OAETms0IGivPgxmz+YFL86D4CdBlO18CCHFG6l3ST69/B0Pui8taVfnUojsA1g1Nxri9S6S1dz3nH3iPi7+t5mWZfyHgXMyqfrgAboadA1CoyXg1GsnUpuXT+ZjPkNDUgw2RkfxBDJlG5FD7HE0lkOTWmn0ZGGwMi5COcdaUlsWRiJwkQUXHWHV6HCCUecgKHgNyotOBrcWJfj7O491CjxZpu423DP1g26XCXg+K5RX/ncUHezCUFdJj0T/mIH/qduwFSzhYoAKPG1qYoEdkrDnSjWM1syEXeqnwdU5Afb90INYnyt0oGY5Kie/g9WtCtAxI55kSQrOKI6kng8/aWleBXo2j4LytKNgOS6b35b6o4KeDRhpfae44H54NmgN9efy2aunnZJPG0Kc8Ea+PniGFW8ZY278THx92Q4PrO+n7c6+ZPV4LIYKzIbM+QxRN4Rop0EMRuQdpogNLfzi3kRMnHmXLcJE8ITKHpw4QwneZVuAWakePh+8Tbvn6ZP2iEH8fjoEZm2/Sza/T8Os8B1oProUjROFwTqpBUHRBy3+PeMep1SIDh8J44NPY1uaPO+QG4cBadMAOvUgLL+Gj2zeAj+y1vF5GgeaWVlYXeKJhWlWtGTVNXrE1bj6phw47YyipAk36LZDCYyek4exsZfRo20RjWjT5TT9BySnK8JTNLRgu5Q0XtO+xzUZn1jV9T/4Pk+a4KkGagzNp7lK1jxCWY5VTKUgIKURGvam0z1dEb524iBYcjvMEyyExRmh6BK2hl3uKrBJgzF4er+FW7H7aVnPYjRavIj228jTznl7wdxwFNjU2vAXxw+8/bEAvJv5nB+WOJLByOcUZqgFkzsL4IC1DG4JuwvTphfRWJlKWDJDEHIjcrhHvxDd1CRg9NRMPKUUhxW3q/hy80kKeVUKhUEWNGm9GOjmXsNgx32QLVgKRyQu8NPJx+C2QQWeu+bEOUmfQFTOC6Wum8Eh11yuDlhHQjkPQNflAtmuzSBp3T70tFiIffuycPkKLdorKwqF60Kgad548IskLHG24K1xPrB8xHr4fTmOSI/wQWwL7ElXhhu9jlzvxFw8PYFztqiReSbBWIEP6PDnAyvk7gAX8xQIzZOBnge/uGP1FEp9dAcbt4riSTVpMkrop263W2Ata0rePefQOns8ZGibc35WLk+uRjrQ8x7ybeqh7vZrXrniJPQomGGGqQP4vQfQWF+Hk0Ysh5EHFVFqZzP1q4exzJ638OnIQp7U0kphDc+hTl8Z5Kp34skLo8C5Qgp+2t4gk0WLqWjHLr6UaYPfFq6AccvuYkW/MlQ1yqL78Fs2mXSZDy/LQJ3zv7jbJJ0yc/spK0kO9z/6xvo/deHlw0Danf8W56S95WzPCxAb4MMOpp20s/8+Lcv9hMsL7/PShrGgk74G4/TOU6Z/Jd+TeYTT35ZjU00UXW2oJ+96H+xYp027Z04HzUflcH5lAo3ddhx85JrZY0waxP5s587FcXhD7TuuCzrEEDwDLBS9Yd6QOoJkGEimvuHJwubgb/yPK8eL8JfvmmRk9A7n3BaHRTLDNIUWwtWItfCl5wOXbT7Dgpsf8zTd+7j17VzQ/2mF85LUQNHrDkvIO4L6CX0QzT+CW559BInQhzhlRz9rik/lSQlLoN3OCI6OM8MR032xArXRYm4c3PeWwvQkOSpUKUY9TR+uq/SHtZ+0wNypFiM9pPHormP4S0+Z//XXobi6PthsDefxN9L52/5bYOMmCSVa8vRwtQd9mpdA8eYerFq8B7pCJuDUQzGoqvWPD3dIU0W3HOwNzIeho1n0qFaMHut+oof5qzlr2VE84BCOjT/s4fqeLpw9URg0/m7hbRFLIMLYCl0uK+CZXVF0+ukQGtbbYkTAR3pjO5/NL5hBg2YXbd43Fgql79AUysTh9fZgWvyAtuW+Y5/0M1QQaEM3nujD3fjNNDhnDZ7LXwVxO6/SzDlGON7sJx7q3UALG5tg8OkSWKg9DfJu18LtRCO8FhtPv34Ww4q91RxRWETK+7/wtOQT7OJ/HJ7nKEOCWy67NgdDqqc2XHrbAV4R6aDnKY/3J06Ed3cD6PlUQzq/UwCMpvZChrIKH05rornnAjjiVwraaZymut6zuEXrMst91IGxLgTmq37T6oG7oNZZgjnfJ/G+Y0fZbawU1BgeoJVjszCsPAtmT5YDVxUPuFBpBK22Y8Aw1p3eTfDCuRYrIL/QgMZ5tvL8gr0QPlkbKuV2QBWnQ8WJSBg2isHKqkxyKFdj+fkqNPP8XQi+/xZiq0bBzXYfch4ZixtfNPKSkFfws/IpSk5vppALj3Df+mps+vWNZ3xTg+DnorB/oiu9Mj9I25PF0HfwD7R8F4Pmgo2k12sGWkZB+M97HFy+aUWPbZzwSKkXRUeNRcWQFHDxaQHjRlHAokHcbZdFn3V1wLprIci2pNP44WbOODySZVO+Q/uIOVCmewfc4qOR2hZiaJEsdMWks/zpJJJ4fJuMG9r5xobPYCb5kYqbx0DpyWxa+aqJtwSPhF0nPUla3gyFX/vj2eXfcfOJzbD2txg/7vxHI+LTuaxGG/RsxcDcMoKaVS7QvvNJpK0yC1f+WYAlmqFcf92L7ZQL4UBcGqRs1QLTjd9A+lcrlfl547xHvjTw1xorvsRT2YomLJyuBytuzwQF8xGgmW/KtdfvQY+uGa0O3AfyrkIg8NgT/RzV+XcL0cSITGwqMISyCyqY0VYHn/EfZvlpkoB3OhS/dec1qp95o2cVRFn04c5WYdiy8RKW4hWW0HUhzzfq8L7HFA5zA5kIWfDnAS3oD87kfYcNYLT1G3K3DoeQySK4vbwUz4/Spo3r2iko9Dffau7gqXfcwebPeLjlpobjUwtYcOoZOPTqM5e/UGax4h/gKleIYi/1+GnqCbYOUIBFLzP4q1sQREyai8NjH/OZTwJwximWb6bGkb/9Sk5xDOVvlQQnCs+zVMQgqtl00mhFUdZYEcXtT07y2YfC2LDlBXU8aID6iYawpjsV8/4GgWqtASQt3o7L5nVAUGgyKu52wjVljXjoghgXJk6AQ7OHyHb+Wt6SnYKFMk68Kl8cpWdW48c1NpT4+B8mrzqJXC4A7slOcOhOJzeujYE98U7wptGW93XOg1t2d7j07UmcpC2Dckeng9mTd+ik+5km9ExCu05duvQnFh2giS8FPIQvoI2q7TYEqSKw6Ig1WeAlEBl5i68IvsV0CXO8v0US3sruo47Juph4MwuHTmnBvZ5DPKTfiNfz34LTjIOgluWGd6ZtxXKrIFTI94Iffw1wnbMU1JTK0plkc7DPXkI7jwvjj1eNpGe3GR6HVYPrUClqpb3hQy5y0H3ClPzHzKJTyxbRaOcWcLBPpidzd0O19EqO7Qe60l0BZvOMIKKmBay+XgHRvosg0p6L27fO4uFOa9ju24IBp/xw9YlfvNCAIUBKmf4sD4RDT92hdMVtzpqzgWceS4P9faH8Q+40jZX6yzVfAb7ln+Kbqx9yp7IYT3t4nfr6EtEnWIYu+x/C6/ktODbMkvcNWkC3twtpvFyLq4eXoyX/4lG0ELQyT4DH6igY9VuPclbW4I2KyfApQgZ0XcbxoxdJ5PZxJOqNMYbGcUKUttISQpQXwcLX+WhzwwgC7AUxfu0PbJqWhukhi0FswxsW8r9Ms0u3wMPPn8k39AL8uSgKq+KdUfXcWbwSsw9KAtRo1OKVbBwxyD+f3UGDp4qUdK6R5u/TBce429C0oZXeL/oKOjljKefkIVqZOhfWuIqA7EMrfjg0CDMOSUDAfjlYqVGH5+8uxME5FbBmLUKTkzKp3Fdlr9Ya6Dh0BSUNACDQH02SDsGhEZWIJ9tpqUgiB5YO44nubloaMAhd86Jw0iaCetdwDC3ZCmULptHMuvdYPjqHTYxt0HnNOc4o1oTkk/9RcvgkuH4kAy+d74REPX2Or7ajHxl53DI/FuSXHEXNZ6/BCLJ4IGQGiFSWQclSP/ALXcVlgrls+EQHZjh34OKpMmQod5RCfVbQg39T4ETaeTrSkYv9JS5c0byF9Hk7zH19kAKFiew7c+hcRjELrxGFRTaSUGUZTc1Xb4LUd8JzQX5ocToKtjqpYCYHY4xMHry/PQqKNxaCe2067teKwimLP7F4vC5srt1O48xr2J83UGLSCzZ+LwtHdm2nN6Lz8IeCMgt+OA9ZFRp8cdI+7pi6kUz3GbL6b2uMOCkIq/wmkPIUMzaBfdyfGQURJU1ccN+Vpcp08M78eGg4FI9rHsuC2rh+CDbfjTXtM1hX7gAa39kFaj7yuPVEJP98qYkTfV+zrJMI1NytgfEWu/FLxFUWPBwDSoq5sGFyDup0T6fW/a+wg97i7zEjYHGnE/3MjMdXJybyjNkD/PNBBWu+ecgOJ9ejWeoPnFZrwvuXGkPU8XiWvh/GfbdvclrHL+rd7YC13X083XwDhK07wSfH3iAfX1l4sCsNVr1qRPnIOTzUFkFHru/Dd5Mr0WJgKc6eNpbGZqdi7m6ECz73eBiVKW78Fpp+ZDnstDxJ8eNjWPp+Ar1+5gFNNZGs62cIy5VdoGXKR7CR8sG3a1N5wpw5fKAiBz7+08T748uw6Zw9hnmagPYDXfg2PgTvLLGk9eqy6C0UBN9yWtD3jgUs2PmK+vkJJjqrQ/ZfAXa908JJc0PYoeIY/B1jANZua/mOTwVcS6+moNw/IO0nAds+aHLK1Av08+0EeOVdTPOGg6DZ+gt6L11PBqcFYNyxeZznKAWd7j4wJHaARu2ZwlPHt4J2zAMImdxJzr3VMGX6Gpx134AeyAmD4xQlqBfrY6+hUti6O4XTfnVyyPdPIPlRCNwtXGjfhrtgYKcPTSvT0aPqAVVnqMBpRwW8/i+cvHNdcOGsETir4zXurd8A6vc1QFbQBr003CB+XhAYm8WTvNRf2uS+gx/c6qJny92ofewtHHtZG240VfKBLwO0vqOfj/lpQtWbdohOyMNZmq+wWGw82F3yZVNBBdj324seaaZww7Y0vOF4DH0kKyDmmTvl5YuT1mkfrMisw4XF8pDzwJ1EFmVzlOATkD12i3/bMh6c+AjTpctxztkg8pz6GW+PGwkz0o2g6LQljVKdTNvd7kHaxlgSKCrjL3el4d+Wl+AYJYBC10aDRmcQCh0QgrqN63HgDPJ7tS8k4+7LwQWGPOpgOknUhPOfC3rw5mgN/T5RzI8/76Ub6qK4ry2YbleHUpZ7DDiPnkU7T5+hBeIzwDRVA7fkd/Ha47v4/aVLfOpcKc1fbcufl11Ci+Rl1HnhDidqaUN7exL2ejzm0WmHYe/XaJyusRvtcmw441UK517NIu1bI9AmTgFKXBLAWDWY5Z43cfo8b+gdXsDrbE+jx85Bvtz6jtffTMSrFmNg1o5CSMtXh5qotRxccgwkoh0h850MTXywCSfmxVLlzrWspqQIVVZ2uFdUnNsXNGFjVRKsziwhEYNzoGA2xOV4Hz3UA6BbSAkCnJNg5omLLGdoCp9/JsKYJZt5ntlV/N6aQCt6Ddhl2yZe+NEQ9CoDoKrICWJMPejhrEss7DmV6sxXU8jAId7bn04N529CyrFxsD/rLJ3YYgwxCzfw9rxe+O/PDs5Ps+Dx0QOkMcoRHdqPcGKqEJy9OkArR+aC/rEudrxyA+8NiPGyIXeaexXYdL0PbJk5l5XspeDymzucO+wJbTO3kIWHK8VEOdHHpH/U3HudZlU7Y0JWJRj904Kzdlcw/k81Pqrzot117nS99jsNTW7DZZscaPPKkXCk5T415wmB7IcGtL0hhctVs+C7jwnLmM/Cykw/DhEQBcWuJDbNCKCUveNg/MBJ2mU4mlu7toFtlxuXZbbhTdlDKKC+lSLEo/GcQSDa/icHE4zeQoG1Ips0bsVQ8zek9C4EMvP1OGl+KWq4OpF+uTsErtKFy+6akPPbjxbGJNNC+Vwokv7Hc4Wuoqx2E/TWWJBClzwuDx4Fp53UUSx5FPoKLcKDVr3Ql5jPPa/beLZDF9mPe4E/VfPYwlcR3pcHo/Y/IVat2QlGP214QFIdsmg+q1p705RxaWTqvxmUHcyg5GcZTVlhhwtPP6RzJe3gbfqe8xZGwFGbr/jq0HXqrFaBKvFpMC5OlMEyg/aOX4XPvg/ALKNeeCTljsNajtRiG0ICZU30fPZIKPt2GZ0K5sOt5BiyCAvnfy5VJO5rQcvEFdDdoAX6U3bDmCwL8J2whxZPNscnl1LJ6GgVHfI+jaY+20Fp7lhsnNgGi+QO07gDQjD4Up7nLS3lDvsHnKxjiacOf2SZtCd0Iy0RbPIjodm8ltb06oLtEW2ak7oPNISy6Rau4fb8WaDXupWiffbi7SkD/Oe4N0QqSsJIQTm8fbGGk54O8ektrnyuVwVsxy1jyVoPXmftRC1eD9DW3gg2f4+AxdKd/F3nAPropUDfmwWgUXEUStf8xl6ZY9AeGgDFD+TBdMtk2th2lAMMA+BQ0GLY8fA0mvZZcZ+WB1kfngWuHQ64om0y3J+xDgpbgsG2tZIKjbdQU8gGdm+r56v/7rJ/whj42PCbJ1SPAZ02E5D2tOPwL3409eUk7hpYjNdmKrKsmQVFykzlwsw1JJSlDgn5z2hhqg65CD+nm7++0pXnjzHodjxKPP4KUamemBS7i4uGtMA6wweeBB+kyYHG0HpdnwYS1+Fw91bUrx7Lx3Z7w3/KCnxeTRKSPlrBAtEuGDr5l6KK1Un0izSLPLwAvTJeiCan4O3fJJhxF6BOwJgfjkvhnXnGVL7BlP6YKGNyjgLERHylZQfmg8/+MNIPEYLftrHoiEnYJ96Gz3gULvNtQa2fe7jYrB7e6JniMecGVKklCDYYghkjolh8zE5IExQm6WhRqmy7yb8+pWDBxjb4pL4JAt+qgEG7OzktCMUM32GYdH4E5cb0cOqrIJ5huIReyx/mZ2AE2zIMYLK8HzV3zOElA27YNX4yHgjwhMvnl9NC/QUg/jEVUxxOgeSCibCiqp2ejvrE9R5IZZuH4dxIR77uJ4T9H6bi+FJNzM8EDB4YA9t+eFO0RCBsWjcd7upuII1JdjzJcjUVR++n+bt+o+bND6A91RDE1hfQ/qY4qhohTUvDWnHfn894M8IURz/6x8/cMmnp6b1YcEgHkgIroTf9AN5618NesedgV0szSlqP5azt12C1ejm6LlGFHdHGkLfjKnp0NdFQVgquqg4D+2ct+DFjG7gs8aATV/rZ/540SOydBG3OCyB4tAZWno7h3xk6tFzSl8ymH4JIuUweHy6ORe5zQbUMIGviFxZKmoX2w9tw7unVnNH0ldxHFqLW8WeUudmdINyGbylOA3GPSwgZkXj560Z8+ncWt8V/JPEASXy0mzn26jVcPVkAtYNF4e9OIwiZNJuzxkUCP61nLdHvfKaugNMlImDqLStcrq6N3eOU4G3efTbOR2zwSGeh2AjOV8rBEa2f6evfCbymP54+mx/k7bISUD69Ay54XkCrByGoWOAMh8dY0pXhBl4/Yil1R3jBlu9XeHDnDDjnV4X+/gI4vLmUq+LHwp3AdVwINmwZFw2R09tY+xOh/U5pGCiyonjXt/yq8Dnv8qnChy9e8RiDZTx1zx50vTMN/iW78/d5SnC9PpJ9HlnAvnkEu2uzqUqzAopkjeHSlSn85cUEEhbRZ+/E0XChzoBu12lTh7MyLZYOJD0jOfzv1D56mi/Jt7Vng6mfI+scUQeR+19xL7wgl/wqzFp7k3NevCYDlb1c81uOUy7W4eSPvyktRQdGjM7kGxstSSNlASYoqMHv9Y64ctVl+mu4GLIvL+XkuWm400YL9j7LwZef/tF9KxGy3+UNg/s1Qar0Gm1a5oLfFY3JwTGM70dPgfmBV3m39zxUODaLdtfJYHOaLAe9eUOHU3To8D4lehOzmNIbVWFkTCMUNjdQWqY6l/lXoYTiVfh0Zzf99QzA96+O46qgLhpqVYIVdlNxwcw6XOahDjdaU3lNyw36IqxNW5228dX0ZA4SiOXAh6rguqiBb70Sh42ih7Ewfi2NMAqkW9tvYd/u5agy4iyWX+jle0uV4aB0D+e+EGPDx3pU6LIcI2LH8/h2eRSLSSNdXWfWFTgD+nNGwsdbRSQ5QOjQWwB+9Us4/kYGnpe6yrNfl0Dc2Tj89d9yjOgwgQFrD9S5WEUKN56SpMZVXqESh1v8gVYMGvHPExnoPrGM0UYJpts9Z5OBGJwfvovqvdTw88uLLO5eAFXXZSD8hjw0++vxxOUMiy5b4xzDdF4scISqxffg37gYdApeQ/42E/GJ+14adNFFv79mID0lgWzrz1F7x0SUqLrJVxbKsWCxO5uKDMKbr2/J1OsIfLMxhFfYD/q7fdFX8Q4f/HgPw4O3QeC3PtocLsY63xNhhmUmPXxsDE/sB8hGuoQS30fReslv9Mv3C0fK5PCqsOk0e2IpCQc489YfJnDuryhEr3tD5pfqQGChG5REzSJpTW+umX8UHsSaQq2PPS7KnAI/1t/k2sSLPDXUE9+fVmCziP3QmJvE9fMqaFemLQ1PO4IVp2fCRskv/LNXgjMVHHChuzk7R2lCi3QMHD9oh09CL5Pa76V8wEsMCjUIgxRT6KrdOq558JB/luTxgPZh/vncCZOu2WODnChfENGGNU+3cukGOciv7aKZo2pwz8Vwbr0UAyd0lqJadiqHmO2ncuOJsO/dHz4TlwGL2+ew4Wdharyowx0V72iv/B2ImXGZcjJ14dOzMfD8oC7vCjfkyBG5uDa5HNece0n1TbthyTs5mvW5iA9f+w7y21Xgn/pl7lsUSVd/IHn8JtR58QLQqwGtNxmBh9MAvzpnB22O0pDpcphmugzCR7ticrs/kQRWBHFKYjx+upQL8cFrcEW1C6kcsoDSS6awS+0zFK2YiC2xRyHBejLWpjuyr9pbXLwxgdXNy1n7vAysPyLJYYUv8WL0B1RwPcEr/ttNblLradW2dKheuJF0DW+S/Q9VOG9tQyEXM1H6ugN8SJ9PQqFnqOnbUbKeqkINHzyprC8Ca0zGwMV9MhSV70s7vrxEW39TEB85h582HkQxlfmc0HsVt464RAtztGBUowwdb1zMGbfFQXGpNd0pK+KywAyUmHOZuqKXsYbcBBB1mARG4eHQr10HEuNBYIaTOH9Y1gqthW0wsvM/rr0XDaEX/tKnhOlwK7Acr1Yqg5R5DDg9XEXP7O5BbO5C0FcWp8yzNXDLWYI3LGDwWysB1qGW7DJUy0mVs8H23hP+GLwfotSM+O7SBggevEIiO8fBurPv4JTCCJyZ9Yi/H77ACRZNmBNdCntmpHLJHBfSyl3BRZJG0PPrH2mv0IOvhseJ4lewolsbzswoppJ50/i9+y62XDMEsj81oU7fiWZ0rqW2sBCosv8PKhK6sWWlL1nXFmN3fyR+qragMEcTOHykmha/Eceun/F06cgQxEYG4oHg6xgZeBHMm7eDSqMztDaqgubAM7LRsMYDXS446ulzLg17QFO6L8BxGSU6kBTHxtd6eFuWENzpOcVLBl2Ih1JIbWogpgi5kuuLIK79cwAu6QaxnVQofoyzAKl15ST4SIS8jp2jqvR7JL/fH+dpPgWLb8Iw0r6f224XsvtFCXjbvINGOgsiB7yB1lYjuOtcRz4nK3FVpBsnr1PlEeEyeMxCCuwWTqG4udaw3jCMqlR12NRSg98XlqClYiIcn9PBCXeH8EKKAqQtVaDD5qO55/FNcO0/BXK/E8Cy9zuff+pGenN/UmSTPbruVgCj/JU07YU+dVrLkpPeQlwdkoXntaTQfKk4Lq+7ThVhh/DlXj1oj+iDptoAqvtxAuYbFkCy8HZe+fIHXNaMxFyXXahns4cOnjOEe7blJLf6MJV3ysHEU6952og+WrQmAoo2XqORF4b5lKMra2epg0mgG8/8+pvsFL3QSW0Y7vfPhKxpsbCjQoGXT1flU6JH0FHEEsbqJZKr11n4EbCVm0yUqHHHc7obdAA2Zywmf6OjJDJ3Hnk5acCui8/4isAJiphvwoWzF9DJs17k5XSMp8+rI/89n0Dx3mI4pGYM213mgl/4Bx7t+I6e6nfCh7Gb4GSZABielOY7Amv4x4FPpOg6AVpdA6izLg1eC/mQr0MDLry2hPu2+UG8SwF8sm1mwVV+pKutA1tjekhuhCYcq/3NMZWV5PSvHJx3bOH81GAqaN9NV43e4ddSIUgr+gJ6W/bw7mffqefpPS6wHmYV/XaKsf4P11tl86iH17lIwxgOSd2DjtyzJHHeh/9bakDfV5bxf/bL4U7ARF69egyumL0MXxYqQsuS+6DwbJCPj9wGK0Z+xjHpdaxXXwhqGvdwZsVL0NDYTlWnpSAwdwgar1/HGPWDrCrggCODXrHzPFcm1eW8WOQbrXqli9nespA3UZEd2iZib6cjZQTexjPLTvN+lIQYuysg/k4DLysALRefArft4vlSeBgd85RD9wJLGHu7CDfMsWKVAD14YpQH7l8OQKe0CCgbbYSnexLQsXg5NORfBqeHNZSud51+fJKjrvGKWHc1l4V81MD74RienK0KD2R+4qrp5qTwaiP8yujH7q3GXOpzDee96sOo86pwN3UJZO9Whb252SA9ZRdoJcbAarundDRcg5WmXGK35Jv0dcJMeGSynhed1ATz+bJUUpLCo/4agV3wJ85VeMWbEo9y10RtLL5uDL/rTXHSsD0eDWrA9NBMyPg5E9x2e8H483dhxdmvdFNKnGirNMR8PEwXVy1mO+HPcEb6It494AHTX5aCuWQ0tOxZB2vWTwT+NBraeQI6VDVhf18rwwsZeCtdxEorLlC5xBxOuXWWh/yn4uAlFZibacSsFMlfPyZyXbgPtJs6cWjEQ/Cd/B865u+CaQ2B/O2GEew8bwzl12ZxbJoGLdaSxZflATA7Zx0OFzSw5VAdGYtGs0u/Evg/a0Fz60J68qQMl3Vvwy+vD9LqlHrOMnsNKu0X4fXREF49bRp0GK1jx6cnaWpoItzuFYE08WpovDiEE1uIdxhcZT/NURw8PBUeqnqTQVMk1hmV0JWmQgr7ZAjNelXgJ/WJvFQ7+ZtfI/ZYG8AFPz1+3L0Rb263RKOLoXjTRJJF1i8Cr4tjsSxkFI7+spHVu8fC85V7uUrZmubJCOK92iwskZeAJ/JBAL4leER/O0i6aZOjuDxEzhKljc1NpH+1EHIglQ6LTsB13dK8YVEKSsfVY9qOI7BEUwtWnoyAtZLv+WWeDh+MDIQp+9bC3dzNeOdDIlzs7Sbbkfqgo20E0pYTENcmw743Fnj00g7W8okE3S2eXBkihK1OcSxzYTtcGDEKdtvKk/v2JTxb5Ri7KwTDstnVPCFdEfZlynGj0Qqqf3sE+nqMoafMg+cVi+GXagFae/Qs/PdoJsc/a8HF/TX8+OovnqIeRrqmItDVuoev613BaglvvrpLkc6N64OgMfJ8xmIFWHX/Zbvifo6bIg+LG49TbFAfFi8NBd9da+m8ux/fvaDFF8o64fer3ThGdBxYf5YGLycz6D1UhhHzkrH8uzxcLtgOC0RWwYR5+WibvxI9PhwhqVcEaVVjcM/DSew1wQzLP7dgfU0s9D2MoJzYbey4qhveeWhSyH8WMPfoB/rj7YOy4rH0dUgHPiw6iPfvJuFkqQockvgA5XiN5nWawoevevitchx3WHlh5aIZ5L1mGa8Zp8s26g4cVqWETU77KTtfGwyjQun3AznavyeTVHM8yWfCHXZVHwcqLydA0JgCLHm7H42ejIDyIE8yP3QOGhKuUGbqPX4/xYSWvXCF80/76fBCe8z7ZMVzlyjB6MMfMVH/IRz066Tfo5XwnHsil2qW0d0UewymTHKpr0YxIXnYK34fO3+LYPrG+eT2VpRN7rnCktFCcCryJYRZZVJO12gGZWE4L9JLgzFa3D1tKxQZtvOzsA7a0nGStE5bQbCsJwp4Z0KKKELpf4/g1OYruGFOLp4xv0WVr/NRp2ERL3sZytJKNRBQkol390nAvJlqdHbdIThy4SvbGouRXmoPys24CqduvGLNB/nkldSKZ9ZpgSu9hLPPjlK5xUGuv7OR4J8C1TjpQzWXkrptFP9YGEhHEiQgVv4F9PynwYvOCMPdZcq8jsqp/aAS/7ANhN0NnryhXxAW+liAdctu9LOMh0UDbbzqLLGYYgIVZa3nGIU1oCcxGhskPSBwgzFsT++nopJ2/ie2Hgzkl/JJw2V841Quhk47gQazJPiU0S70fSgAvV3N6BStA5rbVmGhVjb+3d7M+renQ0eRLses/sSWnxr4m5UQ9CesBrv+E/z4VA91JC7F7oGjVJZXA2unDtG2+jIKbAuHmpxJMLb0JCaZHoZmOWfQ+fYVDTU+8qcLQ1g4Kphmnr0BEYmv8Ha5BryuKSCLIkFWM1xPI+atQOv3wWj+KwF/VutydNcgiyp54oR4Mfgk0USFz3Vx6/MhcIFQfr9fkb4Hr8P5Ds6wJiSMPwSaUnSoJrTcsuZx81X56uj56HVDEn8G1uAO2Qjq9aqFUilTuvGiFi4XEIQXZsP6zw+48949mi/ZDmEnK+HE9xnUKulGfTuqqDTqLGmoWsDopBFMS6eB6Dgzih5zB7UmR1HJnXoeljGA71usaU7QEEus0wOj/4m7D4UQFDUAwP9IO6M9aKc0VJqKUkhEoYSMlCKjpGwRaYgGOjIzKlREhCQrlXZGKqIhigoVqYi6j3Gf5BNU4lWJ8+iI/Qz+u/8TGHe5UMFzcQq1dIHmBmf4dOQGe7w0hblOCJPlQjlEzRav99whcxstnPOfEbgJneN4Yy36c+Qvum8QhQBRH1rqLMNbPudhXFIqGG6SQul/6hyWc5zebHmKs4oPsOJ8c7CqL4O+pM80kD+TPhyN5DOdKjR9CUFp2WHqvmiJDvop+EHOAFJURNlGMAK6zh/l7wWubFecgBUOlmxqMpHHO94nyxN6OO6kNFTFx/OC6e9B68J4Cpm0BlQmCdMRxYX0wfcNbhGMhKLVOaCspw05jdLc/UYNXQLbSAEv4rmWAm599IrUz9jgxpzH0LDChhP9x8EmbUMqrXvKmiesaLdiH5cN9GP7plOQoukAyoHHUe7GZZr1XQ9SDTdg/tZsWLt3B3WM/gIL7SXhsuR9jH3wjiU3V4JQeA6df6gOK38cgHKDXIj5lsd+aUZ4oAdgttBxmJ6zGSy2TiWpl6IkUzUGZEpeo4dNFvv2zsbmU+ocH/cZj208xhUpOmyWVMALtYNYa8RU2C5vSTVrVUm+Jh6uxAC2F+bAnam2yH0j4B2H0aD2Uo7M1oJj+udhUclsrntWTW7q8fjlWgL5X19K36c5g3rnXih5JI1fT1lC329HLHkSjAJTCqg9qRgu/F5F90+1Qpj+cr57uAqTH9fwizQd0Dt4iXOXb6Lq1SXcISkAVtFuOIuLUWlfCdcLD4Cm0Sw8rSMEQWKivOjqclB3XUh768MhVHYWS68Kgcov0thgOx229a/g+TOFwW92FKdd0IDWh7YYd1kZ/ENCqcxUAQ+PisP0Bb9ZJnIMzZ9jDmLPPXCltCa4a6/nLZu+ccOwK4gnr6dZ9S8odedbOFM3E94KKUKZ3i66FbgYbnhVwModFvR2XAI42+mR2bI8+nWpB1TiM2DXBm04eCAHPKXswGTiLUr6s4xGFV3l1Yoh9OHkOJp2OoOj+jayTd8YaMw1B6dXZbh2+XyMiTsHrnqnYbt3EP1TrOGIohAuPRhC5ndtQQaWwQl5Y/x88h7ZFjiBnflt/H26hVPBh/rtpFilQIRLDyuB6J2p8HdDHX+raCYl33h8LejG3klNHPPwFNwfeAp2uX2Q22wIpjJZPGd1Oq8tCoB1UrfRZngrSUzr4c/6k+Doj0Xw1GoGjF9iA/aD49nHXw/00iJ55NxGEFprTfOejufVxuXgKTyGTgRfp6VLCG4Yx4L1oqdcWHMM9bfIQb+DOBgcfoxHOl7h+lo/qpabDzq1snDoWCm9fmAPL53n8eclKvghS5PzBi7DvBsB+DA4DFXyjPiNvBkkOC+F2VnHIXzoA07e/BngcBRFatmT5kYG/bxAvOmeDyMKxGG9RBb7RbTTvyXJsDbKjTYumovv7TXp0GJxsJF8DL9fT4N1TRJwoncGGMjoUOOv6/jIsJVShm/wujFIGkPuFLYmAI1eWqPb85Eg9yqQnh/8jE1HLwJ2irOWeAH3x03n0GuvcUZCDJ1tMYCTkdawMDMAz/2to9trzsDU13rkMWwDdpeD4PjqSSh86iW24gauEBWGh5q6+FbAHk4Fz8Lwgyr4zbGdVqxgkMmTQi7wgJbwCzCtUw7uONZCwrtK/KveBtVZHZR9eAw5bZ4J9yLGUcWLQDRZX4rD1y1BxSSOBd/nwg67U8iuBrzdzo2K98XgDitn7v7Xg4uTQzg0H2DVKkKB+qP4tN6OBy96UvV9cxCOCcXFGofZfbcDFG1og5z3k+H45bVovGUU3n9xnk6phuC2IQkulVGDuuDVPKOxiQI2eGJwhAgE/HyE6/Zq8K1EL5w8vIRaTEeQ2WyigHv9tHDuH+zX2AEbC0aDmksZrlveAPqnbEl18mvu8TWFh9UevP65E9co7sZ5vpMouXYsnA3QheshXzBh8Vi+/bANRBelQcuEjcxl+mCVGsSTevVAoF8JvH2c6HXhbFqc/IaCdXrg5e0MdHERhunnd1DtkAomCLygVd4AWqPm4fGwcHb1Hc2jfrWQkaQERa1Mpqaxo3HP5/N8a3Qs1m4RAhOzrXzm9lfa4xNAy+ye0rzHgWy35Q6/2+CHoW2JaFZxjNWaLaH8405+oaqKy3T3UZq2JNkZbsRJx+/gtlEDkLvMC5YuXc1vU8fDhLZojHw4Elr0TrCqxQz4tHMQSsPEcdNIGdQcNRtCXbXZ8Lw0nJUZprIli/lTfggKnN1M0xQ+w82kYlxy9Rw6XPbHoWmtODddBUorTmOhxBZY7OXBBme2wn8rcihhjCc/9XGn8aOSsbKCYPMoRWg3j8UvJyTR80gw59hPQ4midby5aRt3H4nF1xMb+JK7CB1P0oa3Pda4qDcKHK37MbG0GRVPttEPiRqSeH8WwHM0mnyYCuWChuBpVcejBndxy/3VdHhGKa7Olubo7lc0SWE+VnS40MHo4yyZLwbic59g27NlpOfiB5N7xmD3bid6EfsHFr3VwUVu1/nXvji+0qAN2u5f8cuaT/RTN5c8Wl6CuJcWGj8zpLBfKRy2chlXTdRHGVstiO/q51e7MqlVQBiui5WzabYZZmvMoMejN3GQQT9Hd6xnS3GCUU4bIHvkAaqavh3DQkvgnN80mjs/hxZ5F7NhTxMsOj5EmWf1IeJvD9gpXyax2A7oK3yBQbNCad35U7TB0h0CV++EtHluGN5rAf5pxlw9RwebcgZw3aSnMPuzCCYZHmSlTmVa/0WFy598okvWirA5Sg+du42po6sFblR4wO10M3KdOAeGnfPwXGAljsjQ4SEFBKn99/CJkBCbHfPm8V8jYaZ3JDQt8iTV85c4bmMLLE0NZdGTuhDZ3w6f/T0oo80SXl4uwburTEDSSBLlFRzY7YU59NT08OomUdDT+sEHRfLA98R0aN7XwcOPMuFx2QYQ3OiPrhEtpP+1BLfUM7wxliafeeW8260JRCbV4bfFLTT5kRRb+j5iybt90CbkwBq/xGFEWCroHOnn3bmpaDPrFtZu9qAtO75Dvst8HCd1lwQF+8HdfyKk36imRUumwLOADNKvEUDX2gwyqg+Hnk2R9On3PijIjmLaagjVnXNhVe9HjA8cpHqTGC47LwyGfWkYc8IbJfZeBfWFWiC92AYer8lEm1oZTMyLgp5xZ/lgUDNnxqxD8S86cOnaPNo8ez9qNYrDkJQJzxwnT3b+l8E7pAL/uJpQj85OSFuiD0smq0IlXYGo8imgPPcvnOz+QRPcBljjvAXnPXyENgkFPB86+OJaA1K6vgsswByuys2AO3+yaNSGTta+JU5Fb+N4193DFNCrhMruKqQR/ZReSJvD9yhZ/LT9Cc+pu8O2czJ5cvEXmhqYCvm6HrC/eyprfpjKHXOEIfrrX3q3BVB6bzRtvBVMGY2Z9FxXBa7e6sJ5DQ58r7Sa+g+KQuqxMzj91TEKOS5AijZBsKl3J/uvyQIjoRd8UWwqqMkV40PrMXDquQLc6mplj1n74PH2ePSeMRaKRSpI5vBUumqwgkLE5DjzoCwsdlxN6W65uPOuB0V8SOddW8VQ470WqvWascGvYLwZ+IifhBvBcEo6f2gJR42FqVgzNId/F76kgJNi3HjvIJppFvJDpTuYoG8ASQvyeHmiL6+P0YUfob1g45/L9kejKGrPZVg/XgSbZbJA+IIMrPSw54XCn9jgsTBF/tVh5xJzHJpjQiYNJ9EieClNyTuIX+/Jw4GhQmoZEIMuC28ud3VkqCFeeVIQvCyPU9gnA8oqn8JfDmjDQi1Hygv8yQo7tGDajeXotmE6CxgW0eEeBz69+TpJr14NigfHQr/zflDL/wBeLUb0zE+H3vZ+wYPxu/D6KzO2PZzF4w/9QMETMqBesZoMZ92CCOFmVrs/FbufW9FDWU/qDxJiPbVMUDwggZ/UtSBl+TVWmR/L17oXwoBTBJW6f4FjT9fQ4pXSbF3RCuF3+sHnvRq0sxLU3DbG61kE46/087sfarBnnADNn3uV35UPw9BHVTCcOgKq6QR6DV9H1p8Cc+wP0fKkGLz0/QitLmuDsw71KG7tTQl91jBq/iIU1sqg+3s3UoWqM5wcugFH32VgSegoHlFUCq/WlNKJRYKQsGQBz3x+Huol3cljsBOb87tAeGQQbNnVBkWh3jzxSz17xk6AmJMhKL9sA5dubaS6hZYou1QbtV2e8Zw96axwXpHWFmTTWlNreJkYAgtzmSr1hclyXzKbZD7Bj39FuDftMUrqWnGOrwB6bhOHvK0uuOHcMRgVX4rFqTnovL+aTkSNxAVmQbTb7iCJ22hzUpQYZA060IVpsXzSNYylhINBL3odWS1TIN+NybhWahLb7bBjA9MpMFNAk+f6zkL9j1ehOUqGpB4f5NV/5uOenWVg1zuIq4ZcQM1IAC7UKtO3BxZoN3Cazmt10/qr+0lh7j2U+BqGHxyIH2d2sNsNfTCy7IIjlwXQJLKZJHQ+ctTYCH62fSL1bLaDT43ZfHxMAh7bowhbj8Th3m0VSF7vULXGHh+r3EHnlW0QPOIHnhcN4z57B/x8UxN2t8jAwQPXONIaqEryFEZXRPBa3zEUvHATasy4SKe9iknw3Eg4qWrIZ8cVs6FhN37jw3isaS+cX90AEqY78W2RMr1MFwPLyJEwaVwprE1fhNPid6LVnH2sPGIOi+W8Yuuj+kBr5pLfk3uYsdwQZMwms37GAHgGSdFA7zy8PZBESa0mpP75Jiy41UFK6wwB0m0g48k/7iwTYEuxk/Tet5cidi6kVeGd3OBYyLe2O0KV1Wn+NkUVLtZWUVmQHymGFuCfwUHw0dvCWyWOoXbBGJCM/cPzDnzjl17jobPoPg3+nADnBz3xtfVo9v/Thb1vTnO5nCvX1OVjA0yl1D5DmHrhNBl11aLEVj2QXx7MHq+D8P49bRJZORe92q3p18tO9HxvDiP+3cXAR7ZQcdgOPkwcQfuiXoHZmnSi2k1kft4ILl0UwMEOIXga0kBXDx3C9drubNCuTaZKz/FfSSUVFu+EmPI8+B6mjOUTTUCieQWUx0iQ/H0F3N75Fb5NG2KPdTogqBqFov4/uOuxPU6RkoSq8+exqzGHm56cgZibB7GoypBWh/lg4jZXCk/ph1P+LWzXrA0GphWM101Q584byM+Uwkbna3DX4BVn7nLnvLmTMV36GE721YM1+6IgO3k/fKe5YCtWSiFxryHwuTEUbFSlV3bLsV3EkMhvAvwVLqMQs8sMg4AfH+lw38R7fFW2lBveeOIphf/A+PhohnmKYFZnSae1rtDB+j0457ECHzmzh1Y+Y/ovUZyLEu3g0NByaniuBeNuqOERlylwIvgbTHe8A+8VXpCS/2j8npmF44/G86mVf0lZ3Ayaf13n9bum8JKyMjJIeQZdzyXQRrQdj/1S4ZvJMpCnXIT6UgSSl1zpgVEkH1WRYe0/5fyo7xjkLu7EWNszfOGXGzZ0xbNRDYHeu+0A4Tux8ZEber3bSn8mX8NRU1+QtOZ4rL0zC/w14lHAyBq0vDzw+ukMCH93gtUetMHktN0cFFvGvj8kobJkMhdOfQV9g0ag72UABZX9/EhCmT9Onch35y6lwpxMvjvvKxuZG8KXXUWwvYGg+esGyvRx5f/WitLE3QZ89cMuEvhVhMGTxxO71aBZ1j+uG5SF3MXOqLhxPLuflEW5gky2fi0EG1b6cFx0EanPG4s6h95z9g11KBr7D39ZvCI/gQtY77kTteqWw7qs9VR9/Se33FxFGUfv0LM+hgIbA7wS9oFWujfyt+Qe3uzlyl49s/GBWCxEnKzAatWNWKUgBIO7omm7ky5Gv6qkNNutdNpsCs399wVkQ9rg51k3lPg5SP/WGMGh+ELM65Rg1fsH+E3fHFw94x7RntW8+1MlbKrYBd1/C7lMSQys79pis7Qch5kLYfpjT/7a6ghHyvpBtKCTbmrpkt4HbZ7xRB8+XAjnSalK2CI4CwKmf2VppVAueHiKCndfoX0vTkFvkjgHrJWAzSUzQTilmBetNYYCK3PSerQA7iscoj83EePKO3HPgtnQddscHhKQutBqWvMgGBtDFqJ56w72TPaFFSMOwtgZ8ZhqPoqX/NMF5RgByiiayrInjaDz5w0Iu3cWU4u8cTv84a3ND+BGvh7tUTcBtX+avNlJD2umPqKR+wXwTrEpVoyug8/XS0CpTpElfq2lJcutQSdsPM9f/Q3mfD7DjXuN2XLfTJhuEkcrZXbBgFIumH4TYzKwBPXihbToIYNYaTbMd/xFR97folnf1jL1Ercob8ekyixaelkantvn0P5tXhj7dAH9UxfHI9wDpio3+aJiFE3L6IU9vf0Q0SUAvfbLuFrvBwgdmQsl2rV8/M12+C9lPpRuPwMfb6+GPS2j+aHhWBAfzqWt/8RApHotn+xeS+cCKuFK0wu21c3mSg0DmFJqSbJ/dWHXlVdQN+EXh5uG4YDkIfSzzuRXbY+5+3QQzzo+hiPG7odt3mYQO/8Gs/85zu+/A8cCT+BXiTe0epIlaJzbDJFBM7jW6TuUCFmBbKAALx5ZT/pPT9Gx5QNAz7vRqMycK91M8Z32BfAJTOTPEsKwpOYtXlUeBOU4gPqhDbQvth6E9WxBPWg0TRntgG5BW9jbQBGkLz6nCPdtOE69DjLfqtHSOckc3vKXHieK8c/XtjxxQhYWsQTUSZfA1leGtBT74O3vBLhrGQNF9q/gwIxJINhlQdOHt7DSVSPo9pBCj93zWbarl3fLpeET/Rcw8L2IxSUq0CHSgbPF/EE43gTy9iVjohnRfkc9jr92HRz722hWyQ9IPSvMLx/IU3WKC9kvFobGRD1c+es1r2q9SBvXefCmoIvUO9qeHa8b4MXBX/TFqhts0wzA3j6TzuwaiW3ZxVAZLEnFczX5g246Lmu5w3Yv5fD97788cr4WnFozBfcfi6TY8xEkEeBLNsNt0HAgk/94fkMlZXscIVAIehOkIeJNK6389RF0DWei0hZHjL+wmp+prqVnF3pgxKbLZPnRFPdVjQUf4Ruo//YuhP0Zhrlu3vh+vDGp+WzGzpVe1FRljY/sjrLPAgHYM+MNxDhXQUWFHW78dgWGjptgndNorvBShcZ7/vCp1g0jt4tAKi/FlpHOVLpfgC0eZbFPygc6JC7HQRHZYBqzj4JMfbluky3cXPyBHIM8QdfgO7j9jQKvVYhHrUX45useNvBrolXjD7K/rBHkHN+F0fIVcL5GjiVmBoPXCTXU/PWL/2xxI+V3h3DhMik4/UEEsk460a5iIU7//Jvk/JrooHUrOd98A1Yj9tBkCREUTU2Gu15TwdmiBIZHOuHTC9I07U8DlgT8hOGTp0Fv/zVEzQ044Wkk7bklDDJHHvKXadJsOLMHfLWsaSt+oomxtXjfs48KHYsp3I/5nKQAGG4w5jaJVnAsfUG3tyig8OdZsEU6n/5pn4UdX7eByVxJHGUyDs5+l2ExbGZ+7AJfFb7hJ0FxlPzjig2J+1hJfTLbBLzku0cswWy5OuqXZlNG0ivYPPiDt5IVm6jqsNtCGfiWOwId/oVSvKM1lAUpg72WPx22yudRPvOxO6SDQrY8BSm1Ofj2eAP8vjiKZkRog2tcOoVOz4CWSyfg3boIzDi3DlS9t5L75QGo+zOdUpffJ0fxSSA/Voamr0xHnQNXQfDLClSedwak5S7jjjP22C4xmktgG7c/0YQDab4ob+bADvcKoHfrTR49y5h+un5GybYoGu82jqdaO4Go8EQY+6GSD3Yl8oxMJRK+n8vigiswJ385/bQyI25p45dHXtPHdZqQEn6N7zxbAdK5smz8ivFhcCLsKHxIH4or8cbATd4vkwH987Sgo/wkD157ze8dhlDKPAZOm1mAnfB8ll0Yj3EfZ+LtlgvovlMeutfuwuwmP0x3nkE/bCdAY3A+zAqOoUnH++Gh5Su8Jd5BLq8M4Fu1O/xcVMqNbgt5lf0REthUwGNz1OGe4CEcERMH8p+r8L8aW3g3Mxxkz8TT/ohPFK0yldpSJvGa2tmYnh+MRgtn8coJgfz5N0PWxTBS8Kqm7BsLYF6ALDiJBuOijE949T9pWiwtjJyfDgd+WIKCdAFJZe7mgOwfNLVYFL8srAC9yRXw/YsNrTC9w4WNQvAkSwdqA70xc1QJC64V5D771zx8ahr3RZhSVl0Vyqp8guOrkkD2uTh0LnbBePUeFJEdwIuHnqPjU2Uc+7UFLO7K4Jzcmfj871+aUGsICd75PDFmAW6+vRn0/qSDkbgdjRFTgYf9Hvw69QptSrjO81gIFCPa8UW+Gl4ePoiGsmUgl50FjntMeZZXCF4+aoLXTAqwR2wqzLb2xzfHjVF4fzoFPnrFS+o78diqKxDn9wtkNZNxn9ZhfJNnDFvPfqT1247ih7xWkihRgZn343n62RO0++xhTpPPwsM2x6hGTBCM3nvAxzJbPBP+BfaNTsaoDYGk1vCEy71KoeH9et5YNhoktphBxg4zuJuQyEfVPqB/Ux4+EkvEB71X2ep+E56cHQQdj01wioYFhKfcxzqJueS7NBza1Koh+EokYIwtPa5vw9O37/Cajisk3SYL0SoypHxMETqXxfOfmXtBQPoKOPvb0GeXM9AaeZ4vH9kL/2IVIEpLAEaIRfEif1kosV+P8WZlsKGtGS/mpMCDq4Ls4PwfyXjZQtiGmWTg7gAhNB4mBV3kihPj8O2SRn7SuAvWXMqgQ19D2W2SCphri9NWIxGMbZDHjAwF0BQfjVX/+aKcfyLYOSRw2JX5vO+1Ggxcv4VShYOo7lHKfoaNFBjXQCFrMuiE/T8Q8hLiix2fIPS6GbT4/ASVj9vYaY0zOJ0dZNk4c7QcNZ4kjm8G2/bTVN4dj/9yJWBZWyV1Lg7mV1pzyEHmCvv13IKMec2cZ54Mmit0KWTqa+z8oQTpm+JAWeQwxquXkVJBGbQYfSOLqs+w6vgMisdyyDv5nsVjZaCpIAykX/exgJsLNM64xNZ3Anj1UA36bfCFOfAEV0wRwGEzTbhUmURGc0ZgeYYdHI0LoE1Xd+Cr7T/h1+sU0hdbBSeHQrH+uDDcrH+K06VVUT+kjgIG3vDDpctJb+YQC/77Ctfu5MGJ5D6Y72oCFv3+kGc2BJ7Dr3HOX2dyrl/Ks8WUOTvqFhx3Nae9R9bRGacJ8Lx5LtstyObjAQf55zF7ejdGk7s/ePM6laP0YNJ1+NNqwJ++joXSZ6/x3WYbXn4tjmd6TUfT97L8ucQA+v8ocs4/MQ7SDaHqUkGIWN1C2+XC2XPxT5x2S5Msvi7F9Nr5OCvlOd4LuA3Vmd043EQwwa2CTTzW4p7psljUvpiNVDJhiegTrlGTYieZdhph9YtvTpMF9Wum5OKyiWZsz+d3iuMxYrEwBb/ZA32OJzFm9hJyeqpPVz3MYfv5N5Ay7wRunL4fl7sbwv5Rb1lbx4n0/iskt4AU+mefik1FhvBYYiU2HIoGl2mN8HKCHc0MCaZxK1vxZMpOcPayho2eH+Gk/ARwIh9uCCmGWaLjeMw3a7aatJ09FYZ4zqph+jseyexLFa94qwznBydC3LMw7KjbTz//LeP0E0jrrkaC7oh1qPtyJGakP4FSNxO4k+pIw0/z8SZ8wrQFWeDQ00ONy0ygK1ERM/4YspnyRpxdaAP+fQHwa/YXvJFcATP8MnnbARe4172Mvwh8ockxQTTw6yBt+GMNmy5Jo9Iea/wV6wHtEdux//5muKP/EV7tiYZuDUV+5xyA3a4ETy8fgSElZ6r9IY9HIrLpSPFTbIgbi+316bTzy3eIXDkdzSbKQeai6ZD+URNXuwpj7oJ6UNeJQJGaFJrXlgRl/4JQY7wLmQQA2Gz9C45LT0Cp1XNQ7ukm48YoWNj4nBZkn4ajGpsgu3QBH9KWgJuKUfg54DRKXM2BPc/WwIquGFipkw3V3+bT5v2PeDCgAwc2KcOdQwfwyjdxuue8i6oC+2jgswfbYz5+MU2jxo5hHH0hip0EAcTGvsBdlxmdbv5gp91fYa66AxpbLaVDFq9I7Uo3vHizhtU9ZSDsjiX4K57giVnDVJaaQ9N120El5SGJqKjDvHUvaKdZHuivAwj+95CEpK5D8Zy3KOQTQGn3izim+gFKhWvyx5lKlKDXB27qGvDbYTPtFvvCvpUP+dRoNZ5H4rBB4A6UJ2tQ9aVevrJoGreLmMLpUz6YdxrRKecJWmklQHpUHN9dkcm32xxwy65reLZlBEXJGMMyl/Vc8l8eRh35i1aLuqElVAnn9LWj3YWVePzdDzAXWoPyvwWh5etxHHd5N6bu2ALRF304Y5w0pFrN4rlpvbDQzIciYmL4la8kJK5MoRETIil3yhNeMXIEKaypYjeDOpxvK0r/Wq9y6M35vGq5CWw/G8veWmfh4MIV+K0whasGVChw1wo42/Kdpwf2kaF0FUy4aATLbdTps2YOiJ7tw/3PfnDSPCWO2hEPLsukaIHnJuwZKuKGgLFw4M9HTIBaeLPTkSZeGQtfJx1Cb0NpMik+yqn/GVJR6GO6+G0CKFr84n2mwWRwYxtMbMjAKRvz6GGNNE9/Ls8fbZU4cHkqaUtaQmDGb+h6/ZWuN5Zh+/tRGFBrhRx2gjSNjtFBAYTD2YfBPEAW1jRuhJhlUXTmZgnF9Q1ymuQnmPNElY8dE+FBC3PYVJ7OSal64Bi6Ff3eZ1CR5W9e6TISBqfO5oUz16Cuig2lqIdxW18TjhytCivHeOCPlil4oOseLb9+GgfVRfjpm+3U+rgGFgUf4C/PNWBOrh7UGI5Fhy1N9G+PFn/PN+ejXt9JZsdl3m8gBzqCvth2+iIHGYyFzWnrWLm+FFXEu2ifmwjeIA120p/C53u34LT1W3BQ2Yes9K0ht/odphVNoO9xiRS5fSvJdcThW1dHfDcqhRU1A+iUnxHOlLOC6akTwCvpL5SMf84ZxYH0xvQdiO6+BkFLhfjIQBdpBWyChBQLWBTeiF1BOmxrHIJeyo44suQ5fur4ybOkv0DKgBSNe29GtxzkocvzJci/a8ATvYHUFhsNMlc6oTDgAS4bPIVv3G+B4HkbrtEXhHt61yjVVYVb3jwjx5KHpFI6G/X85tPyq6eptDUAxd9qsfS9KVCRt5hHzO6AMePyYdq4MmrKfY8b3+6C1ztU+aVIOe+6dQ9ilxrC7Zx6bsqThXHCd8jgwjoMintIS7OZu1uW8nqhRfD4XhakjgVY2jALVeQj8MJxYfSbIQWR61dCYa0wiU0JZanfqaz41gh0XljD7oz1dNe/DdXvebPKgyY2GWOPYrvP8rodkkDrHrC4kTtsmqQEUQ6epJzBwB+v8fHG5aAQ786jcm6BQuA7GtV3n/4N7aczwVPAoGsAAupVQFYglWeHWZOZzFRa5fuNTu9YCZmLyyE1IpfMky3BvSieDu85ArMFkzh0Yy6JH1/BlTv3kNm0F3D+oAZ7j3lGCasmQeOIYQpxPQf7mhsp8/12NnKZDMa34snPdzn5Dk6HgdYcdNqsBDPiUyHzYyTPLfjNI61yyTEqk7LUzWhmXDdpTX0Ae+ZuxiPhFjD7qiaU6ZvT7Qe/WCjDjG0mm5FxuwbcELsJa8a3wtTYBVAZoQIH0m7wue9rYfTrQng34QoKyG2Hs2cvcefv2yC1Xx5fwXq8qG4JRk/vwvorG8ktNRLv2fqBRfQZ9gnM4pq+R7Tb8DdKGZbAsj+jYFNXFI6aEsWXCv9Avkg7jO5ErJefSKUrVfhM3BQyt7oEH6xGglSPMQ2OcuTlq49Bplcf/5MVg+pZb9Dk0iYoTU7k4Vv3aUuXFORXWUKV5nHaY0p41G8eXTrfgTH2TNctABZ9tQPh8xq8RlwCtqq+opcUArrN2XDXcDKIL2in+bPOgRwIsvHuFGz2E8WuVgXwtbDmWi9PKN3hylHRsyHrTgzsmNaLHYuGcbWVBo59b8QrlUfD6QMfuGHSJJh+IJJaNxzliPVMTS/DuWygkR0b++i/cyPxd6gUSL5jPBX2FLZkxZOzmxONmlFCIpYfoFtSiX1bFkN8/3cwNZ8I6oWCzA3F7Dwnm0q3inGJ2QMIE77Pe/dpUH6sLM1O0KUjFRLgPGc6P1DMwhjZAaqzyIYEGkFb/nRTy8uZ7PekgztER+DcA5NhyrUrXJc1Ffa1t6PV4Wrw9V4IRzoT8fdDR5ofbMLHymNQ/q4JaP6MxuoSP9bN0qJPhx5QSX819xcspKCPu1h30Sp2fLEYxmySh5zJkhgaMpk8pe9CfeUtuiM3FQ52q3CRtSK0DmvyzjOG5BtpA6PcStnOaD3ynjVsUZfCIaJveWXDTzY69IgHDs6g6vPq/NII4FV3MoceT6bUFa108YQOT43cw2NePyEeFKIiIxMs2FSDsf1jYLaHPLbOnMzuWwdBpDkV8y3iSG7xItp4vwlzs31Bu9SW0o1Hwh7fGvhjup0qDH5A6+jzdDLpNj7S3I6Blj0UlvSQher+I6+XI+FwzTjUK2jiKq12uLkPyN7pDo3ZF4ePHwyhjMYZvLh0ElV+NoEGwclw2jiZu64vA/MZb/DWor30Ru4KlHi+hM2d9uB8vIwc3qmAQ1sLwL176D3uFJjfnwej1iyCMKVWrug7xefli8izOQv3TbYCl8E0LHs1g46JWUHQ2RPc/NqB6gNy6M2tYBj33yPyXrWRnxWKww7Rl/x1lCz3jrbFUJO9dC1mmKxuiMJ63QW08NJSMD5zGHP9paFbvYviVHxgyRx/7gy4DHuNg2lcxE+UE9pGeSJncd26iyAiqA9PRY6yY+JlmPZiFc2QqmH1S6fIbtlPThv8itbCyIMCSby+Sh8enToGjZ676EHEOWhathekQh7hmnrio5PaucZuHq1tyYQNJAJhTb7gYj1AZx7Mg7h8U57oEchOIiaotOMPXdqhSOkvM+FMsA1U/HbnvH5XiJdrp3HnvvPppy+o+MQOvhJtSru+VLKTdwrtO8Qg8KITFS96QGfpNGirRJY6Jwwb+pfBmmFBPJRjRKXm8ZR1VgGu8Cw+0/4fLzwkiiPLp5NvjytIug3C8uFHnFY5GXsPj0bzjwDtzptx5QRN0N58FB5ab8cChXg+L6+Hdx3CqVRoOwqovecqrQnwylEdhSTUyCr5LU2fVcP+ryVYtHwce+/s4wMZFiRzLZE3danBm7YJvKE8ii5ev0E7ex7Do3Vnudm4DF7f/YWfZP+BTb04D50zh1Ox83nR1xV8Ok4KNjZX0JkFHiA9u5K0ezpguW0iZke1YaHeBNj48wEuylsAngmb6cavvbg94Tt0R2fD63UP8O+hPBCq24Ffn6jAt/wl+D4nnW+ff4x1I67xxvgWLp6nTyX1E8H1ah0WGiXBAdHRUNUwB+bdzOVsvX4+ru6Is2dNpNvvokn1lDFUqepD2N7rKPTGCA5uaaKrcf9YKUwU9oSfwVc/tuHMJ+qcYBBPOqoF6BGrjw6LdcBaQo3V1u3hcrel1NYry1LWE8hsuQWO6fHGi6kTEDsj8fxOTQiZYY2ZB+Wh01uah6vKoHVFINukL+Grtzzw6IoSho1M+25LgvKMPL66uREu31zKb3RicP6bFMr/LQfDraos2lvITU+XoXqiIXyddgsm7jAjx5n7IFzWniJ3LiC1R6tQPaeEOl+b0+X2fKpYZwj3ljnww3PfuNVcCo83qGBo7RqUdNPCqoXxEHpHjGpkdnHHAgFwtlpDTg3dsHFAGC5HR+P8Ymf675Uf3jlciCe5j4RyA0mmWxfqDxfhvpgiOLPlN/quuk0fO3Jhg4gO/ddXhbvtF8HFw5p0aYkpuM0yA7PScF6a2kQFfsQbzMbj2JAHNBgyhDseviG/gv28Y4MwZC93pLJ4fRK4P4Y/375DT3aVsEtEA7+7/B+3WYzEexvsuP6NBDjPE4P4lT48f20HOsnLkv/7Nfh6ZzH2XtOmiYHPKOpYLDYfVwAROUHSOiIMa1TqQPnlUkrvqKOWdQvxr8kGbuy6hBE6KTTawAh07M/x+4AxWJeijLtWRLPStAJo9AqgKDlh7LMZpjO1t3ln8BTwMvOAsYlm+ExtOskd2MQ5Xkv4Ga/iCb+aoKSxkLxuxfH6IGv4eywFV4sK0DGH2XQpcQUXZMWBs/wRqLvxkq1txmLjUgMwzJWB3PIaKFLJJDXPGpTd3cICWf9hoo0PqH9/w48ET3HwvQCaVyMFxr45kJQkQ7paW9jscjdVNO+HC6dm0d69prQ3H8BhXgNjnDKE3/WjMeeP47JV66ln0iSIubuBKur2cvW2JbQ3rpe6y5Op86o6nPgZiDtGpPGHs14o5T+TThUlQ/W4XDowwZg+uavirshyjBbXgM9KF3j37LWkt2QCtZ/ehyLXhdleYiRryN9ktasDoKpdDWLXzEHWOQcflpYSzWkmmzX5+O5sBVZJXIP9yt4YPHc6GVSq45rjk+HBk5VUIacPt1cr45dtjlwuJICfRspDpNpE2DJiHL9dowKlHhPhonAn71fMgWt9nuR2JRl09/Xib62raHO3Arfe68H5yZtQvFUIgou24bzgElxtvIc9X7axy+h+THJbDOPeJ4FYtCNN7neFO4+MYXLRL8ycuJwuVz2GpEFVPC4xHi5v3wpvLm2FpYYb+NaZjfz4iQgcnFxPHyd4Umi+Hj9WVES3egH6m1/Ho22eouK5UHzFjzH62gg4MZzAN6Y50/mEpbi2fi+JJS9GyZPVENf8AnfImKObugJZFTFYyc8De/2vcMt+Jugl2OH6pkkgajcJOya/x5JvU5hO/WX3h7rQPFWLeuTseZT+Y/i9+iBeS15Af6bMwvrfADM+quCn8hU49aoZvA4+RFcnanNsyCqSS+7AlG0RtMZMg6OOHWSfw6XsLbkZh40VQbhoOpq9PMhuxg9xo88aDN5ZS096FpLYk1iI7V5GKqmBaO85AcpP9/P4YyaIQ3952spD9FO+AGNt8jBqgSJKVI1Dz/Ja7FxlAb6NlbDi11+el8IUff4zrL/2DVKSf5DPHDm0+u8ueBZaoHWwKYw0iMbRWybSRuuPcCNBCiZGHEaBUHPO1Y1B2wYNONn6kXsjbSAubTd5HrhNM47I4RO30/CZdqGjXB9l72hgoYWLaF/NCs7LV4bfYS846F0pZT86AC9WW4L62WhcdecWzsxJx/sJw/xghQ23CiqCRnoNG1nNgHsLnvOa6Atk1zXAls/3YPHnLFZrUoTW9sXwYooC+I8MAmWcwR8aImn3eHu2/NnNTmPSYGtfANTN3YIK4fvxsqIiqKVHo1/RVtqh8Q17dVfTUK43e2+/BUub67Dj3x/sm21Ivav0IV27kJXW5MIYm3fwfO8Sjt6+BU7/GIfqR5bzC/1P1PN9Gr34Kw+iDSvROyQHJtyswfJRV3hgkR5VftEjz6MJ/ORlA1mu2g5RmtrAmkI0YsVivpw4gqpqHShRroTVNmfChJuXOXfkTPQIuAXdw4Kw2KGPxnka0+Trfiz4TwBO7g/HvgN7yW3MXJhcvQ2CNmyD2yL6oCq4H96PrQDrzI0wxvI8zFzngAOXpfBczi1ucp9Go49uoaxqbWg0lIddf9JIYeAgh+wW5REhI9B+ZA+/H/MT9v18ChFfnDFNbRwoJh7Asu9v0C4mGsNdhOFfoStTcyyqVkZyjJQeVb3YCverRsK+uf3o9NKPnwQL4M/YCJpO03BnyBIobV/L6/82UnxrGqVFACg8DGEZ1z6eVzkRc1YJAZt78L+jGnj69zbsr41Au9mBIBYsCLs9dpJQvwztVzoFyd+tsbpqOz6bUwsmq+rY5bwUJ69Io3UjR8Lh569AZaw8Hh89FgLc/WC8YBZ2/ZHmhSFFtDkhlXwU7di3SBJKDJp4raA3GC+Yx3mj5vNX1ZtQmqaL6d23YfffKE6UVQbXWmNoDboC6Rf+ov7OJC7qew289Teq9j2h77uHuOWZEL8wTmJRW30IfB1Mc1MDSO9BFR39MAGnv7OFz4JDeLNhGK8MfoEtv6PxSs8k8LGSwtsnArEsSpOPXrLA4KVJcNUqFXR0ZoDv6Fh8fMAOHssZg71eBy+sd4SXCy9Ap6QN1Wdm450nRmTqXchBCmOxc48F3FytAdvvi8Ifz2sUjZe5ZuVofn2vlAcv3WXD2O2wf2sV/JUcwmm6Y/9v/u81WRGcxZegp34kprSLUPyE9TT2YiOtrXDnqTaxkKz7DKFKDARP7KEMiTCS6h5HU3cL8ZhvpRD6dTtKtJjh5/s1NHXNaowaJwYWIxrA5N9S9JuWzYW61dwz/x6IHtsB4Rdu8qQZcvior59mvzaAhJMnUSpxB6q5/+Pfvfuw4ncPqn+0oC9dDxltr+PWM9cx32YC5A1l8a76CtpyRQbqXUbDc0ckF/oNZy7pwtuGtTD/hBZ6NkyFqLOuOCt7IQ7M+UPLz+7iAON5GJSzAMTXH8BasSoYfmtOoXu0odLdlGeon+Pp/v40+tdE8mzQBw2nTKgpMMB5ibvh8vwFWOJrAdU7hNCkqIyF9YtQsTsNMzVdUcHQm/490YTE3S9AYNVXSG6yAby7BExvL0OJuwP0zqqAlVw3wJyQMDyqMZPGC/WgZ7k4Br4ygLS191mzwJo1r/4HezVywWn8cXg024JzJcuoefdP+upTwCs95OBz2isSu7OfZm0sxl2ZitxnrcZfdwiQ2wp/OKqqQocnLmSeLA5xS+6gja0AduaFQrrldjhveYlf+WqC1jwv3LFoNZ9MUwAlA4bNlZtAe6cGyUw8geFTlpPDHUuKMSzEwyuWUbytO51WK0HZT+qwztUZM/0kSX3nFKyaGsGrDC7wksuvOPVABm1XW8NCUSsoP1cPLsm34l8fNXbW/QdXU90pLnwHmKs44dWVx8A+SAojUj0oeaUIbGxeittWhOHs+mzM267HgV7jsWNBD9v9EsI2Nxl0v9wHQVGq8PigKBXdkecRstG0Z3IxZU7PgElKrZi9tBgGv3zBA1UxOKZaErwrw/CpmxVo1DIvufAXhesMeMfDGLjzLJ1OZ92iDq90fqIgD+pXp5L7w22cvroDcm18sdDQkGx1TfHYJDEwW/AMnfQEeGONODh0JVH2WQ96uzYITHzuQ9wL5qR9suRx4DJ8vFkE3z+J8KgsOXB9K0M7l4SStuoKum8WjnJJwphaeoMqii9Q68w2knGZAZY39CHVswAt77/G6faT0e+NAOZMdMMpT4/hJH19WnxvAaS323HsJBFQV83DgV9jcOjKOPCccoc7y2bxvTM9eGXidBiKqcFN+nZ8pEIYTi93h13/lXL0DXlS37Ob4pbVsmDAJdh5WIhuHV/A+skHecheEKSMnSg6xQKexCVw+8ARKDFbAaerpPBcwWP2Wt+OeetT6YSBNLx4XczXYm5y7refNGh9jiZu2YM3rFpwaepvahVJxAiXveggKwlNe2rRT0aBkkQYnOkRV6YrQOXsSPSYfRd3lo7n5TvFYYW5MEgcS8DmRcFUI5QKy78E8jPzMqgu98WfGrpQMfswXB/hz8nzRaEjTAJ+bdXkZmFk7/QmWrN/Ii94egD3bfSFvQXrOK86ADfMUYAlM5dzmNIAGP7VZDzZimeyb4NryyCKXzenpJg8epu8FFyu6cPO/gl8GL+TesZS/LUzGo0jXsGhoemoM38uz29NhzMzikgn1AwOpr3njdYPGQW8gdqRhZO+c6TXOjQMTeIV33JopdNDPuQA0FogQyn1rZQ5+xk/lVKmFU8SWWeuJQ8GN1PCQDF3Z8zGD61m8Dnak7cF6rOk/TMSWRSDEXkH0OSmO0eKC7Je+Hms3Z0LhkKK4NSzCurENeh+2lMaDFsLJ3khC5vcRP+5deyRMo1HdIwBh1gFGHPegdzC9NDmVzGZX5hH4RHRqCGpTtaSjTTgswuqZXLJN3MSTE2ug94Fp/DdjnRW3DKL/rZ0wfcx40A4+SOLiZyCZJ1HoPOdIMJFGoecxkDEXSk8t8Mda068oPeihbS+JY8n33wJW2/noZePDiy+bwTJMUb41PIWWXy3xfGO7vin7wbaHd4HAVb7INcvBQ7rmoPLUCC6bPbnEKt++rT4PFgeHoHRMqOBl3RDuI0hlJ3ogGc9auCx1ZV/pifiAfyMt3uKaUJID1afXoiJNi/JYNNllBhzDR7fUYEf/sOwTLaUSkbJQ2/rD9r2bjWbXyqgH97DLJtQghuGpFD9jA5oyd+jLk1ZHqvWi2+lCtHSx41lysXQIVsWm7cmkHhLO+77ownKrvtpQ5EJ3859h23vOnGMgB2eOl3OzxdGUujzMhaJTOLaVEnozZKF59aVkPh1OhaUxvLTAQ3e3PgXNC4soU2czl97/CAh1wpmlUtDlVYTVdto0VXPJhxODuArv0ehfsg7cE95T9WuOjz0ZgIIvruMHebfqHvffCweaQqfJ94Az+hwTjatp4T9j1l7/DL4vY3AXf8j/U3bhRWSw9jcfZQ/Vp6BkqNybDEmANtq+lk15zO1vwEQN56DzwSKQV7qBG8ZWkLTEsRh0KGBrq6dRDWLn/KkrRl8+pgJSMz5j5/YRJPG01Fc2TQW58qupnTPLJh7QRXTgx6z3CF/kK23geDwEI5TW8Kpcet5QEsdZoufZ/sZ87D8twEcWdHJp7KS0GhQEBzeAkWPjsSKU86w3NCeji1K4W2mj9lL3BIDT61GW5NQUgENsO6cy09c7rNF23q4f3ctnfzPklyzf/P0kkUs47UJLsqEcF+0NhzeO4Ru5U74N1wXLL6Yw6SXZqDiJQ7Ogp8obn0slg4I0WUZAzhjn4E/Y+NpxuANUI1+SA3F6zBC1I7zxlbi1YBUuGgUidKkCYvLtkCWhycqr4zCgHY58vI05SNdLpAY30I++w+BxVlj9H0H8N9yd5AavELhurs5Ymw2nlXuB5PTphja8wgEfOSoWvogGSpNgI6tRJZ7l6LdhToUSNnJXzUFcE+rMV+IyaVKTwUOOnqajy2whLiwfHLxuMJ7hwzhuslRXuFugOV9/uT2aDq/HGwgLStj9PlhBF1PRGlxoz2Nse3k/gYBenTkJSza/QgnZg3zDPXDNPSonBwMNEEt/wVhrim9mPiBrn8bB7dtV+HhfFW66VGIN7++JcEzJ6g4SRPC6yditXIhv7rgze7/uXDlih6+cN+b/ytogv2zM7BpXwIrmylC8d7NvL79K3uPdcFxSb/hyzI38LTxQEFpYzAdjCIFi2BSLlQHC3thVtOt5d9L4zFzQAGlmrZxsd4b/Pt1kD32xJKP0WQW7DeAkZeiSC5XBMzMguld0wigKFH2053DuQpfqShTBM3DtnLrtnEwuf4EONi2k+prPbIQeMe7jENhXWozX5spxfntnziqrQ7rNjA4jTDlhnB34sP/kafEArCc8YoOpy7F5IBfmDbeFpTPLqEXRtowSX8jnVU+yJN3FEOV3zL+GdnDVq+FoHnWATAf3wIvTl3kG41m4CHtSNNCVDlw7xkoytOHz87rWHnCa2q4P0y/jkwjzRelvPDeaNgi5sq9Rxxh+JYvUW0HvZfXo5FROhi0+xoWpblyp/U9tvs8CmoNWili/GOa/sST7yqcoHWJ6/mkfyUtCPCBsweDaZmXFij5TIJvu35DWiGQm7YLn2gIxJW9VrxAzZ79JvtS13Fbuu1vTXNAHRSgCA2L/kCUjy5/711It9/tBvR5gIriodh7ayTs3z+HV0ZpAPk5g5JxNd8M2oXpvyUJaodIZMFujq28STdOubHdiiD6+80Izm0P4l8DMWS7So36HjSytOoyUMhdixs8LvDVz4EwIesDK2sbQZdpPi8uTaZno/4jf0Uf3mSXxf7nqtBZch3pX7jA8lFz0UNnJJBaF4pdKMW5BX84ueIuLZypT8/Lp8Ia6/3gnVPGCaIPuVZ0NOwblOC729bwo3FN6HhqN1aY5ZH5OltyyRxEv0Xb0MB7GsiNNIXdEV/4+cgxvFc0CNO6XGG28RS2rtXCkf8jAD4AQkCgAID+UdKQdkqlUtHUUGkiRIkKRYRIyYyuaEhlhBQRJbtJGSFKRhqkRIOUaFBRChElIvf6UoCWXeD/Hm3k6jYtkH2wD7+8jieFMAl46a/DsovjKTPQkFw3eeJh1dGwzzyZVV5NguX3TWjzpmSS/KvDSSmD6HjsOdzoHAfNDeeo8LI7NhS7gNQ+Izjf0AV4t5Cv17iRVtwwjskWJYHwNdQ6OQmD9n5HmT+XIWycNgyqPmW9XGESHiqFh++VeY3DZxptdgtb7m8B92hfiLx9GrFqNMwVv0LkYgPi7X9x2yMzzkupYc8+V1gW2co21dPxre47ctgrCOX2G+jqmQ5svO0HKwyredfhNN6kywR3v8CXx+tgzo4k2tOpD0uVLWCn+FHwlzqEnriepm3owcm1frRM5wls7TxOc8OtKHX9CKg0cSZNugN7ZXr4accsMHkdBtSYx9qG93FDuxwGur4COVtZeO7BdMvpMIj8EAU5UW8esViIbXX7OHfuB7QsXsJKsyTo4GkTmLs7hr3zV/P+zkYYIXIHBt9tpXONhfB29yFqtMmCZ+KddOOTPvi1GrLpqB5Y/EQWQ73Gc/yTM3hppSJb3flESgFVkHpGkP/aCMEKjdeoFrwB9V3/8FuNDJbdEwh5q7LI7ro4Nc9awB75x1B4wAxkYi5B6BnCQ/rLeLtsJqdc9cK67hKqb93H/ZLuOErhMjZrGUKUZha0vf2OaZ2r6ID5NRL49wgk5I6y2MINUC+/nj7Nk+etX9WhYsISWNLux3GXY/BFrj3dSQfs3SYKsryF79X3UfShqTTopwEqBcE879NmqEmKpTC7J/CR9OFynw/Mj5nN4dbZLDdCBqXXWcKn6l46onQFF7SOxIKINFw2YjHXWl2lwKPvWHxTBd6Rl+RPJ0RAILkaoxviOH3WZzScWUWjSqOg9GoMnPviB7nH1rB43nw8flwPCrrWc94sbRbeZ02iyrPAYWUC5jn9wwv5KvBV8TF3+pyFVzWq4FoQQSuOHaf2mgPkPOsK5+jac6J5KvrIFrJvwzxqdzOns9+0oVCwiU1yj9GcnhucMFqAC62csL98DD2YZYGhg97sILIZ95gJw4NZSbDE4TzUfLuH5VIr4NlTU5I8v5++P5iAy++1wZeeLXBbUAQ2fumArZuInASrQf6XEr3ZeQ3z3+uhybAq3XtYDckn58FOE3nYtwCwEBQpU24VyR4y5BcW37g/KYU0xzrj0sRurvryCB91K4PDwUJeMzGeC+atxMOf63FRxkt+O1oQdK7rwwo1E7BJdoVVx61g98QwXvqhnecsTuMptZL4s/krRlw7jqmJ/eB2MAaXizfBw5niIC8iSQtXlaCBegcEBSbjDXbjba+3k8LBIsbNMyh1dTmvbtYGG6vvsFkzg8xO/aUEl6O4fvAb7e2vgNn7kjC2PRuGh4ew5KcQaHt+pICni7k3NoVKRqjz6O0ZXOnhjK6tYXA9qQWDIr9C6AwteKT5i7flOYDBpCSQ/FoLfqv64eHBc/hhuQhcFLhNjy+MREEdLZA+MwMbr+0mQ+G/dEv6Fj/8F8/in1zx8iJL1th3m6WDm2DtMVtQcthA/OgWJl44Syfnp/GtufX0vucfpwlp4CnxpTze7R7ti1SGyPw+0jf9zP4/DsPcH6KgLS3M33UvgqxlJaZMyiUjyzpe89EQ4mQXsJuZGh2t3Q4/r8ymX8vLqaWsARtyllHpuEVc6GYIM7ePgBDBa1TaMZne6TajfUw4bsYcMvOeyd8LluHAjXn43WIzqidrgVffSWwT/MM7o1agc8k34JwRbNQdzYd/udIl1R6w7Rdi1hwF35es5aDnWSx5VZOrspfxJdVlNKSmTR5rjDH0syUZNxZA+G8p8AppoCS/K2T17wssDFlLh/gwTPJ+wmJ+/Wyoo8+qc8zhXoYxLFFJxPFbJsCknX9ZSC+eHqrOhO3Ob1HXbj3d7Xcn5fo/cFuIYMl0VU6MS4dHklNIe6YbyjrvB4m7+zDNwY52PgZ6JvCTNXImg47rdfKdOR6FJUfza/sL+CKnA73NH3Ks8gAOOhyjGZOu4OLxk6G7fxcIPHrH6QcHSdHkOTnETGCJT1mYMycADpuvgPvaZ0FtI8Ktsnzym/sEu7pk4P2kED5k+AHV7N9wS9YWEtqsjM5BoXwsXRt6jPZiXGInF7yYDc9FCjko/DJd9LsPh7xLePZqBZC7Y4cPfWyg8lkiuhXL89ngZDAxP0bJByogVOsqzruagPWTknleaTSvVLSAH3MuQpnfMyr/3QpzYkPYa89OVrriAZs7j+LR9c14WLWSWs9NgGGL75Qy7ySNrFOgIouNkHh5A2uM6QbhHTtpj8gjHnmuliKfiMBfsXbQW6BLZ9MiacSndl5r+Q2/u++HL57LYEDnC8nFFRDGWINb4gRKy4rnwT897Fk0ki9fDeFFr3fhzBMmPCM1De8HVsNYU1HYl3+eV/UE8H6t33SiUQ2V5/ziE3uWc2ROFtdKa9PmyQfZ/tAIGAhcif8pGIB3w3qc4D8fox/NxLpz8uTD19Hl3ybw/veB39aaAG1cjF9uPIFypWY6fjUbZJfEYYuIDv9rKeHGNneue+UPOXPHwKNiYXQsOMLnzEroXUga0IU82lN3Hm5n5vOAjwkKyI2gSUusQOuXAu4HG7byS6FrxX9x0/ubHG75ENOUgcU9POCHezpKFhrA2eXiUOjsjt4Lg1G0tw2Wdb0ju8btcK8mjN+XF6Pnt1wY/1YDGj6cJ7fRw9T+thMu/XjJPzJGgNZuf7bXt+Upa/djVKYkVIdIw46vUfh7bz3J9j2jcMUhOqOxnDfqv8GiHaG4Y7c71XfKQHj+aPhjdxbTdx8DkSXVEGJuyu2xKjQyvQlH9qrDi2vxUCn4hCrnCoJM4XLUfPEU3L/qovkxZfSa8RNmpUzi6ydOU85bSzrwywf8CtUh++tl6HTxYs2weDA4dJYM1Y3hakQyYJgM9tyyhAnb7ejJAUEYY1ZBTeces4NYMfRfPwMlN+ZgzN4r2JE/liRclLGsKIw3fWN4PTcCG+MF+aVuJV4dx/DWQIpnqUXRZDiM29QE6Jfvan6lbAQ6SR2ocegFjF4xCewaOqGvcIgGo87DobH3YewhEXw/Q5yttylB7fn9PCbmA8ZWddFIYRHMul7MP/4lwa/sVRB5dAjy5F1Q9Yc1nPw0FWZ5PgYL3eno92Ai7kndwM2xJ+Go2Dd8f00NYP5onhUvB6uVpsKl/9JZvWgp5ms9hV/Ccui/1JcCBAT4pYg39mzIxZd9FrDa6greOv+JP4AVHtzjAGHb5uIOHXt+usCNWg4+hvldDLO+qkKj2yKcdEOBtzq8w+/zxTlBoYJOdQ/D4rzr5JhswDMjRmLSJ1k439tNRR9vcMrnRJq77R1f2LKSjv9+Rx/GK8K7lXVUr/yKU/oUAe12woX9fuxhcwn/XnQmn18NvL0/Am7L38QEydO0VTwUveOtIG1yHsLCQDjp+JBOfprBI8Mq4F9gJKUWDLBV6VL4ZSpJKxKVwcpQkvtjfcEjMor6DqjzUtnZeOTVHVSfqIwKqrJ0N6CKp95Xhpkpj6FMOJv/e7AaRZMlCRTf4rE0LVKv3ohh4dEUV21Oi6oUoVhhkEu1/Cji7jDUbRWBu1aXYWTtdHiUqQlqqz7AwOMZbKA9Evx17lKOtCVXFwuA2YpD+HpZI+S8l4WpA02cU+SNajPVsPCzNux1qANjy3hSGr6PxrsOwJoFibwnKJXu9FrCh8PG2KbmCbE6tpAS380ZN9PB7HcY68Tm0P6rBSy0+Rl5O0ez2BYh3G4mA8Fh2iAkP4JiVV/jtH8JiB6BJDhtB/mFzyH90BAwzLjIJ77+wvIFauDjZULYWIRaV4d5y7GDMNrLEfc8t4c9S0v5+f507Gofy6tuToKZ1gyJwUIkuMga0p/1YDs0sKuzPY68dp4du7P4iXIxDg3ZQNsWJ15n7kXazpcx89UOKq0I4ej9+6hNX4ml5hlQ+iVltCmRAYHx6+B3exwOFY7jhKdOrP1YlBO9rrG+kyIG9vawmFYcWLupgsIcUdIdv4gfb12Dzw+bo+3z1TgiWg2nVpnjcr15uPTFEj7WKQG6Z9/i1by5uDOygFqEJ+OjJF+OtRAHm0V7qOHFM/g8Iww104XAaGE1vnIZorWBe3Fo+VSyWDkazgjtxFXbMrDo7ix0w7uwrF8PHhs1cUDXTj6/rI3kZxqQ1zVfrrl7mgaaHsPF+Wmk8mIIV9bbgCSvQodpM3Hxm910P1cSxy4qYsWFwjh22QX64pBNHybLgPlBJYh/pcQNpZXQ3tKOBc4idP2ZHSl8tcLO1uewf+sRPNizDScaiMCDwzF0LCMT/zzypbwsfz6t84Vmr6lgy8OdaLx7FN/eIs4rz02E4JMy5DG8mJ8r7yX7R61sdf0R5nZcBGPPWWige5QmaV4j3ckIR5a6YOcpazjQEoVnP3TDJBlFlFIShuDOElwz3REc8oUparMVfNqlRjfvXeK5TobgV/ka7/nWYa7AHDIVroGk3/3wfV0irhu0hh77Xax7IJZyf1aAxpVvdDCR8Ub5Ldz3R5hv6TbT53969BiMYdtIY5wyzxg2pU6gi/LKuLWwD/+srCJbz34qnhcA/oufUscOZUiVL6bOT6HUY3qBIwMjuEirmOVlNsHTgh30nFyhKaKXrlpJga3kNa6dEozvJq6Aw5PvQtjJj/Cl/ABf+joHhi4fp/kLRbk2zgTKCuPB3j+fdx5egskPp4KkqAg3uahQSbM53VFURoe6P7x9hAHMa0hne/FQ3nHbmcpbL7B+8AH4N2TAbidL+UCLBIuezKCB2RIQUfsPhGwcWKbyHsofbESvSf1saz8Br3asgYx8O6zc+4eMYlTB0XwJSy54B3l1UXQ5JRriBdyhbMNzrqyowN4Af/xZNZIJJsP9ZKAyeTdOnCXH7X+JB49sI5fD/+js6kJq3hRB01pP4vhLcqDxMp21o5Qwe7kp79rgz6m/X9KqeYa49VU/h83NIZWcWPJIEIADRwdppUIjXA8zBOeaT/x5uhSmVP7Cwenfed4xUaiQLOKOHC0o3dLDKlGyeLLGlDS94jB28ClWbwuBUS/tYUqBBo2ru4+Ft/XBzkCY4wozOGdjDgfphEDulRm4dHkoDz3JwH3HNDBnVTudTxaAnaMAHv8wgBC3e3RjzRI+eGs8piqOwTdbf+DgkwYc0DAi4f9UwMy4miY++g4jkptp8wpLfJxnCp879dhudxCEvblHi0QWonuTDGh8yaHD9/IhY+4z2mMpBaWnUmjF+BCY/qYNXg7XQnrOH/iXag7BPgrwZ/Me6lkoTgvqMljpYBDPfZ3PhZcz8dO4ejjxUgLObbICg1ARwE4N9jr0Bj8urqPyC1H8SfkYLfVugn3dArQoYAv/nWcG7orWLCZSBoeqG8CNrmLxhkWU+OASOdsfw6ezzOmO5kpoPW8Km6PNIMqyHRRkLTCVRkK0kTDKNfayb/tKMHM/hJ+1onhcyXhYfseO40y2wLHpbnSrNx5KSiaQhsVLvDrvM406YE8pXu1UtUMXrsZl8RUzI2je2EXJz3tg2To/rh5sIRcFJ9RKOEDh+lfx4zllsHnRgLpOM1krPJNP9K4n6QOfeXLsTxyYmg5VG5pJ7qQ9n7AdC38Ux6HelImgvP0XzJkgREWXs8FquA4aZkxkl4CTtNrmFI6IlodvZdfY+ug9dtUdQrOjgbRaaSN3JC7g82dfs299Cr5yj4Jft0xAccQDPLRIBP9L2syXukNJ89Ig3fEW5vakBbT3ZCUnRFjA1QAEwctyXPDGHc9VlsHHrBZMqorhbd8d4OBxS5wZ6EBr3kjB+mAR+M/oFjurR1DVuv2UXHsVw11WgrzAanyma8mjUon/q5Tg8+6q0NP5D3R1KnFfwXEoMgzgVv9kTktaD2reySD3fTR2BVmRpoEChOyZi7E1auD/0Bu7b27lMqNHLHA2HbamRcG5qAT2aQoke2cpyICdXNG7nLYv/sDNHzdCxOMaWutgCR8UR4DXy810PesUk6EqnPIVoKQ+X3KqyOYRpa6QH34Tq3wzeL5OBtQktMCFt5tgsocpuPiuhbPLXXDvjW8koT8GffUkSGr9ctB0LEL7n8HgNriAm3UB2sy6uaM8jyOfTKLtesPQe3gt3jPzh8xv3ri89x07eK3BCykKMMpGkMf/zKG391u48ZsTC1+RhHO90znE6SI15IXhHfUWoGhDkFbTgNlrq3HPKUmoT8zlsyutsGdNHnYX+2OxyhlOMRZFhxVK8Et3PIuHRsA2Y2W4tPAmWW5eCvvfjsfa82W46ZkAeDzP5gQzhpyUAu6yPcV7Bk+AmcUVThc+xlezmyDUYQvGHH8CldUuNPGwGrR1RdDzTxno5ubFxh9ecfzdeTQWGjnfUBK7lrjC0o5j0BQwFr4keNCntE7q8l2FF+xk6PTHf9S87TV8NRfkU2lurB//DkvdR0PitgE0r3vJ+R5G8F1zBngsToHW+bp4PGgyHY3XoQdBDyhjpiB0SqgBXFXhn7U/uX1LOGc/MmBI/0J5zqlQVeYMM74OQN9dAej5Oo3HvA/huMr11NIwTJ0tk2nan1rQy7yO15xPgKa2DdrfkwZjvym0VtyHzZcIQ3E6wL9hRz58ZAEV29+CMze3YpO/Byd6CIDH57WYMvUl5US9YmsRN1zpEobipmUoPuYkPNuWxhpJG7lgHkBhTDqbGk4krXdOXLUkFhY/6sHAGQWsGLCcCzIC+ULZZFT9bAM6D2/w9aKpdGVFBGw81YTbqmJ5SHYivzlURFIpomAylINGbyaC1KhBsN5hjS7R0SDg6gkdc3eAekYzzbQRhutBU0Ba8wGeNjEFj7Ez8O2hChSrf4DqPwIw7/sYuDrxConXvaPhJTHw2MwM1q0hGGx3ox+rZ6DGnS6as6CE5VK+0kYDedwtc4i25PfTUd8leDp1LByxeUyR+p6kEDJEV8a/JqGWidAyzR8E5srQSduFUCe/h+GcIkx9Gwklh5NBe68YfsJOrPn9nc7/q6LGD5vY52012H/djp/sraE1O5uTVijDo6xpoFY6gkvWTiH/j6PxeUsgBdbVsHraJiydwDC1VJgu3LLAAMcQuqV8GNIXHgb/mHUk6fUN/surIr9wWY6bpAkr9SQpI+AiG6WLYeCoAdTcq0kl3f28XeUexfiu48Hth0DvthDobjbCRf4KaLX/Flx5IQ9N1c1ovrUOLHaPA60/RBnlZjTHeDxUb5KBp6834v3Y16gtdwwTYTU7rUY8c28r9y4YwjE/xUDkrxBc7HrKws/PoPW6JFj/nzhtFKrBS2/M6HJkOS9NV0NpyXocEy4M64dT+LxGP60XMKCE3h2oIv4dA2J7WazQCP9OvYf/9fRSubw5FJ3TpKX6gSh4NAsPi3bCgVG7yFJEGPa9t6XZQzrYkxzNzTM04ICPCVsPDcJqwXYwmjFAyVrWOHXcJrSNkeCzFfH0ZfoEeiinBldzC/iAVgaJ7lXGDxefYZLYXHiTbgqpazQwQDMR1/w4w3HrtGEguB/fd0+DfJqN2xVPYu+EJ1DS34N6Rfl8kM+wamwoGk8xgYn6FdCy0Rw/mzzmZ8+fQ6PEMSrMDqauhCsQtXsXnPuznKRUx8D6igbK9p1L6ftfwfbjkSj/25rLX3zE6M2tFPhUDAp0t4DyIkXIcSjCqHwlsH6mj+8CX6JyVRBeGTLkg7tS4NrpqVie4wAZmybAEZ8xJHp8FbwdJYDf7sfh0ROT6JjRHFi4OhNiwQpfG67nyCtTYOyuXRSVNhamd86ni8XZnHGlFrcVLMf/Ju0iPccX8FBSAWPabEDMVBkl5p9E3Snp1KbuzW5j5+FPGgJ/sVz8PgXBrdKeVPeMhmHLdio/cZ5/FU9BnRW5LPoulwWP76bmb/4gneqA8f1P8U+ZGqxtNQaYdQqkxaK5ep0kmD3ayVtbR1KI3X2oXeHJDf1XOHr9WDiyxxmbt5xk98CvNOKWPbqKi4OX11/Utg6mtrFm6OnQxgZHEYY3+nPKtr04rXoNvbwSxIvf6NPF4VraGu5IOR6juHTfcpBLEILFy67xqQdXyFHZBS43r+BpH52pvnMDjlnF9C1iAWcp3uBbhtawr3o6/CkaBav11OiKfgUPF7ZD2fB+kFLbwQVlK7DybhtldYvBoX2b8Oi6vyzv6w2Ony/Ax31H+Pjo5VA6PxaNJV5yhHUgzdQliJ16i82U3oKf70I0dt8KiYapYBO1lGtGZ0CJ+imYpz8CtwsJgI+APE1LzqfYIWEY9jkEy11H4L8ZW8H9pz9YhtrR0La/VLRQFQblbrNh2gbItn6MGnvnQvzKETS0UghXnfkAmtGXYW99G+Z2KMDOisUgNbeGPoba0o+021yZmUP7Nv7m+VNGk3VPAPPhEzT+qwVczE2hqyXXqHj1Qjolc59DQpIhJvU7T7v2h0JmXeF9ls9ZWFIejPPyWBz+0HSlW7D2+UO8NvYmZyU408WOIljo58mBN0TI0EEOfjnI4K1nJ1Hg13n8rfgABX3quP6TDf5cUMwu02dTeNw2FDokAN63zOjxliw2bHSD0LUXsSaui9x2avM1/TaUeWSPp7au5VMeCPK7q0nzcgSUr1OBIpFkbF5CcHrdSXS9t5G3C5zAvaGubDlWCbZaTcMXDjXg3PYVvXJ3w+cX9Rxk7UY9T4Dtb25HjTRnypAThklpPeTABpwMPvDnhSpKV1nA69khcFH4P7ph0wg+s8fC0p/jIE5pK88V2E2XsxaBpeBh+pK5h3T3LID7l5NQISOebL4vBz9nPXi4rB1sVX+g4Zw22CRmzjObBCg3sYMCVFxhnG0eiz5MoSYRa1g2OQpTe/xR6dxSXvWqErKsvuBmiS5yH5EH9n+Pg8ATJ+5vlYOf1s7QdNgMCqddo1fpobA0Th/FJyzHdfqTya74Op74T58il0jCzhR1zNszh5qe7UZP1Z38CDwxyvgNFk5ZSo//TiAvfyWm68pwdrcNvBx9HvMMT5Lu7PNwJcCJnk0fjzP1FVHeXYq8V7qBpbkBDPfOpE15jyjrsyxfVg/iw7vnweZv1aiUEkYtL1+y+am3nFEsCEVbyqFRaCYvtR+gg44PoFRPH9Mym0D8/QTaVlRHK6ozYFucGrhK/octpgtQ4vdSKhVdDvvEtvDHSea4sPMD/snfyYk/00j4mwxAZTvIepbDjQQHFPdNpZ9OoSBpEED+2T004VkZdYrcQ7UaeXj9LQpuH8yio0lzqTbsETV9Ok4zDgySypFBWvPWE7/ourCpjTC8+n6M4v+sx5M1yiDbeBY+ddbhHWkdzn2vwPFRTlRoEQNz10+AXQoW2JT+E7rroyC4aiEaXdnCc/vvgt9NH7KdV0F2lVn4a9AEzG/rcs6MONafLcsdT9PAqjoBTfvCIPxkKKyyAhwQ28YT7itB75Ip/KtGimtPtUHEy6tkpTyJh8Za0jeXKJh1sxVP1P1HdMYYLip1gR6u491Z47HFN4BNX7nhaxVvrJ9rSouWTMQps6/xklZLuCSix/6GTWg2WIDPn1vT5y9fsCemkL2jQjny63Pc6FVFzWK6UPt+PRU4raYs87NIz0q5+vRZKqwvx7f19yhHrw20WR4NEwRgmfAAShWvg7NzHHHn+f/wg4U0rPAYC4pXNVBUqBzlz0WRyKAVNFv94pFjLmNMwnc6L7EeR1UV8qOsDWB4cC24Xm/gGqFVNLXUALrXPIENX37RM6Mqqv8xg28X6OCuJ0/x9oU4PBr/G79amLGusigcd+qCuTqX+XDradzSmwel8u7YNNWF5k0l7Hzmie/FbMEqUAjuyJmQeq8yhtpJYYpcAQzNkIChiMscHmSFzpvuwciiW+Aoow4hitfhmd1i9KqZAUrzhCFT/BkLK+rD7LpPzHdEYOZtb3KayMDLHeitfANWhc/EORCDb7UOgs/63bRl5BUIgFBStH/FVyIlIVz7HtjWXKTfn25QYqAR3d0nim/eNvHWwqms7HuMO4YMoOGiIjS/voWaulkUMdkXI29O5oUrtvKGecXgkz4JxGpDcdzW8RR1WQ82xozD4NA8gi8n2Lcml1+99sYMO1HUvbgMzngu553Oq+FJqAb0XOjHnTJ/We+5JGS+ucOSl/IhwlwEc5eLgejhrdC66hgkq8hBjs4YGN1jTEZhW6jO+gHdgyD6fH4Tesn64MbOUbB5TDon/daHh5J9nCv4CmyzPLH9hh5cefmP6uk4uB+LxDVxrVAS+INaS2Tgs20s7HnsgUJ5KhxdvJE6N8ZjS9tB7LoHWKr8gLLcnWD1TCF4NLKb/uTNpmPHX8Dne5NA3qKDpB83wnexv+xWqsrlMaMwecgIzm+ejfcVWjmkfgcJ9V+EVG91eP04jUdk7gT5F3W4dtp6mL7cCu7o3Ae/PFWM1/2Ism8fU+KaxTTjeg0fN66kb5WT6fzraCglMeiPucX/AgbwkVQ0lWx8zWcXONCK2Me48mMeRZiE0SkRO2xYrwVLolv51rI+LHHuRvVj23HQD6n+lRntnJSAW97sJVXrIxw3WxXGdv6mszfv8MeRaeQ4cyx3ac9BNI2BM9tCODCqmIpfe6LGflGQ+p0A0x7pwolJSZBmOYIcm2tge/JGTN7vzKN31HOsrCaM0tMHj5T5pPzfaig+Hget3SOYLH7ggGIuuTrbQM8oKxw4o4Jm4ZbQ1vMCYhcAZU17i74Z5dD59Rvrbe4ip3nJELZADs7tL+WPW2zBrduS5421JC5Xxj2XDKDOvBY1jAfA8fVqaNd4yhry88lQRgTk/t5n969t8ODAGVqraoUPpZYBu4+m0Jv1UOtaBnpN9zn74nhIvrmFHmjr0oTrFZzeOoVWr9aCDYnKGJYtg29ylVn4yw12OycL5zu2woHgIT7eoIkPJ+9Fz/6ntPT0JGi0d2EXOTG6+8kZLfPlQb4unfNOFqHu1lLu7e/jN80v4Ns9X9w6+ha2OsrxFOlSDnmuButSn7LNjhdk1ytAAWNv0gj1h5T7XgslHlRAjKsmnNj/AnsXmcCSY7k0U3gRPRzhC/mv/Tn/7BQGMzVIm6ZAH7y/UU6/LbsaqIPs3/8gpFWSc8t+c4LODmzSZlqV2QcYYIJDP5MYdjzHcg89GGWhjnJXZrKzgAPUZVajSfp1Dns3GuHRQyhSmEd1J+tpxmdb8FmhihvyS3FsQBtqNfdTY7QKXbLIpeArByG7IxzX6M1AvqAM60qKwESwCWLu5sBNpz+gaHiWqgQfo03+KRD+JM9vdKdz3xwRqE/qgPr/ZuKiMbkk5ejF816IUWOFOG0z8KE7vhk4sm0Si5hbQOV0KzQKuM8iH+9QU0QrB3xzQxWfYXp9aDN+rp6JtwpmUpclwHmX7bgpTpfzd0XCln+fccYrorTwsxQsdJxvae0CowNKFCkqDJ/G/6aFRb2gXL2NA2Q0aW+YKAjbRiM4dYHjoR0g82kjfnDXhej2cpjyux11iyfS/oR2dK5MIcfPy8EhaCl+T5XldIVYFKtXgTLexT90JcG41ZdaPRfi1PEjyNluMTgl3scf3c/p0euVeOCHNHR9j2XjmWtxeJoJna7azw0zLvDOd7Pp7LI7dEAgHqadXk22Vw1g0it5NIqdgW9+J4BP9ngofRcDCoWI74/kwBf3dqyY4gIBgjJwXe0MmsWu4/9aLaEtR5ka9gjSien+ePVwHvsYX+KP2zohd9VEeJkbA+06cmTj6MM99xtglGs6uZiP5/IRW2BQvIxYMJPSrBhM7xqinvdVDJ+RhhxWg6uGxlCl/SM22b0Rcgo1WE0umepHi8IPb13+lXkNPhUnsm28Iz5VdkbUCkR3MQO8cCQYx7k0crumIdxeVEiBLUvgm/M2fPv+Api9Ws+by5JB/u5Y0Hlqh8uytnDNDUloS7Kkn2894dPRAViz6gvvut8HbR/bcd21kdQQYs5yM97iN7URcLFfGNbbK3FeySt+aFFIsd4KsNRfDaqnTMCmrKUUWV6PU4bkoOTPbxAsHI1TdI7CyHv3ISu+BlZkRvDk4Ung/LoZI5QW8DgBaZC8bsPLC5rw1Q4r+LV6DkgFbIRNigshIfsc3q9ohttjRFHzqCKsVvsFKaWzOOPcf9iyMg/CX/TjGOFnvC5kK7u+WILHxxuxTMoYMBZ/BudLV+EirzT0sreHwT96ZBqxjCt2NYKuQB4Z1ixFPSFLcFiWwa4TJeDZRBcu14nC43WCdOr0arr2SAnOnxXC0Nd5+EhXENJmBKNCxhJqtI2gy5MyoS3nCzTnSLKNhDqlmnehkHEEPtVSAY8lF3BD/TCWn6qFHcEV7BziSsYFv1Eno5FGNFWihcJBFLuvD/Hjs2D3jUS4cXQbPXbqhznla9n2qRguEk/hLX4VGJ3ey4efjQWJsCCSSn0AmWs66JvuCdYcVYZ9C5O49W4MtWd1oHamL0rdkIObj6XB4mceHHdyRRUpE4rP/8Um50Io/8IbXCX5m44+SiKlbboweDUS3m14iN2NuWyaagWnl8mjwOwW+mT5i5XiXuK0ikK4ma8KnZ2W9IX16GSpNYXJbiD5fA04Hr0a0m+mc/LsN7BWdRHHjzOAmZLefEJ8HH+31+WW/cvQ/UMPSb9ZBKP+FcKJoIs4JqCabzhaQvMkSXJoLaOM93VgfD2B9C+/Quv2G7D01yac+OY0DjcgLVikA4cGy3Dt+zUYdbwPv07s5v86vpPqQAtLj9yA84ZV8bD6Rvh5dhRUq90GiTuRtH/9bAQtN9R/fw/2eUWT2XXiDeMPsuJQKU9vMYGa4Dds3yeJItOe0LGeBGqXMsGCrokURMpk1X4G0bIIjj7WhhNqAYjzdMCobiude/+GFv2twOJzZjA8LEDrRa5j0pqDkFCoA49TM3CAFGjFrGG0GduIM8a0wYJrLTxKQBn3dWaCyKRC9KkcDfEpldzGadyZbwyHu+/AkWWbWezCDnypfpINjZ9xTPJn/CooAF0CElCracu3fsXiLJUizBIZgIdWP3CN1gK+9DIHf69bSEeWToUP4u85SbYWk93H0rE7DTzHJgXOVy3E36kVHHN2GFWeZuPdxdLw7vQJCG7vx6CRuzlD0Y8neq/FN+d+QoXITPRLEWCTmlAon6UIJ5y8+PaHUB5bexRkT32j1avqYGtcN2+7uwO7Kp5itYQKnRw9BVYbGeOk/IMcL95KZpsPUeuCHoq07+ZNN97xyMpMvhj0AkauUISI2yUk++4LTUzVJK/vEylE7w+Ni7JAbwsx0iqtR6/aRBivIAvvOxivdRdRiIkslIssxGn5YTxxtAvfrxaG4yiPHeUf2fOSItgeFeOxoIxFj17BtJNnUPmpART2LoaWAWL788044nQDpmobwrCQOfd9usTtrtIc9zoTJ1cFUKvlSbQWP0Yl0pX8ZsCb+u0Ils85xdvfjeOL1hkwecQYPt4Xx03HHLGv8B31TX7Fs00lWGaMDmzcWAslyuuob1E4FLz1g8U/3Nl98Sg02buWjpW4AXvaYXugLOxZq0B1QjtpjaEYWgmFQ7+PB01xmYXJmtK4WfAzqH0xR8FSAXipLkLRlcfguvhs3LiukkWjvnLJmbn445gZr09LpFGLDrGYmABYW6iQgFIiPYnS4SNp+wheXqArcz6Qw4k+lJPRJizKh4AUCyhR3I8HutNIRnErPe3fzKkmnRys7gej1GpQXvcUHKyM4DnWpnD/FsGAhhFbjfwHO1LO8p94Mb7pJ8kH7Fpgj/A0cKl7Au/nGkLnkWpYUdNPgnKifCnoDqiI9OKmk9shVKQfRBviqbbTBMq+A0xYmcrrdedTsnocnR4CUC7MwLyPkTz/4SX2ez0ZdHVWc5vYVKg1sWX9XAuSuLMEz2ndJh+h8aS/SADkpiRz2ZtmtDZ4xhoN6vA1eB4/mzhEv10FQSNBm4KPq4LkNVEco3UWf1a005Ro4OSxxhB07yjk+YWy8G9TENimgFUDZdA97wr9zf4J5jun4v7qILYoVYdzYYno0jaCEivjofbGEvxncIcnj3PBer948LSLgJufBODyRV2Iy7QDXO1MeokB9EFziHRlD5F5UBh5jm1E9+44eHDCDIvvTwVhGV9qcttPD9Wn89mFj2H32dVg5voHsv/bj5r1u2iRTzm7JdpA/ey11KfQQWlr39PokFD4sFMVpxbtpUm9PbhwrxF1TQjHX3/FYe9TIbod+oUlalbxgZH7MHryZt5w0w7vlC6lus/1UBxYhEkVWqC3Q5S9vpuSpdsGXJi0li5omvOVZQdx1NW5UB0yF+I2ydCbGilYufU9XTh/CnMfdMHzyk5+b9kFElPEaNaaJBhuq4GsQnFwC5CCHxE25LvsPkeqn6aVb8vI78Y/NIp/wk8C03HzqKl0oOEAePRrwrDeERzWC+aJegUokTHMoTjA93NiebrsOGw/b44JUWI4KGIL21ofoOBfb0qfH8vF8oGk1X2XndaKotuWCGh/v5Fz7q5hg1xz8Nkegxoij8GoIAF+oifki89nm902fD3SmC5fV+QfO/fA0T5jCNi0EgPt40EwmdjtYyV6zPIl0cp9fFR6N92tGUC1iB/QfGoK7E4rJP8xvegx1oC1pvbx9j2XObhRm9PXJoKJuB2YLgwgR2szEHOegAuXHmbbny95/bHN6OhwEV8/nY0LzWehMX7m8sl/YdVmLcjZ4U8PTm8Cz62a0FT7kT/kXqX6iPXstDSMX9x8y22OH7BwngZMWGRKmSNOMW6ppihtV5ozbSRe6OxG9TQnUB7xhIxUDGjtbQano024I/sy277LpyWVN3FL8SfW/GbMSzr2wQmztazknsES7Xqg4+fJW7fF4IsYdag9jXT4zGs6GrwT7y56iHsrpXGF3UxuqxWFG1r2OPxuKRcoGlHTjBlgdOU/OvifG3z4IA7e1uuxKVqT1ucbwG8nb5qntY+yV8bSioZ79OMk0a/aZJwytAaWHOtBsSOnoDJbEdRjEsjk+1cs2bwVK3OXQmp4NyidCIGAS9NRpsaF5o+u4N13bGBS5EESXl1Aa3YWw4Tz1pzWn0+uUyN5uYsm3Sw9hwm/Kqlimi3kbF8PixynosDxNTzWOhLsJ3fxtNsikK3xBE688qHH/pu5T5chNXcH3tIaoLdKjjglq4C2j5aGHaPH8Jbmp5jWLEO/IlKobbQRDLzYAKvdoknYvQjgaCqUCx5k61BNfPzuIL0QUqOIna2osEIcun9toAktQXT21lhwEg2gxlaEZZ5x7Hiykib/KcDoSsZ5LxVBhLzZvfUP1/f5kJTqcwxp6qMCv28cLyNOTk6TQGbWHhD7OhoM/fawkfMG6OpBOO0xmr/OUYI19xqp9MBlmKf1GIRty8GzdCycz/sJT4Pm0JEGCZ4i/w2ajc3hDBjDnBPS4HnnNJq0I3dbjoB5K/qwuSCblx4r5VqbdNqpqE/muh8oJk4PRA+0k4WxBBQeQnjT4UCOpxNg0vdAuF9mA6FfBtB/tyjuWtNLuak+fOqwJfs4CsBH36Wwy6mNdy5GcvWsgs4T66G8fjFvOWtFN5MsechFizUyVWH2ILBaqjOZ+ZzDxN0ueG/oMG4r2MGi/d404nA0FQsY8EMJZcAlThgD4fxeqh8TlPy445AcWn2KY+8lQzj3yyZYMTWdbybrwH/VLfD+4x/G1jCMHk7m2oV65Lp4BpUsXcxNIn6st9sLrneJQr5PDUd5ZUDvwzqyxB5YHKVLmRHF2DJ6A6x/PQ4zjUO5K8wAvP+lgWuTEGdr+fKr8F9ssPIpRThvRvMV2fDikhFVjGqGE6ETYeXzB3BJfSp0vBjJixsESXN2AyL9Zt0LB3DVeFc+NVMdvQwswF6wBb7fkYGH1xfxH4tTvNHCFl47aMLZMi04eNGcCyZkkkfdVJj8pJRvxj7BN7n/8PZsS7yrZgfiET50ZK87t5THwoNDBXT6uDEkJBhCQdtubNvfBIIvW6mvMh5ypwtghmstLfpdBs+r+qjKYjJ0mYSQjskAHo0O5aD3ajxbqZjbuxtwV1UuTHCeRZtqgkhMwBps9MdjoE03KsU2werMG6x4ifBhSxD9GzrFOnVFPHHqbb43bAx710rDwNgWKO2q5JN2K/HvvmBq2Lwc5S/1YYrpSyrbaMFqQ4ogVLyY3FdrYMwDT/6ou5cbLt7F8z968ciTKZBua8VhaiboKqQAfqWx9OPuJfKSrEFpNxWaMEOFY24/w1niHzimqQZfaTlBx3YreKxRQUUaspCgfgQsi6t4/nhzLn7qyD/yYnnCiKv06HgUT5gvC+X7UrmxxQi/fviAtnpSGKW4gHo0P4BXbD9ujxmiBUoW4CkmB/P/LGGh4NV4T2AUzp+ij57TMsFpx3FWcrZF7Y++9LMxgKUrDaDGIRZ8FjXQ6AO7sXz3M644lIAvLEex258z/H5KA/T6eJEWCIC491m6MXMcy826ykWXSvFK/CC0H2lm37THfH6CC4zcsA7fgBV86vSC+UO1UHJjB/54EQFST0z5ZtopSD+/hDfkvKKjue1sm64PnkafafhhM/e/y0bPhwug5Olfvv0xGKd1/MOFR5JJvWIUXyw3gA2zltKZae+5ITOJS8tUaM5XBVxgWcUf/tTAzcFSOP01DkJaRsL5v4/BMSgc5Sb1w6byAn4/ZwJvet9Idsn9JPSwBYcOWqPnFE247bGMpgucguPJHbRVV5wdwluhYEkJvDVPJbEsCWj2igSVTCl4GZPI6rukaWjBfgp/W0LrF71CyTdNIPHyG+tPrcUfgm+56Z0tiMS94mSVdlriG0F/pXdSsrcvZvhORKuZHpAS4kWCVYuhR18PnhpW00vTYBDmO5gmmY4Cc3/S3GPpFOS2GfyjfkKVmx62fbOCEVu6WXxmIe3aGIALdn+AqIUJ+PSOOeQeFYXrfcN0LcuOoo6IwtmAPzyneTGc0NgGZ40UOehjEavu08L6Az5gf9cSC5M62DxyEgwdv40HQ+JpnPIAjTs9Dr5s6ufT06VgZ8wNOPdiJ8w2IfIpFANK6sMpy/7xnKsu3GeXDRc0S1hXWxVat56iS6l/8IxgL6+VHgXXxhPo63XA+J9VMMlbhCa+aaZ+kQeIAVtAKfUwHCpwAtVx2nDZ8BxIHegBu9pFaHfLHr488cISmALRI07jtI318CPUnHyfMQjV91DTU190qTiBRSN9MPyoLjUq/sMECW2+YfYGbslb4gMPK+j0XwzlY/9DCd8M+NGpSH2fPSlxvC9WYzxOa7Wm3W0xoL1MEF4FmaDavFn46kcQip7x4fuXDqDHykwQkdTj8K3WUFPcgDbatjBRyB2KZ9pieMR6LLlxB9q8dODBqG/4x7OR/wtwwuduqrxbxQJ0P+3HFAlzXFzcw3lh2YzrfpJrYD0fl6pg05YNbBPrylaPLCHx2mbs0P9I69NKuKJ1JFwvUOH3FyfShI8qvCE4GDbYBOE6R2OoiTnDVnHBNL4rkHvKiumvZR8oBUixh7ge9nYaQHPQay5aaQrxaVIwY+F9VnEZwMKf9/C03CAWxKmxqOVtnry9E12zt0P3GguIUAwn6Shl2lL2iq/+MwGrOUzHhMJw8vtRWDS8jDt+d9HPIGk4K1PA9UOa2Nh+CpuUDvCsN98h84gR9W0u4CjHLjrdf4cTO+VgzIA311k5kpoc8axXU1nfqBBVyu6iaYYZ3QRBvnFnDv27YQQv7YZpZXU91U1Wg8yoCh4z6Mk6sdEgmuHKfmLHMPKBBG27IAFrLjhCt0cSRTnXc1qvGl55voG9Px7gf7dF4LV+PJzPVIYl00WgSGw5D97Zje8yXHip1HTy76rE+EgxbjtczuHfv8LH6lCW75eD/YFrODD0D+xpcyUZ+9NolVCPf0M9wDRTkpY9FeCpK6z4cpQAdDjepkKfWezgLYnm0wXY4LQL3RwfioHaq3ixWCrf7H0Bo14aQW5CFJhML+d7s0qgb8I0mLX6Ixc1CtFi729cbj0VVuyQwsz5ZnB/9F7OLrOj32cW0I5HdRCmrY85OgHwOm+Ypg4+w9FDEyl25hiYtusgUbwtK9ol4rynpri5WJA9+Ab/W/sX9J+m4rezepz1wQw2zdCjnTnEeLqGNDt/UHnaIj6RPYVaPw9C0zVZbFsVRTvkBGB12mnwN2whXwd/KklqQoVodV4VMoEvLW5Fi6Xv0cbpPgxvMYRJpdd5pOBrbDx9gsL3qELZl5fw+6A0i1ldpW8DBfDlSTmRkjrsMl8Cvfv8edftSSBSJoGHxK9QbORIOKIjjzcE4rE2TR3nrZ0AwR5pHKoyyD66+jyy1RoUGnxh6sYwstECKPs8kk96iEKaig7MMjXkewsa0URRB2yfrSUrN2nuytWEbu01bKVTT7fOL4GPqQjxZ8zpz7LLZHRAjcTCu3i+hjM62M/CAal1pB2hD+8Cm2HE33Eg8M8WisWscfOEKFwYUAcn9O/Tt669KBepTPUz/kHLxXwqVNSBJX8u0D0RbUgxS+IfKhuhZc41qJ94lC4pr4SDi6VhQ1Mzr1o4FZzySqh8ngvttrVCoT++OBimgKbLt8Oyczm4lM9z7+cArDsoAvKL12HH4+l4J96NjwZdgptlyMIDJ1Fj6kxeFxQMtV/2gL7daPiz7QyEJT3FsSdq2G/ZPhKPzQKTmXNRe88NDq/LhHWfP3FrtjDEmvTCtFVJxO2bIFlhD63eaE3bu49wU1UIxfRuhr0i0yl59GhoHHOFDVs/keyVZlwnPReGtzhS++Us7L78k5rGHELZsAAcKjCDo5/MsbvEF9bvH4INgfbQ0i4GMVfHYsZpPVb07wOr0z2UOl0LsrR/gu3Iuzx+/nsKCL7EQaIu5F6WwfHrL1JCkSNxZRAUTlIBo5xeKNO3Z6sXRTCm6wa8++DBB2dk04FHgqTc0s7HowNRfIMVjBSbwM/aXOHlejH47406bVGYxzdHr2DxJ/GoryPNA+vu4o09AMqZ38C9MBfOfj/Fd/qXwsNdxRQ524Dc1CeihIEYrQr9DvldZpC//SUf//gFnu+7ih57ttM0v+307Ecxzc/YgRPTPkO33jBZyIyE2KNbqeLZK147bxY01Bxho2oR7nD/i1HP59CYgjlYpJAFrnoGcMG0FGb3vYZGt4v4bUsbfz+sBrpWB3HB7wp0GWfLqmG1cExfFoIfuVJzSibrh3mS5LccFDwRB/rj2kCyxIKq4Sf8x1dZ+8A4qHm0DFwDHnDazS3o2+RJwa636dRFAUjYFQM/W6VhS+p79hG2heT6ubx0hRFE+ldBxYE+mPliEjrqOIPlDkMMPxDNkV82kOJWU4hufEOCV/6hrvhYuiJ8js+abGd2X472j/5BhutLlDkzH/uFVSA7/zav8pCFn3tVsS7REmz8f8MbmVsY1fMfXpp/C1PX2NPiHiX4OaeIuwrD6GbRMjr9NQJfKtfgSfVMunq4i6IPx5JlxTYUkdaAjJdeWJdQBj9UXkPswHW6vrSMT1y4xO+v7MMugV767hbFATAKTt6X413BUnBL+iWcslaDkbU3cfmYu2S//BuLrRzgkz8NQDVrJAS6RuGsIx2geTcRlpVO42m2y2Hv026QKtuEA3ab4fisEzD9uhX4q+RS0+yRtDVyLeHjR9CZ7Yvngt6zp/59tvMRR/eeWvidZA7Rd2yxfflhyu37Dq+nBoFjfyOekXlDO40+YcKCGpD+dIGCXQxgbVc6VxySY9PvAmx23Bd8JQX5QtULfC02n2Xu3WMr5SqynmINkx8OYIdJCJ/8t4ofaJfSF1tT0ouowuzL67HpcgX6Xr7HP45PhPKrkbzfZDz9a2/guWKOeCAoFvMENyEO3+LJ9WZYv1iLPmmOhSkd3djebIpvMs9RY7QQ9v+ygRUnmC9pzmfuXUmT10yg3n8GsMHCGJyK7eFEhQTHZd7FZ1Py+WJDIitP9CbzvhBWmyiPkiFWUKhizZNnf6af/xN3H4pAKGoAgP9BtkhGRmZIiswSGVkV7aWIhISolJGGojIykiIp2lQKKQ0NaUgRp0ESUUkhpFKK7mPcJ/meNoHb9+m8oUOdBruqSVexj07tmMpCN2/hDysZKPJezwWZNzFkSxgrXpShk6518N9pQbx/UQRubpbAVulKKG0dB55KT/Hg7SIYHI4Ai7AYWPB+JeqaTCMlqyS+9+IlPrsfyfFq2jBifBP0XhrC9Rsy6IFuBLgrLQc5kZ94tDMTfO9dwJKsPq49MAJsU25S/BFjsk3KojWWMZQSKoqVqp30qx14rrk4NJ/xx9JWMzCycgOz6xcp+OYUNFn+jj/E/WITOM1vOuRB5nM1slMtH+xWgnIogZPCbVCsp4Jzbnzi+zflccwhb5i28Cdt1Kpl4SkWXGdhBMpmj7liykswcYzGqnNa2KtzkdSn+nFWfDw8OlSPIfs9YflYSzAROw4vGn3YpmoQ9Y9I8rJaHVh7vpSDw16xQ5sbiyYGYdmPKZDhLsjlcespo/AfryoU47D6G2xVO5vU1nwgx813IMvflt3vKsKCgRjolfvK1ob5vHDwOPocl8b2no/c9v4smr7UAlmlM5RwZxwo131Bs0hXxIFGGnlnFp1xFqP7ml+huvkPR1uZ4ztVZw69rQPhZ6PIbu00vhVeTGvm69H8WmueaHebPodU0+cdcuQ8KRbVm4wBRStxQfEHfrD7EE3IMIe9f/uxJr6FZpu+gUvLiBbsOANrNEZB751OZs8amtZsjQH3DuLy+dKwGOphvI46N71sgEOdaZRcOQZq37VD1IHZ5LrqDMn0G7HIgneQ+/U9B+qLoIA5krf5brxjMgFe/jkApvttYUOzAk3N9EU5+SHefq8cvH0W8zHLj3B4Zyy8mzARwjXm4cz6a/Qg7wCEzbkP82RuckKIK5jVFcO36D9gVRiMd4rkYExkIl/9fpiWe2iCzMBK0hwBNEu3Etsr53NiSSuMuCjGPYHakOX4jb8WivNe1Rtsdk+edK9qoYzRURL6YUUl6rGQ613EfRO0QFFiNBU6O9N6X4a46OvUvVqVd0vbYkHUJBBNKMXVfhZs+3kCpEiksb+nOn4tOE/+F5VI8Isoxc3u5aV1iJVzjTHRbSo16OiAu9oIGLz1BzJWfkBIv08KfTn47a0wVExahKI9hfh6kzQNdmhCSMh9lDFKwxJYxesuTsYwj9NYdPYSbc0MoFclqyhnaDHVrbeApUPmfLWoFLdruOGkseEgeNKdhztqoc7MiZ6GWuLwp+3UqjoVrsvFgOyfeEitmoPdMqagPi4XJJ20SC7/K4R9OkOzhts500AdHvak8+k0H/w59g4b18ewi905WKyYTM8vyEPq30o6KimBlmNUoMhxgK3vDuO1Dbq42LyUs71S+fHcE3TywlTYX51E+n02fCpbGRIba0FgRwsJWGmgtEAj3LHLpckxn3DNFRv+d84bp9wq5vQDU8FHxJ7SxtRRzpaVbLGsEbu6M5mmC9HYKevAQ28Opp1ZiY8/TQTD/d3cEP6T7KPVuTTtHLZ5ucDUha30d3AYxT/Ik96jWnS9bggio7/CKfGD1K2Ux4aiRtCndYK75jSB5WpjrljSi/mJebjLaRLUMWLFuSu8xtAW3s17hJ3xB+Blci30as9EjcC7nHghm6oey0DSpGyykirGCV4e0PD0F5iMiAPFY0o8VlETDg2XU7D8TYiYKQdXJAQw9sBp7D5zk1OVv6Jt/iDVe/2CDVHnOKjLDntd51K0sznIl2phUo8HrX7fh6kPd6JeswAfu/odn88ciXmuGfTRu4XffNGC7PPvYO5NUc6XaqBDyUew0/cHrviqTJKfrGjBW0cUcD8DnRLaIPj5GflM8yf7YS143OeBSnm2dOROFV/LfAhlMsvw6OJ9YPpADnIWW+Cu5Uv4UV0on74YzDFt38hs3ARoOn0BrSfNY6nkY/BtsyBsmBJH/VeHaXjPSP6hbsd/2034YrUldfhvgbcrZ3JDuyvH5hBsjjgNtnbFFLfoGx5teYipsv1k/+gBmRp1s2efE8W8/cujJQCefhfj7M0hsK9sNu5cNJtOlU6iYxX7IDn/Plxzvgt73SvxpIMhmNsYobqcG9tkJkLXqmP096QTOniJwvdLCfjhlyjZrZhMv88gzHiRhl0F98FSOYfXrJWEX4p1oKMly7UVmfBj4ghOum1HBUUCMPenJM+Ifs/mlqI0PzkAZXtT8UX0M5QOa2HNdiG6c2sxbVGYAvhFhI82X0fpoQqWPv2CSj8nwuTP8Zgf2I2RQ5sw0LGbrTfLwpoT4Vg28RSMdpGCccE/4Pepr3DzuDZuXfETnXoScdrESpwWPAa+OTTzgNc2XJc2jEGpkuh7TIHO20+jql+7UC57Kf54+QeuvpKEti938LfDNjDxfMSnxuzGsNfhBE1RdOdeN76NTUD3zwvR9KAgZH5fwGV7ZtMEgzRedMaMpc5Yw4RFtbjJtpkDNy9An/QmPrxKB+Z4CUHx8o0wU/QXDUQFwuQ3IjxqXRKaWDRDo5wybvHcQHPFdcGxwp4P3K+G3mNWVN4di8f3d1GCmx1Jjz7LUz6bUrLCah6snQprxa9zcOUwD7cUQ2neFQiQ+cDf9txGHRyBkx+mU+bOhfRipzCcCW1CpSXPaXn5SLQaVc0Nb3+R/Kdovu5WQ5Lpl6A1+z+cUmwNgg+aWeqxFhnprAeHNk3c9uQWHlavxtP/3LjwyAWO3aFE6api8LNPH00Kz9NI0ZV01S+YI26YUocNwdDk2eD6KQNSLWZywX1NKDG9Qkk/KsDT5wqfCFYF6x8pNFe2l26qCPL4sfJ8d58e/y6XhqHSWDq45i3pXfzIBmqNUHn5NC3ebUIVMcZ05K4u2uY6wzVbMzAPBVSk1exW/g6DlGZQgwLyn60VVDh9G0z2MQG3PEvKIiOQ71SjQmdT7lASpTqzmfC0XZJPJryhWWkLSP/8MojO/MbLzylB1ApREpB1pEJbW84+5YGSZ6KwZsMtcF53CG445mFi8izSeqUFJ59fgud9c+jCzXFwYEMI3ktBnjVLEPZ5bMfrVdtxt5M7rq9Rg32PD0PcLREK2m/Py2YlcUjnXZQZns51t4IpqtmQ9ylKYObYEXBt4jNc6y7O3ku8WbsgD+/cBjx3rYKfWwqwm3sr+8VfB1VXBTjqNR7vp0+nKW1FIJAVzss715Geyhg+9gYx/5k5BZ0WB1s/HQjtb4WzF89j6FEbDCNXHv62CDypHLytAb+sC0JfjXf4ono8yN/8y6L+SbTh0kYseXMfD0jMpwjR9yyjaAeyO76Rl/MUvHFZH3yDH5CNdBvaSDrCfMG/uMzMlR4clOPE/wa4/kITzwmMB6Pt6pB/bytIBbzmX9eDKcJMlwI+laDb/RnQL7YR1M2OItRI8qfTZqCe6wZzF27EbVN2UvWFZXgsspQlxgvhpI3ZMPVfOZfFbKAzTqPh5bYJ7DPUzmH9eThZ4jz92HgODRSPs5JOP/eaP2fnAxkwu0gI0k2E+IMI8fhOeSx09ObX/fLww1kGNp/uJzP5RFyZ2wbH5WVA7r02NV0Q4T+GA3j2fA75pkznBb/n8MRrSbw0sJHy1VeS6xsRuGR1H6wNJKHeTwU+SIxglYOveEPDcnrnsgeS+s6A/2FxnKqgCWvr63HzCyO0fO0NUp8Xor+9K1c4+PKTgwE4+tIhXNv0mZOlxoCoeSma597BOV376MB7NTycZQQzXw2gyZ8VrBWsggqhW+lvpQR8TtlK7T0auPJgO5aZuZJamBy3316IinJl/HJPKooG5aPBVoYwekKL754EyaUn6OC2deA00pKOpSyhBWZ7SM98KwUsdyHtT1KgfUGIm0e7Q36XNX57YAeCo7s4xkQXt/x4QV3bvuJBOAlLi6bAqtJZrHNiA+bYjuPd69rB+uALSgiVoJGGxfhL/zRe3oqY8FQYKsJk8O7La/DhxR64eM4UbO2FsGxcGP4W3UY3FsbApvwI3mc1GuYKv4FR0nsBny7Cio4weiX8kG1sqnDPgRF8/W0Yuoqoo9weRXh+ZQsfdDhHo+PSaePyzXxh0B3kXxXyqp/uWCupDZP+ZuEGz1GQ0qBEg6cGcX/zPGprCYA1/yTgjchhDB1rTO9ds0H2li9LPx0LPwaNSe7tWH7y+Av6GzvhBzEBGqlYC97ja8j/0U96n7EKCveKwf7yOFa48pG0VVzQdWk1JUzsABuvF+wauI/t1+ez8y9tGDSRhmehkvxjtSelqb5CZYEePtJcxcIBZ7C+U5JGvliPHrJmsCxXEPKlZrFvlTsdHF+GPdZPyNW9h+bl1OAy8zQ+tfIUJMUnUojDVJiTaIb/NI6DTJ0zbhq9DYX/dsA7P+S7ibfoSaMdJbUm4o8uLRj2LKTy/tHgZtgLZ7uyUXjdRfSxseNmG4L3imPozBNpthRUgb6wcDo7MQrmxI7FjFGbcfOrM/jEfAWpVLdjwsoMnDrdghQ9NSCS7PlkqjGqjrfkZYmzKP3KZFzv7QTf7Z5TgdQgWx4sYPcSSzAaH8ruCmPIvWk+m98Iw97ID7A4IptWHSzD2hcrWC8wF36t0YZv9QoctLYVKv2zcA2PAtGkdaASfA3Lzrejsf8g7zrgRtaLrMF+tBs1e6+FxX6rMWmpF5pHX8Z9SSlgvssPT69cDc92SvDI25ZwZkomfpH+hx6FIdx0OJsKNyErDz6FRXlM0TgADllNtMNfFwozO+nO2k+4R3QVOz7UZ6OU6aQxZMn/JZZyteY8WPfyARu/mgybHseheZcPxHw5DA/hKh2ZZIJLkmXw0OkOaBFsoulXUlhCyghCF74HHX1hFslB+pm2gA3jsyn34khw6nRif7s8dNuwkf6sEYd5J45zt/5echubxuZe7yB5oz2ed3gM32/b8gWLKlJ2ewcLJ1iDQZg4NISIwATsZp/LXjh2eizJjTlH87w+4bZ96fjzVABHZlhCXccakpxeT3Wxe8kvwZr+PN6GVwZFaEjgD2R7ymGjTB+FrpwI44wqsTVrGhzs/488vrTxEw1FqJ/aQo++PKK5K6q5/loyzDlhDTOO1/P6c5F8yzkbVydn4IYD3TgtyYF2p0fxsr8F6NFrRzJXNeDjZQ1Q2JMGD7a0sGXpTLwpOg37TtTCqFWX2fymGri0uYLvLlPIFejEE6YjKXFJIO7dspIXHBSBL9qpFLYyCGxV46HlXxZmbTWHrmtO+NGjliOeTAM93XQ6K9eNVUdqMKnACe2kF+PP3H+0skAYIKmD0qu7UTc0nwzwE7l4r6XRQzlgfWQ0r9vXCP+9tqMbJspQs2MMuuctInedPnZQ2UNdPnvotug6Tm88S2LTRCHRrxecxphAnF81RW/8zvEPguA+i2FO93JKGMjmjmVfKFj1Iu6b/QF/GeqB7nFF1gsuh9S3HyjA7DAIp6agueUAvNbfTTcyNXn1ypX886kESEb+puPC/XRS/xvO2BBImyq2kNbeAZKvKqB1E6o5fnEROG0WBNHgCP7xQhOSBm3hheE1MHsujNLbezD3QTTdamrj9wt38oQmSegagWRwXATnd5jSOH1ndn/TQB2HVvHkPV/Z4rwxHbOfhrjcFO76fcCKkkayF6/BmmQr+vJdgc6Ge7HPjxYYFkxkxZxQWPVUHqapP6QPLREscPAG+YdXkHCAKhx0eE38Q5qyjkeD4f0MNlQRAA2FcG64HYiOskuwau0heKAQzA0bFXjv/Ms8cu90FDJ4xbqbR4DsFmX+F4u8+NJEmvNkDn87rgL2NaFsdy+d+n+PAdnXZfxziiUox8hTrv8S3l42kdVm+sKcWA1w/5BPMqeD2aAhFWedF8Hoscagv/Mh9c6Qgslhirxx6Vf4tvUiuGW50IUAdeg+KwaFQ2Z0e95oqFS9QflRp1kzvA5zxm6A3wm+VHrOHgyU76Pm/giSeJkMzdGj4WriExrRW8/nfa5A3HxBcFL25vqjo2m5kDPYNvjD084M1FZTgkOR3ewclU0SCpFgNiOKjhk/o5FVkrB3aCHc+prAlUVBNDVFC6wd0shptSMH2PdT8ftbsCfqMxjZv+I9iWEYP7+eS8cZguVGfYjIdaVFfzr4yvZZYOewm9Z+DMUDp7bT+CM6HJNynJ6VPuK1VrLQ8Ww3T3/9Haa46ZKdZi1mPVjE/RWG/GHHQvgtex08C47CqZhpULBiAJaNGYdyz91gvm42JD/pAYFZk2hFpj+473jLYUrxvO+ZNegGDpPlpWno5vQbaxtqQM+jCteYXcREeyDPm8Vc2HkOz5yVAic+SVWdv7njpxnLzuuFgVp1ODvHhSS2vODBAV/cnLaUpb5OBcWoJeh0Wx2bF23lt//l0J5Zc9m4+SwYgg/PnZRJ9fKAk7MYnJaJ8iKtIXzq50y7r5li1y4hstiowvbblNjzej3+LZai1upp0P7Kl2+VvoTUNFEeMj+IMRq+NLNrIV9YtAQ9pCNYPjCBF7WMBrXoSBSLvMSLDibyaVEz3PFpHxeHW3D9bU88sXc8RlY3w5pmPXCLbsKQsXtB33kGP+Rmrp+MnLHAGeWWbWfhHTYQsYewNUgH9neXUEm9P7n6IL5fmY0ZbeYk79fKPe6lmP3yEgtod4JxqzZc+OoF5Z55UN4WQymFS3hCdjiOvxsNN0M/4Q+5yZywphrH75kCvZ9X0tr7jnChUg2vGp3juOD9mP9MCQQaO4AF1tOxxc+hY5YqzLAypENpdvxkdAPvbRSD9/IWGNG0lyLn1MGGWF2yenmTc2NEILt3Ha/UsWFBAwfwrzDDVXo/wTvHgv/8zAbhloNY8bMRlMSM4WiZOfHuHhhXshy+/XQF1+/byUBkEHyyF5IeJVHqcldcZmYNZ5X84c6CkfRZfQJOIkFWDVTBh6NEQcBqPP033YJL/nSzVNdIMBVchzLzy3nobg2uKBakHHkt+jJHk0sidlK2XBykpveg/fpREHJImBz238WT+0OooL+DFq7aCgXXNCF9mx1qXfqCyyTf4pUfKvA65hze2JjHq5QmoW/PTriV9ArFmyNh56/pvMX0N5TbLabNEVowLNZK6nKZcP3vfR4qSMWlVQXktCUWXeKbYeT5uSCVloSvxJWhfugN1O0QIsH9pqjhshpCX4fRllk98Ha/ID/Qc8ExlZe5Z+lo2LspBp0Ngvj+UjXcK/MAIyxW8v3+Vki/5IOuEuXk912DSudrgOM/S1o8OR2DLquQjfwXitvayNdjH3DZ1ufwOqOC+zRGsNV2hDfbs9Bq4h/+T9YBfwlnsIPkMfh4VJQ2z1nG0ycs5PqQddx0whSEOqu4pW0ce1db8sc/nmiftBukmyJgcN0h0rucjePv6uLYZIKChM/wuc4Ft81M48d3HKlxxxIw0bsLd8ab4cIXhjgm6Av0S4yFGYlJvOPVRZ69QhwRCnFrUCxvabkC2deV+LXcR7hV9oWriyVhjEsSb497zF/tHuNIWsyzXkfjLs/FUPspD1Oe/qNUiV2wsVcKJkrtBs1IV9oZ/JVrjVRhVM1Usmzy42mnFqH8yRA2OJrKWysYJig2oNqPH6wwRZT13aT5cE8Pb/lzFgvHdpGMdhZ80n3GjjoMk3bF0pnsZpI9cwhm2ehy8sl6rNG1RdP2m9zh+Yu23hrJjlFaMGmlAP2eFYcdzqPheUAWSuUFw3+ZJ7h+zifaLWbGn9Ea1fabQ/D727zKPIvtk16T+ud9ILwglM88PcGW62bQx9YSvn1MCsWT9SHq8HGeerYFY1q0SdxoAFrmXMXkNctZX7yN3r29Rosal/PTywQZaua8YsAXhmz0eL7BEyzpe4yPJDdw8NJsXDXfi6Jc1Gm0J4FPqBWtT40Aqd5x8NfsKvxScqewnV9ht+kezP00FQJStvN3SS0wjX2JLbYBtOTSGIx1mMH5txdS3yEF/hidRb0GllCvvBFcXxjBoW9fIM7Pl5TMH+FLmVFQqWXOgiNTmN1WQMq2FEyOvQpXY8fCCv8GLD1cBr7We2jCkArcPXwMeyM+wJs5O+FrYRd6NBRhTIAIHCq4gyGPLrKuoh8U5y6hT68OgOfRDP75vh4ehB4GL42TfOSvDgy1jIN9M1TB+GAXX523ibQmRXPKnPdUvCeHH2g+wLQxZeA1IAmvbyVTUl4vh6Rv4ZoUS0pKyafrxu+woleLxslX0ocv5+mGP0G7UzpejZiB35apc7REC7yMyqKGx3fRiqspvMkKXkVZwurNY0HPcxlMXXUSqsdYUPWmLfCucDOh1BIa0zGMJ/5TYVh7i17VyENTrSyE6fqg3eQi/vFOiWQiyoiG3tMnN1FeYO7HvdnD+OyqIKhdIbKeL80nhkeQKvbimvxSKnKOgn14Ho1T9cj7dwu/nCQCeteXslCrJ8q+FaWT8sL8SamUKsP/UIOSOKafy8HlXavRR9kaDDKaQEDEDeadD6D8/CMo+t0PfSq3wVDZaxRT3EZvj1qRrJ0RfLtgBXIv9Mlr9QuwEIykftUxaDryBRWEq0H2vVDqVethwxdmsGuxPJ36PQVUTj+Ed/23Ie7CCIy9LEOyOe9o/8hkCNxwhiueCQNaV6Lr73RYZ23LG21ScNOfrbA5+iU/zZLC4cCrXFoeDTZ/TeEvLAfnVQpYeEsIq8r7UOOKH/vyFtygVkRn/9SS7p4a+rxABnTEfVH4cyGZz38P9fbBWDFpIXVYW/HxeDFsWNCKx7euhmkqxvBzrDmpVfVR3+9yPuQyiYdulJJhYSiH6ITRhdpWsHo6Hrw1p8Lmp0O85NsIXPbHhcRcR+FTwQHoNFbFrT2xbLK3gjwehNFgmiJ09seTVL0Vz3t+D9/+dYLL3W2cvGMXvr3dSy8KVmG4rztPEdUEJ8fDdFwplE/0haNB7FmoDdxPIqf3YYmNF43zPkVH3p5CvTRxmKnwgy4WynGtviTHucvzhgFrmi0WR/2L67my5TQJ7/lBgyvloUhyMSprfqCo4kfU4z4fKi/fon+/19OKJ7+pyPUTR7XshKFQY7hm9g6Mm2+CzJtPUBubzYozZoBJmBB210hzqcZYPjAphZ/uFADPU4chu/kNX70vCIafd3LvuC5UhmAq9ruEW5vqIO28PZ6qkYI453n8q92KM0fZYEmPD7smnsP1BbPIUXsBD/QdRcfiB/Rj+lhont0JsEwK5jRPQBvXmdRStZsTdw3wokM6nLs/k2vvPeB8MYKr73xwzp7PdKslGTUeVLLjq1U03K8KDhPd+axVBpoqXAPZFBPwk76CK6XS0TRFjm6ZyWHdlr3sXr6TEt8kUdobWThTwLjDTBkSVoeitrUoPwk/yBvvAXrc/ohiszzR5XYBrLxXx0Hb33PCfjW4enYTnFgUy1reshiY+J2KD/5kpX+P4c+VpzBVXoDib7lg5aIR8GnWEjId8ICrIUxeuYUs7SvH4UI65D51AZctGsc7d7zDVUGScHpbITdUScOHoG8YfHc1HvBbSw6TBehR2RKOc04l5+rzYD9aCH5evUIGX115jtE8eFdmgf6zBWhFlwWEoDpe/ppB+blimHBZGBysjMjvXiWAwzpOG5Rl+7aLTIN6bCdYwO9c33LZ6iNk3c0wvtqNapse0eLs5dBWcBlTVf/j1KcEtpUJbD7SCeMLTTHQWwvOztOAw153sd1xCzhvHUWN+7V5gWMIeHuZg8HiVPQda8elxQi2is0UfU0Wl4l+5xtchHr378Pnx1JkscUajv4dhj1143DMKg2QtMvAxN3HWbu6klefdoP5z2JZ76sUX53gAGgiy2cDR+D2teIQuGktdb4Upp3hEuA38gJmbyqi6bHZnNM1j7WcjAju/KA7nRqw9GgIblS7RC3XV2LMyI8cEN8EX2qGofF2GR28LwlflliSQr0liKSH88yMIczrKoAPQevZcGsmPrk7kcuMU8B3uSN0rriCDz9qw9oLPuBlo0B+x7Rp579hzCxrg11No/nHp3RWE/oC/7wK6eEoYTh4+gMZaOpCR+sV+DZzBF4OOwgvdM+C6uTfZJP4Hc/9MuLCt6Pg4HFXMjNr4q7hefT8nSc6qP6FwvUp0G9YDwdsVoHntGSSS1WFgLwZ5BzsxKk5RShtuxJkNw2AfXs5/ldzgUDvKh5eNJNMS2QhMDgDNxueZNnHO8C37hqrxrvB7owJ9PC/PP7bPoUcrIJYb6YkFAY95eBdS7FxQhJle61mmQWNfMJaCLfL5qLQkhD2PryB5wWOg5YtgVCprs6NB9thhGIlTbjyiwLGAZnedEUvx7lkIBjFxrtHgrHxXpj8xZDTcmZS5fS3XJVrg69Fn9Lsi7d53ZFT1OWSwwW21tCaf5i3qp6n2s/nwMw2hKrG24OZaizdLjeijKhoqnHTY6+eScA20dStMpNGLajFpOXmpLrnDGkaRJJ7VRrEJybDFisdXnhJHsLdQ/Dzwiqs0PJG/Yh4mFXCJJglCw6rxpA9q8OEjUn05rsODJkmYsnhl3RU9wRUvXImMdd1rPx+N9+OLuQA17MgEByDUZMnwUc9X1q79CDf7DUhk/N7WWDTCOgUWIYK0ivJVOQ7Ray7Dc8mSMIv2wqOmGrNsvONYY9nOn2smkveX36xnIwkjeqSwCPVqvh3mSCot9twZoUdTsk0pvNXs6Ho8Q9+KXYTrPYRthp5gdzyIjj5SQnuXC3B0xIf6fqRTNz/NJM2uc+HjEPDvM++GcOONGDam0yStTMHgepPmCAbSK/HO3D0qPfw1jkPVJSjKOTfaS7eFEV1PkE4+8MkiLVFmFDkh/HLailsfgrdy9TBs4NNXL7OjcO/iKPZS20ulhaAKTNa4fDzRHib10+b4rpx+glV2jucQ1suVdLz3H3gLy7A/Uba0Hl6FikahdOb+VMwR0iLfiZpUH5iBrz83oqGKl00dZ8RXWNZcB+9Ht1V30KSDdGmeydwt8Izumtyirqd3pHlyGlQlruaym20YZw5s4f5P+p4MotfvTjJmfsDoMcuifYc9SS1U/U0W8MJ+xcSaH8N5XTvYHhlfw8NY9dT0WZn+h6QynOqw2EjT+SgdabwL3MSdKW9o+hcOaqxEGXFezkYKagK728dAqumi7xGdjO153bgpVFGEFZXjxeKj9DhM4vpX6Qr2mk8JqEEWfoz1ovqA5FVx+TBbzVT+LpPAYLFb8PX5Jk8sPc3uUU2c8IPCZ737SDW56pS68XFGH7bCtRLN9N03VE0sFSbInM/8reR5tzTIc3bLjmTv4AQ0sQU1k2aDhP/NAKvn0Enai3IrEscnP+sREHPjfT1TAXNm1/Ol2znU+3jsWAw7z2EROhxRPZbHPP8N1zOHcT7MvtwSZEjm9pu4Qc95VxVowd7hBCvzvBE2YiHlLp1DVt6y8ABdxU+q/4UarrF2W6pCN2stQTxeTcgreoTlt0Zh35ahagqtY4cgmvgqK0FpV6ewI31v/mvz3hYd8cetjy8hKIHIvnnhJf8TK6NhTYawqkKPdw76xTfX9tKnk0CcPnyKB73opzSrj2DnXe72e1GOY+XL2E2Os/7W7Lh/jx/9haVhfDsIxy/9BTVpWyFYtUmCCztxvLvw9jeksQu9WoUIHQRY8bpwqZhVZSUzof45T5YrPeCbkw4BgurHqIsnMQK4W1053E0pf/Vhb2i4Si8I4ypxIfNHRPwhkMbJjyX4kPqAdBxZyKuN3FnVyVLGLckCIVso6G0XQ56+r9geV49nD5VB1b9afTueggbbRpFtx6Ogqg13nj4wwJaHCXF0d8c6L81xTBfdCn6LZmOQeGjOMTkHdfMNodJ3XboMiOMlO+Fk0J9JT/tqaUzE2N4RqcvdjTXYP3oJHA214bru8eh/ObvaNk7Bn8+64DWsYd45YU+hL5UTBhrQ1EFsvhtkiJEZ//glnNH6OqXefx4WS9ZyZlCnewsXJT/Ag8rBbPKo0F4esYAIuWjOGaCB/xIm8QnSwbg1uAh8JIKJceZIXjqXxdMXrUMPvQJQDmK0XmRi6QR/4xH/o7jb4O/iW6dx95Z11m4TJOb5m3g+3+MYO7jleBU4gSLNS/wn8hMXuiVQku+PqfzMlp0VGMibM35CDqPATaNO4Z/JVxQNmQEVwhK4TbR/aRTdhNvXo7mvljAiC0xvOSEBLi/FoItDSOh4WcjKJa1oMqiTs7cFIpnqg/wl1J/3mUQCNkS1vDMawC0nOLhgv0MzJt5jO0ctkDJ3ycw9Uw8tbMsNS50IJfvkmAWWs7X4qajp14cl9/sw0lR+9G9ajtKPZyAqpbbeHxwB7oFi0N32wFwWNWKDZ+P0Y26/zA2/C25PHTlabHl/DvqNR27+ZDv3TOA5w+rKGS6Hi4Omo3S1eb0Wu0DBPnvodcrgqlPYx/LrAqikTXjYVTXbPoT8x92BAbh3V8G+N+5IVwxeycOFgWDklM8hjh+Ib8TMhA1W4CObtPkk4LuoL0zHsOzOzAi4zSMkHxIbVM9SKypGmrHGsAWOTFW9VrNqXcOUerG2bx20j76u7yan94SxY/jqtnL1A3e5MiCgm0WHx/w590bk/HD63O0UwvhgloW//3rx4efxkFN/lh4LWIK27wmwtH8p/xx+XGQe6BBfy7l4gXpRbhxzHcQUfbkO2dXwJ8CC5B+o0CdRjfgdnEuXSmdC6rGrfwj5jJ9WuEBLc2K4Ce2g9fkykBk+AlaPXkpn734lh73tuET71bss7Bkxeu7MO3CCthY6kOPnuuC8McG6J5nwi9eP4HAi44c9nEcLYxI4Q9OGRwdu4buB6mB9t/J0Kf9Dv22/Sbd8x0YLvSMbtR20tvGMPxxRpjc/gvlmHMTafTLSeAXdZ19Z4ijm0cqRKa/4Gh4Qx3FBbRq82noE1WmjrTPOM/FECo29FDal0R6pC/Gg0anYcOrkZBvKo9Dp45TecgQNKguoZ1lI8GvRxAuLt2E8kVCfEM4kccnraXQAD9e+UkHN5oV8VV3UxpYogyT9WbA1oEanHD2NjXN/wh7/Gt44usYTtwkBbYHt6CgwnwqeCIBry844GWrN1B8uJTnfbxJs6ae5VyDary1v4Iltw5DrVQ3efQLQFbMdFQtjwUJDwIJk834sSGNhzdoQXfWbCgpz6RjfRvwzioVmCZSw/X//rLIkYNoF5XADx5+BpEEa0jokoPJvQHcltzGUxK0Qd2hm5pcQuGbrTYsHbJEVw9hqhCYCLvv6vIiFz28Pm8fqJtNAeOJcRwW+ZYkYxNw+uZI2uUxmbanvMKXR+8hKvVhzORr6CFjBpsLduEaBX0u0ppNQbtOQ96SVfzn2jQeFeBJuwx7IKVBEpJ6VcHz3HtWM2vlKWtecvUJCTiSPw6H3j3DBZ2zOOjEZG61VOZuD30YEN0Epj9Fea36H9x/dAxur2qHoZxguLvWFy6Yi8GL/SdhRoksbHPMxgcSUqx4wByy+lJQxn0DbvdW4Ai3ETDhejG8uGkH7lf0oKrLjMpjjlGb/mVYNSYOZgc/4flzNOEI+0L6MT1MfQU4vFIJlD/X0/t9ObDztwyuHpkKMtsK6KymHu+bbAHLZP6AsxegwcD/jf+FugoNLi6WomkoCMb639FP7Aaah4oQLXCCo7XP0Xp4OZXsVIG2g8n8dWoBjU2NA898VT7a1Qe3f0zmqU4GqJNoy3I7BKH1jTq8abyAu4Y94MVOcfLJN8LuDUasGTQIjy4mgmGjPXpuSYMt6ybDYy8H3vg0HE4ZLebjipUUX2ZDzeaJKOqbRX0BcZgwYAaDXw3gabI8Cs0wYJ2PtjAc9wBGwSNc/245JNt5wMZN6/jeNG94lDMW2k634vtOEdS6WI0n8oOo/cxYCKi24MK3iMmPvlNcvypPC1WDwMCbSFXC3KpyF2r1fKHuxg0o276LHC9/ZL2EYV4dEEMzewzBxMgC9dZ9w57Vp2HXjxvgujCNZp3Xg3Cb9Sy2+gPNDniEfvVGoHT5OAQlruFL9xdh6jcnzFhQSMMjWrlt/Qd8M/ocvE7KgN8fAVwCD8D8XhXov6lPan1Z/MrhLrSXrocMIzeek+xB50+Fg+qECeDzL5juabhQ+lMnHPXICbxm34Xv9QnsJLyMJmXn8cEQA8psNAV+D1Speoht6mPR4NUqaK8bwbsWMu1+58LmV7JxyeAY7po0GaaVx4L2ZmceEXYQHnd8IJuPKjQ+TZxj9a/whjpgt9QY0BhQgW79v3S5wgEE9v/jsn8hrNzeSkNfX2DPnJV8e3U3npo7kytNzODRrAe0WmY2dSX/Jm2xn+i1agLW6I9AV8Xz9ER/BWSlhEG3uzFIHUPStJ6LQ2sX8Qy3O/AjbC6GF1SSGc5il1BZNB3rhy/0dGHZrxB4WaGNw88ucoN+C10wW0qFmr3UsW0Eu94Zpl9+CqC0Vw/ubxXmkSbFaK48E1wWpPE/XQWA/noI0jzFfsP+OHyqAjUyJEDgL2PMn2w+6uyAi/d1gvQtFc6tU8YL2weh5XERdcb+xqpzgvDs/D9cGnqYjm0ew8nXF5FzxC7Uq+7n+EVzSfGzBzq7xIC6LMOWdQZ4RWsRusgugEslCbDeciR/+z3ALTcOYPPLDaQcH0+Z2oKQbrEP1VJug5W1CdddusnZD8/xzDwfqF1SAaUzRPH0b2XwN9QCnxW70OKFBjw4vRs3acTh9dIU4C8VLPL1LcYsvgLHQu3p40UNWBU4k69t/IQXgiTYXSeH1Jaeo71ZIyh+bhf6Z24lh+yx5GChBuL24/HsU1fOd5nF3/TqufhFOe2Ca/ByVwp80z/OaxwLcNyAPkzNvk55o9KpSnUM5X6RhucBK1BsZh+JNPrDGOnd3PtJhPId9KEoZz/uGn0LezdO5wOPsyBgSjO/rPkO5bHf0WVXDwa+nYWW4xTBKlqG/nNTAs+IJ5B8JhBaR/ryvperOSUiAWcOPmK9diU2+WIAeyqWssGSQ/hM4REtcqmnVm0Pqm15wkstxsKT78gPBqpQWVUCfp5aS5nSs1HrrwQI6XRQwss0elhhQNN07qPRVzVsX1SM8UfHwiQ6wE2R9ti3/CDXDTXygTpNyCtcS3OfX0Pnd640d4MzZN8wghuJPui8yJ/mHbbn5a1aaDvpJaU+0YY1Pfp8SqmCro0zg/tSE2DvYApENixAy0hNOCSbi0LzvanAMIQPiObQvk8qrPSxDRbaI+wT/MnHFZ+BWo4/77Nww922Q3wqrR82vRAGi/EZuODcZzIJl4WFiTto/q9eDt22isd36sCguyznX59NoaMkWC9vAQs4+lDZWUXwa/AikcNqvH1Yj465h2LI+4msf9IZzhoylsWe4NiHE7Dx7gjI82lDkyOGqKZ8jM+PTcP9c1NJ88NdcGwbhp6YB7BaSxoHGxHWTgnAgKMFdMHEg68q1+LDzGZ4NTSfshoiab/7CGx/1s/nhwgiKlazwgYRMvwhwTcDTeGxrgc+UZlFI31/UnZwHNbtXsSXpgK0esTRmOkzYP1KJbx8Zj6onCiiD2t3UECzAb26rQ5qmXPwfI0oHAk5DHnGryDlpzuuHNME220a2Xm2He7bUAYth7aR4N1oUFebDJ9XqNEaKwFa3zeMW7aPxn7DJyD0vo6c60JxXtB/tHo807YIbRiet5zihBVoZ+Fv6i0ayV8W7iSvjjMcKWuLgeqWpP6gDpuuaEH2uFc8Oug3/J1UiPXTxPG3nzfrq/WiuZ0hym+upNHrV+ATRR2wNp/HQkuM2WHST7S0uIHF0VnQ6d+JwoekybPmBhxQKaenlyaDaqUNrtEoozHXG/iqZwfax1iySqs5as8mXHltH1/3FmXnt9Oga7wMzGnXBL3eRtSx8CAri1oKfmCJc4cP8l/3Qf6mdoCc8kXg+lx/vCSpj0utdcF/sgL2qauTRcYijp24BZyjlvDo0fJc+9IYSioOE+powDuN6Wi0PRWLyt/RkQZBmFg/lvt2nONT9Bjd/wpDn0shxbm1836Nh7TOwRlrpjwnGa9ZdMBhDBeWS8KIzYr06pMhTC2aTwJhHnBUrhwlA5qouUkV122eRicORdDvwh6u2hfPsctGwZIv++DEtR4y2bkLA/TzaG6JOirc3k/jn0XRrNvr4VLfDbo5XgimrikE7c7dOC3eGWVvL8fqq1a8Zv9n2h54g2s3ycLepmP8QXMqJAZOJcdQB1YVk6f6oSAmtSBOPyLMLl02cKj7E17+foXjVHQhYa8/7Xhii3PPGcOHAXOOEm6E2usHMPnaMR5bFMaLt35mFS0tKJpgwg8THkKOex6KrHAGqQN7yOy2MoyvKYWaBGlQT+qk0OXycPm0K0wc54G7juSit1AGfzz5DxrXLoIH92shIFAPtt1+g7tyER6LLcPxsrHcuL8eTzYlkJvLThpwSCSB1GO8wloS9UCf74wShT2B7nj9vQ6qZUTj2gNlIDK+lmxcakBr6i7YTnmkIRtC/gZy0Jm3isHiNTq1RvNVJBx1PA4OjXYkr8m6dEZ7Pzp+CcGaPnlYlpYB779tpZhOA3g6dxFmKO/gye8TKX6lB8r9mk/L91njqvoxcERjOZUsvU+yKeawaWIlG8eHY/Cf32jZMJuKfgWhVMlO1C0aAcd2vaLgRVPZRXeIxs9Zx6UC3/Dx+mv8y1mIrofIwrLeXJ5uoAvxXto4nGQGmmGaePTSG+xQF+Xke4+w3T4DrkwMAjPdq3To71jYnBTLBSVnycwvDt9Gy7KGVxwWTTKm/qX19DpWmtbfF+bMz2rguFCPXHZog65ENgluu4NHOrdT8tordGZXND21HUbZ9QbYWzkFKgplSLFAlQ2zIvHDrz9cabEVNp6ugWllLbxpnwh8tw8C1TyAO0tus8qxD5zf9hnLTeK4Qu0q7G37RRPv5uAe6dXwUqkB7oSKgt+TJRxyoQRLhb1wqFKC7vn9Ibe0DWxispg6pdWwacVIDnTTh8lTLfBx7z8qc3jKqjfno8iCJg5N2MtKxsnkOriBna+N5GONEuCldBI70RBCj32GWyO/4LPVP3lM00c4fDQdviQb01f9rRi7XwUqik/iUFI1+zz4jRFKS7gw9xv/OjOFVJU6QEoO6fWLaPivYQqoZkaCtWc1Ba+5wn3fV5Lkoig82+7F/5VJ8w4JF96o8ARFDk0FRZe9FGvszZtWT0TxDdqs2PgLRLp30iyzqfDguhBMnbKAP4Zbwy+dJFrXvgndiurgarMj+EbtwPmpAKn5dTip+RErqV3k6CvWcCHsCDeJKXPaDm/0P/cShl47gazjUzjdb0NOk5TBWFYdkssswDChje4Hn4Vpu57j+6g+tqkLxW1V9+lvmQHZvJwEfUL30GUzwX39u5x37hqNOPKQmw5tAN2hkfjc/j7rvY6Atyeq2U3+J1aqGcDWg3K0Xno7axieoOzzIhD3Ipim2nhAuf5x/LhCCmWmKaDPKFX4ves9zxSYx8est1GLoSlff5jJ9+IfYfCCHOqNngEbxSdyk5EAjM45ygX3l7KMdwnruC5htVnmKN9WD1IjgzBO4j8uu3iKFCeKgMzGPmww/Ed2oVY0MfY7ZWjEsvHAaza8PJ0uqGhgvwDwzaIxkOU+SN/sNlGSrBObXzvAcZ62PK1Pje/Z3SRJPI6O+xxAd6w0HDq0BLIyQ+h8viEfHGWEN3SSUC3yCkgWLKTWwXwI+OABJje0wBEiKfjPS85zdCbFkj8A1xOxPa4AB3f1Y/s8A1yR2IE1N83gocdmqA1fi7MVm+ga+WGpbx1Jeh7AqNXpeKCwCOsuimKelgUkRKvwNg9zdD0oTr56erhynS91+Gwg+8TDnGc/Gbwt1nLT9tGw5Lo7y3a3kXJKFl879BqzEzKo5kojT2pz4OaFxSg1MZtqNk8HL5dbVDjrLgeVvYea2XZke0KPJii54hWJMDz8yR2V6y9R6wtduGr1Aksyt4DjC8LOv/e4YOAjzAxMgaG+j5CMJeBpu4icFo6G8pPPUeKaMJR3zGb7lGow7MnA9buJK5P86b1OFgXVm4OdgSUIm89EnwWyoHa6DbsrbuPR1G1QtbAXVq2xQekx4ujfMRpzNcdB9mA/VB0Vp03iV9D9njQbKDdS+Dw1RndBNHwziKf+yfDWHhU42/6Ar2cLsnJKOry8xSDbswaif1fBhlOLaL/0Er7j28TGOeLQ9n0+dnnOYdEJ1qCdNkC/m7J4hcwLOP5SF12ldXm1zmTaJaAGNr/6wUpdleQdxfDYoYukKWVLSzptOeZ6B/8M3sZT9sjzljB56AgIpEt6tTzb4RmWdn0gz8WRvPX9T3y4TBOvxruBz4RnNCZFH9bvv0ALxX5CxdFADgwNp96o9dCb30gDt7dTU10zL0i/wndiJ0FOqhO/tRpAmXpLWJFdzksMTKB7lyf4KgST0Phi9HYf5mMycmC62xOi8jV54gQPvlolgLUD4vh8ehlHvvMj/z4/8B1ViA65shBy5xiO7TIgl89x/Pn7Nnocvon2tH/kqpDL4LtmEm12loXit7JgLrEQ7meNp+DRylRodgt+yC2DPduPU5FsD3rnbMB1DwSZg4wgykoPFq7wYJWQGziw5AAc/yhBPZ+/osi2eHj4LoQydwZwtoMSqPc2k51OBOjoTQPzB0+wdHQ8TBr9nYxOjudY25+4xLqEO7ZZQKuqMnb4h/Ce/Cl0flkJxwkaQcGAKd7NFKe60MM04dpc6rynA9k5Kym4YAh1ztnR2fcdvDb3FryJWA+ub3UpRnskLC4L4c7LFrBn8hl+frcNJrsnU5lmJZvm7II/mmH0+t4KdrnYTmdjZWGOrxkEjHrLU8WOclbeNCq5NIXXaWVS3TV3lpnvxK3u++FS9DSYIyoOwYcS6ahcLe0rzoaCnnbStbIk1bwHmFjfiqcajPBOXR62VJmCcu5/bHU8mC4IjaanX8ywyu8vXJo/luiyOGzqeogzpjpz4m152NJxjUsGJcgqpp77H/XClo1TaKrZBnr0YwV/m/4bXslehXVCMuAS+YbeCfyD518nwLmktVx+Moe+hY/jtNN/6evOBbByaBk2LlSDedOb2a3/DX3yncT2UvfQ4s47Whl+GCuL9nLIFFMKdJ2JtmaScHL5RDy7qpo2XYyiI8kx+OPNSt66xYombphLgfscUUH1ItvFE3yfcpo+Kx4F3cVDcF2jGKOLA3hI4wjZOSnAb5eXtHn9WVjrrQLXysu5T72Jd4lK0YjdCpgv042P5OtRR70NZcapMt6bz0q7FMEv/A5tz1zClTJVIL0ynDfVzaXyn+/xvW4YHHFezQUpq2nolDC8bxDjhs0LsTokBQtsgmh39TsK682Fyeu3gt7DGnjT/YXebZkO6aXLUbelgczrq/lx3GY81uZBpvIn4NlDVzw+/xuOKK4BTQkxGK1/n+rqpVDM7S7ljdAE2+8J3LB5MZyKkgTT5Gm05dd8GrlRGGqepZPGpl+keLiIpNQewrwRIzhSyAAkT2xC6BjEyrc3wNKF4UGqDIjHbWa/jzpsvKqd1p5WxdvFmvR2YR64r/Ui0egI+GYrACPTt5KtRxmPTxfnW2b5tEDkHs2cHM/jHxexzbgobP5BMDdyOkxxEsOZYoNUqH4dk+3P0vgT23DF9LlkU6sNCYs+oe2V/XxHyAjSZLr47OwQbk7TYDlrAVBL3ostbz9Tu1kkrDuZyB/1Ovllgg7UtRzj9v5TNEKinzeZ7ce9N+aAyX/mMNvSmI4JIA61p/EbTTWofFbPEWKPedMPAXyyIghmWzajj08gdlM0Lvi3FS8/y8HdJqIQqDMCb1dMRw2qBlHDF/hd5hL/xR+0MfUwyh9fC7P0h9ktURhCLDv5h2wQp39AeivymJRSgqjw7Rje9VEBSixl8ML8xSSghdAU/BNagh/iUPNdXpYozQv/vsbmrOOMOt5g71IEs0oUqCFNHEYpZ0JHuCTc7Iqm6nmCVGB2nqZG7gYnAReU19bAqGxBorARcE72L8f1X4KWbSlYEiqM8bM28g14z6X3vmHD2PHopPOIlZ8pwmPPnbRTvRF8D7uBmF0Ip/vUgOZaOa41/AU01pz9/8ehfXADwagBAH5HyF4hysgWkpmIRMoILUQaStmlNL9oKJUVoaFUZiKlJSVUFGkoJaGiNJUWCkndc+7/eNz/4uX1ArDQehOOk82kpw4VKDZcj0uWyJOdgiU9/28Brck4BvFGN7H6qiX83KmHj7My+VyWF2ifC+EFRxIhTn8LY+ZY3PZoJVZf9sdybSVQDdGDIEMbTBmywOcaK/ljAECd9Xn4muFISXX9UGoTwJvVtaDbOB/pgAJMfTKVTnek446Dt8BpVwPZW16DFoVF/M15JhtMEoSJktNgfHYeDVUlsET2ND48T5vEq57wvlV2qCPtxJpLB2DlM2sQ+iTGZzTKYfudAtw09xoE/g2CC0bbaJvWPE7vGqTra+3pQ6IlBFd1k7J7DCSbJkKKeg96vlwO8rl/0LvEHs9ut0IRy6l8JHISBKsbss2eXLqq/gf3Gr3G4PylaJX9GVtCbKD7egapv+ihyTdNYNquNrBxqIZlSn/AuDsI0f88pnzKgXWlrfj54k9ep6YK/m7WMKKhhBTu/saxTW6UHnEYw14rQe2HYlzz+iQpdH6DwJvCEC88EnLkJsDWg884TSoEs+pXoulUUyIjcRT9nIilIZ6YMuIQay21AJeDIyHLxZBk42NQykITDSx9YWRpP4XMDQafolAYWrITdk0fD4pSjtA3tA26ffZwh+dVNF8jj+f9dqDZyVcYX+oCUn9T2OqKKijWeeCFd5+p4Od28qp/BdYuBvgqN49aZe9wg3cLgmAd54qOAW5vgITVKtB8ZYB3fPdCxbPm4D9OlecIl3GA+2H2rMqlLXFqkHFMDc80haL7uib4rmENCgfl6dpNcQ4dk0H6+eUor32KS0KFwYjX0LrqdigdGUPi9oFU+iyKCjuLeLFoLJ1LDqD5Gu85UXcSOO6ZCsFf/PCiz0/aO+UJbBHdy7VmU3Blwz+4Ofo+tLjcoNtSchCytR5/1q6hl2P0cN6OhTxOyAZKJ5lgdK4+65geReOJ1+Ce00hIvTcf5uXeALExv1jtwQ8aNdhGln+LeVVtMOqrRfDRq9EkO1MedirMIDWJJi6O3wc57tcoL1EAaWcrb+kZpiPy4py2Ux6Wf9QDjfGusO7+B249ZMsLjaZBr+830t1ZA4M/tsBlCUv0lTGmGeumwN/Vc0EwOxZ3ChuAkooxNTtp0xuzv3RGbzNjTycnNZpg0A8ElcczodbMkaKcL2CMqR6+vFRNqrNcYILtfVJYlUNSXVk4eFoPNBY7opZYH11vnIcLJZuh2s0S20OvkkJIEX0eXUjqJZ145Zsl/FdzlpR2L6eW4Wp0npBIjgFb0O/XNZ50UQgO6oiAeJIxJqoQbHK/xs52J7izrYRue30FN5nfJLRdmcSOF5GH1mLY+C0KBt6Jgf+yTfj+VRsvOHyR/117QdZptbCwLxDfFTrjznl20G2cgtstzGDfoVqUUsxktZHt3HYnicbd30lfAy9D3uUCuG2Wyn4PtfFY3BjwjVMgq/kVWPDiF2sX6ZB14X4UQ3dsqupmc/3jPOPzfnaV0YOEy1Mo/P4JMD/fBbMnx4Nk0A8gizZ6/XQGHJgignNyEuBF3lToPRLMB54vhssfLWlIcw4m9u6kazv28l9/Jxxebs6Wg2q4ZPEYeCwFcPljPMy45I8vRLex0fmllGHrDT1pubDveCe5ebqzaf4UKFj7Eze6jYZ+Kwc8buxBOWbp5H50kLx7JSG+upUnZK3Fkwu04N+fq/zIt4OCpy/khO5JcFW0mTuW/oIjzeE49YIPt/m8QV+XUXAkXRI2T6jDLw5b+cSRBzxBfhEcyV8OM17qgr2OJJQtO8CNlSNhWcVZaPvUBdGvY+FJoyVvs3/O7V/XwvTGHdj/Yz1mq+uz42RFKPY/DxjQAqPVBehm8Rl6o2rO71sMUUsng5aKXwCfNUJ0eqYVWGd/x5ysAH6hW85e3xx4IGQcz9gaDtLvc9gi6w/JXliLF7YbQVHCKFqc3Ex5nq7olPKAWvSL+ZvbdX5YLMRrQgf4hx/jjC0ToVfqPC47+o5szq0BpcPzMaLIAUKSb9HSencY9kjGvGvhsMbTGrx8TsC+XaeYo9/zLPOHWKIozXNilsMRq2OgE3oYpvRKg9xOJTC3OYyeW57Ds31raceFGLDp+4XXJF9A/ItZ8P2uNiwyloWXapoQEzAD0u0zsfJmBJQa9PP+2NNQcucA3n5/iatMnsFRIhT6MQGC133mej8xCjmeCuUx7ryws5iXatVwltg7nN4+iT+FfAUYqQEurdG8/PIf7hxzHdo6ReC20R3WTdcg/8lDoBe1HgMTdsOBnyPAJn8RZz2ppsXy5+nLMxucN6zDF2XaSPfdOC78sRRrlGPI6Oo4ELbfy6ZJTrS34gbL3nEAwQ+ueCYwBr3n7sFNVtPQJ/4jKeSbgKmjBUn2R6HbExdoac7Dv2+boDTACy7pfuCn2jYct/IGfR4WhFCFGIw5U4FlI7bicrkU/NgvhkWjx0NwTDI5Ob1mu+8JeL5SFs6NVMRxtxdymE4JPa+bTsdmj+eysmc08rcDazsdgaKA05ShqgumtsmQsOgUvj7VD+/VBlFwtDooJDjiuuyxEJ1Zz2UfKvGZgxxsM5tECzvKsSBGBCsz5+PEFz60Js2IQ12bKSSoDVvnf0S7OBHIC1TA3L236N5hXfzxS5wPmCSy+OIwvvggH5oX18CEk4KgnjASmh+OhF9TLHmcRjENkhosNYvm03WP+X3ED8zo0sTCuzH88qMORCw7jRpPH0DW8w5467KO/fE7X9BNoZGPNtANHVEw2H6Y1BVloGlZMKZ4teDlDydJK3A7eR2/ATN3+vGmLmfQ+R7IYwzc4IDLZOiu18TVJhqw6eYPVlTOpEKvCMYQfQ7eLMgnfn2lJzeVcPIyAXj9I5/EhXU4plQb3hvkcEXKRFSX300tux6Th/wyfD/gDg8dpeBpzC28+k0f3m4bDT1jQrF643mqGZtIBSrrcUX5Spri/IVtTo4A4c+L+XPzAIPlHWwb3Qd+VERif8bhmvYUiDv6iNv+mwsLDFXg+95HEDHvAAg5WvF4+W3Y+cofVOc/QMMoLzS8vIu8Hubwm/AJUDV4heUK3EjZt5OnHA9CUxUxvvR7Fww7f2Ej5Xx+/6GaJu2fAkcVa1hs5w489nEz37J+Rr8rLTnh8BC7lO+GPU/+Qw1zhC0LzSA26CXWjrrK+6994M3jg5Cbylm9yRoeTqnAuCulXGY4FeSkhUGk/zPe2oysnvMUbo1cT9eSy8D84iu0KV/J4pZKVLdWEPOUrMDb7QaFn5fC25NF4LdsAedfCUDhgmXU/n4QTcymQ+PrP9hcYQgaqUaY3b0ejne1Yurc3XDotgTlbYunDv82btjURHmwnbIeacAuOg/eckZY0dcGL71tQHt2IWr058KVVf8wvWou37GdzDIlI2Dkg1qcidVk9y0Hw2M2UuAWORDsEyOL+n0IXXG0InsT0AITEJ6kznvk3Pnn93DIrYnHvYvvcr/2et5V2QeOh4cwXeMQXXIZCwHvTPGrYRxUfb6Fk5N9wcbVFqRd3VB75BdSX/2Jqp+8xi8WBG2eCmjf8RSHcCXK6FVA8eELbDfVnSO1JsGn0pN8qKabfJ3koKVegFr691DeiHc4adsKnKz2hO6FrgWtT2bcM7cbF+Mp8JuvAVnjndF1oiNfNVGDO6s+YvT0majzuBlrwhqwXMaQJWUfwYbLwuCcCLBwlgWLq9qDTkM3DwXqI565QErnxrJBxzAJPRtDapIW8PnbIc6ZnYczs9rhpnI9yl2zIItLCzFL6hpNeB8IDwzz8FqNOhR8yKNN6/+jTtO5ZH2yEg8vysLotCMocyISdFx8+c/Ut1CQLwvdM2N5+EAOjvx6kw12XAI990fk09GK8YZTycA4kN/3InKaKqzZGYVO7/9DSL5Mp36/I9/6Cdw1wgFq9yZBctth+DRrO8y/rQaB17ew3f4ZWLLdG+5FnsBP2ULg6OUKfXudoOW+B+u2PqHNaiqQ76HOF71jaXVaOMupG9BJr0GeNNaKZ42bA0/SrOn2927OvyAFiqkOfGL9Y7wtPw1ivJgux8/Ca3LnONKDWSksAc/KLgdj27HwYrANokRP4LHE6WS0PpTyd95CM1NtfhZ7keOmPOd1KwzoiqMR6J62A+0f4yBf6yj1h6Vhe/IPyv4xn0YU2NCz+8EgYrEQFQeVobjDhC0ChxBnSFHwnr+sNvs+291rAM/nxcCWGlQx6TTNmKwGV5YIkoBCE3asE6QQJ20Ij3gEQ+NSaGJWKmk37Md9HdXEx2xhasYeChqpjYHCcvTncDjZzd3HO49I45T0UzzW/S+a1gTjiP1S8HJPGcoVG9H8waMckqcCjSJeqPb7Oe5qK0WZ3bbo1OeLYy6Ig928FLZVcIAiXAYFZ9ejz2ApO4rm8MmBIgjKd8LBW+toxmhp6Gj/CetuP2XF4DrcfqWKf+asIqEbZvRqMJxXPnoLqROIWzJN4OPRQBTx7mGFwmzyWh2LzUkML8Sy8FfeLBz7256qT2+DwLljoebPVeqUuoinA8rpilMxTHI5wJVFYZynV4bTVunBiJp2UPKyAp8tF+nuzT2YdzmBNuw7w8NL7+DnxT8gePkAv0kdhcrPppHjbUmgvNPcuOY2u0yvhTWhAXg1cjUWHEBYti0bay5VYoRWL0X8mgpZATP46b2ZVKnuwZrRpzH2sB2qaOjxp4G73PBpHMyOWkeLSAO8JCaA/Nzp5F06SE16F7i2bJDEVDVg2+R6GBt9nfxCf8OjCiMYKMiDOcFW8N+lk/z44jO28p7HYhenw7iwLzz8pZSeJC6EC391QLdmGrxTa8RlG7fgseZwFr77mY51Loa1mQr8oHId/1t+Co0bDEFry3lMvWECejeS8OS2lei734YPXvpIW2Q2oXtUKaWP+4f6HbLge2YCzI3fTYvdLHDR5zCUL9TCEb27qF9+DpT1F+CczgPsfMcaNHZ8AW3LTtj/wYfszK6AgJUZTr5zgAr/2cCrX4XcvPsXvexQhstZ2yheP5MPnrlGbeBOh1I7+FlkD3m7VoKemAsvcBDARxsnQs3dB7Qm8zhHOyzlSyWKPH+lENrGduKbcuK07v1cYmbPhjd1Yc9/18HuPwHY+3IEFLtV0H2RGoyXIzp4Yhq/jVejzcG59HemMrzu2kQ/P5zC6kOaIHlpB/htDORFWxFG4GgeavwL/X82cNMCZfCd9ginLWxnaScZnjt/Ni/yyoe3tabo+bcFnsz9SlnPe3jKWimo+HQKV4pPwxU5hnAxVoy09vdz1coXqHS6G/IF9/OLw0G4H4VhysAFbk1QRfXJu/DLllT8smga2VUdwvfvL6C55h5e97OQCmYpg7+3FN1fI4AZuzMw69M4Ti3rJxvtarry4xU2dD2klp4tqD15LBQmNJN6izwVfvSh8DFDfKrfD84NGLC6fCdedCzFt4f6aXiMCYQNu1KURzHlCzSAg4YQum84jn8nJVNT9mUuT9NkRdMBTGoeBUtH18PMy33c6SoCdyti4O+jvSA78jcvLHPiO7OPcK7JAopdSDA3fwDe9dfS44ZsKtNVpvMPW2jyu0zYN06B7T9ch9SLY+loowBIlpqyzsck1v4UxwNvZnJTzS+4l5lOE7+eouXTZ6J2uhFuDVWFBIcklHlVhGv93KF373w++mErts1/hIe7v7LtXTF20HsOWx0soGHJYraJDsLYjbvor2UbhseNB89nlXDz9WZ6qG+Ert7hGFJnACf8yuB+xGwYrsnA5lotPrLYn9wyLdjux0d2Cu3HX5rZ/P2HDdT+q4Wp0wtYzKQH2zprcVVxL+uqPYL/Oqpp+o4tILbsKRvXK4DGTRG6GrEZ7XQaOUspmQ40u3NHSQZmrq+BOginf/sv8IJ2GTjnvoMd5O3Q3PAwiaTJkiYZoNTyWpxRfgec3E34ROk7gpdCsFPpMUUNttKUH7c5wMQB14h6UuVEd77+bAKu+Myo2rSA/ZYYgMq60bC7MI8fhafztpVB6FmYgaH/zYAsqd30z3gV+K5NJ9N3tiCr0sUTrQDxpgz47hxNC5S2ku3sc3hM3AUl9pSynR/RkR3G4OngBzUzKzl4qhScffiIk2Vf464999gse+n/LbNwSTuphFjA3DXHqE5VEI7tHoOhDiEodm0xZ7bZ8vIPafDK8jgHXF5DUlctQLO4Ai4qTKLYrmi8rhqFtzZ8gQ/acfDY8hE9PRgElvFVmPrSGNJFvejhjBN8UdMDzmx5CfxFCQvUj7FMYj6M7/UBo4FZ9D1cBm6E6rLYpwG4r/2DOrXWs9pgHv6eHoENDWeh+1YhpuwYxlutCH1j/+BpNWVMa/EE0XfJtNNCHOOUkZ/NXwMRZa08IdGRVOV1wXf3LEg9+4hqr7nQgsFJcODKbSpyccHA7rWov6QIx3meAoOLauBHa1Gh8SeO3v4NVsdZ0eo917Dp4gWavl0MIoeO45VMc44LFYeMzKWgIJVHNlX64Nn9ETqDwzCl8hreOtgDGfpBoN6qiuvcbGH+ltXU73AairWPwKvgaIx0joPb3iqQey8GbkTFsXFqJx0JVIKjbzJAPOcntK1bTns/t0O7wBJ6db+CxT9aY6bSW6h5cA9EhARBICCWBlVMUTlqIYfOTiV78sHfgjfhtq0gxU9R4MpVH/j0TG0Q2foTcyfMwBohPaopFIb+KU08+8cVcGo/yWHjMyh382rM/qwAh1p/YPp2OzhovQ2ri4r5rWchHVt3Fq8YnuPp+4I4R2wUCAXJg2h1Im94c46nmqfjdQ8j+nBdGEcv08Xkb3EYkagA9i9fwV0pG+iOrIDtQ8b4cXwk7H30jx6pf8AEnfVUJbiXihe6kr3/U94/RwQUZaU5U2ctHXvhSWR3C+pPeHNZ6zvemf+QnLIjSHmcH7+YZwQD5h+hbqIpBD214ZVruuFKRgfdl1zEc3LdWFZggOYNWvK9rHFQtOYnxPaYYt7dToDn70Ha4B0r5fuDfKEgxV27CIrNW/HqWxXIX97BGSGv4KdmEbrsb0HLM6P4ncs/Tr4hgOF3GujRvx/QWiMOqdHDcO+BBS7X0KN1G+LpQMR7SsydAzUy87F5RSyFWn2h3Em6kKnVB1HFxvi45xLMNvnDV3+0soqdAkytvE6TLBUpb2YGzJ0jCZZJu/HAvY90u2UYJ1lvZNXqPPh58wTLeTuz7wFRvBnQxfGVcrDUOR41DOt5id032l8XTmuuaVNQxlL47pUH9XW5YPryGUv9GQECLmWUcrwAt40JhLB3o/mSZhLE7vuJu893cOj2Ev7P3BYGb8vBiYg+PnrTn70Vs2F74G24fUwVf3lfIIGjFZS3xoH7z7/B4ZGi8HfOGuKJdfQ4eRvbHROCqPXrcGFMNW2Rfspr2vfgf77TIOikFXxbaYzHXqmD8h4zFgy1p5fWRrxsSIGkpAtobvxL2ObfiyuOiYLwz+/4q9aaaU4mCM9ZSCpbVHjsEQGun9aJ66waaE78S2gbowYSNc/Y9cdcLhTLoYbDd2jvvC28TmMRmuN/4Kb1kbK+jcDepSMgy/cEZdwKAtnzV/Gc5XtaNica/noyxQ9mo8ia/eiiVgTJm/RBzVwEnHMrqNjxO0f/V06vlYx5W6Mfl7QrYupxXax3eQfTf4hBldd3+DzLEtbv84WX/87QDPdFuH8gB0rWemNzoC7MffeR7p9WAaU/XhSRLEIjp8uBltAJzvyWCgrv7zHFf+Yfe4N55qV1VJhDYBQYgGFTtmD7xWQQzj9D4vHKaFVpBWPvbed3zYp0XEqSksYz+Lku4bNq3ZDhVwyDY5ooslwX7izowy/7tnD8u6Oo9Uudt24FaNB15k0Vg+gz5yIkNXux+C5P9Dcu5JG0m848bAeFhcvx7bKJ8Prfe9id3EmGtTJUWGBFZSlu6No4B0XTw2CexgswM1OgDnd50MlYgGO126lK9j2pvqkiV91mVJLuxM1v1DFxwIZ/fQni+f8kYcNwCi1q0eIJx85w1iwbjDw1EoXWGtIseVXc9+kva7XX8opgTRA8Jc8BHSvx1HJF6MvI5cNOidzyeC8fCdqBRxPl6PJdLQ4WVIMHy5zpWugZKG/J48ork/CGkTVOv2cF3knPqPDcA/771IATjcwhzeI6vjf3B+vXrXgO4yH3rCSuXHMflETEOWnlWQ7tFuf7ihpgXRaGPvabYPLYAjST8sGXcxZj2owVnBk3AVMs9bjF4QI0SY6D3MlA40JH8Y+wdBz0m4obQlPwpP1YfPLrCMxwBj7o/Zc+F08CUQ8TzPbzIw/NVXxMbwmFySyEUKs1vCouF+bv8CHf3B5+bq4MK5zX81K/HziUfZC2xOwnCWVLrCjoxn1udync/Re8nisLZ3aKQ9e4fq7qlMdIEYAtmkFc2nUbcrsy8dLycFSa2cOxAnvZv3AKlIttxe/FAlQjswN/jXMASeUeNF59Acv7/bho0WkwmfYEc1IARDYq8izxeThF4R+mJc0GMf0bMLV/PtTIR5FmdiP5Ou/iGH8pWM9CcDPLjDOWlqPgFRuQVBAljyftFLJWjcdaycI5IwlqPCUJYpEa0O06xIIjXuDVhy/grcoVSvy3nCMWTCD59dIkMaGdMp5pwm/NDeBx7w0KWBmhc1AQV1jnYvkbe3ii4Y0FL/Xp66VP9OysFOR3FdAhxc80Ll2afO9dIZ2BmWicUADpPZshuPw+dX6SheKN4tCY0ErKcz+jd9drGrXzOfbv+4RHxv+ma+7PKGddB70sTQPLXlGwaj8KMb7dLBM6A/5pytGS7GWkv9GQi2xcsWZMKmikLoJXPgZw86QBKQi30NPVdbBk71gYva+CZ3v08Y1ZYRR0dgE5FDVhNmmDW0oa35olT7YZknT33S0oeJ6G5vdv8YlcTbQdncAOadUYL20ObRYiZGrnDXWrjkBbbx+tDcyFpwO/QGF7LxlLXGVtz6PYcFYBklwJEq7u5Utx9/h6sQmqSy9noaUPcMqTZbTwaSxIVMSQfrgw+LzupWgnbRJQ8cY9o0JYfUM7Ven2kar3VhiZV8KRikagrSwGUAHkuT6JA57awQGxMRjR+whlW/rJv+UGVOzNpolz7lN3nSpYKZxkDZsc1n3/iitLj2HizATQnXmUDrY9o9CO5VS55xy7ONvAbLFcnvk2AFu6LWCa8ld4FXgLoi5qkveiKliZs4Z3hWlgZJMaCPn38q70Z/y9aAUftr/NPRd+0+P0WeRb/RdM5+RD7pPL9POwNQiqLiXlJfepqdadx/S2gcQOBbp0qYNCCh35p/ViPvD8NF1IHwsvnK/jFf9T/F+IBgtYjKVphXtwzu4JLKXmxJ9W2fAOtz4QWGYNbf2TuTQxmoaip7JRQR3c7tHlhwV3ceb2czjwuI6+ibwDxUAluBWyB4Ns94PNpOnsZLsL1HLPoprkc9R4roKWz21pxGp7vNOjDMeOfIFT2YIkJCyEkzeuY/Hy8yTRuYG2SfhA2fESNvhYSbn3zaBmRji1NkVh2o47+GpgLYcptGOF5T8SvjWKW86tAZl9GyFzUBVyfdqR6t7jik16sHQoB+fKzOfxkoM4o7GAH0x/AVqfU7DCxhAiE+eyy8zfeDrRgb/Md+DeZmP+XtUA57+sha3a92HbyRUwc7UCFLbpsvCYXCiXXgopRhYcK/ASPvdp0eNrJmhj0U6r3ySDzxVRWFxiBoHzbCF6kykH/FAhtyl3eGdtAdp56fHllwW4T0WQ5HN0QKG4H53ygaxcpPllSAPo93nRU6kr2FFyFUtdv5Gf7nP4KKMBeadkQNbtNl7c4UMGvlYcvEATdOSK4PvcWHrln4n+Zg2Qn6MJf0f7UckePfpnFQh+myp5nOxX9rfzhLq91Zzm2A9nSp9j/IgRkLg3AQu2FFKOWigcUpxFifGtNOWbAGB6Kutd3Qrtb3PR/NRYaM78ig+1N/AXlwlc/P0NHTSxBC0ZfYw40g4Sfz7DJRE3ii+wgOtHDuP1q9JkNC0cY659gwCwpw0qlRx78TzrRExBN8c4Wr1GFYSDq8D4UyovnPeEv00rxKUbBzF7kzVf76rHs5UdMH7ld5jTOgn+dHWB1okW9H9pgrt89CnbZzt+VzzEOVsfwIv+MHQfasM5LpIgMCISX5RsQ6/5AvxuXTVP/WtBHXfG05izCFNRhkw35YG7gzS0Oa7lSTM38WIxVygcuoWKhW8h+oMU/zZ7T60ywrDE7QNcXa4P0cu6ULrvEoj0bgKft0WcEp2Or51MWaS2Edd6VZDC55+cMdkSDsItnJYqBCO7S3jSTz06bydPBfLeeGPqbFpT1MojstbyYx89OLJ2C6aOrIJWkzv4zW8byV/YhjPPqUPAzSRUUnFG4zVSMMtODVY4TwCtnjp2OefDx20FeObH91zrVQYNDkbsZTkPlee38rkEPfASaMUHwdM4vNWO7dOLwaDsKriom0KRYjQrgALvk5PhSYZq8KOrCXs2LKNqGU9OjboOv9Wv8y7hVrJ9sBE+TFjHjQVbeecjHUgO9uegBkt4pZTEeyyugNFqRRJunkfnps1HY8tO3pTnSdqfp0J9RzbZDryEEbre9OJAPpeVyPKBuPnQElMDC0WtUGvcRvCci7Dk3m0+0jySBzx66XTLKnpe34iThHvhYLUcrSkr5Cc79ehwkS10rDqLNbEjQGV8OeeWX+K7q9Ip9estqpLLpBtqIyA2V5PlNE0g8mg75rvYU+NtLdpUPZ6bOhpBpuIT7pTpxVtjteFgYicnqRtAi953WmTzCsP7NElDVIfeG52ngYadINU4yBMbV8OrvedZoksOtNzSQGTBNAoMrEL76TPYNhbAcfAyz/BeQ42B0pyVnYB5zwUhPjcSDjyL5hfX3Fh6JdAiERGytpoBphve0/KimfBtdwQ+MxEF7a4umjY1Ho613od/pd04IXwGnCxowJpz7nS3aRSW1SsjrBKGFw3a1PAiBx5tM8CrK1Pp6JTL3BtWQUG3h0g5qoLrYz7w4kwzqJ+zibNT1pP0iP/Yz1yeot9ugeZvMWzkc44C1Tawbq8lL/AVAPnpW2j67GPw6WQX9xtcprevi6BB3o2NdUaSk4U3Scat5B//LEDVYiMOtu4gr1vBfMw2lY6dmU8qJxTwSIAQJ8+ORPG5qdgsZA4udz9j9V0pfFUnyX/EpMll71s8uX4y5WyspUOSiqB3vBA+iI2GNfP3kvhYedi0VJfNIy3x1sUniFrn8N+RsaDw4SD5y4XBlT5RsFl+mMUkrrLhoh7UyHxObe8bqXDBJXBYsBuyCvew4yI9cq40h7OyvdA9LwwfTOhnGY+zvPh5Ow1eegJxH2L4yLv92BnXBgknJ8DvBaYwPvMlnh3aBCWrE9FPP5BMHA/Rxify5CBljM5PL2GasghIW2bScMNqaNMZptHWitBtqkVPyRxnHOumV5V7sHD2OdggIQSBpWFs0JzHYWavYIO+B0uOTcZeZyNaqeFLrgmt/HBgJNn424JZhB6mCudjpqcH+y89wP0BtZwwR5RnRC7l+/YdpPH6IG/0VIbUuYO8fJ4VDc5oALF7j8FzTzvkzx9DRZ67Ic1riDZGdEBJjyxUVV2gA1G5rDhiKS+ZbgIh78ZT6q/5ZBG1l1ZuGMDjI/7A3eva4BbhjIb2t9C2+zmYJFlz0zwTbNadg5VfVNDxcwLePX4Pl+0Qg7G1O2m0jxnMmCmGOxQnkHuWMF1ZMYwuj7ypUtqRnxrV44UpDMufd8IdDzm8Gb+awooXk/TBzXjirDz80zdg45giHkhK4RtPLeCy2T2Wzf0Kh5ssoEnjBs3Nmcn3I9Pg6Zyd3OHxEbbpm8D5qzYgan0ZpqsuIHouTnKG1rB/mh4qVE5jCZ9vsKvTC28nvafTy4RgxOADSonxYLWuBzC0XotNkmWoOzqaDx3VZ/GGKFB+OwYOvgWY278LH1ieI/z2nvri+/CNwXPue5XIH6y1IV1SEbMXXySVQ5bwdLMEn54ZRpIrazC3dyoeLZtAa6tF8cpRB3ipqseP3q/ixHpzOGu6DUw2LYbUu1V4vHAMRFwIx6MnelFE0Bd0r7rjpGU9vNlPAxzHbOWA8xLkc70KL6VaY1jQQ7jz6SPsaDiOO8zjQdZgMW2u0ITMPkOuWlPPTY1tsEP5EUweMQQPR45A19ovqHezGFOSZ/CxDRJQtbMNxrWPgnHP7bD05E4031SAIH2ddiwagUbnvKg3bw9N9lSFhLZUPB36jEVG9cBw0jpOXXUHJq2sR6NRP+lDqxoYFTrA4z2msGTEJxaQQnZ/IwdHn1jgfgsGCUEd6Kzspx2uFdgivpo0PcRh77RTPHqaLm+vHgPCG91Yc4oeGHvu5gjHl/QzPgr1Ng7itJXy8HnNL36YvgKkG+8TZEaj4011uHTsEZZfHM8JhxpZSagSVn6UgMjYYVI4mgca5keoYuRBFLG5yQmzo/j8taP448wu1n0ayn8X64HLIyvcOb4aInpewfsPR2mURjGsW++E7eov0MMjGC5WfuGS5/Kw37gdP12zYPlfN+lViQX8GumN4YXd+HHsCj7/TYj/W3ie521UBMMNk+mkVgy0O53ipBP6qOb+H5k7n4ap3QGQrv+Jv07fRTId2rCgrBmFjwXCiwNZpJPkwTe8f8C8qGUcseEADBQuBevpViiAE2HGglU8pkkWnxnPxjbD8Sx9LYMDsuZR52glMDJ6xBO7T3JGsApYTTpJq3crYID3YnKfPhcD9j7gJvkESBrxHd103vDeOfbk8EkNRqY/5gl9l+Hd8HY2nPOdEkyns2XDXRpYNRES3Gdx2WM3fP7aCBY79FDtYxP6qv+LnCv/cHKZIZ1U2EPpR39AruIXTI2cyLtKRWEUFpNzkT8EG+3Grq2KnPVPDndJfKVVjlfxWocD+HS3kWaqHswbHw1PlS9w8rVDZLYshcjUAIUHS8Gl+Q4ebValQqnrvDtKDRyH4vkA1tGNxlXAhkfxe+8g73XcSBfqP1Gi7D4I2bweDzgJgFf5PvIvlSCPr6lQXtEFsy6+g0rvVbTp0k3IWavLbXdOUWDjWJi4+xpfT2xgvxlPsWWrAt6N7eSk5EC4lnQBP+m18fMcRX6mYQJbp/zEwldnWHnwPnit9EHIOI3VOSp8WNMV9tuasUrtD942TRa028VZ/nYXbFu/AUblG4KQSCgUKwTQJeN8+tRjR6u2DJKP9URQ9LvJ8ektNPz6LI28UQ9Oh+TAfOVatFwrj642JiidpEAjBKyg86cBCpkthsFFyfiz2RT91hly0IZN9DD5Pzo/Q4J+CR4CX1srWDPyDx3taKKIC6qg7ORO1etCcPmBUXjsUTQkN6fwvkvC8KtMGShjJ36qNEILoZUcGzEK3e1yYHZgHVz/8g6E/m2mWzFCODRNDu6UpJBRzD/6bmrB+lmhXBYaglvDo+lj6yNWfbKcPjaHkPJKNZhvo4qhE7TwxSM3aMtvhEeOEhyVEgXzYsZzzZcKHJJrgVK5iXDMupR17y9BewMVqO17SkdH/eVXelfg2+FE8nnyDE62FaH9NFk4IW8GPapaPG1nL7cv1Kdfz79Q60JXHnMxDkJ857CK8Ts4pcHQ6LWQhbpLaU3/LuxTbKe1nRNBeFI6FZkOcsn9V7Bo1AYQKJODPdVnocK2nfYJTYZFfeOhaXwnnTL6D85tXkObzHrx2TsdLj1BkFd2C8fJpuKKIBEc4TWEUw+P5tLkH+RmXUiZ4ZsgUtyOFxuOhCMHn7LQJnteH+zG2V+bufnVM9I7cBTCnDayn44bGZWOQVdrhr1D06gkfjo/aa/AF3ZVMPbdNtr4zpIUWydizdol/Ft8FNQOKEPEibs0r34kWg4fwN85x+n58SGU3GaEHodPUr5rOmrL+PNj0fEg9uIf7PMJpMk909D4xnV6ue8ebPfZhWW5kSjWZc6zpI2hJ80U/KJ0wd96PCyTmkpdtlo0vFoLhzv+A8czuSD6RZotxat5/gdT8Lc/g2s/PIX2dytYzygFTpi08/HKRB4ZcA+dzynx+Q0VED5PGTQMraBZ6DlndQdx8tgh7lt0BUNCvtFik8mwGQqw/d0PrEsRh0AZKRJ7Ioy1wU+gvvwQNoqtpfgxZ+jDpIUscLGOjix7AeGLdeDC2w3QJlwG80US8GXuSVRqrccllREodjcYp01oIKHhWJa+ZQThDo9ol6sUjtnRCYKjj8Hp9VH8XMkCk19NpXI4yKaByVTzxhLyVWfgp3lh8DD0IF0K1SehxtMgdVqb2nYkkpWkBsnuOgqlp1UgeHog7p42naorK/DDzceUVb8KMuX3gOvsR9SUuAuj689AYJ04bDsxhRXHbsbJLX5I23zg96nNYGOwASrEn3BCeSwGXzpHxwdl4YnTWNCWE8erZT50ZnEupexqw7RhOZpta85vBLZCQV4m2cuMgpm2iezhp8Ct5yV406xbkCyaj7O2TOF7aauoRs6LVyl74vsJ6rDI2R3XmdbzlzW9VBA9muR09sGnFf94dexGeHA+heOr/uIyBUvIdEvhvMlz6PPfR/jNdxo76q7ms8/N8ZzwHhYf1QHqX82heudoyFxXAdqnvnKk3VaeIW5M5z974n0JIbgnvAycrvfAv3VFfOT+ePA9vwrXWk3n83XG9KhTFOLbb5L4oXnkaG3Mh7fr8bCyL3/1MoCPh1Zzpmcnbp4wEoa9nnG64zH0v+gP+VeWk/Jda/wb5YbVn1Rg7JlGXjpuGWpMfQmr1PaTr+89jAxYCiN1tlLM+FCMDXnGuiMMQGBqCb/V2A87/g2h9MRKyBkVxEH2K2m/zGJSbHHFGGdj3t1hAK8Kpflk7Cw4VVyAP7cUc/KSOLA1GOCpo6vIUeszPEzL5up9k8ADQiB91UF2n7GeBfcbYIJtGhluGKK84T9g8qYSS+4Yw4F6Y2jTfUbd+3vAz18UTxkP8M2S2TAr2xee0RWW7lTEmZ2toOmCsOytPHSMGYBYg0E0enEMJg4YUe12If5S1E8qXyuhTbWBhBMRVpRtAb0mVVj56RB4RNqQrMl4yEzT44wDx3H0qIk4p34MOUyfBN7716D4t3j6tPMNn/EqxL0R1fzfzgrMNsjA3w4G9EfGjRPSrKB8hDjmvE0izZ6b+K06CxMaZamlKAgSz/xEC6cQmp6xGuw/i8IJE1c6uPMF9kelcLr3TciK2AQb7gjwm9NW5LrTmx7GqsIECVUQTXzIezab41SrnxD96yUuUdwJzzrv8Z5/jhT5WwAsPg5yxU9VmHHcC8/dF+RgU0O+YRVI6SpvWOZgDW9WZ4hXOwce80R5+IAyvBq9i2M9Bql3hBMuGP8Yj2qKwS6BSVh40p++Hkqgb0qINlc14VF5KTXGtcLtO7vJOW0pLcqUwJKTp3jTbkWqVzuL19xf0Z0khHJdAT4msRnqeo3offEQWFMTH/pTRbIXdemP2woKTomlWcdFQeHIUjRTU0LJsI14rT2BR0+aStYP3HlDyy54PTWG5/Ub0Qs9AwgXk+K/7QWgrjwVpowW4TfX5MlDJ4zf35vB+2YeZGfQgQ+HJWBanTm4Btzi5sDVhKV9lCojCA2FdRArWQAvlH+ShJ4YLtCRgZfHrvLxX1XYsm4Vql9/hK+/PMTPTyTgeeYsLskaw8bjI6j7E4AJHOH982+T27kYkLQVQPmQRRRpb8WqOI43+8nD3/Qu/HWY4e2Y0RSitgAcx7TAaXsV/C87AV48uYi/izP4XvlfjNtUjlXiqlCSnw76tQp0Z4EiZTWFYF3RNv7iUMeVchWYtOcLsnwJO9/Uh9DLyVgw0I46EsI0Zn4R9l8Ywb2WVryx3gzyIpOpJywS/6kIwp0UWzYUvMVLx73jw4tzOOeMG1x9vheeSJuRi5kzbF08GoylJ8D+Xx0c1aAPti/KUXzmW5i4MJtTxHbR1ldyUDlqJfXOVSQxHw3YfPQgfB5xil62nuftfk9xofJDOlG2lIYi2yFLbyOuqvOCmi5RqKtshHAIwgoYh+bTH/KzmNXwV14c5DrngFLWSTjucZUcL1vAhfVT8MPiqSDlG4Puvbp89kMD6Vz7izuKzvDFmnwKeHkK1ZxFYEFSIRg0/IcTv3/Asz/H4Fv1PN75vQQz8rP47QRpmnu7gH6KE6zY9Ritx+tBluwBeiz/lf78rMT1SyaQhbscjjUSJ7OvhhBdLwELxVZCmostuU58wq/C/uCmiJ/Y41zO4qqFfMnqCLVHpGO/8mjY7r0PVR1recnR3RhheY3dHvylPbaT0UHWln8L/8amPhesTZOA8qZsWGPihdXN88EhwJ3ql1/kLtdHGOqnBeFX37L1r9Xw95wZBNBL8JFoxdAzp+DO2EXopOTFX8vaKPrWHLzp4IFWnpNxpT5C3PFZHC5xB97csSf73yqcYCaBcX9qcEvsFtbK6QX5MZ78d7Up+IUuwLq2ClSrHECvltvgoNNONluO48XHQ9j7311warnPmqcFofG6Hfx0XwDVn2Ngc7A0bgoT4h6PFNA3SmJPVSUQ2SoLMx/LwNaLEZhk9g7qJAzxZsYovrfzGkh1ORFUraGaskb0CIiE90aKIGlsjoEhXVi3YRalqR+hOxpBJDq/kU93v8Yfv/NByS6eVCdNhACZLIgYNZ7TZf5gRmYAf+3Zjgp6NVR7LQg635vy8CgZvBIqAb8kbtNwUBu8/veA04xcuXDxCygrDqPjPW1oLjPABnZZeNNYCULcjUnX5xmI9RYSHv6PS0oCaJ7oP3bwb8AzB07SwuUevGrzWJh8PhZOtd1n8ekfcWB1BT528kO9o8PweP4GfD5Gi/J6J/H2BcYgsGIZ+iwV4uiyOo56eRwkn37gHt3ZvBG9edljfS52voYHHo2BvkInTv2ykQaWrqFJ3aIcofOdr1fY0WHPsSB0dzfqnH9LO8U0ASWWccfQVg4bcZ0M1jeii4gMhuw+R0Mv9aHStZIKZi3h2PkId91H85K+TPqnvBYvPMzmxW/zWbVpJ/w9kckdgWXUOKoLwjZqQvGpLph+DuHrKn2Ys/kmtDz9Q+VSckTPN5FSUgwna3TDk7tqoMRzIHx5Mr60cKOXEu+w79gUPna4lP4bJU+JrcP42Xk7egqYQOuKfZi4ooxb6iRhtswREpaMg2efNfly8AP4WeFISb4a2O82FQZ05qHO0hv8PWU5BqxXgDngCI/709hz9S2cVqPPnb5ieHOvDaQNh0FEwQTYN82ISoPc4eHjs/R6ewCYn21FNdtdsHd1Mu5xUoS29AaqXNZB+oJHOMJvMykEnaG6pg14IWGYzUOcqadXE0Q2KcCfmiXgGz2KLFXPo6RXHztYXcLhAx3ce8EVKdKIw6Lb4O4VAShIFCKOzyPJvv2o+fkLsc5BXvVrH33X2g8aP0fx7FqCE4ungF5kP2dvXI8VYR14U/4vqEVsJre6csCqZJarjIRlAkdhe4USbFnSDRnLUjHbNgGcn4rTzGXKFNKlDIJi9eRoksT6s8/gimRtuKNaBH1WW1h1pSVPtC/BiiMz4W5POc767cKfV93h9Kq7MGK2GKx/6U4vPtwmu4oovDD3BvTctsZDfSE4EJ8NyqHy5LNxORbtZUhaX4VP5j4GnVRzcHy6jrYP3+DzGlkYGJFNJp3TUXDefEwqUwFP32h8kNKJvzyn4vkD33hySxf2GYXyx7hByPv5nv6Ma0GsGQ1ex5rYO1Yfzgz30rdjr7ioezrMN2hCoz22oFQ3jGK1RjDP2Bh8XU0wX/sopvsm8YP0Io60r+EJat9BkK6h7U0hNNuRDgM1KiA07EY1czZCpU0cnPl0D73PhJDakq3U80GYfdcvgeM5vxFKtMF/yRIMfnMfHvy2QCvnRdSkdw03+WagSYYCXppjiUJNZigTrA9JM2fTiozZXPlvEegU20COeDHuWOeMJxVXwhTZcTzBZSk7eirDonUbeayIMPm+fULdN4Nh6vaD7Da/ldCvEoIll0NAiB0d3agN/67fg6qH79hg3hZoD13BA97n0Vj9NrjI1XD37GYo6dgKK88SKDbp4cCms1j9IQfPZQqS1MAmzlXTBtV7sVRqkYbfZKrRY6QK3DcThVVykVDyN4Wu39anud9VYcwTY9hRUwP169Qx/vRpbjcXhJ/zbWHPBTk+KPCPts00460V47mo+xxMkvpElXnraJ3tWnhSZAtrL20DlcMB6Dx9kK7UKqNkXypPthrg4b2AwbvO0/iLgxxwUgtGzfOHRj6GnzfMI91dW+DypQ9w5tYTXrH+LF1uGYkHZxI8zxeB0raphJEXsCa8H9sGc9Du9UWysJsFosP36JKCEmZWfqTNnRZw0II448sRWLdVhlt2j8euoAE6OkWRTZzvYT3t43lRuTi50gZqLQ/AxNsX6HavBkzkSTxJ5TjPa1zJDmtfUP4cK1gSXkS7TmkCzi3gIXd7RukD+GTxZKq1ek1ZWc/RJmgq6iU38shgGVyhaAN/BGaA9ccJfHWHNlnXVMHknRv4o+w/2vBiD404+As8hH+QTxFCXKM9hI9rwF0mIfTIrYqv6KeSQ4sxTK/QJONRvWgyZy3wH3FIeP8FvrtOxYVkyJhSylVtsWR3P47MZIpweMYBsn8cT1vttaGqq5AkZr5G8XFrYfLbUJzsvwEOy3ah1qlx/L1vD47Vvwx/qgAi9r3htCo16rzRDSUxvyjLJQgVA2bhg9s2qK4nCbcM3UjH1hh6FF7BhsKLPNm9AN1+WaH9yxtwuN+DBOM/QIh6G4WOfIWfvBgaso5A5dN7kDBXj8T6vpHW9AIu3jefvh4Qg1W2LSQ37gROiZsAoy0yQb1jBC5WseW4u5tBLLaLjS7aguxwHiebN6NfeAL7e4wB0YWHuSjgAZab9kEx7OJIFebsR8b84Z4JHM5LwWn7jCnS1RASoAb/XqxghYBczDqfivrbnbk8s4JenfmJJvuicdE+5iJlYbjiPoqg3JgEegA8PLfyr0V+YLjoJzutDWF5hUqqWyqOWrUIpsYxfPvxaBgh7Urft8hy/aNx1LFOgm3HjWebk7kY398JDtUIDu0KCLXlFOU3luynzCP/FSFkeKcTwlseEDg68XvDyRh1Tgmm9D6GzJPKZPlgD8KORVQnGEtSzUmsfNgPcNZl7rfcR7RzKvw7owMrbhfzuNPdWFGViRNr7dFbaQjU14+hzTFybPkzDxzSxOC+2guuezqe1C/IcqjOcxYNTMS17utwdtl6knW4BF8n/kT943Jw69Qt2PFxLH1/6AJzS28xnkzDHVGlfHPoAjU7z6LHw9Zks1YL/Ho8WbNEh/V3f2WTcUPwa+YdeHPvD00Y1IV1v8xRd7cIJt9juKF+l9PcXsK5i1/wxITPFCbaCmmT3PHufwe5SFwVrmmEcv1zgshBTdC+Eoqne6NI/2gcJsgnsUfUfXDVfABLosfCpbRpHCUuB7b1GjDrVzBvDQ+jpXsOQXb6FF4baQvq7wa4Kfcr+HjGYflnM8g6aEMmETLouj0DPb4/xInRMnBVVxqitAXBqz4JRNOiucXKHLbGLcFInStwesk+TJmWDEIB3fC3PwAShxaQ4mrg2ZKf6UCIFvwpOEhOi//Db3KXENqO8Jg4TQpX2ICXIq7D5D1hFFiwGWwvm4LZVFM2FlDDPS4RHNW4mWyj3mHK4gBwDszmGV9O88PoQlDv14ErV29A9BdV6OkYBMv4Jtq0p5jHn/OiG8eaSMWkk+u36VC0iCEYbI+Do4rnUP3FArrfL8mXG93A/FAaSy49hVYHfWC1ehaaNGvA4b8HaNHZTNQIO48Zxer02tASxspKsFzcAKj9WQhPJr7EkosKULGhmdowDK7McMJ+aWme/m0e19TepFmLpsApxTqMC1dnrS4deApbWaFTDMa/jwODgpXk17WIhIJmsmD+BX63KRWOTc+nosOmgKFfwHu1LjqNk4Cw19tRZM5IlC8ORRBfj04nlOBspSbk1JhDYvlWlm9upjBZH1AxfQFNakpw5n/E3YdCCIoaAOB/tDWpNK0W0V5UikjJqBCREZKIhIymFpLs0lGoKDsRRVZDaSqKREkJLTKiHfcx7pN89U9J5rwR7jyUz2ZQgbMt5SErwg8N9+fx8ahYFDkyiQ6dn8d+bz5gVfR+vurYz6sH6rH+owAYFTXDwFwh+re2lN9UtMOyHfkwODEJagZsaOhWGNdMTcfYk5ogX/SdFWeHwLP5B+HFD39+vdCNLzjp4sFyO2zdGIAfGj7xRzdLUKkdhDX3fVnJq45GhjFb1K6BRwvKQe3eVPKjdsiXzINXH7UgsCSZh2I2wVyFFXBJWIj9ihfT1DkdcEnoDi7NWot7fe6jXrU69LQ68Zf9JuT30RFDxAIhsmUhxvbepeH2s+x3djwb2JniCmkZCBq0hYJCObDc7g/lcmNhrI8APh0VR0871sK4yZbkJe5Ph43kIL+nm3/HJmL0Hl2wWNuIvi8GOeVwARkOn6PRhTE086AI3nexgpg3VnDqpSyEq2hB1JpKdBg7mafNdOHPkQLsKrQJbWpdWTtUCJSCH4DqXi+cV29PbRlvWTDaDpyUPoGcwmMUXq5FSVeyQThcHLSPmeK0qmZU8xpkG/E3aPjYEvU00ihC6TN0NZ+FusHLeC5mDDSM/4yzcv9gV3MpVcu4Q42rPBwxeMJ08hgP+umR5MwkSisxh9UfJoGbUCS3H03jnhBTlC7oxIy/ftSXIYeV28/hwS1a6BoNML7GFPI7PpGkwkZolfhMG+5cYM+fx/HE7mw6cKoXbpWpgeK+KTA+1Q0fjM2Be2824a5zlXz8zRRKUn3Pn4Q/w58ufdhRZ07Pf06HiRLqfHvKexLs38P71TU5qvIheYSdQ/uHjzkkZgxETLgKvgoGcJ4zYabCHo7cuo21I79jmtt+2Pq2BIS0Ssj9SSO1HXTE/15NhFrHKNgULkH2H1TJQTWV9tRv41rJLnxm3I9dHp95pM1IsjQ0AJF5knRGxpn6TLaiqLw7dDQrYpZmFQbWHeRFh2/A39BaEM1WhLNPTTm/eDUsyxKG58v64Gf3cl6t0YCmKbF0LWMfPnJMoAu/rOBKTQgOmYuwzyJnEKxUhO260pC/0ooLZo/FuBF1bDFdgvyKrcH+8C5Ut2DSbpiOHT1mvHp8FIcOWhGMCIZJLz1hp00Hno5AGBQXAxMHR1Jcq8Pz+uuhYu1P7k+egB3wEw6t9kRzvYccVysB1n5H6I7kC+hRW4czRN1hh8gqEjv4A1b/tIdjh1RI9II8unuKwTW9m/SmpRKVTuiRzbpvtFXoMnf77YVFDfLoWeAEpzwr4XaJIshW+tONzvn8Av7D6uoJ/DvyNzQ+ZspSuwvjO44SLq8iDxsREFxrTiXpKjDOfQrH2v9HsblHQHSvHW+XVOJ6xR6wju+DnKnmYGKxnHanmmHEka+oqesM1Udz4Px5IEPHH9Qknc5tLU9ArX8iiHXsoCM3A0moWJRGJk2jusbt7NF2jJwzrXj1qxTYfTCJVn9XBtmAPN7fuhv7G73Y/WgYK429gQ3+alB1wQPXtPxAiVXdVHFACaR6ztGk9Q2c7aLJKRcCKUTICKL8DuDm8eswR2AHuVxuwMszhUFg1jALNo6hPpExeKV4CnmsVsGxzemkVHaFen3r6e3JPopvGgN/ZKXJcFAJbY1mwCd9Y6xzb4N+vXI6ZfSPIlPSqWKPNe9PMYKQnhBO2DOblusncij54qSWJpz+RwIucw56/FLAGAUp+vFbB/yfleA8pwK22pgMal7mMGrXC6wI3MCd4xpY29+azzivRc0AE6g/tp0fFCwmz5OtmGgzHee2a+GRwUz0yc6hnCOL0PO7FRp/mQZz0mJJ98RGWOCQjjr5G1nhsQN4Hwqg1Ydk4eft25Tj842DZSbAwydhbN8wBmz0N4Nr6hacYOWFLrt1cK1gI+7orKZb+8SgtlAS5F+IUdTnvXC0vB61QxN5mYMA3iodpij3PN43SZ2iGoNw7koTEPsoww5PX3CnpjoVZT1g87vVOFqhDU/aNtOvjVL0atVXajtrDvMeK8DC/ld479N1zHS15NN5qbAm6D9+W/OBdAotOFAnBg7ljoS7fxKp69dduFfkD/vMhPjy+QoIWFxFleMF0N0zkht7TuCAqwzobjtKKyrVaXLGaOzu3Mi+awRw1omnIJx8h9OftkPSjCNknsFg1LuJYhII3S+1QIJcA4SlynGqrT0ZOQTT/dfvYXXucviaqg9rzdRhXAgTzvqKyQJ2qNB6jC/vG0sfniylhRU1PMn2AF6/bw1ru3eygLI9PA7cCxHPOyg3uo3O7XfjpY9W8wW1GF4ZuwCsp02DxwX7YYRxMwrVKNDr5hGob3QE/pwOx57tR/nZWTfcH28ABpcnQO6Zp9QqNQdW7TpCRZYrKSptL4oFbML3qxJgqetMziiJIu0MHYBDp6jpRz0W02tU8bPkVfOb8XBTP8nfNeKmqgq+H3KAb96Vh2nNymiTaItjh74hxrpy4CJN+BN2mntVxME8oA8s4jNQaKsY/Mz5gyFjjXA1SMGMrVK4bzAEvzQPUWqqOLdcP4eguRRU7I1gelASeJ3rQkufcHipXYgnBbeSSsBE6NjryL/HdOOJpckk620Cd+dLcpPNK86feBbXeciRuLQQdr2TxPvzZoPng3sYMvcsLgmyAPl/TbDm9D+626VNYhPDweFBIy7zm4Z/qypIUssMOvrn4DnBKVC69QrcOBPHTpq/QFQM+dCXEdg+MAfGHo3GJL2FWCJ3E/b/UYBRCa/gfHcolMc4QMiOXrrm4UpZLeGkvymKFPWHsXmUJAR8sYKgfVdQLNuPBlRD+HPTNpjYp0QTlizDGCkj7PO4zt4mP2isgQV0f1lFGePleXXOL3RwiiLl4hp+rppK4oZ99KZRCDNvRbDNDl2wKP7N/wJG8/tZ2iBuVs0iE2V4sfF2SnOK4X9HSznCOxpmXleEsKUuuCXhJucsvs8ui1dhSaceudzcjGe6Z7HW4WGq39wIflMmww4JNfLcRHD3yQAJZQ+Qx7yD8PbrDyh/NxkOjcjFwXHJnHJ6DMhtXcn9bgtprYgXWwfs5Nm+ezjRw41drqvwn+MhJDyvk755C8GWm9vxxmQFHvEpCX+necCG21/wr+Y9alYv54SUVGqLv0J7JHTggvgq9JD4Bge+b2I5wUWweksKz+hwptNWvij3+ACXjt4OAvuloXqLJyy3aoM7I45DyV97uipnD8efTOGROtLYM1eFrqbOgr+x1mC5+wce2xXKO5zPwM+qe2jbLgGpms0kOcof9kTZ4au8ZmjvEAGxB3f493UhOPZ8KyR87cOmRHNKsb2NPk9+0cfxraDqMBYdSoWg/OhVsmg2Z4PAJJh2YJDWqp5mmjqSTg5txRGTJ2PGj1E8+GIMeCSNw7WqEbghw51mXbgClf7vaAH1cfP686jYHkkJbofYc4I2rPpWjht3aNL2wxvINOIStUiGw/rX32CrfwuGnZLgCOvzNL/KAg76NFIK3oHQ78F8ZKEsjzSqoayVPyC66hcuWPGSv7vvomUu42Chei4nB5+g7KUOEGo1hTzXJVHXrvV4LKsdXp74iRcmaXNDpR7ME1uEquK+8Cr9FNnpjWEXzRisijIlgahl8Gh+CEUo7KG5VQQthq481+Q26Yx/jweiZ5LuKRvaVSdFFyJOgtsDA9xxI5G8v5nCnMdz6WOjOFX6DaDYxwj8dt+GIHsOnm3oAKl/Vehr34ABHtrgkbOM1q9UQ8fBRMoJOUxDp3t55dexLKz4ANdetoJ6l3nQ8UEAYvTyWD9iLbjqzoeAh/fJ0OwXvfwdSy6quWhk2wOln4O44QHCiBv59H2pAhR8+Mgh0XZgk/WHzqzrZeNTapw96SbOONTJ8jge/tteSwoe4Tgk4kKmty9RmUYPr9qcB0+Vt8HSDxJcGRIPZqwNFx2s8OyqJMjPrICVrwJJXyUaBmkTf2zYRmepkVpXqsDGthHQM6mOk3Q7OdzhAbYNFOE+wUncd/sDdelf5PCeHnCdcQIq5qvAG3lT6Lk7jT6sC6DAXEswO/gNfM/thYgN0/HVnT76eqcECyynw7KdZ0j/bhVUj5mE+8IacKLPF1655T1LNaVhxh4NahiW4rs6CjDh4CNY0PoXxv++Q9fNFEGZzuFMVid8/AwjFXNg5vZZ/G20BBRtb2AlHwkqXveWn0V30rEFc3iPpAV+GTyIt0NXYFzKCAyyMIW/dRU8uO4K9GpswnP9f3FdnxV3JB3HZeIKXBKcyIel6ujin6lwPMGV0s9NhOYbyrTaOR/aj/zjpsly/DPei3cpzoPkKDksO0TQIJpMxdrlWOe5mVZvHoTdQ+mcflqQJ/m1wECOPddZxMPlBANwXjqKSns1ITQ8iX9HtOCHXwI09DCdg+2EwfCGG0ntWw/DegJwzW8bnzqbD4PdtmQ15RdG5ZhT7O0XpLr/Eugbd/HxWi2ITpKARofpWBMZjs7jiH1WnOKIRRro57YLKx6m0IFb7bS/tQEybqvDpEIvDHc6BY/TVDE1Wh22OObQldt3cfbiDNza+ZWsUiaih5UIKJtX8vRJeeg9vIxVPT/RptNTeaPjEVoseoKNN2nwtaTVsC1fFJZk6WH8Khn+KtbJKb+8+JhHAo5UWs67PT1xY3MP92S+waEiXUjTu04zUl5DePo82L7AmftSJ2O6jwWVbwzHjustYPZ2K1+2lITZYY507mg5PPgohHG9f8hQ9T+oVS+jZ6HW9GOxJEXFFnLNR3MQ8VDFNc65YLtMH/weRKLeXgkYL5+FxrKakH+6BX1FPPi8AsGC0yE8+/sUOtVtAat2CFN5XzJcMyyhxgsdpFKwhEUVyyhHXwMevazAF5NHkT+tpkwtR5Ltn0rrtzDpVFuyvbA4KZaqkLaYPOya5ou50TNI6fNp3np1FK0IE4JHx9NAbZkeJp+9w0v7V2HiOw1YtGcW2F+8R+GtQzDnXSZllElgkGgJ9h4xhaKAIZJzd6dZJ0whPe8KuJAQ1ZneQ4mjC6lX1IH7582BgC9xkBX4mFtG9FHpKEl4b+1LPQVncalzFM6/UIXaeXZwS6EMXvUU05Vn9vB861vMXjISgsd480aPI6T05gsfn2GBH5Vt0UpjP8jgdND89hmlhcX4ha0GHJiUydPzftHjuaMp5NUW7K5qROs7WvTE14tdxvpTpPoCSEoTBc+eVdA9KQVuaWpxufQ9POqazZ/rp/DJl6qw6Xcs5x3oAtdsJThRUMb1zrPosaM+fhzeTgPyNdT17Ti/8pIEKftFJCJ7g4tDpsLYc42QpjEd3nR7k8SiCox0TcJSH3foKJpBJXIv+fK4UNTJmA5Kc56jckAYBRx9icHT7lDj5ulwIOU79e26xnpXz/DOP8ak/E0JREq+cvw/aVr3Rpm/rXckX8OFPMLgE05VyqKFf9dD2Bek4WXicDwyFN+0+fKWoRpYbXESzjUvhJrnF8h+qwae8bsJB3cbo8RoUfgy6RR+KFfBOJID/5CbZP3ajxK/NkCx4TmqaH6HuwyT4d9kNQgvLWdoPI8wsxHVSvQ5vf0VXb0QBx+/fsbvyyzJWPMkrN2rAH/trFlnhR322HXBLtTHgt5mnpH9hQ7HxaJG6Ff4Y6jFoTI6sMRKCbaJvyE6X0n+1r9J8Lk5z4o8z4FR79kg+SF7ZC5n2ZmCcKC3gCXkNsGiKUdZbYIA6H47SC895+DmNx85bu1obEuVg1EC1mDQ9gUvLevBMXV7oftHH25VlsZmj0wWTuhHhbfFFDlxGY28xdAn8x2eVfngIXcfnrpCl8RyVHh7jyR0v12HTT5r6HK1MFuRHgRN1eJ4tyl0JNeRfYSUsNzJktQWm1N33TH8E4N8eGwm/J45Hs6faINDAkbQuuYdZlp84FFjLWk5HAHlDFlcvGwcLfnujRoDsnDbYielzXHnoqnOMPNDIr74FwzDzWGc4fURVSPyqdf/KifwZGiK/03apUNgcGot6UiEcubDHtpz4icoz1+B8ZPK4fLcWXDH1BQ841J5Rr4YTN8TiecO/AIT4YXkufUzbtg9E9/rxmFM12VcN1EA9pErr/7VBQ94NBmBNt4odkTlIA2qVgsmo2eF1BUPaPMOQaMhEKKGhFFcYDQts5pCjgPd4PBOk6cNnKHadAcaM+40jo+bBiO1n1LjgX5+bJfBPtLJaCr4DsYrnmBh0flYYbkZZ74VgpXb5UHOwYDbF/lhF5dSmUUAHFk2hnRlA3h8pRGMPfYWkm+V0ob1lmDe7Q812rLQ9WE7Hbtnh8Euv+m/0UZ480U3PtAfx7Fhz+h6rSJ88i7B+MIRVOs7CpSWLMOwMMJlDVXw30cbHNhSTpvX6MOtSnHYaPOIex5a49STxlwS3AGjz0eCQeBbTiwZJpcLk0lwVj4knpYF0x9GrJg3DvwVWnm+2CdYvr8eXYO0UeXDdLo0rw53qZfRLcMxUL+/nAv+foIL6aaYYG4PDonBlJlngEqduawu/IVvvzmNWhOFwd72L/vLFMAh74dYdisJDcPvwDmBe+Dltx2Djk6gnzvdkX9MAleva7RyYwMOjyhBYfkyAsM6GCyLpGt3gnj2A2Y9v+2YnSoBhcalmJH8l/yGPHif4HraO2EEGroo49bbkbD8UCe1Jm+iVw9FwNnCnPvv7YXhxFaSntKBGaJj2NPdmRtfuPGOqoX4rPg91HrJgsKGR2zx8BLXrVYEk5uXoeHEPvZw66fveqsh71kLhX+JwW0XTWDv8E08mp7PysFjYNTafeyWtpOWbjMn7eJ++kM21FnXAM2iivBr/zNIWn8MM93TabhoFNYoi5L2Uxd4+OEtDt0YT/HCD+hGmC4cHutGf8Jd8MfOJ/j7ghbPuHGEpISesvfHIswLn0U1r2w4MkEKimUOYePbPHa4moLHiz7TaJtkvlYaQioS/4HlQjUqeKtNvsJSMGpGDo9YMB9eOgXAM9MkSvFLgy4FR+rSDOCemGY6ZabCAfsFYaPVKo7ekUsp79ZjjEgSXBU6DW+3FGD9+XuoonODYsd4UbEGgHueJs4UEqX7i1pJ7vsB/Hd6IVVlD/Dfe6U8es4qiFUpQSNJAbDp+cFnd5TRVX9n6r18BC9Ez6LSOHOsSFTEov4KuP6qmxvdGPj4RLpZnAjW9YuJ57zjkxIOdCu/FO7eP0I3DFt4lY08FVoLwb4HH2DAJImWa4fT3xXj6G3Pe/iXPEhbl5iQuEwBPnJsA+EgLdBWV4RHh29SxeJdcNO7Choi46mgfzsesn8O2cbTAfek8tw6KXD+epmN/Lth9n+r8LyTLyY//8tD62NASsuFam0+Y/JZJzx7QgSCwvIhps4ascWFCh7q4pqu3bDf4xnOyh0AUzlpfpcdTaGzNYGtiM31TdAzpQre10mj6vf16C2zkrpPxrLumnn8POIpf/42AVIO9rK07FKar7yGrH2eQ+tiPQjoaaV6/7nQYtoJC/I/0vXdU6H+mio6mNjx1Cnz0EI2EZw1nKHnzFe4XFRCc/9cwZb82xA3LAAft4wk4yN3QCq6CobTNvJrhVS8MxLYfmEuHqgIJvOzHvjyqAR0OxO61x9j/c1T+dflk7T+01HQSf2C6Xc66W1rPt3ZVYYmdkqgTfepbGEGFZiGwkDvAZA46QpiJo+4VD2ZBk/lofPDVupyl4LZpQMUpuPBm4fTWUFQEOfcsqXhVFN49HohPbj9F/1sRHjFmYlgtTKWVK/1Uu0kH1gqI4PP117Dbp2nUCg+inaXruMrpWEwJd8ahO+Y4ZOzG2heZDS+clTCCdMSaXf1biiQEcI7N/ug9qYRGz1TgclJ8Zj+9TJoFY7jLemES8zzIMQrnue7XOdfVYthjUsfyVWpQdkrHzb4eZ+KghV5xYLxYLGynXcdfkDF9xp41sBCcpQRx9CvAhBVto4dxjP/sI3G59YaGL90iL1Fc/jZ4iNkNdWSX0gnwo2hKbDkSDP4jfPlc5nq5Bg+hpL2LSWnl1Vs4LCYjlaLgO3Ka/TfDAM4UqhIQ8uXUIT+WZz61JaV06dC1ofvvEWrkAfi7Oj48TTIOCoIfV+yeMlIcRzd94gah1/yE7uJ9G/bAFkeqOXxmstg3dJ5NC0dwKagH6dRGznEb6M5o0aw4Y5ojv/7jo+sHILFyuW8f40U/BU1hPKHdVy20ZHDP5/Drv924uS53nTkoiRre1/CC6onof9aCqyy1IBxHzfS29wHuE7JA6rdhsHkWj6aVZXyl13HaF1WDTmZOoPld3E4uvorP+Ft9B9E0M/kCPglvQUU9PXhu8NXvpQlAfZnruNacWvonPyTVtzwxKoF0bCh4Co9ZjHY66CDe83Kae75G0zt2iR8YzJMtSYefDCGrNgfNtTNhlSJvVi+byS4S7aSdH4ZeK0+TDvkJCBKWQNH2ZuRW5Y+uQQchm/ryvjUfg8M/aXNGXmXafQ/gDWvCXq2G9G+yx84e4w1dfZkw1V5QyoJkGbNUe58TcOQp27/A5k3tUEIHtK61lI2e2yJTw5+BcE18+hilRbNqiHyDNqGTyVWkOpHdVg98w/v3HIUS7+a0r27lRDichtdl97CgJHLYLFLH03pl+KDrzVBM8mKo6SvUotrASp13ab9Z+3g6j4hGDXblP+UT8Nm+aWY80gEus1mwAf5txi/voXidxyFdVsKqVx6KSxXX8kHLH/j3JAJEOWsCcdX24PrkB1vrxiim/7tuNi/lx1N08jmqhWdbS+juDQ7NrFWgOtbwkHynj6Gp32gb07Xcf21ZPrv3Ul6L5wCZk6jaPCxGrau0YUxX53wpt1VsikQBsmOQhy8OwI2zUqG7PY73PHzLP2sEcOuJISTgxfxYdEsMrr8H/xSasPnw4Ncx76olToRHu4vwAWuBqxuNw2+Cfph7JkULk1S4I0bi2FJvjtLmpnR9H2q+NUvF6xstfFVrAQUyi7n/V1RULd1L6wy9oXJMxz4RWUWTk9bzBd7D0Njdgbc6hOHOFkrOnRzLfddeU9PBVrIb20nLhKRJotRy9m5IJJD7fpQw8cC7ui+RrdQM54Re4YkRH/zx/RupAW57JDymB8kOlLsWBViVTFo8tbiJZf/omBmL6spq7DUPj3OUq6D2/kN9MO2DeJGLMSf4xQhv+cZ9kvdZFGxXVzfuwl1VOPIvn4t1+eY8ft38uQsG0/b/unBf6EL6IfBbb79GtBg6QDflqmiLxuFMEm7BBa9OMtKJ/P5lLgFNNVNw5XBvZjsvAJbst+x7cwnGO9Tgcu97/I6wfu4wV0HB84ZQvRxHYz7XknyDjU80XURp/+KA5GlE0i20xuzAkVQ4NN/HP5RBjpyzGm03Rma5L4e9ydW4cecVO5JKia5nVlY6Z+CrZGfyd9JFWZlHuI7qWZYncLo8FwDZSf8JHP7jbC1xAR3H9ICifqTMHGZCoxLC8Jr/9nywQo/TGivI9epERwWvwWdVhTywqjPvFa+hbb7qsLD5l14TeQZW0Yo0bT1n/HS43426NHiuvNJFPe5HXe6S1LNWHOY3j6SdIud8WfXQUDfLFixcisKyLpjTLMWNqclsU7oTdj20BjcjQ/imntHoKzxEN87cwb/fqzDzOYITJX7B+8uNWDKJ3n8vF8NlgxP4H2tZ1neFunmYXdW32xLwmWxaDTGD40qpMDDMRw/JKtAp44sqNU3Q3baDz6VXAf2FAjbVtfw3rJsuN/vwUIXR9AkmRFgnvQWvu+YzJvUN9Ab314ykNWiwjuXWaonHv/bK8unhBzg6IA6bJ8WyGGLx1Pg6vX89mUM7PtUTK7y0/nEwRLuEbiEzf4Z6H1HBprqW6BxmxysrNQjkXApWM25rLhWiit9imhw6yAeWL+SlgeNh31OXRD1tgbueoynK2+MeYqkJ2RfHMFq/jtpxbwPKB82ihegIty4+AiSHq5D1dhteOjLbHy4PJUGszyxMP4+NRvm0dLONN69UgxOOSxnx08XoWaNL5jmjgQ7q8eEMsN0b/wwa/T7crCLLjeumAzTtvhBsVwETf46iiZ9PcXrN+XzmKDNsOGaNNt/+Ii1g+LsN3UkfNj4lKZdnMv05zFMcGmn2ueSUGGlB6n7kqnRLhjGpg9DU7AoLHO0BREJO7jS4krj3UW4Y+Yiul/7CgOfpINw2md4v0SEI3tMQc2mlBwig2DL/NFwb+xqshY8D5XSdvTjrC3ptd7hyfGLWXijKOxM/IHymw5hVcEX+uNrhRtOn0W3JcaQldFD++tt+ELQY36KKjBvxxMaubadpNUNeeT+E+AjMhpObshC8TR9fCJ2gTq13rLgbGNYYe5EbVua6VFzNm2IC+WzH4fx8E5P9j92mGYecWBzQR2892w0fJ7NfGr2DmpaPoPO1S2jJpP5UKcxH94nbAbBqc8gSKuGymeZwUPhXvwsqwM3rRdg2MA30ijxp4sGbTS/uQiC8lr54W5TstBhMJDbh1+0DmK+2ApMX20H1lP0cMGIXtoyphBu5DaCyJ5iVg/VAvmgEqgsj6T51XZ4yVAdTZ5PxBq53VCzUh67V/TTmvpn/LTEADxfGuNOyxxsqhlF5suE0VJsD6Y8fYEya8aC6OReOie2gp4/MgCbvg6qulIDNT2tXLvpOW0LBBgjH84TD+egJhbRjpKDXOhlBIaq9eDkEU4L3iazl245y6T4QQIIYNSMOO4u38Eyall0T1kMMgp7IN1DANPGrOMFmwxg3KF8ONgbjet/lpLTlb0U55EJNwNGQ0LqIug/7MEbdQ1pgdQGPvxzOc5vnM8bpzxh+HAYHBrsUfK+ObR3PwavxfJU72ZM+Q8OgrHFSZpc/BOKvCLJx0UYPV48g87PoyDx+xJ65daMWlZ9mAR9oBETDyOUT3JCphl6ngtlqdYc/FMi+X/zf+ceNwQBVyE+dewiFhw2g87BLaSVa0sTp41DrWZXMHxXjHZhCnBAKwjEHhfwEociiP7BcEPmHQl+KYXoQVV4FOoPrbOL4Y/cGHj/7hmwyRIIuBUALm+Pou/i9yQ08JFs9Vs5RN8IT7i8BYMSWRBqfkypyZa4NvgMuMc54u3EAGjrFOQ3SoUkqPoHBTfG0GpdXbAfIYLjKmRJWnMbbitbCWueO6BeqClENCnjrczTLK7qSBf9NGHFs2Gsz9lMQiqTUEXLiz+saiLnu0vpTJYNvZ+WAsLXhUhCWx0+Kp2hoCI9CozQxLW7l1L7flO4474Nwu09SEduFRv+rISDwQRtbQWkMMuLLmfnYdd3oGmvOvjHphW0xWIN3TbL5vj25TTf3RIc1MvxqrsDRGjvIhPNDXBBxIMrOvWhpF2LO19vZqn5sVgnPg1yWh7Brh/ZMOAXyX6izjhnwmNSet8OpdpSdOCcBHSsrefmLoSV3Z2oeeoYqqmKgvn9cfA0/yU53I8HY6Pv/Ko7nYwDZPjqdhNwOZiKR5VaYdO4k/BgWyIfHIigpvfWTJnluP36NVCoCMfvZXogO+EuegQd5gtrN+PCtqnoETwC8lLyacSiThSOegmPh5phtOp4eGW+Cab8l8L3TSaT8pW77N1zHkJaTPDC1R+w484MTsydz2+TTOFy82c4usAKfnlcp1Ua66nzQB36zd0P4tu0qHHOdSy3TWXNIwxCgQJwW0qJ5km24nC6LGqo3OcDqmY017Oa1tT/g0Pdw5hhR3BT/ifINuzHy9nOkBm9i9/rf8GlI55CzdcwePqqmGq+f4Hr2YJgI7cB2uMLaMYnLZpUfozGX7nKVIa4y6cB7w+dx9ACN7ylbQlBZ2whcsZ/eHFbFp0TSoLRa8PZdmI2bJilyb9WfQZ0iKSZMePhdd4o/G02gi2+JVHKjjg+FrcI9s4FnBgszkBiVF+0CV7KSUEIV9KTMYvw18gE/KKlz0WLTqP5j1uA6fNhfMBLXBX9gTc1qMC4afvwY/lYtEgawfPXyJDsVF1c+eI2qZRmYc6NaDr3S53rmszgv199eMK5gEd8loPOgPXoM+op7FwQQfNKDbDUbi/uuRxE7hbjITZmM4hYb2Hfhnqcu/MTufwohYaiCdyuUMcPVMOoVCkdffqE4NUsd4gddZWc/FQhI7KcXVeYw81CT2rQkOB7CW1k1vyWtapkIai+Dzr8L/G0Da6Ucv4dHGzRQHmxONp/whYvrTsOR46Vw+hTclCZG4h27t/wpdMMunRxChhUXqU6NX2qtQ6HdXOH6W/gBFKbrwXyUSNAu7kI7dr20s47+TjzmSw4uuXBbrvREFxwAhbp7abjbkawZ6EPHw3/xqZRTnjfX5TWJBhDlsYkXv3HBgdmxOE5nSq4OTQRjCZKs3SgKqf3m8D0G1X05P1EZt5H5okKZNm3Ho4qCNENSVlQjl0B7tZJPH2+IMbfteHy5KscdKKFfugdoJJzbmiRvJBHRk2BPc8FOcO4mJ7sKqELYmPxi+1kSC2qhgWbVfHTB1+oGH+dJu4fDyJ+PvzQ5A89euzJ8XHXaZNNJSnuPk6iTdE48vJr/p59moUdpsN/IV1806qVnHSUKWvXUYpRfkk9JzShM+ASCFwYxQJqC9C3VR/S6Df43rXFeAFt+PPnMx7JHKKbN/7yvcP/MGxQC0NmLAP4OAamtHngxvxueLFWjnbsngVPDRP5xbZ2KGxwgSoRNXIzmYKrFowAz99FVJ1ez01ejRwtWgEe2zMx2L0LMs6HY5r9StKIzWfrN9NhbNVlvLY7A8Kqb0HHT0n+++UPpt8botB1e8lWA9lhxU6ufS8LJVcDUU/LgLozrNH5VTgrr07C5+/2cWljEn2UM4fBm76o8WIyXHxpjwOWc+Dd90dUu8aBs75fY0t5cWjxmwedGRcxQbWaJjwVBp/EHxScZ0bzw0/xhZov7JBwC7uuN8DoggTQCLrNxnulYbBQCipZEzr+puCq48vYNTKKPA2ecN2i6ZSoVkvyAtdI79cyXKpvAeuvTeGxMbN54em1eGLTPB7+WQ7qA/+wd9sW3ixiDz+qs3jXijEgYuBDu0fMoYfrQvnc90zO+F3CTwuewErfUGzwnc5WOy9R2WJxEJGyQnXvYhCb6khdHjq4750ChizeD57h0/jQmwRuWd4B6oOWoJJ8kV5M1YEZc6r4S9wj/rvmAPzp2wyaBZpsL1MGY7eFsF7aBCgQreVZmZqwOMGJ9Rrm4aF//8A9w43qKwXAo3kvtLy8At4GktBQFQhb9etZbbY8St19QKq3dWl1xXouEc+hkWLZGBAmgektirDk/UjsVDWjxZZFGJbWTU3vBPDYeg1S1XyOT3dsR+muPTj5pTacHqzHw7aVaNrlQjrHZtOe7kB4kfyanXgIHkyMpB/hu7BQVwSmnAom04JuLtqUBd2x7zirOwNvXmpnNd4Ii75msOTyXlhYgWBp/J7FPk8HtdBGbtO+ApprYzF0szPIfPZm7b2/2NZJCev/swJasATv/noM5leqwMj/KJVXGtF6by+OWdQNIwt9UW+PO2mG6sGy3HQ0yxlm60JxXCmZjB2+5zjyqj2sHHwLsfOrsDw2gVddNwe3AQuqCZ6EUz89gZQKOfh3Uox+jvTmDfiZ+03uwc7ff+hXlhxE7pDj6UGPwfhbPtctjAaQnUWWn2XI4G8DbNtTiftO9eAJK2O431sHFzJO487u1+A6U5BEFkihuXEfTLd5S8OZYax23hxDa5VB1q4U3MLaUEH/C3Yn94CR3wA6alnyuUw73Hb4GuRXxvL7ZmnIu5TPgkYCVF6aitskenBJ6EdeECOBr9t+0JyKJLL/NMC5VyfC0fxIShlegj01Z2BJoCj1iafhcXHinxfq8FiADaV0F3HGumnw6X4r+TYuAPUxAyjrW4tPwlph6rl68qyxpgMeHSS68jPZzxSCNeo13JL+j+/MvMxeA3JgcCKMEuv9ULM9HEQiNtB641cUI2AG5i/e4sEIP3y5r4MddDRozU5pcCgMoz01VvAkLhGnlgoyiQtCatAoinNL5Oq1Byi+PB9+/cglW1NTdE6YwlF/PkHW1nAcNVMAsnVcKW/hPzRXvAWmXWksXaJLvx4ugr8JBF+c87BK1xHyr6vB1lsaFDypidtTfSDxjBclnNvNLT7WZCHUydXTK+BmbzR+2qwNzbuSOaXjPVk4l4HnquuoV7SRhKQM8e+x9fRFV4csR6qwyYkRsFGlmj7u0YYzx/rZ89sc3mNgiwrBbdxeZg62p5pgzkNXODTHBFKqNmPcWW+Yua4GTOwXolrUKco/Vo4OV1rhfc40VB+/i+zqpUG7Yz3ktDWhiJwbGZe/IfE6PTrorAfnxjhQqVM2BcgJwY3/JGGVmCEEug7Cx4QCuBQdx0YTWslowRCse62MIq3zefcHSUoTFwShtCI0PfKXtR4tZ+Xbb+Hn1SAUXPwewsKMaXWaLC2JMofTtRqwZd5RnmQtiBmObZSsW0gR+sfR8KIdzLCvgrzqgzArKxeeu1tBdPUmOnDqCwWXT+GXnnPw0PEjJCLpRHc+p8J50xJYNUqMbpWbw9diL5Ab3AOb/jrgpKsPWXb/D/7XpQYiH0TRsugnwujPkGShD+2H/1FkRCNEJdnCZdE7vPDea/4aWYm6QlPp11A6LJPShXHJYyFktCfOLbaFDeVtMFd+IThn1YGU7Cw8+ayLH385Sp6vN5HylglQ65nB62bf5gX7DOnLYieAQzoY+VcYxaT7eOi+B87eWsm6DvqQ7fIXVey84MfWYTI/m0UpkxA2CCzng957IcfzPdxbt4Ky3A2gXzOXLF7fgvdjsjC2fxPXmGrQuaBs/LpVjv9WOmJGShd95skQWrSGReeZ4fhPPWTsHsL1ji/g05eXoNYtzuJ1ivQz8yvODZIE2Sm6INvtTA2dknykp5wyMpWg87Qh9jSXgsrObzj+WR8N3pwC0np6EPjWk77quFL2Sy/K2nuK+yYo4MmWg1gj+Q2sm9xgs6sy/IxeSUdcJnKngzd3eCuR/QZpOjuhFz5O2cBeD9PZ55A3zWjVh/X7roFPVR7+nf8P2maL4oCvDVy8d4wjzsljutEV3qtuBKAIsNlpOQxm3+QK4ZUY+7oejFfm8+1PeWQ9eBw7/1WieZgOTC+WgUcLl0Du3QRa9GcB/apW5oGsl2T+PphnPpuL17PCyGrxDahdrgPOI7Zx0P0WTLoxjS50V8Pesl72kz1OE6a+QNuQK9D9Rxx+mE2Bfb9us80xF+w7MQeUa17jd9vr2JkG0BlVC9/faVDdq7UwfZ0wVA3thic5l9kybi2MnTiJ7J8Bq25YSRImC7CszgULOwbAQF8GDjiV8Yk75XjlRgfVbl9Fcy6LwEq9GJizIQJfl41Gu4yHoK0jCgc32dPeki4qvxtITa5lHDB8lk6ukMa0w5P5tLc2Dm39hvNMzcDm33nasdyAxHLng9y7OupvdwLlzg44ZjaJReIrecXoz1T1SQfENOtI6PpZzBBMYZvrx2FAUAmbBKdyZuwH+BHkBfrGthztJQSRQ6dp7fIGuKB4CQLiqzA2YhtoRbag7Ic4DK03xXd7grBq2ApejzfA0twZ6KZxkzv3xZJp3AheP9sIRe89od+HZ+LHv8o8eFsEsj6dp9u+HvSoU4888iR5ttl8uqj/BPIej+LlRsGgFnYQrZZqQUj/AjAVuY0bvQPx9JVslu8V58Saf0g1a+DB9++UYZTDEhEScEn4K5xe0AyL/jsEC2XEaPTOPdyZ1MIbzGw5LE4BR2okU2XVRMhPesPVdbKsd0afetxDWe34LW7adwnOlZyCmbfO8hpZfWQlQYifKocJJyPhq/0QH/O7xnfvHcb98yzoXtUSnFDey65drXwyfRxM1riHzsffQ8yfdpYpTKDJcldp85P/YPknxOpXYpyflAhdkpPgVMdm0r3oCgdCleD4DVMom+4IX0MnkWqlOnbvP09tYZfoU8kk+J6phJGhImhxMA39inV51gMD8jnqAC6vqyD1WA2dNY/mVwKW4N+Wy9fl1+Kzp9mI49pYdc8iTjUoI5M3AzwvxBOecjWE/9UHktbBD+/OgULIIAdzAfTOGY16C9uxWroZ9+UQqvrvxT+pgnBjjRGeeBBH81x+ssBGBZqWHAgnDa1R98FO8B2RxvPFdWhOoS44LS3GmEkSsHLHO9yilAzjo3ZQYs1bXFFwF1MtBLnNfAH+W6ANTR8WoeSxSLbxnU8lb+9wm3ALH6neCDGzy5nnn+Rvxa3UXTYOzj51AsXF38hgyUkQzCzCxKJiiii6g1GuK3BY/wNuG7an9NsToVzBGpecDsOjE1bjwcZbtCn9Pfj1TsVtIY441iePdBtlsFpSFnJVXvDrp5vo584J5OFXhj8+aaOc4V5Uv5LLQWMfgGXcLxrXPhkeFZ5lo8hmGD3uACiJ7qYp6wrhsEQ4SuS+5phDwygv1IGKYqbQ37EAXn9NoVlP1+IZtW2ge82Uzp0oRLun40A90gt25DlQzmNxUJ1Qg1lCubyl6SebGPSQqWQNaejfhte7syCMJ9D+I4q8L0cG7G7FU/r7b6hUJw1n8u3pWXguR51RR79lO/HS/C64VDsDa53EoSFmAnsdW8xBr95RBImQQsMf2nx7A2i9bKNFKSmkFfMATw9qQeT6t/ivfQMs7l9Eyzt7eftjXTw1cjRuPV0C85ymstYTpGAdaegSGMUJJy/x+s1FeCXUk28biNPZUXV83SkBXkkvJvWnwTT703gweh2JvY8LqHFfH4z/foW0HmaR6rdAMrWazvc2meDtIz788eNI2DBvG6vYRePOqCyUspyP1komkCPbjVZdO2jaYAat7k3A9FtSYBM7hc/u8qZacQVItlmKs0684x/f7/Ii80s445A2bDLZCeO3iMOD1O+U570Ujf/Es4/zDkgMiAEpy14sAzvyEzJFgXlujK6akD15DS20GU+OQwE8c8MsKGzW4ImWmyDz+wpwvPiakhXKuDxOCKIddpJ4zl1uOF8Nkw5mgHC/KNTGPEeXYHPwuOPCBdU7uTGDYWe4P/ud+QojFhL7uavjrtDP+K/SATdWq1PKlAvQdcYMjtWqwPXpNZSkth2uxsXQ0OJeEo/yw8DL+9i3mjj61lFonHEAiv5OhPfy09HCfzbF/ROEEQm2fLN4BbS+jeEKS2d6eHks7pGVoN65E+DtjHL2MctG44y1INGkzB2jI8Hn/g1eMdadcMxHnupazN6FRvDvUxXMO3sDL5gHw4fJ/dxnYoNjLz0jh+AmPGpohFvK4mBSoCaMf6xP/ePWg5pEP29cUgVzTyjT1u8NYJKahX15CvzG+xg8TLWC07lDUDRBGd/dzSCznYI0M60XO6sMObjdDW1MlvGbv8241F0Elt+5gLLNb3BNhwpdHxSmU10z+dw1YXTd5cMJh//BqfRPrPBFEsakjMK7W37jokDAlwlW/Gn+WTT9uoZKG1+QwsVydN31Dxcr64PspG/oLzyHg9wMcKKZN93/1EuLTguyQulz0lDPBUd9b3wBCvD0RwnKpclj1MsQ3io6Fj4n/YVr6Z0Y7NDHVYHBMGaPJmSEGcJswTgumnUbV6snklzfAfhGY2HSQD0oPUVcp7YMFEb85uIsA1AcPEI77l7ACfHV6BWOcPS/j9DzdhvcMHmHUsf/QkdNIccrmwEfP42n/TdCTYsjKsqVYsTNTDyQOIGecRXYHnDkOVkqmBSvDn7SXfBB/QMrdH7EPw8XwBy9CIo59R3m7++iJ3diyGboGih4C4Hd6jDWi0A8nuoDoZoJcLA5gdaVzeHO1c84cMwTumCxjDIWasLnbQ28MaOeww7OowCPQV49NwgSX48DqY5wuF+tRz7z5vDvemFQ4p/Yt90Ujwdsgo1mr9lA4SHIjHvI3vOH8FHFLJxx5gBc+DEWJPY5cdWRebzAupuqR5/gJltzvnytmyd92waWby6Cc4cTVs+aDmXTX5Gr7BacG+xChnNccGpoEC9fN5oSpnjg6Zl/sF9LljcJj4Sik0PU6ioLSQbT+NiBX7AdbHl4Qy2K1K3iA5FbIHvGOFjuqg73D9/l4LwBqKhz537hRtKKHcJiyVEUpruFZj66SzPPtcKaVZNB/swg/8tYQpuFTsAlyT141VmGzMec5CMG5dTq9JsnrPeg4DAD2K39EMe+eojPK36ziqk0zF7oT/J5faz1XZTrfRNIZ9xdxiZjqFPawm2mJRiz8A8FxM1Ab6taGH1mMt8L1OGnknns1rAbrdqmQP3UM5AAVdRzvJtcvjZhz95FVKHylHw9V3NfnC35ae6gpiVjoSDNjVqP9LGDcymGG8/Gmhcbuet6Ig0ZjMKrihdIfVYb4gkDKP0vCXc+UCL/T7IUc2khCsvLgGn0bJx6ZxbV6qWxjkoh3dJUhFTz17DlUTJVzJeAdNvFpCo3wFvGLMJfY6Qpq2crzNnYDGteAOgXDZDrrhB4mZsPYUuDqGmMNyWV3oMh060QqhcI46olqHylKsw0fkUni83hqk8yLQl5Tl6OjyBK6RFcrHQiPxkjUHz7lW9+MgK59x/YMk4QZ47sxJF96TBxvzhkJrlhgY0nzwwgLrnqwjKv5WFSxQOeZ/qcB280kYfKIWzIHeBxB2Kw2SsNZihMYy+rIsqaoQuCDqEI0gH89kk8qc5OoBd+CL9tDcGrqZVPPLEF7a5ifLpLEPTmeyJ+jqdxN19jYugbvCtgRK+Tx2CuvRv5ib2H2os/KG2CCdzwUuP1035AQW8WHRMwBH2nXziy5S12XRqFN17NwaWXz0OT4RSYF3cTMoOaQSHxHw0HbeWIMiM88b0Cj3QP4MwsWfKL72FXc2HoOCCP9m57sWWBME8//IRCrvwC58nyZKHXD3XhNgQ/rKg6UwHEe8Px8hJDjs2bg8dS/vIJvY0krDWH1M6/QZOhGKpbV4jG+/ThdY8EKU6ZAY25AXRwOcC8v820sKmWNCxDKLEiE80WqrPTFxkQCHQBc/F94DzbFr6N7IWJmMfvHW7jVHcpupgzDWJmpOPt1xJwf9Z9Dpj7EFfk5fD1iFlsfegMfnGIJhHnn3wppoZ/m+/ChtkAhQuHsfb+Wb6+9yieE1Ili08FfEz8BI598Ax39l2l8xEeOH63BbRtlEcThUnovd8dDvy7AjXn5als83iuVP7CAm5FeDFxH5s/14N1Xso8Iv0m/5z9FZ8GiuNOo5loatsDBZWj4JdMCZ4+7AczHhDExGzhzR1yIGTny6G7NtCYDTI0WvozN917yJ/mNYIwl6DlBhm4eNkCToYSdw71oXz3KHZf0QlpSY/B1qAd/MVfcSvk8JrCseA4dwNeT5rFri2PySEkFRZNiEDzVWdxzcoErLFdy/dLi/n0EkHQ3jWBZu8/Dz4uq0k5VoWXtv3jjgWxXOI6Hadf6eSKaxGobKYJDdITqCJzFUyd2sSbdaSpdcV7DO9QBDfx73htOAY8nITJc4oGnB53gfutAEPfn+cRYdH023oHn+fDpOi9B7R/J8Lzj9/pv4AxIGo1yINDn8DxdzFN12/EhzNDybMji9vmCWFKqT4P2hWTS60cnF/bg5sfHiJFRyX2ue6MWzXcOU72LvuH1LGGghu2THqEa/xFwL/xFVyc9oXWSY3C200/2WfROmrW0sT6EQt587xWNL0mj/sLFUHQzp9bJxwCUdMVTLO2Q967OTBd6C1oOutSXZMrtF6q4geB2rBEIhNv5Fxl5XJ3HK33gdosNuKMjE5QFIrhF+vPcYv3ctDI0wKx5CYceekAKkzJJgUvGT5+7QQNfdPAzvzXOJLFqD0Eca29HgwlfsVtp2eh8fk/fL9dDsycZ+D8gUb0r4jjcV5zULdXEFJWakKh4Wl2mDKJUx5F0XHTN2ggUMS73VOpNaoVx42uxRGTL0L+cmG4U9IJ7WIBkLnmBAle78ak/yJomoko5F7YQF22eiRyLQ1Cs+Thpk8h2O8ORkFJG9jeIc0uxhGUJ1mNu6eu4zdrndHbcgt8Wy4P7bn/4bflcRS9/w0mfu2niTrt/GzpdVbzDcVEIzOKnnEXTs+XAPL4Ag//RwB8AISAQAEA/aOtNK3SLu0t7WSUUaKoiIyISoOM0tAgUURERqGQ0BmRUBqSPUJJSqWkIpUkItzzWc96h9eztKUCHMkGfrBzP7oNb+XWjKV0bftFVCFjWCAcCYZxp3C97BuaUJHLz5aG449SaRAT66bTr9fQ1U0+8GaePgztVqHmcWOwcmEr2jos47LsQLSQFmTrbVro3PWJFIwb6c9JAXj08jDkWM6Gxx/9edvBHrrxdya2XgAM2T3MSrn78Deb8fj9+iBRD3xTcS33dpay1Gwfuq9rS88OMA8f/sofR8/Hv+vG4wYRTYhrrkD7oO0s9fAUtX7eBlXZ7/lSyjMa69yK497f4CeNYRh6whA61L/Ag959/NhTmGVGzuQ1HIZj5CIw7L84uK33GnsHrsBIUWkQjMzlhE3JvCA0lL5GDaNWcDqWxBzjuIgnJLlcH5YXCeHF1AmgI+MBK3wb6e+Pw6A7Mpe9j+9huTFXSCAli/6EVZOezGc6sMAaBuMl8GGSAJ26co7CYm7TxEcdNODwHfblRLLvTQGM9n7J78tUIGP3eLg+wxtKNH7ASO9BLrKup6+fhVnP6g/0pIfQcYPTbNc9FhbeD6aJM8RB7MFFnvQxigpFWihWTwqmlY3mFn1Tsqn4ycHGWrBSsJaFTn7H0ZqaeG1wAmS/vArK/6Too+BFPty9HaSP6+Pk86qwKWMnq9jcJN+hJLCYO4Zq5B6hoF8keNu+wbZOX/QIf8b7fWzB1DIHJPJO4SWrXBAM+Y7zpxSRGQ7QrU9GtOWjIjZ+eoUKktJgvFKEvmy8RK6emZz5RxAcnUXpw58IkhC9Q7xPirycz1LGeAHQudmFD41e8J2kLbz21xTadDKEXpqv4t9BLpQZ2c+rVZy5eFAY3NMieV1jNsXeC6MlfmPox7GJFG1jQGs/JPMZ+Qj+uF6KX4QIQWNuEGfu6sXEdmmUzKxkn9G5IGa4lOxCNuKFuktscmoAvWeIgXdzNSVfm0u+zT0ga+lOYWZaZByaQM4GC0Dk/QWa2beTE/ysAO+J8fyxidxsZUEr52+lcfmj4M7tPdTkJMrj3FPxdZU8OoyRhSHRMFRvLoL43bYEjRvhx5MSEDa0gyPTO+CK6RNeVByHO6IV4MHpRbyw7DZb7FVmmb6LbOX1HOqODVN7fB4bVdtCR3IiNPYpwpT0rbgygRj81OnmjNMUruOLW+5+xIpGJ/SUMWTBo3MxfJkw+J4rhbwtY1j73xC875nHmSL9tOhlAFydIcEL779D3Z8WfH+LCehppqHWpVZ4vDIR32puZ6eGDIwNzgNxv35caTwGsrdJke4CBOfhYNZ5kkNpSbnwwRLJP9McK6zGsc/sXjTsV4Xh8D0UnD0CUrrkWPrUHZ6TkMoBZj5sX2mAP4wz4HG6Cb/5MoXyWzugNV4SFn0IY/WM12DzVhPHFnzlyPQgPJt9DfTqrmOnzkg02WjArzQsYMP6WD5pLwd3LmxCV4MA+Df1LgQLNtKNSEWKqXgFbalxFF4mAmImezjk0B5w01Jh0clZLOxjCmL7vWmDhz8+sHpObj+20MefI2CVahv9Sg2lhce9OOVwCl+ecpwfUBDtvl7BfrZ9bKqcC9KdxrB0lxaJH2onVystHhmsS9dE71Hebg+qV5qBG41t6GnOOWqeKANziz0AjyTQqh1JJL/tBSQuNsfPfft4X0cBWJiPxCylfxSyYRJM7nTmauuR/FbbEV6OICxR/Mw3L09Bj+o6zA8Iwb9HbFFpnhbEt4fRiouL4NjbON4z2Qey102FL6bIlh2DYPTvJcUXBNKmZ1pg2NmMshOe8NmMRDKyS6B/tU9pw8BitpOfCT8qb+Bkv25Y0qgJActuY1JoJx0t+oVOlwPBubgTMk6n07Xd9ZyZWowqAwcxxVsfpGar0PoUIV5ms4Dcur0w5koSJLnbkEJZDlduFwHXDCdurzGDe+WmMOPhWZry9RmMzVjDyuV7SUJyCW/raya0/0GbRBfiNAl7qH7wB40OdeD0MTkgJ6cLItbP4Oy5e1hkaUcioRoYZBcPzfcEwaX0O+bu9OIfY8O4NKmfJhnbwNe/ymTsugaVXYzATvsbBtRoQbByOt+8bcXf//Xy7cfH4cjOBzxcdpEcR29lGfFmXBmlxeVvlGGL1CfOzsuGpIeXWKGd0XSROWcqypLs+U9UenYj1WrbgKC6NsxeZAe2ezPIa30X6R/NxBPR5cSfj0DyRADXN6Y4eEOBi/OsoPrXZbi0cgv1NpjiNn9Xzms+hE7BiiAnOgA9JkVokbgAVmxWgIJEedBybsX/lrWjfpgrxzbo4rS0W9wX+QqfZffDJ8N3/OPuKNBa8geevimDrXsz2WG3HVfv0Mc0t5MwrCjLI+4W8auN+0EqQw88zuRx/a0NrN5xnJ2kbkDU6Ln4EWfxGtHVrDz8kwVsP9O3lQS/MzzQbsEozBaMpc2RmrxtcRpebTtH4euWQJB1L9/U+g/yi+QgsdqLFoz5Dfn7N8C/n3LwNWQCuVSV4iHVZj4jLUuht+6CtZcGTKUwOlwjxLPZj5LyRvAGdqbzU19wkOpKuNS8AXY3bMOWLF346Ylk/scXs2QfkJsCwZoaBwj49YNT5D7TJQ1HFMiZh4tHTACtectBdnEd11X+5lG9nZy7N53tb9TCtwFf2vbGCXolx9PDOjm4q3KNz73xQ1uez+sMQjhk8Vt+N9IUOpKNodn7J3ekidDlPmU4IreC/vRPg3cqN+nsfKArbco844Qw/w4Rh7s9LhD/+gO/LZCDxD3XYaSEFGruf8/aOblU6R7D+W7+WODTxNhWzGWJphwyYAVpoVeoK+gXaykcwKyIw9h2NoE6uQ3Sw4Jg1oxIfqf6iapjbGCevAlnV+3GpVVqdH2dHyyTLYaB3FU4e7Q+Sr5PppyQXKiUNYM3W42xbfQm5C0ZuGdcDp/3i4JNG3TpUG0iPBVZgTIFKXhJTwX+hPaDw5QQOu95AsfoSmFpqTYceZFMxhntdL4+iueXT4IX3gJwQL+I0r8YYpbaJIxJGcvPKq8B2Qaglkk0h4w9D1ePGKH4HEGo0j0NzXZpvLKuAVw1U+GUQix6RPmSjmQ5iE4rwrQvv8Fytz3EDcvhaoEB3mh+F6PPFGJcqRKllCfQfr8zGOiVCNdHnaatfULQtSmQd3xuR+NOY4odK02lPkL8+ed4unn1A6ywPwuFR51J5/FY2LFRkVuij2PbBhe0uRrFHyXdGdcdgsNpo+HSNeAT+bX00cAe/sBx8JxehfZjSshlizfM1GzB3pk7wXBMBbUsykeVIGf8t1oHBub6cs1/PWi3MgMfL6mleZ/7cJ2EIj3o+IxjyBTV9pdxmDiD1GcB3ng9DdJ6ttDy7AOQnwfgkPyLEt8m0igbY3b2dgbFh4oQtCaZblzppnDjC/x2my9Vpp/j3rmf4O2YIBxtbIY6v96DbrEBqNV/BWPp7Zww9jtJ64nhyCcicDVSBS+5h7OY6H9o3vAUt0ebgMPR+bg28gdVJN6FtnNO0JhQwD3Bd0nygRinxjzhMXvGkMtrKdgd68GX7yhhz4Ye0grLouaDSiCifJ62nl5D5vG30aGgB8rWyUJHwBfORCdqCt/Lk4yC6aP+FOpVusvP953lp0Ll4FDyjfPVrMF/RQ2V3KjinAeeOOqaJozRDOSo4WasCO2nsrHrofNuE+XomkBF9i/+pKzJR/+eo7GGaZRm1Ytaa/IxTeUxCglPw5kzgvitA0DexJUstNoTs7zusGXWRJoSNZeK+17Q9s7xHD/xOI+UO8QptgCf/a7Cv0lfYfk9Vfxm0A4jXujwrfgLRB7CVJG2CbdPzsE7wqaQrXQPXv9aDzHfEzAloJhybCbjDreL9DhtEy92yqLSzDb4uFkYRogvxK8CTznSSYcvj+7A1SJxLFyYQK2LAsHi8HdUNbhJqbO0YLagJ7nubcP0bfL8zKYICxruUfF8FXStj6GXOQAA2yiizhJq+6pwdsgwy13fToM1peTYFkYJOvZQ9ecmahdmgML16RQtKgqX7ULp+6Mf/DrFE3MfamHmYCRdT1PnO8LxJHmiifWlHOjnz5EwWVeOhfojWCO0EirWZ8HKt4Mgv3IlPTB5jnci3OBR23XcaaIP8uJL2fHrCXTQdWTz3HyoHMjHjp2qaDPcQEKOK1ncNIcHTWygfNodKn8WDeM8XVFlwn2s+baAjzxwgFTxxTj9iSBZGopCzgcLiLIeArF2EdzSMw2NVQsg96Q/rz1iBLWywWwybgfNenyX3p9Wg9oeEZoxaRV5tdiSieZz0Fz7lh/MsuMV/JPzdjnA5SIn2L/NAk6tjcB7So4QGXAOF705SZqEXPTyFr27s4YLaSr7Xh+AJawFQxNV4NOeYopxnsVLvNuopHgp1dQtQc1WEVLLcuYZQgswwH0EtM6OIiGn5+x2Igey0svQ4/o/aPB+hb8u/MBM0zCOniANZlu1QFXzGJ4ftwMm+nix3h8RVppWBpeS9+B+11I0teuDl/t+wqx3QqDz4g3Pv25OH9+00szqTMrfoIKmPxdzsNlU6jn7AP+9XM2+d3SgWegvQPUm7F+YR/dCntFNJwk0WugKZz5mEFgokbyaMa7rUQNhmQF4O/0qLDP0oAeDN8EvwQirHRtBc2k3G+28BuceToHfuvbwatMvdN58mbVEVfmBtCU9OS8BBz5soPEfGBcHJfFBDTU6+FYBYm6FspNsOEy5IMbjTsziOKnzWLy0m/Je+nD4g1hIfzRE2Y9k4cGpGrL2mEEG5sFQc+MepK3KwqZ7E9ni1AHoTNJn7eqxDKskoW3RahqbEUb1QV3439pWvJbUQDHnu3m6qD7VSpxkhUu54BkzCe6XL2afFkU4qT4OH1T3gU3FanKL24rtEdfx2pg7MFXgHS4SGwf7fSpA5N55Xil9BRQyJ0Hrx4WwftUvdvG4wTESxTg5eydE+E6CNpUocBixFQ+dO4jj79fhBmNnCKndSScn7qVLXEUDg1EobW0KZzZOwNHrx0ON6Uc8MC4MhB+ZY1jKTZQ5NZdnKonRhq8dHHN4DOzzzMMZnc8wKfc+SLEA5p5fBUsvKvFOI3UqPSoCXR0TubxGETYclYWz25IhQrgOu5yc4J3lX0722gGp+01oasIN7otQZ+trsjCv2AOmvNsHYaNe07FZZXxqzU8OUEyGa935/OeFNzwVLOXkf+Nhac5Ber4JIV/1DycsRU62vw/nyleg8vtnpCt0l/19x8LW2+Lg8d4X5RO3wqW+TJzWMosXROzh88uqMWHYHQ0ETDFaqglEDwlBXM9HGpE0B1WuGbOJ4GN4G/8Ny0+J8N2cFAjKn8cqGmNByGsi8A5l+O9LB+atk+PVLk9Y/3EvpOedheUTBSDkfhhfXJZMGoIi0BG0it+8nIWdG+9zmnAeHehpg0NZ6dS64h61z9GnAFjNJwfM4dCHB4Tdt3F1oShcVMvnSkl9PC75Cy/Gl/Lh+wV4ko+jI0nD0a92eOdoKV8fU4rbzySiofhGFHj3CW4MhHKcWy119d+m4rejYVHsb7zwoowOjgngU6GzKbJwEnDlPeyPl2M93w+cmKcOP9oMoCxFAjfmVVDeq3Ie/6mZPqy34T20iWKj5SFkewUclnoCAiwII/vCeXHtRt7VGYGztT1okYI8B87eCpGdN2C5SSAL3r+KIrN0AY/VcecEfypfG4w/En/BtZ5EetpWh6vWNfCSlXqwaesu8t7L0DJPgAd2HKGOS/54e95/EDZLjHSX/IaVd9/iLq8GTHe8wJZ9NvDlRjd5tmTSgwpx0vHrYIPeBbzt8Gp+JK0G0yyn0L/euWAwYAeGU6fihfQmyC1MAqNpTPLOo+DzEmHyfPgKjSkD117XAtlGexC8tIGOeVrSUOVyaK66iuphh6jsmyt73dOG5vfH0eiIBo73NISZB1t5lnotnG/rxKhty0lnkTFlzfpLq1WWgtb0CLK78xATNqnCzieL6Xu/HYlZiXGdUQAH+9+mSxeUYLjhBcX1CqPRunw84KML3hsvU8AedV67y5er4SAFHnlHF6PHoa1TF5p3u+Ku5qvketAc1F5oAPW44/aBqfRb/Q5Z5QKXL/6EY6vOQ8o0wF1r89Hz5UhwlZQEi/i31OajDPdt2oALHVEjrIW7J8mh3ZwQNG55yO9P60KQ/0paGitFxS6nKHSLIUffLMYnZfuod34a7boyzHckH0LbIkNYE1fP1w6GwNnSKNL84oUJHr+hWdALKWgyZfVOhm+n/GGa3mQ4kFdN92Oi8ajyC5r0IoNuwgMy/nkAbYvWcuf0M6y+dB9e61eBV6cm4XC7FyX9e8BznG1w+65MKLvZBnlf5sLE0iD+sHoF1dB4yNCWgORFZ2CBzla42DUbhq7MwK/hyEXd/8Aq1h3tRx9BKzEzKEgWpIATGRAQaQWScqbwQ1ePH6ZmwogvnjCu6CRUlthB8C8twJPtFHi9Gm0iTLFdqw9KrkriZ3ddODS3AMK338D3XZr4ZJIiDO0NA1WbHly/4T8e1jGAx6NEsHCHJezmFEwQ/Y8b7ePwg4cAJGwK4b8Hqlg1Vh7VCh/heRVVlL98nM7leWPtiotQqdlO9Y4GMH73Otg6YTyPsYziUdMyePTlJva7vgp9pLvRQM+MVoZupzoZA5i+fiYfbQrivtIavvy9BXxNt8PyhGLYlKmLUxR2gvfSOLBIEYBV/Ytpd5A38DMFvjHnFx8XWw/h00dy2dr1KCM0CcIO1aGTpBGsVNSgeqVertUPYnWNSRwnZEG39g7CND8nsrwxEssXLMQ+NwKxazvYRTidnT230HEzN0j2/wFWDn6cPC+QwPEBqPbvQcl5irBYLgsnRM5CR+tX3GreQ7WtP2mvfhWtP6RPblWh8HqyNE02lYfroTPpZrEEGbtNAgfVOs5YYcAFdvNwuDILD4TlgPiG3RR9SRz+xDnQ3dk/IFG9kKpHCUC2w3e+4lIOZMRo0mLBDi/EscbCFo5IpfOH8Hp+obgKR5zdAeO6ZrHi7zAqrjEkpZZ7RNEXoHG3IWz5E8iap3rYuPA+hyhZU1bwY8ieFwhrL8bx4+HtoPlwLlodUwTvZybYtH4bDKQsxdZ2E5jm0A6LbwWBmKcfxMZFwKt3s8D6rhQ8HDGd3Vc1stRRA7goHMu/HHUgRDoFuhY184tFWvzcPQ88V6hD56kKFsRWdDffC2AgQ9N8XtDEWGGuWpWKZXk+2Pk8lTQejQJlPyfSrIjkVvc7gJnVFC53nxoeZ6DDSU9adNoLbzVaou+XMdDkvJQbuy7S763mdGubJKQdXQL3I8diy4I3uL+mgO3b12D2Slk48iidQsKKMFT4Os89U0hL1lvSvBZt+pL9mxZIjYIaB1sOG6sI12RHwR+rYe7qd8J1epvAZVE0lo3yIOtL+3nIdTcUXvSgamtbMJp3H/pGNpNlaTiu7nahy5Xq5BS7llbqKGPiQg2yN3gEhld0QWvObp607SM9VJpF/XtDaE+VAEywTie38gH4OsaFT/84h+3aI6F3xTfWeHYHH78awJUFXdjvPg7/pezjjTdb0PF1OwxNc6PWeZqg+3YlteUJQdpnQ9rp8BoeZu8g10fOPH7hZdQaHwuu3T9Y7bIaXK1Fip3+mr7+mk7d04txeM4FdnfTJ4EJb+DlWRlSn/kFbKvGgkJmIGyVkkDUlQPLvk0cP+zPzpHHUSfUGcO7ktl6+26q9pSFnVNMaHz+WAju0uezO+6Dk04ifLfOI91BFY40Zrq35iAdfaUJvalvsDLOg44t9WDfzniWHN+IB3rncnlUIB6bHULF1v1QMU0YNjQ+Y2cFW9o4x5wPqxZS6V0VqnU/jM75SWSa4MJ36mLwuqs6/Ff2nVx1denPlUoaqfmRW684g/xcQXiWOoh2Wb3k7XqIcyztoddHjGSqpWjzzQHeNCWZpw4PsExtAWSVXobyqD0g80sQg89JQfz6Gq4wb4EZOzvhktBGfFQgQH/Wa3FQbyx/jVtD8YeWw/pCCZD7pkB272Nh78N2qng2gbeMFGa9h850Pb+TEqxH82zZVDKK1YNwx9/w7OMw5PqdA/sjV0jtUxuve1+Nd78AUas1vh0Ood4UOZgrKws3zo4n8zBrlP0SyfoO2zF1rDK/M5Kh/M49MGmMHWYHjID/OqwoZ+o9ClTIoaHIWDC+rEq/hQ6Qn+8O+uOwg599mQpdg8rwri0d3DVGYm1NIR5NvcWz9gfDoucmXPG9mTekXuPLJl1wzBrBPL2cBwq/ss3CaNy6ZitWf3xFV9Z+BZWmmfh+zgGI07kGLRXqMHvZIno19QMqivVjSXoJlzqNJpWHTSDep46+E4O462wR1RxQgF8m6nBv41p0tW6FvVxOk+o1efm4agreH8Hbj4yj3dfE6EC/Fnw7UY4NAfXkQx/YtfAldGEI05kTeGVoBVyJ/UbJag1o+pbB4pEjvFMUpLzP/0GRRxMN+Jzj4o0WVPLFkFucHtHPkyk4pkEWpKbPYJ9937ninD3eC/iDlzxv80idsRC4bDbq+Y2CpIaPvGyLHpgsc4OGHH9acGUytwca8Z5LVyjCLIr3+Txi2VkXeG1kEewVN4AYpT7arBIKCwNXknvZX5YQjGWHs9motjqB5Ef8ID/BF1R63QyCXb6w42JJCp1bj0l1NfT94292uWjGQzbLKO9mCEP9BZz/XAmcPK3RyfY37ayU4I1/loKR0iZY+yYeJZ0j4aSBAix62c6HUm3AOe4gTOnswEW+IpDb24Vy8zLYTmQmvur4zF3S9/kNTeV5W8dCxTRfOp36gF6eqia3R6tQbWAlRkXtAW/fE/D9TBQiXYC54uOgrvoyRWVVgUxwO525Jgfv1p6jfVNPYobIMro3vAZ+W47DIfHRMAW+kJHPQ1yjUsCnBoZx1kQ7GF7yHk7dfYj+B7fjktlKUK0qAZNXRXPyodWktn8/XtVU4gmRA5Rg5c3aob9AtE6Xuhoec+ZqK7ippMQCY/bx+iOzabJEIzgcWsiqObLQUJMLkk2h8PjbHZzsPglemJ3j9KrLVFDpDAZQjhdiN4Nv23f+HGiHH3+d42UzhvHGKCX4JSMI8UHqlLn/Kypb3cdNWQ8peZMXvt/RREtry4DVd9NuqcmQUmrN56ZO5ZgrJdjWf4Z05o7gY67PIabTHSs1w2FQVZL237OHopsKeHWVK6tFbeX5R75w4sW3NEt9LAVkh8If/5l8Zu0YuvxPHG4uqWPV9hfkJzMakqc70du4M3BmnT2Fv95CZTufUFbJL1QeJQCvG7LIY28/thf20asvGrxe8CkGXVzACxXfQHdaDmmIzWd9GR14pdJDx1K8cdVZWZ4x7h9/+vgG/go3gJ5XJq7acgiM1/hC62YLwCP5KPHCEJfN3M8OFi9QyNmPJ9m6wmByIE6Ym0Jy9nrcNGwHOsKmVP/2Fm9Lno72y8x5XOhBqvNcQl09H+jWmX7cKnKdPtMkKHy+nyxNq3lKygQYVT4Z8q69poGDqrS7YRF/LzFipTmJfOK9FVgKW2BE1yyKG2dF7QWivEbfmrIll7JEvTJcb37DoW+7eFKLFRTLbUDJiyI0fn4B/u6zY+VcBwotX0u3F5yAOs08DJpiDg5LhWBndgB37N0N4R2qXHfhAN89kQqOx+T5gqMESiT4cm6SPiWOFwOZNiFKeOQN3uNvUK6wJx7UzsKo6zZsXyABkw1TCAKP0j49eViVOJ/VRgWwcNteDgscYsUaGbaKnkGbrW7z98QjcHnVB6gys4ZznepUpOPE2ptuotj86/Dv5W6adrUK/iVaU/nSUFhx8zZ3RkyAPAUrTPjSTU/uPYD7ibNAbtdq/qdbDfXKueAq8YkOjegly0/K8NHdlzBcm0wkj/Bv+7FUWB6Bsl1fseOEIuce+0FSwb9x1CEDkBr2At1bd3l8ZyDkiijzkV02uPChIp8yWw6ek0/BfeN8ujbLCspOr+bm2Nsw61AZ2evnc59gPUgt9KRssY3QEXwaR/l7csAyAYjq3wxWHgRKV10hmSbjm6k/2Kx/Mp993MTZ5d2UPaEYFm1SAt9N89FqaDTPgNEk7XWbj5uvpH2qGXBp7UbY7NjKZS3t1NE4ElY2lUPxJFc+6GfLXRNs6VSvK/mMHQ8Gr/Vwq0Q2BkIYvOxWhVpRbzSbcRyuF5xgoSPtsPhRHJlenc/pr6zA4nkEv9RRwZ3b5UH7zj5IS06i1HEueEDpCQ0s98UFiyXoQetuOLjyE+kInYI7ewzh0Zg98CPoKJZrxVF9oT3uL16J7bnhLN+eCE4C3vB26V5SdJQDp7K/cHZADj8ZiYD2k7fY6rke3584B0sKgqkwZBg3qv1hh0EJ+Ki3ET5XTaDyrkI+nx4KdeLzQDCF4ZL1XCybeg99IlpQ86UUbJnmTqeDWvg/hzt88dhq0IxQhq4vQqR1rwS7tefCicALuC8d4cxpbz734j6KmO6lhV0tXGKxDhaX+MGCJhuy1nwFg8/j8ZSrKgy5CFJk+3FWXZEIF5oc+UqjPy6xdcE052iWeG9NzZfPM0Yj6PdvYKGpc3mmbiQ80b8KSeptMHdnMIj8vQQRf89y0ORn+FPHFnqeu6Fx9W94F+HE3nKZuHjpDriWZAzVn47g41HXaeKHjyhbNRGmrtTiunUjeMO1TO7puUFNTVq452Q8Hp/kwCbfR6DRpGb6tk4JcnCIrOyV0OXRKo461Y4lcyJZKNqcq3M2wx3f8Xy2/i3u2aoOyW6ikGp4lp3yYzhriQJc2zYJmgfXsErVbPCzD8XKOVV0QlEYcu9WUdEIT9x8rJFi07Wo3uAtnq5rgft/VsO8bwLg5i8D7CgOfkmHua5hDzifDCT7DFmqVN1MI8Ons3dcHOx89wPqUuvh5WEZECpMxUblI3BrQiGe99nCOjJzMc1/FHSOyqRRgdIYttgTroQDGKlP4qLBBJQ8cg2Ptazll5/j+d9yed7j/ZQC9eLxa+sMOJImA2cM7oL012AWm3qNS769puBzv3F8bw3vPGoPvcfv4LT2Blj9WhsedomwnE8cuOqc5BGzR/C7Y5G012ssNEdex3kP5OjjsSaMqTKDKTct6N3vlyR3KJI/vNRFSt9IN5Yeo0jbGFb5IAY3DjykBm8tMPoWT+Lr1oDStGU4HZ/DoGkb3k7qgglWu2C27GvubWmh56gDk41e8PHg93jy2xl6ayiMFR1+3F+1HbZ5uaDassVwqzGMLMVkoN7CjQrPnoY7r91gkoUnmg06g2BhKV3RyIPAxQoYdC+ZFZZbgFqOMpyYbkIuNjlcbjfAO3yO4beKA3D070n8FmnDI+8jHKpRA/8njpyaNg+HXLaSW2UT/HkaB3dd3/FX280UK74WFUs8oGy2HLhYR3CB+3nyFY3DGxp2KIRRYGdRz3Gb38ASiZ2o8jobK8sVIcxoGF9cGaSNf4vorq0zGg/HoPHaCpaY+A/IMI79R6uAeqAxSB80gpsPcqBtmh//WqfHydm7QMPrBQS9eYJ75/zF27nRUFisDaOq9UnqnDIvOXQQQtKNMalADV/PdITNvtNQ+/5JPLFLE0rsJMEwoIm+pa2nAPv7XDTTif8uVqPMQQnoES9gzQencfseVU64oAmi/ZUQKmsN4pFXcYP4XFrm0AuT74bD33M2dKngMi5fbModSpIw43MYjhgfxMkiGRTVH0N5ByL50MTpcPLOMkqqT8aG6TNp/koheHVNi3iLKU14LMmqpYdoZH87ry7y5wH9n0xjh6B18WqSeqkCBRsD2VDtE/33oAhGj6qmzOg32FzvhSWF78DvxWu8E1dLHe068FQuD9aJObF4VQP/nDOE4/+7ywtbUjm9fj3svd6OkjVjSEt1LIw4sgV3WibTrqev+MGGI7AGxXid4nfoOSfMZgolMGWXPG8StodJD6bR4jm32D/AgMxsu/GvTAQoOCzmsUrpbKimSvvb/UC2VAhqU1L5TvZ2OlycwbXaG3lo0AE+ZlrgCsMGqBcbiQmPeynokigcV5aFXUKn2GtxGLQIPUaBn3rw5342mNQMwdWBEvBbdob1Kxj8vszAryKlfFI5gH27WzDX/ApuhKX4SEaQk/0Z5cX8GT7KwK8LT+jpKE3GU9rwu7EX7s/QwF17lOAuFUPtkReY+swYNasBdrpd5uVbH1Dd68VwL6UXXm22hKXT9tPpuE84eN+SZ03OpnWhk0Ai5gYKn2mgXx6K9ObAfTR5so04+xNEGQSQ/PM0+jHiJRYW2cHEP51oanINdzXak45gJW1/KIOyOpKI8c1wvmCQu5PWQUiVItwW/827Cxywsn8tTNId4lPvNsDDsI9cUiHBdivdsUPqLxxcOBmy7CZyfVUFHrXZyn3xS3Dqph4MkC5Am/YdaPYkHM8uJSqr1IBjs83IPGcWX9uTSqJr6sHNfznOHRqG96pbQXRGHlhkxUFRqww8LfpEAgOxtFpLhUQ65rPL+xcQdGs0Sh2aRG/XVPGB/Au4dJUS/HncRGZ309DJfDTjyUNkoX4Dt089zEmLm1lvtTVa7NuEKyepwvAeN+xsiMDUVx6wweYLXUv5R/uWlnPij8t4XvAV2fYQm31Qg8lLd0N5fyVPMX0L4rfvw7InNzn/uQlOr19Nr7RGsoj0NJiXYwQut9Zi0fGv7HlFC1T1/eD8REvozhjm9llm1OItj8PuBfzupw5oefzEiKGJVB9yFQuqz0LNlhrY6bgcn8nuQZ2SRFIalsNLI9RgZOETWB2zgMz6LqPoxaW48Lc2zutZxqvDXElitBS+mrsO3RJHwPMEPcj/DNAveA6UZ6+jnLL9ZH87HLzdzElBfBsYZp6H2fEikPepDI9t2YW79CvZxUgIm4uX01w7AfI2cqKqNXF49W0RWlcrwsLrqez60hYU2zfBlG02FHE0l/XS9NFNnqk+/Sc0zLrNhqlKUPOfP+YdcOT1RQ/xfUoxSkk7sszwDLpkYk1GLXdg8g8z+vBKED7tc+DhrHsorN7I0+v+UusoUYjtXsZP8mowqWwxLPOXJ693NrAm6DtcPNxCF+bsJ6mmNpyXVIAqfvU0GPQc4m4dJNHcYuDn4mDfvgX3JISj7G8bwHUJ5FFwA927pXCH/Ceq3X0JHX944tk5Y0BfXpI7nQs4XPkevfskiCIi6Twn6gycfXSBou8GwqK2C9ysqg0aYnNZ+/hjnrDPjfSOz+KDE1JJPcuJYzY8hUGah4faDHChDsC303ok6lnEj0KXs/wVK5A4Oor+OBbitGvlsF69lX95qMKJKgtYE94I7SoHWOt1J+rvSWLp2UC4pQx3Srag541oenVzBl/p0gXr4i0Yn9VF7YUrqG/aTrr1xw5LrxzAoUxrWvskAO48u00Bv6ShYew3lDrSAa8vFeDZ3aUg/e4LTd+ygJoULqPPomY++KURTkSbgcsZwHPHj2N89U6WCWjE1f7eXJFykooSd1Pz6xl8croBF70dC1sfDMFxlz5w1U4g14Wz4XhgP+z9MxFluz6j+ptfVHBmmMcAw8ZNLVijNJqboA5OXWnCdx0fSM/tGZ/KWITznrZC8MQYep1hCidspenb+FoY55KOfr4pnDT6MlifCqdv+3eB1Y4WNlJ6TGtWSYPWhUd0/nUyxb+aC3O/t+Ai++Uk51BHB412gcbNW7zu5Bfe7GoE+bFOOFlgNqyJn0VLxzxi2S+76eLCGJD1KOXoW7r0dII7nZ8zDrRO1bOLkiG9/BNAMc82Q4TEdE57fpyC8gwgheVYfOZRinAA+FmlTzd/mVFobyi81X3BNXgZSnwiYdBKDkeYFILr7KcomW0LRuoWUPh2ELz1vmDzLA+Qi/sPLz1VwnEDJrjT5jJMU/8GD9MITM5o0bhDs+Du8afQEWoBc52K8YJ/Gwse+kUxKXZcGLWTMppMwLZxA1x9L4yrve1xSlMU7Ep7AAEXc0C8zA3eDSLfHVfD/RaCMMZwCy4NOYT5ZstQnabSqs4reKBLjyNFDtIdxz5qb9TF1HPy8MYDELul6O/5t1z0TR61rOZh9+JhevvFHrdK+vGLgVTuPC4J90KG+OjkHtCzSOS0Eeb0O3sN9U2ZzJnPlkDdtKv4aXsmVbUpwZRvw5B6tBRFUiLIYHU4vH+mz0fa9mJtlAyFr9Fl9zglvq2A0BriSUEbr3CvwR+In1BCE2+9Iu2q9dAL39CXxpD0aSH+ecoW6obm8ebR4zDRRJcC8TOkWaRw6+dybJ9YjJIgiU2bzqOD2GhoefIepY3P8ZMjlZzkLI0LFSag8QkNevMmCtqlhkk9YTyp/bAGTtlIUmd7uGz1Xr645THlZC7D/G/fIak5ma88iUDhvkdoEK4GOof/UpVIA3UML6e00C7ur70D0jr2FPN7B1WNroD9E7xAVU8P1jVPpMji89AyqI+CDib4++NmjKiIhqhRIyh+pzjHe2vxxZuGoH5jGvzY78azk0Th9AxtDPjxHH31t3LLVw+4/XA+rf3iQOcfK0G7rzI2RG9D3/GlLDF5F7+uqKKsCfdo86iPZFr8lVZ0XIGiNns4OnsPN8z5ir2Kmlie7UVDl0tRofUq7/P1wDcS3jBv5Qg23WsMN9Y30cSscOJsIXjj/Bn3KSei9LIM6rNzoTMqWbxb5xfKfbcCv6BwTow8yvLf81lIfjKszw4Hr6ejeUldNpdFn8GY9c/xt5oA5JYu4ZJPe/jNTx1mAx9KupfErwt0eEucN0fCCF5lqosxVQYQe+gTevhk44ITx3DLu12053Y7mDlrYJ/mShgzqZsWTtZgS18hKCyphUHDQuxa24cRp9eA+J8ujIiYirZ0Fo0KJ1Ltc+DuVm24v6eOZTXGU9/RRp4Rns3PHdTwb+9vOlunC0ltQmD/+RGelhkHl+1iqVXmFWzJTyalX8akt3U6RA15slr3HEiS8kCzlM1QGmEBP2New32BIpDW3wBGfQM4bWMePJ+aCJbT1bBinxgF9+mCna8CXBHI4/cyfuQi9BoyDXZBocot3DFFGUbHSLBIhShNUt2NGckmUBOmCMv+zcRpn9fxo/fp1NoVCc1amjDy63P4vv0Cd/4cB/+8xUBw1TBuH3Ecbj97hMterID8hfNh6M8QiYRuJ52pwdjAgmxvMArkrFt5+Mkp7N5QThzfyxoR9ui3yosEJy0FucXO/K33NA4NjAefNwK487gM2Xw4zf9CD6KYTD7c8PWhWLcnnKunDWvcc3go1gYePvrGj87m0i7cT8VXYqHnSxxnZOqAl00w2BgYwY/TwpxYNwr2nNeHw+uUeMPUd/BkcBDNKJkN/wrQT0FnmP9pPZQ722P0HFHwd/7B98Ych4WBnfi86TrfOCfFodeDKeizGuxfAuxyIZFUSlVBxrIXLOqyIe1JEB3ME0DxoH24Cpbi+AuvWLlpBW3U20vTi4xAY912vt/0BzFqLufITqbjh2Rgj/UR8Ap4g7mPksl6pCgEpGjAL1tjyFrqRG2z5SChfg/ubmDyUlXmMDN/Tpjeja12ySQprA4nnmzALyZ7eOYoTRQfmgb/zVsDoRP/cO6fEh77VAAUKl5yWYI+FMoGUlnJMWj6dYIXffjI6xdvYfapYY+tJuhqugXOVXTB6goxeAsd4L+3DyIqhCnT/DOWLJ2K8dAAzdsb+MOIZkyTEeOYpvGwtXYf36uexym3MqnKJp9u5L2graufc3hMB/vU2dPY/Fz0rrEH48hObBAP4JQdsqxj7YqD8yKxJ1AZgm1m4ouzI8hipDlctbSC0AWatO9FPr356I8msvqc1t1Kls/e0A3vbJCceIuyXtthcL0A3AseDbFfboJB+geMLl6DE/6MwotmwliSNQY+N65FV6mzeHaPLAS3TuYz+zWh4X4ymOtEkITsS/yXMh1c+qvZan0JxCWGQbSeFrwt9UajT+Og5BHxjiQbPBCQDn4xW2HkuBKW/xVF1z90Y1mbPfyrnQrrDuyGTuVl3DJ5HJHgHdZZkYQTzvtxx8krVGoViD8bpWDG6Vd0YtYDuhYznuM076OgQg0ECjvTs7EK3HJxL04Ur+B/atKg4HoZlEZPxQcHEij0eAedLNkMHY9OUOAaQ36goM7N/ZsgtAeg6lAUT983hvQ1TCByUzbsPHKfDk5aS0Ml+ykl2h126cmRzkQlmGiowQay7dRytBwV98vjYmkf/B4yHy/JXOYL64J5u8g7PiIgCp9+fIL4n6PQifVY7p479HudRjcnK55udwc3xMVxbVsLH9mnCxVTZsHzNEfcrq8PXZVFPG9yKsbUVUIaZHKt40aerrkWZL/JQpaYBGl+LsJtmZ/ojMVD7M/cRHk5texrspA1p2vDet1AOpmuAvOTz1Bz/RT62jAGauLfo8KTQbQM3QKXKx/jv1p5agovgt/SCMuVp/A/0fXkXyfGilueU8POGOx3EEHntSYsfiyaP+JM6g03gzfuT9HXn+GiwG1UtXVAWT9Zjr6vSZbXNfn1bVda9UsO9z0yB2X3Es768wNAJxUbRi3BkOMmMKS9F96HhpBkaR92rHsGvat1weZULGfsb+DsY0J0KsYeS1cP0q1JBhziuIDHe50k/5C5fE9hBKybfYZM5hCPVy7Agz7RlGJRxAt2W1LrSndYu2oijojRohf7J0BO9wj8fMERlaM9ccn2k1R87xVN1fXBVzOLON0iiVRijtGiIFX4N9zFjilv4eUcV74cep/7vM/DiqK7tMQ+mD5ee8BHl4yDjlwByH/zBZz712Bb0C7+eU+FZSPV+clpCTqS+QQlNO/Sws4CHD1zFJzbn4D5USdBdqsi92+/AdviVkBzwGbcZ3UYB5rDcHtdGr9stITT2hO447co8+BE6FtZzIkthSgu3Mi9Hv4g1XOY9s+aAvE3rUHILAyvNs5k55QwnrmlFqdfc+AJogegT7kX5Mda4k/TYBK+bwhzBMzhyYghmJktzQtlBUCjv4+yp93HV9HP6fG0+bCi+yJFfTeAZIWJ5H8sCf7U6sIlfVUaun6Oavye8VwzJbpWsImnNQfw+xI1qP94EBL7W+jKn6uUW3iYp2nHs23nDF6uc5Dlq6xpyvOTqPNFDtwXf4LlNuVw7ZwAmOxrRJ9zJ2BKN5Hh60F011SieK/NrCsA0HhxHbQV/IUVxpEwWukinDsgBmoj18LXZClQ27eHNevOUGXgaAgbtxk+LTTFoEIx/B6XRaqD8TwmJRIsR5vDvRnpVF7rxJsdhaCweD0mbK+Csqtj2fm0FezN6aTJuIvLHANJ27mZon82Y2ePJezo+A7fTjjh7nuPcVWjLnc9SyONNWEQ+LKCjS8Ykof2P15VMArG/VnLG+O/0ZnEbHJXf0KVEr/wd20+G2aEwOjLVigbGgB39k6Er3MPkeyDXBiRqEb3xhzGuuUaVBx5D3OHP9H3pE5wSwojBblxcCgzg8db70WLXOLFlnthnPc8+ihzBTNUCil1gwm6vnpOOqPUYcXDt9hnI8jrtxVQKVmT9pr/0HR1GFqfzGfZyRfp6Men9K5CFz4ZttK+hu9cLe5Di2yHccHChRCTexnNfJQwxCoZrZJUyX+kGSjoL+GGtHm8+HwkJUY/Y8XTx2iDcicmSvryk4YWer86iryqJ4CW2U+U+TcXp/mtxWW74lnvXDD4LpgAGn/D6FJMJSp8jwL7VFF4Pe8ABjQ2Y49EEOZPdcBbsxP4VXEcPV8Tz5YVsVBfqIENisZQazcHKz1/8KbpXSg1KxtTPUWpXTKXEmvr+UahD978+pw8l4yBHbWF5JK4Fj8EHqb3ywbo240u2j90BwfLP/CECAF4uv8ufhywhBOj+tHYYxMI3mhiF6k32Nr2k3cW/kdZ9g4EKUHgpTqZpk+UAutnX9lhXAePXPAbA6sKaL55AJ5RMcCKngAIkDzIlzQP42ULDbgeng5HP/mj+5yzpF9QgHuPiGH46gb2G1XBhr/P4YriaDAaZIiZ00Y715xhj/luEG8+iTdAJ1zGEj40wRPn2r/mfZfFeBuKgbv3fBpb24IRO4Z4ZpkxvZiaA/9ql9Kqz64UJ2wLuz0W03DRSGg6Uwc6GYWsHt7K0uazcL95OMyt1MIYDUdYf2k1JiQq42SyBK+c9/ik5iSsHnsGKheJ4xu9ChIdHwcDWUjZrgdQTf4IJBjZwPV8FzgZNo4Nn2mS7FcRyt45DRrDB2iMgzLECrexnt4WWrBHGArO6DO4uDMmHOP1hS246NIjvHZDFDYqqsGYGhO2OVvOzW8NQG/peBYI/YNzGhTpYKEyRzTb8ozYfNLf+oi0zDT5qqgbKk6QBCsb5NKBWjxwow8qb5TT2POt7HJci2W/JsDIXdcgf58EFjsZwlxXdUrDVtSLr2KxLY7gOmjFUVVnwOXXHDBrjKAv6xLAK9QchgpV4MWKEjAUmYAvrraTs7Q2t1n3UkjsO3q+RZJcJM+RzorxYCk0m+4ZXAE6IQZq/0WQ2qNZVH4nkzacsUTXeeUw99dEnN1iDi+8VEg7O4RD7UbjswVjcHq+IrXd+oci0jUs3XkFDtnVk4mqGUywT+LzR1VJSsIIVb/k8exlAXy5fhmfPOaDgksqMfGyPG8TE4fZt+T4ovlvMNFq5C6P9/g1yJAOjkD8vu0vScRI0NpiLf62SwzCKptxdFQjZJxcQWue68G37jpqW5DNa002kOTAOJ75fCYrh0hAt2UGGmy6iTcze7jx0RawFr5OKcrnUPfjInCRbsWpwZE09b06FLoIwPBhJXB8ArTqyVVqkD/M7396gpC+KOX19mPxtjlY66QEl7Ydx2GHR/hzWzLbV12kfJOf4NbqDTtcGrE7Ug7mO2bQghoDWPh6LzZNi8d5CXm0fckLrt87yFHNx+l1cCKbXV1Iz19OAqVSRXAeGYuWf8dSjZoJvz3py41hEfy6UIeCnk2h+p/rIJpSMSlFHGJ/WHNHyFeKPOHEFsbKpN8zAypcf6N4QjmurujkdzuXQ+NMFbDNn8O1U13hr7sTfvOvpB2jndA9p4nuFO7nF/mT+eU/D37/fQK0zknHA9/Gw9KMPvSWM+eDHt00lPiVvkYqkquENu/eEwP/qSvAad8JXJ21kv+smAFPrWVJWPk/yn3Zw83LHoHjphf0ZYkLpgwbQmX1e7zw31de8SWahMXOc7OnI74OOYiVr4Q5eOwvlJ/qjjc/msLeiaswacNUSn/2lgrtNMDiqBJPeWYCkXMTMWTWSywJ68ZxC9Qg2lAc0qRiycV4E2yq0oCp9pWw5VYwdZ0tI98NevwuZwFpKGjCM+1uWO81jhSttrPUiFrQGL5KT/e/ZvWLO/BtYjv+1/ONSycqwjOrzRRVsYXDqss4KjICFgTPoEX6CayHu8BN/Tz9jrDGnnJ5EGj8zoola1H78yClyJdxv28bueb/RLucs5R/7CsanVzGP7QE4aa5LNUemgR+u9XQvbwOBm9oYP6RMlod1UrhG6/jF+MT6HrIAh6V9PP8fVloGrwe1W1qefDbWzh+8RU1CU9Bwalx+M9xK3tdNYAsoQfkP3IaH46dj6/cBMBWU5R7labDB99UShtVz6P722n+CDtYK6MO4zJW8JrMbpz3VIK+KZpS6MvD4HbtO+f6lOCWzh+cKysKQ5+cqUcuAJqyPEg7SIBbNFPY/WwszJA35LKW3fBgpCitahgHF2XTcLPtRvQ748/le/35qegk/GyP1FF9Brwl43h3NJHMZHl4U/wSmnesJPORVhDtJsLxte+g9dpOXFm9idyeToHqgYVYp6IOqtPX4Y8TyximlOPMdxspde4oSN1bTK+8yqHtQSoVbHSkQWMxGJSew4faD9MXqQhUahLBT9vs+J7LQkofKQAWI11J4Fs94WMrUL4+klfu6KRXdvWw60Q4Dbk+hMH2H5Rl14xhO+7Dj/RdVGlrADV4lNdJGtJcX2OWsFDgAwLaIDJqGW9ZZMmPR1rSDpOnLB0rBus7e8jD9CZ5xhehZuF1wDk2YOV0kAwfzgef/4m7D4UQFDUAwP8oigZpaChNmtqbQlZ2lFSUOk1UCJUklFHIKkoKLQmZlVEJLaGMUAllRGkglVLuY9wn+SSGOHjdR/KeIggKGY5U5ONFjzdG8Jm4M/Cg3gNPVSrADQkbLHDQh4Ou/TxwUxxOZCO5jajmpMMS/Ex1HBVKSvFwQjAvsruEPR4JtC0gn5fcUIHKO0O0qoBha7M6Xn5XC3U/muhN90Q80R8B0YuN8HOIEr2I0oaN7u3UqipJA/bPucBRmoQWTKeYU1dJLUMJdguvxf8K1CA5byKItejAo01FpCB+mqSafPhR2yuqy5bBxw2hHPUgB5RlLtCT9+OgZsl9HtuzFOo0FCBmWjCeurKFl1x9hS5vDqCAfw1OdHpJ9XPNoPRoHi6ROoD5eTfhzOFJmJUTxc+dU3nf08/wTGcnh+8zgspnopAzZTSm7u5iy85qUlovD0clJ9OdHUbw9rwh241yQ8mdD9CrRxQMbTxQR+QgyL+Ow0uK7zHqwkxs3n8Cqg4zGp0MpqNZhmjVbQN1IQMk2nKLT13djP128fxVQoD+eP2l+N9B1HXkHTbar6L0x1JAmupk51/ForpNWFZrS9vdh7DP9Dx8bdpDex8MoHboLC4dawkL+jRZW3oGfC4zheAjFTx913988Pd71G5swbsbCjnxgxWsuzEBppq95V87GmixsTfo2GtAgc1NzI5eROe9CrHv0UboSMpCn9WqEGu/mwSM5XBl9waw2Ic87+k1mma5g+scB6DjZx+q/tcJO7P14d6Li5ieORZCi1tguvUdEO9x5WF/P7ip3gBPFBLx10RXtJpLkJqsw8NH/uDLL/3QOuUynLqqifbFajT19mvs9rrPPP072iwUhfKvG0hh/2uImpdLPQnfoPuXHS/ANfTsQCb8uVdDCk6yvEJxLEi5B0Pkqm8ke90PfdZWU0pJBSVsUKGd9dvoy9kxlO09hj6YykNSoT9Z/2qGCEdBOmC4HfofbcZAu3ycEzIIoz+Jsc2I6aQ/ciJYBWYDxPXCjHmXaWfNTDhwMg2czO3R8loOh45Ywx4986hSyQx6YBKt6a8H4wI1En+TwJkeSaDcN4O/fIygOdbXYHPiTtofqAKb4leimKYtdRdtw+rJ2hQVdphmtm+CwVRpiB9VQAXDX6HohiI4qO3jasdy9J/lxkOZn/nNWE/sllYl9011ODJ6PtwbQGBvXch7rY0vNilDyUMnyHmzmXb/fU3x0eYkYXeAU3+7ULNlAl+OEwf3f9lsKNzAY6p8wLXIFobbzHGywiI2efUckk5EcPWvJNL4NhHGtGmi8OqHuP3zNU6+UQa67xZz+kpxHGj/CMdcq+GxeD11lVnCs7ZpbJ5eAj2tU7j9RBQdSJPDhH3phEEF1NcYjH1XF8J9B1WwnRXJ0nMyWb9wJB84+gB3W5fRse12VLzMDYLKNGDqs3yY/kQBvmS4U83aqeyjE893F9/B7Vv/kevkeTSj8wi+UokGQVlvPH5cFrYmjIRYESfs8kgipVuuuMxcjn1XuePA1HX4YdCAW11tEJ6IwqNSM9ro2Uxe1jfxWuYZ7Pu1D4Ml51BQWQ7ViCxHnTH3qObDSJB4PAv9sxvp5o2dNPb1H14jYkQ3Ws2huS2URTvXQOb1VBTKHA9dhlOApr6D+8E7QP3FFsApnVBkepkW3L8BK7otcdz8GMpLGgVrArN4yu4rtFFwFN+T20xPr76hNhdnkj/aBRGGtrRHuZQ1nM0g/E4E++7fy0E6a6n31jZ6p5DHYm0XSMX5Mc4WWAarutRo+O9USLgylfV22cH8L53wUM4JzO5+gkUutjh0aSy/W/kVt2vvwQnSOvAc6khX15zmrbtBqQ4O5Gc6l62s9bAzZz/N67hCLZXn6Me0cTDeNxSVk31RfWM1HU89RQ7eIyD3RxFuy0mmq/3X2HjmBtixfSRU9QTiNbVpuEl1AqcqnOZf75bxn5oINl3jgLHHhmBCpRUcfW8ID5JfUmepCbm3acNoYU28OekMNL1NxvB6FfxQeYlzonNwy1lJWLrRBDbPWkSCRYZk+1mZXAzX4b45sigm40uBrotp1TsBMh2tAhoj+iB6zGGWl+7EZRPGwCOncWAhXcnPpbpZ82UaLRz6D5Q9RsOdf+pwQzqQxh4dyUJv35HwB1n463yS93cL8/K6DP6x7B06+5vB5oAXYFsxE6QaImFvB1JFdAwNP5pPNbIBvMHFh1Td31DvTStINYjjZ1vz0WmXPxTXauKG8k2s5VVAA7vlIO9UInp7zsELS8ZC5+hoXhrbhsESunSqJYqvl5bQ8vyVKK9XhGnzBOF3w1c8q45QctyZGiyMQdFwE/0bWYv5KQFUM1oOnJQ6+fts5KOh9vA32BSKFoynbllvuvt0K2zr7aDWvgr00w9kUfN62Fb7iLbIbqExI8wgZX4535Tzo9e2T+H8sy88sXoHZ+gKgterfzgjNJ5GREgTG9vAZjktCIwpooLwV+w/+jS+bdDG22ZXQHuOJy/su88tbkhf7onBf2+60SmmiGJvmnKrdAKriowFvYcFpDPLET53rsOx3QvoWM8EGFX/lmxeAIhFdMGqHcLQfHIMP3/SQKkFLfDA9DhOfX+NEjys4VQE0Jqb7yGl3AcEda35a74eKy9ewYdfbMfZp+Vx/vVyviRhA26KM0Do/CPW2/SM9D/chntL3lPs5WxeH7qQzumEwIn0ZnI31gWhsRWEKibse+wjTex+CSoX39G6zKuweWErrJmvSmrmC6nx5VQIf5xJM2834tTcnSB29R7r2AjDVGcLaj67A65J96JZihSrz5cG08KdXKK/jxoW9/DPD9kwuvg/Lvm3kxdsjOVHx4gPn04DJRUb2Ko0mSQ2fiDe5MmBIlVwOimaj5/3Ij+/lVzWZ4ZLKxw5s3IqJA19IV/9Rt4gfYb/RN3kFWtS0dJXnZJXtIGBYRIf6J/FkeMmQrLuAt59sJoSVDXp1czdGGHpimOLHPiE7ixesnYrHO6zhYQputBpuQYFG01g80kbnny8hgMeF+C13Zth9O2FXNoSz+XefugeoQtDmsJ87UI5Zu/bRAeLf+Ppy0vQ5fQEPBnkQCvUXfBu+i2+e9ocHIKn426zqWxsqIzPzX15p94H3vZfBsvsvI66jlVwYmEH3LU0gA0f0+Dmg398+s8W9DQkNt5+ELb37sfXOa/wn2QQfHJoAk9PEXC88AFLxD3Q/tow3bvrwhcmPAC7fbIg0ubB+PwN980aTzvNlOBuVyBozzKDB72RcE1nP5CQPWevPAEXQ06jUGAeXmpr4lHyAiD17gdMd0+CL6vPgemkEhCd5cNZ4XlY+DEaguaOwlarYjAynAjzpKqw9XAuOLaJoLlBGexYugT9bI+gycUQunfbGqxsoul4ljwIx9+l/R2xPHVzO/03GEyB74Vhb+8snB1cybcFZFjpkDFkbJ4ESyaZgr59NwSnCMJbl0/8/IQ7Ba/2hTTtWfDGLp4slgCUxAqB19tBrPWcRAUD9Vh+dy4rHj6Nbe+votmBULaTdCO5KZNo8K04rPm0AFQ3vsbZzum020yISw5ZsMnKetzRXUVfGojGPDHlw7+0oDjwOiqeSgDd0c9p2RhZihzvCqKP9KGt9x8ZlDuAaNYiNPtjDT+VuzCt7y7X7DOmOcvvUerqPXRwVBklDr1B9P8HI/XeoHC0OmxVucbiqvHwdd8l9L55mh9eGIvKk46iaqQQOOfdgG7xKlKbMhWcqk/iavspdMzpL94Zp8jBO55h3io70mINFlooj0JPEgC+2oCUZi4ZHp8JH7RGcbqGNeJtBzYK6+Lr/g0QqqJJbR2X2DFfAgZwBf5uvQp798bRTRl/Mv3+ChQif5FJzjMQyruBk10N2G0cwBX7cto68TMcCA6mFXUakN+uBPvUaqBrsTfskWyCuTNLceM+FQif/o1cHMfAxxs5HFLmyvKvVTko5AhlFpWwwa9Imh9mDGGCwqCntQTv4B54V54A5bNNQb5yOXREd3JkVRRkrFTHNbIqOKtvHDw2TyCNnipobdxMGzTXY/YudzJt6IaupbfpwMdnVNlzmoXUBeGV2Wh0fqELtqekwW3LLFj9KpE+r1CB96Ei3FiRgssctlCMogE4hASCxrA1lI9Q54SwXpp84x4KGy+Eh4ZuZKQahVJbGqkhfyyMv1gHN76NxqQ4NUirVscRS9S4vvwvmV8ypouaW3h16lwOPWACrfPrQb+3F+tmm5N6uzFr9C6AActhPLw/A2KUZCjYXpEto6Shad04DB8wJcsZK1FFcjMvepIGh2W84OmocrB6rUiVjxTJcJcwXL1ZyhJve3ndIk98onsH88pi6egoWfpq5g8ufxP5Vrg4BEdbQOTwNU6/X4EC2w6C4UlXTFm9C/+7cAc7fj3jaIUOSLV8AcEgCdpXXtPQGitWjVyG9mPfYd4jA96v4YwJIi7Y+GQ2C0/eimWOUyD+uQyNlytDq3YHyNo0jrQyAnHfu1S+qGnHt117yW/6I7pYYwyhm+PpbcEQ9Ql8pZG7Z3JMXDH5f8/DDYlHMWv/L6rzzaFXNsrg6fyVqq2L0HeHP+WkiGJ01ip43ZIPiXkOmOnhTpmH7/PXg9Kg7Xsf1FSycZmhJW9IVaCe+gFWEk2nPpHF/PbkCfhmB7RHzBJ0wgCc345g6/NbaVNkFcVsL2RVwWrWuvcZf83Tg5OFR0CyWxvG1kWz0KcSvv/feXy2soiqYw/hs2dxEJXlx9M/HEWbm3eQ9ptAhP4FXlzjyM/19pGCpxsdvGyEP+8kwWi3MaCrAIxNIWgvOBK2qHtCyk5gqZP/saDEPKw/+oU2URf/uzENL6t+pj+GZ1np0khYLJRM4tsDwe16N+0zjKXvi2NgqkwBn3iznSzyk/BG2XGQvjEKJriJwH2vRSw8+x/X+Bnj6R2PIdI+B8suSWDc/Vm0aFsTlewygrrJMSCfugn2/j3LbwRbqPDmcyhR/M0SQn6oLdTAn89uQAevyTB4v4EvlBbQwshmXqk8BQ5ExbD/FV1W1zSDtU5G8PDKFzi6Vh0UkiOheXAUe6dNh8prc/hH8Eo+JDcDdtwqpX/r/sGgjSrUBarBmxPqfMLyDxakdPJXhZvgpbUHziseZt2HmyBpcyC2j51GE+VFYOqfrRg0PRhFnETZ/0EkbP7diUM/3XCw35X9083gYOI4+Hd9MqgqxUL2iA10f9ohunilCR3iLUCgdDFMEV1MkoWPecXbeC41EIcjXZc5Neo31QuGcUTeZuh21WNLqUGU9HJFv03PaJ+VG20Zrwf9C/6BtI0talmc4x0FcyjiLKDOWEEKeX4JpGe+grKpg0z3NeDM6legtS0A/0bNhvyDiaBtsgENMmJJonk8DAT6wBxRREm1ETD1yTLuNGvEB3eOkMhMX27oK+FdtX3oFX8RlROes9ne9zg+Tx9aLziBSN0Nbhs/h0/2HwB7+3607xTAb8e+072aW+Qq/QXKXhIsXXiYAuunobHKeDI4OInnORTDyNK76JuyCfeqJ2KX7WI4eIugX8oKTu34hY3qubRrhDhWygRgQnM1yhz7RoouGTSrToyqNUwhdliT/7Z+pXf5fyhrpAjY/oqGWwlbYQIpcZSePh/6YE7yRiNhbsZq6B5uwYFWWRD+2c8LbrTDxKdH4PoUeTh8sBDq/hrwvPGW4HeyA3RSh9jfeQ7HbxKBMaHt4PPJE+Qc92PnrSB8uek0G41Th/8SgCfKH4FbF+5D3L1CVpwxD8UCBklwwAtfiU4lhdVZnBSmB19aOnlVC2LcMTFMHqrDtSeaeKjnAs94rAH/cnJYUSeWHgWrw3qTu5zbdhiUy03oys9+XPVRiv+b9xTnyxZAiSGzddVliCcxUIuJwciZP7kjJp7WG5yCrT9WUJrxFay1XU1vso/B5fd2IDTbCNbsjgCLcb8pOGgRNHzPxhqdOj7e74LflM5RsK0HPO2NpAkvZGHIx5Duz+8Fwdh6KPdejJqUxgliKfBMwp5q+Sn4ObyBIgt9ELX2hsnvvNBpfzar5FbDtTP3SEB7G2+M2EtdL6XJeIUWOs60AjGngzTeFrGzTxXGxBeCQMBygAA7nEI/WGJyJNX+XY3CulNB8IE2HY27iMKj/Nl6zXXy9k7llFnXwVpEhz8c3cvWK77wYIwaBB1BXNNfi6t7Zel5iwMdK7sCd8mJRG4Vo6X7ORo45cabpwtB3FExDAhdTvAyBqKfzuR6pTB4KKuKDh+I7zgPgvJMO4yTIeg1CoWVhx+BfvtGPmLVh/KrBEDctQALVJEn3XuMGdn6tL5JBV709PJel0wY2v+cBIpcsMc8HEY9lEDZC7/IY6iRjgoMQwlow6JztZwsO4GVXXeBW6UiB7Rtx7dOSXzruR6kB75nbalWmpkuAN/LZOnevBE0/dVqVJQ7R+vXaOMp2wQYF2HKU9ryIEZsIx5OngADXo3UtmobzHF347GLFrLk5xRsKNLF3sOlWKz8i4b+5NCXyaKwJnUEbZ+Tj9JBnuie2IlzhH5Tib0Kzlr8BLelN8Nl9VwaSBgHyfe2obWWCtaaqeCxwGi0efOJLiPBE1VPXHsim29Vx4JXqBasEIyAtrmteGymF7T/dcVR+3Xour8Me57ZxULHmjDyxnS6G6ID06M60NMgg5ZPTqVQjXt4RPggy1hGQX1oPm0M2ADSS8dAf5EgjFpkxpFqa2FRaTRHbf6CiouMKMijircWtWPJJx107BkmwRXmMLLtJ1O2MS1UMkDhvz1kF+8OwYY7eFOuFopvmADxRZHQu3ICGM9g+rTel5/kWdH9djvseHEbJqzKpPEO+1nIYAqaht/l7i2iYHH+KzoV1sJnkXuon98JF1S6aJFqCJwq+QxrO2tJ/rgfOVtZwaNVTyB+bDsqh03hN/HFWLS9iXoH6mDNrk18RF+QCuNns1PNCPjzYZg/vOrEwNG/aW4J09LfW0B93nteuyAAun5chV1SxXxbRxXCmofYepwmcshLdAorwuM56azz/QK7HvtMPe0HUPfBNXAOsIJTohdA93EI/gyUBke7Eri8+wv9qVaBP7decfSxMRC+/A1cP6ILL1Pvwxe76dyvJoJXsz6SkXg77gnaSbHVseCwKQ9PpSxH3z1i8Ov7Oe7l7fhU1g+GF0xCP9EP+OLvD8qcJMRP3v3msy6TYaKFOsQbi/EE3IlihZo0NrwdXLZuR6HBXlYMCYG8v/fRY+IPFGgShET1OAxyOQ8pbl7QOv8Oqtk10btxK3nTxF7eslKaJ/WfpmxhYzBOWAk3Lm+Fx0OBNGnwP36wpBb2XTeFLY+TUCBxMm9fHYh7nazh8L1ENPunREvjfHGLkzSK9/7kymN7SF25F94O7KGJG0Xx12cZGGVZRA/W9qNVrytl6PVQs2UMnSxYjhPbH8PhyntYv/cjplcKg1nIDpL4MBMOvPHCtUH7ea5wGb6XjcT760SwymiYm9SqcL2UGeSPmsKlH0/zzTlZsFzVmG4J1OL5qcVs5fYOUuYdxb8ym0hi1wh47dqPNiIhvPPyJTx1+zS8XhMBncO1mBKxHnaPfYWagiu4NkIIxr58j5oTt5PTw3reU1ICKc1eOPZ0DSwcKKT62dN5dd0pzlo/Grw2dZDtNQ82VC+kaZuRo/7MgJHprjRvtSiFznJEbaM/YHpiPGQIm3DcqhvwTf4O9OxIgcqa16jttJDD/yRwfMV3njK5ABdLT4EJUtdo1fr9cI3a6UuSLxWtSeXxLh85dtQTjizOg/DrO+jBEwkonGmC6V3VYDVVltpQE4Tm3OMrsYNkFXEBZ3bloOeCLfit3hrchQ1plb040Ts/dp+TR3aWQGXpsaiiuAh+PtBGpR0/IWe5EIycp0YXzomQ4ikvNLE4SuuNG+jeUQmqjVaHkKEq3BQQRwqe4yFcWhl8lcVQ96MbhY2JQ0mvHwRp7Zj76Bn9Vn6Ic3se4foWIdi/r5KW10Tggaj7IBB8DmUOKZBxgQ/PN6rCOTsP4ie7YPrxVgs8A6fg62+SUHtlCU2IK+S0fS6k27yJHUOKyEf5JVe6LqfJR23A3E6Ywqab0W+zN+AwdJtKG+aBrdAh1A06TXm6fmw2KZd99FRgONkSE1/WYPbP7RxwOoHvboukmmUhUCuxBP1QgC8bqbNwizZ0FkfAlvW32U/9Kh/duh/m77qOwm5ivKEtBRoDhjg+/geYHRSEPY5DcH16K3/4ehC8pgXTrhtX0eRDBpz+to/ePTWgO+WzKT7I6v/m/5ZfaeaOdgO8q+uB1RPP4KMvjKfkS+ie6Wsar7kWGx9rYtaQJQgl6LBPTiX//C6JoulX6eWhKpzkHINmErng2ubPz/u84OAZIxi9Pow9l78Ds/OKdOZzC7lXx+HHmQmctSIJbp3fA0Wf3pBkpA5Ey84l/YQHYGfnRped1als0UY0+m8MLtn8iwRCQijA5icuHjEFvvWocX3XbVwcq0IBuh00K7+drNcbkew3NxKe0Qq7HK9A9OeJ4KZbgQJr82ivbDRMm7AYyiT0YbHPRWgMrATT3BySd44Gp8fK4JY+AlqylHH67HTw/P0Ev1V4o6zxEu49ncclSa282X0OhO+dBlumCJPnzX4Kj44Fp55r1BmcBEtWR+D0q9KsVa0EZRdf88+DqrDVUp/PV6phooUyDNbYkXe2IfHLaJq0Qove9/dzedh1PL5CH4pN6+HB6jto2fKTrKzf8yV3b/5VZkrqF37xg7zx8Gu3LEsWmMHS0Bqyr7CnZp8ZKDrNAMO9HsI3K1EQbAzAFuvxYPS6ADUqtGCTvhs06fdBoHgVGuckcUbfLlr5bQZO9jKGkv/yMNJmLc6cYwGW5zSobLU/Wxr85v3pxdAqsBpCbDbS0vn7+Et/NdYufEENwpbgtSIbnpvfx0TjO3i3ZxASv9mDhVYX3pklBydyd4GTsRkfHyUKpfUP6KNLOTcnHSS7uefxovwOLg1VRJ3L5nhtwSC3lI7G5bsUQDZIjEa9HwZP/3+YrPsZw2uXQYpfLvUbvQXPV1swIFYaI9sQjkrmw8RPIng2KJ7j54wh+dAafv0smdLlzcDwiC1XFWhi8aZxYOx8nnRcfcF9QImGntxF5ep3kOiH5DDFFF0XDYKM6zqONFCGwJiNEHezB1N3dJGk8Dp+aXuIT1TXQsvjkThv1SCZbCoFi5yRsFT3DLto7KZZiwXp3Iy1MOhSBVfQBL9tvc/S067iopsaPHemKIzV/ISiCjFwp9uaxKMf8Z66LTDT3YReHd8JbyWOYM/Fpzh7ljg4hHQifkhneviNNxoFo5gpwYBLNq2USeB7LiUUkenFj1tHQPq8fIjf9QInyybCZ2VLDn0ohyt5Ksw75ovPbi+l0w+a4JoigbRcES1MXAIDZs/w6prlvFgnDxddHku/Fj9hbesOHAMT6aWOABwVdGY+doH8ny6GwrB80v80lQUW7MUrLUvok4YynH5VAXu9x0BKgglo9LvAh6HD5Co1Cq0m5MA6xXKq3zueXRUmwOtH2li3bgSEPBYgx62v0OFhJ4pckOSLRsWgUdVEWdvS2Hbsb5o5ugGW60vDvqY/5P53DeUHtELFpzLUSleEGrxEhlkV4LzVl7eVTOCHCkIwNv4aTL60mAaWuxIo1mK+qAbPf9UPM1+9BOfkYzzDMYUSjlmBZqAnml9u4CPrvNEAxlC9oy2KtAZT9tp6vjNtNsxe4w0jw5RAw+w4vtm8E3S3HuVCOWM8dfIBfN5wEu7l91HOVmSP/k4eVywHM3b04b8Vk8iyLQdNbltRbK8JDD19RiPPz+XI4TFUVvsQVMZPgUcFduh1Nwu1BaJ49RQX6HMpgpaD3Rw01RNVDU5Dz85/cMxJHn6ulOaKtib88raP1dI60E77Jc1dvZC9qmNYa+MykKo2Qd1nwrDFt5Vfpk7kCT+OY3bpEjpVEo2+yid5ocI77m58RZ51plhdYArTC96DQ+koCA7qgua9q6jj7FOu3u4NdhPCQTzdBL9P6GLZIGV4qzcHV61yhNr/HlPpRgfI++8mX8bHlD8sAKrVjST8J4seuk8CuYGnuD/8CBxr2gThMz/i4STk0SOAbUzsOXyzBkbLB9AoSwG4dzEBwqW1KLHzAR2TeclO96rZr1mcPXwXw6MaGaRbO7BqkQnkHW5k38YUrFxvQt4muhza3IcizVuxSGgmmKqrgMzoIKgq1wSjIsQdtsm4b8YwdI/eBlfzv/MzVV/+6lHFazQ2k+aRNTwkLgd9zwrw0n5nXuRRit0TtmHiQUc8svAa3ZaW5YF5UXDmym849lQaXg/eQpkvznj4rCHfWvERfjYdY7uwEzDP1ZjdXkzk9YNGoK6gB8NlXWDw7w6cE1ajqLfveY7iEX52ZSldm6nPX5/0QvBwHdk0ScIC7yz0H+OHL+d7oFniKa6Mt0XN6R95WNwD0+4LcM3XfJry2BrKIiSp7qsK3Lk7mpdeKCOnOB2wPXAKyl0Oc2kvc8DZw7RceSI0DZrwbJVe/nPSgx36BPlssA/d0ttKaRuVeCEFkpz/Lio6JwhhOf5UYSsIa8PWolTNPugiGxzseInHbRvYRMMD5pYt4w0VBCGp//DRTQMgdVMSub+KDS41Y8EsQE1hHWyethpPnRjGaf9NAa3Rb+jfwC6wEiunKX7fcVSvIK687IxFf1dCRJMTr+nMxcqR5vCm0ZMf5oeDungCS6oUQV7GfdhqYAdzSyeC4/MhEKuXQftVqpC8woE2P7xNPReSMf3yMAgHH4ZNmoE8ce5LWCGkT8UJB/CvmSC4RUmjcv8KimjIo9GZcaTnZAm5AtPhUJ4q1O1+Aoc3zwTZe3pQI/0CdnQFgI67N2cO7OPdDzfjhlo9srK2wIAT5zi5ypSOTZSGU52F+KffE7UjlWnQ0h0KxbPhkVElLp2+nLZPLKDMY5V467QAlAwnUsAFoOfmDjBQeoz3/wil3PMT6MvzOvYVfM0bkv+R+QZVSHOXoSXP9EHglhPJ3eljcY9s+j11NX2TnUGPdNQ49tZXqF6jBhmeHlxvuBUiajbTnMVPeczYJNix8AMFXG6jzP8USVQ8lmy26sEIv79sWkocb/EHZzUXIoxT5ovpqZDj1QxaEcdx/aEPlDDPCjyDZtHxsGzoD+jmc3fN8YW4Gs/cfZtmlx3HJ+8C+OvXQXoqqw+7I55S0eAfOO5tBF0KqbT33Rzoy9SEMZMy8P5AAGu9MqJVjy3BdaoJVx8ThgStFyS2YyJ9zyjin6E/YZ9yGc8WnsIHY/VRNwshsFQKdhXUkWHeY154wBgHhxfA/DMppGpYScL2e3Bd/xJuXDwFvFrXkOH2Oiyyr8W6Rd9Rr3OINmqGsbKPPoSoH0Dhigp0rjcBix1NpLZpHs6cNQpO65tBdoce4v4kcLdfC8ErkkhwjyV69xvBCP6GcTtNQVs8BaaF3mKj6YHo59EO/1bfoZOLZ8GnhFE4sYXAE6xZ99MSsPkiRv7v3/D5yCt04LkBwhh/cCi6CR/GDsCHE/JQseQb3Ne2p4pSLQzuaGHdnhgMvVWGJcFb0P9KOUj3DsGFwilwyOImSWkEskZyDUUPN5D5wWpSmy0HfWvPM0c5QyXehiV9gjBvfAN+O+/J2numwTMHRf4i58RGbvtpmeIJ7BLbC2FTlHiynTlcGlrFRqWduEyyiPZ77CWFG3d51UASPtJIgsCIVnRRmst+Y2Qhd7sbvXFwBm2raoja3QJSTsro6r8A/8Z2cdPKHLKIk2J7v0nQ5GMGnrkhrLBvNuW/UqJv2g140eUxz8lTJM0WD4gQ3M4+a2RB5FM3ryy6y+g/lU2fC0Ob6V/e/eMDvav7zdujSnHp73d0bZ0KTClPQPdbxnj1nTNrb/mP1zqUY1FkPxlWKdEuXQna7L8MqjongwmZsP7oLez3UQhX1A/C2sNqtO3Lb3py+z/Yod5DlZ2FKCuqDNZ/x4F1jBl7zLGhj1/u8a9mWdznEkWTA1LpapYl9NyKwe+zLKC1WI0OjTlLFfSRR5vXQFTtH0j2NIIZpnfYonyAisMtuFtzBEh4iPLlqEBc5R6Gmy6JQZmfOUn0v6PD/QgaV5tB+0g9704YCT3rVsOlF/fZIruTtkU+5bimAlptZ81Sfe3wfJ4/ZYZUgJu9ICxNKqH9lzuhKb4Q99zxQ8+3IThf7AZXP9iGcVb28O/KchI3NYZu46Xw2vErX9T9wXLyG6nvUSO0fpaC1PHW5JYqQ8tXPcWrfkqwy+8gqnRX0K2HQbj8gCn9e1KNshdz4UPUUdpofRzjlP0hd6YarHULYzmTP5iTNgHkTt+DBbWM5vPd+azpe/670JLEhYop5roUJJvn0dn2KFw3ZjGatV/B0kRVSuq4wN0P10Pj/ce49Ptr9qmfCrZVq8Fc+QcWvqhludrx3Jw2A/doVHHM4xZMaheChA/HobxQD3y7L+I4H2NaYenE3w+VQKNWJlc1A7StkuGP+ICKRmpiT/AIyNEyZ61t92HelEpIKrrBo6Ou0IONSuBZ68pdl9bQZbW9NNBHACLTQEX2J76dcRlSKvvh7uECTPs0G+WD57KysTn7OwXiOTtFWNZYzJdfjualZonwKaubuvJP0bepefgvZBPMbhgJW1aK0BpbebA/UAkP1EV5bfc3knGMI0v/qzh2lTK9sZAExwxTEJqzCn/kT4RPcyZQptxI9i3XQvfjk2FReiYW/PKHNTc04PMjCR496ji7xBmB9+7f/NzpHtV3DeC+kfn4x2E6X7HdBhcnVMJ8jb0k/6MMBIKFIXpPE6VdX0E+twahXeIDlS/ZC9EhBrBtQwneWjXMFakmOGmlLKgVHKO1gzM4w1kaNMqvY1BJO4y66skOoTJYie9RwriMd16Wh1CpAyD+fTePCCtAiyFvqr25GS/u+gKPlkqwxplTdLZsK3tpaoH2hlQ4v+IQnfI14EUf/2FRSz2VDf/FzroX7NtkQ8q9R9lnrw40/OikX78P4ctPvVRhfx7eK5zDy9N+o633Mp6qmUjfyhrZ49MkyE32g09Zifhm90OSMPYHteF7tO5zMysWbKf9o1rITOExxIwcCYoilehx6iRoHFHlr12/QK5kHsYuuc7TeDHZsTEn21WAn80IKHYDFpHrAdm5tRxzTIFCXb9xfaYYaEiFwDqLftYVuIsvV02Aq2FXKTn3K0u/OEhZY38SeIwlhX976fPGYYj+z5a7JD6Bi70gfAsNJ7mf+yFHZCM7ylRDjW0zjLKtoYNRv+G7cQAbiMTS1O8SYHaKIft9CLo4ymOQihXtC7/Ok7Ut4Il2MVikvSUVd2M6a48QPMUFbFZdBJuJbfxQ/jNN/yJPzhHj0CDKhzIbZ+K/QwNgUCoPt/Q04K/5ZXT4fhB856+gly8EyO1qAlzN10TbohJyP3KMj1powGGK4Z9ywdTjpsol7xzgaUkBBClfgSiZC5S2to5GdN+EBQ0WYOg+BGnfpXhw6UEo/pNITxRVSLfsIJ9VNIRzA+O4qmMCv/wtC/InSljgQTZJ7P5F5+ztoG2zCjr9CWe10Qsh481VLgi+xyeFpMDSI5hk4stg6+cBxqW3ME1lA7Tb9tBJuIy/O9w5t+cuPEtUhhsx+eA5dAv+Slyj6VWXaYL/CqSsftKpq4BDhj5U8WkLCG0zh/dfY+jBhCoumqbJggekqPdIBZ2PEiY18QVcOH0CReZ+Z9m/RvAw9TcnPhMh95VB3H8iB+UuNrN8iBjfyPEg90duFO3UAWnnp0HX0kJY5pMMGXF/OelbGPnMP8mj0h7zfr8gMFV7R19WXmPjKGPoNlqD5m9F6K5bPdsJAGT2q6Kt91rc1aBHspebQG/HW75dA7DAMR2/ZF4liWe90KyygLSUfVBEYwd+WBbOH3ZfA9VQH5gnbgA1Sefw7gslDj8SyEN79Wiy+F+s/CTO/nbrOAdF4EdWFAZcFIB17+LAWscHV26vZTv53Zw4vhz6z7hTkNwjqBLOBBUogZNCZrDrmhFeLXbBxfsFKKBYEfIq6lEy8i8M+FlAdYgOG8/wwpE9U+HlUgMet8cZTn08w0G5M2HQt5QjAxypa2Q0ZcZOgIA/s0j9/TTwfVUIP+dv5qSNKuC4pJrCLUNhdXE82Bh0kPLne1hVZAyHK0xgb3QSuRiG8+i6Iao6exsEwqIwt8masvZL8sXr7Thr/TFsuiAHQ0MJEExHUOLpEMCeWvh6/TJrbnyHRpZDcE2ihb6abcTw98aQZugKjwZf8UkTKRBN0EW936/Af7cqJudHUrnHFfg56hdIXAD4ddUclv73HGL2X8XE/9pxr7Emhj0Ow9Rt+nhl8QFu/F2LOyKkYHXSNj7jXk+JDi0cf+El5C4WhTEvEjihfw56vh3Ds3zFUAvlQWvPSio+tAG2T94NT2ua4NkZD55ifBa2pCpAv50auGaG8qOHo0D8fhb/0fLg8C1BkNLuA1rSwxz7roEObIriu/IqLKT4hSM2TQO5vlS4aFaP+otn8bFgG4jILGSPFnESf3YSdNtiuFL+PV7W1Iak9HJosqmiyw/v45ZJCuT6+Ry/KvChrVbbwUJDmM+2TmabtzIgYZSDcn4auO5MLrj0RfPDVUVoo7kcX44v4BEFgtx2wpv9QwxAVtgZvZd84aeHbrLlgTbc03gZq098gtonI3FW8UXK8UY4aDAeLqy6iOJ0HkNSGNPcz9DciLvUtSwXpM5856EWIe5ozaO/u5XhuuVUFhN9zSc8Lajlog/a/FyH9xvO4vg3RG93aoF+6zRqypSC4OI17GaWju2eR2ifSCPu2DeWpisfxHnnqlDBPJqqLozl0UYIzz/fwDznz+h/VwG+LQDsx2hYW+FD+9Umo/vk+bBhhw51OUwGVDrG0SJ+HG4WwVUK+eDy8QsOPw2miSau7LV4CI8YnScDtZFg2J+M8kfm8Ko2IRrGubRO1gUf6l4h07Fb6dz+ZJzfXgHe3WMg0eUvZTg8Jb3J0mQo4AszlweR+MHJdHpSJQVqGoLatRU844sq3JgbR/9WJrKmjS0e2mrDujQD52RugAvxC2jfmz9wYdY8HmUmCnZnHWnpaQuM0beGfHET/u9XLfkKe4DC0/EcfGIW5unrYU2pNlT+sON7DjGw9/wQrXtbxodl7CHgsTT+Vh3Pdjku0IQFOPm2KfzpXkCOb4Jo+fhJoDyxgc1+peH+A9ZQu+wn1Y/ywo4V/2hwUAsO9Ozj7lG/8Uj2Rq6L8CO/rhSyv3mQmgxc0EfUluIa5UntlS7kFj+A7N0POXbPS3CX/A9cbIXJWNyCDrSFcLHvAESUfuDkp3rwYvZxrO2/ir2GEZDc28uRF+Lx3Hg1vGB0DXR3B/LClnK8qjoeejovgMheNW4RHMDXuyJYwHA7zT4tTKQUTXZ3p9CJ7ChokLQEY/tnsEKph45NRkxusUHDU8fBcu0pdK8/SOtLN9K9qR/5n4E4RJ2bSzMf64Oz8he6k34Qis1leNbtZhp4HEV5GUsh32ARBwaIgOP8i9CnokeK61LJ5iHhzuhd9NRqPmdM2oRy08pgxUQFyi1RAxgbx6/cjuO1zgyUuPoHlksXcFK6M2oXTWXLW78hq+Aie7lowj6PeXikJYOCCm0gKsIO9rYpgvqW+zRicz3unD6ORQ8YkfcOU7BZNIY1w1/ghsJDpDDSHupWxVJGLEL5DgS1jI24PPoTJ1eogMvXFvjUeZPyH5ziGRKymPkkixsc6/mVyh6cc7ST24eXk/h6S5gw0QjvZy+CZ69s4VuBF0meQfi+qAIsakPYfNc/Otc7DvTGicPpvz+p7IEAjLirwAJn+6lJJg9EQ9dBZu5Rim8JxRFJTdzy1QLqPE7yxvb5IPvqAe4MToKN4h/w4otJICvznrI3xJNWfC59n28KBj/8Mb84hmMuiIOq8FZS9n3Cyg52lKKoz8FPeklh5xbYqa0E8aXx2LvIiI4kdMAbGx2UTDPAPo1ILv+4lz6VLIBzY47B3nAFmHO1H8IE/OHrkSqa9O4Mfm6Sww0L2mlBkib/0tFhebdKmtgnAYeunud1Qrf45dpwKlIKpC0Rx6mt9Djv0tTB7t6rdGv7bAh7MA3ObLkKJ7cPc6F6MtzJtoQPQtY0r30hbOpqwfmqGQxRb+isoQLcctKjE+P72C5VCiuiQ6B+hhJ02TyA21U1tMtggA8c6YGKJIBdSTpk9TAFrr2+Ah0UQEdO3UWHZ2243VSX5sW8hMlyHZSbawoR6Qr0dk0d7JkZxkHWA9AQnoZorME9BYGoV3qd1p2+C3MbDcCyrhf9Gj9DaFYHD4Qt4xWHslEvNJmKxFbDk6DRuDVGAV7GmsJcq9eQ7yrODo89KTpEkRaWV+Gmi2fR5U4n3v2pwbGYSM2SijD+6UI2+joB+8vd0bIxDyse9uMxmx4s1PgNcZqqNDY3HkxWTgO3U+Pxbo8ZNhWWspVTMv1ufQ0hvRvQpWQunXFWwgChAfxoYQiZDb4wPVMKjyak4IB8FSuay9AZlfeo3ngcViWEo9NwDx1Jl4aK8aEg67mcpU5Owo6U4zDx3HbI1SOKKdSncRISKFzezx1bACIUhSHw6Huo70gBLbGnUKf9i9YpjCbLT1H40mw1rTU7wQnXEVxnPONcgw145O9yGjfJiLZ+WQydphOg48x9vrHuEr8cZ48myaPh7I6brBXnyHCgldMa7vDOfy50afZRlOnYjXXPsqG3OhJTfNRAS9sMnMTWUocQQWPBCX5UXUxpvbep/eYZThT6S0/vdILNUy24ty4TvV9q0pD+Qnj4ew4Y/ZrDR+7Ek2hKBS3VYBCLec8wbAMS+pMx9IAGtmn4YkbweXrkvBndW5OYg66DyERRNpc9B3RhJIyfHgxqo49wXPl1Hnf0ABxa58qnhNeg9J3R9KLLkzPfbSGlZAmIORFHsV3f4NGVUm5V/0dB0WJk99GJEh/GQYW3BjaqaKF5jTKcm6aMEn5vsVrchx7q94HYhg9kmBVAuWsqsG+RCqXfDITUbSPBRzSc1h+SwWs+n7lDTQgHaqfRqfG6HLnPmHwvbodJqxfD3S16cHjnRVxqK4EjKm6z471I6Fh0ES5pmkBPSCu5VJrDk4xl2C9sAWraW+hR1GycVR5DN1TmkPfDbyz5s5hTHkyGqJCzFJdlgJPSJkDd9GESP7yDrYJbIDtnIc1Z0Qoj/9xnn3xjXjUgxtYdE2D/GD3wgW242mgXepnag5COPpVFzsTBo5WsO+o83z5Xgl8/NXH5rSkQ6xbEWQG7eKphJt5+JAOAI/B31XoU6ftOKm0lLJyRxWkFlnA2NhzF9qVCef1sthmMwDST0dhjl0t0pYT2FAFeT62nk6OtYb2AGRVbRlNzy0nsmtYK/YkjaG+rF15ieXj0qJk7jY+T7B0NuHF5B4s8LIJzfUqwNVWJj7QO8vi5tbhAJYUyLHLgtIMfSOUow5j2EHhgZI+n/54hS4XRFFBwElXvFmFj4Qbwe/cbfMf/wdZXCnDyXSK3tz2j0lvlfFRYlYbXG0JM4kcoWHIcb1QLQfpWI1izVR8sdWpAOqiNdrs1cm8p0IoFulR3Zi5Fp3hjuuxN7rI6iDOrR8DyNxZgrpIHsWMtOfaeA8YFusCI3CgqW2oF2T7CnH7wPFVenwTD8r940e9p8DaxGF6GCYHSonZKSYxA7+G5/H1qEG22nkLNnVqglVOIHbKqsGb6btjW2sinJvZifpQ7778YwrlpdWiRJYB2RQBmLr7YPCMXzgvbQHhqDL4UH+L4ybq8f5M9OoQYwa4sd/o2TgEatY1hfNQ+9PfTx6YXs2iRpD4EKEzCH7muOFvlN6apnEZLD0XIfnMe32w/CdpztfiAtDH9TVjCi0/Px02Bg7i86zGYDHUyrlaAsCtGjNEjsdXHCgtND8MTOXsy/2UOf+dMg4o1O+iD3yU8JCUGA74PMe6qOcp3P2bvi8asmquFP3bm4NMSQWxQr2Gr74Z0YMJI0No3nVYYdlPNzp182OMiqKz/yxb65VBUeowWr3KHQbNmeiamBJOkhGDLdw0+5P8VcwurqGuCAG3e7E3TehvwmXc7F3ucgNKvJnBqXj4HBpqxV/xMmJYpRE7au0F18Vc8OGkkyromwcj8BJb4IgAKh3vJ+UwczRZcTlcOr4VVw0Oc5nsZ+u4fgYnCjrhBbAYrzbOBFSY7+IGuID1yNsIxxj004X0npXpJ8mHJPfzbKYj3HO/AnT/0QFvDjLqSomgoTQd2CaryKb3L+DjvB+2VGEkaWg+hdu09brmiAY6p07kk1oPl3srBugWr8cHcRJ7ZvJVe+6kzzfiLs5YeBjVLMZhjGsLvtUPweeEqSr5wi/BVFm3hdm4+0wIpqz7ApVknULrBGmwPKGFYtybvmR4AzvM8oXmMGh8o2cNqK55D5mVL6Cxs4Z86Y+FQwzlcMu8MPLqTQDOPynLQ5nxcIG7N0y774ry6WeSw5Ak1BehC98FwuOsxB0sHj7JAL8HPoqUUJnKChXat5qlKGfxC0QmeP9eFUPc89H0xBUanrSDRJSu4y+YhmWsXYtSbbHRec4O+9G2le/vFIfxcAkuYWILd4hk46dlVCl+uSllh0jjzrxp/zwrE3ad7cG2YAhTL5NKRHYJg/TMTQ7+eoMyYLRSWpU4LtdzpjMl+mrokA33v64G0ZBO8kmlhjZcBsLF7DF7R3YiN5q9AZlw8dX9xwvQhPZI9JgvrO67yP7kzdEf3D9rtDOEWE3GedGAPlW4JQ6mNWqy4fhqlXlcBoc5TdCbdFh7c8afxyXKUvMqVgsuvw4NxzyHX8CtrRgXjyhBBkHRYCm2F83Fpsjfpv+3H2Vck+EbnSP4qo04RObH8pXiI66pNwLTQHEsk+1ByxgUUW6PDnrcdYbk74U9hN1z8+wQ/cisB1xCAdqc4CJjtAo1jx8BR4w102kEG18xN52k2xbwqYADuuz+GccqaEPHjGjs/iKSkm8NwaNphXDLKEks9d9GG3qWgq/0PMg6Ng2NndOFH1k/2F08DhVepELH9IT2zkySrl+F4MtuNJKWy4f78BjhuLQe7UsW4ZtsgfmuWh/Nbzehi5EMwPjFE595+B7G5GXRMZBb1XSOYozfAo/ZI0dH8Tzz2uDdnl1lRnzHxoLAXRr8lONX3BcyOK8OOvKlk0jobnoanouirXBSdfhNMhPNY8rwiOdjK0QytF2R8Sx9y6u5j2K2f+PLBeo5VOswKa6P41HYHkpgkitnzlSHooyE/i9SFq5u8qGiMN6abDYKD5xN89SKZ9+z5wKEJ+2lERwqLzDvJVouV4dfCCB4Ik6E5tr6o2jQXfhk+wW+6bSS/4g2s6P8E11TqScFHDSR1zTno9Tk6s0wKbOwDQOZhGEiuc+U8vwxsEhPF1swNON/HFKZ9GkGfm+vomXMn1uuZ0qu0P3BAMY4qMo5DWFkYnwi7SXIHRsAN9b38rU+SN3+X5QO/tvI/VXuc7NfB2/LqwPP1NtxiJwQ39knBmRUPMPE/aT4aspoUwy5Tc8E0+BmsxLwwim9Pf8Xz7kVz0RoJ+JReDue/t4Lb20PcGTgJ3n/4yEuLb8GSIGe2muVPGRqbINPOAoRc1+N57Rra/joU1cRaWF8nnw++2AUUmETvJv7FzqRoFjprDQlClfh4rhos+TSa7J6uxe/OGexmFspCy2p4s2sU3vM/gy6bVSBM/R+vXvYALi3aAAVHN/B79oXkoQr+PuiIo2Nv4Qb1TfR0li4Yu/lBxvByLv52gHYWGKDUNOIwT3domL4YU3zqMWllHaYqioNyXBgccYzHV3u/gmi7K61R7YFvb8p4Y8VTXjvJEW0PGVPGLXmY8CKebHzX8dSUt5Aml0Kr0zJo19Rt7GL7ETsUhkHRqp5OP9GGzd0faILiXSxZ2EAzBcQpT+Mo5kS+5CcrWyjwuznlO3+Gv6OUwOb+dHS4K8W7B1o5OQugRsgCw85NpIiycyhcegSKN2yFhDnm0BKzm1KEPHiEbBNf+h8B8AEQAgIFAPSP9lBKS9qlaElDS4OEjJKRLVIkKW2SUlEkEklG4RRNCZGRlQpNSnZWSEmSQqV7Z01htKcGXqgQpyNbFuKbaCtOe1HKRbEIknXLsdN5Bq3dPIdf3e+lHLW9kJDsB2+PLiR37RNU+2YAFw3KwOCsUNx6bjVvPJ1LSuOlYNvkneiUcp7715eBQVUm7hLQhL0aurD5zxDoCbui6PAzcpx/Byu+ZuPRscvJRHABl317QlOeZlO0vCQIayxB/w8XYbxzMOm82E86Cg8oae108P10Fg1dVpHbcAx/3aoBD6cocu+0JrRtLATHo2E8/5ovvD8WBCGHdtPx7hpUPi1LYt2ycFRJky1/ZrBzSTZ2jfnEWcKGmCi5nGw0i0lDZSuEZNtz/IAA5Lc7ktjmCGpbfQADvET493ykoshWvFY4EZ3DCa4d8kS3cGm4WXKUSoLv41IHB3wScpzLq3phxwZb1rr4Ba7OCYH84UheES8Lt429SFounw8nWmHDqj/gPeoI/TT8R8JtybwnsAUbRvSxT9EIuJirTylbTlNq7lt6eMcM3aKO47Htw2Anq0RnI7pxY/UuyBNQA+1tIbxHzhKm3ywm34UEQ+UfcURZINynOfjR8RU3NbdzkeUY2BdRCFx2HePbLtLA7q/YMCeL/zn/R8UhSeSZmE39M6wpsWwcHF5tCA/UD8HeVXmkHekIG12PY86B/1BF1BuOh6nj8uJseFWlBE6aC1jwv0JyWZgEhQv/kdoSV7LdtJa8f6WQ43NxfJY0B4J3GcGCsQLUFeTMj55Y8GibJq6904xvnxux1+UYyFa7yqKlZSwfw5C4QhbrJz+EA09n8oExeWzRmQr/SWZAw/FGEOhv5z83H3NfhT0ElOjQkqtdfLLXGXr91LGklvDiSUEIflhJDvIpeO1XOI0zMQA9fRE0PZ7N5Q31eGChEV3efpC3dF9k6Q4dWn7hKZa9SScbTwZpswDSlPiD2V9UMdLCm9187rBG02MIEvrNT/N/wkDoZjyzQxYuS/YBXP9O59/cwqgnV/lXzlHwyB7Daw5u5lmDBRwfFw5jpuoDfcxGpaU9eOe8Er0tMcc8RzGYIKbMwcvESL9yF7REz4OTi6VAJyUSu4wzsDdJDigugTI99KFmxiEckV/B9Z4xKBwcxTsX6YPE76WwJectjRgeg7u+dJNJaSQ715tQo8I0Oi/QDslFodRxUwguW6zDpXox/K89FM8N91BpeD8b7N0C2ccmwKJbShwamMb/HAxhxeuHlDuzFoeXXaFxy+s45s162B+YDrdLCtG+UZtmTy/gdYd1wOuoCpxa4spVfXNAud+G5CrnQm9ZFL++sIz7Y4bwptF9DFhuDrXZW7ly7lW6oz4OVzne4EwzF57Qr4EWi6RA41wzyiwqI8/zeiCwbA5cmm5HV49/5vVZqvhO/Aw8q5vKbQIiuHiVJV8wnUJPLutCdcUVxvvG0OaaBbX39pDIqivorXgTx3MseJ+OgpVpd+hQuBBwjS0pmFvAvA/tPF70CUe9FOWUUA0QPfeD1J3OsOaTWXRsgjVsOHKeBL5bgkS3Kimml2OPyQy6m+uH9QaFPHfJQ7o49RR+djYHm+1CfM/nJxScDGdH1x5qcL/NdWeMoPHNHRyQaOD3Pq9YxUofIr7XknXoax4IdKYdV5K56IItOvtW0+KeXNq7YQvoSTrg8tlG8KOmGkfrXufws7+4S8yOinkmyVbuwJ9l0dh3RQWmiZ2ElCo5wPZILhvqguv7LLgoOhjkrF/xZ6sg3L/4B2wX1YKIS2Mhc7YxzP3US6kTFKFi4g/W0MtE/19nMPJvMx9L8AHzJgnYXfSFJieowpvQTbCY3sKscVsoUjgH9ld+wfsNvyCxWJgWzplEqzYthftfzWCC3h/qtHTEqveC/NItmFbsFqLvUo3gdcwRs7cYUXV3AEeF6IDwFuCPlxT4sP4vqN2aAP8t7YNto1VoRf5EbP9oAfl5SnR4lB60Dc/jP3W7ybe2hwXnOtPpS7r49fxKkv94Fw853cZZ3oak5aMEKqa2WNHzHsoVpkNXlTQeE+sCn93V/F5FD7IshFFkyAUGSybAV6EQXnx8mNy+F3OfoCWb/LKlqNh8kOy7Qp6riqHyRDblOEvChYH3OHgrHJfsrgAU64PBi+PpYZgNvRlrR0+S/qFQO9PucgF4eEiJtpdrsNFzoGWZ83CfsTpNFXbCR+m9qFTXQf/9ssOnZxEuuOzGVU7/Ye3XAFQf0IFOg00cKinAn2Rfg+Kqy7jIZjIIGtiCdZQCPd4px9u6hengvB2sU5bLD7/0o8yiy/TA7wyFHqrmjZaKQInmmJq4AW5lPmQ1jV/0Z1YjmL/zh3Sjcv6nT3x0VjAreiqD8UkfXG//C2v2RXLL0w4wjHrHvR1J/Kglm66dsmBvMTVuEREGyyRN6AnYBlKeSvjT5zxfuZsGMfdEsVO8GSVvPsF8eWuUj1KG3LGzcbbeQQ7uLEL96w605GYxNjxcwwUT71H4+Vr+F7ECZhpJwd8mG3wTlkLvTizmGUv3kJOoGO3dPIm+32PI++EO28v/cvlWddD+tIwH3TPhnPlN+HR8Bl66uxtP54dQ6I118GxwNtlc6IdCFwGgqAwQz96JVtk3wKezBTq8pnPmeVfoSR4L8+5/4tFNf6Fi50Twvr0Rf7Ia1n/4waHKnji9tR4ufC3i33LHwC1lLzevjaOv4xXhx8EcuuXXi8OLAynj8kS63LqTmp6ksWi0A805/x84ZHmy/Hgx0Bt3gWK/HGMXy1KskdRFmetH8e2jleSnnkE3ZEMx6k4dn1MEEBB+DzHFyDY/z7BJwhXYdCkcjs2bCJGTK2Gs2CpYJ/MBFmlLwUWZq9CiXk/W02tQc89RvHgwDelOBV9bdAdNBy7inOR/FH7FCh4vVeLdx/upbMtS8m/aSV77N/L0MeWwMzIVqduIJ97aAxbLreFh/1/uOVlK31Pd2cRjNNsrvmHzhCuYN8oUvtg5ceOUVqYtkyDeyg7t035Dbbovqbi9px/BUXTyqg8fc37ACXdiaZL8fFrVow7hrwrw/ovzeHX8F5afvJm0N8xF9zkKkJ2dzHNdptPpyLVsMyQF56SdqX+kMItZNLAmrSXNB2N4fugKzpq7AdVqN1KX2yPe6GUAorXroe+aM+x978QLfozGUeby6P0oCsafi8Yz4yP4woEzlNZmDBgXgh3F6ynZZAcESTXCqA3ubOESRC+uamGT1kuc/CGLZP00IS5uG+42jcIETRdKmOaMveZZbCKRD5vfDeLYqVfB+JEXKXeowothSSzXLwOjGxWUiSL8d/pfSFG9D4HDKXCobw61TdoBOrIjwLvoIzdsvYI7fv3HKcuuwpSqAgi8tpGnW0zAvbkiMN1fHX616MDiOIDMG0dI1G0b+sQYcs7Cl7zgvSJXWeTjKc1iTPp7kHSTLeCHzgXC5Ej0ME2DoRx7kNW6BwvFH8OXhSPAUf0EFYf2wfQSJQgtPQYBu4T4Va8eZaq+49TIaaT1sZDln4RS0NRPLHo9E9dlyML4A2O41d8Iyf0FR0lqcp6OF3xrEIb6nk801ek5+RgHoN8dOcjduB1kpBIp6mg5G7YMgGxFLVjrtvDBY55Y0z+NHuz8TP6BxjCqaTV//b0AvomcpOHRO8D/tQC3FtiTmXQFqaxrxQ61LZTzegw8yVfE4Z4MvPj4KXtWmsCUffMhfGE4OAa68e7ulVx4fiSsipGABIU4fHN1Is0wnE9CdX5YISNPTUv1+eiau3x8gw7dXrMcq1skoKjhPg5YeXBMdRGHjrwEi/9pYHGeE88/fwtWKvviEWFLNnG1gY7WebTi3jsWP5fB0W65zEOrSVlFG+QmamCs/3p6FHeFrpqagNC/LKrw3oKjVWVZ6r4ul/9ZAEMhNny5EniB8EQMjviJ7fqjwKpjFJ/YqUaPR6oR7lPgYyiITY7tPHjvKoW417KURzif/jUJpD2QbVOf8osPzrAhZDUbH9NHnSn34PZsR/jyA+lPRBCagj1cQWv+GvmRhWPPo0vpBMjXkcHGuBq4saOUe/bZUNz8YD7/XAsU7u9i05Wh9HUu05kyf+7JycTMQwr0j2Jx9blwFndOoBWBgnDuxEO6pvWWmp+8AeGfZVQybEfxTSPoSJEyBarMoYsxtzBNFaDtsSJ/Sc6Ew/8mQYvlGdrUt5nX7FgCTQ+EyFx/P6a+mkLPt6lC6KdkWKs+AYe83WBFx0E+G2ZDcTeC2evkV1Yb7qaIcAU41TAKMvVdKeTcYth1dCmu077FZ5dbk+WyEn738B4umLkIkiN+YNMVLbg/NYUDX3+G6e/HkMPEU7B8nTEXTc+l9V7htDhUjzL2/kIB0ADBOSF4ZO8fdo4yZ/neTsoZFweoYAYTzrfA9esz8U/yJp69WQp0vSZxzZz9aHH6PQnsPIsW+fX8UMKYV6T/gb6DPfSq8QaIXLGDWe5JGD3qIEoUhOCxH+Z4unwXbJwuADc1HsGXLZrov8Ma0+YSdOuVQl7hNVgX95j6N2myjn4Wit9ypMX77qFYzwfyEf8BHmAFL8ZdhRkFi3liQQnLS2rSvEl98Ox7GAxfKgTXg5/Q74UZn1ihB+o7b5CR7R221ezj+/sq8XhxIDSHZqLPyGScfDOGZnZG490gKbhePh8tw6xJanUK3JOsoOU73vLPwd0Y4PWML11Xh/zhQU79rgWLp1ZhdoI6lm3byoWuUmwtMhafXxLl6qQ2ODhhBdZ/OcePvqkASzRhcHwsHLv3iCw+LCUvAQPoLVgIckIO8Gv8KhYzjeGbgnpwLj2Aa0+8RdPfOZSbOQyLH7znCK962D56J200EKDJy9fzp4ey4NLykr5PacapKbfhvVA+bOs6B9fjjLB81WF86nOOxUfpkK0ggfnSQpT7T5oDwoLJ8HkX2t3RpGkdKVDn4Q+vKn/Alju/6PCAELy7copNxBo4VSWEjbI34N6hYey9XY1J87WZH4ZwWvdIFI2RhLd+p1CgcJDsSvfDRqGxMBftMKrTnuSaXXj7Uw8QaR0mjQhZaHA4Cjc/v+OkBC9yGXTHn4nW1OQxGrJsnqJWYxnr3Xcj7fVj4NrW7dQWdJTOuTqCUcgTfmqrRpvNTuPy9f30atctVgvRpvR7IuDqeJGyTheDz0g3Hlr3jvodLlF79EpQardnibXuXHWliLb4WYGyjyhlFVRRangfHX1Xj3eKaynmzifuGLrBzTqB+KRYkAvadGHKl8s8TuAjj2p/zYPzuniZsCtIVwVi/ElPbtTsB/92TVTKEoV2dmTdE0JoXhPFaccHyeP0WVx9ZxYmpW7nA7Pu0KIxfznu5Eg4H34eHh7fgVvlAmH9jtv4++ovvrejAZNstoCTgAx8jciE1xWKUGlxg66W+sPE95V0ceJ6/v1UgXYbjCQjBR0qaJrDbZauNPm2FKg6N2LnsUJ87P0fmbbH0yo24bFmB0BY8wgKd5xmi9pXOMPXHAxNWmnCDUSjSefZ+6ErX7BVxas7m1FW1A5/7ZSCiLVvcXULgtF0CTreNB3v8i+sbW0mc5e5/MW7kl/udKAM3zqSGboJfyz0QOisPUo4jsAJp8bi5dinMHjWHmM0lakstZdvBk1lgwXnWWXGePC2ioC1t7OgW3cm+QzvoSNiu/BGcg6NzkiHD1ebYP2D9zxnixJErdPEo2Z6qH1LHW8ZzGef6HdcNSeTR1kX8ofOM3hq1Q/WVkKQLqnFjrhWXHvoGC6s6YGgf6sx4PIJ2nTEAIWCN7PRnxNYJywAfnnVkB0oCG+ixoH+tm8g3LiKisKd0ORiF4/cFAjtz7PAfYoRJK6ORH37PBbp/8NDuvv4U1kb93h7o82duzR8/i6OfxMH3/cow2qvMDBvaMez/5lgweOd8Ehbn9cIXQLzjdMx/WYvfmm6CDXVAhAZ00F7u6bA6l2f+d+IrSjS0EZ7Fv+H88PqQY2s0Hy9AC7S0Yblr16yn68myw8fovjR/vyp8TzkdQVgjqEeHo+8xjdfy+HwCmPIcxMgWWVRtnMt5PU5MVT/JYLao1QpUjILXL6OoMYlwjTjiiaExonT1oQh1F0SjS8OmaG44wvw7m/AkKBy2LrEHGIPKdJSDR2Y2jIA+U6rScTDhBMuacDWxDQu+NFHndqjyHhfFU2w3A1nREbBz5x+9s+oBB/HYLqY8BkvKapigaI7OU2qxWnLlSnoeDh3+I2FCRJVfNG1lT7YV2HY6hkctXseFgukgUejF3Xu8UKhCF909NSDqYsMMEXwETdyEerZI8bYhYD1dAmu9bXhyRuyaVDhAK64rQ/VWWX0BmxoVXMwBXZ38JMFV1CWbCDo3QrafdYTadlqDF2gBzvlF0C/txYqx1XD4vuTUK6yhxtMIrH0RRxW1S5lcfOXYKYuBJMPusOFqq1kZ1LO8xf/4g+JTqxVVkf73iiQ1dfLGLTvEB4sM4Hl/xnhjOq9NCy0BuuML7PpsjMofmgJdVzZgrHCZ6j7uS2uey4Mz/Y6k3KNGiaOXoyZJTW464oc2XSpQs9Ncaps/cG7K0todZUOVKadhjJVDZy4cx40NL+g31HRmOMeyMH26yH4Wjx2/5HhSi0FELiQByuqX9LNNV+hziCPljgyyjjuRL/E03hsyVc+G12Ne2TNoDVJFV983oa3OmeSducgJKlY01+dmRQZ+p4D7PrIfvQjWqVjCq8+ROFnzVv4veMPHOzV5WcqF7n7RCV+OPacB553QHntJr7yVx4k7Gz40upJ3Ce5EERr/flySi5/lpwB+WZV0DJVB9+enQgdKA7/qJRPu4tTps81cs68zJGLAnncQBE9s1sH9mk3sPvzEbyebQH/Np8CN41R5C6aj0udBWDuTncoyvjNGtSHXQZApVn7edSpcRDTtgczr6/iD6o6KNJsTi5l6jinKoO2HDEj7X93OX98DLw9YQOKHeZgJTdAjqeukeuKVNw/zwguTmolF31At8WNPKtAmcLjrOGn+BiWvTIH16yv5zR14KIucdATNYVYuzUYLpPPjy1b4UqBGfRmK4BipSVp7NjI41UFeaNgG82710Hn/jsHjdv6+OnwWhJIkgPvrvEoqX2Gdo5hNHDaDfPsS2Gp7UewuCjIdybK0JK3SuT/VxJSrp2nlKkr2W/RbEqvr4Lne8v5o+l26BY2h66qYMpsU+IhSXXwcI+h8Zuv4C8NfxRyqWfdD7f4rGoOcVcWGU46ztJGQTQ3hGC45ycv1hSFlKWzIWvSR3q0oxBmm8nRYvHfIO6ZTNbZU3BXigCkFp7hFMEAbrkzGiSWvoaYV80kMt6e5slGsp1COfRe+YMdb0WhKseJh5MjUM/rMjg9d4PFyVK87c93nLvuFsxr3s51hWf5aJwy9Gkuw7zHBRSfuwHHTWEK/3eS5/ldpyQXQQoTPQwNezajc70d1M7r4hSzEWwofxCaW/Lw68ATaCjIAqfSLTzstQXa9Yzov+/jYNVISVIYaIbZLw/AzaQ9OE96Muqm10B+2W267anFHgcu0vll1uA3N563fu2j0kP9eAxqKMxsOvk9z+enNmuxmGRQ+ekcHiMiDj16kji8+R82/b2F2aKO7GqrDfa9xO4+zfS2NZ6+CgWBs4YaCB/7gA5FTynjSDcm7hGh/h/bKKTHniT3LiP1fS849GkBlyfIwBJTIdy14QgE7o0m6zsL6au3I86vKkJF63c4HLeEfvTYwHpXW/hx4xfsNRJnq9HTQHawE6573ednkAXhYeXwLi+JRF6O4k965jBOYzU3q8Wx/EQN7P23B89prIF7RQFQc2MWlcV+gLEW3lBwTR42dKXyw+aR1B+kS45WY6FT0gUv6myB2UkrYL2vH5q99OSIXyLQpudJE9IItwcXkcOOnXjfqJiaFZ5B+wlLalytiSswAnsXSYPVEnme4Dkat88cif+qrrKh00POEn1MB1rd6Nk9d+rR6ofnp7RAXmmAd7n70kllFaaTnbygVB1PvFiJN++eYbGB0bxs4CPPf2MAPgPScFupFCcITYH/BnRZU38Qdh72ozDXAZ5ptwXHXXhJO+xEoOXkS55o8QOkFdXofXA9KN76SUOPLjHEB8J8nM02XqogONIE8sYKYNnIJlhbu5G7ehLw3Ytocj71ni4kaMC4fevJNrCO7MgANBc8otWK96A7TQOnn/aDnD3ynP5iBJgUPKNN2wOwrNGFqlIlQLPLCVeFNPHVlAe8LWEeaY9/SD6C8Wx0rB427Y6FETv+Qv8qUWh6Eokq37LQ8zFizYFwUsoJoJ+Havh0oCTNMN3HK7rNefupUfDrWjGvCR+PP3LESDzmC1lHxtGeFH+SEmmgX/vfYeJJHbQbZMhzMsDQwb/oVetKx4NTcHOpEvTeuMX7T/bD79XJMPqFIiTnq0CowU2a6TST9i+t4z3CC+nvpgFUcFXjju9GHKK+kiqerqRtSxQg879Wrp91nTe3J5HTrWh8bzIPmzyuwFEhMTynXQoO0c9g5zNzEBmzg4oOTILqFSP5+FUROPnxIjQKjMZvI3pxUu5MDit4zmNf6UG5pwul/u4iqV2pYCY+HfdftqEQd3c6NcoVTL02UNL5Lbgy3Ar+s3oKM3fvYkw7xDdbBslf05Xv+i9HjYCTuFB+FlQO1NKZlQwL/w4DDjwhj5dbcX9lBoSIb6bxUrvogacsRX8awV7XHPkrKYLdf4Y4ccs7uuPsAWMdM7E0eJDvly4BOtlGTQ9aWb9Rjq+5KYOyzVoIKlhPAXPN6cyzVHJ9/ZZanCu46JcKT34Qhy250/H+XXOYcjeexpT4cMDLzVweN5k2fknG05NTKNfQhPcdD8HHNmZQJysMbuviOa3BFYV7CZrH27Ltxjbu+F2DzirprMbSUDGmiheWioLfzC9wPOEDGFZUUIncdhhV6YnPdv3Fl0vtoUv0It5MKaNHk2XAa/kSXi81DZ/IGvES1VZ+VfKbnpiGc7qHNXWeLYfsjH+csssIpizbhGqmP+mxzwv8OmjJhosOgoWiFc8UmUaRk8X4scYgv/GVgW8bd8Ps5ky6HH4c7ZV2g4x8Ib14rwkLZkpiqF48pjVYQGK1Cbw3EWQx0TiIf3oIbqiX4g//E7BPmVkxpA9bV92ji3rlePKTLry7acXqOpG8TPc4D+3pxsXPH2PNuNU4VmEpLv9jzZMl/bEATCEWhJAUK3HuvwE0X3OdvgsP4ybjX/gtzYGd1cZz0u0BkGsXgB2xU+GIoyH7FApgfYM9j7y8mAMuO/NQeyx0vneA5FeJpHd/FBg5iIPW65GwfWcPO9/VQaf+h3hZNAFiM/I4uVeepHaEYOBEQbi0bhXvu+kNMsW/eWNOFoTVpYLC3pms6PYXnmrKsoFkLGXvE4Lf3w9Q5qkEfuJlyN9/95H/9gNQN+IPLliXgg/nN8K4GnGYlKoIwWKCuKjTHD4v/gmfRdx4dfBh+q7cgHrpGyhiswNVpvbATzVbaCj/wOtLTlKZVyNtLHpFCt+Xc4bPC+jvMOPFe6by2ZfZ9KdGDuwkY8BR0x/sFc7R87mq/G7dThIasQiXfgnmfuexqL4qFCVGmsMGifE4oBJD70pn0ayxtXT8xBrY/+8ojFOLp/ACT+j0vMEyuTagpCpA6btluXSuI+u3WZGFgyHOu7ua9abGw0NPF9xzKZG/2evBIq/VZDE3iKaN2gaNX2xh2o9RUNJ9ga81EQz75FH4ZDeoPCsKd1SDoVDckgUFd8ITw2mw5nA19e8xYfndH7F8Uy1f3zGOK3gktK0I4JTSARj2+Q/M50uimONCPhpylG7cDkKBi74gWHKBS4KFQHtRNTi+d2QjdUcyvb2axaWfQ9X8ZVw/+hGeLTJlPpKPZ1N1YO8iXXy1rga+/3qAFkGjWKs8hvbukQRr+zgat/YjLd3dR9cuiYGnaC9E/XpHo4qn8jTnIDbbKsrlcB1Fw2Q4OvAgWt5xoD36RiD23g7OrvmD6ufMwT6jDS7I23DMH3mq6xlFBp0yuFU6jbZPVYPY4UwYaq7kUKth4JJZ8OKIKZsuOwrmrn5UYEXYVF+Ay9tFYFvpMjxRtwcjjy+lVcqqbPnrLaXsJNY+swkKbj8hnR3LqKpqDJw8NohPX8ZQxdgjuKrmA0gcmwKT1p2kuKRdmJsSy57e78FZbDzcXbEUbrqHwI+ao5S6YQl0axyk8x0p0K37CtfAZ1R3TuAFb80AF2nh2t8j8dxjCzDqiSSVTz9BcHY4tTyzhlE2m+jjfxc4OE8Dyhq+4ZnScZjaMhvbR2iRevcFPCDqi//JLkPjmg8gtUeDhjQkILzpNy4VnAQ9yy3Roq8RrvkE0S37dpJU1MRT/Waw81UeWSUbgumwPj6Y2ILPeupQYvgRXOrWhwVb3+C+lhZ4u70ZipLu4ZoSeRh3PJZ3Je6mbTeDAXZL4oqFj/mQajImJciyQeha3lfFtDVeCe7GyuB/ts2YYhQBUeX5eF6xHTe27aQlygPw4eg6JLlsMtqiDCdiReGLwile4ldIidUnIUF1KvWWN0PY7DN0fXgP7B1rhvFPNCBRVRtKY/agYNEsnJ2fxrmSL/Ckzl9Q/L6I0oxbcIzqZBweLwdPD3yBtKE1vOTMSs7U34h9l214wHgZ/5n/nUL3zMPix4w+jxFO+D0mqV2H6IJLKsVrlfN1rWEOurWJr4Y10/JGKyoL3QTSecLwqUeAPryVxB2nF0HVR3V+tuEA17pNAdG1C7nd4wj87c9luYPykJSvgxdtjHiSiRFPD18Cj9IS2HbyKF78/T777Iihbbc1cN2gMgiML6VXcwQxRCWJ8l2AvCUGQXFFAmx/NZq1BnRpRfljnq9lCyXKIXBGTwv9RC9Cz94a+G/DXTyipMFWLr8pqXIZ1T1y4s1V0uAcGwkbVoWTdME/qJ4mAz+7BLnihytumeHGMKGfF28eIN1eTVil7MqbxplA3b1DsDm6lCeZJOOUAQd8M60cxrp/ZOfMTnD4xPDsYwDk1fTB5axOjJ9pDH+GDvLnxb4QGCzL2wV0YZOhHR37Nxo8vSqpNUcWaqwDUeWhKDvtnYwa0+exgV0qf1axJy//Icr7IADjF3vzkedDYDeZYWvHJZ589xDvULiGpB/NVese47vgSpztIw31U5inThyAt5X+oFc3in2flrJXlzn8wQZ6a/ADrZR8+JO2ITRY+GCadS3tEvakd9dU4ZSCNPwwXoSNe6sh+nMnJF+LJ7/CSVBX9htnSNTRSVN3GH01ilRszXH0zGN0WMIW30Z7sp+HCZe+VIQVZXZ87e0HmDjjI5zx20CGaiFQE7mTBItNaOZpcfi0Uhy8nbRg1r3RGLHtCZueFIQt30NQRDYTIz71AX8+y9szorl46kF6660DprFjOff+O+4LX0Bk+xdm24/jlLwFIBeWBvu2dsP2gsk4Ypo53BCMx/SpadSc3s4b9yngc98oHhhjAy9j40njoQ8XzvMhhdMToHiuJG4UmkHj89zQ2rgSTrmuIUnZC6SpPAJLSq3w55wLdFGXoKhtEhcJzAX55lXwqsyffc/eZAWlEIxQe83aYfLgklgAxjUCsCBFjbz22MPo/O2kMlMeP99LoZFeG6Ay4zHj1xf8Kesw7p+rBXu1TOD6DkWeJCXCR5df4baUVrIRNMSg50dwUf0SlhQ8RnNn2sOokgEuMZelkJeBUH7XBbz8jvKbjJXcJXKdHYrDcVFAGVns0gctSU34eFCKhHpH8M1AX9ZIjMHCXkleEnWaZh/IolFqMbQnzgy+9ZqTr9oiWieszt/OFsHm0fP58m5p3HivAvVCMjB6eRH7dsvB/tYqNlPtR4OZZzBgrDB9cHTgYKsLoGo8yG/WNlCnSy40XreF+af2wMc3o9ghoAYTJj8Hjn7LpQfVqT7iBB3c7wCDviGsskMDWnwiUd5yET3zLYD1ng00rDybxldWkem+EFpZWMJRR96Ah7YFzCm7gF1/Cc4lVhN+fcSfTU/B19tXSH9UJiQPHSKpawc4cp0CyK5OYD0lQ5R/JAmn46P46YcapGux/FolnOqerKXWwkdwPmssZJ3shtg/OrQqOhCDmgx5xEQV9AZPgiWtmDq/CgwvmdPWXxpQsKyJHxqncuECG5RYY877zRfwt9s+1DDTBnq79pHr05P49bcpxI5+D0Pd+9jxfDtL1VyGjw/iSXHeB3h1Eljg3jJ48WITeATYwd2e3ZS0twqC1lygbGiHlnmCFNewEx4c7GeDoJV4p92ctgTbwxT7Xqq5b8OSVyzYcW40XP3VRa9TdNGmVR4g9TgJTfoF236NgrDxL/n2nzA67OgMji9uYbL0Fkgx2g/C+85xjvt83FQ3h9Z4jwAX12/0ceAsdNdfwsHWdxxzPBVVI/7DlvFWkFqynUpkdqFXnRaIb/wEUcX6pBeUjl/PNZJ8Tyx0nghlj4vi2O96gA87nIUNfjpwIice+9ckkE+xKd+Ly4RD84xIyMYPbrUQuj9dA7sHjkFLoAQcfOdP74Mi6P5wOvOCKTxp6Tk0kdGia6sm4ddd26l2gga7fzKFMc5FmPTrJK6xM8QpKYmkZHKK8rKHUb4K8Uv4bTRCpDHv9IHS36OR2xjqHo5HIZdETLrVzvmdUWSc48W5T1T5vtQG9hMRgmv9V+h54i8eZXcUbKVc8OBnUShX/kujDaXAZ9VvLC/KQ/kJxqDn+5m2yGawgowP9EYtoI/THWFDbRO1/AsGkfLXOD1RlmLWMIifzSDrpA4wuVVL4yw7aOvUMBA06cXSddE48q82fl4+hmq3KkHVTm3cfNMWTfarwLhtHWhY+wzzi+ZC+vQ/mKBSDBv0zuKfZ9JwM0WCxiu746UVl/HI9gg2iH7OTkUpfGDHfog4MB8+fLTAwm96sOP9Trql7Qyvr1dQoAfQi+RJIFEbRIHBS/HqzwBcmfUJnAtHguv6dBoK76Tryhs5RPY3aXiMgG6x2fBh3iU6X3uKRiw9BYu0jKA+9SD9Gb+Ebs8ZJsH3x3m+swznbrfn4lsC4LNOgTZu7cdJly1B5mEa7KkP4Q4bWbBvW447X+rSwBVvSjqsRmZpnVAwaIpeR8RhMOgf+amXovGBQ2yqE8gnh2exr64oCkq542Y7ZXj3NRfzw81hfJ4vvZCaCYuK6rHcrgeXpQtzyfe99PnPLlgR1sP+z5uh0NMAJqUc4dKYtaCm3cMfRrvz5a2LyOFyIz1x7ca0Ubbwt/sv7rOaCPF16hA/9i/9fGaBWko5sGl3H7DWNdyf7QorvJ+ArvF1fiwgBvUh0XTNVRAUguXQ3SmZbxSrs/ZcEUr8Hgrfh0fCk3OmpDBrPAy8e0bnNUbzu1MNlD/UxI1SmWwVr06Bs2S41f4wXt64ioKWCcCcRTug2I0x84Itb+x1QcUFp2Bhy2b2eKDLxpyOjz+sxkd+ArDl+lt8UGMKeofF8LrfT1q0ajYGtPpj97M+mpiVAf0qMWikpAFvRceQTqQGXi8w5YQ7cym6YAZExuXyh7EXOMGikHzbgkE0QA5GHBXhmvVjMPnXYzo84SBoTfHmbe5T2G/5CVRVNsfSLR9J4pYiKI8P4QS3adgg8pynzG0i2duSdCRLny53ric9gXre9n0q/bOcCCaqR2Dp1kSeMfkIi20UpbIwKxCRyQGx7314fdFMaluTiM2KalBpaAJPBs+S781mnGwzEoLbJXlm2R1Kq8/FLKt6ltAQoWgPG5CRvUXxRSN5q/luvLH/C8U0WEGUszfURDSizvyl/OxRODTrqMCYzA34t2M6OMSFoPSnmZhoJgp0pItsfOQx99NECC2LIYlTBrD1dApdODqBgy7cIJVYFax86A6bqgVo4YxIXLwsFX/Hu5BBEIKB6Elw01jNX4fOwhT1JfDhtgzA1SYanGfOpWZf4Fu2AaxYrgGKfy/yy0RnUPrSi+2JavRygS0ciQzhxyX9TGuOwzklCV62aBLIyj6jSSP6YfneBpLbqoSX3SbB3/VnMKA4k9Wa3uMrs0dQvkobgte9ww0WQvB12mjUDH4GVQlv+eLzlfDgpThOVutmxbmufGukFdzJG4SMDEdWvX8Kpnp4YGHQKpCKOIArzoXjxCf6IHh2FryeqAJfDe5BhlM/1PgO8YpgIV4vvgHbfKZxzMgmyMzNwL1p3fijWBZGTFnI86qWg43hGRSuP4D/ypfig/jtHLnyB08w+gqam/XxcoAdLP2WBZWbrmL4RiPc83kX9i1MpVjlWNoesZWHS4WwoUaDS1frQli0O0Qp6XNaegmU+OpRsqYINXQdYcWiENx1TBcqb8zBrmxLsFz6kpLdv4Px30Pw70EKhGgO4cnru/iEhhlod+hQRUEUHZotC5ELY7gqcQTmp16kp5mSXFV4j6Mdv1P1ZBF6VnQRT7WGoWmhLPi+vEbHTK5S26FnIJRlDf6ZBuBT8Q9TxG7QtmZ56nuqw6s87UE2+DKVu9wGweeq4P4sDjaVaeGOgDjuLnqIBxWMUfKPAbSkCcEtHV/+VOdPRutDIKTGntwXzyCJV9s4/fJhnFg2ipxDoiDCYjQ4DwRggfZC6DycQfaZ0nT5oj95n3wA99u0OevNU+7N2kq/vAi29dtAUW06j01/R1e/VXCv4WF+uP0fTZ5xCpX+vMBg5yOcvXMifEgfD4+if/D3imRWCRaAzFw3WhofiieC2yHwwBt+v3Y0521keL3GlzwyhzG4zp2rVfsw00gF3Wyz0XjxBlD0fUtigu1wcJU8fO0TpI6cMFaM38afc9oxJusrDlx8yFs9kL3xJL2behfu3TaFzpufoWL+dr4XnQ2HxFUobLM/Lpr9kp8uBuiLMKTqL68w4qY0TH6iy1O2quO0RjncseYsaG34Dk89dPDB+GS++1GSoo6Zw4zNquA6dhgOpM1gwzgD2nrnG5RxLAu5Z9MOKS0Y1tzIfa3reNhVHqwCX5PUb1GuMPzDvVcFQFmximWX6vOb1c20781qfPWikF5UmMFsizuY7W5E5w9W0HsTYfhmOR4lxK5hR1oS9IlqQOscEcQ5UhD9rhBVHMI4aKcqG0cJcUDFPromMJV3nv5HjQcr8f25Mv6QaA3Jqj/5T4ofCTtMRKM0HeyKSYDlk5vILUoZOxz96a3yeggXHAduR/zA0ruVasXt0Cv1KXbEXeKwVTP4eKMlfTXxIPV0TThkZgR5/YKUE7WY6nKFsdAzl0M09cDcXwx9v1wEj4bjmF8yjzXTRKD4cQppPcrAoXmmFLN6NoZFfcH74xUQ0l9gjtlInO2Sj2pxAvBwbxQOb3KD5Mgsytu3GBznPmaJ92spba00tZXNJLfQEhieYQy+2x7z/ihlXhm7hnH0f7RIZxMXaT8lkZWTQEr4IL2wc+TdFbYQtmMCjBl3HDQX3GTHB3fQstSQpygdwmXtSrjpehW2210mJ0tDiOhsB9M3s+l8dAge6jjARgtfsdO643Rk2Qvy/uhLUoE5OO6qHry63gNbTYb48J73fCViBGfq9fOGt9fh2SMlbG0ey4sV3mJbizrM+qbLn6Km0b+M+eCgE09Lg87wn0g5PpJ0C7vTHNms9iIMLNMADcvnvGq1NR5970gbeSLFR33D6Wdnsfe0WRQ2JpFjfu+gWDVtyI4RJa/ZOpRr/pMTJz/FXd0HeXhaCyxquQtKekdp059/pDt6FLR33UaDsAiyzJTmeucsuBi2DF8siIbb/qVwuGUzbXqeRrWCurAvsREe7BcmryeH0cHzDu4u/MS3D9/B3DVNqBTwBXqmBJO7GoBEUjhYDtag41VFSoi6QNdHvIT6iO3Y71fOy/vdSci3HBdEqoFn2yl6NWgJXT4llHBPiEdqarPECxNYoK5JrXOHcb1NPC0HAQjRrIa1ytL4IzuAph5pQc26GswzDGT9RR5wftEmehVaxTurbOC3qhHXByST9ZISvBvURuP2DfCBI5N4zXUxvq1wHGss81B+2Ax+yu2CuwpPeGljB8cZVLPYTG8KtMojt2ux4DbTnjeUnufwW6JwNUGHr9T/xGFlCZIqWcfTS7vA9sIXKGy0pU2nt7CtnRStW6ME1bOcKPqEMA/NXAn7+9ZRzIGVuG7KNBxxNgeGrkrD0Qhz5o12sM9OmleUfqB8h8e8fl4tjXwVgR57dsMeLRk4IJiEuh6H0HJoEtxx+gJJO6whKnwIX2w9iyP8nqGhShPOu9cOFf4tUBrizz7fJ4JCzwo0dvDAXqnnVLhejSYl/aCEQ9co6Gg5a7ET9xWPg3u/xGDj6NtUE/mNoMWKrzbMRYP+InqTcp56vnliemUGyN1Nwn2NEhBWtQ3W+zjyhsz1YCU2m8ykd/CfLE2UnEQ88xxTxN/fIDNZAb5Ne8bfBkTous4oeCF/AjYXh1Hj62Ly/70LLeu6ycnbEo8O60FrxQT+ltkCy6f0cetfPd6Sq41K337TWr0Y6Fozhw50VrPx1bHQZVnBJV36oDXuB5RuN8Q7KISOi5BXTYuibS0pENg1kfSi5aBweitSlzGrr5WlCxnuGPYjFdrunMCte3QIzlwGB/aCwSFxcNU6BWkFivC2M5h1LWfi3+Qh1pceoKlWcSSz4BuZps+ndcMm0FYYgfNb7dj4+3gs3ZaO5+1i0SR3NeUPOsHY/G+0S3MK3q8XAI2kQrxVfIV8Ezrg46Yijh2hSZY5S8nCzZOsXvwFb93VtM1IHEa3+tO1S8Y4Qf0hhsr9Q9+If2iUfBwXVmrjyOaXNP7OS3I6LAti0yxZe/txOjKljyhElBN7POiw2Cl4aHkOd8pepyA9J3rSJAg/JBey6LkcSK+7Q69jpnBqTAO5zhcFpzIRah6xj+/UetKXiomwXL6X9mV8wgXlCeAZdp0DwoZpxdS94Bo5H9+PLOWsGh9cHi0Ccp12OEUrGe6JiLGSwmPa/eUWGX1RgNzOlaxTqIvVFgHsricBSioDVDTPmfa4BoOM2RSQ+jOHPwj00/Hk5fDAxBtDRPN4xL4JYFimB04rMnBi2kH6t0+WFUfbkUB+O36fvhBe53wCcSsbCMjVhNV71uOkwkLu2qyA9kVutFbuI203iGGPIITkyHNQ83sEbMizgpacl/zimit83bIN+78P8M3P58Dq8Afc+fEB656th3XmdWz6WgtC1As5aH4WV3oZwTj3V+Q2vYI2Xn4OCwLSeGPzOVbbcpuT16uBULw+HlB7hfJjoumlRDldrn7NOg2zgG6Jw97KubDiwwro/SAHe6ZX4amTuehRd5bP/beQlFcJwW3rB1T57iddlP1Hvj1n4Kq1EAz5rgMl8TeU5fQS6iSs0bG2mJNjBJku7KaZRRr0rDEShkXHQWmCNGjGr6He9HaeIvuIzFS2sVfXXU5tGsRg+WZcFFDD+dnK8DL0Hbl8ngpL29Uo9uJKeCiuA7aiHSCsNY3CuwsJrpjjdFFRKDbWRN8bK6HIVYP2HU7koqJbbDBjG5WOySI90d/wRKcS7ncgTN0wmkJS09nhx3iSkTGAo8ObcWuHORTNLmZeowXq+kn4t20cHFtRQHb3srB6bCsXWkfgjl2/wPj5VBqjl84ROx7g/gnDpDt3ItiWDYGK3gz0mvwV3199QzOHrOHd0HgI6LrE1qlLQFvtIMjf0gSx+C0gX3sSXrp3UuRgOVboNrCC2G1yf92GP+dp4ZRxI9Fhrz7MHJeDItPM4IxOKxZV53HDtP/4n3MetGWe4ckx+lg8w4gMPMfBgsAYLHw7FnUW9sOuQUO4fSsarU0r2CTwF2qMOwwt+qmUnzwK+r7oUnXXLBR+MgrjNjbgo861OL3VAqu95TDjzweqnRgMj2fbgfWuU/xL7BvNeuYLoy7P5uvzqvHB6WzKcrmEo3TtKdRSkPqvW0NBiTGErE+Hzuk1LD17Idfv6MDST1Xgue4qp8Q+pF02y/i93QQwcq3jfe43aHTQBhi++w5c3HtBbk0sbHngD53ePfTWuAPEbHXgUMkgbtS6Db4zJmO6STiGLJ6Hze6riZq34rHT32ml2S683jQajBq6yPbSIXpZsZE+FxRx9c/NqK2ZAi9lMjm1YTdtX+lL0seMoWL2IGcMEpyjSxBevYzMG50oUauc9w2+wBfHbeFtRgjYPbaBk94jcHZdOEU+/AvVOuWoSzPojlQT7pt0gOZvcsEpTQHcpaoIspEXyL90CQTtNuMNik8oyjIHZe+u4LVl6dxntpyfq+TCmnpD2O/zHP6+9GULAnwrLQN/JT+Q5StHNku5A36eIqw3Yznts7aEX68iIGz3M9gqdwxefrXBs5HhmNxjCZ2rV9OdxHgS+OlPl4/LwqMxV3i1mjTO0HsEB6NLaPayZxBddxpSM6/iw6rX1GgUAkm1atBsJ0XT1jnQy7xyEqnTpXeDV8FqyVy88mENLT84FS3HfgPL52Lwqm8H+buWUW/DZq5vOAx6hufgZEEvnN0pxQe/34JOuSrERBMQfj8NtQdPQ35dPsfaHKdRE8MxZ9l9fv2lEVXdpmD6uddctZtgXVcvVT+5heE5z9H81G16ZvAXfwo14QrZFNSY5UC5q+cTrzQDjb2xLGl2juNVl7PKQzeUt73Pj4oV+Uj7bBzy7KQ5d2/AogQpeFI8EQxj9uC2kxd4xK4N0PD8D8bwJFrw5Afrpc+CPUvkqM5UFjbN3U/XI9XoyrJPnPHsBKq99qOyDYIoeuIsXfhhCp6W10hitAp0vNlLSxK9MO23KH53f4hpOQWkfWQAvAM98InhOewa2MpLXKygaeYIrJViSGUX/tXNvDWgiI3cv2OrhTzuLDzDbplHWV3bHDolFsHn5o1wYtMGEJwkDY/Sfah3ay9JnljDG5yc0WDyFVA6ZQKn4sww691YPKc0BlyG+mjLBitc6S6CCRti2TO2gfTv9bO4ixS42chjgvoBeh8ajZHlinzUMQv/WI1Dn5tpmOVpBwPHK/DWR0N4ubKSnqgpwmwPTbwf7gnv3GshKmEpxMik4wjhBjD2M8eEn7ZwTuIDqYXlYrvDMVqwMZK/D5+EPmEZFLkzl4/7ZGHhwloyjpcEHWUJrt9/mZ/vPYP3trVi0ogL+NtoFMrp1NMybV/wsJtBB/1lYFD8G29eMwtG7QA4/qkGWtWa2cH/OUhpT6CBIUcu6n4GEn6m4JD/gMd9taLg5qdgO9+flMwewCnJDnw414oO7Deg+wvfULOBGOQV28PoMeNxWqwNSYf+4TbbPGovlKYZy9rwqVwljjDMwOg9gnC08AS72r0Bz/MBICRVx2/sAc4qlOEnt0fc7PCOzywDXOGrDuUP16KmtDMMPfDkag8dzB9cT5v9U+DI5zOwen4LZdw7yrcirIDrkygVI3HTYUFIfOuPj13uwYrQpzC2dTdcSsmgkmNhPOmxGTw97YZbTvjh04pLaPfJn8wyvlJbVxNayJnhDFMjlMx1wcXTlOB+SS2XxD/npIN2FKmdy9ednFj+ZTdeWpZM1bojsE1xBN0oGQnOOQ4kvOctJGbb8rIXW8HwZir9F3qEeO5t1LoVgf8a8llmkCCzcAoXlreTzLhkiDJQoGfLJpDj3+8091QxG/9t5NZycf79ayRIX3lDs7a0cfirNoxTceWCrFC48D4Wv22vp5ysSIqPXQ47qhXhXtcBvN1hA4YhZ9AvPx4G1izgx2nbMWPNBYqTDALNC4NQslIBTp7QwSelnmBrnM+fH/mxrL8BdIcUgUBUHDwWK+eLS6Ug87QMWM13oT8zXXBxWAYtn9/L2sYl4JB4Hc7m9fOu3118pLSU8udrQ8DjdAx5a48ms7ro9L7f+PjWF5qi2YEf6l+Q9+shsjn4AwPe20BO9BYsP9PAP1VNsZQlORdzqVEpEj1VgyBxSiutuzodLhrog0vaZHgtsgqme2SCjuY2Xp1tQQIHElg6BKAgIAyt/Kt4db4QuP+0RvNxY0mkKISvvXPDwFwrerBwGX+3s6aeCwvRdMR/WPDWFHROfKaH/lehQCuZSmSOQ/X+s+Ae+YjixZ/w9E/naUQxo8//xN2HNhAO3wDg37BnSiHZZEaSUYSkSNG0GoRKGnaJitBSQolKQyFpaJoJlURSRGhS9E97IWXUd853E+99POc8UdPAw8UeXoQc5cCvpRzgZAp2xj/YZZ4vLFMr4dkK7zGx7DQKyhmC+Nqb8CV0Cm1fMYteCDhT3dpI9tu/Hkac0kbDV7J4V3Yu/T5hASv/lOK171J8VuY9tyX2Uvrd1XD9gDvECu+A95XGNHuCAry/YQzP03Jp0ulanne4By8tb8H951bBoyZl/h4mj5Oc7Vnk0T0c8W4CDFhexiWpPjRgbUwCRYoU0NfAtY7VuO3TfEbpMXTw0jO4GGwAQm5DYPw6FXfFJoCdfT/ktW3ljXNmweFDSiSWXAGyv7Xh9UU1sK90xy2aB6k7qB1nn1oGjoKiJGL1CZzc9oNr0CSMnS8OovOmgcjyJdj0cBrVn0uFS5lX2NXDi/w1TDDrlixFDG0h5xuHsPGOJXye38Liqgs4NfECZR+pBe8NkrzI+QxPmK2EYrJjQe2RNP+6AHBisSa2Kl2mYx4/4dlybZ5Ft2BW8XJUrK7h/cINeFIkBbV+j4HGMldSsH8JY22G0WX2VQjuNoK4/IkkZC4D+odz2f7oBY7WmgLzupzxj8E+SHgyDz3FBTHd/yUcGDONYoK+UebKg7z4rQSNVtSEAFk7bvLqoqjmf7jlrS6dO1XNA2YN5DB/CXpLfgWlRC/4rW4ETs/d0GFpJa/5cww8bsxlKbccvLXZEdbKVlP+fzfwo6kB9dxWgE5fFRzR/IAvCM/lY8HC8KIlGywjJ6KbdwfH1vSR7ww9mLp1PGTaONMLdV2qijSEN4HLoLZ7BaS66/HZjYiNHXVoZpiNkVst4b5/Bn+YcRseCRrjwqJZIHFQjkqWLoQ986toQbQZXBg2wot/VWFe9kkKq3oOJecdaIqvL0xYPQy+5T68+MESOi7jDxe0wzni/USoeR7Hb1vtcdTG2+TGpjx+dzQ4dj3FCMNCLHn4FtvOz+DfW2TBbrIk/NUr5QsRv/Hn0m1wx0cSz0V709NmGQoZd4VejVuFU86IQUWVJ02Kc0aea8b7PWdCZFU4Gwk5ohg20bh5P3DxdzlcoSgM/p4FcMA5gUrNT1Ge307IyJMmvynuWN4cjDM/GdKVw/bodNMKrGIYfBK+U92CEmjfGQCn+vMo1fovzPLphCW9XpD00Z9/1SrCgP5mdIkwo0czYulnyG46FHKP5LtG4cst38nKpwhMrv+hVAsJOFr/CNrmvKL5o+XwfMdDeJm8GgvPCeHB/4YhTH85fpddT8vICgyM99GmshWso7cT96gtpFgvHxSumAjBbXV8yhbpoW0DGr0iKL+RC48Si7DqdxJbig5TzbZtHM2CmG3ZAK8Lj7DaeHVci+PAMWwJvw3yxkbbWZByZgJdc/8D+zTc4X3GXV50Thqt5TdQtNB4ePxkHvmFi5Fiyl24+egpLpGrxDkHGjDp4VSeZjQF5j1IA10UhTNFFznb8CN4/Z4Fi7ZfhAaV6dBQMgDTtZzh98cTPHy1lWOPmcPWsTVwsUGR5kR+x4VFGjDfzQYFpb/AhEeZlHu0EzpqN9EDaSHw9JWiwuAz8PdQG8f4P6ThekWcK3gNlPZMhLjUXFxkfw1X+yM0ZPfi087zMM1vCVwZpUmyS9+i/ulKVkruo9N/BTHihwAZPxCA3sqx5Gb/HR4JB8LX8SJc9TITHq825RztF6Az5i/vDb4KYq1y8Dl+NSjkTKX0k6/4ves3HpP3hTq8X5LwhWC0tvlJygGJ9E9tCuzuUoHujbVwwMCHkx2SoOD0XM6qugBO8W+o2l+QF7ju48MJCrAFnmCh9CBt2n4XQ0WKeGvQO4oYdYtkSwQAAnzgc95fKrUQhT6LLbTyXzMsfy6Mw9fiqUVQn1ecTSfj+mRWCwnBxfYeVB+vAaG6YXgjAvDfmx4O2zMLdUfux27HNxyuvx/XNYqQ1VEZdjC1ADu1X2DrEcqOfpb8+8dqerSulp9SJqxUegcV4ldZMb4L3spIwHlFMZT0S8Gw7VnolyALHeengtTR/0BhUgcPxe3kDXaHMP6xMMwNSULdT9UwpN6OyX5r6UuDKb3UryeB6E1sVPATortHo/8zcRDVPUGRKu/5otw+/P7VlpqlWiFcO4h3Ld1C94qPg8m1pZTYrgLei+T5D4yCxe4pvFavHCyDlnJVqSRoxgfw15xkXocPaVWPCvhU9YK1wGmSXukHEbJPwa7jIjVsnsldY4I4r6oeBBdqwK5GTeiuLSXlqgF8VjQVkm1WovS+41DmLoyl66aAkuIhni3kwfcPS4FO3Soy/hcA8TvFeJdVIn869oytdWZxxNYdnLhngEx8F/AmKR3YO2hLgbcm85t3NfhV4gtWC/mzQMM3XlHqBir9hahv7A+FHWagUi4NnboqeBo2kl7Dbb5SfYqsGuax3K5Gbn9pzm/r8+mXmySEniXKSfaDZWm5nKrvjRpfvlHdnYe0o36YzcbI01XdXijq1obrV0wo72Af5UdvAJ8XVyBDOpuXr7/Pm3M9YcDJHRJuSKLveC0of6wEIrlP0epnFP/xruMkrRHwzGos//QNAZ8rOWwb/Rm+39CDnOcZGLzuKAxdv0odM17hgS3bWTNkPc/bFEElXodh9wkDqGufBjNoPwtmzMF9xhJo98IA9p8uhb03zGDY9iPs8xpiV8cyPLzHEkb9/o5CmX+h9ls090W7QZVeCcYIb8e0npd8sswHYyUW8XJPgoRt3Xhmqja9jWikFK92HmP2EGOLr8PTm7FkGYEgoR7OUWayEK1aBNJPztIG22/wdb8EvNIKhJy//eC+KpKUNEaSyOE3MGmyKJimZJPiyvdUVFGDNkOu0KYshBpaUhz/u4Wrti4G0grlNmMt0AoIgb2jx0HKPXv86nEP9kqJ8Ozl63Gc/RsM9zxDfV+70LVYCUYMpnNXkyweLUmBUKnVVDQjiU5kHOALk75hzc0C+nU0FX5+s4ZiwV90tEUV+nNC8VD4O0hYMgk/e1aTpPsZvvr5ED5Pc+GZddNg4SxFwGPXSWhaKWWK5fO+nevhxl0dSOuTZr+SPj4/ow3GhUqC9tvHuGa1CN1rucuLtqnQnjWLKSHMFYZKQiHiyR0QkwsF4d/qYHxmN8dKPuO0rAy+JqiL9anr0E1+FNefzSLz0uNkWRyF678ynAsK5q7r4RgbHANr3b3A4XUyD807BZ5bF3NmeTxLK27AJbZjIOvkPIiZ7Ucz/jymeLuLvFriMe9wZ6x/bYfmsplYuGoJzhk1GdZGxEBJWyo8KCjExZK/sW6zOBZFF7DIhFQUSJGmLnFvShdWh2ytfNwlL8prJ4ey70AkJnbmo0v0Os59o0Xxydvhkk0OJXgIQ0JKF5SIOmPamXKcl+8Bbmda6L8ds1G6d4AXbAdsGi0IRps0IapkHuYK/KagSFE4ZZZLGxYeoA7zMIqSqePzBa6QIDJAVj0K4FVcjz7vppGK5UwWPGvKk2O0SSC7gApC7tFuTz+SqbjOSb+nQuWGXlhV+hbWlxjjqeReynnoQpYdD3FTXwurOLtAz2ERHJOuBlUpXynEYgqQbzs80jQDt2p3EN3qwn2GXtzf4YCyVo2cIGkB/hr5MHTjAOdGbmCDM+e5cXoJ5Vc/oxdVdzhhjDLqPboOg5oyMLMpn1SzWnGl9zvQLU3krViB8iX64KRbDkI7l5OHZTZtVSCY/XYpZ1tYgPNyRXiusJuCkipYuHMnt71tgqsjG2jHu7HUXaYFOW7r+OytFtjy+CTW9L2Fuw9Gw/5Wf5RvG0Eq6oEkJ7YLF9fKQnqaOoW8+ElKTjepd2M3Jiy+h1K75Wif421u+xQMInVz8WqUEEx9k4hWVEvB4rd4TNI+VlGdAhGxwiButRjdX/6Ex0WRHBJMcNolGeya1Flr5gteLTpMkcvr4fp4b27QRzpQsgqWCyzDC6HW0GnwhsT90zHnzTYaIfWdd/cJUt3SeThbuY1qRU9A2Stf1I4TgG3Ou+FY+wbO13yI1zTrOXzdXJC190UTqxyeL3UCzRe+w7sFwrDrGJKmqSXu3XmCtSYbsvuCclgRK43m2w0h6bwtphySpJma4tC7ei81CXRSzuow9tr5H60tKqGdve3w5/JN8PjVSbnhXyF8kQSMDmijyVGT0f/Ed/xiUco2q9dg5/gCaIob4KkR8qzir0CnD1jDjzUL+OUrhAmbm2l/UT0svtgKZuX7+NPkfurY0EM7lx7loO/qIOXRhXFLndiq1IH13iOJ+JvjnZcnaMbNJLyjc58UnwaSV9AEWN56DJe4aeLDEdmUoCsJHydkouvSeo4dms+f66NwU9lh8s4VAl2DDqQP39HQSA3/fQ1hWewmm991JNjwj05/KYDO2MfkZCsKAd++U806eYqaF8J98w3pheQI3Pa4EP2XrUe5gTnUHr4MxukQrKk7Am+9frBwsS3Ind3Jmm1J7LWlkVc9qiGD/zbxwfRx/KJaB7QbJKjGcSltejmLttmOwo3X+yk/MBVffzXBcYlXQc63mF+OF4INuctgfc0y9LOyoN0Vl/iBvhyb22VgdsFiHhA5i4Z+pmz/VwDKRv/l6/p36E+cA/Q4h9Kq0ccgsvsFKzx9jhVd0TRy0nu+2qEFik57YabecfL5dIxCVFr56RtFbHVoh7Dw6diVlM1rbT6w5j89WCXUAtKpgjx2kh5VebfApkxx+u26lHbfukr5C2IgX8OcV11mmOA7k0WiN6L+86d4u2EX+1a9gwOyARibMQsblJ7w96HrtOucNASqfmHtgxq0PLkezfJkKD7NDi4c7WCfOeNYolERzw884MRkQVD2ng1Wvwyh8NcLGI43A5l513hLWzPsD60BgU+LsG9ePwxm6cLRu/c41OsQNMvq8gTHbpRdN4tyzrWw741J8CJmIfaPO0YrivTAeaM7XRIZAzLVc/H3zI8weaw/am5Vo5sGhThybgO16MXwTzcduKdSQFvNPch9sBVcpKv4X+BNqvWJh48BC0Bn4CMO6s6k9sXKcLlXlRw3ikLWXmPK3Qo8Tbsaw62O8xG4wB6SU8D0zmyqNFYDpYmXaXPRNu7fpUKJIYM0JzQMXq/9hxtOXKT/yjfTl7PrYcRXEdj9p4J31TZRYPMr/pU3g39XvASVS908sruVHULeUPOuPPj3yxw6Nm7kte2n4V2NJnYuPkxzfjyliX7TGK5HoITaeR49womX/bCAjMt+6DN7C7pGH4LLx8bT2jcDYND3mp/sGU/a89+C5D6G9t6xILroLSyY+pbf3Y/lwItH+FSSGVguNoCC0C34X50/BIbbYZiaADh6joRin4WYFxBK/y4Fo8GLeDSoKMHj/zGNHW3JqzwUSX2ZEtyamktCuqdIxlwCq1sA5rwbwSNPhkHRYD/mfTHi1k1t9MFTHAq3t9DA4z3kadLJGbbhvHL/W852zoJFdh/49lwHdFtTDnOdNEDIpZcmjVPGh/N6QXR+G274dxT3Rubi17mu1Lf+Ijis+sc715rB2VfZNEOgHP66r8fMtS5QN/YFdaitJ5X8YY6O6kEziUv4JdkSygJM4JupIoz+0EwlRxJBoccRPxvOw5qUUdwO1fT7wVzy8tT7n/2/VuO1IG37Cyo7Z0LHw97h5dphOL81iDPtX0HUxTX0V0oStfP1YTjRi54fPUgLDAJx4kNFXPFxEk+GAkyWeIpiz15y33ZTNLGZCkVHfPj5uolY8eEz9ssNwdqwZTD+pypsTJrC8R0qJKP2Gx60TgSvj3fhcJsafaFX8Oz1Z/Bxe48/pF0JZxzmTct72FN4IX81YhBQmYwja8bTFeFXNPDFDMvf3qDocw/w7fe5HL8oj7piIyjntiGc2T8FfgVH0gXlj/DgcCgZ1ebCjHe1kJpkTiaGAYCW2yChUByUDR7Tv1fvwH7MO+rSr+Y36x+xY8AW+lQjzWV2A3DfRBmmVtuAwZZWmLRlK1d9L8DOGGmW/fMMN6vbQfHd/ZA5IhFPd62iouuK0BCeR17+7njnjjEsclcnZ89xoP6gGkcoBfKZW8twnecjiBlEkPi4ED5M6MSoK4txc/89+pdjzuHBdyEjQAx8c4jd+lfhnuvqcKpbFadY/AL/RWV41esXuBSrcjP70lGZBBYb/o4KQtUYliUD3+9cJOPpgyxZaQtCLR/pm+d9WLD0G/UMCPCYKWfB9tE6Sv9lBUvkR0GK+2yaU7kNj4SrcruBFg26vOaCRCNSvm6P/+Qngd3aEdCmHw91OhPQpPgrfN03ifeUb6DM1DDMtR+PA9NcyVhPEb2mmAO5y7DPy0PgcuQKaRb0k6L4NTi4cANIRr5HP9cwLP/0GiTLBEBAKQ2kc2MpemQxLP/vE5zJseZ9Iq9oZsUo2OqgTFPjmBzKNUFsjz4vClRgRdkeGuMtQbRzJSwtEKB2MX8IWPIQdnw8Rx90REDf9wJWjl0CZjeOYai3LmZYd/BeqY2wW8SLAgySuK/5Dxm+YShRDOalnxNh9YrvYHRkC+j/10z3O+K4q28UBQvM47rTpWRYMBJ2lm5GsYhvqPhzEZu2B/FT5Sx621QL7/+OpFU5y/mD80dMnDsCMgwreGWjC3X/1QKpKiMuv2SP4grRfCL5PLYZLsBTxe/o1tWp0Fn6EtbJfGbHDm1abGFP6LmfOkSKwOJWMUdYrCRfs38o2T0CerI+4i9Ra5Apq6amD278/bI0jv4rxM9mjMOH1WIgsrWUbpQZwKoRyvR3aSDPE/sIY6sP0t8Hu7lzuSpfSFRE+9lf8OrL0bShfBw031xDr6MC8cI1K5w2zhNkv3hg/NAdONMUygUT5/AsTxv4Fa0KpcHd/H5KOyeL7eSWSiW6ojQCs7/O5ZPl6bjAqZRF9+3EknUaICbbSKv1Imn60mQa++UojjzdBZOHZkLndjmuX3qDvbrdOeORDHxVnw2WgUth5OFdeChCj3uzD5C17y101e3lWxn+GBMYjIeq5EDSuoB2uX2grqdj4USsJDxePkTD8mtg3Kgazsq6w5N892CT2WRo9PZB7q/Go5VHcPcxBghoYpeJ3+iJdwI8OTkT7i86xWtNLUFilhO5dG4hzR0VrIQ7SO5cAV+Z/BWe1JzjmFAr2hzoi5JvJoBHmCP15uex7a9+LjtOFBz0D0T17+JT8Q/o6t1OqpM+Y4YmwfH+o5Be/QNXbRlLRVVP6fMsaZAY+IHm+rq4b0klXh67E4Tei0HfUALbpb2GhYscyKHqMix2y8T/Jl7GrlcRNCJMGcLl/PD+JyGQCPXjqV0B4GG0B85svAQ3RTXxy8+N4JNpj4HXpGjb7jwOOqIL4aL16Dx2Ld4/8BF6F9qgudhGcjLQhH8ml9i6+RUJLQ0iuUEJMK2P5KAXN/FyRhz9TqmHjC8SfG70Gwp5IgnDbVYQ0qXPQqdGQlrXZ9KYL0Ni5+RwZ3gp3KcOaBHwoa/VRPJjhqFjx346la0EqWmltKafMXd5KChfsqUE+05QGnyBGk4mlOeZwYfMMvHJYQno6f0BShfFuMTAjmotBfnHYC0tqWjBvNZr1JIhjA5zRtB7a0UIzf5Cl07kY2bkMsyiELK9HA2+49LQ2jaeo3oLaP7dmQyp5qAgNIfOp3rS8lYXGPYUgx+F6ynpUxaUhH3lslW1kKB3lQd2msJwrA+IhRezqVwi550zhYPXFSDN7iaH2j2CBZnptG10M8d4iIGHgzqaPnkBBjZ20KVuiCd2rKbSpI0w4pkgbLNLRnryidJTEd5M1KWDNqU0wqMXbT1nQtUfb1zZpcZFa/Wh+GMaiHW9oyODDE8HUujQt23gHypL515645DROdRSfYb6teeoNESRaqwm8mwvTYhxVqLvRz9QV897yM25ze9+NJP6DR04O0seEkfZcGZgAK5bqwL7pooAr74Er6Tm8K0PkdRCV/CgjzkXpcXxLnKDXl9f+APmUCs8Cqf+fszVIh/xdbEFed+ZwQMdSzl8QRGduWHDLqdLcKoewI+0n7izeh5E6QlTy+bbsEUjEzaVN9L0yR4gpiQLzbYneb2NACTm/uXpuu/YIe4NKc7cS4MuB/lrThE239UDm6CTICYZiS6vp4BP03747FyO8/Xe8OagFbRYaB8+lJAAnzczcFrLKNJVN4A14npQcMIZwovm4tBCFbzpYkz9E5NpQ+MirDN9C1+T91GYYBaNvy4DZQeiKPTKB9wXeIhHnq2FJBsR3BiczcZ+L3GSzSV6cX6Qx3WOhq2esbh5qyPYHwxF9/G76dSRXVhqG4cvbI/wynG/cE1OI9/7Pg3CF2nyseVz6eezXlorNYTLYBvtvKhG6pP7IST8OKePuUPxrTJwU7ic/HU+oPyoZTC9sIIiJxeD4udTPPK7HLzWVgbBlF3krGYDPfvfwLTR8eC6nPgvXcawir+g1bgSWywdqCoyj+PtFvKTSAMQ3/CdB/bfYhcHBZh5K51fW2hih1IaH/j4EOVr1bkwSIUTkuRBwGYr9btMY97TDhpn28hY7ys8OHgQLNcupLnwCIdSbfGu9jR4mHGBzNWtOK2nFXYsPUN/An/wmsYBOLu5l3dcaMSan64kryEN7RF/2Fy8EljpIbY8u4oN6UMwInCQN728y+u3XeSzY+pZxm8M7Cm5AePgJFSJCfPctxdw0yltsPe1x/VVnrQxV5GqDB6B+EMp6HrwneaN0+ai5ybcs+sTqKd8hgjhCzygcJeO2xqDVHEmyt8RgGTh5bS3cw8bjZHhbZVEO/abQ9jiXSS6uh7nLhXGOWsU+eDhyVAfNw+3xd0F+bOOqCp7lQzOjgWl4G9kZbKFtL/kgKrjJXZK1YWqK6XQ8HIxPQuwhumvHnNZcSR8D7kJBkUuaDXNnBdKmtBIUQm4ke3Otbb6rJ0fDNc8Z2Pl62WsfOg02brPg4jp3nBn8B6Pmm8KZVLhdFKjh4QKRUHh/irU6Z/HSq1Mixd+55SuAHRqqeaYkYIg/uUoKI3qogkVQ/C94D2OFDCGcV2KMN/mDji8u0fNRg1U+VQa5rgfwwu/Kjl78DtUxQ+Ax/3tcELhGcw4l00ZJUIw93oHHyjXh1i3/fzcPgiy1Z3pxNBz2u/1l+ZHHqW09fdo2aEwjqo5SbrNxjA1NQzqgl9A+gML0rT35V/1/9D59UeYY5wBx+I1SXTRTjJ9Kg6B2zLZ/FkvaHAXfvETIZnYapwtvY5qS5Mw8Ecw1AuL8vyZo6F1+R+4K/cAbN9KkH3YbXqYrYOtkm9R0OIuLt8RBntdx9MiBYb1Pvc5b/kaeKV9D28fvk1G44OxO1OblaUS0TVfDxTzXKE/Rg3kl//HC6+UQ4bYL1bRM4G5EUjCup9owcZgyjbTxDPjI6CqRhhOvbrPhaFt9N2hnxa5fcTRDvPAwVESg+OvYpv+XDgzuxEPhmuB/IS7XG4qyuwzRPM1nuLBDcpgfc0LfT28oMFwBSwM+MEfykaAyzKCO71GdFz4Ee52/I/LVfOg/VI4rTjmD7BfET7sEKOuB8awXmk3/m2+hz9bpuM8qR+4kx35lXk328y/w9uNTTB0mz6fSjIEr/mmNHqbBMxo24khygLcXXcfAj2e4RbTcDjjehVVpLaTeMJEaNZPZv/Rr/n9kTooLnjNn5/Y8nBxKrtfiMCXMwvJf2gTz1Y3BPd4CXBtWASNqp10h0XoRWMadv7yhwjJLP6yTw0UJlylBGszOH9GnruGREjLaDQ9EhskNbFiNh53EfhvIOyu/sfahVMprn4kNAweprvXVtFe//u4z2MSTWuQReeNM3D6VSC9TZvRslKIasaYQPqcIRLTGM83/y0Em3ndmKaWzyf/e8rOI++x9y8tqLQypopLqmDxbwf5TDWHxKM2tHjyfTo4Vo3bPGxBcc9G/rIrgIX1V/D7RDVod/Tj1r7PFLFxC6x16UPNoBs0TccVto2bztfvP6YUj9Nsc0wW/BtHI7pWAUbroaOhI+iuXw1yp635UlsNHJFvwmSd3/DroBEk94Rjo/ZHLE3bwUpH+tHl6AmIXr0B8imGDHpu0/OKaIyJUIIl9XdooP/Y/5u5oNUX8PO9feSzP4cFN9zj/PBMSLefQJ3NI+H3jTzSS4iA/dHB2B7kjK2KQ3hoWgvckJnFjl3voSbDA/vSR0DKygCuHL4A7XwBAmI9YXp2Mtw0W4lu+SJQtdQBLBULoX26BZxt8mfNba/YMtAMK9uPYE6tEGk8WwahsYXU/OUIjHQPBgNLIygukeVnu9aggHA+6zS8p+2yf+jCVS+q/OUD9w28aMyIFVT4QhFWyFzk3U/GU/SCC1zWN5Enbz6CJ4pe4oa2QTS6kEJDvUGYOVkHRrUPsUNQBbh0bIReV3dIclgPdOovv46zw/WvD/GU8R9xbcc0sLbdjr331nD0wae0+0827PYToJh7Jex4OZrKsg/h3PwQKvGwhsuzbFGwwIKGD3/lznRnKD15huesW0lSUzzB6fg90Hokx9dmGcCSFA0WVDvDC6xOwvjQSogQ3opPlj+glyfUUchwAxZJ+XDRsBJkV3/mzzuVSS0rkMK9ZMm6I4ffvTfF4F8L4XdZAtN8fZTLV4e3ezbzy+8FIDZBHpITrqOtThA2/fKHxT3faI+RC03cQzRV0QgsZKtYe9F42mojQ1VXhEmq4jM8+G2BI6b8oKw5V2jrAXuSWTYO+k94kLQMQH/mY9rlkYJbaidi3KphnOqbAH9tHdFz6BwnTRKFK2t1eNTG/3gw7CB+iXhNrR/0WNrxIexWFQED/Te4vSUA85ZKQhcuQ6Nb73DfupuU6VBJFHqKpge/4Lx3K6jSfSH5VUzn+3kykKo5kbLtw9A3xAYF105E96BCunT2PaZ4/kenfQ6i+rz5dHWpBFidOM1VGUu5snAn/3f8Iij/V0M5kxVZTbgCugwUQD8jDp61q8BS1zScoDEMv2Z+oI3TgyjlZR86fb3IWVVp6J/+GYVzr0HI/nFQaNIBoXsy4KvpBuz/kweWR5bRwajJWDwtlV5DP6Q5RqCAtz40GppT4dz5MPBBEIb1cqjLu5mffNbl+I3Its83cEO8E+33NIJU+fUg+deVo9xy0PJiHQzvWAlVJXvQYV0eWp2fCxJNnjj2gBl8frULJwe74x1pWXQS0iKnV6cwdosQvRnliLJREWwWMhHTLqvA4KEkTLEegY3rT9Mji914J1abXslPhKvJQ/Rt/RM6cBz51Ct5OHNeAU4cF4NT+0RAwPQyaXRLceDD8xzXdRu19/1HFZI+xCaGEB69mSVTazl4th6nCRlQotk0nD3wH9PsFrqvN5tmdX3ET70i0GVpgysN7XG7SiuOPn2Itn6ZhWbNLjxjwVn6McMe5n/6CxdOqEOsnCVIjahjOdcUWnv7ETatlEXJrUq4VGUs1xz6hI+KhvAjmYPgA03oEa+mKRMS+V92Fe+4ocv/lOXAul4D64UsqFXaGvf9ZNDLvcSWt6pg7KXb9PWMGv9y0ybZ3q8UFmnKi/euIXX359x4gUDu6SD8TB/gnqMavPeHKlmlT0e39RfIz9ME54dtZxO1kSyjPQk2Kg3iWD8PHm98He8besODpV14yP4dW97ezzf1jfCTTwFdjLQCAVVjbO7TxR8Jy9AXo7mlpgRkLubDB6GtVCDWjy2r08D94hS4KdyEKUmGHFD7E/amtHPIe02YNORMtv1tdK/UjM4vPAV2KqqQddaYqtemkugWD9rst5EdWkN5Ff6Byn5lzlS1hZpv18ngpglIig1iZns9fjRawar1wbxp/yaYo58LyZYvYfHtZHbJOUJ7JwuC4Mi/tHJZDPzLi2OZl/JkFOHJu57JQN/sLxiY9IaExB9z/DZ9eBpcjGo7FqFNuDrGJY0Eq1Rl+Bx0Hj+d/oI6Ch/JpdyEvzpLQK3HLdCrjMMtnMpRNfLkW5TLv1dVoLXAdD5v9IEcu2LJaKI5CMJoyBnoA5UzmSxi8Y5atqwkxautqJkhQJ9oDp77dh0UtUfBynOp/KdpL10a3Mt6urehLH83veneQTs3qpH07Qo4fGANpChYw9LB2azk+Q1PdK7muepK9FDbjsommnO0ryFZfRLGXnZkpfVSEOJTS9Wvn7NX2wCGXLbmAanP8GnBOjQTSsKW4So6ss4QNg1Lwv2KF2gr3EJJ636AxCl9fLm5jxpkH2Fg+nbevnMpiPe4486J4vB0fRUUTtsHwUUyFNF8gWKereCrTm94t9hNqr9DtOrDdfJbKADi7lf4jtMAux+dBWtzRCh1vAOxuzf5D0rQwarPqPDvDwS4ysDlXcTBnoM0MvYHlRgUgf5Uad70o4HX3fvM6jv10Ln6NCgunwhzTp6mVwKquPSTHJQXnMP+hgU8yxtw9v1MuPxNnL7H/cJk18lwe8IaaqMWrGu24oPucTxc+IOOl2ph9mk/OuOuRjncjXEqorA98BgqWDSBKlTQsWd5XOMUgsmpiuj28hh4qj4FVdU8KJs/BS7XWKDo8Vu8MfUHndVdhwsiVKDpyQxO4iwa417PcxIk8HOdCbBiNIx7FQ5JgRGs1CsPNvnHMCrpKu81b6XwtHDocv6JSbGCEHpXFBwjNXiHtz/8lJOizFnDpBPgBNW54sQOnzg98D9qni4CmR15HJvpBUWdjuSfu4ncj5rxa40GEH/4iUMik/mweyZWWUlC2J1jfHFpEtT/nkAZ83L4sZ4lGpvIQ7VuB+7fW8K37f0x6bcAyMakoMqOJXhkiwbb5AoSX3HCBosYKpsmDQPTPlHW9qXgnj4aalQyKHajOibK+vO1B1K0T9qej3tq4tCo7dx/3pbkI9Uhabw+/FiRAW77F6GTSAEed3zDzXECfGnvap6YvQL61v7jE0KXcY6gFszWOQJdFQ18TX4uvh1tzVPvmZPL41CuywmA0G+KuLZpNvv76MOSJ9pUc2UAe3514uOXHTzZsh3j7wfya68sGrb7CT4H1DD5oBAINSug22I9nHTKABLM4kDgySsIODmXV/cC7s5dT7F3tODN2RHQEgrsHzWGdab9B8sitTGx9Cl296lC5ZWd+KxTC2+ruGFMgjR0xwXz8VfFFLPeEfekRdHJ2gYsLy3CZRfvY2jUbqBbYaT/YiRMddiPkysnUE6BJqbMPUDm8YP4UfMxG/icowbzIXIXGaIJogZwQbCAF039BsHbbkDHWSmYaTuAJ/fdpdOfA2n05yp0vixAl3MUQDxhDScOncYpy5eh8clBin2uySfvTIJiHw9aP+0FvNy9Fs+ukISFMdKsOxwLO1b+gjtqczBINIe/VvmCTb4caihnsG/1GXLJZHCJkOB5GSFwWYSocvRzUBouJn/ZDhARL4MPlY20tXYyVPWKweexxB7PRuGe0pPwSOYdKFWWwET9RRA3wJztFkOzEnXI6LcyfN+bw+fO9fGv2m9Q/tiB7gztoY8TZsKV+d6YUvObXbqTOaZFDmQfSJCuiizXR0fBwPcb0CZTj+fKY2iNtCVoPjiDIwoMQbN9HOyenoM1JwagOmwhNyxcjt+ylUi/Tp87Xm3mO4Im0LfBjhvGWMCUHxPxiFgfRUw/wbERS9nDdgmurLtMJ3Ri6LJtGB3T2IWp/XqQ8m0yp8zoptDuVST4Mp0EtDZCetlENjSU5m73YxiecRzkP2rB9QnD1O5czcltL9Dvyhwaq21BnRt6WWSrLJx0ec6LBOQgTW0iNK/9SdF79tC98yH0SXUjBy93gdv+qnhdNYVcdevJ73ojjboxEQZEPtE+4zYex5X4pWwc/1I+xq+rRlOf0C2+f34bf5q2iiZcM4E5gg9xaV0NOYxfzFGSHXzWxwcEA96Dr9do+iKygwXE17D2fQVYPS+O09vucJ4RouavfCrryaIXTcboLesC5nqPQfaEK/2zQzC58RrGuE0hETsj9nucAGvt3dg6t4ZSV36E37oDZFiuj9oZgjAh6xpe6Y2CEON88J9+Hh2qdSDCZQtsn6YMIiI93BORhOkTzWBi3jB8PZPA9nekqXf+IRJ2VqOdIanoe0qHju7fiv0TJ3H8VmtYI74YGvuj4MGUvSRssY9m7ZxH60U2oP8uY2qr8IMXRRK4IU4LHJcm4JTJDvhgazAssujkr8pRbLY1D2wXATQ/tyZbs58UHmwElxuMuaBHn9dJLgLVujtww9yYY5bPQNUCe8ga1qOZf/V4vMJUEFGt4pFLG+GStzBZv7tNU8M+kINJNKyLeUXl49vRQ0SXA55MgnFTBFH+WxOsOeCBAUtC4KG/OAfEZ+NcxUxw311EC78gGRnrQt6CRpyyNo1THuiztl8bLAtZy5HS38hmYD7MLbPDC6Ur4KuHNdSJZJP0ge3wxm8NNwt9ItEYL+wVdQf3+OWwSTESR24/A7OMReH4rjsYHnKZYDARZ2zcROPTn/CDh7Z0YnAeXjxlRcf/OTO+GA1tRvfhYexsFjHVh+SzW9jGoQzwqAnlOobhzMN/6PNfxq+vx0P36jJUqSD6NrgAls7XoDVy+bT12CPY9Gc5iSTYoNX2HFavHw9fHhM4nJQg8Sf3abBkAay2K+X5w9d5+o46HJ+kBI1BYuAcbAXZp5eApMZunn1gDFW9f85nDYQpqgfo8kQXkh3U5KgNhShrORbO7MoEw+ofZJGC1LpXEAYqpCFPVoHiPk0Hpf0WNHnSHBLJJFh42ZHsPPfjIZto8FCbxeNMreGAynwuMLhJEZ0itHJeNXr8E4S7W85z2w8TdFe8QlPtSsFnSTh6brlLHxfc5svWP5E2CLF/oRXU/HjNQ54nSG7bOtJSPEzPpltQqEU2NqsSFTU54MBoH4DnIwDVumjPhBRUvpYFR25YwNfvS2nuUSHUcm+AbZfk+EeqLKzeSBDkOgOiv3jzqSfEgyvF2dZVCwP+TIbiA1943aEKGN5hydqHrcGz8SOJxojQpIZJHGE4H25GP+E8mzLKO+lPMwfdMKvdB+4WKEFWlgzrzK/GYuvR2Kmrin0XvTHJLxR/bn8GK4za2VMvmGYtEoYsnkF2Mavg4vlcbl8giF5mY6nAtRc9CvP4qvN7envfkEqWTIY0+WtcPfIu7Lq4D86GFJBydxs7x+zjrtMI6fna6DRiNQjFKkGPzGMScPMFBdNqjF/WSut/zsBEwXLqmOjLg5t2QVV6A3fOEAU3x4Wc8K2QppWak9v4s2h0JpXXHszBc2+m4VCqO0Vo3YCjdiNg5vQmnO26nWpK6/DIBwm43CHKWnIGqLhJiULnBtEoiZsYtXEqLGz1oto+N1pZbE3G70XxtPRmqNELZPnz0Vh04yp23VxCizdMAme1bTBaMoKdMveheE0/zXJJxUNGavBpIBqaTkqh06JaLItRgPdv//DJ5YPksHELGa7tp5mtJ/CuwH0ojyqFS8MSsGiGO6hE28CcOBdsPXUUzukM8D/b+bzIswJ1P2Sy14xzkOjoDKJtovjjqQ28XSULj74G4cyVIpzuH84lA29B99x5LMw6BEFdiWiuF84yDxEeuWfxPvundG9OGEicZ3g29iXcFDeCbUV5HGoTwLvHf0RjDxGo7ZaH0JiZGBL0kT1LGojyWtm0/SG9XXYZaiz/Qfz+HdhnYQ7+33eiTeIBPnc9m+b2lGCjqCbC+DYo9XxELz0Jir3S4Xa4JsSNaIX7C6fz3GpzyDAJo4Y9uyBxnBpW3AqHBiV5vGU6gcOaJsD7nXVwPbyBW/Y4QfzyAu753swrjqTRVfd6KPyzGddFTOfwHlG4VSaM6gdGQcIjB0qIb+Wrlo08VlYcVtjbcGXEProxopwTRpqCeZQv2AWdogdTzrOekw+7K/SB9Z1dYJmVgZ4mbaBz+hWWPbeBmuEpUCC1BZLP74HoX03UckWdKtxccfP4fDranUjb8q3x1S6E22c8wX/cMB4WKoNLoTJ8tsSCE1dPxKt5GVTaMwHDFhxh789mkOkmz4FdieChdYo7Er+Bdk4E/JcHFGL2EW57HmbXqm98Z4QC1K2LRI/2UtLovoTB31vh0lQHDHBNIE8ZfT7geJziw39jW5MRrBAZRaY//6Hk1y24zf0fbn19inIKH+K5OE2o1TUiI7tcHjkoBYkFUXQj1gnPKOvzC//3oFe5B3RE4tDzhSPvDnyBdfERkKynB9LZ63CaszgsmK0Cb7d/Q5GIEjhwbA7pxT/lX8M3SfyWPpokCUNCRzPkVKjiFz0tzijIpWZJZ9oePYf6tbM47ogAXV2njtbHlaGww4+S5edg+q57dCvrKdawLzXdLADjlyK8Y10c3in/SRdcTCCy7TB7K2ty2pVo2j9dGWcffgy2u+4iy/biAtlS3mrdzlNFBGHdovt8ZnwfmPu0I9VuJa97zjh8owpumJtR1OsO7LtVxj4Z06BySBkNXGfx0QllrB7djX/mFfOsFmssWbiQ8wNUSchfh4qGVKDcXBt/yXqB+OdDWJJ6jpSfqGO23FHw3hsOe5ePwZqayTh5nQ5sM/VEV/NllOtfR0scj0LKvRoM6tWkE1vPw7/NhvBKeBrvl9eDqNZtRDkz8FD3PTjWMwuiVJ5hu/YY8pk9GaRU7eBb6B7QXj0ONjz9iyqqW3h4pzql2bSQbU0ZRlsrw92nnXzyWgYoTJwGBiPlQCfCjGfOeMuGzcasanmLrq6IBPv9wvQ3WIejlznShPN/eFhRBCJd1vBZQ4bk936cs/A4tK04T2/PibFKaQ4OLNpOv3IHWGT0GLBcI8vnNwxBqE009R8wYcm+btC/Uog9H/uw0SCLPp54hXUWU0FQ8x2n3sinvvX+pPSynuab/qXV92/jpxuaIC7ozNFNO0H/hRTcDf4P3pUWoo9FD3S1xVDIH23SPyFMnsXX6cYHSUiYO55mtorAaL9cNLr7mjYWtVKqTCQOjc+j0Yp76NB9I7i56SeOl9ODz3IGYBWYjPq4hgud/ThLrQID70Vg2I8geqYaTnu3eaLGnjjcfM8IRphvp7pCDYjoj2ML1zHYU7oPO28/4b8wDiOOP6c1jwbRv1IPtP7Lo8bce3RM+DUXho6CU4uFKeqZOEWExVJBmBC+KH9Fujkq8BktoUapkVd8NaZom1bAQ02spz0IzeeW0LpkTUj5aUUlb21gQNCLIneNYN/gKZSpEs+KjW787EoKF28ZxRaTXnKQQiOdltUFt9ozMOJLD0e1j6dnBkR7n9XT1upgHOGJtKCymbwtJOH6REXQzIgklTJHPl00CZYesufLnv/o9JdrmFc8hiUHBnnVZj9sLhsD99+sgj8751PIDFd2DDnEeRb6FLvNiN5V1/BHEzFWyYiGneMt4LbJcfx+xATErMNoZ3ETaAULwu5PDhD+6x/cmpXFBpsmUeZaK1hg+RduaQ7yxRQ7rnzsCYenFWBBmg+aXD9LG3220mKbV7C0exooFKzCrPA8uqM0Bg+kq+Ff2Xi2FhJjlzGZZL7Ikxct64KKBD2YpjeAQT1xfLJgOsTf9mUnw1w6cS6XwytSYQSNYt0Jhewkpwuio57i/vRcEOh3wGuaxuwXZsUhukRoeQOu/j7KroLFtPquCaR1dsD6Yyk4bjuwZMQZCvZw4MJMOyieHIIZn1ajjcgIFEkXhooQpDHai0j8sjBnWCrzXnDEn02TMLYkm37vTIG22A64hBPApmAZ7jXOBtPnM0lk1Q9+0rCIL752o+IJD2nlMwPedv0FhwRoQOR/+nyssxPDjaPoXIMebh/woalrXXGM9SrI1flJlb+NqFBwEgSGNeDuIDXWyCjCVQ3vSHxhJ0zVfcRFuw/yNaUcbCsWhGseBrCt6xsfob14bZE0znGahGVTi3ik03E6BJvZRa8KU0dFwCRldegWl4SFOk/xrJs2NJ4/wtmHFpCwNcLMl9dp6h89DjNJ5XQfZSgvrkGV4HI40DKfH34wwSv720kBP0Nl8CQ6r/sPGx+k06wiUXgco0nfRMLo7LzPMGQxEZQDrHF+92W44uQM5pO92Dz9OKzuZPi5vQU+bBPl1ZnncX7KLaht28yV0cvp4YRR1L1blkSshAAdBCD/9hIo3NHPM8NUyLcmny/deYppFgm82DKSH69KZBtLcfSKHAFhi35TsVg/25mch/g0cQi+dhXfnfXnzMu7qFP9JtXckwdpeYSajcHwStEDvr1cQcESGpxceZhbPTTx4kQpmjzPCb98mwjXxMXhTuo1Gvq0hiyfKEL52XkgcC4Ja2e+42W7ZWmvlQHH59WiSb0oLDt8hcp19tP3CVZw5pkqGDyqQ/f9lqh1txYWJw1z/5HpoCQ5Dp6u+wDC13OptWcuPH9+A88W/OHfq8NIkHWps6ONbk5/RDcSzcFdspxn15vir6xt2C4yhD/n25PjJRd+qWqANhk+LKOtwR+DjcBUVIteV0ugQJsih57zZq3FziBc85j3ihyAFRpX6PWLNKqYbgpe/4aorMwZL0Q4w9x6E8if5cq+ZifpjEYAXjx4CMV+lgKvGQdZ6yLw0F09TFHo4OHhYGx0EgbFKQn8c4QXPmy2oBaNVDJtUYfgCx+4zNgJdxksZPh7h8t7n1DniSbUWHySbt9OweuhDeAQIgVeH2IgUSEblrzZzZvF99KFMn928mmneXEuXF8zGryXZ+Nhz8nwdp8OetScg1Wz5tJTP3N+Nf0M5HaXcc3YTt5ZcxWvqMWR8i5r+NHnSBW5K1F9ihlpClxg76+h/O7TbLq73J4UzcpwjNsZWl6nCMc7teGb+V2wHLhMh6cl0Mm0RtqpHUOGIy/ArcBEqvPez5eWaEDwwBt8k7Odp74ZDW+nN3Gh0R5uUjcgB0dxlKj/Dya6uEGNzxSIt9Mn4/uL8X1gMgzU2nGKcCBlO2bBqDk6vMfLDFXFkqFCQQ6uyMri9pATeMyljX88OY8J2U/oheJmOHH1Llw3msSWJ/OgKX4KUGM2vy6NYZ/DnezWshgjxqSDl1QNxMz5S0JvSsA+fRl4KivCzehOPu53D9Or6vHlaFOMYEdsHyuJlVOTaChUChJGy6JOlwoUz02kw94B9GWeASTv2YtSKyUxumEKb8+aTo3FfhwpUcY6Y3RBK3QjfYpJRIeVb6DhrBbEuWwHa6cKVt1aB1cTfpD9GWnSnq0Ozy1L2C3AlPbqIu21/QEWkTY0sFmQ37szaa0t5fqxX6jCywwWjNpMf3b+wsY5RH9uX6CLo/ZCpv1tuD7qMc++boLd8Zfx+V9lKNroDA7Z3ajSkwD+i0dBXI8KSB1Mx/pp83ld/zmWMzvB0/sMYMwIXRB1EsFnKjL4vCuU70nuQNNRpnhU4yTFHLzC42ZIUUjfOPAfnsLeD1qIjq/B86mC3PUsn+PWKGD4mm6aeXUeartV06edpjDyxlT4dzkD9+b9oZStuuDTsZEfXVxOVVETQKfcEAJjv8NIhSnwq7QfGvfv4tELxuK04G+8YhJi23gpEH8VhK/0svFz2jTIF7CAee6rUH/bTbBfNB88lTpI/2Qfp3gJQ2q/OujeuMWKZzfAZ3GCsrI1rPJMgab8NcVZ4QpYF7+B2p3XQfAWTTZ0Q37xYRlqG0yGCbLV2Gn2jNtMNnKPvzfoxe9FnWFxOmIYQt57qsnCUAq07CfAb2sVWr11Md4a+sPvW29CwOXd/OPRWKhTO0X5cIPEdNVQ6qIerJ37gY6+vMN6Bd9A6rgUqpx6DHYNX/lh5yUYWRQEV9TjYeQkhFO+vejhRbyhpooX/JDiPYHveHpaLJwvsiBT05P8zksZSmVHgZOFLvXucaBETSs4+FOZDy4k1PlhTNH7hkHioif55reS/HpJiHy8DlcvWMf/FqzjlGsZVGsejFu8ReH7kn8kbvcbtKaPgudy6vBPbD0Eap5m26e1qJGE0FyOPMNAk6WrOig1Sgab1gfxa0tFmHEuGcT0N5Lou000uzWQTmxv5ciLWizp/xkd1D/RkUFdcAqaAt+fnKPCJ/n4QKqRN3yzAPGF4ng0ajtbrD1AjVGLsClwH/n+mQCzizJpwF4bRDptaPm/VNT1VEbvZ8EQ/38EwAdACAgUANA/SmnRVFKaooVKO6koGrRLkcwKURJCkZLKFommrBCpSCiiSUnJiYrMIhkNMnNv0j82uK3DUpGTMbDaEjK/3cUvNU9xf5Efte7q5cQ/L/Hvu/9oSZ0/9O7/ifNcelGl3xxKyq2go6iVqpuns8jWC7izaCnlOGyB3BpF6DsqCW71c7m9CWHX6nj++PIqNiYWgkvuU2ydL0pPF5ziiP3dSG+fkoisHpvoAMQufAXVmsmQH2PFomLvMW38WMi9GEHuFrLwo2grxxl3QORhNVis1EkNJQ7s3LCXryfNYtNywHMfX2Bt3hqaqfOJj9wfQ/vsR0CjQgmu/h3KgiY+/P57GN1pH8C8iwMooRyPx/4IUKqEO8mJC8DC+b6k4PqAVl1+xNr1y9ERVqJTrxD2lgbBn/kTSUt/LJk/F4D1i+LQr0uI191UIH3DERAmoMNxAuux8+UvGqOUheMXFOPhubKwwG4JtKu4wvP17XRn63w8c+UhZ5Xv5JmGt8HPpAuW9u/lQ7/GwlNlMUqWPcIPs91JvW8QZXQXQ4jIH5jl+ojPS46GLz6H4EeGNJgtuQ53vt6nYkdxnD36MQYqzGb7z0j1+YYQeNsCjm77A9HfR8MsxZ/kJe4JOglroUNeld9qXEDN+0+5p9uNM5PWkoH1Ih5TNwrw+FuoHi6h+37vwUHmIUb2OdA1eQMQEXrGtS8PUb66CGXdE4PxuYq0asE8+DeQxLdHt8P+yf/Adt15OPznNVjWG4Dk6YUQvkoSXt/zQsPOmaD9y4b623WhVkcHFd+dA5kUBTqXrEiq2bowJnEyuEbE0oUQP3jkK8bP6yex5yhXyEz+QOJtd1EvtB3ceyuheZwyVHtlw7lKI3JMDOUbTbdg27lEfOd3EwrWavPD92Op6skU+tysC1YT48Dv53XO+iIGa13lqODCW6p9mYFU3kJ7JdJZXOMER6TrwyKDL6D94BBJeSyntzcy8F+jBf76UAQRHfOgrsmWOv5loeNsWbjwUwFmzQznuMuJNLlLmW+7B0CukTUPLh+B858UsK9cJA3dUoKo2y3wUPkrHN1xB7XiTNl8vRL+ce3kTxdEaKHHfv584wWvFZcFQ81FsLj+DGdVj0ZvqTN496AoX97rzq8+NXKltwvIrF4CVjf04FP/F1had4Y9tQrA/VY2n7oVDjKmSH3m62DbgQMQEfKPp9+ZDvRfD4V47sPF8sd5Ordj9SIvWnjkI+1wW8rLw4Uw4tt8GjVRDEadXsRq3Qv5p3okDO4fjZmGRnjIKJ1Pe63G+aLK9Fa4B+ewMCx9bE1qGTbcUyAGDaL1tO6IHC3xryHtsRPw/G41MHwSS2/TjMEyoB/02jeD7Y7nUJJ4hF6/2A0eXEQXbDJYxS8OvPJbeIOuDjSvvksOXc7Y5rUUp/2WoqoiYQi3q6Wwy3ZUeOkFWfwUhHWztUDk7D4sTdnIJ1+NxZvUihFv/6P4P1bcsK8fRm4cZE/hTnTzUgB1h3tsJXSZPv46SkvWLkTt/ffI4083qYvb0lD0XtLJNYagai3Ys3ctXXh8mINFokBj5QCY/XLFjklrIHikPHiZbEH78Gqy6RaFDW2zOTi+F/XkhlDgpREOqS+mEx63Yd6VSXB74D5LvHtBCmdl4UfqOjDKfYwOObd46nIx8IvzI7lAVao3vY8vjo7GaZtm8/e708Gh8SnZS6lC2uZVcLp1CiXrSuCmhyd4x9gEuuZfzsER9hz2SQBmyAXS1wB33uySAKRvwsaNOrTVl6nspBuczP9Ij4wq4Ey0FZy8UUHvJmbi16OVnN/5l8tuStK95hdkHzeDskqzeIXCAXywRRCqNkxnj2En7CupA0ebhyCXV0HTtAIgNWQWHXU34cjimZCdKAdCqvVUolEAXKXO+a0T4YD0eJ5UV0Ylk4MRl65hx5MCvDpfBbLLd5H/Wmt6afoB9nql4e09C6jqbRnnnnJDwX/fIGZjJMxdLQwTpmSx4MiV8NvpOsi/yYMmo3G8WUqPk4I8uG2oE0UFNtNIA20Y45JB/b1ZoBZwAK++zyU4q4VOzbNZXieX/8ScYdO4eNzwTwsuq04ExSP3oeuFN85ZN4UdKgA+/SjkDps+/C8vGLf//spWxZLw4YkWjXN6xzXnc1B74SyyP2JOu7YmUU9FPnVsmkXxV2Qx28YKqgyTYOagOMesX0Zlvq5Y++EU5PrPIPNTJ+BH0ioc9S6H9Wv04aHWLvbIKwH/H4F4t2c/JwZmovl/2zF4qzTWLbrJq/amo5KkCpS759Po6nF0+Ew37dowxIEBZWxEISD4fS53rpCgNIskWhkkAAJOjbg9PJHzRsxlly8uNDXQFcpvKPNXa0saeVITTippomieBMTeaoKdxX9wZpkcViU18aauSTzeqQmtrYb42qOx0JqZg6fbJMFiYTwFdYpgwKY2ls37iLXS1Wx/7iA2eqpDoJc9XLqUQnGlpuD/7z5IF+ujkOowvKmYiZJiSlRrtwW2/fcXajWu80NxE/pwQAX0DZUJX4vRhxQ1TIrIAFnwpjcu6fwoIZ6czezg4MYb+OqoBjQ+awXDY02oODmNJtyq5c0mI8m4x5QWC0lRRIASuAZ4k+0DYYjXSqDnPyrwQf0ier91NDd4acLieSo4R1KPPJbNpE2f1/BKHSkIz5FDs/YkqL72B79ItYHK0kq+N7qfJpwWwLB1a3mr7w1aNGwC+5p2YtL2iRRxeDOaJ9Sz6sNc2LvIiFYUrSfDcQiDWj+467UGFEybQaX3ynli33YYsXUqSu/6icI5Mij/KA4zXb+hrYYWPdAThUMqzuT43YG/3H9IUUNjSOXlV/zPYTmmlYRyvs0wuRzvgS1DitBQtRmq1kyDptIP5KX+gy2uiMAowx4orbCC6pSr9NW7m45ESMC5cXfgh8JjKrihT2/j91G2QhwVVZ9Bs8gubLC054Vxk1kmVhDixJLxni7xT+kumiYbDPoGH0Dw5khsNmygZbUHaU1aMS3KEIHzVxp4whVH3J6YCPLXK7loeyHnilez0asXJL2vGM7fZ87dbAxLHhlS9fqv9DB1BevtewJznt5GlwWrcKfaMsitugr3Nco5crwCxFWsgDnrPlLRlqv0SdoJ5irc5OtpLRScU8ymkQHsVzUPPorKQUOyBs3WLGJbv72YUTsSyOYONUun89ilmtxy4xuXp8xnfx8TEBBaDU51+Xjm+zW48cuPCqtF+UbSL06QW4peF29ytoUVOh+YAF4Vq3HDQ0Ewu7KUTeoN6fHjD+gUfhACj/6F2rZseHymiq/MmgDHlk5Cv2RXfPGrhQ3MRCFb/zGd+eZHRv9ZYq57FItgLMapWQE0ZGO9kTA8f/CQE6ab4uR4caqf4wRbh1by3tIzpJKpCdHh02BFpgobLZtKeyTeYt3maOy3XU8PjrXBnQlzeMJwMGP7IUiMmAhntybT2okfMP/JZk6YIYtzXz3jOBSH4wE9dMJPg4Jv+8GlAB3I37cGRhxshhv62jhHvQ8NYw7RSm0NUnCV5PsbKzCtRAuj3grAH2FdfuywlLOjjWHo0mMu6Msn160xbFl+H6e+jkTlZhVMvysMedtM4ZR1Hs2qXwHGxY7sswZwgehzWulzBVJe+0JwRQGmfDGDj+afIPNDAm/4lwr9W//C3vIwfhUeiK0f8vFQfShu6NDm5gIT8BcXop6q5WRjv4VO5fuh0dRJvHOBLX9OPMX6mlvB2/UBiahYgrWgBa9oX45RWVZUHiZPUniIBsxGoFHMD/zxPAS7/Px4h6g4XG95ht2T1ej9hjncssIZfQpFwGtZDYg+PciCmtd5THowOcTKwKZ5q1n9kiVVP6vG+PMN1HdOilUOK5JKiDVlh1Sy4M9PlCk+GSL276fCKTfgTlsC/Pn0Ci//QLRYH0wBs72pS/YBnpJOwns+xtD7xoun3fyBfmGe9NV7GdwanEnB17/x3qPzMWpKNtgm1lKanAREm8egY+cQLjYSBOeRpRBy4COef+PKkWFGcCMhAY8IjqX+RyNgTkwublgfxQsdb5HjtR/cPLcUtm3R4Amqy1Gwdiy7nNXB7ZcVoN9yNk4zWItPjrrzuiNbWMhkNAd3bsRXZhfg29fv8ClFEYYcdEFX4xcXnvZk0QJlUE5cxY1TRuOrolE0w/oq9eaH4XeLGk51Hwe3N32mQk9brnb8zGtGErx5MhKCz5TSWfvJsHPND4oc+Ypn/ZIGRxtN6P1dTJHTJWh0SQce7wilENfJUHzmNP19MRt6BLSgON4S3IdFIDW+FDSVT9OXW0Wc82ka+xdsxUejZLl19S0q910Krq/MwNMrA3KD4/HDFSMyKDLnDwJrMOF7AbxMX0e3oxtx9IQ11DJJFjzX+eOOzcxa03/A02nnqC7yKsmFrmTDgEn4e0sSGJ6sxwqRcZC57yBfWnyYWttccH1FBY1tHMaRh0bBvw+H4M+KIbiOkZznIgv2otWkoSlJ4bWfoD1Gh3p2FNOtkjvUFhOMm8kNZ28wxsMlclCd7oHT9GKhe9RBvCdZBkFVfzjo+xu0Hf2Pb45QZuOWwxAiOwJu12yEEv85VCQvwPKNR3HTny3QmlnDIydMh1TTIGyjGDTO0wd86M17norARLlUtFggRGJHWtDW0B9Oab0l05kNNLA7AC7cNIB3W3QoDGZgUfc0fGRtzwGDG2nEkfPoXP6ZS9skMVf0Jz5aJQ5xuzxge+ZjunHEGM6cGQc/eqJxT+tLMI2dQClPf2DaOjFUtxwPoVnTwelfD866t5aCxQ5B/jpnnnrUmHTvLUDx1qkkOM6Cu6NkoEj0CzcJX8PgojKui38EydfOwYo5U6ExpBomH9Xm6c9Pw4stehAW1MyPg3T5svBxXBVSjuPl9qPisjVcOsKIku8mwtaWTfy60RQcfhvR3wVm5H7mECQemstp5hZUck0I5PwesIr5KDqJdSSeJguO62rwZeYVNhO0hhvHruMI8Th8MwswZ8wEWlS1izwP1lNjnjDoK4djf9tFOGu8np3jNGlZhAzJvzRFVE4nSx6JsVlhdLZ5FOi3KZHIaXnYFbGQq/tPk9gkewzrusOTdDbzV/mvKNSjTuU98nApuJ/G7n4C21ZWo9zD/fSIhHjPr3/4ZPk/MLWWhEzd47TEThJWyKthnfg4fGQ9k2w9j+Aa8zZ0XCnB2qcl+E7vWny+T4Dak8VgSKCERyXJo+a8el49zRUloh7hfTFhmt/gintPP+AZb3bDrW8Iz0P/4KDHGdiVf5xPXGjj7uw/aL11LUtk/IQVan6Yu9IK9ArlIHNVIKs9VSPzzGMo2a3PIxc54wosAe/FtRxaE4r7trvBvlvKMLqRYJ6IBbXFzIIet42gcXUhX/6vjBy6NtLdeVrw92Qw3opg+Ceohkob3OCo6nka7VNHAuMjcEptEZYKDaK64yxwfnMArVgewgza0NrSARKXf2ffSEM4FV3Om4t/c8hnL16mMYeSVjfi+SMMdnsOU6jMSFr2poFqTWx47xRfbO2bhW2uOuz4ez+HiEXw1XYBeGRaBOXHd+B28SDSzwvh5u0HYEByJifYj2KXxtmcnrMHZpkLQZ3iBXx/f4DH/r4Hoza0s+TxMtRxz8GWgUxoCb7H5iOFuLdYEWr7S3j8M2GMzv1HC67EYIT2B3j79y7uzBaka3fU2HVSPz3/OR2yCgC8Sp/yigeCNGwXQ0/1D9G7Hds5Iz0Z/gYuxuWp39lnrhjIKa0B2whn7LLMxGl+i0HiRz5pVRpxtkEmztuaRg2flcH+lhjMLM7kFIkfdGzpJhacvRFW5gug+MgC8DTWYWerONqo+YArQB6EtW6S8vtz+LrHnWLK37Or0WiyONeD8drPWGm8A5fdzYB7Tfqg5aDM22dmk9N9OZzkPUBXP8hRj+55agr/xQ1+6XTd2Y5nWIlC1Y9W/Fs5CkuvD7Kg01MK22ZDsUu+gvCpN1By0JPDLjpjnPhU2JQdQv1Xe9H5bxjLbVgPE/4lQMWBydA29hx/n5JOFvuC0VLaBJ5dX89p0r6EvTd53/x2tnn8kPzOlrKg4gHS7ujiqzNfspbhWJg6JwZGj+nB0unD3GNwG+/NW0s7ldfyxbCXdHBzGO6sVWKXc6MgvEkH9hcpQ/OMXPQdM8R/Fm3l5IfCoF6bQAlxS2msqBSrZ1nCu9n5OGmCDD7uMOb50x3ZYNVnTJ6STuNeHeCbPX5U0fWR0l5ZgdiW59BxQ4r+HvKAAxK7aJ3GCDgdlEx5M07hT/UmvKh4Eq6JicJw7xZcYh1Cj65Jw4WnYzHIfw6JHcrjI8+YvjwUx3wdL44/PgX2eRZBb50NDb5bghYxC/lo+mls82c0VdfHlLtpmCvyEoajFeDgSlWy+JeH8tIB+Lx7JPpMqGP0e0yq0f9hQcwVNn8hDZoZwqDSoASSoia047IrXOiwhEnjdDlvvQacWOeJB7JfsHfrM9jdPxnSln6B5HFvsHPXWPQe1GafI4owPK6UTDYs4ycuj+B0yFNo2DYRdN5KQ9eEJFwt8Y3l/qnDT7VWPKn3FDMlMvDtdGm2qu+F09oC0LtCDIUDInifwCv+6yRMB2ar4uayYhK5bUXSbZ/ohlE+ZshPAfvJ2RSn6IofdurAXo9ffHnQmb81LoG4ggNs/usgvxyQRu+JYlDk+IMm/NvFQ0l/yOMKoJDjNvx6OBP3eo7B06NusVrZQzZbNgpeTsiBGv0cDNs+BuxuzQOb10vYrsYMBv51wuChflrmMAWr7BWhKuEZXdaaB+s3KUO94AxqdosijW2+oOA5SLoGO7AzvpsqEuUgabYEbE9VZa3vZzgiMoRukjFsaIwGW5XdvKtBBktWduOqqcLQWlJNC0JvcOSk75wZaQW3vwMPRWRwxfQmzsrzw5wdcqylOhlWNJfTF7NyDE0QI9WvSqhYcxdtbexh1u1OPP9wFvor9XNjpS5EHr4EIcrupLZyAg2+dcYUu4lY3xsOCelBtCX8KQu7P8CueRZg0ShGC6/EM9qk0vuuWNIyMcYjB2s5KaQJ/+sIh+1Cz3DwowlUHOiF7+JOcI6uwcL55zlxfSzIn2jBO2dMoK+lm2MmatHwTjVwTm1GvS1XeQDDULTpNbX5z6Zd0vPh4vOdsMr0CRalfIPVR6zh9J5bLL7mHu2dexBqeu+T3BsPMqtahu2xIzh+uyk7f71GcmAFi870Y33xYnr/bzJbYzWXS//mQxBAfwqW4aJrn9hxbCT7qqmBXXYPR/25hkNZ9pDa2QrL8Sy6PSuFzFdikBj1lA6I3MD6HVoQEP8aGo55Y9HSEIT3BpBs7A6bj3mQbYgZ9659AW1pHvD6mgG0+13B4UmxtNyzllzHn4fP001QPHE5ux92BxFzHxDv6oIBS0v4bXoWtr8d4qD6D+SgGcgrM05ixuL3BEnh/MxcAdLXhpN/pgEc3uaInslbQN6uBCNyV6G7Thp6Fv8FtWdW5FxHIHmjhM7bycLjd/eoIHeI95Q60xOtS4BicyniwkcUK9vGOonrUY5j8L8iPWi7PxZobTqnHdeBBJ8YUGj/SmNGzoXdJ2eBlcsvPFu8CAdOjAQFmoC/Szpg9FwXeix3khy//eRd3oVsuiSPS6plYMfDCmhlPegTqyb3PaLcPqQEs7Qvwx3fS+SZmsKFZ/9xVYYb33jixK3XLMBu5ySer7yX5aqSOONAFFXPjaPoaR/J+FIzZh2QY92UEO6XnQKbYsfA5uNe0BMSwc99uvmThCOczw5Cs9o2Umj7QguzuzEOdGFD/EwY1x5NZ46f43SLh/C7awSL/9qHz/NKMGrLfpB89RM1jstD58r7fPqxI3UeP0lzTk6huH4ZalQtwp8LY3CJqQuZfZLAgPVWUKWRSp/LYlDsXg+fFnqG5bJLeeupnVitswAF4CZsn38Z1y3ShCsdbfyktAZqagZp7jVnchocQfPG3cedq8Jokvdf/FsehC/7hWFHrC1MdLHFCBcRCuzzwFP1DPfWz4KIAURPiZ38216JLfaNg4j+HLK7oIB6CfLUsdmP3x2Wp1tmhwktZnJ6+i8eud4UdqRKgqbDV5zW8pm9dZ5x0KLZ1K90BY2yDpL8h9PcOSWNBgU+c9YLfbjaPg5nOtbQOo2PONHyHsz2bYAOdaCqiFCOV5pLx7K/U7W+NkSiFkaOtcGaV+tA4PAYNHTXh7Uqmth47iWEPfQACpMhm6tT4UnOf7R8rRt9fWsKEgnJ7CdbSwe7klBkYRe+XOvCHpfiKWixDERuboDPTUG8I1MQE6wEebDBkizvN7H95F7+WnwHjgldwLYKfVhieR0aB3L5ztxbuFLPFxetSsMNz2M51NcPeIQgWnrXoF+vAWR1FODlc1K0c0U4PDJrQSUBBxIf1Ue2k1v4nv8xbF4kAY9XGkGUjBEaBzzhS48+o1dTDkpNGwEaSqakNxzMV9W8adfhSTQ53AB68AC35hjw4J3ftK4qg6L0f/BErqCVB9fAuXktKPCUechAAJwf+dMp7QDyse/ARxp7cbdYG9Q6f+TtKrJkKnCQX1XWUc9ONdjtV0uaN35AbHolrzYJR880S574oIaMNI2g+bECdLVn4DRFQfCpU4QHMxfQsfGToaU3jNeGLAIjARnWLltANztd6OzupbR2WAycTafi8uQrKNE8G9uX7OYrt//jFiM7zNL24cG/QWS/8RfZrBeCT9fGcN+cE7xqwJckju+AlJornKPbDp4zv+Foj7+wLmkmTNhoCMs1zqNK8gmUwh7acVAMOreowbt1TMUPbCBPNY1U5Ifw0FQh+Pd8HC2aoQRyPVMpb+Up8F6SD1PXtYJJgCJefv0d5Wef4wwrAXg+fQkaaewg+BsLss43QXCkHqyaepCeez+CsOFRlPXmDriHjoGI18JQefknhp0whpjUXvY1G2T+WEdSsqnwxfsKcu12+iiiBrFXd7GDxQIWl7XkprhE+np3Bde5vYWgyl7uSK3jb9GGfKfOGjbpbsC029awYLoUKDXew8gTVqiw8C8tCp6Oq3/tBzfxMkx3lIau3ZV8s8ub8guj4fdydXQxkcOVtWaom9HE//y2UXeVD3VKmcOwjwl9a+nmSYc/QpeBHKRLefHH+x5smrAHg/ecAueiE5hSMQYsd3fx+ihr0pmZSGKNS2GjhSx6jlzDH74I4JC7Kq455cOmY+ThqlQ30r8Qcm/wYJcFwcjCbuT5ygLmlHlg/cPLmKKkhCrzJkBu5Xi6eVqQJse30WjUY3H7ApSI+onT5QvJ5PRhuOnA5J2oCmMKdwC0G2Ca/yC45UmyWsNaLLgO1H16DCxU1EP/iA+8+9U4eJO9mrp/dJF3qQ17r50K89Ur4a10NDX8MoOlX46g1s9M+CkEEO3iw8K/XuBllVOQ7vwcfu/I5ScpI/mlXTyttBOGqEsuoKY4DSa+3gDzRxZDu48AL1yeCGl1KlgRuJ5lY+fiXaUSnu99D6s1dCE7fhK79GvDnQV/ecy4GfByqjHf2hzIY833QE5pOnnZ2rNXEIN09w28t3g0mo19BK9uBZDWvExKlRIGj8VZWPg4m3WFTtPaIhPoPH+SBFakYPu8G6jz4hLtXSTETyTmoeUKbfogdImUOorQIGgStN3JxTWO0birYAMn1Oqgz6lWygoQZEr2ovgX/uS2LBEFl+jBzJQgCjg8CzIzIrl4/GPumnUGjcdVQplTCmwzPoIeecGwIkgPVJ450cbKSH4YKQ1Ki6fQHF6L1g1uNHdqDg+NaiTh/3aRf6omvD1wlMokr8KFwmaYsHkCZu4qoL/Se0hzoQ0Z7rpMc+9MoMJ1FnAuyJruKD/BnKv1FGgbwuErJ9GRjlimbaJ8s04PPBPjKKTYCNy2SzOHniH/dGOeUfuF7Gy/UnRvK373OsgrlP5jg4lbyCRdA3TU92GJ2m7c8eAr3QttYfcsR5RvDwaZpQk81KvKU7zUYXbQZNio8oUPlsaRtvpnvpJ1kDRS18L9H+LwofEs7SjSY4Uf52nM3VEwX8ODZk/ZxsKHttAnu3j+7d4I3QelqMkqBJW9X1JCoB2+e2gJXYL9XFyVCOtjo3nxkSm0ZMM/ljtynqesKeT7DoV480gnHAozgT0j7oLt3QQ40z+PTD2fk/zBEOp5/5JPP7hPl5x7YLTiYTQ9OQ1KN8tzqZEjTtqDECrTg8WzBUnCPhBN68xw1fostFF/hw+dVUAiT5oaSkrhle5uUnvyH5ZttcVLTvVwtnIXarwFsLDoY89chENtNXj2ziM+9XI5i0e9pX7xOyxcDXR9cw5oC9vyhvZQ+KoyCTru6dOEU8dxNfxDja17+EvHYfp77QGwbBJ8WL6Itp2ZjeGvRsD21mV0tnQxnLWdhQOpRVhR8JFz85zoVpsQxnSN47mZoyBHTxNaa17zho/WfPH6VNo7eTkXdY3EW6FppLTtHlU9iINPd8XY3ssE7FpvQH2sLaxs2Ior1r7CBT9/wbiqVbypcivuHxnM7zY4UNhmRSg1v0FWzVfgr2Ujeq42wVmdnfC1Zj7Yjx8Gx+9G4O6kCqUrzGD39Qg690Ea3ddncfNRBdpZXcMa+SegQOYZ3I4NxTlb17NbsiSMFOiiRF9T3HBXmFLmTsPArNOw0OIOiBZ85rLAj+CZYMPyj6TgUugAx7s6s5DuFdq84iqfEa/CB8cec1v+YVTZqwZbcpbxi1PSkL2sDV20DkBlvTmuzF9Dn6VvwWUhFypsy+WpP+exnYYd901Uh5srluN/Rn3kjwexYOJ7pqZgPLa8B53e3gOZzhr67iTMVbrjwHW1LOz7uIyyruxh31tvqPHeedpUsY9Eutx5iossuiz8yxuWS0CM/DGsWrMVJvgOcsvrHFq8fRns2TSTCzvykRe0oEO/By4pEIaqK/v5xwZnljXNQNXNTtR1YgNN8NhNt+b8JO9nm2jldm0wTZ4OY2uTaWa6PA5tmENnNS+yuWgz9/dawfEvmqBYDLQ79jxtXz8CxvfpU137YRzOmUeLKwThlekaPPp2GaS0rCO5rnX4zGUnDP41hRE/N9PKggi+f+YUGVQcpQkRcjim8gqb5q3B9IpUeHO9Fk7vkgb1OyY0s3cCxfl7kv3tUBQb9wFPOFrShiXPSTKrDARrkklyqz7M+zCDfqgug5CYY7Tw8nHalfKAXauXgEJVD7V8swPLRTbo76kBx9ymc2hyFrpo70E9oS+gVnkOv0XuptAZb8FmlhQ8C6mjFl8h+P5uPI1ekQjj/9Vhp3MlLLC7xlcDerh54354NXMu1952ILnD6hD1pxvyHgiCKZzkST+3gPnPcPLM2Yk1aeJ449l6mrL3FU+YOhFE0zxJzMCNKveWQXFVHrR4d4OobRl1Rr+CXbYz8JrjcfgyRwwcbunz4aZu8LjpjL+eGbOh8iwoWhkAbWpuRDe+kYpUOg3lmIO7uiiEPw7gq1/XcOFeFxy/ehE4qDvQQOEmvNORAHfnPWdrc3M47r4KzApWktDdBhr9eSWILjUCl/CNNLosmuoyWiAtQhLo6WRIEMjCk9PM6fPR6fzobzBXOymyRuN7LosayS+UBmmq8iEM2mgAeG8nr4uII5HMTtjxIgG2HSjEdbqF/Nw6madcFOT7G9/A6iptiPjzmiPOjqAF65dTlXwTBy4tptTjHVRqeIkHzgaxwwk1uHtfEK7ffcaWv/6j3IFFPClRAAd1gVZMCIA46Yt4bP0wjyEtSA+eCuWVw/x3ZwR+MTSBHm9PTqxJZ7ltG9mqyYmjk8Pobb4JTujXAdFpUZAlMAF9lknTuR1rqUN4Nf6tLsJxXQ2Uc7wSdS2fsrCAFFQqK1HElgrUtsrjOZJp/Hgh4zzvdnqfPhJvOl6GKHMVODQwHt5figTxWYX478lUrgozYt1sdb79PZF/vDzBvfWz6L6zA/ub6cH2eVfxltNYCF7cxmurSmllgSU/zpiHj50C4Le5DRn9MYHvuxTA/0EutI8qQiXhd7zT4ABIl88GxQhhCPTZTXfX/cTQizMxqVMOZKq/89c5GnAttZXiKzIgcK4e/l14EzfMS+EXvy7CcbF4Cn01DVYOL4d1LY/Yd7EN2hT38AJFA0BPOy4XOES/9+2E12klvHjvJDgeMh3mpnhDR0E9mG+MgxvhmfRCQRHMll4i4daVGNu0jYUui8Bdn+kQ+8QP2we/0nSfKD6SbMv7DRO5Iy+Ax2VNxVUnN0HGQSmIqS3ksvM+eKw5ka/O9QMBjT+g/GIJt66cReZhx/lq2n68dUIX2hNmg5xCARQ22/Oe8iau2FEOVte2gPYtCzgwywGMxUrBS0oV3JX8qXu2ODkEfwPhOT3cJK6GN1Xi8IbdKJq+ZR5WX77Bj3qsYa5bGY+Z54/fTlXQgFE/Fv4QAo1xjJduvWaNA15w2LsMznmbwaIxO/H10QIe2FqJDy7uxN5PV+DnrIvQPPYTKqdG84Gc+fD7kyAUuerw43VXUcV3E/c37MVjs4fxSek38Fk8H29emMHiLncpq3wsmGlvhu2r5OjozXIIUKtAfc8EipqrDDLzheGrzU7QElYAt+OKICaix6dWXIS11jlwbNl2GKO8DhTm2mCB3m9YZtbMG+ykYOupqfDQ9CItiN7KWePOY4G1AnwdbwI9MSm8WXsKRt95DCsuloNIkglMfCgDqx8a8wbBeux27OOBgE1EIyswzKOHa4smc9t6H1q1xxLmCryArCUzaP0MJ7Z48oKKjG1I/E8SyH7XoUSpEijrCeIv2ZNheUsXpRd+A/fUcvCUEKCAaHnQsZgCRg9HQ9znzfzC2AKfvhgPx05uoRtnZFDtpyz5ZYfxGN1JCLI+aPsuCA+6uGPGxhdc7i8N9vEFoPXvMTv6N7F6QyNJXd7Lqm77+ZDvTDi26R1udFGAV6elIDB/IRwVmEh2XfIUWAKIOtPIcvA0vRM9QA1hujwqYxF+VpGCcVuKqTROCtT79qNl0n2Q77PBYkV1qm0rx7FhhSSZtRHbGmXgl2UZ7NN8z6PEk0F5QzKW3+2hyII0sP19ihw/D3FpxwM6ccYclH19cSeNxMOv1FlVQABsDW1pcug8GF4wTJP2GZDwxB205b0FRPz5QuW3A2jIRhbrFv2HNdN92WbOEfLvmkpWZxrp08I33BFrBO0mrnw1NIr+O6OLTdqX8dORJhilxej8dQZ92T+a4EgtRn2QhfpxL1BujhF+PZ6MH0pu8ccn69E6bYAvxUnByeyJeDf3IehfMYKZq3TIVHcG2ob+xi6Hs9h+1g66JBl3RN7jmvlbsDU6g6aBFszab85fNiXSbp9EdDVYCtJ/LHjXiUJa3N3NIn25YNJpzWPG6MIp93h62GvEDu1ybCD0hb/NcaNp1VdYY8dJGj+9DzRttMHjggRcuN5HYG3JlTNd6LfhMfqmYQq/tETRM6KCFmTUw1iDAS54NQnSlwnhcH833ZR1h31T3SH3jC3I1eaR33viIIFcMP37ka0/GILOgyjqDVXC3xpTsCUzApYvbmWzcTfp+I8JdCDCh/pONkDgnVEwJS6ddG0aMK0lCxJPFHGutS0fzzVm+wdRfFO2kTfIN2Fhsxr89C9ktdfy8GbXZHAYmUcvT0XzZqGtfPvgDLoeZQ/yvoO4R08VxjlephYjCW55sRTerRFl8L7GkvvP4caHefjupwDL9tVRSa8CaI1YA6ZGuVislEy6gvLwe9NROt25BKtm76PmkH4uvupCp2bqgl7yWtbT/cKb6BrlKS7Dh5UVpKFnjZ5hlvwp6jypdKTBtd/68HZImpr0DWn8by8efXoTbwtVo/In3rQxTI7v7VHHvBuecEJzHGzsTieXEbtAhZ3QrWM/8PFWtJl7j1pGfQOZMnc0KPmDVc+lYXiiJq/qMKN43yp4EfUGk3UywXdTNSzRHoG5CdtZcds8/u4mDdJRgpTYacINar+g/sZFTNK0A/G1Odg17y15L7vHi4LfUf5Veej684rTsly5zu45dJfIcHv7Vyp0O4uXP5Vh7osg2r6/gsWbp4JI4k22UZxL2jVd1DZXCb562HCv+WR0GZeD36MrWKzWmUJEFeHueF1If7AHUnVrkU82UpbjL4p93EhndkzAiXV9dF1jND25pwOjxj0DlMhDxcddpJG2lFTlnMhpmTZLTtwPkiGbISTclmrF1ECh1I82FOYDVtrzR+ksXLNPFffam8Gi/xbSdC9HnPUlEW/36MPlRYrYqxNNk/oPUNLppdhcMIY9h334OX9ktQYhDnd1ZdV0E+hol4GVW2Lwkckd8rplBGsVyujR1UCY6rcW9d6f4YDhTywiqQ19Pzzo5Ahvdl+gwAKkjFMyE9El4AwuCT9Cs3fawuWzNjTabDqslDeitJoyPhwfCfdnWEDpaR04cFma1Ob8YWllb16xSx+MzirAPr0ivLl/BV/RT4Xai5YwJrMaL6zfBXqvS/nJK1d+/nQVXjtlDINtr/DFtnAkJynqn/uTHLdrcMC54xQyZhbO2NCAtTtDWKpZDDqEvYn+tdChkF5a1WxAXTUq0Nq6Anq29rLpTFN6v9aJE28rQuqrOrJcBZh20JTnbd2JLsExbBClzc9HRtO1ab4Y67aPslP1YIVBON5Qb8OeiD2UJF+B6eGnkfZegAtBCmD4WxG3NeXQ5etmkOW2ikuv2UC+mi24FbrDyX/n+HNwFlzyzsP37+yw5WwAvD4hAhl+Z/ho51FylomAiMc9eLO+lXOd9GGxVC7Z1C+Hl3mH8ffGkXBy7icqUDDGd+47OVurG4x1zfBVTjgtdd1B04XO4cpvU+lPvAIcX76Pzq47DuPPpeLnc/74Ybse/l1aCNKvGvlghgDFrn6Auldl4OR9H8wMfUvRGEv9AeK05awozRcrpVnfQ7GKPLiy/gPZOY+CqphlMHH6Rej4LUBSKn186up8FitcwcObX4Bf2WUUmJ4DLsUIPkkG+L4+gEyTv4BIpBP/HPMPOrN6WfNHEE1zv4bf8g7AoTWTYMqBFbyiAsh43Qo+mJJLPJQPwuFBkOquzqrCa1i+9TkJHpWB4cm/4MMdZ5RZuRkeubZwxNxarAiZDx+nTWCBRZd4gbESrnGxgmP9R+Hx1Uzq6rKG+AfbYF6sD7iNvQdBSd9on/lKnuq8F+JUhWG42RJsx4ji3u9N7DtoDAmFB3jcmw5YOq8Jt8AJXFHxH/f16sIFswc0ZYwKO2SuhhNLZoNz9Fu42OOGg3H3MDAjmix+7Of0VxPAs2kAnvw6iLvhM0PJInqRWAQXxr0myagutlr8iJKemUG6uBKMNu3jXPFPOFDI7GzlTI/z5VFitCKkaYawpE8de75shvQRY2BUTB76Vn7mA39judp3mLbtVGPdG8e5WrefdU/9owU/ZXhGqiCEuwKsk5wE5rlWOO1+JWm6S5D7dwGe26nDN+MLyPZXJr5eIwSWIy/ymr8itOUPsMvATFTfGsHLh0ZwPq7h2j2vOU/tFbmSOaRmfETL8VL8IHYTDFmOpYvbzdFmhClTxjEW6RVlJZkmeJkiDOVvL0FAZztqaobBQNJJWDblH9jnH+ClNq18wi4Lz04NoufdBnBa/ibvXeJM1a178ZDlMy6VigPBFd9RtdwQGusuUIj8S07apQY7NSNw6uAXWr13J6YW6IDhLkOaH/kWX6bcYIWfH2mzZz57iRtDctNqdF/jA03bf7F+bQz+1NDhWYKHSdBXhQ8ZqvLRPwM44aw5uEWowFCqKqjVSbL3Eheuj1+JVse8uN1DjUcFZrKKsgPUuKjAv5XKKFFZgqcsm6HUeBnNOe3MMa+vwG4TXVbJ3o2FGXtQwMkQ7PkOlv70xe7BVTBncicV31wHbu2/MDKhC/nJDOT7fVgxRwhaBRCO5guz/MSZrLomhKcbreVjUWfx+ogajG0biwsmxlPLAoa/ZvGwc3IzkM8ZGlqXSQmOknTnoBAce1bClFjDFSsb6Icqg6l8Gwh1t+KiSbXYrO9LMto3wBSe0ejLp8gpYgmEyj2lyhZhWJ3XTz7352PUWw1073yJWSqvKOBHGI49rsdJBn+5MLsX/7MwhCfThVFkigsER5tz2CpNtPI1QphwG4W6FmN/ymquG26BQkt9uLpuCYwK6kONja/46UlNKpKyAnVbO94f/JGnX+6CD0c3oug1BKONhVTUcR1zUJtnqD0jx/QyjBwfg7nFFjx+RwxGWkfR2H4zWFrTgVIeCjC+s5tGe+ziOUazIWBRAvo7nef404q0NL2GkqonwpPR5lgmIM+tQfVwou0K7G9dRdoTzeCZWh9+HNcBx/2/kb+jMkzr2o33xkymzQG2PNmjlGVf6lHw58ls36BHm9yLIaNuMU4N0IZYe08++SWBtjqEY7Lyb16a4wM7wseyavArnIqvUW/mQ9LaORI+S9uj0l9N1kgwBc2hXyy57wO9/DcdZ2IR9/k/opqhR3zkrCZcnWULyfnK9CfhFNx7cAYtT8TxhoY0hh/PWPSoNw5utwN3Q0NYlroUXPtOwvHD4dj4OAPnB9tAStI/dlayh93mtjTnhTy/3GkKimPdQLE4mg/1HIbk5adRzekFX1wgyoaJm6DUN5E2XLbE+SLyMGL8BbQ/L4CzB+TBdfEbHPWfFc7rGuJvPSlo0bydz1gNoH66HkwuWsRBl99R8wwx/hX2GHbsGAl+aR0wt1oer98LxTmPvsDi1RYQsW8JLRZcAMaNutSyfxnECG7B3J8L6WLLVBRW3QjRT8dDR8VouBkshAurbrNjnyH6vhehjhymwcnNeEn3PSwb8QmE8mWoIm86BL8+RqLp56DKthwlA3fD79KJmBfxEuSdPPCtzjVqsSjiVUPT4Ih7ORTIioLS2n52XWaHO8ZPhwqTPeiyjHHd4Xp4uGcPaHiYwadxFWhxLZGV8/ZD6N/L2HW3mGdeM+QJO0diwvAzdjysR7o3tOBhwT6+/novZh8Khyd2WXi/+BInX2njnMofnGF/HBd4pWDECnm4tPwnBgdGktb7idT8WAw/b5KniZXrsCTzDi45eYQOBVrhTntVWBE5npcktMD4pDs417CWlR6V85tIQx63Uoe99bwxbasW/7dfHbZ9t4bq81uonfaiSIo+LvGQgWsOWSBUbcYr2pyoo7mdFvSLwY64faQ5cQNVRo/E4qEPKO/RjOvGLIZOX3G++LmVSwwtKUthDPRcP0vXPFNQeZQRm27/wsM+E2FtUC42xd4BbY8YyPd8iFPGaoJa8wdM9RXnhgcXed6Uy6Sd8pAlZqvS0ZA1WLRYDNdeVsQHkmOh3XM5mZ+ZDd0pPRjp4k+BM7JIxMYN5tQ/5zllz3DnLylY7q4EqX4X+KtzFIDyF/DIPURJMi28OyoC3n5YhZtzPrOqRSadbZ8KRzPL2ebCONi7TQFinm6ErxuO8eOPi+BGwxr8Yp6JhVFtHPPHGI4MhqL3UBzYW8+mK4fMIC3MAu/d2MT2i//xrb/91LbKmRO05aHhjS0NTFyN/n2PyF5xNteqlODhfQ9wdONm/JdcxsKXpMBghxyM1emmc8/3wfVDDZRdkY2farXZwvITRjrL0W71RBS4PcQ/RyiB6xEtGhDwBPNREZyf0QLD9U0cr6kIratD6OSdWXhljzX56wvCf3wNEmNsSNX0Icot7WLb0kr8l9ILz89MJfUALbYvkUVVTWn4HqzA4/8kss+nGq4pXYgiLwZQKHA6L5xaRW8kJHCuSCRV+KpB35R0KOlWJON6a5rXaAKBhnFkPSkAFFvmwqUQOfBTdYKzwxZgGx0GQqO6yenAYUw5GIqGG1Vg1rNHdGPFN6xr9+BXn31pEGWgKtKJryfeAuutNTwtZyksE1kOMelqWJRxiE9EiXFheCI8V5WExLc/WepdHqSkXCHHkZW8XaefPs3I4xJZWYyfsRp+z6wHi0gVMLt+Ht9lHaf0v7K4XrIQbY910VDBYS7ZN4e0i4Z544U7XPVxLBglZxJ+P0udJ2swPXguzUs7R3DpD6GNDJroPqX885V0sEYJ7r9tw5dpVeSn/RaWzH9Lft/60T/qETf8EcbUJbshorGJndsVoCnpEDUWVFDRgAB5HV5IH+7ugNWgTi4qZ6lt1ASi4hYOnaQPMT0b8JpRMmhtUoa1dX78aLcYJBY7Ql7ACU6U10S/gye4+4I87HoTTpp7JTA/sp2i9nrxk0mOaOKwj6zfncPkr1akOGWY5W8YQPDuh7xV8hgsjkmkyutHILKpiWLG2KNpwxg4NA8h6qo2jna3BPCuZpEMQRTNkqYj4jp0/+paahysgJqzZ7k7ejSUPAmCGQECILXnDrnqnOTfTudQTGcXb7dZiBmP3VhK7BY+uidEPbfSoKlYDuZnKtGFCZNZtaEMbMfm8M4OQ3IKOoZ+hV/owJNh6ry1h5/7y4KHcyBIZN/k2N2bSPG9OWYfv4xqJ2bgtogi3vr3B0U/SCG2RshqGiaDdz0QHpZBB7+fQYXKClq3bTo9zXyDKaLRrHnCA9z2ScPifVIsvvkjLju3BdviE+FN/2oOvP4cNqWuwt5Z36CzbhL5Fo+GSVPOQ9boHyxw3gBtlQLAp9aFWgJKILV8PGY3H8eu66GoFqoJZa+9aLbaIXTK74UHNZL0tGk0umnY8MiZ13DNSVM+3rkKJp4BKHSfjZvuv6baHX9Z5ewJ/jviMdWWn4fK0nvUOc4VpI9tY61pQvAwJhd9uiTIy14Go2e9wfFx8qw0VotPFXtilLoYSNdthBMnR4PFlAus8vwKBniYUVXJaQjdDLT/giL/yFLE8B1j2MdtHiV1I/xQ+cCBk3MxNmIjbciWBOGe13imczHJHXhBS38Fkp3ef3z5lgi8vRiBlW92AqVKkEy1A3wdPZkF32mQ+pASGF4bwgdfo+h+jyA8vdDADna72G3UcZARHyCHD79QV0+AdYbTaLyTFxnHlvAbPW1oUAjG2BQX3O7oR8d8yqhweBAnT71HgU6h2Dp7N2Srz8MrUnIQl6gK+p2lJPb0JDx5+RavBJpw5O7HnHjxPE5Tvk+qHyTgtRGCpu0BPnb2IPzVG0cHKhbjIslY6MkYIKX1VjzphCB/cFVCw6UT4VbeVvqv+T6Pa31NqeVO9EbJi6vTX4CIcyEkUhrLuy9BlQhT8KpU5z2+0nQrfD9YZ3wEC6W/0Hy4Ar0H1KGFBUDH9z2uuKgGHRfcOClEDe4dqEJa400ah+pQYUsohkkaY+zM6WC9cCrNawO4ejkdEma1Q9pNb15u9xTTLKsg9/5HnLs7im8pBfCG5s9g7cQwqugCTUmy4xyhUNq/+zxczXjNA/P94G7MZRDvLMSPy5eyTdxEcNbcRrprUzD+hBU8MUV4Z4moP5SGu7SIe265oLDfFNS9Jgvat2eB05ORUDfKjDraLTDOeD8cyd5IwrIRMOLFUSqZmUEygVpwdkcXb8t+SGXXHsOiQAd+mXiCMq078dzvUgyo3Ad6p8ToyNORIN07BNikB3Z73uMV7x+wy+cxFiQuxrCNgbQsNwj2QjGOMhSHn72qvOGBHurcjOBYr9UwH334YOBZmJqqzjKDRrxv8BKMHTsKRgsvhr494tCV1Ae91btx1fJYXrB5JeeKdqGXZhA+SY/DvgYJqHsbxI0nLXHGxiFwKFsNT08bw58tYiS7qx0k9jzEVKVzMFJNFJQ013HB1gyI2boIf317C3jqHIsNvsU9n/UwY8Qgb9glAIv7ETw6J4G/wng+ungLv5i5g1Mej8IBiUJ+ojgDydiFoie+gTcPRGH6yp28w+ER7OqTxfGBERyzfQ/A73Bcv/U8npbt4kPnhlmsUwOmxHmiQsxZPlBvQzp7d0PxXF3Wb2T2RwdKNQrlvHlOlDjeDAxOp8PL1bfJ9twEaOoJYDSwQzelY3h49x+APwJ8OHmAz1uLQ4XXbvziI89P718E5b4pdEZ7AF+lqtK+p32o0nYX9kca4295MYgpuMjmBTmw0P8cittKQXFdGNsOyPN/PUogd2UW9Z/bR+WWWuCwv4D+FR2Dg/8Tdx+KQChqAID/IUS2jEhmIZFKSYgSCZX2ktLSMRpklIpUlIyMqBBJFDKSJEkiDamMqJA0UTSQUrmPcZ/km/gT2h6p4e3MT7xo2zLcXryGhEosgP4dBu9DSqAUsp+nueykZfNd+PS7/Zz7bRZlirzlV4maYHIvnG42iODKXm34UuzPyo7z6XjqRaw+lwKbDC6RmuF9tFvsS3VVZbz52wCX35oGMZ+qae7LATpVl8ozzw/ylYM9fOXISY5qPgamDY6gdykUrG4Lgcq2DNTEXJaNWMmpU67T+dCfQOkvcJqNBex4fgE6XX1gSa4xHDHvBIddV8j8+B0e3dqPWkdmw9v9haQZFo03E+pplO98lPGWA11vU1wlWUajFdeQv7M1dV1aBId71chifx2PTHyMycpBPDpmFvzQKqPYo3OxoU0Bwv++otm5BH9PuvPMBB8QazCGHo+vkGwnAy2j19Iyy0Mw16MT3s5bAkdRBpKjxGF8zh3YFR9AMUN7eOsZAjlrJbY0z2Fz6+cwGadQYHAlJdx/zx2T3Uhpuh4c1z7Astcng5RIDDRqavGe99KgffsaXQxewxsd4uF3TjiOm5OGNR7eME1JDOYOP6Ak5RR+aTPIWy7+ornmtlhyZyeC+wx4Ex8AJyz/I3chVXgwQpBKkl/Bbb7EOn7z+YawHLp8GmT/jC/QVvuSpk06TOuldeBBUh0EbPxOzjufAbauIImsHn7x0Zv7LhGJfvYmny+p5J0kC9HZcfhkTzAPJrymZW23ubovH+smbceOad00YaooVEnN556eCSB5yhNGVX0ET3V3TMlxguP1uVA99yI26b/Ay1HZfPzWRgqKk4be7GoQezgSPUe0UILrA9SqlwMv99O4V34DFvgsoIzJKeAaMhGyxv3gBZu2sOv1bp6aPA41M02op/M6Ppi7gH8UVFO39DdM95ADdbkZNCLSmQ9memKhwVN2t3lBiRLF6NZqgHbZ9jxlbixfTJ8CnlLReDvegF2SH9LUCSb0zK4cHweWwJ93jTQy+TB9ELWGklXC8ONWOHVe9eO/QeEca1GBdqd+o0psFAZOS4b82At4cVcrjX08FTb8GsKzn09i5X+yUNn3HOSDruGoyttwb7ERbAk4gQLmGuT8WR5krt6i/1ILsPB0OLgpC9Gw8HiUftKJlz2d2MJSns9e1uJGdUUYLvcHoRNCYKIgSGtEgliyz4lvLHDlX71auLFWkG+43aBYYzUocImh66cq8O3y/aj+1ZLX3YunVQN76azwRxyHv6F92hAbjhGECBlbwFsroPC1L9scmwtuE7/QhVPTIP/uBEh/4opbZ7wGg1IBsJk4Hq2ybWD8fU0edy6LX426Rx2/YsFYfx541s4GfG1FI+oNwCryAO5qyWexh4cxdpcDhJ8zJvPbeSQq+RHsoAfFprlBtzUCXPoHbetTYa3vDrgR4YatL5ewzCDwplIdWvPoOS+pn4Z7OzUge8QOjA44RQtnI4lGjKZh8TWwOnk/5t6dTHcmFtPiUa3QmiwM2r71JHwqCZuvTkD/nxuhxPEEq1AUTyzvoMudE/lbpzvNsZKFpqgH9NKQWSq6G2avOwXJ2+aAg7c4dXbX4s2tFtAa5oCV+lPh2vi7ZDoQDoYGVqTo9ZkXjtbEpgVfaGPHZ5y7T5uXqJVR8FNRSDd6gr+3ToSi9UdR6ocprBdOQbVr+Vyb7wZGUdZQ+VqW9rkKQNqKfkpIKiKX251kRFUc5pvAY6OOUMGXR7Aueyt/krxEJbmK8P6vEn+/F43C6wop9ONoHFf0FM8s286zpTqh8U4dfR7diDeqRWD8zX/8YPwsHlHcxbUx13HJpf0woCbPvlHF1K5RzcJPxWmv71jQbK6m0EQZHONYCkIXU2HAspeOwgZaOfMXHpqyDJ/ZvMSxhoKQOboMHQS2k39kP+bHhaBnNPLf/CiMDa5FvyEBSpyYzdJVCrDbt4xMZ/tz6egFpPx3H+X258PvY05wT7gLRI8VcWSzPd2ZChAkeBfdA3/Dh9eIZgEBWFl3HN6VR+NxxfnktsMZrcy20aMXBJbTXWjClL/Qxr20bE8XLtfwotPqpqj/pgelDofQ9eYCSlMaAzJi31lGMRJedU7A6nNPUNhjJE0O3sxfx6TyvD8/oHiNPW9+OwpKJONh42MFiPSy508rt4JeRC/x3DJYLWPIk2/r8M9xS7B6tTmU7LVFU8k+fup/kE3ubIJpeY64pqCKTX6P4PxXgwA64+lguDD8SDmMqbXHMDm+k75tdOVvYsn4UUmDn7Wl8OiZu3FuTT/N9jKE8q0JGHCtD4oseqlyYxDj0VMwtnszCR5yxhWBx+nZUD/82WUCJcod1LIzkDuUllHx1XQ4olEJrwM6sHH8ECg574Y2ydV4I1EdGhKM+YtBKTTFx4O+ojRL/VXn8x51eE+zgsRUy0DCyonnXNKB9MMzwWP8Orq92xaLld+Q8NEdFFXtjdpWFfT0/XrQcDXDorQZMKE+B5RvGZNg6x3YEL0Qzjw1wwEzS+ryGMVqX29CWfQ6mF+mAjK147jhgTQtdStjsfbP7DdswhlputjoZEjLrg5z0oNokP0iAVnPanhjvDyOtVlJ+anybHtbG9bmHYMr/1Zhu/4I3lPxGs8GjYdVSQvpzIp8OGrRA/P238OmyCkgI72NVx+6CquNJJDO+3DXdGVwOC7H0mcr6fD0lXC7S5GX+HbSsckM6es7qan+I1cr+tLIAkXYfaSeLtcIgYjaBipxX43vs31QPAT4vyXBHH/XCo8eXw63bUXhfqwq6JzthycfD8OYa3JwJjuWJycOY5vUU3Y9Ug3iN9MpyMoEFuj106/1R+jI2EbYffMz10cM05iVNhC004rWtH/CDu9A8MofCd9/hqP5p/PYof6QC4Y8eOHmJ9wXJk9hiS6Q/vcAFK+8Dy+81WHy9ucYn5wOBq3PMD1sPAyFXqKacoAXb8vpVXcnqJraICn/3/hfmDkgDHfUFqNXnQ0XpRnSPpEi+jJ2BDoda4PxsfXcpe9BF3rkoXxgNikajmLvntess60TS4p28kYtSV4du4tyrNVoUs0dfnpdBuzfWeP6kht0+tdN/lw3zIXvVtEzj898eVcz/gh4ygn9/8HdzSJgWVEF1d/Wsm5NKO4uncjdo36Azi4jHij5hs1tNejZYg5T586A42ES6KGXTmc5jkW9x1CZcg7JfPzEyYYLSGLfL95bswJHqOjC1qnF+DbpHKsXnoLLz5bT2Rk3aNaFrTjLWp8t/O7w6QJ1ljeVAz+3y1j8YRecNZKjjGxBij87kxUGr1Pujof8blUg7/9RCdHjJsBzpWbeN0x4M9Mc10l1wbq5KlxyNp1fq+wHrZsRNGasNFk+VoWFp3Jhs9hWnpv5DbaV+bC0oCHrnLbF6luZ2KJzCzsX6JHnoBi46NRAlttbiN9aQ40NzfQmQJhDakfhPVtg0w/v4F3cQhiUmABRIuak2VTKlb+d6WzXEdCafZ26d7+nSrcvfLBrCKRHRkDGNUnwdV1IPctG0cVyWZS7KY/Cdtrw7kEvS1yThJ1P9DDrVTq5NYuDzPhntPNRAbyxegm10sS9L6xZ/dUw5Y5+hJ1ZcpAQupRBfxY4Tm6hel933iUSAmE8hzCyDt1f52HqB1XK1LAFwbY80D4jAKHT33PD3XU43vglHLe2xhKjKTTRopJ0l7xH3epdrFFxHUUSxOHDI0S7s720vnATT3gxyEqVBSx37St8klSCKT0j6WKsIO4fPQIe/zTAc3kiYJ6ghBWLXlGaRDJ+SCiFhtty9PnVNv7euZtOBIjD84PbyU3Kgr4tfoP+vkVsccgYp73+Syd6x6POqGNclqiIWxInQ5jbfhZ7q8Hrd28k218OUPXnG/6Z9JG7OkQ5riSd5885DNa9UtC615U839tR789RePPtFuq0isDlp1L5q9gzzDa7jw9LssjRQRD09sqAddU0/HVqErXr34aROQtYYWEeXDk6iE9/rcf2sU70U0UE9Gr+QebcUxj10IVmRFSTxOo2+DbyPAZZhvJDn4nwuGgppU5WhdpRo9jncwMqzX0FnHMbynNsMdmth56cqoPv5nfItS2Plu83BquaTl417jwXdASBcW8q6D8YANEQBVrYo0R00o/Djl3HLXZKYPb7PoYqR+PA5VJy2CnBY/5Lh+gFvhj6JAljBST564QzXNY0CuTRAruXePD3rxsoJX0D5MU5sP373bTf9iLtkN3KfgkjAV9LgdXybPASMUSXNcv4x3lfiv8widNiLmPuGie6FTIVfFJlSMFYCY5u2oReyaMhO82HNobmU5W9PpPESzD1ngJ0swBOfPEDSwF1aGh7TzsfPMbGjHaqVs7gaWlnacvmtdxY3My/h6VZZKcZ/NorDfoL3+NNnbekolfP2nPm0upbU/jEyLlku3kWCOgo07k/1mzsrQraa9fijHAdFjWTAOeBTs5PF0dP4fc8eHU+hrT5g8DpsWAxdxZ4u6qA7mhVNhvVDBEV14E/G/GNkUY8afJiLP8yCo6LV1LyRBn4b0c7tOqcxIMH89FLJwjDLWL454YzUJr3gNf/eEK3nuhR4Fd1sI29RrUN8mDzSBCDF73B7BMKYL2jkEtLb8KWF8XsUx3KNUXKYLv+ED058Zx/KvmTuLkLbpjQzd3jSmi57n5wz2R8nZcGTwUIzm04zqtO78JayengK3YdLrrN46qHGVR+/zm8WC9DHZk6mK5tAv/hSlR1MSXjemc0DhDF3H3RsHNPP79PT2CVgAaa9dYADowfAQ+dffnlTSle5aICB2e1Yc3vdfyvMoFznq4ko7oZ6N+SgpM0xsDO1kmQNLgIW79kkNy+RThc6wnthjdAwjkRQmOHcYnSS2gIVgMXE1tObk8ghezxnHWygQoP+mD57K90PvsjDX+2oz7F6xQwfSSstmC4VHQXKpaosVOrHPofuAAGbbuhL0sHJ21IgKqmD+Q9XQDENDTxVed2/jO1GL36xpHzMnOuSAyhZQ0m4FjxkKImjsIp+iYgNYqgTvMXy7vmsthIEZ6W0QINbW544MVDUnXfzG09dhx2agw0xkZBwMkERuW9NEvuC6RJ7SLZy9spq7EbdvN7agQjiDqnA6hwBmaeHuSFzRI4YeV3Ppx8iktC/PnIn0h8GVXNCZvn0tp5E2DngyBOxhrccV+LJ8hMIdM8P17tZsPrbuSw3oUBXP7mNe6bPwHyRmaivs1ECJivRiHXnsFpLR/4z+A5jp+3jcXmP8JJrXnISVOg9/I29D38FkMXf6U3Sa4YUnKAbxpl05aLQSjyzIJHbX1I68oJzFqtcYvjdTy+axuPnWDE8f1jqD/Gn5aMuoHBrad55nhRFPQ3hNT6JxztZ8FzqsTxxR55EDWuR2U3N3CcnwpTaCYvuBUBiz5Kw+djTXApygODbz3j5rR/FCRpQO1yieC8cwLfbw/FwIKz+OvBKLB/eZoqWo/i+CRHiGhZxns7RrCJixLKLAuGsiYL3H4gEauCdMGwaj0veLicE1yCwTQzEArHbAOlh79JtD6SyiOseFe1Eue2yYHI0UjKz+kjweej8VheEjk3H8fQtdYQduYqhaUp8o/PR/B8uSwYzLHAY4dswNPXiIpXhtB/UxxwUfhByht5ixyezeTVGmnk8tQQVkhVwVhPfYKKd5h/fBs9a/+M2vqPsDflH4YOXOCRqqkkOFoHokcche6Fv3n+OiXe2bqUfcXscc9OSfRNNoXAhL8YJrwLVow0gcXHw1BycwdOnZ/L+XbWmDDxC1zw+8OF0hZQdCGXUx85Unq/CJicfw6J+56g2Pql+MkmFfMdDXGcVy3a5w3CGRMt6l33i1OSTGH1uCbsrZKkv66+/OtBHBpWR9NTjwm4yMOX7/0JgsnHPHnscWl4plgOOZe+EEiugUebYznry2J2sCmF4q7xoHtoL01V3YKXdyrBti9VLNfoQkYPq7h6oguEDJdB0IsWevKvBdd6SHPpAQXY+HEmGMXvRw/ddHYaNGAbjbPkfPIQCSuf4nnzFsD2/bKUNeM6hq5TAaO+Nhx+soDHpGwEM78TrCacTdJqO7CywY3m1fyG6o1NkL1dEOa/sAKM1qSIkjbev6+d1q2bigNHP5Du8xR6GncJG9S94CnPhiihHzhk8QNWnM2lqU2mtD5zACJr9agrMwQdVWo48+NNLlCeDk86MtH4w2L2OLsW0r/4cGp4Ng+8eUL++Tlw9msJrhON4a25+rCw+yjeV1Mlw5tmpGiTyVtuT4NFF8Q5X+oUn27rAcdjL0BstyJM+mKOP5aM4uRv8/GC5T++/fw0FyTuwR1lRTT2UjzEqkVTyrqpMKH7LT7VuMXjmv/C++VRkDB9GpTMkEH12ZZom6oHvt+z+cZWSXiXV4hdT1w5dcQy7t2RxAuNT4O8Why5XF1PjverMTJLgaz+GYHp/WmwKu8lXV0DtPjkDN5o7gj7JjbjCI0yCtSPQPHNoTh/uTw8rn+OodqPYLTESyrOEqe4lk84481WHJI34pSnNaQ36zqvz1GEb5eqeIOKO/MWQUz3iAOfD4kg2DcRBvvv4u3GfPixLxl6nMbDINth2+kE8L+4gD7+OI1awse4ao4eHplzHg8Z3waNFciB15UhRXYvTtrVh1Fxk2jb+ANsPWmYFpkawyXd/eA0sQDS1mdAU4EiaHjYgVn2EE5RsMXGT2eg7gHR1CBvqpqajqlTNDG0OoD1r4yCgksX8PXsIHqZu5OLSnVZV2o6yV95BynKc3BOYC7F2C3FT0OTwUHPlGj2Bz456xxe/r4D9/6WoFDLAVgTvQgt5fxpZVEGC86YCdVCbrznhzP3v9VA76LZ4Ft6CxIe2mN3jzGV6q7AS5fE2VFBG26ueIu2sWP4llUaLow9xGt7rFF2VSfG3hnDCZbPOMQzCG4oM7TfmM1WVvpYOHIJ9i725B8eB2nHkCX09vyB11NkOXNtOQlZmoK9bAFL/prHb9PaqbRjN0Ws6sLA6V8gWN0f3EqlwHH6GV7wZzToOrfz3vRDXG2fyFGfg6jjXDVkTyngVXr5kNcrjFsf7qSDGsKgbBKFGlueoUzNajTYmk8tbRrwXWAKCQ1OhaJ/TRC3YxmX3teEmNABMNX5hWtEwuCAtA1XGs5jFeUwODR+FVwUyESlnxV4LU8MauXM8YlRDS1drYU6hnJ0o8WZ/V+s5/6RWrQsZx5eYCtMu6YC8VoKmJXkzEsG1NBLMpAdHW/wncpHZNYcDoq9NbC/VIkqjKfAmCtP4UKaIg8tDqQScVUOlBFjkywFqGxbiiZyUlSh852a1OWh94INqahMhA7VOpqj+ZyCdgfjnrkO2L3akbUbX+Dihqk8a4I6NJ714btPpvL2HnPU/N0DfutOEQnUc47SSbi06jHEHS6igBH6sN1REFNPfKW4pX1cY2kI//oicGnkZ1j//TFY6T9jf7OF0LAeILp1Bfb4vwVadJ5+582AllsK8PajL/aImuDCGw70fXMNjsuRhfUdoyDtUy/l7JuK279rsY/LIShNEqLTbQ/B7rkHfe7ehvoaIuD3yQvbV3dw+6+NIGxfQX2KK+nRxXnoG/cNTvWchcC3czG7SwqS6yJJtV0Q5IokWUtmH04JLaP3Df3Y2OHFF/gh5DQtZDerKSCqK40NEot4faASxW/5j86sXUl25zXZ8tUh7FbVgeUrVlDan7FwsrkQX+1tY32vV5BaHgqGJmLQq/0RM+TvUubpEkgtLcFHfybC+Zi1pPFWiHNHLOck21Z8klGLn8rfcICRH1m72NPxogss+lgcjCK9Eayuwjs7A9IYAurTtOV252yYXnmVUoMTwWzkdc7okoJdWv4QcdcCh9JEaHSLEh7eJk8+yyQp+lwjdYbOoHqFvdxzUgVWJGWDgLAEBf0NhsqvFby74Dyuds3nk67RYLYpGE/YNGKS/wiINJehnftP8mftZfT160/wceynewF34HrZEOnHfaXttRo067MBDInFwmz7StpycRudjrjOue52GGPWBZ/dnnCJczNcfpdK26eMgCalyyAQactfF22n4HIzHJu5gCMW+rDnfzdYrlEcF1cdpXHfx0L8xTlU92wOm+/XYbeORDiwzQMaB7zg96g88Pt3gN3/SEFLxjjQtv0P2379hSf2ptgjaYVFq4RgV9lpvhjZxA6il3i+axmJWalDbtgQ6OzvxLpieRB9MwoS132gxOEgnO+7ENpOv+ZJGd94n7QshE18yY1fj0HtlxdwJGEe7ppcz032iWyjqwMavyThcfB+HDlyGuxY3IfNqSrUGTuFq0K0cXbofCzPr4O3IS4g5XaSJl3djtIKACdyN0F2di4vEl/MO0/1QJOnIm5b/BSPvzmLgjcb4L8H/nDkkjYYPcwCu69/WUh/I52Js6Yqvx7oiPahrKe1PGd4OssfLIKrWapQ/0gIfz8QpuHih5DWvBw7tU5Bf1o+HHjdT9dyyjCoYy42PZ8OsdlbeZ2mFiakvsTygkuUMvUltD/7TENNVnxuqgBsU1BkjfPicDRPG7t2RYNTiAreagvCjIda9DWtH/O/h3L9/U2cp96CLbGzQVUmlFVPDsAB3zg4qb6dUwpMwWT2StKMf0pLK/9BrWgw3UqVhyq5COx/Xk2Ocqp8+2gBe744DFNiS7Bj0xVcOluJhw7b4bKHgvAu7hvz4lOkWezIoYnHcN6NXPYPDeOmuu24uaWXRTb4Yc1kWXA4oowqY2eDSMYTiJRxxYlBR8C5fxOUnY6CVdnzWHd3JB0xUYO7tS85x7QJ1y6sQ6laAVD6tJNuVZ3AfxuT8dXiYvwSn4jnRo2GD8Ud5FyoCy2p8zHCK4tguQQPOv8HXdce4MncV5g50QTZwwAqQq5w1MU94KH0GOSiH3OwXC6MWSOFlY9ieMuWEriqv5NMzmnC2LIftG/GBtAobkHzNxvJVPgRHtn8DXRf5TGNPIceq0q55Ko+aNx5S573/XhLsDvc/fyY1cbO5KSTy9n//iUY0VfJFvlxNOu6CFx20cArzx6Bj0ITr6veDJ/kZNCuRJDLU4/B/FmyWBfzgS3rR8LFhdfIZlc4mj7rhHXiTILapWxgrsW9vqPxS/0Szv69hEf1CUPCmDKUtz7CcVttaY/wfLop5E/1682xXGgpWAxP5RND+SD3TxTmHPgPzQ1+wozH4/miuhYunH+bdkMjbvo9DV3W1lJwWyzuDTKEMDbAd8N2NLVQAsXifkBznhrXTXdhHS6jrNwPkFX0ge0e6IJm6nQ2t1MgnWNHsHH8Vjj3MJYu6b7k53WTYPfxSHwxOYc6u6dA+JSj8KFCkzK0yjij3x6nt97AQG1LCBLroS9zz0D9t1b+L00WTuw3wySHTLa80cT9rhL83T4Ivp+uxcCv/yC2MgyX6Q9ilL0ePJLrwmPDI2m3Zx0OtVqT0LEseH+8nRKOP+PTBxXx2JUi/Px5PDzcEUJizU08uSUDQsuuUMyJfpqS/J0qrOaSlfY1atwxkZr6BKFS8ysJnL2E63NquDyjGXbtuooaxuHw8IMtdGVW8qYtd6lwjywIHa3Gqm/B9F/mfVRqkmezKE20K7+OKQdkuKIglg6MnsnvB4VBpPUZ7va7TIV6rrSmPQE3b1Ykxck/of2FDaiay5Kjews+VheEyN9qHL5kPXZvXIzHB19RVd1DuCidxP6f74Dx0Ae487wOK/bJge/tcXhu5RlIS17Ktndbqd1gJU2qnUO7N4XT32oxFM9rhfMFAqD61wCSTffjj5tSaKmuya097ZR74QDOXWePty81wuKlQfhr70hY+kcUL3ZVYHy8KnUEOEDeljxIsJoO93wPcvdOaSiH8xR9ehJ090XBmyoryj04llvdv9CjpBWwxsCROutOUNCWF9D0ZiXFlSiC+t971FE9l4uTiVw/CaDf3UpYqLcBl1w1hulHRrHlJ23ctFIMLj+PYUm5UH5ScYW9k7TRO+ISZM87Blc8D0D41gMYzFNRVmIsxO96DQ+NYjAyeR43rk8Fx/JC1AppBv3Ut3ij5To62F+nrAlmYOchSavsmkDxUSOVnXyMOWevkcC3AladpkJz0YiqTCpAuE8InJrC6M0ERVzencq/Xq+g4rtCHBV6Cl/an8MNH3djVFYaTH2uBNbrdnBMWj9fNF4GmrevouxQHmx/1MrK/sw/ZWX4p/4RXvFUE2piM8js4D3UdnxPKmk6OCprAGx2HYKcIT84+f0OzdZzwtyb40E+fzUaNy9FMy0Nchk24OXiqvTgwiqOLC/C5c/WkadcJS+5og718xvw+nQDfjnqPCr4mYN6QQZa59jC8JUy3mfzmMeU/8XSREV4PG4Dqz3dS/vy7OHx4HNccG8tB5kGs4i+BQjffU4V7aZkd9UU8iMIPYfucsHkuyjfHkuhopHsk2xI27yfwhG3EJozIweFM1Vh78sizLlzFjQdvtLKhe84eJ8Uz4s0p/71rrh5MJLbAk1RY+w02OR2BwczHfC1rQp9GsqDvyaylJB0iwoXbYFF6od539UP+H6dArTKusMs8RPs5JsPmDWXU++6oFmYEAu+nc02MQ/p8o8e3DFCBOo1S1lYzwfCLxSDSUwcQ10aW8w4T7YdKynb9h0sGUrHtkOaELTIgyLvhXDuw91oL/sUp8epQM+0B7ix5C+o6OtCXMNZPjTCEN6pS2G4iDW/OfAAAgaFeMg2if6p1aKXeCcvjBODlMjdeCEd4KHdI7R9u52O/n0BH30VYbTSI/qc/AbiOlJowbhJVHagCC3+ykPjgXRa5wzckC1NO6u+Uujye2xlroHq+Quo/Mc+lOnT5xsSE6C5O40k1jTh+8FNvHanFG1Wu4wP5DxQ0lCencd+BxG1i6AUqw8Pbb1hVUg/i7cfJqdwA+6Nz6fMZbUcYZzEdoLWFHdYAfdKKUN54nsY+vmC1t4X5ZFytZAUdgVtTT5w0dmNHJ4iylfHABRII4Te6cDAbhF22O3L4X2JmLfFD1YOOdM5r0QYrnfCfHl7jl+PYO7UiQ8fdQGFibGkgSBv2fONb2oU4X8zltO299vpQIISmZMcjM7sgFkL78NgVTOaXl2EP5KTcZvUPD6j1sWBvzRxo08JzvlkCLLeMqBfpwSD/xaQ/H+hqHpwMtDnVZycFQJHLy7kJz+tWMbHDETTN2G49AnyWv+Hoyt/85+WJMC9vajl5MAtdTUo9LiFle8rw+WAbWD26wf43i7iTfpt+CvSGWMkvpKq+Eh46buARhy7y6sNRoP21V1cFRhNTmYKtDklmZa3S/JEtYk8SiGIxt4MBOWz+jyhXQn+9ImxU3oyvg0KRy+9ahpwj8KI2FJIeRNDExNWs/RqR7CaoAhBWs6wdaktWdzIojvz99K0dB0oczbAX/OV4F9WGS/b8IMFdypBbdpMknISgltSDTDrqQZlL6mGey6xJFXWx38aD9O9g34g8UsATGt/YNy8H1TDfXAqtZAfPfCDeYLz+V6wJSstmEcxH19gqa0q3KGtdPKyNxrLzseJd3bh3QEjmj3WDZxXPkDNCzFMd96zm/EU+LflFxYGxhMIp8HXm3P4iEUbVK+4xl7BF6nlwE6+57GK3IqkYG/2Bfg5x42WF3XAxVdH4X16P/6rn4WLd/uS9Ex7KN4+mjIPa4LsVj1qO/ARlMaMJB/hK7DSQheyNvrh7BUXSemgBLY1jCHlIhmI+NjJO96t41WqHrQ78D0tPLgI1FUU4YNSCiQUuGCXUzNOLZSCVt1amjzVBnqvHcfG5aWgkFKB7wbz+e7XFdwVNxqWuHrAWnFDaOp3IMHAe6gO5nxB1ItW2FnzlzMC2Hu/l+oe6lHv0+u0N1wGmtLm4p702SRy4DF8vOtHy3Z8pSUKeazUtBVeCuhBw1pBOPRWAwq3xYFowhsybi/GF1776ISNHXUqePKoy2r0QMidY3aEcJSAPCzyV+Np7i9IONeR9fKnUbKeOAsq66PnOXk02GvHW8vsOUhVDLaoSOK1+Nmw3n0+hoQdR/FPcVStXIu9e1aD8pw2DkqZjzF2SjBlsg78XbSAop4/g+/KPpQ3ZwVqvGikV+MuU8j5J3RGJ5jHamqA/cFLeK4miwUrHbHnugl0PdGDDRtsqLmlhXGBHNeqxcD5q4pQl6IGXzLbMOeRBgUKree7iYNgWv6Jn+5/z8IrEuFdYj4dHysMfi+3cfv1PtyeK0NSoRPALWovCUc4YOc0MYjWbcVCE00qWTADbE8+oaRF1nj80W+Ahuss7eVOAsve4W53E7jStwgwcBK87FeBI+t1eF/CU9DX98EalQASN/bA4ms1ePKFD5vPC4et8SkQ/HYkBE46jQHORaB6JAP/26IKZgrf6Z3DaRx8/5DeZGTRndZ6bvExB701aew4Igo/xX/FK7URoMUDcPHPMD6X0eWlWjPBYF8ZagmIQWyLL3+/8Aquphbg5NGpHCv8Dv7F60LLmz28sPEXVZzRghdLZ4Ll6jVoeNMbvq+pxGn2fWw7diMX/P6BnRvEMb9gAkVPSqSlSUqgn+oF7s4bwLNsKa/JXAIKBw2xp+IF97iMxbMS0fBrujrCH4YZ8ptprcA7rv/4AO9s/YkTLIqgdcZrejVuLpg/m8ldFvngf5Vg77U+cAsahYOhcWR9ThTT5l3BtVq5uKclgDLag/G7RQK7D40AtZW/4WOwAwwqmnLHdXVI7B4HMsW2dKkqgF1TDflHihbaXFOG3lv6FKC/gPtM1oDi0wpuD1Gl39dvcqVXCHrv2MeBbQ0wc95UyPMepn1yFWDocA2/3dyOviohvHnPZjg9ug6alZ3otL4L24wRBd63m9wP34WmS4uxeKE7H3+rwJfm6GLBgp34b/8FqOzeBONlJ8G5sEw6FzIWl007Skl/76Lsog7oqXwINfvdsSI6l+J+rcHXNxUganQEt07SoE2eYvBXRx1+ZoiQTsUvutk3n0KT3XnVikU8d0gIlFeX4UZUwiGZeEj6V4efzkaCupIXxB0pZuu+6ZRzSg5PHJ8AlhvukP9fD0qRUIK9d+twg24wrQq05VLhAFi2+xx5HmzhPRG6kKGYzhX+80DEr4jCu4ncHCqgJdodk8bbwfmT62DXzEKADfJwY91EMDiqQ5+1R0B6riNN110J+dO30PEPoowt2XR9qIhdhPTA29GJRP4M0h+5L+zZuwEitumyz8UBXrU3hU9OfkUZDz5j3HtJMMq25dDvgWQXKEjhu7PgWpUnybRFQqJTMpWqJpKv2BKqHQ8Qafwc1NxSuMDHir2lnpFw/l7o7lHh9tRS+FDvhb6WlvyxQRY6wr1AKcyfXxxawWZ/hnF0wBDeH/MKqoS0YM2sIbwRZkn7no0EAYlu+ra7BnfcL0XV4EGIqTzGGvdSyHVtJNbvqafUn4M4vYHgy+QGXvTOGFS29dCjbR8gpTgFfZ16sfn9EXqUYwHWouFI48Shf89REHqVAa2DgfBm/yl8uvYe5evroW+eJ9jbZcFBozmEyrMgseM1rhNvpju9Yayp0kEuWZl053oWta28jy4lyfS8WJVU1SVg3KoXeDJqIy86GMy3t4yhRSbb6UmmKOp2nuNe73F0IuQ2/NwvCNf0HuPSuoUwO+IiaYduB7lVrXzTNRtLt/+kT4t0ecyU/9h3McPfGXW0bPYblg87icO5E2m3Zzmu9DSEGD6HsXP7Sds+mWd2ENzuCqAbjaIc15AGj7sk+MdbaXL8rEXVhW18qGQObLEYyw83TYFbO/ZixMe5fGtZI74aWkmnp3vzuXX9fDC9B35fHgAFy8lw+4ohHKEf1O7ahsVZl2AtlsPavtnUeNUXbtz4TeV2ljhoQPAqcRa4CjWgjcc+ULljxPopc/FnYDE5K1fhOo0iDjF/x16xCtBraAQrXu/nnacnYPytdFg93xxqKk7i7OdTaFTvfEo6WYSdOSNxgr8uTM+ZTZ/Xf+MZntp0/Gwj/Gd6n2alRONvd03Y/cUeK+ycEJyM4FBfBzw+8ZTNwtXZ5UA1PnBMglNSBixgocLdMhfQJfwjHfWdBhi5nBd9T+P21gxycHDCXOWL/NNCkpNq8uhuag9YCkzCzdFTYEGMDIT7HKDZRZmw9eMiEOw+i5kVznR0cwwFPquCfWu6WKRSDBb5a2Oxyw6KH0rjw6fng5OFPmpUW/Aowzgs7x9BHwtD8VCXMSQPbYP9EwmyVBZCkpwRZ09eSpKh7RD75RtZ/VdEajpLYeYUaSC3To52XQwDlh9gA/+BKaqPcEyoLm9cFoL+NWvQe1ogznk1G26WZdC3T3UsviebfiyzxEPDYqA1LAAv5snh7lI36q9dyln7jWDbxkR8c8EKFq41Zi+fYChznAiC5T9Q1lwT/7kqwa0fUpj4QA8UcyRILduRqtwMKGCiOB3b6kKZo+v59vnJfPfZXZ7uMpp1HJRhkrY6pGxPQztfXRrY/BSrUm4zS3zGUG8FgnBV1A29C4t2joNx65ag2cUjdNo6EXdJtODHgw3gPUYEd12MgQtv9cHLsBeH500H1fY7lD9zLsjvuoW/1/Zy8xNXuGXXQmOen+bgoh80fF2fP02aCTcV90PQr/1U0nyYklNM2PjkG+x71UpadofxVsIGsF6hhR0PTSFOspXDWnLh4973qHeskOTCZjG+e85te1/SqsGX5LXmKTt7moLFu3yUST5LbjxIz//7wcILJ7GdexKMcGjja4VXsffaWqpdogybrktw2vEMlM8O48Tf97G3zIZkDbbAFbn1mGFsxYEfZkBF3Ui4GVpDs7eNRyXRbhJ4aQeRSZ1wlM3Be18STLyaS2oJc6hoqSJYr36POpIEWzu86Wa4Bt4yng+dNoin/opD1FA1PQJ11GoYB02OPny15wTp5AxhRP42mnFqP17PGYKAOdp04X4MW8/qh2dTCBTHP4YXI3fSL+Mq+jS+Hz8LLAbb9DrcO3UBwe6NOFUNKU9BGyR3Z1OVRxrI/87gZfl7wFH9BQ5e2YD5rwxo45pxdFsrigO9ZWCT5iKOHH+eS7xmss3dabTTqhqOqB3GxYtuwswNinQXvpNRwzTI+WzFg6/C+WzIEQ6jJPiy8hsO6NxF285Olt+USpdi59GEAHFQznTnvV6qpHV+ABvNA9jnfhIsj7TkCpUNdPyuI3fvL6T1KnLQUagK7870kdGeY5RgY8ptIxbTY7vnfO/teA4Q2kNv95eAioc8jNoZQrPKjFna3gyVDjlBjjnR8q6v/Anq+czMfjaZBmi83Awm3lSFoU5J0Nk2CQcTM1Dk20V0nGiJoe6GXOPmTa+mmMCYTwJwpkwPPx6eSSoznvJTq/UUFHUVnlvk8IiaJ7hR5DHp9vylI9bGILNoHEUPa5H3NR3cUdCJS+1esOD4J9gbX80SS7aCakwyy65UBUXZOxAiHISzRENQvnQF4P0HIJx/nDz6flJa40GW9DiCn46MAF3FNh4xfgYoqh6hJnuE6AxBWCM7iXYdzAO1qe85/JAYX4gTh27Pd9TospC0zQfBte8GneeXOOZsPtR4jOTLs5rommc6ua9Uh5UxI8DjtjA3NO2BgqTdWPvTFYwd2xFT5lCd0xm652zC5+4RfJfeR/NXNfGTx8UsfCSUlWSqcfkMV5g9eAa8RpyAQwqT4HC9DKwr3E3vz34g18xX9HHpZ6yT2MbzS0T5TPQT7Mx/gEf+m0F1bfJQl3yfnx7zJrM8YbioVoit6TtJYXsE/y5+wZdO6pL+6FZY/VwchNbHgJRCPW7NssCAZWfhNtXh0QmC3L9qI5c7FMHaAhVo9JcFv0dj0DD7HVrXWuM9nzbyGLgOe4yn4qJ5DXzUu5iW0h6oMtMAFdU66qhaTVf8ikHL1JsCjZbDiioJFHzkwC2diHazZEBwyQTQrP7AkgYES8ZG0Z8mX9AvuQVFE2fh11W+2K9QAU2f/pCJtRbY2kfjwJqp5LRCBDQElKkv0YkvaJqCyux9+FdfFxzuCbKHhCHs/fOMzjs/hmNq5XDh9QSOXvkQDqlHsn6+I288lkNz06Rorp0KfFSXhS7tmTR46wakJHbT1ZNeLL1KGHLiRuC/adJwq0QVYvQNYGZiAo3VqcYQsRoIrd5CBSlWpHD4FB9YtwINJv3ml1dX4FVlc0h5mQ9vl+6glPypdKtmK0e51cBVY1WAxHswA3zowj1rfGwiCIoHq0h2NeGZzUFYNvkCnZtfwR8OlOL4s4ZcYlcLb0UdQUhHGlbpDLGq5BEWXRtBtn+fgebvcyxv6gS5qyeATZ4J3+4Zxs15Y0HpgQA0hbZh9rVeSlUp5AOmbhTW3YtG773pWOlDEPkZRMKe0+EjPuPMMhVKeHQa4kVM4Mnqoxx/QBhMhrVQVVIEnQ9O5aM3lCA13YpLbCbRNMUPeIVqgF+tgfCNMyjsohrr/bgC93/ORs1jU0DmjAzMnjCa7xSkUrukE+8Qt0ejP/shTdSVfFXcaceiAtK5MB3qLbbgvkl7SeTIG4ic0YKb5R+SkOgszEzNxh1upSwSvgcnPxCEBYeVKKFchTc9Jh5Y3Q5ChicBD5rDhTB7GnnUFAMXngWhcSZQOe4UnnHt4TG6bvyotA0d80rxnYU7xrxZhLe7pGj+WnP8GjgeMnSPY/JSOVi6R4vsl2SyeUA5lPlchEqBB9C8bwQLSK2CnlujINfQHl8P7+CYr5p0it7i7xWb+d35DbyyLxQDTrbiRagnVZmxMPLYOxisKAXyEOd47RgUvtZPj/6+BC/ZH6zRuBwPxhzCOms1iJ6+hib6PqD2hWWw4nI8543oxuGIOTQ3/ALFzNJltWp5NlPXggiVtegnJEyOuTIgkzcKunc2ctPMCnJIYh512gbE1IawI1kFcjOf8+Dqg3DzkDsqFtpz0pVqqtSJ4oOVSqgsdoWbDznDZi9F+DSyGKfXCYO9hx7a/nrKrx7/5GOrCvHo7HpUM5uNyZZ7uGu5NvR9FaKNDcKYIfACTr7+R8k2JzlLeAsW6m5n8zF78Zq+MFQ3zwSDBxqQ9uoQdUctoSSJAOpvfI6mK9Pw7vk1ZHcnl7eJtdG8PknYNFaHNx7S4TiLJHDID0OtLQ5w48t/sE5gOYyxnMZW3la4VnQytN4LZk3tWzCYV4QiNwju5nwhu8e38MrgTI6dIs6XFs9AqZSRsL+onO5qN8HZc2IwWUsNry3dwoMOnihucAJPmvpBcw9jqpI+yLU1w9K129EkzJ0D14Wx9KgqXLKrEY0W3Aan5FD2HeNJ//1GuD9cSDNeuED0BC36rzmayw1N6GxhIJ+/Nx2bNLKgbKI+1XiowYOkNSCtZ8bBQ/V4cbcAD9q9BpVD9VAebooy32egsv890LltDhtfuXC3vTpd7KmhSbXbwXX/RD7Y4otB3+dgu0Yu1yd95eFADdioUgSvbpnQprAJWNokTpVVY8Hkwyh8oOeGjk9G8hgYyYqfhGCZ71i0k5GmG5EicOWsHJdJ13D+0iOwb8NbLmtLwI2vLTmsdwT0rL1Dv+850Zh/Q7j9z3k4Vt/PR1IaWOCnKkk+uQXJzaM4T1UffL73gndsJiRIVJBavy53Z+hw1W8xUg6vprqCbBK7K4YXThvBmVsqODNkP4s8P0EmSz9gmAfiO2zh+CeF2JvljGc3nQJd8ZngF2hNUSdS+HBSMb3SuUTbn1nyow3PYQr8wSNvFvDiEH0KsDOB6IHDXDgwheOurYNJcX68VKAdy+7dozYxeTyaFgGWrrvJuFwJtpXL8Kq5EZyZtwj7f34mi6Z8UjquScrXD3DwuElgJz2IM77qg1pDNDi8mcgp9owD/YY0KesyiE/rJov4Nfjk7WKWqBWigjpTWKz+CuLKnGnjiCSQvHOBr2qZsoJXF27zmAcjuwi03jZAzrAJqP/R50CzOq44W8+fu9fADI1lmO/rhIsTbPlK5UIWDEaQc5WDuiutoC/7nT3/aHH3HgUe8GtEh5P12F9SCBMyFoDfs2UQMm4q2Mp9hZdPAjBR7gePun2YVP/20yolSVpefB21PdX5gnQUPB03FYyCTsP3441wLNoMnP/IUMGxInb/1YPXnp2Eod/OuP3+a/C+YQqKlx+j0kN7OuWuQjfTV/HHNypQuD6F26JnwIPDCmhr+AQVj06HeZHjyfuXNU+p9+dVl5xgT/J8WNEcCA8MYljp2zH0sfrHj6TV4Y7gLETpmyiTbgFCyx7zqfmX0fvTDbjVcpsnbj1LoovVaLHqGCi3u4FgtwlG5trgtvuRmJE8DpdHV+Cjmn7wnWmInpUPYeHMMbDT7yvvOmrAHxx3gtDS03RDy4hqNUOgq7OdFK4O4FUpO0D1aTCotwMFLvhxhvtebqLF3PtsEUpH7eHP8pZUeLCXsuL+YoDObAjwL4aRy0PR7kAGlzotwTuazhh5x5FsFKbDZM1xIH/+MEqIK8C0P8HYlX+OpL3Xcc+TZMxU24tXdwvBFKdBuNL7hi4/MaZdfgyP07/irUN7Wct9Oa0dzMH9q16R+589sDU+Fh9HLoE66dv4VU0Ntt8QBHczIYyvEmX3qQdJQ2gt+7w1xLD3CI0Z3VhuPBI/FavBcr87OMVLlti5Dq2N+sjHrBg/1saDs7Qyrwn/ArmhW2FR4Ajwnb6bLmwKhniJLJxldI5GnCxh0aM6EOh5H97X/OZZF6t53wdTGJeeA3VbHGlyUQwHFvtw1x8n7sy7SloOk2h7yEWYqbiG1zwaBxPvqeMMxXA+9twD/02yhgkupSA/1xZLz62nD+JfOP8q49s8bbi06hFfb0yhsnf+MP9jF9Q87+ZD+mfwflQDdRba4+usFzjuzjTQVupnDbEEqLNQ5r8nrOjoBQ/8bBYLPXLlDFrigM+M6P4lOfB37+blAXoo37sW1tWbU5VhJwfsEMRag3B4o2AP0+bUkp+nFAR56/HsXE9wSMpgEStDvFeViioSIyAw+y77bXWC8WvnU6yBCpgvF8fqXkEwin4ATRGW9Lf1Lo8Ic+PZ+5uZJcfCwl0DrFppCtNn/GU/+Zvks/Y9/RAGUPw2H8MrzkBHsxuH6D6CA4FvIcB7Mvze1EBaS7/BEn8Pmlp3ANyiGzkr6AUrWCSTxz43vm2jgw4y2vCg7y54R8RTgcd6CoVJuLvtLw2YZHHRywG4oTeZjWgmPSoeC5ud96P2AT+YuJbBZpYRxkRUgOT1yVh75g9JtJ4AWroZo/Yag09nO4xXLYL7QQtxX4gHXM74xuVpn9FtpQRe+OAP59+c5yPmk8HugS40bFbAKMM98Nh7C9uMr8O0sfK8cHwfJY++D+sbrlLKH0PQMN7C2vUecHa4hhxchmCB5gwcHrueNqUpU0rPAI9xkqLDPAOWnuxmveYOcD7hypdy1oKG1zN2tNrCp55XsKujLqq8/Yu9hyaCw5YiNvklw+rfr3N/0hnwqdZn96uFdDA1FeQ+R8DmsbJk320IzwXPQ+KcIZgurg13XQvxSGQXp40NRomDiOstNoCEnASc/jsV5gi4wthzUXAlrAAOpB/ESx+O0MqbK2jrXlXqSLGlFSq1WOsuBA4q/hDyuYzebdQBcW9Jnmf3nKclluD2NU/woOwZTIiywrTcaXAYvcFAJAX8OzJQp2czmnk1U9K0XRwyeQIXe8jh0Xv6+IO1wazLiO66Ac69VUkRTQtRo8mFPl16T8NbRnPG0en0XVIEsi0RfrmIQuad39ifztz4SgKfX8sg37kfoGNVGO01D+GjGUuoaqMwzIxOhi/nB3CM3mFOCj5PR509QW3YGrxS7rDUpvGQZHcADq5SAYE1/9GSi62srvmQrqfModKpsag++gAYFn3n1AMrSH7cTXp82xwaxbq46I8NeW1/T5fURsFX+zFcqudEVZPMaCVlwpyHGmwhoQjrE3+QdGQ3LlD+Bd0vQ7Fq3UJUCI7hdnsFfLO/kgvK7FF/jjo8DlvF3j930vLKAXSIcqNH0v0w+ool3Ojo5yF/P57f1AJL/xrAfxEe3BU8lVM3SsOhshdwdLiQGpLq4cDFwxwfuoD/+x8B8AEQAgIFAPSPIm0tRaVBaElCSkNLyKpoiDRIKaVkpZOkrEKUKEqSUUJWyW4QSTTQkmiLRAPRPSMtaJ6lDov1o1CnPIlKjm1gidRvmNPymI5mLsGwd2lwZP4fTNl/HmI2iUHT3mWQGrua3iWpUp7fH4zcNgZzpgtD4bQgXvlpAtVcUkK9NhmQtw6jPvF2Mlnxi47neZKysjoPSU7nvJtVbL6shn0eP8ftUcaguP05b7xQjjN/i/Gh1xEopWMBlllRsI3c0ckjhQ3+nCThpSPh5J0B9Ip7zfvrdDHl1mEQi/Njd4taVigzIodfNrxGVZCu6I6BFyLWdNndn0zUgthUQY8/ui8lra+LWfdaH8HIySzrJAAFmXJgvgh4S1AziWi/4wrR7/g27xQrSn1mHbOHePrxOCosyODOKWNg1z5ptIydTMG+dvCgQxUH5LfT4uaz+NVxET8rfgmXxivwgYsA9y/9ofPXX8AIyZEsPz+MLRLUYaxaAYlE23OVWyZvdxjEcxtEQFx0iFMbJLhJ9yYfDprGUxeO5bmCNXDx8T1yyb/JA3vjYX2pALxTkwLZqBc0aLGLH5r5oPrIH+gUp8FXV2nAP6kS2my2FR5nSYDm6bf4/pUi7dx0Bz4ui6bKhLNAC4+Tdn8AhF+XomnD6qwoDFA3OoXVLtiCoFsamu6Zhd3Ve+CRzmZMufWRlbo04eTkUxBxQwg65lTS8z2b2EfuJxm86uClNmEkt2k1qywJpPqKNWxyby8u6hgPdZcjSUVzKkh/Rzy9rwTM33+jr0oH6H1TJAz2v4AHUTVw+rshbPd1wQ3ukVS2Ell2iS++FNpDqzaEg98aVShatJZ7NYTw3CFhGAWWPDfNhdf/qQN/awtO/nOU726dQSOXjed+bwvIsvDmvhUEz8Q74bLqfdyxewn13PzIO/PXc3vAfvrT8wPmmESzQLIfqMmaQcLIN7i0azMEzyqD8KsFcKCK6dn97zAtEFD9P33++u02yncKwVzcAWFTNvNxz28wvf8GzPX4CBfOTgahtnxI9lhEU7u0ybddBIwC+tFbPJg2rhSn1IcHWdJvM25oViftO050bG8giYrag8FUabA0s+QRegVsTy+5YKiN2oJ34HKBnXhUaSnXbnSCg1vnkr2LChg/tMXwiE10j1Zj6L/XlDdhB8rteoJr9JyYpiiD+PypWH9gNkzN3QWPM2/x6RBjCnC0oFFtWewslwMm0XbgsnI+bPkizjdyRkCPxmu6GHoapM5lgMIRY0o9/Ie1FTpYoXY5TksKgjMHnvAb95lQVbgWTm2zgOcP7WDuvDrgqA2QYSsEazdMoHcPCqAr3gX+my0H02ZIQVZpFHlNasATf+7x4b+72bZYnAIjnrJZFtDcezYQVq0APqvcaUtjJgXICOPmKH/ccVGYdP+VoM7LWjhQpAafbZ3JXXwOjIDPPOAxDW1z7al71nIUWruZQxxE8d6bXOw3HQVpfX1wdaUs3A8x4AQdbXKf0cNl5otRt16Z5bIjUbb6Di3clIjr5xXz1qUicHkZ88j0a/jMYCqa25RwTO0xfDD/EOrW+cCUi51U/WyQPMzVIeDvZbz0+i9+eRAJ75MsqO5BJyX6fAVJqz5KaajklfLlVNapC2NFiZWn5PLGQS2Ut/LnhZ8/0Lk+dVJyFCX5ZdmU3fWTbswZBVNTw1C3spBadM0gfq0Qreu4AEbn95CvoBWqrOoDsS5JzpinAMlX82GT0X8QXPgLpv1ZxmF/mmHVkRTIeHkRs47fwKS+AzgyYyREH1gNEkuVSebyDo4OOg9tc7ywVi2f/76YTFNXTKJCvY1Y8QPh6qpTYPzfORS91QrvHHJwgoEdVhnok9RcV3JYCxBy8Swd/mAMPYJ76VnqRubB+WTVXYyK5VX8ZFky+P/9DZly12HS1tPoelMO/B4Gw8UsVcrWNyev/25D0ehIkv15E6JX+kLK/mxWwiqeET4Z9mpE09A/OW6a4g7zLAne1G0D10Q3ujJrIShOqiFvRxWI+agLpV8F4e/bEO68U8E+As4cYzqZOh61cF9FM4wNryfrhwLQ5msKoXsz+UuUEnzNriHN2p+8xOEwjemaCY+OXMTNW37CxBU7wfjHeLg6RhneBBihtF8pfky6xOHW72Dx0Hyq6nTmcKVTrGfaBRuWGMO4QSnq3tACex7Vo7dlHvhtPkkehud40pnJrFmyC5ff7KZj9kowd1EOZXtvwPyGRSBRYQs1N/Qp1UWarwYUkGz7ON7tMAHvTFUCaVdzGL95C/zSVUbJn5V4dkMr9AcVk45NNjh8kyHZ3xvh7x0xmOV7FISmrCGBvhPQk2INkhnJVLZpFr6cPofWyR8HgwOPSes7QbuABdcFl7OCdhvWzw6gaVNbSMnkF6+c9Bo0m35j9tMGLrYRBcEFRfBb8xVpRG6gVeNOYeqsl6h8JwJvrNfmCcdD+cjTUgq/IQ6c+5x8vXtJY/d1DnTfS3YpDrRLZRMunncc5dbE40GHbXBzqRh89KiC7rwhniodBHXhU6m/VxxPJLjDczUxeGd2mE8lxHK49DhYtUqXhOOK+EyqHE56U8uThNwhdPdVSvZNoHFBPbRyghpsF1EHK5XpHN72hjo2S8Cf7Aj8YW0DHRGHMf5RNbzPS+F3UruhN4fB0zYYOh4soKfVV3jL00voeUCW+08soNZ0G/gy0oODaxK5ploC+jXdOc88k0c9vUGeGvU0ZnskvxjbSPUPq+DjeGPUmDSN+konwrXi2xBbpo8CqwZgvrUiJF66gpePZ9Pv/FBKPlCCqw8OsUmkBoiVaXCflyI6HP2ACzcVcebEblLWCeOGQl9a8Hc0/1TcClJ7DCHgegW/dHRByV3HQS9AlVSX9nCMiwkFGexGu/tbwGiZGls9lQBJ818wc+gHCaVLc8g/IW4LV6HHuxNR958tPO3qhvQJXbDOTQcW3rCgw3JSdDLwJQt4a6PEwH7MSLeH5atdQfqHAb0+vgoXCZvAodBiTN98Av1FzpHyxmb8B2IoOMYPrT98Z/m0PPxyWIn0ow1hWMMQshc20cao7WTSdwXvVatR+ssScEk+z9N6W4lHCcDtaDEos7sK9pZh3LIgG842f+MfT87yi0+XacWkID4erE1ymm/R3toA1LaKYeMjTTxUZEAKZT/YV+4AP1vpS9MeKuPGXl/cmt/Lhg2a8GrmaWhU+02/f1aTkkwoBjSOZk/hdazn14JaZ5+BnO4mLBjQArt7c6FhH4Fj3Fc6pRTKggKX8dnMCZRWugBlBA3JZZ0CLFVCUNvhgpEvN1FVyjrYEpvIbY2v8VeJHLxVDIc7TzTwSyXTzyvaoLLxPATFeuCkSe5s/mwXVqe4U8ZvSUyTqqD0AHs8YfyCZ6iPA8WqMP63NAY274tA09fTcfoIdU4WMgANnxIa4tewwQ1A0dgALjwAdC4JhvgXGhw90MVhPzN5q9dMsDnoyD+HHsCX4DYc7TsT/KXWgWh2IBmc9ERdqEOFV/pwQEGe3L3dYYf+ISgdH0iBERKgL6zFEuOWwTtcxYqX9hMFDdDUsV58wzuQvWLzYPPaAYj5pAcen+wp6ZMOFZ+5gXVNB5BkAvD7ezn+ueIW2ud9oxNFh/ncDgVYZqKCOr912TCzmDrWLIKFxVFoL7Gf/y1+BZ2/22n2DhuM/6EA7Trn0FBiGh8d70wBZeYgP5IpRnIZayZf4fyUb6zSMwrPZWjBjnOXoVtgJXXKjqTM/J30QHoh7xnogOHvVmwveZpPan+hfdICsLuU+MyUAiz1vwqrTpXC1pfnqVO/Hd93lWHQS20+nxDHPTAG3qfLwgcZB8zTuI6WcmFU8uc+jF7yEpoxEL7OXEsnSIUuaJpAs88QbdOexCdW6LDr2WMUkjcJx7TY0uKoKFh4TJkmBqtgmKUsxB0O578760FFqZdNHBNBUEeVyg5t5Znz+mHP2k56ovEYRi6cA2LB/1HuiIOE6dmko2sG16PM+dL94+imGs6hnl6wd9FBzNOcAdOwF39H58G/Q2psN2hG506ZoFbaLMDFL/nOqg0gIRdP2qFTIfpYAE1dv59wzSfQd7bHuz76NEuhgxYOH4S1mrmoeG41Ko2fDmXzD8GudYpcfus0Trr2FbepnsBlx+/R1MbxILHtGKunbMbYDH348lAfKmeJknNVF/6stIfam/ps92sjJ56potFf/6Fm/RF642UAu+1ayKddhtZ9COQRrsOcOXQWZ7Y3QeoRQ95tokcbGlfhzXljYeTjcGzQC+CrsgLouCSNbQOT6YbSEFqsV6FTSTsgdUI0GE0AcJt1kgY8jehtrj+11wjRzTdWILZiPSavnsUNTY9JqTcALnWPgp9LgNN7TEAicSI3+DbyJZnF5HX0JB6Ku0DbNQIx+P47nFrJcO9bKkc4VaHLMRVWzunhza5z4K/IFr69rwjbxk0nkbFzOLNWBtxjk+HxtU3gEaLM9rOG8MccPwpYrU7V4lGs5aMKV+5JgOU7Zci5pMwyG/5R76f5bFdcDyNDpWjF10h+W19HATkXaO3EVAitloIDAkMUem43x7ccY4c9X0hI0JKDVhqAvv4xXpLaSQ/ebuanxQbwdM94aLfqxMcf91ArlmJGP6Hkndd8V/QbxARn0t6r8znxngwI+3uT42wFmHQsktXGPeCYOVvo4NfzVLmngCbddiDBh+JQNXcKmKfP4geLAqlj7RjsPWwBBl834rUZg/xZV4d0DnTyL80C2qlkCtMObIBlFu/4Vl4T7N+QwELa56DB/TjpfhTG/LWtlJbiip4mCC3vGjhWaRu1izfjvbRaTtwqihr5BmwYsJc/ZWuinn0tzHdUg6fVZ+lpgCA5LbGAFOUFaORdTxNNa8l/QIwvLzmAifdlMfT3DGhqWohBIknkWfKX3O96sLxnCJxzCKFPuWtIY3EE2P8LptcTdeHHpR8wZ+EzWv7Zi8f4HQRZjVXg/2k9jE1mnGE8Dz2CUln0lCoEjFnIF+46sdcPWYgIqSONrddBPs8GswRus73jBXzo/5eshBmSU4LhdrUOVFndhu/7rcAndgw03tICccV8fJIrSmv6nOjBmWnwZt8b2rZNkiv2toLlicN858hbKu4s5Is748HZQANG/hPmfwkzQWDLYmiPM6FXpQGc1sn8atF62l5UALtmmtLtxl1UFJuLX2ZMBDehKsy+Ywl2Dj/JOXGQ4vPXga++HKn4irBVw1X4s/s9xtkKQe2wNyR41vHMc5Z4TG8eecVX8AvhYBJy8cO+HRV0b04hpo9XhpaJZeDcWsqdQ8GwuF0RXm7/g0UXVnBaaRf+kcqFe18b4H3SDDiiOgdUi9fj3ZgkckowhG2LrbArRh5P7FmB/w2/5l/Td0LrSQWI/c8WrydlYcqG6eS5sh0XLG3npFkB3CvXw18OvsHE/4y4PkET1o/QoMI9cqjpvgDnzLZjoyfxtO9CEVyxL4a3jnepu+U4dbaIQ6XCIBb/1kTL7qm4JEQXChPnQfLDzVBaVw49FYkYk+nKIeenw6JQFdo5+gxL2/7mX1OqgNMnQfnacrodfJjCg3Qwvb0Jnp6YDuZ+xqituwkeJ4vC8vYbHOTbgF4NhjAY8QIGNxTQpbvLMHuiEAhGu6NCqgTPu30Id0cc4sDiDTTjRwxVaMlyQ+gwpPlY4rwbSuCRdZ8NSj/iX42tvCHWHjUHNsLSj4VkbTwDbeOKyeXibfDSkYd35Yl46JIfOa8cSX3PdWnEPwO4I70YNo2zwG7PDlwo38FRy2TAoDmRr6QL0yuLGIiwskeo+ch+/Jp0DwVj0Lc+MrmRRBalDLs223BC4k8A+Uz4eCKMrMoPcwgkcIG4JC7IjKQnf21wUs8YmNFcDiuNW7FV8CvNrUnEAv1OznofRY8NNWFqqClPsfxNsuNN4XhjHIYL29GxHnlY/qCGt05SwJhz+6ntsgM69JeC8h9lGpCeDbJr8+hfgBXo7pXFHuEOcJr+kJe928drF9tSpY8cJPd14OIsXZhIRYijx7POPDWIefkQk6W3oXOgHj7oy0GJ007YlxAKESXqMOPmGxrOeQvh34RQE8tZ6JE8rrkRS/cL1CA6Vw3MLpkjdorB0MHXeCJnCCzX3+ayM61werwQfyj9AOVduXTucSuMFQmH+UWjQf+CIjxPDiKZ3iPwQTEMzo0QQJmq65gweSVMmqCC0qd00VV2IqjtqaGC1J/83e0ZyB4JY2G3QGgb2IzL073gb4U5dhqNhjYpJei2rOOGnJ8QUrCTTZRCyUc5FT1N1XF9UQdky9mTrPZm2r1ZDmYcHgQTa8BCwWjUz/iPwwvacaEgYGa0FhcnHERz56fYFMmgIMr85KAjiG3Tw7GrLnF49SNyepaP1R1+0LXrKFetdIH/fkjCxastcHzBI/LeGQJjjn/GKYdeQkz/T54osxPPBP/hq/OvcZYrw6ngdCha1QrBrVV07FAcbCk4AmbF89Cuz4UnjlIBofHt/Fl3Jsy90cZJ19IobrwazNf3RLW6Afh2bSqt0UxnC5unNGVfLdRdkoQu1Rz8RhNBxnkfYYIue65x5rgN6pCo/Jt2Vh1GcbG36Lp0FJw1j4FH+xcgF32HvNooNv60Emw31/OgfBoJPovk8DXLQDVuAsy32gzPu6z4918/VisDevT0P3IvEMMHec1sqLeN4sx3s8iqsWB7cQL29GSg7oNlUHD9KE9VuMU9GmKwxNOc1s1V5EyTZBZS1IHwRmMUX7YSbuVfonOq5fhjpw7XamziEvXFHPtdFUOW/8UxW0TBVuc3ru+dQ7vfteGuxftpe505hQ58p68TfOjXeUkq2+ND4+vEodXYAJfa7yFR1+20eLUxdEpPwNUafeCedYUX1XeQyLlnWOYzHpofhkLW8GJIHK9LRk0E1QfLaYd0G86e6wC7FP3h/DRRWGmvDzO2yoCJxXNITmQWUO+gHqs0MKiuhLeHlEE0eQDC76RzTel4sM04CfkPVajPMJHUDyiR7psLkKsdj9NGGsEbwWb22PkOZvqOgCKzBbTmyj54vf07LbvlirW+jvTQUxN+lTXQguw/aF5xDllJC/b3/2EzkVT0tB2Nj545YcfNb/j64zWQq5qJnQaTKdtiLPz6pgCmbdOpSGELNBSXoXvlHy5xDOT3/+7CpJP7oFXxJtbtmwILL5qBzpNAlB+njdGuX1HJ5QU8svwGy2+r0Yxboly4dRBuO+yjOQvkIP9PMISG9pPE/QW8I3oPfuoyh4hnj0gwNAr1nUeArKENTrBXB7fbQMXDzuj7QJa8fcVgiZUiZz+WgXLvBrZNMoP0xgPY8EAGNu4IAiPzehqOcSLrM1PY9UgOK7T249CIbtwaZsjfbxxky0yEaxeyQfNCLr044ANFlm9p5qZ76HZvMo3OuAbv/BfRw763YHNEAJZuuc9lPdV4MNgT385DOKn6mhLGNWFmjANvjXtOojNNQcCbIWHEQ3goUUTr92fyotYYPFTwCJRGCsF91ADdv2twze9mWOmhDd5lk/iM40xanveanj+7gMLxhXx7vwHMlksjCWpEs4hoaKwcDY/Nr2D/hBpstJTmRYtaaG3eLnSLXkZPnvVBxfpBDtB6yCcL5GDnkmcwOWgXv7c5iG4NszjUaSOL3z2Iyr37SNjsPl6+kcIjy+WgMNcIRD7rQsurhTRjZwyXPfGCCTX+fEd9Fnz++h8+Nm+hyE8SoLDqLK0iPdha8BvzYi35T1AQCBkeYQmt8zjmZAx0y5rCfittKJy1AXRtasDkQwOomVlztcllLi1Ngg0nptNJn8f4OHwTOpUCZPQWolR0F578sJyuJEyGDj0NmiATDCWnymnTvBrwbx0NPdWj4H1fCTVcn8+3Uv+AhvAbHnV3OTX2mGNXkzgd/bSGyn450KL9RhBtWQO3tV1JKOYx5y/XhXd2bvyr0Zx3fX+Me8WO8DbrR6jtNAbWbS6Ah3vWo5viJ/DfPRasaiNxie1B5HXfGQvzOSzADaxXTQbH/A28eGEZWQ318r6iRfQm3gXftoXBYl9nHBWSycZ+KSz7awpIRWWCx7VyMp8zhURSttD0FZN5vGQJaz7IwqReOdy3bT7McJkK/t05mK21A6cbCuD3ohe8K18aj7oeo6fP88j26XGUj1yE7kEiEN78C5sEnuNEjseX4z9R5rgjNFX/FE8epUaXnnbCceciuB8+Dfq2tJGw7k9wC1jOp3vX8/wP5fjdLwmnTEwH+aAM2KTTzeu7tGGazA1482wyGy/P5F49D0Y7ZVhQG4o9c+aDkGQaJV805oca08Fh52gM71bmGcWudGfjURa5q43PyxUo98h9OCG3nLPTVPGnggasLT3M8guP0ZydNhi5wAeWXjjB07+K0Pc6Rzi35RS8ahsL+EQH1KOv0sTlNpRwpIJzPvWzegdQt0QqXtVwwcOislCzwh6XWxrAkrgPZDPyCAbnV8H9mTM4I6SMlhZIYeKPKk4xM8aE8TX4c5IwnMhV5g/HnsGiMcegZ5EkKNybQoMSTzlH+h3+qt7KF44q02tTYxgVIUd7B9poYdEH9H37ncTVA8FO5ytst95Mqp4r2Lv7P85ZrA1ynj74WqCQzJQO8jn/IfayOYSP9i7k7qE2Nkq/Aklf9nHdvtmQ9vgVZln8hTGqafBCLIQ8tkRyTc8kuL2+mo/lyMHSO1KwfK4ASIkmwwX/s7A6YhNdrlsEw/unQd/icExu+UmzlDNo35KNMDiCoV14NkZ1vMeo3NeQrG7MR0/EYXmIFU8uaMNBP0t4EHMV5W7KQsS+mWSw6xZtKnqE5scZKk1Xg3jxXe6peIiu+WPohJ8kzymZAV/WG/D4Vyv4Tu8aGG0mh3pvBHBPaBd5pVrgf+eTyPfMHRgu1oWcUV5sO0IfvNT80cXwEx3fGoWPFZ7TPL1Omj/JDRQ+aFF17CSwLnflkuLDPDirGDSfWLKBWwf0DpVw2wp1/DvHlu/9t59LvWUh6fUAz+mMAzGRIlh3+x14kC8dyDsEWRne2BxuDja+XWDlqAbns0KpvUyPtowdA2F1CShw5hrnfxiAwq3v6aJXMa6vcOe8RSPgh9M/XtelztbW16BlxR+0fi6OT5uk8FbHLTy1x5ZL52nglihJGHHnOWUVVMEx+8/8YvQ2zj5ygcv7v2N5WToZbSnlZ1sTOdNJBMTCxnFT01kQNy3kOK1Qtngzg1d81OGGvFPw+p0n2X6zo547+rDA7jtc+VpOZV+HqNt+Fmjs9YW3gk600HMWFv04RGbhwVSZLQ9O2RIQsM+A/0quhsPDPTycnozvc5PgTFgW3x+Wg7SuzdDybRxMFArFwW/BZGyRCEn/fhHYjYSPbR5w8fIaWPZZB7LefmTvl2Yg7vsWV3zZidKRH6lzZBnV39oBR/si0S9cgPxnZtBnpZ+8++QIcJC25Iv+CdARW4DBu7eQimwEWOctgxFab6F+zA1Odq8HWcGpMDDXkXd6uHNhVyAM6CvBEYNr/Kkki/e6LKFjGf/I/95Lnj1LGLYn6cKSS67UIXeUDdsjYEAvifbLzIXNz0tAbNQtrqosoSNbJOCjaw1uFyzjkaU9HCoejYsszbBFdphGHXLkUbeS0W830qK5s8HKtwKtpmtCj64j6QtPYfO0q5hyaRq55x3AyeX2NFhdjpemCEGc4C341zeC9rmNp9Y9oZxnoIXG8uHsflQV9XtvwtIr77hCyxSGd/7iO+WGlCTth5m9tSjk/xPtTf5A7bQO0Hm9ltqsW6FxiQDMXzmBVa5L0JmRC7BjyUa0dvjEl8M88e+IWgiqOQ/TbK/zNtSEmc92gaWIJsyPssTdprLwLr4NBbJ/YPrjzej48ivJHC+jpV16EPbnHh9dF8tNfl/B/2wIq/z3FC5nRqJHYQFLZBZyvYssL78vA9Nl/ejPybv4oes1tmkY02hlUW60OoFp++JAqL2NDwxvwpvfNODVGFGInlMCYdXr8FnZfH7bbwGX/w6g6WA7ToncSNMy8qjRyxAmfy4jY/nTJCRlAb2zmvCVgg2W16rxc8Nd5DzRCDv6/VHUzgQqYzfy8f4aHGqIomXSNjBTfRQnVZfAzeUtJF+3jXzqx/FVVxkI2SxPC5aK8roVznh1xStYMr+W11R+xN9fvsFe78XQsG4xCepPgqbcaH6kfY4Wiy/HzS0DkKvfhuNvAdlfSmIBu3z8zbFYXTIZxhZ+Z7+qOyx5uwktMnfBm0fSuHbTWlhwpZK6t4digfRkiPQaCTHTJMFmYS3V9Ebw187XLKeQC6v1/qNN+Tfw1OjzsFie+Ox7M5jWfBiFr8yDO8vuUfu3atr3yBlbprzCgqNbwOatALAE0pofAlAn8QoTrijj+ZfTuMq5HYOlxmKL/j+QLmzihLgIvlpRyQ03taEoVAbLknaz9/nHKFkijVcwimqCLsKKjyOgpa4Ixj1CVO/XgR+2bjDY+YTcZhSzwJtqXiq6h2Ol7kBi8xd++bEBSiQ3kFTlOKhLbEAKiOIFI7xZ4T7B8eAEbC86DSUTluNyoXUwYZUB7f83DTznnqIwoc3QXlfMBmcvw+ScMXBOSgYsVGdCqFMWeSmVkeVlTViv7E/WVbvBWewzPBxZQeNOCMPLKwfo17qnVKguAFYhjWR9QwISArwpIEuYrPv90HL2D9K02w1997s5d3chyUrl0NiG0zhx0yx4rIt4/tMSzGzbBbB9Ha0IzUDlrEEUXNrKoblWYPH7Kel9kQOx8os0MrEfr6c4QeQaXR7TEkP3Er1AYqwRmg6nYnbMNvhzQwkyV6uAVo822ry+zkqV2jz+ghSNGWMGphrGMPPfGWwubyN9VwO47b+Gb8rNhAPWgFs0NOFzvSV5HfLDad51eC1xPhbNboOBTE2QICPQORMLraN66fbZa9TyaBv1VMaxq4M89ac9hrkHlLlJbArEV+6CqMkX2TVNjNxEZtNT61a2z5bl5FeNsKjhCHtscqQFjgaQ/lsWfge00ZxPRRSSO5Y9jkbxqtk6nHJjFLsmV2HfEieI7FGG87v+Y0E8Ru5bQ6jW8ir0B4aAtJQnPnNWw/dqI+jcyzho6VCCl+Iu8MrJHQN2LKFXCrdBWHs0rc5EfpJzEoY8nDhLLxBPC4mA/Z0eGpivw+ZLKnimHnBmRDGCcSodzDhFJw3Vsfy0CbSkGEHuvsvodtOU7lwYAu+xuXzvZxmMND1Chn9sOCMb4cKr73Q7ThaCyJe0OkKxfb0Z/g3Mhtu7B2BdiSFXfO/k8P2neCA8Dfb+U4FZPl0UJLMQC4LqQcx2FacEfebyr89xTtFeOqNciGNPdcNKwTmgfOw391w5wm7ti+ms9koefqQG/mmlvL/rBEfEOVHf8gn8tNsADpV346c9y3HF8zSSP70SemyiwLpdHLqOCICCvDaPmlaH37Wl4L7edV4euBYPDiVDSrss2i77h9tb6thHErHV0AdPnY8GmyYTaKBGHCyTp3wM4rdSWaBV0Abtv4+Bzg8jkN9ihyty8mi0gARcDw6hmBWWEPXkDy4ROsjF9fasNM+fWXAB7FNKpo2T78JTrdEwSr+BDINvkWTrMzT0nMxDPytoXI0jBWTU8+LIu1R0GPnJZQG4v0SMTE8XsN22f+zd/4ujFjzmEU9EQNlkL46zroVTW9VgctJ4mMCjKf33eB5TdoXkfr3Acgt99m2MYKMlbmRzoZMzyv/xiQRtyPLcxc6/cmmeSAO2ODyHUTKBUPf0KD1zbqC+gJm8TLseL1+cASt+R+GRM8U8fF4chPss6PkvL9IXE4bwAD+KUJakY/eSOdOeweHqQpyc6UErbgRiyalDeOJpNb7buICuPzhOEvnBoPjLD2xlZSHz1xZcrxtBs6KCYFxVMa/dLw69H7topVoRH2vx48SOejy0QRpA+RI82X8KnmaYoFzlN26d2EWzh53gj+IpElzwDfp/+MPHKh0wvLYX7XksDc/3omNP1XD7a2/W+vOVDx1U4pKpybj383zquTcLNGyzceeCA/R2azfZJm8EuceetHBAnJsl3/P0nXdJRHgqyp4xgeAhZ4yYpMUJAiK86ZM95yS7wuElOXhQ9jj/zhvC4WMp+CdiCgiN/oFQKA/X3yZQminC0RI9+DbhLM/6aMvuzup88dN7Lq2cDF/z1cC03o4leBym9UqRn+VxnBl8DlP5KA02p1NK83hyHpoBon838Hs9P5iXfZcXCWpzcNJpqNxZwXs6X3DkDnkUXTObdvcowbuZvXg5oJpa+8+zen0buSoO0MYAXTQ7qAIfouLAoDYI88frQEbMU15SlA77J+hBfPlJunsvF3YudqSHB8XYofYi3TToBTV1PRh9eT8NhY1E4y9V6BlwjB5dLoD3pna0VnEOlYzKpsM/75PTGVEwutIFFRdC4XbHA9r94hkKnpWkweZwGpksTKHa4RiwI5L+fleGfZ2nYJSdJo+fkQWVAUL8d5s4TxNRhgUGI8B1kwI0BYxDgblycHbXDmpZcAJStqhAUZcKa078QkIP7tL7ex9ZfqcBt+NcurNjBjQNTwJN72xYG7+Sy67cxY8e3Xxs601Iyd5MGyPkYVSbPfm9V4L3wf7seUmbC8dO4UidHHhx4Q1eavbgKpsp1Ni9A+uKRdnwlDToH4ijB+NM0GXwLfSyEyn3P8epZercrmMIRo9sQTP+CL+oVYfPliko+siBzmzLBOoVRoeDFbDifQJuOz9EQwmzcGqWD7YrSkL9hs+QO+4oCKIdmL3bC2emi/D0T6tQdVsiLd01n32lDcGOZsKPD3epNfsOvR5zGAScxCC1Oxk1X62i+G9qfGfVR87tGGRjiTlwwEMDBKIbwdmsj4s3OYPVdgksUKshn6ICWFV/DtRuzuG7AcKwTDUet8UFcIrSNDJSN6Kr1RPohXoiqwW/hr7z06CmoIb6a6XgANtQTZI9bXfSh9wjSJ+yX5KTRxjnjviFDpFXoWLCePA4rAaRm1oxwzyRz+wrwRelG3Fe92x+Ht4ISdf+wJsdb3n1p3A0rTSFMNlQDD5cioIOjTTq217y1nRBu1438ohXxvZyIyg9W0lWMAI2fk/FiWb+vGLxefi9WQSt+5xA0XsVN/ddB6cXGrBqtgnI/DOGI1fS4GBLIog7i5DoPWc4qapL94XVaHO+A2htn4szBkJB8b4y2I8bg+jvhpf2PUa3q2Po26NdPHLOTrx3wZTnn1qBG1d+ZXlHEci1OoWPx7vC2VIVnnzmIkS8M6UOVQmwTw3jtYo1qNSzkLV8xODvg4ngPD6G3Ae/UWrdXiyTroTZ1ZZQ7fIdVz0+ji0V6/DWXzkYJ38Wy9+YYWyIPZU+PIxXdnwEvcejqGnXUqz3EIIRw7tZYJ4Y5PUXcUadHG2bq8Lnrrmgc9VZVI82oU9ae3HRjXlsu+0GbMIJ4PIyAQ4m38GGjIUodnoHX89Rw4v0B5ujv4K16AsyGm2Ppwv1YGTHOHQYKwVbntngvNhp2HQ5iksErOBIujw2/gwCESV/ur9GFezfxIL88UFotjoEsOQjvw5+C1/Cl8DT1n1kt9qPf5tOo62moqB0NppGxfmj52x1EjX0Q1eWQqO+vWC1bgBrT5dRmr4Ewllx6H0fDz9OHoaY2T9hm4oH/xBdC9tbwlE7+Ty+nxhNCdcy4WDTJHCMMoX5c935jZoA3B94ij/q9/Do4ji+aixBmyxaaONpWz7UJAiZQ294ebE47R78zO/XebNXcgklCOdTd9l9qh84jxcqYkkuVxIyb4ynFyLvwE3xL60XyKM9h6eh9sV2WpkwiIZzXdi1tJucFEdAvq45y5yZi/6Pw+DvmzDUuX4FgmS76V5RPR1unwJNVxpojYoe2Iw4we/Cg+DykCGeNToPjgIRXHUnFWSMJGHVqIWopTyBprwfDbUyCiy14w5fezoPnIwNIOXfWTbc4wju2UNU1HaUvi1/DR3vzWDFu3jyLFLB+7Ei7DCpGspkpoOyhiOdjB5BS8M/kN4IM8hIVYAt0/tJUSSCB5KkELRa6GrJBHgYokhi+i5UyeNRcI8aTgvXgn2ZLzDUpQxDL13hz8r3+ZCTH1y+uIYqxmSzcGYrXa+TJGsrJYidLA9Z34ro+4Vcuvwhna6JpYD6A6C303+B+b0MtmnSoLksAWPfPALHvz5809aerW3kWMk8nb1ip7NvpAlERV4FF/XnUGktDBErT2Pn/GHQWfISJvqaU9DPF5SlZ8Ndt4bx9B4Dfjz+LCT3TwOzKd/p0lVPPnq8lq/G72ftlzs4wW4cC0R1g5tLK+sclmI0F4ITg1uoIMOFopc1cP7z28hR3diYEQfL5brZp1sW3oQ1w7PdujA804gufShl21hDnKQZjC+6L/Lq2alonNKKAeutwKB5K4S7KMCHjGqc01vNCueV8L/pc2n1LgeqyflAn80L4Nx3N5zeNIu3DRpA6LFYvPF5ENu1cqj3v33YWXoQ3UzeU45RCN3M94Zfk0x48hwROPy1mio9b3PgeX2+adbGEonr4Ois5ThYLg66Jvokn10Inuki8HrwMK4cJURrDUfhmCvi5OyUB7/kQrnYfSmsUQhgW7OJYOUpCGdE2mBpthV9vG6A1nomUHdRgyYF/YXEb9vQ5K0Cnp9Zhn+N5CGzyxhelxXAYLYmzK73Ia+8IFbUWI5jQ5ZRrLEb2vFHCvqnDdOfVuLOf3t5aH0TJAaU4oEftyHx7n7KOhlDInvHUcPAXdb6KAHP9Tbg1INaOD/yH/bblLCBw3J8PPiBTo86x2pFD7n583c8c0YbSjX380G5/TS4WhUXHCrikB+H2b0Huaa4gqJjOuH89mn01UINNpxNJkktDc7eshYb5jSSkFgArtssgkZLImHJ4kYoWjAd5Vv0QXFzLUs1bmGb0Q/5fMxBPJzgjw25PhDf/Y8N0mfTZ2FfmnOWofngK+jVcUa/wtn8/u5p3vlZhoJX1qBQjjZ0rTtNwrPC4amuBHhPDYF2hR/kOcIcm9sSYcdWMbb4+A56Jqnxn4Rc/ht/jG39BMFIZwTNUf/N0Z2W+Ex5A9bJV0Lqlh/0ZdtdTv76DiN8CbdFSYFX6X7UKizGN9sDoPD2LbQOOMYf7ldT4PTrpFarzc/m3OQxh2Th5O7P9PziABZP3s6PQrrJ2XkreB+PgFNSsTDbUwtbnrdQWrQ2fAjpoIwjDdh4qBiXJF2EUyK2fDG0GFerm0NceQIuu5DFKiUzQH5hJ0//F4rfH87gW7VFtP5DNuq+2QMuyQlctdaOwxYos2OsHNidVsBnYh4oUz6KP83KgvT41bhbOh2DjG3QsKyJ3Me0g9amGSB06ASJyQTRl/P69G2EKpmtaWe/vL0cGzIIV9f10svXzTS4VQFsVCegW/sS6L3xgk/Na4C2kJtgecqUPsRZ0kV/MfgtdROqoqQh8/kTdvttzAYNDDsSK8BwoznfnLwPXYzbachjB1xwHovmXxHuPX2C2dU/oDkGSfZPCEpnHqWMA/dBYvpuntU6nw4aKPN2HUkQ+53K23SPwwEZMyjxy6CHsvV8t4cxZf5D0J+xh0+Y91Fd1yjYckuJPnq4UrK4Fi44mogjAiK4qUuVL7T3c9Wpq7Sp+R1XrRsN3hJfwOGPF8ldjKalrsQP1T6x6OMP+HOCGy6cMpZSo6dCrgCBk+BDTkl3RZmPe2hwwkHUGHMIks9HQ9b7ZC5xeEJlFkvZ3FICvtppovtnRxjqkSPXsHpYZ7SJT6z9zVcsN2Lvh5n4K2oDfBg3Gib4F7PbbQE+8G0CPvs8gw4G5nP15kS+cFoFN7oYQ/exDxiboQGN7h+gwP4QNeckg5iNDk5Z+48it0dQapsmf2/9haOXCEPsy4nQqX+JM++oUlKID9yrrwPR7Ke4o0kGuxs+kk/+SGwtOg3701XhbcgIdiyfwGumniChKac5dF4Lx6yfhm2TZ0JnszVclreBgnvjYKyiOWwuPE3eCpcQ14mxZWQp7/9cB7HJ8Ww0dhqFr5zKw2NFIWfwJ7epefMvN2N88S6MQmIWQ3e0Ly864oF3o6xAVPUXSC1Th5O/KvlD1km4onQBk6KzOf/GK9pTVsvzKmah7mE7HjfwhRrfG8NfwU3o2xzMr3brUVHUBRrtoYt3gx5ye0Ag2+n0w+vpjnygVAPOnT4AGl8kUA46aWX2M4z4HYfN0inoflgAbILfke1xV0pYPB3Mmt7xsnRLNkucDsbHLmDhZR9uzvsOSdbyoFk6lSLeTOStGdIQnTyHtWSaaYeWGPQpf+aVrcNUmS8PYw58gOv66zFvTxUtipaEZR6LsG/NGmz5chvFIuPgh+gz1jx4kMfJGJHq3jfsYNIEtxomwGUqh3EuFiSTtYYGcytIXs4XZl7cQTNEXfiuoxDdSX8Em9ZJweD35TwHFtIX9/H8um4MV6xyxRnTp5LNbHtQTN0IyVPfQc/KURDXOolzd7RShs4D8ko+SQaKXZT04RnLe5lAoGgkWvhY4Aa36SC9L4NPPjTgnr1v0OTlNj40qwZcDhVATP1qatM5RLsXxcP5v5PgNT2jx2q74ExOD22y6QGh0V/hsuhv8L1Vhue6xNFRvAVet0wGnd+X6Mfpt3i34w4euzcVRke24PxIS9p4pQJnFNXw8TfLMbRvFmwcL819TzZDlu8u+HZjIwWv1qFHehWUGHsStUNH8i+jQbBsVwTVKTvpyuVKDNuoQTtSqqhh+C68ECwjU18diJ/XzupdMeSTIAsP1dLpruNVChC2w5oN8niprBVGRMnR3R2Hcc/QZg54pU15Xopw10sKrdc9ZTmNbJS9kAbpO+3xxf3ntNTtNhsaLaMTMQVg6ErQZn0MG4Umc9OuW2SVLcb+rSb8oG4LbWkj8MjyxK37E6mowRT2du3kO82a/G7VEZy2/grnhw/w7KPpkCGYz/Kf+0HUehev6waY9fEqSt6VpDffK+hRRwmK2lfyZr+FcK50COdLxsP1YCmWuCkAyYXH8cijHsprfk9hXRuwul2aDaEGZoY1gdvlQ+Dur0UTgnVgTslZCBkvBA9SiFflyPP93o2sYOCOxzbcY1EDU1Y90AyOhYqgnHcfww2rSe11KGr+SWObgtFkuKcOHEY+IWv5CvZZ5IHpgipQ8+A3zX1ZBSndx9hY9A2XXw9DozZv/jg4iW5ot0H6NRsQWCsFD83Wcll5Fs4420r947V4rWUaa/fuAb9zl3FS6jc+K9bNs/aOhBPkCApSRLI53ZTW0Q/oFIu7EyzIfF09WoR48dHXltReKwS1B6dDw8A9zv5TC41+jrz9aRfrumZA/LA5JV9BrDl3Cx8L68HyBDlyblWgEWVGPA9fsXXESxohqwr6nkegq9WVfwknUsZ0fRgcWQTr/Wog6WYzJpqlsomiMiyQUuLvNc0oUeyC6koCWKs+CpI6YuhoaTA5a4dggK4Ajs4X4e+8k92DQ6HZsAr/aCtx53spWCsYBvYOJvx6TR0rl0tQbeQwdNy6yEOKHixT5wXtdY9AY546VOkmo7rxBmq97MSnLIdp74Ux9PFxKR1784w1IZbnHBWjqTKS8CxKEC+2tkFfNmDiV3P8FzoGOzrscOrCMVhVUQm5wbXgPDwBxETfo83C5yR/yYlFN6ljidpddNGw5GdHQ2jBSWEOq/aFG9q6sOuwKyi+BT74yJ10ncKwcKUxt3o1k9HYFeQmOg5Nn/wHumgGl+cW44VAQ449sQk/un2j0J85nJseDpHzVmJrQgRY2NzDLzvVIagyj9XWL4JXF+L4e5oEzR/SxlpRQU5rCGSXzSX8Tc+HJSWMwLxYlvSkXVmy+TZsfTOCWkiTBHpTaMWvDFxV9BBbhy+jkrUEpCx7hXuvPeWWcE98mq0K8tGbYX1gGrqbfcG60yu4OGk9jxweB+X1N0Bt7xDIPTTFgOO60LWhg+6MD2Dpb+vgpflZ+PsomyW1Z4Bewz6oEDtGzotX8seCeMB3y7EsVxYqtLbw0fjd9HncMrAoM4IdOeFcFFrPZzYcpMzGq1SdJ8ypA69YKmuAtxeH4did++lY8WSozw0ldbcXdO/3Jfqa/5zX1d8k6eAcGNLMwYUGXrjWSA3j81VA7G8eWER/g70TzuG7W5p4Yvx2uP3nG7QN2mNfgwG/LejiWUdngeUrJdj6qBFPLV1CK0Pvs5utIE/3NET3o0vxl0MqeXmthwlpKjBV5zYtdo1jb4WPeP3oaRTfWAb+u0/h1GINnF3yFNwUbuGwrwrUirlz/YqfNO/MYlYuU0EsNKT9+q4c2LoPnnScgXkOLZRpbAaT45eisfkTCuN+VEwNpVyjNKS1FaCi8ZUCdAJoygRnlDWRhEb/yzxhQRK06nVBY2ouJcleo365HeQ0UYdE/97kI6vf89AbXbj+vZnVd/lBjboVeqX54lGlhRRXMgkWv42lj2uOwuM7gzS8zRDWxrRwydwFFPj3Ezr6DuBo5Q3wzbaChpwqobdblO20VbBDbjY8rv7LsqoCqKr3nUNWufCKJF84FvgDNC3c6cPENZhxyxger1SH2+Xq4NNoxJsWbcT1d86znOkLOj85h/4TPIrKcA2C8uKhNkoewj2YV1Va8rXAEqyJMaUpLsfpa7Ut97/R5JP1OSgk5wxW2+VBV+oR1G/rh8gCWzgwWQz8SuYT992lL9cyMXnIh7WrWlA0RwM6JjvQxiUFlHJZnz9FE8bOraHA+A4WPq+GTcEzoFh6Bax7S6Bt5oU/to0F78XxFB94CT/4dXJNahO+nq4NXueU+QseZ52JChBcJQ2zxiylz5wMds8GUGf/NWx8qMNgchhaROxhnmgS/n2hCSZtl2nJnly6GqHC6r2OOHPMOrhdJw8h0ulo/+Qp3Qn/AlalyjDPUAJWzfdC1eZF0KoohnHJQQw0n4/5l3Jx8Hz6teo/mtZpCJ4LLAgHkzhBLhhm3O7n6nAZ2G4+F4yOXcItPqKslH2E518dCZbv2+lrxSIKjjDH8H3vwO5cPo2/UIiSd2xBXtkKtqICjrVXArlZdvRiRSbN2C8F0TcycaBGDGwPV0JPqCC6J/6GwsA5OGrnHHDMmwSx48R5eOtdkrT7wrqr3lDRtx1wYOEOahtXAn2tkRBcLg6Ff/spde1JCseRaD+uF6MsjsIWPTmye3mbbidM42WdV/H0L0P4usETnEJeo+6ifOh0+EKHzWu5t+8GBeqowpKR1yDGRQevXTMFleZvHGPrzRteJlL0xEww/x0MhYmfeeq1ftioMUT5579yop0WLM06QRdl4vhPQwAGpZvSi8BGHvOzhU7vrabd/ja0+FkvT3w2DkLNhLHwZgruc9AjJe0QWlh1i2XWW9KUe828Nl+cqm7qgY+uGRg77sDai2/A9YI9TnQNo+3sg+7BRfj11Cu6+/0BeetaYUvgVAgWrUatxi340EUDr+w7jvVWYrDYZjTJdNzme07pwM7JPEXSBNKc16OczGLo71sJOHs9FqbOYdGmlXxhWAn3aPlx9+Q61LGTh6rVQ+hrdodTuw5RWPAZ2n2rCIR2vAWJcx7UOFWenMQW8jlBFXgQ1kzJew051kOLciZ30AkLIYw5e4Bcfilg3eF2vLR4Bc0eBggBLRYY7KKgonZUigvjeNVVlLz1JZ9/uQV+mqXSkW8iaL13Anyd+Q8Vu9Xg+KPnsP3taYg7uAucd6fCmfcX8OboWHBeGs8nkpRAUi4Aw05Pw2E2w9j338EiOpC9Ly/Ft3IScODuXB4qvcgfBpThjGcsxZx0gEAHfV4/S4ZdlzvAnDFt0HtflZreT6bhqwbo7yEHHcmL6MCpI/j3+GMQLimi/15VQp10PD/aYkQXtxijg8VWmJE+BSrfzWat6mU05d4aOqHiz1N8doJjdBa8bT/PWS7vOL/uOa/XFIainiaaK1EPD6ySwVnYmiXqt8OGZzP5yqEwmL08DAfOC9EBFxkwbS2g7OCtcFM4ANJ2ZEFH9TUeOFFM3mRD9rKz6e3LmbhkrDL4GWZjyblC7Np9HoqHlfHp/8TdhyIQihoA4H9QRtkyQkRWlJFsSpKGUhKFUqSS0qKcJklRkhYpaRFSSSRKtJQiJS07QpGKEEL3Me6TfL8GcFr9QlzuuRXLsjph+5MEkBoxDrx3yuB3u8W8V0aJlSTusciHLKwcGQhLmzOg4fwDtHo7jH8OjIabCm8IKyfSEok6rCycgqpLn1Gd1i/S7XzA/k674eeGC3SwQRbatz+BZ9/PgbekBY84rIWTl16k5tiJfJi/g8KTzXQyFPhsszxknviDNGcmPI4/hZ1KwdThbQppRWkYtDMfii9+ociKHTD0Qh+WjrfksId1cGX7PHxwfwC2uWZBh+BOmH71Hp6t+I1nin+Qcc24/5v/u/HSR56Z9oCHtBo4u7IUei6X8MK8UsbXcvzpUCLuWr+LLKvlodS5jZ4uXUDXb/nDpmyEKJ0G8kv+hSdV1uIRh24871bCW0KswFOsFv5DU7IL30m/cYD3x7RSylQpeLvnPe1e3czrFsvAPLvxcDz8An9yMcO6MyPo1PWf+C94OURlh2Dt3NMgNTcNusbNYjkdAyjXVmInpSocO6ISF/oYwMkZ4WAnZM1kEg9NqgfQQKgW5C/Lgoc9wJM9dyF/3RQY93QjqXo58hb7NB46UceBVcO47f5POCWhBFBRTaGir0jSNZzr5SfRQKAC+QT+o1XeFTxVKYfX23ljf480zD7yAcQUPOmf6iC+kGvFN1q5VKWjDQIN16BRtBnFT3fj93Yx+LlrDOw2VeOh4F9UJSYKCd8HeLtXHWBxHYzuRjYXbqTxotJwZXgdeBTcotwPfnRSIR+2GgaCl0gxDKYtx6CsFKgsSOC9483AqRbx1ZkeMj+zmPaXvART/xcwIv439cZYwcpHp2CimhlgugwE9gYylCnC10P1FONwCgs+fWGvT/tIR34+OzR+oooVAnTpgj7YKn2hfyPTcNaXP5DbvJDPjllNUdV3YWvvOkDfy7x01Xd6IyEEyeem42c/NTxl7sdV5uEom/ud76YUUnRMCqwOPc9yHuPwaawUXDTRwNCR6/m48Gd6dXIeREnu4FITU6hb7A4iO2RgqLIKlZP0YEBlLob+nsOhEiv4nqs51+5NpC8J/ty3/QOMEc0F6/d1WISiUGK5lsd02XKUZiMFlCnBWwMdrv7nz0dz0nhNy2zOcW3Cv8KacM+yG7YYLMJlZzP4o4od+uWtptVCP6Gjah2N7PlH1Wd286NNIiD/YRo77XiGTxS6we/3Fbi3pY3FShIwqjsbUxdHQ+GqbNoxVgFUpAJo6/tHnPc6lxRa5SimegSN6NDg+mXvecMZH+j0SIcDPRrQcuI7vLJcBfCmAvwVlGHD14ngJnKOTu8T5GNR2pzzZz082TYC7G8a865b7rxAIJ23BCVhStty8lqoy4OzclhI5gTfCZ2Bqsv1QTgjh7I2nOD4szE4hWt4l7Qo9az8x1US8/B67x8O1v1NX3vlwDLEg1x7zmGRfg7N6ptFyacWkfOVQtiUf5yU3h7hryt8qGx4HPzqt4SX9zNxw8Mg6GqbRnxaAZ3KNvLta9uxYe8YKJsmQXp/jOG/Kw/RWOkCdCs/gcIb84Hi01HrbSsqHhygbznETy/8pS931KBshgds6U0itc/p7KZ5F549OQlGBT3oPHY0+nr6g4zgWGgpmgz2281o3sIl5FoqzNI7DKi5MB7e6swm6ynHIL57FHW8V4TEEQZwvfkpn46TxxkOAMGrJtOS0NlY9WwU3FxogmPqjMBePIEblNWgdXEP//28EG+6PkPhfkOa0zkDjXvPYKmmJog3/OTI0AmU7iwA2xf8hVWPbfhv1m+Sj16L/e16LI7mFBUlT3ajVsDExzdRQc4IMq65wq2IELCNjUMPVR0+9PkaVbWn0J/vU7ExP4cUMpRp8y5ZGHPkEmw2Gg2OJ8rZNPUXvFDZwtKqsTQtU5kX7zfh3RpCICmgC0dGX+L/ZgxQ04nrvHirNDdOvsq35KLgzusSqkoEXPJoDJsHTQFn5yrclS+MjVq5kHYuH4ySG+mg3UnOSd+MI9eP4vmbn1PMXCnY8Ow7hITdgS1PJHivggbLJc0iLZaguiNj8YF8EjxS/0WCwfoQcH0f64mFkonkcjK1/wreW6+gkuZ+XL/nPIgsz2Uc+5Vr3afA7UXtZNgyAKWT9CGz1YlbO6wgbPJGGHW+kiIypWjat/PsN0UB3mQZ4gbTHSj3wAdHPakCKbmf9KxTl+6emcZ3rxdjeUo/yk4RhpoqIYqxq0NXI2l2v+kBqwWdMOo/E3T6MZevVyxGfEXwUlkQ0r8+p/2yrqQbZ8+64YOwSaUV5YeayVb4IYSeTcSNVYUodUcHtD2n4+/wPBhO9oDSa+L0uEEecgO2s19DHjQNT6ewW5vwsJUunF4hgJ3zrVBzbxJVjC+CwTBfmDXjHsnP+wareBo0Zu3Dc3tHQtzOcpg9rx7q9wmD2LQaOPI2n+yXNYHDwXiUGhMOGyVNIFtQDKT9U+DJcQece/48GF49RCcyyyk4cDJlvjai9QFSGKmwBAJWKEDGDgWS+pQKtjO24DxMgcBvr+jciPv8ePwkittgj9UWmZj6zQbemQdDTv1FuvjJisL/TqXTPUV8JW8/2fd3caRGON3eLYiem6xAP16F62LG0nnBlfD4SThtU/4B0UsHwSMkHTuqZkP3SjESyxsPVBIP67IsKCbiO4YnKvO+Y3Kw8VYJqbppQPG6dTxj2iEes1cedBqO4okpDRSftQNaU25AwLsF9CeUweP4cbY4exieTI0iw7+qUG2TyDNOj4blm9z45uq3kJ+cQfZfV0OB5VZYk3WNLh54DF7zVaD0z0K8JfqRFhr10t7touR0JBnHhBCtiJkI5c3HYf3IhZykawzxl21p7fFkbPZYxr1J5fzZXYfmVg5w1aMieD8hh5ZVeLBdvjY8FJzLCblN+GLpd9Qtfw0Zjv24YqiC3lXUwgG/hQhXUnDwlDGULEqmMAN3DHAX45L9VmS6aC772ufjmEkt5B/djiKb1lN+oREEB0zEMeVLYfI5F/y7yw+TzwqgfqwrLJteCTfHjuYopWsQaiEMc0N24eQkLzKf7cNz8iWox6wFRRaUs67uFdzzYDx41YRi6RstOKAnjJ7RZrD1RDXN1BPDJ06fYMG4GXzE+hSHvDFBs8gJ/ElEEE6sn8FhjssxKeYGT7roiis8avlIuATfGCuAignqFNauRH3zRaB45wCFXtTmhf4atF/IGK+OeIE3dWvos9oQNf2R44G1b3DnLiGoKZ9EptYJ/HzdMhS5z1Dj1wBO89KYs+aDcs16mPTSleU3joPu2BKGdVkkGNDE/o5XIcpQhyMFS8HvyBwqSSnnXoP7HGA3BQa+S4Fhbz+Z2L+hcBNlij2ogvfUJGieOmF5kQfsmplGb+TUYLJDKMtrnSZVNxsqTevnhwfuwMbNgZzbEcK/1vjzWOeJEFM/CnJDLrLFAltaY3KMCupGoOOrSdzSe5knJ5iSeaEiOOvtoEI1CQjY24fW5Tns8WEFD0WN5kT/l/zJNp7ej/2KgmN/8ek1y9FnsRxYaI0ivcs5vKW7H2b9zQOTTT5w0N8PXMXdcK29OkjlLoF+BYYRR8fhDc8qWJ42GseufUeKc1JBZOojai9ehlI512lrNWPLM0FQCdgHK3TGcZ/CHso7/4vWTT3BclGbsOz9CIwzU8W2J938+rwtjJrjz+YDG0Dw3CO2yxiLn32c6K5RJmkdaIEopSzu/n6BBd+Kwsa0aVzZvxXMVLzw+hkVtr+0Fm9aekDyRBeoGpWAYCyB7w5PBe3zt9hWtBymlobAc3UX1uhZRQ2vrdBa6gK9LvuCN0v7QOvbBJBxe0b/5c0Fs2ZhuuQ8hjc0+/HT/cH8zaUGq0/dolNyS0Hl7ii4FCPLd+UGMPKXBnRcMIKMlbVY8eEHLE4ygyuSxmw9fj7tG2UFw24j8LVLMJS+CMGtWxPZsv0EZEVMx9wZadTRYoRb/Yp4x0RNcFXewuL5F0mv5TXaj9+B2ilC2GVqx57fvHml9gCuF7HgnPixsNHmKYkm9IHFoXJSG26kbcMlqO2QDk39bbxD05JyQnaRdLQOjFg/CiIDTEHL/CnabvkKojtmclqTOEde2kcuk36ib8oN/poqCd1WQfzz+UqYPrsQBVe3olVYDm2P8cLqOUf5wBY36vsTyJM+E2xrrYZq1TT+HPITp9wLIqu/q+BeJGPH4kU4LaqOHy+fS2/nGsLF0v3wuvYvO956QeMPJHOnxzTMFDWjq5smU7WvE2gOHWHPvxqgdVWVcyXu0uzbx0Fk0ltaKzPA/+q92fptFHrfGYmhJifBAsXBbowBy078AHXR42C7zVxuNs7Adfd3wxiTX0guUtyiJc5e9mqweNEuWmSqAfMmhODWtZOoW0MBvpjJ8uhrM7l5pz4cHIhk319q0HEknTPm/6GyLTXoplsMG6ImoZZUMNt6d+O7HZ1Yv/MkCLgrg5f+GpCXP86HcxJhw9BmvC1qizPxP1wy1xI9fTZAngrwgOEoCAzZCWpVt/jq97HonxVKr/ZpwvXFN0jr0HM6GZ8OPbp6uHeWEejufouDmQ14bMFqdH+lic2fJ+KoXw2o5igFCwXl8XL6ddYtNARzWYI69a/47vVC6j31i3/Mv83P84+Bq5QzrIy9RdMfFkKZlTEs9wyi/gW3+aHKDAwwVuRqI3fek12LSzeEwF2zmZilH0ILVGTAw20lHEmqY8c7OznwpBXPLleF/PqJKD80Gx0X3aOnwp/53CWGNUFOXL5mFrpPDuO0I2V8Tms1Szhf5GUnCPc+9IK6j83cVTMWplQqw5TgXHoVOMz1OWd5/t0a6jMex6NSZsJZj+do4PmFF/4Rghdqc2DQWIC0RhbAfttCyv/cD+6HN1BSZjo+zvGE3OvJtHVgMvRq/+GSwtnkNTObiif04bOu+bhxwVocP6jLS4cdoar2C4deE4fjWdGQNmzIL4QksbNNkTMv7ecPe1Vx1v0Oiso6RQc2OlH7d1lYqSCIyeIKtO/8LvYUW8wlEZJQuG4MV99YQmLnlqHA89l8XmYK1OnNplEyd7iq/DmXbx/LGsb3yElLFrPdX+Fxjxa+vT+LldfKwmGr2bDYTAN06w1hQstudD5zCnLGvaGAZ430J+c3SP67zhVfxUGtyIXtlUVhW9Fnlgtq48lGpry++AJnvRtH3uvN4c+tJrwaqAbLAoNpU7o4W+JCuHZ5G27yP4G/1cqA3rQjJK6C9y99OF5cDCS0lNEiXZOeyLXTj1+DrOP6mA1MntHuRHNYlHEK2yVj+HL4eKhyIj58YBCF18jD0sizrF5jS9Kvx8BvE2HsPF2AkrEB9HyONOTONeFlK6aArI0vmD9WA0/JjRB0Zjw5bheBzV+WwMgp/XyzWxHQPIY2D8fBBlVlln3Tz8UtM8BUYy1N3fGZKx1cMTzRG4e+ycDVoQP0es0AVdRU8txKoJ5UMdpTY4VjW41x5Yx4ttJPx6nZ6vBUfjEsWGLNnv9a+UHkfHyUeYZ1RxfSh8xHMMVeiAphHHS9kwW1tyb0q7IPws6k4KBhBM10bseKkiawak2H0nnfOXZzCPg/sYXiwQ9ok9wPR/eLY3EVYfubo3DC8jSXu/vD+v7duHPQBz6/MQSXeT5oob0cwurH8EfdTVA9uwvsdaSwLEiSevM+c31aMEkm2EAkyMOFQ8u5+OkMUGhMp5YLabSapCBi5HrolW6HJecXUGaMGMSnO9M1l2OwglZi6zYBMDb5gLcbWunote108GY2jY/+hqN0tcGpTItX/cwkf1qDUr99UfzAfH4SWoBTbyTT0pOdUH1Khpvq5ODWtGPo8vglGEuq0IrUYZK06GYlUydSumPEmdv1yME2mA7MmAAKiwLBZ7YZWXslQLzAKNqdnMt713xGr/srICFRjx3CD6H7xLFQeLqYNyUdpotjwqA53RKNVrbwAs1WcNliSgZtlrg2bgsGuI6GqjexfG9RCJ+4Hghfy87icoWDwMeDoH/mF/haq8eDtq34W9gI4u+asfRwD0+eu4BvanRxVmo+am3zxuRfxyitW5aXiZrB3TxRkJTdhVmen/Hzgs2wJyYc/oYtxxGpkThBr4j2ThCF1LlesHJYDPyuzSCrdSv5SMRL8v5iwjLXLMCrUpG2vy+Fp569fENpJGvet4LOnEk85dNzehUiBPpGldSx2YRsFg5yvvFauu2pyDN0LUlcUwM8lDsoapM6vDNN48OxfWzcd4eX/OdEvlc1obuqlX46VmN9xDgwaNxDtb9LcbeNMW0dWYEbZKchXmxEIeMRnJPxHMbsPMa5vzQh0UCWG7Q6qCbSGLovz6au5Om4NLWWbi2xAofoA3CqIYzbSvQh0XYJmWi7UWL6b7TRXkJrdTfTW5lhftC9DI1bv7Bj4hd+tH0qDMbuY+EtRpi5YCpkvDOljJFhnK7/C5Wu2YLwDFvqm61FER2ScOF8K8u9/02eambgWjEAzWnLeVdUI8xTDQTr8kXQUKOId+9owZIJ/8H8aT9hi9FPNlHRxdoXHWTsrIKZ940wQsAMOgTkQLnEEuKqL0LppXCQfB3IPaU2YGKVhUsCN0PCWgMoGBKjtsgRoOeuDo/imklugSB8v4bU2XMeA1aqoPvuaaywvJU27UuCB4W3OUZVH9SntcKfC69wnsRLaAMz/g9vkn9zH1ZXOOGx+DkwwsaHq5uEYdz1h3jWSg6p3BzOF0hwCY2CFn1lOpyhSTpzf9D8gQa6E6IJdRMc6JT3MXD8IooCznX0r6SIxFLz6Fj/f1wtPQurjXrpUJ86fO/ZzN4H8rH45Rc8dKKFQqP2Y17wVK5xXoT5SX7QQw/JyVQSDM2H2fF8JMDbSrpbdgieBb7mRjEJrEqcRqKujL73JfkXmUPPyB8gMmEsyhW9JMNP+iA5IpSfZDrz+cfVcKKngzvfdmHlOB3QuS3Bs5Y/xLNaRdzr9xiGisxwvd8afF38gUzm/uX52y/BQOEIeLkgHWvDJ0FyWzMcUH+LBWE7YPsKY+olfdgio0nOKt7k8AlA+LICagRtwesvp1Dqj3jcrmUBMrGD6J29EWWKlmFHyGiMHisNH51mcX2sL/loloBD7CVe9uImLYov4A3eR9h3/xiqH7jLkCQPw/kOUF02nbUiO7hSwYQ31hSy+dchaH1Si9Ul6aD8chwUh9jCnJZynGe2HmJPHibJzXn47/kUGG69BRYm/+H7y2ncZxtN1n56sOe0Naw6qwI9Dhf5cONsfLMtkKPf3cOKcwH8zGMCyAzV81kRG/hSWEjV6/5wxIcftORLMJv22UFNrRtbd4+B6SkNvG7oGu8eGgGDd6t4mvgYXueaRhE2zqhzzpEqDlex2rxYTtR8heF6GTSgoAHZa7L5z4ASfhAcwmNWcfSmMxue5nRxZdIi3nSpDZQOuOM9iUkwPauWePs8CLr2lmSe/KO3fYdwylljSpQwo+SRRHdS7diyVRSOPVkOnquvwEznEZw5dIYPiJ7iWeKL0cHWHcQuS6KN/wq8QdKwwTkdExV/k7YWkNbXMBjl00oiW3+i/LQbtH/nXsxc74GNzdow9FaOLwVsw89He1nfv4ZKXdfQdBVxWH7TCqsSR4Ki5Ha4LyUG7zxmwafKYRa+Ucj3jq7E0S9byOS1AeutCaMX0cFoscqNWw9owvHqAqwrNwZfG1d+uN2PmpStaH+YC7+f5494oAaPbhTApnBzCM8IRLULAmS4dhMrzEzi44MyPGLFAAr3nOSuJkkUGkxhrzRFuDnOjrvyNuPVWQvx4OJANqyNxJQda2BqgijvPvsP70w9Q/FeuiBjpgbHkorBv8ILk/4tovoPG1i05iP/jJmPPjLRpDSviIMvjoOcsXVQeCEIjiYchOpDKXB7ljD8Kl7P2nG6ePP2I34sGMc2/RJwN0iP17e34/2AC+h3PJUT8wsweHAqk/R8WHW6DWqCnYGuTQY30If3mv6ssMSK25dY0NDB1Sww6QcFPenhjYve06FJQ/ysTxnOR62Gd9XnsSerFI1m3kKVG7Nx1R9VSDErwaG/7ZxTaQ32lwFkzpynW6+DqeQXQ7f7c1r3bDUVp4rAw8Jr4OajA9P+tNABdTPItLKjWT8SSeO4BlT6HWO7c8HYoz+GI/ZEcOaq9Zi7XA9IdCLYF22mnj5bcps3iR44lHCW8ir2zIuk6DM/YPLHOzhf0ZjF10mDoFMCLZMIA9PGdTg7YAGEq8/Aiet0IGjgGJ9eqsy2Ysk0IUEXSnQV8W7IGVjlPopEwhjz56vzxZ8nMbvTAtK2uFLyzG5MF58AQpZpnPdrE0w6l42TVWfxucv6fENxEJ6vlKYUxYVoHzsXM3OMwONDGfvXXyCb06YU+0meW6W3gcCNa3za2h6nTTsNgq9WspaJDdySCQL56dU05sggveJUEDonS2flx6Bg9RWM/XcWPrgtJgc1RdD81gBxYqP5T8E1nvZgIkzb+ZQU9jI6zrmDe5x247cDB2ntXiGQSv8LSaZSPO5oMak2Pea4r1/wU95Ospxei1p/a+l9QB8JjRGHu4HicOh2F/UrjqDiK9YwTdOb5EMDYVdEPZed9oaGnHH8UVgR1ifMwS8/PnDw2C5qyb1EH3RkeUXdapZb/ZRbhczIapUZNT5HaLF7RyGvemnHLD9yclrOUVbvaAP/xnc1slRjHEI+jvZ08IQinKjqpKFL0XyxRBrW8nneExbE/g6NoH71AnaNnIvjY6JYdJwlHKuYhBUqmdR99Q4uejDEQaGOLNsViXtuvUOD9SfwYehMXp+vAf5T/Wi3bRht098ATo7DMOVqNj11SwKquwOXhjPhtEI6R/4VgG8pLTiq9SMPdMrhC+HH4L9CANxv3IO+n8qkmr0dIi41kufDCbBJ8jOoaBRyZuc98D86HjMmiRDuP4iS1kPo/H4TKRad4dczLOHneTlUr5nKyRN0QHeggUVCt4C46kg4NioVjZafRanwJgjSBKiz3EDyjydwcP9TWDNXA0Jvt8D6iO0sGI3QtmIAd77ZwNKZMqAuPgs/FkXjkNhxLstYgW+MrpCcYAGGjd1GwybGcMngEOZ7i4D+iy9Ieia8PzELtzcrQGXGb0g/XwJfLl5iuagIkChbhm8/jYb9O97SPeMLYGL/AZJETtIwt8HhVmP6YRzIbXtceIPsDiqzJ6g4a8KHdcr4bo8Fl+7R4/ejjqFfYRulFJnx9uQkfOIcz3MyBEFbug93GG1ngavmLD9cCDOgAnon7ABhCV2wfNpKP/f28tWJk2HJ28OQO7aaf7SK4bdxm6l1ykzSd2kDucYY3hZyiAbk2ujqL0F4cCibJr7cje/yI8m/8jiWBVvSfTvCkmdLUM/jNaLaPFqSPxHGCChA8Bw9XPZBmj7ai7Kz0HLInlALIYoxuHPqPNrruxeCx9tA3M/FHB++Fw43V0Py2UY2HDUWK//8R3rHjVhTJ4rNBCZxgSTCgq6d5Lf2Ke13lgKfBl2QnWjJrg7i4C2XAtbOZfCSp+KjAm2wvGiJOxYChrh9pPrO7WSTdYN3/YvBeZcf4K+ACjQ20ic3HyuAf2NAx2Akv9K9DAouoXD0RQVefPIHze870swwCTAu+Inb/ghDyqWlfCx9Dm2bvQiju4TgWIEKar3ahudb9uKXM4ZwdtlkPuqiCcOzr/OQvSUGr0tG+loK+v79qHQ0g1ty1dDzv1Xg058AN16MAAnjRJiZ+RCeb5oBX7cnIbQ4gOuHcEr26gPNPY84fF4hfRmShplO+/h+ahgNjfiHoh1tbHDRlp7efo0bEzNIe403vA9W4XwvawgbCZRauQWWv1SinhI9kBM8CeMuvuTeXVbEjU/xYIskb1xgC4Nbh3HlVHlc79tIK/bY06XNZwlTf7BJpA9sLRliSwdN1i6YCAueH4E/npPoXlYhCradBH31lRhtIARK07aCWoo2OWVGgPw4AzDbkEy5o6/ilUOuHL8mk7ZINuHNZm9WsBpNb1QNScahDv5FqgPL5HCJ7kNaWvWZds9Kx2lXf/IPm//QIDYdI978h7vmJ2PgVC1Yd88LvDSjqKdOHrytXTDo5x3+c+YaWW3ShX2LBLBghhQcvTEVNLLbeUCrA+fNFaRtaSakYyFNv5MV+cahjaT3OpU2jiznD6Um8HL3Okp1+4yqXqJ4JfQZXLr6Hzc5bodH4T544ZYHBoZ/QKX1RlAa9BffP31FMvd/0ISHX9CzoJKrKgTpcHEn3c9KBcNNQ9DVIAnNz7vQcV8aLHLdzyscREknXxlOmNdjsrU3jV71Hl8rp/DPzpEQXFtLO8iC4maksFTbLmw7sRCbUnbQH5EjVOR/C9ekaoDSCmMYvdWeju+J5f3J4jw57iVcP1GK8S8U4KT6ORy3Ppu6R/yDtaLCYPfvHxRW6JHvNGWwOWoBm7cb0g8hVbTM72KV+d/JxucDLfQVgt0XHUDhzGTY6SsA4Vm6IBBfA9OOv6HNAvvpx1cvTl5thPdcdSFtWjagQgacOPKdGlTFSbN/CUceZ1riO0ynppdCrI47tZUYgl7LeK6JFAQNW1usmCQPO/I2wU33KlzrqcRbx9pC9egWNi+VhVmjNoDA1SwSXXsM6xNb6aiiFsy8ascnDobAsoCJ0Fl6FPK/SUHRuGA8Nv482xmbwnLvPNbL+QqJTYf5vWM9xYuJ8ff3glD3XQbmju7Ff27/UGjbeXZXeU1OMy3h/TMZ1JueS0FWt9GuPB1zd1jACXlRrOu/iz3S9Wzr5EeVpUtgR8B1UhcU462lrmC9Tpqf2TIcDPqFMfflARd64uabVtByppVS1miwtOIaqs2wwfD2PDwyURbubI+HzVazMDfsIygXXeTH976QDr+FcyxCSmVtZF85gW7vkYOrhUUg5q1FGhM2gkr+N9i88TNHSCphhftSXvr0Jz8NOoHrh0XAybGPx3V74+boJtIWewpfxf4RLcuFYkcnshvjSzp+QphWIwI7tvZyXO4HjJ38BN0StoCewnh8IF7Bu39kUb+PCTbHSICs0mgYujgN+363oVunJz5LuQb50XNIdelOOhcsxqvjhECnYBXa7BaAbacvkq/Gd7K7f5inlNvDJoMJvOWsJo8WUcaJodI0yakTdn4yg8Ui9/h4eCu9O7eRi1QOorJtM4wITufq73G8qmoUZ5QC6/dZwSy8BbrjxXnaXWNQnbaVztUOglDJeiqNMcOMtDae/SkLz142hndK2yl23Vg6ubuE6bs71JTfYfXf6vRmUBhOfr4MSv7quNhUDHIl5GH4sCVGojLVe+nRolkq2BIyAve0zwWf8giIuvIU5zqpwoXSp+iR20xllz7SfAENeP5XkXqVimmyvAuVpOlQyrt/8GL1KHByrOGe4WoyMfNHmTmPIVprFr5KfEfgcp9+z1KDrDgj2nVaDcY5rmXr8Evw36t1OPXKTLbcLslpk3UxaZw4Ourcw8KkfTS9eAS4FNfRi2vfcFHDJvIJfwajFW9QsMc27PumhPEp1Ti/9xZNuzIJ7vuH8dLfa6jcnTk96wf8GmlJr1Ir8UvONf7eFwEz3O5DqJ00qL3fg/uSbWmu9DysD2hDI3yDcs/C8egledxq+45GLasgV3GAuG43vqW0GLPHnyG6eY3FIvQgMLALLig6c8wbJT56zYIEXaRhvoYQlfhL0+JN3zDEah5s+HeKK+UsaGLCN5g69xiE82x4Y64IwwcH2FpjmLbVR4P4pQMUt2oStsi8xS0NH+hn10ZOPr0S6womQqzzKXDuF+RF5zdCxPctaJWwA5fsuY85+TshbF8i7qrcTS0rx0Fj/SfSEC6gfOePVCRWi2pTrmLg1qkkc2gOn1sRAErJZzG11QjGqc2EvWKLMSffD7v0J/Dsp1NoXcQ4WvNgKggdLqOw8fF0IlAWHKMz8O3Uizg3wpZuRmQgrrnNO01rcPlye3i75zc8ypoNcrIWkCRxjT5rZ8KiM9X4oV0ALo3X5Z3X36OviAnsfV8PuecjYEGDCbzwr+L92WpwdsV4jhowxcsVGug+aiZcWnSPk7XOUmHLYe4cMIU9u0QgTcaGvKZL4ZoNN9FDX4S+9u3Bm3k+1CS4jE8onsKz7SKQXh+N66q/gmezEsvHmZOE+wpK+/yCzD+exc8GUdio+BNjRQmeCCpxYUoUvrLKxN77+7GMw2DKg3ysi3GBjVJfMe/LQ1gbqAF37F5hl/UQ7BAa5J04CWCZFN++0okx9U3UO3Afo9qGWXehBFwas4Rr9G/SuPkPMTohj/3y22jlyheY6XKDQ39txmcKm6AyRwvkPl6AXJdceqT9HZdrfOCC076gO96Ob6muJOPYZlzl6E8tLAWzI56hdu5NkNaqI0v/K3zuw1H4dlWeflp9wtkSzfhjah+emCQGzkXRJHomn8xdO2H6oeUoXzcJtNMNcHe2FBV3X0SvtAP4KkMKfm3aAfOuH6ThJ1/Rcu9X/nJnNc++oQbx9qYcZ9eLG1bYg4mlHuyJD+O/IW94X8xhGPq8F5yiH+BFe292u34K5hsHQmQkw8vRsrDzyRv0vNOJmxxkQWviEXz98AgtuauOrPoQt3WV8EtDe5x70hympAXBf/kxvDp6MjjOuYs+z8Qp66YlfpD05Pp6Z7q7Qg6iy7Xh8jx1bP6VxdEdjWDzLptjb9fT8kWbuGLUFD5g7UGOUiXYcVof9o714wyzHu5//4gMzE1AP2oMyypc5rQ95riudw+3rFSHUYbWcE4iEPxr48g/1pcn79tFxVvGs/z1O7z0tgTHZlaz6aibAF0jQbd/IX2eeRR+hhfg5Rp3cFjZAF9UP/IpgRt4tWEq19qHwNzZclB72p+XzLpG7TMy8N7WLjqt7IlV+6x491JjUvB+w0//euDS17bgIXiDB//9oVFV4vR1bhB/NmiElYrd3K73A0a6WdDzfe9ZcoQh+KfqYqKQGWWMv8/m84Jx8QsjdC5XY5ff+iSyUh72u1xAz6BxYBHdAZkRObBReRP/89hHixPUyWW3BJroVtAuqT5YJH2Sn8zQAzIUomKrTl46NJ0rxnvRbssAPt/nRmIXfpDzBGEOTq7Gly4y0BT+jFSUvUnC+g/gKj+cvHKAI+XaYeMSEfC9bcI7BtxIYoc+vPrvLkZ8nkFiv6fyuOB03JeQSoNPi2CLthHdGXsRI3/LssNya5DU/4lWphuxwHwF37+yFsqdw9kldgf/Mz/Fiz4soyfrbOFgiwysUlzAPkI6eNutDfcNjuQGD126PrYTVZyH4fLCXohYvxuqFbQhuaydy0RzcGJaE6VmnMbz+qIQ4ZmAHxZVoc1/u7i6bBnOliVovn+G+qSP8k71pzDjUhJcPVtJA2mfuVl9Hft+TOQSr6MQa2gBbqey4R8nU9OcV+jX9hbnzDPBhQE5WCmiDxNuLec7nXs4XEYZVt2dxN2Dr2HqqddUqv6e53TP5wHJ7WT/IBtOu98EO9uLYJciCYc+puP8mcJ0eMdYaBI4hC4zD9KSbV8w/IY1TF8/H1V3LGD7v5JwoHY+fznyAOUPb6EelUQ+vuIrGT0oxcQN2iAq1wi3KxeDWqwA/PoZB3vlJXHeG8RNYw04s1SNk1KL2H/6ODyaFYXeInIcnqEMVd1JqJP4gaSVNdBGMY0DB1fjy5lP8O8SHchdMYHvZM0j/1sT4aRAAB9ziuLwV5JwRPAdZ1zQ5OwZq8lebR/UXnqMySH3yC9mDCw9HIeb3u6h5pBYLreTQwGZ8eBi9h43JadzoOVDDqgJhvzROjB7eJDODdhzcVwJvP+nTBvN+mikcygsUPkHDereJO+ahDpWACNr43HBs2rauq0N6MAITguKpszfwuzlsB4eL73MxZdtSee0IIQm2bHLjhTc99QIFz1Qg5JCAa6JuwzKftG0zKMOJePk4fdxTbg8/xdoNxLALnEuyGkHY6196FWlQ3m9vVz+PYDPBY3koKsKIGG2hovVCunGA1HqfHoSJxw6zJEXXXnH7Wj8WFRIj6f/A7EjgvBbIwG1TBPI6N0JMgj9xm9uipNE7WTeZRZEBtU1vNBeiWdXGsAKdSlMmKIIVTZ2rL48lf7Z1vLGsNccUZsNusZhVFhRx4s7TGHXsCIoli6kiZwAPy68gBdp4XTyjj9IqPnQz9P56OH1CDDaDOZ79cPWiuVotd8Ns5LHwO8bBpiJpbw/5xtNzpGhwZqFyFdUoc0qEq5GZLBaYyF0LzuDjw6OxF+XBmGRni/OGz0f4j4mgsWwOqwKHQ/yO6OwJFkVsFIW/5ohH54/HU98XEtaJbX4VX6QBA1M4a17Nqf5vacbNoZcsEIG0UGOxGrS4O9iJ1R6NJd8KlN54085GJkhD5rWT0it/TZ7jtkDimL1PH1lGQ12qUJXkyi1G3awX4wSvOpOYNWmT7zVB8FuhRbvEbgB7psccHzIBOrwqOFQVTFo+iYBBb3T4EptMcQUFbBubiutXTGGbvfux5mP57FT8iW+7GSLBV8Qtk6ejOOmv8B3HbqwYnocjr5zEc2WBuGty8Nwa911CDkiD6fzpeH59i5cpCvGiQ/ncXznYU6KbyeHpeJ8NGwKDO8dhuz2RJ730QjW3F8Pz0UNscY2lC98SufQh5pcm848uPEg+EVZ0BlzG2g8YwvuYorQtKQShm5Pwu8F7+Gx5HJWMVUi96Bi3PzqLWebTaPdGarg4ucJaacN0bjZDw6nz+a5cd9xskg2dszU5k8PwvnYvs8MAeZwo2wS4DJD6J0eyDLJjrzv2DC4atWSDwhybP9l9ueleOv3SJA/ow/m5V7seE2Qjl9fzCswGYcWu3Ff43uofR/Cnbmj8YSEITQeug9rN6SjV0AYXQlywl/ujvzNf4gfiU0lI6fZJJxkxGcMFGHx/hNo8uoif+9z5xvT6/DAkXyc+MePsw8Wcuz+HtR7oATriixByqoGNybfJMPT1nT8xWIMNQ/giqI7NJoroToonRavdeL6lSaw4lscF2qfIofGOzB/82WOuL8KX22YAG2LffiO7AS+LGsFqfZT4GD8fjhyzxYzblTTKp/XFOM+E+85TIIHucto/uaTaGdchDtvy4BKx1FI6trJz05cpyOJP6hw0W5sX7QVTEtXwavQfkiSl4YIp8nw6f05dLHIpJ4NgL+G2/CZ+VU40zuXYG4dDu0P5gm2r7FspCHU7g7AveKmPGmkM25RKMVE5QTyTUnEQ961LG4E7CnSxmVxyrDP9hAJ7/CjdaLILkra4L/dhvZuuUQ7XyzEtT5H+aQkcLCyMFQUKIK7kzcPX0jiXvENGDuzmIPfEhS2XeGh55FgKS+AqyIBLIanwJutD3HN3jAKyCumhL3+3NquwYWaC7DpnQQNTglhh0/m8ObbDeIwOzwoEYvHzk+G4ccx9EynB+OWjQbLX6txqWsjLy0UhA3RReQ28hHFFCSzQORFinpwCPLCtGni7BdcI12BeYof6d1VfRAKXkc49yBuUSvjWeeLQW/oAGpNlIfmzhLskk5g853Z5O1gDo4pUlQ85yXx4U74oW4NDw/OxLN51RT76CUHRC9lKvgDYWtsYaZKHL787yUKeEyFJRwCyZnyKDdvGR10dOGVx+bCIlV7cujTgvWN9/B2yw961zCaZ6Uok0phK026IYyK6x/Qa5ezcD8ym9sSVOBn+h7c6l9Km313waVFBRi4xBqt4QvGuKaDeVEZxGmp4Oc6cxCe6039bTtZ3GMfzVLaynlqUfD27AD89+UjSr0t47eqvbx/vzW8j2gAq1lhKKpnQbFb90PkvFDa1bSXGurH0lKQxRfbr8M0Z2NIOdEKKWu34ZjjrjT5Zw21q1UzSEdxrEki6mf5ssK7p+wtIQ5Ggbq8/rAmNtw7w/uC1PFRVRc+8u5EwxHF9FhkDkZSM7rYacOomBbKexzLI+SR7Pek8Mi0IbR2vYlSzQK0dkwKT9cJpqMxU+G+vB4EF54HuaBi2rq2GpM/mLOox1MWHSXIL+aJoU+pEpzcqQuSBbmwpKSIIhukoKVsmHa9E4TdpfX4X8N6dq6Swt6pAZShNAmkM0vgzi1LSLFDLhbu4MHuM3xdx4ilxTO584A2r0pohUK58eDzdwZN+b4bLW7PYqGN/3DsmgS6G6wOpy0206d1pth0YBzEaY2Eh4EE203bWHP0Km6oacXOfFcWvfUCS736aWvxVmq4+YDb41Uh+7ATPdhxFPL++woBLEmnnteyFpbDifFDeHx5GfrXCcG5tjFgZqmKK1VSYcbVWPac853j5Eqh9eEw+ssexydmN1DQz4xLXcfAubx4xj3p9Ml/FeqV6vKx1iUssCUUTm1sxTU1ceyr8QdGXlIAw1OdGCW3GzfuX8cvGj+S9xkD3rmvlyRULDFz1QPYZq/MgxZKYCPuyw6KtTgjPgvXOV3BvEc+4HbBFjUnl2CtsATPaz2IXxUtIDG6B4pH/CSde+fxSqo/vsgV50CNYKxIt8I78l9AvXE1/H4uAZKOMWCs+46zq2Kho9IY6o4MgvK7EkjMmM7FD5tR4fQ/VL2jD5MfvuJJn7aRxsSHBKq2MKm5hj4uXoJ3BR5gUewrGLX3I8mcnAz227+huns+CAZpoGdOEHl/E0CfXY1oGKMEAu7LKXJ4Lg6+lAGpHmmO6Esjw4h0cBtyRGv3Pdz2/Q9eMCoh/U+RFFY3iMF/R0L5bR++2OAEs34LwwQBLWp91w4Gay9ApPkpLBVaycv9j1J+qgq8UPxCT1t8qO1SP/V634Tx72u422M7nElNRAmdeJjpZw4n2uUhNsMdBh8RiPXJ0YvKKPpqmMb/KT7ACXlvQHFYGu6qd+DYWzawxQUx/m0mSDlLY3uxLBnceAR5JTvJKGQ8t8wSQ5E97iSeoAR1Pj6s2P4eMoXleOruSDbNzESHWYmcUHeFYmbIYLiDA0p/1oHE/QHocsgXX1TkkfwHN7zfbAv5Aza8QDCQLi9W4J/Ob3l/pSq8cnMjx+tePNAzgUzrjmBk5zz+YZfLqfnmcOp6JjrYx2GLogAgpMPYa59Q0q6OQuZ/prnPnkNZjyS0wgKulLSjDV1pWHfHBDyqfoPcuVjuUF9JA2/74c/UaRDQJsapr57hZKMdJLs5DfIzp0BPzzrWu6XDLy6LwU1LdV7QOALg+D9asUuWM+ctR8U9J7CtXx4W9o/A3sciEHJTFnxDrrGxtQk8d7fgvMGLuGDsAu6ek43/PhkDzLRDBQknyuhaRaorKlkkcCyIFyvA9TsedM05DE4JzIGjAppwxkqGBP7+5VztU1iPyvT31nESbvOA6p/hvKm3iw19TeHmfXHQeFALvkXz+XG7MmyVQk4Y+kOavZdQw24AL65qhRjrm+xhZQB+EzNwve1TGNWuRu+jTMnbXRwr83ppiewOGq1fzyl38tHH2gy2nFGB/tDNLKL4A6+tleS2T9/R+bw2n4g3xo/vqnhp/yGysZgCzjGF6Ld3PCy/M4Iaz2ris4THOKYwGX9uesaHRubzf+ldcMTXCg6td2AViSZ4GGMOopkXMPu9M13IXE9BBX+xaNlBkksJRYpn0AwP5BkvfjOc/kC+E8+R0Ig+7v0TwkZaH3iqEnCqyF0oCVSDvn+JON4mArdM+MXqR5sgod8DZh07ymPsHrBjSxrPnrUKD06WgFU/JoLqxL18r/A2ibWJg5PgK1JxOwLCq2dAYoU+nphGPFZ2FGQNraKqmSfhXrclnDsQTtPb5EBggggf942A2UrLYPZ2afaYPhHCCpLwSHcBCAUloam/J3dek2QDI2VuLUul6IKd1LZyBlqvFoHaYn8cVTeWXxrOhJuqi3FNwlNqCfHGyMlJVOT7AZ70X4TjH5XB699rPHlRHJU0ZtPdi2ZwfVcRCkxwwPdL1oHOIXV8MPow43VV8KGlINxqjnlXg7FyuQjYJuuAi8MIjp/ZAqfPjaUn1wpgyQCDbI4yNhn5Ao06CpP8c/FnRCqIgglWXljAj16fRXhdTbdXCMJh8SWQc2Unl/tngFVVET8KMGffn9/466azJBSTxTQ0Hp2krKE1/zJkbTCiwYHt4FpTivp90TR/32+adUKWL+66gyd5Hr74OQaah1OwNRIhUWUdHCvuYc2Pj7gvdho+/HoQ3YzdaFzPUljYaA5Ga/Zik5Ai/1q4kLVMNlH3jWmQO2sj7pt9lOuv5kJqwkM6KKcASec3cZDCedy1wIpjn3nRup6jMKatl5S+Z0LzDCK5a59xoEwUHi38iC81V/L0vSYQ8W0v/xk6iqHxLvwpxIKyWn6De3kFlW7WBNv+g9TduRcdZu2ha/O0aW5GOzc3TcWnFqHoukwQtrpdgbTTU2B9jzaJozLVjI2GOYfusOPcTLBRWcQ2i55jtb8UXDYxw86LlmBxeT5vDMyC54e7+XXXE2j0mYNnF7VjmMMuzJNtome7/mLkLyNQUK9Cs9XiePqDEln3/wa3112kF7ibCldo0fE4UbaT8QcpLx3wiLcDg+vrcLy/Gq1QfMo/8nxh6TUFaC+VpaDfD9lRWYFajQTB/l0mm9ZU0YGZs1Bc4w6tvmBDlnmDFCaogae2+vIO8Ue8t2MCDJ/JpxuRPmCpZkWtzcn80CeAanZ9gQeiq/B7gR/6lifBtnOmkN/4AAxtj/GvnBBwkZ7AKkcO00NZeRpQ7Yd05Zc8K0QYAqfawPI97/iJdxcE9+7Cp/VNVPR4AJ4bjkWX6eXcPJBKlRWHoL5MB3RVGdOnGMCe7QEULaGFohcec4ljMuDjCP5yKo7ffNtLl3+ag6RTGzVJ2eGi8H94Jioe1+77CYUP3lPj6pn4aZI0Fk1zRZFkM+gr3o0zDRtp54NO6irwhf/2zsS6q1WUo3aMLTv+AjcqEnjIwZXGMdCdeAQSBd/C6KXn4PCRKjQ6Gg3NMVL00vAkrPR4BIeEpwI8S+HDxY3kcuIuVL2Xo8BEO9yYNg1GHLMgWSs9zj9wDUoc9SDNJwHuPT0IN761w7CDF53NPEGB1Zt5rPsPtkxdioWDbzDoqSHMsDuHd4b1MPuxMD7tPgGq+22QvXzBRvM75r01Qpd9o7BfXRvS3PXp2d8gLFt8jRsiPKBZOwHtnzzgnbfEcY0V4qlY5C2zNaElxpWuzV7Kdw6nUIxEN60WOU97nm7FLQmryXemAlj2xbFMkjUU+bbh2TNF8PVWGwT3H4Edun/Z9fBT9EyzoR9B5vi9Ko7NurQh+tU4tjeP5msdOdz2SIPF1hmS6I2d/OunM6ysccbyix2kG2UMGycZUJNnOWjY7WOLDb/R7dhODvIQogvF9aC92op2xLpD2j9D2KK/BbNyZEhTLRntJE9jxI9L7Gm2kXO6ktjzhQisf9cJFtmG8EhOFAyCPOHY3hu8ckYphriG8ppZbhxbWk4OwzMgzvovDUobwI1v++jepRTssO0DQa8zOEnpOVnuq4Jkg174N7wHX5j34UJfVbg81QNHS+oTlAfygL8j5+Qk8cK8J1zfV8Id8Ye5Jns7j3CfAntXXsWVr9O5ojMJ380VwAMWlti4ewacy43CmNAsvnVgEn/4aARLO0xYstkWRzst596hM7zvuhvlBkxHJa3D+DnLGkqODcMSPQPQ7chC+1f+6FC4ga8cvsqvQkvB4sZ3Ps5lfOTJRHjn9RIanpmBW813enKrkjO0nFH3TDrmebrxzd7zoDgzkvbUTAePNdP4pZAZTM5/yGVOj9HhewNPPJKM3lmitH/cenZaY4hVTd3M56tZY64+XHWdx3uWmECJkDZclKqnVV+uYbHOVohL+wGSQvF4VXAVyf4ygMFYd6jYp8NG8t/piEUIHJc5hOuSnkPk2wacsG4VNJ09CX/vjwSvwiRQaLXF9uI2GDdURrMwCrvuJ8CM0Cgykmxn161SeHZgEpTSSRS4cp+fP5CBr/WRMP+qB4hoBoI/7MctzcLc29pG/aoa8E22HkU6Qjm7JgT2rfmLuraKOLIjgRRHjsVlv6fz49mz0WWzCbz+H3H3oQiEogYA+B9WtszMSGZGyoispKFQURHtQ9rJSqQiQlGRjBailLRRKhpS0VKhFApFikKJNO5j3Cf5tN/RrsYg9rhcQL/z40nq8Sv6a+0AEY/28tbgMxg8vQx6rLQg8ow15Mu9gi+1dWwl2Qa6WelwxEuAe1achV1a6lza7YhZ6ZZw/Lg+Fsulwbpz23BCbBRfzo1g8MlGrbpc8HsvAZ+eHsfaGZPgzYI7ZBH2F/QytUnmyhsuNZPi+nZPXKgaQnp2ATCzRYTe5AuB5KrtbPm0nCdtreY5PRNJ1K2Fv0SPwqKoazBpKpJe6SCVKqqDqc0wmXTpwcrvzpgkJs71ITZYfeIwjh8Vxx/Xv+PPxtlYpmEFOsalUCqvBPYbl4HQpn7Qdu/l+ik34H1LMfRZlXFqwVoM1TaEvpxZnOrykXIWiULWtA/o0tlE3WemAzn8wEBnK5i8sBG1Ba1gO7XAVcHz1NdxGwIfBqNqyz96ULOAIp2P0BiZRBDIKSVdv3EwcMIOJVcU8qmzydD84TuM8HlO+976Ep/zwLaICNjzI4Jrr6qAkq8v9yz5COW7dtOmADM2fTqG1G/dh9GOalxkG4vrTvaSbpsabMuLhSse2Zz3ZA/pSo6n23ZB8G3/eU4IuUkvQ3vA0UYedjlKws9ceZ4b+B9dq7KD9BkvyTtbAJo/jIPt27fiS+kmsE86gl431MBVbTRe2fMK/uJNGJq4lQLeGlDoHRuaXZUL3645kfCtU6DpJwI9X1+jg98HNC6awM2nRDntvSOKGQVgnq8IaraaUayrD8eeM4eX5I1raRxXUi4eJkVUaHhLsxqluShGCPoO3MFNvzLgY9sI+KYpyq/ynuHW3OU4LquVe3+fZcfucLpyq53W5shy66ggspQQhFaLGSAz7RF+GzqGH3f/ggOrL5P1+0/47106ee78RL/vq7PGicmw52szKv0VJBtjW4CmVn6a/YpbbvuTwxgpCG6+AocP3sRZMfIw87gc+XYVokSJPWl39mDum//41ok6vjT7A5zYkMvNp0rgR9x4EPy7AkQq8+nhsVf87OJ00lZ/TWsUx0LVv1QeGXINT/TOY+8QhsHrtXi24wnHhu1jG5NHEJFrwHHxmWw9MhGjyoK4/80uejZBAZKy5+EcldNkNWsNLC+7TR+S5dF43kHMvbYZJJN60GPJJErTlwKjz9fwV/xnrixI5Jv9E2i2yVk6t/YGmonbM1q/YYt9D3FTlQAovlBmL7NW/uMlDMMd3bQkezX4ux2GgK1VNNPFnt3nWsHycdqQe/4s1Y/UpFXRluR45AukoQBkfV4DEr8F6UbYOS6ut0JnXQ1we3eZZq7LZplXldQT9orDFb3orM9lxPABHHNvAo3f6I//nA3ggLsvnZOtIP1/QaB2TRA+tm0BQdfjXHvTAPqKFPmiqhZ1HTaGorph0l26imOHJkK76Ava0WLKMuRH108ugTN27qSzthoXC8hCGouwi+JEcF9RAUIZS2Dy5kuQ//QJhSfr0ojWldC47DMPzZeF7xsugrNxGGZXbOTGoXiKWFULbivC0GtHEx0vKeXZes9IZKceZH8ifFcRhlIRO+hUYz36ririA7KZNMmmDfeWCOGIV3PJYLUuTFoxCn4413KBURMZLlyAkjvzueGMOgtF9eKapAMwsSmCHm+Rg5DTl/DD9zoQmO9B0T0u9FewHgp0omj34GOMb3pMP7UM+ZKGMcy6UQSXtb35YOoicsttBRDto6nq/RCyR5cbHzhjsu9iNh6lAe/GbITVRh9QavAxCjxLZtf49+BXakuqblOR/IZZI0eF12crgInxPmg29KSkl/pgNv8UHdqXwb+nzIKPu1fCk0wliC07QFcabcDQwwrP+h2giCJX6jwjxw/vSfC0+cHUqk801bSLul+OxnkiuuDX2gF3H2qgg7QFz5yZD1I5h6g9zh3nHq7Djo32tCrSDcaZWoCB0FYckjTG+cLHoPdDPsw16MHvz3fzmPhU1k3ahZs+vOclWnagUT6EfSvNwPiCHe95d5fL1/SxwchlkFkWh/UN1ZBYdom9Kq3gzH1L+rSlmiw+C7BrwT+8a3eI/cT+0CSNKtoUMwVXRsfh+HI9OH+jF2T+WFJGymGcvV+UnW59x7A7F1EiYybOqTuMf7vKYdFWaZDcVkhH45thiqE/zLRbCd9at+K2NQkUHO4JG42KYfXKaFRPlgZTq2TorCjmN5tceJfxAtr+7i7ngw8EpjnyuaFpvGz/Jrh8wQ4KmvLI81gR3V+rBrPTPtO5cQ/57oVcWrgpC6U6KtHfNoEe7hWBPwNHcM/4Vrz4dwtae+ui+cEDnPVDhJeW+MOTf8fp4BVxSGuXhXT1Kn65fScsvf8Hy699pC6ezDp1ZfQk+Ac/d9cBM/EYbLAxAgdRSRy+8A7046JopsIRzopsBPnoRDafp8VjVl6GCXK/KSVQDUr8fvPUr6J4v06RpqTK4dSTa2B0/UqoLSHsc1gM8QtuY8UlU2j53UVyE7wo0ccG2g49R4WLPqCWr465mn7Q/f4SbXKTxg4ZMTjyr4f9hWLR4I05qWyqJutbLlzwtQqWVn6AKzc8sPttKS+O0YL6zZe5ov8Slgxfpe/3l4PqvTOgXajK18f109eZmXC/P4Xhozos/jyGshMm8tMoL67ok+NhtV8kFtlO65S+kon9FEyYcQQiwi2gOmM2D5mXs+awJ1tnarPoSAWMO+4FAYINvOx8BE+0+Qj71e3A+ZQL+efko5XmbSyU3IsbM61R6sYhHrfnJ84/PZ+8/AdpoYMVXGj/iWox40nhSyoOX2Y6d98HcrV3kMazZAj0HuA9L/tI85kFbG6rxBP3vHBUZwda9wZhfEcv7+n4j75kr+TZt4po9d3fNOmWNFiFOdFU6+ewzGEt+/YsBJn1hth4pwAPHqjAsjBhCp9gBHMnmIK56m7YuVYXHrrGg0qbIOWWTCVxEx8QqxhJ9RJ38HiAHxdMV4U93w7x06ROnmSQicM/NuOD/fH090oEpq/9CDLb79MmJWNa6z4J1BPmgFDoDtA6lQKLndqw9cFqcllXAqI+Sqx6U4bP9o2DlRtNYMOXZ6hkXYSr6qsh4uFYcj80k9MiFlH64UnoZmwEXdfSebruKLj2rBsbu9eyv3U8jhXIRbUWJ/yvThvOWqeiVNMcGv/fDz5pNQEOhefAiqSTtKBjB86eGcFvXorA4aKt+Ch1HD58KwsWI5ygvBhgYOQ2HCiqIqNZ7VD64gN0/afPW2Nu4w2bBGqZchulOw7QCx8BsOtowVGL7Ph4QCPrvo6nzWbbeFjqHRemWPGnRB0iU1OQO24OGteicOZhEaiYeQZcS6LwrZAuawumsOyMCZDhvBzWXp/JR10VITLZjt0PGqKMojEJXujDR6O8QcR0Be3PTEK/v+EY5zLI7gd14Zy+IKtf8cQLd+XxuP5VcCxvw+BvP3nG+Z/k4+AJ710+0MFZCnD00xHe4FNNW5YkompvGk8QeE1auRl4e7wzW69Og7KZg3jWfQJ8LxdlD4VSbHG5BaYZIiQw6R0lRG7Ff5oO2LSjEA6b/uagLl1QvnOG27w86KN3I9WvMwfdpRPI4lgprdv9DPVctsO7t8FgO8MSRGekYWT2P9o09yV3pnrS6AVvUCttMcU6IF40bOOmLhOezgR37uTwb3VdyJ8RS/3djXz2pw3vb17KD59N4wJ9MTp9Pgqv3TWCo5Uz4F2rH22vCqfpgWrw980nfL9Xm/uzz/DcVUFw6/hCqAmXg4OPN5LnhI08umYxBuxaCR9mB+Balf28M1wLk7cMoMkvTzhhZQrCqXt4b4YLzvd8B6V9u8Ey7AGGu5+gljXXeORmPb5vr4Kh4+zgsdwauHHEEJXFv8O4gS8kJLObr349jftwAAOeF2POnnwku8nwpEKBwxI30FRpTda7o4U/euaxts4D/H70P1qso8I6afH8Pk8GKh79xwfvSPCFS6G8glyo0v8XmH6VBYVTQDxahKdk97CFugL0bL9K0gt3gOHeF3g+yhMfHE2Bqt75sOywLWbHRHPsfwkweaEg7OxHmj49FYXvx1H+j1H4a2407k7eyA4H5SH3YgROH72Nf6mNgSLBKFA678tXLUt57hF9popeuDZGnxYKaMAzhWHUlBzNK4WkoHLyJlC7sAZGQj+VzB6kd1cdUX1xJb9PU6aY3a20detP0DphAzthFRz9sJZ3xDkgvyjk9EnysFVDEEpTp/PxYmVoMvAGi2nGcL6tFI5uGsmnSn/hzRDGew5xGPnXEFzSprLB2CMws3ou3TguDNZ+UzB1sRf6WL/lkAopTvi4EWIPG5JejxF+7Q2k/i/noG77RLgZrskqo0fS580x/HjlPap9Zg6bqh/CtqZ95JhYB36LYmB01SR4zlfhwi9RTG56QEuDI2H1+Coq2CJDh3/vBpvcfvqzUwe9q43hsNQpNFxkyDr7rOFAXgD/WoU8YOqBL9KKuDDejcPKRpO9kSao6PRCkZc0zZlRjnvv3qf8B5q0fVYj2nsnUsqKJdA/xRS/GJjCLdMgSFZ6Dn0Di/CHwH12XXieFdeOxAFNGxQc1oYeOUGYuVkeFpXd46VzJtGy5MXQ1raQ588+wW4lg7SbHanNbQvbT4rjaYGaEGSpRREPbvCaSDk849lGJ2LccX+pJ7cuG4+7b87l1EgxuNZgAQdGzSGK8aU2eykWFrWi3Zf0uWnaQlp/6SKNmt1JjhkKsPaTAYze9wqyD93hA8J7QNyhj07qHcLjZS1k0CSLYfVj8Ed2FJvqa0GOWy9dC9GlyaXj0WDZOQpVW4dJkSFQEHUM6wMteJRQK/y8YgKxxlswekI/DTaNQAvjOPr6z4lPfgnjphonrjl8HQeCwrimTReaZQ3hdvpJdvkVSP8lKJJWlhP5TGuHF79P0ZTjKjj7eAPfXmQPM2X/wB8XFZjSfhT+xGyBJ8cV0NPgHNw6a8yaKW58a8ZV9lDWh779IzjHvw2nr3lMr29LgNjSPGoyiIAvWk8gZ8xXuqYhTP6OuqA+9x+7XrWjd8si2CIkgiy7o/GJwA8UGGXCPm5y7JX9Hie1qsKIZ9uwT6SKizwO4bJz8dBbdxdz7DazxpUXzKPjceHwGzo9heCk90aoam8lq4hqOjv6EWxZFEULf7eCt9gzjrr4gf8aSoJ1jSjsUx7F+kOHIUAcBBZ+7qKmLddYzCKIdgisBKeoTswznA37NUaDluwKrlx3A9LW+4PEob0odl0I5QvC2D/8KdUEWNGokghIWisGSXQQP54248RGWY47k8y3F4qRztN1JHF7CGqvhGC+znWKs9YGdeFI2F9ri7rD5uD8dDf6fT/EY24NQdh8Dwxx7OHLFEknKghqPMM5TaQRLD43gWHNLJB6r4SLRkzH+VfUcQeuRq/CuShqrwof24vJuFSe9qz9j1ZbpFO6cwuO+/MZvowQg8iIY5x1sIma3o2C1kWKtHn3JnKy8MZiuVY0UtGhUZOb6MAlF4yVqsHarkTWfGMLh3d5kt+1sXRrylLOWXWP7p27BGqrXNFW6TskjFWDuCB9in0hAVcVr4Lb5GOgLvIKKu5Kw4qyMfTzwRDMnCUEi8auwtKBbxApbQenHIRo37Zk/o+yWfJvFdzdqYgfb8fwzvVWdPFCOlkl5rLAV1HQvXqVqMaXj96eSh/a6sB90iD4Ha6E8q4yOHVPHMW9JHCnzkgwWteMtpZVpLU+Gsbu2oTzTDN4cP5b7HrSgYujrWnKHQeiUAUwmzGBnv5w4tzzqrTm5TkUcoxlre09LN+9BixP5NFKeX0MfyIK9r6N+Cl1MjdGv4ejEcvwx4izdHrUdzCuvEgWSl9hNT2ExlwZ+PvJHJ9tNualrwzBzEMeZW6p4XH7anZZWQCymdfh28L7LLN1FIiPqoQwr3Y4/vsUOSocwkQbeezzqsWPoRNpWvdU+BO2Es86qoFAqzElfzsEAf2LYIptIfl7XCChKC0uaThOzeVbQN9OGGcdGg+2iatxaMxUdi1ewzFSsTQuThF8flzCCw0r4cHDI1Cwo4mfI8KPfxEcJHoVJn3fRXfknGmD5kV+Pi+GNa5pwn29CHIavR17JyqBecxkvvNKm9zq04FkClnIpxisxPrIdPJtpoPqXFwKKOwoDu05qvh8rRDklhUwDPXwzt3nUMI5DcruBKDTsm5sEU+iwrHaMO2uNaQ91ob3jwNp66AWXDH+QHqxKdCEnmy2YQHk9/wjOG4Ni/p7wDX7CpYnT4RKG1WWelpOUoUnqMm0mj6Nuc73YxKosUQWOtbl4SLtHpgQLo2lEheg1zOVqnPWoOTrYfpodQ+mFRZB1mkRuJJTx8m0GmNCXyA/9eaptz7zm5JOVBno4NE5+nTLYRP8jjCET6PaYau+KAV2fAHLJZ/5rcg96Oi7RbNsB/nEZldapzlIS0Q1QC3sLGzwPsv5x2ro3PY1dCvekyRn/Ia7Gzt57MITWGdZy/msA8oRA3ThewjnjtCDgJw9dE53CS8XbAPrYQ8O/PYBrjh/w3Gd5rCt6gj2HzPnrvq9JLc2lfeUPMAdrg1otrACPwns4nkjRvLvHQSq4vqg2KnK3q+yQHiUGv1SN+IldcYYt8Magk2vQ8EtQ459pgxJdsdZ+d11nuEpzkr9bfD5hA+bXcojw38xvClbBOYIbMYVuy1gnHgyz5PVYaveKN69dYjfx14Ehed+PF76N5ReX8rayoJoPN8e8nrMgOkF7l6lyjbDivBn9RN279iCX/4rg1TzTlxemcjRacJwOGUi7ft8DD103mK+qynrNo5hdvOC0PhCWpf8FkIknGl3vxXM26tOL4Su0rPorRR/ZQe39d/C4PoeHDTxxMPb/nDW4BbcaC8E+TuOsudUXRojakD1lgF4OL4TZk18wIPbHsDMzAienmFPDYIqcK5KHUpeXGFlE3Ea0aEAvm/T4EFZLW9Mr4Thjt1sLucK94xtgY+Ycc/xUnCoIxb9ZMX7DH/Bi7tauOHhKtwl1k5Vn0N48Xw7kNDbhEvs2qmeV1HFunp0c23EnV2muCN0FealzoTrVa2cmqIIO7SnouRoZQy+Fo5Bftb8cq4FmZn+Qw3fRfgvKQZ262mAlLU4hO93pLAfY8hHrpgXtyfB7L2rKN61i/LE1pCewlysPPILhdOlIPDfdVQz6uPUN2YoadFCm2fJ07GXibj8swc/CtDjwLWGVGkoD6KdHfBB6RFsv5LGp8ZKQ/xUcXr/cxlNC/bjv+WFuObbXHz1QgAWe56j7LZW1PVfifturoOU39Zcc+cjXjrQyeLx7/j8xq9o2aMOaiGX0Kf+F5/5ZM0dNU089W4BLK5xY1ehY2xoeY9cRyfi4g41GAELOO2bPudNk+J1CXu5IciPK99OIBOvt9RsGwG2b6T4V/FYSE+fjMVTI7GjQRG//kqBCEVptn0tAJyUxtq176FEPQ1yMgzgnrUwLRVuhTeBttCetZlOZm6ijtzZmHVuFnk9DucypTF4+rIUtB2ZR+lXhunqZjXISyqkC1MmkaiKBGhO1eFbO/3xTn0MKycqg/r9t5DVIQWFFVEk/buMvQs/g7NfIT4bzKOfIuVUmxOAiiPlweNWJJZffMgJs+dj62EXan11CYam7UH5Ca7g0DGbs2tcYMJPA/gjvZHy3h+k6HwjzDrUhSX+p2nUjjRSSOkm91nRUC3ZDL/X60HHWTPySnCm80UjcZTjV6q+u4zt3mvBiZubWXy1HlSXBuBsp3EgH3cAx7fX4cWxpqys8gCuTnYG/9NPqEWlA74VZqF6hxwaiJvDMu6mHMspVPALyDRyJXR8O03rf5fy+vazeKHsDCemfWHVQSNQ8tjKe3u+Q63fJwrLOs8NU++TyrK13FKcxDc/IG0tRc65aQEfPnjC2AxJ9nkog0Lisuxk58haPSPJwVKbMjpHU0biCuidOgJy5dZhT9J9vNbowM/1jkDtZC/6MisfZv9LxzlCMiTz/gNmGimDyIQJUD48H/leLRU+92Wx3UlkrOnDylyEhTUGVJz1j+CBOgTqnMFfYdt4w5ZYuDv8BGF6GMWc2EcJI1XJNUSP7tWrkNcGA1iTIguvUiRZJOQmFT1dTELq61DYqR57ZiVwZ/x1aqBglPMmsJowCstn7YGZgW/YfE0FPVjWgautZbnejSk7yYgdNSxZImoSeD/VYXWfYAqeXcJ6V+bjL7E8vP4wnVMebkCngBfUFXuUcj5bgYhABouoK0G1+3VKO6BLOht3YfrOC6yZVMlj7kijtPQTXiA7Acy0P4LRtev0KFseC1J2waRqHbp2SpI114iizqmjtMooDPRzpWDECm16ZR9OhvafSKzNhhripoMqJrFT8nL8YWQAj7VkKXqcDky8fQjvPinD0CE3CrI/gq/qDuHPi5kcbRLJfj+EYcLS+5iYx2D7bxOYFufCg8XO5DRqD/baZ/A/X1MYyLnDV9LF2NLXFo8pjQDFN9oQYr0Z+oWDuF3yNLrXSUCsbS26bpnAz5/1cbDCI17oIQKfFvWwz8wcstT9y1bvT8L4j+t5UyTxyfQyGqz9j164CvHrm5bwoiAS5Las5p2aZmjTkwT6vU0cFz4D3fdl8pIl7QQCS9hh5Xj4kN+KsSrLsXfeNvhRthiG22Noc9Ft2nVrOXw2Z2pq3MEfqghSu7s5X+koLogqh/urEkHVuBLc9Szgt48cfTM2BKWqu3jzmxB8H0zlsd3GuNy3g8vjNdArwBe7H1Tx0TZ7Soi9yrmzT0NUsi6sUbxKoRsusqibGFdvuk8pH6Xg9JAK7RqVyK01jzDS7z+Y9EQfmtPruOm+CgntOEQNywShzCcbmr6PoFjPtTBHphpFlQ1AzV4PwlMsOLxlI+oE6PHjdHdszNFFVdZgp5Oi8NzrIUmG+pJYHcLJVX/40I03dOaBLmxvLsA9L3zB4fEN2N3wGLN/3oDf8g0s+NES0r6aYereapR3Xsx/tbzpwsAhHmifCsdyzDAnOg1HPMwH41BrEP4swxEzL1GbozDNeTCNhD+/Bpe6VaD1MRQdNLNpwXzCjP1GoO03CvtPPeS5EfPw18E0HPT3QuH7H/mRrCSWjxoB79V6cf9yAulbr7i53hDiqR2pLhIfOwygwUAtbt8ix5pD+7H263EoGiUFqi1nsWmxLgjvaOKejFe8YKYqbPn2lp0U7GHBGgHSOnoBezRFwfnPNtjvuh1SuuRgkXU17jmrQeklieC6zIrePMrDl+91YNrSieCq/g7dJIWpMGKQ1ZR8cWrAfS5DH/bq/ckzLzexUXcIhFjrgVCuIIdkxtCJzXl4wfoT632LoYRJMuzu/JrUgq/wu7AtLGmqCZcverJo1U9oPhWKe1KTwOhTHuScf4Xxy6bT3AJVDGnLI1sbgvaifEzcaoj9+8dx5uQNsO6QI/15FY++4ZPBM/UVXJYWhvcmo8E1dTsdGT8VLolL0EBZCBXvO0m7pXvpddwy6H/QT/mXl1PDEkX43raBRhcXUa3+VF4oUcPX5wzwdvdvaImLeFFvEskEVuEdeWmwixamsMATLPEkAQVXGPKX9kmkHG1Ci+tywHfvXHp3/wc9KQL4Vl1CxUf8SU1vEWUqHWB1vXCIT5fgghGRFCDnyE4piaT1VBiWyp6AL3GbyTRwLumcqgflalVSGP8cg/eug1/jHsEW3RZ2QAMQuxiPL0JieNT0RTg66CLNCr6OOiO06VbrF5ijdoK/DJ0kF+9RsMbLHz4UvYEkn1LYrqDEeu/f8fsLwrRl5ykcWeFIzZEW/GCzODg334PhglBeLsKodU2Cg3cxVqwu4EM7n9KPoAU0UjwEg8+KQ213JJTbjoTXoiPowtgeNBuXAXqXl1PbEyR/lzo6YriLl8SJw+9/qhzwNoJf2d3C+cMn6KtxNTk4aZOHzBBHnW+Dd4pAgmIGYH26m8Y3qmFfZBCprXZh/1BNkqtZR0LxduhxxAuXzvAhp3+TQHGVNn6J2M5fQkJJ7dgTjr0tzS9zvCFf/xM6lPhzrmoV/jYXhfdz05jLJ0CH8Q3aa36JrqutpTl9y9n8SCaOs10CqBVIQhusQc0kDE+/R/LQXwl3z2ygoLVf0PPGThSNauA+JR3oHlnNfanqIPXoOSn9FcE1JpfYPXsm7x505eonoRg42oGFvjdz37R7OCAuDGGr+jjm61OS9bbm9vVi0LjwCJzv3AYGMTcoL/k0m8umY6u+BLi0nsapz6fh7aoNdODfUTqYsptX7BwF+cGnQPv0bTh9eQf89ZwEr2Tm8JwUUdZesQOeFkmg/7Q9lKJ3gPZkngO/yIfkxiGwxArh8JsF4F8/lpZHl0DnqjOkvX4Qi36Oodg/e+DCngiK3mvH8+KEQHPkQt4jco5unF4JksmNlNl7HiZse8aNNU9BYf4t+GN5knaUWoDymkCo87rA5oeNYDDLgG/UGMO+FQKssqcHLY8/w30bFfl8wnhIfSHC5q/Okeqmel7goIPGE5JYaY0mGKY6cNbKkfjdqhD1Ek1AscCXN6S+oB+2OlTfXUqZpm/wi4gnCx/6Co80jBge90LYCENQUPKAhUWP4F6uADlknUJz+RzQnqbIy36MAt9ZJ0FyzWccu0cJfrU+h685U/nR7CAenBUCVfXyJHPnJ84qLMfdlUJoIOWIS/6bBBcfTuB9iyTAeu4bDHl5j6ZK5lLAMYDpM3ZBj8tsjiprx68q6rBsXyAJqlwE7YxluCLWAZqk2+nhyEL6droD9f+r4MaMZFa4LwUx1k78dKs6j9sZCFtOr6PKp1v5V/kQGepMAiF9d/7SuA/GZsuA8I8+0snYjcKfK8Bo0Xne4b6ZZKtcQS1hOXXuj6VVRZJsrQ6wSX2QdxWvor/XznJVjTIMJB6km52HYVJPMokPrAXZ8ko42G0Cm8abgMP0bfDgxXJW2+eEaw+s4gPZlRQ59S1nBg2zqWIUqzYKQ9o/f5wtZ4s3XUxwzyEBrvaVgpX7D2LxjGhI2zAMertEaMoGK9DyP0ELR1dAdM4bvjRvAe/1mce+Hd9p+WcLPNGnhArD+/nPYwDx0CD0zMmD07cz+Oy0Zzi0Now+NHpT4Yev4NqVy3nPTSgoVRP0REeTX0kjJc05h6oyNdiY5MnadyuhsuopZtv/I6ul/8HvQGvwKjtDm8df4nJZVxKSHc9zC09grv8c3D8jkXuyRmPdovOcvF0XTv3KYN1zLXRf6CicKh9P618hyI+pwuCV1/CEsTCkBSTQggQBmBb2mCqXROMy7Ra8tPwqf2jyga0pGuT9yJ50rxeBR7sKlF8SBy/pHsyO2I2mzTIsOSOCLJQ2QobQW/A9hDT1RgKLhI+GOwUCMOZ0IcDisyQw0wBF/rpAwUN/Fl7ZDYc26sGpIT+8sTEYFmczGC4Jh/L7phT8NpjjREpJUtmAdLSr8LCaCN86OA7uX/hDRloAZxbVkJz3F8orX8Hjwp7De7M7fHf2MlwffJrWfTxEHws3Q8o2gGca8jR132TOepSFHx94gJfiT1q1bDWcbqhHrUYbGNk5jBrWE2Bi3BxYO9MCz3cGsUajNnZWf4MAgZWYLh9KkyfOQ5W9EtRxYiI0mRqTXclIel6pyhlQgqN87cmoeBfY3fpGnzwfgfb1nxx0WgY+bYjB4F49Tjm7ncTCjfDCtQYq8fSHvYmxaD36N+0wruOTN8fAg31baeqd7xjcvxKbB7pQdMlzdikV58c/e9lmlg7q2n1FA1N9CE2Ng5q8fDIpTsGJMj+xIucU1z1JRCdJVUjavBllthykpoTJIHAuF1acXMklYQ28dVkSW2m6wPWKRtTKzOca50C2H70E1VOsYLnbQ463isEnM/6jf7YyML6/htzkq1n1zDWqtzaA0BnLyNNSEf4dVOB0IyfK3CEMq07uwciabxCaXQSpNksxIS0Fz//w4w5HQzh50w1PVYZh3t1akog7RFn3HLnipTv1bfiPnseOxs8iR6H/02gI2BlD+SMPMs96Dk41UuDc0YFjQzeQXUQk7T58hiQ6wyA9cCLsc3zKax9Ow5/zlrLMuykUqniAfOReUPCJz1D//BuryyTRtUpJUKmezW71/Syj5Mlysz5SfUsy0HY3qJr9hItNF1BA2RGIt7ACudYy0C3ezFX71+BXh9W0fFI0jZXuogKD7/BErA6VX4wnrSXS0DHrDXWUm5F7jBXlXnXFGeEzCZbchKCOPPCZfY7G2D7G9Yc14IaPMSx4m4R6Qr78UGkKJ8pXsJ3XJ1x0QIFud8SCieccVPpqDOtuRKH+vRbM7jDm0/N20qBkFNXe3g7PVFLpfMcUrt+VQN1fxWCf3zHYVKsHcbNPcafGAVDc9gBq3h7lvbsnUsMTNfZfH0EK9xByHhei175VuEjpNKf6TaR3h2XxV7w/rrYpgZYge+r+1E5Rlxn2pgTRws9bqN08C7TuScPOabs5Jc+RdoEo2mo2c+14fTqtago6RgtxlWsEjLg0EzMu6/Lg1TpyWbUDwnd5gnuhNDrutaOyJkEwaM7E8Wf0ebGJHzc+ysXsA0f4xRoxFmgWhAN0lnccmgTX/xB0tv+gWw5dfLwvkHrTZ2HxRKLV1o/5zx9ROPz9G8hdsmQxH1sw6emgKnjNKmeyscO7AitX3KfBHBGeBsLQPuwKMoH/wezvY2F03F2+PywOliJPQfWCJtzSvwMLrq3n5U1buHfuTo7zm8xBKuOhwd2YjcQM+ckiaeyaspyCjm7jawZOtMUoHpRv/QdvVZ/DDgFB8CpXpek3vLA8biYtc9lLJsmz2X4Oc9vz1zhtwVvo6p9KM1rUIDTjMZZt8qLV/z7TTtcTJDTjNecXZGLULzOQ7HpL3i7p/DTHGFyuN0DFn30obF+PQzZ+dFv1OO/pacBxKAY7Vefz3LKf+ClVAYYrF6CUdjRpKYvhx65+WHrThhefnsXHSk3prKoDZgX34Y02Gfj63JKdvv4ijfmhGHZ4iCVaHIDbP2PH22voe/Aku3+7Bh4iCHccRHnRz6VU2d8GeRPUqGBNE2/PWUp3NnSRkKQy1p+divPuKIKX/B46ly5LMetLKEByIe552ge2fsF0uMOT3FovQkGDEAjqCMOG8G56H9uJ02/sRaW5+zF7XRxt3X0JvxR8Z3sNad5WNA9TtplBUXoixN3MggZze445OIFX5ktRjHcphBppUvTTWvqzoBM1Im3gmco5+HzhKExsVqaUrBm8VVUHv+u2scTCx5S8/hnWWURyd5QBfEjZSNE5ZfS4Wx4G1may8a3VZJuWAv4RgzRC9C/9VjxAYu/l4MO0K1x72JrH33SCpshU3uzlAeuGVHHfX2faYt7MzUNpOK4SQNpqMclumcu2X7bgmXva/Dd1Lp+5I4v2T6firIuTcanmct46RxDkVa3Bd5kvxu1dBGnLFfjcURdafUafsUAIvWuKwUalGEc3K8DLGdvAyUqTrvd7UvT6ahRfZc4P/8hT00kJWpjSRK6NESRmYw7HsuP4gEI8VO6uY+Ud18j0dgMbmVTCIzNl9l4oxit6J8HHP6YQuoV48vzPrCi6hrTab9PMDDsYe2IsjXSdjulHzFBc8xhHZY2H+RUH0Kr3MW1e4svxM+fQ9xlV/IIOoOpqXdLcEMq9qwqw6fsYEBtnQKZbDchIJAg8EGFdhD0vsH9OzsneuHyRAkaMPwPr/unAqhG36Oi8ADzuMZKlhs5jtfdvDNGTwsS5FrAzJRQ3HlfEpTNs4FjiL8p2W8FFi2vhsZ8cKZhewRR9K7bvicXJDXL0OHwdlN02hHlTWkDJfYgCXqbxjsh6OK73kvWXXMXiL4b0du4VmJeRhT/umED6e338eXczO+9I51yNh8QmGqwgrkPGyiLwed0PcB1Rh4enqsC/jLMs//YDKneKsdguWSx1PAc+CgD21gd5+9w73Dn7JMuFGkJT4FPUvh7A7yKfcM3Zk5xclsFj+hnlM/zw2l9NVr1PuH8zwISkYNwjMZ0kDU7AG79TmF7RgwYbmmGqYABNi3tAJ6oDoc7NClqXmGH2XmcOKr5AMx68oZ15MrA99h4aHWjDvEd/aYqOJTRdQ1hv8YgvZ1tS39FCXiL1hVTuvaHkXQYg6zQajzSv4CuVB/DdlnFQdmIAVTQSUaqwDJvKLBgO3OBIJWvwMghDen2Zw35X4N1BhoX1Auix25md1ldSr/lHXF5TjK+t23nHW1W6LiIIprsquPeaAszrquR+m8/gte4UP1ULw/iys/jodi5/KX7IpnW63J4jCOdHICgu+AQD626iw+k/4LxwJYaq+LKS6kHycI+AF7clwPf9ZHhjZgpmLYvBrtsV507YjGL1wnR7TQey0T18HGVD4uvVKWz7P4wb0IG87EBo27qbHQYv8tuEYE7eOhtiqlRp8etFtO3RaHKdVQELUBUEA1Wgavle+v6jE8fO2QjpfyNoZ5cbHHynymJZI0Ew8ht5qDCcCHuAH3//wphBLVaYfACGBk/R29cv6OC5Ada3bYMOgUxcoGoJFUePoOiQGkmttyXV46M4fPoQyZ2/T3/HTiHpbZ3gG9JOzglyMBjTS3P2HKD1LlvY5ucgk+AfiHX+xdUHDNDiSDVH6d2DOLkR0JWyDG2fVNKm3kH0+LmFm5QmYrp8Kc/vmkYfBxfwvHWS8HrnWLhVJstqHpt5mYc764w6Q0+yJnLyTEO86lCBXxQLOWVVGqt+U4Bdq6X49Ddx9P9bxBUl/lQlOJuNi1zgqmYrOmq7QNWxCgyI0wXToTBsXn+A6na60/POCBiNHuhj/p3/C3Hl9RvOYNqhEHydaQ6TJO9RTJ8FPtWNoQ1R9Rj8TBFuLc3Ae2bG0P3YB5Q21pL0URtYGpjDZ38TezdfQEO5DN45vAzORoXRrG1b4N61VqxMKefWqhGQ5XsbpXyn8L8Ggq7qM+CY6Mjbb4aQWdQAHDXQ5eB70uC3whpCj2jw3r2a4DhqF1jY2kFeawkEhinAHD1kjbXG/NcpizX2KoKl/kMa8cQZI8smUNGqBZzbvgbmaOhAxp0AeBo7nUS+z8PzZlrwJOYIT7lwEHeCNb4pX0aNIja0++ogBT4N4x8HBMBjtwWr3h4Hj1SDeGPoZoqxT8MO1fUQsfQ+TfIbQS/l66lobBQurWjj8+4CcHCVJofCCEr7qUwxbwbgz7NyvJ91hWv9KzC7LY3MAh/hoktiMPnkOIp+qU8292Mh1PE4q4hUsFL5KfQ550xazid5eMNUdPdRhMGL5fxf0CE4Oi4eJfpPY43QFtxkP5t3PKxj0YsdcFY7mY5YmYLX8iwKix1PTeeV0YxHcsK/03hlpyfghxxYMU2JnNYP4NgRhhASbgyKiSPActc0GlNsxBe3DMCr4GWUk7gZ/pXLUo2uCTXJGMCTeXLwQ2EaXVtwlPpC/oCenyCYnPuLs4a6KLJEBz+1O1P3H3GICTxAJSI1ZPn9A118FQ03HfbiZXELEPpZhEFWC2jNzgiQ9hOBja5GMLG+Hl//S2X/7a/4+Mn3vK9PGi6vfY1fcu3p785Q3j9XGqYNKOGDWDdKTIki8eAjWJ7wBVrikjFHMQSaY3WwZOwVqD8oC2f2PMYpGj5Akw6DQN55ev2tgaUM34J5SQ6MX1jBigW3cet+JRg65Y2Xxvng+9OicNlQCFZ8CWT/dR1Qt7SQSt1LMCfwJo/r0ABDF12eKfCTvg3/Ib8xv+DtmjjsWLyVbIa7MN9dFEO7PkBytgi83PyLxjU78gcNb6r5/IxzqrspKeolp5635UhFDyqOTuZtVhPhmYk2xGe5Ufd/fVRwTxqlhnz5oOEMfhNUym3zH3L/dzFM1lYBdxErfDW1kZfHdsBBCw/gue/ZRqSI/QecKPvPOSgqPc5Zs5VAvOoqu94shaZxbjD/+TCVJC3lnwHdMK+/l5+3ePACxTJqYVsg7Y2kZxHJvidrIFdYi1/EBXBvcx7OnnkDe2y0MTXrMSx6YAKnAl1oVoEgjQnV5JoxgSAguBK2eGWi/5KPdOOZDUlo9LGAhS6MnZhCD/ra0P22OH261ckht+filKK1XOJcTZvcNqB4wh2+8MUaStZegqvpJ3FVyWw2S62jGwt6KSdoEO9nj4Al39Zy9FMpbrCdCEPtyig5Jx5GXZfmRgdP/KQWDbZzPvFO0S56pCgO6Vf70OeQIXxcow0rUpqgcs17UvZSJZH+afzmy1GavL6Xaj2+wob39awSJgU3espgyOYPKo8353zlRTT87jOL7Yjn5heJ1Gz5HXNv5MBCFAepslfwVsUf05tFMDdCkNou3OYzDd5g/i6aPizfTmNyYsn+F8HE8atRvu8ofqox4wSHQvpzqpFuZpRC+GNrmv+pGeJF0/Cwvh2s3BgPE7/+5R0ib8BhXwyUlhnDzghTKj9Ugd6RC+jqw+msFGMHa0f/5ZkZLvxe4RLp728hmaAWTtB0pMZjN8h4YzxfdPrId1UJZj+vxLz4Bsi5lQlZizeR7KZDKCYhwY6nw2hPizpLHcuH9gplUGkUgObnzVhY5c7TSkbA8wkjMd/7FbXk2FPIhy4+JrIfnl6UgYAtuXzo41/01l7NHYU59Hf2ddKe9QMu7z1Jbv4CvC1zHRdaSUEF+8Cq99/hz8R8mv5tFwaHOOFvsUGsKpqAR+Ln0bn0NyStrAAOdxXQ6okwXRay4X/hMpR5/TlPdlxEV06epxdxh/DDvUVUs308lDd7YkbDGczuukG6S87CuGPv8LNEKxUlBMC8qiTeX1gEq2dYwgKpJtiQegj+yCfQAv2NhFUmbFzxF7h1Khc/LIO7pwAG0ixAwjsR4i94sMNNdfzWeBn91syhV1ldOIoE8VVDAlvtfY9WYeKwKf805qUcocmp2/C41Tb2WfoKaq8b4NvWBThBbjQMpjiju7MZREp08vgJ/eSUMow+5u0k1r0EtxSHQnOaNK/4uZF/F7+C7X0yIJCWRHOFdVlV8DLd9Hdn759AJbvyMM37AQVbfYf1k0PhzVRLWNxdC0ZRd7j40GQgkXyYKzmNl6waZu2Z6oRrs+iJbQd2KAH0LOrFyHwx2muixebuj+DW/jo+H+CNQpUzICg7BCMk5Cl3rD5sEv9NBYOFsPuMN4vYSfG/qh+8KOEYDm4UprJXU6B69BZq2GcEB7SC2SzvBOWss4Ln1gvwjv4YHtsuyjnusjBD5ChNnHiILWUtwOHtWHBN7gRbT2f87SGELU4q0O2/HvosVGBmyh++2fMJOmVGQu0UET52F3nxcRe2sy3irk/prH39On4pVIT7zaX0/MMsrEo1B93SJXTt53g0HJXGmtsWoN3Zaip+GYImrn/x2fIhnjB7B0fGjAGtvJs88sNVSvvcicr2YnRIaR0s2+zL2r0b6ajZXZj0fT2f8NIEYcFlPLApADJvHcNv9++xmeMU0rBbCXaGAdy1cjHn6zjRuj22oNzdjwEvdTBXRR06Ws1wa916yDCYRjv6mhAEfOneYDOdeaoO4ZPC0Yyv8MxFnuw/6RhVgSzWVHeQ2IdBuPcyEjbnD9OD3VJwd9cpatk8FdxXn0S3jpcsy944dsiLRdTDycmpHzIvDvNKQwkIEallG5N3tMnNGdqUL7PXAVG8YvgUtshGcUv9IIjuSmFn4Un/N/9X5udEmjf7L83buxEVA59C0p7p3BRvDtvT9/EMOUGYAgvokLkd7N1zD3ICNqG/rC0k5fXT64u7aENsJi68cQu2C/zkZichFvFUgrLR0ezR28SX5+nRwgR1GpxgAc/tk/GrZCItHTMO/9aK07mi0bDOMAtPVi7A2t0SKC/3G6KOppDE0SGaW2DOUsNz+N6oIc7dbA0L5QSh+FAUhiinseaU96z2aDTXFH6Gud+jcZzuNNotEIUXTtrC/ahd2Fn+mZe2vEE730Z8dLaEO99fh9l129B/4DzccejFs0sBTl+SALfBUySaG8DJK87QQ6tyzgzeCv4BiTzWsZsLS6+z/ToxsFz9Aoxen+X+E/tp7v7PeE15Mf64fQ5/R31kl3oBbt95CJ86ykH2meOc8Ooo6uw1wjO39+PMw6shIewwrLuTQl/eumO8gCd2jRoNeU4dkCOkCC5qf0F2chsclUqCG6uOgMeUHng3dj+c2/cQAnbrgs7ab3ij1gkTffPxRtUgbV6pid8UTHCiuwusnvqWNM8O8PIDoyC1OgTlnrfBu52TySVnCt34L529+43JS0MTV5trQ/RaacwRUYJ/8ypJSOEgTw3PhGsWG7AlfxYV3wiCaZvfos1/d8BubzLUpSjC74dH2LnwHPzKH0FjV6Vj4pS1+OhtJY0TSeKqxH76fGQmRDkjJMVN4gKDaoopyIUrqTup+rIUvSqcCqdb0sAy5ixlLx0AncfaULQjlmKv+GKDwhl2XL6JYha3gJ1eAAtMc0V7/VZYbZdJ76JsoOHCGdTL10HlrA1UF3mOKksmw/Skifz26wrUmvcLhExk4XjAZBg5KRNCFE9iXE03j5SeTsd+7QXv6QdZ6oMbVop3U93IVJr0wQL8lj6kxIB/PDR/Bl75PYffhF2H8d2/qCzYhWOWHQDN/elQNk4RYjZmwDbhIySROY0uNt5gueULcfJbE1r49hXZTLvKhvwKu19Zg3lyIrTMcuRwi2kk13qHW9xfY1PQMHWv7oSfqz7iq9NZ+DhKANINzlDrp+Ww9c9q/LVAmFtOz6dtP/PQUnEIRwY94dRWScQegGvaxI80O/GH2xrM+yEM9+ffpPibHvz67UjUGngJdivkIGmXPJzz2wCybzbADXUL0r1QiysuJbHN8Wj+tziNl/3rht7Jsij8SAiyRi6h+JxeKr2gzq/br4G+dgGNeeDMZpMO0lYhX576PIg+7tEGo9hu6Mxywy3bpPBwWw70T9TE4DtO7PFwF++MqoeDbrfo2HR5iG64wS8r9XBW3h/I0NhF0rM+s9D3Thh27+Mz1pfYx9me128YAScbJLmxfzELh5rgs9peOnZZBTJHhmOmrgfYJtvAHjVJiD5pAnVqp2CuVR0p7SMsNt/J1yM38SXZdDhvNpZOmgZRvfADNm20hxOj7qFd+zNedTwVXqqMYYGGM3Bw3HMs2yZIK44UkwuOp3vr5aAjwxHTonVgrcsXzLNUIt93cRTvV8iFnmGwYyLQoq3f8LrCaGh7pI0J9VMgze8+LcvIRJxeQvfvNuIxE38o6FaBbSIj+fR3W7hksAb1lcxpiep5DD8XwH17D+NArDeGjV5CUZVmLD03CN3cJ4HxWQ3UCPCi5X9PgtSGbix2SiU3n0E8Hq+DInkSZJg6nStmGMHA1n1069sxvnBSBjZ+aeHt88fxezVjDq7NAvM9vTB/6BP+FzAWrAuM+XDmSQ6uO0QNHf/xfuFKmG7dhb0LLuD56Dzubn1BRxUIZsuc588ff/Kz06o0Ji0a/st4zfL+a3CL8RSsdcvG6a/Hc2OTJUT37uJ3z9Ih/JQrhn2awKV97XRl/Ur4PlgAelK3OTKvA9R9CI7vkMe+M77cqLkRPc2WwD/7RxDt8Rp33doOCcE9fFHiCi1tM4Fy1708oDGdXny7D6FS/rj32SMayHOAHb1jaGMIslzZSpj+QBnORDtA3WdlkFj5kZeZmtO3OwYUOOEuuq3PQe+7tWDfkUD3LCzhn8Um6LwnCCvaVNFlswmPOOyIlU9H8q5PLuinoEErNY/RkQFleJDYzTt+7OL5DxLgwblOmv/pPwj/uRoHrKfTKeFaFN92Eu1W24DgwiqOHbOecr5KQMXuZSh+/j8aDKwBx5Fb+XBnJFeOseCCYj2o72igBZn1qDYugxOCf3B43hW2ZmEYluzG138v0fj1oXBlIkD8mn64/vQU2vMszvgRRw1RqnzifQpIuU7i9DuHUeW8JwipqcCbyT6wIu8UXZn1Ejsde2DUiq2s5ODGcp8k2XR/BGpcmk2W163B5NIsfHl3Ld1Y7QsS0y6huGAXvZrylw9r1sLNsY54ya0AjCtk4NLmPgwbVuLksjjKKNOB8+ul6YeeOvz6HwHwARACAgUA9A9EKVraU0UL7dJAJKsh0VkRlRYRDQ0hoUiIrIZCyigqRSotUVYUKUkkFCkionKvUQq3747lZPNadPUkmHX9Cr550MbeOY/ZSOo17S8Mw+P6j9FOX4cC132kkSUVNP6OPPxcz6jho4K/ZXeSyHAm3x9XjzMzV8KUV6PJ7M1z7Lu3jMMk5OBY3SJMwo+cd0wDql2C2X5iKxf3jaSIMXO5p64XQl3W4JrZ8qD2egEsqLOmxIcVMLDzF3+98xYbFiQAb7mFbv/GQcllhvz7hjAmwgYe/lsIy5T78ERAOpqca6Ioj3RqKixCz14/2PCgAJpZDh54nATVVgu4NbAYVnVH40KvSq4zbIWtkjH46N06SAhbznd9JcHER5a6lRvJ40gb1eYsodK4+bQ3OQGn51rBlXODmGN0mqLqBMEh7Tc7LO3ltZOb+YzIUZYw6YAToTm8y2Mplj6dy8WaivQgDOHA9ZEgvfAU2m1ejXftpsGlvZUUWvOCZJvf0cbDoXB4ViFcdjCB+Oc69HagkEOPf8Mz/vWomr4MNIR+oMPap1j87jEsfmOBLlYT4emJBvYq/EQP713n9kAJ0Jhcj9XX1pOu9nbwm6OGL/JtWP0DgGHsQcj58Rs6bTvBSGob3T85CBMq0rnYeiu2PW8lrzZt8js0HQomjKXbN6po2qLVrD67nS3HOPPEBRfQyMATJu9OgB1pDfRjvyW8250EHdrZWJ10E+2c3/DYaXdZLbeW3O5ZgejHAlDJmkn/qcqBjslfcDp6iy94bcGmokA4P/IbB12/gDESJnAnNg9KPipyvfZ0yDPv4izH2+w3dxg/O/lRmb4s774nj52/himycS32+qrwl5lWIDnlId/brM6OHVNgb6gN3yzvp8Nvb6OinxOUzToJJ7392KJpAgSIZsBrSwe6J9bG8123k4BEGjtaN4LggDF6eexnpZGfuDBVC3SNxPhr7iGS2a8CzQo3+d2NaBBdPIbmH10Jc6IGeEnfdorbLAl/ozTAZ/JcCNvex1qbTXirogQdfBSMIcXtIHFGAUxC1xDViMKy0k88p+Mzdqqcpc0vnpOjsjF+mPEKYfZTnjLCkWdIIE0UFwDLDQL0e9UQHzzVDauHL4LvcjtcKrceDxdPxrQFmRyfsIJcv2jA0tefYOrH0zx1qjx6ZP2l7+NdSKl0NC48coB1Z8zB6sk5tP+sPkzwD4bgjN+08vMkmlo7gUVadWAoqZtcnsVD6/BZmBVZyvWRqrDuv+mcNfoUvHd8Tb0LNMAxbCSIhY+lX5YdYPlTiUsKj1HrJEOYafAGc6LscY/sbYi7uxrWVZ5lj1MmcJf2wqR4A+57a0c+HeogESaK/ZITSHDyNny76zDNqFgNBvZu0L29iR8aOsL79mlotssUhKpuYfnnXLSHu9yZ4wmrxJ1gXtd3LnzdhQrX7qJVeDTFnwHYfkEAFDrywGPeGTKak46XhXxR904/YIIw/3ulxVMWKrP9TF24E5OFGo/e8ptLsRwz8So3XNrCkWH5tKT7EKQqv0BX6oTXTfJgc+gb/7vvgw31KqywfhgH1N/zvRPWlHd5F5RZ+vKWZZ247yLBzYzD1MlX+L2sD/klTIS4LVNhrNMh9HnfwlmRg5A7rhCbeyQhNMkCJ3z5Qk8ivCHRvAZOKKzCi9V3QNqqB+ym7qLdlte5e8gSrL//glibsahkX0yfgxDJchsEzDsO6xMywaRaD0Yk2nH1AgkYOSzMtZjO8X3KIGbsTVY5wrTvoy5c923kH0VaPHHTFdBbPQpSk0rpUmQbuszaBn0uHrz9ZAZGn2zGLRWLqGxxKfgnxlLVNFW4Me8AWhT9gsxfxXA2fRzJWo+n+8VlFPvRjnR3ZHBmaRzMypgECZHmNPnjGZw1bg22XnkOPkfOU+mGP7w15Avrlx7DY9e1UcJJHBTGqXDI+BB+5TgTpz57hMM/PjEJjYPZHZfQ4M5V8tOPgyXm0pC1ypY1J64GxUoRmP5SCG9XboQNWSlgL4bwRuAJres7yEtrzEBo2hVyXzeJ7g7/x5apdzHBeQDzyivRLHITn04aS6celoBotioY7wZ+EVNHt4v/8s6lIvC+cx43S/nCYuzgvTqzWHY4lvcaGoJmxU+6FHUGH9fdALvpATTyTD1YmxaBW7gJlSut4emFnihy3BxeTbfFVaFbaJH5Z9Sf7I1xVQnglxZLIR99KEFOjCeHP+fu02pgfmsUly9+iubH2qjrZBQHt56EmofaUO5fS+ZXikFXpBDLHilBs2Ax/+eUDQkFI6nNSRZjniwk2fkAg4WFXHdoHqh5voYZ68zhmagwF3+u4vj70nRNuAL3XBmNDd0LQPafKH9N/49WDejwxfYZoCSTwqOFWyBTzppchXfQPN022NX/D5aJZKGSgRisHpjItxQnwrG0QUp1tIMTBr187ORYGj/oBa2lD+Fj7ljQueUIFs/SUTNpDHwMTwSpn2Px7SNV2mb0m/xGLqPNA/Zkp1aLWftfkYINwmtbhE69JIo5Eg876xPI/r/zKJ//ACaPKmfzxhA89K4NV17VYF1vDWj086GRb9pRpW+Yzo0dolf5p+lzZxM73/dHuYOuOP2CH/prKEBl11XUefqDs6US2Mqui9VpAy+qbkX3bUN0a+tGjj63HLTcAe790eE/r9fTPc3JPGvVOXx3eAN4lhfg4ln7+edtfbCqdmUXUXmQnD8Sk5Zv5hTnBChJ/QChpi/Y0lwXmtd/JzuJElggdppdDZUgb2oLGnbq0ZM0YTh5ayqs+XAXymK0UOb8Xr4jEUGVLiuwqdIKtP54ULKvLz91fE+Ttk6hrgoF0MnUhKs+U0HAdQZOu6fGjh8AwvRWU/HYALTENBx5X4733/eDXyOP0+z+56RvPosPdcvg0lJTkPXtQfltZ8jVzgBffywElxklvMf2A0escefW4yfhVO5a0N2KIC+ZizeWHkKvJ5Xw4+oGqhtMhP+ssiErIBfOJTZDr/ICjF+pBSoVX3FPzmgaPaCLJmqrOFh7DcwurMIjxecJdknD0SYROLtvEqxcMBZlnxtDvEMVKu7Mo5JDp8in/S7+WlHBVQ/KeVNwL7wJEAXbX1vxgbwgfzRJoW07M8hLgWhbhyh1HttBks+z8Puy+ZB5QhyirHagqpEJlOz+hcmhPvj9lDMv88pEn4wG2vxUGQ/cUOfHp0eA6N+P5H/5GiXKelNS8Tsybc/h1EwryDTK4kmTs+BcwhAph5hD9xcZHLXsFIzpu8kfD35Di1PHyeLVNerZP5E4tgk2mSbRhacEf3Zb4qmMcDiup406EXokuHkzCH5Lh9BLRVTGn1lX4R3N2jsCdnQ2IWc8wu5iTbaU1KUNmbkws6uHyitk+VjHUWxoEOO9v8SAK5Kx/MAIuPckGJ9tqMOJHW54OXUHbbj3nWLnjENds0TKnTkSLh6rxtvOrvzsoAU3ul8HOX897h9ejo/HJWPRKRNcur6WZkzWgvG9RzlOfCG1hypS/yZNfj4+Fq+pbuPmV9Vg+3uAFJ/l08r2sfB4XC4WjvuFAlEr2WvHUrLWiGKDKcfZpeURLMkVYpfaXZiXqQDSXc4o8NsN/I495vsXE+l97zA6N02F5IuSdPZKHXoo6cHUd2YwLi8KejMM0KOpAeIHVjK2tLGP4EN2sDIHvz9a9OzmbLpZYwkVdVNA/qcRJGzK5YIuF97w8hv0vhGEhSuCsLnCjHSPlZL1FHMQqRSBrHHXuOKVAa2jfbTh9gC4PRTneR0HMeK/N5ww0Z0bPI2AhcRxrel1koow4M2FPRBVdYBk39hAsVgD6nu2UsKKfI7ZNBpuOU2AOqGv1Jl9AvcdSmeDzdkoNEWHYo6spy5lHTCYkIGNAyOgSsWE6gu9+cWvZ6QcD6Q33pd7pXuwaqkQbikdSaGnDsOQthHsu/wXlfsrMfRfHp+69ZuE7s/l5X/HQKeyC2zkrfhb/i7HKI8Bcb0V4KV+ncOuLOU9FodoWm4Ytot848SD3ujytga9rO7TqWYLWLQtjnaOauKc4U2wT+4kB1r9Y+NIJXIcKCOTCFe2SfZCA1cjMFjrhnalGawxdiN+MlxC1iZ5mLIbqKHPGxYd1ucF/b9YbpBB8/sPTLIPx5m/POiclhXPTttG8xYthlP3TFFe6AkEF23lkCumsPCKFtzR76DiHAnYlvYI7OKXgaStHBb3ALcOjIKng7vBxd0ECjpPswOUQs4ifQg7YI+m9Q/I+6Mqr3d/QPVTdOmyngQsCVSGRkEb7j6WieOWbKajrkmcuF8Pa+48xQLzURis9ZWbZ2VhYZwJxGfkg2RrGTRnr8Fzbz3x1vcYyrv+A6NkNeDOkWgofDqa666NB8nAZVDjvwdtG+o4YViRfFYq0pmjDzDopSennZzNc1Of0kRTVei6twV8nBvBtcsTPl2XozU1FWAgf5Q/pzai5FwbvtorDUGNkiA7RQ7kfRxZYQmT0+atkBTpiXvKcllJ6Qy/3vKIr2Ym4J8YFYCpS7DlbyAlrL6MP/TcwDNnNe/89hRkT2/AmvW/senTcvJP1Yexi8xQc7Ms/N0wh5TzDvCrp8a84JMfivs088ifRvB5XC7bqFpBUtRkftqwCy6k7MSVgafxEevg1XvaEBu6DtbqafP3xlpSOjECFBvbyVnmHy+z/QTXX79j5/AvnDJLADtHZ8FG4VQKOFPA1xLMYeHFFejgv4tv37aEnYmxFLlsCbumGlH0rJt4/lwJy0of5ZlOWmCftxAaVGbA5d1faZ1CCLSGmEH/3TU4V+cwVBicRtnL3TD7tAVcvDsVbGqFcFmQNFbPSKEIFMRTmjrYFOmCYaIa6PbCDy55T4SCeEHc5P4VDZ7bYblvH2p/K8WjR3LpgkAuPwk9QA/W+XLOPxXYphnK2PoGzM1DwCshgw59W4E2EpvojsE8Xt+sgnutNfDFaAm4p5WOPKTOsnplHGH/A90m78D5mcDTXp+G9927yXafFb2eNAlklf15R/sZ6Fg7iJLiirAj8Ar+FHfilAIZtM8wIQvVPfQ7lSC58Qp+HTuTUnYP4SKFGCyr3AsrhiZyZ+0lPHPpMfxZVMxjhafC6G0H4LyjM82JiaG4gwLcNfyMpkd9oz3WjPHxDig85Sd9F1KDxxp9rOd/m9dqHEKn6flUdKQG2jYR2fh9p6KIQZ719gmJHVaCxTvcSKCwAw9iOKh+f0l7PerA/480p2A7VAZvQHrwGp+7mcII+/dcuzeV5v1ny5l/1CFq6kaUqikEX3k/jlPPhLaLa0ElSBEKL6ZRk/AaWKq6HaXtPLmzYg2Z5XewbJckTndYBh0OF1C9XBfWO/2lvT26IB9Zj39cs/FFwh3oMgE82yUBBTUy9Ot2BwfulAPzly7oVOFIo5Zm86S++dhUsJsf31sD/9K2U2/Lbf4QUAorjcWhfuoWuv4+CH3dU2DCm2201y6DLwy+ouOhV/j3hXkoIX8C8+Q1QG2XNG0WrKOnQZPozruNHH9sNQS/LOf5SZfw3P1IzhMsxqdWCLI7xoDqZ3PKbknHigQXWLSqCGvG/2O569fx2YR+Uvv0FeIuqMPRxiZet9IQRtj/BLudRjTROo6t5JWg9NUSbL98H2+p94HJj5HwPPML7Fm+nZx3OKDt4Dl0ih6Ed8uT2LhpBhhNkyEIE6T4IYTTZtlMMuNp1WkJ0K38iEkbbLEvdQ8eE47hH/WrcdbXzxCdMgbgsh8H7TADG/Mcdl0QwI3fN7JKtCEt0w5k6RNJrCzwFY2UzEFxijormDGlPF/EP4t8MW/PKTAvekUbqz/iij8KZKP2AicmjAMRvRyOuJ5LLxe9oYq501BWSwIcbiymD2s7ef6KdbCoUoqOGIjBJ+ul+PFSJEzvKoatRQn06vUlmCzdTNWPgSpHt7NuRCqtfysGEUMb4d3rNVxQrwiyNgc5coEq2W924a0xqbzjxyiccTcRrhSIwU9TOw771IqCv8KoRCsHhBSAjWf60PwUC27R78X1J6vw4YOxkNGYArnfDtATbQuqTrzLDavVeVquAD9MU8PzdVvg+6cCuvjFAKQXinOpVx0kDAmhbEoQZiVlU2TzRVhtN8wn3Yog/bUdRjUJgXCrL78YtRr6h0VY3VoLd6d5Qnv1LQ5e8pgyipdgTEwrb9qpCosl/kDIwsP0VvQBeQuJQPiXh/ijZzvOP2pB4aovSMz3FpfYzICbHlvg1ZbTrFIcgSkdPtx/9Qwr9bqTnshb/CO/AQ/P0YWzAXLg61sJe0VPwtHKhzCp1QAFjozCB8ohIGIQCGqX3ejINheO/acJuhIm1KcdCsuhB+MOT8Jbd7TA1mME6n6pJX0lBV5tqQHnsyTB8IIwblkZgnH3rqCI6FyOi2vAoiY15m8/aOHMVPQf84PguySUb7Qj5Uu3yUpmkJ30yyH9oj/MG48Qfz+Q1X8484hBKVS8JQKG+q+ook6CxZ/tobKV7+iVZjFe1l6Fq/dewb9P/lLOHmn+N0YTdM6+wViNLWjvO4YX1iEs9O9juW1psK80nuafj0SnlXfZb4YGbHBGOLLgJz7a+JiUrrfA5cHDvGiGL0yUQwo5a89BarO4/qkAWMTd4ZdS8VQw055ME37wiNmKqH/wKA/XriGdeW008WI5W70yg5+v3tH1PT9Qs+U4jrynT+7+t+C8ZQi3Z10A45ki3Lb5O2qFmkBIQxNX1c5HsQgJzvv7Am4Ff8ZzlY0Yvvo0xOcHk5G+D6VengQlO9xZzF8ClkUokcNaMfTTj+bHeWdgkfAnemEqzIfTDdmiSxj2lYiQaPQZ8j+YzGIflOlE8D+OHPqN3VP+YuThxbSs6DVEx4+Cn9dc8VxnPKV1/SHLrj3Qu76Lyv1nwMafIQSGDyB+rTVG5MrDqv07oOHjGcwY1Q1h96sp0XQu5Dfb0AT5Vaw9byscSasD248aoB+/izs9Vbn/0hxaHnkPer2nofKvE6yfJIrr5SeBjm0Emi61gJSgJeT+dzG/nmAAyrK3aJvvYvxR/4w6woV44/womvm8By9MlYXZqido1dyjXORWSLKR3iQQpEbvZonA1NuGUGktw/4HH2LZbQSTkyYwd00C/wx7RntLvbAtKhV7nWVZ+2s4Zuuk4hYrdXQ0UoFvgQzdsZ/pwZ6d+PCDNFptSIQXJ7KhK/48NU92wi4pCUipHg9dfdtR23ArNQ6X8bDdPJim8JZcRD5zp04Uax5TBzWNQJ7xfgIs9kzEBwVb0bd/B5TvCsGTcadAsmOIlH5rsFrgc9QVbeGA6WqQFZIAjQvOY+qeefTZZAZUtSVDRt9kqg1zg/TLZwHvTcU9C0zAs2oH75JsZ5mts9itRozMTPSoO0QSd130Ib1/pahT1Mflb7Qger0tPExv5+9/DuJriVb4HXua18w9gL2Wf0h8wTquEU7B7c/EQGJOGd0Q/8gCo3XId2iQz947BU3X70Jr6VEat24V7Zpoyk6Px0GOjBMv3PEeTyw+B2er8slB4gHuP54KlUemQYWoKy8Un0XvWmQg6ZUNj/pyCq+8eoRvjF6C3jYPTBoTQ5dUP3KG+T76tesacoUUTBqpTw7+R6le4wfZf7CHvc9cweaeAhxcPBfG+svAwOmDLLBaGsKtD0L5GRUIFU/EV5McufxlJvtcTSAXQ2m0sz+F/cJfOfmBBUyqf4YP3DJocoYfDVSX84V9rlx47gNYJ6xDyH6AHd1C/PmROFRMvMLe3+1hneZJTOjZDCo35vLHrCssNvoX+195C28ehpPS4FSIcQaS2nMb539YyoEpxhAdvgj61utCUdJSeu95C5eezsSbkSZQl1tD7mLfoCx+HQx4rMJ4g3C+N/0bysXL0t6Rj9GnaxyrOArCwhdZsGWZAvfGm9EvqeMY1JUMAXV26CO+Evq3KZBLaBzd3GgI4q0OnJPRgpI/GuCgkQqLenmij6sOhlzdjHOV3UlvgTKX5xuB3KY35P7fVVTGuzTvyFM+8eM4Zz1bBAoxwTwgsp6yVwZAp5gSXMpxB5uT5fCf80nwk0kCtV2TcbWsHZt6uGAuP6FztmdxgsN02LXeH8KDblPxBj1U8r+O2iZjeMQoe0j+8I7bPe7QWb8zXKAqC/9JjQKTu/08Oy6F71uGU23meup8uYxj42ypY38ipgVuwgYrTWiNH4/b3f1YJSidPPkep/9QomovC6yLt4WC4L9A/eqoUS0CezaNpyfjNcBktBIV/fuDX3fn4p/iDyhwdyXVHowGk5kC0HN7OjQ0lEBD9jvYFFeDy3IlYPDtEn6hV8odnxdgZpIGbrZvgJ8nx8OO1Jnwa1cgDDoWQUHCHDrkcpIgAKGs5AC6yKjC4JJD6HdDH05PMUAyWw0OfsLUW50ITi1SbFs6jWLqg6B38R++Ld0Die+1YOmaGpC4XscvG3PZXC2LlHAHxeQ7cK6KBzovusZxGusooY7hrKcX700Rgy35kvRD6yJdffINLry0QGXXMB5qV4Q1Vx342AVx0Fd3oz/nQvnbHG8e074T+vQW0a3HeyDo3zmWfbKKWrMv46svOnBPWRVrpztyW6oHSdW8wdCEbK5adZsyuqzozmEP3Bt2ih+YqIJAWiyVaSfhkHQHXjQSIn+jYYrsPQCLHVeB3qLvfMPZju6rycMJmwQS3q2DQSYT2cM4DmsKHkOqlgq35UZhzo9U9B5/meYeloUTqWngf0uQPH93Yb+xBeZWukN4wj0Oci3gjJFObHFOg89sloOgM6946+dkKrlwAwy2p2CPqRBoxZ/i+etnw9X9X2mfTxCPLVCBFfoNeDf/Iv+pb2aX0HsUqDOCom2n4oXmZyi8NYqsL4dg6RtLuGZzDjJ8v2BKcwhPdDrDbz5docnyW2j65W8YFZKBpnMbwU1wAnxuq6Clitthx1sJrtNMo5e3jvPOl8+5P2gB1s4JBncBT1AU1oIQZykydvZEZ7E6zExmtCkbwbJxcvzPPJxneoXw/PlPQUeeIHzIiOelLIL5YgeQ9utBwq2JLD4jDm1OpHBa01wek7QdFxlZgfnTWbRp4T28UJuEw3k2MF01CWYsXcsKyqr4oHYNNbhuxVAfS9C96MR7/33DRK0YOFH+GBrLVHlm9RbYv1QU29/qgMr7bzhaZBws3y3C05oekHJ2CEWd8IBzdVvhRmkCb6rqh1FCxRjbOI4yI1ThrlogSqlPZbn6eLjxdC/s/TMSp/1T4fMFXtiypIoVh1s54YMwHL/vRpemelPBUUEw71UF7ruCahPcwHF4IbzYoMVjjQLoWcNoaLl5GD9UKePaouXQJTCSfy9qYkOTy1R2Rxozs1dAnk0f2mnLgGyFI3rNcUEj7XzI/tzIs6QE+cWj+ZCj9BCmq88hR7UVkHVnAlxN9aagIDd8YvcbRIdG0q4BbXjz0gk8Pl+imP/modTrqTT8Ww2q3v4Hf2Or2HdSGceUWsB0Oyf61FDFeVFrOOHQLzr2bzsorbGEqN75vPZmNcHVx0jyh/ijmRxd3zAXs108uXuDIS1LKIA72sYwpmcstFirU2q7NpQfCqW4yZYotzKIEuX20VnJEgh9lYjXLawgSTUQtMKWs5VwNVwo3gPuDWl8IOAV5+4czw07fnJ07CVcIWwCFS1fOC8rB0T+rQS9J4B7hm0p+2oNXDapYEXjYh7ZVs/C+vpw/V4DtSfeo6jMH7xG6g3Mf6FHK78tw4Nbc4mO94B21TzeWzQaZofWYUDWMTrW9ATt1rVhxJaLeGZPMv7ekE5+povx/YMaLGtXBxXz1WSgdhXN2ifAQc2X7GK8D14fMqW75mf4gZcL9Su8o9meDIoyf+ijmR+0Ly6GUNUqqPnohxtN9EhqaTHNuPAah6sMYe9CCdhGgeDangSi52fCiyWfIB3O4bjeKbAnJxVqHUToGevDEy0FWDb3F1wXUQc++44FS4+jifBkWv7FC9YlzqPuOXNBdXYB/MjSBa/7LtCQH0+ZT3bSc6NJ5N1jSWmGA+wqL4eBHrVUZVJIO7t0wWRLPKnubyTlDhkUL5vBv0SkKaPeFjbYdaNC0ClYMm8v5FdLgbKEF4deGYbmEEnisk8Q8bqAkw8RzttcxTGz/Cgu9hs7fTeBVNU/eDNHEYLH3cTBmmd8/XQBLIm8gvnPR+Gy695g616Ci8U1QVf6FQgJNdDXCf/BqinpULN3EL7lNvNw8g44HCEF5klAbZOMICvJHfM0NnJtqCPUxlmCx1YTSG7wpSINdbg2IIiFa0eBQ4cOHP8aCk9sHqHG7mug5P8MP1i9BPEJqlj/PpcD0s5Sc0waZJ6YDBUzZnNvtC39Nb0C2kkVKOtfjGb9wnyjfjW/0k6B5T6NfDwfYPWIYFDSLqV176ezTUAt50puhs0bPfmrgxjNeexIW313Y9vIsQAhNSR+ninA0pr3Nhlz5GoTVG20xE0rvPjhDDt8fH43C31GoDlCuGW2G1YOypCbyH6Okq0GHRs5aN/ijnFCLZgQWcDNtzUgrj+dL0vfIGuDSjB02oTih0VQTa4EAgVPU2HoHuwUlYNRItqQ/2A6XnE8BanbX6PZhK90OB5wztd9oPn8KY35Pgwj1HLoeJsZSJ5cAD96PvBRbXEatJiPK27PB/Ex1+g8neZ5hr/xvudinHN0BAwsc6NT93QpKXk1VUcIQ8QfB+5vesgfcmNp8uPj/DD5ATRKKkOWUi+0/VOjZfNlaHpGLf5tHYvWE7zpyfOreNLUnDM2qdCqfTqQWnYQ+mWmQouSMPvFxWLIwUmU8egFOavN4C8Ca0Hz4RoKD5oO3SpGsF1lFa+x+QLrPbqw/Hw0Glpe5Bsn5vPCnU6U2etPQysloH/FIfq89wPdnRMBpR8fgvgtG3A7K4rbs7JhZ8tePHgqDFs2KIG/gxSqndzBUX1nYF2mMs75aESY0445mnrYeHQB+cwaIMub4+Ht6C0UUnKd7p8OogdT7lK17SaOSzzE8TwTl/2+gtdH6ED5PxOwP6sPvCUM9X+/AYOfCVTkmAQ6keMpK0+a7aQqcJbDRJIfrw2TRuTjvK5YcMr8jaGOf3DA/xGbhYzDF4W5NBRnQ9nDhiCzQBEWJm2jC4UncZpwLSVnWnNTzlJ227GSbmRexu8ivvyyohKXOotD6ZfTeFplLEbt8kPz7F4O+JIA9slOMO38HUTRXbRv7xKc2ywNqfcm4+6dBly/rwQweidtad6GqbInoX35Iwj/fIhEZwajteokGFzfQPtDTdlc/ia1d/iC2L498PPoQvAX/4e7045AVk4DrJxhCuYZd3CytT7cf2uOo4pEOPzDQchWiuKEGdqwuXgljHC2wdB4Q1jYNREzJ8+Cuos74YajNuQvi4aUwSdga5wP2xpOk/1pezrwejzcFdpIAYovKdpNCwcVHDkmPA9WOc1lo7nqHLLxAolv3UxjfKTB/VwW5j1Jx1knl9A8KQ9I3bKKHGRGwZhXYbhm3i9aecYWCu5Ngff6G8DG6Ads/dlCpWtWsYRdP8+OfUfpz3N5oXMgfyq4w9bZitB98DooFG3hxMnX4fV6afiWr4SLpSvY8Y8IjdZ+wW+rp5JuugWkHt1B17okaYpWFp5pfEFGx1Wo3VWGN3/tA4uOOdTSkw0vx02GTbM30I5zV3lHuyZrKb0lp0Gkmt5G9hn1BHf/J4Vz6CscyBgDISKTQURNnG99mQDPA73BeWETzzKLh8qFxyBgcDZv0imhZnMzcD4oxCUqn6i4s5CObbfE+tprpHnSnHI6LHGszlsI+3Ib6mvFwVRbjgJgF7tXN5LqiGc4Yvow2isilaUtgUpfpsUfE2jY1hT6xUXonHIBlLu6gJ/EaGxrvU3J47Op0PYaC30ogwNF6SwjZQZ6l9txekkiSe+05VF/72HW4TBwELkEUb7rQfLaHLK3O4ULxKfDzYHtnCS2EXstV6LywmOcet4E9O7uoFUukayASVj0bjG7KSuCheswSx+/i8+KamD8SA84KVnOa2/lcqW9IdbMfUMhgl40OlsdilY+gs1mVkAhoaC44z1eGVwKpxWL0S3sLppKPsKmkt9QK6YIaoVzAGbPgNkbI1l4vAJFBqfTFMcQrA10haHpgfRecTv8WCcOUYs24SV3I3onfw+MYTaenbONvc/40Y3/fFDkw12YrHWCW6VVYHOWKQy0BILmyp0w6UcK7DdZzCV79jGKASSOFGPd4gl8S1sGIsbsQwEjB7DF/TzqtiGfy81kax1FTj82zLLKg2zW+xbF9ppDZL89poaO5LzEfThFNpRUjg1Blaw5rNr4mptndECn8mee+loDZH0e0v2StWwZJAru/R1U9K2ShR9txfSFT/Du/evs4/EWus0k4Fx9Nh5OVOHBeY54UOgaBpyupFs2l0n29kxKmy1EQc7TqeXqDGhKGEYccxgUWobg4uYluORxAqjdXEKN439CvYwsTpcYR1OOScDDgcf8+UY697+XwqW3HuDnpy4otCeV7075wro2QfhKqIPr2RB05I7zTHslSH4nC5U/VnDczVkwJ+cV/8zpoO1rm6DgmS/tENUEF502XOHvTJ11opATbwA/h/bh0JZd2Fy+lUznqOOiw6u5VVgRvvzWZ/vD22kDlaBoaCCaCqvjs3HzeNxMYzbSM4KnK2Zj+nkFeFycBJLT1HhCuTg2Wr+C4b536BzfB5d25dLMzVvRumo1/QYNsEuU4PRSWTKZ957FKYwqdgTQ/YPPqcVlkDJWHsPKaATbECXILynBdw2L4NncajL6a8BO+vmwV1UY46zC2O5lL135ak+NF0zhTKgHpE2rxbsBBZg9V5BqtkeS8U5lXiptiWE/Kvl2ZTUMFhnDu402MPqMPWqIPqeP5m0U9lCHL72KptjtzXjG0BrsktzwfJM+CK8O4NkPWjCmeDEvuz4G0n685XEnroJMDsFZkVa+USxKOvFKcLsgjO01r1DG01s0f/8v3qUwnzlAgYxcJwIFe+J1jxPw+hnB5Z8X8JN+BHqfraXL43r41Nph6hL4xPVagNudT8KN1ULw7owMLNQfiXtEd/Pl019AXzOBHobU0qnAVSw5ORdcHeuxe6cKPhozEtqmamNPjDHa6tbyTeOp6Ls3Djo9i0CyQxBVj1pQsn0DCj6TAW+3c7gwIpIODP0CSQkJXPQVWfhOOtY3N2H9LBnamVOME7ZJwjirY3AzqIALNA1pz4jbbCa/jTSF3eFD1AE22OMGbT7N+J+YFGi0B2L4yQoQfmlJyyV06aasK/xZEsGKqQUoVhlNZtHqIOY1DWytzpHWswXYrPaQs563UHGbHzkvd4W8r3VgpXSWBEmB+4VlYOJ/FXjAPAGva4Rj5Y7d/PZEHBpqKGKB3mz+aq4Fsz2+0HTt8XC4pp4tFTZQRMBNOKFaxL10l/U3vcGEpQF4NWMKaz8vgwXiKhC2YRAnLQrGMtW58OmnIfT8DmIZaTH+IFHHB+dkwcDuAeRoFShwPAHqYatAWHs7zYvfidnL7vABiVOcL3wcLcblo2rFOX68COFSVixetzsOKxVG0tv/duCg4EIMfH8W/PLq8L89c/hS8C3KL1KH6EABcL6QwxdaR0Hl/gMYPEqZLk1K5tiBbrIuDKCV9etgZO9YyF+IrC7oyIc+64CsXjAVZd7A2zflOKR+Plz/tJp1jGRRMFYeekqnYOLDJLj8M4m3d+XQ5I9r4KTOUTC6fRk84jzB4N1htv+sCP2rBun5inJY5huBfWZNUCG3G1e13mWX5VPw0249GtF4CcOsCD6aR2PfisP89vweHPYfgmh9K/jofoDHNHjgnF5Pqt3QAiqRCvDk2Aq4IRbAo7x7MM/+EcZajmOL/ZL0VNYF4mr0WWxFHujeZLh7Owy19JZgtcNtULa6wKPFsmHp1mGUFGqnqymjqKbaC+TDJWHGn2kUqJvEb36u5tYvN3isswicar6LAp808fEzJbg6LhwCJCXhc1wsjYywpgodHVzg1ITX9zLKXVhHFC4IWWU7QSjLDloaGSYobmBYsAc/vnOg3zNugopuPS8Kj+CbHoEw8BfRxaAGSsgI0jzmUfKuYgxLdiLLPi1omiHAV16NR/FzyrDxVgB7zi2C77/1YG7hGiqagyx7Vw9eLI/FOetHQEDjCvok8RA6NynSvLExuGv+JDjg3k/tlV68VSmKDgV5wIT1d7ChXxCkDhby3iP3SIwsQFJbGebXWlHP5HV4bm04atkmQsYTFbh/aQwbxWnz7wwhbOw8Dyai08B94RZ6lCaH3b76EPxsNgsGrEa9HU+5wl2XP5+fDwWHu2ihFUHP+kVoeHwxWP9cBaEGkiw9YTeuKfwCq6qVMaOvgX/Ix0CToxZ8ylJg/wpXnjNSE95ftwHR1kKW3P6IbNb9oTdCM2DqBUlaFi4A70Om8b1tDSQ8YTL1bT4H1/RnY7nsD/DU8WcwiqPwIF/uC9MGNZlhKJ1Zjc8sC9jJ/Dwc6TdEoeO7oM1ODFY77EP/9bvwTZg+7B5MgRa5eWz7pZ5znI/Qinn7cbrJNpLvcYAl9uN5ULScOw8Ig0ayJjde3QoO0jLUP9BAbsZz4dXWDraW/w+WLOyghNmWUJM7AqSWW9K8HE80PhXCc57NgwkvpcBvsS/ekFwDt6sd6MFZT0w2MwPs1sExiXroduAg2A9bYUxBGX41tqET25aATdBKmLWrgihCH7b8teM7M/24NCoPNlufpZ6FtViY2oOpQVK07L0alGZkUFmiHNirlfDJW/G4ev4P2mCey+cuGYKC+3QQS2kivTtP4XN4IuoFq8Hlt9sod2Q+TTs9COrua+FvmjmVb5iHwaNO8sudu+nWzQawVjEA0eL5WOZ6n4yjhUHc04lEX4+m06mb8Pu+OBretI//CqphClrA4EkRfiooTzdVS+nAPzP+lv2CHua14IeNmhRxzI3Wq9Wx5TcNCLgtxbWGMuh91Rht8A8qSh7iFrEDoJdwm58mf4bF17tAU0UQqhVL2E3YGPwTPfGa4kX8IHEcR9kIg29eHS9Ys4tf9KSzZ7ol/C4z44ytnfS4u5KLQ9RYeY4hPTH/QhEvtGGx6Vwy2pcHNd2jACa00TfXF3wg8yWILhyHdYHBvNBoLW3YuxfuTT+OoWLW6KdvCueC5/CTk6fgp0om3Nxngjlbt8NWxW7oaLqBr82vk/D3kTT+qwBMXGyDKQ8vgO5lA/iR10BZLwxIZSCBJX4XsIjwceQVuyh/jA7Ib94Nn3vTaW60Mpza8IWzAmRg0LoM5UYsxuC4xWx1eiK9+TAdcib/4y1Vmdx9QYwvpQSj7aZRfNxoPmbdMgPDeb9o9RE3clJThsjOGprwRIcCAwFL9ONQeZQkmbU+RuX/YnEg9hTOcvkFoVmmEOzZyHbf5tKEwrX0Uf0Vy7xB1PIYSV0PfmP/qkCWOiKGJ3gkGJ/3wdm1bbzCUY79E6M4rXsrhFf4sd3TU3xI9hpPWfuVXBIYXvUQ1op7UuPFepom2UOrKlPpXV0Ih0qE8cknWahoZg3Dn0XghZwuJRg9Qh8vCxzn0oWRM9X5v1JfmlSfgyFJ5ax4Iga73SaB+ZmX6Dr+CQSXXWDFtTsw282MpgUZw6vTI3BJrSmCyD7UjVOBrM0tMDXmOWtoh/CoLZPJZlMSaFXPg8PPXrBhmCJ+GTBg70YjWHfpEN3WXo57ZplBJxpzf8oF+OtdRS3K4njeR4BMknMh3HUSsKA9Bl5UZK1z4Rw35hd5jNamCRse09pPzVA/+B001Tagv7E0THnRAGe36ZC30E/IsMkBzSem7Fb2k9/9sgeBS8rkk6cJY9fqgPGXj/jpijxXqW4Bl2euNDrxAfzdMp3/e/QF9SqqSNV1HObfHgHLf/uhWYc3ullkU/6XDZTWKQJ9SX9pZmAPZS06yyumMSyTV4E7AU95MDcM7gquwMIFPmjYXQml55Mp/poF/fI9BjZnY9kyYDwcy9YF3+gs8psggZomy+GCxmGYH1XCYsMRNDL7PRiWrEXxC/pga6tCmXG57LDMmV45toN0VxmNGTGG3xbYQ+evERwo2stL5RUh6fclnuE+mj8JSePpbAmyG/7MB3umwTavMaBuNZnvK8XCeM/R4B9VxMlJW3GMx3m6vHEiD/+9iWIbFpBJ1XMQ8F3B+zv6ebb3eCjMZbrXeYduRLTCzBJTHi4dBevtb7CjpANOueEN0s83QoqtMTyvioQ7LTr8LU0dVreNpWr0Yqk4DbJe9oUDz28FDcGFdDBVCibDe1LPquKZZhPpYEQQhdRa0d/+AF4lbkBDS79zi1YDLXM1gNKzz2nL5sU4emsulZsZYVeTKGXu+c6PLObT+u/vyeFMFI+6rwJPL9mDzewBarq6l7pXpLHb7Ai4sS4QRq+ciXGjDfjKpHbYZmACVzs7qNr9G9+ScKIbC9pgc8NaXEsdJLH4HXfvioLNPurgoakFLZ6zOe5kNLdGRNHTu89JsTCFqn28oeXRK7x/XBS+fFlLsl5T4PvlmZSnfZh9UzZS8dvLtGulAN41tOddvRPY3WwIPqt94b51M2C2aSCn75SmBcf30EDETPKfGgzlJar81UIdBGANnR2qgG1TJkJobwAffJGP221FwdwsnjeaqmLkliourb4KoZtDuWVLF7SLy8NHqwoKbqiE+pvxdFZuHe8yq4LBcSok4CVFqksiwK19NksfVgD75lbKU1tE7hcfs/bz33inwgnuKyyA5GtdFFbkBrLr7OB7nwKotZ6jqhkLWLrCCs9PPwcqstHo31YJ545+Qo4+Q/mFtyG10BTEWl+Ac/AF+BrURFE6Opi+UwD2KmzGq8u2c4hEMPR55NGBWnN4E3AZ+vqGaZvPFfxgtIr2PO7BpNJ2dnoni33630Dd8RfP8ZsBPaeksSAtmsZJ3eTzavYw++xMLvu3miqnAJb9iaHjRibQf18GJF6mwt0DR9nqTAs0XT8Kj6UP8o4cJTD58IS2JhpA3EZC/0mT4cHSNZh9IgvuZRHItV2GkNg5UOS6iUWONsGGwGSyVFyDXatGQxwkw8ar27jYUwCF1l7hh89/oc33N+xnjlh6IZUOJjnxjngBUPl6nA9LrwFjjSP88UEYvGkVxpMvYzE6yp1FAr9RvWQPVY8FiBpciksmptE3TR+aLbcCYtztIHaBBPl5jYTzguvIO3krXTtsCDVt6eh/t4eqZg2TxdohoFwLytoyE/1lK9AsYxjm+q7hiEYTqN6kiSWPz4Plh3iAZ3U0ZHCWp8w9Smm7w8Gw0heHtmrwyAotuNwTx2/05DEgKh7Tr99je71rWK3zk/Ll/qOzxU+wYZcpqMeYgWBDMe7ZbEKhAQF0xKGeS/I/cJ2jPDp7D+HFv4mAObG0NmgsaG0QhoIhImXVO2SUlAnlo5Oh6YAFBm6eSOel1kOl3Fbo26cAbgGj2HapNRvnf8fmM7Y0t7IT1uS/piX2dbgtyYkzvXtZYakh/PmQzGveGoIzzedZjjZc1fiNZO3WQpVbI3ZV11PVqu08X8YSrjxNQOFqU/6VZcGPfsrg0pnt8KNbky4ZRvE100qWrzkFUv4a8C25Cgari3GjwxcuulcMsQHfQFJxA3ebLSAHr68wZoYsR65hWIKv8enZHHww0QSECo7x9XG38EKMGFaUJfOvn3/JZsiDdWaPgmZve/w2zRQ2BW2iyszdEHlBiCuuLuU7KS/p3oYlFKzbjPqKQtB6UhlF5Z7C4Rfm2HfShBQeSqHLRR/4LnkbN8QcAeeYfeDspQkb/R7C/DOVeCMzjR4NVUPlHU10eakARTYm9J/fJFI23AQvpguAmds5XqluT/kBliRemE6aDr08VsobRQcU0XmZAUUvOQ9nxljA6XU36bn6Mxw95QDvE95DfzIdKFqvF96kngcVwTwusZnFT7wlYMTjFZDg9ZVEGj2o92cevJtuTh+7H1G2jBqeLJCkzD2L6FWOKKzZq0T9zaV4QvAiHX7TQ/dXT+fsVg1yePQQQnaGcoDeWxosMYRjpnvIya0flf9N4KDzImxT8ontHS1p6tEM+jatBtxNpTlGQAwG81PIudMB3sf5Q0q+Frp9qKfRYaPx3463/Np1MR8fvsuffo+Gkr92YJPlRbfflJHYuEUYMxCNIv/KKY0+8/LXM0Dw70u6OYnAPdYeTJaXwsy9IzmQfVnDsIAjHJ3xs7wlK77IBcHR67D84BT4VHwDpIzvQ+/ru9Cx7iNMEukHbc3dvDzzK7j6VOKjHfKYUSMFh/cP8V9rBRZ+10Z26lPR44EztfoqcMtwD6pWjMarL7Xw4CIdmGujx5Y3LVHLJ5+urtnGWvv88b9DByj1pwSO0rHjwvGLYOtmeZi/9RZFF91G2XHL4IbuKEaDe4jeW3BtdADvbH7Exs9mcmv3WNh1Q5sCpJI5ynoZmuUJ8avEFPyRchxetzzF12qr8eSxOtqwVQwq5ori/hpf7gw9iyscH5L2SkkODpgGz/O8oORNDF7f+ZoM/EXgwOZRELDSho4+z6K25lrsvugLhkf+Ue3qaxgfsBg+PHbnP2aTYee/h7TmmB7tsDzGvUUFZO0XxisCE1Cm+RCkzeviAJtH/NRCH3J+JKDqtGHQuWnPliaO8Gq3HRh1GYN5Yx5uD3fH9cOPcHCUBMCeUTAh2AUfvvfCBRcK4WugGZ49mo/zqx/Cgbw5rFR/mqVHMry+dQ+e7FjLKSHT4J+eII07Hg4LdP355fsnrKGzmFrObeG+VAvgNgNOt/6Oe+t3QEtKEn1+oUB/av8i2HfhNdBAcuihmChD+O4pANeinCD5oxGEf7rFhgO7yU43iA6fWo6uiamsa+dD254aQk1wLUd4pNPbH2OwJGkJWAWW8pX3ddAt/gh0HLfQxvlreZHmCHgxNJuLk/aB7p5rZCtiwI+L97NM9yNodknB5YEhJLdWD9R7pkLuHMa4KQ+pIFiLvo5O4jCLAI7kZ2wvFAOxdZuwUEmGFPaqQs6cBiz5sh/bFdfR1JHToE/gNbQOPIFnE8ogv3IyGns/5O8HDODUWFn63OwON6sN8MjnyXA8XAUCBqdR2r5MuPpbDm/UJZCquiI0aQtByrtofHq8iSpqWvBqiQNfHmiAlBkCMEflIU2rGwVyQ5NBaJokFHnMYpmCSVR1SB4r3ymzwltD8PpkCkWmYmSV85YTJ2hB3EZhtpx3jY1XivOJoCq6d2MKyzq9IpMT36E5wYcfWOniGWVZCHgvTr3hyVwxKYeLoodpukIe7m9ohbOPTOmxywDGCF8jqe4xoHBLEtyTV3J0syQnXB4i41OeHPlTlYQcl7FXnQq8OcegMsIKMqsqcZnOX0h4OMRCUAU1VI/nO4whbJMBe7etYk1vCyx6Mxr2nw6iF9GXMDFZgWO2F5CzxQ1MbMpj63IrGPfsJaxNXUIddaqwaIQRnOw8zspNveyclkqRnrpg/XwB1hlkQc8Lec4M/UsPDxlB266n2PVHgsMn5POCo39QuH2A3lxLRC0IAaUjXlgx/Tv8KZsOovuv4Jjvh6jm+RW0tV2FPn1TccjqBE5I7OKpZ8ZjNWZj7lkNEDUcBDZXg3K7SOjYfQlVvgezZVkln02Kg+il++BjUjBZ9wjBFaNgOvhnJ7oZiuKjC5f42Qkj8Ao/he+HClHstxXF3l6K3lflYPdqBQ4/dhh3O8yCnLrVLHDFBjc3KXDOh1zO2HcQv5ocwofrLGGkZgKqluvh7TUBWFX4i4/4LMATCUqkUVoNKyQUkAI8qd5HHZQElSjwjxjciRSjg4p1pHNeBPRGG0EipvPVqiiq+7oAXj9gqGo7h8bG5dAmtxeD1SLJal0wrM/2hJv6dWA1t522GF1C711qoLb9DI19kYNLOoV4kkgBeI3Khdl6Snh7biK0LhkNm759ppC/U8An9wx1mpajSsswfow8Sec5FiMSnrD/nDSauu8Apk0fQPt8UZgidxeV5cvI8IcAW9z/gfnpREMh+8DUYSeu3lMLbekdlHBsGpSdHoKK1O0Y/j9x96EIhKIGAPgfISMSUnZWEZLIShQHRUtLCknRIu2ljFJJVoRCpawkMxUppNCgREtGpETapSjcx7hP8i0K5/o1J8Hg1WWIFl/AAp0SZBkiRVWSR+l5oyAUlyIdDE6hjevO8v2r8ZR7xA8+j2pA/VYL0u9qYtttznisaBRMlLsDm//NwhVzF+CUHW9Y70s4XmvI5HX8CFZdfIWqnWdw41uEmNllMG7JGrqab49H9NtJLkwaxqltAkFeQFsC9vGvR6cgxU8HfvmLYt2+HyAnZoo/lVfDGL0hGtnQhIunrIbQM5fRLrkKZ6pLwSRZLd7xiaDXVJ8GFTaz7OJ6vi2QAvJzt7KmnRJ9dPLB44+FYN/GDfgcEe8G+ePvr3+oV6qJo0TO0gfxSbT2nhxp6+7DEZ9VQavNiOvkIsHqkxO5OmrTlKA2WLn1F2Xv+Qhe8nqUwCPx7RktCNl4GlRH+EDxmjyuTlzOEgU95Je3DNeeccNuhRyYJiFO3nkqELa4nPeLWvAUZ12OK0tG89xnMEEqD22mJ2Pz0x9wTKgQYgbl4cxXRzRcnMBDp/7gj7nSdNxmIeVAMZ2sk+OxEX8ADwzSjT9iMKLOkG5vU6GvkQvBCbbgAZ0XcGlRCz9b50o3NbZgX0IiLtwlA9aJ/3Df02Dw+HgeV4y+hk+u9/ON5FZSm/6URCCOJnat5A37pkFc1y0y0hqmvyUZ3BE4gOZbN9CZyya0uf4VtUQug6w+Q/pVbABfouqo72UvzVDcgwb+IXxFt5scR24njeVXoO78LloT704BLhbwraeFr+3fRkKp/RgeXw5ulxbiv5P7OF21mKyCpaDV5R6nLTEB58nLeHfsA36V84KczRNgom8zaZT+oGvnReGOVAGoVZ+HOKNxkLu0Et6OWMN5syvow/JV6CyxC7yu6pKK0An+eFiUGsJ70WQrQBz5odqkAF7vV0B7Lsrj4lWAzWvquLK3G1WPpmBXWiAdi54BL09M4/ceqri02wmXigrSHbtGSLsmDltr0zBKOpJl99/AqwtHQGXEZr49to0S0o2w+fI8DjX8DYdTF7JldhrMajvDk8bI8fJpI0Hq2X9Q+sqE/p5ahfOOzEeN3WN5bNIRPD+xA66eU8Cm/i4qrVOEY4utqeniCxCbp8JbJEz5+N1QHDWYCwZJC7lJMIoVv0vCamMxmPNUgKzkv/O096tY6sd4ljqRQP+E/4OQWDd8eL8AcrU9uWWdBkybOAvVSB6tjszjTltv7pn/kPyfGLBjsTGJlN5m8MmkJm9DyHsjzXalayFL9AVPr/Blra/xnJr5Df9aruMDIX9BUloOl8iIgMY7CzC83gqTTgXzk3t+lDa/iwM1yqHg+gCmXk8nk+fraLz7BHje8wMaWrfhZHMd+nDFFqWX3iK8tQfH/x1L2zvOwZgZK1h/qwQcjXrLMyYGgbGSCZT8V0QnPq+lKJVO9uspgMeHL/KW1ZkkmjIDRpSe5D+fdcFMxht1w+pw9DrkK1nr8KjGVxgroo+7MsvJIGUiPFB9AM1R72HarktUtnkpPhYWIuPEQA5Sn0mXctrQV9cXnshJwNjmRnxaOhtErsliv4YnB8r8oYz5e/HktXZ8Et9CGdGX4aGnLjxYF40uG1o586QI1nyJpZG5GnhQQ5OEDET4ctY4rjeKITt/abghHUo9rtG422kM3b4dTTKtI7g81Bvd3wmBeU8Yz7hwC4/PFoaRN2/ijoUXeLm7P5sWz6CZXoOw6NsEnif0mp99jAGh0K/8tWgyZK5+TH3DmejwQ5cSfn4CqeHX1N03Cy0td5Boug8d+3uSF9vow4soAT6TEIVy94bxmlAS3zx+HZcotaNXxxUa+D7I929vw4VF0nBruj/OtvzND4vvws63tZA7whWGPWZBf8ENTrIXxcLxI2DhbgYx13IILRxNL5Rk0f1LAEcMppFUbCzpjzSjS5v98eoFG7IpGwntfUtgR3EtGW6XIOGp8Xzsgig6XtoDh3f78JN0M+r4nkfu9ePgi0M6ZKZ5YaldNR24kc1eB27gUo8L/CFBmQqvJMD2CRqw4ZspiPWtxm87S2hgoxkqpDiT4/pB/GRpQVWPR7JvWCAFFv/Gk2tMQOHTJc5qDYEr4k9gwMWdMaaXuuMvQq7rKxr/wRTvh4zCT1UqMKKuBB3+iPHa1SdI4HMiTxZ+j+p+s6l9UBokDtuB+KnF6HrLDIY9EtBDMh9OWN7AgBev2cm2EFo3HYRSw0YYs9IMOk7+JZ+7ujBJeCNeEh3GtqJHpPXqPkx8qsm+XR9IzlqKXXXLKGjhP45JVYZ4BWe6ekuK/ZsfUIV1NuZrTebRA3fgVOlmGj4diBph3yDbFkD43wVe/5802Hcm0usVMyBg5B8OfBBJKoE1qLzxEq99EMS2lTIg0SZD4u2G5HJVAkI3xlCJlSYefmFPe0+nouOE7SQ1NYfsJIxAxeMVvl8fx9nau/hP9CVagL04s+YUOmxfSoHrmiHS2xbHBCjBvMex/MpbDTuLr6Dmexd+87uf3lg2oZOOFkR/z6RJjydwYKAxPL4yCsbGv8WCNGfS0+7AJbX3IaDZkJoLNtLjRAd+06THA3uVYLqIAojmdtCctYpsf3ofbyoM4dprf6hj5xGcoLkUgi2F0fmnIaSr+7O4kwBFps+CNZPfsYjVOa6Z/ItnSanSJeUamlk7mcK7LKFxxQSs/rOGvmi2wKM9e+DP+F6I69vBGrq7UHV3AxaKbIZV0uJQJnWAFie+pv3DlbD3AcK54TH8VKOJjio6kFa9LVb8WUuu+gTp8bG4TmoqagSa00pnNe5MU2KtjCaQzFfi78X5OGGPJnx8Iw4ZJyNY4qkoTko4gjO368HqxjcY0fCC6hR04YZYEdzuPUQC5rLwPTuF99lH0OfMf3T160NY9kMSJv46xkePRPHmAW+QWh6KEi4WcH7pEWib+JaqFuaC91EFtPuWBdrnXuBL5VP47VscRviqUpGNEax6UMs7Fw6jVKgAhcqX4PlL3Xzt5UXW+jGESStC6MhWGTzwxRwOfnrFLzo8SdDcm484exNqz4UVwZcpR8gP/wk5cp7ZJFydNxmePimi/yICUb/UDIUuP2EdSy181HwMvu6PRZlQYebDR9B1zxR4LfOaJ8bPg+tfirlcspslc/opdLYXjNltjJfU5uHeY6KQZz8OSu88Qf+rO8Ct0otcRIX5X9salBSShBz5IPCYf4RH1ajw9jYjKH+rzR8OVNOpAF1K/7gEV9Y7w38ye8gr2Ri1NyWCw29jHPeVQedwAusdFWDt8Hq6Hr2Z7/bOpJa5+vxVyoaiFJaDj0Io/NTWgF2v4vii7Quu9xagxE3KUDTChkJlpehyyVGI3JTLQ4YREC+hCDnixrD59QK4VuQO275p05YZF7BeCuGTZTa2nZakoT8X8N1tcYjZaMEHzmyl/fuGOGqmH9q/mAh/PffDnjRJTk1cywdOVUHjQknYs/EZK5d9hbld7vxJopbr1tlCc9JomvzyLJ4N1YAgQ0D6LgaT7iyCIw8daWPFA85qV2YP2Vm8pe8fxmjt4DQdV1KZs4ve8zTIOLuH30+s4oIzJ/hkTggVLhgDr2TG4EmvZChoMcHvXmn4YP50ELoZxOb3NkFgTh6r/ZZmz3pFVLLex2pBnzDGbi3MmbONLx3ThZ/FZyFX3BHKbt/Gsyq7eHnUfRw6N4k+/06AN/trqFz6NNir6YKlaB+1Ocvynfi/rLJ/DhXfTEPrs2Ow6Y0Ejtf4SeGaN2ngnCVsiraH3Iu+MEVqCi6VF4DLwYxeCgnwaG8nSAtZsY/pIOpMMIEV4Q/h8Lb93OFFKHVNgrYfVsU/GSvY6+cF3JC4EZ9KhePijJkQ9e4DThdXARfxRpboq2CnEw5w/+4aOjH6Gje3qvG98m5ItNGHWR0H0LN2Ku4v8YMZJndg1b/7sGh4KjW5lYCupwgOKp/DZh8lEN5uBSmPB3jbnEM8OPYeFnTkcZtkOtIpFTi/y5+dH++l3WmTQeFlBf5IJ8wa/wX+SzKDYH1DnKsMHJRWhUUe8/j2F3XUTjaFUy8vAJy4yF/fA7TJ6MOxgcOwougjpvuVk/o7GX7msBsHplpA7LZhUh1aQ/vNGMdJFfPK+/n8+/hlPNKlhW1Xf6FmQTHfHyEMe2N/kseQK9hF5mGjxmze2zses17K0hHhGFgiNYgdLhP4wxhNeOr7CjBwEkrbzuHHdVo4PyAA3n7dQnGronBVRCVXfTiE+w3FQGJGEh/Kj6Ai5/Hwz0QVpt6uYe2fBjjf4xT/s13EjxyPoPlTMVC1OMoLwvfzguYwyu+RAjf/WizfOxNVWjPo6q2tPHmCLUw3nwwFy3dh+ZQ+HBd3g+0ig2GgJAB9FVvBN3YhSjqeZt76GRskjOGG2AQc0TkMx63/oFa0HpsrNIL22UR42/mYkxYdQ9/qbVS/UAtqo8bQUq0L6PuqFu26vtHHDckgfnUkwPow/B66HFvDXWHKFQs42P0CJV0soO3mItLyjuSjZ5L40sOznLzelh27U7HIcAVZBMvCT1UDir00RPcbBNihJY4+h8RBeMQ0sk7LYb/MYRB+vYn3ZSLs/TiB1Qs+w52mbbzA6DgGnChmP3Nn1Dv4lTrv7uVq+VQMPSALmq+vUvOSuyQ5FEuescaoeHAk2v45wAoNZmi9NBW730/hbGdTEGv2osRTO7A0+hSVt8lgzM6D9C3RHO+kSqL7LEk+hFN5nTfCueMj0D0yjF5sPgrmR9youHAk3/j6gW5MiOO58aFwRF6YO50t4Fh6ADp9RsCgMSi6JY7VC8RB3VcIM6JFcZVXId65foLOPVWANos9mBwiSmfoPi84+R6szs0AkwJ1ys9sxzkxZTSz3wNf2zGISQ5D45JmqJT4CNXb3chX6TaGJhTw54Re/uQQguq/CF+264K14yDqJm7jX8/y6OIaWzyz/zMunPSdFFs/Y+mbHfB8zGGUyR0J7Yt7+PtkazzXUY+loVvI1SqbqzckwpffO3i6fw7/O/0KZl/RhW6Ja1BzpIIKRsqg5LR37GtgT4ckdnHfcBn2T++jl/O0aJq3PlgqPQRX/RVUmVxPU+0VyCxCjPe8DEH9X03UeD2MhETP40lFJdhdrArlrwyhzjuY5UXrOWfeX7I+8IvDJi5Ek/FmsKMkgGITpcDqwy7oXNRP8/2L6GuSPerqBeLlOzl4MOI8WqdP4YRXguDWKgN/Ta1gWtp4UtxewmqbcvlU1y5c986V6suqeH65EOyyF0WVcA3oGuPDeb1KJPWzl0yzg/DMaT16aRQEs9+KUd8VQ1It7+FUDwG4FXCQH4VKUGVHAn7XN4P2ilwMDu+BUN1fON3HApOSj8CYs9OgUjeDPslcp9FP35DF87cw4fUa2u4yl8NikDs+fQWZ3WPw2Bch2JiuxQcdNajOppJXf+hEiV0XeNKvZ7z/hCFUhR2FxZ/r8VCtMcyZPp+fnI9ndjqKehe1ueSxDs08dQUf3PYHqzgxnJ88CCmrTKDfrISPPm3izIMImkINPHPfAEZna/L2wyW0d8wPXmJ8CFNfq0NYsAKPyerjom3G0PragRZpdkLTsQzOPFLA71+uB7ttMVhaaAgy/8rpbm4Xr9w3iTljHU6Y18nbZk3E1OF9RI09fHPBZRgKl4b8SZmYJxoHN2uj0euAGMq31aM2LAEXz52kxsCWipUoGykJiygWA2qq4K7MAQid5EQSqgGgbr+QGypnU3CSFoQFa0Bu23RotT1Hqi2p9KZXALRCjDiv1ZZ0vZB+vHnIgx6Is+PMaI2dOmTtsuPQFZYgprgS02d+xe0ZBlwTJEpvu2ohaaU+3NraxVmrReH2hxQY63od9ojZ8/KnFfRs9C7Ur37Ct3qH6FeVOc3w+AlxwmNBRyCTyysv0aWkZyTzVo8FPl4D19XPMP1oMJCoHu63LGKByxLwXKqc39hvxptGwjTmTBUmNN9AlTTA85vzucyjB5fENrD1r1FwozqWmw7dRYfyp1DxXBv7b86h4i2T2EDwF19cehtlDtmB90ZDCNjwlUcmDvHo76YcohNK0S7a/E3En+9emE9qaivhwvkTmOWrBkZCinDvmD5MCjyImyZa85lGJdzDxdQQ/ZZWv+pnhcjjbBE/BQbSdtGvT0fw46ZzPNu3gw58PQQOcqpoFFVFXyNSuGJcMhecIgC3WzzyZyFsOeCER65PJSGHJxymM5oaW8eCbsQ4+OZ5ALNOKsIO+TJMMHhJPiZ20BBgTlequyg805duCYmyzadWvtLgiT2GUjCnpAkyYseBcf4TfrRTDHXbBUHgXROcbRamlVlt7EsV0PlCDdaEW9Creh32CpLB8OtE8ZqDvGnfRvhc4gZsK0tL37xg8eUzYGuiM4q+k0KHQif6Fz4frC808Y/hB+SXLkWn1x+kgpit0PJADR4XhVBQ7lzctWsvzvgtjE/OzOAMJxf8ToNwr7KFYgyuwOKQsaAxZi899ZTGq5IKsEQ8lo+OWoohx/U5Q34aWn9Hdpg2l5uEBeEe/KQJe7po591o0ir05RVjZKnATRg6fNRBueUCb3Rupp4IY5id7Qobxrnh0lUJtLP0LTbo13PdCWkwv3yPzydNoYkjkzHPUxvyd+ph6IoEbHxNsLRZgNcX7kaphO3sO/MAWLdGwNKgexzqPROiAq7RrMpXGHHtD30Ha6q+3EN960142KaX4lWD2O2DM1n5y4C2uzpf3ZPIG9eakOB5O1bZ3YCpyjXQyE+gRuoWzTijy39cLSBnej61Na6hzddjabnSEYrq2gP1c/+Q8/EHEJReBjol+bQzzgQGq9PI2ucrmea4ACWdY/k93aAUWwNXk05iz4VO2lb3DS79VIL1i76z0fxdqH/oJ3mIBWPmbGcODbFnp+e+VLJtJn1v6aUt3iYQF7OKz/5Rh8t1F3ghnODdfnJsRotQImwsChWpcsL2AbQImg76ljvJP3QpvYr35yDlqzzkXMBz1j/gvMFPPBiri2+PunDFRlNISPEkqW3TeJxNGky8n8phnqPBVPsJXYxhLPtSjhu/LOTlJpZQ+nIYDjx6zePypnGlYynPlLOBvDBX0OsbCT57RTB7pCR+a7eEY8G6nL+3ja7npmP4jPvQnpRHZ6be4ec39tIBx/k4i57Dt9wZYLBcmvS3lJCfZjhbf9biZQV+cDjdgRbcqKI7+2WhuLIPryrrQFdzCLQpr8RYq3JOffmRLyld4BczttIiK2cquDARdCIWo7efEqgl5fC395/xgPBusBNKpMVqZ3HKlBv0ye86FL5eBYabZFn0xAQwq1kD00KJl+tdgdovkpTfkgebVGVQYFk/Pmy6yfXOCGveSYLtJ1OW3XkLYg9txnNZ+gDVMbDyZjEfKQew6/tAOi4T+JC/LsTf2Is1QXH08eR/ELfAEs/0Z0Ga2Geym+LA/SdmQIL7QtpxAMC/UQMsrHxwWacZJcQV8ILSIjwVfZB6o9fQratXSOfGSYhnWRjRf4ts2mMpUeQYtTcdRhGfLbjsP3lSjCimz7lbOcbYjTav04ClKZVwsHgD5Mc9pHlJyXinXwXaH6dAUNUgy1wrpFWB93lnlhYcu6+PQgNvuLzxAsrPSAKoeI8PLAc5oE6C7mjI04k+GX7dOxmW+vzm19kH6ZDfc15afIEyC8shu3IQcJY3dpmtZn7/mYMELaE3qAC/PtqBNwXEaZKmMQaWzqCTTitIIy0e6u850rax5zFwlAzISqzmkNq7FLXEn+Z+dwW3SiEeNXYkWFiP5GdyK+HywdloeEge+jVEwMkhDh0Do+nk2dUcF6kLz389479FwXzzjTR5/wtDGWslkIM8LK4e5OmLbWF86Gl4/Gkpfc/8x4VXInBT6geKknjFplungl7HM/TWeQoWIknwbv4+wNf7eOf507TabQ86traBlqIwtT4QhqboH9hUnQXNqZ14Q20x6AyOYqlmN5ok8w5Sq86jz9Af+q6kBaHKM6gubzLTmUHeXmHPbTJHwKg3hZps30KW7G4WOWhNc6bJw8MH7STkeISCCj1xg2MW6LaX4w9yBUyYhU1/G7A23RMfbFSD3405HK5jz82ZdzFL/DwpZ0rz8mWipC5iigpztoKwYyHv3mEMk8dv5+/SKXS2XJFih4/TuvZCiPk4CjP2XwTXFlFc+VGQI9dNB+ucZ7SzuQFb9lrw6XuPyEKM4IfmJ7j56jCfMx0Dny64wOVUE7h55BKmLj5N0YXpYF8niSOzG7B9hyKGBW/H3tfPsaw3iZZbK8JvY21aIGHG91U3YczjfsToBl6XqYzT98igbvp06NX25/u+U0D4UToEDBWDyOkMGkzrYV+Fj7xLaC3/XlVPJ5+p0ZgfhXg80QLWJqvSAq96kHQThn2te0m38BqLCR0HHHeYKE2XtlkV8Q9pI3DUzmLvS+E0omwKxMxJpCkSLmD3VY2vWDbDbPUPfMrwKMvZaEPeuRA4ZtRHTzyb6WLXfDpf6AphD5X5T6McNqXZ81jNFkwqEwC7TU9ZpGYdvdMej8++uoPAl2PYXN+JK+Qr8NeF92jl0w0mEyVh7n9BLGawAltObWC1tl6SXRNItoHPoPJUDS2RsAIXsZtc8FEXdsQvpPsVltC7ZxvkPbQjc7saqv+mRQl/BSBxkSwuU9bh5zsEoEjiHc45YEO/bGbjjKa/fNkgCT8cOM73T7zExKZqLr1vRU31BvC+WgrjY+eBg+lqNtEoh6oCK/S+Gk4H70nDj7RCuji5G0+licG6lV04duEn8jN9ySJJSagZfA5hUQNOn/GTH/5IhaSRK2DrNk1469OFP4a8oaZ1Azo8aYfJ/JWspF5Tzc6J7FW+EEN3SpD/XnGYsPoEf3ohift+/cQl4yXRynoCK9lmskbgF5BAIBkRSTroLwENXUIkUrmYnFwL+WCyLS/+sxStjc1pn609fIhOxPHuN7HYTxDkx3xHya7FUNntxDqenlBX+RFyV7vhQ/4PCqSfYY97CEikmkBYaQh1ThtNP9+lEx6rp8akD6Aulw7j5nnQxXmO7DGhBJv9CP4uXgWbTo2kp1lSGDvFEeNniFB84B3s8igFnblGvMi/kRctJojVnsPhe/fxLdX7+KzvJwmsjOBVYw1owio7NNyqQNc6jCDnqTAsNkkC5bLNcP3aRpDrGcGmcs74X7U1a3lLAH1N43GT1lHAsDl4zrtHIqmmXHXUE1RVP1LGBnXau/45qx95TyFxgSh0Zx1fyJOBUMnzjMdP0kr39zy8KwpqPt/nvloxrFZM45t5k3n5KYRcAXFYPHIpNKXv5muRZ2Fd619MdUrCUROTIW7dMzw16jhqfjmM/pWy4KJjzLl5uTy5tQKmVa3lGQo5YHjtDoqvWQTvFuXTSIF0NCuWgfUrNOjE41hYeeUc1GkXsMDwStpouhOM5d9x1qd57OYzwINq8qCpIcRCHWK0U+4D3Yraz+Nn+NI9v2BQ+qgOjqPloV8/HGYJjYDHt+Lx4Le9qPonEmzO9qN1yV+8cVQTRTdPwes9AzReTx8aJMVB8Gs2flBHWL/AieaHe8IyFyv2hh0o8zgWpJ2EsVJwI/j1CoJj2Q7s3buKvG47c/L0MyDy9QT9G/Uc+0P+ciy8ozWjVsOeZAEwgEKw9b6BK/y/sWxwAc54cJ5E3IkDfvlhlNFHcAqtpvhBFZjvNB/HdThDjkAsl1qdpkE5PZyuLoH/ZSzFw3r53HSgBIOeAOg2XIOhPZaQP/c/cPZdDadfncI/9pV0IaGfhjYfY2Wrh2Q8pAGr5Z6Ag/8Rkp4FpFyuSgUKLnT/gjoluWhyy6cfuLEhGpNfaULz92Vka1GHIolDJGy2jF4M3UcTn02QrbADddKOgO25aortQ9jw+DVqqSeQJuvilZoaHu2VQj+0WiA6/BrWbNzAP7u9WaHFBCwbs0D1gztbLV9CB+Uz2dGpkx9c38VH3y7ElocJXFH5kpsfacM/PEiCh405PbwA+m4/ReXhbu6T9IBfaWNoaYkWXg9M54ouXbi3poaW1U6nD00KMFZ+EfskvOLMamm2em/HPeXPQHLcXbrSagDbY/x53BYFShx9h36FS9DiJR8hu9eHs37kkIq2DW8dcQK/eo+GLR+V8aXdBvy78xEb/TxLfhrJYCvnxd3d2QzebVjA6/FKpBhkGXXinpbb0CgyD/0iImmCqjLstQmhqUqruXTUVVj/czo/TpkCEZpuVF14EQ4OP0flmBycOiYL3z2rppU5t8Ds+iaY0zVEU1Xk4NP7Jmy/cxijpy7HI+a76Km1CERF/qVZOaIgKjMRg/5lw2QTQRAVsOPL4et5z40udPr+Fx7ftIKZww1gZXUH27J/gd7kYxDweAIsr9CB0+svgZmKPx20uEa1KRK4c60znHpWR+JJNWRR9okn9GpCvvQ+dN73C7sv3+MZS6tJfXoPta7ajml1u/DzTxdocdOAiKcIsj49YLTwGmhI7uPQlU4ce3gBm7wTgnohHzD3V6R60WjsKTSCcZHNvNr0PyjZKcpr0BKObtwO9oobuOxTC+rMLkGl10mkWg+g9G0TqYmUQ6JGBD567EbRF4U5TGYE63vfgSkZKjj9hhVbVY4Ez/NJ7PFAhCX2rSOXi0cxx+AhXq4WwV3V//HSc+qQEz2EwgNjIH/rTxC7Y0qtW3aR/Vg3ilx6DL2OL6CyV/mY4ylKApsnwZ2KaXD44QZa8jsUBkO38sVFm+muhx0dL1gJV4MmE2yyJDGhl1x0SxgWPtSB24ejODzPneY+APB2/ITv3cfCIvdFZHc7BQU7gH3NFSDEYxuEpxPMdBlFDj3naGxsMet0FAJs/wd798vDrW4nuHxWBI621sDzU1spQIrAMMcC9y9R4Tsi//CMxGf+VnuRzopegr/nJMDieQTLenWBrdgAiLlHk4mbNPr0XWOB7bdh37/RbJQyAsuWa4NI7AV8WB6AJwWe0MzUu3zpngvtk7oJ4oZGLOMszHEfwshrpQao96dy0rb7LJjbRXuHX7Ja3DTQTZKAgKC//DloIpVOCGbbNBV4/8ILXVuUaPWOBG5srMd7r7V5yuYftEsyCGqWLsSctMtcbSYLoiWvWee4DDsPxOOPl+do1r1BDCp9hcICa8lFT5m7e8pQsWcmVL08i2uE97NqZShJ5E+izROns2nHC8hrUoY557bDkMEn7jAUhB2543Cl7z/qbPyFAXfS6I7JJu5+e5Y/qffg+ujl1JbThTYmEjBr6j3ctfkOai5w4EN7R8BQTzBuDr8CDQUjuDnpC51L2cujYsxA+1ooTKoORlXRMfDVuABPm1/F25/L8eTgBiiOlCZfy5noHmwIZ0qtaekucYKLd2HzsDReSLqKU5cu4uNy7XQ/wYg3zNwP3aIzQFPnLNt9nAsbX/3HhM4woU6YIoI6eShwC1TdUuF2m1heYcxQ0jYe5WqPQp2YOWQFuZP8wtc883MbxWZ70auH2/kqy9GcFSNBMzgODb2CCBKyaMycEkyQBBiUTISzQwP8R/YEXgw5waGOOvB5OIYOCc4gn9KjfCOggCeKK2ClxmPQ9nTGZHcHMPHs4LmdIiAXms+hEmOpdZoi1HrsgbDXRmAbbw67uzZSgeNv7j9thhfzzWDO5gs0a98wiGR+hANznsB0yUy8f/4pa3y+QfffRuCDdkmMqFEEu89vIL7lM9dKroVVZ1rZt7SAzfe6YdFyO2iTG4Rnpmfg3FsNqPhvESsrnoY1NrfZKbgJhaw2QYS1BF7Yqci/iidhtrQ1KUfKQL7iEXyc5A39YQ6gOPSTTEsS0Vj8KZ2NXwQHHvXA+6AKVLmiAVleSXzwtzcObLaGYyPy4PpgDI4sUIOFL9p5oCOYvpl1wuWlmnAzaQPfbnxIV81+cvyYm+Cp84Ulb92BsLYftP/RQrApngKHnY3h+qJ+Ov3cnLZftIXez/G0w60DB2PHQea6ZJwfJAPr9PswT1oSvgy3c7D5EcideZPULdKgYFwgN/9+jOsuFGL1wlba/nYdyy8bBcdcl5KIXwrpXTegqWt6wEBShyW737K610d+6DMLL0lVUcYOKfik8h6ys6Uwofk43T9wAj3ijdgpfieYrfvEofrmNNn5Ne+KVAdrzQUkMDYKysonU8AmK1zVrIWXz6py9eOZ6DDkiM2JX3B8iT74PHLF5EPisG6NJKU72uGVBU54dMF1ipxdjY/ubuaQi8Eo7j8TKtPm0pQNpfQ2uZ4Wr3bn9lXNlPRACTXWneVOmeukE5RHKSo6kKKpwO+nZrPr+FzMby2BsO3TGBQaeLBRDcs6d0LdmqPE6jpgM38y+KVpsXVKH8gMCvK8yy0sKZ5BZl/6cTxsQOcwN1jroAy/3vniznF1HGZwj9xH7Oaq7dtwYuZbcJvbzlkrwmDB1rFU/Xcs8BNzNHb6h6tbv7Dpxi5Ydiiejf67CZOrvkCb90+sP9+ExrIIQ8Fm0BQ0iW/KmNAJdxs+2fIBggdMoVveigvzI6HKdAcPF00FmZF+5HAjlzz0X+CyWlVww9m4dvJFZK8tbHneEsR+97Ck7gTIWTcKTgStIcjcCGt0+ui+zVcMPdNNdvVBtGrNV76vrEWZkqrw3i2ABpRzSahyJS2TEIKMnZ5cf2sHzXxmBRt6zGn0xyx490cJNt5fCIev/2Cp7gMQ0ajGscu2c2SxJCjszUa1f1b0unQf3goWhFVZYvxnJEGA9zlIG3UbJLa/h20mnXxTKgggWJVU/PfS26ni0OTzB7rHryTdDELpaZvRKUSWr2tsx82TvPFAbCqttXsNfxUFoTfkGye+kAKpJa+pbLYEXE6dhu5t/ejV+BVq/nVwcZktDI4ZB8V1snAtaBg3HdIG87XzsYlsWdNDGhsPReDW0dug4LYv7z87HVam/ANlcWN6ltvLW2aLU133SXLvjSM8NYeKns/GWK1aFhI2gUPeitDyUg7lfNu5wlCF1VRXQd7a8SwZcQDGzapmA7k0vP9KFmKnzqV7v8soO82VslPnw6fqZxy8YT0mzTyPbm0XoSo9BPSSZ8Lqc4K076ka6o0bQ09EVvNk93t0uuspiWQ95sKZP/jFXSkclrSE4OdXOKfuIh++6ksTV/8j07lRtFPzNEqKHMXkaXp4+6cQvlOYAisG3Vh6xWMUu6hLt9bcpd/Sm/jN+n9svNoYXz5bxl3m46DI1AIc9q/EMOlkzrVzocAWR2gP/wT+31IwxyebOtyf0I1ZQfybZQFGC8B+zyLcau+B0c8OceayUCTbEggpt4aapTV8wfsttw4bQmpTPU67J4wb2v7AUhc/SEu2glX/7mHHEXkYUzAAzlt6IEVQEpZadEPKkUvkMiWH2zX8cN/OX/hx9A2QHdWN9oc0aL/Ce2z8YwrvAs7SBfNl0HR8OQZ27CC9CerwQdOHL355jh9WviTvhX14tlkegrc8hdSLaqwWZkDmUWKgcCaBGrqj2KE5GIJ+iVPd0o8Y3SAB34T3Y/TYQI769h8IzJVBpZsDtHrJP3JTM6ajwqGsG/aHz1wSA3u1YJQ42AhLU5/gvra1ODCihqKnCWBuQxvcFizFPmc/DjA0hMqPs+nk+hQ4+76CDU69Ysnwn/SoUJRNbVwpzKWWL/2Xzar5AvD82iB7O3dQ+NNRuG3qS6qYmosnRR7QmwOtpL67Grf3LqMZT80gT0sARwjLEm//gYUjw3hr7ze4n5iL4W/v4wZvAbi/2gz2ZxjDppPhcONNG+TffYiXDgrCx1+u4O0dyyvXVbGRYCzUWczhZVGGMDbIHv6JNuNqe3VcnrsG7vgrk95BE6waPoO7DIZJeccimP3SCBryDvG3Y12g4KCD6iPPQKHjeB7YZoUXViTQwoUHkCd/p54FqlBy6DW69hbxm8vOeEtrCWRYx3Ck3ihe0n8HktYnwPB8wodGBrD06RJW9NAm684Mur91H8ts8yW58YW8fJwy2NRvpJNXFGhysjR8hV8UHHCIMqOTKB+aMHxQAv9lF/JykcXYMDACUuodyP2UIWz8GE7Ty5IZbH3QbH0Ye2+6yP3xj6H5Zht+Wm9Iv+Wi4KiNJewY7CN5ZRnY+PQ0rQrT4oxaBYxbXQ4dcwWwPMUdnv63mMSyRGHt0muwv8+cNSW28oMISepqANp5/AaOKvLAh16H2GP7Oz7qKAFqFhvB/s81lNw0k7Mk3OCsti+cu7EDPomV0c7vnuw06wYb1I6HunkZUH/sIhnY/aB1B67D7Q8f+dW7CbzMWBhPWM2HNVpOVJMFYLInmh+OUgGx38t4x2tHMjpaCnNiK0E26Svvlt3CAj6ScElbEW5v3sNxRudBbsQWkFLWQ61Fa2j05BJyuXeHBrfG0RgBeawz0gBtNRcofrodjYdlacG+Yzy25BEeDJ+DsZNXQeNAAMxuJLo1kcDFuJEn1FngygRZWOsFHJHWAeUGtlQafB7uBBvA4PQ6qtonDt+jZrCh90g0/H0SHca8Y6fRKexm5Y45RptYj8Xgke9J5J/CUOKRx6Pz0yFUew6KUy3XT+6ByLgVjE2/ocIqk4omXWaZWmlYMTgOpfktUPkyrFD+D8ozFelWpAk71Uei/25FPBf1mM2TZMHbo4WEE9fh+QtxMG7KIyx1GyCnr7NQtXEQvTrHcUJvGF/6KA+CZ29ijEc0X6l7DTL2o8Dj9R8wWubPeDqPpFWVUW5oMVaUiYA7PiTrNWdw8RMB2B8wA2RKV/Cg2h4QlpyA9k9uosBBN4rQHA3d2jlgN/o1bnwymjvT07hx5mm0XiEEitt3g8mHy2CxQ4864iVAVaMQeEoJ9O9LZy99Q3zZYcOWZm540Oo8RV65TZKZ19h63VTwuvyW3FOMaN3DwzTjwXvGHAlO/52KXdGXcHNXNxfekIYzYhJw74szFr8WQMeTE2lnnQb3hotir04cipttpKE38vSz+QfkSyvBz+lH8PFdKbBQWs4Tco6i/Ucfcmq4jNPqgdx3OtCt5zK010/i/+b/5nR00vltR7mgO4JGRwxiwwNpEkysAiWfB3RpVSEFxCah82IGHc9IrBbfzx4m42nMi062ck1FD4kWPD56Ocw7d4hH3F+Ony8rwWEzexAqjMF59x9x+25fCKjeDd9aazBAdS7lVs6HoSgXDCVRyBfKR9GFKbTvixrMnYccGGVKCQ+68E7kHFQqXw8vXFNA45QM2C84DTGdtVz7dRas3zCDLzWN5TTHR+i515aiBO/QQZtpGBOlAvLHF3CSZRbukwlB9QRPLLOJpH6f/0BD5ATLG5jwTl7Fm9I1Id0pgarv67GyrwLNd7ZB0cJTEJHtwJXwiqf07+BZp1pBc50QjCtdD41T/6BJ5Roaf/cgXlW5BYc2KHFbYipV7JeF7NokfBxuCbaGNmDp24k5w+b0uCgIk08E8aa9PnBvwj/qt/4Bi1r9+ZfmZMirUuRDtwbQzlKfRxTeoL2/lOHY2l48nN2J5rmruVu3Cw6kaoHpsVH4Qmoy6T0Vo8ZsQ/yz34heGDtwmH0iXsj2BC18yIWtI2CO/WyWy3zNAQcv05MX8gge1ljhZcXNZgakoxXEV1csoYLNk8GyfhzUjZhHJ87dZq1n2ixtvAu6FxXw2ztl9PvfKayM/ctTB8WhW18fvP6uwIhWNzjt1c06u/rxo4IkSNtJs2XjAn50sIEFXKVg8/hqnPpRD8X8R/K4U0GUQUHkYPwB2v9UkKWKD46vLmfp8eqQ0urHL3+cxrJfA7jaNw+nfy7iN1YuvKD9GJ35lMknr4hT42E58P33geSyt0Dyx0o+LnAZtwrMhjnJW1CwtgCPNsjQxrvR3Gc/Hjb2HiK/vyf4r8wDGts/hC65WVCmcBgmmfbhYn8jLHu/FG4biULFjA948sdsfH1Wkr6/ngf677UheswAT7ihzQdF41AluQbsfGVhj3wtu0v38ly/WxhyVYRiM4UgWPcLHzjlSUPlV8EyNojTSmWgpU4XctAcnCYa0AObDjih8gpqNNvggPU/6lpYww/DZ0PyZQs4pLAbm8cp47HqQVyT+w0VZILIOKiLRdfe5+9V8zj25WEW1ZQGYYHn5K2QzGlSg3Tg4nSMMRyLReeiqeRFJDhb++D2PQdBYOwMKPFsx4KcQurpioSsuOdkUTWM8yvfgXtzHKqJ34ZFMla0qlEbjGW00LuwkyKE89gMy1neRx2l5bfxxMS5+H7SbrYaYcTuEQKQ930snhrjglmBkvA8cAiWX9HjKf2B0H28h463Ajr5eNBNOzFolIrDpNQxNC70N1UtaeeOiTOpclMhmkV2Y5VfD20NSgUPQ1F4U/4T48+Zwx71J7Bbxhi0j9mBcekKkp+/De4usqGyFQ5secUI0jck8tXbU9Dlw0o0FwyBwUFfirOupRNxB6B1xzWcbiXCd8yVYOWx3Vy77TR4XtrPfU+q8FpwHEmWSJFMxnQWOXcQXbKKaNYlAai4+x3Pi7vyE+v9OD9AgkpFFCjcXooKlGWoZ/kFuuDQzVXm5uBu6EV+IYF8M9UZXu74R9f+OWNL9ytYslcDfqsqsan+VdCsF4CBTdNASVgQdpIoOf7cS25hW3CZmiLNvPcEJ9WuAilfDf75ZDRMXT6Mwa33QND2CS06rQfN20qweMgRyiSSQPi4AbWm5IHF36mwW6qblFTiaFtcClY90MOmCT0o22LDa1/ewutJcRD1Mw8dLPRh86IFJCgRT4+9ZrG6wUyUz0vBHVZREJqdyKlvZsFan62456I+OG+Kp4kZTEdOufH6/Blsfug42ghYsVnRGq7dHQC7PkXhIUUV2PboIa1UfwlJ2vNg/IirILfkNcZRPi6+8QaqdmVAqPkGEr8lC2qBAkRT+2HBU3cq2sqwZFQF5YU4wejF66BhVzhe6imG59oW8F9lHrVXBFOwwVrWtsshUYEH8K1HBp6OUsaigt98/kcIqD4fAY8CHuMdL2nsvrqB1iUlctiqHPASVkRljR5oc5WmGV+12Pv5WFjDkvgi7h3u+SkPx9ofcKh8DNhl7MIufWeouPSRxzdIopKnCphufwg7w07TvDePaE/gOdiS/wpIP5L+bjSlr30O4OnfiKqTx8MJ+dcg054JR52EsOSuBVdL2qCspCRuGr2Ui/e5kvfUlag4Vh32fsnGX8NmMC56D92oP8V/3W6S8IZQ0pB8S+Oy/NHgsBhs95gKxzWVMGzJNTgXakw7/8ZwcH4k64tlkpqCHM5MSkTZvmyU1B8LYvkEVyZvwOTSOGwsk2Pn5DaOLLiCzgGzcLLORrriOYf/ehjAt/cvqBQVcfWSKVDrXw1LOswhuOE5WYuV8p2tP1AtNxS+nTGAWZXHSH7iF6w4u5P9Qveh16XzbCKui0725hhYKchfBFfw73R9uDvmM32b58uD4m10cut+SCvP4lmwmVv1d2GX5ChYXbefFigow/7BF5B/+hzFVvui/wQVWlT1H7qVjcVZXXfo5rF98POJAzq36IO3XBMPzKyjprnSOCHiA2k+yoADMyTo2BlBjrKPhiLBeUyHhGDn7Y+0OrmEFtn64QetCBhaOBueXV1GDYIE3UkZeLDhO0+JE4XjYjcxw3EzHLBZCpe3TUT30zrc+jGEla6m88Jx2SQ0T49qn+jAysctKDq8GqsOVqG973iQLkxCo0cb+G7vati7UYcr8ppoxFRTiK0/SWt6imiWpjQOjYyh0afEYJ+NOsfZaJPS/udQ8yESbzkLQortM36Yk8vzSy7zlBRbnuj9Gx/bn4VIJ6CUNHt4Scvg3FZp0DbQZ8/xDjwu0J3sXn/H/+4+xArHQLx+l+hHayXBQClrbhCDffc6MXvPIjYU3MW7MipR5YMQ/bROwLqs5SDxS4AUfvfD198WkHt3Ge12PU0Hmrw4xvgxlO6Ip3kt1vhFUIqOtWezToEl5rwQgKvrizDd5hrOi5ICuelH6aCFCVdK9/HWZQtpet0w2e4tg4oKNdgxr5I2erfgW/Mn/M2kihOqF+Fl0udNQ7rotHYstMrJ0qrbFqA18AQ+FnnA3Bm3YYJ+LK4MjsQTFw9Dx7InkFl0mJUlxTmJpkCGti5cqK3BzoxgOjhnDowbsOH+LjcwKumDJr1sjvUsw69j1MAnYzsX5J3nrdeXgFLkH3h56xOqGgrQ518rSORMGsqOtQTlLj2YdLyD14qMgnfq+8Gx8Dy9MHLFsN+eMOfAMW5rmUxn7Uuwp3MarHaso53LJbkrYhSGbKhg9w3nqXr5FXgflYcWW3+hoNcW7HMXhYfV1vz05Ww+d7ObSloroGllITmRGfpVyqG1kQK+lByFNQoqEFEljquDjrNYsTrXPZNBo7PPKfNTHC00WYPvV3RRu+QIsuvRhjKHXvjUPwJCIyJAqlEIPBdO4mTTLzzpogOXGNawQ7Ityokaw0w05aFnl2n769OU/yOLDeduBj1nAdgq+o+a5krQqbMqEHVOEVqTivnvkok47PCMakZ9pw/bp4OCoAb6bgiCkzkWlLYhm4Y6J0GG2W/UtqvBv0I5fO+aIC8Uukab5szBmjUR0LBzKRgl7YdZ+hqgOiIYHmYo4/wYGx4wFwadzEHacWcPu8Wc4bEOzSgt70bKnTpwOOECysT3Us1bB0h/6wCyu6Xx3h0H6rjawqalt6j2eiN+ea4JGsnzYPUZOdi4xAU+z/9GdlMrIOlUP6ZLKMDo3xth8FEGx582hajiYAjDo+jh+Ir7ZcPBbtVcajqZCsnbasj3+VGK6bkOm79OhPBxZRDs+I4dY4TYLXCA8yPD+djOo+C3zI7+urZAw68PKC0xEnzj/2OsT4MVrXrsljqZo5KUOODFMlzn/wMvzyhkb+ONsE9UDwwnd1DvKkcM9+yHyiBxdr0eTufnt5PZKjNUyhDhN28KKW73aCi/84WHHtrhyP+eYGf9ZQD5aoq5LcnrB73g1R4Hzt3aBj/zp0LZ3xGUZHod/Na14uTLzjhd0xW+GDxhJQ0ftDgjzH0p0/hMzGQwTklH24nlYCC/DFb+Vcb56QY494E26knfopnTr+COIkU6JCMIbDgMgeJ7weOVM75ymwv7NS7hnOP/0ZQP2pQ9+z7Uz58CCsemwh6ZAByaEIxL0paBUsgCmOVyidp3vweRR/n882UHbsiLhvW50rBhlwvdFJyGBSKirDnYjjM7rqLAAgVyF68Cx6IXpH3TkTQPKcMNA+DOHZ7o2p2GeYlfSdZxLrROicdsQ0fMF9/AoQnnwCVXDGTFO0DVZAb6BGuix4fP0JwRz9euJGKIdRHt9LWjM+7nuWSiJXg8jwPtSlPaNEOJavVcUGe0I7TOmQRGomdx/Q5hfjo1lfu3jAXNq2ZQF72Yci+dpk+vyulCdxIcM0qhVvsxvO1gIC5fVMAiN0ZDrsA/alSRwvS5LZx6/B3eUFCmf0rVoOFzHt4bIfy3TJ+NC/TBTzyMEo4IQZ3OYlp0ZC3oFP6Cbe/66NKFDRBSGQVB9TG8NZ9hgsEz9v/8gbwP/qJbRR9pTdA6TPlcTHNbnfhe90OquXyItw0pwHn3A/BxwxK8XuMIJrdtIaLlAsf6reJaq71cWlwALU0qnOU7Ab6cu0ETbvShtU4fJYe/gPDEJXjjcyg11aaCd8l9ui78kN6EAiTcFWMDnX4Y33CejzQ9J/mzuSzdbwhndZ9w5vjjUO/8Gw7vHwvjBxaDb1A7uea2oKnfXjb54U65dS0g0dsJ0hRIq3YkY+ONCQAj5LmtXR8HGmbDvhB73gvr6djcIVxksp3fyX1Du6mzQOmqItx7dYZDZsvAkLcrg8d4iJUciTWKV3jZ5nvUvbYfXEVv85ZLFkCeO2FglS6YxD2B3DBN0ND/xFltyrTrRRa+nTKJdkuWkJCKEpxVuk5Fo5/SqxMe/HaTGKsY68PFGEUa+tZLF2fWocL9OrwYowRy23eifnEOzVylBe/Dj5DCUR/aptvOl0RnwbEr9fA1ZzG1e+nB8j4PNEgW5yERbah6DGhjGQyS7muwfccfyO3zIP//UVAfaiEwagCAv9HUULSnERoq7akkZDZUJFJJSkLICFEpEiFKISmjxR+VUihpKEXKCKGMEBlFSZHOc27i1dciPSE5kJVaQTEXcumngg8uc/9IC84HQa3NDkgUXwabdVbSpqq5sHbXGNjw3hlNyw/xwsI+7Klt5972BjK9mAA33/yHOhm6VH7rP9Y/MQ5iFiZzwYtEDul6y0+cPOGr1C3qWfedxZe8hnnmD+h0qCB9zVCAqzND2DC9gw4/MsaHfd+5dbwofs3RZbGNJbSzMJiukgjPix4PFnU5lJN2Hx626WCqjxoFT82kSU4dcDK1D99Pq8RTQ4E0Rn00mLskkNrlWKpXvYI5lZ0kO7YZ3+0+hiuvL6KQi16w2jsGr761AsXKbJr0thPD9A35tFIC/Jz7H54TUYNcsf84VysLbkhIs9kNQfgvr5zlZWvg4PA3Shk8jWNxBFVIPyXbhePp8MRlHNDTgv8VCsON+D6cOXEHW+u587GuiaRS5QyHKwTgjelYzu+P58KDXrzOWAzE6x+ScUYFuFcq8sQp/nTklAjnz/sDSgeGMV1IAZbkFsJHazHIq2jmIqOn+KW6isvW5YPs4ytQ+zGeC1sfwZMpQRC7xogzAqxhvHgLPngSjxdrf8LMLlOsk5xDewWGYJ7uW8janoCux1vp4XcBOJoUz28u9vOTZ6fos5s1/PpyH8afXcn6jXJYPWUldYj1QPFOAbisOpZWFYRT6JrJ0Gz/GjtbNFn0hzguWnKEcvotKO3mEhxYaADr9qzgAbUokghUoRk56bxSxwNUw+s5cfQRui25nC9u8SRs1YPUm8lwbGYIHo1cwPuOLIDKb6+p4EEqRmZdAFetkXSgdg3U5I2DQD8xVDlsSqFNEuTSXY8JUY5g0p1Afn591LywD96//Y0RCYJw79leFJn9FdefN8TXx6/RC915mLBeAar66iBpRh1JJF3G0RESULLQgCoVbHnHiNd4xqYA3pnLk46KDC9tk+a5wTe46ug0EhEYDeJp0rxHopnTQxfi+S4E76tmHOxlBeVOZfxvhTL6XL9NPgdNodhhHQo5fOKbhXpgWhxKTdLf0CfpL3poXqOzhef5yWVfcE0bDRL4ktevjKA5LTXcPEYaTmdYYH3xO7SaOA0i0vdh4qTXMO+uJGS/ucRxhoe4d/Evvnf1MoVqpZP9d1tcIHGRn/98jI1/inhekhXIvHuGbbN7UDx8Jd5w3gW3Mo7SjPO9sHdWPLhQDO6RWw2jzkwC9TURuNp7CP2uyaDOmHL0efad/VS0OcWlgmac2I7Yt47v/VCGtFnvKHKcF73I8OZKWS10+W8fDpe74g7RfC599p1N/ORgVKcNKAxF4WLvKLIZTMObxd/hbnoI2Rn1kf7Oa5AxfjrbT+yDc9PGgfamM9SXuweUqldBygdBdHmONEnyABk8LsHOr5ZkOGIcjwnRAJ2cIQ5+9JnUS9Zj/LKneGztQ9ib/ZvFjxnSiZevKGtkGVuXy4BnxjFcOLWbPBe6keeAMRbBWZbRtwLtwM0kPsUX/JftwSdKI8F31SSuPBTNCmk6cG79dWjtseejaAZXu8vJfP9KstX4gq0lelDqFw13kxtp0nptzGmPR1X56/zpyRDM3RgNL2MvYVTXQnpnoAUvDjtgUZoqblj3nuZnePJoT2HesboPnzuYk8OTRvx19Bom1ppC56E6dBEXxX1i1jzOJJwtR4xBu9NbuWT1Har3ckLtnDzcMFUJdCzqQMDZGKs8J+HlxlpyrVoIi6cgXDh+CrRNR2O2chJ7OwpC5/x4Knt/GXmRKM48K8m33pjwr1EStDDSmIydPuPXMmFODrSB66WxtCwrmpe3eqHG9hHUlHaUVMVtMOOtGGwSyaW8tBckbqYKkrXRUN9QyVU7k7nd5yi+HJwCkdN+s3J+LcoWu3PJwr106J856Hn2wqhieU6PPM33qqzxxJ4xKKpVAy4PCVwlrkJTfRqHTbUGQdXF+M9gCtRte8DLF50hJfEYrJJMx6z31rhbyRFauh157HIdMB4fDMdzddEo3A5E5KZQ0oF2/AlhpH/fmXeapsGXTW74KMQUzi/JgA3rM/nrrKV0fZwpqs9YDSfzcuHYCRGYLW0I++URJq42hUs7BGFkJsLTDgX6VzANuobk+OCvFGy0noFBhw5T/cMC7lOXBv+LVWh27Q23NR6lgYAmzpFazG5z1mP30HU0HCuLmddiKDpVCwpOaoP17q+cN68fjlzW5tVWW+iV+UGe63mTPjQ94cKtYtS3RA7mXleFAEV3qn6zD/4Tvort1wH8DWfTzFnA/snZnLDIB6Y9VwOZYyMo5ZM9Tkt5Tt6/N/LGQTtI/phIll2z0XVLA0NzE4Q0ysIGj1x6MV4Klc2TOKs9H59XeEP04US8NKYDi/99Ry29fWz1Thz8JYL4VrYXbi7owLD5xVi4cwbUDlth+6x66Aq6Al8khMjzrTmI12/Hwnel/HWbNK+abo2vh86yhVQXTfXR4785I9DwUi8Wp9hC/4FxpG+9AU9v+k1KVxP4pOxTev99H3xa443XrOV5r4YuZ6ioAcosZT+VQnBU0cLr9ddhwe8t/LLbmmHTA7aveMCq2ufIuVAD2upbwe3dHVyuUILpzvv4a94CFNnmRKO9LvHfgn3Q5D8b7+rowmOdUMjJHeJwO2NY67YHD++LJ8XGIPw3UYCff5OhfvgPVl+0gq3TC2nV8CGMPhgFGcpLYeL8LFz44yF/FVgIHqCOz0ySWD1MDD71CMPEunZGr2CoComicWaJ1PijnqQChvDHzbdoNn41yzZPgkizftaI04OJJ16gbUQXtl+XhOMbRuB34UX8dq0RtnbMofQASSgWvcRdJk64sO405R7N4SqlTFBx3Uab7EzwRHcZns8eAJuBsWAt8A5tM+pQ9KIbjm+346+FZVwn8ZtedAnRenUvOPFKFYPCVeFv9Uv4zWG8at8WmH72O84sm4IpPttA4YIwcYEif4xRhihlCfjSuhuv1MTzomnFoPxzBcufHKCQIxZIo1XQfsFHXBSZC5r7EUb55WBAdizVe+4gvm2NzvmudLX2AoQ5P8cnF5irGkrpZYQWrHyWQCXx/bg204enP83n3x+cYVJ4L8slr+GdHiJY523Ja+4DOL88A+nfJMik4wzPu7Ebq550odx6dU5eZQma83dS2eU1kFPD0KGujCm2fpz0rYC8v15lHfPJ4GcwASrAjoPvXgVov4GepeOh9cV9vHBtDTzYdpT3Fdtz/e94/jEpFuLUwtBYeysfD9yOs3OVQOB6EZWuGUkpGws5Kl+Iij+30Cz9Gkh3ucPTR7/g4Ce7qc5XCEyG23CF5HfcenM/mtwtgPM7Urj/WznpFj+k8J2lOPn7flI1UASHJjO8rCbKe/2CsfeAOppuzYLZ376ByA5BzAzoB7fHa7DophLsU5xJnaUeYHPwCQlb/cPwcf/xnYjXeNo1nQ4IVbDSf3GsJKcF3d4foGGeMO3PvUyV5RGoX+XM5SfOQ8fmmXTcvBMHji4lhZnG4L1hA61odMdNn5JZusgZ/EbHU4ZnCrecl0SBj5cgyu4G3D+mAFvtfbhhiRXdiM5AxWV3uEe2iNbNcsOx0f70ynM39yHT3xqA+xaqZDpuJZx1PEFKu1eRa7kD14o3kUZNMp763sSWJ2/j3WX64FyeAYI1N3F5QzO8HNcCMaExWO+YS+ZZTdT8NAfvVwZy20griDLcioPL4+Hc0/kknXAIg6/4883YD6Sd8ZpDWo+SVpo+hz8YCTPEJXmeqjAbpnXyGOftsDO5h09/Pg5W4V4cdyQBWvQ2s+dcIVhsL4VSvpm4EUeD6BkT+nHuIyoV7qDKvmGIOpDEgU/CaPscGcDt2vRHypfnKgrT2OVR4JOej3X+znRscTqsyDpNT18c5hqDsXBTo4iGzLbDHXMdVJ/kSzHXr4PyoU6WrAjgvIG3YKUxCMXLRsGSokBUVK8i3cgYzt0rSR0mm8nJJoeVbUbBL42/MFP8AF3PHgFKnc843/ALfHbt5cRZh3CbxWJQqXwDtU+TsSv9M0eon4DU3SNB924qruFzcON8DVspt0D/sVj6yyPpxMs8/hTvyi8q+mH1CH2ICLpM8dn9uP5qMb780cN+88eQ1tgZPNHwEhkETudi2xrQ5ymQPk8CDDsu4rW7UzBbRwECJrjgmTp9Dm0k0LMzwb6NoiS5ZiIUR5zE00amxAe08bWDNbZHTwcptXp4vsaTHG54QetvQdj50BxOB+TxzfcSKG1uQHK/3CHvUwpLLfJCJf9vdPgFofzJA5QtOBbOL0rn8269XCbvjVNOeWCItBu9VVJmyfPC0PK2jj3FzlLTLQEYaLwB1snT6cO931yYZEGvziXxy5L/SKnRHVZnfoDVX6bgy82S4CrWwU5zzoPHzdU0bfJv/PXrAs+ZNRsPi89n0eN2GHrlO+4wU4cT8xRppLMtz/HfAp9/SPBaWy+KWFDCXZKBNCrzOUqts8fk51ZwabYG25esx3n+9tQTZUzNacuoOe8Wep08gbLpavT92m4+NtsEQm4Isr+rGE1eHcc5UnE091ApNtz6RhXfjuA51UU8zmoc77ivDRM3DxFoAIav+MpK+mb8JVwSm+TGcE7vQoqzWMwPRedS0lkb8Jl+hMMq48Bww13w1GqF3DRnzE6spqAV2zGs1JFj1o+kYSc9EDC1xa3xYfy4cj17Wpbiu4/x4DHwAu77NqNm1kPYazEeNW4KwbxMU4ybWkDTVbNpk6M9q+qe59sSnbC9SgufrtDkbpc8vPBMCDx3I+UGXoaBRAlwHfqDZvYLeGXTRDhqcIb2Wg/gNfssvGmsB6cXzKTqpG6MG2EIzQ9u0oLkt9QttQr3LvmNpdNauDDzGCXrikDjppXQbFiG++1+oPeCSMi81oKi5rtwfk4h9wcao8ceB9hmPAqCvi6AG14M6lWH6M6VGZj85gnrTxgHt6aV8a/DHlj7cD606QlBSMZcyvX/xGonrlKjcAEcT7PmbfLEI5Pu0r1QZb6t7Ey2Z9SgNXYi9Lz+w8oLitErcjJMFjTgXtv/OH28F48u+0M990vBcsQU0D2shjGTpnFLbyHrjjHBNMMsaPq9gTb8sqdkCQ/4mTwKYx5NgKVSiaCT04ZFh+MhNXMeys9PJw+wY4PRJ+jH6D/gDX/A05XBuGEvBmjMQe36Pnw0soseJW/gNxcRStVTybMyH00mNsPkXbZQbBNCIbJ56O2aRedk+jld7jOGRTWD7OyLkPO9Gg42b8O6aUYgnnuE7g9cBgcbDyj6qcXr5nrQB+Px+CUxCqxOSeHJHaPQqGQUfO404uLGVRDZXoA5X2rh1/IgEnJxwEA3UZbYuAj3mz/k/YMW8G6dPZ4r6YDS2pWcl7iDSqMt6IikLj4Qcea8xU/h7jth9CjThHffR/AWoXt8WXMnKS0poQu/i7FcdSMfnvQUl7co8xFnU7ilOhn6L0egzzZR7NvnQP2TtuDUmI90PekZP1UD1DS0g06VVxjzAkGuS4wEtSLwb0MNpBy7Sl7bPWinvAn+Dv1B1Raf4bpbCS4fHAf91S58CsJJdMVPMrtxFEadzUO3q2Xgf1aaw0JugctBaTK8NR6yHudQa9tH/r2lnO+bjeWIWXfwoVE06nQ8wx7lDnQ9546BzgSa6sxVWdcg7v5n7spexLPDumnsASt4JD1MrUMZkDshj7IOK8D14hDYFbeVpR0d6bbjX2g41ovccQJ25G9kmfAV/OOIEFvMl4Kvqz6h740ILl8aTZwlhiOD6lE9dhdm64bS3c0XufXTKnSJMACXT5vB/OYPbEvQAVflZOwbjKOVhS/4yLga6mi9i1kBhai7XhlOLrXHoi9KdHS5IMi+NeUZ7mfo2tuLOH6gjYf7RuK3YTV880YQNiV9o9O6JnTuxz2+Ey2CSUG+9HtJMO6yXUOzdfO5tmgqGB1SgY3phbgsYgNfa2M8mveBTqVchZN9SVg67EwXPGfQ0fiR5D5sBWWy1Sh5rwJ2tBiRTcxPSPnQyl5vKsju8ELYPWEFr74QglGtI0BOog8s5/ylA1Y/sG7AiLrFCEtbLHitqQGEWl5hkbM3yY1UoOfyMd514CmKbn9K9XZDYPt8NyRnb2WB1nxMXJFOsrnS3LhQCcoy7FC4ZYjbPFqwe6IKlodfgHUqb+mC0UaOX1OHBkMT+YufEGS7n4EPB/NxdtJ3mgfTUHByOhrePsgmg7aoBN+gXU+C5+noQztOBKudivhKewmouWeD6+yX+LDMGQqPf6IT9z6Dm2gKbfioDrtvO4CTvSTtd/KnxYt+gsywN8RfqUHNJh9eUZoHS502goK8BfhKGUHBsggImNoD8yMb+aCKFchui+OTjRPZa1U3mLySwifV2nB+dTGJWvbxUqdozPfrhLw7p/GldjV9+1sAc+c5sY6lC/+cOgVuKrdzWelsWB+QBRdLR9J6gTtoknsCxc7mck6JKBZZfqZXfqPA4UERHF+2FoU2BsGHIh34qj4NQiTHg1lDBZud/Ij20v4gf88IVkkdZ/uQcPK+8owcpc0hJLkNT+9qgqNh3jT60Ag+0nEI78SbQmBuAORtSuTIP7cpetpm9LceRWs3z4HAD68wuXcALfPCEQ7rw1bPVA5ZkUgfBMbAQtkjOD/2PzqRrI0T4vTZxy0Hz58PgtQ7knBxlChD6gso1jFEaJMmhVkK/OXbIzh3Mh4Vld9Sv/F6SPlsAT1bn5PBfEv+KnEZhJ948HaFcjyh1klv9vfDpjPG/FbsFZeVM0iEisCjT+1QOOs3qZ7dzGfbfFgx2QYUDl6gw2XTQSt9GTnbqMKf+tNssGsyPPW34JKpluxivx5Dy3bhY8cmcpUfxSUKjhTgrw5pPxI4ZH0MLbArQinJ69i5YyuXqRTCm+BkzFj4jwOW1OFglhb8XbQStybfwsLzKlhepoF3O/IgI3cGbnWQYd9FCLeP/6bSNEtwl1KgXSFtbPb5HZWEPGMTx+kk90KSxg4Qw/axVDtnD9YGWMHt8k8YsqwN1nYuogeNT1nk5RKoMrtO2qfDeE/SaJigtgwkCyTglOQsPn3Blbruz6OUywkYb1qLj9tq4fDLnby1byLPsLDi3EeTYdvFapIdcRLvPT6PN5+dIvHx/jg4oZq27J2D9xfNYcWnD+jGHFWgr9HsJuhAOd/HwizXUKxK34cbaDstdksllbUfcdEJT5icrQlj/d/wo2pDUlsnTw3hffivqYTTbAVhWa4eNyZOwMG173lWlhZMuhJFGfgdHK3UQMRlKstpIwopSOGdGEe8vr4Cs3aJ4FUhdTCYF4JjrCOhWTmSny0YAsMQabSFjxh5uRM1ykaT+9RAGM5WgcfnL/Cw6WNcktfKqueAfkvewHPbirDM8CKtn5qCy+NrYCmNhfnuzqySqY7Baft5SfM6VtGU5V1Tx/AUm2g2DK+hku/tGL9RFXBJIR3RVMB5vTrw4mQb6IyfgkFBB9jTypbbNjmz8+aXcPShHlh/GImRhf5QTeF8tPMa2a7YjtcfbeC+Bme6krsc766RwtIPRjA2KQEvT3hAW1e44sdjsngm5QSv+PuJP+/24XX3v2CGz13iLeKwa+kiXnbCnqSKf9LBB+2w5WQ9bip4iDHTT0JkxzUqXL6c5i6XhNFX79GeTxcw6MxPmm92Ed4HHwLh/Xc48IMpRd0u4YKNniSxVRKCS0/iwX0baZltCkRcyWCFZUUQq1YOvSvv8b2vjbBF8RU53xKH3p4sfKCbCvtGPcebU5/TmmPa1HXeDtNYBT6LmZL33R4KDjeD6MGNlCAyjw5OsaMVm1bx9f57pJZriCrfVDFQSxtmzRfEZye0oUZkNz/wS0X9olQInlZK3cJXsUexCWpXHkeV84/gv+JDdLnNFLKevedH8lm8RikIv8wWp62ybvDaYATfTX1HmYMqIJjqgIYO6rBk9xvO/U+Qj30tp3LXMtIeVoMfZ7L4bvhIwBBdqF2yF4YdxeDSQkdYu/IjjJhxEOa06GG9uSOdeXeQPryOpHNTL7OFwGrsy5GBRp8AcMifTadfFtKzW83gHDiCH/eYkp3iLt7w6Qs8sh7gfSoI3xML4Jj8cZTK3UQ/74lxnp4+d8SpgEXuV5Y9N5ZMH9ewwtPJ0LrNgB0VnTDL1Bo9OiS5L2M/Zsx/jnknV2DljyV84+pUnHRbHtxqE7hrZQhctWwk50tWZL1Siw6kX+RjqcN86c0t8PIcC2Z9yrDGN4KN/Q5yz6oErr/1G1/HXmKAp/xoE3CgUwb8rCjmmOnCsM9DlE9WWJKE7RMeNymaavK28vLJKuw77E5/jHLogeozSMiyhBllcdTf3MpO4mlwwVEaegt6aIvbThDQMsXQzjtUO/IJ7+2zgrFzjehcsD3WRblDyoNocHh1mK+8fMx/Ly2kVZP3YU/wR5gbOBl6FR9DtsRjCHDo4KGDr6i7YQ/IKVrg++Zi/BN3m6e5psLCNFNQGPcQxK6bk5XpII2K+YKzhGPJXMICywUuUWGMLzS79IH4IUt4ssgVKk+M4NsH5sLoD6r8atZv2lFkQOYqJXjWcz4rnw6AL91KMJToz+/it4AjrqMtdjdg9bMdFLFIHzf4noZY272c+aoEFPolwS9qiGIaP5OOwkbo6bbAjjxDCo/dBCrzZ7Gc7CTctWUFDwrKwMiATEzUb6CCjigePayDvpO3kcTynzDV/zFn/FgAZtu1SPOfKawZuYxfBDaAwHsXmFHoBlrqLfC3PZUCwtrw3vQQeqb/g68qCcNWHzWScBjNX+Ju42bzK3Rdtx73Fs3g564yoP7rEZeMkEL5L6qwZPJFrky/giYDY7DbC7C1SJu/iFzk+ksqOEZdiIz6ZEj1lAW8LdvClv6VdGxmFZ66uRtOPZgHrk4N8DVMFHdOng0KCVH47ZYhRI0YT73zuvlwwhCIHP3EqrbpNHv/Csw7uwF+3DaBxwdlacpRhtE/tPBg+xBv/PYYdGqD6YbjA+yOVMQ5rr/gk688yRkU0PZkXQjb5gRXbPMgNCmd/gk6UNm0UPj3uYu3bUjC3WJXYLvQB9YW14atku30sLqXMlftxIlSWmBpFwptW0bCnaeJPK8hjaZ/+sfT8hRA0v03fY2PINOPe/DJDls8scGUszel43+f/OD6h2q4ESnMezOEoE9zFCff2wmxxrXYGpeN2Q+l2WeKGKwcPAPWFyWhulISxD4Kw07jWGj+Lglvi49gmYsZ6B6UY7Q/hc05Kzgp8jENXb8HNwanQP3JUviY7A8z2jtwvNBlmnX9CEasH0NO70Nhrqwh/Tkzis6oqoFz40369PAwvzU0g2wNFzLyeQwegdPo6/pMNNOWhw6hT6Q8YAQxE4R5dtwaHJtyAPJ/HIOfcW3cpj4R+ziYNwyp48Jx93l5pCBsGAiEBZWu4FnTA30eWqj38glKWblw/caP8EYikr+Na+budRNhbdddjNaWwWq9RqI7B/jV43TUcCzAmdMEKPXPBCqb8pF2G+nAqnY3vDNSEhu6Bqm6eBJPzqzmbrsAmHjuN9qEX4bra+/BsyQCvdYbbPpoGt9dl8OXHkvzqJZofjJLEraEGnDjF2GqSnmGcWdloXjDTNLqNkYrowMo3v4D1l8n0j4VRAemJ0KE6ixW+DAdJ0dIQoJgJ8cuCOLRf07CkyfeIJEnA9e0HSiw6BQHx2hgxqcIqFG3hCbtf3AtLwKf0WcKcNAEyvDAzA9pnDh9JG9dPYtNtY6TwNpRcPTUVfLSLocK+wbKDJhAY7esg2x3VxZfZMi/Wv3xeu8DhOBJEOwUDh+XWrLunk78FfcP/G1kIGdCNbVbF9DJnT8pRd6BlyeYgXmWBawhSbqhkwE6eZ+p4GENWXhb4G11BzC40k29698wKBlBdLArf2jQhh1dqfgiTIPkal5iY2ozBsX6oGBANtenpdCM6zIw+tYtaG8uoj2rI9k3MIZvGfnQbdFcXnzdnh4cCeZbCbEo9NwaKjYY4d1Ry0B3SwWNN4tDFzoMCXs9+VFrPl98Vo+3X0XhhgBluJT4gtPO3sAjU8uw6dxCDtBs4m9dv+BmZQe8XvuHVhZ+wvCW8SCw9RdPmWIFTnOJurSq0WR2HVd/OU/Toksp9/VTfGL4jkf56oCdWhHeO3UL9m8SZXmLSM60LgENr/ewSqCdnwyMgx3vjkLjLgtI+7WeSp95c/cPPxJ3Xg5NscmQPDkLbNZk4K2deZD9dxIO5cpBb/8ffpARBnkiazD+8V28uTkdl1yOwDdnM0ldUBsylr2AySIa0LvYgc/ou3Dczkt8cY4tG6t8JsO2cswR1qDqhr+cbanKqXrasK6Pub3bCMttGJemqkD5+xpS7b/HRZe+49CJdZwVLIIPumwhrnMsRSW0sd7ebIo0MOL6z0o0oD+BQqPXchb/x5ZRZ/hI3HhQvuIF85y66VHpXz5w1YNNzV6i/q8tfDjwN5asmEUz3Tex1j9dSGqvxYBl/hCrJgd3A/xBIF8UJ5fuoPLgNpA+sx3lhezQYP94aBasR5forzzBsJs63j+hcicvqDaqo9eTOuGn8Xqyqw8CqyVjQGT/L1oo6482By/QXedICt9uQ1sU6rBUYRUNR24j1/ULOHzHeNAXu8TZa1KouSaI55pawC+lBsr41cy/Fkyg3680ePlrJ9y1TBVKTv6j3GgD3i8vT6P09/A7Vzlav+oodmyZwcHGV8F9WgeEHbYB3bo6CF7Yw8mn5kK06woY9nAA0zsV0FMtjtZ73Fml2Y68lUZCwLV82DxWG5Kqd4JPyy1+MMsODxoiK4vto4Gr57FcywRuf9aGTT3ucO/Wca5/0IQyn41ZwyMS11kZQFTLMn5Qr0Sui2JonL0miPeKokdzCJw634qy965RPqfCs1Ul/EBMn4u+5lPK4wPkVCcKvuFfwOSpDNs9vYKhDrp0bdJWrhi9EPIrfKHPsor+OCugyURJ6AlbgyFaG0gTEnn4ogHoVmrD34Z8XGgaD4t1b9F/t5EuFQGotk4mmZY3oD9pPnlkBNLBSX9R09obd8rvYdUpC/jLBku+f1INwpRycFfEY5ZLN8dk40pQSI9EgyAv2r+4C/2bFGmTcCcmXrCG741a+HWxDWr7TuTAs5Lglv6HPP75UuObZh5w+s0uT5tobdokODxzIuj+2YMLUtRQZVojFMteJdNR9fBQZA0enlUAQRMX47kZwtB7Zz5d+LaCPlyfj7H7jeDar34MKL5H8XFrIPnQMk5M+0kT3CdDisVOrpzrQ6ZxIjD3gBLbtD/ktLRztMxJmW/5z8DDn0T541xd8P7xGM3EOqhM/gsbXc1EbxogUuzGwYZ4GBQSoEfh01HBUxLm9jSBy6AtOggkQ22FF1e/nYW2ja9oc6owvIyajZptHeCdrwYVJx7jut473Gf8AZdtlSV/29n0ctNYfF3+EDd+nUcbL06m5IMToHjxBjwy8izYyMeA0DtjLNbdxS5z6vnk22OgP92UNSz/0EDrOGj7vpBMv7nD3lRPmKpgTPfKB+jbvmD4+cKTEw/ksqSTJI4OFYIp+xRYtOs/aooohJUzXUFxXAvID3/ggtNSlKr6AHedCufxkTLgq+xMJ0ICUePAMV7No/jdajMqjW2iiisK8GlHDJ9PiYGyVmH4JPuQzr06yz8dH2Hb4rF858Q+EvGpZMv0cbTYo55PRiji+HAxUFzYyhlbrKnH6w8qixCrzfbnHuUAXHtoFVxz/o1rx3nwey0RqHYKxny/3TR5RR/fHPSBXX3Z7HjJHlc5zsZeUUuKfZxNKW9toPXs/w1eSw0HU8DUqZoSZg7S2wUaHD+vGOobV3NK2GjoS54KZZY++CnUhJRi3SFV9BXQFTtQGGGEvR/acN4Qg4CED35rUoMOgVLydDeC3oOvwN28EpO3bufx+Uu4/60WS4WtgpN/rqGmujlMTN+OLkIrKa7yO4807oGLj48g7h/G0PxCjvnbw6nDb/HCNlP4W/GWGx3e875pKyn0RAl7VPvSd9E79O/+UhzxuYkemf6Dxc5jYcuu5/Qq14/WzfzBKdqvMVDgJe6800pDwmJ0ZMIZgIlSYOVLkDdrBAp7qcKpgAK4c1QZU6a+5yVHBWD6gWQ8W60O/yX+x2GtKiBXGIvfSv/CmnsS/OqjCJl6F6BL3VL0+ZMLn8Zc4G5pXZCJMIJRb0bD9DPTwf3xMAuwDPxr0qMl9+Uxb4w6ez+txiR/f1r1nzFsi/SGlt2dPBTRRL5b3vO1I+vJI/QSxPU+JldzbbhT0MAeBmMgrCkIei0tcU7kPxr2+49lpcU5TViWnMfMYC3nO1AzYQTNFbSFcyUt2J9Zy4Yro9n/WyinNvfAPj8ZmL2shZb4bsG0Cglc/V4Ims63Q/RLTR4RXIxLk1KpJWQv6ihNoOKhN5Qr7Uw7HgphmaIpXDyTQq7lcVDboc+SaXXk+HkD5ufa8uNzYjDV/AgIiGTAwmgLSNtXxdNtNGFfyDf68XMaSAk9hpdjzrLx02ZSexuH3ijI09bZgKPeb+6V8gH9oWfk9ecYeYe40Yc2P/SPtWSPiTfZ0diKqzdMgJEWr+mG5gAsWfMZz7pOBbOUCFzzWBfvNObxy2xdfn82mlPd1OBnXzqOyzanmO7DaLtiLruNHYUHvftB+0QQaTvuwGcJ38DutQKkFEXCT9XLfKhQkdXrTCBylC9qRbnSEyUhFpveiwseaJJtozDo5+ryv8lDFGn0nhboZtOmz8bw37Q9dLFSFVrL5WC22z+YicaQ3n8RdvNp6DxgyevmdXOXmAjtLrRAjzXyuO7uDfKkL1i+RxMU9s0BGEiCQc8QKPLzBYGnP/ndwC846FrAyYKbQSzwGw9fkIfzXg2sEdWJJtqnWbrrLZgajmD9cBP+OtMd1IVGQIKePVrOQZhytIO2HNPgFrt+mDEvl82q/7Ltw7dspWwNj0y+kd2iuzj1rSS0S1uQYMhGVE81AbOQZ3xpyXz6XOFEYc+L8MzAIBxwEeKvX0bB4jwnHkgoA5HN0fzJWBaKdFu4+8Ub2LbJiQMln+DbCcZwrMYAbviLQ5BYPs31eskNzQ6w/oAGzJWeweNE4yFvoBduhzaB+U0JqDk8H/LnHKWbESnwOjWdorSYM6sL+dArI+6YmcP+V5rIW3cMvDjWinWrwjHDzRW2f7yH4bsU4WvmNPzw/AaZVgnQrCYJ+OIvDV5DKzl27S2uK/KEY7YmJG/ogqUxeQhZJmzz7ysWH75L0zQ1YL1VBL5cXUnXjpdyT5YstL49zlJWtbj4SQwY6O3Eyq0u/OqCPsxWuwRrrSdR2k5VPuQ7m2Pdf/DVuTl85HU9huWNwriT7pBwbDT49aVwRfEFmLLTh4dzbtKlUZs4c+43jF9/GYPER/OuFqZH+QJA8ZYIWdYU/1EYtzUsB/QwpNoCP5Ib7QiTzz1h97V1qHxIGbSnR6LS6im8OG0xTEx8CunX0llBKIRWLp3Eq8Q3gvaQOTmcGg+nRSKw4ZQmCLe8hpFyZSx3aSkWnKxjw6XeZH+tGVv6X8CzU+Zwr82fck7NZp1PtfjwbxT4pAdx3LhWstJyIy29lxj46iVMOKQE4ZtnknXfVSx5Mw4EWlXA49Y3PPXFHn3vubLCzD0ot7uanriPgYoiYZTL9CD9Xy70tzERVjlncmihJACGoem2H7ByURtI50lB7IoweHdJmcxOu4H7dWX6EbWFPgteBpsbzvSr0xLXuLXwsJcyHBB+Q18CtpHdk3NolypOl/9YYpmAPI2nNzDyfTT+efKDLHIR1o04Q49yDsKi/frcfX+Q8dUP3k774dXt13jvmggFWm7GP4tUwHTWdFi3cBnMNP9FuodLeP/qcsBDTrBuymI81PwO/s1LxkJFFUh5FkIW8u/4ecUutrp0lL8dfYa6OZ641l8GHjfp89qfJuy5aAJ4rw5gJa/FIPd9K8ZseQCmkp0gH6eMT8XKacHbXvwYH0CZ/QrgMGIOPVq/G6dvmkGD7t3w00oWjfOqWaHZE3oFl9KiE/38T1oTSi7IwLZJKzgpqJBuxSRDYeQdHFKWx/EKYjBxVAy1euQgGQJ0z+2CmdcQhOKkcODYLSYtT9DYtBRLfVqx69dyXrjID3+2qEKa4BNSO1UAm0fl4dISaQgIrMGrPw9Ae+ZDvLlzN7+XWIz3ugjm3vLg2ZILYd30Ts4QPoyf3WvgmksdTOlJp++nvoJZpSnOLjAApd/AyY/q0QNFIGGCF308NBnVk+PgzWNbKr68GNftWYY5W6VAJXs6HLSeBVEKG1FzQyNfntaMtcKL6cShZ2AwNx9DQnYSPNMHxTRpaqv2h+bBULBICkKcsIidZALp4d5V1HVlEKZ2b4cXp4ygz6UJqUCDzV1jaOz9F5wf/RGtH+Zjx+td+DBgiH0n7ASFRgGYv7eZlhxqA9lzwzws5M6iZslEjQX43/0Mygq/RDGHBljI2xJGfw7hs/2noTC/kUU3H4Yl6M71AYFgExfGTmdsydFmGwhnacOA51+yj5bBG4VFqH19Nd+ZbE5VEYVU7++G93KcwVfuJoUXKMFWN0X6uLEP9OPO89pAOxCQtsHxmjUw7YAaz88qwU2Hovn3Jw1YH7eFhtZog62BNvctfoOjp8ZSg0IjjS/diWfkxFgpE0HGWhEerlzHddN3U/QsdQxaFQ6nfe3pukQznP2giPreozlZdyo66ZjC7OF9FOXDsM/TALRLp0P0sD8tuWjFHROWooruMfzrfwiwQhB+SXdS2nActxevQP34Jbja2ASSS0J4a2oYP6rSRcUZPrCwUg9EzTvwq89G7D5zi8SPXKFdDpUYkudHw/KT0WavGN4YvwNEuxH8Z4pw1ywlmmQ4xC6lzbhx4wLYNHCHNbYYsNcDQ/zxYzNbzdcCqaen+NpYR66YvxF+7qtjEe/H5C0wGj/K/MGRL17D4RE9UDtSASIbSsi0pw8f9o4CDV9zVFN6icomHqhYcoc/68/CplUG9MDbGIKe9cK0OR5Y9ngUvp8sg0tT9pDwYCXoQSJs05aHZQKXUH21Lnh2ncevOSO5+ZIj+cm58YC4EF57aQsyWuPg/KAJRNZqgej00VCnu4Kn/7PDNwJeNO/jMbwXdJrHDhXx2+4y9ghI4t0JRWRkOBE2Lm+l4lsdHHx/O+fsk+ejajvxXvZFcLwzm2dXxtCb+zKo5KwN7wx/kNnueSjoe4SqO25i69ID0NDUA4K6P/hagiMIXx1PCk8MQEvuJ32YMpuvtHbhmX1HYfXJ9WTyIhidjfaR5d1CPBNgxoMO2iB6rpbCqJ9OO7zmqjAHfqp0Ge/L1WGNyR46NlxKkRd7uemqNhif9CTj+D3QuX8CXM9ogsYVl+hqtinlZERAQps/B2Wrw6HdqnDqiABnm16B4PpalitqxA1739Nt4ThyOqWKdzqGaaN7Dcx9Mh7WrnoNi7/owerSEOr2SOS4XxchXcKUm01U0Mj+Fp83eo+Ky+Uhf+VhWiscCk55EylxTxg/X5mECzZegIqvX7j+wjx+4eTDruJCsCJeBDNKtOhT9yKuufkJVjZmwKNvR+ii2la2i+qB8s2z6PKAIvyuPMlXTD3ZN7CXph+/Am4Gi1FrhB5LrezCCwECvDp1C+vJCcH0548wr+Asiwu+4KiW71Rj+QudN2cg1M7HaYtkQLFxKY58qAx+JnJYPfc3XOnyZKNz93lteRr4R9kQXVuIkwdeMFwq4AE0hjfP1cDe6gf9aFLDcI35ZLbLFhKdznKu8yHaa7iSNcOGcdROAWj3a+XiRXWwIvk+xcWL0B+5Fr4x8yrklblhvWMA9sktZ4E7ApCwZx9WjkvHzF2dtOooUElhE1+u3EL6MSb0p1sVF90IgLvzJ8KmO95cq2SOURd+49dfJylHNou60yuxxvQiFG5eAqNau9C1RhXMbmZwTvoSnB/biq8ORnDC2W5SrQ9By/jHmGDQRUdk9tOWIm04EtGPsU4Lcf22KAwva8Mmm2yek1/OR6cGg/LdXFJbcQmn/9SG17eruTZWkNWnSND2nSq0N7sfMo4q0FMJEXxlnorTEo1Jzm4CfKDNaHS0m+VKpuDlNV9oe6EK5TyVZ4WIfnhv7Y4jpurQ0m5FWB9zhp7+XoIjlG7QjHW2GCS8hX2naPMoCyf+NPgXjsoj79YcAVM1H9C7L06wWnoCK3UIc2DWLPQNUKDqs5pUGioKTre78HmsDYyf4E4h0M5ev5xZ6+sIXHXsPyoTfsH2jkpgb9qI5zqPgUObJMi/84JfGyoopCKf5y3Yhv3PkzgxXh9yz2SxzvFi7AmOxn/OANvq/Ol4yTauah1DNs3voCdDiNM97GmPTht+2BEHx292UFGhMogFXYUPM5aCVaUZtN9fT9q+t0C/ZzYOGVVi/9EmLg6cyI8nWsEss8k4RmUe3VRZwF1znHilThod0l1Oz6paIamW4VxnBSfMZpD+qMgrKneDxwdbkJTbxQZVn2jU6s/YVyuFATH78MaXZjiWpAhdkpJgtKEA9GEKqDRuA+FUG5p8ex5/fvcPtq9agY/Ur8APUwZr/x9w56o0f77yhI3VLuNYmZ34x6IULx1bh0ovV6PtdB288VIXJqWco6t180DvTx7ftHsNKlZ3MCwwm406H0Ox2RaIVVLEn9WGsG7cYVDco0J29+6x2cA4PjmnBsPFvuPeoae453M8en9wJulYOZCu0cNHGY3wb2UfhFgd4tS4NjhZm0fJzw2Jbx7DqdcPkORzccjFZbBhQxUpn9gAz+gU5+/3BU23jXCiapgzwpfT9Zc7OHY6gsi3cNC0+4YNBxI47LAYn9i+FbdfG0uZu7dD6OA5HLn8AWrfmgDPWjdjxG5fGlzojv0HrmBh7yZImC+DX8UGuSLuJdm0v2WPtwqweJkRPrv/HKC0h+719MHPjdI4MFjEQbMF4WxkMYieaCUVHyHYs6iJer/fwu2z5CGsJor3Yy1vk3nEVxJ8cO3kTpoqHcsz/QjGOBzA213PeWlzOoyWkYaeTc4cZhLD7r3laPGzkRd97EbjEnEY6T1ME6p0MFJaFX1ye2hayF2UD2iFRXWP4MU7H8qu/Ar6o/WgKU2CZLp+4LGUn6C92BRcs7w4tEwPG6u6wEvWiEqruyikaTKkDEry0bpyNHV0ZfGv5rxujioN/IriRLFa2JW4FKuX1pNehR64tmSCv1sN6Ky8TZUlq8gqTwwf1WmwnoM1mZ4fDQKHdCl/rwqcHVzAzrSF880UUfC7Eu1pSORGIU/kSCXI3vINE7f3oed7EdCIKgK5pNdgcfgRGlnt5qUHf+G70HbQd2EQeTefnd7v4H/xWvBrvQHwyCI27y+kVxWfYOFaQ/hS6IDukov59vgN0HTLC0pvyIGmizgVHlPg9zJMmjsGUWxJN3yuD2C/Yy74rXQ6Zqpuhv1FCrB32xDvHCrH8aWOuE/eGyIyt9IhxaOU9vA8mf40BMm0LHIINAOF1Y5Y5XyYpSXu0YqRIehXlUxd/SJ0L0wVwx2uUUt9E2q+kYJbK3qovS4Uds2ogo+1dXRkSg6+KZjCe7tX81zRz5R2vAx+7BWG8oJ0EHb9iUEDs2hbhhFYDD0B+QQByh6rCzm69pS79CX4r7aGrNl7UShIDTz+S6C6REdomCVFfxKzYKNnA+R+Hs1W19/zglKAvFkLwOrtKWr2CMUYMT3Y5niZoufLYk1EJ9parKZXG9IB6y0horCNlKb3Uu/kVIrnTWgfNZfPHYvHWbbXqCDXj3TWBEH1LmXA1FB65OuMIouMMWyrCj0fEcYaJ66hrXU7GoklUfbh46CjPBYyhoJ4qukSTts3xCtOnYZTb1xA/08onfqdCD+2BkL0FHO+UqwDhy3f8e0paSgvd5n9g8pwf+gkHNEeyvYj9vOVJ9vpYvFfaLtsCL7aEeh3cBAdtE35wQsnmCQUDBuMh9lmnCae+L2PHzbX8wUhMyid0g0qf0y4QVyIt194ipcLJ9Pab5V07vR2evipFK7n1lDNZQJRqROAM4r5178FdDppIi/J/QqNXZkc+zQOG/xKIPL+bfj2XAPeHdgPr1zmwn2FZh6f+ItDG4AGx7dzdcMauDV3HwpNVIEcCSn4GzuV9fbu4P79bTDpSxU/iKqksPpXIDhTj/4aRKFAjxuo7iW4rrcY5ESy+dLJ03SyWJtOZKrS4MSdFLnZCByfqcG81CM83GkK0UKx9Eqvht7tbOONmXps3/UWQyZrwbWYBHgq8gBW5Uiir5EO/CfrDPsPSGNF9H147d/C2LOCd7+ZT/vgAVfoP6etR1V49d2J4FC3FiyVBshUYxQcFH3IRz3+cLF5BzQZaGJ48CH+ff4S7DGbBOCwlDaGltCM70nwe/9FhORFVDjmOq+tMqZVB/xQb+k7rGvRgAV123njdF/yzTeEBdqv6b7ScYgs1sDqJd1oQTEgnXKcmx6rwMLgf1z1chQOXv3Ea3pu4kCYFmb+fkoJY5LwX6UkvJJcAEo8FUwEWyDqdgwON4dB4umjFKZqRjnD4zA0OQOlbDawUvQn9ndWAN/XaWy315ae7npGIgb/8It+A33TC4HI9uOwf+p21LBLo8WZU8Bo5Sdwc3LDJVeEcMTJSt63uI23Ps2kr8eXUP/cUPqUsBfvtivB5KddKJ/4F2WuLuQFqk/5znEhqszpY5OlRiSqR2S3+BeXfBGDRXfvwW2Z27D0QDDZ/5LFt+sm4PTMHmp0mYH+5eXwymovuforwRGbr7B4jCleTn0Nvxsv4JmxN/je8cnctPsfuITNp9cvUqDWWQkmLn0OlXaecPdOA5cU9IOg8k2Q1LiJCnMtmB0sSU/qDmYYC4L0rdFQURuFZ26M5rH7U0htTyS6312MOSOW8ZbvD/FKlghcGTCHviNdeOHfNehNHoT+J+Z0pl6DrkguglluQaCWpInHA8TJw1MDyjWFeT5Zw8ERmtgp6g//hBazod9OPJvfxFWnFqLhk83gOkkTLHQcUDKzACZQD35vO8fdPwuhfbUo34uyg0NVnRDwN48mPhaHrMvPwG/mBfqu6EpKtzzp+IutuK/wNe3Y5gb2yQ4YHz6T4iu0wcSwinbHOGLanRfgPyqUlwUEQce+IS7Y8ZLNf27Fec/UyGakGWTF3UHBytsoIyVN1hIrcZ3bJPbMe4gWBrOhMOAcd0zYgEHBMiAS2wlrwg9AWa0XB+nKYdfbJDI1t0TLb89IO/4NPjphwVPejoXe4PU0t00fIvwb6IDcN7Z8jrgmu5BmJiuxSHYn7H1zAR4ECsKlUdtomkMb9sbHoaF8M7p/scMU1/2g2XwPFrIxK8aos6yRNVw4ZMg3BE+z5GYb/KkSzHemWMBY762sJilAY9o/wqKz77FnBsPWF/+o9UQNB6tos7DVGjjUpc1KY/fS3VfXSEHSFW2d/mGsiyrEPb7NAbt/0+o1qhw1Ww+LBPIgyiYXvpEfVzd2QOvG77z7siSsuG8Pb2LcKd8zkkdcs6OibXr8ScCPfzo8pNn+NWAep8rFjyzh9lRLEK66BHFpDtSyfwm2fDlOXmN0sdH6KO/8NYKea01i7UYTuLbDBQ81tvC7h5EUZeTBxfdCIHzUX3qZ0cAGjRF00MwCb7wThNrgcki2OkuVHh9BZOVdfD9nNX08bE6iVzogp1UWLHtl+Z3TeKjRy2fHGXdQNu0uLxv/hXyWnaG7Rd5sIWpASfwfJXXvpDlu1uA7x5bWTCmAFwUR6PblPTz7aQk+lws59/w+UF2yHt49dwX1Efowt6WSXusHc6zUfD4jIwhzw0K49uUOnvU3nE/ka+PLpevZ0NsACjUqUfXGDciVTsCVb5twaQaBeLgO9/oF0/sr2/CgXRLP26ILhnYBJGGzmX/M78AZj9rggp4bl7mNoc45q+hF1yn4nDEO3j9UgT0a1Zg4rZEzqtSYwns5SqKZGs4G84i7SlxxfCfq906BwFvj4GXxJyo7bAHyDub4ds9aniWXy/8j7j4UgVDUAAD/I7OQ7GRkRVZIydbWLpKGUNqFZEVDOUpGi4yUklREgwqFslVGEqVQKUWUStHCfYz7JN+RFdFgHanJgdSNnTqVsD5AB1LOb8G9WQf5yZ5a5lJP7PM9jkvijOHuh53oJT5I4+YasMZNLTgnpcQSq2+C9eyfPMF1PA88vw8fRjwG/7t6uH7RLdxhawMhuSYw172T419ZMsq1o2lqKhduOMavP7+AZx6WNL9tFTWd9MKH4dKgY/8bljsm0+E2DZ41ZinXHb6OH9qqsEvEiXSz68BYfyX4K2tC3htVjjWZiLOiuskyOwaPP7Gj38f3QFVaCql2CvKhlEEwHTaFbe8sOPH9MT7SspwMY1Zg7rto0rediVKuwixbs5dGipfh9Plj4ZNJN2ROWAcCa4bxor861WSPgGbfPOysX4tx0sKYsOM3vjkxBrabtaPF3ls875kFBZzyYuOJytB7NRdHXPDFltW+/LxSFWYXE+gN1uHEhGTuT/GEiJYW7v9mAKoLv0KoQQbd/iGC0QdD8VPteMiNHQMnxkWgpp8lZaZvpl9xu2lDRgZ7GlnQifJ/4C1ZwZcuAMiZVPL60eEU82whn3V8AQqGy9BxrSWqZXVilsV5NphpT7bPNGDG4Cp03pHBc3KewsYNw2DtP4wR4cYQJVvPSXU6oFkymdaeHgkOWb/R4KU3PD6hz4+3JVBrmQxpSSwGz+kSKNSuAHVzn8K/gvGg0/8Obm6vpVTjn5ThGUzJegCDj2rpZ/gVbvbaAqL97lgcrwLf3tnS4kxHKNtzAcQ+d8NJ0SGoKvnF3SICJDJJFg5uj4NRaaow/q8vr7orC4cW+6PRz0Vw9spVynx/ntyd9NA0WpGqZpyGdgE9SFvtxad2DfOaXR30zjUSN1adxpzsGdiQtwyvlljjjFnC1BMlAmNOfkE7q7WQPV0WdZIqWfSaBCdPsqWzB12p/GYv84MtvPqAGsg9iuM3hU/4r+MKnuk0nqeMyuE7noK0NbqHitJt+a5INVRIa4KwtRDVL7/Aj76ZcoHhF3636hs8k5iBU1TcYMK1j/goXpGnnxkPPrMFUTJFgdSSfmGs50vscJmH+b4LeMy4E7ja6ztXtn2gxlnjwbHoH8hY3EcBeREMPq7Fh19nUnlEG60f7UiLl9/nszKNKPrbFGJ2pZHKrxN06cUjfHQnhW4L1INs507471AxV85ciM93f+TtD5WgWcuDfM4eBqHvy3jHhNk4nOAJRS5hNLJ/Ppf0CMFjM03cO1YOlF5N5XcaD+HWand6/CMVFB4O0DqTRtKMfMPzHEazwScvKKiXBntdXfKzUQcQ34ielvdwXOAbWH82nrrlq+j36SG2tfZmOdVpkHy5Eh1ji7iz6iuteHWFtTLyeb4cgONXKbD0+83qCwMR061A/5QmmkokwsaT1fDsSCImrcrFpp1fOCTLA784+sHzxIfk/mQMHNqnQQlqxdAh2MPCiVsx0XAm30u5zuvOXYTwj7fx3YN7JC2jCtveaoC5XjAs8FpEMhktbBj3Hka+fkMz80Rxcu4LVj8yEh6sIbi1qAoamrbQBNlSvvk+kpZH/KHJ97dDmv97SIcYHhvWBVP6lcBTgsn6qi7K3DWhyHu5lHEkgkVmOuHSCQLotEcNzssswwdPVGCf2z3igD+Qs7iYpb438qBHPyt++0A7LsRQ4QUDFNm1GmcvV4DGGZ+obZwcpvlU4OlmhLtxdzg8wIR+aepDceVcHPT8D1JWGEFCzFU8UFBOqUfMwPepMPcqaqNOxWEeOhRAl2aaYtTTq9R6TgsO5T2lqNMB1JxriDbOk7Du7GLOxauwWFOL13UdwRS1BDq/VQ4ud43i6//JwZcjE3nyyiHsu2kB9wPkyGStI5wvu4U5whNANUMYNq/Xo/+8NeB3nAt7v7LHCfdWUV6SMjbcFcPfBm185vdPuvtZCZxljNHhv9sgc3YSllhW4dTUI7j/4GUq/d0PjctUIVwwABb6IVhFEM3UOoGyg1l8XqYWlwQ1U4nmY7ZtW8A5yioUkXwDIsSsYcrNFP40hci69jHuqrADkfm15FCWDRkbPHj3+RN8wMeKQlKs4cjSYvy1eheXaxbQqVuf6YW7DbR3rSJzh5d8xH4x7hc+DqNkRsHcnh305u4UcpB/ghsf6GLf0t38ev5RHmpRAJKzw83PLGD/VWk4rh4P6017gVmPnmhY0+HWdVR/7DPuse/nl36raNphSZbwMYCNeQU0b7cZSE+8zNKjX+K8SxNgoog1W28fh3oy58Hw5jzenTcV6iQm0vQSO1S+KoLy3X5w4sIW/NnxlgJsRDF+5QwqmPkVLMT1oWq5ILzQbYWRK/9wU+kcVjcRg+4fK/Ha9ams88WXXh1toIf/ycCdh5e5ZGwxmDX5U9nKr6y88hTmpawiTaMh/OWRhnN2iXLEBytYkq7Mk+wugdzlNKzvfEY6IpaUr7CIYsqvcZ/wd753JxZfL1CAEToWpCAgiM1pL1Dm/EXe06uBc4OdmVqPQsar13hy+0l6eHE8yE0zxPtPw3Fd7EhyzGSU33kKyua08/2C/egZ9QGnDdvhEzlV2D8pgCffbOK694vAyXQuaS9eA44XDtEy1TPYVC9Cpos6cZkBwPSSYCjeWwN7RhSC26kHdLtOEeYr3MBjp5v5o+xb7r80n17PkYShR7pg5dJJjbHC3BV2lr0K5SklSpRCn8/jLYHzacW7bbhvgiTMV0/BvsdbuNmjj30ELnJdnCg8OSqEQeN6EWuqsfftN9q4Sgjk3sVzxPxNsH9DDpgpqNG2nc/5vbo2NfmPZYvFbbjj93va8dEKyoNe8S3vHtwnLAynPnpC88tsEhyfi9sORPCBr3eg3mAF38mfDI6q+nQ6wJg/vLHHgbWb8ef5ybBr5SRaKbccDtWmsNGjUfxTcgxsOCvA3fXE4WmVEFGThVMqzUkrz5X+SHyDWYWvQLZggCrHCEGa3lqOU67C1FkadK8vD9bpqkHls7koN5QFYqFW8GO8KemI64P7x0+4b1YAnp0eAh836dPJ+M/kUzQA09aLseAWxKGOdfjtohQ8nPAMSgql+UR6EL42Modq33lk8fsWjTXxw60zf+CT6s28XsUSlowyodpLBujWZU3L9RzYYWQsiIjOwqRtzzHe5CXtyjGmy11ycNYkl99cNydri1Ja5adJzgumYnmqL54vtMdjKMCq1Y00PVYPxjqP42hLI4TsX5g12oPXHEglQfUiXnP9N7m43MAZe4ph2QwTWHu3B7+W/+BDe51IXegda785SXaqA+w3voTOdg1D5AJBGNEIMNHWmXJVXkHVhSr+7+gXjHZ3pxE6ORSyuwDKFB1x5ZvVNGqdJqTeF+cfjsmIyitwzeF3PHHPBbLPasVZrou4LH0Ryuh4QZIEwmO/QDa51IruNVEgnxaN5lHKtFLrExzUnEBRDcdg0w8jqBnJMKZNEAOGL9LRY1vZTPAtZlgnQmXCL/4xmAfHW8KotqGUbrMK9K8bQKPrc/BZVTbd2PAFLCzmk+qYM/znswwcVV6OG+79omcDNlC8sYjm5k+lnuEPYDmrB5P23sJjO9zgyONiKN0cwg9me4Dgal1Q2dfIj18rYe+PveQ6fhn86BrFi06u42ehW3FBSQfWjkzj3bnCYJMtDHNizEnkxRV6dS8AfIRXcZbgPMrfuBvGK6yHt/+2gsYKLVAP28tDQQN8ckc9nnw5AZ53+nLai1yUbdnOf1w28aI/vTQbJkJScQLNGrsZpUTVeZVUIWyYg+hbvBSbDfehV5Y4ev5NhjVbtEFphzWkNKjR7KqPZDRgSOIGznCo8TEqfv/L83ZcwXWlivxHexpU6wUTJQtRxZnD3D5oyQub0qBhUSS9+uqHlw4n0P2N/RS8bSRovHWj8VbB9FTvJuy8pkqlphMxdu1LrNn4DI+3WNH28kyS8FeDAvXH6PQmk/0KXPjA0HaY072IPSdth+T3fagRIIQrXBOxo0MRtIo2YUiDKI7P2cI9E+spXOcAJJansXp8EG24cB5K3yXQ6I3TYOQeGchd+Y/ibM5Q+fdizjd5QV/3tuEn+d1wpSEcbNa441mWBh3hbs7RyILoB1vAt+cYFmYastmURgya84Ja4wIxQj0Tn/tMhjcL3fjUWDVunbkfJiZnk3pJEX4baEbl1Rf4LPiDz3UbPvPREK47zMCjm8dQRWQymVmuoKXHz1JWejXNaVfCcbm/KcPKkBcKGoHk4CGQCFDAOsNqXqJgSlHO4jj2SzALPl2JyUKPqXh+JWcbmECBaCmJfV4J1WYvyLUgEgTynOhwWC2NjozCo14GZGZylx0i5aHZQR29lubTBY3bVFCchkaLRLiyxYRVfrznwVZjtk25Cb696nA08Bc7yYSCu+kS7v2lQw1KPXCkqJrl19pSyDQJNilp5ebhEbDgdTMruM/G/vEreaT4aX6bgjhD/xt3J9XBEZ2jZOb1gZ53joNrf/Oxd9CXDCdWwCTtClRZoMQyJd5Ycesppnz7wXdNR4FMkDZ8CLeF7RVJUPpKmbMCJ3HS3l/g7z2Df77fxTNe9sDkfgFSG54IzpMnQ1TTEVgR60u3rVfzXZ31pDBNBroqdTE/YzTbK4ykvjeTYNXJAlTwtkWfjjCyjUnjoQcDHDbrBK7asZ4lKtzx52Np/iBlBvK2ifjibQ0/pQssHOKHG5YOkUftZZh7Ko7f/3jCv6X24m05dQgSfcfb7e6Blwaz9+8rMDVQm7v1OiHoiAsYV1fAyrPFfDjbHBbn58NrzybKiSvDf6fb6LHLYhgab0UeX3dR/MtrfGlyFP8JFgaBp/Kk/asV971ZyZ52OdC4byGPD2wm/1Dk8OtBNGHXIYpeogllm7cjdY1guSWBNMJQkBeovEK9rl/4YfAX3PpJ9NDyINu+lAI7wROcd6Wfngzt4LURiqCvoAYdhybByWm1vCgvkgu4B1NWM4RM3gIJvbPYLawG5j3ZxDldH7HSSouXtSzE5+ucUe7AZE56JgqaBlo0bWkHCA3dpVkuSZASa0wBzy9Bi88xXjHxIxov2Q7CzeMg3LIYZ3YVoRAVkD95gJKRFyrvlALbuzMp1D0cH+S9poMNBrBEoRBu5h2ho8e+saxHIfmWbYMCSSeomnkMn8b10C79cNhsTrDp6le2mjGMm3p2QPMoY7KrYXrjfY/mnzOg7+9C4W7iDHArMIOtZqKgLqJPK59OwWkPf0M4BIPqkWsgX6NN8XPcYfjtVxZKGQcHRbwh63oWj4pJh/3jRsKURgOYOOIxHbtpiSHugnBURA52mU+Cxq+6sP+tHeUtd+HuQeTogxmwP1QVBtxmcedYFbS5nU3fdKxg5CFDtEsby5nvo9g835evGmjj4UlTKG3NJiqaVQUfpyqRMevCmteBOKP5MqVJOrBhfx7drNbAEbu7+HW7LJnuHcSBhNk0198SNqY95trw1XBzQIYGPs3Eycd+0DlIhD1jbmLi0mFMubUN76oaQXCqPN7vt8ZVM/dy1BUNWq6tx293ysBgtQXIlTRh1610LB9UhukmIhRRuprW9F8ij/7jMFVmJ8SKm4DOr1c4e+ZdKlnthqFfxwDWGlCDrxCMUFGnRe2xsCXNkE42j0eLmOd4sugvbZdKgf+8LeFAZgNs1+tHl9uJGL4MWXCGMVc59dCdo3qwKq0RNI+v5uE/AFc7o0k2PgaNk+fyJJ8++JD5ATMiL5PYw0z6XSYD7UOHyfubNYxZcICenrTn65czsT6jCTL7buLKWZG0aOF2MuR/4NPdyWckRCDNfTVPFl0HUeUDlNrXA24qgeA6XpbfHu6G8KX7YLfAa96rPxYihc5QbVgRL9ouT2uPmFLA56vw4NIosNAcTcKv/8KdZ5dovfwE6G65gRF9Tey5ZAMYFK/Alo2HqMLLBif33GA1YUXYMqBFwXbK8KbkLPwODcCfsxO4pOAltzoWY3vpMhyTOIsUpurCpGPGaO0mCU4m+1BPeA3O0rlIId3TONPIEmZmd2DavUoUn/YAnUeNoAWu0uDyV4zWLppPcx2+0Ot6b7D+WcZLx9rSnd5r9LPIkDfIFaB5mxwYFL+EnfyAnubNRoXQEyxul8DyHXfAfY0jfl6+hZfvH0dqypqwwGQJJklE0KTds2B/rA1XKr4FgZVZlPH+IRXluPMFkQOUvRrhh2w+T3owyG0ZcTh73ThcmXgBLC/vhuY+GcyrF6C79ASlP6rCz24XHvffbEg3z6XeAV08NLSYxJ6+451tYRhWvoW/fA8nI//J4BawDL2qdVHjxjz6b9t20A6Yi1ddZXn2wRt8PMQMlTae5luNFvAlqRyCDprxpI/N+H7uNnxzCUnv9FSUUvTgLSqp1LvdnI6O0YapkxJBfjpgpaghO10+wufck3m+syDx9NM8eXciV9kFQWyMENhJKMNcmyj+d9qbdr9IQfnlZvRyew6+HLsTdTAdx6g4o36HHBQe18RFDw+x6aZA+Ff/kfO2bOG5m+TAY/IgZWWmYUXYf7zpljKEPZuEC/0/8ST1JNIfmAs3A6RRq78OpNZPppFri/h2zgigTFVYrv6DHNru0dBSWSpO9MKxGwX5n7wjDF10IJWW+/xV4xN/mWgBkne0KUPHGb9HGqHt1b8spfcEPH68Iblp3zht5hr4tSIIO0UnQenjQxTTeQcsF/rg4rvR/GogiOW22VNgiCD+UPZAgcNrweyPDrTvfsbmH87zgYiF1G00m7ONHdFTfC16+jVDXUM2ungJ47CONeyILob7e1rx4TIt8p7qxluuyMDh4TvYJR+Gz5Jb0fl1EW+pFIeSpGSwelPIvq6BXD5aCxvef6f15Yok+/0EjNnnAL1CpbhAYxrM7fSgWx/EUNt+Ar6UfYcvxvdSQ08IHg49AiG/M2iTdAtYRavCvzQTzny9E6Y+rEAnn1Ww9Phe6tbqQDXLubRurTt//ykKqb1T4IzoKvK5+4a2RP4jm3PldIO90d56Mc2CBKpar896Xa85VkoNlMT0IHWRFf6Tu0qp7wzpq0QapImkguals6SfFAUibhfoVpIgxN47CNo2vrD+80FuUWqAFjU76Dr2BxZarac3jnNAf1Uvt3jbgL+bGAad6we1I6U0zj4OmkW9aOmjYdSNe8ZZLwI5VGcQDQpV4Ni5lahbFAxiS1swb6MAlNzbh8HOh7ks+gpeEKvAk1+sqVlFBGa9aIIR5rbsVbUDWqSb8MajGjqQv4Vi4qV5Q70eSDdfwcjLRtC2p5VFDK3YxNyOPSrc8NqdTjRomAfeITv5wEURmqx2E/I8tSFZfheWi02kp7F+0NXjz+m352NRvB9ofrPA98WW/K/xOH3vV4NLSp3QODcWu11fQDaPZdWaY/jBRpM//J6HAT2nQMdaE4uKlEFIMI/S5Icgx74dk5t2YOyMf2RivQA/Qz28fTMBTZLS2Of+BDg4NxKnadti3u0RsPBDJKr3TKY918NAvLYdYsa8hZ926ui4SgI65nRQYW0C5p8fwvM1gxSXMYmjR0+AMR2X0WHTBhrdPojCSxHynPRJ93sldvqX4vCVtxCpZ41rTzjTop5Y/te+mQN1I9imTgtcT8ZgZq4TfK05Rr/3jwYRy0yUm2HOqmZfsWxhFjQtmAD+EVLw79xJdN2yk2PKgGvzT4D6zoX4SecQf513AuQP7eedHxegh7gw+AwYwJztsrDcSZsy+pfA+T1i/GBsFKzbbA/GgtfhxOL/cKBOFgbsb2LM6Dv4A4NZNPsZyusJcE2TMPyQVeIVFzaAV+tzNO6WhHcrT6Or2EaynhKPLpeteEnsPo787kGbnqaDxw8l6K+/AY4xphAhGc0+62+zaE8GRoYowbkpJ+nToUWoObGUR7mMR7Xafpoug+AqOgLaKrOhNj8YhFJ30a9qIRjQbmXKvgdWpbsp7+k8HPPJBqacS4DQY2vpcIUJXXbuAMWF6TB2Xhbp6G9Do6LLnGyUh6lX5OF15j20Gl1Jt1OPYknUaVwQf44DFtRAh74+ZXRlksHLDCxNU4fAJevIfclUsm9touUz9uD1f+/409NaqLx3n+ztrsOTAebuGxqQAx5oItfENx6788JTaZzz+yKmS1rzufpQXDNdlg7ubqM9dlPASiUVr3I7J+7poyePpTHy93X0yKkj8zVN/LTmGefrXsNdz6VgtFMjzJfZBjOWriCdcICB9520RSea/eOWoZSLNAuM/cA3QxUh7mMeurMofzq7lSVvRcPpuWU0Vjcd5olIgdjBJ3ypYSQea7UC4Tsn8LTdDB7wEgLcq8kOi/Np22cffK05HfcK/IaRm4zowUGCQ4sUoCrND+O1HWjoxRP2z06A7iJhXjL7C86JkOBdx0RJV0cGdqscgnm/87n33FbUWL4FBEc4kk2zOU3fugy2n/4CwcU/wD1UHPbPD4A8UX/MeiSEOwYu0tVdWuxY5c7OCVI43yOC7m6upIQF0rBK3ZnMD5yBI7XtWNkVzk/+1NAi2+ew//p4TGx5CIW3xsLVfaIw42MkFIcZkW7TKtgd/whDb0vw4dv3UPfrU6zpnoH3epy5XF0UvOYJoNf3Ayh+yw63ePWhw651ENpRCJ0/Yqkpdzdu+2ULl/fKw38fMvne1x8gMFaOwufYcveMXpy9ZxP2DWbxiKDT7Fz2BwylxsH3z9sooMeb52T74deMBLL74EWf7HZi0MR0KNZRwb6GCWicZgFLJYDCJ12B6Re+Q7DrcXaSfY7bJhF9KBHCRZrz8V7Tfp4XKw6F9x7zrbYtUD/7FVT+zKUhTxH42tqC3tfT8G+yEj17eod61U3gy9T1pF09ihtCRtHf7jMsdegLatR4sMIdKR5x4hU8WBtMx9eowZJtgzglaT5dXz6KRrXHktitTcDj5rOSPXOmphi3vWiEoucqkJXkDIf6R9GSM5XUkl9D1+fKkHnPfyDgFQltmlbcJJpPlZNGQm/JQUg17sJVFcHoeLMW38X6Y+yDYnw+oo9uq9jh0wIBEh8tCWfX/MEpf03wZKUmjvTQ4Rd9GVSz2BEl62fw1uDr4ObkgM0ztGAT6nFu7Ea426RLInNOsZXzBNg3PZiEFvlA2vEsDHPVp9LT46DGUx1lQ4Wp75USrdVYy89GuIDs7A18JPwycGc6H9EnUN0qAEczKiClSAuvrxblcyQFRu0XIOxgHC8OWE76hx/R32vfuO4KQ9zSkZAYnAQnEhPJXmcE3bS7D6lNg/BY8BoYn34F13x2Mo4QhSGZdN6tYow15+6gp+cSevBiF/updfDjGVOpO6MMVuW/x+EecZgc5Qjqd3fjijvemFiwjOe73YF1ZvZgfjedVL+tRmmKhFS5SbB+vCiK/ZWmdztmc41HFq4T3UTmYXpgub+d98AFUqp4R3m3jGByshVIynjz+fVTIWuXED6b3kFpPxVwoetYSH4iTvFh6txvNw3ay66x15dhnDPtG9V83E/xoy2wY+kxUDeopkyx57TvRjC4Xp8ICa2iUPdJHYvd43ng1BsUf3uEzJc1wMypNrht809y81OhhUYTIVrUE5uXB9F5X0mSa2iCj1EdEGO+jRz7NkMTMriI+oDBFgEw2DsH7RL8WeClHOldf4w7tAq471E4HPKWxMubjTC3Ig12D2lC8MRBvvckgRNcZlHJwTh0CR9Eky9PMX9eJHTlr+DR8e64eqkNhF+Op1XxVuxpO4nvep1FubEdEJY+Asu6MsCwuoXbbqYjxeiA6loBDisM5N3XF/DgkAZeHGyEKOsIPtAogdqqM0lu4whc4WsBZv1RsFjAEk8aLoXUmCFeWTCaWiWdIfjIUci1jAN7r29gsVUJ1m9ZBjsN/iPDelfee6ASereuwkfSN0iwRQiOK//gUb5TwWLFVDiZKo8rc2/wqMVf0Gb+MgiJsYBbn4zoqaIXbg7yg6TYfegiaAVBz2vg8YTXrPVfGB558h013xeSzt/f+OtmJFW2faftM66w2UJBUBeIYf2GQs7RdaDjgrNpueQJMO1bT+nqJbj4iBdW59qjnMFIOHduE1700sO1AZ5cv3MTi/9pwJljVOC7TSmaP6rkU3W78FSHAhw9OJb2LMiDRcJrYCjvLL1bNArGLFPAQ7VfWPRLOH8UGMUlawTAthRw2YQI8LHzwz3jCROTHNB9rAHalnThsbaR3Hn0LxwInAi3GzeT0+ZoEvi3CwfzRKjjfi/nFujxwPZWNP2Yih72/hAkZAzaNiWc0dCB+qWpAME/aJfoI27ZXYezZB/TWNF+in4sD30WhqAr+g/rPnlyh7Y4XT5WwncT76CiSyb6rflG4S83UcHWg6BkIgtC9i1Ul5PJ6pF3UOm/IbazSeXabieeJ/KOCg+WgjlloUySCgifLEWlznII/74WhHa4Ubx1FyyZf4yenqyn8kkZ7FydQqXyKrDseTjqvZcA924fDnlRSo88DHh3gQr0jUumfWnOvHrnR268pgyvRN0pxigRNq0sgxMvgnCp51tYv+MtTsoX4raLtSzqVg21d6XB+dxtMjBooQNap2lL7k+cu281VliaU/mwOT+yiWXXvSZ0Pc0Klu95Qwu09WlxVC1LPhmCeff6cW1hNPbcPQ3Ph9ywtUgVftkKwdudBui4IQ3c7zzGtQWD4LWqCYVvL8Z9Ho/xtpgBJp5uQzl3Obh5+AdqTBMjHf3/aMyCcBg2E4TdgYwWuseh3FgCx1wYBUsLp4H8gV5W9y7GBV/W4uhoPzq3eybnjVGmJ5OmQJ3+N+44J4lT/ujBnnQDHHaOQTsJM/pbpgRiJ6RBSsiPgzQW4sklnuRR8BDrtyH0xWTxuxhTfDywnTKbRqJPxi2KdS6g+NH1/EjoGOVsa0Cd79Lwru4ibFqkRMsG52Bw7Xe++qEJFzzNoRLPg3h7czYffjGHItvEIUf/Cc9YtYBjuyTpYNBEUK3vhNYd46nJ2QSN1FKgpc0U8taLw9XX0+jtgA2am6zhOb1GeO7UAhB8UERzbnWS+PoDMOf9LpL0kIEBvd+8Y1UC+RWsgt0P6jD2vzi4XpRIh2f6Yebq6/RF6QBVdGvBQoccSjmaQrV90zBlRwYW4FTW1nXAbTlWpKbsDRE9jNvOSsLh3GDuGZxKIT8NaZ60Li4cfwtWrF7Oi6QUWenzGvwyexJNWCIBn4pSwM0sFV/VyCNGLYEDq76Cf9R5WqeaAfEK41DXPgGP71OFrypuvHnhQ/y88Bqc27mYhq0U8KnHLBbyTafkAyVU9E+Z4l9pw811x/mVnwqFXpoJwR/mg5fvOCpKesUDhRf4xPBvzpldgpZvJ0LunlzqXb4ba7d7wFLRP2iWNALqJaU5U1yINnwMQmMqoLxAK1CMf82hpzWhWP8ltrrU0ZBWAM5JiGc/czlQzPak7c4JrHFTAuaFOnBNeSva3t4KQuNEeaF/Kdxwfozj94bQ9Q3lPOViGMWOVoSPdftZZus2hAwFyLvuBxMHNsLlDUchTaGB9f+WYsCPxVD0RR62LF1HT7PasLR3PbsUmsGcDTspWjcOb5+rx2wPKcwUlof2MZLwd/Zc+rxJn7sOpEHwitd0KccBnnzO54qXk/nnu2i4Z6nPjautIMtfgNfuacZZ/5xwwoLJZGvqSr6THvC0+ZfRScoVUrJC0XnkKIgSjKbgeg+ev2gzd5pvhVHmSnTmpShE/FeEbb5PcXhUPOm/mgiH3jvj3GOvIbetlaZPq0XL5C7WL9sOTofNWUCuGFKDFUhDyAyOFTyCWXPS0FDNgjXFzbAx5x/4dfjw4knzea1OFZf/aiTHX4pQHnMTnpx2QJP+gxjS2owi2qt4u+FdKJq2iBZGX6SodyUgYyULqh8f4yZhKTY4LAj2jX0UdnY9Sr7Qxgs5XfQ1Mp6H+m6CyzhJ+PExgiMOZvDg3ofc9WMTiXrtwqV+x/jAIW2c+WknF1wYwAZ7M7j68Q/GrHdleSFT2OMwG7aftMCKb5Z85+wK8Ho/D3NaE0HfWxEe17tjVdg4utsSxTZBO+nOZQ8W39jFDxVTqCMQ4fGOZjRW0Qav+EuU81SX0wcXkLOMKFjOnwcCvpep8dQFVG19D9st/MDrnSl07l8Bd++P4fTsAI5r/4PVMato6mxPnJj+lzObR+L+t0OwrFgRhg1f0ifZr9Dy8ijlpuWB6C17yGlbjuEPdXHIjCB86iKetVIeDhq/gH21YnRT9w/Ztqvi3z4b9l0rzAUbJOj2ikBSm26EEtVCEKOEfHk7k+TzHG5peIidUo6I36+hxr5B7Kj8iS0D+6hCWwfqdVbDyyfP+Ne+r+gvWoQ2OfnwxzIB06ut4W6UAt7tECYngbGQLexJh5oN4FBcJG29FIfD6kHo3JuDhYViNNbQljfoj4RXC6X+b/5vwexvNBl/8swKd5gcV41XW1xY9tcdag1Qp+WNItiqbQsJv0TA7pQbKgk1o3azJzzfr4hj/+yCVfclwGFaPOp9XQZH78VxwlQVcMUx8PR4F9lqJeGJKhkS36cBWvN60GZ2Mog+Y7ioLkJnN+nB+zmOnH6xCgfN3sAXwQDQPPWNrk7K4bw+V15/TI/21aXRallZKAnYy6/n3KDQg34g8foPLBG8QQ4j6+jTro9YGKDHHfcfg90kUdjl6kOnnjRBlPNS/FhwCyXyq0hp0iVeXvIQb/77hi4+x/FTjgkYiiA1n+7kaOkYvmv2ibvHjaTAvRs4ee4FNERZWGv7lirVR0O3bCcfc1kMZ4MlSEVLgk0PpVJDJfEPb2NaoPELu4T/QmyZCvxzP0Ift0jTQbdlKCs2mlP/hbPmxFE0T2sMlLqsxkuRMbw8dRxIq4yjDziIq8aJYoDYdByqs2Gp+MU85u49+hB0CyfvrSJvUx1wKjnFpRtLSDY/GIymi/DHZetozwk71IQb3PI9C2+8OAOx0/SgFqbQETtb3PdoMglrbMCtMb9J5t4PDF0/HkZtXAM9NyThh/8UeBaSwwGT41lmmwTIfXnJVgKemJpsxPeHE+nb+nXocdwDdnlbQHlvIjWXuWHGsS3g8FMRp457AS/3bmDvkCiQPK1Os/sbMWv6GGjBX5wh9JxOnDqAdmYJ1Lr+FApvC6X7f5x4qmQhpykYwmEBRfhXP0xzhzthufMVemgYDWPDxbC5UYufXn7CJUJtNPbQffJ7NAWi9LbguOsf6EP8dLYWd0G3/W+o47I3ve/UpPJ2Zfq7ZwlNStAB8WN78Mw7X3z4Zg2e9HvIH+rvUnNbCBRaq1G2Th1Ern4I7/5IwoO7o7Ezfyp5/TECrYy35Lo6hb4UqjJl18PrsPVsbK9PQg4I7VnmfDn+Fqr4qbH7VHsO/h6ED+9fpd9H9sPTWXPobuBonLbJEGKOFNNLl2vw6Ns2vtm4BHyPhqPlfhswHa+AJ5XEKOdEMmevsoEzkVewMW8TK+05R6IfmtFD9ghnv5GgB2WTKapUDUcLx8DbFAMw9fmHj+RmkqJpGZuFvsGMp5/ITTkGa87sxLR7AfRZuYe/2kpBa8Q9Si0zxuAOVXQ0+4hKDy7Qc+fprHFACEj2EqUML6SlJ0dBTnkbW8bmgt7jP3i7LIZ+TxFmLQ8dnnx7ATmGTiPXzCI4uccCdj+vId/1ZXRKbDGLH7rH4rquOLVlMn0frMSCKlFc+rYWxGWUIDnFlJVXf8dEnWkg5/KbX9t/o0XNp3lE3QSIKzsDd9fUwI/RE8DloQ+K7PLGJfoDbKzjCn0WI6D3zlV2E/7F7VfDWanqCJWvVYKq+ofcMeI7umxWRjfjV2ib+IZ84qfygifuVCQ+HtrWE2qJTYLpx8TJW/ArbHNVQ9RLpJLmcBx5bYB7X5vQhZX7sNv2HEndHgU5y58SqTzAPps4TruRDHkh0axXW499b0NBPfIIq29xBe1EDXB76EtKEQp0NOgzi7YfhRmLdnHs+y8Q0a0ILs1fwWxlM5wOHA8P//sEA3mtEKWKnCe1l07kVOOz6hK4t6CbzIZ/QXr/aDjYqQbnAxJ5c3sf2wiZYNqVNZAkJUJ6TgU0QTaEjgbJY3GTPx6oUgaVEWXUMOU+ZMvMp4r1uViTmMVnXu6ldyN6KHiuLel536H7dyRA89ktXq4AqHCyEXInP8Tl5s/w1lVCkeAXnDecAfbDYuAkJQC5z4/yuXuW8HLOHhr104hW3wmig9nnMVxnHtYOyWLCU1v4Fa0E95WNUNKgG5u79nOi8U6c80qd/E6l4ttL8yn5WiJ1dYbRiu0Ewx+e4TlvX1QTzaXpmU108oMvTdp8HzpEnbE4cBcvOXOeHPwmwtkvpVgxcycmz50PNqLmDGfEMOqDCC2X8OGNpr9Aa/cqbkpVBrUvoyDi403efViNohxesbXlTwq6OBZUxuVC4rJz7HAhHD/fk4cNbWFkXx2O846Zwtq4KjQw7KDRM5J4pvN4nrFlI53+VI7BHSqwrzcZK8RPkN+PP3xgOJN38hvwcTqFhd4nOFFuCtx99AlyEsTh+cZnXHfKg2vq3/FDUT9SiguD0/UPeXbKMKx82w6Vzk846s9Y+DduDGWZh1Bfkg29M6ugaXo6NH3rJOi7H0T5syPpi30qaQRYwtMxSoThPyDC6SFFvXhID8Tmwc6czaRofh+XZgxgiFgkrzMbAb7CWShnrg1Zo3Q5/oUZPvpkyicTg3D3cBylx9rx7WUbabryCJB1PI2k6k31JfogNeEEdZv85ccVv7DPtoqrzq6l0rf7ocpTCx5WjaODaS5QaGtFIkc1occ1jZS3rsDUtw7cZxLJ2YZF9LhRH3ZkXOTpZh+4SVkUcpV1wV4/H71vG0NRdC5+cBjmZtc40JqiBLkVMSxi4EfGUlOpy3A/RJ93ATwnxH7hpRAUZwpZwqqQaiILqf0WsFCgF71fxMLKhPlQ+2gpLjDwwA8rZ+H71Bo6a3UBA78qg4bhYy495MrXO8+j/PIFlH9qF1f1WcHiQkMYv8SfAjuGMMDACPbX1KHZ951w7ftq1JAWB/WPxvRBfB1M66mjD2ZTwOj8ZFB+pwWtRlOoSKWe9n64A30j9sHhhiA0dpkHk6v3wIqSXvQ57okN2wzgr5gufkw+AMsjPalF/yGEP02He65TSLl7NT3o6uJzj8/jPEVh2JwczRM81kCh9iVsG+yHq4ITKe56AvjJfuTLNum49sF/eDzaEIpvZGOl9To4UmVHkoX7qfXKFxh4Hos71myFA7aO1OV3Hu5oqoPV2g4crxNBNivvkaJfDdYv8ybTxgc899A96DLWwRb24Q4nDVgWksnLREfSDJc1YHfwFt569w750TXIUNzK7abDqPt8DJp/VYAZOy/SQekfcBkuUdkLYUwc3EE1e0TQV3ojpgcrUGDvSn73RRxuaZ+mP6+VuMHcCj8ZB0Da4yz2DlyBJwOE6EDlf7w9Sp+P6+vCvvEb+biYDt4M2kFblA/C3fOG7Dh5EJfO9cQTBx5w09Ualr4mBCcclVknJIrKxFbRDaf3NGvXawgO+orX6k/R9d1vYMRHXf7yTw5c33nCqa3TMMFoJzo/lsB+1UZOsLCFd/7vof7lPnq+fZBaXRWh1vs9eFmcYHHjSrw0cSYYkymHHl+LLeN6IS3JjZLOt8CczCmgUNDKi/qm81qn2/j1TBVNUb3A221L0SN4K6GQCp2a40/jYyxAct0zNPj6ABMKFdlgyT1saHqKAX2nsHqeLEo9bMGxYeE0pKMPB8RbIVU3Bjb7+pBfUyYtLzbi/WlvqPynGhU/VGb3J6MxaKMW3HibT+WphCdDP1J1oBPaH27kprFLSHbRQjofE4RnPy9F6dXj4I9tB5quzKaDbYDvG5bijc0LucP8Ks7+Xoqa6w9jdcZzrN46Atw+LkPNzYgZ5dNYwes2LZ3ryvFue8lGWAOWXokF6Rp16k0nGBs9TBNT1vCitgr+8K4d8q844ZBsPh8+fQoWFr/Asyph3PJMG1Rm3edRtYVUczGAPrT6YL/dLPCcswxLP2+i42/a+XniE6pTmgC5NVl0KewQfJDrosk3kmGt7G7c8+kz9fb/B9tUrSHk/XxK/6sIt6K60NdDHNatluZbbro8SUYKYu7a45ukEppTtAwOFs5m7226cOC3DnUWjOHwS5YwQWYrDrglw14Tax5O8oULB67hjiuyuHEug2ZRIGgbV8MxLx16bllEz3pSeFHFUdipVoblx9fgpj4JElw7BhRcyti/xZRNnraCVtJx3huqT297AyisvBQ+uEpQUdR4UhtlBtXSE2jFuc2oItYHNqcyeXDnIwhRfM0FW6Kpen8Fy67zp4+ZFtBw8QOXT1zMnbs1yH3LPRQJV4b/Ortgr0c6bAl+z9NiIsDk5ggQvSVMuTUKoD1lCt/89ZNdvgVyXc0v+NHXzOoO16gp+B6pPBCC7+sy+MlhE/pra40nRcVhpuov3hjiQ/f/7QK3mptsv/g3eksqQkCuFVuPFqTQ3Bn40fkO2SY14KjEY9jxhihvRxcZXKyANb8NQG+tETyZmcOWch3wOWUlzJYcwwdHv4XE5Lf40cQcH86r5ugvhuA3GIxnzq3iLdvGQ1r0XP7psp2kNwXx9oCV9G0gCoNb1nLkhqmQOuwMG42cyeCfEl/aLg9JUvdYWt+G5mVXUcoXfSzdnAQzjEVhYyTjpcQ6GPbfiDNkxemnoAcIVL8l75Rhin+lQFMdfOFyvgq4BeeQcVEbz/n5Bn+NS4IeeyeQLd8JHtaDcNbvDnW2HaCS05ZwJUSYUXIeLz4VwoITf/HZ0slwPuQ+zhr2A8+Fvrzg5gu2GiUG818oUs1/1zjGQp2O2FszZEbjyJJk0GrMZ5P72jCjeDSEqKlBb2gZ2fxywa/2V+hV9Dt6mf8ctcNDSfxOBQbONqP479FosVQHMv+k803TZtz2+h9LblsMu4Wmca+fOaQOO2BD9V64HGHAen2GYCkqCyq/rDFLrJPNVjaAk8dFcNAq5k2imWR+XI+/OZmDyPexIBfyDKdMDOGBewbs3ncP5tzXgrJtzygwcCWGqfWi3sTJ1C8rCjsbXnN30GjuWfSSym5/5yvx6XhRtYA3XToLwv/e8Sf1GN7iIANP95+GcUmClHFjE+4uioC9FtfAPH8cCs7cDdc1+yGqUgWUu8Tgv2NfwR6c0X9cNKqf8UCzoNsU9u4nT7XRY7nbFfglYwWOsRsNAjdmoJO0CzpGhFNX4D+c89GGvwQto4mNZhD01Icl93+G51/NYcrPdqqP+k5xfUf45A4dPhPaAn2WS/mW/Fu2kREA+Y5ymNA/Gv5lTQbBjmnwXjQYbgan0KpBYTQenQTglEcFG9v4nkA6XelXhr/GU+FHeh3El2zCEa478YfsfZzntItOfvfHlU0xlH3hCFzwF4HhGb3YeHwjeeV70fy0UL4+JhGX/okFy20mNLDDGUyvxqCnrg3onfHHJer6cCUknD5XLIf8ny4opX+BXFvu46j3V7HlqT4X9chC/8pT+N1qKnHCVFQ5YYCrq95D1aJ3eDSsH9aUvAbBK/1Q7aING2oXg87JfB6ZKUtPRl/hXdoL+K2UGS6+upikX6RQ869raHRMD0qqxoDcdX3q+bKMfWuX8K2JGqjivRREr2xglj5NBVfi6U6pDhiWieLQbUUMntOI308msZmiBgeK6nJ3pR/ctpGnjC260HdLGw7XHaHb5+LBblkjqBRGQ6ScFXzTTqC5y8TQOeQ3qZfP4YuFBBPfbaJZ9z/AlJkJyGm/WKxjI2kd16INj/7Decf3cmtNImYVWsGXK7NgkWU3r/mTjXdHyfBXrUZql/zKect30sBdA3zv7McO67TAPreQF88yZYmKbjCxO4lmaYG88WsjulxvogTvN7j4wh84v1senpc8x+gkG3pWeJoGzbbxmnXucPT2dRxzN44Kgl1w/IUgeCwxDQ6c38M5M8NY9ugu0LGMpOr8drgYpshb9uTg8flbqdzhP2wwVATD/iBa2BYDgV9nYr7VTPpzxQAdvYox4b4Hx7E+DMoGwkMfVShTNoWRb6NYtHs2bImWo5nvo9g4eAfvunCJ7T/ewMRqF2jepQE6Z+pwwdFy+LxUCrOt3SjbaBv7t2TxsoocmNkXxbouAXBtvDREWQii+YpdHGwxC+fleuKyB/bg+DqQms8twzusT8pLxFB8sShcn30QO2tEWVguDfRGaHCW/GiKCGtkN0lmu5vDPDXLhEMkx8GkfE1yCrXmZz9Hokz9Bcr/voDPv7pFCXKz4LhUMz4MOUb2vRZQukmCDpvJcHXVQoxu6uYZy6dT1YXDVFZ/HN1mOvHMDEuSaVKCva2XacV8W3yoMAx6I5PYLDiFerS1eTkcgdljX9D77gq4GDQSvmWoYrSJL9tk9bOq8yWqTyoggZmnqGhBGJm06eK2R3NoSeBk0HW0AqnPU+jq45VYGRVG6df86GTvRJi14Ryuk1ciL5dzLL3ZGBJFEdHRHs9lrmOn4wEQ/NKeHSNP4SXlebhxjQKqCLfCqelSoHNnBGVtKMMXr2LJtP0Zjdv0iVLKk/H11Gs8pi6W3UIPQ2aBAjSrSYLS2hl8wEmQf5ZbwYoRV1DOPZDV66zhzbYe/HR3MhafngqJmaK4Qa2cxvpks+DEFPRdr41Vx+xA6ZQTL8u05re+6yBzkxZ8U3rDTqUX6e2ZoxyjU0tX4kIwOUmA/JUuobqiKM9y2salIyUg8qwTvF2YAQX36yj91nxyzhyHol1T6LDtRgytVaD92l+g1MgUkg/688kUA94RFQmNwpX0vWs55ToEsf4aKdpuZ8m7XKJ4/RdL+OPjRBffT6QGK0ecc2or/DuwFde8ngDx5tq0ocENVjq+pveBIiBx/BQcOdtOIqfvU3VAKCYtsSfQsSTN0zJk3+5NLTO8KPSnHnS8zoVtZ31RVrEd7IYl+Hv4IAzXGrGrxyCsOClOxg6htDbJHNSP7oQJ3xxxwaE4Gj7jyS5B+aAWMZ/LFv3Bg/ejcar6GCCfcWCYI4N+9Z08P90XnfOO0a3eZDB52o5HDy7ChatNeWW+KY4bOQXsdq6CnEWLKcK+HNff9ECdhIXsJmKBnfbTMDDmH7ieB24qUoZEm0IuS71I6dnh4B6SBeisjkOqblQTFAftdJWNllmBySdxuLq/FOPz6zCxwJtURxXj9LeeZP8vGldIlqHjyfVktAnJnKXhZ4QarEstRT1fb7Sf2oINF1+wXZc0bjnVBiUOv/HqwC3eUygP8zP34U2TIXq9R43MhR5iRvI08H8RghqJ5rSh/T6/WfaVJp82B6MeOUobU4enyn+R+Lc7fO1GNL+WC8TIs+3U6h0I22c2kqi0GLw68APON3Rx5rkdWLn0AZdKR5PZ5tMcXviEal+dYlkBe6y2HAUuf135ufIgat6Zhz1xFnyjoZduj//H1zUQjVK+wr/sIPpzQg9ivP1xnFkoObv/QrOw0+jes4DaJF7xiwg7/jPFn9yvR/A4e0NYNVTKYt1v6MfTTzBpbzANvP/GlopjQGHiETQoycYdz22wzlsFTppOxEfK1aBRGcNhg5r0INkA7u01heyia7xUdzfsGR/LgzKKULCrHURGbKc4/yBu1snEBTOeUcW8HFZ18KK1DSNg5/2XuFJBDSa9WEGPK1ohu/k2CNWMxpVrN9J6qmGFRTl8atUW/rHYhxwaLWEIz9GlDX9g934j/rM5jc/e1wb/EWLoNSOYXySMZbHEPPiiaQQaO7VQdP5USjbYwb0pHbBv6zQ6HHYF435Uw0DDMV7/SADQ0AKeLY6nstHDMDtiMXcfXUB7DGJgGjjDBLSDoYoy+jmlkoIltEAnPp5DL5lhzBFDON+O9H6FG5svTSe1BxlcbFpNHyedIbcgZSh6HAtW9kMIxWcodNcb2PrgMtx0y2A500qWya5g2a561totBj4ht3n4ag7W7DrLoyxHUMVnV1hwbIisfb6itU4IBR+S5LDfytCfZAzy9mnoPkEBrtVIot7qzbRV4DKYdcawZG8EfD93iP1bJoDM4DxYu/E5+00wgp1b18HxTcmwWugTaE2/jHvSGOTDXvD+qyNhypuX+D+O64MrBEYNAPA7op2iiRYp7UgTlUpCCQ0rkZSRiCglW0salAZRUcqMZIRofQ0NUinKjEqysqLSPef+jCfy5lLOsFUhh/9cqEFzFKYYe7PjXAdwDR9P8a/zaMmZKfD2cSWXevbC+KKJ8HSrOVodtAfLNG/aLLiRP1h6QHV0KwmskIdFuwW4aZsTnbl4FG5uswKRtLWk12kIhgIL+EZuGb8cWYFfxRQhXLaevgX+gZpzv6Bv+DqWVn4GH7u1PLDBkl5I6dIM2cu8LmQy7I6fQ/6x3dTX8oQdQnxhpv5H3PT4FK9eNwTKytto3okC/itrAkI66aR7R4pTv8dj/BUZuDzVEoNe9aHry5ecruqDWWu8YGGMPnwf+5GXTJ5IRzJ+Y6zMFTh+I5PCXhsA3t7EHgEb+HifGBtdEQcVW0W2ljPiaym9+NOqmRY3e1L/v2MkcKobNOYr4Xfx46S4Vgfqz5RAwu44UoyKhami30nmwjGIyN+IO4o3cWF+ORyqauJs2ZHQtNgLbM42orxZCApHfWBFgT2Y3JFE3+c0gdLYaKqSeY63tIygW1IAdtzy4BrNZFqaKIvnDzuAiOV9quh5j3UX9sHVPSEYaKoLPnOuwLLUKZDoPUSjndppmL+hxNmJkP47HT+86iehmFwQuSwGx0/f579zWnlVVxx3GZxj9/dzqN32KC3c+h1CzAo5Z7MHL9E3huMdv3BTiys4fHpEt0LTcPqGq1TYvZKtkyuhNrINu/vu0e5NcvCyoReFr3wA0bR+6GpdjOXrVpBtym7KLvOHxzlnYHmKJxq8nwCxsaHcVP8KpVyEyHLFNz7n9YWiaQRfT/9GWvvdyF23Cbe7EMglCmB60Ry++Ggxqrr/A4m+Xqqwfoq719/D1b+SwXaHLTlKTgGVe4pUf+oKbPPKYYlxYVDr9I6ODe3h+JAtuP/+I5YqjoAvuhKwO8oGdAsCqFdwL1nOCqT7lW2c1X+SnaadhqJrbmT2KRkC81VhqbgL1Cb9oEHz9dgVvAvPzFfnW17pHNDVCBvGfaMNdktANVIWxvY/5JSQeqz6vA3q9V/SVvcP/P14LVau/odH+i+y28csOp03CcbnPODcremcH7cJ2112Ut8Wababv5zWPqyHpRPeYtqPK7zlmDy8PVtOyYP3QHD0bJzgIkZXTpdRzaQQiH6WQ/+avHn7kic4SXcSCKf0QGf0Tr4ansv7BQvRy/cxKSk1wMnyNvB/eg+PZEXC7qUzQefPKlz8zhCKf5+AvgPvQep0Fup8bCSx3nt89/QOsB+WQN0TDHsU15C96waQSr5MvwI+4ODlKPi2xQRlbl6li03puMdlNEScUIfAZ+94jco0VOtOJN+DC6BTq5iPXt7L8fsf09ykUJaNWAs2RbIgvPAayFmnU4jTC7IPCYL/TJ0oyGQcjfK5CIH7T7J5dws/VdCFOx99ecZ7A/KelkiKah188fB/MFtKC6Tu3AQL4XRoXJWPz29owo0Ke/Qb2Qa2ewxglIAUxIb30Fz1rxBwUR2miS0ggbGF2KEsDgcq9SEhTBdWO0+DBZ8bqDU7gz1Si/FW2gYQqXPjZas3Qk/pKPiRfZBKcphN7csh6V4m2fbp0WmBJpow+iqemxTIftvS0fGvGpReWcUe1/P52URNrDYrx5owC17zOh6WjI7GwD3h8CRBGxfdloCsRwfgwzRndPQsIfnZV/HN3FmQfz4cH3aM4FzNk3hExIxnDevCnG5jOlBliA1BtXBu+wN8ZLUHBm02sZ3ObxLbcxSyHILgipMkqDh0UfmhD2xk0sJ6hRogfLOJFAMbSFBsCs5+fgrmXohEqTcjwfGWKZ+Yl8ReP5P5WekEHGPzgsZtvEGPipLwYf4LEtHVxn0OCjBix3t6kimE53a68q2qWohPfksH6upwnpIYv9p8CGU+pMGeThPIfzkWhLZ0om3eTjpuOgA1JwvBTcKd97i10zUTb7jQGIMDpoYgWBpJ76+ncKWtJCxyW48Dp7Zi/a/zXHa4nP1WZfPqTWdg9WtdcBttRRuPT8LQyngS+26KEdnHQNUjAtbNjcTuW+V4fvAH6u2ZBCFrO3nVwHLev1wCR9hX8bkjqZgXPIomCAnCz7AaNNidRW7fZ0Ka6Wks+mkAoRrFNHW+HU2fvJ0XWbVw5IpdcECwi8UMMnBg5FRoEJ+Nbn2f+NzTNaw6Nw/85ExJ9Ik+hevMpnE9mTw33YacFhIc2ScEPVDOmmqxtPdmDu58vgFGHn4B39ysQcfjHMq5luAaoZlwolyApdQPgdr1Czy/yxQN1QN4OEKFY2oW4sXAxdB5ZDVZtk2GhpXTIPGiOUcnWKPsT2XephUKKWM60H6ML14MMiA5b2vGb5bwSXwVvtl3C8cb/uNZb3NYZfJtcD67h4MNBPnW8ymouD2XbOK04eq/LXhyagBcHrCl/uZYttn+i76ahsCuI8140LufLr7bQIu8DOHYbkO6LHeYTnue4t17bSkpswHGnn+EU3Luw27JOHjh/JVsv6vBdpsB6swt4wO7vOlF/zBLncuiB66eoHMpEAYr9PCvz06SNB4HUut1ab7nEUw9ZELeErF0GbL52PG/8PmWLQhcVIc6XzXKlR8HBkd+0fTBJOoRu83eYgdh7zcFOP/Xi36/k8Oek/fwvlcytU0kuLDnJRvuXIFXGubRxaNKvCm2i7X8DPB3YABFp4ng37JOEJ6mCusLyvjJYQMu+qFBf/Mu8FyfL2gdWI6+1zu5oVYPVGJ384VvKmD4FOmJVzCf+SaIg2ta0K2iHEYIB2J4gi7aRSyBla7/wbe9ujBykSFLSARR+b2zuNtGkbPTJrJlewx2WnvwSg9baP2hAtu/AEik1LG3ljd3q88kzyg5dDp/FgwM9WhotDv/1pbF2g0+kDsSYfnm3RxsMIyzTqmSnsVBjKzJx1bbaG54HITv/F14fK43v54pBP0zRsDI8Y/4m/FqrEu5Rp/M3CF15D7cGrWIjHzSwa+iGMMajCB+ayzOmxIEas7tvOmjCme+r6WAV3f4+e23uKrJE0ujH9GO+6rwekcZC3j68LLECg5gKzC/mkligpew0eQl/u4g+K9pKpnsmAqljSHQ+jsWk87qotERE5LZ7kmFP7rIaJ4MSch4Qkx5LswvEgC50y1g/j2Ol9a0gmRfLE2xNWblVHG6Mb6Zx3y9Dl29lZy3RBhGV1egmVItdr10QyclXf5uuRbtfOyYerP4rEQirj9xFaJ2jgPPBe9hZWoIKs/ZiCuPHIJ3a3eRSkcjlj18gnnfl5JqQjQcbzKCOSU/0Hr9HzCb9ZWv3twLy20WYt8zbVjSUA5i32fAhT19LCQiAr5vlfiNjiLerOyH7LhunL3MgKb6FOMd99s4vK8GFMeI4MVp8jDLpQHUTfYz5AmT1T9f/hZ9DLfVXaXPpWoc9zOGOj88gmd3DKHPMpTtE4OpemcX1VkcpGjHxyitPA6ORSViyvRS1LDeg5Xb1WF6sTXfbtcijY9RuO6OBEboTaAIyw0c4HqYncrm49qMIGx/PhrujmiCeyqFJGs3TG3jslDx9WF21FxBBs+jyaHbCqQhnj4KGoNv3mGekbaP3d9F8dhzetS9ZA3GuznA7p7XvG6SMdzfUIvrxWTh+yRR7r4wF+YVX6LpdduZmnfBnbnaGCaTwmIS+9j+xC54LKIJYWNcaEzRbBg1/REeGyGKCedK6O2AGJ8wM4F/Mqfgx/x1tDHVCGbqmtGo9+I4ePkd9WpHkG+MP62UtkepKz2YcjcDrnzypUmXDODlQDq/m7+UL4hqw1L9UnBb20vPHFy48YgEBTcHUFGLIUcbIyxSC4edoRPILfYT+tgLQY2MKq/3PwHbw9/CJu6CA0KxuF9aHQZN4uDxmlFYZdoE/W6zOMGgg2QfjWaPKYgJKXe5MngyCMsoQ/1eT+z/9YpgvAVf6veA3qZMXqH8Gb+6OYPRJw98pLAYrqzTgKEvSlixVxq3dTnxvugI/JS1BBOu3cOOF67UMszYuGmAjsZOg6ERvfhd6Bkl6snja6tiyC3vJDcHVSqfI4yP3onDwUXTUFZBHcQ3jaMIz6V0p3cuTdXs49MVt6FnrzKoX/0Do6TXcGDUFv4SYgy1m66gZIAute6bhDfibLDvkh1Ped7GI1zV6PdREU5QsMbV3VNgXtE9yB23kp2zujja7jxmhPlwa3QlXw/7gHKx/TByA6ONvDg8iXGjZJUL2HbED+Ikp/ND6WBceyeTWtQ6KGFNKTYPXqAfJuOg6tNa3Bd3Bo+0C7N/YytptsWAk9Zl3qVnTP/svEDr2W4SnGEOO36JY4LZDdoi+ZrXjZ3CcZ/VqPygNv8IOwzrX4/l0yN+gPY1XTivehT0W2ZRvh3hg4IMvhf4HxtIvadfMbnkuGUpZFb7gd4hefh3cQLkFteRV/NpWmnsi2nBK+hj2BhM0rqOLxyvksGUy+hsLAoiVWUwbZQoSz2Ug3kRW2BSqDwfP9SGpatng56yEqze+wDrOxEMt6lz4dJa1v66Ay56J0Cjzwn6FWMNYa3TYEbLApw69SDXnJWHUI/JnKG+FGKfj+Xd3gfwr+4ZPj/wHmBwC+8tvQSXj5/nZRUa0AzK2KCZDrnzXTD0VCaZNexnmcwt6NS/m/XT5HB20wPc5TkKCj/ewKIRNTzZXAuq1U3pWbMgptRdwz+GbaiijdQtloddATowXqyJZZY9praMOqoWisalVsfgncx8eKp3ko1XXuG0vLfc+UsNRN4nQG3Uf9jtN540LJp5xudXJJiWh2b2QyyfUYg5wcGcZjIZ3G2/k0rwRWh1FKWwPZEktG8kic50YKvqICgY2U2YdBd6BuThbXg1/VHcRsfuRqNH0hzQ8C6hqtAAjNa7BMP/neFbMu1c5y4LJyetxu1ngnBL/BFyipsEt9dU80gtOZR3/EYg8BpzZhSxpzqAc5QBvjqUhNPvGPNWj1BO8S4j5QdpOKXoIN368gXB3xTvKRpCT20Cr1yyk8clK9P55IVUvPcusNxC1s+bQpe+3qSjDWb4/KUJ2J7qxCtacjxzuyafvv8dz+SIsoZzOMo6i0Kmkjl+VZ9CMY/UYAwqsXNxIXekXeBcuwXk4SfI33Us4da7J9wx/BymzftCldv1oa/nB+l8CIcO9QTq01lAise8sPKmNV9rGcB5CZk8wmse3rqsC6oLtDDAyZWeVGaj+vg6mD35AClBLlhYT2Cfcy50XaEG1L1kwE49nHRr3WianSe6er/DN8deweLBFLJ7dQUHzEI4uW003NAAqJ8YQ7f/M+fLD5/T2297+aHQa6x/MQxdUEEpppX4xqcZF0zVhYeRB6hs2wPyfz8VnO5eBFFzU8qech1d1g7D2UI/KFA6htvPqsG7Xlmc9a2UnovdxFNFaszN6lStu5w+X12NMTKKODNuDewbkILJ84fAxHoruArewauLfsAS44sc/mA1j6hdwT9G/Aa/8anQ4TkRahY14b6sszzr41kSEC2CkOfddHsWg5amIEQf/AzWF8bwKosp8FAqCval9rJh/GFW7TzG82JMQc3mH+LJlSzlUEvDRkvIaKESRGyTpkH3Hnbefx32HknFWbJSnL83AzaufAWdShrwau8LPPl6KhhGRkH8pH4aTPxI5y+epAnQgcLLu1gzsRyytZfA1kmN0GxkDm3HIrFxIIBCnE1YfcY91LzoAYrnNbGjypmzRszCl2b9sHyzEsztzqXxyVcg32ot/H7dRD4xkXjHrwjuduTie2UTnJE2yE/UpSEyKxPrlcZw89dpsGGhJRyCWJy7pBZ2jSHyV5yJ+EcZfwROhlaVGD7fvp8UBlTBVjECJ6oQmg3/39IQ0rQdTlsXYulKIZj6cAy8XPoUGiUY2rQ2U+I5d542uQ7GfA7Hgff3eN+4bNwA0kCzz2C4qiAwLoIPC1+gf1gMnJN6xXKykjw0chPzwVu4sRygdYIWhW1158bDi/GD+n/0/PBU9jdQoe8yT/H0fiveVSOH2Zl6MK3uPEk8WYZmVSNJ+M1mdrgEPO/cRSSr43RfyZ1FtUT4xG4xEMp0grYAZU6ZmERTfGyoMeE/iOrdCZnvwrB110cKEasAvWETOAu2OEasi4JOelLEeDlaem8jiMUu4MObpcH0jDJevezDE9EQQncvhtjTVznusyebHLqGkU2epGQZySvuLKdv855zoaEbfvijCj3GW8jwYgb8Fo5kqSJj/BHgQbGbf1PaUnV2bY+BGSEvOGSZJBxzlkGlrG7UfmDDHjM08UW8CVT0f+HLHsOcH4eANl6orTsazq7ZgfX6Z7nxZRE/P7EbVFvvYu43N1r85BxTzQDK73DlHFEDULGs5hUacVgeX8Uend9gk6Imty2Zy7M/OfKmvUo499x/PFZeAOKi7MFu+kKsrvWh4keP0XhHCfeFe+DryHrsqt1ES9Qk+OU1cbBXnYqSW4/w5WsLqX7+eGpfqgtWsYtQqUoYJjaqc2fgEDcWqcDrzS/5XqQ3qyXfozqvYr6ntAuTOt/Tbtm14Bp3E6cmjOc1n82hxfwnlb23gJdpJ1A5uwPt1xiRpfshvrPaE67pynKAVhY+GTsNLqV6kXC0BUuKzaWS4tWUXPyOp4eeZvfw+2iWWc2CbnJ83NYUIq1HsUG7Ka/10oKZ99aynPkQhDs1w9aaAPb58wd8WA0ttUTh8MdmfvnOm3elS6Bq6SL029iPxyuuw+plq/ju1zJOPrKXE46qga7KXdo9L4qf3VcC2e6NWHDZBq0aZpKmjQsr7vKEoPdS+DtGHIK2fuRpa4L4XGc8NXmeg+rUiTSmUQv9PT+hZMcO2qybj02xArD6oxKN/aiHEmO8+WPhBt5tVM7d+gnknPQM8j84c43NCBzznzTIT11Lj8MN6ZdkJmZ+nEohppPRAo+yrGo12A88pcLgElQ204HIZytI+o4k3nOL4IjiSVztwnxdaCSGlbzCd136tL+7lp88NgU7b338RS6YX5EP9w7vxrVBXuQn7sUyXgP835E0UkuQJcrWg/PxMzm48S4Mzz/LqdkLaJzhNRaNGSYwu0x3Xfph3cIpqJ0gC7rJD6GgYSU8+i8Zitau4zXFd7FlTyJbr3zPf9ys0adTFByNTeCS61/sbXzCkUbHcbvjdSxIt+McuVnc2OzMxaY1gA2/qENZGjrCt9L+xyJwWj2UXSUt6UmGIQoOOMHZQ8XYHP2A363thSOVpvA9TpGNn57FF5OzQSc1GZ/HihM6jqbliiOgXsOfE2b70ET50TDixjK0TAmn1qyTaJdmgKvSe7hm2Vs81C5AThF+OFr9GT1tkIFPrMJiNAQK2ZZY7bQUywO+8qmNK7C48Df3nY6mv9s7yKtLAVA8hCdITMV/txoxNQTgXlIxabkt4XvZu/Cy2nbuWJQGGzrNwOtUGKxz88bH/vNY/+8Jfnj7BBS2y4GtXDPvd3xLF7du5vMwGtYdLcSPSZ8447kw9G5OIadRkrwtRZT/kz4IixQbqTrFAio2ysCsv6P4j8UMfpZpSn/uXKNqt2+kZzMP31s84XMP/lKsnC2O22wIBQE70GXqLs5FeXp3fjSE25jy+GeueH7wCo03ksY3J3tAtE0MImxLuPDcP0jIfYlyHlHkGiJFQn8VYHuXJQ66ueKKmrHwdq84mFduR+s7FbQh/xQ2XR1iq9o9sHz2digqeYbDoUm0cGsTz+1gWC1mhLfT3TiySpva/92kHe71uNXtD6w08ceVX95BYMZF0DMbDR9CfsPcL2PY9LAmvK4ewtwxwihi8pm3V0XAh3PhoOo2CNuWzYD84Cx6r1+OT184Ylj3LsrXysaFG0Ix/6sizL74lGRnP8CTnxGUJOrh5vi7bNJzD82LFkC97BteHPSRvyXKYNCpVOAflyD/owY4XpoNgyufkkLqZrqzTh59DAtp9tEfIDEwCS2VXrGIjwt1mYnDwws7cWxLPA79eEV/u9LI16SW/lOeCS075cC8YwL6SXykxNOCIGZ7gOhGFlXPOQ5qmTP4mUsqftmgQUaCxnTE/jz+1BymRT3SoHJgL61N2kfFc/VpzOBMzt1kxTN85KHZdRNZLM7geWEO1LFWAVwPPOQT9v0Yu/gE/osdRIXv/SxqfYJbsh7xG/UN7PPamxIvWcLeE7dBXUWCH/f9Y/fSYpoWbIEdQiN5QtQ7MvKfRMHTz5P8YkmgwNnw6eBhyFtB/PtFHk09KscaLw9Cb+YPWKvSw+6Vc0ArSBeCjSRpn/E11ArM4zO+k8mpLpPkjqhimbIZ2ZlGQXC3KW5IkgO7j7WQe9WLBNpaKGxoOVo2HoWkMW/ZpFeb5/vGYpGQFw1KTACtXqRTfrFYPqUSFlXWYnOLP+6yKabukcbc2V/On5P2Qu4OBfjx6RvcHZ5KD0Ii8eWuK6j16gd3Gbdj8xgTDNjyC8/ts4A/X5RB9tRBfDDFjX/fluaE7x7wz3sVxkanwamRk8lvQxt/lxUB60X6oOA+Et0ELnOcszXZya8A+yeXQPKmA85csRklvq/DG1lL+HaFGMzYvoTSf+0g7VsWoFl6BuTWBIL9wzlopL0P98ScZ8GdV+lfnQCIH38JWaMu4a/vCvA+wpREOsxgeJwvFxUY87LRSfgmzgpvqKrApRJPOJupB96N3eRcWI6C7ffwsFUE3q+sZuX7G/DxJT0sEheCu5HhcPbLFtRZlYRS4evIs8ifN1UDyfnvpF3nBmi6nifyenm4uSoCF38Xw4bpf1nhlDvu93DAbXiPDvp44gwtHxghNAHs+iVAqv0D+YU1UG2eA5a2BPDpM1o07ecv/KathVnWx+lmpREqCYmCvYw+yoaeowdPMzjQTQg9vC5jZ8MP9gntRK0n09hFX4NskiaCgDHTo4IYLjmlg3oPd8K16RqYLxdPudmPiaW1sfjTXj6jqw7j1vxjo+ImTI94QbDAC/5NlQSD5uukMxyPGz91cPJcc74GliDSdwCmm33GF65GfFYwHYqlnXjyxiFWm/8VZWZmoELcXtYslQQBuQweK6CHmmrlLObkTpOeTeTxhW74cNMddN68kkU+u+O8+1Ngo/Jinlpgwc0KV2lvryQs+TuBr0mvwCZ9KfohUooCljt5T7Q6LFJexVPbPKBrxnI2l58BJnrfwCXuMGXMl0KfwRQIqjImyw0WYNyRi9WhEyEtMAzKG+1QOHUu3MreDPOHNDFqvTa8Tc9l+eXisGRqNCb63MYfaw/yxOUH+cTxrZzmZoPDsAYFjrfipL+q1L7YABZpraa8QTFKXazBKWteckdvOGbu86CJ8e60ZGIQeObuwchlliD7WZjrVi+Gard+NvHbAWPsqnDc5/vUMtoVB9Sl6c3y+7ggfgJYj8rA/aTL80NUuT3PAnL/E2QdyyF+qegAA/aClDZPhpX2CsLMijAepbkTK157wxHF0RCT9ojMXjZQl/leDvn0kU5CJu5wEIJk4Yu0rDwPGhafxt1zGuhkSCJf7mhHhQP+xHOc+L2aKP9ZPxGit+0h8Q1f+FGaGI362sXyNdOwc+l63DhyETX+TYR+yRWwbZIuJGX0covVEtAvOsXnVuyA1WYOEHlTGgNXBVLdMVnukunFYFkDOPjnJH8MCqdz1z/R2M1l1FzxgYeD1vO1FHVes+My5camorydAnyev4d2LguhF1dWUrTrMri96y0E/j2Ce02DYERAHes3bIQXVwkCtG2xUCiR5ROsWLW1m+OmtqI0FpLU0CWc0NwOsfgeRdebwMj0Txj1+DfNvHkJY5VLULAtiDzzBMg3uw2dDibhPzMHUBAWgPyFqtQwN52Tev1ZXPk/cLpWRNfdfsEhhx7oe7kfLi9y4Zu6M8GgL4NF/inBIk0dTHAdokRZAz4/PYi+lk+CbxmzuO9INJ2PHw13iv/CatHl4LL6F82VjuHhcVlslCxLBm/Xs19nHE6SCqeyVRKgELKce4WM6PywPsgImOOQQQ9dmFFOY1Gf3p7Jw2ZXK37WKQaPjSfDTOUrqBWaSQe2trDJsRA++Owka1XX0/DqVzju51ga8jKGOxIXYcbWIrAyjcT4qxZgVnaWHN/so0HhZ2yYXYzCLmq4u38SmOUswsLj1nhQdCzdbt8Dh+Oa+MPlt9y4vJe9/cw4Q3U1jHQzBacD3mw8ZjWrlTiTk0QO5hSUcOaqE1gy0xPkDt7i1IoK7v6gCcNtpzmlWhazJlzDfau2gVqhO3ezH14fP4YWrfCirzk/ceUjQ2gudCXnj0Z8X3gBanf/xcUB9+Hp7lmgEq6GOlkfYUBiKy1frQb73m+j9sg0QKVLZLlrIV9/sZTrhvbjtdH9tExJCC+GveFZ+kIwNuwrDOQP8V9/PdDW9wVXpxU0felyLrFdCoeMBHjhrtl4TlwNfoy6gwvSlsONiElcNnomTC+7hnaCDjBX9QJr3xmFE5Kfk9vICXBAaifrnxXAHXsroWCtGvrZOZD9/iR2Tncm5wNWGJBnQ4mpKiD8ALFRfgk7+x3BKakNMDPQDxx63sDVHVZQLnULb/FXnPFDEDw6PVH38z4arlXn7psGaLnZi8KPBeKh0+3o8kcSZXkWf6qZCVYrf1HEyhLGq858ff0Odn9WhWclFEh1kj75/G2DjX4iMLtMB8w7vFF5sJvfuerzE7uDEHZ3CZ5IKaAiqz8U/zaE4sKEIMx4MmQfloP7ijo4KyQSjvZ/RM2IDfDjkgVN1vOG09M3kejJh7RdWxRkDCQ5bbiBQ3ZEQOaqh6ioOYgrSnNY/ZEeD7eEoy+spy8fR8JW31xcdaUC9AwE4cuVvxT6O52dHbw4L/Udj08cgSbCR+mCojzIP35KkpHVbPfMipJLTCHz70yqtU3DeOME/hjwj9NHFtHeT/Igtk6KSXwO3n1lgZ+0/8K/jAm0RU+TvsXL8nVRE5q4/gScS5wIf2XLYb1LEIocXsmxY2dy6x0fckzO4coNCagibQVBbytI9osWLLNMxYMhonBsTi8qHM/kj5Y5WKIrAsUPr3CYy1e8+PoXqS2dBi3idpxn4UI5eiWoFzodtd30yKNhD61UO8DfpkWjw5Qc9FHWh0uKZtR38SQslOyBwpIutOQOqPN4DrHNxWhRNohvNRpxTagx2N79gINqH+C3kjHuDGkFXS1LLpOfAvryR8HcYwZHZC5nudszoctuFGWqtPA81xK+4KbN+mfM2PG/LRBYdYwWaV7DkOcPuPy0IazdsIRGnj1Mk3glgvMacjYYoL1PgnCg4xd5xvrR2ytlKB0/Az5Vz0LhnKfkeXQF1f0YBd+68nntpW6Qufkfl0k9wG/v75BW81iwlUiBkg2yWKbRQKaV3+HhaUEMiX0LEc/acemMfeDxXh9KM8XgjqMO2IpUwQGjHayT5YYeSss4ef4t+iTQj+bGE+lR2i4ckWUKVW7moOWhwZk/L9GrqW/hlL0gpcx7REUrD2FL7hdIfOLDdpf14J9hICjPb4Y0HA/SBlnkf/cvNbb24KuVi+C1viF82z8Gm/TVYaqaJ0SNP4La2ip04HUmX1uTjzf+7sS9i/y4wSgUF148xprKpjBhmTG8ERKk6gFNWhI8ibdmnaU7Entox5uvdKRoNScXLMGr7gDVY2Pox9bT6FC/mAuyCuhdgje7rNDAW5OFuNRVkWviDdlKwALWCsXzqhGHyOVoKYT7ASyzCiHHp8fpbncfaeb60skkgIWNwrA24zC8iNKHz8a7YP7YqfQ99AEfDBrDlx01uPzQMnCSt+bUUBGY2fyeoucO8Y05k3GGwEQqqtvJlqBBs9YXkp5vMCenKLLmf4pgX+XJjZtucfuOWZR4OpOzW41Q90ou5GIe9QR3srOjAzbbKkD+lw/8SbGANSt3UMkmZ14g003CI3TY024z5D3V5cVFzjx9vADMdh+gcznmsOuXKexIQBBQXU6+tok4ZfFbWGf0D+ZPG4Q0LTFI38Is8mk0Tw+dwnsWBsDDI2NZ7uh1epB6FfRJgaSqEZPKRsHHOl0+9DYH6i2kQODTUW5XrucXKpkQs+g8L1+vjHOSd8OoQBX4cM+fC4YicbrDKiw9lARv5/iRoIQ7u5crUc2jRlgS30iFSWaQ8agIyw568ZDRaOrpXw7pFVZQW+BKqjrm9MNfCMPuv8VVrsZwRcKTH3km47DSNxqcswIbdbrYVrgKnZZ18snIezC4wIBse6ThmmkzbiJjftHhjFLBp7BnzVZcbXeVxx0JhS4bc/5suht+LpwIC3IvkOaaUZQR8h+ebv6BYRq+rDWhnNVl26lRYwXFz3vAXhOnQW1EDmeFjaNbuQX8X/hBTrf5ifN8U6lm2XRUs1jMO759pY1BAnD+QiPZ+W/l0CwdDFK8AE9/LYf19fXgslCdDBRSoSI0mGR4Krw9JwNHHKz4dpA8KgR/Zq8Hj3mLfhsU1ffAcMoIoJvdcHqNDmyVMqMFFopc42fN4dE5fKjqMWxKycaT6k1UlanH69or6Foww9k1syF1aCQV/xSl7b1q6LfLF2aW2PJrATPuejaanNUaoShUGgpG9ELYHGvYbyIHjvuWkmReDLr9XQqbhTaixBszyP++kH/Fa0I8EdPiMB6Wj6PzEzbCgifumFS5BdYLrYMvTyIR0o/zqTQLiHsYArsy/THx+URMjzeCUSYZFJBfxYX7ZuGUMXcJr51GY1F1uPt+FnREZrL1hFasufsZRiWWgUuCNkw31sHZbh9okeV+XtZlApuUK3i7pQ8IfbmNhu9u4KX3gfz6mgak3hbmirGTYdLVXii4rgnjG59gRP4f/pnpxHB7JkwcOYySFauxR18YQ/3DeHOFCD8KkIXVdq/wm64dFKbspntqx9g7R5i2TF/DtwdOwlQ9RRw/cxZ4+1nCFecIltD9CjGJf3Hzo/E40iIeLK8DWFi6U3CUHR2T+IYhAQKgt9oJU0Z18pirSTTL8TelRq2C9vvyuL9vHihJZlOXxHu0stGDwA23IdtDgv9pRqNw6Uzo/nyDVk8059ndFdxX18omR4N5/jxhWHbmMhouOsHnd32mLdsBLJx92L9/KwzJTWPl7k3wRkgGktomQl/0LX63sgeET9rTGY0qOjZ3LU+y8WP/7Y6kLyBED7uXQcPeUWC12RLLtlXDnx/1tOtKO5rX1KNrSw5xdCWvfRxC7vX1NDtGFaLXF9NwYz4k1dVg3wIZ0k1Xg6Txz/FGrzs2JNzH/bGNtOT5OKgeOMoNsirsknSKIdSKP58JJmehJSQ58xd/vhBEKJDOLSU60NqWyp279nL39qlcHKBNltIycPazCFRUZUFwZi7Oyg2CBRt0IcSyhPwUkvlI+SPeemkQpMLm4Z+LCyCp3Z3+JBRg5K6P2HReHFxXqbKQwzOwu/oN3f4GwrLSK5wu084rd+TQfH9ZiAtJhDn5FhD1YTOP3X6bu75cRP9md/oxbhM5RO4nJ/8RLN1/g8KEA3jZqJHgdDwezrnch7Huu9DFXpAr5N/QQ6Uu9CqYi4LmTrTlVAWlS+rD1FcT4MZLHxghfIk05WJozQwRSo2eyGqLnkPtsD7qSxpTmRNA+coeOK9+jG0HslFAYSbW3D/Om/w1YFS9FS2Ws4QBYYA/HirgXVOCl/7k8ZucAfjnsZObpTZhsGA8+Gc7gaPOA751yQHWaAiAhW8DGu1ezYcXPoSKQSfQP+SIbuLHqcJxNVid2griGg38LXokbFwsTksi63mjWRkqPJNmB80qfBb9AuQXl1PovlJOC03HfcvGg+Ada048Xom0Mp0u6JRjkIUHlw1IwpmLPuieKE4rAqdhqIcFBKj1sm+LE7yuec6mx5LRaHEQWusl89TH5fzA7wmsFExh4Z8jYfCSGN9RiuKfjXMoI0MSZeZcoA7lG+R7OIqP+pnTJq9w7vWRBZnb+1guQwH8fKXwko0j1CqMgiKdP2RbIwAPdp+AC7uqoEldH9xHqtKY5+6o8vsIfRntCJKymnzefBQ6yKryUb8JfOZhML1vNALyf8CX7Sbh5b5sWjJ2GJZb/oRx5ivwxXltflSwlxr+iRKoKEJ9ZzAmtwRTqe4V6Ek+AB5a9pyzKZfyWuSwvmIeL2gfwilnpWDB9tk83XIuVlWMh607JpO/UCv7GNfgUrFsvHwwGt93p5H01JlwMugPVeopU82fD4jD1fhjpz2VviCWvz2P/bbUsCPvYpGbCrBFZzLZVbeyzbIjLKz1CEInzoPfr2bx17Z6vvn8Ii3Il4HDgyKgZHydruiG4P1jdeyhOBa+ZKTCZ/nLPPFuC+ZFVuKjb3ncMHs6tJ5oxC/l6lC6fxmJG2SjqOoT3mq/Gq4uPE+mgZmkV3+cJ0TIQEdoFtZPm4NuAhPxS2oMNhXe5zfrkSf5FmGJ9Sj+MUkWdxwhWP9+LBcva+TNc4PhwRUVuLlPm1Vmf0GHjFj2HZTEJaKDmKE0ARSF18NTFz8YeeYevbgQhZbbZPlKXhyGp1/ki96GBMsvc5c/gb5FDq/pXMYnyImcLMupa1sZSPpuRbcnJlAtnQ6kUYrWP0bCbOUtkDa/kWLk81j9WRSbN/vzt2Jprpwcwt9mpvLDdU6ofBZBc3AVjTUQhIXnXWF5cj46vtOmNTsGsGrwCydYv8WHQu8oyHgMWHnf5Oo3B7lUzBG0hppwtFkJDsedoYy/4lD96Ae2HxBlTRN5MHiXxtmNgM4/e+jxjTaIOV0Ci3cL4+LgV7jhbRMq2abx+HsAFYs7If6aDKl3SXH95mi6W/uBxmy2wI2B0SghJwmOp05zscp0KLzfxLp781nXX5cFJMNxq+Z+XJ2WiBP7UuCzRhvKX+3DRTm68DOpjc7sfcsR0fr4vNANlhSc4MT++VCRbM7fjpTijClxsHWmEbROGWBvz2Ee1EW84JBKdgWjaey6FfjzZBQXu00mu5wiTHxhBJ2fP8IaxblcMCoS3j4TodzsOXDQcBu9F0sge5mTGL7KhR+Wy8L42KsY8ygAb+/RoskkzydHSJCqjy9XB27jyKeZvHOKLjZbqELLIjF+9S6fQl+k8NHgfA48do/zNifzk6uu+H3wMG33VUGLy1Ph8tEb+E5WjO9NfMKlVcXkuXwGfvhtT59brOFkUAbqwE5wlreEB5YhbDSUQev6A+nrxG0wbbIgh5w25I2KnvRg4V68ETmVlnYqwGUZDfzuaAyLspfzI4F4flIkCEGjj4L2niVs05IK1c/fQauWIYimhbBvRCg26s/EE2G/4XBRHI3QXwuxuVn0TrQVSlwe4OFNI8D6Txv1J1jCnHOHYFTvM7R3PAJnPyuSwH5lfmpkA9cVR8DXv5bQnjUPjPfnY+uODzzyjwjO8TCj+9MfYKJBNCWNu43J8u9op4oO+PwL5+DbUqD6MhNrzhbiZbXZ2D2ynlami1Jix3taEmIKzUkycGCpHoT/NGWLwy95RM5uNnSr5J2WP/EC7+J1g4uh9qQjNU8yBZn9bvyhch5F5r/kjUI3Yc6wPGbJbsUDuqZgMPohdAz9pLIzKlA9YRc93GhJZodsQLPZnGeeWkFCS5Iot3MCNe6eixYbUtCjYAaIDPXyCEFfqqK3bCpwBbK6R9O6C7KwLkeXbAwn8zaJaEzy1oIx/pbQEnsL/9I6gvOb0cVDBe+Eu2LAi+vodasVtHrEyU9pGvgqdqO4ex1deV8Gevck+NiUtehToowl6gXsdGMvrmubTQW2WtA5+Rbnm10gu62dpG+1hxXOvgX19AYId9Lg3Zs7SUtrFuQ5GcLSDWtgdnox78ly4OubhnjjSEFqyL0PC54sx/PXL6ECPyfJLxpgF2KEHvHfofagAa1ZlkFHtS/T87gmeJP9GhPNd3ODZi7oNBAkzHLAyXUdPDyzmNv0v3D3zkacK+xHTVDAQUZaJLn2Ez2YLwEb9yhyW4oFrlB9j2oLP4Nt8Gt6HmWD3j63qW9dPrVOCUGfNh1oDfrEOePGw4nyFF4u2AFHN/RTwTFhLriTRrPse2CTqyO8FJABFdVJqDUpjn+OXsqyT9Rw4MoM6HsyGR6XW7DW2AScNPsiVU+eBgsyRvOG5d9BPO0e6FWvBpvdvuSALehyaRos/hUOro2q0LDJBDyrYqF8jTG11QRTxQ199kuw4j7rVJjf48Npl3OoadYZXr9hEkzzM8ENQW1caBMJo52nc82Dsyzu7sJeXvWkWPyX3yXPo6ALk6Hz01nYrKiMLWPG0XP7AfwQ8wtKqzMhqtqIXq97SXm9ZnzmE0FM4FV+PqIZO9vvoEbvH755tZifK50lC4FQnJu8mba+ssMkHy3QjgmAfWWHUEDfArvyK3nEuYl02X4MDQv5otzJVlzwR5iD/GeA58lUlPqdRysdL6FihQ3vDMrCsCJN3OznCzd826l2rRF0TTeELbpRdFjRijLjBpi7l7B6/jrwb3Hgl7F2XBr2jKJ0L3DAFwnwWJ5C9Woi+PU+wMcqCR5TZ0aznDrRlYTI4/pcrvNy4H3XVSE2LwS8NDTQue0i3Zs1jTem5cJ+f3+Yr52OqWsdecN6C9zUIgYJ2vf4V4ITVYpeJ60N6piu1IwYUUP1u8ohyn0ZyC19SGIy5lCy4gI4/heEuR0ObOwTQYftCM/ur4S87of88+czKvCdTrH5oiBZ9wE9C2zYWCKbv2RVwA/9XnrU7YvL17/jDPGzaJ8whkRkRoHael+aeHwXuOTkscrcw1DIupBz5Abt3hoKUfMKuWXpQTp1ZDy8ezYeVUXeg8m7dTztli3nhAVBxo80rL86TNHbv7Hkhzv45ZopjGtpxtN1m3Bk+1zwSPLlAwJjoNo7AM+kHuLnY63A4XQtDJdKg/s6M4zymMf9Wl24eIw2Ythx8FVKx6H/UvmE8SbWc4ki8ZZxsOTbLpAet47VXpVBe+Jy9km/AH0HZrDxbG9UWWcD4hanMGObCTwY9winVDLNFq8lJaMa1sLboBGjhXud9PlG+QUUChGHc+kykBSyFv4E7+BiC0Es3+YJe1M3kV5xNPpv9oRNn1aStO9lPPNjKjR0eMGVr0VEy0X57fuFOFfjPSTqGIH9RAM8oWHIKb17OemeEHidEoET1zT4zyxFts8TBJ+k8Www34tOjqnDoj8nMdMgCpJ36oH0VC8+ul4Jr8W9xtixr1DB7QyPlf7Lq55/h+l6v3lpwnGc76YCigXJ7NX0ga4pXUCTd57w/YUv3fz9GyVCNLlnrhYfHbuQ6m6NA+87P6FgliMs2HQXq362UUZJDE+3r+ORr6OhD77CraCDdKxaAQYko1Bly1xMKiriX/9lo8aLU2goUwYzfIPxl1AAlg3nQuU5LXD6VghDGpvh77rJ8Nl1D2zceImTTl0FVwFx/mMTB3UXdtCtzxJwo9cMM6JL2V3mK9FJH/7teps9fvXT64E9aG9vRvx6FLfeE4WlPaX4YY8E5l27T5FXiqE9s5K3ThGFubqrac6dRlSbc5bmtklCLgvBuIBLZDzrKPrbzKLiLxnce7OEwwck6ejXLXz5xk4YY2YKoz4J4taG71SQksDvIvTYZHgWrvp5jd7OF+OW70L87MI2FLOSB5HQBtasncrK0rmQ+dOWFVuKYLBzETzYMR+2+mbRhDRFXljO4PnkAPcGutL8q+HYdE2Qd29JoHmKQdCqdIhlb09g8zO/QOLOCHD++If/HNSCuOM76HH2UUjEAXh1qBRu1a0AM87BP67bsVHXFKg3gjY4CcOXrFI+37kNarO34s794iDpKYkXl2wkx5Pl4FZlDq8krcFltgw+Kn+Ad5cvYLsrThD3Uh8WG7xkW+u78JvXQPv3afBDSYYF+4/Ttjn1qCl1C3YWbaV9lipcuMwVFGI28eKdI6DFWRLeJgujhdMROqj9mFUE58PgP09eX5OCWYbVMFJHDaQzvsGaPHEQ67HFQNtJlF2dD4YKq2DGaEm+ZqgIdYfOgKLCC/gybghvdxnAw1M9cE73ASgn3KGctLEsveIPbMnMx5IHE+Hz1H3oeHYaf0yaDPVpsbhDSRXeiJ6hXeNDoR4+wdDDf0xBVdA41Inu6VH4LkcA3n6YjDrhb+DBhyYsejCfdcap8wLZD9SWXkgR5ol8ZSfy/WwJEA0/SgUR7piLR/CsdR7tnPiCFKYooJXmJv498xi9v/iR3mTIwL0BDdaLfg3WJR0QJWjIGerDJPtFk6MXiWHABBUWG6oiy0VCcBwmU5y5JT2Y3QSOn9fhRVV7WhwcBF+sHkGw+AO46ijIfQmWoNyaiG9vj4bqgF+oC5UUcu0JjZhUgZecl0Hfs5/wfqkurkmSgoaf4+jRqg8UNv0+NV7sI/3vVrii7AmFnPuLb+wUsFk8jzufm4F/jQ3UpAez88wZlHlNBt6FZsKCyep4ecYN9JQfQVP119CSPQrws16G1g42cZWOE49y/sKW/kEQLv2aojcWY7DlBRzfNZU120fDoemL8fV8Tdj+QBPF7s/gyAO/gSbWokdNPo+R/MTPfh1AvjMeNEPraNzVEKxK94fzzXF48M0/qtFVxDOymtTy8xTvTm5mFXMAkYlpkJg2g06HTeer18ehrJovhtZZgOfvnTy98gvte1oFRlMM4MKotxxCNfxrYBV88BhLfzqqcayGAxoeccbHCSr4GfeD1lVpcJ1Xz4OlwmwWaMf9k7dQZfJmnhHcglPKyrjsWi7dCszkbY/VoXTPcegUr2Jb0SQqGheL55XyYE6zNkRaHAD1TGOsihsN4lOUITOkHiW/VGGxyDpQsajHEB8/PuwVQ2pdj+HR5D64PSMGNDxUQPLNNDzZdxprZ/xl5+8vuGW0CD9vNWKXKwvhrbEjzxxMAhvh8aAqugUX9ahBmv9yTDkzlb6/uUlfq5NQZUY2d3dvxl0mJjS2UBo2Ktdixpw3tLFPi3cWx7Pv+yywupjCo6asAxuZh5h72BQVW8dAdXow3JEuo6+jA3h84X3eMK4BnE1v09x5PtAZmYFG2a/ZXmo83PT/wxci/rGPww++7LgfRmhsYBE5A2SRQcwu6aP1A2chazGCxL0sVpl7FUf2L8Q5tbMgzGwRjDG+iTpS/dS9Lp6tm805Ml8VeuL2kp55LwlOYDocoMkblz2lCvkDNGlhJKufPYp7d27BaXL6YN2sxJ0pd3C6fRyOvmTBC2sOQX8coukZd4i3mUsqCaEQW4kwJW0JXAwp41DZ63BsYzGNPeKDutcqyGXEFrgh84RyRYvAZYMoxBfMpdJbnVweEgY36S7lxPxjxxhjGisYimoxNQQn41j2uSRcP7kXDeoCYdRDFZhiX4RV6sKUdWo0jyj7xZOibuKL22M5ql0OzJ5ehtlFSVQnwCjhtoCVH3pz4PTlZFqUAK8Cv9Od/nkcW2IKEsfCQbmzn85ohfAjj2c4lN4KbW2bQFvPGHormrnXQh7u+cuCad97Cj7oSF+3jaB/VQ08vvogv4Y4arSw46DXuZwxegsFmcnAwt9f6IjvYZqdps5VRmtg//xn0D+8g42vP2KZNU/Y8vsxmp6kD8UvbXj71mLyrHuLqLYfEsZE4pw4NZz9bQ5VnephdQt5nJGgDm6CJaBwwh6SBGrZol0BEl0vwSmL3bzErZKG0ozwlU8JuhWMhvvenXy3yBZm/9vCPyZ3YMyQGh92voAbLbJATqmcXt3bTUqJstBrXUgWfS2sc+0Jr5dZyS8+trKPtDQbTimBc2fUeXeZEHp+l4C7aksY67VhobYNHDyrTmtDPUFqngApxRtAfKAtdYv/ZKUcKcgR3IhJw03wfHIKvtlQANcE2+BTkyYrXJ1AQ/vS8LaYMFca64D3uK8sJ0qssd0K7ExWguvuYqgNj8ARBx3gywpDipnpA+L7tSFET4TSNJVBy/sTQ2oqSN2KoefB8vSoQhyLurOoQC+MVQXE4UR7NLyxuIZZm59TxB0lHhWZzNpDq6nMMxGN5p+F0d5ryVnXHCKOS8OiMdGkt8oYDrT5wx6lSbyoaAPX0GTe/3AnzK3p5R9ahjC/JwAOrRnLC6Y8IxuJJzgp6iGYtwZDR4gFuhgqw/+Iuw+FEBQ1AMD/aNHW1o6GtrbKHiVJRqIhM4QKqYSSohSlQXa2EknRQqSojOioNKiMpEhlhAb3Me6TfKsPjKGBv3YgViMFl55NAz9JbUpP+g/fLegh68f11LHjMk96qgHdLv+Rzi01CBhWheCfvSxQco79JKVA9v4WnCTahU95HyT2vIfLYxJQL3Yk/Nr0i1Tfr8KIRwF8M3wsTok05tnxpjTLr4y9N96CYdc4ltswAi6FhIJOjQMWpCfwWoW9vMSijFs7tpDlhkY6olHAi76H0XYaAepzrmLq95s4XUUF5SXXo83aYVbX6qbyr8cxXNaKc48Pk7mvETx6bYdtMz2g8eNG9HMo4OQF7Xwi+h7I2fVz6tHz1NMsQGH26pB9cxF/yR1PMsNzCRfawqbrgaw3dSRdG58J3Rfe4LeCYCi9bwtOYnYooZbD2kK5UJH5AWuGboCf9hQyNBlkN+dF+D4lhtwiCF4tUaPlatH4evlBiPoNpBv0gx/2iUNQcy0/Vf2KaqsY92wTgiNvPFG4/x7nBNyh6euIz8nrcH/sSQr69BPmGMyEu1vd+YuKBigKJmKzVCO+dG1kq3MqIOWZwV9y5Rl8dGDVQg1u1kqh6Ag5MPK9DOOWNcEkZVVu+/gb3O3WocqJrbS4qx6Ua/JxTrwm3HHUhRLDGaxw4DftvxYDC/dNI/H02fD6yjYS/z6RX4XcoEfzf5L6KiE4aHwQzX4MQmD6NkgJPAexKgHw/cleCt5xCp4uvsSBWIj5j5XhYY03ep97i7tDx7JA0jio2tuIWoXbEG4fxk85b+HDNeSLYsYQue0CbabZ5J05ibVO2YK8sS4qavXTpvMT2TfuPJpM3UzDbpOh1isRRARTKUluDSluqkcN/98UofceImQb2L/9H8zxvI6dn4XB0uQSlQfeBKcRY2HNNFMSOXUcNdY4c46BCI+SFaZ3pyeD7aAF3PleSNqILDGpEjUu1SMO69Hp0MdcOe8K/bmzEy3HLIWM+xNhkvo+LJHP45vyx6CpeS9e+FpJrUprISs3HlzkxPjcv488z00cNt4torlRXZS47RRF9tmjqM4ASq2rp89p87jXWxa+NZhB/ipzqBVKBKNj6vAsVYcNalQ4aqUw8f5NlB8rh8cst/Ov+1dhk7EiSMxKwrjvW9Dvfjo+HFpCTsanue34ForpsUetzq1Y/qGGNXusQDdwFk/T/EnTK7I4ovQtbvEXYSf12eA/r4r2iSlTS001qu4Wg27hV+z6EJjntdDOUmuwTxIhb4VKPrj7BH+VOEPFK3/gSksVUI+aBsN27jSc30RPn+yk1hmuPPF7EXz/PJrTPkWgWqkVnqwHOP1SidWXmWNssTvHPdfAK4OLIHfeT95l6kSlZ9aCX5Yw3thnDvUfrnNL+QoclHuOZYsfYVuECrid3IAxhatohelVvCQTgoZ3R0JyhSKXuk/mMb0Tabr/cxg/Mxzj87t58FwT5b+6ScKdqnBo2SjY63qK6zL0IH7VPz7wewA00sbBH8XfuF5hAJQy2qnpRzbVOYtA89P74H8qBdMpiyaf7cf7/z3BTa/3w26vIE6/VgAdnh4ggJIQvUydhfg4rDk9A/cNjqSoI9fwheozGrvhG9+0iaVbwjIcn6UPSd+WkF5wFC2eMocnlHXDw61pLOS5lRzTvOnxd8aXCQOs9c0e6hfb8CyxVn6/0Qw3RoTg5c03SH+TPt0WQoru0KehrgHaf2M0hDvokqnhVFY03EbNQmfg8q1/WFW+hNbPr2ZhZV+o6WrHFd2CoD/GjPrf/UQjfxUYf+oA3NozhUNf6NKhBH1e27MRGiuAtYpFoCaSMUjACb2DckiquIm+bvRD8fhePh+QzL2uC/HyzA2gcEwEUFGNVt7KAYPas9QwNYxmbpuOvTvHQPccEU5U66ffMUcYEm3B3OYz5ca9guXvh0lefzVq5r1nmeN6sNPagq+aHYMs2RyCu2PhyHqmks4dfGVAlcLeqYPJPkvwzEY8rH6Dd78doAMNYfz6iD5oHx2k68mfec2kAxhoLE5xhTo8ccsKDNXWpizRRrxhdZNKZ40DrdwNXKjPfLfJBvvzZ4PL7ju0Qn47f5yWAi63LmGXyhw4e0IWymd9Qx9pFX7QG0pO1jtwar0WJOZOZGOu4dSJv0mqIQhFPmnB2UZHNnvvwPcSJtOWmPOgXlsPXjvm4JGKrzRYcRjSTjyh3Ag70IrcyY+cl+LJzqVw54YltuQO4AgjRVCZ8IDenKkD/e9+rJanDnJfxckoVZefS/xgoUsGVOYqArM780jwkgbU7LvKTfNNcfFnQYgo9cVUCTlKf9qM4p0mMP/obZzWUI/2Y4X4SG4XBfps4iuzlWFw2zCdfLoQ9Bc+RN4UDjEXHtLYhvssNJOo8IIOOcZvRI1sIWiJK6RdaUF89OIqTv14jD32x1PMsbfgmPubdRrH0o29P+FUrQQ8GafPP+PM8dd6c67LucX5woS1Px7Qq4detKxqOR1uEobNIggtMZp8TNOQ47S9MaFsGmVtiIRjj+dRUmcZjLJUxQjeRu1SOhCcrEIjltnws1gJ6Bi3gm7/C6AerR7uvhKD+Se+QEd6MH59aw/z+o3JY4Yc2wY04tTfx0jKZxONNlOjD0cO0cRUTSoY2cdpVwj8LKbCyQntYJ0tBTnqPymGKzhRbSOdSBbm3pLjtDDBABwkbEHL6y6dzzKgnvefaNhdhc7MjeUXY3RQrj0Rkq4sZWsdefa9PQHqEr+js2EVuGxkrq4Wo57ac5AU1ciK00fjV6dQGiJ9PPJsAizxVibUEMFq1WLM/zOTrW8W8uMLjyhrnQKlzrYgizeEd/4w/GnswXtbt+IzS2Pas1Iemu+cASurz+S5yxS1ribx6gszwSdMF0q/v8Uxsi8htLwXvz3Sp7+LtqFbXBb9KLkENw6JoI+HCG+osYTNNzS4U7ge/pNp50vjjLHctw/Vu2z4T+pH3v1hAW/YuIdqjCTglnssTj29GsRGE95P0qfUnVZ8eL0vBvUeg94V6ym5LhkrfgsDJkbhpx11aOBTCZZKQSBvf5bOWR0i3ZrrnPIpCStrG3iqjy58/b2XdPwWwp6NnmhfZkPGA6tZIC6RfoxKBkEbF7x4RwSj3OxAUu8yNUzV4m2/k/Hizc0wpc0NppWG4w5N5pRpoigCX/n0SiGQ0qnEe1Or+UH/DDp1bAWdv3cRaIoYpogVgnrFMlgw+T1Kd9nAgzOj4WliKSeLRsLwXXNIaphMlY3OGHj/Jq+PnIWX7xvApZv2oJ3jRSvuS7Lv+Vd8PnkpZ490Z4edTfQjVZ8vjB5D9dnjoNzBDKRepAH88GSlGR30+5ggKRYswhN6a7GgTJqn+BwHqSNT+Osye1CRfktOC+TBXN+eZozbhNOywvnX3ToUzXemuc7+uGaNFWxoloW0gs+YXHIMl4SYUKj7SpaIa4B5B47xguxNIKh8FOYHVgGImEKn32P2uLwG7l+35FUHT+PYFfvo0dAnbn3SznqrMvHAeQV2+obgsl6Jpfe+oaUm5tQl9Irb7A9ivnkrzLlozrdgATXmzqexm5Xhe8t7CvfM4PfPD6H/5HLWUJDFo86d8Dt+mK7I1CMbWoF1tBTMlz2Fc4+X4SaNmSgctBq8e12hcP49lvp6ies0d+Kyw+70MVYW9v4xxF2Flrxx1U888sYNDnydB5INkdBgfRxsVQPx7nVxSDwkBx+DNrGZSQF1WEtA2gVp3B1uTrv1nmBZlQF2yZ8hhw8xIBNuCorL20jcS5KfNIfgQJAUJK2+gDM3TwLLvK14+O8ZtIjxwwcxkkCDy7i3cgDinJ/C5t+fICjDiaP6hsjv/F/WGf0YJ8714si7MmBp6U8DEl0wNOcZu9u+4SrLXEwxOccXbb3wi9ZfyPp3ibOOmYOTeSWN6xajBZ/LIdSgnSjyNmre0OfiyNe80OM0+l1Oh8Qz2vCtZRDk59hjblI+vsmYCEkKB/m9bANufW8KJ9TN+NTWCs6eMwHSU9P5yOFzGCL+Bl3X3eRmgTZuLxzmjL068DZxCWveOw4hr41gAwrxv88n8eSfcny2JI6cX4TgnLw6eme8kSUHkyF51zG2/qMLa8ROYmpKM3wb/QRelrxE48ZN6DLhKK8xs+TT8wXAdlIxdgpJwGOzDnb/8g5ft6jj5vEP6AkLQ9PlCpry4SaPP91HoT/20t9OcQi+/AVrh2LZbeswmsi9RBY3ZOORsRzm/4fmnd2LT02SaL25DbyVS8bJFg10QOUoPlmpBX/OzaSrO7XQ8eFstq0dZv+zt3mpy3h4p7gf9CyCYFVUHPeNvkEeoxbyOvE8ONA2keM3uMD2yDOYbIqwMk+SF5T4wZl7B9kBpdBYOBccb28F9XV1oFD6ixUcX4D/NA3oCr1AJpPFwb9vK0VrnsTRC2dw56pppFmqjnETxsPLRzdQqEcP5hZn4YxrMeQCm7hmaCSO65tAStd/obDwdzwrmozD/b40fEEWFtqMI1giQeOnSKDMhIcUdDmaonKCaFxzANikJJPO27cYWisEtkWH+eijBDY6fJ7sRVpY3TyMqk9/4BT3O9D0nyIGbfIkuGsOKiaVPMv8Puep7gKDuen40NcN7lmk8VulViq73Q8vp7Siorw4BJw/h/cfWPHqRbtRHatRbHYXTUswBU6tp2uqTVBWvYE+BKuDRlkAof9Usk6NgP02ofBZ8SZNtvrCM6YcY3vspTsmwtRwdgS0rh7NC6pvg8MYV1aV7aOvepXw+dYSMnmnDFtm1XH3HSucVq0J238H88LVW1AuQpFPfjPk8WE+ePTcTYIrG9nLaynNHtwFuxVs4eHzXpTwqkaBye9o7eYMMv/uwzk7xSg3aCvpa3+D0z/306EaAdib9QkqbobT/k0f4NnXTPT9ogNuMxbTDSFX/vhyI2i9OIzL/umB0vi/KCo9nwMeZPK0V8WwX9GAtQfPg9V2L8gXrqJ1B5PwZqMVeH8bwj0KZ2hVkTt251WhVbUkN2hY8KyMVmi67kGTPBXwxxoJKEmPx0eKF/H2cCjesBVEj6MleP9QIDuUzeYiFMJtfjbsF6oCsKKZHZa64cBoM8yK+ktStw7hwA0/Ep5nAw7yM6H9bxj8SbAGbZ1kTNvzjJ0ab+GZS3Phs9Uy6PxaDz0DJry8XwHa/JKZLiNs7ftEzbOTAW740pnXdfAtpYWdy90xMm8YPtB/KBU3ElM17cDrciUrabrhtNdVkDs3DTFvJYd074PF1R5UE9pAR6N6Yc8XZRBuNaER7U3scd2Cr4zcyZ++Mz2K/wOCepVsnHGHscQSfj2wgboHZaD06yg+3iiOFzYrY/uRLHr5yxLFt2/A3E35YNg3GbqbEbzlNOF2pj+9XrqUz7z7RKZznuGmteUYdfA7K7/MwvxJjrCn1Azyf5xAs/8SsfeGP4x1KMPTM1xBIvUNxbgHoZ7XDpgWUAUyvbpQ8TGXvTwC0e5TAhftNsbDaZ94dVAqbhq/nM+474UyU2P866UH1WoytC5QCjoi00n7+SnqG3EbBhrD6K2VL7XMVyGNH3LcLWUOdqWxYJ/ym5xM06lIbzqt+9iP95sLODRxPxRniGNwy0NcJqkCid9yMWlBJO+8/w88a/bQJseHeMnhHeolX+ElX+rwz8sy3lUuBPrLKin2XTS7GaXA4/ZUOj++gb6slkO5Iz+ozXkXNv+bzZeKRsLle1EsceMRXBRpgfI7QVCxs4DXaCZy144veKPyHVR2KtON5okw1CJBpk9SYIvCc9y0sIxU4r1pXvRx7nJ7Bq1z/7KgmxG+l7CEtglPOVmtnJ8bbYPF057RBZfz5LRvJnendfHG+hiaeMSAPupbgspgKV+fexIunrMB/s4oMusrGPxrhftvAvBSniSfTQgk1VdG8PpjCZ3KOIS2EWFwCxfihYrdEDkwCg8cleWRH0/QC9c/MKlRFDIOKUOi9leMKO5jb6981vy2niwD/oHP0plQar6G33vI8NXcsbB+8C9GgQeM1Ga4NsUGfYOjuVv8EL9ao8RLAl7wY/t+nGQ0Ht4a1kDFrCha9FiNH9b/hn2Vn8CDLuJr5TL6IVJA9+VPcHCFCCw8FYw6Xhc4cN8KrFf6yEdjztL05m3wz7mdPxu4s7X3W5xipwKre8+x3fpcFupfg44p43ki3uU55U1srfsAXk/4yGuPz4aITmtYbG1I5//bDqYvAik6RAZuxpex+40Y/qGugW/9LkBU4ESo6RoNd7aYwj1/UYwZNqD0JW9x/YLreCjbGIbH3cZ6gb+UWaLET0aMgg1bxNFcPBu3qM+HTW/F6JDFK7yyXguWpGXBrcpyTN0/lyq3S8Asdoe+JQkUs0GCVlSIwvvVlWjaIoRqD/bzMTMf/PrNG0TWqcIv2RAePtAC//kagZLcRjL9NEhN717TtyIZUD14j7MujYQaBU2YvCOQM5u249dLxrQIA/j4khdYucqZ+40cUbEjDWOuq2LgsAIs9TkNanPCSQ3zUCpkJ3Xa2tHv4o+clzULZkx8hNO7buKFj1qQGPyBen4Y8ZZ9Upj7pxOqztyED/MjeFbeTrpi6kcPtkQR7FSA9W/mwMaMn7jtYDZaF3SAnucgLzQKxrO/XtPna0fpYHcPF8oowoaZeZg5s4XahxfR4QYXPhpeD3Jkhi4ZrgwftHFsQSdeDZOF2wZbsXzdZh6VwWBhFoapNjZQPnMxBJ5xhPXS0bRcPJAzP0rDn9r1YKP5G+xPfKe4Faew13ABX9T4Sy8lppJz7Hq83q4Fv56IwZv406D+9RO7z9oHDsllUOL/m78tFgH7+d3wItMXXP/byd//SYJwzwC5iPuAz6x5uPyZHq2a+pzlYmtxaXwyzAobw969Bjz1nQnUxerAuHwnfmiVzNMVn6FHay19ShlP3z4YULFSJyvICmDedwWIPvWTxofGYHL0EF2w/YOPi7PoRKk+On9/DLLuryi3ugfOnLaBv+vHkkTVCoxUyeYNq7NZfNUSaNDSZCP3T1Slo8f30nt4pYcCnM1/CmGTc/FKwRZuGLzB9mFn2d/PDU8Z/MEpRxTBeKCHHW1VwDnBh9R64zncVIWloubxXqNa8jsrhj1SfbS8eAYGNWjj4DcBKFBTJa2SRVxu/gs1Y2Zi8MxEuqkXxZXcjSOmP2bjUX8h11wRssotqaUkCJc+eooBMSeoJcUFGw5MROPJOai9vIfzzlzHkS3jgUXUoWDhKhpabEB3N1aS5PoYqI6uhIfq1vwiOBT9HQ1ZswVglMl/9Cj1Lm9VQ5o02Ql3BXuRznkvTvugCXKdyhD8E1BzojFINGnA/avbMeSWAH9OHg1Pi6biGKkeVkx8j192TMQpL4XgiIos6FXMpZIiL643b4fMis8suqueAt5UQcpRe/4x2YBtsySo1X4i3JHuBn2Rsbw9+QRlrt4FffuDsf5yKViJ9XLvmhS6vcCMnmjqgdwLGeovlAMLXyDFoSZsP13AYWU/aO6EQsh444hJL35gcibAm+XtuNgogUwM1bnr/iLoyClGg7QiVBDPRt9V69DXZQY+1TGDrwmnsFdkLW25JMspu5/TttQmMozs5mvfj/OuAkmeripF8psVYUFOGOeoitGbtip4HfCEVQr94UWYHpp3TUBl4XpamCRLbw9rQMVnJxx3NIcWel8nbYtxUBPSwd8nSMJuQz2UiDSHoOFpcOCsDMy73opPIr/QiMJbrP2iEA4HxeMsYxUUKYjDsjhfOu/+nB8KMDhyF5XoBmBkvjQ8/1vOM10ewecdQzR58VM2zFvNOjdXoaKuLkQ8MwLtMkOKG7Qjm4N6PCh2BrZ9iqKUcw/A1a4ZX/9cy4ePS8Druo+oOnEJ35v7nPhxE2wuVeBPEfsp/GULvX8azK/NfoKqAkCgmx3KjtJGR/0RFCk3Fbdb7WF7FTM+1nyWhxZL0PIqbSyoGAvOwltYV7wJh4xfoKhbCdZkBrJi9iNe/TAHmgKncvhzVYjwGQ9vq7Lo14YgLmgdwoXbrDFs5yDZnrmK00W2wyO5YE60d6HlOnYwJVuG51Ud5bFFMmS9QwbihtJwqkwwjYkyhRV3z8C6azrQ+kkBnps5kFfhb1qoN5Pfqh2AwcmHeFPGRCoyv8cl6up8cMMbGg4xhj3y/axwIAPMRs6iTJd6dm0OxbaT+zDfyJdzg1qhrOcYXglQhaI55hTcdorVJM3ArCOel64ZCfF2o3FerggmRNVh6ootcOq+CCi9FwV90VDc8/Irediv5ZFbJVH3UT9at7rxOcNm2q5HuLPWCE4ZfeQXF8Zjg+NDuP+lAo4qNVNIUhL03nKgWbvDcP/nQsyXFoINwSdo5jpJyPYSglOC96H3xWta8eMTiZkIwZumeRTw2xMPRNmATfYvODV8Fx7UemNycDQU3QnkxifNODjqMN98/5SH9Qp4WEUXHj+8wqeK9+LBV+EUehpg9vqrGFxZxOseVYKdvRgbr6pD2wGAyu3f4KVRK0isjgUH4ysQeTeDvmZkIESL4qZ/LiSVGQc7ejRhodMP2j1mHdTr3QBVIxEe7fwc566UgLFfhEneLoxnYhSXrLSGha+C6XveHBprfBkPlo5Gx+staJv5hR++yobHAh/4gsIP/i6uBPIlI/Bm7i8+ZhKFTxPlqFTblgcFrCg2PhVmzjnEQs8CSCHJBOY/vgEfD9/i1bPvw6UFMvDJQBh8DGegjydQ5Kp8zt9/nz+ZC0CdUCscqHBiM6022iJnjr8TD8LuKUe4WHQxXwmNgaD18iwYpAD7lC6zwK4U2uF1nqKXm2BdxzKUPtvFsSsOwwSn+7jnQD/c80OITBamjQcPgOLFfxTa+4wqyk1wQ1E2J157BI8mvqXSh4tAJFgLCqymQ/uP7zh0oZ7szgjAO8sgaFX5zLarlpKzzSYumd7FECoJfbEDcKr9O8cnWZFPwWHyfXqI0yfagIjQGRhR+5UEnZ/iXWd9UPUj/lJzGV41dcOZsGlU0fGe+1ZLct9zHRTPUGZHp9Ug1j8GPJt9WFF/HeQVruUvUwRoRs8cKmk+iZlK5hgSN4dcd63loJTxsPS6O6mt+YW/WtfhyeI99MrUnx9GC5OtxnSkTXH8/tV2mnfZApwCjDCrGqhedDxGh3mhZfZeXHHHH7pnPaBW8zn8wSGSqwPNQElsE1jlOeOPmbG4zVUJplxejmqzz9DvmSdwl4gXn9qyj3ouSMI9x2VwaME6DLU0gZaOTu4a+RlC1B6jyecqNh+3Fzs+PKPFbkrQVhTJ05TUaFyWD0s8ecxJr3IwLcORA69VUu3p0/DJswyh0g426RSw8vkKUCuKgDFH90NoaDmsldNgV4cS/Gh3kXdt8aGSJ2ogozkfth81ByWn8SCdOwb+GDVDmHosTTL6zGuTlfDq0DmU1pOHitBsumw1FWLbHOBrSSgp92WznelHPP/XEFrPjoQS5YMw87sW3C7fTS7CebjqjgglqOfDVKuVmPL+HiWsPE5mSg4gL7+LPh5UA+PbxBI2RXDQYSSqNMmDZsYR1mz6R+/nIKv3HSTdzAMQay0Bq08+g/uP8uHOs0+sm5NDk2vew0tzaXYoLIZFnSNZ0HceNE4wgIzuReTikQaL7mmxquxuSlnxEqId/sPUlksQ/7MMrmQ9YZ0rMlDz+C97i26GQWllFK0/wTGCElgTmgQrlQpwytWXYKvtRhXGAv83/3eBbQ13jY/jxzOestN/yEGZS6HH/Bce8VmIJu//Q5usizA5Ug4eNVbTz9N7QVDem4001rKCsjkd3Z2Lr04m4KktirTkkBM9abOG/QO66PMpnCcMLIbT/+6w8aRqDFkXTgtnKSMoueMl5zU8/54W0PlK3OFpTCeLp9DqncUwYfY4/LNUBuOefuCwWCsakhLkscYq8MWQaYzQIo511IPZEj5sfektXpg4l/1E42CJ/21+8dyXNhSKwILqc9QZ1c/lz6Lx6b4FoPS1gbovJvMW72o4E/Ab3OsfgXiAGYiMLoZj7UspLzwcHl2KJqNXo+Cu2Vyas6mH23IauF7zKF1PsYJlDyv4bU0rSC1SpncGZeSurUyrpg1gRnMsrxu8j2HPU9AvWgXy42VwQuJvGsoqpsd3i8hpVQVUHlHi2TEhPHZ3FU8qkKSl5QBXs6uxL7UFu5oMMNI3CMQ2P0NBm+c8anc+WJbO4YjTBvxJ3Qa6bRniAqShfc4rLK/biHvF+kj4agS/OVgNf7KPwKoPS3Bt32gw1ekDnw8z8LuDDY47EowJMQd5tqM+jJn0H1wvusdH5hRR4ztLGDnbla6vT6dkD+Z31mNBvssEk+uMccrMCwChS3Gf5Q+yWKkJzbM2sPG2UAg/L8UjLm6k2x8XUf6aDJxSvY2WHeiAFomFbKWvDhkTDLFhxy/6daoLj2cZgOTuaby/5wubHe6jyV3/MENhCoSbKcDxd2dh73/lkNGbxhLioZybtI/zbAxJLjKYN8tk0do+FRgUJbgmVsWjlIv5X/UM3uz1HJTuSnPn7QfwW2EE1Mfp8jnDPIgZrQC689vwR1M09ImH019FbV7/fAlFJT3ipzwdDLzdIaRXk2bAeNgnp03l6Vug46oBlNr40hu1BajacgJHuA7So1RneKu2A02my0CakA4dNe1m4TNjIe9cK+18NhGW+3nz3OhKsIvYh0ZTysnypyF8KTjOgUpGFJW+gM7E3wEbKWP4peAFl5f9paZFziQbsxpblTQhVr2TVygt57MyaWjlWEQ26c9x7bGR3GVSiANm/RxSe4zGi1qA/6FB3Hh6BV4KXA6WkSsgbrgG70xcB7Ean7goaRad11/DVx6qwWK1mXht+CL6lz6DQIuRtO/lMnbdLc+qLunwn/cSrovxR2cnJbg34TOKt82FjbNzYG+bJYVmKoCu+iiefvIzrlz4EKQ363OVkQxMOLmABLUksWWGDcUrWtPP9mF+s3EOuqdF8D5lBc49k8LlRmqwc5wJ5uTHMrloQO3nX3Taw5WtF+XRqX3LaZq/ICr9OUI3HwpC5vBLmBurDlfzrahh9T46lR+Aesp5qB3ZwHva75Gg1TDtNVIFNt8JsuujcIHIIGxJGE216xO5J28j/rw9hNLfpuPm49ux9bEkgKQQN/4qogPd00m34iuuulZC1hXBKHKhDu19/WnhszI4JjAKVm0p5tR1ERx2OJflSwLhvxHaIDHdDaTUkJYPauDozWG0slkaju3bzpPfOYCxxiO+5z5A9yZO591S57nI4zRUGpdTyKJ+gh4JsHdyR+UCd7qd+RUOzPlKjyNdqcj4H099II0zxkVght1FOpY0HqKt1oJ36Hv+U/cWzwcvYZ2N0yDJagZrB7+hIxZ+/MSzGMrGq0HsB4CnG7U4UkgYN6nO5esH5tODtDHodsyG2O4pflhjy49vSkPDo/lYFP+G9SUZZ0e48dVBf1ote53G16biP5f1fCDIACZJCYDGTg1aZ3icVoU0QNVIBVodtga99ovzYLYc5sy7zat8J6CeqjnUPlEGK78j9Of6DB7ROZUE2ovoo08OzHqkAZaWMeB6+CSF8DjY+PMfPFl5jIaztcnQcR7daI5j+4GFJDfwkcLoO4VqxmCtgyzE5PVhdc5o3HsyCw3jN+DlJ4b08LESNM7qgwb9mdBgdJ4b3ijDwdhQKOh6CUqTzFniizvqhMug87EZrO3hQXZvy/HWyHI8elge9iw5C/53m+hnezKLZiRh4ftl1OFtggXX3oFm2Fh6nbsa9IvMIFtrJ4/tDqTgRRvgUFwje9MCchxK54BTSuwufB30DAvonIUomK71RpHcUygRUYzBKYvJxaiGF4WfBu82Kbqdp0s2Y1dDzSZzaO135BCRCSBt8AEfrPUkizcnaFJhOE51/Io3brhy6NOL+FNyEiwaV0sHDBfSIekPmGh6mBf5baQr9VpsrdqBB13DWSQqlRqcrEF/Uzmf9JfiVU+vsmqNPrYs/8MyKsVwU84W+uvH0nGph+j5zwhU3tyFxpK/rLzOjVutPvCx7dcg8s0MLtKqxlm6MmQKN2GF/BgY4bid3BLDaV+/DQxo2fKIgEPYUPMTRexcYNNoPdDJk8D+jWIQe92HjynUodOPhyDpPZpG2RjhpTGWJLToC2TsXMY9+3/BF58R4DkqGW4GWlDeYBBfPAT4XH8mpZ6UwcQEJ/ByaeG1uxXJ/SbAJgEx/JXejzC3gfUaTdlNtpFnFYrijrXTqDBYFJ7fnQdvjqmBiq0aV8JiLqwWhPHhF1jv3mUWu8rwZf9dGHenkXPXX6FnZZawLyqDVh6OAzA3w7XN/my/aAl8cOvgoDPhrF1xHHcXDuA6XzuoCdvLy21fw9E7dznv1R54+O8ePz8yEfaskebEc4dx61AXTr4qDQn/DtBs03zKcC9kvQdVaGmTTz5zzuPyxR2Uq9WMhWsawLib4HWmIEv2/oW823U0ZhZyfkMbFZddQ/8RGbAjZBo1iOQxPpoEsjnRPHfnNK7+lsLnx1yn2w+O0/dRMejx5A3krfAnzUeHydXJDhRfTKdj1mv5rvUPdFhyEU9s2sOtjtkk+HMnW/tUYXCeD7c2SsCavDt49fIjCCz5RaeyZoGb90e0L0TG+iLM9Ikl6a1V1LtbEqQt/mO/f9rk0nEbva+uhqtG8jghJhcyxeeioII8L38kCCm2RnBr9WruX/kRNwZdZeUzCexodpYbVHqoMf0m3dltR6qlMtA/yxoOSDrAlHUh0JSfggOGDqRlYIt3My9imJo2xKq0s6YtswtYQtf6blaUVsPHGeMptSgeTsVKQ/ncb9R38R6eSFyGjs9no9d6M9iZowWvJt/DZR6J9NpuOhxp2kvuK7+D2YnzYDaqgR9YaGJdjRpcjrkKnUoiPHLoDh84eZOXeETQlYsLqdTOF8pKLmKXzk+2qDcBx62+fK3Fja/JyFF09XScXC6H6z9ewWU70nij7mZwO5xA+yUQ/pt0CfMWu8Lxse08Z3YrH315D9D6NG+UPclth+x5T7gYzkiShbFuFfxEzRVF//zhu6fs6HqRK6U6j0GyCub77WoQOD8NVr0Rg9eh7qS98AZ/IaQEtxIcaLgCR9/GQ4WaEd/tqMV9mU2gPxugUq+Ru68eJ/k0Dap+nsMe3SJgflebcuJHwqrVibhu+mSa12oFcmpuZFsXQLY1CZQ+cA1Ua7W5PyYGh3Z1kqTVKWiZrkvdPkLw+L41rywr4fNWCfRy/BxsHpdOctWmZCoxg66dc2WzAGMe/qoMrutSWaUlHyTVo8EoOASytDZwziNJDPIdCZe3CNPEIqbdataQLR4MZ1d0ouzwPxL6ks1JEpkgX/yHf+gehIkb8njWWCvKFNaCWt1taC6/l/dY+bDZpGt8unklzSJfLt29jg/nhkJEsSs0xhqAdY8qLlstRDN6rqBW2weafMSc7tQk4ewL5SjqH4rhZn9IMd4Q1prPhrzdPViYsI0FcrXoemgHFf33Hzq99IRlOUo8sEadXI/KgNy//bxjZDymbRVgKVct+nmVqEx9B+xqTOEgz80cEbKLK3ol4OStx2yj7ckxU/vpcIwV33bZCYbhmTTm5AtK3RJEGw6dpe0SGlD88yCdK35CD+3P8pOHbajzcjd4eqjCc18panYeQB1VdZ6fMBneqWdBS7Aov5AlyF6/lCunuIBrsggcUXRG/59TscfYmAzc5EG4/Q6dyNnBv/Ousc4qU2hzL8S3VqOheNFbftBii7oNkSR7ThGeh0yGjdF2lDZuC2wXF8XJM26hwoleGhuYCha/Z3Lm+A3A/oYwd4MxbL35ijp+/cF/YzfQ2vJeWLlZE854L+bXap4kucoQpo6ZDCpeD8jF9xo8tHkAcW3HqTZKnV7o7qONeIY7f27CkWdP8NkyJTAJBUx9dANHfNbC4yPi8LWhGSypm0d6YQ5wYZ425s5TgJfSkjD4QpH9mmvhz5//aNF2ScqXLoOknbPp9JRhGjG6A1ZqX4f928dAzufN7HP7H4a1FUFf1CxQHllHDgP6PO/1CIpcVMfTM0dD7UkxmJgwGkM+7uSrvwwoN6qOGgT96NuEV1AbOZ1zpEVZ1jIE0sdIALmeAk/RGBjx/QtuC/hFevHh6OeoDyreYTRnUS1vavKiVTITocseObTOhXs/68K8mcto8MB1uPFZklWPK4PEREkK+HIQdrIEfF+7kz8smIuaZibUPWsN/r0ygCcev6FRQ/EQaBPJG5acQBtRTZCJcKf8Cxb0svMaFD23pZez7nOZaxRMeatLY9+NxXGnFlNtkjpcTXKD04ML6cMxXboySRgfV6WwFDXhikPbse2oA74PaWGPTA0wnvWc6wSSUTxgJW6XtARpJx3OelPLWQcq2dPkCY5tlKcXQ6PA3O4J33kch+2jNoNxURobblvEqZdUUP5GH9qfFCb5x01cKWkChWfKqdzoDOjPzwOxy6Gk51pH+6vsOLhRmKY63UYTAxPOaFYH1czPNGnPfxAcIQNFDz7QQJ8CHHn3AlWxja/Nb4B771+QdKcg3NVTZ0eNBii+cwKe3FwGeybVQJ7rFRD44ExlnwTItMGRmy1kweCoCymiFQf0TOFZakF8z+I2NEEGejwrprbkeTiuPRblNyuCwe0QsEleixYrPSlGqZVnz7tGb7ul+XfUHZ4gOQRjzv8Dn5DREDqQxWF7FOnLxtmUcpMwXHAI/2TNA6MLVZTiNQXGFc0nDzt7yBiIJsnbvXRoClFfEQD+Z8vFK5V4lN4EaK/ug/VJ32lfqSH8vKUBQecHIPIY0XK5N5Tu5IpCJ/ZDcWYk/LkryaXzM6j50AhYbraHS1sl8EXibLyQ9ZNHr7vIBx1Ps231Axzq+s3DHvas3iYJ27/H0K6PfZzaWc1DAV3QXfYXou1KQWLZeupfdxaUCueg4nFRkNAWwIHF4+nZ1pUwMd0Az+anwTTPTqYyfVawbaVRWr2w5D2AkO8gGZZNo8t2gvDM5STMFr2CHk06tLx6Gpb/7sLJ3iLsXjoOfMunYUD2V5aPcOArZgKQVv4XndrNQePdcTqd30eNSco8dpYI7NnVShZNp3mzyx7UznkHIjFKtOzOcQx/nEM1tVcgIqSeFYJVYfRZLZo2NIanib/C+ec9eOlqVUicfQgHnQ1o/foktnr7GuTSbOHVJydcfH4O702zR/nDY8HZxAwm3LuAgwcbKXrkfhDPDsBWA0Oo2XEJb06rwxsdu1l8yWSW92wDTd900FzXTHND/GFF/hTWEFCBlEmzaULyBM6SVySZ6Ev08c48uPNjHf7+G0Fhj4bh83YPDHyoCsOyjMdnGiJ+8sH9NyMpQbUU71d3oLelJSYabKd3GYbYLC4Lopf28VoZHSjcuQW2WISCrfdd0nraRx2qOSD67xL3ZZvB+lBziO/diW77t3NV9DX+dOgnz9/qir/6C/jaGFF4Me41+WsIcvo6hLgRstQueoJqtD6CdhWz1utEnB2fQHrKNZgQLkqW2fKk9VYDjnj1YVCOPob6RvH8khauFHyNKWZ7qC+ymSt/SPOhc8/IrUIdDo21wf2rzDhG7RHObf5BLvnF8PrHSty8qpI3VXng5JxR6CELoODqzmHpBSCXYgpW/ivh3Ftd1jLxhDt7/Lgxx5BPWk2iWcYm8KvCApb9d5IrdqjhKeEXUOtezlojR9Ff2RPg6/WcUg45w/gKKfCSO49CJzr4WsQ+TJ54n/cKOtNW0YkgMP0qxY0YTfP/uWCHpA6cUhqm/Jo5eDtOmw/MbsVi29WA61aCzwxfSBDcSLlyymRqZQ2l5So8fHYBbnEb5GbrVWB8rQNqKvbRtr2LSf6SNdzfNov0l5mDonI0m20TwxEPhdA79zRXKTOJS9Wz44AJlEpZ4yvJZ5xvw3CrbRHuel8GL3WdUDhJjcOWLeOkgVU45vczjtV1wuvXruP59DFg3JOK5ppxtNliPKhEXIGLx5/B8n3i7PomEzo/q6GngCI3TRKEW9fjofyZEBS1K9LTVz2knqSNzzLnQ76EJBidkMK73droTfogfambxaUrqddgNt2ZMw87zmty1Nd6unBdHOatYzz82RtzXRjSPNfQ5I4hPmqTR6WHR1Jb6VtQf3oUY09IQLa2NU1yXsleWYZgf8yQruXv4JQVC8hV6w0oTp0OQlFhdOJJMW1N0YaYY03srS4KQzUTMVBtHn3PfwGvj66huTEZMHdLNtcEXYei4plosm89OI2dBLFrF7HDsw+wpPcHb9bP5/jH7+lppi0+v/eFzD4T+5fqwFRTVbAO2QLuV8/zkS4L6swMg1OuH3jv5lrO7mijBQIqpFD3ELf6ycKkNY5QVBNJ3LYKL9R1gIpkG7f1iIPU0n7wOnEdJKd9g9JFNmAT6cwJCwu55WMIBey+CSOurQfDG3Px6oJdHLpIhac6mvOa3wxrG7t56kg9XpY6FQ9dnQ/CE8awqLcaq5kYwIP66eAz7z1+nDMBfkoN0TPzLLrfvpL42Ds8KeRKg33RcKQgFsYES7DM8bd08YQaxMl8Bdkd4qBisB0f6HZiw/tZvD08hiKVYlBCZxWessxDR0N16DPvgylrbHCOwgle5hPOSxY7YFbHXN6o0U9dqx9QzOLZtGWeOMx0XsEF9sKk6RAL3z1vI381A/s7jvg68RgXnfag0u5wDhFTgGqRetB+ZwP12u9ZRHcdCfInGLgwEUpmzsXRn//AlObV8Gq3KUQGfcdhK39o3BVDwV3pJH7Xjnft6MTeiGieKqBPo0f/hvMjRsDDUBHyD5QCXfnVlKI3id5HOOPVrm2wauca+Np6kBZp2rFgtSEILXzObfmDWKa5DiV9e8Gq8TQHR0zDZCt7/Ga+F+KVn0LvkTEQerIOA/A0/GrbAlcTZGAu5mBoYT+k7VhMSY/9wGtTHYcaaYCghRTNVF/OoVJvyPmNDfVcEQS8tIaq/S7ygy82nGjqAT1XxCEprwBOdEZh+4JWWn3gAzZ8bsU5KQq8PyMR7KIG6F78RRbfLwECpUXYXb8MNcNEoPjqOXL0iQM/pSiy0BdF/x0L8WRhIS9IMINr0gUYbZsCJc7qFOFwB4Vik7G0rxDnruwCif6xZLSrA0fWmMG9cn+UjO/mQ4cOoPbdLWSXkM06206z24y5oO8nTtULBJBAH1oV/NBw0lR0MXfgj9+UOfvQTPJc5M7nPqSgRnM33Yp8DEfHa0Fa20KcOewBoVP9UWF5H16SHsvqt/bTr6pdcLVKGR9ujqKL6+ShQ3gqX198HgUkAqG3UxDl+rOp/FkZPp+tzdmJcnwwyRNG5o4F2x9q+OCkJM+vl6Qxm05Sr5AqLvcaRc8m/McVX6pYNXABPCq2AYXJW6Hz9DOY+FORi5aOoCmN9TwsbcDzXk2g+gYH+FauA9NeaEH3SmMYa+AIp7wLWHmPJsWou6G/ynKaIq0HxgGtaG8xRMeFNOFT/xve1+bG6blreUdzHb9VSqYSiZ0sUlIEJ1sF8FzRKPKQsoURL7tBR86NWqd1gd3iGCDThbTqUiO/KzYhiS3KEKizAJ68tALRgipw1lsKabgRby7wpNYYY3DI8qLEFSdwe/V1uKLswtnnrMH1tTw43UuC6P9sQbDLgS8/+Y6DLxtQXaMQzvYfAPH03bjY1RqE9XbDf2nP8bhiCA5NrKEtS6rZUtgT8qJP8ww3Kfb8upfD3eRhxohx6DNfjJ5LaaP10kDUbfnBpx/PB5cbI2H4+Fn+5pRIlz3tIGiFAu/4fAZP7/Om1flBMO93OFbpHAaNs/mgvz+FVGccIHs/Aci8Hsj72pfywcOPIG6cNKrAJF7yIZ+rpkahkkQcbms1wJM77UC/Uo1Hygtg+5W3+N3pOLryYwi5M4G1l5fQkpy1sHjvCaauUfDb/AcVLUqBfUEr+N4BXy6XkcBjm/tpstYzal1qAjsG/5BQqBqkHrgHaSWhEKPSjdtrE2jCiEq61Z+PYzpfwY8vkXxUeSFdzbaERG8x7PJvxdoNyfBHbgGmNq6k9Ee5GLv/BJTuWUBNcw+AxjdLCK0So1a/Nt4Qfom7LP5S9pxv9KfACGIMd3LoWVvc3egK8fvtYWOONWgmPEfH7aNJ6sNynOsxH+QtDrDh+miuSPzJY7Tnk/VNI1DuPUo7Z25FwUR1bMlaCcWf77LCx2x+uSYc9Ktnwayi7zworAtqShLYHybJ7YcUQLHvMN3qWIt7B/ypWjsGrxa08imH/bS8RwoC3A9ixJQ0il/jhgkGoTQ29hFIyrXBegcg88UX8OP0SThOA6EmIo7HVc7j2Eu78VKbKZzxG6CoyVtJ1PQoDhbPo7eHSnmuviUkmA3CTq9D8Kv4EKcdVaSXx2XxZ8BSLg2vpMxPV8gmop+aAyfD/pg7LOY0DdJWqKJ7YiyM2ipE8Wcn04KXFewUHEOjblzlitXicNs4hHYBU9HaJRgWKUIbLjqDUtdL/JypBbWykWyYlwNO4+Tgjm8wl3EcVZ41Q6fJXpSg3gkiK67Dg6jZtDffhBM7trLGOxv4KxhAyp+m0jddSxTesw2aMghOT9bmGMrjmm4xbKuQRL17E+Dqci2+bxbGEa+nQfOuX+RYsB+WxwrBx189tOF9N9ibWfPtdGUQLfPF9mXb+NzucTBFVoMuFnTAm1/9dGeGAIN1Oh6UHcCmU1YwsILhicYybpJkviqqwCUnp/FD4TessmY3VURrk0jWGjSVFID9jtU0N8sVb+cK059+RzBac5Euet0mG+sbVBu3FlbTXxJ7rwTn142goj3P2XXLOh4hNZYrRlziG4IlFOb7lxTbAqnd8SII7pGAbLkc7PwVzl8SEuFQgiLG1pzA9+l7uLLCAfaeTIbWE+W8LkEFyqOWoNDO1Vzrp8xJX8154b5FkJEowL+HdnCfTw3Pr+sHWVsC/8sNNOpOB1uPcgHZZb9A7LYRizV8JfTcyo4zMinq2hhQCRWDomZP8ps8Dl/XXqNmxx2c9asff5uYgtyf61w+cT4OTZKGuzFyULdmBERmvsGUrDno062NGSE70WL+LnR6/4blNnyAW44K3JtoB4stunA48CbMuVvNq9YPw/P7jbhk4Ar/9PjGOlq76IHyERjeZQ9PtIa47fJ3Nh+hwzEHA3m59BOoLBPmrXuyWHxTEvd47aW9nxRAeHg8RRseR19tJZhs8pHXbnvJbQOhpFx1Hm4/yQe3ZdupVEsBPg4Hs4VjOq24IMk/L3uz0ggbPLg1H/++E+GW0A5+p5FEI2s0YNTxS/TkG2LkpkHSjlaC/ju7YPYCE1zqvRzKvP/g1NLlZNspBt5+LbyxuQXnq4riZ4GRfORsAt6XuEp393vS38drQf+sK4Y8sIRd77Zgrs96+FjpAupnU7FsaCGqHZoC+R5XaI3PWkgqHwfPJijBVqmP9GT7EPwecYgo7T2LuHdT67VQeiSkAZ4fBEH1sy7rv7OB2Jg6/iIezm9eagN6/gUdjS+4UsQDT8Wdg7vXBehdQRWa5SnAeUNVtHDo5XVhn6FWeAEeOZICVbPHwiKx+RT3KRM3/5LCrbYykFB5El1CcnmZ2X7MG06iiBhxEA+Qx8R/AVT630Keo1uGhiNtIMW8BRfoneUcMzO433gFr53WhQ7/FJIe7YXxnYXYmL4Xp1gagZCzFlaE7iMHC6Z5Cinst34HfF/zC2bYpNPDhDqU0yln8zJ1MB0oYoNuRaou7qeS/V5sZhYBC5KLqaY4DFRqxtF/n3/Sb7aCLy/+4ev4u3i2KATKW7eC4wYtCHE+gG5nXVlvQRC/btyGX0ykISroHm8X16TC9C4WzklHsYJR/Cv9OWkfM4CkNBfYU1pBxf4T4crMTyR6Ww1vlUTjjs1WsPbMHxhKEuelJq5ot/gWrpzQQVZT1GDNyc046YM6z1QZzWr9e3G+Shv5msnC3oxC3KoXDiMlDcj2kSZcTvnLlV8L6VuDFJfuUsXNCr7oWazAF6uCaKSRPHWeOQcH96jAyhfFcP7ybkw9qIIhN1XxfwTAB0AICBQA0D+kvUs7lYqioamhJIXMhszKiAoZpUhlE5U0UGSvSKXtiCRpSKGUhq2JEFpW95bPKwWpX45QHzbI4nJJKDsmhGaFacDta1l8Q3c5fNtzFN3Gl8GLc8BOe4/DkoVf6GyzPEy/nU37nkrCjbkKNHh8GenYfALpV6/ov+M3yXloGMvd5mH3XOZZNrNww/tRoHjSE9TUvmBXrAGLlm6kU7dlqUPkHkWYbcM8JyEY7B+mMYrKMAfc0V9HAkKUU3HERGnymGtAo9wS6ea4I7C9ZQXF3luBpqcFQGzGWxRJP4RCNZfgwuQLPPXGPC40W8NBdybwkFA2t0r10CwZUYhSeUm1HW5ooQqo1/qefx3/CmWVQ2gmO59FrKyheNIskJYUBrfEQd5AjWT/OgDm3HTCCXktNDE7Ab+pdvM1+VdcamwBzz10YU2TPv5TM4VbHufhl382NC4054YLy3n64RL4NOjCpekzecE7hn1Fj3j2zKlgsH8zJCuJ8eGT6ii4uQyUnefhrxwzGCoWIAUaC1FRuQxuo0A+chHemPeOdghEQfq80fQj/AeKd+aztMgJPm0qAE5LT+E0kSZ24w5KlsvgiEt9nFrujvc3qnOd5mpcu7aGtlywB9XSm1hhM5cOLazE8tV5mKJxm2eq6yE8lABzuZeUJCMGV6pN4fXGS9RUp02af1rZ/4AdwL9YFHc+QLjqIgTPkCZ/RxFIfyIKq/x6SX/XIXT/JQX78qZDzWNv2Bj3hMOudqL13FKqMLeBn75jQXFwJOR/8KObx6r44KzN3DZwjGUvOLNOZCJWzvbEdvlw/FCsDcKe0rjN5xsdmj4S+q6LYN6mjxDpvpzrk8Vpe7M7DV/fRILz1KBcbSp4bL6KFjeC+b+LYymbNoCfy21ePfsK1wdsxxVFUvh0C8LFuWNwnJ0YaPdUw1yDVNgh3IgjjeRxvswb2FNfzbMStNFBUAfkrBvhlFUv75OO4IdjRwEtfIA2IioEPmfxz6r1lDZaEMQmqkN1/0E49U2BXm5SptjbrmAwLo2Wr/ShkH358HyfHCe87KYAA0HIVDeFl1d9qFTgAnPNAi6dep4Vknfxfc8AelC0gSb69EGNuBa8HqMOB/3CQajDnK+me/C/+FIaMe06b7BrwCtDpSCtIg9d52zA1LSZjw9qou22+XijRw3Uv62lv09Pkpq2J1Y/9kK1Ey0QumQUFBZ85TnbduDYn4cwPGQ6FHtO5P0WK3Dx9rmUpfuPzk6dhysEbWDW2Zfw4etNXNK2mONm70RYaoQdUi5MqeIwpXM9btK3oZEnNMFvyBDcde+T3MpY9gzqQsX7S0ArQJG+rTsK8bElaL1skNPDdEDXl2HEqDLQ6JTBBXnCfJCGWPV8AnrXFPB1rSLwLN9DmZ1CsP7PenZL9mTJyJU8+DycRDzekOOoOxStZ8tDBeOoKmcRvDCxgtSHj+GDxQ9Q0xqipY0TYa3iXDj6URR/6aqgd+k9uC1/he1+jALLJVF4p3MXasg74KhEATyuOQjOGM+n/hjTpr9BZP7+EcEtgB2mZeQiboGNJaKk1nybZjxPgLDYMYixDVgQHotTR/yHJg1SYGV+HFYbBnCcy11SCWvgG8cvs/n1av6sdYHXnZmBpurfcWqoChwRGuKxpb84uruZjxe6gneAI5R3vKahy8MQ3GMAm8JiqcF3PKQ6v0X7oKm8c1gSVN5sAz3SpfaUUGiKCOWxq80g/nIR37prCRtNKqhAZBweN15L809N4psCKryyfwgWZvjyv12tZOb9htMaTCClfgmtnnwHhAuM0VwonE0df7LKvjG0OP0updVdp1WVg2RgOwmKfx8kr1QF+FpWymqxHpA2VYvLlTazdFQ2vBbaSa9lD5DKehkokBIEz/Y0dhScz5sTjlJQ/Ct0Ef8MxdNC4VdpOo6vOsif2k1hp9NTOlOaD8pfbXAr+4FF7kg68GIqRIWfB6lpX+B4dCunnmDIaXHAGflurPvLBu57n8QJouewqbKLo182kpvhU044Ysdd2SPhZ58BzD90hQ+MieDOScFsrmEDa54lgrTtV4h5WcUyzeE4wU8H9Hkk6E6cCi3bS2mD/xCXvXFBwY9jMD3diEabFWHbgYUsYiUDwge+Y5G6BFxb8Jfauu/wjxs78NIrM0hs2EYN5a24aHUllk22hOCjP+DRiH/Yn/4CJm3UYfG/f+HO/lN8eNCCjvp9RMVNJ/DyonGQKr2ZqT4Vtr2cB+76m1G6YhYcuXyEpXYdxrCE3TBfToHnNtrDrlH6OENXFh92KYDVql2Y6jKDoo88xbR3B/neXQm4lS0HPfHjwXD7Yp5qOJerDv+iRSsmMx4+jH6hXrRB7w9r+W7itIpslpUYC68PfqLFbEzjBotpweobGCkZDF8LTnKLlg5O29pJ4/Z28n+b9aBUZAikLtXzmFBvEDqTyd5xCWzs+A0OmSrC+tHJPOlFK6wTYPjXrIXRp1xQ+Fwd9iyRpuQHKXzM8A33/fXmhQ5Ii4tkOUpEGxq+3+CmLVaovns5Nsp5Q6erN11Rm0d/t5+BNnVlVqzVp+7ssZDRv4KMZY7TUnFRthItJOWPJvCfczB5DmXBqZod+LH5NB1bYg5KJ4+AWdgB3NRUj0ZB3yg8T5YF5aIxY64hTE2wpmUlayjgiSoc9wrk3rQxcGulGAxZZtPLKdlsvHgXLm54jmK6Mtyi4UzjAu2gcfRh9l0bwh6q5py7uZQ/hKejVp8rHx0xhmNtfMjq6EgcbTIO+uRa6MC8ICi630I5kWmw8PwcsC/dz5oLU7h4jzSHHRrFzSuloPmmCI9X9YLYojq8ELue7C1luFfsOizx2cyjD15CvTjgoO/CIOAaRL3pDzD29zGO6j+LSwP/4FDmSL50OoHdBbxZ7bgv3u1Wgact01lw8XkMFRvm3IsT6Oi6bWwieQa2PhDnPTCR6zLVUEbTHi4d6oSbJ3S4+lY7jFNMpTtUgw/eCMP9nDn4d9xMio/8QIcaR8Pnnlx6XDcJmw7as0rgLa5UmcNni3bxn4JqeFptwj9z3qDNTlPovfwPfAU86MDF63zlqTc9nRSInuo/eX6gJS4Q6gH93Dw0XmIChyOyOH2dPHs1NbHD++OYNJACoa661BfSBE8al6FCXAHnLB0D2RbfyF96AQXHN8HvNy346vM9ii3ogaUNAbj+7kd0ujwXB/S04eSbmTTC5AM/M3xPr7q2UXXnDKisf8NXWq7A0Mj7oPnVA2VPGMFB+eWw3VkUhl5PxBFHpnCToC1Nff4BM0RraL/IeQjTfEtyBkrA/Yo87UgH2p9cDAJC+/j2mq20BP3IcpErB0Ie7A1cyMdLRKDZz4E2Vd3kM9Z9MCCZzXM7XvMnEua2Xz1QHCiMDyvWY5fZJIhvV+WH5gTLyv1R/74CCJrmsmfPb/h4bTdV+PeDQrQ1PpQ1gA2bdPD77Jl0avUVOh0/DiOfnyNLiKfh+H9UmZvCj/21SfiXLmyw6OfKqwhl6adBYuggXJ7IoDlrNepHzaW9pSqQJ/sC8g1MYY1+C+8vV4MtL91Q9+hiaGyIwpZ9yaT4lXj25k84YKZFHW3CIHz7FC7omUTFC+zxhv54vpPzAXO9H/DMA2NhqLiLnUuPwteXEnBJ6irNDpPj3atEsUfhNlnLaPHevwaoZXES8iVuoYx5Kv/11QU/QXd+LWDILjr2ZPjhCrTvSaHtAsr8+MJJOLP4G+/72cdZm0Xg3+xurlGuxYSWbfiyLo46JJRw1asZXFgyHQYE/+KaZ4WknWQHO5TKIEAkg2q15+G0p7Oh2VkElqp/xinbi3CH+XZOELgDRgaGsFL7G6yXPM8exd74T2o9XXx2GAfWlqKV213M9jsAwcJtsNVQF16/v88idsGg2/cfZWedwRJyZ/cHx3G91zoWc2oCu8eyIHpQBCbGpqJJjDdNG7WBVIW3gleRA71Y95W6VkwD7YKJsOt2CF/fPR6erZpCkVOnokRIGbZPnAMeWQdBVHo6HbmsAmcCv+JP1RmQ5iUGtSU6/EZdECy27KRC4zN0qmAf/np8mgxjfWHpKCHsbjLnajmC0fMi6eS1eJjpXMVvnp+GbxBNs5OAf3VXcuqNsVA3rE1RygQb5yvhIrsBXlChxrP+s6Pa/DA2mWtFj0rSOSDuJX6ZHU3BYy3hx8Q2GKX7HT6XnmQpWXd6StPh/hkP/uGsSZY3MmFnRg27dVrCkpWJ6C2aTQ9ke7A/wYt3Rnxkg2hj3pdnjDtil5PX/L2QPDQejE/fhEXXi8B5rQ61asbD1HYvOvnIHwL3mdOeD+uoZQ2z6gM9CC83gvit4fhjywn0XRMAF26u4xP2PtRnYIZ/hbX5kUURbss3BeVzTuQa5Ye3vCpoMHk3iJufxkXN1iimdIUDvwVyW3UzlEy1B9H4RexurkfdF0Zg2+RjtGzMWxDLCIFbP29S2Hsxnr5wNiw2Nwb5pkFOT3HknzMjqXKuPE3Y+xyK7fVR++FIBqn38HnFHBDqEYMdky/zadFrtH/cfH49eTL4OuvSucBSlt8XgvOOqWBrxB+aGakGSz584Oj2x6wSUAWWqsm4s2ET7lugjbpfB3FaSw4GBw+jvYUlxCi+xiuZpZTs8ZKStpXCTAdXkPg+DStCJaCoKBHrzu/llc5ykP+shvZTOXxvbuKHfblcFPSabEP2o/UFD7hhu5S+hMXDJmklWHu2B6ZXaaJu+EyMabaDz72bSC7sJVluXE83x7qjbp8a9aEy2KYdpDZLF/g9/yeuv38BrVpOQ/YzRzJf2MJighpcs80Of+aYwpPhh/hKoor+O9ENGTVm1PVHHAOFnoKCgThaHN5NAdo18LppNOy9d5OtZp0CJcnluCC/DDPbv3DA8y9g5Dmdbn8fgU8rl9D7pIkQNM0Ql90BXiNcg2O0r1J+/FqsNZZEhdD19EftIZz6mIfvzwAUTq+AMR8MeYxzEl5e3E6i78VIXFeSVDvW8fcjhjBzeQdXy8vCowWy0Oi2FPt3tOKWE8ok59CEiXprePBVMWs5MnZuE+DoBDWoXHqBw9V1YHp7CEo4lODHL72geXYlFjx04/0758HypmR69EQGrsZHYsaKDzR9ZCNMbkqmfY2hHCXpRImz3vG9WFH65j2K7uy0AOnEWbRjYwNXDS6gX/pfQbbqErZuEScLxf0w/KWNzi5aiDUzjGCn4Wuqi/bH06skoGfZMM3w3I7LPupA4ZobqCrZhs7qYuyvbAY+R36B9QUtllihTm/nrMK/XxfwvmdVeMJgkM5ufMmblHUh2UUUzmS1g82/y9hhrsGLDMZTwGcZ2uSniE/3xOM0nzU03tGB348Tgv5/C6BZPQvSLmXg9AnRIKhTQ5XyMnz84SgsqA2i7bMrQOX0ZNiunoDrNe/yWYdh3DXvNM5VmcMi2x/B6dF/cey002SmMx2T5+pC4GZNKtqxiK5tkgd/iQCY/vwMzsm7DCX6p/jbv/m0bZopHLOxhVP9OTQQsgoX7suE1Uvs0XVONCn0D6GE637M9zqJ+bsmY++5URBp/RNn78ik091nyev6H3x9op8Ddq7GJi8hsnZRpaj1a3DR99HQLxnIf7JSoUPjON4dUc/NmYO4VKOPnSYswh+fZfCYZxWdGTYDGwF9nnhJBH0Ma+iDtRDm7HlKaWmpMBwjiXdrFfln9zt6tlIYtkEh7Cqey/U3kzH3zg04dS2YrE/7g2+TApX+tgBlCIeVAiKwzrcbYlbvhTJxdbD+Ph/HlB3CLAEx/uL2jFS2pbLK/RVUWmkDDvWd3C47BhJ7fcnnpjQ7bF2DvalX+XFfHrmp5JL5z2SUMVUEUveEjc7L+bCQPC+SE4W2/ZcoZNtfHIhWx4shvbzT4jtYnLeF/MX72eyWK69wD6M07QbeOW0UmK0uAi2XfH7wdj5rjP4PNAP0YErYSBR1eQ9Tlh3jZ2U1cF9XBH/kOXCotCYJPSnHTes2EqxUAb+IkVTZ70epUa/wTFsAWsj14oDxPZa5bgJbL+aShXE4vnYUgcTCGN5koEUFDht5xY7rqLgigdedOQsREy/wiE03wdD/FTzUVgFn3Ud867QJVKT44rUTbei8IxkDrUpo2f1f/OnJdz6VthJtN42AYOOz/NUkBd+4CMCpdQ6caPyR2mLegEnqVTyyR5+Fa5bTm9Wy8Ozsbj799D2/t73BUVOeU8AMA8qJioEvL5xhzhlnen42C9of20O6LHFapRl8PLOJdwkwHjrhDWPkevmPrgsfuFeGd52zMCXLGBaOVWKxmkLoz9NHsT2XGaWr8X2RP7ZlSoLvKgkOnx6Iu7/Lw5K/utC95zeXN3nBk/drqcb/KDXpiMPPLfdw+c0WtPkhxylVEnB8/1z6Z5KFUROZrfv9aIfkMZ5kkszKHddg8ZRE6rq0BSriZCH8tzcIOjVjgFw2da0IQddGJ1YOnQ8d7IdDqm3UP6ICOixMwTrlKx2y3cXFqx2YnnSTqfkbUrpfS+vjGrhypw9t9/oElWka8OryRJCJeU827s20r68MFwYKwvW7RvxTzw9mO1yE6/eLIGWEJZw8cxc+xF8DWLGSUz/sAXdrYK1qb1reIcgC37oBPh9nmWsmoNC6lCSTomkC/cS4plO4deAmeEwZghFnNkJBShOf0hnDFZoIX9UPQEmmIj8x1sGlA/twxfRRfGOsDz51K8TISnGoaRiHU8argkBHPc02PQhnz4Xw1csV5HvOhlNGLMIMf0nydhPCy9VKVCYjAmMVTCHUPoTSUqNAzOw4Pq69D/dOf2a7WGsW8j3HClNMWUvYGAwF0iGwbTPbBXeTRVcSTPWohGn9zrjmVTAUy9ZgofEEvlMuDuPXRvJwzBgQ690IvV9KIfePHSdcjiKDqjIWqN/El3IX8fYZAKFdK0F8Zj4lXdDjl6ceoeTE23TyhyT+sg4ln8VOfD92Ku3ZJAed78LhYUQ1iVlWkP/siWD5YpgbAsIhLPcNykjvZNlZ7/jnHmEQD99Poqqv6eU5Q4QrFbShupkuvn5PTp8ycOUOJ9Z5KEilHgw9+wk+TGzmDUlhOLBGGuoPTIELNeXw/qwrN7y+QpIyHtDjMAZm6DApC7fjdXjGf4v/YB+tAoG90hwltYAq18biyM3vWNvdEixYDcydIsCwFogX7SInKaagoXn4ysmeZyWHgcvlPTDorQEfLPPhyNoAcM86SHPKP0H+28fgahAINiFLYf/DK5izPhbdzYzBdf1d2NesiKKXy2irjQgair0nw8g0rAu8w9eO7gdPGWFuEFcGu9oq3LXEjM8ajqTlx2J4XKMmCqocxE4VYw7qdcDWuEP81EgKfji8BNnud6Af2kVWR4/i5klH2CI/EZZMPEbfNoTQFvbGrgwrCEpOwdCHdth4eixnyVtgzOwcFjhgBdPdR8G7Hkn2S3XGsSV68MxlH2XvCQeZWFFK2RrN3uKNpLE0D5XjtcAyyR1E7bLYeIICnFnfTH3nFGCx1l3sTUjiBYdFMEPMjVacu47z6y+wcXkWxhqOhtfBwjizyg8fasuQYmAaNm91p5amx9zme4aPqZ/ijoaR1L1DB0IqhVi9NwV/BLwAtSO6FPBvG1zTnwFqHuvQ+eUizNz1GPLW2MLvyXJ8ccJTTLN14YN3Bfm4dix2xY/Ax8njuCZAE6L1pUnrqzmo+X7ipUtug9SteDZ+uRMGvU9QSmE6x9dUkfC3YRSviSCpegGI0fyOhoNFtGaOEY5Zq4Gzm3VhcEkAXUxIwqyT2dQi8p3OjdCArbl/cY/eRsx7+x40CnQ46/Z1qr5pRssvSUJVkBglKjjSjV8AepcKYXtBAD59WwgNgyF0LK6KMpbMpx0PU2n2qEN0f5snpcdJQZlrDHjL9aC60CFoflYOsQ9leP72AWwW3wYeBzsQj9WwxkKE8yabKWvgMwoOfsBlqd8g9UQptWuL4Utp4nttWTSmNpP1eiVhwn8N0PJkCj/Z0oLfUl7BrppIlrz5hY+8Pc7D6wQgY+NvsJxiBnsT3pG8x1H00njE320isLx0Er8zWk6/JtSBD/ti4tIBOBYrDi6by6jSqot1140kG9PdsPKVJbaHvOEA+4eQbFRH+ef3gWqNLgR1f6W0wmb4EBgAJnNUKXZeLA4cm4Jdm5bxIuUEzPAzx5HXDeHC1tc4wzWOB07ZUnP1Nl5+QYh+OqdDxd5KEOkNw9jqtdTeLA4GUclAO85Bc+pOPDJlFiafqOe8qF7MVayD7JJH+OKdH2+vHQ/86Q+gVy+HT8+DT+ZFeGpjO9UeV6SN8ztBbp8ZjZAKpDd1ymD2IwTG3HpCY0560hrTSH55p5uDL6VQyqpDXKMwAab/iySpsglQElaNS3a24J2Bqfwm6zte3eTPHBkHhuE/YU7SNW5oTofLi8zhyBZ39q+8SwV3jEhXayku6HPBgtMBYOCwCty+ZeAtB2c6VCYCno6mOFc1CL5vlKFrpz+DzPYAcDv2ioK1ftIaxSh4Pu8X3iqWhjU3dlOVvDbcLT7O50Kq0Uh1KwXdbeOKPSPJdNZBVGlpgPAQZfg9O5CfjP7F7v1LaWRiA85XF8dWqw8gvH4O5hrMpV+OTfSgbhLk1w5T8bh84mxb3Cz0jsU7s/jj333w3VMSegS3QF+bA8aUmMCMg0ZkbiEC2pFbeJVsCQ8XPYFzSwp5/HcFnjM1lQNV2uDCyZEgKtTJX6T+cd52IWyNmckdHz/AtLnSoGRQxDLK52BtvS3dyjODy4rLOLCnmWO3VMDHH0l8o1uPkpf5Y0BTCIU+0KAD0Y9g9LAw8NXVHGhXxOPH60Lx7nTe+XUDjXv9Hevu5dLH4g/QE2fJYustoCk3BQ8vCObTfYrU9J8TtJYfp7jHj0iwtp/z966COpMQ9N4hBXIXloFtYD4UPFrN/ZIHweOKFedljmDZkDHsZ9COxS2DaLlTF4o1cvnb3GVskZoMgTfaKepNDHz8rMIJLn4sGOwF//Kf4mSrsTDGV5uP7ToAV4Nt4YfLdEh5sYWmrXxHB16a0mlVfXYPckXNb0LwaKQbLrPuh7i7n3F5LrDX+CCc4POaem49gJYYd4zc/RsvzNSDiZcNSarUmMcuraCTj+3o5zs3evOfDJhdX0qu3dLc3HOCy7Q0QLncA88pF9PxkH3Y3ZoAv11UsVsG8WE78k91E7hmYAOLdhnBYFIwOs7JAePCMrr81BR/7FhMBpNUME3vGq/fYUf/zHbR7Dcy8NglHJTuStCU6FOo7/oKGxRGYE7XTFoq/I/tVtTRqspkmuEiCdaXN4PJoBkVDn3iiLve0OvyH1ZrJUHtst8UaOZCjb+7uH+qBQStVSWH+rHsO6GW8g6FwiYjB7433YC/nUvl721J8O/UP7i5WgW2rPHGeOhFywe23L1yJQsG2KKhwSxYER/C76W+cmtWCk/Rt4aa2dqc0nYMKo/d5iP/LWeTU+GccDCZA+xmgmXhKWzKmkHjSxjcRnaR2dO39PiXPP4IioFrpiKk9ugvDs99i9oKObzcf4CuNFmDvUECRg630d8JqrRRIQCbH4xjK4Nu9LRuhjMxn3Da1XKseKQHcvNjYPToChj1LoQneO2G7N27uU0ilTZ5qVJz1RJuyLeHrXr64HfzEzoM/2bBnnZOuHWVqhyXoCceQv2VDdSkM592x7zCAVELGLFeE5O7LSFMyoQDNgtA7fGP7NfuCPOSCuFmZiZNvnCWQ1PtYWeHNvw5/gKDzWbxAtd8VjvdDL8SD4OYsRvmPBggSasl3KswGbpnKvABi0HMMZmN5cViGOCyg2Q3xnOpZS3lJ6/DgZ//ocB7LcgptuXwobMwOUOQz2iU8rtDAXxb1QrbrU3gwp5u+Plckgt8pGCs1VVIuysDgUuuQt+TSPDebYlDJamYY3GDx1q95RqfTBLIsYahOCMy7pDBJ6vVyUjXCx9cmQarDtlxwtVm3PBWnWJ940nogxQs8D2NhUEhGFq0FRcn3IdOrZVwf8YyVJDNwr8aBej47Rp/8bICI6cTOKexgOZmVQBMc+FVd57yxC5t+nf9Mk13fcNTKtpxc+NoeFo7F2wfTKBMoy9Yu9aLb/u+5IgjcVxxsQBFxQ/TyO95VOYwCSr6e2lT3El4GRhIGR+q8YWSC/h83Ubqj7ToX8lRjm2WJiMNQxCeGofOXwXpfGwrLD25F7ZI/gU3WTvCX2r0VDCRLm2ZTDq/R0FXmgjt+k+Hh0aPQK9moIM7YsDptQleeJlFm7dZ8LtH8ljxVwnyhERZdtYUDO3bSb/rn/IPXU944fofT5BJZM99Ixhe/SUTByO4MTsbp47aThaCNmQ2QQxp6BnoeC/D2aJ/+ZtaDFxJcqOIXoSNc2NgwdsnKO5tDP5HE+Bp1y506H0GhrULKWSZPgY5/eP+BAPQ1m1mJ/02nDVJDuOlLVC3X4mad2uQ7Mc5NE9QgGUK/HnwKoHLmvu8cLMLGfw9Sj6XYtmzq5Zk6wfxS08m1ju0wBx3CbxVpgc6VZ24WkUN/hsfysFPsinYRwgLwwo4TE2eokti6GOGNxcW6MHGZ8G4+EQuDYpo8oSinxyt5cDbLSO5P9OaqgMK0WmRE2OLEDx8cQl/uQeByeE5GFUgwa/vyoGHpQS0jdxD2RmzaaXcKNC4Zg6OWjHckpiOw0aBmHLUGVMr41hxkiLHnPjE/x5H0McVcqzirgVr/lOCCd9H4/Eadfj09yA0bDkGjaY76fMTHZwYWsTNZ405tcYIpPZ7YWm5F28caCSx6WPBMeoaPNz2npYfLwatCT/pXp0L/IkygKRPLeRaugCWfnPhS8YJsCHtA4lrtYDEC2TRWj/6MuYFTovVg9sTG9h84SeqefMcz5f84TbXXrSbKEzLooTggkooBLUkwsodk+BRhBx+TpGjUcMO7O5xl6J1BDDSoRMeywvS7ovveffqUhQZMIFba+bR85wsWLnuJ1VnF9LRGYbYcDsGpEMzUDByNSgpa5HaIQFYMEsWbAdP0IGP39jIxQPUf9vj2zn6IJYqxLN8DFFuuxj3RwMcenAIBlv7+FbCJTCedgU27xnmYxP3op7LCTy71AiDp/fRf2vtIO7bSviT0gKFEs7kbqlJMSv0eMHq2eSkqQObXiTRtenWOM7MFookHrDBTzE6pOWPJ28H0PuyGXxnYhIOHD/BdjtUqKoDUOCtMgxWzqFTd/9Am+9kGshtQte26XS+VJafv7XEgMblONZUllctM4b6L9fJIWALSE5xoPJJD3jPzXw8MPMHr/9cTXkZ/TxCXJISmnTg8Y04vKq0HRRLmsl4aAefrJ+CV+sfobd6FZ/5tx1stw/gkVNCsMs3kar8bXBU2yryHm5mz6Bl7DZCDW869qDxuV6QEnzEr6fqwrSbdaCwdTJu89eCT/qDKPAvnP4+nUNvXG9S4tVzsNUoATbFqcKCO+FsPyqJj94cwbaXfuDl+wfQ5bU0S7uupiVQx/O2baN966xATDwBvi6WohFl0VS8ShvvmNrQzAxFar5XDKe77aH9likotqqD3msnJr8ujlF3IQGnZlwzrYdn6uWCwaAPou5mSnznjTMu2cOQni/dex3IJ74mUNUWQ9zS6YRCp6JppeQ/1tkQwf/S3eihnSAsrzHn9K0/0WPgM5yZeBECCzRhTeFvPjNRALcLJbD8gxJ0thMA7+pxJH/+FT0/mYfz6mNh5ud6qnizlyLcv9HMsZcw4l4AGugLQ1r+D0KPODyb24txotHQdLsQ1ig0g43MMs6+sYOu7Eig9f6j4f28qWhg6Au/A7/BRIXrvOhyAIlvKOeJc2vgirQpzZ1fjaO0lCFVPwhW/ckDp/5e/OxxBKJmtNLquBrUuynPBXXHSdzxLbq7KcGCzmvU/v0vPmsxwTiHNZD96TcdLlnHNoJKcP9NPlkk5/LHd8JwV1AO1ycIssD9JPaN9oC1ti+h/50tLhhRTeqBp2id9QSYo64AXt12eNvuBRseO0EFchtgkpwWOD7TBf3gCqDKNF56Kh339+iA2LyJNCNIm6C7i04GxqNaqCN10RLo29RKm4+cpdSLL8DERxbMvopiuvkCXJswjJe6TCledi0vDFpK+/N3osPKGhb8VE/NlXZwSXsMOlQFguJiHVys9R0izTfCof+E8eVbwvIZiyivxhgibcbC2o09rLl5NM9z+cCedREokPISjWu08KDWMVp8Jpfl182j3WwPKZb74MV5c5DLdWM5kUF8viEPhl0/Q+6tMHy3PwafN0RT3o8xcNPUDPZJrQJNY0P8B/vpW2Mfaup64CyV3zhzgzSR+h+cHKkB1befcJH4P/w1IYtvfmmFS0dXcqyhBXtnZtEiq3Qc9lbHESEKcKtTApV94qB01xGy6PhGw7OOUZ9zDwt+6YQJS/UwySeD1jkZgvFPMdy9yJdCbGbA6DdSpOD1gHoVvThzbB6VUAZLPlGjJTF6oGxeD2oHl5G3fTZcHJTkKW59pLTvGBk7deKiVRE4XfEfeP1RAuW6r2TjWgDR+dsw7X4x2df14vdlBlht8ITvv/LnbxMH8bb6KFCzV4AVger4+KIh6xuswzDNBhgvKoj1+/fSem8rmhBXRwbXR4N+njM3vo+mD/apmHjpDKqM9kbQJsw6p8Uz/+zjms5XgJkAc+IucXpiA867RrjcZR22XHnHK3ecp/jGWRw3ROz3eDIYOU+CTaEK2Oo1F1Kyz8FSmffg+MiOUrXOo9yCO9A29QkY/PmHjfVi0D5HgJ/59dH5RH/MPBxD/VveUEiYAn5dcAOq6/8ju8lvqXqdAbj15UN3ezdeTLqGIw+N4M6vWei5WYEMh9eS0I/zvHNxO5iW6oOX0Di+7H8QY3v7oLFfCEOTnHjcrL+4LC6bJOJSyVj4MGu+F4OZuUvhbZII/pyaQh98veHiPW/y0palv8/P082xm2GkpRDObzWCFVfF4PgGppAfSEfcX9PMrYtAsMsXJdtDWeHCfTyx5yrGbJWHg7Jn2f6dKI2yms2ecu2gsp3Zd0s2lZ1uw9VRuty/yR2lJwEk9B9j/zon2v++h1RstemBTwOrpLli6AVjVu9vRhExZ9jmaw6X3zhRrdMaNtcPoSWynbTS0A3lkkayxb8pZJurxCXCIrQ3ZjzM1D/KbyXtyEZAFO7u2UfP96xmaYNkXiOizCM8PWHFo3Jy0h8LcqFOKL3aA+LSLVBnays1dZwg9QPXSNP7AD3c7MnbEvIhJccaPsd4o/SvHahW0k8J39fwq2v7yX3nfjaqP0caiWvQwccd4w6NBlONGWydrkMXTbLpSkI2L/5+DIOuGpPpnnu4J/UJmIXVsOB5AP+jUyE77QJJHQyDdcvm05bQ+1yQH4MqqX/IKCGYylbd483v9EDsyW1SHvpO8w09af/yz2Rz5yupvTgCjrcG0ay7Ff7VRIDqD3voOvyFzohq0dK3FbB6tS+rnmymYmNvPJCUAUvMV7Bx4DX8u9Ucti0tgeWDUiw/pgblnWfRxtO1qHooAiuW/IQfZYPQ8UmN3h+fDI39bahiVUhbVPLoj106J5bpgvYoa+jWUIWdc69TmrYwSo0zh3GNb+HJezuu1r0ONd3XwdR4M98vS6KQolt4e9o33F1QAEPvzcFEso6D9+Tjq2JJ6E6U48FWDXYuN8FY/7l012QVzutdzH+KR8Crtydozs/nsHRZPokd3Iqm9dsgvG4jRr9cgO80y6Hv+RVe4iYIm/o3okn7SZ58/h69mNZFYyYHY8Tu9VzY5wjVX05jnrctjze1hIFie4geeM5pKzeBdGYkFj6eyCbQij0OyaRh0AJRI7347H5hmODmRb0G+dD8KorVN4SQ1Ngl+OeIHpYOLscZ+86Q1hIBDh5nBCti3uKK6GEQ6/LHorF6dM7AmHvuWvH98ma+diYCfgvqw9TkMWB8KhT7tpXReFNxTvwsQr6hjdTuFUPjvxyGiTbW5HuqBWIaRKDjVAOcxmqe0l1Mb8NMSGLfR3yhtBc+tijDIicm/w+BvNjECs4v+0RxK4WgV7uVoj8P08rmmbxoaDJ4XNyDr8wXQMedO/xdaSxsy28Fb6+/WHayDBRMTsLbO2tp2/oKPtLuxPRWidQ8y0nkPwnoGtLBgvXyoHyGuVcxGPcEJeObmGUUIm1GNbueYPXMEBiYoQM1n8VI8LIETjpTDF21HZzyahPuWByMSnZbeSi+GOdvnoe4XAS8BB9RxYoE0Ilu42WZO1jvmQpomx2iS0cRfXUZq56kgbz3GBh2ughtFc+517eB1h2aAqPndcD9M208Q38Xhu7Wp7MR97gqagwEyI/Fk43v4UDbFTKNOwKuyV9w/ahkbr3gAdmf3eF5YhHv8dQDmY+zIferGwSnn+AL3U4UX7MWn7q+5ITrd+nuismQvugBbVcUApPXv8mhfSX2vj/OM9TX8p/FkqAxdSNPVzrO407J0rE2K9ooKgWO0olsFq2BNc4HwHWMGF9xPsW2tn/gX8F1urZrBx75ehsF9mmA7PRLtNHSj0yV1+Ed51jwKwqh/nfa2LD5NruGBZDlngX458EYiP18jWrz6ulhtAGOKxRmi6Z9sG17CChrLYE/rhcxW68Dvk0cBRX2ERxeeY3FH1nD0YNKPDCuid9t7cUZrrPBiObDx5wRHJ7KEOX6ELLWxXNNfSj/Si/lyF5Ftrd9Bhu2ziQNhxN40cgd9+wg2DnLni/qPuA42s+L/UbzrSB9njHgjuKyzjxjcAX/euXKiaMZtJdcoWl3BCnS5gWIJz2HyaqXobXgK6k9/kjKu8xozO7nWLnLEoqnKeHWBYkwYuU8bA9ei6sogtfm+PCuv5/pqPRrmrHJkzKY4WPMJLA6tBXkzsfy5Sx/dPNyo78wiM/ENmJA32hMyiuBBzNEICtoK7eNt0SRX6/QxeIxO9qYwIK1tfzWR5JrGp2x9us3CGxXhs3XvPFoVxaF1F4EIX1bmLPuOJ9v/IsZIbK8sgugr8gcL9vqg4DHYU6TzEfF8pGwLSuXnkXtQk85Jd7zsp0pbQ/ELP4AX6eowKev8zG4PovOHjekwym6lNIC8OHHVH62RRE+1krQC9epHBE5Ek7HO9NREx9KGVcLhwZtabutC4V6RMHMH0/g+RMd/LNwKi72HwPKrybQ4N4kXiIQRe2brGmBdzp62BeRrMJHvDLrHClLfSWvB0KgoINw+r809Fjrz6fsitHSZyxXNh4BkajH/Cx4KtoEZdCu74LgoZqIKuWb4BZPosyd//CobAXWjz+Kl4wDeZoOcdeuWpjRYAoxPtH4ZdQevqPxkfuqftMkb09eYX2NHYNioL93GS59Esx6cnrwoUOLGr684rrohax7TIQUm+XJL3AnvV72jA7NLAaXLjscd8sUVk0dST4XTdhlYBNZXfyOe9buhciQrVhstACdNxRBz8plkMcjIW3lODTyQd5S18rnZMwg2jsAVvx4DlumO7Df+ELMnXkZnG/pw7q9+rRLv5FVFzlxrshK+jl5EX/In0rjL5yBDps7bJ1RxnvOA8QceQufJqXjtBv1+P62JM1L3orGiksppMuKG9oVaUPsXlJ+ZQvvhHzQ10iLFnw6yLLZrfg66DEFzJXHgNfnsHGMCOz+8wg8F+jDtPf+2BI+jcO/q0FIaCvv1jyAG+qWY+w4ffooJEfSdS34J8kOSufEcve+F6QbfxQcoz6CISvzjI4W/qy+ho0tlNixxBvGek6CV766cNcjk/7oAJZtHAk16qk4K+g1hS0yYb8vMuBVFgnpI0whdexBsNhF+FjRC69alfFp8+d4N1mR9j0tRsdxKnR/+zzSVTCGsR6hvNFnEV174Ahvt7px6txuzJhbzttydKH79CKe7ziO38eLwshcI6qQ9eNE18M88mgPdExOI6VGGXwc/Bt//dvLdYuKOHu0OZSF7wD5WGVo6uyke8unQVhmBX+p+YcXp9TAXavvHFclSoobJsFvyQ60ONOEGudc2WF2NbxokYOmEZdQsw+xQmsddZRU4VIZKZD4dBcDvkvzlaqbfP3JbtrpkYGBtic4an405Z66x65jPNguyhq+ztGH2VHT8PDTHNKblcMCFoY48OE6Vu9fyfdWy4Fm9Ux6E2gEMRUP+FqIMs7f0cmb599DUfmLuPPuC/57LJ68q4I4auk+nFwpB+7250hluJ5//E2iMSKxKKZxjpVOBZFUgidMEV7EW7Kf4En7yTBySTbU7bRjN89lVK6Uy3u+HWTvTEv2fX6I5r2+TMeyI2hMuxEka8lBQeRGTL9znmLdpfCJ4x0+e/kIhdSIwhnHQAwOF6KjRuow6uwLCh8fQSMOPMUqSoYf0kfQIDEW2/2/g7jhXypPPkoZLtbw1mYBLoyQA6t/Xyhn/A3Ki7/AaVqmPF+kEv6xAc46fxGWWBmCxA1L1hn5h94GeVLtEeD/7ktCdeFriI56QVN1k2H4qwtNuDYZfhSEQ8OfbVga/g7fyMhjYWwnpVxahIfjxKjoyAhStjyCumgMDl8yoa3di4YfFlLS1/2U+OMnZux4SEOBHaS84Q7PidnIl7pNYMBmMe196Az6p7RZPWItB1StwW9vZ2LPGeLPw3YUutSKZvtbw1bBraDtL8f33rtxkasGaA1fgvWmzDKzvUAg7RdsetiK6yZPhP5vFyFxfQT8pxyAWi036SKksMyPZIrbP5EaDSt5SmwPFRw3g+6bPSDsp4Stch/B8moqmN/5CT0+08nQehs+ODQS9q5ygEcvFGCD5WdSUG3m6zQezU3vU86Wq7jDVhu/TN5Dv4Vz6JjBAOtqCsLuG6dBoa2UK4/M5B8Tn/KfmtXQMnsHD/gf5t01ybA4yRyMjaRBtfkzRjmd4w6T+ahqmwnh0bGk+NuaS+4Ai20VwhrV2ex3TQzeaShD5aUhWnPxNf+naYgTtb9RZvQ5MDkkTcrv/vBo4TB6WiIAGuKPwVQTcL6IMo3xkmHD5jj6sW426B5cBCrjz2O1jTLcOicPhydH00/r65R4QB9my4XRhcZwzvA34d07z9P83kacunE1zN0oBp/2r+bun5u4X+gwa6ae57u3f8C8Oiu03iKP1yrug59FPA+0KsAUAy1wOhODIYXWeH/UPWra9ImmOwJ9Gi1CXXNLmcvbCR3GgrnRL7y1eh2uLs8C3JpDYsqBPL5ymI45lWBjzScMUj+AEn+VYXfkH4hd2EoPut3BonwujGv0h5lTb0LTnBZuleokqdIK2nxDDn4NBcPGTiEuPO4JuUnCOFWZWdzMABPP2+ONCjPM+5tI3TUW4I6qrDGun+tmKcHOa28hbjtSmIQmrrBywfaLM3nk9Ch4vFANhLzqSOtjBR9YJMHqz2px7Y4/UN5wEArXhYOHoxHnO11AxTJj6C6IYMvPSJP8BCHswC0wf76QX6Tsp+ZXrex9RBBEdhrSGlCCZ/c62Xq9Pd7UtGDr0tGsGpPJTttnwNmOHopyr4XwIBneFakPM7b8hkXfl6PQl43Ufv82PJRKg57H16BcfgTtKa8nAS9LXDtNA3Ytv4dnHq+BgMl6fE31C0RoyJGdTCTPFM+hc7sHaZOpMDyJmAR585ehlm8m7h0xjIKtZnxHVII/T1hHhjSC6zMd2EHzJph80oNXJpMx6JwbxxhthJx8HX7hX4ZxDfP49jN1cM33YSvrs7zFzABuNBTC9OhKOK1qCAfnLWEZI2EKChJjvY9pdLjTg4ZDfOA/H03YaefOE6ZV8YGX3lgydIhSf2yBUG9Hej7tGWR+Wo7ztYGefgA4YPuN9RqesPM3e9oY3Ee7D3zHrgxx/uh9lh2eepFhrRJ5qRnCqDmLKfWqBGuuU4LYQnW6/XoHTq16RmP8d/Bb9Wlk+CEeHJQInnfsRP38TvxkoEwrNILQW3wDaQ01YGtmCWupBKDKJS84WGoDj01uw5oAe7BVW86fdO5StswPShG3RZ2ZedQ4K50E3gbxWjNb+H37Mi+5e5VN5X3w8y2mpcadOFkoE8ttD9JoOzsycFwIQzfUYf3NDBj4WY+5H+/BY9n/UOC8CI6eewKfrjNiZZEh/mwlQH9qJaBWpZvrNgdRT4I4t8234n+vJGHUcSmaPlUP6MAQ94dWkFeFJiw2HcClBfOhXfI6avBTytL6hJ4PLVhFQYfObvKg53ckOUdSGOQOrsYD7fk8sTOC9jXMpcJzbeSbvZrtI56yqHoa5f47RH3vjcF3YB8l3SkkT6ViMFVYCE/HzwQ3F1sMs5gPhaIGIHixHtK89eEg5/MVXMvLzjbi29fRrHcrh/q+PYWefRL8xdsRErkY5eIl4e2Bdaj84AgWLlwDmrmdFKZbxkN/P/OxTWpUmLsFcnSccNlnLdgbI4Fh50vh2sIInJlRh1XXmkDvVhW+Pb+bkkJeQMakZ/AihKDPVh39X5aD/SRPftKvjeMu9UBw+gYuulOHXWtMaJrVYWpdrQCjdonjriQBOqwqSaWDa3ma+XZ6bprHrgENPCnwEz5b+oOyzilAId8kh4NT6MaNJSC3Mgpc9MuArpcgVz8Hi0Q58n1zF2e/EwDpxiI8GfMfer35CnJuWnTA1oUiQn8SZyBLzblF75PPQ+busZDzfTIHZNuQqnwV/jUfi203unm8P0OoYSOouzaigWA7h9Bk6Exph4+Bp/FEsRK5xRfAwroxdOpABHZYPqRdZSMw/fMRnrJLF1rCD1Cdyhv2WNmCvwSLoVr/IbiX+HFepTZ7j5LgDH9T9MrTAyMlUTq9OJ1zojTpfNgo7O5+g3Jz9WFZ2Sp+E7oOu66HcsMsCVhtkwXN81JI55MOKSbNQu3H4ZhbQjwUcBreiOZjp104n7goAQE+P6iWFvGEgU+k9dyHL6bM42WRgeC6VZRCFFIQ1nfyW29NuD0/n0d47SbVVXs5MiqHrcUruYGCueJGMPt+uo/l9gOwcKQU3Jm6BquqnvAnuRMc7DyNO761wfeVBXRi42bWjdGE9+keIGxiDtW7s6Do80uSiXtFBst8YOjbNQ4T9aUa7+kk5i0LOfazcF7peLDvWwv3sltxZ8hxMF0nz8Uz+qggciykOn7lF56OtLhrLi2U1QTHCYtBP2sHfpbIoBuzRkF9mxdJBjFl+inQ8V0u+GZKJytPsILBBWc5cLMb/7ZaCzV1nfBhM/GMDaVgrmSED1JS6PnIvaw/2ggOJCZAwLyz2IQxnDFRk61mZZL/9QjY5lPP3iHrMNzhIG4tt4FS+xzqWBzGq9v9uM3Yk5aGfmatA68ouWQRXn+5h5+5noJYIylodBSkklp5Mrg5nbR6xGHWrnF8LvkOt3m95shhT4rsO4lW7gD1xwzw+2A1fZ9jxjaba9ju+icSDRTC4LhSMl71COK/IF+fog6z6vbzwxfDoN94goue3YOpIx/jvkmj+NKo5ahwN54FVqui50IFmO0riPu0ZMDIvJy+5O3iC0F7IfllEpy2q8GEiNVcrT+Jc6SNQeTHQ34jNxYvSxTQgQV/cGVGCYcLD7C7VAgt1EkFgYYn+POJGkyszOQLQQdw6stb8HDJFjYXP0YR+jd5SrwntLsY88idwfB6qxqo6feB3PPp9DxyLptsHqbLfQqQcTwRjmxcgQ4RCrTiUxudD0JI/PQE4+ocwaV2N+zeuhDeB07gmkf1dMjdBd8+SUOVqjC4eNoGqiZMh9zM5/xi1UmYs7WKm+ddRT+TZxB6SQt8do2jEL3VdMNGGQbrbkD+Bi069vU7HQ0uxr/2gtjjsZS0rCyw6MUgv8o5g1U1ViDWsRQkV4wn+dbfuEhOB/Y5lPPYLAeYUhaEheHZGDmviHOnTIZTco70bHkJP/Gv5bTASVD1Nwl+dYxE2w9PUH/PUfBTSGDDZePhg8gszJ6QA5Ceja3HDeCYyXQQiXcEhSJz/n25n+M+i7KpnRK4+4aDmr4dwAhRupW2m2Qy74KdcAJVri/C3LCbkIgOdHC2IMxtHM8/9wqChJQQf9C8znZXNHHnvF6S3BDG+ikydKkkBRNKreB/4u5DEQhFDQDwPyIrkWxSRmREyIyQVBq2BqXQUJoaRmhRUiKiaEglI6kcWSmJUlEpGlZRVlq0KNV9jPskX3GzJW39zxzOh3vCyzBRPJk/h9Tnx+BcuELW9nV4J/AZD2mMhFHl5Ri20R71DRVx4+mj2FvzCrNMg1hxUSJtWXIKQnx62NpbFNZ178LV9sVk9cSaxuQVY8vTPfwnJJ1KMpEO7BRg5xRvONygAXoLUvCvmRxu/XmSj/rIstT2Psz5nMtyE+bz3OoteONdEo/vFgKNcyYgv1WS2iZ4cMI2V3R6fQMmyErj+V/VsCawiz66W9DhAnm4WojsYXodWmtC2UJDhRv0P1J1/GPIfTwb01cEYaO9Bg/V6EO9gCB32xjg5eF0jswNxsD/+vCXowGpK5TzhARvuG6uA07TjeFykx59pPU0cU0MS2SFYssIdyo2jOAtbTrkOsUIIgrq6WK8DNiqS6Cgbz9IHJqF+aFhJHRlGdt5bsagyVWYf24rp68ehcnFZjB+oi8LPPRltc2GLFtvxBbi1jyuV5SeuuqAiOpurLW0Jd0cCSiLfAAyiqk4pqaSug6kkrTpQRQYEcZX5RsheDgMfh9eAoWp5rDwgCzLRGmgmJsgeewxoDtu3ugVp4E79U9z4M0f8GplNoOGNay9OAsPGTUArttNTxR9yKdCCU+9lOZfP/6j0NfCEIA2bJc/Ei4rrcBnd+dBdtQUmvh6EK0WicKXm8U89+k4uJVhick6b6noqhaoPXoLSvVP6XebCNtUpLNVUCd08lrU3JSCldn6NLw0B/Irp0P5+NNoVijASo8K6JhqAokvWgwTXjnDrOtZvDU9g0L8VtFISYItme/wbs82+tsbBTvT1MAE11LNyXieK5SFKRuO4ME4DS64PwoOFyfge2V9Xlo5RF5fi2GE4EgMGFoHU+bmkvFJTzo3dIcDTgrDZEtBfuWtS+0hYXA+yZ521ujC6eZbvCK9k76ceA0NnQqwvlMc7v86y8aOdyDQPYOKG5/hdMda+t3/mCot/nHaiDL4Fb4NF1oJQ353Kvceek35ae9gZ8Eg5R6/jVa8n85hC1VNLyOTNbV4N0sAnJba8H+Hv9GkT1l47u18yt9xh6UvJ+Aa/2x8te8OO9c84J7D+pBZEw8CnwhCqvspei/wDeuFNOu4Dyu4ldDTB1nocZ54b/802Pf6A5ee3wnjd1yEXa0T0DzUDaJgBx/0Xg/Oq3fR75oIOK0qALNFa2nkJneWkNLEYdFGsrObDQfuSCK/qALj+y6QuHErl343gtsbiumX+hOwCrkHQ+f+kZPeMfAPKSTUXonrR7XA0OTXUHJCGjb4raPPPwtIWuYzukS0o2VzFkp9FmaXgFaeba2Fc8fPoOsC00DL/B+l3fGBBsMlaDzDDia/FITg+Ll0fPta3jyzF8ZIT8f140zh1i8l3Bi9BK+fUuMC/2GwlnGFM3JfWHB2AqJ7MZQ9Xc46mYow8tZ9rhdNp/r03ZTy+SUe3bEOw4xDMSl2DLqvvIZvjJPRWE0a/uocZvWZifxYKJWGb8SAVMwunpr8C+7VPQXPFcfJYlcaJmy1hKWH31DH8bfo//YjldTvhkVeC3H1El9cHq9JpSIbyfbweV52TQ0mfZBn14hSSloWh6nh0uTu+I3W1Znw8ZE6fPhRK9lMOQ+tZuYwsOs7rX07jeYUmUCA1RVQN0vhbQMJ8Dp3CFwvW2J2vQzk7DaAKh1zaowUxr7fo2GNWT142KbCi8zpOPL1UrCfVoTafpth6SsFGBdejF0133jDg30o9jCZ3s5IoqZTRdBx2B71ew3gxlcGxfl6UKowgw9UaKJ4nBHd1r8Obel3wO6ePewui0NPPUe2cvGFoiQBOHbJkkxdmzgjZhpvFLKkxnlxZH6jBeN+hYDIt3O4MjsA0nvMwclJG6sChdmgxRU3H3gKbhEiVLt6KviZrCfBkQxh29dB7yZd+BpWw6o+Dujhl8Lpr3248MYSzJ45jOdgITqtHEZxfSf6fXkyFL4awb0T5+P6wDx6mO3Nqw+PgxXjw+jh0gX0J2YK33vvDC+fmMNvk4XwpEiXPhRH4SCfwwvHFqHqVwHoO7qKjILuwbvlHTijbwrscI9n76pNtOzgc6rz9cPylFASmfQPb6jK0GNxfVAcOwf7HLQg+7U7Otz2gpIfdbhG6B54RzugrkYJxEvP4mF7Qwz9U4I60dMgpM0SnT7fZKGn+qy09Bz/OKbIhx1/4Iq2z5ARcAH09lkwfR4HlTHr4akrwugcE1ohuJojGi/zUwkLTAtJwqcZJ6lm0jrwXW4J0btvU3K+OOSM2Eib7kVQ7OAevD5qAfvc7cb+Rd1sjlvwZsAYSL4jitNUi2CN6lLStpUkoagkENWvgzDbYTw71hB1vJXR/dRUmLNnFq8WOE03Jnti0gxl3nuVULFBlQ6NewXVRndISXMdqnoIweU703E4Sx+l2y/To8OqeGP/SFobXskKGjoYj4dRqtYBOlfIw7MdJdyq1sYeHVastrWK3L+r0PzFS/hn4TwYM3k5OLY3seYxMwjetRZ29X/ki/15OKr7IB1UmELSJg78ftpG2KTwkwsOmdDwPm2wflgL88+PoQzvjTQ+oAa6RF7xjZhw1B7cBPNzd0PNQCnLaeiCdvxsUFJOhxqng9xdG4cH1/jBwjPZnPHuDFVECvG8v/6cFKQLiq1h3GwhBReCnWnN4otQdqALQuW+ktvAdMg3RXi0NJ+0PPRh4SYVdsrYz1JxFnQz6TNf9LGGF2MTWM1EiUYvWs6mWVsRF1jASC1Nmh4mTAo+92iUuB+YpQ1gV2UkdPfeoKG4cGpVWk/BZ63ggHI7r1Z9iykPb8K9b795Ve1pLhj+hinOISykbwnpllG466gBXDo/jweTbbF1dyCUPvNAk8xD/CBpNcKPdFwW+QneaWeS8F8rODTficve/WAVMoHwrb4Ufa2VrCOMMNz0Na26LUZGGQ/psaQ8nHhgw4ONL/Bw4FzWHM6nrzeRvqRNhtrweEyf0E5maX78+QbBv/G9sHxiGGVeEiVx6U1spqEPYo8kOFR7B8Y0KvPzteMh2t4Y1inMofgNQSyGP7GtUgcbb2XC1CmtUDZFHurzKjhrWJ7WFZuC94l+8jwxTJ9eTUTj/lSMGVgHS+ouc4bkB/5TMwv1s6fQ7ieWcHNoPNZMy8NntkJUXO/D22840KXGqzR3rzt6u7ugzOp9bKajBo3Hs8lFaYhagpp5e1slPfYow+D9V1F+kgq1THTjedte848Cc3A5FQy31G/Q1Y+6LB5xkRJbzvOTyDA03bgSY6U+0frU27gtywRGJw5A6EM9SD5pCnIqllBhOESblN35m6Il5xx8wS0jXuBFGUWw0xlHf2Nf4Yhb72D3KkvelvKWJTaGwoaqfWjhbYruB83IjpRB3fwtTMr3AheJQgiNn8Bl0Xfg6Mm//L05B+cvuwBjhnVpVKIlRF2/zOdk2ij9kAieDQYYN/sSP749FZ7XykDP72aeO1eZ1So0IeO7OuzQS6Hz+asweakM3dmWgEXh57hgcjkKbCiGSrNi0hNmGNaNxgeR53Dbmo2UfqoOH5+ZSqmaYTRlWjhFWgTycPNmPDtBAtR0zuA7cTGoUxnE/tBNoLpfk1Nt1XFW4VG8mq6GkcckIGiaBrSddIGVhfNhZN4+Dl8tz2NVlmK2WAZ/26WGiddOg6l/FL7xnQIk38I/zrxEie+XuPT+VdzW6UIxExw42X0Ub3yyija6X0LWFIffO+vwgGMnbRC1gXmNsnR6ezWPtlSFCW9McFGyF85e3sofUidCb6AZLV+Qy6eFXtDrGQogNGYO68rPA+3lWnBTIwI2K81FrpCBOfP1Ue6gOt/c5ke60bH09n425pzZgRcUa8ln9Fcc8AjFRzqKcCfoCc/0Lge7LSvY8HgFaIxaAAfMSjBNyRkm7XoNiY824qFJulCj6QKyzj28p3Amx/SvQq+ZYeg/4wrUGKvQqNuSNO62Fx7Pmgxfpr3iI7ru9PC0HbWcN+L8m7Gcse0Q5Qfkk2jsPHDZcARc9ZVB974ClZw4AKcGFCFs5UxIGHhFMicb+cihNzBv81i6eesg7JCbBP3RW2Cxji39+R7AU9z24ouoXyhgeZUVIqdDx/3x0BhOuOyGEojOPgM/k61JRjgK/ZoWo2bOWqxIFcWIAD/ajaep9e4JmqYsCSk8TI1iUhTvewEfvFCltEOR6HZNiF7rvgP3eim8c8ONGvst4HfML1JdYgHiLgm0VF2fHM91AgaJwM7edEzqG6YM+oQjW0ShutiIqk89odLkV7g405SPuL2gNYsWMqrnQJjxP7qxqIIP+4+H5MVHeeUgYlxXM3X6RrG/+WGYnQ8QFWoFVm6DcOFWLXs2TIe4n00ocE0STaPekf6KWt4RPxZVRN6DqHMIbrJUpwMXLlD8nfHgqiICbwNaQdYsm4PWqODR3d/gVtswL7Pw4Her3GBKoBQsCxCFbg9NjPXx4Rf7B8l7YjzM+eROYzRv02uvdOroe0LvnU9TaJYEpKw3oEhvadbOjoRxcIPqPi1EcdDAzTZz6PwiB07cOcibjceDs+4bUhBNwWXF3eTZlUzbei7z9PhyKhwaBwe/VGKaVCxYRctBzoY8fm97DF/creaE4Too2O6J9WKSbB0Ryg+03Cjn7xB6jBCBT9nhWNFiQT9viPI3uTi4WWFKMr0taAQN/JOF4fbP5dioOwak61V574YCUDzyA3Uc/KFoYwre6rlNi8NX8vzJx3Chwjd8txtAYIUixq/ZA5OP/gSBrGGMWN2A/e+8+c9yF+rv/sNH9xSjb7EivNmqjEX+5/l78m5qjulg20eCqBA1gy5VduHf1HG03eEjLe0fBwXTz+OiB1Nww3+SNK98Py62Wg23lz9iqZYaMnRpxUOznrGZwghoFJnI5qyKYwVVYStd55oPR9HgaxAqhbeBzc5anr+uj1N3CMKNww943FdBPh2aDqmjCWriskGn6SjcUZ0GKm6ucNS1gxfmi8BJ8zOUMKcN2uNKcejAFqxmpnsFVnRd6T4ZCgvBxJonaORjBjZpx+D65CfcXSCANzwPs5fLMCrvVOeZgpF07+hz+Ou3imovKEO9cyCaFh+DBdMY+7aPAqkxz0CI9GnMcA15hZ2kzAmT0fCpBQjJHsP14hnYt/YXVeWKYaXuVkieaAGFcbew8mA89Fo8oEDv6XD5XRl6H1Jm54+jYe4ZYXRb3wz/9HbRiLlTOUBDlY9uKMWNG2RBSLmQ/bzSsNs+itZf9mJheTN4x//QskAddNXM+X2FJ9x2BShse0rb09fjcs0lnLEglMu7q/GSbzfd3KTCQ95ZaGPuBkZfhaD39nIIvHeTxk16iSekRvAxqyCYu88dFy2ZxL4y3bRUo5zWLZkORsIXMNzuAYUNJtPgpU7WuhYHPaaJqDG/ES6EV2DPg9VgZykOnh/X43lxK9z8x41wfQclT9Hkbz9kMFHPmlaJ6ZKxQhlW71OG7YvnklhXKY+2mkHaCx7w/l11vKJ0JK1aqcHS0SLgHPMPI0QtYc/j77TmqD1KJq6lncXSKDBfA2ea9UNw5mI6tcmB34wcS+FFDEvxMt6Jusn7vthTgd0x2rkgAaqeBNHP64Ywq0cPsyYFc0yBCDQf9YQrYpq4VcodP3hs4IvlEahr24timqUQMnsHOY3cDJGaxrBnXDs2eElS7/N0nqI4moy158J5mVGgHXmQGk/7c5lJG2YIiMOhCS5kl+mP++k5ezqehumtTvg70Q+1lUNB4co39n/SzutPjofL2ekYUVfBP09+AfmpLjDtdhmU9GzlN9ryfNP7H6urKZL6Lj3oyCzlpROssVRahwf1GzBXpA/jBoxJ6Z03ix6og18m5tCRZAV2c4xB0H8l5Z3vA/eit4T9PXjZcwLYOvjRX6tn6PUwE0+9Gw2prZ14umQ93jutBxd//WFb8zSweW7FkJ/GAyef88hZNbwqUha+dk6HdSlNlBM9jPv9U9gl3genxeZSU/8AdarOYd12ZfgaqQk/es15+O0/oLM1MC92FNj4leLJuEY8O/0IOW56SI7ciuskjQDpORz0sMAt0w5w0KrfNKu4n0+PdCb5dyo09v1C0NHLZ4NyMwjNSsUevyY0XhiFgVJ7uCh3NjTIyIDpwcPovD8QXB3/ot8uJRB5bMqbawTAd/g/mNlyg77/u8vPfu3DpgFjkrdZxGolSRigPAakPSLxjZco6cxvJrft0rjG/gI+GLjFGoYlPGUgAwae/8FcBysQzSjGwO5B/K2TBSfWT+E+jw3w82EV5+RFk2uBDq6waOVpZ0bB9o4ZePC/Au6QPIefVQKx78YAfU/1gdq9xlyzJIQPJYzk9AmaULrqGxVsmAsfcnzB+JkYyoQRe2ta8tuFmjQtdAnM/6KIu++KgIxAKYxOOc8LVbXR73Uy7dt2muYefwB7bWrx2TUTnrX3No1zEgPTjzY074MXTGgpx6IFO2Hrgm3wLV2H3AMzwOpqD4SFFEDorckw6+hl+O7RyW1m49j06zBJr23iaTn1qBNoD9tVhLD0WQSmSluA3PgzeCg8nJIan8Ld9Q948QtbzDd2Rx8pGz5o4QHGO/6AB2jB2mgFcjOZCfJ1xXQqbw0UGlbjNutybr2qwsWluWQXfwwrOnRhUd0iPrcziYMLR+Or51vQr9iCmoMHYZ+qHN7pU4fpEY48VlAZch+ewlCnu5x3ro4nJymzY4QAWnxO4PePTuAHPTtY3GAMnyUN4PJJMTo+4zTs9imDiiQPDhUoQx+/LPZvzqBgqbOg+MMRO3/KwMPF4nxBsBL/HLxDKv3/oXTWW1wzwQgV58dTtlgHzbWVBNG+ibA4exWtOL6CC/dfRXf/i2SQbofTLSS5/I42pBz8gMN3TVjwijQkT7vHfAx5/PdRqGCghRILlmK8fi90Vp3GjRMtwCNwInYvUoHJSeY8NskAey9nwaR3j1jnjB/dTmmji+L11N4kibdWtZO7oiQMGdwnydK/6FiWgWKVLmTtr4Byn0fT3XsFUPk9nDcHK8BKcdP/m/87Y3wV2zSugCvP8klpsSJsWfeFN52JxnmDgvBn0TPSaZLkoLsTIapGAZ/qvINYgS76MsOXBiN98fHTPFCqLmC780EwGDdMGvdEYJOAKAenD+D7I/nUF7kebk5cDNrP3Oin8gcuzAvHvdKXIM5PECLjjoDTMmfucfqOgwlV+PZCMkRZEP63fCQK241HHdvb7GgwAmb4D1KZchApVSB0584jZ0MpKC1vhIrk2RiY/g+v9W6ErnYrUIyZTT+2TCPDzGGoT7DC9892U0v8frwwcT/PeRBMJGcIIo+EwakyH7d/+AZtCZNpUeR71hPaRMXSAfi35APMeor80WU352sbQ0FVLx4+PYbUO/fD+UmX+fro2zwj1hdDL3zBG1dO0OWuQUiu0IHulauwrjQWEz/OgXEL/GDrXFfKGhPFyo/acfyNFlr2VRHWHTODQU9HlH/yhjcUhkP/1S5MnGNCYvljQTvsIR7qXUBaN/p5lIQCzPnQy2WfXnNIjxQ/6rkIK7mN/I9/p66yXXzN9SZN26iESU/HwbMqbbDJD0TljwvgXNYqjHKPxCVfXXBuVTQMhU3G4ISpOGG2MtyXNuerbmOxKXkxTg9MAAfDbxD65yZuvWJEzrp7eZSDNYY0CoLQk5u0wN8Gupa3QUPTLrDQeUNTtvmD3YYkEl0TAlcHhWihmhAMKApC+qt+en8tAefmtnJRbCZrp9yCZ7IP+M2eg7BYZjE8+WgMF5q0qUnhEK15KIY3IwP5TX4qOI3QwfbFaXBBuhkCdgzzGyOC71eKwE78BVwcF8ZrYpfCFRcTDlu+A19kbMSla3OJso7BKzNJmB25l/LHtdHAFQt+fCiaujzN2G/mSfg3mE5JYEgNK+bzG1ACyZ57/FmmnyaN3srvigVBzc2Ay8ar8XCRKiVurSOtWB+Ifj4GNDalYP0qPzzfN0TTf+rjvOotvLHsJ/tpBJFSZiYXX7lPpdYTYfbK+7Dsqx8HpcVxQ0QaNbSOZu/OdyA2WIdP9W/y34mbaGyxNniXdPH0+/24b1wdOMyoxvtmv3le4l98Zn2WtlknY1CmCN01R3gV78JWjup8Ql0bDT2qaWuSPWvPraTWEAHKjreBwm0/0K3aAqyue6NMyHOq9xgLrk6VmOgnzBY26lSnO5Nc9RLYraUIXE8YQ3S9M9jZ97DOHT+yjjnIcg1nKd3gLpfZPaEB1WxY7V1GnpqaMD1aia3H2dKDIVN482ouqCdKwvitj/DowEVoCJoN/9lJ429pCZA1XAUjz31gy8s38furWHhHYmh+Owf+3FdAe9HHdDTemouOWkHisSbaHedFLFfNne3e9CjzHW3z3gjVimYs2KrIq3MEMXP0VJjgvRQfvB2GqIIwNtzrBCenPAfjGhNYlHGG+4QVsWHdJJyXrwMrjCTo4oYiUjXshnbNrfyuOhlPlI3gwtPfUa7OAbyj1WlnKsHY0Xep+vZOtJFVAIO16ZySFwxrS26TSeFk3CS5GmMqIrl5iwbMnjeHvdcHwrWwl7BmlwZ5bm/is8UeOFnjFr/2Diep3CQwGbSAq9In6Z1gHP93tpBmT7Rjfx0Lajz0CEza7nJ4iSh8T+mk8jmmMHfTJRY/fB3XmS3hmst7UfXjRVwa/ZlHr9qB8aceQ3t3CIs2CoFu3B+6J1GI9X26+OTrZgp+I0smC6ToSWogPb6jz393+vHbRGt4qfaDAkSaMf+OPV99Kk1yWy24OfIuVt/7RTtOfqH75b3k0SAOxZ7VYNjzjw6dDYQLNRI8R22ANkfcIu+Phbi6KI6OfavhK0piMO/+bVJP0wRZ2300VCNDv96egIclqnBUqovooRFpLt4F3o2KsDZ9Afxdsxj7koQhYvAf+MhZ4HmrMmwVeolaBpPQSugAKvQJwyMeRRojSilP4j+YfmkvZbrkcaXwfZL/94baP8uy0qTL/FFfHPQdx8KsCTYU/OUMB2TdQjMhE5wUlks/rPM5vbeMbq29Q1XDxpBU+IPE73tTjbMI28yLgV/rvXjRwb1gfAjwcdVDGD0mHYWnTwG1uoUQlfwEUmRS2WJmNeio34VSkfsgZRSMSg6jYYn+dNbaKgt+dbvQa+VJuNzRwXZP5kPIDHlaZ6cLtdOiuXB1EeY3ReDYQDF42uNHFw1Hcr7VY1IalsaFgUUs4CyCK6zUaMbVa7gi8Tn+yZoKa0KQrcvesoO0JtfM0oPTeY/oSN4P9pu2GoalAK5olMLYjdYw5mMy9H+6SnXPGkh62ADhSjRleCrQTNFJMDs0gGW+6MK2JA0Y2pJP69zu8UyJCbRo/1PsbpSEshhxKj8SDw4LNmHSjk2kgXKw6Ug1dHX0cHYwQbuXG8gbC/CgzximHTlQnvCZAuyqsBEEQKyyFYPdj5J33xB1vTwPnc+0WPC0OQeqNGPojH9cFtOEsovHgIqZAgzxJBifKAIqbi4ku7IFbTa5gXbwM1z2IQPvHW7BGUUjYGr5GjZV20EOR2KxM+4eLxNowN/jXPi6iDrr6R0n18JwmJJvBL9PPkc3mZ84K/QhnFBdzPHN0dwhtAqODswG1/g7JNkjjq+X6YO+wBiyD9+P5yesornPk6koQZpdBu6Dsq0P9HjcI+96YR7daAiXwk6Qr7MKjjD3hGkmr/D87WsQ+kUEZUuFOXdXL8Yv6qVxv+TgRZ4M6ylfJUmZHSBipkaBrWa08cxkOJH2H43uzOfGaSIUu47B2dsUHi9rRaPYnfSlSphW+Nfj1Md6KCsiwjU7LmKE+iMUUZ8KzfrHQTHpD/nNdwGNvGJclV8K6w8c4Jo7wvBaz46GpAT4deMYmBJSxlVK5ai9dBPbSf9ibYFQTFg6ATwPP6Y8HSXy6ynmwfrx8D7lF8aO2UKBJatYf3MnKKf+xxkbrrHD6Pm4540qb+iIoKnnJoLTAmt0ebmET4asQrmrMuTwu4ZWDD3GCt1cDvLyhJ1ff9Oav6bgmm3Dhjui0Eh4CvztK8DN56VxwZ6r9LrCES87RXLa62iq0gKontuG8iVaFDNuMlGrGs12suW0PQtIWcGfxs6fCiHTrtBLb2sofDzEFeONSHXZcooOO0wvV35n5XuOFOPWTBtKa6HUqIbKajQh5/RvalBvw4xDLtzVfJnGLnODC3M+Q7qNJe4bqYctk19z/GFNyCnNIdmhbfxnoAPrSi6iqt5fOEM9wAarSGxsDBX8rEafUVawV30LFiy5SdVTcyEq+x3cCG/npJ4cMDxfAW93SXHrCTVsd2N4u7mHg0SmQaa2MeyJ+kePzHVhWPI5b155FjfVxLC/6jmwnWEBU2zS2OtXNvycNBbWer4C/wvTWWbWP7Bt0KVZR6Ow1GYIPwmPBcHWrzBi7EI68p8KgPwvCt+vQ/O8lXl1mS2r/GvlExKH8Ni6SZD1Xy6F71vBKQG70D3Die4dmEgud9Zjwrf/eNQcJ9CQdCGzTAGIr3zGP1YEoMJdCSxtc4Y1cuN4ppsWPMwo49U393OYViIcPSoKJjG/YOsjcUrNeQBiaXVEU46B0bcGiB9XSmtOufBwiTJlRKhAdMhbWm7UDiafn6P13a+46qstCozI5AbBXdzw4xF3ZPlTifc4uOdby0/K8mCUzXsQnvGRZoy8DtfMv4JdlDLYLXeglUlC7DZkCIUri7Al4CmEO1eT3fkqdpqxEv+JylGtqz29aG7isQePw56RevDHag7nRSfRn/B0KvL7xs8Er9Dnwm5ojDwKl5uLcP++GB4skASlyEbqC4gAyeP72CX2D/S2bIF3UbXkW9ROLUeN+E2cLcWoT4FLp7ShIeIHSJ4w4dVOyuQ3So23lyVCf9goTN3zAUotHOFDoCSE9yykzu5erBQ8yRdWKpDYw3Gw02s5O4w/TtKfF9JoxV/QT/rwvtKfQxU7OKvxJZ54s49+ux6kcQc+8tqh7TQ6wRcf+gjD2UIBcP25kXSWmMFP1VRqs3nO+femgcLjecDb6rl+gT4ENtmQROhomLWjnm6p2ZMzuHH/5g08ouUvmFfLw5ywRVA2vZidtC5Ae6AQrCuPJImy1RjjuxiWOZ6jol0a+G5zAl6rIEhf0ATFSWeJHxmCbrcdUUMJLg+fhLZRC0Ah9ghs2hqD/22eBZN3mLKcwVY6NnMM3C+PRF/NS/Rjmim25P/hiNHt5PvNCZaZi/OPfQ6sL5sNy74rwJsRCfgTF+C6TFm0lV/K8z8fAyWxf0xTd3PU30QUUnektwqS0HfwJJrGpkGMdiOJHMlFu+4bsKrvGL4YlcCWkxNx97f1fMZSA25OawalN+V44spH7Egjel30l96UtKLLn5G0M+YGPnn6DG4NiYJrnBNMvnGCwnOjIeN+MXu9CubFN8P48KyNmBVjA1tNC8mwdTrs9gin2r4nMP3LO3DV20lSgiHYbnUJVJwrIW6JCH0RecY7tMzgNlRx1f5hMBIbTdHtRmgT5cQyF07AI99RfPVhJsh3eHGTjiDI3tvHlrZaVJr+DQsSlOn59wxyEmnlp0+TcO/xddiYu58zHEZCZVw5mmkdofya7zTudSLNXBhIAyrOOIHUIG6nK00WK6IRTkKQ8nETT1K+BqYr/KhWSYJt/m3BrxFnYajoJbkafaE1FfNphqg+BJRdg99vJ6HtBlt8knYC3U+5obVJKgZ6/qYh7etsKvgaZ8+QhD87loBE/EPMV5vJDjptYHpoJH3/5YVNtadoZrsnTY9oZTdfMbgoMgEUs7fCpJlMOvtk+FywH51xDeZZlzqhqlsZLSqM0aXYBEoWppOD1mWYpbOa3PXuUuQqf955djc4GwvijosHeIapKOUla8Kn/fq03VODtCyy6X6lPh5Y4gEnP9njOLcr6FXmRaO19WHbeFHwDp5Bc5/m0K6NVuh1+gqEarbygMsT8j1+FT54R7J8RRELWhlAics/UMsM44FtQhA1+wB+P2nAXeVKNHV5NI7P24NG4i/wmawqxP/rhSXnc1EvmHjoozUZh13gP+kuVLn1OUY5R6L20XpUPi8L7LOQ2qe/h9sB8zH7tTgEVi6mhLI6CvpgRoq9RTgt9wRHFOjCTLcGOvYuC3+qWNMk1xP8SSYcnY4lUPjhEJxjtY/HBM+HJFmEuz71PEN1Dv6JD8cpO7XBnddCQtlDmDHBiq1WVtB2qWD+aSUHHb/fYOH9Krym6IK5Wv6k72HKLo5xlGqQDS9v74YRNzcSn5WFRQJE4Vu20S9XN+xpV6EWT0/0G/uZm3Kuc9QGdYx9Zwz5XTKwNbkU7DWvkZiYPyV33MNL2l9AYuVtUl9Uzd/F+3GUixecMSNYtkkStPf+wq7RFrxwTgqGS7+liz9cIcpOhF9JBPGPlpW0JUEf5C5EwacnMZyqY4WHr/TzzJNPyfzMcphbk4kTSBVXCYhjg5UMFOccxHNpgjxjIIszBVWwI1II9qtGguL7ffD6QSfEfLmHcwrUYMhwFMSciKXN71bSWv+d9FjNCKvcntCX/cd5jIUeyM/pocU/rGDJggL2397Dqx7t43+ZhiQieJ3FEjS46eMuWnImGRoup4CCphnI/3gCMW525Nw2zBPXf+WguEP048FDEvoznVMEfXnW/d+82VcB7AJdWfB7AT95XcyGG0ewK+/Bu2+m0sFQBWwpm8v2N8+Q70uAlO5sdnedjUZr3qFxYRVYXGsit9hX9DfUGAzcs+DQRVe81mEBso46aOBpCnVejfhFZZh3rpxM44ur4SAu5R3VP/DotT+8TUcEFG4+xKq/dvQ3p5NH7rsF17bfpLcF2nBpnjXcNFMDcesOapgqDs0ZBaAOe7j3wB5WMXRADc+fZLk7kTV0Bulf6jva8GMSDNfJQYyZC6wNUsPpldUw98EH+NxpxOtDU1H6mhi0SWpju2w1Li+Wh10DthCV/plHhEXQk4qr5N7aC9EHquhYoRHrCIuSmf4QLm4AmLTEnDzsnPn1kAz3OZ1BPclXVPfJCuODLqPF32+Y0VVJz16Oh2XVFlS2PpElPDzAJvId7328ns//OYmGmiYctPw8zdXZDyOU1KDzqw+/nZdM4b5ifKZkJfbdn84NW0+Qys+fKH9oNCssLcMR08RgOOE3v185ARd1mMJ24ZOw79IBMFzlgVc/PYUXPmb04nUrGnjrQd5Mb5ITb8O9LjEcp6rNnQkXoOB5Ekvo/WQ730gI/nEdJp6bBJrqDbAtVYosLx+je05laJM+kgt9JElyxnnYWPAddidoo30XwytxK3ZOLORDxwP5ssl7mtaxB7tGHkD12+Oh6f4HnnHhE1c/Hw8W/7pxlFM+HfT4C7NvB+L0c7J8ovUv9uskssDGNRy7Nov8zZUgrzkAS+5t556sA1Ad+xrenhAmyYgtdMhkI27yTMC9ki5o7CQGmy4O8MZxAHlFM2CH1hx+1roRM4zXc9qQL+9sPouG2jkcJ2MCCpe247+hQsxS12FT0RLuqc2H1qt/IGphD1/bf4DXBRugdao69A8u4E2Chyhz/xhafLCC9Qq/o470YY45LIfzhFbB4elp6HFEFSbOq6dD4b0U8vEKFL4IgsvzcsBvbCTddq5nqffFKHZ6CVjvlYXd206iXdEt9L1dj5LK+VgzT4s79G3526VviFvuYXtICpim6cKcxxrY6BkEfh0BvOnOCLTwqsSE3Uocs0WD23d85APz7kHuHh3of3+AlY500obKLIxo+so9nAC7Dn+GYrlizEk+ztWlFqQoNArWrF3AFvNUuV1RifziNFjFJYEDvj7ipculKHKrOAaLd/MtbRGw978A1rcuseGD6XTItw2fa+zEPRe+Uad/M8uIKlNaTQmm+cjAn4fhdHrCSryRuZEPjm1DK68QPrIuCarav/KnGb4ktP0ojv6lCnW9RSz7wZaSG+yh99RdrHq4Hi+qn8PXAQN0olSca+sTWfqdItwNcIO1DHhu/m6UzGjGE65BlCJ/H67vUqWjOvfwW9RRevN6Cgg7KGPqFDXaHX4KX7n54MetJaA434iaJdvZ0SgIqxfF8QYleXj64hvAqVa4L72PTnQkYIhWOq1c44B7l7ZixNEYSIhWoyRjYTD75Ya6j+zZUyET572w4ZyPEjz700QqElPHlIU34fGFl/jGRB5Cnl/GVvWr8DIvHi6WtNC69GUo1aQOOU1e3KxeSOm2s1hUVgo+5CZRmsZX6vYIQ9QlfvS9FU4O/WKjsQhtrbdQcFML5VhJQItrF18v7cDIKEF0eSQLV/wfk+p4fR6xby3kleTz2L0dKJNhCO134uHlxUC4ZLeGn3+dSw9O1aCUx2yOF4nB5XufcOPqB/RTwxhuRy5A4V1pbBBfwXvCdTC9ZRR+7j7Ca4cEKH6oDES+dbLbAUvoWemGe6+lkU1iBmgt7cDop8V0/PAu1LWxhk9ObVAzcSbEb5kIi7fr0umseTTFYRm1wFZMHGfBT76XsWGfOUT8t56KImxYPXoUbCjZSzVJsqj4Xy++/KIOWXKMq1+mcsWKWVD/+SHNn7CWt8RPg73va6k89SDkzThMT+Z8wFgrWc46MIsx/QJZXf8FKsflOGTLePDNHqCuO89QtGMFGe89SIP/HeS4Aw34dqEJLbe/j387jlH+nlGwf0I8jvZrpmjpSjyZ7wcCXT5sN8OdP3s+o+ZZflynFs5jn6lChVQuVdUqk+apBbB7zxFulDGDHsvR0B+5ATMWfIXjuRq8XEUBjk0xoM9HXoJBwUJclveJY38Fs/3f4yRdM546ZQQgbZ0/Nl6xBLsPuig5JAan52pwbX4HqH2/BcYOZ0lmtgrFa3qBtX05PpNQgG9SuXgxZyyWxw1i0c9yCqB/fGvSd45NHUVf9/ZCzs8y2tagAGoyL+F0x2IqwXG8YKYTSRxdDBO6prB33HrUCdwDb+UAIvVHwzPBdRQ8uAKzPQ1AMC+KWx9tpVz7Yqi/6EevBx6CW1YS7f2hD9smZpKf/SY8JueJleapmOm6n4e1Koi2hNGe7iGIsR0C2WApePywiW0uOoDU8tvUr/iF7IQPwNGxMTR9th8e/5KEXfV+7CUjAONGJPCpRS2kbdMEpZUtcDnHmX2qZ2Bf11wKE0jg7DNvcJHYaJgm7AdBO4TgsMlvvj9iMq/2aSBjjet4WqKcZhX480jJmbBoqTmkbpbj+6J13OVoQCr7x3GWUi2NyQwl85n/QGnbGmqcag5nwkbBp5nHaURlLVhMMIVqiVEw978xeHuggaV3rsb0Vc9x4XYTvhShA8/V+uBK1Ql8e2A0VfcX4CPlm3jzrA/uqzrJD5ubsPzSE1w/VQAmfn2NGV5n0FH5MxYr7uE9ZmV4a2Qelt29iJs055GPWi7G2IlCX9hOENqdhqvPhUFiagnHFufR6gWu3Kp6jryKKiBc8TZpe46FljYTkJV9hFBzl67CXBzYsZTeH3tKy/ykyDzFDDf0P6VjJ03A+l8syp01pfTeUdBjfBdvRaVh1v0FFCAQwf+lZUBRuBBMdlCDph5XznRw4W+a+jRBwBPe7F3OyVd+kuXWeXxPqRSXR86Cth/m0D2pBop/21HBvLd03G4+fyj5AAY3T+CNznMYd/80WZ5VJIVTE2DeXF2yTXDBoNZhUk+xweo5RrCs4yu/sRzHv2a4YuDeWvowh8F5eTFuc9dk+b2AvLMcZH/1c8TwSNCdvJ5N6QxuVvaEshkjYcO+TRjTPAPW5Q5iw2MXih6QZ5lRZRT2KYOuuFwj789ScG3YEkTOqaJ4z2EubTgIimfvY4eYPlxSvUqLcm7gmNg2fJ9ejv06AjBi3BdasigLPr20xOaF7tB5JBoUjFx4RUQtenh2wpQEG5bUGw/OO74R9gtQ06/b8KLqEAi1h+OTNyPht0ci2G7YiTlbHvG+Cks482AJPH43gze+V2dloXPkWVvMmVUG2JqlgFJGslT0x5Ok50nAklW7WX39Tjp1OAUe648Gm/qJ6Biygd9WLKGy8lb6uV2R/SsmwaDuTT6qaslqu/bjN78gGh67BirGlsINOVMeOrCUtN9voEJXffAJnEO1+5bjtypHuIqT0dQ3AE57aJPJsXK4MvgSZ65oxqygcfDMXpCPlR5gMwdffnG9B/4jVdpee4s/vlPCn1+u8eP9Cny8Th4Eur3RvagALT8GYe70DhLsa4PS1igomYj0RuUiiZung+RvdYjK9KeQgGq8hdV4SV+ODX+O5JIKG0xReUbDYoO8yecmr7k1AnacVeEl0+aAw4RRsPbUEzijc5cckyNRvqYf/h30Bd3S63C9fDpAuCMtabbH1c9LQL9EF2vEQrD0/Xn4LjMLjDYe4kt/UvCOnhSMMUuD3B4D6jR3gf1G62F6XSyrNepin3AR/Fd8B/cajAF+MgWMDWyR83ZB/605/HTkNNJSO4sWG8vo6PQXtPRPHs/RjaS9itqwYbk/1Og/5vTwMP7t/oitnLdRTd0SKvtSCJnT92LQhSZ45TIKgiZO4/YTnky6d1AxLgdWq4ux+txSUBv2Zukdt3G2hAOM+GoBTwYO41bbH/z3yXX0nvcQXuyOhdRcK34d8AFlDxyGn3nXKLZ2GvQuK+PwZ2YkXVmG+xpNQHBzJrpMKKBn67TgOH3FVz2vwPutNawRu8v3tt2CdIFmsvksT09TAH75h2LSjT0U7ipMbUY3QH/JCAh5FECF7VUUeiWHs3MkUHL8GTpzQRsWasxmKbdPmLJ8Nwc3ioHVmB7QXSkI779cp5CtaqAwEM3mzpuwvqwFhkuYS7p9MURHAw63z6GdYmPYR1+c66KbeWa2Gtu/vQ/uByZz0PiPXNdRQFnCljBx4S5YmGlMdiPksOvgD7iYYkaZj3SR/xEdD7hG+g0d6D9VCd5krOB1RzSxuqAQI28agWJfAondHmT/nWaktbkeRcc0sqSINKzTDeUZa+ZRpnUGnjKczzs9G2m7XSjr60nQ/H/9kJy8D1ztR0Bmkj++cR0NLtSCJlWT4EPaUg6On8Als15BXpwPSXzRA/MUXegJrWLFHanQsegj75m4m/Os1qFDwEbw/5DO/pcqoEBGjdO/jITy8X5U3bCUPJOXsNMCE0yoPwAbF33mIKEI1Ny9g9P8bnJAowW8nfGTn6vv5QM/HblzoxZY/RSGXi/iXWKnudc5j99GhsOKdnXo1HrARb2fYV6IPdxTDEP/vwJ8RiGCBcJGUsBybXh+Jw6v/dODE+ueY97qfZDzx5xvVl3Eb7u2sfzvEqwfn4zfxgpjQ0E39aYYgb5ZPTku3ksSHnY4Py6YR9g9ByHFO3h511lSP7+JjumW0381YyDQppWPiw7RmChL/i7vjq/cbrBzgCQcGnmD//SfhT+Hc3FbnzDEfn/By3NzsGZEOXZf6UYq3Y0vM5fSMpVKEjIMJ83dy2CRiDFc8orAUX2HqG7HVNbxyIBmh0SS81DmKRcrsDMB0W7bY5q6l8BF7iye65gEeYmCqJ/uCYv2bWClYwfRvt0FvUblUuV9FdI9ZQmZFfo4cWE2LVdJwTVyWhx5YBYlmvXA13Hm0DCojA/6j+Ctv1IwLWEip8qMhXPUAVH5gjj46w9KXVWDYKPJoHW1Em4a9MEPXQLHvTG0WsCWbB1GwihDH+zcW86nzh/BkittVLldipaceQBr/eTh0XrGwwcesIeMA8XkN2L+pWxIy7TDcNd1uGLOZl6ReRT3HzWBdyXCfCJoDlhptYD+/W8YOmTNp7amcu1/DmjTmMhaG9xxqpYuGL2QwpjoHu49MUxOD9VY4vkgTF2bzqNOy/Nx+ze8YvNacOvXgNhcLXxwXQp29e9C2/BCMNQ8iWE7Daih6xbph12AWPs7IJQnCOXbkrE48yVd7xLFB5PHgPr7RpDUyKMK79d0SvcHWandgvvZDDW7Qujs+etY8cAevfM+8cfkKrx/JxhUddJprWkJvRjQ5ok79WCHYzl/axSEAPFDENx9hXxHmdK9J69g65Vg/rbtOm8+5o3PHNVgYUUka202wR1tbynUbBTP+L0a7vYmwwev9TDz4TzeWRMP7jZmcM0/E+IUPFk9fyrfOfEYEz4SLTVRhxVx82HntC5AiYtorakOUr86sG1DIhxfbcSxtYZY+8uZvliJ41p3G8S/cvDK0h0FI7XBf7YX/kxLJMfLfzh7/Ao+GxSLETHL4cVQEG9xnglpa8bgP10LGKuynu28kJ87KGBeahvTewOYma1O4Z6FZOb0kLZWrcB/a7TAJ8QSrXt1Ia5lDxy7vBli326h9fu385/JH3FffyceuWrHU77qQv7j1ewu+xmU75nBO0c93BwPqLFEEK1Sv9PB8EF0y9Al/R+iUPXVAQsUi3G93EMcMc0N3H/t5TP/JbLgRSlckSaFsQ3F8JQF4fHUZOx6PpFUK10oyXIFnM/qYQ25VrhX3wkP9i7n/V+HoWGHJrS8lYO42U146FEw1OUvJ8cp2eQZrwItM8tQzfUTr9lUSV35lvDhzytu2/uY9BPNMWt4KSx4LMsaRmbY9fQJpjhMoPDkIOoXGgGS25SpO/Enh21Nxr/RqZh9IQUybV7DHNd71Ohai6++S8LJxwgJcV9o3YEFLPrSjSxke+FNYCTuarxL+OEXBr5Yh6tD+lDmkTH8/ZuDHzbJ4EBfGv/WjeRvWf5QmusLIU3fqNt6JxudaaC8A4pQHi2BT2RWcaKtPiffT8BK5QTozlyNpjKqJLjtMe1wGw32D6Rhtct4OvV8DI1rrKRBpWbeNtEFl1WEgtLhv/BVJ5uuzLwBEw3loLsnkZT1zvECvX7cPu8I53ouIkGLAPz77Bv11InDxLmXSXz7JKjdHUCnnfP42MLj8GBhFJ2Y50cHXXSpyOs/XqXViP5LJ5Kg8gRYd6mf6o+ORbPeBhZ4vhvSakS4aLk69O+fhtUxddQveAK6x8iDzFYXojAj0lt7nqZ+zSR/K2UMiNDGMZKzcK33OuysPQq/L42DrBs6ELjQFnOuB6OHkws3rMzGAQ0/cBW/Q3In6riv6ShWJUnB94oUfhcxQBvnauIyoRV8KF2CWp6/YFvpFpjYqk7TcQ/lyJtDitsKUlPJwLG/e7Hm9Gz0vTmFzLMD+eetCJzsfRN9u6TA/LklPNj/AWN9x1D7cAjrBbVB081zIDzZGu6vMoG19uvhy5JaXIv6oMqWtG/DH6zU3QuV1jUUdKoVjTZEcljYWvrbkIobmwdR3McYnJ4ps+81RzZ4Z4wdITPxk9J1vEJXsfpBGzl+O4wql01p+2SAf1GxILulifV/76a//Qt5p3QMSyV6s/JQMM+P7COfUXk44CwJD1428eZf73n3yiiSlLyAhcYPQTBlDA6VFIO9xWq4eEsXWt2mgZt8Nb5JSqL4DHteJ52Bh/o/0Jrwo+TQtJV8vrZR1fIZnKwjARsVnoLxxck413IH18+9SuP1x6KZaSvFiDhCSkEoZJQf5CVvjWD6g2BqcgimhDNjYMrjalpi/oDyul5y3YV6nJVsAz091WD53RzMdIzwSJkwdw3+JC//d3BV3pOaWRQNhMMwMtQdp7ABTlGaAEKzitkrbBblunxhlefWEKl2BBd6joPf5Zpon9LHvfdtqXnXSBgj/won3p1A17syiUJ+o8M2RQoaCEJ/kyi6fvcWpJmMhv0y1nAuJhpEFjpBg8ErfPZgM3pVV3JOzzkqLDsL4V+lsFvLF2dLqEGOgx81RPeCx4td+PHhaLpxRQik5WtxyfAxULetg64FauypKgDtIVpkJTeBVqlvAf3+7Vi39gHkN/aBbpIGn41dyJJ2e9C0Ww9erClDuW+nUGHnUwo9IAX3LBAM7hyHw2fKMKJrI1q//MKKS6zBMvkrOG/ZQcO4ijnPnJ9ULcYuAVusD05Ex049mh24FOcZicM7p6/w/cV4Uq3/CMW9Obxby5FX8gYasSyUylIBpkpo4OblhtC8VJJPLWynPQ5RuPiqAH1MigZx/wj8HwHwAQgEAgUA9A+ijJJQVii7jIyQVAoNMtIQlZSQpqTMhhEaIhoqe5RIqWgQ7ZSIXEspSkhUQmXk3si4XwwL9vGDjPOYqy8H//LjaPDWa/BUvw4Bc13h+5Abpds5UlDpCQgabcxt4h4kvFMLAiuPg2qcCvf8+MXPVfVx+ZpN2GqbgH9MXbntcQi3r5DiwgBN+HxqF7V6n2CxuHhMW7EN+4PdOU/TGrUHQ0H4zBnI+2EFAt5jwNB+NJ2q2IZXHKNgpnEPz35py9lJ09hy7hB+91uJrZrOfHS9CYTN0aGb83agzrIC2n6tGEvWvaJ3911ALOEv1dpU42sPU57zFsB69yU8MUeSemLmgGxbIXv663BbwkGOG+cFL+IqseG7E5zLFYdYgf/opaAJWV+vxbKMm3BjoAKOnH4DdGEqjimL51r/RmjOU4fpn/VZbspniNxfwdNrgvGyVAYot36EKK0oqjQ8Aa9HbsNpO00hXXIIx6oeg95vM2FPez86Kr8FR43X4BLXSG1KT3mgxpvWLxwJuXtmk4LyVfDSzabyjUtoi/sbyHaJhkVjzemQsTMannqIdzsngt2fuTzssBnf2InAlEovHn30HCsYnqTpMT9QsOUZWd98wlZ7xKBtnzraBoti9fJgyBw1TA++F/PVb2cg8NN+Ev5UCpXZt+jToWlw+cptfrMgjffOdkPXend+WnIIHc6somqnaL5tXszJD35jxGdVkGjYRL9z1+NcpZkQek6TSkomU2fGBHgsGghz2m7Q/evnsadYFBYs/EsPrdPRpnE3KQsNwafwMxS6ewdvsW7BmaOrsXLZZ+D/jMDobyzv1ijG5joBOlqgg76HZaBubjxq+bvhqPoS3vPRFiaTMtQd/cILR6qTwv0NmPFzIQcskcW415los9AWdkrOwbwbnaBxSAUiqtay3uEHJD48RHeszjELAOfs0KL9V5y5Z8RUmvx1BybaIhzz/QtJc8fBtqPLUdF/M5/99Q0sRf6w3JkGOPD9HXU8vMM7jDTA6GIHVG4LAefZVmyf3QfLxqTC7d7XXKXrSEVnLsD6J454rEoM6lcuwyd2P1Hwv6107tNd3LWqgvQOB5CQajEujMjgy9XT+UfsTDigcoHCtZaT8sr3uHRaD0tM1+UTHw7hXFltrhdqIVeLaTRnnD4EfzDEsJkpsHHBKBhj58lXxbXo1+QiQMdRMCuwBzecCiGZ74LgXJ1F2U+KcNg2D8PzlrHQ607aF2TNM9dlcs65JD630hOzXeXA4+dlNgxK57HrxNHP/zWrzzwLDu/PQ2rtVPRUUMYH5g+hcLU0eFg/hgL4gcpVd8hRppuaSzo5/mMgn8lxo2LddXxVYR8ZDKnB7rgFfGq+NpcUGdGT8UfZfL41mY9qoNd7D4D2lx08l4o4XFIUvs9J5NcXFmBl83TomyfAZYLTeIS3Aml67YAgfVOeZ6QO9aPMIW1xDGofmQBHfxiyh/46Di6+BXjwFJzUfE3932LQ7NFt3CMkDZ7eN2jFwyecvHImxv2VpfLfGzm6+QpZSqnB5qpnUNNH/GKMCsx+q8yt1Yq45M9RDs3aSKe0GrE5MYOnsDf6ZevinLOBdGuvNtwKSOH4+0nwvEoNNZJsaE+JBR+4ak/tjoVs9GQxnaj1oZhdGqB08ghVeYhy45adUO3gCT/m2XJn7ywsHnWYpC/XouSKHFxmKg52JdKo8XA2tpouB8b1bNvbjolGtzhq4UIMmiXOhisrKM5cAMbkb4eDKtWQdeQTKu+OxQkyZ/j0mA3cs78Nx0zYhX+t8qHNzQg82/Lx8Q5VSh9+Ar2vX8OPRS3chaoQpJ+MZ/MFOEOkFyXkRoCp62yo/CvEugZmZPXjCuxN/o7CC77QiuIxfKBGACX33WSreXIwss0bPn83pc37jfDAnRCIevabZ92QQHlvK5jxOhEr5rRinacyZNlE8GjD0SRT/QPMbmhzq1oBpff85m0+13CiohCvkxPhN3KicHvUePS7eBxrdGJRjtbixG8lvCa1EzREn0DgqSG4uFASsNUMWp4ch+QDrylroRf15k4Dw+IlGDKrkC32PIGu5hD4lfONcmOnwpKMIf4+34x+mYTS0+v/QYSTHtYeP0o3JYpxk3AnT/FdCmFpovBH9Aquls+iw3veUcGUKB7b0Ar1D2twf8Yz3O4tDBO3x2Jh5kR4UbwPAvIn4kOXbFiqdJH+5Z2A8gEnLBZQp4OiQqy+YApm/tCGjckz2U9EnI/nppHxyz94/Vc1Otp+welLt/L5O7/BcNsXjtkjDOMbRqOtaiosESjHZSZ2oJIZwjuyNGjN+JFknxSNhqHi0JimDQFrq8jB7z2KKnaQbnkNxr2R5Oc9IajVwqh1jeDZykgUi9IHFx1pfuWYhS6H92JOaT6kRetwpHU2ztqph8mTF8JW/8/UnzEFhMf6smBMM33QMaXzjsAdl11wkloC/SdhCScPIdywsqOM7/IwZaYLB1vuZaPWB1y+LgJUUpO5L/4PxJnl4qug+xDxL4CPfAMQGYOcr6PBRZlnwDumgPWXLQaJCFfeUKuE77/95SP+iryqcRpkFjCmRK6kE6sNOGblUp5waxgyfDJY0fsQiy9wQ1u/YkwVnAwu8A1j1/0HLkoHuW6qEXx8cQSmuy2m+MQ0+rrlHP9McONu5xEQrHkXN917Bw4wzJZrd2Lz2ma4O/AfDVo7gobReFyWd5rlJipCXWoyT5orABO2boN7Z6WhcH8grKh4wz/vbMbyRZFcvKaQZ6jJw5qJRCmTQykv8gSX+H/gtL+GMFL5AttuEwV9Y0mw0T/BhwYVwKm3CA9X7+I0vWwO39nPp2ZtgvBiM2jfYQ4JKxTBa+YA/toiAQrDi+nF/BLYIFpE5fFzcJPvWXRXHEte/6qxI8oc0/W247ctBuB13IvuJcqwXYM/sOsdqm0UxmPByXxQ/gl86EhnF49GiteaDEMbf9PqtfNBbbgX0wR30646R5b4GwF5vvo0duNYWvg5Ekb+HgNbVq+nyRv92VgoAF0elZH6nBaYcG01Dkl3wL8j8nBcJ4S/ZJiDz4PtzIrrwfJgC2o3BmBk8kky6vUiu8IxJBejQP+e1yMqi8EmaOSfQ3V0+Pgxiu55hCue5bLbtS849nQIrvX/wppaZewergpStoMobt0LWedGEZ54RpdEnrK6pAsMDTbDjIW1PEP5EqcXqMEssaPwqrCNNdIaqdRwPl5+lsL9B13wkPcZDLw+h9c7OGPgA3HY7f+BZwuepPSSFlaMLKW4vt8Qs0Kfqq68xvu/bWD4biN3lhjDNiMZKnlmhL8+tLFBbi9qn9UnhQs9MCIjEGN3WVKC0jrOWioHT2JUQWWhFWSWDNLv6m/QOnY73/3RiMcjXQg2v2XplW08r2IcmKa2Y/jAUX5Vux7DZ67hkgXJ1FNpQ2O0emHNyYN4p90Ln78k2DM3jY680sa4HXZUWyjJq3+HUlFvL5+Ty4eEwSuc8Xw+uuhPhVrNSzQ5sxdbjaPBIn4r/VsUQT+a3tGK3G1gMl4MNL0mcbW9GawV/EKvCwPg/T87Ll2ShvsNl3PMhFRSlW/GtmefaOhnLuyXVITnjt/Rt9GMHvkXse+9QzjHsp/yA+KB8lpg6wZXOHUI6dsRFbAot6bc5NkoXnoOs7I/UuBnL7h5eC54Ro5hlapwdFS8DKPENEH00ROsvB5BjjGJELD2Ek3v92cp95fc7vUYIsy7IU7cmL4lyECXTzG9V79D1c57uKpiBS364oT3/1jSeg9JPP/KDdQ0JmDQrFHgZiEMnt++0mr9Peg5xZQDZX9j53s7Kk9JgAM9Y6B+gz/aaY4C+GIGXs1u5JdkwDvvviWJq5tQbr80r8rezM9uPgV7hbVga6wAC9NVeYfDVQyS2sjH11yFMIU6CjG2gdmzTsPuHw5gNv8oPUqWA4tvo9D6pBzyvXAQ8LiLqvv+Q9/BBTy+9zU6agTSrJQLdPwUQk98GtyVz+ZiDaL1nqE8fekenvGjB4e8gqnzfgv4yXlRU6UhRCwxo5dJl/jQq2GOTg9i7xFNIOntxVcGjXl+5GpcNricToWoQn+FAUX7iNO1Kz14+dYqsvl9i2fU9cPdGXfB/PhlWu4uCCOea0CCylgqlhOAUdb2NEnwF4k3+PFJtUF4nKSFHSsmwobuNryiLw0SMmLcI5SCUmIE6obXYUXqJn7bv57mK+ei8+UJcOfLfRwTKAIpSZ5osmYTPTr9GA40v8M/g/awb1o45Zyawve+HsDNJ5+jQrEczBWzhoG9tnTpxXn226EJLjJz0NFZkIvFJkCmxWOs+j2VAhLkYPLoUqow0CMjjR/8Oe0LNaVWwLY/5ylyZAXYh4+ln4MTYLhfCrpTfvF6P3k0FbjGJpeWIzQsxaIvy3j7uLs4b50EjyqbhylvlOGjRioWeabgg+278fq5JGr0FaeHIwpBVOUb1DQfgavgCnES0+Gd7DqaruvJi+tvkcrgZDxuM0S2f1aBXr4apFrEQvpGNTzgIw4dG6ahyZ9ZHLJBhXu1S1Gx2o7j7qxlv7Xf6NzHdXA2wYmveGvDp9ZroKw3ji8uvYnCqd/R6Y0d/fT3ooBJK6i85x9fzV1OA8ni4GRtzj+vTuIPCwBFPd+g08HReLHUmx3+JfPUS5Jcv7cUfAyFoez9TDy95TROEVeGhMRgWLhIj0QbkrCrfD++0r0DP2fGMVw3hBkKZfj3mRJV8G3uiXHFxBk5pCE8l0t0n5Jb/R62iYzn7RJy8PJyGc3+8pDnO9Xzxx1hfLOD6Mujney8rwEnpVzG9UanQU1NEXY8NOLB753YE2FPW2S0KTnQmoR2HcZfywvpUOYq1ApW4lgHDfjPcyEOxSyg/vgsGrPKFLRHd+ClRQZ0xFMEU6VsObIolgeLxOHqv8VoLV0AyzqFyX7VUrS4akwHB99Ba4csLnisz2WxT9i33gQMAnZDb4oAqql/wFWNiqRV+ZB7FLbTL/nN+KQrE1evvsgNVePh+9zn2AK66Cm7GnZm3uSlKj7w+vJ6PrXgNzZ+lYS7qSb8IlcXvk05ybOumOPYlxG0zcAJvZJvUXHfMDdVqPHkYj9KhypwX2kKe7REaVWqG2gXv6aaLTN5x42f3Ov7nryezqGvL41h7fKlJJakAS1WDfDbV5MrZRbiifowMLKtobfdAnyvJhL+NWZx5d93fNp2FJwNOoyjbd6DcMd7aNRK5ysGO+FH002+/2EzBIl7w5Qj12nEgBgsc9WBnqVr8XygCeoaZbDX3ywQ/fUIg4MbmZYvx548LZZdPgpMPf+C7nARy19L5BClBC70Ijb/boZCIovh6/hD/MlnOXxaoQ6tFxVw8O560k57RGXOL2jWntP8s+8fV99eyjpuiWC5Q5+52ACu/HsMGH+OT5ish8hjJzAvJARetp8mCxOgkcckccfaWxQxUx88pLww2u4YfZmVCjX3rWDiNEP4ErOYXy08TnIHl7BymAPIlRmBRvlUGKEUg/+UEuHCrZHUlDAKykVG05mAaZTcYkIj2qdwzgY9SE4w5ExpTei1DQZVm5u0OXEzXB2Mofsu68Ek4y0ePqpBK9YpwB6bHDx8fAq03FzEPbuacPPXX7hhyl66mHkY52/YyAHj7NGyShLUWyI5/VkRHhqZzPOfd/HZpp2cNy+GM7tb8ElHLzuv6UazceJwNuwCPPBewUdPHePh1ePJ/kg8LJq6H2wndGD9bUtSPfSaFKfMgKSF+zDeO41OW83mcvkl9DlZBN7oJKJnUDU13/bn8NhKeHlPCnI3hUGqkDKdm6ZEUPQTfqrvoZaTSzBOPo1TC9/z6TQhqhIAsGr1wZH+k6B5VR/3f2yAh5TJ9odU4c86IZr9LYAX3xQj9DOFnFeetH6nHi2NYQi5eI0T46xZu/EwRUTlwdm3UTDpUSde0pEApS3f4cGWbhj5qw/HX9+A9/asB2v4wAnp1RSfWMhZqZdB4twoEIPv9GPUM8yP0YGlocIYdE+B3tdOox8rc8hv5AKykRZm5W/jYYOKL9m+6YGowVVkKzwRzM97U79qHzyZUUofBvo4K+MKh402gg/Z9+CrTireyNmMncfcubpEjq871+DstpFUsMkGJz4bpL1RGrBCfIhzTv3FW0s9YNe4xbw8zgKHasfhFDyFCo96qPDzerr2CSG6ZwWPqvJmtaBokpi7kkn0F7yfWkmPN0/B8tBsFB0xn7PENeB7CYC/wwjyd50EVr13WeWdDV7cepVfuh2lVymxFLujC272CsOLjv1w+IAuz5ixiAcuiJBunBS4RxlxiRnxuefydGmNJz12U4Gne1O4uWccmmc+p9VSN/jj1l2kN+c//n0gke6fUqHKiGUkFGgA2umF+DnkJb0RPUwnw3QgfudE3rVInZavSSGd0FeoPDcNuqXk4eIu4Ah5H+hWfAs+jf3sNOsY+lUYw+/kmxgpE0hz9ZxROWAGLFB2wdzXC0E7SANi73/AYPEnVP3IEl42tYPDvsvgGp4LofaKMFe4C00clNB5XSeKtX6BeZe2Q89fPZYrKedZFTbgaf0SJ2SJQUZRE7rnOEN96Dg+7LAdiwfzaK/nCc54NJYzpzjwvMuLwWOjDmTbj4O1J1/Dp5ouuFlqABHue7l3tRkqfd9I5+1LcEOtIVZpqsP6totsFruF2/OdwfuhBj4rX8fv1RbC21XZ5Gw/i3SEyvBzjhT8yhYBm0QZjJBzRoWgkawQnYSekj9QKncDBIX4UtR9dXxRYAFHNn+AB0MadP3RNh41HITbpXZzbXochnsEU8O7Oj7jMwuutJrBxTP5IC+NWD/sQstcfejSf0bkHhvKXjtaYUJYHb/YZMh6tQATm3xZ0sgJLk1LoJaFQXBw9VIs79iKV3dJwYhfEvwvu4wrT2vCCoEUelhylq9X5POg+BCt3G3NfzYv4vqjshD4+y8b3LiDzgHCcD/3MK7vGaR+px0QuEkDZ9RKkGatEW9x1uDTZ0q4cusMLl+tDUfF/bH5LtEFpWUYnPqTX605S82W7rD6aQLqK1VD1f0DGNAzCU6KN8DFxQ6cf8oF9Y+MIIHwl3Q9TodFXHzZYtpd8v00h2bXSEPtuLWQG/oZrnjtwxO5Byjtjyl0PrjCV2+1gGzzT1qpvZYtggVgV0kuH3NIYZ/gabhzbw7e/xqIRc+10f35OtzTEg7r4mJ4vKI63NymRnqT5sGHHV5Qb3iQdWqFyHJoI35OOoX+olbUWPsAMUcB8KIdvtHwgsZbW2lCdCF2Sr2k7Xe1SO1SKm8wFcME3dG8xc8UMnTSoLDAFN12HaXNKiF8O2ksJ65ZQ3cix+JIbTcaFbmJnRWFIfTrL3ofsA/rD+vC4Z2P+er2LxyoWcaJK1PBIboPzp6xp4wmAxi9upVrp5/Fx9uPk0FILMoJadNXy49wZjAA336K47oLiE5S6pBVZoMrj6TzcGEm9rRK8/l/dugu3ECTZ6fwpdIhupuejj0Lx8N/FXVc0ufJcZmXUDjvJu3f9wmPf5gJo3feoLY+BvtbYfTqpCBssHSDU+rpNOPJDFg304Uv9RzjoGWdMEp6gP6cGcQPO5dgdJ0ozLczp/jGJnBOTGfNR82oNjoLt5ycymZyqcT8Cf54dKCAkDa8vVWIhrWKYLGE4aeUBJ2du4ZfJDujk+xSePTCFwvjinnfYgv4nTGBG3220GeFDghblkcs/Jh3jrOBd7du4wofC/LPn4yye8fCmCO+NHPLBxgIe4xVj4JJRe8CmNyTxtt9l3A47ROkrt8E/sV6sGVtC9wy/QLXa1u5oXceNqtfgRlGztRp+RtCniziguut4CWoDvFnHSHSSBSla0dwemcJHnMJpXl357Fq+QiarvCSC9IV8WiwEbh3hVDEaxNoCflHrhZyWDG9A39K1eHBviMwuNMHd/YswNT12hCybxDSfnXxmEXbYDhFmg5pX+EXtt9xhIUiLBbZTiNsbsOTMCUoDLHHZyOEeF2uN9YIN9PI05coUNYKT+/3ZXP5Sh6TrU1T1UdAqEAWFLzIos+9Qjgu6z9YpP+At3WNpJ+pq4A63SnfCzBVUQQWpgxz5kM1yJmmC6pHl8Fmr9vgLCkC9yEA7Z1ec9aiBJZYBlCVkc8Ciftw1C5xei8rzWWz72JX8hEq+DxI74O/YvtzK1xvowY/Z+7k3zFlIDZ6ITqNvQBJCz5zV+ApqF83Cu0r9Tg4XZdVXxhD7X0HcMRyOG2uxH9n7cTYa4FwyrQPvR5G87/lNXjMy5pXpFhA+T+ippbvtNpyG3+YaMv7Pf9CktYsbBu5ho4dCaIzGup8YY0qJHrOoeA8dza2jYKYF59h3dsRlJiyF7Utz0BPUhKl7PoPpkhKgd3fkXD8cjfElByAlb2JMHCkkNZM8qabRUf51yRdKj51kHu65EFkVBxnhU3Ftr7lEHIiEtLFZSFgsgXZDJjhxVO/6E53M4i/EAS7GCUY7VFOSWHR9DNCmDqD0shS8iPkXH7Au+4mQeL9WEoBGZBT+IRRwtfYse4pyN53wLzw+1Ab0YNewt20+nEwvN9QBZc8GA7sv8Ml5Y04WO6Gk+u+4Y/of3T8/C/0dzOl97Ne489ZY3h9my7MXSQDPi/eQWxoOMRe9OJuh+u4wGE7jc0dgNG+u6jqfSyaxoiBfoEfTr41jKgeABW54rzHdjaK9Ziz+KcgfGEwnloN5fhV0QwI7E1nnwAxkPnJaNEYgWuicmC2fRKW5HpDY3YUPHpVTRZao0HsZBZZX36ORgcGcIJfKilY6uO4fe2830oYp6m14LRVmVBNSnB95FRQcb8DvV2quPPgcRRQf8qub3ei50R1PHzrDwxsKSWB2ePhRswhsNSq4s3lOnhSrpHXGXiD6UknzLnmzY7ft/PfUw0cfwVhz9hYnn80FiuytPDqpBQ6FVfD0grGvH/mVXj3IpLxmA+82aQA0rLJNEF+LwlEXIHj3V/B8fI0MPZopO6o+yxRlk9zvt9Ea1dh8Pe2JSH/SRhTh2hlLgmertrQPtIZXAs3oW+oHQk36fKbmWNgL1mScKgTpa69C3Vf1nKS8iEQWOoE3f+s6eDHEA5cJ0rHTyD4R/qh47lKWHejHR3d0mCkuQiXdU1lN0NlzJlqAw/MNSHsgxY8rrZCc4d06s68AS6uOTxF6yZ47vbn5NVNdLo3CrXk+7i6XAAK6j+x5q5Y2lj8Gp3HKfDbAxthrXomlc7WhTCrAfxrq08zm5VA778B8G0z4E/Zeuh0pZDUwxP4cLUENS1aRrll40jS4zGsdJcEVe1fJPlbn7aO9eaI0facvscblSb+Rdl5FhR6txeEVhxByaHp8PWXK0UvkeC42H2saPKBrWa/gk/yc9FJMhKlA5JIsP4W/FevBlcWvsHWw614JG8Yw86OpmNfW7m+Spk/eUdS11dFGBy/isqmK8LyRQZonC+IMEeNtNOm8wt3RzygdQSUQwJJ0ksE3sea41l3EdgyvAbeCS2Hp7VvKCzIHrd8HwCd6B3Ej4f54N4N0NZH/PqKMERs1CKHTYvg68SzmF0qyo0HatFsbSSW6ppRafU6kpuVSVoKBjDx5RbKNvqKXbaJaKZ+mmQ1/Kj75j8oPLgcQhRtOd7sJAXdNQGHhhSobpkNlRHJ4HrIm6f1CcHGrdN56zEdjp1ph3dkPkH6UxUY/tyHIgtK+OXnWdyU1YZ/ku5zic55vPK1FH5vaOZMhydsOH4aHC3px0naL9GuMJ73Vz2ksLW/4MEtbdQtITr27wHvW+PLq6ZPhcMdSzhq3AQ+NvMDfem7hR+lZnHFykNwe2QTNS+WhoqLrziwQQ8yVmmCX3wzCKZ/pZX1ROveJIJocyGtCZ4ICW6TwF8+Eg9masC/S29R51QY/JHbixtWPmYzmV9k2O9HaVHTcfZKbVzrGAWpc2Xh+yJb2uPSBJZwmbPOvKN7U7yhtfcn+czIoGsejynOciWtj5KDCvPFJP3sCnyLkcLb/cRDqqlkcLMPpxQBuvbZkd4qV/pTJwL3apfjbLFwVh2xGNsjlkPF2mvg0r4RJBdpgKLeTggU+cNTZSQg7LU7j2toxFavl2SmepUOJd7mEosgrnGqw1kHKmCkjQaHPiUIN0hiAWdlzhnjh2dem/Kfm0pY3rQJgyd+hf4ljTRN6T4duDsGzCRuwdYOI7RyXcRBLumgM6qTZ5rs4YpD/Zy8sxE01hhA+RIlaGmfQfflbnL62LEcdquWD/6+R49O/OY7b17iftURsPOKDLW4ToBVazN4yu6F4CH1F5I0n1Hq9fW8WDuatv3N5wlvi9jEpxcVhcxgrHs1fJ03Ak/YBvOpzk6yLZPnDBEFuBGdhSFzzoBXZhl8C5eFsMZ9+EZgiPKa83C7rCsEN5ai+I3zqAPS0CT/kz75+sECSwsQ9rnCq6QjIENNh28v2467V41m5eDLECezHcPHJkDevH24qM4MhIsVQNxLlUX2H4SsfS3kGPaZFT6aoUt8OdivqKHHsyLBX0UANp8cpl1d87mjeg06GLiCaqwrWfg30rLq6Xh+LwM+ms5KlaNBcn8wdHZ9ZdWsLmpffZBL967k0lLkvFR39rkow65rj1FjlxzcUZnG4xo2QYXpcVwQbc2pGSf4nX08uSS9YPpTCXWZ1TgnVhfOZS8h0yxjvr5vIs35/RiUr+pSRvA97m9ToMG5E7hIsYN2bBEDs2f1VHjsA+4DQbb7qkK639Rh45OXILS0lOZtcsQnIiNBRmAy9ExgfJ9qBiecsnj9DQV6WdkIizeNgKZXm+GW5juqXfyUvm6RBK3MDD7dh1z+Gfmv1huOOPkCNhs8gHs6fZR0Yx1HCLwH44OScD8viHZvieCCtmz6ETaJO8P2gWi0H2VvO4YPR3uQTdZCaB8Qh/I5BpShfx9XQhjFnLvMVePVqcXfEn7Y9vORfRU09r8gDP1iBEql83BqDuBjnQRs6j2Kbx67occdb5b3bcdI67889KIefu6cCLLWJnx6dxfYDleSzH5bTnP1xub8TaB/azXEGvXi9erlXLd4Mgw8AngbUMJTPfXILyYYpWfJok33TpRqNYSutDZ+ZPoOohaOgeKbVZD8dgP4rnjBDuEnYOaqDnI884hNZMdCbIU6GG3IR9g7BoY9HmL65nDqMlfCkAN61CssSMHT61k/dCG2lxZDUuExnFsyBm4lCrKbyRZalFwCm74FooDHFGibnoqpZ4bRq5rwvEMJdZrIQ2FwA88t3wQ67uex1aEG/XUb4YfxIEi9ssM/QeJ85p45nS0TgchFfRQ6imFxgQJGKwfR8PRSlvD9ypOLvqGQ9E886bEBbxcaQ872CHD624Bhufdg+l97sjC/xDVD4vzd8iktuPEVQu4vZd6lDka/puHzpa1kKbUfXo5M44KRYuxxNRa7pzwEsY2WXLegBSK2CsGWCj2WODcLt5+3YtG3orDviCHtxEe0JMYdZl94RG8MPkJYpyFsS2qnWOUGvvZrOT4Hd6zc0o7pf12g8vBEPvTxGKoePoDdtRaQvmEMSXb70bH/HuLerFTcmDifOqxqYLeoHD5YfIorHPOpqVUb3hcGU/2UHIjvPsHXZGqhUp9hsWoFZr/qJrtSa1q9KBmvhupBU1Ib7khcDzpZq+iVA+NMqS8gMvEjFKz3oQk73GF6WzhG+6jDs+NOOBA0hFlCx3H5bDfIDdiLkZ1tbFDuTiPHLmIV/fEce4ihUTsbz65IA2fveFarGYfhBhboEvwESDoF3YtSyf7YJLCp1IarR6u544cNZgYTZS3zpHOzg/lQ3G2eECyKZyW7WFP3J348NQbuTz/KN7JWkGNlDB9W68BnjqWwRPQVWbla0sgASbaUqOe6AwQq/ZO4cUIz/6sK5RXnduHcHcdALvUWD3x5Rj1uTvDfvO9QeHE8qGq84ulRIRB3yYweluvgP6curldp5JvbbqCPyTzeeGQ3HZCZAs8P2sL38D5OKLyHqSfdeMPEKv7kt5eUNUdA/NGF/KpuI+aHywDqSeOD5fnIB6zgWMkbrFleRdmvHHHP3GJQX3aDmnKtoCBGDGYc9sEDZZ3sqFLMG2r+wmr5Fh7YOholU3/ActVp3C1SDtKFInDxtBQOGW4gZcsi3uxZBUWfnoBb5A3U/biK4oai4cDoIaicIgmvzodD+TkVVLglShcuFUG99T/ojjKk3T5zyHOHO5yv0YKQOUrw+JomrRReA53vrmDFikP8PtEOc0Rs6IFZPawWisI32imo1KYPA20bYML+z/ws/A/P8SuEvJ2OoHZnESyOLsUf9oVY2CYOfzbqQ8Wd6aBqFYzFg23oBZmccsKV/86RIpXhAWg0bKetL8fD5INT4YrnLNoqMEi/8sdjo7s03itCiCgwwvPm9+Cb80m8L9EL+0frgMCzhzz45iR0iCpSqPtrDCoaycrF/+GZzj2QqzaXzR0d6UnBRHjOZ+GXYiLWG/7BEKtoeGHXjrq+q6la8Bqf7RcEzYX9NPHdKLjleRflbjvCqHYbapSShuxjy2jWkCiNzXmM4kV3Ya+KPeRHC8CrOSHkVb4cJY69pc6tn8mIH9LvxWIEe6J51DtVfHA6CMoNAbxb7Nny+BwUnTiRU77MZ5fd1Tw635yCsh1w+IUqugwEUuUfZXiXWYdTXzfwDt9omhSVDJ61YnCoXw4ivi8CdbGVvPHad+6OVof5ye4smiEMnl6ddFHzLwSatqPu+kxU22gOWnnfsb8skrWltSD6mx5/TbCmf/rPYNUYVezpSaZRYjK0U1AbN06L5vnlL7HG0RT+td5h0/dzIYNM8V1hMqRvZUhRWMd/Nx+DRwPv+OzFTJR4NA30wvUp8EAUj5kPoEe7cfzZMMpMf4wyu23h5oV7YFD1GZzDxsHwoQ4a/tKCxbmV7GgVDC2Hp+KJnQNcFnuFyl4e5jPG26DhqR4MO15il/EOvMIrBXUrHeHqDCW0cdmBFUoZdECjgcePDSaRMcqg5h8OqoPZtBoteYPmfDqpJMA3XEPg1ck2XtUuBjvmbeOrz6bD31o/pL/XKc1+D/26GcLhiwm7O8To0SstTPMgEFokgeeSpcFP+yo4q7lS+Mg4vDfmLteXmqGP0SPwiPrGHkN+dM8kh7O/zoTcZTN4fZMaxmyShQ61WxjVfYos/jsHUvcy+OrrNbQYikn9ihIkf+nEXfODeILcRgxLzcJEj/Xkel+MuzY0wsW5CdBmPgtGb1EBhVVSIHiyBdbVzqbDdp74Y6svtrhlkvi6IhjrI0JzMg1IfpwFhK0q4nkXBznUZzpr3P7IB0tMsd2yHy4fUsZRAtOxXquBQ88LgXJLI841SqU9Wd7wYmYIxUb2wNMCNZBwfEHmFjmkqvsYFfLMIHHedVDTvwjLz+yn+KzjZDX1EzfkOUCirABsuCABqzbacvd4UxCZdIKD+oew9GQ2vLuozP5O60GkhEmxfBY5CdxkD01xjvyjBpdTd9EaZyeILWmmmuBddPTDNqD1qpgp95k0HYNxvVkVWp/WgBlto3HX+SKQW/IeVhar4mxnR0w7/JkG7Qoob5Exb9jfin2fJkBtQgQsKN9OV/Kr8fHNQlqx/Cau3ZiCK9ePo2qbNnIKO49pTpMh9podhLy+hRdS58KiBiUqaVKhU1ftkN6ehsCR9lR6XYw978+A7YXnQdPNhyI+vKQnSlvoYqUU1+0Wx+b0W6ggl433whrZ7p45BMy+iy3eV3nO7hEkft0UR2Q48uSZI/lS8hAbNb3jynMvOLFJAoIk7emtmxbP3eFCkXN3grF2FdjvsmazJRfgcJkn/Mn3gQGNsSBxEyBOMRjq9Q1QeFUU1z5oxEuip+hQaxg9li3Bu0ln0MNEFaoPX8TnS5/xoooWvurcT1WbdTlVV4eDTivSy2Y3rn6lybpTJsLuZ/qcN9ADHcMf6PXuFTz/ujv8UnwLCdV38McWQZr8K40uRupDV9RZXLu5hf8YdOCF24dY4kIZFjivgbAF+oi1QhC1qRP+eYyApP5e/u7bRiEPW+BbjiotnzKZx2s+p5n/OXLZg3rcU7cbBRtnwltzDcKZZZgT/xWynT/za5WrdLb0GZwt28rnZX5xntV1PmM2A6z+atHXRZPRuiKLj+k9oi/LR6Fw7lYI6bwLMdkI80/5o+HPSbBfbz91PZrB2/yrcPMWZV4YVE6Os/1IISmIKrd9ghNNnjAsowFCyWUcI2vO7xzHU9SpVqwXWggtKgfBdosAdqWHw/6B26SrPh1kZd/CgoDX1HVyM7xTXMAvPYLhtcdj3jKpAPbrWJNT+Hre+tAILFI2gqfaYpTo6YZafRkOk+km2xsxVP97Ek/U/kY9xzZSaqwGeE4qxZn/xYOTzQ7cf+QQ1yw0xKv+J+jqyHyUrvfDq2PFyLVzNMh+vExft+nRgodF1Pf4H/qo/cPJ2AqLfVOgLuMZ/tGZTUoPAXK2PGEZK2NI2HoIH8ddxrm6ViQ8bjIGfHnFb/JGwbBKDf5UUIVnNhOpK3McFsWthn+mgXS37yAV5I9H0xpzbFy9Et/gVT7oZgEyuy3Jzi+Ll3hk8AH55XRaeirkS60loS3xmPqnnsZs+8BHY8bBnZU1mLR2CrabXwefknyIzYmje1OkSemVHAUc06WO0sP0NNsA9OSNcd/xbrAy/QAHDr0gebjMWrMqecZ8Qyr55syK1cJw/xxCa/AaNn4xDrvFbUjkdQGcKO+j7xo/4Y7SBZg9wQNMBmOwZcpk0OrYATtFf6LbdQ9s1TgPOTO+0PMUZzxmt4E6lnbTSn9JKBsvCybxl/iJ4AmUOWXJr6oF8Kj8JZ79aQGf31CF77p16aZNBfX/EgXTisvwVWUG5ayuQpWWQV6SHoCua8bi+kcyMG/JLwrSWMWiRprg/DeD2o3d0K7HHVvylfhs8FLICJ7INber8f2YGdT0wRsuJ+iBfEwxSpdbwJQMBfJV3AhXZniT69FaXtZ8mi2HZtH6JmFM2y4Jveaa/McnFbR9C+GWvR85TUtn4+5yXHTDhtd1LeFw1W5aXSkJn18tA/WWRpIqkcVVXb1Q0VzHX41aoXLseigKU4MlA8HQqDYKVOz34YiN68Dh+1f0G70NxkeakYWjOBzeNQ3cvgVT76AyXdssCAeHHoPzWUGa8EKKG0wucrh9FL74dAT17nvz7F4ZdtimxtuuIyxRsaWrD4UhQW4F220ZwqQdr2hEyT8SPXSGc+cP4x5BQVi4VhEq889gkngayOq8pfK4IBLyN8YRHxfjCHalQwsk2UAiCd/1TQTDsnxWjT8FX54tg7LrCA5p6rTu4BV4apVNgnuU0Prkdtq4WQyMu+TYcZMqFWr5sHNNK1XbNLGrqyGva22lnCmhfG9GNKykSfDyoBbKHKzkqSrddFZfFOx/ruXzAbPpR8FbFDkjiXKXc+hThQxck0ng/cZf8NLWQJB4cYwrbxnx7R4xTJXawQ1yZjxXM5ueyWtARIIrJRVok+JLczr5Swvv6tRAutAROPtNgLtVC2jacCZPuCgGYkY7sP9nIN5e8wkkHb7S1CjCiKhgSJ3bRd7ePSydF4jbnGRBINsCvbc/5en/NnLDxQck52ECfz6X0aZjK+jrqhAOnxeBbQYI7q/20eS8AUzQSMfVQeOp5Pt9PP/6E9lqtKOaqQ1IdS8lQQU5WJbogHOPJXDVtuuYIHSNdFd6wlaXadjUakyl+JGrfH7Tm5dqsDlyNsC9YTRQ0MVvLU9xwatEkM9+xxNUJVh12mYcOtJKHeMUoM7wG4xc3Am8uBTOf9gDgQFrqT7bF3YtvI6xuecwXLSOp282A1uzEB7SkyTo7Aev/SLwqzgDl3cKQo/wfg69II+1+nvw+4LpkKx1Ano8TqDLTzU2PZ2FTYWH8fBtf3x0qQaWGuZzsN0qOnFIDW78N8CHF6/EhTYWPKCZQmPFX7JcfCm/8evDxVsDwOhkDsTWaUKkoxeOb1lNx25f5ZCRP9F1UyxaxJjhF80ByNveDryyHLx+IQTtqMPV717T4Godru3WxoTETrCMPkG9JwVJfasz65g0seJxIZD/WscjCvwx/8Qz7DgrAZbuoyFU/T6OPPuX54Vcosjx6pRVIgfuvpNQWKkd7NvGwm2fPZzV9pzivATx8WYP6H8njfQ4GtINEBrufOPMbfvw6T6AaOnX/KJ1OwYtX44tonX8YIoHT478RP/+mUC7kRGX77aCf+JpJFE0AT9teQPHnvyjEx+L6L8Mb7yXLsSTSlXhqL07/itxoLEbW0H14EeYWbCLtB9Ecf2eAPb1saeS8m5cbGMGLxNWslShAPqITuChyYVQev4g3N+5mL5RHv0cb0T1YtoQWqQEfXZfUTDdhNyFFpIM93Ft8wjatu0sZX8KRzdRY758VBHWpTO45OfChtenQXjqIAtWb2edyZtwT1g4bp2Tzse2fOK1HcfRo1MLUveY8pTf3ZwN1ynbhOimvBdtajzH6/Yvg5bTm3DBsC3kuIyHqPbn3HfCE/Jjc/B3dgTliGmir94c3jRwEm7ZvCOJGkV4M3MymFg9IduuP/BfsAlGWa2B/8TEeeSOnbzG/AL5fNgE+zqq+EGjMbinzoXn0jtpZmIu7u/Uxbo/T1g4SQAmKC6mjGMd8CLMnzyvK4Gw+U1O8dkAi6018bLQQvJWnYoC031J8ocvCbhfwEvj5pHSnYkw79w1urOiAS65S/D7F4kQUboVhUIScGX9J2rb70ytX5txcpohBF6X5sjrptBwRxaU8q7BjfF6aL7UFapTj2OEjgUMqg2T7EVVcLt2H5rqnrPz/Du84FwpbdodAE+kk2mJxU508JjLZfZv+dAGC9jRvYSe1m/CwPDZ0Fs1l7cqi+Gk3O+srKbAavfmk8ouf5aZaQonF49l87ZC+Dq4BPROy8D36KuY904QTDxs8Y6QA5TZLKXzo7RgveAZLH6vxv05V/DOpxr4US1JvQvPs29xIt9v0uArQmfQ574u6MgJgm3yEhbOWY2rZo2iNxMSsCFlO77jChDy6YJ1t89Cs7gxjDkaQwsqCmGpeRvZPmxGt2cHoLbOB/c3GEBY/j3wkcunnjfTYMj5Cu64lk59fyahclgpiXTNJbT/jOpeeZx2LxFczPPoZtsUMLL6SMpFu8HL+AkX9UbDipdWWGkty32ya/G3gTt+v/wcCjZKwa4/dzkofQ9uTVPAyAo3nLS3nE6YhsGNtfcwP0ISXsrPoTGLRKB93zn6eDkN9jgjCVSnY/nW/bjZxplKAorhM8pxZ9M9sD+nAStun0TT9znccWMtFSruRukZKaxwK4Ys7lpAzNp8bIES8rMyhmXC1RgeuRevio7DnvGJmNkdA3LyEehmlgwnT8jhmPd1ePeMGrTe1MSBgVB+szuMPBXaqT3UlsfWnIelb6PJ2CaY68I+U9d2E4i22cReTn38SmoVDXYjH3zkgqaiT8Fl6ma+0G4PDSfzcPkYIfg0ag/uX5aIhs/aoNt9D0RZCkKW/A208bOGMz1XQbq+lp/aS8L9PDfSkw3glB8H6HbJI44fr4EpPbnYMyIF12kOcXx/CdumGoPj+9nsPS2Cg57I44FvMtT+r4y77MrxzbwZ1HhzOQ8fSAPPJ0YwYkAVto9zYgW191hW08ZW6q9IV0ABT3UIcPEHS/ZPq+XMRjPw/HUSJtXcgmzR6XDHUQo+ry3mW8/7IcX5Hp84UkWNCQe5LV4BCo/n0Mvtx7E9LYtz+ttwc8Uh2lrxBlXflUH4oDre2/IcoxxM4buYP9SFiZPg6CwyNVaj5c+LsGVdFek059Ml+yUcHx4OE8tU4NC8e6wxHIku/tHwEuPg4DwVzvl4Dle0riCD35NIfZs3it4aBSqZtrj4/mrS33odI/qcaJ6pJZac1yIJd23+MB8hHifjrGdj4e40aUixWoby49bhMwVdFHmdyr++5sH6hjBqLY3k0A5B2HxdFiISVHBUrzDojclmx/6RPGpGLQydS4S79VUkNP0ubte4w6etGH5OcoJxXy6Q2vhADpT3YLGJuRBR7MtYl8AbkrTJf0k1HJeYAU/NPqHcnG4UTfmPHUq24avjc1ixrwsitwgSLLSB+sNCeOkUw6R2ZM/6O/QwSZ4MbG7CwIwzmCUmiB+f/YTc8yHsODGQhZ5Nh3eaBTx/wX3MP9eADoZP6E3fHmwOmknbH0ny0blraVPiKv59VBG+xK1EvaqP9Pb2EJjrqKP7syKuPeRA56aJ8tDgYzT3U6JLH03AxSSBnkYthru5Tlhd+Yb1rhwHJ0VJGLVhkF/cXAxn352H9GkAN/7NBL1ZL1GzIINqbBy4YLY0lm9QJUUtN+zI3YdJHmfwspUwnJ0lg7Zlk9hBMoV+zI+mhar5LDBnLc26o89HQqr4r8QOWGYsCC3zhvCTujivC7xOPj8e8Muu6Zx4di8fb9/CrrGTwO/PAbz3TBaGugN5yrAvKJuNwey0G+h7URd1Tn0Hg81PqWR0OgQVvyHbIUEwLTuPn+Mu8mPDLSSh8AC0Jk4H2joPtu5eiWGW4/FggSq7JYhA8eJM9rtWAIoiK+ljej8+0Tfnz28z4drVXbzObwheSh2midsnw5+kIijfHgLhV8ZgwNNE2ORqx4ve3KajPovonYI27BL9Sy4fJaHWYRpI3RLHhorPvHvcPqx3coK2UxJQEe/AXbNy6aukJitH6cCXQ6JYX9BPK75a8KyulZj+ZCOycBYFfRPD4ej3HP/wP3rnJQ833cfBcX1PUvFYBgsup/CWe8Vc4/MCdr3ayvXl89H29Cn8T348ZHcU41ivZSDavwl9bwD8c8jmPyLX6X2aLhSLXWWnGhO6UyAG2vHrIFihDGT/vCf9h5sRxSaC/ZEckA9VJrebMzDBfTa8FxkH30ObuGe8CaT33sUXB8fAF1iK33fK0cY7SyH4415C5R4ecUEcWsdOJfUVF2BpkyYrGKtgffZ/1PM+DEfOfEt2sUWou3sCnBgnArVkhIEftCl4jidKBJZxz58nsFe2DoolnsP73RF09M0BEnJWhLUzf5B3zANY+0+IFE8bUGVAEzQs/sgzN2fCIZMarqxxhKmXlSBkhCiusulH/2WNrNDeyb0nC7Av4yB2XKxju/kKuGpNGOQgwsjMTWhYm8w5KWPATuwbP2wvpNRFxYxBgHtklVA48Cu47FUB1YiDlO21jRe8WcIvVIfRUnqAV7ycxJvmT4E5lstoEtWSxekx8J/WDXBKtiD98Df8reAKpDVEwcPaj+QV283NdqUYan6DT05Vhc/qCuzYr4L5PRbstSMc9guH89G309H4ywCVpdyGSaaT2Bp0wNn7OFwMiaAKA3uatTKbwcGBzh5bQtuFbmJvSyRG+xnR9o+qYG3hT262HyEo+idnXN/As4OzaH3BYxBeLgL9b4rY+GE8B26Wh9Wp/hz+Ko6X/rnLarAKglPV8YzLJtZtmYiHV37iM+mmNCnQGGyuTeWSIGv2SAzHkGvGUHtkGJYusMQ7MncwIrmFR4w4hppbjCHvUAQEQgmP2DeHoPQwJoZ54dnDDqTQMAwJe2dTn0AzWPqNh5xEDVQM94Jb3n3Adl4sdukVVaqdhabGVkzdZgZmQ800Xk0ONi77TtVyLpzteRVPhPpSf2g+PqYHNDT3C1i93U0aTz3x8XM5qPU4TTL9ZaC0ajzRs+OwNEKJ3Vbkkml7JoeuXEAJH//y2w9T4YKvN871PgMmS6Pgi0Qhx204TA8GbUjQ3w4Ti5rxZbkgfPCaCUJDsVRYbA/1gdPgQ8BxGlA05iNHR2HTRVlQ2ykG330/U+PRmbDMJAEurEnhRJUMxI5k8KgJ5ZiPihy6Zy8edDsJsX93g44kQcisDo5Wy+Z/CzxIZqUxBFr3QLm7Mr71KcSnam7ctNUavpjKwZqDS0gyLBRNbJ6TqXkEBk9u4ZR58TR0KZMjfhjxxvRgHCc4DaQ05qB1RCcMGltDlrA7jTPS5C8OYyAurwbMTN7zU3MtzIjVB82rd9FZeQ3+T9x9KAKhqAEA/geREUmRmb0yU2ZRSRooUVoSHS0qlLSTltVelBJJoZDSMiohsosISUYaEqKhuI9xn+Q7sv0emcxZhCeiL7LkvhyyutYHAiJX8XCvB/12F4SBvDh81rEfvUY+AuW4fr5lEQOiCz7wm6en6Y/wNAzTcoXpjkJQ9SoIJNWecNAjG3iW6MoBk8JwV8JR9Oz+CspSPThHtRd3iynDmCR9dt6wEZdrtuG+6XW84HMJV5w6hjtsOiBirRssOF/Niz1Gwhm1pSTemMUql1/xnriH/CXoARn9KsPEpKM8JO7FLvOleLuHGuhrf4Z89fO0IMqATgde5zWipig6WYW+mpdTW/1klHZSYoGTo2Dto/2k45QMXc3JeD/qKpcVR6CC/h20nFaGWdp5cE17DIQcMYa/OuvQTGAuh43ciLbFStjgYwnvB/+Au68M/n4bhTWRbyhQTBRCF9nhA9NiOpSyASYd6If6uBocW5LH9968gaelFyg5ZDt3sQLYjR7BSR9nwVLr91S8XoBcfveD6mVNmtWlQMbn47AjIYWEQAokGo6Ts6s4WyzLonbj55AtuJ6it0pBtpMhfh6ewHIpM1l2wxhor1yLlhv7UCvei9g5AN9n+/DhLd2w60kqX4xvg6nfXtOY00YQft4RIpcOg/t1Pc7sP4y5FuY0/EMPHocqwHvrYbq01BactynD1zkZKH5zO/p216Jh8Qx2XXeG39Er8ryizbohO0HUYwmu6DGGYxOc+NvoIv7Za8K5Z8XYYvJ8PNRzEwuC/9C13i48bdNMt8QU4c+IVlQHDSoqS8duiZu8OOE9xS33QqP0VlDyaIYBXUI5MICzXiPIrX8LpN28x6duGoCNvikcNHzD4+zS6OSAAme65zDIITi619PV4BJW75nBb18+gRt337C39Q2YvNufpbN+w52Q+/zz4ziItPTC0qAm6s7aTCcdC+l0bCAYPTiGvsl9vHh/BqjpiwIGCMEFAXeYfOAF3S7ehUuNTNjJNg5V7+8A02sLKVmtDkrmLad3YYYgIheHctMTeWhwBpfOlYCpPAf3F7VArcx36thuDhu/e+CyQjNYOMEN8r3PouOI13jbrhsMQoxgy7xRcKS5gsVabLF0cSb47JCHafdHw+39xRAkas3S5kJc/CGWbIPkuU03AT2sGjh+2nmMRxXw01vAJ0eNxnnl9rRjxyC0yTE3tI+louBwbJwRwX1vj8OxFWaQMFRN/oefQ8Ipa+4co01bpSph1fFWSJwxnUaVPuTIrdGYOFEMVhm+ZNMWd75tI47Xl31lkY0NkNflyuFzZejE19MU6PIajn+1gQTvzfxmUj6IvDiEcbOdySrNHA635qPKp/cUvS0Tnut+o/D9DNKS/pxxNQSPTp1Hy7ZMhSm3RrDXnx5IkW2AsMYkyqx8jOnFI8EmoAolb7TT/r290HNOmO2VrjIMKMDISxdZPfE+LwpYAUfWWEPt8iJYF36RjhTUosjZZFa78Zr8o6L4mZ4e+Zw1RR9La/CUB3hx5C6b+L5lXYXrUMeTCfROoMD4cs5bvQnXHtcFXaUs+uYmDb3NQnw0Zgn+++zFI1TK8UBCPzo8qKG/ca60a8E2WnvyPp/r1wQLxQdUWizDTh/f0Opr0mhuUQlXVFXYfhPQzaI1aLfvG31SFIHu+Gr0+JuMvRkLmfLP0oKP07FZNwoDJqtxdHYTjf3jDauk1cF2uRNA5EpeXbwK1dsHaOU0L1qU7k1+B8MxrH4jrhzxGAo9LeGW4yk6L1HCE1I2gX2hKG/+Oo9H3HmIjRUWFHnXALtCn9DMcgsI2jwAlqViIL61iTcue02iV/J5ZlEfjQl5D8qW80F6x1kq/WgCee8SaYeMIIttyoQE+3skW9RLjXu/09O6PjQI38h7w/9Dm3596L4aQbvLv1NJuBkEF+6G8M5PtCbfDZKcdiNviWaBdFvcOk0Tdj5RhOrMeJ4OIngiuYb8ToXT/vsJ2FqzjwoUr9GFIB0Q6hIEne7naBcmRe1rpVjmzRxc3F3O4kE+eGEglFwqMrB3/joy8gVYYnUOvAdTaa/rJXz9sQBG6XvRkxI/Tjf7TFJBgdRTtZR3lRlD3l4hqLorxEkvXfHyMT2wrFlCbpcuUNWz/WhlIwlN6h+xblgU9pZI4pRX8ym7uRS1onZS8vib8FhWCdft/sZvPD7yx/ulNEvCBqSiu9BIqAFaf/vQgSRbEmNlmLfKiIPmaoL9dGFSGEpFnf1W8GyUPu9WtuIfBTHssDOMJF5Fc5FODJ4+dJBuXjrNOQZb+ZLDWHhjKsgmGadY9uEsigu8gyle87H/lSs+1VOjlJOqNH//fyxfOgIMVt6lYmsh6BnUZ9eABhiYp0eCOSN4ukMmx7g24O3M+bRLlOBorhJ9yfYl0dEfIfvhP7b3Bz7dIY/Oi4do+ztbNK4P4d50dTg0eJ4/rNsCioYXeb0hs3zBVLYREYZDZu6cHL6M57StQ4F6Q5g9RYp05m+mltmT4J/iKBJSkOfKuGUwuWgEhmm086l5W/HKNkHIG7+fvlbHwqsODRx96xbnqU+lWicJUJ8cjdFzhFEzIYmfPCeYGOkO5VMyabcyUu+sUbS1RpI09+WgZzLBw49KLOVrihJndEF5fD5tzZCArZIHWbnvGiZGzwWpyEpK875Pf0J92MzeFAvizSC7KQDkZxdwfd1J6jIfAx+iX2PV1d30JFaYzaSecZ2HOgkd04afV/aQgUYbTVIrh1StYHoqLcgn/2sBr6PFsLzSn39+1uITpsrgPtaO/cND4Y5JFhZq5rDU2QekfzyCb3zV4Fmu18Hn7B7yTJgIwvcWwI4MEwzTd4e+batQumkeL1mXCr8HtrJ1uTtVO0pTeKoExFzJ5fPCAxz8p4tnRVymeaaJHDS8n8abJ1BeBcK+dZ0kbaYDxY8L4ek3JTj4IJaVJ5bSxan/KPVQFLkM96PRzQe8f/c4PN9sALK1x9C+nkgw8xilrrqAH+2FKPp6EDz8WceNryfDwTYp2P54MtzSiyTXyV+hYOgif6r8jN0zgXdbqJHSuX90RXYGPlsdh2PGy0LNnh8wT0wSd025B4K/77On4g8e8ziJfz8Rg6T0ZnBtC6eT38Vg1sNqOq+9mWJb1mL7zu1Qf38XJK99AslzRHCR9QleEj2KcI4iTH18gR0vG2L4LEXmHZF84UEk+P7wwfPLxflrtzX66knR/VgbqHa3hAtTTtEI7+co+kiFPMwdYGpVC9y73As1MsH8aeVvanxoCmmdd/lh7SDiPTXSCZxHC570ULutNzXU1cLn6VOps/w6+VdMgwUX27GlrhNzrFz4WOsWTAu0hBaTeWjZ/RY3ePTSlupuig+XA/vDQ2yufgJW7RoL1085Q5XML7A+5UqxnRnwsJnwwcQF1PhFD0asy+bRoi9B91o3DMWEQU9rP9+pk8GmfEuWnVeM9o9GoHbtJPhT/B83ltvyPgFxeCf4EndviKDZK/ej+RpRvJbXT62/jvP6yzJQcX0dHlh4iGfKniPWWI/nO/TwgbAVfYnW4gyvMKgs96ITrcIQV9+Dh6KmwiTbAZTbLEG2Tr3cutYCt/FU9Ak4xuo6TeDkMAFUrpbSMu9kanHw4pLX6fxt4CQdXD+Xz26xgmanTp5pEIhsMwVm9SfS6JAuSHQK4vaLx+m0hDq7C0Wy4cEUMq27wGHxM3HUzpHwY+NmHB1byQrBK8gexmGUbDidcEbekqHJblsUoaFaH/u9BaAlVgeS9F/RYKMXiig9BJ2oo7Rq7wYSFjCiR1bmaFB/mm44qYNNpyauaRjE/0pP89eHN7h7yjBJyi0FCaG1mOpxDQqkStjDwRJ8akoh7JY4PNCcDDKeu9ntOvF90Su0rlyREl3/8O+rg7hNWwesTs8gGw1ZlhVPgWkrzDjDeAii/SfAktO+GDfxOUjPXoMbH40Fwf9e86jcLxxDb1l5RRcem+IGK7eJ8g6wpPT8JehjZsbOYAEfHj/nUveVUPBQDNr/20/hzd9QS8qHRKdegQuZ23ja8gD4ylZQ03SQ3VIX4Ek3JzQem0oyL1xx7ThvqJCfiMIvVoPt7avw8gjBBaEF9PzpUrifMwY+X52C+Rqd0Puvmi+N3IcWf3248uteHreHYOlJcxizIR/PlU7BaLFnaHLNm68q3KbBDaowSb0QJ5ndoTHbROBeSzwpJFhjyReE13LHoeyPDsglmtGUU1UQmP0AvkcBlX6XgH8lIWBXdRp8s5JprrIUfxOXBP8ULX5l+JhEs99B8pZceH1ECazNvsGrpEu4YKYNjR5iTJeupUV6SiC2ey1ELH9N0j/jWXmrOjxqs+IjL5/iqSRJurgglwZ/6pNv3zGMWvyEM/rH0pgOXdYcHAO9+lV4XXUxbYy6gT6P+mBAyg7f3SqkqyvvwzsoJGHbQFQ7Y/B/83+XQQYqheXQknPNLL2ohYyrLsHd3UHQQl2ob3GDb3+L5UVXpeFZ8xX8kyRNQp1uXO8xCoVTx8PtFaf5qdFafNv8GJWM5ThZQAScSlXh4X8HeGTzYxwVegVnzzeBiEuveMqcZ3jtyy2Wil6KIcu04fp9cxZfSHyg5zk3f1uEo+Z8ZKfXCai94QDsLsngJ48dwPPmRJjrbkw6v5R59n59znOvgo13onh8/GM4o9sFl/vE0brsN22YrgtqARe46W0gmH7ywqMSYbzj+Rd0uHEPa9qayLNuPPi8dCPrs+PgfOIqWqAri5eDd3D6h8sk8LmV1qR30PDhKPwvOYfrw5pAd7cCLD6uiv8NB+KdqmIQ7PSBtFezWGdqK+4J/42y6xRpcX0SXXAcCc+Hb4P2wXEgoCiAg/VfcNuSx3zH/TM/lTtLi3YjjKk6xX4oB8V+QFOCDMnM9So9/FtBqSNdyWnXaN40UQYXCI2AOOtNKKIsBjFC5RgmTvAo4Ta0WcqCpWUtSLwsYIP5uVydf5EdLePBU9QCVtWup70HPGH2N20ITn4NJlEzQOrQfJ51voW7ZK1g+5hhFq2ShhMfuuDYqvnoMUECXaqeU6qaG89IH4Qn9wgi8mQhem0Y145TAjffU+hyFSEz4hCljuxCVUclKPqxDMTMxcio3ZYdzrlwcoA2mId4ocbP+Zw+9B7j88WonBh/CPnjZs9B8Kq/hB9bA5EC5GC6wWPuyRrDJdWfaa5fMwxsGsE+2m3YnbsNfezbeOo7TXq+QwiM3F9SfHc7nBkYIr8VP7k0Vhm+2rew4YNEPGc4HS8rLua+uwQFP1twbeII8Elowvzcz1Cfm4t1G0/i+n8zoCF1GSm2iIBd9GQY87Mdqsx38d2032T03Bpe/HqIVvsSIfN6Kp06YA9p50UxL8sKnPf447T8M9BzNx6uZx6GDDMfKnJsJmXrrSjouYO/f0kB0Z2yMGZiAH44FUy7lr/m484i8EvIiilnMh8JMyZd86O44OlJPCemCh5fA2Dj4Qoc/+YSWo7IhOGITprb/g29StTRLbwIDaRfgESuLoDfSuhrdsAj6WocsEKQ0Mkdd/y+gcc+KLBhvTW4X5Nl7VBzCL2vQGpoga7hH0Cs/xvevLKWj8+bxzkPn/HN09pws+Yx5sdrQHvEMRoyKiMp3VTKm6rOXj0mqNtoTM9TXMhKwYe+eyqxeo4ZGGc4UujiGnzRHwSLnu/kdxtiYMXaKp6QuZ3ULkaAxzZj0ukbD1+eVuK2uUmsq7+cYu+08Ni5ZZgz0EqXJlWwT0IYNYVmgukGETj92AvVK1ez3aM5eO2AOM74bcRJC0tw3+poXtaYTMa13iTeOxakzUpw+Ol6PjlJlGPCO2jF5Zu8Zqcun46ZDR/icshjkQ8mPhKElIXX8V3DOzh335kyV7zlFsNzMDzFE15KCsPcKfnUMtMaKu5ZQUL1WwoQdqd3nY9ArX4+/x23nLc/2UBH2v9DlxtRsOhJOX2xMAHVrfL0esYwxE2N4q2tIhB41AQ6RffTvUoD/G+bHL0OimAWNIFHCZ9ZSW0eeKAdzkg5glMPOUGRhww07XwPr9aeghX+BzBvrw3MPKoPnSJPqM19CV80WEOVYu7gIjeIQQlDoLpRko7JXqD21+Zwd98n3vc5G3YtkoSJv3UxZqYVxojdRW/5KLx5agt/mJ+CyaXqcKZjH1U5zKBpjcFUPNQBgZeFcNfMryx5Q5IVVmjR3UuxfPa8GhhEHkOdimpWPWhJky7dgfDdffBtaRNbTFiN46o7uGjNBboRawYGTwpBzSOG9sz/yxmL9dD2jDZtKWplryZbOHSjhopKjvPQQQl4sNGM+o/acN3zKbCjcQKtrJ+C3417+My7ArYTn8FaHptIdO44qDt4BsIcZnJxTghlZsVioJs8m+RH8qEHXzjuUjeVNSRgX7M+PJv8B4dThnh5pytd+Z4FueOU2HbqFoqp342jXxzkLfIryShWAk7b+dPEimT8b9s1+n0RQTRLBZMSLGBBZBuNl5qGMoeH4PY7GZA1N6DwzmraanWKR6hWwnyVMDiVOxu09liz4NpdkDj0D5L9x8H53ycgNG8t57y6DfuF1pC48zd0P5PBFZ5W0GO8D365W4NRgwR0V3Zhn8ECjP3yF17XtLNKRQEovyjiOym+sFskDYU6vOnECVnIXvgeY1eqwTqXebz0ylYu2WkMS7VLwaRSD5dq/YSJueGs90cB3hdexd7kt/xY1wK7e9Rx78a5MLFRDic9KyC/tbbkFulN74+qwCw3Z04wNuADO/opb98erNN/gyk5tjT7WiK8e9JBLiXK5LpUCoKKqjAm7BVg42PQtHahw7EzYfFKd+xTvQJll7fwgeRQzp0sAppR2aR5SotbB73hWkMHKpqOpeR1Hmh/ewV3lepjxSYdeJc1BfozNJCf/4eTJJSIzhqj598G9volSWWLtOjj0E2aoRhGI3aqwYJ/xhx6/xI6/tcIWjEXUbECMLLWhxLqjsFN8f2YsLuNu9zFYQ5GQ7PpGQhJM6W7mlbwn9t6ONQuy+//PULle2oYWdsHXYGq8FiugOJ032JHsBZmLHgLdvtU6L7NN17/7SeaPWgHhY1fYby/LLiXD1KrE6Ku3CP+OH40L379ilTz36Bn8DmO3OKBN+Pnstl9Gwh8ewX/ZLzDg8ce0Yv8W/xP4CZaXk3BwNRp0JPoCeHZoXzipCLYi+mQn0waC1x1wR8CYSQzcgUGO36HXQVu9DBiFOl/kIXXuVOg4ux7Utd4wzcjnFHQ9yKcHSGCpS+3w9yKszDbXJneSJkRlCtA4uhWHLzUyoty1MFWYzamNF6Cg6fXQu2dOqhw3g0VlRY84aE07H91gd8Im8CJoaU4rLKOza6fg9hyK0rteISPw37wQ/GT/OmZKfhvF4CkS784Y5IcXSoswz9pc1howQU4s+Q9OkWVY5PDT4J3k8BWezVW7UzhCLFekFauoTumGsiVBfBsvBTGTjpIB4V9+fgjFdCO3c1tSknct3MUX7pnBpblwiy++CJ2eQBLB8dSYoENrPFQhf6FlrhV9wBXLrED06J7+ObDG1q17BrY5dymByuq2PNyBV6RN4XeiiQQcJiNZQKV/Dc/C1SX5GDdFTcSdU7HpSfiwFx6LyedEYQqcTH0/Z5J8+c/oKF54+lo8iWUzwjC5zP+wCyPXN4w6jzuOsoguVsTMXo8vxmVg/JXiihWdxk4BH/jVH9FcDzXQ+8UfKhweArMMp0LU6ZZo9eJFDqQOIOmzzek1gAdKLv1ksRC98DM6Z68950IFC7ey6JfL/JpjeWotEsFjVYYcfWLOSDjac11Tp9g49dYvDrbBHQFhLgybiLXWhylxo3esGC8Jt1+84WtZyrwJY1cftlmTOMGrEF0tgHN0/aGjSP9yPeRK02bfhPHz6+n6gkuOCxgwtfqMvjQPyPwHdiGDlLv8LXSaY540sx/FWNoqxyDinoUCX25gCd2yGHdsCFUyLnRnE8ymF34iIp1HsItuS2k9iCLNMdvZJXedD7nd5OkDCwhodkK8obsIGjtO2qtXIx3kvexwZJguJzxAe1HM3YG+NPf4jEgKbsZjDJreen2IvhWM4BdLZvhst8GHLXQFcrrp7DqjCQ+90EFni0MgQcXDuCWrkqSqQjhG4+uUWHldhyuE2XHSamw366UsiQsIX3lFXqy1QecViKvvfkC+k530g3rcJ7WMYrEk69C7ZAaZX7UBLc+T6L7LiSReAgfznfD4tuX+Ib7OzTI3c5KE+7w12WH8G8Hw74F8yloxByYfq8Kro+bwqcGVaDeZj2Nv6EIslkvaebvMBTcIgrevq6w+nwWFp1UQZfZvzh+eBot89vHyUXdyAKi/OexF14xHA13nz/grq/7YcZQEEgqJHDVOAdW1xiDm8d/gLLfi8CqtJ37HCbD91nSeGDKMiySDSWfxFwM8lpJY67dorTPSagwXQvMxJqp/Mtk+DXBGidk7MW3YTNQ3iQHX/idRJO5KpShqAXrLouDp3UajTuqCL0NKZS8sBwWyi7mIwOnOXqRB/5620MBNR4U59lIKt/L2X+lIdy7+JDWnZlAU4czSE8pGR0DdPHlah/u3V5CXYfcyKIpGZ5vVYP11+OA1QtQxyGbR0wVQ4O+5agi2MsrG8wg8eld+nzBhVu9lOCF/inqLjvDflvXwFSLWqpy3UJ5y4rAzHgTtvb9QTeJx/whywrU+2xxbIA17/SQx/NG4jgUowdVtX7860wByot/hJuv1PltrzWkDbfDzMVp6DFrJ2hvzUafzLV0S0EAM/Iu0QiF67RyfhxM2yQMXwTcwOdsMElnjYW63W5kICcM7/xPYPAkfbTfUY4eAqO4aZ48vFFbypD/naUTFpGEcQOKCB/k57OFOTRIAtY9HqBIwUi6mDQOen3SyPK5CwsbLIExeqN5Q3ocZu5/DBOtN+NAoiGE3wxD0XhBePRmLzkbbYRttTbsd6UM/AODaPuN0VTwQ5NDIoHe3m3g1Q4msFGtmw9djqetm7twGZ9FDd+neDDtFW6rm0vCi0IxZmonRAUqws+jElwv8hgFnuXzjBZ1ttkziOUdIpQJHjRhZgi0n06FZwvGg+u4XpBrq8aEj158viWbZv2YzSH7BrGneATpa5/E93dX8MsqU/i6E/nOvS/8arc9ZpaH8T6DhTzi7AUU1lGCksLn/Dd6HHOjDKhvs+W1Lz9xp5Uj9G3ypo7bDyC3ZRmJa0zH7A4Z6G25yznTJ0Dm7RCMeq3DfwW08UFyEE4V/YONG0dTdnIB+Z+RAP8FxnjliSoclFzLUzI62WP0B3D7dBh/m6Vyy7tgqrNQhZyzcpwzQYBf2MqBznAfptk8oMfP1bCsazwlJP5Ge4O5vF37EeTUncbbDcboVyMHbZeA5ppLk1TvEa4QPMDWs6Ro5YIbOH9uMAS27YTHvuvofIMK/MlDrG9eiJbDj3k0vIR1v7M4Ma0HGtP6+fyu1Xj2QD2XOKrD+541uCwkjyYV/eRlL+Mx5v4F6tI4TdV1jbQlZgPJF9+juvxJkOwsR6o2SI92zqSUdhsu/PMFTgp/hAl1QWz4xR0Kestwf54wfA+fC0l2KaR2yQJqf0ijr/U0zPzSjPLnbsDXNbV0wCacynWFwU9nKt0LFuCec3kwt+ksVun14iONIdyjsBNKPWfDRDstGLKTBdfYcKx0yYOJE5VASO43a+n20b67hfTfF2eqnRSJDq5RoD1bDGoCG+l+TjC/ik/F2UNLaMPWVnTtFAADfye2LwqE5V/bsDidQG2kFjX9/I//LMuja/M24xy3+VjWa8QL8oOw2D2B6zoy6aSnBNwqe0ZX/46H9JkCZCoXyopjQ3Dw/S+aJP+TXysfQ52N+nArfxrIlC3Ho3dq8KyzKd/Y8BKmWiPevl/MV6qv4/i0AY6vecBvU0RhjrIHun3dBie2CpL/EkueNUEEnD/voUcLTcEpeD9XfdpPx3vlQbBpHZ0fMud1BVexu08HFCrjaUZlP3n5zMFBo34Uf2zCmllTwcPLgFVfHqK5ytXw6PtCbn2SQw3hdSyckUFrzqbyxzJnXOvK8LT9EOmOCIQn+xJIoSyVS8GFj242wOMu1njRvwaThAlF2xRgXdtL2hHgD6VChtj/NJtcXdz5jrAlHFo/hGbOTynvaD7hWUV4tP0wPFbeRL80YqhuiRcH6LfjyI4AkL7uyN0uYnA54Ak+u8VwzX8YI6tP0lxlRU4b2UAi8kNY2reVpHblsrrCBqzXeYgmyiYgn6+JQWv8+ODsrbgrZCvG2b7G240PePYjAyIhJ3r/D6llQA2yPJ/xaQEDlPSfAq/V6iFWZCnNKU5n+5TbeGrzKxzb48SOQzIAusoY/X4CR9gSyNXM59//dDH3w060a9ZFuduWPGtcCc2PY6if+Yad0n7w8a73nJwYREeXnYMXzhEoduI1PwiayBbXrGniWwIuKUZlla8wbYYnvNpohC6twXzpVzL+2GzM47V6oNLtPGdEaoBDpDcbrCwDTOunE80GHJrcAL6Cchx9sROHn8Vxl0s3fAuVh74YAdybF4eTJZhvjbpDtwsv4qYPfSSYuAG6DrpAq1AubmIjWH11G1kmPMZmx2RI6/7BGd3d+PPwIvCLOUjVUe+x4P0JkH9qAVWOy8lUxIzTJqtQ7T7k1/IekMuX2WqzNeXfOcYVjqHUA6NBWu8fs4YvzNWrhNUXR+LSyNm8qvQUJoULgs61Sg4fzMSKCjH4ukYav25IZ6O2M9TdpYig/ofrX6qgcPMhqGj8SkFu2az/XA0+3wwBse/zUD9Yi7bdWkOO4UKYWb2JK1e5kOPxG/jNRppz3dRgupIcuE0upOJlmyBKwIfsbhynUJ3fWH04FKIdf1Lr5naUEdCHavUE8J84C9MaNpLk1krw1PbjWWNN4FY5wdsR/SCYtoYGzypBzEspcGw3h5exF8DhxyioG6mKJ3xGYMaFOJgO/6ByjxWrpItA/J7HkJO9GSSeTmSz4TAetyocDVqCYN7Z76DrN0SnHhwBFW0NGPlBhjXagulMfBypTt/JoV4P4GvcNq7IEKRVnq14MK2BClrk4eXenxx9/hiPXqQCC1V74bivFpteKgAna6Z97usoVF0fcosnwxIpJVh0IR/X+Vzkyr5k3CeVwhNu5WK0sAub9v6mSekn+fBUE7itV0gbSltR1kMJGjdlsuP8d/Dsojxb5+SgyOiVuGbdIRzxXQ62jfwDCzbfZ2PtJVj91RROJq0lzHjKoodz4O8PR5y9NJG2ayrB+qR97N2xnVwS3zNZJUHp2EiqDk5gvSNFYGA/g+fJm6C8pgTsCTaCD0GGkPq8mdGmgAeiTNH/QiFPD6/iY63DpPK5nNJ1dWHVoeX82b4Mxxq9pAMqxnDymTItmHcLXNV28RTfXaijcxkLZkuBtts0GDJ4gHPj26FHIBRT23O4rbsbS2ECXPBQYZ1r9pQgKwwh9tkkax4EEVoXIHGsJI6KuwP7xf6DnhJnkJzzE1c97cbrXnrw99pO2jv4Cq87L8VbaaL8sbqSqm86cddJaU7uSefE/jiKq0XYNbAG358poy+GGbTgznP8QWLwe+QPEnkpim9vFuLKGmJnQ0mIU55Fc9rroXySDQdL5/OijHckWhPGi183kcCNiWj34Bpk3dCDr6012Ba0BqaXLKCOKcZ8utMOB4QLkFZWwrV2KcwKyobYI5Yge+0PDcoHsMDVTojeOIvljbdxxcSluKveCm5F1aCm83ZeMywFcqODYaBvBUbEWPHEEQL8L/kzSEw4xZUTF5Pc4tm03uQnnl0/CUL7euhdkjMn+b6GxrRglq1UwJE5LTzoroobrrlj+jtNjCAtuFU/hyRdnsMTzzjquZ5P9S3+6LB+EqSalHDy5Of8O6KRLb0twNorl6uiX3DE7nb00AvlL2f2oIWDKPknbYZdm4+wa/Yatkwwg41vBihnxWi6OaMWQqocuFtKGXeI/6QfZ/KpSPIEbHJ8y9nj9cDj3iVM1bKD7GNLOebEd7SMOIn57WpUo6bK2vKRqHP4Mnq36IFb6zGQybgMaiIRLP+knf3wL722D6Pns+R5zhERXq2WSNItNmDhMIG3JUbSXAlv/Pr9EbU8mMM1+0ro3Oyr1LHnEfYlC/OPlZJwxmYt7Ir7DQLpY/m/pFO0RO8XHlnTC7V9zzg8zptUNaJYUUwPAvbr8X+rZvO5OCscp7EOqnxleOlABd+SD6L4ihfkNPSLTdqN4MkIG0z1toUCSxnqP+gL4DMD1r+4T6/nZdNoiThY42eJv/IUYNLbqZTPFeysXg6eJmUsLdTBi0AT5WIv0sVbWcA/18GDGAtQKSiH9Dx99hOOhMLxS6msSIv/iZzGbYW12KYQQ5M9rHE43BC0no0GuuRLKrpZtDppHQZ+f4JWdaN5znYJdO8ezRXvf0BpqxbUfHfgww/rOa1Rg/uy33Ou41eSdzNmVaWDeOn8Tv53oQBfhQvB7Dc5ILVsEhfvuAtfjqjDNekMCKpZiu8jVUBthzCqemSjyFUL6IzKY9/hg1AX7IJ7th7CtndJtF0mG5M8ntKSkUGQe1QKx7+cCnZH5sLISzL4fVcabDD1Jd9oY5Qrmkmj5HNhW+QgTlxUB81++vDkdybGDXnjttSVIOq3ATN/e+D28F98+bo77oj6ANvGvOXP6bJQP7ycXiR5YG3IKlAQmgD9W5PYV+A1bUw9whmX9Kj51m6MlNKAj1fUIVZpM7Q9HYZPu6vo7tTdGL88hC9H96BbdTXci7xBV6S1wP78JH7/bRcJnKvjH8bHqfgj0NhbY9lyhwrbmAzgEosxFNY+EX727sDJl9Vw6NpdPtcawyfXzub6jeXs6zSJp407CVkn5UGzXgfseu+RrPUZ6hAaBscaWRpa/5ybZi7FxiMz4YZzHYfd16GtgZKg03ARx2YHQtqoILToLYNJMqn833AeOjgMgLdODjvKKdFhAxFQnNzMZePyMfDbZVD/+I89k9rI5XEXjczMoh3uAWSnLway1oqw+9lK3LNJj3/UleAW0Xu8cLsvB5xYQO4HpyGvrAdH++cw+uQkkDJzRaW3guBUfZ4Kz1VxtH8ErfZ5gIfO+XFE4nL89mM5zt+pCs4byiCx9Cj8cFzPNboz4VvSYbwxVoyjalRZSPAQf7HOpkJbC4hqauDDDlM46lgp7ssvhhU6T9FjVTBnPZqLB3omQ63cVRhKFYFy1Sau/iEFUPgRf/7SRZcNnXTR0g8/vEzitFV1eIokQFHBGgL7D1Do1L2oPFaV01cbcXihBCxzZ5znvQTnb1Hjb62PqFzFAH6fzKdvRU441nEjjYj0QEF8zfY/RTk9axN8aZjJOzWXoaS4Odw+64leIa7k3vENxo025tO1ETzv01rYqXuYA8u3g+YCpJep1uD3Vp++f38A6Yr9sFBYEt+t3U83n9SB1rhjLOWgyFYv2iBjkSBsWyZDHfn+YCz9iaItHPhi9yCvZnfKcHoCF2ZN4JXjZVg9dApo7Z5C0QGj+N/1s+wioQ+WNnW0vl+L1cP80L08jvL0F/KtPZOhfO4/uHUlBDbkKLPnoX/8y8qOLximsOjaXs5anI/rP57FpP9kIfOAFvy5IkiPfluy19GtOKZUny6EyfGLQGCL+yKcVKtFuhuEQcXWkrzy9XnSMVvewvtYSPE5xg8sAQvjephzvQEuf7LGfws14NWLJvTOPw35CUP0IfEi567fRVijB8Kt5vQwYiYkpjrz6DMK0PlRn18NdbPSnHFs1hcAV0edwYEs5KMnpjMkZyKcvIWrlaWhfaMmjFoegsMqonxJ/jO2Gc0HwfdDYJ7+CX+F3oWUH77c62gNnTcU6PYeS/QYvIKTM47TAYF/bNp8Ds2kmlDrdgPoJM3DipvT4N9Ba1r29jXNelhFCjracBWiaGJ+KR1XFIcdS77gt00mMD1QGCQ2e7OoQgtfbZ6GbWKXKepgGX4+0A+PLk3im/bn8NIjAVCP1QWL6X40c95nOmMah+fjG2nyxI+c1H8Fsx9MZTPXX9R+dC4NRhmCh4E5KRT9YjmLZtYq3w30ZjnsrFMGofQ06HMYxrEFo9i30xxe9ifDjDU36eWYOHDKHkeVX9wwtcsS1mzVwvTaC9BRJAMug+JgNNOFcg7H0MXT2jB71zFScunljpnHOXPEW7K0TgFtj/mwJUcO/Lqu46tgc+40MwMr0wZYa74Dvvj8wIHpQbQ4iEHCModvusvB9VlL8PoEbXr7p5LHdq+Hf9f+0siqJhStqyRVrUheUxTEuo0q0K+yAA8nr0STOlWS31aFlqVWWHaqgx6M8OZAs3Vw/fB8HIq2AIF3p+HHBB8uSVHEFREnMKjNjiYJ7mJz1SZSmfGHcIcV37OQBP22K9iZvoHtFm/gzTHVuGFSCrp3XMU7D3+xS0YVvhq8AE31wrBOtZks0zx51a0CaD12mwUSHPBWmDnsvZBIL1d8poEDhfxcSBNKzfKh+8dzHGW2gdMXT6Uf1wLgvE0eNoxsQuFDFdioY8/1itqge3QE/6tqI+VFLdgxNhoUHiHJX6rm3gnanDfTE9w1iAVWWMHPn0aoUXoMArt/8ViBVaRmY8tyH8rIvDOFTR3VIF/yHmTPkYCuxyWgdes3WT6zp4khMyhtkQpp+V4ndacUOD9TlVZtsoC1poaw5YwsCOw5iC8ThODXbA2KDp0HIZU74WI+s0FBIHlfOsUbCk3BbKs5Wa8zwX/XymGzSC4rbepmaf35WFt+C2//84fsNC/yFDGD+6NtOXtsF3mPnsDGTZFcNVaGijy2Qed1EbJdv5AXeXrhyEA5eCm1iH7qHaSeX75suEgNhDevY49IZczYls3m5u60xVED1ObaQMcWTVjep0EN2y0g8WcOu+97RzefAaiPk8DQiv1wc64orVbVg7iUXLTfKA5KBb3UIaKJ8cr1cE4jg0e5dPGthhh+L5CNnjVqsNZuCR+MqmA9Ux/0vjgaJd0UwQ02U4jBOKwM6+A48UI2jkbY3FQKrdMSoSqsmSMFPuC78FR427QH7n4ZAst4CV4Z85uE70+EvBPXYGf9B/AYVuRPrdI4SzYdNvuNZGG57fQmaDoc/FkJC1OtIS05GlrWVUD3Pk/QuahDzRduoP+mL1R3/i1d3nmHS9cD/G62hvI6dYYDv7CgKwaE9yhR9+whtvqdCW2Nh+igYBvd72uk9jIhOGoYgTNc5+KSKlO4e06LW+5dw+kBLrj4fCRZdJXhX9H9XO8+CqLS3bHszjArPDPCcyQE4cOBEO9wF9ZfEwQRp9/UbypM15aoQ7hHC8zsKAHPFi3+aLKfAmg9JJqlkbn1RT4n70pj/c5Q1VoluCDQgUsyreln0VhKqbXhsZlP8ZR4FJ5VCQUfqiTzQ0fZN8YMNOze80OxVEw+5AP9d+6RsIwwnlOzhtvDIXz9Vik1j9LFj0MAK1cmo+Lf0Wzs7sbnYj0w/b96CC7KBQ2fS2h4WR0maNxmtzobWPzuNXt3SrLZjAxYpfeRasMz+XtSLMeuvsDPZu+nm0fWkCIrQdKTk+S1fDWLWl2CKbN8aJ6XMw5cYbI9lghJTxPwY44XNq/WhkEDTZS/VYitpyZSdkIFrZfZwakm8rDwuQPdq2uDKUGH+YS0PDwdmcBv2A9OT14D7+QZFsmr8+RiGT6Tq0+HBjeT7ao6/rtdBzpcAFLrPcnvTitWXJdDt6yNYK5bSq4GEtRwOYpszaLhS5MW7DRKA83yO1hiNh6kiqr4Xt45frbzO8Y+20H7PN5y7s8ElrhmAenJSbix6gbPnLaLRw2eIzN9Yz5OYtS8tg/O6A3Az4V21JKIoBysxK9Uu/jiowgumrmTo7RmwwyNAuAMIGfTRm47kIwvraaBWdAZ9NyxCky2dEJWSTos3nmTCtdlQLfzXd6ywRB2ZdmCvJgYrMcarDs7jxfa9HGOVRBNtfrBGmaurPdHgXJuSVD3cWeQ9leHn1onqOJuAs/9OIrVS2NIT1IArl2VorQ5Epg0VwtUWn7A00IFUCn5gEqQBvfNu+l+sQLfG5eJJ4PyqP/EMXrg6ogZIfnc/U4XjsT0QOypEho/0Z41uk9Dk2ILV+1/TtN6nvBrSy9IjC1BlwMjIalkE8a47+CW7bVsU+8Ah6XNSEmrAv22y5Nnw2cOCHkAm4cM4Pbtd9ywTJ6mRGuy0alOKlxpAc9eryTrrftwe7Yr/tWuRLsEachuPUxdcbf5mWEW6VqakVu4PVUm/UYnmdF4o/IGTxuqw5z75vB+lgK6iNWTovEf6puRyOlKvWQbLsORxTfppm4vV9215QO24pDiKsrFR+5z1b9AGpw7kju2+cAvgVCYaCzN62SfwluZNNaxHA+2Zndo+eZ8PnIzHKuOhbPlgYcw9uEcku56SLjqP7Dw8aQGK1WY53sfRAcN8MwnFarnQEq4Gs8fzsWxfIAyDgrmwIvCkbjHdAw0vV/Hq7YogsGwD51Y9gyrne1QfOJDemPrTW6Lj0G79h4mXSkYPTYWggZGkOg/HxIQ/EgeF2bDOHMh7Pu8hY+b6vIZs3E8LssS9tfkw+qpPTjW9Ds8y5iJ4hXX8VBDJWz7swHtxRfhxui1HPRcAQYCjCBS/wtZtWrw9NUvWMpXn+tyYqBgigUGWg1x7+xYVv8zDrrZhtu6SunKeAmMOWUIO4374GSLMxzuWgn7quawsZQXiHWqwP3Xp6lm4SuScDpP7TEnaPTUE1D3dQAjBqNR3UwW5zQHYuxBZZj/9jYoeVTA66vD/Kl9Gg6tuUVpNe/hj5UDrvxWxNsMP/E6XWsIi9zLTZGudC+PQaOugUYXbMSJr37i/oxmFkut5wjb47Dh6gi4ZHyMjWS/4wXHKJQrqoXftvPAaVokDdqZ4FG9JrxwVh4eFhlBYuBvemsTj2eW/+USuW9gP302kMQ3SHK+SwKlSXQ26AVvsxsDBbaX0E+2Duf5vYZDyT5wNvg5er7Sop6/Q7T3WjcYl77k2EA5WPLYC918f3Hn1I2wuXAPfZS5Alhvw4az1PFTTSiHRE1GhWwp+Pp5OdsJrILaYy2w7KcFjigPocVjke6teQHBZ5ZhikoB2CwyhuK4GtDxFGGjx1tpz6ljFLrvGWlauoBv0FFoq19O+j3DcNfIGl46+vEvSSkeFFPAm3YvYPlqW7b+EIx/v/0ko3lBeOKUDxamqMEH8fO4Y68d1Uzuh9sjNtPYl06sIzAM8mYZMOqGJi0fbwFZG6ZA2Kk82OmiCHtNJ/HM+2lQ3yhJVdsJt68ZQDGvbHZcuBNlSuShO2Etuy79A6HTBygidhZueepCZwbCafeQHEy6FkR179ZCwlgbuPj6Bj3WLya7QQFuEdBkV6WXMCEjjRtHX+cRWqvITjMLM66IwaKuKnB8ZUiK+2Kwq24NfY0/RZPKd3NE+w6wEv/Gzo+NaXisBLTZh7NJ3mZMEmqGbKEEqIq1x9hlwhDw25AD/Lpw9SYDqs9Vg49XU8msXZNl7DTxbMtVtnjyhoQXZsMybVEs9bvFM2zvYVUigviN/SgsHMk73Q1QMPQExpMH7/Wdw/qBv2DIaBb/TviIckkMCdI+6C85ClzNfoFr9Bxe/3Qa/aeBFNYcjX3tz6HRopJnWavDkcYi+PXJi+yV+2jwlSu3jd+N4w7HkpTbRlb8FUJL/0Tz7lMmcOTGI/b8kwD6e61ol9AhnuS4AAdnrabPrm0kdrqaPRcepkmGE0BiggE82O7L3SsJ36dowcE1I8nh03xa5F+Ns92bUCttIctLTQV2eUhS+6ej/4sdcN91GmTWuWDugUv07bgHbjH8Ct1Qw0pN4yAyMJwP7LMEGe1aCDDxhsVqmdA2XhbClyTxY4s39DitDs6GT4byhEU09nMwP5GX4JfHr7LbnKtw9I4IN1k4oPfUHbA0uR6sZ0jCOtE+Hh/nTQeeF+NA8l6uUpeDNblveOhCJun7b6f/Wg/h8mIt8PzcS58fzeQW571wbv5IFG/Ix5BT6lix7y19+NGIPhv24otNk6DkyHjCB2Uw8tYuJLdNvM9pHkw4KgFiYQdIDJxxxsFnZJ+vBb3zn3OudAvVSJ7FmHx5nrvkHJ9XOowOdrVsICOJl3Ou04Sn1mBfFQBfPuixq89ByHyaRilvzsGFdRYYGOxPJc83cM6pfrR/IgdvtiqBt/gRnmAcwPavAI7N84dQuy24b/kNqhwpAmWLZVizzhzsnF7R+8qv/G7HJ3qzOpFXHOsA2zuG3CTVT+2ei+mAbytX7pWCjgPn4U3lRNi0votkxu2HwoefaPJVZUyKPURWS1Qw/nANxk9UhfxILbSIj4J56tr4b30Etmb0ooW4P3svPIRF02tpds8HsD4iDSnr9SBF5QKZ67Xw3AnSdLDoGKeOaeUJLXHcoilD8+OU6J+IPuhM3AQXQ2TQVf8Fby+MwG92iRyo/YPeLnsHE6bcw885JgQuSiDh+phfrRsJl9rWYFncKLyaO4YDHeXwfOcuDjg9DQx9HoPoIz14U6ELLetUqTZ1K39ethTMLHMoQ0MVXMb+QmfZaD5R9JlNVCzBOjAIIkrjofvuYWgNC4Y9O//y5qoGDIocBJXtE8mrOQLXflKBpVkrOedYEY65PJFOKM+lJbscuOJVL4ldbccQ2yCWbD7AkS9GQVxUJ40P1qEyTx1QPfUC1k5dQx83+kJe2mFsHTUZ80500oRkDQh5E0j9MeFwbsseCBVfDp+mvcW1N51hbW43f6jeh1ktlpSzjUFrVQV32oylwhJZNlpRhVln//D+y/FU1R3OXa5+ILogBBsDlOHA7VCe3z0F/+s9zZM2VID0pym8fHUb33l+E38fSKeIvC78vs4QAhqcKfbFQdzda4nmM4LhrEguVYiIcNidWpISqYO94T20vNoC2g69YZ8XL8DLvh0fncjgL4np1K3WT4KNr/DfgX1gO+SAk6N1QD7EjzNkZuKMDiW+NZBNgktns3SICNpV/eXLKTt4Zk8lqbiMg7YH5rQqYzHY5fTTLHVfSC2N5o8FW/DpplHwPdEcSmg5WGtag+9jDfYyqcYAmaNcY/SQ5o+azoNGDnDjnDq9vVGKw8+O8f771pAw2RuXeizH0Oo19E9BmJPd9iHsnof6AdL8YZ8+awQ8pbtDghBdFEZTtf/D9i2FYKibQZvFssHpijXPLKrHGM2d8Ez4C7hpmcCqh8PkkIDUE5sO11xXwMpX1rgipQK9LwdzudJCdi8+DY3NxjDu4xiK98pm3x2aMC5LHyd/KGaNH1m4OnUHmOByPGGfzUGfx4C/y00e2ZgNX/bs5dLD2aic/5cfHHKijy2xtEx8NaRNmo97SmSholoIJB4/QtkfjtDZ0sFp8VaQcP8Fnpi5nuKHNbjOq57HyYuCyIosnJDrjj3Zs7Dvjw3WnbQFKbFakB5vi9qHPtCZB+50xc0E8npTsKDuHJxaGMqS+VkY+egcxLXIAK+M5sXumzilyQSW+4wE4U36qGd5nPYtn8eeDw+SqFc6SeV58CGzAiwtPoU25qrYLjYG8KEVKkWsYF2Rc1A4bTEFSBay3+ipfN1jOyk1RkJtYBWa6kpBwqvt3H7XCKwPnkV1LeapIx7wzF1hVC+4gp0nykHzhVCIXWgOtjr5dLHVGA47fua5qnPosvg8Sq11ZaifShEfBXjBRz8qBAvQbBlD3r6zaGldFZYFa0OatifGRtwn/96LMOJ2KY4SyacpZxAEZ3yiQjs1To+vhPKHZqS/K43XK+bCzdwwcrwP0Nk5hN3/jQZduxcksH4pK3nFoY7zcrp74yckpwSBAM3jGeUEbn8rKOKvAHwPl4K7xitpcFwSrtMeRWWqFli2ug2Oxxlitaodvm7P5i/ykiA/ZwyKF0uCYPpE8hrzgksn5eEMrQlUGt9LZqW3Qe3JYjJvHg1Xo3bA0P6TUD5sy7vf1dIRqXd49tdsLvIawaVNPei3/gwsMjcAh+Uv8f2seC4vOEDZhWcwprYQDOra+eXJeu5s+Mv/o7g+1EJg1AAAf0NIO9qaWhraaSmhjJJs/qSBlC1FoZASUimjMkqk0iJSGaWiPUmUnRCRkpTtPOcy3lHHvvGNFZYw8HQaG3kN0aEHV0letIfDHaejh/xnmrh0AzY5x5LfvQJIXmQNGLWEzGre844N/pC5KYZyy0+TV4Y9rxkqpe/eHdT9exXpnZQC42VyeG7iMFuOi0fbzSPh1r+/3JeziXXmP0Db4QfUfHYplr02gk33u3mO+SWodLenSysG+aa2IL3v9SWpkm1ovsme7T8b0E5xC2gYfQKebT0CRZs+sqSjHedMD6NFdtdZZzShr/gNXHbqEKio6YCeywz0NBSjD8cm0nlrKy6ZE4e/CjV5QOYOpNwaw1Mt9lLPCWs47t4GK9PFaN0zZ/Rc30YdZ9ZSvdBKPicfCsdvCkPLax/eP2oUCLpE0oGWeM7W/MO+q/VpxZo2vH4NWSTXkEXG1NOiK7W08vIokJv5DlcmWrFRwDWwerQHj/sUYM+IITg7xZxFvx/Gdl9vjrhoBSLqk8g8+CynqSehfUYcj9U/AWey93LIlgyKXMzgEJQC2sNyUHPKiDasksPpFv9RvbcL/1RbQr8WmXNk1y9yLXbFvLvXMKxDAi7+7cG0A+vgM2xjjz59kGzpx7o8A4je9xcLqzpI20aXhauEAYPOwrQ5+/HihlegJMwQdGAXKzn/YsuOnVA6VYK77CSwUGcMdJ3aDHnt+9HW+TeJXKhlw/d59FDxFSyJVuIn/5TJ/9tlrNYyAIP/nDCmrZzkhz1IpCUY/8MLsND4JOzJTsZm8UT89lGE8o+YQGh2OzwoFIXK/TUcfH86dzV8gQlbJOFv+zB0+3pB9u9+bHBUhbB9hdSp/J1yBxSwtsWa1b/Phb+nPVlg+VnW3GkNMl0asK9YHUqH3CmoJRZjdxdiQs9PiqxMpTk/HPBlSg5efziD3kwz5gdtluDofZr7HgyhfewRerpxCJLuenPvzEhoXRpFfjZhoPVFj9a7S8Ch7rf8qPwALjv+HLePNIHJmyX5p8Rv7tmxjFuzb8IM3R4WPDAB8v6ow/NbP0Gm3YBVioJYamotG2Wr8+ov7bz37Vfo3l+GlxttIHavKrZMNqPQ8mf86N5UFBG/DJffLaY2o3f0VykEOqrO45mdYpB0QBkcYjfyk/ar9LZyL35t+kC9TedIbuF9LHsYz3V3z2HoFFGYtMeSNhiJ8q0pmzHe1wPDk5TIumoKRIi6IXc44rOD7tQgqwbhkR1kJXOa4r/2kZTFM/CVmMWbjv6DgqMjYMukVhLWyqM/z03g9Ugb2lmpCV1jIjA+zpBrY89C6p0uXPR1Phdbi9KU7zdRo5VB7gKyyoYWrpybxfnjzoBj/lywur6CrEUkoC3Mj2t81Dhw8SSI3uaBr7vz4H4to/u4DXx5lgpw+kl0ebUKVgiW0ZwiPTrTKAzNV6xwq81R3hnRz9eC/8KioXbylj/O3/KV6ADIgvzrGzw7bSSIS4WiUsBMkrJ4jDPjFSHXupDn/10KFiGC8GZeDwo9SkbZPj3Q/3ORp7WmkmvdLX5yZBpvffma1tl8J599K/jg4XwUfK0M33ZIwwJ7Ddolu4f2PBcFyecTqNFTBZVuFrLUn/F4a4I0bYlIp/+756ajNJ+xH+L7HftIc+IZOhXpwTcVltDRona2DEiCM5162OtiCCW73rLEmkSK6O1gA5ez+K8/DC5MM6CbZ+Ngf816vvt9Ik16qweRwoo4W/cc5Mn1w/CVyxAZYAwylv1QEFXJNzXsSHbHBe54qwcvRn1GK6ed9Gm1Mgus+YYQJcEfDzlwQXAfRI9ZQ9YnD3FB2mRoK41Bq2OrKe5hHXwZOAoXj5yG1xmDeC5jHw/KmEPhyu/wvsUKTuYtwFueprzlhwS2T71MUjdl6LSLM5Ql7YB1VRu4Q+s57lsoDk8EXsA9ugCdEtYYf/QE5ArmcNppF9B7Po7Fuk9QVP0SnDZ/CsxwTeP18+fgLufD7BW0kj8oTqeWYwP4YPg9ecdo4KMERxyVLwUfgnv41vx9tDWlEEKetdMStXhaFSUM6x8/h21lBzn/2mF+KmEHPNOZd1nvB2f1n6ATMwdz8yWwpsyO9yTpsuOjZSA9+zpQtTWgmQO83udHWxyEoXZ4A5e0jYekX4nYq7MTwuod4bauBrV1GoGJ/ikq+zWGo0pFQfDod1Z2UyEvsRdUUi7Cu1OfYoV0PF9aNAJ0l3ykVW8SIdjYmlO23OQ71WX8OkAL0yxssUcoA6e6/8b9eaPh6Iy1DIeVubB3L0f2vYIWN3264zIe67Lng832OQDycvj7oxC82NbCE2X/0hZvI6io62DRkFAYAWNIOGYIPYwv0oy1I6DgpxwMfFZi++XidOp0Dlm710Hf9yKQmVRDSSvC8N2HgzBpUhJt9BeAo1Kr+LjaWNhb6c2vb92lzGln4MjWaAx4J4Lnj3nignhvuhhtA1rllyH94DoOrLgGDQeDYPEuVTxWORfLut+yzILZXOm5g1duUITHWr9AoOsTxcn+pfsdZWR1O5RctZ/i+8UrcLbJL5yQlE72N1Wh2VUd3x+5BI4TUjDvrjMevDLIF+VnsejlWnp7MpzCXt4lL3EpeK9VAfJG92Gb9gGc82seOCp+gM0ZBtDZ8JTaIpbznohCKthqDgELa7jwaCWtStfn4QQbaJbTpAXLg/mZYAx+VSrkPIsy6qgbAS+XpYCKui397a/GbEEdit80FfxVe/HCorX47ZwCLPs0k7yTRsPtTZNJs2s8WB2bS8E3d5JLti5E5/aRrtUqmrPkDrSJmFBStQ4kPhvEcYJR3OisjPVFaSSU3Q1FrxHOnrPBg9Zf6Oi/NfjvwGRoipTCpOrZVJ0RTZlKCdTl6kUS52fh4/P38MezAJo+ZhXseasBJe4fWf3JLuqXGkIVc0fwfbAG6jOFaUS4LZ3teMYh2wdhw7dJ4Fi9AXJX2GJIogF/3l1Nj6XLSO9SFgWvXAXjdKtZc0MJWSdqQLj/Ijq46Az29Wyg/s4voD1uF8lvmcAZm7/h5id/cLutK2uYKUA8z2DoGUvf7L5xvVQilN17x8rRG3BU7WaSOVxBR0Q0aNubKWA8ThwOfXjMO64Yk+2by3i5sRWslkkgzj9DTzbowsisY3zoohCIPVxIBtMDQWrDVGz0fo0Rmc0Us0QR5dIWUk75B7B+7ISLNdVAB5LArzOQz1n70dLAR5xtr02THxImxC8gMbu9vGfbBb4wahJsrdHCq91/eF/9P4pdrcLn9mWipkomTjpjAEE5YfS7xgNa7WXA9HMypw4qo9ikChb9GMfrc9Ox7qskFqo78K3IG/xfyH5sHK8C8x9MZoP93fSo0xuWFNTTk0eXUHnsUcz5bwM/F7pChYMOjKlmcMdSl2Wag+jHLWGcXtoDOZdecnnuB9qi7Q/n1h7CheUvcYb8JNBQrQSx5bs5qDKDmqb58zKPWzRhYgV5Drniz5DVXDSnBpQ+WoCp72Me2trDY12O8LilAnRl/jVas4bp7VMzyri4ji/V2nBKhRosaurGxXUrqcBKElWklWimjzO16b3l0IxOuHavH0OFosC+XAY+L51Ox9qW4K33/6HzxpFEJTWsrSDDK25+4/nLisjl3SI6+M4SIhvySCw0inyiV6Fm9xWM0zzHDyXLcdHdT7j2/Sr+EqtEkqJj4PY3Y7DUceefuVtYP/QuVlz/BmtNf/F/v0/wQX4DapIrwDRUA15pXaKf0w5xbLcrpef0U15LOTycfRpcC9ShdGQomZtIcW6IIPRVmVCRObPUET92iRrJyW+GYdYbJcg6oghCkwrI7PN+LHtBkPM1EidIL0PDI22wMUiC27dUo/N6A/QwPkxNwc9AuDWMHGOEIWJEBtYWXoU163dTxGqgx/cRps/bjelv91HAvb0YYGrGoXFGUBOcSVkTEuh9qjJW3xoDKjarSV9qNyacXYvb9GVJIzaC3Jaog98/bxotXssHe1LxhmIcaieIovtOSTrzbzFsCLhHpUsmc461GVzS8ABjAw2+XzYO/gqs5tiFwTz7pCPHBVtxYKYq7vs7jTwGhcAqrphTL07jbx2GEJW7BzSbLGD+Hg2SsA0mhwfisPWxIMpriUD2j0K6uicUI27toZjNW0itjtFmiyN2nejmE8KJUNnsyb6+oiBs4UAeCm3c3KKO1oGCbFmTxSevlpKhXRILp/mTUm8cvttMkLm/AQR0lUBcrRM+O9+htd2XcFe1DF42NcUQKzfUnvgFwzw1If/5B1J7/pZT7BVYt2A6VxqeI+fXmnj28FbsCZqDLxdKc1C6DhwzOcyLw0djxvZG7t92ksymfIUyp1mo057JXc/WUeOawxCYMAmODP3HGZXBpBk0Fy6YOhD8Os2FPma8O3EWfDx+BqNlFdFqkg6s0lRGcaVZNPnQR4pp8MGqoSI8o1hFdfrZnNZXDTEym2ih8AhwjAsCtYWfsF9sBxe+v8lH5e5RXooqOnIt2bsNc9wzSzRsngC3+/7wcokJeOLeNmj+Nge3LW7n/rF+PKyqTKnF/9ChJgvHGiiBh04BSzb9hkMji6DOfj/YVX+kqp4+aFnzmX9cLANZZ02U8jMHx9WTsaXkDP3w/8sbE5L5rKEpzSpy5J9a3vTSNRbC80Upd2AS2NdtxXK1eExd3MpDdbtp0uKV8HSkCD4vbKC6WfUc1XgG8i2N4NPLKRBl0c/FFnU4FtTRTXyQRIeSWbenm+oL5uFH3/MU/t4a/khsodiZ70Bk2moyk5uJUqpO0LNsHC1fqghy/R1cEHcUzSIlwWVGMc88sZyV5FZi+GJPsFLewxMP3EFNDSN+rFRG8wqGyWm5NjiWv4KnB4Vwx6EyPKafix27dpF5Zi2ljT+Hyd+UIfBVHCy7rgneprf4X8w+ln69FSyX2vP0pvXsc72ciyQ18FXOazqbE41xkiowxfMHBY66i/sflwH8XofLc9/A74flpDzwhHN995Dl0VgIPCsFgsfU6PajZdy+soFTE8L4RrwPZ/3yoG9fptC9+zp0xb2FReaaQMXHqezY6cMZvxs4auYxuhs9CtVPvue7xkt4cHEd6a7rRKE2BVCOWg4f7F/RqDvO9CSuFBdPvkKp1pfhcbIUtuci71r9hfykdSEnfBNuCHqEWW9COArCcb2uF4W7fOG9pT5YdXIypNhXUPq08SBiJgiyqQvAIX46GRkrkNJ7Sf55Wx7emu+CH28b2PmGBpWJTICsw4l0aUELvG+qoIn7+3m5rygEbg/mtNO/qPTLDvgxS47U8yxBacolFLAQhaPzAyjGK4FVyg1pY6YFCJ89Sz9HbeF7HsXQlG0JwblR/NxbgX+9eEm2iak8Y+stWOPQypkpq0n+WREOuk3AQHEbWPO7BJbPWYO/RJvA999uvpddynr9qyla2YMKmy6AXEcOyebbglfzZqo5NI28Gv2p+O0ZuL3ZHRo6fuLnHl0s9QjlptxnmN1GsPPgeegvqaG4enE6NuUDJ4xnaL0izGIb88G/9Aj+rNtLFiv1YbPYKa6OWQgZj+6xZ/0pDN4ZyFkDw1w2IgcPPRSFrff2s+gFTdCTPAaFG6qoY5wg+ihf5v0xR3CW2FywyNnIOd1DcK9dnGwGxcFQZzwcfP+YrxbtoA2pkax1sYQvOF6FfwfXw50GZST9mVQoJgeGTr+h/s9ReHXgP1rQac36xyNxcqooqj7ZjrnhBeD9MxpE2QxUtxyDzSKGlHLtO6yJU2eoW0+z+kdiaNZ22lfvjde754NvgBAc+OIDP5OWYDYE4fvL16l5Vy3MCl+BCfYVJOCKPPN8P857bAqbVUrRwF8Xc+cF4GV5F3jxYiw+XyAG77uLaWfrFRLqksc7DdJwEPXIwfsGBZmtonFvmjluVhfJWAjSqvFfsEU2Awcqo+jrpvFg+eEmh+gYwOZ9MvClciE7ZcriurmNUJzuxwNvA9BOMZRVKy1BZaQFOWkU0U/N76ARXIqLs/1gUq0D9rh6U3zTFE6d6YkGizXgWaQLeEwXoe+L0vC46XjKPuPH1Xc+UmTmRpgQVANjC2opJVkRXqlUcO9TW77akQbC7QUkql4Me07PAebX6C65ArTnFnCDnigkZ8+goYcPqen5A3ispYBnlr2jT2ZnOL/Kk8//MoeGWd4grDwJHqb5oOPttVgcq0cxts4wN2gqW/hewk3q0mRb/ZFMf0fwKbIFkzonjrD7S9IOKqwRMZ7uNX2EO4uMKHPTNtJKzkZdLWX6e2w8/BOeQWLfVFixYRMJvV5Lt79t53fW86jguxlbGHiSbbA0evvZwMQoc1QrmAMfHL+iz7plsP5VLHlus0MpxRTa7TqF7TJv48hJEyG96R4tG3cUdoU186cfSfT0njpXr2Q4v30knmkPpq+n1vHnebagPG8VXAk/ivVCp7FUfCSGJzvx/bNzQOt4HcRPFkT/wb2glScM8wTPsPRBRYrc1kvnlngSmL6Bjb6uJNxlQs1hxvhUsQ8fF4lAqM4QlT2fAHo3d9KbHAFK1N9BrUO9JNAVjdJOhmRw9C7NPK0O/cfKQXb/VPw9yxN1DCRxXPcdTjHrpVa/r+T92Bw7ksRZYhnAy4AlqBn6GD0fP+InJIG9as38X5AkfX84nt4H9HNVRirk68nBazsdnunrRl4bz/JoVSFu0mtn3fO2fKZUFqaOtcJJ8UtZ6e4o0PCsgt6/IehsdRh/tj+hy6mBhA4LOEDzPf702c/rlRdw31oRmGclTVX615A2XsPerpvQLimC3XYFeFpAGC9xJB861EBVC0eBgMtGXHJyL4uusmWf1W647XcJ39BZD78DpsC2ikC6eLaFTBIYPvt/pp5aE94qFooxgW3UpybNW0c1sJvLauoTaYMNQz8gMcYQPpqsxN8uL/D6uyrapt0Kip/DeVzVHbYRGUmGn/aQa9hWVlklDfb3TeCEXzCZeZWDtGYzmj5uxJM1jSSlKEPyaStZtmgtPTLRhG9nZ9EzFRG+tL8Vpjfs4X81Arxtmy8Oic+DEZNPY6XOYui0lIF9ZyVx7o0mXP9CAPeb1HLiezcebv0Dlg9sIP2xNk0UGA3JkybCoQI9TFi+ly+ZnyZ5forWLzeC6fxr1K17lSdeXYlb7III/6mB8otAWFRbzE0eF7lk4DD7Ggzjl9D5uGzHDRI70wDqrnr0a7UkgFYXCPnFYoPoEBnzVYh6k8kCM7JQaPoeCkm0BQVeR7aa1uDy6xPpyBehRuswLPzzCJK0RuGRDTKwSvc4O1i3gmf0Yy4VE4XtqjNZIl8Pv4//AbfSvKi9pJi0EuM53ECJtJuEiN9vpaS90lD9aCPdDVWhJ/puPFUFUFciiy6dqETjjYfJuGgLlLe/QK03GjDTLIt7gxaiYoY6y9uUcs9mBfL7OJk9gm3g3Dcj6hyaTy6GoyDunDdWXS2g4Y/F+K2/Hr5NboBxtnvgUXwJPZDZAE4ui1jvpD64/RykrisquD7DDB6WTYf9wbUsdNiXNzpk47JvJ/jk7SZWkxWFgClKWLR2F1xZaULFX93xiGkBj5u9EUoinMn17hm46xZH8jnj4aq7He8IG4LX66aw4cgCDtjRiWtfr+VV4nYsJTGFl81LphVDQmDxAmlF0AESmB8Bl3d2UUSpBInOcWPormQb8/l8Z+VdvpojBaN2Z1HFLWS/nUbs986ddqvMg82Ch1FBS56akuXwbuRR1vhjDAsK7rKk+CtMiLiDrxYvB4FN3+jwkAnaJimB1y4A/95D+NV4DJTNygJTyxg0f34Ck+NuUs/cjeCSo8J5jxLBoP4T128XgJh6BTB9sJhO0yd4Wv8Lr8nI0zhFB8xusUEHj8V4a5ECjdd9BIf2qULsx+3Q6JSO9S3OZGjbg8KCuWyxK5nlbT3ZpUsC837PoEOplrA1l3Ekv+Nj8dY0LTebyyUjqKkgFey9V1DWOEEo6rsNY40EoODHDhiNhpCy14u+mkdS9JcCkt89Grrta3GLVA9kxbbB+OMqoL5rETvH1mKHRh+fXxlNRzu248uW6VwxRgsCIrp4dfN6mLhbHtzMXnHnCgvYpCiD1jH1HP70EbRYyvLncltqeRtHP6GXP0mpQ5zKANy9ZAaPDyzF21ufYe7Ea9iX7IHZoW4wOnMCXWhwwYQhRVBQ34q7D4RwTdsEeKN9kVRzD7OLvBOpJdRAwLbpfOz7KE5vIigZUKcDO6TJbsga240u0LxDMZise4vvpOtRUJAEbZ16GT1LBGG3yT66KZDCDv/lg3HZCd6ZKQ//+jIwK/0ArDp/hROnHKAQBUEIMi+gl2Lr4cvXWKxpKcW4pv0cZFbHGbnbSWRJHeqpPqG4YAOoNbDGvXFp7FnUAr+bxSDjThWsPEckljjEN3R06dB0XW7DEfD2jyF9XKsPx47dABF5URyd9hQMQnfRLCoHgUQn9n0cwAaVI+CtpAAJzRlF61YMwucRWhTjW8DJo3aiuZMjHjhhirEdynhqkQxUnndCR5tY9MEcar83CoJSi+G4SSbvWarHYoqXuHhLCobkyEHo6p30oXkAio3vUEmnHbeVt3CneQsX3JiCJp+HoPfZXt7dyNA9ugeNF9tDsN1vWDLzMcw41IG6f5jlBg9Qb/gr9Jn6H7QFjgLHvDTQswqnfY8PwrCwM/4WuU5HF+rDu6el1OfoAw27RsCmJCUwWRuDm1ZO42HvRIzqbAAqCOJRN+fSmzm78Y+AFQ7MG0U+MxH+zskCrUx9qiuIY6VQNaj4mkArr5eQz6fJLJZUCgd748DtuASs8NnE788eh3FfCUXWnOXc0AjYG34TCl0Ucceyl/B4XC0FZE2AmifpVPTQhg+XdYDviak81WA/3db8RxN3beTM1mH21P+BoknjYWppJWQPHaAVWbp8bG0n5cs5QuY/QTiYEcu93a2s4twE6ScJFiplkLpHF1fGteJbvRn0vfgzXPPdi+Yzl3HY+/d44WwjTtW2BctUR7izNAWkPynRwwZz9FI5CSPMmsj1ozvdM3Hg9rsbUbOQ4J76Kh7nOJ6D4n/g/aJFLHgqjOiOAN8f2AaZzeqo+ofomJMQvJz3glZEjMaxc06Rut01Nq4Jp/V/joOgkzt+1G6hJRkLcG6oGOyRfUcT5twH7dGO8GTjH9Z0XwxPxaJh+4IOljxuwiMXncAde2RhqCsRl+deIfF8RfDv8KekyGsguuEVvZ1mga+fzoeDgpNI+6kVmFr60Wmtj3zhUgF+PzsAnYfPk6FoHtXZNpPb0EMUqamlmRLqUNFcB2FfavhP5zSa0nQF0u77oXLfSY5N8aNTlpr4dUop+SwRgi1DtXj/8FS6+ysMj8lvAbEQYrjzgdVnroPgI97cYOTFZm5acET/Am/LVaKfNyq5dUwGzFrryut9g6i68xdIb/+BIYGnwX+1COSJnqP1au/Qb44TlMVtx79r7kPC1um0uGUXB/R2YaiEF+gHCMCRy+/wz3MNCqTl+PzCE97zeRlLK9fDtRmXufJ2D748/RKTZttB62ElUno+Gl+SPpB4E5xy/03/tunBv7rprHO3lYcFb+BpHS1obVHiS7ve0eGWZjB4/hUvfvCETZ4RsGzDM5idNY/brtrhCpvxcLXfg4wkl0Jo+g0sq06DHPEneCO9kcfrveBPW/P54nlJHntQCAJP7sPlXca8QuY03xj+ii8WXsd/vk/B7sxaGDC9Bl+zOnjXR1Mw/WsLzxa+pAmPDlDaTgHeIfYEb0W2s4GHCla6mpK+4BOMHScPcv8l0vPJ4RT4QRCTzxxmvWuqZLHFmhM+j8aSJdKoGhVPCwyU4EbpOLijV8kJt/o5adYDDNmbwMIrdmGRoA1+hKfgcGs7/dg/Gfa3M99P/wpPvz/E1yabKfjeGlj1pB4t5wgTR4fyUFUlufYZwyibN2gf+5NHNB2gNTpr0fNTG+xcH0dbdraDUqcaKTQY4l2TsaApcIiSTx1FZ9utsPLcCbAIN8WD7iHcvLiCnDx9UO6ELIxJGw03JJLweJ0oLnBdC8t/rWCBqW0w8e8GSBKXpSUiO8hE0AEO6ZvCstk6uH7bVpyV8wyXnuxALa8RLDZ5KbX9bOSQihroeTgRF0SZwX8xJ+nw+VRKFq3Airy7hHsVqcL5F7FwLni6BnDDq2G6kCAJr8aMokLVt3zw1RwyWqPP0WXDJDjnCSZmMZ5PCkePr0uod2AsDLvYwPmJRZB+dSLN9DMA+V+GWH/YCN4PvcOEBc9hSqINDJ6RhR3GO3h5fhwojIrAreYqsHaeLG1wtOKwtnpc9cKTefoEmJNtDA1OV6nMOJbDyuJo2ZnXdDvzHnuPisA5+6ay2zN9ePbxDGQ0ToCZ+it4Wasear1SwKD592Bh1SkYqRmNPqXLKVHUmfrOl/J1EXNwSHsCO02+oP6NG/Blsyr6D7rh3jUO8GjMexJxieEVCVFUNFIPdr7KBf3w21jllYSVe5fxbKl9dOiaG827lgdLfnYx7UK+1z8a3Lel0dInf/nU7hq4GfCXXzn2YflsTfgv+hO/nzQGg/YksfensXDB4jzcjdiPXpPLIVjhK/tMnQ6Nw+t5cmgBVm6XxV/uraC+VhkevXPiJau+0RyH+9x3dimIn27BfSNK0ddTHI5Z34BRiwLhnroSxAYQn73VhOlXRvPhG0n04M5NNArZyW/CuyFqQQy3lAXisUg1eD+qEJqfKsA7Tw30GneSOvfawY2dp7gmyAsmnGqEX2v6SDN8DLjuPw+69k9B86w3uy7awmvXNtHmgdN8f5Iv3rh3AJ/cHAUlHroQ3fOIJ25AvCipz19XKPGK2eWkvk0Atq+1h5jqCZjnrAJ1U0VgzFMherkoGq/b3YPgA5/goc1Iln3aA9ZjZsN4EXPe2nKf79eqgFN4IGaGzCJ1vWkgsB1pjHoYfhKYC2V3dtMgT4EtD8fyz3prELSdik4jRuGHD4Fo6zsE3kXGqJ8YwPGhtexkJoC8PZOdi6eAa/YK+HF1AWo+qsfhjnd8boIdzFsqAK4vl4Dk/U/YkHgdlfS0YJbpRbzk6QBHqpMhzbcLIPYVDTS+xiXt3Xztyyo8a9nB80AAsqJ96NPXJI7PeE+bvaTwQaoIjH1YgArKZynyoANSzQRqH2sOZl1b2d1bm54tj6b6Cc1UEzMTgkcnY7TRbBoweUYmbweg0Uccfv11A+GXWlStlgDFJq9BK6EE19Q0sEbgchpQqyaXHY5sHm4Jt7sXU4zNYoorsYf8slHYtfo+pG+dSHG+GqBjcIpzpOMoSGsUyIIed5RspSHnfOyxek0LdizGsTd3w/t/AXhH0RrXCa2nvV+kYeKW3dC8dB967HzIM5K0cGbTCkp7+oQSwopQJf4k9luFsNw3cbhgZQwy0gZUJ5+NAU1l8FD2He0PE6TAw/f4tvh1nFiQAseXjoTreZE020uI5KOC0d9/LGwLHsI1ziNgeNpxujn3PG5S7wW/SXrw6Vox3XgZzImfkjBlsQElvhGElZVK9K22lFWmnILtORFw460BVD4phtnjB3n2PkXK2qrLPUdSOO+9DviXF1JRqjSL64tg0j47eFkdxr/Fj8DLs0fY4+ZNvLfpDcw5/QhNgyvB8FgOnn6gA7N7dKBcGaiO9Li4pIxEXglhSasn/w0fTTrvrmLRkiacdeAPnRfTgZd+88FGRo5c1Svg6KpDMO7HHtoxUgFO5HiAed0XTvWWhwqFUaD1M55mjnkDM9b95lU/y/jYzE4OqTUl3axkml10ECQr9XhX71gY29bIDaNWoOWaJ7BRVBuFem9w1PMwFv48lsKDtvFfVQMc6BeCZUIilHJYnpuWEsZ/uQtLZh/BP4719HXGKZTYkUNvfohCqqI2dO3NZ7NdB2Hj5JUw608F6xqJ4vqGh5hQKAhysxth93ZrlFccCc/8/9LXDV/YIV0ZL2y1IdcJrlS+swQU5m4Cv78JeNOoGidvUYV9hpWwZeAh6H4QglTha1w/8ixYBqbwDv3l0FbThuFGVhyarAFVwnoUOrqJuqWjUck7mzFqLeCHMThwMoYdxzqyW/VbDgdt6Bq8RgVbokir6CBMAFe63yQN6W86aJTnbFpWORZrV/txvpoyzEuZDRFfpsGFps2QvO4uzcmvxt7gozDz3A8eTHhLF44M44jLkqDDm/n9z9ng91catRvz+NMsO3QvroY53bWg2svsqZ6MXgnGcMBnAZ3eYsIzL86H6IdT8dvxbfhjexS5xytwts1UnramA3OkJ8NWwa0cXDaHZKIH4PFJTZ42qxynCYuR0Hh/WpejgEfL5tPz5/Jw/tU2iF49BO9dNTlH7xa5vQ7G3soDbD/CHUX8nfnFz++0S0AVRp8YCdNKM3mS6CZik13wZ3iIyhbeRoFAN3i6y5aKbmfx0QxtmHPOn93+xoHL9xWsHyQLRysfkL9pCnTnbYPLKnEc0XyQY+1U4WDrfzBkV0IP/N+DUNNu2nT/Cn+proC+l2O4dfx41JFNpZT7tmC3eB8dEy3HBQ656Corjo8NqvCkVSN/W0bk7WJH+bLu1LZyImxPSGJB+xvwvdGUDN26KFspH/Tql6NLUSx+vvCH6gobwSfRCj69usfhTetoeZU5XQ44BHp3hnGhRC6V8hhKfzifl+utoNtWYlAsoEvVt7r558EafKe+HnXPtvACzxIYsUwOhXEinT91ipasFwanm9MxveU6fv3xiCdUd9LMgBk4vnALuA7Iw1WLJH4b/ZArXkrC5/qRdHLiNFSXSwEj54+8Pvw+vWjaS1m7FbjE5DRk58+DgDyEHXmhHF/hzH1HullV5xBpnQgCTh2i+K/KvLRMjEqlTkDXU33wqP7Bi/gahYR1w5zbwZjnkgqHJX9ztVo32B4bgYXRtUCzZEBDLoo6zlbgGtVcdtU9StecTPHExEb6Y/yBtRTX0tsxZqiprA4xFd9x3A0kp9MWbNTtAoPmopSjkYpts9oxYcVOdrv7mvbka4Bd0zM+cKETHBsL2TlbiDMcfUn3bgH13DnMRo/i+Hy1COpEERTvsOGECH/27XmAkR82kq9bFt5sMKP2pVfpT/YM7lm3A38OGMKTvk+4xzkN20WseMQ0Bdo7Xosaj7bA13JfaHYT4e4rZuyzTwTsD5iR1CUhXr+/lHxWPaG3f2/CkpNJLPBuEtWHCHC8XTFsPSAFZjIGNFhxFG73ZsGze8GsX2XChSf7wX3PBHa3mc2zZq3jBntBaBA3ochtX6G2+QsfeZgI49Z5o/npGdTS0IaXU9fzt7WOsGD5ZIjxyeLgbUv5hEkG12k3c+K7j1DqtZwSxPbh0+9zybpXiAI0BKB+TygveHkD+u8soC8/2vj90U0QJzmHli86y+Z3zpBorCvHzmTI0daGk59n0KZyGWgNKeG6Q3NZccdSKmq1wetXNShKex44+5tBYIExZGm/gMo7sphiM4q7Xi+iOyl1mDhlHkavvccfdieRcqwWOM4tI48p/piZ7w6wwI8S2pFmiwaAaK0wBd8Sovo5h8HQVAcuj4yC3XMKaVJANLctLsHX55ZCXFkdy6V3wa8oIU5yqaGBUAuY9+kE2PaZkmtWMzVXD1PfcCgvTQzgt66XQffUAWppc4THKaLgtTqDV5r3g0P9JDyyrAT9vivyAucWbJJOpE+HKrHe5jUcsVUB00uH8JzHAM6RPc+LbUQp81QYf5j4DYq/CrF37lZ67HKAzh80BlWtX7hj6wq+fXECrxHuJ9nosbzx7Dzw8NvGWyYfB+vXe3DaNkno80mF2lp7fnsoAiS3nqJZLuoY7ZRIz5q16eyTv7SoZCQml4+Di/kTsN0mBaJSJvF39mKF3FY4nnkYK/47AzrXOki67jSf0p0MJ2PHUnpPAc1dtZo2532n08lyNNVZDkc2raQq9et0etF62OiqAFnp31la6S6IuSRzYN0n7PAZi4s8xTCxzRlP/amksYeqeIhlID3UCULKfWn7ektMu95Fs22v4n29AdbPDWXLyqUQtVeDp+mpQm9dAA3PkseZC8XJYXMPzhZQ5gwVJNnwaJRrnUuz+vbA420KgJV5ZKR5AkfGIR1s+4ODbRNIKfQqTvlljNo2PWA7fjJfHzSHafnetNs1im4UKNHCShNetuYLvFBaCP4PUuDnJC/GwFQY3G0NUwwFwCd4Om6+R5A2XIFzruhh67QvPNVSFkUPK9CkqmRWVjEBJe08NtzvhDJHL8JSER9+diQRF7+pQ+eCmyDkGoSiD7JQImwKfMlJZftVjVhR7g9X9v7D8vxWGj8rFQu/bWTh22FYkyFHj5z1IXP9W+pa7Yg3xljQlksDdO74YhQ8M57ued3ia1UNhI9vcqqzIKiMWwDW5oI4t/QgZTg7cp+HN+w69JJKKmy5+5k21V4+isr9aqChXgYdQ9O5anQnmjprUt5kPyx73oR7NyayVqEAJ62UZpkQU4jd4s23Fo6C8HYbTMp3AzWde7hFUYM3y9qRZkU2XknZROmnNUFHfxmKl/3Cv55jMMHfmd2vrSB++Rnsrh9l1n7DEUXeEFeoD03PgunEgRkgHJuDDSbTAGNCcfm6Kh4hngERZ6ax11lfEojWh+GL8iC1SRe9YhqwzvQPiP724ysy43jQYwQFPHYEb+UIWOEmB0Pla3C13Ekm6Y0c8fowmHUWw3obLTgRYQHnjRQ4xVQd5K1GQ2PoXRD//AJuN5SgVuARWlPtRr9Ex9MHh6XwTjMQ5m77hzKnBODnDgdKrNrP4z4eRpvONVD/4CkaT9uGQs+7QfLJRrA4Uci3RghBdro/Fz/zwbyw6bC7OYbO3N+L53JbqOpuLK4sOEIGKlYsFWwB/37+xZn+yVT8ThTOTxXF5K8DcDllIXyP8ST38zfxlNgTaN0sAaoVWhxwwxAloo7D4VdTcdck4iATB2qoPQN5eT6w/u08uC4uCH33y9HieAJGpi+mwL58CCnJBpve1VBy5RGssdoFv9MGeWaqFBhPnswmH4RgWvQkmOB3gIqVnMHxpjT7hRlz/VgLNoXzJLALoEBmHthN2sML3s3l8XOHuadIH65CAiY8HeR9uQIYUS0GM5wMoP/BOR5rEIFbF1rzrwNGmLk7GSftVoKRU/Xp2jdbeph7j37OFgO6mMfdu+wgcmcbDTxU4f5r6rCkKQTcam1RPPUPdSaO5lbT8VAy/g9t+t4J+W5hbOO/mC+qirFccBA+0agGW5HRmLrQnxy9J8HtGfPRKBTI7FwhT77sA5M26uCyozks1mUF1erLYcutNPojC9ByTgrL5z4gFyNpFrc+h5+1j4DSvEnMkSbwNsULTpZvR5PpI+GVx0WoSn4D26c/QL+wF3BEbQV/edZIWmvcIXtpLw5fLUKFtCnweoMAdPpaYfft7zBheTjCVAd2Uh2DfpFq+FMrgxTvqPHGDGNwq1XgpbWJGDHdHaQCSzkqwQM+3brAV6o7oUnSAc5caOU3tkqwYN4SdN9WDs9TFrLbaiM+8+4Hf1vylOb6tqDp2vs8XlIQ9f8qwDdZU3746QjmDfvBpsV9KBk+AmCKNn47YQbnifCFyy9OzraBiJDHvPDfF1yeaciHd5uw6fwK/jjCHVzif6C3wQGuddpDd5eagYBYJmUuZ7RXUoC1Ucm0TIhgtdAWmCsUgmmOfpRQkY59UkKwsxVhcmAZZCaOgaDOLFALvYCHv18A6Z5haFdO5/ffbWnePivY6L6Pvhsuw/VCA/D8gCgdu3+F+tyl2WTwI/8Qnw+uUIIOdUKgquCJvo8boOvCJZaKPAwLZC7DeElrHr72FAKkRMg74RyMa5CH1TEOINo6Ds/tCoClE5LgWd1WUPMwgSeKk1Ez9RT8F/QfNZipwop/vfT88Wv+c3gmDxU+oMsBH8Ek/hE9ad3L/l4m5CGnyhlVsqBxuZWulYexssBvytfJY7Os4/hfpDZUfdjJliN+Q5yuPK3JVoQt5x1QIG8H7Da3pmdv3mCN4XLwTNZnO/UldF9ChQ54lZJ1ljBEBn+i/ae3ssTsXJQfGKSce+4Y4zSGxvVZsZ5EEmi/rsIXLrIw89EX2vJaGxWPIptpC8DxOFuUbdqOvyeW8oeTCrh6WyRXT1GAkOQjML3Mlod6V+H62884cPgU/U7+hTEXKlAwcjSarheg4woT4PPQS2w8NpnEL+bTw3BjSD8iQa32y8jtshALJWahyL8A2ucqAeeSx/CfTYFkFPGPjoWpkXWcEdx7XQWObeGYFv8fOWXGUX/GBLCYcZtXS1li7ZEr/F1zMduo3ubl+SNgj9NOWqQeADnNWlTeLAa6Fpd53pwa7Bz8R2or/7ES6NM55TRYPlaFJZfVg2HVW3qYagLfo4vp5IgIxg0WPO/wYVK0vM9ZVS/Ab281iaRlYX35a2jrtYGyhTPgm99CuIIq6F4YjD8230LNlvmcW7eIEtOKwbb/FY6eYALDyb34enkLP3GYyweO9VBYawGZflzPjiu6UWHOB1pquB1OWptA6H8n8YfZTD4n3QHlwpmoobyG06oWUpmNMNaGjKO7lQO8M08RemM2QdT0K4iy70G7N4j+sz5DEfvM8XXTLFzrKk39la1otngiZI85g/cm1tC6nmcQJuCCkwc/sNN7VVit7EXest8BFL+jnaYVRHaHkDoMULf+JsA/YynE4RLIczKtW21OQRmJ1IlILVMnwZejN+HYFUlcpp4DA9sS+b5QBZ1o9MfQx0do+wk5+u+cMduW6oH3pB20ufAZDrUakO7KFeRwJBAnevhD9PX3mHVkPjv3C0LjVYJ/u4rAyHUpPkp/xgMLF1O+nhu9LnhBZ+TiOFPTA8Y41cLOMAXYXFTLgyM2o1FVPGpM1GSpgdc4RtmPPSTi6cXUJN79xZvuGhM8+lsLVgMV2LzjLJ5wzILxC6fgk1m9lCBaDv2GcyG2fQNr6olBjtU/7h8piSMxgTfr3SbjQFUSOKzCIovc2TbyFyQHu9L8YHlw+uEGoxvUOH9BFp6tugWHjD24f3QNB0QGQpDQITLLsUXyF4Nv4p44PSeN7tVLg9Nlhnsjmykx4ixvufAe9dpdYcKmFTRluwqMq11NiV6XIc1EEN4clEfT6aZUbATUkxVHyroudFt5Cv8QlIJbzyNB7LsXXXPfj1+ifTDS4QfOcLrMsp253B7xBD527CW0mAipuzXRYWklTF8nzQ0z7Sjq/jES9XDEFKMeXmIeAKfUrOHIIz2Y8CuF+t618sWMz5ileh72JTqj/cPL9OOgBMLNtbhQuYliNytCtIAFb5lYQCeu/uQ62UaonrCGb167yvr1R3npXHOufegLa9+KwtVhTZTR90bZhG3gfNkYZRVe8KlTqZheuIX+DktimMpijj8nCKnTDsDeAUnM3l7MhbWBvH5FCKQVJqLbmkiK/a+fDwz10sVXqrAh3oa+pTzAGtttuELFAufOtaZxGUvAttIJVE2c0eSUIog8EoEH04OpbHAcRf3Ox5beZp7xwBxrx+rAO2cr2LlkGQfcrGCdcfIw138uuGd7kO6+XBqY8YYMn3lBimombuog1AvcR15eArBzxAgQiIxhpaF9EBvhDn1GlWh4q58lBEtgjkwE3MUwOCN9F2YkmcOMwBl8SK2EtPZH0PKBpXQ9p453XHAleyFByA66gdlJvigZNwWWTZsIB/SucVhzP8el+7JQ7Al4N1kE1dfI4IwRH6B7/Sva7icJh1cSnh6dh2PF54OLnB8XtIXy9wevIWCEAI/9u5UN7N0x03gKBEkZgsmhiTDJ+jfefhtCtye78Ol+Ezh0iSDRKw2WL80A38kTIeTEKTB3fgUt947j3BZ/tim8Re+zxXD2SWG6MvcCNmrcRBN5E5j44CeN9xNA7iLQ1tuPk893QO7nEaBWMQv17UaQjOU7GuujAtO2CHD+5B+4o9iYnHNi4FzUbUx7GQrxI09w2+U1dGiEOQqFKcHWnPV08NcOuNyqR+NZkcarDcDuOGMynv6QvRY/wV3WopjcLguP0BZClH5QeEo9N70n1HzwmaPtfTBP4i/8mXwfdRVOQs5jPRjXaUZmYVdwpkg1kLA7fOAULEn15bKqLhQVroG3961R+LgtbF4yn1JS3sBn0Q1c4q8Ebbd38KPJSrBwhzGq+VTygMpoHA7UgTkKU/mJ6Xp2Iwk2l3BhDckMEBu3GZNL+0nmig4ZoRAWG5tBnMEaSImM52mK1zknSR5lnZPRd2genbglytNbqrEwQwlPXTABrcAPMFR8Ai06GvmXrBMnn/sAmt8PgqnaR/R52kdj3K+Syhk7CO4ayy+idalGoI+erynC2N2rsHmEFUXcdmetNDXcbrmAEwcJfs4fxYMtYpxdc51iDybxcfCBtCm9sNhZCkWeu8HzvKm0IcEc2l7O4YkxRrzK9jddm32CC+N0eeaAJR8xPw2znXThvEAeaARZQuOLLqqdpgKPl9TjuCUfsd9qFZiNWo4TFcN4YNdODvlPkn4+YLilMJ27/y0BxXkumHwrh13i/FDF6jB+i35MLQ/NsfeqMPcuGgtv5b6hZegNTFzoR+/iGgGC9oBl8SCEd54iL8VgTk5K4M5lGtBjfZfH5qngw7Z4MjOcCmO/rgfbp5l8umcY35ytgfuThfn3GAnQOLcQllpuxCr7Q/DmUxzJ5OyEv5ot+DhqJf7QvIVbP2aB5AsV4CQzsEi8zx4LV3HJrxmgPrmW/LOesLp1Oo80akLnbx609w5CsWI1iNf8B4axPqAa/Y82C37GxkZRfFU3jZ4WnKZvau78NssEhAz6IXg4gL8LyfF39UsQlOuBN682s3C1EQkc+gKnlDto9T8bCJNZyYqKJ/BR9G3Qv9qPAVIW+CnHEvP043mUGsEMjbPoK6oK9mtuw/UHO8BYUoGFvevRWieLfg8L8f3V/7GhyAcO+9iN7mXSsOmHHbTONoNKJVFseTqIYSYlsN2+H0EuA8zviqPgPFvY2KcN5aI/sHLqbb5u3MTCbmZ4VdYQ1F9dxzl7A+B+fihb9InxfjVF0L6uxYG7MmDb9hd0f6cqPF+yG80KJuKy0RH06fM8/j3Wl5JWSMB9r3domHUJZvm383dNGzx/5iss+qVHMudS8VH3X5JLZ9Qt1oU3+63Bc2oLvh1sZzI0pPrMcMqdMQP3OaniQ+1q/lwaz4tuCkDUxhMU8XId2X2VR/whRz892uC20x5WjHvJNuPaIaVvKjXukYMzqX9IoaADg1dVQN74l+AbOYi/RyrSgegN+HTRHjjpbwp6BiOgTOQkPNLogiDhp+h+yhGN1EdiUZAyZiYU0Z8xnnDLx4jOPxwFIRveoYBjKiy2N6WrhftA9elzuNagxtI/H0HP1k7ImncXhL8YQJW9Fp6N+AgGI5KhRzqbpi+/CevKpNDw518orjvJ7yM20bMuDYhd/Bd7U67gc+3ncDk9hmUr3XhSuxLesktBeyFkd1SkF4NS4LD7GKuflyQlxSU0cNmdDJ9L4KMUZdYdlciGX1TAavwv+LtGBlxXeVH/xrXU9lsNVufsoRdz/1Ku8gBk6Q/Dolk5cKzDl0eVioGbiyc5/DvLnU/rIXnFTyqd1kGt4d0010Ca/S2byfFGLZ4dKQz7ZhmAqXAzlcvIc8p0QaCl7iCf3kt5dv78p9gI95Tl0YmJApDg2YQ5Stl40ngEnohbTNvXNuKExSdAbF8ezU5vp8bfq/h3jxaERARizJIijBdp5fyjhazhmkp2oy0QmksRgl2w1yQeprMylOkrEnTn0o6e7/ROrA7dO41ZaWoIXOx5Tm0qCiD4cB7MuDwJjo8N4YQXJdT7KABbX7jyeKev+GeonTNu/eY9r6aCvMZW2BkpDoM+o2hViwWf7M6guGJFUvC+gCvto3FqjDneEEvlw031zB0GsHDwBllnzeMPn9eQ0NwKOl3jTuFCjmSj0wljuQvy187jliEl+CR3C/y9DfHpukFQeyWFJg9HwpWEz2ip6Y5Bs65Bw6UJIBqvCsL2W1h8rhL3/FlAzguVOPVX6v+Iuw+FEBQ1AMD/aNBQKRpaKNpUtJM0aJjVKZUURYOMjIZUpEIRIkRSIaFklSRpqEQiZKakjMxEC93HuE/ysdPsVGj9chLaZmbB2oIr3OItA/rbTWC/vhaaqDRTsjbQ1qz9EKU9kRO0dDEf2rHLUB5tjMfC/bIp1DVVB49XvgeVc0l0Ypkez1pli2aNUShl28FxhxUh5rQifNskADv+PqV6uWqq36IAm5XH0PizajCvwAjtfy6iDq7C5lpZ+Dn3OcQ5/cJZoWaw0y0Qo2zWgWLkKPj6fiv3CViDoMBEmJIpDdq3o+n1mTLyj5SAM/OOo7/kLRK1E8crNRpcmJuHayeeIq07Y8AI1LCu+yY0aWRRwodWevJ+FfSeN2LBRVdJL/IX1t7eDrcOCMLerDWYM7YdRwV5gcrfL5z36DFJDz8khf/K4VqeFK9pUeOVq2Xhp44V9Nbeh71+e6lX5w68jtvLvs29+Pa5H+wQs4b9yhr4/YMOqEdv5AOrj0Hm3SQsrpWGp2ER9C28kJm/4QwRdVR48gIyhQ3Ba5cSz53dTlj1DWx8xuLWHivOPjoNMx/0UdKur9ilupwDFE3gwgwjvHHlKpSmf4DvD1Io08CYWwNbwVtqM0Ztvokzp3VCvLY0mOIIqAyeT1P3CoG1yz2uDWwh5ehaqrgxmdXHevOlsKd4/aM0vN5RRM8+TqVE/y7eu7ieTXRj+dPeTby00Q22z79F54PlcXuzFnTER9FQ2QLI6M3Blrdz8c/BaeD6Tho8XcLRft9x6F8+n56mMthnZrCy90bs3PUVbX+Z0OKrxA/OC0DoP3fQT+nE7bNMaVO3NtSvEMXeT+/hRvUQG25bBHfuH6P4fle0Vf8P3SNCOf7cA5wwzgTkbZ6ifXgi2McvgthQJVwprAj3VLV48N5c2ntVkb8X+NOZpVNgpPwNihHypJR9GnD03FnQTDOnJutSLJ1Rg8qLTThaDNF90AD0PuegqdQH3F64E5OP1OPZxd1YPX0/KmdX0QTxS3Do+l6wL2Z4/CsHTs9dDwdb+rAlKA//TBHkD5Omk8ftX/w5dBx8rbzJPXuMARavBTmXR8gNH/jEqdPEo3tp6PsQ2MVdJZ/ii1QkLITrrkuCQeh4mhezioV8FqKtnSy1u1vxievtbNi2gGLFv3JC5HiYqTgZRlidx+X1h+BU9SVMbNBlWfP7WOBdwU3Tl/FW8Td0XakODiSPgIS211gT0wUXpu/C37t8aFqQPbTEC9OvLXMx/o83Jz7vYK9afTj+KhSm2FixaMZrfLpzCzgMmlHYqBi8JLKSRv6upJCUuRD+TQ8Gjx0m+bur8Nu2XzTF7yBH3MvFQMHvcP6TA73V8ofLlyXJfeYUmHvhPWabyPLyQS+IP66FBXoSrHswiVreetDT7DMsMckEam+pw5L8T6xum4Q2BV6wOKoIqsu+ot6KQozZNxtuGcrR9c+XUSPAFCID9vPte8F8Yut6HOFxAz4fWEL66mNw76PJ+NVKnm1CYnDOuVHQKaSO7u8ewWbfSlB4rALhhz5AToQfu/4aAOE7z9F0owpqbZkIh4tWwbjgSLzrHQfTn1jCk/yHOCEtGwu1v7GO2FeWd2+kjT7jYadtAEbtH0mjKw/Tx+gVWNB/iXlGDegvS+LYG8I4kFzCaTss4PCXY3h7QyDH1rfj6iNFWHPZhcOLs3lLhyqu7/CgSNkNNO+LFngYLoe8kp14uLGKL92ZwB2pLlQ4Rgcn9b9FtxWOmPJlLXqFi0LDuemkm13Db6LCWfT1Cdy6RoOsJT/ToYIYWHe4E+RkHlCRh+j/zf9tEcqCuzHiPGDmBrFbVmGSdwcNB6djmII3Tawdwf8ly+F6TXN4MFiFX3ecgyvzWjF3/Q/QnC/Fhs+acM26L6R4s4M8ldyhWw9AxF6VlI65wrezTjB4fpjOWB1gR7dwPuJ7AgMd+uGTZDh0aIuD5J8MOvGxF7//LYbr1ZNx6Q+mKJxFln0y9KB1GtwKiYSYICu4Y13Eq47b0MaH3TQ9YS3PzLWgxGfOTC+uQKXwBvig5kRHjY3A7eAgO9z/Ca5PV/EWvTAU7sph34s/cBPWk2TfUZQWO8l148fAyUlNlBs/ilMWSUDvngGW3f6cDhevwBjNffDIXpCLnz1GMQ8FeDdxN23yWABZyTk4sn0QdnocQ20LM5hzJIGer1nBjw3O8tISU/ij+YdKbz7nZOUsbHtzgzS2aNORS1U4Y4M6VsceJV+hd1gRpgM+lXWUJPWAKpQPY4pSH2wasuaw5KusbNzIZYu1cJ9QN26sloEnqf28T3sGeMomYfiqHfjZyJm5eh3eH/mSD5vIkUHRC6yfagUpH0Ko6IoRRjxNA9F/8rBmkxDvDajjOc0aWLo1Bkt2TeRcKXloC/2Es/0uUuISA7IwuESaH9px3LkztLMoACPGHYarZ81YCFThhX8AbzskAPs/nCPrpSsgcokLXhRu5e64n+Bz7RB4GQeSxjdheFY6GmY1XKTmWl/Uem/L+YeSobXxIchphMDzc8KYfLiAPQ3Gwms2gHiVg/TwfQeE/WvnMqMoWiOVQBdyIrD/YSIqx60Gg2US8DNNi55p/Kact44wS8eEHmnLwSKpfDofKwAPQlfhqzMTcZzlCDhePBviO6vxiLYx9uV8B4UlCXQzY4gWKZ0GoRY7kj6ryAXbR8DBJ8+gSV2Mj7i6QB7sQY8OB9Ad2Iabs2exadUJEC1PA72X5jDmdis65hqQhHc3rVp8G5/0TISzyuL05oYsPPu3HCP6hci/UQeajYmlp04DmyR9/hsZAFP0nuGTUcbgoStLQstUseOZE+R4ikLtQklWyThOIwXfcpGtAEVcOw+SuiZokz2Kf/w7Qv095rTutShcXv2R//jdw1Ehu2i5ciFO6JHh8ifXSXD7fFZqrKFxR0bQJUtTaEwnQqNc/OHSRaE6MqBcP59fGQtwarczhhf+BmM3BwrOQ5j4TY6G3vhx/OpmYmFzMGq2A/dMJxzbOQfWVFZCuVoM3RmUAvh5jh+tvIEPQ3ZAfLoufP+3BhN1DqJcggEGOozlCtOTrF6kCG8itahUxw1+emTA5eY/RFsPQWxEEflcCse4cYt58+ti9Ho9HT76JCDaOaFjQw9dFK3mrZmDdHr2Doo71UFX7m+Awz4L8N+DqbAjeiWF/FmKl+5dgks9cVzzLBX3PKyidmNLFJ77hxZ9F8DgldOh3d6Ol9Q9pXuDX0k2eiMbeLjQqtQD7PRpD2zMvUqG9sY0rx5B9Nkufhy5kSv9jrGppj4WuMZxfVkgcOdv2N2zkhYXV1Bcmh7UumZDywRVdjLcRxJ7k7h49wDsEHOE/GQhPnzCj/NPxPP+L+ZgvsYMp7qoYsGMfWjRWstrkj3o1aSXvODweFb+U8fmg3J0+6sp/LvvjENHL5HNykO02E0UIhcuQdfcJjpv95r+DHTj+pvP8PJUAZj8nzHqiwVS76ArVSpsoucuqnBKYwqIrunAvZe/4BC95xQlMZBzPc5+mmsoKXEuHe4uR8FD5hAdHkC3h/6i3JGxtGbsabjLinD02l18bZdDPmtTULrtGr2pvoB3F2+CC70rWGbnOxq8/Jj2r54MSdEFKF4mSbZ7cnnN2WMYN1MUfG9ZwMUGPw5Qt4FDRyPoxQMF+Pozn0TzNZEGNuNaKsLvya7sU3ESDlytpUL/oxyw8BpKaRpCZMUHFNq8kSJ6LXlfZx3GJvuQ76Y5MCPejRxnTqTKQD+sLke4v2Ey3BQJgYPjesg26h1dGP+c1/56x0MG60Bl+mVM/jiFiz0AQtL6kMKj8VX8Uj41/itu+1aCvQWZuCAiD42fXSPHcUYw7p4mTLsnQ4o9C2hB5zg4JlOGQfIvYPaHB/Qy3h261Jie25ymZ1cU4PCZWaz8eBnmCfhS/uplNCl8Jfofi4KTExawxlkTevskFls9FOFTQir5bncntaN1EP/GkEK+/IJxG05zsZEj663zobBvbjx/hwC4xz7HpQKD+GbxAEQ9kcSbPVvJ/7Enxr4/hVG5p2irzXZY8UkYctaX0K7MNFTfrMYaB1VZa10D6e5rgzeJIux0UJ+3eM7EiS+lIGjZVfy84QZKjcynPscSju0thNVjxVHMLA6EXSdR9QIglQ1i4PA9lCPcMsjqxRCYVJnCYG8DLZmij2b/vGDH2wf8UimazaRUoXpRDsf1z8Lp12RRWek6jaiUJGu5TvL4lkE/bO1I424jaTuOBedrM7DczA6ifwbSD4c3aKd+AFOldHB9w0QqPurONSWFLGViCO2zR8O/yJvkc+wJXMhQIYnic7S58BatKz5Iz3r00L0pAgo8LOFlsSx/8FClG77V/GHHXxL4QbS9UREnLRjDGpXesEx9Asq1y0Pm9vM00dYLv+gX4uqjv6jKPJ/GeglChPVvOJ71k9/06ZHfgAVoOEXD9AoR+FhchWYS50ElY5hDj1aA/O8gqMwaj7fVAuBx1Qg4staU+/Yfwh4vxK+PuoGT5PGHUAGprryOSvePUEL7ExrloAEzvXRo8lx7mJq1CcriXuPrwLMwnGFGp6QDcPJ8cVxSuxtptyx42shTVe16jK89wFlx/0hBJIICIk6S5Nb18OOcOEcv0OQ7fpLgfk0Nng8bUdZzYX7oWUcBpqU8I1kEVINcqXb9GDKInQpFLaKwZGoCo+QrbH4dz3+dCuHoYxcSvORMVz3UyaEY2Do9HwL2TwP44o1z9ERZXNIAo53PgmWIK7r+247FTjNgW+1r7vGt5To1Rcjv68LdizJgufIKcJG8QUe3zOTVdYPYkpLIbPKKM4Lkcbq/BJTYxoLduVvcu02bAqcoQstaafheqgPF8z/xGon/+F+rHj35qghLEibg9aoesl/vRW4yRyHz4yp4JhQGt3IfkUvUdRToEMfKKGFwvFHBYrO+sGZzOJu6vUTJ9dJkfkOC3ITDaaLZVubyeRR2dBT0ytRivaY69vBhVHouDSdW1lDCvsWw3eUpV/54x/0xafTurwWMjgighoGvcCRgHi7rmoaXlW3Ay1UCKtpCYFBvHC39SHxQVgQWJTyjiiNNMOeEOoyvnQu3XuzAjgfX4N1IA/p0F1hWOY3PZUyHcwojKWT1ctr50QO/zVGixFm+eChKEnZtXIebw5ths/NJuH9CH8KeJfAyne28KzYXZA9noZZDNWcNrIRnM+6jd88rCne+y5Fm5tBpLQt5SVIwdCWetJ4EAj06QXfsIqmhMwOSjv1jx/eAc2MmAEyo44EjIVgozbiv/jVkh/dgSBGxxqu3WJ/YyudkQ2HSDBXYeFKSntVugt4LyVw1sxEaX+WCkLUxRotE4MkRTax1/Du+bzCD8KJevja9iTcti8bmvZXg8+sjQKIkPm8JAu9VQ7DAtpPjplqBTUIb7POcys2FH8EwvIj7uhVp37AFtYzYhb+FKjhr7kc0WiMPf6NWkPaWDXC4ugoXlMzmsU6puPJtLk1xiGGFICn2Wroal21kaLL+CEX+jvxvng5P6x9LoWv02LROnEd3KKF+viZ3zDanbG0dSNWtYcOC3XT5tAUHtjwATZkZ1PTgGZVXXOBhGwOuXpGIZlECkLrgHu86Vk/WUWd55hkzfrTVFsVjr/Kh1Ezy3lkLLrbT+YibFDxMD2Ifpe+M80roT88Y+OAkD+X3aqnzlDZGitTi9VcjQHmmDnw6YY/MXSC+LQ/zFgjixbZgELu8gFMWBKDnsA12Oo7FM4PCMK7BE9IWAJ22+Ar2wVfI6ZgevBgYokl7YvGhrQl9v2mBrCAPJT4zced8J1Bq1aLCqiHMmRpEFzeKg7tfCVadXYtWubJ0ytQcfnen8MCxt/CVH9NP4UL4e2oK+gsepYzngmggVEcXh/zx7OHJ8HzoFcwcKYFW8xNw3c9HXP42G8FIGDW693K5jzV9PFfNyQ1S8FDckc9GC3CA3HTau+A6LnyojpZow0H3nGmmtz002XbRFSth+FRUCFNCXFFVMIoLeBRvaRrFcyZ2wUuZ6wzrRuFk/S0sISAIMfkZ8PHjZ7ZzrWOlH0Y4qL+OD5x6B2NnD9HcqTp8zT+fvpmPgxebt8CBNCIpSXsy9M4Di4Jw1Akp5rtpr2B+eh9a5DRg783psNCmEpvCVYElX6FSTy7MtY8mUfoN/4xXwwapUtghkg1vO8aDpnUdW5fv5mvlyji78iIFiDymguxV6DwwG8OuOZCUiwUMBo8A+32ipK/RAjI/Mvmo4VYwztxI/7RecqFNJ0bsv4s1r+Rh3kUNCL1vhTAwFhJ/3sUTF26ip0AdZZh8wUdO0hwl6o9fRtrzxwoFeD7vMg5Ie1LryBaYseYStN1upIwJyhwwHE9zrE+iWFAVJf0UgVy15dwfIA/rda5QiVEtDm0qxf0yMpCr3sM7Kkppl6Y3ZEvLwtVFI7BDtJDTLMVxr5cfCK9cR/fKnpJn+Tuor/BBsUIVWiquAy3qPlShGoJtbirkatxEiw/40V0nUXSPzafxeiegTU6cFW7PgB8bnUE7JQbvyozHeOFD3H96BnrE1lJ6eybWlDXx1i+9tMhJDXZ5TOWk5kP8QUaOjDxn0SHRSVgovIdkl/nivVMvcUSME+3cIAyS1AlfT71E8Zu/SHb2PlJ20qfLc2/RvoO7YF9JHj3y3wmO4YLg2ucAnteDqOPmXz7nGkqle6NRxcib7A660igSpOrTQnyxSwl0Nc9xfNl5GOVoAHekI8BKQBfOa8aiqZ84htxIoSqTAn64TgLKG55TwLczXDJqJn6ZV8R7QtU4blYC3jWwoHPxL3mEjSSMLzSEvoAq7F21BTeYdICkxQ1SblIBurUBKuvC2HiLEog5GsC9/ZawJPcwN52ZRfmmj8nWtp1mFCZyyVhHLmsQI7BXhYB6XRLzGAMhnuPhu0MQnBRez8rNE2Dpq0So8xukkq8e+KggnA9/1SO1egso1MmCWffXIkkbU6aICL6feghissbx77ypvFv+KWUbT4SCUCkIcKzljbLLWPnsefKcU0N9u31IYH0airbu45vV7jhraSZaz1GErN5qkit4jo8vi/DkW5L4yfIDD39p54t5mui5YzOunDOTNdOmgaVfNvfYeXHVBmscEjDgF8KfOXivL2e5hYOxwgdUXxRF5U1W8COuGt91LeKoQ2OxGFfyb8UyzoRYoC1Mx0KKseRaPQqsGwu1f2ww9swCPjT8kRdFxKPfqlEk9XqITGR7eVC8EsY8LybhQBEY1h2EXOEajExdASPQmISU9NBJ7zunpzuBapwHHz3QAik1wrD2axdrNHdT/5Y99EJTH0JVdKhBaBw9bZmOqS88UXT8El7bqg4HZBdi2N8gOi1VAOcN74HJr0Z0uBwDh+aJgchFQzbOyoRZQsZQlKxM3zOGMW3dUZRtu0E3C/vg3sP1VHjOC1QzJsM6PREuvg+gI/SUJEWLMUvWC/8rP0hHloax3Of/MKNzPN1mHx4MCMYUJWNQKFhLgd9leU70JE7d6cQLjzTwMvOb6NAzhevllnHN+b3QoKAAMsFZkOqzmGwFTlHsLW/MPZxC9z5M4k02OkxdU8Eh9BjEntKBvBFfwfL7OtqaLI9jzxfCqrZsnjT9EbmslyBdw4m0xsGM8yInwTEFL45T2Ib+L/3pdNJ4pAF3Dt5+nWzOvcYkn0EMPa7CImJTQdeQOXxOBGRvC6cTSbZoRhlQdP41VS/2ZTspIhz7lHidDtyJe8iFhi60O/k964euQAG3uexjUQjL261RIqcH6ifaUlmdPKy6eJev7LQmv9Bs+LWtgQ9frcGqWxdJ/+8AneMdfFrsKswxsoCEJjlOLRHH6ZNc6Oyadnp4N4F23fTnmxsNaKWWKo4s+oAn9TTAZc5n3DzmLu2bIs6Fv1rxcsIsjD/8BcceW81t4sN8+34QB7mPAJu+tzxT0As7Jf3Yr+oU6jtn4vF5X3H3Gl966XEGs6o2UEUFwgzV71C8pponRquw/QFtXFs/A3a0N6O0SyUVhD+FV6Jj0bdTBpZ8RHKOuwptEZr8OCQPfkkXg7XaVbCNjuWUlAEedJqPqtKiABJPKNF5KckFufDlXbO4umQaTT4TgifDE2F4cBsaGa9G+RQFkOmKwEfvv/OaZgPWC/4E2p8Eue6+JKZ6l6HoizY41jSdVmhrgFjae1bfPAi31RzAZ7IAfPDTpbzZf+iAqywvuhQEWXtuk+EdeXBeJ4Nr3T/ytNHidFJuLotJXqXzSna4cdErXlXiS+UjjkDxKGmIePmK77iEgaHSQZbKGkPvT9ex7L6zKH1DhBbVqqP83C6KuSoCw99e8qiwGPi1cT71rBbn/bqdvGd5DGwUu4Qi749h17eXsDp0Ghy7d4z/VT0hGW0HHHn4EhxZmQ9WUur4KzqVfKxW0TbywyI3EVCSS8bKZ69IYLs1JAo8pdgHwrQrvQvufHGHuGZ/umXRRH1N+nD74yyOSvai8BkvyMgojaacuE81Q3Oge2Q6TEqdh8MP+2Hx44mgZiNItwIP4MAWKzh+YhZqSU3A5f1N+LfrFX9IuI2+471ozKbJEO3wAm91jKZXl0/RFGMBLH+ygH44zEWfh/s4VyWRw159o7sCavApKpiqH8rRL/scFAwNpJ8/q+B7/VecKSKLPq8z2X3fLMjbivDW0oBLggXx19lVLNzjQwKaU6n3hBF3y5wEgbc78Pasy2DSzRCpbQ8RqmV0/J85pu90YvuH+TjNeQS+nJfOq3WK2HijLLR9k4StP8vAPluQ1p/6gVNVlHjTgcukp+1Fa5ZPoMDbC1H+SDwG64wB9U37+fNWov2+02CJ0yfYFzAJt0i686G2XixPVMbHnTLgMlYEygIrOPP3N7b1Pg3z9BfACp0/MHCllvcbVdDLVzKYmrQNjwupQubwIcp3dMbFi9344fZ4+tY6BlNOtvICueskOCYYbn+0pxE7AaY9yieFbG3QfLcX/UXT6OOyz3Sw+B0cmLON7vy8yGc11UE0aRpkVN2mU9OsMC51kBvr1rKOhgoKrReio/uHUPGhMtlaxJD7G3mwFPlAPaIxWHU1CCRz9kJCtR4eM1KCvbLCVCcTTpNHCpH/t8mgEWeApviLwv4eZ/uMkdAyJoMG5BP5yIwiOj5jK72Kt8LwzwJgG2nPvZkdvIM/4DX5rdz/SxQvyctTQG0VdLtOAaG5a0D3rQmcFulhrVVPqOKoDe6IvEKTP16Eou4tEAbXYd+XXO53eIe/NKVhi4gzzMnsp5quJaQ0ph2u5bYwTdxHryJV8O2dLWQ+qwuO3J4IF77ugII3gTgoHsElWZU8cnssSZk74691Sbjtbg0/fj4HvqdPgEN6TXxLbQJVWTuQb6ca3RCqp7fp++lZyC4M9wnAp6H3ODlmKgz2/aY3P1fB2opQ3I1DIHtwL+rv2QObS0rxqZUqdtz8ifOvqcNvj+e07Mc5fPjBCIRi83hVbSU7fH3Di57U8aCGIy2J/seGUyQg1sWJVmcM8JaP12DTl1W4PNoaL6tnYeiG42R3JZlP9TjDL88pkCYnA3dsttLSxo8UsHg+mDsEs8TcPHq9/S/mD91B85YbILJdC46pl3DxzwW0ac4ztqTZLCh8A47WnqbivXtxDv6CD+93wTx/hJJHmXS33gH9TiG4nl4B9dqH+HaKNYpfTcVTHl85tjGOPkQqQbnBFNgjWcEXrg/zTUEj9Dvqzmn651H9I+G3dX30YE4BJbtpQLe7GhQenwkpb43I6mAdS91VwyXKhXhlz3F+GunPHvcrUGGDIoytPYZvJ24lr6X18H1hKf/aawdFNmk8PjSN1rgWcqL/TjJfPAVu+Uphy/US2uBiDO7qn7HvWyF8TFjOB/yrMLlInnOXPYKka9rQv2IvBiwuRuc3dWRr+QXPXVzJb1Wz4OwBUajePR19RSPBJEQPPh7eAkM8l0Jqw7Gz9h8c2ZSOfybtxn3tX+DqPVO8UtHHJ+XFYd2aYni4TAbUplhAgLEknpnXQfG/LWll9lmafMMO+1TnoIL2DNggWglPZ0/n4VcPYMK5UXREbw9cUL6JG/YngJtHJopZPcaf8gQFD/7DoZEK8A5mkaGbG7a9+sOXJ6bz+TPfyPPxdpL9eQG93dTBfaw9B73/TU8+GECuLpB7vg9uPrAd5OwOkIRcHhubbMfje/QgfsM+PjAhASy7jrBGfSrdG6jDl/5L+KjtPDockM4xvRlw/9YocA5TZ/2/OyA4oowtrLXh0rl+2Hl2BjXeNeIUQxvcplSELSgJrpWmPMmuhefKN8Juwb341aQIJl7/BzvONZPM0CLSUEmn6eHKEOM4BpOm7mXDUmcO1fDEJRNlyW+mGJz+I4a9Ci78UtQJsFUH4ue0wY/paXgErWn0nsukmveXyhYmYnH0e4itWA+am8vJdoQJVGMRV3b8RzerVHng4w16E3gGVEzzyXK+AsuNFMZlZtXwKp1BzeY31ZbthSIPTcxZLARtE0bA59GBWPrDmQfXv6Xz76Qx64clyNRM5F0lVpC5ZxwYmJbif39sIUjiDHcvt2Uz79e4q38raS5HiBY5ztNN31Fa20KKHNmLLr/rqcGzG1vVRtH25gt0WfApmy5Xhv8stHDU5AXgSFdIf/xn/PJlgF++6OFFT+5z+Z548JapwZm7JUDcV5HvPLjCCzK7sd/wFm1TXMpxU6rAad1xmHQ0jIKzHLjohiVUNP7i9JxaPPV+ACxTXsBtwTe4f70SvrzqS93i8bi+6gzl3pkCe0QsQMTTHpXfH2HvjCPwLS+IvXOuwAa3cvqvPYzOZ6+giE0WoHb2Ke4//AemFT/D35+QjJ/M4gbZNrD4eRZWjI2jGWPGcISiFmQIxqDByww40Lmbdy3eyAaRFyFD+j3+97uMBrfm0nW32bDxmjT4N7vzM5mRrJY5kRLudNPKB3KkHvWAKiv62fWoJwzHJOIHaxGw3NzHVKINMjufwcWwCnaeYY9vvhzkXabH4eZbT5zdsI/bEgFmZP4hOelIHHneBoKWiLDM8mqs7fhHz5+54OIHw6SSRDz03hJG/nPlWoka2OPYS4XRsZC7+T5a1nxCcaF5/NCnGkbL3cT7BWMgc4QvwB4/Cq8/ComV/vBh73Z6/fsYtIruxMNmm+AkruN3s7Tg/PGJ+MJrPCxY6QazTHsw/7QKGCsfpLm2p+ikxT5+Kf4UytT1wWFLNfRILeChX1/huoovjtFtw5njjuO/dwuoSXcV6D++wh99pUEqfRDiDqdwXJQAmgfZ4lS7JFQpL4dDnkLkMNkdLCWreeivGDS7TKJRDdux/cYK/pUqjiaK1/HByTD2sV8Ej+Wk+YJmJgXoToDxZtEoeioHlsS+5cztwygh8wnmjU2kohOhdCOM6KJ8EMxMUIeK/S9pssl+3L+JKPCHEO7XSgGFJZakudiM9sTXs9P4NNqcoAG3oqwgrLURnM7387W8MyT1YhngvtFYurqb3VNOQ9DGGNRqlIF5ijd5snU9Fg5Mw2+7haHSOh2qQnXp3GgfSuvezXIlBykkUxAGVKtwkeAV0KqSIeFcLVa5vBTPHpyEvw1fcdDiMlKNuMQd9zXBL2ElDlol4obp4Tgl6hK33ouA8he7QO14Mb+p3s991//RmHlm8K2X4VHOUpqQ34HNdhX05mQlThyoRZkrbbDzySEsFm3BNlsJKPiwk/NOzcC5ny/RqoIr5HzNltzsD8CbsCIeKyKDmJrDgkfEoK2riQNzP9P36W/Y5+IdVh9upKuLjrHoifNUXnkc5rtbs+QEbfCWaoawjZngk6iJkpjI5lfDQG5mE1YYH8EhgwzaOV0W1YVGwIc6SzB3DqbHhiPYN6SUHynosuTdYt4zaZhr7grBn35r2FdjBKmaliT57BF13biDPyWyAfsCsULehFwXt/KUAXWKqirASy8k4WyqGYjG9+JVVSuenbONRapbaLKXHEmHhqLo7ld4tukXjzabAqC4hZYYS5BdsxMttVEm/+ZWvr7KG8vVvqFvnxAlvFyPdY8lwEDbArfuvIiT5fV5TEs8nHVy4xXOM7AiKQ9aihLotFocbT0oAS4ao+lYWhGU2ShTTe1vnvZmMTf8HQPXk9MovM8JmsaFYargZDCMi2XfnS/Q0V8L/92YyNmv5+AUVz+ebTOCj36+SFk17ZQxczp4PHPk1RyMuwrUwK9pLKfcX8LlOyNppbUVul9swsWbz0ByqhlczFGB/P5XbOnljJjTSNn7jKja7hpm+T3hSftvQ5z8RE6SNIUvitMwdsRVvnBqOUwQWUrmzcOsm1UFLSYfQUIvhTa+z4Z0SQDleA96snAACu4jK25HHiWhSv6FP/h5jQsJaKyG4N+T4ZG/BDwtf4DqhUdR5uMFvOjSQsveVJCuaSD88NSDiDf7sXXSM9j8Vg4uh/WRzrta6Eqog0aVKGz0MiGls39IuP0P+tZPoUwuQdchK4iSaaVv6QuoKTqKvyeGsdOOXrj2Xz1kTIjC8ENN9NcrFeqt5KGicxKXbS3GVZI+mNNsgJITneH7jDfcufA7/yl3pjHBJ6BywzQ49HkhFgna4xSR96j32QsLPeP5VF4MZJvegN3tY0n8TiX2C+uDz7AS5vmsAGlfI+iyzQArkyx08pbgwkR7UvBIpmv3IsEpRgQOhCmQ7bnx0NeQBqfau/jyZz+avnqAFfz/I8kLJ+DS6W4slmJwaGASSbKnpXfugrXMajbf10V3lk+lq5v0WfCBM9qcPwrHL02GaS6N1Dt8mkaWF7Pj8mZ6dFWUg58t4q7OKJ7zsxyltH5ChjeBpkoBi7+P5AGHClhicwlVo0rZd54riRvl86VKXVquLEUlS+Xh8wlxHvm7m80SX5GSwC+YUbQSDq7Pwp+r19OX7u9k3FLHtzzlwTZ/EIT3h6DGxTd8cUoW1AS70Xh7G9a3/glvJEbBrAPVJNBpAsKlx+BCRz7/THzIEqnEr85OZ6XLt/BY2VTYFdTJ1aoL2G+cEUTdyGCD0OXoaDefT56p4Pj7wrB6qQQ+lj3J3lu7sDark2e8GAdHgsR5vLsbzD1piYsP6gD/ucrrPJ/wZOvX8GpKERfbf4IWC1VoajcDjWcLaLN3ALsuVQWXX65sMXYEJ4ssYeev77gxMItKakVAsugPyH3OB5Hf1lTgMwxl+69R11IjGn1UnDO3x6OW6iWM2m0J957MhakPXgNuuwCTbBpA/79AOKC2mRWHX+D1RZ1QJxTKgVul4EbxHc6Of0+ymncxtnY+tfa8w55dnZQX1In1W0XR2lwddceZwaBaJdspC8NFUUV6WlQGTtPX8JX4LNZ5ZAKl2Z9JtTUSblWMh9aGInx8yxRW+Jfyv//CYF6FJNQ0SfB6i6tUa5zCEqdqWKxNGiY7NQJHv4HaLxLsuCybCv8145NaXbo6Xwujvh0DPZ1r0PLJCG6skaVJg1Z8xvYFrLhuDPNe5ENRFVJp5hiY7Z9BBurL2OjhVJAPaIZihXC4vfIiv0qOYcFrM8ku34G0V0/DiFk/eFTDWI4+MgEc55eT4/tlfOW1ABqsd6Ny2AsnNnzmxqG9tOFEM6gZ78d5DSbw6GAvrfdcgTW2X1A+IgwmfZbgFs9aWlESiPmNd0l71jxeudscOp+bkHRWKVTMO4Mez09z8/Re1DP4i+mRo+ifmw0HKouyyi9TyHocg7oOAfB51kh6omkOGi+M6LXKSTKd0Aa/TlfTiW0N9E1tDLz+nc3vlvmit/kj/NvyilN1rSj5Zz093NaKcXdnw8iES+QzIAcO3+3ACbfAFOf7GHzDjI6I52FqihDVyr6in50eNOemPLgYKIBFQBe9GjrHW6pHc//NaK6dtZpUujeRUrsx35jVTHV+sfT5iyRMnvIY/h3IgP2Gj3jGcUDd/cHo9CgCqkrW0QYhTd4caEofDo6HlRctqG35bO6ZgDBKZBMmhBSSx+pJ5DGTWVYrmJNqYlDf3Ag6FkZggmMbDR9L4rLVAnzuqRSNu7EVNTOj8b8WBxq3ZAsER0wCfaXzfPPnOvoio8rvQz352bhbnDNuJuaRPXV+esBjx46hwf6RcEbbjG/PScMXfIx/37WAPRdE4OxGSVyntIALhkXwhZIb/p2uCU96M+HZaMJ/BZnoUn6AxQqO4ozgBJKw6+S8REX87DGFg/5pQoK/NH9dUcKq59fxt7RxXOhhCUcfnOQZHa6UbaCMPoGWGCisC/eeLuQzxvfJf2Id3HbWou9LF5Gk8VNefPgZHJTfRXlnHGD/nEkg5eCLhiFWOLlZmL6VvWdd/Q/YvQB4eIsaF7ga8d7rU+BVmBG02GUxNvRxTckLqhHvpYV3r5Hb8ZV03+oXHJD24fjN67h152gYkXMeGuQuUIhuANa918azj6LwqLYtlr1+gJbp5jCnWZ9X2QjBosQx5P/BgS86zaSTpnfIpDIfZqbbwQE3M+o7+AGuycznUdMUQUCWeCi6FBf5lfLtznNUbXac1d6PwovTX3PP2TVUHV3MEXuVwbfgDvauILp9IZAVzS1o79AyavqlzVLaeTjcW4OrAm5g7HxpuOf3kLJKU2Hp2U+wIfQOt5v94rTg0VxzcjIeqBLjUtnP+JTGwTm5CF4t4k26Bduh++tNFn4vRAtOONO2d9aw++lIvLv1OI2bYQRDY+7CHelyPLz0L6+0iuMLqi5QduY2SMZfpx3Sz0H+ai4L7tGE94skqV53CEZMc+XDpQ9h9eb1+Euqnk1zk0FMTRt9xKaj4ZzpcGubOKzeqEiNCbNI90YozbrTBccu9/CVm/Vo/+c0qHv/5SAJEzj4ZDIo/1bCw/Pf86FjFpQyuZr7N22EqzscyHhtB+/uSYW4gJGQOejFwRnpfMz1PxpwbECFigmwKsSYdl2XgQbLIRjV54RNi0bA8KVNVB59AXIET9EdtV2cG+0Jb3buIP9J/bC0Lhn7LxhTroIcSH604Y8NSBEGZSiSHMmrpC5ANseQdIsY+Lk8gtdT70KNkgnICo6kW7kpOJSjhspPUvhiSgyqekuwbN0LlBC8j+N2vyLZUH2o/fyVY2QdKTB3APPH32S1pE4u2ieJiv86ePfeJOye+xdO6RvB+bM/IK4sEp+Pusrr5pqjeKASKvzRg2d9f/Cn6GucxJLsLCgKXVfLUe2sAo65vpZl+sZhw183tpcbxYYR03ifiSqGXjvNC8zFwO98LyVsqeUa3VsQXe0OZ/Je86MmDcrfeItzVm3lpDlX6GupDni1KoLViymUVTGGnM9nQkfXSXJ1mkuN9tf5+5Y/2HjsP7gVqgWOo7Np5EtZnBskAFaJG3jn/DXgNqMdouQ3c/R9I5wEyfy4TQI2RVrScRSEtNJwyDj1moOKFrNjpRRmd4aSRMM2evfMgYOXTYJ3xssp5rc+fPHdgjfjluNM+WDScT/MS84CBQXnw/0bPehaaAWVs77S4RfLQHORIwR61eKeF8I0fWYQNVEqKS1IA4VTKzHnuAisMLKBPWs6sfS/abjLMI+Chp7ADFl98kv/i17rSmm6swUMVctDclskd5qH0+2/s8FOqx+Dhq5gjcRzXJWJeMXHjVruxnDL/HFw++kNNLs0HzbUpMIzt3107919OJeTDQ5iF2D24FLYvDWSDS5NhRnfFvIb6xTsl/yJ3uP3Qv95b4CFx9GiI4wrn2bz0wIRniclCD+njcDXrcs5UsuMOjf5cbBEBq+pycYJRzxxwfs9dOK0Ey+xB3iw0Q5V0sahzJG3FDg5lAvU3HHFgsc0kNqN76wuontjOOhuMwKxa124FhaRrm8j7j7+GBQd3qOt1XcYVyqLeod0uONwM0gIW4HnEXm4/qaAXIpkKDV2J5pGanJgiR9emVqKNkeaoP3fLZIWNgd7sUOgIXuecifHQ8IpH0r+TZBesRHPO07GkU4zob5oIz/eLgr1W615X/cOspfcBUKZf3jB+tG4eGo7haRd4ZbZGqif1k7ZV0eB11ctnH7blczN5sPR0p/8OceVVrvY8c1TwhR3JZdem7tT14AQDFmvwaxDQryhRI9WFprhVvdAijpYQEM7yvjqhbMQ+lAdfqgpQUMCUMjjNzis00JXfLfQyKgSHrJrwPctefjPbxAEzuwl23Bl+BD2HVvfHyev/ncYv0CWO4uug5VcLUQ31kJyUCOevHSfl1wwhmkZcgDHo+DmE1PqO3QHJU3nokTJINbaNbBraws+H8qnCO/xMG7+Y/JxuYWFupPx3tz3kDN3A+j636cTQ7Ng79+x/EKyAvYuFob3VfKslr4aPPS6MFv7FpdFrieZI3chvGYPtzoGwvA/ERS5LwAW0AkeL1qxa+J5zks2gczKPNAfXY5VPUnglZxB7VU9uHSNMCSltaLWgAp+Okh02a6FNwQbwCHHm3DhjDTLLwqgXeEmpFRtCEnrflH7f6Yw+cdIsp8wAupfLaDbMVbwaNN2vuTegV+mqtN1a1FY6BQEN2T/oHyyIlT/mkaJWp3gcqoFcw7t5Kkhiiy1fTaearaCfvV7lFZ2B3KSrmPULlvYqGGBcfVbyEu+BIanDEDQpzkY8sAI1PWJVbyX4N3FUuAh9hBnLhGDWFEdjsjugXOCItS2OIREzhjB5I29aNznTltm/8ZkYQeYZDhIoUKlULHwKcyOUmF9rX3w84QyJG87TxILxfFCUTW+M3PiR2ErqC1+BLoM3kVH1zVU3NFGp16JQ6deBZ2pPMvNswzIR2Q11Gsd4JtjJLB19yK6aRHGen9NIX6pHqSd1cNLdXkk9X4Z/t6kwIq+BfRhkhaVaK6EfbXptKjBGK8lGUJETxAbHu7niI3OWHUqkn77LKIBXyvwlF5OniK/YHuhIlbKIfhsPg/z46NANCOSOmt+wo9bq9Dw42lWFwvC5Xk5GFzlR+UfdKC8W4AeNlrCEpkYvq87AyXTL7H9hkxobGqhixNy2PZfCcQ9ZDjjU0Vae7cAporR0WUqWHfJETftKYADx1vBRNATeq+s5eW2utCQ6IqedTH89fQOatp8Deb3RqCbmDN5F66gHx9NYNw3Y5a2VYAT0gwG5imwTvw02dg9oaOWhfy8azb+i8jnuyb92LZ+K5TaC8GMaV7YeHE7BzsNYKvOOdIzfEDT4TNsyjoHK+aGYalWHr/1VgQDc21QN5nKH0atw0cXdbnumC+FTcugva+k+frIw6i6QwWTCnUhc9QaUDTwwV2hRzF9kTaqtEZDT+Z3/pd4EaNDM+nQ1FPUrGkAfgWFsGXdQTDMn8FqC9eAUZkCtzzMhCcPtvPTTC0akWBGeiXG0DonBxdEObPzvFmoeMEdLPeMZ/3jT2Dyfgu2KFwNA7sbqTtxMhyyO89TBU7R+mXdrHVtNS8M/EkNK9TgbGkKhLlaAIQuBzlfaZgvfgHSpHZgZIQKmt9owJPJDILNz/hlwFvI8d4BN3MOwLp0BWhPLsU9ct34sFYQI7PnU+/lTogs6oLMyqfwPnMvXwm4AHrC5mC46R7nRC+GTZanwee2HFxWd6LGMXl87NV11Lr/A8oq++C4gg4sffSBIvy/UvPyrZiXosrvetMoL6WVzM+3U/REGbAyEGC5R5IgvWkyXust5fa6DBoceAzm7idYIiWJg03b0bNLF0RF3CCjUxQUqueTx74zfFA/CdRN9Ejfu5rftCuj2ZZLEJt2GKyPVfLH7qlwypXY6DvTnacdsO2gHJXKMHwrdUYHHsbFGR2UHuXA2pVmsOfKLbqTf5j1ty/l84VulHDBHS5984cAu3Au+UWQ0SsKBsb6EDS+E6Y6nyHJjh6ykzhJZssn0BH5fm47dxX9OkrhjdVadowTAL3DknBoWxzHOkbT1zFlNNj5H9bfDqe7rXP5w+Yh+JGZTfvKRoHTSzX+krWMElS8MS8nmMe+uISFv+/RdisTGDeSIHlxNw6PFIWAHx1c6rcCZdK/8K7ELjrTIs25zXPoXHQfxXV8pITHrzhMRxoWWdeS8UZHnlj0B87q1NDT59b8eIUsuTidQc3PaujteRX+0xCAjbX+0KKVy2N07uHjBVFo3bsbXotKoeZ6KSoStSI58zyIuS4H8aNX4TP1VhJ4W40anS18pikGZ+7fjfGxfjDhzjcU22KD9xLkQeJoMmv1boW/40+QQIg752c7c91ONZp0og12/7xG3yLzyf30CJg9bj+1uNWxVdRPkvCJZTbKwdK5T8i38AK/7krCgF3CZPVwBphECIB7jwoqmyVjRU8m/JwqRqodWyHaNB03+OdA6PAEaB2ygCm6a/jqOlP22hFLD1IlYXv5BFhD2+HWVVeKf2pNtyWSeekKEXBCMXb/agRFj0/ypJE+dHTzWKzYN0Aqr8X4n5cmxIR0Qu5RgtduvrCjdilstKlm21QNvP7gB3inzYYz5ft4icNysnZfQeOKLMGrwAsOBazDua+uYhmsoxacBMaN4bBYsI5tL13iw7mXMfu2GHjnhfGmLZNoyc0Y/nAlnW+8E4ULK37h0Zc74f31eXg7QYWuLVWDEE8bGOvbQsMxhTRP8w1sjkmnP809fL/lBK8/8Z1KJ4pir+goKOYpLDMxlR6dfw7pDtfoVuk/nNjoDDVPe2DlZ+D8c7bwZpkFPFwsSv1vFrD+002gPKAAHWID2HvFGDnRgjV6jlF1aiYY9E+A0ORlHNlwgMg2A77k5XGMhQ0aes3G5+HSfP9rBLtfMscJczShf78/qoUocmllKKffHw3D/s14IuYx1V6ugheWIVi26T4sbxAHv858NgpPBsOeRC416oDkrBV0rW0WPN2tgNpXtvKbBbf4XvEYiHwsiWPUP6HA+BAqmV6JzbknSDrBin8PxlP1hVqade4wz3ugC9dK2zBqNrDIng2g/s4PMxO1ULehmaY9ymUalwx3RGRAqloNzD+YgsmosdCoNA7eiR4nvpDFc/5UUv6OPr49RQcyh9Q5yB9B/OpbHDaL5fs2W1E92AxKu/uwY0wITNwWSxr6j3iGXjSX+WvBuA2fKa+2FnMyH0PcwHH0l7gGdY1roU1oHBcfFuPwMg36JzoOvn7bAStOT8OXbo+5LVKN5qXEw4vV61h9pzYJXTrFmn898LW0LGSs2AMPeA/s9h/JYbnZWHLnD7e8OI/XORJvChbih8ulpPdyFORfaiPd7ebwW3cqyoy4g3faJ+CfNffxhuoPCjbbwSf8+9nrjAyUTlHFTXo/IXKnN4VfqGRDv1QakHHilPQ0yD3xFisG/6M6WVnoa1/B9x3Ws9Gydlp0QoPOrvyNS96Mpq0j3PCifRdtWHUSgkeMhIOPj/Ho0K90uf4dX8w/R5IXujnq8Tk+HZwLO/fn0+/Ni9B6McKkwPkck2NNNyZKQPrDvyS6P4irw7ezlNZH1l7lyuObRMH7hynI1G3G+J8DNNT3j4fvOnLT31TYMl6K7RUNWD2kiF1+F/KyqDEgu3gkzlm1nnQtl9KfTuazYlHgKjaAC5/qwM68bH5t85LCeyeCncwDmJ6kDCFt80h4jiYuzwnEGPd19KzSFeRSaoEt70FMvxXof+uEnCeW7OJQyrTmIqQsVYMLR3eC1vJrOFFiAjRH9TCfVAarr+agdGwa70pZRoXT76B0Uizukk2Hz+V/cHbQcqoWq+D23PGw6koHrHwzhPP9loLOtOM8u3ghtp98x3F6NxnbTWFFyTh6aTwVEjy9OMj0Mq3Vi+ANtgdw7dajJLr2OjhKbcaEqAmgcK4Id+4RA9CJI8kd43m5oRVFqAoijm6G89OMuGjEGtrybgi/anqQcshISHT5gst+b6ApWvOhIDmD+OYd8m8dhiWPnXmHdRddLxtFi6XkYY3ZN2CXNNa7t5ri+9r4xcbZkCb1nJ507wa/qz9o6TN/yj84DWyuPSf3CbXYecKOzM5p86/SJBr1UZxl2wzIUryR36n6wxo9A1gqkQWXrznhWF0rPDJjOjUcPIoDTn30/I4VvLYrJ1OnKEz/Kwwyakswd/938L5xit6I76CLT+/wwOyZsGPVBPa40wXSFuewz0sV9nlU/o+4+1AEQlEDAPwPOzIzS/amrIiM0joNlRItLZGQikhLaKGEjDRIGkJJSWnREEIpSlFWaSpRVor7GPdJPtz+2w5KKj/jy4ffsN9nEjTs2Ak97UYU6riDLJb+picturA9QY0rtJrJyOwpjT+YzNoGx8kuPABd7z/Ax6ntGDZqKu09rQs/NyfRzMA2uj6xCUf1tLPmha2Y7pnCqp9EUT/lCwUVWdLXYTU47RNGtz79x5KEqDkQDveqH1OZiRyOjb0D2b9dcOZDN4zyNoZtErdIfmUsPJ8Qh8VfBcnP0AhfegWAVdMNLltvg2selJHX6bFwylgIU4xWofGrXJgZtxvn+8fDv5mxJNutAAu2DsKE0ASUttCDNc0v6VWnEb+3raXT9/5AxNs8DNX0pMzNSqDGZ8khcwJd0hIF8VItqrhRyAFVf3FrcgoXvPOkE28+8BaJQji58hUE/27jKHVB8JMQJmeu4jchQqwnuwfduoYAjbdgR8tKXH98J2348JCkI9SgVPwvNl/Qooq3OVDjvgnVTdJBpPcL7Bccz+7io2jPIy/KUDOAuLuBHC4+RJ6L0nDO9hr4YlfCHenDvE94EpzJYe4y8MY3blYQHBSOi676QvDFneD+Npo2HZiP+5M04dOqRors84KBR98wLXs8jH/aRSXLr7Piltt0a+Zy/qQxARYmtFNVTgaFJJqRVr8zC45ShWhTT9g44yAqnQ+HH3aVrCYZT+YW5qCKN8g2yIbTZB1gnaISqC9Tw5DaGo6eooQ5ktsw7cB6aDnqgKZ2OzD3Wg8GXJoNIaEGIPxvHP/1qUCtkjR+M2s9humspmklNVDc/x/I/zCjiU96eWzESJCxWM/Pk9Nw1o8klOwajfZqFWhSnUJG7cLYXxdFh3xEoUF7EmzZcZl1ZLTwzYPVbJQzG+5VfWTjs3bo2mZEj42VwdhhHXb6KEN+dASMDKynnD5VdHq0CJsllPhgaiRnFTzlNqF63HxcAC3a9OFHwyIYW5HA61pUyDnqB5raVPBArRVbL/ZDm8p9PE57LLWXOkDAuXEEz3PgfcxiNjqiT7vKmgEzD8PJKyHku+ApdeunQXS+LGRQL98uHke3XsVAZJU15My2ox3R5mzldYtnNdpQhpQbelVMgP+m+uCJpnO4+m0Hp3spkc/Hzxgpspys4oGOey2ElyJjubh3Ikwbm0mDxzro3av3bG+6nxWU1dHirT8ughRyiqkA8bgIeJQlALsPCuDxY17wz3s8ORT/gW1y82iPTg4ozLkJV2PrOOzfbC6Pl4Lg6VmsrJBKKfd92SukBbesNYR52wLZsz+Tt7silTduQ+8xVtByuglz+47w8jxLHBXUBYZvT3AYv8bh9P/gaLI3VwbLABvYQ3CaED/RP0DG7524coYDaX1t44PQxIGR8jQxPIfiXgrT/i/KkN8ijIJDSRj77jMcu/iCKm+3U+uMuTx22Bua57/gHjpKFZOloHThYf7cZszFBokQP5AOc7t+UrTFDe5MrCarAXvsaGznxvQxMMNKnd6tPAMiNR605KYWPVLrI4XNcaQqt56+zzWFkh11pC6mCTuMMlC2oxOTnvnB/XeiHBC1Dsdu9caBcDu0l3ODiNCbeAyUQKbmPokLjafxUzfiuhVDoHPSG0ctOE63xt0G0fMHoFTCH59+GgulfS+hbrYvNylt4+rfHmgopk9d9qXwQLKYmuYqcH7QF7ZabwluL5zo3LTnUHbbEZxD38CKIDFcMLgTMHonYO8uMEvRAw9XYUiqbqQpLivgfp4wLtM9iD5XJfHTPYDEiXfQ6dg/uDjsSuEiAPrzz9Ln+n44FnMEn/dI8HVfFbw7aytcVXVh4Wly/Fn2KYy4IQRHJu0nmfYEzg2djiO+aMOTJITmSWN4j7UR9m2U5EdXL0KOsQNkhSjxuqGv7LxQk+fqF2FMvRKM6HxOitt1eNy4OUAhE2ntxBHwcmM9u5XIsoJHEx2WbkSxKVP50oYwfr7ZCr8PK1CcvhP/3qMMwV7vwajWhib8syff5BAc9VcdA66MoIHXY7n8wnEsyZwH73E0HFMvBf+dZ8CxwgBHC5jjf7MsyFd1JoXdXUXezm0kO1sfnIOFQVnCmJXpDHhgL3rMiWfJiS9BS3IbT1urxgeXFaPlbHNc9dcI2oJX4x6dlxiWbouLbBuxaO9s+jT7Ct0JnMu2FMkHPL5CRJMk3C7ZDmmLdkFbpwVbmP2j75M34N/jOtSR8paqS1RwhMQVNg8TgAXSP/nnwFN6GCVHRpl3MD53Mfte9iHF8b9ofbo2TpaW4CtKtjCvbzpK3BUAlaNu1LbuNqu9V6Xj2zeyuMl0mr9VBzsnBoFewWiwf+9HaWri9KZ0PH7ptcQLnVsxeeIsDpYQgcGlibhKZTvo1SlAZsV4xI1zyFw6BMyizDFbahRNaAQu3nqHrvfPZJV4QXzvKwF3hcRJJDoG9k8SQ41lt6i8eB7sWnONT/0YxKi2akoQK8VLjUqwyqWH/8Q6wtUf2dTn5cqWthV0liw4tyGLJcPjoPftOFDWVYRxSe5s0B/Cmja1kG7wjsODN3O1cQ/2ZXVy6BILDtF7yIvm2sN+d394/SyMvMfasX5KDCzVEIJZQSP4bqovVkzZxxt6PmLdSwEI94zGXr96Dp+XDNu6HeDnkvnobzUSyk720I/2/eig9gqm9WtBm6QIvVrQS0ver2GpN17A7mokOmczKXoNQvDnYbCauhYE5YSgpeIgo3ILhGRsgLezTlJvuyIY3lhHs58dQtPXD+BQty8Ha6rBjzFBlHd5D8nK6VFvtBBlbU0GvT2ZvGS3Cla6KaIdd6HqVSPYWZ8EZ82W48pXfhBuFEHvJeWpxTGB7p8i+nTgIHtvNobjWtLQ2+FPr975Uap3CkYqFnNeyxP4dWEfR0yaCAF0mo9pvCH004cxs+1xsPwBCiomwehUB0422oLbk9rYUP4KL8vJxLFG9hiwewJEGy/GB2OXQNPk99gvo4SuXfPg32Fz9vssgBpjjoFA9kzep2kFf3IPw26fcaB+Ppqunihmv+mBaJ+zBYdXbECZnSXs32NNf/4bCXsb1VFFM440j2+jwto3EH9qAgXmCaOa634aniIOR3w3wqqjWrBxYyf8OTwVJq2QJ5/np6l63l/q9TpALy9aQH9pNYmcjcNWdSFYLrsfRIsugWJmFDatE+N9IpvputkXFj72CQWibpCXuzt0Z5rC55P9rLvgCS2NN8bl8WI8c28oz+6+ALUjbuAlo3sUYveJnGeLQcsWB37QXYX+3ZK0RywTLcuNIOiWMm8LSKGGj5IsGhuFMltsYFRPOQ6ZzALpbWtIyG05Sj3Vg8CweSSj6sg1PR68VridJ9cj9H55AiuuzeKijAZ2t12O5ltSWSXWhdQefQHbNbdxuPsbTo6WhzcV6WD5PQyP38+moe2F6NybDsrbgcDFkDaOjAbPyWbotNcKFp5/ifY/ZvHAPS2qcc7A/25cwI8fszk1Wp2iTjVArnU3VOwVgiXPolEwuBHmpuyCab4/WcxxB8qLGrDIhXLorhHEn3KjYZu5Dqzsm0zXaRrdtBoD+botqK7thfXRGTRzvhiU743meWfE6W+/PngJlHBHXDChxjEKvRNGHlmnwPmyL26P8KQHs4ThusBcVpmuDP7D2mBapcrzxQzR2eMoxMSMZ9mmS6yhGkAKfXrgdugODowwg1G1AVTndxPWKipTtkUfdrl1wqX6tVB39BP8VUxCrTYH/hojBK9u7cOfcjkQljuJPdadYM3TXuBMI1E0pJk8150GTvOjC7OtYbLbVXgYGokTOmdxhsE8TE8M5afp38HnngsdsJ5MLdefg+VqCXiXNQIOzNkHnDqTTMdmYuL+7VCbsI+UzwTh+iY5tn3uzPZ3xkPT1680YNFLPxUHUPhsHi64qMy5kevBPmcFVDbJ0NFUG5IPNYH/3pXBLLdCSJnygCL+1lJe6g+U9G0nFS1RNm66Sbs9lnNG4zjYTKqYuUuI9D8IU+aWYN6X9ZeOi12mAxE/cWJyP6TFj+OrAsbQW/kFtq3agCmrk+BMiQGcVoijvrY3XFyrx6WRt/ir/jOKUbUCjyvR9OQcQevwXVh/dyL7+qRiYpc+7UxywM43GeCS9oqWBNnDyOp1PEWzF3Ytv0ZRj67hVW193uuSim253+BYuDhcffeNMg4pg/iM3zQj1JNmTR6P379LYNmN6TB5diG+nn0HGme8wRdBRnB0kz6kVXnz8u56VqrQogDRfzQm4gJOiZoMK1/Go0uHNotMVqJSf0sYs2ExVZga4H3HZPTzHckv9jfBo6kz8GJEP86tncrrvH/iNysjiP5Yz4N5Hri1sRnSd8+EQ8PPeeX2G9RhrcGtDyLBSTCH/m7WgVHZiXihZC87+2wHH4vPLLdqElW+BFyS2UcPW9I5rCuZPawU4I7ib17iuhfrM9/B+jGiPG1NDPuXjsb0o+FQlpeFr3+Pp6S3DMrrSyAm2I3PbA3AHyOn042T2WQikoKevor47ogJC9z7zkK7xcDQfg6YJQzgTUUfbs8fhzEFUiA0fQ7pzTrKGxZs4J6ybSi2VRg+jVFAFUt3tn0fBupqVvTu0zKYXLEFktdNgGNytex+/SF0Z5lCalkGdk0bxV5Ktfyrr4YuJG6l/Wc/crBAPFk6uuPiF4PkEKkHqdsekMcuD/ybsAJjwxaB3/FcTr66gy44H+LfmRYUZlNDHfsmgNS6Hdh5w5m6pqpQhZMXhFtpUtzUT6hrJs9oLsxmU7NApmsU+Iwfy3rpVvhiaS81fy+DxNRlUPGlD73y5vIneSVKHvyKG1gfGjIjOeHqTLwdJIYb5JdyYvcTaq1wAsevb0G1r5u6ZGqgN1sYFH7WgJVCLakeUAXxK8+4u6MbyyZrcYtJGa7uXEFj2mRo6LkDqFVo0mzXpSSCNqg5PRCMO4RIwSWYL2Zrk7X/BDptHA+JRgDvvv7hrFI36ld6iG8f9vGXm/U8pvE5dX5cTBc1a+D+NaCpX+TAG2fBtJM1/GXXZVSZuZoN/I2owy6P5Pqa4dG7CzCJH1H215HQMZCIV6wLqTTGAkzifsIWnTgq8/Kinq3RdEJfknWrK7hbQh+c7d/wYqsX+LZmHJQXydFvlwDK6A8g/wudGIr2/KfgMcNCO2h1SKGsshZQSHJiu62F8NYomqyXvwK664SHP38Gm8dn4fAiY1B1soEdhvqwIzcKY3u0SHWjHjdE2vDOdTN5NfVBQ2EtzDosAkohr8l2ei3udbAhb/eVWLGmhGVVJ3JHgTttbT4L/FgJn9mJwalbXfjeu4BdZB7Tp7bxUOpwCH799iDnQE+4umsMvLdrorhR1pBVd4ZcSr6yraQoRSyazlEOhfSrogXOKX+DaSesYaRxPt7YpQ46Sw7yJLVBHpWaQXtNfrKy2XPKuaEFdjPWYKlsML6Z0YzVMpYwvLqL/WdFkvHILHC9WQViEYs4UnoyCSmO5ClXCmDw0jtqGFCEzYtn4cMkD+4oW8iOZ8/D0Q+vKDU2gCPSTnPsBE1skmzH3f4aMP5wLyauteZnJ6aA48kqCPmoSSa2mbRDtwd5tRd1T7XmnokKkFtkRcszNWm/bAYWueyBndmfSV9kEy/NXMkaU1NI1WMKLtUfDeGzdoOjxhG8PSkYTCVC6bbZa/T4Tw6artwjBfECmPX2FgcG6IPbtJVsle8PUj1OkGl7g0uF/LhdQYaul/tAvuUoijrzGB8b6sDI6wJ8Ot+JMnS+kcu9b6yZVknjq8fTr+1/8E6bBukq5uPSc0KwTOUJa0mPhWPfMinlnAsolJjQX9kWLhII4z8tl+HpyBqIus6wOS6LdcPNUM1pAaq/G0MVo73gkfAt2jZshMV3//Jzha0snWwO0etn4bcNYaBz+AO8FmzGnuyXLNUezEGDwTj4eCNqHe1ld3tNMHqtAXFzLHjxOEf0cAriLbrj6Pil75x+Oh1zFjnRgY0i2G47EXx9frJLwzJeei8ZfAJGsuUNOUjdqkaVi17xU6ld9DzzP34RbQMV6y+D1L4QHLy+GGLdXCBnBNGqvae5LPQQrfivhV/M/gLvb9tCklMPRilP4yNehiiluxgto5No5tARLpzcBraXb3DueCv6nioJ53XMIHfeOVgccB3fL7KlAf9V9FWsEFWKSiEag6kh9TYlDSvCXYVe3Dp9B8f+9wdEhe1o+kQFNIpfyTMTO/nB92PUcKUIXWskYXS2K9taiEP4OUfyMdXHI7Pm8pp9L/m5wEUwldQiN8lm7FyrASG8lyaerKP6i+dYZcxkmrBXnYO/f4cLPaU8a7Ikxzwppu6ACSAl+gB92z3g7BZz1LHWwFBXwFE9mjy99QZ5/zsKZfYvgfSN4F7cY6q7NkhNC9diY+BLWJ6cyo1LFMD5WBb6mY7hXTN6ucrEAtZ/suOKOyNZxjaehC5+xHDJfNL9/YubXnXwx70fcPc7J6pw1YO5hW/pcTkQKM3HluofnC11l4RfW1CYrQGKJF3H5KUz4belAnR5R9BfFwVakDiAa/LPQveROCzt8WOfbD/0fTmdOgM6aOilIpyId6XDf19xSkAu9OZkgtGmElpitocvG1yEL1JT6VuYOZadM4JJQ0q0bGQeZjndQofCVDjVVMxqU3rhrNAKOqr+DS9NHoMLForCVXEzfGQ4gOIHc6BuyV0MMeymWddEOMxLmrfIzMGLYua8YdVIOFAyFw5kb0e3R/MhYDCGp21V4IWvFtLZk3PwRmAolAW28tmfUvBKVZ0m3C8n44PPsLJqAxvs/srOqdNwguhPjPX/ybQvDthUGnJU/Xm42pQme86HFYatvO/tT/KOjsNJd39AzYoFdCbzFzubGUNIP/KSceshUH0la7b64ORWRaycnouV/hN4+6ZKWK+egJcPyYO7bBiPf2tJmfsISoQ3wvkuQ/YZ9uPh17fZ+sIlvKiWQ32pDE0terR6TTGvqX8MnqL7yEZYjdLG59DJwJecO2olmTceBe0f+hBd3kwpYo5YP3sBrRVleB9UCKo1bzDBPAqEX74liS1v6el+cxhXFoYNRbvw6Y7nkNF1A73e9mPAuE2oWJ4Ml2efZ5MDarhiKYFkqhOanplPTub7YO2tCDy1No/LJivDsn3nQJ0TWS88kWz/yUDaXy/c/qIA33hHQoOeAHlOX0pKFQ20w/8qPZ3Qwkbz/CF+tCrIyXVD++eJOLffDe1/W/HF8nT+ptsDOzYvggXT5RH+7gOhPm0wyZ/MDwSW8t1lCaSwMp4+eNSR4Zx6uiNXjpaZv0i9og5SJLTgQ9lLEJzSRrEthGl3jVD+0mZwO24D74/50Nk/iynbspMclI1Ba44SCWo34PIDm0n6kwq6VT8ikcPWuL11CLp9rmKzygV0aJWAfXb5mHnEg7x91mHlwbsYe92R5UWLoKtqJn7xagILuQk0/HYMiKoYkoyCJ1idus174BsNb9uGsV7DaFJwAnV/D8HcVx/BqU8XTqmq4J3j92jht0T8tKQI6p/Gc9OyRFx66Q+puqnj8VZT1E/RhBjri3ww0J83vVbCqA9u/NLwMmS0dmL0vmS64lEOJ7zPccZsI7i1QooUHo8lvTghUlmQToJn3eFWmi5aVPZSubAn7/gwwM+PmsELqwa6K/UOB/rX8fOK0bA18jUpZFxi/zUfQHfsH1T2DaHnFgQ2rmKscjkRGm4OsMMdKToQ/x1OGPRwr4ES/Jdjy4tUFdHDSAxKjfNYc6wQv7lkTBouKSQ+sRB2tF3DpaetwO2mL7W8EqMpLkow+WE5jBMdQx1qS/nyFgeUqJ/GoRgER/+zBWk1f/zqJQXJTXIgtTqUk/+Zw1f5i/ynQZ+kpwpBkmcBtBa54u7F9TjTpAmHfZRgs84PelLQgI3/dnKhSTEd+jiK3YayWF9Rhf7saefNhyfBRxc7sIFEcDwYg4rPP2PesxiMmnuCCnr3cKdJPX26vpSlw0tohokRDMcbglJBPHxZEIJGTxdi1gdLbuu9ChnPCnFvujstkfNj71pDmHbvGfk1OYB9rgQl2V3mio1rcLF6LWUkPuDCyjY4ufsUmiQZw4+oUfzQaxXqdSSwwb+dVDDozGO/DeH8gYlM/52AmvyRfL55FAjO6eDJc7qw/b02DsZWscHGQ6Rs8QxUZRaAi/YfkIkpx/2NIyEpKJgEL22ktUq/aO2TUJ5o3QoCmfWYVBqDc8994zMFT6nAzBRSnr3jA+GEN6WDKVv6Nc8f4YtaGxZQgUoz6mnLUc2mZL4XZwSbVibhpI9jwaE4h2q2lGN9sg5WLBxNQQn6tGaSEDT/2oL5VlJQOnclvv9rDDVzpCCkwZNLIJhSn2XhvfmmHPjXg3q1RrK/vwR0jrpOwk8jeVKuG4b6lcO+8yFkqhqCY42L4J7WXfKfMoTKk4ThfrglKIrt49UWIfR0TwM0r7qF8TFrOGyeJG5c3IzeOlMhqVUbfKSUsfLOXDxybjxZO0uxybgierZImxv6KrE0+yGsWRXAv9ZMgA0Z36FIVoafTjjNJ7pl8bZ4EwYMybGySTYsthyLDmF3kEeoQFD/IxRtGsssU4B/0v7gtCINLJoyDh7NPEfXchfRnM1DIJClAg9UUzB/dQqG+idwnkslymXdgglnjoCATge3xWyCkDEroWk2wJHoM7w5KQhtE27Cqz1FeGoolgpLatmnLxMzsnIoZr8SBB5Wh3UbJbFw7QPcO9WIi299Bq/veRQkMIvPvQNW93TFipeWPKJCAn5tjMCCGTn884UZZ7VlgZ73Wd543YKCla7C0mVq5HntPo8plAXhi5tBLgogregfqW4yxva509Gufg2M0BFk0SupYJAwhhO/KYPDtnksvTsE18wuAB/5VqqcX8WHf76kRwcEoEAiB04VnQbXaE3oqoujjIRCeDV1EmSY6XL4r9HkZa+FifJLaWf/AhT5ylxCquC0XRLOn9pGn36+hTkWQbz09ioeH3UKPY5MwI+XLsOInx2o8QpAfsUyHpVbSW3nWvGz0yGSwEN0KfU1h86aQ1Ynv6OmqQ3KnROGDcs8MS5kP248vIgr0keySs8tvnn7Pp5YP4Wk9wThjwP5eNVIGWYefYlz0RBzfUtgxbuFtOdPFlZqNbOGUSHlDXTy93Zr/Ph6Aii/Pwtbe3VhvYwZCZ+rwb6QTxCbMpWKd4zFtLbzLPQhh8Kvq0HqyAU8Qe4C9S7twJCfulwwRR/XTdfBt0eGcHCGFixxKqZPCvZgYykPkbNXwKKapbS9yQaOQBiIHDxNVeHfMTsoivK/joSuHgNo1/SELANr3uTnj/vSdFDBXxQnf/KAp097aFLzC2w3X4LLyhVgpK4RRsaIQq2kGGflXcUV0f4wrUgXbnQl8QKHRHxa3Y1DA3Iwd44jLFEIwhG9cZRa24ABTa/AUPINT2su4Zh5Z8jxmgPefy8E0890QsfO+XxJQwZkwn7xkYFgFL/1CFXSTmGvbDs1VB4lwfGycEW8Gt7rGtPKWB8UNzoBu09ZQfq7IajrVGbjcR2838WQ01yE4X7+c56ZsQocrmvy+4UakPxtkOIOlMCZ0avo7SR30tPpZN0QDZi3egQvvtML2WVm+PXgRnZ1Ps1v6RJUmA5wS+otPPelFRZ9MgHPX5fhQnQS/1ulgnv2m+OfLfb0dSiGvoyO4VsnbTjnoSl2pQvC1/p43ufO1LzuJd/fZ8biX4b5UvpGstmtztpZyujhdg9GrLYDlz9noFuwlqTdxFgqXxPWdb3jjuw8npmkxCKpC2GctROekp4A1hCCjSovyGKXPS6/0g+nt5Ry96k94K1eAx+KZeiz22X4e1MY3op6sN/mW8TFr6DSvBs079uQ8pFV4BzvA9/kHlOy82Mu7DIEB7cIjnzwked8Wger34yElUvqaBe1QNcqVRJqkKWK/jN4MlQQ6mfUoezhYE6vnMdGF6wxd7IuHhawwclnIvGGx0Uwk/zOx8IYjFy2gW+ZHVZreZPibkt+O/SG9u+qRusXK+nsSU9wr9Hm/PdacGuZJ7zNaIJjZzdB/qMe3qqTwoE1f2lc3xnyv21AzlPl4JuEDKQG6vCg+iZ6PP4sPG2NprraEvQTyaTvsoXsqv+RPLZLYtMVAViYZEiRU0tAoSIFzv95RS0ujizeGYsPf11iz+93efnjKawd5ADjH7iAtrgzlhQeJjMXC1Yf1wXPG8Nw864s4sSXKGF9lkz/2UFesD4vnFvAIXsBXyjosqP9OhreBfBO/xCtWLIP/WZ0U99ebRB0bOTNBoeocfp2yOoy4TX/dtLElHl4QqycSzeoUdW8GDbSHgclvU/wWtZ2dAjOgiM3f5NJYgclFG3AmXHnuV+vj7R1Kni9iRA8irThO0VnyD4gGz69zMZExdMkXx1F0eUdOPlmMmByLNs5icN4iWecISHHb76Oh6ntPtDo481pqTMw+7IJnJJPQt9f1RDbpw9Pg4/gTb8lZGeYT/GvfXDxvGZubtvFHuaTYOeJaeh+MpliWlQh1DWXe5IrKMXWgN88mUbLrqznYRc3sntVB90hf8FJ8BQvX0Mgs+ohLJlZjJYryvBbzQQumfuWOm7do083PqDTlRgIOVMO7/T0YShcmI3pKLc9eciX1xnixNHlsOLSCpQ3bYCv89ZQ/mhdnPh1BCQfbufXB1PRMHU5/RkeTfl1apBkOoFzqsNp+bXvuDpBm775GICubwDtNzHF9fLv0Hl6L2gmzaZRAb+xYusdXFrfz0P1+ZA9XRtyHkynfQenQYupDmQUrqDVe+vop6goFrhMpQ1dxyl2pA6lflUBv+Ey1vA5CEtnKRMdRF4xqxHam6Tov2pH3C22n3CXIsyYqAMGj2op9M46au704RN+byn+bCTeqvhHAUHXIbOlgXqLp5F5vib4nIqAhpk6lLz/PlzLkYSxeUtQY9JDOmDjSFYy53F+jzA3/7CB2HtnWNzfi6pa3mNeRyWH9Puyr0gqJ8bbYazSZT44PoHS5WUh1OY0zRbL4Mf8h7VvemDnBUnIvXQEwsNyMPBXNT7SG+Irl8ZBxraLIN6sRiq+xjxCeAAX1OQC1K2i2Raj0fRMD395PAhme/UBb6viBHNvejT0Gys/X6TABw4g1pFCJkIPQcNhLgzovCa1zDEw89gn9hFZxF/8z/LHthEUfmo0Dohchp5tLSTjuwiPms/n+eAAkmUj2HroOhe3bKSMv7/IxncOJLTuBf2eIpTb8hp7xbLIfY0m7Npdxme2z4BjdsKY5VjJf68W4Vf3N9QoHMCe2lX0OmEQFpurweyVFRykFwp3ph6ktU7XeejCXl53YRXbHs+j+kXLQSHjKozfIQA6pSeoKOYFn9yWgJ93TWTb5WrsZ96KPU0LkXYn8hrBeyi8UwECrsSyYpABpp5qh1Ou6kRpjqT25yNnbXpL3a0v8fWEQtzwWQpMa2ajiYQbJeTYwXaLWm7Wq+R3VXNQ3l0XLm1qBMfl2uSNCCmHHUllfSZ9XbeDcmssoS+5n9qe1MLmpTv4eFw1GYVLweJpEqDhKkSNFZm0NfEc3utYC8+rLenQ7ghaXhdJS/a34aslTjQlQQA0tI+xh5k0WD4/xgZTo/mj1XH8vayHJfgp72vXowihbLxlzDCjYAUtWlSO3tItEHEmGk59D2f/2cSdamm0sfsI+Ol8w9FfTQFGbmeV9MWoLbYMXzgHs2riBmx5ZwKhzsLY2anD4u52uMJWGNbezcPvu7Rg5ZAjSgcZQOBfFV545wmcnzHEJ0+/h2SXQDwaqgGSrEna3wuQA32pkD0w/cwLlp2ZCjFLPqLtiL88t/Imb+42hZ7IMngfUkbYFEA+IvNgj90MPPUsBltulwC4nKdUTxdyHxKFoo87aYzSf9htsYSlirLQN9OLsf8tXy1yh0dtXmhk1YGhgmPhwAxRTJw5k+Yd3gy7DyjjTMd5mK6eAYMFh3nD8GmSERHAkCuj4Xb5Xq54nQeCrgr4PlIcPKVEoCh0EOZKCzJMVUS/Befpr6kenBr5mCqmHIeWL5O48dozvNBjwAeTi8G/7TTXhQez+9ArjFhtBsKT+pCWzqV8uQUUpX8Hixfnor9KEjyS9MfV75phw5IDPCvDGFaOmAI1T8Tgxr8UGB7zmJvFA2EgPwVDFCzwz/6noDfxDTQUAWR3FpDbBDt000DMfT5EN5tnonTmCxj1oIXkbetYvKoIc21EwHhCLThGtVBzfS/0jd5Da/pd+a/LHrKVm8IHhhiwphVsF5vDlkX7afV7UQq7VIzFG2IwbV8Q7X2Vx4uLv/O78WmgopkKU19LQ7ugMfa7RbL22EcgfmEpDAr+R1b7Kuh58xYoOGALiq4rwETYGu6LGqLfRSneU1yIsrJ2/NbJB3Ujp0Bi8DVQdNeAA82+9PAjw7naano29gmEVCzH5OlGvCqpDJZWGGCB23NYv1mQnOSbceVFOeh38EW/900YcnoKBV7zZq24AnTcLYS3v6Xi+EmS4Kfyl5obVUBkdxeex4M0Yskr2rcf8MYNCxol8R1GpdbxL2sNqk9FXp7O0P2gBHTHNdEasVx+5uwNf5LHsVy8IvcWyKLMsuM88W0e1MeJwMq9ajz0dDHVCE0ggTVbuTB9KepFbaSeys+Yo32fnzX/ol9bBKDwayq/vafDR68Vw4+xxN/brtCstdvgkvoQO1/3J6092rzgkD2sEPfky2GlGHQ6ksP0XelEfD3OKBgLJY9uYHpzEO36MBLt803h290NNKkwgU1Wv6au3naQyQ1B6f8qgXaqkqPlFTQf9MAZkg6g+CKBxOsGeeG9SeSeMgU2nriN8ioMHpe2cMEPV9j//B6n7LGH4W4/OGhyDAoEcujq9g8Q9SEHrU95QPXEevo7vQmW3AlHP10xONWVhjOeP4AfBs1498sP+BzYxy4WMjSYvJY/blLG0bvqub9EHerXdUF4YgC0nVsI8p7u3NW3n04pv+SLcyuw/IMw6jw3xbXKNiDnJ82LY+bS5vhH+OKXCU3LFYRQq9mYCes5sGwU/61qgOwqhH1fo0BTZhZdiuzhf+u+4QZ/c1whex7GHbxHtD4INC+uZ79wHWgYqsOD7jOowccMpUIzQCvCGr1faIHrDSVo/X6WhqqOcvvzMaD6QREHV1fSyrU36FqHFXjYJkLnIWe46DodZC9oUk6PIv28NR5muFTz4AUJ+jS+gWqiNGn7FHMQCD6HNgGL+PrlpfTrgTtse20LFlOTKPTbJd6hoQhVXwXZn5J476owiH1lzue3TmffViO48lQNlmYO4NiUKGq9U8eSJ9vhZscesjIIANdiTRy7zgrKW9Ihy2wUqOo7suo5EcybYMQltX7gFfCUpzSGgZTkOwjMbyQ5h4vkaa4D4+J+guYRd4owUIFlof/gl84jaltRB/H7VXj7D0UK+zwa7fPMYEhqI9o6POCp8+PpmnETCdR8gX+LJpOz4Fw6eaeO2p2bYetNDXBUNYE17RWcVPqKW/98oSe6gazQd4bl158E6fpM6Et7TPMWS4JiQR35S1whXbEwnmr4j7RCidb96sctd0/jhVx/2iw7RALXHeABz+GFQwZUFVeFmzL0cIv8MhYPLEADBUGkwp24gxeSstU4MNIpANEeT1Zv10S2cqMl7yZzotNdvvnoNAknHoeYC1E8vlYfntc6Qo63HrWseAVyskfZpyMU55jOovcGJ2libDbEZr3A3zv1wDD2MK7eUIdaB9VwnsoXntqyABLEJ0PkAU2u/30Ur2Y1s9mL0aAzag+pqObwyj/faflRb5byfUmHdpfhsofqXJpmgK+sR9G+LHPIGPMFStcPUuTx8fisWIbvKWVg/6gSOpskgfsui8NYpxC8bW4Dz5cM0JH5gUAxH2FP1FmSnvuGN6kdodJACTZct5RbtynRZT0ZOLM9FttL7nGS0UNeN3k6PBQ3o8UlV9B12kpScaqk8MtydOnDSLhQLcTXpoXjNxHGqsumGF8ewjvrF+LM5VEQPjqbtzpE8Y/1ylAhbIB2vaog+KyMZd6ognRwBy267Yt74i3wjbwcvs5ZgxMJYaPpT6gyCqECvXO4vESG7ohsYmpFdLecStdb5WDj9BGYO2QIOVmmlPnvKEsWT2cb6YW0w3ge10gdBSfvNk5YoMF54W3Yv3gMzGp5zypeRRj7ywKD7iOIXCrD+k/qZBdnjsvqOmDXJXEoGikLaYsugLFNBAaNbSbjN+Pwiqgkd/+5jo8CD0LkwYXwueQpKqpZwC7zUBa7f4hWQiINT7HHOwaT6F70bfSYks3vxj+hUVLT8dBrK7ieuoSGQwbJ1jQYNWe9AdsvZ9kwsxS2XPsIDRHhNL8oDO6ajYUvJxbzsfowFs6+DFGNdiCfJ83u6Uf57eVM3iz3C6SNrtCRV6rw+o4U+UrugC1j3NlfdTtO3LUdH3o0ULX7HOoO7cFs2kTzEwi2bDFkzUl7uET1BeV3eeCaceq0sPsaiN96Tv8SOkixagHO1jaD5bIt6K4Uwj0/0mnXk7nw38PxBAKfac1TS7z7fSafMSrgaYoq8HjSXw7rJFixvhbtlMfxgMI9Cg/cyum2d2Fq3CB7WvfCem8FEE/L4c2fl8FbnZuQd46xUaISFW6voQMqCTQ5c4hlWRvvPDKDbYJD9DL/F5TZXQSFzbGY5nWIjfa+hC2vzDHsQSEMpD6gwBJF6DXIo82jh6khfyXXqSlhYcQu2CGwBz4HzWC7M6X04408OauPgIHoA/TVYA4pbh7AE6nqePdZOHoPusF8e13KmbWVnwY9Jt8JujAjKoQzHq2BfRGf8fHo/Sx5lllZ2ZLkXB9Bi4gnrb9yGeR+K8Kt79dB8awf6F75Amjug8si78CaDhccepEEQ7PSabHjd17TMRF2q3nArs4RFJh4DPWM/+J/F8+yV4IivpsdA1X+2/nw0iH8kGYOenan8dsGbR5+1g5T6jeDY2gY6B18SlPGvAXtqwY40v4s3jugD0Wh32jV7WC0ma3PY5f/x8uW58Ea9QgQ97xMY6/o0pljsXzWn8Ezcyee8vvEZyvuQu09Myw5tIb+CcRT/NZcWqFeCyJDzH1z9cFTKQQdLQq52ecpPXbUAyO1FShS+Q0P6a3ilDH16PnBB0w/6YLI/UMQuXU9uC025tzv2bghdw3caNTgzpi1GGVZCEPumtCsPg46IqWoFGX5rtxd2jDpEu6/f5NV4mOp9o8Ln9aKhAcCO1EmSxeWLJnLd1sBs2Yd5KzGcVijMRenhFmjYsIXmDv3LFTnH2GTuyPBN7+Hr8ZeAiFbHxQ6dZo9Wh3h7txqVHR+T9qxQrwqbjwtf64Fa1NuYap7LlVf/0HOor9pimYrDJfHQl5qFwk1T2Sh0UmQKaEJK07/w/xXgfygWooX5HnwwsI7NHJUGzyMCObxCiO4amwHHykcAe801GFfZjCo3/DmHJnRdNo2jJfpPUT5vAmos1sD6rK7uHSGJkz9cRXXDhTRgMVWkvhyHAXLlKH4hSsuyLZmH2sDRv9yGH1WAd6OEuF5hXoce+8JPimcjRa7nRFXGcMSBxuy3ShBk0XH833XkbDs0X+w3P41Gg078qTPguhR/glkC9v4yNbRNOq9IX8I3c/xHwxhleZliFbWALdFp6GsrhQkzAJ4iW0ie1z4B/3mAXB/ZAKK6+jA9e8m+LbcG0YmTuU1w495i0A3xGUdwPBOZ0iK7IR6rfm0slYWko77cYXZdW5aYMoJK+egTbAAXHjhiFlrXDlE8jZWwQl608lweEkuiu85ha3ieZgofpkrdWaB49IdZPazBYWXiRLm3aT2dkNQ7P2HLx9VolC4BX3c3MU31UrRZOJW/DgplmVH68KVqjaW7R8DO97cQmnvMLxXbUWS6bnAty/Ca3MFnHr5IodLWbLRGHNoNxwFqq7NpGj2AmTcFWlgJPKIM734X9YNmmqvTC9ehdAn7oCJahqwK8oGZXdfpLfqXSi6P4b3JRmDR9MI6ipyhL2FohwSLsfPyyTA5kYoXVCXoc24DXzj1uLV/fv5xwFX7ku+ibNX5dDlec9Q7LYGaAmugJbJElA1K5kW1SbSktTzLCLxAR7NC8QHXuYUsCSN51wTgWTtAeqI/Q9s5wng8CZg81hN+q4wCoUP+dNH13xW9c2Bim3j4PVjZZQeNx50r9RjacEPKP12k1a/c4fYyTF4dGwS2ftIUOI2AWiRus2Wc7dC/YVpYBu3Ev8dMUGV1895UH8zH4nvpIXzo9FMegJE7TNC42/J/DrZgsdYRPMPif9YfLE3NqcCJtw9wgWhgyjjZAIX12+jpdHm0DLiC/uZmpL8jyyorz9GF8N6aKVwLaeuqcR8V0U4F/MRhz3mgOVLJY6xVcCCPDGULRzLJnkviZyWspSLFNdVSECB4WeyeXSc9wnNgNO5piSl4Qer3dfx/nAPKnswE29Y34MZxyfA9t4crK234GLjE6glkU4CN+vZIrMULr1xg9qV8TRH5BaeP2gFE+8V859N2nR88jxYeb6Qb6jd4D69W3g8A2mPpyFs3jMSRQOsYfn6NzDbyxyELvTzpIoCvLhGgrZseEMq+aswr1ESo96HcGOFJDw1mAeJt7O5/9JaMqnKYofys5hgoAPlV+eR7nQ52BRwDxWHleG4vRKq6B3DpV8MWX7RTnbeP55urn9GEWufUqmMM93/dZ43NhIs2l0F72PdWfFzPgTfV+IprkW884kV/zA5B/vTF4B4piFFztSEnq+ncMpzeWyXuY97zuvj3uSF7N42gGGbpOGp4BwQ/1kPZsYjAbpyMGX5NW7f/gWquuspJUKBRJqkUSN+FqlseUE6lRlwSE4XFB19sW5cHvynY0E19xZh0KnLnBX6nixTYnjEDmtSTEkmfqgF81c38pjJIpDaoAXazQtB7v0gJxavpK87K2lihji53wvlHW9HwIhj3Xh80xQQSHLgrX1RJBz1hqNlpHD/tBe8zfMY/PfnPimLy4LDl/18SS6A5nQq05O/+znVMImP7uymv6rZLO8sgxpdRrBxugmMunmKLFeIwJ5Pq2j3UlcuuC1Eeb/e8SOXTzRTuZ+Fi4Rp+S8LELz8Du+5pUO2/Rne9lQZFUXq6fb2q3Aocy9Stg5fNjMm/2GCXxn9VDdtPasl/oecspvRTgydrp3kM7vP8tOgm+Qd6okZrQ7w2WKIfU/I4rL0Dxyttpxr1/ej1zU/dp71B7/PraAoOSEw85sA3+Y4UfycasgR/c0yx27ztaSfPF19HU09dBXN07xg8Yc3/L5XAm5enk0Lptng6NpRVLgoE/TlbsMc1c1cvOwDL358CvZIjaAjmVow52cLGWYk0Ez/mxw8NpBrzqdiycnZeODcQRAvEaW+AVG2OS0F82UuoqtzN6S+yyCjG13UN7+J3F9p8JvrH9GzdznEGf+B7EtisNvtM4jmmqDL97l8xeYtf7B8jNt37qIrNm0YsdEFlM+MgIpuKRA7eAKaYpTpe+FDlDC35SHDSXjRLhjlv08j+RVZ4PJsNL/ssgOnM6L87P57Cn8gx4ZVebj/qhsNVa7A8LV5GHmkkdvjK9FZSgr2aU2AAbs6GDY6BckyLaxvo0p+816h9x1LTnDuIJyzmC5qMBgtKMbP+l9pQK4EbvT20wj9fxhRPBVmKv7gv78SMWX0UtruqA0FF12gV9mZnt8/S1pf9TB9VBop5gbwLqWRGPjUjm6/NsB/VhMheY8R+8b9gMLzzXzMN4N/eV8hcYET3H97HsYFSeMalUysTJIHBS9bVEt8xz3pAfh3tCNKCG7nizcegvqinXS+QQlzXEVJ2sgSVL4dxXF2DZi4OxDmbSmGz7mjaeWhT3TM+TW5zW2nN2GHWXL+CDigJ4qnk1VZWTuc5KXLWDj+Oe6+381Tb4rh1zYvFtbSpaofsmBcG0DzlfbRFnlZ6Fqhgz8eV9EWxzlwvyWJ8xt1uF/8NL+ssYbDXj1o3xKJfo+FeEKaNdVdb+ImUX1SLZDDpQeVQWztNxKylIOaSbsgtP4uzrQepGn/JnC4wHK2Dh9CL56Ff0fWkoxZHc5M1gfn4giYKPMbhlxugbSRGI1NL4dByUmYTB/45OEAuA1CeOexMtwov01nctewkexO+Li7hiPOn8CBna/xlGoCvxxAFmwwAslICUgr8YFr1nf4QJUxrxX5AtWHUrjQ9Ti9L1aD3Lqr+KdYHzu8NWFG4QeSC6rmoJFneUNBEH1+7cCDmX1s5JvIMg8L0T99mNa62gC9tMCuGx0UeK+S9sospObmXZyg0Yzm1REk5NJG+tteQJ0vg8QCe4TsIXbarQOaKfexeZEnPlllhIMn5Khs1T8Y65yAQw4ItdUVfLXCB2Icv8JJxST4REsh6uZhqqopp1TXL3y6UwyOntKFO63T0XBfPvRFVUB+WC9VfcjhRcMS9DXLEw2/fWdl33EQ76EO130S4Ox2FRj1fjop3TfEB0FFGH61HOefsOIlM8txVGI8b5o+Eepay9h61yhcuayXe5YL84yU9XBA/Sa3rXwMioX2MOfGS345ZAtnTmdj/TQLemK2nbdsPsrjmx1x0qi1nO9xjDe2BVLwjhFs0ofwfPofdlU4Rg9sjoNhQwlf+jpIdWNaUWOjIpoO3UecYAd7V6rDgNEADXue4FT7bri82ZUnPzkM/jE+MCi5mB/O/EPTNjiAuQxAZd9tptV3MWnIhhc1qYOYvh596BmGLHmkzxdiObpVjyYGGcHJnG18QlcQ5LashqjfZlA5vRc2SnTiVpdr3DhxOei4lPL7AVtonBKIrm/+wU31RIbUFm7JWoq6naX0qOgRSYnJwYqkSLQUmwSrd69n0ZK3ZPhPjdX//sTayREUcXUnvN5ZTcd8t8HeZbN4eBZC9gxVTP2ZC+UudyHkQxOukDjMmwJc+NxNSdplXANL3g+Dz0FpWOF3CdcuWogr/wah9t8udk1/xTMvOqO17QY0HXRCeJNMtp8mQpx9Gv2b0wqR0QI4ptkCD9ZWQVnSQtod0IhjDlvis1ox2pJkAUHPr+OZx/tg04YC8DN6RRMWH4dvJiIkPiMZP994SqqCEZgWPf7/5v92j2ijm7tWk/zaRGxX2spxc5Mh5+YOOPP8AS3bHMUePT+h0VgN1sbqQM2Iv5RzZAquT5RDwc2zcFKgHqSedKMV797Q49uurNSuDGd05pFswV5SFIvjmUefoGfEGco6akozDOqhoVeNZmal49kTwhCY0cexK8/Dl/sf6dz9Vro+yY5W7yCQXRlDz4q+ULR7FJx7Ngb+SLtgxI5L5LHIlN/8SKdus3U4GfbCogXJ1OlwnrKF1UA7yBx2GG3H4B966F23ktP9hCn7+QlK3KmEQa8DUCrAkfyOqUD6NVU4JbiERW5Y4b/7dqyxfivkv65nsz5NPpOTwdInY/Dcty84/5gtOM54zD++eGBK7VkWOLKD1K98QSd9e+xJf0PrBtayeXU2bV8/Ej71GuOTgEnst2YfrDUpZ9NxD8hmpzuGjNpHyWW/wSpiFDduNQGjb1LQObebZ49dxC7zruJdlzSWjDpKQ8v/cbPbdBDJNSSzQCsYHTnIr2wO845MPZ4wpp2+Dv8HB6sPgOCxvXj6zwGKdcmkyhmCkBBKVDL3NU01fM2DqW00cROhU5wDv71XTo/EK1heQQ0XHtKEBSPuQ8P5iWw3oxTS9hzlr8ZKbKn+hDnOiYtHVvPBg8m4vVMH1DyLcPSyReh9/SE0PupkqUAzjLhiQ3pPm2DVHTm4+cQc3q0VhCabNGz9aMMrFt/Eht8xpK+zjsdL93Bs8zA0tCZBmH0uFKfpwYLYSoja1U3O/YvhnA9B5VRN7PwRx/8KP/HW1kPQNdsBZquKw+1xi7nqtx3EnQvFy1t206aNkXR+cgnmHdnLliUr+OGQEGS6WYNV3RmWfXSXvFsr+djqaOjYf4zHymiBoXI6xIYeZtwhDhfm28OBu1fB9bgUbNF6CXbeUTRgZ85PYp0Z11b9jwD4AAQCgQIA+oddIhkhVGRnJiMhIlGaVNoJLRSitEuhpBJFRUlRtgppa5AoJavM4qQo0ZBR7lFsviZvlzqBE8IUoNI1Dh6r7eHNPbNZuM2fP88yhGfuv1Hv8hhY9PQ8zA4pwNE6Y2Gf7SP8tCSfhuxGkVh7HfYYTeEE63g++XMbpqSOgGiTO1j5WBikPBRwXbAZjg5w4Y12wXzn5GE23erBKxskqODtdDp1t469jDThjdMUinhPoL2tmLZOGMHme/1IaNZTMm2czo1FADXfRbHZUAe+fZ4A6/y3oYeZF464M513jVeB5CgTcH38AGdZTSdhnUJQj5EBbyEjKpgrwRuVNNjZ0wAld06g3wslMXHOEui948chdk00SVgQ3hd+gbU1D2D8+Vd84T9BKr41lVzbP/KPfhe83XqFu74EQk61CFhbnAKtg0MglrgcazuXQsa5KDh5yhTMh9z5vNYO7NUZotZ8hFmeF9lt01nMy/0LZbuWsPWePDSLn0Yaw6IMD56icmUzHhTVA5viNSCx6Am012XTM2qh6rvFcEB4EasMONEv9y00r+Yxyk0XBsHGX/j6qScfE/5L8aMC8ZjPBea7n3BPhy9FOd8njx+RMLHVBA71Pabz2/rJvtCO5XMRbZ7r04fJltDRTnyhP4Pj3X6gwWxD+JC6HnSvWdLuoVBsvPYRd306jXTyBMst0ubtth/4/JA/ldSZQ/tjdx5Tn406w09xWPwziB4Xoa99gWAsvRLMKy5xl0sISDVOAg/9FaDwRgFuxatTuNEf9tNdyOwsjZKDV2lYahIdO+rC3+0E4bHtcdj9fQ1PuORBH317sW7HSjIs0MS2jhwsPfAa3SNPwqQEAI+PryDT3pVijUR4y+hpeNnyFK80PEgzOlZQSaQ09XX+4i1BBqDdUcjHbm1h34mF/EI9EiXSZuOE5VepL6QV37yU5d7KddjyXRDmOgDl+2xij0tnMUAvhGY8XYbRb0Zi+3o3lsi3gQdndOF7lhl8/buSC0Omkm9NAD+VcoUPQtX0UusGd0towo+IUQDjBbiNlOFrxTpsmr0EMr8rc+9dE4pP3Iu2Zyowqn8s/afogWWflaF4WBiCXEqx/koGel21oN4cU7oqWcnO4s1Qo/sBZdy9qCrbDBJ2ycOD4xKwV3cZeS7JoraTZbBt+kk4FX6Dhi5sgGljbuOLndGgOU4ELto+B6nJI1i5+hylL2zBdzq6lFcvD7JffMnw3Udqun0XnadpwPLgJcCPy6j2ah8Hy30iocVRrBk+mzLzF3D/fFvcW3SW2x4agODlmcTh3+Dwnxy26VnM3VM2QaH1Kjp1UZq2ff1AHs5L+Y3nBPh3uwEiHhxnXG0Ip1reYXlMBZ8qOsqtvn70rcCegtOVYF2mKFhufQTlo+/jnvp5kDOrkM3vvuPJ0bncuPcOD5wfwzuWRTDIa8PhpEkwY+1OiLIo5vy2KBY3b4fsO1kk8E6IJm86CP9EjVn8BILG+jf0ovYPdzuuJYuzx/nsgCF5GyaTY2oRHjVQxmeleRA7geBe2ULsNI6H6S9UKdYoD2N6V+L1XbVke+4Rl167xRKWL3hfI8KU8W/BwUEJT12T5OGT+2ha5AMaSDrJrYnzSe1REB14/IYFRypB/3kxPLdkHP9yPcdL3fLI7rkWFT4tgsgxa3lvRxfFvvYAySvaYNcwkXU2CLHOBOLRFW849t8d+h7iCAFzArA0xZFF5ohj1QYdED6jC0E/RqPv3AGeezCQP5+ZSEV9bRC2NpBEUvXQ4vJY9I8VgciHLtg005foWigejJpGp3AEB+Mk6h5ezbf/xvHf2MUo9WckZCXuBvfHztTmYME3BipxyH4hTpkfAllgyE9im9k5dgkpHlQC56KFKP9VgIzimnG5SjV9CFgGl2Y1Qoq3JJzcdAK+ug7xQl1deNDUTJN7xpN10wYwk8jDDOUn7GXUR6GwgBdvT4CsZ6owsHIK6NWORt2tXrB1QRJ93xlBuLaFveWSKVh5LcwweMQJT/9AaJ0KXJXcRMNTn9Km0MfgmF+MrW7TWULjHgTWisNVfXEaZ3qLNeePhE0z9bh6xB9qad7Doxv86aFOBh+NjOPUvHP4cet1ODeqkU6PQLCNSIBzR7rYMNeX1wWH0OddapytNAsMzArAr2MOujde5ty/oiD02xDXPDCj98lTuUZ3GC5OPwHa1UlodnMUOQQY0bclpvTQwRyW9rfT6hnVODLJn278rKQO+2+4pc8TuxcuptaNjbB4exlITx0NT4VfY9jCBax1YiM9DAuA4YtmuEfEjdMlZqKxiQYeKQ+mhb81YMOBTLZ/vZcm/P5GykX13PPyH2Ub/saJgwFcW76Jhq7NhKIbhmC2IwD3KFzhom4vUovN4/KNSmjXsASrh+/xfVsVFDpoyPpXBEC/dhfZTzoEC/dEkEGBNj1wucebl0+nkKC9oPj7E+YtSoBqeXlomCfEYy+chvLWbnwyu5ibvuyAgJ8a4LYrjSe4HUXDCz8wwFEMpvyZDeXO2tBi6snmFnKo1T4dY/XqSfzMXQiS34relVM5rFASap4bgOmUEN4QUgkLyobYItSAD45VR8+4/Xj4miHHNDuwQJM8xH9ZQ/opR8j0+meSf54PH+/Mps61QRT1vpKXxPzAHQquKN09Huov/MTajp2wK6QeY9Rmg8nCnzj7YRu4Tv7BjrHhfLphPj9wk4bZDjcoIfwhLZ8xD8UlAuiJmzYmrlLAE/NuQFP0b3x0Oh+S0lUhRVOZ92nY85QWdxY1XcZFQ3108kQQ//xRRpYeoZT/2I7SxhhB/9SPOPL+Zph3aAs3+E2Bb05VuM2qEuTKCsjJ5RI9LM6lJWZTQLYzHRpCInj3R3eSe3CZzbpnUKpqNSuOvwY3EyeyZJs8Xo4UgoPHfXiTgiT5RSRx5ddCiHCoQGF/BzD++IVFv3yHjDVeNEZfHKJDJXn0OQFIfKaN0wU7ebzFV5adXc8LHW9j4IsDGBu3k/qFxeHmvd1gE/EKHu+T4KxtMdD84iSJiLjx/mId8jNWYvEgTQqfZwiXsnUoYqMndgWH8Q29L/jmggw+m12D22O06Pd/3XT7XiUWyuiD04R/4HNjmDULV8OhcgTPt7U4UWQndC8SJsmhRbxXPxn/zR4H1g9KUEGzF3Lq01E7wwxozVw4fLUJfeaVYmTzVnIx7CHb15Pgb48pGL01xycRaiRg5w+2Ud0wyzefVf6rgBPntuNig39s1m4OHxRtYGnmd1irU4OWZr38yHM/2X05z19yhPmC9GjkX9qw3FEZ1gXt53FcAL8WLcaf2sXo3iNPH5R/gsdBI2ysHoSL/hZ8PFsZcPdC7vBKRPe0FL6cJoBJJRXcZLIQzTxmwqOQFTAUFEQJsghRkl0Y8fcnx54oxPKE2XjtWTmdVF/BVzbowzGfbBqWSqUfFeJw+rMbLhzhxZGxtni8MYbSXLfzR+GRdGD2crqbpc7RWw0ovcICJnS5UNKpKfhD9CGWGhNLrZgJXhuf8RmJ8/DQzhNcR/2i3bJjISDOiSbt+Yd7Pp8FkYkjubBnLEh7qfG+tp/gX3MTnZdk8tSd8jBZ4zD37llLfQv24WSFPfR9vSueLf2I77JjqMT7DP1V1MROSyV4bPeR9qbOxR+tZigtBqijWU0i1WGYNvkp6m/2Jcc/kSxsOhksJYYgbziNJxk9hrj3Y+GvpxmKm4/i3K5pGJyeQ6ss4uiH2RhYunQyvbgWRof1J9Dnv1PoQmkgC0pfxu/vP/AsEVG4xtVgGqwGn/gnpL8255hvPiB9ejIX5ipDmKcWBAwWQsI+dc4/8grq6qzhfLwJtPYK0xK5Qzxh/kk+Hnid4tMV0GC6O3SvW0afXzrg57rR8MO+Bo8/V4ZVuRKwZsdOKN4kzZEVcznT6jBV7WjEHKEyUD0oBi1d/lDr/JcF9Rv4h2ITvr11lwTu7UGxLzM58MIbvt2VwuHvLCDQWpI1f9/HlrHubHXLi/MebSZlx6u0u0uM/jvfAPnLetAw1BBKtVsxq0QWD79rgst/DYB/ltGTjeGYKddLb5Pt8FdCEtgoGYPUVj262iIMAzAbIuwHKWrWM0y9cIZCd26Gte+CYLX1BxSrHwO9c1fDhxygSOVjVBbxh/97dxUOPqkkgZVT8JGZCLx9cQf+65cB50EHcPayJyPrfJrdcYb/bPEg40sbyOtvPe5+64CeykKcOEURxDxP4BQ7AUou2cTRX6X51i0h/GAgDjmFe5jsfEiv4zP/tJsKPtHG6GQ2l1/HGUFMoiHGOM0kyVtz4OTeLrw3EAtK2vo0QlMTfK33cMs/PRAPfERJ7/ZivnM/HQ69S4or2ki7PpcdJSzxTJ0YeI93x0Uzy+G/56/BerwMJeyLZdxuSSplW7g1S4NXTUyB/a7qYFnrRPIXjKHUtpT/WxZFDRjLIysFUKn3NTl80+DcnB4uk5CEoeo+2nZTD+WOebOSpR0pbJSG8z5uPDU3H4aHQjltuRxrHJeCsaFbcamtEO99kkPkQbxPrJzWJBOuPrIG+uslcPHY9bDeWAhO5WjgoQVlNGJ5Nf5dlgDfTv6gZiMDjIleSwrOijj1jgU5KRnBuajraHlzP40a5UOUfJS1XFYCWdlCjfpfikxx5yd3xnGkzEjYdWYGxC38wIujR6G1/CFsnXQYZ5nexpkWabx/WydGLZTj7xWjYZbEElTX1QG9wWvsnJdNS7SU2bj3NovPu47RfhdZNfcAfZOaAuvSfFlUrgJOS90At61bqGb8E6qLacGXixNB+ttTmOPRR+HVslA1Yz0L7vyBfgdOQ+b4AnzloMaLvH/AgTpBPrd1GJcc7aHSmQjxoqo0U3ACPyru4oFN5XB0hikLuY5D3ZiFuOdKGTXMTOQ15VKgvMCPXj4Q57mihfw9IIgLO0PBv+gRzBo7g9Y8mM2jf5ujeJscjJmfzKXYjgv/s8FLRz/wDgFRHv3chaftGUnVBtdYa7IGDSoZQLZZJl7WsQfXOyL0OG0L/LiVh2+GXkP4DykyCSrhdKtDoHZeDP61e7BNzinIcYmm7q31XK2kiz/TVPjlxit4eaw7h8wUhhm1YqB4pwOVi5Ko52EeOZzYSiEys8jl2Hf6FmYBwaeC4e+efhoZJwI6rUvhTPshvFauQi5WS+lO/jZSH78XprjnoXehB+drnaIZBybCs3uHQDq/D9RLLsCHCem46EsgNB2Tx7cHxPD9+lZWqRzHxotV4YTKPlr56SLNUbChI+ufgPKolfzs3zy8f+EVuwZI04ePvhRbqwo7ZUQoJNmZvI8loK3OVT51ehPbi0+gS4bTQfPqKXQxykKpGn14mfePQ/rUsTiwkOMStOCS3VTwzy/ipjw5HCO9DvxzjkDkQwlwVxODiqo0kH4ixee2vYfPqqWk8egw/fhwlcMV7vKylnS48twUPtwEuHS6EQXGv4CXerHQ6niLl15fyfNmfKUn0YlQF52P26tMYPc5fyxfW0MWtw9xLZrz8tP24GmkCak+swlUiihh9X7sj5aF05/0+WmvJ2S8s6KulDi8WJPH+mJOsEQkFYptqzArXora6qdAhps+TNt4k/yKUniRXwVVdenjhd8hYLGwBZd+OsNum2VAJl4Jcm6so+ijQ5i0uwCL7nTRHv+/dN8wHWefaKMbGcFovV8dtf/Ths5nybBOegeceIRUOyocl+2u53apE3ysxp3uvUqAhgRr2O2sCkNURg0+U/CQphWvt4ylPf5NcP6KP/lHrYVJj8zgnYYnyAWPgIA1HiAi9ZYFNrbi3w5fkvT4j0vWumFD8x96P/4bLpV/ganTlGDMwFIwKzsMOx6/5i/ZuVi8rJfWht9G/0fbICHYlEcO7eYj07Uhcm88J434jlHdnrR/w2+Y+WIK/1dpQO/1r+GosXVE0Uv54kJViBDro6ev1LjsnibOflRMUQ1j4ISiHH8YdZekBMRgaPA85jULw5k5J3h5VBlklUyhfT9LsL38LhxZHQsdPyPoU9UzupwTANtqp0LGKGEwcGwln+ni8HVCGrgpjKGDlREUkHId/ddU4oBkFvlnyILjjdlgf84RpV7lsp/oKjopIYN9DhKct2ESHjBEWPonEt2yTWBEuiB4ZF/gn2uP8pI18zG/fTlZL/8OYV+NeM4zTRD6d41L85Ug7VMtlHxtBYHxIrhYPQkcew6xef8MkI904YmRvWzrb8RZywVA48V6uvbcFI71qUH3lS2sMUeNtg0lQOZ/63jkpuPgul+BXwaMge8/AIWK3lBN6lK6lFQMKz5Gce7gDvp5yxU/9Xbx6fy9pC0yFqyEjOhLhjnqWWVy00g/zh65hh8FnURtdRUMKr5E+zpNqf7hFDD/08Qbjh5Diw5f+L05EJaYfmcvuee46dwL/DrQS9e/1JFnvSk8G6EKGt1uPFlzMR/tXMXSgZr8J6qXN/1XS1pZOhwa48yThqeAUaUEShfq0nC9JjcUS/D8mA+43zeNtz2dzmKl81De+zmePGwJq4LWckPwPPz8KR7T5fvg5+9UPHFjG4BnLZRYDeFzA8LggWmwUycSTnun488HnRTddIXU5J1I65UdR2TegZ5YF7KbV4Af16pDv307Rxgt5Cr/UeQSX81KBoZ0duRn7vGs51D5VD4eFMGKz8ZCxoU0+LE7C77bPsbRE4pI4rwnf5vxGslaGSWGUmDrn82sHagJev8B3fmzA35umAddF8J4Soci58N/jK3tWELF0CqcyZKlYjCu9RJP7mqny+IXufCyJx1suUf7Y+VIUnAPh/hYoJBYJif8Jw4JFrWwc+EKzNO4hG/2LsDXv0NYbEkFDWwuIrlZtmA7+hkJPVSCaeFt1FR2AhWLrfnN5W1YVHsf816u4jj/fBgQdqPDBZN58aYxMKAri9tlX1KjgTW4l6/H+UNS1OOmx0/Nwnm9fTxeXOQJOu1mcDzpBQXyXSj6WICGh5NgwaVoNFt8nZPGVFM8ptKCmm6Y6yUEmr9mcX9qGBUGf8F32wuw7Xwen9oyAkxH/QftXxJ57MgU/KSuDIv/bYaXNIucVabwxQt3IXLdLRLKLMHkqM/Y9kibSjUmQocBgPkLSSwIaqXd2z1gdoAn6ybOBouR0yjg2lQctTKNm4Ti4VYxAWUE0FxXHx5ccYQos5HuKHSRhY0U6UiN4XeujmSVu5RiHYSh5/hXnrRzkI3HmoFf4Gouqs+nL5FjKFJlGoqc6sSGFn+OaZoGYtX91OGtSY8XuMBXvV3wYOsEuis2xG3novCS0D/I/zjAewoQ5J1u44IIQRQZU8c2D3Wgos2Xn/jPRlkFD1zxCSDmbxAmbRkHLpol2Pg4F6cafIJt1XE4f6k8xK/4x8rp+WhyqwVS4kNY84UufB26xYa7D0J00iw+vzUCbp4boJrmN+jVFkvf2I9STXphacco+P7wK/jNyQUZ0x2w+IsJT/5KMJTgwn8mSWDu/MNUsUQWPPR14JiFBlx7W0trYkRJKPAMrhM5wFbl+bTSUBjby19idYc5OCqMAlmXK9DxcB+6CHzFAYzAH38OYOoCBViUPhL8vD7Ro6kT6IWhBlyNMeCT6a585IQwnWlai86qp2jK/Wj8uK8UrBbpsI/mWl5yjYEPa3FFzVx8s+Yt6naPY93vr2CT1xM065eA3Wcfwa+NrmiyRwtuOaTipxcFuOK4Pj7QPsCJlbZcu08CjU2cKK5jB6r1h3JLsiW8SD1NkRPCoHFUPbd4x8PlwAlQ9GY32H++RgJfPlCwrBKEGo+GN9yHfyCILr8nPPMyEI1nJMMM1VjuOjCacdsIbl38HBUXS0LAGl9uOzIF6142wNzQ5fTrnw2OeLQbJt5zgUdNebBtTC2FHpwO7esqSOZoJ9qM/8ZLqj9y9ZoHoL4zlQYWbQaF8hheLV0EK7+JQ2xyLj9zvkJNTnak6VmN6ebLwDHAE2Seb8eQugvssKmdLXdIgNSneXDXWBhnvF5AZnHXycLtMevXyMIXWTf8bNWFy1bl4qgsAVgm95dcW+JphY8SzFebQjlCVTBTToAO975H0doMWuI5m84py0G02C8we2eOA4uyQW1JAP47U8E2s7XY5Ygh1g+nY25YKbxZLQJhSq50P60ETmM4DQyOZ9EQD1Zcnw1jopawfdwD/ikfzj7nrKDMxJLVy7zJIfw2Chuk8xun23jg5DJe1FvPb+vuwaFqU0xpkIUNLp/5rATD7ln1JG6axfE6Ulyx7DHaZl7FnrAmdpwsBaKC0tCjYMOnf62C+Zc+814xfbz03hPOXw3DqymdPGr7MzwhawqGv01gsuB6Tpo8BZOah7Av0AdduzeAxQRpmBiTzVXta/mW+HlKdx8DG5dvwuWZ78CkJIyFu/5S+JmTnGp0Fg7rnUVvbW3cf9uNPa4x7L/Rjw3xZ0A9VBdScuVIyC2bj5RPg2L1GWSZKAk3Dkvy8LER8Gvfe0xtuM5eLst4qdNEjLLTB/fZ/8hv+gqIkNSlgMndYC88BqwneUNoUCOcPH0NMq6NgIpkb5aSvEtv/iyA+StO0KCVB+6o0ofWgxnYN88Z9xX9AkEHA7bsvwXR93+zk68aBnbVwQGvXNgbIw7Dep50eIwiDmAfZE5dR7ovotB5eDfNsHCB+bqvSOViNgfmysNypZ24RsSXSqsTSNj+IwtoWMLWoAconHMH94bIsYeKHd5ZORGclcVJ50c1+k1MBs3THezj1wCj/x2nHb978IhyNFokeoFpyRgIdA1HU4Xt2PbODEe8HAm2GIfZyWFs44hYtrYbS8UeYdU1LfiiOwFnrZ1Eme3GPF9qkOvCv4PUn70cUZdGVomBHJkfih/+WMFT3WR0LiilZecb+N/e2Rj2xh8HL73Cqh0NvOftWuoUekV6kVPB+lY/5itcpLgDH/DGqjg+YqCJlrbX8fMZdVRySIOjBx7CvkICa0cduGT4iZ5/SqVHrw5y7G4dcHJahHayETwam/GN1zBVJUyGmW4/aXpaNi98tw3szjnClpX2dD/kNz+UCEXXEzY8mJiGf/wF4Frodp4eO5v0rUNBwy0Gd4wrh46ELyQbEQjJtjOIVm3FEG2CDMuHtG5MKqXmhJGpiDfc9Yulg6HHOLX+CrVri3LX3EzQPmUKcxX/4V5Ze7QrUeTSoV3wrtoL/A190eeHLHjtNaTRTRIs5DoVtuy4BvtfSgKfPQF7vCNxd8EEOjomFK+6/oLg1X9IMmgvTanRgEkW97DZLZpPWWzG4BvzqbhwBx5o1aYNwq042bIKyvacpJ4BSXj205tk7LRw7Pgx/GuNEE/KHATJDTW81jeaT/dfoPF2tSC/cwz8+5uG58RzUNUiGkIO7+I7m+tx2rt+/Bh3hpvzZvD45n98AITBY3CIpm7/TRq2tiw3HEBmAgNsfMeeBq6a8gqzaLw4dzRZiZmCWM07WCmyCbxlH7Ja0y+u2m3O1+110PrAYZB3CYVHCinkKzYWwn4eoNzQS6Aw3oQLGm05v1oFBW9mklfyS/CJ7uBJ9o74sVcMfpY3w5dQD3KM34oLevv4eL0++P26xgH/FDFTu4avW9zBEQKS0KB/gem/lahm5oBtMsf4x9ZSMr+xHh6/0eMO4QuQ8NGMZV3MoCVqPkZ49IH9j2YaE/4SE5c7QP2KG5yxzwJ/NV7E5U90aLyxJRReTsFTzgF03UUeuu6Wsar3ZlS4GsATPPX4cLshjH87ByV0RoKgUCrpzFTCER9i6HeWMFRL+OIHh4tg1TUGz8yYA/NLFuJg+CSwCZ8N1c1rcUrjJV7n/gGb3uqjRuQfDuq+zav/ecJdk9ucuBhAY1cVl4nOQY/UG+A59jHLXxYhuWfpNNSXAoFZUfz+vBEn7lSCD/s9uaFwI6Q9zId5ttWgbHCUXTRK8G2UIv0RmYiSp8LZdrwEPCtSwtMfBCF4/xz0XhUAlrduw+eKGni/8B5LrwjByz1bscbSCFbVEj+YdoTjmv1BXXMVV2SPxUWdP2FKUgifgFQMW1uI8hky0CN8Ap9EJ/D1O6a0I2QuPc7PInzmia5f89n5tQzPkxeCuHFGIJ0sBWvsRtPWRmmQL7oFis9cOWIsgcluVWyU0sLMbaZ0uNwMrltZ8P3pCC9+q4DUgU2kcOIxHzC7D2EtNlyn7ICyHb3gMzwdpJaVkoKSFjmODsd1Z0+DvEMJDG0qAs/WbFLJnMszcxbicSV5WLc3F5+Y1kHYiE5q6jLGvStqofKiDYxZ9oMz6pXoyMNN4OZvAGE10bhXcRV3Fa0DIbN1fHHOREzreg7ZJY84qOAV7vi6gAPbpcFkmiVUL33Pp1aOhubnW9Dl6UF4LZLBv0J6QOSqHCWaNvOXa6MgeEUKFm6cR9mx32DZrAeg9qCFbLYMQ5vTaNAsSIA1qIoPbqtBSLsFtKhM4b5cJxhqzcIrN0biUfU43nA1kn6JbMeU9+NYTXMsnPPRoierDvLcVDVs8TDnlQlmpHnlHf5ZehyeDcTBnNoHWHNPBPp+X+EXSd/wlpwUPOyRovRtfdy9SAqrJfJIKPcMBwlo8TtvEzhhOINEvw+zxbtZ8HrDX5z0eA51ugrD4apCJtsNtN7zHzocE4KUfaJQ8v00+xTO4Ci9H5QzoATjlDphpughNK67SUsXvgZ7NILTW0sgwmc9KpSfopbnVXAux5wCTT6R4/1q9krspdfZsbC63wT2e90Gj0cJKKFRTXojN2N61W4s+9eLWSvNoTvQgedUv2PBuVIgMmsppR2eD89+rOZgqUv0e54N/ycpCd2JCjCuZSG39S9Hm5HWIDc1njZ6HYXkzUJQDJok7z+NpfQiSeX5Xmi99oQaV8dwg6Y4zK8NxDnfvlGoqA5t3HaCTKdpwMZrCZx/rpD35RuzmE8Kzp8vBJc9Q9F5Ty/8OHKYpplW0Ijui7T1qh8YXX9E7nkbcVfNEVSZrAJzNuVT4H8DPOVmGSy+oI0eN8bx4/njOLfRB6Yd2suzEqNZfZc4XHiQyikXSinsqhlN1nBEy9sB9CXlEs26Hs7/nkli1sZFLBkzCtJnJ/InNW1e79jNnSsF+VOGBZQP+ZPJ8TbW+CNLW46fhHuF46DHcwTG6V3FmOeFENr+AyaXL2SZWwG8aKYaef1yw0m2Xfji6RTYNFuLslWFefxZdUiozcTKDkXunCCGMontbLdGEwZMZIl+mcC0ak9Q79hLp5MsocGsFN6JhvOhchNQMjqKGi6mtG9jCPQNSUOlXxPlfO6EXWnfIW21NS8QcOHK3LEgXTXISVnHSD/uEEWcEwZL8xHk9k2Lbryqwf9yArnnTSDWJgdQYNEvTq5YgysqDpD5ZQU4qnKJxiyMxDMHh6EuIIXDhOaBQ/Qz2Kl7FmQEFrO+ezbaGOhDmcYrXp3UR69kC3j3gSa+/mQzLFKdxhFnD8FfhSXsvdyM/k6Xh++5G7jwoT35rSuj3Ev67HqzB8qqdSnDboBWihzi3XOOgbiiENgN2fFMiQN0zywFnpjb4pG4TVBmok73M/6gRNMDEHuoCYtDBaF89R+ItjCGJMcC+vukB0wWeGN1chlU9Yxixbw2WHZiJQ4YW8DAcleE7dtpWaYX2RfNYM0vGzHr1GtYJVENYqmzcN2jevb1EgYXx1aMr/oIZeV1NKL8Pl1MvkZiTTdx1vc10BbuQxuOAd17Zwn/7ofCqgmKYNw4gwMu/WLLWmcQkd4OSZ0KPDxTFQx7dvHBs9pw7vYtSBnjDcGLc0mgdgsLCCXSgpbL8NxSkZzOyWJMTxvvk5AFkfx4krS5T9K1R1lnfgaJ5fzDZ9dqwOnQMfiQfIk1B/1wuEUTfKq3okqZA6CeCS+N1qEtRtGU3RNPEdI23OD9Gy9Xh4NvJ4HErgTe8iIIhgyE2E9EBw8MTgXVop1Qv62ItIwTYdbdJNI/KwN3C03IInM0NNxpoQbNkexRfBm3rcxA94NP0fW8D/iGpIH/DIKYFzNQGk6TsK4pO3xeCIuKDPHw6gXsfCYPLTQRDm9XAKsmTZi2SxBdmp2xUssV1wlugNszLrL03Mdgo3Mc1xj0wpvQbvqRYQy3V57Gl1rbIP6KE3w3nEMLf6zmzK9V9HmHBV6cdAgVwQZf7VGFlWtPgLxyBt6Rb4dHrwvRcU4f+k78zac3TIIWeW/q2pHERRXjoT/bFPcdVMGnMZPo+isJDK4yQZH6UuhPfcQJ50tx6KoqO0toQu0NQdp6q4rnTXWCxRcj8cE4R9ro9RNqNUZhe7QFGC1rp1mK5uDhUIYqx08jx+0kn3oDdh4ux+Hzsty8eiW+OvkKdg2vR7XJo8HBTo6+rQ/HO3eDQO6lJJufvsKnMpThV9h3EPuUj4dWO7LPdCGY8yyZeV0pz3yRBm8MWnGe5xUqWXGF5U4cg9jSdvD/SLy8TAhMjb6zsdQOGO91jpbee4lln8JhV4kgxVEMdm54i+LRFnjbQhUUO2thm0wj9WWO4I8TV+O4/D8o2ONPmw9JgOQ/JyiGQeyaNB6yOpbA6/dOUFHdA8vCPnPgnG94+dRmGG2Xwa3iMuj0qwvWOlrDFp10rClN4K/6T/Cczl48Pa4H9lj4wYebAWCfWUUhyaWQYaUKO8bag5TacpDJ8gWZffqw+74K/TNXwXa5BCjZ0EiimxbhezNlsG3YA8EnfWFBqQTOztkE+4y/YVX0DfB2+spBq35yyXRzHl2pCvsCW0nBpYRkTCX4xct8CFt/m58VzIO2A4l8xHEBSeyPRHkHYTDtGMF3U9Sp77k/Wh2v5c/bjlP3oVcw7ed+WJ8lREaZ1ai+QAQSPz4E0zpXdEzcTQnXFsDKDd8JOtTQwdOIZs0+g6suW8KDe6Pg7hNp3K6cCc8bRtMHjxLafcaML/SLg2D9Xkq6+IrXLY7hwappwMr74XLCTI6J+0iVblGcKdNKjXXTQO2ZMX/5G4ApS96QWq4JHH19mQfXnsRtKaKUsUgba3+eIZueR6wu+BXXxF3EhSFH8L871pDqvBz1VPKx6Pxm+pgwCdIcXqB+tRy4VM0CxfWXYHSGGM63E4VsJS+4ZHGU/V1LWXiRMZu6nULLv0qgNEKZhSR8aIXuGXwspAhFRanQN6scjrlEgWyRKJ4IOIMflM7B8o0/SS18BL9OruCcRg2oihBnjXVXqMLkLsg4H+HSKi3KdG0mhVg1aD63DHr8Cun7KXUYcs/Bi282oEzDHm5Lno6lHqVgvEMafYvu0Z+ZwiTxPB5ULhpBUVQf5aoc5Kgxy8jd6xPdCj2P9T7rOfvVAziksgs/TKiErYKicGjrLzBM2gxHjYSw6OkUKDFPwW7RHIzQUuTqUxf4lr4I3VcVh0ydVE5U2M8W3zvIQyCWkx+H4lD9GWjS6IC7N51YbtF2bFklB6ZnZ9J/9mPBDkoJ5xTybQdXCHnqyVq+WvSlqpaduipJ7qoK6N5oYngzCIeeRKLqpW3QPMoYj0g30KYCWQ58PgnDJzRyZJ0+DOqtgnGuj3nczkzcqLUHtnikc+Xzu+SqeAG1M1MgOEKfUqdNhntlT3n5qnLcpbUQLu5So+Tbs3BqihnKh2ujn8hi0B6zBO3MpaArIgZz0tvh+VYvft/rxk2J4qAqup5k9abyD4e/JFRwhj/mMRx5MR3b/C1groEAvFmyAHuCDuHfnXFQrVFMIP6b/MceoX6nybDm3QJonq7ISe0beOuZDHAW+wdehufYeccsDq4zh+TtE3G0MUFjeydKfa/G7741cNBdkPcGVeK38j66YD0P3Z9pQkXoDTDfowwrnp0G/W1T6c60K9SCviS9/jlIOlwh+dnqEGMXSVduVIAmWcOxZZKk5mCHHn8uwP1cFVr3KZSsH9qxq/Rfkj9cSbPfR2Ja9AhQO6uFd9OuU06IKo1v+o6x4V/xdgRAwJtcEhQW4AULRvOqZyIw8oU06Ht7078rKryxw4mW+3mDpMB00lQewEB3e+pybgFbV1Mo9tLHgKypOHeTHNYnhGKvWxlddn0O5m5yqN1qRVvrTGmNmins2uOENl1GJPq8gJpCfmHCQ3MuPmbN69pkeNyZiTCQqQcV5aJwNXEPZrnWk1VJDW00+QaT08v43KZ8XNzZQ/qu6jDx61HeGy8D7bqxdMNImw917YQ/ct54VkEX4p2fQPqnS3jHxx3EFRRZ+qkpGH2J5TytM/jpRQ1/vtTBxwRb+GxNCHurZsENuyX4fLkyJTcag37tY3rVmwQHOrr5kTDhGrt+aJxhwwM3WzjqURnvv9XNEReFoGT8cryaEQ/+EitZJdwHa6un40mDkzzR9jJfnbsKxmAQdpEaLL35F0dYq0P+Oim6pB+NH2KscaxiDXuvmg+3r5ewtnMVFCgbgeJECd7XKMuX1tzl4yeXQrH/WNC21cPCDUkg73qHln6+BWu/yMN973W04NhrfndzNQxed8KPY+R55qs++ukki+MuVFGBxjz2e28OLyY7k87rVKz3aMfSxDd4R9sAvZ5vpJI6MbYKVILxI5txvK066I9ToLa8A3SttIXDJEexsc4Q/0h6R3XPT0CBjBP5yNqAvKE4DD4X41cPZOF+XwyNsh7EtzX3afUhOxxbLUi8cyMKhe1FW191uPYqkdaKvqa1j5eBx/n/YLtiI8T0q9GIt944U3MLfZR6DeteMEh6B6OUoS/32oYTtaeDdrkdVDx9Qwc3n6QrJ1ugqGw+13dJwtXqZnp4XxU25XtSRcE1KvkYwUqBR/ERzcD4wCc8y3c6v+gQBL9P8fD2ZwsVhs/hlb1+oJqWx+ad4pxx9CO9tBrHc3a+Q80iDXCstkELkRDW/dJMN0bPxPnf+vi4jR7vnt4P5ml38GTgHBKLAHC6J0K2x2Xg3lpRyBF9TWL7bCHs8ix82f2PPxz4QNnyN2lykgV0KreC0sbZuCQuCM2XF9A6kfdQ2TgaDkk40OAnAY6wzOTKUkmIur6PpLb28ErnxfQhSI/SNlyEvHWBuMVzMRi+KMDXjRU0tQehqWkMpk61RKeANhxjVoWX3wpjomswuhVl0fvTb1jW4DL49kmBWP837NgaC7eO7+Kzp9Nh37R4Gpr0CH9pqWKmiDxq5J8GgWQRGLq/C3+PbwNHow/Mtm6gbqHAGWYF4LXoDbnvF4UDO0ZwyheAZzJ9NHlaCo2fugZvGt+DX+//g9Vm82H98cdYIN1KL4IM8eVGCzhe/JFTLyeDU9UIfhaxFIYHetH+61PI1izkDW6irHRsB2xpt4KBrxdQ484T3ucjTOV+LfC6NA82VDzA/d732fSpLPQfWkTVG9Qh66YFLUh9B7/TgtkuXQBmeEmBjNk7KrqzD67Y/2WZd0to6wSG2wWl7DPswVZqRSAkfoVuLDqGMlfn0OKUJ3xCfRCDajx5XpQUBE43o2IqInm/bzBv/wEoWZ5FO5JjYXf1F+7fuJbC0uuoNFUPdKJT2HjqJvhqu5zvswIa8R80+q1NO/A7xmu3UM8RE047qg6LFzTQ3glW/DfiPJ2I0ILsAQNMt9Xiuw8HecaVpzBJ8SmFFivAn0XqcHVTDRh6t0JD6x+63nsUx3W9Y4Gpo3hvdyP/jdzJmfIS0Fz1gu6VB8MktV8cOG0DPpy4Gdptqihs/yCeP6SHQm7/4TjfyWCcfhrPpxHkn8zjF1pHsOvfYd649yV1Vwlg1eXNmMOTaWHmJFhvUASzF6nRft8BfLXEjYsHp0MlNPO+sI1oMTUKElKyOW+6LsjJZVNbzWv4uiYdA6xzocbrFZivbgC1W9dRSHQv7Wg+y4ouxpAh7EdTlcShrckN/vt5iO4bGfPOZ185HXTIa6QPbc23htjdY8DqWQvPVEzDzCdpLObtSYqfZ8DBcDXa+jYBa6/HseSSJfyqRROC3Kaz+QgTJuu5JBvzAlYtbMT+iT+4MnQ+mYaEQV3vCoqVV4RVDZksUb+H8tUE6dmCqdDxPpY9fOXZt+sHXH08m3KmJ9KFp+qwe0kDrG41oKtxT0mmu4fObjOlt6MNectnec6RuQinditQ+UtdiK11pDPtJ2H723UQYrOLpDcPU6eWJkxacZZap0/CZ+YhvFpLEIJe3aVXge1kd34lzP25gGMnLoffz39CROstvHHFGVLGhXKKhh48WZfHNz5GwIzXalg8PpNVvn6jq8fP4cGacoppaMIRazVIZbMKhN4/BKQlSitXWUOU6GeeP9GUhz4/g7ZDrVy0aSuNkvDA24/UQPT6ChS95gxjTWxorthXnLOlGJYtWMLBFrWw+ORlmmqtx2u3a0KLjA7y1lr+534P13iIYJPbHMiOmwDFIybT/DPR5DzQiA8WA6TV5FLdqvE0uPUu5i6q4KQaI9rj5wGeW7NRf5I6DZeexK5SAVBPzyXjqA8YdEgZld2+Q5bAcTgy04bKHJaB2pVkGrnsKIufFIKzMSVY8S+ZDvyaxdtVpED/tgNQ62wMS9vHSsbmtCHNC2/Gm8P5Uj+eprOBD4w9R2N73+ONLKRGqe9ok76D/cZdwsfiTAX3pEF6ohu4F2/AWPeLrD7WgHqXjqcg12BqbJEFg4MXISVdjJ+/kYfzFafZeLUsy/fXwTpvVWpsDQMLi00cbdeGozt2YfDXVTRD1gj+rHqIS/ROQueOW1z3WhlTNnSQzXAOTw4ux2ElDWoLLWINH2topb2kdDKc7ypFc13KQxS0yqck13BuODyP9wwrQcfVSTTprSTUQRNNlH9Ht6+o4buh2ej+9QSdf+LIK86msJ3lOs7Feu44ZwWyU23I8OchyHa4Svsgn+ele0GVqzZVbvwDYZ7hkGqpB3ljVWC1ozA8CheAZj0/+HBGjux+aMFVuwbQLVCH3NWhmKUtDFt+a4PPyu0cvNIWdFf/of6kMNwGNpxo9ZlfrZWgjt511PYykVaV6UNN6gI8YnGVg0ecoWLhLEoZ8ZACdC3xv/okrF4WTo4rnEjdfSS8TpGEoBOG8HbNCZbSOojVBffJW28/GX6roPBl5vQnLJdl/ceAo8NnlsqeBDYelzk3fhXeerYGlzWPBKH+z+jpOwFHe6TgiIsTQS8tjq8bG7HVAiP69csR851O8dXV8qy4soa9o59g32ANGqtNhrTGSURbunjnuRSq7FaFycZlME16kBOb/ajBKo18p0my0kQV+NzZBHFjrlOp3VoqeynCH2/ac/w8YWwy2kXl2p3UscadTPOmwBXVOvZOfM9z2qLgp7U9bs8JJrMM5Msrf8C9GRY0N66PJLWsoH3eREoZNgb7Bj+2vhaIrUoTwfF9EM0WK6e0nxlcXR/Oz/6OBGMXOdber0Lk2c6npi3ndLHNWCNfDMdlayG2aCKGlSjQoocMop1JcEE+nYZ21cONf968YVCXvmlJ8aHfLRBdG8bTX18i8Svj4POAO1fmqGGr2gn+Pv003TI6xyr/vcMs9ICOvR14RMiLYzYz6MZK4Vv9NLqT54l5mV/p5dZEvGRkTPZTJLk06CWYZpygc5HK8Hk/8sfKEzQEwTRWXxLDZ06AVaUqtJOMcENFC9iKx8JoAw3YMtGCTMdvxylnxsLkmADc4yGKvcfuUM+/YDpy9Sz6hFngTSNRaGgOgYB9tXRAYhxl553HAbtWdBN6SNkiD+mR1VjY05OPwemWUDJFG41OBUFn51lW3HmDvPrGkHrgPV59vwD2z/1G/7qHyOC1MUw3+kIiFqM4rSGBfu8EXCBQDcexiUNX7+Y7RwYhJHUe1Z5VhAeC4vCl3xmGJwfjU9UglrI5QRGb1/KuWeOoa1Y5avgfx4l9UlAnkUNDk/Mw+3ogvrJ+iip3Tejx60JKWi/Nfys+EbAFOd7SgcGp/bTm8xSyfppA4fs28OSKlRhX5kKCfV0cPDEKxDKkEXPN4PiaxWy4QR5/39TFl1vEQLDoBz95mQEHCqTo1pQSLrFfiAW7VGDj+3fw+94ClvxxFh2jN5LdSAd2nbkD92zYxVXSPhCw2ASOBjCka9zi7hpVfNFuSHvvXKLbk4VIx2QLqh/pg/iUh2Rj3kX3zuhCfYoPWE5bCg8vbeFqXxGUvq+Hp+L34Nn6mzy1pRYi9bpJvF8e0i/dAWGpZZiWnsHgXoyHdd1ZO+goRE1IhLM3fDjl1koSDR4POZ/FufhPPxrvLKC/P57we+1H9EdQlhKf34TrK6TRIsmWclaPgoBVAfj2zhYSri2kp/V7cV2qG/Y+z0TR7aYkL74GPXqS+Ei7AqxL8cXljmOp22sEfL6Rw6XeIuyXHo6nnez5Hf7mr2EWrGAiAOfthChVMJGK5C/wi83LQdBTC/adE+J9JxS4X8OAH8614jv+ahCkHIFrX9Ww+dV9UJSfwa+PXqNjHy0Jz9jxzcBL1LnqMHXhVDiwYwfIvYnHEpvD/IE+Ut6PLHbcU8zwRoxk1ptB6Dl3EHKZCsnJXZwjU4h9XXMoaoUrRZwXpZaVNSjY8wDe/2uAezNngcIvcdjxcg+lPdfE0lgZmDE3iT7dv88L1lVie546dppeRe03ejCz2ADKk50oJGU9yqlZUU5OHa3Mng+RJxNR5oIofZz0C3bCMey0MgVBigfXt2O5cWo2GgpGQeHkWBBq0wcoqie/5moo1DoEsfYMi9ybsCepHcyyIlE6P5dSPjeRYb0uPBntQe+sAviidDHfvDcVRHQVcee4Fzz10nH0X2gMB3bc51t1aiBUMkiVqV3UkvGJT24WhTnG+zHlZj5oH7rEPyc9oXQrLZTsXcAzbfK5ZaUpheSacIaeANg7beMh0bHgEC0HDx8mkKltFn7sKAfN9X100GAm661fx3HNorCu/SZlq9thostWfmtxFze1ncZFwmeh8d5tTj47TO/G14FomjYYyGwmZYd5ZE3DOGe7FGtbDfMUFSdwmdbOoKFCQQKXcV71CIjynAgxxgZkcuU7nAnbCzG3CzgwQBxGPbwOaqoN/C0gkEvfWMKcKDts9BaFWTO/48DKZvYvnUo6ddY8dybSMpttrFJ6EysH5GDtxBkkyjfZV2o86zoJ0Jw2c57yahMenXINf7+1x+f/fWUZYX1I2iIEm4Q6YcenszTq9j5cuWsXdUrP5TjDUJ4LlvR3VA7efG4KXqv0YGDNMM9aMQfE9q1CAdmD1Gpxi5XeNeKsMhdo9t7B4ktEoTXjDah+1+ANQ/GgrNlNLcvuUuPE76wzOopMIYWnmzmBTKY1vEt0oLjBSFq6QxwSPs3DJyyCJ09eB/yVyzdlppG3+Ri4fxEBXgIsUHGnoUOjYKmwMIwIO8YPh+w5q6CWXCdogj4mc7OyJfh9jmb7g7NR5uMxCMvTgd13a+l1/jPa0XSXzx1txL7jpURamtAttBw24zV48/ELxOvmwcRKGVLt/kdyy+Pgz/HJ2H6uiYtTDEFu5BA9aLQg5y3F/OJ2F1ba/KQsuQjq8A2gRV9DYLPQSR5cYwmvfzyFU5Wq5H7FkJ5kZsA9rQIYhFResecBP1g+j68PL+HXfiOgpewzRVYKUusMC7i+bSnfnWBPTp1XuTP5ATyqKOCojiB+vVkA8i+M5K+3vOjc8zbcoAU84+ouejl3PkTvNYJNA4m0CNLJd6QIvGQ1Pmxxho7m3iNVfWVKkTvN8msUIMkrknMtQ+FQYR953DEA5ZpPcNjekc9kGlHejU/4wuQadEQcIv9NHRAwYRQlXUyij+myUL7fiWsd7Hm4IQZGZ+8C19szYEu3EpbFZfG93FtwarkunzugCr3Wh/nPyTt0+24vWlyxhwOD7VSttISPde5j94n78UFZOvkPS8Ct6DBet0iGbYetcLzCXhBQ14GocBcaWNhPEmM3wqnqKnz2XB9u74uFxK5u2LzGkLJEa2H71Ax4uKOYtcZtIZHGZLpxOpNXXFOCWVt66fH29Tza0ZeDWxZh7ooo/HAvEC4NhMCuSZE8Oq+cvsZLwi8BHyxwUOM3vlshfmYNTKvYQMsOjQMt7cvw6uJUtjC5CcW7lEBVeToaZmyno/8YNhno4t2QGJ5l85pa1pTg28tzYP2MZgg9KwQutiEID8aQnePQ/8Tdh0IIihoA4H9oKEWFUmmh0pIGFRUpJIlEIZEooqVhlBmhoiKUQiiJhhFFaA8VLVmVlRGFQuU072PcJ/lo1clLvGzmVNzdFAhpUk7QFd2Dz5sc0DOSwLdVFvNDAKeKiKKfxn1eMWksftBXwnyppyyYksWHzYbxyVpDWNBRDZERuvif6j5QcvkC01ODWbBhPuzeXM6/1ihxicAK+HyFoL3hH65InQ+JhzM4d8oK2Jtvg1O22VHewp+oVXuUnLTGsxqZwCcLSyhoicfZvxuwKfoez9W9gv6Hj4KDohq9TLqGtcYv4X0cAs7vpA8eDmScIIfJ6g34Z7UmXM8p42MTjXDskBc9TJrGuWLykJj+jCbGFVNr6R5ynWTJxQlPwb57I0yf2cHeD6xJp2k9K5VIwoo7ijBg2QMvbKag7LxfeFJ/B6a6MinNNkbzaTPwxPBr3HzNGDLGZNFZn0yM25WEV8oWYeFnC86Mb8IZ/V/5eG0l8s1KzKsAaGmZzdv9xqF07Gtws8jiBQmW8F1akqdVyML1gnC+moxUsnYipBbOgu0u8VCkLc0uTpeANwEckn2Fu3fJgP8XS0pIc+aH80yhb9lPtFReTJWConhYMwxVT55C6R+FPOonsdLAMyqU+8rT42VAvvEMnzFYTm/dlXiJ0AAvfRpP2l/ycKHHJTiWN4fEb5jRnNBxIPlmENWtbGBb0wlSKUslz/5mmBfbjnfyZ+Cs3h3YrrAHN09RhGjB+/xKtBhfxN3EFOU/6D8tgZ+aX4OAFE/MfL+KdQy7IEFmOrQ2DqOdoAy/6kvFLKc8Drc05SdKHsAsw9VJt2DBvbcsPKwGJaGOKGxxl/eHHcd+rXWwrMAO7z7rBJ1DuRwh4IdFnW9xZaMmmNgmI0xaQN6WiyF94im6sPUIr09exb03isHScQms2zzI/0lOgviEfBAZ8AJdg2fQkaaLEb5/ydwhGuxcXEgu7iE5DF/jr/tVIUToBJhdG8a/ltG00N2OimIew50z5bhatRZe01U8AoYkWSMHdyM9SHBxNV4JmUZ/Hk8FX7ld1PcRaG2kMF5/0YL+C+1IN0gcdtu9oPOrVTjzoCt3ZZegT+Z6knsliP/5P0Gv97qkMvY4RuiNhBOfbWh77QnYvtOAj0x7RCaxs7DshzFmFq3E514P+fpMBWBLFUirB9olYYWZhjn8vKCN5vyRABeJH3TlTjKs+t0L3y58xyfyUtBwIpNnLu8BWrib7kudgbHVGWDzTgBWnXhGeFsASsOk0P2dIAjyG25MP4BaIce5KXQx1KvvYcwZxUIvtoDNe3tWdrwJ/0xVYHeBMM4qzyO5UbIwUeQFmzxbiYmHvCGyZhqvsO0hHVcltLliAirC93G69BCtbHdmxd/7WSf7LSmn78ZR+U28/HsbXHAxpakSIjDzdi+UiMqQ2khTxA471hw6Dsc/TgdP8/24wdAPl5XZwcmSCXAz1A7C20RBsVQJV0SUwDZDpk+uiGMeZMBLH3dqmvyU+r6ow89LdSDh6wgF1c/opcEctqvthBTLTzyl8Rmh+y/SkFzA5Rkz4IzoHbh+qZx1Nvhgz3cbLi7+g5MC0pmvLKNNS4u5VKuRP8XqQcec67BAbCrbT17DfgcCaWfXTD7oYAunts4g7cDfWP78I82tFoSi7q046eoJPnFvDV09+o41t+rhJt1OTnVciYHi3/kjz+VpLuMhS/YjXo3eBssya2nhqi48YDeL7PLbqS96IvsvvkFjIm7y+REasOyEF8tss6Hg5B/kUz8BtDbUkcCKKFRNXsXRylq8qbKArSzMoBwLcDBdj42qPoHb/H903XMEO1yOwY/aP9lTSJE7FJfT4Ght6M2TBbu7dXBz/3Ec7GW6HfCAK29c43C1C5R98TROOltG/5YogtG5Ye548QHSN3vRp+UvefvyTEyRbMB1T7bSZZxHb5slyHqJHkhVfea6Vxf5b7Ep/HY8iIUxCtjdfxN9v6TCnIPDvE7Wkg+dmwJ9Zv48erEASVqnwQS5SD5ToEIXlr2AN47mnPToInkNmpCJnwTov9hAwc9foPGtw+ijLwDGErpwYY8tFd6Thm/u96g5qJv8hQ3Apeg4ybp3w82kySDkfZXLdgmC82EjMI7ZwGklXRx2XhQP3BKDaMd5kPanErMWXYHDpctwwp0GenPHDPxN5/F+XWWqq1BA24qZ8CnZmNpf3uJZR0JofvgeGPjkyBOXL4Tw1wl8a3kebpGWwhZrY7h//zIVpq8j72uzsXzSEPXnjWNVFWsOKPgDxo2y0CV5ApV3jwGb53qU5+/N93cJg3zcJ0wWj4QwkyIMM3dA2387OPdrBvn+kAPxa77slOwLvncc6LKWPIt6K3OrVjb5n9RD7bGNXDw6kU8LKYNcz0+M9AUId3OBuOIMXNCtSmc3x7OMjig9bvoARV8/wO3aUVB3+Sa83kCw01yOju7Kg0XjnWAt7qGHxdMo+Iw1kZsAX87VgSSdX/Rf8FYWsXWCpoB4VsyPofqj8RCW9JHW+Y6HBUMxeMV8KnyqKadt9+7Deu1uHKpxofcNzvxKQgt+u++j1JIiVtC8xOcCzCFarA0/ZMzCy59z4JtzFfynvwGMG9wh8JQTzz7I8LTHh6xVBSHZRwgHldvROzYSTm31xcdbjVjmbTXP2lOFPnMdwaDmFD9uVAKXinf4PrSeJD31wV9kC4wQ6+MHciv4pvwr7j43FTdqV/F9cWPIHdbgs61NWGdxhYb+RKJc11Ky8i6nkRLx7G58kRQyv7LBT1EQzvwFT8Zm0fO/Eaz7bz1q1I+i5EOXWXb6EU4IG8cv1d7iyRI5kIhNgo/JUTRhZzcUXihjlVP9mKEkxV7LlzM6evFQ3RicPGMkDKrXwZj7lyknvBoOyf3E1YMS9DTqGeovzoXy8784x7mb8ooVIDhkJxvcLAQJFznu/OUEcz32IaqMoF/Rj0F2WwNpXHWA+ENTwTPODH3EPvPwMRMeZzwD3pA92187iCtFXoDr5GVwVWc5Nh6VAJWqBGjfpMiWgifg19smehWhivFDrrzC9xK//SCEogl9OFFtAlRQLA5flKRik0N491s8Di2zY5ymDJ47ZuLST/Vo9dwd42sMwdi3FkSk/rLQ+WQc9fQDjFPZgHNdFjGFPsbazSe4vbAPb8aZgHS2CW49/B1G35lD181ycPtAG+rNvYcml26iqVEwr7TbyAb/DEBE8j9ed+cqwctm2lPih4rXuvDZrZFwpTYS18htxpzP2/DeCHOQGI4iy+nxPFdwG98v+sx3U1wAekJ5bIsGrNLK4d/rV/HjKbKwMnUZnqhQRZVNX2gOy2B7XDA+fWRLHeXGOJgZx2JFMhBeog3e74upd14knOhogkG7Tt6cXIwrbGN56cUivhGfSTP3SLLlXH0oKvxJGtEaaJWqg34uh3j/v27c8eEwHzgyGs/9eszde3Oxf8sUuJ0xg88OWLD7w2ektXQymemnw8nKuagqOkQnxzqQ1/L5YDtbH+oFNnPDwgF+fuwZOcQ/hscpnyjQ+QZxtzr0C8nwk7oJvFFNFzrXfuGT4ea8s+QyVz3WR1KQoXQTFbgm30EHlQeooj8a3meKwa8roZji4Y+b9txg+wlybH/oH4ss6EQpyTs0JHCXvKRbYJyyMfyds5RcvCejlasmpH1OwVLHS7THpR3l59+iK9ef4DSLE3AzRAvGz/xCL+32Y7SZDabZ36eflgM0T0GXaJI35e2Nh+dr1uHL9yNBxtAXnkiPxwKrR3j/mwq9SPvAc3Js+VcmgNS7n3jvjhDlWc2GlzbtvCmpkEsq30NPxiO2fdJNAUnXIeuEMtueUaNkh2KMWSsH1Zra9HOGG6QJ20OVeyZVqgawa8t5GJHcClHhf3BjfxAtKFMFQRtdHFkRgxd35YHOx3ugrU30LNmb2lZ+JauyySgZ7Ant3yQhvusoN6V14/PKQdjauQPcPyjj71Pf0C6onCdc2kzz1V1oRbguaJ7SglnZylxhIkj3tz+CqV4/uLnZlXRlWtlxPVO4/iV42KMNd98F4JL6ENbU3sfTdQ+g9ckimqL+hi2KMzFDcBwc1o3GB0xwLMyaw+bJYUy4BruGhbJX7hzQ/v6NpkgshnUHM6h/53GI95KETXsPks+zDfxE5RLk0Vfy7z6IGBrGMX/r8W7WGHQsuIgVK03gKrrB6aRFPHAriKM2a5NTfDuk7h/mhiMmrPVTndwFN0Ke12j4eTsa2kuEYMn7daS/fgBXHxnLJRrBIDLwjsGyHj7ERoP+SGWwLj7Fzyo2gER1BfR/E0cxdxM2XXsfxmcF4N/g3Xhe2grUrkiBWvIRUJerh+vn3OBu7FoUFt4OPw4Mg9Wjbayi8osbTz/C3FgTWLJCGn5oyoJjajruu7ETfmyuoU99tmC5IRxi+97hb38vPH8cYaMC86qE3WwbcxQmJy1GZ4dIKJ6ykJVPLSIDhXjoM/tHs/00QEvvD6S/PYe/Wv+DowFaUDd1PUWdFuFBnT6cqDSPf8tMw+M5WmA15Si8F1GBTXNryUauCkcKytKUXWIkubCKbfWySX5rNig2TgLvlHHwTmcpHxGJ5HIFZxb/aER73/uxkosXBcwNhc4NOyA50RzeVXZQk1MH1+xiWnnfAi+oTmFN808ktSSRP5YegusLgsn0wzj4a78HJcIrudvEBVRUN/ITVX30rXJgmUv3MGpSIC+Ir+aZRYLQfcyE9L86wuLr6ai0aA70DFiCWJsfZUitQc0RS6BM05zGZauBgLAcfQrUofb2EDj47yqtirJCn2o1iqslDBMOgYMVjVARowe/IqXBvlQE/gSuAKtmC9zo3IYSbh+5aOYJiMtchh4C++G2qxCMzptP03fHo0pnAqaELaBMv8mwbeJ8Vtf/zjus3tGOVffQ+ZAp7FT+D03m6KD6mq3YXFlMG7VeUfWeVpxWak/xq414+eNYdnOfAEWGafzsXjtknx8FHru3gveuAiw+Y4AGVq9JTsIThlpP0pFQMYh5EsqGVmmwd6IhnhvejEJBnuDvocpL1t/htugM6gg+S/N2ScPhRXPBM16FftRXA14EOh7QCjXrI+D4xtXgHv+E7l2UIkfZaVDxvAYHnBJ4uZABxIofgbLPtylKfB5caJlK09aWYWNwD8s8HwcFlbk0P20Y3v43Bn/MrsAKUU/2VpwNZfKOlP1Uhg8tiOYx7oqwb5okxPJRqsr/wTLP7VnVR5FNi8bS9bPyLFb/lnddvIQapVqw66YEJtwo4itZbfSy4B6UjinmQyOMOW2iNxSO/w2F11dB4ApT+DtyAtfdO4ihl6IJFXtA3FQMriuehXmnmiB1VBPekM6EHRMnQuS+6TjX/QDZBF5FHHiCF2WA+/Rvob/NLwiP/Q6Lp36G99amcNnvH502qsG6rYlwZqiUtUZuhDer4rj3aRCF/qig/XNP4cF1E+DxpVn84a8LT7yUBb/u38I9Rz7wrCvruOzua/Id/k3mi6ZCVJoRHN3Yx6rZRPe/OXDCmi1k+Xk/fVAyZjudFejgmgOHW0vgE8tC+OtzoKBZRPpKivj28H2qLXCDUflT0K7vNiW/Xwqz91awYoseCCdMpRnBm6hINANO/2WM9J8CeW1LyOcIoHv+XNg9/TrOspaFvDF3+ZpFMwVubsLIfz/YJF8GWw4d5qkaMdBaZQMXjoXiVV9xCLq1AmxNj8OVzy9pziR5TuT56KpbSKbhC/G5RT7fn6mKm7YLw5YThbA5pwKOT9LD/x6H8IiwPSD7qQu399+G0/rPUTpyiEuqtGCF8iSuSN3DvVNS4UpIGT6iPC7ccZOwWRoy5H3B5YAVdwfLw8wLRzj5mgM53HPAO4kuvHGFIvdUCnHC+yss+v4AWSr34t6cMbBT+h26vrpFIeXh/C2uH39ldoP/gSburdhEV6WsODjtHl5/bQa3h97QPOVyeHu7FTxGqdDJOi2WOrAVY299JJ1Zb6hQ3Q/+/VSGcQo/ebtALW6pF4fvL2PR+9INUGu9zB/jZ2G7nylG+8ly4WczODK/FGhyPWZOXAldJ2Iw3v8UvV8uR3aD18BA3YPW7GvHvUq6kPaggbYpn6ObbS34OMeGOxMNOS3xOXRENOG49q9wQP83LUkB0AjrQqft3RRbdB1MtAC+HNwKFzaG4s7y85h6dzy8m5QDEYEC8DWwB2aYXiGZjHFc0i5HE5Z8xRt/XmG2fy3YmTaTt/U6ML+sBB9bNnG7SzKfOhVIjktFMWBHDx4JHsv7PIZpWHkzRGkmgGWfPpDNAOgtKofD2/3A00eXdudMoOZ2V7Z+uwCdNXs5Z2s9bVqgDvPkl/IfmUh2PauN+36c5KfTrkK1ziVSTTXjipxwqjtrDD7rtCFuy0V+uHMNHXiYQSMEf4FXQwxcnzMA6hvfUOLj/0Dxihzo6euBzMcIgskSlF4QAa8/9vAYj2XU1fAezTzOUaSTCkWu2oU75kjC2jQfmNNoyNNdalk8pIviSsrBLjiFqqfbQH5xG4WUneDABj2YN3I1Pg2roo2Va8HAwxMenlgC8uFmHFA2miy1tChZbAy8L5eDsw8Q9SMl4VUiQYrvBNqwUx0uir2DR1YZpOETSw6dkvB1vBBkq44mycBOkPy5nPZfaaHWRdH0sT2Ck+2rUGPsao4oUsFH65Xg5PoamDOwGT3iVsPg4EK6vjgdWszSSSxxJZzZLsdZM8MxSVsIHKqmYJXLAohX/gNfX9jR8vF3SHDsb2b996z33QkWFwvinRvjwWBrDXxQDKDWie95jNFfjF86jh68+UXW7RUspikCUx9GQ0ipHITbFsAVnycc0pbCrVl7SePVNu6cMRemLHsEa8pewL6Ja2DZBCOoSBpE9zffQFFCHV5phNGV0EDY8n4jX1/1Cx629XNAdhvMT5wGT3d5s3T4c7K0v8tqM07C9uWLIeMMgmjcQTr77w82zvkNH1NFYdz2fNI+JUIZGy7Dzq8pEF/rDuN/B1LW1dNYLK/Lzk2voG1QFmJaF4C0fguW3/eEPQtekWzqLv5y8ggPqP0Hy2AvZO5rpt6FBF/mTYDLaccoUfgoFNhrQJfYSeooKaXcJakgV+YMJ/4uhcOtqlBwo4CORc+j9ooilB98AspdWbBafRX/2P0Oyix38ouXamzgPw0KRwqRs1QfC0yfzf3BUiScKwTfw2eg2f7/YKSYPVUN/ULjHXKwaN1yWDQ5mG5vtwfzhXEkGvCAjES04d3NcgjtuojHTsXBNgVVCCp5QtG3v/ISeknXTB1JqqIBRJrUsLImFDQVtpCAVCWnLtGFD/MHcbVCDqb3r8Us82kcKJ7LYZXKPG3xOVjhs4dTTDtxz/lJcGShF1yz7QK5H8qYcX0TnA/yBGfzDLArbme9PY6sHZONUkFm8P38ZFpjU4f3ij7BWxMH2i6AuGSRPg9vWchyzb0kvSKAcjcLgWCVGtgr76eDUTbktvUDJC2vIcN9I8DXbTlKHL9Law6n0S8WAvvJC7HPKwcPvXtPKqdfwZVzFnzJppFC8t3Y+HwSbZ9zlNovCENreR+JVUjAhOBaeDhJnF6v/A2bSyJhZEAz1x9XxrVvl6NqvQp8FrtGI2ra2ET2LrZuFiGPhFm4zuk89s7fS+eUmYTT/8MLFUbwauA5t1bUwdzXkWyb9xsadJppwFcGVEcK8JfuNvKLdqJjS2bCGelWUDM7w1Mf7sI+vXP8KnYG5H5aArYLO0DNcRj6Ks6il7sqUK4QJ6ge5Oq7GeS/fhy8EzZhAXMfwIo/OGbDNlrd5o6VpRPhhrUe+e9UQWH/aLzk+w4Hq0fi46FMnB+WSjJrt4LkKEfSXKwEru6mcLA8k4o5g2d/9OTdP++g8JMuuFXsCVbKhbRvYgKcP2gKoYeOkBGtAet9T/mfUyayZxSn1UzldIPFfCP7HcUa9sPv+dJwWucjJ+vrwAz3rzRmtSi7vtdmoz1j6PGlfPYxKUDVgWSSM5ADx3fv8FiMHtp7BJHHXyWa8fkNith3UbzAITqvOYtE4qdCeIoA1GxIo8Q5khxzwJfsynexS888CMocgWHTK0H9mTcOuTjgmmgzMHxwi1QVQ/GbwRuWnOwIRh2b+NDlhyjjvAmsbnxC1fhRmOQ8BVo+jWSfxSrkoNmJp6/9xZzUFzjZSIP7bRvpU8EhXre8GyNtBUA8o4kHG91w5etz3Lx9C//5sxErk9IxL+Mw5dv3MZ4Mpz3/BCBI/hsLrt2EoeZSvNBHiXqNz4FRzQ1MvROJkzs2ocaAMQfONgeh6MO8bPx6CitsoEm74khgxDc8vuw6Hn2wF4qOHAFnkoH3E2dD07jveLu3ijxmatCW8EtY0h4G5Z+n8NF3LXi2/QvM1hTnMw4jYMbxFxgxajNOVJuOlQoGmGaXC5nFDvR44wDjlDS6lRTL03JngXhWPKQ5BvLEF+YoPgH449fXYL3tN+75z4uWydqB0tjRvOyROBg+H0di1nZ0KVCGM15bs9VjFUw6EU1FurIQ+2077nWVZ3WeCSU3Vdnq6zy0On2ZfYv3oW7jQtp4egYUl/rRu/6xUDx1CsbOlYfgHn90d9nCvq5ytHOWK317t4TviDlhXutmcJE8huf+2OP6RZqwXN0QO41D4NMmdZK8pgHz+pRwtPsdPuhrh1VbjFlcuYFmewK0u9uT289r1P7vD5tfG0Gqq4NwdmkdPOx+BThpN+0tuEr6KoaQ3WHMVzozEXeK0u62vbTYJh5MK3ZSicxlFut4Qh+jtrLA+ZFgO30zVmxyIY2lAVQVEgSd+WPoY9gL6Es7C0njPXjZaHXMNteEnn4VeDXzMDXGl8AVTyeSEzPF4ihTsrrVDFty11HM9NXknSEInxMj8JT+WF6rVYd6wk/RSdCLwo5q4V7XCP7laEnPXFVoZp8uRC70BGXPMs5UOwfvLEeR38JX/GjnX1aNF6OSTAu41/iUgiZJwfx9Smz52I9iBK5Tndd/JL7FmrfgfhpYFMI2oaHQ7bgA5wYLwHeV2aS68T2ZGFvQjewQ0Jrhx2HB2Tgu3Zv/TYmmEXve49IkM/AOcwLlxZKsLNAM3dYhOK3nAVjbzMZ0v0wISl5Gs0U+c6i4EdgI/ICEHxcgaPozbt4+Gt3Fe/CyzllSLPxLCoM1GLBtJAa9UofP5e9J9991XJHcx6cfKXPOm5u4drY+7JkygEuEhrCs7gDsmqkHCoq5CCGVXLCwB4YCAEWaBjikK563xJvw2O91cCoxg4dSNODGJ23OaYhi9aVryND1D3+Je0A6bpZY3fKMmyfsplDdZyxwRgxEzhbBpIdtOLBmLL1ZfYScTwvSqYv2vNTFg4MWt2LZumrKR3OQHjsWWvWHWORYOl758AqTdgSTq3Ic/ax7Az8DbJH26dDaIjE4PyMJT6bWsf+R5fDQ3AwW5gA90jfkLSqaXPwuANPOZqHNg9HgqbgH6tWqONb/NCodvIMZdX/x195HpOsUTFP2+6F58HV+mq0F6/zX0oaMNCgzfAtXqwzI50Ej1CdGY57FZ1jkdhDPisWT9bnxoG7uRBstbsHooWLQ/S0MsVa36dYdJ257N4zh0c85cEMwCeeOgb0pb0DmywO6qVxIW5R+wZSXy7B1XQQGz3hDi6MeklZhP6R/Rljd3MPGe37xn9HHUDpvHRR3O3JF1XpwqprOBlka4HfJBI9umAWOmy6Q4sWPsPTRR9hgXYf1pgG0Ik4H5xgcoPx2bzbf7sFHXaTgv6EKGhc0GSceMKSl+85RJx3jmJN/0fbBJkzZrIB+LXdgQepEmN55AcYHmeLcvJe4NHE83N5uysErlFmt9Dkv3CIKvc2RpGBJEJTwECYr38X1tReo7sRCynS4znknV/HKGQqw8OFqaugdDQpnjSHxsB7O7bjLC8uO4qdlHXS8tBiVew/AXm8ZWhGlBH885tH6N6bQNdKbSzdJ8pvbJ4jfreebjTKgva6VPGKm0A/TefD5YB/eyjADy9yRlGh3BfZ4S9K/8Cl4ZHkoqi58DU/rB1BA0wAsYuNwzHwpqMYmbDZTwNeK4mBzhPGevDtZjP5DwmcWYLvaDTT2roCSzVNBsMsQx42V5+atxqSoL8pmjjf4xoAbd//4zMkjLKDtiwpM360HayTuY9JaDSw0Rn5sX8X21dnQ/FmIIpMGuDJiiPKWu3LqJ11QqZ2C60/W8nb173Rm1n606DSCvsutZJfaQGuShqhjRQ+/TxGFwPHeXG1hgvJnfMlZ1xiSyy7BK8Vi+NzkBcceOdKqu+Mo/7+RcFbCEpb6+KD/F3O2GCeFtQ0zSSu9AHcNetLxiTGU/GAS6TdrQ3nibr6wzYBfyDE8DflHm/QcqDc2A89IS6BRTDG0r4ymBHEhuJ0ezJ37F/O2mJv896cpGg5W4/fNnjynMwKaDkng6rJwMlAcAYkv22CRji4pP1gH7lZeFCC6A17PekaGgvrw1MGeX2ZKwYH/DMBALQrjEvShdkE6NTXMwZVFfnzjbClGWPdRVb8AbahzxQvzjCCtQwZcPY9A1vGzdLPhMN70uwprWmRgROQ2qLKShn+BFahnPwUCpWugoLoAsk65socngfHWvRy0wgb1Lm6kgIfZrCtTzM90hMBmXiin77WjmQu1IaR9D6qnl+KN4UhIGheLUZ5yAHvsQV9QDV6PkkY5i3LMalrAxROe0MxHupBTuYBfFjbArNv+fG/jV9BUEIDu5NkwPc8TxnT8x2PORvDnU/Ng8oZmuv1vBi5/Yc9Ndifx6LQJEO0tDhMnZFPC7ABa9fEiadh04tTrVbThMmFY/X2Q+XKIk93HQ7CDHCu+NIZ/m+bhi5793BZThyHfXDk/tRsufY4lxfRs3jpLBbKmK8HMGRNhd+cBViy4RNt6RlBRjyZb3SvgvVeMsWujHy6IBnhxcpBw1QU6muLNbhkKEJacyY6ag6DrfBMXFYbgRqsZZLZrHFybmY5BDiP5nbIkbVWawXOvJXPiIeb2nAS8MTCVpf0aoFNLBnxejobjt6SpSW0OtwZE0NRZwrDaSRGt3nhDUs1t3PrpIry9PBYcJFvByegYTfzYTi+3PsEF0ak4xzQEpCT3w5HyFipT9ySfEBNQ8RRmv7ZxoL4oD4ueJXL80G/I1rtINmbn8Oqz7bxLRgcUxTQhzz6e/r4aTbfro+jp5eMgE1WKvxeb0LZvVixooEKCbsM89sxMuOUsyFanmnBoqgMXZgpx2PGlFN56iD02TAWHKfIcpjIWglwYWtR8OFg/id/Pz4emHG2w5nDuqo/FmUrNaFS+C/RGxkOj6ijwTCtkpdZWKk61oHn/WaFxiwMdlAkgxY+yqB9tSNflZ1NXhTxsam9iJ1sxXikJ8HafBYy3sMO6YANsThAl1fT3cHheDNmsmA31QwO04Vc3uNdW4RpfS/pg54LXXtTD81JvEIMqfLqpmDUzCYbV1GBJyy5YfTIAH549T9qfDtP+6m6+sXsl1Y/5DatYCiaH60LuzSRqPpMM+4ZtqSP1H0wXnwIqs53IcstCyHRzR4fJmyHecQR8q/WGbuU6Omg4hGNUFeBd6XN4Pd2UK5evIpna67xppCtsOyABXyAVTTvG0GCdLqcX5ePhJQX0ocYBwg+OZLFb/rStsA98PKfDgewezF9uTpZt+7DBRZzeje6lCUc+sOVbJqeN40mkQhiPisvBy8N/MLFXGiUF5lDCvw107p0sxlk08bvxxFfmXuWZSfb0n7wm6Gufwj16i+BkwgeQP7kD7/idg4dW0ugTbU5rus7yhPkDmJ8iBZed60nGdjVbvkjh5Npz2Km3FAZ17pJyjRkP1O0Au62noNBgJmjp58O1FDWWTF4He7RlaPaGCdR5TJ3c6vsxcn8NjPGpxpLRUjBOX4TKNhfDl5f3YHvibPb/EQdSwWI45WAOOorbQOu5LIwQkAVjF3XOdRkFH1oewFBeD6XIeKPz79t8N64ZBRQ20JMd9yHwnirErPeh7NR/fPbzGugOyuTZrups6wmoh5bcNSzD8PMvLhuBYFk6lez3jQAzs3O8LFeb2ifocOhER65wHAecvIKmbVgLXvkj4UPUe6xYxUAuEVgaZ8OBTz25+PhufH/QFm4K+/LU1BnsEDUWNE63oVrxNryTr4NX8vZxlfxp3jb2FtU+daF96Yp4cJUb1obJwMxnzrRD+h4MRvjigSMV8GqSAz7YsZCkXyuhxrTVBCdH87lEBRg++gC63oTB4yXxKP3yPWoHauHI4mCaIKfIOtP68e/ym1g5dhqsnzAKltREUuTzvxBbUE1P18mgq8wbajNu4fO9KhgyqpL0WpXAv1wA+nfG4Lyek3xZoYgMKreQ6dT3YBs6CZ1DhUnhzAnwtZKGrn9R9OdzNBx+VAq+R2ZxRshSxEQp9teUoZSL6aD2WYSqrBRB2Hov3BcOpIz7dlB6thq6Hg7zXZO99Fv9NOeW7MSfkQ10WHwWlI0ox6gxpfyp7R09rA7g/SLOrK6QxMG+QaSzNYn7R1XCjdWyIDb4jaOzLoDp54Xcq1INb2VPk/PWQSgqOkOXUuXh1ihLPtFmBq3HLmG0pii97u2CtAly1HN6M5VsNQZ5zbHw4FgH/8Ct3Cg6GqCviyxb4/mWsyWK37bnA3uFaITnFrhi+RD6VFtwd2MOjlbQBgdVMxoOMISgGX1wf9JTmHJYmjr8LWGn1QN456SP417W8gi98SCrkojmh/uofPRc+Gx6m/e/T4CLu9Lh0eOLJJd/DO7YAfue0YQHShq8lXdwVt44enC6De6OcsWE502U0dnGLn//cXlECeSNF4K9Yb54qeE+Lz9dh9u3mROnj+QLce2sqnwTKqNOUfWvGgqbqgy1Q2tp/7JLUJKZgBfGvIVTY4z468ticDDcg8XG+jT4aTEOrdYF9YBDmPfyJ21uSIELuzewfbsU9q0O4oXtvUwn3MjF5TwuE5SHHxJH4U2ZFmRPacV5xQqcMfoPj1RMgyLpu2T2O5NN3X7SjoCpIGp4G+78m81u+uVsHbybZDpraM2t/fT3hyKP+F2J+OwYHDmsAmPNH8DGJVYgpCzPY4d70WH4DQSp3qUBQSMW1hpNLxqc0PsSgmT2HLT1Aqq/W4LxTg2wKuY9tDQF8h3nEnQ+eY9JVhIaPxpA8gYZPv6mBhbOq0V3SQ08HK5EqoaetPBVCzzpU4QJUzowK9YQxvi3YfJTByrIjwCVd/VwY7UnVHbHk/u03eAg4ot3pWRo23hxyOg4CpNi7lB9tj1NF9LAk9MGeJZADggrVvKdsw7sfsSUlympQ6WLEcWUbMaj1+NZyX0+P9uUQ5MniXCAcymiyg/q2ldHfmbjwfW0NzsulaRdjfP5QhKxgu8EknHOI3W/HH7h5IWga8vZseNgwfMneKnvKMim5sJCsf94beEcspklT1qvZGhOTBqe36gO56bOhI/KrhwXPJlK/j3k5R6XSOKlGOxaZIRJdzvw4akHNOwygXd3ykDha1GGDAFyfxgMb29spu1/h+li3zu0sPwCo3TE6fTr7SQcYgideQcg2HAIhU+U4O48Kz4hXsAKZs2UVz6dFQouU2tTAt4emgIK2xah1Isx3KdoAlOqrgGnCYJQ+DLe1yAIRoYOUCjhTjd9xeBjwQY8vXMxbpzXjSlCmeDf5sTLRDPwUmgo5ZgHcNuWHZg7XhCkl57gEaYOEHPnMlgvagL734NU6TOFMiRD4U9QIQqWfsWnZ02haLI3b5FdAKeLRbkx6jepJX7BKD7OLxys4a6UMQ+WXwETWxn4UBGNIisrqWDvbzQuiMWVrndZYrCflnzYArdECzH/uTS9ujoabDWz+d/6AZiyzR9WK+fDc6cy3jJjKsge8yTR1cgvhnbw2MlKsDEoG0tvRWFv/A36CXPhXOdxutOch81tJ6nCuh9DxFeCooAsrLGoRNeBj2g5qY3XzzMk+u1PXnaJtGRnCh02+ExpAg0w9shsMIgJ4OkrdNHp8Wf6uukftjV7IUlXwP518jy3QpxmjGvkNTnToHnOCH53zpBbjh/BJ86VlHDYi/pX36Z7c/+y95yJ4LI4hq+WzAK38BH4Nv40dJjYYM+1q1xbvxPBYgiNJWaicUw51fsdpZQ4Y+j/a8Bm6cepoUwABj30sfbIQSh+XwOVm0+g94w4GEfHKDZGEEZ5PKaaUBnQu6BGpsV7qWRvFSyb+ZP0JCUgPNCPVn5eRc8qR8HJ+g+Q/egZhI3ZjFcXrIGA4vPg9j4HLvvq0dvwC7xcOIoP79OB1Mg33JkkDXnz/ODvtgM8RlSbrusux9+bfpOYoCZKK42HJ51qINIdhZfOyqPGfRNM7d9LuY1LeL7aSMiZN58WmK/j20eMUNlSFC7G7QL1gCFa0NGG0rWnma//ZOv1xfD9yQOa9CaHvtTVAMSOgD+izlwY24MX5XfCyJHa6PA9BBaf+YMvDcRg1X0T2LFoGWW8HwNvZs/D3V2p8E0mnwUsLKguZTncuvqb9OVSMXmlM/qYtdKoFikYt6qPJh/3onT7+9QUfprkVS7j1Skz8Z5gMfSrfUeL0hXwafIoiBpTyKqyN6hSTB9fbNoKOGcH929JoGQFOXozageUi7Tg2beCcKhsDCa/vYSmXybhrvowzJukwLr2azDWTRjy2k/hV6U3+KtQBHaGDeK1hN90PUkGMlVywH7qHA7o+UK1QY4k35xNnjNbsauTQU07guy6xlF75EF22ZoD+aJmsOjWRhZccp/CkhLR2Pg1StsYQteT+9Qc+QHurnqB0Q/cQb++BeueCGGh6BoUTzSjZ7lLGb9PA19DMWr3WId1O4rJQtOPm0bKwscr32lx1jq4VhLEigM3WWGDIpyVqsJNnSp071o28/Z0GvGoBuZVSdNZ70f48twevOKdwG61uuC1sAA3qy+BA23fMb7eFJzerKFPlm44UDify0rFuNH7A1nmaMAXaUko0rmLRi7XqffWS97Rbo1004KbYDN+9HmNkx/38NRAKbC0GKR9CV60+sMOkI2QBK3n0/FdzAPQGeiHbjNTCu99zgq/JOHBo19snVsGycKXeMWAOB7MkwMXlGWtZj0Qi7nIX+PzaHHrTFjzOpkOnmzBvg0NlGAwg6dljoLIShv4GiGCO+3e8/cndiyjNh6kMuehruk8EHlyAhZ1mEJovAYobkgAmYBjNP1mKizxiqfC4wQ7GzdwwM3V8EUuG1JGxJCaXSsmVTlS2mMbMPeehOLoQFtqx0CLRBHHthaz1ddX4CL0A+vDF1D41mVYseIVajz+TXcCVFkzehpkiQbifqsGvlmLmC35AevddMFwawuFWhugEHtjcYc0pCwQBamdC8jF+xWmizzBguPi9Pu2E7yZkInVf8N42oNb/EjnA5yOM4Kd2ukQkPWIg3RbYM7KEl7T8RO17hzB0JZUDMh3xokKUSyQOwkUnaRpvM93LNmVBpdTdNHi/UlaXPKTHquo87hkFeiTk6bb5XoQ+vQADkgtgZQNFVT4+RbtCZkDBjet0H3qR9rfdYC3Tkyhnp/S8HK/MTasCGGd3c9Q3EwI96tdIvFtkVR3JwZcRqvDwJYs9rUZDW0H76PInKU8rv87znkUTK1LB+HF2rVoNesCi3SYwu1LGagwUx0Kw4XIcVo9DuXsxcE3Nfg3y4aW7i5m+U/78PyOkfDM5jl6b5YH62FXdBDsgfWmf0Bg2kVc9V2JJSb5E+ocALt53uiu9YBtJWZATu4ZMvoiDuIRM3DZcWTtitXgPthE/tUn4RXs5qBfOwALJ8GwxW16GeeHibpL+KZSGmp8uE+5F6yhUfM8VfEG/lu9F1cpa8G++SpsZvkfLu8cxq3jBMD+Wyod0vXG3sDV9EV9kMOCd7DCmtEQ+2aQPwmu48iECp5v1UzLVzzG6U71NHV4Os2e5g61krokwOawcstufJTuhh5dUlw04gs6femFw3uV4coVJdBTFMB/F7TJodUUVtS7gKOtF6SrmXG8hww33tAin7gkclz2GOPLb8DKmo84e8J0mJrUwtsGm3g+O/NOj0pOOyfBJVlyuKkwl0D0D284dZADdEQhx+wRr1p3nKP3P8b14pF8KnUIhV8MkpLEE/KY7gZNlxbTWpMR4PflBEyt9UCtC8SHVMaAslMQXZFVJjdtH5yR/IPL9t8j1WpzYK1Gyoy/jyKDS2hMeCmJYDNdFJfnrWG7+NCFAAikhzh5jza0uHdz0tIGNv+piH9sz2F+RA0aOo/Bb4rP0ST/ALbmiaBLtAgUPBbHO8rvMOn1C35u2c7GWVP5bWIVls+vJf952fR4jSsfnTsZfp9bRuP3q1P2BQ24Jm4Bc8KlqVSgGA67h4OG837aeaKD92gTJFikc4fDeFYy0CPL8dIwZjAUN+vO4GjX9fDnvAh0HvwJ+wQMoW78fXgrc4N66xFk/QRo4hoX9h38S9/KNLlssRk1X7IlnRbz/5v/ezBrFUuUVoJ7SS+31K2mZd8uYN3dALiXaAMnlY9RpWsj3X5oDusf7Md/Isd41qarqCv3iASNtmLnmwF+3jMId3cdQh+1IA6aOxY6WRUPXHUAza/zyeyXEJn1T+fF2Z/hmJUc++Ybk5yJESSsJujNqqQslQe8/1UZ5ihvhrfJaZyRMRPc9EoxLmIHvVmuxw/rjeH18dWcZdRHt0aso8sXnkDc8wjud48mGeujuL9Zle5oX6K1T2Rgz2ILlHtrBL0cCpn7b+PXeG98EyrHZy2sMf7VZx5/yASqDCeD1NxvEOjrATGdd/lo4Twu+72fBzduBL04Ywh5kgQF7ZJc7jcaSvPz2C3vKC2QqCRt+yA4GafLOqpZOK0hEtbGCtDyV84gFDgVzg8/4mW0A8xc4+hrlBk5+l5C+xNH+HxYNb3HatB9cwvmb5SFtptKHHV+F8xvqMYolbW440AMK+p/pZ0OiuhV44odCS7g36sCvjtfQG7vTH68Q5amuphibosenL1SSgqLJqNj9SzISw2gfj1RKPw7h66fKcBTX37x570Pqc9JitW/N9GJuQXQa1vO3gcjOEhaAZ7+/sOZGT68iwfpW/YDHn32NWZbXMOpwjfo2qiTILC5AKZvnwQSg40ke2gIls6ro/YNBAcfzSRb0b0wSsED3wrZkj7Wca2QIZiq3qCY5W/Y0C2ExzmnYmToAn49bYD2ibSgjNJq+ugjC9sTVSEzazQ2hhfAlVdW4FwkAaOTjMCz9y8JnCsE+dALcPbMaPxVZg6PWr5iyVFp3DsliTVlEOcWVoCO6CnUvHif9PISQeeNKawVEwHVb+WU56XLqqpfsGG5Aj2olQPvPlX4Pl2MasUj8N7fLlpUIQJWpq6Un9jCDl7zKU42kJuOiHFJ+C3+cWUCTd64nJ11l7BbvBZU+nnSqjMudCKhji1+qVDthwb690eRGl4uwNFGE+m/fmfS8NSHU49mMFjFk2P/Vkq++QZ7on1h6UVnmqGng30H8kDsTxUdFhcCoy1WKH8hhKqPXeNfE/WwR3Qxnqk7QWZJsqD54hH9kLoC+StMIXyXGPfe0cA1Hmdppks1LNtmBhGlZ6B/y0p2PyWExZtGYOIEQ7AZI4Q7Ui25qm08nc0Mh7SPY9ktMZ27J/2mF1FbaM/V3bSu3AB0FvTBizAPthzWw83acbjo7W7e3lnMsgop/E0+nobbMjFRWg6M4mphg5couXavQI/NJ5FeuPO2Y0s4oqaH9D5nwLEGZfTYSRDWfppsrxzBaO03OGd/Idmb3oDsxAIUTl7IPMED/v28DsNh5qCZ2kGmIw/SvfzDnCEUD78ykvC4GQEnJPDQ5ju8IS0HYzNk4L/mGXDy3mQMODiWTF9l0eNyGSr9I4drzoSC0/e1HHH1E3zbKQ2Dv71w48WPcLkjjxysz0P/imU4L2AxKo5ahCEJUfz4XCz9KpwO40apoYFFFgbe66HXrZoQF3+TJfSl+W7jGTaenYifogtI6YIQjEpcgCPle3DLjNsg7zgBoipaaHWZJI23EgaJYhHmI4sh6aso/HqbjmvVU3Df1NW8bkoJzV5Zwc13bsPV+0acOq2Zq3ZOg8m/zCBky3J8tP8ypil684Ux8px4YzLZ5p7m+Q49YHLBFA98zqb5xdNhVKgE+z+tgWs+X7FsrC+Z+wlwijTy4PgMSKhWwvBOc16JojAUtJp8/dbSrqkL4EZvOib1bGKvXWa0UDQDPmyRZ6Gz4/Go6Xhw+g+h73Qiepx6i7PMrWhL5jCsC6zBTd1nOXO4lfQEtaC0SxKsH9qgS4wdGTWpQqCPEDhnDiK9/YyX9dtgcVsq/Qvz493fxeDJ0u/of+M4rT3NtK+qlHqMauF9hSvqvTXhnIvm9OnqWpzxhGGBx1qYl93N++bdoKUl7iBU/RwXrkviEqNH+NZ+HG+z7cJ1+wj8chfDqM7PGLpMn4/FHKC/go9py0NjqosLoLV7r1JX/AzSKQDYu2MD90/4CKpLXuDzXn+ojPTjmClWVLC9DoOqXXiSx0muENCHA7VzKDc7iW5YjOUE5ZN4d9V9jJl0ml2npVNgfyXq2rqAc4cm7Nh/gZ/2hHKU31FyDurm3I6nMDvFgW61n6bfesaw+vJGdk8ygqvX52Pc8TJ8Na4Dbnuegqjnz0nUKJifj3WkEd0yHBssDsW/J0NgwBosD+0ltzubYPyZy9gs3AJuo0ewreoWCGnMwmpdOziRPBFK801A6o0eps08DEUqbpza0QpSYyZBhqwRHSnJxrUpZ1B8vCZcdPNiW+vteGTWH748Nowb8rO4JMkPQhyIky7KgbXXOhIcJQDnmtKgoO8ifrU4DlGzE9nUux9+fFQmp9lx7G8SQ/dHvAbtiyNBsvU47hUfpIL7s0lBpoHG15zmjrQrHDhNGNreBYK9qh9452tAygsT/tc6QFu6orBbQ4v3XH5Aa1ePALXhEZy6wpNzN5mxpbMmzCz6ALpFxzlgazqsaO8npfpejqtZBiPdLpL1cW+aVHqWh04zFF6fipH7RehdRDsI1J3lY4F/efR6eSqsreSSwqMYEabO65+bgPLhTryYYY2fgnxpXagLCX/ZjLu7xkDjP2tublyDa5YO8scUXajakcL+xStph4IBeBmksPzhW1DeGg0iJgS3+v+DhBPZfEFSDqotSnHtl5G8yGUF2gvp0eoFjayy6CLOWNeMs3MNUKiwE6UFDCG3TwWGYt3hteV6WGFvxVn3Z5JERQGczn3LgqYi7LrSCR1tdABrNtNLlZV0UncSj0o/C7Wj7WkN/YbjPg1cMv0OXdPYgkubhOGxCMDad18xozcF1igXQeAoX4iftgc8ooawY1s/ulV8xBAlTagIqKW5HxRYObyZzWz+oPTSETyUPETHC4CaM16TpKgzKstIwLMAW+i01oKte8qh/etD5KNy/H7USkrd1MSbHgrTgtL/WKFBBbz1okngsA197xPlSp0leOaXMb9aMBXu3dAgg+EEODbXHe7iCDCbsRKt60XIzruHH9ZbYndmJHbfNORtZ6zBTfMb7z6zgkrXToRnvv/BXpEz3B+zjXabPwCFz4QvFg3Do6IH0KdtDkF/l8KhKBXweT4depadxe8n2lh2+0SIKkuDSTM3wfi41SRbUoLX5Vrhg7AYDJ64Ba4/D0CNaSPOWrcDzvc9pGFhfTi2yR2Uvq2iC9PuwDo5ZVDU9+T1P/bwn18DSBVe/ERZBSeMHMEzfctxxaIDvNNekszER8GziP34ZMpcvN3lBBGBWSSwUI59QybSsXUxcGtaIF3yaESN5yKgODyL317u5PXQiIt6KtC50gdy5+6lkYcn0inHIXr5IR48y0fB1ay9/OyHAy7VGInbXt7hq3cqQOjAZy73zmXv9Guw8NVp2pavCAVBL2B+zU5eoBQAk9e308kT++hvTSqN8Z3OK58rw93aA7SkSxOuPQjD61/XUHL5fH6sUkULSi0h5Mlojhufxq3Ci3jr9gmc6jQWKkxPwJ6yCODnNWx/M45ND4yC4HGj4Yy0Bt6NqCELpZz/EQAfgEAgUABA/zCyE8pK9hYZ0YVUioaGBkpLJKIUKYmSUlIpIpWiKCVJQhFFRjRQhFCaFCmjVFr3MOKiILzfEs4eS+r5jVQaKsy1gNOL4tjyjDJ3tcQzm+mCRGIBD2uagNSOdBAUvogL7PIwxHUQtlefIMfe3RiaUQI+r0aTYvQmTGmdDJ5l0djmtgtkFF/SkY06LBSwBIyvi0HdlyXodzSUWrKO4AhRAP++HuwQ90LeewffvXwByce8OcqOyaezn2ac0YV7IZFYEKAIX1Yto/haF4jOPka/qg/T3xAZOLKwjzc1jqEdklZ4+/lDLqswATHJezhn1HtMOPOMdx75gjGLVkO67W5wHHMeDVs6yX7jSNxSZwFezwN5+tMHZLJxBhrI/sMGg3Mw/KAcxqb2ksfn53hzsg/LxtrAbZ95+Hm+KEUIKMC6c4vYO2ctf7E4xLZ7jTH3wxw6LKPEaV9tYJ/WF07sPgTlZxZC77NV3KukijP9FsLBTCTh5ZvJztsDHn8Xg35xf1z58zkv9XCANHUbSPlwiBXvdIDMgVHQaL8YvtXEovRrgrzjb2D4qR+WW7wEvzuXOUttBGWHzuI/oh3cPJBGV1yn4LcmeaDxxZioFgfC+APGagzwhZHvIOZND/3u18PFYa9Y2dSBBB4bQV23AlWU3ocq0T2QcU+Tdnyxpm2vCvHo4hY45WKF+hr1kGcxFtIyL3Jd30ra2zsH/VbE437bEt5sdZQFjrWDVW4N5g/vxJUh/8ERl0DY/qicnHAhaf5pop6CuVR6bZB/rNpM3zeuo3FWX8HMigFOPWLZCY/R1zGT1lA969xfQNkej0Gn7h3MaXGAL8ottGODOOxUvcd/P7RQkshcul2QTBZXQlDX6D2/UblGM8RmoNnwaXzx1xJu5AvR0tdLybmjnk003eHEKTFQr/SlLI35ILzxBL1R9aCidA1oE60FqY+29IFfs4HQVj6pKEezjumz1gZT9Ilfja9fxuEvI2kwjT1LF4d04E3BOnQc6ANYZsBKD3Iw8TrQ9u7P7FCaSvk/dUCm7yFHPDnJ20V9aONBAfC4nQPHXqlwp80S1PtuRP+tzKaRr/VAp/8PCs1sBz7yHTamO3Cc6DYoi2jg0ap1dMjBAyQDFrH7vhEQG9TLUuflsappH17Y5MQtqrpoZhaG3vuCAXf+hciWNXxPzQhCVZXgZOoJMPR/A63n/uDVFYHUN9QNDmMD8VBYLWb7nOWoIn2Y4OZIl/8FwAP11zD0NpALd+ez0jRT3jCeWC9Nl0WbtuOGrWMgPfA5jjg8Cp3FF1PMvTjw1TwHvlEKtMrmPZfMnIF2G6IxUAGhpGsj9cFXdElANh9lA0LlkZhc7ca51nr8KOoIWbV9QdlqJZB/Hg7PbohDQOwsPp2M9JmmYfemqdC8pIvvO96CaYPWeM5bBTava6Se9CQSCBZncbt3NHzwPgYdtqcUs0JQ3tILyn9OwXYlC5i7vIhNt2yH0k5THJ4whjcdEIam9Dxc5S7MM7/MpNKSpRj4RQZmxOTw8sVaPFD7h1KXfoCyv9tZfm49XqgwpsjBxdAgnMo/LglD74FpKDbdh/8OOOCRU0fJZkUxV4iokM7pULgz6xeKqv2lvU0AF2YcgPVKS2lstSc8TlRBsVhn9IC3ZJ+aBUbH77C443q6O94EChqD4Um/BP0abKCdGgug8kYOdZUv5fIYXWwZfxokCjXR5ocetMTn8UzrXFyXVYqTH4VDTfpJmj/zJKWduIBnBovBe/VuNp1nDJN8fsD+HQ9JY7CbNDNv8daT00DqyVQW2PgcjEv9OcnmFo/foAl6CtYkIG2EdOMUTHoTBLpCgni4U5x+RBpj6fY89PFN5KxLI2HkhD+4o0yLC69p0+3yn3iWSilB7iSHVdqS05hEVFewhYBzprA+/QRMNBzCr4da+JTBVbz77xPtTFqOiUILQfzmKciU0oArncawcMdpGNjQRXPiHnD7sZGwMD0bnAYn8JiQ/+hNXRlfflVHs3pM4HfdGl640Zp0yhHUMxTgqF47JBWdwed6oXT1bgFcWKhKk4xNYWuYKznPPM8pWWb467AG33W/RhdretEvqYizF9byJ5Uq+vIOYeLaRhRYv53f+L2G09HqnCVaDMrjZODHU0kaZzOO3HO1afrVETC56yR5/7uC2tMGYJe/EuTN1oXNJva8sS6WXh5ahaWnDfFSgwK8ckmGIKVEstp9mgqWrQero4FwqbmNZlYE4aRfIqzQKIlLLkmDaoUgtk14AO6vfUkjKxN1bD9xVXA+vNgdT1aRzhi2JI3WeBuDumkmeafY8nVhY0hcqcvvdSLpTrccbLR3oLXp8uxZlUenpqjDvvGRlPrDnyOaTHHr2jB29tuO0sey4fReEwqfaQzpz96SpLgwdJlNp/ljNMjJahO1FctB8AM9tqw4i5tUj6G6bCb2bVKDiUOmcHG6LtYuT8YDH/wwJWQsqywxx53zH/Dx/ENsd16H8i928idtQfiTFI3fsk/Q0PEVcMFdjjMWSUClmRro5t/ioKAtLLxlOUh+NYd763YyRerSguAFPGycSovHZ/OnwTAesomiqUf2UXn+A14xURyO3w3lcaOT6UvuN3TV9KeCvLfsKHYG1/bkYaanOSeuvwtZN2VhXfNOjF75htWMV8LHhSfo5KgzPP95F3ZsrIIdIqaw9ZYULRhjBF47/vL6QxPY0+kZNEXdg0Vb1/CaTx+pelUk3hDOw51BRpyaLAqOEuux72YX7y4yIPS8CTomNTxj2V2yniuImklNGCz5By3rVGFDmSgKPt2DW4WzuYYEcdfwHPTJKIXoiG/w6vtM2LNYBL2OS4Gs3TPglI307GElbWgOhrKDzjiYWwNZKnWQEj1MNvMUOd5gDDyP2o2vcgKh16qVxbxV0P+yNN44ZIM1hcG06lcCGAUHg6yXOLQbaYPc0gQ8s/ET3w88Tq2rGnC/51w6LrkKMy5E44+ySbS0bzRY/duPdfU6cG5qFM0ePRJjlcrZwXobfTURIAnBAJo1nImqTf/B5VvROO9LH9l4q0C6qxSKFDJvk2vFY5I69F6ght9a1/I4QUuom7OBjmhNJ+urB/jM3Lc0WeQd9LVr8GHPeDaw6ebVfo1gr6wDTsL5OL2riJ9KJaOmTC48fhXGPy23UQNFsIyKIC0YduKd0mrQ9XoUzvCfxdGvbtDQ8fkYsf8ft6XoQry7ACv05+GefRXwcNcooJQEsCn9S63fynD8xC3os7sbYrLeUMTcszzeQwmk7/Sg5Q9V2PLEm6/VtWDGZlU+OVIUtNZ1wwPoJjOUw1SjZuySugzHUg3A0j8bDD7uJaOgSLTLuo48dx0vW3IHow/vontHt3GEXB78XqIOt/0v4MYnTGdX7WWbuDv0zX0fH/o2jI/1ZlLC/XISoTXY90kXFn3vgqyVKrw605feP9TCqolvQKVVHL+pjcEtxxRZxKod6mrMYFCrDj0DHNDDbyGVGlTg63+KuMb1Cno+PkTxjsVcfq8FdHUMwWtYHVcGhGDGrK20rjQYYyo/oYgisd9XcTQ424GhTyyh0kcUtpz7xKrfLvGEoDryHVyHoz0moj/Z0Wp1J7pcIoEuO2xpn5sxCIUK4Tdhf24OnIT1xUcp4pw1P59ZzcLuUVDryCSStA1uvNOGK1OL6f2pvTjWRAQVj86nMa/f46j4KvrQOpazP12m2pS/uNXbGjTvDEPCuO1QJPAKfJKfkX7RAVyZ0Q8aGVfwpP0zHmW9HeZs0QK7rYPQtWUldByajOPOSdP37kZQOb2LHsjrgdUvSfo07RJrGejC+ruXAV3XQpvRU1DSrSEt3fG4RW0tpPplod6aHbxNyAOfv54M042Xods4aZz1KQdPy3timtpD2hY9H93V9bDcYRwXngomuDUW1l3YgFkWa1GnNgWbV9hgxyRT6LoozVkPcyk2KgOmNqmh3CkGZ9cg+rpSD75eU+Xe7kjctCcG6petBN2TLTSdl9KYN/vRa70oxHVH4ZXJeXR3zlty0lTGlOxTVHG/iYUlgvmQ5zaI3jiKjcZJQY3KDHpteop2Wi7idSnFLLvyOMcYrQS1RQo0NuIK9EVc4drLE6GiqJNnzjAggy3i7HG6Cv1OCbOzfAV/PpbISj6GuEj0NShFikGX2xVs5uO4aMpcmoremFP+nv9c+EVB+xNY6n4FfhBSp+piA/hIqhSQqMtyAlb4/OJKtgzVIEk7KdByRhgv2shJ+6XgSyfClw2KcPhALRXMi2RlnWGofr8LZZxXw56DGRwdVcq7f0TT6PUIrseu0HFvL1plcot15yeAzol52BsjzZHi8tAoqUjB7cdx/GMTcEiazsNaIRwRnEb9Cdt5n9YAPWsM4FkHBKgoGXjuzARWnWwCRbrK/Hv6a2i59BrErzpRi1M23x18h2mHJfBDawPukVDh+QFyUHNDFvetzOeECSvQTFqOJAwGeNTkAfiwbA+H2z8j+V1X8dZCIXg8wpHGG0+iONFj+EB6K741JdxWZo4aq2u588Mx/ioaB5ot/8EC01AM0WkgpV2nISorDYQOJdLK8wKwaLM+/XEtpfXJDlQvLg5HA+eS1t5O2lLXRPn1bvigVpYeJsSjjWsn+Rx4xDNOj2IfWwEY1fMBhCKewMTiYP64ehJMK87AQVsJfOk6A4sd76C1oDQFlE+B73a9tCingl0DDuOy2IVwNNYLNeqRZufeI7WHy3CvlzI8PyQKXw8aYkP0djIIfkZH5z8jD/8nJH5JjQOsEkhtzCN0GHYi+bEicMz1HinJZ7JU0DAe/9fBBckXOWpBGB6+6E2OfmF0d1k822XKAO8rBt+57Vjuw2Qmfpl+pGRx8tInONnzO+35bcqWG+7iaRttOBljiL2y8Xz7lgRLKKej7dMhXN10ELVTxpOheglaGyrTZBNrOBvXR1l/N+D+vSH8MOYSLAieinWiwbRFbTl79l5EvvIHoioNICHvJ+8a+ZgfV8vT77AOGPO3kLzn1sIKD29U/HQc7E/c5q2uavDYqZb77/pz6GSC+KXy7N3dQRGj+rDp3Uyub79MMT+7UPmCObx2f0q/R5zizmBrLvX0hg0deTwUt5YdM35iekYRzcl1gZkfRaC43Q18t1zHTy0Xqf4/dbqcIQ5LZhzBs3aB6DNJn48eruZzoADbxU6xrf8D1plN2P9jFRXdWcCy8/Ogba8Qqqqeg7UKq6j5tQLsPKjHP0WUsX3qTPpz4Dra7RLgpxYnsfTGZswuSUPP917kLDEOOoTcYeFtMfDfFUOhDin0/Nsz/vdBC0vnJcPqXFcqePQWi7ZNgv5Ti6DuTBK2mFjxmV/Z+DXPlBsF8+iYYhCmt8+G3DMrIUxeCi6GWMO5Ujmua3ahl5sayWl3Emu3+oGXwSDLtefR8VtnQf2NJky+vZGPZv2HaVfcYdnGSPpWE8+pfzbhGbcrOO/bCRjXUIcXqoSh2OwPexQ6crbYRBrYrU7Ri5Oxpm4pjZOOhTXCDzhW9hCkVQnA+9QXsHpENdsNNELZ03acPyQC/k3jQEJ9Oa3qPA8tO7bi+mwVmBhnwNp+d0lyylUsC4kFTc7FvWHT+f3EZbCtYDJ0tivQpXsSIJEpgE8ONuBaQyW00wnHUpV1vFXlLEuOKwe16s8QojcJrE5qgp/kIxaT/EQfBTPQ/Hg7LzKYDJYdhpTWlIlTfBt5pu5qNH4IsDJHHvRa06HoyHyuEK4l49u3qOLfPWx//pz2nvsLOQ1hMEJdAGqu3uVHej/hrlETLR9XDa57RuGL3j+sqmJMJ2eMgfCbF8CiQBks15Wxipc/rDrbye+GKiFYOQhf6LXS7Vl6dHZeAak4q8OIE6IQq2/DsgHXUfVRAbl9n0MNHV945YUelMoUAOdPOzAmIRGX7RsFQoF/YadRJjf9mgFBH9XAt28jeCbuhFx/C/x42gTO7kpCv3gL+NafRl3TnlPaS3H490SeL72zgd1PfsHptePh3d45kP66DUyC9GGPcAR0TrqJHsd/0n/Xo/Ge5QmclXmR4/Rnkk5hMLaWNZCAiCT8UvnCek4P+bV7NS6yKIR/Qw/hdIAgh86aAaIF+2nZYjvsGm8JHvvlsHaqArjP7eeFVU/RrBVQ0gxBr+8XB6X9JlXxBzBazApWJr/D5Qen0LsQFzKJfMmv49vAJawGoovlocjBDuZJ1eHvJEnAlFN07Vkkr4pKot1HtvPTMknSfBcF8WVVvDxYE19ktHDeQiv4tvMFnxyjCeEd66C27gAs+ByO6ZLD7P7WB/qGjOhRjy7qLpsCKaLNdMokHhWWF6GxWQO3XXChO5PmQxRP5dGXj0Lg1ST4K2oEtkMRtFHlNw7krOXU6hLWX2eIrVGLsUR8D6injMXaqkvw6bEGlO6W4/nOJtQok8l3DB5DZNU8PNKlTak58VRXnghyMaEkqCMFExTWQrtOGFQrfWWfwDPwVTOKmvJkoH/8VKiQjaJ70eP4ygU5MDl9DWZvaYInfwRBV6uF8soF2OD8a1x8Yi4orffi5AXH+f0YZVB7foMTRD5zTdAzkFlbRYGHTcnwmDA1Jp7igfowVFuzmQdrESgxFnRsGwCjtHFkjis6ZYwh7+/qePuIFPvL+WKo/h8oXMSgdjYOBpY5YuuUCopbMBIFP3nTTksTsB8nzvYbV9ARrd/8xVcMrjufg74CWxKv6sPk8jT88dWTciVjUWvUS2qMWo7/lF/S2SxhWLXJDh5HDoJt1w6SHhiN1YV74Y2/FGS2uOHFzIdA2kW89AqD3hd9HG18g8fZq/BZL3kKkjxDsk+e8/Wkbkp+n01ndJF9t1mCj0gYdoQfgov6i9H2RzyO99SgbkM7mFPeBqamalys4suyEaOhvagRr582RL9TdmT1YSXXJwlx76t5bKy+mwZOTAcpnyD4flgHJFxbacMSMf78SBlkHYvQM98bzGRF+Kz7er614xwdEJnM7vIScMU8lr4WHiXVRfJ4ME0Dfwf10k+TDlw6dJid/T1p2Og0LZcXgduHFzF2I06xaKVZq8zg2oKr7Pi1D6fHBWOtlxjHyNfx1dMaULL0EIea3wBtukpJJmHc9UmNdue104nEFTSXArAtpZaURpvA4IYoLhqMB+vh91T50JGmO6iR2CZVaPG1hJ6HtbxfNwpHEMPz/M8kflUZLlyUxY8TVbGEtWGd/TjEZT/oau9FCFnbjHkjhGDXVBWWLrPF2qWC6HppNgQsdYIkjY8gpX8YrNZoUFXUVHCs04frH+PoybkSaBv1ja/PWs/3LDZB78/p8PT6fLZp7MW3+eLo3SAKH+e1oIzSS3yY8RwvPQmitiW7eN/9TXz750YKPj8VBLqPgeTs0SBW/Y4H5rzmNaMvgKHbB5ykvxZ+FIeT2bp4ND6uy0e9dWHonyBcPb+ZDR4nccyhK6QRtZ7y6m3h+FAOC54z4qzAYbB46Q6rTaZA96VkMm+PgJKI8Vj4tQLhWS/YV/xBmT8isCXVhS5ZKpGtgzVU+Wpix/ZS+GDuBZnfr8GBEBsePP8BpgbnsekdBWi6eIFjY3Rhynkd+GLQg73KjbT66T1weDEL8UgKBN8NJB/HThSfdANCJo+AWwdmo2PYCwi0CacPK8agnVIjXJf34kg7VzzwdhsdW7IEn0dOgHLnLpx/cA/oPuhHi9UZ8PbuFPCs+Y7S205xxYvfNKDbTN/VFGB2rxKFSqynLYNHuHRyPNyRv8kyyeoQdOcC+k/zguYtqfApRxhytE7gCUUztte/xRdigLeU7ofGW/dh4idREtl9Bx75PySXDSOg98RKvFeTD8VXnMmuSZXT6n+DqeZbXi+2neSK9tBkoRCQazKHa3XjqKnBGdwvmoHO1GiqaI6FuTtdsKM2nYavusLalYgX3NXgaUIcT5F2hWGhdTCwwwXGf/KhRtkAau+6TQ8rUrmyNR2UJ42CjQmz6GdrOb2+fBpLG3pQ0ukwH7w6wEMf71P6gd8oWD4SV68aA+kZYnBEuhzD37aB1K1DYKz/ngtdTpKU/kvc/2w8r28Koyj3KfDwmiK7ZTTzmgliXDDyMISW5PJK2ZN8SzyXXErTMX/wFb5/JQwWO2rwu74p2Wf9B491RfBlB7FW1V04t/sn/f4bira+ovj3hQ6o5oajlWweTH30APsPLEA/y/Pw7KcX1r4xZ99bG9nN6TBu+ToaZDfmQs/p7zAnYRdlxItyy4913HZ1E41y+EtW9jl492sWkvFoSFL1Q1fhGyQ1Lp4isv+Q460zXP49AgsqoiFjxxCJbHTlsnfSsFalnn3DslijXpOXvE1hh2Ux0CSRAc9OjaUTCpbcf6GWzapVoNRnAILvSoDCNj/SyHGgBS1qPNfWnXUepaDmIR3Yrm5Po4UNYPXWrTQgX83CBwgvjb3NQmO7UY2TyHb5PtgRuZyv++qx/biR4HIzmWbfUKF6uWHcPJTPBip19Etcgdf8yyahJe44w1oRPGSl4UhyMenUyPOiD2l08lwvmJ+7RxuXVtHmxnm0C++QSrYLvlEXhdJ7+aSSUYyJjS0g9OQoqHx4Sm0TcslpigJYj/XAjVlhfE11DNzoa+FpCSpgmjkCz3k0097BA6C+Yz9kz4gCmCSATwuXweFiU/gt5YOCPb3sOVqGY64Mcfuuoxz4cx79fZRPOsdUqVH3PsUra8NDu2TysN6Dfip1ZDdJB4tqv8LuY71Ye8WCz58GsN7VSPuFhCH23RCHGlTTm+3ZeOHkOnQJLWHfcwvJ++UGaFolBu7/eWKoojZstVjNql+GQCa4gsb9HYv/oivp+6fLBHt8wE8pgoc6v5DBUhNQOX2B5Co+c8D9OaQlvozDT+aTSe0jdMmzgIX712P0tSK2+ywEj1O+8awJn2C7gCeuHjkA6sV9fGK3KdaZOfHKDnnKX/Madx+1gd93fuG9LyFs/O06jk9y4BLI5vzpAfDYtJM9j2tQ3JI0enlUFhzTjGmh9GZyad6AHTqm6JuVTXKZchD/R4u7ehfT9pZ02Kc1DiyTd6Fb71buGf6GFbe96OiUUTBK5xzWyHbDmqfxaNatytLhOuA6UhuCpIrBiyN4ybbPmFTfhI5VpZBez/Td35gWaYWR+kMlyA3by3bbjUji4g8c2fETw5Sr6IWFP6+2WM/fbn6iiidVUDFFET6mq/Plu5lsODzIWQofsVdpDXglfKSo4nC6KXUWrj75Qyp7RkH/lxqa92kKX1HxI7cHh0nVOYB3i8yCm5MBxKtv0W6/Jt5/WxWMbu4DmZb5cDs8gB6VjGeT9HqgJ77QrTVALh1lvOlTGYc26kBhsx8Y6EXA5/TpfEX8HF591geH3mfSp32v8PHdCyj8KZOO+RuDQoQGbl0/F/HCfh6zLRcfjAyiqpqH9EzYg779E4FRgsLQt0EFCnzy4KzGZFSMGYfbV1xgq0vx1DvaBFvyJ/KeCStJ4Mw2nlvOEO+zBIfnCkOjrAYNz54EZu26vMRxKvq86KS5f+ZDhOYQ3dS2gTKDMrI4U4fO/ZNI0aYDlb/tosHGAfKrfsEZob38aXQmvgpTgs2q9lT97xaoDNhT3+ifuO7dS9jeZE177evRVesUPigfQS8clKE56jYU7/7BR/bL0UXvAXo4rIU1549gs4QiLXd4QOPU3mCNhj4c6xODswfy4EDfUhI/tJobfg/Qj8BZ4HZSC5ZX5PG5nEpY8lcGzqq1wODlGZAz5w5/O+XM58VVMPJbFmSv8scn4V8491YwCHmMhUnX7pKtkhuErV/P7f1bqPXMQb7ndBCUpmdjS34vvvc5BbUtKhDdvBsuzjXE7RtW4PpVnvBs3E4sj/uDlrfSaJFmG8DXR6Q30gKeBUVQycdx+ExIHLXeBaPPkzH4QH00ak2qQ6X8Rjjc1g4HLkrDnPel0P+wGa9DG+16/BumTO8la+1rPPWmE+0dUKCMiIlQ2aYLDpK+9O/GZq5d9YVXno/kQuV4GL9JlUSrtCE59zO89bUndX8jEHP7TrNMZWn/+XUQfXEAhqvWkpt2FbgovOB9r4dJcsY/FkcbEHN6wp8uhfDRs2I09r9JoPpVG+b89sagrH+cV3qH/+t7Rc52kjBlzwwo7rajkn4xGtHSB1I3JvGTJZZ8r0uOJ015Ah/vZ3JlkQlIqFyge5nfoc3lPKydbUIZ2lJ47q8nl24h2De7gStyZwOCEbxqWkGfY6bw+1RZuvf5Lajn/ICtftH4ZdMxXBR1i+IT50GpzyRQV7BB/d0/kK0Fufk6klfOSjhyWZAWi/8Aj8FfNNVvHibvVAGNOZXQGj7IxnVlMCZ8Pa4vSEdH+z3U/SQZRwRpgs3mpSgVIwSfFbNBZdIQmT16BzbrfvDj2dMpkqzxdtgTnHOxAJ67baFdd8bDzq/vad9yL+i97MObj67Bo7+nQqamGIs3+/NP53eo0uCMZ1wIpikVks2Hs7jgvB7/21UCr9Cc5neMoaDdRig9zQTO97+FhkWyICHfQ7fKsjlCcZCr3X5zZIEM0p7LAFYXIaBel3YbHeGzPyWgIeg0L9cqJA87e8ryc4FprXZUJO8H1w47grXZXL573BhNTFTA5F4yrXH6SRXBB/j54juAqd/Qb9dVTJtUjs1zNNhuvgc1io4Gd5UE/mJ4n9w++FGkwgY8u2AnnbB+Twsct8G8ck++OmcFZbTrg5mROy39ZIimd2fj05XbeUDDlVcdSKFn07dS4ZNBLr9lBFMVtWDxpU50PbUa3DwW0ZjIVvybP4lW7NzEK/sjoEZtFKh/fwSjJshDgOt5EHHRRWf/KXjiyFW8nXIawqRHc8vnrayvmsoqDlk4PGQIu5Ns6PFeR3iBR1nE+DrtWvgYC2qFyUfmM5w97MGHln+g257icLdUDXL9UlDGrR6te+MgfOp+/vWtFb/PHaTcn6EwbXUU958ZA6uuVtIQjMKOE+Oo1XsSFbR50q71d7lyRxQ6ietB8DM1mBoqBIPpXjhOcAX7/xKFThdjOLxhGjo43qJBaytc9yqLj0jW8Vo1I0gN+0O2+RJcGGPOS9bep6t3IzCkXozKXn4ktx0PYd2eYgwctoTZUmv4Yk003xHfS26j1mOrnBXuMzHH3yMrKXKdKdXbXuOuA2PA8bAJxPz9DyNnXONZml6c47uURp2JgXPz03nzpkTUL+vhTCLYveciSaZfxWk+GjzOxRWbwqu5Z1QRjN40wNY33PHVWj1YtVMCNmzLgyizuxQ3Sg+Pa1fRyk4furZwCNdt6IfmJ2LwMS+Kt85WhyaPGL6d9B6jaQN1rN7OtwRtafCMCr16+RmPP9annguCGBuqBeuEJ4BVzx1cnxHJy8fHYY5RNTjdmAK5175RZfklUsqLQ482YVipa8A1lY+x8VY02AfvxbVPN0LP4dd8xXM6NY41wxOfR+M3V32Q3fMBpL41UlBiGBrv9gHBOQbgsX0sie/ZB0t/R+F0o3ucIC4GyTLX8OS/CtS7mwea6S34SFSH9rv84KLJW2nfn4PQWBKC/3aqQWbwUVoTZoUGd6SowBJZQyiEXh3XxqARlcDm4iTUuJ8L/P4D843juNguluJDavHb49t8A1NR9PhtvPs1lztzb/DTxNmgkKgPeyqbcbQCQ7tpK9gVuMK9gwkAjU9p4rvxXJmUDv0POuHoURn4/MeEp7+Zgl7DjyApTIDuSjlBukc+T9AKhDs7l5FRw0qaLW8JVnLvyXrFX1RMMyD7AhUoUw9gHdu3cP22Cdj2mfHEAzHk0oCQ1mCMw89n0YggHSh59opmTujDochr9O+6Gj+4tJwPJ1jjlAcqYL1SiYTNJPlrqRKWb06Dtlu7qLyukMPP21H8f1MpxrsAWjoJpt0pgNHtldApPY3meGwF0ZxQ7kj8CCXzPODd8kWckBRId4JVYNGnpywZeQNUn0+CBbJBNDstCQ7FmLHBuRu8Zlkdq2o9p8gKNbgy5zX+vnCN9j2zpWPFi+C1QxgWrWjhz44a+MXyGGgudcTcHeZgC4fo4Dp1+H5ID3c3duFP/5ccEKQD+fuNqf5FEWdu7MOGPE1I7LmCE1aO5fJjKpSq9xvv107kNumbeHMz0Yrthbg1t4lfusvB/dQbvNf2MJy6+oPkRheDao8mrT8rx1axnlxwaSv/s3PkLb4EVYYrMD9wE1W46FB6sQ8Xzh9LJ6t+cppZJSadDmYddVuyVBKB103FYDWlFqxfBMJ/d8tgvPwS1M71YvNhObTI3ENJIVW0pswcpE8dA4lkWd5SvRJebD+HG+UuYlyxJK3zMyOvC9Z07T85GiGrCGcDG3CHSxzNmLSavBdsIfHzW7m7+ihZTRjPi/tUQG69EoSJyoHtzC+k238BZzquJ63uTpobu4OD6wbowYT5dMR5Ba2u24mF+0TBMsKer3i8AIuTDyFKSoVcbyfioq4+FLXaB7JvfbGzzJnfRKuDv+x8lPmZjRtwN8tWvYQRbfdJveYyHG6RAQXjJJa6Jgm3ZUaDw15l/ri5mcTblDjqXyHIV82mMocV/LEpksofGkFC1HK65SIJh967k2vLJdJ6l89z9o7kOabf+fKbYLx2lPHBVFs8/cCcV8eJw/oThD97d7LFjyewp7gfJO+PQMsjslyjMgJH6PZj4baDFN+jBzsMzXGEaDbWz5hBgVH5GG+XxK92eJKhmwV7HHbCCu1mkHszGoxzRrDza1Na+swLE9bp4sVuoCSnRbTgSCgEyX2lKdXF0Fk7AfaPOsJfXGdAjdcv+HHiDMz12obBZ4Vg1YQBbNGdRIfSz/PjM6ZQ7bgGXcslYOzWSIredBtMZ7jT4KE94BEqhNbLlFCksgGWmwHU31SmW1sYsWc7l3acpJeLFVgs9QvJSkWQe8VzVDU6zI/W6MGEO/+gWWszy5Zp4tds4uAFL3Dnf5dBvE8QUzvnQL2hA36aoA9K5geg6uMPcKo1J0e9d+BkpsKy6jrsWTQeQhYFooTIHs6fbgh511OwLqeAv/sq49j9QfDZLo6CVz3CwuP/UDz4Dwjcn0eVa7Qhus0NFNtegYCkN5oUONPukjl0Pu8jSy7cA2Uijaib8xHDP6lBgWEbTltsijXTttKdSiluqT/Od3fJ8lHMgi2xTHnn3mFxlDZIHZxI1WamXN/9EjUtj8NnmbOceb+KT0WI4gq3+6xnP5evaRmBrP4jLro8irr8xqOkcDh8b9vIt7QryO3sC7o07yOtklGEvV0iIOmaCqPezSLViB+Q/DgLRSt6+Lj5THh/2Y9i5h6lLUfW0G9vG0gLEeJ9F+az3Q0bbHwXhP1QDqOik+nWBFMwMo5miWoH0G4wgvwDluSbW0jtdb+gvOkKT3hpSVKDGvB1XyJrFO4Cgd1vYCBkDGzX90G/m+Kk/NQfNwnfQLHsMzDxTybtDWvEpqIkXpERzTmjJsCy+pnwxGEFBFfGgel+Z17VuBCkUhdQR8w7CP/Wj4VakRBrIAPnHj2D8H+6KGAWgqOfnYTf9Qdplc100pmtBSO/bmGZOX5k06cBgxpV/FhRmgIcrnHXmUieZu8Gj2+vgx0Vi3GBfRh8FW6nUHMF2C59kH+uzacFf/xgTJkpL2ncBYeqn8Id7YU4d783RDw7xkqBQmD5wI7SjxzBOVYTQCnsOMj2/eOMkBuU8iWGi07VU6pCK3W9MYaAjly+8aselewC8I2ZGFdlWmPiiH6oOjiD7n8RpPYPt1BigyKc243kkaIHac+aIKNMnWpJEKu/bsIfyiEwOVCJhOxfclOQFNSv3g8iRyxpwHAbhI1/xpneD8hJwgj/9hvR07ZA7u9yB51XFmDp+hIrGl3Ya1sDnN3shhXne+j4iCKwnzzMxg8+8J4ltZCyVRbk/guHyTPzQfOdPJdd30pl9W+4Y6Yhyo1L5EkDWWhwYQDktuvAHgoBLrFjC58FqKd7GJMoghJPymO94kQ+fYxBTG8RdEsqQcr9yxh4bBELXk/GVWXOcOaFELWaSkKWyDwW2KoH9w+KweyyKRDWuAttF9+g3+HunHdLELR3JXDvge3wtasdInaMQ6ELwVyxXRq2PzZkhfnjcFtTNP/VO44jZT9g9ept8LJkBuckuFJ89iCbeytBcMFnophGDBObxorLvWDc1FS8JPsMe4vG8WRZ4M/d0dBQYQr+nR9g5RIVMoFEijDQJMkCJXIqS8aNc1Sxos+e7H2u0vdPyhBwxROrh/7yjA39XGNzji+ZS9KZa3JU7f4Z3F8/5I/dV2Gz6ljIzjDjxMdHcJ77AXbyToFLZxzglVoWy7uYcqffFhrVmwNzNAXA0VQNw/qteepwKE3e3Q4+AwncNf8Lfi7tYC+trTDf+y9ue2EFN0r/kP8NNdCMa6Edce6oNX8j2wuK4Zk7tXThzRyc6SJLEdJ6EHmnmgfl3+BDWzu4Vq8NQn6tYG/hBR5H73HGVjOeNNEdC2K1QPv7Q9iSHcA+zwvx67WxFK3ZgrFT8yklZR678QY6ntKD9mXKALvOkeLyBvyZoUJaxqIQez2JhU7c4WtOz0ns3GtWf7QI7wtow2nnPxgavgESdrwHl8n/oVX7R+KuHZgeWUDJjxYhR+2nBTZWUDppC3x4Kgzu+ncw06scJT8XsumKDjRQO06+fiU0RucYhmwQhoqgVfBN9hKHrA8H018+VDRUAIvFUuHK5QI4bBgKg2nBrICSEL/uMxmNUANtJ0n0KnxBPj+6IGa8PE6e20A/d0dCdEIOHhxpA4FXUiBFsYZDC42p68tjmqwfx5NX9kKIexwZpCmjldcQRB5Vg/uXdlGoVgQYVvlC+VFrUO5Zhm1mH6jyUjPkfl8PqwOH8UWdFKhsGsMyrXfhx7oCWpE/hf1VvIFSS1jRVQ6cDpxFsYXDrFcuB6Vfgwiqm2HKeweq3K6JoRPc4WJeK1a8N6GEsD7qSP9JjiXmkL7sHrvPnc3+Y7fTvjJV1P+5GBdLLqTze/VBR2gQfxYPwRflEfB7KI7ye+bD9M2C9HejDU4SnQOO8ZtpPGyA+crdmBv+Ge++0ARxsY8UoL8CrSOm4LsTO/G7RDvbpCrQoLMnKBldogN/G/ilswiE5zXB3Jw6nlyQwKs1XqNdxw1O1WSaXXaOjF+oUUaZCx7OMoaLrR/xeqgz1c6upqU752PNvSBsXxJOVdfv05Ypy8FJfAJe1xcC802/OeW/q9CUZgsPA0KwIcSafs37CSV1cjSnoY//yXuSgLMFfLZFLrNKwuObZ8IMuAynlyfCmvZKyJspA2qv0mkkFKP3RhsQC7xJGjND+Or0hVDg9YsWCMeCq+Nr3NPdyZ+2+sLNtCbUbpGHfuPLNDFRD2rswyhr+hC6ziiA2eu74cm8majGlfimaBosPSoOqSeK+NVPKTp00BFGmFhj9kldtNQp52W2V/FETzGZdRdS/lULqPzXDmX5H0jg6lxY4PkPYzY60Pjk77jBLJxm3/4G9rdDeJH5ZKhqCcXHw59RJCmePKobYBfWwMiRx/BWdgg8X18NLwXEWbpUH+YfCUQLt+W4ZFsVVUw+hxKP/sB8kELvrcOU+kwQ9vueJRfRSdDZ8R52Cvry2L4E2l/9nkeGNvBgtTO/SV/BeXPq4L9YX3TLZihcfZ9O5hjgjrFSMFFlLV002cUbj2jxlhn/MS1S5NsrLqGzjQZM23eX91wK5QVms2hm+FK6OFOMXBweQMTcYzg0woRnruuj/faKUL/Dj24+nQlL1rjwNI8rPFzVzBu0Z+GvFSvhZlQGq83djyMrZKH79z/QTkkEsbyLvLhggL0DS1D+jzp/UZiIxv2juab3IffF2MKXw19w5dvZODDbCtM1nlOvzBqyjrGH7gBrbpz2Eh/FBcILNz2opO309LoBN+YJ8n3LLvI3f0uNKqX4724ozA+4Dl6HP1DlVGMwHvyHzXGraYVgBVgtUMMnd79S6QoRbG0q5CeWT3BmRzrnt2vCVEtXvH36HnQdGKK2CnOUSthJi+xcQexQHBkot4C0/A0OUFeC0dfeguGfXro504xixRejRWghaIoXw4zSzfxBxJOXfx5L6ovHwdKEhXSjo5vaV3jhBzlzarJ9BGJG0hDomgBX9pzGHYVj6DiIwiKfGIxfMAZ/5HSh/ZwEwkA7UpUG6t/viz83XiNDZVkoXisCeTqLKPyOJGetKSFLrWoeHRuMrTbP0V9iEJa6WMGehQtxWq4FeIYFgujOYD7ZJsLhs5fhwz0hNO3bPRj5N4lf3jzKlrbnKWOcIey3nov/rk7F2f0acPXaDSjG5zhGZQLlxiXh6l+rKWnFA/jtpA7yZrMxY24u8MPNfH+CCxVs3QzdQZv40L1fNO5JABwtaiblnZLwo16B1fAiBQYP4VfLt/Dh6VvMSR1Eu4Ua5Ja6EUXrz9AZv9FwftUv0rZ8hR/iDoBhdzy//uGGM5eeoY2p+aBpMQGiXXbj2AV6cPvtXg7I/Ab+LRY4OXoRmB5QhKzbSGH+T0FkbxPs0B/L3mvHQu2vQVjFB8FbvgZys47Cwi8OMF/Kh/19EWLSxGB+42KcMxbAYK8PD2x8iu83bMcPpoW8Te4jCsw6y4ouDhAoLoyxRqJ096wBBHw6gseHpOFnVib1G6/mm6Nk4fvhHnLmIjKWPoZTXzhigogaDCoEYMsmERazmcp+80/AvvIq3vGrmQRPCkGCSA5ZdLSS02l9yJ5QQk7T72PGsu1U5BiMzuvSQDV5PNrXvEXncAGuiv1KS1ss4MuubFzf7EBHdH+AX+YQ2Ye2QKxJEyo/uYY/fueQ4iZP1u+RgD3PerG+8y1/nVTIFeu/g3iFMYcn/oUjry3gmEURFr7Qgm9fteGy0mxaqnCZhBeaEr06TQ2d+ZCdZ86xG+7Div4S+hvigvtU9eHToQUoFvSM5teIIx7rxeK4//hGjh3nKEmgu+AmdDXai6cXGsLl9UasbnmdKoK/4c7ZPTh4/DxdOvURPlzYQgn7J7OuznQuspEBidmdcC8on7fFLgTxxSF4R6GSdTOGQHn6CCh+MIL/jkjlkftk4HJND9t9KIUZXy1RXW85vn42BM26v1lw9TP47HUQYjfGQGKFDCyr3ATDXs+h1yqA5ywNB6GfdtDePQzTys9hlutpXNH/gtev+A8m/NCH7Lgh2m/yGiYlPySHDmN4v0YZB3/P4o5TDE6vf8PjcHOwzhvDawKaaL/mWXp55SlJhkiBz+lUfBumwQc8b/HK8drQIKcEXtUSeNpkMgvwNjxgq89CKyqoJ+onv5M/yV/k5+LPp3k4UXwUfBPJA5sPPZDasRk8eg6T1Po5HOu8mR4ckIXg9wMgQdshwUkXPOO/4eTdpehTHssjF7pD3ItFlDVdHB9dGosNMY3scEIW7U4qg4H5QbK5d54SVS6y2S6gPq15YDtyCkSkRZGF5h7ON+0lGx9RiJeSQvfyEiiS3Erx9635lOpzsLpiASfsXtED/32Q7lCFb4WUIMeljU3s8mnpaDNIOnuIWppGYmhPAba31MDR5BkU57qVZklZwnDCaCiX6mfF4mry/GPDda4h+HhTGe1rKOeWTfNRpVOdV46xgq4QHXALf42qQrJYcr0fFmp40fCV42Dg/xb1V01BvopsViYDbTP7oXzyH7y++S++edyCzlJ7WP/KH3S4akSajjPIIPId1SjIgl/4AFmXxfHSby30yqSFVh1YSS3/fDhp8mf6ZIaQP6TMx25KQn1DNgukVuKdzx74wugX3ElPh4cCj6Fs9Sa+vPIRtgQpkrKUMKTGryDXMV44fFAL5rcowckz40ml35fenHGFmw+Xo/Spq1hgIANTzqaiU9saHOOshsIi3vRi62+YPXSD+hsTYPTACND3auFKqzEQZDGNdQ5W8PD5DFiqOR+1LVN5t4cNd76JQrOS5/TecjcILDGHiWXxVKa+lfMOnId/5ne5IPksN+j8B1Pi7qJlagklBR2j9bU6YP5CHiwuJrJLXBR8/sDkq/kZ1lwKIb3pT3H7pauk1+VGN3YIgeO3QJ566w6/UZeFmFcW3L+5gkP8DqNUiAuWlZygO//9QHs3VfhtWYmKff9AeIoBiN5LhhPN32moXBNMu4NYRPoatOnupa45UlD8OgAdSzXJMC8PXxzQwW2DFTj++zuoGpMJJRP/QKiqCa48IAvJT09x8TlXSBz7Bi8M/qU37E+VUzfBlXVX+HHrbGx4sAlLtOXhymEvnPC5jc5HlYL/ws/oKRRDV5afpL7rCvD57DDUKlqQzDIVaAuyIsOs/TBstwP/Fsyn0XWX+da1nSwT6o5bKx6AQdF+8K4wgHL/kXBsNdOD+7GwoFURyvMNWW2nBrVePsnqO+ph9vtqypuO8OnqaGje95g2Gbqh62UJ2qDnxcFpG+CmhiuvSmmAkCQ90DKbDMsnRJHb3+n87mATDKRYoFDaIxb1iUOpN6tAYM9H6KlcS8nLxUF93z1otb0JZkHS5FWiDzJLRkBtlTK1P/3HMu4/KFlgM8dpCEBDUzh9jPRnDadm6n4SgG6vPrJp2zhesM6YLyZLY6ClJbpOEYKfTkXQrPOPFI4epydvLqDMGVM4ITiCqlvHkZh3Aux3KqX6wVEwKmUWm6S9gEVTFnHGtCwaO76UTKM6qX5mPy63KAfVOXdhdcgUGJl2kvI9I6EzxgEmZt7kEvEdlG0tT0uV0/nezSdw2PwhusmNBN/Y9TTyvQ43qsiSh00jzot8iItNAmDRrGWs1xBGH8buA8XNJhCX0MhbS47ii8BqvP6vHacdF6TE2aXs0K/HItPH0nDTdKhcoQk14r403+gLpr/QxnmuLbjt0wS6/l8NSY1aTz4BI2GKTw9NPWIFa/OtqfvwVdC7OQuu3QuDcJsATA/MAZFL2+i//N1QHtWA0zMQJHomsNX7BJrxwpP9zNo41jcBLfqauHV6H3HYA3ws5gvyT4xBqmMZTMkOZ++Hy+GW82X8q1qOuctycRDvgVbOcSy2GIMlw4owYqkVD5SMJZOMdWDH0ly6UJo/yb/E70t68UndAH4xzkSxSmFwKRWAeYU6bJ/zks+r9HCf5VYM+CFGvhpz0bRxBxnvEsWY0/pQ+uIdpur2k7nqQdp5UJF9Nd9wckM6HK25RVo1q0ByRxezrRSUC43BrGZzbJ0hgUPWrrStIwEGcpvBb9wYCjhdDr9+OnNPghYITH2N++0y2OrCVJ68RZCPyN1i/+FezLc6T/rHGnBW8V3WWM0gc2kUhak64HvlZZi09SrZLjlLs3ekU/+naJDW2AJaLha4JVEN8n8U0VqbNqz1Wwzw8jp06N5i8dYVvAqaKPpCCJo7TIX7GprgKW5B0lUMuzfHw5EaC5hlI8/3R4nTq/1CkCCfRn4Cq/GYoTyMHpkP+mq5bNtpzeeFjvEZ4W7KNlwIl873YhF7Yav6BBbYYw7PPnzhU6JT2TtFnFbM/Abm9svpEJvS8n8HaEvXS6wSW8L2waqQ8kgCSmZNh9IBeyofNY5adA14z6wccnC0B4/YIFhoZgZiU8aApb0rtBy9ymMSDXHxiaksNLWVu9xMSSq4B/f8eo8xBh0wvMAY5vgCaEibc7rAMVyl3IqyBx/jg5rHvPvXd+5Tleeg2Z9wx9B4eFGVyJMMa1F+XScsE9CG2NsS8NXqD3iVLuQbD6RB/dBs0l81Dm7UGeA2w3nUlIZsMcsXnL1uY5LrPPAxUISsiDVglJmDzyJkoC3ahCxtgb2b7Vhoezu2j/LGLWleqJ6egnu+eoBpfDbaTRKBIjlJ+nslDzsicuFMQS/KLduA29b205ufIuhWpoVnrdWxSlkDNp+bSUu8h8n0vj36TNVmsyPbaLXGPPjwthNm11jDOaHF+GudBOywecaG7WG88KsSflz2lSqfalCaszDNSvGnolNXwKpyIipbGsAr9yZOybTlor/3+WvnINXt3I2m/6Lo49sVYDglgm1XdVOKoA6c/psHq343UqG5K/cc6cFRf93g0r2xoHXAG40+KELLvocgkmgFQd8JppxppvipwHe6ZmLv5ob/ibsPhRAUNQDA/2hJ2glJW0u7pERDqQhpoChKJRRRiGxlNayUhLKSUpFQioYioVI4DbuUklBWhe5j3Cf5cO9aZ3AP3QK+uQ5kGzkA8TWW8IV16fuQDk2V+Mb+cfdI55ULHAnRhxHsSEprCD0X3eTUO2ZgFxPLbo6G6Ni3i716hlnpxknwX6hLeYeCMUvUn3r15SDO0BA8+okLBx1BQ+4zWfd30IFdTnzt6yhYsnYpnr8hzPckqnFVpC5Mjd/FPTpv+Dga4J0HbbzJZRwade/msYni7Hd/FDpUG5Dk9xEw2O2FcqsbKCziKGtMGUOfw/7QvQB52lIRS6d/p1PgnZM0f54pPCoNRbczHTDOXRWLN6TwOWk9XjuuCzT/huFryTawnuHKAU5jYMqVeBhOmcrro2aBovZKVLZ7jfPXutK2KUZY/nQMlHSdI/EN2iA1OQl9/JQpQNkXAr9nYdrNUSj/rxVeWxbiwGdhvGJcRlutVEGnRhFuNLlyd8B9mJbzFxZfEsWUFhW2e7AWHbfIcN52M3qtrwp7vVMYXh5hPWgAKYhC0dE/2dUD+MfhCDqxp4obW8o4vMMCBM/PJD42FRTbU/FgXCVcCL5BU2gtpMWO5D+BJbSl8T8IDRIC5cWbOK/xCKxTq8ds99mkpOyHG7q9+NxtS9id84+HozVYrFoNpoTm4ESnJ1R1ZzIp+IrToUw/8O5pAa0jHpS/uhMW/ROAJll5yBTYzZZS5/C4jhO0FOtDsJUy/X6pDfcanDFsvBgdlLyNMw4rQ+9tVzx1pQsC97/nNbPMWHLFGpy5RocT/Mfy/MAK7tL/jqb6QqCQM8Cbh2Jo3vpSvDl5O8b0TaeSa2OxbGo7d28JJLOn4SCcPxK2VeuRnok4fl70mPdXvidJw2i8HvqZq18XQVJdFR3YVknmziNAMacd/wvR5GbfQLjYIc8ivzfh2PPP8ZfUWZQ6OJccb0SDwolx4CFSD5McW2Dyg3YK1SzHI+uWc3VoDE5OjUTbpH0YHXQHXLXUwHhzLwf4FyBMuoMKA1KodW01ZQS40yqjEBqdv5nrArP4128GP4l3eO5DJ3ZFGUFNjDOoz7iMi4UfwdUJY8BA/jmVSXynakshWPLyEI/F1XzK4igsDTpP64qO4IqtvykY2zDukzvOr54E2ZmGoGXQi/sN6rA5wZvq613pynRzaAlXwnav8bj5xWa2ENRk8WfGEGH7Hh6OC+VnD3+S1iJdlApsIYGykyxUHsSKLjeoYvxeSNIxBXNuwaY6S9Z4Q5SxV4EnTl0Cq4dmg/vpKyzzzp/nHciDc/0TIahGmca4+eGG8Hz6LziXuz9ORKF9oyg+2Y0cZTtIN1Eb43eOh1PqPzh38jAsLbiICp9mcolbKE6R+UEyzwIwI2ktR2/Wh5dHLWGg5it6Gu6B0mXh0HO3CPWfC/Or2mW45mIdPvcQgxgPeQ4hhOiFMbTl0wU+/jmSp7p5cqV7PikeFmWZF5Z02iaUj6w7yAufCsGSa7201imPy5bncPq/+xQT24g/PdRp5To7/rvXCKatOQXj7ivBmbcpsNi7CfuXLob7K+Ph39gR9HJ5IC/++xL3hUyEBL0UFukShL9tL8gujbFcu5ULt93BjIfWdMNgB77ovY56XyTpxFlV+u6lDQt1hvHL0RIefvgLZ9y2oNHUQmMy37GJuQvsxUHcWxWKO29aQeepa/RRORUag70h644u5Ngqwfm3B+jU4DW4VjmXF0W/h4hTUtBs+R+G2H9jzU5RGmdWg73CtbDv+AIWn/oKquPj+fcBT3gSNAICPhmj1+BJ3r1pHaVbKbLVmVr8Lj+Wc43v4sZzZnyjlcE5SxzUTPSx9GUdHrLMptGiOSQ//xNMaNNEibUH4f0zN9h4xwNOORpC/D8ZbLxdzJGBk1BIaRvlPNyAVfka/GPLPpppdIBezx3JSk+nQdiMD1RvJUAriy7DwZkvUSdyDPp9jMYzL0bRmDYJkmvMh2o2hK7kGtbPiKS9G9U44fRYNlNr5+c/+/iQWDNlmUZAY7YUxK/Xhi2zLLm4XYfX9MxHyblHOPxcOxvI9WPWr3/s/esN9e7/DNN+6EOXqRCWj/3A0woCYY7/b1LeGo5Z5w/R3eY8/uY5nmNcgmGZz0iYOKzFPnrBOP+MNR59Gkatv27QqflupDtOjR1Yk1NDevBYlyxc0kgEmwViuFssnZOe/ATvwim8QPwdd2jncm6BLZ19bouCHqPB32sYFY/vYNPwMVQeNhkSqn+gSqkqGa4zZlmJALSS/Myzl0hDnJkXR2m50FUhX2jcvBxDst9iqkYI/KMMODxnFa+dcQUFswWhs7Wb5euXg3nUF4y5uYBW+W2B0vGWwDfEoXYest/1CN5XpAK+Tu1obydHGb7r+aGyNFYGlvIVxwgqnyoONgIN1KJ0Df3bFEC2UBSVbjfB/EMN7K9eipETszFrdRK/yvyPzBrtyPd+NUKyJRwZXQsDkz/wK0trHFhQSvdaBXDjiybsMBxDXpOfs738ZUi4KgWfIRq7LbpBzm4WF+e4wYI2PYy5dBAGmi/AiRdjsLpcDQoXqoLz9gcs9SWIvCtjYX6UEzwJXMlrP9/AApse0Jl3FX1rZqCboxUovFWEy7/UMPVHGpdbLqP9u59Da7YoXR0cgvMDIpR+Sgi1dBXh3EFx6s2S4EvV/7HV7+O4frsSLquciu1X1vKh+rO4w3Mj3zokBCHl5fSx5iQ8b95IAf+WweXqcOzMbEKjmn0UFJbDJy9voIizZhBy4A33/ojjFxVOePJtBoR0V5Nfqho/9RmD22Km8F+xMkjtZzgZbI2+4l7Ykx/A2/2D4b7Zd5Qdmk+jDixAbbXlcHA4iGTspWBHP8GRLZKo+6IJoh174cGIXI44rAZSPT7oMongeksciB7RhkbtHryYU0CVggfQ9mINyp+/yxdkhUnrcRfeadiKcRzMZ14awOWOWAx7cxQ2nZHj6w65YFNZAvOejsINs3Qpb8MFvnTOgSr/joRRlx+Q//jvPKBXzIbZM0h7ugLnil+m9lUbSCchlF2+teKiMHVYKZGDW3sCqTAwhRfevEsytnNZs1oO4hVv0Wu30djo50Gvl0+GslZXcLaWgIULb3PjmN0UmevD24dCQeeSKVTc9CP3/ZU0x1MAHl5Wg4ir52hUxClIrbIBBcForti1kwOnfICahzaQBnfhxviRMGqjPQdki3Nq013ctPcxPVclej13PdYohmF6nwnHTBwijU3qUHshBmzL+yD71SC+q9oNAivuY/H9UDCUDEBHhSlYAoL0zlsZdlun4IQDE3lgZzmk/rDm6eleNMaugAVuPaFFWyNpjPdHbAvXg20b18P4gCvYdOs9mj17iEtDPuNqk/lwqNQff8x7yv1O+SAhqQ9GGwf56PX/aMbWt3xuVSS+NczA3ot/8PFpfYhbXckV4z14fYsiSOavAKpKocTMPCiUUqbl1adwXbAxlx6UBqWQT7hv/1mYUysA608fwIoHhbTr9m5Sn9jIFr+GIXjBL+y19QG9+A4MNquB1kcI5oN2NDDHAmP/XSPT3vc40z0BtUzN6FTiOtY2C4H0jnLsV5OH6qQp8FjJGz57H2Uf7ztU1rmGrZrq+c+yeMyc5wdeG4pYO2IkSH/Rora3GhQ7wxgFDFN5wzYDKsNDWPbBgwOGhnh4fDOvK5WF7el6POpYF1y+o8k52/ehGxwg1x/r+U5zBzoIV2Lm3PvYlSAFsf11dHZRJzrHZ8M4vcW4MzuPe+cI0oj1Ljg+9C37PlqP066aQpK6HuisJr6s0QByQtvo96YgUHM7z/Uy7yFq6QB3uaZxrqgFvNkzh8fk3qAVe39iWZYSXpuhQwvWT2SX1fPJSjEAfv7SYFpiDo2wErdv2EBJb5ejk4YwlndlQlvtVu6YWwIDEarsvmch7KiTBJnDzKLucpAtrU7rZ5bTJgkpmhR0n02DLvGSoU+U5ZVJmYsEQLFIA1t5GtbYL6eVZRaYtUqYEyzmcsSWEDhhvBY3L1eG6qfCsKFbnC2r0nnSl8t4csCenF4R9g2+5LP9NjxSVJr74y1w/NwxUBIZjW8d1FE5MhSmeiixwcxeDtwrypu0v7NnhgI/Ou2E7btGwuaifxhU+p1LTEXp3aF2LJ3pjSsHWmH/PAW2H6eCvz1SecE3UZB0vASVJ5NpiW03RCxJhsXSqnh7nQKVDOXBk+/fwbPSF553SkHZWSKr3HfU5P2cr82RxLTmY9gWF0+Kbi28KygAp313oPuNCHGBvSDd8A57zsXh+rcN9NVkELVt6nDGhDSaeXMHvHj/kzL6EHRGXaF9HdGsJXyGNRzsIPHkZg6oHIIVMyRgdlMzXD21Fz656kHWjzIu2jEHNv+nBVbXfQm2NfNcESWY2POYvKwIH+iHkO4UPZj8XBFkjjrS9NoE6iz8Qld17OHvhxze87afe9y0oSzhIV8wMoDWHD94vKEV277q4UP/i3iyvB6Dtqpw5H8V8PCmHU6fsZ+T9k2CwENiLG88Hxe9DQafubvAb+IwuWRtpSNZwjzhtg56OI5jn2IzOPasDJQL7tGIE30kMSMUDbZro/axl3Dx0Vb62FDNSu5B6BcuDgaXJtDr8uO80PUc7Enu5pis02R1MgZGnDfhuVeKOMKylkNOW0D42RSaevUXFVpI4Kwj50juaQSmz/Tl0q3vIY1Worz0PsQeVfCw+wh//luCTx4XYWLPEzTtjAA1tUfk0JOMw2uu877aOtasUId2nYvE6ECWV5VBSNoIH+7ZTJ9Td7LhYUHuTfWjVJe5OOvNOLj5tYofjxhHfz58x0luF2jVO3UMvR0BDfkj0X2+ND+rP4JnPeThfD7w9OAymLa9FyVyWtllbCEUlsaSAfyg7A820HFDhmw9pOCFnBonW3+BDsNi0ti8iW+Za7GA3QH+rPMRRE7r04Ev0zh44xgo2f4fq/4zANXQv7R+Syk0t9ZDluceOrOzg45PyQYN+SzsmQkg/+44CewQwbEa32iR2i8edDGEnzrjWWzlKXYIfoqrQvTpppIxTBjaiTlvigl9vbDq3QM63/uYZI4G4x/NRRjoak1BukVwNUcKfHbbo11SHI82VMbzex35mWEDjzozzNLKk/BSyx8+kTBEYU3msMZHhabnVvK7yb/p2cdSamuToEmRJZB9P45CGiRovmE9bSyYDjIRBvDLfTHPXFYGJd/n8mqhbHheF0AheR68VkMID/5aSRG7VWDvly9k7KRHuHQFjJcU4XEnJCljhQw4pmaiZeoe+nxGEuwMLOD40QPw6cw0uDGkR5qeJ1nA9xvc+KwFH2ETvp94D5RGfsMl8zTAUP4jndKrwIwmB+i+HYwXYq/z0s/3WMDHHT/eOc35Ctupv3oE7FJIB/1fKbQt2BqqnNpwz4N86MvZRqqrFsBCZR8wEiqCoQOjYXT0cn6+MIqPXhwNzy3NeKZdP377UQQVg3I075gFiQ4Yc8PiaWAos5dpbwq6i23ie8bpqLnoI717IMOJao958bG5nDw4ipe8M4EVaav5VNx3vl9eg2tfXoPcS6uotOw4J3UsB70HifDlQDxdbRWE743V5On3h4yWFKNL0zIwPBWG74ZfQ7vjbOwRryErM4IdFRPgr+Uner/aFoV9P0HJ9uMopR4Bf5elomJiJn8824Ay5R7wYoECOAzo4fkJrlQZZ0Yms/fChsFuuDlqNGiaO2H06CX8x1UcNK6Lw+qTdShhPwqVNu/FS1HVVHBfl9UTKzlh3xDZjn8Jof6GfOq7BYyo72Whzyr4vuA1j3nmie1qhjh+6xbqGAjgqrFzSOjVfOh5rAAHO91g+5kp8DZUCWLbjrGQSx9t+e8dLLj8CC5qH4a2KUdJ/JUqqHwWgLkj/8KoPkloPTtIMl8l+KK3K2aHvgOv+ZP4IyE2/tKGW6/H8NLvouwuHQG5Ai7Y6GNDe7WM+Erdfdi7QJfk73bx8XeicCpQhpoNnlBZ1hPMfBBGqjMn8c4lxXC7+jMZlnjCvNozFAOG8EtnLVem2cOBnjZuUznEv5cOouTTH1BY0I0zhADXtWRxXTzDX6ceCJcfwX+uxFHwt9vcb+FH5wU2ccSbjeQ7Mx9s1keykZEB7L8riH61YlipXEVndIt5k/RTchubAKNlm7jjQDqsELnKryMkIL/vGpbwIoywGs2zX93HY+1JbDI4B/Sql9KNK/c4wkQPDsfKgb/3Yd7z+AI9sQzEumJFONy8hz3HeePewJU0RymW5QYKOdpiJHxrDIGo87ksq1ANi5YyGrn8AVy9myw67tIiWwn8uHgnlFwVBpveTSjguZr38AjyPS/Iqu7XYfXrjzBmbi6kPO0ElfK5qHoMIObgLurMtYA5Ne7g+DYJt4VOgzSLLlgieo5dn/0DjcibWFSmAsb5rrTi0GrYtGYcVd6ZyMkWtWyUPI3FzGNhU68Iuh3bSS+OS8N6mROQuOUU+8X28+M5Z2Ft+yaIaLkNVrEmmJe+BMcKKKLsHDHIqhahSU4RPLgwgOVDdIisqtlqSiSZqGqzbMhqDhjjgtMzFcG8MRy13ydRccRRkJ9lyzF3RPFDQyzk7TlDK5cl0hTrvVxnOgnOFczHbcnHyCFOgcebVEDnQxHSGX8C6wRL0LnpPGdcKMc93ydBwfI4cF5/i6bnnsBz91dx8JK7JHdxCxUcj6B9zUt4f883zB7Sh82lq6H2YSduiXPjPcr3eIbOM167dyrNCEsnvzNbaEqIEyblm8Obb/nQ+GcURlkG4OHuJdiqeBJXOlfARUcVvrpvFoZvew0P1iPsL77FE0wEOMwnHrcJ72VoGcPfrydz1t9rmCe8G3vitdh2rAWYt+uzxLpmfBUfx9vbjnGUhQnP3LSGukxH8Zz455z9eSUuLJoO+17I0NycalhxzAgPRFXhO55HCZ7ncLDEk5SmfQXQrSX5haOhxeYQPjlpA6IT80EmbAW/Xj+Fo/0fs8goax4+Mw9WyLdx0ZvRYERSuLRLgO9fHs0PF7XhrmNfyc2qGabe/gPyDke5Z7o7uf7RhOS6eBT5q0FiDuqsqd5C5slPYE59KUQo/+Luc89oS105XzQThsWXouDlxypoLZvD8i71EKrwAlNdL+GIubJskXuUk6f20Tb1KbDQ2Qzct7jCkTcnaO3BxXBJ6Df5PQkAu/V6LHzkIzSYbcaYbgb3MD90m+TJ1hIu0Lz/ARscWoTn1fW5vXoAaicIY1HwHPrtbQ2fnCejgVwbqty5TpP+zsJGlzpKCT4HR1Ma6Ef8EA4tVcCqnaoQ010G2TPUuSZAgrZ4a/Og/zyQf97HgWsk0eHKMLwyHAGvFmuApv0P3J1eSjkmkuTUHESDPxoo6IYq3VsyHT6WLMDw0EaSzxWBzROBL0U+4cnaX3FDuguJ196imMnz6IrNI64QbOWrn2pBpd0CMu724Yd6D37ZMQLSWu/AgofPeNRwGbxadxW7DqfwXb03kDdiGtSHi4BGqgR4On6FpT5LKMh7N5iDC2kOHgGph3fw1LM1YBqsC4bzv2LG8TT2VovGW8vP4Z1987FHuIibGy/jfOkF+Hd9M96ZoQCBhTcA/k1G14/f+NXhnzhLMh2MfQ7SuVpf4pwMPOZeC0N/5eDaRG909LwPs02McPajGvinu493q6Xzo51ePM72LX2xLCC9nCnw84EJLmrcgn2LXlBRZBXn5payq2offptQRcd3BUCnjhr3fJYC+ZvZ3NS9Ff/NMYHgmj8YfK0Zqw7vgg9vHaB7ow68+3AOi4pMQctCnj51WEEybiWBcXLQOm43FolJw7LpLZif283bVC0p8KElfPv7m+RG2MKM/kD+9laK2t/GoWZpF3q+6+Iz8y3Z8PElOryK4KfXXS5c2cr/Xf2PbJdW4aTaOKg6voCPz1mMy1fNhYzqrzTgawjLjvXh7YxLfNLGh7RLjvPGSXeh4cRUPCw1BGN+76AecTeWmjkRaKI49M3fAFJZj9DBP5xKXPup+EgUOZv+4eF5X7gnjWjDFBkYd2MU5heeIh+n/9i4bSb7K5ylkrrt7PjUgd4UjqdWkYv0K3M0JO3T442TdaFYOZIuDXrDrp/XcKzHeB73rBFWGDrTHBM7EputB7ELb1D2jwygsTNJZzCZ9DyryEbagipauyF1aRgJOe5n5/6JEPNMl9U1ijB9XiB3b73MP7wUMFakhAWk3KmpeR5UpWyHQAlpGJMmyFYybVzpbUnOspN5+KUgzQl2xMtxJhgmXQWfCirxTZg4uD2JoYWbPMCm6yQG++/gtpTVrCK4Hb3HzYezC9yhU8eNbj8wB33FHjg74zT9ez8fJni2QUR8HkyZ9Ax23J6PRWPuUfAyR1w7jmHfGgMwtROmrpxKiozZzBeudYFFtQN92HyIfbfdg9Unv/CTa0pw4d861hE7S93T/nH+KVF6/rMPDuytxrkF58GoaQw8f22FmW6yIBuVDSvuCdM3j5Hg9OIdmjq78N/tZ/HnrmWYvucJuhQ+5oXiDNraGWg+5iUvvnmBhEZ50Jd/kvzXIwUaTbxQyKwKm56M5mHtqXD08UGKT7xIHbUqXBeqi7gzC11sD8CdgLlYsDoLnxhuY5lmgLiHmnB19Ax6WPaJntg4QfCyY7j/ejOauqXhGIMYmHVxP/e+kYW0Sy+gxSSaN3VZYuL2YnRXbcOJdW3YrfoFZu68yoJNYRS93ATe2SXw/p0etPBDBAlvD+M+Pxtcue8GNDnu4qSIo3zrXB7V6IyAYOl+UvGfB8seubBZymSYouhDzUMCvE3Fi57Jx1P7NiF2sVMAw8Vl8CNRgcJ3DuAjHQ3OmrobZoz/Th93qMAa+34QDfrFp+umwTVHYfj2nyEn7uug3+dcQdx8JwStuMpN0rO4VDcGx3xupwxreRgz+Be3BHlCb/k6zMwrg0ur/uKOxRaoEHafZKsKSMRQBIq/SMFQ/Qio2qXMWgbeHO+yg/NmLYJbXTNgj1MEaV+v5pbyK6Q5PA6mv1FF180LSMXvJNz/kU+Z/JKaGm0gKigUXtpYUpJDMX+oNoCWunr4sXwdvvR+h49sHtCr2iGalTwb/3quonXGX1jOdQc6RkjB8jtxeKNdkEZ5qzOudIf0oAI8p1vIMzYvpQpawid8lHHoiBYUvjeBbb+Xwv5+e/oWsgdmzrqFhR6/KSdiJjsap9P7T7f5IE6B5Jd5KHh9GMx6NqBclzKv2u2JLbMjMSjmK+rmNkOniSJGKWpDwpdF2C/4HU8v7cdVXiPRpGESHLX3pZor7/hAghQcuW5ONrtGQ0GHMR/uOQC6mY3kXCADrjdH4ZQAU/KwvMGGUT4UO/cmrLPXgUtju0l5sw019plS2dwPfG9cDBSq1YHn/RWYYnkSfyeH0KozwvAiRJa3vTpBU3OC8O7HK7h++yKydLgEbt9m0Tzpo9z69Ab+EjKHkhXiaCIiBC8KclCmeD93NRjSgs2TIFF7FhSdMefye8rklKoGdpEPKWSHFhwK/4aC7UOkGhnBD8wewJUfL1jGpx3MNwxiyjRZ+LuzGUb1TUH1glf40DMCdxhfpq1TB/nP6xeUtmcemFVfpKPnJGDBWVfIMZsELunCKBiWhPK+n7CoyY5neS+Di1k+ePhhLr20FYVlFXHUt4voRkgTLinfzQPptjB5lREvvlLPyxcUQ+Ctr+QYbAqNi2Tgn+F/lOF/kX38lWjNtZ30bdJlCn+1A9OX6nBRaQz++jQKjvm7kcX0at45XIMf4iPI5ucd8nd35k+7G7BJdC3ZpWpSgY0uZCwy5zDbK3h5YwctTpoIi/M/skBUI9v3GENiQDE6sg7MmKsNXlNno165Lz7zes4jbFzANu0v//jbRNPfunLemcv8b603xb8bASfXj0Qp1Rn8rLUWU6dup6iYQDq4ux32jnaGFpEH8D1qOu+Mk4QLe9bB0YZfvOQTgkHmEIV9aKHLzkJ4ZrCO/f+7BssF8kmg0RwGIuMxwyiXk1Ln4q8Ld7D/ciMc23YJv948AmaBF9Fi000+XSsCu9ciTLgUhkvu9HHKop38LVAAhFzq6KqSPN3f/giFnjvjtJqxUFLzgcjLlkoqp/LjxjQ+evI9e0vN5Oz6Jrj5YAfAmlaY9WMU/B0Rz+8uy3N/y1e6dsIL3TZ7UxaY4cR/B+GugxQ/6vXGj71jwOH6eUwY/4ePvN3MyltiQe4SsbBoKZesAs5rWomKjupw/acZ6EM+JtwYh7IOT5kk59HnMG261H8Zr6vOhkMXRtP+4BRWbxgLtUufcailB/pec6egYGVeMWYUt18bD//JvUD1j65o0bAeb76WBNHG36R5J4juffHF4ktZuCbSG7bdysedT0LpothJlLCWwfy/KqBvfAOmpBfg+pl28Pv3Urx65T38ezId5+8/zYG3BLA2vAhCfgMs/TUParTU2bf7CdxpSqT3rbYUbb4cw+amo7t3L7QpJoC000RQsm3DVO9ZdLnACOv7EOXeBFFJlDGdlz9LLjJD3DNPGJ8+s4DV2sYca/AB4qQX0JnJIbCpxZ28Lv9k+ch+thnrSN+UZDn6kAxYvzJnqcAeEKcgbBjZTWNWdeJmsSKWuBsM8eov+ETKWjSQ0YCkw9HcLjaPbH2/wxdZLzpgew4M4/vBUeYoOPVZ8pOievD4LgFb/IhdIgygWaaHfps6oaKfFvodtKZrEUZc+/coR69Jxe7VE6H+qjrXd43i2+49cMQ+mGIUtlLZigAYVbIP963XwoSVmrzrvjVMTPkCCx1Wc32TN0sPX+GnMsc5SewmxN/rhS+PwmhgsAXMNk4De+MBOProPSxf/421zR0gc5E2KYfdo695GjTlTx7OEL/OvpW6EDFnA2wQ20n9kVm488FIdDDs4tl9/ZyXN5LNinv5wutHHCo3HTJiXdAxo5umdqljqmY/+A4kYq7TRLD6vZDTXI7CvJsmPK1eAMyK3EgdrNk3sBiX3Cgizbt3+fwXF7aQK0E3q8OwS/4nvN40CuA2cd2WDoyKigCLNR/ALSOddc4KwLVwPxZcVEd2G3eCicc4GC4pB4frBpjm9RDviuTw5rI38PdYGUmLZGHUCHtO8fmHkyaZQcffQrDVGcAPBf/ge88HSr4hByfvZ9M5YUU8/LMFVm4wgFuJ8iB4WorrMqZg56hsCIwShoap32i+2i5e86iR0/eGoXqXIw61yYNS4BFskr8DH03U6I18J+vdPIKTyySoxGEszz8ezNX2krQhVhlcRiwFNn6E0r7iYLVmAtYHu8IDsyQqtlaj1QsLyU4rGwplp8D2+q1gt3Q6tUhdZk9HF45FWXoYMQkezc3FjrKRXKGvDrMTBYAu/sDr/kW4Y0AMHAIXwL/iK7h9cQDFvH6DRx4cpl1G30hMchoUjVqPs3M/kO92bc4ptAY/i3Ja7ch447sYrE0bIPOT+0mvSgTggAo5PCiinFYT8DCaxo8dW1hNfDqf33OZi4ZX4yTZI5jhPwFEfSbBqqJZbLrEF1ZNeAn22/LY6fBS2qJQQB83JHPlnlOUowfAncdR/2IoBDfJkGZWLB8eDuDxWucw0vULfG4OpC6zEXi2ajrc7fxMQrYOJGWgy4qJj8E/NxmTVkxDs/FhfEzjMncYH4NFaACL8kpxVZMeSynKQ11pLB3VDublJloUJy4N53NWkliYCu2bIAmiGeKcv/MPlS/4SYk1Vbj/7WicVT2Cto6dTYrXtvILxy1wMV8QSrw0ecHpe/R9WJdvpf7h8pYaiB2VQRJrD2C+0SqM+KdMg+nTYPwXHb68/jdND0zGoOxXoCpbyW0fddjadBPfdT6IZlN3ktBBFThfoIEpGtPId81WEoz/RLvGv+bsvU404/Bk7g26CZr7GEQ1x8HRHf8oWf0dXFQ9yCaxo6FhZgEkvlIm1wuFNDRtgI0jQrHFRx5GT3OlGblXMFzwMdjn7ueZeysgcNgBxw+Usdz6AT46uYI6fIQhP9ye9hjeAZlzF1j2tjrM65GE7ZktECkoz5PU9ND+xnNYkzwC/OT/kUiqFARofAY3jxr+tTAWxcv7OGBOMLuPzqehjxqwMFsWxha/5me+O+mdx3HQPjGBrh5ZR/6WClxu9YYsX9znG3ucYMpuYTAZaKYDzsI83iCf2h57UKbTKboh7AJ4/RJUZcVQYqw6jngtBgFHvXjR/O8s8keapp7OQPt7jXBgrT3mdf+BwvBJMMIiCjvjrCHbfD06ioTDn3hxKvhGIHTPg6OsLXmCmiHI1L7kecoJeKVdFKy6LHHZchOaUBMBmb+mo/o1A7KL/4R+JdJwYv9mfKr6lpd5ToNFPXXslq5FRarHIUGjhLZMG0sG3+1glpIcCSy7z1C9GqN3KkDPm7uo0rcGFI72c5ivCi48a4FVToQR7xr46qZG+BMTz0prJcB7znfw3OtGnpJr2ThyA1c9HIlre29xrtc2Ot66jKfarMLH44Ug9nAablAowatvHkDnkq3wxPEFmuseYFhzgSjmPL16X4WXJurBgrurWKNpEIvG3sQVl5zwzW0TaBD34P3O91i/9xvKOF6kO0u04OoSAZx8uBQl7c9i3+pOFFJdiK+7f5D7snzcXNAJZ27Hw9MuEfikqwNfz5pTuacJf/5wiP0mu3OQqCdJvQ1Br7GusNn+Pl8YKwnynsTTNjzkS3qu4HtkDf6VzwXDoRbO2tvJwTFfqeyvDt27LwembeNAVGeQTGWkqXh6BdZdXI8r/5tEFe5z4I5gP5vFhMG9cEswOD8OWvbZ091dyZAoZU53FfwR4+Vh6NgdjAz14OAHttwyIAVHsqzoekIybwUTOj9cQBOb30Hdy2UQ0T0GrDoqce2IOzTSczL823uOFD/fBrvVE6il7wglZCjyXdEPsGS4BtNaZkH71idQ0aYN8zcL4cL4QczZYYPP6k7RidCZqKXpjNnDevjoUTxfVyjgMyoyYOMQwcI7dmBv3B5+1ZtDw20J1JK4hQ81n6FbM+Qg8vdnuO5hDSK3FCgsUZj6lt2n8PENuO50IhpKTgY5Jw9YdSUFbBcWQu9yUzjyMJiH5k2lW89H4LXW83A/s4ltDp1CX4E4CIMnELpqBAn/1AJF/2qSqEgDe/GTHOrjhIs+NGPrr3YwwT2gvcIR5IOPwZ87aiC/fjSZLF1Fg95DKDhPFGIb1GBDixkY5btAx4clJJA/lQLnjof7QQpoWmkJdGkkPjovx+tW5ePRs6tA9XIqZgkPQNL7q6Qy1Qw2Rhmx2bsMNElz4HOOXvjN5wMtjslm2a5xvOKfPyw82AlFeXpw+79AGJeSTKP7pqPgSzkOitdF51eASwPzcIHqbyh12IK1T4xh5/N6mJuRAvddZ7LoRVN+bSWAh6wvwL23NbxuxzHs63lD/mMt4KJ2LrbsW8leD6NAfLAPQkr68KBVB9l8CsGu7Zb0MO8Stj0zB/jpwoXz2qgq7iuvnpWKyydfgEMJHSjN+tz1zhazV1ZDRrQKxMk2Y8wcMSx4fxPai2PB92oXVsQeAvHJp0lzZjgeVqhDw2wjWJ32H2WEHYKlI67SbYeb6DxsDEI+C2FHbQYnNgeB0vzbZJs4CY7rHuD5j25ztKIn94acg1rPNrKwE0FH82Gwsl+ONu8us8pMhruPLbE/aCVpK00AfWd5qlc7QM3a+/BbQCesd75Erm6XabGdLgyXiHC/VSAXXXsArm93sNDiOdTSfBzzPMvo0fFI7pV5D5JSqrA7NZu1Lp3BJCklfDu5lCoqjPlnsQJ1mafATeF1dFqhCQ9XjYQnGx+i8bEqUlYSo9OLzqKCthg6jDbld3Z59KQyhkOad2B23P+N/4Wza8RovIgIGm3ezlvsO+nDZiNcZD2BThx3hpM5/SC14Dy4fFIB2WVSrHn4BS3z3YgCPqOhZ9pVXPdkHSZ0WoBpYxxMGJuNqUclwd/YjC66nGa1sk7Y+k8X7gtJsr9QB9Xe28JzmzxBVH01248bDQd+9dIPbqCrOtMguPMR7MyoIOH8bqSaKWA9fw4r7PJAjbs6EOR+C28GtcOmhinoW3YT++aX4T6NCSAPV0Bn0B1roBzWHJSFmzDE6/RdETTPI3jt4u3/XrPD6recMKUZZtt8oVd17iiVJgKt9fp0kMby9piFpMT9EBWajqkPVWinqxKaLexmLWM3cJw9BeRE73LCtVGonBYOlZnlMKt4JA/5h1NfSTsIWvfT9ABbMro2BZxnRtG0dRoY4x/JeYec0eeeGq/UXY8HPmbCuIw7FGcTSYWfZOFvQT5HWmfjaY8+Uud5vG2VE/6ZeJeqHu2iu5s2oEFmD3330YBVi3PgREMW3kppo75Pbjh2SS1uu9eK6cN3aGnTN9xj+geEE80gMzqWvx65Tq33GullWT6IPo+HZYVzcWXsMh6vOhvsm77i7hxJWDNkTm89nEFz234utajgVfrloO6Wg6Kbe+mKNfBlrVa4d2EK+M7ax+EHsvF07RUukFuL/n7X8IDtUVzj5AuJ1hfR6eBFsNQygZ/ha/lwwA7U2f6YDq/8RwFfrFhQ+gpul9xIdnveYJ19Gb1cqwp/Lu1A+bjZSDo/+ezXf7TsWzDa6MjTvfDJHNOpAj6ZYRC3aiz4SzfgPbjOYz6twKcnskBXaw4NSjjjgb1veG5dPhQ9VKBqfTVo8BvPujVm1PTDkWoGquj7DAHIvyPGuedMoeHSPL7cnoyjZWVgT6kdSngncsSF77ha8yoLy//iFn07euI5me5VX8WeaEc23i8Li+YV8tLz7phdUQuGb82hqPcpTfxxkUd3WWD4a1Fo6HrEKpOE4FebHChecYDBRm88YS3INy1T+HrCFlL4m8k9RVFU3XGKrY4Jw8DlD/TIx48sJq6jmuxSjuq15/KNh9j5VS6/kc7D8moxDM/Qhi96iNedjaBgrxFKVnwEr/nzSWb1Jpx0fhQEqgxQV+coeJCnD56xUuhfHwfvT35Cu8EFCHbK8D63hbekFKN+zVKs2DmVFP8awcr+uZzWfpBEbySim+oolh31BX2yz2JHsw1ZaSbT/KEYKliqC6mXS8kq8jXq7HkKC7SOweb8KKy9kAQLpmjg0odBfFsiFUJ+a8Bp2aU4/bgTTCZNKseR3E6+vHh0H8Wo3ubcTl2cnpCJry31YO73ehq+YAE/xkfQOK1JWJe7HUyPrONc4zb+7SGGPzclsFSHNpRulsIkoRQ4fsoUNc0uwC4tG5Q5n8JCd31A9vdC3Nazn+csmQ4fEmzRz/QJnLqgSd0qy+nEYDZeXapGKrQbUy/Vwr60Hv6ZLQXKS3/RSi9neLzOlI49l6XPmp8oI8IIBTJvwpOfyng/ejaPfykI7nHhsC1Pkmz+3AOBFn3oLJiIeT75tKzUko2FdnJ4+Dko/jQO3qpIsMy3cZzcvorX2S2H1icveNGGiShav42e53qQq2oD1OwSgrIYd1jRZ0sPDZTgz5e1eO/GYiiwNYH2Bzvgo2s02s6+xuMiCM78OoD7FX/jySOWaGGsT06Kgpj5cQh8R2rC9lVi9LtiPwvaToexvlOYf4yGB/7uJFsTy5Uz2wkWGyN7a8Evm6PsrxaAV9RHwbbFaii7wYM/rstF1XUG2FOsj28DElE4dyPpJ8vQp6QjsDBSAGKzFIAu+IPqnxSKNlLnXR/6KU3JhdefUaFPO85BSUQ4XhMieKfxAnPXl9EeL092v9oD2t9OULzMJij9vp0VOqzwwTcVKIjQh03rfFn5Qwh8UZhFqncDOBLNwTI6DR3PFAJMnAZ1DSZ0fJM8CIt54LOCxTz25F1esO4hmIem8TEdHT4m6scrno6kmK5YtKg2g6m2WzhCcTFdyzfiFwWnuUZEiT4HurF/dAqKf3Fizp8FB6MEIK6EUb/YCE8tOAyzF+SCK2bi4hZTfKNsyTB2Nuz100Q5I1kIFDiLHsv6YKdVMDVlvWQ/51yu1F1DY+XOYdGnAOibWQ+fK7UhM3s1qawM5bfCv7g56iWkLbxEhzeIQ2/nFR6XNp3PeJbwjyA5iN14Ft2UVmO/oidLRQez5AYrNPlwnH8ue0rDVw2grmMLRJeYgfBrH7pWLIrvii/g3U1x2I1vuGzoOo82FUV/LXvIspGEpPcaEFw0AG0Jt3FRBEOW53IoMuln25evQfhkLZyZNg0e5B+DFdk6oGidh2Z5Jnxhizov3CoNyqXGNDf+Dv6ZXEyWegvI8f4OcvNVBAHdyfhojw4JQBhHbxsGN9kOauw/BlcNd0FQsCmcc4rmA48sIJ17qVb2IM2QTocfzYYUG34VJaTSyMl8MyleFKbY8+kUpCMOIwM9sTZ0OtXFmNJh80ia1fuVzvBrNNn7mSeFyILZqCrWEhsFLxdtZJv5+lTrGcKHv1ayxBEzsv3yCCaOvARai4+AX2kH5z1m2HpVBAzr/XBkUzdmjavgPD8jzv9kyXPubgPfgq1gdTiLco6rwTRJB5hUuJ2nHRHHOv0rvNZQDfcmifC960n0/m4PFnc2wpZvCKFffrFEw3IOH1GBv4+3Q1LjZW4Y8Y7WfjQHr4sTyVlvKXgFyIGwdBA/FlfjLEUFqNGxxA4rQxzQW4jKR9exouQA63ooY7yRBggoIsIeUXrsW8K7Hn8D9bIwUOu7Twnfr9P705W46rIcW+82gM2fUkHtYxFt/ShGquPtYAWvobdiLex+iHDJmExUrYzBo98MYEGiL/+Z5wOppcmQG3sVTXIl+JPJT1Ca8onnznbhN6ucSOC2Ndh77afvYQ8g06iNRmychYqPhqgyW5p9Fz+llIop7PrVmKyMxaC3cCGp2XfjKZXnHOm3HT9tMqGhwfOQt+0ILYGNvGNGGa11lIOsve681PInhy5owf8UnsOx4qOoVLUXvBwfotbfxai+5x7NsNCE/34HwhxehFpXgGcnr2cl7zbQ+eyMr/zq4VSxOVW5qdHp86rQ+58XfioOwgCNE1Dx3A4OTQnlL/Y/+ULtfHAwVscJVd6gOjQJ3odoEjxu4QFRPS66tg3fzVjACj/MYfDfDAyY9RPGudyHiEhRMGzRhOwrmQQ7zKHvuDx02V3EDtc4cEzVwWKD7dA5dRbuvWUEgsf7QFlqMiS/0KczvQUcteYgtk6cy9/XCdH3Gd48k96Q6mZtcJg9EuQ0TMDvmB8nzD4NQkVSmNW/A2aOzQc961fUXR3Pn5NkIcF/Hrtv1cCfplI4wcSRul51w776tfRywB6vybdhWZYlF2/VhV8brtCRo+24dJMtNZ9056A/lbRMlKkss4LF04ClZwtDXLQI4DE5CvzVjU7Pb3L/3GWw7OMBrh75lXf99x9cn5zJSufU6aPZCMi7mc/zmt/jnDY1TPsWyNGXd+Lhw/qUO0cNJdWQn2xQYmVxRXg/IorDvoTh14F5VOpmQqt6ukjn1ySeeMoWEpPE+e/Ncs6N0IIbI2pYeqYe+rMnxvv8onGtzrik4iJkC3TTD1cF+lB2hs9Yi4P1STGQeOpMU7vnQ3mRN5o+ECDR9i7yWuTHB92XgNNKFWierAD3KRyuxjpzrD+j8DfgLRlaNLHCjKZ1XsOysiEaUs3B0D/y8PSzIdTLvSed9neYevIfxm7KgZcN2iwTcB1ed7TTm6wzXKUoCrcPdvOMSDmYpXGXxOfaouy/aFLK3IOfB17DrS3prOPTyfVSqhAb7QyudyIIPazRa48OCbXX0hGBBOyX0cHa2wkw4vwnDFeZBColb+HE7FfoI/wC1X6a4crydyBd+A0dcl6C2JzpXB+eS01T5cBhwSiqzlsBsgbH+L21LxnPcqALbc9Yz0SUmtcUcEFnHinHS8Ni1cX8ceET0F8XgveWSOH7La2QHDyaigV+UryfGr5wCoftF0Uhw8EMpy76xI8Nt4L1/QQaXpAN5xaPg6+yYry8eCdv0y8i73Rh8NpyiBP2lNL2rGJ+vf4TLqp4D54ppXxh3zDNzB6EzmgtniUoAH+mi5CQhR6Emduh/dNqst79kA7O+kwDq5toTrMYRoW/hHUTCSYpHmfdl8fJodKS70r8pK5H1jghepj8UARsC5/TCfXFuHWsGowZLuOvqoWUb3WP5ct/QkVHI7t+CsPBUkVKtkbU6xnLm8IZFMWFeevLbRiTG0vnQixQrEyOpEpEQSd2GbhPdsVZ34cRZeXhyFFl9rSspzHP57BS0UmaEHIJ1m2Up3mhDiD8JJznuq3lpxMYbE83cc3etThLURkr01MwY+MaHPWiiHZ/HsZ/7TNhxthBXpSoDkoi8lSxaS5vFyoFWZGLNM/pNfEVHy6XaYOYyX9A/OFUnHldAp7Omcope11w3cwHfCW1lcaUxJJwzUvwt03E0hYVWFexBQplJeGgfyx9OLWPrnc6w/ln0ZhhFkVVoMmGDXO5E65BUeJkvFIwEUToEUQtngkHtpXjcXOE3iQGz64wXjYjngcvBqJ0QwWXyghBg/gHCONd9HBEAu8eX0W/nr1Gt8Q/8CN4Py/rVEOpnAWkKywINy/48gp9f1YuTSbRzzvJYuJNqNighy/99MDGSo2V/ulwwEVVuCP9Edf4yrO0fQsfj7Jjd391MAww587wAcw/e5YT0wfgaLISzDO/i+PsncnRfiLOcc/i2JVbITW1l2PTkUbu7STV8Tlsmj4VOqtUWS2lkJ0nBHBn8z7udt2Ktp4WqLBaGsRXmEJOsTOG7baEzWUpZHZXFL/ofIe9B1tIulWa7+pchjOPbuGrjWfQNeAl/akSBAXfdZgUtIPnywO+Kq7DlaaD6LRHF/ubA0g1/ADNTLKFP9sMQbL1NYck6dLZoWo2OLWD9NpGkvH9ndz26zYa33pPhU3l5NckDIVikSBiehYS55eTeB6R4IMgknjcx2tenCHR5Pc8Z5UP26VLgNOmn3zezR1Sc8/D2NeC+FVQgU8L1aDK+DoYsTEYe2VWw5V4gEBdY3joXMDVx9ywI3wSGGITjtbYQ3dfuYFjahqn1ZzFB8lGMHp1Cn+oegxfEvPIoGUMaPXZkU93DsbYI7uN20J+A8/xYJEZaI2dwQ8uykOscCDvCdBEdeuzeLVdg2pHj2U1ZWGccjcKc6sN4FzgGXpU+QZmNW+DX/8e4NnqaXTGr48y45qwO7GG5vyIIuc76nD680O6ljEfbEP3kvS7v5wmUc/Dg4F8/E0rKX1SglLIxuCfynDe8Cy8WayL3bubOMMWqNZ0DQqOmYrrKn/x6rb9/Cg0i0IXT4ezec/oXNoYive7A0NejTgiyh1/HJzMI4H5+L0W+G4vQBKt0+G4hBQW3pKHkbcFOexJC5WWlFOi9U/YBB8ppXQem9WuwaLRIrAxbhhaVu8k5wlPsCMggqTqA1g/LJ23Ld6MmUrZYHI/DO6cl4KMaeHUezKVG985gdXK3ZhlJoaF3jXAR6zpX14zVQj+4bfHTcFYvBHlVMU47OQiXnkgBw/5Z/Kei+/h2NtoeCaSSpabPtPJa5bQu8eXn/gcwCxbG+7vGov5Lu2Q3PQRw78up61huZy38ykkilrD1noD9nrShDONC9F1ewlA/09aPiCCq8bO4LFdt1F/oh35ORrDZolD9KZ9C4kNplOTzTIk/27wvA+YEnqF0wLH057mN/h2YDSYqD+DzAXD6P1QGpKaZvLUnHJOe/ePhTzDeNXKiyx8YJCLMqyhJbINXuaP4Mx5yTh1lzM25vwFxdRrZO9YCdEXMinGaikbjJeHDwZz0aDKH2v/OYHJu2XQ9teOnWrTqW6cKMqsTqZj25L4zGQxCBmlx0vUHvGbD/WYbHOEw2dLcJLnBii0bwf911XUG7sQl6pMhIOFDpiHI+Gf0HeIXhSNWZvPc4b2UoibcYtClj/GRx8uwC1LAAflJhiVfg+0N0bCtDtZUJVkw8taZ4DErG98a5UEPgmqwnkGVnBC5REaWV+ig+QJwdmC8CHJhYKcU/l+wizYEFCNNx5+4xfRyhD5VJHWB60ne0NFWtk6zL9kNPjMvkVkTFE4+7YGfUzwAJcSCZgzUPc/AuADIAQECgDoHym0KUWlUmnS1NKSQioryiyhlGQTKYRCEg0hojiRJA3RTpQ0hEJKEZpSoqzIPZqaJkaNTzdxv1IQz8z4SKpxTuAYXA2l/q08Pt6CjlfpQ6pJME6IX4hHopQwa6sH9p3twAuikSBSOgbu/lkL50U6eOIjE3CKXYBT5zThaJtBfC38mJr6m7FzjR835/qz750LeMD5JEamCUBJ6kmetfY6CN9NoP44gkDH9Shi+hqsFG6gf4s3yPVY4xZHgude1SCh6g4c5Ejhtz6yf9UyFr9wH8xqbvPnwjWQnN4N9a5WkG2qyOUJpaDp8o0Pb1+HSiMbYeGwIc/MMSK3El247ucLtzcZQUnhHXqX0Unt0SXk/vUPHuuqpS6KwbXP70CwgTfuDSK8qz8SIodVKCPhKv/4tJ2fPdzJUrGToSV0E890nc+Ln3jz1B1q6JmuBj3aZ1A2qw1W5B+EqDM3aWCXMuX7juNrYavIky7TBBFT8nxoCVnm8hhUU4dLdkfhRYPpsPfLPDovNx0OzXgOdtojsTRtKYkq6YHCeAP8rt0Hz7Vk+O/HHJwXzeT2qJXLRIK519kT/10WQOUp0jDt7Bs+VqGKxToa+KLgNMcqfaTrh+MYgwqo79tX0Fj4FT5+sYbWVXk4K7uPj63aTuqHVlGz1Sz86zgX/g4PcI18PbmF+GKGojLc6LlOirq3uCZABZZcf0HOh31gsYQZWS0KwwT5HpBM2U/ZQwAFE/pp+pgc3mvvzo37RKn5oBjK2+vDq9fjQfBRIGh36LNduwXYK+TAPP82rLxwjsL9PFj8ahnUS5XQta1XcEV4HCaK/Ae9ypawdFoFri7fDN9C1dneUIFvGG2g3KzrtNyXaMOambhX9hmFrrQCRc1v+MLQDEd7POZyxWpc1NbIf6fMpoHabmi27ye1k8tA20ADXpZuAEWFT7hDKRGiRorxcov9kNLthbODn1NT427ojv2B9nmisLB4BgduuEyRPad58v57YBW7Fm9uGwGxJTv4rUw72oy8SymD8qC1J5UjPVfCU8V3dPq4NZyLTOCBQClYbnmGJq10g/OOwvRmuRV8F3BhyQ2rSd1HBQ1lMvmYhTda6Jygy5KqXH6okFRfXCOjlxoQ4GxPF7K+0Znvy8m3dS3c+rqWIw1UyHXhOxR84IU/j85ETXdZEBh3ivZnHuI+q9846aYI35NIosrgfZxk/xGCnp+mwoZswoFJIHrEgR+cHcU77O7hpY5IPFFVgfp9p6DceQXbHPmNZUF/0V4P4dxRUz7yUJXUfT/TRV03EHZzwQ/HNsOIyzIgqltPmS7WPDxCEjyTjvCaMAGam/0FbB1NcZn2Gphb3YRKDQI8a+kQOcQ58M+zI2H3gyjessmLNnX/4LgF5jyTluBLbweaIt+AvTun4OpPYlD7ZSQ0dQrSyCODqHStkf/tUMDakmN00+8MDLtsgda6A3wY94ORizxs2tADe/sSQOurPk0fGMt3ptfgw4vRNKalks6GepKY3W1KVBsHpgE98OpfHk3VU0cNZU9+dycE/+il0mBVEV44/g7MujqhWU4B7P5Iww+hC9T5UpckcSUtcpclJ7OrMHFcNe39ZYiR85bBV41pkOV7DA5GhOOmIxvZ2fsgpSrHs+mefloYcBTn+e6B3gdf8WI1wU7XC6gQshi/WSpA6dOl9OffHww7EkFnMg2ob6E0xo+dCr/ipGH18yreKjEGDju40929XbRzUIBNb+WQaeYTHvXNFwzuieHkeXLwe0o4dHYZ4b0eB/IxTcSV1dKgJ/EF5RbOwYkTQmCGqyu5S+qC6cgnlPx7Kg4FXMGL4a9ISEmSRs84CNG9h/m/gxrgKbGTt7Wrw2xfHfAc9KAvpX40Kq4IrnR38ccZfzHSYDF6T3XBOSF7+QpNhv2bbvGA3Tde99aCxty/T1vOerHs1i/o8y6cVNfco+iJm6m3RQyatCXAcel4cBGaBi+q3fFl00ouy91PjzwluUXdj1YFrMFP4dagXO3AMg1vOeL0SNjs6s87htrpT50bFl07xqvNpUGRjsKNPE2YtW0Xa7bvg6+Ssix1KxkDEyzgYf4QKiTXwei5o3lB5VpY+kAHfl5LY8qz4Z8LmISf1uA8JVPsmG2Pu58socnvlcH1wixelGIJjk8D8O3FcxQfsggyvNzg/vZ1XFNez73B3dz6hHhPwXteVmoGRQ32uPX0bpb9PIvGnNgOsqP/UvEUcyi1ukCKhlto/v569D41FZodBnlPzUVMPXSUVU/pwBQfORxjlAM91Vr4QG4umC0ohqUOehDzzoNlD+liip0Fe1cjapmPhkOnvfnt2V+sv0WZjs06TN2NKvBVNh1i3L/zqgN6PGXxQt4gW0en35/Ega8V9FvXDJyqRSkmxBRuWe4GpSvm6NYeQRWr9PFXXxatnv2CXWPzARuTwPzXLtpgYAlmJ2Jo2pJeOGr7mXan9fNe4SpYv64RkvMbae2nKaA0wYx7wwXgzdgY7CyUhSWzxvG9l2kUHLGBo40zeE3RY5751IxtahRAJ0YDFG2U6cdWpGr13bxILInXGnxD41YHFP2RivO9TuLRdGXQq58MKTZDcFKnlKBBHv57/Bht5k3H9qXvuEBtFygtvwylufKQmW8AVjrf4Wn5dHw2+SGaGvewl0cUC5+9Tbf+c2B/6+tk+dUcp52SA1XJh5Rmpsw3H46BJS1aWFt4A0wrjem/Jn048m8Oli+MxkpHfaheOIGeHK7ClX2MeQ9X8b/kYqTPH/CAjggLJsviSPPRfNlMGkQUl+F4v8McoLqYAhVU8WtKLd+cE83SEAvLYhjfHrPB/TunQ0ujOCe+vE/BBWl0t/QOFNnE0uKHIWQWuI9/Gz/izQpEF4eN4U/IWo5408z+1Qkoqa7MpljFl7WEqEx8E07YUYCzLo+lJAV5ED9oB61lIlA6UZq80l5Rfcxk9nlehVGVMlQpIcKvn8nSlaUq8CWxhkVMbeDGqTOw78cxxt8V/FH8IvVs387NtTtZ03gpvZARhe+bi7hm7Shofu7E84qduXGcO5bGxvDWOT0ko5NNl3b+5KHfmkCZfigQOw+qolvIpYFRI+EeRabk43uH57igXwr1j+SCnKYiWLXNguKmH3xt2l0K0vpLgycN8Mx4C2jOraAfUjPwxPtdWDJxKsSmufGCv7Eg1yHLwYURUDRmLMf/QfKSq2BpaGK1osu4vNgAjA9pcfXSepi9T4XWT1gIfr/tyHMpkJVAElRbJlBSjg1tuCoC3ldMqHX1bH4qPZnt1D5SZ20h3Vz2l168iqPYMW4gUzSfi48pwX+bYyB+uj1dr/Ii281ZkJ8ow97Xyih0xl7e5LyEIisHIeWpKfx60gERB4YxNHQMa5+JIc8nR/hI6mGcdcoaHPb8xqKjkWxqqQ0Nh93IZ14tF076zX/NW2hVw0t2aIhBd5VO1o1YwbIvrMivVAXqTPUZylW5zL0Nf/XLU8AKa9z/oYhf7urjU/cdUBvmUsUfI3irXYd3HIVAT3cevEz34iXXt/PLNxb07/dVvNMrQZtWn+fLYyRAJP4eGcm4ck6MB/3MS4ApFxjbXvjz0c+fUPb5LT4sL8yr1k+CB34y0GQVRuKyNbTgfTZdHvkfXBx9j5+1x9G791loZ/uMZjSKw4kV6+HbvSUoEq4LGgdmsvPnxzD25zNc2Z1AL15rkeOT6zDTXB38zLZAm3gLay22ZHEZCWhtb+AVr8LJ0iWW1W+00kKcD0mRktCtk8ez51tC/4AQKaVbg5lpFxmIH6PytS5QYHIcw2q+w4J4Y7BTroCDgbLw7oAIsasHXLoojesuqoP09E0c0BCJwhNfgvBTA9hjuYZ+mbTC5z16kOs8GULnBkBn2QT4nmnIgomj+cMuWSg8YQEW5oi+J4/DiB9TqfLuNBh7JQL2l6xA54fmOCRVgCtU/XDcZiHoOePK28N+sZXQUlbde5037HfnR0J3QCNkJt8QCuADl1Px838GUFE2FgSt9GDq7S/w5mIMCXTLoqbXR/bZ1o03nj5i+7fx1JOOcFvjBd18RjhBsxUz4t7iL9ev8Guokd0364PthLX8qfs3uRfLw4rvSpj9/RuMFwzD9XX3wXJaCaXPL8KVS83hbPUYWl+px3eeTYb5A12w8d4D1v4zDDMV5Hnrrk+wZn0X7e6yZn+JfXgg1ZZrQlUgrioUlW65wuzdI/BW7UX6PH8Bz3ggD1eVPiLVdpC8RC0kdgtAwiwT2jj4hsWG7SjjxmTKui9JWrKqkCNgys6BeajrPB99H4qBQ9tTTLx/n1b+aAAPoQO0s0kYW8aepMfCWRARtgwWiAhg4XIL4FWreIVyGO54UwjG37fB8T3B6BH5B9Zf0wAh/4t8+t9B+OusAdMvO/C0hI0Y/+gNp2+ciH9ubYeJiV9AZ7QRJ8TI4O26WJzzQRz2e+gCOnzm4nUTOPH8FW6cMIxXt8yEGg8B1pbqhAHbBNh3wQBGtyvwm+ByVHrQhjMv+uC2a04sXDiJogR34enD01GqvBkz3bVAM/QvhNi5YMaGuSCs48kXr+WAZecWOnmrEZOsAmmgfwKd+aIK/7gDaque0c0f+3BK4xArrrvD22c/IItiUZjvI8l3hmqwq9MaBC5eYeEN6fBn7HtwTR4F3h9CwPX9LioJKwfB5ttwPk2a8xTUIXeJMea9EEW58emkXrMCQxIjMS1wJzmbuePL7wpwyKuS/k0VA5GZVZTcPR9icj5y0/5AkFt5EIfv/0fv972D8VLFVBB5i2rnycKV1zngK30Nb32/DxbdM/mA11v4fW4zVqoe4PidQSxcq8vRI/VBeN0GXN/oixebLcknzJuKsi1pn7s3ucYthFNWrbDg1Fuyc1WDZ4+6UDfgBy+3Jxgs9cPlzocxp9qM43pWo1TQCX74tRYG/HTAsW8JD5e9wEuXvrGHXi4NbrWj3p/JlJFdTmHGEVRSrAk/AoVghPwOuiuciooV0VzzSxfSJg9DrtEL1mjSIw9lRVYerYbzjNUg6uUT0nP5TnMqx7HitwF+6+OCe25+oZ317iwoOhpGXkuCCHtTOLR+BY669oxefT+NRf+5UeA+G+wxK6dlRsuJSQGMzSyoxkgUXB2CMdT3Gc5yWoXiyW3w9N8RdJ65mp5e/0wwxQv/NK3nB1nGIO2VAkKlQjTixVx+lipJ21+JEr8eg5/D4vHoVi8sHKrEL/eswCFxFpzXM6E1Yo7gNlOcaz9Wglb0cTTeYcFrdtaT0/1+qsoXBXe7CO65tR50Z/6is2sm0vKo+/R1rgzEn//B3dGTQCo6B1MDFGC+Zzc/C/DEA6YW+O+rLJftLkSPeEn6z6gDr153hQnLz7CHlTwMWd8BxQdF1PegHGcJZ/GlD4qkffQnbrhRj8sX1GNptQyWlFnCt9VC8GxpC64zbgJx5bV41/cOb7TZi215bjhaZBiWN+yEolfi8E/UiQxiTtJUv3UsEXgdBGKt0FzwCsXt3Y0yHiUUP0UIP80zhUT3C9Tuuhx//jCE2uSzbOY0A4V33YVWkUDwz80B8W8SKHlcH56Mf4exgZtIyl2fs/psKb1xJ9nmJJP/PjU6ffg2KIlL0KTjE2D8Ojc2s7gE21R2UOalk6i0biycGfkQG56EgldOLE/P7+c9O1UgVkYQIgsC8FFBLg9+q4Wf5zzRsnkij+uzoeulrWjTtRsc/42A5ZOq6beFIu8Q+QYin62hXCEbwpadwXkzn9KT9FHw5JoC7X43ERaMaME1Ozai0cG5oGAXTr9y3GBQzIP9zedA8LF1rFT3DStDTOHZm6V8W+cNbA2YAPm+E+H3z25SShnAIRd52i29HA8Un4eDnqqgc3SA1r7cB/1afqz5aQhKDt2nwNh8zH5XwUGaldgiuZ7+zhgNj66Xw4kzD2Hy1SXQ16SMq8IdWVTtB5qPLiOoewIth7/yeAEZWJe+AgRWzkPFVH0sKkkgpaLr/HT4MD3cPMiBIzpYzboF9ghIQUqvHr9W/0r6JcUwIaSTN17bjxVdnzlaZoAnVAWR6cEhnjMPIdJzBg3VGoJhrB9/92/mU0csyMFdClYUXkWjk4HUoLwFx0chuLWHYcQBCawI305LQ4O5UHQNiQQhdgm9wv9Wz2H1x69R/+UoCJ+2nG8OFeKuTbakmpjEq0VVwDVZkFsPhtG1s0fxystmUOtA8NC/C1YFg7wvbgd5XqkApfv9eC0pE1s7V1Bp+S64af+EX9Rowll/D9i/WA3sj1jDuV3n4PfPmTTlQS+Mj/DCsaeteUeUHNx2N4Jzh46zZmAVf10tjsYRSmD8cSr927eI2+WM8cD5JvK9vIm6IiVAOvobp/vMo5rtyaw0Ph5eVC3jrqPAXUsX8ImABvwe9I9PK8mD+H/aPGN9O5mmjce4eYbwYrkCPVrgBrlLA+hksjSMqHpNx4QNoTHTlSOG38Ldw7/p5J5AkilZi88zG6Fo6zY6IzEb/N+loreoKgTtVKXYM+JsXT+Fpc7d4iduttDi9RE3WT3iqmlLaK7OA95w2xwMw+7ifMkGMrRbT0Uyymg5/wRPnlfL9SPl+YnNNJybtwAnTpoCfygPRVcosqZ8BX7KmAWaal/hvIw+mxZsAtV6V9zetppu/p4KX92u4/yplZg1JgokPAYhtMEbZm45hrLzN1Ls3TFo5ldN73+oQ8Lm97zv5lyy2nkaRi2v5+j4qfAicBqGRUTixVYn+KLaQX9cJ0Gt9ikeX/AObTrT8MAJCQyvbGL1yLtc/EQDHT9WUF1iF698KwGfO0NIuHI6TlKdhBMoH1pxM+CoDj6qfYMk7f+Cu04+d8hoQb7qNIo+kgaTTL/gr28H4L3xKzzV4QDSt0/whWWT+fNcQfKbNxneDAyx76Ij2HM+kdMzOlDabRHpO3rh3pR+yjjwAyoj5qCGpyLsvWmJfSyGRZfCscNbGDfeSOW/qwx41J+RlOTWStc+HaQ9+ZKgrLSIct5a80LRizyq/BYt0BuB36IPclDmCsjdXEomhcU0P0EbIg7MJCMtV/iQd4sfewvA9nt3+bfjWN764RBZnrjEWSFpvF15KoSkT0dNj5Ps11CJMTIrufpLFLYor8TScnNKPa1My0b3UW87wLVD+TRcI0KKX8bSvmumdOvOPEjTyOIV2/3gdM0lypNYSQ/izaAu+BPb/reMdU8rQIx6PscO3ySHfUdAdPYMOqhzA+bFFOOPzLEwU18bNJ4MUapdNbmvygeF7wtJcfEuvPjDCZYs9gfrzEXkeG4iBIzQZhtlYZJ6aMJK4v0YdawNgm+uBJGVgTjSaTHrHxFFKzk1eBDYQrdeHofBoz9h2ryVsFGqAHQ/AS44pAYPZOfQ8JJush4SguEVPrzqgz9nKB2Euw3e5COdwn91TDDvjCgprovAyICNKL1ZEPxCquDtiii8ZnoAlsaF8BGXI/jnuR89E98H5rrr2cmxEMQ2CEGxljw+f7yYSaUTZD/mgmzbRVAfmIjouJI8XMTgus1pSGA9UN+lh2V0kk+NG8aYiXaslWHK444s4aQEe/CQt6J6+UCcEWAFe5uX02ftc1DzLQGPxlrg+SfOfHzpMK86dxc/6M2nlwLyZGknDiYNJ7F5TyiZqe2iYeHXeN/ViMTWfaYr04Vw++wKMg17ShPuqEPAiGJqdNpIQktSIVxCDe6NtaR9e614wdIYWleYhT0FHeQjSbDQfQ6MTpXHlvRY2LvLFHbnb8EBpVKcf/sKTExQgZ+GatDZNwIqTQiat5tybuFESvx9HE/qSrH1lV8YI7WCJhy/COudhujI5Wmw2DkGuxRVUVcinPqEd4BHaTDOclaB+bcC4deIV7g4vhAjD4qB6o17cDf2Cs0ONsSvLrkwsdkQ5XwD0Gb0HtbvvwaN4mLw6Pc4mL7Tg2d8TMKEFDd0ND7BWmZC9PrbTnY4GsLnK9yw9pAuVigy7BLO5AMHUrGp9ycECdzCBybnaWvHFYwoCKTJqlLg6ruEfPqEwW2DNkX0puPqUwH4eMUFDDAsAtc7ylT+exhmmV3hphEHITdcBQQH5+KOnHwq/E+bSuQ96OOFHjxcuB4eud7l8/E3aOV7JUzfBpBkMhZ3ePbj7DPN+Lm/hQ5dm0IXw/bCpoequLylgvRXi9GDaWPB++8m/ndBFjSeZMPh6yHw4686zIq7jiWzn5Ok5VHQCFZkGzcV6D4eDvv+M+Mb33aSbYI7nCgb5GUzttBwizg/hyNcnq9E6b3msFezH25FbQe91em0te0cRondQMfmTPp9KYwmnA5lQ8sa2GE2EsYtEuM3yLx97F9uT/uDKVc+kYr/de681I7CrWPJ4PRI6LYyg6kODnjsrwFV9vwFhxBHmtPXA4tSE7GyfgN9uGkO9trDcGy2IJw/+RrauRQyBmdh4mUtvjpfgtP7p1FR2G2ovXMYrhcIYarvNEh7mQxXf0xhu/hllJtaTIqP4ti5N467lCLpSGA9aJwsBvlgNehf+QFmPxiJfiGrudc9BQaKfEBqKBEcdlnSqPsL+PeoOby3WgYOSz6COyG2cOObLa37VQczRuvzMvU07t3/ApJt1+Pu3lU0ZZQoFMv+4ok/jWFU0j0qXq8MZY+fg+exLfSl055/u+3E0WUr4cS+kSA+opdcAjX51iMf3C4iwAlat6h0fAXuVxXBxZJyND1sMq/aLgkPnB5CX9VqGJWH1By5gx8rNMH73YE499hBWqgoQN9a31PdURVILvVDq8kT6GzILHo35w/++ddP2ttV6FGEEDZcHYMHaiaC9hQjOCHsSRkub+FjXifefn6B4z5+wVy/PTA2YTkXHXWkSwVfWFlyPNR+9AFb5yJU3XyUOXEXVeSvwfePzkNUhjDkhabDnx4VsFSUgA2HftNpAXnuWLSPUUQO1haOw8MBM+hmiCn+i3nDArfN8MV1EVDv3kAiRt5wdMNmKDR9hR1PqujVj2iWDRSmVqFr8EowgxfrmsD8iw9QIHAf/n5sw9tWJ1HxK0NeohXPsWneIFY7kkoFk+mSpRH4ih3Er4/Ho8p6VXb74wxeBtOhVFudd9gia0z0wAd7osguzhB896XzN/k5HOp2nZfaS+OUT/dhs5s0KFR/pM6HK3lMdRFke02EkJRlkCskj3Fed0j02zuyC1RlXY9Ccl7ZhbvkDqKI3U8W0x0DPnu+kYW3JBic14bHA93kpR5JDc1/OG9cKhwMMcG6E3ngdEManILUuaQ3gbVWb4XYdjWMrj4IYwWD2NZRDcY4PAS1aVc487ccCC59SstWtPFG7dv8dNFlNP+yhzzuWuHazDp681eM48dVk2eDIai4DkJH7BbIfTOFB0o2wvVHBP0nTsCfD5lQ163NlRv3QsEiK2g22szSO+ZiS1MuJB19hActBsHFqQ9cbr+j+xuO8+Zbn2jlJEloKopnHrJhKzmC2YFh9G3mUXwUMYVXfNzFVmdusUPRMDjOEQHR68TyHubYYWIOmrJ1+K+zlqXKOvmORD8ccnnEe6Tuo4vxeDh0Jh80fp6l8WsiIfnwGxoal4+zbleS4fkTrOOmzgpz52P7YwVYXHUCjhil8dZlbbhlx3dMWSeGVl0vwOn9HDRblg3Z8kWwZJskLApbAAc3zKUjL/qhZ3U7lJVKYl5bOOsELeRTm+axQm4lvKmUBS+pdJRL+YVp9ftYUUWEYpuF6MbAfcpYep5O5HeR65Sl/HSkFRzb/pDd49RgXmUZfZU9QJbhIaTzvJu+jFqCnkPm4Dr3IjsetIRJoytJuH8dy34sBpPPf/H0qRU84o0EKfiI0TX1QEqXFMCuScLwxbSAftqW4WeXd+h0dAqmvlaGNwVuYJL3hVPsDFFLSp0FhywguOEp//1vGhill+K3cFuI29NNSkkeoLfkLA9O2gVTvr2Hu3PVYdPYDPRxaqaOmn14cHotWax8DkeaiuDozmzgoF2wbsF1yDIxApVTJ/nHLnO4GeNBy1cOoMWUh9z4XJHyz7hCjbU/cIcunFgsA+LrIkm5ZzVvHS9DauQJScnTaWbIcbqhPAu9tdfB0nXGVKmvAT9kPfGqtAjPVq6CthO6vLNmJ4r776PrLe5Y+OAGWo/vQvk5ljA0axUuzL5PCwO3sEK0Ee6NNeEvWXtJ4Gg55r+yIGXcQY6DUyFc7jyMHNKia8lasFOeaL3cW9w2/jYlRltittQIGHwWyMbZ0jCUcxaM9CbgpeEs8HEbRycdErmzS4CC4y6Bzt8V0BIeAROHdMBD8Cnl7zsGv//7AhLvXeBeXh8b43KaoJtDlt89gGvroa1CBzbabSJ3jwVcpL0KDh9awHuUsuG+bx2t3J8NMyQ8uHzkNkheZgTvmz6DdLcGBwjH4uQQfXg4aYD3jjuD0X4K3Fq1hs5khqL1g2mgcy6Pdcc84DsvK+jCmXDI9ZcBTQ95uj56E3RvvYcxq9ajnNEU8IlVg3MRjMo2rjyk1gAOg954TOIsVjsNw6GGqTxKrhG/HzCHu26zWHT/arZt2gXq0uaUBR+g91kDb/SWpJO2hfB0jQIffgvgAvKcNKWN1wyE0nTrFJx/8Dn7B3Tyy54rUHy1lT4VihKsHg1W3eLw7fBZuNc3jvfW/uYul9uQ/doW1+yYA1YvN/Dyym1Yny8HBluasOnjDlqyXp0uhl0ipVE7aF5rMndPSoVJ1h8pXQn46GVFOB4ymj6Hr4ZQlWf81EsEzEzscexMKfrkSDjjay9fj2+gJNEx8PUjQPfJdyDlfI5/hJ6EntqN3LI+nULbCmlt3UtIOhxGxYkaoOsmhzcHekDDLwome4ynHU676FVpCFPicU54NhrLSrzp/epxIG+5GVQdbtPK3Mdg7zEORlZmoEeEC67VdoZ6/2aYqFRPhbvGgeTJ77DhyXM6XjWbx0m/ZZnsMMpuKGc7juT+RVOp6upaXjqf4c7aGD47qwoqk9VQMsmO5ie2ouv1cppZ78svK2zhvnYO1khNAUP9eojQ8SeNL5vJ9oEzVS87BrBRifaOSabvtndRs/sTpewXhgipUSS2KRx2Ow/yp0X3YYSbFMvcKkM133d0OO8vnq2PgxXuEvDdqx6NHnqAUdcN1soypr6rLnAgpYk0f3yBOfun8+eJ1zD/40gI/RyChU/U2ebGHEq/Y0klixO4+H4yXHROAKPUPs61j4FdWwShU82axFUTWaV6GY6fHcaTf5niZ5GFrFflT1uGZdHWzZ3vaYyCveMz4JCVAs3aE8cyJ/XZ7+xYehNYiZmlpziyfCHUdN3gynmaoBPzCc8cc+e8qBiKN91JSwPFMc9wB19+ooaWyXbccrwba58pw8lXguCsK4guG8cCL7PD6Mil9P7sOjg86hh4iApBkZsNFlcIgt6GBna78g3v6TZg7YkKcHruT36v/mJN+HOcj2n4/bgSTBhUgZN+ivzOfxyH9SznxR5+eOXCc6y5HEKn6uZj1+Y1sFbrLonV6cKFu6NA61EMv54uTQ80fEH5iRQtXhLNyxduhyszn+GqoiK2mTISFoRuZ601chhvcptHURH9cOmGitcjOWLNbrpb/pRnGJZBfZYqnJtYQN5za8ApKQAbtvnjmD03aJPmP7ZwUcNZXQFwqPQIJ8lpwt/KJSRUKItHyz7Cs6HNqDnqM6Yfr4D0Vxf4s/0rbngqhjs+T4HgnkKOGrwK9Wsaedak53Tu7mU2X+NFP6LdkbxcSXH2JYg/IAqKt0dxmcg8uKYxik+L7ONzquN53VwX/pInyLuO16Dy5zAIix4P4/KT2fykIId1Z8GH8on0bP8Q7c7MhBVbXDBA2Jctt6RzjBCAcpQpLYQEmGO5jHSfCaPsgir2F98N6z6ewMvgSWdKbPnp3Ynw07iXHpuXcLLgNFb5105KFVpk8ryJLthMxy2zVcDEJxX/G0KI/2MFdzadwaq9DjSy3JZfmlhx6J1NpDQhkNYvN8NS2+MYYTkWCp102Gzbe9xjUcl01hAqE1rpw30nLh/upDV7/5CJzmRYHz4GXFenofIkc07Qc6XDz4b5hE4Hb+3+B/FzClAr0B4fbkRKyBaERAMPsqVCMD3jgZU2kbzGcBcuSApGt+E6VlmSz+pzuzgjXgveSXXD9mNjwXH9cVrxsZyLE8aAYo4Qji2PZ+8fA9wXOwqXNclDbfZkzD4qzDbZ9Wg9Wwzm9znxWrkU3LnXCm0jkjhrhyaPm6EFqm4n2L3SHVXst7GbVRDnJCWC9gUJqJaKpltRnrSmZBtanjWHLV59JGgewuKzSzjUzh0Ko9Lo3MMPWHD7BI9OKIU3/IJPiZuAa8QenjNsA+sFXEhICXhd00VKMumErPcyOLNwMiyYcIE96oyh+V04aFw9DW2bDPCRVgoJDhqBtoY8XL4Zwq+SFTBlvw2DuAQMPr7HddsiYf7a3aDyupjH/7bEqa778ezVYnqlUA6ybwIwqn8qbCxxhks5TVwwyoQrf96gZuk2XHllDCdIXsE9UW0UGJLKeS+E4b7WUzhnL8RXlo3Ek7vXw9gl+yHXyIPkHqfDvYkr8cz3o/yq3xCOGhWjrNccbEqt446sWGi+NJEfOp4C8clXUeGxJ2ZKn+VBH2nIH5yLfvd3o5VlCsGAF1TtNqPK6eOxtCqKJ97+StvFfqPIoBb86ejEc8p7KHbVEf7jZAAzg61gTGYlt1yS4SG1bmyx+0RPfwjCSW8XOmhWiHf0FbhHOQvOV/Xyx9AOmH6yEt823KakCDtMU5gECkens5RyDmx7aExrxaxgyNubNAONyaz6H2ckl1Ppx998940VdDup4vUjK/nsqRAKFc+FF/lX+NQfWzRbVohvy97TBV1mdx9hSA2cxb0V2ui+bwhNpJ9x48AKUI2zwTCLP3hB5xqGFV8Gf3Mz6NdYxJrjr/INRWtakXeSyouseK+hJJ3rmo0Kjg4c/3o8brw0EcrfRPP22vmYY/4M7U8X8DSdO7w76Ce5r0pChRvpaEMEbfHysGjQlryeXyfn4oswO/k+HzOMIKHZkpgWsxFKHk6lnqGfOHuKCPjcHoLRozdx1NQ0tPV/zwurN+GjL71QmfUWrf3n4sgTkhS9TxJaOlOo78FUWD/tAHe4nIVWiVe0q+ArJ89ahtsrdLiVQlBQ1RCWRV7kQidZTuxk2NF2irPfd3P68mbaeF6NFhetpj1Vd3iLtjZk3v/ABfIl9OdzIc97/BLWTd8N0x6thvT3rvT7gBN0uQ3T2BnKsO31Y7yQLk/2UZJkar8e7Nwr6fI/V7xU1sXjrhbRujdD+Bcnwfu1FbyfgiFT7Tm1V27krRUAs7Z7YqCdP7881UiD/dd5i606lOdexovrftGOyAiSsRajCYJnOcrTiW7pSgG62eFph6e0qEwapj8bhTd63aHnQjn31aZhyrZ6dsy+g97XN1BTpQ7NlnjFUv8IJo3UpLsLz4HW1F3wYZsGdd83p9N7L9PKoHHYuf4efFwcwKG7dKHx42VsWjyTurfZk1BLCrnLvwb1ZADPyXrY/bSZ1yibwp5QcZhUYw0G+qG8qqICZoSrYFBPChQM2dPGpPV8q8UCHecYU8puJch89xT3bcunwsvu5HdFDeytRGF02y4+n1lKAc3jQGudEpQ9Bth17jrtb57Mwt4LIW5xK2e+WwyLX45DF+HVaPf1CcWk3aSpUgRl4pO5/GMQOr2aQf8tGod1jZmgv9WXpl0ZRxOqNXlE6mrOOacDxakfMGy7DdWfPcHs0YKHZ//CobGCsHWWArqNVKE/0Z/47nZ90BEaBa8XlKHdoU7KV/rKc+xDuZ9q6YtAMCXZV+OnzBu4Y7cpvBuejxNfCcHN5rv0+HU7n+29zC83R/OYF0NQoDYPEo+00UJjQViu2Ylnc1w4J6aO9y6M4QGFNSjorgpXMmwhYs4qTqjXx7NZk+DyfFVoDO2gt6LrIFF7ESivlMUT1k3k99OPRxfcgZ+p5VD4RwfeB+fCW512eNiWRq0xu2lk+G04lPUB3IIMIfhxJ1udLeLAUkn4lhtFO4oX0X3lbhINbKI3uc5geXcHJl8NpowNwzQjIYruBInAyo0yrKEkTJK/CJemt5Hp9KeY4T0aRI0LUH5LK/R1SVPkRSuoWFmMk6YLwOMAC0pZqY27JUewlG4FJk/IJvE1r8jFu4ePbpYG79FHITxeFfXfDuHItf7U866Ct16dC71H+uH3vU5OTAVYamgBA4/r4IOfKnTH6KPxyy204fxeiJtzEWKj2lDgpSY+X/QJSn6ogJ5QI7VnrOaXBx7B4nd15FLXQ3b6t0nO/yB/nToKv+30pYLDgiA+IpCm5I4h7RYBcj7fTAFHt8Oyz/dhk3kUXGrfhZYfHqOxnBlY57fxN/23VJSRQnXq7Tzn7Q84cOYoy7x/yX0OM6mLB9B42AREXd6RwycxElUbDdGdf3n0GQveLXObbtmuod1zVoN9ykZMDbaET2ZKMHN+E//LNKCalYihBqLou0iHFFOZUo6fwkTNm2S8eQpE7H6LPUnZvGSWIimX1qP1UA1sD7hHul5G8FlZCkTvR0PGbRHwt5LDIz8e0ObKMegUcJ/TZ97CL5MdwP9DAkrFBGB/uzBL1o4GP2tJEpsZgXen+JDbf0Z4cLwLRgkqsfX4NppDN6Fj4TRS/U8F6vXXcHu2J3vMqIQZO/M4OcgXzwn1ku+aBnbepQnnSzsoca4KxJUYQ7RKNZ3f8wdtZO3JR6MRNuV54hjDC3i5zZEqH5zkpEZjULtljzY6Rnhw8x1cJB2E6VtGgJCDJNJqdcha18GHT93FN5UA1u8P4Y4LMyFzuwGanVHmw6lPyPzmawwdd5UMxIO5HTbxXEFpqP4eyHWJKyiiVJbMhFppk4c/bo1NY9m4KVBqeo6mvn4P+xVN4KSZJmysfIJ59nIgt6SJz6d+AN+wQ/w1+iI5rbvNSZlVGNgzFTy0fNin3hbWzIrGexf241DaMP1+2s72aMc9funoMcWZOkvUQPLTL1T1dSc7MaSJMUYkIZHLwWIibPLBk158S6MZaYZoGSAAixus2JW8eHZ6EJ16NxtiLMRB4VQdPfbspFbrM7z+yW52MAbozernn+n7cPuZOeB7oRV/RI7n3uD3vEpKmLc+nM2tKTaks2kSnBNtJ4HYUuq92UrXNg5i1/ApfJjhCTs+51LOhgXg7FpNGhOmwqM/W+mUtREWfhCE1+efwYWWr2gxt4AmP8iFguuudKnnLTyXmQpjnyyibYHKVO3UBiLbJuD38BrMG17LTfvGgGTdDewKlUafi/owcD+LRnz2hMtP9CijShBMJX6zhtYT7B19nf3OZ0HSLm34kiMBIyrUaW7QS6qdkcDhzmfQZq8tt6rv4oOfplHHKC/wzNCku9PNwahuNi9+8gGvCi6nI7saINz3Pf8nORl6AkxIXsONJGy8QfyoOpQ/X4Srnw7xIQF1vj3/CHbWjYZ2dQvc2KlHh4/rUo/gezq6Uwiu5MwAlTV2kC52D0x33sWmsHyOkuiitKlBcKEwDlY/2Y/FR0ZCmqsgFYUoY+mWd9A/fTYPZKzBLeO/48YoTyi4KchJN8/zmLNiMJDwCic8CkZ950z+VyvLiygHJSpOc4nBeTIsKyHbT25sOlMOym4pkYl7M8jcTGOZNA3SXhAHDXo26NYyEYr7FbFoVRitG5gGmzcyxbcnkrPhI3ac8ADzih5hyzg7vCt0hpafucjqu9/Tvr1j4HnCWASZEGq/5s3OI29y7pc1vDAtj+YqqrB3cSR/Hm9MViWakCg4Bm+MW0dfol6Tb1Q66hocgLg8FS6LnIG8+jbZO4yFj24ToN1GAL0qFVjPvJp88pPo9NuNaItOZL9eBZd55cGXe2Hw/JgxyJksxuQRbZDdKkpjP4xjrVJnzApTZMeYYjYxuQwjen5AazRC48x/NOAagHbzFuK3NkOcWH8ett/15gqdFfjotQQW3k7GexcmQq/Ffa6/hbi/6SZb95rSp6AAvJ77DvquZOEBmWcoEWkJYQfGQnuCLQr8WMLBMhfw/Sln+LA2gdTDHsHmN1f4wxsBVk7ohy5vhtaFq1HvzmJYeC+Pz5rmwhJrX16xpAI2/BTC1mOOQPHd4BM4FjTTvfkU9WF05Xw6eygFzPUug924VeDQshXlfVLwxQJ9WJooACpbzkJO1Sn0iG4B2fvtOBqn0xnrdHJZks9Dx/5yTtlyynw0DZxi1kE4x9OnshrIbI7nWu0oeC45BPevqpF53l+IKM9DTz+A6wH1uFUnA8HTAQe3lvGsOEGsVerDoc967NdygynFiHZLW0D8ugUcbXCV22Z0w1CiDdwPHqahOcuw6lwuT3WYDkvfPqE2zdGw860zC5nfwoDQAT6WKA7N56ZBtEE8L5uZicP/ZHHd2zLumykJLu3rOCKzkVWO7ESPntvUXTqRLn7dzlfvfIfdMp6svMMJ178Sg1dnb3Ow5Tt682kVl9avYoOSLlzua47bLDtYx8KOlhjPoZbPsiDcHQxWPvawyUWf2ndLg9vKkfApUZf2X5WD6bsFed9TCbpUJwhB8TmYPMsMYFkKq9wLJwudBKoI2I+erqp8/e1mCKuNZIe3CqBUdZwn8iT49fkiL3I4gPW6v8D04D3+KnkZqoWvY5t/H4eskIBxj3vYzecQjPASo78jgqHuZDL4FcigZeJ3nHPzHIwYsMXDZw3gVPB1VHrUAH98MnhqeC/HqMiRvqU/8IlaXjI4C86NimPPUhOQPllNO+JraYp3Dz/8WYHfRVVoQrgfWjzKAH0/d1rbCjTNzATWV8XhfuzEgLqpNDOmH5VklqH9YAPb9J7EExkLIejId7q12gB6XXuxUPARXllfxpMl1qHSvkHSzv6NyY0XULLWkJ2+lPJpRWsI+ilBy8Uj8PWlYP4Tbkt+ZkogHGeHBRVbsH9OFhpAGxo+U4dD/xTA+owQ7ttuTGkzJpJH6wbuPDqG5KpLYYKNEl34rQ9fRLXgVNoL2G14jpL9+3hFZwPoHXDEV0mEJ10u8S1dPZhEGjBiK8Pk/GA4Zx8GM3KHSXtLBd77l8IFs9ayu+sDdNs0AOf0o6BUdxrMayjD3+GnWLr+Df49Jc6P6yNwkmU/OO5JxlSf3/Tn5GF8d1QPwq8OkFpZLy8vUCPsLoH9z5LBVNQFWMGc415FgfYZER7bZAgnMrfR+C+RUDBnAvgukeADL+eDnG4dFTf30pMxaaQ76jSleowBCfc48DiqRVdWzUc+KwcjThTRtf2G4J95GvoUgR46qOPKcglY/EkDX5mOw80i5/jcsfMcpJRFWnbbaWv9fDgfEo0WU8tBKAXhiNgwlOQuo5TPzSgh9hCa9IOheIQPR6y+iqdDW8j1TzfOfDENktQysKVPCvaEJlLRQVHcntjEXjprYbRvGzbWBWLfFh2YvdEa3s9ZyNkFzymgX5WzMr6zul0fVnh8hYT9gzy0qQw23XQiA0ELEE1V56Vxzvy9Wo0TbhJh01gu8V6D3r4JqBhyicO//sGSNA0IK1jM6as3UvjsKDRoXQO6jzJ53LeLMFs6nfytFqG7N9Lmr0Jgq5gGYk/98VnbTHKLkscaTwHY9jyAHtu74o2G+TTjTD7/dJ4EHTl3SOuzAMkXivGEonVwwW8bfxl3HmurAQYPbmf1acp0aEgPrscK8L9FpRQ17yq4B71By/o2jl50E4fuAZ+R8aCY6kDy6hcF45DfeOiiETQvDSaTL768trkRXli9wk0+n8Ad67DtcSTEPhOBy3fMaUlHBbce3sQSuzdibPsBTKgUgJmSz1jfV4yXSBuBvIwpFJ6vgfz6D/Bcegw/8a3hDXNSYb77Kpg4MpmspkhCUeh6tlayAH3ZX3Q65SfpTXHAv+KBrOK+HOpOz6LcoPGwob0AmhYo4vHXunDMqIhEVK5Sdi7RqymDNFHEELWSJvHSQG9cfkoIpdUX4HCJAuQNKsO3XD2YFd6Dm1OPs8N/1hha+Jpzll3ml/U7SaXGjwcXG8NPNwe89fouW/96RFaRurQ+uJxz7I5wRuhr7I3ygC6bJzykbgAeh3WwwfM8dnh9pHdyqZC3NpttO+vRYGwS5AY2UeOefDi7TxtWWDShdGEWP2k/w28OheOzDHHUyNejrFHakOxjSWeuyYP/TB3w3FYLytvf0A5NO5a8LM/5khMxc8NyOLV4LfRnS1JDTBe4mhtC74tQOvkwkoICp8Lf7z/A+1krT9ssyysUplPtPzEQNg+CxsEpMPTyCKZmPIP84lH8fpI6WY+WQSepRKibI4Tp+6uoOWAzrzs4DqqbR6K+4ykWmGcEhgeyQDO4FCOd8tBYpIQ0vJ7QvMleNHa+IQRGDvDbhANcKeXHS2wDYXBJEYWXbOSmBb/4vHAI2PREcfBWJbBfeIO8b0bD1M0msD09n4euScFDjXJwNzHGlh4fMgpLoPZ9EpBgGgb24oP07/VTHi+thdc6pcB7pQx2GP/DgeZ6eHTYFaJ65SD3VzoG93yBGcuNYYJjNKT8zIKgJbc5bK4rTSh6ia5Wy7C8VByy+235t1c/vGIT/iOnwxuXz+O0TBloGaMGRZqG3KVrjVsmCsDYkI80/+lzmm+xhDePbqI/GhZU090Ekz9t5RxNQ7R/eBKsGoTgvyB9+jf2J7r8NCGr7Hx+e2c8jQx9hqO+2WCbuQG/2OaNMnWiMFdiB4RMv4T9Pzu4x/oZ2kTkcajtJYxTfMMHT89lj0x/MJ8gALW7C+ii1WbU/a+Znti6gq3LDi4NWYHD681ZOOQHpX5bwPsumoGI3VWsOzAGbQx24ailRzlkKIZ/nhbllnnHuVp6NHt/fQKOLqZw/koKqB3Nh4B7JeyYrEXSQXGcME4L5ToU6IV1I58yNKZZsmOgMegM6Fpupnt9DAHybtRbZgt3PLTJsL6dBmo/U835MPSeOwGOOB4C2au/ySIsmp4818K1w96YXWGD+31b2fqfGcSt7MCu5/qgdugkrFudzsq9Ang58SVU/9XkYwuQn147wuLnu/Dxzp/QUmoJs4NvkHnIUfTMUoRjtv48K0eUNu1MoqI5bbD8xAUM1TuBQdd1QPnNZRwu0mUXqR+8fPgApW27DGs810KeuBJt+qgP0tNqQLVbDjKcn+IDS2tQmJDLE/KkaPaRsxz1cA5pTLsDXYZf0KYqAXpWyMFKET+Mn5mDj5Y+oF11x0igqRSVhLtg4y4bgtstGCXRQ80S8vB01RKelqsNmw49pMQ4c/zlUED+mrXYskWfT6TX41mfxdA/DLBhx0H+Yt/IVftGkoWkC/cGhEDlYm1aVzOFLS6NRKv6x2h7XhqMTmfh44B0bBI8SYezDlP8igvc3XID/15UA+XYMvAx9+ICfyGoOh9HV7ILKFrkIcaG3ebvJ7Zi8O0g7A09hB/qt+K+l/MpcN802Hr/Bmta5+Do/T/gadIK0k/Xo/0qyiw0xpVDb7mT+fINKN03FfYcsKAfRTshNK6TBt4m0ac3GeypmQeWVl8oQ/ctK5kYcdk6NdAvy+YclWO4udocEu47Ecy8wbYLFfFUqja7zd1Gzpd8eYO7NJhJbiFVuxn8YpQqaGt+pLGWOdywMBZvdm+D6Cwv/NcmQrOrTWDxcBvZ7szGpO9L6JVHJW6pekHT30+EWJVgaokJYDehUDh5QgoSbG2oSMuFZjuuot4Ty1Fk6B3ml2VQ1stxtGtIgj1lblCNiiokvJXGMV33YHWjAKtnPUK9kCFszxvJVeHSXH9nG61SbYDrvRJgcFcc1tpFwYvMBSSREA8eLzvY9pAUv5m/iMuDn7DzzRxSC5aA716WVCqsBJvmuYC9wj28qt6Mau8iyR+HuLJ+Go0XWIjzPATglZoRTN4xki0vClLp3QaIfDcDtW700Z2x8WQ2RoXFTzmxpoEIBPc1UpbSdLJo/IXuV5ZBwOETaDVFic/W2ICCQQ5ttCxBVJ4Gx+R7qDs7n6lDkTvkltCBPm8Y53OLWtQbMfuKIViG7QFIFIL8V3vw7t0S8vfoJy+HDBZXfkTpevfgQoLe/8TdhyIQihoA4H+EUBHZoZQRmQllRkZFQhrIKkVFhTRkdNJQSEnSIqLSnjJaZkMoQiga0hCpKCXuY9wn+WilcyuYflhA4/0UwKJBCcoiHCC82wQnNBRwzYo+7l9kzmU97jTfcTtNWaRNDbNl4ZBxL4T/9uGWjjqqMdaEzCoJyLCeg87rfsHw3g2wa3g1RWdMh+MLAuj9Ajc6sLuH70Q2YWzPaVqvcAfuGSNqDR0l/cgPuL5PCCpy77IBC7CH/mpWlKgBzTN/6NTtQ5jv0w2qi85S58EoJn9lUJo5wLHzF9DYw1Kw5tlSCjq5jotiF0DM3M1UwJO5IGY8lxxSgbXtz0jumCg9uv0aXH+54aPlTO3H5tFhVwE2FA/mkabpeGOTAvgeOgmqtwugZVsM1Dw+haEmkThuigVJtCWjuMMOXitQTMemioKs10sYm15A1v924lzpcNR+U4UpN70x5FEAHna5xqpVG8jbRB+2XnLghKwotu2/zO09bmwnvgKXj5kCKrH+cN5enTIehrBu3ggwijnEu2baU+i7Ep6Qu5NW33oK7u9n4GbBTHBb/4stv4tzwHdjSH+0AAR/LYR3E2ejcuwX7tk4CKsKpfCteDNcvKQGkqYjoP28Ihj5b8HNDgOwylUDijd9Q5nlpzn79hwSLaph67YjOLH/Pxo4OgaenTpMtrV3OZdvoXpkE4xrjqbelgIujJ3FOqulME9/O4/z14FE/5NwUqGJSiiSHT/kkph5HdqGL4ddC/fzDb1ITjdqRdfr5rDd4S52PnmH7Tpn8ICYCplUarKqjBVF2LiS5j8ZwqIvUJYtDeH6Lzn+zi1YUl5KQ66/eebHhZimsh+Upuly0tBNdDMqxFM5E+FR2WHsEWIoTionm/m/KPZ4IHTc3cA7qito/9jdJC9zDXijAlxQaOP5j+1J3MgHOzWQoh5VQWfrAISk74XcQCL9J69giZsmnDmnxv6KfeDQ9gA8zTZyZHc53qktRtlvWSRZsAZPOo8F8edaMMotBkvcfWDV+gLqVZxLG7fbwO+3sfyn4iYJVX6EgS09mHlbHC7I+bLI0nDunllJFaIMxlsWgHyqLgT5RrPOAV9uUL1B2hkToXC6Jzk/U+P2fBfKspeiIIWZvKwnGkas1YSF/+5QQ6kvDUoQPMv9SiPF9WmTihG3JxfiNcwgabElaJyRACrZMvg4NZSFmoxgb/MU7LXZzGqFX1j80j3MuSvKMZtF4XhkOvd6OfCS+zNI3tECPBavwGtRVlh6K49bJaPY+64HmoW9p6ipubhvx324e0oclOKnwqySRng4XMSvToqx25I4GBmwlM4GzWObPTYY+XcZjTn6hIdRBW7Jv4CVX+voVkQbL03WwSVJuyCzPQ2O/OmgaXZ6fMvPCc3fGILG22LuN6rh+x67Uf2KDkx5F8/3HoTBYHgRbFsSQ2euv4GJ/4nDz1157Jq3iTW+PcZLn+Wo1zwBTniep+yTHzhpMIk3DRrglg/yMKvRifdvCUfr7ZPJaow6X/mQwzeWboVv602wRmAmOEyfy8nmqqC50AOV3ibhgWdF4HPuKFRuHuKE8DZcaRaMtW+r8bX0Peq4PgpmHZrKz0SCKKpjI4dOSsf1j+zgx1vAuovzUORxEm/7K4EzCgzgorsuOdz3x9tdf8hb7xIV5qmCfOpDrszeRX5SYqx1Xo12WCtB8UUvvD0mjr8+C8dQ9Xpe2Xacd184z0YTMuFZrTKGCXvAATt1mLFiKwn4/8fp1aJU3+rMCinAcWd+oMXzH3D7Wge0LqzgviQL8BC3IEu5v9xqvZ1zcu/A9puVEJx2AXepE95PfM6GyxQo55EMiCyTxV8r5Mguz5YWGiSC+dsYEHaUpNJZH/G7cCFsfmJAkhfGwZ6ov7yz2QWa6q+Dw+W7lJYWzCv0O/Dl2Fr+GWfCc+smUZutCKy/mMvDm/aybHwMt6XnUF3cTJiVXEpVfqtpa3kx/OhbjkZH5GD7+Vt0aGETnOow4iKHYH7d+ZcsnVWxwHkRh65LggcXthDbGEBQ2WVY+HQy9E+NwAV5p9DWRo2cX82jEO8wvrGN+KLYKKpt1YCoNhUId5JCPyMR/nt1AxdNFODs3x/hodgjmKHnRXG/leB6/mjIUeiDt/JfWTG8DhzmLIJOhy2gfG0/RZh+Y59rczH5QjRb2itC1NMqOniggvj6BTTUO48Zt+L5648zFD8ynFYFNpPb/kPk82cksNIpGNhbyU5Ugr3jHkBviRT8DNQGFfG5FGx0lGTFTnPoA2lA9TMU2nCFvRcns9Pa0bjs1Q+YKnwAxUsIunRDKK+kn6JbFCHk9i1I3jzI17smErmpot4kQFvHYnCQ+0SfVhSzekMl3/OdCVp2hlTV+pXahdRIS4S5K+ojvSy/Ayr71THI4hiYNmvS3svK0Ka6HxXy99POEG1OJ3l+c1KAZ61xAt1nvWhlOp66lzzAJl0lkG03wY/f9Mg89CtWLViCn9KLwdFiNjwaqYfCd47CkeJ1YPdJExYHBFHsoTUcsSEfl5dcQMPc9RQk8o49V4+l0VuiaehuEq4Nmwkvv6XRxCF/Sjy4C6U1lGjRuD9w2f007na+iT4X5/PMdZu4v1wR0vcAm6/7jTdfC9OmPf+Rx71d/EaykvjmLta6IAvLDtbAlvMG0DDoAp/GnOS3tydA79cJqGlRDX7rtsNs9yV0Wv45pgYZ4jpnEbh58hlvissib3NfjhPr4jthlqz5IoqHkifBs0eDWGL5i/5sE4SLgdEA79+hiIAfLxDwRVH7cRCtWw5X1bK4tHABjHkSjr6LGGQv7Cf3ntGUk6jFx4YGOKHkOjk6LuEN7cVUJrCHI6wVOUpIAZ7tvYr709WhKziAQ1f1wZ8FU2H0+zK6V7iXMpt28HRZM1hsZwlv4zbhx3biKw/CMeROJ87NW4d2gfJ4eMxaOPvsEjxsvs0r48whwa0F0x4/prPuQiS9o4EiNXay44gamvAhA1XTdalqTCZN8h4LSVErcH2uLs1/94fnB4ej1Ww5etX+EoyN/yPHVcUYujaZR8RJQJfhaTAVEiHRP89xVEs7/DTopDzBu4zhniz/dCdsSV9Bd7oVIUW8F1Tuj6P171TpUmQZ6kc0kQF7oa7WbP750oAGbfMo47UouOhvhs8jbVnw2QYY291A9S5voLL+P07NGYVjJWfi0tpTXG4+FaRmC0DH65900egWTfy5i3VGiYOVOuKTyXthSusvsE86QwECMyFPVhT8j7zBpZmXMXBLJ8q8EsFl7VmkJ+TJ05RGQMA2T1SzVASHdVmU4/KDXBVjwfHcL1DxcsL2x+5ssTgEbz8Mp90qTiQwWQpUJA7A74g9tELjJf7duhLPx1rRCYXzvK89BXJUuqnu02Y+omUONXunYPcJKbLpEgFHD1Gae1ofrXfUUK/wRzhne40704+S3RtRmNnshLMkD8JvvRPkEHOX/+RPgz/rJNl7egzqLX1H5gWrGYPMYPwsQ9B41wCHZEbj3R1nKcH5BVu7NEG85SE48GchP7IcR3/PzYDRNg+xTW8sLimJIA1rW1S7cBse5AWT3tUI0r4COD5pLGX+GAECkaNIKNAdq0sXwb1kwm+jFoG78hjeliBPh20OwuRUDzR+LQxrtG7jyapIPugxAYb1HuDh1lraICJH+37agHWCARX8mwUyvwzgo+Y7eN+Sz06Pf5JSnSSbxouBAzjQ5t1+NO1ZF7qN/UNGk8zhq2U1nZseSsbKPjTsZM0eJT+odaMPK/3bRv0v33OQ52vaYKoOnn0efDzDA522ysDzES28+NMulv41ipWOeNC/Z85g4yyCe5UnwsHx3SAkso81BLN5kn0Z7lj6Bk3rRmDM9kAQrBZkvRtddHcUQZt4Lgp/yEe51GSO0j7M4U2rUOzeP1Itl6J1g464zW0vil03gPoRT3htcDc2rErni7uWUvNpb1LYuIRWFKxm2ZdKdL8yk00UpoKRZyysXBjPvl6a7HC5h57a/qD5ArtAtKkC34wchYMDG2Frpjicfe3F+w85krTYOd4825LmZDzlfXpXoavgNL3rnkffLv+gMEcxGPnVhz/9cEZb8Sh4NkuVZmo7c96acjoeNRc3F+vjONt/PGedBYyZP4QTlhnB60pDnLxqCfb9XE2qjbfwsGw69lUcArHHY0krE8Cy4wZGqH1FA4O9tEJdgbSvBFLC6XoKcIvHLbv3wfP+hyCVJA85b+9zQ70FuWlN4uRvv1D1xC6yKV2CC1OOc3TvEM5NnQt+awUBcp+zlhlhA3tQ2DgzrJ4djgbfhClU1ZZTuxwo9fU0Ejo7HY5mnOZf/ZowU/Q9532pprZXn+mj9RQ8ozgeb5zRoFlNdVhpORGWHlnHWWteYdpyU0reUwv6P5CEV7jxgfdZZJ6XyY+XipLld4aupDV0ohtB8v4F3jwQzEUhcrRr+SB0Ch/ndSZv6PP2u5h9xwxaIqux2HwS/N7oAlo3QkGucjG+N3/IMh9+QrVAPp8r/UVXjqtAikMj9awK5BM/xNjr62yIOHYAhIYLoaBYnxdfCCOpxlGU990SJIb68Lf8Y67bmcYbZbpxreYwDPiPJNOonbhbMpM0OjrRebIJHDI4jslbnNBd3JwnKefyzhs/qFH/GR9aIsrWFceof5E1Dk4ThTyRWrIq+Apz78txmj+w7axGOlSfDWduHuIZm+rh9+IplLZaAnKVZ+LrNZE84WwO0zek+NNJEJBajjlbiaebh8KXy2dBWs8AYIscbcfDlL/rDTfP9cVSH0MWXvwYz04b5gbxW/Aq4CVP2GwJDW+MIT5eCgOHc8m36C0HLhuiGKX5OCxmAcN71aBPxJNsLwmCW0sJxfeGksbaIgjOnQ7Zq4dxcasIfHpsjo+NayCluo2VWgBWhG2mglsaeMBekbZemQg2MRWUMimR7/WcgdijevAt4T1cadaDosbHnOdmxloHX2PH5Xmw1P0pl4904ULl7SyFK2ifpjndvKEJJ4pMCAb2oOQiMX4r9I2dNP+ju1Y2MP/uVNj5aB93l83HS++loCHejpZf6OBpx2uwZlAaFdZehsseuiTdaA5jzubwrnIheLJSHKJmbIflfcm0a95b8hetxenfizBPSQxmekTjQte7MNnPiCcsHQky166zk/Zlitv7lqx2fiWtoUhcvcGT/yuvIC3n+ZgeLA6W5crAzn95t9Y/XnAonHfNjKM5Gz+zV+EeDuuL4uT2Qn6y+x53f7OARuNDeH7xW5ohK0HbLct41b9BjL3/mS/9/cGhX+ZgR9AjkpmqAolaBXhwii3OMUplv8lOZNfUTdKXR1CMVSm49Aph0r9P+ER5NGCzOUqVWIHMogY+XeZGUU07UWfLC8rUUgN8MoISmxfCrf+0ocTtCK78u4HiXWJRx9MLI3dasf3YE3hnw3ZY9MaajtxQgiUVavBs1WdIWJwJL9wssaf6G9SuDcKdHQfR+vg1Vm2q5hlJL1B9swwUbR6Esx2O9ECzm0a5XcLiNyfwXSOCOk3DRyblsKgvl6fOkIAT0Z3Ufr0Ivm60h7LFO7hzngdfG/scdKuE8OjpTHhpqMOyXhYgNNDHfhmV2PR0Io+MvMqvdHbj1drNuHnBOAz7RhirEQ5hIiowMCMdPo3ZzAZLgmGRsQ80/j6Mzzz2QrOuO0L8Ut4tr4tNrAeaFfm4QVaXTnVH0+XcGTz32j6IPjeXZuYXo5TcIrJem03xSSYwQTcWnXqOs//ECnx3L52MC5bh72Q18A+/h9bXc6H91yt+yNKQc9iKepcewDnJB3mL3T6MDnPj6FuDqDOwFw/M8iL9j95oajsG3sxZg4u376XVfwXAIvAETnQtxOSpc1FDKwBGXQ6kK76jeEmCAOibyoHj63Ho3LYG+ha4ksn7L3ysdBSHig3TjdQCTtsqxhnWI2BHQgeJuOZSzf61dFLwOv06vhUnlXdizvBJPNRkRpG/88GzWh7G3ZAm1aokSL+6HEuNb5B5ZQ4NPWxibR1i77HuNGVOH281FoVmhQ/0L9eW6peYcv6BMWh1S5oUQi/B6+FQLFk4iYraAjGxahqIXLgLv2e/pbPm8bRj4CgNljqx/X01Wrd8DKteqSTTpd14/ch4MD97C3eMaIDE9YsgQD+f/y55wZvL5vAspd9If/+jBr3J3LBkAuzxT4Nlz/axh3A9rVet5mk7foJneidOSA2A0qdZmH8mD+11tCFphx3Jf0hno7ZXnHJeBH9LisDjKEVuLlvNU/228F+1e5SgOgbqn03FgVoPPh7vTDdXXuYa35+wfmAOuV7fwL0BMtzhFgj3548B6apJfL12GCa5/cfRpUa4vvsOr7TXoUO9Y/nt+j1o/mIcfVYUgrigpzhc4UNXFi6ht2NUYbmSM2+o/Q0DV+9xzlVBuik8jEcKAJwkjXlOrAqmxQiT3uRyenjsN0VmD2Bi/jr06jpN1458w+NPJsNphbWgEiDKS0+norLnNBRzvwMtTW/pJvWRnsY8vLzwILjpG0KW1lMoPyEOwnE7OUYtCh49mYgzhqbTgWpNmPo6ll62HedoSXWIhzZYEXmInMRSQKIzHb09ynhDixU1GPrQxbm1kHnNFff+kQdJ2U0U8kUTaM0w2AqeoOfCALYLp+PtrdugzlOTnJ+kcFQ7Qbrec5J43oFunzNp2buTmJvdQdvFgmncQXe8b3sVE1L9gB1E4Ugyo+uuOXhJUZLPr7qIgVX3YP69mWRiR7S6X5P1X27E8x6WoFOZQd/M/HDv/s2UIW6Gh+9q8B/XanhrbovvKl+xQPVHcs3Whqr8x5S1RZFHfVhPD3yy4GdfJtgfms+Fi9dQy1ZpDhZcCT6pMvBQxp4sB19TFIliiNAVOnF1KxncfocNChLQZGbH8m2ttIVGQUzyC0y71IOuLbN57NybnP9RAlSzhijO/B5sFbCA9tddlNwkCP3ZItR4wohMo0fz5PdZfH/Hdtg/kAdHTxnA6lu+rF0zgRRyxQBOWOGTjmicZzSDLLU24bp/40Ep5htTkwtXjynC0892kGWOEYw+qcGpi52p/sYtGvtiL358sYbFzsSDzSNN7JPfj0VLoviB1CQIH/6D8qfXYfcBAdAp2YcyEy9T4cwaGmmugZ3L5HDArBXfn9GDXywGKz5lc+D1P3Dp+k1+e+QZeM+4jmNcpXD7okP0dvFEHlhtDqHGKVwYl4Y5bl4gahdGKV2FYNJ1EDZ4fcH1Ph8pqmkuSOhNgBs9U+jN3UoY/8sCPa+ZQMz7MEyOvQy3Sy146aJIsNolxJ+uj4SOak1MvbSLdl8xAv84WT46SQmsXORgo6wPTJlWhprXq7D8hAT0tm7jlu7naHgpla2FDajaSI0rKz7DjsgGGrafDfOOG+BVeUOYlXULjwfl4NQYbT7+1wwnZInz47UV5L0onDh+CxzZKURytpMgO9sRH+tK4nlZUaxQEIOVG81wrk49C+/5gw5mjrDhxEkYLaEMk1dp4+T1AZgU9YYcv1yhU9nWsL/BFP4bf5NiZ79F0bMV7HMQYfBsMI89tg4Stz3Hw0N/yTjZAEy27eWlR8yhm+dwy6FcmHdSENTTW/jetB5Waj5OfXlJqG+QAfNsA0grYBg6Om/g92Nv+fFTIfB554Dzxbzpfd49Msi0YivPyZQ1OZtlO5gnJ52hKT9scb+qNDR9XMmbdgdx9Q0xmFP/Bfz8PkKRdC4V9tXD9AE7NDy4hDrUhSHwaSMruh7gdTcVsGT5SYwQvw9uVdNgf8ZjTo3QwcHvfhhqJwBRlxdBhGMXDhXZYesiNZz+rQ+sa1W4L6SSDrRLU37KRzJYogw2Lp851v00y5/fxT2tS/naiXIOPrATrmv94vS1Q3zK8yN2HheC7HBV7Kh1QoX8ZE62msESFSv5m70J3As4xFvaFuLiFkcMDDGGB3vqOPDXMexouUBXIyfglj/uOPvhewjfJom1V4/D8Z+jyNZSF0qqTqFWz1QyPjcVs4O7SO07MzomUVLVe45ND6HUN+N4TZMapG9yh3/181ioLI2TL42EiFn1IHtmJmi41WDB50S8WVBAdt8MIbTHl4sTazGnHuFgQSZGNExgO3qB9+/10Sbr3SwYdwnH/5GGCeK1tErqMi9sDoKN/W9Z5t9EnGBVjC8OLqfA8hEsNK8J2dQSzt16x6a7flH2g2VUe/YMOz58R1OuzeH05ar4z7uKAqauweYbxjDNoYT/zWmiouixIDe4A++IbYUR9AguHtCiJw/l8HuuMh45oQjBgT3cdqkeos4NweshT7w1+BgaPu+AqwF6PFZuO1omD8HOc4YgQY6UMfsfRF75xk/7zuE+mYkc8nQ+lZltoCun3mHFhwA8IysAoDsGXqzIwv79u9F3xXX4VK5OXs5KuPTLUdZ2SMAt97aQtbM22G5I5y6XVjJ4950TolbBgqcXwGNmC/2Zu5ic9vqT/P4mmKwhB3dunGDvscDj+8bjhxXyYPBYnFTj3ThLv5Ef3xAkF5lOVg8hCN4eQl/bNkDe6KlkIDcGdl7x477eGlpZLM/D99Vpg9lR/DB/MjS5HwbT4lmgWniBdmxw5p4Hytzo2gduV1fxGbsbeHXVIRwggKD4UO5+asNv3lWT1uk3/PaECzbZb4IJOYvh/e4S+KG0l25JS8HnUAdSv6WGs8I2YCy30SOPNF4S34ELtmXCsPx3XuYtiCo1SqBzzRBSC0pZto/gs4cGD2ksJYnY/whNrYkbc+Hq4Cbwv2sKX1tDuD/PCYM/T2H7iJe4caYsQftYbj2fDqmC13iSWyzJ1MmCd4YdnJAYRK29qljuPMjRhzswV2UFmLgrw8bYjeSybYiXfVKF0LPn2WDVbcAnA3Crupai9YFcJgtAmngjWERZcueXNShxyQIMQlIwKHgOZI+eRTnjEM49s4CxmwUhbPUh+Ku8GeP+KrODnyD8K5uGD4d2Qvu4x3g50A+0pozGQ89P8JNLL3BGwkeYZmlLyy+PgU7hXNS7WEEjvlwD0wmZNKz1AKyMUvD9uEjOrs3CIetwOHFuLFxIrMYPzo/43ZA231njwL6OdbSwuQoXzO2mqJ2XWFfyJYcUWMLNxZtIYXIQnawZz3WLY3Fd4300HVtL4R8kwL23gZKzCkjIdwrUpgZRm8YRXDN8FaQnL8EJq43RV7WLx+Z7sLTXOuxYsZvL7ilAV+xh/BYyH3/q9sCKS+9w5Zdq3nzkDXwesxsErk5Cr8wfOKFCFtY9DwWXQUfweP4PDx6ypy9xXpAofgiHnaLxprMX+Ci7c+IhOVhuHISNJQH4yUAAjrY0wP0drZwcdwSs66fDR3yO/85cwct5uqDZIshh52/T0ZuWPHFGAZJDMXqGjIR9Ra/IfXoc738QTKcWqcH7eGk8PuTICnMe0pj5n+nm/j04IS6W3/+eCvcnHOOhe/+x/+fpkKiZBkkJGjzj3lq01OnGKfNH8QKvIPg59Rpm5VThx7AxNGveTDA7fZfsGup56YUVMA8bIa/3JNPP5+QcfY1NaQLGbhvkNVWGEC66EVy+KJJqyisItnuNO5seYWxLCMuZqdP4v4dJSUGcCr7ow6GAKCoudkJM1aOnom/w5O8Bntj/EIzypWDmykw88WUhSOiNBVVpBB+pKPR64sieTQb4U/IuwidJ/hW5jY9p/uV/9ZdopvsouLm0Fyv/S8aH62zRYiiAK3fdx8ZYLfh9bBi6Lqzh3Gnd8ExfF37OVaGEK23oP3oUhSQU0DXdc5BUmoYnX8jxug1pmBBpS2s8xOH573Y28lOCv2ld8DLEkd4b/gbnDFeeJ+EO1xrH8pc39RxRJAgtkYdhzZP1tMYwDlyil3BV0FYqn72LYu59Iqk1X/npvAqulZGGdzNKoEloPc4tO80mZqPhVsw0GPNtGVcbJbOg4gDP0vHDqv+UwP6GE9w0L+eBM+M5uPUP7xpbDMdv/sLBcntcEHsXw07/B2EOo2HR+wxuDFgPeyszQfLDJdi1Yg59nhbHXybO5UTZvfzT5BlUvpwEe1XOY95BX0qQlof/JN9TwWxz6la9iVfl7DAkt4qaNJ7ipwQlsPwmjJo9nbxFUxnXr7lJ47w/49BESXqYJAExaAw+oj1gs8kMHvoOsyC4Q2zcLFCti6HVDVcgzdoclyrbwpkvAjDvcSdM9jeHX7lGtD4E+NOkYHpX/xk8a4+C0dRcfBimzkZBG6jFpwGOPdGC8RUe8Mo3hfTKE2Fvogtki2yDRK1ibupSYOE5W6jbW5fPiE4EJRUrVDvwgetOTecez89Usn8XjVn0kV8N7YP/7Owowukwel2YCNb2E2BNuT9NNrlC/0n18sxcDZz+dzlO+XEVUx3T8VVDDSR/0oTSwk6K61yM+2r3YKpVJQl0usEyX2k6770dJttX8/zda8GuSB7kJHTw75y34PNoMgvpRpJnTgRdbZPmIrlcUNyVhnl/U1HxoBh0b12IIiFzYUuiGmv73+HygC/8ramZIgxjeNDxMX3/I4S+P2dC8zsrcgtxpJXG+vj0cx7pi58i+7vX4au+PwlZTkVH3YuQWTkK+lSEYRV+wVvefeS3I45/tqaA24kV8FDuJWU61KN20h1+1IOw+3YqlS46CAs2V/Ed9QLY7nIVgpfOhrNrz1HIoel8ynAOtx8WAf0ZbriH7OFWgRpmt8aCxMWfXLPHnzctXoVWJxxRpScED1arwn4TGVY4GsVP09vIPFoa2kd74+cvHjBf+giNmKWL4ys0saNVDiKXDIKe+FN8frGdJfrH0eGdz3hvUBva9Eih/wbAaPH9JC0kALHZYRi7cS457buKUf51kBK1GAcmH2btQTPIzzYkB7tKFgqVBOGFs3BsgRN22a3nWOvp8J2LYd/3yWiWthFu22vz5o4y+rB+PExIS+P7m/PRqmEO9bgdw8TIc/j8VA9VGS+BMR+bwOr+KlqyZzyMGvxLq+bWU3+oHUYnFpN/3Qo2tBmH8wYOgmTsUv4ob8V/47VAIj+IR51NoJH3ZGDMlGIu6lwOp29fRo0HS6ki/APP+rkBLmeqQtu8g/xneyPmh7vB4Po7IGxXCCP2XWLDP9chbEo+FUyM5NU62pDTIEc50esx5qQ/zkrThssp3XzB7DmW3nwB+YPH6U5wG3j0ToK8T3pUM+MH2MWN51Fq53n0+FaqrWzmqrXbIWfYHIyldFjbatr/zf89b3eGpr5+yPkhvdRRLEXBPeMhaEokfg9ZiSOURdlGF7hltxno3c3m+NsPoOCEI+nmzkPBoRyed8aDzd5rc9VeVxRcc5inNzMM7YmgmK23IWmVEZ52c+XAvtNgeqcEwvKToa66CszGe9DOZoDZlztB262Mbp9Kwe7X3jy/q5gnvRNgsTGr+bv7CRZUe0Afogxhmu9h9n98iH6erGVrxzcQbJQIa8gFNcwOY7NYH58Ytx8emiFsEd1KWy0kccEIB4y52c/qw5vJ3s+Cli3qAuc2J6iP/IeloqNhyKeSK09tpf6vo9B3wXGepdlEXg8OQ424H06cEwGp/hE0p0IYfJ+8hFlRO3lfaD5OydhB+5Qj4eNFL2jwDOOYSaH45PlC/PvWBAKioziq6DDqj9qHcYVenPR2P5s8nMMGZ4RoaMp48F1gzztqzGCSRBraPzGD1PZ4/KhfxLZnjbH/8hf6KLGOUpqy6WX0XJooPh1EIxX4xkwlOrV6EiZsQbBqH8R1k92h+9V4uLyCSMjJjk9dIHikmsHWz/zR+fFhuGu1kKfdHyQH0yRKu6SP5QnRqNL7ixZsFYaWQE9clb4TH8wTp4Gvklw69IOLNebQ7MspULfMHKZETSXz0WNhpf940jRwxEfjhHBN7msYXVMFpruW4aTYerC7cJafqXdiYJUu1Ms6s+m8bfjk+gVyGP2eq9PmQ9k7Hd5gKEUXA/pRZuQEDK+1hJ14jsRstDDaQpnObLaikWVyMLbQDervG9B1pSRw0PwK1ftNYLrTbDgsXczKJXrgaFxPWY6rSOxzAPlJjiSRhskwOrgKehslIFoyE/TiytgppxiKzj2jq8EmcNF6AS3ZIoPtF9binEA7ypo7A3Z8NgL1rI3gJxGHDdqiVGiWCjvmmeLF5Ve4Pd4Q9LR34DklHcio0USDL7f4zE5RdGn9RX89Xdka8jg+rZpMz4rAuC4Lfi+tA4kLgjjicT3+sXaBqxFGuDqogg5HNOIxG0WcIeVCl462wwfDibBbIgEkvfORBJMo5PxLzpY+TnkRU1Fa4QRMvlLPnSqIIw8ZQFLeZBypfwQXRyxh91RTjjrSx6othrRgzVhwmzUJe3xFsbZcBqRt99G8viI0PrMIOsT7+OhBfQzUAnApn8VLXMPpY+IU6IAx8Gu3NmwsdQKtJwxtQp7sfjGTs3Lq4F7HM+iXy+ZlkgZsWTANPhlaY/mkHFJPUoTF+99iVNVJkJeWpLYzCXj51xdQcq3l1Bc6EJs7ih2mGdLDmSLka5RJyXVzuVgvhpXjp8I83elkHJNP78qmwIrBZrCzm8Lz7xmxWnUHV33o5wrZdWC0eBunDqnR6a5J4NoAsGv4Bi5pdKJdPlcwJvcAXhxKgfOH3oFN1Q3YqNpHtxovYGL9aPC49AumJxxDlc8pGHi6Aqes9mSv3HJcGSFGXkffgLbqES6rFYRJ5w6hzw5L/LRzJ6Q3XaeIxutc/1YSKjIG8dyfv+y0TJ2EZ48DdVBC+7TbuEx8Cm2M9+NMx0mQ9EAGD7cVo4NsMmWv1YdMWWNwifwIY+yOgdyj9dw7fhNj00xcmVBPVw+b0b3zntC+qo+aPiqBYE0LZB1rpPZLspzt/xKDl6hiSpMehi14yNqppRw/4xaEvbGEoB9/OP+hMx1u+0cG/wRo/bZSODdrB4X+a0P5kDrQcLfhI+0TgUcH43eXLihrSab9l3bzDncL+GIqBxNkh2B38ny4v96QC6UlQeRaATw/v4SyjSZC2Tt/CjZ2Jpv5r+nhB3cMv/ME7TPu8JGWieAaeJ2FF2jj/tYPlNOzBbMuF9Cjv4JwbLgBfbgO/42pQ4FGUfhu0ISLfg7y+ysCeN3aF96HeJKrZhkPxqWT1YFs1hOtQ5u2CbD1fSHLTVSgXq9yUH32BjLaDKA4QwUbPzpAr/tupkXTwTdFBkYp6sLGV5ewdPl7erEgnb+5XuWhggdQlyrIootW48uRO+hskCToW8zls1fieeWhw9SXeIFPyzviDMdqavP8xzerw6jpwT/8958OxHje5oPv/WFp4QzWnF9IzT4FeLVdhHRUt9PVGBUM+n6T7l2Xh4dBrby0uwJcUmqx9uYqaNE8Bu8WpVBK0XKAnoNo4buFZboM4YXHEBXKnECN6lIweLQYJxkCRv/ypsLYcbDPZwkkVi2mrKdjYP+mcq4LL0HPI4spUtIF959axM9MLSAzZ4AHnA6Su+FOrDKdBBdrpbA1IQh8IqwwVvMvqbdkcfCRZlI4FkAbfp1gWiNJy+aMANGsbbhP8Thuq+2j/BNGMPn9Pu4uyiPfCgtU+T6AxfP/4tlJsvBE9z5kDpyHB8d/kNZ0c1SLk6VWB6aI7FcYObEHdEUvkbOdEqgnLKHksu9wKeEODJedAzNFS44S7KCr9x6gRkE1dBSMJWtxQajfZIYfbJ/j4g3W+MHFBCX3W/OejAc4C0dhSY0kTS8wAvudJrA9tBo/Hgymb95tJJwazf0qtXzr7iIwXfcO59zZyYNjP4CLrhwsD91EvVOe0EbprZR+3pa8WtM5py8WvZd60riBybDl2g28s14Qzu0/BpOqnnFwchwv9rbmG/ukwDhMDSV91dEv7RmoHxRDnwvj4I+FFqYPetOy8aX0YvQePnn9FNSPcuXXQUaYetYUO8XFOfiFAezd+A2swu5wdFUD37AZxNUVazhlwJCD1YUh7W09lY8LxCEhc1C+nAFO/sIYUjWZ13WsxbJhXZi2NofVqnxBd9odcJJ9S6f2CYKC7gi+s/0vJB58gcdjC2mkuw1KbFmJNd9q6L+bNlwZZs8SYdow8Y83LNpWwlWlD/mF025MzlyHu0Mi6GZLA2ub7uY8+XF0b+JI0B7Upn+vp4PfPmHcdXUCxlUZ8vkJJqgzfgU3hemS5E8RtlIYD6rKY8Fs81P8My8DvGJ2wtH8FNpj/AulnqZx4P3PtE3IgvaYCYO9/jDsXXoLClrmY+JZSzB8Y4rlmo54fFkNZAX4wqZ7D/F5khpYmc2G4vgJ0L5mBlWqLaO2B/tQysOfKuxVcYbWJSz4fhEMA6dB0ukvLBweSqWPb2PmZg8asMrA31cFebd9Ef033hh9vTfB3dF6kLjYnyNPSMHjOTOoSFaUza1KuMFtL/V/EMf/wsRgVnonus9VhAsx92j9qSC4mI6knh9KbTV/8WWuPChai/DWgfNs8uY1iY5WBKfp06Aq15Ya+93w+vUWHt9bA9VjdFhovAFFVPWis7Ukhfcqw829I3H75nwY2DqeXSuLsfOsM63do4W7JfZTzqtc+vpenc1YG9Z4RtHFHTvxs0clrBlKBcOKZaBvd4Ne6d3EZWbnOKZwCu3t1YCfixZQe48kLF/vyHsvfcVXd9ax/pwf4DU0jw/v+QKlaubspC0OK7rEKXPOTXyvchY3+DyB1zJv0Mv/FSZtrEcxdkSP7ZMxTUIBTPE3DknU0H8XdFljUxM6GZvwG/1tuGfPF9TT1cUf67ZCY6khdGi+o1drvNA3QYwrHqTR9KxflDdyPkl4xUHqsWH6JjKKzzqogiF3cckIJ5L5NwjnpWXxivtayjr+BjOip+JPvwA+VVSB1QYWECElDa1ir3n6WQHuDZtK3RvjcWe4P3V73+ZmsZUw+rUAC2vowSuJO3Q2/gW96VKGyC/JvN7kJEVMeMNhPcKwZclMLjRNoax5RmD6HOh1pR7cGNyBWk5xvMLrOPkFepK+3CE4FvmVGm4OUs9yDXjdUYJ5b+pw3wFxKpD+QdPPFWNDWBVHNpjQiv13wGZGHfyzFoTHrcu5qFoD16/K5gMjNsE7AQP68d4QvseqQmjKT4yrb8Cg1yNAx3QLZT4vIsGRCcgNmWDY9Ifc0sX46t5lVLffiLuvr2Wh7TKQqDeOhKriqa1ZnTafuYZtS/K4u0uS3peNxH71V7xF/g8NR02HaoF6POwVDFVXMuHt/EpwPjedvbdlkHjtEF4xW4uGTu2wNUceLB0kyOpPEQV2ZmOrwEnCYRGMdtnDaGsC7c9yyKZyLfa3aIPzWxVS7X6HCfti+PHpIkj4nIiOp8JhddNOWju/GV9HW6DKJYCcb8LgE3SMzhWshgDPf7xpjTnu6VCkk6/e8znJElK3c+Ls2hFQnKkM9srt8PU/TxRpdsGt43fw190vIFfqAk6438V2pxJRVG4mFFemIBUWcrH8eW5Tlees0nvwKl6Mvgt2scLncLD4ZgJpCvpQ67SP+yYPgXzBRvKaq4JH+47S1j+2oHpdHiZdFsPaPX7wzFwLxDtHg+mHIF7vm0tbP2rTuJTZdHquIj7LK8RQrQwa3r2Nv3QYQproAOFhHb7Q2wOP5mfRmEEPPL3rJ97Zv4H1ZjSy0pt6fHNqMszSGYnmwYTSglPgQkAgLpDyooxBB5RyqeG5P4LgRUgwfb9hCQ9aGslV2pnNe6P4y5yf1G7bRRXNO3BGxAPe81kNHFY0A57VgPQnfdy84ja8Vg2ma96ytKw1hRemuoLrnSfoGlEI2054cdiQDgQnbcVLOolsrzQVlJ1XwPRXW3HSKT8OT1emCskdJNuZh366BjDpqhG7vRVit2uGMP7APdI3fgITlLfwPKEkGDUvF/c/H0CpYXnQTBWHoyfs+OwsG3hfaMaTHU+Q3UkbXNUhR803zGHZmbfgoawDoxW98cXGf5z3fSaCZSe27VeCoZYEmr/HFi62GdKyjNO8q0gFdo8TQdUl47nHKhI8TmyEUbuGqb/mPhjHJqLqv8+4u7Ec/o3QAk33Ql6wpITaDhpCe3MJhv8nDJ8zUsj8igLqHvJG0f5LMNJqHJR+tafoK4MwWHsKeuR2U4HZLxi17huOv9YFqw5m0eYfZ6Btij4kpkbTCx8VTnqaAt9/jGP/CSdh+mRfDvHtgeDsej6vuBx+/NSALyYFKJhnAkonFtCE2k70L/vLZiu88YCvCkz/asg2Fbm4bUAbPJoTeXvaQxIZW412V2NIS/cSxyx1hPr+8/y68yetSTeFtTMU4a51MEz3/8njDI3Bt3wa7LbM5JojC2la7jdKmiUHTgoP6KWXGdx88ZsMc/JR4uQEEh2fx6q+1/HHHxFy/uvKo7d+5D4LJyg9PB72mrlzaM0vWBSZDzZWr2hKag3EV7pyRdIy/lUrSWdH+JP6DFXYhrF0PiqAL2Y85e8VLvDCPxaMZnWiiYMjbbv3iJKrTEjUUwBGNcazg8oesn7AIPvVCIsmdlHF2JfUV+2Lfzru8795hqgWoggX0xtY4I4ryku8peCsIXSueY6n/lyAks7FVLY9G9fhdky8IQKxKjo0dHAfJxX7A2jNQbfRM+k2tPG1ye5wIWYcxr0+hoXRWrBlpj3c873Jd5ceh7DWzaxXJ8rYI40mGSNxRNlLXn1/KSxSFoKFruMhcZ0ReRQlYE6hGO7IW4qrvUfQ74vV9Pt8A2tkFcPFfCX40TIbXtZMAaeldXgNx9DC262oPeozaJ95wEESEriiN5DDHmjDYpnj1GO+gU+oGcPc9MNk5OxIq9b1ULNZJ5bdvsue/kIsX2cOFg9PUYWIGN6HLLh2Zyn1NCLXtZfw45P7YNLJ8RD25y0u22oMhf0uKCOpDiajjWi+cjJ+mjqX636HYPLIdxxfOQ9mO9Xy859T4eKFFlCOmUP5aj9ghM4Y3GWfxRKj7UnH6TXJy0nisk/3aPUBVZixNhE/a4aAd9M+Hswo517/GJApr8H87HJWvHQSk+19SSsCYWiVJuWuEIVom3kw+dUecMYu8lCez+dDVsOvgXL+ZnAKnasV4P6edXRQrBadfirxyculLPC7npzk1uPFH+JcklUHuqURfP6KJJQ/VyDHtn4K8hjmt4U3MOpYNDycc5VdxqzAuw+/s9amRXz6mTYc+NIJUdGx9KxJAsVTJai1UwC+PX8NcxN/kM/Uq5S67zmMEJIDqo3l6Xde0Y0Vunj5yGzufNsLM3b14eBgGKe114JF+QB/vTkKNuxXh+01xnDn/XhqmCMF0l9y0X/aPlg54idc0JxBWsc86YGgBRz3+ACzV2bgWOu7sEhvA5c99eO7OYHQEqIOAUsdcHLmYrp1UAPiOr/Syamq9NSkFr/MW4IH4BXnRE3iCWODwPfcaEgXCCAvFxFIafjAh0USME+2GadcGkAv92BwjJWhgnObScx3OmzQusgpx4RA6GkFTRb7QcstgiG0+wL3B+pj2s0otHH3gdvqY7A+oZ3Cl02GgcUysMEmhNfsuYd9dZ14aB/B4o5NbKvrR6cf7IN7R21AccwEKHy6iRpsjnLVQkXsOFtDK85dADv7gxx4aiPtU68ltfxl4DtdFuz+66eqgD80kHaX730UgZ6rqyh5og2f3J4MabENxOvqwG+TKIx4YUsWf/zphflj+KX7kw/eUKRB2ae0f281V5pUYZugOHDvTIhxCMeslbe5UGSIF94xh4aaYpZ3XkAPVo8j44se6DFxNn9RmQ5NJkF8S+8IH5caAQ4WDWxw8QAkfTvHox8YUnvOUfK4GQ9Fs0RhveRo6Ln0ni0uIpc+GoE/WBjkSybhSD9xPtg+EtyDL8BNTwFoXfEUHB3z2bL1E+hX3UK4sR52D7qRS7IvxpbMo3sdx3nwggI4HBnNO12EccYMNSxtfUOXT+tAxQFVFPD5DPPvSmHp8wpQUDGHQKcEGCu+B1O0u0i5vpHV3WfSx7gAOLrPj3Ml//IKS3uuFTAGEY3N7H1lEDofRcCATg/N+KrLOxIO4LS3Q7DndSw/aQygE36SoN1tz5Xh82n8st/UASdpSVY0vPQWpxc/F0Ojz3iQUxyiFHE1OLDRFVvveXDZr6No9vEAVn20o/4efV5v04NCMbN5Sup59vs+EtwHhyjENAoUTTexVqsMbPzYiHVWb8FZ+BNEvmvBlsCpaDhzChS7fkZKLWPHy7fRYWUI6JWupIu/uvnAyC1orfQLz4eF0lWHSfBn5XNeeeEotij48xF3S7AdU4aNfj/gfk0LDO7YQV8/HOG6X5Nhtpk5tWQk4lFDNS5qjuaVdil0ZLgAot0zsDTOHU17W2DbrTFQ3BoME70ccVZ+L8iuWEWpo46yw6McWDfCFmNqgJyUdSFOVwPQLRCt5x/BMIc06H5XCs21p1GqXxjshOP4ZsRYWLNtEWc/mgISG9OgcGINGI/8CUMCZSQs0gb7rr5A68ePcOTWjSzYMBJFDwtCdOMMfvf3IyiLC6JD6k52WWVPXU3ZVGK8h6Ta1lCdXAqJfdSFwzblNBvi0aH6JWXP+QUfXXW4T96Vktf188raYp7bbUeyvWqwFQ9i1dSVKH5DAW8fEqOUpwtJyn8N+hWdRydh5rEl56AzRgWCKp/C8OvrlGssBrb2FaTisAK/h3fg8kflpP1AmI/OPsAfiSHqnS7+ySyi3jXhKNvznX6aBcAZs90wcXs1xI00gc43KtyySBEC+jXQx9WDIyQjqMxUjo43n+aVO2Xh3MG7tPjpMt5pfxxnS5jDDqtf8OFAO3RddKGEifUcdkoRsm6fosAnqfik2Y1bjM5CtKMpfPAWQ0m8zHPn7SPdUm9+8CKdusdOoZDwPhD2fs+20Z2QpGMA/bP38ReBzWiXYYzrQo5Ahr0SB8f38DYvUTqQYMBnjJ4wGo+DbMVmOFvZBjsOpWBdawc/FvhOAUcq+ZT9Ayj9OkTf9x4D5VyEnTqPMcD6FjoLW3Jw5nTSTq3j+aPvEtyX59z6c6zqvw00RyvAm8h+1AuPR5vOk3Bu6g04k6+E6r0IcZ2TyLPXhX3MjPntJR1QunAbBYPm0jwtGe6v8cG1PwPBWtud75cn8y6pWXywyghOyspAzo0DLOlugpCbyMst31G/tz0sazgJU4RrebyiAXQu2I6XHyH8ufgXXG9LoHCOCDV/ug7Lm9OppLoF9nmLYNavzewZE0DSf80g4JgaWHxRB5lgRTx7ZgLPDJ7GPnm7aF1dNVfIHIQpT/xZ9rEwmOhmUbVPK9+VE6dQkUUs1CzOqqbIfS6emLBwAG58aaOzfSNgxo9+cPv0F7ocN0LjmfUwe0cK7G4PhjNJFeT7YRRa3LoLC65qQ8+4ZswzdMIHpRtZSrKNltQeZNOlu2l9qCNqZcmQjnQlHDtrCP1vyqnqQSXtWehDr9UMcUrZXxwYFgDTIlss/jcTBGR9odhGAaSKV5Bi1UgM/fiaN88XhY/rEvHq5WROsUrkqQ93Y6XIfPQ7MxM2fMplv/dFoCx6B6PL3SF7uyxsb7iCIuanwMAqhAo7XbhkpSV4Z/SzqGAmtztuQ/3MbF63LAosZp7Ewd2IL+7/Aq2QLRwnLwefti2m/Fe+5KuzGMOd12HErRn8Snc7vEkWgtRTS+nUqu1QweMgSLcVLqa7gb3XZpA7IQO0/RtEzNGH1wa/YepFc3w1YzU9jJoKb2fqk9bDXxTkHERb3yWQ1PBDnv5uH/0tCSPdssNgkmxIxtfVYVmIF0gGNLKVxn1oOqRFufPy6X63L+xxDMT23m/oJ/sCH4caQuTyceRh4gKhx7oxsPEne+omYqr6bgh90ksTrW7jMkN1nn97JEyI+IKvOi6jQ7wOXlF1h9rBND6z7DaPidMiu+gS/nR/FW2QVoGx3jE4S7kGipVM4b3fRo6a+YLNyjxR3HSI1vy8wrdd4vHvXwMIu9YHUhv9KD/0PZg1ldDw3Wn4dVoX3/FaAPvTsnjh9tu4pUkYzHSksGuhDxoX++Hlaf0YJ7INAi8nwVzpVBibf5BfJPbDtnIx+BBtiH/OxcL5yN/YWuFGAq/kSDnBAYqujwb9d0pgmOjH4a5S4CN9H+5f+IB9vPB/FNOHOhCMGgDgb9gJZWZnhGSXUEr+lKLQMBtEpUiDpKlEKCpFhaIppUEobaMoREZLS5KVRJFKOM+5iJdTBhO5VrMRk5IBDK8GceHMfo78awKxmYJgESVJzV0TSN00ny1/F7N4nwnN/HAYFsVZ4JYsZUjV/Y+wmGHJTCOsyazmUndhdPDOh66Fpajr54f5Qtn0TbAcB79U4u9IETDKzIahi+YgaiyB4ZOyaWxfNzee+42//er4whxvDtlxlsZ3q8Bog50w4Dyf/12yxtD0AV7cW0h7Px4AyVx5+vjiI3auSmafJ9LAC6/DXvWN2HxVngR//MEDI99RjkMWHj9ZzK7R0VSy0A+FN4mBxKS3vMblLTqVVuGb3fa8RquCPHSfUszFV5AvUQr64d0QftccdP5doubOWr4tr8AqC2TYcYcyjjKzx/Ib8ZQ5ejSqpU+l5NOiMMp0J2e0dqJZozgrH52Bu+z6MWS0Iv6W96UmXk6K067SyVBrWGlsx9oNN+jg4T48GvuNng3HUZyQJjZ2FIGPZx9tPxhKI20nQ0DKNYpLt8UZS3/Spy5FVnhxlc4X3aMbqjL8uWgZXRXZxXoWulA8axQ/PjQdxzxpwCDIg1dLj6NTyHVAIWWw+a8Z57UdwN0XFEBbKwwS/hsBbdM7IG1sFYwXNeJJ13fRWz8BLGt4AAlPJNhMWQXEToTQQYPxMFdyEkcJM7+znwTbDvfQg5ByXj3qDy353IrtzsqQrLEMn0pP4/8KlnEfHKfcQwsxzc6RWkuO8ENJZ5zSJgWmcdKgNsGMaKYM3D+bxOdNA0j8/gF2+cmcu28BKXvPZM0Xj2nrCgtYE3wWP3ov5xWTbmHg43E4ReARG8tepfNOy+iJmCcYxr3AcmUF8EZF+nH6K0x3FiCNH32QMX87bRhbTd+KK2DuYwPcrSuIamkasH/ZT/Z6pUP91ktw0r1oLp74l2KuWfAEs3M8Nf8drs/W4SY9EShRbmTt2ANcMKYTRxrF0FolI7iWVMFdWsGsap5Dgw136O8ISxguSqHoD+3kqbYIB9tsWdVvEju/OIH1sZ6svu0hSIWFYUe5LKTPqQW198zHzkTR0gw1aE9dyyXHMsFIFUlsSjE5NHXCQRVD2HdmGE0EBNhyRjpcPCXOfcXD+GDxB8zvXAeGgyEsF/Od1SpGwH3LIAgLLeM9bbJA5S20LzOD1ota43TfRVQ6aE1rAraR1WcpeHXKDoMnR+Nz71s4csNj9u3+Sgd2e0P4iGJKaUzBWLs4VvsBsONJK4yNcwDtZbPhhcxrEt2njP8S1nHmujRwKATSELVGVzcx2HN2M80bWoi/boejUlsQeHprwa+XUZR78Tv9O/Ked4UJcd00YZi5dQuk5s/iC4OirGNYT/rT2ni+mAv4O+px+PIiTL84DJknx4Prsjba6ruTlKuP0cIxn+BonDgLlQzwI6m/XK7RDws9DrJevQR4kiXNG78cHf38YJHIAjhkRTDpuCB8vjSHazN6YdS1U9DUIwvfliXx1eYE+n27F+wjJTHgwGEotD7PI3zy6OYGS94cY0Jq/mYwtV4Cbgm/oLwCSUpZUwwrDkdgvfYTrm08gR3pE3jfUVvYPUMDhGzuYN2olbzm4DQwqC+j1a5hcOrAPzS2d4Pgc3aQEabF87VlYeH9UXjYqBG3vd8MPpe9eaCgm6O2KfAiMXPsyrKmX1LG1BqtAek3KkHOai0f3XOHjtU106aDahhZIYZ/7r3BEm116hh8Dy0nhaDp4AE833QJnjavgUjfYySYPkjXvglwVeBnfPdzA64NMCPlqUIQIlXNf5+7U7/uVnDaeJsuGH8nkbx3sOBKFFw/kE3qhj8gNFkUPBYeYIOj5nBi6lcy/9SLdY7XKOzJBejq0gCz6j24NWk8XNiiCLek54PFus1Yln2cJISbGb0zQdihjR/VtLDFA0VcEzOChA6bQ1dTLGnPjaGGfXosql3Hy4tC6deuQliYq47bN07AyrdekBUzAXoaX8DYvDQIfPuWas030iSnHmiwyiXXzxYwSv8WzGdLNCBFuHhKjG58eoTrXgtjwYeFEJDpwMoxrbzg9y1yzdYmG9Hn0CwkDX3ffVBEVBp0it5AglYdvDc2g4KfpbRxzVnIWDyRLylkwfnJmtAw+wxJ2N+A9DAbFu5spOf173GHmQUdnDCeqi944bTv07gmyRSCOt4AvSmFYLMmWrfdghbtkAG14VqUTBrGFXu0ODw0DTILJ8Fy1wbeOlcVLmm+5sPOxvCz1ISv9hWgk3oKC/k8I/Vrx8jO2QrKZ/vCwJIIalo3DsP3N5DMyifsbePN0aUhmCCvhr8u/+bLmsKwJuInXx32gTjrmeyx25VCu2fScxMV+rM+lpTunaBJ1x+y7nIz8JyrjJIzzXHq0H727J8GCv0qsG1uFZ13dYEbTknsY+zPJ1yMQVjlA9corsARn4LQcq4ezlubDxycw4N33tPhSSOo9qIxDYcj3Or5AjPHGuGO8mZ6Fjge/1S4w/AfCQxfegk9Px3mRFsh8rxGIB0RCo7Pc6B94U12XGIOQ7PsiR7EQMtrV0JjB8j/7wz/JzcRyiw6KchiJGdkLWS5KToYktWOz2gkuD49QTcuaqFGihjf/z0Gpo52gfgZ76GNYqnWs5h9rsegQlIMzImW421W38hY5SQftEAoUz7Nsw0lUTbwGV0YHYJncxJ4oMcdrlfcQ9NtEay27DfMjp0AxVrbOFtRGmttK/lH+G1K1XOgSplztOiPLK4JzGCdglCK/ktwbkEiN3R60V2cQ4syB3GlWDuMXavAXqHOKLauE5S9Wnj0BSFwueSCB+3GwoNiX8peN0Tll0PApNGT5K7+o0Sbl5S4TI5KCyaAjV4TnL/xAWtKpMC8aw5P9wpBi5wduLOokYJrp7L1eRMa+cQSHrQi9dyfQwLeRli2toaSPc358LlZXP3ZA074xKP1tz5wilOCg6tDYUt6B3QllqF4XBSvHCsJ6w8+wbfa0jg1ZxQ/Fkkmz0ZlSIuUozdXa3HNzmgaHPJk/d074JVLJVVId+Gk2tvgktLMfFsb9qzSBHHXEPLUc2Hn00DBngfA/pwJRHpXYV1TLz7V/sK1ZgowXvglq1rF8cOajXTtmBquVmnEuKB8MixbAmPCt8OB19P4tLA5TDVaAS3bNen2zDIYENrAa7Ytg9RKHYy7shyzTy3CpuZErDiqCJaN4zHCIwZPmF1A95TPGOVwBgVczOHRv9+0bNZZCLC6CEuM1GDT+ecsM7qZZv/I5nUVsiToMxEVRaLg5p4VmD7lCEqbiUGwpQFEeh2ipidSMPRrGfl7/eT7LqX8zKgTNardSMrjC1y2T6aNJ0xA6+RWKp6rDd7LFCBVex6uuZxIIms18a5oOHpu3Q36z0dw8SKAGvEbcPOQDtg6hUG+WzDMPPuAPfyn0ku12TBT5goL561D+Shp8FOQhbQzE/BJQRxoj/6MdDYMZEP1qGbHQ5xZ5QnTLbNIV1EHcvYvwmyfCpZx/4ZiaR9wZl4wZx4bAoEpjqiaFARjZn7BHxNNYY68OCWVzMGGex84Vq4Qy6p24LgzUaQ5Yxf5RBhR+NMXOMZGHeoHBmF97waI+GrJuqvk+PS3AvZNTSDxf+XY15tFN9+eoLBEQfjh0Eaj89rRT+ECKfZcZrPhV+xk+hvSDZFfzhgJGtc34hZFeYjN8qU1+cUwr3U3TC2VQqtJhzF9mx7vKBqmr//KOfCRFM9+YgoOu8z44Nff+N6wBq3UNqJZqC22S0iC6ifEm5tLsPqgAMWuVIGD/m8gIvor/PJwhF0x03CnmQDuuhTAR8IO4nD0Um6ymMy/bazAF6fwQ4UsbFkVxqPPSdFNu17Ye6KY/6ha4cDFQriKa+hsvjmMGjpB84Tu83Dyd2r+WYe3TRI4zGUah9d8pHE5KzFlbzr5vtSAjQIZfEehGcbFV+HxUnGU3ZmNs8Of8C+BeqjeHsZKs5p5XoYCvDmwnO5lLIBNl4NB8t5LypX/hpsDXmP9pumspGDBl0tr8dQtNfi9K5/Wf8zE6zf2kbdfNTpVL2TLMQvBoTmcFN1FaVtgLCw7NR1EtM3Iov0mCDi9hZBBP3hsY4/G8++itk0RqidV4WaJcviyRR3CbevJJ2k2HR1ci1s8pWmGugA87D7PclqC1Nq6Da4Ny/DrIDPQNbKl4EQVFNM9AT+VFZilZ3L3cAnuK4ynu5V/2MPRnkSapoO2QAlnTlRk5001uG2VAka/dMf7L1/h/bZdFCMcA2GWb2Cynjg4/VeKRy4OYZLeY6xWFmHVJ4mw6bkjuPrmsPyIcfBbzwEjpBRgUbwff9K8xBFnhqkvArGuejcJr70Gn1658HW9D6CplkGW1ZPgkbQvzbmbS4533Tn71x6IH7GISoquYsDQbWi/WocrNtjyPldRqDjQRD/mziCP+QrgGKLNMP813T1NYHa/EavH2YNq+i5oCTGCO18tUP6BGfccHITZjR2wVyuN/jkPQtB4NRrTfoYyJndh5rnxsE3GjuUtV+P7gdWgtqcUKqXfY+eO3+xpRnjMYxF3B36EGTMkIGhrHBS9f8q3Op34tnMnbLU0wJ4N5fhj7DxI0M4mWU13PuUtD8Ipc2lnhB4u7w3FFwn9kGveDlc2xrHe3zJUX/wShkb4kL2HFKzeoksz3n/FQ9hK6pVZVLN3EZQ5dnFcjhEJVl+Bk5V2cOglQMOYVlLrfEerjtZzX8s7XPOTET6vgdNud/n57Riwvh7Fz7VNoSOoH2vuL8IrWsK4JykL9z2VBUONbLbOegKKJ8/BmqtivCxZGzq9e2mvylS+fWQNuQyvQf1Zx+HkQiWOtCuH6R3FuMviGFrKm8Pilo38LFCVP34VgOZGAZjbW4kPNC6B6itFsqzw5q+hy+nbxSmw+Z4tXXJbTsJxqlj9ilhkUQm3e7uwf54en3r/HMd+OQpaMnIQOHc7KX925QtrbVHx3RX6ddoSNtu1Y1VuObQtCmVVJT2u3KgE+kN7gFNNeGf3O8jeuYxayrLpt2ASTQ8+Sm7farhdP5ZWrVWFms4b0FwejsUiyZT7YhMcWjqdfVVz0XNOM8zUEOFT8/7A3KcK0OjnQmkihiTeEA/TCyax2sI4eCtTgZcm2oNuyw8QFf1D+y+MhqfrFoGshyJFrCdYd2I65j47iKpKDlizTIFGiDGsqvbnp0paYFqzi+d3eYHF2suo+2g8fpmznTpL7oLPgwtYIeXAfc0fUOmWDOx7HkrGGd+wa9UWqHyejuVjNPhhczcanr4H+yfkEF1fhDv3CcBLv43oWB4NQt7r0MTBl3r1kF7E1mHpsoWwrHMG7ld6yZe9BSHslTNuXTcHH+wsQkfLhTjarpT9nhwFle/llBusBfpaUZDVg3Bi0wlKrehgt/knyee/bhJJu0g3+s7j18gwmrTDg7pKRGl9BsAGlU983PExFa79g+X5TXTr9WI6kZGOQme38NpPN+Fa4FlqPSMEvzSN+GzUTIy/osniiw+y7X/aMNa4kx6f3sbXNFNYcrI69ZcZwtf8l1jsvRsqf12gIYE99EEimizXN9L3kbvARqOBq6d94ahoQ5haY0t75RXZeOUmXqY3l5/F9mOzjTF3KN7D0UU16NFQRSLLtaG/25ModBzbvE7HEUvngHSECLzrXM31jacpUDKcS8sDKWCUMaTAA1a/sYcv2azAI9PfwtuX9wFFAnCmbTy7/LLE64anQPy7CLx4YU31f4bgy/QAFMxQhK753hTVUsJ1/fEcLXyOMlZn4SvdabDtHVH1qlDsWScNymeZdycuIBHXZ7js5RpYd9IedhQdg9+b9EDv9liuaZ7N8jLImW4xuMZtFtc4plH8t/2g/PwxKXom0mr3KZB3aA6/vBCK+wPM6PRGM7I8fgsf9o9k5YtH6KFBDT4f+IkVd/RB3SKSsg1v8K8WLxrd148p4uHko10IA/dkqGLfGv4jtBq1D48Hd/E3uH79SLzw8xudmrMJNqyuBn3Z29zsL8Fn/8rzxZ2ecERcBz5SGX495Q1ijmYYH9tNJazBQpP74FT8QQ5Va+CcP1soeacMrHC4RksFciDo83lYPcWILtuuoEPuo7igwZlEA+LwxOuXXLN9MuzbMI4LrmuASHcE/Lat46Ptb6i4LJxHaGZDYVs439SaTb22ZjDv6y5YWTCVEq/fxbmn3vP6wan4cbQXtV9+QM7LvtAWvxW8VlYQLH9EcLK8C70a1oOb3zVBuwcg5aYiVp5vQv2biaBy7gp86jSAl7+lce3WetbK7kKJNx1M87RxclId+sIpaq8pRNvWJtjUoQR+Em0828OAPh9/jJ0iUWijVIfun3QwvzMf9zd4odydQL4lpgx+D/swikbgx8D1NL8oEl77K7PEPjeM+XkL9i2Qo17tJ6TtYAoLR7ny96WnMdNqHY521aTJB0upQsiNkn4fIa66A5v9j7LANX2QUphJGaZ+2JpyGocLdkHN6vX4o6IQ9+ZuJZ20SbhZ9wou/6UIlWrh8K1ZkKprzuGNWU/A5tRjCn3lgHtjV/LF/JUYJGiFYw+Mg1D9LjYuWAAul0XZvnYqPLa6Q741gjj0WhuvzyqlOTmmEDJFEs4HC4LTzFZysw+igtQ42KIhhNPbL2GJ10rqKhejqsgCen3KEAZrQ3nBahEil6u4NaAAV6sWkuDYSAyN24fpnx3gXqkT/DmkDPMfL4HA5PNw7eBHElvjz++F3+Mjow3ocdiYf8fowxv7PNTyEATR483sNa2TKmI10c9xLS38bx1ne81gBbkHvHG8AD1IO46e303gyvKdZG91F2PPipBH7yeWXKQFOze04kvFdST+uwF/ztPBobCJkOlmAZNU5qPLwFfcEB4K2yPO8MSO3SRruIJfXV3P1q0nee00a8jZkg8uATN4z9nlnP1Nj7UFsrgv4yO9q3jOPT83slTmGNYmOTik+wb8fI+Q9KMHeOq5E55au4iltpyHvLXKWPBnNM9rMeKrVloQlnqXJwuls/rFw/BZzAfrQ55hcEoA9lzeA2dEXGiv/xaeO0EIKqGcdqyw5c9BITzeJgPbG9XQULuMpobsxcnFYynhxgJ8aTQZZmu58JzOfLSZaUYK5yqxxWc/nf0iyO+D79F6T38ot7Lin/0y8H2GALKXM6WVj8eErkISy42jhnJ7bpQqY51VvjC2UY4tioQhK+cOn7WXZFvt2fSKT4B9VxY+C+4EZWNffPZRHdYPmvHsUAtYoiALez3voVt7O41848zNSgG0MTUfElqy6F6HHeWnR9GBKnWQNVhLsg5LqHIbYX5HAPe5FfDcus+8IaOfw5+7stKjO5zTSNAk1EbscADTTq2kpuC/2KTmBpM2W/FRQ23KsA8BhSg/CLAdCdsbJlOHlA64BWaTbthn9hxhDbaGvfDvyB/M+hSDL3LL0StbD/yu9tO93Rt5vusRrqfrtHP/dD6pfoQvvQ+lZzkr+P6OE6y0WQ48Dr6ClQJH4Ht+Hkk0WlHRAVPemGRDYh0q+NdEHRSzBTDZAyAq4ym4J8ST3pJoPiJeCn6L3DFCwwsuHBrmP/scMb0tF7svGUJi9DO6aatLdn3X+O3XqRB50A10O5bCkjvObLRDEr6IO9BdAUNYuuUgxG6yhwiJWzjrTxP4/zJHs4r5+F/ZPq65/QdMF2fQiKPKsHS9LSzb2MWeqfH8Ws2N5QUdKTT6PKzbvw+OK1SxxVxv+LpuOmSMSgDf3K0YZvERF6sehc/xf/HLoY9st/gxnvI/R5LT11B7lTSkZIiR6PVIHFDs4zv7oli37wL2aJ5n0YIRpHv7Njnvv8Njn4yFD/byaCrzGasnxINxqzjlCehRUmkdvDkSy5UwnRPd/UHqzUTw3tiP+MaeHR96ckm+LSkcXg/e/2ZgsPZe4uhF8EF2H8hmTICbe5qwcf4HEne6B3zhITw3W4d5+3bA6Cl/qPpmKzY7XGODVbqQ+t4VUv87hieuVNAzsTK2CXyBxRYFYJ8nDpdtX7NqqBIUt0jAqd48uDF9PwQMuuOAiAkVj7KFVZZv+PbPYnqXksTH8AgXfTCFurFZ6LCrm9oqVXFJkBx+0NkDdReWQUw/Ydj8Bn559wE9vq4HW51v0W7DLjxdvIn2/UpGq1pr6v4bha/SvKl+/mhy1tvNDjKCEHGmD6JkgGqi4/jTyHC6JqhKGUf+g+0v7HDKv2SUfxDK1xTE4daYMp7V40pTBs/jzpXN9G/uJ+gPKkAD3y4KLxzNB0WnkUe4IhyeO4ljZl+l6/8VMX9YRxeLe0GtLJcWa/jhZbdgGvtjIY5XIOj9q8+3k0xZuMyF0hZPB2HxcM6sqYLtfshSEZu5Z688XlPSgnPO2piiUMALkitB66Y22hy8Bo3Gl2jjpXGk4bIRAyK9cYSyCfxnlovRYfJcrvwQbr9YzykJIvzdow7G73ZBbc+75PcpGaTGMNz/3U2bai/wioZ4Dsv5hy/9IuFjbwB86VnPJx81gsdPbdQNUYXxg0G0oM+G+54M8J4ZtZzmJkoVRzso+9Z5dj7aiZKZpSxmIQThvWpctMSUJKP6uPRMBDpqjwULVwsQe/sPBUs/8VeN5aD8dixsVRThBVdyweH7KLI5vBh+NTiTP3pz/+NY9P4vny8u3sfTqifBPZsYiDn1hiecGuAQ/4cUc/4Ff7o9Dpe+uonaVoC3XG9wboMVeF6rgwKHCrRJIRIIaOT1DtYwFmSgc/lmtDziAz0BD2nDBjWYfeEjJW/egAt3jGHbPxMppEQaIn2K6IpYKwrFHOUdJrGgo6gGY31fU9vWPJxUMRdWaUlT3d5RsEDuOGg3zaedWyZxzeN/ZNgN4Db7BsnU/UZDlAaZnCZQeLsHylozcNqXSXBGrIEbLKfwgxht0Ol+TbbW2hBuuALWf/fHwjmnKTIgnnaf+UsnkrxYpL6WFn62gm+elZR4Oha9uuXZOuwLKBzezRDxFIb+OGC7zwm8pRfEkwxHA/R4gnCvGV06d4YW4Ab67v2Sl6me4I7Ic9wRrIKOvke5ebcpqDS6sZ28K0QX7cGWpfLkG+UFU5YDbdHR4yvPEnmb3zjqOzkFXGIG8H5OJqhmrmbTlPGUPyDK379vpQOgwrbyyVS+zJXeD2nBQdmHZNuQCgdyP7JguAnS1GhYsmUtPlgqyh8yjbB5jRPYnR0P1TcKsWyhNweXtLLkrcMw75YkNUT24YfNnzlJfgosZFn0TZ8ERZo76I20OQbfi6ArR4d565u/4L6ui6SLxqLk6Iu4JPApj1pkDm+VOsj90CXWo7cwvbiIsTMLX8w6R1uSYqDu13ocUOomjxHqsMXUhgK2DvOeL9JgmHoF8m+M4/Y9E8liTju5Od5Agbey8GKGOdgN14J+pCt+C1mFZe/P8ND3eWC1pBjype5i2O4cDLE4gJsKFGC9bBVFzDFllcRqfDTOER2su3jV9UC6W94C0p9XoYVUBskskIK3RoYc/6SAJ4rMpk0aK+DIvW8sM1eLf113wuLRZbzC7AQcrzcCbVUvEnNXpwkxOXhQwJ0sBXfC6dL7cNLqEHjHPYN5HzfTuQ1WoH3Jno9mitLx5GD4sK+NTEbuxJUGVrjmVg7KmDXz9OdBUH2B4EdSGAQ52FDHtxjSXaQI5WvH09uZiynw6kzYtDGGH5YowrpoeYgsOYgLglropsFF2GXXgZ/H2fE0mVVUbjoFTw5+5eNaK/DdR1MYql0HuXeXU5ZGFB7epU1hv09Bo1wPvF4+i2apu8PiwU7Wv6IJ7zTfol9mMDdqCqAyP6CzYn8h9oUfzdrXwc/SRtP5/c/gQIo5vK/NhSPdhpA/upg1iiJB4oYEqo8T4tcl53iyQxBKbhZG42Fp8BDroK+HrtHri62UGqvMbxr3wX9KE3i90Hk8v08cxtiMogMTx0NTwBiYHLudT758yzu6ET5Um9BH+VoKLU6GlZUmOHW+M0yeZQB8zhpsw9VRXUmNuKeNFh79w2c+jMOXPzogU8qOI16b80YrPbA61g5FuXt4r3kyVMgDjPSPBpVNcbC2vAY2PDxDCXFbIbnSDMZ0BuLYwkGcZdHCB5PnQ3DlbTwic5refO8hnRxbuDWSofiYKDRFHuVoSRmKtX5BFs+DORz/wJ/kUbjn8AEy26fAuYXH6W69DoTd24rSckUkmsmUVxSBM+STocWmD+3Xb0WZuXP44+tQdpGWgKBWdZo81o5Wz8znHtvj/C/TAOtuzcTMiU68efsiEj+5hM3zp8PdFCF+MSsb4v9LxRcCUfx03mkgXIYtYUK4FEej1MhtnHpgFNye7AV+PiYkfkeLKy+Y474TLaRYEE6+Z6aiw6hJpHfoCddeVoGTOxjE1tZD/6rZcGCwBpIlGynp31IQzVsK8VKtMHwih+9sGwXHV2nTrN9pQCPaWHaTDkj6CFNFiSdMOPIOrmeU8TsHe/w9xxISirw5rPEQvL/SD7XPH6OabSdfvurGpg3W5LBjmPKtu4lURMF58lHU7kYeM2MSW0qNIilxLX7WKsJ33qbAM+My8pTPI28LOcjQEoQw6RFo6R7E4Z/NwarfGwXvnuElaojtLq8gFiWhT0IXphifAr269SQ7zx+mTMshrXlRcPGZKVqmZWPVhDUobKcG4XtEoHrfPAzUfc5q74D39smzzcM9oHmtiB9K38CKSAm0VpiEZV7mUCisj/MT7RjnnEStaB2sK1zPcxN3wcJzajxZrBlLB49AfbMpVCcK8ts1cfiyNIW/TFDCaQOK9G29HW6/8plVGgvhu/19/HpHBlSMzXi42R6t5zZD2GFHdoqRxG/77Wh2hS5/HTsCn7xNgqoSY+iVcQcHq/vQ6afAFO8Iy/QaSPVsMgpsyuLVSXX4WfwwbPCWhtbPBTQ524Qj5xejynPCaXbKeHvcLez8awjrep5y229fdIk2AVSbjWEfnlN06lLOD/nEWY0f4OVkQ5gGr/Gc5URSlnhDie+tYMgqGLZ3ZLJh1UOUc+mB3xf66aLyalT7z4s8kyKhKPwsbCg3BOtADz7cPw7v3X+DKvkyoGLvRrMe96BluCj2XpgBAeX/WHDvaFAasZifP3nP4TEWaCedAhMX/IOhMVdQJvYxdzd3sdyN2bTopwlMl7/Elw+r4vLgbSDivwD1+89B9UMXWmY0hDfgOe2OXU7jxzEM6NTi0nBBUL38BTYXpkFr22FoEJ9PciXRLC3ujyeKY8l8gg7Y6KtQ02MDfuNqSq03YlB1lTn8lpmBxrMEeGr0A+57X4UvpijD7x4ZiDBzgDeO99nWqBvNVszgFYbzoPCEDGQE27Djkvf0tdwC/gmWsnuaBbTXqFG53g1oePOIlC5ex2+3H7Pmrnm4Ky+JrYwsYGMxgvTtMG61eYnuSz/xtzOdUFh3mJdK6KH5jLE0YYc/pxgqwJuRHvC1UA2vJ2bzve49mP/xIs7Z1AR/k2QJUu9g0OUzdDlHBvrv3KKAtA9keDYAD4co0rr8bqp8MIm6wwxY/5AD2Y1azyo6ANcOGWEdWfDPfqb3SUXstUoBtlW0kcTpehBZth6XxI4AyVN6MLzSF02ubIeQjPkkJZqGn8u/wcMPO9gu/je255iRffp6em0pAG+F9HBWhw+eNRkD6SkKbCVC7PZIlJU2nyWlcBG+ln4Fj+/UhQ/TAN7v8cWHX+Pw+vMMXp6ngneXS4KuswcsUwnlKQ3lFPJQBITyrOnUdUM4c8+btwccBXthaQx67gFSh+Zh8RMtlCm9RNlaYtBYIkvuMcewsfIS/lQMp5uJ3eAUcpfOL1UkuSs/0U7bEzoOTYVHDbbQNn4ubK9YT+r1M/gc/SKfc5/RR/0knY6QZWnXCjYbpwM6NhI8GFhAkUsMuH6CEFY9WAkB33ZiZpkZ2g/MpukXv2FdkQCULqiGs7PugbpbFtTNsKcFXx0hplWPFz9QgwfT4lBQthfH/DMEnyIhFHg3zDsWDXBk00Xu2GRI1iuNKe6OLMTAKnxt/JPstazh8PoDmF+/GlaWSNKh5DyOlgtE+dM15ClmRCIrWvE/HwP65ToG7mhNBqHRm3koczuvNhSFHROXQ/SwOcaIZHF8sAAMLo7EbRLT4MbJY3TvwB84HRCJ+QV1eH+6A7XmhoFGsC74JlnD18UhfPCnLnjd0CUvt5f0ZFQByX7vgIY5orBx7yEo+PqY1QQc6JrUVqrXNQePJmWUF5WGu/mGIFd0hy2jT9H5rDeQQJvo9tRKPrXuJ52+Ig2ntpyD/vBeNnuwEu4ZxKL59TWs7WICM+u0QUrCgRXxMFuPHAkK54X5r8hI7qj+BxvN5elH0mosSJAmkHGgXBNxOixQBNaB06Dl23FY5RPJB77M5C2T5tLq+w4w+lgo9+9KZ8PeY/zPM4nnGxrCBytNDu11x729TtAaNJUbLI9QReY2NDa9TUsXVUGM/0r0PmsINmevwLMxgbSp3wb6SnzIaG4YjHpbj+aTcyD1/Sb6WZmFhRJjIGF4Ii/Z+JRuCnaR8BlZPLH3Fvea34X0cg8svJKLBeY9UDHKAPwemeHwPGGoWizLUut3wBZHO/51xwafBd+F817CYHXkDj/dBfAvcDtk2TxhlwVplPkxhyaNqsW++yVQcruUtc8Z0ZkpE9k2WQrqPITh0tPH7JRTA6P1f2Drqxjs+fCJ2iMLedWk1Xxm1ky8uVwIQnwLqVQ8iXTSzpPdyTJqvbcaK77dw5c2TXD062nACHuK9RKFwJI0ysm1wtfumpD1UxO+7pSBUfePc9lrEerMKgd7zXj20JWB7rQcKjXT4bkJ3/jpqQz6vJlgz6xYPvbLmgqq9PBE8GnMX2kG+wfyYfOGLZjwRhk+1gxC7X0reqD/FI2dvMnmdijq1+exxCZpeOgpjRoLt7PWgkngIqXN+zP2stfF1fxQ3wgXGaxC3XMz+UWqEMxoGoWtc6J4lsd20A04gmKLHuGPW19oc24ye9m8geQHW+EwTIXeWZVYeROJ38zGcZu2ov9fhgQ7F1JQlMH72QT5bY0oqkdQk32T3yZosM/AOl79WRJtfu8j9S5HODGsTLEmVgBtaeR8aBJ4HAEqDIvlwYoi6p13C+WuniJ2vYo3FxyDkK+CcCpxJryZoQrfazPwgbEeezlY0aNV53GdzlnuOTKWsuZ9oMlrndB/mjJtPiIPm6QT0SzoO82anwVkOhXsZoTTM7LC+YvPsdVgOHW9d+Ljp+Vhd+dVLledRufNv5C0bhpZvjLgzIh3UDZyAJfYnsGwqrl4v10I9smqU0uFPlSRCUxp8wB/rxTQip4P5qU1uPrdH1Q2DcURD4Xgu7QvLBD6gBYjA6lX9jQ7jdsIBtExHFAsRFsT8sm1lvDyaAmoPfmFfix8Bk/1/8LRRxcgPWk5qB0SgMRPkjDZrRadO67gk1FWoP0nGNq08kh2VRu7tMiz9XQRtoxexWtc5OjzNHUqOXOPf5wVA40ScZq16QctKRTjnOPe5DhGDAref4QhuWIYjNPl8yZ38caGCbBaIgvcF3rQkxWPOKNJloW1GilljiXL1F5gb9kZ+O/ZOqpykYXCmsV01TgI33yXg9Vjpf5vmGKkO3C+zFIIcvSiJXJr4YqhPqgHOsLIe87cNToVqjJ34cy1m1Bq7TOctOYjXx6dgktn+MG8bQCj1RJIUFcdDEXk8P7TGbQ74BG30Vna678WysITwGyrCcqVjoWxZ3WgLHw+zr7wg2/Hb0SF7Eosvh/DD87Z0M9Tu3lcmjkeeaEFjy5EsVSEHjz5pgW3hFfj47zvMC66l+Y17+Ddoqo8RbGar5I5vFo6mkUl3+L0zaep7jUTjiY8FqwNMl6u5HlMlCe/U2Pj9CnQS2/gimgl1gxMwdFLb+FQfBOXGkig75LRcH7gB+uFj2a9S9KQ4HSXIirOwTbFd9S7shniEhfR5z+bcPHNbkjStKIFokugrl0HzvdtgfGHh2CvwET6cKYUTlqP54npHSxkEsHbqBdcXyZwv6sRNN9I5CU+4ehzzBwaf9mjo7oKB1adpGnHq0AvfAScDj0EB7IZ2rZkYMsTE1jVfJFFL9jziE8vUF3BkPolNdjr+H18cWoRTpgoB8/YDf3/XUb13bG48movKG6uJJ/gH/Qqo5b35Pii6fV5mKiuApavPcnpP2+UulhCTpuVYMW3sdQ5PAr/9LbQh+hAeCslhBfVTWF7yX3+caiJWuLHMQVvpWiJxbTFeBd5jrzArWLTMfvGaOwuHwVfqhPQcN0FNMwtoc8tLeS/PJ0eKLaSjjDiv1WfYcHwXtz60BosChogJ+EFud58is5r59DxPmM4Xvoajtip81BEIjrWvIFIc4ae7NNQFfCKwpf+5N8VInxnbTYIat5k8YC/WLv4O9mrpcDH2QLgELcIBGsTMMzoJv+U9oQpU/1AcXEuyN2QIe+UH7hqSxTtQSGI15yMtvd0uNslHqcsqqVdkz5SoHYdp1bOQKPhHCwq7KJ8qxFwQHUnXdS1x9TuQt5bZwHWvq2ocmErhSn4UeyBbbTcJwH6+s1hyctx/EJsNVw/3sD1FUK4/eJ2yJmYgGVKZlj2ZTVPuRsLn+5Lg4iSHYpOT+GVba68IMQA33pWwJ7vS/nyiO+g9teGXqfuQvPfinBSfj1ovdCAkKYQcPaYxerj1tD3flmuMZNClYWL4OQxLVq5cwJcrt8K1gdW4qw/2zjKMpgWTdanqUUWvOzpdZCLC2XP5of8/eIkqC+bylaOUrDs2jPUsM2kl8OGGL/3ElpH7EftSw1YrN5Du6qtIVJHDL5LLqQ5xVXkfiQZW+WWUrepLn4uLuKPlw3pbFQSbQqRBy3Do3TQfgPl3H4J6/90YrLATZZ828eoGcWZDcIwPLKFrGQUYKOgNug/9eDlTjJwnLeBVMNd2hIUCUmvGzlmjjuYXinEWXHGsPHrDyg8boR5YjYkNf8qLRW7SyF+Y/BSvBfUpg0g+9aR6aA+qC4vx2JzCzjdeAKbjy+mawU/+VtZAIm3P+I290R+7XYDQ9+PgZajqqz1nxoJJLSyvfIorkhpol63SxT4wQNSBeJA/pAc516WBUPp+ygSIYhjyhQo2mEtGUy1Iv+5F8E9+j5rhBZjh89OOFY9FQxTFFlaxQ4yLk2hZYXfoDZeGenpFX6iuoKTLYTx4846+q/NGFaYL2CpUSvpdWE1iZ3ZBtX/iqjVciEcD77Iip99ubbyH3fni8IWC0sePOnG47q7yKZFGcJlnBDXxHOOeBJqxGmSvf9xaPUQhaLeJI4YkoSOAksoet7Gi2cfhDxPax6WjqNVl07AQFIpeg/JwnbLObgdb7Cj5RLqviIL63w8eEt2Gq5K7uL/BO/SzvBaGBNC8MQxkLJk73LL5BX84sFB+pBURE9S/tJAmzNfWNOIx+u/sKmQBMwddMG47UAqa2fj0AU5aPPeQUuHfWnJ52gS+30FFO4+hXep4yBzzhOYLT8ajVZcJPfqfKCJ+6lF5DRLRYjyPgkVXrNImA5YItxaF81BolWsufs9XFIJI+vmdHLzEIMgJRHqkHjHxzZUUHGxHlg2jqTipxrY/MGAPxZtQJNn1xGb0uDK8qegmFKIO89Vw8hkK7h5yoAWXN/GXxrPUkeoJcnaPsL0WAMOeRzH1Re/0+mCuWA7TgOE9eJ4f0s+bIufDxGebzEtywpeTjjD+W7JkO7eDj/dREjnrxQ8z98Ine27aF7YVGw6Ngty6teznvRiKhS7QYmu88BpVROr3pcE50EzyhZ1xbC/N9BPUpcc77pw/pFnMDHrAU2dq4U3sp+Dq4o6JHmY0B7qp2qPbDLStQVFg2jM6r1FFwNyYZVqCRTel2Sz96Lw9elxbpI9jUNhm6H2QATqTlOACZsC+eHqcDra/Brma28CDw1lqAgpg9Vvf0OGqwU2zZHl5idVaDNyOX/1r8XGSh18L/yMPE6PhdollvzCZym8b++CY95X+bXWSPxrns86d/dRSbQ4rhFPhurvYqD4sIEbBFKhZq0tvF2QSNjohCU+01Gw3xEXfYgjp2cTwPOdIUhLeLDXDD8WXbQSXL3aWMZ8B8y4dhdXC6liU1g/HHHOxT2LlaD1+k0+12MOgeukKP5yIT588IpHpf7jv05XKN1YlfWHVLk40Aqat97Bo23XSFfZgmOcptHSKc0YMcOeFK920cjUMJSqf0cp5xkKlg5h5YYEnl8zQDummoF71HlqCrKEKa+Oc/cnEao+NBlrxk2GeNs5IIeGVGt0BXwuKvORZ9No3L9Z0GE4hx/GhuGKvHtwXkMCXK/tp6H7eVAQXM0rN3TBkms7oNK/HduF56KlhwA6vxKG8DQj0K8TpoA/7+GpliX9kgvDQdFqnrRJnw8aHeb45DtYMyYGyoolwD9elT921kPh7d2Q+ymDlCRGYtdxR/okakFb/OXYTm0W/haVhsFAB/w+/IYTN2bhW9tEbnFywwkyH+HR1Upas7werss44tBTYVj96g/F5i/HH9dG4jzdyxzzZw+ECKqhSqIc6wSsIi3ZPJjnbgHLhcZQaOcBMBhxmgNX+OPt7lS+u3kfqG5g/Ol4jo681iOh6ZKg3T+XZCPP4NFWUfaaVM7RSk6U+k6eVmWnwrGSp1D2S5V0xxqCuV05xs6aBx0fG1Dt6j7QvliFA00R9PzoS/rTng8mnT0MrpNhjGw0xHhqgMWK+6D/SYQligUxPs2PT63wxbB7u2C/thMsGZICucEEXl6lQtuPa9KOTgcctbyEJiRNI+3jUyG3WA9nf/RD3RWmoLRtF/a8X84aa+5TyAbGrqPtcOeWCPw31A59Zlth/IRHfPIEg8BPYbrh/gxdpzqS6S9PfvT2EOtKRUHCjRQuqv2AiXlPOVB8Inz6IMx7tAp5W1suf6y7i2sn67NlWj188T8GmuLtLDldC9Q6GVbOtqeD17NpgfkW5EPOXHfdiqpmp1GFtyZvjLaH4F/psLdSAjZNWAGqrnPIwobQY3IpOypW8alVxhjlvwMl84ow4Wcf2LUqwPhRH9BBzhz73vmj2gtFHOE6C+XS/tAUq2qMHMoAk/cpUHBMCwLgEer46rO8nzpI3JyJRzeORme/uRSdrISaIiKw9vpnkK9RhEFjSVj9SQhN6kxow9drMHj8Oh+SP8h6qYSH/B+y3sMMWnVLCTY71VNfmSIOlytxSeQInvVgFSn6h2KUeAaPO6dLSlsPccRJCRgt1MlFA600/G0MpLsc5KcztsPITyKgFN2Gn8oHOE3Ki052I1xK/84REWu5eqsAGey9SzTyAL5z0WIZjSQ43LwW3VVNab/NWFCRjaKhp/d52pYymKt6ApfEziCrlVvh6w4pWDvpE9qJz4F9n83hcVADPotuw71jbTCudB2NPBeLgj0tlFyZD72i7tRjnc4XikfAvoUbYMw0VbqooctB9WNB4b9j/On8X5ArLcExj7NR/0coS8iqQIfVThq1rJvUvMzQvvoaar06gfoi22jikixy22BAztra8KTMGIZenKdAQ23+OSaY7cQPY2DJWbK5l4mxUzdSR6s51M6wQLX51mCoPYWHNhjBwRSgUWGf6O6IRKqSnwcO36ZwgulB4m9H+LPKOFB5rcXFWw/S7Ot94JJUxC7nImiR7kOa3tWEOQujeWtPGX9VNYAjH1LR/O9UmOBsyMu6T/Ivr43k/D0Er/2t4BA3H4gfNxOrF42GWe/3sPejdnQtHIuaT93Qv30CCbiMoR5Zc5Z9tQz2v12GgVNMYZxqKEnZhdHg0t+0XO4cLcx7j95+p3jOtkg4/jWLx2suxXwlHfCK3gXbbB5BZEkcyuZKgFXXOeyOyOHlqXPI+fMHvinTTr2TBME2cDVJX70CQt4zuVPUEXfsiaTrtsT3txig0cArDki4QXujReFHxz1w7N+BEvoGEJe1E2efPIeSggXw6nwfcvpl7GxLxBUNptBefgE8BY6R8uZ6vtPwgT27rlBcWhLk6SpAwtvZOLDCksZkqkPQoAZIPW4DgYmf6XMccL+nMVY9EaXxQ10o5ieMUTqf8fU4Adiv+Id2v3PHnrHVnLVhMZ65Xc+F+2N47xZNIv8xfMKhgm/lG0CPbBwppXxk4XI97HbOBGFdRSjRmExPWl5R/c7vEDffH8aIGcKNqVrsO6uVuo33kLPBMdS6vY6yNupj9JpnuCCii2uXuPF/m+Tg0iQHfjngihoDz3nKuHhavEqb1c9cwhEXF3BB5VlwrZkBV4dN4dTCMDC0/kIv4kQgdsgENkx7AHP6htF9+maKU6qk0rRh0GzQBa3+PNKZIsRrKl7SEOfg+KESuvPHkS56nmSTtdKQsiEXU1aowZkrpuz9Zhom71qI4QojoKMHOODDVfy+4AeE+o4kv2etdMJ8MtgkiVFLRDd0fA2EZKcg1npWjYJ5pjCc18SF172xceAP5BWNAPtRlaARdBb3fVKBJbNf8JSToTT86Cr90z+HZUFFFDh5CZvxBFghkorZZtshte46RFWaw7p1nihvPoizt7zmtOBeTvXyhJWRFtAe/wpaJ9zEJQbbuNPaBR5/H2Q/+zE4bZwmnRIWglSBGXBh/USwqPuJL8dPQKUfa7g3YAAe7UrDuh+vcHDDPXZMnomVMrFYmqAAH/NO81vwoJ4oMWhtDcBs0xGc+vgkFKmGQ2WJLTcf6gGJFElY9mY7LrkVTdKTp0Nc7xQ+nbqOts0a4PEjgjD3RDFq/VyNtiLCEPnAB/LGOvPZt1fB4O14Gvp2kA0yj0K8/QJe6FyKhXMKuX2GFDQFpZJeVwvkyjmS2tlB6niuCuf2v0ZvfUX6ejIZBSxd+cgrI5CQ/cr+HYvITUYcBm074cvzO7TfxoF0/iiy+L4OmhsrQir39EE+bj39Jz8GBY9r4oKcJrIxO8BFOnKwZ+saem43nvL+m4H3VunAk5/b+cZOBRIe84yK/c6QxteZoD9zJ8T4VvKM0OP8/WM6DRfpwLWHpqRV3UIQfR81vFzh9acVaJg7igb8ovly1F7yPTkTahsBXofk0NDaS5gTpMLTqpwoZdNP9LTejvdTXsOlkZ54fcEclr0tASgxzA80VejT1HioWtoMO3q3k8ads7S925ZETwfztCXEz5OVQCRmInt7uaHd3w76k+5BTQsOUefS+Ww6XRIXToqFmyMyOUN+KqhcVaBvSjXsBxI04ZEv/mtux5pvF+DQmVL6e7MRC8CTq95NB3XzPApwvASlW26iqoMjvvERg8S7C+F6/1o++8mMhSIPo8gXM8i7LYIr3M9C1KYR9M9iL8Re0GOvX0fg2uZLrDylGnJOp2He1qlgMiOdbjsXkOL4borf5oPnjMph6rZK3hi7klo+loBGmAqSiw5Iavaj1gYPmhulxfdCRqHRnLW8WSwItBe5UVbnJlIXl6e/T/XgwCMniNiqzVPO7MO7Ff4QZtZN9lqz6E/XRU7JvwKXWzfDds3RsGNHEHy4LU0X3AdQfu1h2K14Bzfu2IlVWstpoXAYe1UYwA4hNVhweoAySq5Bvu8YeJP6gudsb2NSSuSe1YrUX0Is9nAv3HilAyeTP6FlSzLflRmB87wnc1n9X1o5Moril21iS+EzmKPtC5FGyhBht4vNm+Zzll0vrRCOhzzfiSDQdQ0+eQRQeuY4LF/8lQzeGIPJ1BWQoxfPl59e4IR1phDvFAGNffagskCOz+jux3n10pT+wQJicv8Dla2aOHdFIGxa8pDD5wazaVsnPkx0xi7zFRC2twwWtstC7U5VihPfxM9WGdN/208i+NiRV8gL7MoQAWu9h1iTeBX09ypCxyc7PO0jB84JwiQ7Th/TZovis/3CeDzalNY7C0POpmZqSzSBbSv+oW95CsQ0JtCYI7P4k3k8yk1QYMfD7rzzygL8U3uPFNIJTlZtxX/jp9EipddcMWU8Pas8z/t1XeBouAt6P2iFgZKTpFI7AkrfSID9QiV8MS4Yf78w586mS/SvfgR9nFUGXxKbYenfq+Sm/j/i7kMbCMdfAPh3UHaDZI/M7K3MKBIhpKRSoQiphJa0JEVJ9NNQ0aQyU0ppqqQQDSQqpEiRBk33nPsS/yf5CMOs7FISGq5F3WMVVGNTxTbjjuGbi4ux66wtXT3jiAtOKbKX+Eh4ediY9nU7cMFrTfLO+cHnQ6RI2WkYUp808YI/Hmx3QZXFOjShyW0Bjcn3Z6WuOLaqHyKtSxth4MAV2P/VEKdtlKIGD6LEIQRNmd/koFwPW8tH0MY4cTLPrQOJlGa+LXgaR7lEsFpoHm+MlIFHO17jI51KnpodBPbLteiqbjQc3xLA9srdbCw3jWa0bIW38ZNA0i+QfwqGge7Fk5ys/YcU5EPJRigLbfok4ErZUSpQcMKvZlZQdvIUth0bQ3vO+cIhrZ/cM+8f5QoZYfgdDRL++Y+XJWvA0VSAV/NsYAkuJcWtAF6rPvM4fWtoK4yBY5zMjg8k2bTVnc3fGcNGpdWMu85j7fUGkpWYC6W75Zh6JDHsygkQ3rmId1Ut4u/5ctC7WpQu/dBCk/2XcdPS4xyT0IfKOdvZ8/56uv5oJLbPqaQtdsqwsFCFp6jYkFfYNuxSOUYV1gdwJTznlf1bWbu3CyeI/oKLa8ZBoYYYK8v4UItxFZ7KPgrn19fxmbtKvGt4HovYTcD0KmlO2joJWsWTePLSVVznPQji/ZE0/tNdrJEmjNWOxKpp97BEZz3+1JCAmVcAL0Zdx56dnfjv2xlYF1EFqb+SUVAvjt7E2VLAyBa00peF9kOTcUl2LdXGTkMll6/wYKMO5vMnXh1zlW0mjQfrK+eg5hiC2DI7qv6bwFFFeSwd+IKLHR7R4RvAX/+28oqkGywySRuHj4rDf8fFaMuZmeg5I4kUJp7FwwnjoZfyaEbpDXT+dRA3nDiGn2ONYe9zd1ovexmLA3sgfYoXPO+vJ9VrflD82BMKDxdg56iRuPL2CNhmsIyFRodQbuZa1JuaChdKD1BqbTBUDunRKCNJ6uz9DObPNSHrthHWHqljlXlfMHuJI3QtMiccTgaVGXXwyDgFRl3LA9ejCvCmfwtFfZ6MPWev0ImeXex0z5Z+aIjB51EdeGb/LtjaXc3vn2qD16Z9FNuzDEdeUqKsllJsrVzJYm8O45ggT7YKUYf0nCk4/T9jyE024CmKn7BaKJfHXXPkltx4UN6pzZHTgqG9+DNH9kfDD54IrqYT6PunMxgIy0k3ZTMs9G+n2DkvUfrOIQ7JWIMTprTzZw0dmPsxgaS/O7ObUzcL2jmRzBwJuLh2CwttawX3544kJjaGZORGgpifFli8PMSXE96B85ZyGKi0BtGwdhA4KoPlUmXYUpLDZhvNYKf4Gt4w3wndJ63EdfcEUD/7NZ96GsMnkzXBYuouNjrQzopfhWCETzXoRz6HCidx9LnqyylZRjxt7FjIaNCj4hHuuCp8Ar3ON4KaqJ8s+C6OpnrfwvelR/hWmDgvaWjHgOnrUch6NH2pO4MfHPVhaI8MxwYMgVzQd/Q8UA2H187A2T3nKNkhgIPSgNLzSsn5jjXcNnfGDuEOqFoYykMTWmDRRG3y21eB2qkIZkLJ8LG6DLv2G4KcuBNXDnRif4Esvr6yh2LInTe9zIE2iSjeILsOAl9dgruOoiB5fhYNd5zn27WzuV7Clj6P6uRVqccwOmgeyE2SJoXeJbxygRlIWZzF3kE/8N/VCB5PPqObwTVMOiuFHxqTaK+aGawJ6MXqSbLQqNGKBa/0wGS+BqYKLKTB0qkUvFeHd+gsxOkO/8D71ChMFlKGp7H7wTTkDWS8CGXZujS6ZUHgPrKCu7aHABxXxxfzXeBHngR8kFjCZ4XieI1KF1uHFVJCggtvleigqsmz4L/tSlQ6cTRHWCjDKwFfeN/lB/vLmuGkpS8ZQTFPPmtHl7ZcZl31XtTeYIxF60xg2c0YkBZaRmv+muPgKi3YuayXI1Rnc5DzXq5cto/90nfA5AY78N3rxKdyCIJKT6Bqzn2KNixj7TszwPXzTDIazITH3zXR64cs5K8IxHGL5uDNyD7wdxSGJWbn+Vx4K5lfOYYPDm8mcXNzFvWxgdK2TlDKnIt3U7LxoE8TZRQ8INmV7rgrZS48X3URT7l2ccQVApXNxuyprQ+GE5phrtNk3Nv2hTyk7blEsIYW1X6Gj17+mH1JDl4Zf0duu0xFiy/DqRMCJDtahW+6pWHKvFfcGnUKrMI2Ym2dBDg9WAK5bV9Qbr8BppxqpwNkS8JTelH28zKwfuUJE/ulqTrGGl44eKOd7G0y3tyHOR438d9sXfz4uQWNPy4FQYsE9Hl9kmalM0TcXIf11+dDbPRVqNTrw84/5Vh+25rHmNzliZsP0JjbjfzaVR2GW53QM/Mm2RXNZN2VjXxMZxhOj2LcmLaJjjnvRrXXr6mwfzTU3xPlNN0efmKbjmGOulzj84QNzMvoaqImmPR2453U81ijKgh5x8Rp+fEIXqBYC3NttuC5TS7sHPkOEhqVoWRWK0Vcr0CIFYS90QV8WCYFDpy/QMX73HHwrQFN+lZMDfgfiDa0kMrhRdQ5WRwsPpbzntMPYVPPMjwu2UVKB/JIaOs5mPp8Ls5RLyITZUG0ERwH7S6TqO74BDgQV0cSCqvQxjeYMp6U8loPaxLQ6cfTRk70cLMxLL1lD9qdC2D8/Lsg0GYKcyc20/U51tTWZYb7HmdRcHs5W38zg2uakjjSv4s7/p0noT9hdNVpKZ97bIOitcb43v8KfTA7z4+N9EHu0hfe067FiX6LyeV9BesZn6EvNpdJb/4aNn71Ea4mxYJSjircvLIHk0dW4O2mXxxu3QCOaVkw/0syHzE7CKKTYtCkrBZv37WC+d/fYkhrEMaOlKOS9tmodz+ERh/6SSVvToHlTxm0XRfA3z6Zg2hkL/zJDcbsSH1ePtWRLOdcJLkMBQwpnYoT1q3BArlG+HDMFnZJaNOf48L89JINRV2zY6mvYbBT1ZPtv65G/4oUTPUlmvpYBLS2pGHz4GSsr3eiR2ZL2PZIEd3SuEEmKzfAnYoY/qzfj6bHhWGzUwsdk2qE6QHplP7ag2P3DZNj+W04GaRNaz5FwVxvVco0N4SavfswUdGX1U9rw+4X+rRfNx99vWVpbsIRMFa1p5jeI7hzsw409XVTYHEZ18+9yane87kv4TYnjf/Ft11yqEOgE9f+mIcbMhDK7d7CEpev/D3zK04078NFudHkNtaaPgZKgdW17/ClxIbCuhG+C24EmRJ/ertuE5YHWUDNjX/4udUVfDd4s1prAkjCdRy4pQZ291oR14yEU3+i6WFFKR3fqcZKAjPovulj0hmlh1dis1FOczTovd1McqGp8KtjNAaPeAmu+cQLZu7hMPCDY79X8duqM1DuLwBPCpvhevh3PBAtifO/moJywTE2UVkOR652wWTpJHCZ/ozXfdUHpfEaGOb1BrLG/wWnYCH+cnQk+Rk6o8fxnVQUP5cKPzEHzFGAMQsaYduQMJf27eEQkWF8eW8LC2c7kmJMLDr/baSY50t5BirCo33m3NRwmz19cvHA8Wfo+qcPk0ZEsIROLAlFveEB3QP0bqUIBHy/g66eDXwgzBks11tR/TJTVHtRSYudNuOX9z6QKdlIGufFwCR9PS4ItoNlPw9QnUAUHDzTxg0rDThuSQUMW9Vj46VfMHuCAdQEPOMD3ic5UjkKXQyUUU4nk6Sq9nDh9qlQ29BKE0frUuoHSdD0McJT2SOwX9IOTXAhtnbvAuknGyi6EjjX5yjs+ttMhgWjIOLid9ZcIsENK/Pwi9ZbnB+8g1Stb/G2+bH40iuafwkV89niMdAWZcFzmt/j+NIuDC5+AXeaz1G/bwo2ZNbDiOhX3BjXz1v22cD7ptk87pMvzEvswuyUIS4JCmWVnK2g6HoEv854yEfXPSRPEzsYadDPyYM/cOsEKfhaG8e6I6uosO4evbnviS3iCjRtnyykS6qAbeUc/rikDPo+asJVP2FKMrPCmW82YLv9Jvi8zh3VBQbwh7AdmDm0UO1NOTI8Pkj37MzBbeZrPmRegK7vv+P9jan82fg7nBiUB6GOCbT6oQRqv7aENdaP+I3bQbrn6I2Ot0XIrdKc5028jPrSkyGlS4j2i+1Dv4+HecCjhi9LRHLWTSleYSTC5VlBeNz+Ha7fZAWuOzUw8G8zXQm8yAuWWVG2rgWKKazhCqkjIHzJBN22f+HSTn3YEllIaa46uPRoPfVOq2PT3XpkcdKVSsaV8eccPb4cqkXD57TBbuROUnNcCKM21CFavKVFI0/gioc6eMRvFV9SeYyLfluwyXkZmFGlxTI20zhaLB0+Cb1i+Vxh3OQpCwOfGsn/QSaGN8lS5wNbaHJR5H2iDyhpw2Xo8htPZaZp7PG2FEQuOkPqb2l6YnKUJxyygsedl2nz5Fgw+eyCmpZy9GyiFapF7UHPnmguW/0Vbr1bBjVv1QCqjOihwQ9cfyiE319phZK2e2g8RwQ8Fc+R3NR2enKtm1J9reDxuwj4VOLB67yzePqJ1fx5QijLtvVgjk8Hqk23JttzD9FJ3xRy2pRh4KUSNCp3sOO9PiiX8WfHUfJw8vo/SDwVCNnC72hggxHc8md0WeXLUo5xvHTzFmwaIQO3LDdymvEN8vl3iyWkN0OVkgKorSqhVYl6bDlLAx5Nl8eNh0PB1r+btojEwHD7eHiy1A1Vfk8Ao7fhNDit9//NjKXl62FZwmyS6t+ISvP+ozsLq0hy/Ay6800adNx7ULG/l24u+c44RoxHy+txRt4QGom0YN/ma2A3Yw98mq4KOeu16Pn0NywvWQIGz6uoUcmYCsbKcJ1HJVpEV6Ftszes/2YG0mrmdFgvmpQv7eezGcn8Mfg+zbsVj69Vy0D2YBfP6tdD9UqEsys7UMHUgd5xOk1a68Uyk59x2rElNDLhGW55kgeHz70FSUl9CGyYw5Mc9+I361QWfGNMlp/ewquiAl6fsRVSlxziT3GNdH2bOOTa9vLA5ePsq7+L7ifcIoGTunzENRoLFy/DU8lmYCX+ltYPjQTh6ie4vs8b43yf8SrbI8TrH+KICbvpvNd6DPw1hRqt4/lTpR2knXOnvHplUpWxpOwZ52GZgT9U2KlzxoVtOPaPBAZd3U2XT1pA7FUvcgiOQ5dpI2GV8QCXXrkE+87Xsp9qMd59tB4dgnbgsl4T2BpkhiEtOqjgaAbFms18wfggXZqwHmbFRqH01USs/mHDi07IQ9vudbz8ezdNCRSmUzmpmHXxEICrC/tMHUtv77rj9rJl4KugBU0NDbj/dTgV9gbQk38rIU5vMZ1++Zu/yLfCg6kOTAoXgIWtQMphCplm7kZXo4+0zMqSAz6v5XGehrjk0RIIfKvJYclO+OCSBQgMNXL7rFP8XD+CTO3n8pu8YTStjYRtacsw+eEbWPr9ECvoInBnG9mnmdNWkyhavLiVm7IV4Nbl91DzqIouuOvhFq9yKPIxgMRF0+GdzhcIez0RRi04QRpxa7m3WIEz3vlj/AInXBVnRa/LLcBqYh4lrB/NppPG8Jq+KhC5WUhNV07ztTfpPJR3iR7utOM+fRl45X2A+gY7YcEXS9B4FMxLnvaSfF897Hlex9KzJoDWVH0omiICO9Xf8rUFqvR3twu3DfajR95BlAn/RB8Mp8MkCkJP7RpSl1CAskXh6DY3nY92X8K4g0epfU8CuAhvh3iNPM55ORK/3c3nC7+lYWfwXHA8e5QfW12mEN8R2K8fjZ0rn1Hsjw2o7y1Ph70mEeZJwMOme1wT84z/aqqSy2AHDMpnk4qdGZ+7E0IcMR8Ey5/wih8CEP9JBOMilCFytiiGBElAzsF+Fo3aRoP9v3HG4BSO8jkNN/URCiedhNoPI2jlxkMQtOgaCwnuAFhhimE7jrPsnencGyHMQWfGgtHSNvJXkqerFgnsnurCBwXVYHqpAtvI65Hl4WrSPKZEt4f04OrMjSC04QmKBFVz9Pa9aHY6gE8lL+UXbdl8VN0Gh0+eZAdVUdh6QBU2bGiiyrp6WhphS4aDV0ixLZ+UWixBI9KAxPf+pJqPAIpmCLMvnYFdGoPonvcG/uzKwXeNndSSrEZb0ARMFLXZxkoapm1xZH28DV3bp6Hm7VDQGzuPD8ZkwriFU2CJlA9N/dMON1EW4q6Ycufi57h15F32eL8XRCQEyHzUO3qnOYS+q7vQ4U8xB4w2At/hDRSuO4W1N87CiYfiUCakBnd9Pw5iG3/gPMVbWGIlxMtUraBo0WZQMrTCeb+/4857ftw8ewGYJbmiSMY3CPhQSzKhs7DWQgfqD3XDhZdebPrZHNKD+/npq/nwweMl/SzfjuOKH8KI24bQ/58N3NBYD04pZXw/+SkMfWhB8eI8/pi2Dw9GhvNYx+844l0DxvhqQZnnStpw+TZNfSjMKR3WbHTHhZQXOsPcngqQ03dCpygH1gwYByN2NWHgASt2Pf0ckuSZKq39eWrGF95w7BT85zWXdh435Xm/teHucAHNX3kXP4vuxXGWJpDc/xVyfkljaOJJWB6ux+NHhZOyhAYI7brMdwxUOPrnMRzRMY89Er5y7DlGvfAwiMzV5+UnRkKilzm4HgrnpUZP2P3LZ+yN2YrnfIN45RsHfJ+Ri4nXvvN15W2sdFcdBDtN0NdwORWMiEfzL6tpTNMAjVKNoYVVxXR80V6eqxnLSr4mMN1XCLIvdZDphcOwreMD7HDbALXZ0my4yZJ+xZrDb607IF6iChJh46H1hBYMdfviVX0FVnPXJcmi+/R7bxBH2SdgproPrIxB2GEWTTFZ5ylpTCzUDazFO4lh/Cl/F9ro18OB1SN4keAHWBlsCp6X9eDHodsoEfGUNQ8nYnm/KQWG59HsjGj8JS1BQofX8NF9arA35wY932qBWgWtfFo4ia76DnDz40nw/hWwzo1YEBtbgZfv64F+Sw+s3LCJVfb20bQ/n/i0VR1KVTdS7yJJmpIQRCK/ZuPt5nGQ7hlIYQoHaULELTyl6MbRLn95lksRtvZYg9dbT/4Vawz3GizhpIILpdwXJTEag0cHMyhn22w87jED5Iwb6cKxQVohehbVPFTgywVx2rjrMe0ZCuNVDhdY3CSZD+0d5PdnTcD2cT6v+3oZ/daLgcvr1XDQdDEWvUpg28K3MKrUAE5K21DBIV8uejvMBc9aqVVaEc4MzYa5w2dxCaqDXMB7qnlLHClyhA5Z19CCoVdoWK/PXx2k4OQ3QR6Wbubcr0IwutWW1X79QD3XfcjDmixwYSwuHzjI398rgdCEcHo/yg+EcufAtwOn8GvtAKl/XISeD7Wx3OE6Jx4fD+ZXbWD8IYLqoTk4M/88eWidx6NuczHSKZzk1sTgx9qbqKZ9CnolRoLi/HJckihGKZrJfO3gVkh0GUsduggB+YksM6GEPUsIyz8LQrFsEv94vRJeV00mLDZizZ4LMOpxIB5c6w6fxdWhdvs07A80hc8RBnx/yUaozfSCpf8JgHX6WbiROhebgx1hijbStqS78HqmEIiPOgjHZmhTudMAXdROhYdTpuPNL4xpCY3k6LkXu9dJo+RCSzg3fw38OH+Q7OVEIU9wGY0WiMfBESGYtnUl7za05vmDl1Cy1wjgWx9a+izFLWYTSUmlHjWW74GzM89ifexu/K2bQkuLx9OYOlN4L7uRhdpaOGKeFrku8+BRQe/BA7fRQEUZygRdJalfiuB0UhamVv+BqVWadL3zLYXHWZBb9H/g2g14eIw+vYw/B6YbP9EYgxFQFeyAgeVJJPkynut2fEfLyYa43N+P35o04JaNMtzi306L+/QBOhSxV2wjn56jxQKNZvBY0gNvux+F2UG++EXHlz20L9KkYEkoiw7iZSVBHFWaxxqHN+DMpc1UHPqObX+EwkDmaNQLmQq7f4yAfqs5bF1/H4IH/0LYuBD0S17J956W4P5FmXC/vYD7FDroe7401A13wfusq3j4tCmNyzCiE9W+1JzfBEN55ewmtI0uuJfx+z8MP3cj5ieY8Y1Zs2mDEbNZ4CCYFwewtkoMT2sKZAWPibTwrg3gExvO/PGXtLyUkMu1uDz/Ffq9ugwKzTPp9UwHVhgYzUvXKsAIFS/uubMUlDWns4FGBKvqhoFzuSOMvx3K3buXYG6ZMRXZ6IF6TD/O8N5EPvePsMSIx7xWWgWu39HnzKoE3uT8AFOS0zh0hyWka8XDqphbdNrrIE6cr0ZVMy9w3IdraBbtxxj8kz8P2GHh9dEg/X0y57kwPB9pg7HtBfgiXxFUnYWgIcoIzf/pkImZM91PmQxpk9RxIenC1R0W4BGVyXO0q8BDTJRSLz4EHd9H4P6zDAamSsFd53VQuHkty9s8wDL/C1w4VQgNvM/DCykjEol7Rvr332GouA3EvDzJbu4qOEtjOjk9WQtcXQRKz/N5u04NTTp9jgqjdpNGiDVgbzTahdxAh5dn8O+KCTCluhDOBL2i2XHH6PODHVTEj2BSgAWYV1TCuG0FkPdRhWxqn2Pv3lHcM38kf5rgRm9mefGVRGFMnS39P/N//+4Vg10vkzj0eDD470jEurSfvDZzJcy7lcpbLLUZewLw2zyAmPZgLkmPgd/bF/CNKdV44Hw1zfuQhK98z9E/NWOqsl7OygP6IFTlygkODahtJMAPH72AUrdHfOSdHsQcugfbr2yjlm0XYWgsQGR1NLWmtYMJt6Np8C06WreI7VYkksecVso/ZADO8a9hk6M2xB1sIw2ZHj4wYyZVyVXg1Z4EKupshB+zToLh4FiMbU+CjkMGoG4+B1a/0KV3G07BCv95vN3pCkXsu0nTRk/DHQVKlK5gDE86LQDqdSlcKIm9xwXQzk3v4OPyK9A//jGGmC/EKaK6nDUmGR4420DHFikKm7UZ/07Tx9o1QmC0+xJJNVzkO35tOO3uV8rR6KHhwjGwKKyP/jRkwZFp3mTRlEIFIxfhup7XPHnrIGo8zKb527RxtYsEmK7I4COfLen91hW0o1uGDudsJ5/lM9H57DhIvxcMxuI/4MwZAYhb18y2do+hbFk52pzIourATL7x6hcnHCyjNj0JCDi8DDoVR8PF+9FQ4j2XRmreQMcP0vQ4YheUVTmh9aQTEK26HFf4icHN2lHQpeIPmSLOPHHWGXBdn4OGpiP5kVgMpkn68JGrw/hgTwXF7zQC69I7nBfmT+9f98P77x408eFlDM1S49kfcuhn2DY6Jn6GFTZKQE7DK9rwK4WN/xbAfXlrCN3uxUvu2cHGsDhybFwHgwGfOSFJHhqP9HF2oyEuHqkLU6Zqwo3W+Zy+/gwWjXPGHR0D4PynhUbo20FhqCWHL4nHN4nROCp2I//cP4jbb/6Bo/rDoD5rKsXqOHGQgyKkuT4k4ddMx0ECrlW+pZ2pj/h+aBZ7GHRyu+c5NCg1R4/L1hB5bR1sCfKmB4EVdP3hA7yleYMDFPLQd7IrV4c/Av+zL+D0oD2Ilo2jCVf8qdtZhy8dUiSL4AS4kTYEXm9PQuodQw5Qb2RfcXMwGxCmc+77qD70Ix3dfhmefLvHaYZOfPKBHM57tQcEWzyg5bY1rBesgwQrdTbJfswfTf9SY6QgGb/ajUu/acHfsfKYtS2PvttKwznnUdh05DUttZOgaa/LoXK2LtnXxFLyHmc4OOMennq/i1LlVKCkRRlFfy8FyZY4LBhRjypNuuh1RJtvSPpCgLs0T119A0b+0If7E5245G4qo9c/qlxpTRsFbsKWVUWoOZVwUdowdgRqo+kebRB5fo9tzK6yTGUKyDntp60vXeGE2yv4L6uQ9gWv44KIn7BwNUCa+SLYcsMFW7Wvo3X3Vy4QCAYV93Q6O/AfjZUVo8RncWBQKQS3Xs6Hcr1uSLLaSiYi97EkUR/mi+3gzVPmsoLqdhrXX4LnskYCvVgFX+7sR2WdALhR8Zzv3rhOGWPdOPS9NM58cIfHLXlKyWbakDVGjaPKX/Bm0QjuftGIM+deY7c6P55dqM7xyytwums19e+Wgrv3CqGw7haWFn1grYrltDtwFS0WeMPisb3Y5rqJxv8WAXcXFfBJGaZvgYu4MK0ZxsS9pmP7q+DprVE43k2UU3TK8Y6SIrY5WgKe282TVdXoSWcpmVXaguvzw6RmIQdf4+/hAYU1oPLIGax3ErDqdPpUmQAa3//glcX7uOuhFa2dMQWfunng9FVnqTr3H0ssVgZtvfu8fX8LapwrJ58eQ64VyEOBjEZymLUY7vy0xceT6mBXrTyURg7xg/1m9FF7At56ogURM+M5eO033nFrGzfsm8MrTdugJUYMXkjPQdt5hfjl226uxXdoscoaizJUedViY07Xl6HK+ir4EmoMy37s47p7ViQ7QQ06XUeAfM1vuKmnwokXfXikmRD8zR2GS93qIJqG8HJQAB7uDsGjs5pBf+19qAYfbL43H8xOKtPsjm20MMkO7t3wpS8NQzT0WJcWpNSzZJg2/FUaA08GfvKKTQk4Xc4W/mbIwzrtLhD33QCLtUbw9moP/mL4gSuFDVjjaC6Jihzgb6czudl0FJRu+sWSXl0o6hdJJ64tgcd9FRzX4ogTrw5g1u861FxogKMDJ4HCsxJM+meC3z4/xvNCkdwi/QSMFL9y3g55hjECuOTsIF84LwMu/32mY7NrwVYnkCKCXWj1T1GyyQvG6pN70fxGCm98UMkmmlbQ5ZFDp//lg5+3LaVDHTbnVnK4ggCrh18GvzUvAO6qc5jzJMi5E4IDKgVc53UYI27XwaTpEbxgTCXfum5PgQfKcLH1Zi6xsYGwrCzW78yCDlcTiMjIRcvzPlgecRsGzp1FJQdb3Hr1LMchgsYlX065rcNhzy+i7V5jEKP5sGDqWM7JqKFfRiF0R3Q/rxQzBMfsAig7eQHPpOTC2evHIPVALH2c+RJbLkoCltfTokQZFrwrAHU9mzE2KA7an3hh9/SpLFg6jYUkp0FcEnDytAroWJxHG0EDVGevg/zfy9DeqQ8MM+6hVZYeLtEdDenrS9HthQ1H6VTi7KNycEvKltM+yNHa/9T5OPSSutNKSjbqhuGtrliU4k8l/Sfx+WZdGD+PcME3Wew4qoB1UX+gdUiMX/03ljeFy8BA/1/SqSnmj3njwbPiIV6OfEUTXnxD2bNdTA+S8F/gFf6qchwOmRO37jbANU8ngv/kGPTc+QHGHn6JEe0q0JUZQ1VP19FXgVD+vXYcHzQxg5UZ5nBENYP9WlJQIPE1vQ8dgUfG70dz6xGQuFoXt+nsgITB2TxunDyU1yjTkxUuOHvKa0yeMBdl01fRKOG7PGuFEYTIhJK5zjiaGjQOxhgYg0HnEPt9b+WTY1eB0VMROrJIny9tPYHj6uNJeXUP7N6vCg3Lynleqw4eHbBinTvKVF6uiVXferlm4xjefdiRFb+48e9Ke5hx7C8qkhDnzdjKPY46iHfW0oWeGNoTnY4qTz5z3u6nWBMyGXJEL2CdbjYs/teCWxbbU1a+PXR4qqFouBS9OKpNMr3PseKKJczSzeKKvw4oV62F8r3ZMCvsIe9s6GHj8/dY59o/iF9WBML2k0BD8z/UMX2OJ/2HSS/sLTes+AMb5NbxtjffqST/GbwfzMQvymqg8PAb11yMhOjxsXQx7gPc/N7CwUXNMDe7FI7lrqULY2Xpvw/akDzlJVpXNKD27TckuzmJQhT/41Ugiuuz4uFh0mrCqcNoa2YOWqP3cftMcZAtHYKrI5HXOzmTfMgI9Nyjgx3yEhQw9xBl3deA6RfK8df4SAo5aM6WvYtxQWYljnogiv+pG5Kk7CY6P/QODF4RRHUhRR18DNeeNXDQ8me466Eot0WqU0uxJu6Pc+M1Vr/plepEuFP/hq2DRVB8ww/ueJZLvgtdqKXWg25u0ySb9cbUaCnBgp1aUNLqS64PxWlv8wfUk6/FmoIk/jdvDLfu+U57vK7j8YkT+UiZNfCwIQvfzaeCpbsxftdCkJ8gj2sl5ejAfWPY9voNf3L7Buf2CYLwQBldfnyA6yd8xqj8CLpwqRBO5nwD0eXJOPlYCYZHvuJppgDe2sb4Yv8/WvMsnOcIbeIAhVV0JkySlj5QghGpGWi1aBY3jVWDD7Xu6JgRxOHdvaC09wukxJRihEUJz127DS8ZXWKxnchjihRB5Jc1xwVNxx/nvODQmUTq/q0D5RO1YKlnKN49/A39/yjAz5vy8MLgGq7T+4aqu3fS5HB73KMaABX3HdCg8zZLdovhqdT72BOnCP2/c3B7oR8P+cTTUuPXZLrlIT/87YtTIhEu22+hobNBvFBXGHysD2GL/i06++wfC8n8A4/rWnD9Rg94fgngpr43IC29hWS2KsHfqhJ6MrMLUhV2c6/dZB4p4UhHVwejeXEEJbAvHu1oprCdFvD2rT03BtyFaaoNtHqfC7yzVqcWKAf7A07o67UYlaKicOi0EuxIngo2faPwet5RmOqfD3UfT7PRgDE9ub8IPSAC/vwK5PxWbdh9MQw07L9CRuEM0nk3AY+LZ/KM2vnUbDcdVorY88H2WFqbog+jVYrhpdsU7vBYxHIbu/hBzDjU9hRj4yOnUSRRlP5pH+OLD8bC9plykDTXk6dYrcLZ9xpQvm8jn14rxCsqFUDN7Bz6TfGHW4eM4UXOdopiH1ITm0o1focge7Mm/TGr5dEqOXhvsTr9ty2QJ39UgsiHB+n7oUY8WxsJ/Y9KKEN0ExhmmcBqj6cstK4PnU0E4U/lBChrkeTcMefhyRQ9LFqcjIJBndRQYwIrAtdDvIsSPz6xgtxEjcDsnjxkpCiC9qebkKunxT4jijj2qiGlTnsDTZOmoK3gfdw6dRIcFEjhAOk0ChDaC4antVjD8iwdXDmNQ874grFbBQqe1+CFKsIgLq0Jd4ry6PdpIxy/7S89tU2E5u0H+NyOUbws1RbjazOxY9YoeBV4mlrE4+lBw1e2OzcaI9zi+VeYPXeovuWCnFMopNGFX+2EoFbjH79aNAo7X/zhTrXNuDeqAQ+f7Mf9q7dhrFMpJR6xgzul9rD+6l987reVrAelIAxnoLz/YnjqOxUvjJHB7qSvsERyEAIeGYJA8UV8IC7DoseBClavoZ7VF0jtUyg9370fmvYvhj2xIfjV2wA8FFZx06UnvEouDqonSPDy8CewfsAUgp018XGxHL02zWD5RCWwHzqG58Z5k/mzLnCqrqRJ83bzdpHjvOKmJXtXSJDN9Xr4Va0De+6cpQ55JZRf54W1WbVwrnIu+7b18K59IWTQn4hC3U28vlYBNmWJY3nwAxbK34krnuxAm98n4JPuHcyObIFXh46AxBxTUFazgliTYP7hZ0zxs1xhypsCdpZxYEelSPZ7+BFPFT3Ft1EKOCfDDE7dcOeRMZPh4uUCeJBqTCumJEC6+Hro/SxA9p4DdOXVUQoZ1odC4x8U09DIrzePowP2gSz+I4Eag2M40SmNfdJtYWHFfzDtthSYCf3A6+Pj8LHbYUqKyuQ58cg/DgXh9+1+fEHCHtREAtg/2ATe3FbH1Yal+D7tOB1LKUa97H+o3TQD2/JPQf3L7TDHYDHWCGqDjXQAL/81EkwEvMio9ym0/YhhMYFDoFP2Cq+eVEI39ww2DBMA91/mLOP9Cxou6vD7eF0KONXNvfyZF536CI4TR2HjoDDZaJiB8AtvHOXgCD0q3nBPdySOD7IjHfFOLsyMI4mUN/S0opkkdDVgSeZmMBSNAhw6Qco+18mi8DvI7n0Gwx5qGBjXQZ9Hi6DRDSN4WTYOjFcXoGxgHfzL20DzzX9ioEws9AtFMt5YCvU7N/L8ZeLwKW8Tyg2/h1FTDtIen/f88kIfZav+o+YVoSi7whjjlp/gRRMUwTFrOk0Zc42efZQCxVmd9DQ2C9y1V9C/jwd5wP0fFfywo09xFpC4Yxj3GnVj2/L1tNgxiTTJBtQjctihZx3sevaV1Ev38KV0NdDbZU/a1UhZp+1o6sIhlNrtRC4XW7nuoTz7fPChlOzLvNXRErRK3oHhGlH8taufB29m49XcQdr88Qs9933LqT196PfuPmluU4EP1aFg/TQVU/cX0L9V8jjUtwqy05ToRtZFMKqp5bAt7Wy9YCSIClwjgdsbcfb8B9wic4hUkkfDaOe7NMpQGQMikknWP5a7fFTg8LcU+pj+BhaYycL5lj5qaIshldHdsLtGGH4LSIKI5xYuOGEDcd3+tCO5CFQWnsZAsSAOXXaaCmra0eexMsaYyaF8wRIYDLaDl9dHAfu2QO31i/hj/BEw3j4GVLNW82H3jZQ/bx1m/w3F+Q+V4bxHH2osdGUrYymoFSRc7nuXxUe14vSvwihjcQ1aN1nwk03q0NCay0lG0fw87ikr/jlEZ8Yt5Ydf17H2xwq8eXks6smoo4+5GuiEruH5n4DN91ylzlAbWKG3F5vbinnHhvfQE7ccZc/qc6u9Pfw4dIUKWv/iih9LUM8kDFeEuFG7+jM0XvyWtBdFsFfOG3huoQaPx/dC19WZYKB4lax/feGiCFMae/gyyyjeo8urrHGCwylSfG4Aawyd0G2pHnyXU4Wxe47Q4yE3/hmpS1/S1Wh27hI+LG6D87skAZ7ZUL/eDWq29MQXUi+4ujeBeoOn8145d3rZ9BFakwtwsEcVPhQrg11bIol5n4aW1AF6jN3k1FDF9wSvYNwjabLzecoJZ4TguZwDuF305qlB3ZTRX4pHti3AZZPLgCOfg1qsP80VKeSpqoqQM3kcLz24EW6OSYWAwBVgLKMG+V6WNPJoCD891cKrdx3mLUqC4KFnifb796PL1j1Qn+7FYyZJw+X392if8ikQiZsOeV96sXWaHbTVKdPWGWp47dNXdnupBXsrlmHzzk38/NAA5hZmY1bCYzw+SQ7+6jtBxNX5sDfMm7oMu+H30kskM38hqzz5woO5Rvz80ncMP6cOc9V8+Cv9gk5XYcrWdmG1mc1Ym5aCaTrFIPFHgwM8T/HvQTvYXfmCnunfgMcK0aC4QwRf3dqIH+b3YtqqFExfOpq+Fm6lDckS4NXoBIVCZ6gZflD9tzp4P2I/9UulwI5oRdYKvgJ9UXtQsEUakp1TcN2GYdx+t4W2H35K7Y9fsmVxNUWGT+R410MQcOED5VwXhNNr9vMLlV4EsWe4a042qM4fjR4Z6yBtRxX9eRBGGlLKHORkCc+b2sD66lK8X7KKi+JOwOROZah3UON1QxvxVN1Y2LG4humEEriHeGPm5Fz+tXgLqjwcSXMN9uB5QWscv3oyZsaegz/Wxbx1gxGonJnALn5vWMJViB5HXwe9u+5ov3MUVik4sGVlC6/JtcBfu9Vh/7xbdDYnGjpHTAKPfVIkozaHbkcPkLv3WzCx3AE/z8Sj7MVRMFb4ArVtDqbfE0pBsaebY9zn45JVP3nhq4ske3o7qgap0fYiYYgdPYfVmsNBySaS5TSn0angKeB/chSabj8Jg12JMHiwAsIdJ8Hi8YGkZ1ACl7vuwouzX6m5+hhmZSJtEdkLMO0L2vTMw4mTdcDpZDjDoR5499oXF5dkQmqSB67b0sKhOfXQkuqCied2wYeF6tAZrUxrFEVg28Br+hE+Ena0R7B1yHHUvHkb/V+Gw4W/a7H6pCwI7prOWmHb2ePWZty3KRsaZNw4YdYIlHZXhb1hA+S7vxIkJghDaN0+9vGoAM0johT36Q6efbgatJRScWvkTQ4wjib/B2Mo7KQogHIZqZj0sofaBXbbfwDHavXAwJtmPnM/H6bNGKTGshz+T8kGpGq9Ubykm5NcD/Hvmnc8P3gyq6beYvy4HWudF1DhYkca1JWEaX172Vk/FdsOS8LOsnn87L4Qan+pQsvD7XhyoJh017nyu2o1aNs6jI8FgSbVIMe9l8OCYDW45ldNE44PYp3Xb74WvYXWPDKB7X9TwXHoMBZbPmbJMgncOG0h7JdrIGPXVTwjpAzbKr6xUcxEiDNXoSebnBn21/KtjR/5vn0m2NjswZJ1m6nK6DdcFtoOowvsQUkqCSbsXAHRUpv425u9YHkzi5RbG/Gk2R7Kn59PUTSfQzergnd2J/mZfsdwsyD+xc00s/ItxHnGUY75PWyXD4UNAavpoPBIMF62GdKP2LJV0w78pvcFxb3cUEC/hTY7nAOTsky2uI+YeHoU0JFT3DTlCsh1WqHAgm7+oNZCZxauwSupnnDjxQRIPlpKm7ZqQu/SShj3YAsL7twMkQ8W0qMR4rDTqJgvihzi/SGXUO5kDOam6YC4ag+W2xpy6GZh+qgtBk32VrC4IRXCUo3glmYePmi6hkfMhGDSTDHoMe8j2bxHdGNBB82+XQg//nvI8r+bcKPCWWo7ncG/botCyPlQjh59hiqjD5DPiRN01+0rrQt1A46xhG/2rbRpRC4pohl0HZanx2VH6JDrXbiamwoBPkWwINae38TF4RbZFPJyeQDrWgmedi6EoDPnsNb0DNeYm8AH/zcQ0upDgUsaeKdYJWd1eGL8lnGQ/yiNNbvOwJGVkjzkfomk9svxgFcvvxNaST8y/+Ok5StQJ8kaBrsdUf3VAfqi5s3+KnPBtD8a1GadxfVpV2BD2hEUflVNNtmTQXLpGwqbVAxLk3/TsrfTqSFlDdnN0YJLr3UwtzSVJs8a5vjdUiBrY4eZ8cf5goMh/X6ZD8+MkHYrZtGiP2NwjfA3qLcZC2s/CkN+mCNdD6zBn9rFuKniNei8fAdFzqvQ3PkVSgZ78+XmQtgqIwKr2ruw6PF/tMdkMq99ac5/UsrxqV4laNe0w9mAZN5s843V5k0GiV8zOGDZX864sAsma0ryt+ujYYNiM69ebI+6f5R4trA4F1tMhsd6FbxaIZB/OVXA9euvKeBED0yM/4CbpHeSe2QEeA3W0Ya7o0FtYjwePXcNHyp/gL3H09jzUAbHbJHBkf92wHrbRJZo0kVPgTGgcdCMx5zrA4vje9hxsQGkV0lAyA55PLFgGXqf+kVXXWvQ/ZoATItPpKyoCHz/9AMfux4KX/UWsWTWHZy8Loz3NtXQIsdoylKwhSL/c3D8ymieZSZB9+JGwwyLbBxn8JSLtU3Yb/dW9Fisz0KPpWHqrkBcu+QXfiQRrq9dBV9uROHCgmF8cV+EG/PLcElPOEyMsYaOvijaWLofp/aUQ1yCKuyXv0B1JMCdjQVcatsHCVdjoNdbGe75aED6nQF29btKg8pTSc7FEXfX9eDvbxJ8qjQfrVaHsKm5EayPt+agzGQSXVRGSlpnqP5ADJn9KAchpxIyagyAXMkD/O+CMsTL50L3BWF4mXaKu35YwpOhzRhfMw/PGxvhnRkGoCR2DIbPMpwOcgEZtz8Ms/bCSrcFuGHNTsiXtWFnWQssDDHC3ULnoG3EJChSiSbH525QtX0E+8sXQtOGixi//DV4L+1lvZQ+ELVcjLZHxsHrE6PJQvQ4bW7soPCDjzDG+hFNsKyFDQ+WwJs/K6jqlQMFHLeETN/ZGDV2G1a+fgj2Adcp5sNTEP5VikVuuXilNhSCv7+EKQsFIUzbhjsWbMSRJRHgcF+IxgiWYddWorrhBMhfMJfbr07CQikbODrOmb/6nYDqlnvwekUOr547iePKvvN2vVi46qCKjS8egOUxCdgvHUmVeWd5REUEmJ7PpvWlXfCmuJXbCtLpTmgfZ5cTnZYwhxcGR0HlfCh/6n3Lk/7bgTK6Eaxr2QfBv3ox+YMceqnMozkygvCoKJP903T558Iykv9PinXFjnLSg0dw0G8u/OnQohfeLtAUaQtaO4Eaci0wOFqW7hepo5XFChwaWI4/D0Zx8V8xKLhphSOmTwTLcZW0YsZWuB04k9bOfgWjde/Si/hgyAo7B03zf6NvRC7YBBqB3+qFtEN3N+suaIPOSe9wbekV+rFpLsYEq9KCGm/SUanD3iIxsApq4J7G1WDR84tEF4iQgd5edtezZaPwf2g/Nocr0qV5o5klZKULQF1dDQRmJgLsEgcP5z4wiheiA9kzYUxyE3/wO4ieOwxgzPEQfJS2hjZLl+Dm8F66IjGB91r0UV3AH3yvdBZPfovh0i2GcASP8M2AMyhQkMwLYr34i+pcXBA3htr3CKILn6fdx0ZzZaoauNr/B98XBXOZN+Gjwj4Ud9HmVdUnsSzkFsw29uPahzEYXT4BHkXkw1GRVCp46UQ7Js2hvxO38aWZgvDN8AYf2n2dl9eXcWXoaJjf8weHHwRQJP3Ep08nYVTQZiwyqACt3HKUks4A45zjrLJeG/oPisGiPXvpb54gD1/RBuFvDuB3Zg213gqhGTiRfecpUtfvCZD73QemZ7bR1NFHqC6J0MEnDqpDO3CGXSiuN7zJieHWfG+1JeibKEG6cwlmxEmwz4gaKLJ4yjMe/wPHeavo13kLnpwfAhavR8L7q77kILSCtH3dwP37OlJKUYLWu/4wriucpunOxqen7VF5ykRo+uDAB9wzcbnGFcw5asfGCxpJ1CGef1WVwJLISv6nNhUMvsmBW10YOV8+Sem5o6BryJN++pRS7B5rWjsxGMExk8rWdVOXuQGYy4/nqR93c1PGC8zbNwe7NGK41UyIpDZ7kttla5j6QZZEimRhS70A2j89j00vj/Gdm5PYd5cbpk8+Ba+8luLrJ2YEttV82VoCbOXtULZTm7/ficY3VQuhcEEbGilb8eTtEqRwLBX912zCW6dHQMuRn7jWJxYPpg7Df5W+XP9VmOO1XtG0BqbTOWuAI90pwtMQsioa6VCIHXgqbcTzhdWcXLkNfcwcua46Am9VLYFlx1biiWUasOXhLrobKIFLDLbizMXr+WjiEtabJUxtWwmjfvuzblIHd/5RgqTUy3hcIRjmvPeEfzeDIK8qCE+XXaeCxHqI+BWD3Ykd/HKLDaz18QW31c60ZOwLbln0BmuW+7P/j204JGCPnbuH4EzcJdh8AeCMtT7N9DuI7vvUcZZiJc9y/csr/wlihoUfqf8TpIunX8CpK5IgnXACpX4GcPr1ABqzOgs1Np/l6/decVOTKKS3neHUojAQCLQC5cZUtnsnB0UuvuxlJQt+4+To9t17/Nwyg80LNuPjoqc4MUQBRPA+0pqlyCvf4qpH4yD+mT3O/DoF3rgfxc/Gd1lEZTTPjLSAW/HvuOPXLEhsz6fxDmkk9VSDhhzrMevFWlgTOIaj/C9A8LFJMMF4BlZ9K8aUtgdw8VoHZKoLc+2nZug+IUo3FLX52/Q8eJarC96rU0kKt+KC1lTSHTzDon77KH/nMCX0N6GzryftTKrjlGyAc332+FZLnaYIaMLERDGYER6A4W8loCHqFP2ueoX9d9q5cJYU6C75CAtq6+BicTTfXaeCyuPvcnJELM/dtgzPdbTR1RAHKE/SAuu5E2Fv5gN0TbEhIVXEupNIs2p/0YGbfRRXKQzNtUXYsU8IMnv/wOdsHWzuNoLWgQBYZVHPrjn+/P7pMB9p8SLLt4/QZJs1dFvJU4QJkMq4dti8dx58jYrhxcv84MfVYnq7wxlm1K4ExfxRoND9hELLj9EI/1WYqfgeIy7IcdLMAH4+QwPibq2my7HKMLtxFJQ7jMfV8iXskP2Y/ibrUfxxfWpf/opKTw2zgeVztAjSgK6VYlA4+TXcjLuLY3obYKvyb9KL1IYuhyGSu7YCDjdu5fy5m8ijSQV+hkvDEolMinVt5/5rYuh1xAVdOgK4w7UGcvVfU8bwDErvEQKTU3LoumMLHTEayzZ1gPr/VUGz1UyacHgfuurs4gRvC1pVYQpS/fPx+5Pl3PBVltbMvA07Ru+j5jgDuCT6kB26J9BNP1vWOKgKz6NHs27+NIrX30K3t1/EeZ86SabkMBpevcxhRZ/hjkQFkNJo2PV0FSr7SdAprdUgPiBD2r3bcdMiRz54xhTOHj0G9XVvoPX7aPja6k85izfBTKkU6Ftzl2viDnH7Gm/067dHEcN/8Ef9KYkd1oGfb6OgKWE3vi+1xc9n7pOXTwZn3dHntKcqoHHjA3RPf8/h1vqglLIPuh0vk/iJb/hp3H3svlNNdX8F8UzC/3FYH1whMGoAgN/RLpRSIu20VVJpUMiIyioro6gQMtIgFUqDJKkUIqRkRolQISRFQ4OGoqKUpK+IyD3n/ovHGR9F38NZUjVwNHgcGFz4BM9W7CH9kGLeF+LKCo2faMFQHI7Os8fC39qMo2pQRNIIjAwvovOWA0QzZsKdZWvB3/wk1M0Up2JRI3Rd+57+dWwmgWfWcLh0NZ67m0lLt2STbF0/znvbyjsypDlc6SZ6Dj3nR6lIus80wU8pCH739YJinQqt0bfACPdX7G70ihMWHqfb05UwaKU87HymB+YaX8ljXSZ1BaSDlIYBBL5TI0fVP9Sa44bD4eEsd1QcpB8gLHxQALstpoLx2d/so7eJsz6MweCo45De4MSXxW6QxjwfMNUzBJOvP+GvwWNuTj1Jvt9vwZjNudyfbQxfUtp5nsEnHNigzLmn5CGyvYgECxp4hMt+DJE4wy40jkc8ecXZo79Q5z1xPhwaTi69SpC4SoTsXy/jc28qaPebk/zmsTT5bL+M0Us2sO+hY/hkSRP83KAPaZ8Nyfx+Juyb7kwTK6TobdpYsn7SAWPDs8jVygdvaR/F48Iq4HJQi5uvfqDlDkf48+ZUCg8KgP+yKjmy/ScayyIfsRoEiyIAle+3oNbyIOMsQVKfcJfUXXfgEndlPtuZhiP7OlhySBgs94pA+51XpPJNlDQWpkHULF2IT02mvYc6oSPyGgiXleK9qRpgKSYCM8Z08O9UAxqdq0dHc19SQX4en7Tww/hZqqB8/wDdv7kdf8RLQIpMM9c478V7VcogGJmPt3QD8E+oJBsdm0ASht8gyv87Hiw3hRUuj2G+3EYK2TOZDi0Io7WZmoiFc0jR9hUFLLJEpcHPQEUC0N7hyVunbQX/iyUw+nEdDx34xY1u10Eq05JLvhtxzMp5PP6HJRQfuEGREofJSdKc/PqPkNDgaZbdvwLCfj+FTa9m4XllH2p6aQkLG5IoTbodQi0WgLKoNv8T2wG6Su6wplYY5iaqcFOqK+l1ToMblkvZsm4hZY+4DouOrefbtk9Rr2ESiuqf5PyZ0nCytAYjbBTAIOIUNk7diOYTxgOYFsOzDxXQue0RDYy9Q/qp1+lQmDcczBcAwcpBMnlZyr8rTNBNcwbWGftRvdATbgq+RI0HwlkrOIPOGctChrsuH5Gx408JxfhpwQbyt96JNeYuEBYuyPbWt0BhazwrXJwMq01XQsN0A/qTb4H+YTpQf9ids88K8ejnXZza5oazjiN+CxoJrb6FXKuazXaWx9BsuQUrPVNCnfcLIOniFsiycSLVRgJnHQu42uuEvXvGwKabC1CyLQKXr+ilU+nXsf99GxfOlMPYy0tw3NMpoD/Tl1I/76Ww+RX0ueoAajr8pop1EuAjVgyNO0txs+RtWPxNAu4IuUL4qAzYPeYY9V+NgMSqb/xdrgSTRvxjC/8QevWpG9ZeNoAR2wR5crs0j/3swE/MhTnGLhBsfm7DVkkVjh2wJ9fvQ2y2XRRiut9hiqk3ue66Bb5ZIhgxwhASH1aS63Mj1Ox4SM4/NHD9uulwZdsO0HNM5lMX0miPvQPdSCZY999YFpxmT9JRwpgxo41EdxqATtMA6eutBLlPLznZJ56+iXexudwgzRF05VUbxPCXhRe9DjEG0PPhbqFoetEFGK/hyuo/1mHpiNcgNHo1hykOA4lOZng0Hn58jCSWTYRfG6Jg9VIxGONqALvzvHC8wi0Ud7WklAE3/GikAwmFH/CTlQuHShMt3xAHkf4mWP2gCHIO2cFhU38uqrhMv/+KwKHlsrxdawo6V+ZQbsAl7tnuBP/FvuWdV2QpdYsOnTL3x8JoHegJl+Oo8QOw1foHHTN9iNueJpLUi2y8/vUjpC7Zwlv9myD9gwBsnznENsMnUOX6OjCXuIjvk63xt9o7PCj5lprc93JIlR9uHmMNHqpCEDOmjUIu3sHnEw/irPXFmDbmHZq5F1DrorP4tOUnnL1hBe3h87HU+zb79Cqy8INyWmvQjyvvb2MBbaSlraP5688OwmoV0Nt8k+XnHMfuXw7gl70GlpXk479jM0nOqoKOPHhLIY+sSHA2wsNvN1l1KAJMz2jj/nGFqDvdi3L391PytDP0d4cEYvN9aNOaABO+xLLp90I4NlGCtIou8Oj8YfY48JaLJDaT+bwhjk63om8NxhB9zQaNTyCr/JhMIUsX0tRGG3ofWstPl26DcWdu0/0iB/Ay04AWlSJKUxbBOYPq/PdMCi/6/J2fBmXAAd1Mem73A+/ffMb3d46FoSBv0nPYS4uj0thWKJ5Mk0tRx+w1Bv7wxzPy0bDv1iFoum4N2UES1NFzimasOw3dnRNoCEUxGwVAw1qfm/68Joug3TC/zhBGWExkjev6lEXSvPD1DLB+2AflnsRbR5yFEyHNbCI+hpsmGYGaoypON87DYuc+VmvcBy++emPQmwloViBMC86MhFZBRfa1HAOvXQx4x81dFL9kmDtDUvHreANKLmvkHdG3Mbz2Dt+a+QqditUAr4yi20JN/HPrTT73TIaPe2+nXokymD7vNsoFrOZB01i+/MsEClUN2Pm6I64drUemFTq06G0LFJ7Jo4KKMkgZLQ/P55+APPtR4BTui09F3Dl01FS4kUVsLRPIdX+yOQ2A350I5/4LP2m2rxJsWGHKv7rlMdN5J7dIBcD2GjV6cXk26jX/peWbDeGO93FcHjEFKr+MZZntzWBbshHPpp4lj7wq+iMYiltXuuMcBUUQGhtC0epaUGrxg9tXH0N3s208ZLmXJ5pUoVbQSFJp6STJxAy833Eekq2nwN60KFq77SKZ+M6jotMbyVnMEUZVvcSISVWQW2NEGw78pm02ZhD2OoEsk6ZB8Ku/7DF2Ag4/kGPHUyugMNMVTqw2B2vRTKy9LQc+C5bhJS0jDDPcRkteSuP7LQtx9gZPqD6eAztGLKRd/i84M1cUTh7RJfulOey74TqP9DDhSMHf2FX+DcODp+I/xbkwbYsQbvxjAaOrQ+Hstis0uC6dpL3/oqqXHtnZRZG2XxW6fBiA8QZy0NmnAHt+/YLhXa/Ibu4EmpfyAW7qq1JxlxonfR3F37/G0qk2JXzbLAnbF82FPHlJdh69kt6cnA2ye2ugNXAnva29xG2NHRg9UZwPekvDNszl9ClKGIl/cNakUdBiJgZlEUac9LSRBOJ+ULu8Oas4mEHzdHUKeKtI69fMwO7EHbTFU5nfj1pI3S5nWGXfbJj4U5YTdowG1Uku/C6wkjM3lmND5HP4ZvsfTnf2p65lXZzUloLdS0NxjKwxNM/WRqUHwjhxcw53jcqHN7H2zDkehC8jsD7hKZxUOw9d9+TA4qA+9T1WwoSRASQhEg52ZqPhmeoeKggb4D3WrzHvvTIlDqnDlcgkFLwJsKdkAkX3AH8P3k6tPUvA92c7dw9J4bKcalj+SR0KI96jYfA57qoJQLOGXlwQ9oImn5lDI3+4gI+pACj/N48CTMXg6aK76BFxBH+ql0JpxlaM+A60U1GTyQo5Yv9HbmgWpDXdluDUZMLqrQW0+r00ZX8Lhx6shQefpaHU2YgcLEfRJpMinqmnD622Anzlnyh9rKgnmf472HHpLJqaHwEN8x50k55Orwe6edhIEe5s8Ya7z1ZTXkcVJl7yZLWfP+CicgO6K5RyZm0N/SyQoifGYjBolsTxz8Uhe0Yj9Ga1UMzx0fxGOpH+SnRD7IAlTW2M4UhRVTg47zCmrzbEKJ00qnnnSwUdwpA1T48CvTfiLOs5WHnxFLaHa8H0urm8KSSJF4nawsZHG+jXzDic/DQPtc3TWKYtnvMswzBGyxAaMJxvrA1hGSFHcgnyRLctu9i8VYIyJHpBkH+Q6IyXYJOuBHveRFCBWwiZO2XBmhfiGK/jyhfnhJOxpzk2L3QGqdzRsLSI4anjexLQf87Pi/owXfsU6mywBd2Dn9izeA3+t/o6r3vvSCs6zUBQbTmc+LQbQry/w78zIihoNsy5/syDeYPkZNXJ1RVb+U+NIoQoNlJ8fzMVfNxG5Y4N8DIqhTIU+3CxtQNGBuhi69EOSJwhBYEdUfRoXzjPf6bPzQe9abfNOzw2UMWKb5aSedMsHDvuERRXTYUba0/x0bwKqMzeTjxKCGJM03jgtz5ZncjDkg9nSe1+OdzFMXDnzEq+9E+B3s61wuLal3BhiSfYbtkN96554XTZe9R+RQBsfwnBJc+5sP11Bz9sqqe4DxNom/Mk6Ho4DkzxEldVFsEH7VMUvc8cPrWNhprN7nAwZz5Q3TdeLTke3yyewJs8NlO00X2oj1Ol17HmcEVsJJr+8aLuj+Xw1/kyv3Yhyt9zkS6clobVrj0wZe07LipQh2drHCn4vCy8iFRG8exELnwtyp5aOfB9/CL47F4NFZGHuGOdDBh9mQmHAuLx75YMlq2byjMv78PlO5w5+UQn+46yoDNqA3D4/AiY83wHv8v+CSc33MCNJ4wgQECfcwyMsTa/ke8WA/nv/gM/H0+F3keVfKk1H8BhC6/T9qftX5ZQ6uIoCH01SMY6CjxrpS0/FFKCk7fkWO/MFbgcrk+jlXfR0cLTOOC4mEzqH/PpiYlkpJ7KhW7iEJnvSHdDBEhrjxhOEleF6+oi5Lk7FSt0zvHPGyUE2ZqstdEa/rMQQ9vHyrxqwnjyHNnM4h8P08ayNrRVu4dvjrjQHbUBWm49HSbvEAXtS38wxeEKbpVSgrqYaDpwaTcJu0hAe5Ie2gXqYtc+edj/zJ4nhF2BiKCRtNDsAT0/ZwDrpy5l26QO2t03hoUomoRDpcFo4ydIDRHkvgcLWdy0Cuzvp1PHuA5YLrsM689chUofBW67ZAmK35mCnupT2BE1mBxyCQoj1NDptBhdX9GN9+a9puXiGnTWRQIGspdCmGMQXk2eQF/CyjD9gwudfVtHgsJdWDQzAH4JbaUGHgvpT7Phgyng4ppHlHithK2n7OIMeUdudE5CvcA9cM1DCCpN5WBjWSE+LvkEsRZLIdDDiwJuxIJnZxs/8VKBKSEhUDq0B3QiJWH+nIkYvL8BFeZWU0i+FCcU2MOHb4dZRqGXnWZJwoGZ/rQ2Wg5eFq3hS4L9ZChjgztHK5DG6UhUn3sNVLWWQ/OZEzB3xmxckm8BZ8/7gazRGTySf58zPsyCbUk53DxjFFgnrUWh6N8kcGsH1aMGSOQXcmn9MXDz+kVi458C/CGSS/3D6bmO9E7FinJ9d+CXhVMhBt+QhlofCuc9g6lfdXlLxhLEy3doRvUh7gyvJplPH2FXpwk0H1lLflqxPLntNlnYZsJ4J0vM+zeeRgWugXmvUmjsSUsQVtYEnzMx+HdjCn+zj8cJGmth64FBul3pQU4tJliqhHBp/DpaOFMbJjRvpaNbjsNS5X7wigsh88Y3GOhQxhHPy1BT5SKtqJXGt6/NQaUxEhWnibP9OR/uKZnFz4IF6LaCPXxvKyWFWD1ImS4AO0rUYNLPHSjZtJGWxN7AdUvG0spvzxj9JuOVwWvs7DkaJm38gdb5E8AobDyd7y+kf0aStHiiObw13YD/3R5PL1dd5hE3u+n5hw76r98Q9s/35Z6Riig7/wdtKlvKxjJjOLU9ALqD3tIB+1Z0bHPhGZpW4LdYlvscy0l6cj8u+1dN4fsDADRkQCkhF8Wk7UjxhQkcOW0J5iJrwEFGjmSVPTlXyoDPPvLiq0VnqNbuFJqPluOMsHOg5KsBwa9HgkPHYVjzORA3/lfKIXGGKGF7CHtslcBSMAqnX4qEWdM14aWOPxV2uOKTeVas/XkGGY3Lo0RFU+g438c7T7jA2GvfcHaTBMz9Zcn33u6Du8HqICNkzTEGUqj0qRJuHrxGZVV3+bqaH6geNQMjy9m4sus/Ut1pi5JmV7hwrwLqrQ4GZRaEtxfP85uzwWx/WAucL+dSks8/SDZcAtFTXGnbwUiOeXmL3WbK4ZuX3vRPyZ49RKaDSlcpLmrfA2c9TXA7C+FrO0ls3t8Hff7EuWuIT7cpoP+gAVxfPMBZkfE0MuwgGrTfoghzaTDdOoX/LIvEA41+gF968MZOTWiwvo7n5J+CwOR7JO/qwude3KCWt1PhZ7k2zhwKRe8zP0AvyAz0bc7igWBZNhl9iJO0Lbg9o5ljDJgMVXez6mpDmEbjefwOA3je/pBai2TIp7SMXOxdQd5THTd7lMPNYUNImevBvl5KdKJWFB44ebD+hGzM8XyNU8JWQ+2NnzSi0I02jssD5/3TeQZq0e8zU6D6nxMeX3mKbpgOsdD2Zso4MppGVP7C7BWFXFi9mM8uS8Wz7QjHdm5AH5nvXBE2CMePZmPbdGH+6CwNF2begVEPhln+tCSFlepA5z0NUrnMeHFAF16sLsLAvHYWHc7g/odL6ETYO5jl2U4qs83gfnEqRPsE0cT6MzTmgw7OjLqIJ+3mYpJrGOn4dZJi+xX6L84ctG3eYrrTWbhUHIxKEmIQ9tcOR37L5Yaxojh7fT0cXCrOAT90oeOiFs5bsAry16rh5TZ/cjL/hd2Hn/OEHFfcPKqFq55aUfwtDUjpbGe7OS4gtt6K8wtGQUCgH7vsv0Prhu5TjLgCFa9cy2slNUGpb5AXX6hBpY4K8Hj8Airc9nHbpOlwt0GCSpKugd8ebeyaLAoOs/xQZeUvlgv1hsz9q3jkuCKYvc4UBM9+IHdPb0wqNsHTgdogdeMjqiRpQoHrK/azvMAPYvXZOfgA/PwoxC8WFrNKVD54rNCAW+WV1Om3GR7ZzyDdNREo+mM11RoH4rnWo0xtDhR4yBjt7kvActMA6NrUiVFSdXhc2Y6LAmyo0L6eL2Xs4SnHD3Ff2xVQ2WsMs7X08YiGPkSNi0ODcwv4i6USaowogpS5O+i3ZgTuahUAjTVmoB6zie7e1eJD3ql00jkA/jZ7UfbGZF7lpYszT1znzJBP+GuUBcTtmguS2atgb/8uwEEjUDm5lXKXyMOsXh/QmObCyzOL8cYLJah8E48LvlXgx73usPlQCV0COTDLmQWOTT4YGRHLLz5shX8ZwrDdQx9F4q3p2H9nMO98Ax1VPsnzVYxwm8tz2pgrCf0LPHGLkRhoquyj4NU1dMpfGOT6x3DALS9O9FPFzTPn0UGNmSSbmQKXdk2Cvjg5zir+B1maztQyyYmM61Jgz8Q82nP2F154rQb/rotCT9AEWPq0i2P3xoGTZhav2DgHn2zzA98DEVynqEOK6YZkVVlFe56JQp60I2j1uFJY4TqMEfeBwKJmGBafDrbezNvP59K24XTyrlCB0bbncVxoC41dpEuq2YG495cETfEJp14eQ57r/On1voM4ZpUcvJutATue/WYBiy68eiMOehIfUNQqAw7VauQKlVu4ReIkHBFWhe7fzqwmIwox545x16ohtI4yh0eeQZjkfAGuKSixT/JcGl5uAG+qtNjboY0lQsqxJ28Pry+Vw+EEI2z2VeKsudJw2t0KZvWIwZ1Je1Ff5B1fkutC1RQtnnJbHoK3uZNL7TPwaZxDMqfGQ2ClIORPv4pnjNbi6qWjKfGjCI/ae54fq5vhrGVNKJD6mp555uHY5VIwnJ9B+vfukF5JDFsF/uB178J4Rn0vT2iciIpf72HjwDsUE5aDiUKrOfjOcxJM24X+nhuw/lQQVV5zxwry4j+5UtyoJYFl343gTp0/n6kdQdMGHkBJ8gHOeeSNN1pi+Kq0Hl5Z9w0DfR/ywmIRyBo8TuPr8kjx6k68uT4OTpEDDe8oxoF3nRRht4wKWho5PmgyrDiXgvFDJaDsP0SDZ/6wxBIHrvDPZVWfVjjy8Crp+2VjzThdUJb+Tg+2V6H2hjcsHr0PaxJLsXnZMlQ9H4MN+3PQ5OwAlrgow46YeppVrY5S5xl7V8yByrp/ECfsgAOGd1Dp8yXayR9gUYMIFNy/xHV5ZykiMY53Xp1GcxP1sT/2I/51m0ZxD2+TQvcQ2uhMAY05+yB1Sg3sORgOorOsccTzJj78JR1TM3ewoYANB81QQN12DYhpD6FkiVCqmbMKfmyTwOXK3dTfZs8a3IVztuWg7Wo7/tmmA2dtdPkzvWHZT2fxwH1/fvd4EJrnBNPERFEKfSHN06IJv16UgJTqcJpToAYrdm+jSfX7cJv8Shj+/QCftnnjU/VmnLjzELlVq8KRp9H8JagHtV0TYbySLs/+Nw4zMATfrX/IzkGvKat2I7lunwiuu7WQGzTwTbgkzAvdTRpqovAodSXWrM2mu2GJ7KrZBqvNxWB1pRf6xxEC5dHJnHbe0hOKZ8xW0MShd+i4PJSt09rp0+B4oOQvPFE4HKTub0ZnxVJye+0DevIEwUf0uLtpDXmMLYOK34ag8DKd5ojogUv3N1DoHoErd7rS572lkKdzlHq/qdGS+GFcLmIF85YNYpXfM2zds5tuDDPMqGuhnLdjyWReF7yuG6L2RZGwXU0DNtqfwYKh2bhxsxDFW1+kDVdd8X2XLMWEXOb2ogZuUpyLSWLGsEZMFdpU0mmsuT1tzmrH6K85pDjKiRdVTuBzcePg/rQp4LFPALaJhkPUi2NQkKgE6l/TeHDXdvDJP8f7puWSnK8x379UjoNsAc0HLoLEIeBxecZkePkcKBW2gfTVOeRRcA2ylH0wMSyVJ3hqgeJ7aXQ6uobjLqfAYqldpCM/DW+WmnOIZTVcl1tHH58WY8TXsfBxai4+rvkCLTNWc+6P2xQwq5j3e+nxGd0aDipIxQqRaN55aCps7ihhY9MVHN+khvJjwsFmRSh88HkC0edWsIDxFPb7kwOJRyaDSsNq+JSVgfLqJfBw4gZ+IpKBsx9e5vVSwdR/+Dp5HnKllkqGz1PH03CHARm4JvCRwB5KeanP1vUHUflpCt/fk4j7feT4Qqs6dMn7kvK7LbR+SisbqW+l8AjANf4DdOJxN8c/1uELmVl8sZ4gbGA3rl18jZ4N+9Kxk7dp8Z9OsM12YMtdOdRUJ4G6/5Ko6IUMpJ2RBr0N09nezgvvx63nG49Pk3t0KmWJpNHK8DU0Cc1gtYYUiGWVQ2XbUwjUjMVNljvgqu8uimuwoXuJkhzlEwmNQemY4KwJzT9tyN/Rkpalr+bYh4dBLjuCjk8DKi8fRXeKyvnk0naeLTUGpDq/Ylm1Mm6f+4FHzPbkx6DNy74uopFVyVCRK8iaGy6AtcdU2BH5EZuHt8CBIy2c57oH5MXeUnXieQi8LAO1kYXE0g4YoCcPHQvWc9THdl7k8QLPi+7hias6QT6qDwLb7WFf2CC8PqBNwV9MoEfxPDe+08AD9vLgnT6XjI/rYt6sHbAt9SxeWBTCCTMAvr+3ACPTcWhTXQXmKnW09+UzvlGtgMa3hPmqfwWdKannXXO8SChEF352fQIfyUZOqVvBLa8+4aSztTxep4w0SQI0bk7Gm3dL0VVbE1Zl22H3V3G2DojEZilR+tDgzaIDz9j6azclNmpAYIAzHQhUBI96SRozVYYF237x4MJYnhJVha2wC98757KSzVryrnrFC4Ik4cZvY1QSyIbxDoYkrOoFy8QHecz9iZAZuA3Oa+wi+QYJMBYk0B8wpPcG5ZQzGMYr9p0jq5OrSX31SEoVOQkF+Teptk4Tv6eJwXnDO5Q3yYcbK1fB5+5TFJe9k2fNkcQPYblUOyoR/ATnkIsHgftIZIcH8rhZZycV1MmB1SZ36pe9zwpF2SC7dAM/l9WktAJTqJm5H1bRRzL6cA43uypxUN9L2hc4xAr7+7D38AKqSTPjr36TYcSuz6yia8u2x1zwsIwpmz6P5UiFRXh1Xjcuv78Hq9PlwS11Osj+/sO/frRh2Y5PuLVpLDZWG9KBjmdsu0kfpNee4QtfV+CR2nHQfyeWqr0+8cy1m8nbpA9X67yDgKppuL/KDjeWyHD7P11qu6wIo0QvcfmfChh41skC3iMxX2wBrbIToa0BEmS+6iR0Z87jRT46cKIkg1ad6mHT08WsMbOGNlqJkIhkHH69vIkLzm1B6/XbwM7OEMKtFDnX9DJnnyqh8u4X2GjVRDeNL+KkMSH4yMkGFy20wjdDY2GuuDvaHdLDPLUc3jx0Ev0aD8GqGQCiZd8poqof80oP81UJM5j5cSvVNFTiii4tdPCfhE1CcTRD7xb+mGlKPi1LqXTqBVY5ZA7vHdfz1WN59M1SFQs/faOXeXmY8HQQq0wzcb6zPAwaTcBlOgLQW7+Wpr43oomCNqR5Zyl2Hv/FO7W+oL78Iap5YkuVn25z71xNCFdZAxP/+woG7Y9oaNAXIktuo92mJL7cPgtd2qLAyyGFY7fLwd+I4zjYMpsefdnL644c5Sg4g/fGp7HCXF/Y0bSMHd29cUQSgZdRKSar5fDtx4e5IaKONiwKxP7DDnhz/hZOOr0bTBYWUHm8MfRNMqLAjzvxU4gvrCQlyroSz6W9vrRjcAf8WbIF1/cvIvv9lnBg5AleeiIAWnov4ZaUKNQSIdxdtYEbPiIMDP3HvhPeQ94JPXD4rU9xqrakJa2EzYdb+W23F/hf8aER+9thU08nt8e/5JhO5f9bMm/PIYyvrOA33cFUITEXtn9NxpG/7oHeQiN+oerGv2+YgqzUMPxY+hs83ijCyTcvYPXFT9yu7ciTBtrApDaNerPrSWSREuilFNH9K0Lo7jBAslW1JP/5IoiOn8x/H+RTZrs5fQzUw+eOUhB+8yaKJARxq/92WDrnPvVlycAWs9Eg+74NhUIP8uQ9a+j78vGwe2oyvdlQSJLrZNDWugNnmrXDoXeb0Hp4LU/pvAzVlwtwq/BkSIgSgNSH9tjpfJocDjnBG73P8Hp3Pa938KAx4xvxlIwkhU3TBvNHZ/GbayeNj/Hn/SsT6HV7G1254AuDkbqoO3UdFlnEw1oxCeirO81xzxHEJw3DvyuB2KJ4BSNe/6O3qTfZys6JWiJnsriZBsycVcbBMt3c8v4Hy9um0BOJ6Wgbu56Fp8pRpO5znHplFRhaGIGgoCfgrnt0WUiKppUYoWDQJarYdp/9BbbDaY1NKMuB0DVkCdPf9/MCkdssK5zMyinXIEssiapbCQsG77GEwSveknEPlsaPg/6VR7D9fRGHmNfBi3vTcJovw88AbbA5EETO2vko2duHutfE4aNrCa681g0JIkfAJeo2jGs7wKPUNrHVDX3e5LYeg9L8MN9VEmjSYjzZmQCKpc94OGYiRCdZkGnwHVp7PR9NJxWgR24elanogcmVBxh+NIGNWmbx7OE4qDdSQdd1+7HCaz0fKJLH/msLsCBEHt7OO8nFei/oepM1mLhu53uvP4Dwp62sZqgKty+o4K0FZpw/VgZeWabi5xMNJL+uFvxXtoJikBNpqL6iXekRMOJbHF608eW3uyeAt8BLeHnyGuROv4GRwo448vdV+O14Fy4WH4BC2WR45x7D+14xtIwPY71CHRJZuwoup5+DxTfkQOieG8qrF9Cr6GO0Nn+Y9+1RBe/Oy7TPOwVOJsSAj5U1Bm34j13HvuQlowtZ920kDY1eRcM75CDbZi6tz2QclouDeHEtWHY+A7VzhShx0WgMj2mgr+fXwaNv5vB87wmMXnqE2rt24MmtP3Fx02YQs31O3z4bsl+7PtwYns3hyxh22uei7OpWvNZWDCwRzEYzbsC6zQUg8WgLZImNgXXCCtDWNx5EkyTQ1lIc9OAGjkndDO/cirFc/ht3chvff93Fsj3h3D08Dr6cFAK7Q9nQmC+M0bf/g7YvoSxcEgQBNwbpQl8SL+/4RDfTpGC8mD1d/6yAhgY/WWVNLC7qvkp/PzmApFs6pL/oRqHzlZj0SR3qyo5gx+ESuDEjFQ5vnAy357vBI91vuPbLblze4sFjfg2xipskGD0tx1kLiqBBsYF1hA7yQ6Wb2LJgCG//3oDVQy/o65MwCvwoD/u2y2G2qBWsNDch40mjafCKPhhulqeZIlZwZ0Q6H6uO4SorBO1odRLdJsMfFSrI67EQbrJXhBv/qdD1qVHoGpTKwwulaNkPBVDwfQK65eXQM6gGVXO2sUxZMI94q06XnE3w7uQf+N52Bd7yM4BT5Sow8mM3tb3Zy/MfRdERBz3aMmYaiJ2W4NMxpyHMr4CeLjCBlPyLvK32B02XmU+PVDX5RlsvByaf5aaAGO4qSebM0ve0e5cqNO2TpholZ7ZfMIf+qBfg/VuTOeXyG14oPUjid3LgaIstvvJQBfz7Go2n60CCrRbt6TqIP9TK+bCULE0KsKA0hULIW9POHsLKEHLQlkd/jeR7A39wwfVxFDLzNrdknOZITz/kyPPYMv0qlu9SBdfFwiz+SYx2nOqAc3UfKTohD90SLvL+3gK6uqmDtnvI83bHETD61ixYP38VLjO7S4d6/GiXx12cqrmDI6J/UOKdtSBp6okSHmPhh4kMXBD3Juu8MWz/RAFHjskGxXxPKprwnCNEiznozRDpODJUan6nlfN18ZxkPK0+tp+rPf+BqU0BDG3Yw2rpE0jP1J86O6bBqtMlOCXlNLz8swIOXjan2zqS3DyvgaaGJbPwuVt06MQ31Ky2hoFxXVz58zhrrxqAvxm3aW1COidlZLLtt400VWQC7jmqTgVmohCz8TsWSOqSnWoiL18/hb0/HOEn0YkoMycEUwTekXVdGH6vFgbP432s2D2AFVli3HpnFFV6x3FV1AgelzCNf6bf4dOVO+FBohY0bP/Ms3xaaNPjEGyrbaDCBa5w2PgcCVwxgK+ZE1le9zBFNAvD8Dlh6H/+kBdm6pOr2AlOHjxK7yt12GmHNAvXKIHYuN987LMxvPjbi3a8Eyb7xHHSGhvWPe3Nj82dwbsiA0Q4kkb6lYDxoATAsQ8ob36IHOd74aJZKVCftAxDxZfCjtytuDF3Cy3a8gi7lAzB4akWPYiVo6UqIyHPIBa3rhXCZeU9KNWgif0bfGhNbRo+XyEIZ1YpQNkDNzKd2IXt1nE8yS4dNizo5rm+jrBPoot3zuqDldXykL85EMocTWj3DxsaWyxDbtX2LO6VCD23z8Ar2Ro+ue45PjNRhhefwvFOmjW/9XVlh64xkDZkQ1abVrNmzBOq31cCjn0pOG6SPBR6P6MwsWv8ujmfj9TuA5PuPfza5AHdjXXHD4WJeP3kRop9YA17g/fSLjM12B6jCeu+bWSx6FJw62uj64O1NFHtK/vJ2dHoD+PgW4gVtibnc61FDhi3LuT6oFZsyN9PWsrdLNs3DncJzMGc1wAjtMIoI/MoXJdYjdd9HoGN+nrIt9aByoq7eM5rGVwf58JPQyfDmgJZuui1mqqD4jnnsBrOXBBCumVS6Dl3kH9f+s3Gvgl8o1cGzkV8haYExL51MlRQs4c3rayiiyeu45uEavjrrECjMkNQ7YQwXF4zh3YNH+Z7tgvZG53pVkUQeVseo3d53rR74SJquS6EF+sNwbzhJdjs7oOlVmPZuFcTmrRTUT+vm8r+8wMzm6vULTUDeqxUoUTIjef7hNOplQ8xf8Q66ivXosCxilimXwNNNQg/hybhe0MjWPDkGz2Y/AP/bXxMsjMc6Z5EMYf/2QUjYtexbt1sXFEyGe6dM4U5LVdw3761LGJdTRZa82hflTX/OVmJQzqrSEOoBLaP3YTRY6XAqXsW3oywgzUSEvBWrhw87LZz4iyindVPaPk7Wdrlvwe7mwm2Lz6M/sIicFR+MZntYBhj40Aj0m/TYT1LENuzDbJOB8CuhIlgnmRDG/AqwJOt8OxWMERsseBX1Qibv7fAXjsrOOwbDfcmToH9sftI1G46PYpxYVOvxWD/VRquuuryjPMbICDNEKExnK6emgIrC6/xiVgLSl3pyUERZhC+QRfTRB0x/9haetv9gu5+yIOoHFmYNGkJaIXJ8AfZfhjlth/rvNeRwdttLHx9iAWbvpGhzh6s1JkOyYI36e5PO4r+JIpPJ56HH2Zj8XGmDGsIhNJQ/Hu6XiZEjydIgq7MbEgIOIh7rFtgwfwY1BhvSXuXzuCHElF4VkkEkr8vxkh/a3AyKsHPde9gv3cAJVtd4EK9F1C+TJQ0zzzHkw2dqL+8nmfdmAQiq/3w8MN8KPfyR08BNZyx4Sl1VUSAnP0wFtYtAKVfZXglyQJeeMnxhk0LQVtHhyTzHsP33Nmc5ivNDxetxldTB1hrVSW7ggnUTHGBkttbyHyuJYrX7wKH27XYrpABr9xNUV3dkM/n1OE5cU0wkptNKeqzsFTYiH7PuUOFYssx55QrXTwykn/lJ/H7te3cp2cItVnnUcplKgWfq4VNOWMp+e5KuP0lCLNdP2O8qgu+PfqVVF2U4Oa2PzTw8T1GBKazzabLaOXjjL1vtDHlyEmeuGYYgrOmMt7TBsegYNYbbqdTZZJwWfImzvj4AIT7+slHMRKPtkyEyYcLydVGAXo81+H8rAx4OeEoTxdB8P8cDOkx7vjT0hkU797jwJJ6/qA1FkqUb0Gc4BqWmF+Ooefd4NeV9ayy5DZr2CfAgmO/cfqzXLYvl4RVvoe4cXs/bpcLgO6RIyjC0gLWXBTE73gG/T1rMWh3MeUrW0Bo/WQm1x6aeGoRK4aF0C+129wTZA+b3FtALi0N1SXi6c+QJCR80qJxO6fQ30JxDirQZO8pPjjm+EeaGlNDO2dmkfngEn64Xg1e8Ht+82gPze0VgKCc3Tx7uQt/PJPGiZU1dPH7X5aO0+AFEoYQ9+sSxL1+w898p4KSQCA6rAli4dN9qFm0lP9ODsbynHWUXWICx16G41GwBccrIZy4ZBwnDEyAqqPfqL4qks/Yn4IrR+15R+NosPjoRjURJ+DyWmeG5efxr6IOeLbLYNEsLWoecZN05axpmz2Ck0ggrEuWZV1tAaoUOk833YxRWFeJ5q8oxyWv+nF/0GSKEFSGC2XToFUvhCSilPFzhCItmJPCPZ9EKHzXDHCZcALFypbB0xWGIAGv8UjFDv4T+oRCe1/Dv9xOrh8dBvWdp2FawAzuiAjEoRUERo7fSD5rGBJDPnOm11lyydWnwm9HOcp3C592ucUlwXJsV6wF35eV4eppTbQvuxRCqw7gGZE7bPt4N55cPIJ51WfCRW4467UUxA/XQ47+aV5xLJe8lWfhp0IpLlq7k9aMVQd5RQ96pBfLTxZPhtw5QIt/JnPHyE1UX7USfvpl4vvdOnQ7XRxV8kbB9GnuZCgrAjjwBy5saiCPt34Ua99LQ7onsOpDKPnMv0v/hf5k3m1On1+pQ2KuLPVF3+GS7qmY13MU3FufYft/S6h75k6S9i1kY3drqqnXhyttPlg5/wW7u6WT29/fkHTnGd1KPYuPTlzH5OI8vPTnCdf7WYL/1snU3XIbNjybxDPs5PCxUT/vunyax3l5cP3Xyyz1qoenlamBxK/zkJY7yOvsVMDnoQuO2o5kUTEPxbwPsN/EEHo1px0CCkThn8F5lLeaQR1ym9FxfzK81dWlmTGiGNOvBUViEeT0KQSSLafCorAmFqhBcHpShV+36uGS+Go8cO0fZd61gbjOjTjjzEqMfyUAPZdM6fzlUN6OZbxi/h7OWaENx/seQOuIXXznZyadHCzDzPej4XfucvS5e4mKQi1wgW8YT8m4Qkn5ifx1Rwg82pDJLQ/VeVeOGCw7bUDhueW0PC4QS5TGsLSoOy1XMILKF22k1mlOt4Pa6flIYTDYMpcf6d9HeU83cPvUjm/UimHb9SCy+OUAfy7Kgvn551BiMRX8XWWh7dU+3iVvDXt3Z7F6uQRMXg6cK+9CywVXQrzIWvBSnwRtyp4cp5YLpV3x2C/lB3PmfaM1k//gZmd7mNuYAl8Nc0BotiUcdBGB+ce1+Wx6MWtcu8EFP3ZR0M9fXPVXAZqPt8KRDn2ermgANUvO8fBTez5aLkDTbPdh73cnDCspg/0LL3HKu0h8OWUxGCZLg9OjWzDf9RCWO1wB003rqK/5B+6dvB8HMtz54CktSp8ym7dI6YL+E0OcsyyLh++d5fcPT6Fefg+GdmjByiAT+vTmO4WYaHLPLF0oCskGOjyV1hhGQKNZFnwtGaKSggn4YsE0nJMuAY1S/ThDZjq4jZPgt8Ej6NKDSRBzo4ISKy041uoCtpgl0bk3A6TyzhYkdGVg60gh8tzfTLGNyti5TwJf/diEmcJaqNkTiKIrx5DMjSW8sEUQynfOZ4Uibzh+YCuPH50MXsq9mLutFe8dus5lX95RX9sFTHHShJeKi+ifbDiFeqrD7/sdcOC2NH+sm8Iha9y4/0AUWa0o5vvluuBgG88yDyzh7tV+ylJaBfLuu1FKfj8oXF3IakdH4cr90XivYzTk5+TivPETUPiOKFn65fDWO/5clJ9BD9OKyCNrDHzpO8QbenXg/qhH/Na/nabpJYA2h+OU6RbclLGY9U3/0n/ei8Cs9ygdjBEBfePxvHjGGE4R/cyzj+yB8+6uPFh3k36dew8eAuPx3Ag7yAmTg+ULfemobCAM7j2Ll9Y3UP16Oa7dtZLOwCoOtnyHMkGLKC5JAfbNuEbqQ1nkIvGKBBWtQIIcKWfNcZD4bgzP0oFobw/KKpnCzimWHKC2DqcvtUDzhBN8YLYpxcp9JLcL4STQXIq9RwtgafJESC3dw4FeuznIOYyp9y93aI7BFY/W8sSrHzhZcC7bVURyzI5JcGPSI1o4rgFSrbP5Uakk2v4+zGUhn6BeNQcsTwVC3KqLfP+qDmSX6EDqClm+eXsKPf/ehpaf7qF4+gCGjGskFxMdCtlaQcUz5eD6Zz1iJ2+W0Wnl7wo3ueTyQVKUiwNx1bX08bUv/7Jpgw4pSwhdcpsl407DHs3PMGLRAnyim0JnfQdocFQb5YmPx+1QDGm1U2D/AWtcmfgabOQrSN4qkoQ0c1jj6y68GbUDKuzLsMsmF1IKZcAmwhzTTC05+q4suSZZo+VAHW212Yy9yWt4otN3jpOYQC8E5WGivCIbz19MuiISqOQ0HcXnpUCEqAk4DbyCL7p/+OC9Jlq4cywsaF7J2zUL8Gl1A7qfVObsRT9IS9UJU0rmwqzUWzSbXHDWVHNQlChjy2NpoPvPEhPSzsHeyGf4M+ILNoS8ZH/jHpgY/BCXBI6G/9Ku4/PmH+jt2subXYS4Qq+PV6x3R13RYaj6+RZaBkuo2UETzIN0KPXIBX41r4wnvFkNozSycZXHMypJ14Xzx+rA/qgIJsdYQObcm3ilT5vGvU0Dv//+cFZVGkr12TMbh/Mkm40wtOcKKowdDYc+qOK4p9LUYe8Ef8OJFxa/AId76uz76xDs3fcLW3Zqs36LAYx/5k8u2k/xkp48KFS78vfk06zmvozaTKbgOdODvFD4MKv/0Qev2b3075odLFOupns7dFl4N3LpqfHoMtSJY0IW48rNJqzRrQfvVqWRWs4V5n+qcNDKkyXUjdjW9RU2VX4mD9/X8OnHF7z42BxCvaaywZTNtFlEDlXlBGGH7gpIem8PZkLatP/GCTJRZHiRYwHqb0wpOuEZBqiHg7i0Miwp3o8anhv5wpxpJD4hCxPmb6L6gyKgH/qPo+V2QMqiMNgUegf05xMtrgvhG3AAl8QMgc3ld9zvYQY9GRMhSfMpf7i4GqIS1fDh0R0Y23yHnu+TY+dfo+HrvHMY890CHv+z4GrLSaj3G7FCYyn+k85j8duy9GbvIO2rmUetM7TINADhjupYljloBhXrR7Ga/wp8ueA8v5k4Bby0QmFb/E1ofaeHuedF4KF+JpwJXI1vnWPRcdp3FI1og8PXzuLi0afJ7fBTMqyYQh8txkPU/l9YdNMNq1YV8JNLK2nerw1U2zSbrhzTgrWdxCf0DqOUiQE4rj/Etg8PcXlCBd2bEs26a/vIoDeKJ3Q14/YF68DKu4+OJJhCcJ0KOlpVgK2CIT3ZtAgvhK/i99O0+UmSJs8ZtZB+PQgl951y8OC/ChKrOU5rNvxk5YVLUKnpB68L1uFlTzKp/L8xEPnvALq46EGUlicvGveVJI1HoNyTbhj63U7yR+eDwszHLHHWDW6F/8MJjiZg+mgCL3/7HEvmOlFjcyLH/s6jlMkK6FX4Dp7OLaLhYyPpZbkA7K8QhyQ6we8U7ImLqjG0PRYvFMeysZ4FLP4XzR2hX+HUCgVorTkBXstTWT3AD34L30frU0y3rq3kI3Ou8YLseRAsW4y1IuYgU1SOOveYPXun0eUvhVjgJ4L/MvWoZaE2dywLJd2g17x04jTQCJ2Map0byWetNXb5XKKQTjn09f8NW82EwS9GFG+fHwcB8yZAoVUBfd6sC1tN19LiGEM8WZbE36/fYffY1wyR2zi/zYsGnhvCmIbPsK9XCM/O38LxE7Lg98ivcKz5AMVf3wru/ddpO4qAvashbP0lz/XWRbCu3AJDyuTISUoelF71c5BqFp75ZQymtSvoir0oTH4tDI88ilD0mRklhV8D68PKePbYFnwoH4xfbJfRFV8F2v9MGSZNjCX/pw2UHdxOmwdf4JwbX+iKVh2vGGvLTgdy6I1gG5of1ASdo4ep/elRvHBiPvO+6dB6qptK9D34XGwERZ37QD+UPdkgShmkhB6yY34LuybPIckwNRJoW04svQEvnurC6Jg0Tnz8lG4+VoEVV4Dzjd+iWGwCnhAQgnUZQ3BtQyk12DTxCvcy3GDxh4pCxOCy0i5OHBeCCZpP6O0RM+5JOkTR/zLI/Icfrji/G6wtZNk8WQoa89Sg+VQSSXgvBYfWv6wxfyGPU1gCaT1KpOg2kgymHeXaWjNQ9vWn2GuPoGfcWNQNDWfvkz2YHEmwKyEGdsp1YXZqAbkdUIPHBTF4aLk8hBsswPnO4TTymymFFBth8ap7tNw3iuTq0rksVQp066rg0BpriOyaixahNbAU/+EBqSs4auggPBi8CBZDsqijh1DcOguDX8rhYsNmFL9ZTh1HF4LdaituVXxOq2ui+YicET1XA1if2U4yjyohw1kbe78doZa8djqpdJjELkzBXv8sLgtbxg+WWcB84S62X16Odr7zqLfmLy6RsoKpik8xsV0Mb2iJ4au8Shj1ZBSMK1VDGZU0FvnQxIJ9wuyY/5EKD52A8ZYR7HDmJtLWC1RZrAXSX3Ix4asrib+8CC+9AiDAMor13nnj7XIxKHycQxNjjSm4dgz4+2fB5yI/1NQ/C8es4vmPXjJeyIijLEMZ2OhfBbIj34LLiBEQIj8K0+/YYJb+aZxZEkn/+s7Tx9P+MDbtDK0QL8BOh/v4M1cYbDNK8epkacp7V8XHWj/wdfP1eC6pj43hD5ROyOSi4Tou6RwBz1/M4n7tMjjSeg7fas3mE57GXF12HdtjBChCRYqnfN4Gbk1S4Gn3FKWyJ7KM1mI4p+9E+98epS97rmFwYgbu/dTAPgmHIfLSGLBQe8wdCvvxt1M4h178CxGHO1HWc5AHaus4xlMK55+VghNy8jCi9BSa1S/AVM8wilddS4YLI6jrhx5dX5hBOgYX6PVwI/zaNwYyzfLI3vYQ9uVXw4i+LXikaxdklk4jId2ZtMRCAgpOPMTR9tpw5M4Ifh+1FuMWf8aA7DF8/eFxNOq/jWdlqwnPfmVlZ196ozsegkuXcc+Egxi94AE5jb9LXv+KwWFbBkjdPw6hX2byGkETuKglC/P63fn8t5WQ1SLDEh/voqOHJun5ZoJ3owgMjZKkNTYXcGM5QI7abExcWIgZh2w5JPwE932VIJkST3TanMXX5pZg2z8nTBkrCwI1DDLHB/iF+G40ybannN9Peeq/nWgzK4br75ajcpkCnsuXg2Uf92D8zvMw+asjt9y/hlKtfew7fR0ntouDnttdHDcngh/ES8LRKnPY8acSXVcOoburKHmEWFFB9CXsfuiKX5s2Y/yD95wuKArVpz+S/JcBnueVSfTuHm+pLcaUkR85wamY+hTPYtN//1BKZAL8l6UCK0x+w0q/XuwfNwkfuRTQ4LaRVJYiQcNvBajMtAe7OifDSOFyKn/xEhPWLaTwI+0UYKsPR6tnotOxNVRdZ0ynU9dT8QWCKvcXrNd9DU2a58CCkv8Rdx8KIShqAID/QUtbNERLe6g0VCIZIZUV0UDRspIVqaSQ1TKSjJRK6chIWdEeSpGUlAYiI6EUQvcx7pN8UwhXAKZrefOK4Xn48fVJdE9XIA03AagS2QvH18ewgp0MShUUgNdmWyYoBc0Nx3GuejweOSzM684qQa18NToccILwGV7s0hOHj9y8ca3VGY6vjoFdH++AreI6HBoeD7ufeOAvgxB03nAQ5Hy10GfWeFJXes6D78fQRYsbkLmxly//NxXSwoxgtW0Tmxnu4K318/GCzjDF9ZnR7volrNAgSOYe6+ieny7k34jhA7sdqPppN/6Z/Jxvi48C++An3J46F6YMPcdz7/rY8cBo2PPjCPd/SwZbv/u4sbwMQ4N2grlvAm57ZYj/rp3ABN3nKCMpDZIa+9gzypiXbRenwBF9aOTkzVZ2G/jqvWfgdY3ZV3E2J6uLwITeR9hSbMBVV20wxy8a/kZqcO4UA45KiMBJJXXQVDkfA3M04fD1Brhv3gAN+7aR4Il16LnZGS1WVeO5D+m0o/oVmx5ewPlaCvD2znLeeXgIvsuMxoWS38k98AO4j6qlu3HXMXbQiFsVpMAmVxqSmsRx/L0Uut6JvEhSl8tM62iKYAN1rrMF3fwW+txuC12/p8KIhCk46slxvpoQxaZT78G2qFD+NvgL+2f4ke+bKHSSV6XEWllwDJxGNb2eYHZrPYQ7yXJzzHtcZG+EtH0NTdRqpo8TfekDjoGW2dFwb+dFihP35853YrywZwV4mcjD59cN8HFwEbo23scCvanwUEmDXld64qOKCBJWz8YUj2WoW9HIlu8b0FNzD3tOaiYnMwOwtcqnRzfKwLHmDqw7Mhkcy+fRseFA3nxYAi9VJZBB8E1s6ZsAqvPj0Nl/Iar8GcuvNN34VF8u64hfxLc1MfhOKYgdInLpwyMVGKNyjkTk98GVnDxIHXkAGjfu5ZuhX/mHkQfqzdHG/pgOeuIsDHf0RlLbgWZu3KhDSWdWQLLhZ1ZTSGBPuEsr/ohitm0Bud3VBifrpXDU3htHP4xEr4OOeGCrLo9Baf5j/xVCN2jCroQZpHJbC+JL5lPiaClw71OkirVjeeW5RNR4e4vme9vBsdYgHpmvigMBsqAxVpD1DMbhoZ/NlDf/FToYzKTNu5vBYt4DfuBdBs9uHaHqHhlY/U+HS+f4UOd+Ad77xoFbikWxV2w9pU/2ZZ9UZT5+LZXxng54TkzBCseNlNP2FiUay+ByihFO+5RBJxOLYVBXm5yz/PFgtgUsn3UPrt2NZNc+fUrsXID6k65hw84BmtK7CLQa9vO44wn0r1sR6ktO46PA67y/qY5XDF2Annlz+APWY1WYDMTNigbzz0nQYqkE4LwRT083YVvFfbB3kzxpZVzmnR5KdE4eeWm2Cv8tnAfwRht2ei5gjRNR9MQulLwPDJKq82o6HF+Pv21nod55DWiVPc+yp6bBkX3fOfneHwyd4IQuVmpkGP8fDM8aoOlZTSTfthgqErvpuo86iG34A+NC/NFh2moenmvMgjCEde6HeamLHaHzS1D48gDWGJiC75zXJDq6lGpnZVPfTU9OT9xMI2xlyLNhGV/OmUO6sjnopCsNlkbL0GKONYQtlaI8mRpsGw7ndxnAdlk74WfcUxJsDGadFG1ofSOBlzAbn8YSdWiPwaXHVnHWqdfwfocLr5S9gWErQnBiG8OtlgauOqYJvoVhvMU5lc8fi8Kg5CpcuKMD1qunor7AT1iWqwwmDRnowSkkZ+4Evxt6QB5nY5T1Sm4tX8ZmSh/hP1M7ODBSCFZt7ub7unM5VWMETWybxCtmDpBjrwV2LqyE56st4P6BPWC+VhNmtrvADcV+Fsk4iC3THvKitUfh9+w9VDnTiiZ9zKQ/GXfJ9YwQ4JhP9ODXelKJyoLjqUEgtnIXdm5wgIJIP+yY7M6zvTNZPMAMZjUfoMjeeu5dXgh2Qpq40moFfxo3hk80x2C4xy5Kvt/KlbNEYdBlGW1e5IJzy+/AlIZ4VJpgSAY/N/JfG0JnM00u7HxJg/36sD6qB8SlP/E4OSvSmRPCerkZvKdmMj48twwmqtnQ9IrlXCUnCXMnb8K6r5dooa8JqOqP42OuLfBl9BBGXJ1Kxt8Xovsuad7orgd5Uw7R2CfHSP06cV7IRphZHwTP1ttD5pW/oDZsSu/Oi6CaFcG795LcLH+RxzrXoHOTILhXXuLWSRK0WccQBp0GUWNxIuxZZQS6UwZ4alIzCi0JRMvKWGp/9g5snHZwzNgS8ip6CgItVih5VAL0+07w5aPh1KN7DKa3VKHo+U6c3XcWfSdth49cBGcHJejVmilQdqGC7fzeorpTLvdeTMfwl9dZtW8yTNy5h1pX7AWV3W/gb58+GG+KgJViq2D+558wpToD1yo1g5jybfa+sp+Dtx7inzeFIW+FGAQXSFDHYBtE4W7KaBGnixIrcU1vBoyf14i2g1/oRthMNB1nCgtv19IMBSset7obhDaN4oyDHylTOQh3R8pCeWkIaV3s5KglkmCslotmq3X5qKQKHBsw5h+zguldfAfG3TwPk8akQ7ibE9XuMIe/8R+5+YUDWUgpUuWS+2jrvZ6/Uh3rzb8ODx0ucsnjbL610BAkN0+j4VWfGJx8wFhSHc1OnqORr8TB99R0vOupCar+jXDxhRx4ecrw5gWC9DXjGsXGOnPgzmD+uS0Rv91UpZm+yRzVNoNntiuCUa0nTQkdiebRP6nR8zNrWR+FEsUCTtBEiisSwTHRI8HIdDJ02vpiu9F/tHvdIVYWOARJxUqsIJxD7y1NUUfKHnIM+nmpiyX8m53Nhn/C2extFy89P5vT1srS4Ly7fFsqAdrrjfGuwH2O/KEEWaePw7SxraRbO4r6Z36iRzXW4O//na+42eOtBZfhQ+I6En+kAQal4jg3azn3CgbSm48xNCf5HFHRP9Yzmsfrry6Ci8LlOP6GANyo/oj3s+ZioO0zVDl9jNxOSNOCb8lk5D0dU3Y20fsN7eBlpwWzexrAZXM9Rsy1Ifef3nDtuCDpjfqMi+xHUkJ2K0xfBbyoXw923Z3G420JRwhlsuJvC8otPUAZJwPo84HDNFz+F0vHfYMgwdEQkNBOUhMEoF51Kj8X+EvZcx6A5JIOat21l64vLqDi0j+YnD4eVj/eQ4IX4nF4ykY88N80fOYcjatlw9nOYy1ObX2DFdKx+DVEE/7LIoC+efQvdyzuWP6D0nfsgpuuLvj7NqPu/TBSFsvCLBlL2PXBjkcJfueDVr/AWWwv3b9VitYPY3Fq+g8M6AqEijZ1cv04GfICb3OQ60YOcmzhffbD6LDzE91YPUw+5d4UlxMIP0OtWDRpCrzdasdt/rM4vUIXOztfg56JIPiuXAAN/V50ZX8Cb7YXRtfnE2Bs1yEW3HyDB+JdwG59Kw4+v09vLTXBqXIeWcVLgGj9OBwbSNDRtBLNhC5RxAYNuBeUS3KrV4PrQicoFOzGzqFiNBXfCpVnAcoOJlOsfwLdsBWmOeVunK7qSDlGL0D0hCaetthEPQHd9M5PEDxEG0A6QZ92VIjhLGV/uLfBDseO0MU7jWLotvYW+wYN0OV3IyFDXAvcnyTTqPQp2NFbDmGbamFghQo8yx+PLfuO8fvDW8BX3QL21O7nlpJcOql/jR/nr+G8hFK+eUsZTDJfoqjPB37ueZKl7itCtbMcdI2Zwcca3sDAaS+YcHgiW1su5RsqIpj3dSrIPG6n3MsMpytCOfHEDly+q5WuKUthVnsbFq1cQ2WG8/hKsgxqyVTwnMYx4NlwCm/PusEjLcNYeW4azv3rgA7n/tBqT1eOEToHEooe/HLrNLBTPoOFb1PRakM3tjU9ZaPcCJ5vLgeDCjI8ImQBx5S3o9MGI0gYvQeFVvmiu/JDzBqhiyvtTqHBY3HKV/nAabuvo0p9BfbaGwKNLaSHj0Loxr0e6n6ZhgWGxjR19B8UEhsGXc2LVNNURkfb5GGr7h56vv8JpyjmQkn5G/L/PQutlCU5Z/Ap73/2FXq8fsAWR4DtT4vwa/BcMsv5AtoGMRSe+wtWGKfjeYkQyn98kd79akFp07Eg8TIEYh2ToMV1EnT6iuOPR+3Yli2Nw+kFePeLA40954iKjtrglnMT7h99BynrbkOG0W0MEFnAbZO/4FUjbaqUt8VDa99j+UlhEHOyptwXd0BF3YgvYQxduKFHDn5m4FGWB91xjnC6RYR7hRii9x8h3fz5mFo/gqNWEG2+7QHTYgZBcZ4k3ZTrwL1zxShBThW0K8dTvFAAjVduRZmnuay8pRQTs6fQ9/V38NDBO6i3PYD2p+lD2lM//nT7BkqO9MNzyeI8baIhdC3pY+/Xejjiww74+UQFSionwXBmHPxTaoaJSzW4dK8j5CuVUVOwOj4ISoKfy/3whq46P9sKEF12DQOXIkXdCCJll7W4XceJtu7UY6vA8bRUcwMPXAes+CAAozKmsXjcE85bmE0mp6+CS/tq2LpgDKVUqpF+A2JqTTXeWKcFzW1zUKqmFXvjXtAi/gg6gV85WbCf66ccAOW8v/QK+vnESjUoCJbjuE5XPK2yFo4fC8Mqk5PYsew4bEku4MkK7Wh5roP0/yhBiG0FL61VxaXVDZiuuhtPqXSh1sxjcMRsPArgK9I9Ng1vRojBE6Fc7op6xvx3Mmq8iOXzppo8O96bn4+4wV9WFOM+1UaQaJYDM4s3HPo6k+RWjeJvXapwzHM1/ok5jAeFD7Py6kyKz3DA8a+lwdOmgWb/WIl7TiXw2OipIFRoDnOufqLwLxdpWs5K7or4CfPEJ0PuYByYas6nqOFRJH7jDr1/uYrXeBhyrOUXjnhTSwvqQ0FLdTLsIV1ehiqw5uAa6Ch6Q8X9bjh6dzd+7IqGixvy8EbcdoooMoAdkhbk2BuFo+97U3xZBW95pYcdmUc5WG8zx/l+ZR3pGrjyWhnkjRiEuo5CxTQDevyvgny+3kX1l6Ws5rMUkiZmYUC4CIXE6kKdQSFuVfmFbePr2WtqGFUNzALhdFmw15gGjzWOsGTVfCpfrwHdJdIsXxlLRdtS+N+ZqbA38x4F1MhAavJi+pJZAc1HtMDipQXY1uajuF01uvgUU/TsHjjY7QGzT5Xigy43nq/rhgUSyXDRVwa0rfJZNyeQHUW3UoZ+HHH8HsrRmAP3lg5xwlpdmC/fi6ZnJsOi5JdcFujA65wucXpiOB7/3klzP18g09Un4G/vTxi/zx+cAqbDd3kHSnYbxk/Od8hxbB702R+FdLUKSK7rYq2Phhxjegm8PA3gk74cL5MJwC7tjeRWn4rj9j7gL1tHkNDUHdCUoskxZTn0yEcI/BMrUTdnPBboGqJFdSP32KSgffZB9s2V52ce59g5Yw1+1xUF81gvdGpZCk59l7Bl0m9et38htd8uw9+qlhDxLxIsnafClfnyYPa9m4VybtKCLilwjT6J639KQVHyD/q7Zzu1eWWCarMFCtYpwNq6J7he5TEvczSjztsO3FPpgA1lGfzp6jMoU1zEEcoFpPpyIngd3EKfPL/At5/B8MfUjxbnNYKiXxslnpIj2w+f+VO4FQmZGsOk3Bw6SH+pesUwSUecZPCezY9SgknfZi+8/PkGt+Y8pYp8AWhbvpbceCvuqD7KXuobodR7JqSl3oagR+PB9cEKaowcw2Ga0lDnWsFDUq500Kkd508ypwZ1Va6w2Uq62TPh9sjxGPtQggrXAeQZSNPZt0vgh5UsZzasg5j7T0AqJJxS/ntCQjezYUjrI2+KM4TV4jfhus0lviexD1b/UcV/N2zh4ZpITpKditWXm2ijVx0mNOlA395Z6DI2BhyfiIF2tA2fv+jEvdeHMf73ZVDrCcF9zRWcYmHxf/N/lcviSFDqDyy6XEJbVqzHw6NtcPyOw/xdJRF8Om9hdZ4w9R+ZBOdjQ1DSU5O/yCzn9vOPocpnP1RdzYa5saFwM10d036/x/IXOnBhsTa+Oe4GssaRdD3XEcSvR/DGbYdxp1o73ln2jIb23uZlZrLgKuXA3mPf4SGHszymcQ4pX/MlgZzxNKerF5oW3oSOc+Kssl4CupODuLgvmYULf7Ll+SUkOfyBJ8xIJGHtxRw6uJGC0tbhdCdBGGM6lT0X2LEGrkWtq4uo5+ZT1LC4Qj/79+HzKgPuNPBD/yUCYH48FLrua1GqQTt3PpEDqteHlrWqsEPkGmo4qfKL4u2U+E8aTp+KwnxUoN33x6DrmwmksWciJZ/ZSRwnReV58vxp8yUyu6gJ2yJeUGCnIsfK3+F4mRlY+uA1/9uxBtHpM4rQAp488SKkfrOGcE1vPPDVBsU9vvJ7h/U0a/EKKCrsp9q3o+iQhSasGXJH9fPKoKPWTNd22MNYaw3avdGZjk55R9HR/ihd+ZB21c+mObtzeeCyLmheOkHpM6I4o8AZWo84wt2xHhivW07zp9/m7z/16fEDA8wMEoHEzlJ8b6+JmktKQfbbEfBoUoDkhY6waEcMHLnqADPnKdLWUF1oiVbGmwfu8tZlO3nfAV/QX76KNr0uJXuZZE76UEtO5oLgaiUFewLl8enfVijWuQ8bRTNxrlwyOGZmYVB5Jds73WTLwFu4tEAMzCcSf53/iuUeP+B5zePoaakXaj8MBK3sOEoVuEN328Ngo4UVXDx+G47cLgcjmWLsGf0BFCZ54RW5ZjROu05CnYI0ccFbNpMxBr9J1+Glwna+apCH8UvzWOluGb1OdqYQK3cQmteBHr+V4O9BFWiKDKJg9zHQ/FSbIy3/8RRJI67cb4RmGvvB8z8xanz0GyTddeF7fjlddx3m5sxVrHvyGr5//A6Phm/F6cE6qOR/Hi7OlcIXSyVBIHACLBLM59QdX2CnwxoQlPOCw41t4P6jnK7YrgfHCgf0aRWHX6WJeH5SPQmMt+FNk8LIcvlM1pRhHL/Aj/SunaLTunoskW8N7XY1HF40lyI2CfDWEAk8UquJf4+Y8bbT6XhPrBOkxuXRhZ1ikFqoRp9kJPlV23Z0/dADl1rbuKmtA4JObQU59xuoMXU7nS5AqI79AYVKl3F00U6u/fYY6n+MpvDRa3HMYDhP6Klhcf0CDPAdA+k36iljTh7sT8+CE6rdWHpRlDoGr0Cpow/5vbjAS2d30afJ6lC0+zE3Tn4B+31H8Jof1VCY3wrqo33wXNFeXj9ZCNWjxGDyXEtIu+EG/WY7aNxbb5BJLIK4GYvJP7OfE2Y9A4Nry5hzWyl4rQXcS4+FU1HrSdI/iVet9YT01RX0RjOMk7Pt8YvGZD6odoKCe3XBJKmC67/bQfDmXNxSVMzNygyhaSvhpdsv0L5vC/OXyvC4Hknou1hHxiL+kBQuRtLPPcDnsTSuTFrGOd5K/DriLP0Ln8dBjnpQaVjE/dOO4mS/LrARbMfWUa70/DSASdpq2H4wgmq8X5D6SW34fHYZVj5hyJIPwuVfYyljfy8ub7mILccl2WT4NTtm7GebRTpgv2EH3RRXgAnxz4Gb77FhjS4pyXZR/89VqNC0FhO/fCPza9YwLV8R6j+sBhplTfmlb0DR7DXoan4EmYg44jW5OGbNMP5o0Qcrxygq2uoGfr8icOyIqeg5PZ7fZZvy8YHjGDzRGbL7SvnAZiWQmbAGpBfIYH3Hcli1YwOaNrWDgesgY1UamRaM4dnFLiw1ygTWFOsRLI/l7mUHKWtwP/+rjIPx/5KobO5W3KZkRxuGOkF9PcOfzLeUJ2nN012z+YuXOUePMIVq3UoaVdrDG993olJDPJ78MQqEPRK5K24AjNaWQmftW7wTfZZ70gLg2ZtD2C15FKb5zYOBLD14vcWWv1t1YNWzLaTn9owHlUagv+larL1lgraOjhCatYY1VytB7owZcP9vDezZcIzE/sRCflIEtv3wpmqH69jz04Ut+stodqYiHCw9jldhJdc41fHu8wP0aJQMZW3Xp98DFXzi0xIu/FAG1lEj4YioNKY1j0TX325U/cIfn9r0cflQITrIquD8q49p5fmNvGKcOKR9282n5/7Gs06r4P3vb9x61AuWN5hz4n1TivlwlGrvZqGhrQX06C0GiflmlPJvB+EspqInLrhguTMuMqmCGrEgvPxjGC0trUB58wg0+7qe1y//xCMltMmK3/BQxR5s3dEBMzcB3/1aycueW8OSghw4fmc8Z9d7Y/PXS2RgFwHvPU6x2SUrtk4agXErLDCiRABu6hmg4Wlp3N+/CEMVtrG1zEk4WH8HNhtlkP6Sl/Ah4CR5auvDgjXTUelUIWnPmsTRanLYdWU+J4yro7Q9hrTZsB6Mzu3n6nMy0BG6Ao6cXkjhJo8o6m0ymJj/BrGDv1hNLgGstl7Bb2+UaUXBaEhSqMekk5fJ0W8lmz/5QQI/fDgsLohbX5bSjLoArPrPgLoEAPr3rIbynj4o0t0H2aXbcI/DKagI/4Jq01/BunWBeOHNXl72azScv3KIBNtuc6xOHC+rXcG9F1I4qSsBNgxbskqzFHvevMr96kbQp/cCjyaUceOtJ/D0pwcYpP7lizEacGHSU+iYFY6hc45TgKcxVIl5coCVP7TZReCILGdOiPOjh/rbyD7Vktbu6kXdiy7s8VoMPl0eiblu8iy/fDs9/20L7fuSMaQaWOeWME7edB2ly1XxbAzBhLD5cFMpmtbeGI+73yyEX9HeIFuzExwbcmCb0XyWeb0Tk7eNhfynD+junFZWkshkjdUzKdyxlsVOfwKefRcfd9TQ/OFbvFdbEpwvXUFL9YuoO3sdTRqlD6ZFH6D70ki2vvgLHxeKciZPxedyMvD53nEq7WoEAVtJzveupWdrusnbT4Lf9Bjj9qq9vKLpIHscsoRAQV8SzcrAinR7HmycigkbhvHxLguO2bsezoSK8Wi7Qo7TEICpP7vxsdcUDJ22jkX3mtOce4BabgexdOg2414DPP+iGr4+Vob5u0/Sia+tTKqP6db0Hp6pO4mv79enVV53qH5AmPMtlDnR1wIupCzBCSgEW+3H8RGhrTwvOZFVgwbgg7sdFgdq4GxTM9ARlgKHAmcOj84F/M8B7bX7qXn6RJr1S5DU2srBLzkAFXz/0JoaBqnIdphxcBc8PX4AAy4bgYv8ahgoOUIznxiwY8hElNppwm3j1eGziCKe8rpPV/ueoVnDEOunnQGN1kG2+jeC9Gzr+fUeoGXyltCyaCmHhf8kRdkXZDcQioa7bUBh6Drp3wtgd8t0urZ0Bt7fpQn+D2w5WFAHB5r7eZHuCvDI3YxxTV+4e04Sx4qlYPs0GfhnrAVLThWSgLs3libJgMyku+BcW89rRj6EtrwyDgzJhGXff2BHhBIcVb8Oi+XqeFfheErNI3TVD8O7KyfjpdUrgHKSyKFkCpY+mwSXG7JYao8sZoQ40X59Z5beUwU5B2ppOR2EgEXX4fqWd3TKxwyydlmi8nQdPjZJBE+peYCb6F2WyZnDkdtdQezbXS43DePbtQKw7EIVNOeIgv2Ef2wHySxab81PWy/x14J0vPfiHOn8fM0PugShp2ILnApX42uN2/gExKHCbVESfuXI0fHdkLYglX9vdaGYO+bw4sV0EhnZAZefltEV9TSgtiXoW2kP9nmhXKYTARrKHtwoOQFa7/7hkeJLcMIDZbio+hvWtA1hcHkq3Zk5hl3gFj78zHjw3CQ4o+jPg38X4r2FaXxRXROqNq5GzeRBkLskinMlf3Pw4ctkhXJwfWwRXwsuRIfdsbQu/zYa7KnjiPBtoOZcTy3dS9m8MpOU71gBuBqwwr422piTh/92TEKtrGCS+PyCbb3MseZBKqSfXgdn/NVhfskpSmtS4+iZG2n/GWGKbCli4zRTPtEkxwIZxznyjiENf5aCmOpmcp8oCAbBsnD8rQXJu9pSaMgruPLpGhxwqGAtG034fUoNzIUFcck7P+wKG8FlxWOoNlMUZ+Tn04OGAWrbuQpOZmtC7GolWLY7m2x+ltEtn0e0tWoqGf22xrBp93j/ojn08kMSndfo5oY5iqBV4IdZK89D/l5HUI0MAbmjnvQx1YODX6zFiumD+PUrUK2XMfyq+0dWGhmwxS8JxXdL4pbkFNhVfhkvHZZmiatF5HviJB67rQ99O5/Bjh4Jnhftwu8T74F92HWu91mApjse4bnn36nYzZl6h8bC5BgRfDw8yMFxRNlht6mu+x7dvHOPPFensr3+dLw58SX/Pi4K+1+dp/MZc9ny5y5uqQullY1mNLpxCM1PW1NMwmeKcFyF69z14bTeW479sx3zTm6jTKsLdMifScvTHMZsFIcgO3NIkZvJgl+kIHnbKFopWU3zwjbRqJx3oLXxES5dvpQEg/djqKoil0iuoIlDZjB13zV6EeULfvFL6VztRzzX5cTn/EtBSiqNBnx0QPyCGWeWa8CqLES/7G7YvqiNKw2D2Ph1Oigk3oYdXaroVhPBY6sdwbRmHFTvCob8VikwLN6CzireEDRzEn2aY093q17Af+QP20PCqPqpBWg7abNQrCCKVMXj8pgIWBt/D1I/p0Lr7I+c2h3Dke83UISiGqgIy4F9xWU4qHQVV0yohyWHr8Lvj7d55o1HkCCiR3eLPbC2Vh7iHYfYzkYArD4t4f0+n3Fozz30Ff2BUUJ9KPDFHZr2NdLiRTqw58BO6nf5QykzfMnUOIiFr45AkwEx9reWhaJtu8ltZQ43pBnDl//6kPL+YLFpAHR+2wwr5qujQnIh6PV9hy1pC7n7yBWc/0cLxof+oP6bLfBfdAVkCVyln36NPD63CNYtqcVtEWfg9StnKOwZB3HC37G4oxQFvowFTccFbB0rjdNMtEE1uA3dxv1lBcVxHH5DEbpNFKGyIIeUC9V4WPA39fq34zWZ2TznuBpqDR/A8TX6vMV5EtR9v8WcN5J862JQoAwpreg7LTmsh0eK/WHbsyg4E2iDDjIGcE5Qgb9JPMIvF/PBZ8pKPPKyAq64n+ew7uXwL+gjyZb8hJJ+ApH/bpF86gxOSTGkG0eQTkkmUWb5UThzayqF7pelY4PP4eFePTjTyzy3Uh1C3k6ixfYPOTNDBHL6B6jpbAH8mxAJI++b4SYJCzj0RRyeChxHRT8pXDWQDLNk4/HeZzcKv9SAjqciQbI0E6+lS0NL8kJ+ZneJ3voL0O5fixj3LGZjjV7s/5pM/f4COME6gtTrEaKuKdKoU9W46r01C5itpqO3tbnkQgv7h0Whza4VOEvoBP3eYARl/xrJpKqL5ZVtsMz0H+hKzgPFVd4kDkfpc8ZG2L6xlKbkGsK7ffNp7hkPWvXMGQ37ppD6umNYuq2frNYGwYKQ01y2Og9lMhh+h2bgf1lNnLclBud6CJLv41TIq2+FiacScG+MFcxmPbIpUoQst1sgIb+X7RV0WdhwJz2W8cbcyL38fF8d2n1PJAtdZcIMdTjqlgXXo66wXvQg9WXOwVtvL5PSvbW8WaQRLuoHU5WhP8y4pwICTSfoqFsR77B6hCNVy/G/pRk0WJaAy23O8vZ3k/hKoRJs/WUKvoma8GGROyhnfSOjwwEwfcknLhp3HgefxuG56FywXybLs+6MhgMZo0Ap4yptm7uGKkc9xHjPZ5CyeD0d+0+XXh9eRIcfHoYVo00gpz0KXMyMSdv6AxtWnqCJNauofc8ArVLVo0Pp6RyuXsFn506HI+0SIJcUi6/2heOlHWkopbcFuLOCVAX+cHPwb770MoeWt04BQYm9uHlBPuY9fc6vLZtx1ruj4Fl6gvrN1/OJrx00te4VGkgIwd7dVXj2RRUbF51gL7oOQ62/YNlxC7zmd5+1b17Gm4lKLGlhAmfS13OqRQEN2xzHBWFeXGhuQl/nF4DbHEmS3f4aIg0iKKhQCOYdO0PvJc2JJ2TCJjEdGtFlAxkxMiTiGkDSJTtp8YLVbFYoDJYLTPmp7gl644xUrlGJL1ffJkuT9Xiz7wmfOvmITF97cnqAHoxMngG3l89F95fquMOYabmuPSfJe0Ks7ESSdK/FqQb9ZJYoArOv2kKFbjcal8yimUFDpJe8C++ZxfJ/179QT9tcvqstDo8XSsAU3xcUmrsRfn1qwV3Kx9lnVCEOiZVDgZ4PWgrV8Rm3ZpIMsoCYyy/Z6boHGAX34dgBHdC71QVB7e7csbWWB+Iv475tEaRvMhHaph/GxJClYFgdQElmUrCkDmCe52NIbx6JQVnlLPXwEltYaMLzSGkcPnSb7f3V+cDLMIzcm8emlvNJ9NkoCip+Befua9J1l/Fg+L4E7oU442DbcXg8xgwFtwpDmEsjyS05RDB6L6eNnsP6lcYwTvkuGkoP8kTBNah7cTMtWNuLb8Yvpf0dLixQOwfxcBa5F0rB0kOfwPJCAT53KSSh2jBKWjCaLoovpiD3drg1x4W37dLB6QoakDw5lTuCE6Gl3JpGbEjG6eQPoQrZsLz3C793PwRLDqewj8cU+E8sFA78FaOv22OIna7iy9HyPOPvTBhB1bA9uIkiFSbSnd96cOy3JmZGv8J9Jceg/GcxZ33/h9em9kCbdiUn9i7mS1de06mdytC+dAvLP4un3cUbQC1+mPNLRWjccAF4nthIenWRfHHpIP76qQh6C0fTw/8SsH36Ycr/fIbOD4/m41+3c9nmFySyrZwX+hhCaP9EWCVrghI1Q+h3tZ237buE/nqPKORRO2o1A975FMarrlpy2lQjuFwXizGvT9HRKUzfllXgHtF7JFZylPf0q7Gk9Gy83K4HofHSoJOpCcfkDbB92BvsPjHZ3tdG9awkuq8ZzbNmvkXRW4KwtlQKokUPwurCOzwYJ023RHaRRIsISjyuoRE+3Qgr5TBYupASw0ZBv1wJaVtG0Y7t12iRUwrKnFcE3P+exyep0MebMTB2rT0r1k6GMvGl/K1kMUVumUdFL6bQu8JAVi0Lw7+f1kDkFzfmUH1s7R4JsWf+cpzsDczt2cWPqY1MH+zisHuV8GrGHHrmOYJS2nTpQ7k1fIiwBIm6uSD25AF22JhSSbwkKzz9wZlHU0D9VAcnPp0NP2osQPKSBh1v+geH5A5jvNtZnpd8EQcnTuWwB4246cgJDnkbhR4fREGtv5JF/XU4q+EV3nsZBOc3X4ArsdsoZOFujPKbTU0FDegiaAZ+6qloNrgQJXUXY5hyPE75oYoWc0bz0oFqsO4OhPgXKZBzUAHqX03E5gBX2DNjKkR+WMX7vD9AVk4zHLYOISvspIDfAtjerQNGug9p8Y+VIJ3bhQMtbrg//w42xExHh5psbnG050vGzVBcIwb7748lkwAb+l5cSTJaEdRxohh8b42iHXK3UE3tIBut3sWWpRZQPWoY0sbs4y7FsXS19wrJpgaT0NF5WGKpjrdNCigOdVn8jDiUJ/nRI6P/uOLrSLI3amXFra/J5VUrTpolQ+cOppOjhB4/9pSDr3t1SDJzPR2MfgRVMZNx7ylf6tPSgejQbLr86RJZzxhNGe+NQficDIyaHEf++sPQULUKw21tIbtLlzcYVYOPRTOtdb4LO87LQHPvDpw85i28q7WigGlePDNlPi6JXkb5ItL85tBTPjj0Hi8lKoNj4Ane5lAJN8SjuTnkGFhMWYkGgjO4vE2P/TfWgLZgMb47KQqjVddD26lX8POdMuSPsuCKKzsI/SfgvW5ZXnbUlDTlPNH0qhVkXVjN+10e8tqTLaS49Q4KLYyjnzKz4YLpCHi5zBLW1bbxvNsmsKellp/NCeSS0bOxU9yRL0Q40KSIp4BFx0jefQ44ZuVw8VdruBTaRv+u3maPw1o45cEqLIwcS3NebsIfc5dQQm4YagjLUdosSXhzN5T7MnV58YcF1CunivKOwWwXWgKTHhGJDN3jVUJD/ELABLbcr8PYAyfxxIdRfMrUHTpPdIO82mM8JPIPrL7owwlVIX7iYQbNAUag++wXbq/s4a0dxWj1PIzffjmIC7LScb2dJeYXJkCRlTIc1ezjtuOJeFVYgqPjp2LGpkC8YrATIwSe8Z7+UJpsKkdi3+RBseIhdSuNRz/3y2RWcoJdZPXRJf4rGSzZB8+fycHBUbHo+VYDhCAYvYbdUOBzN8np29GTG+10oPc6uOoipdoVs5+LLV+8qgB2pb0we6slPvwcCf8W2OLI7mcQck0QMv6eAy3Vd6C+JBvO7tQBMYsXeD0tig8cvwm/VwzjlMwjqHTAl7/UZOH2U+v5nf1CStCdDI9nrQSHBC+ecOYV/o5Qg/buP/zopBYv0AvhCZ9G83CYMfN0EQj9cpufdyVA16ZL7OOtAIXWo9g05Q39ST3FBzQUyF3CBGPuj4TDc9/iK5Um/DTbgX5U5PB6UVWu2u5BIHgLUkda4SgpLy7wswYhj24sSpuNY8b6wN7fe3li6Xdq9H4DRlLtePr1JrQc0cUOC8dBfOMnlpgvwg+KAmD7sm+4JKaf5olpw2QrcVZ87UBaXe9xS5gyhD88wxt0FrPLTE2e654CN7/8YJuyGLpyLpU6egdYacx6ylLQhQV3/AAv9sD2yytpx7gYkhCz4nj3DtCR8cKnMzvB0vUk1YSPAq8MGd4RGQZ5QrO5VieEDdZpc03OJepImIiBlSnkY1aMW6pN4N/9ZPw4v5LNX4Xzlhu+uFHmJAo3FmLA2DX4LeAkej3rgJsBhmDtYY4Rt97ALwUBEDbpAvsRPTT9yEGQVWxGiwIdeDXehc5FC4PDoTyQGzCHV0lDKHnZj6a5zgWTol2kkioCakuXYEd2NLZWmEK5xSSUNL6LDasuQUupFcnZ6vDyISM0GdqEqdbVdOHJPvJ4KQ9CG+ohZmgePFQ+CeEP3vNI4wCwmO+AEy5EoZurM/v07KekV2PANseepFVMcY1aPr3vrEFeKoOPP62FTYu20ZkeQ96R9IsnPheFvS5arHu/D3dURkLiq3jQau7ndTdioGBmDUWm7Yf7v1059601/BbrZ4kliEqXzuCgZAKpq1vAjuNHUFOonztHWsNbo2h2vaED59fMBosLKhw6EMXfw/JJat8g75XVxwt1XWz9sJWsnzniyydTwXWrHeaeToeHpdZ0+qs3WKTko2TOS1YcIc5HqizhQroCPHw0HVJN1ODm9DzevD6I36RMBYcV0bBkjD6tdtfEplbi+k8hPOG6JDi9EMCOdVNhZqkoBdbncM+VEv6muZEub0wn56B2Wu6fB/NLheDlshuw6uspNPy4GI61vsRF9xeDX5goRrgpclusIw8rFvIVaxMYQDd8ejIJr4facNnbHjq9+CHKrfqB66P+8YyiYBSRGgc6+togZ/iEwyenwdnhRGzQCqUDZ0dgR64D58r/4cale+HMvj4YDLCE+b5boCi9E/NnDuKDZ7/ZzSgM8xbn4AitBfRTqZMKfBVpkooJzAiIgJ3jemjBYV+aqY+wZqoGS22swpB0DYipaQL7gm1U1y4Pv9e/xivRttRzRRcmHrNDFdfDfNv4NTse6mB1j3aUaSSOLleDzney1KQRjsdXMZ8wKEdQjiHFpC0kf6yTE175s8rdRuqxloEDc73x2cndNPR5FgfWXeR989ZAdLE/3lsUy2fSkmHN0imsqTkWjuoVgwQ78KaBbPS3DcbKr/vJSe4XrV7bibMXerKwgC/ubZwG17+7QUF/JJ8ab02+gWq8e/lyap5+l4J/38dZh2zwc7EYPA6aBiLPXKhg7Q0IcsxiwZ//4cQ9J0nU4iXGf+rDlFtB+MXCC7QDEAyMvnKFWhmlvHnAJ6KCuMb8Og8Ij+YIqXVU/bSRo+Vn0yNHY7D2ieCgGVK00DKDmg7tZfPI7+g8ZidNyfnJR5z8uaCxibWEZSFZ8gIGtCaD7JvPlCGxlqPqR5PNTRWad0UNK9TXAjXk0wiPkXB9rjXLOcfi9MyD0Bd5DU2DwsgqZxwLC97A6Ny34DPZkEIDpUDh8C2u5cck427Ptp7/4OTraTzX/yH7qGSTwy9FLLRLxm/FyrB3rAdMbg1g4YOGYLhOiYcfRHLEO288s3UcH4gX4/XNc2lqlQpsjDiPXpFueDHsEfxNTgIpow6OkA6BiINRgOPleKlMGrqCLOwUesOD1XvRYM0GVnd8CErLh+n4m2pepG2MMQMKDDNsIE8TYfOWs/A8zAxFZfVoRl4SChgGwi4tW35+7gwoLysCv/QsKskZAccUpOnfTVuKDxlgYcExWLptkDZaKtB6CTk6W13PifXtpNSmC32OoyDq1HXsWrSfAwt3wcfj/tydXssBj6zx0a9t9NQ5i6QS1GHkm09ksTObQ3R1ePfKN3zokDV2yK2ldMt62qjEFFdpxclPdOGj5DhuPqUFA/uMSWHreTzcfxK6/PsoZMUHkgu9Cb6LfWleogp8fx4MzX1X6eS3t6yR0gSFapup1XwHiizcDXPXOsGP/WfwoJEorH/cQdM/dLDUzsd0KucTNzfuwhuWmaxdvI4mOOjDUN4MkPouCh0NI/DbvBIImdVDJx8IkFYz44LvM+mD7ywyXtFH08bfgq/PEGpiA6ky/Ags8EyGsc7BdM5QEM6mMUyZp4xX1MXYYP4wu8/QhWN71nL62Bhe7+pARsJrwPe2L092/AJ/2nwgq5Sp8YoLpYxESG6s5u0/40kydwaEdwVSeLQpHjP/AVNn+ZDzpSFQMBwLWZ+FIEliFFZ96MDuB5ZY9uMKzeiOo8vnJFBx+h9WyI8l+7PdJF4mA6IHyinV5CVrnNWitoECfn6DML16NhqoDHFAjAo9Nm+i2AtWEGv0l9Tc3+Gm/vugtX4xzBuMwJk2xbBYeCWn8UmWnD6TL5RMhP9ayyh+03pyDYmgvZOuQr3VDFjpvIiW7q4h80FxyD2kTx+2GkHB8zq+8+UXL5sbCG0sRqZ6dyj07jTUu29HTbsv0tVdhrABpCDNQJsfZylyxiZxXHVjAXanqnP/jCAuLNvMjgm/UefsOvx+WwIsHuVQT8I51Px1CCcceMQKjvkY/rYTgw9U0511l/Fkz1yMUROAjTSK9zcd4AcT73CSjRdb+sxhB/ly+CpxHUP8Q+GFiyQ9KRcHn7UFaJe/jBr01UkhOwd7H9Rg7ic3MAs6ynItb+lztjQ+XG4MQQHj0GqCKRSzD0zelAVKEVnsUnOcb89VhKHiFj727REKFUnCxXcDPLZKm4u2vqfV0xFPvZrGmzesA8skRK3yPCibsxO+H50E5x3suUmlhF4q7IJvhovxQNkHUImLotdPcuht8HseipTHWbO0QOf8TJiduRhsZy5Gy5SNuNDhL5w8W4KbSjNI920L5qaMARltOVD33QWG9vNw7GPAZRYAIuZ7wEvMnn1C1+EtWykadec0/hc4FrK3vwN1NS/+flSQphxJJ7u26/zfgeeY/DGJuxqaWF1FHWULjaDothxfGmPAdZHpuOO9LmYvWklUspOOb5TlreYX6JbQARyTOh5K9S6i25YmOF/ngjeMtODFZ1+c8NYAZEdawoSSGgoy8SbNOgFI3rSCDaAeTp1dhpqutTzbppbOSPXxxRhnSrmUBItzxqD0SBF4o1gHJhaiOPveCd6mmEhGf9Nh7nkn9pK8Q3+yYkDuxypSC5EF9emn+P3k61gWMJffJ3bgnF8TsOJtIGdfi2Ap/UycYL2HI4ZHgNzRElw8cwmkbK+A0XPO07NrgXBh13ZyljkP0W2epK9dD/Yu5tA7OIbC7fsg+tog7JkmjcFPnCG+fBvuGr0M/OPXw/dRyjSkbggDlfK4+vUx8r4kTh29kfDAaymlTv0KtPkIq3wJB+Pm7zT8XAPEjpwkmaP3Oe2zDRnvP8cSCyvhfvZxWhfphR9bbPB71XLWHRgJcbfegpxKHtk2C8GDZxGcmOaB406EYeGh9/B0lRhrNk8l50sKULz7OX789ZOjPh/DwHmb+Y3yO9506AQ9eDWaszLfkP5vd/ghhXBYoZo9su2x+lYxZze20yNNVdoOdXzhqiKF5C3Da++DeNnoqXC8qhlNRFbC0hGy3L6vmU+8fsphmWu5dfAR2/a3oG/JJJy5VRh2XnjJJ1+9hT8iqlyv1wk2Vw1oePkfchIIY9+t6tScYwvGxZKgd8+Bx1EHFeyfxh+Vk3j6mU669NQG6pJLMEx1Iyq5ptKf1omwUyabZ2AiS0etwYCl2hS5ZhxkaJwD9ae7eZtNLVeCBJz1N4Q1kc/pyKxhTO8M5fOT+rDuy250s3Ji8ap4MC+dyZdvP2ShkSPAofgXBIR+xJKuKJrj/Zjtn8+CjYmjaP3P0ZD3XQPGZS3GvDfKsO6nDJdPFqbjWxRJQNkT86UbMUZxMruTNCTpZnOHsyf6X0aQ//WOdwZPZxt7ETDVmEWF59dwdtgn8tnohOdEn+HUY0JcdV0K7n+3g1LxYigTGcKYoSQuXNaHi1Z60a83qZSjbkz/WfnRklujIOX9RTQI+AdrIrx54I4H8MUWStV2x1WCAqw2ai8FHE4g/7TR8OKmCpZH9sK1sVocEDEFQz9Z8bkT9lBlUUSvHj4l0yeerDFBH/I+70HHhFz89MwGt1qJoI+0GR+Tm8e67bvJ3k6etg6JscIEY/CxPcjm7pdhtkEJFSUawaOsSTycIY5xui/41moTujVmKoTlWEOCby/N26RMf3wq0emcNB4S1yHN8DIU132J3ZE10KbYw1GmopBe0wzDQVHocv0+qBxaiOItvWAb8AOkk87y5I0JYLX8AirVT4aG0SPodfxBuL9Xn8qVjTikrgOyv7fS9EN7qU5ugLFBD7arCMBP4adk9diGs3+9gdny73A4rZjKrTp4n1QIhPRXYYnBJjA9ogYf76jQmSwvPLzuKnmE/+GMeEnQkOuh8/JPqFFLkITPf6VRtxBuOmrAZkkj8Hj2kFqnCtMc4e8wa1cel66som4w43N3lyNGS8Lql/vZ1dgPnxi1gpT+NAydNAVj+lNh4hElOuAhjCINS+nh5Qlwz28h3/P6ygnKYjDxjB/LZDwl6+0fOG91IH/sGMnLnc7g2KuqUK13gxV/L6P347uopdGebxf9w7rklRB5fBYOGdij4EMlOLjSFK6BLm123w1L5kaj5jdtPFaQzzXtFjj3wRbe1O0IbVPq8Iq/ODRa+YKB4iFcu+Qc73wxyOu1rKC9xhLCNzVx5RUJ2v37IkSMUIZDPoMk2DsbVs0r5XPbf6LgFw2oHSkFl5qM+dfoz5gn6ooeL6xB70stLKoZzweyointfiIs/28M11n40OudzznxjSQdPbePHz4XgdFzEvj5qip4Wz6GL1uponuLMGi0f8NZjr34AF/Ccqkj5K0nCX6nftK45e4464IZ7VDthQlv3vPLLQrk5jKKt+1yYeUoBGOTCXBUez7fOX+C3Sadx9GpbWzp0AsGx//SZVd/jr1qzydOCgJHi4FYojfZVj7lfed24hlaxIetDsCZ6bMpb1sra/8rp/lfZOhpljoMRGlgSlIK80MVvLIrlLzGGYJz7UyIEoqEbXSVyzRXce1XHcicJ8cLB27SjZU+bOOwGPP+2cPRPhMYio3BkrHdeMZnHUZWGcMaw3Lo0X7GsWNMUHTAiMZOd6CWLQfpZbwUHKsK5gIXO/68SB+W7r3KSQ+342Hr2zBjxUrw/jhAm8/587V/jXCr9RalmPTBzHvmcK8vl+d8+AdJUpvgT7AV1/uZk/cfRkPd85gvEIQ/O8dRDUmCUHkWWLhvhw6fRRQm+R+WfHxKf+9H4/t/m2CtpjHdbdHAH7vkISvoHoWKb6UwAUec/0KRhn93crtXP+Tpy8KF8YLQ24W08/14EHFOowMqA/zeMB7P67wl2c4z9OqtHXlvucCfqwM4MVuAS2URAkXjeX3nL9LxWQifrwixx9ZNMOnaEXg6+Jc3HCyDcYXX0HKsLqyYL0Ui+3V452Z9eD/7Iux/O4b552kO0QGYcesseB00J9MFqqAafBnXDkfTtBvL6Z6bC7XnnMCRLTsoPVKOGh5e5maJNsiKmwbumv2s2H8Aozr+8qc3wjAu8x+d7s7gVa5R1KR5jfZVXMY7p/5HAHwAAoFAAQD9wxaiiCTZldUgo0RDqZyMREUZEaWhJKKiUCEaKlqijJKKaFIpNCgqUshISVREySr3TEC8eBcOJu5G8xEK/Mpdmwb4FNn1TOSy8Tb0M+wB3Zt4hhWQgTcdpZ6CAM6Z0op/a0/Qh+JF5NqZxN9yW3D19HNoYbWGzj6RBomv7uT2eJhuWmRz+Y73+Ln8M+59OYMM3n2Av5cuQVPiBi6sRFD9ewKXzHOh3WwCp9ALzuVmQEv8Cbjw+zfNGDSi5JFP8exmIXh4ZC3cODiaI+zLMezdC6g6Mp4PbsljQ58dJN5aww5a96lQURCSRHNoudJJzDN4BGO0dWj9rjHsf0oLAov08evPEti2zpSeHdKGN4oTYLKbBFsuceTngS84p2YZ317cgTf1t4CLfDmZ8gq0LhsHO7zfw9En5uThko3Oxx/TGAljfJV8n7oryqB0aCFufp8NgSt0QUt/FqitCsd5Ej9o6rw1XHsqjeQMCcuG/PmH+39wvswetj4YBWlHvuDHjydIXFyQ+pSO0tKbsuQ46gpcKSoEyeD/INr1Mcw2NwbtWf8w5/wp3pE/GcfFfaHI79YULiZLBreO8o1X38k9oRvvdWpB+IA2jrApZqMyFWgczGKtlHyesrmZ+994oGqXLGp9GoTw0olQFfcYK6L2UIj+ECVVaVHKwDosyt2IlpKDOPYdwi1NaQ7vFQPxrc18RWoDGgar0veOGuyIPg3rl4rRpdnp3KP/gKNepVB+pBQs3FlO5xcGUlv4PQxT/wm5XeewLbCPvYLW48JoeRJ5uhffxs0G6XPOmNFxAX+v/cGPkmbhqeUbeYn5T/b3jIB5o9Uh99hDyMsUB4+jFjzrOvD0umu8xaWcTabn4oTRGzEp7zCNS96KosNhkGQlAlXtplDU60DSPgVw6GcfPjlsiTqHbtHhRi2+NEUXx471wxfHjeG1oC0e7J7A8GIDTzo5hxLj92PtpWlsvbmF66pqqNv7JYC9AGTYjQGtZEmeP30FtwrP5mUxgfRs/xy4cXsmil/aA/oPXoCAtg5kXT8I2U3nMcAtEuJtzuL2kBqarbmZV81OhXqzOvKPPYeliSPB6bkDrrh8ELteCJJLRwMdN6mC7Z3XuOa/tVgaqcAPZfL4xxCD7JbnsCFtAQ5enkm59I6x4xjW2fyEM1OssFFEgLSiSsGuSBfuyrfDS90T6F21BMe/roO+JY3oPSGAfFuNeOhwGZw6Vw3GGZPhnsBJvLg6B8oW/8dPuy9S9NF8VCkSZmnfefz2vSLcFz+JKnlmYPrjBKTfvUbefz+D9IhTFH/QnX6Y53PlNRHa9Q85Ynga3HU1hZ6qRsi/LUajx22GxLVJuHJqJGw1OI+zy2Vx3MszIHljOp81EAOxX0m0r/cGLxCYQ+Yzj7O13TUuPSBNZ3uyYfk7exp9MZsmKBqDx7OD+OhlOuWFbWSRMgnM+r6ZVdRGw1EvghOpnyniZgbc/TIZGuyFefsbQ2ywSMWD40U47m0/bL4wnren+sO1iq1UMHEKCHUi/Nao4aKwfKoZMQY36N2HS6rTyKJwFec8/YC/nI9yb8kP1A5TAnNJQ/BbG4tbb/2kS9I+vNjsK3YUlnG0oCvara+DKSnxEKWsAW1aouRw7R0ELP3IFeXS7HzzIilYenJa3EXem+zGLW7v0TJZGrJNjrFRwiua/a8M009twnM/hNmlz5gF/i2ls8uc+NfIYt47XgOsTavhqnsj1SQo4OroLyBU+5MmTfQjiXoj/qpbAx9fLoOtvQYwdnQX19qthOlH94JYsBL8PgD8X4IU+3gWwZrbF+HznrusbMRwd24NS6pNRDXlvzg9w52Of2jEbZJ6JFL5HneadtDxd2Nxm7MozNJrQWOFf5zUvRUDP/3gSQen4PnX3/nSgQwolDKAp9dOgInlLDDVOEbFNz/zD4V29lw1GScV2/G5GILgFDGa4D5MEYPP4ew7HdC3CUKJrvEYLNsJXybtxvFJr7n+93WsMGwlUd8HJBh4gCRHqIEnR/LMcgWYLiaKuovn8celzWhslokaOfupzu8XegVt4pH6o0DU4xwNukbg9df98KFci0O/hUGxcy2qr5SkbzAT7/bI4U4TDXj67B2YBRbD+/x6zOnVQI49wGKmfvQ4rZn2fQjFSQfusUrVVNA5ngp+8+bDNNUYUlrtQCKJpSBfdxeWzhtBMTovKer3YfzC+pC1fAuXpr3DRs1oqg22pBNj3nBUUBFeUJ4FC9TNsMPgG8oKakOZhy/3lQry5o6nND7WDR+0bwA9NxeK053GzslDHP9wP1sHiIJTUTI/U7SnmIN1mL1igEK2PsS/zlLcPU8dpR6W4xyrP7wd1KHClWiWxyzwcdZjp7BtsOh7AC5YLAX/nG7Ta0F7PkOH4OBEAzibJEM1pd+wYnwIDtW2o0LkcRLtjUG9rlb+PXAE5uxbgB6WBF/WN9OHLQLww3cRFqX+4VeJuVysHExemlsgLTyC1pb1oMl4AdhYNY8XLwyCBYEJEHe7Cp2a1lK2wnaSG5PNaj9Po1/XcWjXVYPH715T8o5B+p2wFf/1rEeRV5OhIPAPw++DZGcSwG8r/Hnu8EwoOHYAY9bpYnn8dG4augEnesJ5+bP/sMjLm0a/sqXJ+/P4i/skENPeB8furuAnC9/x2zJLmJAtCx3WZlybG0kqKyLg1OQi2JVuBIlXb0PLaMb7f75g8KWPkCa0kBq8z9OX7p1w7t5D/KeiBH59ADoJQfB71w8K0DYi1cwcOEC7eIftIBT06sBF2Em/LDzJeOtEWCB1hha5r6A9kiGYbGuIrYFJ1Hv5DU/39MBjJn+w6qAoTRmlC/OkKrBnbxasOPCPQ6M9+EvvG17erACFo/0ptPcXLNnZCVdjTKBiQScZeyjjnVDAccl7sDZRAp/lJfDIxHyKa5VlJ8klUB2sB0sq3XhuxV2+MDUbtiUkorUkkerHaOC5Rym9aRtF7e3AV0EEsSN68L3dQQxU9edduoPw4vELGg7+BO4LmXTrlHh16Xn6MB9gzpIo9rpvyHYnm+nzqNfsZDvEAZFv6XRDIi9bv5geizxB7/8mwb4TSSw2/ATi1rixwJwluJQ+8PB/oSB3pIYEX4exzj8X/HpfDU7vdmPJUjdYNW4mPvBzZfOjQlwRGA3W67+DcuVMnJLyHHdMVYVRz2Tx0TkRLJ2qyPMPf6Gp85rozuBFXDN5A869fJPbojIg76YJ5Ao4ofil8bR3+CB8sxaCXNFm7O9Wg94z+aSZFoHn115HHZVJINVaR190rdDs8mf6MHETT5ZfR80l/3i7tgqVP1/PSlp2oKSiAkM7PtBI624a+bEVS/4toBcQiu5ddfy+5gf8bfcEQcGd6FUvCvkXAzn+Rxaq5UbBGelH5Pq8E+piT8IFxdsk+8aD363uIcuoGRB2azpbPHSFz6OMwNHVnXQ/XcfS63E8a0kjDRiU85kHY3lhtTLEf7oPh7flkU+ADe7xXsSf3S1wTnI1xu/LJN9jnjwYcZRUw0bA50wntHuUD2GnDDilWh025K9DldLdRMY38NkPf8g4cA1V0g1h8EIAery6Rsdm+uFNHVkWNVhMBa4WcEOglDxThqD1znGaZC4JSQJ94LP8HxxX2sQOZ0Wp4t1hvOu2H206FNH63jU0LfmMTHrQbX+OCkRKyEbqGN3rOYoqQl44cmQgm5q1YNbbIB7/oQ6vqxlCamUxp2VpYZvJFo53CSVP6TrS7DjB0odVQf3OTLwivxtvf1WAW/wCBebdYvPdTym8YhtOkN+H6ov8yNzZiTYNhXHHxBvYf3UEVKkOYbeXBayhW3Tj0w1aEVMARgOhuPzxYzYvuA//9m6kvnMaIDL+AFksX4L9Drf5rtF93mP1D4xP1/DCBfZQuOc0hd32Aent6uCe9ZLqpO/g0J80MBSrJuOwhWiWf4Z8NfbCGWsZSlU5BS0n5UDi1G4s9OvivYKfoEK7F6riRkPonUHcKKOLKa2SNF7RgIfNAI5OqsXKw3PgadIsiA59Dee2zaf2a4GkPM0V3w+lwfwPCWCmKg+5goPUeV6Zcka8xAdddfT+wjG+0FKPd2qaSHpHP5a7HqLqf4KgV/sdyluCOb/AgFbbiLDYiBpclS7NUyPdcP+jqRjh/w6/3DEHjxdW8FthB937JotlaicxdtIb/Ds6gbOi3fG+rTfiLym6JawH3jK6xLsrWbY7AapUNuGavpEsajGNnpuPRo1eL/ggXwb+FxGunHBGjav/UKY2Gz/URsDUxavZcbskVCnqsPqdPeD7VRfm54uBxhVVnG98F65pScDEYBn4Y+xE0rwTBGI/0T//u6yxjahvsjzcqkmnC2V97Jrtw0YVQZhbLw4bRhbBkIMfewYaQviandy1WAYcTBDzwrzYtOMNW7nZ8v0H7qBevYhnLzTlT0VbuXR6EPuNk4Xd5tu46L0tae+3ponWQ5A78j/2u+GNORPK0cNEBBtv7QF1a3nY6C7Bq/QeYef0IHiyVZ0NTe05q8WGiw4Fs5HESKq94s/qCmZQJ3yYZT2rIdohFh5O+M7n68tQz6cXFum8wnC7KHrjfQE7u0fANS8bGJi9jvarM/33MQxE0vNhwZJksF+gBIoKb+jLhk+wxscA9hSkwsbJV/FAdgEHy6Wjb9BFsvF5zxPON1JJXRE0dR0i600MMRbi+PTtKWxPkOK+1U088nAqN2gLYd0SJ2yUqsWYew2c8Wc0LHh2HOpX6tMWh350+5HG8uzF84qjud40g55vPwA7h3YhDo+ECKuxKJIQCO/DOnB0pSf98fyADt8L4PfmzZSq+IVWdDfT0e4x0Ke7hg5katFcnSc8LXgpLrZcR1/6f/Ceyc3QNKIQTosc5oDOyfDI5Rd21z+CbuE7UPLzByWVC1H+ks28+KQyhR4sQX1jdzJSZThjKcRi3IUHF1bQx6hZkP/zPcn8/UWp4yXpbMJBlvy5gGoCJ0Fo2mkyOD2Tv7eLoVSsOD5Pr4WU2zfY+YcrXe1YxjJmTWS4dgq8GeVN5x8pwqNjtzF6vi1neIqxET2Gnyfucfp2Efj2dCN5xc+AsAALePjnBn5t7+fmd60U63sFppyMoSg7HzyXKgPCr67iyMKpsFjFj/OdpvLc8vU4/fE5OLjhLgkq5sHE6hd0LFOEM9cacN1WSVA2Po/e9R6YPXMrP7tdg9Pb/sDA6XnYf0wOTmdcoqd/JPn13mmgdseIds+OwN/hF0FQSAGF+/R5wfoY3l63HReUL6beD49pmaMBPFIaj3c7/8Bk/RH8pMUHhV+6w39uH+lpgAM/iIvBP9YS7KSlAz8Pn6Sza/M5YO5r2P5FHx+GroRNN20g6L4sJBR28bH9UaSZpQ65l25wiZc3dX+fgHKfLnPaVTOYZFpHvaaj0W1TCm+3b6F0UQWYlRuHVaNGwc+KBj7dmsVKEvfJd/dbHtJczyvSvKjs901syCUw6ZnNFg37UF7Xi+j7bcwISeTdo4xoNLiydsQQDBxeCqLSqjBtrAIcfDCOdwkfwbUPbtKsS/5gWHcJMgp3sHqcD5r3rAQPKSlYovIc1BZ20GfXLtjxaA6U/FRjYX8XyNOVgWG8ALN8plHbGBX4u6wD4jLFYZHwbLC57AuUm0l3Zsyjrk/3SCnUHV+MiQRbc3kwM3iDvQ7/cNj0PBoqVJJoqh75y1fz0uR74FitAtJlOry70AAsO53woJch7JFawclOC7lbZCpZtgrBuon68OfiHDA2KCbI1ITYCz9xtrAMCGuvhgK5x/At8wmN+5CFH+IeoXP8blhluB/dZihC1ehWXH/XDb6PWounjNdz0aOjsNfQBJ18u3HKBDtME3zMZ+sUYWUJ0ienzaC0t5E+O1aw8McW2r3zHR4w7iHr7ZI4Mtgag85Kg77jOOhd1MP+cavYwUCPXh5eSztCImB73gKIlzCGnNGbabqUAgQJbiGn7mzInqCM1j6WJDYxircXPYb4NZ9xZ8lZipZzJInfmvC1xg4Olt/BAmUvum12Ft1uKVJTdBom2G1n+8uWqLTuDb97MgUcdxxAz7wCMNNNou8hjVj6qg9zfQ9h5q1syHi4F+dlqJPkfgbbyQPkYFHGogJTKHfBVUixzsfwed24VzAWvoa8hpb7A3ii3xi2x0rwgHgOOrW2YmBEEMg8s6dbmRPpoucb0pUsRoGKYmp7A5CiNRdkPPqgVHwefG/qh88HjbBsUiPcv5VCinM3QFzeXg7fIQlz08djtftonBx6BH0ax9DyjdJYv6yQndtF8djKBfj53gHM7pKAkeGd0LIlmn522tPHcFGYdLIQ+G8fXb4qjlsMn+Ke9Mf84Y40jK8v4T9jRlHbPyVSU3gPbrLr6NvgGNjoJ0OOHfrkn7YXNzurQmCBKr4/eIpNK39g+NBqrCs4hlO/70XHtSJUYJ1DTwI0ecuu8TB7uQab//CDOaU/0MWsGf133cTcRHd+H34S1m7N5ScPe2jpJwGQSrTmmv5ICFmdT9Kmzlgf9oilr3+EPwPfIaryDvU6T4YbrmNhgVo7BAhPgtpDqXRj2zt4IRLH350Ow9+XijS8RxgPT13N754rQUZ/MVZv6aHk8gpa2KoJb+xlcfs3MQr2WE/+nxV4jnAlp5hOgAG3Gv5X8YzcRu3Fgq11MHL9OXj0KZLXCatx1b4QPLD8GylriwO3LcRHhTd5cmEERR/P4LS4IbqQMJfThc9wWoIDBu6JRolpMvBATA++S1ujulYVfHSZBValBvjEYBHNCV7FQ91aWHI0jL8pi8Oh1kMkF5pCT/c/ZMXi1XjBPZNztL7xzqmHoLLpHEkLVZJDswasG7gC40ZEgc5qLfBt0ORxLpdArXoIVP3KcKfOQzybZMaLLptAqqIi99psQFvpGqiPkgZHqbGcovQOi38Rm4Y9ZfU1hRRhKwPHTU7T1yu/KbDKmSLjA0mgYx4kBaaTjqAs1244g8Ljj1KhlwjMD9mF1icTKb7sFL74UIHTZPKx1OEipKbs4sezHajl1Gus8RKHoJ6LFCe1ClY6tqN/Yih1pzhAW9gnlkjzpl+eAbCs5SLVL1SEe3J7OXeHGamEx8K3jOUUMeyGXkkhKLa8BTtEbXjurh2gkjUa+LApji4dxjNmNyjPrIi3NKagyPN6LHjdD8FeM/g9iuAjOzloKxMBj4+/WUjzL4yKFIaYsxZoExAKO+APasnkoe3yz8wHBEHBYjsc/HcSLY7uR5X1W0HzeDJV/jvNP3Ud+bBrJpyJfwA7EjXgW2ULLDnjhAntGig6eBlvdlXzutJ6zJpfgFekjtFD+21o3TEOdn/34BSZdnYWfsNz05wx/FoESJTGkpOAL5rHhJJUZDF+OmIKimFPedItczqqfY0PSTZT8AVftneS4/+EhbDH35cUzCJp8YAKjBUwQvmyU6j3yZbTNlmQvetEXla4m8zHSWOzqCAbl2Xy2WBx6L93GY1sduFN4Z+4QDICS1/OBQd7N1Db0IeL0q7Q2ElbYMU2c6irOkkX77ly6sdUtuo6QTraR6BV+RiEvDGC7A2h8NN3kCokteCd2Wy8XjED/pMyw/oAaXpg+pt9tM6T7lhBiJ2mhEEOMZx4aQqcfDhEHZVS5HXdECWEO7i6q5v+haRi+VMBdPFYSw8nDpDdDYDTmhtQ7ZgYRmx9S0+eh9OplI0U/8QWzs8LZNNISTj5JZaNvyuAfvQcXia4lnMOtOLZBSPh5hJtimsIo+RNqSQ43wo6XVZQe9QIKMTfHHrOAKYZJ0D4jXMk35gPsQ72tOrkR/xQe5wizeSh64oRWCyfxt3LKyHFbjeV1tZB5cshNkxRw+KqFxjT/IitBvSx84I5qEim4NIV2TRxjQ8s3E9sdnc2XkxWJIlmA5zvUglnE31Yv2oUaIiPxY+ffrNJz2k+UKdBn+7Hc/bdzzT44y9brK9Dvbv+xIoI2bU6lOYyH7U+ZEOhbRMoq9rizt5yVD8yGz7aV/K6iee5cb8kvBcYgozH/bDviiCfz6qnk3ejsfuUKeekCvOCa4dAufcxx+ycDjc3TOX4f7NZIl4Vyxet4qFFwnjd/hIuXfCMrsgkQtBZdS4WGAU/aS+8L8/GeMX5vDzXik9pjONYDwte77MezsXehSm+++HIEMHP1w5QoH6RHi8NQlXbzdj4azH1bLCEDNlftM6iHqbp7MODyjpQ7HAcV6gJ8bnoHzjqfhD0LjhKcX6R6JmyhAbv/KY+8ef09644WM/Yyo9+rocrLa140EKNmrf/xvY1a0D8kwaWRcTwKR9r2jhFD7IdpdAlywrvvI7nOr1WfHtaFf7bncHzP16CS915dH6zOWfs1YCQ+KNQ+FWZmwqSSCDACuQn98CJ7kR4PiOTRIuR3DousUmkCuTdmoB/bX6xhVgbZYf8Bd+PlbD9/kaSO/MQfvVPpPa10hh5ZzyMeC6McHsOauzyhmdjI3j7xVH0a9wDcv2+hjc46ODeAWVQM9KCT57dBHEteNtSCWJqTEDSxYvNfRywbMQFPHdqK/o0jMF3AppgHH+Ya07HYIDBH1yc48e7XkzjP1Vm9FY5hAYMAzE//hVG39aF0LqvOOR4gZf5DdHTw51kq6IPhtfn81hUhKYrcjDrVxtfzpcCp4a9PLZIkIvPP4Zev1VocX4F3Jz2hguL5sEX2bP0cqQqLNGVh73yS3FzyW3uTt7DdUvj4W76J8z+mE575ijwo6Un+bSvDd2uE4JvXmKQ22IIgnP70H5sPjfO/MP6J0JwWqEKzLTrwEt/rNDdzQC6aCLtlHAndztJ4Af25K0rzNcfSbBh72ZcHBMJakVB/PiQEOxQ2UAnb1qzTe4pSs8ez0LO99m5PgHlw4XIa1ELT30+EVdMMoZlvwA1sIHXrKyHQ6M7oVwwj+72enPCDhH+0ZkLdibl9Oq+OpRkPyXR3gFMinUnFY9p/Gj7Blz/ZAW1TNgDBz+OpDUT5kLPjzHQU/OChLRbIVHKiux2F9NdoWxcPyMbT8nqgWHhNVbLFyD/maogHxOPRicG+VJREE9/LoqTs8/jVNNoVIiUpLS+7zwu0Q0LLBk+Rxvh+48+5CTZRQtixXj6s5t4YIwUpaz8jMLGYyHmYzX22spB2XymLtks+BxXQT0hnmha2MZLlIrgwN9Arks2hP315/hhoC7Upn+C4tFCXLtoCtg9FsGGzWIwfHQx6XW9htj0JTD21ACkDGhCT148FssL8xz/GPo2rRgSv+TRfTDhD5dm0TqrTNA0GIubbkrCq6khJGWSjmEGRfDI7hZWH4nhsVGbofrmV5rsuAomCgrTsQeysD3zHCKfQ98xNlSht4OejJkPeyfHckDPWig7aE0iEvIkqjgT/g1Z45P8Cr555SR4bf0Fna770OCcOU0oWIVy5a2c+mkdSbuZwq2nJ2j2kmSMzv/MS2tO4acZV/DtzMvgdHkxDgWXwtTGVXzYYRKE3MvHveNS4FfFH1ynOpajtt6DOPcJuD8yEDPkdnKUnCCE1OqD75mNoC3YzL8W9uFxMOEZmwYwQjcHJPaWw7FMFxj1pxpXSWlDntwf2lS2lM48LqM/46RoTsJ6em3iQ08ezaAj6zaAmHY4+A4y+NiaQk2yNzrv0MesrXo0XGkJzUsvk/8tL9b+7y3sefWDZJ/pwmXpdPYuuYS/35uxlW4DzJ5vBxN9XsIKu0bMupBFSfPe4JIxSqArZcmNSxxAPmARrJ/zmy7MyKKDLp/QMtcI0j30OXPrJniwfCwsqguF2AXhdF2+kxIWOUCS+GYaknzPHT2mFHDfEpu2P6Hvu6Xgo5Ewa1t5suQWI1p8Aunpivv0KlyW207XgeUFW/RfJw69u+Xhrr0077MIQt3/jOhInj+9yC5DfpiEEWHB3KjQzrOORaHpdgmYsGcW7slfwnl3w9lgKbPKvwyqUrvClife4PuHWdTt/xQLTgD4JC4Dzf8auMheFWu2zkGZ2+lkZnANfI+8gDiBbTBQf4Z1ZUbAwXeT6eduxpuxgZwb5Eg6zhL4Zo8oJFZ94EmrjuLlw9Xgbz0eypfKkvmfw5wUXAsr1YQxdeVsrDJ/yHEjbTHpyBI4GqFKzjLSYOn+GEslXCBC9h8ERtykWXr7yWq7D+eIN/Pi2e6Ur2+MIq91QHx0KI/rbwCzTbI4e91u8h/5F8+PeQcDOhWgW3iKEgtEoXi0AeS8W4I1l9NJ9u1iotZa7kzJoM+HrSAvthx2XNTAD1ftud9jHCQ0R/KD8iP8cL8lyDsOgLC5KFXMrQGHOgtwml/NVjnK8HWbDtS2+bOL702afHoi5hZcwdu+Q2hokQbKvuYw/9AzCH1xEDtnzIClD1awatgE7JSeR5Z5j4n67nCvdRElvE2AgJ9rQObqPDBRQ7h39wJM015NEcEKlBkgSBFy/8hQ0Znc/r6A04/XQlZLJz1bpgd9tRthz8EdZHlMGKSWbuQel8XUbCAL26s1cam/B02IH4lJkgSHNdphm4AADWr2UkGkDk+5WgqlLQIw8/METj5fx6diZXj7GTXI9H7GO4wXwJeFq7HcrIUijeK4L7YdPIKe8r3YG9R+woZtHNWhccEBKtLowYbXDFMyHTBoYgNZ7lACjyxnbv+7H0s7heFFpwmIxX/gms36MKYjGWULvclLQYnlgjy50fcXvTMzhTszRqBguyossLPiBcFVIC72hM83BdIR6TxIfpRHcfFR9DxlC9uMqIITg3KwM7GYgr2LQeJbCiz2VeXjiXl47aIsjkuqoqnF+/DaFUWcdE0Ltu77SWeMJOmRaSqrN9ykY9WXCS0nssuzYR5oksQydoPefF2QDOyERZEjYVCjCGIHD1C77HTo+J3Ehx8SKaabY6JzKY+9Mxvmmn6DkpGNdKs8m27KXeDnbgV8XOAiruubTid6v+KU0aqw6bExNLr/oo9q+8BBLhWmRU/ilQcr2dvrO5eJGMH4DBNwMa3C07HisEHYktr9Cf6LnUW/NLvpe5ItvSmygQeNq0B6zz4UdnaGG8MA7wqEQWeTDFxcZMKnrx3m2i1RUL/NnDVCDkBywRRcIylBI6vFIee5F9SKBYLdvCgyFRTDrxM2cO58dfio08HnJExhcvpeXnvKDNomiOG1I5Px6IsBcFFeSz2pQnSqtpvPj7oN1rPvU/WRG1CwygTk5nniBI8R5KDlS64lpvAiNJvuxs9B5Yz9UBI/gW98yYdVt4zgWpUfmnrcovV/v1L1sy1QeW0eu5+djJNPpPCEsfngd8IbTUeIgv+hpazl1Ey6eZt5MGCAN2na4Yv/nvCbJyk4p/8hzZtxGMoblOGzmRnX2yzkhR/3cdTdOJpb/IgNezNBxjGGHfueYEOtMvgMjQIn9wXQGS2B++48xp31GzggRZMN8lbSzwxdysQrnLM6k6Zf0ISB6Ufw9JGtuDQpn+W6C1hzZja/G+0IM+yEMSN5J1X8m0sSKaaQF2BNwnpWZO5+Ds2tm+GJkRe67Rfia+2adGL/dGoamMtWnYqwXPEn3JixjJaUtYNv80u4/v4TD5x/CjeoBCdgJH/+0Q6/N6tBVOx1VKvVYOn2L+jbUIz6XdK0viQcLq+6QXKfx3JE9hyM9pwElxuugli6HexR3gCnrliS29hNPLxmEQT3qGFcxDdsFPOifuNJ0GERxKtP/IDMwK989X4dztrymR8rnUbXYAc0/nqCm38Gc1bvWKj3Xoxw4Qyez3+GoSm28E2jC08E3wan6ErwHcwm09LD9GtQGPxF7pDWj2Z0Gswi/7fzuXv6Ojy25xM46GqiRGgk56nOBll1QTDXm4JxAp9wo2EkX5J/TTbmF+H2t2/Q1jcK/xbkUsCrPSS/SAiyV03GrtXvqWSjEWyte8nij2aSxfoQTBqdAV2nhLh6xi84O2QK2x94wuEaOTr9LQHuLnvAaTuWcJ7fTHh8Tw4uTH7NUlaL4Rgpw+XKTv6lLAWW+9Jp3LUsnLZPC71uBbMuxWFKQReHDSazTZEwOJXfgv4xfnS9Q528fwqQ3vllGLZxB0gnudKexLGQl3yAB3pnQ0xhCRz3vM1RZsm4s8QLFbS9IXTPRyZre9h7wBOb925BTwcBSJ0VBn1tzyHr8VgurBRlVpTAqRsH2cjJmE+MWE0ykkshfKc8rJnSD7vEVpLbqj2Uuu83dpaWUv6keH5wbCaslx0A6nODKCNh2C0/mf5Z36fm5u+U9vsFbDsykz9e/Q4pR3zx4oTL8MbxHurF6IG+yW4UtG6h2WsCyf7eBvqdo87Ll2mivb08d8jmgKrKVF69QwxaNVfDHaFe2C/mRkoV0zls62+4uk8JM4OtOHPABCfvl8Xe8FGwer4Whcx0hmemdnzu9lN45S1HJ9tukLKlJR3XsOXuDfNZ/sNs2H5zHf81H8SL9cDfo4th25l+FP5QwgbGt3izhAmOOjYZVnXpgHtfKNwdFqEdgdnYLjePhnOzebq2IWzbKYOpJVOZha+jx1cC0XHvYa51CcjcPgx9UhMwUfAIbH39EXOFTqG8wEW+ODmTnPSlQZAUyXh/EJdNTuLOJ5W8IOkJFOYcBpNrz8B3+C2FyqvyNyVNMJuZyW3VRTzU0Ad1U8yxqdyPQk99wut/nsF/n2tBevEcvOcpA31G+2j5jSz2rO7FSwM/YO1XBmkNa9aadh2n7GomFXqGzSO1QO+gHfyy2sGj2ldS6al1+LzzOUnJfaU1Xno4wbUNEsqjyLuMIW/BIfINF+YXxXmYOL8BL9pdhIZ4c/50YphMmr2hdE0r7YkTB9fwEkxzrIIJG9z57rU60LeVIanTxuRR/BpT/irC+4Yi/u0pBL6nFcGtNQL2C86ifYb7UfduCXvuAZgTuQTDVjvzvPWuZNqmDEWNm3m7XAhhgifO8RxNEGZPrstV0X2mEJWpXeaPT+eCeIcuLDcXhMhlwD67nDFmViVW16Thg8sDWGJmxfkb1SHhlQLEfJeAJyrAiStm0JxdF8mnZDPsPe1LEaENeGFFDxqZ1nD9LUW6ZyMJvqFLqFrJFpdv9iSdkvUM6lX4Z1gHNf9Twg6XP7j8Qi6MnjMK6iZr0rrXClS3rov3Nvnh8ExFup/UC2tjkMJG3qApKd9o+kIBSJ+rjac5n7wzpOGHggaZbuykG5Vl/PVvP4e2f6CWvkpO2DQVpPOk4LC1OPtUHIflnqlkKZaMdnpeOOrbMYjOWond/+owOkkDQgZf85ScJTDg00nqASG0UHYlT3yWhaMNlHD2LG/yNB9m32nmIMp7OMhaAkbIvqXBEzMwcelnfP+fEuSMn07i3ys577APrg1VhAUbaul6Thf8qXpId7Y68JjoLSgy3xpa9e7xJV09eL7+F1abTgUNH0kUctlL91Nm4YYmIeYt0RQQNA1uq8+kdNcCcgpZyWscEIaq40Du6FT6HhJOhSLucGDFTrI684fEgpQ44u4TuF0oy7qKI2Bdcw9LGb6j89PfgExTMw31nKGzEwZobIoiDLenQZjyOPAjVVCSfQRBz11x1863cLUmnjvOD9MV4224M/UqGwXdpnEJw7hdi6DtRB0NjIqA8Sfnw7JJBrT1/UXMEBuFTUbB7F+SCK/8N5FumSyI5NhSuq4duRRlYVdEIaQpmEI3WpOs+Qg8PzSNTcscKcJtNOy8Po4tPheRS4cVWhw6wz1Xl/Om1Tdh34F2nHT1DM/90MvfVsrAYUjlog1bYImJDAUY6sHRld/x1wknrqo+xnIt+9FgVyMZZhvA8rQ/dGkpcmTyK3y6fzE9u70JxthIsNPoTOr5exYS7SrY5ZwczPOQg8VtlRRQshu1H82EC+yI+5qT+W1IEC3rauGADklIOD0DDEXbSIJ2UOTF7SBYoMjvV4TxnGg3nvokDU7Lv0SXm+5cs1IdPDY0Qf3UIegpECX3V+94xoV6rL/qgSNLmkDH+T9K3T4ON6/XBmnBVv4+KQe17C6i1f6x5Kz9BeelMi8JkaD3gn34QWgX3IpWhX0vMnDguik8PXiFA8e04QKLSjpcu59br8/AbYmv+EDzcux5IAGKhwLhiG0trhQ/gtf6Q3Hb8EWcLv+UbfLreWzzP5LdswYXnpaF3W0VKHXUFitklfhfQQk/Vc3C8U3D9PSqND46f5it28fg9TfqkJ1VgqFJayjZ/gKf3qRLo6Z4QnjZERy40ATuBxPxYtQOWvNMCU44O6FO7xXw/s8LluRuBSdFgFGR8/hpxXHWepGAVks/4LTNU6Bx1gEe82Uc4a6nVJaQBhV6a/hWxyusHXyCfo8XgYbTNHp2czbkzD6L0zX/oGPfdtxXvBmdLbIg6EYu6dy4QmuODaBT4TLQVTKBRe9f4NvEuVTeJYJ9uhKwMC2DPp4V5xVKX/CMliRlaRxHkX4dWCv0izzu6nP32gd4a4UXvdk1napFz7Bo5hR+PiEHZsn95kH3UbD8YxhXXQ+DffN345MqR5Y6qE9vDwox+rXQyAOmaJvmA+OtlKBEow4PtbXxhpx9oBnVDgcbpNm17TbrGEtAcP8tSC3cTUWZ6nBSXxJFTMfBschCXvg8h16CNjWEjoPM+R2U+2ASluz7RjWaY6F0hg0fORrCsw36ofzQLrDrq4DslllQeTyBbL2MUHdEJ2r6CMLiRwu4pOU2uL+7S/OQ+LhBBz06rci6AbNZJaMYo/yFaJOcIciLnEP1qyEQmVeNO7pvYn34OlxWFcWbhGPpS1EHJVzbyKNmmYFrkCvm7/1JLtf/4rClHrjuf4eGc5KoalQbqWY24yozJ4i9bwpm456x2ZY7MJq3cWDYQpLyToDeUg2+uTaQ90XXo/osFxScIA61GyJIunUjZuQvBI+PyvQrqYh7L2+AGa1RtDmknmxULFihUh9srYvA9Ig4LJJtZJWsYzRytSXmuzvy9PVmsP7OZbwqUIeLOkaAkd9XuCF2iR1dV0NfvzPPmqZAajsqaOE6I1JZGoSh4cfh4j8peDe1EX+qO1CV4Gq+M1kWBDK06G6rP06YuIzmRK7k56ELOWeXESg/vIBf4oxYQciRFmx+jooDL/n2ywb8O/4D66T4w+uoTxyTqgEb2jvJ53Mh8/dV3GJ4hApU0lh840tU8bYi9Cvgd8HvMMpSGX6enQaJ/s2gNf0h665Vp8THDTjCsp0mjxmCfV7v8IFAMLgenw2z7iSA53AtjNDYiZe2rgBDcyu8v6+Dvdct5pS3x2nlb1e6KmoCpxJeYJlRFV3SCGG33/rQELGUZAZnwKewJ9CeqsIPaudg5UpzCL0TSs/XSoGWtjIF3RWDJoXTkDVfDuTGzeJN/5Zg11hzUBxEWDstlN+kPGZ9HIOLdAPBUTqHP230IvHBpRju0w6un7pw1Dh12N4rD3fNbvL0D2u4MaOFbbX+4nHpnTC/pJPl7mvja7+fVPIS4PZHFWh6IkGLlz/CjyPb2DzLBSPjclDqixBz+ALsn7eabpEYLBoZhMXmi2iPkAmMXeHKDtdc8JjmIJyRdYfltxQxYtUaGlSbArN/3SGlJYMoxFJYUkf48dEeHhehwzY/N2CaVCkcEjVCNBGD1OdW3Bg1A0SC5+DqZldK4lYwK3hOY7V3gM2GozRyvRJ1uxnAFP1B8peYCwN3BeDqiWi2Ng/kXS+XgeLYOxz39T1lXqjieYEqIND2j8aOS+B3qWaYqakIj2YOU9thbRJ+/BF2fL8CG2O88OkOaVDyMUEXcT/wN9Chwl0vIEdvPc3pUOI4s152Gt0Bqn6LUHqEDMT0TOZ1Nx5h5IxmfvysFcpzJ9Is7bG0a+oT5BkXMHpxHs18KAbHvrihrvNvmHGrlTUeZsDyG8FsubOc6nwsoCzmNp2LTuS76YqgMqocrg5v4X0qmTS38AbJddvwY85CfdKmarXP1KtsgwnlAnDsy0V4dckBe/fl0fWJZ/l58k98YFgMU6f9AOUTn7nJZgf1XJ4A6oHy5GJQjF0L9tFr5yYIqFWForoboK55BNINZdFG+jkJTdKDlRXlvHv/I0wa/Yy9K06zcakjjDq1n4XLN8C7I51of68SpZQlwTC/F+4/98SYDwKk9teOns2uJu1PJvwgRgIvel2He47rsO2+EkisqqC9PVK889og7Hzzg0KXArzvaEfB/1R547XZ0JwbyJr1ChDyZQ2bvSrgCUYJ/H3tb9zjVsWFzka89kUZblxMoODyAjaK6IBFXBrVJQWiUdQk6hr7Geqct+LL0nxcJi+MV5/oQGj2FbhSOQLMrpRThtw7sAstgtkPgaddX0wvLMw5pS8Rjjl6wmfpC/S1cgLEeWnjivwuWKmpR/vmjsGta5bDLicX3lZ4iSp+daN5gjt5fgW4qVqF4jeMeNauNDT584WbWktIeYoGBOcagmSpKyrOa4MP/SagkzUSt4M6WY+5BPvchqjsWitpSoewnmIobxsIpcSjOvx59BSArAGO1wwA06Rm2DotFGJZgDyiT/Ln159Z5k4QW605iZtaR0Pj+O+UdeUZShx/hy0B/vDDbxDqds3F3a5GVDtimNwOn+TNb2RgfUoET4QF/KztED6O1OTjDzJo1w5lbMslOos3WLVhDuyplIIL59250P4sf8B/8CHaj14fCeLO0+vR9cpCqnWeggd2nSMtnAmuUrEc4rEFkrRl4UP0GFAMbcL1547Afi89qo8J4tMmBdC53QA0zO7AY/tTOAdeg+KyZEhNDSHP8JVw/8RyCJ28FPRqq5mPi4PmgbkY+y0S18ae5y+15zj4xkL+kveWX5sbc88tQ9ZPfgv9JcKQ1lJMfjot2BuQjJceHqXd7ou4Id4HIgee8n67v1A5nEXDMqqQseQ0aYx8zk4JS/hF0VVQ0hbFXPOl1PZ8BD9wXccGgz8g+648FDVq4Ht7S6482AaS1togIlIKUwuL6OCp6+Rt7g0VU6tphK8ObMqXpJtFijQsuY4EQsdB144tbDUphAvK7Eg+qhkWhK/hsway4NJ2C/RSv4J8yicwlPiBJyOasfnrLuoo9KGeyGmgZ5VHiXqaYD23gDYH21GE3goWUkhEqV511nbNwoEgBQ533wAtQlN5zpAmyMf2YbXaQRTOVIGEnGt05fEDuv5UBu/VSdDomhjY0OWMiywVoWurBnfE6mCk9Sws9W0D9Tg5MLv/B0fNVQaXraXspTiES+MVIf+DDe5raqAl0c85JL0LvkjOJ8nRTaR4qYK7d0Zyn643+cYIw2nH++xV+5XKRHZizuIWfP+2ge7ZyUC6sT6ae2hQ3U5djJIVgqitH2Hi9ETq9v2An4alaEzPJNo5cxGtbRjJD23vwPwZ8ugkMgIsJizjyy75dNh4NoxtukSXXRegqkkCSXRk0nnvRr56VQVGbRaEgbzHMJRqBZVTNhLsvY7zZ38gOclZ0IZa2CR6DNBShurOTIDJmz7Cn4ybPM6KaPqUv/RZaQQENwTSvE1xaLN+BqUb5/C6r2YwZ8ZCeBbkAZdtRvJJ4z3k/fci2R+xwi0Rm/jJxEKwt38G1objQDPnIezoXg+3g59zVEkB9g2FwYh7/fywPwda7reBeNA4fqEgC5HDdfiUMrlhfTB7aTyhl45pOM67CeKce7H4UDVsbrRAoUs6EPBSmHIFj+Mir6X070EZ5vSZc0vhdFZaWImlofEgmFgKSaUKYDFxBaVuEOOh1h388sowyh1hxkOllCiSjVP1nfBs0m58qm0OGc+W0MdRy1Fk6hw6ESJAO8EIbD2m8f15mfg9XZrNLzMV2upDceNRUBr5lVz8YzF3QB9Dpqriaf8O6oNcbEvvJwmjThzaLwbn/7vJYy608bzdeSR+9jgq/B1BsY8NSM7wCEnwFMyaJwjDXgIwLOhO8jVHcWfLLY7+sJT8xzVz2NNVcEf2Bz8S1ofC3TbsvJvBrb8FbCUkYaqlEppEpJJa4gbW2SoBunH++LXtG095uh8urRsDPRH9vGR8NI/oX4fTroTQUVURyDnWzPr37GF1sgO1KPjS+VkzYEC6if1/WIBs3mG+J2FBuSmxNMo0imwbG/GGtzyfaC+DE38FoXWeI48ec5FO+Umgb9062BkaRtOzTqLkmxFYduk9ergoUbDITHgjPJue//iK7073466vdXBkVw233pMESywiR9kl6LD+G2QMmUOndBJrQiatVYiFve0j8PYjW1aZspqn7LAF/KkGZ6WkeXM+w5sbG3B5zkF8+d0Yz1zTY1Z8DUnrSnm+5Bx2S36Fu2JOc9ITKUiq3AlWnr18OzEXna5MJPemLp7qncwGqomYrDkLegvkMeuLJPjv/Q5FwxOx49RxjtEIB5/N/rDOZpCbCrX5i604bR6rjEn5ulBVX4sqjn6oK9MEAjWV8OygGT3ffY50ZohQYcAsaluqiSOiBUF5WT3dPNPO6YP++GrsCfYduE7Jyf6YUxiF1xd8h7MfC7Hv0Bi4GreQKjod2bF6Betv2woVduH4I1IOs1+OQaPUxaD1IJPn5xrB/cEO9jh3Gy03n+NJ/2Lg5R51tlobyzfq/Chbrw1WhXyCW/2GUOoXApekWlli4WH8UvsZ1ty7jaP1pblg7RsQqTvJVvNtyCR8BpxbEUmzgh/i26yZbB+6gja+/ELqTytIcZU9pjtbY+zaA6AbOwEqNJ6Cul8lRzldo7g5lpS99BYpFiqg9hd53mX2hAMNf4HMH0WgYk2Yc/Io2cgdgPLFrbDV8TFov38NdTMu85L43TBXdDZaRk2BsitKoP9qCH7L+OH1y/vZtHAjJt8/Rpf7R1JT4Hq+Mv81G3wzAaGWkWjlGIThi07irP0KiKOmQPghI8wBU4x1I1RecIMt/yCsWiPA5T/fQDccJ4OUk3BzWgYsmudCxjobeX1LFNbLpvDUDwhq61exzp9CGtC7AIEXVuLMUdvI4WEOHjOLhc2bftKJtpk4xkcRrC5M40fdE0liyBHEfzrisfO7MPpBDE7NyCWnInW06w7EMQkioF4+D8u+V8Ksru/4sOQftwzuwadnH9JwkxeF/HpC7/0MccdqaUjv0CWPp/rgXpoOlU/KeaDRmNRSB7G4whw892fgJ+e7sMGWAT7Ww9w+Uwy7eoodOB4c04pJrGIbp9uLUs7BW3Tj61mMKROEwUQxbJVbwt1uxTjzwgf89Oo1f5l6iIIPX8GLOoJkX7OMJnmYQMfTRSS+1YYm+77gI4szSb/5KZn2/6SJoe8w4Y4mWUik4lkvE/CIXYCSx1Vo2advVHfZD7+uKKZ1op2YfvsnjWhcA12b6jhspCG482I+L9hK8TEW6N37CgzfOLGhegc1nLoMUmoK+FLXnUJficOoFVJ0IfU5jws4AX/s99Ge5w94rmYKlvhGQOAVddrh9AdK748Dr4BBfl0sj8feHEJlpSIcezgLC5y0IFVoLcyz3w4J126jzW8ZKJsuTg2KolC2yodeHYiHO7tTSde/gM7LGrG8QiG1LpWj996zQaReAGtvfeHTfhGoPhSAW8fvwqqKeBi+rwnr2mRQ8LYxbHooD7ds1cG19z301l3k87uSsVvCBlf7nOI8/obeN0phalotVm9TAJCsBGEtHfpPuAuEXt8lCbjMilWDvF9KA++rDdPGl1PwwWMRkE3bCftFrakg0Qj2xwXADLtent/QwxNXDUN4eDIpZ/dhUqMYxN87R5atp0hsKAIV99ryqtsm7JBux683WWJReQMlStSAxWlTSEh+zsY1E3Dy52w2nOpALjlPeKrlUT6zbxytfvmaky0KMd9IADyEy3jdnTuQ0JLENicbcEhNhuYv/oQxOf28elwT8Ih+vCOqBI84gGyFCtjyz3LetzecT1YqQUJGI0Vf2oXPHk2jYc2FuCh8DIQuW4eLPzXi9PaV1DXej5UNbsKoGXP40pccUHCo5HvOnhyfPQl+hN2lLf39nLlTiz+N7gShvdr8S9wJR2/SoOWfk3HnnS1k+0wfRL/rgPaBegjKVIC/8wGlXm+DpWsGaMy0bPpmt4L+e3GLnJZMhK6fP9F/mx9nvR3Bh0LseG93K6u4/E/cfe6F4PgLAP6OtFC0JGlpL00pkqSsQhoiMipNIyNEomQ2CClCQyWKBiJpICkUKX5EoolIoUjpfM5V/O/iefdcYxvfxVzs+IQzrIpJusoEPoqkss9hadzgPsjKJtG4ddFdDDMxxca+W/B6dS2uvdLMcwzNAfK0of+mAD48N48vXr/EjSpDmLr/NG7zsAZTbRnY/PMbjN5vCSGdKThTUp9Vn6zimz9+0eCZs+gcPhOcCgxQS1eEUicIUYbjFChzUQdDu7t8tvcdB72XwbzjMZC+/hcsjynnN/6WuGLEC9o5WQhELk2gSJVysLEtxwfmI6i67TWlrfsIU64lYPqwBusrOWM9asOypNOodqyWZgWdwsVznmD+JAWOLznOn4S+wcX5J8FHage0uxnBmNV9/Gx9K2Xkt2Hx5Hja8OA9/PuTBbdcvaDtrTX8ejCbmy0YHgX/pFwnPxbXFAXHgpX8LNGRKo16eW3dBfxg95MNrXbwEjVZ+BDhQB46n3DpTkbpk6tgnvhmbnm+FYt9fOiVZirueyYA50OVYMesPKgwlMfBjD88ccMMdjrwjDInAq4cpckmhTpQ9rYZJ8ePhpWuETjrdQbsTxTh5jJz2pPpAnrkwjzGGi/Gl/CBVdU8p0caRN4Ecl1DL0Xe9qDnIjv5gNdcTJUOpbIGAXacE4pmCaNZwtMUzv87SIJHpUHNehoIHDIDh0XvWG+PF0bmatJGiaeQqCwJ5lOk4P76eNiu9Rv75nuhWJMufztRB2KyJWQfk4ydH3pwypkwjkieDg9W70NNFS14/FsBd76S4KQoZUpv/c25rULUkvoT/oiV4d2csXC18AqcmrqPJXQW4JFlQtB5oZVCLLp5TOARPDHTAE7XRMI1uXFgHBDFkfWIorFi4FBvSEVCFZAkZs/+nu9p3+RNpCNdSBJrRkGUXx3vEL0JQfcUcVtDNnsMaIG71yC2P6yEKr3RoB6/H1USRGDWtW5Q/P6BbpvnwInNajgkvolnPXiMB4QIt2VG0TmLH+AVMxb23oyHgRUVIGZ6DP8UttKx748x+cMo+hJhju2jWrnX7zsq/5KD/Lk3UPhvGzq+PcPWvrJ4fPt4vjfflfT/q8ADoveo8tgCnFitC8/DlMBRdpAjVdfwZStd2JtQDBt/LMCz15fw95gayt6QRoceK0H3zyxYVTuHxPZ4gvdtFZATG8VbrJeC27H/GEbuQqGYbvhiALDBTRC8qlT4g2MSrT72AuJ87oJyWjGf+9HNpXVP2dv+PFSvHgU/tCzJyiwKS+pzMONdMWxeEcaznh7F6gonlD+9lUpsRvLNNcrQsDUexPRsOKssClZ2aMBwrTvE9xjAFHsf7BT7TQntJezbpAPPe6fwTO9bNHz9A/0Xk0CG6b9w07dVKCGEJFl1iHiWHyRtN4ZAiRI46HkR1PdvYNMXGby58SfKZraB27IaPKWwF33u3YBkA3koXjQAWy/owhtA2v3BGRu9s1D01l1cYH6ENGfPhhMSVii3WhlyvCyw7eZBmpXXBLvMn4JjaifPkLpNHy6I4ZGJG2nk3ePY4iEHCyoyycHSmQWWT6XhjhgqPL2W59w9jBPzlsEUzASf3e9xyTx1uGJuQyIffcFcQ4e4fD3+CciHd+WCNNCdRP1pLvC6ZS8eMCXYMvI6vP7bzOOMV/A05yGo+ioPMk9tkePyyWaNLY/wfsnFouZw0u8ElqxbRa9fncVbm7fhLj9tWn4plDaNyqfeuoe0d4UWzR8ygsi4cAgujgMLz32gnDgVd6ooo3mtFZtoV/JTEyP+WXGZvp6eBPfEvnBFpATkNOyjKyrPIPbGZ1hutpLm3lBFxZc7KLZKlF/VGMCD49fAYtprsnxQxBtTj6LwGQHeFx+EHyZ+xvNVBXDr0B/8N08OPgmagpz/MGhOVIGIrloQCQkFP4cEGlB3w7GXbNjwkDrqhWjDzcUW6Os9RBN77oJ2+2Te75MDeZ/aYfCEIo9TE6Rn9hfZ96sOtPYI05pwfzr7rApu6RbBCC9VDJvbCyWwjJ6vqSTJ5YNcv8UYXuY04m3Pi9B8Ixu6zadSuKkWPzYJRNvNRjzL8iXtb/3G9nkS8DbYkVVmmLLflm9sb3udQtIvs69rCglUX8dji5/ROd3leOOLKFQItNHewiUkuEoEi7gdzn8+B4YavnD+XhH9kExn/8xLYLuawSx8ExwViWHZ7W/Jwj+bYy/1Q9XzR/B7qBL7PI5i9pTF8O+MAkx6Lg/z133DmYdtUblOAD/fTaKczd5s0z2KM7PaaPziA+AvNxnS1pXzmOZx0FYlTFute/j7ozvIv9LJcG8tzX0gSAmJOnT8uRok2WSQ4Rpxbq//gT4+FqApsho9plhCrvdkLPCo4xkTN6F0rT44ay8lqbciqJD7EmY/8YE/c6RogbIuj102nzrPIicKqPAzJ0kYuBaNzwdL+al4FWVbqaNG7E+yGIvcGfoNt9X40hH9AH5jYA7pl4LB9dpcXtq5nCb9B6Dz8wU+zfkALy+twyVGCaz/fSZoe48GZwZ+5d1FM76PwD77eiqQXQP2P/dwYds1mC2HOOKXBnqf1ILzcVNhk30MJ7/J5K9NifRRupBay7PJ/k0upvzxoOOZ3+C9hAEstPaCg4mDrKTjz/HoCsM3gyHoxFFYFEc0vFaTpKq6sdxaApTfN8PS7BPo7r4S4xZfwzviTRjn2QQpIuKMMXsxVjwWAy7Lw5jjv/h8TTY+WavJD1+9pyFRMdq2dTdoNgfBl//3enIFeoIw1J+Lhesye6hlUwYtGr+aF9xrwaDcdNBSewz2K1xp/GE1mLJDAV5PS+a9t3bAiMnvcffV93hihRqOX76I1q/rxbddx6Cw/zn/MBOC2uDZONR8BS/K3kd1BSKtLw4k/WYVCl2xxtWGaRCZ5A+ZwmqwM/A0WE1toBUDmlCVMhUcRihQw4aLpCMnTLM3q0HxmFFUNaQOfHEmDAVEc1jOKtL2G8Np/vdo3PWZvDArBJfbXiA34Re4JY1hTP8l3jMqC7tuauHKNTdppN9yfqKsQHk/vkGebg/8wEkwQUkCvIN9sXxPIHh97qKiwRUY0H+QuxsugVgG0YbNO9nCcBtnIkPqccJBZwFW6F2J4VGdrNP/ErteHYbfW1Zzz4SvdGP8E/b9JgsJyedR7VQF3b7mz9UWI1EF1tBJvWrelTYfS8JTIbW2D3zmqcH236FsN8aPTNWLOH7qdHp35DoIiS7ixe7PUeZiMbW7/+AHiUb/s/9XfKUKjtrkBH0Vs+BEBnDAZmm41hSDF3+NQZsIVdifJ8ZB2VJQm5nHR6N0+eW1GIp4u47+7qmFb646fHtWATREDWPGTjPul5KDR81FdLVzEp2Ou07CWbk0Y8cKPOfogZYituDbnIvqD6Lx12l9sDLJxjyrjdxsmw8FE6fyoVVNXFp9mK/Sanpo5M3s9IwHhBDEYubxjwcj2ML0C0rkGFLKET3waCnkv7V3+bhFMxxr2sa0dSzkLYlD3/vNYLLSgNYO38WUXg2SGf6PAoPW4rbyAhp1JxSUq0dD09txNPrGZxp84032ByVRxbkHznysBqnvc+HnBx3WOelC4W8FwFcuEAY+3+OJ97rQQ3II1SxrwbJsIVlqG1OFtSMeedUBG69oQEmoB2xZ6ImeSm/JJbwCPZPG4qfI/9hivgHuuNvJCdLiZNytBW9XiPGaexF0/dJceNErS3qTR2IGpnLYxnJ+d3Q//bUV4yWGQuAifIZkTKfju+yF/H3iavys+IKuTlmDh9zKuSijBudVT0ed/ClwQiybNSr1setnA5o+m8Ln540i3CxNj4zP8T7/lTjBPZK01eXg/bVQdLNtBCXx4ySWngIpvdJsdjIE7veJ8XCcBtWdz4KAx2MhZPYHMix9hKvj7yMPZUPG9L3ksdgdZnYcYgcFLfolZ8sTHgqCtKoUjRXroOL+NyBwxRY085LJK34Pa75JxH0LIihxahRWqgBEnHOhuTcrOTHtD5rm/4Hej418XFEBI87+w1cye3FEiz6M+W4AT+2v4kMZGey+r8DiN2VhSdAQr5jlyN8VzOnx50/44OEWypkgC53HP+L4ujv0X40fvE2yhlHa/hBYUc+l6Q+46WgZfT00HWeWycHEmD14PqsYoz6/pDGl8/Gs7yWwgbW4NWYsNR+zgaLYTJi1dAKYeNSAyvIClmk2wIiGlSSg2kk7LpjDMdsKuDkymM/fBlivMR3kvlzCt9eWUmWcNOj4FlK5lBveM9HlTkwmv64RNKW4jGpmjoP3i6PhiON0vno1Hh5YHsbdTnf4x1Z3fqdbh54BapCpaMKrNUwgJdMdzoWPxFHLpeGBXTTJj5tMFuENHH8rEj9puuK3Il9scxIB40QpOGMZDIGeudDlPxmW0B4Oc7GHz1tqYel/T0ArOA9in2vBi7Q4dJk6zIIeYzEjfCFMcF2Bz+85Q/qhefR7lg0H7MjA/WAGJQORpFAxAu3br5DTtAEclnPn2xuEaY67KNp37OfXFmVsMmgCCwvNyXnlaYi/UMWGFxRZttCf/NKqYWtWDbzxuAo2DZqY81IX9oh204Hz57Dt50pyNTpAndb6uC63G0xGDLLCVn92CHfArmhlcLzkQWo+pjxnUw/WLXxGP8ZUg1Z2O4foh6DzsqfYNnkjHLmlD+4OvhT9vY8VdsfQrmMDdHaSCZ7xPwAR7YepxFqOVmWpgq6nJoi4+NHqK6chKNqaDh04SXS2iTbOSMWa2f+4f+lsjAsvob4nk6B6yIc8j4+iR3K34LrNVMi17oEnOpEUY9YLGS6Z1Ju7jF8568A095/4aH8LfzAUovtbi0B7zmx0F9pBv3z8ebn/bBI63kPS6wxAcoofSr/YDVVfrOFhwCK0i8lB6ZO9GDzWFQzOnaGSpGBYGmEGsh+6+NSVSTR435nuvg4huJ4Hk3vCCceI0MonmnxY3wNe9hqDYMslNjxvzIZBrWQjlwpCy+RJUEYCPwtthy1TjKhByp7cxYzgqu0/0KqQQS6Tp0d1rvhN8wyEDjnQt5ZeNLE7iL+2G9GnlfowbucOthlSpK/Tfbm4oIH9SpXRun8Pu2ZOglOnMuhVzwdS32gOfYbrcNSWUxgePQdnG/tj61Njepc6j7J6gqB+ZAJK1B9iizQF8JU+ywfFUuCY/Tbc/K0TKp+ngPMzwh9D6Vjup4J7/ZNBM08TdtxUwx2PjdkhZA/6jXnMNW9247SBbLit/A0vbbGFsF1bSdhhIrxW72Cxl+nY0zMAmaeLMD55O8g4iqLsnxJO7s8lTbdbcK9cEgLr4kBiQB+qMstRojqERqzug+fa7/DbuTYu2WZGMbVqJGMoBbMueOLIi4mkrvKdm40k0Gi+OI4UPsjbbhxFH6sgyngUCef0ZoDqOEkSLnbnHfsvo614Dqp+8oCYXYm8p8yPjdVU4HCeM48DQXhqwChzXYBd41dCyGwpUF68hDZeHU+T1vZQp68NRDzN49nH5OHGHg+y7shHvYSjlKRdTiPTT8CdpofAPo2odPg+Jpdc5cGjE8Go9Q7Na9PGiXqlWBxhTn9n3KEPpQ3oFLiYl4wv4NSksXyzfhqMNw8Fy9PLOLRnCr1I3sI48yq+uP6R7pXawIDzF3If6Ka5imMgXlaKHlsE0uY8c9CzvYH+6S+x0ikL7I59gDh9HxSW+EvZnapgUdZJOzu2wJxVqpAW/g9nxsiRv/wRKKqvBlWlsdS0IIecK0Th6C1zdkw9S6XL1pPa2120WGk/Jh99gS/PVFIl1OPETUFwsVkFJPZqguJVI1puIQZnr9Vj36nLvOJsO8hHlvPgZR0qvGPPWknTYWDXbP6RL05Xzw/Q4uBBFN0SQaNTQ/heQBbLht2FoeRGTDo0Fp7tDmXJuAkcEL4Gtb1m4IhRwXB6UiP8tfMlx8b7oNTzjJSe68GdH0e41SqRfTM2YP3AK1g9N4wLZS5i9sgJsG3RV0zh+TAXpWG9dAXx9w1oHVuKff8OUrPEGp4+ypdPepxEMe9p8DTVAjftNYezDtdhtucvfr59K38aNAPBQi9eeXSIw5/9xbARUbjE2hmyv4yGlggt+q3RSK55xG3bu0gkuQ6ic0NpcXo1164LpsalN0FigjKc/tmCM0NO8oqaI9gj+pmbamfxuPBUvrJ9Le/TM4KQ9lUY4GkELmau9H33WZq5klhXuZJ3FjyBY6YTUarXBVVka2jRuD4+JacFU0f7gGV5Ec9R6AKrLwM8w7eOV+I5VhV14vI8e46dtwKHt4qDcqoeSvXMBacF/vBAejO2X5Rig+4jZHrgMo6Wusoqrpdp4l5JEB2jiwOvB8jqxw4ykU7icSvcecfGB5Qz+wT0zjrNiVk7SahaADb82ksTAr+i0wszFJJ1Z4OQTGq7ZQf3z4mjXXAJL1ipRBVe+rBbRxu687Ug48Jr7J2vzG+kxPlhjw5Xr5uNed0ClB53ENckqcNLJSFcXfML5AfPsYBNOsV5LiD7+kYeiJFD+4iRXBLQQbetLSFRP5g+zy9EMJtGjXU9dNH1DX7+aMwxmADnL98ihzEOsL9LD3aGylJCVyg4bQhlg54O+iljRKt+R4DuUzsI7VeBF+M3cdiL8eBdsRu6it+iz4JxcDdrBo8YM4uXS8yFmOn18GZ1JYg+NuX/PhqAzZjZZP9lEqZPT+XMd5v5XOsd/H7HHyKumOFWxVF4vaIDhlREIPHjXxbcFYbf0vspsusXvTxtilKOSpy8vQI/aTfRsv9EKUdRAva6dGB+Yygm9M+AzIAUetSWTf80x3J23kHs/dYAs33Gs8I/E/jxpxMEDv8HOpMWc3p9IYWdi2f5GQkw8cYRmrKwgE5/iaeeUyLwNLgKe7cM47RpoyBl5AkqDt0HN0864dyzkrjo1iP6ptvKjvXGMHnLQTSYZsXGhqO4d3kWyNx6wMWWF2FHYhR0i7px5ywXdKqSgBET86kt9ihdLmuDZMOFWHbjFc9rs0Uxv8Pw99Q8CE+7A/ckVOC1w2QYPrQP670PcsJZb4pUdmfrr7v44AhjXC3gypfrrVinWB02xBGuruuiu55B8C9bnKavG0HPy+XAZGQ6V8E6vmIniGEgDWds7/FNvSD8lfgaBwrkUCNLGLOHFqCUz0zQqX2MX/1fkVreKNC7kcMGHyNAdXktb5Jfi7W5sXxIqgFGLvmG9p9S6cb1OaCioAaJATH8/Ywe9D2Qw4otv8lYZwq8jxKhKsnLOPaAKA90r0PTemlYsGwd7oz8SNFSL+jUdylW+y0E8cIJXLRYmIw23OebhcKgt10WJverkFuRDO+6ehdFzQzI6FEfHzN+jOk1UmTluBDab6dSwbbREHsVYdz5aIjWP8t3zn3mwAsmPGbJMvTpnAkyusNQU/mSMw5PgTNlyegmEgA9/Aivvt1BMc3H+OFeE3BvOszTxOtB534DKS/UA5fFH+nrsXoYkDeF/OYQevvQh1uPhVGydDCOFTwKOXbC/ENJEVJuB/KTsYGQMzUYNAfNcE2sF+4O2gp1S3/Ahe5s3HDvPFbsVwE17XWkfV0ARJQvU77rexpcFAg5Wb/JXL6dpp9NgJRaOaxJlAKJj4jGj8ZDoV0f24p0s17tdF41+i6eDbsLt8aEMLtY0KDkVJixqg5LH9vh95tx5Df+AAV6xPKZvgfsojyXYh8vBQhCMAgQBj23H1Q81govzm+nveF3CCUvwpkwC6htW4TV9ndxW4EbXVFVBZnf5/idvgg4zp8Pp+fPolCbCXD6fjh7eWTQyVA7+rXNEFZuR9jrnwObm4JgWa0zvN4URiebVnL+1js0ZYk4VRaUsMOqYrYZGAELxBNgUsEbfB75HjQ+NdHsj3d5zZWjZDDhLz8SU0MfkTVcuJLg08a7vCz6FKlLdmOU91s48befJJMDQH/VAnyg0gbrjYbpepoSOH2bSlHNt9F2WJymNuvSf8IScH3JftpgegPf6jymvzM3wob5EqB04xC6T1jLIu7jaOSJPWQuaUEGYyxoX6kCRg9u5ZTS7Rz7ZCxEt3+C9q/NFFKjhxpeNSC+rQbMTp5DwdlbMPqXFzj0OeDO+VPhhOBF1L8cj1mhkRAn4EiOT0NhOPY4j57hSl9c42n5zOmwulIF7C4/5tvSpnhyzgT0yJoEUsUraV+mEvYqP2OtlncUd8mGYkItwG7fMGX82wuGXyK4bkcMZ6+QxP1rN7KR5yCJxO+hXcue0MMV8tByahpvXBPCJzZsw0+dB7EzqJ1rE++C2b2/PCn6NDzacQ8T/8iBlPxJfqJ3gB62tpD/pVQMP1nL+QWGaLjwB37ojIPuz4m8/Z8M5AVtgCypQehLbYZDVoUsWqeDQy6aeP+/h7D13wAlKtuhaPNImF2xgvx3RXLYuZ88vSUL7s70pjGrxUn9sjD89LhBC8ccQP35qqAqfhP9dlliZ4YAiM3y59fuPdQh8YNvlMhwy49tJOt4jjsTTMHMfgWt9D3ODqXhsCBdBWZrBnLhh1vYFhKFUzem4A1fJzDJVIEFG0Lh5YLXvH54Cj/broUK/Rt5o8t4vD33IQj+WQUK595gl4oMNKr9gbsTZSHn3UeY9ucE7A0Oo0sXw3B+41Xq/lCFoxWLcfYEM5ByjuANK4VBafJu/OXsBVWLwumrZBXNj49mO6UgnCLRQeMDp8DVt758XOc5L7voBQlPd1P/l+N02dQND4Z/QrlvH9HZ6QP3aSmAcfEWWpvjwO4uCCXbItHWugl3f01jiWWR/MTlBH785YKPlwrDGr/JcPKZIj5czxwbOp061shjwXhN9BLfxstfDXKd0kLqrpcA4V26VHTNAmzXr8IZF8x4pch9OKAQDZ+6j6LVYCc+CezgKeN1YGHQE4q5f5LEB9/zyN3aWPRpCo1+oseBOt4YXesJ8iU/aZXHdNAcdY9IsAHq1g3SBYF7dFihHppOA6/7sp/j1l7jN3AEb3YArKowAJk4W9obGEhxSxoY5iLE/zLG4ImOEK4lQGonjlN/gSqkbuqiLWJ/6cpVUVbJWc7r8itJeNk/dFecyFOD7Lk38BbYfCWQ96yEjS3FqKHznI/Hz4bvltvIYN0zzD10h+2LSkhn2WnOPCcEuWU2IPYrh81mm3GRlz+9X9oIQfnF8PLSTHadX4rPop9j7EchkGzZC2nla2jEGnWY67Wal2/oxmd+SbC0qx9Ku5aSaqUvfhyrDDK3u2D2vj5yz3hGs7cI8iF/5CHBpXxvnC0NSkxh0ZAKyjwNEJ8ezsUj3XjIPBrCy2+gpNMJ6PtPFaVbV+PSxWK04VMwWh3QhimRGmTxcAVrz5jMfr17OSBAk5Lm6bHaYksWXeCHYcfX0uX1onB62WXORRnu+6NPRjL2OPSpDA0CfHjb93JKwMcgumMXdFrrQMfgd/46P4y6tgOHTfQBd71aDM+Uw4j2CFii34W+dZOpVdcUflrNhxX1EthjHAUPns2nLzJJ2PUvjT3GD1D67O34sNSTCv8AtEc94ybn83hwoAnn/NWiLqv5EPLkAl00NaTVVw0pdMIWrjygAmseGXP2rjd8e0omnGuqhDNFt3A4OovKjPQ4NFkI7CZeR48cE3B5PRopUJgE5m1Fjd5f3NtphtOy9gJ9Po09Wfs4REIK3+yZCDc9t9EZ2XNk8XgUrMl5iZcfH+Up2xIBJw3yTKtoUnLRYM9+K+juOUYe7X2wbZcvXZnQgS8rLbkpVhwVOprgmV8UjYkdDdr28lA0HumVbjoNb/fBWV/sQef9ZQw6fh9mixjC3aonUHTKhXurhaCvtgLsjafBbb8+Oph6C9S8LPCsw1U44nCTpiUfgB1SwyySbAFL7K6gw8lcuqXag6d8rPn4PSO60ajPMp2f8GxQNA9KFeG8eRawLrqa0qLtQbZbFB/8SQZzB6T+yW4otYX46bHPHHZwLq80NYRH04IQawcw8XEWfPS6i5mSsrBE2Aa/RG4A3duf6Ps/a9aaPgpOT3XBubvN4JilHgQsQQ7fNIaWu1+hoIPMKcUusLa9C997m8M+70iuefkdA62n8zJHR4i+Lgn3f2/DybMQ5h1JhumTFeHTZWM4MjuJgyxiMH5dKgyXWmHuaV92RAFyP/uSXYdm0GMTU/L/NRX0Qz0Y5gXwObF7UBKB6Pt0JXiuO0VlNw3B/ekOGgoyhMIkWVAapYo/vxRBqvtOenRpCu3X3cDL9vwgWvUa3aaFkP+IWWCvJAtv3c9yb5I1tIRPAYOzxEPWtmzmfw6fafujrOZ6KOzNAt3j0yF8eTG5LZjLN+Or6JyvKr6YXsZmzy3h/eAusqgrhOgQS7ygYAI2uV+wfHMWq2QcxLNfv5D8v8ksvXAfH/C7znFtgfzh81Z0GdAFw4Ek3lU3ly6kHsO5s8ay2+elJN8xCJVTbOAFj0Ux5zQafK0MoUp7IfjfTZwpWoOuC2/C+u0pvOXPCCrpPU9nDSUheHYG6lWPgr6Fp2iH/zVSn7WVMy0OguxvP66q74W3W0vh+6SH0LS+EJtOqcBQbj9O+LKGzpQzWfxzheutNmS+RRLSdS4BzNxLN598ZNEOY2hskKUJGxfD+bpN5P3Xk9aFWlLF72vQ+J8w21w25kiKoq0dktD0QYXrHNppBt/kiM9CtP+bAez+rAuOM5dw2DgjtL2hT/pzjKFkRSK9mbSda6SqeEisB8uXvULdnDrc5ZOIhf1IuxePR3mNSVC26RNPXV2KJxdMpYiDcSQpp8K+B3qpzEUFSotPUn+FHcwrl4bD2dNYutMGlDJCYJb+KbSp0qRJB+LQcYMUf7k2HZamD8CuYCvwiOjga/KWoJoZxcunHoeQEb9QpcmJXx3NYS0fxjwTZV6+1wSeDD2DLSvCSEMjGIrzZ/OklrsYL3wJJ1nEkuyVcXBrtAV2VU8EFaWPqD1zNddKxuGrcl3+ekES8iRcSMgwA+cUvMJ2xz7692QiLPu7G0Ke3cabM8ogwrOcffv3oPgxT054UUs1/wlComwNPfEcCdClhCctX2HGHyG261zCR/NlWFMxitxiiujIvj9w5ccbMM0SAL2YMVR9biSkKiRywYV06EoRpLnu5yhslwoP8iqoNA4CwxsTYcK9b6CgPYGbKwJQKX0bnZAYRQ/tY0jLqwb0PB1oxn8pOGBnBX81t/A2rWJ4CcKsJ+xHV3rFYfR3Lwq8now1tRPYOyCKE6pmgNeeJ+z//hOfObSMrr7ZTro64ZRXOQfPC/0HnUsF+dD4S7QvQACyH6xE/S2WGNMjBNOGj6P88ywKWbyKVI4tgxPBCyB8cAZ6+xlA1dIU6LiYCr8SRqLvyLUYbNfKH6crUs53KbD60wzbTJqpai6AkuVjuF2hQTnCtzhX2wtGv7yCSVHDfB1vgc6UbB4n3EtWTlZg0BOEv5Yc4wCNExR8dRY37rRgvQ074OgFJ848YoQxp0cDy8yAIyeTYHqkOT708oD6UUrE6kXUsk8PMw/oUcJ2IbB74spp1tPBP/AWnrPcj5Nbn+OIS5rQ8p8hXMg8ShmPZlFrwTuYefs7eNQLwD25ZMh6vA6b3YRIt1kc/l4OhnnH7ODEy90Y3dcH5VFhoH1GBoTWPoIzEAcZeUH89UsxPM89huP2u/BR/W/Y+/gCJfV3cKi7GWw+7U5Cma6gftCZjMT/Y8PsHeChZo6vA0x5wwMpKvpPihY2A3wQPQBnCtSgI3AdFUUvI8GeDr6zqQNfbdhDvT8fslNcLJwCdZC0dMFj2sl8vEkWk4W/08H7HvA7YBfb2Q/zRWsbmDFBFVZ0a4OK6mcQaO3AgtLzMHBMAZdWZJCzkyD3KHuQUZQce066So83iINIz1bsEnIlsfeVPLl5DshoXoOW0aUYHLaH62deg4j8RXjx3CRwshSDt4aT4Pd9ex7lJweXxdUof/FdCI42Aqfsw/RAIwpbzRRgON2Fb9rNYY2gV6RY58vSYcvRVuknXhschz1VOuC4IpHnlRuAUNtmNK9cRdtfO2OrQyY6jLbHTyvzcZ3SBwyQHInVgcN8Z6MR0DVrGvW4l7Z7v+SAr270+dFimvhAkxv6VrGHuiNkO22n/e3jYWL4LewVGkXhUh/YfPQqPl5oxgMDJ+B62Vwozw1hDZmF3K6jAOJCmUC5S3iyuidFbd8NUe0KXHX2J3b5bMHQjrdgK3+Ny/7TAlU9G576ehT+fBPDNdVh+PDgRShfGQD+cjdJ+4gNuo2N54VlglAzbIUFFp14O1wc5P20SFczhgb/vmMftyPw7nMsNZh5oqOwBIQ1/eKAb7IEltOh+IwtiA2K8/hJR3jQllFv3Ax8lGDJFe8V4J2dA/1cmAx/tL7SqE+zYc2YXKhf8A0jI9JwjtMpXikcA6URWhC4QZ7ydzjw1zcdeAz+cJBMI79aI0T/5WiRf+oWjquu50QzCfiQM5+S/46EOgFv2CRxnGY5tPJ67xtwueEq18h60rwAb6guRSjtcweHHw1kedgVzHx1yCRrKnbV1GLKJCkuFRTmosqD8NxLGV4oSfOJB2+woH05LtT5Q/+uG7GShT83F36ihAsGsOdFGOXt1gHx1Sls0fwAnIRKSdhfFscqu/FcHRdueOEI1XsPU3+2J3Y3GUCS9X7YJv+GRmwTBJthXxTfp8S6Ff6w19METZ/NwOfjdEHnihFI/VPCUxTMhi/y0F1hArcE9sHLhmP4tPEE68b1oKrBAN11tYCP9X5QJ19MS31+4NUkXcpob8SCHQVgEmiD3ys1eeGsjxgrawLKmQ9ZRroGFgoUchp0U9WLp9Dpfhcet/Vx1DJFPplaBysqxsJCFWXUyTKE0sGdIFF2g1855qLC4zwK+WkJRb/zgW79waVrhMFq5z5IrfhNh8/P4ecem/FTmgX8WnAY324aAbaV80D5dxmqjTCBO+/WYqb/Ejx4+zU9vL0edr1N5bmSJjjWMxSDP83Ha2rdEFvAcASH+WbBS3yXP4gbLw9hleghyD+eDqezNHlXWRP9iBrNAuqaML5Gm4q0c3H+13iScb+Px5LXstT+a/x+wU74d38IFhr/JI1vBmCWEkO25arwaX4W32/4R4r3A3nggw+sPnGUpG4CaFhnYIGcGLTKjqXYUcpUUX2Q167cwxaiVYy2KnxuxgFI3/ENM6wbsUheFCS/mKK8nTB7pc+C8IotPCN8Dus3NKFk9iKWfvaA367XpdebjCF44UjYHlzP3h/ksOtHOoS8fMfPqgegOW2QvA8OktGXo1zSKwzZk2fR9pp0ML05jmSnq2PgJzt08lvBqpqtVHdFEs+cy8fSqYbQ9WEDvbkdglVKs9lhwyV2fNRCfWcdscW6AKL7PEh9xW74fsEStDIvc861LlRa5YEtJ5x50qF2nFqaT9lHxpF3eiWm5i1jm/sE5QsNOe7CZXQOUeA80TXw6dEe3rzMBmpuHoZXLt5UdEoH3B7rwjGPdJaNlcYVmTPwYOQpVL+Vh7+rk3h+dD4pSE+HbaEueM1cErSidrGb5VY+cuMmuh35B2L2Bhzx/BPln9jGIfpCVPzuHAVqioCX5Sr+8/Ybng24QrOK2iDzmxRM7rqApqsYS5rzKG2RPvT4G4LYyjks9n4RkO1pOOtkii1finDFi11cqjWL8//ugHLLq6h+1QA2T9CDwrxTOPmfEcVNuIPiYMoWqhVw2voRGSamoYreJbLNUodD36fDfq8FHHqqnWZP+0mwNBJLqiwwpeUVmKdmYI1REIRdGQFP29zZcq0iP/L+xK3hR8nvRQwZpCHV/B6LA39PcbfEM/j6VBmORxbi4jAL2mdVxil1jrjCrZOWTwuAmB0iXOkxm9kpgT+sN4cX4T3o9uslVqcNwJVLW9G2MYsPWeSyy48c+s8R0XpNJzaYGUCv0g38vuIJ+LrvwLkfxdhE9CzOkXzEy0rGkq99IdwfpQLLx8mCf8VvXpwtxhuiYvD3jWmYJxfIa9OsaWJQNduftIXG7ck8o3gyKOorkP2TJqRdHWxQ4wUzX9lheoAkG2/LoPBFN+CV2nhc3ycG+S73aMXrQDQp/4I3/GP5z7xAXPOghpNYjS1+bqHa9BSu2iYI7xxDcPLKYLB3NgSrEyU4P02bNAamwJeDTH8WRlJXaxcHZGtC9PxK/m35CC5WqwP4vUHHHlswAzOsL/GippvT+fGKN2CiORrijnryG2EvOC8/CN9lFalNZxEpNS3lWI0X5P30KtU4N5KSpxb0ln/EW180+F60PCVPjKWmPlMe8cCH69IMIN70H4WX/QfusobQMl4Q7K6Zkf7EXIzTqqNJgbN4XiEjrVTFU5Pf4aJdzTw1TwiUn4zlcsMWlMn/hN7+V1mv8SDbPTvE7VkX4U5BCtuqNFJ9qQ5kbXJE5V4zOF+WCo+nx+Hkw14YMd4Ed1VtBPuhk7wpbiSuVTWB8sVWbPBZhXQ19ejaiwMwfr0BHGoMZYdr6jg1TANuTNsHw/YjoCNsF5TfF8Sd6nNo/apMcoy9CgJHajjV0IuHs/3J2quXzoweCZYhRdiXvRW7lxbia/tTPDaqjVMvVvKVLT7Q/dMRcq8/Ja/FkpARWcgqRzbBVMGt+KziO63R/Yxb5l0Al7vxJBYiitbdC2l5tTH8jp1GDv5XSKzvMChPH43zb9tSStl0DjCpxZiqiTRZsZyTHkrDfTElWtIsyjFVShDY8Z7k6i6Q28dYen7iIa47Ic3OM1PxQf1UKLp0Bj7XNtK8DxKUu7IO3qcF0XpUw5iRLoi7H2BXTBu+zRCEgnkCNMF7ASafPIa7TkfBqaDx4HA8FlM2SYLtiV109NUbDFUyg5WdKfBvagvLj5bGUYM17Lb7NZnY/wY6IAKp48M51/IxX6gZC3rPxWBX+WOIkSmAozk7SVk8i8VErGhy4VE+fHaAbBXb+Ny/UVB07R+aNexGPesgyNcF/FSwCIQ+hbN573SW2pZJlid92dfMFHT2TMO8CVbwuEKTxzkcxWrnYY6P8qH3rv18etlC0G5S5rw/siAQrcfxEyQJftpRVqs2D506SF+/ZnBu6Cp8B0Jk73CSPueMgA/hF2j4ujE2y1VBQVc9vWp7yeJGeugYsordz7XAVat/MFJODUrv6+OmVbZofu04mC4twGPvizDhjDqLvvKEuevX496WFJ6y3xjid5iR094B+rVeCiw1i3HrMgMK6z5F6uGTOM59LMl32KBn4CS4U+zJFwWAR+zYCQkHtPmq3HVw9T5LQ+Mc0WxfEgyJ7IPPFirws1mAxn5To8GNfdT6RpNm3TLBBqciChvw5gC5t1gQ/Zs27JKD1XNdIf7IBxwztxM6PQSpNHk/r95dx6tkDoLYxQi8f3kYb3gYQVH+EAo3Ixzu9od59wc5bt9ZevpVF36vNuE9f/Oh7X4JbJw4BaztSimuJResRrVjy31L0HnviPr5O/FR9Uj6HVyN6zssSK1fDb47j+H4XcfozOom9H3hSTuE7HjhvwjeNtodjhypp9Ckh+jrowp725X5VZQe3a3JIO3X4mwafwSutqzA6N4YuCQ2GpzrK3mRuCocForGIHUPuHq7hcUu3mZ9RQnelRwGyV6z6LxuMShVG+P+txbQ9XIxJy+uw2FPM/4uAeylFUHCpYupOEoSque18e3n9dhjNhnObexmqdeu5CDgzCXL2vBPqyq9H+XCezQKcImNN1aWj0G3o1PhxYoBdFewgKfbfsBTv1SWM+xExUkS9HBrLXWc94Mjt4Oh4/NY8NFuoVQXX/xxXZFjBSUwf7sVkeoXaF29jNPbxGnz11+wqG8afJs3CdNWGvI5TXMy/3iMNp8woc+npOHk0DU2kA3GZpUhGjFiBFy0c6YxftvhW6Q1lQV84xVvumifoBU+/HCUnSWM8S7LYWWrBoS41+CbkYv5LDzkqfKZbBB7EWZYXsTETe9x5aRXrNLxlRobJkHp7E00aDAGly8LYEv/EtR4sI19ZWbQyPfv2OOpAlDaYWySngjLRBvpzO81VHR9PjX1iUOZfyukNXdyVMoejOlUYVm7k6x4xQhML2kAS/hif2MevNoiiPdUl9OzzFiCtqVwq12Wu2ruwLsXUjBJ5BbPcbGDRMXFWKEcwfMC2lBbVZracBa4pkegvO066NHUgPTPV6HISQXenWwERePFvDtoFbc7qrHTpjG8YONyUhhzE1ZNFYaepCRomzibHH/Z4GkZJ3KbZ48HW8+SypdquP71HyddMKdTutJwY1o525VcRjpxjqqsnCHPwoBmL4iFoD9vOef0OvwhYY9R2mNALEcYFUYU4uqcO6i//A3FZArCiKBW+FO2lsjNgBRLtqCkjz7Ya4mil6caZjtYYu9Refxx6AR+kjvBncl38NJhEfYx38OuPoIg8mcGBNwI4DeGEvDiuAD8uPCaE561MooW8cLeMHx+PQ3r7o0A964UvK35lQ009FHYpIVvCE6gs7URNLyvAgadr5GvZzR+iDECzfgZ1DA6jRdvBEocOQfHLrtEskUK1LnOgx63FEJj8AvuuqsB843GgrSWIkza2kktTkporN6Ey53OQGXzc1CgEAqplGbnqWqwsqSR8hKmQMmLZZCzOAOnuwdhzwQJWlUtBe3bjpL3RQH+lC8Mo85rUOnIdZzGQBEnXFk8jHgAD6L/NB3akCjKyc2f8Px1BUiRPgsbPs+FhVuM4UPDAdwd/wwEM1bA77IMltN2Zu1rYfh2jzxcmJ5OX8NM4d+tl3Dk0Q42N99KMUdm063Zd/HHE3O+y5NxhfoI+Do2n36HfyPzntn0Q3E0r06NxF/9w3C1RZKn7qxn65A/OC1PAE7m72bpbSfgrvZFlHqgC1cPVZPNz8W4QvYAPQ+ezpE2H2hVuzxYjCdylmtkHwMHtL04B61VB2luswvDFHG+370F9ItSaNMBfVA4NpMvHUgHIZ1m6PvvBSbFNtG242KY5CKHT29644CtBP8Zrw8fUQYuXclHtyU7KW5gIk6yn0x/a0pocPpHthgVBwF9aRx3TQDm5nhR7YRE+LaEUKBNBxu3u1PMagecNNYFg5tk6G2eIl3xNwKT4VEY0XsR9EMZllpYwKb8WHx4J5+6L1uxxs4aZDcB0jcTgd8O6nhadgi/OC3iS0f8IG14EJP8rmD/T13cu1QWvq0dBaAlAjmVX8lL9yYEt2lTwt5cevcoHTIkKlgkimG0rw3e+VKAcNkIVD8WAAwu5bSZtRB/agmqCTRiW6MV28cEgG2KDim0PoekZwzN7VqQm1cFu98uwTTxFI5MOAX85A+Xpi3CoWmzIWt1GSwQGwPBuo/J8looTc+XhHn1fhi45RprOn3DaMkA+rA4Gx+cW8MXA0TBN3Ic/Nx/nMU/rGLrhyY0wUUBt2p/gg3++bjvwCzsqQvC9Y0iMPp2F0fPmMvF11pYNrsJv8o/ocbGs2CwRwjLEhwoLceYfdyEYFdNFamd6aD+F2XceuA5OBXcwPWvvoM2/6YFWu+h36ce7toJQ7HuPojzv4wz1f+SUNMB3OLdiYJbxuLy692cb67JN7ZegqDPklDaVIRaBjr4VvMNRPa9wDZbTdK3u4EyrfOp608DCD9zxa/WKjDvvzoY/a+G2v3KYb1UNCzNFKJTd2JIRksQ1xnvheAP55i3mYC72B/+UlpGJ8OK8fbHGaxyUJ9zA6/hpXEp5PT3KywLr2GjvxqQddQZ7T6MxjXe13mWZA64/Izg+qNunJMnhntrbsLEJ1fIZvc4qCjfydvPhLJn9RTOj1jMbv5iJL+gDwZ+NeDZRxmYfLWYRZ3lYfyRs1Q9VALzU+X4b/dR1LM1BvniMN7/bhEdGUxkF8fr5LRQHN5aveELm6xgz+Q3vOdRNP5VtaXCTkOQ/72BF7x3wq+K40hj8iSwMA/Dd5f8oFh9PZr3+sKFpSa4J7aasnapguXIDqi/ZoRHOsdC+fBmqrl3FqZdFkGFCXNo8r1BdDVT48K3oXBGUwyCtx4kl73TIT37MniiJaqbtXKs2m+2qliCOxV/wJ6Tn3jK+uWwtzYIjbdPhzk1AlzT1gi1zpko2ecN/q9307L4dGh93EpbBi9h1qzRcNhmBDySHIdzD/rh4shTkHTpMRUdOUT987/hrIZ+EI3TYivDV3QraTxMXn6N3bIt0AdkcVfCdv7zleHw/U0wc7k7yZrpUpKNDWsvk4WIiV4spboYVw9G0oUVm0j4pBufDBnDdjaXsXPxI7Bd7MWl7Zawr8wbl7U48YRcVfp34hR8bJDFJzek8eMIOXKwe88KhobkJzISbGbupe9rSmCBpRK2leSh4O5ECn1yG8aqr4HXwTIwRf096SerQkzeH0q5mk+2z1tJMKiRApRnUFm/M2w6sIvXDe2md6q9vGq/PJS/lIbirAa+NPkbBl/Rprcfl3Krz1WaL7ANDTPu8tqEfkw5Zgx1tseg7z93yvwmgWemD/GI/hcwqDebn3qZ4E8PW5RROsR4Wxp+bxqBt6Ke4FtRDVJQPgwP87aT0gNdVo20B6rXJ9tqZXihKgczXg6C7psvFJ76HqvbdMAlWR63jPjFL7yYJ5cfp5sey/H4OwNQaV+Fude3o355LD3JbcE/bs/x69wHXNt9Gx41N2Da/BLWeqcIufs6sSrgODxRnIDZcy7Q6J/FVNZ+iaZUmPLc94N4WU6Ns0EFqsIa6GO7FI8vSMJNSyIxs3sLHdMTZ5NbXmzz8i8WOZTTvjZJGN83ATyEMjg+YQ6JPH2DBxVbQcRWi86kLcFV/WMgWSSBh48oQ/13O9ppPA/vu3hiynl1vLlUh3/lV8Ev6e2gWRaHEbuCKCZaDjIqrkLUhhcwzuYgj1llBsWJ2yjiggGbmB4n5zmC/LXci+5Ea8KKWeG4WVAKAtevAOG6EgrO20Bqx5eT76M55Kp8Adbs9qbIGWLwtBspb7EWxVp78SKVOXCl14T6t+/jaDMd6PA+z0V5ejTppA5c0FeAwt5KjpL8BgYxC+jkie34b8kQVFyWhTVfXPHfjEKs1dGHlY/D4UdSIipvXgt/oRQfLpvPA8nrWWFCHaTsWE3tNi+48K0gyH35wDO/7gB9KRsU2KvKXlnVOCpxJojWGPMxcTl4FXQJ4ncgODZ5U+XxRFCf9whKZjzG5I86tO6SNXpqiJDV82reuaAKW0MEoUb9I60sucOn7M3waYwbBg/2QI6MEW6/fBetE/7QSGGk550joVrJFx9rdNJ4v2isOemJXS+3wrfne+BQaSW2v2vk7eMj+WzVDDixXw11/Sxge+csWG3ays0BYugVPRNEhQtYJt8Toz7L46KxCoBvw/izpCjt6Heh7YLemKAygRrM56P/7ufQ6tOFjs8q4XSUGdRcPEWdq4+SnKMGudr0waMz6igxJ4RSvPpwkexWfvNmEJxHCcBS/WRqT8vCMyFhXKWpwvmmh7Di6g6015LEjxNH0uVIXZIZpw6uIrkUXLwK/F8c58U7blDORWf83GnPfnevU1uKDPjkroHJiSPggeIpmicRzZt+GOC40hxI3huH5u876OBQCr7cVYWzHufhm9XGcPFvLoje3UX3D1fzE531vEWoi8aFZoJluwffCyD0KnvJgqsNYfuXFNIK1oZX4Q7oEXmQXeVKOaL+Lz8/OwyKbdl0zc6MvpdLQsrmBhg74Qk3pN5h/fQJ+DvyMrQ0aPLleUn0UNSDktoHeIzjJCg1rgOrSbP4rOdxCl/SCEm3Eljacgb4Gx4ho1s/gF6VkNsnA2iV7Qcj1Q00Q6yMTxcpwbtaHbp0bwa8ShSBhvnq0LIimC6vF4fM72rYJLiMNnc4c3RBPh8RisJDlS600jWDtT+PY9dzubzSUhFUFOXx1MLrPDLbkMqu/mORjm68FrWAR9vMJIEdE0lTdD88EGZIWPIZIuzHY9GSxRD64S58uKuNPV8Nab+nIqSbnobHX7+gdZQIZK1zg6hdb/nLm0b+KmSD2mJGNFk5EdZE3SO/eOQEx9+cNdcMFNecRgXZzTRdajl8PpUAH+/18MQeY9y8fyoUFe6jtnuS2J8kAcPXP0K/4VJa938EwAcgEAgUANA/EEJZpVIyQjYJ2e2FZCWVrIomSaE0KRqoREoLZRRaKkoKFZWKkp2Si5DRQJLuzU6meafMqCWwEi54eFBnoRcZ/PDDfZaCvGmSGuRnvKJXO7/DUTVRKuhz5ZOVihgdtYKj3p3AiXlBKKn8DOO1hSA9YIDeH3VjSTthFND8AD4Dyixy+xQFjajHBQbHsHj8GQ50EoJ+GQ1OstBnjbOLQGWnJp+uEIY9A3qcu24uTGtbSZqt78BkrjrEBEZz/fQgFuqdAOqT4zgx+COM2RKGuMGIRlzXIcEPObhwghSoP8qgw06TYdzy7+C/VASrd3WThsVjmlLqyvG9VmiQ7Yobc8TA4E8cXnjpABrn/pBmnQdfvyQKoTssyGPvQlq29wUHhR2jxkFx2Of7HtqWDfHdjWPA4eRjbp63glvKYmDtTXWw/R7IoxPj0DxBDoq01ej76yw8L27Gt1aZc9nRKpp+YAD1ytLw76sqChafzZebxIB3WoOO1WNObttHrjJ3+enQUvr45ABUCVnjlZc7sNMhjVJEZsCyo0Uk3SNC5uNucvfL0bh0xxocFhTioFc/uKJVApWzb+PKGC3wePwIWqbM4pZfNVwt9QsU67ag4SJlrtBWJq8le3D752a4njoJdi4R4fj2JqxMqeGl05/xQ37LDSN10C3xGn58PwMfXKuHxQkG8ERaG/rjykAxSR9fHzHlsWkv2bT0G7kfDkFV32G4LVBBMlcnAt3qB6yzhP4HBmjS8B6u3lPDPJcxoCPgRd++j8S/Lx/gmippmLq7AuaopMCqnHyY3F7EiQ0OcH3saDKLsWRf6c1kVnoK7ywgcFyaDuU2Ryl6lgI6JW6kouFhfucZideatVglaTKpaxVxZ582JG5xh18bvlNa2HXe3JXASdKZnGHVibOufOHAf6fpy/dDcIikYWr3Ln4SlkPKaVuwPisNmmMjSEJxED0a5tLK3WVcd3QJ5d3XhbipmSyWNpYFPzWx17Y8TBuOIh0FAS71u40qKzzwzYKFNKxnCE8i3rJ6Vxob/xxHs5TWYv9WI8yo20lZI6RJZMiJXI57kv1vOciHMIjUZQyQD6F0qUzeqTUb5vtcxj9xdazoZQHND0ehgo05mB0Pg9PPWsnlaxvYDZ+l2XXXOXJzOCtOXMZ7hiWg4tdogBxVMGJ/mIty8NrjNrkPJFCc8XPQO6lEiUXiUNrWwbW7oyj9kQysUnTG6aG+pJc5E7wjjXCPzluWyCjgxI92bDd6CsTG7Yb5fToQOTuItJ0bUF9OC99rPYDsmjc478xLTogdwQo7BdlleTmet1WH9J4htJR05Dh/A1qyrQArV1TBHpNyLHTPhf5JzrCs5CH+2GEO3pcF4betA1wd2c2VImdJapYghk0spvW9UmjTK8wj5Y6Cri3CEsUL6HPJDFbc3kMb547iTfZzWflVAuxZlsJ3z3dgcM5d8sbJoNxtyRUh03FQpo6tt+iz08M4mlrRi3K/NuHmxFQMPHIITFYYwYSFs/l3ijjdTdhPS58sY7N7W7jT7D4WRnWxWpQROGWLYrezEQypzmKFXw/RJuESGpYnw6N9a+Fk2VtaOOsafXB8RnJPhyjX0QqEX/+m90PpsPb0Nw69VohJeU9hf/dccggUwCmvLvEFr0+8+50oiBasYUfnXHjmnQE55UtIeH4LemTsg2Tb/ZD+IRbnSN2BegcdiNbN48/OGtwjcAs/1f/DP7+8+K37RH7125RPoS+fmhNJ2jcIqrvXo3JnGn98KET4vQLvjFsDy/5G4+4za7kj5xSp7KxixWxBsN8XAE31aqDhlE4iwrtpjIgTjVsXTBudFcgjbzzqbTuDQe80IczDCU4oO8LxuYawomEnb7POgaQkN/oai+h8So+mdrjzreRpsPFjOyWrSFIt5PBxNARf8Zugl6oNJp6l9D7+BO1ed5BHCU2HtaL+dMxRgFFkM9SO6OZ9zVlwtyYNHxaMgjLjU9i3qRIO2ehAS14Bf7i+iyRFLuIGfS/yL2hE/vwSX41/ijKe4WB/XRbDU81gltlHPBJixtKlx9nOoZx6rP5C3OZLmNu8HzzWnCDniYv4x2mGFVNyWbI6DpdLd6DszQy+K1FALw9s5ve7l1KHRxL87pkA7D8Nzk34yaFXfPjlPS0+7P8cjSqboGJFCi8OO8+xX2+BUUQMHVqjDd0H/+Nr5w7DVdGPVHDQiU7mq1NeuBgre8bgsrYL+HXvHB5nZw4vh0ehnvEhtDz4FUY4ID9bsgw1OseCtO4p2FF+F3VNUsHvjyH0H9wLXn8kYJzoffRrXEPbDB/hN9kMnj1dit1Tz4DW31l89NcIGOotIg8vTapcFMHi3IPlk97RuEf9eOylM1unGvAqx3J8lToOcO4PnNr1GvJazGHszgm4L/0hvwl6xOtrz8O0vZtoe8Ii8JLXADO1pzDqxXMs6rOl7bYdZLwwBGD/CLi4IwJe28aDyNlTsP/beHAwNMVZfqY8JV0Jp5o/QI38VZCRUMiBb5shacAZneYxJ200ht/qjigh/ROMbO7BgrIntPJ1LHC0JJetvw5tk49iY3M6rA6SA90fj6AmbRZuaksjmPKaf02V5ZU79nKP+ltWDJgPFx90cLfhDHhxvJzXRe/CMdMsqMzhBjm/L4F5hudhoWYwm0Y9x7FnDMBUQRouKa7DlWLm0JH4FCfPM+O8xasJhKI5c/snyFH+wKnLFrHPTjM4eaOWWiQn4itROXzbLgLC1apskpIHHdvSeF9rO753tYd9UdIwQvAWegmfp3/JsjhzRS+Xj3zL9j/zaZ7WEVjkok/S8wdpzlQL+PRwPV8YvxGNd9dBZPUxtDbdCoeFfrJbnRjULU3h06JbOGzBKPg2cjcdHtfLwXIusL37CSZqT0T1yDzoP5UDQ/dD4OfQZphgLwhy3q/oza9aNDvzC8oLCvnJuE7uzTuIk/+7gG8XfaVDUxzwwxUL0Ph5kW/MvkSWe5fTi/BpyG3B4H3SEl3CgvHY00+YMSaMXKoFoP+NPEpMMqVjt+XJaN1MeOSXz1tPfcWd1j78NXQhfJy+E0LdVWDl2lG8dNdVLOl5zX/ez4fxD9/ypfpddOfsMb62XBXPyb1CoTWqkN+3Bv+pGKDRw4OUt2Ijtva3Q8zdMWgTb8XB8sfwtoAb5oWPgRWSy/n0vj4Wfu+Acm/i8Om4HKxTWEAvXNZDWqcvR3uNocWO+pB7phQeC6/F7DHzMHrVajwUGQWBS8/hwx911D1PEiYHydKZQiXYbrQKV2Vdh+asVJqtWAlLX6WjXOY8/jNCn7xE/6FmWQJCryL8DvbmRzZzyWjiQeiTFqKY5lj+ct2BL+f5Q+BkgOPizRSbxZDHn/jnYmMcPPocS5pdsD/iLojr+dGP4L1svekT7jpzEwUWG0Ncaj8Nuw/BqAZxGFJsoPuqRuD+L4iMAorQt3sCFCi/R0sxcTh62obbbO/y8sgd/OGgERz9OolTXofCUbXPsK32AS8S/Ut3GtVgQsNifuv8idTetfKcai/WVg2nfeHpJNeZgntGqvBICSEo0NWEo6PDuKctnG/mj8JI8Vz4XlUNrWvG4AgTXVrQo0bw+RAo9MnDuhuFxLeVcIeLNJQ+qaKxr1poXp08jClPw5NnM8ltjijfWTUatpyMo/sFAfDJTgaDYr5wU/Aadm79Q1GLhEF6YjpLe0xgyZOqsOnRFWj7FgiF346S4W0fPDqrip6HxPEr0R2o/6Gflrf5QeVqUVAwauTEXn1IVFXFXzdG0IX0+ex4sB0EW4fZSmUF+X9bRCY+ZlB/8hFt2p4H7XstoaB8NJ5bWU3zitfghD7GQVVHvvm9A2e1SIHv869k9FWGL0w+jHsmKLPybj26M/MtmFy4RKv/C8EnfcVo5TgGBs8HsG7LIH+32kWD0sfgo7kYJY/0wlaOhQvjnGFgphaVDxtC/5UnMCZpJ9TmqWHw3ZHc9O4RPVMkfJNUie4713O+az1Y9yLctG8B99ZuCH5aSzdOJ7KSigZZpXhir1I8F59+xu7dq6ltkw5Eq+Th8dbpnBgghP/dWYwGYufx4YsaPDnTjwZ62qHk1HcYrBeB5x7GnL3rCBfOnUIn5wXQxPOIPmoPcP4hG3zQV8wBh504UEQFuvYkkrxJMe04agm1z2vBaPpYcFz8Ay6kJGF8vyCfKZ/BfTIaMDZCmr62LuaxTw6yh9IZfJaThnqZ83kJbKbOcE+MPvmJpwkTJAzZ8npXNfDTlqHgBS84vPQB2mpJkFN1DB+xjyd06MC+XCEoUxAAttoEKcE24CixHdtXncONZ3bhi4unWWZzM16VccF/++RB6/tJ/Om+Dv8EKPD6ybGkefo3Lp74HTUTm3COoCBF1udDtaA5jPq0DCvH+eJv4xq8UxoFl0oUaKSBF1+uPkd9NwJg4op59ExZEU69b8E5URv5ufdJuqOjT6Ff9tKbrVcx9kI3Hhk9HXwEfWG5mDx09W2hyJWW4G/ohmnfxXFcRTpsTlJA06iJgLte4eVRZjxmSAvy8DmKjPyOBs83E6E6WGh3wVrVGZyQoU6mK3Nwx6i54PlJFH7YxKBp7CxQeKqBF7Z/Bq9rxeRHMyEpGGjV45ss3mVD9XusYE/1I9z9bB/NrxSEIYtruMAjB2xj72KqlBas2GjIM94VoGmkHoQ//wGbJkwHV61bGPc4n8a3rUeZhXpwsXAdHBTOZI3l0ahkIQkBUWM4VKyK0iEWvET+8hVpG1AZugxKw9NxluM+mProOQedRsj41IDJWavpX2gDSRdZAyx9RdkjRuNZ96O8tNubDR/q4aMxCK72Tvz9ijr2KHtTTd4pVtoL2NO3iEe+audFa/Zzf/IS1DlkCGav2snIeAV1GF/EW0GeFDVpJXjvW0jX/CQpdWMhNss9ZMFN5vB8kiqtihjG7wqfQN1sAIV8lKBzox5+XVkOHVfcUVXwGLrI6cK2Kk3IUFCj3PfTKCDgDFdLHwCTgXN49d5ZkMkYi/JLiimkTwlgpAyWpJ4CswM3WMl8Prn2l5LXgguQKLcVXXdJIsbnUNc5Mygcm4t9nuNB/0UV3EhPpYYtK6FxylxSubyNRF/1o6DKRJKpIpAse0KTQvxhva8BP3NzB3elUhC3V4bwNytpX14cqyiGwK0AAXD5OwM2P63B8d8LQXdLMezxv0JC3z/Rlj2KWKM2D2PV/sHW3XIg++0NDaSYQrzYAlLMv0lXRFfQoTHhmGRQRBna7picVsQiMcbgId+I1sqd+L0yEC5mX6fPOS6QNMELNeWs6ZuRChRMOMDxpyUgYIELt0hvpDI5f8otvgYeRV30Z6Mebw3vprBKU8o8F46fppnDTArE4I934UdCCK9v7MfjU3+g2ScZjh1dCB3nPeHsw3kQ/0oEwm/o4p3TwqC/1Q00bFzJ6t9nSDx2gnQ1ctBkRgVYzLCAytGTQavtOeSrx/AI6RAYb6gLKRG9KLT5Dz7f18S1mkBjToqC7ZMZcDpdDjeecsITf1JAK82Jjhjvh//WHuPl6pux+89EthF25aJXFpCw8ws91zRhbZcrnOI4CxSMB2Fh3DKUCc6BOyee8/KmD1T6ZDKYnwqinNIt+M1Pm8Lm2pOidRsdaQmhPd/m0zIPDXh+bxrv+agGVeo3ES510qmmpbykQxhyXK/TtjtvoNbVCC9pRrFEgiVs7hYFkWCELr10+HLcBefLXQENYX1Sy1oNT5dvprCwDWhSHQ6Nm83hqLkTrpY8DM4bd8Ln4H9sle/Ndut+QInVRdgW8gFDnsTw7yE5SCgKJrc1lRSgpYnjTpijVNEEuNHui1r/nmHgfUXa1vwZV7gpQ+uj3fD4sRarjRbhZQ3GLKh1kC0lDKB8thguObcYOw/qkZm3BUTYJsHWef20wDASlxwQR9WVO8DjbBHItNyFJsomM+uZ8KFnPPhEE1oauZPGbjvs9LsDqeHfqNf+JGxJXYCpvqrc7DoTtzpNg/MnNkIQd4Gx1gFMPz6F8z0v4PbcCLiS0sMosBpz942ktokM24MDCEMOQ2q8JGccK8TyNzWcucEDc2dO4Wqtm7CvcBRGz1aEg9sAlA9Wk8b27XzivzVssrgZS02GYaDYkxdPHYEhF36S3t/RMOpeKnmXngKnr6/hWMYznCgkC79X3AH9f6ns7HwJNvw9Qi1dRrDRtBPctv8G9boT8FVxHz2TX8rZ24U5zGuQfNMPUP3G/fy7YDpMKOoHgUwBvNI6DSu9VoHHzB/QmOhJvVkEF3LOQsven/js8GiIuC6AJfs98bXyRly+8zPZCmrRRLMG+pUxF+vUrclL8ycfWWEGR47Fk4BhFW9qPEbCmT8hXXg5mWd4E3jHQlIao9nNYPZsMQAnk2UgsV+ejPJno5TIdFjv/IT/rN8MT7dbYrZyIjx+m8T6nw3gqvtGWic2CgKLoumswia4c5yobMI8NnBL5Ey939hfOB+b49RgyYOvvKjkFe1KW07uwzL4d5QRvbp7k6W2XQIsWUkdfrrgYKgK9w6uIlqUyS9K/qHlOzFuvekLd6+noOiQHyplNmK0WC/sujMdBizj+aazHZtdacUx0xuwMksSbl/y46b3szjcZAeqBumAxwFt2PkoB98POmOF9HcW771Fpg/08VrGODLedJXfvTSm+tkruEtKBR6JVPF7veVUHFaJzWGBIONwhowmvsH6+lG87cR+eLAlgwUPz4Ctm69C7Z3FkHN0JsFLJfTQ/MSZQ92gK/6FjySKkt/lpzTilyFkPJ0N+3Pd8fDTVjDr+YyxyxKwdbwnHzP5jUrvr8KTeYvxipEMrE7NBPnBVXjSQpZSXztT4/h3vHnhCX7fe44uvHXmwPZdVB+iA+4ds6Fu0IrWqMzAszZbofrqVbyq95KuHfsA38aqQJquMLzNlYTihj9UIvkNNlz5Qe61lyH/1CuQzvanq3eD8bF0LLieluQII0VIKjOka28e8ZfQbewcKAWb63/DYFo/lFqdwl7bRn63S4x3FEiCy1FRujbxMl30WEbJJevRO2cEHm2+TIKzrVBv4krMO/UP9FfIQ7n2JdyvXs/H7Hyhbs4aWrC3iRbFKuD2Z7dQyPoXv1aIxIjVBvD7RBeMPHAfLzo2sejf8fy3LRyv6QiiwfsjJPV2Mau5erK4LEFyTSVDzma4ZTuRhZVDcGLiZW5//RzZuxk87Zx55snRuHuMNEzVsMK2Z99IRr4RIuYZQcf9TpxyOZeHb70GeR9HNrw7g1hIGUwcBdkn7x0LXH/LDhWLIGmPM1UiwbeVRJp/bKjTLI+9DQEWDdzhXqlqGLwQT1+0j2DPMx1IaOql9beiUeuDOSdfDcT5Yyxg5/3/cN0RedA2t+Oh74vYfXQRKfg85fADhzCg+DHsKvlChv9EwfWwDp1buRupRQsT9olzodkdtBWw44J7VhRS10mOW9Q4o2QGBGUKwEDzUiz/VwVy99dSq4E5Ld3/H9bd0sKU0G+0M2cewXFx2CrTz8XR/VCp04XRK0dRzvh0KCi5Dx7NXhgjlQtuXSk4u3sMlOuZ4hmjD5ht5Agq6QinO1WoPcyYhpp/s/N7RPVWEcSZmrDdeoBv6QlgZIEdnUn8AvpLGeq2ypNk8DK+kFwPs7w30p4L2vAn/ipt9VeCv1eOU4+ABB1RDucj1V/gc/1k9EBD/tuhzaZzVeDZhess3qSM4vsvcPE7Vdw/5QgFC62FrJTf3CN6mGfYFtL+0inwK3s0yS2vYIXCTVDRGEMGtJhm/fzBR7Ir4Y94EogF7UW5JoC4VlfAsBe0V/YuHvzwDhN+DFCV1RUIOe3CJ6/O5eixQzApUw4iRe6hzZIrYLBjBDqPfki9ctvgg3ESxuQI4/W8QDaxm0yjoqaD7t86fuH7C/XKlKj1nirLWy5Er2tLuSx7LG1YJQ3DYsYUs1YHnJ8thdX6fVgF6lx/8j1EZJ6DkeveYcDuaMr5vZ+/bWjC1nRLcLR+BQ4ls2iGzUxoDi1i/cevQf9hEN566YKTHcvguvdb6BtUgZ8TdMA7KIZrlh7E+hgJnty0CtPzNFh+nTd8tBnCuEXtsOCtCAwMK1JNyQhIOPuYXV8Pws6Yi5wkcpGidm8H+bAyEuMCCPswA6bmVGPg3XJ65/sI93rJ453Ys9yb484HAx3RJL8Cxs3fSSO9VOGCrTDt+BmDh+9qUGKeATp0vwP/Xh/IXXeVjzoGUMUJV1zvZAKjN+ZTyttqTN/9m29LnaaO58vh4rLj+KX8Lb8fNiSzGe40XA0wb5QfX04yBNFXybRaM5B+2/2Ehv8m86YzgfC79wdERpxFyzJt+PTrCRb8sqWKegvInnkZ479Ow4MONjT65T0UWtHOWi+M+GSyLvyLEGONmtlcu/g/evtQFdXfxfKRczc4bXsOVhddhqSWO7B7jyXkBs4B0yUlEPu0gi8Wa7OC3xBKvJBG8zA71jKfil9qRCG7SAYWwQgqvhhMztf0qTG8C8RPdoPziYPwRkAUxCbup5A0gjeXzSE+fwFsPaCK53UNySA+AJbOD+Q/4gfo58cqToxTpJoHnbikRgEaZgaweKI0bLI6wOwlyHGVPuRSsRIuPR8G74nnWEB0BTzwFYQvwi6oozoKlh4azUnX3LjvVD5c+D2V23tK+VzpXHKSSsd/53Tg68FWVolcwFEyuex6MIuF901C4XmVJC0/g5rHnMbagwGsfGUypHmIQ7qFDXg/Vqax5ZNxW2sDrXx9lTMLf6HjezFQ9BHk3eljoU74JhSfOc+rb11ksxo5dLt/A073qOJWuySC5wfwUt8tSgkVA6U5jWR5yIzPRt5jAVF10J2ugNd648hd2RKt+2tJ+bgG/tOzgIQn7dB2/gZE6JqixfXLeJo30GV1b47aeZ+uTNkBF83iSat1GsigMe3f2oRnYkrwhed+bjk5iVpEjPmVlSfO1D7Dz2sqQC5LHPbM9yLN/m46k3GNXgnE4rXkv7zceiyt2jaGZr3WxqNpaXiLLMHTYxrJLorA8yFl1CK3DaYZ21OpbC4pxnRQ4edGsPUYj4otonD/3WW+4t4H+o3H2V+PMUwlgT/9p4rdVseBXv+ke2CFC2ZJwIbYepLYIYAg0UxX707inf4ncXNELu0eHYyGF0eAcvl3jvQYA2zdx+c0rLFa8S7G9pyB7ITpZHlsJjinqOKcO9/pxZIwWjhlAuweWUxje3RQ+1ArztMZQzL3EjlxtxGX3lrMcVk5uNloL2b8lYc+6ziclKYFaTWRtNh1DN0vrgONxe40768hxaVnQZlePs6fJANCigVweYQV3PlPAguf6UJFYBYWa34By2+tvPVjHttX+9JA1zToO3gOkp8nQvm43fTkSCgM+9vz/kc3uNhWi+9/6WDpgij6bWkETbfyuPJSGGofUYeyqF+cvHgLPHmZzVlFd1HxtCj9V7ADlKxl4eNeK1h3cjTmqnZQa9Fs7hIqoZ0/T7LsAjc+Ov8/2ioUSGHBkmAmacdvOA4D5ebCQmcnSE6qJFo8F+MOtrHWfnukiSGwyV4eXg0lwFr98+ikZEnOmApLyISid+2A4Il3qXfLe1xqkMHTXoqDSeJ4DpO4haEx4eyuvRDWrJpEdQUGfOZNDN89fIl3TejHG4ojIGSMJHumGsO/rJ84e70DqNc6YL/kAJcOSfHa2Udxj+Ua2tBuBPqL2mB4/C1cUyOPDjP2caTYMJmv9sX8e/dg+f0MmpVIvGfWKPByqEW7mWv5w81QSGt+RzGVs0D/sjvsEAZ8seQhv9vVyUbWEiByew7GzL3HLxPladW+OLg27zPkvtkDkdUhcI8v84uaAbxjoQir47aw5vYYviu1kB++IFLeuY0liizQZVc2H46fCTcP/MM7seLQJbiX/rMzpQM9f2DCvaMw3SyZh2tGss2U3WhrfJtaLXqgYrUgeJSu4o6Yp9T0NJZLlGeSjaod/QmIpohzi9hvzV4eWbWMp9gLw7t58XBo7HS6/ykN8hsYj+ZIUG2oD8WrPEO1w1Mw7IQGNvYawNeP22H2HkFYdi0LY/Wtcb3ZSMo/vhqDSv5Rm1scTY0qxbGf5UD8gCuvOGkGe5cAClbOxhuTfsKqMGXeUtVCR5augYjE37xjxCiQiFWBFo08uJPLuOCQP552XsnX/ihQhN1serE8A3vKroO7liwklZbytsnSGLENYU5nH+2xWw9RNpn88e03VnyiDi85BqrvjIfn6T8hP3EpXjFQh8EHEXjbJAIHgm9xYKIp/lraTqNe/OYbknLg21FNJ2NuktefDfAk8wZ5rwllp1vZtGWRC25UfwovDs6ht0kqkB7sjpzzl9XmKvODb73wwWs9H7BoYCWZp6jYpM8Kh0bBKJaBy90ZXPZBCw0a9sMZXyEYV5EFWyWX4RThY7BV4gftvroZvluOB5cQWb705ggXvNmJdt4tLHBnP+n1N3C0bgfJhnShpNc1cF+sB2bJq6Bj6iLobujAhG45Wu/qgLmvlGie/z6obbaiP8Od5GE2BfaH95KA4Vu2kqvnRxtEYY9TNie1AErctuPl+2+Tr2gCKX0bD1PdL7PkcuBb/W8gocaZPrYXk8iuXlz2RQvlOs9zZq0A+F5XhSflBiwm2wRFBvHk9NgPslr3omfdPdBV1cYAo2l0TdgMvdVmgKFiIX6Yk4rx/6JgQakjn1boAaY9KP89gOb7BvBkMz0u/qgAh0/LQNoHN15QU0n+9Z08sd4R80ZfYd+jfeD2JQm09hyAJBdlSLKyZfvETzy5uIIchPbyI4c/vO7ZHBA3s2FVaYKJ4bpwQ0MY3pzJ5gTBHlxQ1AXjVmfDhfpMtH2zEsdaXyWjrw8o/Wk4kdcEwDchrKaihKKz7bGrcSS0xFwAo6cv6ciudFJvKyff2m8sFCcL6mp9eO+vDHvLiuCOt/voqJowxOv6gtozCcjLCuB6/wWQ0yYOuiuq4ME+Pfrct5133YlGIav7HDHZgPTaJFD97Bnwtynj656isNewnG40OEN4iBwECD8iqwILln13A5uHGjDqkzrN3XWRf/kLwgpZQXZauApv/dVF72QLXOh0i6e7fQSD5jTId/0LfxsBGkMkYIHvVxon/xgarPMoWlsOhvpDuT40CFV8NtOuHy7w2/ILGppOBLhdg/MfaNEP/UWgOT+HJzsK4nP/a1D+2QwX3nxDY+KtcLOaIJwevYM//l7DU+y3YFv0c/5w7hmrHoqnxfvScG1SEa2u/QTdatKwpVSIx7beYnWfA9ym8BAUHwqgwy6AawfLyXZvL/iH/oPZw1KgEr8Ol28vwAP5nSx2/zHyoVp2PvuI7P8qcNO9s+Dg9RBlz8wAoSWd+H5dHO5134QN9X/o6Fo7+Pw6DtVnrWX39iIQaBWnVwHaYPjrJ3smt0Cb8EVOzzzOZybWgNyIKXgq9h6eil7G0UZ9+G62LJQeOIp5qbtgx8hpINYchls715D52+kQPOEirqz0w8CaSfglzwoGMyei5pNx5Lo6E7R7npD6mABI4Tk8xXQxmOu6s9ZscZ68Qhtq3s6jusdRjCemomP6Z6rJymKbOfYc3LUS8ga3EM2PBQuYBiv/iNKtnmH4z9ccf5prctqyBaCVWgZXjd3gz14ZulE8kgPbReC/tfm4RXsC2BSMx3NlgxCZtpDmfxrAlofzsLnaDpTjC1DSXhvun3TF9Zmp6LWtDrrEkeuv3qb018EcuteNWSaHS5oP4oR8Uyjqq6JSB3X822CJtXckyDbgOjv1jaAJo2vR02IfDXufI9+NajD3qSt9GDcEn++YUuusieD/qA/UJi0E9Grku7HvoEXVnWYPTwLVLSPxwOivpEeapCJWCTqmn2hNkSmcqZmAJnKLeV3MbpzrbQXxd/QhKKyepcZ2wpPjlSRqVkIzz0ej2qqtkCQWjK8jouCehRVMPjea55ZL806VFFAbO4natyznYpX5/PbAHErpqeSIbGk8OmgFuUuXYPV9R2gO/4are7twuPATCzZZQeRWV/zs0k4+N5to1AtB8ND3ht8ql1m3qgvrT2XR7sX/UZ3NbfrdGAUWj8RwyRMTiLo9BlJa5lNw5wLcW+DNWw0tqXWbHFqFpNP9/H0wtFoVCw4fQj6gA+WLPtIF22z4FikPu2XdcVg+ghe6T2SZq49J0VsVZwsX8RRlAVgYNBNkXq6h3HWmPKJkN5+uBHbdFMCyieIsqjmJz8V1wkC6IbSu7MJvX9eyrcRjkM3Wgqh15TAzNB+k3r4ixUO25G9DmOgrBv27tSi18SnN0VZmjdH3IcK3G0csnc0/DHOpKiwOcpueQZCfLqhYpXNxXSH0qo2lR24VnDH7GK99a0DLgybg/EExuu45mWqyTGF03Fp+PXMqtF1dwrOXKdPlrAoWODsfDA9NJi9IgfHq90FQnGFN6CUqPikEm55fojdrF0PBql8kdbedz6/exF5Bw5TipAt3zosBV/nRhXYnfL11Oj1+0oQxL9Xp7Lk2fvBsC/8sUYAN0ltJsMkUfMtvYIKnAH+kHBhcXIuDIyQwNuk0XriaA1liS2jRkTV4rnsyXExYD84+2qSels23FmbiV1/EsBs/QC/CAWYFmNBQtSkKnBYFc8fJ1Pd1Pu7U0odfpbOh1Xchz9/1gR+1fubNt64TGcymSAt5UB07l2WG1uIOtzoy3idGyf5f6OTwbzIYc5Dblyvg6UWDJJCjAbEDHjwo/gcaVqqiMbpw7LXxIHBNksPmTUSFK7P5UtA1EkhSAonEIxillo/DG/OhayCU1kimspnvDXxX6M3TpKqxZftHfGegCdef2rP5f7upbnAmzc9/hR8e1ECGcgL097jxdKdBsDYLw0dOilC425JRXpzmOLpAaG8JB0lfhIyS+7z9si6Z//PEPXuc+fBUA1iQNBZL1l2Ex5r3SOhtDb/QOQsGJd2gMfsQvpm3Dt6IucEJNQ3AKVG8PvYdnFfrgkCB8QD7b/KoNSewqngZLizq5+InkZBzWwFkyl/RhehF9FVnBe8WTMKSSXm8/KYT35VK5X+26Ww4VQnOfEDQaThFjiJlmBmxn37LSLPkuQNommvIt9YVQmWGEH6/Eg4ewsowd4MpDN3qwfEHZPiDViI5mZ7Bl6mb+FOPCE/tQNJNUAJ6LAFmMq4UNOkFWkRtg5fTCrCk+Dbc6KkD+SvFvNxSEi/P0eSHW0RBVO0tdB3OYYmNQvRP7wGvebSVhid6cID9bnbMTKKBkigqqhQHq5kC8NvnOLjPiEVV7XB2WP0Ptoa28sfkQ6Apmwaf9p3Av8GKEPVYB2aGOqC2WQRfWW3Nk3wYD+zZyq9Nz9IUakDzJhva2KkBAena8Fx2LH24W0m/fIW4/vJmWmgYybln9NjsSBV6nrKDp0OKsHhIjcd+V0bHrZk40y8dtPYdp73JvaA434eFpY2pw6CKtLuVQGmwBNIOjWfHZEG4o+fNM69ncXB3MWUfDcKIuRd4W64dtqgIw3KpMPiyKQuiH0diXXQlO1rIUqyvJr5Sd4OLR3Uw9uV82Cs7HqS6EO1a9/PaRffY8l0i/zlfCgubH8LPzy3ghhPwv2Qb3pemBDWFPqzdXoYH/uVR8J4RJHJ0J6d9zuUShVbu3mdK674cgk2XZOC94ysMcFChz+uiYZuPGN1+UsULdB5D7PZCbrwYC7lnM2BgshEYbJaHO/7n+YThTTCPPks5fQ2Y/foxVUkuw6V278nhUAENjDYA3+YneEhVCuw9HpNOfBS2NGjx1m+DENZ3AlsCykm3/zBt3jEZ9h7sQefBHG50zgf1sgLKFNOHpQUr6MStWM73K8c9MpXg3wRwun4JZ9yaDDrmZegekQDJD27SvMwUuJHmA9oZ6VRrtIV9QRsmqjmQju4laIz9Qus2HcBdQbs4Zu5o6n00l5WOybLkaWkqWyoH5frqnDuwgD2td6NDkjaekh0JtpvO4+B1T/S+LwATyuOhS1MS/D2WwXLxKD5s6gYR9fsw7gTiT+FE/NirAaquj5lLTelSiAQIHpkHvRU9+LzRDRO7fGjN10u8s/obzSxWJ62zYpzx9jRad+mA7M/ZbPjPgmInSUDKlUL41iKODw1fQU6cF8YnIoaLe5JPsCxoqS3Bo40O7DZkxwWDURj6ZwscM33KzRWqfKlBAIX8cmht2hhQmFSNneXreIFlHM6o3APOQVvhTsI/VD8YBIc3bKPXPzaRnOpoqJ3iynXjDrJ4VSBGzBWg9VUSlF0iwdp3UiGks4IDJk1CE0WC6f4p3G6sxLMnJoOcyjHuG7wP7hoNMO+KBKX9XYF/Jr7lCFuE6V8u4Jq9jfhpcA18K91JDbn36G6VHzzrfU9DOgtYWusbi1gog+z4ID54dhIVvdxJku/O0yeFy6hk/IRDa0rZI0saK9Zo0+oaJXDZOpa6Rp8D5SMHQDD8EktTPy9uGEM5pi7QFDoKSmN/8FQpWfj0wwr8X5wC1nwC+vMT4WLtDnpXUUaOV3qoDeP5fc1eXCAlAjG1v7BVyIU1Gp5B3+u/FDD6Pd7MrKOXWc/xz493ML86FIw2acMB22gMt/0KBww/klSdPzrcr4L+C/9QWWckjRNcTqVCW2HASAneBT7FjAuteN7Hn8e0r8DOhXv4lNBxnO4czl/uDeC9p8OorKcHJ0dW4WGhIRpcXkNFUSk0+sY9vi15FOvKVdn4+g04LBcPcVMMYTg9AQ32a1BgRBE/3taCTkXacKNXBiPbE2jDTeYdt2rJ670SnH3pCjdVH2Gk3g1UMP/DdkuugMn8sbTr0Ub4pPiS847JUoCEIqR+YTZ9mYSay+SA03xwffxUnFPzCwYma/JZiW8sbGrOo9MRyo3EMe6IIWfGhUDrtWC6/ziSepTtcE5MAIbN70LlI1Mo1tQc+o6EY2pBF5tfYIrqOkFeFWUIB/aDfqsU188MJ31XOQwV0IP5r8XhpXkTLrW1o+BLpfBBvggobg/pmHlDYo8673+gRp0x40G33waWWiA2S5ryop3pZFm8GiwC1rGrxHkck3aGVOQF+baACTwem4oTtTzIdPNSmpWhS/s79tEL+11YNniIY/48h+SBfdgyTgvURJ/yPFNJiFzaCK9103Gy0l00XaOOi/2k+YHHR45uFMGbq60g+doUDPZt48U/jMk5tITzL/thjJEC3r88g73DMsn03mWy/KoAedfOUr6bIEkcnsw3oqPQ+epNNA/4jj72czg55QV4p5dh8jFT6NjmD29S2+DCP+JkGRuue7gf5zsooJUF0zu1aOi3PoMxPWPBobAbunTsYcHnINpWVU0iFqporyMEkpZdLK7mA+f6pFh+rjwM1FtQ9U4xfvVtP09tqOfbyVG8ruw3VCnZs17CIdh1swGmbhGC8qjNrGg6Anr7nmHAmAr+c3spjfHTgQvnq2G9uR62lEWg/G4l8DtdChbhL3hzTAf5Ddbx+pRiUnleCU3fY8n7ujyA3GYsXAsQ8KWJPrXEY+eVTWjGm/CEuiuVfMrBihMWtGPdBBKStsXse6NglZU06uqt4gUnevlZdTY9kPXC0NYrdOJXAWYPRaCmkAiv/W4Kwk+14NDthyisF0YnK8fDlRX5OCb8Mu88PkxZDZu5eF421mVqQdDlT2jXsBRdLCdioHISCs9cgUlW3/i4nwGfVnHGbElFcFplCuP/S+X5G4eoW2QxuGTeY8M1Uyn+3y2I+LwUxylupPcGnhT5SQouTJuByctv4V23Z9Ra0QQGxmZQJTCGs+f0U9MPZc7y7Aa9W0bQ4fecavZI07iLiahmIsMbGhVAyGA0J64LwqpVc+HatAJemS8K6gXl9MZVn3MOqZLnKht4mmwAeVOW8Kn1vdCR7YORMq7kcmo0LLG8zUs2mNO0TE/KvzAL7A6VYNWcN+jasA0Fjw1R8lVrvnFeHrw17HGEVRsqNN2jJq/LcO/yDzQIaYUjZ/bSiFHy4GK1CtwDZcAtfSXWR9/iA0qZ+PmsB4S6KKFSXg1mJe6F9KTXYDNqB3Znm4PXjJHotkaLztgqQMIbFx5VI0bF58aQ7ngvrjZL4HsPZkJaxVRQvBaKmw7PgfOpL8G2SJ9nWPyjj/3tdMq1AZpmTsPEy3dheFAE9gT/BYGx0fRrmHHFOxncd2YTThJP4tL/TlP93XsknZbKTeVaMFY0BIWz7nPMInsSu7GB/fVr4OX1JTxt7xOc3SEOnQYq7Ar6sNxuEc9VUyThgVIK8N5AMR3leHOLAxtZLIZXvz6w/X+5uHWVGCgOG3GGxk2ebpGFXTHd/CnxNYq/2ccD5r/hS/I/bL93FDUCpGGN7DVwLlGjxf6H8dTVTTiNia7WueOP+nr81GnDCxt/wBM9ZZjgaIfJhcdRZvEzNvzZRh9frAOFl4FktaUDLf5loevrVBSdKgj5HaNwWeY89px0kZRfxLGcUh3XkiO1ty6CmmpndppxGDbqjYJnrQP0OfAKeoXLg5HJAA0M6HBVYT373D4OCfdrMHcoE/R3jIRupQt0XbWI9i56gY92OGLr7+2wIM6a7M/9gmktN/FRrh9MOKUHPXqP8MYqFT4Zs5VkY7bAkHcDKb+2gh0ZS0Du5zDoO+nj/T4t8M9/j81pa/jnvKvkvCmTct39UeazC3bOd+fkgXxUuP0ad02bDLOq76P9eymKrn9CxWFOtKHaAleukyUXUS0ek5UCT7b64vXkUTBVNZI3jL2OQyYLUVW6gXNnH4Glww5Y+vknpowIxfxfi7i/RxCETjmw3wNXMHexJ79XohDyXza6nTGH5qwTLNmSgl+s49Bn8QxQSNWGXREBrBvwneadrUH1lFZWVHKBuSF+MFkjigyVL4PnZXnoNHyNf9cJQdNNcTqn/B+ZfCmFL9lEOxxyQFKoGIrMOjCnUAOeXi2DtcELaVPrLd571Rq6yrbQx4o8+DxBlvqnDHLh+B7w61WETWPycNqbGLw4IZL3P1lFqn8n04qW7RgcIU22hx4CpZ6FcBstCLQtp5e6S3jF5y84LycTbsXtIvm1S0htVAQsb/1Iyc874UDKZCjJWY5q5qaU+9UOhq4s4vqv4yhsSzA0Kf/HVW+bUfx3A6xxHwGd/QvR5q4mOH3uJr2OgzxbpQBK5/pSwK7bJGhynzVra6h9gyY03fwDOYlLIbY2GT0f7sOn01rAz/gnXHx4kbo6quBkQTCO3ycLX7LNsV7uBAeskKHNuJpWP14CqQsfUHavCnaVfeXaRjNy9psIhR/baMnF63zkfDrInPQHq/4eKs6P4cUKd+hex3by9xwg5f0KECe0EOPn2NOetjdwiMRxcLIaiahGw/6ENyTwyx18RqbT3ZEAQtMGofuxBdn4nMRRltXUXKgITW5aaHslGXY42fMnhzMY2iILujuX8YsXW9hqdA14DCvhL6cp9GXkFHYp14GW71v5qF8kZOoS1B4JxVmmk9FTsJ+yN9ujpYYYFlxWwpVSWnR+sRRfiu4hj9Pj4fElW1qtsQnsfxxj+xQTGlp2jk9q+6NcSAkv32bCYNCEtzulYdb3RBqVIsFZ6upUZ6+BmlHLqKTsPH0u2EoWEbbU3mhEis+1YCCwGG2+z8Xgsc5w7WYDNT/+xXJX0xHG+bH1wUA+ojsbj4yVhZAdAbhDTx26139EjzXDPKx/EacteIwHPP+DCaMiKUnSixuPasP72nsoGO9Dt8p7WdxtH9hMekCx1UO85stOHul5k0dvEOfweEmoasjjxOxxoJtljlHZ7tgeeojrZ4/GT+tvs7dQHZ9+YwfzTWRhua8Uyut8Jzwpx2/lg0nMyobb5qyAQ/d9adqTn7zSP4zK3XTh35cYmPDoLbsMBfAMlS+waNQSrD8ylqe+XkXBZ4DeTRKi00MA1gkPWcSzADTt7NHv22f6aT2IAe8MSGCqEyj6ylKnXBBcAVEwfqIM1cXtPHGkP/xKiuPUpkBw+XWNbfsu46OEZPjg9hyjdMXgkGwQziyTBu2OxRw6vYaTjKTxq4Y6CH6LxbJPLnzj9iX43CkAQ8e8aMIlU3yodJ1TdBeD5qFrnHbWAVfsqEFL1QIa/7eTDRrU4aPfQtz4Zi4G3z3BhbO20oWXj+mrVTlduS4KE7bb0eu/+8ngtCIsv6RBXk9a0btYDmdkPMXBinXUPDcJW67/hBZhIRqRosHPj06CnRkD9Nm+DjwSZsCVm/l8fm8edbd/wGFHF57neJGOuU2j5wpjQe8JUOQua/oVYgGVflLcFi1FIYU7oXTjEZo+fx3JvSuC6KJJILT8OLSWqaCSjTE0L22k1NyrjMXbuWaXFO85NIIWNQIePTYJRCb9QZRXwlDFQhqvXUVfYSl6Xi3EF5s2Q7jsMzbSSoYtGaNh9wYnFp9yErjmGbysq8Xszzbw7O0cds3NZB9+RvlZQfzltxH8LRfkaPs07vvdRt+i74BmSRtl9WyHN3O1eJVuGzfG14OWiiV8nBqET+SEKEeomP9WhlPFidGoZL2Z0jEQekLOo9a6CLwpbQhndEay20lHbP+uCu8+jOfWho3U2fGYpD81YaKxGxZmjYKjReLwpewC5wYl0Fv5fprQa83+Z4YhesiQTGcqwJX6dzQcX8DZaRZwdPcNOvvVjosNRmDNo1kY+fE+1I4VowV9S9Dk1G14oVyIf/sI3O2TOTHpGJqsT6argweoduZBfLStE1L2RNOJqmjcXfEQDiWJwsNDEhhunMxhte2ob+mEGeP1YJarPLs8GIRWp7G8U3wePtaVB/paR0v935H4cmP4XvwaS4S7Ien5Hyx90s9/Ts6i6ojJUHZYDfIi00nQP5aGRdZioKktLzNbDHW+M+lZTAQszz9OEaLHOOOLOLwRfwDuqmvp1VhrspDeyQ+E49H/6Tvs0GcMKb6Mx/Xr8N5jcXicl8W1/x3EE+KB9CBBi+rG6MObOYu4KlqG8u5o0YxdjTj3qDT8SHpF3X3JPOAyhXXlJ/Fuma+gufYqiv+o4QMTimHX1hjIFdOBiutTIF1DC0aWFPOjajuY8qyar17/DZX6ZzFUiEHQxgOKGg3hvpURVMw9yBPK2klF8Aa/z03nU+9/wKYzbVR7+hF2+Ymg02xtaP/8Fp9IueLQ7yxW9r/EJhqjWPKIFVzuFaacGdewb95RCJqkDDnumXxD9i9FpGyFqpPtLHfRBzt049H352hWSRKmtpcmbGavAIISYpQlX8yB/5KgbJkvW/+nhbYhxeSw9gvLqY6ARUqK6Px8AkxL+8E+SetIWjiBvCuUyd7+G1sc8sKnzaEgeK6OLhx3Q9dnBuCzwgRmSilB/sTZuN7lESqprYahVXk4q8EOq/WyWXiqDupMMgM/NVP8+mEWXfBexOG3NoGRcQJtVXkMO2L7YSAkmo0rGvFxpTa8XrmPk06MYqFzZXQp9T0JhvmRuK0H9oXeY7neJgxzW40pj1WBT9ewe/knujFtD1i9OYKO/oVk/L0ZPDzq8bCPLCcKu1HYPzWIHHUetXwkSV2ujS9Fref9dUh6PQvxrd1Szlk+H5dZr4B+fwlYITOVQ6YOo5VpPLkM5EOrzT5KWBlMEdfvo+jE1xTXcx2/BmmDl3Mr3zzwgJq/FIOX7GM+mOgGIwoXw8pIX1r67ScaJRnDO2OAxHAT0ioqgcI5RdQo4I9/uivBR2wFVaqHQpLUXF62XoUF5KUgEIX4qZgk/bs5n2Lz5GBDpAlby/VS3J0mklqnDNeLBPhIhQpMjz5GV8e848knboL9tF4YMriKm7OG4NdeVxAerQg92ddo770JcOniEixP6KLxfpH4qe8kB82VIL/mXJzR2kzZg/+457oX22xSgO1bPuONr0N45E8zZqhUcv/1+fy0dgHN3PANBH5Lo+ieelaPmAyeIvaogfdB9eE9fm6bTjsPN1HQnemw4aI8P/A8RZOsrVDTQRWU7z6n4Osy4HFlPdiLvaDSD8+45/5dnlZlwn3z8vHAJuZpYyfAhnnPQTOxmrbYWMLSL6vwkNciajT4RdPWn2PvpmaE/4m7D70QHH8BoN+RNpU0pKKkrUJDmhRJCCEqIUrJCmU0FFnJrJ8okhHRIFktlYyMoqmhFKWMhEra93Of4v8I5wmOzWxMDNeDsAcm/F+oOvccWAxvnp1gnTcLufZnKT8rvYWLVwtj2+wCqDk1FiLiRdmz/jhU6MxCsyx9uH90Ppk9OkuCXeKcfrkEMk7thuUiMiBbFEVBvyyod+g0yL2Tg/A3VylCIYZNbvXT48t5fMJuD5akKoCWnAFsLvkIATdGY+reAajVrOGaMiG4VxIMdyQXQZNBN34+qgWNv1vZf34T46ov/LFbln2eD/L2djdI+5wE/wk7U7F1N07cKwRlwx58sDEe1bc/gaCkVlg8t4rmb+liv+YTsHLPb3ZdaYXDQaKwdvs8mmb9ED+sDgOUruVbC/dTj8swz5x0mINULWl1JtI9P2H4oqaIb/weguG7Itjb+Af3Znrgp6vzsWEf8avNuXjaro4EHglCdYwFrD5dBAI+xhhy4wsYd37D73Ez6U6XNOmeqmRRs6doH24Frc2HsCEkjuZ0ScDtkr9c6biHHdIjqXiqCX2bJANnhifQTj8BGKr+wDpywiwo/glmT2WwsX3AD+dIQfCpjVQ7MIva6udzIP7P+l/4s7Cd+jSO4tvzNsTbPWjS3gy4FrCU7Y86YoKcCg4NfsaOHm2Y+i6PUws0uaxiIVz7KY4F/dUkrnwTdym68IqqBBj+Ow8nWoyG3bNnQdh4c+6YkwA5C0dDg78Mh26PZtNV5qCdvJO/5+3GjdrS4D6nhHnxKxCnRaCm7gb3Lkuhr5Us7x0spvbLJyDXNoBs7IxAO7IKH6ntgrXzRqHWoxGQvl2QZ5mFkdTMDtxCAXihwpQeihL4d2/BQ4GD/Lw5iMv3R3GrnDrXisRz7eV+Un2bARERf9AtVAUcTh2F0HviZK5qCz9ebsVG1VJ+2HoPjqVF802dabjD1YACZSdA0cd0brbsAD/T9Rz39gDIBLpRVVIuHDPYQIuWeNG3hp3Q2moC5/Epu0y+DkOJsXhtxQAtzz+LOd93UOGyFRzzWx0MpzXh5v7RcF79FNm4HyaJwBqAab9xy6hy3t3rxA6tKqD+6zKf2lsGn0K1oGbuOpLGLgpPnc+P3xXAqquHUWq4iIPzoqBgaDv5TVAn0UUm8Hjza1bb6IYhkZvo5rUIVilyYUuJJ7DlSTDI5Z2EVr8wsHZShW/tGiwcsJoe+t4ltQQPGBFuRZGSkWBZEoHKKtNA3L0FH2jrwvlQhlv4hPyOBfE248XovvQNr1ydgVNuh+G44li4WSdLn8QNYJeYEB6VvAIPlt6B1VJd0CoRil/9L+HN5M2ck2CGWyZGgXXteNjUnQ2bt4tRw/1XnJ0/E2KFZ/Pelc+5ROsen8mZwEKvh7B+vT6oohjVTQ9llf5BqJWbSz+WjqCAKnXIylSA4imOMBjvQ4HnjOHyf9J8RdySlmyNo+6M01AxmWiMaxWkfa/jDu+nJHJ0Ff75YgrWP36z34slJKSuSPomo3HG/Bn05IwuR6U9Z6G6ODi1VoYeOUyE9FnnMfycNyzc3AikIwaex/Sh0GcGRYsawbNgA5rQ3AH7lUdBf4QaaVTU44egBlztq0zpy1L547q1OCrwEH33OgKvNxlipaEIZCg9YaXpndy4fS7k9+Ry4Ypa7FZbS38bPTDG+g2tsv6A/VIm8NLjLl9qz+P0mF7UfFcC+afUSd++jRpidpKAqicuz9HAJgEriE92xpX6IbjCFdh2egvIpu+iWLvLsMZqAU2tj2Lr3B9wY4wuxC6Nhe3zT1Oc8nc+cnEVl05bwEf8J2P4ZWFIHvmP1eWFeekKEah7ugAbpUbRst8dvPbdU8o/coN2nciCoPw7qGPnQPb/XqOf3FhQLkwl/cN/yP6fANr3ePK6XRb8NHQHnLo+hr90voUnpbmQtsEEdFWlYaz4H+w7W4sS/Qspe2UHxu/+SE2ulyCFutlbbRQovxwPCX6H0O7Yam64WQ15eYYckB5Fz2u8ydq5BiyiF/CPnVvAdAGCz+Z6qs6w4IwP2yjRWYZS8AMkrLqG//7EcKf/EXCbFYyu42eATPhcULUs5Y6BTfTi7F6Y2glgc6CEDpmrcm3IbBz31JWHZghAyKvPMO06oe/YxfzvjwjaHW7Fh4UvsbMmje9pieCCQH066GEOg2dL4fefTzip/DVFjY2ltpEq6OT/lscNDNKzjQJk1/0bRdOkYbTVXI7Ts6YPa5xoStxqaPVzxMkVUujR1A+7y0dgx7e5ONHADIJnOFDbgDZVeJziJ9piLFh1CJqVrlJ1rTNsWz+F3Wdvx9FKSvDyjirNTAsnm1wBSr/mioNvp4Fkqg29/FvLVv6T6WdyDt+skYf763eB/nktqHrfQ95j4jkYP/Hr34e5+cwwpZff4FWf2millDp0SdbgD89+6Dt3EZ9HDqNrqB6/K9OEk8o6OHj3G8ZI6uLS2MnQeeQr9NSWYv5HR76eIYZixoXw/fUU6r+6GsWtH2FKSBdvmWQCH0XG8JQFduy3pBumCDijtEQvmdz9Cd0vn3Dto0qcO9GXDI6YwM5X93FitDye3/kQ2HA62o53xlWRh+DxrFs4Z1MDfpmRDA9eqMB483gsvB9P5l3OvP7UMwbl/+CGQwAbeYeyXWk7u91/jQo0AfYJiqHrfzL4464ilFcIcmv7PdLaJAd7Lq8kr9QJZHGjHHLHjwNTe0kM/RhOd7eZkv8vfZxu94r9SpdA0BQNDpVxoTzHD5QYpAJh8W8x66U/+Zb1YVeKBW7b3Ug/YibS934d/rgqnivW9ZBavRVUul2G9Q/vU0D7IrJ9GgETdN7AZS0jvpBVhP9oBE96YUw3rPQgunc2HC6Lwr0NyE/ej6AbIimoq+eE9VdX4XE3G6iO6OdwWxkombgcnlR1cfuHBPq7oRePLkrhjCFTLtRNoZHfjrKG82j422AAqr+a+fU/e8qvq+fszCUcPNBEV6qsWcRKitsth/GioxyN2a8JAsftWe5iMugGlPID/z209/F+rp3XgG7+/Ww/+zBobt7K+X2C4PTehbcZ/uOXUULkNU4a0w7mkEyJNbZeWgMn9JPQY+Y1nqdpBVG6J/j+PC041rMTv2XW4oh7KzgyVgDT9miirY0mxrne54ClYnAocAyUL+iBC5YWWGy/meNAldykH5LX8FqGt0jdS4rBcaESlGydCDN6//GKMzG0OW4VWtV6ovaS8dw0dAaML6Rxrcxt2OU8GS7eCeZW9bdcqNwDdU+1qV/diLaH24L3+olwYlEoBbydB7n/BOGRrB+Uaowgp+uisE6qDF4EzQPjJgVqK7bAQD6Gr3+7kcNZUxgXWAprDurwUNdWnnO5n46HAXstsqa7267B5Dk+IGO/lqa7CEDG1AUkfSiJBRTfcZzUTJ56dQ6vktyB+/SnQN/5/SB+fhbayc8A7wOr6UDIX9i12pOV6p1h3F4DHLvbG1/dzcZwx07c+rcVvTbrg0n/SMhqVmOpmj2gPk2HNt1So++X3PFksgvWbWvkTZ/t4MlbMRCYFQdq58bxZe073OyYhs/ep+I/Lw+2qSyH5qj7cPjZHN5dJApw2QgGZzWDVbcxb6n+yc2jR5JJ8DZMUr8AdhU+mLlyDS36OQaCTL6gyqHjtHTpLfRbd5Yz9yZCzaFSenlyFPTWPIC1ZYDFHwkW2I9HxdIK6CuW5n95QdB8z5nPZv3BrMhxJNaoR6f2OZGcqxzUPz1Aoh83c/lTKRAWd+av+fa4X6wMdOviYK5fNl48OZqy9hlAf5QqF2VugsMh99DeOhyPjSomm47/6Mf9BlJIuE/ftl5DdSdLeBpzmye43cXwq12wqfkSvxN9xZ19kShV8h/LPlMivpsAk8wlQXZ4O4tPegrKLzVJrVIA/htwwTGLq/lBeTguMZ3KHRv/Qoz2dHj8SoTPBp/HnIdasEgpExq/Z7BQ12recLeVdALSsOnpfHq2biyMz/1GaisOccqL9+z7VQ5mCR3BsGddEPpwPJxfpI+3BsU5aYQBPAypp/4Ls9gk2YNY5gY17orjp0ZtVGrzmXwP1XCcbR/pHjCGgun/YIZRJl2N9+emijo6kGoHSvWEj05Gs5X0CxpeakC/RURAJLICH9h58kUDWRiIDuHOCf/IL0ONpta74VxdB0oeRHR9NRYmm7oj6W8Er9MamJdby5u6zehS4BmSuVtIgy/EuFfKHD3WacGjsZo0ul6JE7fewlmbD6Fzry/ttOphsZMAcvlbaKdTP9e2qMOBHX7s4WNGrjvbaGzSP6QzR/BRpCHev6QJv+5U4WD5DlhXJgqf6pfhil/HKe2FE02ykcTl0qqg0HQMlY5kYoSjLii5r2WNr6Iw/wPjfwt+oXHYYq7TmEcVOwto96YGaGu/R05eRbTkZBfbnZWFlE03SePARbyWs4LEQ8I5+XwP8bcIuPHIBObOmctPYxdyQ44QnDnizPvCpxPUpcF0gWbqWv0Hb0xfRyPO3WWjQysw2vocj3XSBEv3FLiRFUPfCk9y+MhE/mLrAj/P9XD6qsOgIitMr/02olqFDjyZdwCfRFxn0wFzyN9nhrUbtuC9FV04feUa/FL/i5vfP6eWiyJwySGdKZHQLE4Ko/tEaNDJCYLFqgB19qGWiR2mxS7Eg9ctQW8/48v6u7hfNAqU4SakTXamy/rpkFJlxMedS1m9RJJ/dcqD8eexFHtZCcaNqeVjj9xBiN+j7ThJHtPewv6rczm+KpyjOg3g2dZ6Kh8qY/dcG16VvY2XjHoP7dXzSbO7kMsNc0h8lxUf6FWBcl0BHDh1jMY2RVDguCxctT6ZrrVchllDy8G0YDKH7VxAZY81QeKsMyc2n8Nrv0fT4Xlm5OS5F65cYlQe9uLNDT9I4Y0mJRYB2HbLECrpwtPYGGw/GY42IhtQslidd3T1kvS2LDh5bwqVtslBsMdz+hn/DwqN5sCa2SexcaYNdPs14+X3Z3BrehcabtwBJ41lIO9ACE1MLOFni4ENfJfS1kuX4IfMPFr09TClHysiA4OfOLdEHNTVXnDyweV0cVkij/idg513TOFPihzkPbjF8xyd4WGDIUnVCkFO/h/qrm4mrVkStP23GK98Pha6F1ax9b534PbtHVeqHOevOTLwY8lC9FCcTK9PSnJGwASoDu8gcCzGG84E7gNhMDuwHkzvGcKHgfl8eMR8GL36MIwYP5HjbjyCG6UzWDJDBtzPR1Hpop+wf44aLC3yRoWTSTSsWYc5Ydtx7yVhfKO0BladjgZeOBtvNTxgwf6RsGiGG+9LreOM4t2kGmGF87oYuzf7wkfbm3g57hZO3LGLNAQmgHJVPX1d70Trr/fC3dPpHNSUxUEuNWy/Q4t7Nidw70NHTlVVhiP/DpDr0kiWFj2Nny520rit2/D2igfwS3gZr+8bx9uMvnNtgynoXehFxZ47NCI5hm55R0Ox8zScsfI1P5ceDRly+8isWQjzdk+A0y8q6aasBCsnVpP2DCeQabPlExfd6d+eq3xk3Woo746nmmUW8C37Oz3RecaKMpv5Z2AHu5zcDE0qApQ6uhYj1myHmxtT4KafKJjMXs1P7x2G38v34YPuIZANuwxrBBJocf0V3CusRI926MPmp+ZwIWEyVk55DPnLHaDigjKtLQzDPfcX0IphS66znUbe1RNYbI0OeKw4Rw5rZ9Nqw0fk89EJ3n3UpAC9cNbxlIbZc/4D3T5NyN2iCA8WKpHPrCHcF9PP8zc/YtfTDqB8IwKuB+yhVTNFOK9pmMy/TwHjXYwPBGOxZrky7bWPpgPV4fiRBFHykS/4/twB6/Ab3InVhB2lJmwxUwUfXroDLvL3oMR7Px11/Ev1f9bC9dLFGFl5mMZ8mgKKf6VBpn0fX+w5QaVlg/BjSJ6T1k+lXbkxKGyfDvlLb9OyWwj3lcvp5c0t8FzDmHWn/geL2/7y86fe4P9gEy8QiOSgzAW8bfMkiPe7D7f2pqDWAhXIkvFgh3YPtFs6h7VSZPCJwDLwyxei9fr68FFGEtplZ4H9xEwaZVlPAU4OlC2ygLYdduFJQt9Q9pQbhToLgt3dH2Rw+hFYmneQtl8AOn1wxdFq1/Cxz2Tocb8Lsesu4TkPS/ixRg9iY7dDlLIESca+gDKvBPznsQM1k73p9kIhXGZhRosPGcN09VH0dW8FDXIMnvnXACv3h+DVTzL8VSMVLk2fwp+qv3PYAkOwf/UNTs1OgnDF1VBV3ofeOd9g3aat9GKTG3WFv4Jly7Zx9GUlcIBr2BRcj9JiBjx7WQSYjJgGaUvSuD13N/w3LQR/Wx9k45fy4DYwQGZjz/BK0yt8y3UubbmjSuh5gx5Nn0hZcZXYohvBnTaiMOVmG00cP52ETEayWGcQP2wyoVt7ouFUTTSnL56Nuq+248RxmvB35yu4bXUbRwqO4WbjMFB6mA5/006y/7U9rPV6OZ/aMQE8tQXg87NH+DN1IqxQXo2Ju+LocusC2Jq0gEdWNPCXSbPAuyYYn7QbgO+FcmrvMMLJo05idWECXaN7dFTGnlPuxnDZqy+goF6O6wzE4J3VZ/QX0WJ7gVH8120LyLz/CMJuKZRS0IC9EpOgtvg+Up8CJJxQ4bRZydjxnwHLT5qMi7dZsWtNLk5e5MkjBsR5TJQCfcsRB5X9mvBaKoW//dkF2qKKMH9jLEcEmmKxSBQVVy2Al1l5aH5zGmhorUTLDzcx7n4uwnVPULapoLQQOez2VcSui9boP+MLrFEfCeHLpnPH+FDIeXAHdk1MJf2I21CZWgRXCh3gZO9LWrrvBS85QbDnaRBInHSFDx+bydS8COYe/smli66yy4AijjF24LC2DpT7Txg+h/ygb596ebJXL5wf2AzqyzUoZdtFbjVs4fj7L9gwfS6eP6IP7zo8MbWgHWvO/WEbo9PgOLCQV0V8AJOi17BNPQ7GPKuAkCeWcLDMGGLytfCxbDBdajdmJ4O9HNojhaM6gUeaz8W+A+/h7RoF8NWcDErNepTqWE5uZb/oV1AAKj0NZ+WOkVBk8pxPLt9NJ2+KwID5JHpZcR0UGt/yqqs/+NKR7fTzXgFmeb2BUZcucuYaV1xxZDxMN6mCXXvU+cj9PLI4LkiPvzSzi2IYet0Jg9+rStHlnzvEuiqBZGU0lC5SpvGijnx6fiQfeyNEr0zkscK6jhXGBmK7gBEu/CwFzu6zUSrxHzjUPgcd3YcY09MNl2r30zqdBi543c7S6YRlFWOhPWsZLazUhG/JAqhz4B8fmWcHSy/dpvk3+ylt8U/08bGg9+us4PdjHfi9dj4+WecE0T6ToW1CCpc/VwC9qle09LEcrr31gU9+0octA25s8PIVODSu5WsR5/jBPjt4MnoQpn18Dj9/bOHXw3Yc3yIChq8vwROBeHi7/w3F+Ipj+dRD+GUFoM9UFaxfs40jM0RJY44EfC/9ipV7tpHZg3/Yfk+WtxY9hMiGw9jrkgZ/BbZAW9NvftUgDvuGXpGz7X1KVvehsQZ6kLu7hCXaovmqYAtcXW4EuvuDKExOGb68uIOZX0bjZ8/5cGKpDHtPJxaOKKH4S7vZIeQMTrj2naLsrWCU42JSStTCi/rxdKsjhVJcMnil3WG8Wn8Qmzu8ODFuHy1yNoaOUS2gWRHEf136+cmFfVgZ/JSPXN8Pa+qek5vGGSo8vx46p8nA8J+HHLNYF3yWl4CO0AmWujQJQkYbwPBJbb7hUkc5F17Th68yYB3lDYcHsjErxYly4itINK6AR7kdxo5af9QME6JeKWGODpIElm6GZbeD6MGlCdQtOhKDlTRg5K8X7K10A2nDMAgLtOJz9bHQURTOf1vM0Jb+QmpZEqt8uM8HbM3hdtoHCJn5Gz/EHYOwJm1Y1HoMNdLPokaFKAz5LmRdqsbVgzsgstuU3/znjeFnxsLIyWNhbqYy+efcAE0rNwpjJyz+2wiCv6XxSswOWj5xLSToKOIawXGgEZxLO4IcYePYT3zmWROo+hFX7SyhC3u1KXL8anDx7scVqlMhsf8clN16h5UWTFMOFFD11/XgH8tc/WokVGxxINmuODxoqwRD1hqc51+Ivt3jyGMNcETCUby89QgNTJrFvqkzOfHZeq6sNIXhj0lgYXKEqpcdInWlPTTNJRc7M/eQyWAQ+9+x5D1Fk2isryr8PRvA94PG4K3hENj8rRYPnqnFK8cq2HXqPsz0TuARMYvJsh1g4fY0Dn75AOpFDShbbi3+dS3kiFNveKvDKrjAq6hffhgOTpwGF38lsOa1EnoqthiW+SPErJzH4560ECn9ojM6vaTtvBjVOzWhfk0arJScTvdOu9O4STMwU+Ys7S9dzvdEneFsihyPlkjipnkGsM4yF0dP1MIBgf9oS9sZfihznaeZzOCB/Uhr2rIh++VKSM2dCLv1omjx66/oFDUCfCcbk+YdK3A5lIFzpgThHOlqzJ3yCxXnWcJidKZzu8Xx1GsHCGveCNbLj9Lr3FzwzwhCp/gh0jHJJ+1eNTDI30yXdbfjA8s/IHR1LQe6FGP+poVQY70UImOTqIQXYsyWCTCcbQH+O66BgPNEDDZqoVCXRr578hV+e+LO4wx/0ufbZmyUoQp4RxK0BRfCfj9r+LvTl7uHP2FjuRWvm+fKr+4pUs/gJjz33RxuPJxHY9t+UY9sPBXdS4H2DnMcq+KF244qQF6WJi497oaHAoVhvOlfOmJygmNFzXjReHfaegHIMG02vazfhu4CovB5iia/qRSEuU91qPXuLWy9/ZQrkvPxhog9tuZEoMNDJVr2Yy0bLE/j+HZ9sPxxDCdU69Hdn37QIFfAFSnS7D6tkd07hKEk8CCpiwexe7EwSHu8oQdx/mT0wB9/HimDJeO3QKV9MhyfrElSB3Xw9LRS1JlpAkc9UvB2/2S82H2V5zg246THH6DeE1Ey9hYKHxvijs5mUq2dCptm99KViovw7nEzHji3lBT07vIlP3fcWWdHim4d6P2fExU7mYKN2Gt6ukYNV1hnYaX9CppeNIPET+xCscydFLKxlSWqjrLDJwF4uVyK6obFIc3mJPMrZTyifA0Ov9bgHv9vVBB8ms/vzmGTNxZwwfgzTf/SzcsvbkKb/1yxPWAerN2liZcuEAifsqJRX8fhYmUN6PWUgq9zm8DijzW/FZ2Pu+YYUuoKQQq9MhNPSKXC7nPt+OrKJOgbDIcjlboU+8aKCyqOQ8jUfHRJliXzZmEq65oPzsZOcG+LIIyNFkNBoRhsCRKFUbWh6HP2E8qOl+Hs/OPcOvQWxxukcG2VAdSXBfL4EyvxwMQhPPQuDKOPO3L21EIq+H4PnmWagqTper4wcQqsadkFix99p4TPX0B35W94EHSMu0YU0sgjuZB5wpnMvswnewMDML+ni+VqF/HIow+gqSDGb4VUKErUBkLjOij520guCdOihJMEtflzSe5sNj/Wb+Pm/TKUMcmZ7saep4i7ybRmvxTGp/zk80ZWcNzblCNSDlPtKz3cd7WantI4bqjPY2hohxUWALOm3UPX/ZIQp5XC321u8k2oguLsxXzSRA22lU/g5cttwPDfH0zpGIflQgSKDZ9g6Zi7kDpqIztZZsPqfbksr7EfX2texVefzKgr/gHdmSoBsX36MOvNDT4legn87gXTuQ2NtO6+DJm/+czHJS+QUvZ7cIucAal1MZAzkI+Na42pxbUXLG+9IePd4bAgcAJOEZiD78UsOPbjCJiZeRcqxhlz1qAldTvm0AHpOzQtqZtNJrpC25JvZKw6nybIaoPXiSskk+PEQTs30rMTB3j/ankwXWNNjX33+aDuEfqbF0Cld1SgeJwuS5bf5eACAdLcMgTqyVIUOdMOvs08ClWV4cBzLSjEfTocnPEdj3zcwbY/XOlzZCdbXjxFpXOqQaNMGfJXr+TxFyaR0JAuWEmMZdPkLmjQ+EnfO+z57ahKvmdylEznqzDfcQPNntscfFACpo/ro+kH2+jntGUQfCcWRvYGs86R77TA6xjG/myGMV1N1FyjBfriraD81Q5epbTz+ObJnDowj1q7R7DLZT3snHkdyszteecDfRiLX0mi4jz90hEl1LzIG98agrD0QmqyGsuTJmSjmvcd8l9uBVfe5dGArBOeO2MFf88k87MNQUwXvrHn4QG0fzBEpV5f8dOEkbDDXRj/vK6HtIHR/MP9BO74tJO3qvTh9Vfi7Fq7i1Uc35PiNmVIG12AIyv7cXHHPwpUDQXp6hE0aUIl/klypi3priw+xZMXeIrBgXc+aHnsGBXuyOdlUZe5jMw4a3Ul+FWtpInZWeA5WYvFjk4C9W3xGPFYmJUfC9Gxl7oYMP0BaT9I40AvMexSVcZkowPYYioIEaPskGdb8dmzs3la5HNIWLyBT8/IRqOBQyChnYpZOl/IvVoQQrYsJgHNDTA69BE9WrODb8Ah6jVV44j3RzHr4C22DnjEX+KF4fb2e1CbXIDpA82wqdyPMwwew8xZ/8jRexxpa3jg+YAanNRnBBnrfCE13QHavRtp/SZjmuxmiFUlOqDCN9FvhzdcsEukVFsD0HazxRI7G7xTrMs7LQ/y+hYxFPBx4f1tmqx25TqOvrOS8tZKwYhUF854NZI8XQ0pS3cKZtcdpvkx43BvTRYk626kTc1WvErGGHyDakiXD6DZ1xWkv3krjN17C8KlIvlXqies9u8iHJXCAaYC8GrkClz0+C+UiEVSbq477HF4iNcFLGh5rDq+ztGnlzIxHDxNC6TzvFgEa8i4LBWlTj3nGgkzrprbjHRCjIt3tkOZ/Gn8fHYqBNQkYsTKQNJakIELbl+nsmQD/rMjis/4+IKRcRDUaXdQ0DNNSHh9lRWuC4G2LVLg0BOS7z4GM6vLWXCcJx1+XkD7W97D7ANjoUY/jvW21uD8kGCKLI2i8D5XBldTnhnvTXm7hUjZoxuGbpjBlR5bOvBiFdr5+qG6w2NUyHwPtT9n4aR3tpx9TApsvjjyT0Mx2JB2iH4lDNPCn4HYpyLLpZvkKPXDe7aXcsWyp60wRs4H5l3QghsRDdzee4E8I6X4R+VhXlnWQvJDxei76DGUp45A1csqGBakCJ5KgmDxeTRdtKhCWVEfPDQ/GI6NkYDsHV7UYpIFPxZ5oWewONx+5oPeg9N5uXAL1DXsAiWxLxTakII6xrVwSiwaPsrdpg750eDTXQPydaFosGY3rPiZA2aSxnhOJRaEKjZCz8sMrBE7jye1DWCaxl3+4f2FvRqm8KeTDrxoszB9fbKJ27f28u+3DB9Wm9G9MCUwd0rn4R1xXH3qKrx53wsX84s59lsw/tWNopbAlzQ6djnPe6EKWdnd+COrgFTv5HH13Bb+OihPnoeL+OXeTM7s0KQ1Y+YQLxKFhz/f0dMwKez794299tpBydJuDPxjh9t1c3CH/VSKPDwLQ7+aw5cXI/DeoBToiRZAb9ArkPKaSxJrq/HpFSX6r/MVN3nKQXaoDEjl64Hix0reZuPPP96cRgjejS/WJoPTuSP8dKUi31xtB6/jhWDWy5fcVZeLfoOTMHXVU9zmt5qPrFMA/zHraVXgAVaL2koF/VJwo8yRrJ9FU8CyESRSIgkvdyyhilcxZBYpjtG7i3BnrxL9/SwBhgkbIfD3HfZS/Eym9W0QKqNHcebZ4GI/Cbe3pMP4A6s5SxWB9jNy4jV4mmHGdNaVlIs14PiPJ6z/azQIGiF3CJijirY4TJ+hjKu+SfA7iRyocz0Od5pKaMLvcdgD+fy6qZp9zQ7BrJ368Pj0HkzTUuWCjYYUr7iFHwvuI6WwDvBe+Jsr5lvzxjN+fN1eB0aNPYYGJrNQxzcRPid7okLJOVyqsw5uGTTi2aW1rKCSyEImBDO/qGJe7VHseuaC1r3ysMPzCI+xnc0Ffd/xfdNfuHRgJLnNFIepM+fxkRk6/MKjBx0WH8f3TkGoLW6IGybWUPVZB7Z7q44SSWIgUKdIO4LMYdTdVvxet5EN7Dwh1H4TrUsog2u7N1H5+SD2kxoFYc42gGNm8qhAB1hpPg4TFZRJPjMdNJsVuHlTCrrPlqT0RXJQJCIElyQLIXffFXozQZJfbi0mlaXb2dX2MB6uECPpYEd8H2EFb/rzYaF9IQeZZ+L96ve0b20HTTV6QuVpNpBYUUTmPW5wWmUaLFSrB829oew0/Q8brbiCPwZ9yDjKESxNrOjz6I8UN1uYi0NHQerZP+jwbDXLuqtyad5GPvUhkKTr3lJXxmyUds5AzaEwuLuMYZnsJUp3e0SKXoag5W/JfVvf4++W+WQ8/zlO5n0UJ6KPXguNYNEMMbL3fk3TPsigwvqDTJuzeP8XXZQyCsVO9yUMtnkc4yMED/+EQumK03RMwoxmBCfB82g52PXfO/A03EHvHCZz6sUHpNI1DbRFtCEkwBQuZPrDwvdP2ev2TVydVMiOWs8xyfkcXBIwYt/bkqC13piXxoXAvHnCuPjEPlRo/Ycld1+AV/tBPCiVCl9tI3nUPxNwlsuElAFT0HhyHoaPfICYoHAKelsJYZ6psOepPAvJjqclZyRgw3OkqgddgEfq4VLidr7cOAa9cndC1JlOeBcwk1x3SPNCZ0sYU3KRxyn24LePSjC2o41OvvrDjpuTuG9BDUizAmrML0e7BkWYN/kggF00NlIHeEn4wefaPXR+InHalbk8YcZFKFmykg93TgblHk9eO34lTkhUoZOjI9GrUwJ+JUwCf/VzfGtMKu3ICMZpeoJwYVIxD4j7oM8DIVws4csbxzWDRuZ5kFIUAb3hOv6Wc4I6Z02AC9NWsoelH0vuHwsBShfZufQo2jVbg97XZ3DnTyEO8XP+bSAKu4M14Kfxafwhbw+fSpLBK1ke2hxb8b+obtqblorO5ptwwQUJMJs+nUILqtnI/iffH95Ip3X6cIrNJvx69jjkVOykaMNIOB49AzDxKGf/O8cR3z+jFX/nK7YzOb9oLxhPN8Ds4jzotKynv2WS4CBXySv+DcP9h9oc4jDEetZb8YPOO1JKbOTNm5wgpsYOzzSowXQped7q20hm75nf+FwElcKb3Lgrla48uQU2Jua0NuspjZolCbvavXmL4WXwGPUBV6b6sl/ONpT+rocVArv52nhJqu9fT90twrBxSR8fXnEHLNv+8O22LHhU8ZNfTL1P+TaxuDB5BfS0ZMCKCUowu+YImAu2YY9vDX48qYDGBT587XsCnd94DdQ/FuIr/35adsYSZvyMBGvjnbzLtZ29llfhqT39UHVFgn77viKJ70UUkrUfUt5qwsY3ofR61lqIal4Jp1cmwSWDA3Cq/g+eyaxhBbep1DjRHw2LZGB2ficabV4BMbOkGHIC6FzuFvjRPh9jHxXx3gh9mFThRZc09cDuzRq6kqWBau+iuVpwL/wJZ/zasonX/FdAv4zU+evsx7Q3WhmKRFdTQHYhXTrzHkj0Bt/VWwbxSfE4eciX9e3fkWtBAF810YPo5RvQ8/4qDvGp5QfGgtS4tI8bFObzfb8XrCSXBQHD8TA2SQfCOnZiv/YSPB3lxyXGHRwRdx1ss/tpm/0SeFowGSsqXECgUBv23Z0N37tP0wKHTRTQ00ONtIGPbH+HEwRvUfSDVJCV3wjp6eMhZ/8pfG+hxXVF/bAlPApa1maTVJ4E5+/s45O3/uFLSRsUHJKA0NlXcVFFHf8yHwGzEkV4U0U57TmpwCLhDmg/Mp76P3WTpJ4yYOVEvvFZEA3MF3O+8i+06XrDGqot7LOnioOuT2Vnz91UocqADjMwtcOeZE3u4Yej57hSbTdGiyyltGNiMPqtNs3JXsULP2nB0xUP8dCSBZzgvocvfxzi60/ewdHoOnaXTYIlPe9gyqv3UHHSHLLkXvAqnoUN/VKsktXAx499J16/nq+vbUCF0e9ghtBLssvSheKJQ3hHbBmGWSxD29pg4luGsM24k4tsJHiWYiQlNtzE0dYyEBgnjj9JjxWWO+OUtbHUJztMrV+NOHrVC9ro5IxOUSOosV8evH9IQEu3G6VUHkG95AzKt9PHSPnP/GdXKXg8XcpZ0ZZ4xWQKSFan0+3iP+w5TweLX14j8dk10BB6CDzfnuUkSUe0XhDB0wJkQczeAkeWXeIXYinY7CfBhqUbcKuLOixrCuOTWS5kdm8TSdxVhxWPklDuRxwpHFVGF41+OGT0mL/MzyeBg6vpbOYFWqiWRovMLOFFdi9+7L2Os7c7oELrYzRq/ktTZqijSlIQbtfIo+FPhPLDytBiIYUHVp+hTUdy4IXwJ9z78DiNGpaiEwurWE4oCd0Hjen4KSPY8/on7hTMo85vfvy35wVqThTG1iY1GL+sC3dqRMCViniK+KYPZaay+ORvHpg3q/Kbz/7YMjyHD83vZx3F9eBY2sIfpVYyDErBndGaGPpbgNaMsWEBqRLKvGoFVVADsjcsaSEuwMGwubhZTwAyX+4DzwdVvGBsOZXb+UDEig6w9XfDkO0EVm8y2MvkORVNnAp/H1mS0Ckp+vvxBk/pcwR3DIN9YRXUvyiJtjhb8LQD47mzlWHPhgCoc9mGtbW9YJUsBt86/rGgrA/taCvlf0NaZCI8n+e3TYETuqU0J3QF/1IYJjNJV9gj6wATN9ZhxgNPXP89G53SpNBxgywsNxoF41c9oSVVfvwlYzoW3FxAMRadEJBYDFnlAWDmOMwbzshAipIjNpyphFvX6+jkl7eYoFYIHzYlsel/Zaz68TjpzL5NtamWsMU7B4+tyqI0tQYasdGFRzbmwcWarTzPuQ41T1tSXoEY1HmNgOgEf6iLzyWfykO8bcMNlNdeyNEpB/CKxWx8nCzCcV8KMeG8JDRWhZCP2X7sWFYM6+fGoHW3MzbtmU+31NvI0bQJAvd/oNi2ieAlv4rjvM/CwlvbeWzEJLzn+5tznv7B8enHIfWdH+ddcAVRPRno9tgMV1eI4AZLCxwKSUfnb5I8uEuD7hmMgj2uM+FulhhMlRkDM7cmoDfJopSTN8d+daeJdudggl8EqH5SJbsXZuyWYgoPRwpDXao9iFkV8O4v1+jyyiLS/JyHm/w+8rJScSz0bcXi23+p97Yi/BeVT1FlArB7nB6sd9vGCpHBNPOrK4oUFWPDHSd8LZaAJ82nQ8vpHDgy5TmvdljAz8EfzZzTMPrEctR48h834RaMPHof0q7IgmHEZ7raaIQWEyTo4lcjCBR8zMq5N0DQfS1cdZalkYvqcJO7EciX9aDXgnH8RF0cY+p0uCQnm1bd34mWiQ+od3gmZIgexYaiqXDlZRMcdxvkA9Z3+HlWAfjrJvPbKYN8L1kOmnxCcPX0CdD+wQx6Xr4iCadAatwRCWdlcvHFtXKu3zsdyz5eAsXA53B0+UGsFRQB5yujsDfiKz7jX9Bsu4iqwqN4dtlpio9cTRUKnigzHIyO7qKQLPMSwi9fYaPCHyA1pMx7ZmWhg9AyMvUpReeNDSAzT4fO/7/XaQVah0bSMysTir6azdLV91DneQ+FqK7krFxH6PUX4Br3iZAcswPSWxso9/BasvLfSyW/RtGiJa0QWZcA8x/lg8qiSnolCNAlIgG6f48BsCH80q7mgKlxcOriTCyTacN1nY/5ifsArHSVhnMS1yHichrdDTPB2qYcEm55S5OqdtHeQjuIOSOMoHOK3RW04W9eOOtvaoSnor7w564zGgouwjDohCX7xSil5xheO/4Sq/MUodk6iDZ6RnPZxUv80cOCP72Mgkn5Tah7oo9W/n6DHya9IeOzhrBrvjdVHrXirykXaKHrOtJTkoTRNRl8O8EPtyzRxJKMENQPMoS4E7+4dokZSffsIO3LOfTythK4LNMmpQN91LT1EIYbDtMkRx2YVrSYpyn3ctr1STBPOByzNCvgUco/Ep2ly1Ybf0KwWC2JtOnCG1cX9gs6j7nl/jDrwQYeXdGOA26POG3bSjq10AUC9OK4XE8bKp9sg8dqW/F0qDEJSl7nMQmLoMHLCH0jbWjMmgB6MfUD7guVgH9Zd/hgWigbCrym8Yuv05R9b/HjqgcQ+KSLk7adopi547g4Wxwyv7dSqr4lCTpko4fwM2j6fotld4yD5Yn7qbB8L8M7Ez6xVgyuyd9HwdTJPEpLnJZH92F1UgZlp+4FvciL/Oj4MarYJMnb3kwFsc0h0L+nnVdOUIOw2lSKrmzmwFPLYcBjNL3PvQa3d4+Hc68FQDkiBx2a3TktVhiqP0eDlGkLn5Py5anqB/lLyQjuMJHG5/7yYFlnhDdW/uS/2WL0ZEAFL1RbkprMVy7cugClPu3hCw/V4FftOLiQZEMCx1pxzvlG/m59kkruLwNtsz80OGcHtOxbAGfHTMTX9hZQ4hDMTW98+UyIJ6jrvcEZ6gYYopTDYx8dh1nPDmLx800onCUEk1NfcWPbCx7SzwKh0gPgtHwZ22Unk/naCbiRVHnDM+L12gj8th/7hu+x0pc//K+lmr75iZLfxgs8+KibS9ZKkbe1FOgpq0PFslR23NzH3sf+sn/ZU2q73Ulat1TpqsoqVEtUxGPHp1FiNMN/V07wdT7B74JqIcTIFTXHfuR8b3ecEnwXLa5dpnUD82nDXYaZC63JdoUEyOu1QtGCeSD4LJVmRZ0gkzUpnPrbnwfHiOHC0WqwS+UJWLywpigLM/I98RGyol+DcZEY9WzwwAPd4hS8qYfG2cqDhPJ0PFXxmZ5VCYNbSRc1+U5nVRLCtMXP4a9ICxypXoGut2ThT0Q8Ov6+Revl1FGh+DkbbOsmD3dVzo1ox5ESS6inVYdV5QmeX/gNL5pqUXTpNn7tl0ePP2/EmMkvecHNLby/Uxguufhx0wMGJ78ojIpy5H3pc6FybRyMkf4Cbb7DJHbwG+/80odzfKXRQFsK5vrI8SHnC2z+2wZOWxnin1/LIHnEbPotsQ1usBbHyQ/Q7gIhqFB7yhPXeKBtszr7bCuiIJxHuuY53L31P5CdocbyXqnw+oA63HiTyKGnVOnYkkGal+vK1c0doBD7EM6tPwUBBgMkWxWO3mMtYJLHKay4YIxTXPqgVeQrb9/gSbYhv3FFTQDnHFoKX4o/kt87hF+lWyA5JQHUzrzgr0XWMCFAmMQe6WDRHllcM34VRx824e/LVCExQ4fNxQeoUTGEJBW90HYok45HptNg215Y0mCI636MgX07daBysAfL8vo5LMYRvGrTcOfXZI7b6MHH0n7BYZVp+HXzWQ57ikDqPiiVd5OF9KPpaMJ31JXy5LvCsuwRdB34zE760a9FXx9KwEeJXlbOsaFzkzbw1Op8nvnSGR45xKCvqCh5BC0H07wM1JpsCm1FI2HDKAXyuZ/LOzkIv24bx5OtHFFkvgco7HwH4n+2U9s9hukV93FidwtfSBkNhzL2g7vtKA784M+HKtRJplqIrqRqgKvHaJDYJcMRseHwYTgFRY474luL22CV8QgWTZiAu7z+8OTeTnp5RQCGnDQhYe1cCgpux+ezvcjmaD94zX/JdpHRcNN2D8zZ8IXedUmBcX8LPipWgZwPNjA12ZFrHkRT9owJpPDoN3osGcGZRyNJ2EMH1G/aQkvLZDA8GMwKNSoYuGEL7twLJJqxBcZob8BZHZvp7JAFBH/0xnafRZxS7g1JmWcxUNadDRbeZW3fCDzpH8UFmRb4oVMXZliW8eKdPSAc84iNjAfhWR9D4yU3il91i76GFXB8rx715ApCmmIuxx0q5LojDSSQNIOVwlJx9Hl/2jKilXb/VsDtrm3gNcMA1iTJofWLyTBuzGouCvaB3JkRnFCWDtUfzoG9826o3T2WB8Qs4eGzn3T1wAwYCjjI5lYLcHVoOh/V8kAfkzsgbfEMN7r4oayDICjJ+tOjJiOoKGjjmQ0zaNSjQsj9uwCcNT6TTFEcpZwP4w55NdB4NpsS3IbRSzEaJt67DKnq2nw48wrGlfyja0nJ9MPFmcOrR8H7Ef/AsPo9jXYsYPmlQ7zATg9n9X5mqRu5bJGwnm40hPLeIjOoWXIHZl2Oh/sCtXjL3Z0W2Fohkz522kZSqWo6Z1ot5YmCEqAQp04dV2dy1+5WOn13I8wOcKd1H5Xovrg+68mOQWUrRwpKMoBt5+xRydsMqh6ugav6UdRrOBnjTMRwsv59CE835W3tK3mCpjJckOvltSFaLPLRgjS89pNtwkywPuXHhYvK+JfCAPXWTodXcgw1DjdZb+kpTD+nhVdlruO4K9XYu66E92c/J+lMCdzdOAwzPs+A3KhSuJKoS1tVbcEzZQx07ImGuQ2mcOCdDq1NkUax7W8pQUMctu+zhqib6bA81hRbPiVi7oEeUHoNkLvjJt7Ps8NqlwR8c0UY+Hs6mN6+iZUkwju+GWGY8xDEiJzjlX0FsMXfBt1UD1OBuREYGy7lE726PN8mHuxH1+PU9F+0bpo8hp9UwVt/5Clm/gDtKxWARQ2NtPhkINu0roE188Jp7ebjaFidjzHSjeDvosJFF9dRpZYeLE/XBPGIYhqsa6QUTkf70GN4RdGQUrJP8SfdOFjm24srxiOYeHTyGKXPfGIv80GVIkhInYWuog5oIr4JNOsNoLLHG2/MkoDK2yM56UESG1ik8dBAINnZPqRFsuUc0qaEohtn0e/GQGh6bgLXbIIxW3kSR3+PB28nLVineJzPJVfR1PganrkiE3xPnWbfpokg5BcKjk8Ahk/64NS6ODy6aioeFbYmxfDryFr7eEhXAwYbdGCSnSH26J/C6l8bsLClEm+qX2LJzhz6JP0LvzisBoPeTzxULQ9iZ6I4aEIRyRss5dkOT7lRrBzt9AqRFK+y0JlAasscpJliM+BglAa/urEBrK8ms826Qzxo3EqRoT9B87MRjm7qALeuQrZfPwLWBVhifNtCfiSdRV3dYzjo9AjsbM2CWVYSZG6dB4V76mmrmhaULx/ElddG8CgBa1oSq8vjUsaTZYETNivehe6lP3Gx0TLycNeBhDlzyO3cLriz+QMcvWXO20+tYuM5EbgpRIgu/NShPp9ECnwvCJ5O3SS7RQxlH3/jEWZR1DlNGUVL0lhETYn7KpdzzNJrdGWXBPx+p8PCG3fR5iePoTpUitan7mWB2yqc8CwG2kUK+PmABj+RmQL58JzsevbRk3ebOLMxCervWuDspj/YvmseKNTpQH1mCrp+tIKcvt38olkEPO7vYSGVvaRffpwdAx5Q0/In9CziF10vOkK5D0dCb/5WinWMg4CqQiz9bsdh4+dhrfITaJq4CdzmneCTS+tJLcgMHss5wY3Ji1jsljhf6tOBRNs4nvrfDzpmdYhWyw7gbRNH/O46DYJ+EU/LP8eXVJZwcVAiKja85ZnHkL4XzEX1jA9w4e96StrKcJ7XosyWuSTpegjfXLxH8qE+3HFIl22DNuDM1igSufkexb1Hwm3POxS3JBivtduj/Y8+OnnoHC/aGoezPSOgINUd3M2s0DpKEOQLayhWYDHnqf3APfvyMfTHV1gb2A+4qhy6phRg5ZkHNOq7JLRsH0HRyp/RYUsJhO+Kg/sz5CGyeJinLKvm65lvsfTdeO42N4JPGdcA3y3BxEte9FJHEH9uWQJZRn3gt8uHj+kfh3WJ9XQxkGD4RwicXjtIBh2uFO4uwN57b6JX0z5Q+nwGmz7VcO7osdT1QAYOOwrwob+r0WJKKcaH3KTZllPo60zkeNdgOlo1Hz5pTMBat5FQI3Md/5WrYln8MLxYfRPs4s5jCktD2xUxqPQ0BkeZObCjVQqONBrz+wN93HSnFcp1H4NKiQEXHxgJEqqFeNXrPL0hT9jiZQWFme48UrmP7k8dwVlhURhUP4l2uAlA9Iwv4Ko9EiwdeuBToRZ0/m4g64p97BywBOwU5WiZ23I0u5PEx2tcsGrnVL7jUgk79PQg8cxUXLP9JPh7edEGdyOcdw3xyKAWlbYK4d4LRrC5y45F5GQhdqsfPPc4wxe22tNbz8/85ZI6+5z2op23d3LSW0Eom9AEz7SnQ6T+Ub5/X4XbwpVJ/JgEanSOg/8j7r76gXD8QI9/ByUzJCmyIxkRCRmlQUIp/ZSGFioSUipSslIoESmlHWkiRFFIoUgyIspIS0NREp3X/zyCc3cewufmc/v+PioWP1T9ofGKYZgWthhji2RgS+Awr9rayZoa01gl8zM23tgBDWM38tsZ5eRWmoeyE80xqUkAfhdlUcJP5Dez80D90HuID87iwnmimJWRgg2KJuC9VBqvdY4HPdcnIFqiwZ0b5GiMfz49dhUgu61faEJ8NYXeC+BfI97w6UcToaViNE06foBkSIFD9hdjjO5dFFlnh7+/eOPOC1tYvTOa2j+JwcpFz0G2J4YdPE6T+PkxeKayDmN9p0Offhm/8DyGqll9mFM+EbRuOsJPpS5SWn4Sr9ARfuf4njYNCcEvlZ9kOe4kbx/viUWlxhDwYQKNeLGcKg1m0vbSfHh55AraXQnjsKmL4VzRBw7LskPjXdNhV7saFWZnwvmuOCr67oOnRVW4rMSMxESW05g3T/jxfyq8gzSgw9aRV6juwHkVs6n7xVSUna/HOUVjWffGDY5cowkRdAcl9k0B47gBfn7hIf9wecQD5k9hX1Azf39xE0OX+ePB36ngU7IK6urlYEtkE4fWp1Ot3znapOEL9/Xuk8ubJKr69w+NPi8Dr+BByro+Ds7GveXY/z7CXENTVrhyCj3f7OSQKeWY12MIPxouwJxxxRA/Sxz06q0w0+kBuLjJsO3vWup7/gB3zcihxfc8IMiiG9bVRpLybEVQ7lrAbpb5cEz0L5/wW4Lcbk4jz55He/M3HLlxATUsqcZWK4QHh25jYu5EnjV1Ig/+esWnQxvp9PVM2LVVlvNLpvG7jhTo3mIEkok3eLjwP8p87sHN65Ngt8R1/F67h5umx9DC3t1kPa2Qf2iLwaW3JdyZkYK5C6ZAXVkHynkchGmf83D09DiwqYyH7LdKKN8xAqruqpJfeANZvGmF/fOCyUJriH3m2NOUrkm8qvsEP31ry2t/iMGJOylslSABPz7ac3d6MMTlRXFrniEtvSkGk2IF6E2yI+2xkoGut8747aIvN8pLQoqbCGo+WUoTzaej/KOF+Fr9NIkqVPGpVwrQ0PIFtG5epnv2KewjZAxeh8zJWG07X/cygY+inqw07jt99BEDTZMQePTfVIQpx+CN01g6myEJF6vaufHRPh609abxUhu5ff54OGqnyh1fYmCORRq8eTKb86c38fLyFk5puIxcYM40PBurUxgura2Fsg0bWGryXda0PEMabs6cdF2KA2fOxfULT3J98GK43DwONkvlYcPvh1xpfQg829VowMoX3mzQxcoOMazdkAbpWQ+RHmmA09TdvFDMF8/vXYvztNRpVEcsLTJ9SzNm3EB19zl81XgfeGSoQdOs0SyZe5ufJfhAYsMSFAk2pq2Dkrh8vT7rP/Clbcdz0UdYFar6jbBmcwQknXsDwpPC0GNBExwXzGaZmCWcny/Ms+//A+GxlvD0eBKt3bcUVayn0PpvsvhGVZbs/jXD0a/RXGd2E/QPLCDxeZKQPt0FZ79ezibmryhfsQy7jO0h3W4kmES8Qeulz9nHbD84LNCCMeO66ceDHpBx0IGFo7xg964FFDo1g9Wu6LGIqC6dThfHJoXpcNhan+JdJuD8v5H0Rw5pjMZGlHUwxwH5WFZS80PLAXPaZ2oJ/VvGsE7oS9qxaDV5rxjBf+JcqFzTn51iz6BS8V0Y7bmT05w1Qf62A7h/no9z9vWQTftlWhU1loVjjXCEfxNfHhWFccsPwMXl0tDpPQitWz9ST+UlLDZtooNpkWRd2Y6tv6VId9NHssjLxL5dSnDB7yD/vigEz68cxikxecQh98AnZxHqtL1ns/1XeHOFBxbrGoBkwVgOqv6NjR47KUR7Bs3r/Eq5nUVUPs+Gvng9xvvr9oO1zTh47ZAMZu6+/O7edjBSVyMBaV1yPtwOv4LnIAercvNQIxxZLAuflI1hqXoQRif9ZJs/D9H/uAI6LKzgqJZQfDpiL9c2nqM0lengPaeMG3drcshVEY7b7g97dnaz1bytHN81iNHJF/hvogso3tMHb00jaDUd4PkrRoHx8nSY6NUM/eYn6F6MESpPc2OD6UBmpSrQdOIBzBsZSks9HNhtwnKa/zMRbD9p0g51K94otRKPR3xFv91aYJRgQA629pQ0KZZt9SVhhyTiWSsbaHFdAjpay0lLvY/Se3XBXXwd/vAKohWCDTCj5DC7jNiN51tW0omtYvhJ0BECetSwa4slFGqKcaqhKy3ruAxducgVQxYwSnA/tWS+wBbBpZA67IXRQpYA3i9ou/FnnH31PHw/WgYX01bAVIjEJ1uMUHWSHYoMX4SEiyNgpkUlTytKApVAOzQZnE+iCZZ8qv0z7L39hKYLAq3w1eVZ48dBa3wdBbanwCiDGG7p/sspMZ/pm549S4y7RIJvN/DgaBvU7jOE4sDz6DK+BI4WrMNzWZMhyT8EHfZuxGUfulFztgpr568nm1ljIdHbFjZENKALdILmiRU43/MxaUjPgWl+D3mSvzgcHSwg/6+WEFX4niVK4zH/nxfs21zErQ9i+Ud2Ba4dTuH2fm98tnYy5d+dCIm7TvOrCZtZtFoQf4xugZRtclwX4kNPjBTZ4mgB0zp3jjWYCnJXZGGpvx1MOOLLziNPgKj7fdLf0cMzD0WTys5RrPIjHjdVT4UbT/TwzdptJL0/gq4cyITG7gCQc7KBgu0RWDNQjtN+28OvVoDzPAEmCs2i5GgnLGmUBcPSjZRcaYXDF25Aj18wvDGz41+LZ8K4JUrQ/DIaDtrKcUW1M8fY9NHhhQWsV1aPo9LHcPmq47x+kyAsCfeFZwn5OOi7C3+5JUHGuhE8++lxnrbxGWa5LYW1Gj6gLy8PMrnaCCMGIa5MDFI2drHFj1coNcKF/bAGbaQzYLbZEq4TN4TJN6qxJ/sDFtd2gpGnI9jsb8ILh7ZBiMQWWPrcHzyCa+jtLU1IvNYM9nqhbPJ2My/qnIYk9YNNTepJakcGKQq5IM+Kw1d3ZsLTjzuhzVmArHK7oXnGJM4+txKsGh6S8kAeBd3byg43mBI3ysP7XSXoNsmdJGTL+Ku0ESqY9tMO9GblfWEAW97zU/Nw2PVMA7qV0nCB4gFgmy80/7XX/zUX66oes0FEGou71ZJt8juQva0Mqz1F+RXX8qfhRtrQKc+3WuTxaMMutFndg1sPpsKniEBeFSQDP0Uiyd3JDx6jKRgN1vDldWuwT2QfPM4sI+wZTWqnHDi2Uxb23+qF/ySy0eFjEu+cmcw9LbEwrr8eG3YHEf78B/YCB+CblTCUP3OmayK5vHb+N4o8NoayLUtJom0W29Ye5IWHOsDoczL/kpGG+j+O1Czrxr9KP8CsN0PwwDobt9zdxxo+Z6FYtAQGZHux3dgIZsue4QXJUrilvR+Wz+1FNwcvDh57nG52HON1zUup8p0A2V2eAlPGd8EJxe201TsYb8ve5XaLdnQaXwVBxxbQh3ZRuPl8BdiFG0GLdAiFjIqjNr4LtqKFVK4Wg6PtNqBcpCJ9nnKW1Gp0+JGXJAx9P4lPcSvdGjECm8qLYNoqDYp+nw8LN1byLyFTVPZwxJNrLKEj/DId8fMmhfSxcO9PCNXlboStY/5QcX89iy4VQfmirdSrNxYeeGdjZvlUsrozmbXHrYcI52ZOmXYS1Wo92FtakmcV/eThqeOhWPkHZ6zphb7qQRS+F0+y28MwLn8xJyldo8reR+AysIx37hkPpzrPo7DyJV4wbQdui10NT7M20GBkCLdHL8a7rZFwPS0CrHIlQDpjmL3nv8dQQ18qWXQJnXZUc1N4KH/beJ1UFo1k1csaMP7fSBCXXQRrVcZiv8RPXB81li42nwIDhTYUWtwGctoxtC9oCD03aoIiOdG5lhpqspSHvOmOdKWhHHounEYPdxd+enIWq9f/opM75CEg9wEV3hLDKIf3dFL/B54Y2ILhBgX8xpVQcps9V1/2xZ9T9CD/oTUHTlqNIgUK8KpxKnUVf4XcMZ4wL8KGvvU7I1kvgeZSMYj2P0jX1d7RF837YCibCHUll8Gg8w4L8BSoT96Eq++EkH27NuxVEsBHKVPo4sut9FgyHPN1O2CCSwE4SteB9P1leG9dKvrck4Stt5vo0lEbyhj5iz9/P8AultfxYsE4jq+zJglRCWi6OYNmOGlAwf4TEKe/iWxLvXBg/CAvfDaIVw7ZwlczMyjvUeblazUxwWYaDGn9ZT+zdDBLmgsu4cw3O8y5yz+MPQI3opFbNW75/A9zXwiB55RCsDzzgK05h+6te8iLaAfJfUvA1OPPeVmPAhzf7Y+f/qhC+oEU/m+tOd5JTKePtXGUc+IiJ5w5Ah73G3D2UX1alRYEsHIirKu6iqNqYjB5bDWNzXhNdu8/cVrIMASmHQf5/HqIkHeAWUUjYcW0XJ5c8hgHC2ZjZ1E9LS9YgCKOv+nUg9HQvXcMX+lexG3zNSEoczn5ftxKayV/k8FIY34x6wl+ftvFJaVWOPvSEugfp8H7tshClnA4rUypo/eyGnTlZA2KTVODcS4p2DkhnUfk+5Fwjg0HNgjA+JByvvtwJv+vu3l0IKc5P2bHrIu4bcpfNitmyvQ8j1mmBE1RQHouwvRotxaWpFqzzc4Mrotw4ITil6DqFADzgq7C5M6xsGLZZfp2xwDL5kpR61kFnl5wj6v8yqjniAHdOnwTT8Xq0JxMQTiZ08qP85LJvSKKw+um47sKWZ7iLoAu9cEUNqoVttdvhXlPdGHoWyzcmaxEIsbeoPY5lguqTHjeTyWa0fqD1xZNpNm2p2nlLUmIvfSZp+0owYh3QagZb0CSwSqY0vaTRyZPhu6XM/j9DSVabY0gVZABWnUqmDtkDHrxMTiwVQA+LFxIXT77Yb9FJzhlzaARU0RgVakECxsewXlbrqNg7CqYr3+H0ty8IPa8OtqG7+dT8UMsvXcUTLOdjTNah1CnbDLO8pLB0VXJ0FAsRiLx1jxSQgY7dquTtbgxdM97xOMGrHmvRS/XF9+AXpsO7Kk+y/6gR2NOIzVvy4HWrpFQJa8FAo8Kac7LD/RH9yQ/E+/A+CxFfHqkktVeOpCDdjk21WuBoWYWLJa9S9W5t2nhHF1SlC7F55MKoLd4LiiLa/A83ZOQ82sm/HM+hxfWP0JJawtYkpwP/WeluUxuPMr98GWpJT9ZaqY1efynBNuODFOSyRm6OeYMV0tYkXWqBT/dF41WII9uX5zoxJwlFN4sAJkfp5GXbAV4L8xg57aLWCxhA2H/DaDprHs8LPsGj26+hq3Dk+D5kz4MSF/OoR/mwcXeHLZt00H1CYE4V+s75Pjdw+hgN5gwShIKz00Ak9CLUOKhA09z10LPDSncUbOPWrcpk53vWZBqiIP4A+JQGnMHJx0SA6HK1zB4zpgkL4Xg3g8SVCM+jAF5Q2j7OIyCZBTh2RNf+OdoQPNva0JJ9xEqiY6hu6+O8+/mbH41FAVhbVHkMlkPfi0sgN5bI6jIR40nsh8qd+vzjyO7KfFVIrd0ylPa1M1gtW0EGGV2QvRzFVK21qXpCS74N9iMR/iNIcHx7TQwLgsKWQgOj1ODiweLQb3pOZo5fMJXBetAuTGDDw6pQ11HGu7taoO+XRV4wEgdMgRjWGFMKV0+qoRRDwpoyuUJ/PG8DkdKnEK3kAg6lO1Euj2WsFD9Ca9Zuh4WTO0HlUvfGMT6Ue3RSDBTUIXueeo4OW0GxIpPgc6/anDkqDQsVgvj+18P054+aZL/04eblriTTLsFnvdZSe+TxsDayBA69qeNNs6oYiGB/7j28FhIdghmX90uFlrtCCXGGeAvowppy96jzMxu/JQ9SI1pT2n313Cw/aZKDkLnIKWhnG62BOCWOgnIDW4jqfoVtPaeM157pkV1sp7woiSEA/MzUNLjJ92tDoBv0YpwUkkWlix/y3rv+sjlyh4q7EmC/S8/UNvxxeSTEYEOP23RYMFE0H84hdKWLuOs+T68WWMLSA6mgE71TzidEcXZD86hb0kvmPwYA8Fp+2mXzWPKKtPgFH7Dfz6vg392u8FhqRSmPhDjt2Pm0bWXRrDQJ5ZFYnfDu9W2eOdzEGr058CmRYFQ2DaM27WOQblaFwaWT4KETWW0UacD18do4CuFYMj7T5s+nK+AP8ayJPsnkho3WUHqXzWgWnmWMPIDa1Ndfhr3lFtTn8Lre/1gPv8TRiqb8Zn7m6h4kjbEq7hw3vRSqupcC0uqtkLfkWM4RuE6HPr+kfuqV5HTrhfw5qYwXH/Wi7v36PBV7wxwN+vC3yuD0PhNOUz95sSlPe/xcs0XSnggCM3CzlTReYPkB3x4zMhXdPXtPZyqWY9Cn/ah+PFhOMar8Zn7aPjlqURbTKPo3ZRrqDr5LZY3+GC+5T+42KTNUSUTOOZkBfSOFgRl+3+YcLoUwq5NoG2/F2HSyIMw8NYCXmx0p75N3+Gn4lh82GUAP3r3oP2zeJhut4D+fPLGmpOSKGeyi5PtnrN0VyT+/hVHoroMgXc12e63I6qEvoI9wXtIeNE2PuToSat/GMOZ3hu06LwRKI/UgnVC9/lv2jb0vLSWdSODYMa9V7TLMRy/XVtFpXqq9Lb1AuZ2i0Kbli0fBkGQlBlNN0uv4/glN+CouRpM2D+dn7hN471P9oL8bh1wkdwJqbV6tMH2A/0N3wsmDcnYebkPG+cfgHftCqzkPB12HRKBL3L28OmdBF61GsK0/OWgnlIJ1hu7OErkNaz7ms/RwwO4algRjt2XgXGuQ6SkJE6LDAH+vQT2CdwE6x1Owb+v7/m9+QG2ODIdfHf5splgMyenvKe166/zoOgpNghexXZ+3jD11CPQfOLMy5vEwKpnEY1uWUqN4cfxy7FIfHE5CC4q9FFBeSfolkpDvKgEH9IwA4vKDbT+yVKY9EOLOySeQKOjO9+sGYXFhl2o9yqHn6WuRH9XKVitrQxvjHdCTeZBjDK8Bg4S2/jhilCe2D/IO7avRoNzp/jX/ImA6ZsxMakV9kRf5c66YPzrKgp24VmckhQA0r+Mocr2MsvONYHV36uxPasUniydjGY50ujutB63HzlNZ6W7KW5+DcU/CuQadz04XhMOJslTYfy6LXxfDjjh9jjYpZRIJztjwU5KHX2MroPnBW2oU54AFXHqMOMIke9UNxrlmogNLt0w9XA5vz0Zgi7rxHFzoygsuauP2bEpLJt+An/+3kU63rVQWzIC68R+4j+ZMrymkAsK38fBmwOSrGy4lB67fsGBtfm47qwX/CpZDyfrv8GRA6lYv0qAhHTEQHjHBProdp93aURTUWUHSyduhZla70BROpBbMxU4co0L+X2QBN3D7nD5YS7vLb9ODZbi7O+qDM+lnEG/ejOsvSMHxyLOwQ8fgvWfNvKAqSNeGTqOR4/owMivR6ir/jvMKQrCwp132cjJEQ2RodUqiuaOKafY118o3z+Adq6fglOq3+GmLQrUGv6e4mgdrxrWgFn2p2Cr+SysjNnFhTUTMLnChw6mTcabtyRot6ATzbkpgvuJ4dCTrVjgbop74mtIVuMQBxeOJ9fx0jBnsxI5lmaDUO9DfDFLAy6cHUNhDa50wmoG3bixk/fIleJ73yI8UOgOv5K6eFr8NLaZJwLLb96HfJ9ptLLUEt5qT4GDCTfx06//KMMjj7/M9aFM6Vh8bSgO96TX0e6BAFrnkoo982/S4bcX2PxoMvxco4C7TW5QWpwNH/lhDPa627HCaTw9unkVq5on0tsHYfhsrxx53r4OwymKIFy9hJfcFgSzYGXc+jME1obVkd0EHX71R4Da5o1igdnyPDihh27XjsBTReMh49g3TvhqzsImKWRafZUCSqTQ591pOPL1EMoIPuZ5MtK4oGYSxIhcZlq7BtPHuIPUnkiWvmOFPafWwVoDhqqCFCxXFyOnrFEgIuRJvlvWgISOHd9b5gInVkjRzUARPHe/Gm0OHaBxAon4x0oRCm30WUKlAVc+LAWV3zvR7wnTAQ079DK04fXiK7F3WgUv7DGCBuxnR9mJuHiZC+mneZG4tiyZw3oU61rFVWMJBP/GQv/XSSDjowhOVgls/1mfo7XV2XNdHKwqFqf0v0JYuNAIqr6n8EsdPfBIM8Tn3tE0T9KKZJryWXRpGm0sUyXzR6owa/9HrlbbDO4piqB11JrK/G9T+LcnkHNnJFS80wHlPDccfdwPTnVepacFPqQeLg/Z7yzArM6C2+1bWEm1ij703MfTuByLZ/vQR4WxdOC7KSSn6EFAcAOdLhaGbxGz4ORpfzaUeEmTVkpQ7dYjEF6aiXYiGTjupghYffemdU97YdRNNb54VphXNFjRgEQQPdLVJPdTQfxv4iGqfD0KZhc0g/vUNpoZOIV7v5ZSa/csqgr6Q4PVaVT5MYBnnbVjm4hxoHRJBT7Z2PLRLltK7a3AptY6KDGZSDPMMmC/chMej97K5Z6aYJfrSI9mhVFrlwc5jrjBex77YZj+Icqovk3P74TgKmVtmsPjYPmxLfhnmTete9VIh5fs4M3na2lnzxH6M3AUPpd5sMDGGHYJGg0jWRFjMqfjxN92NFTwBT2EDnLXP00Qjt7Aaplr0RLtYPigOrTv6YfjH6ZgaX0eCWnZUb/LREw9VY0ySeIcJdwITdc3wZqbsuBflcNCUQ5gvTOSIOc+fu/xhCsFGix3djdN1b/I7SKNZHpKHfSmBtPMwEjs671BxwQnw/Xn62HlKn+QVxnNMl93k0ffXhgrZAHn5swDUZk7XLG3Ddb4KtDRX3EoJBsODWXiUL57HBR41LIojob9d3VJZXsjrz/0i/QPfETbWxPw7r8IrHm1EW66CNJojuJi+TGgEekM+TMs8fVDRbJPyuO2G8Jc+mwP+UjOo8z5k2jW76WU/lELqtvLcWTCL9g2eBdmB+yjyV+TwP6mB/VMc6UntWIwM+s7hh5QBd1tP/li0GLSTJLBcw9/g9aeixzUVEte5pux/fk1Lv7ixOenjIBbJSNYZI04BQidhyDRvxDfpsalM+bAmB02vNFvJLy5VI8Pj6mBo64JuMwdhzNK37CfdR5ai/qR0opnOGRbR0JtW8Dj/jHSd2NwvH8S0m6XYWSxKn8JC2OhNhUQWiKIjSflad78GDxW6MQbZ6hC+OpCetegDU19iylpdwCf2PyVFTw/8tJ3YnBFzwum6d+l5i1GELP+Nd1WXIgnYnfhN8dqzomZjJ7ffqLhTzd6tC8YdboE0UtVAtoqZbhh1gkWUkxh6zRvVOy2wRV6Gngkr5Y03TthVMlVun1XCv5lfIXj++fwv/L7vOT7ItBe8RQqdv/Dg3eLqdLEGg+cGuCWE4pww+cZrzzuz21v7Tja9Ad/erUfD1RsB+FPiZRxPgp2JRVDBJjAskmlcPfAWPRYkEj1ApJwK4HIOaGXP8m08EqJQCyftYhe5YnAoYX5/FvsJE+TegMqebFg4iaIg27H6P7Uh3xklx6tVX1D9mPGwp9nzylzjjH/Un6Kt3LmYmnqZrxb04J1UjYcM+sOJX6IZrUwaXgxuYxkr0Vj91VvsM605Dlm76DRw4k1+TZFTFmJa+1HUW/CRFAqcGEXn39QEtRF86ptITV6Iq9Yx2Qu78B1r1L51pxhGr1ODuavHc8XNkigfutJmpgpCftVZOBFpgge+JzJ8UWL2drTip43K8CcR1owdqkANS14D2fdI/jPr2d88VE3vR2cyjK1y9BLtp97rwL8sH3Mq7aq8oNnTznmnjAPyS5mV8d0mu9oTj9imsDFowH/CVjCoMEHnOo6nzMvreaZ7/6DbuscUHgcTAuWulO6mBdOfLsNVv2VgNcD/bgxR5Js79xDxcvdkCg4Gjrf7YLU0zKku+MAL5AdRpMeHfjlNIXVBWL41arLUHS6EgW/XaTl4l/YPyeJJO8ewFHV/rCjUQ1eNpdg99WvJDx+GhcVTCLtBT6cecyTzgRH8lnrDizONMF32cZgM+cYJb1p5o8fVlKVxETs7k2iEdmLWPrkMr59JZmlnCfSQf2x0FXei9aJzVT+biG8vepLSXb6IJojwQ6XCujruv0wYZYCOBgLwTW9ZtA5KUoW6Sm42aGPfc5b8faPVzj2ngo1Fgag4vkOsPgxHQx996NhwBJubt2PAWNXc9jZ0Rgzwxzkx0STy/q3+HEE4MYsSQjWEQcrDMcreXGY3a1Cg7cOwRSldXR0dzvWfrHCIDUnmtAmD1UFrlRnKMfqNQdIaWkBvx6zHYK1qnACX2GlB96kVGFHA+cN4bDuZ7wqJwT9a4JJdIQ3qN39QDtlrfjBtkZ4qTwaS6ut6T9deTALfgwagrbQeamMrK74g1FNAMs0zqdM43+4xlSOW8fpwIz2kaDX207P9V+TkfF1KrneTxvvTyOzve7QqvuKfGWe8Kp9L1Cu3QDKd80h8eqtoJtrxPmz7sPoeGn+MGoZrDyWQ1kz9flRyHFYWzIBvFTSaK6WMh5ar46mL/U4UTUZvoZKkb6KJrfvDGLhlgj+IzQCmix/0zMZFxIIqCbbw+/QuiaHHZrKaemd0Sw+qITtYbPoyCcJOFoxBOZeEznKpoQmtFyh0EEzvGRhiMkv1HFDQhfLzq4D1xIJ6NaeQY7mwrRvtRkF2x+j+P8e0DffR9BiuYVHhV6hGVumgkG9HNhlvAbTvVEUolRPqUZlEDphKxkLHmZtz/P0M+wwDISfAZ9IYZAI/0W9tgFUOLoZd7/4xm+uP6EPTTf4pYkf176oI69LD+GrqDDcmOzPd1IXQaH9M9IOUsKgkm66cz+Dr9cHQ/n27zT1ryuaHAWQD/RGm1gB2mHdCReldlLk5cvYEFEFG5sPg0hOOUqdHwPeKzXg039f8LblCn4xUxIGr2iBcaY2bylJQbXhUZi5vYEClBM557QpXLzaBkdaozC9SpGKXNeB9Ml6WLMlkPY8bcKUQQlstQylKn9B0N21Hu5qTwH3dGXeZT2Xnk69z01Wqtw6JRsqBNTp/NQ8VHpoCpuKlFDv2G54dmYC6HfXQoWMKK43a8essokocCgeb23eAF1FFhB6+htzqD/V+MnCsRlPQWivF8vbJ/Nz5W2sW1TMP8SD6NtVCehZNARX0Z7MLjay3eL5nOp3FWvOrkKfjoMkJXGUUj2XQbjdZBB1G+JzD9+Dff9Hfm5+AKdLmJPCshpoWrafdw+68bYf9jzqlCU0yU0k9a0pkKdWS5/2pVBJ0AayfXybn++aQF4jzvGUrEf8REYMfNodKPTISvYzXQONHv+gaKE8WV77jA8Ha3izgAOsfnIb3HkcHF72luMUpsPWrU+IPENh0OgSzXO0xPW3rPhe3h1+KCBBWUUC8KA0llInnCS/mPGkt/UlF1qthWNScbg2IIK1X67E9spaOO6pDdZKBhRReon3jgvAfuPRoHVhHmVGLiFVTVFK/DsIAg4l8KJPE8I6c2Gu8F/ojkjH/rABOLXKnsMadKAGLCnDYBKPkxwDXV9NoXjeXj60eiL7L+3jmPAa1txqALq377LCnxjav2ss2oYawnMTWahzz0Vdoy1wc0ElpU9/R8puA7SywABGrxzJY4qW4OSvM+l5oRTYXGyAZa9+wgdPO1iU4Q8bqm/R2LAfvPqRP58ekUzGeWtoIHEMLLESpaY/y/ieSQ9aHjpDQhkDbMmCkH+rBbVE0kmn0olnrpCHybX3OGfuQdy9cg/5Fpbhsb4mjN/1ETSaqnG1jR9cT28HgesIgt+2o2TOR1qYcYBWHjvLFe9XsldKHmZFCeE1SUm+4ViH1XMMwMzMF9VlGNvTD9GInatQ8b/DFDryIjssNsHjnYW83fw9VLhowpIf0piWs5qnad7D/mmhEJm3hdPHl4FfQiGGrzrIPXaRcEzBCDabipJD/neMatyFITmKlKsyAhp/jOIFk5bhzh1COK/lHzSnIAQaLeNJeZPw0rFUtsdeFNY+B9dWIXlJXKC4Ch8UEXuPg6NGQmKsMdcsKaaX9VvIJr0QXuY2w82IG7x8Wh20ndxKXpJt1HhQD7I12tDiiyBC1VX6OqhKX3sSWLXejQwNzgAvnUtqpnvx1Wcp+KXcSWONqmnZm9dYfloMrj2owIXqmmzieBtcPwnSVYElbKFgAo4688lkWh1kp/+jNLXfvPvDOJq3upAKo5rwgmwGWM+1IOVGfSA3xIRjenRMowRyko5D0Hw9ivy2BEQdxuJyZ2P2d5CmebfEIFZgJ70QKoAJ2im0vtQCLzi8AaHgEWi+sY9UzWqZD3ficlsTKL6STEGe70FKfxzELwsC0VBn+vv3IOjm7qbeg7sRox5TXMoEcOsyxNcJfvhZ7g63vv0LIqu62CWhGNL8ZPFw6VVyvG1IaUZTgMbGgPL3eEjfqc211Xto7rQ7sMKvijbFXuJLHr3wQXs/L5k1FnzGNFLjt3pe/7mKkv0vcsgeG+6b7QNzat7hWpECCI+5Ts3VM6E59Rz+dbOncRtzKGF+EU1qzIL1x2bA/QUb+JfDGdAyFsTMGlPQebMK0/+GwtD6SBS42YoLY6+DtPBudj+ymL0/zgTJjtNcu0sd+sffgsiRy9h42VWw+HYMFVNWkLhqPpcFbKOHx0ZD5zo/1Js/Cg7Gz6Epwl8g5NwBPrEljlsmDZH/iQr4M0IbrRQWwK4dydw2SROK1ddh55y/6NYiCOCtyi8PW2HbM+RnJxBDI9JR658+xcVLwubz3nwr8B82t5+lmIfJ6KX9CHKnp3HglMkUlGMBinUC5FAsDm7Pd6LSri1Y/M2XnCNek6y4D4RY5lPBoj60Uc7nqDFH+WH3TFCPfEkpWdYE8gfwmlQLxi9OoaLuPO62+QQn3pSQaW0ZdeSJw4K8DVhr2g1OPU448twoTJsqA5pbhbimPo/yvOqxSe4sORoCnFZVZutdu9Hi0kjS+LaPh7yjwPDKNG7+2oEFzhtYb3Iv9/tIwE6FfvKd8Y5AzoEt1OPQ7+s25Cl6/C5LhOadUyEl83e0bLwkrPqSjqnX+vBf6iF66PsKJtc5Y9bDv/xocQJWTzqMAsaPMarfCMqksjErO5k/Ze7kN7XSaN0Rxiu0v0OrezX92RaKTp4zYayoNOw68Zr6ahdhSMUNSrMVAF3d7zR9QTiUZ0tQ7LVRtD71CXzxN4ey2Dd8yakRT/svZYX09Rx4tQtUSwy4rFuNzTtCsKJmA6cmjoXNkX/os95SPjP9FRXvOIPl9+1Belsr/4QuODzpEdhM96N9huNAzmw5fB7Ty32hiB7mcZgNdyAi+T1WnNrLcq4/8eE+S3wQIQg/ng3y6coE/DXuP7LqKqQ/7rXsXlsF71/L8I3kt/TICXjHI03QHbgG8QMiUBC/B7QvZSLHfqLaGadZzmcm1Wgk40qvC/jhvDKI3twCl/Zpgo3HAeoxj+MRgZ/g3Z1U6n9QDIe0rpJh/ReeOk0ffMxz4P3Z2ZxXOUBqZaaYFJGA2qjH31qruV/jLFqkNXL0E4Q1qcdwlOFVyqmcSF9FfTn3xiha4TqfXl69iL6zenG1fwOq7zUH3VAB1lOMBSnduXg4dS87zbgNrRv+4QI6iBpXDoB/ZRD9SNaCz2baWB0Vwj0xVyDZXwZe+6iwiYomytUuwym2M9nYpA+jpUaBTtwBmJU+B/6MGoUB9yPQWUoRynVtIH+tNi0+KAoiNuPRLcUcdi5eiq7nrFlQS5jmDy+hBZMescd+N9QK6+bZE0/jjdZ5JHNz8v+ej99lsyjQMx1D7mwArRfLaE36E9K97oyVBXZc1BLCJ6o0IWf+Om7RvMiCp6RIKqAYKw1dSMvPG7Yq3MUUN0saS8JwNkAZfgq/5UGzpzjyYAH9fHAfZm5htEqPgyRjUXymfYWrZkmgRdsIaLx+jM4WjgSBeH1YKPgExH670eELohizv4ISckVg809dEgRT2LbVHxac7AKZ1/7QXPoZspZ4Ev0q4NY5Hmi1/h3VvNjPx8Ms4eJtSWz5eA6yny6hhw2joPqII1uHjuBJckGwLzOHmkolST9BFKY86af1s6Lx0tVT/HjRX9r4OYkuLxuPBeudqOlLPDxAf3btMQHx5FxSAEVWTt3Ez1rD6FvHfXa5w3TtiAXf+eZNiq3n0cpTATYcBYp7/AoasiuhZroytAiswooVXii3qR02diRg0NcJsGOLLGQfyyFD5yPYEiePXtqNEHihh7a+egfrEneg75IswKRI/nhcHcROSeFYlZOY5JaPZuc9sabeBlI3ieGnSSNALTcRRCdewOIWefi49SZEnlrLHwNHgdDSV3hg3kxKmDcJyK8Mu3cgOZvMo4L8qXD2mwxNaBWiGUaBoDUxEA8ODmPUO1Oy1DyD45/aYeKifRTrJAtDy0sg3NcYnTQu8a/gJvK27CGxq9k08osXXMzxpKQlZzhRQBHebbLFGCE7Njc4TY32v2j3u41oJ/ob/9a38Ps7UTBXywGP+ciBza5h+HtLiqd7iVCQ9lho65qOXxbU0B3Lag77IA+HT8eQwAx5WDNmL83JiMGjjzo4+3kVPT/3B2Ir75NOUhQcC/1MSwe7OGXOaCh8E4ZFp6MgWiQVmxRb6YlDPC+/pM1pd9aTkXAZP8sxQJGFo4AUvnCQ5RWarbAS7+l4oVKIJaivEwCfJB+w3+4G7T7T6aUIguEDBRwx4R54ioXA8c7rdEhOnz5HV2H4THfUvB/M3bmVnKE0FcJP/4Bl0VmUZ6fCfl8CqKrlGek+e4eal1tAe9iSR/fKUvtReXh1E2HNQjF0+noWN1ENJ66dDNKZLTh38QpYqiaGY9pD8OFTTbj1VJ+rBseQYuxifFC2gKyfJsKT4BrYPIEhM+wKJ2oZUlkgwZxABYjbcoq/P1aGoMSrWHDtF1dmisDa25Pgpb0p+3o34oCIGrTZuXJlw0lUsk4nMaXjIHLgNrVlPCCn2720zSwWWyp8+flLbbj2fYhPdOnAZ3MTCinfC9/emJGPozptP/iEul+Gccn1OJJLZngZHctfVP+xYXgYdzpfx9osU6qNskN1x2rUX/CAXj+7wwYhslD2SRDWm+7EU5OrQGiDIokM9oGw80k4XbAFpz0a5pwlIzkzdBR4TVFlBfNNcP/lUrI/XsIm261pT10fq61N5RO7Z4HEuhjSNxUEXTkFPJO7nztBmZz0l1Jn1xXYnX+f599Xp1teaXR+TS7NuK8AMdKdIHzYgLf9FoDrjZbcm70N63Z1Uc6yaBxrVo/i8V5UlasOT5UWwUaVaVz72A+u1CdjecRKMpKYxL9uKZPrJwdQSlXC9yViEK/6DMIS98G5Eyvw6K8huG+WhVsk63FF+Tc8emUsDv/4jc8XC0F98AlO/GPGvY9cyUNRACYN7QG1tniev2kWex67BRv+CwKVK8LQO1CGC10lMf75RNARq2HPS76MZ7XpfUcSOGl8ZJHU1dRtrwPDc6bzufIj8HPZFfq3eiaT9HcIXe0FoaeaIPCQKb59lc7nygwg4N0TGnJN5dnbFHFnwkyKWBcOM89Kst1PVXx6OZ9SR7fjlBRJeD1xLqm3bIbI1SrYe9KRehQzqHebGc84KAKdP/XB6vFsvrSH4MbnXBjzPgwLC0MgXzIS1lTPgF47CYwov8pheY1our8f1R4pwVmTNs68PIA3ixNIRTwMZe/bwl77LBK5coc1j1ZSxLdtODTNEmyi7uL7ntcoe/EVyW95wYPuO7nQzgvlfz7kyOFmeF0kBgVfR0JwhAT848/g/TILpMaeItfjelhvLIrz7tdyRNRD8AkHCPlmACUqy1GhfwIu8a/gUZsQnr8Wx7z2j5h5VAjcP3/ly43ifC54DNzMdwH3zUvp7n9dlH3pJiWunkyDz8z5c1Muv/zvBhh4HIGL/Yog/jQB6802UVnfX1rg0UPLJ9yCw/OvwXTBybw3yQrrX73Bi2ET4cPGh9gOi6B99ylq+f6XgrIDoMjiN+w3VIJbhfn8vHAMXRkvDD+1q3hMniUvkM4l3y1DdG9eKCdVRMFRuQh+1RpI94XH0dguSzh/8w0s2n+eR9Z+Jt/5cpThbsMPtj4hO8lAerzmFX1VsaNiHQvgT4zNjxRwUa0RzM6aSx3Xo1g2fxx7Ha2i1McS5P/oBIOtGWx38uT/UqVJdsidLqhe4zr/h2ixJhXUCl1piuwn/s8tEw48nQpxC/vhtaQHfDn1gezOnmIuSKbDSQM88DSaOjd7UPzy1/yhUhomaOaRfchLcDyqDVK9b8lCKxxWzN1M9lcHIbtuN6g5v+XNQzNBW+If3wprhLHi0Xwu8go4vcqGcmd7eKIYBx9CI+GEziUoX6wNYVEreQpNogsyU0m5Zjxn/RXhD2cE8MPma7z/iBSa5M8gmfyxILZeiW8tEqREMS2sXtPPKa+7WSrwFH0dquP07jTIcLAhq2JVkE4Wxrevs0k/pJ9URRshJEsI/HKILVbV02K13eQ6eiYJX9aHIyUzcV3bdrQ/4g2tHy3Ruc2YZQS8sa0ygfMMdWiexXlo8FOH09Zj6HVACYSfreETf79CbdZYslPypXLDieA0bis/G7yGBUoT4fMvT4r1EaSQ6BZ+ecGFdl2wow0ep/nhyHiwkziGi4I62VxWH6IihPlqx0He15FIEdp2YGg7HmdfHIQIhUUsVjKWR5cu5bdFI8HZKJDfGXhCXKUR3Vv+meJf5EBWjxPKna2GCVFNMFX2JPwTVYGJCUMQtWs9BsgH4KUd0VC4/yt5J2WiyIl/mNawFcLD4+GThxgEvBXBFeeF+Pv8I3xlzB78rm3KsdsO01KZRKzTUGc/lWMIJwVh296F/Gi5IJXsr4FR0XdxzyFrfKfew+INp0H17HiQmiGOATsN4fOoWbRObYiOWDuD1fhWvP3xMIolxVCI3Quw9YiCgdfNXPDGEGwXnma90fPIRHs6B3bvhALjRiwuPkjfBUI4V9yQVmhV8qIOHbAR0qdLPRoQvuIWFx8cCcF293DkvuekGbSVDzxHePH2D/uYiQHWdUDk1B48kRAHs/eX4abFBTB65w5IeO1KswZXoeHoiyi1YzTImK5iUJxI4726Kf34P5L4K4Fpwn/I3TUY4sTGUXu2I5nMEIOa2Q78LjgP+b+jsCBoGl7BKVjouRayjZyoZZEt/TBW5VJrcbg6x5rSrj6j8iRLvjJYSW8e29FIi+tcEqOHo6+Pp7yYJXjxyST4XYIooOsNXwv08YDgQYio6aFWI2PsfyXOHePSMU/ZlusahMDdWJsXB20hpah/vPdLDGxLfgn3/k7Bz5kfMK0uDfe+NILPpUJgl/4IT2wt4jWyc9mnuIQFhKNJQmw5zbuZSt9qJ2PxahsI+qEI1VHlPFK8FE7r2ePHLa7wYfMMis+cgQ8uyYDshxAu2TEXrXJloKLZhT8skIOigZcwLyOZYhIfwed9cfTBoBnAoh0WHh5m41NC8NWugQIMdjD9G8Lbzs7oMqxMnZc3YbD8Snr+6QzUy8pR/nsVaFqwgYtyDdBAxx0Xld+GA16D/CX5Pmv4BJMOiOPz0kJ8lSoHG576objoNVwcuY9tTK3hQ9Q3Srn+jrLLomHun4Wc2ONJd9rNYHrqQrC1DGQVWScUXzoOzL6t5IBX67EjugsnjTrLK1an0utrBjA59wPUDZ6GQK0UvLP7FIzf5g5znxnR45+ePBgwjV0bn3LvT2Oo9/NE49RlNEGunR8tVqbRtZmg91ielu4whBPn50HIan/6kKkKviq3qTMpgfYcleAaOVcq28a471wTfUs8CM37PtJQdBaXzjUE5Uofyr0kRRu/zGHVPjFqzXOl4W5NzP9yizqyxEkuuBmDlAwhq8sGXzc/RPWVZ1hyrw8YbcjmVzH7+VhCOi0IRkzWaAOzMDFwK//L+4qu0LGKfBRQmkOZ/fegI1KSHsu/4mvfFtG4H04Yv3/y/zf/N1n2N5UtS4MziTE0I9eL/54kfvDwLK+cPIKW3fpCLQN76YTPRMirG83Dqj+x9MQslElRwWzZIdCaHcbFRY60I1GSz0/aSXfEpeD/lTJ+eGMja0siKuzSpv9eDXJU3B18ueMjP7cehxHbIvnKRAGwm6sIzZXXWG+5Gg2HW4KD129YX2RNtdMb2W7vEN57rcrafbaw7IIMbEtXpqH57zlq2gHSMpxLnnp/cGmYEO8POQM9Wqo03/4LeCuogdJaFYgz2o33xaIwauxyfmvcTzOFOnDxBWusX/yJcx68Y/F0UXh15AtlXtdAlY0PYFH9MAS5WuJ/YzP50dK/POpuBraI3OS/OSNAvWA6Oht1kAhNxl9S9hwifJC7ur25fpY9/lNQQAvZGRisPApGdF+irwa+2OlxDdpsJTkw2I4StV9ihet62pl+ktdmuuKhT5NgtZslhUheotsJnRj6az4p7/kK1yolub7uI0Z/ZX7+ZT6+sRADp1kbKTj6HFpX9LAeCLDBHAPs25oJ2zsXw+cnlbBlfS32PJkKNjyS1Ivz2Cz8O5lUtfHJUB8YmvCYn4Zfwxu/9OiNVws5T1WBIMdKMHwiQpPHmeHZ/XvZu2Ml7Bs3TBU73tOmqfNJO3k6rEgAUBZaBaGBj3jVMQn4vYTB3NKf76IqfU9w4D55MTrx8SwHVqmCl6gy9IWdhBBRNxxoWc899XV0evEtsCl2xXGDVyF5iwV8KLIAuTXz2UggAxtX+YDJtH4aKlACFdGXsK/PBMokFiJW/4RTzupg/vIBe9rlY+N1CZzZfBQNvE6w1+vHqHYqn+YVXuS1tatZ+qoMvLC4y2dm1dPubavwQkY4zNJpxr4Fe9nNsYADNbWosOYEGvQJwqGlxVTncYc6Cpbw7EnaKGlhSzUdB+nXDFP+LrsInk2WhTolEbj8+DUWfVzJJho68CdLnDbmqeOptvs8tLuGuu+Vo7WGBzsJacJARhIEdf7mxoBT+PVgMK2y9KFNDrrwapM/nngfhWGu7zCkfyQI7GR83MtkuX0ETdx8An9MuYEP//iBwc1hHqgMIF/phxD0Qgfe1TD9eRtJ/61dzGZGl/hbdwM9Q11+t7YMYz+FUuqFWMpOE4GBZURWFifwkqkCpF3ZRQGXRtMGax0s/LSBXSRn8R7xIPp4QBzOB3fA6KQgcD7xg0t8fsMXtVAK2XOQe9bMovjAS+R1V42MsmXh69Aa+rnNjFJDT9M+NUPQOh2NdnWJlGURDV+eycP40fncbi4CYnE/yenldVjHYsSqu6Hg1Fk6++A4JxTcochTK9nJsZbTW6RB2SYPlbxrUG3qXhxv7gORfTK0OP8Ajd7/mDUUT3HZQ1nwuTgGmjcuojPrCnnR1Ris+tTPZWaXIDsIaIWSNbQrHAEb52F8vW0abKsbxD+bhdi8KwifvNiN7qlFMHd4D9zjaHSrO4zCB37A9QUCYDVrE0p/cIB6Og7XYrXo59IAOB7UD5O0i3DNyPlsqDNMxuIaIHRXF2wcDeCk8Qpe7tTJ+t5t0JGrjh4Lb+GyNXugoPUeP3YXB+1THuR3vpSytQZxSch4dFJPpooxa7DXdBnXGtli8MAE8HmqDfZFi3H0UW9od03DvHu2eDNYnYKmxYBHy1f+42APAYHuGP93Ikw9FIPnnZ9invstlugeAaV+YRgwcTz/nvABXmg0YlJ5IaCNODgfVqNtTxvxScZNrDU9TPdGOOOv1/KQVXsQ7QNE8aXMAa7YrAc+RbnQZ/yLlrVbo6n2CTI0H0SZ2+tYrGEhTkxQgt6fWXBy9mTodAtmjYoMbnV2xLebmjBkXg9Ml34Lz99spPTNa+BT0DN2PWABN317cGTCKL6ocQtSQ8+h8NQANlllw/ZzXKlmuA9fvohFwQ9KEGN3FDtWuvO4qD7ec1wei3LMSafiELlWjWDBh4G08Xssnf40AR4O1+HjM3tozadgyvRuoeHve9DqzXK4Nn0Yr458C3HSN8lMhmDg9h0uiTfi6BUVKKozH8/8EuN8+xrcN02ZZBb8Bz0LxlNAjgiImKqhdmcbiVgponjbGXz+bS6cu+8M1t4b0DL7M5eq/ocy1kag/2kYVrs/RZ/6Qaj6PwTAByAQCBQA0D9IlFUiyc4mKxKKOqRdpEFlj6RIUqmkaGiIaJCSVTIbor2EKBWFikpkREUKpeTegx6af3oMF2dagMrzcCq5S3As3Q32hyiA/Mq7cEo3Fv8F/sVr40fAKGFNHDphxB0Nc0GpQYT2BqmzWbI65HycB1ZJweSy8SOo5CyDmnvGZLXxGzhavYUP2oP05YkDrFspDMVjRWDgqRPnuqyElUMJ7DJzJIoFmvBI5wkgcvwlr0lwh7TpOhDvuZdqO2fQDBV1ltUtpZhziVSaVsr1Hy/RwIwPbCHUxEmSU2Cop4YPrbpJU+TiIFlHiFb5+cKHSlf4XqiEck636EeyOZjXSoC7lySJKV3ihd1hNPplDv0TvkvHXc3448RB2Ni9E4wuhsGIYDkQ7wvmJS9WgZ2cOnrsKYe+tyJQpijBkQbaMHkRsN5cbXwXMgKyQgvon/QrfJo/QJueeqD54GcOaoylVTN9KC7iEur/tsbNuQowgB/g5qwknPFagBqeJtKpiw95VdMMFJGxBOFhcRRZX4QRojrwSaOIxz7ooKNKNZxsGkXjDdJ4jJ4z3HWbDuOCWmCJlzH+JzwGuo6ZweUTAXS65jXcv1+B2xcwXhHaSzUtwdQv+ZIjhndg80URmLcmk5MXBJCmowvul9kPG6IG8NS6leB68S4cXLQB/XWfQbeUAkxI+I86z/7hyM3RtFI6A57Ju8Cy4okAhrthR6Q7GDvuoBdSlqBQ40FT7NJAuP8pTtC2huSwdvwSJQZbnmpA74pWzljzHKY/mQKh6Q/o+9L5/Mh4O+3KEaWSAGuM8RBkcXCDgcEWdBPyxZ4dSmCY/JWK1x6BOKGFpHnfEDN8PWh71S4W0KmmWUd72STxMRYKy4HGxU9UpWyIJe3ToSRqL9hUlnDi1DZcd/Qq3zLJZJQYyXf3KEGdyGycNSoHKz0m4NwxY/F+iAEtuxRM1ZNVYV3rR1aQuISvDQWguXIOhRzzwP2fl2NaIPNrpbO86Tfx4VfF3GAwDiYMqcOD8EngNSabNm60476kkWgetIdPK8ji47o1qHR8I7eq/GHVnLGommIAj7rFYNWu49hTWoAF05xZJqKfNd+sxWNfvElCqghtMvOwb4MirImvRdHZqtjqLIkhauvY4O0S/vVqKQm0CmDsxvuo0WND1VtVIXvNN3gy8jeIz7bFNUI/eWltPOdLi1Fzhhy/L3oFfw8aoddsZZCcmME3t4rxwpkW7BmzAfsvr2aRXCOQt7mEOmfOQMrgRxI8NQLiv9rB/J42fJL8Fk0PudKowhs0WfwCFbVHIO3bxbY9kRClKgkGEi0g/tuTp3UJwKRJz1DvdRwFWIykoVQZTi9UoWfTvVlTUwCUV75ng9RAsnsiyLvVTPDnMn98/LCZZ7RncFduHWzVMKeMYQMYlnAF37w0XKpuQzsPx3DiszscnGlJB41DaLDkMhs87WVxGRXw8t/LEXMqecnuHu6VbIbUH4fxmWUTG0/rRH/XQpiSV8V7N+nDyDHl6Dt/Joy+dAgWtM9hn0sfuLClj3bOGUHjg5bzzqI5BCM1QW77MVyaN4MKDjnjvGOr+eLBT3xv4T8M3OTM4vLHmNsruLtkLBTNH4+rJM/AIu0LrLLFiGZ5dYDf66WcC60wobSIFExG8I+jlqAbvhZLT8iz9PbTkL1qCUy/E83T7v8G+dv74WrBIcy21YW9rQpQ+/YNnDOrhkvOImA2KMLtGnvpl4opPu0/RD8zEuCDeBjp3BwHHy/ewcy8FaBb+INMP7dgbmQVziiqw1M35lKgogOi+DI6KiwOt7YpgoP0SVyc0QNJiY/4gYEAXdh9jctcoyDZUo02zx7BjcojoMr7EGl6vKKxB8v5m9Y0WJ11lOoDluKhRY0oeegU51c8p1GRIjAvdi52nbPDwrD1rKA0h4NzpTjNeikrdMez98cQvBWwjhY8loR908fQCbMD5L3VnZJ9F+LVJ5nwfXQbm+w0BmcVJT7sG0xx+w1APOYLjy6Spt3D/Sxx4BY/2+bO046MRRd7SW6f8ZVC0ibzbkcTWCu1jRd93Yev/P/Rhy3H8eimEZCZOhomH0oGw1W7+MoUWZZZMg0s7q+l2juxnOt4kW1faeJTAUEKGw7GLY1fuLEik0zfZED6VguocFagAy06sMFQCBSFbrJuQDQL41ryG6mBSlIqnPJXFB0SFGBJrjCJNOlDm3grJcxWhqlOYSC0cQ1cb7nK/iH+rODjybVDJuC6cJhl561FmdOt/GN4OS42FaGj7es59tgk3Cj9F4ai3+JyGSW4l/Ka5yw4xw/HdfLdoeukI56LBU8VaX+FOzwu2korg5JBoE8TYuYvB4UDx7HftRba7IIYGqq57/FyuFgVhmuPGIJnURVOyRQFq6+6PPtDO2WldWGD1HTMGjoMuyLO89Xwfzx+6DDIRnfiurXm8Pm5DevYXUKhW8rgoGdOxvNuU5tWF3U47eatI0NgjOZ+Ohg8BqTqe/l4dC2uqXfAOZt8ULHgEqwoFIHxW4wh+ijhEv8onNABoPl1GUw70o/7y//wAf1UbpOUZMsp1zFvxzj4vrmFn8bHAf4zhsslD7gkNwpSvc6j15GD7KXbh3faPsOx8+o4MGEZbkzVwVMDRpDYK0i/3NPoemwwVXafpX1atWhv2klNWx3oXsd0LC7y5g+ho+G90QL0F/Vh+WIZ2Pd7MW2Ru4CB4j00T7aTs0I3wOklLUQeupAoAkypitTvLgALDqrCp+KdbFLhTXuO+GBL5Qu+dTQBtk0yACHhQjBbGYJytilsN3CANz2MhZmPT9CGPffwitwECp20lS5UMBgaF7CWvAcsTzWhRzNH4bzgPpYpUmf/tfdJ08AQJd5vhr7/1GDb2cPcfjSOV434SZsepXJodB6KLjFEFd8e3r44mlWHB3m+mRhYaEzFCszDKs9AbHpfyy29R6BjTjOMC69Ht+GbsF2olnxXCcLX+nzoaj4K7oETedO659gbo4jfTMpw7qRqVll5GDIL3xDaToZTx0fD8z836FimAytdqkZr/2ZatDCZ8xsSUXLCCTxX6MZPHinCjnLAyH4ZnKm4n0v1R5GUfyhbTfjJzqq3IOyFFHzx6iLhq3pwMvoiv/6zHfffieLr8km40VQao9JMSS/kBao5BKBNXDu8rZMBm6kdeGfBPX4w1YETWw25oFIbv2kYkfOfX2TYfJhCnX/iMkBQk89Cp5MDrJO1Hi/06HBP7nfaN2I9jL//Gj7ptIBD4zusSbOEV1tX4rmGbEjtV6MaVWfeZbSCbDkPPa/14aOSalw+YhdtWKYEIimL0Ox0Nav9C6bN1xyw1zSXBh8gtGSOB6dBa/op/5qmC2hD9fVy/BWzgg2e+aKZ6jQeNWyBBmYO+MB8KS7OvIMNKyx54QxJkIjfSOpdPyEyewWFRjZii1w5WSVuwH2KW+mGiD0KJLRC/F5h0MlKQbFKKw6pEMaYruN0alcC73hMNPrORZK+tItmNc1mmacTQbtvOZ7ZUMirvtfRgV9T4X5BBp5tvUY2P0v4xJE4aDlfhH8a9KDAU5H0Y5nfpK/AmZdX0YL2A/Q30B6euI0nvzmd1DV8H7PfjwaLDaFwfNUHmvcEqVLPiId0+nC09ynQHtvGR+Z74IdbJ8HrxHgwOaSDc9pCuelGK4a+mA6fx+XTwgsjwNr0IJX43uJE/690MNsCDHrDuKajH2IlxkBFzEHo8ttIrUfF4YpBFi+NCcD7AmvIO3Ey2L5LoL4HGbR01nKaqmxLUeOW8vGOqzxeToijl1pA96yDKN1iBItmdKFqSwidE5qIxT0SpJRjCNqXMlH5tjioPA/gPWef0ptfYhAW3M6jm/1I17eDqq65YfANQbwdWgnDT4oh/Ywg/DbL4OXjJGD5C0dIkjCgnfnH4c9j4rzXduCn8pALfu/Ay49nUtPOM9h2eiooClnz46qt9FvIjmX9OmDeJiv0CnnGoc9m0UUrMdpbrkJjloyBi1kO/L4yjp9rbsWPXmfwaHI3Xcg+wfE9Fux8/Aw0CGykZ93CcOK3OqS+bOYYg+90uLoewkxG8kDNLFIYtqBjxqFQvnABznQg+F66kFWmScK98Tns0FYC+ncrQbgtG5LujOXHUcQnCuXAsVAQ1E2U4d9MdVSYkQSvx/3mUoPNqHG6GLVYAcyPuqHk4ntc858sXG5Iw4o4AbyV5o+Jtnq0daE//5efSmkvFkOo/2JqflSFufckYf8vZVp0VIQ7Ov0hvcGeM79rkKxeGFlOl+ISD2e8oJxAfxWnQ/dAOreMd6MutVBw2SROT+9PQCthIZgoKYXj5rtAe54r/owYAWuU18GvATls/DKWlNTGYcvUDp4epw0NDwvANKWADzgNY3OILOh1LMWGhEASWmKFW16PQ6nVt/jYbAUqtm2HOOeDbOgzxAaSI8Cws4eHu9L4zOsCcHurwKbJt0ClbiIG1Nmxg5Y6bZj9ksvNx8CmEBu02XedqnXtOCY+Fk+v+81P1l8EMws/9FukzP8W2fG4Ldqw+rwOPXWVBsG/1lx925cC/NLBaiAXq/7ew7/tgqgTvoy/OMrA0asboH6GOj117MNnqstZ+aQ7HzqdyssGt9DCHgdqmXSOthXOgD07BKk07wbGOP7DGDtZ3qnuwmnlB2n/4ct89dlVPBQfitorBaFuey+NFpgAU0YPo5KgOf5V1KTNP+rQo1+RjQZC2O5jJE1bNgNMck6w4PQ2PNaxCnfnD8Dt+tfkp+CIXu4nqGn2VpgwOJ2XfpeBkQ3McZQCIntyYPKrWVR95gclNxfD1hfDfNp4D/occqSeQ9pw85QQOqodIEXejNa1u/hX5wOY2BlA1qsUoTpoCP8svU/t3tIweliZyqZO4N6ISbhmrBzEnumk+NH9NPXEBApXrUEcVYfhYkIQLTsXJpm/RPNRE9jTXwnS9r8A3hUMOVGvOa95iGz/PmaPGENIznjPNQPzWWpPDzSF54DkwQi0oUSQnqiHlr/n8xf7Pla4LQiP8ny5tLaB9fgxKYV0UkntA9qScI+Vva9ihJkcztzWA8pxIoBC9jTj+m7w/zOEA/e0aaHhZxz+Moq7Jxbgz38BvLuxgKtlZ0Dj9NlUtP065J7ZRh8MyvCW6QmuNQ+jmvH3sG/9Pvj7ohRUDUThvrUtZq23hoGB75R/KQYflf/kBwXJdMZ5JOd9UYPZCZW03XIq7PdLwx+3m9BQWxKEF4/DTdrX4b71dUif2Iox4UEgUikFS0/oQuxKhB8PJ1LSmMd4SuoIvOmegPeTDUDG4R2Y5ujx7tOtoP97FDgtNWO5qcE4X24xKvY140SJfhps8KELR1pAaJMsSncngPWQGKx5owCFO4+CT8ggZr9Txu+rH8PEupOssV2DZ+8kUBUwo/haApm3Y+jiei28I2lFqy/tAr2JP8H4cCRN81DHjk8TIVH8IQaeRqBD/1HeNRnwiVDHANkMTlDLIZVrw3CXx8BNj32QujYZirKNoedIE9lHhPJEuUcwvECIs8yCeUjzMi/IyKbpk/6y3TUHGMg1gSOxAC927+L/5rtT19SpuDv5HpaGmKLgokT6sUERClbIwN0oUzh6pgECvmui1AQn2FPij/VL5sDl4g0s5vaXOtQFcGTqRvZUHA+F75zZxu0FLR76iDDSHcpCYvn8nEn0otYTN2M/XTwQB28iheDWo1Pge6KAXs6w5xwjN4raIAHLtjnQ1tunIOTIe1p8xYHyguXB8tkUfFKyC+c4itNN6VB0fepJ7akruWjRFpjb6YUL9u3BM5OUwCqygY4vGIvVd8/hO4dDaKd9kWzdEGpvdVC2TDMuG/+DpX9ZgfvwE3q40w9i/2Xge+U80C97CaLHVlLajEbsy3lAabUzaXqEJpzKEeQZHaK4tcsKbT3S+MLhR7DoUxO8iM+g4wvyMUZSiL8JG8Gp9MU8pfQJxC49RNGTXtGKADuSvf8ELmw+RZoHRbgw+Cmcc9MD/6RIFJ+xlwx8jvOuWkForjSldZdG4ZzzhugqHkCC5UGUtE8Z7FmF3mTugK/l8+DuShcqST8Igw/ewe+EItb/MotO7btL7f6WUHA9mD5MmECXjdwhfJY6Ba+cTwfeDJBFiCHm3HgJ893mYtpXgOPxebjsoB598O+i/u5f3DbjM/asq8BaD8ROr0IOEf4EDuGmYHT4MJ15H0ffNpXQnOkqsGm6Ovbs+I6blwTjpCh1aG0Vo8i748HoZxlOr5ZDzxBBKl6xhyJ3HeYBMwvQ8pvF8QfWku24atI20AajkcX01TeD/JO8qN9MgPlhGU5feAOVw5UwUfUfjzxrgNWtU+FC3zt0j7DmjKGf7P0mh+Q9O7hmmiJsVs3G9Yd28DurGHCZOAUaNcR5k1sPrh+TBOl7x0LYNHEujqsG3epk5n8OYOPEXHx7FCT79ePHmD24+tpkOjDBn85vGgHr+C5XOpSQ4nkD0hooIfXZkqBRfZZO0ylMijQFgYAUljvxnISaPkPW/atkU3MF7i+ch3ndmqC5PBz3/xKC7jVC3Jjyjx63hNBJFyeek1zHD3bOxTeOm0BAewzo/bnIW/0NMGxXOO7Wv4/fz4fQ/IA6im5MYe+Y37y3qhO+OJqB69QGWl1/A5zP+fFZxUiK6B+G+ZOe0MuULvrvzV5ce1CJycYIIkXnw1vT1/j41VcqrzmLImWjIf36Ns4vtaFHZyW54PYs3n6Z4ciifzDy8Bd81LIXRilow6K5f0FS9QdYGs6mxpmrcZ2cPHcenwGTFwqhvPdydtonA+dy6qC5sJDlBwK5fX40CN7t46fac8C/QhRk1udhhWka/73iB53xC/nAYCx5vNvCcQECoKbWyVKpNyitRwTaoqrRbPsNXP1xM40dnsMbI07ADZtMniXogTR+B+hecoNpk9Thy8cHVN2QQTPtU/hzrjKcvdZB51aM5tWuKyg2bhKN7cuDLwwwzSWSAqUlOX17BHjkP4Pvn5bwqvXrycvVApS2LeJ3Jf9xf7cppAqc4iu6ahC4NwMX/v0JpSP9qV9pFUaWZPL7BW2w8/YOeGpvALvuWqODljKonvCi1hmqsLjKBKdtV4MhpxryNZsEq8yMsVraCkR/CNOfWXdpklg/T4o0QT37G/Dc9hBvDUpBe/kgqNIcBc2/jSAnNIu77EWh2eYxy28t48lW8dBo/hKPxgWz888EXBF0n7VWGoJV3ABf7noPEkdd0e9+JX0+Ng+N+rLw1nYfOCkVATO3rYeyaAs4U32Cel300CjtCpm5WPGi7AVw024zbp82iRdeUkG1gq8sPE4Ddn6r5YRDT7CnMon/mF3GgZIazt0dBG2Zf9it5S1dqE/iLeOkQEvoDovfNIdlu+pZ4mwPdEfNxC0yZ8im0Z0kTE7SND7HtvmS0HnSFWQvuUDn2IfQvl8R5q5VpGLdQJiVEocLZXwovjSfh1Kk4ZRnN1mtXc6rChrR1HcyfI61JDe7ReD025x1tlyjlMdr0e3MeHDj5Ri/6im8zXnOicZqeHTHboobfxz2LTGF3z/sUOZmE+pJyAPGXufduUt5d5YkbWi1wS+JW8lnRDb87rtKq05Mo6jvb9G3TQ8e9AaC35rbGLehCNYsfsNDdeuoXasXtv87S8OuHRQfkk+3eyyg4+ASnNxUSWPDfqO3VQE41nVjZNYiFClLYdWdQTC90omEps6AgCInMg+s5KubppJcZATVDeXiiFJxulN/jiwzXeFJymJ656UC+a6i+Naihv4WLMRrfr5gWawOp/do8vXN7qCZNB+sn6+GbklDCNHSpcuSf2hu7nrQvJJIcaWXMWdFFR6OvQo5uBeqP/XTw206MPFXBiZszKfsdhlsMvxOLRcOo++vpbRuWTgcEdtAalp2dEVNGIbH+9NSV0Fc+l4Lt7xNIwOtDhx5fpCKo5JwQXIdCNyxR4Gf+iCtE8EnwZILriJ901/ADWuvkaZFBGmaJdHyhtUc0lkPdQoaUKylCx4WSfjatQ/VblVj5cw78CE3kfIyHajgwQ54LKMI2kvlIdvJAWZIWnD+qQ+oJf8HL3gK8+6OU+y96QD4jusER8ml1Oc8FdB2I6vnNpKeZT/9+WSA6jFCCP/m0/ARTzZfnAdsugO/J1mCSNosnrB8JGrtr+DrIXksdSGL2gSiOF9fFE1WRLHF7CgQFDYDH6nHdHpnBb5zHY+O5x+Qn6UihE4dwg1HHuG73lsQKXCFRZdYQLSTF892EeCsZz+wdJsKBxofhw2aa2hRcTltabnK/k6bSXXOCEiyFqO/C+7jhV3zSEr5MU3XzKBdpz5g5z8FVkV9kL0yGjeOBygSCcPP+v60M7MTrvQHYOcDO/iw0ZCfdb7DfLNG0M4axd3iklBWlw2HfTJo2+wXYHbdD/LVJKglzo8ELKfB0FQ5qA4f4nU242HaqFCYm1kKJrOGeej5RXIv2wDuc8Vhdsk5sNqdTU2f/oDiI0noeg30fns0U2EBbbmxDQrGWiBlVEPy9m6QsrGH1rv28GC8DljYe8C3QVP0CqqiarsCqLjpCVGVx1BoFtGZviOw7EsQyYnMgCfD7yDRcB6OXtlNUz1d6XMFwh7fq2jyXRieFZZy5cZS9HwkBVEOeji7RwFejZagN38/w1mLn5T7wg33Fe4iy+lraLBjDexZpQM9oAXhVwJp7+cydr2UD/+FWsB6VzMyeDwZZE578otLFyno5wjQmduEM5be538PNUG8PJXCpn0BL7sZUJb7koaNa9B87Ef0Wj8VWoO2gb++EV/ZO5kLRn7ljFFGkAXJELmkl17tT6Wvu30ppEwaLmvPonHrV6D3Uhf4EVlMJ4vnYW5KKsrfHc0TK+5h9NP3cHOeIqybJkkRhwZpOF6TRzvYkUXmalZJi8as7mFu/xhMoeUjSVjEEqZ+reJfGmtpR1woTnaUhaItz+n58lpcd+433xIrg/eBw+xjaQprh95BsaUjSP5Tx/f3ajjjxku47qVN+Qfb0H2qNsV8rsW85VIQ1RfEX+WbeUTQYT6S2k25q0+h5QkRblz3lwQeb6DV7EaxgmIQsvsNXRUahjlLjuEE8RgqCfTiRRG6NGevPPb7JoJLYiCst5WEwjIJHGxpo0mfI3CnyWIuak7hVxvm0JcfwSCUrYtfXt2kN+mT4KFXNAld7cVNptM5WCqQjD6U4KKgSmi1LYPVyScgU9KTIHQMDH95x/ZmHnzu8Q0ojlqM4TvGw8KT7lzh+YdXPK3ic3E5sE97HHw9sJc7ZhTDV2sHGhvvzGfr7PlB8H7aqWvPoSYVrHy9B6a3ScH4WRfJZ+8J+J6SDxs+PAG3oHNo7rWbRDNnQBaf4/1GT/CCnxo8/jzINkE9lJM0jm+oBqFkWx+du7mc9rVlYnX8LD6w4QV6p1mCrRKCzpAMTJY+yWbS99E68hEViJ9D9fH6wPcGYNSXV3gyWRtmrr2JPwR2gVmcFZcHCdBx33woLN/Ektpr6FnfKfrubQz/HE1A72oBj93XhULPb8OnLjEKlTSj4fRKtJMRIOO1s8gozhBz5inBbu8Bvn7hHR5rluCnpTa4tbMAz6xfzopOAlz65CdU6SRhuLc29DWvBb2Rv0n9SB0EbPeks/9Nw6rjtditbwzrb24Ev4hn5PqdYGTJJ9QM98DJ+Qh5e9JA97w4xj6bRd4iV3Cu7GiqHb8VYm9Og8lPfvC0rzEg5WiNeW8P8r1KGdYtNKezHtJc2jSZ3lrIgmS5JLw4/hPietrIwDkSR++IYf07R8HnZiufHv8FLaMrebSWGtgJjoUD85dwbYEYmPy9w4uzM2hlx0pMHlCgKW93UbXLROyNqufZA1oQfvQ5bl5cQFam/6j9bz5s83DH9ZJ/oGj7MMb3GYGGqCQY6TMsTdPElZt3Ecr7ktS2RFQ6GUj1bwQpxf4gnvmqTy1VKvDaWwN+/PIkGckzNFHsCQwtS+TXLffooUc+/ld2kfWv32KNIy8weudEKJ1bxXMvuNOyFjX2qRiJu13/YyHF+RxXL0TRP/LJS7Icf68bDc3xkhAgWw+Or+X541IBOBF7Gjc3rybXJCe8m2AF6b+d6HaeAKz+4kgNF/xYevk5rmx8yrLrVrJ23Vm4uTgVHn67yuGvFLm8Tgn2nFLFQ+OkSGHxe9hjtwHyJxqB1fq7FNeqClbhydRcH8X/dutA7rkokHzZBVFyhvC2pwy2Dr+k59Gd5Db0jQ7NNwEJlzD8tkQSsr168OSY3zg3YxHHPR1EnWu5oJd7jAfuK2LXmlNgX1JAqd/GQXrWTDp/xIyHOJYSNv+mD4W2ZPmqDFU3m4PK4o+okPiD7xmbwaUmA97WFEzbXl+F6xsus+Cb47TVOQuWpHSivNYXED6+m8NHCMC16RXUmphMDU6nsPL2KD77Poym7LhNdtDNw8mWPFUjAN/Gq0JF5n+0MiCI9jVpoLdTLTvubOWavyIUKzWZPzZ8RsVju7jDZgrILPEBY51GUq6MJlnaRH3XNHDhf5I8v+UdLm/+wBdM9SHnmjDsMPBFp7/idNDdFZ6u8ObqttMg+HOQX75qgDqTDnjaZow/T0+CA18bYGjIHsUW6bOozRL+IrAE3bziyTj4DFvce0d+3oIg0ScDd6ABZt9+SlsMbsEie0NUGj7De6TuYEbEV5wS+ImELHx50wVRmH/bEhaoSqFrQzwMb2jl+32V/Lo6kLo6zDHY9SnG6j7h01U6EOZ8G58/A65LeMYXb37CT4LC+DbbCFYdisLpQb9Y70AC/h2QhgljZGHr7YV4rVoWFU7L8zLBTfRcaQaNvfGPRpxZDjvWq4OoIEGzcifPeqfFQYfcqezbIYwt0AKd79M4X8+FllgtxstmRyn0kST0pa6AES5ptC7AA931IiBh3WMSnbUJNs+OofrHyfhs0VUony0D82USeJa9IllJjYcdExUpqc6aBKZpM9d30YNtgrQlvg22R5iCc6QfLG0ZosDp/vjc7gPGxKzARaXf0WRJHYZ4ONDczBRK/WoCdb8fwlT7edA2ewBXLdLiD1a9pFiiCL0/G2G37Qt4Z7Ecvikpg7DNVy58cJHKh9XZvW8N1ik+hLp551DR9B3b2JWjbto79nGxhPMP/eGupx5BsTVLuRtw04b3KB2ZRbXptzB1zjS2XqbI39rGgH5lNSwtWYLD339D4ekw8vHRYKlJLnS3JAn2RwdDvXMaL74yBmZ736Gi+nu4utobd2uEo1ebLsbe2YLX1/5k7ct7qW9vJr7LGQ2GHbXo5rkf3RpC4H7tRbwl8hhS916FiCn6/OuIGsy9L861h1ShZ+8VnqSRyu15PSSsto0k4z+Sp1wvjag1pQkfyshhth6lHTCC/gkFYJNwGFr0UrCnbTwnOkqxx6swjJN5xImz5UHwiBesbzWENV+78JBjHM6bNwN2nerDKSEDqHKwm5bMzWKD7QWg7dYF8c9VIcJRFaXHCYHzllkw9EMGtlsfhlZlHXQPS6dJN/TxxeFf/PKWMExwNkWhFis2lNxNaqOc8YiEAIT8jmQXdxXudvPGQZiLY3EajBo3E7LGOpPtia28QvcE1WrV8aPwOvT6C/jq0zG6euEUi7lrwMZRt+n5o98wpfcomzzSxFTham7QFgXJhbdxwyN3uNN4igcmGMKwzkM+cCoAOycfgzOP2+HSEQMK/iTGo118+XyMG5z95k2nQQLEZ6ZCU500JbpLw7asd7zVTo9bS9PpvwmXIKmniUu1vpLvXFP4bHefiv4uQROVo3x6qjQ2Ti5lrWxR+NcbAiq9DbTCR5PyXkrBQPBVmiN4j9ouWnL/0HgUlX9MRgnhFJuXy/lF+vwg3RHDVk6DvfZzOSn5HvWnG9OkDe/w55JkNvK9zj8jimi1URuvqkghgdpRUJZzEtIlZHj/ehW+1ClFx2Y/INyZwOdWBsAd5VQ4tv09+HVYQElIKYh4ZkDf5OvEZyfzYPNqci9tge29a6hwynU2S3MhtUpVOH78CIzLygJxnds85kEbSjYWga7cAFnPtQUvpVCyP/KDm5PV4dHLaaTY+xiOHnHmiPMH4cpPB9B7Ek5um7+hY9F1yFT+Sd/yDSBDfhFsO+6Ftww/48NRO0i8r5idYl/jnbvnycjxE+a4JeJO1gBxjUGYmrOE3+wIxKbMdBw12xrf5M/D/YVhINgVAZmnFAgFLCDCbjv63VQm7/iNuPbHPNJZFIq5U3+B7rMtmPZlPoz/MY1WPBAEmWcHSTZjC33uvUrjhxfgEn0hNoqqxhbxTejRvR4UxNfzqqQp4CZwnUpD3+Cz9/f4VPACNEqr46aqc2CstpvKLivxDNetGHdzCjQL1UH/jUL+vu89tvysx5nGmaA4QRV++RCVb/OF31floe7eeFB5uIEtR73l0XtT8FHofY67lEgVrvdwk40W/7plzWLd3mg1WwS2r3iCJxfJ0VO5QRi3U5aSzshDo4YuazQ5go1JJ3r2atDogxbgW7OTytvt2O+oB0Q7n2eXxG3kd28Hiv3NolTlX2RyeyngfWEoKNyCZ1UJfcu+cNLJNpAr6uNvG9/CZ78mdnu7kKv1g0Bi9ggIPbyHzjzJAvOnyFfX7ibZDCv+NlsM63ua+cbwDzyXXMoehpaQf+YFnHkWT5Z+hlSouh/9ipdR1ZUDsPHQWezveMFP5pXT3Ao5wHmfObA+G8yS9DHyw37KOabEkP4W49dFo4rbCdrWdYmTv8mBu908WpfgCorZd2jUjga62zGC/WJL6ITlA3SY2kiPVzbh6EniYPRtARxvWA3O8nu5JKGf9a0PU0dYHo4Q1MPeAmNSeTUPL88BWBJ9jvM8VOjwjR4QqJXABNnNJPJQg+o+aWF0I9O5799YX1ISjjnpsNtIovo6VTYa9YrPNdXTa/0XJPlhEL5qjoErf05x+V5pyKjuglQVZehrPMIF+9dRaU0TrKrdSJm1U1hPRJjaDo3F7gmSIPQ5lCJ7l5LIvHfoPRTOAsF76WmhKs0WuUY9e6pQqdmL3vsAjB/VRX6F5ewUqgWJ0otBsK4NrL/bgI090s/6cA4J6+NLVWPh9uZwfLpjCobIl1PnqR78o7WPxSM0SDi2izTTb1HPiwBomScAhacU8b+jpayoHARPhH5Q781mfux+nF4rSHGJ4WH+FGmCufEK8LY8ne94+NLEqafJ7lUFfDELo3XXc9l0VyPM1ZsLCpv+UrGlKYgm95P65wJKcA0h99DR7JsSxG63C8BF8iaElfThmOQmrM80gjWiB7h8zQ6wKyxmpa9BLF81m0aZVKBpymjW9dkGk9d3QWCkMVy8Ek/D517xjJcbccHlPG44spB6k33obWAoHtRzpUWnw/h+nylYfzmBewx76ZyEPblLl5NFayCqy49C/1f+uM3QB1CkGJpBHoz/vWS/dkXe4pRBbxfeh7sdGjhZNpRDLqVQSm0cCo+upjoRC7iYswUEbmmRtEkUrpumyFWGyPWbE9he1Y+/ee+GzY92kFKOKXy8mkBRFVbo1SDDW/Jv03INcxr+XIvpcsLQ9mUA0wSc6VuFAUzwiaMn6meQRZF7HplCY/FKGnswGDb8ucI3Zz2gsS8y4NJvY2gTkaD3CxV5V8JD/iPWC7FlovAm3BPd7n6AjTcNOPrDPBLjCbAs5RJs3OVO5cL5KFQfQbmvq6ApbwUU/X4LVLGZXrsPwFdvdTD4lkkJ+60wP+oLPNMewE2NP8jQ0hOPHv7N89vesdSwKt2NnAFfPpRwSLoXmx3fQc+k5wMMB/ErkWQS+2uJ23cd5lfGd2HqAxH4t20kGqSd5Wu7M3meUzhMtD4Hund/QoGaEV+o8qe5Wy/inMnTIbwnhv0+J0DWaTvgf/HsmC7P/eN88PgZS4pKK8f/Bt6TTrUMeHtm4cxhL4g+soUK5Lbz5TG+5GfpAK31I5ESLsN7s2uUIq0FD8+Pwyu6YyH/zFuyNX0Oql6TQbS4G0pHV1PPy1rOuttBPkajYcTfeDS4FQgj57/FbdXbYavdAAynC2PV1gPcm+6J67ImsJiPLITe6KO41R9on+17nhsYQKy+HEzG2YJ11wNsiP6EVgZlbFKhDPeCt0LC3YWw2nwZN2ytpR4dJ/6U8hFfXzKiqSbv8WFqKRzIGwm5cV9hoaM/STkehl0Xd0PVgnxUktnDnunivEYuhUJ2rKOCMVbQtlgdVdYa8psZPyn8ni44mrVwUPE23FlwEFIfVpL28c/w54YOaGuO4Kvip6le/AT0LHiD805shIMKEfDnTj7GqJbhx+SxPC5XFlKXWOPbxCU4q3EBV3XtQ7JajC1JZ9F7KInXPosG3ZZgFLFCGG2fTEONTXSoUgbW5twGG8cTHB15Gvde2sdlhzLAaV09GShOA70Cd/BfVAjr8lbCr9nS9DFoM7rEy+PLr7G0/nUp1CwfRNFvelC7pxjk+RC1bbBEfl/Iwba3YGa3BIrlyJGe8TPetV+YTcSV4cF3DZrQdobrBF9TvHw/aNdG8f7Ho/GH2Ckc3/EKzz61ASfBkWCUtovTpObBq5e2dO3MdSqL7ARjyWOo/G09rYn4RguiC2g6CcDvgARwEUsmsSt7MH7Oeprcfgyn1cyGESrzKSHmPxi3ZQNOWSQLF/rOcnh4DYnsqkDDLQQs28oDZaq88cwUeJHeQrISL8FBVAVuLWng40XToaNNmFzXi6GA1l+e7zrIu9LdUPXOQpy7MB0iVQl2tBjgJpONbL/7H13elkYbVheR8gN70HCugOffKujddD3M3GYKXVfi2W7lB9xyWAITk6XJbEwM7wvrpmHDEDg90ZMKK4Lx0QdFiAycSHZ3kSwy6ilXuYmeyVuyu58hr3fP40HLX7ji3kSQ/k8TLiuKUryxOBmreWB24EFOHfmehl6swK4Xg/xv/xWq2qENg/lK8HxQGHYYPaRzlyTofPxDalz1GS9eecgzu2rpaqAU6rZ2kLaxGiyct5/fHFoC7TvXU+fvGNp6o4n1PWQhe64xZ61UI/vng+i5imDozmde9XATdA8PQajeWY64c53e200CPbNyDuwI4pibqphVqA8/4kbjmdQSDLr8CvNjV7IQO5LAZVOQ0Shl58zflL76CiYZ6UPRdVH6EPuYlFbthcQDP/n56q1waaQPn5k6hRUfjoGDUTu4V4EgNe4srQqLwryZk2mB+XQ8W7oaH2t+IQp6RtFJS/jpp/nQtEgN9DIe0X+kiU//5pPo2EO8wsgUf1QkcFSLNf+pmILXnhYAuQtAyJN3dO2/Plg/4wOeCrCgl88dIXG9Ix+SjycS8KdVm2RA5ec4ENjZjH6vLuG0xw3ctsAJG7vcaa1XHA/mXYPRdQKs33wTf/pqwsrybuiySsOEhz0cZV5Lb/8FQtN5OeyIuQrny0vh88AC0E4xBe1uUbw44RM6tUniwMFWlqkxYpfkz6hzZg9cO3uccl74U854SVgVH0AKq6+A8NkWuj4viU6NesEvx1pRy0llfDL6GFO9FrWPNYH+19HUqdaO+1rbKMNoG+aXPYJl86Lx3bFFZJAxwHR0L7Z0G8GWrjf082scW57VAjx4E4oLwiDqVRYU+E7Dc5aBnNebDwH3rWCEcQ2VdjRxxppo2KsaAtb/qWHj+ge4NkiJPhZZo7nQQw7pM4bISCMIXt2Gu7tf8b9XM5kWz8Loler4IHMhPax+iusDkkCvwxRWjfyOk9Ss+fL4GGw8vBDiVwVz4yp3Lg55RYo1g7Qgdx64B42APbKWkB19Bq5fBPZ4Yo6ygWMxzngTOk++xRr2wVQR9oBfm+rDHpHV2Hr0F/87Owpv5cTgiA1X+OD+2XRi0TD/9NxCs5p6KXesOuw1y4FT0j7w6PdJ/ngnH9sbMsm2KpA1vntSzbLj4PLgChc1TQRDWTu+XvqMn8+ayBZHp8H25KWYc3Ui/k1JQDPBTliY8xvb/0wDibbpsNjFmOjkYpgSd4vkHCL5fqI+SUdnQPTTSXyKCbJNhMHwuw8dt93O01QyqabsBsw6uB+3JurSjgtJnPh9E759WQClG9XghWA1L7a9yWOdytFpYDTtkYiA4vhxYJV5lqvyHGDV+1ho/TICTtiag1CMIlu/msNvQvpYJrKc9RzvQW+cJOX/uYTxbU9wZdNIeFBxG9V95+KBCA88rddEuhHa7HajDZKLZelqTDcUKpxDx4zpMHjQCRN35OCr5lV09HsaNpqOwvMFR6C6Zhn/5Rq8rPcSfs3UgcS+2TB2cwbwg0q6nH0cpp+/QSWW78jkzD9YlixPWSWh6BQqB6ErG2kw5wuplYjg8V8HoLf+JjdvdqTihXPoQu9ztH7ZDdvnjYKXskF867YKrHgugENZs2BC6y5AvXw89+UQaa6fD0YZ1WC60gAyRe7CDQU3zhl3GoO5Bnt9u8HS5SI1nm7n6POVeGHZYt73aAqISJby0yUvKaBZmyKL1mCZZjrcjFclbwkjHKMZS8H7svm8ij7c1vPH7+a/uEfYg0Oyn6PkF1dMefYc1A3X0oiHlzB0yxm2DJsGSyI/8KMCK4hYmk/Je++zwxchlAdj7HGxBf/rR0CjM4TX5wrDq702/M5WFh4pRUL2kB/ckVmOB8LTeMf+Zmy6toLWt+wgFWV1mLXUB33uToGziw/SvalOuOjHeTCaI08jMsoIFhehtcMmyrDRhFk7tuDlpnJsdpLAj0e74OHATbbePAuy5Vw5jJNxUMkanG+pw+cD5uD2Uh3vffIGp/lruOw/bej7Uwf9i/PwonUuyN91RnQVhervmnxfZyqpXDDAsafUoEShC2tumZBu81Javs8IwyctoNfdVrCjajY0xGdTuEwK+IV+wCWe+Wy0Np3DTGVg46Y+DNS1BXUpHRjaXkw7ezqwudqI/r3T44v77WnCWim6lTwFH0TVg+42MxSJ1oaznQtBfYUJfzD5zbtIB9O+uYFzznN6GNaLVcn2hMLGaN0rBcvPt1PcpRZK9x/PvLwEE1pzafy2CHKUrsMbKSI4si6eGlfIQdOYA8jtlpyankA6l9fgSL/n3BtXRndpPO/ZAdBp8Q/g7miIfmNOM1LtYJ+tIE+/dRbeJO2nF4dEyHzudrpu8gjNfLogrEoJ4m0fUHRKNBr+WoFixSs59NxmaNvQBh4XXKiqKAa9he3h6UQzMK3ZBxH+28gh25U5bhKsavgCNSV/eGzXPkzRcKbOLiP8T8wcltYVwTbztXDb9gKMUfHms2ZqpOhpDHEtAZRXmAGWWnt5m8FUCPleAv/pCpKvSzYf3NLPn6cl8OrNDhyvKQk7DbZAg3w0ickIwAnxbKRzkaSwaw0k6AqR3SZHHtX1l808zGCjfTC0L74Ln++Pgson/rB6dDV2zXQBeKbA6WtvgE72WvbAbHyhcIBcv3nBqHQ9eLu3EPmKFJ0QSgWvwZtoVv+DN2Mzu25xRxfbJDR7fI2lc43h2JZHMLRzEik++YCNKxZR/7q3HFaYxH7e5mC5PoXqy4shZd4UuPx2mEAxGzuzPOiCaQ1fy1ek/I+9ICOkyOfG1mBHaSehrBWslS3lw4ajMEgiGD2DyqHxMZPuryjcGd5Mg9ZiGD7XgXzOiMKU3W0scNGUwrqOQVFGJg9d/4sXnzjTrPJ68Ax+iFJjFfAnjQT7tFmYWkEU8KmIfMa+JtG5G9hSrhIyA//C0ZhcGi7eimE3lGBqyQy+oq4ML+uC+IZRPjf9q8bGFyWUGqyKJ608wP/fWrglPwLGSW7hxMhn8NJqIitedWfHkqWcuSqOafkcdPo0kzS1H2LWP1U4/6GGLy4apgcFy2hc1QBVBqqyRYIQiB7bD/22X8l6dTPI90+BFwea8NvhLBbtXoiSft2473Qp7pcKwM89TjRy7TWIGRuMZ66rwiPhTaw3/QeprO4HEbE99NfiJJ6684jNO1zY6ednnvxlOwbnKEH7iXCofKzO+fcq4daJrXRITgNvVqfy/J9H2GL5Gw7Tfse9gbrwp9OPzu2rBauwA1DkZgMhcx3xRaAgjXk9C60ud1JK7FbujlCDW50RdGHGeVxXlA4rph5na/PTuPrTVoxZvxdVzQtxursRTQID+C/BEt6K1cPQQDoWX4yFiQZeWCv9hJ3fBXKyXjkOS+RR9iojCFV6zyPve+HzxJ+kleYESw+KcorMP15cVES5DkYc+skTxk2YDjrHo1lj2IXuTFwMN56/QpF923hduS69ejyLfmkvJO0saRZ8owDT7FphYUA4arrPo+E/obzbVhmU2++Tnv5dlhEUBcUJerBvviqIO86A4j5HiJjUCNceruVr6vJwWkUINnVvRu+nV+D5lh+sc1UMZjZUsLGTLr5Y20Rf/G9T/yhxvFabgfUCQWwbOxGUyyTAVUAHZOTDSCTgACzWUKIwsWHU1fABz6Qw3m/nAhvDimlG0E2IWasNF/Oy6KSQMi5vTmHv9xsxf34I1Mz5wAF18rzHP5w5q5B7XqvBmDs36LrfaHh9Rg//DN4CgfPymDPTCJ/ZjcGhVOC0Vlk2n2QOH+5uo6VvFrCW7QI0S6ynv3l1MLX3GOxx1cUbanOg6PFyyrfVheOH+tEv1R6OZL2mfePGgcSPt/BboRWlypu4ZO13Ni/uh/7zE6FqtgCNkdDm5exLETdu8d6NZlww/yDaQC18EF6L4akpON9pIvg5HeQdq+7hg2VfMfujJEyp0gPvMf+BQbUHHPk6k360/6UqWT2w+PiNFp8s4Q/fG9n2mBEU6WegwDpZLjiYDtktWSzhfoOzDeShbcY5sJ2ejcceOWCZ91Taa5AKYpwMuOc1LE3wZQnVe1hYPgGWJuTySZ0u/NTwhhqE5PC8+Rhym2mEx2J/cJiSM4j99STxc/rwtG0564WXQpJNFh4XycflK1LhtPMeUhzS5WGjN3h1jwkPTFGB9065+EFmHJe9DGARmTYIslKF8Dp58tU8QrGO7VBjbU4LnM1gjcAGShJLxITb0TzWwRZmORzDmrYqrFLyo+9aivw8Yym0zTWABy7CMCxdSGuHTsGBujh4MzcAjO9LQPpWbTax0ifxrwqYVzEGxu+cRzV7QqDVczzJ7T/ArkLFsPRTEkxy+81ZK4gfFLWCfYcReK05ioYW19j3biw9jXaBfDVTyNZ5h+t9JOjkZ6blP2ZDopUwvDikQrlX7WGz7hCucPrJAq+a2P2wBymDMN2WnEA/PL/Q2zJ9EI/xwByleyDqvBQ/bbWGTeLPuM/2GO9dokQhySu4Qu82vZunDC11KrjC5hqU6H0FkZpI8Fn+DHfoxWOS6RZUPjVA27d9535nAZixzwbebJpHQ3dqIen3V8o6f5FvrDfFq702GOd0myWevIPVG7Wg6z9jFFVrBAmNW1z2cCTPHf+IK9X9yeZICj2cJIEBDtboOGMUDH8TBLfE9yzfMYMvCNVjcYswBL7cCZdeTIFgm4cY61TA2m0WcF50DMnlh0LvqEXkMfcH75xjAi/kvTgubR2P3daK84KTIS1/Osz5vAYVZJ/w31FhsFHOi44d301y8emEnmr4cPAvbFJXhoO54pA8ZT8OdQDbO4tBw+ZV7FKiiXvX5eOIqP/4YOJ13HDJCy9IT4IV+62plP9BZkcl/htzhDdPCKDj7gyTd9aArB+zaYgIR4coguysdHRZJMvfBjVI6vhO3vZ9HAQLT8LdWlFkf7aOv0V9pzU1GvAo0guv1Fxn0zYtnqs1mdUUI9l3mggF6y/BVSfTwa4Uob9UFCT9n6PHoCl1d/0Hl1f6sMaICmo/FsNmVguhPfMEHM1ZC2kZaqD/eA9MLWvlIjjMg1+uUVTnalxhZUbn59dTWE8ouhp8prRCSXiv7ACpLmPZrD+QFaaqwovyAozx7iOXyh+oNUKSoi22ssQGQXhz3p8DbQ157cm9MKcuBpblRcHV2gIUWtGM2oU3adnifVglawjitI6+a9+EyLAJbHNVnh3atdBhnxd8VKyiORfWocKaBhhtowXPfHfDwlZtNK9To4yzH9nGxxJdptzgjNWd+C5ZEwOverPK/wTAByAQCBQA0D+UPUJkRfYmSUaiTZFQ2iJRUZJoaKhUkjKqa6DS0KAkRFFKKEXJKlkRRUJRKUXdmyoDa4e7oG+fA6Wq+nDhikw+Kx9O94x6IEBvDn9tm8qXV9+HgA0icDIkHXt+70eztBg2VNtJeSYrQEBxCXuo9cCh1xfBcKIxDLcJQH+hNTy6pYRKvyopLaqcPxon8JfARFhnE8ZLNTLpe349zfpqCXeq9Lji2ArYYdEAq7KE+FToW8wN+A3Si9qg8U4jrR+242WWlvB3zguoUH/GlxqmskHDa1Ct+oOV4rV8620SLdz5FG/YavHepTLQe2M2b222Q+uuf3g29wd4WF4lu6+DeGH8Uz5ZvQNe/VWBzW+sQDvnHdzXWcFvzX34TkAJZ5ld4kbFVto41AvR0eHwadsxXnJeATbf3QCCGVOJzWbwm/AZENOxmp8oaMGSp5HsaJBIsyZpwk0PHShY9JJ2mCpDWgPgt2sHYaDkLHquy6cHPUexa60Qv0zchrP8JoPzcBQsrNvJwbiCJHdkonyuH4e1ZnKlrwCJTVRjbcNXOFtIEswfAb2c8R2XpTbAioox6HlJhQMiCzk0+SaVKxyjoNM3yOSQPnjoLcRn+kt4VOBR1J/jB3JHclDpxzPqTzDh8DVd9EpqEKalyoJlQw81fk5mJ2sxblozEpbHFcGOt6uxaHcSB/e6sYl/CJSvHwuLSQ5aw4/gukmh2ACjeD9UoL3nA5gf+w2fx//jW59iseiDOSR3rkbL6EQoL7pPBW/aadtLWYwdaQvnU5TRsPoH1efp466LCjAlQZtm9O8CEZMfUOt1ii8mheK1tC56NFuKly3fjcWZWyh800hYE1OPw49z8ajTFhJ8N5Yki33w5fFMOHBRHFJuH6a/z46Qn4UBFC2cxGJHRsJoeU00VPmM1qoPMDw0CddvdML/NhnD+zxBqDaThUe96tjoXUHfbqQi2BzEl2Vq4EWicOHtfnRXlmB7oX74ZGUMqx8/BvtV+njgsB6dPvkNAlz2crViA9QpZeOk+lm4Vnwtv8ydDIqxR/nbg2ZYHhXIZgXJIDHhG7e7fqHAm3Gw+uc2jqqXw/nDGmDWbI+/e/W5KUqWP2XLsWBVNyy8fQ9iMmswt7wDmhO+oMtzOTBLCYTVh7MgudWGK4sBdMJdIcjqGE3ec5nkU8pASSUBF8wdBU0/avF2piPLDlmQzoVSmiT4B+XoOxzMNKSxUvK0ZMN9WvFHDhz7svnhbi+6a6KNAjlupGFcC3ZxwbylJpkUIor4vPVuPmRFEH0ki0LXXIHutT2QEXwOL2UqsPt/knTLQJ2V/y4EdxFXHqyQg+gRTyFhggfqiU6gbuMh8qv8RhoVF3BX8Wu2FrIEl9BCzO3RB8/+Zvg59T+8Vd5Cy/e3o8bYUsjV3kxtTid5TZwqd0wvxHoHO8jvseUJ8efR8r08b9uQCa3BCSQT/gTF562mgoTjoJL/lCVNbOH9kTRoinqFtq4d2OS/nZTe+uGlBd4g7tcLBUEKEKS8ked+HAc289ag11tHvJIsRI5l0fAiXQomperCbvNb3PGrnXyXKeCWKWNgnaIFKz2sQR/9HxTq/Q/E+1sgYtRt3L/tO4he2kAbVF6Q9vPJIKjxHtfrBHHZjzlglxDDqb+XQMrOtfjOIwHXbRThEt0J+HqSOrzw+EPtl+ZQi4sD70qQ5RkW63nBJ29SX3SCa8N9KbWwh1SaBMFGuJw6Pdzp7dhlpCX+g9NOpbOvXwSsm72J10/4gzbKx3iUrznYdv9F14oBsJ2eSW71j2GBbD65DASC15aNOHFkP6cr7AETZznQ8K5D20g51Js+H4SnllJBUz+cbHlIuz5vp4TAJnAtcyOjNmX42qSCL7pe4YLl8qBaYQtd91Wo8t4cmBIWh8nVrvCwa4CcujVhzfticDgcSmYCS9BHrIRbyy5wZ54Av4t1IrOYL3QgbRds6h8Js2yv8Irq42ifvonaHbfgv2PeuEb5D93wmIdzW9/jhKWXcP9WNXjmEgKWAVF8/z8/ei+8gSK3p/PQziQ8c1eTM1SV4LhuFLtemgybxtlyW4YITkt3YxVvUd58yQXeKT3jh1vHUvbzIG4qWsZPM5Sg9HodRcc/hN2jw0j5aR1t0jzN6g+IlQNnQ2bsd7xXqEdddmKQs/Imuj3UAu3N++iIxQjePqWKkoRUeIXaC2rOzcPPS2JIftNECB5rDq3WzeAeNQJ+ux2nWPsXoHA6hla1f6PBkSooLBvOx+UNwMZwLiS/moTZ1l4cEwP8aGQOr584lw6PWg8/192l4FfxdFlJGLbmX0Kzuqv88uEQXApW5b7uWE63DcO/165SYNZlLFGfS3Iy2kACvXDhRBq8u/CKt8Sb0IfpERysNhFEG+350qYNmKTxiNMG1KAm9Dt6mQvjdrMIWjxoDS4SWRDlbUxq3yq4okgLag23gpc5gZX7EZY8lkzlwup8cu0U1it/wP2PN7KCRgqkP62iH0n/ABVFQChsGz0JPQv7yzIxW2McznU7TCvSHpN9SDqWnnmDycqnyGqsOiQIXaAFzvNIQ9SdHA3MoM1tO+ddvQDyT7Ng5GNZfPe5gHTix8DaAGvyDrTClU7NsFduPcfVK6LqPEc4GpOCUeOLufahFluv1YRDKdLosfQ+G2t58sxBKVhQUo835NfT4tKbgC8/cv7xvyz+QxW0K/XQ3dSaPCrH4uB6X9YLCeew5M84beYQ5C7WoTrZGJBLNASDB1Gw3riI2vN38MJ9LdC/Yx/IzhAnH9dfbPminfIbptCaOeOgd8sdVtqZgbn1nXykoxr3L91CJ7d1wtQHBvjv730a/bgU5IItQXDzePp66yMr346mMbgGXeY8hbkejuhQ30LCR97zf9b76XiCAVjVS2OTnikFJbrCbqdVZBN7gWUkhdHt7CU4bZWD5iUh5DIsAxsjD8NBWs7thlNRa9pDnJxaCCpPwjhssj/Krb1A7/r9yShYH4YOLsAtP86zzfQ/dPxRFk29VMgnf1hRj3cKZCWKoH7NZbrz0xQMmsfSP4W73DF7DX1NVKDxcZUsmDKRNUuk4MvresqpM0VYzeAstglOVYShvpEiPa9OgPiTShxWHE9pu5zgxKuV/NpHjUOjlWEozg5+6mzDQ7Kjecbj3fD8lyjrKq3mMNmf5F83ByYvS4C8PAW4PGUPuMy/CbOnjufs8bPRLqqX026Jwa8cN+j3VSffxyKcdU8ITjW1o3l1Ne27NRuN/r4EQ48aSLDL4B1mBqAmKEF7v1yC4m9mcHHPazwVX4jCDvp8w/Aq1U3SJRCYi+L7jPhpwVaYIezJptFmMNchgH7nvAelaDv+WxMLptlWmOgYAHXZoeAbNh0uHP5D5ruEIOP5E1gZUMcFjyPo3/dSLA7ZAk1lDiTzspO0VqaxwgcL1h2UBd02O0qZswKqBOM5sKEJ15jm07qCxdg75jdnL4pEy03WtELUDuTrrrP8eB94RMB1ab78StwMtgvr04fTgbi18ij+ih9Gh4Pa4HFKFz4XfwYtcOOXalPRIMuAHTIL2crsH9SIOaPcAeKRkTIQknSXCncL8hmbAtwpdQ6TNStgWf4FuJG6F2UFjCguw4HfrRSFf+X3YFKPFE/Y/hjFvv/ESy8u8fOgPSBkaIl/VybjOjd5KJUwghlel/FI9jA4qxez+pwB3i6fRFtbnVjh+WyoWnqTV1xXZd0CCRjRGElrSt6yk+QmmhlvQ7Y2S9hQewkLqLmj7d4KuLPYgMd7yMLaO3tg+sIefHd+A38InQ6LPknjiZUhuC07CjZKzKfC3Wb0QH48uCktoV8Tb8AGcX/4YDOOe66pYPO1p5gss4HFVfrw56vRYOOsCRZxZWg80QZVvobAz73OaCV0HpPHG3H9qnbsC+nEo4HbKU5cDtw+JtJLw0QSmLwKpy00AL9TXrTz8C8IG5blG5FLYMp5ZXhZKgTDyzLZY2w1hAd58L3BAL4VWQv2P+bzPHCAjw4vQehcHT4yFYXrf05A6dRPFLtdiqsT0sg3wYvUx8/nzzenwb1Vk3C5TjuK5mnDDdF86HQM4YUd0sgDV9Hc7yZXN97nLtet/EtKnDKMMrF+yAjaeovh3M5SKtx1AJZpfscq7xdk0mZM9y7qQ+s+W0y/vQAGnzGkdX6nkqsvwFv0HrjqrICne09StIEeykdIcXHmFGh8kwFzu7XBedlDmlS/lkft+MDf17WArrYzbtwym36balN2fj35LZPBaEVJuFZTQXu2X8RJkv4gXl6KWXf12dRGkM1yl5KLrC0YSgWA9SiEdlZhi0tbwPHjBkyLvwBOwZ/QauwGSpP1wCkXCzG+cD0+dBeEp1UtNG+VEEp+DeOD0wxpf+xoqBONh2Mtb9CrsB9Xbb4IA1VGoHreF3ucennkkBK2fIjgTeM0aI5OK7TMSsM/EseodXgdRKSMB6dVc1jY8gyZVtmR+8o/9Hkonx7OKSEJD0+eUCXPjXOWw8+KMdBSOhfVtvyAH0fEsN5Rlc5pe6HlrSEeNNKhIqH9gPHp0HBrImh6aoFQ33NMV6skAdkD6CPzmBY2nMeXeUM8sfQujyoeAyKrZGC1uD63Ly7iJ2uekVBbABkpTeOQjiN0+cYi4r460E4d5i328pC9yYiSFkTAA89v6P0+lBx3XMEJBwxBff5P1KjMoyukgW9LTWCe5iNcNS+OnAKCOTM8i/fnbIBpdV2474oKmHxbxkuu7YXVk7XARXgE3ArNw28Jx/GwwV54IvofLpxnxULVCRBRYMN/FxdR+xlF+C11Ch0EEnlN9TBMa1LHeXEJLGH8jAUktBnYHCcqBNJ9HQVY/E4I4hv8oWDPJjhwVQrKdG5QlUckfbjwkKU2TEOxpL1YWakNkSOkoCyoEf89nQWHxwXg7vGeeKErD1vHHiPtvBlonDSAZDkSvlekkIjWIhqXsIr2b7PAIlExWpHsQ6+jKrhxZBJGxY/gbzvHwBFBHzhzxwYuW5yGQzsyUEdwPRou7scC3fP05ssY/OM5BRU6FOGIwXhyv/eZi7yF2dtYGBL7jDnI6D3MShriozr9OG5DP3UfkYcVjdG4aZMiH//cgrI3xTFv/iPIi26DY5ZHeJT5E/QYK0RKlcbwxfgNLLscx/1Ky0H2uhSYXB9JD05ForPpdlIZDkLlY9rw0M4UApSauajRkGecHItlYWXwsiGRJ+7VwTSzRpSWzsfqhHEQWGIMb6svYJyzHHFlAstIn8XGTZth+FcszhdaBLvzL4NOcyM/j9IE3+CnMLG9E9+fOo3+Rxfy7CU22C2/EQcO6dAh99nod9cZeFgZoNuWxcTP4pcbR3FAvhels7/QnS3XKTgpmmReLGQj0WLsJx0QutuPu2Y0g8IHe7zrKgjhsbdpScpsVHw3G/eMDcejxZJoWiUMa5PecpemD+gaGZNTVBTHLWilcyob8EdsOIZeqcCpxw3xEguD8tP9rJ/kRT1wnuwdhDDJ1pIn7XpNDTfOQP2nNti6PI/PCYuBws1A2BtH3NJ7kTGmny6O8MMrayyharYHzxeSRStPB+7YB7C7u4dU4qU5tSCIRZZ/pfFnNvH0me6cN/SaCjV+0cMKTRhXqwv7qvN4RGYD3fcrpYMlOXB2SS19tSmFJcJ7yLxnMowNEcOPRQpQcms7JhUlQ6q7Oo3edQETNuwgqXYJ8rvsBL2S97Ak8SacTDeHwTwjelC2CuyWncCMYRn89cEU/pNNwm1mJqC5bAXnxetgl6whSCZrUmX9J1hp04Ens2bj4t/SHD1VEPYqLoIaPktzrJPh/EVdkG78RlXYyduLvfmM6gPwNrLjkc/X4F65KDIb/Zju1c7GGrPxsEHOknJSMmDYcxk/cW6By7fe0M9HapAzqwTak1tw2w53HiGkDVGDSvSpNxOdZ5TjztGBNHOSD2ULKtHdMjPaUmCE+Zsq0KxpAjj99xPe5gRT+axudjuoSG25U1H5nx/5SVVjfZ4GbDJL46m7VWDF1DxuVb9EmZHOMHnoN0qKfKLK3u9M+w9gSM1t+FGczeWCQnCk2hPnen0Axav3USJCEq1uvafUBZspvGSALLz3Uc2aNgjfSLAxCGHVywcUVnSLz107wW9n/oaGaeNp7wJxGvnsFUs8vspPtUaAj5gLqdtOxmsdjZQxIYKKhmoxZhHQ0dAJdNAxld2+tuNiH2OYtUiF9U9pc4/QejZsM4VPiT1wcl0BzD1yiabPiEI1nS4W+m4K5gs+cpC1MZ/4fA4+xM6h74/LyXbhDpLTnER+mxN4l/sMeJ05Htq196OIqz/tOH+Hb0AiRe40BC/3T+DeHgR7xkdgilAru6loQIz1crxWYEdhOgIwbc1DnjXtMXhvLAbH6dkYtXUceJu2QZaVKKRryPHIDAuS/BrNe5zH8WahbHbX1yRl8W7eciWffJPzueunLCz9/Q+uartwxpm7eFQvHqbUzaPOjhKU9G4ig8oqlvY9xdNdtMH+4QxOjOzlBu93lIObYa+BPp0/GQIFkSE00dEA/8udTh/uisO7uAl87etPxKTVlCiNVGjZAscHj5Nx73FcfLaadxo8wkPfDGDNhEHU6bkKxR9MIFFzHJ7aNwsTS0s4bp4WbV87h1edzYajP6zA9qIICxqqQPvSOtodMhVOtljQgjE58Nf4I/Q/D8HWyg+Ymc4QvTMbPzSe49lCR+GSeAQMSwmhpbwftFr+hSUuvxmOiYJjhDhsnl0HlZXVgMYCJPJuJA4JJJLXXCs48XkAnn05j0+z9/GjSDtQMw6nwPY83iW2kbb0b4LWMCGyq03CELdo6LuSB8/PBUOPgDQ8OHoYcGQwSGq4Y/O2BdBqvQL+rFPD77bfMH2eNzcYucL3jYawc7CDH4zsY9cFjM0fI3j6nJu01PAY7LdI4XMm/Sjk/Y9rq3XB7JUbltzxYuGyrTy9P4HyDV6TWbM+v1zhj6G6XzH7gCUekzSF0pirMHeFHvzVm8g5GlvoqoATBSYewZbwWTj9jjKs+n4ZIh5IwgE/ZxAP/QtGEhV0+oIvzn9vyisC/lKGgBzO2pKN9gOjoO6nGIw4Jsqfq+N4+TxhVItNwqt5WfytZRvLla3HgIsP8YdeLP33Sw/O+g+SQsw1thwTzfuWKGFPSCOcUnWEY3dlyWK0GE04XwTD4ZKwNnQiU6QnVGpWYbrlXYqIXwvWduKov2gf+EYjtXRkYh+oAw0+o7LyJRg3UprK9xylBrFWGpPWD6lXD/GwRC7kvBekgmhVGC64jbfCjoF20STSC37Ibq99+IO3N/+bUwZrdQmjjB3JI3IsqKvV4lJQhBUH+zl4VT8XRV7GnWPiWS7rHSW/YLbY1MFPlytC05oP6KbsRR0RUazGteC3QxGfbE7n3l37MCDXD/c+u0h9nROg3HMh/7gZidPllbBVsYoVnMshcd8QPbMLYbXOZRz37xMqu6rC6bS/0NeyG+6GPYCeu0qcnJKL7YMzQVBlJsbCZCyd9BknjDIAoXk/yCz0NlkMXaOZoo0wyyiDXEuUaWTMPLim9gS/hMbj8pPikBV3kKy8U8C1fpC6x58FuX4P3JeXCleES2nd91b4urAfl67WhN/5PTxp0h98PLMaw5ZOo1dvFvLNGAWIUqvH2TOY1fSVUCxeCCrLVaFWZ5A6hqpIefdbHhSUoblK/ij09gy/smvlmPmmsKdfEkbXHad3TzezcdJUEH7TCXzYi+8u8CZV4eM00FXDF6oOotMYUQgTTYDjhsvgbdFsCjhlCSOPunHSnXWwdsFnrqi7Q6vzkilpuSEEBsdCy8UUpEOPcU36MxTt/w43x+vT+rfTuPvFAWwe0YGGPrLQd6uBglJTcXRTO73JysXuvmo8MK2ZZec/Yqtx1yj32xI62jYGDE8LcM4g8azx4+nElIeo7vAG135bBTcSbWiBZzGoZWjAeUcZqF5nj7fVFqNW8n7KuvYNAusPk/i6W9ireY/CJNeSZGExrPYyhaqJXbQde+mLkTQLTX8Ipun5NDXiOE6Y7MvhA9bMoaMp474IWG1swzU+5/Dh54Oc9XgR3lIRYt0vX3hlQBbXTTsJavNt6EQ7QVCbM//3MRYFnX1Zb+w1kthoCQenO+LQHxd6VYh4+GMSLHScAB5a4ly13RVud72Ge6HSaG0xh599vMCFw2f4jcUN3nJoMY5ZORFyn2uhwfKvOHnQh8LcrEHxajp5jhpJerHtEIaPWHWaKdw/bQI7AvtBbLINLP1ujWmb9SHLspjX+DQi6ciD/jUFOOZ3BxWfiMFrlYNY/7qLln7PoUVDwfhwZh+ph+bhogVHMdf+CKTPHAs+qAkVn+X58qsj6JfSyldvboHCPns88iYXrnSls5VRAf365gNzVhmB1cAN+NxcTgd7t0DZlUMwOl+dZ8tIUMeQK975Jcornkzks9vHgunRFRigLUB3T2rzYvlwOp2iCr5blvIMmT5Oj0rHBaP+wqhOVdBZlkGJBkb46KIw20o78xn7DPy2PA5OiAxgSpM/CHjs5IopE8FgYzdJTPlN5/9dhI4d0dS0C/CYQzOKRFeAodMsVLcagiYRfWhw2gXF130x/9w42rBTFS3GieO4g8G03uEsLwyMhusTT0FY0AjQmX8WvolupoXpt9lKsgltpxiggUszpammYcjYeRRnfJ3jAxHeKPyhvEUidHbrUtre9I0PvDlM6Qr3KaHgFoePOks9m1eiep86NBtcwneREaStbQuzVkfh9YNOrBUvg1KhTaiXrQIFEav4qo84vD37j378nExBy1344JlgyGrqofzDw/xeOYYDO27RexaHoJ0EE86U0PiZC9BCUBO0N0bT321fIBGmU/tqeXKZIkXipaPxhbkeXHxpA2seFJLKyiYeF5QARdtmwN7Mn2wT8RI1b8SB7Tk/2nAdIKAzDg533+f9siLY+qiPCtTCQHtpG2iNCUPjSCMOUb4H5vKGIOX/G0Tcf9FmrIMJOubwfONeUG9PwO5pr6Bo8j9MF6kC/1264OUJUBShChPujUWhqmJoNzbig/MKeb5gBIgNhZCVmTcmzhEEq93+dHqqPlnm67LEhAyS+jgJ1pf6wovOSXhGZRdOejyWkr8qQ4VpDOaZW0LaKCk89bMMVHbvgnX5Tylm5mPKjUkAoak+GDjDCM5eMgGbjBf8LlqKRpvM5ZtHwlDx2xrsOb8WervmoLxYJnhMFYc3+/24LG6A91St4RXXTWHWY0+03bQARVa6gvqufCr9swHvLVKA24lAYxa3YfluRr3vq3GpTT2eETiAOc9EIPaZA848Vsw3G0Xgi8h5qInfjyVjjfjyuDJWn6OIR7WM2eWhF2fs16PK9ACSppGgIahBm94vwWIxadpRaUwaXftoT/c+ck/vw/6xwbxmszwMLDWAX52eEGsxg69JfeDGsxegW8qYTU+bQb6BPZ2oOsD2d/dzoLwV7Dw5CzxjxXlxbCovK0NWLFEG/7xVVB62ktWFisikeSuaZ4uBpY4Nx7zrRe8ga2y3GANO6mpwfns/a2vXclDHJRboceTgXdIwSb4U5Vsfo5qVHr0uuIT7yvzpiWAt/Wgeib6rF4J76FPM2W4I6yWmwRcZTVpU+RJv7dqPtxd2UvmDPDjg44nmB37gL4F5UB+vB0VHz8LMgDF8oUsWjatW8fGuizxzqicKy+eAQMtc8MnWQZMWUchfsJz8Tyzh6qgc7O2M4ZvRgiTh3Ugqpd+4oWoU2TvIsVaGGVSZyYBP8AVeqz2Em06dQV+TGHR1P8Yzj1VCzMlPnOf1iy5nC0OrTSRs8HDDs+Eu9O7gOVSN0sUTvZJ8zHo059lmYeH4t/DonS1scYjm6RHdMEdlMXlbjGHZlGgYrbQN8hylwTTiE2x8J0AuvyVg7PsCUq4SQYEXJ2FhlCOcSRjNa5TDMaXUAUxt1+GArjBNbVaGBU86aZnnZHATnIQSrYdo84ZaWPDRij3jQknW5C9NqFwAt5+NBCnTRZA21xdNluhT3qbbNLriFJcY1HKb2kdOaczAz9tS6YH9CPh36BaZaCGKdotR3/HxeCZ7AdS2ROOfd650MG8Fz18zG4Y1zOHlnrfgbGtNC15psZX2dpY76su/nM7yJOWzpJCtDYuCImH3Oz3Q943BcQLf8d3JWVAhOJqlxEbxf/7afHbjINyMn8X/XIfwyWGGGcqZ+GF7Myv2fOHFe35jzBQTOjdmAjrnB0HNCR9WK4vEpQWiEJotit1mT0nPKZQ6/WtYV8Oez0h85ab9+1m+WBzmat2jpcu1oKPFHzSM14OBiBvNu70VuzZu40UvBeHpaTV4dVSNe+LT8XaPCZxuecTzJ0vx4UU1cN3xNH5dc5qrpHyhrWMY5549gAn4EeYG2gLdicbNO+3xtJM9Ct2Sgd7ly1FuyiBnhxmQj7AT9L4xQtFLBpC+bhkPPAukIImT6PU2GWxvz+YydVG6ZveE1dRdcIJbOTx6YgBjlnaCqNdBzN9JQEIKnNEgRdflrlFb1ypKlHhE8entZLtYGGa21sAGu3NwNG4rFXyVIwEW4UXNtjxNYj21bdbkXcLXWUFTFO7rPsenSy/iPZs6eHNDF0ZEbMNkgSM0qiia0oaX49X0GnbsVwSza3Z0cYU83JmyiL9WLONDD1Jwbbo8Nrga8M4dq7k0YSsLliPEB4uC58xIPv/pK4nmdoFEENOYQcQe3+t0/247Zpy0pic9+uAtLYyFj0IwyWsqG8mmwOXDf3HS+gosnt4LzXuVcLjHHz9ekgOLJZEc1aTItioWaGEmDEqNAlxr8R6tI2dzx+5gerZKifpemsKb/hMU7KlEN75cxxqnXj7g8xx2p76FsjN34Nf1LNrddhzEgsVgnMIvHp9VhE7//YFP3nNwhIcpftPSpzJPSSh0MMEQqxwMaDaCd1L+ILLWhRWOP8Ph42fYSO4LbhyKwc8nJoKh9DHKQn+weiUABbquuM3Vh3aNOcCFX+NBd8ISTDy9E1Znm9GElevIsOoMis4XgI3TpiHFdpJE10VyvtGPNlqDXLPFERuXLobRrc6gNM6Fw2aaQsoze5zl2kB1ne3w3uYDra++Cp8fhGJF0mmYumOAV7mZYZaSHoTtv8nffolQTJoC71Txw/7PciCfPR98j67g7i06lKamh/Y/VKFXvgE6awtwg5cQ2334TCkFzggyCdhoPRVElLdh7jxRMN8mCwYuGeT1p4kjrT+gTMpqfmL2m879NaRlq65h1Nc+Pl5jx1LLxUDvjBi8OhZH+3zO8rimJBopco7OBfjgtM0WYO6dASodHyB2lTUsdHTFCfHpeMcokAuq/PDjNmN436eKF5QecHNgH4d8d8AlJ/UhovYu/NxyBFuDnUEmdBRXXFxFExp2U9GAIE24V0Ju+S9I66gkOIY+R6MbudA7bQP+celhs3pzdI+5iZE7Cvh4x1c4aOPDyuUy4J2jAceSq9FvZwVNPi0Iq4JC0TusF8dY3aXjbY1QEDeSUk6JwOqu5xxxUpIixIM4qdYLJv6K5JwlspC7L4JP3SE88aGGXe1UIdBxImpYCuO/0aY8V+8s2FZ7kXGbANt+UqRnmR3w1OEGjvwtCmYHFOFV1lI02XuYpL7fxEl/FLj16AWcOSWbJl2U4D79JZC2fDzME9Tlux9+0HmezZpKKfg0MJfGXE3iv6WZtHH4Kv6atoiPi1tDtMcxmiwuhxsj8mCpsAz7LTdg3xlvIMg4iXcujMSbs/eDssxocL8YAhrhi2j9mbewuTqHRDQCYGa9IMuHO+B1fTtWu+xJ4/aYQvudFxDg4MjvC8Rx01JRTB/o5RdHfdl8azTf2r4S3r9/CiGjzKBumQSp6J/G9+sS2cB5LkV1v+D6pd1k0h7PG28MwOzva+nZu/Hg/+gFClMG7VZ9TQPOXvCzSACjUm+T1aIsgvBeGiEWRIeTZWC/6k+e7DofN1ilgvcuEbq/9hzP0RTAs0GNcM3fDw/OreM2cQCLAGMIPbAC7suFkt+nVNrqbgCRLQ3w+8kQSPg7w+HIPMxRk4W3y03Qa5QOBjvF48SBVSj6rAWW1e5BF+lkjta6hx4fJuItb0soEV9OneOl4J6oIb4Z2UPzDkrjR98XlPNqEMfeWABp1/7hi1Zj6DWYyfXLdMBzfzR3fvjDM/vaYYwdk5vVccgJy6fuvTfJpUYExlaEkfbYSJLJ/kH/ldxFCWl/Eir8CcWLZ6CLQx2lZk8mwaMTQf7NEvLAL1RbYgi/di2Gso1q+Fxfi4+3FYPJvBaUSf3CKvbaELtdiV5E9qHp+kDwf/mGJ+xTg8lm3aA6bhIvSJ4Ko8MqINSCwFJmFLx3mUtRPj4UGLwbI94sIKtRW9H1y1zY8MuCxihc50cn5OHE23NceGsn7nYWY40Lc6BwUIR1Sq7C+6IO/JabS+sLvKFBVApqBvZj7SdjfF16GXRKM+HcsQpW7HPjKUN/8aK5O44b+Yy7pC1B49lEHkp4is1jRiB9qQC3bg1SkWil2+f6wO+sHNhcXE2qkxEKpxWwrtdL7DJB/htynFx+OoPc4W6Kgj4+s0cLZugfQ+8JI0G0xZqgqQFuuCzBMYG7uMZxGUHoeZ6ZcwOvuMxC3W2eqPrJFsq/z2TnIk16k6uGeqM+wOhlDny7fida630jjYYsVFpvRVxiCrXvBsmtfjJNaeulirkS8KRrJ2k/l+YllyXY53cKXX35CaeALEyaUg6686ugZdIdvPCqnWqsknGK0wdw1u7gr2+8SC91NqVuHgkHVtTBvWlufGiDFW3UvIvNsVGoSLLECSnoMF0RLi+fhRLBOmDX0QCvNxrTiY6XeMe7hmK1EDOf97BG7yDPkc6hsi2vwCjWFLQKDvPRH0tBTvAtbJJx4j/is+CK8yFSSb2NBasHICxQmOd9VYXoPat5+QFV0BrtzVHBU9E7spty6p/DbUkfzHQRJGM1eyobLwlXCv6gq+liDOpcx4oTZ2Hz66eg7WJL+kH3wGveayoIOUWlaZpg7jmH/kZXgb/JWUpfngA/pa9xtfFhHCiSpvTUz9T+ywxvCErC8+Ba9N+chymRCyFRdQNnf7vHD/52c7OoIzqszsH1Inas6GwMdYn32e3yOTa6fAZqGmXxh7YaJ+/9A10fp8OpugUwKU6RyVwY5lVb0IMqf7Aw/oQKr5p5RKUJqMis58hN7ZTquBT9uuvBevJkeKT1HCazA/4eN4/3bpoBY48cJoNxMagdHgNZHXf4z956iLQ0AvnHfdAuGUbdE1Uo9sgzePuxhE2VYrBt/TpUmLqTput3wdZcgmvuM3nrOndIS7uFKu+nkuvS/fx0dQu7pL6GQuMfODE4B/UVFGHHTUm67G/HjvbhrLjzKmyq2o3Xgg5Ce6gD2mhmoGt/OFrqy8GFutFUnfqG96o00wXbq1h75yOF38+kBScJXO9Zwp2sUyTtpQfPzC6yaL8vWUp3ob9JEs/doQKL7Q6wyKeFZFzcDkGq5bjpDkJA3Wp4cGYyNGnIoXT3Y9zWmUlbNL6i++Y2/vJQjipdd4MZ2AH6roKbQmHsWbAInnsjfg7dx3uGD1DOXTMw6dnJ3eta+VCqEQTVxYPKSQc6fteBFrtdp4RZN/nh42GUeDKTh6J8aGHMBVxUIgbXDB3g9L/J3DznOCfaJsKm/ffxTZYuhr2zxMX6U/jXQALqfkLwv7EFbm48hF8nRWKhgTDFH70K1zVD6KdMPVVpXGT3zQU0y0AI0jZYQPPXNWwYIYvCvpfI0fggRnhMJ33Rb2wuJwxzhkLxbJkcDEoXcMBnFzqx0x3kx0SCW/M6CF/fSTIjv+KYiQYsfP47zb0xFvZKdfIh/0V8RGsxvC9yAYUDCjDJ6i0FH9tOV69Kg09nJ+7Lk4GF+jqcuqsByzdEsveiaeC0fZAcHrSQWccfiK7Uwcj0QzR3hhD8Xn+EIyPVKXvhEWiaPx9Sd4zmA6vj4GrudSz/PBOayi/w3VEGMO90L5VmPkPDfU28/cQ/dn6+GQO2fibP2HX0yfog20f9BzqVI8Bhai4VLYqj/+wFsFF/Cl5Sd+cr05Iod+MZUkh6SMk/y9EgTg56y92p5v0q/vEXYA+d592/vtNCpyl8ftx3mrF9PSa1pdN+aU2o1RjGJZWhaNUhRgGd/pCgY8lpX3ax7u51mO8ViTX64ag5YAzr1UbQ4hp9vFbrRAemhULeGQne7abHlyd5cndpHVpd/kHZKdbw8d5ibu/xRJHN11FghR6o/ueD1/TtsWB3LbU8OoxmRXvohusIgKhYGnGoBh99r2XbxE78vPk09gwcw/0hy/hg1is40dQAYZEGsLHIEqWPbKVRDUIgcWYuSMadw2HzS+ClbAdeIW2UJl3FkX3joDToACwuHMPjNlzmobo0bAjThYX/bcBA5VZ8676TzKV+gUyAAiyJrsZFy6JgpvE4Gp0eijNRCm1TlvHH6nrePrWTrx1xBPkyM1C6NB7tLTPRIbuQpyzei5lqOvQgQAouBLzgZx/VsHF5M8WU6wP7d+Khrr/Y6LgEVQZLeenoEbxSWwCsAwXxy7UQypr2Ccl2LPh9bYW3HsUY7duJBwP68GfNNmoLGcAdxw+S3+1yEDOr4pLvACV7p+Lv6hMceTgXxG4EUvGYlbTtSSnXVhzj2G8p3LJ3Bn4cpQl+C8/wxpDjFGkvy0X5vZDmJMHqa7ayRogC9/2VRt2XP8m8Vx3WKtzD6R1VMMNSCt2e6UGZRjNePGbD3V+seJuRB9b0jebeHmsYJf4d8841Y3vKFjg6qEvTVapZXuMA0pq1cKxiPF1TMOC4cAVQ35UHGeaVuEl8FqW2KaFQ2Wg2HS9Lj5P72f0Sgbv4YbJUGQGk5YnDosAZgno4/0IR7viewjdUnaDEdT0eVAiHBuV38EPdCBZYHKN0sxbcluqBThafQLtaGkYvmc34wR3/KGVQ9OMd8KJZA1pf3IHKnlc40GUPJxR68fHpVZA2WpIyqp7QxHxGwa2VNDzNHM4O7uJxOZW4dutH/qdoRY9HFUP71c+86r4HPr1OfOJSJK8lTYgojSWJpJ/4cPN7xCszSObleNQYsqSsne0g9ryYFXwu04FtE8B090i472KErgY1/LAulAPEhkEl/hsKRQXDvg1R1PdMhlSujYc2pUxuvLUXzfe4smhfOf/xccbD2Mo6n6fDou5EshddAX9nKMP/AQAA///vk9pB" diff --git a/vendor/github.com/btcsuite/btcd/btcec/signature.go b/vendor/github.com/btcsuite/btcd/btcec/signature.go new file mode 100644 index 0000000..f1c4377 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/btcec/signature.go @@ -0,0 +1,540 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcec + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/hmac" + "crypto/sha256" + "errors" + "fmt" + "hash" + "math/big" +) + +// Errors returned by canonicalPadding. +var ( + errNegativeValue = errors.New("value may be interpreted as negative") + errExcessivelyPaddedValue = errors.New("value is excessively padded") +) + +// Signature is a type representing an ecdsa signature. +type Signature struct { + R *big.Int + S *big.Int +} + +var ( + // Used in RFC6979 implementation when testing the nonce for correctness + one = big.NewInt(1) + + // oneInitializer is used to fill a byte slice with byte 0x01. It is provided + // here to avoid the need to create it multiple times. + oneInitializer = []byte{0x01} +) + +// Serialize returns the ECDSA signature in the more strict DER format. Note +// that the serialized bytes returned do not include the appended hash type +// used in Bitcoin signature scripts. +// +// encoding/asn1 is broken so we hand roll this output: +// +// 0x30 0x02 r 0x02 s +func (sig *Signature) Serialize() []byte { + // low 'S' malleability breaker + sigS := sig.S + if sigS.Cmp(S256().halfOrder) == 1 { + sigS = new(big.Int).Sub(S256().N, sigS) + } + // Ensure the encoded bytes for the r and s values are canonical and + // thus suitable for DER encoding. + rb := canonicalizeInt(sig.R) + sb := canonicalizeInt(sigS) + + // total length of returned signature is 1 byte for each magic and + // length (6 total), plus lengths of r and s + length := 6 + len(rb) + len(sb) + b := make([]byte, length) + + b[0] = 0x30 + b[1] = byte(length - 2) + b[2] = 0x02 + b[3] = byte(len(rb)) + offset := copy(b[4:], rb) + 4 + b[offset] = 0x02 + b[offset+1] = byte(len(sb)) + copy(b[offset+2:], sb) + return b +} + +// Verify calls ecdsa.Verify to verify the signature of hash using the public +// key. It returns true if the signature is valid, false otherwise. +func (sig *Signature) Verify(hash []byte, pubKey *PublicKey) bool { + return ecdsa.Verify(pubKey.ToECDSA(), hash, sig.R, sig.S) +} + +// IsEqual compares this Signature instance to the one passed, returning true +// if both Signatures are equivalent. A signature is equivalent to another, if +// they both have the same scalar value for R and S. +func (sig *Signature) IsEqual(otherSig *Signature) bool { + return sig.R.Cmp(otherSig.R) == 0 && + sig.S.Cmp(otherSig.S) == 0 +} + +// MinSigLen is the minimum length of a DER encoded signature and is when both R +// and S are 1 byte each. +// 0x30 + <1-byte> + 0x02 + 0x01 + + 0x2 + 0x01 + +const MinSigLen = 8 + +func parseSig(sigStr []byte, curve elliptic.Curve, der bool) (*Signature, error) { + // Originally this code used encoding/asn1 in order to parse the + // signature, but a number of problems were found with this approach. + // Despite the fact that signatures are stored as DER, the difference + // between go's idea of a bignum (and that they have sign) doesn't agree + // with the openssl one (where they do not). The above is true as of + // Go 1.1. In the end it was simpler to rewrite the code to explicitly + // understand the format which is this: + // 0x30 <0x02> 0x2 + // . + + signature := &Signature{} + + if len(sigStr) < MinSigLen { + return nil, errors.New("malformed signature: too short") + } + // 0x30 + index := 0 + if sigStr[index] != 0x30 { + return nil, errors.New("malformed signature: no header magic") + } + index++ + // length of remaining message + siglen := sigStr[index] + index++ + + // siglen should be less than the entire message and greater than + // the minimal message size. + if int(siglen+2) > len(sigStr) || int(siglen+2) < MinSigLen { + return nil, errors.New("malformed signature: bad length") + } + // trim the slice we're working on so we only look at what matters. + sigStr = sigStr[:siglen+2] + + // 0x02 + if sigStr[index] != 0x02 { + return nil, + errors.New("malformed signature: no 1st int marker") + } + index++ + + // Length of signature R. + rLen := int(sigStr[index]) + // must be positive, must be able to fit in another 0x2, + // hence the -3. We assume that the length must be at least one byte. + index++ + if rLen <= 0 || rLen > len(sigStr)-index-3 { + return nil, errors.New("malformed signature: bogus R length") + } + + // Then R itself. + rBytes := sigStr[index : index+rLen] + if der { + switch err := canonicalPadding(rBytes); err { + case errNegativeValue: + return nil, errors.New("signature R is negative") + case errExcessivelyPaddedValue: + return nil, errors.New("signature R is excessively padded") + } + } + signature.R = new(big.Int).SetBytes(rBytes) + index += rLen + // 0x02. length already checked in previous if. + if sigStr[index] != 0x02 { + return nil, errors.New("malformed signature: no 2nd int marker") + } + index++ + + // Length of signature S. + sLen := int(sigStr[index]) + index++ + // S should be the rest of the string. + if sLen <= 0 || sLen > len(sigStr)-index { + return nil, errors.New("malformed signature: bogus S length") + } + + // Then S itself. + sBytes := sigStr[index : index+sLen] + if der { + switch err := canonicalPadding(sBytes); err { + case errNegativeValue: + return nil, errors.New("signature S is negative") + case errExcessivelyPaddedValue: + return nil, errors.New("signature S is excessively padded") + } + } + signature.S = new(big.Int).SetBytes(sBytes) + index += sLen + + // sanity check length parsing + if index != len(sigStr) { + return nil, fmt.Errorf("malformed signature: bad final length %v != %v", + index, len(sigStr)) + } + + // Verify also checks this, but we can be more sure that we parsed + // correctly if we verify here too. + // FWIW the ecdsa spec states that R and S must be | 1, N - 1 | + // but crypto/ecdsa only checks for Sign != 0. Mirror that. + if signature.R.Sign() != 1 { + return nil, errors.New("signature R isn't 1 or more") + } + if signature.S.Sign() != 1 { + return nil, errors.New("signature S isn't 1 or more") + } + if signature.R.Cmp(curve.Params().N) >= 0 { + return nil, errors.New("signature R is >= curve.N") + } + if signature.S.Cmp(curve.Params().N) >= 0 { + return nil, errors.New("signature S is >= curve.N") + } + + return signature, nil +} + +// ParseSignature parses a signature in BER format for the curve type `curve' +// into a Signature type, perfoming some basic sanity checks. If parsing +// according to the more strict DER format is needed, use ParseDERSignature. +func ParseSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error) { + return parseSig(sigStr, curve, false) +} + +// ParseDERSignature parses a signature in DER format for the curve type +// `curve` into a Signature type. If parsing according to the less strict +// BER format is needed, use ParseSignature. +func ParseDERSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error) { + return parseSig(sigStr, curve, true) +} + +// canonicalizeInt returns the bytes for the passed big integer adjusted as +// necessary to ensure that a big-endian encoded integer can't possibly be +// misinterpreted as a negative number. This can happen when the most +// significant bit is set, so it is padded by a leading zero byte in this case. +// Also, the returned bytes will have at least a single byte when the passed +// value is 0. This is required for DER encoding. +func canonicalizeInt(val *big.Int) []byte { + b := val.Bytes() + if len(b) == 0 { + b = []byte{0x00} + } + if b[0]&0x80 != 0 { + paddedBytes := make([]byte, len(b)+1) + copy(paddedBytes[1:], b) + b = paddedBytes + } + return b +} + +// canonicalPadding checks whether a big-endian encoded integer could +// possibly be misinterpreted as a negative number (even though OpenSSL +// treats all numbers as unsigned), or if there is any unnecessary +// leading zero padding. +func canonicalPadding(b []byte) error { + switch { + case b[0]&0x80 == 0x80: + return errNegativeValue + case len(b) > 1 && b[0] == 0x00 && b[1]&0x80 != 0x80: + return errExcessivelyPaddedValue + default: + return nil + } +} + +// hashToInt converts a hash value to an integer. There is some disagreement +// about how this is done. [NSA] suggests that this is done in the obvious +// manner, but [SECG] truncates the hash to the bit-length of the curve order +// first. We follow [SECG] because that's what OpenSSL does. Additionally, +// OpenSSL right shifts excess bits from the number if the hash is too large +// and we mirror that too. +// This is borrowed from crypto/ecdsa. +func hashToInt(hash []byte, c elliptic.Curve) *big.Int { + orderBits := c.Params().N.BitLen() + orderBytes := (orderBits + 7) / 8 + if len(hash) > orderBytes { + hash = hash[:orderBytes] + } + + ret := new(big.Int).SetBytes(hash) + excess := len(hash)*8 - orderBits + if excess > 0 { + ret.Rsh(ret, uint(excess)) + } + return ret +} + +// recoverKeyFromSignature recovers a public key from the signature "sig" on the +// given message hash "msg". Based on the algorithm found in section 5.1.5 of +// SEC 1 Ver 2.0, page 47-48 (53 and 54 in the pdf). This performs the details +// in the inner loop in Step 1. The counter provided is actually the j parameter +// of the loop * 2 - on the first iteration of j we do the R case, else the -R +// case in step 1.6. This counter is used in the bitcoin compressed signature +// format and thus we match bitcoind's behaviour here. +func recoverKeyFromSignature(curve *KoblitzCurve, sig *Signature, msg []byte, + iter int, doChecks bool) (*PublicKey, error) { + // 1.1 x = (n * i) + r + Rx := new(big.Int).Mul(curve.Params().N, + new(big.Int).SetInt64(int64(iter/2))) + Rx.Add(Rx, sig.R) + if Rx.Cmp(curve.Params().P) != -1 { + return nil, errors.New("calculated Rx is larger than curve P") + } + + // convert 02 to point R. (step 1.2 and 1.3). If we are on an odd + // iteration then 1.6 will be done with -R, so we calculate the other + // term when uncompressing the point. + Ry, err := decompressPoint(curve, Rx, iter%2 == 1) + if err != nil { + return nil, err + } + + // 1.4 Check n*R is point at infinity + if doChecks { + nRx, nRy := curve.ScalarMult(Rx, Ry, curve.Params().N.Bytes()) + if nRx.Sign() != 0 || nRy.Sign() != 0 { + return nil, errors.New("n*R does not equal the point at infinity") + } + } + + // 1.5 calculate e from message using the same algorithm as ecdsa + // signature calculation. + e := hashToInt(msg, curve) + + // Step 1.6.1: + // We calculate the two terms sR and eG separately multiplied by the + // inverse of r (from the signature). We then add them to calculate + // Q = r^-1(sR-eG) + invr := new(big.Int).ModInverse(sig.R, curve.Params().N) + + // first term. + invrS := new(big.Int).Mul(invr, sig.S) + invrS.Mod(invrS, curve.Params().N) + sRx, sRy := curve.ScalarMult(Rx, Ry, invrS.Bytes()) + + // second term. + e.Neg(e) + e.Mod(e, curve.Params().N) + e.Mul(e, invr) + e.Mod(e, curve.Params().N) + minuseGx, minuseGy := curve.ScalarBaseMult(e.Bytes()) + + // TODO: this would be faster if we did a mult and add in one + // step to prevent the jacobian conversion back and forth. + Qx, Qy := curve.Add(sRx, sRy, minuseGx, minuseGy) + + return &PublicKey{ + Curve: curve, + X: Qx, + Y: Qy, + }, nil +} + +// SignCompact produces a compact signature of the data in hash with the given +// private key on the given koblitz curve. The isCompressed parameter should +// be used to detail if the given signature should reference a compressed +// public key or not. If successful the bytes of the compact signature will be +// returned in the format: +// <(byte of 27+public key solution)+4 if compressed >< padded bytes for signature R> +// where the R and S parameters are padde up to the bitlengh of the curve. +func SignCompact(curve *KoblitzCurve, key *PrivateKey, + hash []byte, isCompressedKey bool) ([]byte, error) { + sig, err := key.Sign(hash) + if err != nil { + return nil, err + } + + // bitcoind checks the bit length of R and S here. The ecdsa signature + // algorithm returns R and S mod N therefore they will be the bitsize of + // the curve, and thus correctly sized. + for i := 0; i < (curve.H+1)*2; i++ { + pk, err := recoverKeyFromSignature(curve, sig, hash, i, true) + if err == nil && pk.X.Cmp(key.X) == 0 && pk.Y.Cmp(key.Y) == 0 { + result := make([]byte, 1, 2*curve.byteSize+1) + result[0] = 27 + byte(i) + if isCompressedKey { + result[0] += 4 + } + // Not sure this needs rounding but safer to do so. + curvelen := (curve.BitSize + 7) / 8 + + // Pad R and S to curvelen if needed. + bytelen := (sig.R.BitLen() + 7) / 8 + if bytelen < curvelen { + result = append(result, + make([]byte, curvelen-bytelen)...) + } + result = append(result, sig.R.Bytes()...) + + bytelen = (sig.S.BitLen() + 7) / 8 + if bytelen < curvelen { + result = append(result, + make([]byte, curvelen-bytelen)...) + } + result = append(result, sig.S.Bytes()...) + + return result, nil + } + } + + return nil, errors.New("no valid solution for pubkey found") +} + +// RecoverCompact verifies the compact signature "signature" of "hash" for the +// Koblitz curve in "curve". If the signature matches then the recovered public +// key will be returned as well as a boolen if the original key was compressed +// or not, else an error will be returned. +func RecoverCompact(curve *KoblitzCurve, signature, + hash []byte) (*PublicKey, bool, error) { + bitlen := (curve.BitSize + 7) / 8 + if len(signature) != 1+bitlen*2 { + return nil, false, errors.New("invalid compact signature size") + } + + iteration := int((signature[0] - 27) & ^byte(4)) + + // format is
+ sig := &Signature{ + R: new(big.Int).SetBytes(signature[1 : bitlen+1]), + S: new(big.Int).SetBytes(signature[bitlen+1:]), + } + // The iteration used here was encoded + key, err := recoverKeyFromSignature(curve, sig, hash, iteration, false) + if err != nil { + return nil, false, err + } + + return key, ((signature[0] - 27) & 4) == 4, nil +} + +// signRFC6979 generates a deterministic ECDSA signature according to RFC 6979 and BIP 62. +func signRFC6979(privateKey *PrivateKey, hash []byte) (*Signature, error) { + + privkey := privateKey.ToECDSA() + N := S256().N + halfOrder := S256().halfOrder + k := nonceRFC6979(privkey.D, hash) + inv := new(big.Int).ModInverse(k, N) + r, _ := privkey.Curve.ScalarBaseMult(k.Bytes()) + r.Mod(r, N) + + if r.Sign() == 0 { + return nil, errors.New("calculated R is zero") + } + + e := hashToInt(hash, privkey.Curve) + s := new(big.Int).Mul(privkey.D, r) + s.Add(s, e) + s.Mul(s, inv) + s.Mod(s, N) + + if s.Cmp(halfOrder) == 1 { + s.Sub(N, s) + } + if s.Sign() == 0 { + return nil, errors.New("calculated S is zero") + } + return &Signature{R: r, S: s}, nil +} + +// nonceRFC6979 generates an ECDSA nonce (`k`) deterministically according to RFC 6979. +// It takes a 32-byte hash as an input and returns 32-byte nonce to be used in ECDSA algorithm. +func nonceRFC6979(privkey *big.Int, hash []byte) *big.Int { + + curve := S256() + q := curve.Params().N + x := privkey + alg := sha256.New + + qlen := q.BitLen() + holen := alg().Size() + rolen := (qlen + 7) >> 3 + bx := append(int2octets(x, rolen), bits2octets(hash, curve, rolen)...) + + // Step B + v := bytes.Repeat(oneInitializer, holen) + + // Step C (Go zeroes the all allocated memory) + k := make([]byte, holen) + + // Step D + k = mac(alg, k, append(append(v, 0x00), bx...)) + + // Step E + v = mac(alg, k, v) + + // Step F + k = mac(alg, k, append(append(v, 0x01), bx...)) + + // Step G + v = mac(alg, k, v) + + // Step H + for { + // Step H1 + var t []byte + + // Step H2 + for len(t)*8 < qlen { + v = mac(alg, k, v) + t = append(t, v...) + } + + // Step H3 + secret := hashToInt(t, curve) + if secret.Cmp(one) >= 0 && secret.Cmp(q) < 0 { + return secret + } + k = mac(alg, k, append(v, 0x00)) + v = mac(alg, k, v) + } +} + +// mac returns an HMAC of the given key and message. +func mac(alg func() hash.Hash, k, m []byte) []byte { + h := hmac.New(alg, k) + h.Write(m) + return h.Sum(nil) +} + +// https://tools.ietf.org/html/rfc6979#section-2.3.3 +func int2octets(v *big.Int, rolen int) []byte { + out := v.Bytes() + + // left pad with zeros if it's too short + if len(out) < rolen { + out2 := make([]byte, rolen) + copy(out2[rolen-len(out):], out) + return out2 + } + + // drop most significant bytes if it's too long + if len(out) > rolen { + out2 := make([]byte, rolen) + copy(out2, out[len(out)-rolen:]) + return out2 + } + + return out +} + +// https://tools.ietf.org/html/rfc6979#section-2.3.4 +func bits2octets(in []byte, curve elliptic.Curve, rolen int) []byte { + z1 := hashToInt(in, curve) + z2 := new(big.Int).Sub(z1, curve.Params().N) + if z2.Sign() < 0 { + return int2octets(z1, rolen) + } + return int2octets(z2, rolen) +} diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/README.md b/vendor/github.com/btcsuite/btcd/chaincfg/README.md new file mode 100644 index 0000000..880446f --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/README.md @@ -0,0 +1,85 @@ +chaincfg +======== + +[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)](https://travis-ci.org/btcsuite/btcd) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcd/chaincfg) + +Package chaincfg defines chain configuration parameters for the three standard +Bitcoin networks and provides the ability for callers to define their own custom +Bitcoin networks. + +Although this package was primarily written for btcd, it has intentionally been +designed so it can be used as a standalone package for any projects needing to +use parameters for the standard Bitcoin networks or for projects needing to +define their own network. + +## Sample Use + +```Go +package main + +import ( + "flag" + "fmt" + "log" + + "github.com/btcsuite/btcutil" + "github.com/btcsuite/btcd/chaincfg" +) + +var testnet = flag.Bool("testnet", false, "operate on the testnet Bitcoin network") + +// By default (without -testnet), use mainnet. +var chainParams = &chaincfg.MainNetParams + +func main() { + flag.Parse() + + // Modify active network parameters if operating on testnet. + if *testnet { + chainParams = &chaincfg.TestNet3Params + } + + // later... + + // Create and print new payment address, specific to the active network. + pubKeyHash := make([]byte, 20) + addr, err := btcutil.NewAddressPubKeyHash(pubKeyHash, chainParams) + if err != nil { + log.Fatal(err) + } + fmt.Println(addr) +} +``` + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcd/chaincfg +``` + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package chaincfg is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/README.md b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/README.md new file mode 100644 index 0000000..fc49d9c --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/README.md @@ -0,0 +1,41 @@ +chainhash +========= + +[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)](https://travis-ci.org/btcsuite/btcd) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcd/chaincfg/chainhash) +======= + +chainhash provides a generic hash type and associated functions that allows the +specific hash algorithm to be abstracted. + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcd/chaincfg/chainhash +``` + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package chainhash is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/doc.go b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/doc.go new file mode 100644 index 0000000..c3eb43d --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/doc.go @@ -0,0 +1,5 @@ +// Package chainhash provides abstracted hash functionality. +// +// This package provides a generic hash type and associated functions that +// allows the specific hash algorithm to be abstracted. +package chainhash diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hash.go b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hash.go new file mode 100644 index 0000000..2b1cec0 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hash.go @@ -0,0 +1,128 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Copyright (c) 2015 The Decred developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package chainhash + +import ( + "encoding/hex" + "fmt" +) + +// HashSize of array used to store hashes. See Hash. +const HashSize = 32 + +// MaxHashStringSize is the maximum length of a Hash hash string. +const MaxHashStringSize = HashSize * 2 + +// ErrHashStrSize describes an error that indicates the caller specified a hash +// string that has too many characters. +var ErrHashStrSize = fmt.Errorf("max hash string length is %v bytes", MaxHashStringSize) + +// Hash is used in several of the bitcoin messages and common structures. It +// typically represents the double sha256 of data. +type Hash [HashSize]byte + +// String returns the Hash as the hexadecimal string of the byte-reversed +// hash. +func (hash Hash) String() string { + for i := 0; i < HashSize/2; i++ { + hash[i], hash[HashSize-1-i] = hash[HashSize-1-i], hash[i] + } + return hex.EncodeToString(hash[:]) +} + +// CloneBytes returns a copy of the bytes which represent the hash as a byte +// slice. +// +// NOTE: It is generally cheaper to just slice the hash directly thereby reusing +// the same bytes rather than calling this method. +func (hash *Hash) CloneBytes() []byte { + newHash := make([]byte, HashSize) + copy(newHash, hash[:]) + + return newHash +} + +// SetBytes sets the bytes which represent the hash. An error is returned if +// the number of bytes passed in is not HashSize. +func (hash *Hash) SetBytes(newHash []byte) error { + nhlen := len(newHash) + if nhlen != HashSize { + return fmt.Errorf("invalid hash length of %v, want %v", nhlen, + HashSize) + } + copy(hash[:], newHash) + + return nil +} + +// IsEqual returns true if target is the same as hash. +func (hash *Hash) IsEqual(target *Hash) bool { + if hash == nil && target == nil { + return true + } + if hash == nil || target == nil { + return false + } + return *hash == *target +} + +// NewHash returns a new Hash from a byte slice. An error is returned if +// the number of bytes passed in is not HashSize. +func NewHash(newHash []byte) (*Hash, error) { + var sh Hash + err := sh.SetBytes(newHash) + if err != nil { + return nil, err + } + return &sh, err +} + +// NewHashFromStr creates a Hash from a hash string. The string should be +// the hexadecimal string of a byte-reversed hash, but any missing characters +// result in zero padding at the end of the Hash. +func NewHashFromStr(hash string) (*Hash, error) { + ret := new(Hash) + err := Decode(ret, hash) + if err != nil { + return nil, err + } + return ret, nil +} + +// Decode decodes the byte-reversed hexadecimal string encoding of a Hash to a +// destination. +func Decode(dst *Hash, src string) error { + // Return error if hash string is too long. + if len(src) > MaxHashStringSize { + return ErrHashStrSize + } + + // Hex decoder expects the hash to be a multiple of two. When not, pad + // with a leading zero. + var srcBytes []byte + if len(src)%2 == 0 { + srcBytes = []byte(src) + } else { + srcBytes = make([]byte, 1+len(src)) + srcBytes[0] = '0' + copy(srcBytes[1:], src) + } + + // Hex decode the source bytes to a temporary destination. + var reversedHash Hash + _, err := hex.Decode(reversedHash[HashSize-hex.DecodedLen(len(srcBytes)):], srcBytes) + if err != nil { + return err + } + + // Reverse copy from the temporary hash to destination. Because the + // temporary was zeroed, the written result will be correctly padded. + for i, b := range reversedHash[:HashSize/2] { + dst[i], dst[HashSize-1-i] = reversedHash[HashSize-1-i], b + } + + return nil +} diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hashfuncs.go b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hashfuncs.go new file mode 100644 index 0000000..bf74f73 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/chainhash/hashfuncs.go @@ -0,0 +1,33 @@ +// Copyright (c) 2015 The Decred developers +// Copyright (c) 2016-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package chainhash + +import "crypto/sha256" + +// HashB calculates hash(b) and returns the resulting bytes. +func HashB(b []byte) []byte { + hash := sha256.Sum256(b) + return hash[:] +} + +// HashH calculates hash(b) and returns the resulting bytes as a Hash. +func HashH(b []byte) Hash { + return Hash(sha256.Sum256(b)) +} + +// DoubleHashB calculates hash(hash(b)) and returns the resulting bytes. +func DoubleHashB(b []byte) []byte { + first := sha256.Sum256(b) + second := sha256.Sum256(first[:]) + return second[:] +} + +// DoubleHashH calculates hash(hash(b)) and returns the resulting bytes as a +// Hash. +func DoubleHashH(b []byte) Hash { + first := sha256.Sum256(b) + return Hash(sha256.Sum256(first[:])) +} diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/doc.go b/vendor/github.com/btcsuite/btcd/chaincfg/doc.go new file mode 100644 index 0000000..3659adb --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/doc.go @@ -0,0 +1,61 @@ +// Package chaincfg defines chain configuration parameters. +// +// In addition to the main Bitcoin network, which is intended for the transfer +// of monetary value, there also exists two currently active standard networks: +// regression test and testnet (version 3). These networks are incompatible +// with each other (each sharing a different genesis block) and software should +// handle errors where input intended for one network is used on an application +// instance running on a different network. +// +// For library packages, chaincfg provides the ability to lookup chain +// parameters and encoding magics when passed a *Params. Older APIs not updated +// to the new convention of passing a *Params may lookup the parameters for a +// wire.BitcoinNet using ParamsForNet, but be aware that this usage is +// deprecated and will be removed from chaincfg in the future. +// +// For main packages, a (typically global) var may be assigned the address of +// one of the standard Param vars for use as the application's "active" network. +// When a network parameter is needed, it may then be looked up through this +// variable (either directly, or hidden in a library call). +// +// package main +// +// import ( +// "flag" +// "fmt" +// "log" +// +// "github.com/btcsuite/btcutil" +// "github.com/btcsuite/btcd/chaincfg" +// ) +// +// var testnet = flag.Bool("testnet", false, "operate on the testnet Bitcoin network") +// +// // By default (without -testnet), use mainnet. +// var chainParams = &chaincfg.MainNetParams +// +// func main() { +// flag.Parse() +// +// // Modify active network parameters if operating on testnet. +// if *testnet { +// chainParams = &chaincfg.TestNet3Params +// } +// +// // later... +// +// // Create and print new payment address, specific to the active network. +// pubKeyHash := make([]byte, 20) +// addr, err := btcutil.NewAddressPubKeyHash(pubKeyHash, chainParams) +// if err != nil { +// log.Fatal(err) +// } +// fmt.Println(addr) +// } +// +// If an application does not use one of the three standard Bitcoin networks, +// a new Params struct may be created which defines the parameters for the +// non-standard network. As a general rule of thumb, all network parameters +// should be unique to the network, but parameter collisions can still occur +// (unfortunately, this is the case with regtest and testnet3 sharing magics). +package chaincfg diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/genesis.go b/vendor/github.com/btcsuite/btcd/chaincfg/genesis.go new file mode 100644 index 0000000..ee47b84 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/genesis.go @@ -0,0 +1,172 @@ +// Copyright (c) 2014-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package chaincfg + +import ( + "time" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// genesisCoinbaseTx is the coinbase transaction for the genesis blocks for +// the main network, regression test network, and test network (version 3). +var genesisCoinbaseTx = wire.MsgTx{ + Version: 1, + TxIn: []*wire.TxIn{ + { + PreviousOutPoint: wire.OutPoint{ + Hash: chainhash.Hash{}, + Index: 0xffffffff, + }, + SignatureScript: []byte{ + 0x04, 0xff, 0xff, 0x00, 0x1d, 0x01, 0x04, 0x45, /* |.......E| */ + 0x54, 0x68, 0x65, 0x20, 0x54, 0x69, 0x6d, 0x65, /* |The Time| */ + 0x73, 0x20, 0x30, 0x33, 0x2f, 0x4a, 0x61, 0x6e, /* |s 03/Jan| */ + 0x2f, 0x32, 0x30, 0x30, 0x39, 0x20, 0x43, 0x68, /* |/2009 Ch| */ + 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x6c, 0x6f, 0x72, /* |ancellor| */ + 0x20, 0x6f, 0x6e, 0x20, 0x62, 0x72, 0x69, 0x6e, /* | on brin| */ + 0x6b, 0x20, 0x6f, 0x66, 0x20, 0x73, 0x65, 0x63, /* |k of sec|*/ + 0x6f, 0x6e, 0x64, 0x20, 0x62, 0x61, 0x69, 0x6c, /* |ond bail| */ + 0x6f, 0x75, 0x74, 0x20, 0x66, 0x6f, 0x72, 0x20, /* |out for |*/ + 0x62, 0x61, 0x6e, 0x6b, 0x73, /* |banks| */ + }, + Sequence: 0xffffffff, + }, + }, + TxOut: []*wire.TxOut{ + { + Value: 0x12a05f200, + PkScript: []byte{ + 0x41, 0x04, 0x67, 0x8a, 0xfd, 0xb0, 0xfe, 0x55, /* |A.g....U| */ + 0x48, 0x27, 0x19, 0x67, 0xf1, 0xa6, 0x71, 0x30, /* |H'.g..q0| */ + 0xb7, 0x10, 0x5c, 0xd6, 0xa8, 0x28, 0xe0, 0x39, /* |..\..(.9| */ + 0x09, 0xa6, 0x79, 0x62, 0xe0, 0xea, 0x1f, 0x61, /* |..yb...a| */ + 0xde, 0xb6, 0x49, 0xf6, 0xbc, 0x3f, 0x4c, 0xef, /* |..I..?L.| */ + 0x38, 0xc4, 0xf3, 0x55, 0x04, 0xe5, 0x1e, 0xc1, /* |8..U....| */ + 0x12, 0xde, 0x5c, 0x38, 0x4d, 0xf7, 0xba, 0x0b, /* |..\8M...| */ + 0x8d, 0x57, 0x8a, 0x4c, 0x70, 0x2b, 0x6b, 0xf1, /* |.W.Lp+k.| */ + 0x1d, 0x5f, 0xac, /* |._.| */ + }, + }, + }, + LockTime: 0, +} + +// genesisHash is the hash of the first block in the block chain for the main +// network (genesis block). +var genesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy. + 0x6f, 0xe2, 0x8c, 0x0a, 0xb6, 0xf1, 0xb3, 0x72, + 0xc1, 0xa6, 0xa2, 0x46, 0xae, 0x63, 0xf7, 0x4f, + 0x93, 0x1e, 0x83, 0x65, 0xe1, 0x5a, 0x08, 0x9c, + 0x68, 0xd6, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, +}) + +// genesisMerkleRoot is the hash of the first transaction in the genesis block +// for the main network. +var genesisMerkleRoot = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy. + 0x3b, 0xa3, 0xed, 0xfd, 0x7a, 0x7b, 0x12, 0xb2, + 0x7a, 0xc7, 0x2c, 0x3e, 0x67, 0x76, 0x8f, 0x61, + 0x7f, 0xc8, 0x1b, 0xc3, 0x88, 0x8a, 0x51, 0x32, + 0x3a, 0x9f, 0xb8, 0xaa, 0x4b, 0x1e, 0x5e, 0x4a, +}) + +// genesisBlock defines the genesis block of the block chain which serves as the +// public transaction ledger for the main network. +var genesisBlock = wire.MsgBlock{ + Header: wire.BlockHeader{ + Version: 1, + PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000 + MerkleRoot: genesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b + Timestamp: time.Unix(0x495fab29, 0), // 2009-01-03 18:15:05 +0000 UTC + Bits: 0x1d00ffff, // 486604799 [00000000ffff0000000000000000000000000000000000000000000000000000] + Nonce: 0x7c2bac1d, // 2083236893 + }, + Transactions: []*wire.MsgTx{&genesisCoinbaseTx}, +} + +// regTestGenesisHash is the hash of the first block in the block chain for the +// regression test network (genesis block). +var regTestGenesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy. + 0x06, 0x22, 0x6e, 0x46, 0x11, 0x1a, 0x0b, 0x59, + 0xca, 0xaf, 0x12, 0x60, 0x43, 0xeb, 0x5b, 0xbf, + 0x28, 0xc3, 0x4f, 0x3a, 0x5e, 0x33, 0x2a, 0x1f, + 0xc7, 0xb2, 0xb7, 0x3c, 0xf1, 0x88, 0x91, 0x0f, +}) + +// regTestGenesisMerkleRoot is the hash of the first transaction in the genesis +// block for the regression test network. It is the same as the merkle root for +// the main network. +var regTestGenesisMerkleRoot = genesisMerkleRoot + +// regTestGenesisBlock defines the genesis block of the block chain which serves +// as the public transaction ledger for the regression test network. +var regTestGenesisBlock = wire.MsgBlock{ + Header: wire.BlockHeader{ + Version: 1, + PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000 + MerkleRoot: regTestGenesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b + Timestamp: time.Unix(1296688602, 0), // 2011-02-02 23:16:42 +0000 UTC + Bits: 0x207fffff, // 545259519 [7fffff0000000000000000000000000000000000000000000000000000000000] + Nonce: 2, + }, + Transactions: []*wire.MsgTx{&genesisCoinbaseTx}, +} + +// testNet3GenesisHash is the hash of the first block in the block chain for the +// test network (version 3). +var testNet3GenesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy. + 0x43, 0x49, 0x7f, 0xd7, 0xf8, 0x26, 0x95, 0x71, + 0x08, 0xf4, 0xa3, 0x0f, 0xd9, 0xce, 0xc3, 0xae, + 0xba, 0x79, 0x97, 0x20, 0x84, 0xe9, 0x0e, 0xad, + 0x01, 0xea, 0x33, 0x09, 0x00, 0x00, 0x00, 0x00, +}) + +// testNet3GenesisMerkleRoot is the hash of the first transaction in the genesis +// block for the test network (version 3). It is the same as the merkle root +// for the main network. +var testNet3GenesisMerkleRoot = genesisMerkleRoot + +// testNet3GenesisBlock defines the genesis block of the block chain which +// serves as the public transaction ledger for the test network (version 3). +var testNet3GenesisBlock = wire.MsgBlock{ + Header: wire.BlockHeader{ + Version: 1, + PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000 + MerkleRoot: testNet3GenesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b + Timestamp: time.Unix(1296688602, 0), // 2011-02-02 23:16:42 +0000 UTC + Bits: 0x1d00ffff, // 486604799 [00000000ffff0000000000000000000000000000000000000000000000000000] + Nonce: 0x18aea41a, // 414098458 + }, + Transactions: []*wire.MsgTx{&genesisCoinbaseTx}, +} + +// simNetGenesisHash is the hash of the first block in the block chain for the +// simulation test network. +var simNetGenesisHash = chainhash.Hash([chainhash.HashSize]byte{ // Make go vet happy. + 0xf6, 0x7a, 0xd7, 0x69, 0x5d, 0x9b, 0x66, 0x2a, + 0x72, 0xff, 0x3d, 0x8e, 0xdb, 0xbb, 0x2d, 0xe0, + 0xbf, 0xa6, 0x7b, 0x13, 0x97, 0x4b, 0xb9, 0x91, + 0x0d, 0x11, 0x6d, 0x5c, 0xbd, 0x86, 0x3e, 0x68, +}) + +// simNetGenesisMerkleRoot is the hash of the first transaction in the genesis +// block for the simulation test network. It is the same as the merkle root for +// the main network. +var simNetGenesisMerkleRoot = genesisMerkleRoot + +// simNetGenesisBlock defines the genesis block of the block chain which serves +// as the public transaction ledger for the simulation test network. +var simNetGenesisBlock = wire.MsgBlock{ + Header: wire.BlockHeader{ + Version: 1, + PrevBlock: chainhash.Hash{}, // 0000000000000000000000000000000000000000000000000000000000000000 + MerkleRoot: simNetGenesisMerkleRoot, // 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b + Timestamp: time.Unix(1401292357, 0), // 2014-05-28 15:52:37 +0000 UTC + Bits: 0x207fffff, // 545259519 [7fffff0000000000000000000000000000000000000000000000000000000000] + Nonce: 2, + }, + Transactions: []*wire.MsgTx{&genesisCoinbaseTx}, +} diff --git a/vendor/github.com/btcsuite/btcd/chaincfg/params.go b/vendor/github.com/btcsuite/btcd/chaincfg/params.go new file mode 100644 index 0000000..54117b8 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/chaincfg/params.go @@ -0,0 +1,712 @@ +// Copyright (c) 2014-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package chaincfg + +import ( + "errors" + "math" + "math/big" + "strings" + "time" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// These variables are the chain proof-of-work limit parameters for each default +// network. +var ( + // bigOne is 1 represented as a big.Int. It is defined here to avoid + // the overhead of creating it multiple times. + bigOne = big.NewInt(1) + + // mainPowLimit is the highest proof of work value a Bitcoin block can + // have for the main network. It is the value 2^224 - 1. + mainPowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 224), bigOne) + + // regressionPowLimit is the highest proof of work value a Bitcoin block + // can have for the regression test network. It is the value 2^255 - 1. + regressionPowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 255), bigOne) + + // testNet3PowLimit is the highest proof of work value a Bitcoin block + // can have for the test network (version 3). It is the value + // 2^224 - 1. + testNet3PowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 224), bigOne) + + // simNetPowLimit is the highest proof of work value a Bitcoin block + // can have for the simulation test network. It is the value 2^255 - 1. + simNetPowLimit = new(big.Int).Sub(new(big.Int).Lsh(bigOne, 255), bigOne) +) + +// Checkpoint identifies a known good point in the block chain. Using +// checkpoints allows a few optimizations for old blocks during initial download +// and also prevents forks from old blocks. +// +// Each checkpoint is selected based upon several factors. See the +// documentation for blockchain.IsCheckpointCandidate for details on the +// selection criteria. +type Checkpoint struct { + Height int32 + Hash *chainhash.Hash +} + +// DNSSeed identifies a DNS seed. +type DNSSeed struct { + // Host defines the hostname of the seed. + Host string + + // HasFiltering defines whether the seed supports filtering + // by service flags (wire.ServiceFlag). + HasFiltering bool +} + +// ConsensusDeployment defines details related to a specific consensus rule +// change that is voted in. This is part of BIP0009. +type ConsensusDeployment struct { + // BitNumber defines the specific bit number within the block version + // this particular soft-fork deployment refers to. + BitNumber uint8 + + // StartTime is the median block time after which voting on the + // deployment starts. + StartTime uint64 + + // ExpireTime is the median block time after which the attempted + // deployment expires. + ExpireTime uint64 +} + +// Constants that define the deployment offset in the deployments field of the +// parameters for each deployment. This is useful to be able to get the details +// of a specific deployment by name. +const ( + // DeploymentTestDummy defines the rule change deployment ID for testing + // purposes. + DeploymentTestDummy = iota + + // DeploymentCSV defines the rule change deployment ID for the CSV + // soft-fork package. The CSV package includes the deployment of BIPS + // 68, 112, and 113. + DeploymentCSV + + // DeploymentSegwit defines the rule change deployment ID for the + // Segregated Witness (segwit) soft-fork package. The segwit package + // includes the deployment of BIPS 141, 142, 144, 145, 147 and 173. + DeploymentSegwit + + // NOTE: DefinedDeployments must always come last since it is used to + // determine how many defined deployments there currently are. + + // DefinedDeployments is the number of currently defined deployments. + DefinedDeployments +) + +// Params defines a Bitcoin network by its parameters. These parameters may be +// used by Bitcoin applications to differentiate networks as well as addresses +// and keys for one network from those intended for use on another network. +type Params struct { + // Name defines a human-readable identifier for the network. + Name string + + // Net defines the magic bytes used to identify the network. + Net wire.BitcoinNet + + // DefaultPort defines the default peer-to-peer port for the network. + DefaultPort string + + // DNSSeeds defines a list of DNS seeds for the network that are used + // as one method to discover peers. + DNSSeeds []DNSSeed + + // GenesisBlock defines the first block of the chain. + GenesisBlock *wire.MsgBlock + + // GenesisHash is the starting block hash. + GenesisHash *chainhash.Hash + + // PowLimit defines the highest allowed proof of work value for a block + // as a uint256. + PowLimit *big.Int + + // PowLimitBits defines the highest allowed proof of work value for a + // block in compact form. + PowLimitBits uint32 + + // These fields define the block heights at which the specified softfork + // BIP became active. + BIP0034Height int32 + BIP0065Height int32 + BIP0066Height int32 + + // CoinbaseMaturity is the number of blocks required before newly mined + // coins (coinbase transactions) can be spent. + CoinbaseMaturity uint16 + + // SubsidyReductionInterval is the interval of blocks before the subsidy + // is reduced. + SubsidyReductionInterval int32 + + // TargetTimespan is the desired amount of time that should elapse + // before the block difficulty requirement is examined to determine how + // it should be changed in order to maintain the desired block + // generation rate. + TargetTimespan time.Duration + + // TargetTimePerBlock is the desired amount of time to generate each + // block. + TargetTimePerBlock time.Duration + + // RetargetAdjustmentFactor is the adjustment factor used to limit + // the minimum and maximum amount of adjustment that can occur between + // difficulty retargets. + RetargetAdjustmentFactor int64 + + // ReduceMinDifficulty defines whether the network should reduce the + // minimum required difficulty after a long enough period of time has + // passed without finding a block. This is really only useful for test + // networks and should not be set on a main network. + ReduceMinDifficulty bool + + // MinDiffReductionTime is the amount of time after which the minimum + // required difficulty should be reduced when a block hasn't been found. + // + // NOTE: This only applies if ReduceMinDifficulty is true. + MinDiffReductionTime time.Duration + + // GenerateSupported specifies whether or not CPU mining is allowed. + GenerateSupported bool + + // Checkpoints ordered from oldest to newest. + Checkpoints []Checkpoint + + // These fields are related to voting on consensus rule changes as + // defined by BIP0009. + // + // RuleChangeActivationThreshold is the number of blocks in a threshold + // state retarget window for which a positive vote for a rule change + // must be cast in order to lock in a rule change. It should typically + // be 95% for the main network and 75% for test networks. + // + // MinerConfirmationWindow is the number of blocks in each threshold + // state retarget window. + // + // Deployments define the specific consensus rule changes to be voted + // on. + RuleChangeActivationThreshold uint32 + MinerConfirmationWindow uint32 + Deployments [DefinedDeployments]ConsensusDeployment + + // Mempool parameters + RelayNonStdTxs bool + + // Human-readable part for Bech32 encoded segwit addresses, as defined + // in BIP 173. + Bech32HRPSegwit string + + // Address encoding magics + PubKeyHashAddrID byte // First byte of a P2PKH address + ScriptHashAddrID byte // First byte of a P2SH address + PrivateKeyID byte // First byte of a WIF private key + WitnessPubKeyHashAddrID byte // First byte of a P2WPKH address + WitnessScriptHashAddrID byte // First byte of a P2WSH address + + // BIP32 hierarchical deterministic extended key magics + HDPrivateKeyID [4]byte + HDPublicKeyID [4]byte + + // BIP44 coin type used in the hierarchical deterministic path for + // address generation. + HDCoinType uint32 +} + +// MainNetParams defines the network parameters for the main Bitcoin network. +var MainNetParams = Params{ + Name: "mainnet", + Net: wire.MainNet, + DefaultPort: "8333", + DNSSeeds: []DNSSeed{ + {"seed.bitcoin.sipa.be", true}, + {"dnsseed.bluematt.me", true}, + {"dnsseed.bitcoin.dashjr.org", false}, + {"seed.bitcoinstats.com", true}, + {"seed.bitnodes.io", false}, + {"seed.bitcoin.jonasschnelli.ch", true}, + }, + + // Chain parameters + GenesisBlock: &genesisBlock, + GenesisHash: &genesisHash, + PowLimit: mainPowLimit, + PowLimitBits: 0x1d00ffff, + BIP0034Height: 227931, // 000000000000024b89b42a942fe0d9fea3bb44ab7bd1b19115dd6a759c0808b8 + BIP0065Height: 388381, // 000000000000000004c2b624ed5d7756c508d90fd0da2c7c679febfa6c4735f0 + BIP0066Height: 363725, // 00000000000000000379eaa19dce8c9b722d46ae6a57c2f1a988119488b50931 + CoinbaseMaturity: 100, + SubsidyReductionInterval: 210000, + TargetTimespan: time.Hour * 24 * 14, // 14 days + TargetTimePerBlock: time.Minute * 10, // 10 minutes + RetargetAdjustmentFactor: 4, // 25% less, 400% more + ReduceMinDifficulty: false, + MinDiffReductionTime: 0, + GenerateSupported: false, + + // Checkpoints ordered from oldest to newest. + Checkpoints: []Checkpoint{ + {11111, newHashFromStr("0000000069e244f73d78e8fd29ba2fd2ed618bd6fa2ee92559f542fdb26e7c1d")}, + {33333, newHashFromStr("000000002dd5588a74784eaa7ab0507a18ad16a236e7b1ce69f00d7ddfb5d0a6")}, + {74000, newHashFromStr("0000000000573993a3c9e41ce34471c079dcf5f52a0e824a81e7f953b8661a20")}, + {105000, newHashFromStr("00000000000291ce28027faea320c8d2b054b2e0fe44a773f3eefb151d6bdc97")}, + {134444, newHashFromStr("00000000000005b12ffd4cd315cd34ffd4a594f430ac814c91184a0d42d2b0fe")}, + {168000, newHashFromStr("000000000000099e61ea72015e79632f216fe6cb33d7899acb35b75c8303b763")}, + {193000, newHashFromStr("000000000000059f452a5f7340de6682a977387c17010ff6e6c3bd83ca8b1317")}, + {210000, newHashFromStr("000000000000048b95347e83192f69cf0366076336c639f9b7228e9ba171342e")}, + {216116, newHashFromStr("00000000000001b4f4b433e81ee46494af945cf96014816a4e2370f11b23df4e")}, + {225430, newHashFromStr("00000000000001c108384350f74090433e7fcf79a606b8e797f065b130575932")}, + {250000, newHashFromStr("000000000000003887df1f29024b06fc2200b55f8af8f35453d7be294df2d214")}, + {267300, newHashFromStr("000000000000000a83fbd660e918f218bf37edd92b748ad940483c7c116179ac")}, + {279000, newHashFromStr("0000000000000001ae8c72a0b0c301f67e3afca10e819efa9041e458e9bd7e40")}, + {300255, newHashFromStr("0000000000000000162804527c6e9b9f0563a280525f9d08c12041def0a0f3b2")}, + {319400, newHashFromStr("000000000000000021c6052e9becade189495d1c539aa37c58917305fd15f13b")}, + {343185, newHashFromStr("0000000000000000072b8bf361d01a6ba7d445dd024203fafc78768ed4368554")}, + {352940, newHashFromStr("000000000000000010755df42dba556bb72be6a32f3ce0b6941ce4430152c9ff")}, + {382320, newHashFromStr("00000000000000000a8dc6ed5b133d0eb2fd6af56203e4159789b092defd8ab2")}, + {400000, newHashFromStr("000000000000000004ec466ce4732fe6f1ed1cddc2ed4b328fff5224276e3f6f")}, + {430000, newHashFromStr("000000000000000001868b2bb3a285f3cc6b33ea234eb70facf4dcdf22186b87")}, + {460000, newHashFromStr("000000000000000000ef751bbce8e744ad303c47ece06c8d863e4d417efc258c")}, + {490000, newHashFromStr("000000000000000000de069137b17b8d5a3dfbd5b145b2dcfb203f15d0c4de90")}, + {520000, newHashFromStr("0000000000000000000d26984c0229c9f6962dc74db0a6d525f2f1640396f69c")}, + {550000, newHashFromStr("000000000000000000223b7a2298fb1c6c75fb0efc28a4c56853ff4112ec6bc9")}, + {560000, newHashFromStr("0000000000000000002c7b276daf6efb2b6aa68e2ce3be67ef925b3264ae7122")}, + }, + + // Consensus rule change deployments. + // + // The miner confirmation window is defined as: + // target proof of work timespan / target proof of work spacing + RuleChangeActivationThreshold: 1916, // 95% of MinerConfirmationWindow + MinerConfirmationWindow: 2016, // + Deployments: [DefinedDeployments]ConsensusDeployment{ + DeploymentTestDummy: { + BitNumber: 28, + StartTime: 1199145601, // January 1, 2008 UTC + ExpireTime: 1230767999, // December 31, 2008 UTC + }, + DeploymentCSV: { + BitNumber: 0, + StartTime: 1462060800, // May 1st, 2016 + ExpireTime: 1493596800, // May 1st, 2017 + }, + DeploymentSegwit: { + BitNumber: 1, + StartTime: 1479168000, // November 15, 2016 UTC + ExpireTime: 1510704000, // November 15, 2017 UTC. + }, + }, + + // Mempool parameters + RelayNonStdTxs: false, + + // Human-readable part for Bech32 encoded segwit addresses, as defined in + // BIP 173. + Bech32HRPSegwit: "bc", // always bc for main net + + // Address encoding magics + PubKeyHashAddrID: 0x00, // starts with 1 + ScriptHashAddrID: 0x05, // starts with 3 + PrivateKeyID: 0x80, // starts with 5 (uncompressed) or K (compressed) + WitnessPubKeyHashAddrID: 0x06, // starts with p2 + WitnessScriptHashAddrID: 0x0A, // starts with 7Xh + + // BIP32 hierarchical deterministic extended key magics + HDPrivateKeyID: [4]byte{0x04, 0x88, 0xad, 0xe4}, // starts with xprv + HDPublicKeyID: [4]byte{0x04, 0x88, 0xb2, 0x1e}, // starts with xpub + + // BIP44 coin type used in the hierarchical deterministic path for + // address generation. + HDCoinType: 0, +} + +// RegressionNetParams defines the network parameters for the regression test +// Bitcoin network. Not to be confused with the test Bitcoin network (version +// 3), this network is sometimes simply called "testnet". +var RegressionNetParams = Params{ + Name: "regtest", + Net: wire.TestNet, + DefaultPort: "18444", + DNSSeeds: []DNSSeed{}, + + // Chain parameters + GenesisBlock: ®TestGenesisBlock, + GenesisHash: ®TestGenesisHash, + PowLimit: regressionPowLimit, + PowLimitBits: 0x207fffff, + CoinbaseMaturity: 100, + BIP0034Height: 100000000, // Not active - Permit ver 1 blocks + BIP0065Height: 1351, // Used by regression tests + BIP0066Height: 1251, // Used by regression tests + SubsidyReductionInterval: 150, + TargetTimespan: time.Hour * 24 * 14, // 14 days + TargetTimePerBlock: time.Minute * 10, // 10 minutes + RetargetAdjustmentFactor: 4, // 25% less, 400% more + ReduceMinDifficulty: true, + MinDiffReductionTime: time.Minute * 20, // TargetTimePerBlock * 2 + GenerateSupported: true, + + // Checkpoints ordered from oldest to newest. + Checkpoints: nil, + + // Consensus rule change deployments. + // + // The miner confirmation window is defined as: + // target proof of work timespan / target proof of work spacing + RuleChangeActivationThreshold: 108, // 75% of MinerConfirmationWindow + MinerConfirmationWindow: 144, + Deployments: [DefinedDeployments]ConsensusDeployment{ + DeploymentTestDummy: { + BitNumber: 28, + StartTime: 0, // Always available for vote + ExpireTime: math.MaxInt64, // Never expires + }, + DeploymentCSV: { + BitNumber: 0, + StartTime: 0, // Always available for vote + ExpireTime: math.MaxInt64, // Never expires + }, + DeploymentSegwit: { + BitNumber: 1, + StartTime: 0, // Always available for vote + ExpireTime: math.MaxInt64, // Never expires. + }, + }, + + // Mempool parameters + RelayNonStdTxs: true, + + // Human-readable part for Bech32 encoded segwit addresses, as defined in + // BIP 173. + Bech32HRPSegwit: "bcrt", // always bcrt for reg test net + + // Address encoding magics + PubKeyHashAddrID: 0x6f, // starts with m or n + ScriptHashAddrID: 0xc4, // starts with 2 + PrivateKeyID: 0xef, // starts with 9 (uncompressed) or c (compressed) + + // BIP32 hierarchical deterministic extended key magics + HDPrivateKeyID: [4]byte{0x04, 0x35, 0x83, 0x94}, // starts with tprv + HDPublicKeyID: [4]byte{0x04, 0x35, 0x87, 0xcf}, // starts with tpub + + // BIP44 coin type used in the hierarchical deterministic path for + // address generation. + HDCoinType: 1, +} + +// TestNet3Params defines the network parameters for the test Bitcoin network +// (version 3). Not to be confused with the regression test network, this +// network is sometimes simply called "testnet". +var TestNet3Params = Params{ + Name: "testnet3", + Net: wire.TestNet3, + DefaultPort: "18333", + DNSSeeds: []DNSSeed{ + {"testnet-seed.bitcoin.jonasschnelli.ch", true}, + {"testnet-seed.bitcoin.schildbach.de", false}, + {"seed.tbtc.petertodd.org", true}, + {"testnet-seed.bluematt.me", false}, + }, + + // Chain parameters + GenesisBlock: &testNet3GenesisBlock, + GenesisHash: &testNet3GenesisHash, + PowLimit: testNet3PowLimit, + PowLimitBits: 0x1d00ffff, + BIP0034Height: 21111, // 0000000023b3a96d3484e5abb3755c413e7d41500f8e2a5c3f0dd01299cd8ef8 + BIP0065Height: 581885, // 00000000007f6655f22f98e72ed80d8b06dc761d5da09df0fa1dc4be4f861eb6 + BIP0066Height: 330776, // 000000002104c8c45e99a8853285a3b592602a3ccde2b832481da85e9e4ba182 + CoinbaseMaturity: 100, + SubsidyReductionInterval: 210000, + TargetTimespan: time.Hour * 24 * 14, // 14 days + TargetTimePerBlock: time.Minute * 10, // 10 minutes + RetargetAdjustmentFactor: 4, // 25% less, 400% more + ReduceMinDifficulty: true, + MinDiffReductionTime: time.Minute * 20, // TargetTimePerBlock * 2 + GenerateSupported: false, + + // Checkpoints ordered from oldest to newest. + Checkpoints: []Checkpoint{ + {546, newHashFromStr("000000002a936ca763904c3c35fce2f3556c559c0214345d31b1bcebf76acb70")}, + {100000, newHashFromStr("00000000009e2958c15ff9290d571bf9459e93b19765c6801ddeccadbb160a1e")}, + {200000, newHashFromStr("0000000000287bffd321963ef05feab753ebe274e1d78b2fd4e2bfe9ad3aa6f2")}, + {300001, newHashFromStr("0000000000004829474748f3d1bc8fcf893c88be255e6d7f571c548aff57abf4")}, + {400002, newHashFromStr("0000000005e2c73b8ecb82ae2dbc2e8274614ebad7172b53528aba7501f5a089")}, + {500011, newHashFromStr("00000000000929f63977fbac92ff570a9bd9e7715401ee96f2848f7b07750b02")}, + {600002, newHashFromStr("000000000001f471389afd6ee94dcace5ccc44adc18e8bff402443f034b07240")}, + {700000, newHashFromStr("000000000000406178b12a4dea3b27e13b3c4fe4510994fd667d7c1e6a3f4dc1")}, + {800010, newHashFromStr("000000000017ed35296433190b6829db01e657d80631d43f5983fa403bfdb4c1")}, + {900000, newHashFromStr("0000000000356f8d8924556e765b7a94aaebc6b5c8685dcfa2b1ee8b41acd89b")}, + {1000007, newHashFromStr("00000000001ccb893d8a1f25b70ad173ce955e5f50124261bbbc50379a612ddf")}, + {1100007, newHashFromStr("00000000000abc7b2cd18768ab3dee20857326a818d1946ed6796f42d66dd1e8")}, + {1200007, newHashFromStr("00000000000004f2dc41845771909db57e04191714ed8c963f7e56713a7b6cea")}, + {1300007, newHashFromStr("0000000072eab69d54df75107c052b26b0395b44f77578184293bf1bb1dbd9fa")}, + }, + + // Consensus rule change deployments. + // + // The miner confirmation window is defined as: + // target proof of work timespan / target proof of work spacing + RuleChangeActivationThreshold: 1512, // 75% of MinerConfirmationWindow + MinerConfirmationWindow: 2016, + Deployments: [DefinedDeployments]ConsensusDeployment{ + DeploymentTestDummy: { + BitNumber: 28, + StartTime: 1199145601, // January 1, 2008 UTC + ExpireTime: 1230767999, // December 31, 2008 UTC + }, + DeploymentCSV: { + BitNumber: 0, + StartTime: 1456790400, // March 1st, 2016 + ExpireTime: 1493596800, // May 1st, 2017 + }, + DeploymentSegwit: { + BitNumber: 1, + StartTime: 1462060800, // May 1, 2016 UTC + ExpireTime: 1493596800, // May 1, 2017 UTC. + }, + }, + + // Mempool parameters + RelayNonStdTxs: true, + + // Human-readable part for Bech32 encoded segwit addresses, as defined in + // BIP 173. + Bech32HRPSegwit: "tb", // always tb for test net + + // Address encoding magics + PubKeyHashAddrID: 0x6f, // starts with m or n + ScriptHashAddrID: 0xc4, // starts with 2 + WitnessPubKeyHashAddrID: 0x03, // starts with QW + WitnessScriptHashAddrID: 0x28, // starts with T7n + PrivateKeyID: 0xef, // starts with 9 (uncompressed) or c (compressed) + + // BIP32 hierarchical deterministic extended key magics + HDPrivateKeyID: [4]byte{0x04, 0x35, 0x83, 0x94}, // starts with tprv + HDPublicKeyID: [4]byte{0x04, 0x35, 0x87, 0xcf}, // starts with tpub + + // BIP44 coin type used in the hierarchical deterministic path for + // address generation. + HDCoinType: 1, +} + +// SimNetParams defines the network parameters for the simulation test Bitcoin +// network. This network is similar to the normal test network except it is +// intended for private use within a group of individuals doing simulation +// testing. The functionality is intended to differ in that the only nodes +// which are specifically specified are used to create the network rather than +// following normal discovery rules. This is important as otherwise it would +// just turn into another public testnet. +var SimNetParams = Params{ + Name: "simnet", + Net: wire.SimNet, + DefaultPort: "18555", + DNSSeeds: []DNSSeed{}, // NOTE: There must NOT be any seeds. + + // Chain parameters + GenesisBlock: &simNetGenesisBlock, + GenesisHash: &simNetGenesisHash, + PowLimit: simNetPowLimit, + PowLimitBits: 0x207fffff, + BIP0034Height: 0, // Always active on simnet + BIP0065Height: 0, // Always active on simnet + BIP0066Height: 0, // Always active on simnet + CoinbaseMaturity: 100, + SubsidyReductionInterval: 210000, + TargetTimespan: time.Hour * 24 * 14, // 14 days + TargetTimePerBlock: time.Minute * 10, // 10 minutes + RetargetAdjustmentFactor: 4, // 25% less, 400% more + ReduceMinDifficulty: true, + MinDiffReductionTime: time.Minute * 20, // TargetTimePerBlock * 2 + GenerateSupported: true, + + // Checkpoints ordered from oldest to newest. + Checkpoints: nil, + + // Consensus rule change deployments. + // + // The miner confirmation window is defined as: + // target proof of work timespan / target proof of work spacing + RuleChangeActivationThreshold: 75, // 75% of MinerConfirmationWindow + MinerConfirmationWindow: 100, + Deployments: [DefinedDeployments]ConsensusDeployment{ + DeploymentTestDummy: { + BitNumber: 28, + StartTime: 0, // Always available for vote + ExpireTime: math.MaxInt64, // Never expires + }, + DeploymentCSV: { + BitNumber: 0, + StartTime: 0, // Always available for vote + ExpireTime: math.MaxInt64, // Never expires + }, + DeploymentSegwit: { + BitNumber: 1, + StartTime: 0, // Always available for vote + ExpireTime: math.MaxInt64, // Never expires. + }, + }, + + // Mempool parameters + RelayNonStdTxs: true, + + // Human-readable part for Bech32 encoded segwit addresses, as defined in + // BIP 173. + Bech32HRPSegwit: "sb", // always sb for sim net + + // Address encoding magics + PubKeyHashAddrID: 0x3f, // starts with S + ScriptHashAddrID: 0x7b, // starts with s + PrivateKeyID: 0x64, // starts with 4 (uncompressed) or F (compressed) + WitnessPubKeyHashAddrID: 0x19, // starts with Gg + WitnessScriptHashAddrID: 0x28, // starts with ? + + // BIP32 hierarchical deterministic extended key magics + HDPrivateKeyID: [4]byte{0x04, 0x20, 0xb9, 0x00}, // starts with sprv + HDPublicKeyID: [4]byte{0x04, 0x20, 0xbd, 0x3a}, // starts with spub + + // BIP44 coin type used in the hierarchical deterministic path for + // address generation. + HDCoinType: 115, // ASCII for s +} + +var ( + // ErrDuplicateNet describes an error where the parameters for a Bitcoin + // network could not be set due to the network already being a standard + // network or previously-registered into this package. + ErrDuplicateNet = errors.New("duplicate Bitcoin network") + + // ErrUnknownHDKeyID describes an error where the provided id which + // is intended to identify the network for a hierarchical deterministic + // private extended key is not registered. + ErrUnknownHDKeyID = errors.New("unknown hd private extended key bytes") +) + +var ( + registeredNets = make(map[wire.BitcoinNet]struct{}) + pubKeyHashAddrIDs = make(map[byte]struct{}) + scriptHashAddrIDs = make(map[byte]struct{}) + bech32SegwitPrefixes = make(map[string]struct{}) + hdPrivToPubKeyIDs = make(map[[4]byte][]byte) +) + +// String returns the hostname of the DNS seed in human-readable form. +func (d DNSSeed) String() string { + return d.Host +} + +// Register registers the network parameters for a Bitcoin network. This may +// error with ErrDuplicateNet if the network is already registered (either +// due to a previous Register call, or the network being one of the default +// networks). +// +// Network parameters should be registered into this package by a main package +// as early as possible. Then, library packages may lookup networks or network +// parameters based on inputs and work regardless of the network being standard +// or not. +func Register(params *Params) error { + if _, ok := registeredNets[params.Net]; ok { + return ErrDuplicateNet + } + registeredNets[params.Net] = struct{}{} + pubKeyHashAddrIDs[params.PubKeyHashAddrID] = struct{}{} + scriptHashAddrIDs[params.ScriptHashAddrID] = struct{}{} + hdPrivToPubKeyIDs[params.HDPrivateKeyID] = params.HDPublicKeyID[:] + + // A valid Bech32 encoded segwit address always has as prefix the + // human-readable part for the given net followed by '1'. + bech32SegwitPrefixes[params.Bech32HRPSegwit+"1"] = struct{}{} + return nil +} + +// mustRegister performs the same function as Register except it panics if there +// is an error. This should only be called from package init functions. +func mustRegister(params *Params) { + if err := Register(params); err != nil { + panic("failed to register network: " + err.Error()) + } +} + +// IsPubKeyHashAddrID returns whether the id is an identifier known to prefix a +// pay-to-pubkey-hash address on any default or registered network. This is +// used when decoding an address string into a specific address type. It is up +// to the caller to check both this and IsScriptHashAddrID and decide whether an +// address is a pubkey hash address, script hash address, neither, or +// undeterminable (if both return true). +func IsPubKeyHashAddrID(id byte) bool { + _, ok := pubKeyHashAddrIDs[id] + return ok +} + +// IsScriptHashAddrID returns whether the id is an identifier known to prefix a +// pay-to-script-hash address on any default or registered network. This is +// used when decoding an address string into a specific address type. It is up +// to the caller to check both this and IsPubKeyHashAddrID and decide whether an +// address is a pubkey hash address, script hash address, neither, or +// undeterminable (if both return true). +func IsScriptHashAddrID(id byte) bool { + _, ok := scriptHashAddrIDs[id] + return ok +} + +// IsBech32SegwitPrefix returns whether the prefix is a known prefix for segwit +// addresses on any default or registered network. This is used when decoding +// an address string into a specific address type. +func IsBech32SegwitPrefix(prefix string) bool { + prefix = strings.ToLower(prefix) + _, ok := bech32SegwitPrefixes[prefix] + return ok +} + +// HDPrivateKeyToPublicKeyID accepts a private hierarchical deterministic +// extended key id and returns the associated public key id. When the provided +// id is not registered, the ErrUnknownHDKeyID error will be returned. +func HDPrivateKeyToPublicKeyID(id []byte) ([]byte, error) { + if len(id) != 4 { + return nil, ErrUnknownHDKeyID + } + + var key [4]byte + copy(key[:], id) + pubBytes, ok := hdPrivToPubKeyIDs[key] + if !ok { + return nil, ErrUnknownHDKeyID + } + + return pubBytes, nil +} + +// newHashFromStr converts the passed big-endian hex string into a +// chainhash.Hash. It only differs from the one available in chainhash in that +// it panics on an error since it will only (and must only) be called with +// hard-coded, and therefore known good, hashes. +func newHashFromStr(hexStr string) *chainhash.Hash { + hash, err := chainhash.NewHashFromStr(hexStr) + if err != nil { + // Ordinarily I don't like panics in library code since it + // can take applications down without them having a chance to + // recover which is extremely annoying, however an exception is + // being made in this case because the only way this can panic + // is if there is an error in the hard-coded hashes. Thus it + // will only ever potentially panic on init and therefore is + // 100% predictable. + panic(err) + } + return hash +} + +func init() { + // Register all default networks when the package is initialized. + mustRegister(&MainNetParams) + mustRegister(&TestNet3Params) + mustRegister(&RegressionNetParams) + mustRegister(&SimNetParams) +} diff --git a/vendor/github.com/btcsuite/btcd/connmgr/README.md b/vendor/github.com/btcsuite/btcd/connmgr/README.md new file mode 100644 index 0000000..6f3968c --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/README.md @@ -0,0 +1,37 @@ +connmgr +======= + +[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)](https://travis-ci.org/btcsuite/btcd) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcd/connmgr) + +Package connmgr implements a generic Bitcoin network connection manager. + +## Overview + +Connection Manager handles all the general connection concerns such as +maintaining a set number of outbound connections, sourcing peers, banning, +limiting max connections, tor lookup, etc. + +The package provides a generic connection manager which is able to accept +connection requests from a source or a set of given addresses, dial them and +notify the caller on connections. The main intended use is to initialize a pool +of active connections and maintain them to remain connected to the P2P network. + +In addition the connection manager provides the following utilities: + +- Notifications on connections or disconnections +- Handle failures and retry new addresses from the source +- Connect only to specified addresses +- Permanent connections with increasing backoff retry timers +- Disconnect or Remove an established connection + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcd/connmgr +``` + +## License + +Package connmgr is licensed under the [copyfree](http://copyfree.org) ISC License. diff --git a/vendor/github.com/btcsuite/btcd/connmgr/connmanager.go b/vendor/github.com/btcsuite/btcd/connmgr/connmanager.go new file mode 100644 index 0000000..9a68190 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/connmanager.go @@ -0,0 +1,577 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package connmgr + +import ( + "errors" + "fmt" + "net" + "sync" + "sync/atomic" + "time" +) + +// maxFailedAttempts is the maximum number of successive failed connection +// attempts after which network failure is assumed and new connections will +// be delayed by the configured retry duration. +const maxFailedAttempts = 25 + +var ( + //ErrDialNil is used to indicate that Dial cannot be nil in the configuration. + ErrDialNil = errors.New("Config: Dial cannot be nil") + + // maxRetryDuration is the max duration of time retrying of a persistent + // connection is allowed to grow to. This is necessary since the retry + // logic uses a backoff mechanism which increases the interval base times + // the number of retries that have been done. + maxRetryDuration = time.Minute * 5 + + // defaultRetryDuration is the default duration of time for retrying + // persistent connections. + defaultRetryDuration = time.Second * 5 + + // defaultTargetOutbound is the default number of outbound connections to + // maintain. + defaultTargetOutbound = uint32(8) +) + +// ConnState represents the state of the requested connection. +type ConnState uint8 + +// ConnState can be either pending, established, disconnected or failed. When +// a new connection is requested, it is attempted and categorized as +// established or failed depending on the connection result. An established +// connection which was disconnected is categorized as disconnected. +const ( + ConnPending ConnState = iota + ConnFailing + ConnCanceled + ConnEstablished + ConnDisconnected +) + +// ConnReq is the connection request to a network address. If permanent, the +// connection will be retried on disconnection. +type ConnReq struct { + // The following variables must only be used atomically. + id uint64 + + Addr net.Addr + Permanent bool + + conn net.Conn + state ConnState + stateMtx sync.RWMutex + retryCount uint32 +} + +// updateState updates the state of the connection request. +func (c *ConnReq) updateState(state ConnState) { + c.stateMtx.Lock() + c.state = state + c.stateMtx.Unlock() +} + +// ID returns a unique identifier for the connection request. +func (c *ConnReq) ID() uint64 { + return atomic.LoadUint64(&c.id) +} + +// State is the connection state of the requested connection. +func (c *ConnReq) State() ConnState { + c.stateMtx.RLock() + state := c.state + c.stateMtx.RUnlock() + return state +} + +// String returns a human-readable string for the connection request. +func (c *ConnReq) String() string { + if c.Addr == nil || c.Addr.String() == "" { + return fmt.Sprintf("reqid %d", atomic.LoadUint64(&c.id)) + } + return fmt.Sprintf("%s (reqid %d)", c.Addr, atomic.LoadUint64(&c.id)) +} + +// Config holds the configuration options related to the connection manager. +type Config struct { + // Listeners defines a slice of listeners for which the connection + // manager will take ownership of and accept connections. When a + // connection is accepted, the OnAccept handler will be invoked with the + // connection. Since the connection manager takes ownership of these + // listeners, they will be closed when the connection manager is + // stopped. + // + // This field will not have any effect if the OnAccept field is not + // also specified. It may be nil if the caller does not wish to listen + // for incoming connections. + Listeners []net.Listener + + // OnAccept is a callback that is fired when an inbound connection is + // accepted. It is the caller's responsibility to close the connection. + // Failure to close the connection will result in the connection manager + // believing the connection is still active and thus have undesirable + // side effects such as still counting toward maximum connection limits. + // + // This field will not have any effect if the Listeners field is not + // also specified since there couldn't possibly be any accepted + // connections in that case. + OnAccept func(net.Conn) + + // TargetOutbound is the number of outbound network connections to + // maintain. Defaults to 8. + TargetOutbound uint32 + + // RetryDuration is the duration to wait before retrying connection + // requests. Defaults to 5s. + RetryDuration time.Duration + + // OnConnection is a callback that is fired when a new outbound + // connection is established. + OnConnection func(*ConnReq, net.Conn) + + // OnDisconnection is a callback that is fired when an outbound + // connection is disconnected. + OnDisconnection func(*ConnReq) + + // GetNewAddress is a way to get an address to make a network connection + // to. If nil, no new connections will be made automatically. + GetNewAddress func() (net.Addr, error) + + // Dial connects to the address on the named network. It cannot be nil. + Dial func(net.Addr) (net.Conn, error) +} + +// registerPending is used to register a pending connection attempt. By +// registering pending connection attempts we allow callers to cancel pending +// connection attempts before their successful or in the case they're not +// longer wanted. +type registerPending struct { + c *ConnReq + done chan struct{} +} + +// handleConnected is used to queue a successful connection. +type handleConnected struct { + c *ConnReq + conn net.Conn +} + +// handleDisconnected is used to remove a connection. +type handleDisconnected struct { + id uint64 + retry bool +} + +// handleFailed is used to remove a pending connection. +type handleFailed struct { + c *ConnReq + err error +} + +// ConnManager provides a manager to handle network connections. +type ConnManager struct { + // The following variables must only be used atomically. + connReqCount uint64 + start int32 + stop int32 + + cfg Config + wg sync.WaitGroup + failedAttempts uint64 + requests chan interface{} + quit chan struct{} +} + +// handleFailedConn handles a connection failed due to a disconnect or any +// other failure. If permanent, it retries the connection after the configured +// retry duration. Otherwise, if required, it makes a new connection request. +// After maxFailedConnectionAttempts new connections will be retried after the +// configured retry duration. +func (cm *ConnManager) handleFailedConn(c *ConnReq) { + if atomic.LoadInt32(&cm.stop) != 0 { + return + } + if c.Permanent { + c.retryCount++ + d := time.Duration(c.retryCount) * cm.cfg.RetryDuration + if d > maxRetryDuration { + d = maxRetryDuration + } + log.Debugf("Retrying connection to %v in %v", c, d) + time.AfterFunc(d, func() { + cm.Connect(c) + }) + } else if cm.cfg.GetNewAddress != nil { + cm.failedAttempts++ + if cm.failedAttempts >= maxFailedAttempts { + log.Debugf("Max failed connection attempts reached: [%d] "+ + "-- retrying connection in: %v", maxFailedAttempts, + cm.cfg.RetryDuration) + time.AfterFunc(cm.cfg.RetryDuration, func() { + cm.NewConnReq() + }) + } else { + go cm.NewConnReq() + } + } +} + +// connHandler handles all connection related requests. It must be run as a +// goroutine. +// +// The connection handler makes sure that we maintain a pool of active outbound +// connections so that we remain connected to the network. Connection requests +// are processed and mapped by their assigned ids. +func (cm *ConnManager) connHandler() { + + var ( + // pending holds all registered conn requests that have yet to + // succeed. + pending = make(map[uint64]*ConnReq) + + // conns represents the set of all actively connected peers. + conns = make(map[uint64]*ConnReq, cm.cfg.TargetOutbound) + ) + +out: + for { + select { + case req := <-cm.requests: + switch msg := req.(type) { + + case registerPending: + connReq := msg.c + connReq.updateState(ConnPending) + pending[msg.c.id] = connReq + close(msg.done) + + case handleConnected: + connReq := msg.c + + if _, ok := pending[connReq.id]; !ok { + if msg.conn != nil { + msg.conn.Close() + } + log.Debugf("Ignoring connection for "+ + "canceled connreq=%v", connReq) + continue + } + + connReq.updateState(ConnEstablished) + connReq.conn = msg.conn + conns[connReq.id] = connReq + log.Debugf("Connected to %v", connReq) + connReq.retryCount = 0 + cm.failedAttempts = 0 + + delete(pending, connReq.id) + + if cm.cfg.OnConnection != nil { + go cm.cfg.OnConnection(connReq, msg.conn) + } + + case handleDisconnected: + connReq, ok := conns[msg.id] + if !ok { + connReq, ok = pending[msg.id] + if !ok { + log.Errorf("Unknown connid=%d", + msg.id) + continue + } + + // Pending connection was found, remove + // it from pending map if we should + // ignore a later, successful + // connection. + connReq.updateState(ConnCanceled) + log.Debugf("Canceling: %v", connReq) + delete(pending, msg.id) + continue + + } + + // An existing connection was located, mark as + // disconnected and execute disconnection + // callback. + log.Debugf("Disconnected from %v", connReq) + delete(conns, msg.id) + + if connReq.conn != nil { + connReq.conn.Close() + } + + if cm.cfg.OnDisconnection != nil { + go cm.cfg.OnDisconnection(connReq) + } + + // All internal state has been cleaned up, if + // this connection is being removed, we will + // make no further attempts with this request. + if !msg.retry { + connReq.updateState(ConnDisconnected) + continue + } + + // Otherwise, we will attempt a reconnection if + // we do not have enough peers, or if this is a + // persistent peer. The connection request is + // re added to the pending map, so that + // subsequent processing of connections and + // failures do not ignore the request. + if uint32(len(conns)) < cm.cfg.TargetOutbound || + connReq.Permanent { + + connReq.updateState(ConnPending) + log.Debugf("Reconnecting to %v", + connReq) + pending[msg.id] = connReq + cm.handleFailedConn(connReq) + } + + case handleFailed: + connReq := msg.c + + if _, ok := pending[connReq.id]; !ok { + log.Debugf("Ignoring connection for "+ + "canceled conn req: %v", connReq) + continue + } + + connReq.updateState(ConnFailing) + log.Debugf("Failed to connect to %v: %v", + connReq, msg.err) + cm.handleFailedConn(connReq) + } + + case <-cm.quit: + break out + } + } + + cm.wg.Done() + log.Trace("Connection handler done") +} + +// NewConnReq creates a new connection request and connects to the +// corresponding address. +func (cm *ConnManager) NewConnReq() { + if atomic.LoadInt32(&cm.stop) != 0 { + return + } + if cm.cfg.GetNewAddress == nil { + return + } + + c := &ConnReq{} + atomic.StoreUint64(&c.id, atomic.AddUint64(&cm.connReqCount, 1)) + + // Submit a request of a pending connection attempt to the connection + // manager. By registering the id before the connection is even + // established, we'll be able to later cancel the connection via the + // Remove method. + done := make(chan struct{}) + select { + case cm.requests <- registerPending{c, done}: + case <-cm.quit: + return + } + + // Wait for the registration to successfully add the pending conn req to + // the conn manager's internal state. + select { + case <-done: + case <-cm.quit: + return + } + + addr, err := cm.cfg.GetNewAddress() + if err != nil { + select { + case cm.requests <- handleFailed{c, err}: + case <-cm.quit: + } + return + } + + c.Addr = addr + + cm.Connect(c) +} + +// Connect assigns an id and dials a connection to the address of the +// connection request. +func (cm *ConnManager) Connect(c *ConnReq) { + if atomic.LoadInt32(&cm.stop) != 0 { + return + } + + // During the time we wait for retry there is a chance that + // this connection was already cancelled + if c.State() == ConnCanceled { + log.Debugf("Ignoring connect for canceled connreq=%v", c) + return + } + + if atomic.LoadUint64(&c.id) == 0 { + atomic.StoreUint64(&c.id, atomic.AddUint64(&cm.connReqCount, 1)) + + // Submit a request of a pending connection attempt to the + // connection manager. By registering the id before the + // connection is even established, we'll be able to later + // cancel the connection via the Remove method. + done := make(chan struct{}) + select { + case cm.requests <- registerPending{c, done}: + case <-cm.quit: + return + } + + // Wait for the registration to successfully add the pending + // conn req to the conn manager's internal state. + select { + case <-done: + case <-cm.quit: + return + } + } + + log.Debugf("Attempting to connect to %v", c) + + conn, err := cm.cfg.Dial(c.Addr) + if err != nil { + select { + case cm.requests <- handleFailed{c, err}: + case <-cm.quit: + } + return + } + + select { + case cm.requests <- handleConnected{c, conn}: + case <-cm.quit: + } +} + +// Disconnect disconnects the connection corresponding to the given connection +// id. If permanent, the connection will be retried with an increasing backoff +// duration. +func (cm *ConnManager) Disconnect(id uint64) { + if atomic.LoadInt32(&cm.stop) != 0 { + return + } + + select { + case cm.requests <- handleDisconnected{id, true}: + case <-cm.quit: + } +} + +// Remove removes the connection corresponding to the given connection id from +// known connections. +// +// NOTE: This method can also be used to cancel a lingering connection attempt +// that hasn't yet succeeded. +func (cm *ConnManager) Remove(id uint64) { + if atomic.LoadInt32(&cm.stop) != 0 { + return + } + + select { + case cm.requests <- handleDisconnected{id, false}: + case <-cm.quit: + } +} + +// listenHandler accepts incoming connections on a given listener. It must be +// run as a goroutine. +func (cm *ConnManager) listenHandler(listener net.Listener) { + log.Infof("Server listening on %s", listener.Addr()) + for atomic.LoadInt32(&cm.stop) == 0 { + conn, err := listener.Accept() + if err != nil { + // Only log the error if not forcibly shutting down. + if atomic.LoadInt32(&cm.stop) == 0 { + log.Errorf("Can't accept connection: %v", err) + } + continue + } + go cm.cfg.OnAccept(conn) + } + + cm.wg.Done() + log.Tracef("Listener handler done for %s", listener.Addr()) +} + +// Start launches the connection manager and begins connecting to the network. +func (cm *ConnManager) Start() { + // Already started? + if atomic.AddInt32(&cm.start, 1) != 1 { + return + } + + log.Trace("Connection manager started") + cm.wg.Add(1) + go cm.connHandler() + + // Start all the listeners so long as the caller requested them and + // provided a callback to be invoked when connections are accepted. + if cm.cfg.OnAccept != nil { + for _, listner := range cm.cfg.Listeners { + cm.wg.Add(1) + go cm.listenHandler(listner) + } + } + + for i := atomic.LoadUint64(&cm.connReqCount); i < uint64(cm.cfg.TargetOutbound); i++ { + go cm.NewConnReq() + } +} + +// Wait blocks until the connection manager halts gracefully. +func (cm *ConnManager) Wait() { + cm.wg.Wait() +} + +// Stop gracefully shuts down the connection manager. +func (cm *ConnManager) Stop() { + if atomic.AddInt32(&cm.stop, 1) != 1 { + log.Warnf("Connection manager already stopped") + return + } + + // Stop all the listeners. There will not be any listeners if + // listening is disabled. + for _, listener := range cm.cfg.Listeners { + // Ignore the error since this is shutdown and there is no way + // to recover anyways. + _ = listener.Close() + } + + close(cm.quit) + log.Trace("Connection manager stopped") +} + +// New returns a new connection manager. +// Use Start to start connecting to the network. +func New(cfg *Config) (*ConnManager, error) { + if cfg.Dial == nil { + return nil, ErrDialNil + } + // Default to sane values + if cfg.RetryDuration <= 0 { + cfg.RetryDuration = defaultRetryDuration + } + if cfg.TargetOutbound == 0 { + cfg.TargetOutbound = defaultTargetOutbound + } + cm := ConnManager{ + cfg: *cfg, // Copy so caller can't mutate + requests: make(chan interface{}), + quit: make(chan struct{}), + } + return &cm, nil +} diff --git a/vendor/github.com/btcsuite/btcd/connmgr/doc.go b/vendor/github.com/btcsuite/btcd/connmgr/doc.go new file mode 100644 index 0000000..acb90c3 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/doc.go @@ -0,0 +1,14 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package connmgr implements a generic Bitcoin network connection manager. + +Connection Manager Overview + +Connection Manager handles all the general connection concerns such as +maintaining a set number of outbound connections, sourcing peers, banning, +limiting max connections, tor lookup, etc. +*/ +package connmgr diff --git a/vendor/github.com/btcsuite/btcd/connmgr/dynamicbanscore.go b/vendor/github.com/btcsuite/btcd/connmgr/dynamicbanscore.go new file mode 100644 index 0000000..bc3c2a4 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/dynamicbanscore.go @@ -0,0 +1,146 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package connmgr + +import ( + "fmt" + "math" + "sync" + "time" +) + +const ( + // Halflife defines the time (in seconds) by which the transient part + // of the ban score decays to one half of it's original value. + Halflife = 60 + + // lambda is the decaying constant. + lambda = math.Ln2 / Halflife + + // Lifetime defines the maximum age of the transient part of the ban + // score to be considered a non-zero score (in seconds). + Lifetime = 1800 + + // precomputedLen defines the amount of decay factors (one per second) that + // should be precomputed at initialization. + precomputedLen = 64 +) + +// precomputedFactor stores precomputed exponential decay factors for the first +// 'precomputedLen' seconds starting from t == 0. +var precomputedFactor [precomputedLen]float64 + +// init precomputes decay factors. +func init() { + for i := range precomputedFactor { + precomputedFactor[i] = math.Exp(-1.0 * float64(i) * lambda) + } +} + +// decayFactor returns the decay factor at t seconds, using precalculated values +// if available, or calculating the factor if needed. +func decayFactor(t int64) float64 { + if t < precomputedLen { + return precomputedFactor[t] + } + return math.Exp(-1.0 * float64(t) * lambda) +} + +// DynamicBanScore provides dynamic ban scores consisting of a persistent and a +// decaying component. The persistent score could be utilized to create simple +// additive banning policies similar to those found in other bitcoin node +// implementations. +// +// The decaying score enables the creation of evasive logic which handles +// misbehaving peers (especially application layer DoS attacks) gracefully +// by disconnecting and banning peers attempting various kinds of flooding. +// DynamicBanScore allows these two approaches to be used in tandem. +// +// Zero value: Values of type DynamicBanScore are immediately ready for use upon +// declaration. +type DynamicBanScore struct { + lastUnix int64 + transient float64 + persistent uint32 + mtx sync.Mutex +} + +// String returns the ban score as a human-readable string. +func (s *DynamicBanScore) String() string { + s.mtx.Lock() + r := fmt.Sprintf("persistent %v + transient %v at %v = %v as of now", + s.persistent, s.transient, s.lastUnix, s.Int()) + s.mtx.Unlock() + return r +} + +// Int returns the current ban score, the sum of the persistent and decaying +// scores. +// +// This function is safe for concurrent access. +func (s *DynamicBanScore) Int() uint32 { + s.mtx.Lock() + r := s.int(time.Now()) + s.mtx.Unlock() + return r +} + +// Increase increases both the persistent and decaying scores by the values +// passed as parameters. The resulting score is returned. +// +// This function is safe for concurrent access. +func (s *DynamicBanScore) Increase(persistent, transient uint32) uint32 { + s.mtx.Lock() + r := s.increase(persistent, transient, time.Now()) + s.mtx.Unlock() + return r +} + +// Reset set both persistent and decaying scores to zero. +// +// This function is safe for concurrent access. +func (s *DynamicBanScore) Reset() { + s.mtx.Lock() + s.persistent = 0 + s.transient = 0 + s.lastUnix = 0 + s.mtx.Unlock() +} + +// int returns the ban score, the sum of the persistent and decaying scores at a +// given point in time. +// +// This function is not safe for concurrent access. It is intended to be used +// internally and during testing. +func (s *DynamicBanScore) int(t time.Time) uint32 { + dt := t.Unix() - s.lastUnix + if s.transient < 1 || dt < 0 || Lifetime < dt { + return s.persistent + } + return s.persistent + uint32(s.transient*decayFactor(dt)) +} + +// increase increases the persistent, the decaying or both scores by the values +// passed as parameters. The resulting score is calculated as if the action was +// carried out at the point time represented by the third parameter. The +// resulting score is returned. +// +// This function is not safe for concurrent access. +func (s *DynamicBanScore) increase(persistent, transient uint32, t time.Time) uint32 { + s.persistent += persistent + tu := t.Unix() + dt := tu - s.lastUnix + + if transient > 0 { + if Lifetime < dt { + s.transient = 0 + } else if s.transient > 1 && dt > 0 { + s.transient *= decayFactor(dt) + } + s.transient += float64(transient) + s.lastUnix = tu + } + return s.persistent + uint32(s.transient) +} diff --git a/vendor/github.com/btcsuite/btcd/connmgr/log.go b/vendor/github.com/btcsuite/btcd/connmgr/log.go new file mode 100644 index 0000000..1afa7ee --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/log.go @@ -0,0 +1,30 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package connmgr + +import "github.com/btcsuite/btclog" + +// log is a logger that is initialized with no output filters. This +// means the package will not perform any logging by default until the caller +// requests it. +var log btclog.Logger + +// The default amount of logging is none. +func init() { + DisableLog() +} + +// DisableLog disables all library log output. Logging output is disabled +// by default until either UseLogger or SetLogWriter are called. +func DisableLog() { + log = btclog.Disabled +} + +// UseLogger uses a specified Logger to output package logging info. +// This should be used in preference to SetLogWriter if the caller is also +// using btclog. +func UseLogger(logger btclog.Logger) { + log = logger +} diff --git a/vendor/github.com/btcsuite/btcd/connmgr/seed.go b/vendor/github.com/btcsuite/btcd/connmgr/seed.go new file mode 100644 index 0000000..063b546 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/seed.go @@ -0,0 +1,75 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package connmgr + +import ( + "fmt" + mrand "math/rand" + "net" + "strconv" + "time" + + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/wire" +) + +const ( + // These constants are used by the DNS seed code to pick a random last + // seen time. + secondsIn3Days int32 = 24 * 60 * 60 * 3 + secondsIn4Days int32 = 24 * 60 * 60 * 4 +) + +// OnSeed is the signature of the callback function which is invoked when DNS +// seeding is succesfull. +type OnSeed func(addrs []*wire.NetAddress) + +// LookupFunc is the signature of the DNS lookup function. +type LookupFunc func(string) ([]net.IP, error) + +// SeedFromDNS uses DNS seeding to populate the address manager with peers. +func SeedFromDNS(chainParams *chaincfg.Params, reqServices wire.ServiceFlag, + lookupFn LookupFunc, seedFn OnSeed) { + + for _, dnsseed := range chainParams.DNSSeeds { + var host string + if !dnsseed.HasFiltering || reqServices == wire.SFNodeNetwork { + host = dnsseed.Host + } else { + host = fmt.Sprintf("x%x.%s", uint64(reqServices), dnsseed.Host) + } + + go func(host string) { + randSource := mrand.New(mrand.NewSource(time.Now().UnixNano())) + + seedpeers, err := lookupFn(host) + if err != nil { + log.Infof("DNS discovery failed on seed %s: %v", host, err) + return + } + numPeers := len(seedpeers) + + log.Infof("%d addresses found from DNS seed %s", numPeers, host) + + if numPeers == 0 { + return + } + addresses := make([]*wire.NetAddress, len(seedpeers)) + // if this errors then we have *real* problems + intPort, _ := strconv.Atoi(chainParams.DefaultPort) + for i, peer := range seedpeers { + addresses[i] = wire.NewNetAddressTimestamp( + // bitcoind seeds with addresses from + // a time randomly selected between 3 + // and 7 days ago. + time.Now().Add(-1*time.Second*time.Duration(secondsIn3Days+ + randSource.Int31n(secondsIn4Days))), + 0, peer, uint16(intPort)) + } + + seedFn(addresses) + }(host) + } +} diff --git a/vendor/github.com/btcsuite/btcd/connmgr/tor.go b/vendor/github.com/btcsuite/btcd/connmgr/tor.go new file mode 100644 index 0000000..2b22ae5 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/connmgr/tor.go @@ -0,0 +1,129 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package connmgr + +import ( + "encoding/binary" + "errors" + "net" +) + +const ( + torSucceeded = 0x00 + torGeneralError = 0x01 + torNotAllowed = 0x02 + torNetUnreachable = 0x03 + torHostUnreachable = 0x04 + torConnectionRefused = 0x05 + torTTLExpired = 0x06 + torCmdNotSupported = 0x07 + torAddrNotSupported = 0x08 +) + +var ( + // ErrTorInvalidAddressResponse indicates an invalid address was + // returned by the Tor DNS resolver. + ErrTorInvalidAddressResponse = errors.New("invalid address response") + + // ErrTorInvalidProxyResponse indicates the Tor proxy returned a + // response in an unexpected format. + ErrTorInvalidProxyResponse = errors.New("invalid proxy response") + + // ErrTorUnrecognizedAuthMethod indicates the authentication method + // provided is not recognized. + ErrTorUnrecognizedAuthMethod = errors.New("invalid proxy authentication method") + + torStatusErrors = map[byte]error{ + torSucceeded: errors.New("tor succeeded"), + torGeneralError: errors.New("tor general error"), + torNotAllowed: errors.New("tor not allowed"), + torNetUnreachable: errors.New("tor network is unreachable"), + torHostUnreachable: errors.New("tor host is unreachable"), + torConnectionRefused: errors.New("tor connection refused"), + torTTLExpired: errors.New("tor TTL expired"), + torCmdNotSupported: errors.New("tor command not supported"), + torAddrNotSupported: errors.New("tor address type not supported"), + } +) + +// TorLookupIP uses Tor to resolve DNS via the SOCKS extension they provide for +// resolution over the Tor network. Tor itself doesn't support ipv6 so this +// doesn't either. +func TorLookupIP(host, proxy string) ([]net.IP, error) { + conn, err := net.Dial("tcp", proxy) + if err != nil { + return nil, err + } + defer conn.Close() + + buf := []byte{'\x05', '\x01', '\x00'} + _, err = conn.Write(buf) + if err != nil { + return nil, err + } + + buf = make([]byte, 2) + _, err = conn.Read(buf) + if err != nil { + return nil, err + } + if buf[0] != '\x05' { + return nil, ErrTorInvalidProxyResponse + } + if buf[1] != '\x00' { + return nil, ErrTorUnrecognizedAuthMethod + } + + buf = make([]byte, 7+len(host)) + buf[0] = 5 // protocol version + buf[1] = '\xF0' // Tor Resolve + buf[2] = 0 // reserved + buf[3] = 3 // Tor Resolve + buf[4] = byte(len(host)) + copy(buf[5:], host) + buf[5+len(host)] = 0 // Port 0 + + _, err = conn.Write(buf) + if err != nil { + return nil, err + } + + buf = make([]byte, 4) + _, err = conn.Read(buf) + if err != nil { + return nil, err + } + if buf[0] != 5 { + return nil, ErrTorInvalidProxyResponse + } + if buf[1] != 0 { + if int(buf[1]) >= len(torStatusErrors) { + return nil, ErrTorInvalidProxyResponse + } else if err := torStatusErrors[buf[1]]; err != nil { + return nil, err + } + return nil, ErrTorInvalidProxyResponse + } + if buf[3] != 1 { + err := torStatusErrors[torGeneralError] + return nil, err + } + + buf = make([]byte, 4) + bytes, err := conn.Read(buf) + if err != nil { + return nil, err + } + if bytes != 4 { + return nil, ErrTorInvalidAddressResponse + } + + r := binary.BigEndian.Uint32(buf) + + addr := make([]net.IP, 1) + addr[0] = net.IPv4(byte(r>>24), byte(r>>16), byte(r>>8), byte(r)) + + return addr, nil +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/README.md b/vendor/github.com/btcsuite/btcd/txscript/README.md new file mode 100644 index 0000000..5793173 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/README.md @@ -0,0 +1,63 @@ +txscript +======== + +[![Build Status](https://travis-ci.org/btcsuite/btcd.png?branch=master)](https://travis-ci.org/btcsuite/btcd) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://godoc.org/github.com/btcsuite/btcd/txscript?status.png)](http://godoc.org/github.com/btcsuite/btcd/txscript) + +Package txscript implements the bitcoin transaction script language. There is +a comprehensive test suite. + +This package has intentionally been designed so it can be used as a standalone +package for any projects needing to use or validate bitcoin transaction scripts. + +## Bitcoin Scripts + +Bitcoin provides a stack-based, FORTH-like language for the scripts in +the bitcoin transactions. This language is not turing complete +although it is still fairly powerful. A description of the language +can be found at https://en.bitcoin.it/wiki/Script + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcd/txscript +``` + +## Examples + +* [Standard Pay-to-pubkey-hash Script](http://godoc.org/github.com/btcsuite/btcd/txscript#example-PayToAddrScript) + Demonstrates creating a script which pays to a bitcoin address. It also + prints the created script hex and uses the DisasmString function to display + the disassembled script. + +* [Extracting Details from Standard Scripts](http://godoc.org/github.com/btcsuite/btcd/txscript#example-ExtractPkScriptAddrs) + Demonstrates extracting information from a standard public key script. + +* [Manually Signing a Transaction Output](http://godoc.org/github.com/btcsuite/btcd/txscript#example-SignTxOutput) + Demonstrates manually creating and signing a redeem transaction. + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package txscript is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcd/txscript/consensus.go b/vendor/github.com/btcsuite/btcd/txscript/consensus.go new file mode 100644 index 0000000..865b727 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/consensus.go @@ -0,0 +1,13 @@ +// Copyright (c) 2015-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +const ( + // LockTimeThreshold is the number below which a lock time is + // interpreted to be a block number. Since an average of one block + // is generated per 10 minutes, this allows blocks for about 9,512 + // years. + LockTimeThreshold = 5e8 // Tue Nov 5 00:53:20 1985 UTC +) diff --git a/vendor/github.com/btcsuite/btcd/txscript/doc.go b/vendor/github.com/btcsuite/btcd/txscript/doc.go new file mode 100644 index 0000000..7da5216 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/doc.go @@ -0,0 +1,42 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package txscript implements the bitcoin transaction script language. + +A complete description of the script language used by bitcoin can be found at +https://en.bitcoin.it/wiki/Script. The following only serves as a quick +overview to provide information on how to use the package. + +This package provides data structures and functions to parse and execute +bitcoin transaction scripts. + +Script Overview + +Bitcoin transaction scripts are written in a stack-base, FORTH-like language. + +The bitcoin script language consists of a number of opcodes which fall into +several categories such pushing and popping data to and from the stack, +performing basic and bitwise arithmetic, conditional branching, comparing +hashes, and checking cryptographic signatures. Scripts are processed from left +to right and intentionally do not provide loops. + +The vast majority of Bitcoin scripts at the time of this writing are of several +standard forms which consist of a spender providing a public key and a signature +which proves the spender owns the associated private key. This information +is used to prove the the spender is authorized to perform the transaction. + +One benefit of using a scripting language is added flexibility in specifying +what conditions must be met in order to spend bitcoins. + +Errors + +Errors returned by this package are of type txscript.Error. This allows the +caller to programmatically determine the specific error by examining the +ErrorCode field of the type asserted txscript.Error while still providing rich +error messages with contextual information. A convenience function named +IsErrorCode is also provided to allow callers to easily check for a specific +error code. See ErrorCode in the package documentation for a full list. +*/ +package txscript diff --git a/vendor/github.com/btcsuite/btcd/txscript/engine.go b/vendor/github.com/btcsuite/btcd/txscript/engine.go new file mode 100644 index 0000000..db66186 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/engine.go @@ -0,0 +1,1004 @@ +// Copyright (c) 2013-2018 The btcsuite developers +// Copyright (c) 2015-2018 The Decred developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "bytes" + "crypto/sha256" + "fmt" + "math/big" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/wire" +) + +// ScriptFlags is a bitmask defining additional operations or tests that will be +// done when executing a script pair. +type ScriptFlags uint32 + +const ( + // ScriptBip16 defines whether the bip16 threshold has passed and thus + // pay-to-script hash transactions will be fully validated. + ScriptBip16 ScriptFlags = 1 << iota + + // ScriptStrictMultiSig defines whether to verify the stack item + // used by CHECKMULTISIG is zero length. + ScriptStrictMultiSig + + // ScriptDiscourageUpgradableNops defines whether to verify that + // NOP1 through NOP10 are reserved for future soft-fork upgrades. This + // flag must not be used for consensus critical code nor applied to + // blocks as this flag is only for stricter standard transaction + // checks. This flag is only applied when the above opcodes are + // executed. + ScriptDiscourageUpgradableNops + + // ScriptVerifyCheckLockTimeVerify defines whether to verify that + // a transaction output is spendable based on the locktime. + // This is BIP0065. + ScriptVerifyCheckLockTimeVerify + + // ScriptVerifyCheckSequenceVerify defines whether to allow execution + // pathways of a script to be restricted based on the age of the output + // being spent. This is BIP0112. + ScriptVerifyCheckSequenceVerify + + // ScriptVerifyCleanStack defines that the stack must contain only + // one stack element after evaluation and that the element must be + // true if interpreted as a boolean. This is rule 6 of BIP0062. + // This flag should never be used without the ScriptBip16 flag nor the + // ScriptVerifyWitness flag. + ScriptVerifyCleanStack + + // ScriptVerifyDERSignatures defines that signatures are required + // to compily with the DER format. + ScriptVerifyDERSignatures + + // ScriptVerifyLowS defines that signtures are required to comply with + // the DER format and whose S value is <= order / 2. This is rule 5 + // of BIP0062. + ScriptVerifyLowS + + // ScriptVerifyMinimalData defines that signatures must use the smallest + // push operator. This is both rules 3 and 4 of BIP0062. + ScriptVerifyMinimalData + + // ScriptVerifyNullFail defines that signatures must be empty if + // a CHECKSIG or CHECKMULTISIG operation fails. + ScriptVerifyNullFail + + // ScriptVerifySigPushOnly defines that signature scripts must contain + // only pushed data. This is rule 2 of BIP0062. + ScriptVerifySigPushOnly + + // ScriptVerifyStrictEncoding defines that signature scripts and + // public keys must follow the strict encoding requirements. + ScriptVerifyStrictEncoding + + // ScriptVerifyWitness defines whether or not to verify a transaction + // output using a witness program template. + ScriptVerifyWitness + + // ScriptVerifyDiscourageUpgradeableWitnessProgram makes witness + // program with versions 2-16 non-standard. + ScriptVerifyDiscourageUpgradeableWitnessProgram + + // ScriptVerifyMinimalIf makes a script with an OP_IF/OP_NOTIF whose + // operand is anything other than empty vector or [0x01] non-standard. + ScriptVerifyMinimalIf + + // ScriptVerifyWitnessPubKeyType makes a script within a check-sig + // operation whose public key isn't serialized in a compressed format + // non-standard. + ScriptVerifyWitnessPubKeyType +) + +const ( + // MaxStackSize is the maximum combined height of stack and alt stack + // during execution. + MaxStackSize = 1000 + + // MaxScriptSize is the maximum allowed length of a raw script. + MaxScriptSize = 10000 + + // payToWitnessPubKeyHashDataSize is the size of the witness program's + // data push for a pay-to-witness-pub-key-hash output. + payToWitnessPubKeyHashDataSize = 20 + + // payToWitnessScriptHashDataSize is the size of the witness program's + // data push for a pay-to-witness-script-hash output. + payToWitnessScriptHashDataSize = 32 +) + +// halforder is used to tame ECDSA malleability (see BIP0062). +var halfOrder = new(big.Int).Rsh(btcec.S256().N, 1) + +// Engine is the virtual machine that executes scripts. +type Engine struct { + scripts [][]parsedOpcode + scriptIdx int + scriptOff int + lastCodeSep int + dstack stack // data stack + astack stack // alt stack + tx wire.MsgTx + txIdx int + condStack []int + numOps int + flags ScriptFlags + sigCache *SigCache + hashCache *TxSigHashes + bip16 bool // treat execution as pay-to-script-hash + savedFirstStack [][]byte // stack from first script for bip16 scripts + witnessVersion int + witnessProgram []byte + inputAmount int64 +} + +// hasFlag returns whether the script engine instance has the passed flag set. +func (vm *Engine) hasFlag(flag ScriptFlags) bool { + return vm.flags&flag == flag +} + +// isBranchExecuting returns whether or not the current conditional branch is +// actively executing. For example, when the data stack has an OP_FALSE on it +// and an OP_IF is encountered, the branch is inactive until an OP_ELSE or +// OP_ENDIF is encountered. It properly handles nested conditionals. +func (vm *Engine) isBranchExecuting() bool { + if len(vm.condStack) == 0 { + return true + } + return vm.condStack[len(vm.condStack)-1] == OpCondTrue +} + +// executeOpcode peforms execution on the passed opcode. It takes into account +// whether or not it is hidden by conditionals, but some rules still must be +// tested in this case. +func (vm *Engine) executeOpcode(pop *parsedOpcode) error { + // Disabled opcodes are fail on program counter. + if pop.isDisabled() { + str := fmt.Sprintf("attempt to execute disabled opcode %s", + pop.opcode.name) + return scriptError(ErrDisabledOpcode, str) + } + + // Always-illegal opcodes are fail on program counter. + if pop.alwaysIllegal() { + str := fmt.Sprintf("attempt to execute reserved opcode %s", + pop.opcode.name) + return scriptError(ErrReservedOpcode, str) + } + + // Note that this includes OP_RESERVED which counts as a push operation. + if pop.opcode.value > OP_16 { + vm.numOps++ + if vm.numOps > MaxOpsPerScript { + str := fmt.Sprintf("exceeded max operation limit of %d", + MaxOpsPerScript) + return scriptError(ErrTooManyOperations, str) + } + + } else if len(pop.data) > MaxScriptElementSize { + str := fmt.Sprintf("element size %d exceeds max allowed size %d", + len(pop.data), MaxScriptElementSize) + return scriptError(ErrElementTooBig, str) + } + + // Nothing left to do when this is not a conditional opcode and it is + // not in an executing branch. + if !vm.isBranchExecuting() && !pop.isConditional() { + return nil + } + + // Ensure all executed data push opcodes use the minimal encoding when + // the minimal data verification flag is set. + if vm.dstack.verifyMinimalData && vm.isBranchExecuting() && + pop.opcode.value >= 0 && pop.opcode.value <= OP_PUSHDATA4 { + + if err := pop.checkMinimalDataPush(); err != nil { + return err + } + } + + return pop.opcode.opfunc(pop, vm) +} + +// disasm is a helper function to produce the output for DisasmPC and +// DisasmScript. It produces the opcode prefixed by the program counter at the +// provided position in the script. It does no error checking and leaves that +// to the caller to provide a valid offset. +func (vm *Engine) disasm(scriptIdx int, scriptOff int) string { + return fmt.Sprintf("%02x:%04x: %s", scriptIdx, scriptOff, + vm.scripts[scriptIdx][scriptOff].print(false)) +} + +// validPC returns an error if the current script position is valid for +// execution, nil otherwise. +func (vm *Engine) validPC() error { + if vm.scriptIdx >= len(vm.scripts) { + str := fmt.Sprintf("past input scripts %v:%v %v:xxxx", + vm.scriptIdx, vm.scriptOff, len(vm.scripts)) + return scriptError(ErrInvalidProgramCounter, str) + } + if vm.scriptOff >= len(vm.scripts[vm.scriptIdx]) { + str := fmt.Sprintf("past input scripts %v:%v %v:%04d", + vm.scriptIdx, vm.scriptOff, vm.scriptIdx, + len(vm.scripts[vm.scriptIdx])) + return scriptError(ErrInvalidProgramCounter, str) + } + return nil +} + +// curPC returns either the current script and offset, or an error if the +// position isn't valid. +func (vm *Engine) curPC() (script int, off int, err error) { + err = vm.validPC() + if err != nil { + return 0, 0, err + } + return vm.scriptIdx, vm.scriptOff, nil +} + +// isWitnessVersionActive returns true if a witness program was extracted +// during the initialization of the Engine, and the program's version matches +// the specified version. +func (vm *Engine) isWitnessVersionActive(version uint) bool { + return vm.witnessProgram != nil && uint(vm.witnessVersion) == version +} + +// verifyWitnessProgram validates the stored witness program using the passed +// witness as input. +func (vm *Engine) verifyWitnessProgram(witness [][]byte) error { + if vm.isWitnessVersionActive(0) { + switch len(vm.witnessProgram) { + case payToWitnessPubKeyHashDataSize: // P2WKH + // The witness stack should consist of exactly two + // items: the signature, and the pubkey. + if len(witness) != 2 { + err := fmt.Sprintf("should have exactly two "+ + "items in witness, instead have %v", len(witness)) + return scriptError(ErrWitnessProgramMismatch, err) + } + + // Now we'll resume execution as if it were a regular + // p2pkh transaction. + pkScript, err := payToPubKeyHashScript(vm.witnessProgram) + if err != nil { + return err + } + pops, err := parseScript(pkScript) + if err != nil { + return err + } + + // Set the stack to the provided witness stack, then + // append the pkScript generated above as the next + // script to execute. + vm.scripts = append(vm.scripts, pops) + vm.SetStack(witness) + + case payToWitnessScriptHashDataSize: // P2WSH + // Additionally, The witness stack MUST NOT be empty at + // this point. + if len(witness) == 0 { + return scriptError(ErrWitnessProgramEmpty, "witness "+ + "program empty passed empty witness") + } + + // Obtain the witness script which should be the last + // element in the passed stack. The size of the script + // MUST NOT exceed the max script size. + witnessScript := witness[len(witness)-1] + if len(witnessScript) > MaxScriptSize { + str := fmt.Sprintf("witnessScript size %d "+ + "is larger than max allowed size %d", + len(witnessScript), MaxScriptSize) + return scriptError(ErrScriptTooBig, str) + } + + // Ensure that the serialized pkScript at the end of + // the witness stack matches the witness program. + witnessHash := sha256.Sum256(witnessScript) + if !bytes.Equal(witnessHash[:], vm.witnessProgram) { + return scriptError(ErrWitnessProgramMismatch, + "witness program hash mismatch") + } + + // With all the validity checks passed, parse the + // script into individual op-codes so w can execute it + // as the next script. + pops, err := parseScript(witnessScript) + if err != nil { + return err + } + + // The hash matched successfully, so use the witness as + // the stack, and set the witnessScript to be the next + // script executed. + vm.scripts = append(vm.scripts, pops) + vm.SetStack(witness[:len(witness)-1]) + + default: + errStr := fmt.Sprintf("length of witness program "+ + "must either be %v or %v bytes, instead is %v bytes", + payToWitnessPubKeyHashDataSize, + payToWitnessScriptHashDataSize, + len(vm.witnessProgram)) + return scriptError(ErrWitnessProgramWrongLength, errStr) + } + } else if vm.hasFlag(ScriptVerifyDiscourageUpgradeableWitnessProgram) { + errStr := fmt.Sprintf("new witness program versions "+ + "invalid: %v", vm.witnessProgram) + return scriptError(ErrDiscourageUpgradableWitnessProgram, errStr) + } else { + // If we encounter an unknown witness program version and we + // aren't discouraging future unknown witness based soft-forks, + // then we de-activate the segwit behavior within the VM for + // the remainder of execution. + vm.witnessProgram = nil + } + + if vm.isWitnessVersionActive(0) { + // All elements within the witness stack must not be greater + // than the maximum bytes which are allowed to be pushed onto + // the stack. + for _, witElement := range vm.GetStack() { + if len(witElement) > MaxScriptElementSize { + str := fmt.Sprintf("element size %d exceeds "+ + "max allowed size %d", len(witElement), + MaxScriptElementSize) + return scriptError(ErrElementTooBig, str) + } + } + } + + return nil +} + +// DisasmPC returns the string for the disassembly of the opcode that will be +// next to execute when Step() is called. +func (vm *Engine) DisasmPC() (string, error) { + scriptIdx, scriptOff, err := vm.curPC() + if err != nil { + return "", err + } + return vm.disasm(scriptIdx, scriptOff), nil +} + +// DisasmScript returns the disassembly string for the script at the requested +// offset index. Index 0 is the signature script and 1 is the public key +// script. +func (vm *Engine) DisasmScript(idx int) (string, error) { + if idx >= len(vm.scripts) { + str := fmt.Sprintf("script index %d >= total scripts %d", idx, + len(vm.scripts)) + return "", scriptError(ErrInvalidIndex, str) + } + + var disstr string + for i := range vm.scripts[idx] { + disstr = disstr + vm.disasm(idx, i) + "\n" + } + return disstr, nil +} + +// CheckErrorCondition returns nil if the running script has ended and was +// successful, leaving a a true boolean on the stack. An error otherwise, +// including if the script has not finished. +func (vm *Engine) CheckErrorCondition(finalScript bool) error { + // Check execution is actually done. When pc is past the end of script + // array there are no more scripts to run. + if vm.scriptIdx < len(vm.scripts) { + return scriptError(ErrScriptUnfinished, + "error check when script unfinished") + } + + // If we're in version zero witness execution mode, and this was the + // final script, then the stack MUST be clean in order to maintain + // compatibility with BIP16. + if finalScript && vm.isWitnessVersionActive(0) && vm.dstack.Depth() != 1 { + return scriptError(ErrEvalFalse, "witness program must "+ + "have clean stack") + } + + if finalScript && vm.hasFlag(ScriptVerifyCleanStack) && + vm.dstack.Depth() != 1 { + + str := fmt.Sprintf("stack contains %d unexpected items", + vm.dstack.Depth()-1) + return scriptError(ErrCleanStack, str) + } else if vm.dstack.Depth() < 1 { + return scriptError(ErrEmptyStack, + "stack empty at end of script execution") + } + + v, err := vm.dstack.PopBool() + if err != nil { + return err + } + if !v { + // Log interesting data. + log.Tracef("%v", newLogClosure(func() string { + dis0, _ := vm.DisasmScript(0) + dis1, _ := vm.DisasmScript(1) + return fmt.Sprintf("scripts failed: script0: %s\n"+ + "script1: %s", dis0, dis1) + })) + return scriptError(ErrEvalFalse, + "false stack entry at end of script execution") + } + return nil +} + +// Step will execute the next instruction and move the program counter to the +// next opcode in the script, or the next script if the current has ended. Step +// will return true in the case that the last opcode was successfully executed. +// +// The result of calling Step or any other method is undefined if an error is +// returned. +func (vm *Engine) Step() (done bool, err error) { + // Verify that it is pointing to a valid script address. + err = vm.validPC() + if err != nil { + return true, err + } + opcode := &vm.scripts[vm.scriptIdx][vm.scriptOff] + vm.scriptOff++ + + // Execute the opcode while taking into account several things such as + // disabled opcodes, illegal opcodes, maximum allowed operations per + // script, maximum script element sizes, and conditionals. + err = vm.executeOpcode(opcode) + if err != nil { + return true, err + } + + // The number of elements in the combination of the data and alt stacks + // must not exceed the maximum number of stack elements allowed. + combinedStackSize := vm.dstack.Depth() + vm.astack.Depth() + if combinedStackSize > MaxStackSize { + str := fmt.Sprintf("combined stack size %d > max allowed %d", + combinedStackSize, MaxStackSize) + return false, scriptError(ErrStackOverflow, str) + } + + // Prepare for next instruction. + if vm.scriptOff >= len(vm.scripts[vm.scriptIdx]) { + // Illegal to have an `if' that straddles two scripts. + if err == nil && len(vm.condStack) != 0 { + return false, scriptError(ErrUnbalancedConditional, + "end of script reached in conditional execution") + } + + // Alt stack doesn't persist. + _ = vm.astack.DropN(vm.astack.Depth()) + + vm.numOps = 0 // number of ops is per script. + vm.scriptOff = 0 + if vm.scriptIdx == 0 && vm.bip16 { + vm.scriptIdx++ + vm.savedFirstStack = vm.GetStack() + } else if vm.scriptIdx == 1 && vm.bip16 { + // Put us past the end for CheckErrorCondition() + vm.scriptIdx++ + // Check script ran successfully and pull the script + // out of the first stack and execute that. + err := vm.CheckErrorCondition(false) + if err != nil { + return false, err + } + + script := vm.savedFirstStack[len(vm.savedFirstStack)-1] + pops, err := parseScript(script) + if err != nil { + return false, err + } + vm.scripts = append(vm.scripts, pops) + + // Set stack to be the stack from first script minus the + // script itself + vm.SetStack(vm.savedFirstStack[:len(vm.savedFirstStack)-1]) + } else if (vm.scriptIdx == 1 && vm.witnessProgram != nil) || + (vm.scriptIdx == 2 && vm.witnessProgram != nil && vm.bip16) { // Nested P2SH. + + vm.scriptIdx++ + + witness := vm.tx.TxIn[vm.txIdx].Witness + if err := vm.verifyWitnessProgram(witness); err != nil { + return false, err + } + } else { + vm.scriptIdx++ + } + // there are zero length scripts in the wild + if vm.scriptIdx < len(vm.scripts) && vm.scriptOff >= len(vm.scripts[vm.scriptIdx]) { + vm.scriptIdx++ + } + vm.lastCodeSep = 0 + if vm.scriptIdx >= len(vm.scripts) { + return true, nil + } + } + return false, nil +} + +// Execute will execute all scripts in the script engine and return either nil +// for successful validation or an error if one occurred. +func (vm *Engine) Execute() (err error) { + done := false + for !done { + log.Tracef("%v", newLogClosure(func() string { + dis, err := vm.DisasmPC() + if err != nil { + return fmt.Sprintf("stepping (%v)", err) + } + return fmt.Sprintf("stepping %v", dis) + })) + + done, err = vm.Step() + if err != nil { + return err + } + log.Tracef("%v", newLogClosure(func() string { + var dstr, astr string + + // if we're tracing, dump the stacks. + if vm.dstack.Depth() != 0 { + dstr = "Stack:\n" + vm.dstack.String() + } + if vm.astack.Depth() != 0 { + astr = "AltStack:\n" + vm.astack.String() + } + + return dstr + astr + })) + } + + return vm.CheckErrorCondition(true) +} + +// subScript returns the script since the last OP_CODESEPARATOR. +func (vm *Engine) subScript() []parsedOpcode { + return vm.scripts[vm.scriptIdx][vm.lastCodeSep:] +} + +// checkHashTypeEncoding returns whether or not the passed hashtype adheres to +// the strict encoding requirements if enabled. +func (vm *Engine) checkHashTypeEncoding(hashType SigHashType) error { + if !vm.hasFlag(ScriptVerifyStrictEncoding) { + return nil + } + + sigHashType := hashType & ^SigHashAnyOneCanPay + if sigHashType < SigHashAll || sigHashType > SigHashSingle { + str := fmt.Sprintf("invalid hash type 0x%x", hashType) + return scriptError(ErrInvalidSigHashType, str) + } + return nil +} + +// checkPubKeyEncoding returns whether or not the passed public key adheres to +// the strict encoding requirements if enabled. +func (vm *Engine) checkPubKeyEncoding(pubKey []byte) error { + if vm.hasFlag(ScriptVerifyWitnessPubKeyType) && + vm.isWitnessVersionActive(0) && !btcec.IsCompressedPubKey(pubKey) { + + str := "only uncompressed keys are accepted post-segwit" + return scriptError(ErrWitnessPubKeyType, str) + } + + if !vm.hasFlag(ScriptVerifyStrictEncoding) { + return nil + } + + if len(pubKey) == 33 && (pubKey[0] == 0x02 || pubKey[0] == 0x03) { + // Compressed + return nil + } + if len(pubKey) == 65 && pubKey[0] == 0x04 { + // Uncompressed + return nil + } + + return scriptError(ErrPubKeyType, "unsupported public key type") +} + +// checkSignatureEncoding returns whether or not the passed signature adheres to +// the strict encoding requirements if enabled. +func (vm *Engine) checkSignatureEncoding(sig []byte) error { + if !vm.hasFlag(ScriptVerifyDERSignatures) && + !vm.hasFlag(ScriptVerifyLowS) && + !vm.hasFlag(ScriptVerifyStrictEncoding) { + + return nil + } + + // The format of a DER encoded signature is as follows: + // + // 0x30 0x02 0x02 + // - 0x30 is the ASN.1 identifier for a sequence + // - Total length is 1 byte and specifies length of all remaining data + // - 0x02 is the ASN.1 identifier that specifies an integer follows + // - Length of R is 1 byte and specifies how many bytes R occupies + // - R is the arbitrary length big-endian encoded number which + // represents the R value of the signature. DER encoding dictates + // that the value must be encoded using the minimum possible number + // of bytes. This implies the first byte can only be null if the + // highest bit of the next byte is set in order to prevent it from + // being interpreted as a negative number. + // - 0x02 is once again the ASN.1 integer identifier + // - Length of S is 1 byte and specifies how many bytes S occupies + // - S is the arbitrary length big-endian encoded number which + // represents the S value of the signature. The encoding rules are + // identical as those for R. + const ( + asn1SequenceID = 0x30 + asn1IntegerID = 0x02 + + // minSigLen is the minimum length of a DER encoded signature and is + // when both R and S are 1 byte each. + // + // 0x30 + <1-byte> + 0x02 + 0x01 + + 0x2 + 0x01 + + minSigLen = 8 + + // maxSigLen is the maximum length of a DER encoded signature and is + // when both R and S are 33 bytes each. It is 33 bytes because a + // 256-bit integer requires 32 bytes and an additional leading null byte + // might required if the high bit is set in the value. + // + // 0x30 + <1-byte> + 0x02 + 0x21 + <33 bytes> + 0x2 + 0x21 + <33 bytes> + maxSigLen = 72 + + // sequenceOffset is the byte offset within the signature of the + // expected ASN.1 sequence identifier. + sequenceOffset = 0 + + // dataLenOffset is the byte offset within the signature of the expected + // total length of all remaining data in the signature. + dataLenOffset = 1 + + // rTypeOffset is the byte offset within the signature of the ASN.1 + // identifier for R and is expected to indicate an ASN.1 integer. + rTypeOffset = 2 + + // rLenOffset is the byte offset within the signature of the length of + // R. + rLenOffset = 3 + + // rOffset is the byte offset within the signature of R. + rOffset = 4 + ) + + // The signature must adhere to the minimum and maximum allowed length. + sigLen := len(sig) + if sigLen < minSigLen { + str := fmt.Sprintf("malformed signature: too short: %d < %d", sigLen, + minSigLen) + return scriptError(ErrSigTooShort, str) + } + if sigLen > maxSigLen { + str := fmt.Sprintf("malformed signature: too long: %d > %d", sigLen, + maxSigLen) + return scriptError(ErrSigTooLong, str) + } + + // The signature must start with the ASN.1 sequence identifier. + if sig[sequenceOffset] != asn1SequenceID { + str := fmt.Sprintf("malformed signature: format has wrong type: %#x", + sig[sequenceOffset]) + return scriptError(ErrSigInvalidSeqID, str) + } + + // The signature must indicate the correct amount of data for all elements + // related to R and S. + if int(sig[dataLenOffset]) != sigLen-2 { + str := fmt.Sprintf("malformed signature: bad length: %d != %d", + sig[dataLenOffset], sigLen-2) + return scriptError(ErrSigInvalidDataLen, str) + } + + // Calculate the offsets of the elements related to S and ensure S is inside + // the signature. + // + // rLen specifies the length of the big-endian encoded number which + // represents the R value of the signature. + // + // sTypeOffset is the offset of the ASN.1 identifier for S and, like its R + // counterpart, is expected to indicate an ASN.1 integer. + // + // sLenOffset and sOffset are the byte offsets within the signature of the + // length of S and S itself, respectively. + rLen := int(sig[rLenOffset]) + sTypeOffset := rOffset + rLen + sLenOffset := sTypeOffset + 1 + if sTypeOffset >= sigLen { + str := "malformed signature: S type indicator missing" + return scriptError(ErrSigMissingSTypeID, str) + } + if sLenOffset >= sigLen { + str := "malformed signature: S length missing" + return scriptError(ErrSigMissingSLen, str) + } + + // The lengths of R and S must match the overall length of the signature. + // + // sLen specifies the length of the big-endian encoded number which + // represents the S value of the signature. + sOffset := sLenOffset + 1 + sLen := int(sig[sLenOffset]) + if sOffset+sLen != sigLen { + str := "malformed signature: invalid S length" + return scriptError(ErrSigInvalidSLen, str) + } + + // R elements must be ASN.1 integers. + if sig[rTypeOffset] != asn1IntegerID { + str := fmt.Sprintf("malformed signature: R integer marker: %#x != %#x", + sig[rTypeOffset], asn1IntegerID) + return scriptError(ErrSigInvalidRIntID, str) + } + + // Zero-length integers are not allowed for R. + if rLen == 0 { + str := "malformed signature: R length is zero" + return scriptError(ErrSigZeroRLen, str) + } + + // R must not be negative. + if sig[rOffset]&0x80 != 0 { + str := "malformed signature: R is negative" + return scriptError(ErrSigNegativeR, str) + } + + // Null bytes at the start of R are not allowed, unless R would otherwise be + // interpreted as a negative number. + if rLen > 1 && sig[rOffset] == 0x00 && sig[rOffset+1]&0x80 == 0 { + str := "malformed signature: R value has too much padding" + return scriptError(ErrSigTooMuchRPadding, str) + } + + // S elements must be ASN.1 integers. + if sig[sTypeOffset] != asn1IntegerID { + str := fmt.Sprintf("malformed signature: S integer marker: %#x != %#x", + sig[sTypeOffset], asn1IntegerID) + return scriptError(ErrSigInvalidSIntID, str) + } + + // Zero-length integers are not allowed for S. + if sLen == 0 { + str := "malformed signature: S length is zero" + return scriptError(ErrSigZeroSLen, str) + } + + // S must not be negative. + if sig[sOffset]&0x80 != 0 { + str := "malformed signature: S is negative" + return scriptError(ErrSigNegativeS, str) + } + + // Null bytes at the start of S are not allowed, unless S would otherwise be + // interpreted as a negative number. + if sLen > 1 && sig[sOffset] == 0x00 && sig[sOffset+1]&0x80 == 0 { + str := "malformed signature: S value has too much padding" + return scriptError(ErrSigTooMuchSPadding, str) + } + + // Verify the S value is <= half the order of the curve. This check is done + // because when it is higher, the complement modulo the order can be used + // instead which is a shorter encoding by 1 byte. Further, without + // enforcing this, it is possible to replace a signature in a valid + // transaction with the complement while still being a valid signature that + // verifies. This would result in changing the transaction hash and thus is + // a source of malleability. + if vm.hasFlag(ScriptVerifyLowS) { + sValue := new(big.Int).SetBytes(sig[sOffset : sOffset+sLen]) + if sValue.Cmp(halfOrder) > 0 { + return scriptError(ErrSigHighS, "signature is not canonical due "+ + "to unnecessarily high S value") + } + } + + return nil +} + +// getStack returns the contents of stack as a byte array bottom up +func getStack(stack *stack) [][]byte { + array := make([][]byte, stack.Depth()) + for i := range array { + // PeekByteArry can't fail due to overflow, already checked + array[len(array)-i-1], _ = stack.PeekByteArray(int32(i)) + } + return array +} + +// setStack sets the stack to the contents of the array where the last item in +// the array is the top item in the stack. +func setStack(stack *stack, data [][]byte) { + // This can not error. Only errors are for invalid arguments. + _ = stack.DropN(stack.Depth()) + + for i := range data { + stack.PushByteArray(data[i]) + } +} + +// GetStack returns the contents of the primary stack as an array. where the +// last item in the array is the top of the stack. +func (vm *Engine) GetStack() [][]byte { + return getStack(&vm.dstack) +} + +// SetStack sets the contents of the primary stack to the contents of the +// provided array where the last item in the array will be the top of the stack. +func (vm *Engine) SetStack(data [][]byte) { + setStack(&vm.dstack, data) +} + +// GetAltStack returns the contents of the alternate stack as an array where the +// last item in the array is the top of the stack. +func (vm *Engine) GetAltStack() [][]byte { + return getStack(&vm.astack) +} + +// SetAltStack sets the contents of the alternate stack to the contents of the +// provided array where the last item in the array will be the top of the stack. +func (vm *Engine) SetAltStack(data [][]byte) { + setStack(&vm.astack, data) +} + +// NewEngine returns a new script engine for the provided public key script, +// transaction, and input index. The flags modify the behavior of the script +// engine according to the description provided by each flag. +func NewEngine(scriptPubKey []byte, tx *wire.MsgTx, txIdx int, flags ScriptFlags, + sigCache *SigCache, hashCache *TxSigHashes, inputAmount int64) (*Engine, error) { + + // The provided transaction input index must refer to a valid input. + if txIdx < 0 || txIdx >= len(tx.TxIn) { + str := fmt.Sprintf("transaction input index %d is negative or "+ + ">= %d", txIdx, len(tx.TxIn)) + return nil, scriptError(ErrInvalidIndex, str) + } + scriptSig := tx.TxIn[txIdx].SignatureScript + + // When both the signature script and public key script are empty the + // result is necessarily an error since the stack would end up being + // empty which is equivalent to a false top element. Thus, just return + // the relevant error now as an optimization. + if len(scriptSig) == 0 && len(scriptPubKey) == 0 { + return nil, scriptError(ErrEvalFalse, + "false stack entry at end of script execution") + } + + // The clean stack flag (ScriptVerifyCleanStack) is not allowed without + // either the pay-to-script-hash (P2SH) evaluation (ScriptBip16) + // flag or the Segregated Witness (ScriptVerifyWitness) flag. + // + // Recall that evaluating a P2SH script without the flag set results in + // non-P2SH evaluation which leaves the P2SH inputs on the stack. + // Thus, allowing the clean stack flag without the P2SH flag would make + // it possible to have a situation where P2SH would not be a soft fork + // when it should be. The same goes for segwit which will pull in + // additional scripts for execution from the witness stack. + vm := Engine{flags: flags, sigCache: sigCache, hashCache: hashCache, + inputAmount: inputAmount} + if vm.hasFlag(ScriptVerifyCleanStack) && (!vm.hasFlag(ScriptBip16) && + !vm.hasFlag(ScriptVerifyWitness)) { + return nil, scriptError(ErrInvalidFlags, + "invalid flags combination") + } + + // The signature script must only contain data pushes when the + // associated flag is set. + if vm.hasFlag(ScriptVerifySigPushOnly) && !IsPushOnlyScript(scriptSig) { + return nil, scriptError(ErrNotPushOnly, + "signature script is not push only") + } + + // The engine stores the scripts in parsed form using a slice. This + // allows multiple scripts to be executed in sequence. For example, + // with a pay-to-script-hash transaction, there will be ultimately be + // a third script to execute. + scripts := [][]byte{scriptSig, scriptPubKey} + vm.scripts = make([][]parsedOpcode, len(scripts)) + for i, scr := range scripts { + if len(scr) > MaxScriptSize { + str := fmt.Sprintf("script size %d is larger than max "+ + "allowed size %d", len(scr), MaxScriptSize) + return nil, scriptError(ErrScriptTooBig, str) + } + var err error + vm.scripts[i], err = parseScript(scr) + if err != nil { + return nil, err + } + } + + // Advance the program counter to the public key script if the signature + // script is empty since there is nothing to execute for it in that + // case. + if len(scripts[0]) == 0 { + vm.scriptIdx++ + } + + if vm.hasFlag(ScriptBip16) && isScriptHash(vm.scripts[1]) { + // Only accept input scripts that push data for P2SH. + if !isPushOnly(vm.scripts[0]) { + return nil, scriptError(ErrNotPushOnly, + "pay to script hash is not push only") + } + vm.bip16 = true + } + if vm.hasFlag(ScriptVerifyMinimalData) { + vm.dstack.verifyMinimalData = true + vm.astack.verifyMinimalData = true + } + + // Check to see if we should execute in witness verification mode + // according to the set flags. We check both the pkScript, and sigScript + // here since in the case of nested p2sh, the scriptSig will be a valid + // witness program. For nested p2sh, all the bytes after the first data + // push should *exactly* match the witness program template. + if vm.hasFlag(ScriptVerifyWitness) { + // If witness evaluation is enabled, then P2SH MUST also be + // active. + if !vm.hasFlag(ScriptBip16) { + errStr := "P2SH must be enabled to do witness verification" + return nil, scriptError(ErrInvalidFlags, errStr) + } + + var witProgram []byte + + switch { + case isWitnessProgram(vm.scripts[1]): + // The scriptSig must be *empty* for all native witness + // programs, otherwise we introduce malleability. + if len(scriptSig) != 0 { + errStr := "native witness program cannot " + + "also have a signature script" + return nil, scriptError(ErrWitnessMalleated, errStr) + } + + witProgram = scriptPubKey + case len(tx.TxIn[txIdx].Witness) != 0 && vm.bip16: + // The sigScript MUST be *exactly* a single canonical + // data push of the witness program, otherwise we + // reintroduce malleability. + sigPops := vm.scripts[0] + if len(sigPops) == 1 && canonicalPush(sigPops[0]) && + IsWitnessProgram(sigPops[0].data) { + + witProgram = sigPops[0].data + } else { + errStr := "signature script for witness " + + "nested p2sh is not canonical" + return nil, scriptError(ErrWitnessMalleatedP2SH, errStr) + } + } + + if witProgram != nil { + var err error + vm.witnessVersion, vm.witnessProgram, err = ExtractWitnessProgramInfo(witProgram) + if err != nil { + return nil, err + } + } else { + // If we didn't find a witness program in either the + // pkScript or as a datapush within the sigScript, then + // there MUST NOT be any witness data associated with + // the input being validated. + if vm.witnessProgram == nil && len(tx.TxIn[txIdx].Witness) != 0 { + errStr := "non-witness inputs cannot have a witness" + return nil, scriptError(ErrWitnessUnexpected, errStr) + } + } + + } + + vm.tx = *tx + vm.txIdx = txIdx + + return &vm, nil +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/error.go b/vendor/github.com/btcsuite/btcd/txscript/error.go new file mode 100644 index 0000000..a61d027 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/error.go @@ -0,0 +1,453 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "fmt" +) + +// ErrorCode identifies a kind of script error. +type ErrorCode int + +// These constants are used to identify a specific Error. +const ( + // ErrInternal is returned if internal consistency checks fail. In + // practice this error should never be seen as it would mean there is an + // error in the engine logic. + ErrInternal ErrorCode = iota + + // --------------------------------------- + // Failures related to improper API usage. + // --------------------------------------- + + // ErrInvalidFlags is returned when the passed flags to NewEngine + // contain an invalid combination. + ErrInvalidFlags + + // ErrInvalidIndex is returned when an out-of-bounds index is passed to + // a function. + ErrInvalidIndex + + // ErrUnsupportedAddress is returned when a concrete type that + // implements a btcutil.Address is not a supported type. + ErrUnsupportedAddress + + // ErrNotMultisigScript is returned from CalcMultiSigStats when the + // provided script is not a multisig script. + ErrNotMultisigScript + + // ErrTooManyRequiredSigs is returned from MultiSigScript when the + // specified number of required signatures is larger than the number of + // provided public keys. + ErrTooManyRequiredSigs + + // ErrTooMuchNullData is returned from NullDataScript when the length of + // the provided data exceeds MaxDataCarrierSize. + ErrTooMuchNullData + + // ------------------------------------------ + // Failures related to final execution state. + // ------------------------------------------ + + // ErrEarlyReturn is returned when OP_RETURN is executed in the script. + ErrEarlyReturn + + // ErrEmptyStack is returned when the script evaluated without error, + // but terminated with an empty top stack element. + ErrEmptyStack + + // ErrEvalFalse is returned when the script evaluated without error but + // terminated with a false top stack element. + ErrEvalFalse + + // ErrScriptUnfinished is returned when CheckErrorCondition is called on + // a script that has not finished executing. + ErrScriptUnfinished + + // ErrScriptDone is returned when an attempt to execute an opcode is + // made once all of them have already been executed. This can happen + // due to things such as a second call to Execute or calling Step after + // all opcodes have already been executed. + ErrInvalidProgramCounter + + // ----------------------------------------------------- + // Failures related to exceeding maximum allowed limits. + // ----------------------------------------------------- + + // ErrScriptTooBig is returned if a script is larger than MaxScriptSize. + ErrScriptTooBig + + // ErrElementTooBig is returned if the size of an element to be pushed + // to the stack is over MaxScriptElementSize. + ErrElementTooBig + + // ErrTooManyOperations is returned if a script has more than + // MaxOpsPerScript opcodes that do not push data. + ErrTooManyOperations + + // ErrStackOverflow is returned when stack and altstack combined depth + // is over the limit. + ErrStackOverflow + + // ErrInvalidPubKeyCount is returned when the number of public keys + // specified for a multsig is either negative or greater than + // MaxPubKeysPerMultiSig. + ErrInvalidPubKeyCount + + // ErrInvalidSignatureCount is returned when the number of signatures + // specified for a multisig is either negative or greater than the + // number of public keys. + ErrInvalidSignatureCount + + // ErrNumberTooBig is returned when the argument for an opcode that + // expects numeric input is larger than the expected maximum number of + // bytes. For the most part, opcodes that deal with stack manipulation + // via offsets, arithmetic, numeric comparison, and boolean logic are + // those that this applies to. However, any opcode that expects numeric + // input may fail with this code. + ErrNumberTooBig + + // -------------------------------------------- + // Failures related to verification operations. + // -------------------------------------------- + + // ErrVerify is returned when OP_VERIFY is encountered in a script and + // the top item on the data stack does not evaluate to true. + ErrVerify + + // ErrEqualVerify is returned when OP_EQUALVERIFY is encountered in a + // script and the top item on the data stack does not evaluate to true. + ErrEqualVerify + + // ErrNumEqualVerify is returned when OP_NUMEQUALVERIFY is encountered + // in a script and the top item on the data stack does not evaluate to + // true. + ErrNumEqualVerify + + // ErrCheckSigVerify is returned when OP_CHECKSIGVERIFY is encountered + // in a script and the top item on the data stack does not evaluate to + // true. + ErrCheckSigVerify + + // ErrCheckSigVerify is returned when OP_CHECKMULTISIGVERIFY is + // encountered in a script and the top item on the data stack does not + // evaluate to true. + ErrCheckMultiSigVerify + + // -------------------------------------------- + // Failures related to improper use of opcodes. + // -------------------------------------------- + + // ErrDisabledOpcode is returned when a disabled opcode is encountered + // in a script. + ErrDisabledOpcode + + // ErrReservedOpcode is returned when an opcode marked as reserved + // is encountered in a script. + ErrReservedOpcode + + // ErrMalformedPush is returned when a data push opcode tries to push + // more bytes than are left in the script. + ErrMalformedPush + + // ErrInvalidStackOperation is returned when a stack operation is + // attempted with a number that is invalid for the current stack size. + ErrInvalidStackOperation + + // ErrUnbalancedConditional is returned when an OP_ELSE or OP_ENDIF is + // encountered in a script without first having an OP_IF or OP_NOTIF or + // the end of script is reached without encountering an OP_ENDIF when + // an OP_IF or OP_NOTIF was previously encountered. + ErrUnbalancedConditional + + // --------------------------------- + // Failures related to malleability. + // --------------------------------- + + // ErrMinimalData is returned when the ScriptVerifyMinimalData flag + // is set and the script contains push operations that do not use + // the minimal opcode required. + ErrMinimalData + + // ErrInvalidSigHashType is returned when a signature hash type is not + // one of the supported types. + ErrInvalidSigHashType + + // ErrSigTooShort is returned when a signature that should be a + // canonically-encoded DER signature is too short. + ErrSigTooShort + + // ErrSigTooLong is returned when a signature that should be a + // canonically-encoded DER signature is too long. + ErrSigTooLong + + // ErrSigInvalidSeqID is returned when a signature that should be a + // canonically-encoded DER signature does not have the expected ASN.1 + // sequence ID. + ErrSigInvalidSeqID + + // ErrSigInvalidDataLen is returned a signature that should be a + // canonically-encoded DER signature does not specify the correct number + // of remaining bytes for the R and S portions. + ErrSigInvalidDataLen + + // ErrSigMissingSTypeID is returned a signature that should be a + // canonically-encoded DER signature does not provide the ASN.1 type ID + // for S. + ErrSigMissingSTypeID + + // ErrSigMissingSLen is returned when a signature that should be a + // canonically-encoded DER signature does not provide the length of S. + ErrSigMissingSLen + + // ErrSigInvalidSLen is returned a signature that should be a + // canonically-encoded DER signature does not specify the correct number + // of bytes for the S portion. + ErrSigInvalidSLen + + // ErrSigInvalidRIntID is returned when a signature that should be a + // canonically-encoded DER signature does not have the expected ASN.1 + // integer ID for R. + ErrSigInvalidRIntID + + // ErrSigZeroRLen is returned when a signature that should be a + // canonically-encoded DER signature has an R length of zero. + ErrSigZeroRLen + + // ErrSigNegativeR is returned when a signature that should be a + // canonically-encoded DER signature has a negative value for R. + ErrSigNegativeR + + // ErrSigTooMuchRPadding is returned when a signature that should be a + // canonically-encoded DER signature has too much padding for R. + ErrSigTooMuchRPadding + + // ErrSigInvalidSIntID is returned when a signature that should be a + // canonically-encoded DER signature does not have the expected ASN.1 + // integer ID for S. + ErrSigInvalidSIntID + + // ErrSigZeroSLen is returned when a signature that should be a + // canonically-encoded DER signature has an S length of zero. + ErrSigZeroSLen + + // ErrSigNegativeS is returned when a signature that should be a + // canonically-encoded DER signature has a negative value for S. + ErrSigNegativeS + + // ErrSigTooMuchSPadding is returned when a signature that should be a + // canonically-encoded DER signature has too much padding for S. + ErrSigTooMuchSPadding + + // ErrSigHighS is returned when the ScriptVerifyLowS flag is set and the + // script contains any signatures whose S values are higher than the + // half order. + ErrSigHighS + + // ErrNotPushOnly is returned when a script that is required to only + // push data to the stack performs other operations. A couple of cases + // where this applies is for a pay-to-script-hash signature script when + // bip16 is active and when the ScriptVerifySigPushOnly flag is set. + ErrNotPushOnly + + // ErrSigNullDummy is returned when the ScriptStrictMultiSig flag is set + // and a multisig script has anything other than 0 for the extra dummy + // argument. + ErrSigNullDummy + + // ErrPubKeyType is returned when the ScriptVerifyStrictEncoding + // flag is set and the script contains invalid public keys. + ErrPubKeyType + + // ErrCleanStack is returned when the ScriptVerifyCleanStack flag + // is set, and after evalution, the stack does not contain only a + // single element. + ErrCleanStack + + // ErrNullFail is returned when the ScriptVerifyNullFail flag is + // set and signatures are not empty on failed checksig or checkmultisig + // operations. + ErrNullFail + + // ErrWitnessMalleated is returned if ScriptVerifyWitness is set and a + // native p2wsh program is encountered which has a non-empty sigScript. + ErrWitnessMalleated + + // ErrWitnessMalleatedP2SH is returned if ScriptVerifyWitness if set + // and the validation logic for nested p2sh encounters a sigScript + // which isn't *exactyl* a datapush of the witness program. + ErrWitnessMalleatedP2SH + + // ------------------------------- + // Failures related to soft forks. + // ------------------------------- + + // ErrDiscourageUpgradableNOPs is returned when the + // ScriptDiscourageUpgradableNops flag is set and a NOP opcode is + // encountered in a script. + ErrDiscourageUpgradableNOPs + + // ErrNegativeLockTime is returned when a script contains an opcode that + // interprets a negative lock time. + ErrNegativeLockTime + + // ErrUnsatisfiedLockTime is returned when a script contains an opcode + // that involves a lock time and the required lock time has not been + // reached. + ErrUnsatisfiedLockTime + + // ErrMinimalIf is returned if ScriptVerifyWitness is set and the + // operand of an OP_IF/OP_NOF_IF are not either an empty vector or + // [0x01]. + ErrMinimalIf + + // ErrDiscourageUpgradableWitnessProgram is returned if + // ScriptVerifyWitness is set and the versino of an executing witness + // program is outside the set of currently defined witness program + // vesions. + ErrDiscourageUpgradableWitnessProgram + + // ---------------------------------------- + // Failures related to segregated witness. + // ---------------------------------------- + + // ErrWitnessProgramEmpty is returned if ScriptVerifyWitness is set and + // the witness stack itself is empty. + ErrWitnessProgramEmpty + + // ErrWitnessProgramMismatch is returned if ScriptVerifyWitness is set + // and the witness itself for a p2wkh witness program isn't *exactly* 2 + // items or if the witness for a p2wsh isn't the sha255 of the witness + // script. + ErrWitnessProgramMismatch + + // ErrWitnessProgramWrongLength is returned if ScriptVerifyWitness is + // set and the length of the witness program violates the length as + // dictated by the current witness version. + ErrWitnessProgramWrongLength + + // ErrWitnessUnexpected is returned if ScriptVerifyWitness is set and a + // transaction includes witness data but doesn't spend an which is a + // witness program (nested or native). + ErrWitnessUnexpected + + // ErrWitnessPubKeyType is returned if ScriptVerifyWitness is set and + // the public key used in either a check-sig or check-multi-sig isn't + // serialized in a compressed format. + ErrWitnessPubKeyType + + // numErrorCodes is the maximum error code number used in tests. This + // entry MUST be the last entry in the enum. + numErrorCodes +) + +// Map of ErrorCode values back to their constant names for pretty printing. +var errorCodeStrings = map[ErrorCode]string{ + ErrInternal: "ErrInternal", + ErrInvalidFlags: "ErrInvalidFlags", + ErrInvalidIndex: "ErrInvalidIndex", + ErrUnsupportedAddress: "ErrUnsupportedAddress", + ErrNotMultisigScript: "ErrNotMultisigScript", + ErrTooManyRequiredSigs: "ErrTooManyRequiredSigs", + ErrTooMuchNullData: "ErrTooMuchNullData", + ErrEarlyReturn: "ErrEarlyReturn", + ErrEmptyStack: "ErrEmptyStack", + ErrEvalFalse: "ErrEvalFalse", + ErrScriptUnfinished: "ErrScriptUnfinished", + ErrInvalidProgramCounter: "ErrInvalidProgramCounter", + ErrScriptTooBig: "ErrScriptTooBig", + ErrElementTooBig: "ErrElementTooBig", + ErrTooManyOperations: "ErrTooManyOperations", + ErrStackOverflow: "ErrStackOverflow", + ErrInvalidPubKeyCount: "ErrInvalidPubKeyCount", + ErrInvalidSignatureCount: "ErrInvalidSignatureCount", + ErrNumberTooBig: "ErrNumberTooBig", + ErrVerify: "ErrVerify", + ErrEqualVerify: "ErrEqualVerify", + ErrNumEqualVerify: "ErrNumEqualVerify", + ErrCheckSigVerify: "ErrCheckSigVerify", + ErrCheckMultiSigVerify: "ErrCheckMultiSigVerify", + ErrDisabledOpcode: "ErrDisabledOpcode", + ErrReservedOpcode: "ErrReservedOpcode", + ErrMalformedPush: "ErrMalformedPush", + ErrInvalidStackOperation: "ErrInvalidStackOperation", + ErrUnbalancedConditional: "ErrUnbalancedConditional", + ErrMinimalData: "ErrMinimalData", + ErrInvalidSigHashType: "ErrInvalidSigHashType", + ErrSigTooShort: "ErrSigTooShort", + ErrSigTooLong: "ErrSigTooLong", + ErrSigInvalidSeqID: "ErrSigInvalidSeqID", + ErrSigInvalidDataLen: "ErrSigInvalidDataLen", + ErrSigMissingSTypeID: "ErrSigMissingSTypeID", + ErrSigMissingSLen: "ErrSigMissingSLen", + ErrSigInvalidSLen: "ErrSigInvalidSLen", + ErrSigInvalidRIntID: "ErrSigInvalidRIntID", + ErrSigZeroRLen: "ErrSigZeroRLen", + ErrSigNegativeR: "ErrSigNegativeR", + ErrSigTooMuchRPadding: "ErrSigTooMuchRPadding", + ErrSigInvalidSIntID: "ErrSigInvalidSIntID", + ErrSigZeroSLen: "ErrSigZeroSLen", + ErrSigNegativeS: "ErrSigNegativeS", + ErrSigTooMuchSPadding: "ErrSigTooMuchSPadding", + ErrSigHighS: "ErrSigHighS", + ErrNotPushOnly: "ErrNotPushOnly", + ErrSigNullDummy: "ErrSigNullDummy", + ErrPubKeyType: "ErrPubKeyType", + ErrCleanStack: "ErrCleanStack", + ErrNullFail: "ErrNullFail", + ErrDiscourageUpgradableNOPs: "ErrDiscourageUpgradableNOPs", + ErrNegativeLockTime: "ErrNegativeLockTime", + ErrUnsatisfiedLockTime: "ErrUnsatisfiedLockTime", + ErrWitnessProgramEmpty: "ErrWitnessProgramEmpty", + ErrWitnessProgramMismatch: "ErrWitnessProgramMismatch", + ErrWitnessProgramWrongLength: "ErrWitnessProgramWrongLength", + ErrWitnessMalleated: "ErrWitnessMalleated", + ErrWitnessMalleatedP2SH: "ErrWitnessMalleatedP2SH", + ErrWitnessUnexpected: "ErrWitnessUnexpected", + ErrMinimalIf: "ErrMinimalIf", + ErrWitnessPubKeyType: "ErrWitnessPubKeyType", + ErrDiscourageUpgradableWitnessProgram: "ErrDiscourageUpgradableWitnessProgram", +} + +// String returns the ErrorCode as a human-readable name. +func (e ErrorCode) String() string { + if s := errorCodeStrings[e]; s != "" { + return s + } + return fmt.Sprintf("Unknown ErrorCode (%d)", int(e)) +} + +// Error identifies a script-related error. It is used to indicate three +// classes of errors: +// 1) Script execution failures due to violating one of the many requirements +// imposed by the script engine or evaluating to false +// 2) Improper API usage by callers +// 3) Internal consistency check failures +// +// The caller can use type assertions on the returned errors to access the +// ErrorCode field to ascertain the specific reason for the error. As an +// additional convenience, the caller may make use of the IsErrorCode function +// to check for a specific error code. +type Error struct { + ErrorCode ErrorCode + Description string +} + +// Error satisfies the error interface and prints human-readable errors. +func (e Error) Error() string { + return e.Description +} + +// scriptError creates an Error given a set of arguments. +func scriptError(c ErrorCode, desc string) Error { + return Error{ErrorCode: c, Description: desc} +} + +// IsErrorCode returns whether or not the provided error is a script error with +// the provided error code. +func IsErrorCode(err error, c ErrorCode) bool { + serr, ok := err.(Error) + return ok && serr.ErrorCode == c +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/hashcache.go b/vendor/github.com/btcsuite/btcd/txscript/hashcache.go new file mode 100644 index 0000000..f9c2caf --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/hashcache.go @@ -0,0 +1,89 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "sync" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// TxSigHashes houses the partial set of sighashes introduced within BIP0143. +// This partial set of sighashes may be re-used within each input across a +// transaction when validating all inputs. As a result, validation complexity +// for SigHashAll can be reduced by a polynomial factor. +type TxSigHashes struct { + HashPrevOuts chainhash.Hash + HashSequence chainhash.Hash + HashOutputs chainhash.Hash +} + +// NewTxSigHashes computes, and returns the cached sighashes of the given +// transaction. +func NewTxSigHashes(tx *wire.MsgTx) *TxSigHashes { + return &TxSigHashes{ + HashPrevOuts: calcHashPrevOuts(tx), + HashSequence: calcHashSequence(tx), + HashOutputs: calcHashOutputs(tx), + } +} + +// HashCache houses a set of partial sighashes keyed by txid. The set of partial +// sighashes are those introduced within BIP0143 by the new more efficient +// sighash digest calculation algorithm. Using this threadsafe shared cache, +// multiple goroutines can safely re-use the pre-computed partial sighashes +// speeding up validation time amongst all inputs found within a block. +type HashCache struct { + sigHashes map[chainhash.Hash]*TxSigHashes + + sync.RWMutex +} + +// NewHashCache returns a new instance of the HashCache given a maximum number +// of entries which may exist within it at anytime. +func NewHashCache(maxSize uint) *HashCache { + return &HashCache{ + sigHashes: make(map[chainhash.Hash]*TxSigHashes, maxSize), + } +} + +// AddSigHashes computes, then adds the partial sighashes for the passed +// transaction. +func (h *HashCache) AddSigHashes(tx *wire.MsgTx) { + h.Lock() + h.sigHashes[tx.TxHash()] = NewTxSigHashes(tx) + h.Unlock() +} + +// ContainsHashes returns true if the partial sighashes for the passed +// transaction currently exist within the HashCache, and false otherwise. +func (h *HashCache) ContainsHashes(txid *chainhash.Hash) bool { + h.RLock() + _, found := h.sigHashes[*txid] + h.RUnlock() + + return found +} + +// GetSigHashes possibly returns the previously cached partial sighashes for +// the passed transaction. This function also returns an additional boolean +// value indicating if the sighashes for the passed transaction were found to +// be present within the HashCache. +func (h *HashCache) GetSigHashes(txid *chainhash.Hash) (*TxSigHashes, bool) { + h.RLock() + item, found := h.sigHashes[*txid] + h.RUnlock() + + return item, found +} + +// PurgeSigHashes removes all partial sighashes from the HashCache belonging to +// the passed transaction. +func (h *HashCache) PurgeSigHashes(txid *chainhash.Hash) { + h.Lock() + delete(h.sigHashes, *txid) + h.Unlock() +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/log.go b/vendor/github.com/btcsuite/btcd/txscript/log.go new file mode 100644 index 0000000..86ab408 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/log.go @@ -0,0 +1,43 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "github.com/btcsuite/btclog" +) + +// log is a logger that is initialized with no output filters. This +// means the package will not perform any logging by default until the caller +// requests it. +var log btclog.Logger + +// The default amount of logging is none. +func init() { + DisableLog() +} + +// DisableLog disables all library log output. Logging output is disabled +// by default until UseLogger is called. +func DisableLog() { + log = btclog.Disabled +} + +// UseLogger uses a specified Logger to output package logging info. +func UseLogger(logger btclog.Logger) { + log = logger +} + +// LogClosure is a closure that can be printed with %v to be used to +// generate expensive-to-create data for a detailed log level and avoid doing +// the work if the data isn't printed. +type logClosure func() string + +func (c logClosure) String() string { + return c() +} + +func newLogClosure(c func() string) logClosure { + return logClosure(c) +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/opcode.go b/vendor/github.com/btcsuite/btcd/txscript/opcode.go new file mode 100644 index 0000000..5ffb398 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/opcode.go @@ -0,0 +1,2447 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "bytes" + "crypto/sha1" + "crypto/sha256" + "encoding/binary" + "fmt" + "hash" + + "golang.org/x/crypto/ripemd160" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// An opcode defines the information related to a txscript opcode. opfunc, if +// present, is the function to call to perform the opcode on the script. The +// current script is passed in as a slice with the first member being the opcode +// itself. +type opcode struct { + value byte + name string + length int + opfunc func(*parsedOpcode, *Engine) error +} + +// These constants are the values of the official opcodes used on the btc wiki, +// in bitcoin core and in most if not all other references and software related +// to handling BTC scripts. +const ( + OP_0 = 0x00 // 0 + OP_FALSE = 0x00 // 0 - AKA OP_0 + OP_DATA_1 = 0x01 // 1 + OP_DATA_2 = 0x02 // 2 + OP_DATA_3 = 0x03 // 3 + OP_DATA_4 = 0x04 // 4 + OP_DATA_5 = 0x05 // 5 + OP_DATA_6 = 0x06 // 6 + OP_DATA_7 = 0x07 // 7 + OP_DATA_8 = 0x08 // 8 + OP_DATA_9 = 0x09 // 9 + OP_DATA_10 = 0x0a // 10 + OP_DATA_11 = 0x0b // 11 + OP_DATA_12 = 0x0c // 12 + OP_DATA_13 = 0x0d // 13 + OP_DATA_14 = 0x0e // 14 + OP_DATA_15 = 0x0f // 15 + OP_DATA_16 = 0x10 // 16 + OP_DATA_17 = 0x11 // 17 + OP_DATA_18 = 0x12 // 18 + OP_DATA_19 = 0x13 // 19 + OP_DATA_20 = 0x14 // 20 + OP_DATA_21 = 0x15 // 21 + OP_DATA_22 = 0x16 // 22 + OP_DATA_23 = 0x17 // 23 + OP_DATA_24 = 0x18 // 24 + OP_DATA_25 = 0x19 // 25 + OP_DATA_26 = 0x1a // 26 + OP_DATA_27 = 0x1b // 27 + OP_DATA_28 = 0x1c // 28 + OP_DATA_29 = 0x1d // 29 + OP_DATA_30 = 0x1e // 30 + OP_DATA_31 = 0x1f // 31 + OP_DATA_32 = 0x20 // 32 + OP_DATA_33 = 0x21 // 33 + OP_DATA_34 = 0x22 // 34 + OP_DATA_35 = 0x23 // 35 + OP_DATA_36 = 0x24 // 36 + OP_DATA_37 = 0x25 // 37 + OP_DATA_38 = 0x26 // 38 + OP_DATA_39 = 0x27 // 39 + OP_DATA_40 = 0x28 // 40 + OP_DATA_41 = 0x29 // 41 + OP_DATA_42 = 0x2a // 42 + OP_DATA_43 = 0x2b // 43 + OP_DATA_44 = 0x2c // 44 + OP_DATA_45 = 0x2d // 45 + OP_DATA_46 = 0x2e // 46 + OP_DATA_47 = 0x2f // 47 + OP_DATA_48 = 0x30 // 48 + OP_DATA_49 = 0x31 // 49 + OP_DATA_50 = 0x32 // 50 + OP_DATA_51 = 0x33 // 51 + OP_DATA_52 = 0x34 // 52 + OP_DATA_53 = 0x35 // 53 + OP_DATA_54 = 0x36 // 54 + OP_DATA_55 = 0x37 // 55 + OP_DATA_56 = 0x38 // 56 + OP_DATA_57 = 0x39 // 57 + OP_DATA_58 = 0x3a // 58 + OP_DATA_59 = 0x3b // 59 + OP_DATA_60 = 0x3c // 60 + OP_DATA_61 = 0x3d // 61 + OP_DATA_62 = 0x3e // 62 + OP_DATA_63 = 0x3f // 63 + OP_DATA_64 = 0x40 // 64 + OP_DATA_65 = 0x41 // 65 + OP_DATA_66 = 0x42 // 66 + OP_DATA_67 = 0x43 // 67 + OP_DATA_68 = 0x44 // 68 + OP_DATA_69 = 0x45 // 69 + OP_DATA_70 = 0x46 // 70 + OP_DATA_71 = 0x47 // 71 + OP_DATA_72 = 0x48 // 72 + OP_DATA_73 = 0x49 // 73 + OP_DATA_74 = 0x4a // 74 + OP_DATA_75 = 0x4b // 75 + OP_PUSHDATA1 = 0x4c // 76 + OP_PUSHDATA2 = 0x4d // 77 + OP_PUSHDATA4 = 0x4e // 78 + OP_1NEGATE = 0x4f // 79 + OP_RESERVED = 0x50 // 80 + OP_1 = 0x51 // 81 - AKA OP_TRUE + OP_TRUE = 0x51 // 81 + OP_2 = 0x52 // 82 + OP_3 = 0x53 // 83 + OP_4 = 0x54 // 84 + OP_5 = 0x55 // 85 + OP_6 = 0x56 // 86 + OP_7 = 0x57 // 87 + OP_8 = 0x58 // 88 + OP_9 = 0x59 // 89 + OP_10 = 0x5a // 90 + OP_11 = 0x5b // 91 + OP_12 = 0x5c // 92 + OP_13 = 0x5d // 93 + OP_14 = 0x5e // 94 + OP_15 = 0x5f // 95 + OP_16 = 0x60 // 96 + OP_NOP = 0x61 // 97 + OP_VER = 0x62 // 98 + OP_IF = 0x63 // 99 + OP_NOTIF = 0x64 // 100 + OP_VERIF = 0x65 // 101 + OP_VERNOTIF = 0x66 // 102 + OP_ELSE = 0x67 // 103 + OP_ENDIF = 0x68 // 104 + OP_VERIFY = 0x69 // 105 + OP_RETURN = 0x6a // 106 + OP_TOALTSTACK = 0x6b // 107 + OP_FROMALTSTACK = 0x6c // 108 + OP_2DROP = 0x6d // 109 + OP_2DUP = 0x6e // 110 + OP_3DUP = 0x6f // 111 + OP_2OVER = 0x70 // 112 + OP_2ROT = 0x71 // 113 + OP_2SWAP = 0x72 // 114 + OP_IFDUP = 0x73 // 115 + OP_DEPTH = 0x74 // 116 + OP_DROP = 0x75 // 117 + OP_DUP = 0x76 // 118 + OP_NIP = 0x77 // 119 + OP_OVER = 0x78 // 120 + OP_PICK = 0x79 // 121 + OP_ROLL = 0x7a // 122 + OP_ROT = 0x7b // 123 + OP_SWAP = 0x7c // 124 + OP_TUCK = 0x7d // 125 + OP_CAT = 0x7e // 126 + OP_SUBSTR = 0x7f // 127 + OP_LEFT = 0x80 // 128 + OP_RIGHT = 0x81 // 129 + OP_SIZE = 0x82 // 130 + OP_INVERT = 0x83 // 131 + OP_AND = 0x84 // 132 + OP_OR = 0x85 // 133 + OP_XOR = 0x86 // 134 + OP_EQUAL = 0x87 // 135 + OP_EQUALVERIFY = 0x88 // 136 + OP_RESERVED1 = 0x89 // 137 + OP_RESERVED2 = 0x8a // 138 + OP_1ADD = 0x8b // 139 + OP_1SUB = 0x8c // 140 + OP_2MUL = 0x8d // 141 + OP_2DIV = 0x8e // 142 + OP_NEGATE = 0x8f // 143 + OP_ABS = 0x90 // 144 + OP_NOT = 0x91 // 145 + OP_0NOTEQUAL = 0x92 // 146 + OP_ADD = 0x93 // 147 + OP_SUB = 0x94 // 148 + OP_MUL = 0x95 // 149 + OP_DIV = 0x96 // 150 + OP_MOD = 0x97 // 151 + OP_LSHIFT = 0x98 // 152 + OP_RSHIFT = 0x99 // 153 + OP_BOOLAND = 0x9a // 154 + OP_BOOLOR = 0x9b // 155 + OP_NUMEQUAL = 0x9c // 156 + OP_NUMEQUALVERIFY = 0x9d // 157 + OP_NUMNOTEQUAL = 0x9e // 158 + OP_LESSTHAN = 0x9f // 159 + OP_GREATERTHAN = 0xa0 // 160 + OP_LESSTHANOREQUAL = 0xa1 // 161 + OP_GREATERTHANOREQUAL = 0xa2 // 162 + OP_MIN = 0xa3 // 163 + OP_MAX = 0xa4 // 164 + OP_WITHIN = 0xa5 // 165 + OP_RIPEMD160 = 0xa6 // 166 + OP_SHA1 = 0xa7 // 167 + OP_SHA256 = 0xa8 // 168 + OP_HASH160 = 0xa9 // 169 + OP_HASH256 = 0xaa // 170 + OP_CODESEPARATOR = 0xab // 171 + OP_CHECKSIG = 0xac // 172 + OP_CHECKSIGVERIFY = 0xad // 173 + OP_CHECKMULTISIG = 0xae // 174 + OP_CHECKMULTISIGVERIFY = 0xaf // 175 + OP_NOP1 = 0xb0 // 176 + OP_NOP2 = 0xb1 // 177 + OP_CHECKLOCKTIMEVERIFY = 0xb1 // 177 - AKA OP_NOP2 + OP_NOP3 = 0xb2 // 178 + OP_CHECKSEQUENCEVERIFY = 0xb2 // 178 - AKA OP_NOP3 + OP_NOP4 = 0xb3 // 179 + OP_NOP5 = 0xb4 // 180 + OP_NOP6 = 0xb5 // 181 + OP_NOP7 = 0xb6 // 182 + OP_NOP8 = 0xb7 // 183 + OP_NOP9 = 0xb8 // 184 + OP_NOP10 = 0xb9 // 185 + OP_UNKNOWN186 = 0xba // 186 + OP_UNKNOWN187 = 0xbb // 187 + OP_UNKNOWN188 = 0xbc // 188 + OP_UNKNOWN189 = 0xbd // 189 + OP_UNKNOWN190 = 0xbe // 190 + OP_UNKNOWN191 = 0xbf // 191 + OP_UNKNOWN192 = 0xc0 // 192 + OP_UNKNOWN193 = 0xc1 // 193 + OP_UNKNOWN194 = 0xc2 // 194 + OP_UNKNOWN195 = 0xc3 // 195 + OP_UNKNOWN196 = 0xc4 // 196 + OP_UNKNOWN197 = 0xc5 // 197 + OP_UNKNOWN198 = 0xc6 // 198 + OP_UNKNOWN199 = 0xc7 // 199 + OP_UNKNOWN200 = 0xc8 // 200 + OP_UNKNOWN201 = 0xc9 // 201 + OP_UNKNOWN202 = 0xca // 202 + OP_UNKNOWN203 = 0xcb // 203 + OP_UNKNOWN204 = 0xcc // 204 + OP_UNKNOWN205 = 0xcd // 205 + OP_UNKNOWN206 = 0xce // 206 + OP_UNKNOWN207 = 0xcf // 207 + OP_UNKNOWN208 = 0xd0 // 208 + OP_UNKNOWN209 = 0xd1 // 209 + OP_UNKNOWN210 = 0xd2 // 210 + OP_UNKNOWN211 = 0xd3 // 211 + OP_UNKNOWN212 = 0xd4 // 212 + OP_UNKNOWN213 = 0xd5 // 213 + OP_UNKNOWN214 = 0xd6 // 214 + OP_UNKNOWN215 = 0xd7 // 215 + OP_UNKNOWN216 = 0xd8 // 216 + OP_UNKNOWN217 = 0xd9 // 217 + OP_UNKNOWN218 = 0xda // 218 + OP_UNKNOWN219 = 0xdb // 219 + OP_UNKNOWN220 = 0xdc // 220 + OP_UNKNOWN221 = 0xdd // 221 + OP_UNKNOWN222 = 0xde // 222 + OP_UNKNOWN223 = 0xdf // 223 + OP_UNKNOWN224 = 0xe0 // 224 + OP_UNKNOWN225 = 0xe1 // 225 + OP_UNKNOWN226 = 0xe2 // 226 + OP_UNKNOWN227 = 0xe3 // 227 + OP_UNKNOWN228 = 0xe4 // 228 + OP_UNKNOWN229 = 0xe5 // 229 + OP_UNKNOWN230 = 0xe6 // 230 + OP_UNKNOWN231 = 0xe7 // 231 + OP_UNKNOWN232 = 0xe8 // 232 + OP_UNKNOWN233 = 0xe9 // 233 + OP_UNKNOWN234 = 0xea // 234 + OP_UNKNOWN235 = 0xeb // 235 + OP_UNKNOWN236 = 0xec // 236 + OP_UNKNOWN237 = 0xed // 237 + OP_UNKNOWN238 = 0xee // 238 + OP_UNKNOWN239 = 0xef // 239 + OP_UNKNOWN240 = 0xf0 // 240 + OP_UNKNOWN241 = 0xf1 // 241 + OP_UNKNOWN242 = 0xf2 // 242 + OP_UNKNOWN243 = 0xf3 // 243 + OP_UNKNOWN244 = 0xf4 // 244 + OP_UNKNOWN245 = 0xf5 // 245 + OP_UNKNOWN246 = 0xf6 // 246 + OP_UNKNOWN247 = 0xf7 // 247 + OP_UNKNOWN248 = 0xf8 // 248 + OP_UNKNOWN249 = 0xf9 // 249 + OP_SMALLINTEGER = 0xfa // 250 - bitcoin core internal + OP_PUBKEYS = 0xfb // 251 - bitcoin core internal + OP_UNKNOWN252 = 0xfc // 252 + OP_PUBKEYHASH = 0xfd // 253 - bitcoin core internal + OP_PUBKEY = 0xfe // 254 - bitcoin core internal + OP_INVALIDOPCODE = 0xff // 255 - bitcoin core internal +) + +// Conditional execution constants. +const ( + OpCondFalse = 0 + OpCondTrue = 1 + OpCondSkip = 2 +) + +// opcodeArray holds details about all possible opcodes such as how many bytes +// the opcode and any associated data should take, its human-readable name, and +// the handler function. +var opcodeArray = [256]opcode{ + // Data push opcodes. + OP_FALSE: {OP_FALSE, "OP_0", 1, opcodeFalse}, + OP_DATA_1: {OP_DATA_1, "OP_DATA_1", 2, opcodePushData}, + OP_DATA_2: {OP_DATA_2, "OP_DATA_2", 3, opcodePushData}, + OP_DATA_3: {OP_DATA_3, "OP_DATA_3", 4, opcodePushData}, + OP_DATA_4: {OP_DATA_4, "OP_DATA_4", 5, opcodePushData}, + OP_DATA_5: {OP_DATA_5, "OP_DATA_5", 6, opcodePushData}, + OP_DATA_6: {OP_DATA_6, "OP_DATA_6", 7, opcodePushData}, + OP_DATA_7: {OP_DATA_7, "OP_DATA_7", 8, opcodePushData}, + OP_DATA_8: {OP_DATA_8, "OP_DATA_8", 9, opcodePushData}, + OP_DATA_9: {OP_DATA_9, "OP_DATA_9", 10, opcodePushData}, + OP_DATA_10: {OP_DATA_10, "OP_DATA_10", 11, opcodePushData}, + OP_DATA_11: {OP_DATA_11, "OP_DATA_11", 12, opcodePushData}, + OP_DATA_12: {OP_DATA_12, "OP_DATA_12", 13, opcodePushData}, + OP_DATA_13: {OP_DATA_13, "OP_DATA_13", 14, opcodePushData}, + OP_DATA_14: {OP_DATA_14, "OP_DATA_14", 15, opcodePushData}, + OP_DATA_15: {OP_DATA_15, "OP_DATA_15", 16, opcodePushData}, + OP_DATA_16: {OP_DATA_16, "OP_DATA_16", 17, opcodePushData}, + OP_DATA_17: {OP_DATA_17, "OP_DATA_17", 18, opcodePushData}, + OP_DATA_18: {OP_DATA_18, "OP_DATA_18", 19, opcodePushData}, + OP_DATA_19: {OP_DATA_19, "OP_DATA_19", 20, opcodePushData}, + OP_DATA_20: {OP_DATA_20, "OP_DATA_20", 21, opcodePushData}, + OP_DATA_21: {OP_DATA_21, "OP_DATA_21", 22, opcodePushData}, + OP_DATA_22: {OP_DATA_22, "OP_DATA_22", 23, opcodePushData}, + OP_DATA_23: {OP_DATA_23, "OP_DATA_23", 24, opcodePushData}, + OP_DATA_24: {OP_DATA_24, "OP_DATA_24", 25, opcodePushData}, + OP_DATA_25: {OP_DATA_25, "OP_DATA_25", 26, opcodePushData}, + OP_DATA_26: {OP_DATA_26, "OP_DATA_26", 27, opcodePushData}, + OP_DATA_27: {OP_DATA_27, "OP_DATA_27", 28, opcodePushData}, + OP_DATA_28: {OP_DATA_28, "OP_DATA_28", 29, opcodePushData}, + OP_DATA_29: {OP_DATA_29, "OP_DATA_29", 30, opcodePushData}, + OP_DATA_30: {OP_DATA_30, "OP_DATA_30", 31, opcodePushData}, + OP_DATA_31: {OP_DATA_31, "OP_DATA_31", 32, opcodePushData}, + OP_DATA_32: {OP_DATA_32, "OP_DATA_32", 33, opcodePushData}, + OP_DATA_33: {OP_DATA_33, "OP_DATA_33", 34, opcodePushData}, + OP_DATA_34: {OP_DATA_34, "OP_DATA_34", 35, opcodePushData}, + OP_DATA_35: {OP_DATA_35, "OP_DATA_35", 36, opcodePushData}, + OP_DATA_36: {OP_DATA_36, "OP_DATA_36", 37, opcodePushData}, + OP_DATA_37: {OP_DATA_37, "OP_DATA_37", 38, opcodePushData}, + OP_DATA_38: {OP_DATA_38, "OP_DATA_38", 39, opcodePushData}, + OP_DATA_39: {OP_DATA_39, "OP_DATA_39", 40, opcodePushData}, + OP_DATA_40: {OP_DATA_40, "OP_DATA_40", 41, opcodePushData}, + OP_DATA_41: {OP_DATA_41, "OP_DATA_41", 42, opcodePushData}, + OP_DATA_42: {OP_DATA_42, "OP_DATA_42", 43, opcodePushData}, + OP_DATA_43: {OP_DATA_43, "OP_DATA_43", 44, opcodePushData}, + OP_DATA_44: {OP_DATA_44, "OP_DATA_44", 45, opcodePushData}, + OP_DATA_45: {OP_DATA_45, "OP_DATA_45", 46, opcodePushData}, + OP_DATA_46: {OP_DATA_46, "OP_DATA_46", 47, opcodePushData}, + OP_DATA_47: {OP_DATA_47, "OP_DATA_47", 48, opcodePushData}, + OP_DATA_48: {OP_DATA_48, "OP_DATA_48", 49, opcodePushData}, + OP_DATA_49: {OP_DATA_49, "OP_DATA_49", 50, opcodePushData}, + OP_DATA_50: {OP_DATA_50, "OP_DATA_50", 51, opcodePushData}, + OP_DATA_51: {OP_DATA_51, "OP_DATA_51", 52, opcodePushData}, + OP_DATA_52: {OP_DATA_52, "OP_DATA_52", 53, opcodePushData}, + OP_DATA_53: {OP_DATA_53, "OP_DATA_53", 54, opcodePushData}, + OP_DATA_54: {OP_DATA_54, "OP_DATA_54", 55, opcodePushData}, + OP_DATA_55: {OP_DATA_55, "OP_DATA_55", 56, opcodePushData}, + OP_DATA_56: {OP_DATA_56, "OP_DATA_56", 57, opcodePushData}, + OP_DATA_57: {OP_DATA_57, "OP_DATA_57", 58, opcodePushData}, + OP_DATA_58: {OP_DATA_58, "OP_DATA_58", 59, opcodePushData}, + OP_DATA_59: {OP_DATA_59, "OP_DATA_59", 60, opcodePushData}, + OP_DATA_60: {OP_DATA_60, "OP_DATA_60", 61, opcodePushData}, + OP_DATA_61: {OP_DATA_61, "OP_DATA_61", 62, opcodePushData}, + OP_DATA_62: {OP_DATA_62, "OP_DATA_62", 63, opcodePushData}, + OP_DATA_63: {OP_DATA_63, "OP_DATA_63", 64, opcodePushData}, + OP_DATA_64: {OP_DATA_64, "OP_DATA_64", 65, opcodePushData}, + OP_DATA_65: {OP_DATA_65, "OP_DATA_65", 66, opcodePushData}, + OP_DATA_66: {OP_DATA_66, "OP_DATA_66", 67, opcodePushData}, + OP_DATA_67: {OP_DATA_67, "OP_DATA_67", 68, opcodePushData}, + OP_DATA_68: {OP_DATA_68, "OP_DATA_68", 69, opcodePushData}, + OP_DATA_69: {OP_DATA_69, "OP_DATA_69", 70, opcodePushData}, + OP_DATA_70: {OP_DATA_70, "OP_DATA_70", 71, opcodePushData}, + OP_DATA_71: {OP_DATA_71, "OP_DATA_71", 72, opcodePushData}, + OP_DATA_72: {OP_DATA_72, "OP_DATA_72", 73, opcodePushData}, + OP_DATA_73: {OP_DATA_73, "OP_DATA_73", 74, opcodePushData}, + OP_DATA_74: {OP_DATA_74, "OP_DATA_74", 75, opcodePushData}, + OP_DATA_75: {OP_DATA_75, "OP_DATA_75", 76, opcodePushData}, + OP_PUSHDATA1: {OP_PUSHDATA1, "OP_PUSHDATA1", -1, opcodePushData}, + OP_PUSHDATA2: {OP_PUSHDATA2, "OP_PUSHDATA2", -2, opcodePushData}, + OP_PUSHDATA4: {OP_PUSHDATA4, "OP_PUSHDATA4", -4, opcodePushData}, + OP_1NEGATE: {OP_1NEGATE, "OP_1NEGATE", 1, opcode1Negate}, + OP_RESERVED: {OP_RESERVED, "OP_RESERVED", 1, opcodeReserved}, + OP_TRUE: {OP_TRUE, "OP_1", 1, opcodeN}, + OP_2: {OP_2, "OP_2", 1, opcodeN}, + OP_3: {OP_3, "OP_3", 1, opcodeN}, + OP_4: {OP_4, "OP_4", 1, opcodeN}, + OP_5: {OP_5, "OP_5", 1, opcodeN}, + OP_6: {OP_6, "OP_6", 1, opcodeN}, + OP_7: {OP_7, "OP_7", 1, opcodeN}, + OP_8: {OP_8, "OP_8", 1, opcodeN}, + OP_9: {OP_9, "OP_9", 1, opcodeN}, + OP_10: {OP_10, "OP_10", 1, opcodeN}, + OP_11: {OP_11, "OP_11", 1, opcodeN}, + OP_12: {OP_12, "OP_12", 1, opcodeN}, + OP_13: {OP_13, "OP_13", 1, opcodeN}, + OP_14: {OP_14, "OP_14", 1, opcodeN}, + OP_15: {OP_15, "OP_15", 1, opcodeN}, + OP_16: {OP_16, "OP_16", 1, opcodeN}, + + // Control opcodes. + OP_NOP: {OP_NOP, "OP_NOP", 1, opcodeNop}, + OP_VER: {OP_VER, "OP_VER", 1, opcodeReserved}, + OP_IF: {OP_IF, "OP_IF", 1, opcodeIf}, + OP_NOTIF: {OP_NOTIF, "OP_NOTIF", 1, opcodeNotIf}, + OP_VERIF: {OP_VERIF, "OP_VERIF", 1, opcodeReserved}, + OP_VERNOTIF: {OP_VERNOTIF, "OP_VERNOTIF", 1, opcodeReserved}, + OP_ELSE: {OP_ELSE, "OP_ELSE", 1, opcodeElse}, + OP_ENDIF: {OP_ENDIF, "OP_ENDIF", 1, opcodeEndif}, + OP_VERIFY: {OP_VERIFY, "OP_VERIFY", 1, opcodeVerify}, + OP_RETURN: {OP_RETURN, "OP_RETURN", 1, opcodeReturn}, + OP_CHECKLOCKTIMEVERIFY: {OP_CHECKLOCKTIMEVERIFY, "OP_CHECKLOCKTIMEVERIFY", 1, opcodeCheckLockTimeVerify}, + OP_CHECKSEQUENCEVERIFY: {OP_CHECKSEQUENCEVERIFY, "OP_CHECKSEQUENCEVERIFY", 1, opcodeCheckSequenceVerify}, + + // Stack opcodes. + OP_TOALTSTACK: {OP_TOALTSTACK, "OP_TOALTSTACK", 1, opcodeToAltStack}, + OP_FROMALTSTACK: {OP_FROMALTSTACK, "OP_FROMALTSTACK", 1, opcodeFromAltStack}, + OP_2DROP: {OP_2DROP, "OP_2DROP", 1, opcode2Drop}, + OP_2DUP: {OP_2DUP, "OP_2DUP", 1, opcode2Dup}, + OP_3DUP: {OP_3DUP, "OP_3DUP", 1, opcode3Dup}, + OP_2OVER: {OP_2OVER, "OP_2OVER", 1, opcode2Over}, + OP_2ROT: {OP_2ROT, "OP_2ROT", 1, opcode2Rot}, + OP_2SWAP: {OP_2SWAP, "OP_2SWAP", 1, opcode2Swap}, + OP_IFDUP: {OP_IFDUP, "OP_IFDUP", 1, opcodeIfDup}, + OP_DEPTH: {OP_DEPTH, "OP_DEPTH", 1, opcodeDepth}, + OP_DROP: {OP_DROP, "OP_DROP", 1, opcodeDrop}, + OP_DUP: {OP_DUP, "OP_DUP", 1, opcodeDup}, + OP_NIP: {OP_NIP, "OP_NIP", 1, opcodeNip}, + OP_OVER: {OP_OVER, "OP_OVER", 1, opcodeOver}, + OP_PICK: {OP_PICK, "OP_PICK", 1, opcodePick}, + OP_ROLL: {OP_ROLL, "OP_ROLL", 1, opcodeRoll}, + OP_ROT: {OP_ROT, "OP_ROT", 1, opcodeRot}, + OP_SWAP: {OP_SWAP, "OP_SWAP", 1, opcodeSwap}, + OP_TUCK: {OP_TUCK, "OP_TUCK", 1, opcodeTuck}, + + // Splice opcodes. + OP_CAT: {OP_CAT, "OP_CAT", 1, opcodeDisabled}, + OP_SUBSTR: {OP_SUBSTR, "OP_SUBSTR", 1, opcodeDisabled}, + OP_LEFT: {OP_LEFT, "OP_LEFT", 1, opcodeDisabled}, + OP_RIGHT: {OP_RIGHT, "OP_RIGHT", 1, opcodeDisabled}, + OP_SIZE: {OP_SIZE, "OP_SIZE", 1, opcodeSize}, + + // Bitwise logic opcodes. + OP_INVERT: {OP_INVERT, "OP_INVERT", 1, opcodeDisabled}, + OP_AND: {OP_AND, "OP_AND", 1, opcodeDisabled}, + OP_OR: {OP_OR, "OP_OR", 1, opcodeDisabled}, + OP_XOR: {OP_XOR, "OP_XOR", 1, opcodeDisabled}, + OP_EQUAL: {OP_EQUAL, "OP_EQUAL", 1, opcodeEqual}, + OP_EQUALVERIFY: {OP_EQUALVERIFY, "OP_EQUALVERIFY", 1, opcodeEqualVerify}, + OP_RESERVED1: {OP_RESERVED1, "OP_RESERVED1", 1, opcodeReserved}, + OP_RESERVED2: {OP_RESERVED2, "OP_RESERVED2", 1, opcodeReserved}, + + // Numeric related opcodes. + OP_1ADD: {OP_1ADD, "OP_1ADD", 1, opcode1Add}, + OP_1SUB: {OP_1SUB, "OP_1SUB", 1, opcode1Sub}, + OP_2MUL: {OP_2MUL, "OP_2MUL", 1, opcodeDisabled}, + OP_2DIV: {OP_2DIV, "OP_2DIV", 1, opcodeDisabled}, + OP_NEGATE: {OP_NEGATE, "OP_NEGATE", 1, opcodeNegate}, + OP_ABS: {OP_ABS, "OP_ABS", 1, opcodeAbs}, + OP_NOT: {OP_NOT, "OP_NOT", 1, opcodeNot}, + OP_0NOTEQUAL: {OP_0NOTEQUAL, "OP_0NOTEQUAL", 1, opcode0NotEqual}, + OP_ADD: {OP_ADD, "OP_ADD", 1, opcodeAdd}, + OP_SUB: {OP_SUB, "OP_SUB", 1, opcodeSub}, + OP_MUL: {OP_MUL, "OP_MUL", 1, opcodeDisabled}, + OP_DIV: {OP_DIV, "OP_DIV", 1, opcodeDisabled}, + OP_MOD: {OP_MOD, "OP_MOD", 1, opcodeDisabled}, + OP_LSHIFT: {OP_LSHIFT, "OP_LSHIFT", 1, opcodeDisabled}, + OP_RSHIFT: {OP_RSHIFT, "OP_RSHIFT", 1, opcodeDisabled}, + OP_BOOLAND: {OP_BOOLAND, "OP_BOOLAND", 1, opcodeBoolAnd}, + OP_BOOLOR: {OP_BOOLOR, "OP_BOOLOR", 1, opcodeBoolOr}, + OP_NUMEQUAL: {OP_NUMEQUAL, "OP_NUMEQUAL", 1, opcodeNumEqual}, + OP_NUMEQUALVERIFY: {OP_NUMEQUALVERIFY, "OP_NUMEQUALVERIFY", 1, opcodeNumEqualVerify}, + OP_NUMNOTEQUAL: {OP_NUMNOTEQUAL, "OP_NUMNOTEQUAL", 1, opcodeNumNotEqual}, + OP_LESSTHAN: {OP_LESSTHAN, "OP_LESSTHAN", 1, opcodeLessThan}, + OP_GREATERTHAN: {OP_GREATERTHAN, "OP_GREATERTHAN", 1, opcodeGreaterThan}, + OP_LESSTHANOREQUAL: {OP_LESSTHANOREQUAL, "OP_LESSTHANOREQUAL", 1, opcodeLessThanOrEqual}, + OP_GREATERTHANOREQUAL: {OP_GREATERTHANOREQUAL, "OP_GREATERTHANOREQUAL", 1, opcodeGreaterThanOrEqual}, + OP_MIN: {OP_MIN, "OP_MIN", 1, opcodeMin}, + OP_MAX: {OP_MAX, "OP_MAX", 1, opcodeMax}, + OP_WITHIN: {OP_WITHIN, "OP_WITHIN", 1, opcodeWithin}, + + // Crypto opcodes. + OP_RIPEMD160: {OP_RIPEMD160, "OP_RIPEMD160", 1, opcodeRipemd160}, + OP_SHA1: {OP_SHA1, "OP_SHA1", 1, opcodeSha1}, + OP_SHA256: {OP_SHA256, "OP_SHA256", 1, opcodeSha256}, + OP_HASH160: {OP_HASH160, "OP_HASH160", 1, opcodeHash160}, + OP_HASH256: {OP_HASH256, "OP_HASH256", 1, opcodeHash256}, + OP_CODESEPARATOR: {OP_CODESEPARATOR, "OP_CODESEPARATOR", 1, opcodeCodeSeparator}, + OP_CHECKSIG: {OP_CHECKSIG, "OP_CHECKSIG", 1, opcodeCheckSig}, + OP_CHECKSIGVERIFY: {OP_CHECKSIGVERIFY, "OP_CHECKSIGVERIFY", 1, opcodeCheckSigVerify}, + OP_CHECKMULTISIG: {OP_CHECKMULTISIG, "OP_CHECKMULTISIG", 1, opcodeCheckMultiSig}, + OP_CHECKMULTISIGVERIFY: {OP_CHECKMULTISIGVERIFY, "OP_CHECKMULTISIGVERIFY", 1, opcodeCheckMultiSigVerify}, + + // Reserved opcodes. + OP_NOP1: {OP_NOP1, "OP_NOP1", 1, opcodeNop}, + OP_NOP4: {OP_NOP4, "OP_NOP4", 1, opcodeNop}, + OP_NOP5: {OP_NOP5, "OP_NOP5", 1, opcodeNop}, + OP_NOP6: {OP_NOP6, "OP_NOP6", 1, opcodeNop}, + OP_NOP7: {OP_NOP7, "OP_NOP7", 1, opcodeNop}, + OP_NOP8: {OP_NOP8, "OP_NOP8", 1, opcodeNop}, + OP_NOP9: {OP_NOP9, "OP_NOP9", 1, opcodeNop}, + OP_NOP10: {OP_NOP10, "OP_NOP10", 1, opcodeNop}, + + // Undefined opcodes. + OP_UNKNOWN186: {OP_UNKNOWN186, "OP_UNKNOWN186", 1, opcodeInvalid}, + OP_UNKNOWN187: {OP_UNKNOWN187, "OP_UNKNOWN187", 1, opcodeInvalid}, + OP_UNKNOWN188: {OP_UNKNOWN188, "OP_UNKNOWN188", 1, opcodeInvalid}, + OP_UNKNOWN189: {OP_UNKNOWN189, "OP_UNKNOWN189", 1, opcodeInvalid}, + OP_UNKNOWN190: {OP_UNKNOWN190, "OP_UNKNOWN190", 1, opcodeInvalid}, + OP_UNKNOWN191: {OP_UNKNOWN191, "OP_UNKNOWN191", 1, opcodeInvalid}, + OP_UNKNOWN192: {OP_UNKNOWN192, "OP_UNKNOWN192", 1, opcodeInvalid}, + OP_UNKNOWN193: {OP_UNKNOWN193, "OP_UNKNOWN193", 1, opcodeInvalid}, + OP_UNKNOWN194: {OP_UNKNOWN194, "OP_UNKNOWN194", 1, opcodeInvalid}, + OP_UNKNOWN195: {OP_UNKNOWN195, "OP_UNKNOWN195", 1, opcodeInvalid}, + OP_UNKNOWN196: {OP_UNKNOWN196, "OP_UNKNOWN196", 1, opcodeInvalid}, + OP_UNKNOWN197: {OP_UNKNOWN197, "OP_UNKNOWN197", 1, opcodeInvalid}, + OP_UNKNOWN198: {OP_UNKNOWN198, "OP_UNKNOWN198", 1, opcodeInvalid}, + OP_UNKNOWN199: {OP_UNKNOWN199, "OP_UNKNOWN199", 1, opcodeInvalid}, + OP_UNKNOWN200: {OP_UNKNOWN200, "OP_UNKNOWN200", 1, opcodeInvalid}, + OP_UNKNOWN201: {OP_UNKNOWN201, "OP_UNKNOWN201", 1, opcodeInvalid}, + OP_UNKNOWN202: {OP_UNKNOWN202, "OP_UNKNOWN202", 1, opcodeInvalid}, + OP_UNKNOWN203: {OP_UNKNOWN203, "OP_UNKNOWN203", 1, opcodeInvalid}, + OP_UNKNOWN204: {OP_UNKNOWN204, "OP_UNKNOWN204", 1, opcodeInvalid}, + OP_UNKNOWN205: {OP_UNKNOWN205, "OP_UNKNOWN205", 1, opcodeInvalid}, + OP_UNKNOWN206: {OP_UNKNOWN206, "OP_UNKNOWN206", 1, opcodeInvalid}, + OP_UNKNOWN207: {OP_UNKNOWN207, "OP_UNKNOWN207", 1, opcodeInvalid}, + OP_UNKNOWN208: {OP_UNKNOWN208, "OP_UNKNOWN208", 1, opcodeInvalid}, + OP_UNKNOWN209: {OP_UNKNOWN209, "OP_UNKNOWN209", 1, opcodeInvalid}, + OP_UNKNOWN210: {OP_UNKNOWN210, "OP_UNKNOWN210", 1, opcodeInvalid}, + OP_UNKNOWN211: {OP_UNKNOWN211, "OP_UNKNOWN211", 1, opcodeInvalid}, + OP_UNKNOWN212: {OP_UNKNOWN212, "OP_UNKNOWN212", 1, opcodeInvalid}, + OP_UNKNOWN213: {OP_UNKNOWN213, "OP_UNKNOWN213", 1, opcodeInvalid}, + OP_UNKNOWN214: {OP_UNKNOWN214, "OP_UNKNOWN214", 1, opcodeInvalid}, + OP_UNKNOWN215: {OP_UNKNOWN215, "OP_UNKNOWN215", 1, opcodeInvalid}, + OP_UNKNOWN216: {OP_UNKNOWN216, "OP_UNKNOWN216", 1, opcodeInvalid}, + OP_UNKNOWN217: {OP_UNKNOWN217, "OP_UNKNOWN217", 1, opcodeInvalid}, + OP_UNKNOWN218: {OP_UNKNOWN218, "OP_UNKNOWN218", 1, opcodeInvalid}, + OP_UNKNOWN219: {OP_UNKNOWN219, "OP_UNKNOWN219", 1, opcodeInvalid}, + OP_UNKNOWN220: {OP_UNKNOWN220, "OP_UNKNOWN220", 1, opcodeInvalid}, + OP_UNKNOWN221: {OP_UNKNOWN221, "OP_UNKNOWN221", 1, opcodeInvalid}, + OP_UNKNOWN222: {OP_UNKNOWN222, "OP_UNKNOWN222", 1, opcodeInvalid}, + OP_UNKNOWN223: {OP_UNKNOWN223, "OP_UNKNOWN223", 1, opcodeInvalid}, + OP_UNKNOWN224: {OP_UNKNOWN224, "OP_UNKNOWN224", 1, opcodeInvalid}, + OP_UNKNOWN225: {OP_UNKNOWN225, "OP_UNKNOWN225", 1, opcodeInvalid}, + OP_UNKNOWN226: {OP_UNKNOWN226, "OP_UNKNOWN226", 1, opcodeInvalid}, + OP_UNKNOWN227: {OP_UNKNOWN227, "OP_UNKNOWN227", 1, opcodeInvalid}, + OP_UNKNOWN228: {OP_UNKNOWN228, "OP_UNKNOWN228", 1, opcodeInvalid}, + OP_UNKNOWN229: {OP_UNKNOWN229, "OP_UNKNOWN229", 1, opcodeInvalid}, + OP_UNKNOWN230: {OP_UNKNOWN230, "OP_UNKNOWN230", 1, opcodeInvalid}, + OP_UNKNOWN231: {OP_UNKNOWN231, "OP_UNKNOWN231", 1, opcodeInvalid}, + OP_UNKNOWN232: {OP_UNKNOWN232, "OP_UNKNOWN232", 1, opcodeInvalid}, + OP_UNKNOWN233: {OP_UNKNOWN233, "OP_UNKNOWN233", 1, opcodeInvalid}, + OP_UNKNOWN234: {OP_UNKNOWN234, "OP_UNKNOWN234", 1, opcodeInvalid}, + OP_UNKNOWN235: {OP_UNKNOWN235, "OP_UNKNOWN235", 1, opcodeInvalid}, + OP_UNKNOWN236: {OP_UNKNOWN236, "OP_UNKNOWN236", 1, opcodeInvalid}, + OP_UNKNOWN237: {OP_UNKNOWN237, "OP_UNKNOWN237", 1, opcodeInvalid}, + OP_UNKNOWN238: {OP_UNKNOWN238, "OP_UNKNOWN238", 1, opcodeInvalid}, + OP_UNKNOWN239: {OP_UNKNOWN239, "OP_UNKNOWN239", 1, opcodeInvalid}, + OP_UNKNOWN240: {OP_UNKNOWN240, "OP_UNKNOWN240", 1, opcodeInvalid}, + OP_UNKNOWN241: {OP_UNKNOWN241, "OP_UNKNOWN241", 1, opcodeInvalid}, + OP_UNKNOWN242: {OP_UNKNOWN242, "OP_UNKNOWN242", 1, opcodeInvalid}, + OP_UNKNOWN243: {OP_UNKNOWN243, "OP_UNKNOWN243", 1, opcodeInvalid}, + OP_UNKNOWN244: {OP_UNKNOWN244, "OP_UNKNOWN244", 1, opcodeInvalid}, + OP_UNKNOWN245: {OP_UNKNOWN245, "OP_UNKNOWN245", 1, opcodeInvalid}, + OP_UNKNOWN246: {OP_UNKNOWN246, "OP_UNKNOWN246", 1, opcodeInvalid}, + OP_UNKNOWN247: {OP_UNKNOWN247, "OP_UNKNOWN247", 1, opcodeInvalid}, + OP_UNKNOWN248: {OP_UNKNOWN248, "OP_UNKNOWN248", 1, opcodeInvalid}, + OP_UNKNOWN249: {OP_UNKNOWN249, "OP_UNKNOWN249", 1, opcodeInvalid}, + + // Bitcoin Core internal use opcode. Defined here for completeness. + OP_SMALLINTEGER: {OP_SMALLINTEGER, "OP_SMALLINTEGER", 1, opcodeInvalid}, + OP_PUBKEYS: {OP_PUBKEYS, "OP_PUBKEYS", 1, opcodeInvalid}, + OP_UNKNOWN252: {OP_UNKNOWN252, "OP_UNKNOWN252", 1, opcodeInvalid}, + OP_PUBKEYHASH: {OP_PUBKEYHASH, "OP_PUBKEYHASH", 1, opcodeInvalid}, + OP_PUBKEY: {OP_PUBKEY, "OP_PUBKEY", 1, opcodeInvalid}, + + OP_INVALIDOPCODE: {OP_INVALIDOPCODE, "OP_INVALIDOPCODE", 1, opcodeInvalid}, +} + +// opcodeOnelineRepls defines opcode names which are replaced when doing a +// one-line disassembly. This is done to match the output of the reference +// implementation while not changing the opcode names in the nicer full +// disassembly. +var opcodeOnelineRepls = map[string]string{ + "OP_1NEGATE": "-1", + "OP_0": "0", + "OP_1": "1", + "OP_2": "2", + "OP_3": "3", + "OP_4": "4", + "OP_5": "5", + "OP_6": "6", + "OP_7": "7", + "OP_8": "8", + "OP_9": "9", + "OP_10": "10", + "OP_11": "11", + "OP_12": "12", + "OP_13": "13", + "OP_14": "14", + "OP_15": "15", + "OP_16": "16", +} + +// parsedOpcode represents an opcode that has been parsed and includes any +// potential data associated with it. +type parsedOpcode struct { + opcode *opcode + data []byte +} + +// isDisabled returns whether or not the opcode is disabled and thus is always +// bad to see in the instruction stream (even if turned off by a conditional). +func (pop *parsedOpcode) isDisabled() bool { + switch pop.opcode.value { + case OP_CAT: + return true + case OP_SUBSTR: + return true + case OP_LEFT: + return true + case OP_RIGHT: + return true + case OP_INVERT: + return true + case OP_AND: + return true + case OP_OR: + return true + case OP_XOR: + return true + case OP_2MUL: + return true + case OP_2DIV: + return true + case OP_MUL: + return true + case OP_DIV: + return true + case OP_MOD: + return true + case OP_LSHIFT: + return true + case OP_RSHIFT: + return true + default: + return false + } +} + +// alwaysIllegal returns whether or not the opcode is always illegal when passed +// over by the program counter even if in a non-executed branch (it isn't a +// coincidence that they are conditionals). +func (pop *parsedOpcode) alwaysIllegal() bool { + switch pop.opcode.value { + case OP_VERIF: + return true + case OP_VERNOTIF: + return true + default: + return false + } +} + +// isConditional returns whether or not the opcode is a conditional opcode which +// changes the conditional execution stack when executed. +func (pop *parsedOpcode) isConditional() bool { + switch pop.opcode.value { + case OP_IF: + return true + case OP_NOTIF: + return true + case OP_ELSE: + return true + case OP_ENDIF: + return true + default: + return false + } +} + +// checkMinimalDataPush returns whether or not the current data push uses the +// smallest possible opcode to represent it. For example, the value 15 could +// be pushed with OP_DATA_1 15 (among other variations); however, OP_15 is a +// single opcode that represents the same value and is only a single byte versus +// two bytes. +func (pop *parsedOpcode) checkMinimalDataPush() error { + data := pop.data + dataLen := len(data) + opcode := pop.opcode.value + + if dataLen == 0 && opcode != OP_0 { + str := fmt.Sprintf("zero length data push is encoded with "+ + "opcode %s instead of OP_0", pop.opcode.name) + return scriptError(ErrMinimalData, str) + } else if dataLen == 1 && data[0] >= 1 && data[0] <= 16 { + if opcode != OP_1+data[0]-1 { + // Should have used OP_1 .. OP_16 + str := fmt.Sprintf("data push of the value %d encoded "+ + "with opcode %s instead of OP_%d", data[0], + pop.opcode.name, data[0]) + return scriptError(ErrMinimalData, str) + } + } else if dataLen == 1 && data[0] == 0x81 { + if opcode != OP_1NEGATE { + str := fmt.Sprintf("data push of the value -1 encoded "+ + "with opcode %s instead of OP_1NEGATE", + pop.opcode.name) + return scriptError(ErrMinimalData, str) + } + } else if dataLen <= 75 { + if int(opcode) != dataLen { + // Should have used a direct push + str := fmt.Sprintf("data push of %d bytes encoded "+ + "with opcode %s instead of OP_DATA_%d", dataLen, + pop.opcode.name, dataLen) + return scriptError(ErrMinimalData, str) + } + } else if dataLen <= 255 { + if opcode != OP_PUSHDATA1 { + str := fmt.Sprintf("data push of %d bytes encoded "+ + "with opcode %s instead of OP_PUSHDATA1", + dataLen, pop.opcode.name) + return scriptError(ErrMinimalData, str) + } + } else if dataLen <= 65535 { + if opcode != OP_PUSHDATA2 { + str := fmt.Sprintf("data push of %d bytes encoded "+ + "with opcode %s instead of OP_PUSHDATA2", + dataLen, pop.opcode.name) + return scriptError(ErrMinimalData, str) + } + } + return nil +} + +// print returns a human-readable string representation of the opcode for use +// in script disassembly. +func (pop *parsedOpcode) print(oneline bool) string { + // The reference implementation one-line disassembly replaces opcodes + // which represent values (e.g. OP_0 through OP_16 and OP_1NEGATE) + // with the raw value. However, when not doing a one-line dissassembly, + // we prefer to show the actual opcode names. Thus, only replace the + // opcodes in question when the oneline flag is set. + opcodeName := pop.opcode.name + if oneline { + if replName, ok := opcodeOnelineRepls[opcodeName]; ok { + opcodeName = replName + } + + // Nothing more to do for non-data push opcodes. + if pop.opcode.length == 1 { + return opcodeName + } + + return fmt.Sprintf("%x", pop.data) + } + + // Nothing more to do for non-data push opcodes. + if pop.opcode.length == 1 { + return opcodeName + } + + // Add length for the OP_PUSHDATA# opcodes. + retString := opcodeName + switch pop.opcode.length { + case -1: + retString += fmt.Sprintf(" 0x%02x", len(pop.data)) + case -2: + retString += fmt.Sprintf(" 0x%04x", len(pop.data)) + case -4: + retString += fmt.Sprintf(" 0x%08x", len(pop.data)) + } + + return fmt.Sprintf("%s 0x%02x", retString, pop.data) +} + +// bytes returns any data associated with the opcode encoded as it would be in +// a script. This is used for unparsing scripts from parsed opcodes. +func (pop *parsedOpcode) bytes() ([]byte, error) { + var retbytes []byte + if pop.opcode.length > 0 { + retbytes = make([]byte, 1, pop.opcode.length) + } else { + retbytes = make([]byte, 1, 1+len(pop.data)- + pop.opcode.length) + } + + retbytes[0] = pop.opcode.value + if pop.opcode.length == 1 { + if len(pop.data) != 0 { + str := fmt.Sprintf("internal consistency error - "+ + "parsed opcode %s has data length %d when %d "+ + "was expected", pop.opcode.name, len(pop.data), + 0) + return nil, scriptError(ErrInternal, str) + } + return retbytes, nil + } + nbytes := pop.opcode.length + if pop.opcode.length < 0 { + l := len(pop.data) + // tempting just to hardcode to avoid the complexity here. + switch pop.opcode.length { + case -1: + retbytes = append(retbytes, byte(l)) + nbytes = int(retbytes[1]) + len(retbytes) + case -2: + retbytes = append(retbytes, byte(l&0xff), + byte(l>>8&0xff)) + nbytes = int(binary.LittleEndian.Uint16(retbytes[1:])) + + len(retbytes) + case -4: + retbytes = append(retbytes, byte(l&0xff), + byte((l>>8)&0xff), byte((l>>16)&0xff), + byte((l>>24)&0xff)) + nbytes = int(binary.LittleEndian.Uint32(retbytes[1:])) + + len(retbytes) + } + } + + retbytes = append(retbytes, pop.data...) + + if len(retbytes) != nbytes { + str := fmt.Sprintf("internal consistency error - "+ + "parsed opcode %s has data length %d when %d was "+ + "expected", pop.opcode.name, len(retbytes), nbytes) + return nil, scriptError(ErrInternal, str) + } + + return retbytes, nil +} + +// ******************************************* +// Opcode implementation functions start here. +// ******************************************* + +// opcodeDisabled is a common handler for disabled opcodes. It returns an +// appropriate error indicating the opcode is disabled. While it would +// ordinarily make more sense to detect if the script contains any disabled +// opcodes before executing in an initial parse step, the consensus rules +// dictate the script doesn't fail until the program counter passes over a +// disabled opcode (even when they appear in a branch that is not executed). +func opcodeDisabled(op *parsedOpcode, vm *Engine) error { + str := fmt.Sprintf("attempt to execute disabled opcode %s", + op.opcode.name) + return scriptError(ErrDisabledOpcode, str) +} + +// opcodeReserved is a common handler for all reserved opcodes. It returns an +// appropriate error indicating the opcode is reserved. +func opcodeReserved(op *parsedOpcode, vm *Engine) error { + str := fmt.Sprintf("attempt to execute reserved opcode %s", + op.opcode.name) + return scriptError(ErrReservedOpcode, str) +} + +// opcodeInvalid is a common handler for all invalid opcodes. It returns an +// appropriate error indicating the opcode is invalid. +func opcodeInvalid(op *parsedOpcode, vm *Engine) error { + str := fmt.Sprintf("attempt to execute invalid opcode %s", + op.opcode.name) + return scriptError(ErrReservedOpcode, str) +} + +// opcodeFalse pushes an empty array to the data stack to represent false. Note +// that 0, when encoded as a number according to the numeric encoding consensus +// rules, is an empty array. +func opcodeFalse(op *parsedOpcode, vm *Engine) error { + vm.dstack.PushByteArray(nil) + return nil +} + +// opcodePushData is a common handler for the vast majority of opcodes that push +// raw data (bytes) to the data stack. +func opcodePushData(op *parsedOpcode, vm *Engine) error { + vm.dstack.PushByteArray(op.data) + return nil +} + +// opcode1Negate pushes -1, encoded as a number, to the data stack. +func opcode1Negate(op *parsedOpcode, vm *Engine) error { + vm.dstack.PushInt(scriptNum(-1)) + return nil +} + +// opcodeN is a common handler for the small integer data push opcodes. It +// pushes the numeric value the opcode represents (which will be from 1 to 16) +// onto the data stack. +func opcodeN(op *parsedOpcode, vm *Engine) error { + // The opcodes are all defined consecutively, so the numeric value is + // the difference. + vm.dstack.PushInt(scriptNum((op.opcode.value - (OP_1 - 1)))) + return nil +} + +// opcodeNop is a common handler for the NOP family of opcodes. As the name +// implies it generally does nothing, however, it will return an error when +// the flag to discourage use of NOPs is set for select opcodes. +func opcodeNop(op *parsedOpcode, vm *Engine) error { + switch op.opcode.value { + case OP_NOP1, OP_NOP4, OP_NOP5, + OP_NOP6, OP_NOP7, OP_NOP8, OP_NOP9, OP_NOP10: + if vm.hasFlag(ScriptDiscourageUpgradableNops) { + str := fmt.Sprintf("OP_NOP%d reserved for soft-fork "+ + "upgrades", op.opcode.value-(OP_NOP1-1)) + return scriptError(ErrDiscourageUpgradableNOPs, str) + } + } + return nil +} + +// popIfBool enforces the "minimal if" policy during script execution if the +// particular flag is set. If so, in order to eliminate an additional source +// of nuisance malleability, post-segwit for version 0 witness programs, we now +// require the following: for OP_IF and OP_NOT_IF, the top stack item MUST +// either be an empty byte slice, or [0x01]. Otherwise, the item at the top of +// the stack will be popped and interpreted as a boolean. +func popIfBool(vm *Engine) (bool, error) { + // When not in witness execution mode, not executing a v0 witness + // program, or the minimal if flag isn't set pop the top stack item as + // a normal bool. + if !vm.isWitnessVersionActive(0) || !vm.hasFlag(ScriptVerifyMinimalIf) { + return vm.dstack.PopBool() + } + + // At this point, a v0 witness program is being executed and the minimal + // if flag is set, so enforce additional constraints on the top stack + // item. + so, err := vm.dstack.PopByteArray() + if err != nil { + return false, err + } + + // The top element MUST have a length of at least one. + if len(so) > 1 { + str := fmt.Sprintf("minimal if is active, top element MUST "+ + "have a length of at least, instead length is %v", + len(so)) + return false, scriptError(ErrMinimalIf, str) + } + + // Additionally, if the length is one, then the value MUST be 0x01. + if len(so) == 1 && so[0] != 0x01 { + str := fmt.Sprintf("minimal if is active, top stack item MUST "+ + "be an empty byte array or 0x01, is instead: %v", + so[0]) + return false, scriptError(ErrMinimalIf, str) + } + + return asBool(so), nil +} + +// opcodeIf treats the top item on the data stack as a boolean and removes it. +// +// An appropriate entry is added to the conditional stack depending on whether +// the boolean is true and whether this if is on an executing branch in order +// to allow proper execution of further opcodes depending on the conditional +// logic. When the boolean is true, the first branch will be executed (unless +// this opcode is nested in a non-executed branch). +// +// if [statements] [else [statements]] endif +// +// Note that, unlike for all non-conditional opcodes, this is executed even when +// it is on a non-executing branch so proper nesting is maintained. +// +// Data stack transformation: [... bool] -> [...] +// Conditional stack transformation: [...] -> [... OpCondValue] +func opcodeIf(op *parsedOpcode, vm *Engine) error { + condVal := OpCondFalse + if vm.isBranchExecuting() { + ok, err := popIfBool(vm) + if err != nil { + return err + } + + if ok { + condVal = OpCondTrue + } + } else { + condVal = OpCondSkip + } + vm.condStack = append(vm.condStack, condVal) + return nil +} + +// opcodeNotIf treats the top item on the data stack as a boolean and removes +// it. +// +// An appropriate entry is added to the conditional stack depending on whether +// the boolean is true and whether this if is on an executing branch in order +// to allow proper execution of further opcodes depending on the conditional +// logic. When the boolean is false, the first branch will be executed (unless +// this opcode is nested in a non-executed branch). +// +// notif [statements] [else [statements]] endif +// +// Note that, unlike for all non-conditional opcodes, this is executed even when +// it is on a non-executing branch so proper nesting is maintained. +// +// Data stack transformation: [... bool] -> [...] +// Conditional stack transformation: [...] -> [... OpCondValue] +func opcodeNotIf(op *parsedOpcode, vm *Engine) error { + condVal := OpCondFalse + if vm.isBranchExecuting() { + ok, err := popIfBool(vm) + if err != nil { + return err + } + + if !ok { + condVal = OpCondTrue + } + } else { + condVal = OpCondSkip + } + vm.condStack = append(vm.condStack, condVal) + return nil +} + +// opcodeElse inverts conditional execution for other half of if/else/endif. +// +// An error is returned if there has not already been a matching OP_IF. +// +// Conditional stack transformation: [... OpCondValue] -> [... !OpCondValue] +func opcodeElse(op *parsedOpcode, vm *Engine) error { + if len(vm.condStack) == 0 { + str := fmt.Sprintf("encountered opcode %s with no matching "+ + "opcode to begin conditional execution", op.opcode.name) + return scriptError(ErrUnbalancedConditional, str) + } + + conditionalIdx := len(vm.condStack) - 1 + switch vm.condStack[conditionalIdx] { + case OpCondTrue: + vm.condStack[conditionalIdx] = OpCondFalse + case OpCondFalse: + vm.condStack[conditionalIdx] = OpCondTrue + case OpCondSkip: + // Value doesn't change in skip since it indicates this opcode + // is nested in a non-executed branch. + } + return nil +} + +// opcodeEndif terminates a conditional block, removing the value from the +// conditional execution stack. +// +// An error is returned if there has not already been a matching OP_IF. +// +// Conditional stack transformation: [... OpCondValue] -> [...] +func opcodeEndif(op *parsedOpcode, vm *Engine) error { + if len(vm.condStack) == 0 { + str := fmt.Sprintf("encountered opcode %s with no matching "+ + "opcode to begin conditional execution", op.opcode.name) + return scriptError(ErrUnbalancedConditional, str) + } + + vm.condStack = vm.condStack[:len(vm.condStack)-1] + return nil +} + +// abstractVerify examines the top item on the data stack as a boolean value and +// verifies it evaluates to true. An error is returned either when there is no +// item on the stack or when that item evaluates to false. In the latter case +// where the verification fails specifically due to the top item evaluating +// to false, the returned error will use the passed error code. +func abstractVerify(op *parsedOpcode, vm *Engine, c ErrorCode) error { + verified, err := vm.dstack.PopBool() + if err != nil { + return err + } + + if !verified { + str := fmt.Sprintf("%s failed", op.opcode.name) + return scriptError(c, str) + } + return nil +} + +// opcodeVerify examines the top item on the data stack as a boolean value and +// verifies it evaluates to true. An error is returned if it does not. +func opcodeVerify(op *parsedOpcode, vm *Engine) error { + return abstractVerify(op, vm, ErrVerify) +} + +// opcodeReturn returns an appropriate error since it is always an error to +// return early from a script. +func opcodeReturn(op *parsedOpcode, vm *Engine) error { + return scriptError(ErrEarlyReturn, "script returned early") +} + +// verifyLockTime is a helper function used to validate locktimes. +func verifyLockTime(txLockTime, threshold, lockTime int64) error { + // The lockTimes in both the script and transaction must be of the same + // type. + if !((txLockTime < threshold && lockTime < threshold) || + (txLockTime >= threshold && lockTime >= threshold)) { + str := fmt.Sprintf("mismatched locktime types -- tx locktime "+ + "%d, stack locktime %d", txLockTime, lockTime) + return scriptError(ErrUnsatisfiedLockTime, str) + } + + if lockTime > txLockTime { + str := fmt.Sprintf("locktime requirement not satisfied -- "+ + "locktime is greater than the transaction locktime: "+ + "%d > %d", lockTime, txLockTime) + return scriptError(ErrUnsatisfiedLockTime, str) + } + + return nil +} + +// opcodeCheckLockTimeVerify compares the top item on the data stack to the +// LockTime field of the transaction containing the script signature +// validating if the transaction outputs are spendable yet. If flag +// ScriptVerifyCheckLockTimeVerify is not set, the code continues as if OP_NOP2 +// were executed. +func opcodeCheckLockTimeVerify(op *parsedOpcode, vm *Engine) error { + // If the ScriptVerifyCheckLockTimeVerify script flag is not set, treat + // opcode as OP_NOP2 instead. + if !vm.hasFlag(ScriptVerifyCheckLockTimeVerify) { + if vm.hasFlag(ScriptDiscourageUpgradableNops) { + return scriptError(ErrDiscourageUpgradableNOPs, + "OP_NOP2 reserved for soft-fork upgrades") + } + return nil + } + + // The current transaction locktime is a uint32 resulting in a maximum + // locktime of 2^32-1 (the year 2106). However, scriptNums are signed + // and therefore a standard 4-byte scriptNum would only support up to a + // maximum of 2^31-1 (the year 2038). Thus, a 5-byte scriptNum is used + // here since it will support up to 2^39-1 which allows dates beyond the + // current locktime limit. + // + // PeekByteArray is used here instead of PeekInt because we do not want + // to be limited to a 4-byte integer for reasons specified above. + so, err := vm.dstack.PeekByteArray(0) + if err != nil { + return err + } + lockTime, err := makeScriptNum(so, vm.dstack.verifyMinimalData, 5) + if err != nil { + return err + } + + // In the rare event that the argument needs to be < 0 due to some + // arithmetic being done first, you can always use + // 0 OP_MAX OP_CHECKLOCKTIMEVERIFY. + if lockTime < 0 { + str := fmt.Sprintf("negative lock time: %d", lockTime) + return scriptError(ErrNegativeLockTime, str) + } + + // The lock time field of a transaction is either a block height at + // which the transaction is finalized or a timestamp depending on if the + // value is before the txscript.LockTimeThreshold. When it is under the + // threshold it is a block height. + err = verifyLockTime(int64(vm.tx.LockTime), LockTimeThreshold, + int64(lockTime)) + if err != nil { + return err + } + + // The lock time feature can also be disabled, thereby bypassing + // OP_CHECKLOCKTIMEVERIFY, if every transaction input has been finalized by + // setting its sequence to the maximum value (wire.MaxTxInSequenceNum). This + // condition would result in the transaction being allowed into the blockchain + // making the opcode ineffective. + // + // This condition is prevented by enforcing that the input being used by + // the opcode is unlocked (its sequence number is less than the max + // value). This is sufficient to prove correctness without having to + // check every input. + // + // NOTE: This implies that even if the transaction is not finalized due to + // another input being unlocked, the opcode execution will still fail when the + // input being used by the opcode is locked. + if vm.tx.TxIn[vm.txIdx].Sequence == wire.MaxTxInSequenceNum { + return scriptError(ErrUnsatisfiedLockTime, + "transaction input is finalized") + } + + return nil +} + +// opcodeCheckSequenceVerify compares the top item on the data stack to the +// LockTime field of the transaction containing the script signature +// validating if the transaction outputs are spendable yet. If flag +// ScriptVerifyCheckSequenceVerify is not set, the code continues as if OP_NOP3 +// were executed. +func opcodeCheckSequenceVerify(op *parsedOpcode, vm *Engine) error { + // If the ScriptVerifyCheckSequenceVerify script flag is not set, treat + // opcode as OP_NOP3 instead. + if !vm.hasFlag(ScriptVerifyCheckSequenceVerify) { + if vm.hasFlag(ScriptDiscourageUpgradableNops) { + return scriptError(ErrDiscourageUpgradableNOPs, + "OP_NOP3 reserved for soft-fork upgrades") + } + return nil + } + + // The current transaction sequence is a uint32 resulting in a maximum + // sequence of 2^32-1. However, scriptNums are signed and therefore a + // standard 4-byte scriptNum would only support up to a maximum of + // 2^31-1. Thus, a 5-byte scriptNum is used here since it will support + // up to 2^39-1 which allows sequences beyond the current sequence + // limit. + // + // PeekByteArray is used here instead of PeekInt because we do not want + // to be limited to a 4-byte integer for reasons specified above. + so, err := vm.dstack.PeekByteArray(0) + if err != nil { + return err + } + stackSequence, err := makeScriptNum(so, vm.dstack.verifyMinimalData, 5) + if err != nil { + return err + } + + // In the rare event that the argument needs to be < 0 due to some + // arithmetic being done first, you can always use + // 0 OP_MAX OP_CHECKSEQUENCEVERIFY. + if stackSequence < 0 { + str := fmt.Sprintf("negative sequence: %d", stackSequence) + return scriptError(ErrNegativeLockTime, str) + } + + sequence := int64(stackSequence) + + // To provide for future soft-fork extensibility, if the + // operand has the disabled lock-time flag set, + // CHECKSEQUENCEVERIFY behaves as a NOP. + if sequence&int64(wire.SequenceLockTimeDisabled) != 0 { + return nil + } + + // Transaction version numbers not high enough to trigger CSV rules must + // fail. + if vm.tx.Version < 2 { + str := fmt.Sprintf("invalid transaction version: %d", + vm.tx.Version) + return scriptError(ErrUnsatisfiedLockTime, str) + } + + // Sequence numbers with their most significant bit set are not + // consensus constrained. Testing that the transaction's sequence + // number does not have this bit set prevents using this property + // to get around a CHECKSEQUENCEVERIFY check. + txSequence := int64(vm.tx.TxIn[vm.txIdx].Sequence) + if txSequence&int64(wire.SequenceLockTimeDisabled) != 0 { + str := fmt.Sprintf("transaction sequence has sequence "+ + "locktime disabled bit set: 0x%x", txSequence) + return scriptError(ErrUnsatisfiedLockTime, str) + } + + // Mask off non-consensus bits before doing comparisons. + lockTimeMask := int64(wire.SequenceLockTimeIsSeconds | + wire.SequenceLockTimeMask) + return verifyLockTime(txSequence&lockTimeMask, + wire.SequenceLockTimeIsSeconds, sequence&lockTimeMask) +} + +// opcodeToAltStack removes the top item from the main data stack and pushes it +// onto the alternate data stack. +// +// Main data stack transformation: [... x1 x2 x3] -> [... x1 x2] +// Alt data stack transformation: [... y1 y2 y3] -> [... y1 y2 y3 x3] +func opcodeToAltStack(op *parsedOpcode, vm *Engine) error { + so, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + vm.astack.PushByteArray(so) + + return nil +} + +// opcodeFromAltStack removes the top item from the alternate data stack and +// pushes it onto the main data stack. +// +// Main data stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 y3] +// Alt data stack transformation: [... y1 y2 y3] -> [... y1 y2] +func opcodeFromAltStack(op *parsedOpcode, vm *Engine) error { + so, err := vm.astack.PopByteArray() + if err != nil { + return err + } + vm.dstack.PushByteArray(so) + + return nil +} + +// opcode2Drop removes the top 2 items from the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1] +func opcode2Drop(op *parsedOpcode, vm *Engine) error { + return vm.dstack.DropN(2) +} + +// opcode2Dup duplicates the top 2 items on the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x2 x3] +func opcode2Dup(op *parsedOpcode, vm *Engine) error { + return vm.dstack.DupN(2) +} + +// opcode3Dup duplicates the top 3 items on the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x1 x2 x3] +func opcode3Dup(op *parsedOpcode, vm *Engine) error { + return vm.dstack.DupN(3) +} + +// opcode2Over duplicates the 2 items before the top 2 items on the data stack. +// +// Stack transformation: [... x1 x2 x3 x4] -> [... x1 x2 x3 x4 x1 x2] +func opcode2Over(op *parsedOpcode, vm *Engine) error { + return vm.dstack.OverN(2) +} + +// opcode2Rot rotates the top 6 items on the data stack to the left twice. +// +// Stack transformation: [... x1 x2 x3 x4 x5 x6] -> [... x3 x4 x5 x6 x1 x2] +func opcode2Rot(op *parsedOpcode, vm *Engine) error { + return vm.dstack.RotN(2) +} + +// opcode2Swap swaps the top 2 items on the data stack with the 2 that come +// before them. +// +// Stack transformation: [... x1 x2 x3 x4] -> [... x3 x4 x1 x2] +func opcode2Swap(op *parsedOpcode, vm *Engine) error { + return vm.dstack.SwapN(2) +} + +// opcodeIfDup duplicates the top item of the stack if it is not zero. +// +// Stack transformation (x1==0): [... x1] -> [... x1] +// Stack transformation (x1!=0): [... x1] -> [... x1 x1] +func opcodeIfDup(op *parsedOpcode, vm *Engine) error { + so, err := vm.dstack.PeekByteArray(0) + if err != nil { + return err + } + + // Push copy of data iff it isn't zero + if asBool(so) { + vm.dstack.PushByteArray(so) + } + + return nil +} + +// opcodeDepth pushes the depth of the data stack prior to executing this +// opcode, encoded as a number, onto the data stack. +// +// Stack transformation: [...] -> [... ] +// Example with 2 items: [x1 x2] -> [x1 x2 2] +// Example with 3 items: [x1 x2 x3] -> [x1 x2 x3 3] +func opcodeDepth(op *parsedOpcode, vm *Engine) error { + vm.dstack.PushInt(scriptNum(vm.dstack.Depth())) + return nil +} + +// opcodeDrop removes the top item from the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2] +func opcodeDrop(op *parsedOpcode, vm *Engine) error { + return vm.dstack.DropN(1) +} + +// opcodeDup duplicates the top item on the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x3] +func opcodeDup(op *parsedOpcode, vm *Engine) error { + return vm.dstack.DupN(1) +} + +// opcodeNip removes the item before the top item on the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x3] +func opcodeNip(op *parsedOpcode, vm *Engine) error { + return vm.dstack.NipN(1) +} + +// opcodeOver duplicates the item before the top item on the data stack. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x2] +func opcodeOver(op *parsedOpcode, vm *Engine) error { + return vm.dstack.OverN(1) +} + +// opcodePick treats the top item on the data stack as an integer and duplicates +// the item on the stack that number of items back to the top. +// +// Stack transformation: [xn ... x2 x1 x0 n] -> [xn ... x2 x1 x0 xn] +// Example with n=1: [x2 x1 x0 1] -> [x2 x1 x0 x1] +// Example with n=2: [x2 x1 x0 2] -> [x2 x1 x0 x2] +func opcodePick(op *parsedOpcode, vm *Engine) error { + val, err := vm.dstack.PopInt() + if err != nil { + return err + } + + return vm.dstack.PickN(val.Int32()) +} + +// opcodeRoll treats the top item on the data stack as an integer and moves +// the item on the stack that number of items back to the top. +// +// Stack transformation: [xn ... x2 x1 x0 n] -> [... x2 x1 x0 xn] +// Example with n=1: [x2 x1 x0 1] -> [x2 x0 x1] +// Example with n=2: [x2 x1 x0 2] -> [x1 x0 x2] +func opcodeRoll(op *parsedOpcode, vm *Engine) error { + val, err := vm.dstack.PopInt() + if err != nil { + return err + } + + return vm.dstack.RollN(val.Int32()) +} + +// opcodeRot rotates the top 3 items on the data stack to the left. +// +// Stack transformation: [... x1 x2 x3] -> [... x2 x3 x1] +func opcodeRot(op *parsedOpcode, vm *Engine) error { + return vm.dstack.RotN(1) +} + +// opcodeSwap swaps the top two items on the stack. +// +// Stack transformation: [... x1 x2] -> [... x2 x1] +func opcodeSwap(op *parsedOpcode, vm *Engine) error { + return vm.dstack.SwapN(1) +} + +// opcodeTuck inserts a duplicate of the top item of the data stack before the +// second-to-top item. +// +// Stack transformation: [... x1 x2] -> [... x2 x1 x2] +func opcodeTuck(op *parsedOpcode, vm *Engine) error { + return vm.dstack.Tuck() +} + +// opcodeSize pushes the size of the top item of the data stack onto the data +// stack. +// +// Stack transformation: [... x1] -> [... x1 len(x1)] +func opcodeSize(op *parsedOpcode, vm *Engine) error { + so, err := vm.dstack.PeekByteArray(0) + if err != nil { + return err + } + + vm.dstack.PushInt(scriptNum(len(so))) + return nil +} + +// opcodeEqual removes the top 2 items of the data stack, compares them as raw +// bytes, and pushes the result, encoded as a boolean, back to the stack. +// +// Stack transformation: [... x1 x2] -> [... bool] +func opcodeEqual(op *parsedOpcode, vm *Engine) error { + a, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + b, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + vm.dstack.PushBool(bytes.Equal(a, b)) + return nil +} + +// opcodeEqualVerify is a combination of opcodeEqual and opcodeVerify. +// Specifically, it removes the top 2 items of the data stack, compares them, +// and pushes the result, encoded as a boolean, back to the stack. Then, it +// examines the top item on the data stack as a boolean value and verifies it +// evaluates to true. An error is returned if it does not. +// +// Stack transformation: [... x1 x2] -> [... bool] -> [...] +func opcodeEqualVerify(op *parsedOpcode, vm *Engine) error { + err := opcodeEqual(op, vm) + if err == nil { + err = abstractVerify(op, vm, ErrEqualVerify) + } + return err +} + +// opcode1Add treats the top item on the data stack as an integer and replaces +// it with its incremented value (plus 1). +// +// Stack transformation: [... x1 x2] -> [... x1 x2+1] +func opcode1Add(op *parsedOpcode, vm *Engine) error { + m, err := vm.dstack.PopInt() + if err != nil { + return err + } + + vm.dstack.PushInt(m + 1) + return nil +} + +// opcode1Sub treats the top item on the data stack as an integer and replaces +// it with its decremented value (minus 1). +// +// Stack transformation: [... x1 x2] -> [... x1 x2-1] +func opcode1Sub(op *parsedOpcode, vm *Engine) error { + m, err := vm.dstack.PopInt() + if err != nil { + return err + } + vm.dstack.PushInt(m - 1) + + return nil +} + +// opcodeNegate treats the top item on the data stack as an integer and replaces +// it with its negation. +// +// Stack transformation: [... x1 x2] -> [... x1 -x2] +func opcodeNegate(op *parsedOpcode, vm *Engine) error { + m, err := vm.dstack.PopInt() + if err != nil { + return err + } + + vm.dstack.PushInt(-m) + return nil +} + +// opcodeAbs treats the top item on the data stack as an integer and replaces it +// it with its absolute value. +// +// Stack transformation: [... x1 x2] -> [... x1 abs(x2)] +func opcodeAbs(op *parsedOpcode, vm *Engine) error { + m, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if m < 0 { + m = -m + } + vm.dstack.PushInt(m) + return nil +} + +// opcodeNot treats the top item on the data stack as an integer and replaces +// it with its "inverted" value (0 becomes 1, non-zero becomes 0). +// +// NOTE: While it would probably make more sense to treat the top item as a +// boolean, and push the opposite, which is really what the intention of this +// opcode is, it is extremely important that is not done because integers are +// interpreted differently than booleans and the consensus rules for this opcode +// dictate the item is interpreted as an integer. +// +// Stack transformation (x2==0): [... x1 0] -> [... x1 1] +// Stack transformation (x2!=0): [... x1 1] -> [... x1 0] +// Stack transformation (x2!=0): [... x1 17] -> [... x1 0] +func opcodeNot(op *parsedOpcode, vm *Engine) error { + m, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if m == 0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + return nil +} + +// opcode0NotEqual treats the top item on the data stack as an integer and +// replaces it with either a 0 if it is zero, or a 1 if it is not zero. +// +// Stack transformation (x2==0): [... x1 0] -> [... x1 0] +// Stack transformation (x2!=0): [... x1 1] -> [... x1 1] +// Stack transformation (x2!=0): [... x1 17] -> [... x1 1] +func opcode0NotEqual(op *parsedOpcode, vm *Engine) error { + m, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if m != 0 { + m = 1 + } + vm.dstack.PushInt(m) + return nil +} + +// opcodeAdd treats the top two items on the data stack as integers and replaces +// them with their sum. +// +// Stack transformation: [... x1 x2] -> [... x1+x2] +func opcodeAdd(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + vm.dstack.PushInt(v0 + v1) + return nil +} + +// opcodeSub treats the top two items on the data stack as integers and replaces +// them with the result of subtracting the top entry from the second-to-top +// entry. +// +// Stack transformation: [... x1 x2] -> [... x1-x2] +func opcodeSub(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + vm.dstack.PushInt(v1 - v0) + return nil +} + +// opcodeBoolAnd treats the top two items on the data stack as integers. When +// both of them are not zero, they are replaced with a 1, otherwise a 0. +// +// Stack transformation (x1==0, x2==0): [... 0 0] -> [... 0] +// Stack transformation (x1!=0, x2==0): [... 5 0] -> [... 0] +// Stack transformation (x1==0, x2!=0): [... 0 7] -> [... 0] +// Stack transformation (x1!=0, x2!=0): [... 4 8] -> [... 1] +func opcodeBoolAnd(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v0 != 0 && v1 != 0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + + return nil +} + +// opcodeBoolOr treats the top two items on the data stack as integers. When +// either of them are not zero, they are replaced with a 1, otherwise a 0. +// +// Stack transformation (x1==0, x2==0): [... 0 0] -> [... 0] +// Stack transformation (x1!=0, x2==0): [... 5 0] -> [... 1] +// Stack transformation (x1==0, x2!=0): [... 0 7] -> [... 1] +// Stack transformation (x1!=0, x2!=0): [... 4 8] -> [... 1] +func opcodeBoolOr(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v0 != 0 || v1 != 0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + + return nil +} + +// opcodeNumEqual treats the top two items on the data stack as integers. When +// they are equal, they are replaced with a 1, otherwise a 0. +// +// Stack transformation (x1==x2): [... 5 5] -> [... 1] +// Stack transformation (x1!=x2): [... 5 7] -> [... 0] +func opcodeNumEqual(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v0 == v1 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + + return nil +} + +// opcodeNumEqualVerify is a combination of opcodeNumEqual and opcodeVerify. +// +// Specifically, treats the top two items on the data stack as integers. When +// they are equal, they are replaced with a 1, otherwise a 0. Then, it examines +// the top item on the data stack as a boolean value and verifies it evaluates +// to true. An error is returned if it does not. +// +// Stack transformation: [... x1 x2] -> [... bool] -> [...] +func opcodeNumEqualVerify(op *parsedOpcode, vm *Engine) error { + err := opcodeNumEqual(op, vm) + if err == nil { + err = abstractVerify(op, vm, ErrNumEqualVerify) + } + return err +} + +// opcodeNumNotEqual treats the top two items on the data stack as integers. +// When they are NOT equal, they are replaced with a 1, otherwise a 0. +// +// Stack transformation (x1==x2): [... 5 5] -> [... 0] +// Stack transformation (x1!=x2): [... 5 7] -> [... 1] +func opcodeNumNotEqual(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v0 != v1 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + + return nil +} + +// opcodeLessThan treats the top two items on the data stack as integers. When +// the second-to-top item is less than the top item, they are replaced with a 1, +// otherwise a 0. +// +// Stack transformation: [... x1 x2] -> [... bool] +func opcodeLessThan(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v1 < v0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + + return nil +} + +// opcodeGreaterThan treats the top two items on the data stack as integers. +// When the second-to-top item is greater than the top item, they are replaced +// with a 1, otherwise a 0. +// +// Stack transformation: [... x1 x2] -> [... bool] +func opcodeGreaterThan(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v1 > v0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + return nil +} + +// opcodeLessThanOrEqual treats the top two items on the data stack as integers. +// When the second-to-top item is less than or equal to the top item, they are +// replaced with a 1, otherwise a 0. +// +// Stack transformation: [... x1 x2] -> [... bool] +func opcodeLessThanOrEqual(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v1 <= v0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + return nil +} + +// opcodeGreaterThanOrEqual treats the top two items on the data stack as +// integers. When the second-to-top item is greater than or equal to the top +// item, they are replaced with a 1, otherwise a 0. +// +// Stack transformation: [... x1 x2] -> [... bool] +func opcodeGreaterThanOrEqual(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v1 >= v0 { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + + return nil +} + +// opcodeMin treats the top two items on the data stack as integers and replaces +// them with the minimum of the two. +// +// Stack transformation: [... x1 x2] -> [... min(x1, x2)] +func opcodeMin(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v1 < v0 { + vm.dstack.PushInt(v1) + } else { + vm.dstack.PushInt(v0) + } + + return nil +} + +// opcodeMax treats the top two items on the data stack as integers and replaces +// them with the maximum of the two. +// +// Stack transformation: [... x1 x2] -> [... max(x1, x2)] +func opcodeMax(op *parsedOpcode, vm *Engine) error { + v0, err := vm.dstack.PopInt() + if err != nil { + return err + } + + v1, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if v1 > v0 { + vm.dstack.PushInt(v1) + } else { + vm.dstack.PushInt(v0) + } + + return nil +} + +// opcodeWithin treats the top 3 items on the data stack as integers. When the +// value to test is within the specified range (left inclusive), they are +// replaced with a 1, otherwise a 0. +// +// The top item is the max value, the second-top-item is the minimum value, and +// the third-to-top item is the value to test. +// +// Stack transformation: [... x1 min max] -> [... bool] +func opcodeWithin(op *parsedOpcode, vm *Engine) error { + maxVal, err := vm.dstack.PopInt() + if err != nil { + return err + } + + minVal, err := vm.dstack.PopInt() + if err != nil { + return err + } + + x, err := vm.dstack.PopInt() + if err != nil { + return err + } + + if x >= minVal && x < maxVal { + vm.dstack.PushInt(scriptNum(1)) + } else { + vm.dstack.PushInt(scriptNum(0)) + } + return nil +} + +// calcHash calculates the hash of hasher over buf. +func calcHash(buf []byte, hasher hash.Hash) []byte { + hasher.Write(buf) + return hasher.Sum(nil) +} + +// opcodeRipemd160 treats the top item of the data stack as raw bytes and +// replaces it with ripemd160(data). +// +// Stack transformation: [... x1] -> [... ripemd160(x1)] +func opcodeRipemd160(op *parsedOpcode, vm *Engine) error { + buf, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + vm.dstack.PushByteArray(calcHash(buf, ripemd160.New())) + return nil +} + +// opcodeSha1 treats the top item of the data stack as raw bytes and replaces it +// with sha1(data). +// +// Stack transformation: [... x1] -> [... sha1(x1)] +func opcodeSha1(op *parsedOpcode, vm *Engine) error { + buf, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + hash := sha1.Sum(buf) + vm.dstack.PushByteArray(hash[:]) + return nil +} + +// opcodeSha256 treats the top item of the data stack as raw bytes and replaces +// it with sha256(data). +// +// Stack transformation: [... x1] -> [... sha256(x1)] +func opcodeSha256(op *parsedOpcode, vm *Engine) error { + buf, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + hash := sha256.Sum256(buf) + vm.dstack.PushByteArray(hash[:]) + return nil +} + +// opcodeHash160 treats the top item of the data stack as raw bytes and replaces +// it with ripemd160(sha256(data)). +// +// Stack transformation: [... x1] -> [... ripemd160(sha256(x1))] +func opcodeHash160(op *parsedOpcode, vm *Engine) error { + buf, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + hash := sha256.Sum256(buf) + vm.dstack.PushByteArray(calcHash(hash[:], ripemd160.New())) + return nil +} + +// opcodeHash256 treats the top item of the data stack as raw bytes and replaces +// it with sha256(sha256(data)). +// +// Stack transformation: [... x1] -> [... sha256(sha256(x1))] +func opcodeHash256(op *parsedOpcode, vm *Engine) error { + buf, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + vm.dstack.PushByteArray(chainhash.DoubleHashB(buf)) + return nil +} + +// opcodeCodeSeparator stores the current script offset as the most recently +// seen OP_CODESEPARATOR which is used during signature checking. +// +// This opcode does not change the contents of the data stack. +func opcodeCodeSeparator(op *parsedOpcode, vm *Engine) error { + vm.lastCodeSep = vm.scriptOff + return nil +} + +// opcodeCheckSig treats the top 2 items on the stack as a public key and a +// signature and replaces them with a bool which indicates if the signature was +// successfully verified. +// +// The process of verifying a signature requires calculating a signature hash in +// the same way the transaction signer did. It involves hashing portions of the +// transaction based on the hash type byte (which is the final byte of the +// signature) and the portion of the script starting from the most recent +// OP_CODESEPARATOR (or the beginning of the script if there are none) to the +// end of the script (with any other OP_CODESEPARATORs removed). Once this +// "script hash" is calculated, the signature is checked using standard +// cryptographic methods against the provided public key. +// +// Stack transformation: [... signature pubkey] -> [... bool] +func opcodeCheckSig(op *parsedOpcode, vm *Engine) error { + pkBytes, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + fullSigBytes, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + // The signature actually needs needs to be longer than this, but at + // least 1 byte is needed for the hash type below. The full length is + // checked depending on the script flags and upon parsing the signature. + if len(fullSigBytes) < 1 { + vm.dstack.PushBool(false) + return nil + } + + // Trim off hashtype from the signature string and check if the + // signature and pubkey conform to the strict encoding requirements + // depending on the flags. + // + // NOTE: When the strict encoding flags are set, any errors in the + // signature or public encoding here result in an immediate script error + // (and thus no result bool is pushed to the data stack). This differs + // from the logic below where any errors in parsing the signature is + // treated as the signature failure resulting in false being pushed to + // the data stack. This is required because the more general script + // validation consensus rules do not have the new strict encoding + // requirements enabled by the flags. + hashType := SigHashType(fullSigBytes[len(fullSigBytes)-1]) + sigBytes := fullSigBytes[:len(fullSigBytes)-1] + if err := vm.checkHashTypeEncoding(hashType); err != nil { + return err + } + if err := vm.checkSignatureEncoding(sigBytes); err != nil { + return err + } + if err := vm.checkPubKeyEncoding(pkBytes); err != nil { + return err + } + + // Get script starting from the most recent OP_CODESEPARATOR. + subScript := vm.subScript() + + // Generate the signature hash based on the signature hash type. + var hash []byte + if vm.isWitnessVersionActive(0) { + var sigHashes *TxSigHashes + if vm.hashCache != nil { + sigHashes = vm.hashCache + } else { + sigHashes = NewTxSigHashes(&vm.tx) + } + + hash, err = calcWitnessSignatureHash(subScript, sigHashes, hashType, + &vm.tx, vm.txIdx, vm.inputAmount) + if err != nil { + return err + } + } else { + // Remove the signature since there is no way for a signature + // to sign itself. + subScript = removeOpcodeByData(subScript, fullSigBytes) + + hash = calcSignatureHash(subScript, hashType, &vm.tx, vm.txIdx) + } + + pubKey, err := btcec.ParsePubKey(pkBytes, btcec.S256()) + if err != nil { + vm.dstack.PushBool(false) + return nil + } + + var signature *btcec.Signature + if vm.hasFlag(ScriptVerifyStrictEncoding) || + vm.hasFlag(ScriptVerifyDERSignatures) { + + signature, err = btcec.ParseDERSignature(sigBytes, btcec.S256()) + } else { + signature, err = btcec.ParseSignature(sigBytes, btcec.S256()) + } + if err != nil { + vm.dstack.PushBool(false) + return nil + } + + var valid bool + if vm.sigCache != nil { + var sigHash chainhash.Hash + copy(sigHash[:], hash) + + valid = vm.sigCache.Exists(sigHash, signature, pubKey) + if !valid && signature.Verify(hash, pubKey) { + vm.sigCache.Add(sigHash, signature, pubKey) + valid = true + } + } else { + valid = signature.Verify(hash, pubKey) + } + + if !valid && vm.hasFlag(ScriptVerifyNullFail) && len(sigBytes) > 0 { + str := "signature not empty on failed checksig" + return scriptError(ErrNullFail, str) + } + + vm.dstack.PushBool(valid) + return nil +} + +// opcodeCheckSigVerify is a combination of opcodeCheckSig and opcodeVerify. +// The opcodeCheckSig function is invoked followed by opcodeVerify. See the +// documentation for each of those opcodes for more details. +// +// Stack transformation: signature pubkey] -> [... bool] -> [...] +func opcodeCheckSigVerify(op *parsedOpcode, vm *Engine) error { + err := opcodeCheckSig(op, vm) + if err == nil { + err = abstractVerify(op, vm, ErrCheckSigVerify) + } + return err +} + +// parsedSigInfo houses a raw signature along with its parsed form and a flag +// for whether or not it has already been parsed. It is used to prevent parsing +// the same signature multiple times when verifying a multisig. +type parsedSigInfo struct { + signature []byte + parsedSignature *btcec.Signature + parsed bool +} + +// opcodeCheckMultiSig treats the top item on the stack as an integer number of +// public keys, followed by that many entries as raw data representing the public +// keys, followed by the integer number of signatures, followed by that many +// entries as raw data representing the signatures. +// +// Due to a bug in the original Satoshi client implementation, an additional +// dummy argument is also required by the consensus rules, although it is not +// used. The dummy value SHOULD be an OP_0, although that is not required by +// the consensus rules. When the ScriptStrictMultiSig flag is set, it must be +// OP_0. +// +// All of the aforementioned stack items are replaced with a bool which +// indicates if the requisite number of signatures were successfully verified. +// +// See the opcodeCheckSigVerify documentation for more details about the process +// for verifying each signature. +// +// Stack transformation: +// [... dummy [sig ...] numsigs [pubkey ...] numpubkeys] -> [... bool] +func opcodeCheckMultiSig(op *parsedOpcode, vm *Engine) error { + numKeys, err := vm.dstack.PopInt() + if err != nil { + return err + } + + numPubKeys := int(numKeys.Int32()) + if numPubKeys < 0 { + str := fmt.Sprintf("number of pubkeys %d is negative", + numPubKeys) + return scriptError(ErrInvalidPubKeyCount, str) + } + if numPubKeys > MaxPubKeysPerMultiSig { + str := fmt.Sprintf("too many pubkeys: %d > %d", + numPubKeys, MaxPubKeysPerMultiSig) + return scriptError(ErrInvalidPubKeyCount, str) + } + vm.numOps += numPubKeys + if vm.numOps > MaxOpsPerScript { + str := fmt.Sprintf("exceeded max operation limit of %d", + MaxOpsPerScript) + return scriptError(ErrTooManyOperations, str) + } + + pubKeys := make([][]byte, 0, numPubKeys) + for i := 0; i < numPubKeys; i++ { + pubKey, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + pubKeys = append(pubKeys, pubKey) + } + + numSigs, err := vm.dstack.PopInt() + if err != nil { + return err + } + numSignatures := int(numSigs.Int32()) + if numSignatures < 0 { + str := fmt.Sprintf("number of signatures %d is negative", + numSignatures) + return scriptError(ErrInvalidSignatureCount, str) + + } + if numSignatures > numPubKeys { + str := fmt.Sprintf("more signatures than pubkeys: %d > %d", + numSignatures, numPubKeys) + return scriptError(ErrInvalidSignatureCount, str) + } + + signatures := make([]*parsedSigInfo, 0, numSignatures) + for i := 0; i < numSignatures; i++ { + signature, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + sigInfo := &parsedSigInfo{signature: signature} + signatures = append(signatures, sigInfo) + } + + // A bug in the original Satoshi client implementation means one more + // stack value than should be used must be popped. Unfortunately, this + // buggy behavior is now part of the consensus and a hard fork would be + // required to fix it. + dummy, err := vm.dstack.PopByteArray() + if err != nil { + return err + } + + // Since the dummy argument is otherwise not checked, it could be any + // value which unfortunately provides a source of malleability. Thus, + // there is a script flag to force an error when the value is NOT 0. + if vm.hasFlag(ScriptStrictMultiSig) && len(dummy) != 0 { + str := fmt.Sprintf("multisig dummy argument has length %d "+ + "instead of 0", len(dummy)) + return scriptError(ErrSigNullDummy, str) + } + + // Get script starting from the most recent OP_CODESEPARATOR. + script := vm.subScript() + + // Remove the signature in pre version 0 segwit scripts since there is + // no way for a signature to sign itself. + if !vm.isWitnessVersionActive(0) { + for _, sigInfo := range signatures { + script = removeOpcodeByData(script, sigInfo.signature) + } + } + + success := true + numPubKeys++ + pubKeyIdx := -1 + signatureIdx := 0 + for numSignatures > 0 { + // When there are more signatures than public keys remaining, + // there is no way to succeed since too many signatures are + // invalid, so exit early. + pubKeyIdx++ + numPubKeys-- + if numSignatures > numPubKeys { + success = false + break + } + + sigInfo := signatures[signatureIdx] + pubKey := pubKeys[pubKeyIdx] + + // The order of the signature and public key evaluation is + // important here since it can be distinguished by an + // OP_CHECKMULTISIG NOT when the strict encoding flag is set. + + rawSig := sigInfo.signature + if len(rawSig) == 0 { + // Skip to the next pubkey if signature is empty. + continue + } + + // Split the signature into hash type and signature components. + hashType := SigHashType(rawSig[len(rawSig)-1]) + signature := rawSig[:len(rawSig)-1] + + // Only parse and check the signature encoding once. + var parsedSig *btcec.Signature + if !sigInfo.parsed { + if err := vm.checkHashTypeEncoding(hashType); err != nil { + return err + } + if err := vm.checkSignatureEncoding(signature); err != nil { + return err + } + + // Parse the signature. + var err error + if vm.hasFlag(ScriptVerifyStrictEncoding) || + vm.hasFlag(ScriptVerifyDERSignatures) { + + parsedSig, err = btcec.ParseDERSignature(signature, + btcec.S256()) + } else { + parsedSig, err = btcec.ParseSignature(signature, + btcec.S256()) + } + sigInfo.parsed = true + if err != nil { + continue + } + sigInfo.parsedSignature = parsedSig + } else { + // Skip to the next pubkey if the signature is invalid. + if sigInfo.parsedSignature == nil { + continue + } + + // Use the already parsed signature. + parsedSig = sigInfo.parsedSignature + } + + if err := vm.checkPubKeyEncoding(pubKey); err != nil { + return err + } + + // Parse the pubkey. + parsedPubKey, err := btcec.ParsePubKey(pubKey, btcec.S256()) + if err != nil { + continue + } + + // Generate the signature hash based on the signature hash type. + var hash []byte + if vm.isWitnessVersionActive(0) { + var sigHashes *TxSigHashes + if vm.hashCache != nil { + sigHashes = vm.hashCache + } else { + sigHashes = NewTxSigHashes(&vm.tx) + } + + hash, err = calcWitnessSignatureHash(script, sigHashes, hashType, + &vm.tx, vm.txIdx, vm.inputAmount) + if err != nil { + return err + } + } else { + hash = calcSignatureHash(script, hashType, &vm.tx, vm.txIdx) + } + + var valid bool + if vm.sigCache != nil { + var sigHash chainhash.Hash + copy(sigHash[:], hash) + + valid = vm.sigCache.Exists(sigHash, parsedSig, parsedPubKey) + if !valid && parsedSig.Verify(hash, parsedPubKey) { + vm.sigCache.Add(sigHash, parsedSig, parsedPubKey) + valid = true + } + } else { + valid = parsedSig.Verify(hash, parsedPubKey) + } + + if valid { + // PubKey verified, move on to the next signature. + signatureIdx++ + numSignatures-- + } + } + + if !success && vm.hasFlag(ScriptVerifyNullFail) { + for _, sig := range signatures { + if len(sig.signature) > 0 { + str := "not all signatures empty on failed checkmultisig" + return scriptError(ErrNullFail, str) + } + } + } + + vm.dstack.PushBool(success) + return nil +} + +// opcodeCheckMultiSigVerify is a combination of opcodeCheckMultiSig and +// opcodeVerify. The opcodeCheckMultiSig is invoked followed by opcodeVerify. +// See the documentation for each of those opcodes for more details. +// +// Stack transformation: +// [... dummy [sig ...] numsigs [pubkey ...] numpubkeys] -> [... bool] -> [...] +func opcodeCheckMultiSigVerify(op *parsedOpcode, vm *Engine) error { + err := opcodeCheckMultiSig(op, vm) + if err == nil { + err = abstractVerify(op, vm, ErrCheckMultiSigVerify) + } + return err +} + +// OpcodeByName is a map that can be used to lookup an opcode by its +// human-readable name (OP_CHECKMULTISIG, OP_CHECKSIG, etc). +var OpcodeByName = make(map[string]byte) + +func init() { + // Initialize the opcode name to value map using the contents of the + // opcode array. Also add entries for "OP_FALSE", "OP_TRUE", and + // "OP_NOP2" since they are aliases for "OP_0", "OP_1", + // and "OP_CHECKLOCKTIMEVERIFY" respectively. + for _, op := range opcodeArray { + OpcodeByName[op.name] = op.value + } + OpcodeByName["OP_FALSE"] = OP_FALSE + OpcodeByName["OP_TRUE"] = OP_TRUE + OpcodeByName["OP_NOP2"] = OP_CHECKLOCKTIMEVERIFY + OpcodeByName["OP_NOP3"] = OP_CHECKSEQUENCEVERIFY +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/pkscript.go b/vendor/github.com/btcsuite/btcd/txscript/pkscript.go new file mode 100644 index 0000000..0703ef5 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/pkscript.go @@ -0,0 +1,279 @@ +package txscript + +import ( + "crypto/sha256" + "errors" + "fmt" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/wire" + "github.com/btcsuite/btcutil" + "golang.org/x/crypto/ripemd160" +) + +const ( + // minPubKeyHashSigScriptLen is the minimum length of a signature script + // that spends a P2PKH output. The length is composed of the following: + // Signature length (1 byte) + // Signature (min 8 bytes) + // Signature hash type (1 byte) + // Public key length (1 byte) + // Public key (33 byte) + minPubKeyHashSigScriptLen = 1 + btcec.MinSigLen + 1 + 1 + 33 + + // maxPubKeyHashSigScriptLen is the maximum length of a signature script + // that spends a P2PKH output. The length is composed of the following: + // Signature length (1 byte) + // Signature (max 72 bytes) + // Signature hash type (1 byte) + // Public key length (1 byte) + // Public key (33 byte) + maxPubKeyHashSigScriptLen = 1 + 72 + 1 + 1 + 33 + + // compressedPubKeyLen is the length in bytes of a compressed public + // key. + compressedPubKeyLen = 33 + + // pubKeyHashLen is the length of a P2PKH script. + pubKeyHashLen = 25 + + // witnessV0PubKeyHashLen is the length of a P2WPKH script. + witnessV0PubKeyHashLen = 22 + + // scriptHashLen is the length of a P2SH script. + scriptHashLen = 23 + + // witnessV0ScriptHashLen is the length of a P2WSH script. + witnessV0ScriptHashLen = 34 + + // maxLen is the maximum script length supported by ParsePkScript. + maxLen = witnessV0ScriptHashLen +) + +var ( + // ErrUnsupportedScriptType is an error returned when we attempt to + // parse/re-compute an output script into a PkScript struct. + ErrUnsupportedScriptType = errors.New("unsupported script type") +) + +// PkScript is a wrapper struct around a byte array, allowing it to be used +// as a map index. +type PkScript struct { + // class is the type of the script encoded within the byte array. This + // is used to determine the correct length of the script within the byte + // array. + class ScriptClass + + // script is the script contained within a byte array. If the script is + // smaller than the length of the byte array, it will be padded with 0s + // at the end. + script [maxLen]byte +} + +// ParsePkScript parses an output script into the PkScript struct. +// ErrUnsupportedScriptType is returned when attempting to parse an unsupported +// script type. +func ParsePkScript(pkScript []byte) (PkScript, error) { + var outputScript PkScript + scriptClass, _, _, err := ExtractPkScriptAddrs( + pkScript, &chaincfg.MainNetParams, + ) + if err != nil { + return outputScript, fmt.Errorf("unable to parse script type: "+ + "%v", err) + } + + if !isSupportedScriptType(scriptClass) { + return outputScript, ErrUnsupportedScriptType + } + + outputScript.class = scriptClass + copy(outputScript.script[:], pkScript) + + return outputScript, nil +} + +// isSupportedScriptType determines whether the script type is supported by the +// PkScript struct. +func isSupportedScriptType(class ScriptClass) bool { + switch class { + case PubKeyHashTy, WitnessV0PubKeyHashTy, ScriptHashTy, + WitnessV0ScriptHashTy: + return true + default: + return false + } +} + +// Class returns the script type. +func (s PkScript) Class() ScriptClass { + return s.class +} + +// Script returns the script as a byte slice without any padding. +func (s PkScript) Script() []byte { + var script []byte + + switch s.class { + case PubKeyHashTy: + script = make([]byte, pubKeyHashLen) + copy(script, s.script[:pubKeyHashLen]) + + case WitnessV0PubKeyHashTy: + script = make([]byte, witnessV0PubKeyHashLen) + copy(script, s.script[:witnessV0PubKeyHashLen]) + + case ScriptHashTy: + script = make([]byte, scriptHashLen) + copy(script, s.script[:scriptHashLen]) + + case WitnessV0ScriptHashTy: + script = make([]byte, witnessV0ScriptHashLen) + copy(script, s.script[:witnessV0ScriptHashLen]) + + default: + // Unsupported script type. + return nil + } + + return script +} + +// Address encodes the script into an address for the given chain. +func (s PkScript) Address(chainParams *chaincfg.Params) (btcutil.Address, error) { + _, addrs, _, err := ExtractPkScriptAddrs(s.Script(), chainParams) + if err != nil { + return nil, fmt.Errorf("unable to parse address: %v", err) + } + + return addrs[0], nil +} + +// String returns a hex-encoded string representation of the script. +func (s PkScript) String() string { + str, _ := DisasmString(s.Script()) + return str +} + +// ComputePkScript computes the script of an output by looking at the spending +// input's signature script or witness. +// +// NOTE: Only P2PKH, P2SH, P2WSH, and P2WPKH redeem scripts are supported. +func ComputePkScript(sigScript []byte, witness wire.TxWitness) (PkScript, error) { + switch { + case len(sigScript) > 0: + return computeNonWitnessPkScript(sigScript) + case len(witness) > 0: + return computeWitnessPkScript(witness) + default: + return PkScript{}, ErrUnsupportedScriptType + } +} + +// computeNonWitnessPkScript computes the script of an output by looking at the +// spending input's signature script. +func computeNonWitnessPkScript(sigScript []byte) (PkScript, error) { + switch { + // Since we only support P2PKH and P2SH scripts as the only non-witness + // script types, we should expect to see a push only script. + case !IsPushOnlyScript(sigScript): + return PkScript{}, ErrUnsupportedScriptType + + // If a signature script is provided with a length long enough to + // represent a P2PKH script, then we'll attempt to parse the compressed + // public key from it. + case len(sigScript) >= minPubKeyHashSigScriptLen && + len(sigScript) <= maxPubKeyHashSigScriptLen: + + // The public key should be found as the last part of the + // signature script. We'll attempt to parse it to ensure this is + // a P2PKH redeem script. + pubKey := sigScript[len(sigScript)-compressedPubKeyLen:] + if btcec.IsCompressedPubKey(pubKey) { + pubKeyHash := hash160(pubKey) + script, err := payToPubKeyHashScript(pubKeyHash) + if err != nil { + return PkScript{}, err + } + + pkScript := PkScript{class: PubKeyHashTy} + copy(pkScript.script[:], script) + return pkScript, nil + } + + fallthrough + + // If we failed to parse a compressed public key from the script in the + // case above, or if the script length is not that of a P2PKH one, we + // can assume it's a P2SH signature script. + default: + // The redeem script will always be the last data push of the + // signature script, so we'll parse the script into opcodes to + // obtain it. + parsedOpcodes, err := parseScript(sigScript) + if err != nil { + return PkScript{}, err + } + redeemScript := parsedOpcodes[len(parsedOpcodes)-1].data + + scriptHash := hash160(redeemScript) + script, err := payToScriptHashScript(scriptHash) + if err != nil { + return PkScript{}, err + } + + pkScript := PkScript{class: ScriptHashTy} + copy(pkScript.script[:], script) + return pkScript, nil + } +} + +// computeWitnessPkScript computes the script of an output by looking at the +// spending input's witness. +func computeWitnessPkScript(witness wire.TxWitness) (PkScript, error) { + // We'll use the last item of the witness stack to determine the proper + // witness type. + lastWitnessItem := witness[len(witness)-1] + + var pkScript PkScript + switch { + // If the witness stack has a size of 2 and its last item is a + // compressed public key, then this is a P2WPKH witness. + case len(witness) == 2 && len(lastWitnessItem) == compressedPubKeyLen: + pubKeyHash := hash160(lastWitnessItem) + script, err := payToWitnessPubKeyHashScript(pubKeyHash) + if err != nil { + return pkScript, err + } + + pkScript.class = WitnessV0PubKeyHashTy + copy(pkScript.script[:], script) + + // For any other witnesses, we'll assume it's a P2WSH witness. + default: + scriptHash := sha256.Sum256(lastWitnessItem) + script, err := payToWitnessScriptHashScript(scriptHash[:]) + if err != nil { + return pkScript, err + } + + pkScript.class = WitnessV0ScriptHashTy + copy(pkScript.script[:], script) + } + + return pkScript, nil +} + +// hash160 returns the RIPEMD160 hash of the SHA-256 HASH of the given data. +func hash160(data []byte) []byte { + h := sha256.Sum256(data) + return ripemd160h(h[:]) +} + +// ripemd160h returns the RIPEMD160 hash of the given data. +func ripemd160h(data []byte) []byte { + h := ripemd160.New() + h.Write(data) + return h.Sum(nil) +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/script.go b/vendor/github.com/btcsuite/btcd/txscript/script.go new file mode 100644 index 0000000..aac3d4a --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/script.go @@ -0,0 +1,860 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "bytes" + "encoding/binary" + "fmt" + "time" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// Bip16Activation is the timestamp where BIP0016 is valid to use in the +// blockchain. To be used to determine if BIP0016 should be called for or not. +// This timestamp corresponds to Sun Apr 1 00:00:00 UTC 2012. +var Bip16Activation = time.Unix(1333238400, 0) + +// SigHashType represents hash type bits at the end of a signature. +type SigHashType uint32 + +// Hash type bits from the end of a signature. +const ( + SigHashOld SigHashType = 0x0 + SigHashAll SigHashType = 0x1 + SigHashNone SigHashType = 0x2 + SigHashSingle SigHashType = 0x3 + SigHashAnyOneCanPay SigHashType = 0x80 + + // sigHashMask defines the number of bits of the hash type which is used + // to identify which outputs are signed. + sigHashMask = 0x1f +) + +// These are the constants specified for maximums in individual scripts. +const ( + MaxOpsPerScript = 201 // Max number of non-push operations. + MaxPubKeysPerMultiSig = 20 // Multisig can't have more sigs than this. + MaxScriptElementSize = 520 // Max bytes pushable to the stack. +) + +// isSmallInt returns whether or not the opcode is considered a small integer, +// which is an OP_0, or OP_1 through OP_16. +func isSmallInt(op *opcode) bool { + if op.value == OP_0 || (op.value >= OP_1 && op.value <= OP_16) { + return true + } + return false +} + +// isScriptHash returns true if the script passed is a pay-to-script-hash +// transaction, false otherwise. +func isScriptHash(pops []parsedOpcode) bool { + return len(pops) == 3 && + pops[0].opcode.value == OP_HASH160 && + pops[1].opcode.value == OP_DATA_20 && + pops[2].opcode.value == OP_EQUAL +} + +// IsPayToScriptHash returns true if the script is in the standard +// pay-to-script-hash (P2SH) format, false otherwise. +func IsPayToScriptHash(script []byte) bool { + pops, err := parseScript(script) + if err != nil { + return false + } + return isScriptHash(pops) +} + +// isWitnessScriptHash returns true if the passed script is a +// pay-to-witness-script-hash transaction, false otherwise. +func isWitnessScriptHash(pops []parsedOpcode) bool { + return len(pops) == 2 && + pops[0].opcode.value == OP_0 && + pops[1].opcode.value == OP_DATA_32 +} + +// IsPayToWitnessScriptHash returns true if the is in the standard +// pay-to-witness-script-hash (P2WSH) format, false otherwise. +func IsPayToWitnessScriptHash(script []byte) bool { + pops, err := parseScript(script) + if err != nil { + return false + } + return isWitnessScriptHash(pops) +} + +// IsPayToWitnessPubKeyHash returns true if the is in the standard +// pay-to-witness-pubkey-hash (P2WKH) format, false otherwise. +func IsPayToWitnessPubKeyHash(script []byte) bool { + pops, err := parseScript(script) + if err != nil { + return false + } + return isWitnessPubKeyHash(pops) +} + +// isWitnessPubKeyHash returns true if the passed script is a +// pay-to-witness-pubkey-hash, and false otherwise. +func isWitnessPubKeyHash(pops []parsedOpcode) bool { + return len(pops) == 2 && + pops[0].opcode.value == OP_0 && + pops[1].opcode.value == OP_DATA_20 +} + +// IsWitnessProgram returns true if the passed script is a valid witness +// program which is encoded according to the passed witness program version. A +// witness program must be a small integer (from 0-16), followed by 2-40 bytes +// of pushed data. +func IsWitnessProgram(script []byte) bool { + // The length of the script must be between 4 and 42 bytes. The + // smallest program is the witness version, followed by a data push of + // 2 bytes. The largest allowed witness program has a data push of + // 40-bytes. + if len(script) < 4 || len(script) > 42 { + return false + } + + pops, err := parseScript(script) + if err != nil { + return false + } + + return isWitnessProgram(pops) +} + +// isWitnessProgram returns true if the passed script is a witness program, and +// false otherwise. A witness program MUST adhere to the following constraints: +// there must be exactly two pops (program version and the program itself), the +// first opcode MUST be a small integer (0-16), the push data MUST be +// canonical, and finally the size of the push data must be between 2 and 40 +// bytes. +func isWitnessProgram(pops []parsedOpcode) bool { + return len(pops) == 2 && + isSmallInt(pops[0].opcode) && + canonicalPush(pops[1]) && + (len(pops[1].data) >= 2 && len(pops[1].data) <= 40) +} + +// ExtractWitnessProgramInfo attempts to extract the witness program version, +// as well as the witness program itself from the passed script. +func ExtractWitnessProgramInfo(script []byte) (int, []byte, error) { + pops, err := parseScript(script) + if err != nil { + return 0, nil, err + } + + // If at this point, the scripts doesn't resemble a witness program, + // then we'll exit early as there isn't a valid version or program to + // extract. + if !isWitnessProgram(pops) { + return 0, nil, fmt.Errorf("script is not a witness program, " + + "unable to extract version or witness program") + } + + witnessVersion := asSmallInt(pops[0].opcode) + witnessProgram := pops[1].data + + return witnessVersion, witnessProgram, nil +} + +// isPushOnly returns true if the script only pushes data, false otherwise. +func isPushOnly(pops []parsedOpcode) bool { + // NOTE: This function does NOT verify opcodes directly since it is + // internal and is only called with parsed opcodes for scripts that did + // not have any parse errors. Thus, consensus is properly maintained. + + for _, pop := range pops { + // All opcodes up to OP_16 are data push instructions. + // NOTE: This does consider OP_RESERVED to be a data push + // instruction, but execution of OP_RESERVED will fail anyways + // and matches the behavior required by consensus. + if pop.opcode.value > OP_16 { + return false + } + } + return true +} + +// IsPushOnlyScript returns whether or not the passed script only pushes data. +// +// False will be returned when the script does not parse. +func IsPushOnlyScript(script []byte) bool { + pops, err := parseScript(script) + if err != nil { + return false + } + return isPushOnly(pops) +} + +// parseScriptTemplate is the same as parseScript but allows the passing of the +// template list for testing purposes. When there are parse errors, it returns +// the list of parsed opcodes up to the point of failure along with the error. +func parseScriptTemplate(script []byte, opcodes *[256]opcode) ([]parsedOpcode, error) { + retScript := make([]parsedOpcode, 0, len(script)) + for i := 0; i < len(script); { + instr := script[i] + op := &opcodes[instr] + pop := parsedOpcode{opcode: op} + + // Parse data out of instruction. + switch { + // No additional data. Note that some of the opcodes, notably + // OP_1NEGATE, OP_0, and OP_[1-16] represent the data + // themselves. + case op.length == 1: + i++ + + // Data pushes of specific lengths -- OP_DATA_[1-75]. + case op.length > 1: + if len(script[i:]) < op.length { + str := fmt.Sprintf("opcode %s requires %d "+ + "bytes, but script only has %d remaining", + op.name, op.length, len(script[i:])) + return retScript, scriptError(ErrMalformedPush, + str) + } + + // Slice out the data. + pop.data = script[i+1 : i+op.length] + i += op.length + + // Data pushes with parsed lengths -- OP_PUSHDATAP{1,2,4}. + case op.length < 0: + var l uint + off := i + 1 + + if len(script[off:]) < -op.length { + str := fmt.Sprintf("opcode %s requires %d "+ + "bytes, but script only has %d remaining", + op.name, -op.length, len(script[off:])) + return retScript, scriptError(ErrMalformedPush, + str) + } + + // Next -length bytes are little endian length of data. + switch op.length { + case -1: + l = uint(script[off]) + case -2: + l = ((uint(script[off+1]) << 8) | + uint(script[off])) + case -4: + l = ((uint(script[off+3]) << 24) | + (uint(script[off+2]) << 16) | + (uint(script[off+1]) << 8) | + uint(script[off])) + default: + str := fmt.Sprintf("invalid opcode length %d", + op.length) + return retScript, scriptError(ErrMalformedPush, + str) + } + + // Move offset to beginning of the data. + off += -op.length + + // Disallow entries that do not fit script or were + // sign extended. + if int(l) > len(script[off:]) || int(l) < 0 { + str := fmt.Sprintf("opcode %s pushes %d bytes, "+ + "but script only has %d remaining", + op.name, int(l), len(script[off:])) + return retScript, scriptError(ErrMalformedPush, + str) + } + + pop.data = script[off : off+int(l)] + i += 1 - op.length + int(l) + } + + retScript = append(retScript, pop) + } + + return retScript, nil +} + +// parseScript preparses the script in bytes into a list of parsedOpcodes while +// applying a number of sanity checks. +func parseScript(script []byte) ([]parsedOpcode, error) { + return parseScriptTemplate(script, &opcodeArray) +} + +// unparseScript reversed the action of parseScript and returns the +// parsedOpcodes as a list of bytes +func unparseScript(pops []parsedOpcode) ([]byte, error) { + script := make([]byte, 0, len(pops)) + for _, pop := range pops { + b, err := pop.bytes() + if err != nil { + return nil, err + } + script = append(script, b...) + } + return script, nil +} + +// DisasmString formats a disassembled script for one line printing. When the +// script fails to parse, the returned string will contain the disassembled +// script up to the point the failure occurred along with the string '[error]' +// appended. In addition, the reason the script failed to parse is returned +// if the caller wants more information about the failure. +func DisasmString(buf []byte) (string, error) { + var disbuf bytes.Buffer + opcodes, err := parseScript(buf) + for _, pop := range opcodes { + disbuf.WriteString(pop.print(true)) + disbuf.WriteByte(' ') + } + if disbuf.Len() > 0 { + disbuf.Truncate(disbuf.Len() - 1) + } + if err != nil { + disbuf.WriteString("[error]") + } + return disbuf.String(), err +} + +// removeOpcode will remove any opcode matching ``opcode'' from the opcode +// stream in pkscript +func removeOpcode(pkscript []parsedOpcode, opcode byte) []parsedOpcode { + retScript := make([]parsedOpcode, 0, len(pkscript)) + for _, pop := range pkscript { + if pop.opcode.value != opcode { + retScript = append(retScript, pop) + } + } + return retScript +} + +// canonicalPush returns true if the object is either not a push instruction +// or the push instruction contained wherein is matches the canonical form +// or using the smallest instruction to do the job. False otherwise. +func canonicalPush(pop parsedOpcode) bool { + opcode := pop.opcode.value + data := pop.data + dataLen := len(pop.data) + if opcode > OP_16 { + return true + } + + if opcode < OP_PUSHDATA1 && opcode > OP_0 && (dataLen == 1 && data[0] <= 16) { + return false + } + if opcode == OP_PUSHDATA1 && dataLen < OP_PUSHDATA1 { + return false + } + if opcode == OP_PUSHDATA2 && dataLen <= 0xff { + return false + } + if opcode == OP_PUSHDATA4 && dataLen <= 0xffff { + return false + } + return true +} + +// removeOpcodeByData will return the script minus any opcodes that would push +// the passed data to the stack. +func removeOpcodeByData(pkscript []parsedOpcode, data []byte) []parsedOpcode { + retScript := make([]parsedOpcode, 0, len(pkscript)) + for _, pop := range pkscript { + if !canonicalPush(pop) || !bytes.Contains(pop.data, data) { + retScript = append(retScript, pop) + } + } + return retScript + +} + +// calcHashPrevOuts calculates a single hash of all the previous outputs +// (txid:index) referenced within the passed transaction. This calculated hash +// can be re-used when validating all inputs spending segwit outputs, with a +// signature hash type of SigHashAll. This allows validation to re-use previous +// hashing computation, reducing the complexity of validating SigHashAll inputs +// from O(N^2) to O(N). +func calcHashPrevOuts(tx *wire.MsgTx) chainhash.Hash { + var b bytes.Buffer + for _, in := range tx.TxIn { + // First write out the 32-byte transaction ID one of whose + // outputs are being referenced by this input. + b.Write(in.PreviousOutPoint.Hash[:]) + + // Next, we'll encode the index of the referenced output as a + // little endian integer. + var buf [4]byte + binary.LittleEndian.PutUint32(buf[:], in.PreviousOutPoint.Index) + b.Write(buf[:]) + } + + return chainhash.DoubleHashH(b.Bytes()) +} + +// calcHashSequence computes an aggregated hash of each of the sequence numbers +// within the inputs of the passed transaction. This single hash can be re-used +// when validating all inputs spending segwit outputs, which include signatures +// using the SigHashAll sighash type. This allows validation to re-use previous +// hashing computation, reducing the complexity of validating SigHashAll inputs +// from O(N^2) to O(N). +func calcHashSequence(tx *wire.MsgTx) chainhash.Hash { + var b bytes.Buffer + for _, in := range tx.TxIn { + var buf [4]byte + binary.LittleEndian.PutUint32(buf[:], in.Sequence) + b.Write(buf[:]) + } + + return chainhash.DoubleHashH(b.Bytes()) +} + +// calcHashOutputs computes a hash digest of all outputs created by the +// transaction encoded using the wire format. This single hash can be re-used +// when validating all inputs spending witness programs, which include +// signatures using the SigHashAll sighash type. This allows computation to be +// cached, reducing the total hashing complexity from O(N^2) to O(N). +func calcHashOutputs(tx *wire.MsgTx) chainhash.Hash { + var b bytes.Buffer + for _, out := range tx.TxOut { + wire.WriteTxOut(&b, 0, 0, out) + } + + return chainhash.DoubleHashH(b.Bytes()) +} + +// calcWitnessSignatureHash computes the sighash digest of a transaction's +// segwit input using the new, optimized digest calculation algorithm defined +// in BIP0143: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki. +// This function makes use of pre-calculated sighash fragments stored within +// the passed HashCache to eliminate duplicate hashing computations when +// calculating the final digest, reducing the complexity from O(N^2) to O(N). +// Additionally, signatures now cover the input value of the referenced unspent +// output. This allows offline, or hardware wallets to compute the exact amount +// being spent, in addition to the final transaction fee. In the case the +// wallet if fed an invalid input amount, the real sighash will differ causing +// the produced signature to be invalid. +func calcWitnessSignatureHash(subScript []parsedOpcode, sigHashes *TxSigHashes, + hashType SigHashType, tx *wire.MsgTx, idx int, amt int64) ([]byte, error) { + + // As a sanity check, ensure the passed input index for the transaction + // is valid. + if idx > len(tx.TxIn)-1 { + return nil, fmt.Errorf("idx %d but %d txins", idx, len(tx.TxIn)) + } + + // We'll utilize this buffer throughout to incrementally calculate + // the signature hash for this transaction. + var sigHash bytes.Buffer + + // First write out, then encode the transaction's version number. + var bVersion [4]byte + binary.LittleEndian.PutUint32(bVersion[:], uint32(tx.Version)) + sigHash.Write(bVersion[:]) + + // Next write out the possibly pre-calculated hashes for the sequence + // numbers of all inputs, and the hashes of the previous outs for all + // outputs. + var zeroHash chainhash.Hash + + // If anyone can pay isn't active, then we can use the cached + // hashPrevOuts, otherwise we just write zeroes for the prev outs. + if hashType&SigHashAnyOneCanPay == 0 { + sigHash.Write(sigHashes.HashPrevOuts[:]) + } else { + sigHash.Write(zeroHash[:]) + } + + // If the sighash isn't anyone can pay, single, or none, the use the + // cached hash sequences, otherwise write all zeroes for the + // hashSequence. + if hashType&SigHashAnyOneCanPay == 0 && + hashType&sigHashMask != SigHashSingle && + hashType&sigHashMask != SigHashNone { + sigHash.Write(sigHashes.HashSequence[:]) + } else { + sigHash.Write(zeroHash[:]) + } + + txIn := tx.TxIn[idx] + + // Next, write the outpoint being spent. + sigHash.Write(txIn.PreviousOutPoint.Hash[:]) + var bIndex [4]byte + binary.LittleEndian.PutUint32(bIndex[:], txIn.PreviousOutPoint.Index) + sigHash.Write(bIndex[:]) + + if isWitnessPubKeyHash(subScript) { + // The script code for a p2wkh is a length prefix varint for + // the next 25 bytes, followed by a re-creation of the original + // p2pkh pk script. + sigHash.Write([]byte{0x19}) + sigHash.Write([]byte{OP_DUP}) + sigHash.Write([]byte{OP_HASH160}) + sigHash.Write([]byte{OP_DATA_20}) + sigHash.Write(subScript[1].data) + sigHash.Write([]byte{OP_EQUALVERIFY}) + sigHash.Write([]byte{OP_CHECKSIG}) + } else { + // For p2wsh outputs, and future outputs, the script code is + // the original script, with all code separators removed, + // serialized with a var int length prefix. + rawScript, _ := unparseScript(subScript) + wire.WriteVarBytes(&sigHash, 0, rawScript) + } + + // Next, add the input amount, and sequence number of the input being + // signed. + var bAmount [8]byte + binary.LittleEndian.PutUint64(bAmount[:], uint64(amt)) + sigHash.Write(bAmount[:]) + var bSequence [4]byte + binary.LittleEndian.PutUint32(bSequence[:], txIn.Sequence) + sigHash.Write(bSequence[:]) + + // If the current signature mode isn't single, or none, then we can + // re-use the pre-generated hashoutputs sighash fragment. Otherwise, + // we'll serialize and add only the target output index to the signature + // pre-image. + if hashType&SigHashSingle != SigHashSingle && + hashType&SigHashNone != SigHashNone { + sigHash.Write(sigHashes.HashOutputs[:]) + } else if hashType&sigHashMask == SigHashSingle && idx < len(tx.TxOut) { + var b bytes.Buffer + wire.WriteTxOut(&b, 0, 0, tx.TxOut[idx]) + sigHash.Write(chainhash.DoubleHashB(b.Bytes())) + } else { + sigHash.Write(zeroHash[:]) + } + + // Finally, write out the transaction's locktime, and the sig hash + // type. + var bLockTime [4]byte + binary.LittleEndian.PutUint32(bLockTime[:], tx.LockTime) + sigHash.Write(bLockTime[:]) + var bHashType [4]byte + binary.LittleEndian.PutUint32(bHashType[:], uint32(hashType)) + sigHash.Write(bHashType[:]) + + return chainhash.DoubleHashB(sigHash.Bytes()), nil +} + +// CalcWitnessSigHash computes the sighash digest for the specified input of +// the target transaction observing the desired sig hash type. +func CalcWitnessSigHash(script []byte, sigHashes *TxSigHashes, hType SigHashType, + tx *wire.MsgTx, idx int, amt int64) ([]byte, error) { + + parsedScript, err := parseScript(script) + if err != nil { + return nil, fmt.Errorf("cannot parse output script: %v", err) + } + + return calcWitnessSignatureHash(parsedScript, sigHashes, hType, tx, idx, + amt) +} + +// shallowCopyTx creates a shallow copy of the transaction for use when +// calculating the signature hash. It is used over the Copy method on the +// transaction itself since that is a deep copy and therefore does more work and +// allocates much more space than needed. +func shallowCopyTx(tx *wire.MsgTx) wire.MsgTx { + // As an additional memory optimization, use contiguous backing arrays + // for the copied inputs and outputs and point the final slice of + // pointers into the contiguous arrays. This avoids a lot of small + // allocations. + txCopy := wire.MsgTx{ + Version: tx.Version, + TxIn: make([]*wire.TxIn, len(tx.TxIn)), + TxOut: make([]*wire.TxOut, len(tx.TxOut)), + LockTime: tx.LockTime, + } + txIns := make([]wire.TxIn, len(tx.TxIn)) + for i, oldTxIn := range tx.TxIn { + txIns[i] = *oldTxIn + txCopy.TxIn[i] = &txIns[i] + } + txOuts := make([]wire.TxOut, len(tx.TxOut)) + for i, oldTxOut := range tx.TxOut { + txOuts[i] = *oldTxOut + txCopy.TxOut[i] = &txOuts[i] + } + return txCopy +} + +// CalcSignatureHash will, given a script and hash type for the current script +// engine instance, calculate the signature hash to be used for signing and +// verification. +func CalcSignatureHash(script []byte, hashType SigHashType, tx *wire.MsgTx, idx int) ([]byte, error) { + parsedScript, err := parseScript(script) + if err != nil { + return nil, fmt.Errorf("cannot parse output script: %v", err) + } + return calcSignatureHash(parsedScript, hashType, tx, idx), nil +} + +// calcSignatureHash will, given a script and hash type for the current script +// engine instance, calculate the signature hash to be used for signing and +// verification. +func calcSignatureHash(script []parsedOpcode, hashType SigHashType, tx *wire.MsgTx, idx int) []byte { + // The SigHashSingle signature type signs only the corresponding input + // and output (the output with the same index number as the input). + // + // Since transactions can have more inputs than outputs, this means it + // is improper to use SigHashSingle on input indices that don't have a + // corresponding output. + // + // A bug in the original Satoshi client implementation means specifying + // an index that is out of range results in a signature hash of 1 (as a + // uint256 little endian). The original intent appeared to be to + // indicate failure, but unfortunately, it was never checked and thus is + // treated as the actual signature hash. This buggy behavior is now + // part of the consensus and a hard fork would be required to fix it. + // + // Due to this, care must be taken by software that creates transactions + // which make use of SigHashSingle because it can lead to an extremely + // dangerous situation where the invalid inputs will end up signing a + // hash of 1. This in turn presents an opportunity for attackers to + // cleverly construct transactions which can steal those coins provided + // they can reuse signatures. + if hashType&sigHashMask == SigHashSingle && idx >= len(tx.TxOut) { + var hash chainhash.Hash + hash[0] = 0x01 + return hash[:] + } + + // Remove all instances of OP_CODESEPARATOR from the script. + script = removeOpcode(script, OP_CODESEPARATOR) + + // Make a shallow copy of the transaction, zeroing out the script for + // all inputs that are not currently being processed. + txCopy := shallowCopyTx(tx) + for i := range txCopy.TxIn { + if i == idx { + // UnparseScript cannot fail here because removeOpcode + // above only returns a valid script. + sigScript, _ := unparseScript(script) + txCopy.TxIn[idx].SignatureScript = sigScript + } else { + txCopy.TxIn[i].SignatureScript = nil + } + } + + switch hashType & sigHashMask { + case SigHashNone: + txCopy.TxOut = txCopy.TxOut[0:0] // Empty slice. + for i := range txCopy.TxIn { + if i != idx { + txCopy.TxIn[i].Sequence = 0 + } + } + + case SigHashSingle: + // Resize output array to up to and including requested index. + txCopy.TxOut = txCopy.TxOut[:idx+1] + + // All but current output get zeroed out. + for i := 0; i < idx; i++ { + txCopy.TxOut[i].Value = -1 + txCopy.TxOut[i].PkScript = nil + } + + // Sequence on all other inputs is 0, too. + for i := range txCopy.TxIn { + if i != idx { + txCopy.TxIn[i].Sequence = 0 + } + } + + default: + // Consensus treats undefined hashtypes like normal SigHashAll + // for purposes of hash generation. + fallthrough + case SigHashOld: + fallthrough + case SigHashAll: + // Nothing special here. + } + if hashType&SigHashAnyOneCanPay != 0 { + txCopy.TxIn = txCopy.TxIn[idx : idx+1] + } + + // The final hash is the double sha256 of both the serialized modified + // transaction and the hash type (encoded as a 4-byte little-endian + // value) appended. + wbuf := bytes.NewBuffer(make([]byte, 0, txCopy.SerializeSizeStripped()+4)) + txCopy.SerializeNoWitness(wbuf) + binary.Write(wbuf, binary.LittleEndian, hashType) + return chainhash.DoubleHashB(wbuf.Bytes()) +} + +// asSmallInt returns the passed opcode, which must be true according to +// isSmallInt(), as an integer. +func asSmallInt(op *opcode) int { + if op.value == OP_0 { + return 0 + } + + return int(op.value - (OP_1 - 1)) +} + +// getSigOpCount is the implementation function for counting the number of +// signature operations in the script provided by pops. If precise mode is +// requested then we attempt to count the number of operations for a multisig +// op. Otherwise we use the maximum. +func getSigOpCount(pops []parsedOpcode, precise bool) int { + nSigs := 0 + for i, pop := range pops { + switch pop.opcode.value { + case OP_CHECKSIG: + fallthrough + case OP_CHECKSIGVERIFY: + nSigs++ + case OP_CHECKMULTISIG: + fallthrough + case OP_CHECKMULTISIGVERIFY: + // If we are being precise then look for familiar + // patterns for multisig, for now all we recognize is + // OP_1 - OP_16 to signify the number of pubkeys. + // Otherwise, we use the max of 20. + if precise && i > 0 && + pops[i-1].opcode.value >= OP_1 && + pops[i-1].opcode.value <= OP_16 { + nSigs += asSmallInt(pops[i-1].opcode) + } else { + nSigs += MaxPubKeysPerMultiSig + } + default: + // Not a sigop. + } + } + + return nSigs +} + +// GetSigOpCount provides a quick count of the number of signature operations +// in a script. a CHECKSIG operations counts for 1, and a CHECK_MULTISIG for 20. +// If the script fails to parse, then the count up to the point of failure is +// returned. +func GetSigOpCount(script []byte) int { + // Don't check error since parseScript returns the parsed-up-to-error + // list of pops. + pops, _ := parseScript(script) + return getSigOpCount(pops, false) +} + +// GetPreciseSigOpCount returns the number of signature operations in +// scriptPubKey. If bip16 is true then scriptSig may be searched for the +// Pay-To-Script-Hash script in order to find the precise number of signature +// operations in the transaction. If the script fails to parse, then the count +// up to the point of failure is returned. +func GetPreciseSigOpCount(scriptSig, scriptPubKey []byte, bip16 bool) int { + // Don't check error since parseScript returns the parsed-up-to-error + // list of pops. + pops, _ := parseScript(scriptPubKey) + + // Treat non P2SH transactions as normal. + if !(bip16 && isScriptHash(pops)) { + return getSigOpCount(pops, true) + } + + // The public key script is a pay-to-script-hash, so parse the signature + // script to get the final item. Scripts that fail to fully parse count + // as 0 signature operations. + sigPops, err := parseScript(scriptSig) + if err != nil { + return 0 + } + + // The signature script must only push data to the stack for P2SH to be + // a valid pair, so the signature operation count is 0 when that is not + // the case. + if !isPushOnly(sigPops) || len(sigPops) == 0 { + return 0 + } + + // The P2SH script is the last item the signature script pushes to the + // stack. When the script is empty, there are no signature operations. + shScript := sigPops[len(sigPops)-1].data + if len(shScript) == 0 { + return 0 + } + + // Parse the P2SH script and don't check the error since parseScript + // returns the parsed-up-to-error list of pops and the consensus rules + // dictate signature operations are counted up to the first parse + // failure. + shPops, _ := parseScript(shScript) + return getSigOpCount(shPops, true) +} + +// GetWitnessSigOpCount returns the number of signature operations generated by +// spending the passed pkScript with the specified witness, or sigScript. +// Unlike GetPreciseSigOpCount, this function is able to accurately count the +// number of signature operations generated by spending witness programs, and +// nested p2sh witness programs. If the script fails to parse, then the count +// up to the point of failure is returned. +func GetWitnessSigOpCount(sigScript, pkScript []byte, witness wire.TxWitness) int { + // If this is a regular witness program, then we can proceed directly + // to counting its signature operations without any further processing. + if IsWitnessProgram(pkScript) { + return getWitnessSigOps(pkScript, witness) + } + + // Next, we'll check the sigScript to see if this is a nested p2sh + // witness program. This is a case wherein the sigScript is actually a + // datapush of a p2wsh witness program. + sigPops, err := parseScript(sigScript) + if err != nil { + return 0 + } + if IsPayToScriptHash(pkScript) && isPushOnly(sigPops) && + IsWitnessProgram(sigScript[1:]) { + return getWitnessSigOps(sigScript[1:], witness) + } + + return 0 +} + +// getWitnessSigOps returns the number of signature operations generated by +// spending the passed witness program wit the passed witness. The exact +// signature counting heuristic is modified by the version of the passed +// witness program. If the version of the witness program is unable to be +// extracted, then 0 is returned for the sig op count. +func getWitnessSigOps(pkScript []byte, witness wire.TxWitness) int { + // Attempt to extract the witness program version. + witnessVersion, witnessProgram, err := ExtractWitnessProgramInfo( + pkScript, + ) + if err != nil { + return 0 + } + + switch witnessVersion { + case 0: + switch { + case len(witnessProgram) == payToWitnessPubKeyHashDataSize: + return 1 + case len(witnessProgram) == payToWitnessScriptHashDataSize && + len(witness) > 0: + + witnessScript := witness[len(witness)-1] + pops, _ := parseScript(witnessScript) + return getSigOpCount(pops, true) + } + } + + return 0 +} + +// IsUnspendable returns whether the passed public key script is unspendable, or +// guaranteed to fail at execution. This allows inputs to be pruned instantly +// when entering the UTXO set. +func IsUnspendable(pkScript []byte) bool { + pops, err := parseScript(pkScript) + if err != nil { + return true + } + + return len(pops) > 0 && pops[0].opcode.value == OP_RETURN +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/scriptbuilder.go b/vendor/github.com/btcsuite/btcd/txscript/scriptbuilder.go new file mode 100644 index 0000000..7984dd9 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/scriptbuilder.go @@ -0,0 +1,274 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "encoding/binary" + "fmt" +) + +const ( + // defaultScriptAlloc is the default size used for the backing array + // for a script being built by the ScriptBuilder. The array will + // dynamically grow as needed, but this figure is intended to provide + // enough space for vast majority of scripts without needing to grow the + // backing array multiple times. + defaultScriptAlloc = 500 +) + +// ErrScriptNotCanonical identifies a non-canonical script. The caller can use +// a type assertion to detect this error type. +type ErrScriptNotCanonical string + +// Error implements the error interface. +func (e ErrScriptNotCanonical) Error() string { + return string(e) +} + +// ScriptBuilder provides a facility for building custom scripts. It allows +// you to push opcodes, ints, and data while respecting canonical encoding. In +// general it does not ensure the script will execute correctly, however any +// data pushes which would exceed the maximum allowed script engine limits and +// are therefore guaranteed not to execute will not be pushed and will result in +// the Script function returning an error. +// +// For example, the following would build a 2-of-3 multisig script for usage in +// a pay-to-script-hash (although in this situation MultiSigScript() would be a +// better choice to generate the script): +// builder := txscript.NewScriptBuilder() +// builder.AddOp(txscript.OP_2).AddData(pubKey1).AddData(pubKey2) +// builder.AddData(pubKey3).AddOp(txscript.OP_3) +// builder.AddOp(txscript.OP_CHECKMULTISIG) +// script, err := builder.Script() +// if err != nil { +// // Handle the error. +// return +// } +// fmt.Printf("Final multi-sig script: %x\n", script) +type ScriptBuilder struct { + script []byte + err error +} + +// AddOp pushes the passed opcode to the end of the script. The script will not +// be modified if pushing the opcode would cause the script to exceed the +// maximum allowed script engine size. +func (b *ScriptBuilder) AddOp(opcode byte) *ScriptBuilder { + if b.err != nil { + return b + } + + // Pushes that would cause the script to exceed the largest allowed + // script size would result in a non-canonical script. + if len(b.script)+1 > MaxScriptSize { + str := fmt.Sprintf("adding an opcode would exceed the maximum "+ + "allowed canonical script length of %d", MaxScriptSize) + b.err = ErrScriptNotCanonical(str) + return b + } + + b.script = append(b.script, opcode) + return b +} + +// AddOps pushes the passed opcodes to the end of the script. The script will +// not be modified if pushing the opcodes would cause the script to exceed the +// maximum allowed script engine size. +func (b *ScriptBuilder) AddOps(opcodes []byte) *ScriptBuilder { + if b.err != nil { + return b + } + + // Pushes that would cause the script to exceed the largest allowed + // script size would result in a non-canonical script. + if len(b.script)+len(opcodes) > MaxScriptSize { + str := fmt.Sprintf("adding opcodes would exceed the maximum "+ + "allowed canonical script length of %d", MaxScriptSize) + b.err = ErrScriptNotCanonical(str) + return b + } + + b.script = append(b.script, opcodes...) + return b +} + +// canonicalDataSize returns the number of bytes the canonical encoding of the +// data will take. +func canonicalDataSize(data []byte) int { + dataLen := len(data) + + // When the data consists of a single number that can be represented + // by one of the "small integer" opcodes, that opcode will be instead + // of a data push opcode followed by the number. + if dataLen == 0 { + return 1 + } else if dataLen == 1 && data[0] <= 16 { + return 1 + } else if dataLen == 1 && data[0] == 0x81 { + return 1 + } + + if dataLen < OP_PUSHDATA1 { + return 1 + dataLen + } else if dataLen <= 0xff { + return 2 + dataLen + } else if dataLen <= 0xffff { + return 3 + dataLen + } + + return 5 + dataLen +} + +// addData is the internal function that actually pushes the passed data to the +// end of the script. It automatically chooses canonical opcodes depending on +// the length of the data. A zero length buffer will lead to a push of empty +// data onto the stack (OP_0). No data limits are enforced with this function. +func (b *ScriptBuilder) addData(data []byte) *ScriptBuilder { + dataLen := len(data) + + // When the data consists of a single number that can be represented + // by one of the "small integer" opcodes, use that opcode instead of + // a data push opcode followed by the number. + if dataLen == 0 || dataLen == 1 && data[0] == 0 { + b.script = append(b.script, OP_0) + return b + } else if dataLen == 1 && data[0] <= 16 { + b.script = append(b.script, (OP_1-1)+data[0]) + return b + } else if dataLen == 1 && data[0] == 0x81 { + b.script = append(b.script, byte(OP_1NEGATE)) + return b + } + + // Use one of the OP_DATA_# opcodes if the length of the data is small + // enough so the data push instruction is only a single byte. + // Otherwise, choose the smallest possible OP_PUSHDATA# opcode that + // can represent the length of the data. + if dataLen < OP_PUSHDATA1 { + b.script = append(b.script, byte((OP_DATA_1-1)+dataLen)) + } else if dataLen <= 0xff { + b.script = append(b.script, OP_PUSHDATA1, byte(dataLen)) + } else if dataLen <= 0xffff { + buf := make([]byte, 2) + binary.LittleEndian.PutUint16(buf, uint16(dataLen)) + b.script = append(b.script, OP_PUSHDATA2) + b.script = append(b.script, buf...) + } else { + buf := make([]byte, 4) + binary.LittleEndian.PutUint32(buf, uint32(dataLen)) + b.script = append(b.script, OP_PUSHDATA4) + b.script = append(b.script, buf...) + } + + // Append the actual data. + b.script = append(b.script, data...) + + return b +} + +// AddFullData should not typically be used by ordinary users as it does not +// include the checks which prevent data pushes larger than the maximum allowed +// sizes which leads to scripts that can't be executed. This is provided for +// testing purposes such as regression tests where sizes are intentionally made +// larger than allowed. +// +// Use AddData instead. +func (b *ScriptBuilder) AddFullData(data []byte) *ScriptBuilder { + if b.err != nil { + return b + } + + return b.addData(data) +} + +// AddData pushes the passed data to the end of the script. It automatically +// chooses canonical opcodes depending on the length of the data. A zero length +// buffer will lead to a push of empty data onto the stack (OP_0) and any push +// of data greater than MaxScriptElementSize will not modify the script since +// that is not allowed by the script engine. Also, the script will not be +// modified if pushing the data would cause the script to exceed the maximum +// allowed script engine size. +func (b *ScriptBuilder) AddData(data []byte) *ScriptBuilder { + if b.err != nil { + return b + } + + // Pushes that would cause the script to exceed the largest allowed + // script size would result in a non-canonical script. + dataSize := canonicalDataSize(data) + if len(b.script)+dataSize > MaxScriptSize { + str := fmt.Sprintf("adding %d bytes of data would exceed the "+ + "maximum allowed canonical script length of %d", + dataSize, MaxScriptSize) + b.err = ErrScriptNotCanonical(str) + return b + } + + // Pushes larger than the max script element size would result in a + // script that is not canonical. + dataLen := len(data) + if dataLen > MaxScriptElementSize { + str := fmt.Sprintf("adding a data element of %d bytes would "+ + "exceed the maximum allowed script element size of %d", + dataLen, MaxScriptElementSize) + b.err = ErrScriptNotCanonical(str) + return b + } + + return b.addData(data) +} + +// AddInt64 pushes the passed integer to the end of the script. The script will +// not be modified if pushing the data would cause the script to exceed the +// maximum allowed script engine size. +func (b *ScriptBuilder) AddInt64(val int64) *ScriptBuilder { + if b.err != nil { + return b + } + + // Pushes that would cause the script to exceed the largest allowed + // script size would result in a non-canonical script. + if len(b.script)+1 > MaxScriptSize { + str := fmt.Sprintf("adding an integer would exceed the "+ + "maximum allow canonical script length of %d", + MaxScriptSize) + b.err = ErrScriptNotCanonical(str) + return b + } + + // Fast path for small integers and OP_1NEGATE. + if val == 0 { + b.script = append(b.script, OP_0) + return b + } + if val == -1 || (val >= 1 && val <= 16) { + b.script = append(b.script, byte((OP_1-1)+val)) + return b + } + + return b.AddData(scriptNum(val).Bytes()) +} + +// Reset resets the script so it has no content. +func (b *ScriptBuilder) Reset() *ScriptBuilder { + b.script = b.script[0:0] + b.err = nil + return b +} + +// Script returns the currently built script. When any errors occurred while +// building the script, the script will be returned up the point of the first +// error along with the error. +func (b *ScriptBuilder) Script() ([]byte, error) { + return b.script, b.err +} + +// NewScriptBuilder returns a new instance of a script builder. See +// ScriptBuilder for details. +func NewScriptBuilder() *ScriptBuilder { + return &ScriptBuilder{ + script: make([]byte, 0, defaultScriptAlloc), + } +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/scriptnum.go b/vendor/github.com/btcsuite/btcd/txscript/scriptnum.go new file mode 100644 index 0000000..a89d5f3 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/scriptnum.go @@ -0,0 +1,225 @@ +// Copyright (c) 2015-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "fmt" +) + +const ( + maxInt32 = 1<<31 - 1 + minInt32 = -1 << 31 + + // defaultScriptNumLen is the default number of bytes + // data being interpreted as an integer may be. + defaultScriptNumLen = 4 +) + +// scriptNum represents a numeric value used in the scripting engine with +// special handling to deal with the subtle semantics required by consensus. +// +// All numbers are stored on the data and alternate stacks encoded as little +// endian with a sign bit. All numeric opcodes such as OP_ADD, OP_SUB, +// and OP_MUL, are only allowed to operate on 4-byte integers in the range +// [-2^31 + 1, 2^31 - 1], however the results of numeric operations may overflow +// and remain valid so long as they are not used as inputs to other numeric +// operations or otherwise interpreted as an integer. +// +// For example, it is possible for OP_ADD to have 2^31 - 1 for its two operands +// resulting 2^32 - 2, which overflows, but is still pushed to the stack as the +// result of the addition. That value can then be used as input to OP_VERIFY +// which will succeed because the data is being interpreted as a boolean. +// However, if that same value were to be used as input to another numeric +// opcode, such as OP_SUB, it must fail. +// +// This type handles the aforementioned requirements by storing all numeric +// operation results as an int64 to handle overflow and provides the Bytes +// method to get the serialized representation (including values that overflow). +// +// Then, whenever data is interpreted as an integer, it is converted to this +// type by using the makeScriptNum function which will return an error if the +// number is out of range or not minimally encoded depending on parameters. +// Since all numeric opcodes involve pulling data from the stack and +// interpreting it as an integer, it provides the required behavior. +type scriptNum int64 + +// checkMinimalDataEncoding returns whether or not the passed byte array adheres +// to the minimal encoding requirements. +func checkMinimalDataEncoding(v []byte) error { + if len(v) == 0 { + return nil + } + + // Check that the number is encoded with the minimum possible + // number of bytes. + // + // If the most-significant-byte - excluding the sign bit - is zero + // then we're not minimal. Note how this test also rejects the + // negative-zero encoding, [0x80]. + if v[len(v)-1]&0x7f == 0 { + // One exception: if there's more than one byte and the most + // significant bit of the second-most-significant-byte is set + // it would conflict with the sign bit. An example of this case + // is +-255, which encode to 0xff00 and 0xff80 respectively. + // (big-endian). + if len(v) == 1 || v[len(v)-2]&0x80 == 0 { + str := fmt.Sprintf("numeric value encoded as %x is "+ + "not minimally encoded", v) + return scriptError(ErrMinimalData, str) + } + } + + return nil +} + +// Bytes returns the number serialized as a little endian with a sign bit. +// +// Example encodings: +// 127 -> [0x7f] +// -127 -> [0xff] +// 128 -> [0x80 0x00] +// -128 -> [0x80 0x80] +// 129 -> [0x81 0x00] +// -129 -> [0x81 0x80] +// 256 -> [0x00 0x01] +// -256 -> [0x00 0x81] +// 32767 -> [0xff 0x7f] +// -32767 -> [0xff 0xff] +// 32768 -> [0x00 0x80 0x00] +// -32768 -> [0x00 0x80 0x80] +func (n scriptNum) Bytes() []byte { + // Zero encodes as an empty byte slice. + if n == 0 { + return nil + } + + // Take the absolute value and keep track of whether it was originally + // negative. + isNegative := n < 0 + if isNegative { + n = -n + } + + // Encode to little endian. The maximum number of encoded bytes is 9 + // (8 bytes for max int64 plus a potential byte for sign extension). + result := make([]byte, 0, 9) + for n > 0 { + result = append(result, byte(n&0xff)) + n >>= 8 + } + + // When the most significant byte already has the high bit set, an + // additional high byte is required to indicate whether the number is + // negative or positive. The additional byte is removed when converting + // back to an integral and its high bit is used to denote the sign. + // + // Otherwise, when the most significant byte does not already have the + // high bit set, use it to indicate the value is negative, if needed. + if result[len(result)-1]&0x80 != 0 { + extraByte := byte(0x00) + if isNegative { + extraByte = 0x80 + } + result = append(result, extraByte) + + } else if isNegative { + result[len(result)-1] |= 0x80 + } + + return result +} + +// Int32 returns the script number clamped to a valid int32. That is to say +// when the script number is higher than the max allowed int32, the max int32 +// value is returned and vice versa for the minimum value. Note that this +// behavior is different from a simple int32 cast because that truncates +// and the consensus rules dictate numbers which are directly cast to ints +// provide this behavior. +// +// In practice, for most opcodes, the number should never be out of range since +// it will have been created with makeScriptNum using the defaultScriptLen +// value, which rejects them. In case something in the future ends up calling +// this function against the result of some arithmetic, which IS allowed to be +// out of range before being reinterpreted as an integer, this will provide the +// correct behavior. +func (n scriptNum) Int32() int32 { + if n > maxInt32 { + return maxInt32 + } + + if n < minInt32 { + return minInt32 + } + + return int32(n) +} + +// makeScriptNum interprets the passed serialized bytes as an encoded integer +// and returns the result as a script number. +// +// Since the consensus rules dictate that serialized bytes interpreted as ints +// are only allowed to be in the range determined by a maximum number of bytes, +// on a per opcode basis, an error will be returned when the provided bytes +// would result in a number outside of that range. In particular, the range for +// the vast majority of opcodes dealing with numeric values are limited to 4 +// bytes and therefore will pass that value to this function resulting in an +// allowed range of [-2^31 + 1, 2^31 - 1]. +// +// The requireMinimal flag causes an error to be returned if additional checks +// on the encoding determine it is not represented with the smallest possible +// number of bytes or is the negative 0 encoding, [0x80]. For example, consider +// the number 127. It could be encoded as [0x7f], [0x7f 0x00], +// [0x7f 0x00 0x00 ...], etc. All forms except [0x7f] will return an error with +// requireMinimal enabled. +// +// The scriptNumLen is the maximum number of bytes the encoded value can be +// before an ErrStackNumberTooBig is returned. This effectively limits the +// range of allowed values. +// WARNING: Great care should be taken if passing a value larger than +// defaultScriptNumLen, which could lead to addition and multiplication +// overflows. +// +// See the Bytes function documentation for example encodings. +func makeScriptNum(v []byte, requireMinimal bool, scriptNumLen int) (scriptNum, error) { + // Interpreting data requires that it is not larger than + // the the passed scriptNumLen value. + if len(v) > scriptNumLen { + str := fmt.Sprintf("numeric value encoded as %x is %d bytes "+ + "which exceeds the max allowed of %d", v, len(v), + scriptNumLen) + return 0, scriptError(ErrNumberTooBig, str) + } + + // Enforce minimal encoded if requested. + if requireMinimal { + if err := checkMinimalDataEncoding(v); err != nil { + return 0, err + } + } + + // Zero is encoded as an empty byte slice. + if len(v) == 0 { + return 0, nil + } + + // Decode from little endian. + var result int64 + for i, val := range v { + result |= int64(val) << uint8(8*i) + } + + // When the most significant byte of the input bytes has the sign bit + // set, the result is negative. So, remove the sign bit from the result + // and make it negative. + if v[len(v)-1]&0x80 != 0 { + // The maximum length of v has already been determined to be 4 + // above, so uint8 is enough to cover the max possible shift + // value of 24. + result &= ^(int64(0x80) << uint8(8*(len(v)-1))) + return scriptNum(-result), nil + } + + return scriptNum(result), nil +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/sigcache.go b/vendor/github.com/btcsuite/btcd/txscript/sigcache.go new file mode 100644 index 0000000..d9e4fa6 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/sigcache.go @@ -0,0 +1,99 @@ +// Copyright (c) 2015-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "sync" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// sigCacheEntry represents an entry in the SigCache. Entries within the +// SigCache are keyed according to the sigHash of the signature. In the +// scenario of a cache-hit (according to the sigHash), an additional comparison +// of the signature, and public key will be executed in order to ensure a complete +// match. In the occasion that two sigHashes collide, the newer sigHash will +// simply overwrite the existing entry. +type sigCacheEntry struct { + sig *btcec.Signature + pubKey *btcec.PublicKey +} + +// SigCache implements an ECDSA signature verification cache with a randomized +// entry eviction policy. Only valid signatures will be added to the cache. The +// benefits of SigCache are two fold. Firstly, usage of SigCache mitigates a DoS +// attack wherein an attack causes a victim's client to hang due to worst-case +// behavior triggered while processing attacker crafted invalid transactions. A +// detailed description of the mitigated DoS attack can be found here: +// https://bitslog.wordpress.com/2013/01/23/fixed-bitcoin-vulnerability-explanation-why-the-signature-cache-is-a-dos-protection/. +// Secondly, usage of the SigCache introduces a signature verification +// optimization which speeds up the validation of transactions within a block, +// if they've already been seen and verified within the mempool. +type SigCache struct { + sync.RWMutex + validSigs map[chainhash.Hash]sigCacheEntry + maxEntries uint +} + +// NewSigCache creates and initializes a new instance of SigCache. Its sole +// parameter 'maxEntries' represents the maximum number of entries allowed to +// exist in the SigCache at any particular moment. Random entries are evicted +// to make room for new entries that would cause the number of entries in the +// cache to exceed the max. +func NewSigCache(maxEntries uint) *SigCache { + return &SigCache{ + validSigs: make(map[chainhash.Hash]sigCacheEntry, maxEntries), + maxEntries: maxEntries, + } +} + +// Exists returns true if an existing entry of 'sig' over 'sigHash' for public +// key 'pubKey' is found within the SigCache. Otherwise, false is returned. +// +// NOTE: This function is safe for concurrent access. Readers won't be blocked +// unless there exists a writer, adding an entry to the SigCache. +func (s *SigCache) Exists(sigHash chainhash.Hash, sig *btcec.Signature, pubKey *btcec.PublicKey) bool { + s.RLock() + entry, ok := s.validSigs[sigHash] + s.RUnlock() + + return ok && entry.pubKey.IsEqual(pubKey) && entry.sig.IsEqual(sig) +} + +// Add adds an entry for a signature over 'sigHash' under public key 'pubKey' +// to the signature cache. In the event that the SigCache is 'full', an +// existing entry is randomly chosen to be evicted in order to make space for +// the new entry. +// +// NOTE: This function is safe for concurrent access. Writers will block +// simultaneous readers until function execution has concluded. +func (s *SigCache) Add(sigHash chainhash.Hash, sig *btcec.Signature, pubKey *btcec.PublicKey) { + s.Lock() + defer s.Unlock() + + if s.maxEntries <= 0 { + return + } + + // If adding this new entry will put us over the max number of allowed + // entries, then evict an entry. + if uint(len(s.validSigs)+1) > s.maxEntries { + // Remove a random entry from the map. Relying on the random + // starting point of Go's map iteration. It's worth noting that + // the random iteration starting point is not 100% guaranteed + // by the spec, however most Go compilers support it. + // Ultimately, the iteration order isn't important here because + // in order to manipulate which items are evicted, an adversary + // would need to be able to execute preimage attacks on the + // hashing function in order to start eviction at a specific + // entry. + for sigEntry := range s.validSigs { + delete(s.validSigs, sigEntry) + break + } + } + s.validSigs[sigHash] = sigCacheEntry{sig, pubKey} +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/sign.go b/vendor/github.com/btcsuite/btcd/txscript/sign.go new file mode 100644 index 0000000..42af968 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/sign.go @@ -0,0 +1,464 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "errors" + "fmt" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/wire" + "github.com/btcsuite/btcutil" +) + +// RawTxInWitnessSignature returns the serialized ECDA signature for the input +// idx of the given transaction, with the hashType appended to it. This +// function is identical to RawTxInSignature, however the signature generated +// signs a new sighash digest defined in BIP0143. +func RawTxInWitnessSignature(tx *wire.MsgTx, sigHashes *TxSigHashes, idx int, + amt int64, subScript []byte, hashType SigHashType, + key *btcec.PrivateKey) ([]byte, error) { + + parsedScript, err := parseScript(subScript) + if err != nil { + return nil, fmt.Errorf("cannot parse output script: %v", err) + } + + hash, err := calcWitnessSignatureHash(parsedScript, sigHashes, hashType, tx, + idx, amt) + if err != nil { + return nil, err + } + + signature, err := key.Sign(hash) + if err != nil { + return nil, fmt.Errorf("cannot sign tx input: %s", err) + } + + return append(signature.Serialize(), byte(hashType)), nil +} + +// WitnessSignature creates an input witness stack for tx to spend BTC sent +// from a previous output to the owner of privKey using the p2wkh script +// template. The passed transaction must contain all the inputs and outputs as +// dictated by the passed hashType. The signature generated observes the new +// transaction digest algorithm defined within BIP0143. +func WitnessSignature(tx *wire.MsgTx, sigHashes *TxSigHashes, idx int, amt int64, + subscript []byte, hashType SigHashType, privKey *btcec.PrivateKey, + compress bool) (wire.TxWitness, error) { + + sig, err := RawTxInWitnessSignature(tx, sigHashes, idx, amt, subscript, + hashType, privKey) + if err != nil { + return nil, err + } + + pk := (*btcec.PublicKey)(&privKey.PublicKey) + var pkData []byte + if compress { + pkData = pk.SerializeCompressed() + } else { + pkData = pk.SerializeUncompressed() + } + + // A witness script is actually a stack, so we return an array of byte + // slices here, rather than a single byte slice. + return wire.TxWitness{sig, pkData}, nil +} + +// RawTxInSignature returns the serialized ECDSA signature for the input idx of +// the given transaction, with hashType appended to it. +func RawTxInSignature(tx *wire.MsgTx, idx int, subScript []byte, + hashType SigHashType, key *btcec.PrivateKey) ([]byte, error) { + + hash, err := CalcSignatureHash(subScript, hashType, tx, idx) + if err != nil { + return nil, err + } + signature, err := key.Sign(hash) + if err != nil { + return nil, fmt.Errorf("cannot sign tx input: %s", err) + } + + return append(signature.Serialize(), byte(hashType)), nil +} + +// SignatureScript creates an input signature script for tx to spend BTC sent +// from a previous output to the owner of privKey. tx must include all +// transaction inputs and outputs, however txin scripts are allowed to be filled +// or empty. The returned script is calculated to be used as the idx'th txin +// sigscript for tx. subscript is the PkScript of the previous output being used +// as the idx'th input. privKey is serialized in either a compressed or +// uncompressed format based on compress. This format must match the same format +// used to generate the payment address, or the script validation will fail. +func SignatureScript(tx *wire.MsgTx, idx int, subscript []byte, hashType SigHashType, privKey *btcec.PrivateKey, compress bool) ([]byte, error) { + sig, err := RawTxInSignature(tx, idx, subscript, hashType, privKey) + if err != nil { + return nil, err + } + + pk := (*btcec.PublicKey)(&privKey.PublicKey) + var pkData []byte + if compress { + pkData = pk.SerializeCompressed() + } else { + pkData = pk.SerializeUncompressed() + } + + return NewScriptBuilder().AddData(sig).AddData(pkData).Script() +} + +func p2pkSignatureScript(tx *wire.MsgTx, idx int, subScript []byte, hashType SigHashType, privKey *btcec.PrivateKey) ([]byte, error) { + sig, err := RawTxInSignature(tx, idx, subScript, hashType, privKey) + if err != nil { + return nil, err + } + + return NewScriptBuilder().AddData(sig).Script() +} + +// signMultiSig signs as many of the outputs in the provided multisig script as +// possible. It returns the generated script and a boolean if the script fulfils +// the contract (i.e. nrequired signatures are provided). Since it is arguably +// legal to not be able to sign any of the outputs, no error is returned. +func signMultiSig(tx *wire.MsgTx, idx int, subScript []byte, hashType SigHashType, + addresses []btcutil.Address, nRequired int, kdb KeyDB) ([]byte, bool) { + // We start with a single OP_FALSE to work around the (now standard) + // but in the reference implementation that causes a spurious pop at + // the end of OP_CHECKMULTISIG. + builder := NewScriptBuilder().AddOp(OP_FALSE) + signed := 0 + for _, addr := range addresses { + key, _, err := kdb.GetKey(addr) + if err != nil { + continue + } + sig, err := RawTxInSignature(tx, idx, subScript, hashType, key) + if err != nil { + continue + } + + builder.AddData(sig) + signed++ + if signed == nRequired { + break + } + + } + + script, _ := builder.Script() + return script, signed == nRequired +} + +func sign(chainParams *chaincfg.Params, tx *wire.MsgTx, idx int, + subScript []byte, hashType SigHashType, kdb KeyDB, sdb ScriptDB) ([]byte, + ScriptClass, []btcutil.Address, int, error) { + + class, addresses, nrequired, err := ExtractPkScriptAddrs(subScript, + chainParams) + if err != nil { + return nil, NonStandardTy, nil, 0, err + } + + switch class { + case PubKeyTy: + // look up key for address + key, _, err := kdb.GetKey(addresses[0]) + if err != nil { + return nil, class, nil, 0, err + } + + script, err := p2pkSignatureScript(tx, idx, subScript, hashType, + key) + if err != nil { + return nil, class, nil, 0, err + } + + return script, class, addresses, nrequired, nil + case PubKeyHashTy: + // look up key for address + key, compressed, err := kdb.GetKey(addresses[0]) + if err != nil { + return nil, class, nil, 0, err + } + + script, err := SignatureScript(tx, idx, subScript, hashType, + key, compressed) + if err != nil { + return nil, class, nil, 0, err + } + + return script, class, addresses, nrequired, nil + case ScriptHashTy: + script, err := sdb.GetScript(addresses[0]) + if err != nil { + return nil, class, nil, 0, err + } + + return script, class, addresses, nrequired, nil + case MultiSigTy: + script, _ := signMultiSig(tx, idx, subScript, hashType, + addresses, nrequired, kdb) + return script, class, addresses, nrequired, nil + case NullDataTy: + return nil, class, nil, 0, + errors.New("can't sign NULLDATA transactions") + default: + return nil, class, nil, 0, + errors.New("can't sign unknown transactions") + } +} + +// mergeScripts merges sigScript and prevScript assuming they are both +// partial solutions for pkScript spending output idx of tx. class, addresses +// and nrequired are the result of extracting the addresses from pkscript. +// The return value is the best effort merging of the two scripts. Calling this +// function with addresses, class and nrequired that do not match pkScript is +// an error and results in undefined behaviour. +func mergeScripts(chainParams *chaincfg.Params, tx *wire.MsgTx, idx int, + pkScript []byte, class ScriptClass, addresses []btcutil.Address, + nRequired int, sigScript, prevScript []byte) []byte { + + // TODO: the scripthash and multisig paths here are overly + // inefficient in that they will recompute already known data. + // some internal refactoring could probably make this avoid needless + // extra calculations. + switch class { + case ScriptHashTy: + // Remove the last push in the script and then recurse. + // this could be a lot less inefficient. + sigPops, err := parseScript(sigScript) + if err != nil || len(sigPops) == 0 { + return prevScript + } + prevPops, err := parseScript(prevScript) + if err != nil || len(prevPops) == 0 { + return sigScript + } + + // assume that script in sigPops is the correct one, we just + // made it. + script := sigPops[len(sigPops)-1].data + + // We already know this information somewhere up the stack. + class, addresses, nrequired, _ := + ExtractPkScriptAddrs(script, chainParams) + + // regenerate scripts. + sigScript, _ := unparseScript(sigPops) + prevScript, _ := unparseScript(prevPops) + + // Merge + mergedScript := mergeScripts(chainParams, tx, idx, script, + class, addresses, nrequired, sigScript, prevScript) + + // Reappend the script and return the result. + builder := NewScriptBuilder() + builder.AddOps(mergedScript) + builder.AddData(script) + finalScript, _ := builder.Script() + return finalScript + case MultiSigTy: + return mergeMultiSig(tx, idx, addresses, nRequired, pkScript, + sigScript, prevScript) + + // It doesn't actually make sense to merge anything other than multiig + // and scripthash (because it could contain multisig). Everything else + // has either zero signature, can't be spent, or has a single signature + // which is either present or not. The other two cases are handled + // above. In the conflict case here we just assume the longest is + // correct (this matches behaviour of the reference implementation). + default: + if len(sigScript) > len(prevScript) { + return sigScript + } + return prevScript + } +} + +// mergeMultiSig combines the two signature scripts sigScript and prevScript +// that both provide signatures for pkScript in output idx of tx. addresses +// and nRequired should be the results from extracting the addresses from +// pkScript. Since this function is internal only we assume that the arguments +// have come from other functions internally and thus are all consistent with +// each other, behaviour is undefined if this contract is broken. +func mergeMultiSig(tx *wire.MsgTx, idx int, addresses []btcutil.Address, + nRequired int, pkScript, sigScript, prevScript []byte) []byte { + + // This is an internal only function and we already parsed this script + // as ok for multisig (this is how we got here), so if this fails then + // all assumptions are broken and who knows which way is up? + pkPops, _ := parseScript(pkScript) + + sigPops, err := parseScript(sigScript) + if err != nil || len(sigPops) == 0 { + return prevScript + } + + prevPops, err := parseScript(prevScript) + if err != nil || len(prevPops) == 0 { + return sigScript + } + + // Convenience function to avoid duplication. + extractSigs := func(pops []parsedOpcode, sigs [][]byte) [][]byte { + for _, pop := range pops { + if len(pop.data) != 0 { + sigs = append(sigs, pop.data) + } + } + return sigs + } + + possibleSigs := make([][]byte, 0, len(sigPops)+len(prevPops)) + possibleSigs = extractSigs(sigPops, possibleSigs) + possibleSigs = extractSigs(prevPops, possibleSigs) + + // Now we need to match the signatures to pubkeys, the only real way to + // do that is to try to verify them all and match it to the pubkey + // that verifies it. we then can go through the addresses in order + // to build our script. Anything that doesn't parse or doesn't verify we + // throw away. + addrToSig := make(map[string][]byte) +sigLoop: + for _, sig := range possibleSigs { + + // can't have a valid signature that doesn't at least have a + // hashtype, in practise it is even longer than this. but + // that'll be checked next. + if len(sig) < 1 { + continue + } + tSig := sig[:len(sig)-1] + hashType := SigHashType(sig[len(sig)-1]) + + pSig, err := btcec.ParseDERSignature(tSig, btcec.S256()) + if err != nil { + continue + } + + // We have to do this each round since hash types may vary + // between signatures and so the hash will vary. We can, + // however, assume no sigs etc are in the script since that + // would make the transaction nonstandard and thus not + // MultiSigTy, so we just need to hash the full thing. + hash := calcSignatureHash(pkPops, hashType, tx, idx) + + for _, addr := range addresses { + // All multisig addresses should be pubkey addresses + // it is an error to call this internal function with + // bad input. + pkaddr := addr.(*btcutil.AddressPubKey) + + pubKey := pkaddr.PubKey() + + // If it matches we put it in the map. We only + // can take one signature per public key so if we + // already have one, we can throw this away. + if pSig.Verify(hash, pubKey) { + aStr := addr.EncodeAddress() + if _, ok := addrToSig[aStr]; !ok { + addrToSig[aStr] = sig + } + continue sigLoop + } + } + } + + // Extra opcode to handle the extra arg consumed (due to previous bugs + // in the reference implementation). + builder := NewScriptBuilder().AddOp(OP_FALSE) + doneSigs := 0 + // This assumes that addresses are in the same order as in the script. + for _, addr := range addresses { + sig, ok := addrToSig[addr.EncodeAddress()] + if !ok { + continue + } + builder.AddData(sig) + doneSigs++ + if doneSigs == nRequired { + break + } + } + + // padding for missing ones. + for i := doneSigs; i < nRequired; i++ { + builder.AddOp(OP_0) + } + + script, _ := builder.Script() + return script +} + +// KeyDB is an interface type provided to SignTxOutput, it encapsulates +// any user state required to get the private keys for an address. +type KeyDB interface { + GetKey(btcutil.Address) (*btcec.PrivateKey, bool, error) +} + +// KeyClosure implements KeyDB with a closure. +type KeyClosure func(btcutil.Address) (*btcec.PrivateKey, bool, error) + +// GetKey implements KeyDB by returning the result of calling the closure. +func (kc KeyClosure) GetKey(address btcutil.Address) (*btcec.PrivateKey, + bool, error) { + return kc(address) +} + +// ScriptDB is an interface type provided to SignTxOutput, it encapsulates any +// user state required to get the scripts for an pay-to-script-hash address. +type ScriptDB interface { + GetScript(btcutil.Address) ([]byte, error) +} + +// ScriptClosure implements ScriptDB with a closure. +type ScriptClosure func(btcutil.Address) ([]byte, error) + +// GetScript implements ScriptDB by returning the result of calling the closure. +func (sc ScriptClosure) GetScript(address btcutil.Address) ([]byte, error) { + return sc(address) +} + +// SignTxOutput signs output idx of the given tx to resolve the script given in +// pkScript with a signature type of hashType. Any keys required will be +// looked up by calling getKey() with the string of the given address. +// Any pay-to-script-hash signatures will be similarly looked up by calling +// getScript. If previousScript is provided then the results in previousScript +// will be merged in a type-dependent manner with the newly generated. +// signature script. +func SignTxOutput(chainParams *chaincfg.Params, tx *wire.MsgTx, idx int, + pkScript []byte, hashType SigHashType, kdb KeyDB, sdb ScriptDB, + previousScript []byte) ([]byte, error) { + + sigScript, class, addresses, nrequired, err := sign(chainParams, tx, + idx, pkScript, hashType, kdb, sdb) + if err != nil { + return nil, err + } + + if class == ScriptHashTy { + // TODO keep the sub addressed and pass down to merge. + realSigScript, _, _, _, err := sign(chainParams, tx, idx, + sigScript, hashType, kdb, sdb) + if err != nil { + return nil, err + } + + // Append the p2sh script as the last push in the script. + builder := NewScriptBuilder() + builder.AddOps(realSigScript) + builder.AddData(sigScript) + + sigScript, _ = builder.Script() + // TODO keep a copy of the script for merging. + } + + // Merge scripts. with any previous data, if any. + mergedScript := mergeScripts(chainParams, tx, idx, pkScript, class, + addresses, nrequired, sigScript, previousScript) + return mergedScript, nil +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/stack.go b/vendor/github.com/btcsuite/btcd/txscript/stack.go new file mode 100644 index 0000000..eb1d8cf --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/stack.go @@ -0,0 +1,361 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "encoding/hex" + "fmt" +) + +// asBool gets the boolean value of the byte array. +func asBool(t []byte) bool { + for i := range t { + if t[i] != 0 { + // Negative 0 is also considered false. + if i == len(t)-1 && t[i] == 0x80 { + return false + } + return true + } + } + return false +} + +// fromBool converts a boolean into the appropriate byte array. +func fromBool(v bool) []byte { + if v { + return []byte{1} + } + return nil +} + +// stack represents a stack of immutable objects to be used with bitcoin +// scripts. Objects may be shared, therefore in usage if a value is to be +// changed it *must* be deep-copied first to avoid changing other values on the +// stack. +type stack struct { + stk [][]byte + verifyMinimalData bool +} + +// Depth returns the number of items on the stack. +func (s *stack) Depth() int32 { + return int32(len(s.stk)) +} + +// PushByteArray adds the given back array to the top of the stack. +// +// Stack transformation: [... x1 x2] -> [... x1 x2 data] +func (s *stack) PushByteArray(so []byte) { + s.stk = append(s.stk, so) +} + +// PushInt converts the provided scriptNum to a suitable byte array then pushes +// it onto the top of the stack. +// +// Stack transformation: [... x1 x2] -> [... x1 x2 int] +func (s *stack) PushInt(val scriptNum) { + s.PushByteArray(val.Bytes()) +} + +// PushBool converts the provided boolean to a suitable byte array then pushes +// it onto the top of the stack. +// +// Stack transformation: [... x1 x2] -> [... x1 x2 bool] +func (s *stack) PushBool(val bool) { + s.PushByteArray(fromBool(val)) +} + +// PopByteArray pops the value off the top of the stack and returns it. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2] +func (s *stack) PopByteArray() ([]byte, error) { + return s.nipN(0) +} + +// PopInt pops the value off the top of the stack, converts it into a script +// num, and returns it. The act of converting to a script num enforces the +// consensus rules imposed on data interpreted as numbers. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2] +func (s *stack) PopInt() (scriptNum, error) { + so, err := s.PopByteArray() + if err != nil { + return 0, err + } + + return makeScriptNum(so, s.verifyMinimalData, defaultScriptNumLen) +} + +// PopBool pops the value off the top of the stack, converts it into a bool, and +// returns it. +// +// Stack transformation: [... x1 x2 x3] -> [... x1 x2] +func (s *stack) PopBool() (bool, error) { + so, err := s.PopByteArray() + if err != nil { + return false, err + } + + return asBool(so), nil +} + +// PeekByteArray returns the Nth item on the stack without removing it. +func (s *stack) PeekByteArray(idx int32) ([]byte, error) { + sz := int32(len(s.stk)) + if idx < 0 || idx >= sz { + str := fmt.Sprintf("index %d is invalid for stack size %d", idx, + sz) + return nil, scriptError(ErrInvalidStackOperation, str) + } + + return s.stk[sz-idx-1], nil +} + +// PeekInt returns the Nth item on the stack as a script num without removing +// it. The act of converting to a script num enforces the consensus rules +// imposed on data interpreted as numbers. +func (s *stack) PeekInt(idx int32) (scriptNum, error) { + so, err := s.PeekByteArray(idx) + if err != nil { + return 0, err + } + + return makeScriptNum(so, s.verifyMinimalData, defaultScriptNumLen) +} + +// PeekBool returns the Nth item on the stack as a bool without removing it. +func (s *stack) PeekBool(idx int32) (bool, error) { + so, err := s.PeekByteArray(idx) + if err != nil { + return false, err + } + + return asBool(so), nil +} + +// nipN is an internal function that removes the nth item on the stack and +// returns it. +// +// Stack transformation: +// nipN(0): [... x1 x2 x3] -> [... x1 x2] +// nipN(1): [... x1 x2 x3] -> [... x1 x3] +// nipN(2): [... x1 x2 x3] -> [... x2 x3] +func (s *stack) nipN(idx int32) ([]byte, error) { + sz := int32(len(s.stk)) + if idx < 0 || idx > sz-1 { + str := fmt.Sprintf("index %d is invalid for stack size %d", idx, + sz) + return nil, scriptError(ErrInvalidStackOperation, str) + } + + so := s.stk[sz-idx-1] + if idx == 0 { + s.stk = s.stk[:sz-1] + } else if idx == sz-1 { + s1 := make([][]byte, sz-1) + copy(s1, s.stk[1:]) + s.stk = s1 + } else { + s1 := s.stk[sz-idx : sz] + s.stk = s.stk[:sz-idx-1] + s.stk = append(s.stk, s1...) + } + return so, nil +} + +// NipN removes the Nth object on the stack +// +// Stack transformation: +// NipN(0): [... x1 x2 x3] -> [... x1 x2] +// NipN(1): [... x1 x2 x3] -> [... x1 x3] +// NipN(2): [... x1 x2 x3] -> [... x2 x3] +func (s *stack) NipN(idx int32) error { + _, err := s.nipN(idx) + return err +} + +// Tuck copies the item at the top of the stack and inserts it before the 2nd +// to top item. +// +// Stack transformation: [... x1 x2] -> [... x2 x1 x2] +func (s *stack) Tuck() error { + so2, err := s.PopByteArray() + if err != nil { + return err + } + so1, err := s.PopByteArray() + if err != nil { + return err + } + s.PushByteArray(so2) // stack [... x2] + s.PushByteArray(so1) // stack [... x2 x1] + s.PushByteArray(so2) // stack [... x2 x1 x2] + + return nil +} + +// DropN removes the top N items from the stack. +// +// Stack transformation: +// DropN(1): [... x1 x2] -> [... x1] +// DropN(2): [... x1 x2] -> [...] +func (s *stack) DropN(n int32) error { + if n < 1 { + str := fmt.Sprintf("attempt to drop %d items from stack", n) + return scriptError(ErrInvalidStackOperation, str) + } + + for ; n > 0; n-- { + _, err := s.PopByteArray() + if err != nil { + return err + } + } + return nil +} + +// DupN duplicates the top N items on the stack. +// +// Stack transformation: +// DupN(1): [... x1 x2] -> [... x1 x2 x2] +// DupN(2): [... x1 x2] -> [... x1 x2 x1 x2] +func (s *stack) DupN(n int32) error { + if n < 1 { + str := fmt.Sprintf("attempt to dup %d stack items", n) + return scriptError(ErrInvalidStackOperation, str) + } + + // Iteratively duplicate the value n-1 down the stack n times. + // This leaves an in-order duplicate of the top n items on the stack. + for i := n; i > 0; i-- { + so, err := s.PeekByteArray(n - 1) + if err != nil { + return err + } + s.PushByteArray(so) + } + return nil +} + +// RotN rotates the top 3N items on the stack to the left N times. +// +// Stack transformation: +// RotN(1): [... x1 x2 x3] -> [... x2 x3 x1] +// RotN(2): [... x1 x2 x3 x4 x5 x6] -> [... x3 x4 x5 x6 x1 x2] +func (s *stack) RotN(n int32) error { + if n < 1 { + str := fmt.Sprintf("attempt to rotate %d stack items", n) + return scriptError(ErrInvalidStackOperation, str) + } + + // Nip the 3n-1th item from the stack to the top n times to rotate + // them up to the head of the stack. + entry := 3*n - 1 + for i := n; i > 0; i-- { + so, err := s.nipN(entry) + if err != nil { + return err + } + + s.PushByteArray(so) + } + return nil +} + +// SwapN swaps the top N items on the stack with those below them. +// +// Stack transformation: +// SwapN(1): [... x1 x2] -> [... x2 x1] +// SwapN(2): [... x1 x2 x3 x4] -> [... x3 x4 x1 x2] +func (s *stack) SwapN(n int32) error { + if n < 1 { + str := fmt.Sprintf("attempt to swap %d stack items", n) + return scriptError(ErrInvalidStackOperation, str) + } + + entry := 2*n - 1 + for i := n; i > 0; i-- { + // Swap 2n-1th entry to top. + so, err := s.nipN(entry) + if err != nil { + return err + } + + s.PushByteArray(so) + } + return nil +} + +// OverN copies N items N items back to the top of the stack. +// +// Stack transformation: +// OverN(1): [... x1 x2 x3] -> [... x1 x2 x3 x2] +// OverN(2): [... x1 x2 x3 x4] -> [... x1 x2 x3 x4 x1 x2] +func (s *stack) OverN(n int32) error { + if n < 1 { + str := fmt.Sprintf("attempt to perform over on %d stack items", + n) + return scriptError(ErrInvalidStackOperation, str) + } + + // Copy 2n-1th entry to top of the stack. + entry := 2*n - 1 + for ; n > 0; n-- { + so, err := s.PeekByteArray(entry) + if err != nil { + return err + } + s.PushByteArray(so) + } + + return nil +} + +// PickN copies the item N items back in the stack to the top. +// +// Stack transformation: +// PickN(0): [x1 x2 x3] -> [x1 x2 x3 x3] +// PickN(1): [x1 x2 x3] -> [x1 x2 x3 x2] +// PickN(2): [x1 x2 x3] -> [x1 x2 x3 x1] +func (s *stack) PickN(n int32) error { + so, err := s.PeekByteArray(n) + if err != nil { + return err + } + s.PushByteArray(so) + + return nil +} + +// RollN moves the item N items back in the stack to the top. +// +// Stack transformation: +// RollN(0): [x1 x2 x3] -> [x1 x2 x3] +// RollN(1): [x1 x2 x3] -> [x1 x3 x2] +// RollN(2): [x1 x2 x3] -> [x2 x3 x1] +func (s *stack) RollN(n int32) error { + so, err := s.nipN(n) + if err != nil { + return err + } + + s.PushByteArray(so) + + return nil +} + +// String returns the stack in a readable format. +func (s *stack) String() string { + var result string + for _, stack := range s.stk { + if len(stack) == 0 { + result += "00000000 \n" + } + result += hex.Dump(stack) + } + + return result +} diff --git a/vendor/github.com/btcsuite/btcd/txscript/standard.go b/vendor/github.com/btcsuite/btcd/txscript/standard.go new file mode 100644 index 0000000..a7e929d --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/txscript/standard.go @@ -0,0 +1,707 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package txscript + +import ( + "fmt" + + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/wire" + "github.com/btcsuite/btcutil" +) + +const ( + // MaxDataCarrierSize is the maximum number of bytes allowed in pushed + // data to be considered a nulldata transaction + MaxDataCarrierSize = 80 + + // StandardVerifyFlags are the script flags which are used when + // executing transaction scripts to enforce additional checks which + // are required for the script to be considered standard. These checks + // help reduce issues related to transaction malleability as well as + // allow pay-to-script hash transactions. Note these flags are + // different than what is required for the consensus rules in that they + // are more strict. + // + // TODO: This definition does not belong here. It belongs in a policy + // package. + StandardVerifyFlags = ScriptBip16 | + ScriptVerifyDERSignatures | + ScriptVerifyStrictEncoding | + ScriptVerifyMinimalData | + ScriptStrictMultiSig | + ScriptDiscourageUpgradableNops | + ScriptVerifyCleanStack | + ScriptVerifyNullFail | + ScriptVerifyCheckLockTimeVerify | + ScriptVerifyCheckSequenceVerify | + ScriptVerifyLowS | + ScriptStrictMultiSig | + ScriptVerifyWitness | + ScriptVerifyDiscourageUpgradeableWitnessProgram | + ScriptVerifyMinimalIf | + ScriptVerifyWitnessPubKeyType +) + +// ScriptClass is an enumeration for the list of standard types of script. +type ScriptClass byte + +// Classes of script payment known about in the blockchain. +const ( + NonStandardTy ScriptClass = iota // None of the recognized forms. + PubKeyTy // Pay pubkey. + PubKeyHashTy // Pay pubkey hash. + WitnessV0PubKeyHashTy // Pay witness pubkey hash. + ScriptHashTy // Pay to script hash. + WitnessV0ScriptHashTy // Pay to witness script hash. + MultiSigTy // Multi signature. + NullDataTy // Empty data-only (provably prunable). +) + +// scriptClassToName houses the human-readable strings which describe each +// script class. +var scriptClassToName = []string{ + NonStandardTy: "nonstandard", + PubKeyTy: "pubkey", + PubKeyHashTy: "pubkeyhash", + WitnessV0PubKeyHashTy: "witness_v0_keyhash", + ScriptHashTy: "scripthash", + WitnessV0ScriptHashTy: "witness_v0_scripthash", + MultiSigTy: "multisig", + NullDataTy: "nulldata", +} + +// String implements the Stringer interface by returning the name of +// the enum script class. If the enum is invalid then "Invalid" will be +// returned. +func (t ScriptClass) String() string { + if int(t) > len(scriptClassToName) || int(t) < 0 { + return "Invalid" + } + return scriptClassToName[t] +} + +// isPubkey returns true if the script passed is a pay-to-pubkey transaction, +// false otherwise. +func isPubkey(pops []parsedOpcode) bool { + // Valid pubkeys are either 33 or 65 bytes. + return len(pops) == 2 && + (len(pops[0].data) == 33 || len(pops[0].data) == 65) && + pops[1].opcode.value == OP_CHECKSIG +} + +// isPubkeyHash returns true if the script passed is a pay-to-pubkey-hash +// transaction, false otherwise. +func isPubkeyHash(pops []parsedOpcode) bool { + return len(pops) == 5 && + pops[0].opcode.value == OP_DUP && + pops[1].opcode.value == OP_HASH160 && + pops[2].opcode.value == OP_DATA_20 && + pops[3].opcode.value == OP_EQUALVERIFY && + pops[4].opcode.value == OP_CHECKSIG + +} + +// isMultiSig returns true if the passed script is a multisig transaction, false +// otherwise. +func isMultiSig(pops []parsedOpcode) bool { + // The absolute minimum is 1 pubkey: + // OP_0/OP_1-16 OP_1 OP_CHECKMULTISIG + l := len(pops) + if l < 4 { + return false + } + if !isSmallInt(pops[0].opcode) { + return false + } + if !isSmallInt(pops[l-2].opcode) { + return false + } + if pops[l-1].opcode.value != OP_CHECKMULTISIG { + return false + } + + // Verify the number of pubkeys specified matches the actual number + // of pubkeys provided. + if l-2-1 != asSmallInt(pops[l-2].opcode) { + return false + } + + for _, pop := range pops[1 : l-2] { + // Valid pubkeys are either 33 or 65 bytes. + if len(pop.data) != 33 && len(pop.data) != 65 { + return false + } + } + return true +} + +// isNullData returns true if the passed script is a null data transaction, +// false otherwise. +func isNullData(pops []parsedOpcode) bool { + // A nulldata transaction is either a single OP_RETURN or an + // OP_RETURN SMALLDATA (where SMALLDATA is a data push up to + // MaxDataCarrierSize bytes). + l := len(pops) + if l == 1 && pops[0].opcode.value == OP_RETURN { + return true + } + + return l == 2 && + pops[0].opcode.value == OP_RETURN && + (isSmallInt(pops[1].opcode) || pops[1].opcode.value <= + OP_PUSHDATA4) && + len(pops[1].data) <= MaxDataCarrierSize +} + +// scriptType returns the type of the script being inspected from the known +// standard types. +func typeOfScript(pops []parsedOpcode) ScriptClass { + if isPubkey(pops) { + return PubKeyTy + } else if isPubkeyHash(pops) { + return PubKeyHashTy + } else if isWitnessPubKeyHash(pops) { + return WitnessV0PubKeyHashTy + } else if isScriptHash(pops) { + return ScriptHashTy + } else if isWitnessScriptHash(pops) { + return WitnessV0ScriptHashTy + } else if isMultiSig(pops) { + return MultiSigTy + } else if isNullData(pops) { + return NullDataTy + } + return NonStandardTy +} + +// GetScriptClass returns the class of the script passed. +// +// NonStandardTy will be returned when the script does not parse. +func GetScriptClass(script []byte) ScriptClass { + pops, err := parseScript(script) + if err != nil { + return NonStandardTy + } + return typeOfScript(pops) +} + +// expectedInputs returns the number of arguments required by a script. +// If the script is of unknown type such that the number can not be determined +// then -1 is returned. We are an internal function and thus assume that class +// is the real class of pops (and we can thus assume things that were determined +// while finding out the type). +func expectedInputs(pops []parsedOpcode, class ScriptClass) int { + switch class { + case PubKeyTy: + return 1 + + case PubKeyHashTy: + return 2 + + case WitnessV0PubKeyHashTy: + return 2 + + case ScriptHashTy: + // Not including script. That is handled by the caller. + return 1 + + case WitnessV0ScriptHashTy: + // Not including script. That is handled by the caller. + return 1 + + case MultiSigTy: + // Standard multisig has a push a small number for the number + // of sigs and number of keys. Check the first push instruction + // to see how many arguments are expected. typeOfScript already + // checked this so we know it'll be a small int. Also, due to + // the original bitcoind bug where OP_CHECKMULTISIG pops an + // additional item from the stack, add an extra expected input + // for the extra push that is required to compensate. + return asSmallInt(pops[0].opcode) + 1 + + case NullDataTy: + fallthrough + default: + return -1 + } +} + +// ScriptInfo houses information about a script pair that is determined by +// CalcScriptInfo. +type ScriptInfo struct { + // PkScriptClass is the class of the public key script and is equivalent + // to calling GetScriptClass on it. + PkScriptClass ScriptClass + + // NumInputs is the number of inputs provided by the public key script. + NumInputs int + + // ExpectedInputs is the number of outputs required by the signature + // script and any pay-to-script-hash scripts. The number will be -1 if + // unknown. + ExpectedInputs int + + // SigOps is the number of signature operations in the script pair. + SigOps int +} + +// CalcScriptInfo returns a structure providing data about the provided script +// pair. It will error if the pair is in someway invalid such that they can not +// be analysed, i.e. if they do not parse or the pkScript is not a push-only +// script +func CalcScriptInfo(sigScript, pkScript []byte, witness wire.TxWitness, + bip16, segwit bool) (*ScriptInfo, error) { + + sigPops, err := parseScript(sigScript) + if err != nil { + return nil, err + } + + pkPops, err := parseScript(pkScript) + if err != nil { + return nil, err + } + + // Push only sigScript makes little sense. + si := new(ScriptInfo) + si.PkScriptClass = typeOfScript(pkPops) + + // Can't have a signature script that doesn't just push data. + if !isPushOnly(sigPops) { + return nil, scriptError(ErrNotPushOnly, + "signature script is not push only") + } + + si.ExpectedInputs = expectedInputs(pkPops, si.PkScriptClass) + + switch { + // Count sigops taking into account pay-to-script-hash. + case si.PkScriptClass == ScriptHashTy && bip16 && !segwit: + // The pay-to-hash-script is the final data push of the + // signature script. + script := sigPops[len(sigPops)-1].data + shPops, err := parseScript(script) + if err != nil { + return nil, err + } + + shInputs := expectedInputs(shPops, typeOfScript(shPops)) + if shInputs == -1 { + si.ExpectedInputs = -1 + } else { + si.ExpectedInputs += shInputs + } + si.SigOps = getSigOpCount(shPops, true) + + // All entries pushed to stack (or are OP_RESERVED and exec + // will fail). + si.NumInputs = len(sigPops) + + // If segwit is active, and this is a regular p2wkh output, then we'll + // treat the script as a p2pkh output in essence. + case si.PkScriptClass == WitnessV0PubKeyHashTy && segwit: + + si.SigOps = GetWitnessSigOpCount(sigScript, pkScript, witness) + si.NumInputs = len(witness) + + // We'll attempt to detect the nested p2sh case so we can accurately + // count the signature operations involved. + case si.PkScriptClass == ScriptHashTy && + IsWitnessProgram(sigScript[1:]) && bip16 && segwit: + + // Extract the pushed witness program from the sigScript so we + // can determine the number of expected inputs. + pkPops, _ := parseScript(sigScript[1:]) + shInputs := expectedInputs(pkPops, typeOfScript(pkPops)) + if shInputs == -1 { + si.ExpectedInputs = -1 + } else { + si.ExpectedInputs += shInputs + } + + si.SigOps = GetWitnessSigOpCount(sigScript, pkScript, witness) + + si.NumInputs = len(witness) + si.NumInputs += len(sigPops) + + // If segwit is active, and this is a p2wsh output, then we'll need to + // examine the witness script to generate accurate script info. + case si.PkScriptClass == WitnessV0ScriptHashTy && segwit: + // The witness script is the final element of the witness + // stack. + witnessScript := witness[len(witness)-1] + pops, _ := parseScript(witnessScript) + + shInputs := expectedInputs(pops, typeOfScript(pops)) + if shInputs == -1 { + si.ExpectedInputs = -1 + } else { + si.ExpectedInputs += shInputs + } + + si.SigOps = GetWitnessSigOpCount(sigScript, pkScript, witness) + si.NumInputs = len(witness) + + default: + si.SigOps = getSigOpCount(pkPops, true) + + // All entries pushed to stack (or are OP_RESERVED and exec + // will fail). + si.NumInputs = len(sigPops) + } + + return si, nil +} + +// CalcMultiSigStats returns the number of public keys and signatures from +// a multi-signature transaction script. The passed script MUST already be +// known to be a multi-signature script. +func CalcMultiSigStats(script []byte) (int, int, error) { + pops, err := parseScript(script) + if err != nil { + return 0, 0, err + } + + // A multi-signature script is of the pattern: + // NUM_SIGS PUBKEY PUBKEY PUBKEY... NUM_PUBKEYS OP_CHECKMULTISIG + // Therefore the number of signatures is the oldest item on the stack + // and the number of pubkeys is the 2nd to last. Also, the absolute + // minimum for a multi-signature script is 1 pubkey, so at least 4 + // items must be on the stack per: + // OP_1 PUBKEY OP_1 OP_CHECKMULTISIG + if len(pops) < 4 { + str := fmt.Sprintf("script %x is not a multisig script", script) + return 0, 0, scriptError(ErrNotMultisigScript, str) + } + + numSigs := asSmallInt(pops[0].opcode) + numPubKeys := asSmallInt(pops[len(pops)-2].opcode) + return numPubKeys, numSigs, nil +} + +// payToPubKeyHashScript creates a new script to pay a transaction +// output to a 20-byte pubkey hash. It is expected that the input is a valid +// hash. +func payToPubKeyHashScript(pubKeyHash []byte) ([]byte, error) { + return NewScriptBuilder().AddOp(OP_DUP).AddOp(OP_HASH160). + AddData(pubKeyHash).AddOp(OP_EQUALVERIFY).AddOp(OP_CHECKSIG). + Script() +} + +// payToWitnessPubKeyHashScript creates a new script to pay to a version 0 +// pubkey hash witness program. The passed hash is expected to be valid. +func payToWitnessPubKeyHashScript(pubKeyHash []byte) ([]byte, error) { + return NewScriptBuilder().AddOp(OP_0).AddData(pubKeyHash).Script() +} + +// payToScriptHashScript creates a new script to pay a transaction output to a +// script hash. It is expected that the input is a valid hash. +func payToScriptHashScript(scriptHash []byte) ([]byte, error) { + return NewScriptBuilder().AddOp(OP_HASH160).AddData(scriptHash). + AddOp(OP_EQUAL).Script() +} + +// payToWitnessPubKeyHashScript creates a new script to pay to a version 0 +// script hash witness program. The passed hash is expected to be valid. +func payToWitnessScriptHashScript(scriptHash []byte) ([]byte, error) { + return NewScriptBuilder().AddOp(OP_0).AddData(scriptHash).Script() +} + +// payToPubkeyScript creates a new script to pay a transaction output to a +// public key. It is expected that the input is a valid pubkey. +func payToPubKeyScript(serializedPubKey []byte) ([]byte, error) { + return NewScriptBuilder().AddData(serializedPubKey). + AddOp(OP_CHECKSIG).Script() +} + +// PayToAddrScript creates a new script to pay a transaction output to a the +// specified address. +func PayToAddrScript(addr btcutil.Address) ([]byte, error) { + const nilAddrErrStr = "unable to generate payment script for nil address" + + switch addr := addr.(type) { + case *btcutil.AddressPubKeyHash: + if addr == nil { + return nil, scriptError(ErrUnsupportedAddress, + nilAddrErrStr) + } + return payToPubKeyHashScript(addr.ScriptAddress()) + + case *btcutil.AddressScriptHash: + if addr == nil { + return nil, scriptError(ErrUnsupportedAddress, + nilAddrErrStr) + } + return payToScriptHashScript(addr.ScriptAddress()) + + case *btcutil.AddressPubKey: + if addr == nil { + return nil, scriptError(ErrUnsupportedAddress, + nilAddrErrStr) + } + return payToPubKeyScript(addr.ScriptAddress()) + + case *btcutil.AddressWitnessPubKeyHash: + if addr == nil { + return nil, scriptError(ErrUnsupportedAddress, + nilAddrErrStr) + } + return payToWitnessPubKeyHashScript(addr.ScriptAddress()) + case *btcutil.AddressWitnessScriptHash: + if addr == nil { + return nil, scriptError(ErrUnsupportedAddress, + nilAddrErrStr) + } + return payToWitnessScriptHashScript(addr.ScriptAddress()) + } + + str := fmt.Sprintf("unable to generate payment script for unsupported "+ + "address type %T", addr) + return nil, scriptError(ErrUnsupportedAddress, str) +} + +// NullDataScript creates a provably-prunable script containing OP_RETURN +// followed by the passed data. An Error with the error code ErrTooMuchNullData +// will be returned if the length of the passed data exceeds MaxDataCarrierSize. +func NullDataScript(data []byte) ([]byte, error) { + if len(data) > MaxDataCarrierSize { + str := fmt.Sprintf("data size %d is larger than max "+ + "allowed size %d", len(data), MaxDataCarrierSize) + return nil, scriptError(ErrTooMuchNullData, str) + } + + return NewScriptBuilder().AddOp(OP_RETURN).AddData(data).Script() +} + +// MultiSigScript returns a valid script for a multisignature redemption where +// nrequired of the keys in pubkeys are required to have signed the transaction +// for success. An Error with the error code ErrTooManyRequiredSigs will be +// returned if nrequired is larger than the number of keys provided. +func MultiSigScript(pubkeys []*btcutil.AddressPubKey, nrequired int) ([]byte, error) { + if len(pubkeys) < nrequired { + str := fmt.Sprintf("unable to generate multisig script with "+ + "%d required signatures when there are only %d public "+ + "keys available", nrequired, len(pubkeys)) + return nil, scriptError(ErrTooManyRequiredSigs, str) + } + + builder := NewScriptBuilder().AddInt64(int64(nrequired)) + for _, key := range pubkeys { + builder.AddData(key.ScriptAddress()) + } + builder.AddInt64(int64(len(pubkeys))) + builder.AddOp(OP_CHECKMULTISIG) + + return builder.Script() +} + +// PushedData returns an array of byte slices containing any pushed data found +// in the passed script. This includes OP_0, but not OP_1 - OP_16. +func PushedData(script []byte) ([][]byte, error) { + pops, err := parseScript(script) + if err != nil { + return nil, err + } + + var data [][]byte + for _, pop := range pops { + if pop.data != nil { + data = append(data, pop.data) + } else if pop.opcode.value == OP_0 { + data = append(data, nil) + } + } + return data, nil +} + +// ExtractPkScriptAddrs returns the type of script, addresses and required +// signatures associated with the passed PkScript. Note that it only works for +// 'standard' transaction script types. Any data such as public keys which are +// invalid are omitted from the results. +func ExtractPkScriptAddrs(pkScript []byte, chainParams *chaincfg.Params) (ScriptClass, []btcutil.Address, int, error) { + var addrs []btcutil.Address + var requiredSigs int + + // No valid addresses or required signatures if the script doesn't + // parse. + pops, err := parseScript(pkScript) + if err != nil { + return NonStandardTy, nil, 0, err + } + + scriptClass := typeOfScript(pops) + switch scriptClass { + case PubKeyHashTy: + // A pay-to-pubkey-hash script is of the form: + // OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG + // Therefore the pubkey hash is the 3rd item on the stack. + // Skip the pubkey hash if it's invalid for some reason. + requiredSigs = 1 + addr, err := btcutil.NewAddressPubKeyHash(pops[2].data, + chainParams) + if err == nil { + addrs = append(addrs, addr) + } + + case WitnessV0PubKeyHashTy: + // A pay-to-witness-pubkey-hash script is of thw form: + // OP_0 <20-byte hash> + // Therefore, the pubkey hash is the second item on the stack. + // Skip the pubkey hash if it's invalid for some reason. + requiredSigs = 1 + addr, err := btcutil.NewAddressWitnessPubKeyHash(pops[1].data, + chainParams) + if err == nil { + addrs = append(addrs, addr) + } + + case PubKeyTy: + // A pay-to-pubkey script is of the form: + // OP_CHECKSIG + // Therefore the pubkey is the first item on the stack. + // Skip the pubkey if it's invalid for some reason. + requiredSigs = 1 + addr, err := btcutil.NewAddressPubKey(pops[0].data, chainParams) + if err == nil { + addrs = append(addrs, addr) + } + + case ScriptHashTy: + // A pay-to-script-hash script is of the form: + // OP_HASH160 OP_EQUAL + // Therefore the script hash is the 2nd item on the stack. + // Skip the script hash if it's invalid for some reason. + requiredSigs = 1 + addr, err := btcutil.NewAddressScriptHashFromHash(pops[1].data, + chainParams) + if err == nil { + addrs = append(addrs, addr) + } + + case WitnessV0ScriptHashTy: + // A pay-to-witness-script-hash script is of the form: + // OP_0 <32-byte hash> + // Therefore, the script hash is the second item on the stack. + // Skip the script hash if it's invalid for some reason. + requiredSigs = 1 + addr, err := btcutil.NewAddressWitnessScriptHash(pops[1].data, + chainParams) + if err == nil { + addrs = append(addrs, addr) + } + + case MultiSigTy: + // A multi-signature script is of the form: + // ... OP_CHECKMULTISIG + // Therefore the number of required signatures is the 1st item + // on the stack and the number of public keys is the 2nd to last + // item on the stack. + requiredSigs = asSmallInt(pops[0].opcode) + numPubKeys := asSmallInt(pops[len(pops)-2].opcode) + + // Extract the public keys while skipping any that are invalid. + addrs = make([]btcutil.Address, 0, numPubKeys) + for i := 0; i < numPubKeys; i++ { + addr, err := btcutil.NewAddressPubKey(pops[i+1].data, + chainParams) + if err == nil { + addrs = append(addrs, addr) + } + } + + case NullDataTy: + // Null data transactions have no addresses or required + // signatures. + + case NonStandardTy: + // Don't attempt to extract addresses or required signatures for + // nonstandard transactions. + } + + return scriptClass, addrs, requiredSigs, nil +} + +// AtomicSwapDataPushes houses the data pushes found in atomic swap contracts. +type AtomicSwapDataPushes struct { + RecipientHash160 [20]byte + RefundHash160 [20]byte + SecretHash [32]byte + SecretSize int64 + LockTime int64 +} + +// ExtractAtomicSwapDataPushes returns the data pushes from an atomic swap +// contract. If the script is not an atomic swap contract, +// ExtractAtomicSwapDataPushes returns (nil, nil). Non-nil errors are returned +// for unparsable scripts. +// +// NOTE: Atomic swaps are not considered standard script types by the dcrd +// mempool policy and should be used with P2SH. The atomic swap format is also +// expected to change to use a more secure hash function in the future. +// +// This function is only defined in the txscript package due to API limitations +// which prevent callers using txscript to parse nonstandard scripts. +func ExtractAtomicSwapDataPushes(version uint16, pkScript []byte) (*AtomicSwapDataPushes, error) { + pops, err := parseScript(pkScript) + if err != nil { + return nil, err + } + + if len(pops) != 20 { + return nil, nil + } + isAtomicSwap := pops[0].opcode.value == OP_IF && + pops[1].opcode.value == OP_SIZE && + canonicalPush(pops[2]) && + pops[3].opcode.value == OP_EQUALVERIFY && + pops[4].opcode.value == OP_SHA256 && + pops[5].opcode.value == OP_DATA_32 && + pops[6].opcode.value == OP_EQUALVERIFY && + pops[7].opcode.value == OP_DUP && + pops[8].opcode.value == OP_HASH160 && + pops[9].opcode.value == OP_DATA_20 && + pops[10].opcode.value == OP_ELSE && + canonicalPush(pops[11]) && + pops[12].opcode.value == OP_CHECKLOCKTIMEVERIFY && + pops[13].opcode.value == OP_DROP && + pops[14].opcode.value == OP_DUP && + pops[15].opcode.value == OP_HASH160 && + pops[16].opcode.value == OP_DATA_20 && + pops[17].opcode.value == OP_ENDIF && + pops[18].opcode.value == OP_EQUALVERIFY && + pops[19].opcode.value == OP_CHECKSIG + if !isAtomicSwap { + return nil, nil + } + + pushes := new(AtomicSwapDataPushes) + copy(pushes.SecretHash[:], pops[5].data) + copy(pushes.RecipientHash160[:], pops[9].data) + copy(pushes.RefundHash160[:], pops[16].data) + if pops[2].data != nil { + locktime, err := makeScriptNum(pops[2].data, true, 5) + if err != nil { + return nil, nil + } + pushes.SecretSize = int64(locktime) + } else if op := pops[2].opcode; isSmallInt(op) { + pushes.SecretSize = int64(asSmallInt(op)) + } else { + return nil, nil + } + if pops[11].data != nil { + locktime, err := makeScriptNum(pops[11].data, true, 5) + if err != nil { + return nil, nil + } + pushes.LockTime = int64(locktime) + } else if op := pops[11].opcode; isSmallInt(op) { + pushes.LockTime = int64(asSmallInt(op)) + } else { + return nil, nil + } + return pushes, nil +} diff --git a/vendor/github.com/btcsuite/btcd/wire/README.md b/vendor/github.com/btcsuite/btcd/wire/README.md new file mode 100644 index 0000000..646bc0a --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/README.md @@ -0,0 +1,113 @@ +wire +==== + +[![Build Status](http://img.shields.io/travis/btcsuite/btcd.svg)](https://travis-ci.org/btcsuite/btcd) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcd/wire) +======= + +Package wire implements the bitcoin wire protocol. A comprehensive suite of +tests with 100% test coverage is provided to ensure proper functionality. + +There is an associated blog post about the release of this package +[here](https://blog.conformal.com/btcwire-the-bitcoin-wire-protocol-package-from-btcd/). + +This package has intentionally been designed so it can be used as a standalone +package for any projects needing to interface with bitcoin peers at the wire +protocol level. + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcd/wire +``` + +## Bitcoin Message Overview + +The bitcoin protocol consists of exchanging messages between peers. Each message +is preceded by a header which identifies information about it such as which +bitcoin network it is a part of, its type, how big it is, and a checksum to +verify validity. All encoding and decoding of message headers is handled by this +package. + +To accomplish this, there is a generic interface for bitcoin messages named +`Message` which allows messages of any type to be read, written, or passed +around through channels, functions, etc. In addition, concrete implementations +of most of the currently supported bitcoin messages are provided. For these +supported messages, all of the details of marshalling and unmarshalling to and +from the wire using bitcoin encoding are handled so the caller doesn't have to +concern themselves with the specifics. + +## Reading Messages Example + +In order to unmarshal bitcoin messages from the wire, use the `ReadMessage` +function. It accepts any `io.Reader`, but typically this will be a `net.Conn` +to a remote node running a bitcoin peer. Example syntax is: + +```Go + // Use the most recent protocol version supported by the package and the + // main bitcoin network. + pver := wire.ProtocolVersion + btcnet := wire.MainNet + + // Reads and validates the next bitcoin message from conn using the + // protocol version pver and the bitcoin network btcnet. The returns + // are a wire.Message, a []byte which contains the unmarshalled + // raw payload, and a possible error. + msg, rawPayload, err := wire.ReadMessage(conn, pver, btcnet) + if err != nil { + // Log and handle the error + } +``` + +See the package documentation for details on determining the message type. + +## Writing Messages Example + +In order to marshal bitcoin messages to the wire, use the `WriteMessage` +function. It accepts any `io.Writer`, but typically this will be a `net.Conn` +to a remote node running a bitcoin peer. Example syntax to request addresses +from a remote peer is: + +```Go + // Use the most recent protocol version supported by the package and the + // main bitcoin network. + pver := wire.ProtocolVersion + btcnet := wire.MainNet + + // Create a new getaddr bitcoin message. + msg := wire.NewMsgGetAddr() + + // Writes a bitcoin message msg to conn using the protocol version + // pver, and the bitcoin network btcnet. The return is a possible + // error. + err := wire.WriteMessage(conn, msg, pver, btcnet) + if err != nil { + // Log and handle the error + } +``` + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package wire is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcd/wire/blockheader.go b/vendor/github.com/btcsuite/btcd/wire/blockheader.go new file mode 100644 index 0000000..9c9c223 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/blockheader.go @@ -0,0 +1,128 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "bytes" + "io" + "time" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MaxBlockHeaderPayload is the maximum number of bytes a block header can be. +// Version 4 bytes + Timestamp 4 bytes + Bits 4 bytes + Nonce 4 bytes + +// PrevBlock and MerkleRoot hashes. +const MaxBlockHeaderPayload = 16 + (chainhash.HashSize * 2) + +// BlockHeader defines information about a block and is used in the bitcoin +// block (MsgBlock) and headers (MsgHeaders) messages. +type BlockHeader struct { + // Version of the block. This is not the same as the protocol version. + Version int32 + + // Hash of the previous block header in the block chain. + PrevBlock chainhash.Hash + + // Merkle tree reference to hash of all transactions for the block. + MerkleRoot chainhash.Hash + + // Time the block was created. This is, unfortunately, encoded as a + // uint32 on the wire and therefore is limited to 2106. + Timestamp time.Time + + // Difficulty target for the block. + Bits uint32 + + // Nonce used to generate the block. + Nonce uint32 +} + +// blockHeaderLen is a constant that represents the number of bytes for a block +// header. +const blockHeaderLen = 80 + +// BlockHash computes the block identifier hash for the given block header. +func (h *BlockHeader) BlockHash() chainhash.Hash { + // Encode the header and double sha256 everything prior to the number of + // transactions. Ignore the error returns since there is no way the + // encode could fail except being out of memory which would cause a + // run-time panic. + buf := bytes.NewBuffer(make([]byte, 0, MaxBlockHeaderPayload)) + _ = writeBlockHeader(buf, 0, h) + + return chainhash.DoubleHashH(buf.Bytes()) +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +// See Deserialize for decoding block headers stored to disk, such as in a +// database, as opposed to decoding block headers from the wire. +func (h *BlockHeader) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + return readBlockHeader(r, pver, h) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +// See Serialize for encoding block headers to be stored to disk, such as in a +// database, as opposed to encoding block headers for the wire. +func (h *BlockHeader) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + return writeBlockHeader(w, pver, h) +} + +// Deserialize decodes a block header from r into the receiver using a format +// that is suitable for long-term storage such as a database while respecting +// the Version field. +func (h *BlockHeader) Deserialize(r io.Reader) error { + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of readBlockHeader. + return readBlockHeader(r, 0, h) +} + +// Serialize encodes a block header from r into the receiver using a format +// that is suitable for long-term storage such as a database while respecting +// the Version field. +func (h *BlockHeader) Serialize(w io.Writer) error { + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of writeBlockHeader. + return writeBlockHeader(w, 0, h) +} + +// NewBlockHeader returns a new BlockHeader using the provided version, previous +// block hash, merkle root hash, difficulty bits, and nonce used to generate the +// block with defaults for the remaining fields. +func NewBlockHeader(version int32, prevHash, merkleRootHash *chainhash.Hash, + bits uint32, nonce uint32) *BlockHeader { + + // Limit the timestamp to one second precision since the protocol + // doesn't support better. + return &BlockHeader{ + Version: version, + PrevBlock: *prevHash, + MerkleRoot: *merkleRootHash, + Timestamp: time.Unix(time.Now().Unix(), 0), + Bits: bits, + Nonce: nonce, + } +} + +// readBlockHeader reads a bitcoin block header from r. See Deserialize for +// decoding block headers stored to disk, such as in a database, as opposed to +// decoding from the wire. +func readBlockHeader(r io.Reader, pver uint32, bh *BlockHeader) error { + return readElements(r, &bh.Version, &bh.PrevBlock, &bh.MerkleRoot, + (*uint32Time)(&bh.Timestamp), &bh.Bits, &bh.Nonce) +} + +// writeBlockHeader writes a bitcoin block header to w. See Serialize for +// encoding block headers to be stored to disk, such as in a database, as +// opposed to encoding for the wire. +func writeBlockHeader(w io.Writer, pver uint32, bh *BlockHeader) error { + sec := uint32(bh.Timestamp.Unix()) + return writeElements(w, bh.Version, &bh.PrevBlock, &bh.MerkleRoot, + sec, bh.Bits, bh.Nonce) +} diff --git a/vendor/github.com/btcsuite/btcd/wire/common.go b/vendor/github.com/btcsuite/btcd/wire/common.go new file mode 100644 index 0000000..42c1797 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/common.go @@ -0,0 +1,689 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "crypto/rand" + "encoding/binary" + "fmt" + "io" + "math" + "time" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +const ( + // MaxVarIntPayload is the maximum payload size for a variable length integer. + MaxVarIntPayload = 9 + + // binaryFreeListMaxItems is the number of buffers to keep in the free + // list to use for binary serialization and deserialization. + binaryFreeListMaxItems = 1024 +) + +var ( + // littleEndian is a convenience variable since binary.LittleEndian is + // quite long. + littleEndian = binary.LittleEndian + + // bigEndian is a convenience variable since binary.BigEndian is quite + // long. + bigEndian = binary.BigEndian +) + +// binaryFreeList defines a concurrent safe free list of byte slices (up to the +// maximum number defined by the binaryFreeListMaxItems constant) that have a +// cap of 8 (thus it supports up to a uint64). It is used to provide temporary +// buffers for serializing and deserializing primitive numbers to and from their +// binary encoding in order to greatly reduce the number of allocations +// required. +// +// For convenience, functions are provided for each of the primitive unsigned +// integers that automatically obtain a buffer from the free list, perform the +// necessary binary conversion, read from or write to the given io.Reader or +// io.Writer, and return the buffer to the free list. +type binaryFreeList chan []byte + +// Borrow returns a byte slice from the free list with a length of 8. A new +// buffer is allocated if there are not any available on the free list. +func (l binaryFreeList) Borrow() []byte { + var buf []byte + select { + case buf = <-l: + default: + buf = make([]byte, 8) + } + return buf[:8] +} + +// Return puts the provided byte slice back on the free list. The buffer MUST +// have been obtained via the Borrow function and therefore have a cap of 8. +func (l binaryFreeList) Return(buf []byte) { + select { + case l <- buf: + default: + // Let it go to the garbage collector. + } +} + +// Uint8 reads a single byte from the provided reader using a buffer from the +// free list and returns it as a uint8. +func (l binaryFreeList) Uint8(r io.Reader) (uint8, error) { + buf := l.Borrow()[:1] + if _, err := io.ReadFull(r, buf); err != nil { + l.Return(buf) + return 0, err + } + rv := buf[0] + l.Return(buf) + return rv, nil +} + +// Uint16 reads two bytes from the provided reader using a buffer from the +// free list, converts it to a number using the provided byte order, and returns +// the resulting uint16. +func (l binaryFreeList) Uint16(r io.Reader, byteOrder binary.ByteOrder) (uint16, error) { + buf := l.Borrow()[:2] + if _, err := io.ReadFull(r, buf); err != nil { + l.Return(buf) + return 0, err + } + rv := byteOrder.Uint16(buf) + l.Return(buf) + return rv, nil +} + +// Uint32 reads four bytes from the provided reader using a buffer from the +// free list, converts it to a number using the provided byte order, and returns +// the resulting uint32. +func (l binaryFreeList) Uint32(r io.Reader, byteOrder binary.ByteOrder) (uint32, error) { + buf := l.Borrow()[:4] + if _, err := io.ReadFull(r, buf); err != nil { + l.Return(buf) + return 0, err + } + rv := byteOrder.Uint32(buf) + l.Return(buf) + return rv, nil +} + +// Uint64 reads eight bytes from the provided reader using a buffer from the +// free list, converts it to a number using the provided byte order, and returns +// the resulting uint64. +func (l binaryFreeList) Uint64(r io.Reader, byteOrder binary.ByteOrder) (uint64, error) { + buf := l.Borrow()[:8] + if _, err := io.ReadFull(r, buf); err != nil { + l.Return(buf) + return 0, err + } + rv := byteOrder.Uint64(buf) + l.Return(buf) + return rv, nil +} + +// PutUint8 copies the provided uint8 into a buffer from the free list and +// writes the resulting byte to the given writer. +func (l binaryFreeList) PutUint8(w io.Writer, val uint8) error { + buf := l.Borrow()[:1] + buf[0] = val + _, err := w.Write(buf) + l.Return(buf) + return err +} + +// PutUint16 serializes the provided uint16 using the given byte order into a +// buffer from the free list and writes the resulting two bytes to the given +// writer. +func (l binaryFreeList) PutUint16(w io.Writer, byteOrder binary.ByteOrder, val uint16) error { + buf := l.Borrow()[:2] + byteOrder.PutUint16(buf, val) + _, err := w.Write(buf) + l.Return(buf) + return err +} + +// PutUint32 serializes the provided uint32 using the given byte order into a +// buffer from the free list and writes the resulting four bytes to the given +// writer. +func (l binaryFreeList) PutUint32(w io.Writer, byteOrder binary.ByteOrder, val uint32) error { + buf := l.Borrow()[:4] + byteOrder.PutUint32(buf, val) + _, err := w.Write(buf) + l.Return(buf) + return err +} + +// PutUint64 serializes the provided uint64 using the given byte order into a +// buffer from the free list and writes the resulting eight bytes to the given +// writer. +func (l binaryFreeList) PutUint64(w io.Writer, byteOrder binary.ByteOrder, val uint64) error { + buf := l.Borrow()[:8] + byteOrder.PutUint64(buf, val) + _, err := w.Write(buf) + l.Return(buf) + return err +} + +// binarySerializer provides a free list of buffers to use for serializing and +// deserializing primitive integer values to and from io.Readers and io.Writers. +var binarySerializer binaryFreeList = make(chan []byte, binaryFreeListMaxItems) + +// errNonCanonicalVarInt is the common format string used for non-canonically +// encoded variable length integer errors. +var errNonCanonicalVarInt = "non-canonical varint %x - discriminant %x must " + + "encode a value greater than %x" + +// uint32Time represents a unix timestamp encoded with a uint32. It is used as +// a way to signal the readElement function how to decode a timestamp into a Go +// time.Time since it is otherwise ambiguous. +type uint32Time time.Time + +// int64Time represents a unix timestamp encoded with an int64. It is used as +// a way to signal the readElement function how to decode a timestamp into a Go +// time.Time since it is otherwise ambiguous. +type int64Time time.Time + +// readElement reads the next sequence of bytes from r using little endian +// depending on the concrete type of element pointed to. +func readElement(r io.Reader, element interface{}) error { + // Attempt to read the element based on the concrete type via fast + // type assertions first. + switch e := element.(type) { + case *int32: + rv, err := binarySerializer.Uint32(r, littleEndian) + if err != nil { + return err + } + *e = int32(rv) + return nil + + case *uint32: + rv, err := binarySerializer.Uint32(r, littleEndian) + if err != nil { + return err + } + *e = rv + return nil + + case *int64: + rv, err := binarySerializer.Uint64(r, littleEndian) + if err != nil { + return err + } + *e = int64(rv) + return nil + + case *uint64: + rv, err := binarySerializer.Uint64(r, littleEndian) + if err != nil { + return err + } + *e = rv + return nil + + case *bool: + rv, err := binarySerializer.Uint8(r) + if err != nil { + return err + } + if rv == 0x00 { + *e = false + } else { + *e = true + } + return nil + + // Unix timestamp encoded as a uint32. + case *uint32Time: + rv, err := binarySerializer.Uint32(r, binary.LittleEndian) + if err != nil { + return err + } + *e = uint32Time(time.Unix(int64(rv), 0)) + return nil + + // Unix timestamp encoded as an int64. + case *int64Time: + rv, err := binarySerializer.Uint64(r, binary.LittleEndian) + if err != nil { + return err + } + *e = int64Time(time.Unix(int64(rv), 0)) + return nil + + // Message header checksum. + case *[4]byte: + _, err := io.ReadFull(r, e[:]) + if err != nil { + return err + } + return nil + + // Message header command. + case *[CommandSize]uint8: + _, err := io.ReadFull(r, e[:]) + if err != nil { + return err + } + return nil + + // IP address. + case *[16]byte: + _, err := io.ReadFull(r, e[:]) + if err != nil { + return err + } + return nil + + case *chainhash.Hash: + _, err := io.ReadFull(r, e[:]) + if err != nil { + return err + } + return nil + + case *ServiceFlag: + rv, err := binarySerializer.Uint64(r, littleEndian) + if err != nil { + return err + } + *e = ServiceFlag(rv) + return nil + + case *InvType: + rv, err := binarySerializer.Uint32(r, littleEndian) + if err != nil { + return err + } + *e = InvType(rv) + return nil + + case *BitcoinNet: + rv, err := binarySerializer.Uint32(r, littleEndian) + if err != nil { + return err + } + *e = BitcoinNet(rv) + return nil + + case *BloomUpdateType: + rv, err := binarySerializer.Uint8(r) + if err != nil { + return err + } + *e = BloomUpdateType(rv) + return nil + + case *RejectCode: + rv, err := binarySerializer.Uint8(r) + if err != nil { + return err + } + *e = RejectCode(rv) + return nil + } + + // Fall back to the slower binary.Read if a fast path was not available + // above. + return binary.Read(r, littleEndian, element) +} + +// readElements reads multiple items from r. It is equivalent to multiple +// calls to readElement. +func readElements(r io.Reader, elements ...interface{}) error { + for _, element := range elements { + err := readElement(r, element) + if err != nil { + return err + } + } + return nil +} + +// writeElement writes the little endian representation of element to w. +func writeElement(w io.Writer, element interface{}) error { + // Attempt to write the element based on the concrete type via fast + // type assertions first. + switch e := element.(type) { + case int32: + err := binarySerializer.PutUint32(w, littleEndian, uint32(e)) + if err != nil { + return err + } + return nil + + case uint32: + err := binarySerializer.PutUint32(w, littleEndian, e) + if err != nil { + return err + } + return nil + + case int64: + err := binarySerializer.PutUint64(w, littleEndian, uint64(e)) + if err != nil { + return err + } + return nil + + case uint64: + err := binarySerializer.PutUint64(w, littleEndian, e) + if err != nil { + return err + } + return nil + + case bool: + var err error + if e { + err = binarySerializer.PutUint8(w, 0x01) + } else { + err = binarySerializer.PutUint8(w, 0x00) + } + if err != nil { + return err + } + return nil + + // Message header checksum. + case [4]byte: + _, err := w.Write(e[:]) + if err != nil { + return err + } + return nil + + // Message header command. + case [CommandSize]uint8: + _, err := w.Write(e[:]) + if err != nil { + return err + } + return nil + + // IP address. + case [16]byte: + _, err := w.Write(e[:]) + if err != nil { + return err + } + return nil + + case *chainhash.Hash: + _, err := w.Write(e[:]) + if err != nil { + return err + } + return nil + + case ServiceFlag: + err := binarySerializer.PutUint64(w, littleEndian, uint64(e)) + if err != nil { + return err + } + return nil + + case InvType: + err := binarySerializer.PutUint32(w, littleEndian, uint32(e)) + if err != nil { + return err + } + return nil + + case BitcoinNet: + err := binarySerializer.PutUint32(w, littleEndian, uint32(e)) + if err != nil { + return err + } + return nil + + case BloomUpdateType: + err := binarySerializer.PutUint8(w, uint8(e)) + if err != nil { + return err + } + return nil + + case RejectCode: + err := binarySerializer.PutUint8(w, uint8(e)) + if err != nil { + return err + } + return nil + } + + // Fall back to the slower binary.Write if a fast path was not available + // above. + return binary.Write(w, littleEndian, element) +} + +// writeElements writes multiple items to w. It is equivalent to multiple +// calls to writeElement. +func writeElements(w io.Writer, elements ...interface{}) error { + for _, element := range elements { + err := writeElement(w, element) + if err != nil { + return err + } + } + return nil +} + +// ReadVarInt reads a variable length integer from r and returns it as a uint64. +func ReadVarInt(r io.Reader, pver uint32) (uint64, error) { + discriminant, err := binarySerializer.Uint8(r) + if err != nil { + return 0, err + } + + var rv uint64 + switch discriminant { + case 0xff: + sv, err := binarySerializer.Uint64(r, littleEndian) + if err != nil { + return 0, err + } + rv = sv + + // The encoding is not canonical if the value could have been + // encoded using fewer bytes. + min := uint64(0x100000000) + if rv < min { + return 0, messageError("ReadVarInt", fmt.Sprintf( + errNonCanonicalVarInt, rv, discriminant, min)) + } + + case 0xfe: + sv, err := binarySerializer.Uint32(r, littleEndian) + if err != nil { + return 0, err + } + rv = uint64(sv) + + // The encoding is not canonical if the value could have been + // encoded using fewer bytes. + min := uint64(0x10000) + if rv < min { + return 0, messageError("ReadVarInt", fmt.Sprintf( + errNonCanonicalVarInt, rv, discriminant, min)) + } + + case 0xfd: + sv, err := binarySerializer.Uint16(r, littleEndian) + if err != nil { + return 0, err + } + rv = uint64(sv) + + // The encoding is not canonical if the value could have been + // encoded using fewer bytes. + min := uint64(0xfd) + if rv < min { + return 0, messageError("ReadVarInt", fmt.Sprintf( + errNonCanonicalVarInt, rv, discriminant, min)) + } + + default: + rv = uint64(discriminant) + } + + return rv, nil +} + +// WriteVarInt serializes val to w using a variable number of bytes depending +// on its value. +func WriteVarInt(w io.Writer, pver uint32, val uint64) error { + if val < 0xfd { + return binarySerializer.PutUint8(w, uint8(val)) + } + + if val <= math.MaxUint16 { + err := binarySerializer.PutUint8(w, 0xfd) + if err != nil { + return err + } + return binarySerializer.PutUint16(w, littleEndian, uint16(val)) + } + + if val <= math.MaxUint32 { + err := binarySerializer.PutUint8(w, 0xfe) + if err != nil { + return err + } + return binarySerializer.PutUint32(w, littleEndian, uint32(val)) + } + + err := binarySerializer.PutUint8(w, 0xff) + if err != nil { + return err + } + return binarySerializer.PutUint64(w, littleEndian, val) +} + +// VarIntSerializeSize returns the number of bytes it would take to serialize +// val as a variable length integer. +func VarIntSerializeSize(val uint64) int { + // The value is small enough to be represented by itself, so it's + // just 1 byte. + if val < 0xfd { + return 1 + } + + // Discriminant 1 byte plus 2 bytes for the uint16. + if val <= math.MaxUint16 { + return 3 + } + + // Discriminant 1 byte plus 4 bytes for the uint32. + if val <= math.MaxUint32 { + return 5 + } + + // Discriminant 1 byte plus 8 bytes for the uint64. + return 9 +} + +// ReadVarString reads a variable length string from r and returns it as a Go +// string. A variable length string is encoded as a variable length integer +// containing the length of the string followed by the bytes that represent the +// string itself. An error is returned if the length is greater than the +// maximum block payload size since it helps protect against memory exhaustion +// attacks and forced panics through malformed messages. +func ReadVarString(r io.Reader, pver uint32) (string, error) { + count, err := ReadVarInt(r, pver) + if err != nil { + return "", err + } + + // Prevent variable length strings that are larger than the maximum + // message size. It would be possible to cause memory exhaustion and + // panics without a sane upper bound on this count. + if count > MaxMessagePayload { + str := fmt.Sprintf("variable length string is too long "+ + "[count %d, max %d]", count, MaxMessagePayload) + return "", messageError("ReadVarString", str) + } + + buf := make([]byte, count) + _, err = io.ReadFull(r, buf) + if err != nil { + return "", err + } + return string(buf), nil +} + +// WriteVarString serializes str to w as a variable length integer containing +// the length of the string followed by the bytes that represent the string +// itself. +func WriteVarString(w io.Writer, pver uint32, str string) error { + err := WriteVarInt(w, pver, uint64(len(str))) + if err != nil { + return err + } + _, err = w.Write([]byte(str)) + return err +} + +// ReadVarBytes reads a variable length byte array. A byte array is encoded +// as a varInt containing the length of the array followed by the bytes +// themselves. An error is returned if the length is greater than the +// passed maxAllowed parameter which helps protect against memory exhaustion +// attacks and forced panics through malformed messages. The fieldName +// parameter is only used for the error message so it provides more context in +// the error. +func ReadVarBytes(r io.Reader, pver uint32, maxAllowed uint32, + fieldName string) ([]byte, error) { + + count, err := ReadVarInt(r, pver) + if err != nil { + return nil, err + } + + // Prevent byte array larger than the max message size. It would + // be possible to cause memory exhaustion and panics without a sane + // upper bound on this count. + if count > uint64(maxAllowed) { + str := fmt.Sprintf("%s is larger than the max allowed size "+ + "[count %d, max %d]", fieldName, count, maxAllowed) + return nil, messageError("ReadVarBytes", str) + } + + b := make([]byte, count) + _, err = io.ReadFull(r, b) + if err != nil { + return nil, err + } + return b, nil +} + +// WriteVarBytes serializes a variable length byte array to w as a varInt +// containing the number of bytes, followed by the bytes themselves. +func WriteVarBytes(w io.Writer, pver uint32, bytes []byte) error { + slen := uint64(len(bytes)) + err := WriteVarInt(w, pver, slen) + if err != nil { + return err + } + + _, err = w.Write(bytes) + return err +} + +// randomUint64 returns a cryptographically random uint64 value. This +// unexported version takes a reader primarily to ensure the error paths +// can be properly tested by passing a fake reader in the tests. +func randomUint64(r io.Reader) (uint64, error) { + rv, err := binarySerializer.Uint64(r, bigEndian) + if err != nil { + return 0, err + } + return rv, nil +} + +// RandomUint64 returns a cryptographically random uint64 value. +func RandomUint64() (uint64, error) { + return randomUint64(rand.Reader) +} diff --git a/vendor/github.com/btcsuite/btcd/wire/doc.go b/vendor/github.com/btcsuite/btcd/wire/doc.go new file mode 100644 index 0000000..b8b8c56 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/doc.go @@ -0,0 +1,162 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package wire implements the bitcoin wire protocol. + +For the complete details of the bitcoin protocol, see the official wiki entry +at https://en.bitcoin.it/wiki/Protocol_specification. The following only serves +as a quick overview to provide information on how to use the package. + +At a high level, this package provides support for marshalling and unmarshalling +supported bitcoin messages to and from the wire. This package does not deal +with the specifics of message handling such as what to do when a message is +received. This provides the caller with a high level of flexibility. + +Bitcoin Message Overview + +The bitcoin protocol consists of exchanging messages between peers. Each +message is preceded by a header which identifies information about it such as +which bitcoin network it is a part of, its type, how big it is, and a checksum +to verify validity. All encoding and decoding of message headers is handled by +this package. + +To accomplish this, there is a generic interface for bitcoin messages named +Message which allows messages of any type to be read, written, or passed around +through channels, functions, etc. In addition, concrete implementations of most +of the currently supported bitcoin messages are provided. For these supported +messages, all of the details of marshalling and unmarshalling to and from the +wire using bitcoin encoding are handled so the caller doesn't have to concern +themselves with the specifics. + +Message Interaction + +The following provides a quick summary of how the bitcoin messages are intended +to interact with one another. As stated above, these interactions are not +directly handled by this package. For more in-depth details about the +appropriate interactions, see the official bitcoin protocol wiki entry at +https://en.bitcoin.it/wiki/Protocol_specification. + +The initial handshake consists of two peers sending each other a version message +(MsgVersion) followed by responding with a verack message (MsgVerAck). Both +peers use the information in the version message (MsgVersion) to negotiate +things such as protocol version and supported services with each other. Once +the initial handshake is complete, the following chart indicates message +interactions in no particular order. + + Peer A Sends Peer B Responds + ---------------------------------------------------------------------------- + getaddr message (MsgGetAddr) addr message (MsgAddr) + getblocks message (MsgGetBlocks) inv message (MsgInv) + inv message (MsgInv) getdata message (MsgGetData) + getdata message (MsgGetData) block message (MsgBlock) -or- + tx message (MsgTx) -or- + notfound message (MsgNotFound) + getheaders message (MsgGetHeaders) headers message (MsgHeaders) + ping message (MsgPing) pong message (MsgHeaders)* -or- + (none -- Ability to send message is enough) + + NOTES: + * The pong message was not added until later protocol versions as defined + in BIP0031. The BIP0031Version constant can be used to detect a recent + enough protocol version for this purpose (version > BIP0031Version). + +Common Parameters + +There are several common parameters that arise when using this package to read +and write bitcoin messages. The following sections provide a quick overview of +these parameters so the next sections can build on them. + +Protocol Version + +The protocol version should be negotiated with the remote peer at a higher +level than this package via the version (MsgVersion) message exchange, however, +this package provides the wire.ProtocolVersion constant which indicates the +latest protocol version this package supports and is typically the value to use +for all outbound connections before a potentially lower protocol version is +negotiated. + +Bitcoin Network + +The bitcoin network is a magic number which is used to identify the start of a +message and which bitcoin network the message applies to. This package provides +the following constants: + + wire.MainNet + wire.TestNet (Regression test network) + wire.TestNet3 (Test network version 3) + wire.SimNet (Simulation test network) + +Determining Message Type + +As discussed in the bitcoin message overview section, this package reads +and writes bitcoin messages using a generic interface named Message. In +order to determine the actual concrete type of the message, use a type +switch or type assertion. An example of a type switch follows: + + // Assumes msg is already a valid concrete message such as one created + // via NewMsgVersion or read via ReadMessage. + switch msg := msg.(type) { + case *wire.MsgVersion: + // The message is a pointer to a MsgVersion struct. + fmt.Printf("Protocol version: %v", msg.ProtocolVersion) + case *wire.MsgBlock: + // The message is a pointer to a MsgBlock struct. + fmt.Printf("Number of tx in block: %v", msg.Header.TxnCount) + } + +Reading Messages + +In order to unmarshall bitcoin messages from the wire, use the ReadMessage +function. It accepts any io.Reader, but typically this will be a net.Conn to +a remote node running a bitcoin peer. Example syntax is: + + // Reads and validates the next bitcoin message from conn using the + // protocol version pver and the bitcoin network btcnet. The returns + // are a wire.Message, a []byte which contains the unmarshalled + // raw payload, and a possible error. + msg, rawPayload, err := wire.ReadMessage(conn, pver, btcnet) + if err != nil { + // Log and handle the error + } + +Writing Messages + +In order to marshall bitcoin messages to the wire, use the WriteMessage +function. It accepts any io.Writer, but typically this will be a net.Conn to +a remote node running a bitcoin peer. Example syntax to request addresses +from a remote peer is: + + // Create a new getaddr bitcoin message. + msg := wire.NewMsgGetAddr() + + // Writes a bitcoin message msg to conn using the protocol version + // pver, and the bitcoin network btcnet. The return is a possible + // error. + err := wire.WriteMessage(conn, msg, pver, btcnet) + if err != nil { + // Log and handle the error + } + +Errors + +Errors returned by this package are either the raw errors provided by underlying +calls to read/write from streams such as io.EOF, io.ErrUnexpectedEOF, and +io.ErrShortWrite, or of type wire.MessageError. This allows the caller to +differentiate between general IO errors and malformed messages through type +assertions. + +Bitcoin Improvement Proposals + +This package includes spec changes outlined by the following BIPs: + + BIP0014 (https://github.com/bitcoin/bips/blob/master/bip-0014.mediawiki) + BIP0031 (https://github.com/bitcoin/bips/blob/master/bip-0031.mediawiki) + BIP0035 (https://github.com/bitcoin/bips/blob/master/bip-0035.mediawiki) + BIP0037 (https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki) + BIP0111 (https://github.com/bitcoin/bips/blob/master/bip-0111.mediawiki) + BIP0130 (https://github.com/bitcoin/bips/blob/master/bip-0130.mediawiki) + BIP0133 (https://github.com/bitcoin/bips/blob/master/bip-0133.mediawiki) +*/ +package wire diff --git a/vendor/github.com/btcsuite/btcd/wire/error.go b/vendor/github.com/btcsuite/btcd/wire/error.go new file mode 100644 index 0000000..755c2db --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/error.go @@ -0,0 +1,34 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" +) + +// MessageError describes an issue with a message. +// An example of some potential issues are messages from the wrong bitcoin +// network, invalid commands, mismatched checksums, and exceeding max payloads. +// +// This provides a mechanism for the caller to type assert the error to +// differentiate between general io errors such as io.EOF and issues that +// resulted from malformed messages. +type MessageError struct { + Func string // Function name + Description string // Human readable description of the issue +} + +// Error satisfies the error interface and prints human-readable errors. +func (e *MessageError) Error() string { + if e.Func != "" { + return fmt.Sprintf("%v: %v", e.Func, e.Description) + } + return e.Description +} + +// messageError creates an error for the given function and description. +func messageError(f string, desc string) *MessageError { + return &MessageError{Func: f, Description: desc} +} diff --git a/vendor/github.com/btcsuite/btcd/wire/invvect.go b/vendor/github.com/btcsuite/btcd/wire/invvect.go new file mode 100644 index 0000000..1e70664 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/invvect.go @@ -0,0 +1,86 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +const ( + // MaxInvPerMsg is the maximum number of inventory vectors that can be in a + // single bitcoin inv message. + MaxInvPerMsg = 50000 + + // Maximum payload size for an inventory vector. + maxInvVectPayload = 4 + chainhash.HashSize + + // InvWitnessFlag denotes that the inventory vector type is requesting, + // or sending a version which includes witness data. + InvWitnessFlag = 1 << 30 +) + +// InvType represents the allowed types of inventory vectors. See InvVect. +type InvType uint32 + +// These constants define the various supported inventory vector types. +const ( + InvTypeError InvType = 0 + InvTypeTx InvType = 1 + InvTypeBlock InvType = 2 + InvTypeFilteredBlock InvType = 3 + InvTypeWitnessBlock InvType = InvTypeBlock | InvWitnessFlag + InvTypeWitnessTx InvType = InvTypeTx | InvWitnessFlag + InvTypeFilteredWitnessBlock InvType = InvTypeFilteredBlock | InvWitnessFlag +) + +// Map of service flags back to their constant names for pretty printing. +var ivStrings = map[InvType]string{ + InvTypeError: "ERROR", + InvTypeTx: "MSG_TX", + InvTypeBlock: "MSG_BLOCK", + InvTypeFilteredBlock: "MSG_FILTERED_BLOCK", + InvTypeWitnessBlock: "MSG_WITNESS_BLOCK", + InvTypeWitnessTx: "MSG_WITNESS_TX", + InvTypeFilteredWitnessBlock: "MSG_FILTERED_WITNESS_BLOCK", +} + +// String returns the InvType in human-readable form. +func (invtype InvType) String() string { + if s, ok := ivStrings[invtype]; ok { + return s + } + + return fmt.Sprintf("Unknown InvType (%d)", uint32(invtype)) +} + +// InvVect defines a bitcoin inventory vector which is used to describe data, +// as specified by the Type field, that a peer wants, has, or does not have to +// another peer. +type InvVect struct { + Type InvType // Type of data + Hash chainhash.Hash // Hash of the data +} + +// NewInvVect returns a new InvVect using the provided type and hash. +func NewInvVect(typ InvType, hash *chainhash.Hash) *InvVect { + return &InvVect{ + Type: typ, + Hash: *hash, + } +} + +// readInvVect reads an encoded InvVect from r depending on the protocol +// version. +func readInvVect(r io.Reader, pver uint32, iv *InvVect) error { + return readElements(r, &iv.Type, &iv.Hash) +} + +// writeInvVect serializes an InvVect to w depending on the protocol version. +func writeInvVect(w io.Writer, pver uint32, iv *InvVect) error { + return writeElements(w, iv.Type, &iv.Hash) +} diff --git a/vendor/github.com/btcsuite/btcd/wire/message.go b/vendor/github.com/btcsuite/btcd/wire/message.go new file mode 100644 index 0000000..e937647 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/message.go @@ -0,0 +1,440 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "bytes" + "fmt" + "io" + "unicode/utf8" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MessageHeaderSize is the number of bytes in a bitcoin message header. +// Bitcoin network (magic) 4 bytes + command 12 bytes + payload length 4 bytes + +// checksum 4 bytes. +const MessageHeaderSize = 24 + +// CommandSize is the fixed size of all commands in the common bitcoin message +// header. Shorter commands must be zero padded. +const CommandSize = 12 + +// MaxMessagePayload is the maximum bytes a message can be regardless of other +// individual limits imposed by messages themselves. +const MaxMessagePayload = (1024 * 1024 * 32) // 32MB + +// Commands used in bitcoin message headers which describe the type of message. +const ( + CmdVersion = "version" + CmdVerAck = "verack" + CmdGetAddr = "getaddr" + CmdAddr = "addr" + CmdGetBlocks = "getblocks" + CmdInv = "inv" + CmdGetData = "getdata" + CmdNotFound = "notfound" + CmdBlock = "block" + CmdTx = "tx" + CmdGetHeaders = "getheaders" + CmdHeaders = "headers" + CmdPing = "ping" + CmdPong = "pong" + CmdAlert = "alert" + CmdMemPool = "mempool" + CmdFilterAdd = "filteradd" + CmdFilterClear = "filterclear" + CmdFilterLoad = "filterload" + CmdMerkleBlock = "merkleblock" + CmdReject = "reject" + CmdSendHeaders = "sendheaders" + CmdFeeFilter = "feefilter" + CmdGetCFilters = "getcfilters" + CmdGetCFHeaders = "getcfheaders" + CmdGetCFCheckpt = "getcfcheckpt" + CmdCFilter = "cfilter" + CmdCFHeaders = "cfheaders" + CmdCFCheckpt = "cfcheckpt" +) + +// MessageEncoding represents the wire message encoding format to be used. +type MessageEncoding uint32 + +const ( + // BaseEncoding encodes all messages in the default format specified + // for the Bitcoin wire protocol. + BaseEncoding MessageEncoding = 1 << iota + + // WitnessEncoding encodes all messages other than transaction messages + // using the default Bitcoin wire protocol specification. For transaction + // messages, the new encoding format detailed in BIP0144 will be used. + WitnessEncoding +) + +// LatestEncoding is the most recently specified encoding for the Bitcoin wire +// protocol. +var LatestEncoding = WitnessEncoding + +// Message is an interface that describes a bitcoin message. A type that +// implements Message has complete control over the representation of its data +// and may therefore contain additional or fewer fields than those which +// are used directly in the protocol encoded message. +type Message interface { + BtcDecode(io.Reader, uint32, MessageEncoding) error + BtcEncode(io.Writer, uint32, MessageEncoding) error + Command() string + MaxPayloadLength(uint32) uint32 +} + +// makeEmptyMessage creates a message of the appropriate concrete type based +// on the command. +func makeEmptyMessage(command string) (Message, error) { + var msg Message + switch command { + case CmdVersion: + msg = &MsgVersion{} + + case CmdVerAck: + msg = &MsgVerAck{} + + case CmdGetAddr: + msg = &MsgGetAddr{} + + case CmdAddr: + msg = &MsgAddr{} + + case CmdGetBlocks: + msg = &MsgGetBlocks{} + + case CmdBlock: + msg = &MsgBlock{} + + case CmdInv: + msg = &MsgInv{} + + case CmdGetData: + msg = &MsgGetData{} + + case CmdNotFound: + msg = &MsgNotFound{} + + case CmdTx: + msg = &MsgTx{} + + case CmdPing: + msg = &MsgPing{} + + case CmdPong: + msg = &MsgPong{} + + case CmdGetHeaders: + msg = &MsgGetHeaders{} + + case CmdHeaders: + msg = &MsgHeaders{} + + case CmdAlert: + msg = &MsgAlert{} + + case CmdMemPool: + msg = &MsgMemPool{} + + case CmdFilterAdd: + msg = &MsgFilterAdd{} + + case CmdFilterClear: + msg = &MsgFilterClear{} + + case CmdFilterLoad: + msg = &MsgFilterLoad{} + + case CmdMerkleBlock: + msg = &MsgMerkleBlock{} + + case CmdReject: + msg = &MsgReject{} + + case CmdSendHeaders: + msg = &MsgSendHeaders{} + + case CmdFeeFilter: + msg = &MsgFeeFilter{} + + case CmdGetCFilters: + msg = &MsgGetCFilters{} + + case CmdGetCFHeaders: + msg = &MsgGetCFHeaders{} + + case CmdGetCFCheckpt: + msg = &MsgGetCFCheckpt{} + + case CmdCFilter: + msg = &MsgCFilter{} + + case CmdCFHeaders: + msg = &MsgCFHeaders{} + + case CmdCFCheckpt: + msg = &MsgCFCheckpt{} + + default: + return nil, fmt.Errorf("unhandled command [%s]", command) + } + return msg, nil +} + +// messageHeader defines the header structure for all bitcoin protocol messages. +type messageHeader struct { + magic BitcoinNet // 4 bytes + command string // 12 bytes + length uint32 // 4 bytes + checksum [4]byte // 4 bytes +} + +// readMessageHeader reads a bitcoin message header from r. +func readMessageHeader(r io.Reader) (int, *messageHeader, error) { + // Since readElements doesn't return the amount of bytes read, attempt + // to read the entire header into a buffer first in case there is a + // short read so the proper amount of read bytes are known. This works + // since the header is a fixed size. + var headerBytes [MessageHeaderSize]byte + n, err := io.ReadFull(r, headerBytes[:]) + if err != nil { + return n, nil, err + } + hr := bytes.NewReader(headerBytes[:]) + + // Create and populate a messageHeader struct from the raw header bytes. + hdr := messageHeader{} + var command [CommandSize]byte + readElements(hr, &hdr.magic, &command, &hdr.length, &hdr.checksum) + + // Strip trailing zeros from command string. + hdr.command = string(bytes.TrimRight(command[:], string(0))) + + return n, &hdr, nil +} + +// discardInput reads n bytes from reader r in chunks and discards the read +// bytes. This is used to skip payloads when various errors occur and helps +// prevent rogue nodes from causing massive memory allocation through forging +// header length. +func discardInput(r io.Reader, n uint32) { + maxSize := uint32(10 * 1024) // 10k at a time + numReads := n / maxSize + bytesRemaining := n % maxSize + if n > 0 { + buf := make([]byte, maxSize) + for i := uint32(0); i < numReads; i++ { + io.ReadFull(r, buf) + } + } + if bytesRemaining > 0 { + buf := make([]byte, bytesRemaining) + io.ReadFull(r, buf) + } +} + +// WriteMessageN writes a bitcoin Message to w including the necessary header +// information and returns the number of bytes written. This function is the +// same as WriteMessage except it also returns the number of bytes written. +func WriteMessageN(w io.Writer, msg Message, pver uint32, btcnet BitcoinNet) (int, error) { + return WriteMessageWithEncodingN(w, msg, pver, btcnet, BaseEncoding) +} + +// WriteMessage writes a bitcoin Message to w including the necessary header +// information. This function is the same as WriteMessageN except it doesn't +// doesn't return the number of bytes written. This function is mainly provided +// for backwards compatibility with the original API, but it's also useful for +// callers that don't care about byte counts. +func WriteMessage(w io.Writer, msg Message, pver uint32, btcnet BitcoinNet) error { + _, err := WriteMessageN(w, msg, pver, btcnet) + return err +} + +// WriteMessageWithEncodingN writes a bitcoin Message to w including the +// necessary header information and returns the number of bytes written. +// This function is the same as WriteMessageN except it also allows the caller +// to specify the message encoding format to be used when serializing wire +// messages. +func WriteMessageWithEncodingN(w io.Writer, msg Message, pver uint32, + btcnet BitcoinNet, encoding MessageEncoding) (int, error) { + + totalBytes := 0 + + // Enforce max command size. + var command [CommandSize]byte + cmd := msg.Command() + if len(cmd) > CommandSize { + str := fmt.Sprintf("command [%s] is too long [max %v]", + cmd, CommandSize) + return totalBytes, messageError("WriteMessage", str) + } + copy(command[:], []byte(cmd)) + + // Encode the message payload. + var bw bytes.Buffer + err := msg.BtcEncode(&bw, pver, encoding) + if err != nil { + return totalBytes, err + } + payload := bw.Bytes() + lenp := len(payload) + + // Enforce maximum overall message payload. + if lenp > MaxMessagePayload { + str := fmt.Sprintf("message payload is too large - encoded "+ + "%d bytes, but maximum message payload is %d bytes", + lenp, MaxMessagePayload) + return totalBytes, messageError("WriteMessage", str) + } + + // Enforce maximum message payload based on the message type. + mpl := msg.MaxPayloadLength(pver) + if uint32(lenp) > mpl { + str := fmt.Sprintf("message payload is too large - encoded "+ + "%d bytes, but maximum message payload size for "+ + "messages of type [%s] is %d.", lenp, cmd, mpl) + return totalBytes, messageError("WriteMessage", str) + } + + // Create header for the message. + hdr := messageHeader{} + hdr.magic = btcnet + hdr.command = cmd + hdr.length = uint32(lenp) + copy(hdr.checksum[:], chainhash.DoubleHashB(payload)[0:4]) + + // Encode the header for the message. This is done to a buffer + // rather than directly to the writer since writeElements doesn't + // return the number of bytes written. + hw := bytes.NewBuffer(make([]byte, 0, MessageHeaderSize)) + writeElements(hw, hdr.magic, command, hdr.length, hdr.checksum) + + // Write header. + n, err := w.Write(hw.Bytes()) + totalBytes += n + if err != nil { + return totalBytes, err + } + + // Only write the payload if there is one, e.g., verack messages don't + // have one. + if len(payload) > 0 { + n, err = w.Write(payload) + totalBytes += n + } + + return totalBytes, err +} + +// ReadMessageWithEncodingN reads, validates, and parses the next bitcoin Message +// from r for the provided protocol version and bitcoin network. It returns the +// number of bytes read in addition to the parsed Message and raw bytes which +// comprise the message. This function is the same as ReadMessageN except it +// allows the caller to specify which message encoding is to to consult when +// decoding wire messages. +func ReadMessageWithEncodingN(r io.Reader, pver uint32, btcnet BitcoinNet, + enc MessageEncoding) (int, Message, []byte, error) { + + totalBytes := 0 + n, hdr, err := readMessageHeader(r) + totalBytes += n + if err != nil { + return totalBytes, nil, nil, err + } + + // Enforce maximum message payload. + if hdr.length > MaxMessagePayload { + str := fmt.Sprintf("message payload is too large - header "+ + "indicates %d bytes, but max message payload is %d "+ + "bytes.", hdr.length, MaxMessagePayload) + return totalBytes, nil, nil, messageError("ReadMessage", str) + + } + + // Check for messages from the wrong bitcoin network. + if hdr.magic != btcnet { + discardInput(r, hdr.length) + str := fmt.Sprintf("message from other network [%v]", hdr.magic) + return totalBytes, nil, nil, messageError("ReadMessage", str) + } + + // Check for malformed commands. + command := hdr.command + if !utf8.ValidString(command) { + discardInput(r, hdr.length) + str := fmt.Sprintf("invalid command %v", []byte(command)) + return totalBytes, nil, nil, messageError("ReadMessage", str) + } + + // Create struct of appropriate message type based on the command. + msg, err := makeEmptyMessage(command) + if err != nil { + discardInput(r, hdr.length) + return totalBytes, nil, nil, messageError("ReadMessage", + err.Error()) + } + + // Check for maximum length based on the message type as a malicious client + // could otherwise create a well-formed header and set the length to max + // numbers in order to exhaust the machine's memory. + mpl := msg.MaxPayloadLength(pver) + if hdr.length > mpl { + discardInput(r, hdr.length) + str := fmt.Sprintf("payload exceeds max length - header "+ + "indicates %v bytes, but max payload size for "+ + "messages of type [%v] is %v.", hdr.length, command, mpl) + return totalBytes, nil, nil, messageError("ReadMessage", str) + } + + // Read payload. + payload := make([]byte, hdr.length) + n, err = io.ReadFull(r, payload) + totalBytes += n + if err != nil { + return totalBytes, nil, nil, err + } + + // Test checksum. + checksum := chainhash.DoubleHashB(payload)[0:4] + if !bytes.Equal(checksum[:], hdr.checksum[:]) { + str := fmt.Sprintf("payload checksum failed - header "+ + "indicates %v, but actual checksum is %v.", + hdr.checksum, checksum) + return totalBytes, nil, nil, messageError("ReadMessage", str) + } + + // Unmarshal message. NOTE: This must be a *bytes.Buffer since the + // MsgVersion BtcDecode function requires it. + pr := bytes.NewBuffer(payload) + err = msg.BtcDecode(pr, pver, enc) + if err != nil { + return totalBytes, nil, nil, err + } + + return totalBytes, msg, payload, nil +} + +// ReadMessageN reads, validates, and parses the next bitcoin Message from r for +// the provided protocol version and bitcoin network. It returns the number of +// bytes read in addition to the parsed Message and raw bytes which comprise the +// message. This function is the same as ReadMessage except it also returns the +// number of bytes read. +func ReadMessageN(r io.Reader, pver uint32, btcnet BitcoinNet) (int, Message, []byte, error) { + return ReadMessageWithEncodingN(r, pver, btcnet, BaseEncoding) +} + +// ReadMessage reads, validates, and parses the next bitcoin Message from r for +// the provided protocol version and bitcoin network. It returns the parsed +// Message and raw bytes which comprise the message. This function only differs +// from ReadMessageN in that it doesn't return the number of bytes read. This +// function is mainly provided for backwards compatibility with the original +// API, but it's also useful for callers that don't care about byte counts. +func ReadMessage(r io.Reader, pver uint32, btcnet BitcoinNet) (Message, []byte, error) { + _, msg, buf, err := ReadMessageN(r, pver, btcnet) + return msg, buf, err +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgaddr.go b/vendor/github.com/btcsuite/btcd/wire/msgaddr.go new file mode 100644 index 0000000..ce945c8 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgaddr.go @@ -0,0 +1,143 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MaxAddrPerMsg is the maximum number of addresses that can be in a single +// bitcoin addr message (MsgAddr). +const MaxAddrPerMsg = 1000 + +// MsgAddr implements the Message interface and represents a bitcoin +// addr message. It is used to provide a list of known active peers on the +// network. An active peer is considered one that has transmitted a message +// within the last 3 hours. Nodes which have not transmitted in that time +// frame should be forgotten. Each message is limited to a maximum number of +// addresses, which is currently 1000. As a result, multiple messages must +// be used to relay the full list. +// +// Use the AddAddress function to build up the list of known addresses when +// sending an addr message to another peer. +type MsgAddr struct { + AddrList []*NetAddress +} + +// AddAddress adds a known active peer to the message. +func (msg *MsgAddr) AddAddress(na *NetAddress) error { + if len(msg.AddrList)+1 > MaxAddrPerMsg { + str := fmt.Sprintf("too many addresses in message [max %v]", + MaxAddrPerMsg) + return messageError("MsgAddr.AddAddress", str) + } + + msg.AddrList = append(msg.AddrList, na) + return nil +} + +// AddAddresses adds multiple known active peers to the message. +func (msg *MsgAddr) AddAddresses(netAddrs ...*NetAddress) error { + for _, na := range netAddrs { + err := msg.AddAddress(na) + if err != nil { + return err + } + } + return nil +} + +// ClearAddresses removes all addresses from the message. +func (msg *MsgAddr) ClearAddresses() { + msg.AddrList = []*NetAddress{} +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgAddr) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Limit to max addresses per message. + if count > MaxAddrPerMsg { + str := fmt.Sprintf("too many addresses for message "+ + "[count %v, max %v]", count, MaxAddrPerMsg) + return messageError("MsgAddr.BtcDecode", str) + } + + addrList := make([]NetAddress, count) + msg.AddrList = make([]*NetAddress, 0, count) + for i := uint64(0); i < count; i++ { + na := &addrList[i] + err := readNetAddress(r, pver, na, true) + if err != nil { + return err + } + msg.AddAddress(na) + } + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgAddr) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // Protocol versions before MultipleAddressVersion only allowed 1 address + // per message. + count := len(msg.AddrList) + if pver < MultipleAddressVersion && count > 1 { + str := fmt.Sprintf("too many addresses for message of "+ + "protocol version %v [count %v, max 1]", pver, count) + return messageError("MsgAddr.BtcEncode", str) + + } + if count > MaxAddrPerMsg { + str := fmt.Sprintf("too many addresses for message "+ + "[count %v, max %v]", count, MaxAddrPerMsg) + return messageError("MsgAddr.BtcEncode", str) + } + + err := WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, na := range msg.AddrList { + err = writeNetAddress(w, pver, na, true) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgAddr) Command() string { + return CmdAddr +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgAddr) MaxPayloadLength(pver uint32) uint32 { + if pver < MultipleAddressVersion { + // Num addresses (varInt) + a single net addresses. + return MaxVarIntPayload + maxNetAddressPayload(pver) + } + + // Num addresses (varInt) + max allowed addresses. + return MaxVarIntPayload + (MaxAddrPerMsg * maxNetAddressPayload(pver)) +} + +// NewMsgAddr returns a new bitcoin addr message that conforms to the +// Message interface. See MsgAddr for details. +func NewMsgAddr() *MsgAddr { + return &MsgAddr{ + AddrList: make([]*NetAddress, 0, MaxAddrPerMsg), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgalert.go b/vendor/github.com/btcsuite/btcd/wire/msgalert.go new file mode 100644 index 0000000..71c4e22 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgalert.go @@ -0,0 +1,407 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "bytes" + "fmt" + "io" +) + +// MsgAlert contains a payload and a signature: +// +// =============================================== +// | Field | Data Type | Size | +// =============================================== +// | payload | []uchar | ? | +// ----------------------------------------------- +// | signature | []uchar | ? | +// ----------------------------------------------- +// +// Here payload is an Alert serialized into a byte array to ensure that +// versions using incompatible alert formats can still relay +// alerts among one another. +// +// An Alert is the payload deserialized as follows: +// +// =============================================== +// | Field | Data Type | Size | +// =============================================== +// | Version | int32 | 4 | +// ----------------------------------------------- +// | RelayUntil | int64 | 8 | +// ----------------------------------------------- +// | Expiration | int64 | 8 | +// ----------------------------------------------- +// | ID | int32 | 4 | +// ----------------------------------------------- +// | Cancel | int32 | 4 | +// ----------------------------------------------- +// | SetCancel | set | ? | +// ----------------------------------------------- +// | MinVer | int32 | 4 | +// ----------------------------------------------- +// | MaxVer | int32 | 4 | +// ----------------------------------------------- +// | SetSubVer | set | ? | +// ----------------------------------------------- +// | Priority | int32 | 4 | +// ----------------------------------------------- +// | Comment | string | ? | +// ----------------------------------------------- +// | StatusBar | string | ? | +// ----------------------------------------------- +// | Reserved | string | ? | +// ----------------------------------------------- +// | Total (Fixed) | 45 | +// ----------------------------------------------- +// +// NOTE: +// * string is a VarString i.e VarInt length followed by the string itself +// * set is a VarInt followed by as many number of strings +// * set is a VarInt followed by as many number of ints +// * fixedAlertSize = 40 + 5*min(VarInt) = 40 + 5*1 = 45 +// +// Now we can define bounds on Alert size, SetCancel and SetSubVer + +// Fixed size of the alert payload +const fixedAlertSize = 45 + +// maxSignatureSize is the max size of an ECDSA signature. +// NOTE: Since this size is fixed and < 255, the size of VarInt required = 1. +const maxSignatureSize = 72 + +// maxAlertSize is the maximum size an alert. +// +// MessagePayload = VarInt(Alert) + Alert + VarInt(Signature) + Signature +// MaxMessagePayload = maxAlertSize + max(VarInt) + maxSignatureSize + 1 +const maxAlertSize = MaxMessagePayload - maxSignatureSize - MaxVarIntPayload - 1 + +// maxCountSetCancel is the maximum number of cancel IDs that could possibly +// fit into a maximum size alert. +// +// maxAlertSize = fixedAlertSize + max(SetCancel) + max(SetSubVer) + 3*(string) +// for caculating maximum number of cancel IDs, set all other var sizes to 0 +// maxAlertSize = fixedAlertSize + (MaxVarIntPayload-1) + x*sizeOf(int32) +// x = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / 4 +const maxCountSetCancel = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / 4 + +// maxCountSetSubVer is the maximum number of subversions that could possibly +// fit into a maximum size alert. +// +// maxAlertSize = fixedAlertSize + max(SetCancel) + max(SetSubVer) + 3*(string) +// for caculating maximum number of subversions, set all other var sizes to 0 +// maxAlertSize = fixedAlertSize + (MaxVarIntPayload-1) + x*sizeOf(string) +// x = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / sizeOf(string) +// subversion would typically be something like "/Satoshi:0.7.2/" (15 bytes) +// so assuming < 255 bytes, sizeOf(string) = sizeOf(uint8) + 255 = 256 +const maxCountSetSubVer = (maxAlertSize - fixedAlertSize - MaxVarIntPayload + 1) / 256 + +// Alert contains the data deserialized from the MsgAlert payload. +type Alert struct { + // Alert format version + Version int32 + + // Timestamp beyond which nodes should stop relaying this alert + RelayUntil int64 + + // Timestamp beyond which this alert is no longer in effect and + // should be ignored + Expiration int64 + + // A unique ID number for this alert + ID int32 + + // All alerts with an ID less than or equal to this number should + // cancelled, deleted and not accepted in the future + Cancel int32 + + // All alert IDs contained in this set should be cancelled as above + SetCancel []int32 + + // This alert only applies to versions greater than or equal to this + // version. Other versions should still relay it. + MinVer int32 + + // This alert only applies to versions less than or equal to this version. + // Other versions should still relay it. + MaxVer int32 + + // If this set contains any elements, then only nodes that have their + // subVer contained in this set are affected by the alert. Other versions + // should still relay it. + SetSubVer []string + + // Relative priority compared to other alerts + Priority int32 + + // A comment on the alert that is not displayed + Comment string + + // The alert message that is displayed to the user + StatusBar string + + // Reserved + Reserved string +} + +// Serialize encodes the alert to w using the alert protocol encoding format. +func (alert *Alert) Serialize(w io.Writer, pver uint32) error { + err := writeElements(w, alert.Version, alert.RelayUntil, + alert.Expiration, alert.ID, alert.Cancel) + if err != nil { + return err + } + + count := len(alert.SetCancel) + if count > maxCountSetCancel { + str := fmt.Sprintf("too many cancel alert IDs for alert "+ + "[count %v, max %v]", count, maxCountSetCancel) + return messageError("Alert.Serialize", str) + } + err = WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + for i := 0; i < count; i++ { + err = writeElement(w, alert.SetCancel[i]) + if err != nil { + return err + } + } + + err = writeElements(w, alert.MinVer, alert.MaxVer) + if err != nil { + return err + } + + count = len(alert.SetSubVer) + if count > maxCountSetSubVer { + str := fmt.Sprintf("too many sub versions for alert "+ + "[count %v, max %v]", count, maxCountSetSubVer) + return messageError("Alert.Serialize", str) + } + err = WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + for i := 0; i < count; i++ { + err = WriteVarString(w, pver, alert.SetSubVer[i]) + if err != nil { + return err + } + } + + err = writeElement(w, alert.Priority) + if err != nil { + return err + } + err = WriteVarString(w, pver, alert.Comment) + if err != nil { + return err + } + err = WriteVarString(w, pver, alert.StatusBar) + if err != nil { + return err + } + return WriteVarString(w, pver, alert.Reserved) +} + +// Deserialize decodes from r into the receiver using the alert protocol +// encoding format. +func (alert *Alert) Deserialize(r io.Reader, pver uint32) error { + err := readElements(r, &alert.Version, &alert.RelayUntil, + &alert.Expiration, &alert.ID, &alert.Cancel) + if err != nil { + return err + } + + // SetCancel: first read a VarInt that contains + // count - the number of Cancel IDs, then + // iterate count times and read them + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + if count > maxCountSetCancel { + str := fmt.Sprintf("too many cancel alert IDs for alert "+ + "[count %v, max %v]", count, maxCountSetCancel) + return messageError("Alert.Deserialize", str) + } + alert.SetCancel = make([]int32, count) + for i := 0; i < int(count); i++ { + err := readElement(r, &alert.SetCancel[i]) + if err != nil { + return err + } + } + + err = readElements(r, &alert.MinVer, &alert.MaxVer) + if err != nil { + return err + } + + // SetSubVer: similar to SetCancel + // but read count number of sub-version strings + count, err = ReadVarInt(r, pver) + if err != nil { + return err + } + if count > maxCountSetSubVer { + str := fmt.Sprintf("too many sub versions for alert "+ + "[count %v, max %v]", count, maxCountSetSubVer) + return messageError("Alert.Deserialize", str) + } + alert.SetSubVer = make([]string, count) + for i := 0; i < int(count); i++ { + alert.SetSubVer[i], err = ReadVarString(r, pver) + if err != nil { + return err + } + } + + err = readElement(r, &alert.Priority) + if err != nil { + return err + } + alert.Comment, err = ReadVarString(r, pver) + if err != nil { + return err + } + alert.StatusBar, err = ReadVarString(r, pver) + if err != nil { + return err + } + alert.Reserved, err = ReadVarString(r, pver) + return err +} + +// NewAlert returns an new Alert with values provided. +func NewAlert(version int32, relayUntil int64, expiration int64, + id int32, cancel int32, setCancel []int32, minVer int32, + maxVer int32, setSubVer []string, priority int32, comment string, + statusBar string) *Alert { + return &Alert{ + Version: version, + RelayUntil: relayUntil, + Expiration: expiration, + ID: id, + Cancel: cancel, + SetCancel: setCancel, + MinVer: minVer, + MaxVer: maxVer, + SetSubVer: setSubVer, + Priority: priority, + Comment: comment, + StatusBar: statusBar, + Reserved: "", + } +} + +// NewAlertFromPayload returns an Alert with values deserialized from the +// serialized payload. +func NewAlertFromPayload(serializedPayload []byte, pver uint32) (*Alert, error) { + var alert Alert + r := bytes.NewReader(serializedPayload) + err := alert.Deserialize(r, pver) + if err != nil { + return nil, err + } + return &alert, nil +} + +// MsgAlert implements the Message interface and defines a bitcoin alert +// message. +// +// This is a signed message that provides notifications that the client should +// display if the signature matches the key. bitcoind/bitcoin-qt only checks +// against a signature from the core developers. +type MsgAlert struct { + // SerializedPayload is the alert payload serialized as a string so that the + // version can change but the Alert can still be passed on by older + // clients. + SerializedPayload []byte + + // Signature is the ECDSA signature of the message. + Signature []byte + + // Deserialized Payload + Payload *Alert +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgAlert) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + var err error + + msg.SerializedPayload, err = ReadVarBytes(r, pver, MaxMessagePayload, + "alert serialized payload") + if err != nil { + return err + } + + msg.Payload, err = NewAlertFromPayload(msg.SerializedPayload, pver) + if err != nil { + msg.Payload = nil + } + + msg.Signature, err = ReadVarBytes(r, pver, MaxMessagePayload, + "alert signature") + return err +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgAlert) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + var err error + var serializedpayload []byte + if msg.Payload != nil { + // try to Serialize Payload if possible + r := new(bytes.Buffer) + err = msg.Payload.Serialize(r, pver) + if err != nil { + // Serialize failed - ignore & fallback + // to SerializedPayload + serializedpayload = msg.SerializedPayload + } else { + serializedpayload = r.Bytes() + } + } else { + serializedpayload = msg.SerializedPayload + } + slen := uint64(len(serializedpayload)) + if slen == 0 { + return messageError("MsgAlert.BtcEncode", "empty serialized payload") + } + err = WriteVarBytes(w, pver, serializedpayload) + if err != nil { + return err + } + return WriteVarBytes(w, pver, msg.Signature) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgAlert) Command() string { + return CmdAlert +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgAlert) MaxPayloadLength(pver uint32) uint32 { + // Since this can vary depending on the message, make it the max + // size allowed. + return MaxMessagePayload +} + +// NewMsgAlert returns a new bitcoin alert message that conforms to the Message +// interface. See MsgAlert for details. +func NewMsgAlert(serializedPayload []byte, signature []byte) *MsgAlert { + return &MsgAlert{ + SerializedPayload: serializedPayload, + Signature: signature, + Payload: nil, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgblock.go b/vendor/github.com/btcsuite/btcd/wire/msgblock.go new file mode 100644 index 0000000..4172949 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgblock.go @@ -0,0 +1,290 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "bytes" + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// defaultTransactionAlloc is the default size used for the backing array +// for transactions. The transaction array will dynamically grow as needed, but +// this figure is intended to provide enough space for the number of +// transactions in the vast majority of blocks without needing to grow the +// backing array multiple times. +const defaultTransactionAlloc = 2048 + +// MaxBlocksPerMsg is the maximum number of blocks allowed per message. +const MaxBlocksPerMsg = 500 + +// MaxBlockPayload is the maximum bytes a block message can be in bytes. +// After Segregated Witness, the max block payload has been raised to 4MB. +const MaxBlockPayload = 4000000 + +// maxTxPerBlock is the maximum number of transactions that could +// possibly fit into a block. +const maxTxPerBlock = (MaxBlockPayload / minTxPayload) + 1 + +// TxLoc holds locator data for the offset and length of where a transaction is +// located within a MsgBlock data buffer. +type TxLoc struct { + TxStart int + TxLen int +} + +// MsgBlock implements the Message interface and represents a bitcoin +// block message. It is used to deliver block and transaction information in +// response to a getdata message (MsgGetData) for a given block hash. +type MsgBlock struct { + Header BlockHeader + Transactions []*MsgTx +} + +// AddTransaction adds a transaction to the message. +func (msg *MsgBlock) AddTransaction(tx *MsgTx) error { + msg.Transactions = append(msg.Transactions, tx) + return nil + +} + +// ClearTransactions removes all transactions from the message. +func (msg *MsgBlock) ClearTransactions() { + msg.Transactions = make([]*MsgTx, 0, defaultTransactionAlloc) +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +// See Deserialize for decoding blocks stored to disk, such as in a database, as +// opposed to decoding blocks from the wire. +func (msg *MsgBlock) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + err := readBlockHeader(r, pver, &msg.Header) + if err != nil { + return err + } + + txCount, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Prevent more transactions than could possibly fit into a block. + // It would be possible to cause memory exhaustion and panics without + // a sane upper bound on this count. + if txCount > maxTxPerBlock { + str := fmt.Sprintf("too many transactions to fit into a block "+ + "[count %d, max %d]", txCount, maxTxPerBlock) + return messageError("MsgBlock.BtcDecode", str) + } + + msg.Transactions = make([]*MsgTx, 0, txCount) + for i := uint64(0); i < txCount; i++ { + tx := MsgTx{} + err := tx.BtcDecode(r, pver, enc) + if err != nil { + return err + } + msg.Transactions = append(msg.Transactions, &tx) + } + + return nil +} + +// Deserialize decodes a block from r into the receiver using a format that is +// suitable for long-term storage such as a database while respecting the +// Version field in the block. This function differs from BtcDecode in that +// BtcDecode decodes from the bitcoin wire protocol as it was sent across the +// network. The wire encoding can technically differ depending on the protocol +// version and doesn't even really need to match the format of a stored block at +// all. As of the time this comment was written, the encoded block is the same +// in both instances, but there is a distinct difference and separating the two +// allows the API to be flexible enough to deal with changes. +func (msg *MsgBlock) Deserialize(r io.Reader) error { + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of BtcDecode. + // + // Passing an encoding type of WitnessEncoding to BtcEncode for the + // MessageEncoding parameter indicates that the transactions within the + // block are expected to be serialized according to the new + // serialization structure defined in BIP0141. + return msg.BtcDecode(r, 0, WitnessEncoding) +} + +// DeserializeNoWitness decodes a block from r into the receiver similar to +// Deserialize, however DeserializeWitness strips all (if any) witness data +// from the transactions within the block before encoding them. +func (msg *MsgBlock) DeserializeNoWitness(r io.Reader) error { + return msg.BtcDecode(r, 0, BaseEncoding) +} + +// DeserializeTxLoc decodes r in the same manner Deserialize does, but it takes +// a byte buffer instead of a generic reader and returns a slice containing the +// start and length of each transaction within the raw data that is being +// deserialized. +func (msg *MsgBlock) DeserializeTxLoc(r *bytes.Buffer) ([]TxLoc, error) { + fullLen := r.Len() + + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of existing wire protocol functions. + err := readBlockHeader(r, 0, &msg.Header) + if err != nil { + return nil, err + } + + txCount, err := ReadVarInt(r, 0) + if err != nil { + return nil, err + } + + // Prevent more transactions than could possibly fit into a block. + // It would be possible to cause memory exhaustion and panics without + // a sane upper bound on this count. + if txCount > maxTxPerBlock { + str := fmt.Sprintf("too many transactions to fit into a block "+ + "[count %d, max %d]", txCount, maxTxPerBlock) + return nil, messageError("MsgBlock.DeserializeTxLoc", str) + } + + // Deserialize each transaction while keeping track of its location + // within the byte stream. + msg.Transactions = make([]*MsgTx, 0, txCount) + txLocs := make([]TxLoc, txCount) + for i := uint64(0); i < txCount; i++ { + txLocs[i].TxStart = fullLen - r.Len() + tx := MsgTx{} + err := tx.Deserialize(r) + if err != nil { + return nil, err + } + msg.Transactions = append(msg.Transactions, &tx) + txLocs[i].TxLen = (fullLen - r.Len()) - txLocs[i].TxStart + } + + return txLocs, nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +// See Serialize for encoding blocks to be stored to disk, such as in a +// database, as opposed to encoding blocks for the wire. +func (msg *MsgBlock) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + err := writeBlockHeader(w, pver, &msg.Header) + if err != nil { + return err + } + + err = WriteVarInt(w, pver, uint64(len(msg.Transactions))) + if err != nil { + return err + } + + for _, tx := range msg.Transactions { + err = tx.BtcEncode(w, pver, enc) + if err != nil { + return err + } + } + + return nil +} + +// Serialize encodes the block to w using a format that suitable for long-term +// storage such as a database while respecting the Version field in the block. +// This function differs from BtcEncode in that BtcEncode encodes the block to +// the bitcoin wire protocol in order to be sent across the network. The wire +// encoding can technically differ depending on the protocol version and doesn't +// even really need to match the format of a stored block at all. As of the +// time this comment was written, the encoded block is the same in both +// instances, but there is a distinct difference and separating the two allows +// the API to be flexible enough to deal with changes. +func (msg *MsgBlock) Serialize(w io.Writer) error { + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of BtcEncode. + // + // Passing WitnessEncoding as the encoding type here indicates that + // each of the transactions should be serialized using the witness + // serialization structure defined in BIP0141. + return msg.BtcEncode(w, 0, WitnessEncoding) +} + +// SerializeNoWitness encodes a block to w using an identical format to +// Serialize, with all (if any) witness data stripped from all transactions. +// This method is provided in additon to the regular Serialize, in order to +// allow one to selectively encode transaction witness data to non-upgraded +// peers which are unaware of the new encoding. +func (msg *MsgBlock) SerializeNoWitness(w io.Writer) error { + return msg.BtcEncode(w, 0, BaseEncoding) +} + +// SerializeSize returns the number of bytes it would take to serialize the +// block, factoring in any witness data within transaction. +func (msg *MsgBlock) SerializeSize() int { + // Block header bytes + Serialized varint size for the number of + // transactions. + n := blockHeaderLen + VarIntSerializeSize(uint64(len(msg.Transactions))) + + for _, tx := range msg.Transactions { + n += tx.SerializeSize() + } + + return n +} + +// SerializeSizeStripped returns the number of bytes it would take to serialize +// the block, excluding any witness data (if any). +func (msg *MsgBlock) SerializeSizeStripped() int { + // Block header bytes + Serialized varint size for the number of + // transactions. + n := blockHeaderLen + VarIntSerializeSize(uint64(len(msg.Transactions))) + + for _, tx := range msg.Transactions { + n += tx.SerializeSizeStripped() + } + + return n +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgBlock) Command() string { + return CmdBlock +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgBlock) MaxPayloadLength(pver uint32) uint32 { + // Block header at 80 bytes + transaction count + max transactions + // which can vary up to the MaxBlockPayload (including the block header + // and transaction count). + return MaxBlockPayload +} + +// BlockHash computes the block identifier hash for this block. +func (msg *MsgBlock) BlockHash() chainhash.Hash { + return msg.Header.BlockHash() +} + +// TxHashes returns a slice of hashes of all of transactions in this block. +func (msg *MsgBlock) TxHashes() ([]chainhash.Hash, error) { + hashList := make([]chainhash.Hash, 0, len(msg.Transactions)) + for _, tx := range msg.Transactions { + hashList = append(hashList, tx.TxHash()) + } + return hashList, nil +} + +// NewMsgBlock returns a new bitcoin block message that conforms to the +// Message interface. See MsgBlock for details. +func NewMsgBlock(blockHeader *BlockHeader) *MsgBlock { + return &MsgBlock{ + Header: *blockHeader, + Transactions: make([]*MsgTx, 0, defaultTransactionAlloc), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgcfcheckpt.go b/vendor/github.com/btcsuite/btcd/wire/msgcfcheckpt.go new file mode 100644 index 0000000..fc3fd53 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgcfcheckpt.go @@ -0,0 +1,164 @@ +// Copyright (c) 2018 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "errors" + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +const ( + // CFCheckptInterval is the gap (in number of blocks) between each + // filter header checkpoint. + CFCheckptInterval = 1000 + + // maxCFHeadersLen is the max number of filter headers we will attempt + // to decode. + maxCFHeadersLen = 100000 +) + +// ErrInsaneCFHeaderCount signals that we were asked to decode an +// unreasonable number of cfilter headers. +var ErrInsaneCFHeaderCount = errors.New( + "refusing to decode unreasonable number of filter headers") + +// MsgCFCheckpt implements the Message interface and represents a bitcoin +// cfcheckpt message. It is used to deliver committed filter header information +// in response to a getcfcheckpt message (MsgGetCFCheckpt). See MsgGetCFCheckpt +// for details on requesting the headers. +type MsgCFCheckpt struct { + FilterType FilterType + StopHash chainhash.Hash + FilterHeaders []*chainhash.Hash +} + +// AddCFHeader adds a new committed filter header to the message. +func (msg *MsgCFCheckpt) AddCFHeader(header *chainhash.Hash) error { + if len(msg.FilterHeaders) == cap(msg.FilterHeaders) { + str := fmt.Sprintf("FilterHeaders has insufficient capacity for "+ + "additional header: len = %d", len(msg.FilterHeaders)) + return messageError("MsgCFCheckpt.AddCFHeader", str) + } + + msg.FilterHeaders = append(msg.FilterHeaders, header) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgCFCheckpt) BtcDecode(r io.Reader, pver uint32, _ MessageEncoding) error { + // Read filter type + err := readElement(r, &msg.FilterType) + if err != nil { + return err + } + + // Read stop hash + err = readElement(r, &msg.StopHash) + if err != nil { + return err + } + + // Read number of filter headers + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Refuse to decode an insane number of cfheaders. + if count > maxCFHeadersLen { + return ErrInsaneCFHeaderCount + } + + // Create a contiguous slice of hashes to deserialize into in order to + // reduce the number of allocations. + msg.FilterHeaders = make([]*chainhash.Hash, count) + for i := uint64(0); i < count; i++ { + var cfh chainhash.Hash + err := readElement(r, &cfh) + if err != nil { + return err + } + msg.FilterHeaders[i] = &cfh + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgCFCheckpt) BtcEncode(w io.Writer, pver uint32, _ MessageEncoding) error { + // Write filter type + err := writeElement(w, msg.FilterType) + if err != nil { + return err + } + + // Write stop hash + err = writeElement(w, msg.StopHash) + if err != nil { + return err + } + + // Write length of FilterHeaders slice + count := len(msg.FilterHeaders) + err = WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, cfh := range msg.FilterHeaders { + err := writeElement(w, cfh) + if err != nil { + return err + } + } + + return nil +} + +// Deserialize decodes a filter header from r into the receiver using a format +// that is suitable for long-term storage such as a database. This function +// differs from BtcDecode in that BtcDecode decodes from the bitcoin wire +// protocol as it was sent across the network. The wire encoding can +// technically differ depending on the protocol version and doesn't even really +// need to match the format of a stored filter header at all. As of the time +// this comment was written, the encoded filter header is the same in both +// instances, but there is a distinct difference and separating the two allows +// the API to be flexible enough to deal with changes. +func (msg *MsgCFCheckpt) Deserialize(r io.Reader) error { + // At the current time, there is no difference between the wire encoding + // and the stable long-term storage format. As a result, make use of + // BtcDecode. + return msg.BtcDecode(r, 0, BaseEncoding) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgCFCheckpt) Command() string { + return CmdCFCheckpt +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgCFCheckpt) MaxPayloadLength(pver uint32) uint32 { + // Message size depends on the blockchain height, so return general limit + // for all messages. + return MaxMessagePayload +} + +// NewMsgCFCheckpt returns a new bitcoin cfheaders message that conforms to +// the Message interface. See MsgCFCheckpt for details. +func NewMsgCFCheckpt(filterType FilterType, stopHash *chainhash.Hash, + headersCount int) *MsgCFCheckpt { + return &MsgCFCheckpt{ + FilterType: filterType, + StopHash: *stopHash, + FilterHeaders: make([]*chainhash.Hash, 0, headersCount), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgcfheaders.go b/vendor/github.com/btcsuite/btcd/wire/msgcfheaders.go new file mode 100644 index 0000000..40d30f9 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgcfheaders.go @@ -0,0 +1,180 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +const ( + // MaxCFHeaderPayload is the maximum byte size of a committed + // filter header. + MaxCFHeaderPayload = chainhash.HashSize + + // MaxCFHeadersPerMsg is the maximum number of committed filter headers + // that can be in a single bitcoin cfheaders message. + MaxCFHeadersPerMsg = 2000 +) + +// MsgCFHeaders implements the Message interface and represents a bitcoin +// cfheaders message. It is used to deliver committed filter header information +// in response to a getcfheaders message (MsgGetCFHeaders). The maximum number +// of committed filter headers per message is currently 2000. See +// MsgGetCFHeaders for details on requesting the headers. +type MsgCFHeaders struct { + FilterType FilterType + StopHash chainhash.Hash + PrevFilterHeader chainhash.Hash + FilterHashes []*chainhash.Hash +} + +// AddCFHash adds a new filter hash to the message. +func (msg *MsgCFHeaders) AddCFHash(hash *chainhash.Hash) error { + if len(msg.FilterHashes)+1 > MaxCFHeadersPerMsg { + str := fmt.Sprintf("too many block headers in message [max %v]", + MaxBlockHeadersPerMsg) + return messageError("MsgCFHeaders.AddCFHash", str) + } + + msg.FilterHashes = append(msg.FilterHashes, hash) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgCFHeaders) BtcDecode(r io.Reader, pver uint32, _ MessageEncoding) error { + // Read filter type + err := readElement(r, &msg.FilterType) + if err != nil { + return err + } + + // Read stop hash + err = readElement(r, &msg.StopHash) + if err != nil { + return err + } + + // Read prev filter header + err = readElement(r, &msg.PrevFilterHeader) + if err != nil { + return err + } + + // Read number of filter headers + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Limit to max committed filter headers per message. + if count > MaxCFHeadersPerMsg { + str := fmt.Sprintf("too many committed filter headers for "+ + "message [count %v, max %v]", count, + MaxBlockHeadersPerMsg) + return messageError("MsgCFHeaders.BtcDecode", str) + } + + // Create a contiguous slice of hashes to deserialize into in order to + // reduce the number of allocations. + msg.FilterHashes = make([]*chainhash.Hash, 0, count) + for i := uint64(0); i < count; i++ { + var cfh chainhash.Hash + err := readElement(r, &cfh) + if err != nil { + return err + } + msg.AddCFHash(&cfh) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgCFHeaders) BtcEncode(w io.Writer, pver uint32, _ MessageEncoding) error { + // Write filter type + err := writeElement(w, msg.FilterType) + if err != nil { + return err + } + + // Write stop hash + err = writeElement(w, msg.StopHash) + if err != nil { + return err + } + + // Write prev filter header + err = writeElement(w, msg.PrevFilterHeader) + if err != nil { + return err + } + + // Limit to max committed headers per message. + count := len(msg.FilterHashes) + if count > MaxCFHeadersPerMsg { + str := fmt.Sprintf("too many committed filter headers for "+ + "message [count %v, max %v]", count, + MaxBlockHeadersPerMsg) + return messageError("MsgCFHeaders.BtcEncode", str) + } + + err = WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, cfh := range msg.FilterHashes { + err := writeElement(w, cfh) + if err != nil { + return err + } + } + + return nil +} + +// Deserialize decodes a filter header from r into the receiver using a format +// that is suitable for long-term storage such as a database. This function +// differs from BtcDecode in that BtcDecode decodes from the bitcoin wire +// protocol as it was sent across the network. The wire encoding can +// technically differ depending on the protocol version and doesn't even really +// need to match the format of a stored filter header at all. As of the time +// this comment was written, the encoded filter header is the same in both +// instances, but there is a distinct difference and separating the two allows +// the API to be flexible enough to deal with changes. +func (msg *MsgCFHeaders) Deserialize(r io.Reader) error { + // At the current time, there is no difference between the wire encoding + // and the stable long-term storage format. As a result, make use of + // BtcDecode. + return msg.BtcDecode(r, 0, BaseEncoding) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgCFHeaders) Command() string { + return CmdCFHeaders +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgCFHeaders) MaxPayloadLength(pver uint32) uint32 { + // Hash size + filter type + num headers (varInt) + + // (header size * max headers). + return 1 + chainhash.HashSize + chainhash.HashSize + MaxVarIntPayload + + (MaxCFHeaderPayload * MaxCFHeadersPerMsg) +} + +// NewMsgCFHeaders returns a new bitcoin cfheaders message that conforms to +// the Message interface. See MsgCFHeaders for details. +func NewMsgCFHeaders() *MsgCFHeaders { + return &MsgCFHeaders{ + FilterHashes: make([]*chainhash.Hash, 0, MaxCFHeadersPerMsg), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgcfilter.go b/vendor/github.com/btcsuite/btcd/wire/msgcfilter.go new file mode 100644 index 0000000..097590b --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgcfilter.go @@ -0,0 +1,119 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// FilterType is used to represent a filter type. +type FilterType uint8 + +const ( + // GCSFilterRegular is the regular filter type. + GCSFilterRegular FilterType = iota +) + +const ( + // MaxCFilterDataSize is the maximum byte size of a committed filter. + // The maximum size is currently defined as 256KiB. + MaxCFilterDataSize = 256 * 1024 +) + +// MsgCFilter implements the Message interface and represents a bitcoin cfilter +// message. It is used to deliver a committed filter in response to a +// getcfilters (MsgGetCFilters) message. +type MsgCFilter struct { + FilterType FilterType + BlockHash chainhash.Hash + Data []byte +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgCFilter) BtcDecode(r io.Reader, pver uint32, _ MessageEncoding) error { + // Read filter type + err := readElement(r, &msg.FilterType) + if err != nil { + return err + } + + // Read the hash of the filter's block + err = readElement(r, &msg.BlockHash) + if err != nil { + return err + } + + // Read filter data + msg.Data, err = ReadVarBytes(r, pver, MaxCFilterDataSize, + "cfilter data") + return err +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgCFilter) BtcEncode(w io.Writer, pver uint32, _ MessageEncoding) error { + size := len(msg.Data) + if size > MaxCFilterDataSize { + str := fmt.Sprintf("cfilter size too large for message "+ + "[size %v, max %v]", size, MaxCFilterDataSize) + return messageError("MsgCFilter.BtcEncode", str) + } + + err := writeElement(w, msg.FilterType) + if err != nil { + return err + } + + err = writeElement(w, msg.BlockHash) + if err != nil { + return err + } + + return WriteVarBytes(w, pver, msg.Data) +} + +// Deserialize decodes a filter from r into the receiver using a format that is +// suitable for long-term storage such as a database. This function differs +// from BtcDecode in that BtcDecode decodes from the bitcoin wire protocol as +// it was sent across the network. The wire encoding can technically differ +// depending on the protocol version and doesn't even really need to match the +// format of a stored filter at all. As of the time this comment was written, +// the encoded filter is the same in both instances, but there is a distinct +// difference and separating the two allows the API to be flexible enough to +// deal with changes. +func (msg *MsgCFilter) Deserialize(r io.Reader) error { + // At the current time, there is no difference between the wire encoding + // and the stable long-term storage format. As a result, make use of + // BtcDecode. + return msg.BtcDecode(r, 0, BaseEncoding) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgCFilter) Command() string { + return CmdCFilter +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgCFilter) MaxPayloadLength(pver uint32) uint32 { + return uint32(VarIntSerializeSize(MaxCFilterDataSize)) + + MaxCFilterDataSize + chainhash.HashSize + 1 +} + +// NewMsgCFilter returns a new bitcoin cfilter message that conforms to the +// Message interface. See MsgCFilter for details. +func NewMsgCFilter(filterType FilterType, blockHash *chainhash.Hash, + data []byte) *MsgCFilter { + return &MsgCFilter{ + FilterType: filterType, + BlockHash: *blockHash, + Data: data, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgfeefilter.go b/vendor/github.com/btcsuite/btcd/wire/msgfeefilter.go new file mode 100644 index 0000000..754647a --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgfeefilter.go @@ -0,0 +1,64 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgFeeFilter implements the Message interface and represents a bitcoin +// feefilter message. It is used to request the receiving peer does not +// announce any transactions below the specified minimum fee rate. +// +// This message was not added until protocol versions starting with +// FeeFilterVersion. +type MsgFeeFilter struct { + MinFee int64 +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgFeeFilter) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < FeeFilterVersion { + str := fmt.Sprintf("feefilter message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFeeFilter.BtcDecode", str) + } + + return readElement(r, &msg.MinFee) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgFeeFilter) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < FeeFilterVersion { + str := fmt.Sprintf("feefilter message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFeeFilter.BtcEncode", str) + } + + return writeElement(w, msg.MinFee) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgFeeFilter) Command() string { + return CmdFeeFilter +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgFeeFilter) MaxPayloadLength(pver uint32) uint32 { + return 8 +} + +// NewMsgFeeFilter returns a new bitcoin feefilter message that conforms to +// the Message interface. See MsgFeeFilter for details. +func NewMsgFeeFilter(minfee int64) *MsgFeeFilter { + return &MsgFeeFilter{ + MinFee: minfee, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgfilteradd.go b/vendor/github.com/btcsuite/btcd/wire/msgfilteradd.go new file mode 100644 index 0000000..21b67ca --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgfilteradd.go @@ -0,0 +1,81 @@ +// Copyright (c) 2014-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +const ( + // MaxFilterAddDataSize is the maximum byte size of a data + // element to add to the Bloom filter. It is equal to the + // maximum element size of a script. + MaxFilterAddDataSize = 520 +) + +// MsgFilterAdd implements the Message interface and represents a bitcoin +// filteradd message. It is used to add a data element to an existing Bloom +// filter. +// +// This message was not added until protocol version BIP0037Version. +type MsgFilterAdd struct { + Data []byte +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgFilterAdd) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("filteradd message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFilterAdd.BtcDecode", str) + } + + var err error + msg.Data, err = ReadVarBytes(r, pver, MaxFilterAddDataSize, + "filteradd data") + return err +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgFilterAdd) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("filteradd message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFilterAdd.BtcEncode", str) + } + + size := len(msg.Data) + if size > MaxFilterAddDataSize { + str := fmt.Sprintf("filteradd size too large for message "+ + "[size %v, max %v]", size, MaxFilterAddDataSize) + return messageError("MsgFilterAdd.BtcEncode", str) + } + + return WriteVarBytes(w, pver, msg.Data) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgFilterAdd) Command() string { + return CmdFilterAdd +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgFilterAdd) MaxPayloadLength(pver uint32) uint32 { + return uint32(VarIntSerializeSize(MaxFilterAddDataSize)) + + MaxFilterAddDataSize +} + +// NewMsgFilterAdd returns a new bitcoin filteradd message that conforms to the +// Message interface. See MsgFilterAdd for details. +func NewMsgFilterAdd(data []byte) *MsgFilterAdd { + return &MsgFilterAdd{ + Data: data, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgfilterclear.go b/vendor/github.com/btcsuite/btcd/wire/msgfilterclear.go new file mode 100644 index 0000000..7562fe2 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgfilterclear.go @@ -0,0 +1,59 @@ +// Copyright (c) 2014-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgFilterClear implements the Message interface and represents a bitcoin +// filterclear message which is used to reset a Bloom filter. +// +// This message was not added until protocol version BIP0037Version and has +// no payload. +type MsgFilterClear struct{} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgFilterClear) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("filterclear message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFilterClear.BtcDecode", str) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgFilterClear) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("filterclear message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFilterClear.BtcEncode", str) + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgFilterClear) Command() string { + return CmdFilterClear +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgFilterClear) MaxPayloadLength(pver uint32) uint32 { + return 0 +} + +// NewMsgFilterClear returns a new bitcoin filterclear message that conforms to the Message +// interface. See MsgFilterClear for details. +func NewMsgFilterClear() *MsgFilterClear { + return &MsgFilterClear{} +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgfilterload.go b/vendor/github.com/btcsuite/btcd/wire/msgfilterload.go new file mode 100644 index 0000000..dbda737 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgfilterload.go @@ -0,0 +1,136 @@ +// Copyright (c) 2014-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// BloomUpdateType specifies how the filter is updated when a match is found +type BloomUpdateType uint8 + +const ( + // BloomUpdateNone indicates the filter is not adjusted when a match is + // found. + BloomUpdateNone BloomUpdateType = 0 + + // BloomUpdateAll indicates if the filter matches any data element in a + // public key script, the outpoint is serialized and inserted into the + // filter. + BloomUpdateAll BloomUpdateType = 1 + + // BloomUpdateP2PubkeyOnly indicates if the filter matches a data + // element in a public key script and the script is of the standard + // pay-to-pubkey or multisig, the outpoint is serialized and inserted + // into the filter. + BloomUpdateP2PubkeyOnly BloomUpdateType = 2 +) + +const ( + // MaxFilterLoadHashFuncs is the maximum number of hash functions to + // load into the Bloom filter. + MaxFilterLoadHashFuncs = 50 + + // MaxFilterLoadFilterSize is the maximum size in bytes a filter may be. + MaxFilterLoadFilterSize = 36000 +) + +// MsgFilterLoad implements the Message interface and represents a bitcoin +// filterload message which is used to reset a Bloom filter. +// +// This message was not added until protocol version BIP0037Version. +type MsgFilterLoad struct { + Filter []byte + HashFuncs uint32 + Tweak uint32 + Flags BloomUpdateType +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgFilterLoad) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("filterload message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFilterLoad.BtcDecode", str) + } + + var err error + msg.Filter, err = ReadVarBytes(r, pver, MaxFilterLoadFilterSize, + "filterload filter size") + if err != nil { + return err + } + + err = readElements(r, &msg.HashFuncs, &msg.Tweak, &msg.Flags) + if err != nil { + return err + } + + if msg.HashFuncs > MaxFilterLoadHashFuncs { + str := fmt.Sprintf("too many filter hash functions for message "+ + "[count %v, max %v]", msg.HashFuncs, MaxFilterLoadHashFuncs) + return messageError("MsgFilterLoad.BtcDecode", str) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgFilterLoad) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("filterload message invalid for protocol "+ + "version %d", pver) + return messageError("MsgFilterLoad.BtcEncode", str) + } + + size := len(msg.Filter) + if size > MaxFilterLoadFilterSize { + str := fmt.Sprintf("filterload filter size too large for message "+ + "[size %v, max %v]", size, MaxFilterLoadFilterSize) + return messageError("MsgFilterLoad.BtcEncode", str) + } + + if msg.HashFuncs > MaxFilterLoadHashFuncs { + str := fmt.Sprintf("too many filter hash functions for message "+ + "[count %v, max %v]", msg.HashFuncs, MaxFilterLoadHashFuncs) + return messageError("MsgFilterLoad.BtcEncode", str) + } + + err := WriteVarBytes(w, pver, msg.Filter) + if err != nil { + return err + } + + return writeElements(w, msg.HashFuncs, msg.Tweak, msg.Flags) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgFilterLoad) Command() string { + return CmdFilterLoad +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgFilterLoad) MaxPayloadLength(pver uint32) uint32 { + // Num filter bytes (varInt) + filter + 4 bytes hash funcs + + // 4 bytes tweak + 1 byte flags. + return uint32(VarIntSerializeSize(MaxFilterLoadFilterSize)) + + MaxFilterLoadFilterSize + 9 +} + +// NewMsgFilterLoad returns a new bitcoin filterload message that conforms to +// the Message interface. See MsgFilterLoad for details. +func NewMsgFilterLoad(filter []byte, hashFuncs uint32, tweak uint32, flags BloomUpdateType) *MsgFilterLoad { + return &MsgFilterLoad{ + Filter: filter, + HashFuncs: hashFuncs, + Tweak: tweak, + Flags: flags, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetaddr.go b/vendor/github.com/btcsuite/btcd/wire/msggetaddr.go new file mode 100644 index 0000000..2af8018 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetaddr.go @@ -0,0 +1,47 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "io" +) + +// MsgGetAddr implements the Message interface and represents a bitcoin +// getaddr message. It is used to request a list of known active peers on the +// network from a peer to help identify potential nodes. The list is returned +// via one or more addr messages (MsgAddr). +// +// This message has no payload. +type MsgGetAddr struct{} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetAddr) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetAddr) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetAddr) Command() string { + return CmdGetAddr +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetAddr) MaxPayloadLength(pver uint32) uint32 { + return 0 +} + +// NewMsgGetAddr returns a new bitcoin getaddr message that conforms to the +// Message interface. See MsgGetAddr for details. +func NewMsgGetAddr() *MsgGetAddr { + return &MsgGetAddr{} +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetblocks.go b/vendor/github.com/btcsuite/btcd/wire/msggetblocks.go new file mode 100644 index 0000000..caf4400 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetblocks.go @@ -0,0 +1,139 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MaxBlockLocatorsPerMsg is the maximum number of block locator hashes allowed +// per message. +const MaxBlockLocatorsPerMsg = 500 + +// MsgGetBlocks implements the Message interface and represents a bitcoin +// getblocks message. It is used to request a list of blocks starting after the +// last known hash in the slice of block locator hashes. The list is returned +// via an inv message (MsgInv) and is limited by a specific hash to stop at or +// the maximum number of blocks per message, which is currently 500. +// +// Set the HashStop field to the hash at which to stop and use +// AddBlockLocatorHash to build up the list of block locator hashes. +// +// The algorithm for building the block locator hashes should be to add the +// hashes in reverse order until you reach the genesis block. In order to keep +// the list of locator hashes to a reasonable number of entries, first add the +// most recent 10 block hashes, then double the step each loop iteration to +// exponentially decrease the number of hashes the further away from head and +// closer to the genesis block you get. +type MsgGetBlocks struct { + ProtocolVersion uint32 + BlockLocatorHashes []*chainhash.Hash + HashStop chainhash.Hash +} + +// AddBlockLocatorHash adds a new block locator hash to the message. +func (msg *MsgGetBlocks) AddBlockLocatorHash(hash *chainhash.Hash) error { + if len(msg.BlockLocatorHashes)+1 > MaxBlockLocatorsPerMsg { + str := fmt.Sprintf("too many block locator hashes for message [max %v]", + MaxBlockLocatorsPerMsg) + return messageError("MsgGetBlocks.AddBlockLocatorHash", str) + } + + msg.BlockLocatorHashes = append(msg.BlockLocatorHashes, hash) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetBlocks) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + err := readElement(r, &msg.ProtocolVersion) + if err != nil { + return err + } + + // Read num block locator hashes and limit to max. + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + if count > MaxBlockLocatorsPerMsg { + str := fmt.Sprintf("too many block locator hashes for message "+ + "[count %v, max %v]", count, MaxBlockLocatorsPerMsg) + return messageError("MsgGetBlocks.BtcDecode", str) + } + + // Create a contiguous slice of hashes to deserialize into in order to + // reduce the number of allocations. + locatorHashes := make([]chainhash.Hash, count) + msg.BlockLocatorHashes = make([]*chainhash.Hash, 0, count) + for i := uint64(0); i < count; i++ { + hash := &locatorHashes[i] + err := readElement(r, hash) + if err != nil { + return err + } + msg.AddBlockLocatorHash(hash) + } + + return readElement(r, &msg.HashStop) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetBlocks) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + count := len(msg.BlockLocatorHashes) + if count > MaxBlockLocatorsPerMsg { + str := fmt.Sprintf("too many block locator hashes for message "+ + "[count %v, max %v]", count, MaxBlockLocatorsPerMsg) + return messageError("MsgGetBlocks.BtcEncode", str) + } + + err := writeElement(w, msg.ProtocolVersion) + if err != nil { + return err + } + + err = WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, hash := range msg.BlockLocatorHashes { + err = writeElement(w, hash) + if err != nil { + return err + } + } + + return writeElement(w, &msg.HashStop) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetBlocks) Command() string { + return CmdGetBlocks +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetBlocks) MaxPayloadLength(pver uint32) uint32 { + // Protocol version 4 bytes + num hashes (varInt) + max block locator + // hashes + hash stop. + return 4 + MaxVarIntPayload + (MaxBlockLocatorsPerMsg * chainhash.HashSize) + chainhash.HashSize +} + +// NewMsgGetBlocks returns a new bitcoin getblocks message that conforms to the +// Message interface using the passed parameters and defaults for the remaining +// fields. +func NewMsgGetBlocks(hashStop *chainhash.Hash) *MsgGetBlocks { + return &MsgGetBlocks{ + ProtocolVersion: ProtocolVersion, + BlockLocatorHashes: make([]*chainhash.Hash, 0, MaxBlockLocatorsPerMsg), + HashStop: *hashStop, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetcfcheckpt.go b/vendor/github.com/btcsuite/btcd/wire/msggetcfcheckpt.go new file mode 100644 index 0000000..c30a86c --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetcfcheckpt.go @@ -0,0 +1,64 @@ +// Copyright (c) 2018 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MsgGetCFCheckpt is a request for filter headers at evenly spaced intervals +// throughout the blockchain history. It allows to set the FilterType field to +// get headers in the chain of basic (0x00) or extended (0x01) headers. +type MsgGetCFCheckpt struct { + FilterType FilterType + StopHash chainhash.Hash +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetCFCheckpt) BtcDecode(r io.Reader, pver uint32, _ MessageEncoding) error { + err := readElement(r, &msg.FilterType) + if err != nil { + return err + } + + return readElement(r, &msg.StopHash) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetCFCheckpt) BtcEncode(w io.Writer, pver uint32, _ MessageEncoding) error { + err := writeElement(w, msg.FilterType) + if err != nil { + return err + } + + return writeElement(w, &msg.StopHash) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetCFCheckpt) Command() string { + return CmdGetCFCheckpt +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetCFCheckpt) MaxPayloadLength(pver uint32) uint32 { + // Filter type + uint32 + block hash + return 1 + chainhash.HashSize +} + +// NewMsgGetCFCheckpt returns a new bitcoin getcfcheckpt message that conforms +// to the Message interface using the passed parameters and defaults for the +// remaining fields. +func NewMsgGetCFCheckpt(filterType FilterType, stopHash *chainhash.Hash) *MsgGetCFCheckpt { + return &MsgGetCFCheckpt{ + FilterType: filterType, + StopHash: *stopHash, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetcfheaders.go b/vendor/github.com/btcsuite/btcd/wire/msggetcfheaders.go new file mode 100644 index 0000000..03a1caf --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetcfheaders.go @@ -0,0 +1,77 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MsgGetCFHeaders is a message similar to MsgGetHeaders, but for committed +// filter headers. It allows to set the FilterType field to get headers in the +// chain of basic (0x00) or extended (0x01) headers. +type MsgGetCFHeaders struct { + FilterType FilterType + StartHeight uint32 + StopHash chainhash.Hash +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetCFHeaders) BtcDecode(r io.Reader, pver uint32, _ MessageEncoding) error { + err := readElement(r, &msg.FilterType) + if err != nil { + return err + } + + err = readElement(r, &msg.StartHeight) + if err != nil { + return err + } + + return readElement(r, &msg.StopHash) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetCFHeaders) BtcEncode(w io.Writer, pver uint32, _ MessageEncoding) error { + err := writeElement(w, msg.FilterType) + if err != nil { + return err + } + + err = writeElement(w, &msg.StartHeight) + if err != nil { + return err + } + + return writeElement(w, &msg.StopHash) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetCFHeaders) Command() string { + return CmdGetCFHeaders +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetCFHeaders) MaxPayloadLength(pver uint32) uint32 { + // Filter type + uint32 + block hash + return 1 + 4 + chainhash.HashSize +} + +// NewMsgGetCFHeaders returns a new bitcoin getcfheader message that conforms to +// the Message interface using the passed parameters and defaults for the +// remaining fields. +func NewMsgGetCFHeaders(filterType FilterType, startHeight uint32, + stopHash *chainhash.Hash) *MsgGetCFHeaders { + return &MsgGetCFHeaders{ + FilterType: filterType, + StartHeight: startHeight, + StopHash: *stopHash, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetcfilters.go b/vendor/github.com/btcsuite/btcd/wire/msggetcfilters.go new file mode 100644 index 0000000..8002413 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetcfilters.go @@ -0,0 +1,81 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MaxGetCFiltersReqRange the maximum number of filters that may be requested in +// a getcfheaders message. +const MaxGetCFiltersReqRange = 1000 + +// MsgGetCFilters implements the Message interface and represents a bitcoin +// getcfilters message. It is used to request committed filters for a range of +// blocks. +type MsgGetCFilters struct { + FilterType FilterType + StartHeight uint32 + StopHash chainhash.Hash +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetCFilters) BtcDecode(r io.Reader, pver uint32, _ MessageEncoding) error { + err := readElement(r, &msg.FilterType) + if err != nil { + return err + } + + err = readElement(r, &msg.StartHeight) + if err != nil { + return err + } + + return readElement(r, &msg.StopHash) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetCFilters) BtcEncode(w io.Writer, pver uint32, _ MessageEncoding) error { + err := writeElement(w, msg.FilterType) + if err != nil { + return err + } + + err = writeElement(w, &msg.StartHeight) + if err != nil { + return err + } + + return writeElement(w, &msg.StopHash) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetCFilters) Command() string { + return CmdGetCFilters +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetCFilters) MaxPayloadLength(pver uint32) uint32 { + // Filter type + uint32 + block hash + return 1 + 4 + chainhash.HashSize +} + +// NewMsgGetCFilters returns a new bitcoin getcfilters message that conforms to +// the Message interface using the passed parameters and defaults for the +// remaining fields. +func NewMsgGetCFilters(filterType FilterType, startHeight uint32, + stopHash *chainhash.Hash) *MsgGetCFilters { + return &MsgGetCFilters{ + FilterType: filterType, + StartHeight: startHeight, + StopHash: *stopHash, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetdata.go b/vendor/github.com/btcsuite/btcd/wire/msggetdata.go new file mode 100644 index 0000000..5837fac --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetdata.go @@ -0,0 +1,133 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgGetData implements the Message interface and represents a bitcoin +// getdata message. It is used to request data such as blocks and transactions +// from another peer. It should be used in response to the inv (MsgInv) message +// to request the actual data referenced by each inventory vector the receiving +// peer doesn't already have. Each message is limited to a maximum number of +// inventory vectors, which is currently 50,000. As a result, multiple messages +// must be used to request larger amounts of data. +// +// Use the AddInvVect function to build up the list of inventory vectors when +// sending a getdata message to another peer. +type MsgGetData struct { + InvList []*InvVect +} + +// AddInvVect adds an inventory vector to the message. +func (msg *MsgGetData) AddInvVect(iv *InvVect) error { + if len(msg.InvList)+1 > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [max %v]", + MaxInvPerMsg) + return messageError("MsgGetData.AddInvVect", str) + } + + msg.InvList = append(msg.InvList, iv) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetData) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Limit to max inventory vectors per message. + if count > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [%v]", count) + return messageError("MsgGetData.BtcDecode", str) + } + + // Create a contiguous slice of inventory vectors to deserialize into in + // order to reduce the number of allocations. + invList := make([]InvVect, count) + msg.InvList = make([]*InvVect, 0, count) + for i := uint64(0); i < count; i++ { + iv := &invList[i] + err := readInvVect(r, pver, iv) + if err != nil { + return err + } + msg.AddInvVect(iv) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetData) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // Limit to max inventory vectors per message. + count := len(msg.InvList) + if count > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [%v]", count) + return messageError("MsgGetData.BtcEncode", str) + } + + err := WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, iv := range msg.InvList { + err := writeInvVect(w, pver, iv) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetData) Command() string { + return CmdGetData +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetData) MaxPayloadLength(pver uint32) uint32 { + // Num inventory vectors (varInt) + max allowed inventory vectors. + return MaxVarIntPayload + (MaxInvPerMsg * maxInvVectPayload) +} + +// NewMsgGetData returns a new bitcoin getdata message that conforms to the +// Message interface. See MsgGetData for details. +func NewMsgGetData() *MsgGetData { + return &MsgGetData{ + InvList: make([]*InvVect, 0, defaultInvListAlloc), + } +} + +// NewMsgGetDataSizeHint returns a new bitcoin getdata message that conforms to +// the Message interface. See MsgGetData for details. This function differs +// from NewMsgGetData in that it allows a default allocation size for the +// backing array which houses the inventory vector list. This allows callers +// who know in advance how large the inventory list will grow to avoid the +// overhead of growing the internal backing array several times when appending +// large amounts of inventory vectors with AddInvVect. Note that the specified +// hint is just that - a hint that is used for the default allocation size. +// Adding more (or less) inventory vectors will still work properly. The size +// hint is limited to MaxInvPerMsg. +func NewMsgGetDataSizeHint(sizeHint uint) *MsgGetData { + // Limit the specified hint to the maximum allow per message. + if sizeHint > MaxInvPerMsg { + sizeHint = MaxInvPerMsg + } + + return &MsgGetData{ + InvList: make([]*InvVect, 0, sizeHint), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msggetheaders.go b/vendor/github.com/btcsuite/btcd/wire/msggetheaders.go new file mode 100644 index 0000000..0bbe42c --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msggetheaders.go @@ -0,0 +1,136 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// MsgGetHeaders implements the Message interface and represents a bitcoin +// getheaders message. It is used to request a list of block headers for +// blocks starting after the last known hash in the slice of block locator +// hashes. The list is returned via a headers message (MsgHeaders) and is +// limited by a specific hash to stop at or the maximum number of block headers +// per message, which is currently 2000. +// +// Set the HashStop field to the hash at which to stop and use +// AddBlockLocatorHash to build up the list of block locator hashes. +// +// The algorithm for building the block locator hashes should be to add the +// hashes in reverse order until you reach the genesis block. In order to keep +// the list of locator hashes to a resonable number of entries, first add the +// most recent 10 block hashes, then double the step each loop iteration to +// exponentially decrease the number of hashes the further away from head and +// closer to the genesis block you get. +type MsgGetHeaders struct { + ProtocolVersion uint32 + BlockLocatorHashes []*chainhash.Hash + HashStop chainhash.Hash +} + +// AddBlockLocatorHash adds a new block locator hash to the message. +func (msg *MsgGetHeaders) AddBlockLocatorHash(hash *chainhash.Hash) error { + if len(msg.BlockLocatorHashes)+1 > MaxBlockLocatorsPerMsg { + str := fmt.Sprintf("too many block locator hashes for message [max %v]", + MaxBlockLocatorsPerMsg) + return messageError("MsgGetHeaders.AddBlockLocatorHash", str) + } + + msg.BlockLocatorHashes = append(msg.BlockLocatorHashes, hash) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgGetHeaders) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + err := readElement(r, &msg.ProtocolVersion) + if err != nil { + return err + } + + // Read num block locator hashes and limit to max. + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + if count > MaxBlockLocatorsPerMsg { + str := fmt.Sprintf("too many block locator hashes for message "+ + "[count %v, max %v]", count, MaxBlockLocatorsPerMsg) + return messageError("MsgGetHeaders.BtcDecode", str) + } + + // Create a contiguous slice of hashes to deserialize into in order to + // reduce the number of allocations. + locatorHashes := make([]chainhash.Hash, count) + msg.BlockLocatorHashes = make([]*chainhash.Hash, 0, count) + for i := uint64(0); i < count; i++ { + hash := &locatorHashes[i] + err := readElement(r, hash) + if err != nil { + return err + } + msg.AddBlockLocatorHash(hash) + } + + return readElement(r, &msg.HashStop) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgGetHeaders) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // Limit to max block locator hashes per message. + count := len(msg.BlockLocatorHashes) + if count > MaxBlockLocatorsPerMsg { + str := fmt.Sprintf("too many block locator hashes for message "+ + "[count %v, max %v]", count, MaxBlockLocatorsPerMsg) + return messageError("MsgGetHeaders.BtcEncode", str) + } + + err := writeElement(w, msg.ProtocolVersion) + if err != nil { + return err + } + + err = WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, hash := range msg.BlockLocatorHashes { + err := writeElement(w, hash) + if err != nil { + return err + } + } + + return writeElement(w, &msg.HashStop) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgGetHeaders) Command() string { + return CmdGetHeaders +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgGetHeaders) MaxPayloadLength(pver uint32) uint32 { + // Version 4 bytes + num block locator hashes (varInt) + max allowed block + // locators + hash stop. + return 4 + MaxVarIntPayload + (MaxBlockLocatorsPerMsg * + chainhash.HashSize) + chainhash.HashSize +} + +// NewMsgGetHeaders returns a new bitcoin getheaders message that conforms to +// the Message interface. See MsgGetHeaders for details. +func NewMsgGetHeaders() *MsgGetHeaders { + return &MsgGetHeaders{ + BlockLocatorHashes: make([]*chainhash.Hash, 0, + MaxBlockLocatorsPerMsg), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgheaders.go b/vendor/github.com/btcsuite/btcd/wire/msgheaders.go new file mode 100644 index 0000000..7d18d93 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgheaders.go @@ -0,0 +1,136 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MaxBlockHeadersPerMsg is the maximum number of block headers that can be in +// a single bitcoin headers message. +const MaxBlockHeadersPerMsg = 2000 + +// MsgHeaders implements the Message interface and represents a bitcoin headers +// message. It is used to deliver block header information in response +// to a getheaders message (MsgGetHeaders). The maximum number of block headers +// per message is currently 2000. See MsgGetHeaders for details on requesting +// the headers. +type MsgHeaders struct { + Headers []*BlockHeader +} + +// AddBlockHeader adds a new block header to the message. +func (msg *MsgHeaders) AddBlockHeader(bh *BlockHeader) error { + if len(msg.Headers)+1 > MaxBlockHeadersPerMsg { + str := fmt.Sprintf("too many block headers in message [max %v]", + MaxBlockHeadersPerMsg) + return messageError("MsgHeaders.AddBlockHeader", str) + } + + msg.Headers = append(msg.Headers, bh) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgHeaders) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Limit to max block headers per message. + if count > MaxBlockHeadersPerMsg { + str := fmt.Sprintf("too many block headers for message "+ + "[count %v, max %v]", count, MaxBlockHeadersPerMsg) + return messageError("MsgHeaders.BtcDecode", str) + } + + // Create a contiguous slice of headers to deserialize into in order to + // reduce the number of allocations. + headers := make([]BlockHeader, count) + msg.Headers = make([]*BlockHeader, 0, count) + for i := uint64(0); i < count; i++ { + bh := &headers[i] + err := readBlockHeader(r, pver, bh) + if err != nil { + return err + } + + txCount, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Ensure the transaction count is zero for headers. + if txCount > 0 { + str := fmt.Sprintf("block headers may not contain "+ + "transactions [count %v]", txCount) + return messageError("MsgHeaders.BtcDecode", str) + } + msg.AddBlockHeader(bh) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgHeaders) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // Limit to max block headers per message. + count := len(msg.Headers) + if count > MaxBlockHeadersPerMsg { + str := fmt.Sprintf("too many block headers for message "+ + "[count %v, max %v]", count, MaxBlockHeadersPerMsg) + return messageError("MsgHeaders.BtcEncode", str) + } + + err := WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, bh := range msg.Headers { + err := writeBlockHeader(w, pver, bh) + if err != nil { + return err + } + + // The wire protocol encoding always includes a 0 for the number + // of transactions on header messages. This is really just an + // artifact of the way the original implementation serializes + // block headers, but it is required. + err = WriteVarInt(w, pver, 0) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgHeaders) Command() string { + return CmdHeaders +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgHeaders) MaxPayloadLength(pver uint32) uint32 { + // Num headers (varInt) + max allowed headers (header length + 1 byte + // for the number of transactions which is always 0). + return MaxVarIntPayload + ((MaxBlockHeaderPayload + 1) * + MaxBlockHeadersPerMsg) +} + +// NewMsgHeaders returns a new bitcoin headers message that conforms to the +// Message interface. See MsgHeaders for details. +func NewMsgHeaders() *MsgHeaders { + return &MsgHeaders{ + Headers: make([]*BlockHeader, 0, MaxBlockHeadersPerMsg), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msginv.go b/vendor/github.com/btcsuite/btcd/wire/msginv.go new file mode 100644 index 0000000..5377b17 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msginv.go @@ -0,0 +1,141 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// defaultInvListAlloc is the default size used for the backing array for an +// inventory list. The array will dynamically grow as needed, but this +// figure is intended to provide enough space for the max number of inventory +// vectors in a *typical* inventory message without needing to grow the backing +// array multiple times. Technically, the list can grow to MaxInvPerMsg, but +// rather than using that large figure, this figure more accurately reflects the +// typical case. +const defaultInvListAlloc = 1000 + +// MsgInv implements the Message interface and represents a bitcoin inv message. +// It is used to advertise a peer's known data such as blocks and transactions +// through inventory vectors. It may be sent unsolicited to inform other peers +// of the data or in response to a getblocks message (MsgGetBlocks). Each +// message is limited to a maximum number of inventory vectors, which is +// currently 50,000. +// +// Use the AddInvVect function to build up the list of inventory vectors when +// sending an inv message to another peer. +type MsgInv struct { + InvList []*InvVect +} + +// AddInvVect adds an inventory vector to the message. +func (msg *MsgInv) AddInvVect(iv *InvVect) error { + if len(msg.InvList)+1 > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [max %v]", + MaxInvPerMsg) + return messageError("MsgInv.AddInvVect", str) + } + + msg.InvList = append(msg.InvList, iv) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgInv) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Limit to max inventory vectors per message. + if count > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [%v]", count) + return messageError("MsgInv.BtcDecode", str) + } + + // Create a contiguous slice of inventory vectors to deserialize into in + // order to reduce the number of allocations. + invList := make([]InvVect, count) + msg.InvList = make([]*InvVect, 0, count) + for i := uint64(0); i < count; i++ { + iv := &invList[i] + err := readInvVect(r, pver, iv) + if err != nil { + return err + } + msg.AddInvVect(iv) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgInv) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // Limit to max inventory vectors per message. + count := len(msg.InvList) + if count > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [%v]", count) + return messageError("MsgInv.BtcEncode", str) + } + + err := WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, iv := range msg.InvList { + err := writeInvVect(w, pver, iv) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgInv) Command() string { + return CmdInv +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgInv) MaxPayloadLength(pver uint32) uint32 { + // Num inventory vectors (varInt) + max allowed inventory vectors. + return MaxVarIntPayload + (MaxInvPerMsg * maxInvVectPayload) +} + +// NewMsgInv returns a new bitcoin inv message that conforms to the Message +// interface. See MsgInv for details. +func NewMsgInv() *MsgInv { + return &MsgInv{ + InvList: make([]*InvVect, 0, defaultInvListAlloc), + } +} + +// NewMsgInvSizeHint returns a new bitcoin inv message that conforms to the +// Message interface. See MsgInv for details. This function differs from +// NewMsgInv in that it allows a default allocation size for the backing array +// which houses the inventory vector list. This allows callers who know in +// advance how large the inventory list will grow to avoid the overhead of +// growing the internal backing array several times when appending large amounts +// of inventory vectors with AddInvVect. Note that the specified hint is just +// that - a hint that is used for the default allocation size. Adding more +// (or less) inventory vectors will still work properly. The size hint is +// limited to MaxInvPerMsg. +func NewMsgInvSizeHint(sizeHint uint) *MsgInv { + // Limit the specified hint to the maximum allow per message. + if sizeHint > MaxInvPerMsg { + sizeHint = MaxInvPerMsg + } + + return &MsgInv{ + InvList: make([]*InvVect, 0, sizeHint), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgmempool.go b/vendor/github.com/btcsuite/btcd/wire/msgmempool.go new file mode 100644 index 0000000..25760c5 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgmempool.go @@ -0,0 +1,60 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgMemPool implements the Message interface and represents a bitcoin mempool +// message. It is used to request a list of transactions still in the active +// memory pool of a relay. +// +// This message has no payload and was not added until protocol versions +// starting with BIP0035Version. +type MsgMemPool struct{} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgMemPool) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < BIP0035Version { + str := fmt.Sprintf("mempool message invalid for protocol "+ + "version %d", pver) + return messageError("MsgMemPool.BtcDecode", str) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgMemPool) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < BIP0035Version { + str := fmt.Sprintf("mempool message invalid for protocol "+ + "version %d", pver) + return messageError("MsgMemPool.BtcEncode", str) + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgMemPool) Command() string { + return CmdMemPool +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgMemPool) MaxPayloadLength(pver uint32) uint32 { + return 0 +} + +// NewMsgMemPool returns a new bitcoin pong message that conforms to the Message +// interface. See MsgPong for details. +func NewMsgMemPool() *MsgMemPool { + return &MsgMemPool{} +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgmerkleblock.go b/vendor/github.com/btcsuite/btcd/wire/msgmerkleblock.go new file mode 100644 index 0000000..d2ee472 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgmerkleblock.go @@ -0,0 +1,159 @@ +// Copyright (c) 2014-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// maxFlagsPerMerkleBlock is the maximum number of flag bytes that could +// possibly fit into a merkle block. Since each transaction is represented by +// a single bit, this is the max number of transactions per block divided by +// 8 bits per byte. Then an extra one to cover partials. +const maxFlagsPerMerkleBlock = maxTxPerBlock / 8 + +// MsgMerkleBlock implements the Message interface and represents a bitcoin +// merkleblock message which is used to reset a Bloom filter. +// +// This message was not added until protocol version BIP0037Version. +type MsgMerkleBlock struct { + Header BlockHeader + Transactions uint32 + Hashes []*chainhash.Hash + Flags []byte +} + +// AddTxHash adds a new transaction hash to the message. +func (msg *MsgMerkleBlock) AddTxHash(hash *chainhash.Hash) error { + if len(msg.Hashes)+1 > maxTxPerBlock { + str := fmt.Sprintf("too many tx hashes for message [max %v]", + maxTxPerBlock) + return messageError("MsgMerkleBlock.AddTxHash", str) + } + + msg.Hashes = append(msg.Hashes, hash) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgMerkleBlock) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("merkleblock message invalid for protocol "+ + "version %d", pver) + return messageError("MsgMerkleBlock.BtcDecode", str) + } + + err := readBlockHeader(r, pver, &msg.Header) + if err != nil { + return err + } + + err = readElement(r, &msg.Transactions) + if err != nil { + return err + } + + // Read num block locator hashes and limit to max. + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + if count > maxTxPerBlock { + str := fmt.Sprintf("too many transaction hashes for message "+ + "[count %v, max %v]", count, maxTxPerBlock) + return messageError("MsgMerkleBlock.BtcDecode", str) + } + + // Create a contiguous slice of hashes to deserialize into in order to + // reduce the number of allocations. + hashes := make([]chainhash.Hash, count) + msg.Hashes = make([]*chainhash.Hash, 0, count) + for i := uint64(0); i < count; i++ { + hash := &hashes[i] + err := readElement(r, hash) + if err != nil { + return err + } + msg.AddTxHash(hash) + } + + msg.Flags, err = ReadVarBytes(r, pver, maxFlagsPerMerkleBlock, + "merkle block flags size") + return err +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgMerkleBlock) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < BIP0037Version { + str := fmt.Sprintf("merkleblock message invalid for protocol "+ + "version %d", pver) + return messageError("MsgMerkleBlock.BtcEncode", str) + } + + // Read num transaction hashes and limit to max. + numHashes := len(msg.Hashes) + if numHashes > maxTxPerBlock { + str := fmt.Sprintf("too many transaction hashes for message "+ + "[count %v, max %v]", numHashes, maxTxPerBlock) + return messageError("MsgMerkleBlock.BtcDecode", str) + } + numFlagBytes := len(msg.Flags) + if numFlagBytes > maxFlagsPerMerkleBlock { + str := fmt.Sprintf("too many flag bytes for message [count %v, "+ + "max %v]", numFlagBytes, maxFlagsPerMerkleBlock) + return messageError("MsgMerkleBlock.BtcDecode", str) + } + + err := writeBlockHeader(w, pver, &msg.Header) + if err != nil { + return err + } + + err = writeElement(w, msg.Transactions) + if err != nil { + return err + } + + err = WriteVarInt(w, pver, uint64(numHashes)) + if err != nil { + return err + } + for _, hash := range msg.Hashes { + err = writeElement(w, hash) + if err != nil { + return err + } + } + + return WriteVarBytes(w, pver, msg.Flags) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgMerkleBlock) Command() string { + return CmdMerkleBlock +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgMerkleBlock) MaxPayloadLength(pver uint32) uint32 { + return MaxBlockPayload +} + +// NewMsgMerkleBlock returns a new bitcoin merkleblock message that conforms to +// the Message interface. See MsgMerkleBlock for details. +func NewMsgMerkleBlock(bh *BlockHeader) *MsgMerkleBlock { + return &MsgMerkleBlock{ + Header: *bh, + Transactions: 0, + Hashes: make([]*chainhash.Hash, 0), + Flags: make([]byte, 0), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgnotfound.go b/vendor/github.com/btcsuite/btcd/wire/msgnotfound.go new file mode 100644 index 0000000..e867681 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgnotfound.go @@ -0,0 +1,110 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgNotFound defines a bitcoin notfound message which is sent in response to +// a getdata message if any of the requested data in not available on the peer. +// Each message is limited to a maximum number of inventory vectors, which is +// currently 50,000. +// +// Use the AddInvVect function to build up the list of inventory vectors when +// sending a notfound message to another peer. +type MsgNotFound struct { + InvList []*InvVect +} + +// AddInvVect adds an inventory vector to the message. +func (msg *MsgNotFound) AddInvVect(iv *InvVect) error { + if len(msg.InvList)+1 > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [max %v]", + MaxInvPerMsg) + return messageError("MsgNotFound.AddInvVect", str) + } + + msg.InvList = append(msg.InvList, iv) + return nil +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgNotFound) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // Limit to max inventory vectors per message. + if count > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [%v]", count) + return messageError("MsgNotFound.BtcDecode", str) + } + + // Create a contiguous slice of inventory vectors to deserialize into in + // order to reduce the number of allocations. + invList := make([]InvVect, count) + msg.InvList = make([]*InvVect, 0, count) + for i := uint64(0); i < count; i++ { + iv := &invList[i] + err := readInvVect(r, pver, iv) + if err != nil { + return err + } + msg.AddInvVect(iv) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgNotFound) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // Limit to max inventory vectors per message. + count := len(msg.InvList) + if count > MaxInvPerMsg { + str := fmt.Sprintf("too many invvect in message [%v]", count) + return messageError("MsgNotFound.BtcEncode", str) + } + + err := WriteVarInt(w, pver, uint64(count)) + if err != nil { + return err + } + + for _, iv := range msg.InvList { + err := writeInvVect(w, pver, iv) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgNotFound) Command() string { + return CmdNotFound +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgNotFound) MaxPayloadLength(pver uint32) uint32 { + // Max var int 9 bytes + max InvVects at 36 bytes each. + // Num inventory vectors (varInt) + max allowed inventory vectors. + return MaxVarIntPayload + (MaxInvPerMsg * maxInvVectPayload) +} + +// NewMsgNotFound returns a new bitcoin notfound message that conforms to the +// Message interface. See MsgNotFound for details. +func NewMsgNotFound() *MsgNotFound { + return &MsgNotFound{ + InvList: make([]*InvVect, 0, defaultInvListAlloc), + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgping.go b/vendor/github.com/btcsuite/btcd/wire/msgping.go new file mode 100644 index 0000000..b2f346e --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgping.go @@ -0,0 +1,87 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "io" +) + +// MsgPing implements the Message interface and represents a bitcoin ping +// message. +// +// For versions BIP0031Version and earlier, it is used primarily to confirm +// that a connection is still valid. A transmission error is typically +// interpreted as a closed connection and that the peer should be removed. +// For versions AFTER BIP0031Version it contains an identifier which can be +// returned in the pong message to determine network timing. +// +// The payload for this message just consists of a nonce used for identifying +// it later. +type MsgPing struct { + // Unique value associated with message that is used to identify + // specific ping message. + Nonce uint64 +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgPing) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + // There was no nonce for BIP0031Version and earlier. + // NOTE: > is not a mistake here. The BIP0031 was defined as AFTER + // the version unlike most others. + if pver > BIP0031Version { + err := readElement(r, &msg.Nonce) + if err != nil { + return err + } + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgPing) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // There was no nonce for BIP0031Version and earlier. + // NOTE: > is not a mistake here. The BIP0031 was defined as AFTER + // the version unlike most others. + if pver > BIP0031Version { + err := writeElement(w, msg.Nonce) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgPing) Command() string { + return CmdPing +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgPing) MaxPayloadLength(pver uint32) uint32 { + plen := uint32(0) + // There was no nonce for BIP0031Version and earlier. + // NOTE: > is not a mistake here. The BIP0031 was defined as AFTER + // the version unlike most others. + if pver > BIP0031Version { + // Nonce 8 bytes. + plen += 8 + } + + return plen +} + +// NewMsgPing returns a new bitcoin ping message that conforms to the Message +// interface. See MsgPing for details. +func NewMsgPing(nonce uint64) *MsgPing { + return &MsgPing{ + Nonce: nonce, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgpong.go b/vendor/github.com/btcsuite/btcd/wire/msgpong.go new file mode 100644 index 0000000..eec80d8 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgpong.go @@ -0,0 +1,78 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgPong implements the Message interface and represents a bitcoin pong +// message which is used primarily to confirm that a connection is still valid +// in response to a bitcoin ping message (MsgPing). +// +// This message was not added until protocol versions AFTER BIP0031Version. +type MsgPong struct { + // Unique value associated with message that is used to identify + // specific ping message. + Nonce uint64 +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgPong) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + // NOTE: <= is not a mistake here. The BIP0031 was defined as AFTER + // the version unlike most others. + if pver <= BIP0031Version { + str := fmt.Sprintf("pong message invalid for protocol "+ + "version %d", pver) + return messageError("MsgPong.BtcDecode", str) + } + + return readElement(r, &msg.Nonce) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgPong) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + // NOTE: <= is not a mistake here. The BIP0031 was defined as AFTER + // the version unlike most others. + if pver <= BIP0031Version { + str := fmt.Sprintf("pong message invalid for protocol "+ + "version %d", pver) + return messageError("MsgPong.BtcEncode", str) + } + + return writeElement(w, msg.Nonce) +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgPong) Command() string { + return CmdPong +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgPong) MaxPayloadLength(pver uint32) uint32 { + plen := uint32(0) + // The pong message did not exist for BIP0031Version and earlier. + // NOTE: > is not a mistake here. The BIP0031 was defined as AFTER + // the version unlike most others. + if pver > BIP0031Version { + // Nonce 8 bytes. + plen += 8 + } + + return plen +} + +// NewMsgPong returns a new bitcoin pong message that conforms to the Message +// interface. See MsgPong for details. +func NewMsgPong(nonce uint64) *MsgPong { + return &MsgPong{ + Nonce: nonce, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgreject.go b/vendor/github.com/btcsuite/btcd/wire/msgreject.go new file mode 100644 index 0000000..a00eeff --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgreject.go @@ -0,0 +1,186 @@ +// Copyright (c) 2014-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// RejectCode represents a numeric value by which a remote peer indicates +// why a message was rejected. +type RejectCode uint8 + +// These constants define the various supported reject codes. +const ( + RejectMalformed RejectCode = 0x01 + RejectInvalid RejectCode = 0x10 + RejectObsolete RejectCode = 0x11 + RejectDuplicate RejectCode = 0x12 + RejectNonstandard RejectCode = 0x40 + RejectDust RejectCode = 0x41 + RejectInsufficientFee RejectCode = 0x42 + RejectCheckpoint RejectCode = 0x43 +) + +// Map of reject codes back strings for pretty printing. +var rejectCodeStrings = map[RejectCode]string{ + RejectMalformed: "REJECT_MALFORMED", + RejectInvalid: "REJECT_INVALID", + RejectObsolete: "REJECT_OBSOLETE", + RejectDuplicate: "REJECT_DUPLICATE", + RejectNonstandard: "REJECT_NONSTANDARD", + RejectDust: "REJECT_DUST", + RejectInsufficientFee: "REJECT_INSUFFICIENTFEE", + RejectCheckpoint: "REJECT_CHECKPOINT", +} + +// String returns the RejectCode in human-readable form. +func (code RejectCode) String() string { + if s, ok := rejectCodeStrings[code]; ok { + return s + } + + return fmt.Sprintf("Unknown RejectCode (%d)", uint8(code)) +} + +// MsgReject implements the Message interface and represents a bitcoin reject +// message. +// +// This message was not added until protocol version RejectVersion. +type MsgReject struct { + // Cmd is the command for the message which was rejected such as + // as CmdBlock or CmdTx. This can be obtained from the Command function + // of a Message. + Cmd string + + // RejectCode is a code indicating why the command was rejected. It + // is encoded as a uint8 on the wire. + Code RejectCode + + // Reason is a human-readable string with specific details (over and + // above the reject code) about why the command was rejected. + Reason string + + // Hash identifies a specific block or transaction that was rejected + // and therefore only applies the MsgBlock and MsgTx messages. + Hash chainhash.Hash +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgReject) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < RejectVersion { + str := fmt.Sprintf("reject message invalid for protocol "+ + "version %d", pver) + return messageError("MsgReject.BtcDecode", str) + } + + // Command that was rejected. + cmd, err := ReadVarString(r, pver) + if err != nil { + return err + } + msg.Cmd = cmd + + // Code indicating why the command was rejected. + err = readElement(r, &msg.Code) + if err != nil { + return err + } + + // Human readable string with specific details (over and above the + // reject code above) about why the command was rejected. + reason, err := ReadVarString(r, pver) + if err != nil { + return err + } + msg.Reason = reason + + // CmdBlock and CmdTx messages have an additional hash field that + // identifies the specific block or transaction. + if msg.Cmd == CmdBlock || msg.Cmd == CmdTx { + err := readElement(r, &msg.Hash) + if err != nil { + return err + } + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgReject) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < RejectVersion { + str := fmt.Sprintf("reject message invalid for protocol "+ + "version %d", pver) + return messageError("MsgReject.BtcEncode", str) + } + + // Command that was rejected. + err := WriteVarString(w, pver, msg.Cmd) + if err != nil { + return err + } + + // Code indicating why the command was rejected. + err = writeElement(w, msg.Code) + if err != nil { + return err + } + + // Human readable string with specific details (over and above the + // reject code above) about why the command was rejected. + err = WriteVarString(w, pver, msg.Reason) + if err != nil { + return err + } + + // CmdBlock and CmdTx messages have an additional hash field that + // identifies the specific block or transaction. + if msg.Cmd == CmdBlock || msg.Cmd == CmdTx { + err := writeElement(w, &msg.Hash) + if err != nil { + return err + } + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgReject) Command() string { + return CmdReject +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgReject) MaxPayloadLength(pver uint32) uint32 { + plen := uint32(0) + // The reject message did not exist before protocol version + // RejectVersion. + if pver >= RejectVersion { + // Unfortunately the bitcoin protocol does not enforce a sane + // limit on the length of the reason, so the max payload is the + // overall maximum message payload. + plen = MaxMessagePayload + } + + return plen +} + +// NewMsgReject returns a new bitcoin reject message that conforms to the +// Message interface. See MsgReject for details. +func NewMsgReject(command string, code RejectCode, reason string) *MsgReject { + return &MsgReject{ + Cmd: command, + Code: code, + Reason: reason, + } +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgsendheaders.go b/vendor/github.com/btcsuite/btcd/wire/msgsendheaders.go new file mode 100644 index 0000000..1950535 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgsendheaders.go @@ -0,0 +1,60 @@ +// Copyright (c) 2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "io" +) + +// MsgSendHeaders implements the Message interface and represents a bitcoin +// sendheaders message. It is used to request the peer send block headers +// rather than inventory vectors. +// +// This message has no payload and was not added until protocol versions +// starting with SendHeadersVersion. +type MsgSendHeaders struct{} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgSendHeaders) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + if pver < SendHeadersVersion { + str := fmt.Sprintf("sendheaders message invalid for protocol "+ + "version %d", pver) + return messageError("MsgSendHeaders.BtcDecode", str) + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgSendHeaders) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + if pver < SendHeadersVersion { + str := fmt.Sprintf("sendheaders message invalid for protocol "+ + "version %d", pver) + return messageError("MsgSendHeaders.BtcEncode", str) + } + + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgSendHeaders) Command() string { + return CmdSendHeaders +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgSendHeaders) MaxPayloadLength(pver uint32) uint32 { + return 0 +} + +// NewMsgSendHeaders returns a new bitcoin sendheaders message that conforms to +// the Message interface. See MsgSendHeaders for details. +func NewMsgSendHeaders() *MsgSendHeaders { + return &MsgSendHeaders{} +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgtx.go b/vendor/github.com/btcsuite/btcd/wire/msgtx.go new file mode 100644 index 0000000..4f10ef9 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgtx.go @@ -0,0 +1,1027 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "bytes" + "fmt" + "io" + "strconv" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +const ( + // TxVersion is the current latest supported transaction version. + TxVersion = 1 + + // MaxTxInSequenceNum is the maximum sequence number the sequence field + // of a transaction input can be. + MaxTxInSequenceNum uint32 = 0xffffffff + + // MaxPrevOutIndex is the maximum index the index field of a previous + // outpoint can be. + MaxPrevOutIndex uint32 = 0xffffffff + + // SequenceLockTimeDisabled is a flag that if set on a transaction + // input's sequence number, the sequence number will not be interpreted + // as a relative locktime. + SequenceLockTimeDisabled = 1 << 31 + + // SequenceLockTimeIsSeconds is a flag that if set on a transaction + // input's sequence number, the relative locktime has units of 512 + // seconds. + SequenceLockTimeIsSeconds = 1 << 22 + + // SequenceLockTimeMask is a mask that extracts the relative locktime + // when masked against the transaction input sequence number. + SequenceLockTimeMask = 0x0000ffff + + // SequenceLockTimeGranularity is the defined time based granularity + // for seconds-based relative time locks. When converting from seconds + // to a sequence number, the value is right shifted by this amount, + // therefore the granularity of relative time locks in 512 or 2^9 + // seconds. Enforced relative lock times are multiples of 512 seconds. + SequenceLockTimeGranularity = 9 + + // defaultTxInOutAlloc is the default size used for the backing array for + // transaction inputs and outputs. The array will dynamically grow as needed, + // but this figure is intended to provide enough space for the number of + // inputs and outputs in a typical transaction without needing to grow the + // backing array multiple times. + defaultTxInOutAlloc = 15 + + // minTxInPayload is the minimum payload size for a transaction input. + // PreviousOutPoint.Hash + PreviousOutPoint.Index 4 bytes + Varint for + // SignatureScript length 1 byte + Sequence 4 bytes. + minTxInPayload = 9 + chainhash.HashSize + + // maxTxInPerMessage is the maximum number of transactions inputs that + // a transaction which fits into a message could possibly have. + maxTxInPerMessage = (MaxMessagePayload / minTxInPayload) + 1 + + // MinTxOutPayload is the minimum payload size for a transaction output. + // Value 8 bytes + Varint for PkScript length 1 byte. + MinTxOutPayload = 9 + + // maxTxOutPerMessage is the maximum number of transactions outputs that + // a transaction which fits into a message could possibly have. + maxTxOutPerMessage = (MaxMessagePayload / MinTxOutPayload) + 1 + + // minTxPayload is the minimum payload size for a transaction. Note + // that any realistically usable transaction must have at least one + // input or output, but that is a rule enforced at a higher layer, so + // it is intentionally not included here. + // Version 4 bytes + Varint number of transaction inputs 1 byte + Varint + // number of transaction outputs 1 byte + LockTime 4 bytes + min input + // payload + min output payload. + minTxPayload = 10 + + // freeListMaxScriptSize is the size of each buffer in the free list + // that is used for deserializing scripts from the wire before they are + // concatenated into a single contiguous buffers. This value was chosen + // because it is slightly more than twice the size of the vast majority + // of all "standard" scripts. Larger scripts are still deserialized + // properly as the free list will simply be bypassed for them. + freeListMaxScriptSize = 512 + + // freeListMaxItems is the number of buffers to keep in the free list + // to use for script deserialization. This value allows up to 100 + // scripts per transaction being simultaneously deserialized by 125 + // peers. Thus, the peak usage of the free list is 12,500 * 512 = + // 6,400,000 bytes. + freeListMaxItems = 12500 + + // maxWitnessItemsPerInput is the maximum number of witness items to + // be read for the witness data for a single TxIn. This number is + // derived using a possble lower bound for the encoding of a witness + // item: 1 byte for length + 1 byte for the witness item itself, or two + // bytes. This value is then divided by the currently allowed maximum + // "cost" for a transaction. + maxWitnessItemsPerInput = 500000 + + // maxWitnessItemSize is the maximum allowed size for an item within + // an input's witness data. This number is derived from the fact that + // for script validation, each pushed item onto the stack must be less + // than 10k bytes. + maxWitnessItemSize = 11000 +) + +// witnessMarkerBytes are a pair of bytes specific to the witness encoding. If +// this sequence is encoutered, then it indicates a transaction has iwtness +// data. The first byte is an always 0x00 marker byte, which allows decoders to +// distinguish a serialized transaction with witnesses from a regular (legacy) +// one. The second byte is the Flag field, which at the moment is always 0x01, +// but may be extended in the future to accommodate auxiliary non-committed +// fields. +var witessMarkerBytes = []byte{0x00, 0x01} + +// scriptFreeList defines a free list of byte slices (up to the maximum number +// defined by the freeListMaxItems constant) that have a cap according to the +// freeListMaxScriptSize constant. It is used to provide temporary buffers for +// deserializing scripts in order to greatly reduce the number of allocations +// required. +// +// The caller can obtain a buffer from the free list by calling the Borrow +// function and should return it via the Return function when done using it. +type scriptFreeList chan []byte + +// Borrow returns a byte slice from the free list with a length according the +// provided size. A new buffer is allocated if there are any items available. +// +// When the size is larger than the max size allowed for items on the free list +// a new buffer of the appropriate size is allocated and returned. It is safe +// to attempt to return said buffer via the Return function as it will be +// ignored and allowed to go the garbage collector. +func (c scriptFreeList) Borrow(size uint64) []byte { + if size > freeListMaxScriptSize { + return make([]byte, size) + } + + var buf []byte + select { + case buf = <-c: + default: + buf = make([]byte, freeListMaxScriptSize) + } + return buf[:size] +} + +// Return puts the provided byte slice back on the free list when it has a cap +// of the expected length. The buffer is expected to have been obtained via +// the Borrow function. Any slices that are not of the appropriate size, such +// as those whose size is greater than the largest allowed free list item size +// are simply ignored so they can go to the garbage collector. +func (c scriptFreeList) Return(buf []byte) { + // Ignore any buffers returned that aren't the expected size for the + // free list. + if cap(buf) != freeListMaxScriptSize { + return + } + + // Return the buffer to the free list when it's not full. Otherwise let + // it be garbage collected. + select { + case c <- buf: + default: + // Let it go to the garbage collector. + } +} + +// Create the concurrent safe free list to use for script deserialization. As +// previously described, this free list is maintained to significantly reduce +// the number of allocations. +var scriptPool scriptFreeList = make(chan []byte, freeListMaxItems) + +// OutPoint defines a bitcoin data type that is used to track previous +// transaction outputs. +type OutPoint struct { + Hash chainhash.Hash + Index uint32 +} + +// NewOutPoint returns a new bitcoin transaction outpoint point with the +// provided hash and index. +func NewOutPoint(hash *chainhash.Hash, index uint32) *OutPoint { + return &OutPoint{ + Hash: *hash, + Index: index, + } +} + +// String returns the OutPoint in the human-readable form "hash:index". +func (o OutPoint) String() string { + // Allocate enough for hash string, colon, and 10 digits. Although + // at the time of writing, the number of digits can be no greater than + // the length of the decimal representation of maxTxOutPerMessage, the + // maximum message payload may increase in the future and this + // optimization may go unnoticed, so allocate space for 10 decimal + // digits, which will fit any uint32. + buf := make([]byte, 2*chainhash.HashSize+1, 2*chainhash.HashSize+1+10) + copy(buf, o.Hash.String()) + buf[2*chainhash.HashSize] = ':' + buf = strconv.AppendUint(buf, uint64(o.Index), 10) + return string(buf) +} + +// TxIn defines a bitcoin transaction input. +type TxIn struct { + PreviousOutPoint OutPoint + SignatureScript []byte + Witness TxWitness + Sequence uint32 +} + +// SerializeSize returns the number of bytes it would take to serialize the +// the transaction input. +func (t *TxIn) SerializeSize() int { + // Outpoint Hash 32 bytes + Outpoint Index 4 bytes + Sequence 4 bytes + + // serialized varint size for the length of SignatureScript + + // SignatureScript bytes. + return 40 + VarIntSerializeSize(uint64(len(t.SignatureScript))) + + len(t.SignatureScript) +} + +// NewTxIn returns a new bitcoin transaction input with the provided +// previous outpoint point and signature script with a default sequence of +// MaxTxInSequenceNum. +func NewTxIn(prevOut *OutPoint, signatureScript []byte, witness [][]byte) *TxIn { + return &TxIn{ + PreviousOutPoint: *prevOut, + SignatureScript: signatureScript, + Witness: witness, + Sequence: MaxTxInSequenceNum, + } +} + +// TxWitness defines the witness for a TxIn. A witness is to be interpreted as +// a slice of byte slices, or a stack with one or many elements. +type TxWitness [][]byte + +// SerializeSize returns the number of bytes it would take to serialize the the +// transaction input's witness. +func (t TxWitness) SerializeSize() int { + // A varint to signal the number of elements the witness has. + n := VarIntSerializeSize(uint64(len(t))) + + // For each element in the witness, we'll need a varint to signal the + // size of the element, then finally the number of bytes the element + // itself comprises. + for _, witItem := range t { + n += VarIntSerializeSize(uint64(len(witItem))) + n += len(witItem) + } + + return n +} + +// TxOut defines a bitcoin transaction output. +type TxOut struct { + Value int64 + PkScript []byte +} + +// SerializeSize returns the number of bytes it would take to serialize the +// the transaction output. +func (t *TxOut) SerializeSize() int { + // Value 8 bytes + serialized varint size for the length of PkScript + + // PkScript bytes. + return 8 + VarIntSerializeSize(uint64(len(t.PkScript))) + len(t.PkScript) +} + +// NewTxOut returns a new bitcoin transaction output with the provided +// transaction value and public key script. +func NewTxOut(value int64, pkScript []byte) *TxOut { + return &TxOut{ + Value: value, + PkScript: pkScript, + } +} + +// MsgTx implements the Message interface and represents a bitcoin tx message. +// It is used to deliver transaction information in response to a getdata +// message (MsgGetData) for a given transaction. +// +// Use the AddTxIn and AddTxOut functions to build up the list of transaction +// inputs and outputs. +type MsgTx struct { + Version int32 + TxIn []*TxIn + TxOut []*TxOut + LockTime uint32 +} + +// AddTxIn adds a transaction input to the message. +func (msg *MsgTx) AddTxIn(ti *TxIn) { + msg.TxIn = append(msg.TxIn, ti) +} + +// AddTxOut adds a transaction output to the message. +func (msg *MsgTx) AddTxOut(to *TxOut) { + msg.TxOut = append(msg.TxOut, to) +} + +// TxHash generates the Hash for the transaction. +func (msg *MsgTx) TxHash() chainhash.Hash { + // Encode the transaction and calculate double sha256 on the result. + // Ignore the error returns since the only way the encode could fail + // is being out of memory or due to nil pointers, both of which would + // cause a run-time panic. + buf := bytes.NewBuffer(make([]byte, 0, msg.SerializeSizeStripped())) + _ = msg.SerializeNoWitness(buf) + return chainhash.DoubleHashH(buf.Bytes()) +} + +// WitnessHash generates the hash of the transaction serialized according to +// the new witness serialization defined in BIP0141 and BIP0144. The final +// output is used within the Segregated Witness commitment of all the witnesses +// within a block. If a transaction has no witness data, then the witness hash, +// is the same as its txid. +func (msg *MsgTx) WitnessHash() chainhash.Hash { + if msg.HasWitness() { + buf := bytes.NewBuffer(make([]byte, 0, msg.SerializeSize())) + _ = msg.Serialize(buf) + return chainhash.DoubleHashH(buf.Bytes()) + } + + return msg.TxHash() +} + +// Copy creates a deep copy of a transaction so that the original does not get +// modified when the copy is manipulated. +func (msg *MsgTx) Copy() *MsgTx { + // Create new tx and start by copying primitive values and making space + // for the transaction inputs and outputs. + newTx := MsgTx{ + Version: msg.Version, + TxIn: make([]*TxIn, 0, len(msg.TxIn)), + TxOut: make([]*TxOut, 0, len(msg.TxOut)), + LockTime: msg.LockTime, + } + + // Deep copy the old TxIn data. + for _, oldTxIn := range msg.TxIn { + // Deep copy the old previous outpoint. + oldOutPoint := oldTxIn.PreviousOutPoint + newOutPoint := OutPoint{} + newOutPoint.Hash.SetBytes(oldOutPoint.Hash[:]) + newOutPoint.Index = oldOutPoint.Index + + // Deep copy the old signature script. + var newScript []byte + oldScript := oldTxIn.SignatureScript + oldScriptLen := len(oldScript) + if oldScriptLen > 0 { + newScript = make([]byte, oldScriptLen) + copy(newScript, oldScript[:oldScriptLen]) + } + + // Create new txIn with the deep copied data. + newTxIn := TxIn{ + PreviousOutPoint: newOutPoint, + SignatureScript: newScript, + Sequence: oldTxIn.Sequence, + } + + // If the transaction is witnessy, then also copy the + // witnesses. + if len(oldTxIn.Witness) != 0 { + // Deep copy the old witness data. + newTxIn.Witness = make([][]byte, len(oldTxIn.Witness)) + for i, oldItem := range oldTxIn.Witness { + newItem := make([]byte, len(oldItem)) + copy(newItem, oldItem) + newTxIn.Witness[i] = newItem + } + } + + // Finally, append this fully copied txin. + newTx.TxIn = append(newTx.TxIn, &newTxIn) + } + + // Deep copy the old TxOut data. + for _, oldTxOut := range msg.TxOut { + // Deep copy the old PkScript + var newScript []byte + oldScript := oldTxOut.PkScript + oldScriptLen := len(oldScript) + if oldScriptLen > 0 { + newScript = make([]byte, oldScriptLen) + copy(newScript, oldScript[:oldScriptLen]) + } + + // Create new txOut with the deep copied data and append it to + // new Tx. + newTxOut := TxOut{ + Value: oldTxOut.Value, + PkScript: newScript, + } + newTx.TxOut = append(newTx.TxOut, &newTxOut) + } + + return &newTx +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +// See Deserialize for decoding transactions stored to disk, such as in a +// database, as opposed to decoding transactions from the wire. +func (msg *MsgTx) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + version, err := binarySerializer.Uint32(r, littleEndian) + if err != nil { + return err + } + msg.Version = int32(version) + + count, err := ReadVarInt(r, pver) + if err != nil { + return err + } + + // A count of zero (meaning no TxIn's to the uninitiated) indicates + // this is a transaction with witness data. + var flag [1]byte + if count == 0 && enc == WitnessEncoding { + // Next, we need to read the flag, which is a single byte. + if _, err = io.ReadFull(r, flag[:]); err != nil { + return err + } + + // At the moment, the flag MUST be 0x01. In the future other + // flag types may be supported. + if flag[0] != 0x01 { + str := fmt.Sprintf("witness tx but flag byte is %x", flag) + return messageError("MsgTx.BtcDecode", str) + } + + // With the Segregated Witness specific fields decoded, we can + // now read in the actual txin count. + count, err = ReadVarInt(r, pver) + if err != nil { + return err + } + } + + // Prevent more input transactions than could possibly fit into a + // message. It would be possible to cause memory exhaustion and panics + // without a sane upper bound on this count. + if count > uint64(maxTxInPerMessage) { + str := fmt.Sprintf("too many input transactions to fit into "+ + "max message size [count %d, max %d]", count, + maxTxInPerMessage) + return messageError("MsgTx.BtcDecode", str) + } + + // returnScriptBuffers is a closure that returns any script buffers that + // were borrowed from the pool when there are any deserialization + // errors. This is only valid to call before the final step which + // replaces the scripts with the location in a contiguous buffer and + // returns them. + returnScriptBuffers := func() { + for _, txIn := range msg.TxIn { + if txIn == nil { + continue + } + + if txIn.SignatureScript != nil { + scriptPool.Return(txIn.SignatureScript) + } + + for _, witnessElem := range txIn.Witness { + if witnessElem != nil { + scriptPool.Return(witnessElem) + } + } + } + for _, txOut := range msg.TxOut { + if txOut == nil || txOut.PkScript == nil { + continue + } + scriptPool.Return(txOut.PkScript) + } + } + + // Deserialize the inputs. + var totalScriptSize uint64 + txIns := make([]TxIn, count) + msg.TxIn = make([]*TxIn, count) + for i := uint64(0); i < count; i++ { + // The pointer is set now in case a script buffer is borrowed + // and needs to be returned to the pool on error. + ti := &txIns[i] + msg.TxIn[i] = ti + err = readTxIn(r, pver, msg.Version, ti) + if err != nil { + returnScriptBuffers() + return err + } + totalScriptSize += uint64(len(ti.SignatureScript)) + } + + count, err = ReadVarInt(r, pver) + if err != nil { + returnScriptBuffers() + return err + } + + // Prevent more output transactions than could possibly fit into a + // message. It would be possible to cause memory exhaustion and panics + // without a sane upper bound on this count. + if count > uint64(maxTxOutPerMessage) { + returnScriptBuffers() + str := fmt.Sprintf("too many output transactions to fit into "+ + "max message size [count %d, max %d]", count, + maxTxOutPerMessage) + return messageError("MsgTx.BtcDecode", str) + } + + // Deserialize the outputs. + txOuts := make([]TxOut, count) + msg.TxOut = make([]*TxOut, count) + for i := uint64(0); i < count; i++ { + // The pointer is set now in case a script buffer is borrowed + // and needs to be returned to the pool on error. + to := &txOuts[i] + msg.TxOut[i] = to + err = readTxOut(r, pver, msg.Version, to) + if err != nil { + returnScriptBuffers() + return err + } + totalScriptSize += uint64(len(to.PkScript)) + } + + // If the transaction's flag byte isn't 0x00 at this point, then one or + // more of its inputs has accompanying witness data. + if flag[0] != 0 && enc == WitnessEncoding { + for _, txin := range msg.TxIn { + // For each input, the witness is encoded as a stack + // with one or more items. Therefore, we first read a + // varint which encodes the number of stack items. + witCount, err := ReadVarInt(r, pver) + if err != nil { + returnScriptBuffers() + return err + } + + // Prevent a possible memory exhaustion attack by + // limiting the witCount value to a sane upper bound. + if witCount > maxWitnessItemsPerInput { + returnScriptBuffers() + str := fmt.Sprintf("too many witness items to fit "+ + "into max message size [count %d, max %d]", + witCount, maxWitnessItemsPerInput) + return messageError("MsgTx.BtcDecode", str) + } + + // Then for witCount number of stack items, each item + // has a varint length prefix, followed by the witness + // item itself. + txin.Witness = make([][]byte, witCount) + for j := uint64(0); j < witCount; j++ { + txin.Witness[j], err = readScript(r, pver, + maxWitnessItemSize, "script witness item") + if err != nil { + returnScriptBuffers() + return err + } + totalScriptSize += uint64(len(txin.Witness[j])) + } + } + } + + msg.LockTime, err = binarySerializer.Uint32(r, littleEndian) + if err != nil { + returnScriptBuffers() + return err + } + + // Create a single allocation to house all of the scripts and set each + // input signature script and output public key script to the + // appropriate subslice of the overall contiguous buffer. Then, return + // each individual script buffer back to the pool so they can be reused + // for future deserializations. This is done because it significantly + // reduces the number of allocations the garbage collector needs to + // track, which in turn improves performance and drastically reduces the + // amount of runtime overhead that would otherwise be needed to keep + // track of millions of small allocations. + // + // NOTE: It is no longer valid to call the returnScriptBuffers closure + // after these blocks of code run because it is already done and the + // scripts in the transaction inputs and outputs no longer point to the + // buffers. + var offset uint64 + scripts := make([]byte, totalScriptSize) + for i := 0; i < len(msg.TxIn); i++ { + // Copy the signature script into the contiguous buffer at the + // appropriate offset. + signatureScript := msg.TxIn[i].SignatureScript + copy(scripts[offset:], signatureScript) + + // Reset the signature script of the transaction input to the + // slice of the contiguous buffer where the script lives. + scriptSize := uint64(len(signatureScript)) + end := offset + scriptSize + msg.TxIn[i].SignatureScript = scripts[offset:end:end] + offset += scriptSize + + // Return the temporary script buffer to the pool. + scriptPool.Return(signatureScript) + + for j := 0; j < len(msg.TxIn[i].Witness); j++ { + // Copy each item within the witness stack for this + // input into the contiguous buffer at the appropriate + // offset. + witnessElem := msg.TxIn[i].Witness[j] + copy(scripts[offset:], witnessElem) + + // Reset the witness item within the stack to the slice + // of the contiguous buffer where the witness lives. + witnessElemSize := uint64(len(witnessElem)) + end := offset + witnessElemSize + msg.TxIn[i].Witness[j] = scripts[offset:end:end] + offset += witnessElemSize + + // Return the temporary buffer used for the witness stack + // item to the pool. + scriptPool.Return(witnessElem) + } + } + for i := 0; i < len(msg.TxOut); i++ { + // Copy the public key script into the contiguous buffer at the + // appropriate offset. + pkScript := msg.TxOut[i].PkScript + copy(scripts[offset:], pkScript) + + // Reset the public key script of the transaction output to the + // slice of the contiguous buffer where the script lives. + scriptSize := uint64(len(pkScript)) + end := offset + scriptSize + msg.TxOut[i].PkScript = scripts[offset:end:end] + offset += scriptSize + + // Return the temporary script buffer to the pool. + scriptPool.Return(pkScript) + } + + return nil +} + +// Deserialize decodes a transaction from r into the receiver using a format +// that is suitable for long-term storage such as a database while respecting +// the Version field in the transaction. This function differs from BtcDecode +// in that BtcDecode decodes from the bitcoin wire protocol as it was sent +// across the network. The wire encoding can technically differ depending on +// the protocol version and doesn't even really need to match the format of a +// stored transaction at all. As of the time this comment was written, the +// encoded transaction is the same in both instances, but there is a distinct +// difference and separating the two allows the API to be flexible enough to +// deal with changes. +func (msg *MsgTx) Deserialize(r io.Reader) error { + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of BtcDecode. + return msg.BtcDecode(r, 0, WitnessEncoding) +} + +// DeserializeNoWitness decodes a transaction from r into the receiver, where +// the transaction encoding format within r MUST NOT utilize the new +// serialization format created to encode transaction bearing witness data +// within inputs. +func (msg *MsgTx) DeserializeNoWitness(r io.Reader) error { + return msg.BtcDecode(r, 0, BaseEncoding) +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +// See Serialize for encoding transactions to be stored to disk, such as in a +// database, as opposed to encoding transactions for the wire. +func (msg *MsgTx) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + err := binarySerializer.PutUint32(w, littleEndian, uint32(msg.Version)) + if err != nil { + return err + } + + // If the encoding version is set to WitnessEncoding, and the Flags + // field for the MsgTx aren't 0x00, then this indicates the transaction + // is to be encoded using the new witness inclusionary structure + // defined in BIP0144. + doWitness := enc == WitnessEncoding && msg.HasWitness() + if doWitness { + // After the txn's Version field, we include two additional + // bytes specific to the witness encoding. The first byte is an + // always 0x00 marker byte, which allows decoders to + // distinguish a serialized transaction with witnesses from a + // regular (legacy) one. The second byte is the Flag field, + // which at the moment is always 0x01, but may be extended in + // the future to accommodate auxiliary non-committed fields. + if _, err := w.Write(witessMarkerBytes); err != nil { + return err + } + } + + count := uint64(len(msg.TxIn)) + err = WriteVarInt(w, pver, count) + if err != nil { + return err + } + + for _, ti := range msg.TxIn { + err = writeTxIn(w, pver, msg.Version, ti) + if err != nil { + return err + } + } + + count = uint64(len(msg.TxOut)) + err = WriteVarInt(w, pver, count) + if err != nil { + return err + } + + for _, to := range msg.TxOut { + err = WriteTxOut(w, pver, msg.Version, to) + if err != nil { + return err + } + } + + // If this transaction is a witness transaction, and the witness + // encoded is desired, then encode the witness for each of the inputs + // within the transaction. + if doWitness { + for _, ti := range msg.TxIn { + err = writeTxWitness(w, pver, msg.Version, ti.Witness) + if err != nil { + return err + } + } + } + + return binarySerializer.PutUint32(w, littleEndian, msg.LockTime) +} + +// HasWitness returns false if none of the inputs within the transaction +// contain witness data, true false otherwise. +func (msg *MsgTx) HasWitness() bool { + for _, txIn := range msg.TxIn { + if len(txIn.Witness) != 0 { + return true + } + } + + return false +} + +// Serialize encodes the transaction to w using a format that suitable for +// long-term storage such as a database while respecting the Version field in +// the transaction. This function differs from BtcEncode in that BtcEncode +// encodes the transaction to the bitcoin wire protocol in order to be sent +// across the network. The wire encoding can technically differ depending on +// the protocol version and doesn't even really need to match the format of a +// stored transaction at all. As of the time this comment was written, the +// encoded transaction is the same in both instances, but there is a distinct +// difference and separating the two allows the API to be flexible enough to +// deal with changes. +func (msg *MsgTx) Serialize(w io.Writer) error { + // At the current time, there is no difference between the wire encoding + // at protocol version 0 and the stable long-term storage format. As + // a result, make use of BtcEncode. + // + // Passing a encoding type of WitnessEncoding to BtcEncode for MsgTx + // indicates that the transaction's witnesses (if any) should be + // serialized according to the new serialization structure defined in + // BIP0144. + return msg.BtcEncode(w, 0, WitnessEncoding) +} + +// SerializeNoWitness encodes the transaction to w in an identical manner to +// Serialize, however even if the source transaction has inputs with witness +// data, the old serialization format will still be used. +func (msg *MsgTx) SerializeNoWitness(w io.Writer) error { + return msg.BtcEncode(w, 0, BaseEncoding) +} + +// baseSize returns the serialized size of the transaction without accounting +// for any witness data. +func (msg *MsgTx) baseSize() int { + // Version 4 bytes + LockTime 4 bytes + Serialized varint size for the + // number of transaction inputs and outputs. + n := 8 + VarIntSerializeSize(uint64(len(msg.TxIn))) + + VarIntSerializeSize(uint64(len(msg.TxOut))) + + for _, txIn := range msg.TxIn { + n += txIn.SerializeSize() + } + + for _, txOut := range msg.TxOut { + n += txOut.SerializeSize() + } + + return n +} + +// SerializeSize returns the number of bytes it would take to serialize the +// the transaction. +func (msg *MsgTx) SerializeSize() int { + n := msg.baseSize() + + if msg.HasWitness() { + // The marker, and flag fields take up two additional bytes. + n += 2 + + // Additionally, factor in the serialized size of each of the + // witnesses for each txin. + for _, txin := range msg.TxIn { + n += txin.Witness.SerializeSize() + } + } + + return n +} + +// SerializeSizeStripped returns the number of bytes it would take to serialize +// the transaction, excluding any included witness data. +func (msg *MsgTx) SerializeSizeStripped() int { + return msg.baseSize() +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgTx) Command() string { + return CmdTx +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgTx) MaxPayloadLength(pver uint32) uint32 { + return MaxBlockPayload +} + +// PkScriptLocs returns a slice containing the start of each public key script +// within the raw serialized transaction. The caller can easily obtain the +// length of each script by using len on the script available via the +// appropriate transaction output entry. +func (msg *MsgTx) PkScriptLocs() []int { + numTxOut := len(msg.TxOut) + if numTxOut == 0 { + return nil + } + + // The starting offset in the serialized transaction of the first + // transaction output is: + // + // Version 4 bytes + serialized varint size for the number of + // transaction inputs and outputs + serialized size of each transaction + // input. + n := 4 + VarIntSerializeSize(uint64(len(msg.TxIn))) + + VarIntSerializeSize(uint64(numTxOut)) + + // If this transaction has a witness input, the an additional two bytes + // for the marker, and flag byte need to be taken into account. + if len(msg.TxIn) > 0 && msg.TxIn[0].Witness != nil { + n += 2 + } + + for _, txIn := range msg.TxIn { + n += txIn.SerializeSize() + } + + // Calculate and set the appropriate offset for each public key script. + pkScriptLocs := make([]int, numTxOut) + for i, txOut := range msg.TxOut { + // The offset of the script in the transaction output is: + // + // Value 8 bytes + serialized varint size for the length of + // PkScript. + n += 8 + VarIntSerializeSize(uint64(len(txOut.PkScript))) + pkScriptLocs[i] = n + n += len(txOut.PkScript) + } + + return pkScriptLocs +} + +// NewMsgTx returns a new bitcoin tx message that conforms to the Message +// interface. The return instance has a default version of TxVersion and there +// are no transaction inputs or outputs. Also, the lock time is set to zero +// to indicate the transaction is valid immediately as opposed to some time in +// future. +func NewMsgTx(version int32) *MsgTx { + return &MsgTx{ + Version: version, + TxIn: make([]*TxIn, 0, defaultTxInOutAlloc), + TxOut: make([]*TxOut, 0, defaultTxInOutAlloc), + } +} + +// readOutPoint reads the next sequence of bytes from r as an OutPoint. +func readOutPoint(r io.Reader, pver uint32, version int32, op *OutPoint) error { + _, err := io.ReadFull(r, op.Hash[:]) + if err != nil { + return err + } + + op.Index, err = binarySerializer.Uint32(r, littleEndian) + return err +} + +// writeOutPoint encodes op to the bitcoin protocol encoding for an OutPoint +// to w. +func writeOutPoint(w io.Writer, pver uint32, version int32, op *OutPoint) error { + _, err := w.Write(op.Hash[:]) + if err != nil { + return err + } + + return binarySerializer.PutUint32(w, littleEndian, op.Index) +} + +// readScript reads a variable length byte array that represents a transaction +// script. It is encoded as a varInt containing the length of the array +// followed by the bytes themselves. An error is returned if the length is +// greater than the passed maxAllowed parameter which helps protect against +// memory exhaustion attacks and forced panics through malformed messages. The +// fieldName parameter is only used for the error message so it provides more +// context in the error. +func readScript(r io.Reader, pver uint32, maxAllowed uint32, fieldName string) ([]byte, error) { + count, err := ReadVarInt(r, pver) + if err != nil { + return nil, err + } + + // Prevent byte array larger than the max message size. It would + // be possible to cause memory exhaustion and panics without a sane + // upper bound on this count. + if count > uint64(maxAllowed) { + str := fmt.Sprintf("%s is larger than the max allowed size "+ + "[count %d, max %d]", fieldName, count, maxAllowed) + return nil, messageError("readScript", str) + } + + b := scriptPool.Borrow(count) + _, err = io.ReadFull(r, b) + if err != nil { + scriptPool.Return(b) + return nil, err + } + return b, nil +} + +// readTxIn reads the next sequence of bytes from r as a transaction input +// (TxIn). +func readTxIn(r io.Reader, pver uint32, version int32, ti *TxIn) error { + err := readOutPoint(r, pver, version, &ti.PreviousOutPoint) + if err != nil { + return err + } + + ti.SignatureScript, err = readScript(r, pver, MaxMessagePayload, + "transaction input signature script") + if err != nil { + return err + } + + return readElement(r, &ti.Sequence) +} + +// writeTxIn encodes ti to the bitcoin protocol encoding for a transaction +// input (TxIn) to w. +func writeTxIn(w io.Writer, pver uint32, version int32, ti *TxIn) error { + err := writeOutPoint(w, pver, version, &ti.PreviousOutPoint) + if err != nil { + return err + } + + err = WriteVarBytes(w, pver, ti.SignatureScript) + if err != nil { + return err + } + + return binarySerializer.PutUint32(w, littleEndian, ti.Sequence) +} + +// readTxOut reads the next sequence of bytes from r as a transaction output +// (TxOut). +func readTxOut(r io.Reader, pver uint32, version int32, to *TxOut) error { + err := readElement(r, &to.Value) + if err != nil { + return err + } + + to.PkScript, err = readScript(r, pver, MaxMessagePayload, + "transaction output public key script") + return err +} + +// WriteTxOut encodes to into the bitcoin protocol encoding for a transaction +// output (TxOut) to w. +// +// NOTE: This function is exported in order to allow txscript to compute the +// new sighashes for witness transactions (BIP0143). +func WriteTxOut(w io.Writer, pver uint32, version int32, to *TxOut) error { + err := binarySerializer.PutUint64(w, littleEndian, uint64(to.Value)) + if err != nil { + return err + } + + return WriteVarBytes(w, pver, to.PkScript) +} + +// writeTxWitness encodes the bitcoin protocol encoding for a transaction +// input's witness into to w. +func writeTxWitness(w io.Writer, pver uint32, version int32, wit [][]byte) error { + err := WriteVarInt(w, pver, uint64(len(wit))) + if err != nil { + return err + } + for _, item := range wit { + err = WriteVarBytes(w, pver, item) + if err != nil { + return err + } + } + return nil +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgverack.go b/vendor/github.com/btcsuite/btcd/wire/msgverack.go new file mode 100644 index 0000000..60342b5 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgverack.go @@ -0,0 +1,46 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "io" +) + +// MsgVerAck defines a bitcoin verack message which is used for a peer to +// acknowledge a version message (MsgVersion) after it has used the information +// to negotiate parameters. It implements the Message interface. +// +// This message has no payload. +type MsgVerAck struct{} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// This is part of the Message interface implementation. +func (msg *MsgVerAck) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgVerAck) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgVerAck) Command() string { + return CmdVerAck +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgVerAck) MaxPayloadLength(pver uint32) uint32 { + return 0 +} + +// NewMsgVerAck returns a new bitcoin verack message that conforms to the +// Message interface. +func NewMsgVerAck() *MsgVerAck { + return &MsgVerAck{} +} diff --git a/vendor/github.com/btcsuite/btcd/wire/msgversion.go b/vendor/github.com/btcsuite/btcd/wire/msgversion.go new file mode 100644 index 0000000..3077f12 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/msgversion.go @@ -0,0 +1,269 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "bytes" + "fmt" + "io" + "strings" + "time" +) + +// MaxUserAgentLen is the maximum allowed length for the user agent field in a +// version message (MsgVersion). +const MaxUserAgentLen = 256 + +// DefaultUserAgent for wire in the stack +const DefaultUserAgent = "/btcwire:0.5.0/" + +// MsgVersion implements the Message interface and represents a bitcoin version +// message. It is used for a peer to advertise itself as soon as an outbound +// connection is made. The remote peer then uses this information along with +// its own to negotiate. The remote peer must then respond with a version +// message of its own containing the negotiated values followed by a verack +// message (MsgVerAck). This exchange must take place before any further +// communication is allowed to proceed. +type MsgVersion struct { + // Version of the protocol the node is using. + ProtocolVersion int32 + + // Bitfield which identifies the enabled services. + Services ServiceFlag + + // Time the message was generated. This is encoded as an int64 on the wire. + Timestamp time.Time + + // Address of the remote peer. + AddrYou NetAddress + + // Address of the local peer. + AddrMe NetAddress + + // Unique value associated with message that is used to detect self + // connections. + Nonce uint64 + + // The user agent that generated messsage. This is a encoded as a varString + // on the wire. This has a max length of MaxUserAgentLen. + UserAgent string + + // Last block seen by the generator of the version message. + LastBlock int32 + + // Don't announce transactions to peer. + DisableRelayTx bool +} + +// HasService returns whether the specified service is supported by the peer +// that generated the message. +func (msg *MsgVersion) HasService(service ServiceFlag) bool { + return msg.Services&service == service +} + +// AddService adds service as a supported service by the peer generating the +// message. +func (msg *MsgVersion) AddService(service ServiceFlag) { + msg.Services |= service +} + +// BtcDecode decodes r using the bitcoin protocol encoding into the receiver. +// The version message is special in that the protocol version hasn't been +// negotiated yet. As a result, the pver field is ignored and any fields which +// are added in new versions are optional. This also mean that r must be a +// *bytes.Buffer so the number of remaining bytes can be ascertained. +// +// This is part of the Message interface implementation. +func (msg *MsgVersion) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error { + buf, ok := r.(*bytes.Buffer) + if !ok { + return fmt.Errorf("MsgVersion.BtcDecode reader is not a " + + "*bytes.Buffer") + } + + err := readElements(buf, &msg.ProtocolVersion, &msg.Services, + (*int64Time)(&msg.Timestamp)) + if err != nil { + return err + } + + err = readNetAddress(buf, pver, &msg.AddrYou, false) + if err != nil { + return err + } + + // Protocol versions >= 106 added a from address, nonce, and user agent + // field and they are only considered present if there are bytes + // remaining in the message. + if buf.Len() > 0 { + err = readNetAddress(buf, pver, &msg.AddrMe, false) + if err != nil { + return err + } + } + if buf.Len() > 0 { + err = readElement(buf, &msg.Nonce) + if err != nil { + return err + } + } + if buf.Len() > 0 { + userAgent, err := ReadVarString(buf, pver) + if err != nil { + return err + } + err = validateUserAgent(userAgent) + if err != nil { + return err + } + msg.UserAgent = userAgent + } + + // Protocol versions >= 209 added a last known block field. It is only + // considered present if there are bytes remaining in the message. + if buf.Len() > 0 { + err = readElement(buf, &msg.LastBlock) + if err != nil { + return err + } + } + + // There was no relay transactions field before BIP0037Version, but + // the default behavior prior to the addition of the field was to always + // relay transactions. + if buf.Len() > 0 { + // It's safe to ignore the error here since the buffer has at + // least one byte and that byte will result in a boolean value + // regardless of its value. Also, the wire encoding for the + // field is true when transactions should be relayed, so reverse + // it for the DisableRelayTx field. + var relayTx bool + readElement(r, &relayTx) + msg.DisableRelayTx = !relayTx + } + + return nil +} + +// BtcEncode encodes the receiver to w using the bitcoin protocol encoding. +// This is part of the Message interface implementation. +func (msg *MsgVersion) BtcEncode(w io.Writer, pver uint32, enc MessageEncoding) error { + err := validateUserAgent(msg.UserAgent) + if err != nil { + return err + } + + err = writeElements(w, msg.ProtocolVersion, msg.Services, + msg.Timestamp.Unix()) + if err != nil { + return err + } + + err = writeNetAddress(w, pver, &msg.AddrYou, false) + if err != nil { + return err + } + + err = writeNetAddress(w, pver, &msg.AddrMe, false) + if err != nil { + return err + } + + err = writeElement(w, msg.Nonce) + if err != nil { + return err + } + + err = WriteVarString(w, pver, msg.UserAgent) + if err != nil { + return err + } + + err = writeElement(w, msg.LastBlock) + if err != nil { + return err + } + + // There was no relay transactions field before BIP0037Version. Also, + // the wire encoding for the field is true when transactions should be + // relayed, so reverse it from the DisableRelayTx field. + if pver >= BIP0037Version { + err = writeElement(w, !msg.DisableRelayTx) + if err != nil { + return err + } + } + return nil +} + +// Command returns the protocol command string for the message. This is part +// of the Message interface implementation. +func (msg *MsgVersion) Command() string { + return CmdVersion +} + +// MaxPayloadLength returns the maximum length the payload can be for the +// receiver. This is part of the Message interface implementation. +func (msg *MsgVersion) MaxPayloadLength(pver uint32) uint32 { + // XXX: <= 106 different + + // Protocol version 4 bytes + services 8 bytes + timestamp 8 bytes + + // remote and local net addresses + nonce 8 bytes + length of user + // agent (varInt) + max allowed useragent length + last block 4 bytes + + // relay transactions flag 1 byte. + return 33 + (maxNetAddressPayload(pver) * 2) + MaxVarIntPayload + + MaxUserAgentLen +} + +// NewMsgVersion returns a new bitcoin version message that conforms to the +// Message interface using the passed parameters and defaults for the remaining +// fields. +func NewMsgVersion(me *NetAddress, you *NetAddress, nonce uint64, + lastBlock int32) *MsgVersion { + + // Limit the timestamp to one second precision since the protocol + // doesn't support better. + return &MsgVersion{ + ProtocolVersion: int32(ProtocolVersion), + Services: 0, + Timestamp: time.Unix(time.Now().Unix(), 0), + AddrYou: *you, + AddrMe: *me, + Nonce: nonce, + UserAgent: DefaultUserAgent, + LastBlock: lastBlock, + DisableRelayTx: false, + } +} + +// validateUserAgent checks userAgent length against MaxUserAgentLen +func validateUserAgent(userAgent string) error { + if len(userAgent) > MaxUserAgentLen { + str := fmt.Sprintf("user agent too long [len %v, max %v]", + len(userAgent), MaxUserAgentLen) + return messageError("MsgVersion", str) + } + return nil +} + +// AddUserAgent adds a user agent to the user agent string for the version +// message. The version string is not defined to any strict format, although +// it is recommended to use the form "major.minor.revision" e.g. "2.6.41". +func (msg *MsgVersion) AddUserAgent(name string, version string, + comments ...string) error { + + newUserAgent := fmt.Sprintf("%s:%s", name, version) + if len(comments) != 0 { + newUserAgent = fmt.Sprintf("%s(%s)", newUserAgent, + strings.Join(comments, "; ")) + } + newUserAgent = fmt.Sprintf("%s%s/", msg.UserAgent, newUserAgent) + err := validateUserAgent(newUserAgent) + if err != nil { + return err + } + msg.UserAgent = newUserAgent + return nil +} diff --git a/vendor/github.com/btcsuite/btcd/wire/netaddress.go b/vendor/github.com/btcsuite/btcd/wire/netaddress.go new file mode 100644 index 0000000..5a2610b --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/netaddress.go @@ -0,0 +1,149 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "encoding/binary" + "io" + "net" + "time" +) + +// maxNetAddressPayload returns the max payload size for a bitcoin NetAddress +// based on the protocol version. +func maxNetAddressPayload(pver uint32) uint32 { + // Services 8 bytes + ip 16 bytes + port 2 bytes. + plen := uint32(26) + + // NetAddressTimeVersion added a timestamp field. + if pver >= NetAddressTimeVersion { + // Timestamp 4 bytes. + plen += 4 + } + + return plen +} + +// NetAddress defines information about a peer on the network including the time +// it was last seen, the services it supports, its IP address, and port. +type NetAddress struct { + // Last time the address was seen. This is, unfortunately, encoded as a + // uint32 on the wire and therefore is limited to 2106. This field is + // not present in the bitcoin version message (MsgVersion) nor was it + // added until protocol version >= NetAddressTimeVersion. + Timestamp time.Time + + // Bitfield which identifies the services supported by the address. + Services ServiceFlag + + // IP address of the peer. + IP net.IP + + // Port the peer is using. This is encoded in big endian on the wire + // which differs from most everything else. + Port uint16 +} + +// HasService returns whether the specified service is supported by the address. +func (na *NetAddress) HasService(service ServiceFlag) bool { + return na.Services&service == service +} + +// AddService adds service as a supported service by the peer generating the +// message. +func (na *NetAddress) AddService(service ServiceFlag) { + na.Services |= service +} + +// NewNetAddressIPPort returns a new NetAddress using the provided IP, port, and +// supported services with defaults for the remaining fields. +func NewNetAddressIPPort(ip net.IP, port uint16, services ServiceFlag) *NetAddress { + return NewNetAddressTimestamp(time.Now(), services, ip, port) +} + +// NewNetAddressTimestamp returns a new NetAddress using the provided +// timestamp, IP, port, and supported services. The timestamp is rounded to +// single second precision. +func NewNetAddressTimestamp( + timestamp time.Time, services ServiceFlag, ip net.IP, port uint16) *NetAddress { + // Limit the timestamp to one second precision since the protocol + // doesn't support better. + na := NetAddress{ + Timestamp: time.Unix(timestamp.Unix(), 0), + Services: services, + IP: ip, + Port: port, + } + return &na +} + +// NewNetAddress returns a new NetAddress using the provided TCP address and +// supported services with defaults for the remaining fields. +func NewNetAddress(addr *net.TCPAddr, services ServiceFlag) *NetAddress { + return NewNetAddressIPPort(addr.IP, uint16(addr.Port), services) +} + +// readNetAddress reads an encoded NetAddress from r depending on the protocol +// version and whether or not the timestamp is included per ts. Some messages +// like version do not include the timestamp. +func readNetAddress(r io.Reader, pver uint32, na *NetAddress, ts bool) error { + var ip [16]byte + + // NOTE: The bitcoin protocol uses a uint32 for the timestamp so it will + // stop working somewhere around 2106. Also timestamp wasn't added until + // protocol version >= NetAddressTimeVersion + if ts && pver >= NetAddressTimeVersion { + err := readElement(r, (*uint32Time)(&na.Timestamp)) + if err != nil { + return err + } + } + + err := readElements(r, &na.Services, &ip) + if err != nil { + return err + } + // Sigh. Bitcoin protocol mixes little and big endian. + port, err := binarySerializer.Uint16(r, bigEndian) + if err != nil { + return err + } + + *na = NetAddress{ + Timestamp: na.Timestamp, + Services: na.Services, + IP: net.IP(ip[:]), + Port: port, + } + return nil +} + +// writeNetAddress serializes a NetAddress to w depending on the protocol +// version and whether or not the timestamp is included per ts. Some messages +// like version do not include the timestamp. +func writeNetAddress(w io.Writer, pver uint32, na *NetAddress, ts bool) error { + // NOTE: The bitcoin protocol uses a uint32 for the timestamp so it will + // stop working somewhere around 2106. Also timestamp wasn't added until + // until protocol version >= NetAddressTimeVersion. + if ts && pver >= NetAddressTimeVersion { + err := writeElement(w, uint32(na.Timestamp.Unix())) + if err != nil { + return err + } + } + + // Ensure to always write 16 bytes even if the ip is nil. + var ip [16]byte + if na.IP != nil { + copy(ip[:], na.IP.To16()) + } + err := writeElements(w, na.Services, ip) + if err != nil { + return err + } + + // Sigh. Bitcoin protocol mixes little and big endian. + return binary.Write(w, bigEndian, na.Port) +} diff --git a/vendor/github.com/btcsuite/btcd/wire/protocol.go b/vendor/github.com/btcsuite/btcd/wire/protocol.go new file mode 100644 index 0000000..8cc9838 --- /dev/null +++ b/vendor/github.com/btcsuite/btcd/wire/protocol.go @@ -0,0 +1,178 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package wire + +import ( + "fmt" + "strconv" + "strings" +) + +// XXX pedro: we will probably need to bump this. +const ( + // ProtocolVersion is the latest protocol version this package supports. + ProtocolVersion uint32 = 70013 + + // MultipleAddressVersion is the protocol version which added multiple + // addresses per message (pver >= MultipleAddressVersion). + MultipleAddressVersion uint32 = 209 + + // NetAddressTimeVersion is the protocol version which added the + // timestamp field (pver >= NetAddressTimeVersion). + NetAddressTimeVersion uint32 = 31402 + + // BIP0031Version is the protocol version AFTER which a pong message + // and nonce field in ping were added (pver > BIP0031Version). + BIP0031Version uint32 = 60000 + + // BIP0035Version is the protocol version which added the mempool + // message (pver >= BIP0035Version). + BIP0035Version uint32 = 60002 + + // BIP0037Version is the protocol version which added new connection + // bloom filtering related messages and extended the version message + // with a relay flag (pver >= BIP0037Version). + BIP0037Version uint32 = 70001 + + // RejectVersion is the protocol version which added a new reject + // message. + RejectVersion uint32 = 70002 + + // BIP0111Version is the protocol version which added the SFNodeBloom + // service flag. + BIP0111Version uint32 = 70011 + + // SendHeadersVersion is the protocol version which added a new + // sendheaders message. + SendHeadersVersion uint32 = 70012 + + // FeeFilterVersion is the protocol version which added a new + // feefilter message. + FeeFilterVersion uint32 = 70013 +) + +// ServiceFlag identifies services supported by a bitcoin peer. +type ServiceFlag uint64 + +const ( + // SFNodeNetwork is a flag used to indicate a peer is a full node. + SFNodeNetwork ServiceFlag = 1 << iota + + // SFNodeGetUTXO is a flag used to indicate a peer supports the + // getutxos and utxos commands (BIP0064). + SFNodeGetUTXO + + // SFNodeBloom is a flag used to indicate a peer supports bloom + // filtering. + SFNodeBloom + + // SFNodeWitness is a flag used to indicate a peer supports blocks + // and transactions including witness data (BIP0144). + SFNodeWitness + + // SFNodeXthin is a flag used to indicate a peer supports xthin blocks. + SFNodeXthin + + // SFNodeBit5 is a flag used to indicate a peer supports a service + // defined by bit 5. + SFNodeBit5 + + // SFNodeCF is a flag used to indicate a peer supports committed + // filters (CFs). + SFNodeCF + + // SFNode2X is a flag used to indicate a peer is running the Segwit2X + // software. + SFNode2X +) + +// Map of service flags back to their constant names for pretty printing. +var sfStrings = map[ServiceFlag]string{ + SFNodeNetwork: "SFNodeNetwork", + SFNodeGetUTXO: "SFNodeGetUTXO", + SFNodeBloom: "SFNodeBloom", + SFNodeWitness: "SFNodeWitness", + SFNodeXthin: "SFNodeXthin", + SFNodeBit5: "SFNodeBit5", + SFNodeCF: "SFNodeCF", + SFNode2X: "SFNode2X", +} + +// orderedSFStrings is an ordered list of service flags from highest to +// lowest. +var orderedSFStrings = []ServiceFlag{ + SFNodeNetwork, + SFNodeGetUTXO, + SFNodeBloom, + SFNodeWitness, + SFNodeXthin, + SFNodeBit5, + SFNodeCF, + SFNode2X, +} + +// String returns the ServiceFlag in human-readable form. +func (f ServiceFlag) String() string { + // No flags are set. + if f == 0 { + return "0x0" + } + + // Add individual bit flags. + s := "" + for _, flag := range orderedSFStrings { + if f&flag == flag { + s += sfStrings[flag] + "|" + f -= flag + } + } + + // Add any remaining flags which aren't accounted for as hex. + s = strings.TrimRight(s, "|") + if f != 0 { + s += "|0x" + strconv.FormatUint(uint64(f), 16) + } + s = strings.TrimLeft(s, "|") + return s +} + +// BitcoinNet represents which bitcoin network a message belongs to. +type BitcoinNet uint32 + +// Constants used to indicate the message bitcoin network. They can also be +// used to seek to the next message when a stream's state is unknown, but +// this package does not provide that functionality since it's generally a +// better idea to simply disconnect clients that are misbehaving over TCP. +const ( + // MainNet represents the main bitcoin network. + MainNet BitcoinNet = 0xd9b4bef9 + + // TestNet represents the regression test network. + TestNet BitcoinNet = 0xdab5bffa + + // TestNet3 represents the test network (version 3). + TestNet3 BitcoinNet = 0x0709110b + + // SimNet represents the simulation test network. + SimNet BitcoinNet = 0x12141c16 +) + +// bnStrings is a map of bitcoin networks back to their constant names for +// pretty printing. +var bnStrings = map[BitcoinNet]string{ + MainNet: "MainNet", + TestNet: "TestNet", + TestNet3: "TestNet3", + SimNet: "SimNet", +} + +// String returns the BitcoinNet in human-readable form. +func (n BitcoinNet) String() string { + if s, ok := bnStrings[n]; ok { + return s + } + + return fmt.Sprintf("Unknown BitcoinNet (%d)", uint32(n)) +} diff --git a/vendor/github.com/btcsuite/btclog/.gitignore b/vendor/github.com/btcsuite/btclog/.gitignore new file mode 100644 index 0000000..612e2e9 --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/.gitignore @@ -0,0 +1,28 @@ +# Temp files +*~ + +# Log files +*.log + +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe diff --git a/vendor/github.com/btcsuite/btclog/.travis.yml b/vendor/github.com/btcsuite/btclog/.travis.yml new file mode 100644 index 0000000..e1e3198 --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/.travis.yml @@ -0,0 +1,13 @@ +language: go +go: + - 1.7.x + - 1.8.x +sudo: false +install: + - go get -d -t -v ./... + - go get -v golang.org/x/tools/cmd/cover + - go get -v github.com/bradfitz/goimports + - go get -v github.com/golang/lint/golint +script: + - export PATH=$PATH:$HOME/gopath/bin + - ./goclean.sh diff --git a/vendor/github.com/btcsuite/btclog/LICENSE b/vendor/github.com/btcsuite/btclog/LICENSE new file mode 100644 index 0000000..7b81403 --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/LICENSE @@ -0,0 +1,15 @@ +ISC License + +Copyright (c) 2013-2014 Conformal Systems LLC. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/vendor/github.com/btcsuite/btclog/README.md b/vendor/github.com/btcsuite/btclog/README.md new file mode 100644 index 0000000..ff6b713 --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/README.md @@ -0,0 +1,40 @@ +btclog +====== + +[![Build Status](http://img.shields.io/travis/btcsuite/btclog.svg)](https://travis-ci.org/btcsuite/btclog) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btclog) + +Package btclog defines a logger interface and provides a default implementation +of a subsystem-aware leveled logger implementing the same interface. + +## Installation + +```bash +$ go get github.com/btcsuite/btclog +``` + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package btclog is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btclog/doc.go b/vendor/github.com/btcsuite/btclog/doc.go new file mode 100644 index 0000000..b611497 --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/doc.go @@ -0,0 +1,27 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package btclog defines an interface and default implementation for subsystem +logging. + +Log level verbosity may be modified at runtime for each individual subsystem +logger. + +The default implementation in this package must be created by the Backend type. +Backends can write to any io.Writer, including multi-writers created by +io.MultiWriter. Multi-writers allow log output to be written to many writers, +including standard output and log files. + +Optional logging behavior can be specified by using the LOGFLAGS environment +variable and overridden per-Backend by using the WithFlags call option. Multiple +LOGFLAGS options can be specified, separated by commas. The following options +are recognized: + + longfile: Include the full filepath and line number in all log messages + + shortfile: Include the filename and line number in all log messages. + Overrides longfile. +*/ +package btclog diff --git a/vendor/github.com/btcsuite/btclog/goclean.sh b/vendor/github.com/btcsuite/btclog/goclean.sh new file mode 100644 index 0000000..9fdf040 --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/goclean.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# The script does automatic checking on a Go package and its sub-packages, including: +# 1. gofmt (http://golang.org/cmd/gofmt/) +# 2. goimports (https://github.com/bradfitz/goimports) +# 3. golint (https://github.com/golang/lint) +# 4. go vet (http://golang.org/cmd/vet) +# 5. race detector (http://blog.golang.org/race-detector) +# 6. test coverage (http://blog.golang.org/cover) + +set -e + +# Automatic checks +test -z $(gofmt -l -w . | tee /dev/stderr) +test -z $(goimports -l -w . | tee /dev/stderr) +test -z $(golint ./... | tee /dev/stderr) +go vet ./... +env GORACE="halt_on_error=1" go test -v -race ./... + +# Run test coverage on each subdirectories and merge the coverage profile. + +echo "mode: count" > profile.cov + +# Standard go tooling behavior is to ignore dirs with leading underscores. +for dir in $(find . -maxdepth 10 -not -path './.git*' -not -path '*/_*' -type d) +do +if ls $dir/*.go &> /dev/null; then + go test -covermode=count -coverprofile=$dir/profile.tmp $dir + if [ -f $dir/profile.tmp ]; then + cat $dir/profile.tmp | tail -n +2 >> profile.cov + rm $dir/profile.tmp + fi +fi +done + +# To submit the test coverage result to coveralls.io, +# use goveralls (https://github.com/mattn/goveralls) +# goveralls -coverprofile=profile.cov -service=travis-ci diff --git a/vendor/github.com/btcsuite/btclog/interface.go b/vendor/github.com/btcsuite/btclog/interface.go new file mode 100644 index 0000000..64f74fc --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/interface.go @@ -0,0 +1,64 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btclog + +// Logger is an interface which describes a level-based logger. A default +// implementation of Logger is implemented by this package and can be created +// by calling (*Backend).Logger. +type Logger interface { + // Tracef formats message according to format specifier and writes to + // to log with LevelTrace. + Tracef(format string, params ...interface{}) + + // Debugf formats message according to format specifier and writes to + // log with LevelDebug. + Debugf(format string, params ...interface{}) + + // Infof formats message according to format specifier and writes to + // log with LevelInfo. + Infof(format string, params ...interface{}) + + // Warnf formats message according to format specifier and writes to + // to log with LevelWarn. + Warnf(format string, params ...interface{}) + + // Errorf formats message according to format specifier and writes to + // to log with LevelError. + Errorf(format string, params ...interface{}) + + // Criticalf formats message according to format specifier and writes to + // log with LevelCritical. + Criticalf(format string, params ...interface{}) + + // Trace formats message using the default formats for its operands + // and writes to log with LevelTrace. + Trace(v ...interface{}) + + // Debug formats message using the default formats for its operands + // and writes to log with LevelDebug. + Debug(v ...interface{}) + + // Info formats message using the default formats for its operands + // and writes to log with LevelInfo. + Info(v ...interface{}) + + // Warn formats message using the default formats for its operands + // and writes to log with LevelWarn. + Warn(v ...interface{}) + + // Error formats message using the default formats for its operands + // and writes to log with LevelError. + Error(v ...interface{}) + + // Critical formats message using the default formats for its operands + // and writes to log with LevelCritical. + Critical(v ...interface{}) + + // Level returns the current logging level. + Level() Level + + // SetLevel changes the logging level to the passed level. + SetLevel(level Level) +} diff --git a/vendor/github.com/btcsuite/btclog/log.go b/vendor/github.com/btcsuite/btclog/log.go new file mode 100644 index 0000000..d8f3dcd --- /dev/null +++ b/vendor/github.com/btcsuite/btclog/log.go @@ -0,0 +1,480 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. +// +// Copyright (c) 2009 The Go Authors. All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package btclog + +import ( + "bytes" + "fmt" + "io" + "io/ioutil" + "os" + "runtime" + "strings" + "sync" + "sync/atomic" + "time" +) + +// defaultFlags specifies changes to the default logger behavior. It is set +// during package init and configured using the LOGFLAGS environment variable. +// New logger backends can override these default flags using WithFlags. +var defaultFlags uint32 + +// Flags to modify Backend's behavior. +const ( + // Llongfile modifies the logger output to include full path and line number + // of the logging callsite, e.g. /a/b/c/main.go:123. + Llongfile uint32 = 1 << iota + + // Lshortfile modifies the logger output to include filename and line number + // of the logging callsite, e.g. main.go:123. Overrides Llongfile. + Lshortfile +) + +// Read logger flags from the LOGFLAGS environment variable. Multiple flags can +// be set at once, separated by commas. +func init() { + for _, f := range strings.Split(os.Getenv("LOGFLAGS"), ",") { + switch f { + case "longfile": + defaultFlags |= Llongfile + case "shortfile": + defaultFlags |= Lshortfile + } + } +} + +// Level is the level at which a logger is configured. All messages sent +// to a level which is below the current level are filtered. +type Level uint32 + +// Level constants. +const ( + LevelTrace Level = iota + LevelDebug + LevelInfo + LevelWarn + LevelError + LevelCritical + LevelOff +) + +// levelStrs defines the human-readable names for each logging level. +var levelStrs = [...]string{"TRC", "DBG", "INF", "WRN", "ERR", "CRT", "OFF"} + +// LevelFromString returns a level based on the input string s. If the input +// can't be interpreted as a valid log level, the info level and false is +// returned. +func LevelFromString(s string) (l Level, ok bool) { + switch strings.ToLower(s) { + case "trace", "trc": + return LevelTrace, true + case "debug", "dbg": + return LevelDebug, true + case "info", "inf": + return LevelInfo, true + case "warn", "wrn": + return LevelWarn, true + case "error", "err": + return LevelError, true + case "critical", "crt": + return LevelCritical, true + case "off": + return LevelOff, true + default: + return LevelInfo, false + } +} + +// String returns the tag of the logger used in log messages, or "OFF" if +// the level will not produce any log output. +func (l Level) String() string { + if l >= LevelOff { + return "OFF" + } + return levelStrs[l] +} + +// NewBackend creates a logger backend from a Writer. +func NewBackend(w io.Writer, opts ...BackendOption) *Backend { + b := &Backend{w: w, flag: defaultFlags} + for _, o := range opts { + o(b) + } + return b +} + +// Backend is a logging backend. Subsystems created from the backend write to +// the backend's Writer. Backend provides atomic writes to the Writer from all +// subsystems. +type Backend struct { + w io.Writer + mu sync.Mutex // ensures atomic writes + flag uint32 +} + +// BackendOption is a function used to modify the behavior of a Backend. +type BackendOption func(b *Backend) + +// WithFlags configures a Backend to use the specified flags rather than using +// the package's defaults as determined through the LOGFLAGS environment +// variable. +func WithFlags(flags uint32) BackendOption { + return func(b *Backend) { + b.flag = flags + } +} + +// bufferPool defines a concurrent safe free list of byte slices used to provide +// temporary buffers for formatting log messages prior to outputting them. +var bufferPool = sync.Pool{ + New: func() interface{} { + b := make([]byte, 0, 120) + return &b // pointer to slice to avoid boxing alloc + }, +} + +// buffer returns a byte slice from the free list. A new buffer is allocated if +// there are not any available on the free list. The returned byte slice should +// be returned to the fee list by using the recycleBuffer function when the +// caller is done with it. +func buffer() *[]byte { + return bufferPool.Get().(*[]byte) +} + +// recycleBuffer puts the provided byte slice, which should have been obtain via +// the buffer function, back on the free list. +func recycleBuffer(b *[]byte) { + *b = (*b)[:0] + bufferPool.Put(b) +} + +// From stdlib log package. +// Cheap integer to fixed-width decimal ASCII. Give a negative width to avoid +// zero-padding. +func itoa(buf *[]byte, i int, wid int) { + // Assemble decimal in reverse order. + var b [20]byte + bp := len(b) - 1 + for i >= 10 || wid > 1 { + wid-- + q := i / 10 + b[bp] = byte('0' + i - q*10) + bp-- + i = q + } + // i < 10 + b[bp] = byte('0' + i) + *buf = append(*buf, b[bp:]...) +} + +// Appends a header in the default format 'YYYY-MM-DD hh:mm:ss.sss [LVL] TAG: '. +// If either of the Lshortfile or Llongfile flags are specified, the file named +// and line number are included after the tag and before the final colon. +func formatHeader(buf *[]byte, t time.Time, lvl, tag string, file string, line int) { + year, month, day := t.Date() + hour, min, sec := t.Clock() + ms := t.Nanosecond() / 1e6 + + itoa(buf, year, 4) + *buf = append(*buf, '-') + itoa(buf, int(month), 2) + *buf = append(*buf, '-') + itoa(buf, day, 2) + *buf = append(*buf, ' ') + itoa(buf, hour, 2) + *buf = append(*buf, ':') + itoa(buf, min, 2) + *buf = append(*buf, ':') + itoa(buf, sec, 2) + *buf = append(*buf, '.') + itoa(buf, ms, 3) + *buf = append(*buf, " ["...) + *buf = append(*buf, lvl...) + *buf = append(*buf, "] "...) + *buf = append(*buf, tag...) + if file != "" { + *buf = append(*buf, ' ') + *buf = append(*buf, file...) + *buf = append(*buf, ':') + itoa(buf, line, -1) + } + *buf = append(*buf, ": "...) +} + +// calldepth is the call depth of the callsite function relative to the +// caller of the subsystem logger. It is used to recover the filename and line +// number of the logging call if either the short or long file flags are +// specified. +const calldepth = 3 + +// callsite returns the file name and line number of the callsite to the +// subsystem logger. +func callsite(flag uint32) (string, int) { + _, file, line, ok := runtime.Caller(calldepth) + if !ok { + return "???", 0 + } + if flag&Lshortfile != 0 { + short := file + for i := len(file) - 1; i > 0; i-- { + if os.IsPathSeparator(file[i]) { + short = file[i+1:] + break + } + } + file = short + } + return file, line +} + +// print outputs a log message to the writer associated with the backend after +// creating a prefix for the given level and tag according to the formatHeader +// function and formatting the provided arguments using the default formatting +// rules. +func (b *Backend) print(lvl, tag string, args ...interface{}) { + t := time.Now() // get as early as possible + + bytebuf := buffer() + + var file string + var line int + if b.flag&(Lshortfile|Llongfile) != 0 { + file, line = callsite(b.flag) + } + + formatHeader(bytebuf, t, lvl, tag, file, line) + buf := bytes.NewBuffer(*bytebuf) + fmt.Fprintln(buf, args...) + *bytebuf = buf.Bytes() + + b.mu.Lock() + b.w.Write(*bytebuf) + b.mu.Unlock() + + recycleBuffer(bytebuf) +} + +// printf outputs a log message to the writer associated with the backend after +// creating a prefix for the given level and tag according to the formatHeader +// function and formatting the provided arguments according to the given format +// specifier. +func (b *Backend) printf(lvl, tag string, format string, args ...interface{}) { + t := time.Now() // get as early as possible + + bytebuf := buffer() + + var file string + var line int + if b.flag&(Lshortfile|Llongfile) != 0 { + file, line = callsite(b.flag) + } + + formatHeader(bytebuf, t, lvl, tag, file, line) + buf := bytes.NewBuffer(*bytebuf) + fmt.Fprintf(buf, format, args...) + *bytebuf = append(buf.Bytes(), '\n') + + b.mu.Lock() + b.w.Write(*bytebuf) + b.mu.Unlock() + + recycleBuffer(bytebuf) +} + +// Logger returns a new logger for a particular subsystem that writes to the +// Backend b. A tag describes the subsystem and is included in all log +// messages. The logger uses the info verbosity level by default. +func (b *Backend) Logger(subsystemTag string) Logger { + return &slog{LevelInfo, subsystemTag, b} +} + +// slog is a subsystem logger for a Backend. Implements the Logger interface. +type slog struct { + lvl Level // atomic + tag string + b *Backend +} + +// Trace formats message using the default formats for its operands, prepends +// the prefix as necessary, and writes to log with LevelTrace. +// +// This is part of the Logger interface implementation. +func (l *slog) Trace(args ...interface{}) { + lvl := l.Level() + if lvl <= LevelTrace { + l.b.print("TRC", l.tag, args...) + } +} + +// Tracef formats message according to format specifier, prepends the prefix as +// necessary, and writes to log with LevelTrace. +// +// This is part of the Logger interface implementation. +func (l *slog) Tracef(format string, args ...interface{}) { + lvl := l.Level() + if lvl <= LevelTrace { + l.b.printf("TRC", l.tag, format, args...) + } +} + +// Debug formats message using the default formats for its operands, prepends +// the prefix as necessary, and writes to log with LevelDebug. +// +// This is part of the Logger interface implementation. +func (l *slog) Debug(args ...interface{}) { + lvl := l.Level() + if lvl <= LevelDebug { + l.b.print("DBG", l.tag, args...) + } +} + +// Debugf formats message according to format specifier, prepends the prefix as +// necessary, and writes to log with LevelDebug. +// +// This is part of the Logger interface implementation. +func (l *slog) Debugf(format string, args ...interface{}) { + lvl := l.Level() + if lvl <= LevelDebug { + l.b.printf("DBG", l.tag, format, args...) + } +} + +// Info formats message using the default formats for its operands, prepends +// the prefix as necessary, and writes to log with LevelInfo. +// +// This is part of the Logger interface implementation. +func (l *slog) Info(args ...interface{}) { + lvl := l.Level() + if lvl <= LevelInfo { + l.b.print("INF", l.tag, args...) + } +} + +// Infof formats message according to format specifier, prepends the prefix as +// necessary, and writes to log with LevelInfo. +// +// This is part of the Logger interface implementation. +func (l *slog) Infof(format string, args ...interface{}) { + lvl := l.Level() + if lvl <= LevelInfo { + l.b.printf("INF", l.tag, format, args...) + } +} + +// Warn formats message using the default formats for its operands, prepends +// the prefix as necessary, and writes to log with LevelWarn. +// +// This is part of the Logger interface implementation. +func (l *slog) Warn(args ...interface{}) { + lvl := l.Level() + if lvl <= LevelWarn { + l.b.print("WRN", l.tag, args...) + } +} + +// Warnf formats message according to format specifier, prepends the prefix as +// necessary, and writes to log with LevelWarn. +// +// This is part of the Logger interface implementation. +func (l *slog) Warnf(format string, args ...interface{}) { + lvl := l.Level() + if lvl <= LevelWarn { + l.b.printf("WRN", l.tag, format, args...) + } +} + +// Error formats message using the default formats for its operands, prepends +// the prefix as necessary, and writes to log with LevelError. +// +// This is part of the Logger interface implementation. +func (l *slog) Error(args ...interface{}) { + lvl := l.Level() + if lvl <= LevelError { + l.b.print("ERR", l.tag, args...) + } +} + +// Errorf formats message according to format specifier, prepends the prefix as +// necessary, and writes to log with LevelError. +// +// This is part of the Logger interface implementation. +func (l *slog) Errorf(format string, args ...interface{}) { + lvl := l.Level() + if lvl <= LevelError { + l.b.printf("ERR", l.tag, format, args...) + } +} + +// Critical formats message using the default formats for its operands, prepends +// the prefix as necessary, and writes to log with LevelCritical. +// +// This is part of the Logger interface implementation. +func (l *slog) Critical(args ...interface{}) { + lvl := l.Level() + if lvl <= LevelCritical { + l.b.print("CRT", l.tag, args...) + } +} + +// Criticalf formats message according to format specifier, prepends the prefix +// as necessary, and writes to log with LevelCritical. +// +// This is part of the Logger interface implementation. +func (l *slog) Criticalf(format string, args ...interface{}) { + lvl := l.Level() + if lvl <= LevelCritical { + l.b.printf("CRT", l.tag, format, args...) + } +} + +// Level returns the current logging level +// +// This is part of the Logger interface implementation. +func (l *slog) Level() Level { + return Level(atomic.LoadUint32((*uint32)(&l.lvl))) +} + +// SetLevel changes the logging level to the passed level. +// +// This is part of the Logger interface implementation. +func (l *slog) SetLevel(level Level) { + atomic.StoreUint32((*uint32)(&l.lvl), uint32(level)) +} + +// Disabled is a Logger that will never output anything. +var Disabled Logger + +func init() { + Disabled = &slog{lvl: LevelOff, b: NewBackend(ioutil.Discard)} +} diff --git a/vendor/github.com/btcsuite/btcutil/.gitignore b/vendor/github.com/btcsuite/btcutil/.gitignore new file mode 100644 index 0000000..5b97dbb --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/.gitignore @@ -0,0 +1,28 @@ +# Temp files +*~ + +# Log files +*.log + +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe diff --git a/vendor/github.com/btcsuite/btcutil/.travis.yml b/vendor/github.com/btcsuite/btcutil/.travis.yml new file mode 100644 index 0000000..251caec --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/.travis.yml @@ -0,0 +1,15 @@ +language: go +go: + - "1.9.4" + - "1.10" +sudo: false +install: + - go get -d -t -v ./... + - go get -v github.com/alecthomas/gometalinter + - gometalinter --install +script: + - export PATH=$PATH:$HOME/gopath/bin + - ./goclean.sh +after_success: + - go get -v github.com/mattn/goveralls + - goveralls -coverprofile=profile.cov -service=travis-ci diff --git a/vendor/github.com/btcsuite/btcutil/LICENSE b/vendor/github.com/btcsuite/btcutil/LICENSE new file mode 100644 index 0000000..3e7b167 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/LICENSE @@ -0,0 +1,16 @@ +ISC License + +Copyright (c) 2013-2017 The btcsuite developers +Copyright (c) 2016-2017 The Lightning Network Developers + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/vendor/github.com/btcsuite/btcutil/README.md b/vendor/github.com/btcsuite/btcutil/README.md new file mode 100644 index 0000000..1d76cfb --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/README.md @@ -0,0 +1,50 @@ +btcutil +======= + +[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)](https://travis-ci.org/btcsuite/btcutil) +[![Coverage Status](http://img.shields.io/coveralls/btcsuite/btcutil.svg)](https://coveralls.io/r/btcsuite/btcutil?branch=master) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](http://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcutil) + +Package btcutil provides bitcoin-specific convenience functions and types. +A comprehensive suite of tests is provided to ensure proper functionality. See +`test_coverage.txt` for the gocov coverage report. Alternatively, if you are +running a POSIX OS, you can run the `cov_report.sh` script for a real-time +report. + +This package was developed for btcd, an alternative full-node implementation of +bitcoin which is under active development by Conformal. Although it was +primarily written for btcd, this package has intentionally been designed so it +can be used as a standalone package for any projects needing the functionality +provided. + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcutil +``` + +## GPG Verification Key + +All official release tags are signed by Conformal so users can ensure the code +has not been tampered with and is coming from the btcsuite developers. To +verify the signature perform the following: + +- Download the public key from the Conformal website at + https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt + +- Import the public key into your GPG keyring: + ```bash + gpg --import GIT-GPG-KEY-conformal.txt + ``` + +- Verify the release tag with the following command where `TAG_NAME` is a + placeholder for the specific tag: + ```bash + git tag -v TAG_NAME + ``` + +## License + +Package btcutil is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcutil/address.go b/vendor/github.com/btcsuite/btcutil/address.go new file mode 100644 index 0000000..8966de4 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/address.go @@ -0,0 +1,683 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "bytes" + "encoding/hex" + "errors" + "fmt" + "strings" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcutil/base58" + "github.com/btcsuite/btcutil/bech32" + "golang.org/x/crypto/ripemd160" +) + +// UnsupportedWitnessVerError describes an error where a segwit address being +// decoded has an unsupported witness version. +type UnsupportedWitnessVerError byte + +func (e UnsupportedWitnessVerError) Error() string { + return "unsupported witness version: " + string(e) +} + +// UnsupportedWitnessProgLenError describes an error where a segwit address +// being decoded has an unsupported witness program length. +type UnsupportedWitnessProgLenError int + +func (e UnsupportedWitnessProgLenError) Error() string { + return "unsupported witness program length: " + string(e) +} + +var ( + // ErrChecksumMismatch describes an error where decoding failed due + // to a bad checksum. + ErrChecksumMismatch = errors.New("checksum mismatch") + + // ErrUnknownAddressType describes an error where an address can not + // decoded as a specific address type due to the string encoding + // begining with an identifier byte unknown to any standard or + // registered (via chaincfg.Register) network. + ErrUnknownAddressType = errors.New("unknown address type") + + // ErrAddressCollision describes an error where an address can not + // be uniquely determined as either a pay-to-pubkey-hash or + // pay-to-script-hash address since the leading identifier is used for + // describing both address kinds, but for different networks. Rather + // than assuming or defaulting to one or the other, this error is + // returned and the caller must decide how to decode the address. + ErrAddressCollision = errors.New("address collision") +) + +// encodeAddress returns a human-readable payment address given a ripemd160 hash +// and netID which encodes the bitcoin network and address type. It is used +// in both pay-to-pubkey-hash (P2PKH) and pay-to-script-hash (P2SH) address +// encoding. +func encodeAddress(hash160 []byte, netID byte) string { + // Format is 1 byte for a network and address class (i.e. P2PKH vs + // P2SH), 20 bytes for a RIPEMD160 hash, and 4 bytes of checksum. + return base58.CheckEncode(hash160[:ripemd160.Size], netID) +} + +// encodeSegWitAddress creates a bech32 encoded address string representation +// from witness version and witness program. +func encodeSegWitAddress(hrp string, witnessVersion byte, witnessProgram []byte) (string, error) { + // Group the address bytes into 5 bit groups, as this is what is used to + // encode each character in the address string. + converted, err := bech32.ConvertBits(witnessProgram, 8, 5, true) + if err != nil { + return "", err + } + + // Concatenate the witness version and program, and encode the resulting + // bytes using bech32 encoding. + combined := make([]byte, len(converted)+1) + combined[0] = witnessVersion + copy(combined[1:], converted) + bech, err := bech32.Encode(hrp, combined) + if err != nil { + return "", err + } + + // Check validity by decoding the created address. + version, program, err := decodeSegWitAddress(bech) + if err != nil { + return "", fmt.Errorf("invalid segwit address: %v", err) + } + + if version != witnessVersion || !bytes.Equal(program, witnessProgram) { + return "", fmt.Errorf("invalid segwit address") + } + + return bech, nil +} + +// Address is an interface type for any type of destination a transaction +// output may spend to. This includes pay-to-pubkey (P2PK), pay-to-pubkey-hash +// (P2PKH), and pay-to-script-hash (P2SH). Address is designed to be generic +// enough that other kinds of addresses may be added in the future without +// changing the decoding and encoding API. +type Address interface { + // String returns the string encoding of the transaction output + // destination. + // + // Please note that String differs subtly from EncodeAddress: String + // will return the value as a string without any conversion, while + // EncodeAddress may convert destination types (for example, + // converting pubkeys to P2PKH addresses) before encoding as a + // payment address string. + String() string + + // EncodeAddress returns the string encoding of the payment address + // associated with the Address value. See the comment on String + // for how this method differs from String. + EncodeAddress() string + + // ScriptAddress returns the raw bytes of the address to be used + // when inserting the address into a txout's script. + ScriptAddress() []byte + + // IsForNet returns whether or not the address is associated with the + // passed bitcoin network. + IsForNet(*chaincfg.Params) bool +} + +// DecodeAddress decodes the string encoding of an address and returns +// the Address if addr is a valid encoding for a known address type. +// +// The bitcoin network the address is associated with is extracted if possible. +// When the address does not encode the network, such as in the case of a raw +// public key, the address will be associated with the passed defaultNet. +func DecodeAddress(addr string, defaultNet *chaincfg.Params) (Address, error) { + // Bech32 encoded segwit addresses start with a human-readable part + // (hrp) followed by '1'. For Bitcoin mainnet the hrp is "bc", and for + // testnet it is "tb". If the address string has a prefix that matches + // one of the prefixes for the known networks, we try to decode it as + // a segwit address. + oneIndex := strings.LastIndexByte(addr, '1') + if oneIndex > 1 { + prefix := addr[:oneIndex+1] + if chaincfg.IsBech32SegwitPrefix(prefix) { + witnessVer, witnessProg, err := decodeSegWitAddress(addr) + if err != nil { + return nil, err + } + + // We currently only support P2WPKH and P2WSH, which is + // witness version 0. + if witnessVer != 0 { + return nil, UnsupportedWitnessVerError(witnessVer) + } + + // The HRP is everything before the found '1'. + hrp := prefix[:len(prefix)-1] + + switch len(witnessProg) { + case 20: + return newAddressWitnessPubKeyHash(hrp, witnessProg) + case 32: + return newAddressWitnessScriptHash(hrp, witnessProg) + default: + return nil, UnsupportedWitnessProgLenError(len(witnessProg)) + } + } + } + + // Serialized public keys are either 65 bytes (130 hex chars) if + // uncompressed/hybrid or 33 bytes (66 hex chars) if compressed. + if len(addr) == 130 || len(addr) == 66 { + serializedPubKey, err := hex.DecodeString(addr) + if err != nil { + return nil, err + } + return NewAddressPubKey(serializedPubKey, defaultNet) + } + + // Switch on decoded length to determine the type. + decoded, netID, err := base58.CheckDecode(addr) + if err != nil { + if err == base58.ErrChecksum { + return nil, ErrChecksumMismatch + } + return nil, errors.New("decoded address is of unknown format") + } + switch len(decoded) { + case ripemd160.Size: // P2PKH or P2SH + isP2PKH := netID == defaultNet.PubKeyHashAddrID + isP2SH := netID == defaultNet.ScriptHashAddrID + switch hash160 := decoded; { + case isP2PKH && isP2SH: + return nil, ErrAddressCollision + case isP2PKH: + return newAddressPubKeyHash(hash160, netID) + case isP2SH: + return newAddressScriptHashFromHash(hash160, netID) + default: + return nil, ErrUnknownAddressType + } + + default: + return nil, errors.New("decoded address is of unknown size") + } +} + +// decodeSegWitAddress parses a bech32 encoded segwit address string and +// returns the witness version and witness program byte representation. +func decodeSegWitAddress(address string) (byte, []byte, error) { + // Decode the bech32 encoded address. + _, data, err := bech32.Decode(address) + if err != nil { + return 0, nil, err + } + + // The first byte of the decoded address is the witness version, it must + // exist. + if len(data) < 1 { + return 0, nil, fmt.Errorf("no witness version") + } + + // ...and be <= 16. + version := data[0] + if version > 16 { + return 0, nil, fmt.Errorf("invalid witness version: %v", version) + } + + // The remaining characters of the address returned are grouped into + // words of 5 bits. In order to restore the original witness program + // bytes, we'll need to regroup into 8 bit words. + regrouped, err := bech32.ConvertBits(data[1:], 5, 8, false) + if err != nil { + return 0, nil, err + } + + // The regrouped data must be between 2 and 40 bytes. + if len(regrouped) < 2 || len(regrouped) > 40 { + return 0, nil, fmt.Errorf("invalid data length") + } + + // For witness version 0, address MUST be exactly 20 or 32 bytes. + if version == 0 && len(regrouped) != 20 && len(regrouped) != 32 { + return 0, nil, fmt.Errorf("invalid data length for witness "+ + "version 0: %v", len(regrouped)) + } + + return version, regrouped, nil +} + +// AddressPubKeyHash is an Address for a pay-to-pubkey-hash (P2PKH) +// transaction. +type AddressPubKeyHash struct { + hash [ripemd160.Size]byte + netID byte +} + +// NewAddressPubKeyHash returns a new AddressPubKeyHash. pkHash mustbe 20 +// bytes. +func NewAddressPubKeyHash(pkHash []byte, net *chaincfg.Params) (*AddressPubKeyHash, error) { + return newAddressPubKeyHash(pkHash, net.PubKeyHashAddrID) +} + +// newAddressPubKeyHash is the internal API to create a pubkey hash address +// with a known leading identifier byte for a network, rather than looking +// it up through its parameters. This is useful when creating a new address +// structure from a string encoding where the identifer byte is already +// known. +func newAddressPubKeyHash(pkHash []byte, netID byte) (*AddressPubKeyHash, error) { + // Check for a valid pubkey hash length. + if len(pkHash) != ripemd160.Size { + return nil, errors.New("pkHash must be 20 bytes") + } + + addr := &AddressPubKeyHash{netID: netID} + copy(addr.hash[:], pkHash) + return addr, nil +} + +// EncodeAddress returns the string encoding of a pay-to-pubkey-hash +// address. Part of the Address interface. +func (a *AddressPubKeyHash) EncodeAddress() string { + return encodeAddress(a.hash[:], a.netID) +} + +// ScriptAddress returns the bytes to be included in a txout script to pay +// to a pubkey hash. Part of the Address interface. +func (a *AddressPubKeyHash) ScriptAddress() []byte { + return a.hash[:] +} + +// IsForNet returns whether or not the pay-to-pubkey-hash address is associated +// with the passed bitcoin network. +func (a *AddressPubKeyHash) IsForNet(net *chaincfg.Params) bool { + return a.netID == net.PubKeyHashAddrID +} + +// String returns a human-readable string for the pay-to-pubkey-hash address. +// This is equivalent to calling EncodeAddress, but is provided so the type can +// be used as a fmt.Stringer. +func (a *AddressPubKeyHash) String() string { + return a.EncodeAddress() +} + +// Hash160 returns the underlying array of the pubkey hash. This can be useful +// when an array is more appropiate than a slice (for example, when used as map +// keys). +func (a *AddressPubKeyHash) Hash160() *[ripemd160.Size]byte { + return &a.hash +} + +// AddressScriptHash is an Address for a pay-to-script-hash (P2SH) +// transaction. +type AddressScriptHash struct { + hash [ripemd160.Size]byte + netID byte +} + +// NewAddressScriptHash returns a new AddressScriptHash. +func NewAddressScriptHash(serializedScript []byte, net *chaincfg.Params) (*AddressScriptHash, error) { + scriptHash := Hash160(serializedScript) + return newAddressScriptHashFromHash(scriptHash, net.ScriptHashAddrID) +} + +// NewAddressScriptHashFromHash returns a new AddressScriptHash. scriptHash +// must be 20 bytes. +func NewAddressScriptHashFromHash(scriptHash []byte, net *chaincfg.Params) (*AddressScriptHash, error) { + return newAddressScriptHashFromHash(scriptHash, net.ScriptHashAddrID) +} + +// newAddressScriptHashFromHash is the internal API to create a script hash +// address with a known leading identifier byte for a network, rather than +// looking it up through its parameters. This is useful when creating a new +// address structure from a string encoding where the identifer byte is already +// known. +func newAddressScriptHashFromHash(scriptHash []byte, netID byte) (*AddressScriptHash, error) { + // Check for a valid script hash length. + if len(scriptHash) != ripemd160.Size { + return nil, errors.New("scriptHash must be 20 bytes") + } + + addr := &AddressScriptHash{netID: netID} + copy(addr.hash[:], scriptHash) + return addr, nil +} + +// EncodeAddress returns the string encoding of a pay-to-script-hash +// address. Part of the Address interface. +func (a *AddressScriptHash) EncodeAddress() string { + return encodeAddress(a.hash[:], a.netID) +} + +// ScriptAddress returns the bytes to be included in a txout script to pay +// to a script hash. Part of the Address interface. +func (a *AddressScriptHash) ScriptAddress() []byte { + return a.hash[:] +} + +// IsForNet returns whether or not the pay-to-script-hash address is associated +// with the passed bitcoin network. +func (a *AddressScriptHash) IsForNet(net *chaincfg.Params) bool { + return a.netID == net.ScriptHashAddrID +} + +// String returns a human-readable string for the pay-to-script-hash address. +// This is equivalent to calling EncodeAddress, but is provided so the type can +// be used as a fmt.Stringer. +func (a *AddressScriptHash) String() string { + return a.EncodeAddress() +} + +// Hash160 returns the underlying array of the script hash. This can be useful +// when an array is more appropiate than a slice (for example, when used as map +// keys). +func (a *AddressScriptHash) Hash160() *[ripemd160.Size]byte { + return &a.hash +} + +// PubKeyFormat describes what format to use for a pay-to-pubkey address. +type PubKeyFormat int + +const ( + // PKFUncompressed indicates the pay-to-pubkey address format is an + // uncompressed public key. + PKFUncompressed PubKeyFormat = iota + + // PKFCompressed indicates the pay-to-pubkey address format is a + // compressed public key. + PKFCompressed + + // PKFHybrid indicates the pay-to-pubkey address format is a hybrid + // public key. + PKFHybrid +) + +// AddressPubKey is an Address for a pay-to-pubkey transaction. +type AddressPubKey struct { + pubKeyFormat PubKeyFormat + pubKey *btcec.PublicKey + pubKeyHashID byte +} + +// NewAddressPubKey returns a new AddressPubKey which represents a pay-to-pubkey +// address. The serializedPubKey parameter must be a valid pubkey and can be +// uncompressed, compressed, or hybrid. +func NewAddressPubKey(serializedPubKey []byte, net *chaincfg.Params) (*AddressPubKey, error) { + pubKey, err := btcec.ParsePubKey(serializedPubKey, btcec.S256()) + if err != nil { + return nil, err + } + + // Set the format of the pubkey. This probably should be returned + // from btcec, but do it here to avoid API churn. We already know the + // pubkey is valid since it parsed above, so it's safe to simply examine + // the leading byte to get the format. + pkFormat := PKFUncompressed + switch serializedPubKey[0] { + case 0x02, 0x03: + pkFormat = PKFCompressed + case 0x06, 0x07: + pkFormat = PKFHybrid + } + + return &AddressPubKey{ + pubKeyFormat: pkFormat, + pubKey: pubKey, + pubKeyHashID: net.PubKeyHashAddrID, + }, nil +} + +// serialize returns the serialization of the public key according to the +// format associated with the address. +func (a *AddressPubKey) serialize() []byte { + switch a.pubKeyFormat { + default: + fallthrough + case PKFUncompressed: + return a.pubKey.SerializeUncompressed() + + case PKFCompressed: + return a.pubKey.SerializeCompressed() + + case PKFHybrid: + return a.pubKey.SerializeHybrid() + } +} + +// EncodeAddress returns the string encoding of the public key as a +// pay-to-pubkey-hash. Note that the public key format (uncompressed, +// compressed, etc) will change the resulting address. This is expected since +// pay-to-pubkey-hash is a hash of the serialized public key which obviously +// differs with the format. At the time of this writing, most Bitcoin addresses +// are pay-to-pubkey-hash constructed from the uncompressed public key. +// +// Part of the Address interface. +func (a *AddressPubKey) EncodeAddress() string { + return encodeAddress(Hash160(a.serialize()), a.pubKeyHashID) +} + +// ScriptAddress returns the bytes to be included in a txout script to pay +// to a public key. Setting the public key format will affect the output of +// this function accordingly. Part of the Address interface. +func (a *AddressPubKey) ScriptAddress() []byte { + return a.serialize() +} + +// IsForNet returns whether or not the pay-to-pubkey address is associated +// with the passed bitcoin network. +func (a *AddressPubKey) IsForNet(net *chaincfg.Params) bool { + return a.pubKeyHashID == net.PubKeyHashAddrID +} + +// String returns the hex-encoded human-readable string for the pay-to-pubkey +// address. This is not the same as calling EncodeAddress. +func (a *AddressPubKey) String() string { + return hex.EncodeToString(a.serialize()) +} + +// Format returns the format (uncompressed, compressed, etc) of the +// pay-to-pubkey address. +func (a *AddressPubKey) Format() PubKeyFormat { + return a.pubKeyFormat +} + +// SetFormat sets the format (uncompressed, compressed, etc) of the +// pay-to-pubkey address. +func (a *AddressPubKey) SetFormat(pkFormat PubKeyFormat) { + a.pubKeyFormat = pkFormat +} + +// AddressPubKeyHash returns the pay-to-pubkey address converted to a +// pay-to-pubkey-hash address. Note that the public key format (uncompressed, +// compressed, etc) will change the resulting address. This is expected since +// pay-to-pubkey-hash is a hash of the serialized public key which obviously +// differs with the format. At the time of this writing, most Bitcoin addresses +// are pay-to-pubkey-hash constructed from the uncompressed public key. +func (a *AddressPubKey) AddressPubKeyHash() *AddressPubKeyHash { + addr := &AddressPubKeyHash{netID: a.pubKeyHashID} + copy(addr.hash[:], Hash160(a.serialize())) + return addr +} + +// PubKey returns the underlying public key for the address. +func (a *AddressPubKey) PubKey() *btcec.PublicKey { + return a.pubKey +} + +// AddressWitnessPubKeyHash is an Address for a pay-to-witness-pubkey-hash +// (P2WPKH) output. See BIP 173 for further details regarding native segregated +// witness address encoding: +// https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki +type AddressWitnessPubKeyHash struct { + hrp string + witnessVersion byte + witnessProgram [20]byte +} + +// NewAddressWitnessPubKeyHash returns a new AddressWitnessPubKeyHash. +func NewAddressWitnessPubKeyHash(witnessProg []byte, net *chaincfg.Params) (*AddressWitnessPubKeyHash, error) { + return newAddressWitnessPubKeyHash(net.Bech32HRPSegwit, witnessProg) +} + +// newAddressWitnessPubKeyHash is an internal helper function to create an +// AddressWitnessPubKeyHash with a known human-readable part, rather than +// looking it up through its parameters. +func newAddressWitnessPubKeyHash(hrp string, witnessProg []byte) (*AddressWitnessPubKeyHash, error) { + // Check for valid program length for witness version 0, which is 20 + // for P2WPKH. + if len(witnessProg) != 20 { + return nil, errors.New("witness program must be 20 " + + "bytes for p2wpkh") + } + + addr := &AddressWitnessPubKeyHash{ + hrp: strings.ToLower(hrp), + witnessVersion: 0x00, + } + + copy(addr.witnessProgram[:], witnessProg) + + return addr, nil +} + +// EncodeAddress returns the bech32 string encoding of an +// AddressWitnessPubKeyHash. +// Part of the Address interface. +func (a *AddressWitnessPubKeyHash) EncodeAddress() string { + str, err := encodeSegWitAddress(a.hrp, a.witnessVersion, + a.witnessProgram[:]) + if err != nil { + return "" + } + return str +} + +// ScriptAddress returns the witness program for this address. +// Part of the Address interface. +func (a *AddressWitnessPubKeyHash) ScriptAddress() []byte { + return a.witnessProgram[:] +} + +// IsForNet returns whether or not the AddressWitnessPubKeyHash is associated +// with the passed bitcoin network. +// Part of the Address interface. +func (a *AddressWitnessPubKeyHash) IsForNet(net *chaincfg.Params) bool { + return a.hrp == net.Bech32HRPSegwit +} + +// String returns a human-readable string for the AddressWitnessPubKeyHash. +// This is equivalent to calling EncodeAddress, but is provided so the type +// can be used as a fmt.Stringer. +// Part of the Address interface. +func (a *AddressWitnessPubKeyHash) String() string { + return a.EncodeAddress() +} + +// Hrp returns the human-readable part of the bech32 encoded +// AddressWitnessPubKeyHash. +func (a *AddressWitnessPubKeyHash) Hrp() string { + return a.hrp +} + +// WitnessVersion returns the witness version of the AddressWitnessPubKeyHash. +func (a *AddressWitnessPubKeyHash) WitnessVersion() byte { + return a.witnessVersion +} + +// WitnessProgram returns the witness program of the AddressWitnessPubKeyHash. +func (a *AddressWitnessPubKeyHash) WitnessProgram() []byte { + return a.witnessProgram[:] +} + +// Hash160 returns the witness program of the AddressWitnessPubKeyHash as a +// byte array. +func (a *AddressWitnessPubKeyHash) Hash160() *[20]byte { + return &a.witnessProgram +} + +// AddressWitnessScriptHash is an Address for a pay-to-witness-script-hash +// (P2WSH) output. See BIP 173 for further details regarding native segregated +// witness address encoding: +// https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki +type AddressWitnessScriptHash struct { + hrp string + witnessVersion byte + witnessProgram [32]byte +} + +// NewAddressWitnessScriptHash returns a new AddressWitnessPubKeyHash. +func NewAddressWitnessScriptHash(witnessProg []byte, net *chaincfg.Params) (*AddressWitnessScriptHash, error) { + return newAddressWitnessScriptHash(net.Bech32HRPSegwit, witnessProg) +} + +// newAddressWitnessScriptHash is an internal helper function to create an +// AddressWitnessScriptHash with a known human-readable part, rather than +// looking it up through its parameters. +func newAddressWitnessScriptHash(hrp string, witnessProg []byte) (*AddressWitnessScriptHash, error) { + // Check for valid program length for witness version 0, which is 32 + // for P2WSH. + if len(witnessProg) != 32 { + return nil, errors.New("witness program must be 32 " + + "bytes for p2wsh") + } + + addr := &AddressWitnessScriptHash{ + hrp: strings.ToLower(hrp), + witnessVersion: 0x00, + } + + copy(addr.witnessProgram[:], witnessProg) + + return addr, nil +} + +// EncodeAddress returns the bech32 string encoding of an +// AddressWitnessScriptHash. +// Part of the Address interface. +func (a *AddressWitnessScriptHash) EncodeAddress() string { + str, err := encodeSegWitAddress(a.hrp, a.witnessVersion, + a.witnessProgram[:]) + if err != nil { + return "" + } + return str +} + +// ScriptAddress returns the witness program for this address. +// Part of the Address interface. +func (a *AddressWitnessScriptHash) ScriptAddress() []byte { + return a.witnessProgram[:] +} + +// IsForNet returns whether or not the AddressWitnessScriptHash is associated +// with the passed bitcoin network. +// Part of the Address interface. +func (a *AddressWitnessScriptHash) IsForNet(net *chaincfg.Params) bool { + return a.hrp == net.Bech32HRPSegwit +} + +// String returns a human-readable string for the AddressWitnessScriptHash. +// This is equivalent to calling EncodeAddress, but is provided so the type +// can be used as a fmt.Stringer. +// Part of the Address interface. +func (a *AddressWitnessScriptHash) String() string { + return a.EncodeAddress() +} + +// Hrp returns the human-readable part of the bech32 encoded +// AddressWitnessScriptHash. +func (a *AddressWitnessScriptHash) Hrp() string { + return a.hrp +} + +// WitnessVersion returns the witness version of the AddressWitnessScriptHash. +func (a *AddressWitnessScriptHash) WitnessVersion() byte { + return a.witnessVersion +} + +// WitnessProgram returns the witness program of the AddressWitnessScriptHash. +func (a *AddressWitnessScriptHash) WitnessProgram() []byte { + return a.witnessProgram[:] +} diff --git a/vendor/github.com/btcsuite/btcutil/amount.go b/vendor/github.com/btcsuite/btcutil/amount.go new file mode 100644 index 0000000..e2f057e --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/amount.go @@ -0,0 +1,122 @@ +// Copyright (c) 2013, 2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "errors" + "math" + "strconv" +) + +// AmountUnit describes a method of converting an Amount to something +// other than the base unit of a bitcoin. The value of the AmountUnit +// is the exponent component of the decadic multiple to convert from +// an amount in bitcoin to an amount counted in units. +type AmountUnit int + +// These constants define various units used when describing a bitcoin +// monetary amount. +const ( + AmountMegaBTC AmountUnit = 6 + AmountKiloBTC AmountUnit = 3 + AmountBTC AmountUnit = 0 + AmountMilliBTC AmountUnit = -3 + AmountMicroBTC AmountUnit = -6 + AmountSatoshi AmountUnit = -8 +) + +// String returns the unit as a string. For recognized units, the SI +// prefix is used, or "Satoshi" for the base unit. For all unrecognized +// units, "1eN BTC" is returned, where N is the AmountUnit. +func (u AmountUnit) String() string { + switch u { + case AmountMegaBTC: + return "MBTC" + case AmountKiloBTC: + return "kBTC" + case AmountBTC: + return "BTC" + case AmountMilliBTC: + return "mBTC" + case AmountMicroBTC: + return "μBTC" + case AmountSatoshi: + return "Satoshi" + default: + return "1e" + strconv.FormatInt(int64(u), 10) + " BTC" + } +} + +// Amount represents the base bitcoin monetary unit (colloquially referred +// to as a `Satoshi'). A single Amount is equal to 1e-8 of a bitcoin. +type Amount int64 + +// round converts a floating point number, which may or may not be representable +// as an integer, to the Amount integer type by rounding to the nearest integer. +// This is performed by adding or subtracting 0.5 depending on the sign, and +// relying on integer truncation to round the value to the nearest Amount. +func round(f float64) Amount { + if f < 0 { + return Amount(f - 0.5) + } + return Amount(f + 0.5) +} + +// NewAmount creates an Amount from a floating point value representing +// some value in bitcoin. NewAmount errors if f is NaN or +-Infinity, but +// does not check that the amount is within the total amount of bitcoin +// producible as f may not refer to an amount at a single moment in time. +// +// NewAmount is for specifically for converting BTC to Satoshi. +// For creating a new Amount with an int64 value which denotes a quantity of Satoshi, +// do a simple type conversion from type int64 to Amount. +// See GoDoc for example: http://godoc.org/github.com/btcsuite/btcutil#example-Amount +func NewAmount(f float64) (Amount, error) { + // The amount is only considered invalid if it cannot be represented + // as an integer type. This may happen if f is NaN or +-Infinity. + switch { + case math.IsNaN(f): + fallthrough + case math.IsInf(f, 1): + fallthrough + case math.IsInf(f, -1): + return 0, errors.New("invalid bitcoin amount") + } + + return round(f * SatoshiPerBitcoin), nil +} + +// ToUnit converts a monetary amount counted in bitcoin base units to a +// floating point value representing an amount of bitcoin. +func (a Amount) ToUnit(u AmountUnit) float64 { + return float64(a) / math.Pow10(int(u+8)) +} + +// ToBTC is the equivalent of calling ToUnit with AmountBTC. +func (a Amount) ToBTC() float64 { + return a.ToUnit(AmountBTC) +} + +// Format formats a monetary amount counted in bitcoin base units as a +// string for a given unit. The conversion will succeed for any unit, +// however, known units will be formated with an appended label describing +// the units with SI notation, or "Satoshi" for the base unit. +func (a Amount) Format(u AmountUnit) string { + units := " " + u.String() + return strconv.FormatFloat(a.ToUnit(u), 'f', -int(u+8), 64) + units +} + +// String is the equivalent of calling Format with AmountBTC. +func (a Amount) String() string { + return a.Format(AmountBTC) +} + +// MulF64 multiplies an Amount by a floating point value. While this is not +// an operation that must typically be done by a full node or wallet, it is +// useful for services that build on top of bitcoin (for example, calculating +// a fee by multiplying by a percentage). +func (a Amount) MulF64(f float64) Amount { + return round(float64(a) * f) +} diff --git a/vendor/github.com/btcsuite/btcutil/appdata.go b/vendor/github.com/btcsuite/btcutil/appdata.go new file mode 100644 index 0000000..e36cf7c --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/appdata.go @@ -0,0 +1,105 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "os" + "os/user" + "path/filepath" + "runtime" + "strings" + "unicode" +) + +// appDataDir returns an operating system specific directory to be used for +// storing application data for an application. See AppDataDir for more +// details. This unexported version takes an operating system argument +// primarily to enable the testing package to properly test the function by +// forcing an operating system that is not the currently one. +func appDataDir(goos, appName string, roaming bool) string { + if appName == "" || appName == "." { + return "." + } + + // The caller really shouldn't prepend the appName with a period, but + // if they do, handle it gracefully by trimming it. + appName = strings.TrimPrefix(appName, ".") + appNameUpper := string(unicode.ToUpper(rune(appName[0]))) + appName[1:] + appNameLower := string(unicode.ToLower(rune(appName[0]))) + appName[1:] + + // Get the OS specific home directory via the Go standard lib. + var homeDir string + usr, err := user.Current() + if err == nil { + homeDir = usr.HomeDir + } + + // Fall back to standard HOME environment variable that works + // for most POSIX OSes if the directory from the Go standard + // lib failed. + if err != nil || homeDir == "" { + homeDir = os.Getenv("HOME") + } + + switch goos { + // Attempt to use the LOCALAPPDATA or APPDATA environment variable on + // Windows. + case "windows": + // Windows XP and before didn't have a LOCALAPPDATA, so fallback + // to regular APPDATA when LOCALAPPDATA is not set. + appData := os.Getenv("LOCALAPPDATA") + if roaming || appData == "" { + appData = os.Getenv("APPDATA") + } + + if appData != "" { + return filepath.Join(appData, appNameUpper) + } + + case "darwin": + if homeDir != "" { + return filepath.Join(homeDir, "Library", + "Application Support", appNameUpper) + } + + case "plan9": + if homeDir != "" { + return filepath.Join(homeDir, appNameLower) + } + + default: + if homeDir != "" { + return filepath.Join(homeDir, "."+appNameLower) + } + } + + // Fall back to the current directory if all else fails. + return "." +} + +// AppDataDir returns an operating system specific directory to be used for +// storing application data for an application. +// +// The appName parameter is the name of the application the data directory is +// being requested for. This function will prepend a period to the appName for +// POSIX style operating systems since that is standard practice. An empty +// appName or one with a single dot is treated as requesting the current +// directory so only "." will be returned. Further, the first character +// of appName will be made lowercase for POSIX style operating systems and +// uppercase for Mac and Windows since that is standard practice. +// +// The roaming parameter only applies to Windows where it specifies the roaming +// application data profile (%APPDATA%) should be used instead of the local one +// (%LOCALAPPDATA%) that is used by default. +// +// Example results: +// dir := AppDataDir("myapp", false) +// POSIX (Linux/BSD): ~/.myapp +// Mac OS: $HOME/Library/Application Support/Myapp +// Windows: %LOCALAPPDATA%\Myapp +// Plan 9: $home/myapp +func AppDataDir(appName string, roaming bool) string { + return appDataDir(runtime.GOOS, appName, roaming) +} diff --git a/vendor/github.com/btcsuite/btcutil/base58/README.md b/vendor/github.com/btcsuite/btcutil/base58/README.md new file mode 100644 index 0000000..98dfb1d --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/README.md @@ -0,0 +1,34 @@ +base58 +========== + +[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)](https://travis-ci.org/btcsuite/btcutil) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcutil/base58) + +Package base58 provides an API for encoding and decoding to and from the +modified base58 encoding. It also provides an API to do Base58Check encoding, +as described [here](https://en.bitcoin.it/wiki/Base58Check_encoding). + +A comprehensive suite of tests is provided to ensure proper functionality. + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcutil/base58 +``` + +## Examples + +* [Decode Example](http://godoc.org/github.com/btcsuite/btcutil/base58#example-Decode) + Demonstrates how to decode modified base58 encoded data. +* [Encode Example](http://godoc.org/github.com/btcsuite/btcutil/base58#example-Encode) + Demonstrates how to encode data using the modified base58 encoding scheme. +* [CheckDecode Example](http://godoc.org/github.com/btcsuite/btcutil/base58#example-CheckDecode) + Demonstrates how to decode Base58Check encoded data. +* [CheckEncode Example](http://godoc.org/github.com/btcsuite/btcutil/base58#example-CheckEncode) + Demonstrates how to encode data using the Base58Check encoding scheme. + +## License + +Package base58 is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcutil/base58/alphabet.go b/vendor/github.com/btcsuite/btcutil/base58/alphabet.go new file mode 100644 index 0000000..6bb39fe --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/alphabet.go @@ -0,0 +1,49 @@ +// Copyright (c) 2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +// AUTOGENERATED by genalphabet.go; do not edit. + +package base58 + +const ( + // alphabet is the modified base58 alphabet used by Bitcoin. + alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" + + alphabetIdx0 = '1' +) + +var b58 = [256]byte{ + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 0, 1, 2, 3, 4, 5, 6, + 7, 8, 255, 255, 255, 255, 255, 255, + 255, 9, 10, 11, 12, 13, 14, 15, + 16, 255, 17, 18, 19, 20, 21, 255, + 22, 23, 24, 25, 26, 27, 28, 29, + 30, 31, 32, 255, 255, 255, 255, 255, + 255, 33, 34, 35, 36, 37, 38, 39, + 40, 41, 42, 43, 255, 44, 45, 46, + 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, +} diff --git a/vendor/github.com/btcsuite/btcutil/base58/base58.go b/vendor/github.com/btcsuite/btcutil/base58/base58.go new file mode 100644 index 0000000..19a72de --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/base58.go @@ -0,0 +1,75 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package base58 + +import ( + "math/big" +) + +//go:generate go run genalphabet.go + +var bigRadix = big.NewInt(58) +var bigZero = big.NewInt(0) + +// Decode decodes a modified base58 string to a byte slice. +func Decode(b string) []byte { + answer := big.NewInt(0) + j := big.NewInt(1) + + scratch := new(big.Int) + for i := len(b) - 1; i >= 0; i-- { + tmp := b58[b[i]] + if tmp == 255 { + return []byte("") + } + scratch.SetInt64(int64(tmp)) + scratch.Mul(j, scratch) + answer.Add(answer, scratch) + j.Mul(j, bigRadix) + } + + tmpval := answer.Bytes() + + var numZeros int + for numZeros = 0; numZeros < len(b); numZeros++ { + if b[numZeros] != alphabetIdx0 { + break + } + } + flen := numZeros + len(tmpval) + val := make([]byte, flen) + copy(val[numZeros:], tmpval) + + return val +} + +// Encode encodes a byte slice to a modified base58 string. +func Encode(b []byte) string { + x := new(big.Int) + x.SetBytes(b) + + answer := make([]byte, 0, len(b)*136/100) + for x.Cmp(bigZero) > 0 { + mod := new(big.Int) + x.DivMod(x, bigRadix, mod) + answer = append(answer, alphabet[mod.Int64()]) + } + + // leading zero bytes + for _, i := range b { + if i != 0 { + break + } + answer = append(answer, alphabetIdx0) + } + + // reverse + alen := len(answer) + for i := 0; i < alen/2; i++ { + answer[i], answer[alen-1-i] = answer[alen-1-i], answer[i] + } + + return string(answer) +} diff --git a/vendor/github.com/btcsuite/btcutil/base58/base58check.go b/vendor/github.com/btcsuite/btcutil/base58/base58check.go new file mode 100644 index 0000000..7cdafee --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/base58check.go @@ -0,0 +1,52 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package base58 + +import ( + "crypto/sha256" + "errors" +) + +// ErrChecksum indicates that the checksum of a check-encoded string does not verify against +// the checksum. +var ErrChecksum = errors.New("checksum error") + +// ErrInvalidFormat indicates that the check-encoded string has an invalid format. +var ErrInvalidFormat = errors.New("invalid format: version and/or checksum bytes missing") + +// checksum: first four bytes of sha256^2 +func checksum(input []byte) (cksum [4]byte) { + h := sha256.Sum256(input) + h2 := sha256.Sum256(h[:]) + copy(cksum[:], h2[:4]) + return +} + +// CheckEncode prepends a version byte and appends a four byte checksum. +func CheckEncode(input []byte, version byte) string { + b := make([]byte, 0, 1+len(input)+4) + b = append(b, version) + b = append(b, input[:]...) + cksum := checksum(b) + b = append(b, cksum[:]...) + return Encode(b) +} + +// CheckDecode decodes a string that was encoded with CheckEncode and verifies the checksum. +func CheckDecode(input string) (result []byte, version byte, err error) { + decoded := Decode(input) + if len(decoded) < 5 { + return nil, 0, ErrInvalidFormat + } + version = decoded[0] + var cksum [4]byte + copy(cksum[:], decoded[len(decoded)-4:]) + if checksum(decoded[:len(decoded)-4]) != cksum { + return nil, 0, ErrChecksum + } + payload := decoded[1 : len(decoded)-4] + result = append(result, payload...) + return +} diff --git a/vendor/github.com/btcsuite/btcutil/base58/cov_report.sh b/vendor/github.com/btcsuite/btcutil/base58/cov_report.sh new file mode 100644 index 0000000..307f05b --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/cov_report.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# This script uses gocov to generate a test coverage report. +# The gocov tool my be obtained with the following command: +# go get github.com/axw/gocov/gocov +# +# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH. + +# Check for gocov. +type gocov >/dev/null 2>&1 +if [ $? -ne 0 ]; then + echo >&2 "This script requires the gocov tool." + echo >&2 "You may obtain it with the following command:" + echo >&2 "go get github.com/axw/gocov/gocov" + exit 1 +fi +gocov test | gocov report diff --git a/vendor/github.com/btcsuite/btcutil/base58/doc.go b/vendor/github.com/btcsuite/btcutil/base58/doc.go new file mode 100644 index 0000000..9a2c0e6 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/doc.go @@ -0,0 +1,29 @@ +// Copyright (c) 2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package base58 provides an API for working with modified base58 and Base58Check +encodings. + +Modified Base58 Encoding + +Standard base58 encoding is similar to standard base64 encoding except, as the +name implies, it uses a 58 character alphabet which results in an alphanumeric +string and allows some characters which are problematic for humans to be +excluded. Due to this, there can be various base58 alphabets. + +The modified base58 alphabet used by Bitcoin, and hence this package, omits the +0, O, I, and l characters that look the same in many fonts and are therefore +hard to humans to distinguish. + +Base58Check Encoding Scheme + +The Base58Check encoding scheme is primarily used for Bitcoin addresses at the +time of this writing, however it can be used to generically encode arbitrary +byte arrays into human-readable strings along with a version byte that can be +used to differentiate the same payload. For Bitcoin addresses, the extra +version is used to differentiate the network of otherwise identical public keys +which helps prevent using an address intended for one network on another. +*/ +package base58 diff --git a/vendor/github.com/btcsuite/btcutil/base58/genalphabet.go b/vendor/github.com/btcsuite/btcutil/base58/genalphabet.go new file mode 100644 index 0000000..010cbee --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/base58/genalphabet.go @@ -0,0 +1,79 @@ +// Copyright (c) 2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +//+build ignore + +package main + +import ( + "bytes" + "io" + "log" + "os" + "strconv" +) + +var ( + start = []byte(`// Copyright (c) 2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +// AUTOGENERATED by genalphabet.go; do not edit. + +package base58 + +const ( + // alphabet is the modified base58 alphabet used by Bitcoin. + alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" + + alphabetIdx0 = '1' +) + +var b58 = [256]byte{`) + + end = []byte(`}`) + + alphabet = []byte("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz") + tab = []byte("\t") + invalid = []byte("255") + comma = []byte(",") + space = []byte(" ") + nl = []byte("\n") +) + +func write(w io.Writer, b []byte) { + _, err := w.Write(b) + if err != nil { + log.Fatal(err) + } +} + +func main() { + fi, err := os.Create("alphabet.go") + if err != nil { + log.Fatal(err) + } + defer fi.Close() + + write(fi, start) + write(fi, nl) + for i := byte(0); i < 32; i++ { + write(fi, tab) + for j := byte(0); j < 8; j++ { + idx := bytes.IndexByte(alphabet, i*8+j) + if idx == -1 { + write(fi, invalid) + } else { + write(fi, strconv.AppendInt(nil, int64(idx), 10)) + } + write(fi, comma) + if j != 7 { + write(fi, space) + } + } + write(fi, nl) + } + write(fi, end) + write(fi, nl) +} diff --git a/vendor/github.com/btcsuite/btcutil/bech32/README.md b/vendor/github.com/btcsuite/btcutil/bech32/README.md new file mode 100644 index 0000000..e6fa43f --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/bech32/README.md @@ -0,0 +1,29 @@ +bech32 +========== + +[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)](https://travis-ci.org/btcsuite/btcutil) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](https://godoc.org/github.com/btcsuite/btcutil/bech32?status.png)](http://godoc.org/github.com/btcsuite/btcutil/bech32) + +Package bech32 provides a Go implementation of the bech32 format specified in +[BIP 173](https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki). + +Test vectors from BIP 173 are added to ensure compatibility with the BIP. + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcutil/bech32 +``` + +## Examples + +* [Bech32 decode Example](http://godoc.org/github.com/btcsuite/btcutil/bech32#example-Bech32Decode) + Demonstrates how to decode a bech32 encoded string. +* [Bech32 encode Example](http://godoc.org/github.com/btcsuite/btcutil/bech32#example-BechEncode) + Demonstrates how to encode data into a bech32 string. + +## License + +Package bech32 is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcutil/bech32/bech32.go b/vendor/github.com/btcsuite/btcutil/bech32/bech32.go new file mode 100644 index 0000000..8bda0a1 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/bech32/bech32.go @@ -0,0 +1,252 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package bech32 + +import ( + "fmt" + "strings" +) + +const charset = "qpzry9x8gf2tvdw0s3jn54khce6mua7l" + +var gen = []int{0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3} + +// Decode decodes a bech32 encoded string, returning the human-readable +// part and the data part excluding the checksum. +func Decode(bech string) (string, []byte, error) { + // The maximum allowed length for a bech32 string is 90. It must also + // be at least 8 characters, since it needs a non-empty HRP, a + // separator, and a 6 character checksum. + if len(bech) < 8 || len(bech) > 90 { + return "", nil, fmt.Errorf("invalid bech32 string length %d", + len(bech)) + } + // Only ASCII characters between 33 and 126 are allowed. + for i := 0; i < len(bech); i++ { + if bech[i] < 33 || bech[i] > 126 { + return "", nil, fmt.Errorf("invalid character in "+ + "string: '%c'", bech[i]) + } + } + + // The characters must be either all lowercase or all uppercase. + lower := strings.ToLower(bech) + upper := strings.ToUpper(bech) + if bech != lower && bech != upper { + return "", nil, fmt.Errorf("string not all lowercase or all " + + "uppercase") + } + + // We'll work with the lowercase string from now on. + bech = lower + + // The string is invalid if the last '1' is non-existent, it is the + // first character of the string (no human-readable part) or one of the + // last 6 characters of the string (since checksum cannot contain '1'), + // or if the string is more than 90 characters in total. + one := strings.LastIndexByte(bech, '1') + if one < 1 || one+7 > len(bech) { + return "", nil, fmt.Errorf("invalid index of 1") + } + + // The human-readable part is everything before the last '1'. + hrp := bech[:one] + data := bech[one+1:] + + // Each character corresponds to the byte with value of the index in + // 'charset'. + decoded, err := toBytes(data) + if err != nil { + return "", nil, fmt.Errorf("failed converting data to bytes: "+ + "%v", err) + } + + if !bech32VerifyChecksum(hrp, decoded) { + moreInfo := "" + checksum := bech[len(bech)-6:] + expected, err := toChars(bech32Checksum(hrp, + decoded[:len(decoded)-6])) + if err == nil { + moreInfo = fmt.Sprintf("Expected %v, got %v.", + expected, checksum) + } + return "", nil, fmt.Errorf("checksum failed. " + moreInfo) + } + + // We exclude the last 6 bytes, which is the checksum. + return hrp, decoded[:len(decoded)-6], nil +} + +// Encode encodes a byte slice into a bech32 string with the +// human-readable part hrb. Note that the bytes must each encode 5 bits +// (base32). +func Encode(hrp string, data []byte) (string, error) { + // Calculate the checksum of the data and append it at the end. + checksum := bech32Checksum(hrp, data) + combined := append(data, checksum...) + + // The resulting bech32 string is the concatenation of the hrp, the + // separator 1, data and checksum. Everything after the separator is + // represented using the specified charset. + dataChars, err := toChars(combined) + if err != nil { + return "", fmt.Errorf("unable to convert data bytes to chars: "+ + "%v", err) + } + return hrp + "1" + dataChars, nil +} + +// toBytes converts each character in the string 'chars' to the value of the +// index of the correspoding character in 'charset'. +func toBytes(chars string) ([]byte, error) { + decoded := make([]byte, 0, len(chars)) + for i := 0; i < len(chars); i++ { + index := strings.IndexByte(charset, chars[i]) + if index < 0 { + return nil, fmt.Errorf("invalid character not part of "+ + "charset: %v", chars[i]) + } + decoded = append(decoded, byte(index)) + } + return decoded, nil +} + +// toChars converts the byte slice 'data' to a string where each byte in 'data' +// encodes the index of a character in 'charset'. +func toChars(data []byte) (string, error) { + result := make([]byte, 0, len(data)) + for _, b := range data { + if int(b) >= len(charset) { + return "", fmt.Errorf("invalid data byte: %v", b) + } + result = append(result, charset[b]) + } + return string(result), nil +} + +// ConvertBits converts a byte slice where each byte is encoding fromBits bits, +// to a byte slice where each byte is encoding toBits bits. +func ConvertBits(data []byte, fromBits, toBits uint8, pad bool) ([]byte, error) { + if fromBits < 1 || fromBits > 8 || toBits < 1 || toBits > 8 { + return nil, fmt.Errorf("only bit groups between 1 and 8 allowed") + } + + // The final bytes, each byte encoding toBits bits. + var regrouped []byte + + // Keep track of the next byte we create and how many bits we have + // added to it out of the toBits goal. + nextByte := byte(0) + filledBits := uint8(0) + + for _, b := range data { + + // Discard unused bits. + b = b << (8 - fromBits) + + // How many bits remaining to extract from the input data. + remFromBits := fromBits + for remFromBits > 0 { + // How many bits remaining to be added to the next byte. + remToBits := toBits - filledBits + + // The number of bytes to next extract is the minimum of + // remFromBits and remToBits. + toExtract := remFromBits + if remToBits < toExtract { + toExtract = remToBits + } + + // Add the next bits to nextByte, shifting the already + // added bits to the left. + nextByte = (nextByte << toExtract) | (b >> (8 - toExtract)) + + // Discard the bits we just extracted and get ready for + // next iteration. + b = b << toExtract + remFromBits -= toExtract + filledBits += toExtract + + // If the nextByte is completely filled, we add it to + // our regrouped bytes and start on the next byte. + if filledBits == toBits { + regrouped = append(regrouped, nextByte) + filledBits = 0 + nextByte = 0 + } + } + } + + // We pad any unfinished group if specified. + if pad && filledBits > 0 { + nextByte = nextByte << (toBits - filledBits) + regrouped = append(regrouped, nextByte) + filledBits = 0 + nextByte = 0 + } + + // Any incomplete group must be <= 4 bits, and all zeroes. + if filledBits > 0 && (filledBits > 4 || nextByte != 0) { + return nil, fmt.Errorf("invalid incomplete group") + } + + return regrouped, nil +} + +// For more details on the checksum calculation, please refer to BIP 173. +func bech32Checksum(hrp string, data []byte) []byte { + // Convert the bytes to list of integers, as this is needed for the + // checksum calculation. + integers := make([]int, len(data)) + for i, b := range data { + integers[i] = int(b) + } + values := append(bech32HrpExpand(hrp), integers...) + values = append(values, []int{0, 0, 0, 0, 0, 0}...) + polymod := bech32Polymod(values) ^ 1 + var res []byte + for i := 0; i < 6; i++ { + res = append(res, byte((polymod>>uint(5*(5-i)))&31)) + } + return res +} + +// For more details on the polymod calculation, please refer to BIP 173. +func bech32Polymod(values []int) int { + chk := 1 + for _, v := range values { + b := chk >> 25 + chk = (chk&0x1ffffff)<<5 ^ v + for i := 0; i < 5; i++ { + if (b>>uint(i))&1 == 1 { + chk ^= gen[i] + } + } + } + return chk +} + +// For more details on HRP expansion, please refer to BIP 173. +func bech32HrpExpand(hrp string) []int { + v := make([]int, 0, len(hrp)*2+1) + for i := 0; i < len(hrp); i++ { + v = append(v, int(hrp[i]>>5)) + } + v = append(v, 0) + for i := 0; i < len(hrp); i++ { + v = append(v, int(hrp[i]&31)) + } + return v +} + +// For more details on the checksum verification, please refer to BIP 173. +func bech32VerifyChecksum(hrp string, data []byte) bool { + integers := make([]int, len(data)) + for i, b := range data { + integers[i] = int(b) + } + concat := append(bech32HrpExpand(hrp), integers...) + return bech32Polymod(concat) == 1 +} diff --git a/vendor/github.com/btcsuite/btcutil/bech32/doc.go b/vendor/github.com/btcsuite/btcutil/bech32/doc.go new file mode 100644 index 0000000..2d64fbe --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/bech32/doc.go @@ -0,0 +1,15 @@ +// Copyright (c) 2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package bech32 provides a Go implementation of the bech32 format specified in +BIP 173. + +Bech32 strings consist of a human-readable part (hrp), followed by the +separator 1, then a checksummed data part encoded using the 32 characters +"qpzry9x8gf2tvdw0s3jn54khce6mua7l". + +More info: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki +*/ +package bech32 diff --git a/vendor/github.com/btcsuite/btcutil/block.go b/vendor/github.com/btcsuite/btcutil/block.go new file mode 100644 index 0000000..2749353 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/block.go @@ -0,0 +1,265 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "bytes" + "fmt" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// OutOfRangeError describes an error due to accessing an element that is out +// of range. +type OutOfRangeError string + +// BlockHeightUnknown is the value returned for a block height that is unknown. +// This is typically because the block has not been inserted into the main chain +// yet. +const BlockHeightUnknown = int32(-1) + +// Error satisfies the error interface and prints human-readable errors. +func (e OutOfRangeError) Error() string { + return string(e) +} + +// Block defines a bitcoin block that provides easier and more efficient +// manipulation of raw blocks. It also memoizes hashes for the block and its +// transactions on their first access so subsequent accesses don't have to +// repeat the relatively expensive hashing operations. +type Block struct { + msgBlock *wire.MsgBlock // Underlying MsgBlock + serializedBlock []byte // Serialized bytes for the block + serializedBlockNoWitness []byte // Serialized bytes for block w/o witness data + blockHash *chainhash.Hash // Cached block hash + blockHeight int32 // Height in the main block chain + transactions []*Tx // Transactions + txnsGenerated bool // ALL wrapped transactions generated +} + +// MsgBlock returns the underlying wire.MsgBlock for the Block. +func (b *Block) MsgBlock() *wire.MsgBlock { + // Return the cached block. + return b.msgBlock +} + +// Bytes returns the serialized bytes for the Block. This is equivalent to +// calling Serialize on the underlying wire.MsgBlock, however it caches the +// result so subsequent calls are more efficient. +func (b *Block) Bytes() ([]byte, error) { + // Return the cached serialized bytes if it has already been generated. + if len(b.serializedBlock) != 0 { + return b.serializedBlock, nil + } + + // Serialize the MsgBlock. + w := bytes.NewBuffer(make([]byte, 0, b.msgBlock.SerializeSize())) + err := b.msgBlock.Serialize(w) + if err != nil { + return nil, err + } + serializedBlock := w.Bytes() + + // Cache the serialized bytes and return them. + b.serializedBlock = serializedBlock + return serializedBlock, nil +} + +// BytesNoWitness returns the serialized bytes for the block with transactions +// encoded without any witness data. +func (b *Block) BytesNoWitness() ([]byte, error) { + // Return the cached serialized bytes if it has already been generated. + if len(b.serializedBlockNoWitness) != 0 { + return b.serializedBlockNoWitness, nil + } + + // Serialize the MsgBlock. + var w bytes.Buffer + err := b.msgBlock.SerializeNoWitness(&w) + if err != nil { + return nil, err + } + serializedBlock := w.Bytes() + + // Cache the serialized bytes and return them. + b.serializedBlockNoWitness = serializedBlock + return serializedBlock, nil +} + +// Hash returns the block identifier hash for the Block. This is equivalent to +// calling BlockHash on the underlying wire.MsgBlock, however it caches the +// result so subsequent calls are more efficient. +func (b *Block) Hash() *chainhash.Hash { + // Return the cached block hash if it has already been generated. + if b.blockHash != nil { + return b.blockHash + } + + // Cache the block hash and return it. + hash := b.msgBlock.BlockHash() + b.blockHash = &hash + return &hash +} + +// Tx returns a wrapped transaction (btcutil.Tx) for the transaction at the +// specified index in the Block. The supplied index is 0 based. That is to +// say, the first transaction in the block is txNum 0. This is nearly +// equivalent to accessing the raw transaction (wire.MsgTx) from the +// underlying wire.MsgBlock, however the wrapped transaction has some helpful +// properties such as caching the hash so subsequent calls are more efficient. +func (b *Block) Tx(txNum int) (*Tx, error) { + // Ensure the requested transaction is in range. + numTx := uint64(len(b.msgBlock.Transactions)) + if txNum < 0 || uint64(txNum) > numTx { + str := fmt.Sprintf("transaction index %d is out of range - max %d", + txNum, numTx-1) + return nil, OutOfRangeError(str) + } + + // Generate slice to hold all of the wrapped transactions if needed. + if len(b.transactions) == 0 { + b.transactions = make([]*Tx, numTx) + } + + // Return the wrapped transaction if it has already been generated. + if b.transactions[txNum] != nil { + return b.transactions[txNum], nil + } + + // Generate and cache the wrapped transaction and return it. + newTx := NewTx(b.msgBlock.Transactions[txNum]) + newTx.SetIndex(txNum) + b.transactions[txNum] = newTx + return newTx, nil +} + +// Transactions returns a slice of wrapped transactions (btcutil.Tx) for all +// transactions in the Block. This is nearly equivalent to accessing the raw +// transactions (wire.MsgTx) in the underlying wire.MsgBlock, however it +// instead provides easy access to wrapped versions (btcutil.Tx) of them. +func (b *Block) Transactions() []*Tx { + // Return transactions if they have ALL already been generated. This + // flag is necessary because the wrapped transactions are lazily + // generated in a sparse fashion. + if b.txnsGenerated { + return b.transactions + } + + // Generate slice to hold all of the wrapped transactions if needed. + if len(b.transactions) == 0 { + b.transactions = make([]*Tx, len(b.msgBlock.Transactions)) + } + + // Generate and cache the wrapped transactions for all that haven't + // already been done. + for i, tx := range b.transactions { + if tx == nil { + newTx := NewTx(b.msgBlock.Transactions[i]) + newTx.SetIndex(i) + b.transactions[i] = newTx + } + } + + b.txnsGenerated = true + return b.transactions +} + +// TxHash returns the hash for the requested transaction number in the Block. +// The supplied index is 0 based. That is to say, the first transaction in the +// block is txNum 0. This is equivalent to calling TxHash on the underlying +// wire.MsgTx, however it caches the result so subsequent calls are more +// efficient. +func (b *Block) TxHash(txNum int) (*chainhash.Hash, error) { + // Attempt to get a wrapped transaction for the specified index. It + // will be created lazily if needed or simply return the cached version + // if it has already been generated. + tx, err := b.Tx(txNum) + if err != nil { + return nil, err + } + + // Defer to the wrapped transaction which will return the cached hash if + // it has already been generated. + return tx.Hash(), nil +} + +// TxLoc returns the offsets and lengths of each transaction in a raw block. +// It is used to allow fast indexing into transactions within the raw byte +// stream. +func (b *Block) TxLoc() ([]wire.TxLoc, error) { + rawMsg, err := b.Bytes() + if err != nil { + return nil, err + } + rbuf := bytes.NewBuffer(rawMsg) + + var mblock wire.MsgBlock + txLocs, err := mblock.DeserializeTxLoc(rbuf) + if err != nil { + return nil, err + } + return txLocs, err +} + +// Height returns the saved height of the block in the block chain. This value +// will be BlockHeightUnknown if it hasn't already explicitly been set. +func (b *Block) Height() int32 { + return b.blockHeight +} + +// SetHeight sets the height of the block in the block chain. +func (b *Block) SetHeight(height int32) { + b.blockHeight = height +} + +// NewBlock returns a new instance of a bitcoin block given an underlying +// wire.MsgBlock. See Block. +func NewBlock(msgBlock *wire.MsgBlock) *Block { + return &Block{ + msgBlock: msgBlock, + blockHeight: BlockHeightUnknown, + } +} + +// NewBlockFromBytes returns a new instance of a bitcoin block given the +// serialized bytes. See Block. +func NewBlockFromBytes(serializedBlock []byte) (*Block, error) { + br := bytes.NewReader(serializedBlock) + b, err := NewBlockFromReader(br) + if err != nil { + return nil, err + } + b.serializedBlock = serializedBlock + return b, nil +} + +// NewBlockFromReader returns a new instance of a bitcoin block given a +// Reader to deserialize the block. See Block. +func NewBlockFromReader(r io.Reader) (*Block, error) { + // Deserialize the bytes into a MsgBlock. + var msgBlock wire.MsgBlock + err := msgBlock.Deserialize(r) + if err != nil { + return nil, err + } + + b := Block{ + msgBlock: &msgBlock, + blockHeight: BlockHeightUnknown, + } + return &b, nil +} + +// NewBlockFromBlockAndBytes returns a new instance of a bitcoin block given +// an underlying wire.MsgBlock and the serialized bytes for it. See Block. +func NewBlockFromBlockAndBytes(msgBlock *wire.MsgBlock, serializedBlock []byte) *Block { + return &Block{ + msgBlock: msgBlock, + serializedBlock: serializedBlock, + blockHeight: BlockHeightUnknown, + } +} diff --git a/vendor/github.com/btcsuite/btcutil/certgen.go b/vendor/github.com/btcsuite/btcutil/certgen.go new file mode 100644 index 0000000..26d1629 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/certgen.go @@ -0,0 +1,144 @@ +// Copyright (c) 2013-2015 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + _ "crypto/sha512" // Needed for RegisterHash in init + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "errors" + "fmt" + "math/big" + "net" + "os" + "time" +) + +// NewTLSCertPair returns a new PEM-encoded x.509 certificate pair +// based on a 521-bit ECDSA private key. The machine's local interface +// addresses and all variants of IPv4 and IPv6 localhost are included as +// valid IP addresses. +func NewTLSCertPair(organization string, validUntil time.Time, extraHosts []string) (cert, key []byte, err error) { + now := time.Now() + if validUntil.Before(now) { + return nil, nil, errors.New("validUntil would create an already-expired certificate") + } + + priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + if err != nil { + return nil, nil, err + } + + // end of ASN.1 time + endOfTime := time.Date(2049, 12, 31, 23, 59, 59, 0, time.UTC) + if validUntil.After(endOfTime) { + validUntil = endOfTime + } + + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + return nil, nil, fmt.Errorf("failed to generate serial number: %s", err) + } + + host, err := os.Hostname() + if err != nil { + return nil, nil, err + } + + ipAddresses := []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")} + dnsNames := []string{host} + if host != "localhost" { + dnsNames = append(dnsNames, "localhost") + } + + addIP := func(ipAddr net.IP) { + for _, ip := range ipAddresses { + if bytes.Equal(ip, ipAddr) { + return + } + } + ipAddresses = append(ipAddresses, ipAddr) + } + addHost := func(host string) { + for _, dnsName := range dnsNames { + if host == dnsName { + return + } + } + dnsNames = append(dnsNames, host) + } + + addrs, err := interfaceAddrs() + if err != nil { + return nil, nil, err + } + for _, a := range addrs { + ipAddr, _, err := net.ParseCIDR(a.String()) + if err == nil { + addIP(ipAddr) + } + } + + for _, hostStr := range extraHosts { + host, _, err := net.SplitHostPort(hostStr) + if err != nil { + host = hostStr + } + if ip := net.ParseIP(host); ip != nil { + addIP(ip) + } else { + addHost(host) + } + } + + template := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{organization}, + CommonName: host, + }, + NotBefore: now.Add(-time.Hour * 24), + NotAfter: validUntil, + + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | + x509.KeyUsageCertSign, + IsCA: true, // so can sign self. + BasicConstraintsValid: true, + + DNSNames: dnsNames, + IPAddresses: ipAddresses, + } + + derBytes, err := x509.CreateCertificate(rand.Reader, &template, + &template, &priv.PublicKey, priv) + if err != nil { + return nil, nil, fmt.Errorf("failed to create certificate: %v", err) + } + + certBuf := &bytes.Buffer{} + err = pem.Encode(certBuf, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + if err != nil { + return nil, nil, fmt.Errorf("failed to encode certificate: %v", err) + } + + keybytes, err := x509.MarshalECPrivateKey(priv) + if err != nil { + return nil, nil, fmt.Errorf("failed to marshal private key: %v", err) + } + + keyBuf := &bytes.Buffer{} + err = pem.Encode(keyBuf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keybytes}) + if err != nil { + return nil, nil, fmt.Errorf("failed to encode private key: %v", err) + } + + return certBuf.Bytes(), keyBuf.Bytes(), nil +} diff --git a/vendor/github.com/btcsuite/btcutil/const.go b/vendor/github.com/btcsuite/btcutil/const.go new file mode 100644 index 0000000..c739460 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/const.go @@ -0,0 +1,16 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +const ( + // SatoshiPerBitcent is the number of satoshi in one bitcoin cent. + SatoshiPerBitcent = 1e6 + + // SatoshiPerBitcoin is the number of satoshi in one bitcoin (1 BTC). + SatoshiPerBitcoin = 1e8 + + // MaxSatoshi is the maximum transaction amount allowed in satoshi. + MaxSatoshi = 21e6 * SatoshiPerBitcoin +) diff --git a/vendor/github.com/btcsuite/btcutil/cov_report.sh b/vendor/github.com/btcsuite/btcutil/cov_report.sh new file mode 100644 index 0000000..307f05b --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/cov_report.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# This script uses gocov to generate a test coverage report. +# The gocov tool my be obtained with the following command: +# go get github.com/axw/gocov/gocov +# +# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH. + +# Check for gocov. +type gocov >/dev/null 2>&1 +if [ $? -ne 0 ]; then + echo >&2 "This script requires the gocov tool." + echo >&2 "You may obtain it with the following command:" + echo >&2 "go get github.com/axw/gocov/gocov" + exit 1 +fi +gocov test | gocov report diff --git a/vendor/github.com/btcsuite/btcutil/doc.go b/vendor/github.com/btcsuite/btcutil/doc.go new file mode 100644 index 0000000..36cda1c --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/doc.go @@ -0,0 +1,46 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package btcutil provides bitcoin-specific convenience functions and types. + +Block Overview + +A Block defines a bitcoin block that provides easier and more efficient +manipulation of raw wire protocol blocks. It also memoizes hashes for the +block and its transactions on their first access so subsequent accesses don't +have to repeat the relatively expensive hashing operations. + +Tx Overview + +A Tx defines a bitcoin transaction that provides more efficient manipulation of +raw wire protocol transactions. It memoizes the hash for the transaction on its +first access so subsequent accesses don't have to repeat the relatively +expensive hashing operations. + +Address Overview + +The Address interface provides an abstraction for a Bitcoin address. While the +most common type is a pay-to-pubkey-hash, Bitcoin already supports others and +may well support more in the future. This package currently provides +implementations for the pay-to-pubkey, pay-to-pubkey-hash, and +pay-to-script-hash address types. + +To decode/encode an address: + + // NOTE: The default network is only used for address types which do not + // already contain that information. At this time, that is only + // pay-to-pubkey addresses. + addrString := "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962" + + "e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d57" + + "8a4c702b6bf11d5f" + defaultNet := &chaincfg.MainNetParams + addr, err := btcutil.DecodeAddress(addrString, defaultNet) + if err != nil { + fmt.Println(err) + return + } + fmt.Println(addr.EncodeAddress()) +*/ +package btcutil diff --git a/vendor/github.com/btcsuite/btcutil/goclean.sh b/vendor/github.com/btcsuite/btcutil/goclean.sh new file mode 100644 index 0000000..4130848 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/goclean.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# The script does automatic checking on a Go package and its sub-packages, including: +# 1. gofmt (http://golang.org/cmd/gofmt/) +# 2. goimports (https://github.com/bradfitz/goimports) +# 3. golint (https://github.com/golang/lint) +# 4. go vet (http://golang.org/cmd/vet) +# 5. gosimple (https://github.com/dominikh/go-simple) +# 6. unconvert (https://github.com/mdempsky/unconvert) +# 7. race detector (http://blog.golang.org/race-detector) +# 8. test coverage (http://blog.golang.org/cover) +# +# gometalint (github.com/alecthomas/gometalinter) is used to run each each +# static checker. + +set -ex + +# Automatic checks +test -z "$(gometalinter --disable-all \ +--enable=gofmt \ +--enable=goimports \ +--enable=golint \ +--enable=vet \ +--enable=gosimple \ +--enable=unconvert \ +--deadline=120s ./... | grep -v 'ExampleNew' 2>&1 | tee /dev/stderr)" +env GORACE="halt_on_error=1" go test -race ./... + +# Run test coverage on each subdirectories and merge the coverage profile. + +echo "mode: count" > profile.cov + +# Standard go tooling behavior is to ignore dirs with leading underscores. +for dir in $(find . -maxdepth 10 -not -path './.git*' -not -path '*/_*' -type d); +do +if ls $dir/*.go &> /dev/null; then + go test -covermode=count -coverprofile=$dir/profile.tmp $dir + if [ -f $dir/profile.tmp ]; then + cat $dir/profile.tmp | tail -n +2 >> profile.cov + rm $dir/profile.tmp + fi +fi +done + +go tool cover -func profile.cov + +# To submit the test coverage result to coveralls.io, +# use goveralls (https://github.com/mattn/goveralls) +# goveralls -coverprofile=profile.cov -service=travis-ci diff --git a/vendor/github.com/btcsuite/btcutil/hash160.go b/vendor/github.com/btcsuite/btcutil/hash160.go new file mode 100644 index 0000000..599a0fe --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/hash160.go @@ -0,0 +1,23 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "crypto/sha256" + "hash" + + "golang.org/x/crypto/ripemd160" +) + +// Calculate the hash of hasher over buf. +func calcHash(buf []byte, hasher hash.Hash) []byte { + hasher.Write(buf) + return hasher.Sum(nil) +} + +// Hash160 calculates the hash ripemd160(sha256(b)). +func Hash160(buf []byte) []byte { + return calcHash(calcHash(buf, sha256.New()), ripemd160.New()) +} diff --git a/vendor/github.com/btcsuite/btcutil/hdkeychain/README.md b/vendor/github.com/btcsuite/btcutil/hdkeychain/README.md new file mode 100644 index 0000000..f9c15d8 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/hdkeychain/README.md @@ -0,0 +1,59 @@ +hdkeychain +========== + +[![Build Status](http://img.shields.io/travis/btcsuite/btcutil.svg)](https://travis-ci.org/btcsuite/btcutil) +[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org) +[![GoDoc](http://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/btcsuite/btcutil/hdkeychain) + +Package hdkeychain provides an API for bitcoin hierarchical deterministic +extended keys (BIP0032). + +A comprehensive suite of tests is provided to ensure proper functionality. See +`test_coverage.txt` for the gocov coverage report. Alternatively, if you are +running a POSIX OS, you can run the `cov_report.sh` script for a real-time +report. + +## Feature Overview + +- Full BIP0032 implementation +- Single type for private and public extended keys +- Convenient cryptograpically secure seed generation +- Simple creation of master nodes +- Support for multi-layer derivation +- Easy serialization and deserialization for both private and public extended + keys +- Support for custom networks by registering them with chaincfg +- Obtaining the underlying EC pubkeys, EC privkeys, and associated bitcoin + addresses ties in seamlessly with existing btcec and btcutil types which + provide powerful tools for working with them to do things like sign + transations and generate payment scripts +- Uses the btcec package which is highly optimized for secp256k1 +- Code examples including: + - Generating a cryptographically secure random seed and deriving a + master node from it + - Default HD wallet layout as described by BIP0032 + - Audits use case as described by BIP0032 +- Comprehensive test coverage including the BIP0032 test vectors +- Benchmarks + +## Installation and Updating + +```bash +$ go get -u github.com/btcsuite/btcutil/hdkeychain +``` + +## Examples + +* [NewMaster Example](http://godoc.org/github.com/btcsuite/btcutil/hdkeychain#example-NewMaster) + Demonstrates how to generate a cryptographically random seed then use it to + create a new master node (extended key). +* [Default Wallet Layout Example](http://godoc.org/github.com/btcsuite/btcutil/hdkeychain#example-package--DefaultWalletLayout) + Demonstrates the default hierarchical deterministic wallet layout as described + in BIP0032. +* [Audits Use Case Example](http://godoc.org/github.com/btcsuite/btcutil/hdkeychain#example-package--Audits) + Demonstrates the audits use case in BIP0032. + +## License + +Package hdkeychain is licensed under the [copyfree](http://copyfree.org) ISC +License. diff --git a/vendor/github.com/btcsuite/btcutil/hdkeychain/cov_report.sh b/vendor/github.com/btcsuite/btcutil/hdkeychain/cov_report.sh new file mode 100644 index 0000000..307f05b --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/hdkeychain/cov_report.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# This script uses gocov to generate a test coverage report. +# The gocov tool my be obtained with the following command: +# go get github.com/axw/gocov/gocov +# +# It will be installed to $GOPATH/bin, so ensure that location is in your $PATH. + +# Check for gocov. +type gocov >/dev/null 2>&1 +if [ $? -ne 0 ]; then + echo >&2 "This script requires the gocov tool." + echo >&2 "You may obtain it with the following command:" + echo >&2 "go get github.com/axw/gocov/gocov" + exit 1 +fi +gocov test | gocov report diff --git a/vendor/github.com/btcsuite/btcutil/hdkeychain/doc.go b/vendor/github.com/btcsuite/btcutil/hdkeychain/doc.go new file mode 100644 index 0000000..652eb8c --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/hdkeychain/doc.go @@ -0,0 +1,84 @@ +// Copyright (c) 2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +/* +Package hdkeychain provides an API for bitcoin hierarchical deterministic +extended keys (BIP0032). + +Overview + +The ability to implement hierarchical deterministic wallets depends on the +ability to create and derive hierarchical deterministic extended keys. + +At a high level, this package provides support for those hierarchical +deterministic extended keys by providing an ExtendedKey type and supporting +functions. Each extended key can either be a private or public extended key +which itself is capable of deriving a child extended key. + +Determining the Extended Key Type + +Whether an extended key is a private or public extended key can be determined +with the IsPrivate function. + +Transaction Signing Keys and Payment Addresses + +In order to create and sign transactions, or provide others with addresses to +send funds to, the underlying key and address material must be accessible. This +package provides the ECPubKey, ECPrivKey, and Address functions for this +purpose. + +The Master Node + +As previously mentioned, the extended keys are hierarchical meaning they are +used to form a tree. The root of that tree is called the master node and this +package provides the NewMaster function to create it from a cryptographically +random seed. The GenerateSeed function is provided as a convenient way to +create a random seed for use with the NewMaster function. + +Deriving Children + +Once you have created a tree root (or have deserialized an extended key as +discussed later), the child extended keys can be derived by using the Child +function. The Child function supports deriving both normal (non-hardened) and +hardened child extended keys. In order to derive a hardened extended key, use +the HardenedKeyStart constant + the hardened key number as the index to the +Child function. This provides the ability to cascade the keys into a tree and +hence generate the hierarchical deterministic key chains. + +Normal vs Hardened Child Extended Keys + +A private extended key can be used to derive both hardened and non-hardened +(normal) child private and public extended keys. A public extended key can only +be used to derive non-hardened child public extended keys. As enumerated in +BIP0032 "knowledge of the extended public key plus any non-hardened private key +descending from it is equivalent to knowing the extended private key (and thus +every private and public key descending from it). This means that extended +public keys must be treated more carefully than regular public keys. It is also +the reason for the existence of hardened keys, and why they are used for the +account level in the tree. This way, a leak of an account-specific (or below) +private key never risks compromising the master or other accounts." + +Neutering a Private Extended Key + +A private extended key can be converted to a new instance of the corresponding +public extended key with the Neuter function. The original extended key is not +modified. A public extended key is still capable of deriving non-hardened child +public extended keys. + +Serializing and Deserializing Extended Keys + +Extended keys are serialized and deserialized with the String and +NewKeyFromString functions. The serialized key is a Base58-encoded string which +looks like the following: + public key: xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw + private key: xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7 + +Network + +Extended keys are much like normal Bitcoin addresses in that they have version +bytes which tie them to a specific network. The SetNet and IsForNet functions +are provided to set and determinine which network an extended key is associated +with. +*/ +package hdkeychain diff --git a/vendor/github.com/btcsuite/btcutil/hdkeychain/extendedkey.go b/vendor/github.com/btcsuite/btcutil/hdkeychain/extendedkey.go new file mode 100644 index 0000000..53486ad --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/hdkeychain/extendedkey.go @@ -0,0 +1,577 @@ +// Copyright (c) 2014-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package hdkeychain + +// References: +// [BIP32]: BIP0032 - Hierarchical Deterministic Wallets +// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki + +import ( + "bytes" + "crypto/hmac" + "crypto/rand" + "crypto/sha512" + "encoding/binary" + "errors" + "fmt" + "math/big" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcutil" + "github.com/btcsuite/btcutil/base58" +) + +const ( + // RecommendedSeedLen is the recommended length in bytes for a seed + // to a master node. + RecommendedSeedLen = 32 // 256 bits + + // HardenedKeyStart is the index at which a hardended key starts. Each + // extended key has 2^31 normal child keys and 2^31 hardned child keys. + // Thus the range for normal child keys is [0, 2^31 - 1] and the range + // for hardened child keys is [2^31, 2^32 - 1]. + HardenedKeyStart = 0x80000000 // 2^31 + + // MinSeedBytes is the minimum number of bytes allowed for a seed to + // a master node. + MinSeedBytes = 16 // 128 bits + + // MaxSeedBytes is the maximum number of bytes allowed for a seed to + // a master node. + MaxSeedBytes = 64 // 512 bits + + // serializedKeyLen is the length of a serialized public or private + // extended key. It consists of 4 bytes version, 1 byte depth, 4 bytes + // fingerprint, 4 bytes child number, 32 bytes chain code, and 33 bytes + // public/private key data. + serializedKeyLen = 4 + 1 + 4 + 4 + 32 + 33 // 78 bytes + + // maxUint8 is the max positive integer which can be serialized in a uint8 + maxUint8 = 1<<8 - 1 +) + +var ( + // ErrDeriveHardFromPublic describes an error in which the caller + // attempted to derive a hardened extended key from a public key. + ErrDeriveHardFromPublic = errors.New("cannot derive a hardened key " + + "from a public key") + + // ErrDeriveBeyondMaxDepth describes an error in which the caller + // has attempted to derive more than 255 keys from a root key. + ErrDeriveBeyondMaxDepth = errors.New("cannot derive a key with more than " + + "255 indices in its path") + + // ErrNotPrivExtKey describes an error in which the caller attempted + // to extract a private key from a public extended key. + ErrNotPrivExtKey = errors.New("unable to create private keys from a " + + "public extended key") + + // ErrInvalidChild describes an error in which the child at a specific + // index is invalid due to the derived key falling outside of the valid + // range for secp256k1 private keys. This error indicates the caller + // should simply ignore the invalid child extended key at this index and + // increment to the next index. + ErrInvalidChild = errors.New("the extended key at this index is invalid") + + // ErrUnusableSeed describes an error in which the provided seed is not + // usable due to the derived key falling outside of the valid range for + // secp256k1 private keys. This error indicates the caller must choose + // another seed. + ErrUnusableSeed = errors.New("unusable seed") + + // ErrInvalidSeedLen describes an error in which the provided seed or + // seed length is not in the allowed range. + ErrInvalidSeedLen = fmt.Errorf("seed length must be between %d and %d "+ + "bits", MinSeedBytes*8, MaxSeedBytes*8) + + // ErrBadChecksum describes an error in which the checksum encoded with + // a serialized extended key does not match the calculated value. + ErrBadChecksum = errors.New("bad extended key checksum") + + // ErrInvalidKeyLen describes an error in which the provided serialized + // key is not the expected length. + ErrInvalidKeyLen = errors.New("the provided serialized extended key " + + "length is invalid") +) + +// masterKey is the master key used along with a random seed used to generate +// the master node in the hierarchical tree. +var masterKey = []byte("Bitcoin seed") + +// ExtendedKey houses all the information needed to support a hierarchical +// deterministic extended key. See the package overview documentation for +// more details on how to use extended keys. +type ExtendedKey struct { + key []byte // This will be the pubkey for extended pub keys + pubKey []byte // This will only be set for extended priv keys + chainCode []byte + depth uint8 + parentFP []byte + childNum uint32 + version []byte + isPrivate bool +} + +// NewExtendedKey returns a new instance of an extended key with the given +// fields. No error checking is performed here as it's only intended to be a +// convenience method used to create a populated struct. This function should +// only by used by applications that need to create custom ExtendedKeys. All +// other applications should just use NewMaster, Child, or Neuter. +func NewExtendedKey(version, key, chainCode, parentFP []byte, depth uint8, + childNum uint32, isPrivate bool) *ExtendedKey { + + // NOTE: The pubKey field is intentionally left nil so it is only + // computed and memoized as required. + return &ExtendedKey{ + key: key, + chainCode: chainCode, + depth: depth, + parentFP: parentFP, + childNum: childNum, + version: version, + isPrivate: isPrivate, + } +} + +// pubKeyBytes returns bytes for the serialized compressed public key associated +// with this extended key in an efficient manner including memoization as +// necessary. +// +// When the extended key is already a public key, the key is simply returned as +// is since it's already in the correct form. However, when the extended key is +// a private key, the public key will be calculated and memoized so future +// accesses can simply return the cached result. +func (k *ExtendedKey) pubKeyBytes() []byte { + // Just return the key if it's already an extended public key. + if !k.isPrivate { + return k.key + } + + // This is a private extended key, so calculate and memoize the public + // key if needed. + if len(k.pubKey) == 0 { + pkx, pky := btcec.S256().ScalarBaseMult(k.key) + pubKey := btcec.PublicKey{Curve: btcec.S256(), X: pkx, Y: pky} + k.pubKey = pubKey.SerializeCompressed() + } + + return k.pubKey +} + +// IsPrivate returns whether or not the extended key is a private extended key. +// +// A private extended key can be used to derive both hardened and non-hardened +// child private and public extended keys. A public extended key can only be +// used to derive non-hardened child public extended keys. +func (k *ExtendedKey) IsPrivate() bool { + return k.isPrivate +} + +// Depth returns the current derivation level with respect to the root. +// +// The root key has depth zero, and the field has a maximum of 255 due to +// how depth is serialized. +func (k *ExtendedKey) Depth() uint8 { + return k.depth +} + +// ParentFingerprint returns a fingerprint of the parent extended key from which +// this one was derived. +func (k *ExtendedKey) ParentFingerprint() uint32 { + return binary.BigEndian.Uint32(k.parentFP) +} + +// Child returns a derived child extended key at the given index. When this +// extended key is a private extended key (as determined by the IsPrivate +// function), a private extended key will be derived. Otherwise, the derived +// extended key will be also be a public extended key. +// +// When the index is greater to or equal than the HardenedKeyStart constant, the +// derived extended key will be a hardened extended key. It is only possible to +// derive a hardended extended key from a private extended key. Consequently, +// this function will return ErrDeriveHardFromPublic if a hardened child +// extended key is requested from a public extended key. +// +// A hardened extended key is useful since, as previously mentioned, it requires +// a parent private extended key to derive. In other words, normal child +// extended public keys can be derived from a parent public extended key (no +// knowledge of the parent private key) whereas hardened extended keys may not +// be. +// +// NOTE: There is an extremely small chance (< 1 in 2^127) the specific child +// index does not derive to a usable child. The ErrInvalidChild error will be +// returned if this should occur, and the caller is expected to ignore the +// invalid child and simply increment to the next index. +func (k *ExtendedKey) Child(i uint32) (*ExtendedKey, error) { + // Prevent derivation of children beyond the max allowed depth. + if k.depth == maxUint8 { + return nil, ErrDeriveBeyondMaxDepth + } + + // There are four scenarios that could happen here: + // 1) Private extended key -> Hardened child private extended key + // 2) Private extended key -> Non-hardened child private extended key + // 3) Public extended key -> Non-hardened child public extended key + // 4) Public extended key -> Hardened child public extended key (INVALID!) + + // Case #4 is invalid, so error out early. + // A hardened child extended key may not be created from a public + // extended key. + isChildHardened := i >= HardenedKeyStart + if !k.isPrivate && isChildHardened { + return nil, ErrDeriveHardFromPublic + } + + // The data used to derive the child key depends on whether or not the + // child is hardened per [BIP32]. + // + // For hardened children: + // 0x00 || ser256(parentKey) || ser32(i) + // + // For normal children: + // serP(parentPubKey) || ser32(i) + keyLen := 33 + data := make([]byte, keyLen+4) + if isChildHardened { + // Case #1. + // When the child is a hardened child, the key is known to be a + // private key due to the above early return. Pad it with a + // leading zero as required by [BIP32] for deriving the child. + copy(data[1:], k.key) + } else { + // Case #2 or #3. + // This is either a public or private extended key, but in + // either case, the data which is used to derive the child key + // starts with the secp256k1 compressed public key bytes. + copy(data, k.pubKeyBytes()) + } + binary.BigEndian.PutUint32(data[keyLen:], i) + + // Take the HMAC-SHA512 of the current key's chain code and the derived + // data: + // I = HMAC-SHA512(Key = chainCode, Data = data) + hmac512 := hmac.New(sha512.New, k.chainCode) + hmac512.Write(data) + ilr := hmac512.Sum(nil) + + // Split "I" into two 32-byte sequences Il and Ir where: + // Il = intermediate key used to derive the child + // Ir = child chain code + il := ilr[:len(ilr)/2] + childChainCode := ilr[len(ilr)/2:] + + // Both derived public or private keys rely on treating the left 32-byte + // sequence calculated above (Il) as a 256-bit integer that must be + // within the valid range for a secp256k1 private key. There is a small + // chance (< 1 in 2^127) this condition will not hold, and in that case, + // a child extended key can't be created for this index and the caller + // should simply increment to the next index. + ilNum := new(big.Int).SetBytes(il) + if ilNum.Cmp(btcec.S256().N) >= 0 || ilNum.Sign() == 0 { + return nil, ErrInvalidChild + } + + // The algorithm used to derive the child key depends on whether or not + // a private or public child is being derived. + // + // For private children: + // childKey = parse256(Il) + parentKey + // + // For public children: + // childKey = serP(point(parse256(Il)) + parentKey) + var isPrivate bool + var childKey []byte + if k.isPrivate { + // Case #1 or #2. + // Add the parent private key to the intermediate private key to + // derive the final child key. + // + // childKey = parse256(Il) + parenKey + keyNum := new(big.Int).SetBytes(k.key) + ilNum.Add(ilNum, keyNum) + ilNum.Mod(ilNum, btcec.S256().N) + childKey = ilNum.Bytes() + isPrivate = true + } else { + // Case #3. + // Calculate the corresponding intermediate public key for + // intermediate private key. + ilx, ily := btcec.S256().ScalarBaseMult(il) + if ilx.Sign() == 0 || ily.Sign() == 0 { + return nil, ErrInvalidChild + } + + // Convert the serialized compressed parent public key into X + // and Y coordinates so it can be added to the intermediate + // public key. + pubKey, err := btcec.ParsePubKey(k.key, btcec.S256()) + if err != nil { + return nil, err + } + + // Add the intermediate public key to the parent public key to + // derive the final child key. + // + // childKey = serP(point(parse256(Il)) + parentKey) + childX, childY := btcec.S256().Add(ilx, ily, pubKey.X, pubKey.Y) + pk := btcec.PublicKey{Curve: btcec.S256(), X: childX, Y: childY} + childKey = pk.SerializeCompressed() + } + + // The fingerprint of the parent for the derived child is the first 4 + // bytes of the RIPEMD160(SHA256(parentPubKey)). + parentFP := btcutil.Hash160(k.pubKeyBytes())[:4] + return NewExtendedKey(k.version, childKey, childChainCode, parentFP, + k.depth+1, i, isPrivate), nil +} + +// Neuter returns a new extended public key from this extended private key. The +// same extended key will be returned unaltered if it is already an extended +// public key. +// +// As the name implies, an extended public key does not have access to the +// private key, so it is not capable of signing transactions or deriving +// child extended private keys. However, it is capable of deriving further +// child extended public keys. +func (k *ExtendedKey) Neuter() (*ExtendedKey, error) { + // Already an extended public key. + if !k.isPrivate { + return k, nil + } + + // Get the associated public extended key version bytes. + version, err := chaincfg.HDPrivateKeyToPublicKeyID(k.version) + if err != nil { + return nil, err + } + + // Convert it to an extended public key. The key for the new extended + // key will simply be the pubkey of the current extended private key. + // + // This is the function N((k,c)) -> (K, c) from [BIP32]. + return NewExtendedKey(version, k.pubKeyBytes(), k.chainCode, k.parentFP, + k.depth, k.childNum, false), nil +} + +// ECPubKey converts the extended key to a btcec public key and returns it. +func (k *ExtendedKey) ECPubKey() (*btcec.PublicKey, error) { + return btcec.ParsePubKey(k.pubKeyBytes(), btcec.S256()) +} + +// ECPrivKey converts the extended key to a btcec private key and returns it. +// As you might imagine this is only possible if the extended key is a private +// extended key (as determined by the IsPrivate function). The ErrNotPrivExtKey +// error will be returned if this function is called on a public extended key. +func (k *ExtendedKey) ECPrivKey() (*btcec.PrivateKey, error) { + if !k.isPrivate { + return nil, ErrNotPrivExtKey + } + + privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), k.key) + return privKey, nil +} + +// Address converts the extended key to a standard bitcoin pay-to-pubkey-hash +// address for the passed network. +func (k *ExtendedKey) Address(net *chaincfg.Params) (*btcutil.AddressPubKeyHash, error) { + pkHash := btcutil.Hash160(k.pubKeyBytes()) + return btcutil.NewAddressPubKeyHash(pkHash, net) +} + +// paddedAppend appends the src byte slice to dst, returning the new slice. +// If the length of the source is smaller than the passed size, leading zero +// bytes are appended to the dst slice before appending src. +func paddedAppend(size uint, dst, src []byte) []byte { + for i := 0; i < int(size)-len(src); i++ { + dst = append(dst, 0) + } + return append(dst, src...) +} + +// String returns the extended key as a human-readable base58-encoded string. +func (k *ExtendedKey) String() string { + if len(k.key) == 0 { + return "zeroed extended key" + } + + var childNumBytes [4]byte + binary.BigEndian.PutUint32(childNumBytes[:], k.childNum) + + // The serialized format is: + // version (4) || depth (1) || parent fingerprint (4)) || + // child num (4) || chain code (32) || key data (33) || checksum (4) + serializedBytes := make([]byte, 0, serializedKeyLen+4) + serializedBytes = append(serializedBytes, k.version...) + serializedBytes = append(serializedBytes, k.depth) + serializedBytes = append(serializedBytes, k.parentFP...) + serializedBytes = append(serializedBytes, childNumBytes[:]...) + serializedBytes = append(serializedBytes, k.chainCode...) + if k.isPrivate { + serializedBytes = append(serializedBytes, 0x00) + serializedBytes = paddedAppend(32, serializedBytes, k.key) + } else { + serializedBytes = append(serializedBytes, k.pubKeyBytes()...) + } + + checkSum := chainhash.DoubleHashB(serializedBytes)[:4] + serializedBytes = append(serializedBytes, checkSum...) + return base58.Encode(serializedBytes) +} + +// IsForNet returns whether or not the extended key is associated with the +// passed bitcoin network. +func (k *ExtendedKey) IsForNet(net *chaincfg.Params) bool { + return bytes.Equal(k.version, net.HDPrivateKeyID[:]) || + bytes.Equal(k.version, net.HDPublicKeyID[:]) +} + +// SetNet associates the extended key, and any child keys yet to be derived from +// it, with the passed network. +func (k *ExtendedKey) SetNet(net *chaincfg.Params) { + if k.isPrivate { + k.version = net.HDPrivateKeyID[:] + } else { + k.version = net.HDPublicKeyID[:] + } +} + +// zero sets all bytes in the passed slice to zero. This is used to +// explicitly clear private key material from memory. +func zero(b []byte) { + lenb := len(b) + for i := 0; i < lenb; i++ { + b[i] = 0 + } +} + +// Zero manually clears all fields and bytes in the extended key. This can be +// used to explicitly clear key material from memory for enhanced security +// against memory scraping. This function only clears this particular key and +// not any children that have already been derived. +func (k *ExtendedKey) Zero() { + zero(k.key) + zero(k.pubKey) + zero(k.chainCode) + zero(k.parentFP) + k.version = nil + k.key = nil + k.depth = 0 + k.childNum = 0 + k.isPrivate = false +} + +// NewMaster creates a new master node for use in creating a hierarchical +// deterministic key chain. The seed must be between 128 and 512 bits and +// should be generated by a cryptographically secure random generation source. +// +// NOTE: There is an extremely small chance (< 1 in 2^127) the provided seed +// will derive to an unusable secret key. The ErrUnusable error will be +// returned if this should occur, so the caller must check for it and generate a +// new seed accordingly. +func NewMaster(seed []byte, net *chaincfg.Params) (*ExtendedKey, error) { + // Per [BIP32], the seed must be in range [MinSeedBytes, MaxSeedBytes]. + if len(seed) < MinSeedBytes || len(seed) > MaxSeedBytes { + return nil, ErrInvalidSeedLen + } + + // First take the HMAC-SHA512 of the master key and the seed data: + // I = HMAC-SHA512(Key = "Bitcoin seed", Data = S) + hmac512 := hmac.New(sha512.New, masterKey) + hmac512.Write(seed) + lr := hmac512.Sum(nil) + + // Split "I" into two 32-byte sequences Il and Ir where: + // Il = master secret key + // Ir = master chain code + secretKey := lr[:len(lr)/2] + chainCode := lr[len(lr)/2:] + + // Ensure the key in usable. + secretKeyNum := new(big.Int).SetBytes(secretKey) + if secretKeyNum.Cmp(btcec.S256().N) >= 0 || secretKeyNum.Sign() == 0 { + return nil, ErrUnusableSeed + } + + parentFP := []byte{0x00, 0x00, 0x00, 0x00} + return NewExtendedKey(net.HDPrivateKeyID[:], secretKey, chainCode, + parentFP, 0, 0, true), nil +} + +// NewKeyFromString returns a new extended key instance from a base58-encoded +// extended key. +func NewKeyFromString(key string) (*ExtendedKey, error) { + // The base58-decoded extended key must consist of a serialized payload + // plus an additional 4 bytes for the checksum. + decoded := base58.Decode(key) + if len(decoded) != serializedKeyLen+4 { + return nil, ErrInvalidKeyLen + } + + // The serialized format is: + // version (4) || depth (1) || parent fingerprint (4)) || + // child num (4) || chain code (32) || key data (33) || checksum (4) + + // Split the payload and checksum up and ensure the checksum matches. + payload := decoded[:len(decoded)-4] + checkSum := decoded[len(decoded)-4:] + expectedCheckSum := chainhash.DoubleHashB(payload)[:4] + if !bytes.Equal(checkSum, expectedCheckSum) { + return nil, ErrBadChecksum + } + + // Deserialize each of the payload fields. + version := payload[:4] + depth := payload[4:5][0] + parentFP := payload[5:9] + childNum := binary.BigEndian.Uint32(payload[9:13]) + chainCode := payload[13:45] + keyData := payload[45:78] + + // The key data is a private key if it starts with 0x00. Serialized + // compressed pubkeys either start with 0x02 or 0x03. + isPrivate := keyData[0] == 0x00 + if isPrivate { + // Ensure the private key is valid. It must be within the range + // of the order of the secp256k1 curve and not be 0. + keyData = keyData[1:] + keyNum := new(big.Int).SetBytes(keyData) + if keyNum.Cmp(btcec.S256().N) >= 0 || keyNum.Sign() == 0 { + return nil, ErrUnusableSeed + } + } else { + // Ensure the public key parses correctly and is actually on the + // secp256k1 curve. + _, err := btcec.ParsePubKey(keyData, btcec.S256()) + if err != nil { + return nil, err + } + } + + return NewExtendedKey(version, keyData, chainCode, parentFP, depth, + childNum, isPrivate), nil +} + +// GenerateSeed returns a cryptographically secure random seed that can be used +// as the input for the NewMaster function to generate a new master node. +// +// The length is in bytes and it must be between 16 and 64 (128 to 512 bits). +// The recommended length is 32 (256 bits) as defined by the RecommendedSeedLen +// constant. +func GenerateSeed(length uint8) ([]byte, error) { + // Per [BIP32], the seed must be in range [MinSeedBytes, MaxSeedBytes]. + if length < MinSeedBytes || length > MaxSeedBytes { + return nil, ErrInvalidSeedLen + } + + buf := make([]byte, length) + _, err := rand.Read(buf) + if err != nil { + return nil, err + } + + return buf, nil +} diff --git a/vendor/github.com/btcsuite/btcutil/hdkeychain/test_coverage.txt b/vendor/github.com/btcsuite/btcutil/hdkeychain/test_coverage.txt new file mode 100644 index 0000000..c0bc7ef --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/hdkeychain/test_coverage.txt @@ -0,0 +1,20 @@ + +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.String 100.00% (18/18) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Zero 100.00% (9/9) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.pubKeyBytes 100.00% (7/7) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Neuter 100.00% (6/6) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.ECPrivKey 100.00% (4/4) +github.com/conformal/btcutil/hdkeychain/extendedkey.go zero 100.00% (3/3) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.SetNet 100.00% (3/3) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Address 100.00% (2/2) +github.com/conformal/btcutil/hdkeychain/extendedkey.go newExtendedKey 100.00% (1/1) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.IsPrivate 100.00% (1/1) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.ParentFingerprint 100.00% (1/1) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.ECPubKey 100.00% (1/1) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.IsForNet 100.00% (1/1) +github.com/conformal/btcutil/hdkeychain/extendedkey.go NewKeyFromString 95.83% (23/24) +github.com/conformal/btcutil/hdkeychain/extendedkey.go ExtendedKey.Child 91.67% (33/36) +github.com/conformal/btcutil/hdkeychain/extendedkey.go NewMaster 91.67% (11/12) +github.com/conformal/btcutil/hdkeychain/extendedkey.go GenerateSeed 85.71% (6/7) +github.com/conformal/btcutil/hdkeychain ----------------------------- 95.59% (130/136) + diff --git a/vendor/github.com/btcsuite/btcutil/net.go b/vendor/github.com/btcsuite/btcutil/net.go new file mode 100644 index 0000000..bf11733 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/net.go @@ -0,0 +1,18 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +// +build !appengine + +package btcutil + +import ( + "net" +) + +// interfaceAddrs returns a list of the system's network interface addresses. +// It is wrapped here so that we can substitute it for other functions when +// building for systems that do not allow access to net.InterfaceAddrs(). +func interfaceAddrs() ([]net.Addr, error) { + return net.InterfaceAddrs() +} diff --git a/vendor/github.com/btcsuite/btcutil/net_noop.go b/vendor/github.com/btcsuite/btcutil/net_noop.go new file mode 100644 index 0000000..b0b7c2e --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/net_noop.go @@ -0,0 +1,19 @@ +// Copyright (c) 2013-2014 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +// +build appengine + +package btcutil + +import ( + "net" +) + +// interfaceAddrs returns a list of the system's network interface addresses. +// It is wrapped here so that we can substitute it for a no-op function that +// returns an empty slice of net.Addr when building for systems that do not +// allow access to net.InterfaceAddrs(). +func interfaceAddrs() ([]net.Addr, error) { + return []net.Addr{}, nil +} diff --git a/vendor/github.com/btcsuite/btcutil/test_coverage.txt b/vendor/github.com/btcsuite/btcutil/test_coverage.txt new file mode 100644 index 0000000..e475fad --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/test_coverage.txt @@ -0,0 +1,72 @@ + +github.com/conformal/btcutil/base58.go Base58Decode 100.00% (20/20) +github.com/conformal/btcutil/base58.go Base58Encode 100.00% (15/15) +github.com/conformal/btcutil/block.go Block.Tx 100.00% (12/12) +github.com/conformal/btcutil/wif.go WIF.String 100.00% (11/11) +github.com/conformal/btcutil/block.go Block.Transactions 100.00% (11/11) +github.com/conformal/btcutil/amount.go AmountUnit.String 100.00% (8/8) +github.com/conformal/btcutil/tx.go NewTxFromReader 100.00% (6/6) +github.com/conformal/btcutil/block.go NewBlockFromBytes 100.00% (6/6) +github.com/conformal/btcutil/block.go NewBlockFromReader 100.00% (6/6) +github.com/conformal/btcutil/address.go encodeAddress 100.00% (6/6) +github.com/conformal/btcutil/address.go newAddressPubKeyHash 100.00% (5/5) +github.com/conformal/btcutil/address.go newAddressScriptHashFromHash 100.00% (5/5) +github.com/conformal/btcutil/tx.go Tx.Sha 100.00% (5/5) +github.com/conformal/btcutil/block.go Block.Sha 100.00% (5/5) +github.com/conformal/btcutil/amount.go NewAmount 100.00% (5/5) +github.com/conformal/btcutil/amount.go round 100.00% (3/3) +github.com/conformal/btcutil/address.go NewAddressScriptHash 100.00% (2/2) +github.com/conformal/btcutil/amount.go Amount.Format 100.00% (2/2) +github.com/conformal/btcutil/tx.go NewTxFromBytes 100.00% (2/2) +github.com/conformal/btcutil/hash160.go calcHash 100.00% (2/2) +github.com/conformal/btcutil/address.go AddressPubKeyHash.Hash160 100.00% (1/1) +github.com/conformal/btcutil/block.go OutOfRangeError.Error 100.00% (1/1) +github.com/conformal/btcutil/block.go Block.MsgBlock 100.00% (1/1) +github.com/conformal/btcutil/tx.go Tx.MsgTx 100.00% (1/1) +github.com/conformal/btcutil/hash160.go Hash160 100.00% (1/1) +github.com/conformal/btcutil/block.go NewBlockFromBlockAndBytes 100.00% (1/1) +github.com/conformal/btcutil/block.go Block.Height 100.00% (1/1) +github.com/conformal/btcutil/block.go Block.SetHeight 100.00% (1/1) +github.com/conformal/btcutil/block.go NewBlock 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKeyHash.IsForNet 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKey.EncodeAddress 100.00% (1/1) +github.com/conformal/btcutil/address.go NewAddressPubKeyHash 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKeyHash.EncodeAddress 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKeyHash.ScriptAddress 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKeyHash.String 100.00% (1/1) +github.com/conformal/btcutil/address.go NewAddressScriptHashFromHash 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressScriptHash.EncodeAddress 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressScriptHash.ScriptAddress 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressScriptHash.IsForNet 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressScriptHash.String 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressScriptHash.Hash160 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKey.ScriptAddress 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKey.IsForNet 100.00% (1/1) +github.com/conformal/btcutil/address.go AddressPubKey.String 100.00% (1/1) +github.com/conformal/btcutil/tx.go NewTx 100.00% (1/1) +github.com/conformal/btcutil/tx.go Tx.SetIndex 100.00% (1/1) +github.com/conformal/btcutil/amount.go Amount.ToUnit 100.00% (1/1) +github.com/conformal/btcutil/tx.go Tx.Index 100.00% (1/1) +github.com/conformal/btcutil/amount.go Amount.String 100.00% (1/1) +github.com/conformal/btcutil/amount.go Amount.MulF64 100.00% (1/1) +github.com/conformal/btcutil/appdata.go appDataDir 92.00% (23/25) +github.com/conformal/btcutil/block.go Block.TxLoc 88.89% (8/9) +github.com/conformal/btcutil/block.go Block.Bytes 88.89% (8/9) +github.com/conformal/btcutil/address.go NewAddressPubKey 87.50% (7/8) +github.com/conformal/btcutil/address.go DecodeAddress 85.00% (17/20) +github.com/conformal/btcutil/wif.go DecodeWIF 85.00% (17/20) +github.com/conformal/btcutil/address.go AddressPubKey.serialize 80.00% (4/5) +github.com/conformal/btcutil/block.go Block.TxSha 75.00% (3/4) +github.com/conformal/btcutil/wif.go paddedAppend 66.67% (2/3) +github.com/conformal/btcutil/wif.go NewWIF 66.67% (2/3) +github.com/conformal/btcutil/certgen.go NewTLSCertPair 0.00% (0/54) +github.com/conformal/btcutil/wif.go WIF.SerializePubKey 0.00% (0/4) +github.com/conformal/btcutil/address.go AddressPubKey.AddressPubKeyHash 0.00% (0/3) +github.com/conformal/btcutil/address.go AddressPubKey.Format 0.00% (0/1) +github.com/conformal/btcutil/address.go AddressPubKey.PubKey 0.00% (0/1) +github.com/conformal/btcutil/address.go AddressPubKey.SetFormat 0.00% (0/1) +github.com/conformal/btcutil/wif.go WIF.IsForNet 0.00% (0/1) +github.com/conformal/btcutil/appdata.go AppDataDir 0.00% (0/1) +github.com/conformal/btcutil/net.go interfaceAddrs 0.00% (0/1) +github.com/conformal/btcutil ------------------------------- 75.88% (258/340) + diff --git a/vendor/github.com/btcsuite/btcutil/tx.go b/vendor/github.com/btcsuite/btcutil/tx.go new file mode 100644 index 0000000..13c05e4 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/tx.go @@ -0,0 +1,124 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "bytes" + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +// TxIndexUnknown is the value returned for a transaction index that is unknown. +// This is typically because the transaction has not been inserted into a block +// yet. +const TxIndexUnknown = -1 + +// Tx defines a bitcoin transaction that provides easier and more efficient +// manipulation of raw transactions. It also memoizes the hash for the +// transaction on its first access so subsequent accesses don't have to repeat +// the relatively expensive hashing operations. +type Tx struct { + msgTx *wire.MsgTx // Underlying MsgTx + txHash *chainhash.Hash // Cached transaction hash + txHashWitness *chainhash.Hash // Cached transaction witness hash + txHasWitness *bool // If the transaction has witness data + txIndex int // Position within a block or TxIndexUnknown +} + +// MsgTx returns the underlying wire.MsgTx for the transaction. +func (t *Tx) MsgTx() *wire.MsgTx { + // Return the cached transaction. + return t.msgTx +} + +// Hash returns the hash of the transaction. This is equivalent to +// calling TxHash on the underlying wire.MsgTx, however it caches the +// result so subsequent calls are more efficient. +func (t *Tx) Hash() *chainhash.Hash { + // Return the cached hash if it has already been generated. + if t.txHash != nil { + return t.txHash + } + + // Cache the hash and return it. + hash := t.msgTx.TxHash() + t.txHash = &hash + return &hash +} + +// WitnessHash returns the witness hash (wtxid) of the transaction. This is +// equivalent to calling WitnessHash on the underlying wire.MsgTx, however it +// caches the result so subsequent calls are more efficient. +func (t *Tx) WitnessHash() *chainhash.Hash { + // Return the cached hash if it has already been generated. + if t.txHashWitness != nil { + return t.txHashWitness + } + + // Cache the hash and return it. + hash := t.msgTx.WitnessHash() + t.txHashWitness = &hash + return &hash +} + +// HasWitness returns false if none of the inputs within the transaction +// contain witness data, true false otherwise. This equivalent to calling +// HasWitness on the underlying wire.MsgTx, however it caches the result so +// subsequent calls are more efficient. +func (t *Tx) HasWitness() bool { + if t.txHashWitness != nil { + return *t.txHasWitness + } + + hasWitness := t.msgTx.HasWitness() + t.txHasWitness = &hasWitness + return hasWitness +} + +// Index returns the saved index of the transaction within a block. This value +// will be TxIndexUnknown if it hasn't already explicitly been set. +func (t *Tx) Index() int { + return t.txIndex +} + +// SetIndex sets the index of the transaction in within a block. +func (t *Tx) SetIndex(index int) { + t.txIndex = index +} + +// NewTx returns a new instance of a bitcoin transaction given an underlying +// wire.MsgTx. See Tx. +func NewTx(msgTx *wire.MsgTx) *Tx { + return &Tx{ + msgTx: msgTx, + txIndex: TxIndexUnknown, + } +} + +// NewTxFromBytes returns a new instance of a bitcoin transaction given the +// serialized bytes. See Tx. +func NewTxFromBytes(serializedTx []byte) (*Tx, error) { + br := bytes.NewReader(serializedTx) + return NewTxFromReader(br) +} + +// NewTxFromReader returns a new instance of a bitcoin transaction given a +// Reader to deserialize the transaction. See Tx. +func NewTxFromReader(r io.Reader) (*Tx, error) { + // Deserialize the bytes into a MsgTx. + var msgTx wire.MsgTx + err := msgTx.Deserialize(r) + if err != nil { + return nil, err + } + + t := Tx{ + msgTx: &msgTx, + txIndex: TxIndexUnknown, + } + return &t, nil +} diff --git a/vendor/github.com/btcsuite/btcutil/wif.go b/vendor/github.com/btcsuite/btcutil/wif.go new file mode 100644 index 0000000..8b17dc9 --- /dev/null +++ b/vendor/github.com/btcsuite/btcutil/wif.go @@ -0,0 +1,169 @@ +// Copyright (c) 2013-2016 The btcsuite developers +// Use of this source code is governed by an ISC +// license that can be found in the LICENSE file. + +package btcutil + +import ( + "bytes" + "errors" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcutil/base58" +) + +// ErrMalformedPrivateKey describes an error where a WIF-encoded private +// key cannot be decoded due to being improperly formatted. This may occur +// if the byte length is incorrect or an unexpected magic number was +// encountered. +var ErrMalformedPrivateKey = errors.New("malformed private key") + +// compressMagic is the magic byte used to identify a WIF encoding for +// an address created from a compressed serialized public key. +const compressMagic byte = 0x01 + +// WIF contains the individual components described by the Wallet Import Format +// (WIF). A WIF string is typically used to represent a private key and its +// associated address in a way that may be easily copied and imported into or +// exported from wallet software. WIF strings may be decoded into this +// structure by calling DecodeWIF or created with a user-provided private key +// by calling NewWIF. +type WIF struct { + // PrivKey is the private key being imported or exported. + PrivKey *btcec.PrivateKey + + // CompressPubKey specifies whether the address controlled by the + // imported or exported private key was created by hashing a + // compressed (33-byte) serialized public key, rather than an + // uncompressed (65-byte) one. + CompressPubKey bool + + // netID is the bitcoin network identifier byte used when + // WIF encoding the private key. + netID byte +} + +// NewWIF creates a new WIF structure to export an address and its private key +// as a string encoded in the Wallet Import Format. The compress argument +// specifies whether the address intended to be imported or exported was created +// by serializing the public key compressed rather than uncompressed. +func NewWIF(privKey *btcec.PrivateKey, net *chaincfg.Params, compress bool) (*WIF, error) { + if net == nil { + return nil, errors.New("no network") + } + return &WIF{privKey, compress, net.PrivateKeyID}, nil +} + +// IsForNet returns whether or not the decoded WIF structure is associated +// with the passed bitcoin network. +func (w *WIF) IsForNet(net *chaincfg.Params) bool { + return w.netID == net.PrivateKeyID +} + +// DecodeWIF creates a new WIF structure by decoding the string encoding of +// the import format. +// +// The WIF string must be a base58-encoded string of the following byte +// sequence: +// +// * 1 byte to identify the network, must be 0x80 for mainnet or 0xef for +// either testnet3 or the regression test network +// * 32 bytes of a binary-encoded, big-endian, zero-padded private key +// * Optional 1 byte (equal to 0x01) if the address being imported or exported +// was created by taking the RIPEMD160 after SHA256 hash of a serialized +// compressed (33-byte) public key +// * 4 bytes of checksum, must equal the first four bytes of the double SHA256 +// of every byte before the checksum in this sequence +// +// If the base58-decoded byte sequence does not match this, DecodeWIF will +// return a non-nil error. ErrMalformedPrivateKey is returned when the WIF +// is of an impossible length or the expected compressed pubkey magic number +// does not equal the expected value of 0x01. ErrChecksumMismatch is returned +// if the expected WIF checksum does not match the calculated checksum. +func DecodeWIF(wif string) (*WIF, error) { + decoded := base58.Decode(wif) + decodedLen := len(decoded) + var compress bool + + // Length of base58 decoded WIF must be 32 bytes + an optional 1 byte + // (0x01) if compressed, plus 1 byte for netID + 4 bytes of checksum. + switch decodedLen { + case 1 + btcec.PrivKeyBytesLen + 1 + 4: + if decoded[33] != compressMagic { + return nil, ErrMalformedPrivateKey + } + compress = true + case 1 + btcec.PrivKeyBytesLen + 4: + compress = false + default: + return nil, ErrMalformedPrivateKey + } + + // Checksum is first four bytes of double SHA256 of the identifier byte + // and privKey. Verify this matches the final 4 bytes of the decoded + // private key. + var tosum []byte + if compress { + tosum = decoded[:1+btcec.PrivKeyBytesLen+1] + } else { + tosum = decoded[:1+btcec.PrivKeyBytesLen] + } + cksum := chainhash.DoubleHashB(tosum)[:4] + if !bytes.Equal(cksum, decoded[decodedLen-4:]) { + return nil, ErrChecksumMismatch + } + + netID := decoded[0] + privKeyBytes := decoded[1 : 1+btcec.PrivKeyBytesLen] + privKey, _ := btcec.PrivKeyFromBytes(btcec.S256(), privKeyBytes) + return &WIF{privKey, compress, netID}, nil +} + +// String creates the Wallet Import Format string encoding of a WIF structure. +// See DecodeWIF for a detailed breakdown of the format and requirements of +// a valid WIF string. +func (w *WIF) String() string { + // Precalculate size. Maximum number of bytes before base58 encoding + // is one byte for the network, 32 bytes of private key, possibly one + // extra byte if the pubkey is to be compressed, and finally four + // bytes of checksum. + encodeLen := 1 + btcec.PrivKeyBytesLen + 4 + if w.CompressPubKey { + encodeLen++ + } + + a := make([]byte, 0, encodeLen) + a = append(a, w.netID) + // Pad and append bytes manually, instead of using Serialize, to + // avoid another call to make. + a = paddedAppend(btcec.PrivKeyBytesLen, a, w.PrivKey.D.Bytes()) + if w.CompressPubKey { + a = append(a, compressMagic) + } + cksum := chainhash.DoubleHashB(a)[:4] + a = append(a, cksum...) + return base58.Encode(a) +} + +// SerializePubKey serializes the associated public key of the imported or +// exported private key in either a compressed or uncompressed format. The +// serialization format chosen depends on the value of w.CompressPubKey. +func (w *WIF) SerializePubKey() []byte { + pk := (*btcec.PublicKey)(&w.PrivKey.PublicKey) + if w.CompressPubKey { + return pk.SerializeCompressed() + } + return pk.SerializeUncompressed() +} + +// paddedAppend appends the src byte slice to dst, returning the new slice. +// If the length of the source is smaller than the passed size, leading zero +// bytes are appended to the dst slice before appending src. +func paddedAppend(size uint, dst, src []byte) []byte { + for i := 0; i < int(size)-len(src); i++ { + dst = append(dst, 0) + } + return append(dst, src...) +} diff --git a/vendor/github.com/davecgh/go-spew/LICENSE b/vendor/github.com/davecgh/go-spew/LICENSE new file mode 100644 index 0000000..bc52e96 --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/LICENSE @@ -0,0 +1,15 @@ +ISC License + +Copyright (c) 2012-2016 Dave Collins + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/vendor/github.com/davecgh/go-spew/spew/bypass.go b/vendor/github.com/davecgh/go-spew/spew/bypass.go new file mode 100644 index 0000000..7929947 --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/bypass.go @@ -0,0 +1,145 @@ +// Copyright (c) 2015-2016 Dave Collins +// +// Permission to use, copy, modify, and distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// NOTE: Due to the following build constraints, this file will only be compiled +// when the code is not running on Google App Engine, compiled by GopherJS, and +// "-tags safe" is not added to the go build command line. The "disableunsafe" +// tag is deprecated and thus should not be used. +// Go versions prior to 1.4 are disabled because they use a different layout +// for interfaces which make the implementation of unsafeReflectValue more complex. +// +build !js,!appengine,!safe,!disableunsafe,go1.4 + +package spew + +import ( + "reflect" + "unsafe" +) + +const ( + // UnsafeDisabled is a build-time constant which specifies whether or + // not access to the unsafe package is available. + UnsafeDisabled = false + + // ptrSize is the size of a pointer on the current arch. + ptrSize = unsafe.Sizeof((*byte)(nil)) +) + +type flag uintptr + +var ( + // flagRO indicates whether the value field of a reflect.Value + // is read-only. + flagRO flag + + // flagAddr indicates whether the address of the reflect.Value's + // value may be taken. + flagAddr flag +) + +// flagKindMask holds the bits that make up the kind +// part of the flags field. In all the supported versions, +// it is in the lower 5 bits. +const flagKindMask = flag(0x1f) + +// Different versions of Go have used different +// bit layouts for the flags type. This table +// records the known combinations. +var okFlags = []struct { + ro, addr flag +}{{ + // From Go 1.4 to 1.5 + ro: 1 << 5, + addr: 1 << 7, +}, { + // Up to Go tip. + ro: 1<<5 | 1<<6, + addr: 1 << 8, +}} + +var flagValOffset = func() uintptr { + field, ok := reflect.TypeOf(reflect.Value{}).FieldByName("flag") + if !ok { + panic("reflect.Value has no flag field") + } + return field.Offset +}() + +// flagField returns a pointer to the flag field of a reflect.Value. +func flagField(v *reflect.Value) *flag { + return (*flag)(unsafe.Pointer(uintptr(unsafe.Pointer(v)) + flagValOffset)) +} + +// unsafeReflectValue converts the passed reflect.Value into a one that bypasses +// the typical safety restrictions preventing access to unaddressable and +// unexported data. It works by digging the raw pointer to the underlying +// value out of the protected value and generating a new unprotected (unsafe) +// reflect.Value to it. +// +// This allows us to check for implementations of the Stringer and error +// interfaces to be used for pretty printing ordinarily unaddressable and +// inaccessible values such as unexported struct fields. +func unsafeReflectValue(v reflect.Value) reflect.Value { + if !v.IsValid() || (v.CanInterface() && v.CanAddr()) { + return v + } + flagFieldPtr := flagField(&v) + *flagFieldPtr &^= flagRO + *flagFieldPtr |= flagAddr + return v +} + +// Sanity checks against future reflect package changes +// to the type or semantics of the Value.flag field. +func init() { + field, ok := reflect.TypeOf(reflect.Value{}).FieldByName("flag") + if !ok { + panic("reflect.Value has no flag field") + } + if field.Type.Kind() != reflect.TypeOf(flag(0)).Kind() { + panic("reflect.Value flag field has changed kind") + } + type t0 int + var t struct { + A t0 + // t0 will have flagEmbedRO set. + t0 + // a will have flagStickyRO set + a t0 + } + vA := reflect.ValueOf(t).FieldByName("A") + va := reflect.ValueOf(t).FieldByName("a") + vt0 := reflect.ValueOf(t).FieldByName("t0") + + // Infer flagRO from the difference between the flags + // for the (otherwise identical) fields in t. + flagPublic := *flagField(&vA) + flagWithRO := *flagField(&va) | *flagField(&vt0) + flagRO = flagPublic ^ flagWithRO + + // Infer flagAddr from the difference between a value + // taken from a pointer and not. + vPtrA := reflect.ValueOf(&t).Elem().FieldByName("A") + flagNoPtr := *flagField(&vA) + flagPtr := *flagField(&vPtrA) + flagAddr = flagNoPtr ^ flagPtr + + // Check that the inferred flags tally with one of the known versions. + for _, f := range okFlags { + if flagRO == f.ro && flagAddr == f.addr { + return + } + } + panic("reflect.Value read-only flag has changed semantics") +} diff --git a/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go b/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go new file mode 100644 index 0000000..205c28d --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go @@ -0,0 +1,38 @@ +// Copyright (c) 2015-2016 Dave Collins +// +// Permission to use, copy, modify, and distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// NOTE: Due to the following build constraints, this file will only be compiled +// when the code is running on Google App Engine, compiled by GopherJS, or +// "-tags safe" is added to the go build command line. The "disableunsafe" +// tag is deprecated and thus should not be used. +// +build js appengine safe disableunsafe !go1.4 + +package spew + +import "reflect" + +const ( + // UnsafeDisabled is a build-time constant which specifies whether or + // not access to the unsafe package is available. + UnsafeDisabled = true +) + +// unsafeReflectValue typically converts the passed reflect.Value into a one +// that bypasses the typical safety restrictions preventing access to +// unaddressable and unexported data. However, doing this relies on access to +// the unsafe package. This is a stub version which simply returns the passed +// reflect.Value when the unsafe package is not available. +func unsafeReflectValue(v reflect.Value) reflect.Value { + return v +} diff --git a/vendor/github.com/davecgh/go-spew/spew/common.go b/vendor/github.com/davecgh/go-spew/spew/common.go new file mode 100644 index 0000000..1be8ce9 --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/common.go @@ -0,0 +1,341 @@ +/* + * Copyright (c) 2013-2016 Dave Collins + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +package spew + +import ( + "bytes" + "fmt" + "io" + "reflect" + "sort" + "strconv" +) + +// Some constants in the form of bytes to avoid string overhead. This mirrors +// the technique used in the fmt package. +var ( + panicBytes = []byte("(PANIC=") + plusBytes = []byte("+") + iBytes = []byte("i") + trueBytes = []byte("true") + falseBytes = []byte("false") + interfaceBytes = []byte("(interface {})") + commaNewlineBytes = []byte(",\n") + newlineBytes = []byte("\n") + openBraceBytes = []byte("{") + openBraceNewlineBytes = []byte("{\n") + closeBraceBytes = []byte("}") + asteriskBytes = []byte("*") + colonBytes = []byte(":") + colonSpaceBytes = []byte(": ") + openParenBytes = []byte("(") + closeParenBytes = []byte(")") + spaceBytes = []byte(" ") + pointerChainBytes = []byte("->") + nilAngleBytes = []byte("") + maxNewlineBytes = []byte("\n") + maxShortBytes = []byte("") + circularBytes = []byte("") + circularShortBytes = []byte("") + invalidAngleBytes = []byte("") + openBracketBytes = []byte("[") + closeBracketBytes = []byte("]") + percentBytes = []byte("%") + precisionBytes = []byte(".") + openAngleBytes = []byte("<") + closeAngleBytes = []byte(">") + openMapBytes = []byte("map[") + closeMapBytes = []byte("]") + lenEqualsBytes = []byte("len=") + capEqualsBytes = []byte("cap=") +) + +// hexDigits is used to map a decimal value to a hex digit. +var hexDigits = "0123456789abcdef" + +// catchPanic handles any panics that might occur during the handleMethods +// calls. +func catchPanic(w io.Writer, v reflect.Value) { + if err := recover(); err != nil { + w.Write(panicBytes) + fmt.Fprintf(w, "%v", err) + w.Write(closeParenBytes) + } +} + +// handleMethods attempts to call the Error and String methods on the underlying +// type the passed reflect.Value represents and outputes the result to Writer w. +// +// It handles panics in any called methods by catching and displaying the error +// as the formatted value. +func handleMethods(cs *ConfigState, w io.Writer, v reflect.Value) (handled bool) { + // We need an interface to check if the type implements the error or + // Stringer interface. However, the reflect package won't give us an + // interface on certain things like unexported struct fields in order + // to enforce visibility rules. We use unsafe, when it's available, + // to bypass these restrictions since this package does not mutate the + // values. + if !v.CanInterface() { + if UnsafeDisabled { + return false + } + + v = unsafeReflectValue(v) + } + + // Choose whether or not to do error and Stringer interface lookups against + // the base type or a pointer to the base type depending on settings. + // Technically calling one of these methods with a pointer receiver can + // mutate the value, however, types which choose to satisify an error or + // Stringer interface with a pointer receiver should not be mutating their + // state inside these interface methods. + if !cs.DisablePointerMethods && !UnsafeDisabled && !v.CanAddr() { + v = unsafeReflectValue(v) + } + if v.CanAddr() { + v = v.Addr() + } + + // Is it an error or Stringer? + switch iface := v.Interface().(type) { + case error: + defer catchPanic(w, v) + if cs.ContinueOnMethod { + w.Write(openParenBytes) + w.Write([]byte(iface.Error())) + w.Write(closeParenBytes) + w.Write(spaceBytes) + return false + } + + w.Write([]byte(iface.Error())) + return true + + case fmt.Stringer: + defer catchPanic(w, v) + if cs.ContinueOnMethod { + w.Write(openParenBytes) + w.Write([]byte(iface.String())) + w.Write(closeParenBytes) + w.Write(spaceBytes) + return false + } + w.Write([]byte(iface.String())) + return true + } + return false +} + +// printBool outputs a boolean value as true or false to Writer w. +func printBool(w io.Writer, val bool) { + if val { + w.Write(trueBytes) + } else { + w.Write(falseBytes) + } +} + +// printInt outputs a signed integer value to Writer w. +func printInt(w io.Writer, val int64, base int) { + w.Write([]byte(strconv.FormatInt(val, base))) +} + +// printUint outputs an unsigned integer value to Writer w. +func printUint(w io.Writer, val uint64, base int) { + w.Write([]byte(strconv.FormatUint(val, base))) +} + +// printFloat outputs a floating point value using the specified precision, +// which is expected to be 32 or 64bit, to Writer w. +func printFloat(w io.Writer, val float64, precision int) { + w.Write([]byte(strconv.FormatFloat(val, 'g', -1, precision))) +} + +// printComplex outputs a complex value using the specified float precision +// for the real and imaginary parts to Writer w. +func printComplex(w io.Writer, c complex128, floatPrecision int) { + r := real(c) + w.Write(openParenBytes) + w.Write([]byte(strconv.FormatFloat(r, 'g', -1, floatPrecision))) + i := imag(c) + if i >= 0 { + w.Write(plusBytes) + } + w.Write([]byte(strconv.FormatFloat(i, 'g', -1, floatPrecision))) + w.Write(iBytes) + w.Write(closeParenBytes) +} + +// printHexPtr outputs a uintptr formatted as hexadecimal with a leading '0x' +// prefix to Writer w. +func printHexPtr(w io.Writer, p uintptr) { + // Null pointer. + num := uint64(p) + if num == 0 { + w.Write(nilAngleBytes) + return + } + + // Max uint64 is 16 bytes in hex + 2 bytes for '0x' prefix + buf := make([]byte, 18) + + // It's simpler to construct the hex string right to left. + base := uint64(16) + i := len(buf) - 1 + for num >= base { + buf[i] = hexDigits[num%base] + num /= base + i-- + } + buf[i] = hexDigits[num] + + // Add '0x' prefix. + i-- + buf[i] = 'x' + i-- + buf[i] = '0' + + // Strip unused leading bytes. + buf = buf[i:] + w.Write(buf) +} + +// valuesSorter implements sort.Interface to allow a slice of reflect.Value +// elements to be sorted. +type valuesSorter struct { + values []reflect.Value + strings []string // either nil or same len and values + cs *ConfigState +} + +// newValuesSorter initializes a valuesSorter instance, which holds a set of +// surrogate keys on which the data should be sorted. It uses flags in +// ConfigState to decide if and how to populate those surrogate keys. +func newValuesSorter(values []reflect.Value, cs *ConfigState) sort.Interface { + vs := &valuesSorter{values: values, cs: cs} + if canSortSimply(vs.values[0].Kind()) { + return vs + } + if !cs.DisableMethods { + vs.strings = make([]string, len(values)) + for i := range vs.values { + b := bytes.Buffer{} + if !handleMethods(cs, &b, vs.values[i]) { + vs.strings = nil + break + } + vs.strings[i] = b.String() + } + } + if vs.strings == nil && cs.SpewKeys { + vs.strings = make([]string, len(values)) + for i := range vs.values { + vs.strings[i] = Sprintf("%#v", vs.values[i].Interface()) + } + } + return vs +} + +// canSortSimply tests whether a reflect.Kind is a primitive that can be sorted +// directly, or whether it should be considered for sorting by surrogate keys +// (if the ConfigState allows it). +func canSortSimply(kind reflect.Kind) bool { + // This switch parallels valueSortLess, except for the default case. + switch kind { + case reflect.Bool: + return true + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + return true + case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint: + return true + case reflect.Float32, reflect.Float64: + return true + case reflect.String: + return true + case reflect.Uintptr: + return true + case reflect.Array: + return true + } + return false +} + +// Len returns the number of values in the slice. It is part of the +// sort.Interface implementation. +func (s *valuesSorter) Len() int { + return len(s.values) +} + +// Swap swaps the values at the passed indices. It is part of the +// sort.Interface implementation. +func (s *valuesSorter) Swap(i, j int) { + s.values[i], s.values[j] = s.values[j], s.values[i] + if s.strings != nil { + s.strings[i], s.strings[j] = s.strings[j], s.strings[i] + } +} + +// valueSortLess returns whether the first value should sort before the second +// value. It is used by valueSorter.Less as part of the sort.Interface +// implementation. +func valueSortLess(a, b reflect.Value) bool { + switch a.Kind() { + case reflect.Bool: + return !a.Bool() && b.Bool() + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + return a.Int() < b.Int() + case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint: + return a.Uint() < b.Uint() + case reflect.Float32, reflect.Float64: + return a.Float() < b.Float() + case reflect.String: + return a.String() < b.String() + case reflect.Uintptr: + return a.Uint() < b.Uint() + case reflect.Array: + // Compare the contents of both arrays. + l := a.Len() + for i := 0; i < l; i++ { + av := a.Index(i) + bv := b.Index(i) + if av.Interface() == bv.Interface() { + continue + } + return valueSortLess(av, bv) + } + } + return a.String() < b.String() +} + +// Less returns whether the value at index i should sort before the +// value at index j. It is part of the sort.Interface implementation. +func (s *valuesSorter) Less(i, j int) bool { + if s.strings == nil { + return valueSortLess(s.values[i], s.values[j]) + } + return s.strings[i] < s.strings[j] +} + +// sortValues is a sort function that handles both native types and any type that +// can be converted to error or Stringer. Other inputs are sorted according to +// their Value.String() value to ensure display stability. +func sortValues(values []reflect.Value, cs *ConfigState) { + if len(values) == 0 { + return + } + sort.Sort(newValuesSorter(values, cs)) +} diff --git a/vendor/github.com/davecgh/go-spew/spew/config.go b/vendor/github.com/davecgh/go-spew/spew/config.go new file mode 100644 index 0000000..2e3d22f --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/config.go @@ -0,0 +1,306 @@ +/* + * Copyright (c) 2013-2016 Dave Collins + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +package spew + +import ( + "bytes" + "fmt" + "io" + "os" +) + +// ConfigState houses the configuration options used by spew to format and +// display values. There is a global instance, Config, that is used to control +// all top-level Formatter and Dump functionality. Each ConfigState instance +// provides methods equivalent to the top-level functions. +// +// The zero value for ConfigState provides no indentation. You would typically +// want to set it to a space or a tab. +// +// Alternatively, you can use NewDefaultConfig to get a ConfigState instance +// with default settings. See the documentation of NewDefaultConfig for default +// values. +type ConfigState struct { + // Indent specifies the string to use for each indentation level. The + // global config instance that all top-level functions use set this to a + // single space by default. If you would like more indentation, you might + // set this to a tab with "\t" or perhaps two spaces with " ". + Indent string + + // MaxDepth controls the maximum number of levels to descend into nested + // data structures. The default, 0, means there is no limit. + // + // NOTE: Circular data structures are properly detected, so it is not + // necessary to set this value unless you specifically want to limit deeply + // nested data structures. + MaxDepth int + + // DisableMethods specifies whether or not error and Stringer interfaces are + // invoked for types that implement them. + DisableMethods bool + + // DisablePointerMethods specifies whether or not to check for and invoke + // error and Stringer interfaces on types which only accept a pointer + // receiver when the current type is not a pointer. + // + // NOTE: This might be an unsafe action since calling one of these methods + // with a pointer receiver could technically mutate the value, however, + // in practice, types which choose to satisify an error or Stringer + // interface with a pointer receiver should not be mutating their state + // inside these interface methods. As a result, this option relies on + // access to the unsafe package, so it will not have any effect when + // running in environments without access to the unsafe package such as + // Google App Engine or with the "safe" build tag specified. + DisablePointerMethods bool + + // DisablePointerAddresses specifies whether to disable the printing of + // pointer addresses. This is useful when diffing data structures in tests. + DisablePointerAddresses bool + + // DisableCapacities specifies whether to disable the printing of capacities + // for arrays, slices, maps and channels. This is useful when diffing + // data structures in tests. + DisableCapacities bool + + // ContinueOnMethod specifies whether or not recursion should continue once + // a custom error or Stringer interface is invoked. The default, false, + // means it will print the results of invoking the custom error or Stringer + // interface and return immediately instead of continuing to recurse into + // the internals of the data type. + // + // NOTE: This flag does not have any effect if method invocation is disabled + // via the DisableMethods or DisablePointerMethods options. + ContinueOnMethod bool + + // SortKeys specifies map keys should be sorted before being printed. Use + // this to have a more deterministic, diffable output. Note that only + // native types (bool, int, uint, floats, uintptr and string) and types + // that support the error or Stringer interfaces (if methods are + // enabled) are supported, with other types sorted according to the + // reflect.Value.String() output which guarantees display stability. + SortKeys bool + + // SpewKeys specifies that, as a last resort attempt, map keys should + // be spewed to strings and sorted by those strings. This is only + // considered if SortKeys is true. + SpewKeys bool +} + +// Config is the active configuration of the top-level functions. +// The configuration can be changed by modifying the contents of spew.Config. +var Config = ConfigState{Indent: " "} + +// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the formatted string as a value that satisfies error. See NewFormatter +// for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Errorf(format, c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Errorf(format string, a ...interface{}) (err error) { + return fmt.Errorf(format, c.convertArgs(a)...) +} + +// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Fprint(w, c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Fprint(w io.Writer, a ...interface{}) (n int, err error) { + return fmt.Fprint(w, c.convertArgs(a)...) +} + +// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Fprintf(w, format, c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) { + return fmt.Fprintf(w, format, c.convertArgs(a)...) +} + +// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it +// passed with a Formatter interface returned by c.NewFormatter. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Fprintln(w, c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Fprintln(w io.Writer, a ...interface{}) (n int, err error) { + return fmt.Fprintln(w, c.convertArgs(a)...) +} + +// Print is a wrapper for fmt.Print that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Print(c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Print(a ...interface{}) (n int, err error) { + return fmt.Print(c.convertArgs(a)...) +} + +// Printf is a wrapper for fmt.Printf that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Printf(format, c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Printf(format string, a ...interface{}) (n int, err error) { + return fmt.Printf(format, c.convertArgs(a)...) +} + +// Println is a wrapper for fmt.Println that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Println(c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Println(a ...interface{}) (n int, err error) { + return fmt.Println(c.convertArgs(a)...) +} + +// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the resulting string. See NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Sprint(c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Sprint(a ...interface{}) string { + return fmt.Sprint(c.convertArgs(a)...) +} + +// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were +// passed with a Formatter interface returned by c.NewFormatter. It returns +// the resulting string. See NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Sprintf(format, c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Sprintf(format string, a ...interface{}) string { + return fmt.Sprintf(format, c.convertArgs(a)...) +} + +// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it +// were passed with a Formatter interface returned by c.NewFormatter. It +// returns the resulting string. See NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Sprintln(c.NewFormatter(a), c.NewFormatter(b)) +func (c *ConfigState) Sprintln(a ...interface{}) string { + return fmt.Sprintln(c.convertArgs(a)...) +} + +/* +NewFormatter returns a custom formatter that satisfies the fmt.Formatter +interface. As a result, it integrates cleanly with standard fmt package +printing functions. The formatter is useful for inline printing of smaller data +types similar to the standard %v format specifier. + +The custom formatter only responds to the %v (most compact), %+v (adds pointer +addresses), %#v (adds types), and %#+v (adds types and pointer addresses) verb +combinations. Any other verbs such as %x and %q will be sent to the the +standard fmt package for formatting. In addition, the custom formatter ignores +the width and precision arguments (however they will still work on the format +specifiers not handled by the custom formatter). + +Typically this function shouldn't be called directly. It is much easier to make +use of the custom formatter by calling one of the convenience functions such as +c.Printf, c.Println, or c.Printf. +*/ +func (c *ConfigState) NewFormatter(v interface{}) fmt.Formatter { + return newFormatter(c, v) +} + +// Fdump formats and displays the passed arguments to io.Writer w. It formats +// exactly the same as Dump. +func (c *ConfigState) Fdump(w io.Writer, a ...interface{}) { + fdump(c, w, a...) +} + +/* +Dump displays the passed parameters to standard out with newlines, customizable +indentation, and additional debug information such as complete types and all +pointer addresses used to indirect to the final value. It provides the +following features over the built-in printing facilities provided by the fmt +package: + + * Pointers are dereferenced and followed + * Circular data structures are detected and handled properly + * Custom Stringer/error interfaces are optionally invoked, including + on unexported types + * Custom types which only implement the Stringer/error interfaces via + a pointer receiver are optionally invoked when passing non-pointer + variables + * Byte arrays and slices are dumped like the hexdump -C command which + includes offsets, byte values in hex, and ASCII output + +The configuration options are controlled by modifying the public members +of c. See ConfigState for options documentation. + +See Fdump if you would prefer dumping to an arbitrary io.Writer or Sdump to +get the formatted result as a string. +*/ +func (c *ConfigState) Dump(a ...interface{}) { + fdump(c, os.Stdout, a...) +} + +// Sdump returns a string with the passed arguments formatted exactly the same +// as Dump. +func (c *ConfigState) Sdump(a ...interface{}) string { + var buf bytes.Buffer + fdump(c, &buf, a...) + return buf.String() +} + +// convertArgs accepts a slice of arguments and returns a slice of the same +// length with each argument converted to a spew Formatter interface using +// the ConfigState associated with s. +func (c *ConfigState) convertArgs(args []interface{}) (formatters []interface{}) { + formatters = make([]interface{}, len(args)) + for index, arg := range args { + formatters[index] = newFormatter(c, arg) + } + return formatters +} + +// NewDefaultConfig returns a ConfigState with the following default settings. +// +// Indent: " " +// MaxDepth: 0 +// DisableMethods: false +// DisablePointerMethods: false +// ContinueOnMethod: false +// SortKeys: false +func NewDefaultConfig() *ConfigState { + return &ConfigState{Indent: " "} +} diff --git a/vendor/github.com/davecgh/go-spew/spew/doc.go b/vendor/github.com/davecgh/go-spew/spew/doc.go new file mode 100644 index 0000000..aacaac6 --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/doc.go @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2013-2016 Dave Collins + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* +Package spew implements a deep pretty printer for Go data structures to aid in +debugging. + +A quick overview of the additional features spew provides over the built-in +printing facilities for Go data types are as follows: + + * Pointers are dereferenced and followed + * Circular data structures are detected and handled properly + * Custom Stringer/error interfaces are optionally invoked, including + on unexported types + * Custom types which only implement the Stringer/error interfaces via + a pointer receiver are optionally invoked when passing non-pointer + variables + * Byte arrays and slices are dumped like the hexdump -C command which + includes offsets, byte values in hex, and ASCII output (only when using + Dump style) + +There are two different approaches spew allows for dumping Go data structures: + + * Dump style which prints with newlines, customizable indentation, + and additional debug information such as types and all pointer addresses + used to indirect to the final value + * A custom Formatter interface that integrates cleanly with the standard fmt + package and replaces %v, %+v, %#v, and %#+v to provide inline printing + similar to the default %v while providing the additional functionality + outlined above and passing unsupported format verbs such as %x and %q + along to fmt + +Quick Start + +This section demonstrates how to quickly get started with spew. See the +sections below for further details on formatting and configuration options. + +To dump a variable with full newlines, indentation, type, and pointer +information use Dump, Fdump, or Sdump: + spew.Dump(myVar1, myVar2, ...) + spew.Fdump(someWriter, myVar1, myVar2, ...) + str := spew.Sdump(myVar1, myVar2, ...) + +Alternatively, if you would prefer to use format strings with a compacted inline +printing style, use the convenience wrappers Printf, Fprintf, etc with +%v (most compact), %+v (adds pointer addresses), %#v (adds types), or +%#+v (adds types and pointer addresses): + spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2) + spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4) + spew.Fprintf(someWriter, "myVar1: %v -- myVar2: %+v", myVar1, myVar2) + spew.Fprintf(someWriter, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4) + +Configuration Options + +Configuration of spew is handled by fields in the ConfigState type. For +convenience, all of the top-level functions use a global state available +via the spew.Config global. + +It is also possible to create a ConfigState instance that provides methods +equivalent to the top-level functions. This allows concurrent configuration +options. See the ConfigState documentation for more details. + +The following configuration options are available: + * Indent + String to use for each indentation level for Dump functions. + It is a single space by default. A popular alternative is "\t". + + * MaxDepth + Maximum number of levels to descend into nested data structures. + There is no limit by default. + + * DisableMethods + Disables invocation of error and Stringer interface methods. + Method invocation is enabled by default. + + * DisablePointerMethods + Disables invocation of error and Stringer interface methods on types + which only accept pointer receivers from non-pointer variables. + Pointer method invocation is enabled by default. + + * DisablePointerAddresses + DisablePointerAddresses specifies whether to disable the printing of + pointer addresses. This is useful when diffing data structures in tests. + + * DisableCapacities + DisableCapacities specifies whether to disable the printing of + capacities for arrays, slices, maps and channels. This is useful when + diffing data structures in tests. + + * ContinueOnMethod + Enables recursion into types after invoking error and Stringer interface + methods. Recursion after method invocation is disabled by default. + + * SortKeys + Specifies map keys should be sorted before being printed. Use + this to have a more deterministic, diffable output. Note that + only native types (bool, int, uint, floats, uintptr and string) + and types which implement error or Stringer interfaces are + supported with other types sorted according to the + reflect.Value.String() output which guarantees display + stability. Natural map order is used by default. + + * SpewKeys + Specifies that, as a last resort attempt, map keys should be + spewed to strings and sorted by those strings. This is only + considered if SortKeys is true. + +Dump Usage + +Simply call spew.Dump with a list of variables you want to dump: + + spew.Dump(myVar1, myVar2, ...) + +You may also call spew.Fdump if you would prefer to output to an arbitrary +io.Writer. For example, to dump to standard error: + + spew.Fdump(os.Stderr, myVar1, myVar2, ...) + +A third option is to call spew.Sdump to get the formatted output as a string: + + str := spew.Sdump(myVar1, myVar2, ...) + +Sample Dump Output + +See the Dump example for details on the setup of the types and variables being +shown here. + + (main.Foo) { + unexportedField: (*main.Bar)(0xf84002e210)({ + flag: (main.Flag) flagTwo, + data: (uintptr) + }), + ExportedField: (map[interface {}]interface {}) (len=1) { + (string) (len=3) "one": (bool) true + } + } + +Byte (and uint8) arrays and slices are displayed uniquely like the hexdump -C +command as shown. + ([]uint8) (len=32 cap=32) { + 00000000 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 |............... | + 00000010 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 |!"#$%&'()*+,-./0| + 00000020 31 32 |12| + } + +Custom Formatter + +Spew provides a custom formatter that implements the fmt.Formatter interface +so that it integrates cleanly with standard fmt package printing functions. The +formatter is useful for inline printing of smaller data types similar to the +standard %v format specifier. + +The custom formatter only responds to the %v (most compact), %+v (adds pointer +addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb +combinations. Any other verbs such as %x and %q will be sent to the the +standard fmt package for formatting. In addition, the custom formatter ignores +the width and precision arguments (however they will still work on the format +specifiers not handled by the custom formatter). + +Custom Formatter Usage + +The simplest way to make use of the spew custom formatter is to call one of the +convenience functions such as spew.Printf, spew.Println, or spew.Printf. The +functions have syntax you are most likely already familiar with: + + spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2) + spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4) + spew.Println(myVar, myVar2) + spew.Fprintf(os.Stderr, "myVar1: %v -- myVar2: %+v", myVar1, myVar2) + spew.Fprintf(os.Stderr, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4) + +See the Index for the full list convenience functions. + +Sample Formatter Output + +Double pointer to a uint8: + %v: <**>5 + %+v: <**>(0xf8400420d0->0xf8400420c8)5 + %#v: (**uint8)5 + %#+v: (**uint8)(0xf8400420d0->0xf8400420c8)5 + +Pointer to circular struct with a uint8 field and a pointer to itself: + %v: <*>{1 <*>} + %+v: <*>(0xf84003e260){ui8:1 c:<*>(0xf84003e260)} + %#v: (*main.circular){ui8:(uint8)1 c:(*main.circular)} + %#+v: (*main.circular)(0xf84003e260){ui8:(uint8)1 c:(*main.circular)(0xf84003e260)} + +See the Printf example for details on the setup of variables being shown +here. + +Errors + +Since it is possible for custom Stringer/error interfaces to panic, spew +detects them and handles them internally by printing the panic information +inline with the output. Since spew is intended to provide deep pretty printing +capabilities on structures, it intentionally does not return any errors. +*/ +package spew diff --git a/vendor/github.com/davecgh/go-spew/spew/dump.go b/vendor/github.com/davecgh/go-spew/spew/dump.go new file mode 100644 index 0000000..f78d89f --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/dump.go @@ -0,0 +1,509 @@ +/* + * Copyright (c) 2013-2016 Dave Collins + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +package spew + +import ( + "bytes" + "encoding/hex" + "fmt" + "io" + "os" + "reflect" + "regexp" + "strconv" + "strings" +) + +var ( + // uint8Type is a reflect.Type representing a uint8. It is used to + // convert cgo types to uint8 slices for hexdumping. + uint8Type = reflect.TypeOf(uint8(0)) + + // cCharRE is a regular expression that matches a cgo char. + // It is used to detect character arrays to hexdump them. + cCharRE = regexp.MustCompile(`^.*\._Ctype_char$`) + + // cUnsignedCharRE is a regular expression that matches a cgo unsigned + // char. It is used to detect unsigned character arrays to hexdump + // them. + cUnsignedCharRE = regexp.MustCompile(`^.*\._Ctype_unsignedchar$`) + + // cUint8tCharRE is a regular expression that matches a cgo uint8_t. + // It is used to detect uint8_t arrays to hexdump them. + cUint8tCharRE = regexp.MustCompile(`^.*\._Ctype_uint8_t$`) +) + +// dumpState contains information about the state of a dump operation. +type dumpState struct { + w io.Writer + depth int + pointers map[uintptr]int + ignoreNextType bool + ignoreNextIndent bool + cs *ConfigState +} + +// indent performs indentation according to the depth level and cs.Indent +// option. +func (d *dumpState) indent() { + if d.ignoreNextIndent { + d.ignoreNextIndent = false + return + } + d.w.Write(bytes.Repeat([]byte(d.cs.Indent), d.depth)) +} + +// unpackValue returns values inside of non-nil interfaces when possible. +// This is useful for data types like structs, arrays, slices, and maps which +// can contain varying types packed inside an interface. +func (d *dumpState) unpackValue(v reflect.Value) reflect.Value { + if v.Kind() == reflect.Interface && !v.IsNil() { + v = v.Elem() + } + return v +} + +// dumpPtr handles formatting of pointers by indirecting them as necessary. +func (d *dumpState) dumpPtr(v reflect.Value) { + // Remove pointers at or below the current depth from map used to detect + // circular refs. + for k, depth := range d.pointers { + if depth >= d.depth { + delete(d.pointers, k) + } + } + + // Keep list of all dereferenced pointers to show later. + pointerChain := make([]uintptr, 0) + + // Figure out how many levels of indirection there are by dereferencing + // pointers and unpacking interfaces down the chain while detecting circular + // references. + nilFound := false + cycleFound := false + indirects := 0 + ve := v + for ve.Kind() == reflect.Ptr { + if ve.IsNil() { + nilFound = true + break + } + indirects++ + addr := ve.Pointer() + pointerChain = append(pointerChain, addr) + if pd, ok := d.pointers[addr]; ok && pd < d.depth { + cycleFound = true + indirects-- + break + } + d.pointers[addr] = d.depth + + ve = ve.Elem() + if ve.Kind() == reflect.Interface { + if ve.IsNil() { + nilFound = true + break + } + ve = ve.Elem() + } + } + + // Display type information. + d.w.Write(openParenBytes) + d.w.Write(bytes.Repeat(asteriskBytes, indirects)) + d.w.Write([]byte(ve.Type().String())) + d.w.Write(closeParenBytes) + + // Display pointer information. + if !d.cs.DisablePointerAddresses && len(pointerChain) > 0 { + d.w.Write(openParenBytes) + for i, addr := range pointerChain { + if i > 0 { + d.w.Write(pointerChainBytes) + } + printHexPtr(d.w, addr) + } + d.w.Write(closeParenBytes) + } + + // Display dereferenced value. + d.w.Write(openParenBytes) + switch { + case nilFound: + d.w.Write(nilAngleBytes) + + case cycleFound: + d.w.Write(circularBytes) + + default: + d.ignoreNextType = true + d.dump(ve) + } + d.w.Write(closeParenBytes) +} + +// dumpSlice handles formatting of arrays and slices. Byte (uint8 under +// reflection) arrays and slices are dumped in hexdump -C fashion. +func (d *dumpState) dumpSlice(v reflect.Value) { + // Determine whether this type should be hex dumped or not. Also, + // for types which should be hexdumped, try to use the underlying data + // first, then fall back to trying to convert them to a uint8 slice. + var buf []uint8 + doConvert := false + doHexDump := false + numEntries := v.Len() + if numEntries > 0 { + vt := v.Index(0).Type() + vts := vt.String() + switch { + // C types that need to be converted. + case cCharRE.MatchString(vts): + fallthrough + case cUnsignedCharRE.MatchString(vts): + fallthrough + case cUint8tCharRE.MatchString(vts): + doConvert = true + + // Try to use existing uint8 slices and fall back to converting + // and copying if that fails. + case vt.Kind() == reflect.Uint8: + // We need an addressable interface to convert the type + // to a byte slice. However, the reflect package won't + // give us an interface on certain things like + // unexported struct fields in order to enforce + // visibility rules. We use unsafe, when available, to + // bypass these restrictions since this package does not + // mutate the values. + vs := v + if !vs.CanInterface() || !vs.CanAddr() { + vs = unsafeReflectValue(vs) + } + if !UnsafeDisabled { + vs = vs.Slice(0, numEntries) + + // Use the existing uint8 slice if it can be + // type asserted. + iface := vs.Interface() + if slice, ok := iface.([]uint8); ok { + buf = slice + doHexDump = true + break + } + } + + // The underlying data needs to be converted if it can't + // be type asserted to a uint8 slice. + doConvert = true + } + + // Copy and convert the underlying type if needed. + if doConvert && vt.ConvertibleTo(uint8Type) { + // Convert and copy each element into a uint8 byte + // slice. + buf = make([]uint8, numEntries) + for i := 0; i < numEntries; i++ { + vv := v.Index(i) + buf[i] = uint8(vv.Convert(uint8Type).Uint()) + } + doHexDump = true + } + } + + // Hexdump the entire slice as needed. + if doHexDump { + indent := strings.Repeat(d.cs.Indent, d.depth) + str := indent + hex.Dump(buf) + str = strings.Replace(str, "\n", "\n"+indent, -1) + str = strings.TrimRight(str, d.cs.Indent) + d.w.Write([]byte(str)) + return + } + + // Recursively call dump for each item. + for i := 0; i < numEntries; i++ { + d.dump(d.unpackValue(v.Index(i))) + if i < (numEntries - 1) { + d.w.Write(commaNewlineBytes) + } else { + d.w.Write(newlineBytes) + } + } +} + +// dump is the main workhorse for dumping a value. It uses the passed reflect +// value to figure out what kind of object we are dealing with and formats it +// appropriately. It is a recursive function, however circular data structures +// are detected and handled properly. +func (d *dumpState) dump(v reflect.Value) { + // Handle invalid reflect values immediately. + kind := v.Kind() + if kind == reflect.Invalid { + d.w.Write(invalidAngleBytes) + return + } + + // Handle pointers specially. + if kind == reflect.Ptr { + d.indent() + d.dumpPtr(v) + return + } + + // Print type information unless already handled elsewhere. + if !d.ignoreNextType { + d.indent() + d.w.Write(openParenBytes) + d.w.Write([]byte(v.Type().String())) + d.w.Write(closeParenBytes) + d.w.Write(spaceBytes) + } + d.ignoreNextType = false + + // Display length and capacity if the built-in len and cap functions + // work with the value's kind and the len/cap itself is non-zero. + valueLen, valueCap := 0, 0 + switch v.Kind() { + case reflect.Array, reflect.Slice, reflect.Chan: + valueLen, valueCap = v.Len(), v.Cap() + case reflect.Map, reflect.String: + valueLen = v.Len() + } + if valueLen != 0 || !d.cs.DisableCapacities && valueCap != 0 { + d.w.Write(openParenBytes) + if valueLen != 0 { + d.w.Write(lenEqualsBytes) + printInt(d.w, int64(valueLen), 10) + } + if !d.cs.DisableCapacities && valueCap != 0 { + if valueLen != 0 { + d.w.Write(spaceBytes) + } + d.w.Write(capEqualsBytes) + printInt(d.w, int64(valueCap), 10) + } + d.w.Write(closeParenBytes) + d.w.Write(spaceBytes) + } + + // Call Stringer/error interfaces if they exist and the handle methods flag + // is enabled + if !d.cs.DisableMethods { + if (kind != reflect.Invalid) && (kind != reflect.Interface) { + if handled := handleMethods(d.cs, d.w, v); handled { + return + } + } + } + + switch kind { + case reflect.Invalid: + // Do nothing. We should never get here since invalid has already + // been handled above. + + case reflect.Bool: + printBool(d.w, v.Bool()) + + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + printInt(d.w, v.Int(), 10) + + case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint: + printUint(d.w, v.Uint(), 10) + + case reflect.Float32: + printFloat(d.w, v.Float(), 32) + + case reflect.Float64: + printFloat(d.w, v.Float(), 64) + + case reflect.Complex64: + printComplex(d.w, v.Complex(), 32) + + case reflect.Complex128: + printComplex(d.w, v.Complex(), 64) + + case reflect.Slice: + if v.IsNil() { + d.w.Write(nilAngleBytes) + break + } + fallthrough + + case reflect.Array: + d.w.Write(openBraceNewlineBytes) + d.depth++ + if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) { + d.indent() + d.w.Write(maxNewlineBytes) + } else { + d.dumpSlice(v) + } + d.depth-- + d.indent() + d.w.Write(closeBraceBytes) + + case reflect.String: + d.w.Write([]byte(strconv.Quote(v.String()))) + + case reflect.Interface: + // The only time we should get here is for nil interfaces due to + // unpackValue calls. + if v.IsNil() { + d.w.Write(nilAngleBytes) + } + + case reflect.Ptr: + // Do nothing. We should never get here since pointers have already + // been handled above. + + case reflect.Map: + // nil maps should be indicated as different than empty maps + if v.IsNil() { + d.w.Write(nilAngleBytes) + break + } + + d.w.Write(openBraceNewlineBytes) + d.depth++ + if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) { + d.indent() + d.w.Write(maxNewlineBytes) + } else { + numEntries := v.Len() + keys := v.MapKeys() + if d.cs.SortKeys { + sortValues(keys, d.cs) + } + for i, key := range keys { + d.dump(d.unpackValue(key)) + d.w.Write(colonSpaceBytes) + d.ignoreNextIndent = true + d.dump(d.unpackValue(v.MapIndex(key))) + if i < (numEntries - 1) { + d.w.Write(commaNewlineBytes) + } else { + d.w.Write(newlineBytes) + } + } + } + d.depth-- + d.indent() + d.w.Write(closeBraceBytes) + + case reflect.Struct: + d.w.Write(openBraceNewlineBytes) + d.depth++ + if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) { + d.indent() + d.w.Write(maxNewlineBytes) + } else { + vt := v.Type() + numFields := v.NumField() + for i := 0; i < numFields; i++ { + d.indent() + vtf := vt.Field(i) + d.w.Write([]byte(vtf.Name)) + d.w.Write(colonSpaceBytes) + d.ignoreNextIndent = true + d.dump(d.unpackValue(v.Field(i))) + if i < (numFields - 1) { + d.w.Write(commaNewlineBytes) + } else { + d.w.Write(newlineBytes) + } + } + } + d.depth-- + d.indent() + d.w.Write(closeBraceBytes) + + case reflect.Uintptr: + printHexPtr(d.w, uintptr(v.Uint())) + + case reflect.UnsafePointer, reflect.Chan, reflect.Func: + printHexPtr(d.w, v.Pointer()) + + // There were not any other types at the time this code was written, but + // fall back to letting the default fmt package handle it in case any new + // types are added. + default: + if v.CanInterface() { + fmt.Fprintf(d.w, "%v", v.Interface()) + } else { + fmt.Fprintf(d.w, "%v", v.String()) + } + } +} + +// fdump is a helper function to consolidate the logic from the various public +// methods which take varying writers and config states. +func fdump(cs *ConfigState, w io.Writer, a ...interface{}) { + for _, arg := range a { + if arg == nil { + w.Write(interfaceBytes) + w.Write(spaceBytes) + w.Write(nilAngleBytes) + w.Write(newlineBytes) + continue + } + + d := dumpState{w: w, cs: cs} + d.pointers = make(map[uintptr]int) + d.dump(reflect.ValueOf(arg)) + d.w.Write(newlineBytes) + } +} + +// Fdump formats and displays the passed arguments to io.Writer w. It formats +// exactly the same as Dump. +func Fdump(w io.Writer, a ...interface{}) { + fdump(&Config, w, a...) +} + +// Sdump returns a string with the passed arguments formatted exactly the same +// as Dump. +func Sdump(a ...interface{}) string { + var buf bytes.Buffer + fdump(&Config, &buf, a...) + return buf.String() +} + +/* +Dump displays the passed parameters to standard out with newlines, customizable +indentation, and additional debug information such as complete types and all +pointer addresses used to indirect to the final value. It provides the +following features over the built-in printing facilities provided by the fmt +package: + + * Pointers are dereferenced and followed + * Circular data structures are detected and handled properly + * Custom Stringer/error interfaces are optionally invoked, including + on unexported types + * Custom types which only implement the Stringer/error interfaces via + a pointer receiver are optionally invoked when passing non-pointer + variables + * Byte arrays and slices are dumped like the hexdump -C command which + includes offsets, byte values in hex, and ASCII output + +The configuration options are controlled by an exported package global, +spew.Config. See ConfigState for options documentation. + +See Fdump if you would prefer dumping to an arbitrary io.Writer or Sdump to +get the formatted result as a string. +*/ +func Dump(a ...interface{}) { + fdump(&Config, os.Stdout, a...) +} diff --git a/vendor/github.com/davecgh/go-spew/spew/format.go b/vendor/github.com/davecgh/go-spew/spew/format.go new file mode 100644 index 0000000..b04edb7 --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/format.go @@ -0,0 +1,419 @@ +/* + * Copyright (c) 2013-2016 Dave Collins + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +package spew + +import ( + "bytes" + "fmt" + "reflect" + "strconv" + "strings" +) + +// supportedFlags is a list of all the character flags supported by fmt package. +const supportedFlags = "0-+# " + +// formatState implements the fmt.Formatter interface and contains information +// about the state of a formatting operation. The NewFormatter function can +// be used to get a new Formatter which can be used directly as arguments +// in standard fmt package printing calls. +type formatState struct { + value interface{} + fs fmt.State + depth int + pointers map[uintptr]int + ignoreNextType bool + cs *ConfigState +} + +// buildDefaultFormat recreates the original format string without precision +// and width information to pass in to fmt.Sprintf in the case of an +// unrecognized type. Unless new types are added to the language, this +// function won't ever be called. +func (f *formatState) buildDefaultFormat() (format string) { + buf := bytes.NewBuffer(percentBytes) + + for _, flag := range supportedFlags { + if f.fs.Flag(int(flag)) { + buf.WriteRune(flag) + } + } + + buf.WriteRune('v') + + format = buf.String() + return format +} + +// constructOrigFormat recreates the original format string including precision +// and width information to pass along to the standard fmt package. This allows +// automatic deferral of all format strings this package doesn't support. +func (f *formatState) constructOrigFormat(verb rune) (format string) { + buf := bytes.NewBuffer(percentBytes) + + for _, flag := range supportedFlags { + if f.fs.Flag(int(flag)) { + buf.WriteRune(flag) + } + } + + if width, ok := f.fs.Width(); ok { + buf.WriteString(strconv.Itoa(width)) + } + + if precision, ok := f.fs.Precision(); ok { + buf.Write(precisionBytes) + buf.WriteString(strconv.Itoa(precision)) + } + + buf.WriteRune(verb) + + format = buf.String() + return format +} + +// unpackValue returns values inside of non-nil interfaces when possible and +// ensures that types for values which have been unpacked from an interface +// are displayed when the show types flag is also set. +// This is useful for data types like structs, arrays, slices, and maps which +// can contain varying types packed inside an interface. +func (f *formatState) unpackValue(v reflect.Value) reflect.Value { + if v.Kind() == reflect.Interface { + f.ignoreNextType = false + if !v.IsNil() { + v = v.Elem() + } + } + return v +} + +// formatPtr handles formatting of pointers by indirecting them as necessary. +func (f *formatState) formatPtr(v reflect.Value) { + // Display nil if top level pointer is nil. + showTypes := f.fs.Flag('#') + if v.IsNil() && (!showTypes || f.ignoreNextType) { + f.fs.Write(nilAngleBytes) + return + } + + // Remove pointers at or below the current depth from map used to detect + // circular refs. + for k, depth := range f.pointers { + if depth >= f.depth { + delete(f.pointers, k) + } + } + + // Keep list of all dereferenced pointers to possibly show later. + pointerChain := make([]uintptr, 0) + + // Figure out how many levels of indirection there are by derferencing + // pointers and unpacking interfaces down the chain while detecting circular + // references. + nilFound := false + cycleFound := false + indirects := 0 + ve := v + for ve.Kind() == reflect.Ptr { + if ve.IsNil() { + nilFound = true + break + } + indirects++ + addr := ve.Pointer() + pointerChain = append(pointerChain, addr) + if pd, ok := f.pointers[addr]; ok && pd < f.depth { + cycleFound = true + indirects-- + break + } + f.pointers[addr] = f.depth + + ve = ve.Elem() + if ve.Kind() == reflect.Interface { + if ve.IsNil() { + nilFound = true + break + } + ve = ve.Elem() + } + } + + // Display type or indirection level depending on flags. + if showTypes && !f.ignoreNextType { + f.fs.Write(openParenBytes) + f.fs.Write(bytes.Repeat(asteriskBytes, indirects)) + f.fs.Write([]byte(ve.Type().String())) + f.fs.Write(closeParenBytes) + } else { + if nilFound || cycleFound { + indirects += strings.Count(ve.Type().String(), "*") + } + f.fs.Write(openAngleBytes) + f.fs.Write([]byte(strings.Repeat("*", indirects))) + f.fs.Write(closeAngleBytes) + } + + // Display pointer information depending on flags. + if f.fs.Flag('+') && (len(pointerChain) > 0) { + f.fs.Write(openParenBytes) + for i, addr := range pointerChain { + if i > 0 { + f.fs.Write(pointerChainBytes) + } + printHexPtr(f.fs, addr) + } + f.fs.Write(closeParenBytes) + } + + // Display dereferenced value. + switch { + case nilFound: + f.fs.Write(nilAngleBytes) + + case cycleFound: + f.fs.Write(circularShortBytes) + + default: + f.ignoreNextType = true + f.format(ve) + } +} + +// format is the main workhorse for providing the Formatter interface. It +// uses the passed reflect value to figure out what kind of object we are +// dealing with and formats it appropriately. It is a recursive function, +// however circular data structures are detected and handled properly. +func (f *formatState) format(v reflect.Value) { + // Handle invalid reflect values immediately. + kind := v.Kind() + if kind == reflect.Invalid { + f.fs.Write(invalidAngleBytes) + return + } + + // Handle pointers specially. + if kind == reflect.Ptr { + f.formatPtr(v) + return + } + + // Print type information unless already handled elsewhere. + if !f.ignoreNextType && f.fs.Flag('#') { + f.fs.Write(openParenBytes) + f.fs.Write([]byte(v.Type().String())) + f.fs.Write(closeParenBytes) + } + f.ignoreNextType = false + + // Call Stringer/error interfaces if they exist and the handle methods + // flag is enabled. + if !f.cs.DisableMethods { + if (kind != reflect.Invalid) && (kind != reflect.Interface) { + if handled := handleMethods(f.cs, f.fs, v); handled { + return + } + } + } + + switch kind { + case reflect.Invalid: + // Do nothing. We should never get here since invalid has already + // been handled above. + + case reflect.Bool: + printBool(f.fs, v.Bool()) + + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + printInt(f.fs, v.Int(), 10) + + case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint: + printUint(f.fs, v.Uint(), 10) + + case reflect.Float32: + printFloat(f.fs, v.Float(), 32) + + case reflect.Float64: + printFloat(f.fs, v.Float(), 64) + + case reflect.Complex64: + printComplex(f.fs, v.Complex(), 32) + + case reflect.Complex128: + printComplex(f.fs, v.Complex(), 64) + + case reflect.Slice: + if v.IsNil() { + f.fs.Write(nilAngleBytes) + break + } + fallthrough + + case reflect.Array: + f.fs.Write(openBracketBytes) + f.depth++ + if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) { + f.fs.Write(maxShortBytes) + } else { + numEntries := v.Len() + for i := 0; i < numEntries; i++ { + if i > 0 { + f.fs.Write(spaceBytes) + } + f.ignoreNextType = true + f.format(f.unpackValue(v.Index(i))) + } + } + f.depth-- + f.fs.Write(closeBracketBytes) + + case reflect.String: + f.fs.Write([]byte(v.String())) + + case reflect.Interface: + // The only time we should get here is for nil interfaces due to + // unpackValue calls. + if v.IsNil() { + f.fs.Write(nilAngleBytes) + } + + case reflect.Ptr: + // Do nothing. We should never get here since pointers have already + // been handled above. + + case reflect.Map: + // nil maps should be indicated as different than empty maps + if v.IsNil() { + f.fs.Write(nilAngleBytes) + break + } + + f.fs.Write(openMapBytes) + f.depth++ + if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) { + f.fs.Write(maxShortBytes) + } else { + keys := v.MapKeys() + if f.cs.SortKeys { + sortValues(keys, f.cs) + } + for i, key := range keys { + if i > 0 { + f.fs.Write(spaceBytes) + } + f.ignoreNextType = true + f.format(f.unpackValue(key)) + f.fs.Write(colonBytes) + f.ignoreNextType = true + f.format(f.unpackValue(v.MapIndex(key))) + } + } + f.depth-- + f.fs.Write(closeMapBytes) + + case reflect.Struct: + numFields := v.NumField() + f.fs.Write(openBraceBytes) + f.depth++ + if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) { + f.fs.Write(maxShortBytes) + } else { + vt := v.Type() + for i := 0; i < numFields; i++ { + if i > 0 { + f.fs.Write(spaceBytes) + } + vtf := vt.Field(i) + if f.fs.Flag('+') || f.fs.Flag('#') { + f.fs.Write([]byte(vtf.Name)) + f.fs.Write(colonBytes) + } + f.format(f.unpackValue(v.Field(i))) + } + } + f.depth-- + f.fs.Write(closeBraceBytes) + + case reflect.Uintptr: + printHexPtr(f.fs, uintptr(v.Uint())) + + case reflect.UnsafePointer, reflect.Chan, reflect.Func: + printHexPtr(f.fs, v.Pointer()) + + // There were not any other types at the time this code was written, but + // fall back to letting the default fmt package handle it if any get added. + default: + format := f.buildDefaultFormat() + if v.CanInterface() { + fmt.Fprintf(f.fs, format, v.Interface()) + } else { + fmt.Fprintf(f.fs, format, v.String()) + } + } +} + +// Format satisfies the fmt.Formatter interface. See NewFormatter for usage +// details. +func (f *formatState) Format(fs fmt.State, verb rune) { + f.fs = fs + + // Use standard formatting for verbs that are not v. + if verb != 'v' { + format := f.constructOrigFormat(verb) + fmt.Fprintf(fs, format, f.value) + return + } + + if f.value == nil { + if fs.Flag('#') { + fs.Write(interfaceBytes) + } + fs.Write(nilAngleBytes) + return + } + + f.format(reflect.ValueOf(f.value)) +} + +// newFormatter is a helper function to consolidate the logic from the various +// public methods which take varying config states. +func newFormatter(cs *ConfigState, v interface{}) fmt.Formatter { + fs := &formatState{value: v, cs: cs} + fs.pointers = make(map[uintptr]int) + return fs +} + +/* +NewFormatter returns a custom formatter that satisfies the fmt.Formatter +interface. As a result, it integrates cleanly with standard fmt package +printing functions. The formatter is useful for inline printing of smaller data +types similar to the standard %v format specifier. + +The custom formatter only responds to the %v (most compact), %+v (adds pointer +addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb +combinations. Any other verbs such as %x and %q will be sent to the the +standard fmt package for formatting. In addition, the custom formatter ignores +the width and precision arguments (however they will still work on the format +specifiers not handled by the custom formatter). + +Typically this function shouldn't be called directly. It is much easier to make +use of the custom formatter by calling one of the convenience functions such as +Printf, Println, or Fprintf. +*/ +func NewFormatter(v interface{}) fmt.Formatter { + return newFormatter(&Config, v) +} diff --git a/vendor/github.com/davecgh/go-spew/spew/spew.go b/vendor/github.com/davecgh/go-spew/spew/spew.go new file mode 100644 index 0000000..32c0e33 --- /dev/null +++ b/vendor/github.com/davecgh/go-spew/spew/spew.go @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2013-2016 Dave Collins + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +package spew + +import ( + "fmt" + "io" +) + +// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the formatted string as a value that satisfies error. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Errorf(format, spew.NewFormatter(a), spew.NewFormatter(b)) +func Errorf(format string, a ...interface{}) (err error) { + return fmt.Errorf(format, convertArgs(a)...) +} + +// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Fprint(w, spew.NewFormatter(a), spew.NewFormatter(b)) +func Fprint(w io.Writer, a ...interface{}) (n int, err error) { + return fmt.Fprint(w, convertArgs(a)...) +} + +// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Fprintf(w, format, spew.NewFormatter(a), spew.NewFormatter(b)) +func Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) { + return fmt.Fprintf(w, format, convertArgs(a)...) +} + +// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it +// passed with a default Formatter interface returned by NewFormatter. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Fprintln(w, spew.NewFormatter(a), spew.NewFormatter(b)) +func Fprintln(w io.Writer, a ...interface{}) (n int, err error) { + return fmt.Fprintln(w, convertArgs(a)...) +} + +// Print is a wrapper for fmt.Print that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Print(spew.NewFormatter(a), spew.NewFormatter(b)) +func Print(a ...interface{}) (n int, err error) { + return fmt.Print(convertArgs(a)...) +} + +// Printf is a wrapper for fmt.Printf that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Printf(format, spew.NewFormatter(a), spew.NewFormatter(b)) +func Printf(format string, a ...interface{}) (n int, err error) { + return fmt.Printf(format, convertArgs(a)...) +} + +// Println is a wrapper for fmt.Println that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the number of bytes written and any write error encountered. See +// NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Println(spew.NewFormatter(a), spew.NewFormatter(b)) +func Println(a ...interface{}) (n int, err error) { + return fmt.Println(convertArgs(a)...) +} + +// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the resulting string. See NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Sprint(spew.NewFormatter(a), spew.NewFormatter(b)) +func Sprint(a ...interface{}) string { + return fmt.Sprint(convertArgs(a)...) +} + +// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were +// passed with a default Formatter interface returned by NewFormatter. It +// returns the resulting string. See NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Sprintf(format, spew.NewFormatter(a), spew.NewFormatter(b)) +func Sprintf(format string, a ...interface{}) string { + return fmt.Sprintf(format, convertArgs(a)...) +} + +// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it +// were passed with a default Formatter interface returned by NewFormatter. It +// returns the resulting string. See NewFormatter for formatting details. +// +// This function is shorthand for the following syntax: +// +// fmt.Sprintln(spew.NewFormatter(a), spew.NewFormatter(b)) +func Sprintln(a ...interface{}) string { + return fmt.Sprintln(convertArgs(a)...) +} + +// convertArgs accepts a slice of arguments and returns a slice of the same +// length with each argument converted to a default spew Formatter interface. +func convertArgs(args []interface{}) (formatters []interface{}) { + formatters = make([]interface{}, len(args)) + for index, arg := range args { + formatters[index] = NewFormatter(arg) + } + return formatters +} diff --git a/vendor/github.com/go-errors/errors/.travis.yml b/vendor/github.com/go-errors/errors/.travis.yml new file mode 100644 index 0000000..9d00fdd --- /dev/null +++ b/vendor/github.com/go-errors/errors/.travis.yml @@ -0,0 +1,5 @@ +language: go + +go: + - "1.8.x" + - "1.10.x" diff --git a/vendor/github.com/go-errors/errors/LICENSE.MIT b/vendor/github.com/go-errors/errors/LICENSE.MIT new file mode 100644 index 0000000..c9a5b2e --- /dev/null +++ b/vendor/github.com/go-errors/errors/LICENSE.MIT @@ -0,0 +1,7 @@ +Copyright (c) 2015 Conrad Irwin + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/go-errors/errors/README.md b/vendor/github.com/go-errors/errors/README.md new file mode 100644 index 0000000..5d4f187 --- /dev/null +++ b/vendor/github.com/go-errors/errors/README.md @@ -0,0 +1,66 @@ +go-errors/errors +================ + +[![Build Status](https://travis-ci.org/go-errors/errors.svg?branch=master)](https://travis-ci.org/go-errors/errors) + +Package errors adds stacktrace support to errors in go. + +This is particularly useful when you want to understand the state of execution +when an error was returned unexpectedly. + +It provides the type \*Error which implements the standard golang error +interface, so you can use this library interchangably with code that is +expecting a normal error return. + +Usage +----- + +Full documentation is available on +[godoc](https://godoc.org/github.com/go-errors/errors), but here's a simple +example: + +```go +package crashy + +import "github.com/go-errors/errors" + +var Crashed = errors.Errorf("oh dear") + +func Crash() error { + return errors.New(Crashed) +} +``` + +This can be called as follows: + +```go +package main + +import ( + "crashy" + "fmt" + "github.com/go-errors/errors" +) + +func main() { + err := crashy.Crash() + if err != nil { + if errors.Is(err, crashy.Crashed) { + fmt.Println(err.(*errors.Error).ErrorStack()) + } else { + panic(err) + } + } +} +``` + +Meta-fu +------- + +This package was original written to allow reporting to +[Bugsnag](https://bugsnag.com/) from +[bugsnag-go](https://github.com/bugsnag/bugsnag-go), but after I found similar +packages by Facebook and Dropbox, it was moved to one canonical location so +everyone can benefit. + +This package is licensed under the MIT license, see LICENSE.MIT for details. diff --git a/vendor/github.com/go-errors/errors/cover.out b/vendor/github.com/go-errors/errors/cover.out new file mode 100644 index 0000000..ab18b05 --- /dev/null +++ b/vendor/github.com/go-errors/errors/cover.out @@ -0,0 +1,89 @@ +mode: set +github.com/go-errors/errors/stackframe.go:27.51,30.25 2 1 +github.com/go-errors/errors/stackframe.go:33.2,38.8 3 1 +github.com/go-errors/errors/stackframe.go:30.25,32.3 1 0 +github.com/go-errors/errors/stackframe.go:43.47,44.31 1 1 +github.com/go-errors/errors/stackframe.go:47.2,47.48 1 1 +github.com/go-errors/errors/stackframe.go:44.31,46.3 1 1 +github.com/go-errors/errors/stackframe.go:52.42,56.16 3 1 +github.com/go-errors/errors/stackframe.go:60.2,60.60 1 1 +github.com/go-errors/errors/stackframe.go:56.16,58.3 1 0 +github.com/go-errors/errors/stackframe.go:64.55,67.16 2 1 +github.com/go-errors/errors/stackframe.go:71.2,72.61 2 1 +github.com/go-errors/errors/stackframe.go:76.2,76.66 1 1 +github.com/go-errors/errors/stackframe.go:67.16,69.3 1 0 +github.com/go-errors/errors/stackframe.go:72.61,74.3 1 0 +github.com/go-errors/errors/stackframe.go:79.56,91.63 3 1 +github.com/go-errors/errors/stackframe.go:95.2,95.53 1 1 +github.com/go-errors/errors/stackframe.go:100.2,101.18 2 1 +github.com/go-errors/errors/stackframe.go:91.63,94.3 2 1 +github.com/go-errors/errors/stackframe.go:95.53,98.3 2 1 +github.com/go-errors/errors/error.go:70.32,73.23 2 1 +github.com/go-errors/errors/error.go:80.2,85.3 3 1 +github.com/go-errors/errors/error.go:74.2,75.10 1 1 +github.com/go-errors/errors/error.go:76.2,77.28 1 1 +github.com/go-errors/errors/error.go:92.43,95.23 2 1 +github.com/go-errors/errors/error.go:104.2,109.3 3 1 +github.com/go-errors/errors/error.go:96.2,97.11 1 1 +github.com/go-errors/errors/error.go:98.2,99.10 1 1 +github.com/go-errors/errors/error.go:100.2,101.28 1 1 +github.com/go-errors/errors/error.go:115.39,117.19 1 1 +github.com/go-errors/errors/error.go:121.2,121.29 1 1 +github.com/go-errors/errors/error.go:125.2,125.43 1 1 +github.com/go-errors/errors/error.go:129.2,129.14 1 1 +github.com/go-errors/errors/error.go:117.19,119.3 1 1 +github.com/go-errors/errors/error.go:121.29,123.3 1 1 +github.com/go-errors/errors/error.go:125.43,127.3 1 1 +github.com/go-errors/errors/error.go:135.53,137.2 1 1 +github.com/go-errors/errors/error.go:140.34,142.2 1 1 +github.com/go-errors/errors/error.go:146.34,149.42 2 1 +github.com/go-errors/errors/error.go:153.2,153.20 1 1 +github.com/go-errors/errors/error.go:149.42,151.3 1 1 +github.com/go-errors/errors/error.go:158.39,160.2 1 1 +github.com/go-errors/errors/error.go:164.46,165.23 1 1 +github.com/go-errors/errors/error.go:173.2,173.19 1 1 +github.com/go-errors/errors/error.go:165.23,168.32 2 1 +github.com/go-errors/errors/error.go:168.32,170.4 1 1 +github.com/go-errors/errors/error.go:177.37,178.42 1 1 +github.com/go-errors/errors/error.go:181.2,181.41 1 1 +github.com/go-errors/errors/error.go:178.42,180.3 1 1 +github.com/go-errors/errors/parse_panic.go:10.39,12.2 1 1 +github.com/go-errors/errors/parse_panic.go:16.46,24.34 5 1 +github.com/go-errors/errors/parse_panic.go:70.2,70.43 1 1 +github.com/go-errors/errors/parse_panic.go:73.2,73.55 1 0 +github.com/go-errors/errors/parse_panic.go:24.34,27.23 2 1 +github.com/go-errors/errors/parse_panic.go:27.23,28.42 1 1 +github.com/go-errors/errors/parse_panic.go:28.42,31.5 2 1 +github.com/go-errors/errors/parse_panic.go:31.6,33.5 1 0 +github.com/go-errors/errors/parse_panic.go:35.5,35.29 1 1 +github.com/go-errors/errors/parse_panic.go:35.29,36.86 1 1 +github.com/go-errors/errors/parse_panic.go:36.86,38.5 1 1 +github.com/go-errors/errors/parse_panic.go:40.5,40.32 1 1 +github.com/go-errors/errors/parse_panic.go:40.32,41.18 1 1 +github.com/go-errors/errors/parse_panic.go:45.4,46.46 2 1 +github.com/go-errors/errors/parse_panic.go:51.4,53.23 2 1 +github.com/go-errors/errors/parse_panic.go:57.4,58.18 2 1 +github.com/go-errors/errors/parse_panic.go:62.4,63.17 2 1 +github.com/go-errors/errors/parse_panic.go:41.18,43.10 2 1 +github.com/go-errors/errors/parse_panic.go:46.46,49.5 2 1 +github.com/go-errors/errors/parse_panic.go:53.23,55.5 1 0 +github.com/go-errors/errors/parse_panic.go:58.18,60.5 1 0 +github.com/go-errors/errors/parse_panic.go:63.17,65.10 2 1 +github.com/go-errors/errors/parse_panic.go:70.43,72.3 1 1 +github.com/go-errors/errors/parse_panic.go:80.85,82.29 2 1 +github.com/go-errors/errors/parse_panic.go:85.2,85.15 1 1 +github.com/go-errors/errors/parse_panic.go:88.2,90.63 2 1 +github.com/go-errors/errors/parse_panic.go:94.2,94.53 1 1 +github.com/go-errors/errors/parse_panic.go:99.2,101.36 2 1 +github.com/go-errors/errors/parse_panic.go:105.2,106.15 2 1 +github.com/go-errors/errors/parse_panic.go:109.2,112.49 3 1 +github.com/go-errors/errors/parse_panic.go:116.2,117.16 2 1 +github.com/go-errors/errors/parse_panic.go:121.2,126.8 1 1 +github.com/go-errors/errors/parse_panic.go:82.29,84.3 1 0 +github.com/go-errors/errors/parse_panic.go:85.15,87.3 1 1 +github.com/go-errors/errors/parse_panic.go:90.63,93.3 2 1 +github.com/go-errors/errors/parse_panic.go:94.53,97.3 2 1 +github.com/go-errors/errors/parse_panic.go:101.36,103.3 1 0 +github.com/go-errors/errors/parse_panic.go:106.15,108.3 1 0 +github.com/go-errors/errors/parse_panic.go:112.49,114.3 1 1 +github.com/go-errors/errors/parse_panic.go:117.16,119.3 1 0 diff --git a/vendor/github.com/go-errors/errors/error.go b/vendor/github.com/go-errors/errors/error.go new file mode 100644 index 0000000..60062a4 --- /dev/null +++ b/vendor/github.com/go-errors/errors/error.go @@ -0,0 +1,217 @@ +// Package errors provides errors that have stack-traces. +// +// This is particularly useful when you want to understand the +// state of execution when an error was returned unexpectedly. +// +// It provides the type *Error which implements the standard +// golang error interface, so you can use this library interchangably +// with code that is expecting a normal error return. +// +// For example: +// +// package crashy +// +// import "github.com/go-errors/errors" +// +// var Crashed = errors.Errorf("oh dear") +// +// func Crash() error { +// return errors.New(Crashed) +// } +// +// This can be called as follows: +// +// package main +// +// import ( +// "crashy" +// "fmt" +// "github.com/go-errors/errors" +// ) +// +// func main() { +// err := crashy.Crash() +// if err != nil { +// if errors.Is(err, crashy.Crashed) { +// fmt.Println(err.(*errors.Error).ErrorStack()) +// } else { +// panic(err) +// } +// } +// } +// +// This package was original written to allow reporting to Bugsnag, +// but after I found similar packages by Facebook and Dropbox, it +// was moved to one canonical location so everyone can benefit. +package errors + +import ( + "bytes" + "fmt" + "reflect" + "runtime" +) + +// The maximum number of stackframes on any error. +var MaxStackDepth = 50 + +// Error is an error with an attached stacktrace. It can be used +// wherever the builtin error interface is expected. +type Error struct { + Err error + stack []uintptr + frames []StackFrame + prefix string +} + +// New makes an Error from the given value. If that value is already an +// error then it will be used directly, if not, it will be passed to +// fmt.Errorf("%v"). The stacktrace will point to the line of code that +// called New. +func New(e interface{}) *Error { + var err error + + switch e := e.(type) { + case error: + err = e + default: + err = fmt.Errorf("%v", e) + } + + stack := make([]uintptr, MaxStackDepth) + length := runtime.Callers(2, stack[:]) + return &Error{ + Err: err, + stack: stack[:length], + } +} + +// Wrap makes an Error from the given value. If that value is already an +// error then it will be used directly, if not, it will be passed to +// fmt.Errorf("%v"). The skip parameter indicates how far up the stack +// to start the stacktrace. 0 is from the current call, 1 from its caller, etc. +func Wrap(e interface{}, skip int) *Error { + var err error + + switch e := e.(type) { + case *Error: + return e + case error: + err = e + default: + err = fmt.Errorf("%v", e) + } + + stack := make([]uintptr, MaxStackDepth) + length := runtime.Callers(2+skip, stack[:]) + return &Error{ + Err: err, + stack: stack[:length], + } +} + +// WrapPrefix makes an Error from the given value. If that value is already an +// error then it will be used directly, if not, it will be passed to +// fmt.Errorf("%v"). The prefix parameter is used to add a prefix to the +// error message when calling Error(). The skip parameter indicates how far +// up the stack to start the stacktrace. 0 is from the current call, +// 1 from its caller, etc. +func WrapPrefix(e interface{}, prefix string, skip int) *Error { + + err := Wrap(e, 1+skip) + + if err.prefix != "" { + prefix = fmt.Sprintf("%s: %s", prefix, err.prefix) + } + + return &Error{ + Err: err.Err, + stack: err.stack, + prefix: prefix, + } + +} + +// Is detects whether the error is equal to a given error. Errors +// are considered equal by this function if they are the same object, +// or if they both contain the same error inside an errors.Error. +func Is(e error, original error) bool { + + if e == original { + return true + } + + if e, ok := e.(*Error); ok { + return Is(e.Err, original) + } + + if original, ok := original.(*Error); ok { + return Is(e, original.Err) + } + + return false +} + +// Errorf creates a new error with the given message. You can use it +// as a drop-in replacement for fmt.Errorf() to provide descriptive +// errors in return values. +func Errorf(format string, a ...interface{}) *Error { + return Wrap(fmt.Errorf(format, a...), 1) +} + +// Error returns the underlying error's message. +func (err *Error) Error() string { + + msg := err.Err.Error() + if err.prefix != "" { + msg = fmt.Sprintf("%s: %s", err.prefix, msg) + } + + return msg +} + +// Stack returns the callstack formatted the same way that go does +// in runtime/debug.Stack() +func (err *Error) Stack() []byte { + buf := bytes.Buffer{} + + for _, frame := range err.StackFrames() { + buf.WriteString(frame.String()) + } + + return buf.Bytes() +} + +// Callers satisfies the bugsnag ErrorWithCallerS() interface +// so that the stack can be read out. +func (err *Error) Callers() []uintptr { + return err.stack +} + +// ErrorStack returns a string that contains both the +// error message and the callstack. +func (err *Error) ErrorStack() string { + return err.TypeName() + " " + err.Error() + "\n" + string(err.Stack()) +} + +// StackFrames returns an array of frames containing information about the +// stack. +func (err *Error) StackFrames() []StackFrame { + if err.frames == nil { + err.frames = make([]StackFrame, len(err.stack)) + + for i, pc := range err.stack { + err.frames[i] = NewStackFrame(pc) + } + } + + return err.frames +} + +// TypeName returns the type this error. e.g. *errors.stringError. +func (err *Error) TypeName() string { + if _, ok := err.Err.(uncaughtPanic); ok { + return "panic" + } + return reflect.TypeOf(err.Err).String() +} diff --git a/vendor/github.com/go-errors/errors/parse_panic.go b/vendor/github.com/go-errors/errors/parse_panic.go new file mode 100644 index 0000000..cc37052 --- /dev/null +++ b/vendor/github.com/go-errors/errors/parse_panic.go @@ -0,0 +1,127 @@ +package errors + +import ( + "strconv" + "strings" +) + +type uncaughtPanic struct{ message string } + +func (p uncaughtPanic) Error() string { + return p.message +} + +// ParsePanic allows you to get an error object from the output of a go program +// that panicked. This is particularly useful with https://github.com/mitchellh/panicwrap. +func ParsePanic(text string) (*Error, error) { + lines := strings.Split(text, "\n") + + state := "start" + + var message string + var stack []StackFrame + + for i := 0; i < len(lines); i++ { + line := lines[i] + + if state == "start" { + if strings.HasPrefix(line, "panic: ") { + message = strings.TrimPrefix(line, "panic: ") + state = "seek" + } else { + return nil, Errorf("bugsnag.panicParser: Invalid line (no prefix): %s", line) + } + + } else if state == "seek" { + if strings.HasPrefix(line, "goroutine ") && strings.HasSuffix(line, "[running]:") { + state = "parsing" + } + + } else if state == "parsing" { + if line == "" { + state = "done" + break + } + createdBy := false + if strings.HasPrefix(line, "created by ") { + line = strings.TrimPrefix(line, "created by ") + createdBy = true + } + + i++ + + if i >= len(lines) { + return nil, Errorf("bugsnag.panicParser: Invalid line (unpaired): %s", line) + } + + frame, err := parsePanicFrame(line, lines[i], createdBy) + if err != nil { + return nil, err + } + + stack = append(stack, *frame) + if createdBy { + state = "done" + break + } + } + } + + if state == "done" || state == "parsing" { + return &Error{Err: uncaughtPanic{message}, frames: stack}, nil + } + return nil, Errorf("could not parse panic: %v", text) +} + +// The lines we're passing look like this: +// +// main.(*foo).destruct(0xc208067e98) +// /0/go/src/github.com/bugsnag/bugsnag-go/pan/main.go:22 +0x151 +func parsePanicFrame(name string, line string, createdBy bool) (*StackFrame, error) { + idx := strings.LastIndex(name, "(") + if idx == -1 && !createdBy { + return nil, Errorf("bugsnag.panicParser: Invalid line (no call): %s", name) + } + if idx != -1 { + name = name[:idx] + } + pkg := "" + + if lastslash := strings.LastIndex(name, "/"); lastslash >= 0 { + pkg += name[:lastslash] + "/" + name = name[lastslash+1:] + } + if period := strings.Index(name, "."); period >= 0 { + pkg += name[:period] + name = name[period+1:] + } + + name = strings.Replace(name, "·", ".", -1) + + if !strings.HasPrefix(line, "\t") { + return nil, Errorf("bugsnag.panicParser: Invalid line (no tab): %s", line) + } + + idx = strings.LastIndex(line, ":") + if idx == -1 { + return nil, Errorf("bugsnag.panicParser: Invalid line (no line number): %s", line) + } + file := line[1:idx] + + number := line[idx+1:] + if idx = strings.Index(number, " +"); idx > -1 { + number = number[:idx] + } + + lno, err := strconv.ParseInt(number, 10, 32) + if err != nil { + return nil, Errorf("bugsnag.panicParser: Invalid line (bad line number): %s", line) + } + + return &StackFrame{ + File: file, + LineNumber: int(lno), + Package: pkg, + Name: name, + }, nil +} diff --git a/vendor/github.com/go-errors/errors/stackframe.go b/vendor/github.com/go-errors/errors/stackframe.go new file mode 100644 index 0000000..750ab9a --- /dev/null +++ b/vendor/github.com/go-errors/errors/stackframe.go @@ -0,0 +1,102 @@ +package errors + +import ( + "bytes" + "fmt" + "io/ioutil" + "runtime" + "strings" +) + +// A StackFrame contains all necessary information about to generate a line +// in a callstack. +type StackFrame struct { + // The path to the file containing this ProgramCounter + File string + // The LineNumber in that file + LineNumber int + // The Name of the function that contains this ProgramCounter + Name string + // The Package that contains this function + Package string + // The underlying ProgramCounter + ProgramCounter uintptr +} + +// NewStackFrame popoulates a stack frame object from the program counter. +func NewStackFrame(pc uintptr) (frame StackFrame) { + + frame = StackFrame{ProgramCounter: pc} + if frame.Func() == nil { + return + } + frame.Package, frame.Name = packageAndName(frame.Func()) + + // pc -1 because the program counters we use are usually return addresses, + // and we want to show the line that corresponds to the function call + frame.File, frame.LineNumber = frame.Func().FileLine(pc - 1) + return + +} + +// Func returns the function that contained this frame. +func (frame *StackFrame) Func() *runtime.Func { + if frame.ProgramCounter == 0 { + return nil + } + return runtime.FuncForPC(frame.ProgramCounter) +} + +// String returns the stackframe formatted in the same way as go does +// in runtime/debug.Stack() +func (frame *StackFrame) String() string { + str := fmt.Sprintf("%s:%d (0x%x)\n", frame.File, frame.LineNumber, frame.ProgramCounter) + + source, err := frame.SourceLine() + if err != nil { + return str + } + + return str + fmt.Sprintf("\t%s: %s\n", frame.Name, source) +} + +// SourceLine gets the line of code (from File and Line) of the original source if possible. +func (frame *StackFrame) SourceLine() (string, error) { + data, err := ioutil.ReadFile(frame.File) + + if err != nil { + return "", New(err) + } + + lines := bytes.Split(data, []byte{'\n'}) + if frame.LineNumber <= 0 || frame.LineNumber >= len(lines) { + return "???", nil + } + // -1 because line-numbers are 1 based, but our array is 0 based + return string(bytes.Trim(lines[frame.LineNumber-1], " \t")), nil +} + +func packageAndName(fn *runtime.Func) (string, string) { + name := fn.Name() + pkg := "" + + // The name includes the path name to the package, which is unnecessary + // since the file name is already included. Plus, it has center dots. + // That is, we see + // runtime/debug.*T·ptrmethod + // and want + // *T.ptrmethod + // Since the package path might contains dots (e.g. code.google.com/...), + // we first remove the path prefix if there is one. + if lastslash := strings.LastIndex(name, "/"); lastslash >= 0 { + pkg += name[:lastslash] + "/" + name = name[lastslash+1:] + } + if period := strings.Index(name, "."); period >= 0 { + pkg += name[:period] + name = name[period+1:] + } + + name = strings.Replace(name, "·", ".", -1) + return pkg, name +} diff --git a/vendor/github.com/golang/protobuf/AUTHORS b/vendor/github.com/golang/protobuf/AUTHORS new file mode 100644 index 0000000..15167cd --- /dev/null +++ b/vendor/github.com/golang/protobuf/AUTHORS @@ -0,0 +1,3 @@ +# This source code refers to The Go Authors for copyright purposes. +# The master list of authors is in the main Go distribution, +# visible at http://tip.golang.org/AUTHORS. diff --git a/vendor/github.com/golang/protobuf/CONTRIBUTORS b/vendor/github.com/golang/protobuf/CONTRIBUTORS new file mode 100644 index 0000000..1c4577e --- /dev/null +++ b/vendor/github.com/golang/protobuf/CONTRIBUTORS @@ -0,0 +1,3 @@ +# This source code was written by the Go contributors. +# The master list of contributors is in the main Go distribution, +# visible at http://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/github.com/golang/protobuf/LICENSE b/vendor/github.com/golang/protobuf/LICENSE new file mode 100644 index 0000000..0f64693 --- /dev/null +++ b/vendor/github.com/golang/protobuf/LICENSE @@ -0,0 +1,28 @@ +Copyright 2010 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/vendor/github.com/golang/protobuf/proto/clone.go b/vendor/github.com/golang/protobuf/proto/clone.go new file mode 100644 index 0000000..3cd3249 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/clone.go @@ -0,0 +1,253 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2011 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Protocol buffer deep copy and merge. +// TODO: RawMessage. + +package proto + +import ( + "fmt" + "log" + "reflect" + "strings" +) + +// Clone returns a deep copy of a protocol buffer. +func Clone(src Message) Message { + in := reflect.ValueOf(src) + if in.IsNil() { + return src + } + out := reflect.New(in.Type().Elem()) + dst := out.Interface().(Message) + Merge(dst, src) + return dst +} + +// Merger is the interface representing objects that can merge messages of the same type. +type Merger interface { + // Merge merges src into this message. + // Required and optional fields that are set in src will be set to that value in dst. + // Elements of repeated fields will be appended. + // + // Merge may panic if called with a different argument type than the receiver. + Merge(src Message) +} + +// generatedMerger is the custom merge method that generated protos will have. +// We must add this method since a generate Merge method will conflict with +// many existing protos that have a Merge data field already defined. +type generatedMerger interface { + XXX_Merge(src Message) +} + +// Merge merges src into dst. +// Required and optional fields that are set in src will be set to that value in dst. +// Elements of repeated fields will be appended. +// Merge panics if src and dst are not the same type, or if dst is nil. +func Merge(dst, src Message) { + if m, ok := dst.(Merger); ok { + m.Merge(src) + return + } + + in := reflect.ValueOf(src) + out := reflect.ValueOf(dst) + if out.IsNil() { + panic("proto: nil destination") + } + if in.Type() != out.Type() { + panic(fmt.Sprintf("proto.Merge(%T, %T) type mismatch", dst, src)) + } + if in.IsNil() { + return // Merge from nil src is a noop + } + if m, ok := dst.(generatedMerger); ok { + m.XXX_Merge(src) + return + } + mergeStruct(out.Elem(), in.Elem()) +} + +func mergeStruct(out, in reflect.Value) { + sprop := GetProperties(in.Type()) + for i := 0; i < in.NumField(); i++ { + f := in.Type().Field(i) + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + mergeAny(out.Field(i), in.Field(i), false, sprop.Prop[i]) + } + + if emIn, err := extendable(in.Addr().Interface()); err == nil { + emOut, _ := extendable(out.Addr().Interface()) + mIn, muIn := emIn.extensionsRead() + if mIn != nil { + mOut := emOut.extensionsWrite() + muIn.Lock() + mergeExtension(mOut, mIn) + muIn.Unlock() + } + } + + uf := in.FieldByName("XXX_unrecognized") + if !uf.IsValid() { + return + } + uin := uf.Bytes() + if len(uin) > 0 { + out.FieldByName("XXX_unrecognized").SetBytes(append([]byte(nil), uin...)) + } +} + +// mergeAny performs a merge between two values of the same type. +// viaPtr indicates whether the values were indirected through a pointer (implying proto2). +// prop is set if this is a struct field (it may be nil). +func mergeAny(out, in reflect.Value, viaPtr bool, prop *Properties) { + if in.Type() == protoMessageType { + if !in.IsNil() { + if out.IsNil() { + out.Set(reflect.ValueOf(Clone(in.Interface().(Message)))) + } else { + Merge(out.Interface().(Message), in.Interface().(Message)) + } + } + return + } + switch in.Kind() { + case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Int32, reflect.Int64, + reflect.String, reflect.Uint32, reflect.Uint64: + if !viaPtr && isProto3Zero(in) { + return + } + out.Set(in) + case reflect.Interface: + // Probably a oneof field; copy non-nil values. + if in.IsNil() { + return + } + // Allocate destination if it is not set, or set to a different type. + // Otherwise we will merge as normal. + if out.IsNil() || out.Elem().Type() != in.Elem().Type() { + out.Set(reflect.New(in.Elem().Elem().Type())) // interface -> *T -> T -> new(T) + } + mergeAny(out.Elem(), in.Elem(), false, nil) + case reflect.Map: + if in.Len() == 0 { + return + } + if out.IsNil() { + out.Set(reflect.MakeMap(in.Type())) + } + // For maps with value types of *T or []byte we need to deep copy each value. + elemKind := in.Type().Elem().Kind() + for _, key := range in.MapKeys() { + var val reflect.Value + switch elemKind { + case reflect.Ptr: + val = reflect.New(in.Type().Elem().Elem()) + mergeAny(val, in.MapIndex(key), false, nil) + case reflect.Slice: + val = in.MapIndex(key) + val = reflect.ValueOf(append([]byte{}, val.Bytes()...)) + default: + val = in.MapIndex(key) + } + out.SetMapIndex(key, val) + } + case reflect.Ptr: + if in.IsNil() { + return + } + if out.IsNil() { + out.Set(reflect.New(in.Elem().Type())) + } + mergeAny(out.Elem(), in.Elem(), true, nil) + case reflect.Slice: + if in.IsNil() { + return + } + if in.Type().Elem().Kind() == reflect.Uint8 { + // []byte is a scalar bytes field, not a repeated field. + + // Edge case: if this is in a proto3 message, a zero length + // bytes field is considered the zero value, and should not + // be merged. + if prop != nil && prop.proto3 && in.Len() == 0 { + return + } + + // Make a deep copy. + // Append to []byte{} instead of []byte(nil) so that we never end up + // with a nil result. + out.SetBytes(append([]byte{}, in.Bytes()...)) + return + } + n := in.Len() + if out.IsNil() { + out.Set(reflect.MakeSlice(in.Type(), 0, n)) + } + switch in.Type().Elem().Kind() { + case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Int32, reflect.Int64, + reflect.String, reflect.Uint32, reflect.Uint64: + out.Set(reflect.AppendSlice(out, in)) + default: + for i := 0; i < n; i++ { + x := reflect.Indirect(reflect.New(in.Type().Elem())) + mergeAny(x, in.Index(i), false, nil) + out.Set(reflect.Append(out, x)) + } + } + case reflect.Struct: + mergeStruct(out, in) + default: + // unknown type, so not a protocol buffer + log.Printf("proto: don't know how to copy %v", in) + } +} + +func mergeExtension(out, in map[int32]Extension) { + for extNum, eIn := range in { + eOut := Extension{desc: eIn.desc} + if eIn.value != nil { + v := reflect.New(reflect.TypeOf(eIn.value)).Elem() + mergeAny(v, reflect.ValueOf(eIn.value), false, nil) + eOut.value = v.Interface() + } + if eIn.enc != nil { + eOut.enc = make([]byte, len(eIn.enc)) + copy(eOut.enc, eIn.enc) + } + + out[extNum] = eOut + } +} diff --git a/vendor/github.com/golang/protobuf/proto/decode.go b/vendor/github.com/golang/protobuf/proto/decode.go new file mode 100644 index 0000000..63b0f08 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/decode.go @@ -0,0 +1,427 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +/* + * Routines for decoding protocol buffer data to construct in-memory representations. + */ + +import ( + "errors" + "fmt" + "io" +) + +// errOverflow is returned when an integer is too large to be represented. +var errOverflow = errors.New("proto: integer overflow") + +// ErrInternalBadWireType is returned by generated code when an incorrect +// wire type is encountered. It does not get returned to user code. +var ErrInternalBadWireType = errors.New("proto: internal error: bad wiretype for oneof") + +// DecodeVarint reads a varint-encoded integer from the slice. +// It returns the integer and the number of bytes consumed, or +// zero if there is not enough. +// This is the format for the +// int32, int64, uint32, uint64, bool, and enum +// protocol buffer types. +func DecodeVarint(buf []byte) (x uint64, n int) { + for shift := uint(0); shift < 64; shift += 7 { + if n >= len(buf) { + return 0, 0 + } + b := uint64(buf[n]) + n++ + x |= (b & 0x7F) << shift + if (b & 0x80) == 0 { + return x, n + } + } + + // The number is too large to represent in a 64-bit value. + return 0, 0 +} + +func (p *Buffer) decodeVarintSlow() (x uint64, err error) { + i := p.index + l := len(p.buf) + + for shift := uint(0); shift < 64; shift += 7 { + if i >= l { + err = io.ErrUnexpectedEOF + return + } + b := p.buf[i] + i++ + x |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + p.index = i + return + } + } + + // The number is too large to represent in a 64-bit value. + err = errOverflow + return +} + +// DecodeVarint reads a varint-encoded integer from the Buffer. +// This is the format for the +// int32, int64, uint32, uint64, bool, and enum +// protocol buffer types. +func (p *Buffer) DecodeVarint() (x uint64, err error) { + i := p.index + buf := p.buf + + if i >= len(buf) { + return 0, io.ErrUnexpectedEOF + } else if buf[i] < 0x80 { + p.index++ + return uint64(buf[i]), nil + } else if len(buf)-i < 10 { + return p.decodeVarintSlow() + } + + var b uint64 + // we already checked the first byte + x = uint64(buf[i]) - 0x80 + i++ + + b = uint64(buf[i]) + i++ + x += b << 7 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 7 + + b = uint64(buf[i]) + i++ + x += b << 14 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 14 + + b = uint64(buf[i]) + i++ + x += b << 21 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 21 + + b = uint64(buf[i]) + i++ + x += b << 28 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 28 + + b = uint64(buf[i]) + i++ + x += b << 35 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 35 + + b = uint64(buf[i]) + i++ + x += b << 42 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 42 + + b = uint64(buf[i]) + i++ + x += b << 49 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 49 + + b = uint64(buf[i]) + i++ + x += b << 56 + if b&0x80 == 0 { + goto done + } + x -= 0x80 << 56 + + b = uint64(buf[i]) + i++ + x += b << 63 + if b&0x80 == 0 { + goto done + } + + return 0, errOverflow + +done: + p.index = i + return x, nil +} + +// DecodeFixed64 reads a 64-bit integer from the Buffer. +// This is the format for the +// fixed64, sfixed64, and double protocol buffer types. +func (p *Buffer) DecodeFixed64() (x uint64, err error) { + // x, err already 0 + i := p.index + 8 + if i < 0 || i > len(p.buf) { + err = io.ErrUnexpectedEOF + return + } + p.index = i + + x = uint64(p.buf[i-8]) + x |= uint64(p.buf[i-7]) << 8 + x |= uint64(p.buf[i-6]) << 16 + x |= uint64(p.buf[i-5]) << 24 + x |= uint64(p.buf[i-4]) << 32 + x |= uint64(p.buf[i-3]) << 40 + x |= uint64(p.buf[i-2]) << 48 + x |= uint64(p.buf[i-1]) << 56 + return +} + +// DecodeFixed32 reads a 32-bit integer from the Buffer. +// This is the format for the +// fixed32, sfixed32, and float protocol buffer types. +func (p *Buffer) DecodeFixed32() (x uint64, err error) { + // x, err already 0 + i := p.index + 4 + if i < 0 || i > len(p.buf) { + err = io.ErrUnexpectedEOF + return + } + p.index = i + + x = uint64(p.buf[i-4]) + x |= uint64(p.buf[i-3]) << 8 + x |= uint64(p.buf[i-2]) << 16 + x |= uint64(p.buf[i-1]) << 24 + return +} + +// DecodeZigzag64 reads a zigzag-encoded 64-bit integer +// from the Buffer. +// This is the format used for the sint64 protocol buffer type. +func (p *Buffer) DecodeZigzag64() (x uint64, err error) { + x, err = p.DecodeVarint() + if err != nil { + return + } + x = (x >> 1) ^ uint64((int64(x&1)<<63)>>63) + return +} + +// DecodeZigzag32 reads a zigzag-encoded 32-bit integer +// from the Buffer. +// This is the format used for the sint32 protocol buffer type. +func (p *Buffer) DecodeZigzag32() (x uint64, err error) { + x, err = p.DecodeVarint() + if err != nil { + return + } + x = uint64((uint32(x) >> 1) ^ uint32((int32(x&1)<<31)>>31)) + return +} + +// DecodeRawBytes reads a count-delimited byte buffer from the Buffer. +// This is the format used for the bytes protocol buffer +// type and for embedded messages. +func (p *Buffer) DecodeRawBytes(alloc bool) (buf []byte, err error) { + n, err := p.DecodeVarint() + if err != nil { + return nil, err + } + + nb := int(n) + if nb < 0 { + return nil, fmt.Errorf("proto: bad byte length %d", nb) + } + end := p.index + nb + if end < p.index || end > len(p.buf) { + return nil, io.ErrUnexpectedEOF + } + + if !alloc { + // todo: check if can get more uses of alloc=false + buf = p.buf[p.index:end] + p.index += nb + return + } + + buf = make([]byte, nb) + copy(buf, p.buf[p.index:]) + p.index += nb + return +} + +// DecodeStringBytes reads an encoded string from the Buffer. +// This is the format used for the proto2 string type. +func (p *Buffer) DecodeStringBytes() (s string, err error) { + buf, err := p.DecodeRawBytes(false) + if err != nil { + return + } + return string(buf), nil +} + +// Unmarshaler is the interface representing objects that can +// unmarshal themselves. The argument points to data that may be +// overwritten, so implementations should not keep references to the +// buffer. +// Unmarshal implementations should not clear the receiver. +// Any unmarshaled data should be merged into the receiver. +// Callers of Unmarshal that do not want to retain existing data +// should Reset the receiver before calling Unmarshal. +type Unmarshaler interface { + Unmarshal([]byte) error +} + +// newUnmarshaler is the interface representing objects that can +// unmarshal themselves. The semantics are identical to Unmarshaler. +// +// This exists to support protoc-gen-go generated messages. +// The proto package will stop type-asserting to this interface in the future. +// +// DO NOT DEPEND ON THIS. +type newUnmarshaler interface { + XXX_Unmarshal([]byte) error +} + +// Unmarshal parses the protocol buffer representation in buf and places the +// decoded result in pb. If the struct underlying pb does not match +// the data in buf, the results can be unpredictable. +// +// Unmarshal resets pb before starting to unmarshal, so any +// existing data in pb is always removed. Use UnmarshalMerge +// to preserve and append to existing data. +func Unmarshal(buf []byte, pb Message) error { + pb.Reset() + if u, ok := pb.(newUnmarshaler); ok { + return u.XXX_Unmarshal(buf) + } + if u, ok := pb.(Unmarshaler); ok { + return u.Unmarshal(buf) + } + return NewBuffer(buf).Unmarshal(pb) +} + +// UnmarshalMerge parses the protocol buffer representation in buf and +// writes the decoded result to pb. If the struct underlying pb does not match +// the data in buf, the results can be unpredictable. +// +// UnmarshalMerge merges into existing data in pb. +// Most code should use Unmarshal instead. +func UnmarshalMerge(buf []byte, pb Message) error { + if u, ok := pb.(newUnmarshaler); ok { + return u.XXX_Unmarshal(buf) + } + if u, ok := pb.(Unmarshaler); ok { + // NOTE: The history of proto have unfortunately been inconsistent + // whether Unmarshaler should or should not implicitly clear itself. + // Some implementations do, most do not. + // Thus, calling this here may or may not do what people want. + // + // See https://github.com/golang/protobuf/issues/424 + return u.Unmarshal(buf) + } + return NewBuffer(buf).Unmarshal(pb) +} + +// DecodeMessage reads a count-delimited message from the Buffer. +func (p *Buffer) DecodeMessage(pb Message) error { + enc, err := p.DecodeRawBytes(false) + if err != nil { + return err + } + return NewBuffer(enc).Unmarshal(pb) +} + +// DecodeGroup reads a tag-delimited group from the Buffer. +// StartGroup tag is already consumed. This function consumes +// EndGroup tag. +func (p *Buffer) DecodeGroup(pb Message) error { + b := p.buf[p.index:] + x, y := findEndGroup(b) + if x < 0 { + return io.ErrUnexpectedEOF + } + err := Unmarshal(b[:x], pb) + p.index += y + return err +} + +// Unmarshal parses the protocol buffer representation in the +// Buffer and places the decoded result in pb. If the struct +// underlying pb does not match the data in the buffer, the results can be +// unpredictable. +// +// Unlike proto.Unmarshal, this does not reset pb before starting to unmarshal. +func (p *Buffer) Unmarshal(pb Message) error { + // If the object can unmarshal itself, let it. + if u, ok := pb.(newUnmarshaler); ok { + err := u.XXX_Unmarshal(p.buf[p.index:]) + p.index = len(p.buf) + return err + } + if u, ok := pb.(Unmarshaler); ok { + // NOTE: The history of proto have unfortunately been inconsistent + // whether Unmarshaler should or should not implicitly clear itself. + // Some implementations do, most do not. + // Thus, calling this here may or may not do what people want. + // + // See https://github.com/golang/protobuf/issues/424 + err := u.Unmarshal(p.buf[p.index:]) + p.index = len(p.buf) + return err + } + + // Slow workaround for messages that aren't Unmarshalers. + // This includes some hand-coded .pb.go files and + // bootstrap protos. + // TODO: fix all of those and then add Unmarshal to + // the Message interface. Then: + // The cast above and code below can be deleted. + // The old unmarshaler can be deleted. + // Clients can call Unmarshal directly (can already do that, actually). + var info InternalMessageInfo + err := info.Unmarshal(pb, p.buf[p.index:]) + p.index = len(p.buf) + return err +} diff --git a/vendor/github.com/golang/protobuf/proto/deprecated.go b/vendor/github.com/golang/protobuf/proto/deprecated.go new file mode 100644 index 0000000..35b882c --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/deprecated.go @@ -0,0 +1,63 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2018 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +import "errors" + +// Deprecated: do not use. +type Stats struct{ Emalloc, Dmalloc, Encode, Decode, Chit, Cmiss, Size uint64 } + +// Deprecated: do not use. +func GetStats() Stats { return Stats{} } + +// Deprecated: do not use. +func MarshalMessageSet(interface{}) ([]byte, error) { + return nil, errors.New("proto: not implemented") +} + +// Deprecated: do not use. +func UnmarshalMessageSet([]byte, interface{}) error { + return errors.New("proto: not implemented") +} + +// Deprecated: do not use. +func MarshalMessageSetJSON(interface{}) ([]byte, error) { + return nil, errors.New("proto: not implemented") +} + +// Deprecated: do not use. +func UnmarshalMessageSetJSON([]byte, interface{}) error { + return errors.New("proto: not implemented") +} + +// Deprecated: do not use. +func RegisterMessageSetType(Message, int32, string) {} diff --git a/vendor/github.com/golang/protobuf/proto/discard.go b/vendor/github.com/golang/protobuf/proto/discard.go new file mode 100644 index 0000000..dea2617 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/discard.go @@ -0,0 +1,350 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2017 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +import ( + "fmt" + "reflect" + "strings" + "sync" + "sync/atomic" +) + +type generatedDiscarder interface { + XXX_DiscardUnknown() +} + +// DiscardUnknown recursively discards all unknown fields from this message +// and all embedded messages. +// +// When unmarshaling a message with unrecognized fields, the tags and values +// of such fields are preserved in the Message. This allows a later call to +// marshal to be able to produce a message that continues to have those +// unrecognized fields. To avoid this, DiscardUnknown is used to +// explicitly clear the unknown fields after unmarshaling. +// +// For proto2 messages, the unknown fields of message extensions are only +// discarded from messages that have been accessed via GetExtension. +func DiscardUnknown(m Message) { + if m, ok := m.(generatedDiscarder); ok { + m.XXX_DiscardUnknown() + return + } + // TODO: Dynamically populate a InternalMessageInfo for legacy messages, + // but the master branch has no implementation for InternalMessageInfo, + // so it would be more work to replicate that approach. + discardLegacy(m) +} + +// DiscardUnknown recursively discards all unknown fields. +func (a *InternalMessageInfo) DiscardUnknown(m Message) { + di := atomicLoadDiscardInfo(&a.discard) + if di == nil { + di = getDiscardInfo(reflect.TypeOf(m).Elem()) + atomicStoreDiscardInfo(&a.discard, di) + } + di.discard(toPointer(&m)) +} + +type discardInfo struct { + typ reflect.Type + + initialized int32 // 0: only typ is valid, 1: everything is valid + lock sync.Mutex + + fields []discardFieldInfo + unrecognized field +} + +type discardFieldInfo struct { + field field // Offset of field, guaranteed to be valid + discard func(src pointer) +} + +var ( + discardInfoMap = map[reflect.Type]*discardInfo{} + discardInfoLock sync.Mutex +) + +func getDiscardInfo(t reflect.Type) *discardInfo { + discardInfoLock.Lock() + defer discardInfoLock.Unlock() + di := discardInfoMap[t] + if di == nil { + di = &discardInfo{typ: t} + discardInfoMap[t] = di + } + return di +} + +func (di *discardInfo) discard(src pointer) { + if src.isNil() { + return // Nothing to do. + } + + if atomic.LoadInt32(&di.initialized) == 0 { + di.computeDiscardInfo() + } + + for _, fi := range di.fields { + sfp := src.offset(fi.field) + fi.discard(sfp) + } + + // For proto2 messages, only discard unknown fields in message extensions + // that have been accessed via GetExtension. + if em, err := extendable(src.asPointerTo(di.typ).Interface()); err == nil { + // Ignore lock since DiscardUnknown is not concurrency safe. + emm, _ := em.extensionsRead() + for _, mx := range emm { + if m, ok := mx.value.(Message); ok { + DiscardUnknown(m) + } + } + } + + if di.unrecognized.IsValid() { + *src.offset(di.unrecognized).toBytes() = nil + } +} + +func (di *discardInfo) computeDiscardInfo() { + di.lock.Lock() + defer di.lock.Unlock() + if di.initialized != 0 { + return + } + t := di.typ + n := t.NumField() + + for i := 0; i < n; i++ { + f := t.Field(i) + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + + dfi := discardFieldInfo{field: toField(&f)} + tf := f.Type + + // Unwrap tf to get its most basic type. + var isPointer, isSlice bool + if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 { + isSlice = true + tf = tf.Elem() + } + if tf.Kind() == reflect.Ptr { + isPointer = true + tf = tf.Elem() + } + if isPointer && isSlice && tf.Kind() != reflect.Struct { + panic(fmt.Sprintf("%v.%s cannot be a slice of pointers to primitive types", t, f.Name)) + } + + switch tf.Kind() { + case reflect.Struct: + switch { + case !isPointer: + panic(fmt.Sprintf("%v.%s cannot be a direct struct value", t, f.Name)) + case isSlice: // E.g., []*pb.T + di := getDiscardInfo(tf) + dfi.discard = func(src pointer) { + sps := src.getPointerSlice() + for _, sp := range sps { + if !sp.isNil() { + di.discard(sp) + } + } + } + default: // E.g., *pb.T + di := getDiscardInfo(tf) + dfi.discard = func(src pointer) { + sp := src.getPointer() + if !sp.isNil() { + di.discard(sp) + } + } + } + case reflect.Map: + switch { + case isPointer || isSlice: + panic(fmt.Sprintf("%v.%s cannot be a pointer to a map or a slice of map values", t, f.Name)) + default: // E.g., map[K]V + if tf.Elem().Kind() == reflect.Ptr { // Proto struct (e.g., *T) + dfi.discard = func(src pointer) { + sm := src.asPointerTo(tf).Elem() + if sm.Len() == 0 { + return + } + for _, key := range sm.MapKeys() { + val := sm.MapIndex(key) + DiscardUnknown(val.Interface().(Message)) + } + } + } else { + dfi.discard = func(pointer) {} // Noop + } + } + case reflect.Interface: + // Must be oneof field. + switch { + case isPointer || isSlice: + panic(fmt.Sprintf("%v.%s cannot be a pointer to a interface or a slice of interface values", t, f.Name)) + default: // E.g., interface{} + // TODO: Make this faster? + dfi.discard = func(src pointer) { + su := src.asPointerTo(tf).Elem() + if !su.IsNil() { + sv := su.Elem().Elem().Field(0) + if sv.Kind() == reflect.Ptr && sv.IsNil() { + return + } + switch sv.Type().Kind() { + case reflect.Ptr: // Proto struct (e.g., *T) + DiscardUnknown(sv.Interface().(Message)) + } + } + } + } + default: + continue + } + di.fields = append(di.fields, dfi) + } + + di.unrecognized = invalidField + if f, ok := t.FieldByName("XXX_unrecognized"); ok { + if f.Type != reflect.TypeOf([]byte{}) { + panic("expected XXX_unrecognized to be of type []byte") + } + di.unrecognized = toField(&f) + } + + atomic.StoreInt32(&di.initialized, 1) +} + +func discardLegacy(m Message) { + v := reflect.ValueOf(m) + if v.Kind() != reflect.Ptr || v.IsNil() { + return + } + v = v.Elem() + if v.Kind() != reflect.Struct { + return + } + t := v.Type() + + for i := 0; i < v.NumField(); i++ { + f := t.Field(i) + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + vf := v.Field(i) + tf := f.Type + + // Unwrap tf to get its most basic type. + var isPointer, isSlice bool + if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 { + isSlice = true + tf = tf.Elem() + } + if tf.Kind() == reflect.Ptr { + isPointer = true + tf = tf.Elem() + } + if isPointer && isSlice && tf.Kind() != reflect.Struct { + panic(fmt.Sprintf("%T.%s cannot be a slice of pointers to primitive types", m, f.Name)) + } + + switch tf.Kind() { + case reflect.Struct: + switch { + case !isPointer: + panic(fmt.Sprintf("%T.%s cannot be a direct struct value", m, f.Name)) + case isSlice: // E.g., []*pb.T + for j := 0; j < vf.Len(); j++ { + discardLegacy(vf.Index(j).Interface().(Message)) + } + default: // E.g., *pb.T + discardLegacy(vf.Interface().(Message)) + } + case reflect.Map: + switch { + case isPointer || isSlice: + panic(fmt.Sprintf("%T.%s cannot be a pointer to a map or a slice of map values", m, f.Name)) + default: // E.g., map[K]V + tv := vf.Type().Elem() + if tv.Kind() == reflect.Ptr && tv.Implements(protoMessageType) { // Proto struct (e.g., *T) + for _, key := range vf.MapKeys() { + val := vf.MapIndex(key) + discardLegacy(val.Interface().(Message)) + } + } + } + case reflect.Interface: + // Must be oneof field. + switch { + case isPointer || isSlice: + panic(fmt.Sprintf("%T.%s cannot be a pointer to a interface or a slice of interface values", m, f.Name)) + default: // E.g., test_proto.isCommunique_Union interface + if !vf.IsNil() && f.Tag.Get("protobuf_oneof") != "" { + vf = vf.Elem() // E.g., *test_proto.Communique_Msg + if !vf.IsNil() { + vf = vf.Elem() // E.g., test_proto.Communique_Msg + vf = vf.Field(0) // E.g., Proto struct (e.g., *T) or primitive value + if vf.Kind() == reflect.Ptr { + discardLegacy(vf.Interface().(Message)) + } + } + } + } + } + } + + if vf := v.FieldByName("XXX_unrecognized"); vf.IsValid() { + if vf.Type() != reflect.TypeOf([]byte{}) { + panic("expected XXX_unrecognized to be of type []byte") + } + vf.Set(reflect.ValueOf([]byte(nil))) + } + + // For proto2 messages, only discard unknown fields in message extensions + // that have been accessed via GetExtension. + if em, err := extendable(m); err == nil { + // Ignore lock since discardLegacy is not concurrency safe. + emm, _ := em.extensionsRead() + for _, mx := range emm { + if m, ok := mx.value.(Message); ok { + discardLegacy(m) + } + } + } +} diff --git a/vendor/github.com/golang/protobuf/proto/encode.go b/vendor/github.com/golang/protobuf/proto/encode.go new file mode 100644 index 0000000..3abfed2 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/encode.go @@ -0,0 +1,203 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +/* + * Routines for encoding data into the wire format for protocol buffers. + */ + +import ( + "errors" + "reflect" +) + +var ( + // errRepeatedHasNil is the error returned if Marshal is called with + // a struct with a repeated field containing a nil element. + errRepeatedHasNil = errors.New("proto: repeated field has nil element") + + // errOneofHasNil is the error returned if Marshal is called with + // a struct with a oneof field containing a nil element. + errOneofHasNil = errors.New("proto: oneof field has nil value") + + // ErrNil is the error returned if Marshal is called with nil. + ErrNil = errors.New("proto: Marshal called with nil") + + // ErrTooLarge is the error returned if Marshal is called with a + // message that encodes to >2GB. + ErrTooLarge = errors.New("proto: message encodes to over 2 GB") +) + +// The fundamental encoders that put bytes on the wire. +// Those that take integer types all accept uint64 and are +// therefore of type valueEncoder. + +const maxVarintBytes = 10 // maximum length of a varint + +// EncodeVarint returns the varint encoding of x. +// This is the format for the +// int32, int64, uint32, uint64, bool, and enum +// protocol buffer types. +// Not used by the package itself, but helpful to clients +// wishing to use the same encoding. +func EncodeVarint(x uint64) []byte { + var buf [maxVarintBytes]byte + var n int + for n = 0; x > 127; n++ { + buf[n] = 0x80 | uint8(x&0x7F) + x >>= 7 + } + buf[n] = uint8(x) + n++ + return buf[0:n] +} + +// EncodeVarint writes a varint-encoded integer to the Buffer. +// This is the format for the +// int32, int64, uint32, uint64, bool, and enum +// protocol buffer types. +func (p *Buffer) EncodeVarint(x uint64) error { + for x >= 1<<7 { + p.buf = append(p.buf, uint8(x&0x7f|0x80)) + x >>= 7 + } + p.buf = append(p.buf, uint8(x)) + return nil +} + +// SizeVarint returns the varint encoding size of an integer. +func SizeVarint(x uint64) int { + switch { + case x < 1<<7: + return 1 + case x < 1<<14: + return 2 + case x < 1<<21: + return 3 + case x < 1<<28: + return 4 + case x < 1<<35: + return 5 + case x < 1<<42: + return 6 + case x < 1<<49: + return 7 + case x < 1<<56: + return 8 + case x < 1<<63: + return 9 + } + return 10 +} + +// EncodeFixed64 writes a 64-bit integer to the Buffer. +// This is the format for the +// fixed64, sfixed64, and double protocol buffer types. +func (p *Buffer) EncodeFixed64(x uint64) error { + p.buf = append(p.buf, + uint8(x), + uint8(x>>8), + uint8(x>>16), + uint8(x>>24), + uint8(x>>32), + uint8(x>>40), + uint8(x>>48), + uint8(x>>56)) + return nil +} + +// EncodeFixed32 writes a 32-bit integer to the Buffer. +// This is the format for the +// fixed32, sfixed32, and float protocol buffer types. +func (p *Buffer) EncodeFixed32(x uint64) error { + p.buf = append(p.buf, + uint8(x), + uint8(x>>8), + uint8(x>>16), + uint8(x>>24)) + return nil +} + +// EncodeZigzag64 writes a zigzag-encoded 64-bit integer +// to the Buffer. +// This is the format used for the sint64 protocol buffer type. +func (p *Buffer) EncodeZigzag64(x uint64) error { + // use signed number to get arithmetic right shift. + return p.EncodeVarint(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} + +// EncodeZigzag32 writes a zigzag-encoded 32-bit integer +// to the Buffer. +// This is the format used for the sint32 protocol buffer type. +func (p *Buffer) EncodeZigzag32(x uint64) error { + // use signed number to get arithmetic right shift. + return p.EncodeVarint(uint64((uint32(x) << 1) ^ uint32((int32(x) >> 31)))) +} + +// EncodeRawBytes writes a count-delimited byte buffer to the Buffer. +// This is the format used for the bytes protocol buffer +// type and for embedded messages. +func (p *Buffer) EncodeRawBytes(b []byte) error { + p.EncodeVarint(uint64(len(b))) + p.buf = append(p.buf, b...) + return nil +} + +// EncodeStringBytes writes an encoded string to the Buffer. +// This is the format used for the proto2 string type. +func (p *Buffer) EncodeStringBytes(s string) error { + p.EncodeVarint(uint64(len(s))) + p.buf = append(p.buf, s...) + return nil +} + +// Marshaler is the interface representing objects that can marshal themselves. +type Marshaler interface { + Marshal() ([]byte, error) +} + +// EncodeMessage writes the protocol buffer to the Buffer, +// prefixed by a varint-encoded length. +func (p *Buffer) EncodeMessage(pb Message) error { + siz := Size(pb) + p.EncodeVarint(uint64(siz)) + return p.Marshal(pb) +} + +// All protocol buffer fields are nillable, but be careful. +func isNil(v reflect.Value) bool { + switch v.Kind() { + case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: + return v.IsNil() + } + return false +} diff --git a/vendor/github.com/golang/protobuf/proto/equal.go b/vendor/github.com/golang/protobuf/proto/equal.go new file mode 100644 index 0000000..f9b6e41 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/equal.go @@ -0,0 +1,301 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2011 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Protocol buffer comparison. + +package proto + +import ( + "bytes" + "log" + "reflect" + "strings" +) + +/* +Equal returns true iff protocol buffers a and b are equal. +The arguments must both be pointers to protocol buffer structs. + +Equality is defined in this way: + - Two messages are equal iff they are the same type, + corresponding fields are equal, unknown field sets + are equal, and extensions sets are equal. + - Two set scalar fields are equal iff their values are equal. + If the fields are of a floating-point type, remember that + NaN != x for all x, including NaN. If the message is defined + in a proto3 .proto file, fields are not "set"; specifically, + zero length proto3 "bytes" fields are equal (nil == {}). + - Two repeated fields are equal iff their lengths are the same, + and their corresponding elements are equal. Note a "bytes" field, + although represented by []byte, is not a repeated field and the + rule for the scalar fields described above applies. + - Two unset fields are equal. + - Two unknown field sets are equal if their current + encoded state is equal. + - Two extension sets are equal iff they have corresponding + elements that are pairwise equal. + - Two map fields are equal iff their lengths are the same, + and they contain the same set of elements. Zero-length map + fields are equal. + - Every other combination of things are not equal. + +The return value is undefined if a and b are not protocol buffers. +*/ +func Equal(a, b Message) bool { + if a == nil || b == nil { + return a == b + } + v1, v2 := reflect.ValueOf(a), reflect.ValueOf(b) + if v1.Type() != v2.Type() { + return false + } + if v1.Kind() == reflect.Ptr { + if v1.IsNil() { + return v2.IsNil() + } + if v2.IsNil() { + return false + } + v1, v2 = v1.Elem(), v2.Elem() + } + if v1.Kind() != reflect.Struct { + return false + } + return equalStruct(v1, v2) +} + +// v1 and v2 are known to have the same type. +func equalStruct(v1, v2 reflect.Value) bool { + sprop := GetProperties(v1.Type()) + for i := 0; i < v1.NumField(); i++ { + f := v1.Type().Field(i) + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + f1, f2 := v1.Field(i), v2.Field(i) + if f.Type.Kind() == reflect.Ptr { + if n1, n2 := f1.IsNil(), f2.IsNil(); n1 && n2 { + // both unset + continue + } else if n1 != n2 { + // set/unset mismatch + return false + } + f1, f2 = f1.Elem(), f2.Elem() + } + if !equalAny(f1, f2, sprop.Prop[i]) { + return false + } + } + + if em1 := v1.FieldByName("XXX_InternalExtensions"); em1.IsValid() { + em2 := v2.FieldByName("XXX_InternalExtensions") + if !equalExtensions(v1.Type(), em1.Interface().(XXX_InternalExtensions), em2.Interface().(XXX_InternalExtensions)) { + return false + } + } + + if em1 := v1.FieldByName("XXX_extensions"); em1.IsValid() { + em2 := v2.FieldByName("XXX_extensions") + if !equalExtMap(v1.Type(), em1.Interface().(map[int32]Extension), em2.Interface().(map[int32]Extension)) { + return false + } + } + + uf := v1.FieldByName("XXX_unrecognized") + if !uf.IsValid() { + return true + } + + u1 := uf.Bytes() + u2 := v2.FieldByName("XXX_unrecognized").Bytes() + return bytes.Equal(u1, u2) +} + +// v1 and v2 are known to have the same type. +// prop may be nil. +func equalAny(v1, v2 reflect.Value, prop *Properties) bool { + if v1.Type() == protoMessageType { + m1, _ := v1.Interface().(Message) + m2, _ := v2.Interface().(Message) + return Equal(m1, m2) + } + switch v1.Kind() { + case reflect.Bool: + return v1.Bool() == v2.Bool() + case reflect.Float32, reflect.Float64: + return v1.Float() == v2.Float() + case reflect.Int32, reflect.Int64: + return v1.Int() == v2.Int() + case reflect.Interface: + // Probably a oneof field; compare the inner values. + n1, n2 := v1.IsNil(), v2.IsNil() + if n1 || n2 { + return n1 == n2 + } + e1, e2 := v1.Elem(), v2.Elem() + if e1.Type() != e2.Type() { + return false + } + return equalAny(e1, e2, nil) + case reflect.Map: + if v1.Len() != v2.Len() { + return false + } + for _, key := range v1.MapKeys() { + val2 := v2.MapIndex(key) + if !val2.IsValid() { + // This key was not found in the second map. + return false + } + if !equalAny(v1.MapIndex(key), val2, nil) { + return false + } + } + return true + case reflect.Ptr: + // Maps may have nil values in them, so check for nil. + if v1.IsNil() && v2.IsNil() { + return true + } + if v1.IsNil() != v2.IsNil() { + return false + } + return equalAny(v1.Elem(), v2.Elem(), prop) + case reflect.Slice: + if v1.Type().Elem().Kind() == reflect.Uint8 { + // short circuit: []byte + + // Edge case: if this is in a proto3 message, a zero length + // bytes field is considered the zero value. + if prop != nil && prop.proto3 && v1.Len() == 0 && v2.Len() == 0 { + return true + } + if v1.IsNil() != v2.IsNil() { + return false + } + return bytes.Equal(v1.Interface().([]byte), v2.Interface().([]byte)) + } + + if v1.Len() != v2.Len() { + return false + } + for i := 0; i < v1.Len(); i++ { + if !equalAny(v1.Index(i), v2.Index(i), prop) { + return false + } + } + return true + case reflect.String: + return v1.Interface().(string) == v2.Interface().(string) + case reflect.Struct: + return equalStruct(v1, v2) + case reflect.Uint32, reflect.Uint64: + return v1.Uint() == v2.Uint() + } + + // unknown type, so not a protocol buffer + log.Printf("proto: don't know how to compare %v", v1) + return false +} + +// base is the struct type that the extensions are based on. +// x1 and x2 are InternalExtensions. +func equalExtensions(base reflect.Type, x1, x2 XXX_InternalExtensions) bool { + em1, _ := x1.extensionsRead() + em2, _ := x2.extensionsRead() + return equalExtMap(base, em1, em2) +} + +func equalExtMap(base reflect.Type, em1, em2 map[int32]Extension) bool { + if len(em1) != len(em2) { + return false + } + + for extNum, e1 := range em1 { + e2, ok := em2[extNum] + if !ok { + return false + } + + m1 := extensionAsLegacyType(e1.value) + m2 := extensionAsLegacyType(e2.value) + + if m1 == nil && m2 == nil { + // Both have only encoded form. + if bytes.Equal(e1.enc, e2.enc) { + continue + } + // The bytes are different, but the extensions might still be + // equal. We need to decode them to compare. + } + + if m1 != nil && m2 != nil { + // Both are unencoded. + if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) { + return false + } + continue + } + + // At least one is encoded. To do a semantically correct comparison + // we need to unmarshal them first. + var desc *ExtensionDesc + if m := extensionMaps[base]; m != nil { + desc = m[extNum] + } + if desc == nil { + // If both have only encoded form and the bytes are the same, + // it is handled above. We get here when the bytes are different. + // We don't know how to decode it, so just compare them as byte + // slices. + log.Printf("proto: don't know how to compare extension %d of %v", extNum, base) + return false + } + var err error + if m1 == nil { + m1, err = decodeExtension(e1.enc, desc) + } + if m2 == nil && err == nil { + m2, err = decodeExtension(e2.enc, desc) + } + if err != nil { + // The encoded form is invalid. + log.Printf("proto: badly encoded extension %d of %v: %v", extNum, base, err) + return false + } + if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) { + return false + } + } + + return true +} diff --git a/vendor/github.com/golang/protobuf/proto/extensions.go b/vendor/github.com/golang/protobuf/proto/extensions.go new file mode 100644 index 0000000..fa88add --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/extensions.go @@ -0,0 +1,607 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +/* + * Types and routines for supporting protocol buffer extensions. + */ + +import ( + "errors" + "fmt" + "io" + "reflect" + "strconv" + "sync" +) + +// ErrMissingExtension is the error returned by GetExtension if the named extension is not in the message. +var ErrMissingExtension = errors.New("proto: missing extension") + +// ExtensionRange represents a range of message extensions for a protocol buffer. +// Used in code generated by the protocol compiler. +type ExtensionRange struct { + Start, End int32 // both inclusive +} + +// extendableProto is an interface implemented by any protocol buffer generated by the current +// proto compiler that may be extended. +type extendableProto interface { + Message + ExtensionRangeArray() []ExtensionRange + extensionsWrite() map[int32]Extension + extensionsRead() (map[int32]Extension, sync.Locker) +} + +// extendableProtoV1 is an interface implemented by a protocol buffer generated by the previous +// version of the proto compiler that may be extended. +type extendableProtoV1 interface { + Message + ExtensionRangeArray() []ExtensionRange + ExtensionMap() map[int32]Extension +} + +// extensionAdapter is a wrapper around extendableProtoV1 that implements extendableProto. +type extensionAdapter struct { + extendableProtoV1 +} + +func (e extensionAdapter) extensionsWrite() map[int32]Extension { + return e.ExtensionMap() +} + +func (e extensionAdapter) extensionsRead() (map[int32]Extension, sync.Locker) { + return e.ExtensionMap(), notLocker{} +} + +// notLocker is a sync.Locker whose Lock and Unlock methods are nops. +type notLocker struct{} + +func (n notLocker) Lock() {} +func (n notLocker) Unlock() {} + +// extendable returns the extendableProto interface for the given generated proto message. +// If the proto message has the old extension format, it returns a wrapper that implements +// the extendableProto interface. +func extendable(p interface{}) (extendableProto, error) { + switch p := p.(type) { + case extendableProto: + if isNilPtr(p) { + return nil, fmt.Errorf("proto: nil %T is not extendable", p) + } + return p, nil + case extendableProtoV1: + if isNilPtr(p) { + return nil, fmt.Errorf("proto: nil %T is not extendable", p) + } + return extensionAdapter{p}, nil + } + // Don't allocate a specific error containing %T: + // this is the hot path for Clone and MarshalText. + return nil, errNotExtendable +} + +var errNotExtendable = errors.New("proto: not an extendable proto.Message") + +func isNilPtr(x interface{}) bool { + v := reflect.ValueOf(x) + return v.Kind() == reflect.Ptr && v.IsNil() +} + +// XXX_InternalExtensions is an internal representation of proto extensions. +// +// Each generated message struct type embeds an anonymous XXX_InternalExtensions field, +// thus gaining the unexported 'extensions' method, which can be called only from the proto package. +// +// The methods of XXX_InternalExtensions are not concurrency safe in general, +// but calls to logically read-only methods such as has and get may be executed concurrently. +type XXX_InternalExtensions struct { + // The struct must be indirect so that if a user inadvertently copies a + // generated message and its embedded XXX_InternalExtensions, they + // avoid the mayhem of a copied mutex. + // + // The mutex serializes all logically read-only operations to p.extensionMap. + // It is up to the client to ensure that write operations to p.extensionMap are + // mutually exclusive with other accesses. + p *struct { + mu sync.Mutex + extensionMap map[int32]Extension + } +} + +// extensionsWrite returns the extension map, creating it on first use. +func (e *XXX_InternalExtensions) extensionsWrite() map[int32]Extension { + if e.p == nil { + e.p = new(struct { + mu sync.Mutex + extensionMap map[int32]Extension + }) + e.p.extensionMap = make(map[int32]Extension) + } + return e.p.extensionMap +} + +// extensionsRead returns the extensions map for read-only use. It may be nil. +// The caller must hold the returned mutex's lock when accessing Elements within the map. +func (e *XXX_InternalExtensions) extensionsRead() (map[int32]Extension, sync.Locker) { + if e.p == nil { + return nil, nil + } + return e.p.extensionMap, &e.p.mu +} + +// ExtensionDesc represents an extension specification. +// Used in generated code from the protocol compiler. +type ExtensionDesc struct { + ExtendedType Message // nil pointer to the type that is being extended + ExtensionType interface{} // nil pointer to the extension type + Field int32 // field number + Name string // fully-qualified name of extension, for text formatting + Tag string // protobuf tag style + Filename string // name of the file in which the extension is defined +} + +func (ed *ExtensionDesc) repeated() bool { + t := reflect.TypeOf(ed.ExtensionType) + return t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 +} + +// Extension represents an extension in a message. +type Extension struct { + // When an extension is stored in a message using SetExtension + // only desc and value are set. When the message is marshaled + // enc will be set to the encoded form of the message. + // + // When a message is unmarshaled and contains extensions, each + // extension will have only enc set. When such an extension is + // accessed using GetExtension (or GetExtensions) desc and value + // will be set. + desc *ExtensionDesc + + // value is a concrete value for the extension field. Let the type of + // desc.ExtensionType be the "API type" and the type of Extension.value + // be the "storage type". The API type and storage type are the same except: + // * For scalars (except []byte), the API type uses *T, + // while the storage type uses T. + // * For repeated fields, the API type uses []T, while the storage type + // uses *[]T. + // + // The reason for the divergence is so that the storage type more naturally + // matches what is expected of when retrieving the values through the + // protobuf reflection APIs. + // + // The value may only be populated if desc is also populated. + value interface{} + + // enc is the raw bytes for the extension field. + enc []byte +} + +// SetRawExtension is for testing only. +func SetRawExtension(base Message, id int32, b []byte) { + epb, err := extendable(base) + if err != nil { + return + } + extmap := epb.extensionsWrite() + extmap[id] = Extension{enc: b} +} + +// isExtensionField returns true iff the given field number is in an extension range. +func isExtensionField(pb extendableProto, field int32) bool { + for _, er := range pb.ExtensionRangeArray() { + if er.Start <= field && field <= er.End { + return true + } + } + return false +} + +// checkExtensionTypes checks that the given extension is valid for pb. +func checkExtensionTypes(pb extendableProto, extension *ExtensionDesc) error { + var pbi interface{} = pb + // Check the extended type. + if ea, ok := pbi.(extensionAdapter); ok { + pbi = ea.extendableProtoV1 + } + if a, b := reflect.TypeOf(pbi), reflect.TypeOf(extension.ExtendedType); a != b { + return fmt.Errorf("proto: bad extended type; %v does not extend %v", b, a) + } + // Check the range. + if !isExtensionField(pb, extension.Field) { + return errors.New("proto: bad extension number; not in declared ranges") + } + return nil +} + +// extPropKey is sufficient to uniquely identify an extension. +type extPropKey struct { + base reflect.Type + field int32 +} + +var extProp = struct { + sync.RWMutex + m map[extPropKey]*Properties +}{ + m: make(map[extPropKey]*Properties), +} + +func extensionProperties(ed *ExtensionDesc) *Properties { + key := extPropKey{base: reflect.TypeOf(ed.ExtendedType), field: ed.Field} + + extProp.RLock() + if prop, ok := extProp.m[key]; ok { + extProp.RUnlock() + return prop + } + extProp.RUnlock() + + extProp.Lock() + defer extProp.Unlock() + // Check again. + if prop, ok := extProp.m[key]; ok { + return prop + } + + prop := new(Properties) + prop.Init(reflect.TypeOf(ed.ExtensionType), "unknown_name", ed.Tag, nil) + extProp.m[key] = prop + return prop +} + +// HasExtension returns whether the given extension is present in pb. +func HasExtension(pb Message, extension *ExtensionDesc) bool { + // TODO: Check types, field numbers, etc.? + epb, err := extendable(pb) + if err != nil { + return false + } + extmap, mu := epb.extensionsRead() + if extmap == nil { + return false + } + mu.Lock() + _, ok := extmap[extension.Field] + mu.Unlock() + return ok +} + +// ClearExtension removes the given extension from pb. +func ClearExtension(pb Message, extension *ExtensionDesc) { + epb, err := extendable(pb) + if err != nil { + return + } + // TODO: Check types, field numbers, etc.? + extmap := epb.extensionsWrite() + delete(extmap, extension.Field) +} + +// GetExtension retrieves a proto2 extended field from pb. +// +// If the descriptor is type complete (i.e., ExtensionDesc.ExtensionType is non-nil), +// then GetExtension parses the encoded field and returns a Go value of the specified type. +// If the field is not present, then the default value is returned (if one is specified), +// otherwise ErrMissingExtension is reported. +// +// If the descriptor is not type complete (i.e., ExtensionDesc.ExtensionType is nil), +// then GetExtension returns the raw encoded bytes of the field extension. +func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) { + epb, err := extendable(pb) + if err != nil { + return nil, err + } + + if extension.ExtendedType != nil { + // can only check type if this is a complete descriptor + if err := checkExtensionTypes(epb, extension); err != nil { + return nil, err + } + } + + emap, mu := epb.extensionsRead() + if emap == nil { + return defaultExtensionValue(extension) + } + mu.Lock() + defer mu.Unlock() + e, ok := emap[extension.Field] + if !ok { + // defaultExtensionValue returns the default value or + // ErrMissingExtension if there is no default. + return defaultExtensionValue(extension) + } + + if e.value != nil { + // Already decoded. Check the descriptor, though. + if e.desc != extension { + // This shouldn't happen. If it does, it means that + // GetExtension was called twice with two different + // descriptors with the same field number. + return nil, errors.New("proto: descriptor conflict") + } + return extensionAsLegacyType(e.value), nil + } + + if extension.ExtensionType == nil { + // incomplete descriptor + return e.enc, nil + } + + v, err := decodeExtension(e.enc, extension) + if err != nil { + return nil, err + } + + // Remember the decoded version and drop the encoded version. + // That way it is safe to mutate what we return. + e.value = extensionAsStorageType(v) + e.desc = extension + e.enc = nil + emap[extension.Field] = e + return extensionAsLegacyType(e.value), nil +} + +// defaultExtensionValue returns the default value for extension. +// If no default for an extension is defined ErrMissingExtension is returned. +func defaultExtensionValue(extension *ExtensionDesc) (interface{}, error) { + if extension.ExtensionType == nil { + // incomplete descriptor, so no default + return nil, ErrMissingExtension + } + + t := reflect.TypeOf(extension.ExtensionType) + props := extensionProperties(extension) + + sf, _, err := fieldDefault(t, props) + if err != nil { + return nil, err + } + + if sf == nil || sf.value == nil { + // There is no default value. + return nil, ErrMissingExtension + } + + if t.Kind() != reflect.Ptr { + // We do not need to return a Ptr, we can directly return sf.value. + return sf.value, nil + } + + // We need to return an interface{} that is a pointer to sf.value. + value := reflect.New(t).Elem() + value.Set(reflect.New(value.Type().Elem())) + if sf.kind == reflect.Int32 { + // We may have an int32 or an enum, but the underlying data is int32. + // Since we can't set an int32 into a non int32 reflect.value directly + // set it as a int32. + value.Elem().SetInt(int64(sf.value.(int32))) + } else { + value.Elem().Set(reflect.ValueOf(sf.value)) + } + return value.Interface(), nil +} + +// decodeExtension decodes an extension encoded in b. +func decodeExtension(b []byte, extension *ExtensionDesc) (interface{}, error) { + t := reflect.TypeOf(extension.ExtensionType) + unmarshal := typeUnmarshaler(t, extension.Tag) + + // t is a pointer to a struct, pointer to basic type or a slice. + // Allocate space to store the pointer/slice. + value := reflect.New(t).Elem() + + var err error + for { + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + wire := int(x) & 7 + + b, err = unmarshal(b, valToPointer(value.Addr()), wire) + if err != nil { + return nil, err + } + + if len(b) == 0 { + break + } + } + return value.Interface(), nil +} + +// GetExtensions returns a slice of the extensions present in pb that are also listed in es. +// The returned slice has the same length as es; missing extensions will appear as nil elements. +func GetExtensions(pb Message, es []*ExtensionDesc) (extensions []interface{}, err error) { + epb, err := extendable(pb) + if err != nil { + return nil, err + } + extensions = make([]interface{}, len(es)) + for i, e := range es { + extensions[i], err = GetExtension(epb, e) + if err == ErrMissingExtension { + err = nil + } + if err != nil { + return + } + } + return +} + +// ExtensionDescs returns a new slice containing pb's extension descriptors, in undefined order. +// For non-registered extensions, ExtensionDescs returns an incomplete descriptor containing +// just the Field field, which defines the extension's field number. +func ExtensionDescs(pb Message) ([]*ExtensionDesc, error) { + epb, err := extendable(pb) + if err != nil { + return nil, err + } + registeredExtensions := RegisteredExtensions(pb) + + emap, mu := epb.extensionsRead() + if emap == nil { + return nil, nil + } + mu.Lock() + defer mu.Unlock() + extensions := make([]*ExtensionDesc, 0, len(emap)) + for extid, e := range emap { + desc := e.desc + if desc == nil { + desc = registeredExtensions[extid] + if desc == nil { + desc = &ExtensionDesc{Field: extid} + } + } + + extensions = append(extensions, desc) + } + return extensions, nil +} + +// SetExtension sets the specified extension of pb to the specified value. +func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error { + epb, err := extendable(pb) + if err != nil { + return err + } + if err := checkExtensionTypes(epb, extension); err != nil { + return err + } + typ := reflect.TypeOf(extension.ExtensionType) + if typ != reflect.TypeOf(value) { + return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", value, extension.ExtensionType) + } + // nil extension values need to be caught early, because the + // encoder can't distinguish an ErrNil due to a nil extension + // from an ErrNil due to a missing field. Extensions are + // always optional, so the encoder would just swallow the error + // and drop all the extensions from the encoded message. + if reflect.ValueOf(value).IsNil() { + return fmt.Errorf("proto: SetExtension called with nil value of type %T", value) + } + + extmap := epb.extensionsWrite() + extmap[extension.Field] = Extension{desc: extension, value: extensionAsStorageType(value)} + return nil +} + +// ClearAllExtensions clears all extensions from pb. +func ClearAllExtensions(pb Message) { + epb, err := extendable(pb) + if err != nil { + return + } + m := epb.extensionsWrite() + for k := range m { + delete(m, k) + } +} + +// A global registry of extensions. +// The generated code will register the generated descriptors by calling RegisterExtension. + +var extensionMaps = make(map[reflect.Type]map[int32]*ExtensionDesc) + +// RegisterExtension is called from the generated code. +func RegisterExtension(desc *ExtensionDesc) { + st := reflect.TypeOf(desc.ExtendedType).Elem() + m := extensionMaps[st] + if m == nil { + m = make(map[int32]*ExtensionDesc) + extensionMaps[st] = m + } + if _, ok := m[desc.Field]; ok { + panic("proto: duplicate extension registered: " + st.String() + " " + strconv.Itoa(int(desc.Field))) + } + m[desc.Field] = desc +} + +// RegisteredExtensions returns a map of the registered extensions of a +// protocol buffer struct, indexed by the extension number. +// The argument pb should be a nil pointer to the struct type. +func RegisteredExtensions(pb Message) map[int32]*ExtensionDesc { + return extensionMaps[reflect.TypeOf(pb).Elem()] +} + +// extensionAsLegacyType converts an value in the storage type as the API type. +// See Extension.value. +func extensionAsLegacyType(v interface{}) interface{} { + switch rv := reflect.ValueOf(v); rv.Kind() { + case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String: + // Represent primitive types as a pointer to the value. + rv2 := reflect.New(rv.Type()) + rv2.Elem().Set(rv) + v = rv2.Interface() + case reflect.Ptr: + // Represent slice types as the value itself. + switch rv.Type().Elem().Kind() { + case reflect.Slice: + if rv.IsNil() { + v = reflect.Zero(rv.Type().Elem()).Interface() + } else { + v = rv.Elem().Interface() + } + } + } + return v +} + +// extensionAsStorageType converts an value in the API type as the storage type. +// See Extension.value. +func extensionAsStorageType(v interface{}) interface{} { + switch rv := reflect.ValueOf(v); rv.Kind() { + case reflect.Ptr: + // Represent slice types as the value itself. + switch rv.Type().Elem().Kind() { + case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String: + if rv.IsNil() { + v = reflect.Zero(rv.Type().Elem()).Interface() + } else { + v = rv.Elem().Interface() + } + } + case reflect.Slice: + // Represent slice types as a pointer to the value. + if rv.Type().Elem().Kind() != reflect.Uint8 { + rv2 := reflect.New(rv.Type()) + rv2.Elem().Set(rv) + v = rv2.Interface() + } + } + return v +} diff --git a/vendor/github.com/golang/protobuf/proto/lib.go b/vendor/github.com/golang/protobuf/proto/lib.go new file mode 100644 index 0000000..fdd328b --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/lib.go @@ -0,0 +1,965 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +/* +Package proto converts data structures to and from the wire format of +protocol buffers. It works in concert with the Go source code generated +for .proto files by the protocol compiler. + +A summary of the properties of the protocol buffer interface +for a protocol buffer variable v: + + - Names are turned from camel_case to CamelCase for export. + - There are no methods on v to set fields; just treat + them as structure fields. + - There are getters that return a field's value if set, + and return the field's default value if unset. + The getters work even if the receiver is a nil message. + - The zero value for a struct is its correct initialization state. + All desired fields must be set before marshaling. + - A Reset() method will restore a protobuf struct to its zero state. + - Non-repeated fields are pointers to the values; nil means unset. + That is, optional or required field int32 f becomes F *int32. + - Repeated fields are slices. + - Helper functions are available to aid the setting of fields. + msg.Foo = proto.String("hello") // set field + - Constants are defined to hold the default values of all fields that + have them. They have the form Default_StructName_FieldName. + Because the getter methods handle defaulted values, + direct use of these constants should be rare. + - Enums are given type names and maps from names to values. + Enum values are prefixed by the enclosing message's name, or by the + enum's type name if it is a top-level enum. Enum types have a String + method, and a Enum method to assist in message construction. + - Nested messages, groups and enums have type names prefixed with the name of + the surrounding message type. + - Extensions are given descriptor names that start with E_, + followed by an underscore-delimited list of the nested messages + that contain it (if any) followed by the CamelCased name of the + extension field itself. HasExtension, ClearExtension, GetExtension + and SetExtension are functions for manipulating extensions. + - Oneof field sets are given a single field in their message, + with distinguished wrapper types for each possible field value. + - Marshal and Unmarshal are functions to encode and decode the wire format. + +When the .proto file specifies `syntax="proto3"`, there are some differences: + + - Non-repeated fields of non-message type are values instead of pointers. + - Enum types do not get an Enum method. + +The simplest way to describe this is to see an example. +Given file test.proto, containing + + package example; + + enum FOO { X = 17; } + + message Test { + required string label = 1; + optional int32 type = 2 [default=77]; + repeated int64 reps = 3; + optional group OptionalGroup = 4 { + required string RequiredField = 5; + } + oneof union { + int32 number = 6; + string name = 7; + } + } + +The resulting file, test.pb.go, is: + + package example + + import proto "github.com/golang/protobuf/proto" + import math "math" + + type FOO int32 + const ( + FOO_X FOO = 17 + ) + var FOO_name = map[int32]string{ + 17: "X", + } + var FOO_value = map[string]int32{ + "X": 17, + } + + func (x FOO) Enum() *FOO { + p := new(FOO) + *p = x + return p + } + func (x FOO) String() string { + return proto.EnumName(FOO_name, int32(x)) + } + func (x *FOO) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(FOO_value, data) + if err != nil { + return err + } + *x = FOO(value) + return nil + } + + type Test struct { + Label *string `protobuf:"bytes,1,req,name=label" json:"label,omitempty"` + Type *int32 `protobuf:"varint,2,opt,name=type,def=77" json:"type,omitempty"` + Reps []int64 `protobuf:"varint,3,rep,name=reps" json:"reps,omitempty"` + Optionalgroup *Test_OptionalGroup `protobuf:"group,4,opt,name=OptionalGroup" json:"optionalgroup,omitempty"` + // Types that are valid to be assigned to Union: + // *Test_Number + // *Test_Name + Union isTest_Union `protobuf_oneof:"union"` + XXX_unrecognized []byte `json:"-"` + } + func (m *Test) Reset() { *m = Test{} } + func (m *Test) String() string { return proto.CompactTextString(m) } + func (*Test) ProtoMessage() {} + + type isTest_Union interface { + isTest_Union() + } + + type Test_Number struct { + Number int32 `protobuf:"varint,6,opt,name=number"` + } + type Test_Name struct { + Name string `protobuf:"bytes,7,opt,name=name"` + } + + func (*Test_Number) isTest_Union() {} + func (*Test_Name) isTest_Union() {} + + func (m *Test) GetUnion() isTest_Union { + if m != nil { + return m.Union + } + return nil + } + const Default_Test_Type int32 = 77 + + func (m *Test) GetLabel() string { + if m != nil && m.Label != nil { + return *m.Label + } + return "" + } + + func (m *Test) GetType() int32 { + if m != nil && m.Type != nil { + return *m.Type + } + return Default_Test_Type + } + + func (m *Test) GetOptionalgroup() *Test_OptionalGroup { + if m != nil { + return m.Optionalgroup + } + return nil + } + + type Test_OptionalGroup struct { + RequiredField *string `protobuf:"bytes,5,req" json:"RequiredField,omitempty"` + } + func (m *Test_OptionalGroup) Reset() { *m = Test_OptionalGroup{} } + func (m *Test_OptionalGroup) String() string { return proto.CompactTextString(m) } + + func (m *Test_OptionalGroup) GetRequiredField() string { + if m != nil && m.RequiredField != nil { + return *m.RequiredField + } + return "" + } + + func (m *Test) GetNumber() int32 { + if x, ok := m.GetUnion().(*Test_Number); ok { + return x.Number + } + return 0 + } + + func (m *Test) GetName() string { + if x, ok := m.GetUnion().(*Test_Name); ok { + return x.Name + } + return "" + } + + func init() { + proto.RegisterEnum("example.FOO", FOO_name, FOO_value) + } + +To create and play with a Test object: + + package main + + import ( + "log" + + "github.com/golang/protobuf/proto" + pb "./example.pb" + ) + + func main() { + test := &pb.Test{ + Label: proto.String("hello"), + Type: proto.Int32(17), + Reps: []int64{1, 2, 3}, + Optionalgroup: &pb.Test_OptionalGroup{ + RequiredField: proto.String("good bye"), + }, + Union: &pb.Test_Name{"fred"}, + } + data, err := proto.Marshal(test) + if err != nil { + log.Fatal("marshaling error: ", err) + } + newTest := &pb.Test{} + err = proto.Unmarshal(data, newTest) + if err != nil { + log.Fatal("unmarshaling error: ", err) + } + // Now test and newTest contain the same data. + if test.GetLabel() != newTest.GetLabel() { + log.Fatalf("data mismatch %q != %q", test.GetLabel(), newTest.GetLabel()) + } + // Use a type switch to determine which oneof was set. + switch u := test.Union.(type) { + case *pb.Test_Number: // u.Number contains the number. + case *pb.Test_Name: // u.Name contains the string. + } + // etc. + } +*/ +package proto + +import ( + "encoding/json" + "fmt" + "log" + "reflect" + "sort" + "strconv" + "sync" +) + +// RequiredNotSetError is an error type returned by either Marshal or Unmarshal. +// Marshal reports this when a required field is not initialized. +// Unmarshal reports this when a required field is missing from the wire data. +type RequiredNotSetError struct{ field string } + +func (e *RequiredNotSetError) Error() string { + if e.field == "" { + return fmt.Sprintf("proto: required field not set") + } + return fmt.Sprintf("proto: required field %q not set", e.field) +} +func (e *RequiredNotSetError) RequiredNotSet() bool { + return true +} + +type invalidUTF8Error struct{ field string } + +func (e *invalidUTF8Error) Error() string { + if e.field == "" { + return "proto: invalid UTF-8 detected" + } + return fmt.Sprintf("proto: field %q contains invalid UTF-8", e.field) +} +func (e *invalidUTF8Error) InvalidUTF8() bool { + return true +} + +// errInvalidUTF8 is a sentinel error to identify fields with invalid UTF-8. +// This error should not be exposed to the external API as such errors should +// be recreated with the field information. +var errInvalidUTF8 = &invalidUTF8Error{} + +// isNonFatal reports whether the error is either a RequiredNotSet error +// or a InvalidUTF8 error. +func isNonFatal(err error) bool { + if re, ok := err.(interface{ RequiredNotSet() bool }); ok && re.RequiredNotSet() { + return true + } + if re, ok := err.(interface{ InvalidUTF8() bool }); ok && re.InvalidUTF8() { + return true + } + return false +} + +type nonFatal struct{ E error } + +// Merge merges err into nf and reports whether it was successful. +// Otherwise it returns false for any fatal non-nil errors. +func (nf *nonFatal) Merge(err error) (ok bool) { + if err == nil { + return true // not an error + } + if !isNonFatal(err) { + return false // fatal error + } + if nf.E == nil { + nf.E = err // store first instance of non-fatal error + } + return true +} + +// Message is implemented by generated protocol buffer messages. +type Message interface { + Reset() + String() string + ProtoMessage() +} + +// A Buffer is a buffer manager for marshaling and unmarshaling +// protocol buffers. It may be reused between invocations to +// reduce memory usage. It is not necessary to use a Buffer; +// the global functions Marshal and Unmarshal create a +// temporary Buffer and are fine for most applications. +type Buffer struct { + buf []byte // encode/decode byte stream + index int // read point + + deterministic bool +} + +// NewBuffer allocates a new Buffer and initializes its internal data to +// the contents of the argument slice. +func NewBuffer(e []byte) *Buffer { + return &Buffer{buf: e} +} + +// Reset resets the Buffer, ready for marshaling a new protocol buffer. +func (p *Buffer) Reset() { + p.buf = p.buf[0:0] // for reading/writing + p.index = 0 // for reading +} + +// SetBuf replaces the internal buffer with the slice, +// ready for unmarshaling the contents of the slice. +func (p *Buffer) SetBuf(s []byte) { + p.buf = s + p.index = 0 +} + +// Bytes returns the contents of the Buffer. +func (p *Buffer) Bytes() []byte { return p.buf } + +// SetDeterministic sets whether to use deterministic serialization. +// +// Deterministic serialization guarantees that for a given binary, equal +// messages will always be serialized to the same bytes. This implies: +// +// - Repeated serialization of a message will return the same bytes. +// - Different processes of the same binary (which may be executing on +// different machines) will serialize equal messages to the same bytes. +// +// Note that the deterministic serialization is NOT canonical across +// languages. It is not guaranteed to remain stable over time. It is unstable +// across different builds with schema changes due to unknown fields. +// Users who need canonical serialization (e.g., persistent storage in a +// canonical form, fingerprinting, etc.) should define their own +// canonicalization specification and implement their own serializer rather +// than relying on this API. +// +// If deterministic serialization is requested, map entries will be sorted +// by keys in lexographical order. This is an implementation detail and +// subject to change. +func (p *Buffer) SetDeterministic(deterministic bool) { + p.deterministic = deterministic +} + +/* + * Helper routines for simplifying the creation of optional fields of basic type. + */ + +// Bool is a helper routine that allocates a new bool value +// to store v and returns a pointer to it. +func Bool(v bool) *bool { + return &v +} + +// Int32 is a helper routine that allocates a new int32 value +// to store v and returns a pointer to it. +func Int32(v int32) *int32 { + return &v +} + +// Int is a helper routine that allocates a new int32 value +// to store v and returns a pointer to it, but unlike Int32 +// its argument value is an int. +func Int(v int) *int32 { + p := new(int32) + *p = int32(v) + return p +} + +// Int64 is a helper routine that allocates a new int64 value +// to store v and returns a pointer to it. +func Int64(v int64) *int64 { + return &v +} + +// Float32 is a helper routine that allocates a new float32 value +// to store v and returns a pointer to it. +func Float32(v float32) *float32 { + return &v +} + +// Float64 is a helper routine that allocates a new float64 value +// to store v and returns a pointer to it. +func Float64(v float64) *float64 { + return &v +} + +// Uint32 is a helper routine that allocates a new uint32 value +// to store v and returns a pointer to it. +func Uint32(v uint32) *uint32 { + return &v +} + +// Uint64 is a helper routine that allocates a new uint64 value +// to store v and returns a pointer to it. +func Uint64(v uint64) *uint64 { + return &v +} + +// String is a helper routine that allocates a new string value +// to store v and returns a pointer to it. +func String(v string) *string { + return &v +} + +// EnumName is a helper function to simplify printing protocol buffer enums +// by name. Given an enum map and a value, it returns a useful string. +func EnumName(m map[int32]string, v int32) string { + s, ok := m[v] + if ok { + return s + } + return strconv.Itoa(int(v)) +} + +// UnmarshalJSONEnum is a helper function to simplify recovering enum int values +// from their JSON-encoded representation. Given a map from the enum's symbolic +// names to its int values, and a byte buffer containing the JSON-encoded +// value, it returns an int32 that can be cast to the enum type by the caller. +// +// The function can deal with both JSON representations, numeric and symbolic. +func UnmarshalJSONEnum(m map[string]int32, data []byte, enumName string) (int32, error) { + if data[0] == '"' { + // New style: enums are strings. + var repr string + if err := json.Unmarshal(data, &repr); err != nil { + return -1, err + } + val, ok := m[repr] + if !ok { + return 0, fmt.Errorf("unrecognized enum %s value %q", enumName, repr) + } + return val, nil + } + // Old style: enums are ints. + var val int32 + if err := json.Unmarshal(data, &val); err != nil { + return 0, fmt.Errorf("cannot unmarshal %#q into enum %s", data, enumName) + } + return val, nil +} + +// DebugPrint dumps the encoded data in b in a debugging format with a header +// including the string s. Used in testing but made available for general debugging. +func (p *Buffer) DebugPrint(s string, b []byte) { + var u uint64 + + obuf := p.buf + index := p.index + p.buf = b + p.index = 0 + depth := 0 + + fmt.Printf("\n--- %s ---\n", s) + +out: + for { + for i := 0; i < depth; i++ { + fmt.Print(" ") + } + + index := p.index + if index == len(p.buf) { + break + } + + op, err := p.DecodeVarint() + if err != nil { + fmt.Printf("%3d: fetching op err %v\n", index, err) + break out + } + tag := op >> 3 + wire := op & 7 + + switch wire { + default: + fmt.Printf("%3d: t=%3d unknown wire=%d\n", + index, tag, wire) + break out + + case WireBytes: + var r []byte + + r, err = p.DecodeRawBytes(false) + if err != nil { + break out + } + fmt.Printf("%3d: t=%3d bytes [%d]", index, tag, len(r)) + if len(r) <= 6 { + for i := 0; i < len(r); i++ { + fmt.Printf(" %.2x", r[i]) + } + } else { + for i := 0; i < 3; i++ { + fmt.Printf(" %.2x", r[i]) + } + fmt.Printf(" ..") + for i := len(r) - 3; i < len(r); i++ { + fmt.Printf(" %.2x", r[i]) + } + } + fmt.Printf("\n") + + case WireFixed32: + u, err = p.DecodeFixed32() + if err != nil { + fmt.Printf("%3d: t=%3d fix32 err %v\n", index, tag, err) + break out + } + fmt.Printf("%3d: t=%3d fix32 %d\n", index, tag, u) + + case WireFixed64: + u, err = p.DecodeFixed64() + if err != nil { + fmt.Printf("%3d: t=%3d fix64 err %v\n", index, tag, err) + break out + } + fmt.Printf("%3d: t=%3d fix64 %d\n", index, tag, u) + + case WireVarint: + u, err = p.DecodeVarint() + if err != nil { + fmt.Printf("%3d: t=%3d varint err %v\n", index, tag, err) + break out + } + fmt.Printf("%3d: t=%3d varint %d\n", index, tag, u) + + case WireStartGroup: + fmt.Printf("%3d: t=%3d start\n", index, tag) + depth++ + + case WireEndGroup: + depth-- + fmt.Printf("%3d: t=%3d end\n", index, tag) + } + } + + if depth != 0 { + fmt.Printf("%3d: start-end not balanced %d\n", p.index, depth) + } + fmt.Printf("\n") + + p.buf = obuf + p.index = index +} + +// SetDefaults sets unset protocol buffer fields to their default values. +// It only modifies fields that are both unset and have defined defaults. +// It recursively sets default values in any non-nil sub-messages. +func SetDefaults(pb Message) { + setDefaults(reflect.ValueOf(pb), true, false) +} + +// v is a pointer to a struct. +func setDefaults(v reflect.Value, recur, zeros bool) { + v = v.Elem() + + defaultMu.RLock() + dm, ok := defaults[v.Type()] + defaultMu.RUnlock() + if !ok { + dm = buildDefaultMessage(v.Type()) + defaultMu.Lock() + defaults[v.Type()] = dm + defaultMu.Unlock() + } + + for _, sf := range dm.scalars { + f := v.Field(sf.index) + if !f.IsNil() { + // field already set + continue + } + dv := sf.value + if dv == nil && !zeros { + // no explicit default, and don't want to set zeros + continue + } + fptr := f.Addr().Interface() // **T + // TODO: Consider batching the allocations we do here. + switch sf.kind { + case reflect.Bool: + b := new(bool) + if dv != nil { + *b = dv.(bool) + } + *(fptr.(**bool)) = b + case reflect.Float32: + f := new(float32) + if dv != nil { + *f = dv.(float32) + } + *(fptr.(**float32)) = f + case reflect.Float64: + f := new(float64) + if dv != nil { + *f = dv.(float64) + } + *(fptr.(**float64)) = f + case reflect.Int32: + // might be an enum + if ft := f.Type(); ft != int32PtrType { + // enum + f.Set(reflect.New(ft.Elem())) + if dv != nil { + f.Elem().SetInt(int64(dv.(int32))) + } + } else { + // int32 field + i := new(int32) + if dv != nil { + *i = dv.(int32) + } + *(fptr.(**int32)) = i + } + case reflect.Int64: + i := new(int64) + if dv != nil { + *i = dv.(int64) + } + *(fptr.(**int64)) = i + case reflect.String: + s := new(string) + if dv != nil { + *s = dv.(string) + } + *(fptr.(**string)) = s + case reflect.Uint8: + // exceptional case: []byte + var b []byte + if dv != nil { + db := dv.([]byte) + b = make([]byte, len(db)) + copy(b, db) + } else { + b = []byte{} + } + *(fptr.(*[]byte)) = b + case reflect.Uint32: + u := new(uint32) + if dv != nil { + *u = dv.(uint32) + } + *(fptr.(**uint32)) = u + case reflect.Uint64: + u := new(uint64) + if dv != nil { + *u = dv.(uint64) + } + *(fptr.(**uint64)) = u + default: + log.Printf("proto: can't set default for field %v (sf.kind=%v)", f, sf.kind) + } + } + + for _, ni := range dm.nested { + f := v.Field(ni) + // f is *T or []*T or map[T]*T + switch f.Kind() { + case reflect.Ptr: + if f.IsNil() { + continue + } + setDefaults(f, recur, zeros) + + case reflect.Slice: + for i := 0; i < f.Len(); i++ { + e := f.Index(i) + if e.IsNil() { + continue + } + setDefaults(e, recur, zeros) + } + + case reflect.Map: + for _, k := range f.MapKeys() { + e := f.MapIndex(k) + if e.IsNil() { + continue + } + setDefaults(e, recur, zeros) + } + } + } +} + +var ( + // defaults maps a protocol buffer struct type to a slice of the fields, + // with its scalar fields set to their proto-declared non-zero default values. + defaultMu sync.RWMutex + defaults = make(map[reflect.Type]defaultMessage) + + int32PtrType = reflect.TypeOf((*int32)(nil)) +) + +// defaultMessage represents information about the default values of a message. +type defaultMessage struct { + scalars []scalarField + nested []int // struct field index of nested messages +} + +type scalarField struct { + index int // struct field index + kind reflect.Kind // element type (the T in *T or []T) + value interface{} // the proto-declared default value, or nil +} + +// t is a struct type. +func buildDefaultMessage(t reflect.Type) (dm defaultMessage) { + sprop := GetProperties(t) + for _, prop := range sprop.Prop { + fi, ok := sprop.decoderTags.get(prop.Tag) + if !ok { + // XXX_unrecognized + continue + } + ft := t.Field(fi).Type + + sf, nested, err := fieldDefault(ft, prop) + switch { + case err != nil: + log.Print(err) + case nested: + dm.nested = append(dm.nested, fi) + case sf != nil: + sf.index = fi + dm.scalars = append(dm.scalars, *sf) + } + } + + return dm +} + +// fieldDefault returns the scalarField for field type ft. +// sf will be nil if the field can not have a default. +// nestedMessage will be true if this is a nested message. +// Note that sf.index is not set on return. +func fieldDefault(ft reflect.Type, prop *Properties) (sf *scalarField, nestedMessage bool, err error) { + var canHaveDefault bool + switch ft.Kind() { + case reflect.Ptr: + if ft.Elem().Kind() == reflect.Struct { + nestedMessage = true + } else { + canHaveDefault = true // proto2 scalar field + } + + case reflect.Slice: + switch ft.Elem().Kind() { + case reflect.Ptr: + nestedMessage = true // repeated message + case reflect.Uint8: + canHaveDefault = true // bytes field + } + + case reflect.Map: + if ft.Elem().Kind() == reflect.Ptr { + nestedMessage = true // map with message values + } + } + + if !canHaveDefault { + if nestedMessage { + return nil, true, nil + } + return nil, false, nil + } + + // We now know that ft is a pointer or slice. + sf = &scalarField{kind: ft.Elem().Kind()} + + // scalar fields without defaults + if !prop.HasDefault { + return sf, false, nil + } + + // a scalar field: either *T or []byte + switch ft.Elem().Kind() { + case reflect.Bool: + x, err := strconv.ParseBool(prop.Default) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default bool %q: %v", prop.Default, err) + } + sf.value = x + case reflect.Float32: + x, err := strconv.ParseFloat(prop.Default, 32) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default float32 %q: %v", prop.Default, err) + } + sf.value = float32(x) + case reflect.Float64: + x, err := strconv.ParseFloat(prop.Default, 64) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default float64 %q: %v", prop.Default, err) + } + sf.value = x + case reflect.Int32: + x, err := strconv.ParseInt(prop.Default, 10, 32) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default int32 %q: %v", prop.Default, err) + } + sf.value = int32(x) + case reflect.Int64: + x, err := strconv.ParseInt(prop.Default, 10, 64) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default int64 %q: %v", prop.Default, err) + } + sf.value = x + case reflect.String: + sf.value = prop.Default + case reflect.Uint8: + // []byte (not *uint8) + sf.value = []byte(prop.Default) + case reflect.Uint32: + x, err := strconv.ParseUint(prop.Default, 10, 32) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default uint32 %q: %v", prop.Default, err) + } + sf.value = uint32(x) + case reflect.Uint64: + x, err := strconv.ParseUint(prop.Default, 10, 64) + if err != nil { + return nil, false, fmt.Errorf("proto: bad default uint64 %q: %v", prop.Default, err) + } + sf.value = x + default: + return nil, false, fmt.Errorf("proto: unhandled def kind %v", ft.Elem().Kind()) + } + + return sf, false, nil +} + +// mapKeys returns a sort.Interface to be used for sorting the map keys. +// Map fields may have key types of non-float scalars, strings and enums. +func mapKeys(vs []reflect.Value) sort.Interface { + s := mapKeySorter{vs: vs} + + // Type specialization per https://developers.google.com/protocol-buffers/docs/proto#maps. + if len(vs) == 0 { + return s + } + switch vs[0].Kind() { + case reflect.Int32, reflect.Int64: + s.less = func(a, b reflect.Value) bool { return a.Int() < b.Int() } + case reflect.Uint32, reflect.Uint64: + s.less = func(a, b reflect.Value) bool { return a.Uint() < b.Uint() } + case reflect.Bool: + s.less = func(a, b reflect.Value) bool { return !a.Bool() && b.Bool() } // false < true + case reflect.String: + s.less = func(a, b reflect.Value) bool { return a.String() < b.String() } + default: + panic(fmt.Sprintf("unsupported map key type: %v", vs[0].Kind())) + } + + return s +} + +type mapKeySorter struct { + vs []reflect.Value + less func(a, b reflect.Value) bool +} + +func (s mapKeySorter) Len() int { return len(s.vs) } +func (s mapKeySorter) Swap(i, j int) { s.vs[i], s.vs[j] = s.vs[j], s.vs[i] } +func (s mapKeySorter) Less(i, j int) bool { + return s.less(s.vs[i], s.vs[j]) +} + +// isProto3Zero reports whether v is a zero proto3 value. +func isProto3Zero(v reflect.Value) bool { + switch v.Kind() { + case reflect.Bool: + return !v.Bool() + case reflect.Int32, reflect.Int64: + return v.Int() == 0 + case reflect.Uint32, reflect.Uint64: + return v.Uint() == 0 + case reflect.Float32, reflect.Float64: + return v.Float() == 0 + case reflect.String: + return v.String() == "" + } + return false +} + +const ( + // ProtoPackageIsVersion3 is referenced from generated protocol buffer files + // to assert that that code is compatible with this version of the proto package. + ProtoPackageIsVersion3 = true + + // ProtoPackageIsVersion2 is referenced from generated protocol buffer files + // to assert that that code is compatible with this version of the proto package. + ProtoPackageIsVersion2 = true + + // ProtoPackageIsVersion1 is referenced from generated protocol buffer files + // to assert that that code is compatible with this version of the proto package. + ProtoPackageIsVersion1 = true +) + +// InternalMessageInfo is a type used internally by generated .pb.go files. +// This type is not intended to be used by non-generated code. +// This type is not subject to any compatibility guarantee. +type InternalMessageInfo struct { + marshal *marshalInfo + unmarshal *unmarshalInfo + merge *mergeInfo + discard *discardInfo +} diff --git a/vendor/github.com/golang/protobuf/proto/message_set.go b/vendor/github.com/golang/protobuf/proto/message_set.go new file mode 100644 index 0000000..f48a756 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/message_set.go @@ -0,0 +1,181 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +/* + * Support for message sets. + */ + +import ( + "errors" +) + +// errNoMessageTypeID occurs when a protocol buffer does not have a message type ID. +// A message type ID is required for storing a protocol buffer in a message set. +var errNoMessageTypeID = errors.New("proto does not have a message type ID") + +// The first two types (_MessageSet_Item and messageSet) +// model what the protocol compiler produces for the following protocol message: +// message MessageSet { +// repeated group Item = 1 { +// required int32 type_id = 2; +// required string message = 3; +// }; +// } +// That is the MessageSet wire format. We can't use a proto to generate these +// because that would introduce a circular dependency between it and this package. + +type _MessageSet_Item struct { + TypeId *int32 `protobuf:"varint,2,req,name=type_id"` + Message []byte `protobuf:"bytes,3,req,name=message"` +} + +type messageSet struct { + Item []*_MessageSet_Item `protobuf:"group,1,rep"` + XXX_unrecognized []byte + // TODO: caching? +} + +// Make sure messageSet is a Message. +var _ Message = (*messageSet)(nil) + +// messageTypeIder is an interface satisfied by a protocol buffer type +// that may be stored in a MessageSet. +type messageTypeIder interface { + MessageTypeId() int32 +} + +func (ms *messageSet) find(pb Message) *_MessageSet_Item { + mti, ok := pb.(messageTypeIder) + if !ok { + return nil + } + id := mti.MessageTypeId() + for _, item := range ms.Item { + if *item.TypeId == id { + return item + } + } + return nil +} + +func (ms *messageSet) Has(pb Message) bool { + return ms.find(pb) != nil +} + +func (ms *messageSet) Unmarshal(pb Message) error { + if item := ms.find(pb); item != nil { + return Unmarshal(item.Message, pb) + } + if _, ok := pb.(messageTypeIder); !ok { + return errNoMessageTypeID + } + return nil // TODO: return error instead? +} + +func (ms *messageSet) Marshal(pb Message) error { + msg, err := Marshal(pb) + if err != nil { + return err + } + if item := ms.find(pb); item != nil { + // reuse existing item + item.Message = msg + return nil + } + + mti, ok := pb.(messageTypeIder) + if !ok { + return errNoMessageTypeID + } + + mtid := mti.MessageTypeId() + ms.Item = append(ms.Item, &_MessageSet_Item{ + TypeId: &mtid, + Message: msg, + }) + return nil +} + +func (ms *messageSet) Reset() { *ms = messageSet{} } +func (ms *messageSet) String() string { return CompactTextString(ms) } +func (*messageSet) ProtoMessage() {} + +// Support for the message_set_wire_format message option. + +func skipVarint(buf []byte) []byte { + i := 0 + for ; buf[i]&0x80 != 0; i++ { + } + return buf[i+1:] +} + +// unmarshalMessageSet decodes the extension map encoded in buf in the message set wire format. +// It is called by Unmarshal methods on protocol buffer messages with the message_set_wire_format option. +func unmarshalMessageSet(buf []byte, exts interface{}) error { + var m map[int32]Extension + switch exts := exts.(type) { + case *XXX_InternalExtensions: + m = exts.extensionsWrite() + case map[int32]Extension: + m = exts + default: + return errors.New("proto: not an extension map") + } + + ms := new(messageSet) + if err := Unmarshal(buf, ms); err != nil { + return err + } + for _, item := range ms.Item { + id := *item.TypeId + msg := item.Message + + // Restore wire type and field number varint, plus length varint. + // Be careful to preserve duplicate items. + b := EncodeVarint(uint64(id)<<3 | WireBytes) + if ext, ok := m[id]; ok { + // Existing data; rip off the tag and length varint + // so we join the new data correctly. + // We can assume that ext.enc is set because we are unmarshaling. + o := ext.enc[len(b):] // skip wire type and field number + _, n := DecodeVarint(o) // calculate length of length varint + o = o[n:] // skip length varint + msg = append(o, msg...) // join old data and new data + } + b = append(b, EncodeVarint(uint64(len(msg)))...) + b = append(b, msg...) + + m[id] = Extension{enc: b} + } + return nil +} diff --git a/vendor/github.com/golang/protobuf/proto/pointer_reflect.go b/vendor/github.com/golang/protobuf/proto/pointer_reflect.go new file mode 100644 index 0000000..94fa919 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/pointer_reflect.go @@ -0,0 +1,360 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2012 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// +build purego appengine js + +// This file contains an implementation of proto field accesses using package reflect. +// It is slower than the code in pointer_unsafe.go but it avoids package unsafe and can +// be used on App Engine. + +package proto + +import ( + "reflect" + "sync" +) + +const unsafeAllowed = false + +// A field identifies a field in a struct, accessible from a pointer. +// In this implementation, a field is identified by the sequence of field indices +// passed to reflect's FieldByIndex. +type field []int + +// toField returns a field equivalent to the given reflect field. +func toField(f *reflect.StructField) field { + return f.Index +} + +// invalidField is an invalid field identifier. +var invalidField = field(nil) + +// zeroField is a noop when calling pointer.offset. +var zeroField = field([]int{}) + +// IsValid reports whether the field identifier is valid. +func (f field) IsValid() bool { return f != nil } + +// The pointer type is for the table-driven decoder. +// The implementation here uses a reflect.Value of pointer type to +// create a generic pointer. In pointer_unsafe.go we use unsafe +// instead of reflect to implement the same (but faster) interface. +type pointer struct { + v reflect.Value +} + +// toPointer converts an interface of pointer type to a pointer +// that points to the same target. +func toPointer(i *Message) pointer { + return pointer{v: reflect.ValueOf(*i)} +} + +// toAddrPointer converts an interface to a pointer that points to +// the interface data. +func toAddrPointer(i *interface{}, isptr, deref bool) pointer { + v := reflect.ValueOf(*i) + u := reflect.New(v.Type()) + u.Elem().Set(v) + if deref { + u = u.Elem() + } + return pointer{v: u} +} + +// valToPointer converts v to a pointer. v must be of pointer type. +func valToPointer(v reflect.Value) pointer { + return pointer{v: v} +} + +// offset converts from a pointer to a structure to a pointer to +// one of its fields. +func (p pointer) offset(f field) pointer { + return pointer{v: p.v.Elem().FieldByIndex(f).Addr()} +} + +func (p pointer) isNil() bool { + return p.v.IsNil() +} + +// grow updates the slice s in place to make it one element longer. +// s must be addressable. +// Returns the (addressable) new element. +func grow(s reflect.Value) reflect.Value { + n, m := s.Len(), s.Cap() + if n < m { + s.SetLen(n + 1) + } else { + s.Set(reflect.Append(s, reflect.Zero(s.Type().Elem()))) + } + return s.Index(n) +} + +func (p pointer) toInt64() *int64 { + return p.v.Interface().(*int64) +} +func (p pointer) toInt64Ptr() **int64 { + return p.v.Interface().(**int64) +} +func (p pointer) toInt64Slice() *[]int64 { + return p.v.Interface().(*[]int64) +} + +var int32ptr = reflect.TypeOf((*int32)(nil)) + +func (p pointer) toInt32() *int32 { + return p.v.Convert(int32ptr).Interface().(*int32) +} + +// The toInt32Ptr/Slice methods don't work because of enums. +// Instead, we must use set/get methods for the int32ptr/slice case. +/* + func (p pointer) toInt32Ptr() **int32 { + return p.v.Interface().(**int32) +} + func (p pointer) toInt32Slice() *[]int32 { + return p.v.Interface().(*[]int32) +} +*/ +func (p pointer) getInt32Ptr() *int32 { + if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) { + // raw int32 type + return p.v.Elem().Interface().(*int32) + } + // an enum + return p.v.Elem().Convert(int32PtrType).Interface().(*int32) +} +func (p pointer) setInt32Ptr(v int32) { + // Allocate value in a *int32. Possibly convert that to a *enum. + // Then assign it to a **int32 or **enum. + // Note: we can convert *int32 to *enum, but we can't convert + // **int32 to **enum! + p.v.Elem().Set(reflect.ValueOf(&v).Convert(p.v.Type().Elem())) +} + +// getInt32Slice copies []int32 from p as a new slice. +// This behavior differs from the implementation in pointer_unsafe.go. +func (p pointer) getInt32Slice() []int32 { + if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) { + // raw int32 type + return p.v.Elem().Interface().([]int32) + } + // an enum + // Allocate a []int32, then assign []enum's values into it. + // Note: we can't convert []enum to []int32. + slice := p.v.Elem() + s := make([]int32, slice.Len()) + for i := 0; i < slice.Len(); i++ { + s[i] = int32(slice.Index(i).Int()) + } + return s +} + +// setInt32Slice copies []int32 into p as a new slice. +// This behavior differs from the implementation in pointer_unsafe.go. +func (p pointer) setInt32Slice(v []int32) { + if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) { + // raw int32 type + p.v.Elem().Set(reflect.ValueOf(v)) + return + } + // an enum + // Allocate a []enum, then assign []int32's values into it. + // Note: we can't convert []enum to []int32. + slice := reflect.MakeSlice(p.v.Type().Elem(), len(v), cap(v)) + for i, x := range v { + slice.Index(i).SetInt(int64(x)) + } + p.v.Elem().Set(slice) +} +func (p pointer) appendInt32Slice(v int32) { + grow(p.v.Elem()).SetInt(int64(v)) +} + +func (p pointer) toUint64() *uint64 { + return p.v.Interface().(*uint64) +} +func (p pointer) toUint64Ptr() **uint64 { + return p.v.Interface().(**uint64) +} +func (p pointer) toUint64Slice() *[]uint64 { + return p.v.Interface().(*[]uint64) +} +func (p pointer) toUint32() *uint32 { + return p.v.Interface().(*uint32) +} +func (p pointer) toUint32Ptr() **uint32 { + return p.v.Interface().(**uint32) +} +func (p pointer) toUint32Slice() *[]uint32 { + return p.v.Interface().(*[]uint32) +} +func (p pointer) toBool() *bool { + return p.v.Interface().(*bool) +} +func (p pointer) toBoolPtr() **bool { + return p.v.Interface().(**bool) +} +func (p pointer) toBoolSlice() *[]bool { + return p.v.Interface().(*[]bool) +} +func (p pointer) toFloat64() *float64 { + return p.v.Interface().(*float64) +} +func (p pointer) toFloat64Ptr() **float64 { + return p.v.Interface().(**float64) +} +func (p pointer) toFloat64Slice() *[]float64 { + return p.v.Interface().(*[]float64) +} +func (p pointer) toFloat32() *float32 { + return p.v.Interface().(*float32) +} +func (p pointer) toFloat32Ptr() **float32 { + return p.v.Interface().(**float32) +} +func (p pointer) toFloat32Slice() *[]float32 { + return p.v.Interface().(*[]float32) +} +func (p pointer) toString() *string { + return p.v.Interface().(*string) +} +func (p pointer) toStringPtr() **string { + return p.v.Interface().(**string) +} +func (p pointer) toStringSlice() *[]string { + return p.v.Interface().(*[]string) +} +func (p pointer) toBytes() *[]byte { + return p.v.Interface().(*[]byte) +} +func (p pointer) toBytesSlice() *[][]byte { + return p.v.Interface().(*[][]byte) +} +func (p pointer) toExtensions() *XXX_InternalExtensions { + return p.v.Interface().(*XXX_InternalExtensions) +} +func (p pointer) toOldExtensions() *map[int32]Extension { + return p.v.Interface().(*map[int32]Extension) +} +func (p pointer) getPointer() pointer { + return pointer{v: p.v.Elem()} +} +func (p pointer) setPointer(q pointer) { + p.v.Elem().Set(q.v) +} +func (p pointer) appendPointer(q pointer) { + grow(p.v.Elem()).Set(q.v) +} + +// getPointerSlice copies []*T from p as a new []pointer. +// This behavior differs from the implementation in pointer_unsafe.go. +func (p pointer) getPointerSlice() []pointer { + if p.v.IsNil() { + return nil + } + n := p.v.Elem().Len() + s := make([]pointer, n) + for i := 0; i < n; i++ { + s[i] = pointer{v: p.v.Elem().Index(i)} + } + return s +} + +// setPointerSlice copies []pointer into p as a new []*T. +// This behavior differs from the implementation in pointer_unsafe.go. +func (p pointer) setPointerSlice(v []pointer) { + if v == nil { + p.v.Elem().Set(reflect.New(p.v.Elem().Type()).Elem()) + return + } + s := reflect.MakeSlice(p.v.Elem().Type(), 0, len(v)) + for _, p := range v { + s = reflect.Append(s, p.v) + } + p.v.Elem().Set(s) +} + +// getInterfacePointer returns a pointer that points to the +// interface data of the interface pointed by p. +func (p pointer) getInterfacePointer() pointer { + if p.v.Elem().IsNil() { + return pointer{v: p.v.Elem()} + } + return pointer{v: p.v.Elem().Elem().Elem().Field(0).Addr()} // *interface -> interface -> *struct -> struct +} + +func (p pointer) asPointerTo(t reflect.Type) reflect.Value { + // TODO: check that p.v.Type().Elem() == t? + return p.v +} + +func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo { + atomicLock.Lock() + defer atomicLock.Unlock() + return *p +} +func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) { + atomicLock.Lock() + defer atomicLock.Unlock() + *p = v +} +func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo { + atomicLock.Lock() + defer atomicLock.Unlock() + return *p +} +func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) { + atomicLock.Lock() + defer atomicLock.Unlock() + *p = v +} +func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo { + atomicLock.Lock() + defer atomicLock.Unlock() + return *p +} +func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) { + atomicLock.Lock() + defer atomicLock.Unlock() + *p = v +} +func atomicLoadDiscardInfo(p **discardInfo) *discardInfo { + atomicLock.Lock() + defer atomicLock.Unlock() + return *p +} +func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) { + atomicLock.Lock() + defer atomicLock.Unlock() + *p = v +} + +var atomicLock sync.Mutex diff --git a/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go b/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go new file mode 100644 index 0000000..dbfffe0 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go @@ -0,0 +1,313 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2012 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// +build !purego,!appengine,!js + +// This file contains the implementation of the proto field accesses using package unsafe. + +package proto + +import ( + "reflect" + "sync/atomic" + "unsafe" +) + +const unsafeAllowed = true + +// A field identifies a field in a struct, accessible from a pointer. +// In this implementation, a field is identified by its byte offset from the start of the struct. +type field uintptr + +// toField returns a field equivalent to the given reflect field. +func toField(f *reflect.StructField) field { + return field(f.Offset) +} + +// invalidField is an invalid field identifier. +const invalidField = ^field(0) + +// zeroField is a noop when calling pointer.offset. +const zeroField = field(0) + +// IsValid reports whether the field identifier is valid. +func (f field) IsValid() bool { + return f != invalidField +} + +// The pointer type below is for the new table-driven encoder/decoder. +// The implementation here uses unsafe.Pointer to create a generic pointer. +// In pointer_reflect.go we use reflect instead of unsafe to implement +// the same (but slower) interface. +type pointer struct { + p unsafe.Pointer +} + +// size of pointer +var ptrSize = unsafe.Sizeof(uintptr(0)) + +// toPointer converts an interface of pointer type to a pointer +// that points to the same target. +func toPointer(i *Message) pointer { + // Super-tricky - read pointer out of data word of interface value. + // Saves ~25ns over the equivalent: + // return valToPointer(reflect.ValueOf(*i)) + return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]} +} + +// toAddrPointer converts an interface to a pointer that points to +// the interface data. +func toAddrPointer(i *interface{}, isptr, deref bool) (p pointer) { + // Super-tricky - read or get the address of data word of interface value. + if isptr { + // The interface is of pointer type, thus it is a direct interface. + // The data word is the pointer data itself. We take its address. + p = pointer{p: unsafe.Pointer(uintptr(unsafe.Pointer(i)) + ptrSize)} + } else { + // The interface is not of pointer type. The data word is the pointer + // to the data. + p = pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]} + } + if deref { + p.p = *(*unsafe.Pointer)(p.p) + } + return p +} + +// valToPointer converts v to a pointer. v must be of pointer type. +func valToPointer(v reflect.Value) pointer { + return pointer{p: unsafe.Pointer(v.Pointer())} +} + +// offset converts from a pointer to a structure to a pointer to +// one of its fields. +func (p pointer) offset(f field) pointer { + // For safety, we should panic if !f.IsValid, however calling panic causes + // this to no longer be inlineable, which is a serious performance cost. + /* + if !f.IsValid() { + panic("invalid field") + } + */ + return pointer{p: unsafe.Pointer(uintptr(p.p) + uintptr(f))} +} + +func (p pointer) isNil() bool { + return p.p == nil +} + +func (p pointer) toInt64() *int64 { + return (*int64)(p.p) +} +func (p pointer) toInt64Ptr() **int64 { + return (**int64)(p.p) +} +func (p pointer) toInt64Slice() *[]int64 { + return (*[]int64)(p.p) +} +func (p pointer) toInt32() *int32 { + return (*int32)(p.p) +} + +// See pointer_reflect.go for why toInt32Ptr/Slice doesn't exist. +/* + func (p pointer) toInt32Ptr() **int32 { + return (**int32)(p.p) + } + func (p pointer) toInt32Slice() *[]int32 { + return (*[]int32)(p.p) + } +*/ +func (p pointer) getInt32Ptr() *int32 { + return *(**int32)(p.p) +} +func (p pointer) setInt32Ptr(v int32) { + *(**int32)(p.p) = &v +} + +// getInt32Slice loads a []int32 from p. +// The value returned is aliased with the original slice. +// This behavior differs from the implementation in pointer_reflect.go. +func (p pointer) getInt32Slice() []int32 { + return *(*[]int32)(p.p) +} + +// setInt32Slice stores a []int32 to p. +// The value set is aliased with the input slice. +// This behavior differs from the implementation in pointer_reflect.go. +func (p pointer) setInt32Slice(v []int32) { + *(*[]int32)(p.p) = v +} + +// TODO: Can we get rid of appendInt32Slice and use setInt32Slice instead? +func (p pointer) appendInt32Slice(v int32) { + s := (*[]int32)(p.p) + *s = append(*s, v) +} + +func (p pointer) toUint64() *uint64 { + return (*uint64)(p.p) +} +func (p pointer) toUint64Ptr() **uint64 { + return (**uint64)(p.p) +} +func (p pointer) toUint64Slice() *[]uint64 { + return (*[]uint64)(p.p) +} +func (p pointer) toUint32() *uint32 { + return (*uint32)(p.p) +} +func (p pointer) toUint32Ptr() **uint32 { + return (**uint32)(p.p) +} +func (p pointer) toUint32Slice() *[]uint32 { + return (*[]uint32)(p.p) +} +func (p pointer) toBool() *bool { + return (*bool)(p.p) +} +func (p pointer) toBoolPtr() **bool { + return (**bool)(p.p) +} +func (p pointer) toBoolSlice() *[]bool { + return (*[]bool)(p.p) +} +func (p pointer) toFloat64() *float64 { + return (*float64)(p.p) +} +func (p pointer) toFloat64Ptr() **float64 { + return (**float64)(p.p) +} +func (p pointer) toFloat64Slice() *[]float64 { + return (*[]float64)(p.p) +} +func (p pointer) toFloat32() *float32 { + return (*float32)(p.p) +} +func (p pointer) toFloat32Ptr() **float32 { + return (**float32)(p.p) +} +func (p pointer) toFloat32Slice() *[]float32 { + return (*[]float32)(p.p) +} +func (p pointer) toString() *string { + return (*string)(p.p) +} +func (p pointer) toStringPtr() **string { + return (**string)(p.p) +} +func (p pointer) toStringSlice() *[]string { + return (*[]string)(p.p) +} +func (p pointer) toBytes() *[]byte { + return (*[]byte)(p.p) +} +func (p pointer) toBytesSlice() *[][]byte { + return (*[][]byte)(p.p) +} +func (p pointer) toExtensions() *XXX_InternalExtensions { + return (*XXX_InternalExtensions)(p.p) +} +func (p pointer) toOldExtensions() *map[int32]Extension { + return (*map[int32]Extension)(p.p) +} + +// getPointerSlice loads []*T from p as a []pointer. +// The value returned is aliased with the original slice. +// This behavior differs from the implementation in pointer_reflect.go. +func (p pointer) getPointerSlice() []pointer { + // Super-tricky - p should point to a []*T where T is a + // message type. We load it as []pointer. + return *(*[]pointer)(p.p) +} + +// setPointerSlice stores []pointer into p as a []*T. +// The value set is aliased with the input slice. +// This behavior differs from the implementation in pointer_reflect.go. +func (p pointer) setPointerSlice(v []pointer) { + // Super-tricky - p should point to a []*T where T is a + // message type. We store it as []pointer. + *(*[]pointer)(p.p) = v +} + +// getPointer loads the pointer at p and returns it. +func (p pointer) getPointer() pointer { + return pointer{p: *(*unsafe.Pointer)(p.p)} +} + +// setPointer stores the pointer q at p. +func (p pointer) setPointer(q pointer) { + *(*unsafe.Pointer)(p.p) = q.p +} + +// append q to the slice pointed to by p. +func (p pointer) appendPointer(q pointer) { + s := (*[]unsafe.Pointer)(p.p) + *s = append(*s, q.p) +} + +// getInterfacePointer returns a pointer that points to the +// interface data of the interface pointed by p. +func (p pointer) getInterfacePointer() pointer { + // Super-tricky - read pointer out of data word of interface value. + return pointer{p: (*(*[2]unsafe.Pointer)(p.p))[1]} +} + +// asPointerTo returns a reflect.Value that is a pointer to an +// object of type t stored at p. +func (p pointer) asPointerTo(t reflect.Type) reflect.Value { + return reflect.NewAt(t, p.p) +} + +func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo { + return (*unmarshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p)))) +} +func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) { + atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v)) +} +func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo { + return (*marshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p)))) +} +func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) { + atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v)) +} +func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo { + return (*mergeInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p)))) +} +func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) { + atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v)) +} +func atomicLoadDiscardInfo(p **discardInfo) *discardInfo { + return (*discardInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p)))) +} +func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) { + atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v)) +} diff --git a/vendor/github.com/golang/protobuf/proto/properties.go b/vendor/github.com/golang/protobuf/proto/properties.go new file mode 100644 index 0000000..a4b8c0c --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/properties.go @@ -0,0 +1,544 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +/* + * Routines for encoding data into the wire format for protocol buffers. + */ + +import ( + "fmt" + "log" + "reflect" + "sort" + "strconv" + "strings" + "sync" +) + +const debug bool = false + +// Constants that identify the encoding of a value on the wire. +const ( + WireVarint = 0 + WireFixed64 = 1 + WireBytes = 2 + WireStartGroup = 3 + WireEndGroup = 4 + WireFixed32 = 5 +) + +// tagMap is an optimization over map[int]int for typical protocol buffer +// use-cases. Encoded protocol buffers are often in tag order with small tag +// numbers. +type tagMap struct { + fastTags []int + slowTags map[int]int +} + +// tagMapFastLimit is the upper bound on the tag number that will be stored in +// the tagMap slice rather than its map. +const tagMapFastLimit = 1024 + +func (p *tagMap) get(t int) (int, bool) { + if t > 0 && t < tagMapFastLimit { + if t >= len(p.fastTags) { + return 0, false + } + fi := p.fastTags[t] + return fi, fi >= 0 + } + fi, ok := p.slowTags[t] + return fi, ok +} + +func (p *tagMap) put(t int, fi int) { + if t > 0 && t < tagMapFastLimit { + for len(p.fastTags) < t+1 { + p.fastTags = append(p.fastTags, -1) + } + p.fastTags[t] = fi + return + } + if p.slowTags == nil { + p.slowTags = make(map[int]int) + } + p.slowTags[t] = fi +} + +// StructProperties represents properties for all the fields of a struct. +// decoderTags and decoderOrigNames should only be used by the decoder. +type StructProperties struct { + Prop []*Properties // properties for each field + reqCount int // required count + decoderTags tagMap // map from proto tag to struct field number + decoderOrigNames map[string]int // map from original name to struct field number + order []int // list of struct field numbers in tag order + + // OneofTypes contains information about the oneof fields in this message. + // It is keyed by the original name of a field. + OneofTypes map[string]*OneofProperties +} + +// OneofProperties represents information about a specific field in a oneof. +type OneofProperties struct { + Type reflect.Type // pointer to generated struct type for this oneof field + Field int // struct field number of the containing oneof in the message + Prop *Properties +} + +// Implement the sorting interface so we can sort the fields in tag order, as recommended by the spec. +// See encode.go, (*Buffer).enc_struct. + +func (sp *StructProperties) Len() int { return len(sp.order) } +func (sp *StructProperties) Less(i, j int) bool { + return sp.Prop[sp.order[i]].Tag < sp.Prop[sp.order[j]].Tag +} +func (sp *StructProperties) Swap(i, j int) { sp.order[i], sp.order[j] = sp.order[j], sp.order[i] } + +// Properties represents the protocol-specific behavior of a single struct field. +type Properties struct { + Name string // name of the field, for error messages + OrigName string // original name before protocol compiler (always set) + JSONName string // name to use for JSON; determined by protoc + Wire string + WireType int + Tag int + Required bool + Optional bool + Repeated bool + Packed bool // relevant for repeated primitives only + Enum string // set for enum types only + proto3 bool // whether this is known to be a proto3 field + oneof bool // whether this is a oneof field + + Default string // default value + HasDefault bool // whether an explicit default was provided + + stype reflect.Type // set for struct types only + sprop *StructProperties // set for struct types only + + mtype reflect.Type // set for map types only + MapKeyProp *Properties // set for map types only + MapValProp *Properties // set for map types only +} + +// String formats the properties in the protobuf struct field tag style. +func (p *Properties) String() string { + s := p.Wire + s += "," + s += strconv.Itoa(p.Tag) + if p.Required { + s += ",req" + } + if p.Optional { + s += ",opt" + } + if p.Repeated { + s += ",rep" + } + if p.Packed { + s += ",packed" + } + s += ",name=" + p.OrigName + if p.JSONName != p.OrigName { + s += ",json=" + p.JSONName + } + if p.proto3 { + s += ",proto3" + } + if p.oneof { + s += ",oneof" + } + if len(p.Enum) > 0 { + s += ",enum=" + p.Enum + } + if p.HasDefault { + s += ",def=" + p.Default + } + return s +} + +// Parse populates p by parsing a string in the protobuf struct field tag style. +func (p *Properties) Parse(s string) { + // "bytes,49,opt,name=foo,def=hello!" + fields := strings.Split(s, ",") // breaks def=, but handled below. + if len(fields) < 2 { + log.Printf("proto: tag has too few fields: %q", s) + return + } + + p.Wire = fields[0] + switch p.Wire { + case "varint": + p.WireType = WireVarint + case "fixed32": + p.WireType = WireFixed32 + case "fixed64": + p.WireType = WireFixed64 + case "zigzag32": + p.WireType = WireVarint + case "zigzag64": + p.WireType = WireVarint + case "bytes", "group": + p.WireType = WireBytes + // no numeric converter for non-numeric types + default: + log.Printf("proto: tag has unknown wire type: %q", s) + return + } + + var err error + p.Tag, err = strconv.Atoi(fields[1]) + if err != nil { + return + } + +outer: + for i := 2; i < len(fields); i++ { + f := fields[i] + switch { + case f == "req": + p.Required = true + case f == "opt": + p.Optional = true + case f == "rep": + p.Repeated = true + case f == "packed": + p.Packed = true + case strings.HasPrefix(f, "name="): + p.OrigName = f[5:] + case strings.HasPrefix(f, "json="): + p.JSONName = f[5:] + case strings.HasPrefix(f, "enum="): + p.Enum = f[5:] + case f == "proto3": + p.proto3 = true + case f == "oneof": + p.oneof = true + case strings.HasPrefix(f, "def="): + p.HasDefault = true + p.Default = f[4:] // rest of string + if i+1 < len(fields) { + // Commas aren't escaped, and def is always last. + p.Default += "," + strings.Join(fields[i+1:], ",") + break outer + } + } + } +} + +var protoMessageType = reflect.TypeOf((*Message)(nil)).Elem() + +// setFieldProps initializes the field properties for submessages and maps. +func (p *Properties) setFieldProps(typ reflect.Type, f *reflect.StructField, lockGetProp bool) { + switch t1 := typ; t1.Kind() { + case reflect.Ptr: + if t1.Elem().Kind() == reflect.Struct { + p.stype = t1.Elem() + } + + case reflect.Slice: + if t2 := t1.Elem(); t2.Kind() == reflect.Ptr && t2.Elem().Kind() == reflect.Struct { + p.stype = t2.Elem() + } + + case reflect.Map: + p.mtype = t1 + p.MapKeyProp = &Properties{} + p.MapKeyProp.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp) + p.MapValProp = &Properties{} + vtype := p.mtype.Elem() + if vtype.Kind() != reflect.Ptr && vtype.Kind() != reflect.Slice { + // The value type is not a message (*T) or bytes ([]byte), + // so we need encoders for the pointer to this type. + vtype = reflect.PtrTo(vtype) + } + p.MapValProp.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp) + } + + if p.stype != nil { + if lockGetProp { + p.sprop = GetProperties(p.stype) + } else { + p.sprop = getPropertiesLocked(p.stype) + } + } +} + +var ( + marshalerType = reflect.TypeOf((*Marshaler)(nil)).Elem() +) + +// Init populates the properties from a protocol buffer struct tag. +func (p *Properties) Init(typ reflect.Type, name, tag string, f *reflect.StructField) { + p.init(typ, name, tag, f, true) +} + +func (p *Properties) init(typ reflect.Type, name, tag string, f *reflect.StructField, lockGetProp bool) { + // "bytes,49,opt,def=hello!" + p.Name = name + p.OrigName = name + if tag == "" { + return + } + p.Parse(tag) + p.setFieldProps(typ, f, lockGetProp) +} + +var ( + propertiesMu sync.RWMutex + propertiesMap = make(map[reflect.Type]*StructProperties) +) + +// GetProperties returns the list of properties for the type represented by t. +// t must represent a generated struct type of a protocol message. +func GetProperties(t reflect.Type) *StructProperties { + if t.Kind() != reflect.Struct { + panic("proto: type must have kind struct") + } + + // Most calls to GetProperties in a long-running program will be + // retrieving details for types we have seen before. + propertiesMu.RLock() + sprop, ok := propertiesMap[t] + propertiesMu.RUnlock() + if ok { + return sprop + } + + propertiesMu.Lock() + sprop = getPropertiesLocked(t) + propertiesMu.Unlock() + return sprop +} + +type ( + oneofFuncsIface interface { + XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{}) + } + oneofWrappersIface interface { + XXX_OneofWrappers() []interface{} + } +) + +// getPropertiesLocked requires that propertiesMu is held. +func getPropertiesLocked(t reflect.Type) *StructProperties { + if prop, ok := propertiesMap[t]; ok { + return prop + } + + prop := new(StructProperties) + // in case of recursive protos, fill this in now. + propertiesMap[t] = prop + + // build properties + prop.Prop = make([]*Properties, t.NumField()) + prop.order = make([]int, t.NumField()) + + for i := 0; i < t.NumField(); i++ { + f := t.Field(i) + p := new(Properties) + name := f.Name + p.init(f.Type, name, f.Tag.Get("protobuf"), &f, false) + + oneof := f.Tag.Get("protobuf_oneof") // special case + if oneof != "" { + // Oneof fields don't use the traditional protobuf tag. + p.OrigName = oneof + } + prop.Prop[i] = p + prop.order[i] = i + if debug { + print(i, " ", f.Name, " ", t.String(), " ") + if p.Tag > 0 { + print(p.String()) + } + print("\n") + } + } + + // Re-order prop.order. + sort.Sort(prop) + + var oots []interface{} + switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) { + case oneofFuncsIface: + _, _, _, oots = m.XXX_OneofFuncs() + case oneofWrappersIface: + oots = m.XXX_OneofWrappers() + } + if len(oots) > 0 { + // Interpret oneof metadata. + prop.OneofTypes = make(map[string]*OneofProperties) + for _, oot := range oots { + oop := &OneofProperties{ + Type: reflect.ValueOf(oot).Type(), // *T + Prop: new(Properties), + } + sft := oop.Type.Elem().Field(0) + oop.Prop.Name = sft.Name + oop.Prop.Parse(sft.Tag.Get("protobuf")) + // There will be exactly one interface field that + // this new value is assignable to. + for i := 0; i < t.NumField(); i++ { + f := t.Field(i) + if f.Type.Kind() != reflect.Interface { + continue + } + if !oop.Type.AssignableTo(f.Type) { + continue + } + oop.Field = i + break + } + prop.OneofTypes[oop.Prop.OrigName] = oop + } + } + + // build required counts + // build tags + reqCount := 0 + prop.decoderOrigNames = make(map[string]int) + for i, p := range prop.Prop { + if strings.HasPrefix(p.Name, "XXX_") { + // Internal fields should not appear in tags/origNames maps. + // They are handled specially when encoding and decoding. + continue + } + if p.Required { + reqCount++ + } + prop.decoderTags.put(p.Tag, i) + prop.decoderOrigNames[p.OrigName] = i + } + prop.reqCount = reqCount + + return prop +} + +// A global registry of enum types. +// The generated code will register the generated maps by calling RegisterEnum. + +var enumValueMaps = make(map[string]map[string]int32) + +// RegisterEnum is called from the generated code to install the enum descriptor +// maps into the global table to aid parsing text format protocol buffers. +func RegisterEnum(typeName string, unusedNameMap map[int32]string, valueMap map[string]int32) { + if _, ok := enumValueMaps[typeName]; ok { + panic("proto: duplicate enum registered: " + typeName) + } + enumValueMaps[typeName] = valueMap +} + +// EnumValueMap returns the mapping from names to integers of the +// enum type enumType, or a nil if not found. +func EnumValueMap(enumType string) map[string]int32 { + return enumValueMaps[enumType] +} + +// A registry of all linked message types. +// The string is a fully-qualified proto name ("pkg.Message"). +var ( + protoTypedNils = make(map[string]Message) // a map from proto names to typed nil pointers + protoMapTypes = make(map[string]reflect.Type) // a map from proto names to map types + revProtoTypes = make(map[reflect.Type]string) +) + +// RegisterType is called from generated code and maps from the fully qualified +// proto name to the type (pointer to struct) of the protocol buffer. +func RegisterType(x Message, name string) { + if _, ok := protoTypedNils[name]; ok { + // TODO: Some day, make this a panic. + log.Printf("proto: duplicate proto type registered: %s", name) + return + } + t := reflect.TypeOf(x) + if v := reflect.ValueOf(x); v.Kind() == reflect.Ptr && v.Pointer() == 0 { + // Generated code always calls RegisterType with nil x. + // This check is just for extra safety. + protoTypedNils[name] = x + } else { + protoTypedNils[name] = reflect.Zero(t).Interface().(Message) + } + revProtoTypes[t] = name +} + +// RegisterMapType is called from generated code and maps from the fully qualified +// proto name to the native map type of the proto map definition. +func RegisterMapType(x interface{}, name string) { + if reflect.TypeOf(x).Kind() != reflect.Map { + panic(fmt.Sprintf("RegisterMapType(%T, %q); want map", x, name)) + } + if _, ok := protoMapTypes[name]; ok { + log.Printf("proto: duplicate proto type registered: %s", name) + return + } + t := reflect.TypeOf(x) + protoMapTypes[name] = t + revProtoTypes[t] = name +} + +// MessageName returns the fully-qualified proto name for the given message type. +func MessageName(x Message) string { + type xname interface { + XXX_MessageName() string + } + if m, ok := x.(xname); ok { + return m.XXX_MessageName() + } + return revProtoTypes[reflect.TypeOf(x)] +} + +// MessageType returns the message type (pointer to struct) for a named message. +// The type is not guaranteed to implement proto.Message if the name refers to a +// map entry. +func MessageType(name string) reflect.Type { + if t, ok := protoTypedNils[name]; ok { + return reflect.TypeOf(t) + } + return protoMapTypes[name] +} + +// A registry of all linked proto files. +var ( + protoFiles = make(map[string][]byte) // file name => fileDescriptor +) + +// RegisterFile is called from generated code and maps from the +// full file name of a .proto file to its compressed FileDescriptorProto. +func RegisterFile(filename string, fileDescriptor []byte) { + protoFiles[filename] = fileDescriptor +} + +// FileDescriptor returns the compressed FileDescriptorProto for a .proto file. +func FileDescriptor(filename string) []byte { return protoFiles[filename] } diff --git a/vendor/github.com/golang/protobuf/proto/table_marshal.go b/vendor/github.com/golang/protobuf/proto/table_marshal.go new file mode 100644 index 0000000..5cb11fa --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/table_marshal.go @@ -0,0 +1,2776 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2016 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +import ( + "errors" + "fmt" + "math" + "reflect" + "sort" + "strconv" + "strings" + "sync" + "sync/atomic" + "unicode/utf8" +) + +// a sizer takes a pointer to a field and the size of its tag, computes the size of +// the encoded data. +type sizer func(pointer, int) int + +// a marshaler takes a byte slice, a pointer to a field, and its tag (in wire format), +// marshals the field to the end of the slice, returns the slice and error (if any). +type marshaler func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) + +// marshalInfo is the information used for marshaling a message. +type marshalInfo struct { + typ reflect.Type + fields []*marshalFieldInfo + unrecognized field // offset of XXX_unrecognized + extensions field // offset of XXX_InternalExtensions + v1extensions field // offset of XXX_extensions + sizecache field // offset of XXX_sizecache + initialized int32 // 0 -- only typ is set, 1 -- fully initialized + messageset bool // uses message set wire format + hasmarshaler bool // has custom marshaler + sync.RWMutex // protect extElems map, also for initialization + extElems map[int32]*marshalElemInfo // info of extension elements +} + +// marshalFieldInfo is the information used for marshaling a field of a message. +type marshalFieldInfo struct { + field field + wiretag uint64 // tag in wire format + tagsize int // size of tag in wire format + sizer sizer + marshaler marshaler + isPointer bool + required bool // field is required + name string // name of the field, for error reporting + oneofElems map[reflect.Type]*marshalElemInfo // info of oneof elements +} + +// marshalElemInfo is the information used for marshaling an extension or oneof element. +type marshalElemInfo struct { + wiretag uint64 // tag in wire format + tagsize int // size of tag in wire format + sizer sizer + marshaler marshaler + isptr bool // elem is pointer typed, thus interface of this type is a direct interface (extension only) + deref bool // dereference the pointer before operating on it; implies isptr +} + +var ( + marshalInfoMap = map[reflect.Type]*marshalInfo{} + marshalInfoLock sync.Mutex +) + +// getMarshalInfo returns the information to marshal a given type of message. +// The info it returns may not necessarily initialized. +// t is the type of the message (NOT the pointer to it). +func getMarshalInfo(t reflect.Type) *marshalInfo { + marshalInfoLock.Lock() + u, ok := marshalInfoMap[t] + if !ok { + u = &marshalInfo{typ: t} + marshalInfoMap[t] = u + } + marshalInfoLock.Unlock() + return u +} + +// Size is the entry point from generated code, +// and should be ONLY called by generated code. +// It computes the size of encoded data of msg. +// a is a pointer to a place to store cached marshal info. +func (a *InternalMessageInfo) Size(msg Message) int { + u := getMessageMarshalInfo(msg, a) + ptr := toPointer(&msg) + if ptr.isNil() { + // We get here if msg is a typed nil ((*SomeMessage)(nil)), + // so it satisfies the interface, and msg == nil wouldn't + // catch it. We don't want crash in this case. + return 0 + } + return u.size(ptr) +} + +// Marshal is the entry point from generated code, +// and should be ONLY called by generated code. +// It marshals msg to the end of b. +// a is a pointer to a place to store cached marshal info. +func (a *InternalMessageInfo) Marshal(b []byte, msg Message, deterministic bool) ([]byte, error) { + u := getMessageMarshalInfo(msg, a) + ptr := toPointer(&msg) + if ptr.isNil() { + // We get here if msg is a typed nil ((*SomeMessage)(nil)), + // so it satisfies the interface, and msg == nil wouldn't + // catch it. We don't want crash in this case. + return b, ErrNil + } + return u.marshal(b, ptr, deterministic) +} + +func getMessageMarshalInfo(msg interface{}, a *InternalMessageInfo) *marshalInfo { + // u := a.marshal, but atomically. + // We use an atomic here to ensure memory consistency. + u := atomicLoadMarshalInfo(&a.marshal) + if u == nil { + // Get marshal information from type of message. + t := reflect.ValueOf(msg).Type() + if t.Kind() != reflect.Ptr { + panic(fmt.Sprintf("cannot handle non-pointer message type %v", t)) + } + u = getMarshalInfo(t.Elem()) + // Store it in the cache for later users. + // a.marshal = u, but atomically. + atomicStoreMarshalInfo(&a.marshal, u) + } + return u +} + +// size is the main function to compute the size of the encoded data of a message. +// ptr is the pointer to the message. +func (u *marshalInfo) size(ptr pointer) int { + if atomic.LoadInt32(&u.initialized) == 0 { + u.computeMarshalInfo() + } + + // If the message can marshal itself, let it do it, for compatibility. + // NOTE: This is not efficient. + if u.hasmarshaler { + m := ptr.asPointerTo(u.typ).Interface().(Marshaler) + b, _ := m.Marshal() + return len(b) + } + + n := 0 + for _, f := range u.fields { + if f.isPointer && ptr.offset(f.field).getPointer().isNil() { + // nil pointer always marshals to nothing + continue + } + n += f.sizer(ptr.offset(f.field), f.tagsize) + } + if u.extensions.IsValid() { + e := ptr.offset(u.extensions).toExtensions() + if u.messageset { + n += u.sizeMessageSet(e) + } else { + n += u.sizeExtensions(e) + } + } + if u.v1extensions.IsValid() { + m := *ptr.offset(u.v1extensions).toOldExtensions() + n += u.sizeV1Extensions(m) + } + if u.unrecognized.IsValid() { + s := *ptr.offset(u.unrecognized).toBytes() + n += len(s) + } + // cache the result for use in marshal + if u.sizecache.IsValid() { + atomic.StoreInt32(ptr.offset(u.sizecache).toInt32(), int32(n)) + } + return n +} + +// cachedsize gets the size from cache. If there is no cache (i.e. message is not generated), +// fall back to compute the size. +func (u *marshalInfo) cachedsize(ptr pointer) int { + if u.sizecache.IsValid() { + return int(atomic.LoadInt32(ptr.offset(u.sizecache).toInt32())) + } + return u.size(ptr) +} + +// marshal is the main function to marshal a message. It takes a byte slice and appends +// the encoded data to the end of the slice, returns the slice and error (if any). +// ptr is the pointer to the message. +// If deterministic is true, map is marshaled in deterministic order. +func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte, error) { + if atomic.LoadInt32(&u.initialized) == 0 { + u.computeMarshalInfo() + } + + // If the message can marshal itself, let it do it, for compatibility. + // NOTE: This is not efficient. + if u.hasmarshaler { + m := ptr.asPointerTo(u.typ).Interface().(Marshaler) + b1, err := m.Marshal() + b = append(b, b1...) + return b, err + } + + var err, errLater error + // The old marshaler encodes extensions at beginning. + if u.extensions.IsValid() { + e := ptr.offset(u.extensions).toExtensions() + if u.messageset { + b, err = u.appendMessageSet(b, e, deterministic) + } else { + b, err = u.appendExtensions(b, e, deterministic) + } + if err != nil { + return b, err + } + } + if u.v1extensions.IsValid() { + m := *ptr.offset(u.v1extensions).toOldExtensions() + b, err = u.appendV1Extensions(b, m, deterministic) + if err != nil { + return b, err + } + } + for _, f := range u.fields { + if f.required { + if ptr.offset(f.field).getPointer().isNil() { + // Required field is not set. + // We record the error but keep going, to give a complete marshaling. + if errLater == nil { + errLater = &RequiredNotSetError{f.name} + } + continue + } + } + if f.isPointer && ptr.offset(f.field).getPointer().isNil() { + // nil pointer always marshals to nothing + continue + } + b, err = f.marshaler(b, ptr.offset(f.field), f.wiretag, deterministic) + if err != nil { + if err1, ok := err.(*RequiredNotSetError); ok { + // Required field in submessage is not set. + // We record the error but keep going, to give a complete marshaling. + if errLater == nil { + errLater = &RequiredNotSetError{f.name + "." + err1.field} + } + continue + } + if err == errRepeatedHasNil { + err = errors.New("proto: repeated field " + f.name + " has nil element") + } + if err == errInvalidUTF8 { + if errLater == nil { + fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name + errLater = &invalidUTF8Error{fullName} + } + continue + } + return b, err + } + } + if u.unrecognized.IsValid() { + s := *ptr.offset(u.unrecognized).toBytes() + b = append(b, s...) + } + return b, errLater +} + +// computeMarshalInfo initializes the marshal info. +func (u *marshalInfo) computeMarshalInfo() { + u.Lock() + defer u.Unlock() + if u.initialized != 0 { // non-atomic read is ok as it is protected by the lock + return + } + + t := u.typ + u.unrecognized = invalidField + u.extensions = invalidField + u.v1extensions = invalidField + u.sizecache = invalidField + + // If the message can marshal itself, let it do it, for compatibility. + // NOTE: This is not efficient. + if reflect.PtrTo(t).Implements(marshalerType) { + u.hasmarshaler = true + atomic.StoreInt32(&u.initialized, 1) + return + } + + // get oneof implementers + var oneofImplementers []interface{} + switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) { + case oneofFuncsIface: + _, _, _, oneofImplementers = m.XXX_OneofFuncs() + case oneofWrappersIface: + oneofImplementers = m.XXX_OneofWrappers() + } + + n := t.NumField() + + // deal with XXX fields first + for i := 0; i < t.NumField(); i++ { + f := t.Field(i) + if !strings.HasPrefix(f.Name, "XXX_") { + continue + } + switch f.Name { + case "XXX_sizecache": + u.sizecache = toField(&f) + case "XXX_unrecognized": + u.unrecognized = toField(&f) + case "XXX_InternalExtensions": + u.extensions = toField(&f) + u.messageset = f.Tag.Get("protobuf_messageset") == "1" + case "XXX_extensions": + u.v1extensions = toField(&f) + case "XXX_NoUnkeyedLiteral": + // nothing to do + default: + panic("unknown XXX field: " + f.Name) + } + n-- + } + + // normal fields + fields := make([]marshalFieldInfo, n) // batch allocation + u.fields = make([]*marshalFieldInfo, 0, n) + for i, j := 0, 0; i < t.NumField(); i++ { + f := t.Field(i) + + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + field := &fields[j] + j++ + field.name = f.Name + u.fields = append(u.fields, field) + if f.Tag.Get("protobuf_oneof") != "" { + field.computeOneofFieldInfo(&f, oneofImplementers) + continue + } + if f.Tag.Get("protobuf") == "" { + // field has no tag (not in generated message), ignore it + u.fields = u.fields[:len(u.fields)-1] + j-- + continue + } + field.computeMarshalFieldInfo(&f) + } + + // fields are marshaled in tag order on the wire. + sort.Sort(byTag(u.fields)) + + atomic.StoreInt32(&u.initialized, 1) +} + +// helper for sorting fields by tag +type byTag []*marshalFieldInfo + +func (a byTag) Len() int { return len(a) } +func (a byTag) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a byTag) Less(i, j int) bool { return a[i].wiretag < a[j].wiretag } + +// getExtElemInfo returns the information to marshal an extension element. +// The info it returns is initialized. +func (u *marshalInfo) getExtElemInfo(desc *ExtensionDesc) *marshalElemInfo { + // get from cache first + u.RLock() + e, ok := u.extElems[desc.Field] + u.RUnlock() + if ok { + return e + } + + t := reflect.TypeOf(desc.ExtensionType) // pointer or slice to basic type or struct + tags := strings.Split(desc.Tag, ",") + tag, err := strconv.Atoi(tags[1]) + if err != nil { + panic("tag is not an integer") + } + wt := wiretype(tags[0]) + if t.Kind() == reflect.Ptr && t.Elem().Kind() != reflect.Struct { + t = t.Elem() + } + sizer, marshaler := typeMarshaler(t, tags, false, false) + var deref bool + if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 { + t = reflect.PtrTo(t) + deref = true + } + e = &marshalElemInfo{ + wiretag: uint64(tag)<<3 | wt, + tagsize: SizeVarint(uint64(tag) << 3), + sizer: sizer, + marshaler: marshaler, + isptr: t.Kind() == reflect.Ptr, + deref: deref, + } + + // update cache + u.Lock() + if u.extElems == nil { + u.extElems = make(map[int32]*marshalElemInfo) + } + u.extElems[desc.Field] = e + u.Unlock() + return e +} + +// computeMarshalFieldInfo fills up the information to marshal a field. +func (fi *marshalFieldInfo) computeMarshalFieldInfo(f *reflect.StructField) { + // parse protobuf tag of the field. + // tag has format of "bytes,49,opt,name=foo,def=hello!" + tags := strings.Split(f.Tag.Get("protobuf"), ",") + if tags[0] == "" { + return + } + tag, err := strconv.Atoi(tags[1]) + if err != nil { + panic("tag is not an integer") + } + wt := wiretype(tags[0]) + if tags[2] == "req" { + fi.required = true + } + fi.setTag(f, tag, wt) + fi.setMarshaler(f, tags) +} + +func (fi *marshalFieldInfo) computeOneofFieldInfo(f *reflect.StructField, oneofImplementers []interface{}) { + fi.field = toField(f) + fi.wiretag = math.MaxInt32 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire. + fi.isPointer = true + fi.sizer, fi.marshaler = makeOneOfMarshaler(fi, f) + fi.oneofElems = make(map[reflect.Type]*marshalElemInfo) + + ityp := f.Type // interface type + for _, o := range oneofImplementers { + t := reflect.TypeOf(o) + if !t.Implements(ityp) { + continue + } + sf := t.Elem().Field(0) // oneof implementer is a struct with a single field + tags := strings.Split(sf.Tag.Get("protobuf"), ",") + tag, err := strconv.Atoi(tags[1]) + if err != nil { + panic("tag is not an integer") + } + wt := wiretype(tags[0]) + sizer, marshaler := typeMarshaler(sf.Type, tags, false, true) // oneof should not omit any zero value + fi.oneofElems[t.Elem()] = &marshalElemInfo{ + wiretag: uint64(tag)<<3 | wt, + tagsize: SizeVarint(uint64(tag) << 3), + sizer: sizer, + marshaler: marshaler, + } + } +} + +// wiretype returns the wire encoding of the type. +func wiretype(encoding string) uint64 { + switch encoding { + case "fixed32": + return WireFixed32 + case "fixed64": + return WireFixed64 + case "varint", "zigzag32", "zigzag64": + return WireVarint + case "bytes": + return WireBytes + case "group": + return WireStartGroup + } + panic("unknown wire type " + encoding) +} + +// setTag fills up the tag (in wire format) and its size in the info of a field. +func (fi *marshalFieldInfo) setTag(f *reflect.StructField, tag int, wt uint64) { + fi.field = toField(f) + fi.wiretag = uint64(tag)<<3 | wt + fi.tagsize = SizeVarint(uint64(tag) << 3) +} + +// setMarshaler fills up the sizer and marshaler in the info of a field. +func (fi *marshalFieldInfo) setMarshaler(f *reflect.StructField, tags []string) { + switch f.Type.Kind() { + case reflect.Map: + // map field + fi.isPointer = true + fi.sizer, fi.marshaler = makeMapMarshaler(f) + return + case reflect.Ptr, reflect.Slice: + fi.isPointer = true + } + fi.sizer, fi.marshaler = typeMarshaler(f.Type, tags, true, false) +} + +// typeMarshaler returns the sizer and marshaler of a given field. +// t is the type of the field. +// tags is the generated "protobuf" tag of the field. +// If nozero is true, zero value is not marshaled to the wire. +// If oneof is true, it is a oneof field. +func typeMarshaler(t reflect.Type, tags []string, nozero, oneof bool) (sizer, marshaler) { + encoding := tags[0] + + pointer := false + slice := false + if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 { + slice = true + t = t.Elem() + } + if t.Kind() == reflect.Ptr { + pointer = true + t = t.Elem() + } + + packed := false + proto3 := false + validateUTF8 := true + for i := 2; i < len(tags); i++ { + if tags[i] == "packed" { + packed = true + } + if tags[i] == "proto3" { + proto3 = true + } + } + validateUTF8 = validateUTF8 && proto3 + + switch t.Kind() { + case reflect.Bool: + if pointer { + return sizeBoolPtr, appendBoolPtr + } + if slice { + if packed { + return sizeBoolPackedSlice, appendBoolPackedSlice + } + return sizeBoolSlice, appendBoolSlice + } + if nozero { + return sizeBoolValueNoZero, appendBoolValueNoZero + } + return sizeBoolValue, appendBoolValue + case reflect.Uint32: + switch encoding { + case "fixed32": + if pointer { + return sizeFixed32Ptr, appendFixed32Ptr + } + if slice { + if packed { + return sizeFixed32PackedSlice, appendFixed32PackedSlice + } + return sizeFixed32Slice, appendFixed32Slice + } + if nozero { + return sizeFixed32ValueNoZero, appendFixed32ValueNoZero + } + return sizeFixed32Value, appendFixed32Value + case "varint": + if pointer { + return sizeVarint32Ptr, appendVarint32Ptr + } + if slice { + if packed { + return sizeVarint32PackedSlice, appendVarint32PackedSlice + } + return sizeVarint32Slice, appendVarint32Slice + } + if nozero { + return sizeVarint32ValueNoZero, appendVarint32ValueNoZero + } + return sizeVarint32Value, appendVarint32Value + } + case reflect.Int32: + switch encoding { + case "fixed32": + if pointer { + return sizeFixedS32Ptr, appendFixedS32Ptr + } + if slice { + if packed { + return sizeFixedS32PackedSlice, appendFixedS32PackedSlice + } + return sizeFixedS32Slice, appendFixedS32Slice + } + if nozero { + return sizeFixedS32ValueNoZero, appendFixedS32ValueNoZero + } + return sizeFixedS32Value, appendFixedS32Value + case "varint": + if pointer { + return sizeVarintS32Ptr, appendVarintS32Ptr + } + if slice { + if packed { + return sizeVarintS32PackedSlice, appendVarintS32PackedSlice + } + return sizeVarintS32Slice, appendVarintS32Slice + } + if nozero { + return sizeVarintS32ValueNoZero, appendVarintS32ValueNoZero + } + return sizeVarintS32Value, appendVarintS32Value + case "zigzag32": + if pointer { + return sizeZigzag32Ptr, appendZigzag32Ptr + } + if slice { + if packed { + return sizeZigzag32PackedSlice, appendZigzag32PackedSlice + } + return sizeZigzag32Slice, appendZigzag32Slice + } + if nozero { + return sizeZigzag32ValueNoZero, appendZigzag32ValueNoZero + } + return sizeZigzag32Value, appendZigzag32Value + } + case reflect.Uint64: + switch encoding { + case "fixed64": + if pointer { + return sizeFixed64Ptr, appendFixed64Ptr + } + if slice { + if packed { + return sizeFixed64PackedSlice, appendFixed64PackedSlice + } + return sizeFixed64Slice, appendFixed64Slice + } + if nozero { + return sizeFixed64ValueNoZero, appendFixed64ValueNoZero + } + return sizeFixed64Value, appendFixed64Value + case "varint": + if pointer { + return sizeVarint64Ptr, appendVarint64Ptr + } + if slice { + if packed { + return sizeVarint64PackedSlice, appendVarint64PackedSlice + } + return sizeVarint64Slice, appendVarint64Slice + } + if nozero { + return sizeVarint64ValueNoZero, appendVarint64ValueNoZero + } + return sizeVarint64Value, appendVarint64Value + } + case reflect.Int64: + switch encoding { + case "fixed64": + if pointer { + return sizeFixedS64Ptr, appendFixedS64Ptr + } + if slice { + if packed { + return sizeFixedS64PackedSlice, appendFixedS64PackedSlice + } + return sizeFixedS64Slice, appendFixedS64Slice + } + if nozero { + return sizeFixedS64ValueNoZero, appendFixedS64ValueNoZero + } + return sizeFixedS64Value, appendFixedS64Value + case "varint": + if pointer { + return sizeVarintS64Ptr, appendVarintS64Ptr + } + if slice { + if packed { + return sizeVarintS64PackedSlice, appendVarintS64PackedSlice + } + return sizeVarintS64Slice, appendVarintS64Slice + } + if nozero { + return sizeVarintS64ValueNoZero, appendVarintS64ValueNoZero + } + return sizeVarintS64Value, appendVarintS64Value + case "zigzag64": + if pointer { + return sizeZigzag64Ptr, appendZigzag64Ptr + } + if slice { + if packed { + return sizeZigzag64PackedSlice, appendZigzag64PackedSlice + } + return sizeZigzag64Slice, appendZigzag64Slice + } + if nozero { + return sizeZigzag64ValueNoZero, appendZigzag64ValueNoZero + } + return sizeZigzag64Value, appendZigzag64Value + } + case reflect.Float32: + if pointer { + return sizeFloat32Ptr, appendFloat32Ptr + } + if slice { + if packed { + return sizeFloat32PackedSlice, appendFloat32PackedSlice + } + return sizeFloat32Slice, appendFloat32Slice + } + if nozero { + return sizeFloat32ValueNoZero, appendFloat32ValueNoZero + } + return sizeFloat32Value, appendFloat32Value + case reflect.Float64: + if pointer { + return sizeFloat64Ptr, appendFloat64Ptr + } + if slice { + if packed { + return sizeFloat64PackedSlice, appendFloat64PackedSlice + } + return sizeFloat64Slice, appendFloat64Slice + } + if nozero { + return sizeFloat64ValueNoZero, appendFloat64ValueNoZero + } + return sizeFloat64Value, appendFloat64Value + case reflect.String: + if validateUTF8 { + if pointer { + return sizeStringPtr, appendUTF8StringPtr + } + if slice { + return sizeStringSlice, appendUTF8StringSlice + } + if nozero { + return sizeStringValueNoZero, appendUTF8StringValueNoZero + } + return sizeStringValue, appendUTF8StringValue + } + if pointer { + return sizeStringPtr, appendStringPtr + } + if slice { + return sizeStringSlice, appendStringSlice + } + if nozero { + return sizeStringValueNoZero, appendStringValueNoZero + } + return sizeStringValue, appendStringValue + case reflect.Slice: + if slice { + return sizeBytesSlice, appendBytesSlice + } + if oneof { + // Oneof bytes field may also have "proto3" tag. + // We want to marshal it as a oneof field. Do this + // check before the proto3 check. + return sizeBytesOneof, appendBytesOneof + } + if proto3 { + return sizeBytes3, appendBytes3 + } + return sizeBytes, appendBytes + case reflect.Struct: + switch encoding { + case "group": + if slice { + return makeGroupSliceMarshaler(getMarshalInfo(t)) + } + return makeGroupMarshaler(getMarshalInfo(t)) + case "bytes": + if slice { + return makeMessageSliceMarshaler(getMarshalInfo(t)) + } + return makeMessageMarshaler(getMarshalInfo(t)) + } + } + panic(fmt.Sprintf("unknown or mismatched type: type: %v, wire type: %v", t, encoding)) +} + +// Below are functions to size/marshal a specific type of a field. +// They are stored in the field's info, and called by function pointers. +// They have type sizer or marshaler. + +func sizeFixed32Value(_ pointer, tagsize int) int { + return 4 + tagsize +} +func sizeFixed32ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toUint32() + if v == 0 { + return 0 + } + return 4 + tagsize +} +func sizeFixed32Ptr(ptr pointer, tagsize int) int { + p := *ptr.toUint32Ptr() + if p == nil { + return 0 + } + return 4 + tagsize +} +func sizeFixed32Slice(ptr pointer, tagsize int) int { + s := *ptr.toUint32Slice() + return (4 + tagsize) * len(s) +} +func sizeFixed32PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toUint32Slice() + if len(s) == 0 { + return 0 + } + return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize +} +func sizeFixedS32Value(_ pointer, tagsize int) int { + return 4 + tagsize +} +func sizeFixedS32ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toInt32() + if v == 0 { + return 0 + } + return 4 + tagsize +} +func sizeFixedS32Ptr(ptr pointer, tagsize int) int { + p := ptr.getInt32Ptr() + if p == nil { + return 0 + } + return 4 + tagsize +} +func sizeFixedS32Slice(ptr pointer, tagsize int) int { + s := ptr.getInt32Slice() + return (4 + tagsize) * len(s) +} +func sizeFixedS32PackedSlice(ptr pointer, tagsize int) int { + s := ptr.getInt32Slice() + if len(s) == 0 { + return 0 + } + return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize +} +func sizeFloat32Value(_ pointer, tagsize int) int { + return 4 + tagsize +} +func sizeFloat32ValueNoZero(ptr pointer, tagsize int) int { + v := math.Float32bits(*ptr.toFloat32()) + if v == 0 { + return 0 + } + return 4 + tagsize +} +func sizeFloat32Ptr(ptr pointer, tagsize int) int { + p := *ptr.toFloat32Ptr() + if p == nil { + return 0 + } + return 4 + tagsize +} +func sizeFloat32Slice(ptr pointer, tagsize int) int { + s := *ptr.toFloat32Slice() + return (4 + tagsize) * len(s) +} +func sizeFloat32PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toFloat32Slice() + if len(s) == 0 { + return 0 + } + return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize +} +func sizeFixed64Value(_ pointer, tagsize int) int { + return 8 + tagsize +} +func sizeFixed64ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toUint64() + if v == 0 { + return 0 + } + return 8 + tagsize +} +func sizeFixed64Ptr(ptr pointer, tagsize int) int { + p := *ptr.toUint64Ptr() + if p == nil { + return 0 + } + return 8 + tagsize +} +func sizeFixed64Slice(ptr pointer, tagsize int) int { + s := *ptr.toUint64Slice() + return (8 + tagsize) * len(s) +} +func sizeFixed64PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toUint64Slice() + if len(s) == 0 { + return 0 + } + return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize +} +func sizeFixedS64Value(_ pointer, tagsize int) int { + return 8 + tagsize +} +func sizeFixedS64ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toInt64() + if v == 0 { + return 0 + } + return 8 + tagsize +} +func sizeFixedS64Ptr(ptr pointer, tagsize int) int { + p := *ptr.toInt64Ptr() + if p == nil { + return 0 + } + return 8 + tagsize +} +func sizeFixedS64Slice(ptr pointer, tagsize int) int { + s := *ptr.toInt64Slice() + return (8 + tagsize) * len(s) +} +func sizeFixedS64PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toInt64Slice() + if len(s) == 0 { + return 0 + } + return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize +} +func sizeFloat64Value(_ pointer, tagsize int) int { + return 8 + tagsize +} +func sizeFloat64ValueNoZero(ptr pointer, tagsize int) int { + v := math.Float64bits(*ptr.toFloat64()) + if v == 0 { + return 0 + } + return 8 + tagsize +} +func sizeFloat64Ptr(ptr pointer, tagsize int) int { + p := *ptr.toFloat64Ptr() + if p == nil { + return 0 + } + return 8 + tagsize +} +func sizeFloat64Slice(ptr pointer, tagsize int) int { + s := *ptr.toFloat64Slice() + return (8 + tagsize) * len(s) +} +func sizeFloat64PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toFloat64Slice() + if len(s) == 0 { + return 0 + } + return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize +} +func sizeVarint32Value(ptr pointer, tagsize int) int { + v := *ptr.toUint32() + return SizeVarint(uint64(v)) + tagsize +} +func sizeVarint32ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toUint32() + if v == 0 { + return 0 + } + return SizeVarint(uint64(v)) + tagsize +} +func sizeVarint32Ptr(ptr pointer, tagsize int) int { + p := *ptr.toUint32Ptr() + if p == nil { + return 0 + } + return SizeVarint(uint64(*p)) + tagsize +} +func sizeVarint32Slice(ptr pointer, tagsize int) int { + s := *ptr.toUint32Slice() + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + tagsize + } + return n +} +func sizeVarint32PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toUint32Slice() + if len(s) == 0 { + return 0 + } + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + } + return n + SizeVarint(uint64(n)) + tagsize +} +func sizeVarintS32Value(ptr pointer, tagsize int) int { + v := *ptr.toInt32() + return SizeVarint(uint64(v)) + tagsize +} +func sizeVarintS32ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toInt32() + if v == 0 { + return 0 + } + return SizeVarint(uint64(v)) + tagsize +} +func sizeVarintS32Ptr(ptr pointer, tagsize int) int { + p := ptr.getInt32Ptr() + if p == nil { + return 0 + } + return SizeVarint(uint64(*p)) + tagsize +} +func sizeVarintS32Slice(ptr pointer, tagsize int) int { + s := ptr.getInt32Slice() + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + tagsize + } + return n +} +func sizeVarintS32PackedSlice(ptr pointer, tagsize int) int { + s := ptr.getInt32Slice() + if len(s) == 0 { + return 0 + } + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + } + return n + SizeVarint(uint64(n)) + tagsize +} +func sizeVarint64Value(ptr pointer, tagsize int) int { + v := *ptr.toUint64() + return SizeVarint(v) + tagsize +} +func sizeVarint64ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toUint64() + if v == 0 { + return 0 + } + return SizeVarint(v) + tagsize +} +func sizeVarint64Ptr(ptr pointer, tagsize int) int { + p := *ptr.toUint64Ptr() + if p == nil { + return 0 + } + return SizeVarint(*p) + tagsize +} +func sizeVarint64Slice(ptr pointer, tagsize int) int { + s := *ptr.toUint64Slice() + n := 0 + for _, v := range s { + n += SizeVarint(v) + tagsize + } + return n +} +func sizeVarint64PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toUint64Slice() + if len(s) == 0 { + return 0 + } + n := 0 + for _, v := range s { + n += SizeVarint(v) + } + return n + SizeVarint(uint64(n)) + tagsize +} +func sizeVarintS64Value(ptr pointer, tagsize int) int { + v := *ptr.toInt64() + return SizeVarint(uint64(v)) + tagsize +} +func sizeVarintS64ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toInt64() + if v == 0 { + return 0 + } + return SizeVarint(uint64(v)) + tagsize +} +func sizeVarintS64Ptr(ptr pointer, tagsize int) int { + p := *ptr.toInt64Ptr() + if p == nil { + return 0 + } + return SizeVarint(uint64(*p)) + tagsize +} +func sizeVarintS64Slice(ptr pointer, tagsize int) int { + s := *ptr.toInt64Slice() + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + tagsize + } + return n +} +func sizeVarintS64PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toInt64Slice() + if len(s) == 0 { + return 0 + } + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + } + return n + SizeVarint(uint64(n)) + tagsize +} +func sizeZigzag32Value(ptr pointer, tagsize int) int { + v := *ptr.toInt32() + return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize +} +func sizeZigzag32ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toInt32() + if v == 0 { + return 0 + } + return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize +} +func sizeZigzag32Ptr(ptr pointer, tagsize int) int { + p := ptr.getInt32Ptr() + if p == nil { + return 0 + } + v := *p + return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize +} +func sizeZigzag32Slice(ptr pointer, tagsize int) int { + s := ptr.getInt32Slice() + n := 0 + for _, v := range s { + n += SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize + } + return n +} +func sizeZigzag32PackedSlice(ptr pointer, tagsize int) int { + s := ptr.getInt32Slice() + if len(s) == 0 { + return 0 + } + n := 0 + for _, v := range s { + n += SizeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31)))) + } + return n + SizeVarint(uint64(n)) + tagsize +} +func sizeZigzag64Value(ptr pointer, tagsize int) int { + v := *ptr.toInt64() + return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize +} +func sizeZigzag64ValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toInt64() + if v == 0 { + return 0 + } + return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize +} +func sizeZigzag64Ptr(ptr pointer, tagsize int) int { + p := *ptr.toInt64Ptr() + if p == nil { + return 0 + } + v := *p + return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize +} +func sizeZigzag64Slice(ptr pointer, tagsize int) int { + s := *ptr.toInt64Slice() + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize + } + return n +} +func sizeZigzag64PackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toInt64Slice() + if len(s) == 0 { + return 0 + } + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v<<1) ^ uint64((int64(v) >> 63))) + } + return n + SizeVarint(uint64(n)) + tagsize +} +func sizeBoolValue(_ pointer, tagsize int) int { + return 1 + tagsize +} +func sizeBoolValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toBool() + if !v { + return 0 + } + return 1 + tagsize +} +func sizeBoolPtr(ptr pointer, tagsize int) int { + p := *ptr.toBoolPtr() + if p == nil { + return 0 + } + return 1 + tagsize +} +func sizeBoolSlice(ptr pointer, tagsize int) int { + s := *ptr.toBoolSlice() + return (1 + tagsize) * len(s) +} +func sizeBoolPackedSlice(ptr pointer, tagsize int) int { + s := *ptr.toBoolSlice() + if len(s) == 0 { + return 0 + } + return len(s) + SizeVarint(uint64(len(s))) + tagsize +} +func sizeStringValue(ptr pointer, tagsize int) int { + v := *ptr.toString() + return len(v) + SizeVarint(uint64(len(v))) + tagsize +} +func sizeStringValueNoZero(ptr pointer, tagsize int) int { + v := *ptr.toString() + if v == "" { + return 0 + } + return len(v) + SizeVarint(uint64(len(v))) + tagsize +} +func sizeStringPtr(ptr pointer, tagsize int) int { + p := *ptr.toStringPtr() + if p == nil { + return 0 + } + v := *p + return len(v) + SizeVarint(uint64(len(v))) + tagsize +} +func sizeStringSlice(ptr pointer, tagsize int) int { + s := *ptr.toStringSlice() + n := 0 + for _, v := range s { + n += len(v) + SizeVarint(uint64(len(v))) + tagsize + } + return n +} +func sizeBytes(ptr pointer, tagsize int) int { + v := *ptr.toBytes() + if v == nil { + return 0 + } + return len(v) + SizeVarint(uint64(len(v))) + tagsize +} +func sizeBytes3(ptr pointer, tagsize int) int { + v := *ptr.toBytes() + if len(v) == 0 { + return 0 + } + return len(v) + SizeVarint(uint64(len(v))) + tagsize +} +func sizeBytesOneof(ptr pointer, tagsize int) int { + v := *ptr.toBytes() + return len(v) + SizeVarint(uint64(len(v))) + tagsize +} +func sizeBytesSlice(ptr pointer, tagsize int) int { + s := *ptr.toBytesSlice() + n := 0 + for _, v := range s { + n += len(v) + SizeVarint(uint64(len(v))) + tagsize + } + return n +} + +// appendFixed32 appends an encoded fixed32 to b. +func appendFixed32(b []byte, v uint32) []byte { + b = append(b, + byte(v), + byte(v>>8), + byte(v>>16), + byte(v>>24)) + return b +} + +// appendFixed64 appends an encoded fixed64 to b. +func appendFixed64(b []byte, v uint64) []byte { + b = append(b, + byte(v), + byte(v>>8), + byte(v>>16), + byte(v>>24), + byte(v>>32), + byte(v>>40), + byte(v>>48), + byte(v>>56)) + return b +} + +// appendVarint appends an encoded varint to b. +func appendVarint(b []byte, v uint64) []byte { + // TODO: make 1-byte (maybe 2-byte) case inline-able, once we + // have non-leaf inliner. + switch { + case v < 1<<7: + b = append(b, byte(v)) + case v < 1<<14: + b = append(b, + byte(v&0x7f|0x80), + byte(v>>7)) + case v < 1<<21: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte(v>>14)) + case v < 1<<28: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte(v>>21)) + case v < 1<<35: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte((v>>21)&0x7f|0x80), + byte(v>>28)) + case v < 1<<42: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte((v>>21)&0x7f|0x80), + byte((v>>28)&0x7f|0x80), + byte(v>>35)) + case v < 1<<49: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte((v>>21)&0x7f|0x80), + byte((v>>28)&0x7f|0x80), + byte((v>>35)&0x7f|0x80), + byte(v>>42)) + case v < 1<<56: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte((v>>21)&0x7f|0x80), + byte((v>>28)&0x7f|0x80), + byte((v>>35)&0x7f|0x80), + byte((v>>42)&0x7f|0x80), + byte(v>>49)) + case v < 1<<63: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte((v>>21)&0x7f|0x80), + byte((v>>28)&0x7f|0x80), + byte((v>>35)&0x7f|0x80), + byte((v>>42)&0x7f|0x80), + byte((v>>49)&0x7f|0x80), + byte(v>>56)) + default: + b = append(b, + byte(v&0x7f|0x80), + byte((v>>7)&0x7f|0x80), + byte((v>>14)&0x7f|0x80), + byte((v>>21)&0x7f|0x80), + byte((v>>28)&0x7f|0x80), + byte((v>>35)&0x7f|0x80), + byte((v>>42)&0x7f|0x80), + byte((v>>49)&0x7f|0x80), + byte((v>>56)&0x7f|0x80), + 1) + } + return b +} + +func appendFixed32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint32() + b = appendVarint(b, wiretag) + b = appendFixed32(b, v) + return b, nil +} +func appendFixed32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint32() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed32(b, v) + return b, nil +} +func appendFixed32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toUint32Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed32(b, *p) + return b, nil +} +func appendFixed32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint32Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendFixed32(b, v) + } + return b, nil +} +func appendFixed32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint32Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(4*len(s))) + for _, v := range s { + b = appendFixed32(b, v) + } + return b, nil +} +func appendFixedS32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt32() + b = appendVarint(b, wiretag) + b = appendFixed32(b, uint32(v)) + return b, nil +} +func appendFixedS32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt32() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed32(b, uint32(v)) + return b, nil +} +func appendFixedS32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := ptr.getInt32Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed32(b, uint32(*p)) + return b, nil +} +func appendFixedS32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := ptr.getInt32Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendFixed32(b, uint32(v)) + } + return b, nil +} +func appendFixedS32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := ptr.getInt32Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(4*len(s))) + for _, v := range s { + b = appendFixed32(b, uint32(v)) + } + return b, nil +} +func appendFloat32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := math.Float32bits(*ptr.toFloat32()) + b = appendVarint(b, wiretag) + b = appendFixed32(b, v) + return b, nil +} +func appendFloat32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := math.Float32bits(*ptr.toFloat32()) + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed32(b, v) + return b, nil +} +func appendFloat32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toFloat32Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed32(b, math.Float32bits(*p)) + return b, nil +} +func appendFloat32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toFloat32Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendFixed32(b, math.Float32bits(v)) + } + return b, nil +} +func appendFloat32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toFloat32Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(4*len(s))) + for _, v := range s { + b = appendFixed32(b, math.Float32bits(v)) + } + return b, nil +} +func appendFixed64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint64() + b = appendVarint(b, wiretag) + b = appendFixed64(b, v) + return b, nil +} +func appendFixed64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint64() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed64(b, v) + return b, nil +} +func appendFixed64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toUint64Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed64(b, *p) + return b, nil +} +func appendFixed64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint64Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendFixed64(b, v) + } + return b, nil +} +func appendFixed64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint64Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(8*len(s))) + for _, v := range s { + b = appendFixed64(b, v) + } + return b, nil +} +func appendFixedS64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt64() + b = appendVarint(b, wiretag) + b = appendFixed64(b, uint64(v)) + return b, nil +} +func appendFixedS64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt64() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed64(b, uint64(v)) + return b, nil +} +func appendFixedS64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toInt64Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed64(b, uint64(*p)) + return b, nil +} +func appendFixedS64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toInt64Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendFixed64(b, uint64(v)) + } + return b, nil +} +func appendFixedS64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toInt64Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(8*len(s))) + for _, v := range s { + b = appendFixed64(b, uint64(v)) + } + return b, nil +} +func appendFloat64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := math.Float64bits(*ptr.toFloat64()) + b = appendVarint(b, wiretag) + b = appendFixed64(b, v) + return b, nil +} +func appendFloat64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := math.Float64bits(*ptr.toFloat64()) + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed64(b, v) + return b, nil +} +func appendFloat64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toFloat64Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendFixed64(b, math.Float64bits(*p)) + return b, nil +} +func appendFloat64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toFloat64Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendFixed64(b, math.Float64bits(v)) + } + return b, nil +} +func appendFloat64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toFloat64Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(8*len(s))) + for _, v := range s { + b = appendFixed64(b, math.Float64bits(v)) + } + return b, nil +} +func appendVarint32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint32() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + return b, nil +} +func appendVarint32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint32() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + return b, nil +} +func appendVarint32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toUint32Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(*p)) + return b, nil +} +func appendVarint32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint32Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + } + return b, nil +} +func appendVarint32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint32Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + // compute size + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + } + b = appendVarint(b, uint64(n)) + for _, v := range s { + b = appendVarint(b, uint64(v)) + } + return b, nil +} +func appendVarintS32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt32() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + return b, nil +} +func appendVarintS32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt32() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + return b, nil +} +func appendVarintS32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := ptr.getInt32Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(*p)) + return b, nil +} +func appendVarintS32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := ptr.getInt32Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + } + return b, nil +} +func appendVarintS32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := ptr.getInt32Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + // compute size + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + } + b = appendVarint(b, uint64(n)) + for _, v := range s { + b = appendVarint(b, uint64(v)) + } + return b, nil +} +func appendVarint64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint64() + b = appendVarint(b, wiretag) + b = appendVarint(b, v) + return b, nil +} +func appendVarint64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toUint64() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, v) + return b, nil +} +func appendVarint64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toUint64Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, *p) + return b, nil +} +func appendVarint64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint64Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, v) + } + return b, nil +} +func appendVarint64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toUint64Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + // compute size + n := 0 + for _, v := range s { + n += SizeVarint(v) + } + b = appendVarint(b, uint64(n)) + for _, v := range s { + b = appendVarint(b, v) + } + return b, nil +} +func appendVarintS64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt64() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + return b, nil +} +func appendVarintS64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt64() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + return b, nil +} +func appendVarintS64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toInt64Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(*p)) + return b, nil +} +func appendVarintS64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toInt64Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v)) + } + return b, nil +} +func appendVarintS64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toInt64Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + // compute size + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v)) + } + b = appendVarint(b, uint64(n)) + for _, v := range s { + b = appendVarint(b, uint64(v)) + } + return b, nil +} +func appendZigzag32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt32() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + return b, nil +} +func appendZigzag32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt32() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + return b, nil +} +func appendZigzag32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := ptr.getInt32Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + v := *p + b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + return b, nil +} +func appendZigzag32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := ptr.getInt32Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + } + return b, nil +} +func appendZigzag32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := ptr.getInt32Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + // compute size + n := 0 + for _, v := range s { + n += SizeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31)))) + } + b = appendVarint(b, uint64(n)) + for _, v := range s { + b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + } + return b, nil +} +func appendZigzag64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt64() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63))) + return b, nil +} +func appendZigzag64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toInt64() + if v == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63))) + return b, nil +} +func appendZigzag64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toInt64Ptr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + v := *p + b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63))) + return b, nil +} +func appendZigzag64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toInt64Slice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63))) + } + return b, nil +} +func appendZigzag64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toInt64Slice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + // compute size + n := 0 + for _, v := range s { + n += SizeVarint(uint64(v<<1) ^ uint64((int64(v) >> 63))) + } + b = appendVarint(b, uint64(n)) + for _, v := range s { + b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63))) + } + return b, nil +} +func appendBoolValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toBool() + b = appendVarint(b, wiretag) + if v { + b = append(b, 1) + } else { + b = append(b, 0) + } + return b, nil +} +func appendBoolValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toBool() + if !v { + return b, nil + } + b = appendVarint(b, wiretag) + b = append(b, 1) + return b, nil +} + +func appendBoolPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toBoolPtr() + if p == nil { + return b, nil + } + b = appendVarint(b, wiretag) + if *p { + b = append(b, 1) + } else { + b = append(b, 0) + } + return b, nil +} +func appendBoolSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toBoolSlice() + for _, v := range s { + b = appendVarint(b, wiretag) + if v { + b = append(b, 1) + } else { + b = append(b, 0) + } + } + return b, nil +} +func appendBoolPackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toBoolSlice() + if len(s) == 0 { + return b, nil + } + b = appendVarint(b, wiretag&^7|WireBytes) + b = appendVarint(b, uint64(len(s))) + for _, v := range s { + if v { + b = append(b, 1) + } else { + b = append(b, 0) + } + } + return b, nil +} +func appendStringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toString() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + return b, nil +} +func appendStringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toString() + if v == "" { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + return b, nil +} +func appendStringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + p := *ptr.toStringPtr() + if p == nil { + return b, nil + } + v := *p + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + return b, nil +} +func appendStringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toStringSlice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + } + return b, nil +} +func appendUTF8StringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + var invalidUTF8 bool + v := *ptr.toString() + if !utf8.ValidString(v) { + invalidUTF8 = true + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + if invalidUTF8 { + return b, errInvalidUTF8 + } + return b, nil +} +func appendUTF8StringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + var invalidUTF8 bool + v := *ptr.toString() + if v == "" { + return b, nil + } + if !utf8.ValidString(v) { + invalidUTF8 = true + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + if invalidUTF8 { + return b, errInvalidUTF8 + } + return b, nil +} +func appendUTF8StringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + var invalidUTF8 bool + p := *ptr.toStringPtr() + if p == nil { + return b, nil + } + v := *p + if !utf8.ValidString(v) { + invalidUTF8 = true + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + if invalidUTF8 { + return b, errInvalidUTF8 + } + return b, nil +} +func appendUTF8StringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + var invalidUTF8 bool + s := *ptr.toStringSlice() + for _, v := range s { + if !utf8.ValidString(v) { + invalidUTF8 = true + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + } + if invalidUTF8 { + return b, errInvalidUTF8 + } + return b, nil +} +func appendBytes(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toBytes() + if v == nil { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + return b, nil +} +func appendBytes3(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toBytes() + if len(v) == 0 { + return b, nil + } + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + return b, nil +} +func appendBytesOneof(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + v := *ptr.toBytes() + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + return b, nil +} +func appendBytesSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) { + s := *ptr.toBytesSlice() + for _, v := range s { + b = appendVarint(b, wiretag) + b = appendVarint(b, uint64(len(v))) + b = append(b, v...) + } + return b, nil +} + +// makeGroupMarshaler returns the sizer and marshaler for a group. +// u is the marshal info of the underlying message. +func makeGroupMarshaler(u *marshalInfo) (sizer, marshaler) { + return func(ptr pointer, tagsize int) int { + p := ptr.getPointer() + if p.isNil() { + return 0 + } + return u.size(p) + 2*tagsize + }, + func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) { + p := ptr.getPointer() + if p.isNil() { + return b, nil + } + var err error + b = appendVarint(b, wiretag) // start group + b, err = u.marshal(b, p, deterministic) + b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group + return b, err + } +} + +// makeGroupSliceMarshaler returns the sizer and marshaler for a group slice. +// u is the marshal info of the underlying message. +func makeGroupSliceMarshaler(u *marshalInfo) (sizer, marshaler) { + return func(ptr pointer, tagsize int) int { + s := ptr.getPointerSlice() + n := 0 + for _, v := range s { + if v.isNil() { + continue + } + n += u.size(v) + 2*tagsize + } + return n + }, + func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) { + s := ptr.getPointerSlice() + var err error + var nerr nonFatal + for _, v := range s { + if v.isNil() { + return b, errRepeatedHasNil + } + b = appendVarint(b, wiretag) // start group + b, err = u.marshal(b, v, deterministic) + b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group + if !nerr.Merge(err) { + if err == ErrNil { + err = errRepeatedHasNil + } + return b, err + } + } + return b, nerr.E + } +} + +// makeMessageMarshaler returns the sizer and marshaler for a message field. +// u is the marshal info of the message. +func makeMessageMarshaler(u *marshalInfo) (sizer, marshaler) { + return func(ptr pointer, tagsize int) int { + p := ptr.getPointer() + if p.isNil() { + return 0 + } + siz := u.size(p) + return siz + SizeVarint(uint64(siz)) + tagsize + }, + func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) { + p := ptr.getPointer() + if p.isNil() { + return b, nil + } + b = appendVarint(b, wiretag) + siz := u.cachedsize(p) + b = appendVarint(b, uint64(siz)) + return u.marshal(b, p, deterministic) + } +} + +// makeMessageSliceMarshaler returns the sizer and marshaler for a message slice. +// u is the marshal info of the message. +func makeMessageSliceMarshaler(u *marshalInfo) (sizer, marshaler) { + return func(ptr pointer, tagsize int) int { + s := ptr.getPointerSlice() + n := 0 + for _, v := range s { + if v.isNil() { + continue + } + siz := u.size(v) + n += siz + SizeVarint(uint64(siz)) + tagsize + } + return n + }, + func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) { + s := ptr.getPointerSlice() + var err error + var nerr nonFatal + for _, v := range s { + if v.isNil() { + return b, errRepeatedHasNil + } + b = appendVarint(b, wiretag) + siz := u.cachedsize(v) + b = appendVarint(b, uint64(siz)) + b, err = u.marshal(b, v, deterministic) + + if !nerr.Merge(err) { + if err == ErrNil { + err = errRepeatedHasNil + } + return b, err + } + } + return b, nerr.E + } +} + +// makeMapMarshaler returns the sizer and marshaler for a map field. +// f is the pointer to the reflect data structure of the field. +func makeMapMarshaler(f *reflect.StructField) (sizer, marshaler) { + // figure out key and value type + t := f.Type + keyType := t.Key() + valType := t.Elem() + keyTags := strings.Split(f.Tag.Get("protobuf_key"), ",") + valTags := strings.Split(f.Tag.Get("protobuf_val"), ",") + keySizer, keyMarshaler := typeMarshaler(keyType, keyTags, false, false) // don't omit zero value in map + valSizer, valMarshaler := typeMarshaler(valType, valTags, false, false) // don't omit zero value in map + keyWireTag := 1<<3 | wiretype(keyTags[0]) + valWireTag := 2<<3 | wiretype(valTags[0]) + + // We create an interface to get the addresses of the map key and value. + // If value is pointer-typed, the interface is a direct interface, the + // idata itself is the value. Otherwise, the idata is the pointer to the + // value. + // Key cannot be pointer-typed. + valIsPtr := valType.Kind() == reflect.Ptr + + // If value is a message with nested maps, calling + // valSizer in marshal may be quadratic. We should use + // cached version in marshal (but not in size). + // If value is not message type, we don't have size cache, + // but it cannot be nested either. Just use valSizer. + valCachedSizer := valSizer + if valIsPtr && valType.Elem().Kind() == reflect.Struct { + u := getMarshalInfo(valType.Elem()) + valCachedSizer = func(ptr pointer, tagsize int) int { + // Same as message sizer, but use cache. + p := ptr.getPointer() + if p.isNil() { + return 0 + } + siz := u.cachedsize(p) + return siz + SizeVarint(uint64(siz)) + tagsize + } + } + return func(ptr pointer, tagsize int) int { + m := ptr.asPointerTo(t).Elem() // the map + n := 0 + for _, k := range m.MapKeys() { + ki := k.Interface() + vi := m.MapIndex(k).Interface() + kaddr := toAddrPointer(&ki, false, false) // pointer to key + vaddr := toAddrPointer(&vi, valIsPtr, false) // pointer to value + siz := keySizer(kaddr, 1) + valSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1) + n += siz + SizeVarint(uint64(siz)) + tagsize + } + return n + }, + func(b []byte, ptr pointer, tag uint64, deterministic bool) ([]byte, error) { + m := ptr.asPointerTo(t).Elem() // the map + var err error + keys := m.MapKeys() + if len(keys) > 1 && deterministic { + sort.Sort(mapKeys(keys)) + } + + var nerr nonFatal + for _, k := range keys { + ki := k.Interface() + vi := m.MapIndex(k).Interface() + kaddr := toAddrPointer(&ki, false, false) // pointer to key + vaddr := toAddrPointer(&vi, valIsPtr, false) // pointer to value + b = appendVarint(b, tag) + siz := keySizer(kaddr, 1) + valCachedSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1) + b = appendVarint(b, uint64(siz)) + b, err = keyMarshaler(b, kaddr, keyWireTag, deterministic) + if !nerr.Merge(err) { + return b, err + } + b, err = valMarshaler(b, vaddr, valWireTag, deterministic) + if err != ErrNil && !nerr.Merge(err) { // allow nil value in map + return b, err + } + } + return b, nerr.E + } +} + +// makeOneOfMarshaler returns the sizer and marshaler for a oneof field. +// fi is the marshal info of the field. +// f is the pointer to the reflect data structure of the field. +func makeOneOfMarshaler(fi *marshalFieldInfo, f *reflect.StructField) (sizer, marshaler) { + // Oneof field is an interface. We need to get the actual data type on the fly. + t := f.Type + return func(ptr pointer, _ int) int { + p := ptr.getInterfacePointer() + if p.isNil() { + return 0 + } + v := ptr.asPointerTo(t).Elem().Elem().Elem() // *interface -> interface -> *struct -> struct + telem := v.Type() + e := fi.oneofElems[telem] + return e.sizer(p, e.tagsize) + }, + func(b []byte, ptr pointer, _ uint64, deterministic bool) ([]byte, error) { + p := ptr.getInterfacePointer() + if p.isNil() { + return b, nil + } + v := ptr.asPointerTo(t).Elem().Elem().Elem() // *interface -> interface -> *struct -> struct + telem := v.Type() + if telem.Field(0).Type.Kind() == reflect.Ptr && p.getPointer().isNil() { + return b, errOneofHasNil + } + e := fi.oneofElems[telem] + return e.marshaler(b, p, e.wiretag, deterministic) + } +} + +// sizeExtensions computes the size of encoded data for a XXX_InternalExtensions field. +func (u *marshalInfo) sizeExtensions(ext *XXX_InternalExtensions) int { + m, mu := ext.extensionsRead() + if m == nil { + return 0 + } + mu.Lock() + + n := 0 + for _, e := range m { + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + n += len(e.enc) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + n += ei.sizer(p, ei.tagsize) + } + mu.Unlock() + return n +} + +// appendExtensions marshals a XXX_InternalExtensions field to the end of byte slice b. +func (u *marshalInfo) appendExtensions(b []byte, ext *XXX_InternalExtensions, deterministic bool) ([]byte, error) { + m, mu := ext.extensionsRead() + if m == nil { + return b, nil + } + mu.Lock() + defer mu.Unlock() + + var err error + var nerr nonFatal + + // Fast-path for common cases: zero or one extensions. + // Don't bother sorting the keys. + if len(m) <= 1 { + for _, e := range m { + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + b = append(b, e.enc...) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + b, err = ei.marshaler(b, p, ei.wiretag, deterministic) + if !nerr.Merge(err) { + return b, err + } + } + return b, nerr.E + } + + // Sort the keys to provide a deterministic encoding. + // Not sure this is required, but the old code does it. + keys := make([]int, 0, len(m)) + for k := range m { + keys = append(keys, int(k)) + } + sort.Ints(keys) + + for _, k := range keys { + e := m[int32(k)] + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + b = append(b, e.enc...) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + b, err = ei.marshaler(b, p, ei.wiretag, deterministic) + if !nerr.Merge(err) { + return b, err + } + } + return b, nerr.E +} + +// message set format is: +// message MessageSet { +// repeated group Item = 1 { +// required int32 type_id = 2; +// required string message = 3; +// }; +// } + +// sizeMessageSet computes the size of encoded data for a XXX_InternalExtensions field +// in message set format (above). +func (u *marshalInfo) sizeMessageSet(ext *XXX_InternalExtensions) int { + m, mu := ext.extensionsRead() + if m == nil { + return 0 + } + mu.Lock() + + n := 0 + for id, e := range m { + n += 2 // start group, end group. tag = 1 (size=1) + n += SizeVarint(uint64(id)) + 1 // type_id, tag = 2 (size=1) + + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint + siz := len(msgWithLen) + n += siz + 1 // message, tag = 3 (size=1) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + n += ei.sizer(p, 1) // message, tag = 3 (size=1) + } + mu.Unlock() + return n +} + +// appendMessageSet marshals a XXX_InternalExtensions field in message set format (above) +// to the end of byte slice b. +func (u *marshalInfo) appendMessageSet(b []byte, ext *XXX_InternalExtensions, deterministic bool) ([]byte, error) { + m, mu := ext.extensionsRead() + if m == nil { + return b, nil + } + mu.Lock() + defer mu.Unlock() + + var err error + var nerr nonFatal + + // Fast-path for common cases: zero or one extensions. + // Don't bother sorting the keys. + if len(m) <= 1 { + for id, e := range m { + b = append(b, 1<<3|WireStartGroup) + b = append(b, 2<<3|WireVarint) + b = appendVarint(b, uint64(id)) + + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint + b = append(b, 3<<3|WireBytes) + b = append(b, msgWithLen...) + b = append(b, 1<<3|WireEndGroup) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic) + if !nerr.Merge(err) { + return b, err + } + b = append(b, 1<<3|WireEndGroup) + } + return b, nerr.E + } + + // Sort the keys to provide a deterministic encoding. + keys := make([]int, 0, len(m)) + for k := range m { + keys = append(keys, int(k)) + } + sort.Ints(keys) + + for _, id := range keys { + e := m[int32(id)] + b = append(b, 1<<3|WireStartGroup) + b = append(b, 2<<3|WireVarint) + b = appendVarint(b, uint64(id)) + + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint + b = append(b, 3<<3|WireBytes) + b = append(b, msgWithLen...) + b = append(b, 1<<3|WireEndGroup) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic) + b = append(b, 1<<3|WireEndGroup) + if !nerr.Merge(err) { + return b, err + } + } + return b, nerr.E +} + +// sizeV1Extensions computes the size of encoded data for a V1-API extension field. +func (u *marshalInfo) sizeV1Extensions(m map[int32]Extension) int { + if m == nil { + return 0 + } + + n := 0 + for _, e := range m { + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + n += len(e.enc) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + n += ei.sizer(p, ei.tagsize) + } + return n +} + +// appendV1Extensions marshals a V1-API extension field to the end of byte slice b. +func (u *marshalInfo) appendV1Extensions(b []byte, m map[int32]Extension, deterministic bool) ([]byte, error) { + if m == nil { + return b, nil + } + + // Sort the keys to provide a deterministic encoding. + keys := make([]int, 0, len(m)) + for k := range m { + keys = append(keys, int(k)) + } + sort.Ints(keys) + + var err error + var nerr nonFatal + for _, k := range keys { + e := m[int32(k)] + if e.value == nil || e.desc == nil { + // Extension is only in its encoded form. + b = append(b, e.enc...) + continue + } + + // We don't skip extensions that have an encoded form set, + // because the extension value may have been mutated after + // the last time this function was called. + + ei := u.getExtElemInfo(e.desc) + v := e.value + p := toAddrPointer(&v, ei.isptr, ei.deref) + b, err = ei.marshaler(b, p, ei.wiretag, deterministic) + if !nerr.Merge(err) { + return b, err + } + } + return b, nerr.E +} + +// newMarshaler is the interface representing objects that can marshal themselves. +// +// This exists to support protoc-gen-go generated messages. +// The proto package will stop type-asserting to this interface in the future. +// +// DO NOT DEPEND ON THIS. +type newMarshaler interface { + XXX_Size() int + XXX_Marshal(b []byte, deterministic bool) ([]byte, error) +} + +// Size returns the encoded size of a protocol buffer message. +// This is the main entry point. +func Size(pb Message) int { + if m, ok := pb.(newMarshaler); ok { + return m.XXX_Size() + } + if m, ok := pb.(Marshaler); ok { + // If the message can marshal itself, let it do it, for compatibility. + // NOTE: This is not efficient. + b, _ := m.Marshal() + return len(b) + } + // in case somehow we didn't generate the wrapper + if pb == nil { + return 0 + } + var info InternalMessageInfo + return info.Size(pb) +} + +// Marshal takes a protocol buffer message +// and encodes it into the wire format, returning the data. +// This is the main entry point. +func Marshal(pb Message) ([]byte, error) { + if m, ok := pb.(newMarshaler); ok { + siz := m.XXX_Size() + b := make([]byte, 0, siz) + return m.XXX_Marshal(b, false) + } + if m, ok := pb.(Marshaler); ok { + // If the message can marshal itself, let it do it, for compatibility. + // NOTE: This is not efficient. + return m.Marshal() + } + // in case somehow we didn't generate the wrapper + if pb == nil { + return nil, ErrNil + } + var info InternalMessageInfo + siz := info.Size(pb) + b := make([]byte, 0, siz) + return info.Marshal(b, pb, false) +} + +// Marshal takes a protocol buffer message +// and encodes it into the wire format, writing the result to the +// Buffer. +// This is an alternative entry point. It is not necessary to use +// a Buffer for most applications. +func (p *Buffer) Marshal(pb Message) error { + var err error + if m, ok := pb.(newMarshaler); ok { + siz := m.XXX_Size() + p.grow(siz) // make sure buf has enough capacity + p.buf, err = m.XXX_Marshal(p.buf, p.deterministic) + return err + } + if m, ok := pb.(Marshaler); ok { + // If the message can marshal itself, let it do it, for compatibility. + // NOTE: This is not efficient. + b, err := m.Marshal() + p.buf = append(p.buf, b...) + return err + } + // in case somehow we didn't generate the wrapper + if pb == nil { + return ErrNil + } + var info InternalMessageInfo + siz := info.Size(pb) + p.grow(siz) // make sure buf has enough capacity + p.buf, err = info.Marshal(p.buf, pb, p.deterministic) + return err +} + +// grow grows the buffer's capacity, if necessary, to guarantee space for +// another n bytes. After grow(n), at least n bytes can be written to the +// buffer without another allocation. +func (p *Buffer) grow(n int) { + need := len(p.buf) + n + if need <= cap(p.buf) { + return + } + newCap := len(p.buf) * 2 + if newCap < need { + newCap = need + } + p.buf = append(make([]byte, 0, newCap), p.buf...) +} diff --git a/vendor/github.com/golang/protobuf/proto/table_merge.go b/vendor/github.com/golang/protobuf/proto/table_merge.go new file mode 100644 index 0000000..5525def --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/table_merge.go @@ -0,0 +1,654 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2016 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +import ( + "fmt" + "reflect" + "strings" + "sync" + "sync/atomic" +) + +// Merge merges the src message into dst. +// This assumes that dst and src of the same type and are non-nil. +func (a *InternalMessageInfo) Merge(dst, src Message) { + mi := atomicLoadMergeInfo(&a.merge) + if mi == nil { + mi = getMergeInfo(reflect.TypeOf(dst).Elem()) + atomicStoreMergeInfo(&a.merge, mi) + } + mi.merge(toPointer(&dst), toPointer(&src)) +} + +type mergeInfo struct { + typ reflect.Type + + initialized int32 // 0: only typ is valid, 1: everything is valid + lock sync.Mutex + + fields []mergeFieldInfo + unrecognized field // Offset of XXX_unrecognized +} + +type mergeFieldInfo struct { + field field // Offset of field, guaranteed to be valid + + // isPointer reports whether the value in the field is a pointer. + // This is true for the following situations: + // * Pointer to struct + // * Pointer to basic type (proto2 only) + // * Slice (first value in slice header is a pointer) + // * String (first value in string header is a pointer) + isPointer bool + + // basicWidth reports the width of the field assuming that it is directly + // embedded in the struct (as is the case for basic types in proto3). + // The possible values are: + // 0: invalid + // 1: bool + // 4: int32, uint32, float32 + // 8: int64, uint64, float64 + basicWidth int + + // Where dst and src are pointers to the types being merged. + merge func(dst, src pointer) +} + +var ( + mergeInfoMap = map[reflect.Type]*mergeInfo{} + mergeInfoLock sync.Mutex +) + +func getMergeInfo(t reflect.Type) *mergeInfo { + mergeInfoLock.Lock() + defer mergeInfoLock.Unlock() + mi := mergeInfoMap[t] + if mi == nil { + mi = &mergeInfo{typ: t} + mergeInfoMap[t] = mi + } + return mi +} + +// merge merges src into dst assuming they are both of type *mi.typ. +func (mi *mergeInfo) merge(dst, src pointer) { + if dst.isNil() { + panic("proto: nil destination") + } + if src.isNil() { + return // Nothing to do. + } + + if atomic.LoadInt32(&mi.initialized) == 0 { + mi.computeMergeInfo() + } + + for _, fi := range mi.fields { + sfp := src.offset(fi.field) + + // As an optimization, we can avoid the merge function call cost + // if we know for sure that the source will have no effect + // by checking if it is the zero value. + if unsafeAllowed { + if fi.isPointer && sfp.getPointer().isNil() { // Could be slice or string + continue + } + if fi.basicWidth > 0 { + switch { + case fi.basicWidth == 1 && !*sfp.toBool(): + continue + case fi.basicWidth == 4 && *sfp.toUint32() == 0: + continue + case fi.basicWidth == 8 && *sfp.toUint64() == 0: + continue + } + } + } + + dfp := dst.offset(fi.field) + fi.merge(dfp, sfp) + } + + // TODO: Make this faster? + out := dst.asPointerTo(mi.typ).Elem() + in := src.asPointerTo(mi.typ).Elem() + if emIn, err := extendable(in.Addr().Interface()); err == nil { + emOut, _ := extendable(out.Addr().Interface()) + mIn, muIn := emIn.extensionsRead() + if mIn != nil { + mOut := emOut.extensionsWrite() + muIn.Lock() + mergeExtension(mOut, mIn) + muIn.Unlock() + } + } + + if mi.unrecognized.IsValid() { + if b := *src.offset(mi.unrecognized).toBytes(); len(b) > 0 { + *dst.offset(mi.unrecognized).toBytes() = append([]byte(nil), b...) + } + } +} + +func (mi *mergeInfo) computeMergeInfo() { + mi.lock.Lock() + defer mi.lock.Unlock() + if mi.initialized != 0 { + return + } + t := mi.typ + n := t.NumField() + + props := GetProperties(t) + for i := 0; i < n; i++ { + f := t.Field(i) + if strings.HasPrefix(f.Name, "XXX_") { + continue + } + + mfi := mergeFieldInfo{field: toField(&f)} + tf := f.Type + + // As an optimization, we can avoid the merge function call cost + // if we know for sure that the source will have no effect + // by checking if it is the zero value. + if unsafeAllowed { + switch tf.Kind() { + case reflect.Ptr, reflect.Slice, reflect.String: + // As a special case, we assume slices and strings are pointers + // since we know that the first field in the SliceSlice or + // StringHeader is a data pointer. + mfi.isPointer = true + case reflect.Bool: + mfi.basicWidth = 1 + case reflect.Int32, reflect.Uint32, reflect.Float32: + mfi.basicWidth = 4 + case reflect.Int64, reflect.Uint64, reflect.Float64: + mfi.basicWidth = 8 + } + } + + // Unwrap tf to get at its most basic type. + var isPointer, isSlice bool + if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 { + isSlice = true + tf = tf.Elem() + } + if tf.Kind() == reflect.Ptr { + isPointer = true + tf = tf.Elem() + } + if isPointer && isSlice && tf.Kind() != reflect.Struct { + panic("both pointer and slice for basic type in " + tf.Name()) + } + + switch tf.Kind() { + case reflect.Int32: + switch { + case isSlice: // E.g., []int32 + mfi.merge = func(dst, src pointer) { + // NOTE: toInt32Slice is not defined (see pointer_reflect.go). + /* + sfsp := src.toInt32Slice() + if *sfsp != nil { + dfsp := dst.toInt32Slice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []int64{} + } + } + */ + sfs := src.getInt32Slice() + if sfs != nil { + dfs := dst.getInt32Slice() + dfs = append(dfs, sfs...) + if dfs == nil { + dfs = []int32{} + } + dst.setInt32Slice(dfs) + } + } + case isPointer: // E.g., *int32 + mfi.merge = func(dst, src pointer) { + // NOTE: toInt32Ptr is not defined (see pointer_reflect.go). + /* + sfpp := src.toInt32Ptr() + if *sfpp != nil { + dfpp := dst.toInt32Ptr() + if *dfpp == nil { + *dfpp = Int32(**sfpp) + } else { + **dfpp = **sfpp + } + } + */ + sfp := src.getInt32Ptr() + if sfp != nil { + dfp := dst.getInt32Ptr() + if dfp == nil { + dst.setInt32Ptr(*sfp) + } else { + *dfp = *sfp + } + } + } + default: // E.g., int32 + mfi.merge = func(dst, src pointer) { + if v := *src.toInt32(); v != 0 { + *dst.toInt32() = v + } + } + } + case reflect.Int64: + switch { + case isSlice: // E.g., []int64 + mfi.merge = func(dst, src pointer) { + sfsp := src.toInt64Slice() + if *sfsp != nil { + dfsp := dst.toInt64Slice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []int64{} + } + } + } + case isPointer: // E.g., *int64 + mfi.merge = func(dst, src pointer) { + sfpp := src.toInt64Ptr() + if *sfpp != nil { + dfpp := dst.toInt64Ptr() + if *dfpp == nil { + *dfpp = Int64(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., int64 + mfi.merge = func(dst, src pointer) { + if v := *src.toInt64(); v != 0 { + *dst.toInt64() = v + } + } + } + case reflect.Uint32: + switch { + case isSlice: // E.g., []uint32 + mfi.merge = func(dst, src pointer) { + sfsp := src.toUint32Slice() + if *sfsp != nil { + dfsp := dst.toUint32Slice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []uint32{} + } + } + } + case isPointer: // E.g., *uint32 + mfi.merge = func(dst, src pointer) { + sfpp := src.toUint32Ptr() + if *sfpp != nil { + dfpp := dst.toUint32Ptr() + if *dfpp == nil { + *dfpp = Uint32(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., uint32 + mfi.merge = func(dst, src pointer) { + if v := *src.toUint32(); v != 0 { + *dst.toUint32() = v + } + } + } + case reflect.Uint64: + switch { + case isSlice: // E.g., []uint64 + mfi.merge = func(dst, src pointer) { + sfsp := src.toUint64Slice() + if *sfsp != nil { + dfsp := dst.toUint64Slice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []uint64{} + } + } + } + case isPointer: // E.g., *uint64 + mfi.merge = func(dst, src pointer) { + sfpp := src.toUint64Ptr() + if *sfpp != nil { + dfpp := dst.toUint64Ptr() + if *dfpp == nil { + *dfpp = Uint64(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., uint64 + mfi.merge = func(dst, src pointer) { + if v := *src.toUint64(); v != 0 { + *dst.toUint64() = v + } + } + } + case reflect.Float32: + switch { + case isSlice: // E.g., []float32 + mfi.merge = func(dst, src pointer) { + sfsp := src.toFloat32Slice() + if *sfsp != nil { + dfsp := dst.toFloat32Slice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []float32{} + } + } + } + case isPointer: // E.g., *float32 + mfi.merge = func(dst, src pointer) { + sfpp := src.toFloat32Ptr() + if *sfpp != nil { + dfpp := dst.toFloat32Ptr() + if *dfpp == nil { + *dfpp = Float32(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., float32 + mfi.merge = func(dst, src pointer) { + if v := *src.toFloat32(); v != 0 { + *dst.toFloat32() = v + } + } + } + case reflect.Float64: + switch { + case isSlice: // E.g., []float64 + mfi.merge = func(dst, src pointer) { + sfsp := src.toFloat64Slice() + if *sfsp != nil { + dfsp := dst.toFloat64Slice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []float64{} + } + } + } + case isPointer: // E.g., *float64 + mfi.merge = func(dst, src pointer) { + sfpp := src.toFloat64Ptr() + if *sfpp != nil { + dfpp := dst.toFloat64Ptr() + if *dfpp == nil { + *dfpp = Float64(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., float64 + mfi.merge = func(dst, src pointer) { + if v := *src.toFloat64(); v != 0 { + *dst.toFloat64() = v + } + } + } + case reflect.Bool: + switch { + case isSlice: // E.g., []bool + mfi.merge = func(dst, src pointer) { + sfsp := src.toBoolSlice() + if *sfsp != nil { + dfsp := dst.toBoolSlice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []bool{} + } + } + } + case isPointer: // E.g., *bool + mfi.merge = func(dst, src pointer) { + sfpp := src.toBoolPtr() + if *sfpp != nil { + dfpp := dst.toBoolPtr() + if *dfpp == nil { + *dfpp = Bool(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., bool + mfi.merge = func(dst, src pointer) { + if v := *src.toBool(); v { + *dst.toBool() = v + } + } + } + case reflect.String: + switch { + case isSlice: // E.g., []string + mfi.merge = func(dst, src pointer) { + sfsp := src.toStringSlice() + if *sfsp != nil { + dfsp := dst.toStringSlice() + *dfsp = append(*dfsp, *sfsp...) + if *dfsp == nil { + *dfsp = []string{} + } + } + } + case isPointer: // E.g., *string + mfi.merge = func(dst, src pointer) { + sfpp := src.toStringPtr() + if *sfpp != nil { + dfpp := dst.toStringPtr() + if *dfpp == nil { + *dfpp = String(**sfpp) + } else { + **dfpp = **sfpp + } + } + } + default: // E.g., string + mfi.merge = func(dst, src pointer) { + if v := *src.toString(); v != "" { + *dst.toString() = v + } + } + } + case reflect.Slice: + isProto3 := props.Prop[i].proto3 + switch { + case isPointer: + panic("bad pointer in byte slice case in " + tf.Name()) + case tf.Elem().Kind() != reflect.Uint8: + panic("bad element kind in byte slice case in " + tf.Name()) + case isSlice: // E.g., [][]byte + mfi.merge = func(dst, src pointer) { + sbsp := src.toBytesSlice() + if *sbsp != nil { + dbsp := dst.toBytesSlice() + for _, sb := range *sbsp { + if sb == nil { + *dbsp = append(*dbsp, nil) + } else { + *dbsp = append(*dbsp, append([]byte{}, sb...)) + } + } + if *dbsp == nil { + *dbsp = [][]byte{} + } + } + } + default: // E.g., []byte + mfi.merge = func(dst, src pointer) { + sbp := src.toBytes() + if *sbp != nil { + dbp := dst.toBytes() + if !isProto3 || len(*sbp) > 0 { + *dbp = append([]byte{}, *sbp...) + } + } + } + } + case reflect.Struct: + switch { + case !isPointer: + panic(fmt.Sprintf("message field %s without pointer", tf)) + case isSlice: // E.g., []*pb.T + mi := getMergeInfo(tf) + mfi.merge = func(dst, src pointer) { + sps := src.getPointerSlice() + if sps != nil { + dps := dst.getPointerSlice() + for _, sp := range sps { + var dp pointer + if !sp.isNil() { + dp = valToPointer(reflect.New(tf)) + mi.merge(dp, sp) + } + dps = append(dps, dp) + } + if dps == nil { + dps = []pointer{} + } + dst.setPointerSlice(dps) + } + } + default: // E.g., *pb.T + mi := getMergeInfo(tf) + mfi.merge = func(dst, src pointer) { + sp := src.getPointer() + if !sp.isNil() { + dp := dst.getPointer() + if dp.isNil() { + dp = valToPointer(reflect.New(tf)) + dst.setPointer(dp) + } + mi.merge(dp, sp) + } + } + } + case reflect.Map: + switch { + case isPointer || isSlice: + panic("bad pointer or slice in map case in " + tf.Name()) + default: // E.g., map[K]V + mfi.merge = func(dst, src pointer) { + sm := src.asPointerTo(tf).Elem() + if sm.Len() == 0 { + return + } + dm := dst.asPointerTo(tf).Elem() + if dm.IsNil() { + dm.Set(reflect.MakeMap(tf)) + } + + switch tf.Elem().Kind() { + case reflect.Ptr: // Proto struct (e.g., *T) + for _, key := range sm.MapKeys() { + val := sm.MapIndex(key) + val = reflect.ValueOf(Clone(val.Interface().(Message))) + dm.SetMapIndex(key, val) + } + case reflect.Slice: // E.g. Bytes type (e.g., []byte) + for _, key := range sm.MapKeys() { + val := sm.MapIndex(key) + val = reflect.ValueOf(append([]byte{}, val.Bytes()...)) + dm.SetMapIndex(key, val) + } + default: // Basic type (e.g., string) + for _, key := range sm.MapKeys() { + val := sm.MapIndex(key) + dm.SetMapIndex(key, val) + } + } + } + } + case reflect.Interface: + // Must be oneof field. + switch { + case isPointer || isSlice: + panic("bad pointer or slice in interface case in " + tf.Name()) + default: // E.g., interface{} + // TODO: Make this faster? + mfi.merge = func(dst, src pointer) { + su := src.asPointerTo(tf).Elem() + if !su.IsNil() { + du := dst.asPointerTo(tf).Elem() + typ := su.Elem().Type() + if du.IsNil() || du.Elem().Type() != typ { + du.Set(reflect.New(typ.Elem())) // Initialize interface if empty + } + sv := su.Elem().Elem().Field(0) + if sv.Kind() == reflect.Ptr && sv.IsNil() { + return + } + dv := du.Elem().Elem().Field(0) + if dv.Kind() == reflect.Ptr && dv.IsNil() { + dv.Set(reflect.New(sv.Type().Elem())) // Initialize proto message if empty + } + switch sv.Type().Kind() { + case reflect.Ptr: // Proto struct (e.g., *T) + Merge(dv.Interface().(Message), sv.Interface().(Message)) + case reflect.Slice: // E.g. Bytes type (e.g., []byte) + dv.Set(reflect.ValueOf(append([]byte{}, sv.Bytes()...))) + default: // Basic type (e.g., string) + dv.Set(sv) + } + } + } + } + default: + panic(fmt.Sprintf("merger not found for type:%s", tf)) + } + mi.fields = append(mi.fields, mfi) + } + + mi.unrecognized = invalidField + if f, ok := t.FieldByName("XXX_unrecognized"); ok { + if f.Type != reflect.TypeOf([]byte{}) { + panic("expected XXX_unrecognized to be of type []byte") + } + mi.unrecognized = toField(&f) + } + + atomic.StoreInt32(&mi.initialized, 1) +} diff --git a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go new file mode 100644 index 0000000..acee2fc --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go @@ -0,0 +1,2053 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2016 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +import ( + "errors" + "fmt" + "io" + "math" + "reflect" + "strconv" + "strings" + "sync" + "sync/atomic" + "unicode/utf8" +) + +// Unmarshal is the entry point from the generated .pb.go files. +// This function is not intended to be used by non-generated code. +// This function is not subject to any compatibility guarantee. +// msg contains a pointer to a protocol buffer struct. +// b is the data to be unmarshaled into the protocol buffer. +// a is a pointer to a place to store cached unmarshal information. +func (a *InternalMessageInfo) Unmarshal(msg Message, b []byte) error { + // Load the unmarshal information for this message type. + // The atomic load ensures memory consistency. + u := atomicLoadUnmarshalInfo(&a.unmarshal) + if u == nil { + // Slow path: find unmarshal info for msg, update a with it. + u = getUnmarshalInfo(reflect.TypeOf(msg).Elem()) + atomicStoreUnmarshalInfo(&a.unmarshal, u) + } + // Then do the unmarshaling. + err := u.unmarshal(toPointer(&msg), b) + return err +} + +type unmarshalInfo struct { + typ reflect.Type // type of the protobuf struct + + // 0 = only typ field is initialized + // 1 = completely initialized + initialized int32 + lock sync.Mutex // prevents double initialization + dense []unmarshalFieldInfo // fields indexed by tag # + sparse map[uint64]unmarshalFieldInfo // fields indexed by tag # + reqFields []string // names of required fields + reqMask uint64 // 1< 0 { + // Read tag and wire type. + // Special case 1 and 2 byte varints. + var x uint64 + if b[0] < 128 { + x = uint64(b[0]) + b = b[1:] + } else if len(b) >= 2 && b[1] < 128 { + x = uint64(b[0]&0x7f) + uint64(b[1])<<7 + b = b[2:] + } else { + var n int + x, n = decodeVarint(b) + if n == 0 { + return io.ErrUnexpectedEOF + } + b = b[n:] + } + tag := x >> 3 + wire := int(x) & 7 + + // Dispatch on the tag to one of the unmarshal* functions below. + var f unmarshalFieldInfo + if tag < uint64(len(u.dense)) { + f = u.dense[tag] + } else { + f = u.sparse[tag] + } + if fn := f.unmarshal; fn != nil { + var err error + b, err = fn(b, m.offset(f.field), wire) + if err == nil { + reqMask |= f.reqMask + continue + } + if r, ok := err.(*RequiredNotSetError); ok { + // Remember this error, but keep parsing. We need to produce + // a full parse even if a required field is missing. + if errLater == nil { + errLater = r + } + reqMask |= f.reqMask + continue + } + if err != errInternalBadWireType { + if err == errInvalidUTF8 { + if errLater == nil { + fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name + errLater = &invalidUTF8Error{fullName} + } + continue + } + return err + } + // Fragments with bad wire type are treated as unknown fields. + } + + // Unknown tag. + if !u.unrecognized.IsValid() { + // Don't keep unrecognized data; just skip it. + var err error + b, err = skipField(b, wire) + if err != nil { + return err + } + continue + } + // Keep unrecognized data around. + // maybe in extensions, maybe in the unrecognized field. + z := m.offset(u.unrecognized).toBytes() + var emap map[int32]Extension + var e Extension + for _, r := range u.extensionRanges { + if uint64(r.Start) <= tag && tag <= uint64(r.End) { + if u.extensions.IsValid() { + mp := m.offset(u.extensions).toExtensions() + emap = mp.extensionsWrite() + e = emap[int32(tag)] + z = &e.enc + break + } + if u.oldExtensions.IsValid() { + p := m.offset(u.oldExtensions).toOldExtensions() + emap = *p + if emap == nil { + emap = map[int32]Extension{} + *p = emap + } + e = emap[int32(tag)] + z = &e.enc + break + } + panic("no extensions field available") + } + } + + // Use wire type to skip data. + var err error + b0 := b + b, err = skipField(b, wire) + if err != nil { + return err + } + *z = encodeVarint(*z, tag<<3|uint64(wire)) + *z = append(*z, b0[:len(b0)-len(b)]...) + + if emap != nil { + emap[int32(tag)] = e + } + } + if reqMask != u.reqMask && errLater == nil { + // A required field of this message is missing. + for _, n := range u.reqFields { + if reqMask&1 == 0 { + errLater = &RequiredNotSetError{n} + } + reqMask >>= 1 + } + } + return errLater +} + +// computeUnmarshalInfo fills in u with information for use +// in unmarshaling protocol buffers of type u.typ. +func (u *unmarshalInfo) computeUnmarshalInfo() { + u.lock.Lock() + defer u.lock.Unlock() + if u.initialized != 0 { + return + } + t := u.typ + n := t.NumField() + + // Set up the "not found" value for the unrecognized byte buffer. + // This is the default for proto3. + u.unrecognized = invalidField + u.extensions = invalidField + u.oldExtensions = invalidField + + // List of the generated type and offset for each oneof field. + type oneofField struct { + ityp reflect.Type // interface type of oneof field + field field // offset in containing message + } + var oneofFields []oneofField + + for i := 0; i < n; i++ { + f := t.Field(i) + if f.Name == "XXX_unrecognized" { + // The byte slice used to hold unrecognized input is special. + if f.Type != reflect.TypeOf(([]byte)(nil)) { + panic("bad type for XXX_unrecognized field: " + f.Type.Name()) + } + u.unrecognized = toField(&f) + continue + } + if f.Name == "XXX_InternalExtensions" { + // Ditto here. + if f.Type != reflect.TypeOf(XXX_InternalExtensions{}) { + panic("bad type for XXX_InternalExtensions field: " + f.Type.Name()) + } + u.extensions = toField(&f) + if f.Tag.Get("protobuf_messageset") == "1" { + u.isMessageSet = true + } + continue + } + if f.Name == "XXX_extensions" { + // An older form of the extensions field. + if f.Type != reflect.TypeOf((map[int32]Extension)(nil)) { + panic("bad type for XXX_extensions field: " + f.Type.Name()) + } + u.oldExtensions = toField(&f) + continue + } + if f.Name == "XXX_NoUnkeyedLiteral" || f.Name == "XXX_sizecache" { + continue + } + + oneof := f.Tag.Get("protobuf_oneof") + if oneof != "" { + oneofFields = append(oneofFields, oneofField{f.Type, toField(&f)}) + // The rest of oneof processing happens below. + continue + } + + tags := f.Tag.Get("protobuf") + tagArray := strings.Split(tags, ",") + if len(tagArray) < 2 { + panic("protobuf tag not enough fields in " + t.Name() + "." + f.Name + ": " + tags) + } + tag, err := strconv.Atoi(tagArray[1]) + if err != nil { + panic("protobuf tag field not an integer: " + tagArray[1]) + } + + name := "" + for _, tag := range tagArray[3:] { + if strings.HasPrefix(tag, "name=") { + name = tag[5:] + } + } + + // Extract unmarshaling function from the field (its type and tags). + unmarshal := fieldUnmarshaler(&f) + + // Required field? + var reqMask uint64 + if tagArray[2] == "req" { + bit := len(u.reqFields) + u.reqFields = append(u.reqFields, name) + reqMask = uint64(1) << uint(bit) + // TODO: if we have more than 64 required fields, we end up + // not verifying that all required fields are present. + // Fix this, perhaps using a count of required fields? + } + + // Store the info in the correct slot in the message. + u.setTag(tag, toField(&f), unmarshal, reqMask, name) + } + + // Find any types associated with oneof fields. + var oneofImplementers []interface{} + switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) { + case oneofFuncsIface: + _, _, _, oneofImplementers = m.XXX_OneofFuncs() + case oneofWrappersIface: + oneofImplementers = m.XXX_OneofWrappers() + } + for _, v := range oneofImplementers { + tptr := reflect.TypeOf(v) // *Msg_X + typ := tptr.Elem() // Msg_X + + f := typ.Field(0) // oneof implementers have one field + baseUnmarshal := fieldUnmarshaler(&f) + tags := strings.Split(f.Tag.Get("protobuf"), ",") + fieldNum, err := strconv.Atoi(tags[1]) + if err != nil { + panic("protobuf tag field not an integer: " + tags[1]) + } + var name string + for _, tag := range tags { + if strings.HasPrefix(tag, "name=") { + name = strings.TrimPrefix(tag, "name=") + break + } + } + + // Find the oneof field that this struct implements. + // Might take O(n^2) to process all of the oneofs, but who cares. + for _, of := range oneofFields { + if tptr.Implements(of.ityp) { + // We have found the corresponding interface for this struct. + // That lets us know where this struct should be stored + // when we encounter it during unmarshaling. + unmarshal := makeUnmarshalOneof(typ, of.ityp, baseUnmarshal) + u.setTag(fieldNum, of.field, unmarshal, 0, name) + } + } + + } + + // Get extension ranges, if any. + fn := reflect.Zero(reflect.PtrTo(t)).MethodByName("ExtensionRangeArray") + if fn.IsValid() { + if !u.extensions.IsValid() && !u.oldExtensions.IsValid() { + panic("a message with extensions, but no extensions field in " + t.Name()) + } + u.extensionRanges = fn.Call(nil)[0].Interface().([]ExtensionRange) + } + + // Explicitly disallow tag 0. This will ensure we flag an error + // when decoding a buffer of all zeros. Without this code, we + // would decode and skip an all-zero buffer of even length. + // [0 0] is [tag=0/wiretype=varint varint-encoded-0]. + u.setTag(0, zeroField, func(b []byte, f pointer, w int) ([]byte, error) { + return nil, fmt.Errorf("proto: %s: illegal tag 0 (wire type %d)", t, w) + }, 0, "") + + // Set mask for required field check. + u.reqMask = uint64(1)<= 0 && (tag < 16 || tag < 2*n) { // TODO: what are the right numbers here? + for len(u.dense) <= tag { + u.dense = append(u.dense, unmarshalFieldInfo{}) + } + u.dense[tag] = i + return + } + if u.sparse == nil { + u.sparse = map[uint64]unmarshalFieldInfo{} + } + u.sparse[uint64(tag)] = i +} + +// fieldUnmarshaler returns an unmarshaler for the given field. +func fieldUnmarshaler(f *reflect.StructField) unmarshaler { + if f.Type.Kind() == reflect.Map { + return makeUnmarshalMap(f) + } + return typeUnmarshaler(f.Type, f.Tag.Get("protobuf")) +} + +// typeUnmarshaler returns an unmarshaler for the given field type / field tag pair. +func typeUnmarshaler(t reflect.Type, tags string) unmarshaler { + tagArray := strings.Split(tags, ",") + encoding := tagArray[0] + name := "unknown" + proto3 := false + validateUTF8 := true + for _, tag := range tagArray[3:] { + if strings.HasPrefix(tag, "name=") { + name = tag[5:] + } + if tag == "proto3" { + proto3 = true + } + } + validateUTF8 = validateUTF8 && proto3 + + // Figure out packaging (pointer, slice, or both) + slice := false + pointer := false + if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 { + slice = true + t = t.Elem() + } + if t.Kind() == reflect.Ptr { + pointer = true + t = t.Elem() + } + + // We'll never have both pointer and slice for basic types. + if pointer && slice && t.Kind() != reflect.Struct { + panic("both pointer and slice for basic type in " + t.Name()) + } + + switch t.Kind() { + case reflect.Bool: + if pointer { + return unmarshalBoolPtr + } + if slice { + return unmarshalBoolSlice + } + return unmarshalBoolValue + case reflect.Int32: + switch encoding { + case "fixed32": + if pointer { + return unmarshalFixedS32Ptr + } + if slice { + return unmarshalFixedS32Slice + } + return unmarshalFixedS32Value + case "varint": + // this could be int32 or enum + if pointer { + return unmarshalInt32Ptr + } + if slice { + return unmarshalInt32Slice + } + return unmarshalInt32Value + case "zigzag32": + if pointer { + return unmarshalSint32Ptr + } + if slice { + return unmarshalSint32Slice + } + return unmarshalSint32Value + } + case reflect.Int64: + switch encoding { + case "fixed64": + if pointer { + return unmarshalFixedS64Ptr + } + if slice { + return unmarshalFixedS64Slice + } + return unmarshalFixedS64Value + case "varint": + if pointer { + return unmarshalInt64Ptr + } + if slice { + return unmarshalInt64Slice + } + return unmarshalInt64Value + case "zigzag64": + if pointer { + return unmarshalSint64Ptr + } + if slice { + return unmarshalSint64Slice + } + return unmarshalSint64Value + } + case reflect.Uint32: + switch encoding { + case "fixed32": + if pointer { + return unmarshalFixed32Ptr + } + if slice { + return unmarshalFixed32Slice + } + return unmarshalFixed32Value + case "varint": + if pointer { + return unmarshalUint32Ptr + } + if slice { + return unmarshalUint32Slice + } + return unmarshalUint32Value + } + case reflect.Uint64: + switch encoding { + case "fixed64": + if pointer { + return unmarshalFixed64Ptr + } + if slice { + return unmarshalFixed64Slice + } + return unmarshalFixed64Value + case "varint": + if pointer { + return unmarshalUint64Ptr + } + if slice { + return unmarshalUint64Slice + } + return unmarshalUint64Value + } + case reflect.Float32: + if pointer { + return unmarshalFloat32Ptr + } + if slice { + return unmarshalFloat32Slice + } + return unmarshalFloat32Value + case reflect.Float64: + if pointer { + return unmarshalFloat64Ptr + } + if slice { + return unmarshalFloat64Slice + } + return unmarshalFloat64Value + case reflect.Map: + panic("map type in typeUnmarshaler in " + t.Name()) + case reflect.Slice: + if pointer { + panic("bad pointer in slice case in " + t.Name()) + } + if slice { + return unmarshalBytesSlice + } + return unmarshalBytesValue + case reflect.String: + if validateUTF8 { + if pointer { + return unmarshalUTF8StringPtr + } + if slice { + return unmarshalUTF8StringSlice + } + return unmarshalUTF8StringValue + } + if pointer { + return unmarshalStringPtr + } + if slice { + return unmarshalStringSlice + } + return unmarshalStringValue + case reflect.Struct: + // message or group field + if !pointer { + panic(fmt.Sprintf("message/group field %s:%s without pointer", t, encoding)) + } + switch encoding { + case "bytes": + if slice { + return makeUnmarshalMessageSlicePtr(getUnmarshalInfo(t), name) + } + return makeUnmarshalMessagePtr(getUnmarshalInfo(t), name) + case "group": + if slice { + return makeUnmarshalGroupSlicePtr(getUnmarshalInfo(t), name) + } + return makeUnmarshalGroupPtr(getUnmarshalInfo(t), name) + } + } + panic(fmt.Sprintf("unmarshaler not found type:%s encoding:%s", t, encoding)) +} + +// Below are all the unmarshalers for individual fields of various types. + +func unmarshalInt64Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x) + *f.toInt64() = v + return b, nil +} + +func unmarshalInt64Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x) + *f.toInt64Ptr() = &v + return b, nil +} + +func unmarshalInt64Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x) + s := f.toInt64Slice() + *s = append(*s, v) + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x) + s := f.toInt64Slice() + *s = append(*s, v) + return b, nil +} + +func unmarshalSint64Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x>>1) ^ int64(x)<<63>>63 + *f.toInt64() = v + return b, nil +} + +func unmarshalSint64Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x>>1) ^ int64(x)<<63>>63 + *f.toInt64Ptr() = &v + return b, nil +} + +func unmarshalSint64Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x>>1) ^ int64(x)<<63>>63 + s := f.toInt64Slice() + *s = append(*s, v) + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int64(x>>1) ^ int64(x)<<63>>63 + s := f.toInt64Slice() + *s = append(*s, v) + return b, nil +} + +func unmarshalUint64Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint64(x) + *f.toUint64() = v + return b, nil +} + +func unmarshalUint64Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint64(x) + *f.toUint64Ptr() = &v + return b, nil +} + +func unmarshalUint64Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint64(x) + s := f.toUint64Slice() + *s = append(*s, v) + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint64(x) + s := f.toUint64Slice() + *s = append(*s, v) + return b, nil +} + +func unmarshalInt32Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x) + *f.toInt32() = v + return b, nil +} + +func unmarshalInt32Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x) + f.setInt32Ptr(v) + return b, nil +} + +func unmarshalInt32Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x) + f.appendInt32Slice(v) + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x) + f.appendInt32Slice(v) + return b, nil +} + +func unmarshalSint32Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x>>1) ^ int32(x)<<31>>31 + *f.toInt32() = v + return b, nil +} + +func unmarshalSint32Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x>>1) ^ int32(x)<<31>>31 + f.setInt32Ptr(v) + return b, nil +} + +func unmarshalSint32Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x>>1) ^ int32(x)<<31>>31 + f.appendInt32Slice(v) + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := int32(x>>1) ^ int32(x)<<31>>31 + f.appendInt32Slice(v) + return b, nil +} + +func unmarshalUint32Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint32(x) + *f.toUint32() = v + return b, nil +} + +func unmarshalUint32Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint32(x) + *f.toUint32Ptr() = &v + return b, nil +} + +func unmarshalUint32Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint32(x) + s := f.toUint32Slice() + *s = append(*s, v) + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + v := uint32(x) + s := f.toUint32Slice() + *s = append(*s, v) + return b, nil +} + +func unmarshalFixed64Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56 + *f.toUint64() = v + return b[8:], nil +} + +func unmarshalFixed64Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56 + *f.toUint64Ptr() = &v + return b[8:], nil +} + +func unmarshalFixed64Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56 + s := f.toUint64Slice() + *s = append(*s, v) + b = b[8:] + } + return res, nil + } + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56 + s := f.toUint64Slice() + *s = append(*s, v) + return b[8:], nil +} + +func unmarshalFixedS64Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56 + *f.toInt64() = v + return b[8:], nil +} + +func unmarshalFixedS64Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56 + *f.toInt64Ptr() = &v + return b[8:], nil +} + +func unmarshalFixedS64Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56 + s := f.toInt64Slice() + *s = append(*s, v) + b = b[8:] + } + return res, nil + } + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56 + s := f.toInt64Slice() + *s = append(*s, v) + return b[8:], nil +} + +func unmarshalFixed32Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 + *f.toUint32() = v + return b[4:], nil +} + +func unmarshalFixed32Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 + *f.toUint32Ptr() = &v + return b[4:], nil +} + +func unmarshalFixed32Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 + s := f.toUint32Slice() + *s = append(*s, v) + b = b[4:] + } + return res, nil + } + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 + s := f.toUint32Slice() + *s = append(*s, v) + return b[4:], nil +} + +func unmarshalFixedS32Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24 + *f.toInt32() = v + return b[4:], nil +} + +func unmarshalFixedS32Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24 + f.setInt32Ptr(v) + return b[4:], nil +} + +func unmarshalFixedS32Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24 + f.appendInt32Slice(v) + b = b[4:] + } + return res, nil + } + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24 + f.appendInt32Slice(v) + return b[4:], nil +} + +func unmarshalBoolValue(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + // Note: any length varint is allowed, even though any sane + // encoder will use one byte. + // See https://github.com/golang/protobuf/issues/76 + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + // TODO: check if x>1? Tests seem to indicate no. + v := x != 0 + *f.toBool() = v + return b[n:], nil +} + +func unmarshalBoolPtr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + v := x != 0 + *f.toBoolPtr() = &v + return b[n:], nil +} + +func unmarshalBoolSlice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + x, n = decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + v := x != 0 + s := f.toBoolSlice() + *s = append(*s, v) + b = b[n:] + } + return res, nil + } + if w != WireVarint { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + v := x != 0 + s := f.toBoolSlice() + *s = append(*s, v) + return b[n:], nil +} + +func unmarshalFloat64Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56) + *f.toFloat64() = v + return b[8:], nil +} + +func unmarshalFloat64Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56) + *f.toFloat64Ptr() = &v + return b[8:], nil +} + +func unmarshalFloat64Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56) + s := f.toFloat64Slice() + *s = append(*s, v) + b = b[8:] + } + return res, nil + } + if w != WireFixed64 { + return b, errInternalBadWireType + } + if len(b) < 8 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56) + s := f.toFloat64Slice() + *s = append(*s, v) + return b[8:], nil +} + +func unmarshalFloat32Value(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24) + *f.toFloat32() = v + return b[4:], nil +} + +func unmarshalFloat32Ptr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24) + *f.toFloat32Ptr() = &v + return b[4:], nil +} + +func unmarshalFloat32Slice(b []byte, f pointer, w int) ([]byte, error) { + if w == WireBytes { // packed + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + res := b[x:] + b = b[:x] + for len(b) > 0 { + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24) + s := f.toFloat32Slice() + *s = append(*s, v) + b = b[4:] + } + return res, nil + } + if w != WireFixed32 { + return b, errInternalBadWireType + } + if len(b) < 4 { + return nil, io.ErrUnexpectedEOF + } + v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24) + s := f.toFloat32Slice() + *s = append(*s, v) + return b[4:], nil +} + +func unmarshalStringValue(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := string(b[:x]) + *f.toString() = v + return b[x:], nil +} + +func unmarshalStringPtr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := string(b[:x]) + *f.toStringPtr() = &v + return b[x:], nil +} + +func unmarshalStringSlice(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := string(b[:x]) + s := f.toStringSlice() + *s = append(*s, v) + return b[x:], nil +} + +func unmarshalUTF8StringValue(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := string(b[:x]) + *f.toString() = v + if !utf8.ValidString(v) { + return b[x:], errInvalidUTF8 + } + return b[x:], nil +} + +func unmarshalUTF8StringPtr(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := string(b[:x]) + *f.toStringPtr() = &v + if !utf8.ValidString(v) { + return b[x:], errInvalidUTF8 + } + return b[x:], nil +} + +func unmarshalUTF8StringSlice(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := string(b[:x]) + s := f.toStringSlice() + *s = append(*s, v) + if !utf8.ValidString(v) { + return b[x:], errInvalidUTF8 + } + return b[x:], nil +} + +var emptyBuf [0]byte + +func unmarshalBytesValue(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + // The use of append here is a trick which avoids the zeroing + // that would be required if we used a make/copy pair. + // We append to emptyBuf instead of nil because we want + // a non-nil result even when the length is 0. + v := append(emptyBuf[:], b[:x]...) + *f.toBytes() = v + return b[x:], nil +} + +func unmarshalBytesSlice(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := append(emptyBuf[:], b[:x]...) + s := f.toBytesSlice() + *s = append(*s, v) + return b[x:], nil +} + +func makeUnmarshalMessagePtr(sub *unmarshalInfo, name string) unmarshaler { + return func(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + // First read the message field to see if something is there. + // The semantics of multiple submessages are weird. Instead of + // the last one winning (as it is for all other fields), multiple + // submessages are merged. + v := f.getPointer() + if v.isNil() { + v = valToPointer(reflect.New(sub.typ)) + f.setPointer(v) + } + err := sub.unmarshal(v, b[:x]) + if err != nil { + if r, ok := err.(*RequiredNotSetError); ok { + r.field = name + "." + r.field + } else { + return nil, err + } + } + return b[x:], err + } +} + +func makeUnmarshalMessageSlicePtr(sub *unmarshalInfo, name string) unmarshaler { + return func(b []byte, f pointer, w int) ([]byte, error) { + if w != WireBytes { + return b, errInternalBadWireType + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + v := valToPointer(reflect.New(sub.typ)) + err := sub.unmarshal(v, b[:x]) + if err != nil { + if r, ok := err.(*RequiredNotSetError); ok { + r.field = name + "." + r.field + } else { + return nil, err + } + } + f.appendPointer(v) + return b[x:], err + } +} + +func makeUnmarshalGroupPtr(sub *unmarshalInfo, name string) unmarshaler { + return func(b []byte, f pointer, w int) ([]byte, error) { + if w != WireStartGroup { + return b, errInternalBadWireType + } + x, y := findEndGroup(b) + if x < 0 { + return nil, io.ErrUnexpectedEOF + } + v := f.getPointer() + if v.isNil() { + v = valToPointer(reflect.New(sub.typ)) + f.setPointer(v) + } + err := sub.unmarshal(v, b[:x]) + if err != nil { + if r, ok := err.(*RequiredNotSetError); ok { + r.field = name + "." + r.field + } else { + return nil, err + } + } + return b[y:], err + } +} + +func makeUnmarshalGroupSlicePtr(sub *unmarshalInfo, name string) unmarshaler { + return func(b []byte, f pointer, w int) ([]byte, error) { + if w != WireStartGroup { + return b, errInternalBadWireType + } + x, y := findEndGroup(b) + if x < 0 { + return nil, io.ErrUnexpectedEOF + } + v := valToPointer(reflect.New(sub.typ)) + err := sub.unmarshal(v, b[:x]) + if err != nil { + if r, ok := err.(*RequiredNotSetError); ok { + r.field = name + "." + r.field + } else { + return nil, err + } + } + f.appendPointer(v) + return b[y:], err + } +} + +func makeUnmarshalMap(f *reflect.StructField) unmarshaler { + t := f.Type + kt := t.Key() + vt := t.Elem() + unmarshalKey := typeUnmarshaler(kt, f.Tag.Get("protobuf_key")) + unmarshalVal := typeUnmarshaler(vt, f.Tag.Get("protobuf_val")) + return func(b []byte, f pointer, w int) ([]byte, error) { + // The map entry is a submessage. Figure out how big it is. + if w != WireBytes { + return nil, fmt.Errorf("proto: bad wiretype for map field: got %d want %d", w, WireBytes) + } + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + b = b[n:] + if x > uint64(len(b)) { + return nil, io.ErrUnexpectedEOF + } + r := b[x:] // unused data to return + b = b[:x] // data for map entry + + // Note: we could use #keys * #values ~= 200 functions + // to do map decoding without reflection. Probably not worth it. + // Maps will be somewhat slow. Oh well. + + // Read key and value from data. + var nerr nonFatal + k := reflect.New(kt) + v := reflect.New(vt) + for len(b) > 0 { + x, n := decodeVarint(b) + if n == 0 { + return nil, io.ErrUnexpectedEOF + } + wire := int(x) & 7 + b = b[n:] + + var err error + switch x >> 3 { + case 1: + b, err = unmarshalKey(b, valToPointer(k), wire) + case 2: + b, err = unmarshalVal(b, valToPointer(v), wire) + default: + err = errInternalBadWireType // skip unknown tag + } + + if nerr.Merge(err) { + continue + } + if err != errInternalBadWireType { + return nil, err + } + + // Skip past unknown fields. + b, err = skipField(b, wire) + if err != nil { + return nil, err + } + } + + // Get map, allocate if needed. + m := f.asPointerTo(t).Elem() // an addressable map[K]T + if m.IsNil() { + m.Set(reflect.MakeMap(t)) + } + + // Insert into map. + m.SetMapIndex(k.Elem(), v.Elem()) + + return r, nerr.E + } +} + +// makeUnmarshalOneof makes an unmarshaler for oneof fields. +// for: +// message Msg { +// oneof F { +// int64 X = 1; +// float64 Y = 2; +// } +// } +// typ is the type of the concrete entry for a oneof case (e.g. Msg_X). +// ityp is the interface type of the oneof field (e.g. isMsg_F). +// unmarshal is the unmarshaler for the base type of the oneof case (e.g. int64). +// Note that this function will be called once for each case in the oneof. +func makeUnmarshalOneof(typ, ityp reflect.Type, unmarshal unmarshaler) unmarshaler { + sf := typ.Field(0) + field0 := toField(&sf) + return func(b []byte, f pointer, w int) ([]byte, error) { + // Allocate holder for value. + v := reflect.New(typ) + + // Unmarshal data into holder. + // We unmarshal into the first field of the holder object. + var err error + var nerr nonFatal + b, err = unmarshal(b, valToPointer(v).offset(field0), w) + if !nerr.Merge(err) { + return nil, err + } + + // Write pointer to holder into target field. + f.asPointerTo(ityp).Elem().Set(v) + + return b, nerr.E + } +} + +// Error used by decode internally. +var errInternalBadWireType = errors.New("proto: internal error: bad wiretype") + +// skipField skips past a field of type wire and returns the remaining bytes. +func skipField(b []byte, wire int) ([]byte, error) { + switch wire { + case WireVarint: + _, k := decodeVarint(b) + if k == 0 { + return b, io.ErrUnexpectedEOF + } + b = b[k:] + case WireFixed32: + if len(b) < 4 { + return b, io.ErrUnexpectedEOF + } + b = b[4:] + case WireFixed64: + if len(b) < 8 { + return b, io.ErrUnexpectedEOF + } + b = b[8:] + case WireBytes: + m, k := decodeVarint(b) + if k == 0 || uint64(len(b)-k) < m { + return b, io.ErrUnexpectedEOF + } + b = b[uint64(k)+m:] + case WireStartGroup: + _, i := findEndGroup(b) + if i == -1 { + return b, io.ErrUnexpectedEOF + } + b = b[i:] + default: + return b, fmt.Errorf("proto: can't skip unknown wire type %d", wire) + } + return b, nil +} + +// findEndGroup finds the index of the next EndGroup tag. +// Groups may be nested, so the "next" EndGroup tag is the first +// unpaired EndGroup. +// findEndGroup returns the indexes of the start and end of the EndGroup tag. +// Returns (-1,-1) if it can't find one. +func findEndGroup(b []byte) (int, int) { + depth := 1 + i := 0 + for { + x, n := decodeVarint(b[i:]) + if n == 0 { + return -1, -1 + } + j := i + i += n + switch x & 7 { + case WireVarint: + _, k := decodeVarint(b[i:]) + if k == 0 { + return -1, -1 + } + i += k + case WireFixed32: + if len(b)-4 < i { + return -1, -1 + } + i += 4 + case WireFixed64: + if len(b)-8 < i { + return -1, -1 + } + i += 8 + case WireBytes: + m, k := decodeVarint(b[i:]) + if k == 0 { + return -1, -1 + } + i += k + if uint64(len(b)-i) < m { + return -1, -1 + } + i += int(m) + case WireStartGroup: + depth++ + case WireEndGroup: + depth-- + if depth == 0 { + return j, i + } + default: + return -1, -1 + } + } +} + +// encodeVarint appends a varint-encoded integer to b and returns the result. +func encodeVarint(b []byte, x uint64) []byte { + for x >= 1<<7 { + b = append(b, byte(x&0x7f|0x80)) + x >>= 7 + } + return append(b, byte(x)) +} + +// decodeVarint reads a varint-encoded integer from b. +// Returns the decoded integer and the number of bytes read. +// If there is an error, it returns 0,0. +func decodeVarint(b []byte) (uint64, int) { + var x, y uint64 + if len(b) == 0 { + goto bad + } + x = uint64(b[0]) + if x < 0x80 { + return x, 1 + } + x -= 0x80 + + if len(b) <= 1 { + goto bad + } + y = uint64(b[1]) + x += y << 7 + if y < 0x80 { + return x, 2 + } + x -= 0x80 << 7 + + if len(b) <= 2 { + goto bad + } + y = uint64(b[2]) + x += y << 14 + if y < 0x80 { + return x, 3 + } + x -= 0x80 << 14 + + if len(b) <= 3 { + goto bad + } + y = uint64(b[3]) + x += y << 21 + if y < 0x80 { + return x, 4 + } + x -= 0x80 << 21 + + if len(b) <= 4 { + goto bad + } + y = uint64(b[4]) + x += y << 28 + if y < 0x80 { + return x, 5 + } + x -= 0x80 << 28 + + if len(b) <= 5 { + goto bad + } + y = uint64(b[5]) + x += y << 35 + if y < 0x80 { + return x, 6 + } + x -= 0x80 << 35 + + if len(b) <= 6 { + goto bad + } + y = uint64(b[6]) + x += y << 42 + if y < 0x80 { + return x, 7 + } + x -= 0x80 << 42 + + if len(b) <= 7 { + goto bad + } + y = uint64(b[7]) + x += y << 49 + if y < 0x80 { + return x, 8 + } + x -= 0x80 << 49 + + if len(b) <= 8 { + goto bad + } + y = uint64(b[8]) + x += y << 56 + if y < 0x80 { + return x, 9 + } + x -= 0x80 << 56 + + if len(b) <= 9 { + goto bad + } + y = uint64(b[9]) + x += y << 63 + if y < 2 { + return x, 10 + } + +bad: + return 0, 0 +} diff --git a/vendor/github.com/golang/protobuf/proto/text.go b/vendor/github.com/golang/protobuf/proto/text.go new file mode 100644 index 0000000..1aaee72 --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/text.go @@ -0,0 +1,843 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +// Functions for writing the text protocol buffer format. + +import ( + "bufio" + "bytes" + "encoding" + "errors" + "fmt" + "io" + "log" + "math" + "reflect" + "sort" + "strings" +) + +var ( + newline = []byte("\n") + spaces = []byte(" ") + endBraceNewline = []byte("}\n") + backslashN = []byte{'\\', 'n'} + backslashR = []byte{'\\', 'r'} + backslashT = []byte{'\\', 't'} + backslashDQ = []byte{'\\', '"'} + backslashBS = []byte{'\\', '\\'} + posInf = []byte("inf") + negInf = []byte("-inf") + nan = []byte("nan") +) + +type writer interface { + io.Writer + WriteByte(byte) error +} + +// textWriter is an io.Writer that tracks its indentation level. +type textWriter struct { + ind int + complete bool // if the current position is a complete line + compact bool // whether to write out as a one-liner + w writer +} + +func (w *textWriter) WriteString(s string) (n int, err error) { + if !strings.Contains(s, "\n") { + if !w.compact && w.complete { + w.writeIndent() + } + w.complete = false + return io.WriteString(w.w, s) + } + // WriteString is typically called without newlines, so this + // codepath and its copy are rare. We copy to avoid + // duplicating all of Write's logic here. + return w.Write([]byte(s)) +} + +func (w *textWriter) Write(p []byte) (n int, err error) { + newlines := bytes.Count(p, newline) + if newlines == 0 { + if !w.compact && w.complete { + w.writeIndent() + } + n, err = w.w.Write(p) + w.complete = false + return n, err + } + + frags := bytes.SplitN(p, newline, newlines+1) + if w.compact { + for i, frag := range frags { + if i > 0 { + if err := w.w.WriteByte(' '); err != nil { + return n, err + } + n++ + } + nn, err := w.w.Write(frag) + n += nn + if err != nil { + return n, err + } + } + return n, nil + } + + for i, frag := range frags { + if w.complete { + w.writeIndent() + } + nn, err := w.w.Write(frag) + n += nn + if err != nil { + return n, err + } + if i+1 < len(frags) { + if err := w.w.WriteByte('\n'); err != nil { + return n, err + } + n++ + } + } + w.complete = len(frags[len(frags)-1]) == 0 + return n, nil +} + +func (w *textWriter) WriteByte(c byte) error { + if w.compact && c == '\n' { + c = ' ' + } + if !w.compact && w.complete { + w.writeIndent() + } + err := w.w.WriteByte(c) + w.complete = c == '\n' + return err +} + +func (w *textWriter) indent() { w.ind++ } + +func (w *textWriter) unindent() { + if w.ind == 0 { + log.Print("proto: textWriter unindented too far") + return + } + w.ind-- +} + +func writeName(w *textWriter, props *Properties) error { + if _, err := w.WriteString(props.OrigName); err != nil { + return err + } + if props.Wire != "group" { + return w.WriteByte(':') + } + return nil +} + +func requiresQuotes(u string) bool { + // When type URL contains any characters except [0-9A-Za-z./\-]*, it must be quoted. + for _, ch := range u { + switch { + case ch == '.' || ch == '/' || ch == '_': + continue + case '0' <= ch && ch <= '9': + continue + case 'A' <= ch && ch <= 'Z': + continue + case 'a' <= ch && ch <= 'z': + continue + default: + return true + } + } + return false +} + +// isAny reports whether sv is a google.protobuf.Any message +func isAny(sv reflect.Value) bool { + type wkt interface { + XXX_WellKnownType() string + } + t, ok := sv.Addr().Interface().(wkt) + return ok && t.XXX_WellKnownType() == "Any" +} + +// writeProto3Any writes an expanded google.protobuf.Any message. +// +// It returns (false, nil) if sv value can't be unmarshaled (e.g. because +// required messages are not linked in). +// +// It returns (true, error) when sv was written in expanded format or an error +// was encountered. +func (tm *TextMarshaler) writeProto3Any(w *textWriter, sv reflect.Value) (bool, error) { + turl := sv.FieldByName("TypeUrl") + val := sv.FieldByName("Value") + if !turl.IsValid() || !val.IsValid() { + return true, errors.New("proto: invalid google.protobuf.Any message") + } + + b, ok := val.Interface().([]byte) + if !ok { + return true, errors.New("proto: invalid google.protobuf.Any message") + } + + parts := strings.Split(turl.String(), "/") + mt := MessageType(parts[len(parts)-1]) + if mt == nil { + return false, nil + } + m := reflect.New(mt.Elem()) + if err := Unmarshal(b, m.Interface().(Message)); err != nil { + return false, nil + } + w.Write([]byte("[")) + u := turl.String() + if requiresQuotes(u) { + writeString(w, u) + } else { + w.Write([]byte(u)) + } + if w.compact { + w.Write([]byte("]:<")) + } else { + w.Write([]byte("]: <\n")) + w.ind++ + } + if err := tm.writeStruct(w, m.Elem()); err != nil { + return true, err + } + if w.compact { + w.Write([]byte("> ")) + } else { + w.ind-- + w.Write([]byte(">\n")) + } + return true, nil +} + +func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error { + if tm.ExpandAny && isAny(sv) { + if canExpand, err := tm.writeProto3Any(w, sv); canExpand { + return err + } + } + st := sv.Type() + sprops := GetProperties(st) + for i := 0; i < sv.NumField(); i++ { + fv := sv.Field(i) + props := sprops.Prop[i] + name := st.Field(i).Name + + if name == "XXX_NoUnkeyedLiteral" { + continue + } + + if strings.HasPrefix(name, "XXX_") { + // There are two XXX_ fields: + // XXX_unrecognized []byte + // XXX_extensions map[int32]proto.Extension + // The first is handled here; + // the second is handled at the bottom of this function. + if name == "XXX_unrecognized" && !fv.IsNil() { + if err := writeUnknownStruct(w, fv.Interface().([]byte)); err != nil { + return err + } + } + continue + } + if fv.Kind() == reflect.Ptr && fv.IsNil() { + // Field not filled in. This could be an optional field or + // a required field that wasn't filled in. Either way, there + // isn't anything we can show for it. + continue + } + if fv.Kind() == reflect.Slice && fv.IsNil() { + // Repeated field that is empty, or a bytes field that is unused. + continue + } + + if props.Repeated && fv.Kind() == reflect.Slice { + // Repeated field. + for j := 0; j < fv.Len(); j++ { + if err := writeName(w, props); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte(' '); err != nil { + return err + } + } + v := fv.Index(j) + if v.Kind() == reflect.Ptr && v.IsNil() { + // A nil message in a repeated field is not valid, + // but we can handle that more gracefully than panicking. + if _, err := w.Write([]byte("\n")); err != nil { + return err + } + continue + } + if err := tm.writeAny(w, v, props); err != nil { + return err + } + if err := w.WriteByte('\n'); err != nil { + return err + } + } + continue + } + if fv.Kind() == reflect.Map { + // Map fields are rendered as a repeated struct with key/value fields. + keys := fv.MapKeys() + sort.Sort(mapKeys(keys)) + for _, key := range keys { + val := fv.MapIndex(key) + if err := writeName(w, props); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte(' '); err != nil { + return err + } + } + // open struct + if err := w.WriteByte('<'); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte('\n'); err != nil { + return err + } + } + w.indent() + // key + if _, err := w.WriteString("key:"); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte(' '); err != nil { + return err + } + } + if err := tm.writeAny(w, key, props.MapKeyProp); err != nil { + return err + } + if err := w.WriteByte('\n'); err != nil { + return err + } + // nil values aren't legal, but we can avoid panicking because of them. + if val.Kind() != reflect.Ptr || !val.IsNil() { + // value + if _, err := w.WriteString("value:"); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte(' '); err != nil { + return err + } + } + if err := tm.writeAny(w, val, props.MapValProp); err != nil { + return err + } + if err := w.WriteByte('\n'); err != nil { + return err + } + } + // close struct + w.unindent() + if err := w.WriteByte('>'); err != nil { + return err + } + if err := w.WriteByte('\n'); err != nil { + return err + } + } + continue + } + if props.proto3 && fv.Kind() == reflect.Slice && fv.Len() == 0 { + // empty bytes field + continue + } + if fv.Kind() != reflect.Ptr && fv.Kind() != reflect.Slice { + // proto3 non-repeated scalar field; skip if zero value + if isProto3Zero(fv) { + continue + } + } + + if fv.Kind() == reflect.Interface { + // Check if it is a oneof. + if st.Field(i).Tag.Get("protobuf_oneof") != "" { + // fv is nil, or holds a pointer to generated struct. + // That generated struct has exactly one field, + // which has a protobuf struct tag. + if fv.IsNil() { + continue + } + inner := fv.Elem().Elem() // interface -> *T -> T + tag := inner.Type().Field(0).Tag.Get("protobuf") + props = new(Properties) // Overwrite the outer props var, but not its pointee. + props.Parse(tag) + // Write the value in the oneof, not the oneof itself. + fv = inner.Field(0) + + // Special case to cope with malformed messages gracefully: + // If the value in the oneof is a nil pointer, don't panic + // in writeAny. + if fv.Kind() == reflect.Ptr && fv.IsNil() { + // Use errors.New so writeAny won't render quotes. + msg := errors.New("/* nil */") + fv = reflect.ValueOf(&msg).Elem() + } + } + } + + if err := writeName(w, props); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte(' '); err != nil { + return err + } + } + + // Enums have a String method, so writeAny will work fine. + if err := tm.writeAny(w, fv, props); err != nil { + return err + } + + if err := w.WriteByte('\n'); err != nil { + return err + } + } + + // Extensions (the XXX_extensions field). + pv := sv.Addr() + if _, err := extendable(pv.Interface()); err == nil { + if err := tm.writeExtensions(w, pv); err != nil { + return err + } + } + + return nil +} + +// writeAny writes an arbitrary field. +func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Properties) error { + v = reflect.Indirect(v) + + // Floats have special cases. + if v.Kind() == reflect.Float32 || v.Kind() == reflect.Float64 { + x := v.Float() + var b []byte + switch { + case math.IsInf(x, 1): + b = posInf + case math.IsInf(x, -1): + b = negInf + case math.IsNaN(x): + b = nan + } + if b != nil { + _, err := w.Write(b) + return err + } + // Other values are handled below. + } + + // We don't attempt to serialise every possible value type; only those + // that can occur in protocol buffers. + switch v.Kind() { + case reflect.Slice: + // Should only be a []byte; repeated fields are handled in writeStruct. + if err := writeString(w, string(v.Bytes())); err != nil { + return err + } + case reflect.String: + if err := writeString(w, v.String()); err != nil { + return err + } + case reflect.Struct: + // Required/optional group/message. + var bra, ket byte = '<', '>' + if props != nil && props.Wire == "group" { + bra, ket = '{', '}' + } + if err := w.WriteByte(bra); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte('\n'); err != nil { + return err + } + } + w.indent() + if v.CanAddr() { + // Calling v.Interface on a struct causes the reflect package to + // copy the entire struct. This is racy with the new Marshaler + // since we atomically update the XXX_sizecache. + // + // Thus, we retrieve a pointer to the struct if possible to avoid + // a race since v.Interface on the pointer doesn't copy the struct. + // + // If v is not addressable, then we are not worried about a race + // since it implies that the binary Marshaler cannot possibly be + // mutating this value. + v = v.Addr() + } + if etm, ok := v.Interface().(encoding.TextMarshaler); ok { + text, err := etm.MarshalText() + if err != nil { + return err + } + if _, err = w.Write(text); err != nil { + return err + } + } else { + if v.Kind() == reflect.Ptr { + v = v.Elem() + } + if err := tm.writeStruct(w, v); err != nil { + return err + } + } + w.unindent() + if err := w.WriteByte(ket); err != nil { + return err + } + default: + _, err := fmt.Fprint(w, v.Interface()) + return err + } + return nil +} + +// equivalent to C's isprint. +func isprint(c byte) bool { + return c >= 0x20 && c < 0x7f +} + +// writeString writes a string in the protocol buffer text format. +// It is similar to strconv.Quote except we don't use Go escape sequences, +// we treat the string as a byte sequence, and we use octal escapes. +// These differences are to maintain interoperability with the other +// languages' implementations of the text format. +func writeString(w *textWriter, s string) error { + // use WriteByte here to get any needed indent + if err := w.WriteByte('"'); err != nil { + return err + } + // Loop over the bytes, not the runes. + for i := 0; i < len(s); i++ { + var err error + // Divergence from C++: we don't escape apostrophes. + // There's no need to escape them, and the C++ parser + // copes with a naked apostrophe. + switch c := s[i]; c { + case '\n': + _, err = w.w.Write(backslashN) + case '\r': + _, err = w.w.Write(backslashR) + case '\t': + _, err = w.w.Write(backslashT) + case '"': + _, err = w.w.Write(backslashDQ) + case '\\': + _, err = w.w.Write(backslashBS) + default: + if isprint(c) { + err = w.w.WriteByte(c) + } else { + _, err = fmt.Fprintf(w.w, "\\%03o", c) + } + } + if err != nil { + return err + } + } + return w.WriteByte('"') +} + +func writeUnknownStruct(w *textWriter, data []byte) (err error) { + if !w.compact { + if _, err := fmt.Fprintf(w, "/* %d unknown bytes */\n", len(data)); err != nil { + return err + } + } + b := NewBuffer(data) + for b.index < len(b.buf) { + x, err := b.DecodeVarint() + if err != nil { + _, err := fmt.Fprintf(w, "/* %v */\n", err) + return err + } + wire, tag := x&7, x>>3 + if wire == WireEndGroup { + w.unindent() + if _, err := w.Write(endBraceNewline); err != nil { + return err + } + continue + } + if _, err := fmt.Fprint(w, tag); err != nil { + return err + } + if wire != WireStartGroup { + if err := w.WriteByte(':'); err != nil { + return err + } + } + if !w.compact || wire == WireStartGroup { + if err := w.WriteByte(' '); err != nil { + return err + } + } + switch wire { + case WireBytes: + buf, e := b.DecodeRawBytes(false) + if e == nil { + _, err = fmt.Fprintf(w, "%q", buf) + } else { + _, err = fmt.Fprintf(w, "/* %v */", e) + } + case WireFixed32: + x, err = b.DecodeFixed32() + err = writeUnknownInt(w, x, err) + case WireFixed64: + x, err = b.DecodeFixed64() + err = writeUnknownInt(w, x, err) + case WireStartGroup: + err = w.WriteByte('{') + w.indent() + case WireVarint: + x, err = b.DecodeVarint() + err = writeUnknownInt(w, x, err) + default: + _, err = fmt.Fprintf(w, "/* unknown wire type %d */", wire) + } + if err != nil { + return err + } + if err = w.WriteByte('\n'); err != nil { + return err + } + } + return nil +} + +func writeUnknownInt(w *textWriter, x uint64, err error) error { + if err == nil { + _, err = fmt.Fprint(w, x) + } else { + _, err = fmt.Fprintf(w, "/* %v */", err) + } + return err +} + +type int32Slice []int32 + +func (s int32Slice) Len() int { return len(s) } +func (s int32Slice) Less(i, j int) bool { return s[i] < s[j] } +func (s int32Slice) Swap(i, j int) { s[i], s[j] = s[j], s[i] } + +// writeExtensions writes all the extensions in pv. +// pv is assumed to be a pointer to a protocol message struct that is extendable. +func (tm *TextMarshaler) writeExtensions(w *textWriter, pv reflect.Value) error { + emap := extensionMaps[pv.Type().Elem()] + ep, _ := extendable(pv.Interface()) + + // Order the extensions by ID. + // This isn't strictly necessary, but it will give us + // canonical output, which will also make testing easier. + m, mu := ep.extensionsRead() + if m == nil { + return nil + } + mu.Lock() + ids := make([]int32, 0, len(m)) + for id := range m { + ids = append(ids, id) + } + sort.Sort(int32Slice(ids)) + mu.Unlock() + + for _, extNum := range ids { + ext := m[extNum] + var desc *ExtensionDesc + if emap != nil { + desc = emap[extNum] + } + if desc == nil { + // Unknown extension. + if err := writeUnknownStruct(w, ext.enc); err != nil { + return err + } + continue + } + + pb, err := GetExtension(ep, desc) + if err != nil { + return fmt.Errorf("failed getting extension: %v", err) + } + + // Repeated extensions will appear as a slice. + if !desc.repeated() { + if err := tm.writeExtension(w, desc.Name, pb); err != nil { + return err + } + } else { + v := reflect.ValueOf(pb) + for i := 0; i < v.Len(); i++ { + if err := tm.writeExtension(w, desc.Name, v.Index(i).Interface()); err != nil { + return err + } + } + } + } + return nil +} + +func (tm *TextMarshaler) writeExtension(w *textWriter, name string, pb interface{}) error { + if _, err := fmt.Fprintf(w, "[%s]:", name); err != nil { + return err + } + if !w.compact { + if err := w.WriteByte(' '); err != nil { + return err + } + } + if err := tm.writeAny(w, reflect.ValueOf(pb), nil); err != nil { + return err + } + if err := w.WriteByte('\n'); err != nil { + return err + } + return nil +} + +func (w *textWriter) writeIndent() { + if !w.complete { + return + } + remain := w.ind * 2 + for remain > 0 { + n := remain + if n > len(spaces) { + n = len(spaces) + } + w.w.Write(spaces[:n]) + remain -= n + } + w.complete = false +} + +// TextMarshaler is a configurable text format marshaler. +type TextMarshaler struct { + Compact bool // use compact text format (one line). + ExpandAny bool // expand google.protobuf.Any messages of known types +} + +// Marshal writes a given protocol buffer in text format. +// The only errors returned are from w. +func (tm *TextMarshaler) Marshal(w io.Writer, pb Message) error { + val := reflect.ValueOf(pb) + if pb == nil || val.IsNil() { + w.Write([]byte("")) + return nil + } + var bw *bufio.Writer + ww, ok := w.(writer) + if !ok { + bw = bufio.NewWriter(w) + ww = bw + } + aw := &textWriter{ + w: ww, + complete: true, + compact: tm.Compact, + } + + if etm, ok := pb.(encoding.TextMarshaler); ok { + text, err := etm.MarshalText() + if err != nil { + return err + } + if _, err = aw.Write(text); err != nil { + return err + } + if bw != nil { + return bw.Flush() + } + return nil + } + // Dereference the received pointer so we don't have outer < and >. + v := reflect.Indirect(val) + if err := tm.writeStruct(aw, v); err != nil { + return err + } + if bw != nil { + return bw.Flush() + } + return nil +} + +// Text is the same as Marshal, but returns the string directly. +func (tm *TextMarshaler) Text(pb Message) string { + var buf bytes.Buffer + tm.Marshal(&buf, pb) + return buf.String() +} + +var ( + defaultTextMarshaler = TextMarshaler{} + compactTextMarshaler = TextMarshaler{Compact: true} +) + +// TODO: consider removing some of the Marshal functions below. + +// MarshalText writes a given protocol buffer in text format. +// The only errors returned are from w. +func MarshalText(w io.Writer, pb Message) error { return defaultTextMarshaler.Marshal(w, pb) } + +// MarshalTextString is the same as MarshalText, but returns the string directly. +func MarshalTextString(pb Message) string { return defaultTextMarshaler.Text(pb) } + +// CompactText writes a given protocol buffer in compact text format (one line). +func CompactText(w io.Writer, pb Message) error { return compactTextMarshaler.Marshal(w, pb) } + +// CompactTextString is the same as CompactText, but returns the string directly. +func CompactTextString(pb Message) string { return compactTextMarshaler.Text(pb) } diff --git a/vendor/github.com/golang/protobuf/proto/text_parser.go b/vendor/github.com/golang/protobuf/proto/text_parser.go new file mode 100644 index 0000000..bb55a3a --- /dev/null +++ b/vendor/github.com/golang/protobuf/proto/text_parser.go @@ -0,0 +1,880 @@ +// Go support for Protocol Buffers - Google's data interchange format +// +// Copyright 2010 The Go Authors. All rights reserved. +// https://github.com/golang/protobuf +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package proto + +// Functions for parsing the Text protocol buffer format. +// TODO: message sets. + +import ( + "encoding" + "errors" + "fmt" + "reflect" + "strconv" + "strings" + "unicode/utf8" +) + +// Error string emitted when deserializing Any and fields are already set +const anyRepeatedlyUnpacked = "Any message unpacked multiple times, or %q already set" + +type ParseError struct { + Message string + Line int // 1-based line number + Offset int // 0-based byte offset from start of input +} + +func (p *ParseError) Error() string { + if p.Line == 1 { + // show offset only for first line + return fmt.Sprintf("line 1.%d: %v", p.Offset, p.Message) + } + return fmt.Sprintf("line %d: %v", p.Line, p.Message) +} + +type token struct { + value string + err *ParseError + line int // line number + offset int // byte number from start of input, not start of line + unquoted string // the unquoted version of value, if it was a quoted string +} + +func (t *token) String() string { + if t.err == nil { + return fmt.Sprintf("%q (line=%d, offset=%d)", t.value, t.line, t.offset) + } + return fmt.Sprintf("parse error: %v", t.err) +} + +type textParser struct { + s string // remaining input + done bool // whether the parsing is finished (success or error) + backed bool // whether back() was called + offset, line int + cur token +} + +func newTextParser(s string) *textParser { + p := new(textParser) + p.s = s + p.line = 1 + p.cur.line = 1 + return p +} + +func (p *textParser) errorf(format string, a ...interface{}) *ParseError { + pe := &ParseError{fmt.Sprintf(format, a...), p.cur.line, p.cur.offset} + p.cur.err = pe + p.done = true + return pe +} + +// Numbers and identifiers are matched by [-+._A-Za-z0-9] +func isIdentOrNumberChar(c byte) bool { + switch { + case 'A' <= c && c <= 'Z', 'a' <= c && c <= 'z': + return true + case '0' <= c && c <= '9': + return true + } + switch c { + case '-', '+', '.', '_': + return true + } + return false +} + +func isWhitespace(c byte) bool { + switch c { + case ' ', '\t', '\n', '\r': + return true + } + return false +} + +func isQuote(c byte) bool { + switch c { + case '"', '\'': + return true + } + return false +} + +func (p *textParser) skipWhitespace() { + i := 0 + for i < len(p.s) && (isWhitespace(p.s[i]) || p.s[i] == '#') { + if p.s[i] == '#' { + // comment; skip to end of line or input + for i < len(p.s) && p.s[i] != '\n' { + i++ + } + if i == len(p.s) { + break + } + } + if p.s[i] == '\n' { + p.line++ + } + i++ + } + p.offset += i + p.s = p.s[i:len(p.s)] + if len(p.s) == 0 { + p.done = true + } +} + +func (p *textParser) advance() { + // Skip whitespace + p.skipWhitespace() + if p.done { + return + } + + // Start of non-whitespace + p.cur.err = nil + p.cur.offset, p.cur.line = p.offset, p.line + p.cur.unquoted = "" + switch p.s[0] { + case '<', '>', '{', '}', ':', '[', ']', ';', ',', '/': + // Single symbol + p.cur.value, p.s = p.s[0:1], p.s[1:len(p.s)] + case '"', '\'': + // Quoted string + i := 1 + for i < len(p.s) && p.s[i] != p.s[0] && p.s[i] != '\n' { + if p.s[i] == '\\' && i+1 < len(p.s) { + // skip escaped char + i++ + } + i++ + } + if i >= len(p.s) || p.s[i] != p.s[0] { + p.errorf("unmatched quote") + return + } + unq, err := unquoteC(p.s[1:i], rune(p.s[0])) + if err != nil { + p.errorf("invalid quoted string %s: %v", p.s[0:i+1], err) + return + } + p.cur.value, p.s = p.s[0:i+1], p.s[i+1:len(p.s)] + p.cur.unquoted = unq + default: + i := 0 + for i < len(p.s) && isIdentOrNumberChar(p.s[i]) { + i++ + } + if i == 0 { + p.errorf("unexpected byte %#x", p.s[0]) + return + } + p.cur.value, p.s = p.s[0:i], p.s[i:len(p.s)] + } + p.offset += len(p.cur.value) +} + +var ( + errBadUTF8 = errors.New("proto: bad UTF-8") +) + +func unquoteC(s string, quote rune) (string, error) { + // This is based on C++'s tokenizer.cc. + // Despite its name, this is *not* parsing C syntax. + // For instance, "\0" is an invalid quoted string. + + // Avoid allocation in trivial cases. + simple := true + for _, r := range s { + if r == '\\' || r == quote { + simple = false + break + } + } + if simple { + return s, nil + } + + buf := make([]byte, 0, 3*len(s)/2) + for len(s) > 0 { + r, n := utf8.DecodeRuneInString(s) + if r == utf8.RuneError && n == 1 { + return "", errBadUTF8 + } + s = s[n:] + if r != '\\' { + if r < utf8.RuneSelf { + buf = append(buf, byte(r)) + } else { + buf = append(buf, string(r)...) + } + continue + } + + ch, tail, err := unescape(s) + if err != nil { + return "", err + } + buf = append(buf, ch...) + s = tail + } + return string(buf), nil +} + +func unescape(s string) (ch string, tail string, err error) { + r, n := utf8.DecodeRuneInString(s) + if r == utf8.RuneError && n == 1 { + return "", "", errBadUTF8 + } + s = s[n:] + switch r { + case 'a': + return "\a", s, nil + case 'b': + return "\b", s, nil + case 'f': + return "\f", s, nil + case 'n': + return "\n", s, nil + case 'r': + return "\r", s, nil + case 't': + return "\t", s, nil + case 'v': + return "\v", s, nil + case '?': + return "?", s, nil // trigraph workaround + case '\'', '"', '\\': + return string(r), s, nil + case '0', '1', '2', '3', '4', '5', '6', '7': + if len(s) < 2 { + return "", "", fmt.Errorf(`\%c requires 2 following digits`, r) + } + ss := string(r) + s[:2] + s = s[2:] + i, err := strconv.ParseUint(ss, 8, 8) + if err != nil { + return "", "", fmt.Errorf(`\%s contains non-octal digits`, ss) + } + return string([]byte{byte(i)}), s, nil + case 'x', 'X', 'u', 'U': + var n int + switch r { + case 'x', 'X': + n = 2 + case 'u': + n = 4 + case 'U': + n = 8 + } + if len(s) < n { + return "", "", fmt.Errorf(`\%c requires %d following digits`, r, n) + } + ss := s[:n] + s = s[n:] + i, err := strconv.ParseUint(ss, 16, 64) + if err != nil { + return "", "", fmt.Errorf(`\%c%s contains non-hexadecimal digits`, r, ss) + } + if r == 'x' || r == 'X' { + return string([]byte{byte(i)}), s, nil + } + if i > utf8.MaxRune { + return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss) + } + return string(i), s, nil + } + return "", "", fmt.Errorf(`unknown escape \%c`, r) +} + +// Back off the parser by one token. Can only be done between calls to next(). +// It makes the next advance() a no-op. +func (p *textParser) back() { p.backed = true } + +// Advances the parser and returns the new current token. +func (p *textParser) next() *token { + if p.backed || p.done { + p.backed = false + return &p.cur + } + p.advance() + if p.done { + p.cur.value = "" + } else if len(p.cur.value) > 0 && isQuote(p.cur.value[0]) { + // Look for multiple quoted strings separated by whitespace, + // and concatenate them. + cat := p.cur + for { + p.skipWhitespace() + if p.done || !isQuote(p.s[0]) { + break + } + p.advance() + if p.cur.err != nil { + return &p.cur + } + cat.value += " " + p.cur.value + cat.unquoted += p.cur.unquoted + } + p.done = false // parser may have seen EOF, but we want to return cat + p.cur = cat + } + return &p.cur +} + +func (p *textParser) consumeToken(s string) error { + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value != s { + p.back() + return p.errorf("expected %q, found %q", s, tok.value) + } + return nil +} + +// Return a RequiredNotSetError indicating which required field was not set. +func (p *textParser) missingRequiredFieldError(sv reflect.Value) *RequiredNotSetError { + st := sv.Type() + sprops := GetProperties(st) + for i := 0; i < st.NumField(); i++ { + if !isNil(sv.Field(i)) { + continue + } + + props := sprops.Prop[i] + if props.Required { + return &RequiredNotSetError{fmt.Sprintf("%v.%v", st, props.OrigName)} + } + } + return &RequiredNotSetError{fmt.Sprintf("%v.", st)} // should not happen +} + +// Returns the index in the struct for the named field, as well as the parsed tag properties. +func structFieldByName(sprops *StructProperties, name string) (int, *Properties, bool) { + i, ok := sprops.decoderOrigNames[name] + if ok { + return i, sprops.Prop[i], true + } + return -1, nil, false +} + +// Consume a ':' from the input stream (if the next token is a colon), +// returning an error if a colon is needed but not present. +func (p *textParser) checkForColon(props *Properties, typ reflect.Type) *ParseError { + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value != ":" { + // Colon is optional when the field is a group or message. + needColon := true + switch props.Wire { + case "group": + needColon = false + case "bytes": + // A "bytes" field is either a message, a string, or a repeated field; + // those three become *T, *string and []T respectively, so we can check for + // this field being a pointer to a non-string. + if typ.Kind() == reflect.Ptr { + // *T or *string + if typ.Elem().Kind() == reflect.String { + break + } + } else if typ.Kind() == reflect.Slice { + // []T or []*T + if typ.Elem().Kind() != reflect.Ptr { + break + } + } else if typ.Kind() == reflect.String { + // The proto3 exception is for a string field, + // which requires a colon. + break + } + needColon = false + } + if needColon { + return p.errorf("expected ':', found %q", tok.value) + } + p.back() + } + return nil +} + +func (p *textParser) readStruct(sv reflect.Value, terminator string) error { + st := sv.Type() + sprops := GetProperties(st) + reqCount := sprops.reqCount + var reqFieldErr error + fieldSet := make(map[string]bool) + // A struct is a sequence of "name: value", terminated by one of + // '>' or '}', or the end of the input. A name may also be + // "[extension]" or "[type/url]". + // + // The whole struct can also be an expanded Any message, like: + // [type/url] < ... struct contents ... > + for { + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value == terminator { + break + } + if tok.value == "[" { + // Looks like an extension or an Any. + // + // TODO: Check whether we need to handle + // namespace rooted names (e.g. ".something.Foo"). + extName, err := p.consumeExtName() + if err != nil { + return err + } + + if s := strings.LastIndex(extName, "/"); s >= 0 { + // If it contains a slash, it's an Any type URL. + messageName := extName[s+1:] + mt := MessageType(messageName) + if mt == nil { + return p.errorf("unrecognized message %q in google.protobuf.Any", messageName) + } + tok = p.next() + if tok.err != nil { + return tok.err + } + // consume an optional colon + if tok.value == ":" { + tok = p.next() + if tok.err != nil { + return tok.err + } + } + var terminator string + switch tok.value { + case "<": + terminator = ">" + case "{": + terminator = "}" + default: + return p.errorf("expected '{' or '<', found %q", tok.value) + } + v := reflect.New(mt.Elem()) + if pe := p.readStruct(v.Elem(), terminator); pe != nil { + return pe + } + b, err := Marshal(v.Interface().(Message)) + if err != nil { + return p.errorf("failed to marshal message of type %q: %v", messageName, err) + } + if fieldSet["type_url"] { + return p.errorf(anyRepeatedlyUnpacked, "type_url") + } + if fieldSet["value"] { + return p.errorf(anyRepeatedlyUnpacked, "value") + } + sv.FieldByName("TypeUrl").SetString(extName) + sv.FieldByName("Value").SetBytes(b) + fieldSet["type_url"] = true + fieldSet["value"] = true + continue + } + + var desc *ExtensionDesc + // This could be faster, but it's functional. + // TODO: Do something smarter than a linear scan. + for _, d := range RegisteredExtensions(reflect.New(st).Interface().(Message)) { + if d.Name == extName { + desc = d + break + } + } + if desc == nil { + return p.errorf("unrecognized extension %q", extName) + } + + props := &Properties{} + props.Parse(desc.Tag) + + typ := reflect.TypeOf(desc.ExtensionType) + if err := p.checkForColon(props, typ); err != nil { + return err + } + + rep := desc.repeated() + + // Read the extension structure, and set it in + // the value we're constructing. + var ext reflect.Value + if !rep { + ext = reflect.New(typ).Elem() + } else { + ext = reflect.New(typ.Elem()).Elem() + } + if err := p.readAny(ext, props); err != nil { + if _, ok := err.(*RequiredNotSetError); !ok { + return err + } + reqFieldErr = err + } + ep := sv.Addr().Interface().(Message) + if !rep { + SetExtension(ep, desc, ext.Interface()) + } else { + old, err := GetExtension(ep, desc) + var sl reflect.Value + if err == nil { + sl = reflect.ValueOf(old) // existing slice + } else { + sl = reflect.MakeSlice(typ, 0, 1) + } + sl = reflect.Append(sl, ext) + SetExtension(ep, desc, sl.Interface()) + } + if err := p.consumeOptionalSeparator(); err != nil { + return err + } + continue + } + + // This is a normal, non-extension field. + name := tok.value + var dst reflect.Value + fi, props, ok := structFieldByName(sprops, name) + if ok { + dst = sv.Field(fi) + } else if oop, ok := sprops.OneofTypes[name]; ok { + // It is a oneof. + props = oop.Prop + nv := reflect.New(oop.Type.Elem()) + dst = nv.Elem().Field(0) + field := sv.Field(oop.Field) + if !field.IsNil() { + return p.errorf("field '%s' would overwrite already parsed oneof '%s'", name, sv.Type().Field(oop.Field).Name) + } + field.Set(nv) + } + if !dst.IsValid() { + return p.errorf("unknown field name %q in %v", name, st) + } + + if dst.Kind() == reflect.Map { + // Consume any colon. + if err := p.checkForColon(props, dst.Type()); err != nil { + return err + } + + // Construct the map if it doesn't already exist. + if dst.IsNil() { + dst.Set(reflect.MakeMap(dst.Type())) + } + key := reflect.New(dst.Type().Key()).Elem() + val := reflect.New(dst.Type().Elem()).Elem() + + // The map entry should be this sequence of tokens: + // < key : KEY value : VALUE > + // However, implementations may omit key or value, and technically + // we should support them in any order. See b/28924776 for a time + // this went wrong. + + tok := p.next() + var terminator string + switch tok.value { + case "<": + terminator = ">" + case "{": + terminator = "}" + default: + return p.errorf("expected '{' or '<', found %q", tok.value) + } + for { + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value == terminator { + break + } + switch tok.value { + case "key": + if err := p.consumeToken(":"); err != nil { + return err + } + if err := p.readAny(key, props.MapKeyProp); err != nil { + return err + } + if err := p.consumeOptionalSeparator(); err != nil { + return err + } + case "value": + if err := p.checkForColon(props.MapValProp, dst.Type().Elem()); err != nil { + return err + } + if err := p.readAny(val, props.MapValProp); err != nil { + return err + } + if err := p.consumeOptionalSeparator(); err != nil { + return err + } + default: + p.back() + return p.errorf(`expected "key", "value", or %q, found %q`, terminator, tok.value) + } + } + + dst.SetMapIndex(key, val) + continue + } + + // Check that it's not already set if it's not a repeated field. + if !props.Repeated && fieldSet[name] { + return p.errorf("non-repeated field %q was repeated", name) + } + + if err := p.checkForColon(props, dst.Type()); err != nil { + return err + } + + // Parse into the field. + fieldSet[name] = true + if err := p.readAny(dst, props); err != nil { + if _, ok := err.(*RequiredNotSetError); !ok { + return err + } + reqFieldErr = err + } + if props.Required { + reqCount-- + } + + if err := p.consumeOptionalSeparator(); err != nil { + return err + } + + } + + if reqCount > 0 { + return p.missingRequiredFieldError(sv) + } + return reqFieldErr +} + +// consumeExtName consumes extension name or expanded Any type URL and the +// following ']'. It returns the name or URL consumed. +func (p *textParser) consumeExtName() (string, error) { + tok := p.next() + if tok.err != nil { + return "", tok.err + } + + // If extension name or type url is quoted, it's a single token. + if len(tok.value) > 2 && isQuote(tok.value[0]) && tok.value[len(tok.value)-1] == tok.value[0] { + name, err := unquoteC(tok.value[1:len(tok.value)-1], rune(tok.value[0])) + if err != nil { + return "", err + } + return name, p.consumeToken("]") + } + + // Consume everything up to "]" + var parts []string + for tok.value != "]" { + parts = append(parts, tok.value) + tok = p.next() + if tok.err != nil { + return "", p.errorf("unrecognized type_url or extension name: %s", tok.err) + } + if p.done && tok.value != "]" { + return "", p.errorf("unclosed type_url or extension name") + } + } + return strings.Join(parts, ""), nil +} + +// consumeOptionalSeparator consumes an optional semicolon or comma. +// It is used in readStruct to provide backward compatibility. +func (p *textParser) consumeOptionalSeparator() error { + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value != ";" && tok.value != "," { + p.back() + } + return nil +} + +func (p *textParser) readAny(v reflect.Value, props *Properties) error { + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value == "" { + return p.errorf("unexpected EOF") + } + + switch fv := v; fv.Kind() { + case reflect.Slice: + at := v.Type() + if at.Elem().Kind() == reflect.Uint8 { + // Special case for []byte + if tok.value[0] != '"' && tok.value[0] != '\'' { + // Deliberately written out here, as the error after + // this switch statement would write "invalid []byte: ...", + // which is not as user-friendly. + return p.errorf("invalid string: %v", tok.value) + } + bytes := []byte(tok.unquoted) + fv.Set(reflect.ValueOf(bytes)) + return nil + } + // Repeated field. + if tok.value == "[" { + // Repeated field with list notation, like [1,2,3]. + for { + fv.Set(reflect.Append(fv, reflect.New(at.Elem()).Elem())) + err := p.readAny(fv.Index(fv.Len()-1), props) + if err != nil { + return err + } + tok := p.next() + if tok.err != nil { + return tok.err + } + if tok.value == "]" { + break + } + if tok.value != "," { + return p.errorf("Expected ']' or ',' found %q", tok.value) + } + } + return nil + } + // One value of the repeated field. + p.back() + fv.Set(reflect.Append(fv, reflect.New(at.Elem()).Elem())) + return p.readAny(fv.Index(fv.Len()-1), props) + case reflect.Bool: + // true/1/t/True or false/f/0/False. + switch tok.value { + case "true", "1", "t", "True": + fv.SetBool(true) + return nil + case "false", "0", "f", "False": + fv.SetBool(false) + return nil + } + case reflect.Float32, reflect.Float64: + v := tok.value + // Ignore 'f' for compatibility with output generated by C++, but don't + // remove 'f' when the value is "-inf" or "inf". + if strings.HasSuffix(v, "f") && tok.value != "-inf" && tok.value != "inf" { + v = v[:len(v)-1] + } + if f, err := strconv.ParseFloat(v, fv.Type().Bits()); err == nil { + fv.SetFloat(f) + return nil + } + case reflect.Int32: + if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil { + fv.SetInt(x) + return nil + } + + if len(props.Enum) == 0 { + break + } + m, ok := enumValueMaps[props.Enum] + if !ok { + break + } + x, ok := m[tok.value] + if !ok { + break + } + fv.SetInt(int64(x)) + return nil + case reflect.Int64: + if x, err := strconv.ParseInt(tok.value, 0, 64); err == nil { + fv.SetInt(x) + return nil + } + + case reflect.Ptr: + // A basic field (indirected through pointer), or a repeated message/group + p.back() + fv.Set(reflect.New(fv.Type().Elem())) + return p.readAny(fv.Elem(), props) + case reflect.String: + if tok.value[0] == '"' || tok.value[0] == '\'' { + fv.SetString(tok.unquoted) + return nil + } + case reflect.Struct: + var terminator string + switch tok.value { + case "{": + terminator = "}" + case "<": + terminator = ">" + default: + return p.errorf("expected '{' or '<', found %q", tok.value) + } + // TODO: Handle nested messages which implement encoding.TextUnmarshaler. + return p.readStruct(fv, terminator) + case reflect.Uint32: + if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil { + fv.SetUint(uint64(x)) + return nil + } + case reflect.Uint64: + if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil { + fv.SetUint(x) + return nil + } + } + return p.errorf("invalid %v: %v", v.Type(), tok.value) +} + +// UnmarshalText reads a protocol buffer in Text format. UnmarshalText resets pb +// before starting to unmarshal, so any existing data in pb is always removed. +// If a required field is not set and no other error occurs, +// UnmarshalText returns *RequiredNotSetError. +func UnmarshalText(s string, pb Message) error { + if um, ok := pb.(encoding.TextUnmarshaler); ok { + return um.UnmarshalText([]byte(s)) + } + pb.Reset() + v := reflect.ValueOf(pb) + return newTextParser(s).readStruct(v.Elem(), "") +} diff --git a/vendor/github.com/lightningnetwork/lnd/LICENSE b/vendor/github.com/lightningnetwork/lnd/LICENSE new file mode 100644 index 0000000..70f1f0d --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/LICENSE @@ -0,0 +1,19 @@ +Copyright (C) 2015-2018 Lightning Labs and The Lightning Network Developers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/README.md b/vendor/github.com/lightningnetwork/lnd/lnwire/README.md new file mode 100644 index 0000000..a3fe638 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/README.md @@ -0,0 +1,18 @@ +lnwire +====== + +[![Build Status](http://img.shields.io/travis/lightningnetwork/lnd.svg)](https://travis-ci.org/lightningnetwork/lnd) +[![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/lightningnetwork/lnd/blob/master/LICENSE) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/lightningnetwork/lnd/lnwire) + +The lnwire package implements the Lightning Network wire protocol. + +This package has intentionally been designed so it can be used as a standalone +package for any projects needing to interface with lightning peers at the wire +protocol level. + +## Installation and Updating + +```bash +$ go get -u github.com/lightningnetwork/lnd/lnwire +``` diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/accept_channel.go b/vendor/github.com/lightningnetwork/lnd/lnwire/accept_channel.go new file mode 100644 index 0000000..ef1b282 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/accept_channel.go @@ -0,0 +1,158 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcutil" +) + +// AcceptChannel is the message Bob sends to Alice after she initiates the +// single funder channel workflow via an AcceptChannel message. Once Alice +// receives Bob's response, then she has all the items necessary to construct +// the funding transaction, and both commitment transactions. +type AcceptChannel struct { + // PendingChannelID serves to uniquely identify the future channel + // created by the initiated single funder workflow. + PendingChannelID [32]byte + + // DustLimit is the specific dust limit the sender of this message + // would like enforced on their version of the commitment transaction. + // Any output below this value will be "trimmed" from the commitment + // transaction, with the amount of the HTLC going to dust. + DustLimit btcutil.Amount + + // MaxValueInFlight represents the maximum amount of coins that can be + // pending within the channel at any given time. If the amount of funds + // in limbo exceeds this amount, then the channel will be failed. + MaxValueInFlight MilliSatoshi + + // ChannelReserve is the amount of BTC that the receiving party MUST + // maintain a balance above at all times. This is a safety mechanism to + // ensure that both sides always have skin in the game during the + // channel's lifetime. + ChannelReserve btcutil.Amount + + // HtlcMinimum is the smallest HTLC that the sender of this message + // will accept. + HtlcMinimum MilliSatoshi + + // MinAcceptDepth is the minimum depth that the initiator of the + // channel should wait before considering the channel open. + MinAcceptDepth uint32 + + // CsvDelay is the number of blocks to use for the relative time lock + // in the pay-to-self output of both commitment transactions. + CsvDelay uint16 + + // MaxAcceptedHTLCs is the total number of incoming HTLC's that the + // sender of this channel will accept. + // + // TODO(roasbeef): acks the initiator's, same with max in flight? + MaxAcceptedHTLCs uint16 + + // FundingKey is the key that should be used on behalf of the sender + // within the 2-of-2 multi-sig output that it contained within the + // funding transaction. + FundingKey *btcec.PublicKey + + // RevocationPoint is the base revocation point for the sending party. + // Any commitment transaction belonging to the receiver of this message + // should use this key and their per-commitment point to derive the + // revocation key for the commitment transaction. + RevocationPoint *btcec.PublicKey + + // PaymentPoint is the base payment point for the sending party. This + // key should be combined with the per commitment point for a + // particular commitment state in order to create the key that should + // be used in any output that pays directly to the sending party, and + // also within the HTLC covenant transactions. + PaymentPoint *btcec.PublicKey + + // DelayedPaymentPoint is the delay point for the sending party. This + // key should be combined with the per commitment point to derive the + // keys that are used in outputs of the sender's commitment transaction + // where they claim funds. + DelayedPaymentPoint *btcec.PublicKey + + // HtlcPoint is the base point used to derive the set of keys for this + // party that will be used within the HTLC public key scripts. This + // value is combined with the receiver's revocation base point in order + // to derive the keys that are used within HTLC scripts. + HtlcPoint *btcec.PublicKey + + // FirstCommitmentPoint is the first commitment point for the sending + // party. This value should be combined with the receiver's revocation + // base point in order to derive the revocation keys that are placed + // within the commitment transaction of the sender. + FirstCommitmentPoint *btcec.PublicKey +} + +// A compile time check to ensure AcceptChannel implements the lnwire.Message +// interface. +var _ Message = (*AcceptChannel)(nil) + +// Encode serializes the target AcceptChannel into the passed io.Writer +// implementation. Serialization will observe the rules defined by the passed +// protocol version. +// +// This is part of the lnwire.Message interface. +func (a *AcceptChannel) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + a.PendingChannelID[:], + a.DustLimit, + a.MaxValueInFlight, + a.ChannelReserve, + a.HtlcMinimum, + a.MinAcceptDepth, + a.CsvDelay, + a.MaxAcceptedHTLCs, + a.FundingKey, + a.RevocationPoint, + a.PaymentPoint, + a.DelayedPaymentPoint, + a.HtlcPoint, + a.FirstCommitmentPoint, + ) +} + +// Decode deserializes the serialized AcceptChannel stored in the passed +// io.Reader into the target AcceptChannel using the deserialization rules +// defined by the passed protocol version. +// +// This is part of the lnwire.Message interface. +func (a *AcceptChannel) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + a.PendingChannelID[:], + &a.DustLimit, + &a.MaxValueInFlight, + &a.ChannelReserve, + &a.HtlcMinimum, + &a.MinAcceptDepth, + &a.CsvDelay, + &a.MaxAcceptedHTLCs, + &a.FundingKey, + &a.RevocationPoint, + &a.PaymentPoint, + &a.DelayedPaymentPoint, + &a.HtlcPoint, + &a.FirstCommitmentPoint, + ) +} + +// MsgType returns the MessageType code which uniquely identifies this message +// as an AcceptChannel on the wire. +// +// This is part of the lnwire.Message interface. +func (a *AcceptChannel) MsgType() MessageType { + return MsgAcceptChannel +} + +// MaxPayloadLength returns the maximum allowed payload length for a +// AcceptChannel message. +// +// This is part of the lnwire.Message interface. +func (a *AcceptChannel) MaxPayloadLength(uint32) uint32 { + // 32 + (8 * 4) + (4 * 1) + (2 * 2) + (33 * 6) + return 270 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/announcement_signatures.go b/vendor/github.com/lightningnetwork/lnd/lnwire/announcement_signatures.go new file mode 100644 index 0000000..0124521 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/announcement_signatures.go @@ -0,0 +1,108 @@ +package lnwire + +import ( + "io" + "io/ioutil" +) + +// AnnounceSignatures this is a direct message between two endpoints of a +// channel and serves as an opt-in mechanism to allow the announcement of +// the channel to the rest of the network. It contains the necessary +// signatures by the sender to construct the channel announcement message. +type AnnounceSignatures struct { + // ChannelID is the unique description of the funding transaction. + // Channel id is better for users and debugging and short channel id is + // used for quick test on existence of the particular utxo inside the + // block chain, because it contains information about block. + ChannelID ChannelID + + // ShortChannelID is the unique description of the funding + // transaction. It is constructed with the most significant 3 bytes + // as the block height, the next 3 bytes indicating the transaction + // index within the block, and the least significant two bytes + // indicating the output index which pays to the channel. + ShortChannelID ShortChannelID + + // NodeSignature is the signature which contains the signed announce + // channel message, by this signature we proof that we possess of the + // node pub key and creating the reference node_key -> bitcoin_key. + NodeSignature Sig + + // BitcoinSignature is the signature which contains the signed node + // public key, by this signature we proof that we possess of the + // bitcoin key and and creating the reverse reference bitcoin_key -> + // node_key. + BitcoinSignature Sig + + // ExtraOpaqueData is the set of data that was appended to this + // message, some of which we may not actually know how to iterate or + // parse. By holding onto this data, we ensure that we're able to + // properly validate the set of signatures that cover these new fields, + // and ensure we're able to make upgrades to the network in a forwards + // compatible manner. + ExtraOpaqueData []byte +} + +// A compile time check to ensure AnnounceSignatures implements the +// lnwire.Message interface. +var _ Message = (*AnnounceSignatures)(nil) + +// Decode deserializes a serialized AnnounceSignatures stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *AnnounceSignatures) Decode(r io.Reader, pver uint32) error { + err := ReadElements(r, + &a.ChannelID, + &a.ShortChannelID, + &a.NodeSignature, + &a.BitcoinSignature, + ) + if err != nil { + return err + } + + // Now that we've read out all the fields that we explicitly know of, + // we'll collect the remainder into the ExtraOpaqueData field. If there + // aren't any bytes, then we'll snip off the slice to avoid carrying + // around excess capacity. + a.ExtraOpaqueData, err = ioutil.ReadAll(r) + if err != nil { + return err + } + if len(a.ExtraOpaqueData) == 0 { + a.ExtraOpaqueData = nil + } + + return nil +} + +// Encode serializes the target AnnounceSignatures into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (a *AnnounceSignatures) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + a.ChannelID, + a.ShortChannelID, + a.NodeSignature, + a.BitcoinSignature, + a.ExtraOpaqueData, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (a *AnnounceSignatures) MsgType() MessageType { + return MsgAnnounceSignatures +} + +// MaxPayloadLength returns the maximum allowed payload size for this message +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *AnnounceSignatures) MaxPayloadLength(pver uint32) uint32 { + return 65533 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/channel_announcement.go b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_announcement.go new file mode 100644 index 0000000..46efeed --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_announcement.go @@ -0,0 +1,160 @@ +package lnwire + +import ( + "bytes" + "io" + "io/ioutil" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// ChannelAnnouncement message is used to announce the existence of a channel +// between two peers in the overlay, which is propagated by the discovery +// service over broadcast handler. +type ChannelAnnouncement struct { + // This signatures are used by nodes in order to create cross + // references between node's channel and node. Requiring both nodes + // to sign indicates they are both willing to route other payments via + // this node. + NodeSig1 Sig + NodeSig2 Sig + + // This signatures are used by nodes in order to create cross + // references between node's channel and node. Requiring the bitcoin + // signatures proves they control the channel. + BitcoinSig1 Sig + BitcoinSig2 Sig + + // Features is the feature vector that encodes the features supported + // by the target node. This field can be used to signal the type of the + // channel, or modifications to the fields that would normally follow + // this vector. + Features *RawFeatureVector + + // ChainHash denotes the target chain that this channel was opened + // within. This value should be the genesis hash of the target chain. + ChainHash chainhash.Hash + + // ShortChannelID is the unique description of the funding transaction, + // or where exactly it's located within the target blockchain. + ShortChannelID ShortChannelID + + // The public keys of the two nodes who are operating the channel, such + // that is NodeID1 the numerically-lesser than NodeID2 (ascending + // numerical order). + NodeID1 [33]byte + NodeID2 [33]byte + + // Public keys which corresponds to the keys which was declared in + // multisig funding transaction output. + BitcoinKey1 [33]byte + BitcoinKey2 [33]byte + + // ExtraOpaqueData is the set of data that was appended to this + // message, some of which we may not actually know how to iterate or + // parse. By holding onto this data, we ensure that we're able to + // properly validate the set of signatures that cover these new fields, + // and ensure we're able to make upgrades to the network in a forwards + // compatible manner. + ExtraOpaqueData []byte +} + +// A compile time check to ensure ChannelAnnouncement implements the +// lnwire.Message interface. +var _ Message = (*ChannelAnnouncement)(nil) + +// Decode deserializes a serialized ChannelAnnouncement stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *ChannelAnnouncement) Decode(r io.Reader, pver uint32) error { + err := ReadElements(r, + &a.NodeSig1, + &a.NodeSig2, + &a.BitcoinSig1, + &a.BitcoinSig2, + &a.Features, + a.ChainHash[:], + &a.ShortChannelID, + &a.NodeID1, + &a.NodeID2, + &a.BitcoinKey1, + &a.BitcoinKey2, + ) + if err != nil { + return err + } + + // Now that we've read out all the fields that we explicitly know of, + // we'll collect the remainder into the ExtraOpaqueData field. If there + // aren't any bytes, then we'll snip off the slice to avoid carrying + // around excess capacity. + a.ExtraOpaqueData, err = ioutil.ReadAll(r) + if err != nil { + return err + } + if len(a.ExtraOpaqueData) == 0 { + a.ExtraOpaqueData = nil + } + + return nil +} + +// Encode serializes the target ChannelAnnouncement into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (a *ChannelAnnouncement) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + a.NodeSig1, + a.NodeSig2, + a.BitcoinSig1, + a.BitcoinSig2, + a.Features, + a.ChainHash[:], + a.ShortChannelID, + a.NodeID1, + a.NodeID2, + a.BitcoinKey1, + a.BitcoinKey2, + a.ExtraOpaqueData, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (a *ChannelAnnouncement) MsgType() MessageType { + return MsgChannelAnnouncement +} + +// MaxPayloadLength returns the maximum allowed payload size for this message +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *ChannelAnnouncement) MaxPayloadLength(pver uint32) uint32 { + return 65533 +} + +// DataToSign is used to retrieve part of the announcement message which should +// be signed. +func (a *ChannelAnnouncement) DataToSign() ([]byte, error) { + // We should not include the signatures itself. + var w bytes.Buffer + err := WriteElements(&w, + a.Features, + a.ChainHash[:], + a.ShortChannelID, + a.NodeID1, + a.NodeID2, + a.BitcoinKey1, + a.BitcoinKey2, + a.ExtraOpaqueData, + ) + if err != nil { + return nil, err + } + + return w.Bytes(), nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/channel_id.go b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_id.go new file mode 100644 index 0000000..8e8ef67 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_id.go @@ -0,0 +1,91 @@ +package lnwire + +import ( + "encoding/binary" + "encoding/hex" + "math" + + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" +) + +const ( + // MaxFundingTxOutputs is the maximum number of allowed outputs on a + // funding transaction within the protocol. This is due to the fact + // that we use 2-bytes to encode the index within the funding output + // during the funding workflow. Funding transaction with more outputs + // than this are considered invalid within the protocol. + MaxFundingTxOutputs = math.MaxUint16 +) + +// ChannelID is a series of 32-bytes that uniquely identifies all channels +// within the network. The ChannelID is computed using the outpoint of the +// funding transaction (the txid, and output index). Given a funding output the +// ChannelID can be calculated by XOR'ing the big-endian serialization of the +// txid and the big-endian serialization of the output index, truncated to +// 2 bytes. +type ChannelID [32]byte + +// ConnectionWideID is an all-zero ChannelID, which is used to represent a +// message intended for all channels to specific peer. +var ConnectionWideID = ChannelID{} + +// String returns the string representation of the ChannelID. This is just the +// hex string encoding of the ChannelID itself. +func (c ChannelID) String() string { + return hex.EncodeToString(c[:]) +} + +// NewChanIDFromOutPoint converts a target OutPoint into a ChannelID that is +// usable within the network. In order to convert the OutPoint into a ChannelID, +// we XOR the lower 2-bytes of the txid within the OutPoint with the big-endian +// serialization of the Index of the OutPoint, truncated to 2-bytes. +func NewChanIDFromOutPoint(op *wire.OutPoint) ChannelID { + // First we'll copy the txid of the outpoint into our channel ID slice. + var cid ChannelID + copy(cid[:], op.Hash[:]) + + // With the txid copied over, we'll now XOR the lower 2-bytes of the + // partial channelID with big-endian serialization of output index. + xorTxid(&cid, uint16(op.Index)) + + return cid +} + +// xorTxid performs the transformation needed to transform an OutPoint into a +// ChannelID. To do this, we expect the cid parameter to contain the txid +// unaltered and the outputIndex to be the output index +func xorTxid(cid *ChannelID, outputIndex uint16) { + var buf [32]byte + binary.BigEndian.PutUint16(buf[30:], outputIndex) + + cid[30] = cid[30] ^ buf[30] + cid[31] = cid[31] ^ buf[31] +} + +// GenPossibleOutPoints generates all the possible outputs given a channel ID. +// In order to generate these possible outpoints, we perform a brute-force +// search through the candidate output index space, performing a reverse +// mapping from channelID back to OutPoint. +func (c *ChannelID) GenPossibleOutPoints() [MaxFundingTxOutputs]wire.OutPoint { + var possiblePoints [MaxFundingTxOutputs]wire.OutPoint + for i := uint32(0); i < MaxFundingTxOutputs; i++ { + cidCopy := *c + xorTxid(&cidCopy, uint16(i)) + + possiblePoints[i] = wire.OutPoint{ + Hash: chainhash.Hash(cidCopy), + Index: i, + } + } + + return possiblePoints +} + +// IsChanPoint returns true if the OutPoint passed corresponds to the target +// ChannelID. +func (c ChannelID) IsChanPoint(op *wire.OutPoint) bool { + candidateCid := NewChanIDFromOutPoint(op) + + return candidateCid == c +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/channel_reestablish.go b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_reestablish.go new file mode 100644 index 0000000..42abcf9 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_reestablish.go @@ -0,0 +1,166 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/btcec" +) + +// ChannelReestablish is a message sent between peers that have an existing +// open channel upon connection reestablishment. This message allows both sides +// to report their local state, and their current knowledge of the state of the +// remote commitment chain. If a deviation is detected and can be recovered +// from, then the necessary messages will be retransmitted. If the level of +// desynchronization if irreconcilable, then the channel will be force closed. +type ChannelReestablish struct { + // ChanID is the channel ID of the channel state we're attempting + // synchronize with the remote party. + ChanID ChannelID + + // NextLocalCommitHeight is the next local commitment height of the + // sending party. If the height of the sender's commitment chain from + // the receiver's Pov is one less that this number, then the sender + // should re-send the *exact* same proposed commitment. + // + // In other words, the receiver should re-send their last sent + // commitment iff: + // + // * NextLocalCommitHeight == remoteCommitChain.Height + // + // This covers the case of a lost commitment which was sent by the + // sender of this message, but never received by the receiver of this + // message. + NextLocalCommitHeight uint64 + + // RemoteCommitTailHeight is the height of the receiving party's + // unrevoked commitment from the PoV of the sender of this message. If + // the height of the receiver's commitment is *one more* than this + // value, then their prior RevokeAndAck message should be + // retransmitted. + // + // In other words, the receiver should re-send their last sent + // RevokeAndAck message iff: + // + // * localCommitChain.tail().Height == RemoteCommitTailHeight + 1 + // + // This covers the case of a lost revocation, wherein the receiver of + // the message sent a revocation for a prior state, but the sender of + // the message never fully processed it. + RemoteCommitTailHeight uint64 + + // LastRemoteCommitSecret is the last commitment secret that the + // receiving node has sent to the sending party. This will be the + // secret of the last revoked commitment transaction. Including this + // provides proof that the sending node at least knows of this state, + // as they couldn't have produced it if it wasn't sent, as the value + // can be authenticated by querying the shachain or the receiving + // party. + LastRemoteCommitSecret [32]byte + + // LocalUnrevokedCommitPoint is the commitment point used in the + // current un-revoked commitment transaction of the sending party. + LocalUnrevokedCommitPoint *btcec.PublicKey +} + +// A compile time check to ensure ChannelReestablish implements the +// lnwire.Message interface. +var _ Message = (*ChannelReestablish)(nil) + +// Encode serializes the target ChannelReestablish into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (a *ChannelReestablish) Encode(w io.Writer, pver uint32) error { + err := WriteElements(w, + a.ChanID, + a.NextLocalCommitHeight, + a.RemoteCommitTailHeight, + ) + if err != nil { + return err + } + + // If the commit point wasn't sent, then we won't write out any of the + // remaining fields as they're optional. + if a.LocalUnrevokedCommitPoint == nil { + return nil + } + + // Otherwise, we'll write out the remaining elements. + return WriteElements(w, a.LastRemoteCommitSecret[:], + a.LocalUnrevokedCommitPoint) +} + +// Decode deserializes a serialized ChannelReestablish stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *ChannelReestablish) Decode(r io.Reader, pver uint32) error { + err := ReadElements(r, + &a.ChanID, + &a.NextLocalCommitHeight, + &a.RemoteCommitTailHeight, + ) + if err != nil { + return err + } + + // This message has to currently defined optional fields. As a result, + // we'll only proceed if there's still bytes remaining within the + // reader. + // + // We'll manually parse out the optional fields in order to be able to + // still utilize the io.Reader interface. + + // We'll first attempt to read the optional commit secret, if we're at + // the EOF, then this means the field wasn't included so we can exit + // early. + var buf [32]byte + _, err = io.ReadFull(r, buf[:32]) + if err == io.EOF { + return nil + } else if err != nil { + return err + } + + // If the field is present, then we'll copy it over and proceed. + copy(a.LastRemoteCommitSecret[:], buf[:]) + + // We'll conclude by parsing out the commitment point. We don't check + // the error in this case, as it hey included the commit secret, then + // they MUST also include the commit point. + return ReadElement(r, &a.LocalUnrevokedCommitPoint) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (a *ChannelReestablish) MsgType() MessageType { + return MsgChannelReestablish +} + +// MaxPayloadLength returns the maximum allowed payload size for this message +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *ChannelReestablish) MaxPayloadLength(pver uint32) uint32 { + var length uint32 + + // ChanID - 32 bytes + length += 32 + + // NextLocalCommitHeight - 8 bytes + length += 8 + + // RemoteCommitTailHeight - 8 bytes + length += 8 + + // LastRemoteCommitSecret - 32 bytes + length += 32 + + // LocalUnrevokedCommitPoint - 33 bytes + length += 33 + + return length +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/channel_update.go b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_update.go new file mode 100644 index 0000000..fd62764 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/channel_update.go @@ -0,0 +1,253 @@ +package lnwire + +import ( + "bytes" + "fmt" + "io" + "io/ioutil" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// ChanUpdateMsgFlags is a bitfield that signals whether optional fields are +// present in the ChannelUpdate. +type ChanUpdateMsgFlags uint8 + +const ( + // ChanUpdateOptionMaxHtlc is a bit that indicates whether the + // optional htlc_maximum_msat field is present in this ChannelUpdate. + ChanUpdateOptionMaxHtlc ChanUpdateMsgFlags = 1 << iota +) + +// String returns the bitfield flags as a string. +func (c ChanUpdateMsgFlags) String() string { + return fmt.Sprintf("%08b", c) +} + +// HasMaxHtlc returns true if the htlc_maximum_msat option bit is set in the +// message flags. +func (c ChanUpdateMsgFlags) HasMaxHtlc() bool { + return c&ChanUpdateOptionMaxHtlc != 0 +} + +// ChanUpdateChanFlags is a bitfield that signals various options concerning a +// particular channel edge. Each bit is to be examined in order to determine +// how the ChannelUpdate message is to be interpreted. +type ChanUpdateChanFlags uint8 + +const ( + // ChanUpdateDirection indicates the direction of a channel update. If + // this bit is set to 0 if Node1 (the node with the "smaller" Node ID) + // is updating the channel, and to 1 otherwise. + ChanUpdateDirection ChanUpdateChanFlags = 1 << iota + + // ChanUpdateDisabled is a bit that indicates if the channel edge + // selected by the ChanUpdateDirection bit is to be treated as being + // disabled. + ChanUpdateDisabled +) + +// String returns the bitfield flags as a string. +func (c ChanUpdateChanFlags) String() string { + return fmt.Sprintf("%08b", c) +} + +// ChannelUpdate message is used after channel has been initially announced. +// Each side independently announces its fees and minimum expiry for HTLCs and +// other parameters. Also this message is used to redeclare initially set +// channel parameters. +type ChannelUpdate struct { + // Signature is used to validate the announced data and prove the + // ownership of node id. + Signature Sig + + // ChainHash denotes the target chain that this channel was opened + // within. This value should be the genesis hash of the target chain. + // Along with the short channel ID, this uniquely identifies the + // channel globally in a blockchain. + ChainHash chainhash.Hash + + // ShortChannelID is the unique description of the funding transaction. + ShortChannelID ShortChannelID + + // Timestamp allows ordering in the case of multiple announcements. We + // should ignore the message if timestamp is not greater than + // the last-received. + Timestamp uint32 + + // MessageFlags is a bitfield that describes whether optional fields + // are present in this update. Currently, the least-significant bit + // must be set to 1 if the optional field MaxHtlc is present. + MessageFlags ChanUpdateMsgFlags + + // ChannelFlags is a bitfield that describes additional meta-data + // concerning how the update is to be interpreted. Currently, the + // least-significant bit must be set to 0 if the creating node + // corresponds to the first node in the previously sent channel + // announcement and 1 otherwise. If the second bit is set, then the + // channel is set to be disabled. + ChannelFlags ChanUpdateChanFlags + + // TimeLockDelta is the minimum number of blocks this node requires to + // be added to the expiry of HTLCs. This is a security parameter + // determined by the node operator. This value represents the required + // gap between the time locks of the incoming and outgoing HTLC's set + // to this node. + TimeLockDelta uint16 + + // HtlcMinimumMsat is the minimum HTLC value which will be accepted. + HtlcMinimumMsat MilliSatoshi + + // BaseFee is the base fee that must be used for incoming HTLC's to + // this particular channel. This value will be tacked onto the required + // for a payment independent of the size of the payment. + BaseFee uint32 + + // FeeRate is the fee rate that will be charged per millionth of a + // satoshi. + FeeRate uint32 + + // HtlcMaximumMsat is the maximum HTLC value which will be accepted. + HtlcMaximumMsat MilliSatoshi + + // ExtraOpaqueData is the set of data that was appended to this + // message, some of which we may not actually know how to iterate or + // parse. By holding onto this data, we ensure that we're able to + // properly validate the set of signatures that cover these new fields, + // and ensure we're able to make upgrades to the network in a forwards + // compatible manner. + ExtraOpaqueData []byte +} + +// A compile time check to ensure ChannelUpdate implements the lnwire.Message +// interface. +var _ Message = (*ChannelUpdate)(nil) + +// Decode deserializes a serialized ChannelUpdate stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *ChannelUpdate) Decode(r io.Reader, pver uint32) error { + err := ReadElements(r, + &a.Signature, + a.ChainHash[:], + &a.ShortChannelID, + &a.Timestamp, + &a.MessageFlags, + &a.ChannelFlags, + &a.TimeLockDelta, + &a.HtlcMinimumMsat, + &a.BaseFee, + &a.FeeRate, + ) + if err != nil { + return err + } + + // Now check whether the max HTLC field is present and read it if so. + if a.MessageFlags.HasMaxHtlc() { + if err := ReadElements(r, &a.HtlcMaximumMsat); err != nil { + return err + } + } + + // Now that we've read out all the fields that we explicitly know of, + // we'll collect the remainder into the ExtraOpaqueData field. If there + // aren't any bytes, then we'll snip off the slice to avoid carrying + // around excess capacity. + a.ExtraOpaqueData, err = ioutil.ReadAll(r) + if err != nil { + return err + } + if len(a.ExtraOpaqueData) == 0 { + a.ExtraOpaqueData = nil + } + + return nil +} + +// Encode serializes the target ChannelUpdate into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (a *ChannelUpdate) Encode(w io.Writer, pver uint32) error { + err := WriteElements(w, + a.Signature, + a.ChainHash[:], + a.ShortChannelID, + a.Timestamp, + a.MessageFlags, + a.ChannelFlags, + a.TimeLockDelta, + a.HtlcMinimumMsat, + a.BaseFee, + a.FeeRate, + ) + if err != nil { + return err + } + + // Now append optional fields if they are set. Currently, the only + // optional field is max HTLC. + if a.MessageFlags.HasMaxHtlc() { + if err := WriteElements(w, a.HtlcMaximumMsat); err != nil { + return err + } + } + + // Finally, append any extra opaque data. + return WriteElements(w, a.ExtraOpaqueData) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (a *ChannelUpdate) MsgType() MessageType { + return MsgChannelUpdate +} + +// MaxPayloadLength returns the maximum allowed payload size for this message +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *ChannelUpdate) MaxPayloadLength(pver uint32) uint32 { + return 65533 +} + +// DataToSign is used to retrieve part of the announcement message which should +// be signed. +func (a *ChannelUpdate) DataToSign() ([]byte, error) { + + // We should not include the signatures itself. + var w bytes.Buffer + err := WriteElements(&w, + a.ChainHash[:], + a.ShortChannelID, + a.Timestamp, + a.MessageFlags, + a.ChannelFlags, + a.TimeLockDelta, + a.HtlcMinimumMsat, + a.BaseFee, + a.FeeRate, + ) + if err != nil { + return nil, err + } + + // Now append optional fields if they are set. Currently, the only + // optional field is max HTLC. + if a.MessageFlags.HasMaxHtlc() { + if err := WriteElements(&w, a.HtlcMaximumMsat); err != nil { + return nil, err + } + } + + // Finally, append any extra opaque data. + if err := WriteElements(&w, a.ExtraOpaqueData); err != nil { + return nil, err + } + + return w.Bytes(), nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/closing_signed.go b/vendor/github.com/lightningnetwork/lnd/lnwire/closing_signed.go new file mode 100644 index 0000000..91b9064 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/closing_signed.go @@ -0,0 +1,88 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcutil" +) + +// ClosingSigned is sent by both parties to a channel once the channel is clear +// of HTLCs, and is primarily concerned with negotiating fees for the close +// transaction. Each party provides a signature for a transaction with a fee +// that they believe is fair. The process terminates when both sides agree on +// the same fee, or when one side force closes the channel. +// +// NOTE: The responder is able to send a signature without any additional +// messages as all transactions are assembled observing BIP 69 which defines a +// canonical ordering for input/outputs. Therefore, both sides are able to +// arrive at an identical closure transaction as they know the order of the +// inputs/outputs. +type ClosingSigned struct { + // ChannelID serves to identify which channel is to be closed. + ChannelID ChannelID + + // FeeSatoshis is the total fee in satoshis that the party to the + // channel would like to propose for the close transaction. + FeeSatoshis btcutil.Amount + + // Signature is for the proposed channel close transaction. + Signature Sig +} + +// NewClosingSigned creates a new empty ClosingSigned message. +func NewClosingSigned(cid ChannelID, fs btcutil.Amount, + sig Sig) *ClosingSigned { + + return &ClosingSigned{ + ChannelID: cid, + FeeSatoshis: fs, + Signature: sig, + } +} + +// A compile time check to ensure ClosingSigned implements the lnwire.Message +// interface. +var _ Message = (*ClosingSigned)(nil) + +// Decode deserializes a serialized ClosingSigned message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *ClosingSigned) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, &c.ChannelID, &c.FeeSatoshis, &c.Signature) +} + +// Encode serializes the target ClosingSigned into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *ClosingSigned) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, c.ChannelID, c.FeeSatoshis, c.Signature) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *ClosingSigned) MsgType() MessageType { + return MsgClosingSigned +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// ClosingSigned complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *ClosingSigned) MaxPayloadLength(uint32) uint32 { + var length uint32 + + // ChannelID - 32 bytes + length += 32 + + // FeeSatoshis - 8 bytes + length += 8 + + // Signature - 64 bytes + length += 64 + + return length +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/commit_sig.go b/vendor/github.com/lightningnetwork/lnd/lnwire/commit_sig.go new file mode 100644 index 0000000..5002d5f --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/commit_sig.go @@ -0,0 +1,85 @@ +package lnwire + +import "io" + +// CommitSig is sent by either side to stage any pending HTLC's in the +// receiver's pending set into a new commitment state. Implicitly, the new +// commitment transaction constructed which has been signed by CommitSig +// includes all HTLC's in the remote node's pending set. A CommitSig message +// may be sent after a series of UpdateAddHTLC/UpdateFulfillHTLC messages in +// order to batch add several HTLC's with a single signature covering all +// implicitly accepted HTLC's. +type CommitSig struct { + // ChanID uniquely identifies to which currently active channel this + // CommitSig applies to. + ChanID ChannelID + + // CommitSig is Alice's signature for Bob's new commitment transaction. + // Alice is able to send this signature without requesting any + // additional data due to the piggybacking of Bob's next revocation + // hash in his prior RevokeAndAck message, as well as the canonical + // ordering used for all inputs/outputs within commitment transactions. + // If initiating a new commitment state, this signature should ONLY + // cover all of the sending party's pending log updates, and the log + // updates of the remote party that have been ACK'd. + CommitSig Sig + + // HtlcSigs is a signature for each relevant HTLC output within the + // created commitment. The order of the signatures is expected to be + // identical to the placement of the HTLC's within the BIP 69 sorted + // commitment transaction. For each outgoing HTLC (from the PoV of the + // sender of this message), a signature for an HTLC timeout transaction + // should be signed, for each incoming HTLC the HTLC timeout + // transaction should be signed. + HtlcSigs []Sig +} + +// NewCommitSig creates a new empty CommitSig message. +func NewCommitSig() *CommitSig { + return &CommitSig{} +} + +// A compile time check to ensure CommitSig implements the lnwire.Message +// interface. +var _ Message = (*CommitSig)(nil) + +// Decode deserializes a serialized CommitSig message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *CommitSig) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.CommitSig, + &c.HtlcSigs, + ) +} + +// Encode serializes the target CommitSig into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *CommitSig) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.CommitSig, + c.HtlcSigs, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *CommitSig) MsgType() MessageType { + return MsgCommitSig +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// CommitSig complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *CommitSig) MaxPayloadLength(uint32) uint32 { + // 32 + 64 + 2 + max_allowed_htlcs + return MaxMessagePayload +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/error.go b/vendor/github.com/lightningnetwork/lnd/lnwire/error.go new file mode 100644 index 0000000..5a4dd1b --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/error.go @@ -0,0 +1,127 @@ +package lnwire + +import ( + "io" + + "google.golang.org/grpc/codes" +) + +// ErrorCode represents the short error code for each of the defined errors +// within the Lightning Network protocol spec. +type ErrorCode uint8 + +// ToGrpcCode is used to generate gRPC specific code which will be propagated +// to the ln rpc client. This code is used to have more detailed view of what +// goes wrong and also in order to have the ability pragmatically determine the +// error and take specific actions on the client side. +func (e ErrorCode) ToGrpcCode() codes.Code { + return (codes.Code)(e) + 100 +} + +const ( + // ErrMaxPendingChannels is returned by remote peer when the number of + // active pending channels exceeds their maximum policy limit. + ErrMaxPendingChannels ErrorCode = 1 + + // ErrSynchronizingChain is returned by a remote peer that receives a + // channel update or a funding request while their still syncing to the + // latest state of the blockchain. + ErrSynchronizingChain ErrorCode = 2 + + // ErrChanTooLarge is returned by a remote peer that receives a + // FundingOpen request for a channel that is above their current + // soft-limit. + ErrChanTooLarge ErrorCode = 3 +) + +// String returns a human readable version of the target ErrorCode. +func (e ErrorCode) String() string { + switch e { + case ErrMaxPendingChannels: + return "Number of pending channels exceed maximum" + case ErrSynchronizingChain: + return "Synchronizing blockchain" + case ErrChanTooLarge: + return "channel too large" + default: + return "unknown error" + } +} + +// Error returns the human redable version of the target ErrorCode. +// +// Satisfies the Error interface. +func (e ErrorCode) Error() string { + return e.String() +} + +// ErrorData is a set of bytes associated with a particular sent error. A +// receiving node SHOULD only print out data verbatim if the string is composed +// solely of printable ASCII characters. For reference, the printable character +// set includes byte values 32 through 127 inclusive. +type ErrorData []byte + +// Error represents a generic error bound to an exact channel. The message +// format is purposefully general in order to allow expression of a wide array +// of possible errors. Each Error message is directed at a particular open +// channel referenced by ChannelPoint. +// +// TODO(roasbeef): remove the error code +type Error struct { + // ChanID references the active channel in which the error occurred + // within. If the ChanID is all zeros, then this error applies to the + // entire established connection. + ChanID ChannelID + + // Data is the attached error data that describes the exact failure + // which caused the error message to be sent. + Data ErrorData +} + +// NewError creates a new Error message. +func NewError() *Error { + return &Error{} +} + +// A compile time check to ensure Error implements the lnwire.Message +// interface. +var _ Message = (*Error)(nil) + +// Decode deserializes a serialized Error message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *Error) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.Data, + ) +} + +// Encode serializes the target Error into the passed io.Writer observing the +// protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *Error) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.Data, + ) +} + +// MsgType returns the integer uniquely identifying an Error message on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *Error) MsgType() MessageType { + return MsgError +} + +// MaxPayloadLength returns the maximum allowed payload size for an Error +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *Error) MaxPayloadLength(uint32) uint32 { + // 32 + 2 + 65501 + return 65535 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/features.go b/vendor/github.com/lightningnetwork/lnd/lnwire/features.go new file mode 100644 index 0000000..1dd536b --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/features.go @@ -0,0 +1,263 @@ +package lnwire + +import ( + "encoding/binary" + "fmt" + "io" +) + +// FeatureBit represents a feature that can be enabled in either a local or +// global feature vector at a specific bit position. Feature bits follow the +// "it's OK to be odd" rule, where features at even bit positions must be known +// to a node receiving them from a peer while odd bits do not. In accordance, +// feature bits are usually assigned in pairs, first being assigned an odd bit +// position which may later be changed to the preceding even position once +// knowledge of the feature becomes required on the network. +type FeatureBit uint16 + +const ( + // DataLossProtectRequired is a feature bit that indicates that a peer + // *requires* the other party know about the data-loss-protect optional + // feature. If the remote peer does not know of such a feature, then + // the sending peer SHOLUD disconnect them. The data-loss-protect + // feature allows a peer that's lost partial data to recover their + // settled funds of the latest commitment state. + DataLossProtectRequired FeatureBit = 0 + + // DataLossProtectOptional is an optional feature bit that indicates + // that the sending peer knows of this new feature and can activate it + // it. The data-loss-protect feature allows a peer that's lost partial + // data to recover their settled funds of the latest commitment state. + DataLossProtectOptional FeatureBit = 1 + + // InitialRoutingSync is a local feature bit meaning that the receiving + // node should send a complete dump of routing information when a new + // connection is established. + InitialRoutingSync FeatureBit = 3 + + // GossipQueriesRequired is a feature bit that indicates that the + // receiving peer MUST know of the set of features that allows nodes to + // more efficiently query the network view of peers on the network for + // reconciliation purposes. + GossipQueriesRequired FeatureBit = 6 + + // GossipQueriesOptional is an optional feature bit that signals that + // the setting peer knows of the set of features that allows more + // efficient network view reconciliation. + GossipQueriesOptional FeatureBit = 7 + + // maxAllowedSize is a maximum allowed size of feature vector. + // + // NOTE: Within the protocol, the maximum allowed message size is 65535 + // bytes for all messages. Accounting for the overhead within the feature + // message to signal the type of message, that leaves us with 65533 bytes + // for the init message itself. Next, we reserve 4 bytes to encode the + // lengths of both the local and global feature vectors, so 65529 bytes + // for the local and global features. Knocking off one byte for the sake + // of the calculation, that leads us to 32764 bytes for each feature + // vector, or 131056 different features. + maxAllowedSize = 32764 +) + +// LocalFeatures is a mapping of known connection-local feature bits to a +// descriptive name. All known local feature bits must be assigned a name in +// this mapping. Local features are those which are only sent to the peer and +// not advertised to the entire network. A full description of these feature +// bits is provided in the BOLT-09 specification. +var LocalFeatures = map[FeatureBit]string{ + DataLossProtectRequired: "data-loss-protect", + DataLossProtectOptional: "data-loss-protect", + InitialRoutingSync: "initial-routing-sync", + GossipQueriesRequired: "gossip-queries", + GossipQueriesOptional: "gossip-queries", +} + +// GlobalFeatures is a mapping of known global feature bits to a descriptive +// name. All known global feature bits must be assigned a name in this mapping. +// Global features are those which are advertised to the entire network. A full +// description of these feature bits is provided in the BOLT-09 specification. +var GlobalFeatures map[FeatureBit]string + +// RawFeatureVector represents a set of feature bits as defined in BOLT-09. A +// RawFeatureVector itself just stores a set of bit flags but can be used to +// construct a FeatureVector which binds meaning to each bit. Feature vectors +// can be serialized and deserialized to/from a byte representation that is +// transmitted in Lightning network messages. +type RawFeatureVector struct { + features map[FeatureBit]bool +} + +// NewRawFeatureVector creates a feature vector with all of the feature bits +// given as arguments enabled. +func NewRawFeatureVector(bits ...FeatureBit) *RawFeatureVector { + fv := &RawFeatureVector{features: make(map[FeatureBit]bool)} + for _, bit := range bits { + fv.Set(bit) + } + return fv +} + +// IsSet returns whether a particular feature bit is enabled in the vector. +func (fv *RawFeatureVector) IsSet(feature FeatureBit) bool { + return fv.features[feature] +} + +// Set marks a feature as enabled in the vector. +func (fv *RawFeatureVector) Set(feature FeatureBit) { + fv.features[feature] = true +} + +// Unset marks a feature as disabled in the vector. +func (fv *RawFeatureVector) Unset(feature FeatureBit) { + delete(fv.features, feature) +} + +// SerializeSize returns the number of bytes needed to represent feature vector +// in byte format. +func (fv *RawFeatureVector) SerializeSize() int { + // Find the largest feature bit index + max := -1 + for feature := range fv.features { + index := int(feature) + if index > max { + max = index + } + } + if max == -1 { + return 0 + } + + // We calculate byte-length via the largest bit index + return max/8 + 1 +} + +// Encode writes the feature vector in byte representation. Every feature +// encoded as a bit, and the bit vector is serialized using the least number of +// bytes. Since the bit vector length is variable, the first two bytes of the +// serialization represent the length. +func (fv *RawFeatureVector) Encode(w io.Writer) error { + // Write length of feature vector. + var l [2]byte + length := fv.SerializeSize() + binary.BigEndian.PutUint16(l[:], uint16(length)) + if _, err := w.Write(l[:]); err != nil { + return err + } + + // Generate the data and write it. + data := make([]byte, length) + for feature := range fv.features { + byteIndex := int(feature / 8) + bitIndex := feature % 8 + data[length-byteIndex-1] |= 1 << bitIndex + } + + _, err := w.Write(data) + return err +} + +// Decode reads the feature vector from its byte representation. Every feature +// encoded as a bit, and the bit vector is serialized using the least number of +// bytes. Since the bit vector length is variable, the first two bytes of the +// serialization represent the length. +func (fv *RawFeatureVector) Decode(r io.Reader) error { + // Read the length of the feature vector. + var l [2]byte + if _, err := io.ReadFull(r, l[:]); err != nil { + return err + } + length := binary.BigEndian.Uint16(l[:]) + + // Read the feature vector data. + data := make([]byte, length) + if _, err := io.ReadFull(r, data); err != nil { + return err + } + + // Set feature bits from parsed data. + bitsNumber := len(data) * 8 + for i := 0; i < bitsNumber; i++ { + byteIndex := uint16(i / 8) + bitIndex := uint(i % 8) + if (data[length-byteIndex-1]>>bitIndex)&1 == 1 { + fv.Set(FeatureBit(i)) + } + } + + return nil +} + +// FeatureVector represents a set of enabled features. The set stores +// information on enabled flags and metadata about the feature names. A feature +// vector is serializable to a compact byte representation that is included in +// Lightning network messages. +type FeatureVector struct { + *RawFeatureVector + featureNames map[FeatureBit]string +} + +// NewFeatureVector constructs a new FeatureVector from a raw feature vector +// and mapping of feature definitions. If the feature vector argument is nil, a +// new one will be constructed with no enabled features. +func NewFeatureVector(featureVector *RawFeatureVector, + featureNames map[FeatureBit]string) *FeatureVector { + + if featureVector == nil { + featureVector = NewRawFeatureVector() + } + return &FeatureVector{ + RawFeatureVector: featureVector, + featureNames: featureNames, + } +} + +// HasFeature returns whether a particular feature is included in the set. The +// feature can be seen as set either if the bit is set directly OR the queried +// bit has the same meaning as its corresponding even/odd bit, which is set +// instead. The second case is because feature bits are generally assigned in +// pairs where both the even and odd position represent the same feature. +func (fv *FeatureVector) HasFeature(feature FeatureBit) bool { + return fv.IsSet(feature) || + (fv.isFeatureBitPair(feature) && fv.IsSet(feature^1)) +} + +// UnknownRequiredFeatures returns a list of feature bits set in the vector +// that are unknown and in an even bit position. Feature bits with an even +// index must be known to a node receiving the feature vector in a message. +func (fv *FeatureVector) UnknownRequiredFeatures() []FeatureBit { + var unknown []FeatureBit + for feature := range fv.features { + if feature%2 == 0 && !fv.IsKnown(feature) { + unknown = append(unknown, feature) + } + } + return unknown +} + +// Name returns a string identifier for the feature represented by this bit. If +// the bit does not represent a known feature, this returns a string indicating +// as much. +func (fv *FeatureVector) Name(bit FeatureBit) string { + name, known := fv.featureNames[bit] + if !known { + name = "unknown" + } + return fmt.Sprintf("%s(%d)", name, bit) +} + +// IsKnown returns whether this feature bit represents a known feature. +func (fv *FeatureVector) IsKnown(bit FeatureBit) bool { + _, known := fv.featureNames[bit] + return known +} + +// isFeatureBitPair returns whether this feature bit and its corresponding +// even/odd bit both represent the same feature. This may often be the case as +// bits are generally assigned in pairs, first being assigned an odd bit +// position then being promoted to an even bit position once the network is +// ready. +func (fv *FeatureVector) isFeatureBitPair(bit FeatureBit) bool { + name1, known1 := fv.featureNames[bit] + name2, known2 := fv.featureNames[bit^1] + return known1 && known2 && name1 == name2 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/funding_created.go b/vendor/github.com/lightningnetwork/lnd/lnwire/funding_created.go new file mode 100644 index 0000000..c14321e --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/funding_created.go @@ -0,0 +1,66 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/wire" +) + +// FundingCreated is sent from Alice (the initiator) to Bob (the responder), +// once Alice receives Bob's contributions as well as his channel constraints. +// Once bob receives this message, he'll gain access to an immediately +// broadcastable commitment transaction and will reply with a signature for +// Alice's version of the commitment transaction. +type FundingCreated struct { + // PendingChannelID serves to uniquely identify the future channel + // created by the initiated single funder workflow. + PendingChannelID [32]byte + + // FundingPoint is the outpoint of the funding transaction created by + // Alice. With this, Bob is able to generate both his version and + // Alice's version of the commitment transaction. + FundingPoint wire.OutPoint + + // CommitSig is Alice's signature from Bob's version of the commitment + // transaction. + CommitSig Sig +} + +// A compile time check to ensure FundingCreated implements the lnwire.Message +// interface. +var _ Message = (*FundingCreated)(nil) + +// Encode serializes the target FundingCreated into the passed io.Writer +// implementation. Serialization will observe the rules defined by the passed +// protocol version. +// +// This is part of the lnwire.Message interface. +func (f *FundingCreated) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, f.PendingChannelID[:], f.FundingPoint, f.CommitSig) +} + +// Decode deserializes the serialized FundingCreated stored in the passed +// io.Reader into the target FundingCreated using the deserialization rules +// defined by the passed protocol version. +// +// This is part of the lnwire.Message interface. +func (f *FundingCreated) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, f.PendingChannelID[:], &f.FundingPoint, &f.CommitSig) +} + +// MsgType returns the uint32 code which uniquely identifies this message as a +// FundingCreated on the wire. +// +// This is part of the lnwire.Message interface. +func (f *FundingCreated) MsgType() MessageType { + return MsgFundingCreated +} + +// MaxPayloadLength returns the maximum allowed payload length for a +// FundingCreated message. +// +// This is part of the lnwire.Message interface. +func (f *FundingCreated) MaxPayloadLength(uint32) uint32 { + // 32 + 32 + 2 + 64 + return 130 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/funding_locked.go b/vendor/github.com/lightningnetwork/lnd/lnwire/funding_locked.go new file mode 100644 index 0000000..c441b0b --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/funding_locked.go @@ -0,0 +1,83 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/btcec" +) + +// FundingLocked is the message that both parties to a new channel creation +// send once they have observed the funding transaction being confirmed on the +// blockchain. FundingLocked contains the signatures necessary for the channel +// participants to advertise the existence of the channel to the rest of the +// network. +type FundingLocked struct { + // ChanID is the outpoint of the channel's funding transaction. This + // can be used to query for the channel in the database. + ChanID ChannelID + + // NextPerCommitmentPoint is the secret that can be used to revoke the + // next commitment transaction for the channel. + NextPerCommitmentPoint *btcec.PublicKey +} + +// NewFundingLocked creates a new FundingLocked message, populating it with the +// necessary IDs and revocation secret. +func NewFundingLocked(cid ChannelID, npcp *btcec.PublicKey) *FundingLocked { + return &FundingLocked{ + ChanID: cid, + NextPerCommitmentPoint: npcp, + } +} + +// A compile time check to ensure FundingLocked implements the lnwire.Message +// interface. +var _ Message = (*FundingLocked)(nil) + +// Decode deserializes the serialized FundingLocked message stored in the +// passed io.Reader into the target FundingLocked using the deserialization +// rules defined by the passed protocol version. +// +// This is part of the lnwire.Message interface. +func (c *FundingLocked) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.NextPerCommitmentPoint) +} + +// Encode serializes the target FundingLocked message into the passed io.Writer +// implementation. Serialization will observe the rules defined by the passed +// protocol version. +// +// This is part of the lnwire.Message interface. +func (c *FundingLocked) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.NextPerCommitmentPoint) +} + +// MsgType returns the uint32 code which uniquely identifies this message as a +// FundingLocked message on the wire. +// +// This is part of the lnwire.Message interface. +func (c *FundingLocked) MsgType() MessageType { + return MsgFundingLocked +} + +// MaxPayloadLength returns the maximum allowed payload length for a +// FundingLocked message. This is calculated by summing the max length of all +// the fields within a FundingLocked message. +// +// This is part of the lnwire.Message interface. +func (c *FundingLocked) MaxPayloadLength(uint32) uint32 { + var length uint32 + + // ChanID - 32 bytes + length += 32 + + // NextPerCommitmentPoint - 33 bytes + length += 33 + + // 65 bytes + return length +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/funding_signed.go b/vendor/github.com/lightningnetwork/lnd/lnwire/funding_signed.go new file mode 100644 index 0000000..620f8b3 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/funding_signed.go @@ -0,0 +1,55 @@ +package lnwire + +import "io" + +// FundingSigned is sent from Bob (the responder) to Alice (the initiator) +// after receiving the funding outpoint and her signature for Bob's version of +// the commitment transaction. +type FundingSigned struct { + // ChannelPoint is the particular active channel that this + // FundingSigned is bound to. + ChanID ChannelID + + // CommitSig is Bob's signature for Alice's version of the commitment + // transaction. + CommitSig Sig +} + +// A compile time check to ensure FundingSigned implements the lnwire.Message +// interface. +var _ Message = (*FundingSigned)(nil) + +// Encode serializes the target FundingSigned into the passed io.Writer +// implementation. Serialization will observe the rules defined by the passed +// protocol version. +// +// This is part of the lnwire.Message interface. +func (f *FundingSigned) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, f.ChanID, f.CommitSig) +} + +// Decode deserializes the serialized FundingSigned stored in the passed +// io.Reader into the target FundingSigned using the deserialization rules +// defined by the passed protocol version. +// +// This is part of the lnwire.Message interface. +func (f *FundingSigned) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, &f.ChanID, &f.CommitSig) +} + +// MsgType returns the uint32 code which uniquely identifies this message as a +// FundingSigned on the wire. +// +// This is part of the lnwire.Message interface. +func (f *FundingSigned) MsgType() MessageType { + return MsgFundingSigned +} + +// MaxPayloadLength returns the maximum allowed payload length for a +// FundingSigned message. +// +// This is part of the lnwire.Message interface. +func (f *FundingSigned) MaxPayloadLength(uint32) uint32 { + // 32 + 64 + return 96 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/gossip_timestamp_range.go b/vendor/github.com/lightningnetwork/lnd/lnwire/gossip_timestamp_range.go new file mode 100644 index 0000000..3c28cd0 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/gossip_timestamp_range.go @@ -0,0 +1,80 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// GossipTimestampRange is a message that allows the sender to restrict the set +// of future gossip announcements sent by the receiver. Nodes should send this +// if they have the gossip-queries feature bit active. Nodes are able to send +// new GossipTimestampRange messages to replace the prior window. +type GossipTimestampRange struct { + // ChainHash denotes the chain that the sender wishes to restrict the + // set of received announcements of. + ChainHash chainhash.Hash + + // FirstTimestamp is the timestamp of the earliest announcement message + // that should be sent by the receiver. + FirstTimestamp uint32 + + // TimestampRange is the horizon beyond the FirstTimestamp that any + // announcement messages should be sent for. The receiving node MUST + // NOT send any announcements that have a timestamp greater than + // FirstTimestamp + TimestampRange. + TimestampRange uint32 +} + +// NewGossipTimestampRange creates a new empty GossipTimestampRange message. +func NewGossipTimestampRange() *GossipTimestampRange { + return &GossipTimestampRange{} +} + +// A compile time check to ensure GossipTimestampRange implements the +// lnwire.Message interface. +var _ Message = (*GossipTimestampRange)(nil) + +// Decode deserializes a serialized GossipTimestampRange message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (g *GossipTimestampRange) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + g.ChainHash[:], + &g.FirstTimestamp, + &g.TimestampRange, + ) +} + +// Encode serializes the target GossipTimestampRange into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (g *GossipTimestampRange) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + g.ChainHash[:], + g.FirstTimestamp, + g.TimestampRange, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (g *GossipTimestampRange) MsgType() MessageType { + return MsgGossipTimestampRange +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// GossipTimestampRange complete message observing the specified protocol +// version. +// +// This is part of the lnwire.Message interface. +func (g *GossipTimestampRange) MaxPayloadLength(uint32) uint32 { + // 32 + 4 + 4 + // + // TODO(roasbeef): update to 8 byte timestmaps? + return 40 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/init_message.go b/vendor/github.com/lightningnetwork/lnd/lnwire/init_message.go new file mode 100644 index 0000000..f64f9f8 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/init_message.go @@ -0,0 +1,67 @@ +package lnwire + +import "io" + +// Init is the first message reveals the features supported or required by this +// node. Nodes wait for receipt of the other's features to simplify error +// diagnosis where features are incompatible. Each node MUST wait to receive +// init before sending any other messages. +type Init struct { + // GlobalFeatures is feature vector which affects HTLCs and thus are + // also advertised to other nodes. + GlobalFeatures *RawFeatureVector + + // LocalFeatures is feature vector which only affect the protocol + // between two nodes. + LocalFeatures *RawFeatureVector +} + +// NewInitMessage creates new instance of init message object. +func NewInitMessage(gf *RawFeatureVector, lf *RawFeatureVector) *Init { + return &Init{ + GlobalFeatures: gf, + LocalFeatures: lf, + } +} + +// A compile time check to ensure Init implements the lnwire.Message +// interface. +var _ Message = (*Init)(nil) + +// Decode deserializes a serialized Init message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (msg *Init) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &msg.GlobalFeatures, + &msg.LocalFeatures, + ) +} + +// Encode serializes the target Init into the passed io.Writer observing +// the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (msg *Init) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + msg.GlobalFeatures, + msg.LocalFeatures, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (msg *Init) MsgType() MessageType { + return MsgInit +} + +// MaxPayloadLength returns the maximum allowed payload size for an Init +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (msg *Init) MaxPayloadLength(uint32) uint32 { + return 2 + 2 + maxAllowedSize + 2 + maxAllowedSize +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/lnwire.go b/vendor/github.com/lightningnetwork/lnd/lnwire/lnwire.go new file mode 100644 index 0000000..28dca7d --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/lnwire.go @@ -0,0 +1,857 @@ +package lnwire + +import ( + "bytes" + "encoding/binary" + "fmt" + "image/color" + "io" + "math" + + "net" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcd/wire" + "github.com/btcsuite/btcutil" + "github.com/go-errors/errors" + "github.com/lightningnetwork/lnd/tor" +) + +// MaxSliceLength is the maximum allowed length for any opaque byte slices in +// the wire protocol. +const MaxSliceLength = 65535 + +// PkScript is simple type definition which represents a raw serialized public +// key script. +type PkScript []byte + +// addressType specifies the network protocol and version that should be used +// when connecting to a node at a particular address. +type addressType uint8 + +const ( + // noAddr denotes a blank address. An address of this type indicates + // that a node doesn't have any advertised addresses. + noAddr addressType = 0 + + // tcp4Addr denotes an IPv4 TCP address. + tcp4Addr addressType = 1 + + // tcp6Addr denotes an IPv6 TCP address. + tcp6Addr addressType = 2 + + // v2OnionAddr denotes a version 2 Tor onion service address. + v2OnionAddr addressType = 3 + + // v3OnionAddr denotes a version 3 Tor (prop224) onion service address. + v3OnionAddr addressType = 4 +) + +// AddrLen returns the number of bytes that it takes to encode the target +// address. +func (a addressType) AddrLen() uint16 { + switch a { + case noAddr: + return 0 + case tcp4Addr: + return 6 + case tcp6Addr: + return 18 + case v2OnionAddr: + return 12 + case v3OnionAddr: + return 37 + default: + return 0 + } +} + +// WriteElement is a one-stop shop to write the big endian representation of +// any element which is to be serialized for the wire protocol. The passed +// io.Writer should be backed by an appropriately sized byte slice, or be able +// to dynamically expand to accommodate additional data. +// +// TODO(roasbeef): this should eventually draw from a buffer pool for +// serialization. +func WriteElement(w io.Writer, element interface{}) error { + switch e := element.(type) { + case NodeAlias: + if _, err := w.Write(e[:]); err != nil { + return err + } + + case ShortChanIDEncoding: + var b [1]byte + b[0] = uint8(e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case uint8: + var b [1]byte + b[0] = e + if _, err := w.Write(b[:]); err != nil { + return err + } + case FundingFlag: + var b [1]byte + b[0] = uint8(e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case uint16: + var b [2]byte + binary.BigEndian.PutUint16(b[:], e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case ChanUpdateMsgFlags: + var b [1]byte + b[0] = uint8(e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case ChanUpdateChanFlags: + var b [1]byte + b[0] = uint8(e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case ErrorCode: + var b [2]byte + binary.BigEndian.PutUint16(b[:], uint16(e)) + if _, err := w.Write(b[:]); err != nil { + return err + } + case MilliSatoshi: + var b [8]byte + binary.BigEndian.PutUint64(b[:], uint64(e)) + if _, err := w.Write(b[:]); err != nil { + return err + } + case btcutil.Amount: + var b [8]byte + binary.BigEndian.PutUint64(b[:], uint64(e)) + if _, err := w.Write(b[:]); err != nil { + return err + } + case uint32: + var b [4]byte + binary.BigEndian.PutUint32(b[:], e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case uint64: + var b [8]byte + binary.BigEndian.PutUint64(b[:], e) + if _, err := w.Write(b[:]); err != nil { + return err + } + case *btcec.PublicKey: + if e == nil { + return fmt.Errorf("cannot write nil pubkey") + } + + var b [33]byte + serializedPubkey := e.SerializeCompressed() + copy(b[:], serializedPubkey) + if _, err := w.Write(b[:]); err != nil { + return err + } + case []Sig: + var b [2]byte + numSigs := uint16(len(e)) + binary.BigEndian.PutUint16(b[:], numSigs) + if _, err := w.Write(b[:]); err != nil { + return err + } + + for _, sig := range e { + if err := WriteElement(w, sig); err != nil { + return err + } + } + case Sig: + // Write buffer + if _, err := w.Write(e[:]); err != nil { + return err + } + case PingPayload: + var l [2]byte + binary.BigEndian.PutUint16(l[:], uint16(len(e))) + if _, err := w.Write(l[:]); err != nil { + return err + } + + if _, err := w.Write(e[:]); err != nil { + return err + } + case PongPayload: + var l [2]byte + binary.BigEndian.PutUint16(l[:], uint16(len(e))) + if _, err := w.Write(l[:]); err != nil { + return err + } + + if _, err := w.Write(e[:]); err != nil { + return err + } + case ErrorData: + var l [2]byte + binary.BigEndian.PutUint16(l[:], uint16(len(e))) + if _, err := w.Write(l[:]); err != nil { + return err + } + + if _, err := w.Write(e[:]); err != nil { + return err + } + case OpaqueReason: + var l [2]byte + binary.BigEndian.PutUint16(l[:], uint16(len(e))) + if _, err := w.Write(l[:]); err != nil { + return err + } + + if _, err := w.Write(e[:]); err != nil { + return err + } + case [33]byte: + if _, err := w.Write(e[:]); err != nil { + return err + } + case []byte: + if _, err := w.Write(e[:]); err != nil { + return err + } + case PkScript: + // The largest script we'll accept is a p2wsh which is exactly + // 34 bytes long. + scriptLength := len(e) + if scriptLength > 34 { + return fmt.Errorf("'PkScript' too long") + } + + if err := wire.WriteVarBytes(w, 0, e); err != nil { + return err + } + case *RawFeatureVector: + if e == nil { + return fmt.Errorf("cannot write nil feature vector") + } + + if err := e.Encode(w); err != nil { + return err + } + + case wire.OutPoint: + var h [32]byte + copy(h[:], e.Hash[:]) + if _, err := w.Write(h[:]); err != nil { + return err + } + + if e.Index > math.MaxUint16 { + return fmt.Errorf("index for outpoint (%v) is "+ + "greater than max index of %v", e.Index, + math.MaxUint16) + } + + var idx [2]byte + binary.BigEndian.PutUint16(idx[:], uint16(e.Index)) + if _, err := w.Write(idx[:]); err != nil { + return err + } + + case ChannelID: + if _, err := w.Write(e[:]); err != nil { + return err + } + case FailCode: + if err := WriteElement(w, uint16(e)); err != nil { + return err + } + case ShortChannelID: + // Check that field fit in 3 bytes and write the blockHeight + if e.BlockHeight > ((1 << 24) - 1) { + return errors.New("block height should fit in 3 bytes") + } + + var blockHeight [4]byte + binary.BigEndian.PutUint32(blockHeight[:], e.BlockHeight) + + if _, err := w.Write(blockHeight[1:]); err != nil { + return err + } + + // Check that field fit in 3 bytes and write the txIndex + if e.TxIndex > ((1 << 24) - 1) { + return errors.New("tx index should fit in 3 bytes") + } + + var txIndex [4]byte + binary.BigEndian.PutUint32(txIndex[:], e.TxIndex) + if _, err := w.Write(txIndex[1:]); err != nil { + return err + } + + // Write the txPosition + var txPosition [2]byte + binary.BigEndian.PutUint16(txPosition[:], e.TxPosition) + if _, err := w.Write(txPosition[:]); err != nil { + return err + } + + case *net.TCPAddr: + if e == nil { + return fmt.Errorf("cannot write nil TCPAddr") + } + + if e.IP.To4() != nil { + var descriptor [1]byte + descriptor[0] = uint8(tcp4Addr) + if _, err := w.Write(descriptor[:]); err != nil { + return err + } + + var ip [4]byte + copy(ip[:], e.IP.To4()) + if _, err := w.Write(ip[:]); err != nil { + return err + } + } else { + var descriptor [1]byte + descriptor[0] = uint8(tcp6Addr) + if _, err := w.Write(descriptor[:]); err != nil { + return err + } + var ip [16]byte + copy(ip[:], e.IP.To16()) + if _, err := w.Write(ip[:]); err != nil { + return err + } + } + var port [2]byte + binary.BigEndian.PutUint16(port[:], uint16(e.Port)) + if _, err := w.Write(port[:]); err != nil { + return err + } + + case *tor.OnionAddr: + if e == nil { + return errors.New("cannot write nil onion address") + } + + var suffixIndex int + switch len(e.OnionService) { + case tor.V2Len: + descriptor := []byte{byte(v2OnionAddr)} + if _, err := w.Write(descriptor); err != nil { + return err + } + suffixIndex = tor.V2Len - tor.OnionSuffixLen + case tor.V3Len: + descriptor := []byte{byte(v3OnionAddr)} + if _, err := w.Write(descriptor); err != nil { + return err + } + suffixIndex = tor.V3Len - tor.OnionSuffixLen + default: + return errors.New("unknown onion service length") + } + + host, err := tor.Base32Encoding.DecodeString( + e.OnionService[:suffixIndex], + ) + if err != nil { + return err + } + if _, err := w.Write(host); err != nil { + return err + } + + var port [2]byte + binary.BigEndian.PutUint16(port[:], uint16(e.Port)) + if _, err := w.Write(port[:]); err != nil { + return err + } + + case []net.Addr: + // First, we'll encode all the addresses into an intermediate + // buffer. We need to do this in order to compute the total + // length of the addresses. + var addrBuf bytes.Buffer + for _, address := range e { + if err := WriteElement(&addrBuf, address); err != nil { + return err + } + } + + // With the addresses fully encoded, we can now write out the + // number of bytes needed to encode them. + addrLen := addrBuf.Len() + if err := WriteElement(w, uint16(addrLen)); err != nil { + return err + } + + // Finally, we'll write out the raw addresses themselves, but + // only if we have any bytes to write. + if addrLen > 0 { + if _, err := w.Write(addrBuf.Bytes()); err != nil { + return err + } + } + case color.RGBA: + if err := WriteElements(w, e.R, e.G, e.B); err != nil { + return err + } + + case DeliveryAddress: + var length [2]byte + binary.BigEndian.PutUint16(length[:], uint16(len(e))) + if _, err := w.Write(length[:]); err != nil { + return err + } + if _, err := w.Write(e[:]); err != nil { + return err + } + + case bool: + var b [1]byte + if e { + b[0] = 1 + } + if _, err := w.Write(b[:]); err != nil { + return err + } + default: + return fmt.Errorf("Unknown type in WriteElement: %T", e) + } + + return nil +} + +// WriteElements is writes each element in the elements slice to the passed +// io.Writer using WriteElement. +func WriteElements(w io.Writer, elements ...interface{}) error { + for _, element := range elements { + err := WriteElement(w, element) + if err != nil { + return err + } + } + return nil +} + +// ReadElement is a one-stop utility function to deserialize any datastructure +// encoded using the serialization format of lnwire. +func ReadElement(r io.Reader, element interface{}) error { + var err error + switch e := element.(type) { + case *bool: + var b [1]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + + if b[0] == 1 { + *e = true + } + + case *NodeAlias: + var a [32]byte + if _, err := io.ReadFull(r, a[:]); err != nil { + return err + } + + alias, err := NewNodeAlias(string(a[:])) + if err != nil { + return err + } + + *e = alias + case *ShortChanIDEncoding: + var b [1]uint8 + if _, err := r.Read(b[:]); err != nil { + return err + } + *e = ShortChanIDEncoding(b[0]) + case *uint8: + var b [1]uint8 + if _, err := r.Read(b[:]); err != nil { + return err + } + *e = b[0] + case *FundingFlag: + var b [1]uint8 + if _, err := r.Read(b[:]); err != nil { + return err + } + *e = FundingFlag(b[0]) + case *uint16: + var b [2]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + *e = binary.BigEndian.Uint16(b[:]) + case *ChanUpdateMsgFlags: + var b [1]uint8 + if _, err := r.Read(b[:]); err != nil { + return err + } + *e = ChanUpdateMsgFlags(b[0]) + case *ChanUpdateChanFlags: + var b [1]uint8 + if _, err := r.Read(b[:]); err != nil { + return err + } + *e = ChanUpdateChanFlags(b[0]) + case *ErrorCode: + var b [2]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + *e = ErrorCode(binary.BigEndian.Uint16(b[:])) + case *uint32: + var b [4]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + *e = binary.BigEndian.Uint32(b[:]) + case *uint64: + var b [8]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + *e = binary.BigEndian.Uint64(b[:]) + case *MilliSatoshi: + var b [8]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + *e = MilliSatoshi(int64(binary.BigEndian.Uint64(b[:]))) + case *btcutil.Amount: + var b [8]byte + if _, err := io.ReadFull(r, b[:]); err != nil { + return err + } + *e = btcutil.Amount(int64(binary.BigEndian.Uint64(b[:]))) + case **btcec.PublicKey: + var b [btcec.PubKeyBytesLenCompressed]byte + if _, err = io.ReadFull(r, b[:]); err != nil { + return err + } + + pubKey, err := btcec.ParsePubKey(b[:], btcec.S256()) + if err != nil { + return err + } + *e = pubKey + case **RawFeatureVector: + f := NewRawFeatureVector() + err = f.Decode(r) + if err != nil { + return err + } + + *e = f + + case *[]Sig: + var l [2]byte + if _, err := io.ReadFull(r, l[:]); err != nil { + return err + } + numSigs := binary.BigEndian.Uint16(l[:]) + + var sigs []Sig + if numSigs > 0 { + sigs = make([]Sig, numSigs) + for i := 0; i < int(numSigs); i++ { + if err := ReadElement(r, &sigs[i]); err != nil { + return err + } + } + } + + *e = sigs + + case *Sig: + if _, err := io.ReadFull(r, e[:]); err != nil { + return err + } + case *OpaqueReason: + var l [2]byte + if _, err := io.ReadFull(r, l[:]); err != nil { + return err + } + reasonLen := binary.BigEndian.Uint16(l[:]) + + *e = OpaqueReason(make([]byte, reasonLen)) + if _, err := io.ReadFull(r, *e); err != nil { + return err + } + case *ErrorData: + var l [2]byte + if _, err := io.ReadFull(r, l[:]); err != nil { + return err + } + errorLen := binary.BigEndian.Uint16(l[:]) + + *e = ErrorData(make([]byte, errorLen)) + if _, err := io.ReadFull(r, *e); err != nil { + return err + } + case *PingPayload: + var l [2]byte + if _, err := io.ReadFull(r, l[:]); err != nil { + return err + } + pingLen := binary.BigEndian.Uint16(l[:]) + + *e = PingPayload(make([]byte, pingLen)) + if _, err := io.ReadFull(r, *e); err != nil { + return err + } + case *PongPayload: + var l [2]byte + if _, err := io.ReadFull(r, l[:]); err != nil { + return err + } + pongLen := binary.BigEndian.Uint16(l[:]) + + *e = PongPayload(make([]byte, pongLen)) + if _, err := io.ReadFull(r, *e); err != nil { + return err + } + case *[33]byte: + if _, err := io.ReadFull(r, e[:]); err != nil { + return err + } + case []byte: + if _, err := io.ReadFull(r, e); err != nil { + return err + } + case *PkScript: + pkScript, err := wire.ReadVarBytes(r, 0, 34, "pkscript") + if err != nil { + return err + } + *e = pkScript + case *wire.OutPoint: + var h [32]byte + if _, err = io.ReadFull(r, h[:]); err != nil { + return err + } + hash, err := chainhash.NewHash(h[:]) + if err != nil { + return err + } + + var idxBytes [2]byte + _, err = io.ReadFull(r, idxBytes[:]) + if err != nil { + return err + } + index := binary.BigEndian.Uint16(idxBytes[:]) + + *e = wire.OutPoint{ + Hash: *hash, + Index: uint32(index), + } + case *FailCode: + if err := ReadElement(r, (*uint16)(e)); err != nil { + return err + } + case *ChannelID: + if _, err := io.ReadFull(r, e[:]); err != nil { + return err + } + + case *ShortChannelID: + var blockHeight [4]byte + if _, err = io.ReadFull(r, blockHeight[1:]); err != nil { + return err + } + + var txIndex [4]byte + if _, err = io.ReadFull(r, txIndex[1:]); err != nil { + return err + } + + var txPosition [2]byte + if _, err = io.ReadFull(r, txPosition[:]); err != nil { + return err + } + + *e = ShortChannelID{ + BlockHeight: binary.BigEndian.Uint32(blockHeight[:]), + TxIndex: binary.BigEndian.Uint32(txIndex[:]), + TxPosition: binary.BigEndian.Uint16(txPosition[:]), + } + + case *[]net.Addr: + // First, we'll read the number of total bytes that have been + // used to encode the set of addresses. + var numAddrsBytes [2]byte + if _, err = io.ReadFull(r, numAddrsBytes[:]); err != nil { + return err + } + addrsLen := binary.BigEndian.Uint16(numAddrsBytes[:]) + + // With the number of addresses, read, we'll now pull in the + // buffer of the encoded addresses into memory. + addrs := make([]byte, addrsLen) + if _, err := io.ReadFull(r, addrs[:]); err != nil { + return err + } + addrBuf := bytes.NewReader(addrs) + + // Finally, we'll parse the remaining address payload in + // series, using the first byte to denote how to decode the + // address itself. + var ( + addresses []net.Addr + addrBytesRead uint16 + ) + + for addrBytesRead < addrsLen { + var descriptor [1]byte + if _, err = io.ReadFull(addrBuf, descriptor[:]); err != nil { + return err + } + + addrBytesRead++ + + var address net.Addr + switch aType := addressType(descriptor[0]); aType { + case noAddr: + addrBytesRead += aType.AddrLen() + continue + + case tcp4Addr: + var ip [4]byte + if _, err := io.ReadFull(addrBuf, ip[:]); err != nil { + return err + } + + var port [2]byte + if _, err := io.ReadFull(addrBuf, port[:]); err != nil { + return err + } + + address = &net.TCPAddr{ + IP: net.IP(ip[:]), + Port: int(binary.BigEndian.Uint16(port[:])), + } + addrBytesRead += aType.AddrLen() + + case tcp6Addr: + var ip [16]byte + if _, err := io.ReadFull(addrBuf, ip[:]); err != nil { + return err + } + + var port [2]byte + if _, err := io.ReadFull(addrBuf, port[:]); err != nil { + return err + } + + address = &net.TCPAddr{ + IP: net.IP(ip[:]), + Port: int(binary.BigEndian.Uint16(port[:])), + } + addrBytesRead += aType.AddrLen() + + case v2OnionAddr: + var h [tor.V2DecodedLen]byte + if _, err := io.ReadFull(addrBuf, h[:]); err != nil { + return err + } + + var p [2]byte + if _, err := io.ReadFull(addrBuf, p[:]); err != nil { + return err + } + + onionService := tor.Base32Encoding.EncodeToString(h[:]) + onionService += tor.OnionSuffix + port := int(binary.BigEndian.Uint16(p[:])) + + address = &tor.OnionAddr{ + OnionService: onionService, + Port: port, + } + addrBytesRead += aType.AddrLen() + + case v3OnionAddr: + var h [tor.V3DecodedLen]byte + if _, err := io.ReadFull(addrBuf, h[:]); err != nil { + return err + } + + var p [2]byte + if _, err := io.ReadFull(addrBuf, p[:]); err != nil { + return err + } + + onionService := tor.Base32Encoding.EncodeToString(h[:]) + onionService += tor.OnionSuffix + port := int(binary.BigEndian.Uint16(p[:])) + + address = &tor.OnionAddr{ + OnionService: onionService, + Port: port, + } + addrBytesRead += aType.AddrLen() + + default: + return &ErrUnknownAddrType{aType} + } + + addresses = append(addresses, address) + } + + *e = addresses + case *color.RGBA: + err := ReadElements(r, + &e.R, + &e.G, + &e.B, + ) + if err != nil { + return err + } + case *DeliveryAddress: + var addrLen [2]byte + if _, err = io.ReadFull(r, addrLen[:]); err != nil { + return err + } + length := binary.BigEndian.Uint16(addrLen[:]) + + var addrBytes [34]byte + if length > 34 { + return fmt.Errorf("Cannot read %d bytes into addrBytes", length) + } + if _, err = io.ReadFull(r, addrBytes[:length]); err != nil { + return err + } + *e = addrBytes[:length] + default: + return fmt.Errorf("Unknown type in ReadElement: %T", e) + } + + return nil +} + +// ReadElements deserializes a variable number of elements into the passed +// io.Reader, with each element being deserialized according to the ReadElement +// function. +func ReadElements(r io.Reader, elements ...interface{}) error { + for _, element := range elements { + err := ReadElement(r, element) + if err != nil { + return err + } + } + return nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/message.go b/vendor/github.com/lightningnetwork/lnd/lnwire/message.go new file mode 100644 index 0000000..b5c2733 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/message.go @@ -0,0 +1,296 @@ +// Copyright (c) 2013-2017 The btcsuite developers +// Copyright (c) 2015-2016 The Decred developers +// code derived from https://github .com/btcsuite/btcd/blob/master/wire/message.go +// Copyright (C) 2015-2017 The Lightning Network Developers + +package lnwire + +import ( + "bytes" + "encoding/binary" + "fmt" + "io" +) + +// MaxMessagePayload is the maximum bytes a message can be regardless of other +// individual limits imposed by messages themselves. +const MaxMessagePayload = 65535 // 65KB + +// MessageType is the unique 2 byte big-endian integer that indicates the type +// of message on the wire. All messages have a very simple header which +// consists simply of 2-byte message type. We omit a length field, and checksum +// as the Lightning Protocol is intended to be encapsulated within a +// confidential+authenticated cryptographic messaging protocol. +type MessageType uint16 + +// The currently defined message types within this current version of the +// Lightning protocol. +const ( + MsgInit MessageType = 16 + MsgError = 17 + MsgPing = 18 + MsgPong = 19 + MsgOpenChannel = 32 + MsgAcceptChannel = 33 + MsgFundingCreated = 34 + MsgFundingSigned = 35 + MsgFundingLocked = 36 + MsgShutdown = 38 + MsgClosingSigned = 39 + MsgUpdateAddHTLC = 128 + MsgUpdateFulfillHTLC = 130 + MsgUpdateFailHTLC = 131 + MsgCommitSig = 132 + MsgRevokeAndAck = 133 + MsgUpdateFee = 134 + MsgUpdateFailMalformedHTLC = 135 + MsgChannelReestablish = 136 + MsgChannelAnnouncement = 256 + MsgNodeAnnouncement = 257 + MsgChannelUpdate = 258 + MsgAnnounceSignatures = 259 + MsgQueryShortChanIDs = 261 + MsgReplyShortChanIDsEnd = 262 + MsgQueryChannelRange = 263 + MsgReplyChannelRange = 264 + MsgGossipTimestampRange = 265 +) + +// String return the string representation of message type. +func (t MessageType) String() string { + switch t { + case MsgInit: + return "Init" + case MsgOpenChannel: + return "MsgOpenChannel" + case MsgAcceptChannel: + return "MsgAcceptChannel" + case MsgFundingCreated: + return "MsgFundingCreated" + case MsgFundingSigned: + return "MsgFundingSigned" + case MsgFundingLocked: + return "FundingLocked" + case MsgShutdown: + return "Shutdown" + case MsgClosingSigned: + return "ClosingSigned" + case MsgUpdateAddHTLC: + return "UpdateAddHTLC" + case MsgUpdateFailHTLC: + return "UpdateFailHTLC" + case MsgUpdateFulfillHTLC: + return "UpdateFulfillHTLC" + case MsgCommitSig: + return "CommitSig" + case MsgRevokeAndAck: + return "RevokeAndAck" + case MsgUpdateFailMalformedHTLC: + return "UpdateFailMalformedHTLC" + case MsgChannelReestablish: + return "ChannelReestablish" + case MsgError: + return "Error" + case MsgChannelAnnouncement: + return "ChannelAnnouncement" + case MsgChannelUpdate: + return "ChannelUpdate" + case MsgNodeAnnouncement: + return "NodeAnnouncement" + case MsgPing: + return "Ping" + case MsgAnnounceSignatures: + return "AnnounceSignatures" + case MsgPong: + return "Pong" + case MsgUpdateFee: + return "UpdateFee" + case MsgQueryShortChanIDs: + return "QueryShortChanIDs" + case MsgReplyShortChanIDsEnd: + return "ReplyShortChanIDsEnd" + case MsgQueryChannelRange: + return "QueryChannelRange" + case MsgReplyChannelRange: + return "ReplyChannelRange" + case MsgGossipTimestampRange: + return "GossipTimestampRange" + default: + return "" + } +} + +// UnknownMessage is an implementation of the error interface that allows the +// creation of an error in response to an unknown message. +type UnknownMessage struct { + messageType MessageType +} + +// Error returns a human readable string describing the error. +// +// This is part of the error interface. +func (u *UnknownMessage) Error() string { + return fmt.Sprintf("unable to parse message of unknown type: %v", + u.messageType) +} + +// Serializable is an interface which defines a lightning wire serializable +// object. +type Serializable interface { + // Decode reads the bytes stream and converts it to the object. + Decode(io.Reader, uint32) error + + // Encode converts object to the bytes stream and write it into the + // writer. + Encode(io.Writer, uint32) error +} + +// Message is an interface that defines a lightning wire protocol message. The +// interface is general in order to allow implementing types full control over +// the representation of its data. +type Message interface { + Serializable + MsgType() MessageType + MaxPayloadLength(uint32) uint32 +} + +// makeEmptyMessage creates a new empty message of the proper concrete type +// based on the passed message type. +func makeEmptyMessage(msgType MessageType) (Message, error) { + var msg Message + + switch msgType { + case MsgInit: + msg = &Init{} + case MsgOpenChannel: + msg = &OpenChannel{} + case MsgAcceptChannel: + msg = &AcceptChannel{} + case MsgFundingCreated: + msg = &FundingCreated{} + case MsgFundingSigned: + msg = &FundingSigned{} + case MsgFundingLocked: + msg = &FundingLocked{} + case MsgShutdown: + msg = &Shutdown{} + case MsgClosingSigned: + msg = &ClosingSigned{} + case MsgUpdateAddHTLC: + msg = &UpdateAddHTLC{} + case MsgUpdateFailHTLC: + msg = &UpdateFailHTLC{} + case MsgUpdateFulfillHTLC: + msg = &UpdateFulfillHTLC{} + case MsgCommitSig: + msg = &CommitSig{} + case MsgRevokeAndAck: + msg = &RevokeAndAck{} + case MsgUpdateFee: + msg = &UpdateFee{} + case MsgUpdateFailMalformedHTLC: + msg = &UpdateFailMalformedHTLC{} + case MsgChannelReestablish: + msg = &ChannelReestablish{} + case MsgError: + msg = &Error{} + case MsgChannelAnnouncement: + msg = &ChannelAnnouncement{} + case MsgChannelUpdate: + msg = &ChannelUpdate{} + case MsgNodeAnnouncement: + msg = &NodeAnnouncement{} + case MsgPing: + msg = &Ping{} + case MsgAnnounceSignatures: + msg = &AnnounceSignatures{} + case MsgPong: + msg = &Pong{} + case MsgQueryShortChanIDs: + msg = &QueryShortChanIDs{} + case MsgReplyShortChanIDsEnd: + msg = &ReplyShortChanIDsEnd{} + case MsgQueryChannelRange: + msg = &QueryChannelRange{} + case MsgReplyChannelRange: + msg = &ReplyChannelRange{} + case MsgGossipTimestampRange: + msg = &GossipTimestampRange{} + default: + return nil, &UnknownMessage{msgType} + } + + return msg, nil +} + +// WriteMessage writes a lightning Message to w including the necessary header +// information and returns the number of bytes written. +func WriteMessage(w io.Writer, msg Message, pver uint32) (int, error) { + totalBytes := 0 + + // Encode the message payload itself into a temporary buffer. + // TODO(roasbeef): create buffer pool + var bw bytes.Buffer + if err := msg.Encode(&bw, pver); err != nil { + return totalBytes, err + } + payload := bw.Bytes() + lenp := len(payload) + + // Enforce maximum overall message payload. + if lenp > MaxMessagePayload { + return totalBytes, fmt.Errorf("message payload is too large - "+ + "encoded %d bytes, but maximum message payload is %d bytes", + lenp, MaxMessagePayload) + } + + // Enforce maximum message payload on the message type. + mpl := msg.MaxPayloadLength(pver) + if uint32(lenp) > mpl { + return totalBytes, fmt.Errorf("message payload is too large - "+ + "encoded %d bytes, but maximum message payload of "+ + "type %v is %d bytes", lenp, msg.MsgType(), mpl) + } + + // With the initial sanity checks complete, we'll now write out the + // message type itself. + var mType [2]byte + binary.BigEndian.PutUint16(mType[:], uint16(msg.MsgType())) + n, err := w.Write(mType[:]) + totalBytes += n + if err != nil { + return totalBytes, err + } + + // With the message type written, we'll now write out the raw payload + // itself. + n, err = w.Write(payload) + totalBytes += n + + return totalBytes, err +} + +// ReadMessage reads, validates, and parses the next Lightning message from r +// for the provided protocol version. +func ReadMessage(r io.Reader, pver uint32) (Message, error) { + // First, we'll read out the first two bytes of the message so we can + // create the proper empty message. + var mType [2]byte + if _, err := io.ReadFull(r, mType[:]); err != nil { + return nil, err + } + + msgType := MessageType(binary.BigEndian.Uint16(mType[:])) + + // Now that we know the target message type, we can create the proper + // empty message type and decode the message into it. + msg, err := makeEmptyMessage(msgType) + if err != nil { + return nil, err + } + if err := msg.Decode(r, pver); err != nil { + return nil, err + } + + return msg, nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/msat.go b/vendor/github.com/lightningnetwork/lnd/lnwire/msat.go new file mode 100644 index 0000000..67ee497 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/msat.go @@ -0,0 +1,45 @@ +package lnwire + +import ( + "fmt" + + "github.com/btcsuite/btcutil" +) + +// mSatScale is a value that's used to scale satoshis to milli-satoshis, and +// the other way around. +const mSatScale uint64 = 1000 + +// MilliSatoshi are the native unit of the Lightning Network. A milli-satoshi +// is simply 1/1000th of a satoshi. There are 1000 milli-satoshis in a single +// satoshi. Within the network, all HTLC payments are denominated in +// milli-satoshis. As milli-satoshis aren't deliverable on the native +// blockchain, before settling to broadcasting, the values are rounded down to +// the nearest satoshi. +type MilliSatoshi uint64 + +// NewMSatFromSatoshis creates a new MilliSatoshi instance from a target amount +// of satoshis. +func NewMSatFromSatoshis(sat btcutil.Amount) MilliSatoshi { + return MilliSatoshi(uint64(sat) * mSatScale) +} + +// ToBTC converts the target MilliSatoshi amount to its corresponding value +// when expressed in BTC. +func (m MilliSatoshi) ToBTC() float64 { + sat := m.ToSatoshis() + return sat.ToBTC() +} + +// ToSatoshis converts the target MilliSatoshi amount to satoshis. Simply, this +// sheds a factor of 1000 from the mSAT amount in order to convert it to SAT. +func (m MilliSatoshi) ToSatoshis() btcutil.Amount { + return btcutil.Amount(uint64(m) / mSatScale) +} + +// String returns the string representation of the mSAT amount. +func (m MilliSatoshi) String() string { + return fmt.Sprintf("%v mSAT", uint64(m)) +} + +// TODO(roasbeef): extend with arithmetic operations? diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/netaddress.go b/vendor/github.com/lightningnetwork/lnd/lnwire/netaddress.go new file mode 100644 index 0000000..f31ac1f --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/netaddress.go @@ -0,0 +1,54 @@ +package lnwire + +import ( + "fmt" + "net" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/wire" +) + +// NetAddress represents information pertaining to the identity and network +// reachability of a peer. Information stored includes the node's identity +// public key for establishing a confidential+authenticated connection, the +// service bits it supports, and a TCP address the node is reachable at. +// +// TODO(roasbeef): merge with LinkNode in some fashion +type NetAddress struct { + // IdentityKey is the long-term static public key for a node. This node is + // used throughout the network as a node's identity key. It is used to + // authenticate any data sent to the network on behalf of the node, and + // additionally to establish a confidential+authenticated connection with + // the node. + IdentityKey *btcec.PublicKey + + // Address is the IP address and port of the node. This is left + // general so that multiple implementations can be used. + Address net.Addr + + // ChainNet is the Bitcoin network this node is associated with. + // TODO(roasbeef): make a slice in the future for multi-chain + ChainNet wire.BitcoinNet +} + +// A compile time assertion to ensure that NetAddress meets the net.Addr +// interface. +var _ net.Addr = (*NetAddress)(nil) + +// String returns a human readable string describing the target NetAddress. The +// current string format is: @host. +// +// This part of the net.Addr interface. +func (n *NetAddress) String() string { + // TODO(roasbeef): use base58? + pubkey := n.IdentityKey.SerializeCompressed() + + return fmt.Sprintf("%x@%v", pubkey, n.Address) +} + +// Network returns the name of the network this address is bound to. +// +// This part of the net.Addr interface. +func (n *NetAddress) Network() string { + return n.Address.Network() +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/node_announcement.go b/vendor/github.com/lightningnetwork/lnd/lnwire/node_announcement.go new file mode 100644 index 0000000..42c1d5e --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/node_announcement.go @@ -0,0 +1,205 @@ +package lnwire + +import ( + "bytes" + "fmt" + "image/color" + "io" + "io/ioutil" + "net" + "unicode/utf8" +) + +var ( + startPort uint16 = 1024 + endPort uint16 = 49151 +) + +// ErrUnknownAddrType is an error returned if we encounter an unknown address type +// when parsing addresses. +type ErrUnknownAddrType struct { + addrType addressType +} + +// Error returns a human readable string describing the error. +// +// NOTE: implements the error interface. +func (e ErrUnknownAddrType) Error() string { + return fmt.Sprintf("unknown address type: %v", e.addrType) +} + +// ErrInvalidNodeAlias is an error returned if a node alias we parse on the +// wire is invalid, as in it has non UTF-8 characters. +type ErrInvalidNodeAlias struct{} + +// Error returns a human readable string describing the error. +// +// NOTE: implements the error interface. +func (e ErrInvalidNodeAlias) Error() string { + return "node alias has non-utf8 characters" +} + +// NodeAlias a hex encoded UTF-8 string that may be displayed as an alternative +// to the node's ID. Notice that aliases are not unique and may be freely +// chosen by the node operators. +type NodeAlias [32]byte + +// NewNodeAlias creates a new instance of a NodeAlias. Verification is +// performed on the passed string to ensure it meets the alias requirements. +func NewNodeAlias(s string) (NodeAlias, error) { + var n NodeAlias + + if len(s) > 32 { + return n, fmt.Errorf("alias too large: max is %v, got %v", 32, + len(s)) + } + + if !utf8.ValidString(s) { + return n, &ErrInvalidNodeAlias{} + } + + copy(n[:], []byte(s)) + return n, nil +} + +// String returns a utf8 string representation of the alias bytes. +func (n NodeAlias) String() string { + // Trim trailing zero-bytes for presentation + return string(bytes.Trim(n[:], "\x00")) +} + +// NodeAnnouncement message is used to announce the presence of a Lightning +// node and also to signal that the node is accepting incoming connections. +// Each NodeAnnouncement authenticating the advertised information within the +// announcement via a signature using the advertised node pubkey. +type NodeAnnouncement struct { + // Signature is used to prove the ownership of node id. + Signature Sig + + // Features is the list of protocol features this node supports. + Features *RawFeatureVector + + // Timestamp allows ordering in the case of multiple announcements. + Timestamp uint32 + + // NodeID is a public key which is used as node identification. + NodeID [33]byte + + // RGBColor is used to customize their node's appearance in maps and + // graphs + RGBColor color.RGBA + + // Alias is used to customize their node's appearance in maps and + // graphs + Alias NodeAlias + + // Address includes two specification fields: 'ipv6' and 'port' on + // which the node is accepting incoming connections. + Addresses []net.Addr + + // ExtraOpaqueData is the set of data that was appended to this + // message, some of which we may not actually know how to iterate or + // parse. By holding onto this data, we ensure that we're able to + // properly validate the set of signatures that cover these new fields, + // and ensure we're able to make upgrades to the network in a forwards + // compatible manner. + ExtraOpaqueData []byte +} + +// UpdateNodeAnnAddrs is a functional option that allows updating the addresses +// of the given node announcement. +func UpdateNodeAnnAddrs(addrs []net.Addr) func(*NodeAnnouncement) { + return func(nodeAnn *NodeAnnouncement) { + nodeAnn.Addresses = addrs + } +} + +// A compile time check to ensure NodeAnnouncement implements the +// lnwire.Message interface. +var _ Message = (*NodeAnnouncement)(nil) + +// Decode deserializes a serialized NodeAnnouncement stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *NodeAnnouncement) Decode(r io.Reader, pver uint32) error { + err := ReadElements(r, + &a.Signature, + &a.Features, + &a.Timestamp, + &a.NodeID, + &a.RGBColor, + &a.Alias, + &a.Addresses, + ) + if err != nil { + return err + } + + // Now that we've read out all the fields that we explicitly know of, + // we'll collect the remainder into the ExtraOpaqueData field. If there + // aren't any bytes, then we'll snip off the slice to avoid carrying + // around excess capacity. + a.ExtraOpaqueData, err = ioutil.ReadAll(r) + if err != nil { + return err + } + if len(a.ExtraOpaqueData) == 0 { + a.ExtraOpaqueData = nil + } + + return nil +} + +// Encode serializes the target NodeAnnouncement into the passed io.Writer +// observing the protocol version specified. +// +func (a *NodeAnnouncement) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + a.Signature, + a.Features, + a.Timestamp, + a.NodeID, + a.RGBColor, + a.Alias, + a.Addresses, + a.ExtraOpaqueData, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (a *NodeAnnouncement) MsgType() MessageType { + return MsgNodeAnnouncement +} + +// MaxPayloadLength returns the maximum allowed payload size for this message +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (a *NodeAnnouncement) MaxPayloadLength(pver uint32) uint32 { + return 65533 +} + +// DataToSign returns the part of the message that should be signed. +func (a *NodeAnnouncement) DataToSign() ([]byte, error) { + + // We should not include the signatures itself. + var w bytes.Buffer + err := WriteElements(&w, + a.Features, + a.Timestamp, + a.NodeID, + a.RGBColor, + a.Alias[:], + a.Addresses, + a.ExtraOpaqueData, + ) + if err != nil { + return nil, err + } + + return w.Bytes(), nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/onion_error.go b/vendor/github.com/lightningnetwork/lnd/lnwire/onion_error.go new file mode 100644 index 0000000..6ea01d5 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/onion_error.go @@ -0,0 +1,1292 @@ +package lnwire + +import ( + "bufio" + "crypto/sha256" + "encoding/binary" + "fmt" + "io" + + "bytes" + + "github.com/davecgh/go-spew/spew" + "github.com/go-errors/errors" +) + +// FailureMessage represents the onion failure object identified by its unique +// failure code. +type FailureMessage interface { + // Code returns a failure code describing the exact nature of the + // error. + Code() FailCode + + // Error returns a human readable string describing the error. With + // this method, the FailureMessage interface meets the built-in error + // interface. + Error() string +} + +// FailureMessageLength is the size of the failure message plus the size of +// padding. The FailureMessage message should always be EXACTLY this size. +const FailureMessageLength = 256 + +const ( + // FlagBadOnion error flag describes an unparsable, encrypted by + // previous node. + FlagBadOnion FailCode = 0x8000 + + // FlagPerm error flag indicates a permanent failure. + FlagPerm FailCode = 0x4000 + + // FlagNode error flag indicates anode failure. + FlagNode FailCode = 0x2000 + + // FlagUpdate error flag indicates a new channel update is enclosed + // within the error. + FlagUpdate FailCode = 0x1000 +) + +// FailCode specifies the precise reason that an upstream HTLC was cancelled. +// Each UpdateFailHTLC message carries a FailCode which is to be passed +// backwards, encrypted at each step back to the source of the HTLC within the +// route. +type FailCode uint16 + +// The currently defined onion failure types within this current version of the +// Lightning protocol. +const ( + CodeNone FailCode = 0 + CodeInvalidRealm = FlagBadOnion | 1 + CodeTemporaryNodeFailure = FlagNode | 2 + CodePermanentNodeFailure = FlagPerm | FlagNode | 2 + CodeRequiredNodeFeatureMissing = FlagPerm | FlagNode | 3 + CodeInvalidOnionVersion = FlagBadOnion | FlagPerm | 4 + CodeInvalidOnionHmac = FlagBadOnion | FlagPerm | 5 + CodeInvalidOnionKey = FlagBadOnion | FlagPerm | 6 + CodeTemporaryChannelFailure = FlagUpdate | 7 + CodePermanentChannelFailure = FlagPerm | 8 + CodeRequiredChannelFeatureMissing = FlagPerm | 9 + CodeUnknownNextPeer = FlagPerm | 10 + CodeAmountBelowMinimum = FlagUpdate | 11 + CodeFeeInsufficient = FlagUpdate | 12 + CodeIncorrectCltvExpiry = FlagUpdate | 13 + CodeExpiryTooSoon = FlagUpdate | 14 + CodeChannelDisabled = FlagUpdate | 20 + CodeUnknownPaymentHash = FlagPerm | 15 + CodeIncorrectPaymentAmount = FlagPerm | 16 + CodeFinalExpiryTooSoon FailCode = 17 + CodeFinalIncorrectCltvExpiry FailCode = 18 + CodeFinalIncorrectHtlcAmount FailCode = 19 + CodeExpiryTooFar FailCode = 21 +) + +// String returns the string representation of the failure code. +func (c FailCode) String() string { + switch c { + case CodeInvalidRealm: + return "InvalidRealm" + + case CodeTemporaryNodeFailure: + return "TemporaryNodeFailure" + + case CodePermanentNodeFailure: + return "PermanentNodeFailure" + + case CodeRequiredNodeFeatureMissing: + return "RequiredNodeFeatureMissing" + + case CodeInvalidOnionVersion: + return "InvalidOnionVersion" + + case CodeInvalidOnionHmac: + return "InvalidOnionHmac" + + case CodeInvalidOnionKey: + return "InvalidOnionKey" + + case CodeTemporaryChannelFailure: + return "TemporaryChannelFailure" + + case CodePermanentChannelFailure: + return "PermanentChannelFailure" + + case CodeRequiredChannelFeatureMissing: + return "RequiredChannelFeatureMissing" + + case CodeUnknownNextPeer: + return "UnknownNextPeer" + + case CodeAmountBelowMinimum: + return "AmountBelowMinimum" + + case CodeFeeInsufficient: + return "FeeInsufficient" + + case CodeIncorrectCltvExpiry: + return "IncorrectCltvExpiry" + + case CodeIncorrectPaymentAmount: + return "IncorrectPaymentAmount" + + case CodeExpiryTooSoon: + return "ExpiryTooSoon" + + case CodeChannelDisabled: + return "ChannelDisabled" + + case CodeUnknownPaymentHash: + return "UnknownPaymentHash" + + case CodeFinalExpiryTooSoon: + return "FinalExpiryTooSoon" + + case CodeFinalIncorrectCltvExpiry: + return "FinalIncorrectCltvExpiry" + + case CodeFinalIncorrectHtlcAmount: + return "FinalIncorrectHtlcAmount" + + case CodeExpiryTooFar: + return "ExpiryTooFar" + + default: + return "" + } +} + +// FailInvalidRealm is returned if the realm byte is unknown. +// +// NOTE: May be returned by any node in the payment route. +type FailInvalidRealm struct{} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailInvalidRealm) Error() string { + return f.Code().String() +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailInvalidRealm) Code() FailCode { + return CodeInvalidRealm +} + +// FailTemporaryNodeFailure is returned if an otherwise unspecified transient +// error occurs for the entire node. +// +// NOTE: May be returned by any node in the payment route. +type FailTemporaryNodeFailure struct{} + +// Code returns the failure unique code. +// NOTE: Part of the FailureMessage interface. +func (f *FailTemporaryNodeFailure) Code() FailCode { + return CodeTemporaryNodeFailure +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailTemporaryNodeFailure) Error() string { + return f.Code().String() +} + +// FailPermanentNodeFailure is returned if an otherwise unspecified permanent +// error occurs for the entire node. +// +// NOTE: May be returned by any node in the payment route. +type FailPermanentNodeFailure struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailPermanentNodeFailure) Code() FailCode { + return CodePermanentNodeFailure +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailPermanentNodeFailure) Error() string { + return f.Code().String() +} + +// FailRequiredNodeFeatureMissing is returned if a node has requirement +// advertised in its node_announcement features which were not present in the +// onion. +// +// NOTE: May be returned by any node in the payment route. +type FailRequiredNodeFeatureMissing struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailRequiredNodeFeatureMissing) Code() FailCode { + return CodeRequiredNodeFeatureMissing +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailRequiredNodeFeatureMissing) Error() string { + return f.Code().String() +} + +// FailPermanentChannelFailure is return if an otherwise unspecified permanent +// error occurs for the outgoing channel (eg. channel (recently). +// +// NOTE: May be returned by any node in the payment route. +type FailPermanentChannelFailure struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailPermanentChannelFailure) Code() FailCode { + return CodePermanentChannelFailure +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailPermanentChannelFailure) Error() string { + return f.Code().String() +} + +// FailRequiredChannelFeatureMissing is returned if the outgoing channel has a +// requirement advertised in its channel announcement features which were not +// present in the onion. +// +// NOTE: May only be returned by intermediate nodes. +type FailRequiredChannelFeatureMissing struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailRequiredChannelFeatureMissing) Code() FailCode { + return CodeRequiredChannelFeatureMissing +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailRequiredChannelFeatureMissing) Error() string { + return f.Code().String() +} + +// FailUnknownNextPeer is returned if the next peer specified by the onion is +// not known. +// +// NOTE: May only be returned by intermediate nodes. +type FailUnknownNextPeer struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailUnknownNextPeer) Code() FailCode { + return CodeUnknownNextPeer +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailUnknownNextPeer) Error() string { + return f.Code().String() +} + +// FailIncorrectPaymentAmount is returned if the amount paid is less than the +// amount expected, the final node MUST fail the HTLC. If the amount paid is +// more than twice the amount expected, the final node SHOULD fail the HTLC. +// This allows the sender to reduce information leakage by altering the amount, +// without allowing accidental gross overpayment. +// +// NOTE: May only be returned by the final node in the path. +type FailIncorrectPaymentAmount struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailIncorrectPaymentAmount) Code() FailCode { + return CodeIncorrectPaymentAmount +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailIncorrectPaymentAmount) Error() string { + return f.Code().String() +} + +// FailUnknownPaymentHash is returned for two reasons: +// +// 1) if the payment hash has already been paid, the final node MAY treat the +// payment hash as unknown, or may succeed in accepting the HTLC. If the +// payment hash is unknown, the final node MUST fail the HTLC. +// +// 2) if the amount paid is less than the amount expected, the final node MUST +// fail the HTLC. If the amount paid is more than twice the amount expected, +// the final node SHOULD fail the HTLC. This allows the sender to reduce +// information leakage by altering the amount, without allowing accidental +// gross overpayment. +// +// NOTE: May only be returned by the final node in the path. +type FailUnknownPaymentHash struct { + // amount is the value of the extended HTLC. + amount MilliSatoshi +} + +// NewFailUnknownPaymentHash makes a new instance of the FailUnknownPaymentHash +// error bound to the specified HTLC amount. +func NewFailUnknownPaymentHash(amt MilliSatoshi) *FailUnknownPaymentHash { + return &FailUnknownPaymentHash{ + amount: amt, + } +} + +// Amount is the value of the extended HTLC. +func (f *FailUnknownPaymentHash) Amount() MilliSatoshi { + return f.amount +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailUnknownPaymentHash) Code() FailCode { + return CodeUnknownPaymentHash +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailUnknownPaymentHash) Error() string { + return fmt.Sprintf("UnknownPaymentHash(amt=%v)", f.amount) +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailUnknownPaymentHash) Decode(r io.Reader, pver uint32) error { + err := ReadElement(r, &f.amount) + switch { + // This is an optional tack on that was added later in the protocol. As + // a result, older nodes may not include this value. We'll account for + // this by checking for io.EOF here which means that no bytes were read + // at all. + case err == io.EOF: + return nil + + case err != nil: + return err + } + + return nil +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailUnknownPaymentHash) Encode(w io.Writer, pver uint32) error { + return WriteElement(w, f.amount) +} + +// FailFinalExpiryTooSoon is returned if the cltv_expiry is too low, the final +// node MUST fail the HTLC. +// +// NOTE: May only be returned by the final node in the path. +type FailFinalExpiryTooSoon struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailFinalExpiryTooSoon) Code() FailCode { + return CodeFinalExpiryTooSoon +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailFinalExpiryTooSoon) Error() string { + return f.Code().String() +} + +// NewFinalExpiryTooSoon creates new instance of the FailFinalExpiryTooSoon. +func NewFinalExpiryTooSoon() *FailFinalExpiryTooSoon { + return &FailFinalExpiryTooSoon{} +} + +// FailInvalidOnionVersion is returned if the onion version byte is unknown. +// +// NOTE: May be returned only by intermediate nodes. +type FailInvalidOnionVersion struct { + // OnionSHA256 hash of the onion blob which haven't been proceeded. + OnionSHA256 [sha256.Size]byte +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailInvalidOnionVersion) Error() string { + return fmt.Sprintf("InvalidOnionVersion(onion_sha=%x)", f.OnionSHA256[:]) +} + +// NewInvalidOnionVersion creates new instance of the FailInvalidOnionVersion. +func NewInvalidOnionVersion(onion []byte) *FailInvalidOnionVersion { + return &FailInvalidOnionVersion{OnionSHA256: sha256.Sum256(onion)} +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailInvalidOnionVersion) Code() FailCode { + return CodeInvalidOnionVersion +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailInvalidOnionVersion) Decode(r io.Reader, pver uint32) error { + return ReadElement(r, f.OnionSHA256[:]) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailInvalidOnionVersion) Encode(w io.Writer, pver uint32) error { + return WriteElement(w, f.OnionSHA256[:]) +} + +// FailInvalidOnionHmac is return if the onion HMAC is incorrect. +// +// NOTE: May only be returned by intermediate nodes. +type FailInvalidOnionHmac struct { + // OnionSHA256 hash of the onion blob which haven't been proceeded. + OnionSHA256 [sha256.Size]byte +} + +// NewInvalidOnionHmac creates new instance of the FailInvalidOnionHmac. +func NewInvalidOnionHmac(onion []byte) *FailInvalidOnionHmac { + return &FailInvalidOnionHmac{OnionSHA256: sha256.Sum256(onion)} +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailInvalidOnionHmac) Code() FailCode { + return CodeInvalidOnionHmac +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailInvalidOnionHmac) Decode(r io.Reader, pver uint32) error { + return ReadElement(r, f.OnionSHA256[:]) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailInvalidOnionHmac) Encode(w io.Writer, pver uint32) error { + return WriteElement(w, f.OnionSHA256[:]) +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailInvalidOnionHmac) Error() string { + return fmt.Sprintf("InvalidOnionHMAC(onion_sha=%x)", f.OnionSHA256[:]) +} + +// FailInvalidOnionKey is return if the ephemeral key in the onion is +// unparsable. +// +// NOTE: May only be returned by intermediate nodes. +type FailInvalidOnionKey struct { + // OnionSHA256 hash of the onion blob which haven't been proceeded. + OnionSHA256 [sha256.Size]byte +} + +// NewInvalidOnionKey creates new instance of the FailInvalidOnionKey. +func NewInvalidOnionKey(onion []byte) *FailInvalidOnionKey { + return &FailInvalidOnionKey{OnionSHA256: sha256.Sum256(onion)} +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailInvalidOnionKey) Code() FailCode { + return CodeInvalidOnionKey +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailInvalidOnionKey) Decode(r io.Reader, pver uint32) error { + return ReadElement(r, f.OnionSHA256[:]) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailInvalidOnionKey) Encode(w io.Writer, pver uint32) error { + return WriteElement(w, f.OnionSHA256[:]) +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailInvalidOnionKey) Error() string { + return fmt.Sprintf("InvalidOnionKey(onion_sha=%x)", f.OnionSHA256[:]) +} + +// parseChannelUpdateCompatabilityMode will attempt to parse a channel updated +// encoded into an onion error payload in two ways. First, we'll try the +// compatibility oriented version wherein we'll _skip_ the length prefixing on +// the channel update message. Older versions of c-lighting do this so we'll +// attempt to parse these messages in order to retain compatibility. If we're +// unable to pull out a fully valid version, then we'll fall back to the +// regular parsing mechanism which includes the length prefix an NO type byte. +func parseChannelUpdateCompatabilityMode(r *bufio.Reader, + chanUpdate *ChannelUpdate, pver uint32) error { + + // We'll peek out two bytes from the buffer without advancing the + // buffer so we can decide how to parse the remainder of it. + maybeTypeBytes, err := r.Peek(2) + if err != nil { + return err + } + + // Some nodes well prefix an additional set of bytes in front of their + // channel updates. These bytes will _almost_ always be 258 or the type + // of the ChannelUpdate message. + typeInt := binary.BigEndian.Uint16(maybeTypeBytes) + if typeInt == MsgChannelUpdate { + // At this point it's likely the case that this is a channel + // update message with its type prefixed, so we'll snip off the + // first two bytes and parse it as normal. + var throwAwayTypeBytes [2]byte + _, err := r.Read(throwAwayTypeBytes[:]) + if err != nil { + return err + } + } + + // At this pint, we've either decided to keep the entire thing, or snip + // off the first two bytes. In either case, we can just read it as + // normal. + return chanUpdate.Decode(r, pver) +} + +// FailTemporaryChannelFailure is if an otherwise unspecified transient error +// occurs for the outgoing channel (eg. channel capacity reached, too many +// in-flight htlcs) +// +// NOTE: May only be returned by intermediate nodes. +type FailTemporaryChannelFailure struct { + // Update is used to update information about state of the channel + // which caused the failure. + // + // NOTE: This field is optional. + Update *ChannelUpdate +} + +// NewTemporaryChannelFailure creates new instance of the FailTemporaryChannelFailure. +func NewTemporaryChannelFailure(update *ChannelUpdate) *FailTemporaryChannelFailure { + return &FailTemporaryChannelFailure{Update: update} +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailTemporaryChannelFailure) Code() FailCode { + return CodeTemporaryChannelFailure +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailTemporaryChannelFailure) Error() string { + if f.Update == nil { + return f.Code().String() + } + + return fmt.Sprintf("TemporaryChannelFailure(update=%v)", + spew.Sdump(f.Update)) +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailTemporaryChannelFailure) Decode(r io.Reader, pver uint32) error { + var length uint16 + err := ReadElement(r, &length) + if err != nil { + return err + } + + if length != 0 { + f.Update = &ChannelUpdate{} + return parseChannelUpdateCompatabilityMode( + bufio.NewReader(r), f.Update, pver, + ) + } + + return nil +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailTemporaryChannelFailure) Encode(w io.Writer, pver uint32) error { + var payload []byte + if f.Update != nil { + var bw bytes.Buffer + if err := f.Update.Encode(&bw, pver); err != nil { + return err + } + payload = bw.Bytes() + } + + if err := WriteElement(w, uint16(len(payload))); err != nil { + return err + } + + _, err := w.Write(payload) + return err +} + +// FailAmountBelowMinimum is returned if the HTLC does not reach the current +// minimum amount, we tell them the amount of the incoming HTLC and the current +// channel setting for the outgoing channel. +// +// NOTE: May only be returned by the intermediate nodes in the path. +type FailAmountBelowMinimum struct { + // HtlcMsat is the wrong amount of the incoming HTLC. + HtlcMsat MilliSatoshi + + // Update is used to update information about state of the channel + // which caused the failure. + Update ChannelUpdate +} + +// NewAmountBelowMinimum creates new instance of the FailAmountBelowMinimum. +func NewAmountBelowMinimum(htlcMsat MilliSatoshi, + update ChannelUpdate) *FailAmountBelowMinimum { + + return &FailAmountBelowMinimum{ + HtlcMsat: htlcMsat, + Update: update, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailAmountBelowMinimum) Code() FailCode { + return CodeAmountBelowMinimum +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailAmountBelowMinimum) Error() string { + return fmt.Sprintf("AmountBelowMinimum(amt=%v, update=%v", f.HtlcMsat, + spew.Sdump(f.Update)) +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailAmountBelowMinimum) Decode(r io.Reader, pver uint32) error { + if err := ReadElement(r, &f.HtlcMsat); err != nil { + return err + } + + var length uint16 + if err := ReadElement(r, &length); err != nil { + return err + } + + f.Update = ChannelUpdate{} + return parseChannelUpdateCompatabilityMode( + bufio.NewReader(r), &f.Update, pver, + ) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailAmountBelowMinimum) Encode(w io.Writer, pver uint32) error { + if err := WriteElement(w, f.HtlcMsat); err != nil { + return err + } + + return writeOnionErrorChanUpdate(w, &f.Update, pver) +} + +// FailFeeInsufficient is returned if the HTLC does not pay sufficient fee, we +// tell them the amount of the incoming HTLC and the current channel setting +// for the outgoing channel. +// +// NOTE: May only be returned by intermediate nodes. +type FailFeeInsufficient struct { + // HtlcMsat is the wrong amount of the incoming HTLC. + HtlcMsat MilliSatoshi + + // Update is used to update information about state of the channel + // which caused the failure. + Update ChannelUpdate +} + +// NewFeeInsufficient creates new instance of the FailFeeInsufficient. +func NewFeeInsufficient(htlcMsat MilliSatoshi, + update ChannelUpdate) *FailFeeInsufficient { + return &FailFeeInsufficient{ + HtlcMsat: htlcMsat, + Update: update, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailFeeInsufficient) Code() FailCode { + return CodeFeeInsufficient +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailFeeInsufficient) Error() string { + return fmt.Sprintf("FeeInsufficient(htlc_amt==%v, update=%v", f.HtlcMsat, + spew.Sdump(f.Update)) +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailFeeInsufficient) Decode(r io.Reader, pver uint32) error { + if err := ReadElement(r, &f.HtlcMsat); err != nil { + return err + } + + var length uint16 + if err := ReadElement(r, &length); err != nil { + return err + } + + f.Update = ChannelUpdate{} + return parseChannelUpdateCompatabilityMode( + bufio.NewReader(r), &f.Update, pver, + ) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailFeeInsufficient) Encode(w io.Writer, pver uint32) error { + if err := WriteElement(w, f.HtlcMsat); err != nil { + return err + } + + return writeOnionErrorChanUpdate(w, &f.Update, pver) +} + +// FailIncorrectCltvExpiry is returned if outgoing cltv value does not match +// the update add htlc's cltv expiry minus cltv expiry delta for the outgoing +// channel, we tell them the cltv expiry and the current channel setting for +// the outgoing channel. +// +// NOTE: May only be returned by intermediate nodes. +type FailIncorrectCltvExpiry struct { + // CltvExpiry is the wrong absolute timeout in blocks, after which + // outgoing HTLC expires. + CltvExpiry uint32 + + // Update is used to update information about state of the channel + // which caused the failure. + Update ChannelUpdate +} + +// NewIncorrectCltvExpiry creates new instance of the FailIncorrectCltvExpiry. +func NewIncorrectCltvExpiry(cltvExpiry uint32, + update ChannelUpdate) *FailIncorrectCltvExpiry { + + return &FailIncorrectCltvExpiry{ + CltvExpiry: cltvExpiry, + Update: update, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailIncorrectCltvExpiry) Code() FailCode { + return CodeIncorrectCltvExpiry +} + +func (f *FailIncorrectCltvExpiry) Error() string { + return fmt.Sprintf("IncorrectCltvExpiry(expiry=%v, update=%v", + f.CltvExpiry, spew.Sdump(f.Update)) +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailIncorrectCltvExpiry) Decode(r io.Reader, pver uint32) error { + if err := ReadElement(r, &f.CltvExpiry); err != nil { + return err + } + + var length uint16 + if err := ReadElement(r, &length); err != nil { + return err + } + + f.Update = ChannelUpdate{} + return parseChannelUpdateCompatabilityMode( + bufio.NewReader(r), &f.Update, pver, + ) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailIncorrectCltvExpiry) Encode(w io.Writer, pver uint32) error { + if err := WriteElement(w, f.CltvExpiry); err != nil { + return err + } + + return writeOnionErrorChanUpdate(w, &f.Update, pver) +} + +// FailExpiryTooSoon is returned if the ctlv-expiry is too near, we tell them +// the current channel setting for the outgoing channel. +// +// NOTE: May only be returned by intermediate nodes. +type FailExpiryTooSoon struct { + // Update is used to update information about state of the channel + // which caused the failure. + Update ChannelUpdate +} + +// NewExpiryTooSoon creates new instance of the FailExpiryTooSoon. +func NewExpiryTooSoon(update ChannelUpdate) *FailExpiryTooSoon { + return &FailExpiryTooSoon{ + Update: update, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailExpiryTooSoon) Code() FailCode { + return CodeExpiryTooSoon +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailExpiryTooSoon) Error() string { + return fmt.Sprintf("ExpiryTooSoon(update=%v", spew.Sdump(f.Update)) +} + +// Decode decodes the failure from l stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailExpiryTooSoon) Decode(r io.Reader, pver uint32) error { + var length uint16 + if err := ReadElement(r, &length); err != nil { + return err + } + + f.Update = ChannelUpdate{} + return parseChannelUpdateCompatabilityMode( + bufio.NewReader(r), &f.Update, pver, + ) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailExpiryTooSoon) Encode(w io.Writer, pver uint32) error { + return writeOnionErrorChanUpdate(w, &f.Update, pver) +} + +// FailChannelDisabled is returned if the channel is disabled, we tell them the +// current channel setting for the outgoing channel. +// +// NOTE: May only be returned by intermediate nodes. +type FailChannelDisabled struct { + // Flags least-significant bit must be set to 0 if the creating node + // corresponds to the first node in the previously sent channel + // announcement and 1 otherwise. + Flags uint16 + + // Update is used to update information about state of the channel + // which caused the failure. + Update ChannelUpdate +} + +// NewChannelDisabled creates new instance of the FailChannelDisabled. +func NewChannelDisabled(flags uint16, update ChannelUpdate) *FailChannelDisabled { + return &FailChannelDisabled{ + Flags: flags, + Update: update, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailChannelDisabled) Code() FailCode { + return CodeChannelDisabled +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailChannelDisabled) Error() string { + return fmt.Sprintf("ChannelDisabled(flags=%v, update=%v", f.Flags, + spew.Sdump(f.Update)) +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailChannelDisabled) Decode(r io.Reader, pver uint32) error { + if err := ReadElement(r, &f.Flags); err != nil { + return err + } + + var length uint16 + if err := ReadElement(r, &length); err != nil { + return err + } + + f.Update = ChannelUpdate{} + return parseChannelUpdateCompatabilityMode( + bufio.NewReader(r), &f.Update, pver, + ) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailChannelDisabled) Encode(w io.Writer, pver uint32) error { + if err := WriteElement(w, f.Flags); err != nil { + return err + } + + return writeOnionErrorChanUpdate(w, &f.Update, pver) +} + +// FailFinalIncorrectCltvExpiry is returned if the outgoing_cltv_value does not +// match the ctlv_expiry of the HTLC at the final hop. +// +// NOTE: might be returned by final node only. +type FailFinalIncorrectCltvExpiry struct { + // CltvExpiry is the wrong absolute timeout in blocks, after which + // outgoing HTLC expires. + CltvExpiry uint32 +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailFinalIncorrectCltvExpiry) Error() string { + return fmt.Sprintf("FinalIncorrectCltvExpiry(expiry=%v)", f.CltvExpiry) +} + +// NewFinalIncorrectCltvExpiry creates new instance of the +// FailFinalIncorrectCltvExpiry. +func NewFinalIncorrectCltvExpiry(cltvExpiry uint32) *FailFinalIncorrectCltvExpiry { + return &FailFinalIncorrectCltvExpiry{ + CltvExpiry: cltvExpiry, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailFinalIncorrectCltvExpiry) Code() FailCode { + return CodeFinalIncorrectCltvExpiry +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailFinalIncorrectCltvExpiry) Decode(r io.Reader, pver uint32) error { + return ReadElement(r, &f.CltvExpiry) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailFinalIncorrectCltvExpiry) Encode(w io.Writer, pver uint32) error { + return WriteElement(w, f.CltvExpiry) +} + +// FailFinalIncorrectHtlcAmount is returned if the amt_to_forward is higher +// than incoming_htlc_amt of the HTLC at the final hop. +// +// NOTE: May only be returned by the final node. +type FailFinalIncorrectHtlcAmount struct { + // IncomingHTLCAmount is the wrong forwarded htlc amount. + IncomingHTLCAmount MilliSatoshi +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailFinalIncorrectHtlcAmount) Error() string { + return fmt.Sprintf("FinalIncorrectHtlcAmount(amt=%v)", + f.IncomingHTLCAmount) +} + +// NewFinalIncorrectHtlcAmount creates new instance of the +// FailFinalIncorrectHtlcAmount. +func NewFinalIncorrectHtlcAmount(amount MilliSatoshi) *FailFinalIncorrectHtlcAmount { + return &FailFinalIncorrectHtlcAmount{ + IncomingHTLCAmount: amount, + } +} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailFinalIncorrectHtlcAmount) Code() FailCode { + return CodeFinalIncorrectHtlcAmount +} + +// Decode decodes the failure from bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailFinalIncorrectHtlcAmount) Decode(r io.Reader, pver uint32) error { + return ReadElement(r, &f.IncomingHTLCAmount) +} + +// Encode writes the failure in bytes stream. +// +// NOTE: Part of the Serializable interface. +func (f *FailFinalIncorrectHtlcAmount) Encode(w io.Writer, pver uint32) error { + return WriteElement(w, f.IncomingHTLCAmount) +} + +// FailExpiryTooFar is returned if the CLTV expiry in the HTLC is too far in the +// future. +// +// NOTE: May be returned by any node in the payment route. +type FailExpiryTooFar struct{} + +// Code returns the failure unique code. +// +// NOTE: Part of the FailureMessage interface. +func (f *FailExpiryTooFar) Code() FailCode { + return CodeExpiryTooFar +} + +// Returns a human readable string describing the target FailureMessage. +// +// NOTE: Implements the error interface. +func (f *FailExpiryTooFar) Error() string { + return f.Code().String() +} + +// DecodeFailure decodes, validates, and parses the lnwire onion failure, for +// the provided protocol version. +func DecodeFailure(r io.Reader, pver uint32) (FailureMessage, error) { + // First, we'll parse out the encapsulated failure message itself. This + // is a 2 byte length followed by the payload itself. + var failureLength uint16 + if err := ReadElement(r, &failureLength); err != nil { + return nil, fmt.Errorf("unable to read error len: %v", err) + } + if failureLength > FailureMessageLength { + return nil, fmt.Errorf("failure message is too "+ + "long: %v", failureLength) + } + failureData := make([]byte, failureLength) + if _, err := io.ReadFull(r, failureData); err != nil { + return nil, fmt.Errorf("unable to full read payload of "+ + "%v: %v", failureLength, err) + } + + dataReader := bytes.NewReader(failureData) + + // Once we have the failure data, we can obtain the failure code from + // the first two bytes of the buffer. + var codeBytes [2]byte + if _, err := io.ReadFull(dataReader, codeBytes[:]); err != nil { + return nil, fmt.Errorf("unable to read failure code: %v", err) + } + failCode := FailCode(binary.BigEndian.Uint16(codeBytes[:])) + + // Create the empty failure by given code and populate the failure with + // additional data if needed. + failure, err := makeEmptyOnionError(failCode) + if err != nil { + return nil, fmt.Errorf("unable to make empty error: %v", err) + } + + // Finally, if this failure has a payload, then we'll read that now as + // well. + switch f := failure.(type) { + case Serializable: + if err := f.Decode(dataReader, pver); err != nil { + return nil, fmt.Errorf("unable to decode error "+ + "update (type=%T, len_bytes=%v, bytes=%x): %v", + failure, failureLength, failureData[:], err) + } + } + + return failure, nil +} + +// EncodeFailure encodes, including the necessary onion failure header +// information. +func EncodeFailure(w io.Writer, failure FailureMessage, pver uint32) error { + var failureMessageBuffer bytes.Buffer + + // First, we'll write out the error code itself into the failure + // buffer. + var codeBytes [2]byte + code := uint16(failure.Code()) + binary.BigEndian.PutUint16(codeBytes[:], code) + _, err := failureMessageBuffer.Write(codeBytes[:]) + if err != nil { + return err + } + + // Next, some message have an additional message payload, if this is + // one of those types, then we'll also encode the error payload as + // well. + switch failure := failure.(type) { + case Serializable: + if err := failure.Encode(&failureMessageBuffer, pver); err != nil { + return err + } + } + + // The combined size of this message must be below the max allowed + // failure message length. + failureMessage := failureMessageBuffer.Bytes() + if len(failureMessage) > FailureMessageLength { + return fmt.Errorf("failure message exceed max "+ + "available size: %v", len(failureMessage)) + } + + // Finally, we'll add some padding in order to ensure that all failure + // messages are fixed size. + pad := make([]byte, FailureMessageLength-len(failureMessage)) + + return WriteElements(w, + uint16(len(failureMessage)), + failureMessage, + uint16(len(pad)), + pad, + ) +} + +// makeEmptyOnionError creates a new empty onion error of the proper concrete +// type based on the passed failure code. +func makeEmptyOnionError(code FailCode) (FailureMessage, error) { + switch code { + case CodeInvalidRealm: + return &FailInvalidRealm{}, nil + + case CodeTemporaryNodeFailure: + return &FailTemporaryNodeFailure{}, nil + + case CodePermanentNodeFailure: + return &FailPermanentNodeFailure{}, nil + + case CodeRequiredNodeFeatureMissing: + return &FailRequiredNodeFeatureMissing{}, nil + + case CodePermanentChannelFailure: + return &FailPermanentChannelFailure{}, nil + + case CodeRequiredChannelFeatureMissing: + return &FailRequiredChannelFeatureMissing{}, nil + + case CodeUnknownNextPeer: + return &FailUnknownNextPeer{}, nil + + case CodeUnknownPaymentHash: + return &FailUnknownPaymentHash{}, nil + + case CodeIncorrectPaymentAmount: + return &FailIncorrectPaymentAmount{}, nil + + case CodeFinalExpiryTooSoon: + return &FailFinalExpiryTooSoon{}, nil + + case CodeInvalidOnionVersion: + return &FailInvalidOnionVersion{}, nil + + case CodeInvalidOnionHmac: + return &FailInvalidOnionHmac{}, nil + + case CodeInvalidOnionKey: + return &FailInvalidOnionKey{}, nil + + case CodeTemporaryChannelFailure: + return &FailTemporaryChannelFailure{}, nil + + case CodeAmountBelowMinimum: + return &FailAmountBelowMinimum{}, nil + + case CodeFeeInsufficient: + return &FailFeeInsufficient{}, nil + + case CodeIncorrectCltvExpiry: + return &FailIncorrectCltvExpiry{}, nil + + case CodeExpiryTooSoon: + return &FailExpiryTooSoon{}, nil + + case CodeChannelDisabled: + return &FailChannelDisabled{}, nil + + case CodeFinalIncorrectCltvExpiry: + return &FailFinalIncorrectCltvExpiry{}, nil + + case CodeFinalIncorrectHtlcAmount: + return &FailFinalIncorrectHtlcAmount{}, nil + + case CodeExpiryTooFar: + return &FailExpiryTooFar{}, nil + + default: + return nil, errors.Errorf("unknown error code: %v", code) + } +} + +// writeOnionErrorChanUpdate writes out a ChannelUpdate using the onion error +// format. The format is that we first write out the true serialized length of +// the channel update, followed by the serialized channel update itself. +func writeOnionErrorChanUpdate(w io.Writer, chanUpdate *ChannelUpdate, + pver uint32) error { + + // First, we encode the channel update in a temporary buffer in order + // to get the exact serialized size. + var b bytes.Buffer + if err := chanUpdate.Encode(&b, pver); err != nil { + return err + } + + // Now that we know the size, we can write the length out in the main + // writer. + updateLen := b.Len() + if err := WriteElement(w, uint16(updateLen)); err != nil { + return err + } + + // With the length written, we'll then write out the serialized channel + // update. + if _, err := w.Write(b.Bytes()); err != nil { + return err + } + + return nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/open_channel.go b/vendor/github.com/lightningnetwork/lnd/lnwire/open_channel.go new file mode 100644 index 0000000..ccd01ef --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/open_channel.go @@ -0,0 +1,202 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcutil" +) + +// FundingFlag represents the possible bit mask values for the ChannelFlags +// field within the OpenChannel struct. +type FundingFlag uint8 + +const ( + // FFAnnounceChannel is a FundingFlag that when set, indicates the + // initiator of a funding flow wishes to announce the channel to the + // greater network. + FFAnnounceChannel FundingFlag = 1 << iota +) + +// OpenChannel is the message Alice sends to Bob if we should like to create a +// channel with Bob where she's the sole provider of funds to the channel. +// Single funder channels simplify the initial funding workflow, are supported +// by nodes backed by SPV Bitcoin clients, and have a simpler security models +// than dual funded channels. +type OpenChannel struct { + // ChainHash is the target chain that the initiator wishes to open a + // channel within. + ChainHash chainhash.Hash + + // PendingChannelID serves to uniquely identify the future channel + // created by the initiated single funder workflow. + PendingChannelID [32]byte + + // FundingAmount is the amount of satoshis that the initiator of the + // channel wishes to use as the total capacity of the channel. The + // initial balance of the funding will be this value minus the push + // amount (if set). + FundingAmount btcutil.Amount + + // PushAmount is the value that the initiating party wishes to "push" + // to the responding as part of the first commitment state. If the + // responder accepts, then this will be their initial balance. + PushAmount MilliSatoshi + + // DustLimit is the specific dust limit the sender of this message + // would like enforced on their version of the commitment transaction. + // Any output below this value will be "trimmed" from the commitment + // transaction, with the amount of the HTLC going to dust. + DustLimit btcutil.Amount + + // MaxValueInFlight represents the maximum amount of coins that can be + // pending within the channel at any given time. If the amount of funds + // in limbo exceeds this amount, then the channel will be failed. + MaxValueInFlight MilliSatoshi + + // ChannelReserve is the amount of BTC that the receiving party MUST + // maintain a balance above at all times. This is a safety mechanism to + // ensure that both sides always have skin in the game during the + // channel's lifetime. + ChannelReserve btcutil.Amount + + // HtlcMinimum is the smallest HTLC that the sender of this message + // will accept. + HtlcMinimum MilliSatoshi + + // FeePerKiloWeight is the initial fee rate that the initiator suggests + // for both commitment transaction. This value is expressed in sat per + // kilo-weight. + // + // TODO(halseth): make SatPerKWeight when fee estimation is in own + // package. Currently this will cause an import cycle. + FeePerKiloWeight uint32 + + // CsvDelay is the number of blocks to use for the relative time lock + // in the pay-to-self output of both commitment transactions. + CsvDelay uint16 + + // MaxAcceptedHTLCs is the total number of incoming HTLC's that the + // sender of this channel will accept. + MaxAcceptedHTLCs uint16 + + // FundingKey is the key that should be used on behalf of the sender + // within the 2-of-2 multi-sig output that it contained within the + // funding transaction. + FundingKey *btcec.PublicKey + + // RevocationPoint is the base revocation point for the sending party. + // Any commitment transaction belonging to the receiver of this message + // should use this key and their per-commitment point to derive the + // revocation key for the commitment transaction. + RevocationPoint *btcec.PublicKey + + // PaymentPoint is the base payment point for the sending party. This + // key should be combined with the per commitment point for a + // particular commitment state in order to create the key that should + // be used in any output that pays directly to the sending party, and + // also within the HTLC covenant transactions. + PaymentPoint *btcec.PublicKey + + // DelayedPaymentPoint is the delay point for the sending party. This + // key should be combined with the per commitment point to derive the + // keys that are used in outputs of the sender's commitment transaction + // where they claim funds. + DelayedPaymentPoint *btcec.PublicKey + + // HtlcPoint is the base point used to derive the set of keys for this + // party that will be used within the HTLC public key scripts. This + // value is combined with the receiver's revocation base point in order + // to derive the keys that are used within HTLC scripts. + HtlcPoint *btcec.PublicKey + + // FirstCommitmentPoint is the first commitment point for the sending + // party. This value should be combined with the receiver's revocation + // base point in order to derive the revocation keys that are placed + // within the commitment transaction of the sender. + FirstCommitmentPoint *btcec.PublicKey + + // ChannelFlags is a bit-field which allows the initiator of the + // channel to specify further behavior surrounding the channel. + // Currently, the least significant bit of this bit field indicates the + // initiator of the channel wishes to advertise this channel publicly. + ChannelFlags FundingFlag +} + +// A compile time check to ensure OpenChannel implements the lnwire.Message +// interface. +var _ Message = (*OpenChannel)(nil) + +// Encode serializes the target OpenChannel into the passed io.Writer +// implementation. Serialization will observe the rules defined by the passed +// protocol version. +// +// This is part of the lnwire.Message interface. +func (o *OpenChannel) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + o.ChainHash[:], + o.PendingChannelID[:], + o.FundingAmount, + o.PushAmount, + o.DustLimit, + o.MaxValueInFlight, + o.ChannelReserve, + o.HtlcMinimum, + o.FeePerKiloWeight, + o.CsvDelay, + o.MaxAcceptedHTLCs, + o.FundingKey, + o.RevocationPoint, + o.PaymentPoint, + o.DelayedPaymentPoint, + o.HtlcPoint, + o.FirstCommitmentPoint, + o.ChannelFlags, + ) +} + +// Decode deserializes the serialized OpenChannel stored in the passed +// io.Reader into the target OpenChannel using the deserialization rules +// defined by the passed protocol version. +// +// This is part of the lnwire.Message interface. +func (o *OpenChannel) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + o.ChainHash[:], + o.PendingChannelID[:], + &o.FundingAmount, + &o.PushAmount, + &o.DustLimit, + &o.MaxValueInFlight, + &o.ChannelReserve, + &o.HtlcMinimum, + &o.FeePerKiloWeight, + &o.CsvDelay, + &o.MaxAcceptedHTLCs, + &o.FundingKey, + &o.RevocationPoint, + &o.PaymentPoint, + &o.DelayedPaymentPoint, + &o.HtlcPoint, + &o.FirstCommitmentPoint, + &o.ChannelFlags, + ) +} + +// MsgType returns the MessageType code which uniquely identifies this message +// as an OpenChannel on the wire. +// +// This is part of the lnwire.Message interface. +func (o *OpenChannel) MsgType() MessageType { + return MsgOpenChannel +} + +// MaxPayloadLength returns the maximum allowed payload length for a +// OpenChannel message. +// +// This is part of the lnwire.Message interface. +func (o *OpenChannel) MaxPayloadLength(uint32) uint32 { + // (32 * 2) + (8 * 6) + (4 * 1) + (2 * 2) + (33 * 6) + 1 + return 319 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/ping.go b/vendor/github.com/lightningnetwork/lnd/lnwire/ping.go new file mode 100644 index 0000000..cf9a83b --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/ping.go @@ -0,0 +1,67 @@ +package lnwire + +import "io" + +// PingPayload is a set of opaque bytes used to pad out a ping message. +type PingPayload []byte + +// Ping defines a message which is sent by peers periodically to determine if +// the connection is still valid. Each ping message carries the number of bytes +// to pad the pong response with, and also a number of bytes to be ignored at +// the end of the ping message (which is padding). +type Ping struct { + // NumPongBytes is the number of bytes the pong response to this + // message should carry. + NumPongBytes uint16 + + // PaddingBytes is a set of opaque bytes used to pad out this ping + // message. Using this field in conjunction to the one above, it's + // possible for node to generate fake cover traffic. + PaddingBytes PingPayload +} + +// NewPing returns a new Ping message. +func NewPing(numBytes uint16) *Ping { + return &Ping{ + NumPongBytes: numBytes, + } +} + +// A compile time check to ensure Ping implements the lnwire.Message interface. +var _ Message = (*Ping)(nil) + +// Decode deserializes a serialized Ping message stored in the passed io.Reader +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (p *Ping) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &p.NumPongBytes, + &p.PaddingBytes) +} + +// Encode serializes the target Ping into the passed io.Writer observing the +// protocol version specified. +// +// This is part of the lnwire.Message interface. +func (p *Ping) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + p.NumPongBytes, + p.PaddingBytes) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (p *Ping) MsgType() MessageType { + return MsgPing +} + +// MaxPayloadLength returns the maximum allowed payload size for a Ping +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (p Ping) MaxPayloadLength(uint32) uint32 { + return 65532 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/pong.go b/vendor/github.com/lightningnetwork/lnd/lnwire/pong.go new file mode 100644 index 0000000..c3166aa --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/pong.go @@ -0,0 +1,63 @@ +package lnwire + +import "io" + +// PongPayload is a set of opaque bytes sent in response to a ping message. +type PongPayload []byte + +// Pong defines a message which is the direct response to a received Ping +// message. A Pong reply indicates that a connection is still active. The Pong +// reply to a Ping message should contain the nonce carried in the original +// Pong message. +type Pong struct { + // PongBytes is a set of opaque bytes that corresponds to the + // NumPongBytes defined in the ping message that this pong is + // replying to. + PongBytes PongPayload +} + +// NewPong returns a new Pong message. +func NewPong(pongBytes []byte) *Pong { + return &Pong{ + PongBytes: pongBytes, + } +} + +// A compile time check to ensure Pong implements the lnwire.Message interface. +var _ Message = (*Pong)(nil) + +// Decode deserializes a serialized Pong message stored in the passed io.Reader +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (p *Pong) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &p.PongBytes, + ) +} + +// Encode serializes the target Pong into the passed io.Writer observing the +// protocol version specified. +// +// This is part of the lnwire.Message interface. +func (p *Pong) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + p.PongBytes, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (p *Pong) MsgType() MessageType { + return MsgPong +} + +// MaxPayloadLength returns the maximum allowed payload size for a Pong +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (p *Pong) MaxPayloadLength(uint32) uint32 { + return 65532 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/query_channel_range.go b/vendor/github.com/lightningnetwork/lnd/lnwire/query_channel_range.go new file mode 100644 index 0000000..f910cb9 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/query_channel_range.go @@ -0,0 +1,77 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// QueryChannelRange is a message sent by a node in order to query the +// receiving node of the set of open channel they know of with short channel +// ID's after the specified block height, capped at the number of blocks beyond +// that block height. This will be used by nodes upon initial connect to +// synchronize their views of the network. +type QueryChannelRange struct { + // ChainHash denotes the target chain that we're trying to synchronize + // channel graph state for. + ChainHash chainhash.Hash + + // FirstBlockHeight is the first block in the query range. The + // responder should send all new short channel IDs from this block + // until this block plus the specified number of blocks. + FirstBlockHeight uint32 + + // NumBlocks is the number of blocks beyond the first block that short + // channel ID's should be sent for. + NumBlocks uint32 +} + +// NewQueryChannelRange creates a new empty QueryChannelRange message. +func NewQueryChannelRange() *QueryChannelRange { + return &QueryChannelRange{} +} + +// A compile time check to ensure QueryChannelRange implements the +// lnwire.Message interface. +var _ Message = (*QueryChannelRange)(nil) + +// Decode deserializes a serialized QueryChannelRange message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (q *QueryChannelRange) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + q.ChainHash[:], + &q.FirstBlockHeight, + &q.NumBlocks, + ) +} + +// Encode serializes the target QueryChannelRange into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (q *QueryChannelRange) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + q.ChainHash[:], + q.FirstBlockHeight, + q.NumBlocks, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (q *QueryChannelRange) MsgType() MessageType { + return MsgQueryChannelRange +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// QueryChannelRange complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (q *QueryChannelRange) MaxPayloadLength(uint32) uint32 { + // 32 + 4 + 4 + return 40 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/query_short_chan_ids.go b/vendor/github.com/lightningnetwork/lnd/lnwire/query_short_chan_ids.go new file mode 100644 index 0000000..64521ce --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/query_short_chan_ids.go @@ -0,0 +1,371 @@ +package lnwire + +import ( + "bytes" + "compress/zlib" + "fmt" + "io" + "sort" + "sync" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// ShortChanIDEncoding is an enum-like type that represents exactly how a set +// of short channel ID's is encoded on the wire. The set of encodings allows us +// to take advantage of the structure of a list of short channel ID's to +// achieving a high degree of compression. +type ShortChanIDEncoding uint8 + +const ( + // EncodingSortedPlain signals that the set of short channel ID's is + // encoded using the regular encoding, in a sorted order. + EncodingSortedPlain ShortChanIDEncoding = 0 + + // EncodingSortedZlib signals that the set of short channel ID's is + // encoded by first sorting the set of channel ID's, as then + // compressing them using zlib. + EncodingSortedZlib ShortChanIDEncoding = 1 +) + +const ( + // maxZlibBufSize is the max number of bytes that we'll accept from a + // zlib decoding instance. We do this in order to limit the total + // amount of memory allocated during a decoding instance. + maxZlibBufSize = 67413630 +) + +// zlibDecodeMtx is a package level mutex that we'll use in order to ensure +// that we'll only attempt a single zlib decoding instance at a time. This +// allows us to also further bound our memory usage. +var zlibDecodeMtx sync.Mutex + +// ErrUnknownShortChanIDEncoding is a parametrized error that indicates that we +// came across an unknown short channel ID encoding, and therefore were unable +// to continue parsing. +func ErrUnknownShortChanIDEncoding(encoding ShortChanIDEncoding) error { + return fmt.Errorf("unknown short chan id encoding: %v", encoding) +} + +// QueryShortChanIDs is a message that allows the sender to query a set of +// channel announcement and channel update messages that correspond to the set +// of encoded short channel ID's. The encoding of the short channel ID's is +// detailed in the query message ensuring that the receiver knows how to +// properly decode each encode short channel ID which may be encoded using a +// compression format. The receiver should respond with a series of channel +// announcement and channel updates, finally sending a ReplyShortChanIDsEnd +// message. +type QueryShortChanIDs struct { + // ChainHash denotes the target chain that we're querying for the + // channel channel ID's of. + ChainHash chainhash.Hash + + // EncodingType is a signal to the receiver of the message that + // indicates exactly how the set of short channel ID's that follow have + // been encoded. + EncodingType ShortChanIDEncoding + + // ShortChanIDs is a slice of decoded short channel ID's. + ShortChanIDs []ShortChannelID +} + +// NewQueryShortChanIDs creates a new QueryShortChanIDs message. +func NewQueryShortChanIDs(h chainhash.Hash, e ShortChanIDEncoding, + s []ShortChannelID) *QueryShortChanIDs { + + return &QueryShortChanIDs{ + ChainHash: h, + EncodingType: e, + ShortChanIDs: s, + } +} + +// A compile time check to ensure QueryShortChanIDs implements the +// lnwire.Message interface. +var _ Message = (*QueryShortChanIDs)(nil) + +// Decode deserializes a serialized QueryShortChanIDs message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (q *QueryShortChanIDs) Decode(r io.Reader, pver uint32) error { + err := ReadElements(r, q.ChainHash[:]) + if err != nil { + return err + } + + q.EncodingType, q.ShortChanIDs, err = decodeShortChanIDs(r) + + return err +} + +// decodeShortChanIDs decodes a set of short channel ID's that have been +// encoded. The first byte of the body details how the short chan ID's were +// encoded. We'll use this type to govern exactly how we go about encoding the +// set of short channel ID's. +func decodeShortChanIDs(r io.Reader) (ShortChanIDEncoding, []ShortChannelID, error) { + // First, we'll attempt to read the number of bytes in the body of the + // set of encoded short channel ID's. + var numBytesResp uint16 + err := ReadElements(r, &numBytesResp) + if err != nil { + return 0, nil, err + } + + if numBytesResp == 0 { + return 0, nil, fmt.Errorf("No encoding type specified") + } + + queryBody := make([]byte, numBytesResp) + if _, err := io.ReadFull(r, queryBody); err != nil { + return 0, nil, err + } + + // The first byte is the encoding type, so we'll extract that so we can + // continue our parsing. + encodingType := ShortChanIDEncoding(queryBody[0]) + + // Before continuing, we'll snip off the first byte of the query body + // as that was just the encoding type. + queryBody = queryBody[1:] + + // Otherwise, depending on the encoding type, we'll decode the encode + // short channel ID's in a different manner. + switch encodingType { + + // In this encoding, we'll simply read a sort array of encoded short + // channel ID's from the buffer. + case EncodingSortedPlain: + // If after extracting the encoding type, then number of + // remaining bytes instead a whole multiple of the size of an + // encoded short channel ID (8 bytes), then we'll return a + // parsing error. + if len(queryBody)%8 != 0 { + return 0, nil, fmt.Errorf("whole number of short "+ + "chan ID's cannot be encoded in len=%v", + len(queryBody)) + } + + // As each short channel ID is encoded as 8 bytes, we can + // compute the number of bytes encoded based on the size of the + // query body. + numShortChanIDs := len(queryBody) / 8 + if numShortChanIDs == 0 { + return encodingType, nil, nil + } + + // Finally, we'll read out the exact number of short channel + // ID's to conclude our parsing. + shortChanIDs := make([]ShortChannelID, numShortChanIDs) + bodyReader := bytes.NewReader(queryBody) + for i := 0; i < numShortChanIDs; i++ { + if err := ReadElements(bodyReader, &shortChanIDs[i]); err != nil { + return 0, nil, fmt.Errorf("unable to parse "+ + "short chan ID: %v", err) + } + } + + return encodingType, shortChanIDs, nil + + // In this encoding, we'll use zlib to decode the compressed payload. + // However, we'll pay attention to ensure that we don't open our selves + // up to a memory exhaustion attack. + case EncodingSortedZlib: + // We'll obtain an ultimately release the zlib decode mutex. + // This guards us against allocating too much memory to decode + // each instance from concurrent peers. + zlibDecodeMtx.Lock() + defer zlibDecodeMtx.Unlock() + + // Before we start to decode, we'll create a limit reader over + // the current reader. This will ensure that we can control how + // much memory we're allocating during the decoding process. + limitedDecompressor, err := zlib.NewReader(&io.LimitedReader{ + R: bytes.NewReader(queryBody), + N: maxZlibBufSize, + }) + if err != nil { + return 0, nil, fmt.Errorf("unable to create zlib reader: %v", err) + } + + var ( + shortChanIDs []ShortChannelID + lastChanID ShortChannelID + ) + for { + // We'll now attempt to read the next short channel ID + // encoded in the payload. + var cid ShortChannelID + err := ReadElements(limitedDecompressor, &cid) + + switch { + // If we get an EOF error, then that either means we've + // read all that's contained in the buffer, or have hit + // our limit on the number of bytes we'll read. In + // either case, we'll return what we have so far. + case err == io.ErrUnexpectedEOF || err == io.EOF: + return encodingType, shortChanIDs, nil + + // Otherwise, we hit some other sort of error, possibly + // an invalid payload, so we'll exit early with the + // error. + case err != nil: + return 0, nil, fmt.Errorf("unable to "+ + "deflate next short chan "+ + "ID: %v", err) + } + + // We successfully read the next ID, so well collect + // that in the set of final ID's to return. + shortChanIDs = append(shortChanIDs, cid) + + // Finally, we'll ensure that this short chan ID is + // greater than the last one. This is a requirement + // within the encoding, and if violated can aide us in + // detecting malicious payloads. + if cid.ToUint64() <= lastChanID.ToUint64() { + return 0, nil, fmt.Errorf("current sid of %v "+ + "isn't greater than last sid of %v", cid, + lastChanID) + } + + lastChanID = cid + } + + default: + // If we've been sent an encoding type that we don't know of, + // then we'll return a parsing error as we can't continue if + // we're unable to encode them. + return 0, nil, ErrUnknownShortChanIDEncoding(encodingType) + } +} + +// Encode serializes the target QueryShortChanIDs into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (q *QueryShortChanIDs) Encode(w io.Writer, pver uint32) error { + // First, we'll write out the chain hash. + err := WriteElements(w, q.ChainHash[:]) + if err != nil { + return err + } + + // Base on our encoding type, we'll write out the set of short channel + // ID's. + return encodeShortChanIDs(w, q.EncodingType, q.ShortChanIDs) +} + +// encodeShortChanIDs encodes the passed short channel ID's into the passed +// io.Writer, respecting the specified encoding type. +func encodeShortChanIDs(w io.Writer, encodingType ShortChanIDEncoding, + shortChanIDs []ShortChannelID) error { + + // For both of the current encoding types, the channel ID's are to be + // sorted in place, so we'll do that now. + sort.Slice(shortChanIDs, func(i, j int) bool { + return shortChanIDs[i].ToUint64() < + shortChanIDs[j].ToUint64() + }) + + switch encodingType { + + // In this encoding, we'll simply write a sorted array of encoded short + // channel ID's from the buffer. + case EncodingSortedPlain: + // First, we'll write out the number of bytes of the query + // body. We add 1 as the response will have the encoding type + // prepended to it. + numBytesBody := uint16(len(shortChanIDs)*8) + 1 + if err := WriteElements(w, numBytesBody); err != nil { + return err + } + + // We'll then write out the encoding that that follows the + // actual encoded short channel ID's. + if err := WriteElements(w, encodingType); err != nil { + return err + } + + // Now that we know they're sorted, we can write out each short + // channel ID to the buffer. + for _, chanID := range shortChanIDs { + if err := WriteElements(w, chanID); err != nil { + return fmt.Errorf("unable to write short chan "+ + "ID: %v", err) + } + } + + return nil + + // For this encoding we'll first write out a serialized version of all + // the channel ID's into a buffer, then zlib encode that. The final + // payload is what we'll write out to the passed io.Writer. + // + // TODO(roasbeef): assumes the caller knows the proper chunk size to + // pass to avoid bin-packing here + case EncodingSortedZlib: + // We'll make a new buffer, then wrap that with a zlib writer + // so we can write directly to the buffer and encode in a + // streaming manner. + var buf bytes.Buffer + zlibWriter := zlib.NewWriter(&buf) + + // Next, we'll write out all the channel ID's directly into the + // zlib writer, which will do compressing on the fly. + for _, chanID := range shortChanIDs { + err := WriteElements(zlibWriter, chanID) + if err != nil { + return fmt.Errorf("unable to write short chan "+ + "ID: %v", err) + } + } + + // Now that we've written all the elements, we'll ensure the + // compressed stream is written to the underlying buffer. + if err := zlibWriter.Close(); err != nil { + return fmt.Errorf("unable to finalize "+ + "compression: %v", err) + } + + // Now that we have all the items compressed, we can compute + // what the total payload size will be. We add one to account + // for the byte to encode the type. + compressedPayload := buf.Bytes() + numBytesBody := len(compressedPayload) + 1 + + // Finally, we can write out the number of bytes, the + // compression type, and finally the buffer itself. + if err := WriteElements(w, uint16(numBytesBody)); err != nil { + return err + } + if err := WriteElements(w, encodingType); err != nil { + return err + } + + _, err := w.Write(compressedPayload) + return err + + default: + // If we're trying to encode with an encoding type that we + // don't know of, then we'll return a parsing error as we can't + // continue if we're unable to encode them. + return ErrUnknownShortChanIDEncoding(encodingType) + } +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (q *QueryShortChanIDs) MsgType() MessageType { + return MsgQueryShortChanIDs +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// QueryShortChanIDs complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (q *QueryShortChanIDs) MaxPayloadLength(uint32) uint32 { + return MaxMessagePayload +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/reply_channel_range.go b/vendor/github.com/lightningnetwork/lnd/lnwire/reply_channel_range.go new file mode 100644 index 0000000..5765191 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/reply_channel_range.go @@ -0,0 +1,84 @@ +package lnwire + +import "io" + +// ReplyChannelRange is the response to the QueryChannelRange message. It +// includes the original query, and the next streaming chunk of encoded short +// channel ID's as the response. We'll also include a byte that indicates if +// this is the last query in the message. +type ReplyChannelRange struct { + // QueryChannelRange is the corresponding query to this response. + QueryChannelRange + + // Complete denotes if this is the conclusion of the set of streaming + // responses to the original query. + Complete uint8 + + // EncodingType is a signal to the receiver of the message that + // indicates exactly how the set of short channel ID's that follow have + // been encoded. + EncodingType ShortChanIDEncoding + + // ShortChanIDs is a slice of decoded short channel ID's. + ShortChanIDs []ShortChannelID +} + +// NewReplyChannelRange creates a new empty ReplyChannelRange message. +func NewReplyChannelRange() *ReplyChannelRange { + return &ReplyChannelRange{} +} + +// A compile time check to ensure ReplyChannelRange implements the +// lnwire.Message interface. +var _ Message = (*ReplyChannelRange)(nil) + +// Decode deserializes a serialized ReplyChannelRange message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *ReplyChannelRange) Decode(r io.Reader, pver uint32) error { + err := c.QueryChannelRange.Decode(r, pver) + if err != nil { + return err + } + + if err := ReadElements(r, &c.Complete); err != nil { + return err + } + + c.EncodingType, c.ShortChanIDs, err = decodeShortChanIDs(r) + + return err +} + +// Encode serializes the target ReplyChannelRange into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *ReplyChannelRange) Encode(w io.Writer, pver uint32) error { + if err := c.QueryChannelRange.Encode(w, pver); err != nil { + return err + } + + if err := WriteElements(w, c.Complete); err != nil { + return err + } + + return encodeShortChanIDs(w, c.EncodingType, c.ShortChanIDs) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *ReplyChannelRange) MsgType() MessageType { + return MsgReplyChannelRange +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// ReplyChannelRange complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *ReplyChannelRange) MaxPayloadLength(uint32) uint32 { + return MaxMessagePayload +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/reply_short_chan_ids_end.go b/vendor/github.com/lightningnetwork/lnd/lnwire/reply_short_chan_ids_end.go new file mode 100644 index 0000000..ce5f8f7 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/reply_short_chan_ids_end.go @@ -0,0 +1,74 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/chaincfg/chainhash" +) + +// ReplyShortChanIDsEnd is a message that marks the end of a streaming message +// response to an initial QueryShortChanIDs message. This marks that the +// receiver of the original QueryShortChanIDs for the target chain has either +// sent all adequate responses it knows of, or doesn't now of any short chan +// ID's for the target chain. +type ReplyShortChanIDsEnd struct { + // ChainHash denotes the target chain that we're respond to a short + // chan ID query for. + ChainHash chainhash.Hash + + // Complete will be set to 0 if we don't know of the chain that the + // remote peer sent their query for. Otherwise, we'll set this to 1 in + // order to indicate that we've sent all known responses for the prior + // set of short chan ID's in the corresponding QueryShortChanIDs + // message. + Complete uint8 +} + +// NewReplyShortChanIDsEnd creates a new empty ReplyShortChanIDsEnd message. +func NewReplyShortChanIDsEnd() *ReplyShortChanIDsEnd { + return &ReplyShortChanIDsEnd{} +} + +// A compile time check to ensure ReplyShortChanIDsEnd implements the +// lnwire.Message interface. +var _ Message = (*ReplyShortChanIDsEnd)(nil) + +// Decode deserializes a serialized ReplyShortChanIDsEnd message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *ReplyShortChanIDsEnd) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + c.ChainHash[:], + &c.Complete, + ) +} + +// Encode serializes the target ReplyShortChanIDsEnd into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *ReplyShortChanIDsEnd) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChainHash[:], + c.Complete, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *ReplyShortChanIDsEnd) MsgType() MessageType { + return MsgReplyShortChanIDsEnd +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// ReplyShortChanIDsEnd complete message observing the specified protocol +// version. +// +// This is part of the lnwire.Message interface. +func (c *ReplyShortChanIDsEnd) MaxPayloadLength(uint32) uint32 { + // 32 (chain hash) + 1 (complete) + return 33 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/revoke_and_ack.go b/vendor/github.com/lightningnetwork/lnd/lnwire/revoke_and_ack.go new file mode 100644 index 0000000..623bcc3 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/revoke_and_ack.go @@ -0,0 +1,83 @@ +package lnwire + +import ( + "io" + + "github.com/btcsuite/btcd/btcec" +) + +// RevokeAndAck is sent by either side once a CommitSig message has been +// received, and validated. This message serves to revoke the prior commitment +// transaction, which was the most up to date version until a CommitSig message +// referencing the specified ChannelPoint was received. Additionally, this +// message also piggyback's the next revocation hash that Alice should use when +// constructing the Bob's version of the next commitment transaction (which +// would be done before sending a CommitSig message). This piggybacking allows +// Alice to send the next CommitSig message modifying Bob's commitment +// transaction without first asking for a revocation hash initially. +type RevokeAndAck struct { + // ChanID uniquely identifies to which currently active channel this + // RevokeAndAck applies to. + ChanID ChannelID + + // Revocation is the preimage to the revocation hash of the now prior + // commitment transaction. + Revocation [32]byte + + // NextRevocationKey is the next commitment point which should be used + // for the next commitment transaction the remote peer creates for us. + // This, in conjunction without revocation base point will be used to + // create the proper revocation key used within the commitment + // transaction. + NextRevocationKey *btcec.PublicKey +} + +// NewRevokeAndAck creates a new RevokeAndAck message. +func NewRevokeAndAck() *RevokeAndAck { + return &RevokeAndAck{} +} + +// A compile time check to ensure RevokeAndAck implements the lnwire.Message +// interface. +var _ Message = (*RevokeAndAck)(nil) + +// Decode deserializes a serialized RevokeAndAck message stored in the +// passed io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *RevokeAndAck) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + c.Revocation[:], + &c.NextRevocationKey, + ) +} + +// Encode serializes the target RevokeAndAck into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *RevokeAndAck) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.Revocation[:], + c.NextRevocationKey, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *RevokeAndAck) MsgType() MessageType { + return MsgRevokeAndAck +} + +// MaxPayloadLength returns the maximum allowed payload size for a RevokeAndAck +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *RevokeAndAck) MaxPayloadLength(uint32) uint32 { + // 32 + 32 + 33 + return 97 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/short_channel_id.go b/vendor/github.com/lightningnetwork/lnd/lnwire/short_channel_id.go new file mode 100644 index 0000000..b2b980a --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/short_channel_id.go @@ -0,0 +1,48 @@ +package lnwire + +import ( + "fmt" +) + +// ShortChannelID represents the set of data which is needed to retrieve all +// necessary data to validate the channel existence. +type ShortChannelID struct { + // BlockHeight is the height of the block where funding transaction + // located. + // + // NOTE: This field is limited to 3 bytes. + BlockHeight uint32 + + // TxIndex is a position of funding transaction within a block. + // + // NOTE: This field is limited to 3 bytes. + TxIndex uint32 + + // TxPosition indicating transaction output which pays to the channel. + TxPosition uint16 +} + +// NewShortChanIDFromInt returns a new ShortChannelID which is the decoded +// version of the compact channel ID encoded within the uint64. The format of +// the compact channel ID is as follows: 3 bytes for the block height, 3 bytes +// for the transaction index, and 2 bytes for the output index. +func NewShortChanIDFromInt(chanID uint64) ShortChannelID { + return ShortChannelID{ + BlockHeight: uint32(chanID >> 40), + TxIndex: uint32(chanID>>16) & 0xFFFFFF, + TxPosition: uint16(chanID), + } +} + +// ToUint64 converts the ShortChannelID into a compact format encoded within a +// uint64 (8 bytes). +func (c ShortChannelID) ToUint64() uint64 { + // TODO(roasbeef): explicit error on overflow? + return ((uint64(c.BlockHeight) << 40) | (uint64(c.TxIndex) << 16) | + (uint64(c.TxPosition))) +} + +// String generates a human-readable representation of the channel ID. +func (c ShortChannelID) String() string { + return fmt.Sprintf("%d:%d:%d", c.BlockHeight, c.TxIndex, c.TxPosition) +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/shutdown.go b/vendor/github.com/lightningnetwork/lnd/lnwire/shutdown.go new file mode 100644 index 0000000..3dabc7b --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/shutdown.go @@ -0,0 +1,81 @@ +package lnwire + +import ( + "io" +) + +// Shutdown is sent by either side in order to initiate the cooperative closure +// of a channel. This message is sparse as both sides implicitly have the +// information necessary to construct a transaction that will send the settled +// funds of both parties to the final delivery addresses negotiated during the +// funding workflow. +type Shutdown struct { + // ChannelID serves to identify which channel is to be closed. + ChannelID ChannelID + + // Address is the script to which the channel funds will be paid. + Address DeliveryAddress +} + +// DeliveryAddress is used to communicate the address to which funds from a +// closed channel should be sent. The address can be a p2wsh, p2pkh, p2sh or +// p2wpkh. +type DeliveryAddress []byte + +// NewShutdown creates a new Shutdown message. +func NewShutdown(cid ChannelID, addr DeliveryAddress) *Shutdown { + return &Shutdown{ + ChannelID: cid, + Address: addr, + } +} + +// A compile-time check to ensure Shutdown implements the lnwire.Message +// interface. +var _ Message = (*Shutdown)(nil) + +// Decode deserializes a serialized Shutdown stored in the passed io.Reader +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (s *Shutdown) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, &s.ChannelID, &s.Address) +} + +// Encode serializes the target Shutdown into the passed io.Writer observing +// the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (s *Shutdown) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, s.ChannelID, s.Address) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (s *Shutdown) MsgType() MessageType { + return MsgShutdown +} + +// MaxPayloadLength returns the maximum allowed payload size for this message +// observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (s *Shutdown) MaxPayloadLength(pver uint32) uint32 { + var length uint32 + + // ChannelID - 32bytes + length += 32 + + // Len - 2 bytes + length += 2 + + // ScriptPubKey - 34 bytes for pay to witness script hash + length += 34 + + // NOTE: pay to pubkey hash is 25 bytes, pay to script hash is 22 + // bytes, and pay to witness pubkey hash is 22 bytes in length. + + return length +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/signature.go b/vendor/github.com/lightningnetwork/lnd/lnwire/signature.go new file mode 100644 index 0000000..012d5a9 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/signature.go @@ -0,0 +1,128 @@ +package lnwire + +import ( + "fmt" + + "github.com/btcsuite/btcd/btcec" +) + +// Sig is a fixed-sized ECDSA signature. Unlike Bitcoin, we use fixed sized +// signatures on the wire, instead of DER encoded signatures. This type +// provides several methods to convert to/from a regular Bitcoin DER encoded +// signature (raw bytes and *btcec.Signature). +type Sig [64]byte + +// NewSigFromRawSignature returns a Sig from a Bitcoin raw signature encoded in +// the canonical DER encoding. +func NewSigFromRawSignature(sig []byte) (Sig, error) { + var b Sig + + if len(sig) == 0 { + return b, fmt.Errorf("cannot decode empty signature") + } + + // Extract lengths of R and S. The DER representation is laid out as + // 0x30 0x02 r 0x02 s + // which means the length of R is the 4th byte and the length of S + // is the second byte after R ends. 0x02 signifies a length-prefixed, + // zero-padded, big-endian bigint. 0x30 signifies a DER signature. + // See the Serialize() method for btcec.Signature for details. + rLen := sig[3] + sLen := sig[5+rLen] + + // Check to make sure R and S can both fit into their intended buffers. + // We check S first because these code blocks decrement sLen and rLen + // in the case of a 33-byte 0-padded integer returned from Serialize() + // and rLen is used in calculating array indices for S. We can track + // this with additional variables, but it's more efficient to just + // check S first. + if sLen > 32 { + if (sLen > 33) || (sig[6+rLen] != 0x00) { + return b, fmt.Errorf("S is over 32 bytes long " + + "without padding") + } + sLen-- + copy(b[64-sLen:], sig[7+rLen:]) + } else { + copy(b[64-sLen:], sig[6+rLen:]) + } + + // Do the same for R as we did for S + if rLen > 32 { + if (rLen > 33) || (sig[4] != 0x00) { + return b, fmt.Errorf("R is over 32 bytes long " + + "without padding") + } + rLen-- + copy(b[32-rLen:], sig[5:5+rLen]) + } else { + copy(b[32-rLen:], sig[4:4+rLen]) + } + + return b, nil +} + +// NewSigFromSignature creates a new signature as used on the wire, from an +// existing btcec.Signature. +func NewSigFromSignature(e *btcec.Signature) (Sig, error) { + if e == nil { + return Sig{}, fmt.Errorf("cannot decode empty signature") + } + + // Serialize the signature with all the checks that entails. + return NewSigFromRawSignature(e.Serialize()) +} + +// ToSignature converts the fixed-sized signature to a btcec.Signature objects +// which can be used for signature validation checks. +func (b *Sig) ToSignature() (*btcec.Signature, error) { + // Parse the signature with strict checks. + sigBytes := b.ToSignatureBytes() + sig, err := btcec.ParseDERSignature(sigBytes, btcec.S256()) + if err != nil { + return nil, err + } + + return sig, nil +} + +// ToSignatureBytes serializes the target fixed-sized signature into the raw +// bytes of a DER encoding. +func (b *Sig) ToSignatureBytes() []byte { + // Extract canonically-padded bigint representations from buffer + r := extractCanonicalPadding(b[0:32]) + s := extractCanonicalPadding(b[32:64]) + rLen := uint8(len(r)) + sLen := uint8(len(s)) + + // Create a canonical serialized signature. DER format is: + // 0x30 0x02 r 0x02 s + sigBytes := make([]byte, 6+rLen+sLen) + sigBytes[0] = 0x30 // DER signature magic value + sigBytes[1] = 4 + rLen + sLen // Length of rest of signature + sigBytes[2] = 0x02 // Big integer magic value + sigBytes[3] = rLen // Length of R + sigBytes[rLen+4] = 0x02 // Big integer magic value + sigBytes[rLen+5] = sLen // Length of S + copy(sigBytes[4:], r) // Copy R + copy(sigBytes[rLen+6:], s) // Copy S + + return sigBytes +} + +// extractCanonicalPadding is a utility function to extract the canonical +// padding of a big-endian integer from the wire encoding (a 0-padded +// big-endian integer) such that it passes btcec.canonicalPadding test. +func extractCanonicalPadding(b []byte) []byte { + for i := 0; i < len(b); i++ { + // Found first non-zero byte. + if b[i] > 0 { + // If the MSB is set, we need zero padding. + if b[i]&0x80 == 0x80 { + return append([]byte{0x00}, b[i:]...) + } + return b[i:] + } + } + return []byte{0x00} +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/update_add_htlc.go b/vendor/github.com/lightningnetwork/lnd/lnwire/update_add_htlc.go new file mode 100644 index 0000000..d127db4 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/update_add_htlc.go @@ -0,0 +1,109 @@ +package lnwire + +import "io" + +// OnionPacketSize is the size of the serialized Sphinx onion packet included +// in each UpdateAddHTLC message. The breakdown of the onion packet is as +// follows: 1-byte version, 33-byte ephemeral public key (for ECDH), 1300-bytes +// of per-hop data, and a 32-byte HMAC over the entire packet. +const OnionPacketSize = 1366 + +// UpdateAddHTLC is the message sent by Alice to Bob when she wishes to add an +// HTLC to his remote commitment transaction. In addition to information +// detailing the value, the ID, expiry, and the onion blob is also included +// which allows Bob to derive the next hop in the route. The HTLC added by this +// message is to be added to the remote node's "pending" HTLC's. A subsequent +// CommitSig message will move the pending HTLC to the newly created commitment +// transaction, marking them as "staged". +type UpdateAddHTLC struct { + // ChanID is the particular active channel that this UpdateAddHTLC is + // bound to. + ChanID ChannelID + + // ID is the identification server for this HTLC. This value is + // explicitly included as it allows nodes to survive single-sided + // restarts. The ID value for this sides starts at zero, and increases + // with each offered HTLC. + ID uint64 + + // Amount is the amount of millisatoshis this HTLC is worth. + Amount MilliSatoshi + + // PaymentHash is the payment hash to be included in the HTLC this + // request creates. The pre-image to this HTLC must be revealed by the + // upstream peer in order to fully settle the HTLC. + PaymentHash [32]byte + + // Expiry is the number of blocks after which this HTLC should expire. + // It is the receiver's duty to ensure that the outgoing HTLC has a + // sufficient expiry value to allow her to redeem the incoming HTLC. + Expiry uint32 + + // OnionBlob is the raw serialized mix header used to route an HTLC in + // a privacy-preserving manner. The mix header is defined currently to + // be parsed as a 4-tuple: (groupElement, routingInfo, headerMAC, + // body). First the receiving node should use the groupElement, and + // its current onion key to derive a shared secret with the source. + // Once the shared secret has been derived, the headerMAC should be + // checked FIRST. Note that the MAC only covers the routingInfo field. + // If the MAC matches, and the shared secret is fresh, then the node + // should strip off a layer of encryption, exposing the next hop to be + // used in the subsequent UpdateAddHTLC message. + OnionBlob [OnionPacketSize]byte +} + +// NewUpdateAddHTLC returns a new empty UpdateAddHTLC message. +func NewUpdateAddHTLC() *UpdateAddHTLC { + return &UpdateAddHTLC{} +} + +// A compile time check to ensure UpdateAddHTLC implements the lnwire.Message +// interface. +var _ Message = (*UpdateAddHTLC)(nil) + +// Decode deserializes a serialized UpdateAddHTLC message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateAddHTLC) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.ID, + &c.Amount, + c.PaymentHash[:], + &c.Expiry, + c.OnionBlob[:], + ) +} + +// Encode serializes the target UpdateAddHTLC into the passed io.Writer observing +// the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *UpdateAddHTLC) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.ID, + c.Amount, + c.PaymentHash[:], + c.Expiry, + c.OnionBlob[:], + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *UpdateAddHTLC) MsgType() MessageType { + return MsgUpdateAddHTLC +} + +// MaxPayloadLength returns the maximum allowed payload size for an UpdateAddHTLC +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateAddHTLC) MaxPayloadLength(uint32) uint32 { + // 1450 + return 32 + 8 + 4 + 8 + 32 + 1366 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_htlc.go b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_htlc.go new file mode 100644 index 0000000..ed59af1 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_htlc.go @@ -0,0 +1,85 @@ +package lnwire + +import "io" + +// OpaqueReason is an opaque encrypted byte slice that encodes the exact +// failure reason and additional some supplemental data. The contents of this +// slice can only be decrypted by the sender of the original HTLC. +type OpaqueReason []byte + +// UpdateFailHTLC is sent by Alice to Bob in order to remove a previously added +// HTLC. Upon receipt of an UpdateFailHTLC the HTLC should be removed from the +// next commitment transaction, with the UpdateFailHTLC propagated backwards in +// the route to fully undo the HTLC. +type UpdateFailHTLC struct { + // ChanIDPoint is the particular active channel that this + // UpdateFailHTLC is bound to. + ChanID ChannelID + + // ID references which HTLC on the remote node's commitment transaction + // has timed out. + ID uint64 + + // Reason is an onion-encrypted blob that details why the HTLC was + // failed. This blob is only fully decryptable by the initiator of the + // HTLC message. + Reason OpaqueReason +} + +// A compile time check to ensure UpdateFailHTLC implements the lnwire.Message +// interface. +var _ Message = (*UpdateFailHTLC)(nil) + +// Decode deserializes a serialized UpdateFailHTLC message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailHTLC) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.ID, + &c.Reason, + ) +} + +// Encode serializes the target UpdateFailHTLC into the passed io.Writer observing +// the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailHTLC) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.ID, + c.Reason, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailHTLC) MsgType() MessageType { + return MsgUpdateFailHTLC +} + +// MaxPayloadLength returns the maximum allowed payload size for an UpdateFailHTLC +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailHTLC) MaxPayloadLength(uint32) uint32 { + var length uint32 + + // Length of the ChanID + length += 32 + + // Length of the ID + length += 8 + + // Length of the length opaque reason + length += 2 + + // Length of the Reason + length += 292 + + return length +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_malformed_htlc.go b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_malformed_htlc.go new file mode 100644 index 0000000..6415b88 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fail_malformed_htlc.go @@ -0,0 +1,75 @@ +package lnwire + +import ( + "crypto/sha256" + "io" +) + +// UpdateFailMalformedHTLC is sent by either the payment forwarder or by +// payment receiver to the payment sender in order to notify it that the onion +// blob can't be parsed. For that reason we send this message instead of +// obfuscate the onion failure. +type UpdateFailMalformedHTLC struct { + // ChanID is the particular active channel that this + // UpdateFailMalformedHTLC is bound to. + ChanID ChannelID + + // ID references which HTLC on the remote node's commitment transaction + // has timed out. + ID uint64 + + // ShaOnionBlob hash of the onion blob on which can't be parsed by the + // node in the payment path. + ShaOnionBlob [sha256.Size]byte + + // FailureCode the exact reason why onion blob haven't been parsed. + FailureCode FailCode +} + +// A compile time check to ensure UpdateFailMalformedHTLC implements the +// lnwire.Message interface. +var _ Message = (*UpdateFailMalformedHTLC)(nil) + +// Decode deserializes a serialized UpdateFailMalformedHTLC message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailMalformedHTLC) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.ID, + c.ShaOnionBlob[:], + &c.FailureCode, + ) +} + +// Encode serializes the target UpdateFailMalformedHTLC into the passed +// io.Writer observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailMalformedHTLC) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.ID, + c.ShaOnionBlob[:], + c.FailureCode, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailMalformedHTLC) MsgType() MessageType { + return MsgUpdateFailMalformedHTLC +} + +// MaxPayloadLength returns the maximum allowed payload size for a +// UpdateFailMalformedHTLC complete message observing the specified protocol +// version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFailMalformedHTLC) MaxPayloadLength(uint32) uint32 { + // 32 + 8 + 32 + 2 + return 74 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/update_fee.go b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fee.go new file mode 100644 index 0000000..fde0cb8 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fee.go @@ -0,0 +1,70 @@ +package lnwire + +import ( + "io" +) + +// UpdateFee is the message the channel initiator sends to the other peer if +// the channel commitment fee needs to be updated. +type UpdateFee struct { + // ChanID is the channel that this UpdateFee is meant for. + ChanID ChannelID + + // FeePerKw is the fee-per-kw on commit transactions that the sender of + // this message wants to use for this channel. + // + // TODO(halseth): make SatPerKWeight when fee estimation is moved to + // own package. Currently this will cause an import cycle. + FeePerKw uint32 +} + +// NewUpdateFee creates a new UpdateFee message. +func NewUpdateFee(chanID ChannelID, feePerKw uint32) *UpdateFee { + return &UpdateFee{ + ChanID: chanID, + FeePerKw: feePerKw, + } +} + +// A compile time check to ensure UpdateFee implements the lnwire.Message +// interface. +var _ Message = (*UpdateFee)(nil) + +// Decode deserializes a serialized UpdateFee message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFee) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.FeePerKw, + ) +} + +// Encode serializes the target UpdateFee into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFee) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.FeePerKw, + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFee) MsgType() MessageType { + return MsgUpdateFee +} + +// MaxPayloadLength returns the maximum allowed payload size for an UpdateFee +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFee) MaxPayloadLength(uint32) uint32 { + // 32 + 4 + return 36 +} diff --git a/vendor/github.com/lightningnetwork/lnd/lnwire/update_fulfill_htlc.go b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fulfill_htlc.go new file mode 100644 index 0000000..050e81f --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/lnwire/update_fulfill_htlc.go @@ -0,0 +1,78 @@ +package lnwire + +import "io" + +// UpdateFulfillHTLC is sent by Alice to Bob when she wishes to settle a +// particular HTLC referenced by its HTLCKey within a specific active channel +// referenced by ChannelPoint. A subsequent CommitSig message will be sent by +// Alice to "lock-in" the removal of the specified HTLC, possible containing a +// batch signature covering several settled HTLC's. +type UpdateFulfillHTLC struct { + // ChanID references an active channel which holds the HTLC to be + // settled. + ChanID ChannelID + + // ID denotes the exact HTLC stage within the receiving node's + // commitment transaction to be removed. + ID uint64 + + // PaymentPreimage is the R-value preimage required to fully settle an + // HTLC. + PaymentPreimage [32]byte +} + +// NewUpdateFulfillHTLC returns a new empty UpdateFulfillHTLC. +func NewUpdateFulfillHTLC(chanID ChannelID, id uint64, + preimage [32]byte) *UpdateFulfillHTLC { + + return &UpdateFulfillHTLC{ + ChanID: chanID, + ID: id, + PaymentPreimage: preimage, + } +} + +// A compile time check to ensure UpdateFulfillHTLC implements the lnwire.Message +// interface. +var _ Message = (*UpdateFulfillHTLC)(nil) + +// Decode deserializes a serialized UpdateFulfillHTLC message stored in the passed +// io.Reader observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFulfillHTLC) Decode(r io.Reader, pver uint32) error { + return ReadElements(r, + &c.ChanID, + &c.ID, + c.PaymentPreimage[:], + ) +} + +// Encode serializes the target UpdateFulfillHTLC into the passed io.Writer +// observing the protocol version specified. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFulfillHTLC) Encode(w io.Writer, pver uint32) error { + return WriteElements(w, + c.ChanID, + c.ID, + c.PaymentPreimage[:], + ) +} + +// MsgType returns the integer uniquely identifying this message type on the +// wire. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFulfillHTLC) MsgType() MessageType { + return MsgUpdateFulfillHTLC +} + +// MaxPayloadLength returns the maximum allowed payload size for an UpdateFulfillHTLC +// complete message observing the specified protocol version. +// +// This is part of the lnwire.Message interface. +func (c *UpdateFulfillHTLC) MaxPayloadLength(uint32) uint32 { + // 32 + 8 + 32 + return 72 +} diff --git a/vendor/github.com/lightningnetwork/lnd/tor/README.md b/vendor/github.com/lightningnetwork/lnd/tor/README.md new file mode 100644 index 0000000..337f015 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/tor/README.md @@ -0,0 +1,21 @@ +tor +=== + +The tor package contains utility functions that allow for interacting with the +Tor daemon. So far, supported functions include: + +* Routing all traffic over Tor's exposed SOCKS5 proxy. +* Routing DNS queries over Tor (A, AAAA, SRV). +* Limited Tor Control functionality (synchronous messages only). So far, this +includes: + * Support for SAFECOOKIE authentication only as a sane default. + * Creating v2 onion services. + +In the future, the Tor Control functionality will be extended to support v3 +onion services, asynchronous messages, etc. + +## Installation and Updating + +```bash +$ go get -u github.com/lightningnetwork/lnd/tor +``` diff --git a/vendor/github.com/lightningnetwork/lnd/tor/controller.go b/vendor/github.com/lightningnetwork/lnd/tor/controller.go new file mode 100644 index 0000000..b96db96 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/tor/controller.go @@ -0,0 +1,530 @@ +package tor + +import ( + "bytes" + "crypto/hmac" + "crypto/rand" + "crypto/sha256" + "encoding/hex" + "errors" + "fmt" + "io/ioutil" + "net/textproto" + "os" + "strconv" + "strings" + "sync/atomic" +) + +const ( + // success is the Tor Control response code representing a successful + // request. + success = 250 + + // nonceLen is the length of a nonce generated by either the controller + // or the Tor server + nonceLen = 32 + + // cookieLen is the length of the authentication cookie. + cookieLen = 32 + + // ProtocolInfoVersion is the `protocolinfo` version currently supported + // by the Tor server. + ProtocolInfoVersion = 1 + + // MinTorVersion is the minimum supported version that the Tor server + // must be running on. This is needed in order to create v3 onion + // services through Tor's control port. + MinTorVersion = "0.3.3.6" +) + +var ( + // serverKey is the key used when computing the HMAC-SHA256 of a message + // from the server. + serverKey = []byte("Tor safe cookie authentication " + + "server-to-controller hash") + + // controllerKey is the key used when computing the HMAC-SHA256 of a + // message from the controller. + controllerKey = []byte("Tor safe cookie authentication " + + "controller-to-server hash") +) + +// Controller is an implementation of the Tor Control protocol. This is used in +// order to communicate with a Tor server. Its only supported method of +// authentication is the SAFECOOKIE method. +// +// NOTE: The connection to the Tor server must be authenticated before +// proceeding to send commands. Otherwise, the connection will be closed. +// +// TODO: +// * if adding support for more commands, extend this with a command queue? +// * place under sub-package? +// * support async replies from the server +type Controller struct { + // started is used atomically in order to prevent multiple calls to + // Start. + started int32 + + // stopped is used atomically in order to prevent multiple calls to + // Stop. + stopped int32 + + // conn is the underlying connection between the controller and the + // Tor server. It provides read and write methods to simplify the + // text-based messages within the connection. + conn *textproto.Conn + + // controlAddr is the host:port the Tor server is listening locally for + // controller connections on. + controlAddr string + + // version is the current version of the Tor server. + version string +} + +// NewController returns a new Tor controller that will be able to interact with +// a Tor server. +func NewController(controlAddr string) *Controller { + return &Controller{controlAddr: controlAddr} +} + +// Start establishes and authenticates the connection between the controller and +// a Tor server. Once done, the controller will be able to send commands and +// expect responses. +func (c *Controller) Start() error { + if !atomic.CompareAndSwapInt32(&c.started, 0, 1) { + return nil + } + + conn, err := textproto.Dial("tcp", c.controlAddr) + if err != nil { + return fmt.Errorf("unable to connect to Tor server: %v", err) + } + + c.conn = conn + + return c.authenticate() +} + +// Stop closes the connection between the controller and the Tor server. +func (c *Controller) Stop() error { + if !atomic.CompareAndSwapInt32(&c.stopped, 0, 1) { + return nil + } + + return c.conn.Close() +} + +// sendCommand sends a command to the Tor server and returns its response, as a +// single space-delimited string, and code. +func (c *Controller) sendCommand(command string) (int, string, error) { + if err := c.conn.Writer.PrintfLine(command); err != nil { + return 0, "", err + } + + // We'll use ReadResponse as it has built-in support for multi-line + // text protocol responses. + code, reply, err := c.conn.Reader.ReadResponse(success) + if err != nil { + return code, reply, err + } + + return code, reply, nil +} + +// parseTorReply parses the reply from the Tor server after receiving a command +// from a controller. This will parse the relevant reply parameters into a map +// of keys and values. +func parseTorReply(reply string) map[string]string { + params := make(map[string]string) + + // Replies can either span single or multiple lines, so we'll default + // to stripping whitespace and newlines in order to retrieve the + // individual contents of it. The -1 indicates that we want this to span + // across all instances of a newline. + contents := strings.Split(strings.Replace(reply, "\n", " ", -1), " ") + for _, content := range contents { + // Each parameter within the reply should be of the form + // "KEY=VALUE". If the parameter doesn't contain "=", then we + // can assume it does not provide any other relevant information + // already known. + keyValue := strings.SplitN(content, "=", 2) + if len(keyValue) != 2 { + continue + } + + key := keyValue[0] + value := keyValue[1] + params[key] = value + } + + return params +} + +// authenticate authenticates the connection between the controller and the +// Tor server using the SAFECOOKIE or NULL authentication method. +func (c *Controller) authenticate() error { + // Before proceeding to authenticate the connection, we'll retrieve + // the authentication cookie of the Tor server. This will be used + // throughout the authentication routine. We do this before as once the + // authentication routine has begun, it is not possible to retrieve it + // mid-way. + cookie, err := c.getAuthCookie() + if err != nil { + return fmt.Errorf("unable to retrieve authentication cookie: "+ + "%v", err) + } + + // If cookie is empty and there's no error, we have a NULL + // authentication method that we should use instead. + if len(cookie) == 0 { + _, _, err := c.sendCommand("AUTHENTICATE") + return err + } + + // Authenticating using the SAFECOOKIE authentication method is a two + // step process. We'll kick off the authentication routine by sending + // the AUTHCHALLENGE command followed by a hex-encoded 32-byte nonce. + clientNonce := make([]byte, nonceLen) + if _, err := rand.Read(clientNonce); err != nil { + return fmt.Errorf("unable to generate client nonce: %v", err) + } + + cmd := fmt.Sprintf("AUTHCHALLENGE SAFECOOKIE %x", clientNonce) + _, reply, err := c.sendCommand(cmd) + if err != nil { + return err + } + + // If successful, the reply from the server should be of the following + // format: + // + // "250 AUTHCHALLENGE" + // SP "SERVERHASH=" ServerHash + // SP "SERVERNONCE=" ServerNonce + // CRLF + // + // We're interested in retrieving the SERVERHASH and SERVERNONCE + // parameters, so we'll parse our reply to do so. + replyParams := parseTorReply(reply) + + // Once retrieved, we'll ensure these values are of proper length when + // decoded. + serverHash, ok := replyParams["SERVERHASH"] + if !ok { + return errors.New("server hash not found in reply") + } + decodedServerHash, err := hex.DecodeString(serverHash) + if err != nil { + return fmt.Errorf("unable to decode server hash: %v", err) + } + if len(decodedServerHash) != sha256.Size { + return errors.New("invalid server hash length") + } + + serverNonce, ok := replyParams["SERVERNONCE"] + if !ok { + return errors.New("server nonce not found in reply") + } + decodedServerNonce, err := hex.DecodeString(serverNonce) + if err != nil { + return fmt.Errorf("unable to decode server nonce: %v", err) + } + if len(decodedServerNonce) != nonceLen { + return errors.New("invalid server nonce length") + } + + // The server hash above was constructed by computing the HMAC-SHA256 + // of the message composed of the cookie, client nonce, and server + // nonce. We'll redo this computation ourselves to ensure the integrity + // and authentication of the message. + hmacMessage := bytes.Join( + [][]byte{cookie, clientNonce, decodedServerNonce}, []byte{}, + ) + computedServerHash := computeHMAC256(serverKey, hmacMessage) + if !hmac.Equal(computedServerHash, decodedServerHash) { + return fmt.Errorf("expected server hash %x, got %x", + decodedServerHash, computedServerHash) + } + + // If the MAC check was successful, we'll proceed with the last step of + // the authentication routine. We'll now send the AUTHENTICATE command + // followed by a hex-encoded client hash constructed by computing the + // HMAC-SHA256 of the same message, but this time using the controller's + // key. + clientHash := computeHMAC256(controllerKey, hmacMessage) + if len(clientHash) != sha256.Size { + return errors.New("invalid client hash length") + } + + cmd = fmt.Sprintf("AUTHENTICATE %x", clientHash) + if _, _, err := c.sendCommand(cmd); err != nil { + return err + } + + return nil +} + +// getAuthCookie retrieves the authentication cookie in bytes from the Tor +// server. Cookie authentication must be enabled for this to work. The boolean +func (c *Controller) getAuthCookie() ([]byte, error) { + // Retrieve the authentication methods currently supported by the Tor + // server. + authMethods, cookieFilePath, version, err := c.ProtocolInfo() + if err != nil { + return nil, err + } + + // With the version retrieved, we'll cache it now in case it needs to be + // used later on. + c.version = version + + // Ensure that the Tor server supports the SAFECOOKIE authentication + // method or the NULL method. If NULL, we don't need the cookie info + // below this loop, so we just return. + safeCookieSupport := false + for _, authMethod := range authMethods { + if authMethod == "SAFECOOKIE" { + safeCookieSupport = true + } + if authMethod == "NULL" { + return nil, nil + } + } + + if !safeCookieSupport { + return nil, errors.New("the Tor server is currently not " + + "configured for cookie or null authentication") + } + + // Read the cookie from the file and ensure it has the correct length. + cookie, err := ioutil.ReadFile(cookieFilePath) + if err != nil { + return nil, err + } + + if len(cookie) != cookieLen { + return nil, errors.New("invalid authentication cookie length") + } + + return cookie, nil +} + +// computeHMAC256 computes the HMAC-SHA256 of a key and message. +func computeHMAC256(key, message []byte) []byte { + mac := hmac.New(sha256.New, key) + mac.Write(message) + return mac.Sum(nil) +} + +// supportsV3 is a helper function that parses the current version of the Tor +// server and determines whether it supports creationg v3 onion services through +// Tor's control port. The version string should be of the format: +// major.minor.revision.build +func supportsV3(version string) error { + // We'll split the minimum Tor version that's supported and the given + // version in order to individually compare each number. + parts := strings.Split(version, ".") + if len(parts) != 4 { + return errors.New("version string is not of the format " + + "major.minor.revision.build") + } + + // It's possible that the build number (the last part of the version + // string) includes a pre-release string, e.g. rc, beta, etc., so we'll + // parse that as well. + build := strings.Split(parts[len(parts)-1], "-") + parts[len(parts)-1] = build[0] + + // Ensure that each part of the version string corresponds to a number. + for _, part := range parts { + if _, err := strconv.Atoi(part); err != nil { + return err + } + } + + // Once we've determined we have a proper version string of the format + // major.minor.revision.build, we can just do a string comparison to + // determine if it satisfies the minimum version supported. + if version < MinTorVersion { + return fmt.Errorf("version %v below minimum version supported "+ + "%v", version, MinTorVersion) + } + + return nil +} + +// ProtocolInfo returns the different authentication methods supported by the +// Tor server and the version of the Tor server. +func (c *Controller) ProtocolInfo() ([]string, string, string, error) { + // We'll start off by sending the "PROTOCOLINFO" command to the Tor + // server. We should receive a reply of the following format: + // + // METHODS=COOKIE,SAFECOOKIE + // COOKIEFILE="/home/user/.tor/control_auth_cookie" + // VERSION Tor="0.3.2.10" + // + // We're interested in retrieving all of these fields, so we'll parse + // our reply to do so. + cmd := fmt.Sprintf("PROTOCOLINFO %d", ProtocolInfoVersion) + _, reply, err := c.sendCommand(cmd) + if err != nil { + return nil, "", "", err + } + + info := parseTorReply(reply) + methods, ok := info["METHODS"] + if !ok { + return nil, "", "", errors.New("auth methods not found in " + + "reply") + } + + cookieFile, ok := info["COOKIEFILE"] + if !ok && !strings.Contains(methods, "NULL") { + return nil, "", "", errors.New("cookie file path not found " + + "in reply") + } + + version, ok := info["Tor"] + if !ok { + return nil, "", "", errors.New("Tor version not found in reply") + } + + // Finally, we'll clean up the results before returning them. + authMethods := strings.Split(methods, ",") + cookieFilePath := strings.Trim(cookieFile, "\"") + torVersion := strings.Trim(version, "\"") + + return authMethods, cookieFilePath, torVersion, nil +} + +// OnionType denotes the type of the onion service. +type OnionType int + +const ( + // V2 denotes that the onion service is V2. + V2 OnionType = iota + + // V3 denotes that the onion service is V3. + V3 +) + +// AddOnionConfig houses all of the required parameters in order to successfully +// create a new onion service or restore an existing one. +type AddOnionConfig struct { + // Type denotes the type of the onion service that should be created. + Type OnionType + + // VirtualPort is the externally reachable port of the onion address. + VirtualPort int + + // TargetPorts is the set of ports that the service will be listening on + // locally. The Tor server will use choose a random port from this set + // to forward the traffic from the virtual port. + // + // NOTE: If nil/empty, the virtual port will be used as the only target + // port. + TargetPorts []int + + // PrivateKeyPath is the full path to where the onion service's private + // key is stored. This can be used to restore an existing onion service. + PrivateKeyPath string +} + +// AddOnion creates an onion service and returns its onion address. Once +// created, the new onion service will remain active until the connection +// between the controller and the Tor server is closed. +func (c *Controller) AddOnion(cfg AddOnionConfig) (*OnionAddr, error) { + // Before sending the request to create an onion service to the Tor + // server, we'll make sure that it supports V3 onion services if that + // was the type requested. + if cfg.Type == V3 { + if err := supportsV3(c.version); err != nil { + return nil, err + } + } + + // We'll start off by checking if the file containing the private key + // exists. If it does not, then we should request the server to create + // a new onion service and return its private key. Otherwise, we'll + // request the server to recreate the onion server from our private key. + var keyParam string + if _, err := os.Stat(cfg.PrivateKeyPath); os.IsNotExist(err) { + switch cfg.Type { + case V2: + keyParam = "NEW:RSA1024" + case V3: + keyParam = "NEW:ED25519-V3" + } + } else { + privateKey, err := ioutil.ReadFile(cfg.PrivateKeyPath) + if err != nil { + return nil, err + } + keyParam = string(privateKey) + } + + // Now, we'll create a mapping from the virtual port to each target + // port. If no target ports were specified, we'll use the virtual port + // to provide a one-to-one mapping. + var portParam string + if len(cfg.TargetPorts) == 0 { + portParam += fmt.Sprintf("Port=%d,%d ", cfg.VirtualPort, + cfg.VirtualPort) + } else { + for _, targetPort := range cfg.TargetPorts { + portParam += fmt.Sprintf("Port=%d,%d ", cfg.VirtualPort, + targetPort) + } + } + + // Send the command to create the onion service to the Tor server and + // await its response. + cmd := fmt.Sprintf("ADD_ONION %s %s", keyParam, portParam) + _, reply, err := c.sendCommand(cmd) + if err != nil { + return nil, err + } + + // If successful, the reply from the server should be of the following + // format, depending on whether a private key has been requested: + // + // C: ADD_ONION RSA1024:[Blob Redacted] Port=80,8080 + // S: 250-ServiceID=testonion1234567 + // S: 250 OK + // + // C: ADD_ONION NEW:RSA1024 Port=80,8080 + // S: 250-ServiceID=testonion1234567 + // S: 250-PrivateKey=RSA1024:[Blob Redacted] + // S: 250 OK + // + // We're interested in retrieving the service ID, which is the public + // name of the service, and the private key if requested. + replyParams := parseTorReply(reply) + serviceID, ok := replyParams["ServiceID"] + if !ok { + return nil, errors.New("service id not found in reply") + } + + // If a new onion service was created, we'll write its private key to + // disk under strict permissions in the event that it needs to be + // recreated later on. + if privateKey, ok := replyParams["PrivateKey"]; ok { + err := ioutil.WriteFile( + cfg.PrivateKeyPath, []byte(privateKey), 0600, + ) + if err != nil { + return nil, fmt.Errorf("unable to write private key "+ + "to file: %v", err) + } + } + + // Finally, we'll return the onion address composed of the service ID, + // along with the onion suffix, and the port this onion service can be + // reached at externally. + return &OnionAddr{ + OnionService: serviceID + ".onion", + Port: cfg.VirtualPort, + }, nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/tor/net.go b/vendor/github.com/lightningnetwork/lnd/tor/net.go new file mode 100644 index 0000000..febf722 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/tor/net.go @@ -0,0 +1,104 @@ +package tor + +import ( + "errors" + "net" +) + +// TODO: this interface and its implementations should ideally be moved +// elsewhere as they are not Tor-specific. + +// Net is an interface housing a Dial function and several DNS functions that +// allows us to abstract the implementations of these functions over different +// networks, e.g. clearnet, Tor net, etc. +type Net interface { + // Dial connects to the address on the named network. + Dial(network, address string) (net.Conn, error) + + // LookupHost performs DNS resolution on a given host and returns its + // addresses. + LookupHost(host string) ([]string, error) + + // LookupSRV tries to resolve an SRV query of the given service, + // protocol, and domain name. + LookupSRV(service, proto, name string) (string, []*net.SRV, error) + + // ResolveTCPAddr resolves TCP addresses. + ResolveTCPAddr(network, address string) (*net.TCPAddr, error) +} + +// ClearNet is an implementation of the Net interface that defines behaviour +// for regular network connections. +type ClearNet struct{} + +// Dial on the regular network uses net.Dial +func (r *ClearNet) Dial(network, address string) (net.Conn, error) { + return net.Dial(network, address) +} + +// LookupHost for regular network uses the net.LookupHost function +func (r *ClearNet) LookupHost(host string) ([]string, error) { + return net.LookupHost(host) +} + +// LookupSRV for regular network uses net.LookupSRV function +func (r *ClearNet) LookupSRV(service, proto, name string) (string, []*net.SRV, error) { + return net.LookupSRV(service, proto, name) +} + +// ResolveTCPAddr for regular network uses net.ResolveTCPAddr function +func (r *ClearNet) ResolveTCPAddr(network, address string) (*net.TCPAddr, error) { + return net.ResolveTCPAddr(network, address) +} + +// ProxyNet is an implementation of the Net interface that defines behaviour +// for Tor network connections. +type ProxyNet struct { + // SOCKS is the host:port which Tor's exposed SOCKS5 proxy is listening + // on. + SOCKS string + + // DNS is the host:port of the DNS server for Tor to use for SRV + // queries. + DNS string + + // StreamIsolation is a bool that determines if we should force the + // creation of a new circuit for this connection. If true, then this + // means that our traffic may be harder to correlate as each connection + // will now use a distinct circuit. + StreamIsolation bool +} + +// Dial uses the Tor Dial function in order to establish connections through +// Tor. Since Tor only supports TCP connections, only TCP networks are allowed. +func (p *ProxyNet) Dial(network, address string) (net.Conn, error) { + switch network { + case "tcp", "tcp4", "tcp6": + default: + return nil, errors.New("cannot dial non-tcp network via Tor") + } + return Dial(address, p.SOCKS, p.StreamIsolation) +} + +// LookupHost uses the Tor LookupHost function in order to resolve hosts over +// Tor. +func (p *ProxyNet) LookupHost(host string) ([]string, error) { + return LookupHost(host, p.SOCKS) +} + +// LookupSRV uses the Tor LookupSRV function in order to resolve SRV DNS queries +// over Tor. +func (p *ProxyNet) LookupSRV(service, proto, name string) (string, []*net.SRV, error) { + return LookupSRV(service, proto, name, p.SOCKS, p.DNS, p.StreamIsolation) +} + +// ResolveTCPAddr uses the Tor ResolveTCPAddr function in order to resolve TCP +// addresses over Tor. +func (p *ProxyNet) ResolveTCPAddr(network, address string) (*net.TCPAddr, error) { + switch network { + case "tcp", "tcp4", "tcp6": + default: + return nil, errors.New("cannot dial non-tcp network via Tor") + } + return ResolveTCPAddr(address, p.SOCKS) +} diff --git a/vendor/github.com/lightningnetwork/lnd/tor/onionaddr.go b/vendor/github.com/lightningnetwork/lnd/tor/onionaddr.go new file mode 100644 index 0000000..ccc905d --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/tor/onionaddr.go @@ -0,0 +1,63 @@ +package tor + +import ( + "encoding/base32" + "net" + "strconv" +) + +const ( + // base32Alphabet is the alphabet used for encoding and decoding v2 and + // v3 onion addresses. + base32Alphabet = "abcdefghijklmnopqrstuvwxyz234567" + + // OnionSuffix is the ".onion" suffix for v2 and v3 onion addresses. + OnionSuffix = ".onion" + + // OnionSuffixLen is the length of the ".onion" suffix. + OnionSuffixLen = len(OnionSuffix) + + // V2DecodedLen is the length of a decoded v2 onion service. + V2DecodedLen = 10 + + // V2Len is the length of a v2 onion service including the ".onion" + // suffix. + V2Len = 22 + + // V3DecodedLen is the length of a decoded v3 onion service. + V3DecodedLen = 35 + + // V3Len is the length of a v2 onion service including the ".onion" + // suffix. + V3Len = 62 +) + +var ( + // Base32Encoding represents the Tor's base32-encoding scheme for v2 and + // v3 onion addresses. + Base32Encoding = base32.NewEncoding(base32Alphabet) +) + +// OnionAddr represents a Tor network end point onion address. +type OnionAddr struct { + // OnionService is the host of the onion address. + OnionService string + + // Port is the port of the onion address. + Port int +} + +// A compile-time check to ensure that OnionAddr implements the net.Addr +// interface. +var _ net.Addr = (*OnionAddr)(nil) + +// String returns the string representation of an onion address. +func (o *OnionAddr) String() string { + return net.JoinHostPort(o.OnionService, strconv.Itoa(o.Port)) +} + +// Network returns the network that this implementation of net.Addr will use. +// In this case, because Tor only allows TCP connections, the network is "tcp". +func (o *OnionAddr) Network() string { + return "tcp" +} diff --git a/vendor/github.com/lightningnetwork/lnd/tor/tor.go b/vendor/github.com/lightningnetwork/lnd/tor/tor.go new file mode 100644 index 0000000..3b5d46a --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/tor/tor.go @@ -0,0 +1,243 @@ +package tor + +import ( + "crypto/rand" + "encoding/hex" + "fmt" + "net" + "strconv" + + "github.com/btcsuite/btcd/connmgr" + "github.com/miekg/dns" + "golang.org/x/net/proxy" +) + +var ( + // dnsCodes maps the DNS response codes to a friendly description. This + // does not include the BADVERS code because of duplicate keys and the + // underlying DNS (miekg/dns) package not using it. For more info, see + // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml. + dnsCodes = map[int]string{ + 0: "no error", + 1: "format error", + 2: "server failure", + 3: "non-existent domain", + 4: "not implemented", + 5: "query refused", + 6: "name exists when it should not", + 7: "RR set exists when it should not", + 8: "RR set that should exist does not", + 9: "server not authoritative for zone", + 10: "name not contained in zone", + 16: "TSIG signature failure", + 17: "key not recognized", + 18: "signature out of time window", + 19: "bad TKEY mode", + 20: "duplicate key name", + 21: "algorithm not supported", + 22: "bad truncation", + 23: "bad/missing server cookie", + } +) + +// proxyConn is a wrapper around net.Conn that allows us to expose the actual +// remote address we're dialing, rather than the proxy's address. +type proxyConn struct { + net.Conn + remoteAddr net.Addr +} + +func (c *proxyConn) RemoteAddr() net.Addr { + return c.remoteAddr +} + +// Dial is a wrapper over the non-exported dial function that returns a wrapper +// around net.Conn in order to expose the actual remote address we're dialing, +// rather than the proxy's address. +func Dial(address, socksAddr string, streamIsolation bool) (net.Conn, error) { + conn, err := dial(address, socksAddr, streamIsolation) + if err != nil { + return nil, err + } + + // Now that the connection is established, we'll create our internal + // proxyConn that will serve in populating the correct remote address + // of the connection, rather than using the proxy's address. + remoteAddr, err := ParseAddr(address, socksAddr) + if err != nil { + return nil, err + } + + return &proxyConn{ + Conn: conn, + remoteAddr: remoteAddr, + }, nil +} + +// dial establishes a connection to the address via Tor's SOCKS proxy. Only TCP +// is supported over Tor. The final argument determines if we should force +// stream isolation for this new connection. If we do, then this means this new +// connection will use a fresh circuit, rather than possibly re-using an +// existing circuit. +func dial(address, socksAddr string, streamIsolation bool) (net.Conn, error) { + // If we were requested to force stream isolation for this connection, + // we'll populate the authentication credentials with random data as + // Tor will create a new circuit for each set of credentials. + var auth *proxy.Auth + if streamIsolation { + var b [16]byte + if _, err := rand.Read(b[:]); err != nil { + return nil, err + } + + auth = &proxy.Auth{ + User: hex.EncodeToString(b[:8]), + Password: hex.EncodeToString(b[8:]), + } + } + + // Establish the connection through Tor's SOCKS proxy. + dialer, err := proxy.SOCKS5("tcp", socksAddr, auth, proxy.Direct) + if err != nil { + return nil, err + } + + return dialer.Dial("tcp", address) +} + +// LookupHost performs DNS resolution on a given host via Tor's native resolver. +// Only IPv4 addresses are returned. +func LookupHost(host, socksAddr string) ([]string, error) { + ip, err := connmgr.TorLookupIP(host, socksAddr) + if err != nil { + return nil, err + } + + // Only one IPv4 address is returned by the TorLookupIP function. + return []string{ip[0].String()}, nil +} + +// LookupSRV uses Tor's SOCKS proxy to route DNS SRV queries. Tor does not +// natively support SRV queries so we must route all SRV queries through the +// proxy by connecting directly to a DNS server and querying it. The DNS server +// must have TCP resolution enabled for the given port. +func LookupSRV(service, proto, name, socksAddr, dnsServer string, + streamIsolation bool) (string, []*net.SRV, error) { + + // Connect to the DNS server we'll be using to query SRV records. + conn, err := dial(dnsServer, socksAddr, streamIsolation) + if err != nil { + return "", nil, err + } + + dnsConn := &dns.Conn{Conn: conn} + defer dnsConn.Close() + + // Once connected, we'll construct the SRV request for the host + // following the format _service._proto.name. as described in RFC #2782. + host := fmt.Sprintf("_%s._%s.%s.", service, proto, name) + msg := new(dns.Msg).SetQuestion(host, dns.TypeSRV) + + // Send the request to the DNS server and read its response. + if err := dnsConn.WriteMsg(msg); err != nil { + return "", nil, err + } + resp, err := dnsConn.ReadMsg() + if err != nil { + return "", nil, err + } + + // We'll fail if we were unable to query the DNS server for our record. + if resp.Rcode != dns.RcodeSuccess { + return "", nil, fmt.Errorf("unable to query for SRV records: "+ + "%s", dnsCodes[resp.Rcode]) + } + + // Retrieve the RR(s) of the Answer section. + var rrs []*net.SRV + for _, rr := range resp.Answer { + srv := rr.(*dns.SRV) + rrs = append(rrs, &net.SRV{ + Target: srv.Target, + Port: srv.Port, + Priority: srv.Priority, + Weight: srv.Weight, + }) + } + + return "", rrs, nil +} + +// ResolveTCPAddr uses Tor's proxy to resolve TCP addresses instead of the +// standard system resolver provided in the `net` package. +func ResolveTCPAddr(address, socksAddr string) (*net.TCPAddr, error) { + // Split host:port since the lookup function does not take a port. + host, port, err := net.SplitHostPort(address) + if err != nil { + return nil, err + } + + ip, err := LookupHost(host, socksAddr) + if err != nil { + return nil, err + } + + p, err := strconv.Atoi(port) + if err != nil { + return nil, err + } + + return &net.TCPAddr{ + IP: net.ParseIP(ip[0]), + Port: p, + }, nil +} + +// ParseAddr parses an address from its string format to a net.Addr. +func ParseAddr(address, socksAddr string) (net.Addr, error) { + host, portStr, err := net.SplitHostPort(address) + if err != nil { + return nil, err + } + + port, err := strconv.Atoi(portStr) + if err != nil { + return nil, err + } + + if IsOnionHost(host) { + return &OnionAddr{OnionService: host, Port: port}, nil + } + + return ResolveTCPAddr(address, socksAddr) +} + +// IsOnionHost determines whether a host is part of an onion address. +func IsOnionHost(host string) bool { + // Note the starting index of the onion suffix in the host depending + // on its length. + var suffixIndex int + switch len(host) { + case V2Len: + suffixIndex = V2Len - OnionSuffixLen + case V3Len: + suffixIndex = V3Len - OnionSuffixLen + default: + return false + } + + // Make sure the host ends with the ".onion" suffix. + if host[suffixIndex:] != OnionSuffix { + return false + } + + // We'll now attempt to decode the host without its suffix, as the + // suffix includes invalid characters. This will tell us if the host is + // actually valid if successful. + host = host[:suffixIndex] + if _, err := Base32Encoding.DecodeString(host); err != nil { + return false + } + + return true +} diff --git a/vendor/github.com/lightningnetwork/lnd/zpay32/README.md b/vendor/github.com/lightningnetwork/lnd/zpay32/README.md new file mode 100644 index 0000000..f91b985 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/zpay32/README.md @@ -0,0 +1,22 @@ +zpay32 +======= + +[![Build Status](http://img.shields.io/travis/lightningnetwork/lnd.svg)](https://travis-ci.org/lightningnetwork/lnd) +[![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/lightningnetwork/lnd/blob/master/LICENSE) +[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/lightningnetwork/lnd/zpay32) + +The zpay32 package implements a basic scheme for the encoding of payment +requests between two `lnd` nodes within the Lightning Network. The zpay32 +encoding scheme uses the +[zbase32](https://philzimmermann.com/docs/human-oriented-base-32-encoding.txt) +scheme along with a checksum to encode a serialized payment request. + +The payment request serialized by the package consist of: the destination's +public key, the payment hash to use for the payment, and the value of payment +to send. + +## Installation and Updating + +```bash +$ go get -u github.com/lightningnetwork/lnd/zpay32 +``` diff --git a/vendor/github.com/lightningnetwork/lnd/zpay32/amountunits.go b/vendor/github.com/lightningnetwork/lnd/zpay32/amountunits.go new file mode 100644 index 0000000..c13f1a1 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/zpay32/amountunits.go @@ -0,0 +1,162 @@ +package zpay32 + +import ( + "fmt" + "strconv" + + "github.com/lightningnetwork/lnd/lnwire" +) + +var ( + // toMSat is a map from a unit to a function that converts an amount + // of that unit to millisatoshis. + toMSat = map[byte]func(uint64) (lnwire.MilliSatoshi, error){ + 'm': mBtcToMSat, + 'u': uBtcToMSat, + 'n': nBtcToMSat, + 'p': pBtcToMSat, + } + + // fromMSat is a map from a unit to a function that converts an amount + // in millisatoshis to an amount of that unit. + fromMSat = map[byte]func(lnwire.MilliSatoshi) (uint64, error){ + 'm': mSatToMBtc, + 'u': mSatToUBtc, + 'n': mSatToNBtc, + 'p': mSatToPBtc, + } +) + +// mBtcToMSat converts the given amount in milliBTC to millisatoshis. +func mBtcToMSat(m uint64) (lnwire.MilliSatoshi, error) { + return lnwire.MilliSatoshi(m) * 100000000, nil +} + +// uBtcToMSat converts the given amount in microBTC to millisatoshis. +func uBtcToMSat(u uint64) (lnwire.MilliSatoshi, error) { + return lnwire.MilliSatoshi(u * 100000), nil +} + +// nBtcToMSat converts the given amount in nanoBTC to millisatoshis. +func nBtcToMSat(n uint64) (lnwire.MilliSatoshi, error) { + return lnwire.MilliSatoshi(n * 100), nil +} + +// pBtcToMSat converts the given amount in picoBTC to millisatoshis. +func pBtcToMSat(p uint64) (lnwire.MilliSatoshi, error) { + if p < 10 { + return 0, fmt.Errorf("minimum amount is 10p") + } + if p%10 != 0 { + return 0, fmt.Errorf("amount %d pBTC not expressible in msat", + p) + } + return lnwire.MilliSatoshi(p / 10), nil +} + +// mSatToMBtc converts the given amount in millisatoshis to milliBTC. +func mSatToMBtc(msat lnwire.MilliSatoshi) (uint64, error) { + if msat%100000000 != 0 { + return 0, fmt.Errorf("%d msat not expressible "+ + "in mBTC", msat) + } + return uint64(msat / 100000000), nil +} + +// mSatToUBtc converts the given amount in millisatoshis to microBTC. +func mSatToUBtc(msat lnwire.MilliSatoshi) (uint64, error) { + if msat%100000 != 0 { + return 0, fmt.Errorf("%d msat not expressible "+ + "in uBTC", msat) + } + return uint64(msat / 100000), nil +} + +// mSatToNBtc converts the given amount in millisatoshis to nanoBTC. +func mSatToNBtc(msat lnwire.MilliSatoshi) (uint64, error) { + if msat%100 != 0 { + return 0, fmt.Errorf("%d msat not expressible in nBTC", msat) + } + return uint64(msat / 100), nil +} + +// mSatToPBtc converts the given amount in millisatoshis to picoBTC. +func mSatToPBtc(msat lnwire.MilliSatoshi) (uint64, error) { + return uint64(msat * 10), nil +} + +// decodeAmount returns the amount encoded by the provided string in +// millisatoshi. +func decodeAmount(amount string) (lnwire.MilliSatoshi, error) { + if len(amount) < 1 { + return 0, fmt.Errorf("amount must be non-empty") + } + + // If last character is a digit, then the amount can just be + // interpreted as BTC. + char := amount[len(amount)-1] + digit := char - '0' + if digit >= 0 && digit <= 9 { + btc, err := strconv.ParseUint(amount, 10, 64) + if err != nil { + return 0, err + } + return lnwire.MilliSatoshi(btc) * mSatPerBtc, nil + } + + // If not a digit, it must be part of the known units. + conv, ok := toMSat[char] + if !ok { + return 0, fmt.Errorf("unknown multiplier %c", char) + } + + // Known unit. + num := amount[:len(amount)-1] + if len(num) < 1 { + return 0, fmt.Errorf("number must be non-empty") + } + + am, err := strconv.ParseUint(num, 10, 64) + if err != nil { + return 0, err + } + + return conv(am) +} + +// encodeAmount encodes the provided millisatoshi amount using as few characters +// as possible. +func encodeAmount(msat lnwire.MilliSatoshi) (string, error) { + if msat < 0 { + return "", fmt.Errorf("amount must be positive: %v", msat) + } + + // If possible to express in BTC, that will always be the shortest + // representation. + if msat%mSatPerBtc == 0 { + return strconv.FormatInt(int64(msat/mSatPerBtc), 10), nil + } + + // Should always be expressible in pico BTC. + pico, err := fromMSat['p'](msat) + if err != nil { + return "", fmt.Errorf("unable to express %d msat as pBTC: %v", + msat, err) + } + shortened := strconv.FormatUint(pico, 10) + "p" + for unit, conv := range fromMSat { + am, err := conv(msat) + if err != nil { + // Not expressible using this unit. + continue + } + + // Save the shortest found representation. + str := strconv.FormatUint(am, 10) + string(unit) + if len(str) < len(shortened) { + shortened = str + } + } + + return shortened, nil +} diff --git a/vendor/github.com/lightningnetwork/lnd/zpay32/bech32.go b/vendor/github.com/lightningnetwork/lnd/zpay32/bech32.go new file mode 100644 index 0000000..cb1714e --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/zpay32/bech32.go @@ -0,0 +1,168 @@ +package zpay32 + +import ( + "fmt" + "strings" +) + +const charset = "qpzry9x8gf2tvdw0s3jn54khce6mua7l" + +var gen = []int{0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3} + +// NOTE: This method it a slight modification of the method bech32.Decode found +// btcutil, allowing strings to be more than 90 characters. + +// decodeBech32 decodes a bech32 encoded string, returning the human-readable +// part and the data part excluding the checksum. +// Note: the data will be base32 encoded, that is each element of the returned +// byte array will encode 5 bits of data. Use the ConvertBits method to convert +// this to 8-bit representation. +func decodeBech32(bech string) (string, []byte, error) { + // The maximum allowed length for a bech32 string is 90. It must also + // be at least 8 characters, since it needs a non-empty HRP, a + // separator, and a 6 character checksum. + // NB: The 90 character check specified in BIP173 is skipped here, to + // allow strings longer than 90 characters. + if len(bech) < 8 { + return "", nil, fmt.Errorf("invalid bech32 string length %d", + len(bech)) + } + // Only ASCII characters between 33 and 126 are allowed. + for i := 0; i < len(bech); i++ { + if bech[i] < 33 || bech[i] > 126 { + return "", nil, fmt.Errorf("invalid character in "+ + "string: '%c'", bech[i]) + } + } + + // The characters must be either all lowercase or all uppercase. + lower := strings.ToLower(bech) + upper := strings.ToUpper(bech) + if bech != lower && bech != upper { + return "", nil, fmt.Errorf("string not all lowercase or all " + + "uppercase") + } + + // We'll work with the lowercase string from now on. + bech = lower + + // The string is invalid if the last '1' is non-existent, it is the + // first character of the string (no human-readable part) or one of the + // last 6 characters of the string (since checksum cannot contain '1'), + // or if the string is more than 90 characters in total. + one := strings.LastIndexByte(bech, '1') + if one < 1 || one+7 > len(bech) { + return "", nil, fmt.Errorf("invalid index of 1") + } + + // The human-readable part is everything before the last '1'. + hrp := bech[:one] + data := bech[one+1:] + + // Each character corresponds to the byte with value of the index in + // 'charset'. + decoded, err := toBytes(data) + if err != nil { + return "", nil, fmt.Errorf("failed converting data to bytes: "+ + "%v", err) + } + + if !bech32VerifyChecksum(hrp, decoded) { + moreInfo := "" + checksum := bech[len(bech)-6:] + expected, err := toChars(bech32Checksum(hrp, + decoded[:len(decoded)-6])) + if err == nil { + moreInfo = fmt.Sprintf("Expected %v, got %v.", + expected, checksum) + } + return "", nil, fmt.Errorf("checksum failed. " + moreInfo) + } + + // We exclude the last 6 bytes, which is the checksum. + return hrp, decoded[:len(decoded)-6], nil +} + +// toBytes converts each character in the string 'chars' to the value of the +// index of the corresponding character in 'charset'. +func toBytes(chars string) ([]byte, error) { + decoded := make([]byte, 0, len(chars)) + for i := 0; i < len(chars); i++ { + index := strings.IndexByte(charset, chars[i]) + if index < 0 { + return nil, fmt.Errorf("invalid character not part of "+ + "charset: %v", chars[i]) + } + decoded = append(decoded, byte(index)) + } + return decoded, nil +} + +// toChars converts the byte slice 'data' to a string where each byte in 'data' +// encodes the index of a character in 'charset'. +func toChars(data []byte) (string, error) { + result := make([]byte, 0, len(data)) + for _, b := range data { + if int(b) >= len(charset) { + return "", fmt.Errorf("invalid data byte: %v", b) + } + result = append(result, charset[b]) + } + return string(result), nil +} + +// For more details on the checksum calculation, please refer to BIP 173. +func bech32Checksum(hrp string, data []byte) []byte { + // Convert the bytes to list of integers, as this is needed for the + // checksum calculation. + integers := make([]int, len(data)) + for i, b := range data { + integers[i] = int(b) + } + values := append(bech32HrpExpand(hrp), integers...) + values = append(values, []int{0, 0, 0, 0, 0, 0}...) + polymod := bech32Polymod(values) ^ 1 + var res []byte + for i := 0; i < 6; i++ { + res = append(res, byte((polymod>>uint(5*(5-i)))&31)) + } + return res +} + +// For more details on the polymod calculation, please refer to BIP 173. +func bech32Polymod(values []int) int { + chk := 1 + for _, v := range values { + b := chk >> 25 + chk = (chk&0x1ffffff)<<5 ^ v + for i := 0; i < 5; i++ { + if (b>>uint(i))&1 == 1 { + chk ^= gen[i] + } + } + } + return chk +} + +// For more details on HRP expansion, please refer to BIP 173. +func bech32HrpExpand(hrp string) []int { + v := make([]int, 0, len(hrp)*2+1) + for i := 0; i < len(hrp); i++ { + v = append(v, int(hrp[i]>>5)) + } + v = append(v, 0) + for i := 0; i < len(hrp); i++ { + v = append(v, int(hrp[i]&31)) + } + return v +} + +// For more details on the checksum verification, please refer to BIP 173. +func bech32VerifyChecksum(hrp string, data []byte) bool { + integers := make([]int, len(data)) + for i, b := range data { + integers[i] = int(b) + } + concat := append(bech32HrpExpand(hrp), integers...) + return bech32Polymod(concat) == 1 +} diff --git a/vendor/github.com/lightningnetwork/lnd/zpay32/hophint.go b/vendor/github.com/lightningnetwork/lnd/zpay32/hophint.go new file mode 100644 index 0000000..2502862 --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/zpay32/hophint.go @@ -0,0 +1,43 @@ +package zpay32 + +import "github.com/btcsuite/btcd/btcec" + +const ( + // DefaultFinalCLTVDelta is the default value to be used as the final + // CLTV delta for a route if one is unspecified. + DefaultFinalCLTVDelta = 9 +) + +// HopHint is a routing hint that contains the minimum information of a channel +// required for an intermediate hop in a route to forward the payment to the +// next. This should be ideally used for private channels, since they are not +// publicly advertised to the network for routing. +type HopHint struct { + // NodeID is the public key of the node at the start of the channel. + NodeID *btcec.PublicKey + + // ChannelID is the unique identifier of the channel. + ChannelID uint64 + + // FeeBaseMSat is the base fee of the channel in millisatoshis. + FeeBaseMSat uint32 + + // FeeProportionalMillionths is the fee rate, in millionths of a + // satoshi, for every satoshi sent through the channel. + FeeProportionalMillionths uint32 + + // CLTVExpiryDelta is the time-lock delta of the channel. + CLTVExpiryDelta uint16 +} + +// Copy returns a deep copy of the hop hint. +func (h HopHint) Copy() HopHint { + nodeID := *h.NodeID + return HopHint{ + NodeID: &nodeID, + ChannelID: h.ChannelID, + FeeBaseMSat: h.FeeBaseMSat, + FeeProportionalMillionths: h.FeeProportionalMillionths, + CLTVExpiryDelta: h.CLTVExpiryDelta, + } +} diff --git a/vendor/github.com/lightningnetwork/lnd/zpay32/invoice.go b/vendor/github.com/lightningnetwork/lnd/zpay32/invoice.go new file mode 100644 index 0000000..fb79e3c --- /dev/null +++ b/vendor/github.com/lightningnetwork/lnd/zpay32/invoice.go @@ -0,0 +1,1097 @@ +package zpay32 + +import ( + "bytes" + "encoding/binary" + "fmt" + "strings" + "time" + + "github.com/btcsuite/btcd/btcec" + "github.com/btcsuite/btcd/chaincfg" + "github.com/btcsuite/btcd/chaincfg/chainhash" + "github.com/btcsuite/btcutil" + "github.com/btcsuite/btcutil/bech32" + "github.com/lightningnetwork/lnd/lnwire" +) + +const ( + // mSatPerBtc is the number of millisatoshis in 1 BTC. + mSatPerBtc = 100000000000 + + // signatureBase32Len is the number of 5-bit groups needed to encode + // the 512 bit signature + 8 bit recovery ID. + signatureBase32Len = 104 + + // timestampBase32Len is the number of 5-bit groups needed to encode + // the 35-bit timestamp. + timestampBase32Len = 7 + + // hashBase32Len is the number of 5-bit groups needed to encode a + // 256-bit hash. Note that the last group will be padded with zeroes. + hashBase32Len = 52 + + // pubKeyBase32Len is the number of 5-bit groups needed to encode a + // 33-byte compressed pubkey. Note that the last group will be padded + // with zeroes. + pubKeyBase32Len = 53 + + // hopHintLen is the number of bytes needed to encode the hop hint of a + // single private route. + hopHintLen = 51 + + // The following byte values correspond to the supported field types. + // The field name is the character representing that 5-bit value in the + // bech32 string. + + // fieldTypeP is the field containing the payment hash. + fieldTypeP = 1 + + // fieldTypeD contains a short description of the payment. + fieldTypeD = 13 + + // fieldTypeN contains the pubkey of the target node. + fieldTypeN = 19 + + // fieldTypeH contains the hash of a description of the payment. + fieldTypeH = 23 + + // fieldTypeX contains the expiry in seconds of the invoice. + fieldTypeX = 6 + + // fieldTypeF contains a fallback on-chain address. + fieldTypeF = 9 + + // fieldTypeR contains extra routing information. + fieldTypeR = 3 + + // fieldTypeC contains an optional requested final CLTV delta. + fieldTypeC = 24 +) + +// MessageSigner is passed to the Encode method to provide a signature +// corresponding to the node's pubkey. +type MessageSigner struct { + // SignCompact signs the passed hash with the node's privkey. The + // returned signature should be 65 bytes, where the last 64 are the + // compact signature, and the first one is a header byte. This is the + // format returned by btcec.SignCompact. + SignCompact func(hash []byte) ([]byte, error) +} + +// Invoice represents a decoded invoice, or to-be-encoded invoice. Some of the +// fields are optional, and will only be non-nil if the invoice this was parsed +// from contains that field. When encoding, only the non-nil fields will be +// added to the encoded invoice. +type Invoice struct { + // Net specifies what network this Lightning invoice is meant for. + Net *chaincfg.Params + + // MilliSat specifies the amount of this invoice in millisatoshi. + // Optional. + MilliSat *lnwire.MilliSatoshi + + // Timestamp specifies the time this invoice was created. + // Mandatory + Timestamp time.Time + + // PaymentHash is the payment hash to be used for a payment to this + // invoice. + PaymentHash *[32]byte + + // Destination is the public key of the target node. This will always + // be set after decoding, and can optionally be set before encoding to + // include the pubkey as an 'n' field. If this is not set before + // encoding then the destination pubkey won't be added as an 'n' field, + // and the pubkey will be extracted from the signature during decoding. + Destination *btcec.PublicKey + + // minFinalCLTVExpiry is the value that the creator of the invoice + // expects to be used for the + // + // NOTE: This value is optional, and should be set to nil if the + // invoice creator doesn't have a strong requirement on the CLTV expiry + // of the final HTLC extended to it. + // + // This field is un-exported and can only be read by the + // MinFinalCLTVExpiry() method. By forcing callers to read via this + // method, we can easily enforce the default if not specified. + minFinalCLTVExpiry *uint64 + + // Description is a short description of the purpose of this invoice. + // Optional. Non-nil iff DescriptionHash is nil. + Description *string + + // DescriptionHash is the SHA256 hash of a description of the purpose of + // this invoice. + // Optional. Non-nil iff Description is nil. + DescriptionHash *[32]byte + + // expiry specifies the timespan this invoice will be valid. + // Optional. If not set, a default expiry of 60 min will be implied. + // + // This field is unexported and can be read by the Expiry() method. This + // method makes sure the default expiry time is returned in case the + // field is not set. + expiry *time.Duration + + // FallbackAddr is an on-chain address that can be used for payment in + // case the Lightning payment fails. + // Optional. + FallbackAddr btcutil.Address + + // RouteHints represents one or more different route hints. Each route + // hint can be individually used to reach the destination. These usually + // represent private routes. + // + // NOTE: This is optional. + RouteHints [][]HopHint +} + +// Amount is a functional option that allows callers of NewInvoice to set the +// amount in millisatoshis that the Invoice should encode. +func Amount(milliSat lnwire.MilliSatoshi) func(*Invoice) { + return func(i *Invoice) { + i.MilliSat = &milliSat + } +} + +// Destination is a functional option that allows callers of NewInvoice to +// explicitly set the pubkey of the Invoice's destination node. +func Destination(destination *btcec.PublicKey) func(*Invoice) { + return func(i *Invoice) { + i.Destination = destination + } +} + +// Description is a functional option that allows callers of NewInvoice to set +// the payment description of the created Invoice. +// +// NOTE: Must be used if and only if DescriptionHash is not used. +func Description(description string) func(*Invoice) { + return func(i *Invoice) { + i.Description = &description + } +} + +// CLTVExpiry is an optional value which allows the receiver of the payment to +// specify the delta between the current height and the HTLC extended to the +// receiver. +func CLTVExpiry(delta uint64) func(*Invoice) { + return func(i *Invoice) { + i.minFinalCLTVExpiry = &delta + } +} + +// DescriptionHash is a functional option that allows callers of NewInvoice to +// set the payment description hash of the created Invoice. +// +// NOTE: Must be used if and only if Description is not used. +func DescriptionHash(descriptionHash [32]byte) func(*Invoice) { + return func(i *Invoice) { + i.DescriptionHash = &descriptionHash + } +} + +// Expiry is a functional option that allows callers of NewInvoice to set the +// expiry of the created Invoice. If not set, a default expiry of 60 min will +// be implied. +func Expiry(expiry time.Duration) func(*Invoice) { + return func(i *Invoice) { + i.expiry = &expiry + } +} + +// FallbackAddr is a functional option that allows callers of NewInvoice to set +// the Invoice's fallback on-chain address that can be used for payment in case +// the Lightning payment fails +func FallbackAddr(fallbackAddr btcutil.Address) func(*Invoice) { + return func(i *Invoice) { + i.FallbackAddr = fallbackAddr + } +} + +// RouteHint is a functional option that allows callers of NewInvoice to add +// one or more hop hints that represent a private route to the destination. +func RouteHint(routeHint []HopHint) func(*Invoice) { + return func(i *Invoice) { + i.RouteHints = append(i.RouteHints, routeHint) + } +} + +// NewInvoice creates a new Invoice object. The last parameter is a set of +// variadic arguments for setting optional fields of the invoice. +// +// NOTE: Either Description or DescriptionHash must be provided for the Invoice +// to be considered valid. +func NewInvoice(net *chaincfg.Params, paymentHash [32]byte, + timestamp time.Time, options ...func(*Invoice)) (*Invoice, error) { + + invoice := &Invoice{ + Net: net, + PaymentHash: &paymentHash, + Timestamp: timestamp, + } + + for _, option := range options { + option(invoice) + } + + if err := validateInvoice(invoice); err != nil { + return nil, err + } + + return invoice, nil +} + +// Decode parses the provided encoded invoice and returns a decoded Invoice if +// it is valid by BOLT-0011 and matches the provided active network. +func Decode(invoice string, net *chaincfg.Params) (*Invoice, error) { + decodedInvoice := Invoice{} + + // Decode the invoice using the modified bech32 decoder. + hrp, data, err := decodeBech32(invoice) + if err != nil { + return nil, err + } + + // We expect the human-readable part to at least have ln + one char + // encoding the network. + if len(hrp) < 3 { + return nil, fmt.Errorf("hrp too short") + } + + // First two characters of HRP should be "ln". + if hrp[:2] != "ln" { + return nil, fmt.Errorf("prefix should be \"ln\"") + } + + // The next characters should be a valid prefix for a segwit BIP173 + // address that match the active network. + if !strings.HasPrefix(hrp[2:], net.Bech32HRPSegwit) { + return nil, fmt.Errorf( + "invoice not for current active network '%s'", net.Name) + } + decodedInvoice.Net = net + + // Optionally, if there's anything left of the HRP after ln + the segwit + // prefix, we try to decode this as the payment amount. + var netPrefixLength = len(net.Bech32HRPSegwit) + 2 + if len(hrp) > netPrefixLength { + amount, err := decodeAmount(hrp[netPrefixLength:]) + if err != nil { + return nil, err + } + decodedInvoice.MilliSat = &amount + } + + // Everything except the last 520 bits of the data encodes the invoice's + // timestamp and tagged fields. + invoiceData := data[:len(data)-signatureBase32Len] + + // Parse the timestamp and tagged fields, and fill the Invoice struct. + if err := parseData(&decodedInvoice, invoiceData, net); err != nil { + return nil, err + } + + // The last 520 bits (104 groups) make up the signature. + sigBase32 := data[len(data)-signatureBase32Len:] + sigBase256, err := bech32.ConvertBits(sigBase32, 5, 8, true) + if err != nil { + return nil, err + } + var sig lnwire.Sig + copy(sig[:], sigBase256[:64]) + recoveryID := sigBase256[64] + + // The signature is over the hrp + the data the invoice, encoded in + // base 256. + taggedDataBytes, err := bech32.ConvertBits(invoiceData, 5, 8, true) + if err != nil { + return nil, err + } + + toSign := append([]byte(hrp), taggedDataBytes...) + + // We expect the signature to be over the single SHA-256 hash of that + // data. + hash := chainhash.HashB(toSign) + + // If the destination pubkey was provided as a tagged field, use that + // to verify the signature, if not do public key recovery. + if decodedInvoice.Destination != nil { + signature, err := sig.ToSignature() + if err != nil { + return nil, fmt.Errorf("unable to deserialize "+ + "signature: %v", err) + } + if !signature.Verify(hash, decodedInvoice.Destination) { + return nil, fmt.Errorf("invalid invoice signature") + } + } else { + headerByte := recoveryID + 27 + 4 + compactSign := append([]byte{headerByte}, sig[:]...) + pubkey, _, err := btcec.RecoverCompact(btcec.S256(), + compactSign, hash) + if err != nil { + return nil, err + } + decodedInvoice.Destination = pubkey + } + + // Now that we have created the invoice, make sure it has the required + // fields set. + if err := validateInvoice(&decodedInvoice); err != nil { + return nil, err + } + + return &decodedInvoice, nil +} + +// Encode takes the given MessageSigner and returns a string encoding this +// invoice signed by the node key of the signer. +func (invoice *Invoice) Encode(signer MessageSigner) (string, error) { + // First check that this invoice is valid before starting the encoding. + if err := validateInvoice(invoice); err != nil { + return "", err + } + + // The buffer will encoded the invoice data using 5-bit groups (base32). + var bufferBase32 bytes.Buffer + + // The timestamp will be encoded using 35 bits, in base32. + timestampBase32 := uint64ToBase32(uint64(invoice.Timestamp.Unix())) + + // The timestamp must be exactly 35 bits, which means 7 groups. If it + // can fit into fewer groups we add leading zero groups, if it is too + // big we fail early, as there is not possible to encode it. + if len(timestampBase32) > timestampBase32Len { + return "", fmt.Errorf("timestamp too big: %d", + invoice.Timestamp.Unix()) + } + + // Add zero bytes to the first timestampBase32Len-len(timestampBase32) + // groups, then add the non-zero groups. + zeroes := make([]byte, timestampBase32Len-len(timestampBase32), + timestampBase32Len-len(timestampBase32)) + _, err := bufferBase32.Write(zeroes) + if err != nil { + return "", fmt.Errorf("unable to write to buffer: %v", err) + } + _, err = bufferBase32.Write(timestampBase32) + if err != nil { + return "", fmt.Errorf("unable to write to buffer: %v", err) + } + + // We now write the tagged fields to the buffer, which will fill the + // rest of the data part before the signature. + if err := writeTaggedFields(&bufferBase32, invoice); err != nil { + return "", err + } + + // The human-readable part (hrp) is "ln" + net hrp + optional amount. + hrp := "ln" + invoice.Net.Bech32HRPSegwit + if invoice.MilliSat != nil { + // Encode the amount using the fewest possible characters. + am, err := encodeAmount(*invoice.MilliSat) + if err != nil { + return "", err + } + hrp += am + } + + // The signature is over the single SHA-256 hash of the hrp + the + // tagged fields encoded in base256. + taggedFieldsBytes, err := bech32.ConvertBits(bufferBase32.Bytes(), 5, 8, true) + if err != nil { + return "", err + } + + toSign := append([]byte(hrp), taggedFieldsBytes...) + hash := chainhash.HashB(toSign) + + // We use compact signature format, and also encoded the recovery ID + // such that a reader of the invoice can recover our pubkey from the + // signature. + sign, err := signer.SignCompact(hash) + if err != nil { + return "", err + } + + // From the header byte we can extract the recovery ID, and the last 64 + // bytes encode the signature. + recoveryID := sign[0] - 27 - 4 + var sig lnwire.Sig + copy(sig[:], sign[1:]) + + // If the pubkey field was explicitly set, it must be set to the pubkey + // used to create the signature. + if invoice.Destination != nil { + signature, err := sig.ToSignature() + if err != nil { + return "", fmt.Errorf("unable to deserialize "+ + "signature: %v", err) + } + + valid := signature.Verify(hash, invoice.Destination) + if !valid { + return "", fmt.Errorf("signature does not match " + + "provided pubkey") + } + } + + // Convert the signature to base32 before writing it to the buffer. + signBase32, err := bech32.ConvertBits(append(sig[:], recoveryID), 8, 5, true) + if err != nil { + return "", err + } + bufferBase32.Write(signBase32) + + // Now we can create the bech32 encoded string from the base32 buffer. + b32, err := bech32.Encode(hrp, bufferBase32.Bytes()) + if err != nil { + return "", err + } + + return b32, nil +} + +// Expiry returns the expiry time for this invoice. If expiry time is not set +// explicitly, the default 3600 second expiry will be returned. +func (invoice *Invoice) Expiry() time.Duration { + if invoice.expiry != nil { + return *invoice.expiry + } + + // If no expiry is set for this invoice, default is 3600 seconds. + return 3600 * time.Second +} + +// MinFinalCLTVExpiry returns the minimum final CLTV expiry delta as specified +// by the creator of the invoice. This value specifies the delta between the +// current height and the expiry height of the HTLC extended in the last hop. +func (invoice *Invoice) MinFinalCLTVExpiry() uint64 { + if invoice.minFinalCLTVExpiry != nil { + return *invoice.minFinalCLTVExpiry + } + + return DefaultFinalCLTVDelta +} + +// validateInvoice does a sanity check of the provided Invoice, making sure it +// has all the necessary fields set for it to be considered valid by BOLT-0011. +func validateInvoice(invoice *Invoice) error { + // The net must be set. + if invoice.Net == nil { + return fmt.Errorf("net params not set") + } + + // Ensure that if there is an amount set, it is not negative. + if invoice.MilliSat != nil && *invoice.MilliSat < 0 { + return fmt.Errorf("negative amount: %v", *invoice.MilliSat) + } + + // The invoice must contain a payment hash. + if invoice.PaymentHash == nil { + return fmt.Errorf("no payment hash found") + } + + // Either Description or DescriptionHash must be set, not both. + if invoice.Description != nil && invoice.DescriptionHash != nil { + return fmt.Errorf("both description and description hash set") + } + if invoice.Description == nil && invoice.DescriptionHash == nil { + return fmt.Errorf("neither description nor description hash set") + } + + // We'll restrict invoices to include up to 20 different private route + // hints. We do this to avoid overly large invoices. + if len(invoice.RouteHints) > 20 { + return fmt.Errorf("too many private routes: %d", + len(invoice.RouteHints)) + } + + // Each route hint can have at most 20 hops. + for i, routeHint := range invoice.RouteHints { + if len(routeHint) > 20 { + return fmt.Errorf("route hint %d has too many extra "+ + "hops: %d", i, len(routeHint)) + } + } + + // Check that we support the field lengths. + if len(invoice.PaymentHash) != 32 { + return fmt.Errorf("unsupported payment hash length: %d", + len(invoice.PaymentHash)) + } + + if invoice.DescriptionHash != nil && len(invoice.DescriptionHash) != 32 { + return fmt.Errorf("unsupported description hash length: %d", + len(invoice.DescriptionHash)) + } + + if invoice.Destination != nil && + len(invoice.Destination.SerializeCompressed()) != 33 { + return fmt.Errorf("unsupported pubkey length: %d", + len(invoice.Destination.SerializeCompressed())) + } + + return nil +} + +// parseData parses the data part of the invoice. It expects base32 data +// returned from the bech32.Decode method, except signature. +func parseData(invoice *Invoice, data []byte, net *chaincfg.Params) error { + // It must contain the timestamp, encoded using 35 bits (7 groups). + if len(data) < timestampBase32Len { + return fmt.Errorf("data too short: %d", len(data)) + } + + t, err := parseTimestamp(data[:timestampBase32Len]) + if err != nil { + return err + } + invoice.Timestamp = time.Unix(int64(t), 0) + + // The rest are tagged parts. + tagData := data[7:] + return parseTaggedFields(invoice, tagData, net) +} + +// parseTimestamp converts a 35-bit timestamp (encoded in base32) to uint64. +func parseTimestamp(data []byte) (uint64, error) { + if len(data) != timestampBase32Len { + return 0, fmt.Errorf("timestamp must be 35 bits, was %d", + len(data)*5) + } + + return base32ToUint64(data) +} + +// parseTaggedFields takes the base32 encoded tagged fields of the invoice, and +// fills the Invoice struct accordingly. +func parseTaggedFields(invoice *Invoice, fields []byte, net *chaincfg.Params) error { + index := 0 + for { + // If there are less than 3 groups to read, there cannot be more + // interesting information, as we need the type (1 group) and + // length (2 groups). + if len(fields)-index < 3 { + break + } + + typ := fields[index] + dataLength, err := parseFieldDataLength(fields[index+1 : index+3]) + if err != nil { + return err + } + + // If we don't have enough field data left to read this length, + // return error. + if len(fields) < index+3+int(dataLength) { + return fmt.Errorf("invalid field length") + } + base32Data := fields[index+3 : index+3+int(dataLength)] + + // Advance the index in preparation for the next iteration. + index += 3 + int(dataLength) + + switch typ { + case fieldTypeP: + if invoice.PaymentHash != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.PaymentHash, err = parsePaymentHash(base32Data) + case fieldTypeD: + if invoice.Description != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.Description, err = parseDescription(base32Data) + case fieldTypeN: + if invoice.Destination != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.Destination, err = parseDestination(base32Data) + case fieldTypeH: + if invoice.DescriptionHash != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.DescriptionHash, err = parseDescriptionHash(base32Data) + case fieldTypeX: + if invoice.expiry != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.expiry, err = parseExpiry(base32Data) + case fieldTypeC: + if invoice.minFinalCLTVExpiry != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.minFinalCLTVExpiry, err = parseMinFinalCLTVExpiry(base32Data) + case fieldTypeF: + if invoice.FallbackAddr != nil { + // We skip the field if we have already seen a + // supported one. + continue + } + + invoice.FallbackAddr, err = parseFallbackAddr(base32Data, net) + case fieldTypeR: + // An `r` field can be included in an invoice multiple + // times, so we won't skip it if we have already seen + // one. + routeHint, err := parseRouteHint(base32Data) + if err != nil { + return err + } + + invoice.RouteHints = append(invoice.RouteHints, routeHint) + default: + // Ignore unknown type. + } + + // Check if there was an error from parsing any of the tagged + // fields and return it. + if err != nil { + return err + } + } + + return nil +} + +// parseFieldDataLength converts the two byte slice into a uint16. +func parseFieldDataLength(data []byte) (uint16, error) { + if len(data) != 2 { + return 0, fmt.Errorf("data length must be 2 bytes, was %d", + len(data)) + } + + return uint16(data[0])<<5 | uint16(data[1]), nil +} + +// parsePaymentHash converts a 256-bit payment hash (encoded in base32) +// to *[32]byte. +func parsePaymentHash(data []byte) (*[32]byte, error) { + var paymentHash [32]byte + + // As BOLT-11 states, a reader must skip over the payment hash field if + // it does not have a length of 52, so avoid returning an error. + if len(data) != hashBase32Len { + return nil, nil + } + + hash, err := bech32.ConvertBits(data, 5, 8, false) + if err != nil { + return nil, err + } + + copy(paymentHash[:], hash[:]) + + return &paymentHash, nil +} + +// parseDescription converts the data (encoded in base32) into a string to use +// as the description. +func parseDescription(data []byte) (*string, error) { + base256Data, err := bech32.ConvertBits(data, 5, 8, false) + if err != nil { + return nil, err + } + + description := string(base256Data) + + return &description, nil +} + +// parseDestination converts the data (encoded in base32) into a 33-byte public +// key of the payee node. +func parseDestination(data []byte) (*btcec.PublicKey, error) { + // As BOLT-11 states, a reader must skip over the destination field + // if it does not have a length of 53, so avoid returning an error. + if len(data) != pubKeyBase32Len { + return nil, nil + } + + base256Data, err := bech32.ConvertBits(data, 5, 8, false) + if err != nil { + return nil, err + } + + return btcec.ParsePubKey(base256Data, btcec.S256()) +} + +// parseDescriptionHash converts a 256-bit description hash (encoded in base32) +// to *[32]byte. +func parseDescriptionHash(data []byte) (*[32]byte, error) { + var descriptionHash [32]byte + + // As BOLT-11 states, a reader must skip over the description hash field + // if it does not have a length of 52, so avoid returning an error. + if len(data) != hashBase32Len { + return nil, nil + } + + hash, err := bech32.ConvertBits(data, 5, 8, false) + if err != nil { + return nil, err + } + + copy(descriptionHash[:], hash[:]) + + return &descriptionHash, nil +} + +// parseExpiry converts the data (encoded in base32) into the expiry time. +func parseExpiry(data []byte) (*time.Duration, error) { + expiry, err := base32ToUint64(data) + if err != nil { + return nil, err + } + + duration := time.Duration(expiry) * time.Second + + return &duration, nil +} + +// parseMinFinalCLTVExpiry converts the data (encoded in base32) into a uint64 +// to use as the minFinalCLTVExpiry. +func parseMinFinalCLTVExpiry(data []byte) (*uint64, error) { + expiry, err := base32ToUint64(data) + if err != nil { + return nil, err + } + + return &expiry, nil +} + +// parseFallbackAddr converts the data (encoded in base32) into a fallback +// on-chain address. +func parseFallbackAddr(data []byte, net *chaincfg.Params) (btcutil.Address, error) { + // Checks if the data is empty or contains a version without an address. + if len(data) < 2 { + return nil, fmt.Errorf("empty fallback address field") + } + + var addr btcutil.Address + + version := data[0] + switch version { + case 0: + witness, err := bech32.ConvertBits(data[1:], 5, 8, false) + if err != nil { + return nil, err + } + + switch len(witness) { + case 20: + addr, err = btcutil.NewAddressWitnessPubKeyHash(witness, net) + case 32: + addr, err = btcutil.NewAddressWitnessScriptHash(witness, net) + default: + return nil, fmt.Errorf("unknown witness program length %d", + len(witness)) + } + + if err != nil { + return nil, err + } + case 17: + pubKeyHash, err := bech32.ConvertBits(data[1:], 5, 8, false) + if err != nil { + return nil, err + } + + addr, err = btcutil.NewAddressPubKeyHash(pubKeyHash, net) + if err != nil { + return nil, err + } + case 18: + scriptHash, err := bech32.ConvertBits(data[1:], 5, 8, false) + if err != nil { + return nil, err + } + + addr, err = btcutil.NewAddressScriptHashFromHash(scriptHash, net) + if err != nil { + return nil, err + } + default: + // Ignore unknown version. + } + + return addr, nil +} + +// parseRouteHint converts the data (encoded in base32) into an array containing +// one or more routing hop hints that represent a single route hint. +func parseRouteHint(data []byte) ([]HopHint, error) { + base256Data, err := bech32.ConvertBits(data, 5, 8, false) + if err != nil { + return nil, err + } + + if len(base256Data)%hopHintLen != 0 { + return nil, fmt.Errorf("expected length multiple of %d bytes, "+ + "got %d", hopHintLen, len(base256Data)) + } + + var routeHint []HopHint + + for len(base256Data) > 0 { + hopHint := HopHint{} + hopHint.NodeID, err = btcec.ParsePubKey(base256Data[:33], btcec.S256()) + if err != nil { + return nil, err + } + hopHint.ChannelID = binary.BigEndian.Uint64(base256Data[33:41]) + hopHint.FeeBaseMSat = binary.BigEndian.Uint32(base256Data[41:45]) + hopHint.FeeProportionalMillionths = binary.BigEndian.Uint32(base256Data[45:49]) + hopHint.CLTVExpiryDelta = binary.BigEndian.Uint16(base256Data[49:51]) + + routeHint = append(routeHint, hopHint) + + base256Data = base256Data[51:] + } + + return routeHint, nil +} + +// writeTaggedFields writes the non-nil tagged fields of the Invoice to the +// base32 buffer. +func writeTaggedFields(bufferBase32 *bytes.Buffer, invoice *Invoice) error { + if invoice.PaymentHash != nil { + // Convert 32 byte hash to 52 5-bit groups. + base32, err := bech32.ConvertBits(invoice.PaymentHash[:], 8, 5, + true) + if err != nil { + return err + } + if len(base32) != hashBase32Len { + return fmt.Errorf("invalid payment hash length: %d", + len(invoice.PaymentHash)) + } + + err = writeTaggedField(bufferBase32, fieldTypeP, base32) + if err != nil { + return err + } + } + + if invoice.Description != nil { + base32, err := bech32.ConvertBits([]byte(*invoice.Description), + 8, 5, true) + if err != nil { + return err + } + err = writeTaggedField(bufferBase32, fieldTypeD, base32) + if err != nil { + return err + } + } + + if invoice.DescriptionHash != nil { + // Convert 32 byte hash to 52 5-bit groups. + descBase32, err := bech32.ConvertBits( + invoice.DescriptionHash[:], 8, 5, true) + if err != nil { + return err + } + + if len(descBase32) != hashBase32Len { + return fmt.Errorf("invalid description hash length: %d", + len(invoice.DescriptionHash)) + } + + err = writeTaggedField(bufferBase32, fieldTypeH, descBase32) + if err != nil { + return err + } + } + + if invoice.minFinalCLTVExpiry != nil { + finalDelta := uint64ToBase32(uint64(*invoice.minFinalCLTVExpiry)) + err := writeTaggedField(bufferBase32, fieldTypeC, finalDelta) + if err != nil { + return err + } + } + + if invoice.expiry != nil { + seconds := invoice.expiry.Seconds() + expiry := uint64ToBase32(uint64(seconds)) + err := writeTaggedField(bufferBase32, fieldTypeX, expiry) + if err != nil { + return err + } + } + + if invoice.FallbackAddr != nil { + var version byte + switch addr := invoice.FallbackAddr.(type) { + case *btcutil.AddressPubKeyHash: + version = 17 + case *btcutil.AddressScriptHash: + version = 18 + case *btcutil.AddressWitnessPubKeyHash: + version = addr.WitnessVersion() + case *btcutil.AddressWitnessScriptHash: + version = addr.WitnessVersion() + default: + return fmt.Errorf("unknown fallback address type") + } + base32Addr, err := bech32.ConvertBits( + invoice.FallbackAddr.ScriptAddress(), 8, 5, true) + if err != nil { + return err + } + + err = writeTaggedField(bufferBase32, fieldTypeF, + append([]byte{version}, base32Addr...)) + if err != nil { + return err + } + } + + for _, routeHint := range invoice.RouteHints { + // Each hop hint is encoded using 51 bytes, so we'll make to + // sure to allocate enough space for the whole route hint. + routeHintBase256 := make([]byte, 0, hopHintLen*len(routeHint)) + + for _, hopHint := range routeHint { + hopHintBase256 := make([]byte, hopHintLen) + copy(hopHintBase256[:33], hopHint.NodeID.SerializeCompressed()) + binary.BigEndian.PutUint64( + hopHintBase256[33:41], hopHint.ChannelID, + ) + binary.BigEndian.PutUint32( + hopHintBase256[41:45], hopHint.FeeBaseMSat, + ) + binary.BigEndian.PutUint32( + hopHintBase256[45:49], hopHint.FeeProportionalMillionths, + ) + binary.BigEndian.PutUint16( + hopHintBase256[49:51], hopHint.CLTVExpiryDelta, + ) + routeHintBase256 = append(routeHintBase256, hopHintBase256...) + } + + routeHintBase32, err := bech32.ConvertBits( + routeHintBase256, 8, 5, true, + ) + if err != nil { + return err + } + + err = writeTaggedField(bufferBase32, fieldTypeR, routeHintBase32) + if err != nil { + return err + } + } + + if invoice.Destination != nil { + // Convert 33 byte pubkey to 53 5-bit groups. + pubKeyBase32, err := bech32.ConvertBits( + invoice.Destination.SerializeCompressed(), 8, 5, true) + if err != nil { + return nil + } + + if len(pubKeyBase32) != pubKeyBase32Len { + return fmt.Errorf("invalid pubkey length: %d", + len(invoice.Destination.SerializeCompressed())) + } + + err = writeTaggedField(bufferBase32, fieldTypeN, pubKeyBase32) + if err != nil { + return err + } + } + + return nil +} + +// writeTaggedField takes the type of a tagged data field, and the data of +// the tagged field (encoded in base32), and writes the type, length and data +// to the buffer. +func writeTaggedField(bufferBase32 *bytes.Buffer, dataType byte, data []byte) error { + // Length must be exactly 10 bits, so add leading zero groups if + // needed. + lenBase32 := uint64ToBase32(uint64(len(data))) + for len(lenBase32) < 2 { + lenBase32 = append([]byte{0}, lenBase32...) + } + + if len(lenBase32) != 2 { + return fmt.Errorf("data length too big to fit within 10 bits: %d", + len(data)) + } + + err := bufferBase32.WriteByte(dataType) + if err != nil { + return fmt.Errorf("unable to write to buffer: %v", err) + } + _, err = bufferBase32.Write(lenBase32) + if err != nil { + return fmt.Errorf("unable to write to buffer: %v", err) + } + _, err = bufferBase32.Write(data) + if err != nil { + return fmt.Errorf("unable to write to buffer: %v", err) + } + + return nil +} + +// base32ToUint64 converts a base32 encoded number to uint64. +func base32ToUint64(data []byte) (uint64, error) { + // Maximum that fits in uint64 is ceil(64 / 5) = 12 groups. + if len(data) > 13 { + return 0, fmt.Errorf("cannot parse data of length %d as uint64", + len(data)) + } + + val := uint64(0) + for i := 0; i < len(data); i++ { + val = val<<5 | uint64(data[i]) + } + return val, nil +} + +// uint64ToBase32 converts a uint64 to a base32 encoded integer encoded using +// as few 5-bit groups as possible. +func uint64ToBase32(num uint64) []byte { + // Return at least one group. + if num == 0 { + return []byte{0} + } + + // To fit an uint64, we need at most is ceil(64 / 5) = 13 groups. + arr := make([]byte, 13) + i := 13 + for num > 0 { + i-- + arr[i] = byte(num & uint64(31)) // 0b11111 in binary + num = num >> 5 + } + + // We only return non-zero leading groups. + return arr[i:] +} diff --git a/vendor/github.com/miekg/dns/.gitignore b/vendor/github.com/miekg/dns/.gitignore new file mode 100644 index 0000000..776cd95 --- /dev/null +++ b/vendor/github.com/miekg/dns/.gitignore @@ -0,0 +1,4 @@ +*.6 +tags +test.out +a.out diff --git a/vendor/github.com/miekg/dns/.travis.yml b/vendor/github.com/miekg/dns/.travis.yml new file mode 100644 index 0000000..542dd68 --- /dev/null +++ b/vendor/github.com/miekg/dns/.travis.yml @@ -0,0 +1,20 @@ +language: go +sudo: false +go: + - 1.9.x + - tip + +env: + - TESTS="-race -v -bench=. -coverprofile=coverage.txt -covermode=atomic" + - TESTS="-race -v ./..." + +before_install: + # don't use the miekg/dns when testing forks + - mkdir -p $GOPATH/src/github.com/miekg + - ln -s $TRAVIS_BUILD_DIR $GOPATH/src/github.com/miekg/ || true + +script: + - go test $TESTS + +after_success: + - bash <(curl -s https://codecov.io/bash) diff --git a/vendor/github.com/miekg/dns/AUTHORS b/vendor/github.com/miekg/dns/AUTHORS new file mode 100644 index 0000000..1965683 --- /dev/null +++ b/vendor/github.com/miekg/dns/AUTHORS @@ -0,0 +1 @@ +Miek Gieben diff --git a/vendor/github.com/miekg/dns/CONTRIBUTORS b/vendor/github.com/miekg/dns/CONTRIBUTORS new file mode 100644 index 0000000..5903779 --- /dev/null +++ b/vendor/github.com/miekg/dns/CONTRIBUTORS @@ -0,0 +1,10 @@ +Alex A. Skinner +Andrew Tunnell-Jones +Ask Bjørn Hansen +Dave Cheney +Dusty Wilson +Marek Majkowski +Peter van Dijk +Omri Bahumi +Alex Sergeyev +James Hartig diff --git a/vendor/github.com/miekg/dns/COPYRIGHT b/vendor/github.com/miekg/dns/COPYRIGHT new file mode 100644 index 0000000..35702b1 --- /dev/null +++ b/vendor/github.com/miekg/dns/COPYRIGHT @@ -0,0 +1,9 @@ +Copyright 2009 The Go Authors. All rights reserved. Use of this source code +is governed by a BSD-style license that can be found in the LICENSE file. +Extensions of the original work are copyright (c) 2011 Miek Gieben + +Copyright 2011 Miek Gieben. All rights reserved. Use of this source code is +governed by a BSD-style license that can be found in the LICENSE file. + +Copyright 2014 CloudFlare. All rights reserved. Use of this source code is +governed by a BSD-style license that can be found in the LICENSE file. diff --git a/vendor/github.com/miekg/dns/LICENSE b/vendor/github.com/miekg/dns/LICENSE new file mode 100644 index 0000000..5763fa7 --- /dev/null +++ b/vendor/github.com/miekg/dns/LICENSE @@ -0,0 +1,32 @@ +Extensions of the original work are copyright (c) 2011 Miek Gieben + +As this is fork of the official Go code the same license applies: + +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/vendor/github.com/miekg/dns/Makefile.fuzz b/vendor/github.com/miekg/dns/Makefile.fuzz new file mode 100644 index 0000000..dc158c4 --- /dev/null +++ b/vendor/github.com/miekg/dns/Makefile.fuzz @@ -0,0 +1,33 @@ +# Makefile for fuzzing +# +# Use go-fuzz and needs the tools installed. +# See https://blog.cloudflare.com/dns-parser-meet-go-fuzzer/ +# +# Installing go-fuzz: +# $ make -f Makefile.fuzz get +# Installs: +# * github.com/dvyukov/go-fuzz/go-fuzz +# * get github.com/dvyukov/go-fuzz/go-fuzz-build + +all: build + +.PHONY: build +build: + go-fuzz-build -tags fuzz github.com/miekg/dns + +.PHONY: build-newrr +build-newrr: + go-fuzz-build -func FuzzNewRR -tags fuzz github.com/miekg/dns + +.PHONY: fuzz +fuzz: + go-fuzz -bin=dns-fuzz.zip -workdir=fuzz + +.PHONY: get +get: + go get github.com/dvyukov/go-fuzz/go-fuzz + go get github.com/dvyukov/go-fuzz/go-fuzz-build + +.PHONY: clean +clean: + rm *-fuzz.zip diff --git a/vendor/github.com/miekg/dns/README.md b/vendor/github.com/miekg/dns/README.md new file mode 100644 index 0000000..3a13b2d --- /dev/null +++ b/vendor/github.com/miekg/dns/README.md @@ -0,0 +1,164 @@ +[![Build Status](https://travis-ci.org/miekg/dns.svg?branch=master)](https://travis-ci.org/miekg/dns) +[![Code Coverage](https://img.shields.io/codecov/c/github/miekg/dns/master.svg)](https://codecov.io/github/miekg/dns?branch=master) +[![Go Report Card](https://goreportcard.com/badge/github.com/miekg/dns)](https://goreportcard.com/report/miekg/dns) +[![](https://godoc.org/github.com/miekg/dns?status.svg)](https://godoc.org/github.com/miekg/dns) + +# Alternative (more granular) approach to a DNS library + +> Less is more. + +Complete and usable DNS library. All widely used Resource Records are supported, including the +DNSSEC types. It follows a lean and mean philosophy. If there is stuff you should know as a DNS +programmer there isn't a convenience function for it. Server side and client side programming is +supported, i.e. you can build servers and resolvers with it. + +We try to keep the "master" branch as sane as possible and at the bleeding edge of standards, +avoiding breaking changes wherever reasonable. We support the last two versions of Go. + +# Goals + +* KISS; +* Fast; +* Small API. If it's easy to code in Go, don't make a function for it. + +# Users + +A not-so-up-to-date-list-that-may-be-actually-current: + +* https://github.com/coredns/coredns +* https://cloudflare.com +* https://github.com/abh/geodns +* http://www.statdns.com/ +* http://www.dnsinspect.com/ +* https://github.com/chuangbo/jianbing-dictionary-dns +* http://www.dns-lg.com/ +* https://github.com/fcambus/rrda +* https://github.com/kenshinx/godns +* https://github.com/skynetservices/skydns +* https://github.com/hashicorp/consul +* https://github.com/DevelopersPL/godnsagent +* https://github.com/duedil-ltd/discodns +* https://github.com/StalkR/dns-reverse-proxy +* https://github.com/tianon/rawdns +* https://mesosphere.github.io/mesos-dns/ +* https://pulse.turbobytes.com/ +* https://play.google.com/store/apps/details?id=com.turbobytes.dig +* https://github.com/fcambus/statzone +* https://github.com/benschw/dns-clb-go +* https://github.com/corny/dnscheck for http://public-dns.info/ +* https://namesmith.io +* https://github.com/miekg/unbound +* https://github.com/miekg/exdns +* https://dnslookup.org +* https://github.com/looterz/grimd +* https://github.com/phamhongviet/serf-dns +* https://github.com/mehrdadrad/mylg +* https://github.com/bamarni/dockness +* https://github.com/fffaraz/microdns +* http://kelda.io +* https://github.com/ipdcode/hades (JD.COM) +* https://github.com/StackExchange/dnscontrol/ +* https://www.dnsperf.com/ +* https://dnssectest.net/ +* https://dns.apebits.com +* https://github.com/oif/apex + +Send pull request if you want to be listed here. + +# Features + +* UDP/TCP queries, IPv4 and IPv6; +* RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported; +* Fast: + * Reply speed around ~ 80K qps (faster hardware results in more qps); + * Parsing RRs ~ 100K RR/s, that's 5M records in about 50 seconds; +* Server side programming (mimicking the net/http package); +* Client side programming; +* DNSSEC: signing, validating and key generation for DSA, RSA and ECDSA; +* EDNS0, NSID, Cookies; +* AXFR/IXFR; +* TSIG, SIG(0); +* DNS over TLS: optional encrypted connection between client and server; +* DNS name compression; +* Depends only on the standard library. + +Have fun! + +Miek Gieben - 2010-2012 - + +# Building + +Building is done with the `go` tool. If you have setup your GOPATH correctly, the following should +work: + + go get github.com/miekg/dns + go build github.com/miekg/dns + +## Examples + +A short "how to use the API" is at the beginning of doc.go (this also will show +when you call `godoc github.com/miekg/dns`). + +Example programs can be found in the `github.com/miekg/exdns` repository. + +## Supported RFCs + +*all of them* + +* 103{4,5} - DNS standard +* 1348 - NSAP record (removed the record) +* 1982 - Serial Arithmetic +* 1876 - LOC record +* 1995 - IXFR +* 1996 - DNS notify +* 2136 - DNS Update (dynamic updates) +* 2181 - RRset definition - there is no RRset type though, just []RR +* 2537 - RSAMD5 DNS keys +* 2065 - DNSSEC (updated in later RFCs) +* 2671 - EDNS record +* 2782 - SRV record +* 2845 - TSIG record +* 2915 - NAPTR record +* 2929 - DNS IANA Considerations +* 3110 - RSASHA1 DNS keys +* 3225 - DO bit (DNSSEC OK) +* 340{1,2,3} - NAPTR record +* 3445 - Limiting the scope of (DNS)KEY +* 3597 - Unknown RRs +* 403{3,4,5} - DNSSEC + validation functions +* 4255 - SSHFP record +* 4343 - Case insensitivity +* 4408 - SPF record +* 4509 - SHA256 Hash in DS +* 4592 - Wildcards in the DNS +* 4635 - HMAC SHA TSIG +* 4701 - DHCID +* 4892 - id.server +* 5001 - NSID +* 5155 - NSEC3 record +* 5205 - HIP record +* 5702 - SHA2 in the DNS +* 5936 - AXFR +* 5966 - TCP implementation recommendations +* 6605 - ECDSA +* 6725 - IANA Registry Update +* 6742 - ILNP DNS +* 6840 - Clarifications and Implementation Notes for DNS Security +* 6844 - CAA record +* 6891 - EDNS0 update +* 6895 - DNS IANA considerations +* 6975 - Algorithm Understanding in DNSSEC +* 7043 - EUI48/EUI64 records +* 7314 - DNS (EDNS) EXPIRE Option +* 7477 - CSYNC RR +* 7828 - edns-tcp-keepalive EDNS0 Option +* 7553 - URI record +* 7858 - DNS over TLS: Initiation and Performance Considerations +* 7873 - Domain Name System (DNS) Cookies (draft-ietf-dnsop-cookies) + +## Loosely based upon + +* `ldns` +* `NSD` +* `Net::DNS` +* `GRONG` diff --git a/vendor/github.com/miekg/dns/client.go b/vendor/github.com/miekg/dns/client.go new file mode 100644 index 0000000..2c51588 --- /dev/null +++ b/vendor/github.com/miekg/dns/client.go @@ -0,0 +1,507 @@ +package dns + +// A client implementation. + +import ( + "bytes" + "context" + "crypto/tls" + "encoding/binary" + "io" + "net" + "strings" + "time" +) + +const dnsTimeout time.Duration = 2 * time.Second +const tcpIdleTimeout time.Duration = 8 * time.Second + +// A Conn represents a connection to a DNS server. +type Conn struct { + net.Conn // a net.Conn holding the connection + UDPSize uint16 // minimum receive buffer for UDP messages + TsigSecret map[string]string // secret(s) for Tsig map[], zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) + rtt time.Duration + t time.Time + tsigRequestMAC string +} + +// A Client defines parameters for a DNS client. +type Client struct { + Net string // if "tcp" or "tcp-tls" (DNS over TLS) a TCP query will be initiated, otherwise an UDP one (default is "" for UDP) + UDPSize uint16 // minimum receive buffer for UDP messages + TLSConfig *tls.Config // TLS connection configuration + Dialer *net.Dialer // a net.Dialer used to set local address, timeouts and more + // Timeout is a cumulative timeout for dial, write and read, defaults to 0 (disabled) - overrides DialTimeout, ReadTimeout, + // WriteTimeout when non-zero. Can be overridden with net.Dialer.Timeout (see Client.ExchangeWithDialer and + // Client.Dialer) or context.Context.Deadline (see the deprecated ExchangeContext) + Timeout time.Duration + DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds, or net.Dialer.Timeout if expiring earlier - overridden by Timeout when that value is non-zero + ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero + WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero + TsigSecret map[string]string // secret(s) for Tsig map[], zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) + SingleInflight bool // if true suppress multiple outstanding queries for the same Qname, Qtype and Qclass + group singleflight +} + +// Exchange performs a synchronous UDP query. It sends the message m to the address +// contained in a and waits for a reply. Exchange does not retry a failed query, nor +// will it fall back to TCP in case of truncation. +// See client.Exchange for more information on setting larger buffer sizes. +func Exchange(m *Msg, a string) (r *Msg, err error) { + client := Client{Net: "udp"} + r, _, err = client.Exchange(m, a) + return r, err +} + +func (c *Client) dialTimeout() time.Duration { + if c.Timeout != 0 { + return c.Timeout + } + if c.DialTimeout != 0 { + return c.DialTimeout + } + return dnsTimeout +} + +func (c *Client) readTimeout() time.Duration { + if c.ReadTimeout != 0 { + return c.ReadTimeout + } + return dnsTimeout +} + +func (c *Client) writeTimeout() time.Duration { + if c.WriteTimeout != 0 { + return c.WriteTimeout + } + return dnsTimeout +} + +// Dial connects to the address on the named network. +func (c *Client) Dial(address string) (conn *Conn, err error) { + // create a new dialer with the appropriate timeout + var d net.Dialer + if c.Dialer == nil { + d = net.Dialer{} + } else { + d = net.Dialer(*c.Dialer) + } + d.Timeout = c.getTimeoutForRequest(c.writeTimeout()) + + network := "udp" + useTLS := false + + switch c.Net { + case "tcp-tls": + network = "tcp" + useTLS = true + case "tcp4-tls": + network = "tcp4" + useTLS = true + case "tcp6-tls": + network = "tcp6" + useTLS = true + default: + if c.Net != "" { + network = c.Net + } + } + + conn = new(Conn) + if useTLS { + conn.Conn, err = tls.DialWithDialer(&d, network, address, c.TLSConfig) + } else { + conn.Conn, err = d.Dial(network, address) + } + if err != nil { + return nil, err + } + return conn, nil +} + +// Exchange performs a synchronous query. It sends the message m to the address +// contained in a and waits for a reply. Basic use pattern with a *dns.Client: +// +// c := new(dns.Client) +// in, rtt, err := c.Exchange(message, "127.0.0.1:53") +// +// Exchange does not retry a failed query, nor will it fall back to TCP in +// case of truncation. +// It is up to the caller to create a message that allows for larger responses to be +// returned. Specifically this means adding an EDNS0 OPT RR that will advertise a larger +// buffer, see SetEdns0. Messages without an OPT RR will fallback to the historic limit +// of 512 bytes +// To specify a local address or a timeout, the caller has to set the `Client.Dialer` +// attribute appropriately +func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, err error) { + if !c.SingleInflight { + return c.exchange(m, address) + } + + t := "nop" + if t1, ok := TypeToString[m.Question[0].Qtype]; ok { + t = t1 + } + cl := "nop" + if cl1, ok := ClassToString[m.Question[0].Qclass]; ok { + cl = cl1 + } + r, rtt, err, shared := c.group.Do(m.Question[0].Name+t+cl, func() (*Msg, time.Duration, error) { + return c.exchange(m, address) + }) + if r != nil && shared { + r = r.Copy() + } + return r, rtt, err +} + +func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err error) { + var co *Conn + + co, err = c.Dial(a) + + if err != nil { + return nil, 0, err + } + defer co.Close() + + opt := m.IsEdns0() + // If EDNS0 is used use that for size. + if opt != nil && opt.UDPSize() >= MinMsgSize { + co.UDPSize = opt.UDPSize() + } + // Otherwise use the client's configured UDP size. + if opt == nil && c.UDPSize >= MinMsgSize { + co.UDPSize = c.UDPSize + } + + co.TsigSecret = c.TsigSecret + // write with the appropriate write timeout + co.SetWriteDeadline(time.Now().Add(c.getTimeoutForRequest(c.writeTimeout()))) + if err = co.WriteMsg(m); err != nil { + return nil, 0, err + } + + co.SetReadDeadline(time.Now().Add(c.getTimeoutForRequest(c.readTimeout()))) + r, err = co.ReadMsg() + if err == nil && r.Id != m.Id { + err = ErrId + } + return r, co.rtt, err +} + +// ReadMsg reads a message from the connection co. +// If the received message contains a TSIG record the transaction +// signature is verified. +func (co *Conn) ReadMsg() (*Msg, error) { + p, err := co.ReadMsgHeader(nil) + if err != nil { + return nil, err + } + + m := new(Msg) + if err := m.Unpack(p); err != nil { + // If ErrTruncated was returned, we still want to allow the user to use + // the message, but naively they can just check err if they don't want + // to use a truncated message + if err == ErrTruncated { + return m, err + } + return nil, err + } + if t := m.IsTsig(); t != nil { + if _, ok := co.TsigSecret[t.Hdr.Name]; !ok { + return m, ErrSecret + } + // Need to work on the original message p, as that was used to calculate the tsig. + err = TsigVerify(p, co.TsigSecret[t.Hdr.Name], co.tsigRequestMAC, false) + } + return m, err +} + +// ReadMsgHeader reads a DNS message, parses and populates hdr (when hdr is not nil). +// Returns message as a byte slice to be parsed with Msg.Unpack later on. +// Note that error handling on the message body is not possible as only the header is parsed. +func (co *Conn) ReadMsgHeader(hdr *Header) ([]byte, error) { + var ( + p []byte + n int + err error + ) + + switch t := co.Conn.(type) { + case *net.TCPConn, *tls.Conn: + r := t.(io.Reader) + + // First two bytes specify the length of the entire message. + l, err := tcpMsgLen(r) + if err != nil { + return nil, err + } + p = make([]byte, l) + n, err = tcpRead(r, p) + co.rtt = time.Since(co.t) + default: + if co.UDPSize > MinMsgSize { + p = make([]byte, co.UDPSize) + } else { + p = make([]byte, MinMsgSize) + } + n, err = co.Read(p) + co.rtt = time.Since(co.t) + } + + if err != nil { + return nil, err + } else if n < headerSize { + return nil, ErrShortRead + } + + p = p[:n] + if hdr != nil { + dh, _, err := unpackMsgHdr(p, 0) + if err != nil { + return nil, err + } + *hdr = dh + } + return p, err +} + +// tcpMsgLen is a helper func to read first two bytes of stream as uint16 packet length. +func tcpMsgLen(t io.Reader) (int, error) { + p := []byte{0, 0} + n, err := t.Read(p) + if err != nil { + return 0, err + } + + // As seen with my local router/switch, returns 1 byte on the above read, + // resulting a a ShortRead. Just write it out (instead of loop) and read the + // other byte. + if n == 1 { + n1, err := t.Read(p[1:]) + if err != nil { + return 0, err + } + n += n1 + } + + if n != 2 { + return 0, ErrShortRead + } + l := binary.BigEndian.Uint16(p) + if l == 0 { + return 0, ErrShortRead + } + return int(l), nil +} + +// tcpRead calls TCPConn.Read enough times to fill allocated buffer. +func tcpRead(t io.Reader, p []byte) (int, error) { + n, err := t.Read(p) + if err != nil { + return n, err + } + for n < len(p) { + j, err := t.Read(p[n:]) + if err != nil { + return n, err + } + n += j + } + return n, err +} + +// Read implements the net.Conn read method. +func (co *Conn) Read(p []byte) (n int, err error) { + if co.Conn == nil { + return 0, ErrConnEmpty + } + if len(p) < 2 { + return 0, io.ErrShortBuffer + } + switch t := co.Conn.(type) { + case *net.TCPConn, *tls.Conn: + r := t.(io.Reader) + + l, err := tcpMsgLen(r) + if err != nil { + return 0, err + } + if l > len(p) { + return int(l), io.ErrShortBuffer + } + return tcpRead(r, p[:l]) + } + // UDP connection + n, err = co.Conn.Read(p) + if err != nil { + return n, err + } + return n, err +} + +// WriteMsg sends a message through the connection co. +// If the message m contains a TSIG record the transaction +// signature is calculated. +func (co *Conn) WriteMsg(m *Msg) (err error) { + var out []byte + if t := m.IsTsig(); t != nil { + mac := "" + if _, ok := co.TsigSecret[t.Hdr.Name]; !ok { + return ErrSecret + } + out, mac, err = TsigGenerate(m, co.TsigSecret[t.Hdr.Name], co.tsigRequestMAC, false) + // Set for the next read, although only used in zone transfers + co.tsigRequestMAC = mac + } else { + out, err = m.Pack() + } + if err != nil { + return err + } + co.t = time.Now() + if _, err = co.Write(out); err != nil { + return err + } + return nil +} + +// Write implements the net.Conn Write method. +func (co *Conn) Write(p []byte) (n int, err error) { + switch t := co.Conn.(type) { + case *net.TCPConn, *tls.Conn: + w := t.(io.Writer) + + lp := len(p) + if lp < 2 { + return 0, io.ErrShortBuffer + } + if lp > MaxMsgSize { + return 0, &Error{err: "message too large"} + } + l := make([]byte, 2, lp+2) + binary.BigEndian.PutUint16(l, uint16(lp)) + p = append(l, p...) + n, err := io.Copy(w, bytes.NewReader(p)) + return int(n), err + } + n, err = co.Conn.Write(p) + return n, err +} + +// Return the appropriate timeout for a specific request +func (c *Client) getTimeoutForRequest(timeout time.Duration) time.Duration { + var requestTimeout time.Duration + if c.Timeout != 0 { + requestTimeout = c.Timeout + } else { + requestTimeout = timeout + } + // net.Dialer.Timeout has priority if smaller than the timeouts computed so + // far + if c.Dialer != nil && c.Dialer.Timeout != 0 { + if c.Dialer.Timeout < requestTimeout { + requestTimeout = c.Dialer.Timeout + } + } + return requestTimeout +} + +// Dial connects to the address on the named network. +func Dial(network, address string) (conn *Conn, err error) { + conn = new(Conn) + conn.Conn, err = net.Dial(network, address) + if err != nil { + return nil, err + } + return conn, nil +} + +// ExchangeContext performs a synchronous UDP query, like Exchange. It +// additionally obeys deadlines from the passed Context. +func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error) { + client := Client{Net: "udp"} + r, _, err = client.ExchangeContext(ctx, m, a) + // ignorint rtt to leave the original ExchangeContext API unchanged, but + // this function will go away + return r, err +} + +// ExchangeConn performs a synchronous query. It sends the message m via the connection +// c and waits for a reply. The connection c is not closed by ExchangeConn. +// This function is going away, but can easily be mimicked: +// +// co := &dns.Conn{Conn: c} // c is your net.Conn +// co.WriteMsg(m) +// in, _ := co.ReadMsg() +// co.Close() +// +func ExchangeConn(c net.Conn, m *Msg) (r *Msg, err error) { + println("dns: ExchangeConn: this function is deprecated") + co := new(Conn) + co.Conn = c + if err = co.WriteMsg(m); err != nil { + return nil, err + } + r, err = co.ReadMsg() + if err == nil && r.Id != m.Id { + err = ErrId + } + return r, err +} + +// DialTimeout acts like Dial but takes a timeout. +func DialTimeout(network, address string, timeout time.Duration) (conn *Conn, err error) { + client := Client{Net: network, Dialer: &net.Dialer{Timeout: timeout}} + conn, err = client.Dial(address) + if err != nil { + return nil, err + } + return conn, nil +} + +// DialWithTLS connects to the address on the named network with TLS. +func DialWithTLS(network, address string, tlsConfig *tls.Config) (conn *Conn, err error) { + if !strings.HasSuffix(network, "-tls") { + network += "-tls" + } + client := Client{Net: network, TLSConfig: tlsConfig} + conn, err = client.Dial(address) + + if err != nil { + return nil, err + } + return conn, nil +} + +// DialTimeoutWithTLS acts like DialWithTLS but takes a timeout. +func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout time.Duration) (conn *Conn, err error) { + if !strings.HasSuffix(network, "-tls") { + network += "-tls" + } + client := Client{Net: network, Dialer: &net.Dialer{Timeout: timeout}, TLSConfig: tlsConfig} + conn, err = client.Dial(address) + if err != nil { + return nil, err + } + return conn, nil +} + +// ExchangeContext acts like Exchange, but honors the deadline on the provided +// context, if present. If there is both a context deadline and a configured +// timeout on the client, the earliest of the two takes effect. +func (c *Client) ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error) { + var timeout time.Duration + if deadline, ok := ctx.Deadline(); !ok { + timeout = 0 + } else { + timeout = deadline.Sub(time.Now()) + } + // not passing the context to the underlying calls, as the API does not support + // context. For timeouts you should set up Client.Dialer and call Client.Exchange. + c.Dialer = &net.Dialer{Timeout: timeout} + return c.Exchange(m, a) +} diff --git a/vendor/github.com/miekg/dns/clientconfig.go b/vendor/github.com/miekg/dns/clientconfig.go new file mode 100644 index 0000000..6479fef --- /dev/null +++ b/vendor/github.com/miekg/dns/clientconfig.go @@ -0,0 +1,137 @@ +package dns + +import ( + "bufio" + "io" + "os" + "strconv" + "strings" +) + +// ClientConfig wraps the contents of the /etc/resolv.conf file. +type ClientConfig struct { + Servers []string // servers to use + Search []string // suffixes to append to local name + Port string // what port to use + Ndots int // number of dots in name to trigger absolute lookup + Timeout int // seconds before giving up on packet + Attempts int // lost packets before giving up on server, not used in the package dns +} + +// ClientConfigFromFile parses a resolv.conf(5) like file and returns +// a *ClientConfig. +func ClientConfigFromFile(resolvconf string) (*ClientConfig, error) { + file, err := os.Open(resolvconf) + if err != nil { + return nil, err + } + defer file.Close() + return ClientConfigFromReader(file) +} + +// ClientConfigFromReader works like ClientConfigFromFile but takes an io.Reader as argument +func ClientConfigFromReader(resolvconf io.Reader) (*ClientConfig, error) { + c := new(ClientConfig) + scanner := bufio.NewScanner(resolvconf) + c.Servers = make([]string, 0) + c.Search = make([]string, 0) + c.Port = "53" + c.Ndots = 1 + c.Timeout = 5 + c.Attempts = 2 + + for scanner.Scan() { + if err := scanner.Err(); err != nil { + return nil, err + } + line := scanner.Text() + f := strings.Fields(line) + if len(f) < 1 { + continue + } + switch f[0] { + case "nameserver": // add one name server + if len(f) > 1 { + // One more check: make sure server name is + // just an IP address. Otherwise we need DNS + // to look it up. + name := f[1] + c.Servers = append(c.Servers, name) + } + + case "domain": // set search path to just this domain + if len(f) > 1 { + c.Search = make([]string, 1) + c.Search[0] = f[1] + } else { + c.Search = make([]string, 0) + } + + case "search": // set search path to given servers + c.Search = make([]string, len(f)-1) + for i := 0; i < len(c.Search); i++ { + c.Search[i] = f[i+1] + } + + case "options": // magic options + for i := 1; i < len(f); i++ { + s := f[i] + switch { + case len(s) >= 6 && s[:6] == "ndots:": + n, _ := strconv.Atoi(s[6:]) + if n < 1 { + n = 1 + } + c.Ndots = n + case len(s) >= 8 && s[:8] == "timeout:": + n, _ := strconv.Atoi(s[8:]) + if n < 1 { + n = 1 + } + c.Timeout = n + case len(s) >= 8 && s[:9] == "attempts:": + n, _ := strconv.Atoi(s[9:]) + if n < 1 { + n = 1 + } + c.Attempts = n + case s == "rotate": + /* not imp */ + } + } + } + } + return c, nil +} + +// NameList returns all of the names that should be queried based on the +// config. It is based off of go's net/dns name building, but it does not +// check the length of the resulting names. +func (c *ClientConfig) NameList(name string) []string { + // if this domain is already fully qualified, no append needed. + if IsFqdn(name) { + return []string{name} + } + + // Check to see if the name has more labels than Ndots. Do this before making + // the domain fully qualified. + hasNdots := CountLabel(name) > c.Ndots + // Make the domain fully qualified. + name = Fqdn(name) + + // Make a list of names based off search. + names := []string{} + + // If name has enough dots, try that first. + if hasNdots { + names = append(names, name) + } + for _, s := range c.Search { + names = append(names, Fqdn(name+s)) + } + // If we didn't have enough dots, try after suffixes. + if !hasNdots { + names = append(names, name) + } + return names +} diff --git a/vendor/github.com/miekg/dns/compress_generate.go b/vendor/github.com/miekg/dns/compress_generate.go new file mode 100644 index 0000000..d2e5db2 --- /dev/null +++ b/vendor/github.com/miekg/dns/compress_generate.go @@ -0,0 +1,189 @@ +//+build ignore + +// compression_generate.go is meant to run with go generate. It will use +// go/{importer,types} to track down all the RR struct types. Then for each type +// it will look to see if there are (compressible) names, if so it will add that +// type to compressionLenHelperType and comressionLenSearchType which "fake" the +// compression so that Len() is fast. +package main + +import ( + "bytes" + "fmt" + "go/format" + "go/importer" + "go/types" + "log" + "os" +) + +var packageHdr = ` +// *** DO NOT MODIFY *** +// AUTOGENERATED BY go generate from compress_generate.go + +package dns + +` + +// getTypeStruct will take a type and the package scope, and return the +// (innermost) struct if the type is considered a RR type (currently defined as +// those structs beginning with a RR_Header, could be redefined as implementing +// the RR interface). The bool return value indicates if embedded structs were +// resolved. +func getTypeStruct(t types.Type, scope *types.Scope) (*types.Struct, bool) { + st, ok := t.Underlying().(*types.Struct) + if !ok { + return nil, false + } + if st.Field(0).Type() == scope.Lookup("RR_Header").Type() { + return st, false + } + if st.Field(0).Anonymous() { + st, _ := getTypeStruct(st.Field(0).Type(), scope) + return st, true + } + return nil, false +} + +func main() { + // Import and type-check the package + pkg, err := importer.Default().Import("github.com/miekg/dns") + fatalIfErr(err) + scope := pkg.Scope() + + var domainTypes []string // Types that have a domain name in them (either compressible or not). + var cdomainTypes []string // Types that have a compressible domain name in them (subset of domainType) +Names: + for _, name := range scope.Names() { + o := scope.Lookup(name) + if o == nil || !o.Exported() { + continue + } + st, _ := getTypeStruct(o.Type(), scope) + if st == nil { + continue + } + if name == "PrivateRR" { + continue + } + + if scope.Lookup("Type"+o.Name()) == nil && o.Name() != "RFC3597" { + log.Fatalf("Constant Type%s does not exist.", o.Name()) + } + + for i := 1; i < st.NumFields(); i++ { + if _, ok := st.Field(i).Type().(*types.Slice); ok { + if st.Tag(i) == `dns:"domain-name"` { + domainTypes = append(domainTypes, o.Name()) + continue Names + } + if st.Tag(i) == `dns:"cdomain-name"` { + cdomainTypes = append(cdomainTypes, o.Name()) + domainTypes = append(domainTypes, o.Name()) + continue Names + } + continue + } + + switch { + case st.Tag(i) == `dns:"domain-name"`: + domainTypes = append(domainTypes, o.Name()) + continue Names + case st.Tag(i) == `dns:"cdomain-name"`: + cdomainTypes = append(cdomainTypes, o.Name()) + domainTypes = append(domainTypes, o.Name()) + continue Names + } + } + } + + b := &bytes.Buffer{} + b.WriteString(packageHdr) + + // compressionLenHelperType - all types that have domain-name/cdomain-name can be used for compressing names + + fmt.Fprint(b, "func compressionLenHelperType(c map[string]int, r RR) {\n") + fmt.Fprint(b, "switch x := r.(type) {\n") + for _, name := range domainTypes { + o := scope.Lookup(name) + st, _ := getTypeStruct(o.Type(), scope) + + fmt.Fprintf(b, "case *%s:\n", name) + for i := 1; i < st.NumFields(); i++ { + out := func(s string) { fmt.Fprintf(b, "compressionLenHelper(c, x.%s)\n", st.Field(i).Name()) } + + if _, ok := st.Field(i).Type().(*types.Slice); ok { + switch st.Tag(i) { + case `dns:"domain-name"`: + fallthrough + case `dns:"cdomain-name"`: + // For HIP we need to slice over the elements in this slice. + fmt.Fprintf(b, `for i := range x.%s { + compressionLenHelper(c, x.%s[i]) + } +`, st.Field(i).Name(), st.Field(i).Name()) + } + continue + } + + switch { + case st.Tag(i) == `dns:"cdomain-name"`: + fallthrough + case st.Tag(i) == `dns:"domain-name"`: + out(st.Field(i).Name()) + } + } + } + fmt.Fprintln(b, "}\n}\n\n") + + // compressionLenSearchType - search cdomain-tags types for compressible names. + + fmt.Fprint(b, "func compressionLenSearchType(c map[string]int, r RR) (int, bool) {\n") + fmt.Fprint(b, "switch x := r.(type) {\n") + for _, name := range cdomainTypes { + o := scope.Lookup(name) + st, _ := getTypeStruct(o.Type(), scope) + + fmt.Fprintf(b, "case *%s:\n", name) + j := 1 + for i := 1; i < st.NumFields(); i++ { + out := func(s string, j int) { + fmt.Fprintf(b, "k%d, ok%d := compressionLenSearch(c, x.%s)\n", j, j, st.Field(i).Name()) + } + + // There are no slice types with names that can be compressed. + + switch { + case st.Tag(i) == `dns:"cdomain-name"`: + out(st.Field(i).Name(), j) + j++ + } + } + k := "k1" + ok := "ok1" + for i := 2; i < j; i++ { + k += fmt.Sprintf(" + k%d", i) + ok += fmt.Sprintf(" && ok%d", i) + } + fmt.Fprintf(b, "return %s, %s\n", k, ok) + } + fmt.Fprintln(b, "}\nreturn 0, false\n}\n\n") + + // gofmt + res, err := format.Source(b.Bytes()) + if err != nil { + b.WriteTo(os.Stderr) + log.Fatal(err) + } + + f, err := os.Create("zcompress.go") + fatalIfErr(err) + defer f.Close() + f.Write(res) +} + +func fatalIfErr(err error) { + if err != nil { + log.Fatal(err) + } +} diff --git a/vendor/github.com/miekg/dns/dane.go b/vendor/github.com/miekg/dns/dane.go new file mode 100644 index 0000000..8c4a14e --- /dev/null +++ b/vendor/github.com/miekg/dns/dane.go @@ -0,0 +1,43 @@ +package dns + +import ( + "crypto/sha256" + "crypto/sha512" + "crypto/x509" + "encoding/hex" + "errors" +) + +// CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records. +func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error) { + switch matchingType { + case 0: + switch selector { + case 0: + return hex.EncodeToString(cert.Raw), nil + case 1: + return hex.EncodeToString(cert.RawSubjectPublicKeyInfo), nil + } + case 1: + h := sha256.New() + switch selector { + case 0: + h.Write(cert.Raw) + return hex.EncodeToString(h.Sum(nil)), nil + case 1: + h.Write(cert.RawSubjectPublicKeyInfo) + return hex.EncodeToString(h.Sum(nil)), nil + } + case 2: + h := sha512.New() + switch selector { + case 0: + h.Write(cert.Raw) + return hex.EncodeToString(h.Sum(nil)), nil + case 1: + h.Write(cert.RawSubjectPublicKeyInfo) + return hex.EncodeToString(h.Sum(nil)), nil + } + } + return "", errors.New("dns: bad MatchingType or Selector") +} diff --git a/vendor/github.com/miekg/dns/defaults.go b/vendor/github.com/miekg/dns/defaults.go new file mode 100644 index 0000000..c34890e --- /dev/null +++ b/vendor/github.com/miekg/dns/defaults.go @@ -0,0 +1,285 @@ +package dns + +import ( + "errors" + "net" + "strconv" +) + +const hexDigit = "0123456789abcdef" + +// Everything is assumed in ClassINET. + +// SetReply creates a reply message from a request message. +func (dns *Msg) SetReply(request *Msg) *Msg { + dns.Id = request.Id + dns.Response = true + dns.Opcode = request.Opcode + if dns.Opcode == OpcodeQuery { + dns.RecursionDesired = request.RecursionDesired // Copy rd bit + dns.CheckingDisabled = request.CheckingDisabled // Copy cd bit + } + dns.Rcode = RcodeSuccess + if len(request.Question) > 0 { + dns.Question = make([]Question, 1) + dns.Question[0] = request.Question[0] + } + return dns +} + +// SetQuestion creates a question message, it sets the Question +// section, generates an Id and sets the RecursionDesired (RD) +// bit to true. +func (dns *Msg) SetQuestion(z string, t uint16) *Msg { + dns.Id = Id() + dns.RecursionDesired = true + dns.Question = make([]Question, 1) + dns.Question[0] = Question{z, t, ClassINET} + return dns +} + +// SetNotify creates a notify message, it sets the Question +// section, generates an Id and sets the Authoritative (AA) +// bit to true. +func (dns *Msg) SetNotify(z string) *Msg { + dns.Opcode = OpcodeNotify + dns.Authoritative = true + dns.Id = Id() + dns.Question = make([]Question, 1) + dns.Question[0] = Question{z, TypeSOA, ClassINET} + return dns +} + +// SetRcode creates an error message suitable for the request. +func (dns *Msg) SetRcode(request *Msg, rcode int) *Msg { + dns.SetReply(request) + dns.Rcode = rcode + return dns +} + +// SetRcodeFormatError creates a message with FormError set. +func (dns *Msg) SetRcodeFormatError(request *Msg) *Msg { + dns.Rcode = RcodeFormatError + dns.Opcode = OpcodeQuery + dns.Response = true + dns.Authoritative = false + dns.Id = request.Id + return dns +} + +// SetUpdate makes the message a dynamic update message. It +// sets the ZONE section to: z, TypeSOA, ClassINET. +func (dns *Msg) SetUpdate(z string) *Msg { + dns.Id = Id() + dns.Response = false + dns.Opcode = OpcodeUpdate + dns.Compress = false // BIND9 cannot handle compression + dns.Question = make([]Question, 1) + dns.Question[0] = Question{z, TypeSOA, ClassINET} + return dns +} + +// SetIxfr creates message for requesting an IXFR. +func (dns *Msg) SetIxfr(z string, serial uint32, ns, mbox string) *Msg { + dns.Id = Id() + dns.Question = make([]Question, 1) + dns.Ns = make([]RR, 1) + s := new(SOA) + s.Hdr = RR_Header{z, TypeSOA, ClassINET, defaultTtl, 0} + s.Serial = serial + s.Ns = ns + s.Mbox = mbox + dns.Question[0] = Question{z, TypeIXFR, ClassINET} + dns.Ns[0] = s + return dns +} + +// SetAxfr creates message for requesting an AXFR. +func (dns *Msg) SetAxfr(z string) *Msg { + dns.Id = Id() + dns.Question = make([]Question, 1) + dns.Question[0] = Question{z, TypeAXFR, ClassINET} + return dns +} + +// SetTsig appends a TSIG RR to the message. +// This is only a skeleton TSIG RR that is added as the last RR in the +// additional section. The Tsig is calculated when the message is being send. +func (dns *Msg) SetTsig(z, algo string, fudge uint16, timesigned int64) *Msg { + t := new(TSIG) + t.Hdr = RR_Header{z, TypeTSIG, ClassANY, 0, 0} + t.Algorithm = algo + t.Fudge = fudge + t.TimeSigned = uint64(timesigned) + t.OrigId = dns.Id + dns.Extra = append(dns.Extra, t) + return dns +} + +// SetEdns0 appends a EDNS0 OPT RR to the message. +// TSIG should always the last RR in a message. +func (dns *Msg) SetEdns0(udpsize uint16, do bool) *Msg { + e := new(OPT) + e.Hdr.Name = "." + e.Hdr.Rrtype = TypeOPT + e.SetUDPSize(udpsize) + if do { + e.SetDo() + } + dns.Extra = append(dns.Extra, e) + return dns +} + +// IsTsig checks if the message has a TSIG record as the last record +// in the additional section. It returns the TSIG record found or nil. +func (dns *Msg) IsTsig() *TSIG { + if len(dns.Extra) > 0 { + if dns.Extra[len(dns.Extra)-1].Header().Rrtype == TypeTSIG { + return dns.Extra[len(dns.Extra)-1].(*TSIG) + } + } + return nil +} + +// IsEdns0 checks if the message has a EDNS0 (OPT) record, any EDNS0 +// record in the additional section will do. It returns the OPT record +// found or nil. +func (dns *Msg) IsEdns0() *OPT { + // EDNS0 is at the end of the additional section, start there. + // We might want to change this to *only* look at the last two + // records. So we see TSIG and/or OPT - this a slightly bigger + // change though. + for i := len(dns.Extra) - 1; i >= 0; i-- { + if dns.Extra[i].Header().Rrtype == TypeOPT { + return dns.Extra[i].(*OPT) + } + } + return nil +} + +// IsDomainName checks if s is a valid domain name, it returns the number of +// labels and true, when a domain name is valid. Note that non fully qualified +// domain name is considered valid, in this case the last label is counted in +// the number of labels. When false is returned the number of labels is not +// defined. Also note that this function is extremely liberal; almost any +// string is a valid domain name as the DNS is 8 bit protocol. It checks if each +// label fits in 63 characters, but there is no length check for the entire +// string s. I.e. a domain name longer than 255 characters is considered valid. +func IsDomainName(s string) (labels int, ok bool) { + _, labels, err := packDomainName(s, nil, 0, nil, false) + return labels, err == nil +} + +// IsSubDomain checks if child is indeed a child of the parent. If child and parent +// are the same domain true is returned as well. +func IsSubDomain(parent, child string) bool { + // Entire child is contained in parent + return CompareDomainName(parent, child) == CountLabel(parent) +} + +// IsMsg sanity checks buf and returns an error if it isn't a valid DNS packet. +// The checking is performed on the binary payload. +func IsMsg(buf []byte) error { + // Header + if len(buf) < 12 { + return errors.New("dns: bad message header") + } + // Header: Opcode + // TODO(miek): more checks here, e.g. check all header bits. + return nil +} + +// IsFqdn checks if a domain name is fully qualified. +func IsFqdn(s string) bool { + l := len(s) + if l == 0 { + return false + } + return s[l-1] == '.' +} + +// IsRRset checks if a set of RRs is a valid RRset as defined by RFC 2181. +// This means the RRs need to have the same type, name, and class. Returns true +// if the RR set is valid, otherwise false. +func IsRRset(rrset []RR) bool { + if len(rrset) == 0 { + return false + } + if len(rrset) == 1 { + return true + } + rrHeader := rrset[0].Header() + rrType := rrHeader.Rrtype + rrClass := rrHeader.Class + rrName := rrHeader.Name + + for _, rr := range rrset[1:] { + curRRHeader := rr.Header() + if curRRHeader.Rrtype != rrType || curRRHeader.Class != rrClass || curRRHeader.Name != rrName { + // Mismatch between the records, so this is not a valid rrset for + //signing/verifying + return false + } + } + + return true +} + +// Fqdn return the fully qualified domain name from s. +// If s is already fully qualified, it behaves as the identity function. +func Fqdn(s string) string { + if IsFqdn(s) { + return s + } + return s + "." +} + +// Copied from the official Go code. + +// ReverseAddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP +// address suitable for reverse DNS (PTR) record lookups or an error if it fails +// to parse the IP address. +func ReverseAddr(addr string) (arpa string, err error) { + ip := net.ParseIP(addr) + if ip == nil { + return "", &Error{err: "unrecognized address: " + addr} + } + if ip.To4() != nil { + return strconv.Itoa(int(ip[15])) + "." + strconv.Itoa(int(ip[14])) + "." + strconv.Itoa(int(ip[13])) + "." + + strconv.Itoa(int(ip[12])) + ".in-addr.arpa.", nil + } + // Must be IPv6 + buf := make([]byte, 0, len(ip)*4+len("ip6.arpa.")) + // Add it, in reverse, to the buffer + for i := len(ip) - 1; i >= 0; i-- { + v := ip[i] + buf = append(buf, hexDigit[v&0xF]) + buf = append(buf, '.') + buf = append(buf, hexDigit[v>>4]) + buf = append(buf, '.') + } + // Append "ip6.arpa." and return (buf already has the final .) + buf = append(buf, "ip6.arpa."...) + return string(buf), nil +} + +// String returns the string representation for the type t. +func (t Type) String() string { + if t1, ok := TypeToString[uint16(t)]; ok { + return t1 + } + return "TYPE" + strconv.Itoa(int(t)) +} + +// String returns the string representation for the class c. +func (c Class) String() string { + if c1, ok := ClassToString[uint16(c)]; ok { + return c1 + } + return "CLASS" + strconv.Itoa(int(c)) +} + +// String returns the string representation for the name n. +func (n Name) String() string { + return sprintName(string(n)) +} diff --git a/vendor/github.com/miekg/dns/dns.go b/vendor/github.com/miekg/dns/dns.go new file mode 100644 index 0000000..5133eac --- /dev/null +++ b/vendor/github.com/miekg/dns/dns.go @@ -0,0 +1,107 @@ +package dns + +import "strconv" + +const ( + year68 = 1 << 31 // For RFC1982 (Serial Arithmetic) calculations in 32 bits. + defaultTtl = 3600 // Default internal TTL. + + // DefaultMsgSize is the standard default for messages larger than 512 bytes. + DefaultMsgSize = 4096 + // MinMsgSize is the minimal size of a DNS packet. + MinMsgSize = 512 + // MaxMsgSize is the largest possible DNS packet. + MaxMsgSize = 65535 +) + +// Error represents a DNS error. +type Error struct{ err string } + +func (e *Error) Error() string { + if e == nil { + return "dns: " + } + return "dns: " + e.err +} + +// An RR represents a resource record. +type RR interface { + // Header returns the header of an resource record. The header contains + // everything up to the rdata. + Header() *RR_Header + // String returns the text representation of the resource record. + String() string + + // copy returns a copy of the RR + copy() RR + // len returns the length (in octets) of the uncompressed RR in wire format. + len() int + // pack packs an RR into wire format. + pack([]byte, int, map[string]int, bool) (int, error) +} + +// RR_Header is the header all DNS resource records share. +type RR_Header struct { + Name string `dns:"cdomain-name"` + Rrtype uint16 + Class uint16 + Ttl uint32 + Rdlength uint16 // Length of data after header. +} + +// Header returns itself. This is here to make RR_Header implements the RR interface. +func (h *RR_Header) Header() *RR_Header { return h } + +// Just to implement the RR interface. +func (h *RR_Header) copy() RR { return nil } + +func (h *RR_Header) copyHeader() *RR_Header { + r := new(RR_Header) + r.Name = h.Name + r.Rrtype = h.Rrtype + r.Class = h.Class + r.Ttl = h.Ttl + r.Rdlength = h.Rdlength + return r +} + +func (h *RR_Header) String() string { + var s string + + if h.Rrtype == TypeOPT { + s = ";" + // and maybe other things + } + + s += sprintName(h.Name) + "\t" + s += strconv.FormatInt(int64(h.Ttl), 10) + "\t" + s += Class(h.Class).String() + "\t" + s += Type(h.Rrtype).String() + "\t" + return s +} + +func (h *RR_Header) len() int { + l := len(h.Name) + 1 + l += 10 // rrtype(2) + class(2) + ttl(4) + rdlength(2) + return l +} + +// ToRFC3597 converts a known RR to the unknown RR representation from RFC 3597. +func (rr *RFC3597) ToRFC3597(r RR) error { + buf := make([]byte, r.len()*2) + off, err := PackRR(r, buf, 0, nil, false) + if err != nil { + return err + } + buf = buf[:off] + if int(r.Header().Rdlength) > off { + return ErrBuf + } + + rfc3597, _, err := unpackRFC3597(*r.Header(), buf, off-int(r.Header().Rdlength)) + if err != nil { + return err + } + *rr = *rfc3597.(*RFC3597) + return nil +} diff --git a/vendor/github.com/miekg/dns/dnssec.go b/vendor/github.com/miekg/dns/dnssec.go new file mode 100644 index 0000000..08715ff --- /dev/null +++ b/vendor/github.com/miekg/dns/dnssec.go @@ -0,0 +1,736 @@ +package dns + +import ( + "bytes" + "crypto" + "crypto/dsa" + "crypto/ecdsa" + "crypto/elliptic" + _ "crypto/md5" + "crypto/rand" + "crypto/rsa" + _ "crypto/sha1" + _ "crypto/sha256" + _ "crypto/sha512" + "encoding/asn1" + "encoding/binary" + "encoding/hex" + "math/big" + "sort" + "strings" + "time" +) + +// DNSSEC encryption algorithm codes. +const ( + _ uint8 = iota + RSAMD5 + DH + DSA + _ // Skip 4, RFC 6725, section 2.1 + RSASHA1 + DSANSEC3SHA1 + RSASHA1NSEC3SHA1 + RSASHA256 + _ // Skip 9, RFC 6725, section 2.1 + RSASHA512 + _ // Skip 11, RFC 6725, section 2.1 + ECCGOST + ECDSAP256SHA256 + ECDSAP384SHA384 + INDIRECT uint8 = 252 + PRIVATEDNS uint8 = 253 // Private (experimental keys) + PRIVATEOID uint8 = 254 +) + +// AlgorithmToString is a map of algorithm IDs to algorithm names. +var AlgorithmToString = map[uint8]string{ + RSAMD5: "RSAMD5", + DH: "DH", + DSA: "DSA", + RSASHA1: "RSASHA1", + DSANSEC3SHA1: "DSA-NSEC3-SHA1", + RSASHA1NSEC3SHA1: "RSASHA1-NSEC3-SHA1", + RSASHA256: "RSASHA256", + RSASHA512: "RSASHA512", + ECCGOST: "ECC-GOST", + ECDSAP256SHA256: "ECDSAP256SHA256", + ECDSAP384SHA384: "ECDSAP384SHA384", + INDIRECT: "INDIRECT", + PRIVATEDNS: "PRIVATEDNS", + PRIVATEOID: "PRIVATEOID", +} + +// StringToAlgorithm is the reverse of AlgorithmToString. +var StringToAlgorithm = reverseInt8(AlgorithmToString) + +// AlgorithmToHash is a map of algorithm crypto hash IDs to crypto.Hash's. +var AlgorithmToHash = map[uint8]crypto.Hash{ + RSAMD5: crypto.MD5, // Deprecated in RFC 6725 + RSASHA1: crypto.SHA1, + RSASHA1NSEC3SHA1: crypto.SHA1, + RSASHA256: crypto.SHA256, + ECDSAP256SHA256: crypto.SHA256, + ECDSAP384SHA384: crypto.SHA384, + RSASHA512: crypto.SHA512, +} + +// DNSSEC hashing algorithm codes. +const ( + _ uint8 = iota + SHA1 // RFC 4034 + SHA256 // RFC 4509 + GOST94 // RFC 5933 + SHA384 // Experimental + SHA512 // Experimental +) + +// HashToString is a map of hash IDs to names. +var HashToString = map[uint8]string{ + SHA1: "SHA1", + SHA256: "SHA256", + GOST94: "GOST94", + SHA384: "SHA384", + SHA512: "SHA512", +} + +// StringToHash is a map of names to hash IDs. +var StringToHash = reverseInt8(HashToString) + +// DNSKEY flag values. +const ( + SEP = 1 + REVOKE = 1 << 7 + ZONE = 1 << 8 +) + +// The RRSIG needs to be converted to wireformat with some of the rdata (the signature) missing. +type rrsigWireFmt struct { + TypeCovered uint16 + Algorithm uint8 + Labels uint8 + OrigTtl uint32 + Expiration uint32 + Inception uint32 + KeyTag uint16 + SignerName string `dns:"domain-name"` + /* No Signature */ +} + +// Used for converting DNSKEY's rdata to wirefmt. +type dnskeyWireFmt struct { + Flags uint16 + Protocol uint8 + Algorithm uint8 + PublicKey string `dns:"base64"` + /* Nothing is left out */ +} + +func divRoundUp(a, b int) int { + return (a + b - 1) / b +} + +// KeyTag calculates the keytag (or key-id) of the DNSKEY. +func (k *DNSKEY) KeyTag() uint16 { + if k == nil { + return 0 + } + var keytag int + switch k.Algorithm { + case RSAMD5: + // Look at the bottom two bytes of the modules, which the last + // item in the pubkey. We could do this faster by looking directly + // at the base64 values. But I'm lazy. + modulus, _ := fromBase64([]byte(k.PublicKey)) + if len(modulus) > 1 { + x := binary.BigEndian.Uint16(modulus[len(modulus)-2:]) + keytag = int(x) + } + default: + keywire := new(dnskeyWireFmt) + keywire.Flags = k.Flags + keywire.Protocol = k.Protocol + keywire.Algorithm = k.Algorithm + keywire.PublicKey = k.PublicKey + wire := make([]byte, DefaultMsgSize) + n, err := packKeyWire(keywire, wire) + if err != nil { + return 0 + } + wire = wire[:n] + for i, v := range wire { + if i&1 != 0 { + keytag += int(v) // must be larger than uint32 + } else { + keytag += int(v) << 8 + } + } + keytag += (keytag >> 16) & 0xFFFF + keytag &= 0xFFFF + } + return uint16(keytag) +} + +// ToDS converts a DNSKEY record to a DS record. +func (k *DNSKEY) ToDS(h uint8) *DS { + if k == nil { + return nil + } + ds := new(DS) + ds.Hdr.Name = k.Hdr.Name + ds.Hdr.Class = k.Hdr.Class + ds.Hdr.Rrtype = TypeDS + ds.Hdr.Ttl = k.Hdr.Ttl + ds.Algorithm = k.Algorithm + ds.DigestType = h + ds.KeyTag = k.KeyTag() + + keywire := new(dnskeyWireFmt) + keywire.Flags = k.Flags + keywire.Protocol = k.Protocol + keywire.Algorithm = k.Algorithm + keywire.PublicKey = k.PublicKey + wire := make([]byte, DefaultMsgSize) + n, err := packKeyWire(keywire, wire) + if err != nil { + return nil + } + wire = wire[:n] + + owner := make([]byte, 255) + off, err1 := PackDomainName(strings.ToLower(k.Hdr.Name), owner, 0, nil, false) + if err1 != nil { + return nil + } + owner = owner[:off] + // RFC4034: + // digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); + // "|" denotes concatenation + // DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. + + var hash crypto.Hash + switch h { + case SHA1: + hash = crypto.SHA1 + case SHA256: + hash = crypto.SHA256 + case SHA384: + hash = crypto.SHA384 + case SHA512: + hash = crypto.SHA512 + default: + return nil + } + + s := hash.New() + s.Write(owner) + s.Write(wire) + ds.Digest = hex.EncodeToString(s.Sum(nil)) + return ds +} + +// ToCDNSKEY converts a DNSKEY record to a CDNSKEY record. +func (k *DNSKEY) ToCDNSKEY() *CDNSKEY { + c := &CDNSKEY{DNSKEY: *k} + c.Hdr = *k.Hdr.copyHeader() + c.Hdr.Rrtype = TypeCDNSKEY + return c +} + +// ToCDS converts a DS record to a CDS record. +func (d *DS) ToCDS() *CDS { + c := &CDS{DS: *d} + c.Hdr = *d.Hdr.copyHeader() + c.Hdr.Rrtype = TypeCDS + return c +} + +// Sign signs an RRSet. The signature needs to be filled in with the values: +// Inception, Expiration, KeyTag, SignerName and Algorithm. The rest is copied +// from the RRset. Sign returns a non-nill error when the signing went OK. +// There is no check if RRSet is a proper (RFC 2181) RRSet. If OrigTTL is non +// zero, it is used as-is, otherwise the TTL of the RRset is used as the +// OrigTTL. +func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error { + if k == nil { + return ErrPrivKey + } + // s.Inception and s.Expiration may be 0 (rollover etc.), the rest must be set + if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 { + return ErrKey + } + + rr.Hdr.Rrtype = TypeRRSIG + rr.Hdr.Name = rrset[0].Header().Name + rr.Hdr.Class = rrset[0].Header().Class + if rr.OrigTtl == 0 { // If set don't override + rr.OrigTtl = rrset[0].Header().Ttl + } + rr.TypeCovered = rrset[0].Header().Rrtype + rr.Labels = uint8(CountLabel(rrset[0].Header().Name)) + + if strings.HasPrefix(rrset[0].Header().Name, "*") { + rr.Labels-- // wildcard, remove from label count + } + + sigwire := new(rrsigWireFmt) + sigwire.TypeCovered = rr.TypeCovered + sigwire.Algorithm = rr.Algorithm + sigwire.Labels = rr.Labels + sigwire.OrigTtl = rr.OrigTtl + sigwire.Expiration = rr.Expiration + sigwire.Inception = rr.Inception + sigwire.KeyTag = rr.KeyTag + // For signing, lowercase this name + sigwire.SignerName = strings.ToLower(rr.SignerName) + + // Create the desired binary blob + signdata := make([]byte, DefaultMsgSize) + n, err := packSigWire(sigwire, signdata) + if err != nil { + return err + } + signdata = signdata[:n] + wire, err := rawSignatureData(rrset, rr) + if err != nil { + return err + } + + hash, ok := AlgorithmToHash[rr.Algorithm] + if !ok { + return ErrAlg + } + + h := hash.New() + h.Write(signdata) + h.Write(wire) + + signature, err := sign(k, h.Sum(nil), hash, rr.Algorithm) + if err != nil { + return err + } + + rr.Signature = toBase64(signature) + + return nil +} + +func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, error) { + signature, err := k.Sign(rand.Reader, hashed, hash) + if err != nil { + return nil, err + } + + switch alg { + case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512: + return signature, nil + + case ECDSAP256SHA256, ECDSAP384SHA384: + ecdsaSignature := &struct { + R, S *big.Int + }{} + if _, err := asn1.Unmarshal(signature, ecdsaSignature); err != nil { + return nil, err + } + + var intlen int + switch alg { + case ECDSAP256SHA256: + intlen = 32 + case ECDSAP384SHA384: + intlen = 48 + } + + signature := intToBytes(ecdsaSignature.R, intlen) + signature = append(signature, intToBytes(ecdsaSignature.S, intlen)...) + return signature, nil + + // There is no defined interface for what a DSA backed crypto.Signer returns + case DSA, DSANSEC3SHA1: + // t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8) + // signature := []byte{byte(t)} + // signature = append(signature, intToBytes(r1, 20)...) + // signature = append(signature, intToBytes(s1, 20)...) + // rr.Signature = signature + } + + return nil, ErrAlg +} + +// Verify validates an RRSet with the signature and key. This is only the +// cryptographic test, the signature validity period must be checked separately. +// This function copies the rdata of some RRs (to lowercase domain names) for the validation to work. +func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error { + // First the easy checks + if !IsRRset(rrset) { + return ErrRRset + } + if rr.KeyTag != k.KeyTag() { + return ErrKey + } + if rr.Hdr.Class != k.Hdr.Class { + return ErrKey + } + if rr.Algorithm != k.Algorithm { + return ErrKey + } + if strings.ToLower(rr.SignerName) != strings.ToLower(k.Hdr.Name) { + return ErrKey + } + if k.Protocol != 3 { + return ErrKey + } + + // IsRRset checked that we have at least one RR and that the RRs in + // the set have consistent type, class, and name. Also check that type and + // class matches the RRSIG record. + if rrset[0].Header().Class != rr.Hdr.Class { + return ErrRRset + } + if rrset[0].Header().Rrtype != rr.TypeCovered { + return ErrRRset + } + + // RFC 4035 5.3.2. Reconstructing the Signed Data + // Copy the sig, except the rrsig data + sigwire := new(rrsigWireFmt) + sigwire.TypeCovered = rr.TypeCovered + sigwire.Algorithm = rr.Algorithm + sigwire.Labels = rr.Labels + sigwire.OrigTtl = rr.OrigTtl + sigwire.Expiration = rr.Expiration + sigwire.Inception = rr.Inception + sigwire.KeyTag = rr.KeyTag + sigwire.SignerName = strings.ToLower(rr.SignerName) + // Create the desired binary blob + signeddata := make([]byte, DefaultMsgSize) + n, err := packSigWire(sigwire, signeddata) + if err != nil { + return err + } + signeddata = signeddata[:n] + wire, err := rawSignatureData(rrset, rr) + if err != nil { + return err + } + + sigbuf := rr.sigBuf() // Get the binary signature data + if rr.Algorithm == PRIVATEDNS { // PRIVATEOID + // TODO(miek) + // remove the domain name and assume its ours? + } + + hash, ok := AlgorithmToHash[rr.Algorithm] + if !ok { + return ErrAlg + } + + switch rr.Algorithm { + case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512, RSAMD5: + // TODO(mg): this can be done quicker, ie. cache the pubkey data somewhere?? + pubkey := k.publicKeyRSA() // Get the key + if pubkey == nil { + return ErrKey + } + + h := hash.New() + h.Write(signeddata) + h.Write(wire) + return rsa.VerifyPKCS1v15(pubkey, hash, h.Sum(nil), sigbuf) + + case ECDSAP256SHA256, ECDSAP384SHA384: + pubkey := k.publicKeyECDSA() + if pubkey == nil { + return ErrKey + } + + // Split sigbuf into the r and s coordinates + r := new(big.Int).SetBytes(sigbuf[:len(sigbuf)/2]) + s := new(big.Int).SetBytes(sigbuf[len(sigbuf)/2:]) + + h := hash.New() + h.Write(signeddata) + h.Write(wire) + if ecdsa.Verify(pubkey, h.Sum(nil), r, s) { + return nil + } + return ErrSig + + default: + return ErrAlg + } +} + +// ValidityPeriod uses RFC1982 serial arithmetic to calculate +// if a signature period is valid. If t is the zero time, the +// current time is taken other t is. Returns true if the signature +// is valid at the given time, otherwise returns false. +func (rr *RRSIG) ValidityPeriod(t time.Time) bool { + var utc int64 + if t.IsZero() { + utc = time.Now().UTC().Unix() + } else { + utc = t.UTC().Unix() + } + modi := (int64(rr.Inception) - utc) / year68 + mode := (int64(rr.Expiration) - utc) / year68 + ti := int64(rr.Inception) + (modi * year68) + te := int64(rr.Expiration) + (mode * year68) + return ti <= utc && utc <= te +} + +// Return the signatures base64 encodedig sigdata as a byte slice. +func (rr *RRSIG) sigBuf() []byte { + sigbuf, err := fromBase64([]byte(rr.Signature)) + if err != nil { + return nil + } + return sigbuf +} + +// publicKeyRSA returns the RSA public key from a DNSKEY record. +func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey { + keybuf, err := fromBase64([]byte(k.PublicKey)) + if err != nil { + return nil + } + + // RFC 2537/3110, section 2. RSA Public KEY Resource Records + // Length is in the 0th byte, unless its zero, then it + // it in bytes 1 and 2 and its a 16 bit number + explen := uint16(keybuf[0]) + keyoff := 1 + if explen == 0 { + explen = uint16(keybuf[1])<<8 | uint16(keybuf[2]) + keyoff = 3 + } + pubkey := new(rsa.PublicKey) + + pubkey.N = big.NewInt(0) + shift := uint64((explen - 1) * 8) + expo := uint64(0) + for i := int(explen - 1); i > 0; i-- { + expo += uint64(keybuf[keyoff+i]) << shift + shift -= 8 + } + // Remainder + expo += uint64(keybuf[keyoff]) + if expo > (2<<31)+1 { + // Larger expo than supported. + // println("dns: F5 primes (or larger) are not supported") + return nil + } + pubkey.E = int(expo) + + pubkey.N.SetBytes(keybuf[keyoff+int(explen):]) + return pubkey +} + +// publicKeyECDSA returns the Curve public key from the DNSKEY record. +func (k *DNSKEY) publicKeyECDSA() *ecdsa.PublicKey { + keybuf, err := fromBase64([]byte(k.PublicKey)) + if err != nil { + return nil + } + pubkey := new(ecdsa.PublicKey) + switch k.Algorithm { + case ECDSAP256SHA256: + pubkey.Curve = elliptic.P256() + if len(keybuf) != 64 { + // wrongly encoded key + return nil + } + case ECDSAP384SHA384: + pubkey.Curve = elliptic.P384() + if len(keybuf) != 96 { + // Wrongly encoded key + return nil + } + } + pubkey.X = big.NewInt(0) + pubkey.X.SetBytes(keybuf[:len(keybuf)/2]) + pubkey.Y = big.NewInt(0) + pubkey.Y.SetBytes(keybuf[len(keybuf)/2:]) + return pubkey +} + +func (k *DNSKEY) publicKeyDSA() *dsa.PublicKey { + keybuf, err := fromBase64([]byte(k.PublicKey)) + if err != nil { + return nil + } + if len(keybuf) < 22 { + return nil + } + t, keybuf := int(keybuf[0]), keybuf[1:] + size := 64 + t*8 + q, keybuf := keybuf[:20], keybuf[20:] + if len(keybuf) != 3*size { + return nil + } + p, keybuf := keybuf[:size], keybuf[size:] + g, y := keybuf[:size], keybuf[size:] + pubkey := new(dsa.PublicKey) + pubkey.Parameters.Q = big.NewInt(0).SetBytes(q) + pubkey.Parameters.P = big.NewInt(0).SetBytes(p) + pubkey.Parameters.G = big.NewInt(0).SetBytes(g) + pubkey.Y = big.NewInt(0).SetBytes(y) + return pubkey +} + +type wireSlice [][]byte + +func (p wireSlice) Len() int { return len(p) } +func (p wireSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] } +func (p wireSlice) Less(i, j int) bool { + _, ioff, _ := UnpackDomainName(p[i], 0) + _, joff, _ := UnpackDomainName(p[j], 0) + return bytes.Compare(p[i][ioff+10:], p[j][joff+10:]) < 0 +} + +// Return the raw signature data. +func rawSignatureData(rrset []RR, s *RRSIG) (buf []byte, err error) { + wires := make(wireSlice, len(rrset)) + for i, r := range rrset { + r1 := r.copy() + r1.Header().Ttl = s.OrigTtl + labels := SplitDomainName(r1.Header().Name) + // 6.2. Canonical RR Form. (4) - wildcards + if len(labels) > int(s.Labels) { + // Wildcard + r1.Header().Name = "*." + strings.Join(labels[len(labels)-int(s.Labels):], ".") + "." + } + // RFC 4034: 6.2. Canonical RR Form. (2) - domain name to lowercase + r1.Header().Name = strings.ToLower(r1.Header().Name) + // 6.2. Canonical RR Form. (3) - domain rdata to lowercase. + // NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR, + // HINFO, MINFO, MX, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, + // SRV, DNAME, A6 + // + // RFC 6840 - Clarifications and Implementation Notes for DNS Security (DNSSEC): + // Section 6.2 of [RFC4034] also erroneously lists HINFO as a record + // that needs conversion to lowercase, and twice at that. Since HINFO + // records contain no domain names, they are not subject to case + // conversion. + switch x := r1.(type) { + case *NS: + x.Ns = strings.ToLower(x.Ns) + case *MD: + x.Md = strings.ToLower(x.Md) + case *MF: + x.Mf = strings.ToLower(x.Mf) + case *CNAME: + x.Target = strings.ToLower(x.Target) + case *SOA: + x.Ns = strings.ToLower(x.Ns) + x.Mbox = strings.ToLower(x.Mbox) + case *MB: + x.Mb = strings.ToLower(x.Mb) + case *MG: + x.Mg = strings.ToLower(x.Mg) + case *MR: + x.Mr = strings.ToLower(x.Mr) + case *PTR: + x.Ptr = strings.ToLower(x.Ptr) + case *MINFO: + x.Rmail = strings.ToLower(x.Rmail) + x.Email = strings.ToLower(x.Email) + case *MX: + x.Mx = strings.ToLower(x.Mx) + case *RP: + x.Mbox = strings.ToLower(x.Mbox) + x.Txt = strings.ToLower(x.Txt) + case *AFSDB: + x.Hostname = strings.ToLower(x.Hostname) + case *RT: + x.Host = strings.ToLower(x.Host) + case *SIG: + x.SignerName = strings.ToLower(x.SignerName) + case *PX: + x.Map822 = strings.ToLower(x.Map822) + x.Mapx400 = strings.ToLower(x.Mapx400) + case *NAPTR: + x.Replacement = strings.ToLower(x.Replacement) + case *KX: + x.Exchanger = strings.ToLower(x.Exchanger) + case *SRV: + x.Target = strings.ToLower(x.Target) + case *DNAME: + x.Target = strings.ToLower(x.Target) + } + // 6.2. Canonical RR Form. (5) - origTTL + wire := make([]byte, r1.len()+1) // +1 to be safe(r) + off, err1 := PackRR(r1, wire, 0, nil, false) + if err1 != nil { + return nil, err1 + } + wire = wire[:off] + wires[i] = wire + } + sort.Sort(wires) + for i, wire := range wires { + if i > 0 && bytes.Equal(wire, wires[i-1]) { + continue + } + buf = append(buf, wire...) + } + return buf, nil +} + +func packSigWire(sw *rrsigWireFmt, msg []byte) (int, error) { + // copied from zmsg.go RRSIG packing + off, err := packUint16(sw.TypeCovered, msg, 0) + if err != nil { + return off, err + } + off, err = packUint8(sw.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(sw.Labels, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(sw.OrigTtl, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(sw.Expiration, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(sw.Inception, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(sw.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(sw.SignerName, msg, off, nil, false) + if err != nil { + return off, err + } + return off, nil +} + +func packKeyWire(dw *dnskeyWireFmt, msg []byte) (int, error) { + // copied from zmsg.go DNSKEY packing + off, err := packUint16(dw.Flags, msg, 0) + if err != nil { + return off, err + } + off, err = packUint8(dw.Protocol, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(dw.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(dw.PublicKey, msg, off) + if err != nil { + return off, err + } + return off, nil +} diff --git a/vendor/github.com/miekg/dns/dnssec_keygen.go b/vendor/github.com/miekg/dns/dnssec_keygen.go new file mode 100644 index 0000000..5e4b774 --- /dev/null +++ b/vendor/github.com/miekg/dns/dnssec_keygen.go @@ -0,0 +1,156 @@ +package dns + +import ( + "crypto" + "crypto/dsa" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "math/big" +) + +// Generate generates a DNSKEY of the given bit size. +// The public part is put inside the DNSKEY record. +// The Algorithm in the key must be set as this will define +// what kind of DNSKEY will be generated. +// The ECDSA algorithms imply a fixed keysize, in that case +// bits should be set to the size of the algorithm. +func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) { + switch k.Algorithm { + case DSA, DSANSEC3SHA1: + if bits != 1024 { + return nil, ErrKeySize + } + case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1: + if bits < 512 || bits > 4096 { + return nil, ErrKeySize + } + case RSASHA512: + if bits < 1024 || bits > 4096 { + return nil, ErrKeySize + } + case ECDSAP256SHA256: + if bits != 256 { + return nil, ErrKeySize + } + case ECDSAP384SHA384: + if bits != 384 { + return nil, ErrKeySize + } + } + + switch k.Algorithm { + case DSA, DSANSEC3SHA1: + params := new(dsa.Parameters) + if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil { + return nil, err + } + priv := new(dsa.PrivateKey) + priv.PublicKey.Parameters = *params + err := dsa.GenerateKey(priv, rand.Reader) + if err != nil { + return nil, err + } + k.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y) + return priv, nil + case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1: + priv, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + return nil, err + } + k.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N) + return priv, nil + case ECDSAP256SHA256, ECDSAP384SHA384: + var c elliptic.Curve + switch k.Algorithm { + case ECDSAP256SHA256: + c = elliptic.P256() + case ECDSAP384SHA384: + c = elliptic.P384() + } + priv, err := ecdsa.GenerateKey(c, rand.Reader) + if err != nil { + return nil, err + } + k.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y) + return priv, nil + default: + return nil, ErrAlg + } +} + +// Set the public key (the value E and N) +func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool { + if _E == 0 || _N == nil { + return false + } + buf := exponentToBuf(_E) + buf = append(buf, _N.Bytes()...) + k.PublicKey = toBase64(buf) + return true +} + +// Set the public key for Elliptic Curves +func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool { + if _X == nil || _Y == nil { + return false + } + var intlen int + switch k.Algorithm { + case ECDSAP256SHA256: + intlen = 32 + case ECDSAP384SHA384: + intlen = 48 + } + k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen)) + return true +} + +// Set the public key for DSA +func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool { + if _Q == nil || _P == nil || _G == nil || _Y == nil { + return false + } + buf := dsaToBuf(_Q, _P, _G, _Y) + k.PublicKey = toBase64(buf) + return true +} + +// Set the public key (the values E and N) for RSA +// RFC 3110: Section 2. RSA Public KEY Resource Records +func exponentToBuf(_E int) []byte { + var buf []byte + i := big.NewInt(int64(_E)).Bytes() + if len(i) < 256 { + buf = make([]byte, 1, 1+len(i)) + buf[0] = uint8(len(i)) + } else { + buf = make([]byte, 3, 3+len(i)) + buf[0] = 0 + buf[1] = uint8(len(i) >> 8) + buf[2] = uint8(len(i)) + } + buf = append(buf, i...) + return buf +} + +// Set the public key for X and Y for Curve. The two +// values are just concatenated. +func curveToBuf(_X, _Y *big.Int, intlen int) []byte { + buf := intToBytes(_X, intlen) + buf = append(buf, intToBytes(_Y, intlen)...) + return buf +} + +// Set the public key for X and Y for Curve. The two +// values are just concatenated. +func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte { + t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8) + buf := []byte{byte(t)} + buf = append(buf, intToBytes(_Q, 20)...) + buf = append(buf, intToBytes(_P, 64+t*8)...) + buf = append(buf, intToBytes(_G, 64+t*8)...) + buf = append(buf, intToBytes(_Y, 64+t*8)...) + return buf +} diff --git a/vendor/github.com/miekg/dns/dnssec_keyscan.go b/vendor/github.com/miekg/dns/dnssec_keyscan.go new file mode 100644 index 0000000..063094d --- /dev/null +++ b/vendor/github.com/miekg/dns/dnssec_keyscan.go @@ -0,0 +1,259 @@ +package dns + +import ( + "crypto" + "crypto/dsa" + "crypto/ecdsa" + "crypto/rsa" + "io" + "math/big" + "strconv" + "strings" +) + +// NewPrivateKey returns a PrivateKey by parsing the string s. +// s should be in the same form of the BIND private key files. +func (k *DNSKEY) NewPrivateKey(s string) (crypto.PrivateKey, error) { + if s == "" || s[len(s)-1] != '\n' { // We need a closing newline + return k.ReadPrivateKey(strings.NewReader(s+"\n"), "") + } + return k.ReadPrivateKey(strings.NewReader(s), "") +} + +// ReadPrivateKey reads a private key from the io.Reader q. The string file is +// only used in error reporting. +// The public key must be known, because some cryptographic algorithms embed +// the public inside the privatekey. +func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, error) { + m, err := parseKey(q, file) + if m == nil { + return nil, err + } + if _, ok := m["private-key-format"]; !ok { + return nil, ErrPrivKey + } + if m["private-key-format"] != "v1.2" && m["private-key-format"] != "v1.3" { + return nil, ErrPrivKey + } + // TODO(mg): check if the pubkey matches the private key + algo, err := strconv.ParseUint(strings.SplitN(m["algorithm"], " ", 2)[0], 10, 8) + if err != nil { + return nil, ErrPrivKey + } + switch uint8(algo) { + case DSA: + priv, err := readPrivateKeyDSA(m) + if err != nil { + return nil, err + } + pub := k.publicKeyDSA() + if pub == nil { + return nil, ErrKey + } + priv.PublicKey = *pub + return priv, nil + case RSAMD5: + fallthrough + case RSASHA1: + fallthrough + case RSASHA1NSEC3SHA1: + fallthrough + case RSASHA256: + fallthrough + case RSASHA512: + priv, err := readPrivateKeyRSA(m) + if err != nil { + return nil, err + } + pub := k.publicKeyRSA() + if pub == nil { + return nil, ErrKey + } + priv.PublicKey = *pub + return priv, nil + case ECCGOST: + return nil, ErrPrivKey + case ECDSAP256SHA256: + fallthrough + case ECDSAP384SHA384: + priv, err := readPrivateKeyECDSA(m) + if err != nil { + return nil, err + } + pub := k.publicKeyECDSA() + if pub == nil { + return nil, ErrKey + } + priv.PublicKey = *pub + return priv, nil + default: + return nil, ErrPrivKey + } +} + +// Read a private key (file) string and create a public key. Return the private key. +func readPrivateKeyRSA(m map[string]string) (*rsa.PrivateKey, error) { + p := new(rsa.PrivateKey) + p.Primes = []*big.Int{nil, nil} + for k, v := range m { + switch k { + case "modulus", "publicexponent", "privateexponent", "prime1", "prime2": + v1, err := fromBase64([]byte(v)) + if err != nil { + return nil, err + } + switch k { + case "modulus": + p.PublicKey.N = big.NewInt(0) + p.PublicKey.N.SetBytes(v1) + case "publicexponent": + i := big.NewInt(0) + i.SetBytes(v1) + p.PublicKey.E = int(i.Int64()) // int64 should be large enough + case "privateexponent": + p.D = big.NewInt(0) + p.D.SetBytes(v1) + case "prime1": + p.Primes[0] = big.NewInt(0) + p.Primes[0].SetBytes(v1) + case "prime2": + p.Primes[1] = big.NewInt(0) + p.Primes[1].SetBytes(v1) + } + case "exponent1", "exponent2", "coefficient": + // not used in Go (yet) + case "created", "publish", "activate": + // not used in Go (yet) + } + } + return p, nil +} + +func readPrivateKeyDSA(m map[string]string) (*dsa.PrivateKey, error) { + p := new(dsa.PrivateKey) + p.X = big.NewInt(0) + for k, v := range m { + switch k { + case "private_value(x)": + v1, err := fromBase64([]byte(v)) + if err != nil { + return nil, err + } + p.X.SetBytes(v1) + case "created", "publish", "activate": + /* not used in Go (yet) */ + } + } + return p, nil +} + +func readPrivateKeyECDSA(m map[string]string) (*ecdsa.PrivateKey, error) { + p := new(ecdsa.PrivateKey) + p.D = big.NewInt(0) + // TODO: validate that the required flags are present + for k, v := range m { + switch k { + case "privatekey": + v1, err := fromBase64([]byte(v)) + if err != nil { + return nil, err + } + p.D.SetBytes(v1) + case "created", "publish", "activate": + /* not used in Go (yet) */ + } + } + return p, nil +} + +// parseKey reads a private key from r. It returns a map[string]string, +// with the key-value pairs, or an error when the file is not correct. +func parseKey(r io.Reader, file string) (map[string]string, error) { + s, cancel := scanInit(r) + m := make(map[string]string) + c := make(chan lex) + k := "" + defer func() { + cancel() + // zlexer can send up to two tokens, the next one and possibly 1 remainders. + // Do a non-blocking read. + _, ok := <-c + _, ok = <-c + if !ok { + // too bad + } + }() + // Start the lexer + go klexer(s, c) + for l := range c { + // It should alternate + switch l.value { + case zKey: + k = l.token + case zValue: + if k == "" { + return nil, &ParseError{file, "no private key seen", l} + } + //println("Setting", strings.ToLower(k), "to", l.token, "b") + m[strings.ToLower(k)] = l.token + k = "" + } + } + return m, nil +} + +// klexer scans the sourcefile and returns tokens on the channel c. +func klexer(s *scan, c chan lex) { + var l lex + str := "" // Hold the current read text + commt := false + key := true + x, err := s.tokenText() + defer close(c) + for err == nil { + l.column = s.position.Column + l.line = s.position.Line + switch x { + case ':': + if commt { + break + } + l.token = str + if key { + l.value = zKey + c <- l + // Next token is a space, eat it + s.tokenText() + key = false + str = "" + } else { + l.value = zValue + } + case ';': + commt = true + case '\n': + if commt { + // Reset a comment + commt = false + } + l.value = zValue + l.token = str + c <- l + str = "" + commt = false + key = true + default: + if commt { + break + } + str += string(x) + } + x, err = s.tokenText() + } + if len(str) > 0 { + // Send remainder + l.token = str + l.value = zValue + c <- l + } +} diff --git a/vendor/github.com/miekg/dns/dnssec_privkey.go b/vendor/github.com/miekg/dns/dnssec_privkey.go new file mode 100644 index 0000000..56f3ea9 --- /dev/null +++ b/vendor/github.com/miekg/dns/dnssec_privkey.go @@ -0,0 +1,85 @@ +package dns + +import ( + "crypto" + "crypto/dsa" + "crypto/ecdsa" + "crypto/rsa" + "math/big" + "strconv" +) + +const format = "Private-key-format: v1.3\n" + +// PrivateKeyString converts a PrivateKey to a string. This string has the same +// format as the private-key-file of BIND9 (Private-key-format: v1.3). +// It needs some info from the key (the algorithm), so its a method of the DNSKEY +// It supports rsa.PrivateKey, ecdsa.PrivateKey and dsa.PrivateKey +func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string { + algorithm := strconv.Itoa(int(r.Algorithm)) + algorithm += " (" + AlgorithmToString[r.Algorithm] + ")" + + switch p := p.(type) { + case *rsa.PrivateKey: + modulus := toBase64(p.PublicKey.N.Bytes()) + e := big.NewInt(int64(p.PublicKey.E)) + publicExponent := toBase64(e.Bytes()) + privateExponent := toBase64(p.D.Bytes()) + prime1 := toBase64(p.Primes[0].Bytes()) + prime2 := toBase64(p.Primes[1].Bytes()) + // Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm + // and from: http://code.google.com/p/go/issues/detail?id=987 + one := big.NewInt(1) + p1 := big.NewInt(0).Sub(p.Primes[0], one) + q1 := big.NewInt(0).Sub(p.Primes[1], one) + exp1 := big.NewInt(0).Mod(p.D, p1) + exp2 := big.NewInt(0).Mod(p.D, q1) + coeff := big.NewInt(0).ModInverse(p.Primes[1], p.Primes[0]) + + exponent1 := toBase64(exp1.Bytes()) + exponent2 := toBase64(exp2.Bytes()) + coefficient := toBase64(coeff.Bytes()) + + return format + + "Algorithm: " + algorithm + "\n" + + "Modulus: " + modulus + "\n" + + "PublicExponent: " + publicExponent + "\n" + + "PrivateExponent: " + privateExponent + "\n" + + "Prime1: " + prime1 + "\n" + + "Prime2: " + prime2 + "\n" + + "Exponent1: " + exponent1 + "\n" + + "Exponent2: " + exponent2 + "\n" + + "Coefficient: " + coefficient + "\n" + + case *ecdsa.PrivateKey: + var intlen int + switch r.Algorithm { + case ECDSAP256SHA256: + intlen = 32 + case ECDSAP384SHA384: + intlen = 48 + } + private := toBase64(intToBytes(p.D, intlen)) + return format + + "Algorithm: " + algorithm + "\n" + + "PrivateKey: " + private + "\n" + + case *dsa.PrivateKey: + T := divRoundUp(divRoundUp(p.PublicKey.Parameters.G.BitLen(), 8)-64, 8) + prime := toBase64(intToBytes(p.PublicKey.Parameters.P, 64+T*8)) + subprime := toBase64(intToBytes(p.PublicKey.Parameters.Q, 20)) + base := toBase64(intToBytes(p.PublicKey.Parameters.G, 64+T*8)) + priv := toBase64(intToBytes(p.X, 20)) + pub := toBase64(intToBytes(p.PublicKey.Y, 64+T*8)) + return format + + "Algorithm: " + algorithm + "\n" + + "Prime(p): " + prime + "\n" + + "Subprime(q): " + subprime + "\n" + + "Base(g): " + base + "\n" + + "Private_value(x): " + priv + "\n" + + "Public_value(y): " + pub + "\n" + + default: + return "" + } +} diff --git a/vendor/github.com/miekg/dns/doc.go b/vendor/github.com/miekg/dns/doc.go new file mode 100644 index 0000000..1d81147 --- /dev/null +++ b/vendor/github.com/miekg/dns/doc.go @@ -0,0 +1,272 @@ +/* +Package dns implements a full featured interface to the Domain Name System. +Server- and client-side programming is supported. +The package allows complete control over what is sent out to the DNS. The package +API follows the less-is-more principle, by presenting a small, clean interface. + +The package dns supports (asynchronous) querying/replying, incoming/outgoing zone transfers, +TSIG, EDNS0, dynamic updates, notifies and DNSSEC validation/signing. +Note that domain names MUST be fully qualified, before sending them, unqualified +names in a message will result in a packing failure. + +Resource records are native types. They are not stored in wire format. +Basic usage pattern for creating a new resource record: + + r := new(dns.MX) + r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX, + Class: dns.ClassINET, Ttl: 3600} + r.Preference = 10 + r.Mx = "mx.miek.nl." + +Or directly from a string: + + mx, err := dns.NewRR("miek.nl. 3600 IN MX 10 mx.miek.nl.") + +Or when the default origin (.) and TTL (3600) and class (IN) suit you: + + mx, err := dns.NewRR("miek.nl MX 10 mx.miek.nl") + +Or even: + + mx, err := dns.NewRR("$ORIGIN nl.\nmiek 1H IN MX 10 mx.miek") + +In the DNS messages are exchanged, these messages contain resource +records (sets). Use pattern for creating a message: + + m := new(dns.Msg) + m.SetQuestion("miek.nl.", dns.TypeMX) + +Or when not certain if the domain name is fully qualified: + + m.SetQuestion(dns.Fqdn("miek.nl"), dns.TypeMX) + +The message m is now a message with the question section set to ask +the MX records for the miek.nl. zone. + +The following is slightly more verbose, but more flexible: + + m1 := new(dns.Msg) + m1.Id = dns.Id() + m1.RecursionDesired = true + m1.Question = make([]dns.Question, 1) + m1.Question[0] = dns.Question{"miek.nl.", dns.TypeMX, dns.ClassINET} + +After creating a message it can be sent. +Basic use pattern for synchronous querying the DNS at a +server configured on 127.0.0.1 and port 53: + + c := new(dns.Client) + in, rtt, err := c.Exchange(m1, "127.0.0.1:53") + +Suppressing multiple outstanding queries (with the same question, type and +class) is as easy as setting: + + c.SingleInflight = true + +More advanced options are available using a net.Dialer and the corresponding API. +For example it is possible to set a timeout, or to specify a source IP address +and port to use for the connection: + + c := new(dns.Client) + laddr := net.UDPAddr{ + IP: net.ParseIP("[::1]"), + Port: 12345, + Zone: "", + } + d := net.Dialer{ + Timeout: 200 * time.Millisecond, + LocalAddr: &laddr, + } + in, rtt, err := c.ExchangeWithDialer(&d, m1, "8.8.8.8:53") + +If these "advanced" features are not needed, a simple UDP query can be sent, +with: + + in, err := dns.Exchange(m1, "127.0.0.1:53") + +When this functions returns you will get dns message. A dns message consists +out of four sections. +The question section: in.Question, the answer section: in.Answer, +the authority section: in.Ns and the additional section: in.Extra. + +Each of these sections (except the Question section) contain a []RR. Basic +use pattern for accessing the rdata of a TXT RR as the first RR in +the Answer section: + + if t, ok := in.Answer[0].(*dns.TXT); ok { + // do something with t.Txt + } + +Domain Name and TXT Character String Representations + +Both domain names and TXT character strings are converted to presentation +form both when unpacked and when converted to strings. + +For TXT character strings, tabs, carriage returns and line feeds will be +converted to \t, \r and \n respectively. Back slashes and quotations marks +will be escaped. Bytes below 32 and above 127 will be converted to \DDD +form. + +For domain names, in addition to the above rules brackets, periods, +spaces, semicolons and the at symbol are escaped. + +DNSSEC + +DNSSEC (DNS Security Extension) adds a layer of security to the DNS. It +uses public key cryptography to sign resource records. The +public keys are stored in DNSKEY records and the signatures in RRSIG records. + +Requesting DNSSEC information for a zone is done by adding the DO (DNSSEC OK) bit +to a request. + + m := new(dns.Msg) + m.SetEdns0(4096, true) + +Signature generation, signature verification and key generation are all supported. + +DYNAMIC UPDATES + +Dynamic updates reuses the DNS message format, but renames three of +the sections. Question is Zone, Answer is Prerequisite, Authority is +Update, only the Additional is not renamed. See RFC 2136 for the gory details. + +You can set a rather complex set of rules for the existence of absence of +certain resource records or names in a zone to specify if resource records +should be added or removed. The table from RFC 2136 supplemented with the Go +DNS function shows which functions exist to specify the prerequisites. + + 3.2.4 - Table Of Metavalues Used In Prerequisite Section + + CLASS TYPE RDATA Meaning Function + -------------------------------------------------------------- + ANY ANY empty Name is in use dns.NameUsed + ANY rrset empty RRset exists (value indep) dns.RRsetUsed + NONE ANY empty Name is not in use dns.NameNotUsed + NONE rrset empty RRset does not exist dns.RRsetNotUsed + zone rrset rr RRset exists (value dep) dns.Used + +The prerequisite section can also be left empty. +If you have decided on the prerequisites you can tell what RRs should +be added or deleted. The next table shows the options you have and +what functions to call. + + 3.4.2.6 - Table Of Metavalues Used In Update Section + + CLASS TYPE RDATA Meaning Function + --------------------------------------------------------------- + ANY ANY empty Delete all RRsets from name dns.RemoveName + ANY rrset empty Delete an RRset dns.RemoveRRset + NONE rrset rr Delete an RR from RRset dns.Remove + zone rrset rr Add to an RRset dns.Insert + +TRANSACTION SIGNATURE + +An TSIG or transaction signature adds a HMAC TSIG record to each message sent. +The supported algorithms include: HmacMD5, HmacSHA1, HmacSHA256 and HmacSHA512. + +Basic use pattern when querying with a TSIG name "axfr." (note that these key names +must be fully qualified - as they are domain names) and the base64 secret +"so6ZGir4GPAqINNh9U5c3A==": + +If an incoming message contains a TSIG record it MUST be the last record in +the additional section (RFC2845 3.2). This means that you should make the +call to SetTsig last, right before executing the query. If you make any +changes to the RRset after calling SetTsig() the signature will be incorrect. + + c := new(dns.Client) + c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} + m := new(dns.Msg) + m.SetQuestion("miek.nl.", dns.TypeMX) + m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) + ... + // When sending the TSIG RR is calculated and filled in before sending + +When requesting an zone transfer (almost all TSIG usage is when requesting zone transfers), with +TSIG, this is the basic use pattern. In this example we request an AXFR for +miek.nl. with TSIG key named "axfr." and secret "so6ZGir4GPAqINNh9U5c3A==" +and using the server 176.58.119.54: + + t := new(dns.Transfer) + m := new(dns.Msg) + t.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} + m.SetAxfr("miek.nl.") + m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) + c, err := t.In(m, "176.58.119.54:53") + for r := range c { ... } + +You can now read the records from the transfer as they come in. Each envelope is checked with TSIG. +If something is not correct an error is returned. + +Basic use pattern validating and replying to a message that has TSIG set. + + server := &dns.Server{Addr: ":53", Net: "udp"} + server.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} + go server.ListenAndServe() + dns.HandleFunc(".", handleRequest) + + func handleRequest(w dns.ResponseWriter, r *dns.Msg) { + m := new(dns.Msg) + m.SetReply(r) + if r.IsTsig() != nil { + if w.TsigStatus() == nil { + // *Msg r has an TSIG record and it was validated + m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) + } else { + // *Msg r has an TSIG records and it was not valided + } + } + w.WriteMsg(m) + } + +PRIVATE RRS + +RFC 6895 sets aside a range of type codes for private use. This range +is 65,280 - 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these +can be used, before requesting an official type code from IANA. + +see http://miek.nl/2014/September/21/idn-and-private-rr-in-go-dns/ for more +information. + +EDNS0 + +EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated +by RFC 6891. It defines an new RR type, the OPT RR, which is then completely +abused. +Basic use pattern for creating an (empty) OPT RR: + + o := new(dns.OPT) + o.Hdr.Name = "." // MUST be the root zone, per definition. + o.Hdr.Rrtype = dns.TypeOPT + +The rdata of an OPT RR consists out of a slice of EDNS0 (RFC 6891) +interfaces. Currently only a few have been standardized: EDNS0_NSID +(RFC 5001) and EDNS0_SUBNET (draft-vandergaast-edns-client-subnet-02). Note +that these options may be combined in an OPT RR. +Basic use pattern for a server to check if (and which) options are set: + + // o is a dns.OPT + for _, s := range o.Option { + switch e := s.(type) { + case *dns.EDNS0_NSID: + // do stuff with e.Nsid + case *dns.EDNS0_SUBNET: + // access e.Family, e.Address, etc. + } + } + +SIG(0) + +From RFC 2931: + + SIG(0) provides protection for DNS transactions and requests .... + ... protection for glue records, DNS requests, protection for message headers + on requests and responses, and protection of the overall integrity of a response. + +It works like TSIG, except that SIG(0) uses public key cryptography, instead of the shared +secret approach in TSIG. +Supported algorithms: DSA, ECDSAP256SHA256, ECDSAP384SHA384, RSASHA1, RSASHA256 and +RSASHA512. + +Signing subsequent messages in multi-message sessions is not implemented. +*/ +package dns diff --git a/vendor/github.com/miekg/dns/edns.go b/vendor/github.com/miekg/dns/edns.go new file mode 100644 index 0000000..a6a36bd --- /dev/null +++ b/vendor/github.com/miekg/dns/edns.go @@ -0,0 +1,634 @@ +package dns + +import ( + "encoding/binary" + "encoding/hex" + "errors" + "fmt" + "net" + "strconv" +) + +// EDNS0 Option codes. +const ( + EDNS0LLQ = 0x1 // long lived queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01 + EDNS0UL = 0x2 // update lease draft: http://files.dns-sd.org/draft-sekar-dns-ul.txt + EDNS0NSID = 0x3 // nsid (RFC5001) + EDNS0DAU = 0x5 // DNSSEC Algorithm Understood + EDNS0DHU = 0x6 // DS Hash Understood + EDNS0N3U = 0x7 // NSEC3 Hash Understood + EDNS0SUBNET = 0x8 // client-subnet (RFC6891) + EDNS0EXPIRE = 0x9 // EDNS0 expire + EDNS0COOKIE = 0xa // EDNS0 Cookie + EDNS0TCPKEEPALIVE = 0xb // EDNS0 tcp keep alive (RFC7828) + EDNS0PADDING = 0xc // EDNS0 padding (RFC7830) + EDNS0SUBNETDRAFT = 0x50fa // Don't use! Use EDNS0SUBNET + EDNS0LOCALSTART = 0xFDE9 // Beginning of range reserved for local/experimental use (RFC6891) + EDNS0LOCALEND = 0xFFFE // End of range reserved for local/experimental use (RFC6891) + _DO = 1 << 15 // dnssec ok +) + +// OPT is the EDNS0 RR appended to messages to convey extra (meta) information. +// See RFC 6891. +type OPT struct { + Hdr RR_Header + Option []EDNS0 `dns:"opt"` +} + +func (rr *OPT) String() string { + s := "\n;; OPT PSEUDOSECTION:\n; EDNS: version " + strconv.Itoa(int(rr.Version())) + "; " + if rr.Do() { + s += "flags: do; " + } else { + s += "flags: ; " + } + s += "udp: " + strconv.Itoa(int(rr.UDPSize())) + + for _, o := range rr.Option { + switch o.(type) { + case *EDNS0_NSID: + s += "\n; NSID: " + o.String() + h, e := o.pack() + var r string + if e == nil { + for _, c := range h { + r += "(" + string(c) + ")" + } + s += " " + r + } + case *EDNS0_SUBNET: + s += "\n; SUBNET: " + o.String() + if o.(*EDNS0_SUBNET).DraftOption { + s += " (draft)" + } + case *EDNS0_COOKIE: + s += "\n; COOKIE: " + o.String() + case *EDNS0_UL: + s += "\n; UPDATE LEASE: " + o.String() + case *EDNS0_LLQ: + s += "\n; LONG LIVED QUERIES: " + o.String() + case *EDNS0_DAU: + s += "\n; DNSSEC ALGORITHM UNDERSTOOD: " + o.String() + case *EDNS0_DHU: + s += "\n; DS HASH UNDERSTOOD: " + o.String() + case *EDNS0_N3U: + s += "\n; NSEC3 HASH UNDERSTOOD: " + o.String() + case *EDNS0_LOCAL: + s += "\n; LOCAL OPT: " + o.String() + case *EDNS0_PADDING: + s += "\n; PADDING: " + o.String() + } + } + return s +} + +func (rr *OPT) len() int { + l := rr.Hdr.len() + for i := 0; i < len(rr.Option); i++ { + l += 4 // Account for 2-byte option code and 2-byte option length. + lo, _ := rr.Option[i].pack() + l += len(lo) + } + return l +} + +// return the old value -> delete SetVersion? + +// Version returns the EDNS version used. Only zero is defined. +func (rr *OPT) Version() uint8 { + return uint8((rr.Hdr.Ttl & 0x00FF0000) >> 16) +} + +// SetVersion sets the version of EDNS. This is usually zero. +func (rr *OPT) SetVersion(v uint8) { + rr.Hdr.Ttl = rr.Hdr.Ttl&0xFF00FFFF | (uint32(v) << 16) +} + +// ExtendedRcode returns the EDNS extended RCODE field (the upper 8 bits of the TTL). +func (rr *OPT) ExtendedRcode() int { + return int((rr.Hdr.Ttl & 0xFF000000) >> 24) +} + +// SetExtendedRcode sets the EDNS extended RCODE field. +func (rr *OPT) SetExtendedRcode(v uint8) { + rr.Hdr.Ttl = rr.Hdr.Ttl&0x00FFFFFF | (uint32(v) << 24) +} + +// UDPSize returns the UDP buffer size. +func (rr *OPT) UDPSize() uint16 { + return rr.Hdr.Class +} + +// SetUDPSize sets the UDP buffer size. +func (rr *OPT) SetUDPSize(size uint16) { + rr.Hdr.Class = size +} + +// Do returns the value of the DO (DNSSEC OK) bit. +func (rr *OPT) Do() bool { + return rr.Hdr.Ttl&_DO == _DO +} + +// SetDo sets the DO (DNSSEC OK) bit. +// If we pass an argument, set the DO bit to that value. +// It is possible to pass 2 or more arguments. Any arguments after the 1st is silently ignored. +func (rr *OPT) SetDo(do ...bool) { + if len(do) == 1 { + if do[0] { + rr.Hdr.Ttl |= _DO + } else { + rr.Hdr.Ttl &^= _DO + } + } else { + rr.Hdr.Ttl |= _DO + } +} + +// EDNS0 defines an EDNS0 Option. An OPT RR can have multiple options appended to it. +type EDNS0 interface { + // Option returns the option code for the option. + Option() uint16 + // pack returns the bytes of the option data. + pack() ([]byte, error) + // unpack sets the data as found in the buffer. Is also sets + // the length of the slice as the length of the option data. + unpack([]byte) error + // String returns the string representation of the option. + String() string +} + +// EDNS0_NSID option is used to retrieve a nameserver +// identifier. When sending a request Nsid must be set to the empty string +// The identifier is an opaque string encoded as hex. +// Basic use pattern for creating an nsid option: +// +// o := new(dns.OPT) +// o.Hdr.Name = "." +// o.Hdr.Rrtype = dns.TypeOPT +// e := new(dns.EDNS0_NSID) +// e.Code = dns.EDNS0NSID +// e.Nsid = "AA" +// o.Option = append(o.Option, e) +type EDNS0_NSID struct { + Code uint16 // Always EDNS0NSID + Nsid string // This string needs to be hex encoded +} + +func (e *EDNS0_NSID) pack() ([]byte, error) { + h, err := hex.DecodeString(e.Nsid) + if err != nil { + return nil, err + } + return h, nil +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_NSID) Option() uint16 { return EDNS0NSID } // Option returns the option code. +func (e *EDNS0_NSID) unpack(b []byte) error { e.Nsid = hex.EncodeToString(b); return nil } +func (e *EDNS0_NSID) String() string { return string(e.Nsid) } + +// EDNS0_SUBNET is the subnet option that is used to give the remote nameserver +// an idea of where the client lives. It can then give back a different +// answer depending on the location or network topology. +// Basic use pattern for creating an subnet option: +// +// o := new(dns.OPT) +// o.Hdr.Name = "." +// o.Hdr.Rrtype = dns.TypeOPT +// e := new(dns.EDNS0_SUBNET) +// e.Code = dns.EDNS0SUBNET +// e.Family = 1 // 1 for IPv4 source address, 2 for IPv6 +// e.SourceNetmask = 32 // 32 for IPV4, 128 for IPv6 +// e.SourceScope = 0 +// e.Address = net.ParseIP("127.0.0.1").To4() // for IPv4 +// // e.Address = net.ParseIP("2001:7b8:32a::2") // for IPV6 +// o.Option = append(o.Option, e) +// +// Note: the spec (draft-ietf-dnsop-edns-client-subnet-00) has some insane logic +// for which netmask applies to the address. This code will parse all the +// available bits when unpacking (up to optlen). When packing it will apply +// SourceNetmask. If you need more advanced logic, patches welcome and good luck. +type EDNS0_SUBNET struct { + Code uint16 // Always EDNS0SUBNET + Family uint16 // 1 for IP, 2 for IP6 + SourceNetmask uint8 + SourceScope uint8 + Address net.IP + DraftOption bool // Set to true if using the old (0x50fa) option code +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_SUBNET) Option() uint16 { + if e.DraftOption { + return EDNS0SUBNETDRAFT + } + return EDNS0SUBNET +} + +func (e *EDNS0_SUBNET) pack() ([]byte, error) { + b := make([]byte, 4) + binary.BigEndian.PutUint16(b[0:], e.Family) + b[2] = e.SourceNetmask + b[3] = e.SourceScope + switch e.Family { + case 0: + // "dig" sets AddressFamily to 0 if SourceNetmask is also 0 + // We might don't need to complain either + if e.SourceNetmask != 0 { + return nil, errors.New("dns: bad address family") + } + case 1: + if e.SourceNetmask > net.IPv4len*8 { + return nil, errors.New("dns: bad netmask") + } + if len(e.Address.To4()) != net.IPv4len { + return nil, errors.New("dns: bad address") + } + ip := e.Address.To4().Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv4len*8)) + needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up + b = append(b, ip[:needLength]...) + case 2: + if e.SourceNetmask > net.IPv6len*8 { + return nil, errors.New("dns: bad netmask") + } + if len(e.Address) != net.IPv6len { + return nil, errors.New("dns: bad address") + } + ip := e.Address.Mask(net.CIDRMask(int(e.SourceNetmask), net.IPv6len*8)) + needLength := (e.SourceNetmask + 8 - 1) / 8 // division rounding up + b = append(b, ip[:needLength]...) + default: + return nil, errors.New("dns: bad address family") + } + return b, nil +} + +func (e *EDNS0_SUBNET) unpack(b []byte) error { + if len(b) < 4 { + return ErrBuf + } + e.Family = binary.BigEndian.Uint16(b) + e.SourceNetmask = b[2] + e.SourceScope = b[3] + switch e.Family { + case 0: + // "dig" sets AddressFamily to 0 if SourceNetmask is also 0 + // It's okay to accept such a packet + if e.SourceNetmask != 0 { + return errors.New("dns: bad address family") + } + e.Address = net.IPv4(0, 0, 0, 0) + case 1: + if e.SourceNetmask > net.IPv4len*8 || e.SourceScope > net.IPv4len*8 { + return errors.New("dns: bad netmask") + } + addr := make([]byte, net.IPv4len) + for i := 0; i < net.IPv4len && 4+i < len(b); i++ { + addr[i] = b[4+i] + } + e.Address = net.IPv4(addr[0], addr[1], addr[2], addr[3]) + case 2: + if e.SourceNetmask > net.IPv6len*8 || e.SourceScope > net.IPv6len*8 { + return errors.New("dns: bad netmask") + } + addr := make([]byte, net.IPv6len) + for i := 0; i < net.IPv6len && 4+i < len(b); i++ { + addr[i] = b[4+i] + } + e.Address = net.IP{addr[0], addr[1], addr[2], addr[3], addr[4], + addr[5], addr[6], addr[7], addr[8], addr[9], addr[10], + addr[11], addr[12], addr[13], addr[14], addr[15]} + default: + return errors.New("dns: bad address family") + } + return nil +} + +func (e *EDNS0_SUBNET) String() (s string) { + if e.Address == nil { + s = "" + } else if e.Address.To4() != nil { + s = e.Address.String() + } else { + s = "[" + e.Address.String() + "]" + } + s += "/" + strconv.Itoa(int(e.SourceNetmask)) + "/" + strconv.Itoa(int(e.SourceScope)) + return +} + +// The EDNS0_COOKIE option is used to add a DNS Cookie to a message. +// +// o := new(dns.OPT) +// o.Hdr.Name = "." +// o.Hdr.Rrtype = dns.TypeOPT +// e := new(dns.EDNS0_COOKIE) +// e.Code = dns.EDNS0COOKIE +// e.Cookie = "24a5ac.." +// o.Option = append(o.Option, e) +// +// The Cookie field consists out of a client cookie (RFC 7873 Section 4), that is +// always 8 bytes. It may then optionally be followed by the server cookie. The server +// cookie is of variable length, 8 to a maximum of 32 bytes. In other words: +// +// cCookie := o.Cookie[:16] +// sCookie := o.Cookie[16:] +// +// There is no guarantee that the Cookie string has a specific length. +type EDNS0_COOKIE struct { + Code uint16 // Always EDNS0COOKIE + Cookie string // Hex-encoded cookie data +} + +func (e *EDNS0_COOKIE) pack() ([]byte, error) { + h, err := hex.DecodeString(e.Cookie) + if err != nil { + return nil, err + } + return h, nil +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_COOKIE) Option() uint16 { return EDNS0COOKIE } +func (e *EDNS0_COOKIE) unpack(b []byte) error { e.Cookie = hex.EncodeToString(b); return nil } +func (e *EDNS0_COOKIE) String() string { return e.Cookie } + +// The EDNS0_UL (Update Lease) (draft RFC) option is used to tell the server to set +// an expiration on an update RR. This is helpful for clients that cannot clean +// up after themselves. This is a draft RFC and more information can be found at +// http://files.dns-sd.org/draft-sekar-dns-ul.txt +// +// o := new(dns.OPT) +// o.Hdr.Name = "." +// o.Hdr.Rrtype = dns.TypeOPT +// e := new(dns.EDNS0_UL) +// e.Code = dns.EDNS0UL +// e.Lease = 120 // in seconds +// o.Option = append(o.Option, e) +type EDNS0_UL struct { + Code uint16 // Always EDNS0UL + Lease uint32 +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_UL) Option() uint16 { return EDNS0UL } +func (e *EDNS0_UL) String() string { return strconv.FormatUint(uint64(e.Lease), 10) } + +// Copied: http://golang.org/src/pkg/net/dnsmsg.go +func (e *EDNS0_UL) pack() ([]byte, error) { + b := make([]byte, 4) + binary.BigEndian.PutUint32(b, e.Lease) + return b, nil +} + +func (e *EDNS0_UL) unpack(b []byte) error { + if len(b) < 4 { + return ErrBuf + } + e.Lease = binary.BigEndian.Uint32(b) + return nil +} + +// EDNS0_LLQ stands for Long Lived Queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01 +// Implemented for completeness, as the EDNS0 type code is assigned. +type EDNS0_LLQ struct { + Code uint16 // Always EDNS0LLQ + Version uint16 + Opcode uint16 + Error uint16 + Id uint64 + LeaseLife uint32 +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_LLQ) Option() uint16 { return EDNS0LLQ } + +func (e *EDNS0_LLQ) pack() ([]byte, error) { + b := make([]byte, 18) + binary.BigEndian.PutUint16(b[0:], e.Version) + binary.BigEndian.PutUint16(b[2:], e.Opcode) + binary.BigEndian.PutUint16(b[4:], e.Error) + binary.BigEndian.PutUint64(b[6:], e.Id) + binary.BigEndian.PutUint32(b[14:], e.LeaseLife) + return b, nil +} + +func (e *EDNS0_LLQ) unpack(b []byte) error { + if len(b) < 18 { + return ErrBuf + } + e.Version = binary.BigEndian.Uint16(b[0:]) + e.Opcode = binary.BigEndian.Uint16(b[2:]) + e.Error = binary.BigEndian.Uint16(b[4:]) + e.Id = binary.BigEndian.Uint64(b[6:]) + e.LeaseLife = binary.BigEndian.Uint32(b[14:]) + return nil +} + +func (e *EDNS0_LLQ) String() string { + s := strconv.FormatUint(uint64(e.Version), 10) + " " + strconv.FormatUint(uint64(e.Opcode), 10) + + " " + strconv.FormatUint(uint64(e.Error), 10) + " " + strconv.FormatUint(uint64(e.Id), 10) + + " " + strconv.FormatUint(uint64(e.LeaseLife), 10) + return s +} + +type EDNS0_DAU struct { + Code uint16 // Always EDNS0DAU + AlgCode []uint8 +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_DAU) Option() uint16 { return EDNS0DAU } +func (e *EDNS0_DAU) pack() ([]byte, error) { return e.AlgCode, nil } +func (e *EDNS0_DAU) unpack(b []byte) error { e.AlgCode = b; return nil } + +func (e *EDNS0_DAU) String() string { + s := "" + for i := 0; i < len(e.AlgCode); i++ { + if a, ok := AlgorithmToString[e.AlgCode[i]]; ok { + s += " " + a + } else { + s += " " + strconv.Itoa(int(e.AlgCode[i])) + } + } + return s +} + +type EDNS0_DHU struct { + Code uint16 // Always EDNS0DHU + AlgCode []uint8 +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_DHU) Option() uint16 { return EDNS0DHU } +func (e *EDNS0_DHU) pack() ([]byte, error) { return e.AlgCode, nil } +func (e *EDNS0_DHU) unpack(b []byte) error { e.AlgCode = b; return nil } + +func (e *EDNS0_DHU) String() string { + s := "" + for i := 0; i < len(e.AlgCode); i++ { + if a, ok := HashToString[e.AlgCode[i]]; ok { + s += " " + a + } else { + s += " " + strconv.Itoa(int(e.AlgCode[i])) + } + } + return s +} + +type EDNS0_N3U struct { + Code uint16 // Always EDNS0N3U + AlgCode []uint8 +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_N3U) Option() uint16 { return EDNS0N3U } +func (e *EDNS0_N3U) pack() ([]byte, error) { return e.AlgCode, nil } +func (e *EDNS0_N3U) unpack(b []byte) error { e.AlgCode = b; return nil } + +func (e *EDNS0_N3U) String() string { + // Re-use the hash map + s := "" + for i := 0; i < len(e.AlgCode); i++ { + if a, ok := HashToString[e.AlgCode[i]]; ok { + s += " " + a + } else { + s += " " + strconv.Itoa(int(e.AlgCode[i])) + } + } + return s +} + +type EDNS0_EXPIRE struct { + Code uint16 // Always EDNS0EXPIRE + Expire uint32 +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_EXPIRE) Option() uint16 { return EDNS0EXPIRE } +func (e *EDNS0_EXPIRE) String() string { return strconv.FormatUint(uint64(e.Expire), 10) } + +func (e *EDNS0_EXPIRE) pack() ([]byte, error) { + b := make([]byte, 4) + b[0] = byte(e.Expire >> 24) + b[1] = byte(e.Expire >> 16) + b[2] = byte(e.Expire >> 8) + b[3] = byte(e.Expire) + return b, nil +} + +func (e *EDNS0_EXPIRE) unpack(b []byte) error { + if len(b) < 4 { + return ErrBuf + } + e.Expire = binary.BigEndian.Uint32(b) + return nil +} + +// The EDNS0_LOCAL option is used for local/experimental purposes. The option +// code is recommended to be within the range [EDNS0LOCALSTART, EDNS0LOCALEND] +// (RFC6891), although any unassigned code can actually be used. The content of +// the option is made available in Data, unaltered. +// Basic use pattern for creating a local option: +// +// o := new(dns.OPT) +// o.Hdr.Name = "." +// o.Hdr.Rrtype = dns.TypeOPT +// e := new(dns.EDNS0_LOCAL) +// e.Code = dns.EDNS0LOCALSTART +// e.Data = []byte{72, 82, 74} +// o.Option = append(o.Option, e) +type EDNS0_LOCAL struct { + Code uint16 + Data []byte +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_LOCAL) Option() uint16 { return e.Code } +func (e *EDNS0_LOCAL) String() string { + return strconv.FormatInt(int64(e.Code), 10) + ":0x" + hex.EncodeToString(e.Data) +} + +func (e *EDNS0_LOCAL) pack() ([]byte, error) { + b := make([]byte, len(e.Data)) + copied := copy(b, e.Data) + if copied != len(e.Data) { + return nil, ErrBuf + } + return b, nil +} + +func (e *EDNS0_LOCAL) unpack(b []byte) error { + e.Data = make([]byte, len(b)) + copied := copy(e.Data, b) + if copied != len(b) { + return ErrBuf + } + return nil +} + +// EDNS0_TCP_KEEPALIVE is an EDNS0 option that instructs the server to keep +// the TCP connection alive. See RFC 7828. +type EDNS0_TCP_KEEPALIVE struct { + Code uint16 // Always EDNSTCPKEEPALIVE + Length uint16 // the value 0 if the TIMEOUT is omitted, the value 2 if it is present; + Timeout uint16 // an idle timeout value for the TCP connection, specified in units of 100 milliseconds, encoded in network byte order. +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_TCP_KEEPALIVE) Option() uint16 { return EDNS0TCPKEEPALIVE } + +func (e *EDNS0_TCP_KEEPALIVE) pack() ([]byte, error) { + if e.Timeout != 0 && e.Length != 2 { + return nil, errors.New("dns: timeout specified but length is not 2") + } + if e.Timeout == 0 && e.Length != 0 { + return nil, errors.New("dns: timeout not specified but length is not 0") + } + b := make([]byte, 4+e.Length) + binary.BigEndian.PutUint16(b[0:], e.Code) + binary.BigEndian.PutUint16(b[2:], e.Length) + if e.Length == 2 { + binary.BigEndian.PutUint16(b[4:], e.Timeout) + } + return b, nil +} + +func (e *EDNS0_TCP_KEEPALIVE) unpack(b []byte) error { + if len(b) < 4 { + return ErrBuf + } + e.Length = binary.BigEndian.Uint16(b[2:4]) + if e.Length != 0 && e.Length != 2 { + return errors.New("dns: length mismatch, want 0/2 but got " + strconv.FormatUint(uint64(e.Length), 10)) + } + if e.Length == 2 { + if len(b) < 6 { + return ErrBuf + } + e.Timeout = binary.BigEndian.Uint16(b[4:6]) + } + return nil +} + +func (e *EDNS0_TCP_KEEPALIVE) String() (s string) { + s = "use tcp keep-alive" + if e.Length == 0 { + s += ", timeout omitted" + } else { + s += fmt.Sprintf(", timeout %dms", e.Timeout*100) + } + return +} + +// EDNS0_PADDING option is used to add padding to a request/response. The default +// value of padding SHOULD be 0x0 but other values MAY be used, for instance if +// compression is applied before encryption which may break signatures. +type EDNS0_PADDING struct { + Padding []byte +} + +// Option implements the EDNS0 interface. +func (e *EDNS0_PADDING) Option() uint16 { return EDNS0PADDING } +func (e *EDNS0_PADDING) pack() ([]byte, error) { return e.Padding, nil } +func (e *EDNS0_PADDING) unpack(b []byte) error { e.Padding = b; return nil } +func (e *EDNS0_PADDING) String() string { return fmt.Sprintf("%0X", e.Padding) } diff --git a/vendor/github.com/miekg/dns/format.go b/vendor/github.com/miekg/dns/format.go new file mode 100644 index 0000000..3f5303c --- /dev/null +++ b/vendor/github.com/miekg/dns/format.go @@ -0,0 +1,87 @@ +package dns + +import ( + "net" + "reflect" + "strconv" +) + +// NumField returns the number of rdata fields r has. +func NumField(r RR) int { + return reflect.ValueOf(r).Elem().NumField() - 1 // Remove RR_Header +} + +// Field returns the rdata field i as a string. Fields are indexed starting from 1. +// RR types that holds slice data, for instance the NSEC type bitmap will return a single +// string where the types are concatenated using a space. +// Accessing non existing fields will cause a panic. +func Field(r RR, i int) string { + if i == 0 { + return "" + } + d := reflect.ValueOf(r).Elem().Field(i) + switch k := d.Kind(); k { + case reflect.String: + return d.String() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return strconv.FormatInt(d.Int(), 10) + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + return strconv.FormatUint(d.Uint(), 10) + case reflect.Slice: + switch reflect.ValueOf(r).Elem().Type().Field(i).Tag { + case `dns:"a"`: + // TODO(miek): Hmm store this as 16 bytes + if d.Len() < net.IPv6len { + return net.IPv4(byte(d.Index(0).Uint()), + byte(d.Index(1).Uint()), + byte(d.Index(2).Uint()), + byte(d.Index(3).Uint())).String() + } + return net.IPv4(byte(d.Index(12).Uint()), + byte(d.Index(13).Uint()), + byte(d.Index(14).Uint()), + byte(d.Index(15).Uint())).String() + case `dns:"aaaa"`: + return net.IP{ + byte(d.Index(0).Uint()), + byte(d.Index(1).Uint()), + byte(d.Index(2).Uint()), + byte(d.Index(3).Uint()), + byte(d.Index(4).Uint()), + byte(d.Index(5).Uint()), + byte(d.Index(6).Uint()), + byte(d.Index(7).Uint()), + byte(d.Index(8).Uint()), + byte(d.Index(9).Uint()), + byte(d.Index(10).Uint()), + byte(d.Index(11).Uint()), + byte(d.Index(12).Uint()), + byte(d.Index(13).Uint()), + byte(d.Index(14).Uint()), + byte(d.Index(15).Uint()), + }.String() + case `dns:"nsec"`: + if d.Len() == 0 { + return "" + } + s := Type(d.Index(0).Uint()).String() + for i := 1; i < d.Len(); i++ { + s += " " + Type(d.Index(i).Uint()).String() + } + return s + default: + // if it does not have a tag its a string slice + fallthrough + case `dns:"txt"`: + if d.Len() == 0 { + return "" + } + s := d.Index(0).String() + for i := 1; i < d.Len(); i++ { + s += " " + d.Index(i).String() + } + return s + } + } + return "" +} diff --git a/vendor/github.com/miekg/dns/fuzz.go b/vendor/github.com/miekg/dns/fuzz.go new file mode 100644 index 0000000..a8a0918 --- /dev/null +++ b/vendor/github.com/miekg/dns/fuzz.go @@ -0,0 +1,23 @@ +// +build fuzz + +package dns + +func Fuzz(data []byte) int { + msg := new(Msg) + + if err := msg.Unpack(data); err != nil { + return 0 + } + if _, err := msg.Pack(); err != nil { + return 0 + } + + return 1 +} + +func FuzzNewRR(data []byte) int { + if _, err := NewRR(string(data)); err != nil { + return 0 + } + return 1 +} diff --git a/vendor/github.com/miekg/dns/generate.go b/vendor/github.com/miekg/dns/generate.go new file mode 100644 index 0000000..e4481a4 --- /dev/null +++ b/vendor/github.com/miekg/dns/generate.go @@ -0,0 +1,159 @@ +package dns + +import ( + "bytes" + "errors" + "fmt" + "strconv" + "strings" +) + +// Parse the $GENERATE statement as used in BIND9 zones. +// See http://www.zytrax.com/books/dns/ch8/generate.html for instance. +// We are called after '$GENERATE '. After which we expect: +// * the range (12-24/2) +// * lhs (ownername) +// * [[ttl][class]] +// * type +// * rhs (rdata) +// But we are lazy here, only the range is parsed *all* occurrences +// of $ after that are interpreted. +// Any error are returned as a string value, the empty string signals +// "no error". +func generate(l lex, c chan lex, t chan *Token, o string) string { + step := 1 + if i := strings.IndexAny(l.token, "/"); i != -1 { + if i+1 == len(l.token) { + return "bad step in $GENERATE range" + } + if s, err := strconv.Atoi(l.token[i+1:]); err == nil { + if s < 0 { + return "bad step in $GENERATE range" + } + step = s + } else { + return "bad step in $GENERATE range" + } + l.token = l.token[:i] + } + sx := strings.SplitN(l.token, "-", 2) + if len(sx) != 2 { + return "bad start-stop in $GENERATE range" + } + start, err := strconv.Atoi(sx[0]) + if err != nil { + return "bad start in $GENERATE range" + } + end, err := strconv.Atoi(sx[1]) + if err != nil { + return "bad stop in $GENERATE range" + } + if end < 0 || start < 0 || end < start { + return "bad range in $GENERATE range" + } + + <-c // _BLANK + // Create a complete new string, which we then parse again. + s := "" +BuildRR: + l = <-c + if l.value != zNewline && l.value != zEOF { + s += l.token + goto BuildRR + } + for i := start; i <= end; i += step { + var ( + escape bool + dom bytes.Buffer + mod string + err error + offset int + ) + + for j := 0; j < len(s); j++ { // No 'range' because we need to jump around + switch s[j] { + case '\\': + if escape { + dom.WriteByte('\\') + escape = false + continue + } + escape = true + case '$': + mod = "%d" + offset = 0 + if escape { + dom.WriteByte('$') + escape = false + continue + } + escape = false + if j+1 >= len(s) { // End of the string + dom.WriteString(fmt.Sprintf(mod, i+offset)) + continue + } else { + if s[j+1] == '$' { + dom.WriteByte('$') + j++ + continue + } + } + // Search for { and } + if s[j+1] == '{' { // Modifier block + sep := strings.Index(s[j+2:], "}") + if sep == -1 { + return "bad modifier in $GENERATE" + } + mod, offset, err = modToPrintf(s[j+2 : j+2+sep]) + if err != nil { + return err.Error() + } + j += 2 + sep // Jump to it + } + dom.WriteString(fmt.Sprintf(mod, i+offset)) + default: + if escape { // Pretty useless here + escape = false + continue + } + dom.WriteByte(s[j]) + } + } + // Re-parse the RR and send it on the current channel t + rx, err := NewRR("$ORIGIN " + o + "\n" + dom.String()) + if err != nil { + return err.Error() + } + t <- &Token{RR: rx} + // Its more efficient to first built the rrlist and then parse it in + // one go! But is this a problem? + } + return "" +} + +// Convert a $GENERATE modifier 0,0,d to something Printf can deal with. +func modToPrintf(s string) (string, int, error) { + xs := strings.SplitN(s, ",", 3) + if len(xs) != 3 { + return "", 0, errors.New("bad modifier in $GENERATE") + } + // xs[0] is offset, xs[1] is width, xs[2] is base + if xs[2] != "o" && xs[2] != "d" && xs[2] != "x" && xs[2] != "X" { + return "", 0, errors.New("bad base in $GENERATE") + } + offset, err := strconv.Atoi(xs[0]) + if err != nil || offset > 255 { + return "", 0, errors.New("bad offset in $GENERATE") + } + width, err := strconv.Atoi(xs[1]) + if err != nil || width > 255 { + return "", offset, errors.New("bad width in $GENERATE") + } + switch { + case width < 0: + return "", offset, errors.New("bad width in $GENERATE") + case width == 0: + return "%" + xs[1] + xs[2], offset, nil + } + return "%0" + xs[1] + xs[2], offset, nil +} diff --git a/vendor/github.com/miekg/dns/internal/socket/cmsghdr.go b/vendor/github.com/miekg/dns/internal/socket/cmsghdr.go new file mode 100644 index 0000000..62f2d2f --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/cmsghdr.go @@ -0,0 +1,7 @@ +// +build linux + +package socket + +func (h *cmsghdr) len() int { return int(h.Len) } +func (h *cmsghdr) lvl() int { return int(h.Level) } +func (h *cmsghdr) typ() int { return int(h.Type) } diff --git a/vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_32bit.go b/vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_32bit.go new file mode 100644 index 0000000..e92e858 --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_32bit.go @@ -0,0 +1,20 @@ +// +build arm mips mipsle 386 +// +build linux + +package socket + +type cmsghdr struct { + Len uint32 + Level int32 + Type int32 +} + +const ( + sizeofCmsghdr = 0xc +) + +func (h *cmsghdr) set(l, lvl, typ int) { + h.Len = uint32(l) + h.Level = int32(lvl) + h.Type = int32(typ) +} diff --git a/vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_64bit.go b/vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_64bit.go new file mode 100644 index 0000000..ddfc9e0 --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/cmsghdr_linux_64bit.go @@ -0,0 +1,20 @@ +// +build arm64 amd64 ppc64 ppc64le mips64 mips64le s390x +// +build linux + +package socket + +type cmsghdr struct { + Len uint64 + Level int32 + Type int32 +} + +const ( + sizeofCmsghdr = 0x10 +) + +func (h *cmsghdr) set(l, lvl, typ int) { + h.Len = uint64(l) + h.Level = int32(lvl) + h.Type = int32(typ) +} diff --git a/vendor/github.com/miekg/dns/internal/socket/cmsghdr_other.go b/vendor/github.com/miekg/dns/internal/socket/cmsghdr_other.go new file mode 100644 index 0000000..8078487 --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/cmsghdr_other.go @@ -0,0 +1,13 @@ +// +build !linux + +package socket + +type cmsghdr struct{} + +const sizeofCmsghdr = 0 + +func (h *cmsghdr) len() int { return 0 } +func (h *cmsghdr) lvl() int { return 0 } +func (h *cmsghdr) typ() int { return 0 } + +func (h *cmsghdr) set(l, lvl, typ int) {} diff --git a/vendor/github.com/miekg/dns/internal/socket/controlmessage.go b/vendor/github.com/miekg/dns/internal/socket/controlmessage.go new file mode 100644 index 0000000..3176e96 --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/controlmessage.go @@ -0,0 +1,118 @@ +package socket + +import ( + "errors" + "unsafe" +) + +func controlHeaderLen() int { + return roundup(sizeofCmsghdr) +} + +func controlMessageLen(dataLen int) int { + return roundup(sizeofCmsghdr) + dataLen +} + +// returns the whole length of control message. +func ControlMessageSpace(dataLen int) int { + return roundup(sizeofCmsghdr) + roundup(dataLen) +} + +// A ControlMessage represents the head message in a stream of control +// messages. +// +// A control message comprises of a header, data and a few padding +// fields to conform to the interface to the kernel. +// +// See RFC 3542 for further information. +type ControlMessage []byte + +// Data returns the data field of the control message at the head. +func (m ControlMessage) Data(dataLen int) []byte { + l := controlHeaderLen() + if len(m) < l || len(m) < l+dataLen { + return nil + } + return m[l : l+dataLen] +} + +// ParseHeader parses and returns the header fields of the control +// message at the head. +func (m ControlMessage) ParseHeader() (lvl, typ, dataLen int, err error) { + l := controlHeaderLen() + if len(m) < l { + return 0, 0, 0, errors.New("short message") + } + h := (*cmsghdr)(unsafe.Pointer(&m[0])) + return h.lvl(), h.typ(), int(uint64(h.len()) - uint64(l)), nil +} + +// Next returns the control message at the next. +func (m ControlMessage) Next(dataLen int) ControlMessage { + l := ControlMessageSpace(dataLen) + if len(m) < l { + return nil + } + return m[l:] +} + +// MarshalHeader marshals the header fields of the control message at +// the head. +func (m ControlMessage) MarshalHeader(lvl, typ, dataLen int) error { + if len(m) < controlHeaderLen() { + return errors.New("short message") + } + h := (*cmsghdr)(unsafe.Pointer(&m[0])) + h.set(controlMessageLen(dataLen), lvl, typ) + return nil +} + +// Marshal marshals the control message at the head, and returns the next +// control message. +func (m ControlMessage) Marshal(lvl, typ int, data []byte) (ControlMessage, error) { + l := len(data) + if len(m) < ControlMessageSpace(l) { + return nil, errors.New("short message") + } + h := (*cmsghdr)(unsafe.Pointer(&m[0])) + h.set(controlMessageLen(l), lvl, typ) + if l > 0 { + copy(m.Data(l), data) + } + return m.Next(l), nil +} + +// Parse parses as a single or multiple control messages. +func (m ControlMessage) Parse() ([]ControlMessage, error) { + var ms []ControlMessage + for len(m) >= controlHeaderLen() { + h := (*cmsghdr)(unsafe.Pointer(&m[0])) + l := h.len() + if l <= 0 { + return nil, errors.New("invalid header length") + } + if uint64(l) < uint64(controlHeaderLen()) { + return nil, errors.New("invalid message length") + } + if uint64(l) > uint64(len(m)) { + return nil, errors.New("short buffer") + } + ms = append(ms, ControlMessage(m[:l])) + ll := l - controlHeaderLen() + if len(m) >= ControlMessageSpace(ll) { + m = m[ControlMessageSpace(ll):] + } else { + m = m[controlMessageLen(ll):] + } + } + return ms, nil +} + +// NewControlMessage returns a new stream of control messages. +func NewControlMessage(dataLen []int) ControlMessage { + var l int + for i := range dataLen { + l += ControlMessageSpace(dataLen[i]) + } + return make([]byte, l) +} diff --git a/vendor/github.com/miekg/dns/internal/socket/socket.go b/vendor/github.com/miekg/dns/internal/socket/socket.go new file mode 100644 index 0000000..edb58e2 --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/socket.go @@ -0,0 +1,4 @@ +// Package socket contains ControlMessage parsing code from +// golang.org/x/net/internal/socket. Instead of supporting all possible +// architectures, we're only supporting linux 32/64 bit. +package socket diff --git a/vendor/github.com/miekg/dns/internal/socket/sys.go b/vendor/github.com/miekg/dns/internal/socket/sys.go new file mode 100644 index 0000000..2f3f5cf --- /dev/null +++ b/vendor/github.com/miekg/dns/internal/socket/sys.go @@ -0,0 +1,14 @@ +package socket + +import "unsafe" + +var ( + kernelAlign = func() int { + var p uintptr + return int(unsafe.Sizeof(p)) + }() +) + +func roundup(l int) int { + return (l + kernelAlign - 1) & ^(kernelAlign - 1) +} diff --git a/vendor/github.com/miekg/dns/labels.go b/vendor/github.com/miekg/dns/labels.go new file mode 100644 index 0000000..760b89e --- /dev/null +++ b/vendor/github.com/miekg/dns/labels.go @@ -0,0 +1,191 @@ +package dns + +// Holds a bunch of helper functions for dealing with labels. + +// SplitDomainName splits a name string into it's labels. +// www.miek.nl. returns []string{"www", "miek", "nl"} +// .www.miek.nl. returns []string{"", "www", "miek", "nl"}, +// The root label (.) returns nil. Note that using +// strings.Split(s) will work in most cases, but does not handle +// escaped dots (\.) for instance. +// s must be a syntactically valid domain name, see IsDomainName. +func SplitDomainName(s string) (labels []string) { + if len(s) == 0 { + return nil + } + fqdnEnd := 0 // offset of the final '.' or the length of the name + idx := Split(s) + begin := 0 + if s[len(s)-1] == '.' { + fqdnEnd = len(s) - 1 + } else { + fqdnEnd = len(s) + } + + switch len(idx) { + case 0: + return nil + case 1: + // no-op + default: + end := 0 + for i := 1; i < len(idx); i++ { + end = idx[i] + labels = append(labels, s[begin:end-1]) + begin = end + } + } + + labels = append(labels, s[begin:fqdnEnd]) + return labels +} + +// CompareDomainName compares the names s1 and s2 and +// returns how many labels they have in common starting from the *right*. +// The comparison stops at the first inequality. The names are downcased +// before the comparison. +// +// www.miek.nl. and miek.nl. have two labels in common: miek and nl +// www.miek.nl. and www.bla.nl. have one label in common: nl +// +// s1 and s2 must be syntactically valid domain names. +func CompareDomainName(s1, s2 string) (n int) { + // the first check: root label + if s1 == "." || s2 == "." { + return 0 + } + + l1 := Split(s1) + l2 := Split(s2) + + j1 := len(l1) - 1 // end + i1 := len(l1) - 2 // start + j2 := len(l2) - 1 + i2 := len(l2) - 2 + // the second check can be done here: last/only label + // before we fall through into the for-loop below + if equal(s1[l1[j1]:], s2[l2[j2]:]) { + n++ + } else { + return + } + for { + if i1 < 0 || i2 < 0 { + break + } + if equal(s1[l1[i1]:l1[j1]], s2[l2[i2]:l2[j2]]) { + n++ + } else { + break + } + j1-- + i1-- + j2-- + i2-- + } + return +} + +// CountLabel counts the the number of labels in the string s. +// s must be a syntactically valid domain name. +func CountLabel(s string) (labels int) { + if s == "." { + return + } + off := 0 + end := false + for { + off, end = NextLabel(s, off) + labels++ + if end { + return + } + } +} + +// Split splits a name s into its label indexes. +// www.miek.nl. returns []int{0, 4, 9}, www.miek.nl also returns []int{0, 4, 9}. +// The root name (.) returns nil. Also see SplitDomainName. +// s must be a syntactically valid domain name. +func Split(s string) []int { + if s == "." { + return nil + } + idx := make([]int, 1, 3) + off := 0 + end := false + + for { + off, end = NextLabel(s, off) + if end { + return idx + } + idx = append(idx, off) + } +} + +// NextLabel returns the index of the start of the next label in the +// string s starting at offset. +// The bool end is true when the end of the string has been reached. +// Also see PrevLabel. +func NextLabel(s string, offset int) (i int, end bool) { + quote := false + for i = offset; i < len(s)-1; i++ { + switch s[i] { + case '\\': + quote = !quote + default: + quote = false + case '.': + if quote { + quote = !quote + continue + } + return i + 1, false + } + } + return i + 1, true +} + +// PrevLabel returns the index of the label when starting from the right and +// jumping n labels to the left. +// The bool start is true when the start of the string has been overshot. +// Also see NextLabel. +func PrevLabel(s string, n int) (i int, start bool) { + if n == 0 { + return len(s), false + } + lab := Split(s) + if lab == nil { + return 0, true + } + if n > len(lab) { + return 0, true + } + return lab[len(lab)-n], false +} + +// equal compares a and b while ignoring case. It returns true when equal otherwise false. +func equal(a, b string) bool { + // might be lifted into API function. + la := len(a) + lb := len(b) + if la != lb { + return false + } + + for i := la - 1; i >= 0; i-- { + ai := a[i] + bi := b[i] + if ai >= 'A' && ai <= 'Z' { + ai |= ('a' - 'A') + } + if bi >= 'A' && bi <= 'Z' { + bi |= ('a' - 'A') + } + if ai != bi { + return false + } + } + return true +} diff --git a/vendor/github.com/miekg/dns/msg.go b/vendor/github.com/miekg/dns/msg.go new file mode 100644 index 0000000..afce176 --- /dev/null +++ b/vendor/github.com/miekg/dns/msg.go @@ -0,0 +1,1148 @@ +// DNS packet assembly, see RFC 1035. Converting from - Unpack() - +// and to - Pack() - wire format. +// All the packers and unpackers take a (msg []byte, off int) +// and return (off1 int, ok bool). If they return ok==false, they +// also return off1==len(msg), so that the next unpacker will +// also fail. This lets us avoid checks of ok until the end of a +// packing sequence. + +package dns + +//go:generate go run msg_generate.go +//go:generate go run compress_generate.go + +import ( + crand "crypto/rand" + "encoding/binary" + "fmt" + "math/big" + "math/rand" + "strconv" + "sync" +) + +const ( + maxCompressionOffset = 2 << 13 // We have 14 bits for the compression pointer + maxDomainNameWireOctets = 255 // See RFC 1035 section 2.3.4 +) + +// Errors defined in this package. +var ( + ErrAlg error = &Error{err: "bad algorithm"} // ErrAlg indicates an error with the (DNSSEC) algorithm. + ErrAuth error = &Error{err: "bad authentication"} // ErrAuth indicates an error in the TSIG authentication. + ErrBuf error = &Error{err: "buffer size too small"} // ErrBuf indicates that the buffer used is too small for the message. + ErrConnEmpty error = &Error{err: "conn has no connection"} // ErrConnEmpty indicates a connection is being used before it is initialized. + ErrExtendedRcode error = &Error{err: "bad extended rcode"} // ErrExtendedRcode ... + ErrFqdn error = &Error{err: "domain must be fully qualified"} // ErrFqdn indicates that a domain name does not have a closing dot. + ErrId error = &Error{err: "id mismatch"} // ErrId indicates there is a mismatch with the message's ID. + ErrKeyAlg error = &Error{err: "bad key algorithm"} // ErrKeyAlg indicates that the algorithm in the key is not valid. + ErrKey error = &Error{err: "bad key"} + ErrKeySize error = &Error{err: "bad key size"} + ErrLongDomain error = &Error{err: fmt.Sprintf("domain name exceeded %d wire-format octets", maxDomainNameWireOctets)} + ErrNoSig error = &Error{err: "no signature found"} + ErrPrivKey error = &Error{err: "bad private key"} + ErrRcode error = &Error{err: "bad rcode"} + ErrRdata error = &Error{err: "bad rdata"} + ErrRRset error = &Error{err: "bad rrset"} + ErrSecret error = &Error{err: "no secrets defined"} + ErrShortRead error = &Error{err: "short read"} + ErrSig error = &Error{err: "bad signature"} // ErrSig indicates that a signature can not be cryptographically validated. + ErrSoa error = &Error{err: "no SOA"} // ErrSOA indicates that no SOA RR was seen when doing zone transfers. + ErrTime error = &Error{err: "bad time"} // ErrTime indicates a timing error in TSIG authentication. + ErrTruncated error = &Error{err: "failed to unpack truncated message"} // ErrTruncated indicates that we failed to unpack a truncated message. We unpacked as much as we had so Msg can still be used, if desired. +) + +// Id by default, returns a 16 bits random number to be used as a +// message id. The random provided should be good enough. This being a +// variable the function can be reassigned to a custom function. +// For instance, to make it return a static value: +// +// dns.Id = func() uint16 { return 3 } +var Id = id + +var ( + idLock sync.Mutex + idRand *rand.Rand +) + +// id returns a 16 bits random number to be used as a +// message id. The random provided should be good enough. +func id() uint16 { + idLock.Lock() + + if idRand == nil { + // This (partially) works around + // https://github.com/golang/go/issues/11833 by only + // seeding idRand upon the first call to id. + + var seed int64 + var buf [8]byte + + if _, err := crand.Read(buf[:]); err == nil { + seed = int64(binary.LittleEndian.Uint64(buf[:])) + } else { + seed = rand.Int63() + } + + idRand = rand.New(rand.NewSource(seed)) + } + + // The call to idRand.Uint32 must be within the + // mutex lock because *rand.Rand is not safe for + // concurrent use. + // + // There is no added performance overhead to calling + // idRand.Uint32 inside a mutex lock over just + // calling rand.Uint32 as the global math/rand rng + // is internally protected by a sync.Mutex. + id := uint16(idRand.Uint32()) + + idLock.Unlock() + return id +} + +// MsgHdr is a a manually-unpacked version of (id, bits). +type MsgHdr struct { + Id uint16 + Response bool + Opcode int + Authoritative bool + Truncated bool + RecursionDesired bool + RecursionAvailable bool + Zero bool + AuthenticatedData bool + CheckingDisabled bool + Rcode int +} + +// Msg contains the layout of a DNS message. +type Msg struct { + MsgHdr + Compress bool `json:"-"` // If true, the message will be compressed when converted to wire format. + Question []Question // Holds the RR(s) of the question section. + Answer []RR // Holds the RR(s) of the answer section. + Ns []RR // Holds the RR(s) of the authority section. + Extra []RR // Holds the RR(s) of the additional section. +} + +// ClassToString is a maps Classes to strings for each CLASS wire type. +var ClassToString = map[uint16]string{ + ClassINET: "IN", + ClassCSNET: "CS", + ClassCHAOS: "CH", + ClassHESIOD: "HS", + ClassNONE: "NONE", + ClassANY: "ANY", +} + +// OpcodeToString maps Opcodes to strings. +var OpcodeToString = map[int]string{ + OpcodeQuery: "QUERY", + OpcodeIQuery: "IQUERY", + OpcodeStatus: "STATUS", + OpcodeNotify: "NOTIFY", + OpcodeUpdate: "UPDATE", +} + +// RcodeToString maps Rcodes to strings. +var RcodeToString = map[int]string{ + RcodeSuccess: "NOERROR", + RcodeFormatError: "FORMERR", + RcodeServerFailure: "SERVFAIL", + RcodeNameError: "NXDOMAIN", + RcodeNotImplemented: "NOTIMPL", + RcodeRefused: "REFUSED", + RcodeYXDomain: "YXDOMAIN", // See RFC 2136 + RcodeYXRrset: "YXRRSET", + RcodeNXRrset: "NXRRSET", + RcodeNotAuth: "NOTAUTH", + RcodeNotZone: "NOTZONE", + RcodeBadSig: "BADSIG", // Also known as RcodeBadVers, see RFC 6891 + // RcodeBadVers: "BADVERS", + RcodeBadKey: "BADKEY", + RcodeBadTime: "BADTIME", + RcodeBadMode: "BADMODE", + RcodeBadName: "BADNAME", + RcodeBadAlg: "BADALG", + RcodeBadTrunc: "BADTRUNC", + RcodeBadCookie: "BADCOOKIE", +} + +// Domain names are a sequence of counted strings +// split at the dots. They end with a zero-length string. + +// PackDomainName packs a domain name s into msg[off:]. +// If compression is wanted compress must be true and the compression +// map needs to hold a mapping between domain names and offsets +// pointing into msg. +func PackDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) { + off1, _, err = packDomainName(s, msg, off, compression, compress) + return +} + +func packDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, labels int, err error) { + // special case if msg == nil + lenmsg := 256 + if msg != nil { + lenmsg = len(msg) + } + ls := len(s) + if ls == 0 { // Ok, for instance when dealing with update RR without any rdata. + return off, 0, nil + } + // If not fully qualified, error out, but only if msg == nil #ugly + switch { + case msg == nil: + if s[ls-1] != '.' { + s += "." + ls++ + } + case msg != nil: + if s[ls-1] != '.' { + return lenmsg, 0, ErrFqdn + } + } + // Each dot ends a segment of the name. + // We trade each dot byte for a length byte. + // Except for escaped dots (\.), which are normal dots. + // There is also a trailing zero. + + // Compression + nameoffset := -1 + pointer := -1 + // Emit sequence of counted strings, chopping at dots. + begin := 0 + bs := []byte(s) + roBs, bsFresh, escapedDot := s, true, false + for i := 0; i < ls; i++ { + if bs[i] == '\\' { + for j := i; j < ls-1; j++ { + bs[j] = bs[j+1] + } + ls-- + if off+1 > lenmsg { + return lenmsg, labels, ErrBuf + } + // check for \DDD + if i+2 < ls && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) { + bs[i] = dddToByte(bs[i:]) + for j := i + 1; j < ls-2; j++ { + bs[j] = bs[j+2] + } + ls -= 2 + } + escapedDot = bs[i] == '.' + bsFresh = false + continue + } + + if bs[i] == '.' { + if i > 0 && bs[i-1] == '.' && !escapedDot { + // two dots back to back is not legal + return lenmsg, labels, ErrRdata + } + if i-begin >= 1<<6 { // top two bits of length must be clear + return lenmsg, labels, ErrRdata + } + // off can already (we're in a loop) be bigger than len(msg) + // this happens when a name isn't fully qualified + if off+1 > lenmsg { + return lenmsg, labels, ErrBuf + } + if msg != nil { + msg[off] = byte(i - begin) + } + offset := off + off++ + for j := begin; j < i; j++ { + if off+1 > lenmsg { + return lenmsg, labels, ErrBuf + } + if msg != nil { + msg[off] = bs[j] + } + off++ + } + if compress && !bsFresh { + roBs = string(bs) + bsFresh = true + } + // Don't try to compress '.' + // We should only compress when compress it true, but we should also still pick + // up names that can be used for *future* compression(s). + if compression != nil && roBs[begin:] != "." { + if p, ok := compression[roBs[begin:]]; !ok { + // Only offsets smaller than this can be used. + if offset < maxCompressionOffset { + compression[roBs[begin:]] = offset + } + } else { + // The first hit is the longest matching dname + // keep the pointer offset we get back and store + // the offset of the current name, because that's + // where we need to insert the pointer later + + // If compress is true, we're allowed to compress this dname + if pointer == -1 && compress { + pointer = p // Where to point to + nameoffset = offset // Where to point from + break + } + } + } + labels++ + begin = i + 1 + } + escapedDot = false + } + // Root label is special + if len(bs) == 1 && bs[0] == '.' { + return off, labels, nil + } + // If we did compression and we find something add the pointer here + if pointer != -1 { + // We have two bytes (14 bits) to put the pointer in + // if msg == nil, we will never do compression + binary.BigEndian.PutUint16(msg[nameoffset:], uint16(pointer^0xC000)) + off = nameoffset + 1 + goto End + } + if msg != nil && off < len(msg) { + msg[off] = 0 + } +End: + off++ + return off, labels, nil +} + +// Unpack a domain name. +// In addition to the simple sequences of counted strings above, +// domain names are allowed to refer to strings elsewhere in the +// packet, to avoid repeating common suffixes when returning +// many entries in a single domain. The pointers are marked +// by a length byte with the top two bits set. Ignoring those +// two bits, that byte and the next give a 14 bit offset from msg[0] +// where we should pick up the trail. +// Note that if we jump elsewhere in the packet, +// we return off1 == the offset after the first pointer we found, +// which is where the next record will start. +// In theory, the pointers are only allowed to jump backward. +// We let them jump anywhere and stop jumping after a while. + +// UnpackDomainName unpacks a domain name into a string. +func UnpackDomainName(msg []byte, off int) (string, int, error) { + s := make([]byte, 0, 64) + off1 := 0 + lenmsg := len(msg) + maxLen := maxDomainNameWireOctets + ptr := 0 // number of pointers followed +Loop: + for { + if off >= lenmsg { + return "", lenmsg, ErrBuf + } + c := int(msg[off]) + off++ + switch c & 0xC0 { + case 0x00: + if c == 0x00 { + // end of name + break Loop + } + // literal string + if off+c > lenmsg { + return "", lenmsg, ErrBuf + } + for j := off; j < off+c; j++ { + switch b := msg[j]; b { + case '.', '(', ')', ';', ' ', '@': + fallthrough + case '"', '\\': + s = append(s, '\\', b) + // presentation-format \X escapes add an extra byte + maxLen++ + default: + if b < 32 || b >= 127 { // unprintable, use \DDD + var buf [3]byte + bufs := strconv.AppendInt(buf[:0], int64(b), 10) + s = append(s, '\\') + for i := 0; i < 3-len(bufs); i++ { + s = append(s, '0') + } + for _, r := range bufs { + s = append(s, r) + } + // presentation-format \DDD escapes add 3 extra bytes + maxLen += 3 + } else { + s = append(s, b) + } + } + } + s = append(s, '.') + off += c + case 0xC0: + // pointer to somewhere else in msg. + // remember location after first ptr, + // since that's how many bytes we consumed. + // also, don't follow too many pointers -- + // maybe there's a loop. + if off >= lenmsg { + return "", lenmsg, ErrBuf + } + c1 := msg[off] + off++ + if ptr == 0 { + off1 = off + } + if ptr++; ptr > 10 { + return "", lenmsg, &Error{err: "too many compression pointers"} + } + // pointer should guarantee that it advances and points forwards at least + // but the condition on previous three lines guarantees that it's + // at least loop-free + off = (c^0xC0)<<8 | int(c1) + default: + // 0x80 and 0x40 are reserved + return "", lenmsg, ErrRdata + } + } + if ptr == 0 { + off1 = off + } + if len(s) == 0 { + s = []byte(".") + } else if len(s) >= maxLen { + // error if the name is too long, but don't throw it away + return string(s), lenmsg, ErrLongDomain + } + return string(s), off1, nil +} + +func packTxt(txt []string, msg []byte, offset int, tmp []byte) (int, error) { + if len(txt) == 0 { + if offset >= len(msg) { + return offset, ErrBuf + } + msg[offset] = 0 + return offset, nil + } + var err error + for i := range txt { + if len(txt[i]) > len(tmp) { + return offset, ErrBuf + } + offset, err = packTxtString(txt[i], msg, offset, tmp) + if err != nil { + return offset, err + } + } + return offset, nil +} + +func packTxtString(s string, msg []byte, offset int, tmp []byte) (int, error) { + lenByteOffset := offset + if offset >= len(msg) || len(s) > len(tmp) { + return offset, ErrBuf + } + offset++ + bs := tmp[:len(s)] + copy(bs, s) + for i := 0; i < len(bs); i++ { + if len(msg) <= offset { + return offset, ErrBuf + } + if bs[i] == '\\' { + i++ + if i == len(bs) { + break + } + // check for \DDD + if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) { + msg[offset] = dddToByte(bs[i:]) + i += 2 + } else { + msg[offset] = bs[i] + } + } else { + msg[offset] = bs[i] + } + offset++ + } + l := offset - lenByteOffset - 1 + if l > 255 { + return offset, &Error{err: "string exceeded 255 bytes in txt"} + } + msg[lenByteOffset] = byte(l) + return offset, nil +} + +func packOctetString(s string, msg []byte, offset int, tmp []byte) (int, error) { + if offset >= len(msg) || len(s) > len(tmp) { + return offset, ErrBuf + } + bs := tmp[:len(s)] + copy(bs, s) + for i := 0; i < len(bs); i++ { + if len(msg) <= offset { + return offset, ErrBuf + } + if bs[i] == '\\' { + i++ + if i == len(bs) { + break + } + // check for \DDD + if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) { + msg[offset] = dddToByte(bs[i:]) + i += 2 + } else { + msg[offset] = bs[i] + } + } else { + msg[offset] = bs[i] + } + offset++ + } + return offset, nil +} + +func unpackTxt(msg []byte, off0 int) (ss []string, off int, err error) { + off = off0 + var s string + for off < len(msg) && err == nil { + s, off, err = unpackTxtString(msg, off) + if err == nil { + ss = append(ss, s) + } + } + return +} + +func unpackTxtString(msg []byte, offset int) (string, int, error) { + if offset+1 > len(msg) { + return "", offset, &Error{err: "overflow unpacking txt"} + } + l := int(msg[offset]) + if offset+l+1 > len(msg) { + return "", offset, &Error{err: "overflow unpacking txt"} + } + s := make([]byte, 0, l) + for _, b := range msg[offset+1 : offset+1+l] { + switch b { + case '"', '\\': + s = append(s, '\\', b) + default: + if b < 32 || b > 127 { // unprintable + var buf [3]byte + bufs := strconv.AppendInt(buf[:0], int64(b), 10) + s = append(s, '\\') + for i := 0; i < 3-len(bufs); i++ { + s = append(s, '0') + } + for _, r := range bufs { + s = append(s, r) + } + } else { + s = append(s, b) + } + } + } + offset += 1 + l + return string(s), offset, nil +} + +// Helpers for dealing with escaped bytes +func isDigit(b byte) bool { return b >= '0' && b <= '9' } + +func dddToByte(s []byte) byte { + return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0')) +} + +// Helper function for packing and unpacking +func intToBytes(i *big.Int, length int) []byte { + buf := i.Bytes() + if len(buf) < length { + b := make([]byte, length) + copy(b[length-len(buf):], buf) + return b + } + return buf +} + +// PackRR packs a resource record rr into msg[off:]. +// See PackDomainName for documentation about the compression. +func PackRR(rr RR, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) { + if rr == nil { + return len(msg), &Error{err: "nil rr"} + } + + off1, err = rr.pack(msg, off, compression, compress) + if err != nil { + return len(msg), err + } + // TODO(miek): Not sure if this is needed? If removed we can remove rawmsg.go as well. + if rawSetRdlength(msg, off, off1) { + return off1, nil + } + return off, ErrRdata +} + +// UnpackRR unpacks msg[off:] into an RR. +func UnpackRR(msg []byte, off int) (rr RR, off1 int, err error) { + h, off, msg, err := unpackHeader(msg, off) + if err != nil { + return nil, len(msg), err + } + end := off + int(h.Rdlength) + + if fn, known := typeToUnpack[h.Rrtype]; !known { + rr, off, err = unpackRFC3597(h, msg, off) + } else { + rr, off, err = fn(h, msg, off) + } + if off != end { + return &h, end, &Error{err: "bad rdlength"} + } + return rr, off, err +} + +// unpackRRslice unpacks msg[off:] into an []RR. +// If we cannot unpack the whole array, then it will return nil +func unpackRRslice(l int, msg []byte, off int) (dst1 []RR, off1 int, err error) { + var r RR + // Optimistically make dst be the length that was sent + dst := make([]RR, 0, l) + for i := 0; i < l; i++ { + off1 := off + r, off, err = UnpackRR(msg, off) + if err != nil { + off = len(msg) + break + } + // If offset does not increase anymore, l is a lie + if off1 == off { + l = i + break + } + dst = append(dst, r) + } + if err != nil && off == len(msg) { + dst = nil + } + return dst, off, err +} + +// Convert a MsgHdr to a string, with dig-like headers: +// +//;; opcode: QUERY, status: NOERROR, id: 48404 +// +//;; flags: qr aa rd ra; +func (h *MsgHdr) String() string { + if h == nil { + return " MsgHdr" + } + + s := ";; opcode: " + OpcodeToString[h.Opcode] + s += ", status: " + RcodeToString[h.Rcode] + s += ", id: " + strconv.Itoa(int(h.Id)) + "\n" + + s += ";; flags:" + if h.Response { + s += " qr" + } + if h.Authoritative { + s += " aa" + } + if h.Truncated { + s += " tc" + } + if h.RecursionDesired { + s += " rd" + } + if h.RecursionAvailable { + s += " ra" + } + if h.Zero { // Hmm + s += " z" + } + if h.AuthenticatedData { + s += " ad" + } + if h.CheckingDisabled { + s += " cd" + } + + s += ";" + return s +} + +// Pack packs a Msg: it is converted to to wire format. +// If the dns.Compress is true the message will be in compressed wire format. +func (dns *Msg) Pack() (msg []byte, err error) { + return dns.PackBuffer(nil) +} + +// PackBuffer packs a Msg, using the given buffer buf. If buf is too small +// a new buffer is allocated. +func (dns *Msg) PackBuffer(buf []byte) (msg []byte, err error) { + // We use a similar function in tsig.go's stripTsig. + var ( + dh Header + compression map[string]int + ) + + if dns.Compress { + compression = make(map[string]int) // Compression pointer mappings + } + + if dns.Rcode < 0 || dns.Rcode > 0xFFF { + return nil, ErrRcode + } + if dns.Rcode > 0xF { + // Regular RCODE field is 4 bits + opt := dns.IsEdns0() + if opt == nil { + return nil, ErrExtendedRcode + } + opt.SetExtendedRcode(uint8(dns.Rcode >> 4)) + dns.Rcode &= 0xF + } + + // Convert convenient Msg into wire-like Header. + dh.Id = dns.Id + dh.Bits = uint16(dns.Opcode)<<11 | uint16(dns.Rcode) + if dns.Response { + dh.Bits |= _QR + } + if dns.Authoritative { + dh.Bits |= _AA + } + if dns.Truncated { + dh.Bits |= _TC + } + if dns.RecursionDesired { + dh.Bits |= _RD + } + if dns.RecursionAvailable { + dh.Bits |= _RA + } + if dns.Zero { + dh.Bits |= _Z + } + if dns.AuthenticatedData { + dh.Bits |= _AD + } + if dns.CheckingDisabled { + dh.Bits |= _CD + } + + // Prepare variable sized arrays. + question := dns.Question + answer := dns.Answer + ns := dns.Ns + extra := dns.Extra + + dh.Qdcount = uint16(len(question)) + dh.Ancount = uint16(len(answer)) + dh.Nscount = uint16(len(ns)) + dh.Arcount = uint16(len(extra)) + + // We need the uncompressed length here, because we first pack it and then compress it. + msg = buf + uncompressedLen := compressedLen(dns, false) + if packLen := uncompressedLen + 1; len(msg) < packLen { + msg = make([]byte, packLen) + } + + // Pack it in: header and then the pieces. + off := 0 + off, err = dh.pack(msg, off, compression, dns.Compress) + if err != nil { + return nil, err + } + for i := 0; i < len(question); i++ { + off, err = question[i].pack(msg, off, compression, dns.Compress) + if err != nil { + return nil, err + } + } + for i := 0; i < len(answer); i++ { + off, err = PackRR(answer[i], msg, off, compression, dns.Compress) + if err != nil { + return nil, err + } + } + for i := 0; i < len(ns); i++ { + off, err = PackRR(ns[i], msg, off, compression, dns.Compress) + if err != nil { + return nil, err + } + } + for i := 0; i < len(extra); i++ { + off, err = PackRR(extra[i], msg, off, compression, dns.Compress) + if err != nil { + return nil, err + } + } + return msg[:off], nil +} + +// Unpack unpacks a binary message to a Msg structure. +func (dns *Msg) Unpack(msg []byte) (err error) { + var ( + dh Header + off int + ) + if dh, off, err = unpackMsgHdr(msg, off); err != nil { + return err + } + + dns.Id = dh.Id + dns.Response = (dh.Bits & _QR) != 0 + dns.Opcode = int(dh.Bits>>11) & 0xF + dns.Authoritative = (dh.Bits & _AA) != 0 + dns.Truncated = (dh.Bits & _TC) != 0 + dns.RecursionDesired = (dh.Bits & _RD) != 0 + dns.RecursionAvailable = (dh.Bits & _RA) != 0 + dns.Zero = (dh.Bits & _Z) != 0 + dns.AuthenticatedData = (dh.Bits & _AD) != 0 + dns.CheckingDisabled = (dh.Bits & _CD) != 0 + dns.Rcode = int(dh.Bits & 0xF) + + if off == len(msg) { + return ErrTruncated + } + + // Optimistically use the count given to us in the header + dns.Question = make([]Question, 0, int(dh.Qdcount)) + + for i := 0; i < int(dh.Qdcount); i++ { + off1 := off + var q Question + q, off, err = unpackQuestion(msg, off) + if err != nil { + // Even if Truncated is set, we only will set ErrTruncated if we + // actually got the questions + return err + } + if off1 == off { // Offset does not increase anymore, dh.Qdcount is a lie! + dh.Qdcount = uint16(i) + break + } + dns.Question = append(dns.Question, q) + } + + dns.Answer, off, err = unpackRRslice(int(dh.Ancount), msg, off) + // The header counts might have been wrong so we need to update it + dh.Ancount = uint16(len(dns.Answer)) + if err == nil { + dns.Ns, off, err = unpackRRslice(int(dh.Nscount), msg, off) + } + // The header counts might have been wrong so we need to update it + dh.Nscount = uint16(len(dns.Ns)) + if err == nil { + dns.Extra, off, err = unpackRRslice(int(dh.Arcount), msg, off) + } + // The header counts might have been wrong so we need to update it + dh.Arcount = uint16(len(dns.Extra)) + + if off != len(msg) { + // TODO(miek) make this an error? + // use PackOpt to let people tell how detailed the error reporting should be? + // println("dns: extra bytes in dns packet", off, "<", len(msg)) + } else if dns.Truncated { + // Whether we ran into a an error or not, we want to return that it + // was truncated + err = ErrTruncated + } + return err +} + +// Convert a complete message to a string with dig-like output. +func (dns *Msg) String() string { + if dns == nil { + return " MsgHdr" + } + s := dns.MsgHdr.String() + " " + s += "QUERY: " + strconv.Itoa(len(dns.Question)) + ", " + s += "ANSWER: " + strconv.Itoa(len(dns.Answer)) + ", " + s += "AUTHORITY: " + strconv.Itoa(len(dns.Ns)) + ", " + s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n" + if len(dns.Question) > 0 { + s += "\n;; QUESTION SECTION:\n" + for i := 0; i < len(dns.Question); i++ { + s += dns.Question[i].String() + "\n" + } + } + if len(dns.Answer) > 0 { + s += "\n;; ANSWER SECTION:\n" + for i := 0; i < len(dns.Answer); i++ { + if dns.Answer[i] != nil { + s += dns.Answer[i].String() + "\n" + } + } + } + if len(dns.Ns) > 0 { + s += "\n;; AUTHORITY SECTION:\n" + for i := 0; i < len(dns.Ns); i++ { + if dns.Ns[i] != nil { + s += dns.Ns[i].String() + "\n" + } + } + } + if len(dns.Extra) > 0 { + s += "\n;; ADDITIONAL SECTION:\n" + for i := 0; i < len(dns.Extra); i++ { + if dns.Extra[i] != nil { + s += dns.Extra[i].String() + "\n" + } + } + } + return s +} + +// Len returns the message length when in (un)compressed wire format. +// If dns.Compress is true compression it is taken into account. Len() +// is provided to be a faster way to get the size of the resulting packet, +// than packing it, measuring the size and discarding the buffer. +func (dns *Msg) Len() int { return compressedLen(dns, dns.Compress) } + +// compressedLen returns the message length when in compressed wire format +// when compress is true, otherwise the uncompressed length is returned. +func compressedLen(dns *Msg, compress bool) int { + // We always return one more than needed. + l := 12 // Message header is always 12 bytes + if compress { + compression := map[string]int{} + for _, r := range dns.Question { + l += r.len() + compressionLenHelper(compression, r.Name) + } + l += compressionLenSlice(compression, dns.Answer) + l += compressionLenSlice(compression, dns.Ns) + l += compressionLenSlice(compression, dns.Extra) + } else { + for _, r := range dns.Question { + l += r.len() + } + for _, r := range dns.Answer { + if r != nil { + l += r.len() + } + } + for _, r := range dns.Ns { + if r != nil { + l += r.len() + } + } + for _, r := range dns.Extra { + if r != nil { + l += r.len() + } + } + } + return l +} + +func compressionLenSlice(c map[string]int, rs []RR) int { + var l int + for _, r := range rs { + if r == nil { + continue + } + l += r.len() + k, ok := compressionLenSearch(c, r.Header().Name) + if ok { + l += 1 - k + } + compressionLenHelper(c, r.Header().Name) + k, ok = compressionLenSearchType(c, r) + if ok { + l += 1 - k + } + compressionLenHelperType(c, r) + } + return l +} + +// Put the parts of the name in the compression map. +func compressionLenHelper(c map[string]int, s string) { + pref := "" + lbs := Split(s) + for j := len(lbs) - 1; j >= 0; j-- { + pref = s[lbs[j]:] + if _, ok := c[pref]; !ok { + c[pref] = len(pref) + } + } +} + +// Look for each part in the compression map and returns its length, +// keep on searching so we get the longest match. +func compressionLenSearch(c map[string]int, s string) (int, bool) { + off := 0 + end := false + if s == "" { // don't bork on bogus data + return 0, false + } + for { + if _, ok := c[s[off:]]; ok { + return len(s[off:]), true + } + if end { + break + } + off, end = NextLabel(s, off) + } + return 0, false +} + +// Copy returns a new RR which is a deep-copy of r. +func Copy(r RR) RR { r1 := r.copy(); return r1 } + +// Len returns the length (in octets) of the uncompressed RR in wire format. +func Len(r RR) int { return r.len() } + +// Copy returns a new *Msg which is a deep-copy of dns. +func (dns *Msg) Copy() *Msg { return dns.CopyTo(new(Msg)) } + +// CopyTo copies the contents to the provided message using a deep-copy and returns the copy. +func (dns *Msg) CopyTo(r1 *Msg) *Msg { + r1.MsgHdr = dns.MsgHdr + r1.Compress = dns.Compress + + if len(dns.Question) > 0 { + r1.Question = make([]Question, len(dns.Question)) + copy(r1.Question, dns.Question) // TODO(miek): Question is an immutable value, ok to do a shallow-copy + } + + rrArr := make([]RR, len(dns.Answer)+len(dns.Ns)+len(dns.Extra)) + var rri int + + if len(dns.Answer) > 0 { + rrbegin := rri + for i := 0; i < len(dns.Answer); i++ { + rrArr[rri] = dns.Answer[i].copy() + rri++ + } + r1.Answer = rrArr[rrbegin:rri:rri] + } + + if len(dns.Ns) > 0 { + rrbegin := rri + for i := 0; i < len(dns.Ns); i++ { + rrArr[rri] = dns.Ns[i].copy() + rri++ + } + r1.Ns = rrArr[rrbegin:rri:rri] + } + + if len(dns.Extra) > 0 { + rrbegin := rri + for i := 0; i < len(dns.Extra); i++ { + rrArr[rri] = dns.Extra[i].copy() + rri++ + } + r1.Extra = rrArr[rrbegin:rri:rri] + } + + return r1 +} + +func (q *Question) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := PackDomainName(q.Name, msg, off, compression, compress) + if err != nil { + return off, err + } + off, err = packUint16(q.Qtype, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(q.Qclass, msg, off) + if err != nil { + return off, err + } + return off, nil +} + +func unpackQuestion(msg []byte, off int) (Question, int, error) { + var ( + q Question + err error + ) + q.Name, off, err = UnpackDomainName(msg, off) + if err != nil { + return q, off, err + } + if off == len(msg) { + return q, off, nil + } + q.Qtype, off, err = unpackUint16(msg, off) + if err != nil { + return q, off, err + } + if off == len(msg) { + return q, off, nil + } + q.Qclass, off, err = unpackUint16(msg, off) + if off == len(msg) { + return q, off, nil + } + return q, off, err +} + +func (dh *Header) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := packUint16(dh.Id, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(dh.Bits, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(dh.Qdcount, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(dh.Ancount, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(dh.Nscount, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(dh.Arcount, msg, off) + return off, err +} + +func unpackMsgHdr(msg []byte, off int) (Header, int, error) { + var ( + dh Header + err error + ) + dh.Id, off, err = unpackUint16(msg, off) + if err != nil { + return dh, off, err + } + dh.Bits, off, err = unpackUint16(msg, off) + if err != nil { + return dh, off, err + } + dh.Qdcount, off, err = unpackUint16(msg, off) + if err != nil { + return dh, off, err + } + dh.Ancount, off, err = unpackUint16(msg, off) + if err != nil { + return dh, off, err + } + dh.Nscount, off, err = unpackUint16(msg, off) + if err != nil { + return dh, off, err + } + dh.Arcount, off, err = unpackUint16(msg, off) + return dh, off, err +} diff --git a/vendor/github.com/miekg/dns/msg_generate.go b/vendor/github.com/miekg/dns/msg_generate.go new file mode 100644 index 0000000..4d9f81d --- /dev/null +++ b/vendor/github.com/miekg/dns/msg_generate.go @@ -0,0 +1,349 @@ +//+build ignore + +// msg_generate.go is meant to run with go generate. It will use +// go/{importer,types} to track down all the RR struct types. Then for each type +// it will generate pack/unpack methods based on the struct tags. The generated source is +// written to zmsg.go, and is meant to be checked into git. +package main + +import ( + "bytes" + "fmt" + "go/format" + "go/importer" + "go/types" + "log" + "os" + "strings" +) + +var packageHdr = ` +// *** DO NOT MODIFY *** +// AUTOGENERATED BY go generate from msg_generate.go + +package dns + +` + +// getTypeStruct will take a type and the package scope, and return the +// (innermost) struct if the type is considered a RR type (currently defined as +// those structs beginning with a RR_Header, could be redefined as implementing +// the RR interface). The bool return value indicates if embedded structs were +// resolved. +func getTypeStruct(t types.Type, scope *types.Scope) (*types.Struct, bool) { + st, ok := t.Underlying().(*types.Struct) + if !ok { + return nil, false + } + if st.Field(0).Type() == scope.Lookup("RR_Header").Type() { + return st, false + } + if st.Field(0).Anonymous() { + st, _ := getTypeStruct(st.Field(0).Type(), scope) + return st, true + } + return nil, false +} + +func main() { + // Import and type-check the package + pkg, err := importer.Default().Import("github.com/miekg/dns") + fatalIfErr(err) + scope := pkg.Scope() + + // Collect actual types (*X) + var namedTypes []string + for _, name := range scope.Names() { + o := scope.Lookup(name) + if o == nil || !o.Exported() { + continue + } + if st, _ := getTypeStruct(o.Type(), scope); st == nil { + continue + } + if name == "PrivateRR" { + continue + } + + // Check if corresponding TypeX exists + if scope.Lookup("Type"+o.Name()) == nil && o.Name() != "RFC3597" { + log.Fatalf("Constant Type%s does not exist.", o.Name()) + } + + namedTypes = append(namedTypes, o.Name()) + } + + b := &bytes.Buffer{} + b.WriteString(packageHdr) + + fmt.Fprint(b, "// pack*() functions\n\n") + for _, name := range namedTypes { + o := scope.Lookup(name) + st, _ := getTypeStruct(o.Type(), scope) + + fmt.Fprintf(b, "func (rr *%s) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) {\n", name) + fmt.Fprint(b, `off, err := rr.Hdr.pack(msg, off, compression, compress) +if err != nil { + return off, err +} +headerEnd := off +`) + for i := 1; i < st.NumFields(); i++ { + o := func(s string) { + fmt.Fprintf(b, s, st.Field(i).Name()) + fmt.Fprint(b, `if err != nil { +return off, err +} +`) + } + + if _, ok := st.Field(i).Type().(*types.Slice); ok { + switch st.Tag(i) { + case `dns:"-"`: // ignored + case `dns:"txt"`: + o("off, err = packStringTxt(rr.%s, msg, off)\n") + case `dns:"opt"`: + o("off, err = packDataOpt(rr.%s, msg, off)\n") + case `dns:"nsec"`: + o("off, err = packDataNsec(rr.%s, msg, off)\n") + case `dns:"domain-name"`: + o("off, err = packDataDomainNames(rr.%s, msg, off, compression, compress)\n") + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + continue + } + + switch { + case st.Tag(i) == `dns:"-"`: // ignored + case st.Tag(i) == `dns:"cdomain-name"`: + o("off, err = PackDomainName(rr.%s, msg, off, compression, compress)\n") + case st.Tag(i) == `dns:"domain-name"`: + o("off, err = PackDomainName(rr.%s, msg, off, compression, false)\n") + case st.Tag(i) == `dns:"a"`: + o("off, err = packDataA(rr.%s, msg, off)\n") + case st.Tag(i) == `dns:"aaaa"`: + o("off, err = packDataAAAA(rr.%s, msg, off)\n") + case st.Tag(i) == `dns:"uint48"`: + o("off, err = packUint48(rr.%s, msg, off)\n") + case st.Tag(i) == `dns:"txt"`: + o("off, err = packString(rr.%s, msg, off)\n") + + case strings.HasPrefix(st.Tag(i), `dns:"size-base32`): // size-base32 can be packed just like base32 + fallthrough + case st.Tag(i) == `dns:"base32"`: + o("off, err = packStringBase32(rr.%s, msg, off)\n") + + case strings.HasPrefix(st.Tag(i), `dns:"size-base64`): // size-base64 can be packed just like base64 + fallthrough + case st.Tag(i) == `dns:"base64"`: + o("off, err = packStringBase64(rr.%s, msg, off)\n") + + case strings.HasPrefix(st.Tag(i), `dns:"size-hex:SaltLength`): + // directly write instead of using o() so we get the error check in the correct place + field := st.Field(i).Name() + fmt.Fprintf(b, `// Only pack salt if value is not "-", i.e. empty +if rr.%s != "-" { + off, err = packStringHex(rr.%s, msg, off) + if err != nil { + return off, err + } +} +`, field, field) + continue + case strings.HasPrefix(st.Tag(i), `dns:"size-hex`): // size-hex can be packed just like hex + fallthrough + case st.Tag(i) == `dns:"hex"`: + o("off, err = packStringHex(rr.%s, msg, off)\n") + + case st.Tag(i) == `dns:"octet"`: + o("off, err = packStringOctet(rr.%s, msg, off)\n") + case st.Tag(i) == "": + switch st.Field(i).Type().(*types.Basic).Kind() { + case types.Uint8: + o("off, err = packUint8(rr.%s, msg, off)\n") + case types.Uint16: + o("off, err = packUint16(rr.%s, msg, off)\n") + case types.Uint32: + o("off, err = packUint32(rr.%s, msg, off)\n") + case types.Uint64: + o("off, err = packUint64(rr.%s, msg, off)\n") + case types.String: + o("off, err = packString(rr.%s, msg, off)\n") + default: + log.Fatalln(name, st.Field(i).Name()) + } + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + } + // We have packed everything, only now we know the rdlength of this RR + fmt.Fprintln(b, "rr.Header().Rdlength = uint16(off-headerEnd)") + fmt.Fprintln(b, "return off, nil }\n") + } + + fmt.Fprint(b, "// unpack*() functions\n\n") + for _, name := range namedTypes { + o := scope.Lookup(name) + st, _ := getTypeStruct(o.Type(), scope) + + fmt.Fprintf(b, "func unpack%s(h RR_Header, msg []byte, off int) (RR, int, error) {\n", name) + fmt.Fprintf(b, "rr := new(%s)\n", name) + fmt.Fprint(b, "rr.Hdr = h\n") + fmt.Fprint(b, `if noRdata(h) { +return rr, off, nil + } +var err error +rdStart := off +_ = rdStart + +`) + for i := 1; i < st.NumFields(); i++ { + o := func(s string) { + fmt.Fprintf(b, s, st.Field(i).Name()) + fmt.Fprint(b, `if err != nil { +return rr, off, err +} +`) + } + + // size-* are special, because they reference a struct member we should use for the length. + if strings.HasPrefix(st.Tag(i), `dns:"size-`) { + structMember := structMember(st.Tag(i)) + structTag := structTag(st.Tag(i)) + switch structTag { + case "hex": + fmt.Fprintf(b, "rr.%s, off, err = unpackStringHex(msg, off, off + int(rr.%s))\n", st.Field(i).Name(), structMember) + case "base32": + fmt.Fprintf(b, "rr.%s, off, err = unpackStringBase32(msg, off, off + int(rr.%s))\n", st.Field(i).Name(), structMember) + case "base64": + fmt.Fprintf(b, "rr.%s, off, err = unpackStringBase64(msg, off, off + int(rr.%s))\n", st.Field(i).Name(), structMember) + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + fmt.Fprint(b, `if err != nil { +return rr, off, err +} +`) + continue + } + + if _, ok := st.Field(i).Type().(*types.Slice); ok { + switch st.Tag(i) { + case `dns:"-"`: // ignored + case `dns:"txt"`: + o("rr.%s, off, err = unpackStringTxt(msg, off)\n") + case `dns:"opt"`: + o("rr.%s, off, err = unpackDataOpt(msg, off)\n") + case `dns:"nsec"`: + o("rr.%s, off, err = unpackDataNsec(msg, off)\n") + case `dns:"domain-name"`: + o("rr.%s, off, err = unpackDataDomainNames(msg, off, rdStart + int(rr.Hdr.Rdlength))\n") + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + continue + } + + switch st.Tag(i) { + case `dns:"-"`: // ignored + case `dns:"cdomain-name"`: + fallthrough + case `dns:"domain-name"`: + o("rr.%s, off, err = UnpackDomainName(msg, off)\n") + case `dns:"a"`: + o("rr.%s, off, err = unpackDataA(msg, off)\n") + case `dns:"aaaa"`: + o("rr.%s, off, err = unpackDataAAAA(msg, off)\n") + case `dns:"uint48"`: + o("rr.%s, off, err = unpackUint48(msg, off)\n") + case `dns:"txt"`: + o("rr.%s, off, err = unpackString(msg, off)\n") + case `dns:"base32"`: + o("rr.%s, off, err = unpackStringBase32(msg, off, rdStart + int(rr.Hdr.Rdlength))\n") + case `dns:"base64"`: + o("rr.%s, off, err = unpackStringBase64(msg, off, rdStart + int(rr.Hdr.Rdlength))\n") + case `dns:"hex"`: + o("rr.%s, off, err = unpackStringHex(msg, off, rdStart + int(rr.Hdr.Rdlength))\n") + case `dns:"octet"`: + o("rr.%s, off, err = unpackStringOctet(msg, off)\n") + case "": + switch st.Field(i).Type().(*types.Basic).Kind() { + case types.Uint8: + o("rr.%s, off, err = unpackUint8(msg, off)\n") + case types.Uint16: + o("rr.%s, off, err = unpackUint16(msg, off)\n") + case types.Uint32: + o("rr.%s, off, err = unpackUint32(msg, off)\n") + case types.Uint64: + o("rr.%s, off, err = unpackUint64(msg, off)\n") + case types.String: + o("rr.%s, off, err = unpackString(msg, off)\n") + default: + log.Fatalln(name, st.Field(i).Name()) + } + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + // If we've hit len(msg) we return without error. + if i < st.NumFields()-1 { + fmt.Fprintf(b, `if off == len(msg) { +return rr, off, nil + } +`) + } + } + fmt.Fprintf(b, "return rr, off, err }\n\n") + } + // Generate typeToUnpack map + fmt.Fprintln(b, "var typeToUnpack = map[uint16]func(RR_Header, []byte, int) (RR, int, error){") + for _, name := range namedTypes { + if name == "RFC3597" { + continue + } + fmt.Fprintf(b, "Type%s: unpack%s,\n", name, name) + } + fmt.Fprintln(b, "}\n") + + // gofmt + res, err := format.Source(b.Bytes()) + if err != nil { + b.WriteTo(os.Stderr) + log.Fatal(err) + } + + // write result + f, err := os.Create("zmsg.go") + fatalIfErr(err) + defer f.Close() + f.Write(res) +} + +// structMember will take a tag like dns:"size-base32:SaltLength" and return the last part of this string. +func structMember(s string) string { + fields := strings.Split(s, ":") + if len(fields) == 0 { + return "" + } + f := fields[len(fields)-1] + // f should have a closing " + if len(f) > 1 { + return f[:len(f)-1] + } + return f +} + +// structTag will take a tag like dns:"size-base32:SaltLength" and return base32. +func structTag(s string) string { + fields := strings.Split(s, ":") + if len(fields) < 2 { + return "" + } + return fields[1][len("\"size-"):] +} + +func fatalIfErr(err error) { + if err != nil { + log.Fatal(err) + } +} diff --git a/vendor/github.com/miekg/dns/msg_helpers.go b/vendor/github.com/miekg/dns/msg_helpers.go new file mode 100644 index 0000000..0ca12b0 --- /dev/null +++ b/vendor/github.com/miekg/dns/msg_helpers.go @@ -0,0 +1,640 @@ +package dns + +import ( + "encoding/base32" + "encoding/base64" + "encoding/binary" + "encoding/hex" + "net" + "strconv" +) + +// helper functions called from the generated zmsg.go + +// These function are named after the tag to help pack/unpack, if there is no tag it is the name +// of the type they pack/unpack (string, int, etc). We prefix all with unpackData or packData, so packDataA or +// packDataDomainName. + +func unpackDataA(msg []byte, off int) (net.IP, int, error) { + if off+net.IPv4len > len(msg) { + return nil, len(msg), &Error{err: "overflow unpacking a"} + } + a := append(make(net.IP, 0, net.IPv4len), msg[off:off+net.IPv4len]...) + off += net.IPv4len + return a, off, nil +} + +func packDataA(a net.IP, msg []byte, off int) (int, error) { + // It must be a slice of 4, even if it is 16, we encode only the first 4 + if off+net.IPv4len > len(msg) { + return len(msg), &Error{err: "overflow packing a"} + } + switch len(a) { + case net.IPv4len, net.IPv6len: + copy(msg[off:], a.To4()) + off += net.IPv4len + case 0: + // Allowed, for dynamic updates. + default: + return len(msg), &Error{err: "overflow packing a"} + } + return off, nil +} + +func unpackDataAAAA(msg []byte, off int) (net.IP, int, error) { + if off+net.IPv6len > len(msg) { + return nil, len(msg), &Error{err: "overflow unpacking aaaa"} + } + aaaa := append(make(net.IP, 0, net.IPv6len), msg[off:off+net.IPv6len]...) + off += net.IPv6len + return aaaa, off, nil +} + +func packDataAAAA(aaaa net.IP, msg []byte, off int) (int, error) { + if off+net.IPv6len > len(msg) { + return len(msg), &Error{err: "overflow packing aaaa"} + } + + switch len(aaaa) { + case net.IPv6len: + copy(msg[off:], aaaa) + off += net.IPv6len + case 0: + // Allowed, dynamic updates. + default: + return len(msg), &Error{err: "overflow packing aaaa"} + } + return off, nil +} + +// unpackHeader unpacks an RR header, returning the offset to the end of the header and a +// re-sliced msg according to the expected length of the RR. +func unpackHeader(msg []byte, off int) (rr RR_Header, off1 int, truncmsg []byte, err error) { + hdr := RR_Header{} + if off == len(msg) { + return hdr, off, msg, nil + } + + hdr.Name, off, err = UnpackDomainName(msg, off) + if err != nil { + return hdr, len(msg), msg, err + } + hdr.Rrtype, off, err = unpackUint16(msg, off) + if err != nil { + return hdr, len(msg), msg, err + } + hdr.Class, off, err = unpackUint16(msg, off) + if err != nil { + return hdr, len(msg), msg, err + } + hdr.Ttl, off, err = unpackUint32(msg, off) + if err != nil { + return hdr, len(msg), msg, err + } + hdr.Rdlength, off, err = unpackUint16(msg, off) + if err != nil { + return hdr, len(msg), msg, err + } + msg, err = truncateMsgFromRdlength(msg, off, hdr.Rdlength) + return hdr, off, msg, err +} + +// pack packs an RR header, returning the offset to the end of the header. +// See PackDomainName for documentation about the compression. +func (hdr RR_Header) pack(msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error) { + if off == len(msg) { + return off, nil + } + + off, err = PackDomainName(hdr.Name, msg, off, compression, compress) + if err != nil { + return len(msg), err + } + off, err = packUint16(hdr.Rrtype, msg, off) + if err != nil { + return len(msg), err + } + off, err = packUint16(hdr.Class, msg, off) + if err != nil { + return len(msg), err + } + off, err = packUint32(hdr.Ttl, msg, off) + if err != nil { + return len(msg), err + } + off, err = packUint16(hdr.Rdlength, msg, off) + if err != nil { + return len(msg), err + } + return off, nil +} + +// helper helper functions. + +// truncateMsgFromRdLength truncates msg to match the expected length of the RR. +// Returns an error if msg is smaller than the expected size. +func truncateMsgFromRdlength(msg []byte, off int, rdlength uint16) (truncmsg []byte, err error) { + lenrd := off + int(rdlength) + if lenrd > len(msg) { + return msg, &Error{err: "overflowing header size"} + } + return msg[:lenrd], nil +} + +func fromBase32(s []byte) (buf []byte, err error) { + for i, b := range s { + if b >= 'a' && b <= 'z' { + s[i] = b - 32 + } + } + buflen := base32.HexEncoding.DecodedLen(len(s)) + buf = make([]byte, buflen) + n, err := base32.HexEncoding.Decode(buf, s) + buf = buf[:n] + return +} + +func toBase32(b []byte) string { return base32.HexEncoding.EncodeToString(b) } + +func fromBase64(s []byte) (buf []byte, err error) { + buflen := base64.StdEncoding.DecodedLen(len(s)) + buf = make([]byte, buflen) + n, err := base64.StdEncoding.Decode(buf, s) + buf = buf[:n] + return +} + +func toBase64(b []byte) string { return base64.StdEncoding.EncodeToString(b) } + +// dynamicUpdate returns true if the Rdlength is zero. +func noRdata(h RR_Header) bool { return h.Rdlength == 0 } + +func unpackUint8(msg []byte, off int) (i uint8, off1 int, err error) { + if off+1 > len(msg) { + return 0, len(msg), &Error{err: "overflow unpacking uint8"} + } + return uint8(msg[off]), off + 1, nil +} + +func packUint8(i uint8, msg []byte, off int) (off1 int, err error) { + if off+1 > len(msg) { + return len(msg), &Error{err: "overflow packing uint8"} + } + msg[off] = byte(i) + return off + 1, nil +} + +func unpackUint16(msg []byte, off int) (i uint16, off1 int, err error) { + if off+2 > len(msg) { + return 0, len(msg), &Error{err: "overflow unpacking uint16"} + } + return binary.BigEndian.Uint16(msg[off:]), off + 2, nil +} + +func packUint16(i uint16, msg []byte, off int) (off1 int, err error) { + if off+2 > len(msg) { + return len(msg), &Error{err: "overflow packing uint16"} + } + binary.BigEndian.PutUint16(msg[off:], i) + return off + 2, nil +} + +func unpackUint32(msg []byte, off int) (i uint32, off1 int, err error) { + if off+4 > len(msg) { + return 0, len(msg), &Error{err: "overflow unpacking uint32"} + } + return binary.BigEndian.Uint32(msg[off:]), off + 4, nil +} + +func packUint32(i uint32, msg []byte, off int) (off1 int, err error) { + if off+4 > len(msg) { + return len(msg), &Error{err: "overflow packing uint32"} + } + binary.BigEndian.PutUint32(msg[off:], i) + return off + 4, nil +} + +func unpackUint48(msg []byte, off int) (i uint64, off1 int, err error) { + if off+6 > len(msg) { + return 0, len(msg), &Error{err: "overflow unpacking uint64 as uint48"} + } + // Used in TSIG where the last 48 bits are occupied, so for now, assume a uint48 (6 bytes) + i = (uint64(uint64(msg[off])<<40 | uint64(msg[off+1])<<32 | uint64(msg[off+2])<<24 | uint64(msg[off+3])<<16 | + uint64(msg[off+4])<<8 | uint64(msg[off+5]))) + off += 6 + return i, off, nil +} + +func packUint48(i uint64, msg []byte, off int) (off1 int, err error) { + if off+6 > len(msg) { + return len(msg), &Error{err: "overflow packing uint64 as uint48"} + } + msg[off] = byte(i >> 40) + msg[off+1] = byte(i >> 32) + msg[off+2] = byte(i >> 24) + msg[off+3] = byte(i >> 16) + msg[off+4] = byte(i >> 8) + msg[off+5] = byte(i) + off += 6 + return off, nil +} + +func unpackUint64(msg []byte, off int) (i uint64, off1 int, err error) { + if off+8 > len(msg) { + return 0, len(msg), &Error{err: "overflow unpacking uint64"} + } + return binary.BigEndian.Uint64(msg[off:]), off + 8, nil +} + +func packUint64(i uint64, msg []byte, off int) (off1 int, err error) { + if off+8 > len(msg) { + return len(msg), &Error{err: "overflow packing uint64"} + } + binary.BigEndian.PutUint64(msg[off:], i) + off += 8 + return off, nil +} + +func unpackString(msg []byte, off int) (string, int, error) { + if off+1 > len(msg) { + return "", off, &Error{err: "overflow unpacking txt"} + } + l := int(msg[off]) + if off+l+1 > len(msg) { + return "", off, &Error{err: "overflow unpacking txt"} + } + s := make([]byte, 0, l) + for _, b := range msg[off+1 : off+1+l] { + switch b { + case '"', '\\': + s = append(s, '\\', b) + default: + if b < 32 || b > 127 { // unprintable + var buf [3]byte + bufs := strconv.AppendInt(buf[:0], int64(b), 10) + s = append(s, '\\') + for i := 0; i < 3-len(bufs); i++ { + s = append(s, '0') + } + for _, r := range bufs { + s = append(s, r) + } + } else { + s = append(s, b) + } + } + } + off += 1 + l + return string(s), off, nil +} + +func packString(s string, msg []byte, off int) (int, error) { + txtTmp := make([]byte, 256*4+1) + off, err := packTxtString(s, msg, off, txtTmp) + if err != nil { + return len(msg), err + } + return off, nil +} + +func unpackStringBase32(msg []byte, off, end int) (string, int, error) { + if end > len(msg) { + return "", len(msg), &Error{err: "overflow unpacking base32"} + } + s := toBase32(msg[off:end]) + return s, end, nil +} + +func packStringBase32(s string, msg []byte, off int) (int, error) { + b32, err := fromBase32([]byte(s)) + if err != nil { + return len(msg), err + } + if off+len(b32) > len(msg) { + return len(msg), &Error{err: "overflow packing base32"} + } + copy(msg[off:off+len(b32)], b32) + off += len(b32) + return off, nil +} + +func unpackStringBase64(msg []byte, off, end int) (string, int, error) { + // Rest of the RR is base64 encoded value, so we don't need an explicit length + // to be set. Thus far all RR's that have base64 encoded fields have those as their + // last one. What we do need is the end of the RR! + if end > len(msg) { + return "", len(msg), &Error{err: "overflow unpacking base64"} + } + s := toBase64(msg[off:end]) + return s, end, nil +} + +func packStringBase64(s string, msg []byte, off int) (int, error) { + b64, err := fromBase64([]byte(s)) + if err != nil { + return len(msg), err + } + if off+len(b64) > len(msg) { + return len(msg), &Error{err: "overflow packing base64"} + } + copy(msg[off:off+len(b64)], b64) + off += len(b64) + return off, nil +} + +func unpackStringHex(msg []byte, off, end int) (string, int, error) { + // Rest of the RR is hex encoded value, so we don't need an explicit length + // to be set. NSEC and TSIG have hex fields with a length field. + // What we do need is the end of the RR! + if end > len(msg) { + return "", len(msg), &Error{err: "overflow unpacking hex"} + } + + s := hex.EncodeToString(msg[off:end]) + return s, end, nil +} + +func packStringHex(s string, msg []byte, off int) (int, error) { + h, err := hex.DecodeString(s) + if err != nil { + return len(msg), err + } + if off+(len(h)) > len(msg) { + return len(msg), &Error{err: "overflow packing hex"} + } + copy(msg[off:off+len(h)], h) + off += len(h) + return off, nil +} + +func unpackStringTxt(msg []byte, off int) ([]string, int, error) { + txt, off, err := unpackTxt(msg, off) + if err != nil { + return nil, len(msg), err + } + return txt, off, nil +} + +func packStringTxt(s []string, msg []byte, off int) (int, error) { + txtTmp := make([]byte, 256*4+1) // If the whole string consists out of \DDD we need this many. + off, err := packTxt(s, msg, off, txtTmp) + if err != nil { + return len(msg), err + } + return off, nil +} + +func unpackDataOpt(msg []byte, off int) ([]EDNS0, int, error) { + var edns []EDNS0 +Option: + code := uint16(0) + if off+4 > len(msg) { + return nil, len(msg), &Error{err: "overflow unpacking opt"} + } + code = binary.BigEndian.Uint16(msg[off:]) + off += 2 + optlen := binary.BigEndian.Uint16(msg[off:]) + off += 2 + if off+int(optlen) > len(msg) { + return nil, len(msg), &Error{err: "overflow unpacking opt"} + } + switch code { + case EDNS0NSID: + e := new(EDNS0_NSID) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0SUBNET, EDNS0SUBNETDRAFT: + e := new(EDNS0_SUBNET) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + if code == EDNS0SUBNETDRAFT { + e.DraftOption = true + } + case EDNS0COOKIE: + e := new(EDNS0_COOKIE) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0UL: + e := new(EDNS0_UL) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0LLQ: + e := new(EDNS0_LLQ) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0DAU: + e := new(EDNS0_DAU) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0DHU: + e := new(EDNS0_DHU) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0N3U: + e := new(EDNS0_N3U) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + case EDNS0PADDING: + e := new(EDNS0_PADDING) + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + default: + e := new(EDNS0_LOCAL) + e.Code = code + if err := e.unpack(msg[off : off+int(optlen)]); err != nil { + return nil, len(msg), err + } + edns = append(edns, e) + off += int(optlen) + } + + if off < len(msg) { + goto Option + } + + return edns, off, nil +} + +func packDataOpt(options []EDNS0, msg []byte, off int) (int, error) { + for _, el := range options { + b, err := el.pack() + if err != nil || off+3 > len(msg) { + return len(msg), &Error{err: "overflow packing opt"} + } + binary.BigEndian.PutUint16(msg[off:], el.Option()) // Option code + binary.BigEndian.PutUint16(msg[off+2:], uint16(len(b))) // Length + off += 4 + if off+len(b) > len(msg) { + copy(msg[off:], b) + off = len(msg) + continue + } + // Actual data + copy(msg[off:off+len(b)], b) + off += len(b) + } + return off, nil +} + +func unpackStringOctet(msg []byte, off int) (string, int, error) { + s := string(msg[off:]) + return s, len(msg), nil +} + +func packStringOctet(s string, msg []byte, off int) (int, error) { + txtTmp := make([]byte, 256*4+1) + off, err := packOctetString(s, msg, off, txtTmp) + if err != nil { + return len(msg), err + } + return off, nil +} + +func unpackDataNsec(msg []byte, off int) ([]uint16, int, error) { + var nsec []uint16 + length, window, lastwindow := 0, 0, -1 + for off < len(msg) { + if off+2 > len(msg) { + return nsec, len(msg), &Error{err: "overflow unpacking nsecx"} + } + window = int(msg[off]) + length = int(msg[off+1]) + off += 2 + if window <= lastwindow { + // RFC 4034: Blocks are present in the NSEC RR RDATA in + // increasing numerical order. + return nsec, len(msg), &Error{err: "out of order NSEC block"} + } + if length == 0 { + // RFC 4034: Blocks with no types present MUST NOT be included. + return nsec, len(msg), &Error{err: "empty NSEC block"} + } + if length > 32 { + return nsec, len(msg), &Error{err: "NSEC block too long"} + } + if off+length > len(msg) { + return nsec, len(msg), &Error{err: "overflowing NSEC block"} + } + + // Walk the bytes in the window and extract the type bits + for j := 0; j < length; j++ { + b := msg[off+j] + // Check the bits one by one, and set the type + if b&0x80 == 0x80 { + nsec = append(nsec, uint16(window*256+j*8+0)) + } + if b&0x40 == 0x40 { + nsec = append(nsec, uint16(window*256+j*8+1)) + } + if b&0x20 == 0x20 { + nsec = append(nsec, uint16(window*256+j*8+2)) + } + if b&0x10 == 0x10 { + nsec = append(nsec, uint16(window*256+j*8+3)) + } + if b&0x8 == 0x8 { + nsec = append(nsec, uint16(window*256+j*8+4)) + } + if b&0x4 == 0x4 { + nsec = append(nsec, uint16(window*256+j*8+5)) + } + if b&0x2 == 0x2 { + nsec = append(nsec, uint16(window*256+j*8+6)) + } + if b&0x1 == 0x1 { + nsec = append(nsec, uint16(window*256+j*8+7)) + } + } + off += length + lastwindow = window + } + return nsec, off, nil +} + +func packDataNsec(bitmap []uint16, msg []byte, off int) (int, error) { + if len(bitmap) == 0 { + return off, nil + } + var lastwindow, lastlength uint16 + for j := 0; j < len(bitmap); j++ { + t := bitmap[j] + window := t / 256 + length := (t-window*256)/8 + 1 + if window > lastwindow && lastlength != 0 { // New window, jump to the new offset + off += int(lastlength) + 2 + lastlength = 0 + } + if window < lastwindow || length < lastlength { + return len(msg), &Error{err: "nsec bits out of order"} + } + if off+2+int(length) > len(msg) { + return len(msg), &Error{err: "overflow packing nsec"} + } + // Setting the window # + msg[off] = byte(window) + // Setting the octets length + msg[off+1] = byte(length) + // Setting the bit value for the type in the right octet + msg[off+1+int(length)] |= byte(1 << (7 - (t % 8))) + lastwindow, lastlength = window, length + } + off += int(lastlength) + 2 + return off, nil +} + +func unpackDataDomainNames(msg []byte, off, end int) ([]string, int, error) { + var ( + servers []string + s string + err error + ) + if end > len(msg) { + return nil, len(msg), &Error{err: "overflow unpacking domain names"} + } + for off < end { + s, off, err = UnpackDomainName(msg, off) + if err != nil { + return servers, len(msg), err + } + servers = append(servers, s) + } + return servers, off, nil +} + +func packDataDomainNames(names []string, msg []byte, off int, compression map[string]int, compress bool) (int, error) { + var err error + for j := 0; j < len(names); j++ { + off, err = PackDomainName(names[j], msg, off, compression, false && compress) + if err != nil { + return len(msg), err + } + } + return off, nil +} diff --git a/vendor/github.com/miekg/dns/nsecx.go b/vendor/github.com/miekg/dns/nsecx.go new file mode 100644 index 0000000..9b908c4 --- /dev/null +++ b/vendor/github.com/miekg/dns/nsecx.go @@ -0,0 +1,106 @@ +package dns + +import ( + "crypto/sha1" + "hash" + "strings" +) + +type saltWireFmt struct { + Salt string `dns:"size-hex"` +} + +// HashName hashes a string (label) according to RFC 5155. It returns the hashed string in uppercase. +func HashName(label string, ha uint8, iter uint16, salt string) string { + saltwire := new(saltWireFmt) + saltwire.Salt = salt + wire := make([]byte, DefaultMsgSize) + n, err := packSaltWire(saltwire, wire) + if err != nil { + return "" + } + wire = wire[:n] + name := make([]byte, 255) + off, err := PackDomainName(strings.ToLower(label), name, 0, nil, false) + if err != nil { + return "" + } + name = name[:off] + var s hash.Hash + switch ha { + case SHA1: + s = sha1.New() + default: + return "" + } + + // k = 0 + s.Write(name) + s.Write(wire) + nsec3 := s.Sum(nil) + // k > 0 + for k := uint16(0); k < iter; k++ { + s.Reset() + s.Write(nsec3) + s.Write(wire) + nsec3 = s.Sum(nsec3[:0]) + } + return toBase32(nsec3) +} + +// Cover returns true if a name is covered by the NSEC3 record +func (rr *NSEC3) Cover(name string) bool { + nameHash := HashName(name, rr.Hash, rr.Iterations, rr.Salt) + owner := strings.ToUpper(rr.Hdr.Name) + labelIndices := Split(owner) + if len(labelIndices) < 2 { + return false + } + ownerHash := owner[:labelIndices[1]-1] + ownerZone := owner[labelIndices[1]:] + if !IsSubDomain(ownerZone, strings.ToUpper(name)) { // name is outside owner zone + return false + } + + nextHash := rr.NextDomain + if ownerHash == nextHash { // empty interval + return false + } + if ownerHash > nextHash { // end of zone + if nameHash > ownerHash { // covered since there is nothing after ownerHash + return true + } + return nameHash < nextHash // if nameHash is before beginning of zone it is covered + } + if nameHash < ownerHash { // nameHash is before ownerHash, not covered + return false + } + return nameHash < nextHash // if nameHash is before nextHash is it covered (between ownerHash and nextHash) +} + +// Match returns true if a name matches the NSEC3 record +func (rr *NSEC3) Match(name string) bool { + nameHash := HashName(name, rr.Hash, rr.Iterations, rr.Salt) + owner := strings.ToUpper(rr.Hdr.Name) + labelIndices := Split(owner) + if len(labelIndices) < 2 { + return false + } + ownerHash := owner[:labelIndices[1]-1] + ownerZone := owner[labelIndices[1]:] + if !IsSubDomain(ownerZone, strings.ToUpper(name)) { // name is outside owner zone + return false + } + if ownerHash == nameHash { + return true + } + return false +} + +func packSaltWire(sw *saltWireFmt, msg []byte) (int, error) { + off, err := packStringHex(sw.Salt, msg, 0) + if err != nil { + return off, err + } + return off, nil +} diff --git a/vendor/github.com/miekg/dns/privaterr.go b/vendor/github.com/miekg/dns/privaterr.go new file mode 100644 index 0000000..6b08e6e --- /dev/null +++ b/vendor/github.com/miekg/dns/privaterr.go @@ -0,0 +1,149 @@ +package dns + +import ( + "fmt" + "strings" +) + +// PrivateRdata is an interface used for implementing "Private Use" RR types, see +// RFC 6895. This allows one to experiment with new RR types, without requesting an +// official type code. Also see dns.PrivateHandle and dns.PrivateHandleRemove. +type PrivateRdata interface { + // String returns the text presentaton of the Rdata of the Private RR. + String() string + // Parse parses the Rdata of the private RR. + Parse([]string) error + // Pack is used when packing a private RR into a buffer. + Pack([]byte) (int, error) + // Unpack is used when unpacking a private RR from a buffer. + // TODO(miek): diff. signature than Pack, see edns0.go for instance. + Unpack([]byte) (int, error) + // Copy copies the Rdata. + Copy(PrivateRdata) error + // Len returns the length in octets of the Rdata. + Len() int +} + +// PrivateRR represents an RR that uses a PrivateRdata user-defined type. +// It mocks normal RRs and implements dns.RR interface. +type PrivateRR struct { + Hdr RR_Header + Data PrivateRdata +} + +func mkPrivateRR(rrtype uint16) *PrivateRR { + // Panics if RR is not an instance of PrivateRR. + rrfunc, ok := TypeToRR[rrtype] + if !ok { + panic(fmt.Sprintf("dns: invalid operation with Private RR type %d", rrtype)) + } + + anyrr := rrfunc() + switch rr := anyrr.(type) { + case *PrivateRR: + return rr + } + panic(fmt.Sprintf("dns: RR is not a PrivateRR, TypeToRR[%d] generator returned %T", rrtype, anyrr)) +} + +// Header return the RR header of r. +func (r *PrivateRR) Header() *RR_Header { return &r.Hdr } + +func (r *PrivateRR) String() string { return r.Hdr.String() + r.Data.String() } + +// Private len and copy parts to satisfy RR interface. +func (r *PrivateRR) len() int { return r.Hdr.len() + r.Data.Len() } +func (r *PrivateRR) copy() RR { + // make new RR like this: + rr := mkPrivateRR(r.Hdr.Rrtype) + newh := r.Hdr.copyHeader() + rr.Hdr = *newh + + err := r.Data.Copy(rr.Data) + if err != nil { + panic("dns: got value that could not be used to copy Private rdata") + } + return rr +} +func (r *PrivateRR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := r.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + n, err := r.Data.Pack(msg[off:]) + if err != nil { + return len(msg), err + } + off += n + r.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +// PrivateHandle registers a private resource record type. It requires +// string and numeric representation of private RR type and generator function as argument. +func PrivateHandle(rtypestr string, rtype uint16, generator func() PrivateRdata) { + rtypestr = strings.ToUpper(rtypestr) + + TypeToRR[rtype] = func() RR { return &PrivateRR{RR_Header{}, generator()} } + TypeToString[rtype] = rtypestr + StringToType[rtypestr] = rtype + + typeToUnpack[rtype] = func(h RR_Header, msg []byte, off int) (RR, int, error) { + if noRdata(h) { + return &h, off, nil + } + var err error + + rr := mkPrivateRR(h.Rrtype) + rr.Hdr = h + + off1, err := rr.Data.Unpack(msg[off:]) + off += off1 + if err != nil { + return rr, off, err + } + return rr, off, err + } + + setPrivateRR := func(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := mkPrivateRR(h.Rrtype) + rr.Hdr = h + + var l lex + text := make([]string, 0, 2) // could be 0..N elements, median is probably 1 + Fetch: + for { + // TODO(miek): we could also be returning _QUOTE, this might or might not + // be an issue (basically parsing TXT becomes hard) + switch l = <-c; l.value { + case zNewline, zEOF: + break Fetch + case zString: + text = append(text, l.token) + } + } + + err := rr.Data.Parse(text) + if err != nil { + return nil, &ParseError{f, err.Error(), l}, "" + } + + return rr, nil, "" + } + + typeToparserFunc[rtype] = parserFunc{setPrivateRR, true} +} + +// PrivateHandleRemove removes defenitions required to support private RR type. +func PrivateHandleRemove(rtype uint16) { + rtypestr, ok := TypeToString[rtype] + if ok { + delete(TypeToRR, rtype) + delete(TypeToString, rtype) + delete(typeToparserFunc, rtype) + delete(StringToType, rtypestr) + delete(typeToUnpack, rtype) + } + return +} diff --git a/vendor/github.com/miekg/dns/rawmsg.go b/vendor/github.com/miekg/dns/rawmsg.go new file mode 100644 index 0000000..6e21fba --- /dev/null +++ b/vendor/github.com/miekg/dns/rawmsg.go @@ -0,0 +1,49 @@ +package dns + +import "encoding/binary" + +// rawSetRdlength sets the rdlength in the header of +// the RR. The offset 'off' must be positioned at the +// start of the header of the RR, 'end' must be the +// end of the RR. +func rawSetRdlength(msg []byte, off, end int) bool { + l := len(msg) +Loop: + for { + if off+1 > l { + return false + } + c := int(msg[off]) + off++ + switch c & 0xC0 { + case 0x00: + if c == 0x00 { + // End of the domainname + break Loop + } + if off+c > l { + return false + } + off += c + + case 0xC0: + // pointer, next byte included, ends domainname + off++ + break Loop + } + } + // The domainname has been seen, we at the start of the fixed part in the header. + // Type is 2 bytes, class is 2 bytes, ttl 4 and then 2 bytes for the length. + off += 2 + 2 + 4 + if off+2 > l { + return false + } + //off+1 is the end of the header, 'end' is the end of the rr + //so 'end' - 'off+2' is the length of the rdata + rdatalen := end - (off + 2) + if rdatalen > 0xFFFF { + return false + } + binary.BigEndian.PutUint16(msg[off:], uint16(rdatalen)) + return true +} diff --git a/vendor/github.com/miekg/dns/reverse.go b/vendor/github.com/miekg/dns/reverse.go new file mode 100644 index 0000000..f6e7a47 --- /dev/null +++ b/vendor/github.com/miekg/dns/reverse.go @@ -0,0 +1,38 @@ +package dns + +// StringToType is the reverse of TypeToString, needed for string parsing. +var StringToType = reverseInt16(TypeToString) + +// StringToClass is the reverse of ClassToString, needed for string parsing. +var StringToClass = reverseInt16(ClassToString) + +// StringToOpcode is a map of opcodes to strings. +var StringToOpcode = reverseInt(OpcodeToString) + +// StringToRcode is a map of rcodes to strings. +var StringToRcode = reverseInt(RcodeToString) + +// Reverse a map +func reverseInt8(m map[uint8]string) map[string]uint8 { + n := make(map[string]uint8, len(m)) + for u, s := range m { + n[s] = u + } + return n +} + +func reverseInt16(m map[uint16]string) map[string]uint16 { + n := make(map[string]uint16, len(m)) + for u, s := range m { + n[s] = u + } + return n +} + +func reverseInt(m map[int]string) map[string]int { + n := make(map[string]int, len(m)) + for u, s := range m { + n[s] = u + } + return n +} diff --git a/vendor/github.com/miekg/dns/sanitize.go b/vendor/github.com/miekg/dns/sanitize.go new file mode 100644 index 0000000..b489f3f --- /dev/null +++ b/vendor/github.com/miekg/dns/sanitize.go @@ -0,0 +1,84 @@ +package dns + +// Dedup removes identical RRs from rrs. It preserves the original ordering. +// The lowest TTL of any duplicates is used in the remaining one. Dedup modifies +// rrs. +// m is used to store the RRs temporay. If it is nil a new map will be allocated. +func Dedup(rrs []RR, m map[string]RR) []RR { + if m == nil { + m = make(map[string]RR) + } + // Save the keys, so we don't have to call normalizedString twice. + keys := make([]*string, 0, len(rrs)) + + for _, r := range rrs { + key := normalizedString(r) + keys = append(keys, &key) + if _, ok := m[key]; ok { + // Shortest TTL wins. + if m[key].Header().Ttl > r.Header().Ttl { + m[key].Header().Ttl = r.Header().Ttl + } + continue + } + + m[key] = r + } + // If the length of the result map equals the amount of RRs we got, + // it means they were all different. We can then just return the original rrset. + if len(m) == len(rrs) { + return rrs + } + + j := 0 + for i, r := range rrs { + // If keys[i] lives in the map, we should copy and remove it. + if _, ok := m[*keys[i]]; ok { + delete(m, *keys[i]) + rrs[j] = r + j++ + } + + if len(m) == 0 { + break + } + } + + return rrs[:j] +} + +// normalizedString returns a normalized string from r. The TTL +// is removed and the domain name is lowercased. We go from this: +// DomainNameTTLCLASSTYPERDATA to: +// lowercasenameCLASSTYPE... +func normalizedString(r RR) string { + // A string Go DNS makes has: domainnameTTL... + b := []byte(r.String()) + + // find the first non-escaped tab, then another, so we capture where the TTL lives. + esc := false + ttlStart, ttlEnd := 0, 0 + for i := 0; i < len(b) && ttlEnd == 0; i++ { + switch { + case b[i] == '\\': + esc = !esc + case b[i] == '\t' && !esc: + if ttlStart == 0 { + ttlStart = i + continue + } + if ttlEnd == 0 { + ttlEnd = i + } + case b[i] >= 'A' && b[i] <= 'Z' && !esc: + b[i] += 32 + default: + esc = false + } + } + + // remove TTL. + copy(b[ttlStart:], b[ttlEnd:]) + cut := ttlEnd - ttlStart + return string(b[:len(b)-cut]) +} diff --git a/vendor/github.com/miekg/dns/scan.go b/vendor/github.com/miekg/dns/scan.go new file mode 100644 index 0000000..9b045ba --- /dev/null +++ b/vendor/github.com/miekg/dns/scan.go @@ -0,0 +1,996 @@ +package dns + +import ( + "io" + "os" + "strconv" + "strings" +) + +const maxTok = 2048 // Largest token we can return. +const maxUint16 = 1<<16 - 1 + +// Tokinize a RFC 1035 zone file. The tokenizer will normalize it: +// * Add ownernames if they are left blank; +// * Suppress sequences of spaces; +// * Make each RR fit on one line (_NEWLINE is send as last) +// * Handle comments: ; +// * Handle braces - anywhere. +const ( + // Zonefile + zEOF = iota + zString + zBlank + zQuote + zNewline + zRrtpe + zOwner + zClass + zDirOrigin // $ORIGIN + zDirTTL // $TTL + zDirInclude // $INCLUDE + zDirGenerate // $GENERATE + + // Privatekey file + zValue + zKey + + zExpectOwnerDir // Ownername + zExpectOwnerBl // Whitespace after the ownername + zExpectAny // Expect rrtype, ttl or class + zExpectAnyNoClass // Expect rrtype or ttl + zExpectAnyNoClassBl // The whitespace after _EXPECT_ANY_NOCLASS + zExpectAnyNoTTL // Expect rrtype or class + zExpectAnyNoTTLBl // Whitespace after _EXPECT_ANY_NOTTL + zExpectRrtype // Expect rrtype + zExpectRrtypeBl // Whitespace BEFORE rrtype + zExpectRdata // The first element of the rdata + zExpectDirTTLBl // Space after directive $TTL + zExpectDirTTL // Directive $TTL + zExpectDirOriginBl // Space after directive $ORIGIN + zExpectDirOrigin // Directive $ORIGIN + zExpectDirIncludeBl // Space after directive $INCLUDE + zExpectDirInclude // Directive $INCLUDE + zExpectDirGenerate // Directive $GENERATE + zExpectDirGenerateBl // Space after directive $GENERATE +) + +// ParseError is a parsing error. It contains the parse error and the location in the io.Reader +// where the error occurred. +type ParseError struct { + file string + err string + lex lex +} + +func (e *ParseError) Error() (s string) { + if e.file != "" { + s = e.file + ": " + } + s += "dns: " + e.err + ": " + strconv.QuoteToASCII(e.lex.token) + " at line: " + + strconv.Itoa(e.lex.line) + ":" + strconv.Itoa(e.lex.column) + return +} + +type lex struct { + token string // text of the token + tokenUpper string // uppercase text of the token + length int // length of the token + err bool // when true, token text has lexer error + value uint8 // value: zString, _BLANK, etc. + line int // line in the file + column int // column in the file + torc uint16 // type or class as parsed in the lexer, we only need to look this up in the grammar + comment string // any comment text seen +} + +// Token holds the token that are returned when a zone file is parsed. +type Token struct { + // The scanned resource record when error is not nil. + RR + // When an error occurred, this has the error specifics. + Error *ParseError + // A potential comment positioned after the RR and on the same line. + Comment string +} + +// ttlState describes the state necessary to fill in an omitted RR TTL +type ttlState struct { + ttl uint32 // ttl is the current default TTL + isByDirective bool // isByDirective indicates whether ttl was set by a $TTL directive +} + +// NewRR reads the RR contained in the string s. Only the first RR is +// returned. If s contains no RR, return nil with no error. The class +// defaults to IN and TTL defaults to 3600. The full zone file syntax +// like $TTL, $ORIGIN, etc. is supported. All fields of the returned +// RR are set, except RR.Header().Rdlength which is set to 0. +func NewRR(s string) (RR, error) { + if len(s) > 0 && s[len(s)-1] != '\n' { // We need a closing newline + return ReadRR(strings.NewReader(s+"\n"), "") + } + return ReadRR(strings.NewReader(s), "") +} + +// ReadRR reads the RR contained in q. +// See NewRR for more documentation. +func ReadRR(q io.Reader, filename string) (RR, error) { + defttl := &ttlState{defaultTtl, false} + r := <-parseZoneHelper(q, ".", filename, defttl, 1) + if r == nil { + return nil, nil + } + + if r.Error != nil { + return nil, r.Error + } + return r.RR, nil +} + +// ParseZone reads a RFC 1035 style zonefile from r. It returns *Tokens on the +// returned channel, each consisting of either a parsed RR and optional comment +// or a nil RR and an error. The string file is only used +// in error reporting. The string origin is used as the initial origin, as +// if the file would start with an $ORIGIN directive. +// The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are supported. +// The channel t is closed by ParseZone when the end of r is reached. +// +// Basic usage pattern when reading from a string (z) containing the +// zone data: +// +// for x := range dns.ParseZone(strings.NewReader(z), "", "") { +// if x.Error != nil { +// // log.Println(x.Error) +// } else { +// // Do something with x.RR +// } +// } +// +// Comments specified after an RR (and on the same line!) are returned too: +// +// foo. IN A 10.0.0.1 ; this is a comment +// +// The text "; this is comment" is returned in Token.Comment. Comments inside the +// RR are discarded. Comments on a line by themselves are discarded too. +func ParseZone(r io.Reader, origin, file string) chan *Token { + return parseZoneHelper(r, origin, file, nil, 10000) +} + +func parseZoneHelper(r io.Reader, origin, file string, defttl *ttlState, chansize int) chan *Token { + t := make(chan *Token, chansize) + go parseZone(r, origin, file, defttl, t, 0) + return t +} + +func parseZone(r io.Reader, origin, f string, defttl *ttlState, t chan *Token, include int) { + defer func() { + if include == 0 { + close(t) + } + }() + s, cancel := scanInit(r) + c := make(chan lex) + // Start the lexer + go zlexer(s, c) + + defer func() { + cancel() + // zlexer can send up to three tokens, the next one and possibly 2 remainders. + // Do a non-blocking read. + _, ok := <-c + _, ok = <-c + _, ok = <-c + if !ok { + // too bad + } + }() + // 6 possible beginnings of a line, _ is a space + // 0. zRRTYPE -> all omitted until the rrtype + // 1. zOwner _ zRrtype -> class/ttl omitted + // 2. zOwner _ zString _ zRrtype -> class omitted + // 3. zOwner _ zString _ zClass _ zRrtype -> ttl/class + // 4. zOwner _ zClass _ zRrtype -> ttl omitted + // 5. zOwner _ zClass _ zString _ zRrtype -> class/ttl (reversed) + // After detecting these, we know the zRrtype so we can jump to functions + // handling the rdata for each of these types. + + if origin != "" { + origin = Fqdn(origin) + if _, ok := IsDomainName(origin); !ok { + t <- &Token{Error: &ParseError{f, "bad initial origin name", lex{}}} + return + } + } + + st := zExpectOwnerDir // initial state + var h RR_Header + var prevName string + for l := range c { + // Lexer spotted an error already + if l.err == true { + t <- &Token{Error: &ParseError{f, l.token, l}} + return + + } + switch st { + case zExpectOwnerDir: + // We can also expect a directive, like $TTL or $ORIGIN + if defttl != nil { + h.Ttl = defttl.ttl + } + h.Class = ClassINET + switch l.value { + case zNewline: + st = zExpectOwnerDir + case zOwner: + h.Name = l.token + name, ok := toAbsoluteName(l.token, origin) + if !ok { + t <- &Token{Error: &ParseError{f, "bad owner name", l}} + return + } + h.Name = name + prevName = h.Name + st = zExpectOwnerBl + case zDirTTL: + st = zExpectDirTTLBl + case zDirOrigin: + st = zExpectDirOriginBl + case zDirInclude: + st = zExpectDirIncludeBl + case zDirGenerate: + st = zExpectDirGenerateBl + case zRrtpe: + h.Name = prevName + h.Rrtype = l.torc + st = zExpectRdata + case zClass: + h.Name = prevName + h.Class = l.torc + st = zExpectAnyNoClassBl + case zBlank: + // Discard, can happen when there is nothing on the + // line except the RR type + case zString: + ttl, ok := stringToTTL(l.token) + if !ok { + t <- &Token{Error: &ParseError{f, "not a TTL", l}} + return + } + h.Ttl = ttl + if defttl == nil || !defttl.isByDirective { + defttl = &ttlState{ttl, false} + } + st = zExpectAnyNoTTLBl + + default: + t <- &Token{Error: &ParseError{f, "syntax error at beginning", l}} + return + } + case zExpectDirIncludeBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank after $INCLUDE-directive", l}} + return + } + st = zExpectDirInclude + case zExpectDirInclude: + if l.value != zString { + t <- &Token{Error: &ParseError{f, "expecting $INCLUDE value, not this...", l}} + return + } + neworigin := origin // There may be optionally a new origin set after the filename, if not use current one + switch l := <-c; l.value { + case zBlank: + l := <-c + if l.value == zString { + name, ok := toAbsoluteName(l.token, origin) + if !ok { + t <- &Token{Error: &ParseError{f, "bad origin name", l}} + return + } + neworigin = name + } + case zNewline, zEOF: + // Ok + default: + t <- &Token{Error: &ParseError{f, "garbage after $INCLUDE", l}} + return + } + // Start with the new file + r1, e1 := os.Open(l.token) + if e1 != nil { + t <- &Token{Error: &ParseError{f, "failed to open `" + l.token + "'", l}} + return + } + if include+1 > 7 { + t <- &Token{Error: &ParseError{f, "too deeply nested $INCLUDE", l}} + return + } + parseZone(r1, neworigin, l.token, defttl, t, include+1) + st = zExpectOwnerDir + case zExpectDirTTLBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank after $TTL-directive", l}} + return + } + st = zExpectDirTTL + case zExpectDirTTL: + if l.value != zString { + t <- &Token{Error: &ParseError{f, "expecting $TTL value, not this...", l}} + return + } + if e, _ := slurpRemainder(c, f); e != nil { + t <- &Token{Error: e} + return + } + ttl, ok := stringToTTL(l.token) + if !ok { + t <- &Token{Error: &ParseError{f, "expecting $TTL value, not this...", l}} + return + } + defttl = &ttlState{ttl, true} + st = zExpectOwnerDir + case zExpectDirOriginBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank after $ORIGIN-directive", l}} + return + } + st = zExpectDirOrigin + case zExpectDirOrigin: + if l.value != zString { + t <- &Token{Error: &ParseError{f, "expecting $ORIGIN value, not this...", l}} + return + } + if e, _ := slurpRemainder(c, f); e != nil { + t <- &Token{Error: e} + } + name, ok := toAbsoluteName(l.token, origin) + if !ok { + t <- &Token{Error: &ParseError{f, "bad origin name", l}} + return + } + origin = name + st = zExpectOwnerDir + case zExpectDirGenerateBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank after $GENERATE-directive", l}} + return + } + st = zExpectDirGenerate + case zExpectDirGenerate: + if l.value != zString { + t <- &Token{Error: &ParseError{f, "expecting $GENERATE value, not this...", l}} + return + } + if errMsg := generate(l, c, t, origin); errMsg != "" { + t <- &Token{Error: &ParseError{f, errMsg, l}} + return + } + st = zExpectOwnerDir + case zExpectOwnerBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank after owner", l}} + return + } + st = zExpectAny + case zExpectAny: + switch l.value { + case zRrtpe: + if defttl == nil { + t <- &Token{Error: &ParseError{f, "missing TTL with no previous value", l}} + return + } + h.Rrtype = l.torc + st = zExpectRdata + case zClass: + h.Class = l.torc + st = zExpectAnyNoClassBl + case zString: + ttl, ok := stringToTTL(l.token) + if !ok { + t <- &Token{Error: &ParseError{f, "not a TTL", l}} + return + } + h.Ttl = ttl + if defttl == nil || !defttl.isByDirective { + defttl = &ttlState{ttl, false} + } + st = zExpectAnyNoTTLBl + default: + t <- &Token{Error: &ParseError{f, "expecting RR type, TTL or class, not this...", l}} + return + } + case zExpectAnyNoClassBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank before class", l}} + return + } + st = zExpectAnyNoClass + case zExpectAnyNoTTLBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank before TTL", l}} + return + } + st = zExpectAnyNoTTL + case zExpectAnyNoTTL: + switch l.value { + case zClass: + h.Class = l.torc + st = zExpectRrtypeBl + case zRrtpe: + h.Rrtype = l.torc + st = zExpectRdata + default: + t <- &Token{Error: &ParseError{f, "expecting RR type or class, not this...", l}} + return + } + case zExpectAnyNoClass: + switch l.value { + case zString: + ttl, ok := stringToTTL(l.token) + if !ok { + t <- &Token{Error: &ParseError{f, "not a TTL", l}} + return + } + h.Ttl = ttl + if defttl == nil || !defttl.isByDirective { + defttl = &ttlState{ttl, false} + } + st = zExpectRrtypeBl + case zRrtpe: + h.Rrtype = l.torc + st = zExpectRdata + default: + t <- &Token{Error: &ParseError{f, "expecting RR type or TTL, not this...", l}} + return + } + case zExpectRrtypeBl: + if l.value != zBlank { + t <- &Token{Error: &ParseError{f, "no blank before RR type", l}} + return + } + st = zExpectRrtype + case zExpectRrtype: + if l.value != zRrtpe { + t <- &Token{Error: &ParseError{f, "unknown RR type", l}} + return + } + h.Rrtype = l.torc + st = zExpectRdata + case zExpectRdata: + r, e, c1 := setRR(h, c, origin, f) + if e != nil { + // If e.lex is nil than we have encounter a unknown RR type + // in that case we substitute our current lex token + if e.lex.token == "" && e.lex.value == 0 { + e.lex = l // Uh, dirty + } + t <- &Token{Error: e} + return + } + t <- &Token{RR: r, Comment: c1} + st = zExpectOwnerDir + } + } + // If we get here, we and the h.Rrtype is still zero, we haven't parsed anything, this + // is not an error, because an empty zone file is still a zone file. +} + +// zlexer scans the sourcefile and returns tokens on the channel c. +func zlexer(s *scan, c chan lex) { + var l lex + str := make([]byte, maxTok) // Should be enough for any token + stri := 0 // Offset in str (0 means empty) + com := make([]byte, maxTok) // Hold comment text + comi := 0 + quote := false + escape := false + space := false + commt := false + rrtype := false + owner := true + brace := 0 + x, err := s.tokenText() + defer close(c) + for err == nil { + l.column = s.position.Column + l.line = s.position.Line + if stri >= maxTok { + l.token = "token length insufficient for parsing" + l.err = true + c <- l + return + } + if comi >= maxTok { + l.token = "comment length insufficient for parsing" + l.err = true + c <- l + return + } + + switch x { + case ' ', '\t': + if escape { + escape = false + str[stri] = x + stri++ + break + } + if quote { + // Inside quotes this is legal + str[stri] = x + stri++ + break + } + if commt { + com[comi] = x + comi++ + break + } + if stri == 0 { + // Space directly in the beginning, handled in the grammar + } else if owner { + // If we have a string and its the first, make it an owner + l.value = zOwner + l.token = string(str[:stri]) + l.tokenUpper = strings.ToUpper(l.token) + l.length = stri + // escape $... start with a \ not a $, so this will work + switch l.tokenUpper { + case "$TTL": + l.value = zDirTTL + case "$ORIGIN": + l.value = zDirOrigin + case "$INCLUDE": + l.value = zDirInclude + case "$GENERATE": + l.value = zDirGenerate + } + c <- l + } else { + l.value = zString + l.token = string(str[:stri]) + l.tokenUpper = strings.ToUpper(l.token) + l.length = stri + if !rrtype { + if t, ok := StringToType[l.tokenUpper]; ok { + l.value = zRrtpe + l.torc = t + rrtype = true + } else { + if strings.HasPrefix(l.tokenUpper, "TYPE") { + t, ok := typeToInt(l.token) + if !ok { + l.token = "unknown RR type" + l.err = true + c <- l + return + } + l.value = zRrtpe + l.torc = t + } + } + if t, ok := StringToClass[l.tokenUpper]; ok { + l.value = zClass + l.torc = t + } else { + if strings.HasPrefix(l.tokenUpper, "CLASS") { + t, ok := classToInt(l.token) + if !ok { + l.token = "unknown class" + l.err = true + c <- l + return + } + l.value = zClass + l.torc = t + } + } + } + c <- l + } + stri = 0 + // I reverse space stuff here + if !space && !commt { + l.value = zBlank + l.token = " " + l.length = 1 + c <- l + } + owner = false + space = true + case ';': + if escape { + escape = false + str[stri] = x + stri++ + break + } + if quote { + // Inside quotes this is legal + str[stri] = x + stri++ + break + } + if stri > 0 { + l.value = zString + l.token = string(str[:stri]) + l.tokenUpper = strings.ToUpper(l.token) + l.length = stri + c <- l + stri = 0 + } + commt = true + com[comi] = ';' + comi++ + case '\r': + escape = false + if quote { + str[stri] = x + stri++ + break + } + // discard if outside of quotes + case '\n': + escape = false + // Escaped newline + if quote { + str[stri] = x + stri++ + break + } + // inside quotes this is legal + if commt { + // Reset a comment + commt = false + rrtype = false + stri = 0 + // If not in a brace this ends the comment AND the RR + if brace == 0 { + owner = true + owner = true + l.value = zNewline + l.token = "\n" + l.tokenUpper = l.token + l.length = 1 + l.comment = string(com[:comi]) + c <- l + l.comment = "" + comi = 0 + break + } + com[comi] = ' ' // convert newline to space + comi++ + break + } + + if brace == 0 { + // If there is previous text, we should output it here + if stri != 0 { + l.value = zString + l.token = string(str[:stri]) + l.tokenUpper = strings.ToUpper(l.token) + + l.length = stri + if !rrtype { + if t, ok := StringToType[l.tokenUpper]; ok { + l.value = zRrtpe + l.torc = t + rrtype = true + } + } + c <- l + } + l.value = zNewline + l.token = "\n" + l.tokenUpper = l.token + l.length = 1 + c <- l + stri = 0 + commt = false + rrtype = false + owner = true + comi = 0 + } + case '\\': + // comments do not get escaped chars, everything is copied + if commt { + com[comi] = x + comi++ + break + } + // something already escaped must be in string + if escape { + str[stri] = x + stri++ + escape = false + break + } + // something escaped outside of string gets added to string + str[stri] = x + stri++ + escape = true + case '"': + if commt { + com[comi] = x + comi++ + break + } + if escape { + str[stri] = x + stri++ + escape = false + break + } + space = false + // send previous gathered text and the quote + if stri != 0 { + l.value = zString + l.token = string(str[:stri]) + l.tokenUpper = strings.ToUpper(l.token) + l.length = stri + + c <- l + stri = 0 + } + + // send quote itself as separate token + l.value = zQuote + l.token = "\"" + l.tokenUpper = l.token + l.length = 1 + c <- l + quote = !quote + case '(', ')': + if commt { + com[comi] = x + comi++ + break + } + if escape { + str[stri] = x + stri++ + escape = false + break + } + if quote { + str[stri] = x + stri++ + break + } + switch x { + case ')': + brace-- + if brace < 0 { + l.token = "extra closing brace" + l.tokenUpper = l.token + l.err = true + c <- l + return + } + case '(': + brace++ + } + default: + escape = false + if commt { + com[comi] = x + comi++ + break + } + str[stri] = x + stri++ + space = false + } + x, err = s.tokenText() + } + if stri > 0 { + // Send remainder + l.token = string(str[:stri]) + l.tokenUpper = strings.ToUpper(l.token) + l.length = stri + l.value = zString + c <- l + } + if brace != 0 { + l.token = "unbalanced brace" + l.tokenUpper = l.token + l.err = true + c <- l + } +} + +// Extract the class number from CLASSxx +func classToInt(token string) (uint16, bool) { + offset := 5 + if len(token) < offset+1 { + return 0, false + } + class, err := strconv.ParseUint(token[offset:], 10, 16) + if err != nil { + return 0, false + } + return uint16(class), true +} + +// Extract the rr number from TYPExxx +func typeToInt(token string) (uint16, bool) { + offset := 4 + if len(token) < offset+1 { + return 0, false + } + typ, err := strconv.ParseUint(token[offset:], 10, 16) + if err != nil { + return 0, false + } + return uint16(typ), true +} + +// stringToTTL parses things like 2w, 2m, etc, and returns the time in seconds. +func stringToTTL(token string) (uint32, bool) { + s := uint32(0) + i := uint32(0) + for _, c := range token { + switch c { + case 's', 'S': + s += i + i = 0 + case 'm', 'M': + s += i * 60 + i = 0 + case 'h', 'H': + s += i * 60 * 60 + i = 0 + case 'd', 'D': + s += i * 60 * 60 * 24 + i = 0 + case 'w', 'W': + s += i * 60 * 60 * 24 * 7 + i = 0 + case '0', '1', '2', '3', '4', '5', '6', '7', '8', '9': + i *= 10 + i += uint32(c) - '0' + default: + return 0, false + } + } + return s + i, true +} + +// Parse LOC records' [.][mM] into a +// mantissa exponent format. Token should contain the entire +// string (i.e. no spaces allowed) +func stringToCm(token string) (e, m uint8, ok bool) { + if token[len(token)-1] == 'M' || token[len(token)-1] == 'm' { + token = token[0 : len(token)-1] + } + s := strings.SplitN(token, ".", 2) + var meters, cmeters, val int + var err error + switch len(s) { + case 2: + if cmeters, err = strconv.Atoi(s[1]); err != nil { + return + } + fallthrough + case 1: + if meters, err = strconv.Atoi(s[0]); err != nil { + return + } + case 0: + // huh? + return 0, 0, false + } + ok = true + if meters > 0 { + e = 2 + val = meters + } else { + e = 0 + val = cmeters + } + for val > 10 { + e++ + val /= 10 + } + if e > 9 { + ok = false + } + m = uint8(val) + return +} + +func toAbsoluteName(name, origin string) (absolute string, ok bool) { + // check for an explicit origin reference + if name == "@" { + // require a nonempty origin + if origin == "" { + return "", false + } + return origin, true + } + + // require a valid domain name + _, ok = IsDomainName(name) + if !ok || name == "" { + return "", false + } + + // check if name is already absolute + if name[len(name)-1] == '.' { + return name, true + } + + // require a nonempty origin + if origin == "" { + return "", false + } + return appendOrigin(name, origin), true +} + +func appendOrigin(name, origin string) string { + if origin == "." { + return name + origin + } + return name + "." + origin +} + +// LOC record helper function +func locCheckNorth(token string, latitude uint32) (uint32, bool) { + switch token { + case "n", "N": + return LOC_EQUATOR + latitude, true + case "s", "S": + return LOC_EQUATOR - latitude, true + } + return latitude, false +} + +// LOC record helper function +func locCheckEast(token string, longitude uint32) (uint32, bool) { + switch token { + case "e", "E": + return LOC_EQUATOR + longitude, true + case "w", "W": + return LOC_EQUATOR - longitude, true + } + return longitude, false +} + +// "Eat" the rest of the "line". Return potential comments +func slurpRemainder(c chan lex, f string) (*ParseError, string) { + l := <-c + com := "" + switch l.value { + case zBlank: + l = <-c + com = l.comment + if l.value != zNewline && l.value != zEOF { + return &ParseError{f, "garbage after rdata", l}, "" + } + case zNewline: + com = l.comment + case zEOF: + default: + return &ParseError{f, "garbage after rdata", l}, "" + } + return nil, com +} + +// Parse a 64 bit-like ipv6 address: "0014:4fff:ff20:ee64" +// Used for NID and L64 record. +func stringToNodeID(l lex) (uint64, *ParseError) { + if len(l.token) < 19 { + return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l} + } + // There must be three colons at fixes postitions, if not its a parse error + if l.token[4] != ':' && l.token[9] != ':' && l.token[14] != ':' { + return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l} + } + s := l.token[0:4] + l.token[5:9] + l.token[10:14] + l.token[15:19] + u, err := strconv.ParseUint(s, 16, 64) + if err != nil { + return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l} + } + return u, nil +} diff --git a/vendor/github.com/miekg/dns/scan_rr.go b/vendor/github.com/miekg/dns/scan_rr.go new file mode 100644 index 0000000..2be6e09 --- /dev/null +++ b/vendor/github.com/miekg/dns/scan_rr.go @@ -0,0 +1,2153 @@ +package dns + +import ( + "encoding/base64" + "net" + "strconv" + "strings" +) + +type parserFunc struct { + // Func defines the function that parses the tokens and returns the RR + // or an error. The last string contains any comments in the line as + // they returned by the lexer as well. + Func func(h RR_Header, c chan lex, origin string, file string) (RR, *ParseError, string) + // Signals if the RR ending is of variable length, like TXT or records + // that have Hexadecimal or Base64 as their last element in the Rdata. Records + // that have a fixed ending or for instance A, AAAA, SOA and etc. + Variable bool +} + +// Parse the rdata of each rrtype. +// All data from the channel c is either zString or zBlank. +// After the rdata there may come a zBlank and then a zNewline +// or immediately a zNewline. If this is not the case we flag +// an *ParseError: garbage after rdata. +func setRR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + parserfunc, ok := typeToparserFunc[h.Rrtype] + if ok { + r, e, cm := parserfunc.Func(h, c, o, f) + if parserfunc.Variable { + return r, e, cm + } + if e != nil { + return nil, e, "" + } + e, cm = slurpRemainder(c, f) + if e != nil { + return nil, e, "" + } + return r, nil, cm + } + // RFC3957 RR (Unknown RR handling) + return setRFC3597(h, c, o, f) +} + +// A remainder of the rdata with embedded spaces, return the parsed string (sans the spaces) +// or an error +func endingToString(c chan lex, errstr, f string) (string, *ParseError, string) { + s := "" + l := <-c // zString + for l.value != zNewline && l.value != zEOF { + if l.err { + return s, &ParseError{f, errstr, l}, "" + } + switch l.value { + case zString: + s += l.token + case zBlank: // Ok + default: + return "", &ParseError{f, errstr, l}, "" + } + l = <-c + } + return s, nil, l.comment +} + +// A remainder of the rdata with embedded spaces, split on unquoted whitespace +// and return the parsed string slice or an error +func endingToTxtSlice(c chan lex, errstr, f string) ([]string, *ParseError, string) { + // Get the remaining data until we see a zNewline + l := <-c + if l.err { + return nil, &ParseError{f, errstr, l}, "" + } + + // Build the slice + s := make([]string, 0) + quote := false + empty := false + for l.value != zNewline && l.value != zEOF { + if l.err { + return nil, &ParseError{f, errstr, l}, "" + } + switch l.value { + case zString: + empty = false + if len(l.token) > 255 { + // split up tokens that are larger than 255 into 255-chunks + sx := []string{} + p, i := 0, 255 + for { + if i <= len(l.token) { + sx = append(sx, l.token[p:i]) + } else { + sx = append(sx, l.token[p:]) + break + + } + p, i = p+255, i+255 + } + s = append(s, sx...) + break + } + + s = append(s, l.token) + case zBlank: + if quote { + // zBlank can only be seen in between txt parts. + return nil, &ParseError{f, errstr, l}, "" + } + case zQuote: + if empty && quote { + s = append(s, "") + } + quote = !quote + empty = true + default: + return nil, &ParseError{f, errstr, l}, "" + } + l = <-c + } + if quote { + return nil, &ParseError{f, errstr, l}, "" + } + return s, nil, l.comment +} + +func setA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(A) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + rr.A = net.ParseIP(l.token) + if rr.A == nil || l.err { + return nil, &ParseError{f, "bad A A", l}, "" + } + return rr, nil, "" +} + +func setAAAA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(AAAA) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + rr.AAAA = net.ParseIP(l.token) + if rr.AAAA == nil || l.err { + return nil, &ParseError{f, "bad AAAA AAAA", l}, "" + } + return rr, nil, "" +} + +func setNS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NS) + rr.Hdr = h + + l := <-c + rr.Ns = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad NS Ns", l}, "" + } + rr.Ns = name + return rr, nil, "" +} + +func setPTR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(PTR) + rr.Hdr = h + + l := <-c + rr.Ptr = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad PTR Ptr", l}, "" + } + rr.Ptr = name + return rr, nil, "" +} + +func setNSAPPTR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NSAPPTR) + rr.Hdr = h + + l := <-c + rr.Ptr = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad NSAP-PTR Ptr", l}, "" + } + rr.Ptr = name + return rr, nil, "" +} + +func setRP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(RP) + rr.Hdr = h + + l := <-c + rr.Mbox = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + mbox, mboxOk := toAbsoluteName(l.token, o) + if l.err || !mboxOk { + return nil, &ParseError{f, "bad RP Mbox", l}, "" + } + rr.Mbox = mbox + + <-c // zBlank + l = <-c + rr.Txt = l.token + + txt, txtOk := toAbsoluteName(l.token, o) + if l.err || !txtOk { + return nil, &ParseError{f, "bad RP Txt", l}, "" + } + rr.Txt = txt + + return rr, nil, "" +} + +func setMR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MR) + rr.Hdr = h + + l := <-c + rr.Mr = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad MR Mr", l}, "" + } + rr.Mr = name + return rr, nil, "" +} + +func setMB(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MB) + rr.Hdr = h + + l := <-c + rr.Mb = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad MB Mb", l}, "" + } + rr.Mb = name + return rr, nil, "" +} + +func setMG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MG) + rr.Hdr = h + + l := <-c + rr.Mg = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad MG Mg", l}, "" + } + rr.Mg = name + return rr, nil, "" +} + +func setHINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(HINFO) + rr.Hdr = h + + chunks, e, c1 := endingToTxtSlice(c, "bad HINFO Fields", f) + if e != nil { + return nil, e, c1 + } + + if ln := len(chunks); ln == 0 { + return rr, nil, "" + } else if ln == 1 { + // Can we split it? + if out := strings.Fields(chunks[0]); len(out) > 1 { + chunks = out + } else { + chunks = append(chunks, "") + } + } + + rr.Cpu = chunks[0] + rr.Os = strings.Join(chunks[1:], " ") + + return rr, nil, "" +} + +func setMINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MINFO) + rr.Hdr = h + + l := <-c + rr.Rmail = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + rmail, rmailOk := toAbsoluteName(l.token, o) + if l.err || !rmailOk { + return nil, &ParseError{f, "bad MINFO Rmail", l}, "" + } + rr.Rmail = rmail + + <-c // zBlank + l = <-c + rr.Email = l.token + + email, emailOk := toAbsoluteName(l.token, o) + if l.err || !emailOk { + return nil, &ParseError{f, "bad MINFO Email", l}, "" + } + rr.Email = email + + return rr, nil, "" +} + +func setMF(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MF) + rr.Hdr = h + + l := <-c + rr.Mf = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad MF Mf", l}, "" + } + rr.Mf = name + return rr, nil, "" +} + +func setMD(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MD) + rr.Hdr = h + + l := <-c + rr.Md = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad MD Md", l}, "" + } + rr.Md = name + return rr, nil, "" +} + +func setMX(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(MX) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad MX Pref", l}, "" + } + rr.Preference = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Mx = l.token + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad MX Mx", l}, "" + } + rr.Mx = name + + return rr, nil, "" +} + +func setRT(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(RT) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil { + return nil, &ParseError{f, "bad RT Preference", l}, "" + } + rr.Preference = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Host = l.token + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad RT Host", l}, "" + } + rr.Host = name + + return rr, nil, "" +} + +func setAFSDB(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(AFSDB) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad AFSDB Subtype", l}, "" + } + rr.Subtype = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Hostname = l.token + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad AFSDB Hostname", l}, "" + } + rr.Hostname = name + return rr, nil, "" +} + +func setX25(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(X25) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + if l.err { + return nil, &ParseError{f, "bad X25 PSDNAddress", l}, "" + } + rr.PSDNAddress = l.token + return rr, nil, "" +} + +func setKX(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(KX) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad KX Pref", l}, "" + } + rr.Preference = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Exchanger = l.token + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad KX Exchanger", l}, "" + } + rr.Exchanger = name + return rr, nil, "" +} + +func setCNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(CNAME) + rr.Hdr = h + + l := <-c + rr.Target = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad CNAME Target", l}, "" + } + rr.Target = name + return rr, nil, "" +} + +func setDNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(DNAME) + rr.Hdr = h + + l := <-c + rr.Target = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad DNAME Target", l}, "" + } + rr.Target = name + return rr, nil, "" +} + +func setSOA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(SOA) + rr.Hdr = h + + l := <-c + rr.Ns = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + ns, nsOk := toAbsoluteName(l.token, o) + if l.err || !nsOk { + return nil, &ParseError{f, "bad SOA Ns", l}, "" + } + rr.Ns = ns + + <-c // zBlank + l = <-c + rr.Mbox = l.token + + mbox, mboxOk := toAbsoluteName(l.token, o) + if l.err || !mboxOk { + return nil, &ParseError{f, "bad SOA Mbox", l}, "" + } + rr.Mbox = mbox + + <-c // zBlank + + var ( + v uint32 + ok bool + ) + for i := 0; i < 5; i++ { + l = <-c + if l.err { + return nil, &ParseError{f, "bad SOA zone parameter", l}, "" + } + if j, e := strconv.ParseUint(l.token, 10, 32); e != nil { + if i == 0 { + // Serial must be a number + return nil, &ParseError{f, "bad SOA zone parameter", l}, "" + } + // We allow other fields to be unitful duration strings + if v, ok = stringToTTL(l.token); !ok { + return nil, &ParseError{f, "bad SOA zone parameter", l}, "" + + } + } else { + v = uint32(j) + } + switch i { + case 0: + rr.Serial = v + <-c // zBlank + case 1: + rr.Refresh = v + <-c // zBlank + case 2: + rr.Retry = v + <-c // zBlank + case 3: + rr.Expire = v + <-c // zBlank + case 4: + rr.Minttl = v + } + } + return rr, nil, "" +} + +func setSRV(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(SRV) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad SRV Priority", l}, "" + } + rr.Priority = uint16(i) + + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad SRV Weight", l}, "" + } + rr.Weight = uint16(i) + + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad SRV Port", l}, "" + } + rr.Port = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Target = l.token + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad SRV Target", l}, "" + } + rr.Target = name + return rr, nil, "" +} + +func setNAPTR(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NAPTR) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad NAPTR Order", l}, "" + } + rr.Order = uint16(i) + + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad NAPTR Preference", l}, "" + } + rr.Preference = uint16(i) + + // Flags + <-c // zBlank + l = <-c // _QUOTE + if l.value != zQuote { + return nil, &ParseError{f, "bad NAPTR Flags", l}, "" + } + l = <-c // Either String or Quote + if l.value == zString { + rr.Flags = l.token + l = <-c // _QUOTE + if l.value != zQuote { + return nil, &ParseError{f, "bad NAPTR Flags", l}, "" + } + } else if l.value == zQuote { + rr.Flags = "" + } else { + return nil, &ParseError{f, "bad NAPTR Flags", l}, "" + } + + // Service + <-c // zBlank + l = <-c // _QUOTE + if l.value != zQuote { + return nil, &ParseError{f, "bad NAPTR Service", l}, "" + } + l = <-c // Either String or Quote + if l.value == zString { + rr.Service = l.token + l = <-c // _QUOTE + if l.value != zQuote { + return nil, &ParseError{f, "bad NAPTR Service", l}, "" + } + } else if l.value == zQuote { + rr.Service = "" + } else { + return nil, &ParseError{f, "bad NAPTR Service", l}, "" + } + + // Regexp + <-c // zBlank + l = <-c // _QUOTE + if l.value != zQuote { + return nil, &ParseError{f, "bad NAPTR Regexp", l}, "" + } + l = <-c // Either String or Quote + if l.value == zString { + rr.Regexp = l.token + l = <-c // _QUOTE + if l.value != zQuote { + return nil, &ParseError{f, "bad NAPTR Regexp", l}, "" + } + } else if l.value == zQuote { + rr.Regexp = "" + } else { + return nil, &ParseError{f, "bad NAPTR Regexp", l}, "" + } + + // After quote no space?? + <-c // zBlank + l = <-c // zString + rr.Replacement = l.token + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad NAPTR Replacement", l}, "" + } + rr.Replacement = name + return rr, nil, "" +} + +func setTALINK(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(TALINK) + rr.Hdr = h + + l := <-c + rr.PreviousName = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + previousName, previousNameOk := toAbsoluteName(l.token, o) + if l.err || !previousNameOk { + return nil, &ParseError{f, "bad TALINK PreviousName", l}, "" + } + rr.PreviousName = previousName + + <-c // zBlank + l = <-c + rr.NextName = l.token + + nextName, nextNameOk := toAbsoluteName(l.token, o) + if l.err || !nextNameOk { + return nil, &ParseError{f, "bad TALINK NextName", l}, "" + } + rr.NextName = nextName + + return rr, nil, "" +} + +func setLOC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(LOC) + rr.Hdr = h + // Non zero defaults for LOC record, see RFC 1876, Section 3. + rr.HorizPre = 165 // 10000 + rr.VertPre = 162 // 10 + rr.Size = 18 // 1 + ok := false + + // North + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + i, e := strconv.ParseUint(l.token, 10, 32) + if e != nil || l.err { + return nil, &ParseError{f, "bad LOC Latitude", l}, "" + } + rr.Latitude = 1000 * 60 * 60 * uint32(i) + + <-c // zBlank + // Either number, 'N' or 'S' + l = <-c + if rr.Latitude, ok = locCheckNorth(l.token, rr.Latitude); ok { + goto East + } + i, e = strconv.ParseUint(l.token, 10, 32) + if e != nil || l.err { + return nil, &ParseError{f, "bad LOC Latitude minutes", l}, "" + } + rr.Latitude += 1000 * 60 * uint32(i) + + <-c // zBlank + l = <-c + if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err { + return nil, &ParseError{f, "bad LOC Latitude seconds", l}, "" + } else { + rr.Latitude += uint32(1000 * i) + } + <-c // zBlank + // Either number, 'N' or 'S' + l = <-c + if rr.Latitude, ok = locCheckNorth(l.token, rr.Latitude); ok { + goto East + } + // If still alive, flag an error + return nil, &ParseError{f, "bad LOC Latitude North/South", l}, "" + +East: + // East + <-c // zBlank + l = <-c + if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err { + return nil, &ParseError{f, "bad LOC Longitude", l}, "" + } else { + rr.Longitude = 1000 * 60 * 60 * uint32(i) + } + <-c // zBlank + // Either number, 'E' or 'W' + l = <-c + if rr.Longitude, ok = locCheckEast(l.token, rr.Longitude); ok { + goto Altitude + } + if i, e := strconv.ParseUint(l.token, 10, 32); e != nil || l.err { + return nil, &ParseError{f, "bad LOC Longitude minutes", l}, "" + } else { + rr.Longitude += 1000 * 60 * uint32(i) + } + <-c // zBlank + l = <-c + if i, e := strconv.ParseFloat(l.token, 32); e != nil || l.err { + return nil, &ParseError{f, "bad LOC Longitude seconds", l}, "" + } else { + rr.Longitude += uint32(1000 * i) + } + <-c // zBlank + // Either number, 'E' or 'W' + l = <-c + if rr.Longitude, ok = locCheckEast(l.token, rr.Longitude); ok { + goto Altitude + } + // If still alive, flag an error + return nil, &ParseError{f, "bad LOC Longitude East/West", l}, "" + +Altitude: + <-c // zBlank + l = <-c + if l.length == 0 || l.err { + return nil, &ParseError{f, "bad LOC Altitude", l}, "" + } + if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' { + l.token = l.token[0 : len(l.token)-1] + } + if i, e := strconv.ParseFloat(l.token, 32); e != nil { + return nil, &ParseError{f, "bad LOC Altitude", l}, "" + } else { + rr.Altitude = uint32(i*100.0 + 10000000.0 + 0.5) + } + + // And now optionally the other values + l = <-c + count := 0 + for l.value != zNewline && l.value != zEOF { + switch l.value { + case zString: + switch count { + case 0: // Size + e, m, ok := stringToCm(l.token) + if !ok { + return nil, &ParseError{f, "bad LOC Size", l}, "" + } + rr.Size = (e & 0x0f) | (m << 4 & 0xf0) + case 1: // HorizPre + e, m, ok := stringToCm(l.token) + if !ok { + return nil, &ParseError{f, "bad LOC HorizPre", l}, "" + } + rr.HorizPre = (e & 0x0f) | (m << 4 & 0xf0) + case 2: // VertPre + e, m, ok := stringToCm(l.token) + if !ok { + return nil, &ParseError{f, "bad LOC VertPre", l}, "" + } + rr.VertPre = (e & 0x0f) | (m << 4 & 0xf0) + } + count++ + case zBlank: + // Ok + default: + return nil, &ParseError{f, "bad LOC Size, HorizPre or VertPre", l}, "" + } + l = <-c + } + return rr, nil, "" +} + +func setHIP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(HIP) + rr.Hdr = h + + // HitLength is not represented + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad HIP PublicKeyAlgorithm", l}, "" + } + rr.PublicKeyAlgorithm = uint8(i) + + <-c // zBlank + l = <-c // zString + if l.length == 0 || l.err { + return nil, &ParseError{f, "bad HIP Hit", l}, "" + } + rr.Hit = l.token // This can not contain spaces, see RFC 5205 Section 6. + rr.HitLength = uint8(len(rr.Hit)) / 2 + + <-c // zBlank + l = <-c // zString + if l.length == 0 || l.err { + return nil, &ParseError{f, "bad HIP PublicKey", l}, "" + } + rr.PublicKey = l.token // This cannot contain spaces + rr.PublicKeyLength = uint16(base64.StdEncoding.DecodedLen(len(rr.PublicKey))) + + // RendezvousServers (if any) + l = <-c + var xs []string + for l.value != zNewline && l.value != zEOF { + switch l.value { + case zString: + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad HIP RendezvousServers", l}, "" + } + xs = append(xs, name) + case zBlank: + // Ok + default: + return nil, &ParseError{f, "bad HIP RendezvousServers", l}, "" + } + l = <-c + } + rr.RendezvousServers = xs + return rr, nil, l.comment +} + +func setCERT(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(CERT) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + if v, ok := StringToCertType[l.token]; ok { + rr.Type = v + } else if i, e := strconv.ParseUint(l.token, 10, 16); e != nil { + return nil, &ParseError{f, "bad CERT Type", l}, "" + } else { + rr.Type = uint16(i) + } + <-c // zBlank + l = <-c // zString + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad CERT KeyTag", l}, "" + } + rr.KeyTag = uint16(i) + <-c // zBlank + l = <-c // zString + if v, ok := StringToAlgorithm[l.token]; ok { + rr.Algorithm = v + } else if i, e := strconv.ParseUint(l.token, 10, 8); e != nil { + return nil, &ParseError{f, "bad CERT Algorithm", l}, "" + } else { + rr.Algorithm = uint8(i) + } + s, e1, c1 := endingToString(c, "bad CERT Certificate", f) + if e1 != nil { + return nil, e1, c1 + } + rr.Certificate = s + return rr, nil, c1 +} + +func setOPENPGPKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(OPENPGPKEY) + rr.Hdr = h + + s, e, c1 := endingToString(c, "bad OPENPGPKEY PublicKey", f) + if e != nil { + return nil, e, c1 + } + rr.PublicKey = s + return rr, nil, c1 +} + +func setCSYNC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(CSYNC) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + j, e := strconv.ParseUint(l.token, 10, 32) + if e != nil { + // Serial must be a number + return nil, &ParseError{f, "bad CSYNC serial", l}, "" + } + rr.Serial = uint32(j) + + <-c // zBlank + + l = <-c + j, e = strconv.ParseUint(l.token, 10, 16) + if e != nil { + // Serial must be a number + return nil, &ParseError{f, "bad CSYNC flags", l}, "" + } + rr.Flags = uint16(j) + + rr.TypeBitMap = make([]uint16, 0) + var ( + k uint16 + ok bool + ) + l = <-c + for l.value != zNewline && l.value != zEOF { + switch l.value { + case zBlank: + // Ok + case zString: + if k, ok = StringToType[l.tokenUpper]; !ok { + if k, ok = typeToInt(l.tokenUpper); !ok { + return nil, &ParseError{f, "bad CSYNC TypeBitMap", l}, "" + } + } + rr.TypeBitMap = append(rr.TypeBitMap, k) + default: + return nil, &ParseError{f, "bad CSYNC TypeBitMap", l}, "" + } + l = <-c + } + return rr, nil, l.comment +} + +func setSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setRRSIG(h, c, o, f) + if r != nil { + return &SIG{*r.(*RRSIG)}, e, s + } + return nil, e, s +} + +func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(RRSIG) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + if t, ok := StringToType[l.tokenUpper]; !ok { + if strings.HasPrefix(l.tokenUpper, "TYPE") { + t, ok = typeToInt(l.tokenUpper) + if !ok { + return nil, &ParseError{f, "bad RRSIG Typecovered", l}, "" + } + rr.TypeCovered = t + } else { + return nil, &ParseError{f, "bad RRSIG Typecovered", l}, "" + } + } else { + rr.TypeCovered = t + } + + <-c // zBlank + l = <-c + i, err := strconv.ParseUint(l.token, 10, 8) + if err != nil || l.err { + return nil, &ParseError{f, "bad RRSIG Algorithm", l}, "" + } + rr.Algorithm = uint8(i) + + <-c // zBlank + l = <-c + i, err = strconv.ParseUint(l.token, 10, 8) + if err != nil || l.err { + return nil, &ParseError{f, "bad RRSIG Labels", l}, "" + } + rr.Labels = uint8(i) + + <-c // zBlank + l = <-c + i, err = strconv.ParseUint(l.token, 10, 32) + if err != nil || l.err { + return nil, &ParseError{f, "bad RRSIG OrigTtl", l}, "" + } + rr.OrigTtl = uint32(i) + + <-c // zBlank + l = <-c + if i, err := StringToTime(l.token); err != nil { + // Try to see if all numeric and use it as epoch + if i, err := strconv.ParseInt(l.token, 10, 64); err == nil { + // TODO(miek): error out on > MAX_UINT32, same below + rr.Expiration = uint32(i) + } else { + return nil, &ParseError{f, "bad RRSIG Expiration", l}, "" + } + } else { + rr.Expiration = i + } + + <-c // zBlank + l = <-c + if i, err := StringToTime(l.token); err != nil { + if i, err := strconv.ParseInt(l.token, 10, 64); err == nil { + rr.Inception = uint32(i) + } else { + return nil, &ParseError{f, "bad RRSIG Inception", l}, "" + } + } else { + rr.Inception = i + } + + <-c // zBlank + l = <-c + i, err = strconv.ParseUint(l.token, 10, 16) + if err != nil || l.err { + return nil, &ParseError{f, "bad RRSIG KeyTag", l}, "" + } + rr.KeyTag = uint16(i) + + <-c // zBlank + l = <-c + rr.SignerName = l.token + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad RRSIG SignerName", l}, "" + } + rr.SignerName = name + + s, e, c1 := endingToString(c, "bad RRSIG Signature", f) + if e != nil { + return nil, e, c1 + } + rr.Signature = s + + return rr, nil, c1 +} + +func setNSEC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NSEC) + rr.Hdr = h + + l := <-c + rr.NextDomain = l.token + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad NSEC NextDomain", l}, "" + } + rr.NextDomain = name + + rr.TypeBitMap = make([]uint16, 0) + var ( + k uint16 + ok bool + ) + l = <-c + for l.value != zNewline && l.value != zEOF { + switch l.value { + case zBlank: + // Ok + case zString: + if k, ok = StringToType[l.tokenUpper]; !ok { + if k, ok = typeToInt(l.tokenUpper); !ok { + return nil, &ParseError{f, "bad NSEC TypeBitMap", l}, "" + } + } + rr.TypeBitMap = append(rr.TypeBitMap, k) + default: + return nil, &ParseError{f, "bad NSEC TypeBitMap", l}, "" + } + l = <-c + } + return rr, nil, l.comment +} + +func setNSEC3(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NSEC3) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad NSEC3 Hash", l}, "" + } + rr.Hash = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad NSEC3 Flags", l}, "" + } + rr.Flags = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad NSEC3 Iterations", l}, "" + } + rr.Iterations = uint16(i) + <-c + l = <-c + if len(l.token) == 0 || l.err { + return nil, &ParseError{f, "bad NSEC3 Salt", l}, "" + } + rr.SaltLength = uint8(len(l.token)) / 2 + rr.Salt = l.token + + <-c + l = <-c + if len(l.token) == 0 || l.err { + return nil, &ParseError{f, "bad NSEC3 NextDomain", l}, "" + } + rr.HashLength = 20 // Fix for NSEC3 (sha1 160 bits) + rr.NextDomain = l.token + + rr.TypeBitMap = make([]uint16, 0) + var ( + k uint16 + ok bool + ) + l = <-c + for l.value != zNewline && l.value != zEOF { + switch l.value { + case zBlank: + // Ok + case zString: + if k, ok = StringToType[l.tokenUpper]; !ok { + if k, ok = typeToInt(l.tokenUpper); !ok { + return nil, &ParseError{f, "bad NSEC3 TypeBitMap", l}, "" + } + } + rr.TypeBitMap = append(rr.TypeBitMap, k) + default: + return nil, &ParseError{f, "bad NSEC3 TypeBitMap", l}, "" + } + l = <-c + } + return rr, nil, l.comment +} + +func setNSEC3PARAM(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NSEC3PARAM) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad NSEC3PARAM Hash", l}, "" + } + rr.Hash = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad NSEC3PARAM Flags", l}, "" + } + rr.Flags = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad NSEC3PARAM Iterations", l}, "" + } + rr.Iterations = uint16(i) + <-c + l = <-c + rr.SaltLength = uint8(len(l.token)) + rr.Salt = l.token + return rr, nil, "" +} + +func setEUI48(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(EUI48) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + if l.length != 17 || l.err { + return nil, &ParseError{f, "bad EUI48 Address", l}, "" + } + addr := make([]byte, 12) + dash := 0 + for i := 0; i < 10; i += 2 { + addr[i] = l.token[i+dash] + addr[i+1] = l.token[i+1+dash] + dash++ + if l.token[i+1+dash] != '-' { + return nil, &ParseError{f, "bad EUI48 Address", l}, "" + } + } + addr[10] = l.token[15] + addr[11] = l.token[16] + + i, e := strconv.ParseUint(string(addr), 16, 48) + if e != nil { + return nil, &ParseError{f, "bad EUI48 Address", l}, "" + } + rr.Address = i + return rr, nil, "" +} + +func setEUI64(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(EUI64) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + if l.length != 23 || l.err { + return nil, &ParseError{f, "bad EUI64 Address", l}, "" + } + addr := make([]byte, 16) + dash := 0 + for i := 0; i < 14; i += 2 { + addr[i] = l.token[i+dash] + addr[i+1] = l.token[i+1+dash] + dash++ + if l.token[i+1+dash] != '-' { + return nil, &ParseError{f, "bad EUI64 Address", l}, "" + } + } + addr[14] = l.token[21] + addr[15] = l.token[22] + + i, e := strconv.ParseUint(string(addr), 16, 64) + if e != nil { + return nil, &ParseError{f, "bad EUI68 Address", l}, "" + } + rr.Address = uint64(i) + return rr, nil, "" +} + +func setSSHFP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(SSHFP) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad SSHFP Algorithm", l}, "" + } + rr.Algorithm = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad SSHFP Type", l}, "" + } + rr.Type = uint8(i) + <-c // zBlank + s, e1, c1 := endingToString(c, "bad SSHFP Fingerprint", f) + if e1 != nil { + return nil, e1, c1 + } + rr.FingerPrint = s + return rr, nil, "" +} + +func setDNSKEYs(h RR_Header, c chan lex, o, f, typ string) (RR, *ParseError, string) { + rr := new(DNSKEY) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad " + typ + " Flags", l}, "" + } + rr.Flags = uint16(i) + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad " + typ + " Protocol", l}, "" + } + rr.Protocol = uint8(i) + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad " + typ + " Algorithm", l}, "" + } + rr.Algorithm = uint8(i) + s, e1, c1 := endingToString(c, "bad "+typ+" PublicKey", f) + if e1 != nil { + return nil, e1, c1 + } + rr.PublicKey = s + return rr, nil, c1 +} + +func setKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setDNSKEYs(h, c, o, f, "KEY") + if r != nil { + return &KEY{*r.(*DNSKEY)}, e, s + } + return nil, e, s +} + +func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setDNSKEYs(h, c, o, f, "DNSKEY") + return r, e, s +} + +func setCDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setDNSKEYs(h, c, o, f, "CDNSKEY") + if r != nil { + return &CDNSKEY{*r.(*DNSKEY)}, e, s + } + return nil, e, s +} + +func setRKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(RKEY) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad RKEY Flags", l}, "" + } + rr.Flags = uint16(i) + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad RKEY Protocol", l}, "" + } + rr.Protocol = uint8(i) + <-c // zBlank + l = <-c // zString + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad RKEY Algorithm", l}, "" + } + rr.Algorithm = uint8(i) + s, e1, c1 := endingToString(c, "bad RKEY PublicKey", f) + if e1 != nil { + return nil, e1, c1 + } + rr.PublicKey = s + return rr, nil, c1 +} + +func setEID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(EID) + rr.Hdr = h + s, e, c1 := endingToString(c, "bad EID Endpoint", f) + if e != nil { + return nil, e, c1 + } + rr.Endpoint = s + return rr, nil, c1 +} + +func setNIMLOC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NIMLOC) + rr.Hdr = h + s, e, c1 := endingToString(c, "bad NIMLOC Locator", f) + if e != nil { + return nil, e, c1 + } + rr.Locator = s + return rr, nil, c1 +} + +func setGPOS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(GPOS) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + _, e := strconv.ParseFloat(l.token, 64) + if e != nil || l.err { + return nil, &ParseError{f, "bad GPOS Longitude", l}, "" + } + rr.Longitude = l.token + <-c // zBlank + l = <-c + _, e = strconv.ParseFloat(l.token, 64) + if e != nil || l.err { + return nil, &ParseError{f, "bad GPOS Latitude", l}, "" + } + rr.Latitude = l.token + <-c // zBlank + l = <-c + _, e = strconv.ParseFloat(l.token, 64) + if e != nil || l.err { + return nil, &ParseError{f, "bad GPOS Altitude", l}, "" + } + rr.Altitude = l.token + return rr, nil, "" +} + +func setDSs(h RR_Header, c chan lex, o, f, typ string) (RR, *ParseError, string) { + rr := new(DS) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad " + typ + " KeyTag", l}, "" + } + rr.KeyTag = uint16(i) + <-c // zBlank + l = <-c + if i, e = strconv.ParseUint(l.token, 10, 8); e != nil { + i, ok := StringToAlgorithm[l.tokenUpper] + if !ok || l.err { + return nil, &ParseError{f, "bad " + typ + " Algorithm", l}, "" + } + rr.Algorithm = i + } else { + rr.Algorithm = uint8(i) + } + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad " + typ + " DigestType", l}, "" + } + rr.DigestType = uint8(i) + s, e1, c1 := endingToString(c, "bad "+typ+" Digest", f) + if e1 != nil { + return nil, e1, c1 + } + rr.Digest = s + return rr, nil, c1 +} + +func setDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setDSs(h, c, o, f, "DS") + return r, e, s +} + +func setDLV(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setDSs(h, c, o, f, "DLV") + if r != nil { + return &DLV{*r.(*DS)}, e, s + } + return nil, e, s +} + +func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + r, e, s := setDSs(h, c, o, f, "CDS") + if r != nil { + return &CDS{*r.(*DS)}, e, s + } + return nil, e, s +} + +func setTA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(TA) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad TA KeyTag", l}, "" + } + rr.KeyTag = uint16(i) + <-c // zBlank + l = <-c + if i, e := strconv.ParseUint(l.token, 10, 8); e != nil { + i, ok := StringToAlgorithm[l.tokenUpper] + if !ok || l.err { + return nil, &ParseError{f, "bad TA Algorithm", l}, "" + } + rr.Algorithm = i + } else { + rr.Algorithm = uint8(i) + } + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad TA DigestType", l}, "" + } + rr.DigestType = uint8(i) + s, e, c1 := endingToString(c, "bad TA Digest", f) + if e != nil { + return nil, e.(*ParseError), c1 + } + rr.Digest = s + return rr, nil, c1 +} + +func setTLSA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(TLSA) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad TLSA Usage", l}, "" + } + rr.Usage = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad TLSA Selector", l}, "" + } + rr.Selector = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad TLSA MatchingType", l}, "" + } + rr.MatchingType = uint8(i) + // So this needs be e2 (i.e. different than e), because...??t + s, e2, c1 := endingToString(c, "bad TLSA Certificate", f) + if e2 != nil { + return nil, e2, c1 + } + rr.Certificate = s + return rr, nil, c1 +} + +func setSMIMEA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(SMIMEA) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, e := strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad SMIMEA Usage", l}, "" + } + rr.Usage = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad SMIMEA Selector", l}, "" + } + rr.Selector = uint8(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 8) + if e != nil || l.err { + return nil, &ParseError{f, "bad SMIMEA MatchingType", l}, "" + } + rr.MatchingType = uint8(i) + // So this needs be e2 (i.e. different than e), because...??t + s, e2, c1 := endingToString(c, "bad SMIMEA Certificate", f) + if e2 != nil { + return nil, e2, c1 + } + rr.Certificate = s + return rr, nil, c1 +} + +func setRFC3597(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(RFC3597) + rr.Hdr = h + + l := <-c + if l.token != "\\#" { + return nil, &ParseError{f, "bad RFC3597 Rdata", l}, "" + } + + <-c // zBlank + l = <-c + rdlength, e := strconv.Atoi(l.token) + if e != nil || l.err { + return nil, &ParseError{f, "bad RFC3597 Rdata ", l}, "" + } + + s, e1, c1 := endingToString(c, "bad RFC3597 Rdata", f) + if e1 != nil { + return nil, e1, c1 + } + if rdlength*2 != len(s) { + return nil, &ParseError{f, "bad RFC3597 Rdata", l}, "" + } + rr.Rdata = s + return rr, nil, c1 +} + +func setSPF(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(SPF) + rr.Hdr = h + + s, e, c1 := endingToTxtSlice(c, "bad SPF Txt", f) + if e != nil { + return nil, e, "" + } + rr.Txt = s + return rr, nil, c1 +} + +func setAVC(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(AVC) + rr.Hdr = h + + s, e, c1 := endingToTxtSlice(c, "bad AVC Txt", f) + if e != nil { + return nil, e, "" + } + rr.Txt = s + return rr, nil, c1 +} + +func setTXT(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(TXT) + rr.Hdr = h + + // no zBlank reading here, because all this rdata is TXT + s, e, c1 := endingToTxtSlice(c, "bad TXT Txt", f) + if e != nil { + return nil, e, "" + } + rr.Txt = s + return rr, nil, c1 +} + +// identical to setTXT +func setNINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NINFO) + rr.Hdr = h + + s, e, c1 := endingToTxtSlice(c, "bad NINFO ZSData", f) + if e != nil { + return nil, e, "" + } + rr.ZSData = s + return rr, nil, c1 +} + +func setURI(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(URI) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad URI Priority", l}, "" + } + rr.Priority = uint16(i) + <-c // zBlank + l = <-c + i, e = strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad URI Weight", l}, "" + } + rr.Weight = uint16(i) + + <-c // zBlank + s, err, c1 := endingToTxtSlice(c, "bad URI Target", f) + if err != nil { + return nil, err, "" + } + if len(s) != 1 { + return nil, &ParseError{f, "bad URI Target", l}, "" + } + rr.Target = s[0] + return rr, nil, c1 +} + +func setDHCID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + // awesome record to parse! + rr := new(DHCID) + rr.Hdr = h + + s, e, c1 := endingToString(c, "bad DHCID Digest", f) + if e != nil { + return nil, e, c1 + } + rr.Digest = s + return rr, nil, c1 +} + +func setNID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(NID) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad NID Preference", l}, "" + } + rr.Preference = uint16(i) + <-c // zBlank + l = <-c // zString + u, err := stringToNodeID(l) + if err != nil || l.err { + return nil, err, "" + } + rr.NodeID = u + return rr, nil, "" +} + +func setL32(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(L32) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad L32 Preference", l}, "" + } + rr.Preference = uint16(i) + <-c // zBlank + l = <-c // zString + rr.Locator32 = net.ParseIP(l.token) + if rr.Locator32 == nil || l.err { + return nil, &ParseError{f, "bad L32 Locator", l}, "" + } + return rr, nil, "" +} + +func setLP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(LP) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad LP Preference", l}, "" + } + rr.Preference = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Fqdn = l.token + name, nameOk := toAbsoluteName(l.token, o) + if l.err || !nameOk { + return nil, &ParseError{f, "bad LP Fqdn", l}, "" + } + rr.Fqdn = name + + return rr, nil, "" +} + +func setL64(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(L64) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad L64 Preference", l}, "" + } + rr.Preference = uint16(i) + <-c // zBlank + l = <-c // zString + u, err := stringToNodeID(l) + if err != nil || l.err { + return nil, err, "" + } + rr.Locator64 = u + return rr, nil, "" +} + +func setUID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(UID) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 32) + if e != nil || l.err { + return nil, &ParseError{f, "bad UID Uid", l}, "" + } + rr.Uid = uint32(i) + return rr, nil, "" +} + +func setGID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(GID) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 32) + if e != nil || l.err { + return nil, &ParseError{f, "bad GID Gid", l}, "" + } + rr.Gid = uint32(i) + return rr, nil, "" +} + +func setUINFO(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(UINFO) + rr.Hdr = h + + s, e, c1 := endingToTxtSlice(c, "bad UINFO Uinfo", f) + if e != nil { + return nil, e, c1 + } + if ln := len(s); ln == 0 { + return rr, nil, c1 + } + rr.Uinfo = s[0] // silently discard anything after the first character-string + return rr, nil, c1 +} + +func setPX(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(PX) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, "" + } + + i, e := strconv.ParseUint(l.token, 10, 16) + if e != nil || l.err { + return nil, &ParseError{f, "bad PX Preference", l}, "" + } + rr.Preference = uint16(i) + + <-c // zBlank + l = <-c // zString + rr.Map822 = l.token + map822, map822Ok := toAbsoluteName(l.token, o) + if l.err || !map822Ok { + return nil, &ParseError{f, "bad PX Map822", l}, "" + } + rr.Map822 = map822 + + <-c // zBlank + l = <-c // zString + rr.Mapx400 = l.token + mapx400, mapx400Ok := toAbsoluteName(l.token, o) + if l.err || !mapx400Ok { + return nil, &ParseError{f, "bad PX Mapx400", l}, "" + } + rr.Mapx400 = mapx400 + + return rr, nil, "" +} + +func setCAA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { + rr := new(CAA) + rr.Hdr = h + + l := <-c + if l.length == 0 { // dynamic update rr. + return rr, nil, l.comment + } + + i, err := strconv.ParseUint(l.token, 10, 8) + if err != nil || l.err { + return nil, &ParseError{f, "bad CAA Flag", l}, "" + } + rr.Flag = uint8(i) + + <-c // zBlank + l = <-c // zString + if l.value != zString { + return nil, &ParseError{f, "bad CAA Tag", l}, "" + } + rr.Tag = l.token + + <-c // zBlank + s, e, c1 := endingToTxtSlice(c, "bad CAA Value", f) + if e != nil { + return nil, e, "" + } + if len(s) != 1 { + return nil, &ParseError{f, "bad CAA Value", l}, "" + } + rr.Value = s[0] + return rr, nil, c1 +} + +var typeToparserFunc = map[uint16]parserFunc{ + TypeAAAA: {setAAAA, false}, + TypeAFSDB: {setAFSDB, false}, + TypeA: {setA, false}, + TypeCAA: {setCAA, true}, + TypeCDS: {setCDS, true}, + TypeCDNSKEY: {setCDNSKEY, true}, + TypeCERT: {setCERT, true}, + TypeCNAME: {setCNAME, false}, + TypeCSYNC: {setCSYNC, true}, + TypeDHCID: {setDHCID, true}, + TypeDLV: {setDLV, true}, + TypeDNAME: {setDNAME, false}, + TypeKEY: {setKEY, true}, + TypeDNSKEY: {setDNSKEY, true}, + TypeDS: {setDS, true}, + TypeEID: {setEID, true}, + TypeEUI48: {setEUI48, false}, + TypeEUI64: {setEUI64, false}, + TypeGID: {setGID, false}, + TypeGPOS: {setGPOS, false}, + TypeHINFO: {setHINFO, true}, + TypeHIP: {setHIP, true}, + TypeKX: {setKX, false}, + TypeL32: {setL32, false}, + TypeL64: {setL64, false}, + TypeLOC: {setLOC, true}, + TypeLP: {setLP, false}, + TypeMB: {setMB, false}, + TypeMD: {setMD, false}, + TypeMF: {setMF, false}, + TypeMG: {setMG, false}, + TypeMINFO: {setMINFO, false}, + TypeMR: {setMR, false}, + TypeMX: {setMX, false}, + TypeNAPTR: {setNAPTR, false}, + TypeNID: {setNID, false}, + TypeNIMLOC: {setNIMLOC, true}, + TypeNINFO: {setNINFO, true}, + TypeNSAPPTR: {setNSAPPTR, false}, + TypeNSEC3PARAM: {setNSEC3PARAM, false}, + TypeNSEC3: {setNSEC3, true}, + TypeNSEC: {setNSEC, true}, + TypeNS: {setNS, false}, + TypeOPENPGPKEY: {setOPENPGPKEY, true}, + TypePTR: {setPTR, false}, + TypePX: {setPX, false}, + TypeSIG: {setSIG, true}, + TypeRKEY: {setRKEY, true}, + TypeRP: {setRP, false}, + TypeRRSIG: {setRRSIG, true}, + TypeRT: {setRT, false}, + TypeSMIMEA: {setSMIMEA, true}, + TypeSOA: {setSOA, false}, + TypeSPF: {setSPF, true}, + TypeAVC: {setAVC, true}, + TypeSRV: {setSRV, false}, + TypeSSHFP: {setSSHFP, true}, + TypeTALINK: {setTALINK, false}, + TypeTA: {setTA, true}, + TypeTLSA: {setTLSA, true}, + TypeTXT: {setTXT, true}, + TypeUID: {setUID, false}, + TypeUINFO: {setUINFO, true}, + TypeURI: {setURI, true}, + TypeX25: {setX25, false}, +} diff --git a/vendor/github.com/miekg/dns/scanner.go b/vendor/github.com/miekg/dns/scanner.go new file mode 100644 index 0000000..424e5af --- /dev/null +++ b/vendor/github.com/miekg/dns/scanner.go @@ -0,0 +1,56 @@ +package dns + +// Implement a simple scanner, return a byte stream from an io reader. + +import ( + "bufio" + "context" + "io" + "text/scanner" +) + +type scan struct { + src *bufio.Reader + position scanner.Position + eof bool // Have we just seen a eof + ctx context.Context +} + +func scanInit(r io.Reader) (*scan, context.CancelFunc) { + s := new(scan) + s.src = bufio.NewReader(r) + s.position.Line = 1 + + ctx, cancel := context.WithCancel(context.Background()) + s.ctx = ctx + + return s, cancel +} + +// tokenText returns the next byte from the input +func (s *scan) tokenText() (byte, error) { + c, err := s.src.ReadByte() + if err != nil { + return c, err + } + select { + case <-s.ctx.Done(): + return c, context.Canceled + default: + break + } + + // delay the newline handling until the next token is delivered, + // fixes off-by-one errors when reporting a parse error. + if s.eof == true { + s.position.Line++ + s.position.Column = 0 + s.eof = false + } + if c == '\n' { + s.eof = true + return c, nil + } + s.position.Column++ + return c, nil +} diff --git a/vendor/github.com/miekg/dns/server.go b/vendor/github.com/miekg/dns/server.go new file mode 100644 index 0000000..136a9a1 --- /dev/null +++ b/vendor/github.com/miekg/dns/server.go @@ -0,0 +1,713 @@ +// DNS server implementation. + +package dns + +import ( + "bytes" + "crypto/tls" + "encoding/binary" + "io" + "net" + "sync" + "time" +) + +// Maximum number of TCP queries before we close the socket. +const maxTCPQueries = 128 + +// Handler is implemented by any value that implements ServeDNS. +type Handler interface { + ServeDNS(w ResponseWriter, r *Msg) +} + +// A ResponseWriter interface is used by an DNS handler to +// construct an DNS response. +type ResponseWriter interface { + // LocalAddr returns the net.Addr of the server + LocalAddr() net.Addr + // RemoteAddr returns the net.Addr of the client that sent the current request. + RemoteAddr() net.Addr + // WriteMsg writes a reply back to the client. + WriteMsg(*Msg) error + // Write writes a raw buffer back to the client. + Write([]byte) (int, error) + // Close closes the connection. + Close() error + // TsigStatus returns the status of the Tsig. + TsigStatus() error + // TsigTimersOnly sets the tsig timers only boolean. + TsigTimersOnly(bool) + // Hijack lets the caller take over the connection. + // After a call to Hijack(), the DNS package will not do anything with the connection. + Hijack() +} + +type response struct { + hijacked bool // connection has been hijacked by handler + tsigStatus error + tsigTimersOnly bool + tsigRequestMAC string + tsigSecret map[string]string // the tsig secrets + udp *net.UDPConn // i/o connection if UDP was used + tcp net.Conn // i/o connection if TCP was used + udpSession *SessionUDP // oob data to get egress interface right + remoteAddr net.Addr // address of the client + writer Writer // writer to output the raw DNS bits +} + +// ServeMux is an DNS request multiplexer. It matches the +// zone name of each incoming request against a list of +// registered patterns add calls the handler for the pattern +// that most closely matches the zone name. ServeMux is DNSSEC aware, meaning +// that queries for the DS record are redirected to the parent zone (if that +// is also registered), otherwise the child gets the query. +// ServeMux is also safe for concurrent access from multiple goroutines. +type ServeMux struct { + z map[string]Handler + m *sync.RWMutex +} + +// NewServeMux allocates and returns a new ServeMux. +func NewServeMux() *ServeMux { return &ServeMux{z: make(map[string]Handler), m: new(sync.RWMutex)} } + +// DefaultServeMux is the default ServeMux used by Serve. +var DefaultServeMux = NewServeMux() + +// The HandlerFunc type is an adapter to allow the use of +// ordinary functions as DNS handlers. If f is a function +// with the appropriate signature, HandlerFunc(f) is a +// Handler object that calls f. +type HandlerFunc func(ResponseWriter, *Msg) + +// ServeDNS calls f(w, r). +func (f HandlerFunc) ServeDNS(w ResponseWriter, r *Msg) { + f(w, r) +} + +// HandleFailed returns a HandlerFunc that returns SERVFAIL for every request it gets. +func HandleFailed(w ResponseWriter, r *Msg) { + m := new(Msg) + m.SetRcode(r, RcodeServerFailure) + // does not matter if this write fails + w.WriteMsg(m) +} + +func failedHandler() Handler { return HandlerFunc(HandleFailed) } + +// ListenAndServe Starts a server on address and network specified Invoke handler +// for incoming queries. +func ListenAndServe(addr string, network string, handler Handler) error { + server := &Server{Addr: addr, Net: network, Handler: handler} + return server.ListenAndServe() +} + +// ListenAndServeTLS acts like http.ListenAndServeTLS, more information in +// http://golang.org/pkg/net/http/#ListenAndServeTLS +func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error { + cert, err := tls.LoadX509KeyPair(certFile, keyFile) + if err != nil { + return err + } + + config := tls.Config{ + Certificates: []tls.Certificate{cert}, + } + + server := &Server{ + Addr: addr, + Net: "tcp-tls", + TLSConfig: &config, + Handler: handler, + } + + return server.ListenAndServe() +} + +// ActivateAndServe activates a server with a listener from systemd, +// l and p should not both be non-nil. +// If both l and p are not nil only p will be used. +// Invoke handler for incoming queries. +func ActivateAndServe(l net.Listener, p net.PacketConn, handler Handler) error { + server := &Server{Listener: l, PacketConn: p, Handler: handler} + return server.ActivateAndServe() +} + +func (mux *ServeMux) match(q string, t uint16) Handler { + mux.m.RLock() + defer mux.m.RUnlock() + var handler Handler + b := make([]byte, len(q)) // worst case, one label of length q + off := 0 + end := false + for { + l := len(q[off:]) + for i := 0; i < l; i++ { + b[i] = q[off+i] + if b[i] >= 'A' && b[i] <= 'Z' { + b[i] |= ('a' - 'A') + } + } + if h, ok := mux.z[string(b[:l])]; ok { // causes garbage, might want to change the map key + if t != TypeDS { + return h + } + // Continue for DS to see if we have a parent too, if so delegeate to the parent + handler = h + } + off, end = NextLabel(q, off) + if end { + break + } + } + // Wildcard match, if we have found nothing try the root zone as a last resort. + if h, ok := mux.z["."]; ok { + return h + } + return handler +} + +// Handle adds a handler to the ServeMux for pattern. +func (mux *ServeMux) Handle(pattern string, handler Handler) { + if pattern == "" { + panic("dns: invalid pattern " + pattern) + } + mux.m.Lock() + mux.z[Fqdn(pattern)] = handler + mux.m.Unlock() +} + +// HandleFunc adds a handler function to the ServeMux for pattern. +func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Msg)) { + mux.Handle(pattern, HandlerFunc(handler)) +} + +// HandleRemove deregistrars the handler specific for pattern from the ServeMux. +func (mux *ServeMux) HandleRemove(pattern string) { + if pattern == "" { + panic("dns: invalid pattern " + pattern) + } + mux.m.Lock() + delete(mux.z, Fqdn(pattern)) + mux.m.Unlock() +} + +// ServeDNS dispatches the request to the handler whose +// pattern most closely matches the request message. If DefaultServeMux +// is used the correct thing for DS queries is done: a possible parent +// is sought. +// If no handler is found a standard SERVFAIL message is returned +// If the request message does not have exactly one question in the +// question section a SERVFAIL is returned, unlesss Unsafe is true. +func (mux *ServeMux) ServeDNS(w ResponseWriter, request *Msg) { + var h Handler + if len(request.Question) < 1 { // allow more than one question + h = failedHandler() + } else { + if h = mux.match(request.Question[0].Name, request.Question[0].Qtype); h == nil { + h = failedHandler() + } + } + h.ServeDNS(w, request) +} + +// Handle registers the handler with the given pattern +// in the DefaultServeMux. The documentation for +// ServeMux explains how patterns are matched. +func Handle(pattern string, handler Handler) { DefaultServeMux.Handle(pattern, handler) } + +// HandleRemove deregisters the handle with the given pattern +// in the DefaultServeMux. +func HandleRemove(pattern string) { DefaultServeMux.HandleRemove(pattern) } + +// HandleFunc registers the handler function with the given pattern +// in the DefaultServeMux. +func HandleFunc(pattern string, handler func(ResponseWriter, *Msg)) { + DefaultServeMux.HandleFunc(pattern, handler) +} + +// Writer writes raw DNS messages; each call to Write should send an entire message. +type Writer interface { + io.Writer +} + +// Reader reads raw DNS messages; each call to ReadTCP or ReadUDP should return an entire message. +type Reader interface { + // ReadTCP reads a raw message from a TCP connection. Implementations may alter + // connection properties, for example the read-deadline. + ReadTCP(conn net.Conn, timeout time.Duration) ([]byte, error) + // ReadUDP reads a raw message from a UDP connection. Implementations may alter + // connection properties, for example the read-deadline. + ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) +} + +// defaultReader is an adapter for the Server struct that implements the Reader interface +// using the readTCP and readUDP func of the embedded Server. +type defaultReader struct { + *Server +} + +func (dr *defaultReader) ReadTCP(conn net.Conn, timeout time.Duration) ([]byte, error) { + return dr.readTCP(conn, timeout) +} + +func (dr *defaultReader) ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) { + return dr.readUDP(conn, timeout) +} + +// DecorateReader is a decorator hook for extending or supplanting the functionality of a Reader. +// Implementations should never return a nil Reader. +type DecorateReader func(Reader) Reader + +// DecorateWriter is a decorator hook for extending or supplanting the functionality of a Writer. +// Implementations should never return a nil Writer. +type DecorateWriter func(Writer) Writer + +// A Server defines parameters for running an DNS server. +type Server struct { + // Address to listen on, ":dns" if empty. + Addr string + // if "tcp" or "tcp-tls" (DNS over TLS) it will invoke a TCP listener, otherwise an UDP one + Net string + // TCP Listener to use, this is to aid in systemd's socket activation. + Listener net.Listener + // TLS connection configuration + TLSConfig *tls.Config + // UDP "Listener" to use, this is to aid in systemd's socket activation. + PacketConn net.PacketConn + // Handler to invoke, dns.DefaultServeMux if nil. + Handler Handler + // Default buffer size to use to read incoming UDP messages. If not set + // it defaults to MinMsgSize (512 B). + UDPSize int + // The net.Conn.SetReadTimeout value for new connections, defaults to 2 * time.Second. + ReadTimeout time.Duration + // The net.Conn.SetWriteTimeout value for new connections, defaults to 2 * time.Second. + WriteTimeout time.Duration + // TCP idle timeout for multiple queries, if nil, defaults to 8 * time.Second (RFC 5966). + IdleTimeout func() time.Duration + // Secret(s) for Tsig map[]. The zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2). + TsigSecret map[string]string + // Unsafe instructs the server to disregard any sanity checks and directly hand the message to + // the handler. It will specifically not check if the query has the QR bit not set. + Unsafe bool + // If NotifyStartedFunc is set it is called once the server has started listening. + NotifyStartedFunc func() + // DecorateReader is optional, allows customization of the process that reads raw DNS messages. + DecorateReader DecorateReader + // DecorateWriter is optional, allows customization of the process that writes raw DNS messages. + DecorateWriter DecorateWriter + + // Shutdown handling + lock sync.RWMutex + started bool +} + +// ListenAndServe starts a nameserver on the configured address in *Server. +func (srv *Server) ListenAndServe() error { + srv.lock.Lock() + defer srv.lock.Unlock() + if srv.started { + return &Error{err: "server already started"} + } + addr := srv.Addr + if addr == "" { + addr = ":domain" + } + if srv.UDPSize == 0 { + srv.UDPSize = MinMsgSize + } + switch srv.Net { + case "tcp", "tcp4", "tcp6": + a, err := net.ResolveTCPAddr(srv.Net, addr) + if err != nil { + return err + } + l, err := net.ListenTCP(srv.Net, a) + if err != nil { + return err + } + srv.Listener = l + srv.started = true + srv.lock.Unlock() + err = srv.serveTCP(l) + srv.lock.Lock() // to satisfy the defer at the top + return err + case "tcp-tls", "tcp4-tls", "tcp6-tls": + network := "tcp" + if srv.Net == "tcp4-tls" { + network = "tcp4" + } else if srv.Net == "tcp6-tls" { + network = "tcp6" + } + + l, err := tls.Listen(network, addr, srv.TLSConfig) + if err != nil { + return err + } + srv.Listener = l + srv.started = true + srv.lock.Unlock() + err = srv.serveTCP(l) + srv.lock.Lock() // to satisfy the defer at the top + return err + case "udp", "udp4", "udp6": + a, err := net.ResolveUDPAddr(srv.Net, addr) + if err != nil { + return err + } + l, err := net.ListenUDP(srv.Net, a) + if err != nil { + return err + } + if e := setUDPSocketOptions(l); e != nil { + return e + } + srv.PacketConn = l + srv.started = true + srv.lock.Unlock() + err = srv.serveUDP(l) + srv.lock.Lock() // to satisfy the defer at the top + return err + } + return &Error{err: "bad network"} +} + +// ActivateAndServe starts a nameserver with the PacketConn or Listener +// configured in *Server. Its main use is to start a server from systemd. +func (srv *Server) ActivateAndServe() error { + srv.lock.Lock() + defer srv.lock.Unlock() + if srv.started { + return &Error{err: "server already started"} + } + pConn := srv.PacketConn + l := srv.Listener + if pConn != nil { + if srv.UDPSize == 0 { + srv.UDPSize = MinMsgSize + } + // Check PacketConn interface's type is valid and value + // is not nil + if t, ok := pConn.(*net.UDPConn); ok && t != nil { + if e := setUDPSocketOptions(t); e != nil { + return e + } + srv.started = true + srv.lock.Unlock() + e := srv.serveUDP(t) + srv.lock.Lock() // to satisfy the defer at the top + return e + } + } + if l != nil { + srv.started = true + srv.lock.Unlock() + e := srv.serveTCP(l) + srv.lock.Lock() // to satisfy the defer at the top + return e + } + return &Error{err: "bad listeners"} +} + +// Shutdown shuts down a server. After a call to Shutdown, ListenAndServe and +// ActivateAndServe will return. +func (srv *Server) Shutdown() error { + srv.lock.Lock() + if !srv.started { + srv.lock.Unlock() + return &Error{err: "server not started"} + } + srv.started = false + srv.lock.Unlock() + + if srv.PacketConn != nil { + srv.PacketConn.Close() + } + if srv.Listener != nil { + srv.Listener.Close() + } + return nil +} + +// getReadTimeout is a helper func to use system timeout if server did not intend to change it. +func (srv *Server) getReadTimeout() time.Duration { + rtimeout := dnsTimeout + if srv.ReadTimeout != 0 { + rtimeout = srv.ReadTimeout + } + return rtimeout +} + +// serveTCP starts a TCP listener for the server. +// Each request is handled in a separate goroutine. +func (srv *Server) serveTCP(l net.Listener) error { + defer l.Close() + + if srv.NotifyStartedFunc != nil { + srv.NotifyStartedFunc() + } + + reader := Reader(&defaultReader{srv}) + if srv.DecorateReader != nil { + reader = srv.DecorateReader(reader) + } + + handler := srv.Handler + if handler == nil { + handler = DefaultServeMux + } + rtimeout := srv.getReadTimeout() + // deadline is not used here + for { + rw, err := l.Accept() + if err != nil { + if neterr, ok := err.(net.Error); ok && neterr.Temporary() { + continue + } + return err + } + m, err := reader.ReadTCP(rw, rtimeout) + srv.lock.RLock() + if !srv.started { + srv.lock.RUnlock() + return nil + } + srv.lock.RUnlock() + if err != nil { + continue + } + go srv.serve(rw.RemoteAddr(), handler, m, nil, nil, rw) + } +} + +// serveUDP starts a UDP listener for the server. +// Each request is handled in a separate goroutine. +func (srv *Server) serveUDP(l *net.UDPConn) error { + defer l.Close() + + if srv.NotifyStartedFunc != nil { + srv.NotifyStartedFunc() + } + + reader := Reader(&defaultReader{srv}) + if srv.DecorateReader != nil { + reader = srv.DecorateReader(reader) + } + + handler := srv.Handler + if handler == nil { + handler = DefaultServeMux + } + rtimeout := srv.getReadTimeout() + // deadline is not used here + for { + m, s, err := reader.ReadUDP(l, rtimeout) + srv.lock.RLock() + if !srv.started { + srv.lock.RUnlock() + return nil + } + srv.lock.RUnlock() + if err != nil { + continue + } + go srv.serve(s.RemoteAddr(), handler, m, l, s, nil) + } +} + +// Serve a new connection. +func (srv *Server) serve(a net.Addr, h Handler, m []byte, u *net.UDPConn, s *SessionUDP, t net.Conn) { + w := &response{tsigSecret: srv.TsigSecret, udp: u, tcp: t, remoteAddr: a, udpSession: s} + if srv.DecorateWriter != nil { + w.writer = srv.DecorateWriter(w) + } else { + w.writer = w + } + + q := 0 // counter for the amount of TCP queries we get + + reader := Reader(&defaultReader{srv}) + if srv.DecorateReader != nil { + reader = srv.DecorateReader(reader) + } +Redo: + req := new(Msg) + err := req.Unpack(m) + if err != nil { // Send a FormatError back + x := new(Msg) + x.SetRcodeFormatError(req) + w.WriteMsg(x) + goto Exit + } + if !srv.Unsafe && req.Response { + goto Exit + } + + w.tsigStatus = nil + if w.tsigSecret != nil { + if t := req.IsTsig(); t != nil { + secret := t.Hdr.Name + if _, ok := w.tsigSecret[secret]; !ok { + w.tsigStatus = ErrKeyAlg + } + w.tsigStatus = TsigVerify(m, w.tsigSecret[secret], "", false) + w.tsigTimersOnly = false + w.tsigRequestMAC = req.Extra[len(req.Extra)-1].(*TSIG).MAC + } + } + h.ServeDNS(w, req) // Writes back to the client + +Exit: + if w.tcp == nil { + return + } + // TODO(miek): make this number configurable? + if q > maxTCPQueries { // close socket after this many queries + w.Close() + return + } + + if w.hijacked { + return // client calls Close() + } + if u != nil { // UDP, "close" and return + w.Close() + return + } + idleTimeout := tcpIdleTimeout + if srv.IdleTimeout != nil { + idleTimeout = srv.IdleTimeout() + } + m, err = reader.ReadTCP(w.tcp, idleTimeout) + if err == nil { + q++ + goto Redo + } + w.Close() + return +} + +func (srv *Server) readTCP(conn net.Conn, timeout time.Duration) ([]byte, error) { + conn.SetReadDeadline(time.Now().Add(timeout)) + l := make([]byte, 2) + n, err := conn.Read(l) + if err != nil || n != 2 { + if err != nil { + return nil, err + } + return nil, ErrShortRead + } + length := binary.BigEndian.Uint16(l) + if length == 0 { + return nil, ErrShortRead + } + m := make([]byte, int(length)) + n, err = conn.Read(m[:int(length)]) + if err != nil || n == 0 { + if err != nil { + return nil, err + } + return nil, ErrShortRead + } + i := n + for i < int(length) { + j, err := conn.Read(m[i:int(length)]) + if err != nil { + return nil, err + } + i += j + } + n = i + m = m[:n] + return m, nil +} + +func (srv *Server) readUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) { + conn.SetReadDeadline(time.Now().Add(timeout)) + m := make([]byte, srv.UDPSize) + n, s, err := ReadFromSessionUDP(conn, m) + if err != nil || n == 0 { + if err != nil { + return nil, nil, err + } + return nil, nil, ErrShortRead + } + m = m[:n] + return m, s, nil +} + +// WriteMsg implements the ResponseWriter.WriteMsg method. +func (w *response) WriteMsg(m *Msg) (err error) { + var data []byte + if w.tsigSecret != nil { // if no secrets, dont check for the tsig (which is a longer check) + if t := m.IsTsig(); t != nil { + data, w.tsigRequestMAC, err = TsigGenerate(m, w.tsigSecret[t.Hdr.Name], w.tsigRequestMAC, w.tsigTimersOnly) + if err != nil { + return err + } + _, err = w.writer.Write(data) + return err + } + } + data, err = m.Pack() + if err != nil { + return err + } + _, err = w.writer.Write(data) + return err +} + +// Write implements the ResponseWriter.Write method. +func (w *response) Write(m []byte) (int, error) { + switch { + case w.udp != nil: + n, err := WriteToSessionUDP(w.udp, m, w.udpSession) + return n, err + case w.tcp != nil: + lm := len(m) + if lm < 2 { + return 0, io.ErrShortBuffer + } + if lm > MaxMsgSize { + return 0, &Error{err: "message too large"} + } + l := make([]byte, 2, 2+lm) + binary.BigEndian.PutUint16(l, uint16(lm)) + m = append(l, m...) + + n, err := io.Copy(w.tcp, bytes.NewReader(m)) + return int(n), err + } + panic("not reached") +} + +// LocalAddr implements the ResponseWriter.LocalAddr method. +func (w *response) LocalAddr() net.Addr { + if w.tcp != nil { + return w.tcp.LocalAddr() + } + return w.udp.LocalAddr() +} + +// RemoteAddr implements the ResponseWriter.RemoteAddr method. +func (w *response) RemoteAddr() net.Addr { return w.remoteAddr } + +// TsigStatus implements the ResponseWriter.TsigStatus method. +func (w *response) TsigStatus() error { return w.tsigStatus } + +// TsigTimersOnly implements the ResponseWriter.TsigTimersOnly method. +func (w *response) TsigTimersOnly(b bool) { w.tsigTimersOnly = b } + +// Hijack implements the ResponseWriter.Hijack method. +func (w *response) Hijack() { w.hijacked = true } + +// Close implements the ResponseWriter.Close method +func (w *response) Close() error { + // Can't close the udp conn, as that is actually the listener. + if w.tcp != nil { + e := w.tcp.Close() + w.tcp = nil + return e + } + return nil +} diff --git a/vendor/github.com/miekg/dns/sig0.go b/vendor/github.com/miekg/dns/sig0.go new file mode 100644 index 0000000..f31e9e6 --- /dev/null +++ b/vendor/github.com/miekg/dns/sig0.go @@ -0,0 +1,218 @@ +package dns + +import ( + "crypto" + "crypto/dsa" + "crypto/ecdsa" + "crypto/rsa" + "encoding/binary" + "math/big" + "strings" + "time" +) + +// Sign signs a dns.Msg. It fills the signature with the appropriate data. +// The SIG record should have the SignerName, KeyTag, Algorithm, Inception +// and Expiration set. +func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) { + if k == nil { + return nil, ErrPrivKey + } + if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 { + return nil, ErrKey + } + rr.Header().Rrtype = TypeSIG + rr.Header().Class = ClassANY + rr.Header().Ttl = 0 + rr.Header().Name = "." + rr.OrigTtl = 0 + rr.TypeCovered = 0 + rr.Labels = 0 + + buf := make([]byte, m.Len()+rr.len()) + mbuf, err := m.PackBuffer(buf) + if err != nil { + return nil, err + } + if &buf[0] != &mbuf[0] { + return nil, ErrBuf + } + off, err := PackRR(rr, buf, len(mbuf), nil, false) + if err != nil { + return nil, err + } + buf = buf[:off:cap(buf)] + + hash, ok := AlgorithmToHash[rr.Algorithm] + if !ok { + return nil, ErrAlg + } + + hasher := hash.New() + // Write SIG rdata + hasher.Write(buf[len(mbuf)+1+2+2+4+2:]) + // Write message + hasher.Write(buf[:len(mbuf)]) + + signature, err := sign(k, hasher.Sum(nil), hash, rr.Algorithm) + if err != nil { + return nil, err + } + + rr.Signature = toBase64(signature) + + buf = append(buf, signature...) + if len(buf) > int(^uint16(0)) { + return nil, ErrBuf + } + // Adjust sig data length + rdoff := len(mbuf) + 1 + 2 + 2 + 4 + rdlen := binary.BigEndian.Uint16(buf[rdoff:]) + rdlen += uint16(len(signature)) + binary.BigEndian.PutUint16(buf[rdoff:], rdlen) + // Adjust additional count + adc := binary.BigEndian.Uint16(buf[10:]) + adc++ + binary.BigEndian.PutUint16(buf[10:], adc) + return buf, nil +} + +// Verify validates the message buf using the key k. +// It's assumed that buf is a valid message from which rr was unpacked. +func (rr *SIG) Verify(k *KEY, buf []byte) error { + if k == nil { + return ErrKey + } + if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 { + return ErrKey + } + + var hash crypto.Hash + switch rr.Algorithm { + case DSA, RSASHA1: + hash = crypto.SHA1 + case RSASHA256, ECDSAP256SHA256: + hash = crypto.SHA256 + case ECDSAP384SHA384: + hash = crypto.SHA384 + case RSASHA512: + hash = crypto.SHA512 + default: + return ErrAlg + } + hasher := hash.New() + + buflen := len(buf) + qdc := binary.BigEndian.Uint16(buf[4:]) + anc := binary.BigEndian.Uint16(buf[6:]) + auc := binary.BigEndian.Uint16(buf[8:]) + adc := binary.BigEndian.Uint16(buf[10:]) + offset := 12 + var err error + for i := uint16(0); i < qdc && offset < buflen; i++ { + _, offset, err = UnpackDomainName(buf, offset) + if err != nil { + return err + } + // Skip past Type and Class + offset += 2 + 2 + } + for i := uint16(1); i < anc+auc+adc && offset < buflen; i++ { + _, offset, err = UnpackDomainName(buf, offset) + if err != nil { + return err + } + // Skip past Type, Class and TTL + offset += 2 + 2 + 4 + if offset+1 >= buflen { + continue + } + var rdlen uint16 + rdlen = binary.BigEndian.Uint16(buf[offset:]) + offset += 2 + offset += int(rdlen) + } + if offset >= buflen { + return &Error{err: "overflowing unpacking signed message"} + } + + // offset should be just prior to SIG + bodyend := offset + // owner name SHOULD be root + _, offset, err = UnpackDomainName(buf, offset) + if err != nil { + return err + } + // Skip Type, Class, TTL, RDLen + offset += 2 + 2 + 4 + 2 + sigstart := offset + // Skip Type Covered, Algorithm, Labels, Original TTL + offset += 2 + 1 + 1 + 4 + if offset+4+4 >= buflen { + return &Error{err: "overflow unpacking signed message"} + } + expire := binary.BigEndian.Uint32(buf[offset:]) + offset += 4 + incept := binary.BigEndian.Uint32(buf[offset:]) + offset += 4 + now := uint32(time.Now().Unix()) + if now < incept || now > expire { + return ErrTime + } + // Skip key tag + offset += 2 + var signername string + signername, offset, err = UnpackDomainName(buf, offset) + if err != nil { + return err + } + // If key has come from the DNS name compression might + // have mangled the case of the name + if strings.ToLower(signername) != strings.ToLower(k.Header().Name) { + return &Error{err: "signer name doesn't match key name"} + } + sigend := offset + hasher.Write(buf[sigstart:sigend]) + hasher.Write(buf[:10]) + hasher.Write([]byte{ + byte((adc - 1) << 8), + byte(adc - 1), + }) + hasher.Write(buf[12:bodyend]) + + hashed := hasher.Sum(nil) + sig := buf[sigend:] + switch k.Algorithm { + case DSA: + pk := k.publicKeyDSA() + sig = sig[1:] + r := big.NewInt(0) + r.SetBytes(sig[:len(sig)/2]) + s := big.NewInt(0) + s.SetBytes(sig[len(sig)/2:]) + if pk != nil { + if dsa.Verify(pk, hashed, r, s) { + return nil + } + return ErrSig + } + case RSASHA1, RSASHA256, RSASHA512: + pk := k.publicKeyRSA() + if pk != nil { + return rsa.VerifyPKCS1v15(pk, hash, hashed, sig) + } + case ECDSAP256SHA256, ECDSAP384SHA384: + pk := k.publicKeyECDSA() + r := big.NewInt(0) + r.SetBytes(sig[:len(sig)/2]) + s := big.NewInt(0) + s.SetBytes(sig[len(sig)/2:]) + if pk != nil { + if ecdsa.Verify(pk, hashed, r, s) { + return nil + } + return ErrSig + } + } + return ErrKeyAlg +} diff --git a/vendor/github.com/miekg/dns/singleinflight.go b/vendor/github.com/miekg/dns/singleinflight.go new file mode 100644 index 0000000..9573c7d --- /dev/null +++ b/vendor/github.com/miekg/dns/singleinflight.go @@ -0,0 +1,57 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Adapted for dns package usage by Miek Gieben. + +package dns + +import "sync" +import "time" + +// call is an in-flight or completed singleflight.Do call +type call struct { + wg sync.WaitGroup + val *Msg + rtt time.Duration + err error + dups int +} + +// singleflight represents a class of work and forms a namespace in +// which units of work can be executed with duplicate suppression. +type singleflight struct { + sync.Mutex // protects m + m map[string]*call // lazily initialized +} + +// Do executes and returns the results of the given function, making +// sure that only one execution is in-flight for a given key at a +// time. If a duplicate comes in, the duplicate caller waits for the +// original to complete and receives the same results. +// The return value shared indicates whether v was given to multiple callers. +func (g *singleflight) Do(key string, fn func() (*Msg, time.Duration, error)) (v *Msg, rtt time.Duration, err error, shared bool) { + g.Lock() + if g.m == nil { + g.m = make(map[string]*call) + } + if c, ok := g.m[key]; ok { + c.dups++ + g.Unlock() + c.wg.Wait() + return c.val, c.rtt, c.err, true + } + c := new(call) + c.wg.Add(1) + g.m[key] = c + g.Unlock() + + c.val, c.rtt, c.err = fn() + c.wg.Done() + + g.Lock() + delete(g.m, key) + g.Unlock() + + return c.val, c.rtt, c.err, c.dups > 0 +} diff --git a/vendor/github.com/miekg/dns/smimea.go b/vendor/github.com/miekg/dns/smimea.go new file mode 100644 index 0000000..4e7ded4 --- /dev/null +++ b/vendor/github.com/miekg/dns/smimea.go @@ -0,0 +1,47 @@ +package dns + +import ( + "crypto/sha256" + "crypto/x509" + "encoding/hex" +) + +// Sign creates a SMIMEA record from an SSL certificate. +func (r *SMIMEA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) { + r.Hdr.Rrtype = TypeSMIMEA + r.Usage = uint8(usage) + r.Selector = uint8(selector) + r.MatchingType = uint8(matchingType) + + r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert) + if err != nil { + return err + } + return nil +} + +// Verify verifies a SMIMEA record against an SSL certificate. If it is OK +// a nil error is returned. +func (r *SMIMEA) Verify(cert *x509.Certificate) error { + c, err := CertificateToDANE(r.Selector, r.MatchingType, cert) + if err != nil { + return err // Not also ErrSig? + } + if r.Certificate == c { + return nil + } + return ErrSig // ErrSig, really? +} + +// SMIMEAName returns the ownername of a SMIMEA resource record as per the +// format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3 +func SMIMEAName(email, domain string) (string, error) { + hasher := sha256.New() + hasher.Write([]byte(email)) + + // RFC Section 3: "The local-part is hashed using the SHA2-256 + // algorithm with the hash truncated to 28 octets and + // represented in its hexadecimal representation to become the + // left-most label in the prepared domain name" + return hex.EncodeToString(hasher.Sum(nil)[:28]) + "." + "_smimecert." + domain, nil +} diff --git a/vendor/github.com/miekg/dns/tlsa.go b/vendor/github.com/miekg/dns/tlsa.go new file mode 100644 index 0000000..431e2fb --- /dev/null +++ b/vendor/github.com/miekg/dns/tlsa.go @@ -0,0 +1,47 @@ +package dns + +import ( + "crypto/x509" + "net" + "strconv" +) + +// Sign creates a TLSA record from an SSL certificate. +func (r *TLSA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) { + r.Hdr.Rrtype = TypeTLSA + r.Usage = uint8(usage) + r.Selector = uint8(selector) + r.MatchingType = uint8(matchingType) + + r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert) + if err != nil { + return err + } + return nil +} + +// Verify verifies a TLSA record against an SSL certificate. If it is OK +// a nil error is returned. +func (r *TLSA) Verify(cert *x509.Certificate) error { + c, err := CertificateToDANE(r.Selector, r.MatchingType, cert) + if err != nil { + return err // Not also ErrSig? + } + if r.Certificate == c { + return nil + } + return ErrSig // ErrSig, really? +} + +// TLSAName returns the ownername of a TLSA resource record as per the +// rules specified in RFC 6698, Section 3. +func TLSAName(name, service, network string) (string, error) { + if !IsFqdn(name) { + return "", ErrFqdn + } + p, err := net.LookupPort(network, service) + if err != nil { + return "", err + } + return "_" + strconv.Itoa(p) + "._" + network + "." + name, nil +} diff --git a/vendor/github.com/miekg/dns/tsig.go b/vendor/github.com/miekg/dns/tsig.go new file mode 100644 index 0000000..4837b4a --- /dev/null +++ b/vendor/github.com/miekg/dns/tsig.go @@ -0,0 +1,386 @@ +package dns + +import ( + "crypto/hmac" + "crypto/md5" + "crypto/sha1" + "crypto/sha256" + "crypto/sha512" + "encoding/binary" + "encoding/hex" + "hash" + "strconv" + "strings" + "time" +) + +// HMAC hashing codes. These are transmitted as domain names. +const ( + HmacMD5 = "hmac-md5.sig-alg.reg.int." + HmacSHA1 = "hmac-sha1." + HmacSHA256 = "hmac-sha256." + HmacSHA512 = "hmac-sha512." +) + +// TSIG is the RR the holds the transaction signature of a message. +// See RFC 2845 and RFC 4635. +type TSIG struct { + Hdr RR_Header + Algorithm string `dns:"domain-name"` + TimeSigned uint64 `dns:"uint48"` + Fudge uint16 + MACSize uint16 + MAC string `dns:"size-hex:MACSize"` + OrigId uint16 + Error uint16 + OtherLen uint16 + OtherData string `dns:"size-hex:OtherLen"` +} + +// TSIG has no official presentation format, but this will suffice. + +func (rr *TSIG) String() string { + s := "\n;; TSIG PSEUDOSECTION:\n" + s += rr.Hdr.String() + + " " + rr.Algorithm + + " " + tsigTimeToString(rr.TimeSigned) + + " " + strconv.Itoa(int(rr.Fudge)) + + " " + strconv.Itoa(int(rr.MACSize)) + + " " + strings.ToUpper(rr.MAC) + + " " + strconv.Itoa(int(rr.OrigId)) + + " " + strconv.Itoa(int(rr.Error)) + // BIND prints NOERROR + " " + strconv.Itoa(int(rr.OtherLen)) + + " " + rr.OtherData + return s +} + +// The following values must be put in wireformat, so that the MAC can be calculated. +// RFC 2845, section 3.4.2. TSIG Variables. +type tsigWireFmt struct { + // From RR_Header + Name string `dns:"domain-name"` + Class uint16 + Ttl uint32 + // Rdata of the TSIG + Algorithm string `dns:"domain-name"` + TimeSigned uint64 `dns:"uint48"` + Fudge uint16 + // MACSize, MAC and OrigId excluded + Error uint16 + OtherLen uint16 + OtherData string `dns:"size-hex:OtherLen"` +} + +// If we have the MAC use this type to convert it to wiredata. Section 3.4.3. Request MAC +type macWireFmt struct { + MACSize uint16 + MAC string `dns:"size-hex:MACSize"` +} + +// 3.3. Time values used in TSIG calculations +type timerWireFmt struct { + TimeSigned uint64 `dns:"uint48"` + Fudge uint16 +} + +// TsigGenerate fills out the TSIG record attached to the message. +// The message should contain +// a "stub" TSIG RR with the algorithm, key name (owner name of the RR), +// time fudge (defaults to 300 seconds) and the current time +// The TSIG MAC is saved in that Tsig RR. +// When TsigGenerate is called for the first time requestMAC is set to the empty string and +// timersOnly is false. +// If something goes wrong an error is returned, otherwise it is nil. +func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) { + if m.IsTsig() == nil { + panic("dns: TSIG not last RR in additional") + } + // If we barf here, the caller is to blame + rawsecret, err := fromBase64([]byte(secret)) + if err != nil { + return nil, "", err + } + + rr := m.Extra[len(m.Extra)-1].(*TSIG) + m.Extra = m.Extra[0 : len(m.Extra)-1] // kill the TSIG from the msg + mbuf, err := m.Pack() + if err != nil { + return nil, "", err + } + buf := tsigBuffer(mbuf, rr, requestMAC, timersOnly) + + t := new(TSIG) + var h hash.Hash + switch strings.ToLower(rr.Algorithm) { + case HmacMD5: + h = hmac.New(md5.New, []byte(rawsecret)) + case HmacSHA1: + h = hmac.New(sha1.New, []byte(rawsecret)) + case HmacSHA256: + h = hmac.New(sha256.New, []byte(rawsecret)) + case HmacSHA512: + h = hmac.New(sha512.New, []byte(rawsecret)) + default: + return nil, "", ErrKeyAlg + } + h.Write(buf) + t.MAC = hex.EncodeToString(h.Sum(nil)) + t.MACSize = uint16(len(t.MAC) / 2) // Size is half! + + t.Hdr = RR_Header{Name: rr.Hdr.Name, Rrtype: TypeTSIG, Class: ClassANY, Ttl: 0} + t.Fudge = rr.Fudge + t.TimeSigned = rr.TimeSigned + t.Algorithm = rr.Algorithm + t.OrigId = m.Id + + tbuf := make([]byte, t.len()) + if off, err := PackRR(t, tbuf, 0, nil, false); err == nil { + tbuf = tbuf[:off] // reset to actual size used + } else { + return nil, "", err + } + mbuf = append(mbuf, tbuf...) + // Update the ArCount directly in the buffer. + binary.BigEndian.PutUint16(mbuf[10:], uint16(len(m.Extra)+1)) + + return mbuf, t.MAC, nil +} + +// TsigVerify verifies the TSIG on a message. +// If the signature does not validate err contains the +// error, otherwise it is nil. +func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error { + rawsecret, err := fromBase64([]byte(secret)) + if err != nil { + return err + } + // Strip the TSIG from the incoming msg + stripped, tsig, err := stripTsig(msg) + if err != nil { + return err + } + + msgMAC, err := hex.DecodeString(tsig.MAC) + if err != nil { + return err + } + + buf := tsigBuffer(stripped, tsig, requestMAC, timersOnly) + + // Fudge factor works both ways. A message can arrive before it was signed because + // of clock skew. + now := uint64(time.Now().Unix()) + ti := now - tsig.TimeSigned + if now < tsig.TimeSigned { + ti = tsig.TimeSigned - now + } + if uint64(tsig.Fudge) < ti { + return ErrTime + } + + var h hash.Hash + switch strings.ToLower(tsig.Algorithm) { + case HmacMD5: + h = hmac.New(md5.New, rawsecret) + case HmacSHA1: + h = hmac.New(sha1.New, rawsecret) + case HmacSHA256: + h = hmac.New(sha256.New, rawsecret) + case HmacSHA512: + h = hmac.New(sha512.New, rawsecret) + default: + return ErrKeyAlg + } + h.Write(buf) + if !hmac.Equal(h.Sum(nil), msgMAC) { + return ErrSig + } + return nil +} + +// Create a wiredata buffer for the MAC calculation. +func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) []byte { + var buf []byte + if rr.TimeSigned == 0 { + rr.TimeSigned = uint64(time.Now().Unix()) + } + if rr.Fudge == 0 { + rr.Fudge = 300 // Standard (RFC) default. + } + + // Replace message ID in header with original ID from TSIG + binary.BigEndian.PutUint16(msgbuf[0:2], rr.OrigId) + + if requestMAC != "" { + m := new(macWireFmt) + m.MACSize = uint16(len(requestMAC) / 2) + m.MAC = requestMAC + buf = make([]byte, len(requestMAC)) // long enough + n, _ := packMacWire(m, buf) + buf = buf[:n] + } + + tsigvar := make([]byte, DefaultMsgSize) + if timersOnly { + tsig := new(timerWireFmt) + tsig.TimeSigned = rr.TimeSigned + tsig.Fudge = rr.Fudge + n, _ := packTimerWire(tsig, tsigvar) + tsigvar = tsigvar[:n] + } else { + tsig := new(tsigWireFmt) + tsig.Name = strings.ToLower(rr.Hdr.Name) + tsig.Class = ClassANY + tsig.Ttl = rr.Hdr.Ttl + tsig.Algorithm = strings.ToLower(rr.Algorithm) + tsig.TimeSigned = rr.TimeSigned + tsig.Fudge = rr.Fudge + tsig.Error = rr.Error + tsig.OtherLen = rr.OtherLen + tsig.OtherData = rr.OtherData + n, _ := packTsigWire(tsig, tsigvar) + tsigvar = tsigvar[:n] + } + + if requestMAC != "" { + x := append(buf, msgbuf...) + buf = append(x, tsigvar...) + } else { + buf = append(msgbuf, tsigvar...) + } + return buf +} + +// Strip the TSIG from the raw message. +func stripTsig(msg []byte) ([]byte, *TSIG, error) { + // Copied from msg.go's Unpack() Header, but modified. + var ( + dh Header + err error + ) + off, tsigoff := 0, 0 + + if dh, off, err = unpackMsgHdr(msg, off); err != nil { + return nil, nil, err + } + if dh.Arcount == 0 { + return nil, nil, ErrNoSig + } + + // Rcode, see msg.go Unpack() + if int(dh.Bits&0xF) == RcodeNotAuth { + return nil, nil, ErrAuth + } + + for i := 0; i < int(dh.Qdcount); i++ { + _, off, err = unpackQuestion(msg, off) + if err != nil { + return nil, nil, err + } + } + + _, off, err = unpackRRslice(int(dh.Ancount), msg, off) + if err != nil { + return nil, nil, err + } + _, off, err = unpackRRslice(int(dh.Nscount), msg, off) + if err != nil { + return nil, nil, err + } + + rr := new(TSIG) + var extra RR + for i := 0; i < int(dh.Arcount); i++ { + tsigoff = off + extra, off, err = UnpackRR(msg, off) + if err != nil { + return nil, nil, err + } + if extra.Header().Rrtype == TypeTSIG { + rr = extra.(*TSIG) + // Adjust Arcount. + arcount := binary.BigEndian.Uint16(msg[10:]) + binary.BigEndian.PutUint16(msg[10:], arcount-1) + break + } + } + if rr == nil { + return nil, nil, ErrNoSig + } + return msg[:tsigoff], rr, nil +} + +// Translate the TSIG time signed into a date. There is no +// need for RFC1982 calculations as this date is 48 bits. +func tsigTimeToString(t uint64) string { + ti := time.Unix(int64(t), 0).UTC() + return ti.Format("20060102150405") +} + +func packTsigWire(tw *tsigWireFmt, msg []byte) (int, error) { + // copied from zmsg.go TSIG packing + // RR_Header + off, err := PackDomainName(tw.Name, msg, 0, nil, false) + if err != nil { + return off, err + } + off, err = packUint16(tw.Class, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(tw.Ttl, msg, off) + if err != nil { + return off, err + } + + off, err = PackDomainName(tw.Algorithm, msg, off, nil, false) + if err != nil { + return off, err + } + off, err = packUint48(tw.TimeSigned, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(tw.Fudge, msg, off) + if err != nil { + return off, err + } + + off, err = packUint16(tw.Error, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(tw.OtherLen, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(tw.OtherData, msg, off) + if err != nil { + return off, err + } + return off, nil +} + +func packMacWire(mw *macWireFmt, msg []byte) (int, error) { + off, err := packUint16(mw.MACSize, msg, 0) + if err != nil { + return off, err + } + off, err = packStringHex(mw.MAC, msg, off) + if err != nil { + return off, err + } + return off, nil +} + +func packTimerWire(tw *timerWireFmt, msg []byte) (int, error) { + off, err := packUint48(tw.TimeSigned, msg, 0) + if err != nil { + return off, err + } + off, err = packUint16(tw.Fudge, msg, off) + if err != nil { + return off, err + } + return off, nil +} diff --git a/vendor/github.com/miekg/dns/types.go b/vendor/github.com/miekg/dns/types.go new file mode 100644 index 0000000..fe172da --- /dev/null +++ b/vendor/github.com/miekg/dns/types.go @@ -0,0 +1,1377 @@ +package dns + +import ( + "fmt" + "net" + "strconv" + "strings" + "time" +) + +type ( + // Type is a DNS type. + Type uint16 + // Class is a DNS class. + Class uint16 + // Name is a DNS domain name. + Name string +) + +// Packet formats + +// Wire constants and supported types. +const ( + // valid RR_Header.Rrtype and Question.qtype + + TypeNone uint16 = 0 + TypeA uint16 = 1 + TypeNS uint16 = 2 + TypeMD uint16 = 3 + TypeMF uint16 = 4 + TypeCNAME uint16 = 5 + TypeSOA uint16 = 6 + TypeMB uint16 = 7 + TypeMG uint16 = 8 + TypeMR uint16 = 9 + TypeNULL uint16 = 10 + TypePTR uint16 = 12 + TypeHINFO uint16 = 13 + TypeMINFO uint16 = 14 + TypeMX uint16 = 15 + TypeTXT uint16 = 16 + TypeRP uint16 = 17 + TypeAFSDB uint16 = 18 + TypeX25 uint16 = 19 + TypeISDN uint16 = 20 + TypeRT uint16 = 21 + TypeNSAPPTR uint16 = 23 + TypeSIG uint16 = 24 + TypeKEY uint16 = 25 + TypePX uint16 = 26 + TypeGPOS uint16 = 27 + TypeAAAA uint16 = 28 + TypeLOC uint16 = 29 + TypeNXT uint16 = 30 + TypeEID uint16 = 31 + TypeNIMLOC uint16 = 32 + TypeSRV uint16 = 33 + TypeATMA uint16 = 34 + TypeNAPTR uint16 = 35 + TypeKX uint16 = 36 + TypeCERT uint16 = 37 + TypeDNAME uint16 = 39 + TypeOPT uint16 = 41 // EDNS + TypeDS uint16 = 43 + TypeSSHFP uint16 = 44 + TypeRRSIG uint16 = 46 + TypeNSEC uint16 = 47 + TypeDNSKEY uint16 = 48 + TypeDHCID uint16 = 49 + TypeNSEC3 uint16 = 50 + TypeNSEC3PARAM uint16 = 51 + TypeTLSA uint16 = 52 + TypeSMIMEA uint16 = 53 + TypeHIP uint16 = 55 + TypeNINFO uint16 = 56 + TypeRKEY uint16 = 57 + TypeTALINK uint16 = 58 + TypeCDS uint16 = 59 + TypeCDNSKEY uint16 = 60 + TypeOPENPGPKEY uint16 = 61 + TypeCSYNC uint16 = 62 + TypeSPF uint16 = 99 + TypeUINFO uint16 = 100 + TypeUID uint16 = 101 + TypeGID uint16 = 102 + TypeUNSPEC uint16 = 103 + TypeNID uint16 = 104 + TypeL32 uint16 = 105 + TypeL64 uint16 = 106 + TypeLP uint16 = 107 + TypeEUI48 uint16 = 108 + TypeEUI64 uint16 = 109 + TypeURI uint16 = 256 + TypeCAA uint16 = 257 + TypeAVC uint16 = 258 + + TypeTKEY uint16 = 249 + TypeTSIG uint16 = 250 + + // valid Question.Qtype only + TypeIXFR uint16 = 251 + TypeAXFR uint16 = 252 + TypeMAILB uint16 = 253 + TypeMAILA uint16 = 254 + TypeANY uint16 = 255 + + TypeTA uint16 = 32768 + TypeDLV uint16 = 32769 + TypeReserved uint16 = 65535 + + // valid Question.Qclass + ClassINET = 1 + ClassCSNET = 2 + ClassCHAOS = 3 + ClassHESIOD = 4 + ClassNONE = 254 + ClassANY = 255 + + // Message Response Codes, see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml + RcodeSuccess = 0 // NoError - No Error [DNS] + RcodeFormatError = 1 // FormErr - Format Error [DNS] + RcodeServerFailure = 2 // ServFail - Server Failure [DNS] + RcodeNameError = 3 // NXDomain - Non-Existent Domain [DNS] + RcodeNotImplemented = 4 // NotImp - Not Implemented [DNS] + RcodeRefused = 5 // Refused - Query Refused [DNS] + RcodeYXDomain = 6 // YXDomain - Name Exists when it should not [DNS Update] + RcodeYXRrset = 7 // YXRRSet - RR Set Exists when it should not [DNS Update] + RcodeNXRrset = 8 // NXRRSet - RR Set that should exist does not [DNS Update] + RcodeNotAuth = 9 // NotAuth - Server Not Authoritative for zone [DNS Update] + RcodeNotZone = 10 // NotZone - Name not contained in zone [DNS Update/TSIG] + RcodeBadSig = 16 // BADSIG - TSIG Signature Failure [TSIG] + RcodeBadVers = 16 // BADVERS - Bad OPT Version [EDNS0] + RcodeBadKey = 17 // BADKEY - Key not recognized [TSIG] + RcodeBadTime = 18 // BADTIME - Signature out of time window [TSIG] + RcodeBadMode = 19 // BADMODE - Bad TKEY Mode [TKEY] + RcodeBadName = 20 // BADNAME - Duplicate key name [TKEY] + RcodeBadAlg = 21 // BADALG - Algorithm not supported [TKEY] + RcodeBadTrunc = 22 // BADTRUNC - Bad Truncation [TSIG] + RcodeBadCookie = 23 // BADCOOKIE - Bad/missing Server Cookie [DNS Cookies] + + // Message Opcodes. There is no 3. + OpcodeQuery = 0 + OpcodeIQuery = 1 + OpcodeStatus = 2 + OpcodeNotify = 4 + OpcodeUpdate = 5 +) + +// Header is the wire format for the DNS packet header. +type Header struct { + Id uint16 + Bits uint16 + Qdcount, Ancount, Nscount, Arcount uint16 +} + +const ( + headerSize = 12 + + // Header.Bits + _QR = 1 << 15 // query/response (response=1) + _AA = 1 << 10 // authoritative + _TC = 1 << 9 // truncated + _RD = 1 << 8 // recursion desired + _RA = 1 << 7 // recursion available + _Z = 1 << 6 // Z + _AD = 1 << 5 // authticated data + _CD = 1 << 4 // checking disabled +) + +// Various constants used in the LOC RR, See RFC 1887. +const ( + LOC_EQUATOR = 1 << 31 // RFC 1876, Section 2. + LOC_PRIMEMERIDIAN = 1 << 31 // RFC 1876, Section 2. + LOC_HOURS = 60 * 1000 + LOC_DEGREES = 60 * LOC_HOURS + LOC_ALTITUDEBASE = 100000 +) + +// Different Certificate Types, see RFC 4398, Section 2.1 +const ( + CertPKIX = 1 + iota + CertSPKI + CertPGP + CertIPIX + CertISPKI + CertIPGP + CertACPKIX + CertIACPKIX + CertURI = 253 + CertOID = 254 +) + +// CertTypeToString converts the Cert Type to its string representation. +// See RFC 4398 and RFC 6944. +var CertTypeToString = map[uint16]string{ + CertPKIX: "PKIX", + CertSPKI: "SPKI", + CertPGP: "PGP", + CertIPIX: "IPIX", + CertISPKI: "ISPKI", + CertIPGP: "IPGP", + CertACPKIX: "ACPKIX", + CertIACPKIX: "IACPKIX", + CertURI: "URI", + CertOID: "OID", +} + +// StringToCertType is the reverseof CertTypeToString. +var StringToCertType = reverseInt16(CertTypeToString) + +//go:generate go run types_generate.go + +// Question holds a DNS question. There can be multiple questions in the +// question section of a message. Usually there is just one. +type Question struct { + Name string `dns:"cdomain-name"` // "cdomain-name" specifies encoding (and may be compressed) + Qtype uint16 + Qclass uint16 +} + +func (q *Question) len() int { + return len(q.Name) + 1 + 2 + 2 +} + +func (q *Question) String() (s string) { + // prefix with ; (as in dig) + s = ";" + sprintName(q.Name) + "\t" + s += Class(q.Qclass).String() + "\t" + s += " " + Type(q.Qtype).String() + return s +} + +// ANY is a wildcard record. See RFC 1035, Section 3.2.3. ANY +// is named "*" there. +type ANY struct { + Hdr RR_Header + // Does not have any rdata +} + +func (rr *ANY) String() string { return rr.Hdr.String() } + +// CNAME RR. See RFC 1034. +type CNAME struct { + Hdr RR_Header + Target string `dns:"cdomain-name"` +} + +func (rr *CNAME) String() string { return rr.Hdr.String() + sprintName(rr.Target) } + +// HINFO RR. See RFC 1034. +type HINFO struct { + Hdr RR_Header + Cpu string + Os string +} + +func (rr *HINFO) String() string { + return rr.Hdr.String() + sprintTxt([]string{rr.Cpu, rr.Os}) +} + +// MB RR. See RFC 1035. +type MB struct { + Hdr RR_Header + Mb string `dns:"cdomain-name"` +} + +func (rr *MB) String() string { return rr.Hdr.String() + sprintName(rr.Mb) } + +// MG RR. See RFC 1035. +type MG struct { + Hdr RR_Header + Mg string `dns:"cdomain-name"` +} + +func (rr *MG) String() string { return rr.Hdr.String() + sprintName(rr.Mg) } + +// MINFO RR. See RFC 1035. +type MINFO struct { + Hdr RR_Header + Rmail string `dns:"cdomain-name"` + Email string `dns:"cdomain-name"` +} + +func (rr *MINFO) String() string { + return rr.Hdr.String() + sprintName(rr.Rmail) + " " + sprintName(rr.Email) +} + +// MR RR. See RFC 1035. +type MR struct { + Hdr RR_Header + Mr string `dns:"cdomain-name"` +} + +func (rr *MR) String() string { + return rr.Hdr.String() + sprintName(rr.Mr) +} + +// MF RR. See RFC 1035. +type MF struct { + Hdr RR_Header + Mf string `dns:"cdomain-name"` +} + +func (rr *MF) String() string { + return rr.Hdr.String() + sprintName(rr.Mf) +} + +// MD RR. See RFC 1035. +type MD struct { + Hdr RR_Header + Md string `dns:"cdomain-name"` +} + +func (rr *MD) String() string { + return rr.Hdr.String() + sprintName(rr.Md) +} + +// MX RR. See RFC 1035. +type MX struct { + Hdr RR_Header + Preference uint16 + Mx string `dns:"cdomain-name"` +} + +func (rr *MX) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + " " + sprintName(rr.Mx) +} + +// AFSDB RR. See RFC 1183. +type AFSDB struct { + Hdr RR_Header + Subtype uint16 + Hostname string `dns:"cdomain-name"` +} + +func (rr *AFSDB) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Subtype)) + " " + sprintName(rr.Hostname) +} + +// X25 RR. See RFC 1183, Section 3.1. +type X25 struct { + Hdr RR_Header + PSDNAddress string +} + +func (rr *X25) String() string { + return rr.Hdr.String() + rr.PSDNAddress +} + +// RT RR. See RFC 1183, Section 3.3. +type RT struct { + Hdr RR_Header + Preference uint16 + Host string `dns:"cdomain-name"` +} + +func (rr *RT) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + " " + sprintName(rr.Host) +} + +// NS RR. See RFC 1035. +type NS struct { + Hdr RR_Header + Ns string `dns:"cdomain-name"` +} + +func (rr *NS) String() string { + return rr.Hdr.String() + sprintName(rr.Ns) +} + +// PTR RR. See RFC 1035. +type PTR struct { + Hdr RR_Header + Ptr string `dns:"cdomain-name"` +} + +func (rr *PTR) String() string { + return rr.Hdr.String() + sprintName(rr.Ptr) +} + +// RP RR. See RFC 1138, Section 2.2. +type RP struct { + Hdr RR_Header + Mbox string `dns:"domain-name"` + Txt string `dns:"domain-name"` +} + +func (rr *RP) String() string { + return rr.Hdr.String() + rr.Mbox + " " + sprintTxt([]string{rr.Txt}) +} + +// SOA RR. See RFC 1035. +type SOA struct { + Hdr RR_Header + Ns string `dns:"cdomain-name"` + Mbox string `dns:"cdomain-name"` + Serial uint32 + Refresh uint32 + Retry uint32 + Expire uint32 + Minttl uint32 +} + +func (rr *SOA) String() string { + return rr.Hdr.String() + sprintName(rr.Ns) + " " + sprintName(rr.Mbox) + + " " + strconv.FormatInt(int64(rr.Serial), 10) + + " " + strconv.FormatInt(int64(rr.Refresh), 10) + + " " + strconv.FormatInt(int64(rr.Retry), 10) + + " " + strconv.FormatInt(int64(rr.Expire), 10) + + " " + strconv.FormatInt(int64(rr.Minttl), 10) +} + +// TXT RR. See RFC 1035. +type TXT struct { + Hdr RR_Header + Txt []string `dns:"txt"` +} + +func (rr *TXT) String() string { return rr.Hdr.String() + sprintTxt(rr.Txt) } + +func sprintName(s string) string { + src := []byte(s) + dst := make([]byte, 0, len(src)) + for i := 0; i < len(src); { + if i+1 < len(src) && src[i] == '\\' && src[i+1] == '.' { + dst = append(dst, src[i:i+2]...) + i += 2 + } else { + b, n := nextByte(src, i) + if n == 0 { + i++ // dangling back slash + } else if b == '.' { + dst = append(dst, b) + } else { + dst = appendDomainNameByte(dst, b) + } + i += n + } + } + return string(dst) +} + +func sprintTxtOctet(s string) string { + src := []byte(s) + dst := make([]byte, 0, len(src)) + dst = append(dst, '"') + for i := 0; i < len(src); { + if i+1 < len(src) && src[i] == '\\' && src[i+1] == '.' { + dst = append(dst, src[i:i+2]...) + i += 2 + } else { + b, n := nextByte(src, i) + if n == 0 { + i++ // dangling back slash + } else if b == '.' { + dst = append(dst, b) + } else { + if b < ' ' || b > '~' { + dst = appendByte(dst, b) + } else { + dst = append(dst, b) + } + } + i += n + } + } + dst = append(dst, '"') + return string(dst) +} + +func sprintTxt(txt []string) string { + var out []byte + for i, s := range txt { + if i > 0 { + out = append(out, ` "`...) + } else { + out = append(out, '"') + } + bs := []byte(s) + for j := 0; j < len(bs); { + b, n := nextByte(bs, j) + if n == 0 { + break + } + out = appendTXTStringByte(out, b) + j += n + } + out = append(out, '"') + } + return string(out) +} + +func appendDomainNameByte(s []byte, b byte) []byte { + switch b { + case '.', ' ', '\'', '@', ';', '(', ')': // additional chars to escape + return append(s, '\\', b) + } + return appendTXTStringByte(s, b) +} + +func appendTXTStringByte(s []byte, b byte) []byte { + switch b { + case '"', '\\': + return append(s, '\\', b) + } + if b < ' ' || b > '~' { + return appendByte(s, b) + } + return append(s, b) +} + +func appendByte(s []byte, b byte) []byte { + var buf [3]byte + bufs := strconv.AppendInt(buf[:0], int64(b), 10) + s = append(s, '\\') + for i := 0; i < 3-len(bufs); i++ { + s = append(s, '0') + } + for _, r := range bufs { + s = append(s, r) + } + return s +} + +func nextByte(b []byte, offset int) (byte, int) { + if offset >= len(b) { + return 0, 0 + } + if b[offset] != '\\' { + // not an escape sequence + return b[offset], 1 + } + switch len(b) - offset { + case 1: // dangling escape + return 0, 0 + case 2, 3: // too short to be \ddd + default: // maybe \ddd + if isDigit(b[offset+1]) && isDigit(b[offset+2]) && isDigit(b[offset+3]) { + return dddToByte(b[offset+1:]), 4 + } + } + // not \ddd, just an RFC 1035 "quoted" character + return b[offset+1], 2 +} + +// SPF RR. See RFC 4408, Section 3.1.1. +type SPF struct { + Hdr RR_Header + Txt []string `dns:"txt"` +} + +func (rr *SPF) String() string { return rr.Hdr.String() + sprintTxt(rr.Txt) } + +// AVC RR. See https://www.iana.org/assignments/dns-parameters/AVC/avc-completed-template. +type AVC struct { + Hdr RR_Header + Txt []string `dns:"txt"` +} + +func (rr *AVC) String() string { return rr.Hdr.String() + sprintTxt(rr.Txt) } + +// SRV RR. See RFC 2782. +type SRV struct { + Hdr RR_Header + Priority uint16 + Weight uint16 + Port uint16 + Target string `dns:"domain-name"` +} + +func (rr *SRV) String() string { + return rr.Hdr.String() + + strconv.Itoa(int(rr.Priority)) + " " + + strconv.Itoa(int(rr.Weight)) + " " + + strconv.Itoa(int(rr.Port)) + " " + sprintName(rr.Target) +} + +// NAPTR RR. See RFC 2915. +type NAPTR struct { + Hdr RR_Header + Order uint16 + Preference uint16 + Flags string + Service string + Regexp string + Replacement string `dns:"domain-name"` +} + +func (rr *NAPTR) String() string { + return rr.Hdr.String() + + strconv.Itoa(int(rr.Order)) + " " + + strconv.Itoa(int(rr.Preference)) + " " + + "\"" + rr.Flags + "\" " + + "\"" + rr.Service + "\" " + + "\"" + rr.Regexp + "\" " + + rr.Replacement +} + +// CERT RR. See RFC 4398. +type CERT struct { + Hdr RR_Header + Type uint16 + KeyTag uint16 + Algorithm uint8 + Certificate string `dns:"base64"` +} + +func (rr *CERT) String() string { + var ( + ok bool + certtype, algorithm string + ) + if certtype, ok = CertTypeToString[rr.Type]; !ok { + certtype = strconv.Itoa(int(rr.Type)) + } + if algorithm, ok = AlgorithmToString[rr.Algorithm]; !ok { + algorithm = strconv.Itoa(int(rr.Algorithm)) + } + return rr.Hdr.String() + certtype + + " " + strconv.Itoa(int(rr.KeyTag)) + + " " + algorithm + + " " + rr.Certificate +} + +// DNAME RR. See RFC 2672. +type DNAME struct { + Hdr RR_Header + Target string `dns:"domain-name"` +} + +func (rr *DNAME) String() string { + return rr.Hdr.String() + sprintName(rr.Target) +} + +// A RR. See RFC 1035. +type A struct { + Hdr RR_Header + A net.IP `dns:"a"` +} + +func (rr *A) String() string { + if rr.A == nil { + return rr.Hdr.String() + } + return rr.Hdr.String() + rr.A.String() +} + +// AAAA RR. See RFC 3596. +type AAAA struct { + Hdr RR_Header + AAAA net.IP `dns:"aaaa"` +} + +func (rr *AAAA) String() string { + if rr.AAAA == nil { + return rr.Hdr.String() + } + return rr.Hdr.String() + rr.AAAA.String() +} + +// PX RR. See RFC 2163. +type PX struct { + Hdr RR_Header + Preference uint16 + Map822 string `dns:"domain-name"` + Mapx400 string `dns:"domain-name"` +} + +func (rr *PX) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + " " + sprintName(rr.Map822) + " " + sprintName(rr.Mapx400) +} + +// GPOS RR. See RFC 1712. +type GPOS struct { + Hdr RR_Header + Longitude string + Latitude string + Altitude string +} + +func (rr *GPOS) String() string { + return rr.Hdr.String() + rr.Longitude + " " + rr.Latitude + " " + rr.Altitude +} + +// LOC RR. See RFC RFC 1876. +type LOC struct { + Hdr RR_Header + Version uint8 + Size uint8 + HorizPre uint8 + VertPre uint8 + Latitude uint32 + Longitude uint32 + Altitude uint32 +} + +// cmToM takes a cm value expressed in RFC1876 SIZE mantissa/exponent +// format and returns a string in m (two decimals for the cm) +func cmToM(m, e uint8) string { + if e < 2 { + if e == 1 { + m *= 10 + } + + return fmt.Sprintf("0.%02d", m) + } + + s := fmt.Sprintf("%d", m) + for e > 2 { + s += "0" + e-- + } + return s +} + +func (rr *LOC) String() string { + s := rr.Hdr.String() + + lat := rr.Latitude + ns := "N" + if lat > LOC_EQUATOR { + lat = lat - LOC_EQUATOR + } else { + ns = "S" + lat = LOC_EQUATOR - lat + } + h := lat / LOC_DEGREES + lat = lat % LOC_DEGREES + m := lat / LOC_HOURS + lat = lat % LOC_HOURS + s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, (float64(lat) / 1000), ns) + + lon := rr.Longitude + ew := "E" + if lon > LOC_PRIMEMERIDIAN { + lon = lon - LOC_PRIMEMERIDIAN + } else { + ew = "W" + lon = LOC_PRIMEMERIDIAN - lon + } + h = lon / LOC_DEGREES + lon = lon % LOC_DEGREES + m = lon / LOC_HOURS + lon = lon % LOC_HOURS + s += fmt.Sprintf("%02d %02d %0.3f %s ", h, m, (float64(lon) / 1000), ew) + + var alt = float64(rr.Altitude) / 100 + alt -= LOC_ALTITUDEBASE + if rr.Altitude%100 != 0 { + s += fmt.Sprintf("%.2fm ", alt) + } else { + s += fmt.Sprintf("%.0fm ", alt) + } + + s += cmToM((rr.Size&0xf0)>>4, rr.Size&0x0f) + "m " + s += cmToM((rr.HorizPre&0xf0)>>4, rr.HorizPre&0x0f) + "m " + s += cmToM((rr.VertPre&0xf0)>>4, rr.VertPre&0x0f) + "m" + + return s +} + +// SIG RR. See RFC 2535. The SIG RR is identical to RRSIG and nowadays only used for SIG(0), See RFC 2931. +type SIG struct { + RRSIG +} + +// RRSIG RR. See RFC 4034 and RFC 3755. +type RRSIG struct { + Hdr RR_Header + TypeCovered uint16 + Algorithm uint8 + Labels uint8 + OrigTtl uint32 + Expiration uint32 + Inception uint32 + KeyTag uint16 + SignerName string `dns:"domain-name"` + Signature string `dns:"base64"` +} + +func (rr *RRSIG) String() string { + s := rr.Hdr.String() + s += Type(rr.TypeCovered).String() + s += " " + strconv.Itoa(int(rr.Algorithm)) + + " " + strconv.Itoa(int(rr.Labels)) + + " " + strconv.FormatInt(int64(rr.OrigTtl), 10) + + " " + TimeToString(rr.Expiration) + + " " + TimeToString(rr.Inception) + + " " + strconv.Itoa(int(rr.KeyTag)) + + " " + sprintName(rr.SignerName) + + " " + rr.Signature + return s +} + +// NSEC RR. See RFC 4034 and RFC 3755. +type NSEC struct { + Hdr RR_Header + NextDomain string `dns:"domain-name"` + TypeBitMap []uint16 `dns:"nsec"` +} + +func (rr *NSEC) String() string { + s := rr.Hdr.String() + sprintName(rr.NextDomain) + for i := 0; i < len(rr.TypeBitMap); i++ { + s += " " + Type(rr.TypeBitMap[i]).String() + } + return s +} + +func (rr *NSEC) len() int { + l := rr.Hdr.len() + len(rr.NextDomain) + 1 + lastwindow := uint32(2 ^ 32 + 1) + for _, t := range rr.TypeBitMap { + window := t / 256 + if uint32(window) != lastwindow { + l += 1 + 32 + } + lastwindow = uint32(window) + } + return l +} + +// DLV RR. See RFC 4431. +type DLV struct{ DS } + +// CDS RR. See RFC 7344. +type CDS struct{ DS } + +// DS RR. See RFC 4034 and RFC 3658. +type DS struct { + Hdr RR_Header + KeyTag uint16 + Algorithm uint8 + DigestType uint8 + Digest string `dns:"hex"` +} + +func (rr *DS) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.KeyTag)) + + " " + strconv.Itoa(int(rr.Algorithm)) + + " " + strconv.Itoa(int(rr.DigestType)) + + " " + strings.ToUpper(rr.Digest) +} + +// KX RR. See RFC 2230. +type KX struct { + Hdr RR_Header + Preference uint16 + Exchanger string `dns:"domain-name"` +} + +func (rr *KX) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + + " " + sprintName(rr.Exchanger) +} + +// TA RR. See http://www.watson.org/~weiler/INI1999-19.pdf. +type TA struct { + Hdr RR_Header + KeyTag uint16 + Algorithm uint8 + DigestType uint8 + Digest string `dns:"hex"` +} + +func (rr *TA) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.KeyTag)) + + " " + strconv.Itoa(int(rr.Algorithm)) + + " " + strconv.Itoa(int(rr.DigestType)) + + " " + strings.ToUpper(rr.Digest) +} + +// TALINK RR. See https://www.iana.org/assignments/dns-parameters/TALINK/talink-completed-template. +type TALINK struct { + Hdr RR_Header + PreviousName string `dns:"domain-name"` + NextName string `dns:"domain-name"` +} + +func (rr *TALINK) String() string { + return rr.Hdr.String() + + sprintName(rr.PreviousName) + " " + sprintName(rr.NextName) +} + +// SSHFP RR. See RFC RFC 4255. +type SSHFP struct { + Hdr RR_Header + Algorithm uint8 + Type uint8 + FingerPrint string `dns:"hex"` +} + +func (rr *SSHFP) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Algorithm)) + + " " + strconv.Itoa(int(rr.Type)) + + " " + strings.ToUpper(rr.FingerPrint) +} + +// KEY RR. See RFC RFC 2535. +type KEY struct { + DNSKEY +} + +// CDNSKEY RR. See RFC 7344. +type CDNSKEY struct { + DNSKEY +} + +// DNSKEY RR. See RFC 4034 and RFC 3755. +type DNSKEY struct { + Hdr RR_Header + Flags uint16 + Protocol uint8 + Algorithm uint8 + PublicKey string `dns:"base64"` +} + +func (rr *DNSKEY) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Flags)) + + " " + strconv.Itoa(int(rr.Protocol)) + + " " + strconv.Itoa(int(rr.Algorithm)) + + " " + rr.PublicKey +} + +// RKEY RR. See https://www.iana.org/assignments/dns-parameters/RKEY/rkey-completed-template. +type RKEY struct { + Hdr RR_Header + Flags uint16 + Protocol uint8 + Algorithm uint8 + PublicKey string `dns:"base64"` +} + +func (rr *RKEY) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Flags)) + + " " + strconv.Itoa(int(rr.Protocol)) + + " " + strconv.Itoa(int(rr.Algorithm)) + + " " + rr.PublicKey +} + +// NSAPPTR RR. See RFC 1348. +type NSAPPTR struct { + Hdr RR_Header + Ptr string `dns:"domain-name"` +} + +func (rr *NSAPPTR) String() string { return rr.Hdr.String() + sprintName(rr.Ptr) } + +// NSEC3 RR. See RFC 5155. +type NSEC3 struct { + Hdr RR_Header + Hash uint8 + Flags uint8 + Iterations uint16 + SaltLength uint8 + Salt string `dns:"size-hex:SaltLength"` + HashLength uint8 + NextDomain string `dns:"size-base32:HashLength"` + TypeBitMap []uint16 `dns:"nsec"` +} + +func (rr *NSEC3) String() string { + s := rr.Hdr.String() + s += strconv.Itoa(int(rr.Hash)) + + " " + strconv.Itoa(int(rr.Flags)) + + " " + strconv.Itoa(int(rr.Iterations)) + + " " + saltToString(rr.Salt) + + " " + rr.NextDomain + for i := 0; i < len(rr.TypeBitMap); i++ { + s += " " + Type(rr.TypeBitMap[i]).String() + } + return s +} + +func (rr *NSEC3) len() int { + l := rr.Hdr.len() + 6 + len(rr.Salt)/2 + 1 + len(rr.NextDomain) + 1 + lastwindow := uint32(2 ^ 32 + 1) + for _, t := range rr.TypeBitMap { + window := t / 256 + if uint32(window) != lastwindow { + l += 1 + 32 + } + lastwindow = uint32(window) + } + return l +} + +// NSEC3PARAM RR. See RFC 5155. +type NSEC3PARAM struct { + Hdr RR_Header + Hash uint8 + Flags uint8 + Iterations uint16 + SaltLength uint8 + Salt string `dns:"size-hex:SaltLength"` +} + +func (rr *NSEC3PARAM) String() string { + s := rr.Hdr.String() + s += strconv.Itoa(int(rr.Hash)) + + " " + strconv.Itoa(int(rr.Flags)) + + " " + strconv.Itoa(int(rr.Iterations)) + + " " + saltToString(rr.Salt) + return s +} + +// TKEY RR. See RFC 2930. +type TKEY struct { + Hdr RR_Header + Algorithm string `dns:"domain-name"` + Inception uint32 + Expiration uint32 + Mode uint16 + Error uint16 + KeySize uint16 + Key string + OtherLen uint16 + OtherData string +} + +func (rr *TKEY) String() string { + // It has no presentation format + return "" +} + +// RFC3597 represents an unknown/generic RR. See RFC 3597. +type RFC3597 struct { + Hdr RR_Header + Rdata string `dns:"hex"` +} + +func (rr *RFC3597) String() string { + // Let's call it a hack + s := rfc3597Header(rr.Hdr) + + s += "\\# " + strconv.Itoa(len(rr.Rdata)/2) + " " + rr.Rdata + return s +} + +func rfc3597Header(h RR_Header) string { + var s string + + s += sprintName(h.Name) + "\t" + s += strconv.FormatInt(int64(h.Ttl), 10) + "\t" + s += "CLASS" + strconv.Itoa(int(h.Class)) + "\t" + s += "TYPE" + strconv.Itoa(int(h.Rrtype)) + "\t" + return s +} + +// URI RR. See RFC 7553. +type URI struct { + Hdr RR_Header + Priority uint16 + Weight uint16 + Target string `dns:"octet"` +} + +func (rr *URI) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Priority)) + + " " + strconv.Itoa(int(rr.Weight)) + " " + sprintTxtOctet(rr.Target) +} + +// DHCID RR. See RFC 4701. +type DHCID struct { + Hdr RR_Header + Digest string `dns:"base64"` +} + +func (rr *DHCID) String() string { return rr.Hdr.String() + rr.Digest } + +// TLSA RR. See RFC 6698. +type TLSA struct { + Hdr RR_Header + Usage uint8 + Selector uint8 + MatchingType uint8 + Certificate string `dns:"hex"` +} + +func (rr *TLSA) String() string { + return rr.Hdr.String() + + strconv.Itoa(int(rr.Usage)) + + " " + strconv.Itoa(int(rr.Selector)) + + " " + strconv.Itoa(int(rr.MatchingType)) + + " " + rr.Certificate +} + +// SMIMEA RR. See RFC 8162. +type SMIMEA struct { + Hdr RR_Header + Usage uint8 + Selector uint8 + MatchingType uint8 + Certificate string `dns:"hex"` +} + +func (rr *SMIMEA) String() string { + s := rr.Hdr.String() + + strconv.Itoa(int(rr.Usage)) + + " " + strconv.Itoa(int(rr.Selector)) + + " " + strconv.Itoa(int(rr.MatchingType)) + + // Every Nth char needs a space on this output. If we output + // this as one giant line, we can't read it can in because in some cases + // the cert length overflows scan.maxTok (2048). + sx := splitN(rr.Certificate, 1024) // conservative value here + s += " " + strings.Join(sx, " ") + return s +} + +// HIP RR. See RFC 8005. +type HIP struct { + Hdr RR_Header + HitLength uint8 + PublicKeyAlgorithm uint8 + PublicKeyLength uint16 + Hit string `dns:"size-hex:HitLength"` + PublicKey string `dns:"size-base64:PublicKeyLength"` + RendezvousServers []string `dns:"domain-name"` +} + +func (rr *HIP) String() string { + s := rr.Hdr.String() + + strconv.Itoa(int(rr.PublicKeyAlgorithm)) + + " " + rr.Hit + + " " + rr.PublicKey + for _, d := range rr.RendezvousServers { + s += " " + sprintName(d) + } + return s +} + +// NINFO RR. See https://www.iana.org/assignments/dns-parameters/NINFO/ninfo-completed-template. +type NINFO struct { + Hdr RR_Header + ZSData []string `dns:"txt"` +} + +func (rr *NINFO) String() string { return rr.Hdr.String() + sprintTxt(rr.ZSData) } + +// NID RR. See RFC RFC 6742. +type NID struct { + Hdr RR_Header + Preference uint16 + NodeID uint64 +} + +func (rr *NID) String() string { + s := rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + node := fmt.Sprintf("%0.16x", rr.NodeID) + s += " " + node[0:4] + ":" + node[4:8] + ":" + node[8:12] + ":" + node[12:16] + return s +} + +// L32 RR, See RFC 6742. +type L32 struct { + Hdr RR_Header + Preference uint16 + Locator32 net.IP `dns:"a"` +} + +func (rr *L32) String() string { + if rr.Locator32 == nil { + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + } + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + + " " + rr.Locator32.String() +} + +// L64 RR, See RFC 6742. +type L64 struct { + Hdr RR_Header + Preference uint16 + Locator64 uint64 +} + +func (rr *L64) String() string { + s := rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + node := fmt.Sprintf("%0.16X", rr.Locator64) + s += " " + node[0:4] + ":" + node[4:8] + ":" + node[8:12] + ":" + node[12:16] + return s +} + +// LP RR. See RFC 6742. +type LP struct { + Hdr RR_Header + Preference uint16 + Fqdn string `dns:"domain-name"` +} + +func (rr *LP) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Preference)) + " " + sprintName(rr.Fqdn) +} + +// EUI48 RR. See RFC 7043. +type EUI48 struct { + Hdr RR_Header + Address uint64 `dns:"uint48"` +} + +func (rr *EUI48) String() string { return rr.Hdr.String() + euiToString(rr.Address, 48) } + +// EUI64 RR. See RFC 7043. +type EUI64 struct { + Hdr RR_Header + Address uint64 +} + +func (rr *EUI64) String() string { return rr.Hdr.String() + euiToString(rr.Address, 64) } + +// CAA RR. See RFC 6844. +type CAA struct { + Hdr RR_Header + Flag uint8 + Tag string + Value string `dns:"octet"` +} + +func (rr *CAA) String() string { + return rr.Hdr.String() + strconv.Itoa(int(rr.Flag)) + " " + rr.Tag + " " + sprintTxtOctet(rr.Value) +} + +// UID RR. Deprecated, IANA-Reserved. +type UID struct { + Hdr RR_Header + Uid uint32 +} + +func (rr *UID) String() string { return rr.Hdr.String() + strconv.FormatInt(int64(rr.Uid), 10) } + +// GID RR. Deprecated, IANA-Reserved. +type GID struct { + Hdr RR_Header + Gid uint32 +} + +func (rr *GID) String() string { return rr.Hdr.String() + strconv.FormatInt(int64(rr.Gid), 10) } + +// UINFO RR. Deprecated, IANA-Reserved. +type UINFO struct { + Hdr RR_Header + Uinfo string +} + +func (rr *UINFO) String() string { return rr.Hdr.String() + sprintTxt([]string{rr.Uinfo}) } + +// EID RR. See http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt. +type EID struct { + Hdr RR_Header + Endpoint string `dns:"hex"` +} + +func (rr *EID) String() string { return rr.Hdr.String() + strings.ToUpper(rr.Endpoint) } + +// NIMLOC RR. See http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt. +type NIMLOC struct { + Hdr RR_Header + Locator string `dns:"hex"` +} + +func (rr *NIMLOC) String() string { return rr.Hdr.String() + strings.ToUpper(rr.Locator) } + +// OPENPGPKEY RR. See RFC 7929. +type OPENPGPKEY struct { + Hdr RR_Header + PublicKey string `dns:"base64"` +} + +func (rr *OPENPGPKEY) String() string { return rr.Hdr.String() + rr.PublicKey } + +// CSYNC RR. See RFC 7477. +type CSYNC struct { + Hdr RR_Header + Serial uint32 + Flags uint16 + TypeBitMap []uint16 `dns:"nsec"` +} + +func (rr *CSYNC) String() string { + s := rr.Hdr.String() + strconv.FormatInt(int64(rr.Serial), 10) + " " + strconv.Itoa(int(rr.Flags)) + + for i := 0; i < len(rr.TypeBitMap); i++ { + s += " " + Type(rr.TypeBitMap[i]).String() + } + return s +} + +func (rr *CSYNC) len() int { + l := rr.Hdr.len() + 4 + 2 + lastwindow := uint32(2 ^ 32 + 1) + for _, t := range rr.TypeBitMap { + window := t / 256 + if uint32(window) != lastwindow { + l += 1 + 32 + } + lastwindow = uint32(window) + } + return l +} + +// TimeToString translates the RRSIG's incep. and expir. times to the +// string representation used when printing the record. +// It takes serial arithmetic (RFC 1982) into account. +func TimeToString(t uint32) string { + mod := ((int64(t) - time.Now().Unix()) / year68) - 1 + if mod < 0 { + mod = 0 + } + ti := time.Unix(int64(t)-(mod*year68), 0).UTC() + return ti.Format("20060102150405") +} + +// StringToTime translates the RRSIG's incep. and expir. times from +// string values like "20110403154150" to an 32 bit integer. +// It takes serial arithmetic (RFC 1982) into account. +func StringToTime(s string) (uint32, error) { + t, err := time.Parse("20060102150405", s) + if err != nil { + return 0, err + } + mod := (t.Unix() / year68) - 1 + if mod < 0 { + mod = 0 + } + return uint32(t.Unix() - (mod * year68)), nil +} + +// saltToString converts a NSECX salt to uppercase and returns "-" when it is empty. +func saltToString(s string) string { + if len(s) == 0 { + return "-" + } + return strings.ToUpper(s) +} + +func euiToString(eui uint64, bits int) (hex string) { + switch bits { + case 64: + hex = fmt.Sprintf("%16.16x", eui) + hex = hex[0:2] + "-" + hex[2:4] + "-" + hex[4:6] + "-" + hex[6:8] + + "-" + hex[8:10] + "-" + hex[10:12] + "-" + hex[12:14] + "-" + hex[14:16] + case 48: + hex = fmt.Sprintf("%12.12x", eui) + hex = hex[0:2] + "-" + hex[2:4] + "-" + hex[4:6] + "-" + hex[6:8] + + "-" + hex[8:10] + "-" + hex[10:12] + } + return +} + +// copyIP returns a copy of ip. +func copyIP(ip net.IP) net.IP { + p := make(net.IP, len(ip)) + copy(p, ip) + return p +} + +// SplitN splits a string into N sized string chunks. +// This might become an exported function once. +func splitN(s string, n int) []string { + if len(s) < n { + return []string{s} + } + sx := []string{} + p, i := 0, n + for { + if i <= len(s) { + sx = append(sx, s[p:i]) + } else { + sx = append(sx, s[p:]) + break + + } + p, i = p+n, i+n + } + + return sx +} diff --git a/vendor/github.com/miekg/dns/types_generate.go b/vendor/github.com/miekg/dns/types_generate.go new file mode 100644 index 0000000..73720fe --- /dev/null +++ b/vendor/github.com/miekg/dns/types_generate.go @@ -0,0 +1,271 @@ +//+build ignore + +// types_generate.go is meant to run with go generate. It will use +// go/{importer,types} to track down all the RR struct types. Then for each type +// it will generate conversion tables (TypeToRR and TypeToString) and banal +// methods (len, Header, copy) based on the struct tags. The generated source is +// written to ztypes.go, and is meant to be checked into git. +package main + +import ( + "bytes" + "fmt" + "go/format" + "go/importer" + "go/types" + "log" + "os" + "strings" + "text/template" +) + +var skipLen = map[string]struct{}{ + "NSEC": {}, + "NSEC3": {}, + "OPT": {}, + "CSYNC": {}, +} + +var packageHdr = ` +// *** DO NOT MODIFY *** +// AUTOGENERATED BY go generate from types_generate.go + +package dns + +import ( + "encoding/base64" + "net" +) + +` + +var TypeToRR = template.Must(template.New("TypeToRR").Parse(` +// TypeToRR is a map of constructors for each RR type. +var TypeToRR = map[uint16]func() RR{ +{{range .}}{{if ne . "RFC3597"}} Type{{.}}: func() RR { return new({{.}}) }, +{{end}}{{end}} } + +`)) + +var typeToString = template.Must(template.New("typeToString").Parse(` +// TypeToString is a map of strings for each RR type. +var TypeToString = map[uint16]string{ +{{range .}}{{if ne . "NSAPPTR"}} Type{{.}}: "{{.}}", +{{end}}{{end}} TypeNSAPPTR: "NSAP-PTR", +} + +`)) + +var headerFunc = template.Must(template.New("headerFunc").Parse(` +{{range .}} func (rr *{{.}}) Header() *RR_Header { return &rr.Hdr } +{{end}} + +`)) + +// getTypeStruct will take a type and the package scope, and return the +// (innermost) struct if the type is considered a RR type (currently defined as +// those structs beginning with a RR_Header, could be redefined as implementing +// the RR interface). The bool return value indicates if embedded structs were +// resolved. +func getTypeStruct(t types.Type, scope *types.Scope) (*types.Struct, bool) { + st, ok := t.Underlying().(*types.Struct) + if !ok { + return nil, false + } + if st.Field(0).Type() == scope.Lookup("RR_Header").Type() { + return st, false + } + if st.Field(0).Anonymous() { + st, _ := getTypeStruct(st.Field(0).Type(), scope) + return st, true + } + return nil, false +} + +func main() { + // Import and type-check the package + pkg, err := importer.Default().Import("github.com/miekg/dns") + fatalIfErr(err) + scope := pkg.Scope() + + // Collect constants like TypeX + var numberedTypes []string + for _, name := range scope.Names() { + o := scope.Lookup(name) + if o == nil || !o.Exported() { + continue + } + b, ok := o.Type().(*types.Basic) + if !ok || b.Kind() != types.Uint16 { + continue + } + if !strings.HasPrefix(o.Name(), "Type") { + continue + } + name := strings.TrimPrefix(o.Name(), "Type") + if name == "PrivateRR" { + continue + } + numberedTypes = append(numberedTypes, name) + } + + // Collect actual types (*X) + var namedTypes []string + for _, name := range scope.Names() { + o := scope.Lookup(name) + if o == nil || !o.Exported() { + continue + } + if st, _ := getTypeStruct(o.Type(), scope); st == nil { + continue + } + if name == "PrivateRR" { + continue + } + + // Check if corresponding TypeX exists + if scope.Lookup("Type"+o.Name()) == nil && o.Name() != "RFC3597" { + log.Fatalf("Constant Type%s does not exist.", o.Name()) + } + + namedTypes = append(namedTypes, o.Name()) + } + + b := &bytes.Buffer{} + b.WriteString(packageHdr) + + // Generate TypeToRR + fatalIfErr(TypeToRR.Execute(b, namedTypes)) + + // Generate typeToString + fatalIfErr(typeToString.Execute(b, numberedTypes)) + + // Generate headerFunc + fatalIfErr(headerFunc.Execute(b, namedTypes)) + + // Generate len() + fmt.Fprint(b, "// len() functions\n") + for _, name := range namedTypes { + if _, ok := skipLen[name]; ok { + continue + } + o := scope.Lookup(name) + st, isEmbedded := getTypeStruct(o.Type(), scope) + if isEmbedded { + continue + } + fmt.Fprintf(b, "func (rr *%s) len() int {\n", name) + fmt.Fprintf(b, "l := rr.Hdr.len()\n") + for i := 1; i < st.NumFields(); i++ { + o := func(s string) { fmt.Fprintf(b, s, st.Field(i).Name()) } + + if _, ok := st.Field(i).Type().(*types.Slice); ok { + switch st.Tag(i) { + case `dns:"-"`: + // ignored + case `dns:"cdomain-name"`, `dns:"domain-name"`, `dns:"txt"`: + o("for _, x := range rr.%s { l += len(x) + 1 }\n") + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + continue + } + + switch { + case st.Tag(i) == `dns:"-"`: + // ignored + case st.Tag(i) == `dns:"cdomain-name"`, st.Tag(i) == `dns:"domain-name"`: + o("l += len(rr.%s) + 1\n") + case st.Tag(i) == `dns:"octet"`: + o("l += len(rr.%s)\n") + case strings.HasPrefix(st.Tag(i), `dns:"size-base64`): + fallthrough + case st.Tag(i) == `dns:"base64"`: + o("l += base64.StdEncoding.DecodedLen(len(rr.%s))\n") + case strings.HasPrefix(st.Tag(i), `dns:"size-hex`): + fallthrough + case st.Tag(i) == `dns:"hex"`: + o("l += len(rr.%s)/2 + 1\n") + case st.Tag(i) == `dns:"a"`: + o("l += net.IPv4len // %s\n") + case st.Tag(i) == `dns:"aaaa"`: + o("l += net.IPv6len // %s\n") + case st.Tag(i) == `dns:"txt"`: + o("for _, t := range rr.%s { l += len(t) + 1 }\n") + case st.Tag(i) == `dns:"uint48"`: + o("l += 6 // %s\n") + case st.Tag(i) == "": + switch st.Field(i).Type().(*types.Basic).Kind() { + case types.Uint8: + o("l++ // %s\n") + case types.Uint16: + o("l += 2 // %s\n") + case types.Uint32: + o("l += 4 // %s\n") + case types.Uint64: + o("l += 8 // %s\n") + case types.String: + o("l += len(rr.%s) + 1\n") + default: + log.Fatalln(name, st.Field(i).Name()) + } + default: + log.Fatalln(name, st.Field(i).Name(), st.Tag(i)) + } + } + fmt.Fprintf(b, "return l }\n") + } + + // Generate copy() + fmt.Fprint(b, "// copy() functions\n") + for _, name := range namedTypes { + o := scope.Lookup(name) + st, isEmbedded := getTypeStruct(o.Type(), scope) + if isEmbedded { + continue + } + fmt.Fprintf(b, "func (rr *%s) copy() RR {\n", name) + fields := []string{"*rr.Hdr.copyHeader()"} + for i := 1; i < st.NumFields(); i++ { + f := st.Field(i).Name() + if sl, ok := st.Field(i).Type().(*types.Slice); ok { + t := sl.Underlying().String() + t = strings.TrimPrefix(t, "[]") + if strings.Contains(t, ".") { + splits := strings.Split(t, ".") + t = splits[len(splits)-1] + } + fmt.Fprintf(b, "%s := make([]%s, len(rr.%s)); copy(%s, rr.%s)\n", + f, t, f, f, f) + fields = append(fields, f) + continue + } + if st.Field(i).Type().String() == "net.IP" { + fields = append(fields, "copyIP(rr."+f+")") + continue + } + fields = append(fields, "rr."+f) + } + fmt.Fprintf(b, "return &%s{%s}\n", name, strings.Join(fields, ",")) + fmt.Fprintf(b, "}\n") + } + + // gofmt + res, err := format.Source(b.Bytes()) + if err != nil { + b.WriteTo(os.Stderr) + log.Fatal(err) + } + + // write result + f, err := os.Create("ztypes.go") + fatalIfErr(err) + defer f.Close() + f.Write(res) +} + +func fatalIfErr(err error) { + if err != nil { + log.Fatal(err) + } +} diff --git a/vendor/github.com/miekg/dns/udp.go b/vendor/github.com/miekg/dns/udp.go new file mode 100644 index 0000000..12a2096 --- /dev/null +++ b/vendor/github.com/miekg/dns/udp.go @@ -0,0 +1,45 @@ +// +build !windows + +package dns + +import ( + "net" +) + +// SessionUDP holds the remote address and the associated +// out-of-band data. +type SessionUDP struct { + raddr *net.UDPAddr + context []byte +} + +// RemoteAddr returns the remote network address. +func (s *SessionUDP) RemoteAddr() net.Addr { return s.raddr } + +// ReadFromSessionUDP acts just like net.UDPConn.ReadFrom(), but returns a session object instead of a +// net.UDPAddr. +func ReadFromSessionUDP(conn *net.UDPConn, b []byte) (int, *SessionUDP, error) { + oob := make([]byte, 40) + n, oobn, _, raddr, err := conn.ReadMsgUDP(b, oob) + if err != nil { + return n, nil, err + } + return n, &SessionUDP{raddr, oob[:oobn]}, err +} + +// WriteToSessionUDP acts just like net.UDPConn.WriteTo(), but uses a *SessionUDP instead of a net.Addr. +func WriteToSessionUDP(conn *net.UDPConn, b []byte, session *SessionUDP) (int, error) { + oob := correctSource(session.context) + n, _, err := conn.WriteMsgUDP(b, oob, session.raddr) + return n, err +} + +// correctSource takes oob data and returns new oob data with the Src equal to the Dst +func correctSource(oob []byte) []byte { + dst, err := parseUDPSocketDst(oob) + // If the destination could not be determined, ignore. + if err != nil || dst == nil { + return nil + } + return marshalUDPSocketSrc(dst) +} diff --git a/vendor/github.com/miekg/dns/udp_linux.go b/vendor/github.com/miekg/dns/udp_linux.go new file mode 100644 index 0000000..13747ed --- /dev/null +++ b/vendor/github.com/miekg/dns/udp_linux.go @@ -0,0 +1,220 @@ +// +build linux,!appengine + +package dns + +// See: +// * http://stackoverflow.com/questions/3062205/setting-the-source-ip-for-a-udp-socket and +// * http://blog.powerdns.com/2012/10/08/on-binding-datagram-udp-sockets-to-the-any-addresses/ +// +// Why do we need this: When listening on 0.0.0.0 with UDP so kernel decides what is the outgoing +// interface, this might not always be the correct one. This code will make sure the egress +// packet's interface matched the ingress' one. + +import ( + "net" + "syscall" + "unsafe" + + "github.com/miekg/dns/internal/socket" +) + +const ( + sizeofInet6Pktinfo = 0x14 + sizeofInetPktinfo = 0xc + protocolIP = 0 + protocolIPv6 = 41 +) + +type inetPktinfo struct { + Ifindex int32 + Spec_dst [4]byte /* in_addr */ + Addr [4]byte /* in_addr */ +} + +type inet6Pktinfo struct { + Addr [16]byte /* in6_addr */ + Ifindex int32 +} + +type inetControlMessage struct { + Src net.IP // source address, specifying only + Dst net.IP // destination address, receiving only +} + +// setUDPSocketOptions sets the UDP socket options. +// This function is implemented on a per platform basis. See udp_*.go for more details +func setUDPSocketOptions(conn *net.UDPConn) error { + sa, err := getUDPSocketName(conn) + if err != nil { + return err + } + switch sa.(type) { + case *syscall.SockaddrInet6: + v6only, err := getUDPSocketOptions6Only(conn) + if err != nil { + return err + } + setUDPSocketOptions6(conn) + if !v6only { + setUDPSocketOptions4(conn) + } + case *syscall.SockaddrInet4: + setUDPSocketOptions4(conn) + } + return nil +} + +// setUDPSocketOptions4 prepares the v4 socket for sessions. +func setUDPSocketOptions4(conn *net.UDPConn) error { + file, err := conn.File() + if err != nil { + return err + } + if err := syscall.SetsockoptInt(int(file.Fd()), syscall.IPPROTO_IP, syscall.IP_PKTINFO, 1); err != nil { + file.Close() + return err + } + // Calling File() above results in the connection becoming blocking, we must fix that. + // See https://github.com/miekg/dns/issues/279 + err = syscall.SetNonblock(int(file.Fd()), true) + if err != nil { + file.Close() + return err + } + file.Close() + return nil +} + +// setUDPSocketOptions6 prepares the v6 socket for sessions. +func setUDPSocketOptions6(conn *net.UDPConn) error { + file, err := conn.File() + if err != nil { + return err + } + if err := syscall.SetsockoptInt(int(file.Fd()), syscall.IPPROTO_IPV6, syscall.IPV6_RECVPKTINFO, 1); err != nil { + file.Close() + return err + } + err = syscall.SetNonblock(int(file.Fd()), true) + if err != nil { + file.Close() + return err + } + file.Close() + return nil +} + +// getUDPSocketOption6Only return true if the socket is v6 only and false when it is v4/v6 combined +// (dualstack). +func getUDPSocketOptions6Only(conn *net.UDPConn) (bool, error) { + file, err := conn.File() + if err != nil { + return false, err + } + // dual stack. See http://stackoverflow.com/questions/1618240/how-to-support-both-ipv4-and-ipv6-connections + v6only, err := syscall.GetsockoptInt(int(file.Fd()), syscall.IPPROTO_IPV6, syscall.IPV6_V6ONLY) + if err != nil { + file.Close() + return false, err + } + file.Close() + return v6only == 1, nil +} + +func getUDPSocketName(conn *net.UDPConn) (syscall.Sockaddr, error) { + file, err := conn.File() + if err != nil { + return nil, err + } + defer file.Close() + return syscall.Getsockname(int(file.Fd())) +} + +// marshalInetPacketInfo marshals a ipv4 control message, returning +// the byte slice for the next marshal, if any +func marshalInetPacketInfo(b []byte, cm *inetControlMessage) []byte { + m := socket.ControlMessage(b) + m.MarshalHeader(protocolIP, syscall.IP_PKTINFO, sizeofInetPktinfo) + if cm != nil { + pi := (*inetPktinfo)(unsafe.Pointer(&m.Data(sizeofInetPktinfo)[0])) + if ip := cm.Src.To4(); ip != nil { + copy(pi.Spec_dst[:], ip) + } + } + return m.Next(sizeofInetPktinfo) +} + +// marshalInet6PacketInfo marshals a ipv6 control message, returning +// the byte slice for the next marshal, if any +func marshalInet6PacketInfo(b []byte, cm *inetControlMessage) []byte { + m := socket.ControlMessage(b) + m.MarshalHeader(protocolIPv6, syscall.IPV6_PKTINFO, sizeofInet6Pktinfo) + if cm != nil { + pi := (*inet6Pktinfo)(unsafe.Pointer(&m.Data(sizeofInet6Pktinfo)[0])) + if ip := cm.Src.To16(); ip != nil && ip.To4() == nil { + copy(pi.Addr[:], ip) + } + } + return m.Next(sizeofInet6Pktinfo) +} + +func parseInetPacketInfo(cm *inetControlMessage, b []byte) { + pi := (*inetPktinfo)(unsafe.Pointer(&b[0])) + if len(cm.Dst) < net.IPv4len { + cm.Dst = make(net.IP, net.IPv4len) + } + copy(cm.Dst, pi.Addr[:]) +} + +func parseInet6PacketInfo(cm *inetControlMessage, b []byte) { + pi := (*inet6Pktinfo)(unsafe.Pointer(&b[0])) + if len(cm.Dst) < net.IPv6len { + cm.Dst = make(net.IP, net.IPv6len) + } + copy(cm.Dst, pi.Addr[:]) +} + +// parseUDPSocketDst takes out-of-band data from ReadMsgUDP and parses it for +// the Dst address +func parseUDPSocketDst(oob []byte) (net.IP, error) { + cm := new(inetControlMessage) + ms, err := socket.ControlMessage(oob).Parse() + if err != nil { + return nil, err + } + for _, m := range ms { + lvl, typ, l, err := m.ParseHeader() + if err != nil { + return nil, err + } + if lvl == protocolIPv6 { // IPv6 + if typ == syscall.IPV6_PKTINFO && l >= sizeofInet6Pktinfo { + parseInet6PacketInfo(cm, m.Data(l)) + } + } else if lvl == protocolIP { // IPv4 + if typ == syscall.IP_PKTINFO && l >= sizeofInetPktinfo { + parseInetPacketInfo(cm, m.Data(l)) + } + } + } + return cm.Dst, nil +} + +// marshalUDPSocketSrc takes the given src address and returns out-of-band data +// to give to WriteMsgUDP +func marshalUDPSocketSrc(src net.IP) []byte { + var oob []byte + // If the dst is definitely an ipv6, then use ipv6 control to respond + // otherwise use ipv4 because the ipv6 marshal ignores ipv4 messages. + // See marshalInet6PacketInfo + cm := new(inetControlMessage) + cm.Src = src + if src.To4() == nil { + oob = make([]byte, socket.ControlMessageSpace(sizeofInet6Pktinfo)) + marshalInet6PacketInfo(oob, cm) + } else { + oob = make([]byte, socket.ControlMessageSpace(sizeofInetPktinfo)) + marshalInetPacketInfo(oob, cm) + } + return oob +} diff --git a/vendor/github.com/miekg/dns/udp_other.go b/vendor/github.com/miekg/dns/udp_other.go new file mode 100644 index 0000000..531f4eb --- /dev/null +++ b/vendor/github.com/miekg/dns/udp_other.go @@ -0,0 +1,17 @@ +// +build !linux appengine + +package dns + +import ( + "net" +) + +// These do nothing. See udp_linux.go for an example of how to implement this. + +// We tried to adhire to some kind of naming scheme. +func setUDPSocketOptions(conn *net.UDPConn) error { return nil } +func setUDPSocketOptions4(conn *net.UDPConn) error { return nil } +func setUDPSocketOptions6(conn *net.UDPConn) error { return nil } +func getUDPSocketOptions6Only(conn *net.UDPConn) (bool, error) { return false, nil } +func parseUDPSocketDst(oob []byte) (net.IP, error) { return nil, nil } +func marshalUDPSocketSrc(src net.IP) []byte { return nil } diff --git a/vendor/github.com/miekg/dns/udp_windows.go b/vendor/github.com/miekg/dns/udp_windows.go new file mode 100644 index 0000000..2ad4ede --- /dev/null +++ b/vendor/github.com/miekg/dns/udp_windows.go @@ -0,0 +1,30 @@ +// +build windows + +package dns + +import "net" + +// SessionUDP holds the remote address +type SessionUDP struct { + raddr *net.UDPAddr +} + +// RemoteAddr returns the remote network address. +func (s *SessionUDP) RemoteAddr() net.Addr { return s.raddr } + +// ReadFromSessionUDP acts just like net.UDPConn.ReadFrom(), but returns a session object instead of a +// net.UDPAddr. +func ReadFromSessionUDP(conn *net.UDPConn, b []byte) (int, *SessionUDP, error) { + n, raddr, err := conn.ReadFrom(b) + if err != nil { + return n, nil, err + } + session := &SessionUDP{raddr.(*net.UDPAddr)} + return n, session, err +} + +// WriteToSessionUDP acts just like net.UDPConn.WriteTo(), but uses a *SessionUDP instead of a net.Addr. +func WriteToSessionUDP(conn *net.UDPConn, b []byte, session *SessionUDP) (int, error) { + n, err := conn.WriteTo(b, session.raddr) + return n, err +} diff --git a/vendor/github.com/miekg/dns/update.go b/vendor/github.com/miekg/dns/update.go new file mode 100644 index 0000000..e90c5c9 --- /dev/null +++ b/vendor/github.com/miekg/dns/update.go @@ -0,0 +1,106 @@ +package dns + +// NameUsed sets the RRs in the prereq section to +// "Name is in use" RRs. RFC 2136 section 2.4.4. +func (u *Msg) NameUsed(rr []RR) { + if u.Answer == nil { + u.Answer = make([]RR, 0, len(rr)) + } + for _, r := range rr { + u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: TypeANY, Class: ClassANY}}) + } +} + +// NameNotUsed sets the RRs in the prereq section to +// "Name is in not use" RRs. RFC 2136 section 2.4.5. +func (u *Msg) NameNotUsed(rr []RR) { + if u.Answer == nil { + u.Answer = make([]RR, 0, len(rr)) + } + for _, r := range rr { + u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: TypeANY, Class: ClassNONE}}) + } +} + +// Used sets the RRs in the prereq section to +// "RRset exists (value dependent -- with rdata)" RRs. RFC 2136 section 2.4.2. +func (u *Msg) Used(rr []RR) { + if len(u.Question) == 0 { + panic("dns: empty question section") + } + if u.Answer == nil { + u.Answer = make([]RR, 0, len(rr)) + } + for _, r := range rr { + r.Header().Class = u.Question[0].Qclass + u.Answer = append(u.Answer, r) + } +} + +// RRsetUsed sets the RRs in the prereq section to +// "RRset exists (value independent -- no rdata)" RRs. RFC 2136 section 2.4.1. +func (u *Msg) RRsetUsed(rr []RR) { + if u.Answer == nil { + u.Answer = make([]RR, 0, len(rr)) + } + for _, r := range rr { + u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: r.Header().Rrtype, Class: ClassANY}}) + } +} + +// RRsetNotUsed sets the RRs in the prereq section to +// "RRset does not exist" RRs. RFC 2136 section 2.4.3. +func (u *Msg) RRsetNotUsed(rr []RR) { + if u.Answer == nil { + u.Answer = make([]RR, 0, len(rr)) + } + for _, r := range rr { + u.Answer = append(u.Answer, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: r.Header().Rrtype, Class: ClassNONE}}) + } +} + +// Insert creates a dynamic update packet that adds an complete RRset, see RFC 2136 section 2.5.1. +func (u *Msg) Insert(rr []RR) { + if len(u.Question) == 0 { + panic("dns: empty question section") + } + if u.Ns == nil { + u.Ns = make([]RR, 0, len(rr)) + } + for _, r := range rr { + r.Header().Class = u.Question[0].Qclass + u.Ns = append(u.Ns, r) + } +} + +// RemoveRRset creates a dynamic update packet that deletes an RRset, see RFC 2136 section 2.5.2. +func (u *Msg) RemoveRRset(rr []RR) { + if u.Ns == nil { + u.Ns = make([]RR, 0, len(rr)) + } + for _, r := range rr { + u.Ns = append(u.Ns, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: r.Header().Rrtype, Class: ClassANY}}) + } +} + +// RemoveName creates a dynamic update packet that deletes all RRsets of a name, see RFC 2136 section 2.5.3 +func (u *Msg) RemoveName(rr []RR) { + if u.Ns == nil { + u.Ns = make([]RR, 0, len(rr)) + } + for _, r := range rr { + u.Ns = append(u.Ns, &ANY{Hdr: RR_Header{Name: r.Header().Name, Ttl: 0, Rrtype: TypeANY, Class: ClassANY}}) + } +} + +// Remove creates a dynamic update packet deletes RR from a RRSset, see RFC 2136 section 2.5.4 +func (u *Msg) Remove(rr []RR) { + if u.Ns == nil { + u.Ns = make([]RR, 0, len(rr)) + } + for _, r := range rr { + r.Header().Class = ClassNONE + r.Header().Ttl = 0 + u.Ns = append(u.Ns, r) + } +} diff --git a/vendor/github.com/miekg/dns/xfr.go b/vendor/github.com/miekg/dns/xfr.go new file mode 100644 index 0000000..5d0ff5c --- /dev/null +++ b/vendor/github.com/miekg/dns/xfr.go @@ -0,0 +1,260 @@ +package dns + +import ( + "fmt" + "time" +) + +// Envelope is used when doing a zone transfer with a remote server. +type Envelope struct { + RR []RR // The set of RRs in the answer section of the xfr reply message. + Error error // If something went wrong, this contains the error. +} + +// A Transfer defines parameters that are used during a zone transfer. +type Transfer struct { + *Conn + DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds + ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds + WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds + TsigSecret map[string]string // Secret(s) for Tsig map[], zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) + tsigTimersOnly bool +} + +// Think we need to away to stop the transfer + +// In performs an incoming transfer with the server in a. +// If you would like to set the source IP, or some other attribute +// of a Dialer for a Transfer, you can do so by specifying the attributes +// in the Transfer.Conn: +// +// d := net.Dialer{LocalAddr: transfer_source} +// con, err := d.Dial("tcp", master) +// dnscon := &dns.Conn{Conn:con} +// transfer = &dns.Transfer{Conn: dnscon} +// channel, err := transfer.In(message, master) +// +func (t *Transfer) In(q *Msg, a string) (env chan *Envelope, err error) { + timeout := dnsTimeout + if t.DialTimeout != 0 { + timeout = t.DialTimeout + } + if t.Conn == nil { + t.Conn, err = DialTimeout("tcp", a, timeout) + if err != nil { + return nil, err + } + } + if err := t.WriteMsg(q); err != nil { + return nil, err + } + env = make(chan *Envelope) + go func() { + if q.Question[0].Qtype == TypeAXFR { + go t.inAxfr(q, env) + return + } + if q.Question[0].Qtype == TypeIXFR { + go t.inIxfr(q, env) + return + } + }() + return env, nil +} + +func (t *Transfer) inAxfr(q *Msg, c chan *Envelope) { + first := true + defer t.Close() + defer close(c) + timeout := dnsTimeout + if t.ReadTimeout != 0 { + timeout = t.ReadTimeout + } + for { + t.Conn.SetReadDeadline(time.Now().Add(timeout)) + in, err := t.ReadMsg() + if err != nil { + c <- &Envelope{nil, err} + return + } + if q.Id != in.Id { + c <- &Envelope{in.Answer, ErrId} + return + } + if first { + if in.Rcode != RcodeSuccess { + c <- &Envelope{in.Answer, &Error{err: fmt.Sprintf(errXFR, in.Rcode)}} + return + } + if !isSOAFirst(in) { + c <- &Envelope{in.Answer, ErrSoa} + return + } + first = !first + // only one answer that is SOA, receive more + if len(in.Answer) == 1 { + t.tsigTimersOnly = true + c <- &Envelope{in.Answer, nil} + continue + } + } + + if !first { + t.tsigTimersOnly = true // Subsequent envelopes use this. + if isSOALast(in) { + c <- &Envelope{in.Answer, nil} + return + } + c <- &Envelope{in.Answer, nil} + } + } +} + +func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) { + serial := uint32(0) // The first serial seen is the current server serial + axfr := true + n := 0 + qser := q.Ns[0].(*SOA).Serial + defer t.Close() + defer close(c) + timeout := dnsTimeout + if t.ReadTimeout != 0 { + timeout = t.ReadTimeout + } + for { + t.SetReadDeadline(time.Now().Add(timeout)) + in, err := t.ReadMsg() + if err != nil { + c <- &Envelope{nil, err} + return + } + if q.Id != in.Id { + c <- &Envelope{in.Answer, ErrId} + return + } + if in.Rcode != RcodeSuccess { + c <- &Envelope{in.Answer, &Error{err: fmt.Sprintf(errXFR, in.Rcode)}} + return + } + if n == 0 { + // Check if the returned answer is ok + if !isSOAFirst(in) { + c <- &Envelope{in.Answer, ErrSoa} + return + } + // This serial is important + serial = in.Answer[0].(*SOA).Serial + // Check if there are no changes in zone + if qser >= serial { + c <- &Envelope{in.Answer, nil} + return + } + } + // Now we need to check each message for SOA records, to see what we need to do + t.tsigTimersOnly = true + for _, rr := range in.Answer { + if v, ok := rr.(*SOA); ok { + if v.Serial == serial { + n++ + // quit if it's a full axfr or the the servers' SOA is repeated the third time + if axfr && n == 2 || n == 3 { + c <- &Envelope{in.Answer, nil} + return + } + } else if axfr { + // it's an ixfr + axfr = false + } + } + } + c <- &Envelope{in.Answer, nil} + } +} + +// Out performs an outgoing transfer with the client connecting in w. +// Basic use pattern: +// +// ch := make(chan *dns.Envelope) +// tr := new(dns.Transfer) +// go tr.Out(w, r, ch) +// ch <- &dns.Envelope{RR: []dns.RR{soa, rr1, rr2, rr3, soa}} +// close(ch) +// w.Hijack() +// // w.Close() // Client closes connection +// +// The server is responsible for sending the correct sequence of RRs through the +// channel ch. +func (t *Transfer) Out(w ResponseWriter, q *Msg, ch chan *Envelope) error { + for x := range ch { + r := new(Msg) + // Compress? + r.SetReply(q) + r.Authoritative = true + // assume it fits TODO(miek): fix + r.Answer = append(r.Answer, x.RR...) + if err := w.WriteMsg(r); err != nil { + return err + } + } + w.TsigTimersOnly(true) + return nil +} + +// ReadMsg reads a message from the transfer connection t. +func (t *Transfer) ReadMsg() (*Msg, error) { + m := new(Msg) + p := make([]byte, MaxMsgSize) + n, err := t.Read(p) + if err != nil && n == 0 { + return nil, err + } + p = p[:n] + if err := m.Unpack(p); err != nil { + return nil, err + } + if ts := m.IsTsig(); ts != nil && t.TsigSecret != nil { + if _, ok := t.TsigSecret[ts.Hdr.Name]; !ok { + return m, ErrSecret + } + // Need to work on the original message p, as that was used to calculate the tsig. + err = TsigVerify(p, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly) + t.tsigRequestMAC = ts.MAC + } + return m, err +} + +// WriteMsg writes a message through the transfer connection t. +func (t *Transfer) WriteMsg(m *Msg) (err error) { + var out []byte + if ts := m.IsTsig(); ts != nil && t.TsigSecret != nil { + if _, ok := t.TsigSecret[ts.Hdr.Name]; !ok { + return ErrSecret + } + out, t.tsigRequestMAC, err = TsigGenerate(m, t.TsigSecret[ts.Hdr.Name], t.tsigRequestMAC, t.tsigTimersOnly) + } else { + out, err = m.Pack() + } + if err != nil { + return err + } + if _, err = t.Write(out); err != nil { + return err + } + return nil +} + +func isSOAFirst(in *Msg) bool { + if len(in.Answer) > 0 { + return in.Answer[0].Header().Rrtype == TypeSOA + } + return false +} + +func isSOALast(in *Msg) bool { + if len(in.Answer) > 0 { + return in.Answer[len(in.Answer)-1].Header().Rrtype == TypeSOA + } + return false +} + +const errXFR = "bad xfr rcode: %d" diff --git a/vendor/github.com/miekg/dns/zcompress.go b/vendor/github.com/miekg/dns/zcompress.go new file mode 100644 index 0000000..ee9841e --- /dev/null +++ b/vendor/github.com/miekg/dns/zcompress.go @@ -0,0 +1,119 @@ +// *** DO NOT MODIFY *** +// AUTOGENERATED BY go generate from compress_generate.go + +package dns + +func compressionLenHelperType(c map[string]int, r RR) { + switch x := r.(type) { + case *AFSDB: + compressionLenHelper(c, x.Hostname) + case *CNAME: + compressionLenHelper(c, x.Target) + case *DNAME: + compressionLenHelper(c, x.Target) + case *HIP: + for i := range x.RendezvousServers { + compressionLenHelper(c, x.RendezvousServers[i]) + } + case *KX: + compressionLenHelper(c, x.Exchanger) + case *LP: + compressionLenHelper(c, x.Fqdn) + case *MB: + compressionLenHelper(c, x.Mb) + case *MD: + compressionLenHelper(c, x.Md) + case *MF: + compressionLenHelper(c, x.Mf) + case *MG: + compressionLenHelper(c, x.Mg) + case *MINFO: + compressionLenHelper(c, x.Rmail) + compressionLenHelper(c, x.Email) + case *MR: + compressionLenHelper(c, x.Mr) + case *MX: + compressionLenHelper(c, x.Mx) + case *NAPTR: + compressionLenHelper(c, x.Replacement) + case *NS: + compressionLenHelper(c, x.Ns) + case *NSAPPTR: + compressionLenHelper(c, x.Ptr) + case *NSEC: + compressionLenHelper(c, x.NextDomain) + case *PTR: + compressionLenHelper(c, x.Ptr) + case *PX: + compressionLenHelper(c, x.Map822) + compressionLenHelper(c, x.Mapx400) + case *RP: + compressionLenHelper(c, x.Mbox) + compressionLenHelper(c, x.Txt) + case *RRSIG: + compressionLenHelper(c, x.SignerName) + case *RT: + compressionLenHelper(c, x.Host) + case *SIG: + compressionLenHelper(c, x.SignerName) + case *SOA: + compressionLenHelper(c, x.Ns) + compressionLenHelper(c, x.Mbox) + case *SRV: + compressionLenHelper(c, x.Target) + case *TALINK: + compressionLenHelper(c, x.PreviousName) + compressionLenHelper(c, x.NextName) + case *TKEY: + compressionLenHelper(c, x.Algorithm) + case *TSIG: + compressionLenHelper(c, x.Algorithm) + } +} + +func compressionLenSearchType(c map[string]int, r RR) (int, bool) { + switch x := r.(type) { + case *AFSDB: + k1, ok1 := compressionLenSearch(c, x.Hostname) + return k1, ok1 + case *CNAME: + k1, ok1 := compressionLenSearch(c, x.Target) + return k1, ok1 + case *MB: + k1, ok1 := compressionLenSearch(c, x.Mb) + return k1, ok1 + case *MD: + k1, ok1 := compressionLenSearch(c, x.Md) + return k1, ok1 + case *MF: + k1, ok1 := compressionLenSearch(c, x.Mf) + return k1, ok1 + case *MG: + k1, ok1 := compressionLenSearch(c, x.Mg) + return k1, ok1 + case *MINFO: + k1, ok1 := compressionLenSearch(c, x.Rmail) + k2, ok2 := compressionLenSearch(c, x.Email) + return k1 + k2, ok1 && ok2 + case *MR: + k1, ok1 := compressionLenSearch(c, x.Mr) + return k1, ok1 + case *MX: + k1, ok1 := compressionLenSearch(c, x.Mx) + return k1, ok1 + case *NS: + k1, ok1 := compressionLenSearch(c, x.Ns) + return k1, ok1 + case *PTR: + k1, ok1 := compressionLenSearch(c, x.Ptr) + return k1, ok1 + case *RT: + k1, ok1 := compressionLenSearch(c, x.Host) + return k1, ok1 + case *SOA: + k1, ok1 := compressionLenSearch(c, x.Ns) + k2, ok2 := compressionLenSearch(c, x.Mbox) + return k1 + k2, ok1 && ok2 + } + return 0, false +} diff --git a/vendor/github.com/miekg/dns/zmsg.go b/vendor/github.com/miekg/dns/zmsg.go new file mode 100644 index 0000000..d60023d --- /dev/null +++ b/vendor/github.com/miekg/dns/zmsg.go @@ -0,0 +1,3619 @@ +// *** DO NOT MODIFY *** +// AUTOGENERATED BY go generate from msg_generate.go + +package dns + +// pack*() functions + +func (rr *A) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packDataA(rr.A, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *AAAA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packDataAAAA(rr.AAAA, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *AFSDB) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Subtype, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Hostname, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *ANY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *AVC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringTxt(rr.Txt, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *CAA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Flag, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Tag, msg, off) + if err != nil { + return off, err + } + off, err = packStringOctet(rr.Value, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *CDNSKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Protocol, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.PublicKey, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *CDS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.DigestType, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Digest, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *CERT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Type, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.Certificate, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *CNAME) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Target, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *CSYNC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint32(rr.Serial, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packDataNsec(rr.TypeBitMap, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *DHCID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringBase64(rr.Digest, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *DLV) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.DigestType, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Digest, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *DNAME) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Target, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *DNSKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Protocol, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.PublicKey, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *DS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.DigestType, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Digest, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *EID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringHex(rr.Endpoint, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *EUI48) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint48(rr.Address, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *EUI64) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint64(rr.Address, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *GID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint32(rr.Gid, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *GPOS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packString(rr.Longitude, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Latitude, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Altitude, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *HINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packString(rr.Cpu, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Os, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *HIP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.HitLength, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.PublicKeyAlgorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.PublicKeyLength, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Hit, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.PublicKey, msg, off) + if err != nil { + return off, err + } + off, err = packDataDomainNames(rr.RendezvousServers, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *KEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Protocol, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.PublicKey, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *KX) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Exchanger, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *L32) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = packDataA(rr.Locator32, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *L64) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = packUint64(rr.Locator64, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *LOC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Version, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Size, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.HorizPre, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.VertPre, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Latitude, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Longitude, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Altitude, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *LP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Fqdn, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MB) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Mb, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MD) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Md, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MF) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Mf, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Mg, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Rmail, msg, off, compression, compress) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Email, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Mr, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *MX) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Mx, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NAPTR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Order, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Service, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Regexp, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Replacement, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = packUint64(rr.NodeID, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NIMLOC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringHex(rr.Locator, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringTxt(rr.ZSData, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NS) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Ns, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NSAPPTR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Ptr, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NSEC) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.NextDomain, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = packDataNsec(rr.TypeBitMap, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NSEC3) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Hash, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Iterations, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.SaltLength, msg, off) + if err != nil { + return off, err + } + // Only pack salt if value is not "-", i.e. empty + if rr.Salt != "-" { + off, err = packStringHex(rr.Salt, msg, off) + if err != nil { + return off, err + } + } + off, err = packUint8(rr.HashLength, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase32(rr.NextDomain, msg, off) + if err != nil { + return off, err + } + off, err = packDataNsec(rr.TypeBitMap, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *NSEC3PARAM) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Hash, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Iterations, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.SaltLength, msg, off) + if err != nil { + return off, err + } + // Only pack salt if value is not "-", i.e. empty + if rr.Salt != "-" { + off, err = packStringHex(rr.Salt, msg, off) + if err != nil { + return off, err + } + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *OPENPGPKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringBase64(rr.PublicKey, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *OPT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packDataOpt(rr.Option, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *PTR) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Ptr, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *PX) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Map822, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Mapx400, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *RFC3597) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringHex(rr.Rdata, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *RKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Flags, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Protocol, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.PublicKey, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *RP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Mbox, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Txt, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *RRSIG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.TypeCovered, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Labels, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.OrigTtl, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Expiration, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Inception, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.SignerName, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.Signature, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *RT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Preference, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Host, msg, off, compression, compress) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *SIG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.TypeCovered, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Labels, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.OrigTtl, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Expiration, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Inception, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.SignerName, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = packStringBase64(rr.Signature, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *SMIMEA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Usage, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Selector, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.MatchingType, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Certificate, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *SOA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Ns, msg, off, compression, compress) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Mbox, msg, off, compression, compress) + if err != nil { + return off, err + } + off, err = packUint32(rr.Serial, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Refresh, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Retry, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Expire, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Minttl, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *SPF) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringTxt(rr.Txt, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *SRV) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Priority, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Weight, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Port, msg, off) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.Target, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *SSHFP) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Type, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.FingerPrint, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *TA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.KeyTag, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Algorithm, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.DigestType, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Digest, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *TALINK) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.PreviousName, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = PackDomainName(rr.NextName, msg, off, compression, false) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *TKEY) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Algorithm, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = packUint32(rr.Inception, msg, off) + if err != nil { + return off, err + } + off, err = packUint32(rr.Expiration, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Mode, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Error, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.KeySize, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.Key, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.OtherLen, msg, off) + if err != nil { + return off, err + } + off, err = packString(rr.OtherData, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *TLSA) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint8(rr.Usage, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.Selector, msg, off) + if err != nil { + return off, err + } + off, err = packUint8(rr.MatchingType, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.Certificate, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *TSIG) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = PackDomainName(rr.Algorithm, msg, off, compression, false) + if err != nil { + return off, err + } + off, err = packUint48(rr.TimeSigned, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Fudge, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.MACSize, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.MAC, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.OrigId, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Error, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.OtherLen, msg, off) + if err != nil { + return off, err + } + off, err = packStringHex(rr.OtherData, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *TXT) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packStringTxt(rr.Txt, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *UID) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint32(rr.Uid, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *UINFO) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packString(rr.Uinfo, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *URI) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packUint16(rr.Priority, msg, off) + if err != nil { + return off, err + } + off, err = packUint16(rr.Weight, msg, off) + if err != nil { + return off, err + } + off, err = packStringOctet(rr.Target, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +func (rr *X25) pack(msg []byte, off int, compression map[string]int, compress bool) (int, error) { + off, err := rr.Hdr.pack(msg, off, compression, compress) + if err != nil { + return off, err + } + headerEnd := off + off, err = packString(rr.PSDNAddress, msg, off) + if err != nil { + return off, err + } + rr.Header().Rdlength = uint16(off - headerEnd) + return off, nil +} + +// unpack*() functions + +func unpackA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(A) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.A, off, err = unpackDataA(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackAAAA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(AAAA) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.AAAA, off, err = unpackDataAAAA(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackAFSDB(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(AFSDB) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Subtype, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Hostname, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackANY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(ANY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + return rr, off, err +} + +func unpackAVC(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(AVC) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Txt, off, err = unpackStringTxt(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackCAA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(CAA) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Flag, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Tag, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Value, off, err = unpackStringOctet(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackCDNSKEY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(CDNSKEY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Flags, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Protocol, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackCDS(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(CDS) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.DigestType, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackCERT(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(CERT) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Type, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Certificate, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackCNAME(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(CNAME) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Target, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackCSYNC(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(CSYNC) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Serial, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Flags, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.TypeBitMap, off, err = unpackDataNsec(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackDHCID(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(DHCID) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Digest, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackDLV(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(DLV) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.DigestType, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackDNAME(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(DNAME) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Target, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackDNSKEY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(DNSKEY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Flags, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Protocol, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackDS(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(DS) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.DigestType, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackEID(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(EID) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Endpoint, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackEUI48(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(EUI48) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Address, off, err = unpackUint48(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackEUI64(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(EUI64) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Address, off, err = unpackUint64(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackGID(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(GID) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Gid, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackGPOS(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(GPOS) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Longitude, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Latitude, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Altitude, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackHINFO(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(HINFO) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Cpu, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Os, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackHIP(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(HIP) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.HitLength, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.PublicKeyAlgorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.PublicKeyLength, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Hit, off, err = unpackStringHex(msg, off, off+int(rr.HitLength)) + if err != nil { + return rr, off, err + } + rr.PublicKey, off, err = unpackStringBase64(msg, off, off+int(rr.PublicKeyLength)) + if err != nil { + return rr, off, err + } + rr.RendezvousServers, off, err = unpackDataDomainNames(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackKEY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(KEY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Flags, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Protocol, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackKX(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(KX) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Exchanger, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackL32(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(L32) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Locator32, off, err = unpackDataA(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackL64(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(L64) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Locator64, off, err = unpackUint64(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackLOC(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(LOC) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Version, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Size, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.HorizPre, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.VertPre, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Latitude, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Longitude, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Altitude, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackLP(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(LP) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Fqdn, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMB(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MB) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Mb, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMD(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MD) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Md, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMF(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MF) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Mf, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMG(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MG) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Mg, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMINFO(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MINFO) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Rmail, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Email, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMR(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MR) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Mr, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackMX(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(MX) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Mx, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNAPTR(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NAPTR) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Order, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Flags, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Service, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Regexp, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Replacement, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNID(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NID) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.NodeID, off, err = unpackUint64(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNIMLOC(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NIMLOC) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Locator, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNINFO(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NINFO) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.ZSData, off, err = unpackStringTxt(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNS(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NS) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Ns, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNSAPPTR(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NSAPPTR) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Ptr, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNSEC(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NSEC) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.NextDomain, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.TypeBitMap, off, err = unpackDataNsec(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNSEC3(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NSEC3) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Hash, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Flags, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Iterations, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.SaltLength, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Salt, off, err = unpackStringHex(msg, off, off+int(rr.SaltLength)) + if err != nil { + return rr, off, err + } + rr.HashLength, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.NextDomain, off, err = unpackStringBase32(msg, off, off+int(rr.HashLength)) + if err != nil { + return rr, off, err + } + rr.TypeBitMap, off, err = unpackDataNsec(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackNSEC3PARAM(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(NSEC3PARAM) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Hash, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Flags, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Iterations, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.SaltLength, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Salt, off, err = unpackStringHex(msg, off, off+int(rr.SaltLength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackOPENPGPKEY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(OPENPGPKEY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackOPT(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(OPT) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Option, off, err = unpackDataOpt(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackPTR(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(PTR) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Ptr, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackPX(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(PX) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Map822, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Mapx400, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackRFC3597(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(RFC3597) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Rdata, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackRKEY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(RKEY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Flags, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Protocol, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackRP(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(RP) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Mbox, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Txt, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackRRSIG(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(RRSIG) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.TypeCovered, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Labels, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.OrigTtl, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Expiration, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Inception, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.SignerName, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Signature, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackRT(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(RT) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Preference, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Host, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackSIG(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(SIG) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.TypeCovered, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Labels, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.OrigTtl, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Expiration, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Inception, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.SignerName, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Signature, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackSMIMEA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(SMIMEA) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Usage, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Selector, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.MatchingType, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Certificate, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackSOA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(SOA) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Ns, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Mbox, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Serial, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Refresh, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Retry, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Expire, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Minttl, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackSPF(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(SPF) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Txt, off, err = unpackStringTxt(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackSRV(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(SRV) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Priority, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Weight, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Port, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Target, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackSSHFP(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(SSHFP) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Type, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.FingerPrint, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackTA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(TA) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.KeyTag, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Algorithm, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.DigestType, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackTALINK(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(TALINK) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.PreviousName, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.NextName, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackTKEY(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(TKEY) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Algorithm, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Inception, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Expiration, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Mode, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Error, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.KeySize, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Key, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.OtherLen, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.OtherData, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackTLSA(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(TLSA) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Usage, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Selector, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.MatchingType, off, err = unpackUint8(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Certificate, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackTSIG(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(TSIG) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Algorithm, off, err = UnpackDomainName(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.TimeSigned, off, err = unpackUint48(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Fudge, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.MACSize, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.MAC, off, err = unpackStringHex(msg, off, off+int(rr.MACSize)) + if err != nil { + return rr, off, err + } + rr.OrigId, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Error, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.OtherLen, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.OtherData, off, err = unpackStringHex(msg, off, off+int(rr.OtherLen)) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackTXT(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(TXT) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Txt, off, err = unpackStringTxt(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackUID(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(UID) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Uid, off, err = unpackUint32(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackUINFO(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(UINFO) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Uinfo, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackURI(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(URI) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.Priority, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Weight, off, err = unpackUint16(msg, off) + if err != nil { + return rr, off, err + } + if off == len(msg) { + return rr, off, nil + } + rr.Target, off, err = unpackStringOctet(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +func unpackX25(h RR_Header, msg []byte, off int) (RR, int, error) { + rr := new(X25) + rr.Hdr = h + if noRdata(h) { + return rr, off, nil + } + var err error + rdStart := off + _ = rdStart + + rr.PSDNAddress, off, err = unpackString(msg, off) + if err != nil { + return rr, off, err + } + return rr, off, err +} + +var typeToUnpack = map[uint16]func(RR_Header, []byte, int) (RR, int, error){ + TypeA: unpackA, + TypeAAAA: unpackAAAA, + TypeAFSDB: unpackAFSDB, + TypeANY: unpackANY, + TypeAVC: unpackAVC, + TypeCAA: unpackCAA, + TypeCDNSKEY: unpackCDNSKEY, + TypeCDS: unpackCDS, + TypeCERT: unpackCERT, + TypeCNAME: unpackCNAME, + TypeCSYNC: unpackCSYNC, + TypeDHCID: unpackDHCID, + TypeDLV: unpackDLV, + TypeDNAME: unpackDNAME, + TypeDNSKEY: unpackDNSKEY, + TypeDS: unpackDS, + TypeEID: unpackEID, + TypeEUI48: unpackEUI48, + TypeEUI64: unpackEUI64, + TypeGID: unpackGID, + TypeGPOS: unpackGPOS, + TypeHINFO: unpackHINFO, + TypeHIP: unpackHIP, + TypeKEY: unpackKEY, + TypeKX: unpackKX, + TypeL32: unpackL32, + TypeL64: unpackL64, + TypeLOC: unpackLOC, + TypeLP: unpackLP, + TypeMB: unpackMB, + TypeMD: unpackMD, + TypeMF: unpackMF, + TypeMG: unpackMG, + TypeMINFO: unpackMINFO, + TypeMR: unpackMR, + TypeMX: unpackMX, + TypeNAPTR: unpackNAPTR, + TypeNID: unpackNID, + TypeNIMLOC: unpackNIMLOC, + TypeNINFO: unpackNINFO, + TypeNS: unpackNS, + TypeNSAPPTR: unpackNSAPPTR, + TypeNSEC: unpackNSEC, + TypeNSEC3: unpackNSEC3, + TypeNSEC3PARAM: unpackNSEC3PARAM, + TypeOPENPGPKEY: unpackOPENPGPKEY, + TypeOPT: unpackOPT, + TypePTR: unpackPTR, + TypePX: unpackPX, + TypeRKEY: unpackRKEY, + TypeRP: unpackRP, + TypeRRSIG: unpackRRSIG, + TypeRT: unpackRT, + TypeSIG: unpackSIG, + TypeSMIMEA: unpackSMIMEA, + TypeSOA: unpackSOA, + TypeSPF: unpackSPF, + TypeSRV: unpackSRV, + TypeSSHFP: unpackSSHFP, + TypeTA: unpackTA, + TypeTALINK: unpackTALINK, + TypeTKEY: unpackTKEY, + TypeTLSA: unpackTLSA, + TypeTSIG: unpackTSIG, + TypeTXT: unpackTXT, + TypeUID: unpackUID, + TypeUINFO: unpackUINFO, + TypeURI: unpackURI, + TypeX25: unpackX25, +} diff --git a/vendor/github.com/miekg/dns/ztypes.go b/vendor/github.com/miekg/dns/ztypes.go new file mode 100644 index 0000000..74591e9 --- /dev/null +++ b/vendor/github.com/miekg/dns/ztypes.go @@ -0,0 +1,864 @@ +// *** DO NOT MODIFY *** +// AUTOGENERATED BY go generate from types_generate.go + +package dns + +import ( + "encoding/base64" + "net" +) + +// TypeToRR is a map of constructors for each RR type. +var TypeToRR = map[uint16]func() RR{ + TypeA: func() RR { return new(A) }, + TypeAAAA: func() RR { return new(AAAA) }, + TypeAFSDB: func() RR { return new(AFSDB) }, + TypeANY: func() RR { return new(ANY) }, + TypeAVC: func() RR { return new(AVC) }, + TypeCAA: func() RR { return new(CAA) }, + TypeCDNSKEY: func() RR { return new(CDNSKEY) }, + TypeCDS: func() RR { return new(CDS) }, + TypeCERT: func() RR { return new(CERT) }, + TypeCNAME: func() RR { return new(CNAME) }, + TypeCSYNC: func() RR { return new(CSYNC) }, + TypeDHCID: func() RR { return new(DHCID) }, + TypeDLV: func() RR { return new(DLV) }, + TypeDNAME: func() RR { return new(DNAME) }, + TypeDNSKEY: func() RR { return new(DNSKEY) }, + TypeDS: func() RR { return new(DS) }, + TypeEID: func() RR { return new(EID) }, + TypeEUI48: func() RR { return new(EUI48) }, + TypeEUI64: func() RR { return new(EUI64) }, + TypeGID: func() RR { return new(GID) }, + TypeGPOS: func() RR { return new(GPOS) }, + TypeHINFO: func() RR { return new(HINFO) }, + TypeHIP: func() RR { return new(HIP) }, + TypeKEY: func() RR { return new(KEY) }, + TypeKX: func() RR { return new(KX) }, + TypeL32: func() RR { return new(L32) }, + TypeL64: func() RR { return new(L64) }, + TypeLOC: func() RR { return new(LOC) }, + TypeLP: func() RR { return new(LP) }, + TypeMB: func() RR { return new(MB) }, + TypeMD: func() RR { return new(MD) }, + TypeMF: func() RR { return new(MF) }, + TypeMG: func() RR { return new(MG) }, + TypeMINFO: func() RR { return new(MINFO) }, + TypeMR: func() RR { return new(MR) }, + TypeMX: func() RR { return new(MX) }, + TypeNAPTR: func() RR { return new(NAPTR) }, + TypeNID: func() RR { return new(NID) }, + TypeNIMLOC: func() RR { return new(NIMLOC) }, + TypeNINFO: func() RR { return new(NINFO) }, + TypeNS: func() RR { return new(NS) }, + TypeNSAPPTR: func() RR { return new(NSAPPTR) }, + TypeNSEC: func() RR { return new(NSEC) }, + TypeNSEC3: func() RR { return new(NSEC3) }, + TypeNSEC3PARAM: func() RR { return new(NSEC3PARAM) }, + TypeOPENPGPKEY: func() RR { return new(OPENPGPKEY) }, + TypeOPT: func() RR { return new(OPT) }, + TypePTR: func() RR { return new(PTR) }, + TypePX: func() RR { return new(PX) }, + TypeRKEY: func() RR { return new(RKEY) }, + TypeRP: func() RR { return new(RP) }, + TypeRRSIG: func() RR { return new(RRSIG) }, + TypeRT: func() RR { return new(RT) }, + TypeSIG: func() RR { return new(SIG) }, + TypeSMIMEA: func() RR { return new(SMIMEA) }, + TypeSOA: func() RR { return new(SOA) }, + TypeSPF: func() RR { return new(SPF) }, + TypeSRV: func() RR { return new(SRV) }, + TypeSSHFP: func() RR { return new(SSHFP) }, + TypeTA: func() RR { return new(TA) }, + TypeTALINK: func() RR { return new(TALINK) }, + TypeTKEY: func() RR { return new(TKEY) }, + TypeTLSA: func() RR { return new(TLSA) }, + TypeTSIG: func() RR { return new(TSIG) }, + TypeTXT: func() RR { return new(TXT) }, + TypeUID: func() RR { return new(UID) }, + TypeUINFO: func() RR { return new(UINFO) }, + TypeURI: func() RR { return new(URI) }, + TypeX25: func() RR { return new(X25) }, +} + +// TypeToString is a map of strings for each RR type. +var TypeToString = map[uint16]string{ + TypeA: "A", + TypeAAAA: "AAAA", + TypeAFSDB: "AFSDB", + TypeANY: "ANY", + TypeATMA: "ATMA", + TypeAVC: "AVC", + TypeAXFR: "AXFR", + TypeCAA: "CAA", + TypeCDNSKEY: "CDNSKEY", + TypeCDS: "CDS", + TypeCERT: "CERT", + TypeCNAME: "CNAME", + TypeCSYNC: "CSYNC", + TypeDHCID: "DHCID", + TypeDLV: "DLV", + TypeDNAME: "DNAME", + TypeDNSKEY: "DNSKEY", + TypeDS: "DS", + TypeEID: "EID", + TypeEUI48: "EUI48", + TypeEUI64: "EUI64", + TypeGID: "GID", + TypeGPOS: "GPOS", + TypeHINFO: "HINFO", + TypeHIP: "HIP", + TypeISDN: "ISDN", + TypeIXFR: "IXFR", + TypeKEY: "KEY", + TypeKX: "KX", + TypeL32: "L32", + TypeL64: "L64", + TypeLOC: "LOC", + TypeLP: "LP", + TypeMAILA: "MAILA", + TypeMAILB: "MAILB", + TypeMB: "MB", + TypeMD: "MD", + TypeMF: "MF", + TypeMG: "MG", + TypeMINFO: "MINFO", + TypeMR: "MR", + TypeMX: "MX", + TypeNAPTR: "NAPTR", + TypeNID: "NID", + TypeNIMLOC: "NIMLOC", + TypeNINFO: "NINFO", + TypeNS: "NS", + TypeNSEC: "NSEC", + TypeNSEC3: "NSEC3", + TypeNSEC3PARAM: "NSEC3PARAM", + TypeNULL: "NULL", + TypeNXT: "NXT", + TypeNone: "None", + TypeOPENPGPKEY: "OPENPGPKEY", + TypeOPT: "OPT", + TypePTR: "PTR", + TypePX: "PX", + TypeRKEY: "RKEY", + TypeRP: "RP", + TypeRRSIG: "RRSIG", + TypeRT: "RT", + TypeReserved: "Reserved", + TypeSIG: "SIG", + TypeSMIMEA: "SMIMEA", + TypeSOA: "SOA", + TypeSPF: "SPF", + TypeSRV: "SRV", + TypeSSHFP: "SSHFP", + TypeTA: "TA", + TypeTALINK: "TALINK", + TypeTKEY: "TKEY", + TypeTLSA: "TLSA", + TypeTSIG: "TSIG", + TypeTXT: "TXT", + TypeUID: "UID", + TypeUINFO: "UINFO", + TypeUNSPEC: "UNSPEC", + TypeURI: "URI", + TypeX25: "X25", + TypeNSAPPTR: "NSAP-PTR", +} + +func (rr *A) Header() *RR_Header { return &rr.Hdr } +func (rr *AAAA) Header() *RR_Header { return &rr.Hdr } +func (rr *AFSDB) Header() *RR_Header { return &rr.Hdr } +func (rr *ANY) Header() *RR_Header { return &rr.Hdr } +func (rr *AVC) Header() *RR_Header { return &rr.Hdr } +func (rr *CAA) Header() *RR_Header { return &rr.Hdr } +func (rr *CDNSKEY) Header() *RR_Header { return &rr.Hdr } +func (rr *CDS) Header() *RR_Header { return &rr.Hdr } +func (rr *CERT) Header() *RR_Header { return &rr.Hdr } +func (rr *CNAME) Header() *RR_Header { return &rr.Hdr } +func (rr *CSYNC) Header() *RR_Header { return &rr.Hdr } +func (rr *DHCID) Header() *RR_Header { return &rr.Hdr } +func (rr *DLV) Header() *RR_Header { return &rr.Hdr } +func (rr *DNAME) Header() *RR_Header { return &rr.Hdr } +func (rr *DNSKEY) Header() *RR_Header { return &rr.Hdr } +func (rr *DS) Header() *RR_Header { return &rr.Hdr } +func (rr *EID) Header() *RR_Header { return &rr.Hdr } +func (rr *EUI48) Header() *RR_Header { return &rr.Hdr } +func (rr *EUI64) Header() *RR_Header { return &rr.Hdr } +func (rr *GID) Header() *RR_Header { return &rr.Hdr } +func (rr *GPOS) Header() *RR_Header { return &rr.Hdr } +func (rr *HINFO) Header() *RR_Header { return &rr.Hdr } +func (rr *HIP) Header() *RR_Header { return &rr.Hdr } +func (rr *KEY) Header() *RR_Header { return &rr.Hdr } +func (rr *KX) Header() *RR_Header { return &rr.Hdr } +func (rr *L32) Header() *RR_Header { return &rr.Hdr } +func (rr *L64) Header() *RR_Header { return &rr.Hdr } +func (rr *LOC) Header() *RR_Header { return &rr.Hdr } +func (rr *LP) Header() *RR_Header { return &rr.Hdr } +func (rr *MB) Header() *RR_Header { return &rr.Hdr } +func (rr *MD) Header() *RR_Header { return &rr.Hdr } +func (rr *MF) Header() *RR_Header { return &rr.Hdr } +func (rr *MG) Header() *RR_Header { return &rr.Hdr } +func (rr *MINFO) Header() *RR_Header { return &rr.Hdr } +func (rr *MR) Header() *RR_Header { return &rr.Hdr } +func (rr *MX) Header() *RR_Header { return &rr.Hdr } +func (rr *NAPTR) Header() *RR_Header { return &rr.Hdr } +func (rr *NID) Header() *RR_Header { return &rr.Hdr } +func (rr *NIMLOC) Header() *RR_Header { return &rr.Hdr } +func (rr *NINFO) Header() *RR_Header { return &rr.Hdr } +func (rr *NS) Header() *RR_Header { return &rr.Hdr } +func (rr *NSAPPTR) Header() *RR_Header { return &rr.Hdr } +func (rr *NSEC) Header() *RR_Header { return &rr.Hdr } +func (rr *NSEC3) Header() *RR_Header { return &rr.Hdr } +func (rr *NSEC3PARAM) Header() *RR_Header { return &rr.Hdr } +func (rr *OPENPGPKEY) Header() *RR_Header { return &rr.Hdr } +func (rr *OPT) Header() *RR_Header { return &rr.Hdr } +func (rr *PTR) Header() *RR_Header { return &rr.Hdr } +func (rr *PX) Header() *RR_Header { return &rr.Hdr } +func (rr *RFC3597) Header() *RR_Header { return &rr.Hdr } +func (rr *RKEY) Header() *RR_Header { return &rr.Hdr } +func (rr *RP) Header() *RR_Header { return &rr.Hdr } +func (rr *RRSIG) Header() *RR_Header { return &rr.Hdr } +func (rr *RT) Header() *RR_Header { return &rr.Hdr } +func (rr *SIG) Header() *RR_Header { return &rr.Hdr } +func (rr *SMIMEA) Header() *RR_Header { return &rr.Hdr } +func (rr *SOA) Header() *RR_Header { return &rr.Hdr } +func (rr *SPF) Header() *RR_Header { return &rr.Hdr } +func (rr *SRV) Header() *RR_Header { return &rr.Hdr } +func (rr *SSHFP) Header() *RR_Header { return &rr.Hdr } +func (rr *TA) Header() *RR_Header { return &rr.Hdr } +func (rr *TALINK) Header() *RR_Header { return &rr.Hdr } +func (rr *TKEY) Header() *RR_Header { return &rr.Hdr } +func (rr *TLSA) Header() *RR_Header { return &rr.Hdr } +func (rr *TSIG) Header() *RR_Header { return &rr.Hdr } +func (rr *TXT) Header() *RR_Header { return &rr.Hdr } +func (rr *UID) Header() *RR_Header { return &rr.Hdr } +func (rr *UINFO) Header() *RR_Header { return &rr.Hdr } +func (rr *URI) Header() *RR_Header { return &rr.Hdr } +func (rr *X25) Header() *RR_Header { return &rr.Hdr } + +// len() functions +func (rr *A) len() int { + l := rr.Hdr.len() + l += net.IPv4len // A + return l +} +func (rr *AAAA) len() int { + l := rr.Hdr.len() + l += net.IPv6len // AAAA + return l +} +func (rr *AFSDB) len() int { + l := rr.Hdr.len() + l += 2 // Subtype + l += len(rr.Hostname) + 1 + return l +} +func (rr *ANY) len() int { + l := rr.Hdr.len() + return l +} +func (rr *AVC) len() int { + l := rr.Hdr.len() + for _, x := range rr.Txt { + l += len(x) + 1 + } + return l +} +func (rr *CAA) len() int { + l := rr.Hdr.len() + l++ // Flag + l += len(rr.Tag) + 1 + l += len(rr.Value) + return l +} +func (rr *CERT) len() int { + l := rr.Hdr.len() + l += 2 // Type + l += 2 // KeyTag + l++ // Algorithm + l += base64.StdEncoding.DecodedLen(len(rr.Certificate)) + return l +} +func (rr *CNAME) len() int { + l := rr.Hdr.len() + l += len(rr.Target) + 1 + return l +} +func (rr *DHCID) len() int { + l := rr.Hdr.len() + l += base64.StdEncoding.DecodedLen(len(rr.Digest)) + return l +} +func (rr *DNAME) len() int { + l := rr.Hdr.len() + l += len(rr.Target) + 1 + return l +} +func (rr *DNSKEY) len() int { + l := rr.Hdr.len() + l += 2 // Flags + l++ // Protocol + l++ // Algorithm + l += base64.StdEncoding.DecodedLen(len(rr.PublicKey)) + return l +} +func (rr *DS) len() int { + l := rr.Hdr.len() + l += 2 // KeyTag + l++ // Algorithm + l++ // DigestType + l += len(rr.Digest)/2 + 1 + return l +} +func (rr *EID) len() int { + l := rr.Hdr.len() + l += len(rr.Endpoint)/2 + 1 + return l +} +func (rr *EUI48) len() int { + l := rr.Hdr.len() + l += 6 // Address + return l +} +func (rr *EUI64) len() int { + l := rr.Hdr.len() + l += 8 // Address + return l +} +func (rr *GID) len() int { + l := rr.Hdr.len() + l += 4 // Gid + return l +} +func (rr *GPOS) len() int { + l := rr.Hdr.len() + l += len(rr.Longitude) + 1 + l += len(rr.Latitude) + 1 + l += len(rr.Altitude) + 1 + return l +} +func (rr *HINFO) len() int { + l := rr.Hdr.len() + l += len(rr.Cpu) + 1 + l += len(rr.Os) + 1 + return l +} +func (rr *HIP) len() int { + l := rr.Hdr.len() + l++ // HitLength + l++ // PublicKeyAlgorithm + l += 2 // PublicKeyLength + l += len(rr.Hit)/2 + 1 + l += base64.StdEncoding.DecodedLen(len(rr.PublicKey)) + for _, x := range rr.RendezvousServers { + l += len(x) + 1 + } + return l +} +func (rr *KX) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += len(rr.Exchanger) + 1 + return l +} +func (rr *L32) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += net.IPv4len // Locator32 + return l +} +func (rr *L64) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += 8 // Locator64 + return l +} +func (rr *LOC) len() int { + l := rr.Hdr.len() + l++ // Version + l++ // Size + l++ // HorizPre + l++ // VertPre + l += 4 // Latitude + l += 4 // Longitude + l += 4 // Altitude + return l +} +func (rr *LP) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += len(rr.Fqdn) + 1 + return l +} +func (rr *MB) len() int { + l := rr.Hdr.len() + l += len(rr.Mb) + 1 + return l +} +func (rr *MD) len() int { + l := rr.Hdr.len() + l += len(rr.Md) + 1 + return l +} +func (rr *MF) len() int { + l := rr.Hdr.len() + l += len(rr.Mf) + 1 + return l +} +func (rr *MG) len() int { + l := rr.Hdr.len() + l += len(rr.Mg) + 1 + return l +} +func (rr *MINFO) len() int { + l := rr.Hdr.len() + l += len(rr.Rmail) + 1 + l += len(rr.Email) + 1 + return l +} +func (rr *MR) len() int { + l := rr.Hdr.len() + l += len(rr.Mr) + 1 + return l +} +func (rr *MX) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += len(rr.Mx) + 1 + return l +} +func (rr *NAPTR) len() int { + l := rr.Hdr.len() + l += 2 // Order + l += 2 // Preference + l += len(rr.Flags) + 1 + l += len(rr.Service) + 1 + l += len(rr.Regexp) + 1 + l += len(rr.Replacement) + 1 + return l +} +func (rr *NID) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += 8 // NodeID + return l +} +func (rr *NIMLOC) len() int { + l := rr.Hdr.len() + l += len(rr.Locator)/2 + 1 + return l +} +func (rr *NINFO) len() int { + l := rr.Hdr.len() + for _, x := range rr.ZSData { + l += len(x) + 1 + } + return l +} +func (rr *NS) len() int { + l := rr.Hdr.len() + l += len(rr.Ns) + 1 + return l +} +func (rr *NSAPPTR) len() int { + l := rr.Hdr.len() + l += len(rr.Ptr) + 1 + return l +} +func (rr *NSEC3PARAM) len() int { + l := rr.Hdr.len() + l++ // Hash + l++ // Flags + l += 2 // Iterations + l++ // SaltLength + l += len(rr.Salt)/2 + 1 + return l +} +func (rr *OPENPGPKEY) len() int { + l := rr.Hdr.len() + l += base64.StdEncoding.DecodedLen(len(rr.PublicKey)) + return l +} +func (rr *PTR) len() int { + l := rr.Hdr.len() + l += len(rr.Ptr) + 1 + return l +} +func (rr *PX) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += len(rr.Map822) + 1 + l += len(rr.Mapx400) + 1 + return l +} +func (rr *RFC3597) len() int { + l := rr.Hdr.len() + l += len(rr.Rdata)/2 + 1 + return l +} +func (rr *RKEY) len() int { + l := rr.Hdr.len() + l += 2 // Flags + l++ // Protocol + l++ // Algorithm + l += base64.StdEncoding.DecodedLen(len(rr.PublicKey)) + return l +} +func (rr *RP) len() int { + l := rr.Hdr.len() + l += len(rr.Mbox) + 1 + l += len(rr.Txt) + 1 + return l +} +func (rr *RRSIG) len() int { + l := rr.Hdr.len() + l += 2 // TypeCovered + l++ // Algorithm + l++ // Labels + l += 4 // OrigTtl + l += 4 // Expiration + l += 4 // Inception + l += 2 // KeyTag + l += len(rr.SignerName) + 1 + l += base64.StdEncoding.DecodedLen(len(rr.Signature)) + return l +} +func (rr *RT) len() int { + l := rr.Hdr.len() + l += 2 // Preference + l += len(rr.Host) + 1 + return l +} +func (rr *SMIMEA) len() int { + l := rr.Hdr.len() + l++ // Usage + l++ // Selector + l++ // MatchingType + l += len(rr.Certificate)/2 + 1 + return l +} +func (rr *SOA) len() int { + l := rr.Hdr.len() + l += len(rr.Ns) + 1 + l += len(rr.Mbox) + 1 + l += 4 // Serial + l += 4 // Refresh + l += 4 // Retry + l += 4 // Expire + l += 4 // Minttl + return l +} +func (rr *SPF) len() int { + l := rr.Hdr.len() + for _, x := range rr.Txt { + l += len(x) + 1 + } + return l +} +func (rr *SRV) len() int { + l := rr.Hdr.len() + l += 2 // Priority + l += 2 // Weight + l += 2 // Port + l += len(rr.Target) + 1 + return l +} +func (rr *SSHFP) len() int { + l := rr.Hdr.len() + l++ // Algorithm + l++ // Type + l += len(rr.FingerPrint)/2 + 1 + return l +} +func (rr *TA) len() int { + l := rr.Hdr.len() + l += 2 // KeyTag + l++ // Algorithm + l++ // DigestType + l += len(rr.Digest)/2 + 1 + return l +} +func (rr *TALINK) len() int { + l := rr.Hdr.len() + l += len(rr.PreviousName) + 1 + l += len(rr.NextName) + 1 + return l +} +func (rr *TKEY) len() int { + l := rr.Hdr.len() + l += len(rr.Algorithm) + 1 + l += 4 // Inception + l += 4 // Expiration + l += 2 // Mode + l += 2 // Error + l += 2 // KeySize + l += len(rr.Key) + 1 + l += 2 // OtherLen + l += len(rr.OtherData) + 1 + return l +} +func (rr *TLSA) len() int { + l := rr.Hdr.len() + l++ // Usage + l++ // Selector + l++ // MatchingType + l += len(rr.Certificate)/2 + 1 + return l +} +func (rr *TSIG) len() int { + l := rr.Hdr.len() + l += len(rr.Algorithm) + 1 + l += 6 // TimeSigned + l += 2 // Fudge + l += 2 // MACSize + l += len(rr.MAC)/2 + 1 + l += 2 // OrigId + l += 2 // Error + l += 2 // OtherLen + l += len(rr.OtherData)/2 + 1 + return l +} +func (rr *TXT) len() int { + l := rr.Hdr.len() + for _, x := range rr.Txt { + l += len(x) + 1 + } + return l +} +func (rr *UID) len() int { + l := rr.Hdr.len() + l += 4 // Uid + return l +} +func (rr *UINFO) len() int { + l := rr.Hdr.len() + l += len(rr.Uinfo) + 1 + return l +} +func (rr *URI) len() int { + l := rr.Hdr.len() + l += 2 // Priority + l += 2 // Weight + l += len(rr.Target) + return l +} +func (rr *X25) len() int { + l := rr.Hdr.len() + l += len(rr.PSDNAddress) + 1 + return l +} + +// copy() functions +func (rr *A) copy() RR { + return &A{*rr.Hdr.copyHeader(), copyIP(rr.A)} +} +func (rr *AAAA) copy() RR { + return &AAAA{*rr.Hdr.copyHeader(), copyIP(rr.AAAA)} +} +func (rr *AFSDB) copy() RR { + return &AFSDB{*rr.Hdr.copyHeader(), rr.Subtype, rr.Hostname} +} +func (rr *ANY) copy() RR { + return &ANY{*rr.Hdr.copyHeader()} +} +func (rr *AVC) copy() RR { + Txt := make([]string, len(rr.Txt)) + copy(Txt, rr.Txt) + return &AVC{*rr.Hdr.copyHeader(), Txt} +} +func (rr *CAA) copy() RR { + return &CAA{*rr.Hdr.copyHeader(), rr.Flag, rr.Tag, rr.Value} +} +func (rr *CERT) copy() RR { + return &CERT{*rr.Hdr.copyHeader(), rr.Type, rr.KeyTag, rr.Algorithm, rr.Certificate} +} +func (rr *CNAME) copy() RR { + return &CNAME{*rr.Hdr.copyHeader(), rr.Target} +} +func (rr *CSYNC) copy() RR { + TypeBitMap := make([]uint16, len(rr.TypeBitMap)) + copy(TypeBitMap, rr.TypeBitMap) + return &CSYNC{*rr.Hdr.copyHeader(), rr.Serial, rr.Flags, TypeBitMap} +} +func (rr *DHCID) copy() RR { + return &DHCID{*rr.Hdr.copyHeader(), rr.Digest} +} +func (rr *DNAME) copy() RR { + return &DNAME{*rr.Hdr.copyHeader(), rr.Target} +} +func (rr *DNSKEY) copy() RR { + return &DNSKEY{*rr.Hdr.copyHeader(), rr.Flags, rr.Protocol, rr.Algorithm, rr.PublicKey} +} +func (rr *DS) copy() RR { + return &DS{*rr.Hdr.copyHeader(), rr.KeyTag, rr.Algorithm, rr.DigestType, rr.Digest} +} +func (rr *EID) copy() RR { + return &EID{*rr.Hdr.copyHeader(), rr.Endpoint} +} +func (rr *EUI48) copy() RR { + return &EUI48{*rr.Hdr.copyHeader(), rr.Address} +} +func (rr *EUI64) copy() RR { + return &EUI64{*rr.Hdr.copyHeader(), rr.Address} +} +func (rr *GID) copy() RR { + return &GID{*rr.Hdr.copyHeader(), rr.Gid} +} +func (rr *GPOS) copy() RR { + return &GPOS{*rr.Hdr.copyHeader(), rr.Longitude, rr.Latitude, rr.Altitude} +} +func (rr *HINFO) copy() RR { + return &HINFO{*rr.Hdr.copyHeader(), rr.Cpu, rr.Os} +} +func (rr *HIP) copy() RR { + RendezvousServers := make([]string, len(rr.RendezvousServers)) + copy(RendezvousServers, rr.RendezvousServers) + return &HIP{*rr.Hdr.copyHeader(), rr.HitLength, rr.PublicKeyAlgorithm, rr.PublicKeyLength, rr.Hit, rr.PublicKey, RendezvousServers} +} +func (rr *KX) copy() RR { + return &KX{*rr.Hdr.copyHeader(), rr.Preference, rr.Exchanger} +} +func (rr *L32) copy() RR { + return &L32{*rr.Hdr.copyHeader(), rr.Preference, copyIP(rr.Locator32)} +} +func (rr *L64) copy() RR { + return &L64{*rr.Hdr.copyHeader(), rr.Preference, rr.Locator64} +} +func (rr *LOC) copy() RR { + return &LOC{*rr.Hdr.copyHeader(), rr.Version, rr.Size, rr.HorizPre, rr.VertPre, rr.Latitude, rr.Longitude, rr.Altitude} +} +func (rr *LP) copy() RR { + return &LP{*rr.Hdr.copyHeader(), rr.Preference, rr.Fqdn} +} +func (rr *MB) copy() RR { + return &MB{*rr.Hdr.copyHeader(), rr.Mb} +} +func (rr *MD) copy() RR { + return &MD{*rr.Hdr.copyHeader(), rr.Md} +} +func (rr *MF) copy() RR { + return &MF{*rr.Hdr.copyHeader(), rr.Mf} +} +func (rr *MG) copy() RR { + return &MG{*rr.Hdr.copyHeader(), rr.Mg} +} +func (rr *MINFO) copy() RR { + return &MINFO{*rr.Hdr.copyHeader(), rr.Rmail, rr.Email} +} +func (rr *MR) copy() RR { + return &MR{*rr.Hdr.copyHeader(), rr.Mr} +} +func (rr *MX) copy() RR { + return &MX{*rr.Hdr.copyHeader(), rr.Preference, rr.Mx} +} +func (rr *NAPTR) copy() RR { + return &NAPTR{*rr.Hdr.copyHeader(), rr.Order, rr.Preference, rr.Flags, rr.Service, rr.Regexp, rr.Replacement} +} +func (rr *NID) copy() RR { + return &NID{*rr.Hdr.copyHeader(), rr.Preference, rr.NodeID} +} +func (rr *NIMLOC) copy() RR { + return &NIMLOC{*rr.Hdr.copyHeader(), rr.Locator} +} +func (rr *NINFO) copy() RR { + ZSData := make([]string, len(rr.ZSData)) + copy(ZSData, rr.ZSData) + return &NINFO{*rr.Hdr.copyHeader(), ZSData} +} +func (rr *NS) copy() RR { + return &NS{*rr.Hdr.copyHeader(), rr.Ns} +} +func (rr *NSAPPTR) copy() RR { + return &NSAPPTR{*rr.Hdr.copyHeader(), rr.Ptr} +} +func (rr *NSEC) copy() RR { + TypeBitMap := make([]uint16, len(rr.TypeBitMap)) + copy(TypeBitMap, rr.TypeBitMap) + return &NSEC{*rr.Hdr.copyHeader(), rr.NextDomain, TypeBitMap} +} +func (rr *NSEC3) copy() RR { + TypeBitMap := make([]uint16, len(rr.TypeBitMap)) + copy(TypeBitMap, rr.TypeBitMap) + return &NSEC3{*rr.Hdr.copyHeader(), rr.Hash, rr.Flags, rr.Iterations, rr.SaltLength, rr.Salt, rr.HashLength, rr.NextDomain, TypeBitMap} +} +func (rr *NSEC3PARAM) copy() RR { + return &NSEC3PARAM{*rr.Hdr.copyHeader(), rr.Hash, rr.Flags, rr.Iterations, rr.SaltLength, rr.Salt} +} +func (rr *OPENPGPKEY) copy() RR { + return &OPENPGPKEY{*rr.Hdr.copyHeader(), rr.PublicKey} +} +func (rr *OPT) copy() RR { + Option := make([]EDNS0, len(rr.Option)) + copy(Option, rr.Option) + return &OPT{*rr.Hdr.copyHeader(), Option} +} +func (rr *PTR) copy() RR { + return &PTR{*rr.Hdr.copyHeader(), rr.Ptr} +} +func (rr *PX) copy() RR { + return &PX{*rr.Hdr.copyHeader(), rr.Preference, rr.Map822, rr.Mapx400} +} +func (rr *RFC3597) copy() RR { + return &RFC3597{*rr.Hdr.copyHeader(), rr.Rdata} +} +func (rr *RKEY) copy() RR { + return &RKEY{*rr.Hdr.copyHeader(), rr.Flags, rr.Protocol, rr.Algorithm, rr.PublicKey} +} +func (rr *RP) copy() RR { + return &RP{*rr.Hdr.copyHeader(), rr.Mbox, rr.Txt} +} +func (rr *RRSIG) copy() RR { + return &RRSIG{*rr.Hdr.copyHeader(), rr.TypeCovered, rr.Algorithm, rr.Labels, rr.OrigTtl, rr.Expiration, rr.Inception, rr.KeyTag, rr.SignerName, rr.Signature} +} +func (rr *RT) copy() RR { + return &RT{*rr.Hdr.copyHeader(), rr.Preference, rr.Host} +} +func (rr *SMIMEA) copy() RR { + return &SMIMEA{*rr.Hdr.copyHeader(), rr.Usage, rr.Selector, rr.MatchingType, rr.Certificate} +} +func (rr *SOA) copy() RR { + return &SOA{*rr.Hdr.copyHeader(), rr.Ns, rr.Mbox, rr.Serial, rr.Refresh, rr.Retry, rr.Expire, rr.Minttl} +} +func (rr *SPF) copy() RR { + Txt := make([]string, len(rr.Txt)) + copy(Txt, rr.Txt) + return &SPF{*rr.Hdr.copyHeader(), Txt} +} +func (rr *SRV) copy() RR { + return &SRV{*rr.Hdr.copyHeader(), rr.Priority, rr.Weight, rr.Port, rr.Target} +} +func (rr *SSHFP) copy() RR { + return &SSHFP{*rr.Hdr.copyHeader(), rr.Algorithm, rr.Type, rr.FingerPrint} +} +func (rr *TA) copy() RR { + return &TA{*rr.Hdr.copyHeader(), rr.KeyTag, rr.Algorithm, rr.DigestType, rr.Digest} +} +func (rr *TALINK) copy() RR { + return &TALINK{*rr.Hdr.copyHeader(), rr.PreviousName, rr.NextName} +} +func (rr *TKEY) copy() RR { + return &TKEY{*rr.Hdr.copyHeader(), rr.Algorithm, rr.Inception, rr.Expiration, rr.Mode, rr.Error, rr.KeySize, rr.Key, rr.OtherLen, rr.OtherData} +} +func (rr *TLSA) copy() RR { + return &TLSA{*rr.Hdr.copyHeader(), rr.Usage, rr.Selector, rr.MatchingType, rr.Certificate} +} +func (rr *TSIG) copy() RR { + return &TSIG{*rr.Hdr.copyHeader(), rr.Algorithm, rr.TimeSigned, rr.Fudge, rr.MACSize, rr.MAC, rr.OrigId, rr.Error, rr.OtherLen, rr.OtherData} +} +func (rr *TXT) copy() RR { + Txt := make([]string, len(rr.Txt)) + copy(Txt, rr.Txt) + return &TXT{*rr.Hdr.copyHeader(), Txt} +} +func (rr *UID) copy() RR { + return &UID{*rr.Hdr.copyHeader(), rr.Uid} +} +func (rr *UINFO) copy() RR { + return &UINFO{*rr.Hdr.copyHeader(), rr.Uinfo} +} +func (rr *URI) copy() RR { + return &URI{*rr.Hdr.copyHeader(), rr.Priority, rr.Weight, rr.Target} +} +func (rr *X25) copy() RR { + return &X25{*rr.Hdr.copyHeader(), rr.PSDNAddress} +} diff --git a/vendor/github.com/pkg/errors/.gitignore b/vendor/github.com/pkg/errors/.gitignore new file mode 100644 index 0000000..daf913b --- /dev/null +++ b/vendor/github.com/pkg/errors/.gitignore @@ -0,0 +1,24 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof diff --git a/vendor/github.com/pkg/errors/.travis.yml b/vendor/github.com/pkg/errors/.travis.yml new file mode 100644 index 0000000..d4b9266 --- /dev/null +++ b/vendor/github.com/pkg/errors/.travis.yml @@ -0,0 +1,15 @@ +language: go +go_import_path: github.com/pkg/errors +go: + - 1.4.x + - 1.5.x + - 1.6.x + - 1.7.x + - 1.8.x + - 1.9.x + - 1.10.x + - 1.11.x + - tip + +script: + - go test -v ./... diff --git a/vendor/github.com/pkg/errors/LICENSE b/vendor/github.com/pkg/errors/LICENSE new file mode 100644 index 0000000..835ba3e --- /dev/null +++ b/vendor/github.com/pkg/errors/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2015, Dave Cheney +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md new file mode 100644 index 0000000..6483ba2 --- /dev/null +++ b/vendor/github.com/pkg/errors/README.md @@ -0,0 +1,52 @@ +# errors [![Travis-CI](https://travis-ci.org/pkg/errors.svg)](https://travis-ci.org/pkg/errors) [![AppVeyor](https://ci.appveyor.com/api/projects/status/b98mptawhudj53ep/branch/master?svg=true)](https://ci.appveyor.com/project/davecheney/errors/branch/master) [![GoDoc](https://godoc.org/github.com/pkg/errors?status.svg)](http://godoc.org/github.com/pkg/errors) [![Report card](https://goreportcard.com/badge/github.com/pkg/errors)](https://goreportcard.com/report/github.com/pkg/errors) [![Sourcegraph](https://sourcegraph.com/github.com/pkg/errors/-/badge.svg)](https://sourcegraph.com/github.com/pkg/errors?badge) + +Package errors provides simple error handling primitives. + +`go get github.com/pkg/errors` + +The traditional error handling idiom in Go is roughly akin to +```go +if err != nil { + return err +} +``` +which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error. + +## Adding context to an error + +The errors.Wrap function returns a new error that adds context to the original error. For example +```go +_, err := ioutil.ReadAll(r) +if err != nil { + return errors.Wrap(err, "read failed") +} +``` +## Retrieving the cause of an error + +Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`. +```go +type causer interface { + Cause() error +} +``` +`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example: +```go +switch err := errors.Cause(err).(type) { +case *MyError: + // handle specifically +default: + // unknown error +} +``` + +[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors). + +## Contributing + +We welcome pull requests, bug fixes and issue reports. With that said, the bar for adding new symbols to this package is intentionally set high. + +Before proposing a change, please discuss your change by raising an issue. + +## License + +BSD-2-Clause diff --git a/vendor/github.com/pkg/errors/appveyor.yml b/vendor/github.com/pkg/errors/appveyor.yml new file mode 100644 index 0000000..a932ead --- /dev/null +++ b/vendor/github.com/pkg/errors/appveyor.yml @@ -0,0 +1,32 @@ +version: build-{build}.{branch} + +clone_folder: C:\gopath\src\github.com\pkg\errors +shallow_clone: true # for startup speed + +environment: + GOPATH: C:\gopath + +platform: + - x64 + +# http://www.appveyor.com/docs/installed-software +install: + # some helpful output for debugging builds + - go version + - go env + # pre-installed MinGW at C:\MinGW is 32bit only + # but MSYS2 at C:\msys64 has mingw64 + - set PATH=C:\msys64\mingw64\bin;%PATH% + - gcc --version + - g++ --version + +build_script: + - go install -v ./... + +test_script: + - set PATH=C:\gopath\bin;%PATH% + - go test -v ./... + +#artifacts: +# - path: '%GOPATH%\bin\*.exe' +deploy: off diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go new file mode 100644 index 0000000..7421f32 --- /dev/null +++ b/vendor/github.com/pkg/errors/errors.go @@ -0,0 +1,282 @@ +// Package errors provides simple error handling primitives. +// +// The traditional error handling idiom in Go is roughly akin to +// +// if err != nil { +// return err +// } +// +// which when applied recursively up the call stack results in error reports +// without context or debugging information. The errors package allows +// programmers to add context to the failure path in their code in a way +// that does not destroy the original value of the error. +// +// Adding context to an error +// +// The errors.Wrap function returns a new error that adds context to the +// original error by recording a stack trace at the point Wrap is called, +// together with the supplied message. For example +// +// _, err := ioutil.ReadAll(r) +// if err != nil { +// return errors.Wrap(err, "read failed") +// } +// +// If additional control is required, the errors.WithStack and +// errors.WithMessage functions destructure errors.Wrap into its component +// operations: annotating an error with a stack trace and with a message, +// respectively. +// +// Retrieving the cause of an error +// +// Using errors.Wrap constructs a stack of errors, adding context to the +// preceding error. Depending on the nature of the error it may be necessary +// to reverse the operation of errors.Wrap to retrieve the original error +// for inspection. Any error value which implements this interface +// +// type causer interface { +// Cause() error +// } +// +// can be inspected by errors.Cause. errors.Cause will recursively retrieve +// the topmost error that does not implement causer, which is assumed to be +// the original cause. For example: +// +// switch err := errors.Cause(err).(type) { +// case *MyError: +// // handle specifically +// default: +// // unknown error +// } +// +// Although the causer interface is not exported by this package, it is +// considered a part of its stable public interface. +// +// Formatted printing of errors +// +// All error values returned from this package implement fmt.Formatter and can +// be formatted by the fmt package. The following verbs are supported: +// +// %s print the error. If the error has a Cause it will be +// printed recursively. +// %v see %s +// %+v extended format. Each Frame of the error's StackTrace will +// be printed in detail. +// +// Retrieving the stack trace of an error or wrapper +// +// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are +// invoked. This information can be retrieved with the following interface: +// +// type stackTracer interface { +// StackTrace() errors.StackTrace +// } +// +// The returned errors.StackTrace type is defined as +// +// type StackTrace []Frame +// +// The Frame type represents a call site in the stack trace. Frame supports +// the fmt.Formatter interface that can be used for printing information about +// the stack trace of this error. For example: +// +// if err, ok := err.(stackTracer); ok { +// for _, f := range err.StackTrace() { +// fmt.Printf("%+s:%d", f) +// } +// } +// +// Although the stackTracer interface is not exported by this package, it is +// considered a part of its stable public interface. +// +// See the documentation for Frame.Format for more details. +package errors + +import ( + "fmt" + "io" +) + +// New returns an error with the supplied message. +// New also records the stack trace at the point it was called. +func New(message string) error { + return &fundamental{ + msg: message, + stack: callers(), + } +} + +// Errorf formats according to a format specifier and returns the string +// as a value that satisfies error. +// Errorf also records the stack trace at the point it was called. +func Errorf(format string, args ...interface{}) error { + return &fundamental{ + msg: fmt.Sprintf(format, args...), + stack: callers(), + } +} + +// fundamental is an error that has a message and a stack, but no caller. +type fundamental struct { + msg string + *stack +} + +func (f *fundamental) Error() string { return f.msg } + +func (f *fundamental) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + if s.Flag('+') { + io.WriteString(s, f.msg) + f.stack.Format(s, verb) + return + } + fallthrough + case 's': + io.WriteString(s, f.msg) + case 'q': + fmt.Fprintf(s, "%q", f.msg) + } +} + +// WithStack annotates err with a stack trace at the point WithStack was called. +// If err is nil, WithStack returns nil. +func WithStack(err error) error { + if err == nil { + return nil + } + return &withStack{ + err, + callers(), + } +} + +type withStack struct { + error + *stack +} + +func (w *withStack) Cause() error { return w.error } + +func (w *withStack) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + if s.Flag('+') { + fmt.Fprintf(s, "%+v", w.Cause()) + w.stack.Format(s, verb) + return + } + fallthrough + case 's': + io.WriteString(s, w.Error()) + case 'q': + fmt.Fprintf(s, "%q", w.Error()) + } +} + +// Wrap returns an error annotating err with a stack trace +// at the point Wrap is called, and the supplied message. +// If err is nil, Wrap returns nil. +func Wrap(err error, message string) error { + if err == nil { + return nil + } + err = &withMessage{ + cause: err, + msg: message, + } + return &withStack{ + err, + callers(), + } +} + +// Wrapf returns an error annotating err with a stack trace +// at the point Wrapf is called, and the format specifier. +// If err is nil, Wrapf returns nil. +func Wrapf(err error, format string, args ...interface{}) error { + if err == nil { + return nil + } + err = &withMessage{ + cause: err, + msg: fmt.Sprintf(format, args...), + } + return &withStack{ + err, + callers(), + } +} + +// WithMessage annotates err with a new message. +// If err is nil, WithMessage returns nil. +func WithMessage(err error, message string) error { + if err == nil { + return nil + } + return &withMessage{ + cause: err, + msg: message, + } +} + +// WithMessagef annotates err with the format specifier. +// If err is nil, WithMessagef returns nil. +func WithMessagef(err error, format string, args ...interface{}) error { + if err == nil { + return nil + } + return &withMessage{ + cause: err, + msg: fmt.Sprintf(format, args...), + } +} + +type withMessage struct { + cause error + msg string +} + +func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() } +func (w *withMessage) Cause() error { return w.cause } + +func (w *withMessage) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + if s.Flag('+') { + fmt.Fprintf(s, "%+v\n", w.Cause()) + io.WriteString(s, w.msg) + return + } + fallthrough + case 's', 'q': + io.WriteString(s, w.Error()) + } +} + +// Cause returns the underlying cause of the error, if possible. +// An error value has a cause if it implements the following +// interface: +// +// type causer interface { +// Cause() error +// } +// +// If the error does not implement Cause, the original error will +// be returned. If the error is nil, nil will be returned without further +// investigation. +func Cause(err error) error { + type causer interface { + Cause() error + } + + for err != nil { + cause, ok := err.(causer) + if !ok { + break + } + err = cause.Cause() + } + return err +} diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go new file mode 100644 index 0000000..2874a04 --- /dev/null +++ b/vendor/github.com/pkg/errors/stack.go @@ -0,0 +1,147 @@ +package errors + +import ( + "fmt" + "io" + "path" + "runtime" + "strings" +) + +// Frame represents a program counter inside a stack frame. +type Frame uintptr + +// pc returns the program counter for this frame; +// multiple frames may have the same PC value. +func (f Frame) pc() uintptr { return uintptr(f) - 1 } + +// file returns the full path to the file that contains the +// function for this Frame's pc. +func (f Frame) file() string { + fn := runtime.FuncForPC(f.pc()) + if fn == nil { + return "unknown" + } + file, _ := fn.FileLine(f.pc()) + return file +} + +// line returns the line number of source code of the +// function for this Frame's pc. +func (f Frame) line() int { + fn := runtime.FuncForPC(f.pc()) + if fn == nil { + return 0 + } + _, line := fn.FileLine(f.pc()) + return line +} + +// Format formats the frame according to the fmt.Formatter interface. +// +// %s source file +// %d source line +// %n function name +// %v equivalent to %s:%d +// +// Format accepts flags that alter the printing of some verbs, as follows: +// +// %+s function name and path of source file relative to the compile time +// GOPATH separated by \n\t (\n\t) +// %+v equivalent to %+s:%d +func (f Frame) Format(s fmt.State, verb rune) { + switch verb { + case 's': + switch { + case s.Flag('+'): + pc := f.pc() + fn := runtime.FuncForPC(pc) + if fn == nil { + io.WriteString(s, "unknown") + } else { + file, _ := fn.FileLine(pc) + fmt.Fprintf(s, "%s\n\t%s", fn.Name(), file) + } + default: + io.WriteString(s, path.Base(f.file())) + } + case 'd': + fmt.Fprintf(s, "%d", f.line()) + case 'n': + name := runtime.FuncForPC(f.pc()).Name() + io.WriteString(s, funcname(name)) + case 'v': + f.Format(s, 's') + io.WriteString(s, ":") + f.Format(s, 'd') + } +} + +// StackTrace is stack of Frames from innermost (newest) to outermost (oldest). +type StackTrace []Frame + +// Format formats the stack of Frames according to the fmt.Formatter interface. +// +// %s lists source files for each Frame in the stack +// %v lists the source file and line number for each Frame in the stack +// +// Format accepts flags that alter the printing of some verbs, as follows: +// +// %+v Prints filename, function, and line number for each Frame in the stack. +func (st StackTrace) Format(s fmt.State, verb rune) { + switch verb { + case 'v': + switch { + case s.Flag('+'): + for _, f := range st { + fmt.Fprintf(s, "\n%+v", f) + } + case s.Flag('#'): + fmt.Fprintf(s, "%#v", []Frame(st)) + default: + fmt.Fprintf(s, "%v", []Frame(st)) + } + case 's': + fmt.Fprintf(s, "%s", []Frame(st)) + } +} + +// stack represents a stack of program counters. +type stack []uintptr + +func (s *stack) Format(st fmt.State, verb rune) { + switch verb { + case 'v': + switch { + case st.Flag('+'): + for _, pc := range *s { + f := Frame(pc) + fmt.Fprintf(st, "\n%+v", f) + } + } + } +} + +func (s *stack) StackTrace() StackTrace { + f := make([]Frame, len(*s)) + for i := 0; i < len(f); i++ { + f[i] = Frame((*s)[i]) + } + return f +} + +func callers() *stack { + const depth = 32 + var pcs [depth]uintptr + n := runtime.Callers(3, pcs[:]) + var st stack = pcs[0:n] + return &st +} + +// funcname removes the path prefix component of a function's name reported by func.Name(). +func funcname(name string) string { + i := strings.LastIndex(name, "/") + name = name[i+1:] + i = strings.Index(name, ".") + return name[i+1:] +} diff --git a/vendor/golang.org/x/crypto/AUTHORS b/vendor/golang.org/x/crypto/AUTHORS new file mode 100644 index 0000000..2b00ddb --- /dev/null +++ b/vendor/golang.org/x/crypto/AUTHORS @@ -0,0 +1,3 @@ +# This source code refers to The Go Authors for copyright purposes. +# The master list of authors is in the main Go distribution, +# visible at https://tip.golang.org/AUTHORS. diff --git a/vendor/golang.org/x/crypto/CONTRIBUTORS b/vendor/golang.org/x/crypto/CONTRIBUTORS new file mode 100644 index 0000000..1fbd3e9 --- /dev/null +++ b/vendor/golang.org/x/crypto/CONTRIBUTORS @@ -0,0 +1,3 @@ +# This source code was written by the Go contributors. +# The master list of contributors is in the main Go distribution, +# visible at https://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE new file mode 100644 index 0000000..6a66aea --- /dev/null +++ b/vendor/golang.org/x/crypto/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS new file mode 100644 index 0000000..7330990 --- /dev/null +++ b/vendor/golang.org/x/crypto/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go new file mode 100644 index 0000000..593f653 --- /dev/null +++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go @@ -0,0 +1,77 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +/* +Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC +2898 / PKCS #5 v2.0. + +A key derivation function is useful when encrypting data based on a password +or any other not-fully-random data. It uses a pseudorandom function to derive +a secure encryption key based on the password. + +While v2.0 of the standard defines only one pseudorandom function to use, +HMAC-SHA1, the drafted v2.1 specification allows use of all five FIPS Approved +Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To +choose, you can pass the `New` functions from the different SHA packages to +pbkdf2.Key. +*/ +package pbkdf2 // import "golang.org/x/crypto/pbkdf2" + +import ( + "crypto/hmac" + "hash" +) + +// Key derives a key from the password, salt and iteration count, returning a +// []byte of length keylen that can be used as cryptographic key. The key is +// derived based on the method described as PBKDF2 with the HMAC variant using +// the supplied hash function. +// +// For example, to use a HMAC-SHA-1 based PBKDF2 key derivation function, you +// can get a derived key for e.g. AES-256 (which needs a 32-byte key) by +// doing: +// +// dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New) +// +// Remember to get a good random salt. At least 8 bytes is recommended by the +// RFC. +// +// Using a higher iteration count will increase the cost of an exhaustive +// search but will also make derivation proportionally slower. +func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen + + var buf [4]byte + dk := make([]byte, 0, numBlocks*hashLen) + U := make([]byte, hashLen) + for block := 1; block <= numBlocks; block++ { + // N.B.: || means concatenation, ^ means XOR + // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter + // U_1 = PRF(password, salt || uint(i)) + prf.Reset() + prf.Write(salt) + buf[0] = byte(block >> 24) + buf[1] = byte(block >> 16) + buf[2] = byte(block >> 8) + buf[3] = byte(block) + prf.Write(buf[:4]) + dk = prf.Sum(dk) + T := dk[len(dk)-hashLen:] + copy(U, T) + + // U_n = PRF(password, U_(n-1)) + for n := 2; n <= iter; n++ { + prf.Reset() + prf.Write(U) + U = U[:0] + U = prf.Sum(U) + for x := range U { + T[x] ^= U[x] + } + } + } + return dk[:keyLen] +} diff --git a/vendor/golang.org/x/crypto/ripemd160/ripemd160.go b/vendor/golang.org/x/crypto/ripemd160/ripemd160.go new file mode 100644 index 0000000..cf3eeb1 --- /dev/null +++ b/vendor/golang.org/x/crypto/ripemd160/ripemd160.go @@ -0,0 +1,124 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package ripemd160 implements the RIPEMD-160 hash algorithm. +// +// Deprecated: RIPEMD-160 is a legacy hash and should not be used for new +// applications. Also, this package does not and will not provide an optimized +// implementation. Instead, use a modern hash like SHA-256 (from crypto/sha256). +package ripemd160 // import "golang.org/x/crypto/ripemd160" + +// RIPEMD-160 is designed by Hans Dobbertin, Antoon Bosselaers, and Bart +// Preneel with specifications available at: +// http://homes.esat.kuleuven.be/~cosicart/pdf/AB-9601/AB-9601.pdf. + +import ( + "crypto" + "hash" +) + +func init() { + crypto.RegisterHash(crypto.RIPEMD160, New) +} + +// The size of the checksum in bytes. +const Size = 20 + +// The block size of the hash algorithm in bytes. +const BlockSize = 64 + +const ( + _s0 = 0x67452301 + _s1 = 0xefcdab89 + _s2 = 0x98badcfe + _s3 = 0x10325476 + _s4 = 0xc3d2e1f0 +) + +// digest represents the partial evaluation of a checksum. +type digest struct { + s [5]uint32 // running context + x [BlockSize]byte // temporary buffer + nx int // index into x + tc uint64 // total count of bytes processed +} + +func (d *digest) Reset() { + d.s[0], d.s[1], d.s[2], d.s[3], d.s[4] = _s0, _s1, _s2, _s3, _s4 + d.nx = 0 + d.tc = 0 +} + +// New returns a new hash.Hash computing the checksum. +func New() hash.Hash { + result := new(digest) + result.Reset() + return result +} + +func (d *digest) Size() int { return Size } + +func (d *digest) BlockSize() int { return BlockSize } + +func (d *digest) Write(p []byte) (nn int, err error) { + nn = len(p) + d.tc += uint64(nn) + if d.nx > 0 { + n := len(p) + if n > BlockSize-d.nx { + n = BlockSize - d.nx + } + for i := 0; i < n; i++ { + d.x[d.nx+i] = p[i] + } + d.nx += n + if d.nx == BlockSize { + _Block(d, d.x[0:]) + d.nx = 0 + } + p = p[n:] + } + n := _Block(d, p) + p = p[n:] + if len(p) > 0 { + d.nx = copy(d.x[:], p) + } + return +} + +func (d0 *digest) Sum(in []byte) []byte { + // Make a copy of d0 so that caller can keep writing and summing. + d := *d0 + + // Padding. Add a 1 bit and 0 bits until 56 bytes mod 64. + tc := d.tc + var tmp [64]byte + tmp[0] = 0x80 + if tc%64 < 56 { + d.Write(tmp[0 : 56-tc%64]) + } else { + d.Write(tmp[0 : 64+56-tc%64]) + } + + // Length in bits. + tc <<= 3 + for i := uint(0); i < 8; i++ { + tmp[i] = byte(tc >> (8 * i)) + } + d.Write(tmp[0:8]) + + if d.nx != 0 { + panic("d.nx != 0") + } + + var digest [Size]byte + for i, s := range d.s { + digest[i*4] = byte(s) + digest[i*4+1] = byte(s >> 8) + digest[i*4+2] = byte(s >> 16) + digest[i*4+3] = byte(s >> 24) + } + + return append(in, digest[:]...) +} diff --git a/vendor/golang.org/x/crypto/ripemd160/ripemd160block.go b/vendor/golang.org/x/crypto/ripemd160/ripemd160block.go new file mode 100644 index 0000000..e0edc02 --- /dev/null +++ b/vendor/golang.org/x/crypto/ripemd160/ripemd160block.go @@ -0,0 +1,165 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// RIPEMD-160 block step. +// In its own file so that a faster assembly or C version +// can be substituted easily. + +package ripemd160 + +import ( + "math/bits" +) + +// work buffer indices and roll amounts for one line +var _n = [80]uint{ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, + 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, + 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, + 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13, +} + +var _r = [80]uint{ + 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, + 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, + 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, + 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, + 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6, +} + +// same for the other parallel one +var n_ = [80]uint{ + 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, + 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, + 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, + 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, + 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11, +} + +var r_ = [80]uint{ + 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, + 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, + 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, + 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, + 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11, +} + +func _Block(md *digest, p []byte) int { + n := 0 + var x [16]uint32 + var alpha, beta uint32 + for len(p) >= BlockSize { + a, b, c, d, e := md.s[0], md.s[1], md.s[2], md.s[3], md.s[4] + aa, bb, cc, dd, ee := a, b, c, d, e + j := 0 + for i := 0; i < 16; i++ { + x[i] = uint32(p[j]) | uint32(p[j+1])<<8 | uint32(p[j+2])<<16 | uint32(p[j+3])<<24 + j += 4 + } + + // round 1 + i := 0 + for i < 16 { + alpha = a + (b ^ c ^ d) + x[_n[i]] + s := int(_r[i]) + alpha = bits.RotateLeft32(alpha, s) + e + beta = bits.RotateLeft32(c, 10) + a, b, c, d, e = e, alpha, b, beta, d + + // parallel line + alpha = aa + (bb ^ (cc | ^dd)) + x[n_[i]] + 0x50a28be6 + s = int(r_[i]) + alpha = bits.RotateLeft32(alpha, s) + ee + beta = bits.RotateLeft32(cc, 10) + aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd + + i++ + } + + // round 2 + for i < 32 { + alpha = a + (b&c | ^b&d) + x[_n[i]] + 0x5a827999 + s := int(_r[i]) + alpha = bits.RotateLeft32(alpha, s) + e + beta = bits.RotateLeft32(c, 10) + a, b, c, d, e = e, alpha, b, beta, d + + // parallel line + alpha = aa + (bb&dd | cc&^dd) + x[n_[i]] + 0x5c4dd124 + s = int(r_[i]) + alpha = bits.RotateLeft32(alpha, s) + ee + beta = bits.RotateLeft32(cc, 10) + aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd + + i++ + } + + // round 3 + for i < 48 { + alpha = a + (b | ^c ^ d) + x[_n[i]] + 0x6ed9eba1 + s := int(_r[i]) + alpha = bits.RotateLeft32(alpha, s) + e + beta = bits.RotateLeft32(c, 10) + a, b, c, d, e = e, alpha, b, beta, d + + // parallel line + alpha = aa + (bb | ^cc ^ dd) + x[n_[i]] + 0x6d703ef3 + s = int(r_[i]) + alpha = bits.RotateLeft32(alpha, s) + ee + beta = bits.RotateLeft32(cc, 10) + aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd + + i++ + } + + // round 4 + for i < 64 { + alpha = a + (b&d | c&^d) + x[_n[i]] + 0x8f1bbcdc + s := int(_r[i]) + alpha = bits.RotateLeft32(alpha, s) + e + beta = bits.RotateLeft32(c, 10) + a, b, c, d, e = e, alpha, b, beta, d + + // parallel line + alpha = aa + (bb&cc | ^bb&dd) + x[n_[i]] + 0x7a6d76e9 + s = int(r_[i]) + alpha = bits.RotateLeft32(alpha, s) + ee + beta = bits.RotateLeft32(cc, 10) + aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd + + i++ + } + + // round 5 + for i < 80 { + alpha = a + (b ^ (c | ^d)) + x[_n[i]] + 0xa953fd4e + s := int(_r[i]) + alpha = bits.RotateLeft32(alpha, s) + e + beta = bits.RotateLeft32(c, 10) + a, b, c, d, e = e, alpha, b, beta, d + + // parallel line + alpha = aa + (bb ^ cc ^ dd) + x[n_[i]] + s = int(r_[i]) + alpha = bits.RotateLeft32(alpha, s) + ee + beta = bits.RotateLeft32(cc, 10) + aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd + + i++ + } + + // combine results + dd += c + md.s[1] + md.s[1] = md.s[2] + d + ee + md.s[2] = md.s[3] + e + aa + md.s[3] = md.s[4] + a + bb + md.s[4] = md.s[0] + b + cc + md.s[0] = dd + + p = p[BlockSize:] + n += BlockSize + } + return n +} diff --git a/vendor/golang.org/x/crypto/scrypt/scrypt.go b/vendor/golang.org/x/crypto/scrypt/scrypt.go new file mode 100644 index 0000000..2f81fe4 --- /dev/null +++ b/vendor/golang.org/x/crypto/scrypt/scrypt.go @@ -0,0 +1,213 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package scrypt implements the scrypt key derivation function as defined in +// Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard +// Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf). +package scrypt // import "golang.org/x/crypto/scrypt" + +import ( + "crypto/sha256" + "errors" + "math/bits" + + "golang.org/x/crypto/pbkdf2" +) + +const maxInt = int(^uint(0) >> 1) + +// blockCopy copies n numbers from src into dst. +func blockCopy(dst, src []uint32, n int) { + copy(dst, src[:n]) +} + +// blockXOR XORs numbers from dst with n numbers from src. +func blockXOR(dst, src []uint32, n int) { + for i, v := range src[:n] { + dst[i] ^= v + } +} + +// salsaXOR applies Salsa20/8 to the XOR of 16 numbers from tmp and in, +// and puts the result into both tmp and out. +func salsaXOR(tmp *[16]uint32, in, out []uint32) { + w0 := tmp[0] ^ in[0] + w1 := tmp[1] ^ in[1] + w2 := tmp[2] ^ in[2] + w3 := tmp[3] ^ in[3] + w4 := tmp[4] ^ in[4] + w5 := tmp[5] ^ in[5] + w6 := tmp[6] ^ in[6] + w7 := tmp[7] ^ in[7] + w8 := tmp[8] ^ in[8] + w9 := tmp[9] ^ in[9] + w10 := tmp[10] ^ in[10] + w11 := tmp[11] ^ in[11] + w12 := tmp[12] ^ in[12] + w13 := tmp[13] ^ in[13] + w14 := tmp[14] ^ in[14] + w15 := tmp[15] ^ in[15] + + x0, x1, x2, x3, x4, x5, x6, x7, x8 := w0, w1, w2, w3, w4, w5, w6, w7, w8 + x9, x10, x11, x12, x13, x14, x15 := w9, w10, w11, w12, w13, w14, w15 + + for i := 0; i < 8; i += 2 { + x4 ^= bits.RotateLeft32(x0+x12, 7) + x8 ^= bits.RotateLeft32(x4+x0, 9) + x12 ^= bits.RotateLeft32(x8+x4, 13) + x0 ^= bits.RotateLeft32(x12+x8, 18) + + x9 ^= bits.RotateLeft32(x5+x1, 7) + x13 ^= bits.RotateLeft32(x9+x5, 9) + x1 ^= bits.RotateLeft32(x13+x9, 13) + x5 ^= bits.RotateLeft32(x1+x13, 18) + + x14 ^= bits.RotateLeft32(x10+x6, 7) + x2 ^= bits.RotateLeft32(x14+x10, 9) + x6 ^= bits.RotateLeft32(x2+x14, 13) + x10 ^= bits.RotateLeft32(x6+x2, 18) + + x3 ^= bits.RotateLeft32(x15+x11, 7) + x7 ^= bits.RotateLeft32(x3+x15, 9) + x11 ^= bits.RotateLeft32(x7+x3, 13) + x15 ^= bits.RotateLeft32(x11+x7, 18) + + x1 ^= bits.RotateLeft32(x0+x3, 7) + x2 ^= bits.RotateLeft32(x1+x0, 9) + x3 ^= bits.RotateLeft32(x2+x1, 13) + x0 ^= bits.RotateLeft32(x3+x2, 18) + + x6 ^= bits.RotateLeft32(x5+x4, 7) + x7 ^= bits.RotateLeft32(x6+x5, 9) + x4 ^= bits.RotateLeft32(x7+x6, 13) + x5 ^= bits.RotateLeft32(x4+x7, 18) + + x11 ^= bits.RotateLeft32(x10+x9, 7) + x8 ^= bits.RotateLeft32(x11+x10, 9) + x9 ^= bits.RotateLeft32(x8+x11, 13) + x10 ^= bits.RotateLeft32(x9+x8, 18) + + x12 ^= bits.RotateLeft32(x15+x14, 7) + x13 ^= bits.RotateLeft32(x12+x15, 9) + x14 ^= bits.RotateLeft32(x13+x12, 13) + x15 ^= bits.RotateLeft32(x14+x13, 18) + } + x0 += w0 + x1 += w1 + x2 += w2 + x3 += w3 + x4 += w4 + x5 += w5 + x6 += w6 + x7 += w7 + x8 += w8 + x9 += w9 + x10 += w10 + x11 += w11 + x12 += w12 + x13 += w13 + x14 += w14 + x15 += w15 + + out[0], tmp[0] = x0, x0 + out[1], tmp[1] = x1, x1 + out[2], tmp[2] = x2, x2 + out[3], tmp[3] = x3, x3 + out[4], tmp[4] = x4, x4 + out[5], tmp[5] = x5, x5 + out[6], tmp[6] = x6, x6 + out[7], tmp[7] = x7, x7 + out[8], tmp[8] = x8, x8 + out[9], tmp[9] = x9, x9 + out[10], tmp[10] = x10, x10 + out[11], tmp[11] = x11, x11 + out[12], tmp[12] = x12, x12 + out[13], tmp[13] = x13, x13 + out[14], tmp[14] = x14, x14 + out[15], tmp[15] = x15, x15 +} + +func blockMix(tmp *[16]uint32, in, out []uint32, r int) { + blockCopy(tmp[:], in[(2*r-1)*16:], 16) + for i := 0; i < 2*r; i += 2 { + salsaXOR(tmp, in[i*16:], out[i*8:]) + salsaXOR(tmp, in[i*16+16:], out[i*8+r*16:]) + } +} + +func integer(b []uint32, r int) uint64 { + j := (2*r - 1) * 16 + return uint64(b[j]) | uint64(b[j+1])<<32 +} + +func smix(b []byte, r, N int, v, xy []uint32) { + var tmp [16]uint32 + x := xy + y := xy[32*r:] + + j := 0 + for i := 0; i < 32*r; i++ { + x[i] = uint32(b[j]) | uint32(b[j+1])<<8 | uint32(b[j+2])<<16 | uint32(b[j+3])<<24 + j += 4 + } + for i := 0; i < N; i += 2 { + blockCopy(v[i*(32*r):], x, 32*r) + blockMix(&tmp, x, y, r) + + blockCopy(v[(i+1)*(32*r):], y, 32*r) + blockMix(&tmp, y, x, r) + } + for i := 0; i < N; i += 2 { + j := int(integer(x, r) & uint64(N-1)) + blockXOR(x, v[j*(32*r):], 32*r) + blockMix(&tmp, x, y, r) + + j = int(integer(y, r) & uint64(N-1)) + blockXOR(y, v[j*(32*r):], 32*r) + blockMix(&tmp, y, x, r) + } + j = 0 + for _, v := range x[:32*r] { + b[j+0] = byte(v >> 0) + b[j+1] = byte(v >> 8) + b[j+2] = byte(v >> 16) + b[j+3] = byte(v >> 24) + j += 4 + } +} + +// Key derives a key from the password, salt, and cost parameters, returning +// a byte slice of length keyLen that can be used as cryptographic key. +// +// N is a CPU/memory cost parameter, which must be a power of two greater than 1. +// r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the +// limits, the function returns a nil byte slice and an error. +// +// For example, you can get a derived key for e.g. AES-256 (which needs a +// 32-byte key) by doing: +// +// dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32) +// +// The recommended parameters for interactive logins as of 2017 are N=32768, r=8 +// and p=1. The parameters N, r, and p should be increased as memory latency and +// CPU parallelism increases; consider setting N to the highest power of 2 you +// can derive within 100 milliseconds. Remember to get a good random salt. +func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error) { + if N <= 1 || N&(N-1) != 0 { + return nil, errors.New("scrypt: N must be > 1 and a power of 2") + } + if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r { + return nil, errors.New("scrypt: parameters are too large") + } + + xy := make([]uint32, 64*r) + v := make([]uint32, 32*N*r) + b := pbkdf2.Key(password, salt, 1, p*128*r, sha256.New) + + for i := 0; i < p; i++ { + smix(b[i*128*r:], r, N, v, xy) + } + + return pbkdf2.Key(password, b, 1, keyLen, sha256.New), nil +} diff --git a/vendor/golang.org/x/net/AUTHORS b/vendor/golang.org/x/net/AUTHORS new file mode 100644 index 0000000..15167cd --- /dev/null +++ b/vendor/golang.org/x/net/AUTHORS @@ -0,0 +1,3 @@ +# This source code refers to The Go Authors for copyright purposes. +# The master list of authors is in the main Go distribution, +# visible at http://tip.golang.org/AUTHORS. diff --git a/vendor/golang.org/x/net/CONTRIBUTORS b/vendor/golang.org/x/net/CONTRIBUTORS new file mode 100644 index 0000000..1c4577e --- /dev/null +++ b/vendor/golang.org/x/net/CONTRIBUTORS @@ -0,0 +1,3 @@ +# This source code was written by the Go contributors. +# The master list of contributors is in the main Go distribution, +# visible at http://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/golang.org/x/net/LICENSE b/vendor/golang.org/x/net/LICENSE new file mode 100644 index 0000000..6a66aea --- /dev/null +++ b/vendor/golang.org/x/net/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/net/PATENTS b/vendor/golang.org/x/net/PATENTS new file mode 100644 index 0000000..7330990 --- /dev/null +++ b/vendor/golang.org/x/net/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/net/internal/socks/client.go b/vendor/golang.org/x/net/internal/socks/client.go new file mode 100644 index 0000000..3d6f516 --- /dev/null +++ b/vendor/golang.org/x/net/internal/socks/client.go @@ -0,0 +1,168 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package socks + +import ( + "context" + "errors" + "io" + "net" + "strconv" + "time" +) + +var ( + noDeadline = time.Time{} + aLongTimeAgo = time.Unix(1, 0) +) + +func (d *Dialer) connect(ctx context.Context, c net.Conn, address string) (_ net.Addr, ctxErr error) { + host, port, err := splitHostPort(address) + if err != nil { + return nil, err + } + if deadline, ok := ctx.Deadline(); ok && !deadline.IsZero() { + c.SetDeadline(deadline) + defer c.SetDeadline(noDeadline) + } + if ctx != context.Background() { + errCh := make(chan error, 1) + done := make(chan struct{}) + defer func() { + close(done) + if ctxErr == nil { + ctxErr = <-errCh + } + }() + go func() { + select { + case <-ctx.Done(): + c.SetDeadline(aLongTimeAgo) + errCh <- ctx.Err() + case <-done: + errCh <- nil + } + }() + } + + b := make([]byte, 0, 6+len(host)) // the size here is just an estimate + b = append(b, Version5) + if len(d.AuthMethods) == 0 || d.Authenticate == nil { + b = append(b, 1, byte(AuthMethodNotRequired)) + } else { + ams := d.AuthMethods + if len(ams) > 255 { + return nil, errors.New("too many authentication methods") + } + b = append(b, byte(len(ams))) + for _, am := range ams { + b = append(b, byte(am)) + } + } + if _, ctxErr = c.Write(b); ctxErr != nil { + return + } + + if _, ctxErr = io.ReadFull(c, b[:2]); ctxErr != nil { + return + } + if b[0] != Version5 { + return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0]))) + } + am := AuthMethod(b[1]) + if am == AuthMethodNoAcceptableMethods { + return nil, errors.New("no acceptable authentication methods") + } + if d.Authenticate != nil { + if ctxErr = d.Authenticate(ctx, c, am); ctxErr != nil { + return + } + } + + b = b[:0] + b = append(b, Version5, byte(d.cmd), 0) + if ip := net.ParseIP(host); ip != nil { + if ip4 := ip.To4(); ip4 != nil { + b = append(b, AddrTypeIPv4) + b = append(b, ip4...) + } else if ip6 := ip.To16(); ip6 != nil { + b = append(b, AddrTypeIPv6) + b = append(b, ip6...) + } else { + return nil, errors.New("unknown address type") + } + } else { + if len(host) > 255 { + return nil, errors.New("FQDN too long") + } + b = append(b, AddrTypeFQDN) + b = append(b, byte(len(host))) + b = append(b, host...) + } + b = append(b, byte(port>>8), byte(port)) + if _, ctxErr = c.Write(b); ctxErr != nil { + return + } + + if _, ctxErr = io.ReadFull(c, b[:4]); ctxErr != nil { + return + } + if b[0] != Version5 { + return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0]))) + } + if cmdErr := Reply(b[1]); cmdErr != StatusSucceeded { + return nil, errors.New("unknown error " + cmdErr.String()) + } + if b[2] != 0 { + return nil, errors.New("non-zero reserved field") + } + l := 2 + var a Addr + switch b[3] { + case AddrTypeIPv4: + l += net.IPv4len + a.IP = make(net.IP, net.IPv4len) + case AddrTypeIPv6: + l += net.IPv6len + a.IP = make(net.IP, net.IPv6len) + case AddrTypeFQDN: + if _, err := io.ReadFull(c, b[:1]); err != nil { + return nil, err + } + l += int(b[0]) + default: + return nil, errors.New("unknown address type " + strconv.Itoa(int(b[3]))) + } + if cap(b) < l { + b = make([]byte, l) + } else { + b = b[:l] + } + if _, ctxErr = io.ReadFull(c, b); ctxErr != nil { + return + } + if a.IP != nil { + copy(a.IP, b) + } else { + a.Name = string(b[:len(b)-2]) + } + a.Port = int(b[len(b)-2])<<8 | int(b[len(b)-1]) + return &a, nil +} + +func splitHostPort(address string) (string, int, error) { + host, port, err := net.SplitHostPort(address) + if err != nil { + return "", 0, err + } + portnum, err := strconv.Atoi(port) + if err != nil { + return "", 0, err + } + if 1 > portnum || portnum > 0xffff { + return "", 0, errors.New("port number out of range " + port) + } + return host, portnum, nil +} diff --git a/vendor/golang.org/x/net/internal/socks/socks.go b/vendor/golang.org/x/net/internal/socks/socks.go new file mode 100644 index 0000000..6929a9f --- /dev/null +++ b/vendor/golang.org/x/net/internal/socks/socks.go @@ -0,0 +1,317 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package socks provides a SOCKS version 5 client implementation. +// +// SOCKS protocol version 5 is defined in RFC 1928. +// Username/Password authentication for SOCKS version 5 is defined in +// RFC 1929. +package socks + +import ( + "context" + "errors" + "io" + "net" + "strconv" +) + +// A Command represents a SOCKS command. +type Command int + +func (cmd Command) String() string { + switch cmd { + case CmdConnect: + return "socks connect" + case cmdBind: + return "socks bind" + default: + return "socks " + strconv.Itoa(int(cmd)) + } +} + +// An AuthMethod represents a SOCKS authentication method. +type AuthMethod int + +// A Reply represents a SOCKS command reply code. +type Reply int + +func (code Reply) String() string { + switch code { + case StatusSucceeded: + return "succeeded" + case 0x01: + return "general SOCKS server failure" + case 0x02: + return "connection not allowed by ruleset" + case 0x03: + return "network unreachable" + case 0x04: + return "host unreachable" + case 0x05: + return "connection refused" + case 0x06: + return "TTL expired" + case 0x07: + return "command not supported" + case 0x08: + return "address type not supported" + default: + return "unknown code: " + strconv.Itoa(int(code)) + } +} + +// Wire protocol constants. +const ( + Version5 = 0x05 + + AddrTypeIPv4 = 0x01 + AddrTypeFQDN = 0x03 + AddrTypeIPv6 = 0x04 + + CmdConnect Command = 0x01 // establishes an active-open forward proxy connection + cmdBind Command = 0x02 // establishes a passive-open forward proxy connection + + AuthMethodNotRequired AuthMethod = 0x00 // no authentication required + AuthMethodUsernamePassword AuthMethod = 0x02 // use username/password + AuthMethodNoAcceptableMethods AuthMethod = 0xff // no acceptable authentication methods + + StatusSucceeded Reply = 0x00 +) + +// An Addr represents a SOCKS-specific address. +// Either Name or IP is used exclusively. +type Addr struct { + Name string // fully-qualified domain name + IP net.IP + Port int +} + +func (a *Addr) Network() string { return "socks" } + +func (a *Addr) String() string { + if a == nil { + return "" + } + port := strconv.Itoa(a.Port) + if a.IP == nil { + return net.JoinHostPort(a.Name, port) + } + return net.JoinHostPort(a.IP.String(), port) +} + +// A Conn represents a forward proxy connection. +type Conn struct { + net.Conn + + boundAddr net.Addr +} + +// BoundAddr returns the address assigned by the proxy server for +// connecting to the command target address from the proxy server. +func (c *Conn) BoundAddr() net.Addr { + if c == nil { + return nil + } + return c.boundAddr +} + +// A Dialer holds SOCKS-specific options. +type Dialer struct { + cmd Command // either CmdConnect or cmdBind + proxyNetwork string // network between a proxy server and a client + proxyAddress string // proxy server address + + // ProxyDial specifies the optional dial function for + // establishing the transport connection. + ProxyDial func(context.Context, string, string) (net.Conn, error) + + // AuthMethods specifies the list of request authention + // methods. + // If empty, SOCKS client requests only AuthMethodNotRequired. + AuthMethods []AuthMethod + + // Authenticate specifies the optional authentication + // function. It must be non-nil when AuthMethods is not empty. + // It must return an error when the authentication is failed. + Authenticate func(context.Context, io.ReadWriter, AuthMethod) error +} + +// DialContext connects to the provided address on the provided +// network. +// +// The returned error value may be a net.OpError. When the Op field of +// net.OpError contains "socks", the Source field contains a proxy +// server address and the Addr field contains a command target +// address. +// +// See func Dial of the net package of standard library for a +// description of the network and address parameters. +func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) { + if err := d.validateTarget(network, address); err != nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + if ctx == nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")} + } + var err error + var c net.Conn + if d.ProxyDial != nil { + c, err = d.ProxyDial(ctx, d.proxyNetwork, d.proxyAddress) + } else { + var dd net.Dialer + c, err = dd.DialContext(ctx, d.proxyNetwork, d.proxyAddress) + } + if err != nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + a, err := d.connect(ctx, c, address) + if err != nil { + c.Close() + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + return &Conn{Conn: c, boundAddr: a}, nil +} + +// DialWithConn initiates a connection from SOCKS server to the target +// network and address using the connection c that is already +// connected to the SOCKS server. +// +// It returns the connection's local address assigned by the SOCKS +// server. +func (d *Dialer) DialWithConn(ctx context.Context, c net.Conn, network, address string) (net.Addr, error) { + if err := d.validateTarget(network, address); err != nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + if ctx == nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")} + } + a, err := d.connect(ctx, c, address) + if err != nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + return a, nil +} + +// Dial connects to the provided address on the provided network. +// +// Unlike DialContext, it returns a raw transport connection instead +// of a forward proxy connection. +// +// Deprecated: Use DialContext or DialWithConn instead. +func (d *Dialer) Dial(network, address string) (net.Conn, error) { + if err := d.validateTarget(network, address); err != nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + var err error + var c net.Conn + if d.ProxyDial != nil { + c, err = d.ProxyDial(context.Background(), d.proxyNetwork, d.proxyAddress) + } else { + c, err = net.Dial(d.proxyNetwork, d.proxyAddress) + } + if err != nil { + proxy, dst, _ := d.pathAddrs(address) + return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err} + } + if _, err := d.DialWithConn(context.Background(), c, network, address); err != nil { + c.Close() + return nil, err + } + return c, nil +} + +func (d *Dialer) validateTarget(network, address string) error { + switch network { + case "tcp", "tcp6", "tcp4": + default: + return errors.New("network not implemented") + } + switch d.cmd { + case CmdConnect, cmdBind: + default: + return errors.New("command not implemented") + } + return nil +} + +func (d *Dialer) pathAddrs(address string) (proxy, dst net.Addr, err error) { + for i, s := range []string{d.proxyAddress, address} { + host, port, err := splitHostPort(s) + if err != nil { + return nil, nil, err + } + a := &Addr{Port: port} + a.IP = net.ParseIP(host) + if a.IP == nil { + a.Name = host + } + if i == 0 { + proxy = a + } else { + dst = a + } + } + return +} + +// NewDialer returns a new Dialer that dials through the provided +// proxy server's network and address. +func NewDialer(network, address string) *Dialer { + return &Dialer{proxyNetwork: network, proxyAddress: address, cmd: CmdConnect} +} + +const ( + authUsernamePasswordVersion = 0x01 + authStatusSucceeded = 0x00 +) + +// UsernamePassword are the credentials for the username/password +// authentication method. +type UsernamePassword struct { + Username string + Password string +} + +// Authenticate authenticates a pair of username and password with the +// proxy server. +func (up *UsernamePassword) Authenticate(ctx context.Context, rw io.ReadWriter, auth AuthMethod) error { + switch auth { + case AuthMethodNotRequired: + return nil + case AuthMethodUsernamePassword: + if len(up.Username) == 0 || len(up.Username) > 255 || len(up.Password) == 0 || len(up.Password) > 255 { + return errors.New("invalid username/password") + } + b := []byte{authUsernamePasswordVersion} + b = append(b, byte(len(up.Username))) + b = append(b, up.Username...) + b = append(b, byte(len(up.Password))) + b = append(b, up.Password...) + // TODO(mikio): handle IO deadlines and cancelation if + // necessary + if _, err := rw.Write(b); err != nil { + return err + } + if _, err := io.ReadFull(rw, b[:2]); err != nil { + return err + } + if b[0] != authUsernamePasswordVersion { + return errors.New("invalid username/password version") + } + if b[1] != authStatusSucceeded { + return errors.New("username/password authentication failed") + } + return nil + } + return errors.New("unsupported authentication method " + strconv.Itoa(int(auth))) +} diff --git a/vendor/golang.org/x/net/proxy/direct.go b/vendor/golang.org/x/net/proxy/direct.go new file mode 100644 index 0000000..4c5ad88 --- /dev/null +++ b/vendor/golang.org/x/net/proxy/direct.go @@ -0,0 +1,18 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package proxy + +import ( + "net" +) + +type direct struct{} + +// Direct is a direct proxy: one that makes network connections directly. +var Direct = direct{} + +func (direct) Dial(network, addr string) (net.Conn, error) { + return net.Dial(network, addr) +} diff --git a/vendor/golang.org/x/net/proxy/per_host.go b/vendor/golang.org/x/net/proxy/per_host.go new file mode 100644 index 0000000..0689bb6 --- /dev/null +++ b/vendor/golang.org/x/net/proxy/per_host.go @@ -0,0 +1,140 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package proxy + +import ( + "net" + "strings" +) + +// A PerHost directs connections to a default Dialer unless the host name +// requested matches one of a number of exceptions. +type PerHost struct { + def, bypass Dialer + + bypassNetworks []*net.IPNet + bypassIPs []net.IP + bypassZones []string + bypassHosts []string +} + +// NewPerHost returns a PerHost Dialer that directs connections to either +// defaultDialer or bypass, depending on whether the connection matches one of +// the configured rules. +func NewPerHost(defaultDialer, bypass Dialer) *PerHost { + return &PerHost{ + def: defaultDialer, + bypass: bypass, + } +} + +// Dial connects to the address addr on the given network through either +// defaultDialer or bypass. +func (p *PerHost) Dial(network, addr string) (c net.Conn, err error) { + host, _, err := net.SplitHostPort(addr) + if err != nil { + return nil, err + } + + return p.dialerForRequest(host).Dial(network, addr) +} + +func (p *PerHost) dialerForRequest(host string) Dialer { + if ip := net.ParseIP(host); ip != nil { + for _, net := range p.bypassNetworks { + if net.Contains(ip) { + return p.bypass + } + } + for _, bypassIP := range p.bypassIPs { + if bypassIP.Equal(ip) { + return p.bypass + } + } + return p.def + } + + for _, zone := range p.bypassZones { + if strings.HasSuffix(host, zone) { + return p.bypass + } + if host == zone[1:] { + // For a zone ".example.com", we match "example.com" + // too. + return p.bypass + } + } + for _, bypassHost := range p.bypassHosts { + if bypassHost == host { + return p.bypass + } + } + return p.def +} + +// AddFromString parses a string that contains comma-separated values +// specifying hosts that should use the bypass proxy. Each value is either an +// IP address, a CIDR range, a zone (*.example.com) or a host name +// (localhost). A best effort is made to parse the string and errors are +// ignored. +func (p *PerHost) AddFromString(s string) { + hosts := strings.Split(s, ",") + for _, host := range hosts { + host = strings.TrimSpace(host) + if len(host) == 0 { + continue + } + if strings.Contains(host, "/") { + // We assume that it's a CIDR address like 127.0.0.0/8 + if _, net, err := net.ParseCIDR(host); err == nil { + p.AddNetwork(net) + } + continue + } + if ip := net.ParseIP(host); ip != nil { + p.AddIP(ip) + continue + } + if strings.HasPrefix(host, "*.") { + p.AddZone(host[1:]) + continue + } + p.AddHost(host) + } +} + +// AddIP specifies an IP address that will use the bypass proxy. Note that +// this will only take effect if a literal IP address is dialed. A connection +// to a named host will never match an IP. +func (p *PerHost) AddIP(ip net.IP) { + p.bypassIPs = append(p.bypassIPs, ip) +} + +// AddNetwork specifies an IP range that will use the bypass proxy. Note that +// this will only take effect if a literal IP address is dialed. A connection +// to a named host will never match. +func (p *PerHost) AddNetwork(net *net.IPNet) { + p.bypassNetworks = append(p.bypassNetworks, net) +} + +// AddZone specifies a DNS suffix that will use the bypass proxy. A zone of +// "example.com" matches "example.com" and all of its subdomains. +func (p *PerHost) AddZone(zone string) { + if strings.HasSuffix(zone, ".") { + zone = zone[:len(zone)-1] + } + if !strings.HasPrefix(zone, ".") { + zone = "." + zone + } + p.bypassZones = append(p.bypassZones, zone) +} + +// AddHost specifies a host name that will use the bypass proxy. +func (p *PerHost) AddHost(host string) { + if strings.HasSuffix(host, ".") { + host = host[:len(host)-1] + } + p.bypassHosts = append(p.bypassHosts, host) +} diff --git a/vendor/golang.org/x/net/proxy/proxy.go b/vendor/golang.org/x/net/proxy/proxy.go new file mode 100644 index 0000000..f6026b9 --- /dev/null +++ b/vendor/golang.org/x/net/proxy/proxy.go @@ -0,0 +1,139 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package proxy provides support for a variety of protocols to proxy network +// data. +package proxy // import "golang.org/x/net/proxy" + +import ( + "errors" + "net" + "net/url" + "os" + "sync" +) + +// A Dialer is a means to establish a connection. +type Dialer interface { + // Dial connects to the given address via the proxy. + Dial(network, addr string) (c net.Conn, err error) +} + +// Auth contains authentication parameters that specific Dialers may require. +type Auth struct { + User, Password string +} + +// FromEnvironment returns the dialer specified by the proxy related variables in +// the environment. +func FromEnvironment() Dialer { + allProxy := allProxyEnv.Get() + if len(allProxy) == 0 { + return Direct + } + + proxyURL, err := url.Parse(allProxy) + if err != nil { + return Direct + } + proxy, err := FromURL(proxyURL, Direct) + if err != nil { + return Direct + } + + noProxy := noProxyEnv.Get() + if len(noProxy) == 0 { + return proxy + } + + perHost := NewPerHost(proxy, Direct) + perHost.AddFromString(noProxy) + return perHost +} + +// proxySchemes is a map from URL schemes to a function that creates a Dialer +// from a URL with such a scheme. +var proxySchemes map[string]func(*url.URL, Dialer) (Dialer, error) + +// RegisterDialerType takes a URL scheme and a function to generate Dialers from +// a URL with that scheme and a forwarding Dialer. Registered schemes are used +// by FromURL. +func RegisterDialerType(scheme string, f func(*url.URL, Dialer) (Dialer, error)) { + if proxySchemes == nil { + proxySchemes = make(map[string]func(*url.URL, Dialer) (Dialer, error)) + } + proxySchemes[scheme] = f +} + +// FromURL returns a Dialer given a URL specification and an underlying +// Dialer for it to make network requests. +func FromURL(u *url.URL, forward Dialer) (Dialer, error) { + var auth *Auth + if u.User != nil { + auth = new(Auth) + auth.User = u.User.Username() + if p, ok := u.User.Password(); ok { + auth.Password = p + } + } + + switch u.Scheme { + case "socks5", "socks5h": + addr := u.Hostname() + port := u.Port() + if port == "" { + port = "1080" + } + return SOCKS5("tcp", net.JoinHostPort(addr, port), auth, forward) + } + + // If the scheme doesn't match any of the built-in schemes, see if it + // was registered by another package. + if proxySchemes != nil { + if f, ok := proxySchemes[u.Scheme]; ok { + return f(u, forward) + } + } + + return nil, errors.New("proxy: unknown scheme: " + u.Scheme) +} + +var ( + allProxyEnv = &envOnce{ + names: []string{"ALL_PROXY", "all_proxy"}, + } + noProxyEnv = &envOnce{ + names: []string{"NO_PROXY", "no_proxy"}, + } +) + +// envOnce looks up an environment variable (optionally by multiple +// names) once. It mitigates expensive lookups on some platforms +// (e.g. Windows). +// (Borrowed from net/http/transport.go) +type envOnce struct { + names []string + once sync.Once + val string +} + +func (e *envOnce) Get() string { + e.once.Do(e.init) + return e.val +} + +func (e *envOnce) init() { + for _, n := range e.names { + e.val = os.Getenv(n) + if e.val != "" { + return + } + } +} + +// reset is used by tests +func (e *envOnce) reset() { + e.once = sync.Once{} + e.val = "" +} diff --git a/vendor/golang.org/x/net/proxy/socks5.go b/vendor/golang.org/x/net/proxy/socks5.go new file mode 100644 index 0000000..56345ec --- /dev/null +++ b/vendor/golang.org/x/net/proxy/socks5.go @@ -0,0 +1,36 @@ +// Copyright 2011 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package proxy + +import ( + "context" + "net" + + "golang.org/x/net/internal/socks" +) + +// SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given +// address with an optional username and password. +// See RFC 1928 and RFC 1929. +func SOCKS5(network, address string, auth *Auth, forward Dialer) (Dialer, error) { + d := socks.NewDialer(network, address) + if forward != nil { + d.ProxyDial = func(_ context.Context, network string, address string) (net.Conn, error) { + return forward.Dial(network, address) + } + } + if auth != nil { + up := socks.UsernamePassword{ + Username: auth.User, + Password: auth.Password, + } + d.AuthMethods = []socks.AuthMethod{ + socks.AuthMethodNotRequired, + socks.AuthMethodUsernamePassword, + } + d.Authenticate = up.Authenticate + } + return d, nil +} diff --git a/vendor/google.golang.org/grpc/AUTHORS b/vendor/google.golang.org/grpc/AUTHORS new file mode 100644 index 0000000..e491a9e --- /dev/null +++ b/vendor/google.golang.org/grpc/AUTHORS @@ -0,0 +1 @@ +Google Inc. diff --git a/vendor/google.golang.org/grpc/LICENSE b/vendor/google.golang.org/grpc/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/vendor/google.golang.org/grpc/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/google.golang.org/grpc/codes/code_string.go b/vendor/google.golang.org/grpc/codes/code_string.go new file mode 100644 index 0000000..0b206a5 --- /dev/null +++ b/vendor/google.golang.org/grpc/codes/code_string.go @@ -0,0 +1,62 @@ +/* + * + * Copyright 2017 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package codes + +import "strconv" + +func (c Code) String() string { + switch c { + case OK: + return "OK" + case Canceled: + return "Canceled" + case Unknown: + return "Unknown" + case InvalidArgument: + return "InvalidArgument" + case DeadlineExceeded: + return "DeadlineExceeded" + case NotFound: + return "NotFound" + case AlreadyExists: + return "AlreadyExists" + case PermissionDenied: + return "PermissionDenied" + case ResourceExhausted: + return "ResourceExhausted" + case FailedPrecondition: + return "FailedPrecondition" + case Aborted: + return "Aborted" + case OutOfRange: + return "OutOfRange" + case Unimplemented: + return "Unimplemented" + case Internal: + return "Internal" + case Unavailable: + return "Unavailable" + case DataLoss: + return "DataLoss" + case Unauthenticated: + return "Unauthenticated" + default: + return "Code(" + strconv.FormatInt(int64(c), 10) + ")" + } +} diff --git a/vendor/google.golang.org/grpc/codes/codes.go b/vendor/google.golang.org/grpc/codes/codes.go new file mode 100644 index 0000000..d9b9d57 --- /dev/null +++ b/vendor/google.golang.org/grpc/codes/codes.go @@ -0,0 +1,197 @@ +/* + * + * Copyright 2014 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package codes defines the canonical error codes used by gRPC. It is +// consistent across various languages. +package codes // import "google.golang.org/grpc/codes" + +import ( + "fmt" + "strconv" +) + +// A Code is an unsigned 32-bit error code as defined in the gRPC spec. +type Code uint32 + +const ( + // OK is returned on success. + OK Code = 0 + + // Canceled indicates the operation was canceled (typically by the caller). + Canceled Code = 1 + + // Unknown error. An example of where this error may be returned is + // if a Status value received from another address space belongs to + // an error-space that is not known in this address space. Also + // errors raised by APIs that do not return enough error information + // may be converted to this error. + Unknown Code = 2 + + // InvalidArgument indicates client specified an invalid argument. + // Note that this differs from FailedPrecondition. It indicates arguments + // that are problematic regardless of the state of the system + // (e.g., a malformed file name). + InvalidArgument Code = 3 + + // DeadlineExceeded means operation expired before completion. + // For operations that change the state of the system, this error may be + // returned even if the operation has completed successfully. For + // example, a successful response from a server could have been delayed + // long enough for the deadline to expire. + DeadlineExceeded Code = 4 + + // NotFound means some requested entity (e.g., file or directory) was + // not found. + NotFound Code = 5 + + // AlreadyExists means an attempt to create an entity failed because one + // already exists. + AlreadyExists Code = 6 + + // PermissionDenied indicates the caller does not have permission to + // execute the specified operation. It must not be used for rejections + // caused by exhausting some resource (use ResourceExhausted + // instead for those errors). It must not be + // used if the caller cannot be identified (use Unauthenticated + // instead for those errors). + PermissionDenied Code = 7 + + // ResourceExhausted indicates some resource has been exhausted, perhaps + // a per-user quota, or perhaps the entire file system is out of space. + ResourceExhausted Code = 8 + + // FailedPrecondition indicates operation was rejected because the + // system is not in a state required for the operation's execution. + // For example, directory to be deleted may be non-empty, an rmdir + // operation is applied to a non-directory, etc. + // + // A litmus test that may help a service implementor in deciding + // between FailedPrecondition, Aborted, and Unavailable: + // (a) Use Unavailable if the client can retry just the failing call. + // (b) Use Aborted if the client should retry at a higher-level + // (e.g., restarting a read-modify-write sequence). + // (c) Use FailedPrecondition if the client should not retry until + // the system state has been explicitly fixed. E.g., if an "rmdir" + // fails because the directory is non-empty, FailedPrecondition + // should be returned since the client should not retry unless + // they have first fixed up the directory by deleting files from it. + // (d) Use FailedPrecondition if the client performs conditional + // REST Get/Update/Delete on a resource and the resource on the + // server does not match the condition. E.g., conflicting + // read-modify-write on the same resource. + FailedPrecondition Code = 9 + + // Aborted indicates the operation was aborted, typically due to a + // concurrency issue like sequencer check failures, transaction aborts, + // etc. + // + // See litmus test above for deciding between FailedPrecondition, + // Aborted, and Unavailable. + Aborted Code = 10 + + // OutOfRange means operation was attempted past the valid range. + // E.g., seeking or reading past end of file. + // + // Unlike InvalidArgument, this error indicates a problem that may + // be fixed if the system state changes. For example, a 32-bit file + // system will generate InvalidArgument if asked to read at an + // offset that is not in the range [0,2^32-1], but it will generate + // OutOfRange if asked to read from an offset past the current + // file size. + // + // There is a fair bit of overlap between FailedPrecondition and + // OutOfRange. We recommend using OutOfRange (the more specific + // error) when it applies so that callers who are iterating through + // a space can easily look for an OutOfRange error to detect when + // they are done. + OutOfRange Code = 11 + + // Unimplemented indicates operation is not implemented or not + // supported/enabled in this service. + Unimplemented Code = 12 + + // Internal errors. Means some invariants expected by underlying + // system has been broken. If you see one of these errors, + // something is very broken. + Internal Code = 13 + + // Unavailable indicates the service is currently unavailable. + // This is a most likely a transient condition and may be corrected + // by retrying with a backoff. + // + // See litmus test above for deciding between FailedPrecondition, + // Aborted, and Unavailable. + Unavailable Code = 14 + + // DataLoss indicates unrecoverable data loss or corruption. + DataLoss Code = 15 + + // Unauthenticated indicates the request does not have valid + // authentication credentials for the operation. + Unauthenticated Code = 16 + + _maxCode = 17 +) + +var strToCode = map[string]Code{ + `"OK"`: OK, + `"CANCELLED"`:/* [sic] */ Canceled, + `"UNKNOWN"`: Unknown, + `"INVALID_ARGUMENT"`: InvalidArgument, + `"DEADLINE_EXCEEDED"`: DeadlineExceeded, + `"NOT_FOUND"`: NotFound, + `"ALREADY_EXISTS"`: AlreadyExists, + `"PERMISSION_DENIED"`: PermissionDenied, + `"RESOURCE_EXHAUSTED"`: ResourceExhausted, + `"FAILED_PRECONDITION"`: FailedPrecondition, + `"ABORTED"`: Aborted, + `"OUT_OF_RANGE"`: OutOfRange, + `"UNIMPLEMENTED"`: Unimplemented, + `"INTERNAL"`: Internal, + `"UNAVAILABLE"`: Unavailable, + `"DATA_LOSS"`: DataLoss, + `"UNAUTHENTICATED"`: Unauthenticated, +} + +// UnmarshalJSON unmarshals b into the Code. +func (c *Code) UnmarshalJSON(b []byte) error { + // From json.Unmarshaler: By convention, to approximate the behavior of + // Unmarshal itself, Unmarshalers implement UnmarshalJSON([]byte("null")) as + // a no-op. + if string(b) == "null" { + return nil + } + if c == nil { + return fmt.Errorf("nil receiver passed to UnmarshalJSON") + } + + if ci, err := strconv.ParseUint(string(b), 10, 32); err == nil { + if ci >= _maxCode { + return fmt.Errorf("invalid code: %q", ci) + } + + *c = Code(ci) + return nil + } + + if jc, ok := strToCode[string(b)]; ok { + *c = jc + return nil + } + return fmt.Errorf("invalid code: %q", string(b)) +} diff --git a/vendor/modules.txt b/vendor/modules.txt new file mode 100644 index 0000000..9ef72d6 --- /dev/null +++ b/vendor/modules.txt @@ -0,0 +1,38 @@ +# github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3 +github.com/btcsuite/btcd/btcec +github.com/btcsuite/btcd/chaincfg +github.com/btcsuite/btcd/txscript +github.com/btcsuite/btcd/wire +github.com/btcsuite/btcd/chaincfg/chainhash +github.com/btcsuite/btcd/connmgr +# github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f +github.com/btcsuite/btclog +# github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d +github.com/btcsuite/btcutil +github.com/btcsuite/btcutil/base58 +github.com/btcsuite/btcutil/hdkeychain +github.com/btcsuite/btcutil/bech32 +# github.com/davecgh/go-spew v1.1.1 +github.com/davecgh/go-spew/spew +# github.com/go-errors/errors v1.0.1 +github.com/go-errors/errors +# github.com/golang/protobuf v1.3.2 +github.com/golang/protobuf/proto +# github.com/lightningnetwork/lnd v0.7.1-beta-rc2 +github.com/lightningnetwork/lnd/zpay32 +github.com/lightningnetwork/lnd/lnwire +github.com/lightningnetwork/lnd/tor +# github.com/miekg/dns v0.0.0-20171125082028-79bfde677fa8 +github.com/miekg/dns +github.com/miekg/dns/internal/socket +# github.com/pkg/errors v0.8.1 +github.com/pkg/errors +# golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7 +golang.org/x/crypto/ripemd160 +golang.org/x/crypto/scrypt +golang.org/x/crypto/pbkdf2 +# golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 +golang.org/x/net/proxy +golang.org/x/net/internal/socks +# google.golang.org/grpc v1.18.0 +google.golang.org/grpc/codes