From 1dbc43b6027ad056130ac8e0ddad893ef2af3fd4 Mon Sep 17 00:00:00 2001
From: Sanjay Pujare <sanjaypujare@users.noreply.github.com>
Date: Fri, 8 Sep 2023 15:20:25 -0700
Subject: [PATCH 1/4] examples: add an example for OAuth

---
 examples/example-oauth/README.md              |  70 +++++
 examples/example-oauth/build.gradle           |  87 +++++++
 .../gradle/wrapper/gradle-wrapper.jar         | Bin 0 -> 60756 bytes
 .../gradle/wrapper/gradle-wrapper.properties  |   5 +
 examples/example-oauth/gradlew                | 240 ++++++++++++++++++
 examples/example-oauth/gradlew.bat            |  91 +++++++
 examples/example-oauth/pom.xml                | 126 +++++++++
 examples/example-oauth/settings.gradle        |   8 +
 .../io/grpc/examples/oauth/AuthClient.java    | 124 +++++++++
 .../io/grpc/examples/oauth/AuthServer.java    | 104 ++++++++
 .../java/io/grpc/examples/oauth/Constant.java |  37 +++
 .../oauth/ExampleOAuth2Credentials.java       |  50 ++++
 .../oauth/OAuth2ServerInterceptor.java        |  70 +++++
 .../src/main/proto/helloworld.proto           |  37 +++
 .../grpc/examples/oauth/AuthClientTest.java   | 120 +++++++++
 15 files changed, 1169 insertions(+)
 create mode 100644 examples/example-oauth/README.md
 create mode 100644 examples/example-oauth/build.gradle
 create mode 100644 examples/example-oauth/gradle/wrapper/gradle-wrapper.jar
 create mode 100644 examples/example-oauth/gradle/wrapper/gradle-wrapper.properties
 create mode 100755 examples/example-oauth/gradlew
 create mode 100644 examples/example-oauth/gradlew.bat
 create mode 100644 examples/example-oauth/pom.xml
 create mode 100644 examples/example-oauth/settings.gradle
 create mode 100644 examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java
 create mode 100644 examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthServer.java
 create mode 100644 examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java
 create mode 100644 examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java
 create mode 100644 examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java
 create mode 100644 examples/example-oauth/src/main/proto/helloworld.proto
 create mode 100644 examples/example-oauth/src/test/java/io/grpc/examples/oauth/AuthClientTest.java

diff --git a/examples/example-oauth/README.md b/examples/example-oauth/README.md
new file mode 100644
index 00000000000..012400b6864
--- /dev/null
+++ b/examples/example-oauth/README.md
@@ -0,0 +1,70 @@
+Authentication Example
+==============================================
+
+This example illustrates a simple OAuth2-based authentication implementation in gRPC using
+ server interceptor. It uses the Google OAuth2 library to create OAuth2 Credentials.
+
+The example requires grpc-java to be pre-built. Using a release tag will download the relevant binaries
+from a maven repository. But if you need the latest SNAPSHOT binaries you will need to follow
+[COMPILING](../../COMPILING.md) to build these.
+
+The source code is [here](src/main/java/io/grpc/examples/oauth). 
+To build the example, run in this directory:
+```
+$ ../gradlew installDist
+```
+The build creates scripts `auth-server` and `auth-client` in the `build/install/example-oauth/bin/` directory
+which can be used to run this example. The example requires the server to be running before starting the
+client.
+
+Running auth-server is similar to the normal hello world example and there are no arguments to supply:
+
+**auth-server**:
+
+The auth-server accepts optional argument for port on which the server should run:
+
+```text
+USAGE: auth-server [port]
+```
+
+The auth-client accepts optional arguments for server-host, server-port, user-name and client-id:
+
+**auth-client**:
+
+```text
+USAGE: auth-client [server-host [server-port [user-name [client-id]]]]
+```
+
+The `user-name` value is simply passed in the `HelloRequest` message as payload and the value of
+`client-id` is included in the OAuth2 access token passed in the metadata header.
+
+
+#### How to run the example:
+
+```bash
+# Run the server:
+./build/install/example-oauth/bin/auth-server 50051
+# In another terminal run the client
+./build/install/example-oauth/bin/auth-client localhost 50051 userA clientB
+```
+
+That's it! The client will show the user-name reflected back in the message from the server as follows:
+```
+INFO: Greeting: Hello, userA
+```
+
+And on the server side you will see the message with the client's identifier:
+```
+Processing request from clientB
+```
+
+## Maven
+
+If you prefer to use Maven follow these [steps](../README.md#maven). You can run the example as follows:
+
+```
+$ # Run the server
+$ mvn exec:java -Dexec.mainClass=io.grpc.examples.oauth.AuthServer -Dexec.args="50051"
+$ # In another terminal run the client
+$ mvn exec:java -Dexec.mainClass=io.grpc.examples.oauth.AuthClient -Dexec.args="localhost 50051 userA clientB"
+```
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
new file mode 100644
index 00000000000..ffbe8a53617
--- /dev/null
+++ b/examples/example-oauth/build.gradle
@@ -0,0 +1,87 @@
+plugins {
+    // Provide convenience executables for trying out the examples.
+    id 'application'
+    id 'com.google.protobuf' version '0.9.4'
+    // Generate IntelliJ IDEA's .idea & .iml project files
+    id 'idea'
+}
+
+repositories {
+    maven { // The google mirror is less flaky than mavenCentral()
+        url "https://maven-central.storage-download.googleapis.com/maven2/"
+    }
+    mavenLocal()
+}
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_1_8
+    targetCompatibility = JavaVersion.VERSION_1_8
+}
+
+// IMPORTANT: You probably want the non-SNAPSHOT version of gRPC. Make sure you
+// are looking at a tagged version of the example and not "master"!
+
+// Feel free to delete the comment at the next line. It is just for safely
+// updating the version in our release process.
+def grpcVersion = '1.59.0-SNAPSHOT' // CURRENT_GRPC_VERSION
+def protobufVersion = '3.24.0'
+def protocVersion = protobufVersion
+
+dependencies {
+    implementation "io.grpc:grpc-protobuf:${grpcVersion}"
+    implementation "io.grpc:grpc-stub:${grpcVersion}"
+    implementation "io.grpc:grpc-auth:${grpcVersion}"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.18.0"
+
+    compileOnly "org.apache.tomcat:annotations-api:6.0.53"
+
+    runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
+
+    testImplementation "io.grpc:grpc-testing:${grpcVersion}"
+    testImplementation "junit:junit:4.13.2"
+    testImplementation "org.mockito:mockito-core:3.4.0"
+}
+
+protobuf {
+    protoc { artifact = "com.google.protobuf:protoc:${protocVersion}" }
+    plugins {
+        grpc { artifact = "io.grpc:protoc-gen-grpc-java:${grpcVersion}" }
+    }
+    generateProtoTasks {
+        all()*.plugins { grpc {} }
+    }
+}
+
+// Inform IDEs like IntelliJ IDEA, Eclipse or NetBeans about the generated code.
+sourceSets {
+    main {
+        java {
+            srcDirs 'build/generated/source/proto/main/grpc'
+            srcDirs 'build/generated/source/proto/main/java'
+        }
+    }
+}
+
+startScripts.enabled = false
+
+task hellowWorldOauthServer(type: CreateStartScripts) {
+    mainClass = 'io.grpc.examples.oauth.AuthServer'
+    applicationName = 'auth-server'
+    outputDir = new File(project.buildDir, 'tmp/scripts/' + name)
+    classpath = startScripts.classpath
+}
+
+task hellowWorldOauthClient(type: CreateStartScripts) {
+    mainClass = 'io.grpc.examples.oauth.AuthClient'
+    applicationName = 'auth-client'
+    outputDir = new File(project.buildDir, 'tmp/scripts/' + name)
+    classpath = startScripts.classpath
+}
+
+application {
+    applicationDistribution.into('bin') {
+        from(hellowWorldOauthServer)
+        from(hellowWorldOauthClient)
+        fileMode = 0755
+    }
+}
diff --git a/examples/example-oauth/gradle/wrapper/gradle-wrapper.jar b/examples/example-oauth/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..249e5832f090a2944b7473328c07c9755baa3196
GIT binary patch
literal 60756
zcmb5WV{~QRw(p$^Dz<H#6;^E9wry+0wkoz!v2EKnEB2dnp51QS&)(;ryWbCEt<_q_
z%vf{Ij$i-xF_)Yq2q+W~5CjAe5D@>@00IL3?^hro$gg*4VI_WAaTyVM5Foj~O|-84
z$;0<Gf%j{m{PRR<ei?BQVMQf6X^~s$@i8e$TDlonNm{DO@u_+RhI!`ggFoZ6!{QUt
z6V&1~-=IzbM#=jH8kEiGq(%D$R6*#ZXeb3}Hx4%r-~MIAuSNdPR|Ea}Z0lh9Z{O;l
z=Rp5sj;Vvbk(KfPIu-fvQ(YbO?d*&l{_PMsht{<6ud70f1_VU)KOZ9c-;1gK^$(==
z&28umt@Irov(&)dP=-)Hz_S{P7xEnP!ichkxx$E~7}a_a2q8(l2>6hMwt*rV;^8iB
z1~&0XWp<s4<3+-8i_yvLp=2@>YJmG?Ts^K9PC62H*`G}xom%S%yq|xvG~FIfP=9*f
zZo<U;yqPuzvK$}+n^LL;n^MT#U2$-W#`#sg?M@{@(gHfAYL^m#{&XY2t3v`wuX2Ob
zJ|E-g(=OFBrmQ4BNYySt*Qqd2Zl}{zt~_o(QZ0X@(Jm9-p$YdmymL==Ie?AQJ`?lf
z`Njkl*jD~p1=ZOtBV40hyN64OCJFd*fD3i~XsAso=-LMLs^|UBS%-sLHqPeN5cpej
zP96&U@H4ow7X*CS6N3Vk2xHMM5uO4=)iyB|+fIBqm)%MXwL_oiyPH}M@t<2mhnqdB
zpZ>DRJBm*Y0aId=qJ?7dyb)6)JGWGwe)MHeNSzhi)Ko6J<-m@v=a%NsP537lHe0R*
z`If4$aaBA#S=w!2z&m>{lpTy^Lm^mg*3?M&7HFv}7K6x*cukLIGX;bQG|QWdn{%_6
zHnwBKr84#B7Z+AnBXa16a?or^R?+>$4`}{*a_>IhbjvyTtWkHw)|ay)ahWUd-qq$~
zMbh6roVsj;_qnC-R{G+Cy6bApVOinSU-;(DxUEl!i2)1EeQ9`hrfqj(nKI7?Z>Xur
zoJz-a`PxkYit1HEbv|jy%~DO^13J-ut986EEG=66S}D3!L}Efp;Bez~7tNq{QsUMm
zh9~(HYg1pA*=37C0}n4g&bFbQ+?-h-W}onYeE{q;cIy<G6>%eZK9wZjSwGvT+&Cgv
z?~{9p(;bY_1+k|wkt_|N!@J~aoY@|U_RGoWX<;p{Nu*D*&_phw`8jYkMNpRTWx1H*
z>J-Mi_!`M468#5Aix$$u1M@rJEIOc?k^QBc?<b59)xNczO{#+_)9&wFZVex;^4Vl#
z>T(#=n&*5eS#u*Y)?L8Ha$9wRWdH^3D4|Ps)Y?m0q~SiKiSfEkJ!=^`lJ(%W3o|CZ
zSrZL-Xxc{OrmsQD&s~zPfNJOpSZUl%V8tdG%ei}lQkM+z@-4etFPR>GO<GhYd~TtJ
zwBkK^Mf~X+_zkRIz?y=<$$)%45zt~zJgiQCTcppoxe=pu88AJHVU3fzN(qJSGX29E
zfbGs2RA>H9+Y_F<3=~SXln9Kb-o~f>2a6Xz@AS3cn^;c_>l<hcV+2`3y`U@%b10Ti
zcsAuz3qW@}1&hcn9e|iQZ-*nRdQA=6HE0WZ=-IqLdFH?}s(4A4Su|ovlG8OIY!~1g
zV*}qrf+P~DZYbWlHL~*vJjRpSRBJ|RB}1Yk#lDowyB!0p;et0q>UwlK(n>z?A>NbC
z`Ud8^aQy>wy=$)w;JZzA)_*Y$Z5hU=KAG&htLw1Uh00yE!|Nu{<IBoPg2E_>EZkch
zY9O6x7Y??>!7pUNME*d!=R#s)ghr|R#41l!c?~=3CS8&zr6*aA7n9*)*PWBV2w+&I
zpW1-9fr3j{VTcls1><EmORLr6^_*km(FaYTm!{FpN(j*&ipG9#Bx7MzETdKx3MQix
zP9g$MFZr%m`tSm-g<Nl^j9AagC^~K|67C*eGSlxRu0?PgNMupvPEj}+ToIMPS(h_Y
z=br$^g2gKPI4Ilij?qSjH4rcN?$oLnmWI|kQy-!uDx_L8FFnwQg1LxHyC}zG(tlAZ
zH8z|S<;cL4*pQkj32mX3%Ut({&Q<B&y6N^XSz#?>ua}F*bbju_Xq%^v;-W~paSqlf
zolj*dt`BBjHI)H9{zrkBo<O`!SS6B=LKl>=B%>8}4jeBO<T-1a7W52S<GA6)qpHuH
zr-%V#6TJ~zK#}#SZ%KJiS%=&s@yJ4k(HVsTu!ro=zMmxYi)tO}vgJ_O50@u`M|%Ri
zphwWiXYN$*r|>~kWqO!~Thi!I1H(in=n^fS%nuL=X2+s!p}HfTU#NBGiwEBF^^tKU
zbhhv+0dE-sbK$>J#t-J!B$TMgN@Wh5wTtK2BG}4BGfsZOoRUS#G8Cxv|6EI*n&Xxq
zt{&OxCC+BNqz$9b0WM7_PyBJEVObHFh%%`~!@MNZlo*oXDCwDcFwT~Rls!aApL<)^
zbBftGKKBRhB!{?fX@l2_y~%ygNFfF(XJzHh#?`WlSL{1lK<Z@o#;*SdVGNH>T*gJM
zs>bd^H9NCxqxn(IOky5k-wALFowQr(gw%|`0991u#9jXQh?4l|l>pd6a&rx|v=fPJ
z1mutj{YzpJ_gsClbWFk(G}bSlFi-6@mwoQh-XeD*j@~huW4(8ub%^I|azA)h2t#yG
z7e_V_<4jlM3D(I+qX}yEtqj)cpzN*oCdYHa!nm%0t^wHm)EmFP*|FMw!tb@&`G-u~
zK)=Sf6z+BiTAI}}i{*_Ac$ffr*Wrv$F7_0gJkjx;@)XjYSh`RjAgrCck`x!zP>Ifu
z&%he4P|S)H*(9oB4uvH67^0}I-_ye_!w)u3v2+EY>eD3#8QR24<;7?*hj8k~rS)~7
zSXs5ww)T(0eHSp$hEIBnW|Iun<_i`}VE0Nc$|-R}wlSIs5pV{g_Dar(Zz<4X3`W?K
z6&CAIl4U(Qk-tTcK{|zYF6QG<GoVw~LX_9wmCyLIg5HrC)J9)r!7|t}PwF9G3L#(i
znq(TLP8w3<iIfL!hDIR3?YNM8r9A6!N(o8YBZ@w;24dkA6!cN#{d&#a!)STfC3#`w
zn~!m@(Thc7Y<7g`lPf7tavkY|IpA1z!Xc-);I@t+8Vv2n<pCz^dd3h3=M+#Ee$$px
z67Z%5xz9Jl=z|J4Mo=+AB<rDYZ9L~g-KY{Q-jka~-Ae^NqTXdE>5ArrEB!;5s?tW7
zrE3hcFY&k)+)e{+YOJ0X2uDE_hd2{|m_dC}kgEKqiE9Q^A-+>2UonB+L@v3$9?AYw
zVQv?X*pK;X4Ovc6Ev5Gbg{{Eu*7{N3#0@9oMI~}KnObQE#Y{&3mM4`w%wN+xrKYgD
zB-ay0Q}m{QI;iY`s1Z^NqIkjrTlf`B)B#M<jM!$tg=k5lp}=|!gJ`-A3NITdMu8RC
zj1XQSG|ZmbdcDW!n80TC;X9x@;5D9oK%Ld~mq|EemE{}fSaq-zyX$@FTX}$Oc0g22
zzETfvk4&(H@-vz=*ZPqWh};?ig{1!LM(TkY4LO&>ajZ#9u41oRBC1oM1vq0i|F59>
z#StM@bHt|#`2)cpl_rWB($DNJ3Lap}QM-+A$3pe}NyP(@+<iN(x4wVJ+_gbEd-^Zb
zWBwY%U*j*Br2PjW(*8Hx+37o((b+lJej%fixv?WP#pslTG#zE5G`)n>i1>o^<jA}~
z(^v!&G?YSwQv@?ogo0voxWugllcS<_%l`tol>fe-oxX#<wXu`21Fg;1yW>Bt`mcQc
zb?pD4W%#ep|3%CHAYnr*^M6Czg>~L4?l16H1OozM{P*en298b+`i4$|w$|4AHbzqB
zHpYUsHZET$Z0ztC;U+0*+amF!@PI%^oUIZy{`L{%O^i{Xk}X0&nl)n~tVEpcAJSJ}
zverw15zP1P-O8h9nd!&hj$zuwjg?DoxYIw{<nX*|aXj4I;Pv(W_%0{1!UxR7=>jWM
zW5_pj+wF<yrjE;j>y8Tsa9g<7Qa21WaV&;ejoYflRKcz?#fSH_)@*QVlN2l4(QNk|
z4aPnv&mrS&0|6NHq05XQw$J^RR9T{3SOcMKCXIR1iSf+xJ0E_Wv?jEc*I#ZPzyJN2
zUG0UOXHl+PikM*&g$U@g+KbG-RY>uaIl&DEtw_Q=FYq?etc!;hEC_}UX{eyh%dw2V
zTTSlap&5>PY{6I#(6`j-9`D&I#|YPP8a;(sOzgeKDWsLa!i-$frD>zr-oid!Hf&yS
z!i^cr&7tN}OOGmX2)`8k?Tn!!4=tz~3hCTq_9CdiV!NIblUDxHh(FJ$zs)B2(t5@u
z-`^RA1ShrLCkg0<B?}_ts1DQjgp}W5VwQK_f$?l4FP6>)OhfoM;4Z{&oZmAec$qV@
zGQ(7(!CBk<5;Ar%DLJ0p0!ResC#U<+3i<|vib1?{5gC<oG^96_Cm0(UK10{w?+e+7
zEH(oxs^u==fa{@(*SXRYQr1OsHi@`@+xSt3wKAa_>ebG7$F7URKZXuX-2WgF>YJ^i
zMhHDBsh9PDU8dlZ$yJKtc6JA#y!y$57%sE>4Nt+wF1lfNIWyA`=hF=9Gj%sRwi@vd
z%2eVV3y&dvAgyuJ=eNJR+*080dbO_t@BFJO<@&#yqTK&+xc|FRR;p;KVk@J3$S{p`
zGaMj6isho#%m)?pOG^G0mzOAw0z?!AEMsv=0T>WWcE>??WS=fII$t$(^PDPMU(P>o
z_*0s^W#|x)%tx8jIgZY~A2yG;US0m2ZOQt6yJqW@XNY_>_R7(Nxb<qz*Zby*O0$bc
z&bwd!3N`yA)-yDGrw923g#%FdDs9(c!1zBe1RB8u-MYi3o@&Spv(9|!3<U?#VR{nH
z(>8Ged6BdYW6{prd!|zuX$@Q2o6Ona8zzYC1u!+2!Y$Jc9a;wy+pXt}o6~Bu1oF1c
zp7Y|SBTNi@=I(K%A60PMjM#sfH$y*c{xUgeSpi#HB`?|`!Tb&-qJ3;vxS!TIz<?2E
z;?m$vD?eW$Ky=1Yq)adqhc?p&C{7b5o?=)unOeZDH>uTZs-&%#bAkAyw9m4PJgvey
zM5?up*b}eDEY+#@tKec)-c(#QF0P?MRlD1+7%Yk*jW;)`f;0a-ZJ<A1MM6Y&2Bjrl
znqSWxYPQP0xd?S^aF>6CQA?E%>i2Dt7T9?s|9ZF|KP4;CNWvaVK<?o_JIw;}zDT`U
z8L9-eX*7(^ut$2QBvx;9WC*DK4d0Kl9Aoah9FvKFLU*E)t<DB)E+Hfy@{d<s5TtbK
z3@*SWX?`UQ;LR6RwJlyE3z}ZE!swzdANx@XuTjkujJwae)D4vw=Dql$%nf#rij0A7
zPZHIZfP9Y{HHIH6!OIl6HIjQP7s$4hLQfM=Y5?9w6~3&f-&54yS(z79jhWNyU*0R2
z2LGB!DxIQ?IKWc4-r|9{@l3idCG70wl#Y>Z+Qeut;Jith_y{v*Ny6Co6!8MZx;Wgo
z=qAi%&S;8J{iyD&>3CLCQdTX*$+Rx1AwA*D_J^0>suTgBMBb=*hefV+Ar<cd*@2&D
z8;>s#mmr+YsI3#!F@Xc1t4F-gB@6aoyT+5O(qMz*zG<9Qq*f0w^V!03rpr*-WLH};
zfM{xSPJeu6D(%8HU%0GEa%waFHE$G?FH^kMS-&I3)ycx|iv{T6Wx}9$$D&6{%1N_8
z_CLw)_9+O4&u94##vI9b-HHm_95m)fa??q07`DniVjAy`t7;)4NpeyAY(aAk(+T_O
z1om+b5K2g_B&b2DCTK<>SE$Ode1DopAi)xaJjU>**AJK3hZrnhEQ9E`2=|HHe<^tv
z63e(b<X3pR+d94@m}tS^Z3?)AN+iBxpwZ<D7`?_tGq?BO;qYoIK%|`4<lnL)z<I(0
zu_t<sVb~sefyW>n#fMWuz>4erc47}!J>U58%<&N<6AOAewyzNTqi7hJc|X{782&cM
zHZYclNbBwU6673=!ClmxMfkC$(CykGR@10F!zN1S<PPl%@(Hn|^OfVI^X@u=eB4LB
zU*t+xZ0wF<m*ErqYAYp>e83LR&a~$Ht&>~43OX22mt7tcZUpa;9@q}KDX3<tKWF1f
zxw`aDW9rcd*xv(|cjctJ=r<rB$*=tRKjhAT3QznFrq0&JHcrBBhQ@YI=C=P(hmztZ
zBtRHZf@NQr^M5yLSW}<&UN$I$ud6^2LG^C;CST5(r;3;$jf|I6ACztPf?wzMlh7(R
zK$zGkcsg9U$_~E{oniYivq)0tjRjewJEOw_A7w)SdVn|$`QY&`&=C?ozE>O&Ugp6<
zLZLfIMO5;pTee1vNyVC$FGxzK2f>0Z-6hM82zKg44nWo|n}$Zk6&;5ry3`(JFEX$q
zK&KivAe${e^5ZGc3a9hOt|!UOE&OocpVryE$Y4sPcs4rJ>>Kbi2_subQ9($2VN(3o
zb~tEzMsHaBmBtaHAyES+d3A(qURgiskSSwUc9CfJ@99&MKp2sooSYZu+-0t0+L*!I
zYagjOlPgx|lep9tiU%ts&McF6b0VE57%E0Ho%2oi?=Ks<h7|XGdLNwTI)ib?N6{Eu
z;h2l5*eV93*R)?j|9)5Mw{~AJzwV0Z*IoH9lKK|_`lq|{FC-HsFD==}hu}T8I5=Nj
zMm|Nv0wu!DR!AT$4?#iVwpDaiN4hcWqWH4L{RHwRzsnYkBn73d=5jdE`3OkM-m10*
zdSrK<cD9qSi<hEpW()G6&#VKxRV)hnG-x*2O9Ur9cji6_gKVb~I_9QB{xCNxI)s~q
zuptRHAY00`Qzhr7(2tu@2-Cypx8Giobh`{rL+hNjig(}@FZ>+5%aj#au^OBwNwhec
zta6QAeQI^V!dF1C)>RHAmB`HnxyqWx?td@4sd15zPd*Fc9hpDXP23kbBenBxGeD$k
z;<D{TYW<{z_^}oSud&ZuHEyD44V>%0VBQEJ-C)&dTAw_yW@k0u?IUk*NrkJ)(XEeI
z9Y>6Vel>#s_v@=@0<{4A{p<R|0RfTyuh&=hpG-YVMbi~o8Dk@%D2pXcC$zylS8Jch
zTmbubLr&$o2Hk+p^ded~#GH{7cu^WdnjPYm>l=9cQ&Iah0iD0H`q)7NeCIRz8zx;!
z^OO;1+IqoQNak&pV`qKW+K0^Hqp!~gSohcyS)?^P`JNZXw@gc6{A3OLZ?@1Uc^I2v
z+X!^R*HCm3{7JPq{8*Tn>5;B|X7n4QQ0Bs79uTU%nbqOJh`nX(BVj!#f;#J+WZxx4
z_yM&1Y`2XzhfqkIMO7tB3raJKQS+H5F%o83bM+hxbQ<YF8%f26g@w6?b)_6@vyLk>
zeeJm=Dvix$2j|b4?mDacb67v-1^lTp${z=jc1=j~QD>7c*@+1?py>%Kj%Ejp7Y-!?
z8iYRUlGVrQPandAaxFfks53@2EC#0)%mrnmGRn&>=$H$S8q|kE_iWko4`^vCS2aWg
z#!`RHUGyOt*k?bBYu3*j3u0gB#v<VSU``i9)i((*A4_MYpA70V(O^YWl0>(3tsije
zgIuNNWNtrOkx@Pzs;A9un+2LX!zw+p3_NX^Sh09HZAf>m8l@O*rXy_82aWT$Q>iyy
zqO7Of)D=wcSn!0+467&!Hl))eff=$aneB?R!YykdKW@k^_uR!+Q1tR)+IJb`-6=jj
zymzA>Sv4>Z&g&WWu#|~GcP7qP&m*w-S$)7Xr;(duqCTe7p8H3k5>Y-n8438+%^9~K
z3r^LIT_K{i7DgEJjIocw_6d0!<;wKT`X;&vv+&msmhAAnIe!OTdybPctzcEzBy88_
zWO{6i4YT%e4<cORn@|6PX^%-74fBfvI*qb65lguos^u7L67Q8>^WQZB)KHCvA(0tS
zHu_Bg+6Ko%a9~$EjRB90`P(2~6uI@SFibxct{H#o&y40MdiXblu@VFXbhz>Nko;7R
z70Ntmm-FePqhb%9gL+7U8@(ch|JfH5Fm)5${8|`Lef>LttM_iww6LW2X61ldBmG0z
zax3y)njFe>j*T{i0s8D4=L>X^j0)({R5lMGVS#7(2C9@AxL&C-lZQx~czI7Iv+{%1
z2<eOr>hEG>RzX4S8x3v#9sgGAnPzptM)g&LB}@%E>fy0vGSa(&q0ch|=ncK<Ys%|-
z$8{E%Rw4?D_8re!3!SBF?$73?o3k7+`5vm8pITte_z3-f7CoPck#W)v4slR3Zzqx8
zNVDE$E-!|FmIAfj{mDQ%vc<UpiEaVi&qHP&p?bTbEWARJ?xHePge3YNpI92C>jNrK
z`jA~jObJhrJ^ri|-)J^HUyeZXz~XkBp$VhcTEcTdc#a2EUOGVX?@mYx#Vy*!qO$Jv
zQ4rgOJ~M*o-_Wptam=~krnmG*p^j!JAqoQ%+YsDFW7Cc9M%YPiBOrVcD^RY>m9Pd<
zu}#9M?K{+;UIO!D9qOpq9yxUquQRmQNMo0pT`@$pVt=rMvyX)ph(-CCJLvUJy71DI
z<CI*+r=tVTlgn@b%PV`RM<s@b7^3<nL0kgliJ>Bk7oc7)-%ngdj~s@76Yse3L^gV0
z2==qfp&Q~L(+%RHP0n}+xH#k(hPRx(!AdBM$JCfJ5*C=<wG1tvhicE*gpY`ZCMnhj
z1G=jh5z6O!^6nUl+c3`w0_ln^hFS56L}g>K3ts>P?@@SZ_+{U2qFZb>4kZ{Go37{#
zSQc+-dq*a-Vy4?taS&{Ht|MLRiS)Sn14JOONyXqPNnpq&2y~)6wEG0oNy>qvod$FF
z`9o&?&6uZjhZ4_*5qWVrEfu(>_n2Xi2{@Gz9MZ8!YmjYvIMasE9yVQL10NBrTCczq
zcTY1q^PF2l!Eraguf{+PtHV3=2A?Cu&NN<O6VN>&a8V(y;q(^_mFc6)%Yfn&X&~Pq
zU1?qCj^LF(EQB1F`8NxNjyV%fde}dEa(Hx=r7$~ts2dzDwyi6ByBAIx$NllB4%K=O
z$AHz1<2bTUb>(MCVPpK(E9wlLElo(aSd(Os)^Raum`d(g9Vd_+Bf&V;l=@mM=cC>)
z)9b0enb)u_7V!!E_bl>u5nf&Rl|2r=2F3rHMdb7y9E}}F82^$Rf+P8%dKnOeKh1vs
zhH^P*4Ydr^$)$h@4<HY{kkgz6jX&Mdasz@VEoye!fw>KVzxrHyy#cKmWEa9P5DJ|-
zG;!Qi35Tp7XNj60=$!S6U#!(${6hyh7d4q=pF{`0t|N^|L^d8pD{O9@tF~W;#Je*P
z&ah%W!KOIN;SyAEhAeTafJ4uEL`(RtnovM+cb(O#>xQnk?dzAjG^~4$dFn^<@-Na3
z395;wBnS{t*H;Jef2eE!2}u5Ns{AHj>WYZDgQJt8v%x?9{MXqJsGP|l%OiZqQ1aB!
z%E=*Ig`(!tHh>}4_z5IMpg{49UvD*Pp9!pxt_gdAW%sIf3k6CTycOT1McPl=_#0?8
zVjz8Hj*Vy9c5-krd-{BQ{6Xy|P$6L<o)r^R5`ZQ`GQhYqfOupFa9l!9lz>JvMuX$*
zA+@I_66_ET5l2&gk9n4$1<ixm5Z@RUb^v5fP{&E>M3LN8(yEV<DNCy-M+F%4k9cS;
zC^^RKH!iKb*+NTZ($+>iRx&mtd#LD}AqEs?RW=xKC(OCWH;~>(X6h!uDxXIPH06xh
z*`F4cVlbD<GpM@G3X6T;YA>P`A)-fzf>MuScYsmq&1LUMGaQ3bRm6i7OsJ|%uhTDT
zlvZA1M}nz*SalJWNT|`dBm1$x<Um4i*)m*aUZO##LwDk6q63h|IW;0Cr>laA>CCiQ
zK`xD-RuEn>-`Z?M{1%@wewf#8?F|(@1e0+T4>nmlSRrNK5f)BJ2H*$q(H>zGD0>eL
zQ!tl_Wk)k*e6v^m*{~A;@6+JGeWU-q9>?+L_#UNT%G?4&BnOgvm9@o7l?ov~XL+et
zbGT)|G7)KAeqb=wHSPk+J1bdg7N3$vp(ekjI1D9V$G5Cj!=R2w=3*4!z*J-r-cyeb
zd(i2KmX!|Lh<K2eIYJREpvNMi&Z#7*f45@XYFPFRp`27wgA7b{lxe_pm*^6y<RLhc
z8e%Fbj59XhBop+|s8G!j;y`1~`5Wy@K-#-nr2&8P(UZtm7KDzi`O}$kr#>ey!snRw
z?#$Gu%S^SQEKt&kep)up#j&9}e+3=JJBS(s>MH+|=R(`8xK{mmndWo_r`-w<m*k89
zcV!Q$3TQF>1#SeRD&YtAJ#GiVI*TkQZ}&aq<+bU2+coU3!jCI6E+Ad_xFW*ghnZ$q
zAoF*i&3n1j#?B8x;kjSJD${1jdRB;)R*)Ao!9bd|C7{;iqDo|T&>KSh6*hCD!rwv=
zyK#F@2+cv3=|S1Kef(E6Niv8kyLVLX&e=U;{0x{$tDfShqkjUME>f8d(5nzSkY6@!
z^<s1zrx%Y{GxOAQiaP`zX4pWwf(3Q?%k(n<-*ko(!rd%~BRbzOMd+_y^a4+aH{F5%
zJscHc3gzd06%1tHe@VXo_oCsSee^HDb^OaWE0e5ck@*pZK0RqW9B3O#2!5)9`cvEa
zg%b@5T@#X^O2>-0>DM)wa&%m#UF1F?zR`8Y3X#tA!*7Q$P3lZJ%*KNlrk_uaPkxw~
zxZ1qlE;Zo;nb@!SMazSjM>;34ROOoygo%SF);LL>rRonWwR>bmSd1XD^~sGSu$Gg#
zFZ`|yKU0%!v07dz^v(tY%;So(e`o{ZYTX`hm;@b0%8|H>VW`*cr8R%<Wzeb1B(_7j
zj%jg9z(<Muj+rwUU3J`9Kkr9fxe1hx2`oE|97F-6%bXb;NK9gbaH21ZD{h@XeCBlS
zTkbMM03Wrp)E~*3bm**>3n|ehw2`(9B+V72`>SY}9^8oh$En80mZK9T4abVG*to;E
z1_S6bgDOW?!Oy1LwYy=w3q~KKdbNtyH#d24PFjX)KYMY93{3-mPP-H>@M-_>N~DDu
zENh~reh?JBAK=TFN-SfDfT^=+{w4ea2KNWXq2Y<;?(gf(FgVp8Zp-oEjKzB<XiW@L
z4DJ=*jZ)bsSD44~x>%2Iqj;48GmY3h=bcdYJ}~&4tS`Q1sb=^emaW$IC$|R+r-8V-
zf0$gGE(CS_n4s>oicVk)MfvVg#I>iDvf~Ov8bk}sSxluG!6#^Z_zhB&U^`eIi1@j(
z^CK$z^stBHtaDDHxn+R;3u+>Lil^}fj?7eaG<FRml8CUEBOnAV8CmKw;V=T((V6h(
z;KHNVT}hTA4oyjv0NUAbK-AxArk$+6ITFf=ABoS3b^1vXdN5Y3$j$Gn7L0qB<*F>B
z&5nl^STqcaBxI@v>%zG|j))G(rVa4aY=B@^2{TFkW~YP!8!9TG#(-nOf^^X-%m9{Z
zCC?iC`G-^RcBSCuk=Z`(FaUUe?hf3{0C>>$?<OA^A&va@m6n{p_RDbpCmC44*u>Vs
z`2Uud9M+T&KB6o4o9kvdi^Q=Bw!asPdxbe#W-Oaa#_NP(qpyF@bVxv5D5))srkU#m
zj_KA+#7sqDn*Ipf!F5Byco4HOSd!Ui$l94|IbW%Ny(s1>f4|Mv^#NfB31N~kya9!k
zWCGL-$0ZQztBate^fd>R<KTx+Kn<12wUG%9I!9v@uJ1RK?y>!hXY_N9ZjYp3V~4_V
z#eB)Kjr8yW=+oG)BuNdZG?jaZlw+l_ma8aET(s+-x+=F-t#Qoiuu1i`^x8Sj>b^U}
zs<v<BrDUuc#V%G@XYC{+Sg}|bZ*&$Xmy?7Y(n?p_lr<7QNavDlGr?4z!qaMY=`TAM
zFH`)mW};}4R%}`-v*@TwSk0p!c2gBZF<0Y~yAY5urGWuSR(DcbqvUph8QXsf(x2A!
z>^z<()YMFP7CmjUC@M=&lA5W7t&cxTlzJAts*%PBDAPuqcV5o7HEnqjif_7xGt)F%
zGx2b4w{@!tE)$p=l3&?Bf#`+!-RLOleeR<bP1HAuJwpA7V6w3e&7FnVSAlVevD>k3
z7#pF|w@6_sBmn1nECqdunmG^}pr5(ZJQVvAt$6p3H(16~;vO>?sTE`Y+mq5YP&PBo
zvq!7#W$Gewy`;%6o^!Dtjz~x)T}Bdk*BS#=EY=ODD&B=V6TD2z^hj1m5^d6s)D*wk
zu$z~D7QuZ2b?5`p)<Zk5N<LwAw|NY@XF!9G7+>E8e2_L38v3WE{V`bVk;6fl#o2`)
z99JsWhh?$oVRn@$S#)uK&8DL8>An0&S<%V8hnGD7Z^;Y(%6;^9!7kDQ5bjR_V+~wp
zfx4m3z6CWmmZ<8gDGUyg3>t8wgJ5NkkiEm^(sedCicP^&3D%}6LtIUq>mXCAt{9eF
zNXL$kGcoUTf_Lhm`t;hD-SE)m=iBnxRU(NyL}f6~1uH)`K!hmYZjLI%H}AmEF5RZt
z06$wn63<H*D^}!!_~!rctzB?W+<x$IW(W<z1pS(B1aK00$0*UbQ&o~2AGrgPX{+%L
zjpNNy?injFg0d#OC9*3D`YWIJp4knE9&uEHc=jswzMs5P)Ct~!Qhd!W;4aD36N5rn
zR-$WHi87V$r>GHnApHXZZJ}s^s)j9(BM6e*7IBK6Bq(!)d~zR#rbxK9NVIlgquoMq
z=eGZ9NR<I_0;qaLkr^sqs*eI>!SEqP6=9UQg#@!rtbbSBUM#ynF);zKX+|!Zm}*{H
z+j=d?<x8+W+YzUX8`Wzx$M0@ats$ISI!}Y&e$baoEyt_PL67D-!l9jd$-U47GPlhn
zFZ(p{^KerTig5@++3nwFz)bDI^Rg#*4JrNT%{~<3KmSD&ZJ;XGkp4=fS6_`Bk^dyB
z2<kf;i`zIF+c=s#nY$P(Iysozn0`U;e|0>aZ2!?@EL7C~%B?6ouCKLnO$uWn;Y6Xz
zX8dSwj732u(o*U3F$F=7xwxm>E-B+SVZH;O-4XPuPkLSt_?S0)lb7EEg)Mglk0#eS
z9@jl(OnH4juMxY+*r03VDfPx_IM!Lmc(5hOI;`?d3<n0O2)hcsP_2=f#ul^%8WEjH
z_45k7p1r2G5<EoD-7_hh0-~>7f>jPP$?9jQQIQU@i4vuG6MagEoJrQ=RD7xt@8E;c
z<Z~cp<{k@e+=yUE(YejRT8|zYjy+~C+(wP9bf2{6?hB`L=aUc<odY()WVr`t9nSc0
zAeWGRrle!<ccgxgu=eN|0Q>eGV*+Pt+t$@pt!|McETOE$9k=_C!70uhwRS9X#b%ZK
z%q(TIUXSS^F0`4Cx?Rk07C6wI4!UVPeI~-fxY6`YH$kABdOuiRtl73MqG|~AzZ@<e
z70bZ1Xfg@ML9rX@!O{Xhvx6+$D#ej982$eGa_sxL;&>iL&^s?24iS;RK_pdlWkhcF
z@Wv-Om(Aealfg)D^adlXh9Nv<v-}opkLv5Ft~N;ilf%n_18GR>f~Uf@y;g3Y)i(YP
zEXDnb1V}1pJT5ZWyw=1i+0fni9yINurD=EqH^ciOwLUGi)C%Da)tyt=zq2P7pV5-G
zR7!oq28-Fgn5pW|<Sr(TR-f}>nlu^b!S1Z#r7!Wtr{5J5PQ>pd+2P7RSD?>(U7-|Y
z7ZQ5lhYIl_IF<9?T9^IPK<(Hp;l5bl5tF9>X-zG14_7PfsA>6<$~A338iYRT{a@r_
zuXBaT=`T5x3=s&3=RYx6NgG>No4?5KFBVjE(swfcivcIpPQFx5l+O;fiGsOrl5teR
z_Cm+;PW}O0Dwe_(4Z@XZ)O0W-v2X><&L*<~*q3dg;bQW3g7)a#3KiQP>+qj|qo*Hk
z?57>f2?f@`=Fj^nkDKeRkN2d$Z@2eNKpHo}ksj-$`QKb6n?*$^*%Fb3_Kb<??RAja
zk0V>f1(*W9K>{L$mud2WHJ=j0^=g30Xhg8$<s&?w=aRQaO9t&giJ1(RsSL3%_cC6M
z*CW9(Zh9c_42B<|)&oM^-GzGdz1}f&d3F5BYqWb4q+Sw(ib=VNbJPT@^wT=3tW(7y
zrx1-UKq0(c(u-_d3s{C`aQ&0%#$*~vtZCzBHFqiV3;VEe=EsFn^iO}7H|DQJkk9H;
zB0P{n&~U<*$_g%{-r&>#g^?36`p1fm;;1@0Lrx+8t`?vN0ZorM<NTJbjJv2{-dI;>
zS<hDSyFi<GVb++PZX@XtOI*=$j*U@=`@o~{Gi!F-NK(%gyI#{g6|hETm*WG_p}s8L
zjZRCuf%OK?g`?(Q%o?EJIq8XN^)7E@6pk&Uqpm7^VOiV00>W?rhjCE8$C|@p^sXdx
z|NOHHg+fL;HIlqyLp~SSdIF`TnSHehNCU9t89yr@)FY<~hu+X`tjg(aSVae$wDG*C
zq$nY(Y494R)hD!i1|IIyP*&PD_c2FPgeY)&mX1qujB1VHPG9`yFQpLFVQ0>EKS@Bp
zAfP5`C(sWGLI?AC{XEjLKR4FVNw(4+9b?kba95ukgR1H?w<8F7)G+6&(zUhIE5Ef%
z=fFkL3QKA~M@h{nzjRq!Y_t!%U66#L8!(2-GgFxkD1=JRRqk=n%G(yHKn%^&$dW>;
zSjAcjETMz1%205se$iH_)ZCpfg_LwvnsZQAUCS#^FExp8O4CrJb6>JquNV@qPq~3A
zZ<6dOU#6|8+fcgiA#~MDmcpIEaUO02L<Rkl`=Q>5#T$HV0$EMD94HT_eXLZ2Zi&(!
z&5E>%&|FZ`)CN10tM%tLSPD*~r#--K(H-CZqIOb99_;m|D5wdgJ<1iOJz@h2Zkq?}
z%8_KXb&hf=2Wza(Wgc;3v3TN*;HTU*q2?#z&tLn_U0Nt!y>Oo>+2T)He6%XuP;fgn
z-G!#h$Y2`9>Jtf}hbVrm6D70|ERzLAU>3zoWhJmjWfgM^))T+2u$~5>HF9jQDkrXR
z=IzX36)V75PrFjkQ%TO+iqKGCQ-DDXbaE;C#}!-CoWQx&v*vHfyI>$HNRbpvm<`O(
zlx9NBWD6_e&J%Ous4yp~s<!5el5C5+U(6q$naw*;HMpy|CU=dglNI1EQ%|HQk4H*H
z4vZmq8i&o(xLex%_9CXr+V#E5;>6)Ghni!I6)0W;9(9$y1wWu`$gs<$9Mcf$L*piP
zPR0Av*2%ul`W;?-1_-5Zy0~}?`e@Y5A&0H!^ApyVTT}BiOm4GeFo$_oPlDEyeGBbh
z1h3q&Dx~GmUS|3@4V36&$2uO8!Yp&^pD7J5&TN{?xphf*-js1fP?B|`>p_K>lh{ij
zP(?H%e}AIP?_i^f&Li=FDSQ`2<P4}YJBR3<86=L)lNLn?n<UqJ){hazu7oE1W<WpM
zkEayA#3<YDk5vng9{R3EwAsH9RNs3PX=z8hou#I@lclzVbk)C_>_NWxL+BB=nQr=$
zHojMlXNGauvvwPU>ZLq!`bX-5F4jBJ&So{kE5+ms9UEYD{66!|k~3vsP+mE}x!>%P
za98bAU0!h0&ka4EoiDvBM#CP#dRNdXJcb*(%=<(g+M@<)DZ!@v1V>;54En?igcHR2
zhubQMq}VSOK)onqHfc<PBSX0Qkle<U&d;N1BT|$4=Uqpo2tm04^j~@drYI0P7duc%
zes@lg1;1w}#p3u@$yb(xFl7Q9B8k2c_rQZ?>zM7YA@s=9*ow;k;8)&?J3@0JiGcP!
zP#00KZ1t)GyZeRJ=f0^gc+58lc4Qh*S7RqPIC6GugG1gXe$LIQMRCo8cHf^qXgAa2
z`}t>u2Cq1CbSEpLr~E=c7~=Qkc9-vLE%(v9N*&HF`(d~(0`iukl5aQ9u4rUvc8%m)
zr2GwZN4!s;{SB87lJB;veebPmqE}tSpT>+`t?<457Q9iV$th%i__Z1kOMAswFldD6
ztbOvO337S5o#ZZgN2G99_AVqPv!?Gmt3pzgD+Hp3QPQ`9qJ(g=kjvD+fUSS3upJn!
zqoG7acIKEFRX~S}3|{EWT$kdz#zrDlJU(rPkxjws_iyLKU8+v|*oS_W*-guAb&Pj1
z35Z`3z<&Jb@2Mwz=KXucNYdY#SNO$tcVFr9KdKm|%^e-TXzs6M`PBper%ajkrIyUe
zp$vVxVs9*>Vp4_1NC~Zg)WOCPmOxI1V34QlG4!aSFOH{QqS<og-9*{m%{>Vq1^1)-
z0P!Z?tT&E-ll(pwf0?=F=yOzik=@nh1Clxr9}Vij89z)ePDSCYAqw?lVI?v?+&*zH
z)p$CScFI8rrwId~`}9YWPFu0cW1Sf@vRELs&cbntRU6QfPK-SO*mqu|u~}8AJ!Q$z
znzu}50O=YbjwKCuSVBs6&CZR#0FTu)3{}qJJYX(>QPr4$RqWiwX3NT~;>cLn*_&1H
zaKpIW)JVJ>b{uo2oq>oQt3y=zJ<SzS^-D>jb%fU@wLqM{SyaC6x2snMx-}ivfU<1-
znu1Lh;i$3Tf$Kh5Uk))G!D1UhE8pvx&nO~w^fG)BC&L!_hQk%^p`Kp@F{cz>80W&T
ziOK=Sq3fdRu*V0=S53rcIfWFazI}Twj63CG(jOB;$*b`*#B9uEnBM`hDk*E<oidpi
zVi-YCX)u~YCBI+laYqXSo<EX9^<PNdjZ=BtK`_ZYngaDtG5R2}vTD}f!DiphZC8q*
z6i0u#X*zYGRu)lm1ElCpjgBvp3Ldd|#4WH$%tK2cXGR#zWyK<<eW|7%5Ju2_h*||L
zg2wp|<^Qbr0(rt`iD%~4&vfIMiU-hB(&TS(L<Ua}Ae0?Iw}pCJ-m<j9H*WOItm42P
z+4mexCkJJkqGU65>wSRdwP8?5T?xGUKs=5N83XsR*)a4|ijz|c{4tIU+4j^A5C<#5
z*$c_d=5ml~%pGxw#?*q9N7aRwPux5EyqHVkdJO=5J>84!X6P>DS8PTTz>7C#F<Zu4
zp3F5$$3=BvvzoPSkFVMT=*}cwr4^?8L-w1olVUL5gHh{)p1vygqRx_|5M(|5i$<sf
zD*3bQ%l!Ml%>O?k#edkntG<Krzma04@|w*Y9|BKCf&FeXNg|upC}{zu^oHarA7zIf
zC8{uLE&-S@l`ZxV=v;r*B3!WS4z%0OHxj5&2`?c0;8f|2cq)E6RQk=VwECk+Q<E<b
z===nd>+fJk8ZMn?pmJSO@`x-QHq;7^h6GEXLXo1TC<!%G;g|1m1_bS}WUN;u(X1H_
zC*#P|&x2L7jt9)tK*_e)O{|{ck0S}rdz!bjq~RUIX}#ve9vhD}wsXP2-}YSVJ>NhH
z8ZDH{*NLAjo3WM`xeb=X{((uv3H(8&r8fJJg_uSs_%hOH%JDD?hu*2NvWGYD+j)&`
zz#_1%O1wF^o5ryt?O0n;`lHbzp0wQ?rcbW(F1+h7_<Pe?a2+{KTPMp$CgHfSHrYCA
zK{ERTzz`pSB$~vt3tii8P;~CRII8wO)%F!tVN6C6<1n2x%4zAuytITcED<o5IyW7o
zh-G7-*3%BqRFkVI(T5y^ar95CXup=KHGy2BZYuLh)vrm>EZZ<i<-|Mk=_v8nD5m5v
zdpML`Rs@XrmR1I|!5H>9{>rePvLAPVZ_R|n@;b$;UchU=0j<6k8G9QuQf@76oiE*4
zXOLQ&n3$NR#p4<5NJMVC*S);5x2)eRbaAM%VxWu9ohlT;pGEk7;002enCbQ>2r-us
z3#bpXP9g|mE`65VrN`+3mC)M(eMj~~eOf)do<@l+fMiTR)XO}422*1S<RWVx0`Uk8
z=5;*6NK#2D`zc^JM6i=$pyv-R_l)2#3c6jS0ZcmLz1#Dg>L{wyY(%oMpBgJagtiDf
zz>O6(m;};>Hi=t8o{DVC@YigqS(Qh+ix3Rwa9aliH}a}IlOCW1@?%h_bRbq-W{KHF
z%Vo?-j@{Xi@=~Lz5uZP27==UGE15|g^0gzD|3x)SCEXrx`*MP^FDLl%pOi~~Il;dc
z^hrwp9sYeT7iZ)-ajKy@{a`kr0-5*_!XfBpXw<un0R1t>EcFGJ;%kV$0Nx;apKrur
zJN2J~CAv{Zjj%FolyurtW8RaFmpn&zKJWL>(0;;+q(%(Hx!GMW4AcfP0YJ*Vz!F4g
z!ZhMyj$BdXL@MlF%KeInmPCt~9&A!;cRw)W!Hi@0DY(GD_f?jeV{=s=cJ6e}JktJw
zQORnxxj3mBxfrH=x{`_^Z1ddDh}L#V7i}$njUFRVwOX?qOTKjfPMBO4y(WiU<)epb
zvB9L=%jW#*SL|Nd_G?E*_h1^M-$PG6Pc_&QqF0O-FIOpa4)PAEPsyvB)GKasmBoEt
z?_Q2~QCYGH+hW31x-B=@5_AN870vY#KB~3a*&{I=f);3Kv7q4Q7s)0)gVYx2#Iz<e
zcH?D}+f3Q#s`S_o+I!i;AG^@C;`0g<<}J>9g(F<Nt8qTR6vu`Q_y)iK3d>2;=+Iy4
z6KI^8GJ6D@%tpS^8boU}zpi=+(5GfIR)35PzrbuXeL1Y1N%JK7PG|^2k3qIqHfX;G
zQ}~JZ-UWx|60P5?d1e;AHx!_;#PG%d=^X(AR%i`l0jSpYOpXoKFW~7ip7|xvN;2^?
zsYC9fanpO7rO=V7+KXqVc;Q5z%Bj})xHVrgoR04s<WC19*!aSDBN9bsQ!y_RQh!2^
zM?3OYfd1?Of*;~K;fPyA-Zs2YGEobYXZSuxP}4a~sqAr!U$f%5T_yC9m}8r(jTC#Z
zlS5i1zBtiGG~ok?`vdcED-M&WdW#GCV?b8L_D^$erV#MdoMmoYt9TZ|Ht9A`j0>A2
zl~DAwv=!(()DvH*=lyhIlU^hBkA0$e*7&fJpB0|oB7)rqGK#5##2T`@_I^|O2x4GO
z;xh6ROcV<9>?e0)MI(y++$-ksV;G;Xe`lh76T#Htuia+(UrIXrf9?<emJgERw<NIn
zQ3ku})$3b}us&H98W&5x<)bV~*h&=0ffNSk1dGwNXOQ%9)}<w_ggrrd<5YvvzW{lc
z%ra;Ag$A><p>L(tZ$0BqX1>24?V$S+&kLZ`AodQ4_)P#Q3*4xg8}lMV-FLwC*cN$<
zt65Rf%7z41u^i=P*qO8>JqXPrinQFapR7qHAtp~&RZ85$>ob|Js;GS^y;S{XnGiBc
zGa4IGvDl?x%gY`vNhv8wgZnP<sGTjZeSulPuO`MCGWcs$^L3#ATO-7+><iA~BUyg7
zK%Ww`C41~DlFVr(wLNj3&@sD(X1>#UYI-w*<g2t%j8f-#L_4CY4*BdT&|1*Oi_vum
zKr_(QQ>^4YCZnxkF85@ldepk$&$#3EAhrJY0U)lR{F6sM3SONV^+$;Zx8BD&Eku3K
zKNLZyBni3)pGzU0;n(X@1fX8wYGKYMpLm<N;CLpE$mA#FhwOAwFc3Gu*Y2ijqt2Mr
zEmgb5Rj4WSTt}-IA7KmFeJ5Mjqr(gVM>Cu{N5-}epPDxClPFK#A@02WM3!myN%bkF
z|GJ4GZ}3sL{3{qXemy+#Uk{4>Kf8v11;f8I&c76+B&AQ8udd<8gU7+BeWC`akUU~U
zgXoxie>MS@rBoyY8O8Tc&8id!w+_ooxcr!1<R^L(;4reEepdzdE}95d2?7a|m*bOO
zw-e)+?=QFS<bE97C&Ii^S^W*sEa3vQg$((7STwNpoGd886wr(*z1BNi)jL%HPZ&tN
zMU1+!wKw7>?#rc$-|SBBtH6S?)1e#P#S?jFZ8u-Bs&k`yLqW|{j+%c#A4AQ>+tj$Y
z^CZajspu$F%73E68Lw5q7IVREED9r1Ijsg#@DzH>wKseye>hjsk^{n0g?3+gs@7`i
zHx+-!<a?ReO?pTi@}bP2;<uA@WM0R7zz}csHRnM~D!mg`gD>sjLx^fS;fY!ERBU+Q
zVJ!e0hJH%P)z!y%1^ZyG0>PN@5W~SV%<y=x@j^(xiknw*C+Ur&ZKl@Fn|2w}`ly8(
zz_1QrAQphp;v3{c3l!jHVeo@tq)&pO(TmgH_gydMs#0|p0EwwF+U6X@z~IpBNd*kS
z6gu9R48Qg1ZmheUKP8?FTjqJfpHv+Qzur?E>f>}c?$H8r;Sy-ui>aruVTY=bHe}$e
zi&Q4&XK!qT7-XjCrDaufT@>ieQ&4G(SShUob0Q>Gznep9fR783jGuUynAqc6$pYX;
z7*O@@JW>O6lKIk0G00xsm|=*UVTQBB`u1f=6wGAj%nHK_;Aqmfa!eAykDmi-@u%6~
z;*c!pS1@V8r@IX9j&rW&d*}wpNs96O2Ute>%yt{yv<kbv8~>>k!6zfT6pru{F1M3P
z2WN1JDYqoTB#(`kE{H676QOoX`cnqHl1Yaru)>8Ky~VU{)r#{&s86Vz5X)v15ULHA
zAZDb{99+s~qI6;-dQ5DBjHJP@GYTwn;Dv&9kE<0R!<?&2c8~t|z-P*DUzhl0`)*&h
z|Nn!A|7U$aOKIxA^!*PLm$hJHXw+OP4ZezL1tUs=phN^Q<ajb=DGRYXwnS-lEtiqY
z<frQHk&G0bcD}r@nR4F*#?F;03be|bX?NbkjK|JLXOk{3&rif|A{D1QLy-_VbXfN<
z`&SwtIfw(ew@5F}*W~2($7(fcbFJ&i{R!6o{(JXA6Go7A?f0+7=m(n5mSsl@X02PS
z-WAkN+CBDC0Juwc><R~*^;Bg@=LH+}=1lFi@bNQ@$bvI%*KR054Mda5?OV~x-9V>d
z8tf1oq$kO`_sV(NHOSbMwr=To4r^X$`sBW4$gWUov|WY?xccQJN}1DOL|GEaD_!@&
z15p?Pj+>7d`@<hmz7-`Nlqgl%etYhVq(Lsv5EWt?S5qiu*a*btqng6H#LO-oz2SH0
z^xQ6+AKHkG1#oA+26Ir>LvNIu9*^hPN)pwcv|akvYYq)ks%`G>!+!pW{-iXPZsRp8
z35LR;DhseQKWYSD`%gO&k$Dj6_6q#vjWA}rZcWtQr=Xn*)kJ9kacA=esi*I<)1>w^
zO_+E>QvjP)qiSZg9M|GNeLtO2D7xT6vsj`88sd!94j^AqxFLi}@w9!Y*?nwWARE0P
znuI_7A-saQ+%?MFA$gttMV-NAR^#tjl_e{R$N8t2NbOlX373>e7Ox=l=;y#;M7asp
zRCz*CLnrm$esvSb5{<D+-TvHfiAKWjMv@f{O6HO_6qs!bUPBzAT_=n|ZXu1_p<5Uy
z3h~@8-S?LvkCJ{s{eD*A;Sn*288f6#+AhGxs`&<L9qn^;Z22jipcEpYF_>T<$6CjY
zmZ(i{Rs_<#pWW>(HPaaYj`%YqBra=Ey3R21O7vUbzO<NIYfKSkPH64b-_2c5+D94m
z%iNp4`dUo?NvQw#46nFlJ1h6~OcEsuw4>kJJO?V`4-D*u4$Me0Bx$K(lYo`JO}gnC
zx`V}a7m-hLU9Xvb@K2ymioF)vj12<*^oAqRuG_4u%(ah?+go%$kOpfb`T96P+L$4>
zQ#S+sA%VbH&mD1k5Ak7^^dZoC>`1L%i>ZXmooA!%GI)b+$D&ziKrb)a=-ds9xk#~&
z7)3iem6I|r5+ZrTRe_W861x8JpD`DDIYZNm{$baw+$)X^Jtjnl0xlBgdnNY}x%5za
zkQ8E6T<^$sKBPtL4(1zi_Rd(tVth*3Xs!ulflX+70?gb&jRTnI8l+*Aj9{|d%qLZ+
z>~V9Z;)`8-lds*Zgs~z1?Fg?Po7|FDl(Ce<*c^2=lFQ~ahwh6rqSjtM5+$GT>3WZW
zj;u~w9xwAhOc<<rq!H2nfR^7-SzR`1qG<@9=UVA!*EEe=aj$k=;J{9<>kF}~`CJ68
z?(S5vNJa;kriPlim33{N5`C{9?NWhzsna_~^|K2k4xz1`xcu<DiNXb8<8|Z|Cq-GN
zCj)9M_ZyLriw>i*LXL-1#Y}Hi9`Oo!zQ>x-kgAX4LrPz63uZ+?uG*84@<PwZBwue+
zS_(JptfpR*pv(`dE1<lRh0d;LEi#-yNm1~qOYx|4^9!+8XC372m2S)!zRs|&NM%#C
z+GAUzg{43ESA4LWP=nq0vMI~2O-KLrb1MH&d{DNr{9l?+9m-=0Uz-DYT;s)i8TcR&
zZh}K8#36!G;6ZC+XJ@IPDh1SQ+DH`botOlr$wuj)=;;c=MU$X;yOXeWp?}z{AJeP3
z$QB6%$q~}6J8i8sO`UWW+mc=Rc6o#AK{c`V$1Y3*YS}cR>PKq-KgQlMNRwz=6Yes)
zY}>YN+qP}nwr$(CZQFjUOI=-6J$2^XGvC~EZ+vrqWaOXB$k?%Suf5k=4>AveC1aJ!
ziaW4IS%F$_B<CZJ!UX;hU#7vjr-A^#gKV?ykV>abi)kA8Y&u4F7E%99OPtm=vzw$$
zEz#9rvn`Iot_z-r3MtV>k)YvErZ<^Oa${`2>MYYODSr6?QZu+<Xr5QDI3|}c*=v!t
z7aWklHMNmj(E4@B8u*Z;TyWOKVOpxR#jrE(G|coSCa0%my~OH?4?4W3oGfzXZ^Yl8
zoBlE^JMVJSf5Id9b3E|!Jy&$Nn|?alu2G4}CVoY>be-~MBjwPGdMvGd!b!elsdi4%
z`37W*8+OGulab8YM?`KjJ8e+jM(tqLKSS@=jimq3)Ea2EB%88L8CaM+aG7;27b?5`
z4zuUWBr)f)k2o&xg{iZ$IQkJ+SK>lpq4GEacu~eOW4yNFLU!Kgc{w4&D$4ecm0f}~
zTTzquRW@`f0}|IILl`!1P+;69g^upiPA6F{)U8)muWHzexRenBU$E^9X-uIY2%&1w
z_=#5*(nmxJ9zF%styBwivi)?#KMG96-H@hD-H_&EZiRNsfk7mjBq{<vAyj;V$oY$;
zeFf@1qm*3JDo_jY%mMvJK|}hElB4>L%!E;Sqn!mVX*}kXhwH6eh;b42eD!*~upVG@
z#smUqz$ICm!Y8wY53gJeS|Iuard0=;k5i5Z_<S6ivK6}$qoRMsg7V!3nguv@i1IcG
zTip=0gi~_71}Ye%-y+=r)peyFsi|a3!G{6XxhN#Qh|@7<<1d75@UG8;<MS%cR=T4O
zoC};`)PZx1F>hSIs6tr)R4n*r*rE`>38Pw&lkv{_r!jNN=;#?WbMj|l>cU(9trCq;
z%nN~r^y7!kH^GPOf3R}?dDhO=v^3BeP5hF|%4GNQYBSwz;x({21i4OQY->1G=KFyu
z&6d`f2tT9Yl_Z8YACZaJ#v#-(gcyeqXMhYGXb=t>)M@fFa8tHp2x;ODX=Ap@a5I=U
z0G80^$N0G4=U(>W%mrrThl0DjyQ-_I>+1Tdd_AuB3qpYAqY54upwa3}owa|x5iQ^1
zEf|iTZxKNGRpI>34EwkIQ2zHDEZ=(J@lRaOH>F|2Z%V_t56<AC&&@dFD$aTcihA@L
zsrWd?<myPVagWF6k#axl>Km$PUYu^xA5#5Uj4I4RGqHD56xT%H{+P8Ag>e_3p<L4#
zGGo`21LS^`#&pLj%z6&83bF#woRX8gnyg4E`RMx;A0GPTje`oZWY-mmMzZp&3~FVT
z%&JKi++U_$aax?RigODkBI8D0f>N$4m8n>i%OyJFPNWaEnJ4McUZPa1QmOh?t8~n&
z&RulPCors8wUaqMHECG=IhB(-tU2XvHP6#NrLVyKG%Ee*mQ5Ps%wW?<IHwX<9-vb-
zW|;MpO8qp-ZnW!-s%jOBntq(xp658aSEi+O=TlVuEDFeZ;Vf58T5E5oJgpsS$z*|w
z_>mcnriTVRc4J`2YVM>$ixSF2Xi+Wn(RUZnV?mJ?GRdw%lhZ+t&3s7g!~g{%m&i<6
z5{ib-<==DYG93I(yhyv4jp*y3#*WNuDUf6`vTM%c&hiayf(%=x@4$kJ!W4MtYcE#1
zHM?3xw63;L%x3drtd?jot!8u3qeqctceX3m;tWetK+>~q7Be$h>n6riK(5@ujLgRS
zvOym)k+VAtyV^mF)$29Y`nw&ijdg~jYpkx<Yqc8N6p%GnFnUNecXA;^tBlRNJF2~8
z83k&Izk?JNwKq$7B{7SaDzJleOD3(MTg8JS?=Wa}5<9yFzA)j$wyJG`eyNKZ->%*^
z8dz`C*g=I?;clyi5|!27e2AuSa$&%UyR(J3W!A=ZgHF9OuKA34I-1U~pyD!KuRkjA
zbkN!?MfQOeN>DUPBxoy5IX}@vw`EEB->q!)8fRl_mqUVuRu|C@KD-;yl=yKc=ZT0%
zB$fMwcC|HE*0f8<f|{q<VA<GPwt+_1vdY4dp0vY!lyK4+MMzS+wPs8%Y!YQ?CyA-f
z|5A#Ax91*K+5prTyd;RpVWXU<95EBu#@OP?@CFlP#ju<zpg)t6EZ7t+Phz{i%)wGY
z8Sly%qPUn+-#Zc6fnT8&C%dW&XQx|!Q}Y8ZE~UUjv&VIXbif`Up{+OPP#QE?I~5wN
zHg1NwMkYZhg(4h)DfG}WB{D2YgF!n(>+PVlW<RX4?O?hiF?W-4C-rmr<l4%Mf}qji
zkPzoVbI6zl!<d=O(O@8ySZ)?gs-s}EQaJeWY|cHwm*h+8s-uBy$q^5SBFqHNH!Nya
zV@RFH@>Hi>M`zfsA(NQFET?LrM^pPcw`cK+Mo0%8*x8@65=CS_^$cG{GZQ#xv($7J
z??R$P)nPLodI;P!IC3eEYEHh7TV@opr#*)6A-;EU2XuogHvC;;k1aI8asq7ovoP!*
z?x%UoPrZjj<&&aWpsbr>J$Er-7!E(BmOyEv!-mbGQGeJm-U2J>74>o5x`1l;)+P&~
z>}f^=Rx(ZQ2bm+YE0u=ZYrAV@apyt=v1wb?R@`i_g64YyAwcOUl=C!i>=Lzb$`tjv
zOO-P#A+)t-JbbotGMT}arNhJmmGl-lyUpMn=2UacVZxmiG!s!6<s%>H39@~&uVokS
zG=5qWhfW-WOI9g4!R$n7!|ViL!|v3G?GN6HR0Pt_L5*>D#FEj5wM1DScz4Jv@Sxnl
zB@MPPmdI{(2D?;*wd>3#tjAirmUnQoZrVv`xM3hARuJksF(Q)wd4P$88fGYOT1p6U
z`AHSN!`S<vf~_mGQCqX)ayUeL8g`S?LD*d~o*;e7Butl14T(z{eOwARI#k6Z+()QR
zRb-Fll&T}^(XzJMq%~^W5vm%)tln8#72}u>t}}UMBT9o7i|G`r<n?jT0vW2UItF>$
zrB=s$qV3d6$W9@?L!pl0l<c#ekbP<;Y&UotwnNp9`G`wO^=Aisw282N+FetlbD$(D
z7M*F%Rd<HPvo2^kToVnJhdjmlUST#jY=_jHJl3UwxoOwN6*yj#Q|53p9z(c~{M95w
z2|XIj8-<CPgenTQC)l6Cq+N$TfYAFyPq>f%)xs%1ko^=QY$ty-57=55PvP(^6E7cc
zGJ*>m2=;fOj?F~yBf@K@9qwX0hA803Xw+b0m}+#a(>RyR8}*Y<4b+kpp|OS+!whP(
zH`v{%s>jsQI9rd$*vm)EkwOm#W_-rLTHcZRek)>AtF+~<(did)*oR1|&~1|e36d-d
zgtm5cv1O0oqgWC%Et@P4Vhm}Ndl(Y#C^MD03g#PH-TFy+7!Osv<s)+{oZ?`ap%hJ=
z*bwh1?V<z`MwG&0U7SJ4*@zJBC@n5eBU+e74xsX-sjHT`s*lOwc6j~7QTT;glq}6g
z&*%49-SpK^iuY*QN`=#PT9cA+UIO{$3ZZc%>1z^UWS9@%JhswEq~6kSr2DITo59+;
ze=ZC}i2Q?CJ~Iyu?vn|=9iKV>4j8KbxhE4&!@SQ^dVa<p=`%D$z@S%=#yKBRv78Cx
zjasr<f+hkxQ?tW2jO~X7qqFZ|M=u+1v6N#}-O}J_%RE)_BxhmClZdOv0jO$0)%AEc
ze|Be+FNW#V0(^5Jes;NbH!9p(kf|KS=`TmjGtzk>-gK@YfS9xT(0kpW*EDjYUkoj!
zE49{7H&E}k%5(>sM4uGY)Q*&3>{aitqdNnRJkbOmD5Mp5rv-hxzOn80QsG=<y&iAv
zoygUqB(HTOw-D%a7G$=rjE8g{ZQXwB7#B8Wxwbz08Jsb0u509=?`<rrdnI^FIQeST
zajiSMO#8sNw9ue(d(mgN_gC&Vg<qYQ+k22&7!tdVX?_7@F@`@;me)sGM-^Ywu1rH7
zrh<OEbzwuL!xTCj@ogj=wajI}heZh^mL#4*plBwGap)3#yRP80rCsAW+D2zjCMM5q
zqlNo=Si)901Ml@}Ixwm^bC{eJIZ?9!vFEj>HJ_atI-EaP69cacR)Uvh{G5dTpYG7d
zbtmRMq@Sexey)||UpnZ?;g_KMZq4IDCy5}@u!5&B^-=6yyY{}e4Hh3ee!ZWtL*s?G
zxG(A<f#J^YQ1Cz#m-<*_U8HvcG@jc-yMVZp(Zo}py?|jD+4D`Fd+W<A%;vg-apbky
zCI&lkC9TywfFKW;HsiG-H-QDFbT8RZIi@8evyVwL`-aRfT@rSZ(^#qGvae0S2@BTa
z!i>!<FWySf`?H|6p^KKhe*MH{y8K^`R9uZ{0qEqFRq4ez&thQ*WY!<HUw}@VSbJ69
zLD1)><9o!CL+q?u_utltPMk+hn?N2@?}xU0KlYg?Jco{Yf@|mSGC<(Zj^yHCvhmyx
z?OxOYoxbptDK()tsJ42VzXdINAMWL$0Gcw?G(g8TMB)Khw_|v9`_ql#pRd2i*?CZl
z7k1b!jQB=9-V@h%;Cnl7EKi;Y^&NhU0mWEcj8B|3L30Ku#-9389Q+(Yet0r$F=+3p
z6AKOMAIi|OHyzlHZtOm73}|ntKtFaXF2Fy|M!gOh^L4^62kGUoWS1i{9gsds_GWBc
zLw|TaLP64z3z9?=R2|T6Xh2W4_F*$cq>MtXMOy&=IPIJ`;!Tw?PqvI2b*U1)25^<2
zU_ZPoxg_V0tngA0J+mm?3;OYw{i2Zb4x}NedZug!>EoN3DC{1i)Z{Z4m*(y{ov2%-
zk(w>+scOO}MN!exSc`TN)!B=NUX`zThWO~M*ohqq;J2hx9h9}|s#?@eR!=F{QTrq~
zTcY|>azkCe$|Q0XFUdpFT=lTcyW##i;-e{}ORB4D?t@<rUy??=TuYp_*>SfqGo_cS
z->?^rh$<&n9DL!CF+h?LMZRi)qju!meugvxX*&jfD!^1XB3?E?HnwHP8$;uX{Rvp#
zh|)hM>XDv$ZGg=$1{+_bA~u-vXqlw6NH=nkpyWE0u}LQjF-3NhATL@9rRxMnpO%f7
z)EhZf{PF|mKIMFxnC?*78(}{Y)}iztV12}_OXffJ;ta!fcFIVjdchyHxH=t%ci`Xd
zX2AUB?%?poD6Zv*&BA!6c5S#|xn~DK01#XvjT!w!;&`lDXSJT4_j$}!qSPrb37vc{
z9^NfC%QvPu@vlxaZ;mIbn<z7Vac;-rGaZpnh<SqY8Q9CG{=8AL&W;*Sy0lmLjV&JM
zXa)osQ>-VHA6miwi8qJ~V;pTZkKqqOii<1Cs}0i?uUIss;hM4dKq^1O35y?Yp=l4i
zf{M!@QHH~rJ&X~8uATV><23zZUbs-J^3}$IvV_ANLS08>k`Td7aU_S1sLsfi*C-m1
z-e#S%UGs4E!;CeBT@9}aaI)qR-6NU@kvS#0r`g&UWg?fC7|b^_HyCE!8}nyh^~o@<
zpm7PDFs9yxp+byMS(JWm$NeL?DNrMCNE!I^ko-*csB+dsf4GAq{=6sfyf4wb>?v1v
zmb`F*bN1KUx-`ra1+TJ37bXNP%`-Fd`vVQFTwWpX@;s(%nDQa#oWhgk#mYlY*!d>(
zE&!|ySF!mIyfING+#%RDY3IBH_fW$}6~1%!G`s<xV|$thPk-h^=fMv&Hnp;VPWb4H
zXg`{=`?M7=Dq8myqz|0%?*$bn?$egRMQTPls(~O?p^=8tlp~~ufW)FLrAIKI*rXSW
zW3!I>uHub1kP@&DoAd5~7J55;5_noPI6eLf{t;@9Kf<{aO0`1WNKd?<)C-|?C?)3s
z><QEhe||>wEq@8=I$Wc~Mt$o;g++5qR+(6wt9GI~pyrDJ%c?gPZe)owvy^J2S=+M^
z&WhIE`g;;J^xQLVeCtf7b%Dg<YLp9$rJl%g{x?f$ghgkcL$GZMdvMR@u|x}I{Qe9_
z&q1ULjNa6Q(nZR+2Nc7yG$v_t1HN@ezTla8$YpCXrW3pKiQm{R;n=1<rvBfU^9P{3
z@$nqa83WF+{OCA+1Zn*g;2x4@KoiX%brVdz6t^EGHy~>#Z2gq9hp_%g)-%_`y*zb;
zn9`f`mUPN-Ts&fFo(aNTsXPA|J!TJ{0hZp0^;<tHD4nK@wPbS|=fM$wSV$taTPGqt
zGB^u*%|y@PNxElDVJ;aR!0wT&iI7kZpng0zO52HM*WmK30Q~Yu);w=*5<AVVovc^R
z`k-Z;-8;PJFrU7VpM3N7QZ`+O#qh*wm2>MYHLOcD=r_~~^ymS8KLCSeU3;^QzJNqS
z5{5rEAv#l(X?bvwxpU;2%pQftF`YFgrD1jt2^~Mt^~G>T*}A$yZc@(k9orlCGv&|1
zWWvVgiJsCAtamuAYT~nzs?TQFt<1LSEx!@e0~@yd6$b5!Zm(FpBl;(<fB3D_;m2?l
z3de#U|K3raz4D?vBz^xW?Wg=mvwNg@|1i>Cn>2vF<?km-o@xWuhxn3bs$Pljx=>?k
zOm#TTjFwd2D-CyA!mqR^?#Uwm{NBemP>(pHmM}9;;8`c&+_o3#E5m)JzfwN?(f-a4
zyd%xZc^oQx3XT?vcCqCX&Qrk~nu;fxs@JUoyVoi5fqpi&bUhQ2y!Ok2pzsFR(M(|U
zw3E+kH_zmTRQ9dUMZWRE%Zakiwc+lgv7Z%|YO9YxAy`y28`Aw;WU6HXBgU7fl@dnt
z-fFBV)}H-gqP!1;V@Je$WcbYre|dRdp{xt!7sL3Eoa%IA`5CAA%;Wq8PktwPdULo!
z8!sB}Qt8#jH9Sh}QiUtEPZ6H0b*7qEKGJ%ITZ|vH)5Q^2m<7o3#Z>AKc%z7_u`rXA
zqrCy{-{8;9>dfll<T^QC7i-!Fb6U7Jr)|#XOupnl(tkS3y$lcK{_fXxPcyuknfQ~x
zf@~St3JeO(?cJD*9%zow(<yIgW%x$m#slX3pj{at{@6iEH?BdH^RYnm8&dJ7wK$@@
zVWq~nxej{11A23OWBxqf9N%DH_7R<7fAS~Y3ol-7Pi{v{|9EqM&L`?kzu+YCrvBtt
z_D%ic$wLdbBkX0psXy+e8ZxCG;Pms~Doa?=r+ky&_1GWZ)usQYvh=^J`X>Lu$^M5L
z-hXs))h*qz%~ActwkIA(qOVBZl2v4lwbM>9l70Y`+T*elINFqt#>OaVWoja8RMsep
z6Or3f=oBnA3vDbn*+HNZP?8LsH2MY)x%c13@(XfuGR}R?Nu<|07{$+Lc3$Uv^I!MQ
z>6qWgd-=aG2Y^24g4{Bw9ueOR)(9h`scImD=86dD+M<j=UE|C;@sK-I;*&dQ=%}gk
z)B!@EvJAu)BjncrBD%^q6<)oeX~UkPqgBXuU#=iDAF)wuM3*6$<L0BUP6j>nSN4$6
z^U*o_mE-6Rk~Dp!ANp#5RE9n*LG(Vg`1)g6!(XtDzsov$Dvz|Gv1WU68J$CkshQhS
zCrc|cdkW~UK}5NeaWj^F4MSg<F<s`^q0<TvPF|H0&oNb>FM+@fJd{|LLM)}_O<{rj
z+?*Lm?owq?IzC%U%9EBga~h-cJbIu=#C}XuWN>OLrc%M@Gu~kFEYUi4EC6l#PR2JS
zQUkGKrrS#6H7}2l0F@S11DP`@pih0WRkRJl#F;u{c&ZC{^$Z+_*lB)r)-bPgRFE;*
zl)@hK4`tEP=P=il02x7-C7p%l=B`vkYjw?YhdJU9!P!jcmY$OtC^12w?vy3<<=tlY
zUwHJ_0lgWN9vf>1%WACBD{UT)1qHQSE2%z|JHvP{#INr13jM}oYv_5#xsnv9`)UAO
zuwgyV4YZ;O)eSc3(mka6=aRohi!HH@I#xq7kng?Acdg7S4vDJb6cI5fw?2z%3yR+|
zU5v@Hm}vy;${cBp&@D=HQ9j<G=bG8X+ilNJ?RJXvDOEMBde)25_E~7I?MU+6ykbEe
zwlwWZTbqdW7A20%*{o<J`$q1@Ycld!(_(EqnYMdl&`5dkZIC_te`M|#=Iw~8P<CJb
zRB_sFh_lP4SX6pZnM=9HIz|6*yQoYN$ysd{HU9aoSvP2U?umOV9m0QY=>7NcFaOYL
zj-wV=eYF{|XTkFNM2uz&T8uH~;)^Zo!=KP)EVyH6s9l1~4m}N%XzPpduPg|h-&lL`
zAXspR0YMOKd2yO)eMFFJ4?sQ&!`dF&!|niH*!^*Ml##o0M(0*uK9&yzekFi$+mP9s
z>W9d%Jb)PtVi&-Ha!o~Iyh@KRuKpQ@)I~L*d`{O8!kRObjO7=n+Gp36fe!66neh+7
zW*l^0tTKjLLzr`x4`_8&on?mjW-PzheTNox8Hg7Nt@*SbE-%kP2hWYmH<as3s;3dB
zGF)lQb4*{W{s~m$kJ_;7j;cfOyu}B&y0s+jVVv$_H@egmCSN7X?3gk9bYo6swHDQ9
zg-L}N$+=uhC+gRRN)XP@3cO>u#Fn@Q^J(SsPUz*|EgOoZ6<W=Bo)J0Q;m559tyuE#
zLg%v9lH_9r;=_EOdj#0`D7^XXPL;8V>byg3ew88UGdZ>9B2Tq=jF7<EJ!TXj@;|w{
zdf7ZfHx+mvI`W&PIP#=oO`B12md1xam~79(oqs4UUMnyRq{81HXVL2E;h(%Ol(A~}
z^n4*)dGf~yP6-Dv!SSnD?Mdu}C3S%8f7rg+6A3U%FuEXLg<+Iwh%-7NKl@rQpvaJ}
zHwX`+=9DZH9MoIn^aYb`vA~19+Y@$$L7>2ZaR=4u%1A6Vm{O#?@dD!(#tmR;eP(Fu
z{$0O%=Vmua7=Gjr8nY%>ul?w=FJ76O2js&17W_iq2*tb!i{<q|g+F8+dEk=7I*b$k
zfHy1#iZ?<b)WRJw_Q;_?7Qr1x1fOwWj3fU+i95=;^viGx>pt#`qZB#im9Rl>?t?0c
zicIC}et_4d+CpV<WYvG+Qy=M4fqRlShrB0ABj<1vxR!nk?HzgR{1Zy7dT(ql^LGHk
zbtwjlkw%2Sz_=?Ev5<S4+oS_d`MXZIuh9f&=WusVxCg&4M6SulVC6tXa%y3~fy$$=
zgaqCG;I2JkQp{af=&tkR1)k?Mq*~2KarL#o{N9l8`n2Q*{dFn2Aqheuy5pK*5~@dn
zAUq?gaZTTGiAPWtrINms0FE~Rk&J-igF4wai(k+!<AvEH>Px)i4~$u6N-QX3H77ez
z?ZdvXifFk|*F8~L(W$OWM~r`pSk5}#F?j_5u$Obu9lDWIknO^AGu+Blk7!9Sb;NjS
zncZA?qtASdNtzQ>z7N871IsPAk^CC?iIL}+{K|F@BuG2>qQ;_RUYV#>hHO(HUPpk@
z(bn~4|F_jiZi}Sad;_7`#4}EmD<1EiIxa48QjUuR?rC}^HRocq`OQPM@aHVKP9E#q
zy%6bmHygCpIddPjE}q_DPC`VH_2m;Eey&ZH)E6xGeStOK7H)#+9y!%-Hm|QF6w#A(
zIC0Yw%9j$s-#odxG~C*^MZ?M<+&WJ+@?B_QPUyTg9DJGtQN#NIC&-XddRsf3n^AL6
zT@P|H;PvN;ZpL0iv$bRb7|J{0o!Hq+S>_NrH4@coZtBJu#g8#CbR7|#?6uxi8d+$g
z87apN>EciJZ`%Zv2**_uiET9Vk{pny&My;+WfGDw4EVL#B!Wiw&M|A8f1<o!4D>A@
z(yFQS6jfbH{b8Z-S7D2?Ixl`j0{+ZnpT=;KzVMLW{B$`N?Gw^Fl0H6lT61%T<G)JV
zFxXraywnpF6xC3GQdEFWGnwf8cSTaqeK41;?*^^tH^znLzqXnF%VFT3@UDLz31Yt~
zt1AL1yu0;x;(?~W6+jJ9LrfK`D&ByIA}l1-7&U_j+YQ~7z`JkDZjlblA8d}I;WH{g
zC0ES-Qvh<>2AU**!sX0u?|I(yoy&Xveg7XBL&+>n6jd1##6d>TxE*<Ar(sc(Bu^|z
z9hrl)GNg{$efJd|)cea$o#jV;Q4r8b+A}r|>Vj=8lWiG$4<VK5A=k4M5~-nvjP-{O
zV8pcf=E2RAG{W@WaSbt<oK%uC(9#~x&_$sDRj@|UZmCgRQbRy`>=u{1UbAa5QD>5_
z;Te^42v7K6Mmu4IWT6Rnm>oxrl~b<~^e3vbj-GCdHLIB_>59}Ya+~OF68NiH=?}2o
zP(X7EN=quQn&)fK>M&kqF|<_*H<cwCuNRp|+zL#!8ahs~;&EDeLAe8)G*^PjIAy0l
zK-!LhT}2?RS2cld8@7BXA8OL=0Ov9pNm3Zz3)LmJLDvDNjh52-LPTzuVhjZ)*F~32
z){Y^W2Jp7@2l};<g80X*y6xQ=?e?^N18tu9n%iDKPIA*?LsU4H8AEjezYO`=Z>`}c
zk=+x)GU>{Af#vx&s?`UKUsz})g^Pc&?<rGKpJnw3;kV`E!|r0J-GJ}YEK3ik6lvJ?
zLkm)B;+6)qz)}5@`>Ka@t5$n$bqf6{r1>#mWx6Ep>9|A}VmWRnowVo`OyCr^fHsf#
zQjQ3Ttp7y#iQY8l`zEUW)(@gGQdt(~rkxlkefskT(t%@i8=|p1Y9Dc5bc+z#n$s13
zGJk|V0+&Ekh(F};PJzQKKo+FG@KV8a<$gmNSD;7rd_nRdc%?9)p!|B-@P~kxQG}~B
zi|{0}@}zKC(rlFUYp*dO1RuvPC^DQOkX4<+EwvBAC{IZQdYxoq1Za!MW7%p7gGr=j
zzWnAq%)^O2$eItftC#TTSArUyL$U54-O7e|)4_7%Q^2tZ^0-d&3J1}qCzR4dWX!)4
zzIEKjgnYgMus^>6uw4Jm8ga6>GBtMjpNRJ6CP~W=37~||gMo_p@GA@#-3)+cVYnU>
zE5=Y4kzl+EbEh%dhQokB{gqNDqx%5*qBusWV%!iprn$S!;oN_6E3?0+umADVs4ako
z?P+t?m?};gev9J<xrvMj?JFjsZtWf-quiC#u!BU{j|Z+>XQ#Q&KBpzkHPde_CGu-y
z<{}RRAx=xlv#mVi+Ibrgx~ujW$h{?zPfhz)Kp7kmYS&_|97b&H<SL`_{AO<9v%D@8
z77}Y!`#c~v^P+jNiCZgjk$Eu}e?ht~^R`2pg1iPEhXjZVjl-b|*N?0??d5-7i{PRl
z3g-#j3NiART8({yLdUJE-H38|G`rTLl78)2#f9E)ErZoi-Fv`N>&1;J-mzrBWAvY}
zh8-I8hl_RK2+nnf&}!W0P+>5?<Hy2Ocrq-T%g(e-iJ80Q4bGbph6Yn^Ms~*iS%y{)
zR2+@$12xU46My)mb>#?7>npshe<1~&l_xqKd0_>dl_^RMRq@-Myz&|TKZBj1=Q())
zF{dBjv5)h=&Z)Aevx}+i|7=R9rG^Di!sa)sZCl&ctX4&LScQ-kMncgO(9o6W6)yd<
z@Rk!vkja*X_N3H<e&P>=BavGoR0@u0<}m-7|2v!0+2h~S2Q&a=lTH91OJsvms2MT~
zY=c@LO5i`mLpBd(vh|)I&^A3TQLtr>w<oiU80F37l%jO+9L*(6rNJUMQj^mVFrb+K
zbGro$m)k-Mjv2y`V6hi@N1PB7T=%YP1zSAYt&?4uC<+;v72DJZ+TM4vL%d*d?N7Xm
zm~6OL8)rh0XIoR7pN2ODrL%*K0lO((1E{nb4eXnWhR0-4)N_A|nFyFl!4Fa367d3@
z5ruJel)z&kDcd>=zoyzTd=^f@TPu&+*2M<c+GXcqi<cQ#^OejZI|Po8an{Oh-2ytX
zK$MlFe&+@V&gTQgY2e7YqN66POe*A5=RfoUd8+16QdDQgjc}%@)Xu?E)Qo-5tDtuz
z4rP5$Edgx(g_-m&v|zI|MckDZ-*>tqE$Avf>l>}V|3-8Fp2hzo3y<)hr_|NO(&oSD
z!vEjTWBxbKTiShVl-U{n*B3#)3a8$`{~Pk}J@elZ=>Pqp|MQ}jrGv7KrNcjW%TN_<
z<z)esuQW6ysSYp|l#vPogjN7FRRzUSYY_7@QvtoS=9E#^iV5{mHb2N$06kv?{KQ4Y
z{TIb}bD_}cTt+x=_xX$O`O??h@892&xEZqrh{KpSgAqXMBaR^COdOFm;FKQkZc`(c
zwDTDp)<-#gdF+f;!ecTz69+_etlx5gTTYuJs36}MFftQ@Rn)MRhY91bCzTEgj4fv-
z1m@JGpa{H2uzVIbIvR(+jPWIY>Zz8kG{#}XoeWf7qY?D)L)8?Q-b@Na&>i=)(@uNo
zr;cH98T3$Iau8Hn*@vXi{A@YehxDE2zX~o+RY`)6-X{8~hM<uAyYp&U>pc#C`|8y>
zU8Mnv5A<tzpBv6FvrIokz@rbXa#{jdGJP~6p^wT|HfyYaG;wVV>0dNCf{Ims*|l-^
z(MRp{qoGohB34|ggDI*p!Aw|MFyJ|v+<+E3brfrI)|+l3W~CQLPbnF@G0)P~L<BK0
zSRP{4S$9zWWM`Nd;Q6_XmCkEyF=0l#GeYa7+r&_CD~4h2$_LU;yCc{i*o}5aXnx3N
zHqrCmEq3l-{2sjER%{`iHdHZ!Iy}l{>y!1TJLp}xh8uW`Q+RB-v`MRYZ9Gam3cM%{
zb4Cb*f)0deR~wtNb*8w-LlIF>kc7DAv>T0D(a3@l`k4TFnrO+g9XH7;nYOHxjc4lq
zMmaW6qpgAgy)MckYMhl?>sq;-1E)-1llUneeA!ya9KM$)DaNGu57Z5aE>=VST$#vb
zFo=uRHr$0M{-ha>h(D_boS4zId;3B|Tpqo|?B?Z@I?G(?&Iei+-{9L_A9=h=Qfn-U
z1wIUnQe9!z%_j$F_{rf&`ZFSott09gY~qrf@g3O=Y>vzAnXCyL!@(BqWa)Zqt!#_k
zfZHuwS52|&&)aK;CHq9V-t9qt0au{$#6c*R#e5n3rje0hic7c7m{kW$p(_`wB=Gw7
z4k`1Hi;Mc@yA7dp@r~?@rfw)TkjAW++|pkfOG}0N|2guek}j8Zen(!+@7?qt_7ndX
zB=BG6WJ31#F3#Vk3=aQr8T)3`{=<slU+RdlO4Hx0LKNQR4%csKlqXTo6ajrnOY1?l
z2r$(|0XiBb*T4;#8^X*fOz~r=4-{-Rg2n@oH;R!)WGF~o7e;4%=egC+*SUH9@8hON
zRPT>p9nBHlKzE0I@v`{vJ}h8pd6vby&VgFhzH|q;=aonunAXL6G2y(X^CtAhWr*jI
zGjpY@raZD<b_G8JA5s~o@XVViP=?1H?fxk4Pq8R3l2eNln--&c-a(Has8}t#E^(Q*
z=etk{kVRr~2G*+i5b{q+oG(h}R?d-3m0XJJnzvrMZ{1Tcuc{eb>Qkg*aMq}Ni6cRF
z{oWv}5`nhSAv>usX}m^GHt`f(t8@zHc?K|y5Zi=4G*UG1Sza<E8z;l0@bYZ=%a=Vj
z;(n{V1K(1!(<%HdezN^efpP}6_GMFH7m;Wi+()}?4ujb&c~IZ9n3_46*IsTeu9}IF
zAHtU!f4FyUb=kmL3?2I)J-&6Gd2ry1tzU??1iAVB#U4q&;ymb8Acc3xb>{$Dpj%X8
zzEXaKT5N6F5j4J|w#qlZP!zS7BT)9b+!ZSJdToqJts1c!)fwih4d31vfb{}W)EgcA
zH<Fzt5KT4ycl;#zc0!>2pZ^8_k$9+WD<i98{Ka+NY@mr?q>2n`6q5XbOy8>3pcYH9
z07eUB+p<MBNmyg&c4=0;V0B;H%kvu8{sr|yy1~@CobFcUpM3np-7P6;)H5)%*}VV!
zs>}YD@AH!}p!iKv><2QF-Y^&xx^PAc1F13A{nUeCDg&{hnix#FiO!fe(^&%Qcux!h
znu*S!s$&nnkeotYsDthh1d<XHQ3s(h4m+vOMx>q(iQrE|#f_=xVgfiiL&-5eAcC->
z5L0l|DVEM$#ulf{bj+Y~7iD)j<~O8CYM8GW)dQGq)!mck)Fq<!^H$Md3d7YY>oL^X
zwNdZb3->hFrbHFm?hLvut-*uK?zXn3q1z|UX{RZ;-WiLoOjnle!xs+W0-8D)kjU#R
z+S|A^HkRg$Ij%N4v~k`jyHffKaC~=wg<B%ejScY(fj1p_Et27-otoLjL&tKK?8UFN
z%LmnQSnbvpU~;3CWrogVy$oe+4WUkv3SFe(IPiTs$quv+%sU!wurQ6_fZ24IJohEM
zcoKJZay#47ydH__P37To$-Zc()PCOL+72Tm7bmvHtaIu(yG&E4_6jcPE=`5js7(E{
zHf(+WB2w4d@46GMBedn8XLGQp(O+G%3$)&`I%c&|x#vNWkyh%{DGUV$KZ2p<j&Y}k
z)Hs|`mlvf!{5N2bF{_PGj>=9)V5h=|kLQ@;^<Ah@>W!o2^K+xG&2n`XCd>OY5Ydi=
zgHH=lgy++erK8&+YeTl7VNyVm9-GfONlSlVb3)V9NW5tT!cJ8d7X)!b-$fb!s76{t
z@d=Vg-5K_sqHA@Zx-L_}wVnc@L@GL9_K~Zl(h5@AR#FAiKad8~KeWCo@mgXIQ#~u{
zgYFwNz}2b6Vu@CP0XoqJ+dm8px(5W5-Jpis97F`+KM)TuP*X8H@zwiVKDKGVp59pI
zifNHZr|B+PG|7|Y<*tqap0CvG7tbR1R>jn70t1X`XJixiMVcHf%Ez*=xm1(CrTSDt
z0cle!+{8*Ja&EOZ4@$qhBuKQ$U95Q%rc7tg$VRhk?3=pE&n+T3upZg^ZJc9~c2es%
zh7>+|mrmA-p&v}|OtxqmHIBgUxL~^0+cpfkSK2mhh+4b=^F1Xgd2)}U*Yp+H?ls#z
zrL<PO4@qqmi4_%|jPx)N+G{$0%%C1sw{T2fligwqmFd}O+TemcgfxBHvt~23Bx!g6
zxl(O6;y4BH9zTxeA;{A3a_g71v+`o{0uNyu^e>xWg<ZgPjZmPtQ00F}!Yn5nf)<mA
zPThc#yhGf@^9{9a3jZx|NAA<vxc>_hm}AfK2XYWr!rzW4g;+^^&b<P<GfK{gLe<5#
zz<cH|<aY5Fl~>W%LmbtRai9f3PjU${r@n`JThy-cphbcwn)rq9{A$Ht`lmYKxOacy
z6v2R(?gHhD5@&kB-Eg?4!hAoD7~(h>(R!s1c1Hx#s9vGPePUR|of32bS`J5U5w{F)
z>0<^ktO2UHg<0{oxkdOQ;}coZDQph8p6ruj*_?uqURCMTac;>T#v+l1Tc~%^k-Vd@
zkc5y35jVNc49vZ<e37Ty%GD$DqTd&uKFEzb4j%X5FO|fqPqoGYc%Ro7*qb9?JK#sE
zI2o9q*t*5>pZx;gG$h{%yslDI%Lqga1&&;mN{Ush1c7p>7e-(zp}6E7f-XmJb4nhk
zb8zS+{IVbL$QVF8pf8}~kQ|dHJAEATmmnrb_wLG}-yHe><YsE2_~l#l9buQgFXI0`
z(u#b`J=xeBn*3{z^^KAJhXQfvz6EP5l^cD~&vo$LApQd(9gm=munnZ7Bo%LVbi4uK
zNXnx%%rjW{zE{2bapVCkVel~q0upm?=gb{+Eu=B+Z46t{KAKTo1TyYq%j=)TaZP<&
zIfR5WHOe}iiPn?Y<W*8!U(>W|A&Y|;muy-d^t^<&)g5SJfaTH@P1%euONny=mxo+C
z4N&w#biWY41r8k~468tvuYVh&XN&d#%QtIf<GZUR`2QH9h^d*OtBuRQhWwr4nLC*}
zJIh#pCwzAQa(pUP-B<pHxsDxMcBm<`k^}{cmcTX^FsUjvw57E+0Tz}NDT+w-9BC))
zHeGkeroi7YzPFY1zKi5#bbT&jA=fhB<;*YQFRw+++(kz*-d7|)7ibRL<jGF<*B$4+
z`|k6bU2=c_Psjo4w+RtodzK>9;iVXfWY)<X+W}7GbATCgQU`%LT~<fPB3X>#j=<c2
zHd&Dex04~>l`&B~lqDT@28+Y!0E+MkfC}}H*#(WKKdJJq=O$vNYCb(ZG@p{fJgu;h
z21oHQ(14?LeT>n5)s;uD@5&ohU!@wX8w*lB6i@GEH0pM>YTG+RAIWZD;4#F1&F%Jp
zXZUml2sH0!lYJT?&sA!qwez6cXzJEd(1ZC~kT5kZSp7(@=H2$Azb_*W&6aA|9iwCL
zdX7Q=42;@dspHDwYE?miGX#L^3xD&%BI&fN9^;`v4OjQXPBaBmOF1;#C)8XA(WFlH
zycro;DS2?(G&6wkr6rqC>rqDv3nfGw3hmN_9Al>TgvmGsL8_hXx09};l9Ow@)F5@y
z#VH5WigLDwZE4nh^7&@g<bkZm_Vh{ln0@+)lYuu~qeXc#?JCYylKGH|9+kWD0ocxF
z5$1kjN2>{1FV^UZ%_LJ-s<{HN*2R$OPg@R~Z`c-ET*2}XB@9xvAjrK&hS=f|R8Gr9
zr|0TGOsI7RD+4+2{ZiwdVD@2zmg~g@^D--YL;6UYGSM8i$NbQr4!c7T9rg!8;TM0E
zT#@?&S=t>GQm)*ua|?TLT2ktj#`|R<_*FAkOu2Pz$wEc%-=Y9V*$&dg+wIei3b*O8
z2|m$!jJG!J!ZGbbIa!(Af~oSyZV+~M1qGvelMzPNE_%5?c2>;MeeG2^N?JDKjFYCy
z7SbPWH-$cWF9~fX%9~v99L!G(wi!PFp<!s7j4q$86J>>rB!9xj7=Cv<q}(vRw+mcj
z#YR4HX>|F+7CsGNwY0Q_J%FID%C^CBZQfJ9K(HK%k31j~e#&?h<VT6q$5mgm6*^>Q
zNuD6gR<d7v<P!_&8<dm-?#ek*zL2)u8J2l%4_z-z?)QXK(1d9d>kVckU)v+53-fc}
z7ZCzYN-5RG4H7;>>Hg?LU9&5_aua?A0)0dpew1#MMlu)LHe(M;OHjHIUl7|%%)YPo
z0cBk;AOY00%Fe6heoN*$(b<)Cd#^8Iu;-2v@>cE-OB$icUF9EEoaC&q8z9}jMTT2I
z8`9;jT%z0;dy4!8U;GW{i`)3!c6&oWY`J3669C!tM<5nQFFrFRglU8f)5Op$GtR-3
zn!+SPCw|04sv?%YZ(a7#L?vsdr7ss@WKAw&A*}-1S|9~cL%uA+E~>N6QklFE>8W|%
zyX-qAUGTY1hQ-+um`2|&ji0cY*(qN!zp{YpDO-r>jPk*yuVSay<)cUt`t@&FPF_&$
zcHwu1<M$nsSpFX&={p8_cnZ3@SbW>(SQ`I-l8~vYyUxm@D1UEdFJ$f5Sw^HPH7b!9
zzYT3gKMF((N(v0#4f_jPfVZ=ApN^jQJe-X$`A?X+vWjLn_%31KXE*}5_}<jt4v>d8
zw_B1+a#6T1?>M{ronLbHIlEsMf93muJ7AH5h%;i99<~JX^;EAgEB1uHralD*!aJ@F
zV2ruuFe9i2Q1C?^^kmVy921eb=tLDD43@-AgL^rQ3IO9%+vi_&R2^dpr}x{bCVPej
z7G0-0o64uyWNtr*loIvslyo0%)KSDDKjfThe0hcqs)(C-MH1>bNGBDRTW~scy_{w}
zp^aq8Qb!h9Lwielq%C1b8=?Z=&U)ST&PHbS)8Xzjh2DF?d{iAv)Eh)wsUnf>UtXN(
zL7=$%YrZ#|^c{MYmhn!zV#t*(jdmYdCpwqpZ{v&L8KIuKn`@IIZfp!uo}c;7J57N`
zAxyZ-uA4=Gzl~Ovycz%MW9ZL7N+nRo&1cfNn9(1H5eM;V_4Z_qVann7F>5f>%{rf=
zPBZFaV@_Sobl?Fy&KXyzFDV*FIdhS5`Uc~S^Gjo)aiTHgn#<0C=9o-a-}@}xDor;D
zZyZ|fvf;+=3MZd>SR1F^F`RJEZo+|MdyJYQAEauKu%WDol~ayrGU3zzbHKsnHKZ*z
zFiwUkL@DZ>!*x05ql&EBq@_Vqv83&?@~q5?lVmff<cLHceB8mp&F*ZBX}B`|c^idP
zv6n-=r1Y%9B2=MA)BHjW-LyT@+x?-|)~^RdTE*Wmt4T{X?yOR<8KMVy`_8)0^!&oF
z0$q#{$B8*<%lm210;{(CF7N)1MYU#>QZ+V-=qL+!u4Xs2Z2zdCQ3U7B&QR9_Iggy}
z(om{Y9eU;IPe`+p1ifLx-XWh?wI)xU9ik+m#g&pGdB5Bi<`PR*?92lE0+TkRuXI)z
z5LP!N2+tTc%cB6B1F-!fj#}>S!vnpgVU~3!*U<jq0(*nRRh2NkSzq|ekHqi@I{QJ4
zs$%Xz%L?KbVmRwJFka>1ej^)vjUH4s-bd^%B=ItQqDCGbrEzNQi(dJ`J}-U=2{7-d
zK8k^Rlq2N#0G?9&1?HSle2vlkj^KWSBYTwx`2?9TU_DX#J+f+qLi<D9B#g}%V$md`
zk~Ild*}viiyy2C_=6_!CJ#a=26@mjLnII|qn1r<r{`_L^h_&EQU1CrT23vw`5=3<h
zG{v(Q@`P7B9h;CVcDSU+D|~oo@NN9}HbK0D{0!wcrl#V%CP?`IzvTa!#*S)2d1$Yu
z@{MclH9z5OOC5<wLIO8&=t)9CZ5Tx0LQn&eG~9xag*+PbY)P9)O3G<cNK?wZHK1E)
zN?i&=N*5N8I0pp^Xra6>ZCqY1TXHFxXZqYMuD@RU$TgcnCC{_(vwZ-*uX)~go#%PK
z@}2Km_5aQ~(<3cXeJN6|F8X_1@L%@xTzs}$_*E|a^_URF_qcF;Pfhoe?FTFwvjm1o
z8onf@OY@jC2tVcMaZS;|T!Ks(wOgPpRzRnFS-^RZ4E!9dsnj9sFt609a|jJbb1Dt@
z<=Gal2jDEupxUSwWu6zp<<&RnAA;d&4gKVG0iu6g(DsST(4)z6R)zDpfaQ}v{5ARt
zyhwvMtF%b-YazR5XLz+oh=mn;y-Mf2a8>7?2v8qX;19y?b>Z5laGHvzH;Nu9S`B8}
zI)qN$GbXIQ1VL3lnof^6TS~<qSuZSMrS`^DczIf6i8zZ|)TzXBEwW6N#TL3wy;JuH
z4sUyCR`^Gi%H4xvNHCSXsz>rvPVg4V?Dl2Bb*K2z4E{5vy<(@@K_cN@<xbtRT8JEV
z@9ePJQ{ePgXbdj2UeTj`YQ3sQ`t(|5O?8jf1qY=&T$N1)Psvl`6fu>U>R!>aUIRnb
zL*)=787*cs#zb31zBC49x$`=fkQbMAef)L2$dR{)6BAz!t5U_B#1zZG<T23Y;GnC8
z(`aO7qQGuUkmmk=Z)LZ+)_Z;JWly1@9NQ+>`^neKSS22oJ#5B=gl%U=WeqL9REF2g
zZnfCb0?quf?Ztj$VXvDSWoK`0L=Zxem2q}!XWLoT-kYMOx)!7fcgT35uC~0pySEme
z`{wGWTkGr7>+Kb^n;W?BZH6ZP(9tQX%-7zF>vc2}LuWDI(9kh1G#7B<aO|K2FCIJg
zDao72kQAHigp@^v;eK5Vo($1jE5?KxIjn^mY57t?Pj)^$12KtO8GI3M1Ri51g3-Iv
zq`DO&g5CWDnjs~ec$i^VmaK4aG_*NghV8~x3dXdPE^36>99r4x6;_-V+k&c{nPUrR
zAXJGRiMe~aup{0qzmLNjS_BC4cB#sXjckx{%_c&^xy{M61xEb>KW_AG5VFXUOjAG4
z^>Qlm9A#1N{4snY=(AmWzatb!ngqiqPbBZ7>Uhb3)dTkSGcL#&SH>iMO-IJBPua`u
zo)LWZ>=NZLr758j{%(|uQuZ)pXq_4c!!>s|aDM9#`~1bzK3J1^^D#<2<N(j(---cE
zEy;>bNCccH7~-X}Ggi!pIIF>uFx%aPARGQsnC8ZQc8lrQ5o~smqOg>Ti^GNme94*w
z)JZy<k{OAaG~Q|lT7oS<g9V8QNt(KeJIt6&F{U!{MuJ?Xr0XzPZhzp~?qy+NBB<0G
zi_x*hCyRQ*l&365<#;!&Mnh*3`6R@-BoAUC&g|)}Bg;mxBDA&uy<fjp??k5JfO-|6
zv6$F+?VY$#@OP{;d=nLk^Vq&omh*v*bW;ukc`ca|*$h2}@kU)FNYh|cX2FdglBA{Z
zn4gmuD1Tgw4$4s2Q01t5<PSfg@h2F?GtlH6XQC>{_{#$jxG<QXLBP1mLo=v6>Q&`M
z!OMvZMHR>8*^>eS%o*6hJwn!l8VOOjZQJvh)@tnHVW&*GYPuxqXw}%M!(f-SQf`=L
z5;=5w2;%82VMH6Xi&-K3W)o&K^+vJCepWZ-rW%+Dc6X3(){z$@4zjYxQ|}8UIojeC
zYZpQ1dU{fy=oTr<4VX?$q)L<oUsl**eR4|Y=<jHUj;EzXPg2#85xDsCL@vKUk4!ok
zWGU;a1c@)SVKp{%lz7wz>P}IUmpiez^O&N3E_qPpchGTi5ZM6-2ScWlQq%V&R2Euz
zO|Q0Hx>lY1Q1cW5xHv5!0OGU~PVEqSuy#fD72d#O`N!C;o=m+YioGu-wH2k6!t<~K
zSr`E=W9)!g==~x9VV~-8{4ZN9{~-A9zJpRe%NGg$+MDuI-dH|b@BD)~>pPCGUNNzY
zMDg||0@XGQgw`YCt5C&A{_+J}mvV9Wg{6V%2n#YSRN{AP#PY?1FF1#|vO<FCmSeem
zsV>_%e+#`|2*~wGAJaeRX6=IzFNeWhz6gJc8+(03Ph4y6ELAm=AkN7TOgMUEw*N{=
z_)EIDQx5q22oUR+_b*tazu<k7qtKxTlmUW2Omzs&7j%!q->9+pX|n1c*IB-}{DqIj
z-?E|ks{o3AGRNb;+iKcHkZvYJvFsW&83RAPs1Oh@IWy%l#5x2oUP6ZCtv+b|q>jsf
zZ_9XO;V!>n`UxH1LvH8)L4?8raIvasEhkpQoJ`%!5rBs!0Tu(s_D{`4opB;57)pkX
z4$A^8CsD3U5*!|bHIEqsn~{q+Ddj$ME@Gq4JXtgVz&7l{Ok!@?EA{B3P~NAqb9)4?
zkQo30A^EbHfQ@87G5&E<g>QTd`frrwL)&Yw?%-W@uy^Gn23%j?Y!Iea2xw<-f;esq
zf%w5WN@E1}zyXtYv}}`U^B>W`>XPmdLj%4{P298|SisrE;7HvXX;A}Ffi8B#3Lr;1
zHt6zVb`8{#+e$*k?w8|O{Uh|&AG}|DG1PFo1i<Zus%ucO{sZ+tJd!u@5m`tVt$ecP
zHv;DLyGh!O(o#SF9Ho`t`aW6*4AonGVD-cOd49F6=odL=f13sFyII;4g$7X;P=IH_
z!H8wMi5nS$y>?Y*cQm$ZwtGcVgMwtBUDa{~L1KT-{jET4w60>{KZ27vXrHJ;fW{6|
z=|Y4!&UX020wU1>1iRgB@Q#m~1^Z^9<xy6Z(6L!p4YY56>CG1LqDhYBrnx%IEdIty
z!46iOoKlKs)c}<e-V4k`cP%zlS~*r)Iq=(n$n3YjsGj;U{v)@9x+s&RgYVsv=bVhB
z6KS0(1+6KVC4PB64#XkwbuM4|1~xHvpBvYVlWb?(pv$N|&u>newDG)rWUikD%j`)p
z_w9Ph&e40=(2eBy;T!}*1p1f1SAUDP9iWy^u^Ubdj21Kn{46;GR+hwLO=4D11@c~V
zI8x&(D({K~Df2<H8Q0|`g9v?%+ew{*)n&&V=&(8)k^`IVYv)Ef^74^<ekxt26g{<n
z=l9l$ysk3V&@j|Qbd9p}8=X<l&m>E)Nx_yQvYfh4<e?mHvB!$Y?%_59%1<FYEFc$b
z5ztP29y#%z;_YI`kp!lqW2R%wIG*IA1m!F1Kln&)2?~$S$Og+8eH`pJh?)s{O@cqa
zWUZ4w-ZTe!Iykv!<9ko1OVzNOZnowKP{&R2l9=@35YPW+JdW)5@C2juHH<g|8v*@b
z{zCv-5uA{lGB2+F9H+)uLjkGDsT%f9VUvf8ezafoEizvcl$?$h;@OxEC#U#_TL4w5
zDU~DSJxQ)LRv;^Z&wI+)=va(!yOlq(L+s>;MbMJ@Z}=Dt3_>iim~QZ*hZIlEs0mEb
z_54+&*?wMD`2#vsQRN3KvoT>hWofI_Vf(^C1ff-Ike@h@saEf7g}<9T`W;HAne-Nd
z>RR+&SP35w)xKn8^U$7))PsM!jKwYZ*RzEcG-OlTrX3}9a{q%#Un5E5W{{hp>w~;`
zGky+3(vJvQyGwBo`tCpmo0mo((?nM8vf9aXrrY1Ve}~TuVkB(zeds^jEfI}xGBCM2
zL1|#tycSaWCurP+0MiActG3LCas@_@tao@(<l?T*QEH-ae+wh*%6?VE!5DP~@|=`w
zUm(1<BPl}p=AbS7FTVaUy3(jy*M(D2#kTF4RBYR}of+Gx*jB~1QL*jJpu&o6JE?s6
z_S);Tw%)V%`7zq_d$iG?Hu~uO?$>R1ANlwB$4K53egNE_;!&(%@Qo$>h`^1S_!hN6
z)vZtG$8fN!|BXBJ=SI>e(LAU(y(i*PHvgQ2llulxS8>qsimv7yL}0q_E5WiAz7)(f
zC(ahFvG8&HN9+6^jGyLHM~$)7auppeWh_^zKk&C_MQ~8;N??OlyH~azgz5fe^>~7F
zl3HnPN3z-kN)I$4@`CLCMQx3sG~V8hPS^}XDXZrQA>}mQPw%7&!sd(Pp^P=tgp-s^
zjl}1-KRPNWXgV_K^HkP__SR`S-|OF0bR-N5>I%ODj&1JUeAQ3$9i;B~$S6}*^tK?=
z**%aCiH7y?xdY?{LgVP}S0HOh%0%LI$wRx;$T|~Y8R)Vdwa}kGWv8?SJVm^>r6+%I
z#lj1aR94{@MP;t-scEYQWc#xFA30^}?|BeX*W#9OL;Q9#WqaaM546j5j29((^_8Nu
z4uq}ESLr~r*O7E7$D{!k9W>`!SLoyA53i9QwRB{!pHe8um|aD<W*x(R=P_5zAElfw
zT7CEEr(t|!*czBsy>E`Cg0O*{jmor)^t)3`>V>SWN-2VJcFmj^1?~tT=JrP`fVh*t
zXHarp=8HEcR#vFe+1a%XXuK+)oFs`GDD}#Z+TJ}Ri`FvKO@ek2ayn}yaOi%(8p%2$
zpEu)v0Jym@f}U|-;}CbR=9{#<^z28PzkkTNvyKvJDZe+^VS2bES3N@Jq!-*}{oQlz
z@8bgC_KnDnT4}d#<rI9~4w*W=E-{rm^_cQeTd?VLxZpL;UgBY=7Y@N&83iL$n&#~M
zbsQBYt~+>&Cpr!%Yb?E!brx0!eVOw~;lLwUoz#Np%d$o%9scc3&zPm`%G((Le|6o1
zM(VhOw)!f84zG^)tZ1?Egv)d8cdNi+T${=5kV+j;Wf%2{3g@FHp^Gf*qO0q!u$=m9
zCaY`4mRqJ;FTH5`a$affE5dJrk~k`HTP_7nGTY@B9o9vvnbytaID;^b=Tzp7Q#DmD
zC(<aCT_(W?1O|cV&C;hpRo`~BN54GF$vUW?-%&gVawwY-k2~=6)`83yVnUbThqXoO
z#pJ&{AeMt+E`B_K+d;6!WS}aMu|XPUG^g7a(llBSlq>XEN)Ktn39z5|G!wsVNnHi)
z%^q94!lL|hF`IijA^9NR0F$@h7k5R^ljOW(;Td9grRN0Mb)l_l7##{2nPQ@?;VjXv
zaLZG}yuf$r$<79rVPp<j5%445ugcCYz(;(NT0N0@n{$og@`Uam4%uUaCP9*@QWGX9
z{P@Ag+Bgh5@F#Eg5Y9s1Tb4W8at(wr+7n>Xg?6iiieX|r#&`p#Con2i%S8*8F}(E)
zI5E6c3tG*<;m~<e=g`4E<@6ZZ8Ot+&-pVKoq@=)RHy9<I(`p<?)r&YNlEA8CnAU#=
zLQO*=y%_uKi|5n%djKteWf@r}R-KMkn1WGKj9GE)TB7@l$)5};KH)qNoDq}(AbK{}
znBj7g3J8U8H}w+i?7tr%6@z$7g2f*NiOc*m{3%|}PM)?==&#x$-Jq&uhpzZ8rtUDZ
zNmR^a5g(7wY6XKEPtNK>6>!&H!GJ6zEu<u;zM7UrmSD`Ps)7>hH7mkAzovdhLy;)q
z{H2*8I^Pb}xC4s^6Y}6bJvMu=8>g&I)7!N!5QG$xseeU#CC?ZM-TbjsHwHgDGrsD=
z{%f;@Sod+Ch66Ko2WF~;Ty)v>&x^aovCbCbD7>qF*!?BXmOV3(s|nxsb*Lx_2lpB7
zokUnzrk;P<R;aXTpYj?03<w4%%%E_Lx%w}?h6KFkYmQz_=Q!;KI~@zvyE@sz0~S{=
zc7Zp1Pg<<C5w3_-RsBETlpJWaAlby+);^?em@HJt835O5jnvwJ!Ezt?UH{GKJ#_-;
zXWyIZeRlqoB-*o!rz0dsi&bmk<~!5}rFXX!TR>=T-&kUHO}td+Zdj!3n&NR?K~cRU
zAXU!DCp?51{J4w^`cV#ye}(`SQhGQkkMu}O3M*BWt4UsC^jCFUy;wTINYmhD$AT;4
z?Xd{HaJjP`raZ39qAm;%beDbrLpbRf(mkKbANan7XsL>_pE2oo^$TgdidjRP!5-`%
zv0d!|iKN$c0(T|L0C~XD0aS8t{*&#LnhE;1Kb<9&<JFZp&cEpRA~JX*2uhno)g+lW
z)A2j^Jp=5|9|_BqD3yNfz$3!^TP^t32VmQN>=c2B+9JeLvJr*AyyRh%@jHej<V&M}
z(_rfkTF8<3M0mfUD?DaD6=7VHc94p8)f%k_sKhOPc+3w*C;t63&?zS3e((b(P6Fva
zg1a!>=AetOMSlz^=!kxX<aUab1e69e5UxkmMM!xSN{9YUYGb=H*((f4#ZL$Ijz4ZG
z=M2TpNE4&~3j}eO`*MD}g}>>>B{2B1uIrQyfd8KjJ+DBy!h)~*(!|&L4^Q_07SQ~E
zcemVP`{9CwFvPFu7pyVGCLhH?LhEVb2{7U+Z_>o25#+3<|8%1T^5dh}*4(kfJGry}
zm%r#hU+__Z;;*4fMrX=Bkc@7|v^*B<Xvhu2*uH*LPz_h!qs>;HA<UqXI?t|tCaZDB
zM}=e!+VluyMT1_wK?{{}fh!prU@u#|#$3A*>l0((IBPPii%X9+u3DDF6%<Dxg01id
zvRMgy`}RNgOUmsF(*g|!7J~5qLXiIVe!ooTZQWeHyp<$?w&ud7re6&`d1HHH%m41@
zrE0Fb;A`T35^B${Rk`^BD>bI&6?Eu$8&aWVqHIM7mK6?Uvq$1|(-T|)IV<>e?!(rY
zqkmO1MRaLeTR=)io(0GVtQT@s6rN%C6;nS3@eu;P#ry4q;^O@1ZKCJyp_Jo)Ty^QW
z+vweTx_DLm{P-XSBj~Sl<%_b^$=}odJ!S2wAc<kP=%^q`Fk3#DzIfRc20!g-U?(r0
zttu-F5dSTOh@Hh;*8<POV|23UE<I?%YD*|RoGT_RNfg)N<d$-CVBslaSc2;hu2@iM
zijnTdup@(TT6QsX1DSS%iD>xenmzFGX1t&Qp8Vxz2VT`uQsQ<N&Na@Eg(*vW-Sx0Z
zwa1eC?gP9=v{v;-el(Byq7uXErY6a?>Ytdn&_0xVivIcxZ_hnrRtwq4cZSj1c-SG9
z7vHBCA=fd0O1<4*=lu$6pn~_pVKyL@ztw1swbZi0B?spLo56ZKu5;7ZeUml1Ws1?u
zqMf1p{5myAzeX$lAi{jIUqo1g4!zWLMm9cfWcnw`k6*BR^?$2(&yW?>w;G$EmTA@a
z6?y#K$C~ZT8+v{87n5Dm&H6Pb_EQ@V0IWmG9cG=O;(;5aMWWrIPzz4Q`mhK;qQp~a
z+BbQrEQ+w{SeiuG-~Po5f=^EvlouB@_|4xQXH@A~KgpFHrwu%dwuCR)=B&C(y6J4J
zvoGk9;lLs9%iA-IJGU#Rg<oAf^xeCDGN*>nZZR+@{5lYl8(e1h6&>Vc_mvg0d@);X
zji4T|n#lB!>pfL|8tQYkw?U2bD`W{na&;*|znjmalA&f;*U++_aBYerq;&C8Kw7mI
z7tsG*?7*5j&dU)Lje;^{D_h`%(dK|pB*A*1(Jj)w^mZ9HB|vGLkF1GEFhu&rH=r=8
zMxO42e{Si6$m+Zj`_mXb&w5Q(i|Yxyg?juUrY}78uo@~3v84|8dfgbPd0iQJRdMj<
zncCNGdMEcsxu#o#B5+XD{tsg*;j-eF8`mp~K8O1J!Z0+>0=7O=4M}E?)H)ENE;P*F
z$Ox?ril_^p0g7xhDUf(q652l|562VFlC8^r8?lQv;TMvn+*<c9jlj>8I}&+hIQYh2
z1}uQQaag&!-+DZ@|C+C$bN6W;S-Z@)d1|en+XGvjbOxCa-qAF*LA=6s(Jg+g;82f$
z(Vb)8I)AH@cdjGFAR5Rqd0wiNCu!xtqWbcTx&5kslzTb^7A78~Xzw1($UV6S^VWiP
zFd{Rimd<L>-0CZC_Bu(WxBFW7+k{cOW7DxBBkJdJ;VsJ4Z@lERQr%3eVv&$%)b%<~
zCl^Y4NgO}j<COChW_}a6vln)bF3$TpaLb);b~-PYxxR%}%O<}>s@u{|o~KTgH}>!*
z_iDNqX2(As7T0xivMH|3SC1ivm8Q}6Ffcd7owUKN5lHAtz<t12Aa&#mkpHAAP7vmV
z^!AJ*2~=PgYP(Wn4Vk66dQCX+{#B-Z%T|HyH;WjNt4~Za-}DB-){PA#h!r8;?(Vb^
zk44aj#5Wa>MM4<0v+ykUT!QiowO;`@%JGv+K$bBx@*S7C8GJVqQ_K>12}M`f_Ys=S
zKFh}HM9#6Izb$Y{wYzItTy+l5U2oL%boCJn?R3?jP@n$zSIwlmyGq30Cw4QBO|14`
zW5c);AN*J3&eMFAk$SR~2k|&+&Bc$e>s%c{`?d~85S-UWjA>DS5+;UKZ}5oVa5O(N
zqqc@>)nee)+4MUjH?FGv%hm2{IlIF-QX}ym-7ok4Z9{V+ZHVZQl$A*x!(q%<2~iVv
znUa+BX35&lCb#9VE-~Y^W_<SUna+(6v_v93h$)MSc{mD`=k6;#c%#QV`lbAtfE3~q
zAtA7|n`xq>f;Xhl%vgjwdjzMy$FsSIj&ok}L+X`4>J=9BkN&nu^E*gbhj3(+D>C4E
z@Fwq_=N)^bKFSHTzZk?-gNU$@l}r}dwGyh_fNi=9b|n}J>&;G!lzilbWF4B}BBq4f
zYIOl?b)PSh#XTPp4IS5ZR_2C!E)Z`zH0OW%4;&~z7UAyA-X|sh9@~>cQW^COA9hV4
zXcA6qUo9P{bW1_2`eo6%hgbN%(G-<qHJAT=v`nNhtT>F1xTvq!sc?4wN6Q4`e9Hku
zFwvlAcRY?6h^Fj$R8zCNEDq8`=uZB8D-xn)tA<^bFFy}4$vA}Xq0jAsv1&5!h!yRA
zU()KLJya5MQ`q&LKdH#fwq&(bNFS{sKlEh_{N%{XCGO+po#(+WCLmKW6&5iOHny>g
z3*VFN?mx!16V5{zyuMWDVP8U*|BGT$(%IO|)?EF|OI*sq&RovH!N%=>i_c?K*A>>k
zyg1+~++zY4Q)J;VWN0axhoIKx;l&G$gvj(#go^pZskEVj8^}is3Jw26LzYYVos0HX
zRPvmK$dVxM8(Tc?pHFe0Z3uq){{#OK3<aeeBkf6Ls@D&>i-ra#@+;*=ui8)y6hsRv
z4Fxx1c1+fr!VI{L3DFMwXKrfl#Q8hfP@ajgEau&QMCxd{g#!T^;ATXW)nUg&$-n25
zruy3V!!;{?OTobo|0GAxe`Ac<m7!f>n3GV@W=&n;<LWwg+BOz1x0PVh(8wy5x)H%n
z);^KLwS*zuK_mXLt=05$RqxmlzBGrOU$*+pD67{&9S4nenf`=wmSIir^E~5#<>~&9
zQM>NWW~R@OYORkJAo+eq1!4vzmf9K%plR4(tB@TR<A8<4IpzFAVt^jntH)?Lln%G`
z6tiucWhgUNI?A8Udv5fHlOm9!ctl16R`GIy7|o!{GngCtp;Tz@88GLNR}tm$OZ5f}
zPju@d{;|S(Rs51!tah!+6PbnnY<$fK^X^&7uddbpg77+M3+zt^`&Wl4kC?eRy{-46
z-3%mXj1#}r%@t|kQBj7QXfN_>&FSbDoRgJ8qVcH#;7lQub*nq&?Z>7WM=oeEVjkaG
zT#f)=o!M2DO5hLR+op>t0Cix<vSdXuLLoyLNj^8w51xiOY6tARpFGMs_UAVQl{h1q
z__M5D$myTJng;^A_J=JcCX@-~s%uSop76ggk-NNPh1K-Xw6Mwq#g=?x9pSWbMg&Eg
z!IW}nRKAGc2X+4y>JCIeXH*+z{-XS|%jx)y(j&}Wo|3!l7{o)HU3m7LYyhv*xF&tq
z%IN7N;D4raue&&hm0xM=`qv`+TK@;_xAcGKuK(2|75~ar2Yw)geNLSmVxV@x89bQu
zpViVKKnl<KY)q`sT$C@o*b;pi#>kwjS&&c|-X6`~xdnh}<zE$?k&-+|)}}1-k;;{3
zWgBv<7Mg|YWBAi9*yc#1&cuZnxkZaBTj=EQ-!oi23=b7<qC?N!TC&$6!<yQuq~YaC
z_0tVTi{LC-!3@TC@6(yDt1|8;{dkSfR3rrN7be_C({Ti}0{;9qU1;it_)pV>Ps)Hs
z4VbUL^{XNLf7_|Oi>tA%?SG5zax}esF*FH3d(JH^Gvr7Rp*n=t7frH!U;!y1gJB^i
zY_M$KL_}mW&XKaDEi9K-wZR|q*L32&m+2n_8lq$xRznJ7p8}V>w+d@?uB!eS3#u<}
zIaqi!b!w}a2;_BfUUhGMy#4dPx>)_>yZ`ai?Rk`}d0>~ce-PfY-b?Csd(28yX22L%
zI7XI>OjIHYTk_@Xk;Gu^F52^Gn6E1&+?4MxDS2G_#PQ&yXPXP^<-p|2nLTb@AAQEY
zI*UQ9Pmm{Kat}wuazpj<q$kAY7_UQRU$-YKdQWJ&LyZumLzNJQ!;vvr#GB_EA<Jf@
z$2g7!{jMh`@>SyXCdnrD&|C1c5DIb1TnzF}f4KIV6D)CJ!?&l&{T)e4U%3HTSYqsQ
zo@zWB1o}ceQSV)<4G<)jM|@@YpL+XHuWsr5AYh^Q{K=wSV99D~4RRU52FufmMBMmd
z_H}L#qe(}|I9ZyPRD6kT>Ivj&2Y?qVZq<4bG_co_DP`sE*_Xw8D;+7QR$Uq(rr+u>
z8bHUWbV19i#)@@G4bCco@Xb<8u~wVDz9S`#k@ciJtlu@uP1U0X?yov8v9U3VOig2t
zL9?n$P3=1U_Emi$#slR>N5w<w?qFuOF5w}cnum+dV`a<C*;Hv>H-=J&T=EdUHA}_Z
zZIl<E_JWAQn>3nvMP*AZS9{cDqFanrA~S5BqxtNm9tlu;^`)3X&V4tMAkJ4gEIPl=
zoV!Gyx0N{3DpD@)pv^iS*dl2FwANu;1;%EDl}JQ7MbxLMAp>)UwNwe{=V}O-5C*>F
zu?Ny+F64jZn<+fKjF01}8h5H_3pey|;%bI;SFg$w8;IC<8l|3#Lz2;mNNik6sVTG3
z+Su^rIE#40C4a-587$U~%KedEEw1%r6wdvoMwpmlXH$xPnNQN#f%Z7|p)nC>WsuO=
z4zyqapLS<8(UJ~Qi9d|dQijb_xhA2)v>la)<1md5s^R1N&PiuA$^k|A<+2C?OiHbj
z>Bn$~t)>Y(Zb`8hW7q9xQ=s>Rv81V+UiuZJc<23HplI88isqRCId89fb`Kt|CxVIg
znWcwprwXnotO>3s&Oypkte^9yJjlUVVxSe%_xlzmje|mYOVPH^vjA=?6xd0vaj0Oz
zwJ4OJNiFdnHJX3rw&inskjryukl`*fRQ#SMod5J|KroJRsVXa5_$q7whSQ{gOi*s0
z1LeCy|JBWRsDPn7jCb4s(p|JZiZ8+*ExC@Vj)MF|*Vp{B(ziccSn`G1Br9bV(v!C2
z6#?eqpJBc9o@lJ#^p-`-=`4i&wFe>2)nlPK1p9yPFzJCzBQbpkcR>={YtamIw)3nt
z(QEF;+)4`>8^_LU)_Q3<u}L<{1}Pc_TC@cmCN`COOSM8a;|jWsk~1fYJv#PDsm#->
zC5_7lgi_6y>U%m)m@}Ku4C}=l^J=<<7c;99ec3p{aR+v=diuJR7uZi%aQv$oP?<K2
z4>dn?@6Yu_+*^>T0ptf(oobdL;6)N-I!TO`zg^Xbv3#L0I~sn@WGk-^SmPh5>W+<X
znt3fVJDljH9Rg;|i5lPHsR(0ho%1Z#U$BQ5Z>LB<+1PU}AKa?FCWF|qMNELOgdxR{
zbqE7@jVe+FklzdcD$!(A$&}}H*HQFTJ+AO<jQkEo4(Zr!RbHw&%VW+jartXEY{IAo
z-<Q*FbO_;b95g_K9)_94ZpWY1;<Z!iW)9JK0`6zeVbpJRc{foQfe9X-j8eQ-=DlS%
zH`!Rua7Ws)lQGR`lKbWfbJ{-A+Qsq7w~i7ifv23@y@q;f=f9BC2>rJYnhh}Yvta(B
zQ_bW4Rr;R~&6PAKwgLWXS{Bnln(vUI+~g#kl{r+_zbngT`Y3`^Qf=!PxN4IYX#iW4
zucW7@LLJA9Zh3(rj~&SyN_pjO8H&)|(v%!BnMWySBJV=eSkB3YSTCyIeJ{i;<t5`Q
zo(L{QW?hBDuaI(wY%y)W1q$B>(oc%_hk{$_l;v>nWSB)oVeg+blh=HB5JSlG_r7@P
z3q;aFoZjD_qS@zygYqC<CA@uG3$h<l#w}3@ssm8WfebtlUXE~>n=;Zxjo!?NK!%J$
z52lOP`8G3feEj+HTp@Tnn9X~nG=;tS+z}u{mQX_J0kxtr)O30YD%oo)L@wy`jpQYM
z@M>Me=95k1p*FW~rHiV1CIfVc{K8r|#Kt(ApkXKsDG$_>76UGNhHExFCw#Ky9*B-z
zNq2ga*xax!HMf_|Vp-86r{;~YgQKqu7%szk8$hpvi_2I`OVbG1doP(`gn}=W<8%Gn
z%81#&WjkH4GV;4u43EtSW>K_Ta3Zj!XF?;SO3V#q=<=><y*Ez-K*8OuEH#K1Uw04)
zm-E?#$M4Pw!5Sa^O{sRRDY-gWXv@8A@bA;l<_ks)es^2Nu>Tc^@?A`i;&`-cYj|;^
zEo#Jl5zSr~_V-4}y8pnufXLa80vZY4z2ko7fj>DR)#z=wWuS1$$W!L?(y}YC+yQ|G
z@L&`2upy3f>~*IquAjkVNU>}c10(fq#HdbK$~Q3l6|=@-eBbo>B9(6xV<PW<=*tlY
z$*pN5hHZpwqlet{tLghEZT#%M$0U({lim^-U@zba{?NJMf<93*()%m>`*)sae58*f
zym~RRVx;xoC<uxJ0zCckgSOZ<jKZfGBozv^HDI7G(HjLM<voAwa4Kh#eq6#2U!qA0
zF$%FfiP7?q!+@Q%0CG7sP{g!i5R&?DRZkOxRnqe`((<r{70*Vq2Rb6*k>G3`JV`xo
z!lFw)=t2Hy)e!IFs?0~7osWk(d%^wxq&>_XD4+U#y&-VF%4z?XH^i4w`TxpF{`XhZ
z%G}iEzf!T(l>g;W9<~K+)$g!{UvhW{E0Lis(S^%I8OF&%kr!gJ&fMOpM=&=Aj@wuL
zBX?*6i51Qb$uhkwkFYkaD_UDE+)rh1c;(&Y=B$3)J&iJfQSx!1NGgPtK!$c9OtJuu
zX(pV$bfuJpRR|K(dp@<Et6W$J6*Z#&a&;93*Ie~(LKx3oM(w;zbe{$4=AvBd2M!)G
z)q&m$-4a#zj+ntOm6x3DXKBbGe#P@0*At9SemktTX0uh;t#}60aB^D2eE!a4eDuX;
z-as`;dd|o4vBfl1>^j}i&H<lE5B-BmW0%$me#yff@sBn;ohRKEdDubkmfk_9%F#R?
zx3ZTQV}CG~;tIM9J0dPMr);>eJ<ZUgb6%5p(oB8d(S&NYcE9Fn#eq_UTAuN0jA(?H
z^D)QqC|?HmZ<MfF#1KC`+1B#aVb^f*7XyN**6k{KcrsXkYIuNItVY|XpO_RwL+pB-
zi361AR7q3_a+z(hygW-dSQ4&gyU_L%*Ad1YXBX3#1@&17te>Oh@|7lWo8^$*o~Xqo
z5Sb+<gm~yF$-E%g5?e&PX|O%&U0#MK#8=Cb4moDVt9pc5&|d_Nok|m&#&P2i0(_CN
zM^tc5)Kw#?l>!EtJ&e@6F+h&+<iRY;$9#Wr1>_1ETbg7LfP5GZjvIUIN3ibCOldAv
z)>YdO|NH$x7AC8dr=<2ekiY1%fN*r~e5h6Yaw<{XIErujKV~tiyrvV_DV0AzEknC-
zR^xKM3i<1UkvqBj3C{wDvytOd+YtDSGu!<rPOfY>gEMg+!&|8BQrT*|p)(dwQLEy+
zMtMzij3zo40)CA!BKZF~yWg?#lWhqD3@qR)gh~D{uZaJO;{OWV8XZ_)J@r3=)T|kt
zUS1pXr6-`!Z<!o63*D|NQNYak6gGf7_QJ$%QWph8(@+Md9XOp*qP{X}q91Av868w+
zGbBw!<JX87&2|tz_-<JKu<xhK)|6RN*Zk7fvZ42tj|cY?!)H@h7T?|0cVg1Q(Dzye
z>}w2QR7nP%d?ecf90;<QTfw00Ol^jhE%$`<-%SzE37_m?Tsl?x9jtF58}$iamaJPx
z;*k`q<{nE<sbhO}9jI-7R-I>K_7C3d!U<RH+{w3GCUW?FU;!Us-m^hLIJe*q&7e}1
zpDB4cxkQ^$zB~cRxh7B3$~Q``Zt;ZNw-Uj>Z`N(TZoWNN^Q~RjVhQG{Y<%E1PpV^4
z-m-K+$A~-+VDABs^Q@U*)YvhY4Znn2^w>732H?NRK(5QSS$V@D7yz2BVX4<IQ|}VZ
zL_WDk%d5E2#>)f5A04~$WbxGOam22>t&uD)JB8-~yiQW6ik;FGblY_I>SvB_z2?PS
z*Qm&qbKI{H1V@YGWzpx`!v)WeLT02};JJo*#f$a*FH?IIad-^(;9XC#YTWN6;Z6+S
zm4O1KH=#V@FJw7Pha0!9Vb%ZIM$)a`VRMoiN&C|$YA3~ZC*8ayZRY^fyuP6$n%2IU
z$#XceYZeqLTXw(m$_z|33I$B4k~NZO>pP6)H_}R{E$i%USGy{l{-jOE;%CloYPEU+
zRFxOn4;7lIOh!7ab<V}OmeeQNY6TeYO&&E^lN#TB*^`;ju1*`#<QB4aBWp8jLsn56
ztlcT6a*61b7mBGG7Pe5gFr$a2kxI4g;qf)gjt)|Y7A|WcqUTy7lmzDN21ov~uefIa
zStpXF9OSKG--%FP-n6GoKAZkk;aTNW1ae$KBstPWjSIc_V%4U0$Ln1&jVG=$ZcXgh
z#CvGTp=S;-S8-$7HKAq6%SA!$URan_Wx!1Oc!O*_!j0Q;YpHo#pr5>b23YKD+_-?O
z0FP9otcAh+oSj;=f#$&*ExUHpd&e#bSF%#8*&ItcL2H$Sa)?pt0Xtf+t)z$_u^wZi
z44oE}r4kIZGy3!Mc8q$B&6JqtnHZ>Znn!Zh@6rgIu|yU+zG8q`q9%B18|T|oN3zMq
z`l&D;U!OL~%>vo&q0>Y==~zLiCZk4v%s_7!9DxQ~id1LLE93gf*gg&2$|hB#j8;?3
z<g)eCVNaZv3$^cu;yV<qgy7Ou{HZYOe(Yy~3PLV!ZId!<`3EN$I2e|Sb}<jdw%KMG
z$~P@70$N+m@}=Mj9$ZG59AQ=JQRvLB(RM9)t()h{Tno>5v4S;oM6rT{Y;I+#FdmNw
z){d%tNM<<#GN%n9ox7B=3#;u7unZ~tLB_vRZ52a&2=IM)2VkXm=L+Iqq~uk#Dug|x
z>S84e+A7EiOY5lj*!q?6HDk<t%xgyS2(ef%dZKEIaXh3~wff^|xcGFVc_e~Sr`&nX
zB{0<Bl5W%rH&l?6tsWk=E?WK+SiGZtPex%sjw{ofyMqE~@feSemEiHmis}sLGcPDm
zIzGRXgYb$F!6<>Nh~0g;0Jy(al!ZHHDtur9T$y-~)94HelX1NHjXWIM7UAe}$?jiz
z9?P4`I0JM=G5K{3_%2jPLC^_Mlw?-<a70XR;I>kYYgb7`qGa3@dn|^1fRMwiyM@Ch
z;CB&o7&&?c5e>h`IM;Wnha0QKnEp=$hA8TJgR-07N<gl50D&l8aCL6u?F9;bt}O?Y
zClsN^P?BSo;~X-U^>~U5(>9vJzeoFs<a)64ao)eXA>SRBkDq=x(YgEMpb=l4TDD`2
zwVJpWGTA_u7}?ecW7s6%rUs&NXD3+n;jB86`X?8(l3MBo6)PdakI6V6a}22{)8ilT
zM~T*<jE3E@DmR%ike^(4fN~b2CI%ZAFJHK0>mU}__xSy|6XSrJ^%l<L`JF;YY6b4`
z;6>DAR3Lft%+<T2S<6#r`P7WA*H7H@Tkj*;CZWvGK|Ka6#=q$9VereUjcyuYAT-kE
z-4)n_C1YG2*?76Lh&eh@n+#B;0G7^rIA<P1)+|@l^eA4%oi{dOUZb8u1-}Kweut@X
z=3>yxC<CMW8Guf-*pI#2K9_;@nA>|ZUvSO_nqMX!_ul3;R#*{~4DA=h$bP)%8Yv9X
zyp><|e8=_ttI}ZAwOd#dlnSjck#6%273{E$kJuCGu=I@O)&6ID{n<VEYI|KdxCeO+
z8>WF5@gLb16sj|&Sb~+du4e4O_%_o`Ix4NRrAsyr1_}MuP94s>de8cH-OUkVPk3+K
z&jW)It9QiU-ti~AuJkL`XMca8Oh4$SyJ=`-5WU<{cIh+XVH#e4d&zive_UHC!pN>W
z3TB;Mn5i)9Qn)#6@lo4QpI3jFYc0~+jS)4AFz8fVC;lD^+idw^S~Qhq>Tg(!3$yLD
zzktzoFrU@6s4wwCMz}edpF5i5Q1IMmEJQHzp(LAt)pgN3&O!&d?3W@6U4)I^2V{;-
z6A(?zd93hS*uQmnh4T)nHnE{wVhh(=MMD(h(P4+^p83Om6t<*cUW>l(qJzr%5vp@K
zN27ka(L{JX=1~e2^)F^i=TYj&;<7jyUUR2Bek^A8+3Up*&Xwc{)1nRR5CT8vG>ExV
zHnF3UqXJOAno_?bnhCX-&kwI~Ti8t4`n0%Up>!U`ZvK^w2+0Cs-b9%w%4`$+To|k=
zKtgc&l}P`*8IS>8DOe?EB84^kx4BQp3<7P{Pq}&p%xF_81pg!l2|u=&I{AuUgmF5n
zJQCTLv}%}xbFGYtKfbba{CBo)lWW%Z>i(_NvLhoQZ*5-@2l&x>e+I~0Nld3UI9tdL
zRzu8}i;X!h8LHVvN?C+|M81e>Jr38%&*9LYQec9Ax>?NN+9(_>XSRv&6hlCYB`>Qm
z1&ygi{Y()OU4@D_jd_-7vDILR{>o|7-k)Sjdxkjgvi{@S>6GqiF|o`*Otr;P)kLHN
zZkpts;0zw_6;?f(@4S1FN=m!4^mv~W+lJA`&7RH%2$)49z0A+8@0BCHtj|yH--AEL
z0tW6G%X-+J+5a{5*WKaM0QDznf;V?L5&uQw+yegDNDP`<QwM)iHN0Ixe+C<}Kj)cT
z;ugg=7>hA;0XPYc6e0;Xv6|i|^F2<spnC^BAY#K6!R1`y8;L|-ax$>WB)Z$LR|HR4
zTQsRAby9(^Z@yATyOgcfQw7cKyr^3Tz7lc7+JEwwzA7)|2x+PtEb>nD(tpxJQm)Kn
zW9K_*r!L%~N*vS8<5T=iv|o<TQh`NS2YOm^v@YF+FhtT<a+buCZu6h6oT_Y5b`Scg
zm=4c{5~CgG?9-H=F8v%THj;pBAIcNf1w(JQ+AUi+?6F2LasjZ5Oz$7m+jvgK`zeSh
z^(f$UuqGD?j)9ZxVlSw*kzGRC;oCN&mCo&6G7ql5S{99P97)o*h$5+(ch97JLRzc!
zYD=hMW71CXeuLub2z%t|7;RjK6Ogym_1#+sTC!<7k`+%+%pXjbEt&Ewk(hGUoqGvq
zuM0wx5$A~T4SRbOQgIit7jaB@N32&;KWs00gsh)b^;UUaulO8Td<B}%0x3tW7;G##
zTMaSe*B!q#S@Od*Vy(-qm;}PAJhEq0;6w!v@t~78{dMpN>!zTe9k_2jC_j*7ik^M_
zaf%k{WX{-;0*`t`G!&`eW;gChVXnJ-Rn)To8vW-?>>a%QU1v`ZC=U)f8iA@%JG0mZ
zDqH;~mgBnrCP~1II<=V9;EBL)J+xzCoiRBaeH&J6rL!{4zIY8tZka?_FBeQeNO3q6
zyG_alW54Ba&wQf{&F1v-r1R6ID)PTsqjIBc+5MHkcW5Fnvi~{-FjKe)t1bl}Y;z@<
z=!%zvpRua>>t_x}^}z0<7MI!H2v6|XAyR9!t50q-A)xk0nflgF4*OQlCGK==4S|wc
zRMsSscNhRzHMBU8TdcHN!q^I}x0iXJ%uehac|Zs_B$p@CnF)HeXPpB_Za}F{<@6-4
zl%kml@}kHQ(ypD8FsPJ2=14x<gRLSp5jQ3zP{(QVzPLZLVm053fUe=@OltSio705;
z(#z2z>XJE|b20<nbuvWeRu7_ckN!4)4>RUIgs!2|R3>LUMGF6X*B_I|$`Qg=;zm7C
z{mEDy9dTmPbued7mlO@phdmAmJ7p@GR1bjCkMw6*G7#4+`k>fk1czdJUB!e@Q(~6#
zwo%@p@V5RL<HuH8=u8a6RDT=ORPK%+xl*V0g}ZRt7wrV&wXuQ&Kq5z5VF5~$tzh+o
zGvLCh{4xbZi*rM$H53QbbG^}e_;5ZL^rKOCECf%A3k<ba715W9GFJ3%z+y)SixW7v
zFUks)dR&u51!CgipP_*=HsXEQV|A6)MESe^nXfdde|e*3lS%iSm1?2t=&g8iM5yO0
zqGo^30JQ})=Z}tg94XEO6_<mfkScn>0ABU2LH7Asq^quDUho@H>eTZH9f*no9fY0T
zD_-9px3e}A!>>kv5wk91%C9R1J_Nh!*&Kk$J3KNxC}c_@zlgpJZ+5L)Nw|^p=2<X2
zVEH%@dRNgUT+xOlus$Jl>ue}CJtm;uj*Iqr)K})kA$xtNUEvX;4!Px*^&9T_`IN{D
z{6~QY=Nau6EzpvufB^hflc#XIsSq0Y9(nf$d~6ZwK}fal92)fr%T3=q{0mP-EyP_G
z)UR5h@IX}3Qll2b0oCAcBF>b*@Etu*aTLPU<%C>KoOrk=x?pN!#f_Og-w+;xbFgjQ
zXp`et%lDBBh<!%rmD;`)_Iw7qs}PxJE2OWnk0598{1@{z2=&M97kZ^;iS=)VbtW2e
z9{Njc%X1q_Y=7a@dL*7`HknH57C8G{SaT${ATgN~45gpu4M3g9K3K^dkc|SdjG%I{
zqBnN$pX_Ur&xe`6C5rq%1Au6o>~OcFnMKMUoox0YwBNy`N0q~bSPh@+enQ=4RUw1)
zpovN`QoV>vZ#5LvC;cl|6jPr}O5tu!Ipoyib8iXqy}TeJ;4+_7r<1kV0v5?Kv>fYp
zg>9L`;XwXa&W7-jf|9~uP2iyF5`5AJ`Q~p4eBU$MCC00`rcSF>`&0fbd^_eqR+}mK
z4n*PMMa&F<X)^G}xeJ@Gp5hPUp4))DB`D07_#V$I)>Occ)<Z1&cEZXfHKl6!0r^K=
z4G}bu(5ge=G8fwnhNItAV-;CCRA~!*Ffjtk+W5Q4($~|Ogx!7zYTJ+md_mLOIHP$a
z=Xv|*^wnVA6u+^6*Pjw-xuU)%_b=1oT;Uy*3v`{`12FsGfVli|)UZ4c+9zix>vTUR
zlDUAn-mh`ahi_`f`=39JYTNVjsTa_Y3b1GOIi)6dY)D}xeshB0T<J4O9}2CRcgST4
zu^DE1lNC^&bdTFMX*m;=F+oV62|j1N%Y(`}stx4V@A-${Nsme7gPF1VFeZ(Es(Tv1
z2eMG<3ngPbvsdfMDb6jRfMuIQ>8Eov5%UhWd1)u}kjEQ|LDo{tqKKrYIfVz~@dp!!
zMOnah@vp)%_-jDTUG09l+;{CkDCH|Q{NqX*uHa1YxFShy*1+;J`gywKaz|2Q{lG8x
zP?KBur`}r`!WL<v4v3q-kbT^ZHHV*Ab_1=$Ds`sw{p4Q5%K<O{0b-Frgl!8<-ysCa
z@55EXX6zF(6|%WdJ}w;c9q_T(h^VZr*46HXJncAUKTLi*=>KXY_<N$yy+H{DR|LP9
zF#oxrkoE0^A&|7gpQkf#W)&V7g<8v42B_@CDi{phanFo;l(u@KJ-))-pR{b)<rcd3
zf}4BFpSv=>K;C8$EWG>jY3UIh{+BLv0=2)KH%P}6xE2kg)%(-uA6lC?u8}{K(#P*c
zE9C8t*u%j2r_{;Rpe1A{9nNXU;b_N0vNgyK!EZVut~}+R2rcbsHilqsOviYh-pYX=
zHw@53nlmwYI5W5KP>&`dBZe0Jn?nAdC^HY1wlR6$u^PbpB#AS&5L6zqrXN&7*N2Q`
z+Rae1EwS)H=aVSIkr8Ek^1jy2iS2o7mqm~Mr&g5=jjt7Vxwg<tf08u&@2*nrRdWEq
z9>lQ^`h#Mx+x2v|9ZAwE$i_9918Mj<x0*Wdpb36@OAXTH9HjzBO?DU3pPWJl<5`?4
zJx95+eAmsI^}aX!MTHZ2jvyPZ%UQNWgYc&Az}*vhoE;`M;w#yci|VFS(*uY8dTed$
zmI+a!^D3~nUd`%d3v~n803|x?hdA<CAGP8+Vz0wak|gS0b(v+b_#OSxq^j=~x{U#C
zxb5$H!k6E86jdT96;Z=hlwo5iYt(l!8a^<>JxTMr?n!bZ6n$}y11u8I9COTU`Z$Fi
z!AeAQLMw^gp_{+0QTEJrhL424pVDp%wpku~XRlD3iv{vQ!lAf!_jyqd_h}+Tr1XG|
z`*FT*NbPqvHCUsYAkFnM`@l4u_QH&bszpUK#M~XLJt{%?00GXY?u_{gj3Hvs!=N(I
z(=AuWPijyoU!r?aFTsa8pLB&cx}$*%;K$e*XqF{~*rA-qn)h^!(-;e}O#B$|S~c+U
zN4vyOK0vmtx$5K!?g*+J@G1NmlEI=pyZXZ69tAv=@`<PF>t%ag_Hk{LP~OH9iE)I=
zaJ69b4kuCk<W;+Nm{1iL;Sjg&ce)b6RfuYXG6i3lmo`Xoo=yc_#4MF;W?A{F|EAlX
z*<!ti?&E?FEc4)+uE<O&ONf`XLQ^cl<<tMSmTYl1l}%xg`DIk~4?@x6!4)Pmk>V0V
zo(M0#>phpQ_)@j;h%m{-a*LGi(72TP)ws2w*@4|C-3+;=5DmC4s7Lp<h>95%n%@Ko
zfdr3-a7m*dys9iIci$A=4NPJ`HfJ;hujLgU)ZRuJI`n;Pw|yksu!#LQnJ#dJysgNb
z@@qwR^wrk(jbq4H?d!lNyy72~Dnn87KxsgQ!)|*m(DRM+eC$wh7KnS-mho3|KE)7h
zK3k;qZ;K1Lj6uEX<KEj5@nV#iauGcIh@~0bCkde*VA4<NzidV>LYUYi)1FN}F@-xJ
z@@3Hb84sl|j{4$3J}aTY@cbX@pzB_qM~AP<KHC>ljrjju6P0tY{C@<op~*H5^F|n>
zpUCOz_NFmALMv1*blCcwUD3?U6tYs+N%cmJ9<vk4wN1^{7_o-KiUksuyYPZPi6=aB
zRdD0jWfvBXoM%2g7{9p9f&t&G@^K{*T20!5)|u6mVvE8$*gT5c>8D%3)%)Xu^uvzF
zS5O!sc#X6?EwsYkvPo6A%O8&y8sCCQH<%f2togVwW&{M;PR!a(ZT_A+jVAbf{@5kL
zB@Z(hb$3<w@Z7>U{T_}SKA_CoQVU-;j>2J=L#lZ~aQCFg-d<9rzs$_gO&d5N6eFSc
z1ml8)P*FSi+k@!^M9nDWR5e@ATD8oxtDu=36Iv2!;dZzidIS(PCtEuXAtlBb1;H%Z
zwnC^Ek*D)EX4#Q>R$$WA2sxC_t(!!6Tr?C#@{3}n{<^o;9id1RA&-Pig1e-2B1XpG
zliNjgmd3c&%A}s>qf{_j#!Z`fu0xIwm4L0)OF=u(OEmp;bLCIaZX$&J_^Z%4Sq4GZ
zPn6sV_#+6pJmDN_lx@1;Zw6Md_p0w9h6mHtzpuIEwNn>OnuRSC2=>fP^Hqgc)xu^4
z<3!s`cORHJh#?!nKI`Et7{3C27+EuH)Gw1f)aoP|B3y?fuVfvpYYmmukx0ya-)TQX
zR{ggy5cN<mnVz7y7+knzNVJkt;lpc;qc>f4X|g)nl#jC9p>7|09_S7>1D2GTRBUTW
zAkQ=<vO$_umo;W8C9!}&#xkaPRO=3x>JMRogZqG#v;^=11O6@rPPwvJ<B8_C^h!$7
z1FiG#I7Fs!hS~+X_xS9av4ic?s4}I)b~+~ynqpL?4J!M0!;Lh~^{jyZ5OklQ8U2d;
z1_pNZ6|Y?X=U7!TcC`|AaWS_uvHe0n$~l-C+lqY=nw)_qUxZZ$`~TgLQeOW;@1pQ$
z701@hEqV6RKPy$?plo3XV+hmG(FFC_t(R=zC3ndGnN?AOBz^}Il*!(}YM_f?Vs)`N
zoXTGH^9k^Rs*ihNP{En)>kr{bW-Qg8`q8GoD#K`&Y+S#%&B>SGRL>;ZunM@49!}Uy
zN|bBCJ%sO;@3wl0>0gbl3L@1^O60ONObz8ZI7nder>(udj-jt`;yj^nTQ$L9`OU9W
zX4alF#$|GiR47%x@s&LV>2Sz2R6?;2R~5k6V>)nz!o_*1Y!$p>BC5&?hJg_M<tYqR
z53_xZU*2l8Pm44`5q;8sH8AJC`OhY?Pv0f<SBDF<5zRa5Pcc`28WO=W(}@uM2`X|H
zRYQaB%r|t}sRL>iE6UBy>RkVZj`9UWbRkN-Hk!S`=BS3t3uyX6)7SF#)71*}`~Ogz
z1rap5H6~dhBJ83;q-Y<5V35C2&F^JI-it(=5D#v!fAi9p#UwV~2tZQI+W(Dv?1t9?
zfh*xpxxO{-(VGB>!Q&0%^YW_<rkziH`41#l{!R-o<QMyf9_jzZ$o+58{{J}R|9zqw
zCjt0>F!@aZ<db_)!_xH)=)<rL4C7eRuqj-{Vl9!F47?8#IbbtVc$3LetR`tgCkn7O
z@PIcJnWwbNQc9I5c;Bn7#oM!PR?~3~=RhWhOCOgl{-a!vqnWp-GGc#(Z7u=0Jsb@k
zRLR8fKR?v;kdoa(!_kn<QSq40_$nei`C>S#ucP|YaD#>wd1Fv&Z*SR&mc;asi}1G)
z_H>`!akh-Zxq9#io(7%;a$)w+{QH)Y$?UK1Dt^4)up!Szcxnu}kn$0afcfJL#IL+S
z5gF_Y30j;{lNrG6m~$Ay?)*V9fZuU@3=kd40=LhazjFrau>(Y>SJNtOz>8x_X-BlA
zIpl{i>OarVGj1v(4?^1`R}aQB&WCRQzS~;7R{tDZG=HhgrW@B`W|#cdyj%YBky)P=
zpxuOZkW>S6%q7U{VsB#G(^FMsH5QuGXhb(sY+!-R8B<wCq$Ud&dR&R~YEJ18TLm54
z;iNBgol;q`1pM~hbiKQEHVg~udGsD!{32V0-F%Jl2*cE1CKaP}vYl}vY{JE1&Y`9<
zWxp@Q9z&I}X^~yDRt<yP&7ehNHUY-`mMuclQn{f;_BVk|%a!qyv`BTi_<F*shwHHm
zYMk#OgVxOZ5)F7}7!ZzzBqdqiT*o3-6bkMv(=P1min)~A$7Z{$hPM{)lRIzv{ziFg
ztAbHzmqKOklFBd-`W?q14D4v{uKrc3r#AAZ&_oCPRi9dQd_BxsU(vj^hw4-4vST=O
z-I*C6luz(vAIZ~@rb(A8AiNMr62dJzV>mv6Sx3WzSW<1MPPN1!&PurYky(@`bP9tz
z52}LH9Q?+FF5jR6-;|+GVdRA!qtd;}*-h&iIw3Tq3qF9sDIb1FFxGbo&fbG5n8$3F
zy<kUPcTI-*+R})(Lx?7E(-Km*D*#LFloydFBeh2ei+vLj63z@TMnj%!?Pc!@$=lI~
zWpQ4Fa#xXFx30*?LGzyx=<Q>Y&PWL{ys^dTO}oZ#@sIX^BKW*bon=;te9j5k+T%wJ
zNJtoN1~YVj4~Y<zc}D-ou*39R71C?0FVs3%E61z~{QYZ=p=4}v(=uH7JqP$9+LudZ
zPLki+z++>RrlZl)b&kJqp+Z`DqT!la$x&&IxgOQw#yZd-nBP3!7FijBXD|IsU8Zl^
zc6?MKpJQ+7ka|tZQLfchD$PD|;K(9FiLE|eUZX#EZxhG!S-63C$jWX1Yd!6-Yxi-u
zjULIr|0-Q%D9jz}IF~S%>0(jOqZ(Ln<$9PxiySr&2Oic7vb<8q=46)Ln%Z|<*z5&>
z3f~Zw@m;vR(bESB<=Jqkxn(=#hQw42l(7)h`vMQQTttz9XW6^|^8EK7qhju4r_c*b
zJIi`)MB$w@9epwdIfnEBR+?~);yd6C(Le<rt!q$FLriBQXByC(@5W-fyMd+G`gpkw
zo=2x;j`HUicFOMzOr+Hi-h(acwf1R^4yH6<++^$)J=B4dE@KAoZaXF)kE=0uwm3nd
z&m40{?8{tmrxQ5%Wq~$48e6Z&q%RJty{nmI+wz=hvB#pKRac&c?EYSnrDYd1X>MC&
zn&&N*?-g&BBJcV;8&UoZi4Lmxcj16ojlxR~zMrf=O_^i1wGb9X-0@6_rpjPYemIin
zmJb+;lHe;Yp=8G)Q(L1bzH*}I>}uAqhj4;g)PlvD9_e_<a@g*lf#ro&Ve1Oe9Dd~M
zzE8GyZq;U{s*VsFviyO$Mu<MkXYCJUQhOu^nB+^MD~g42i6J&pJlqN$*=O9FeOy#D
zMH(Hs0#anHAVz%4@!PpgmX|z|oRKkJQ8-ANxDXdJsPW`~G`Uz*(^?DtT&VY313h$)
z%Z_iZ<k;!|>ScR{Ipq|$8NvAvLD8MYr}xl=bU~)f%B3E>r3Bu9_t|ThF3C5~BdOve
zEbk^r&r#PT&?^V1cb{72yEWH}TXEE}w>t!cY~rA+hNOTK8FAtIEoszp!qqptS&;r$
zaYV-NX96-h$6aR@1xz6_E0^N49mU)-v#bwtGJm)ibygzJ8!7|WIrcb`$XH~^!a#s&
z{Db-0IOTFq#9!^<xwp4XVUmX2>j!n_F}#<SlrwIgws078xQpgq<=PFmW_#a3Vf1lR
zSZtW_!4KrMla?XPZ^%!uYvas5(q&p4<B~4-u7ZKo%gG=AWYrPaK~Ksf`2-Ltd1AQk
z$_l6x1x`BMZqVJH81bkQU_K4!7|CM9*e*BRdOD=<*r=%KzmW8K`FLhkaj-7c$V5Vt
z97r)f!2oBGV~&1@x<{&a6SOQM=KG6k)^{##XUT*iOlT|QkpE~1=S*FV(g_CM^s;$&
zRL7Q)Be-0f7v6$Yv*CJnQ>Z_nX{YzBK8XLPVmc&X`fT7!@$U-@2KM9soGbmOSAmqV
z{nr$L^MBo_u^Joyf0E^=eo{Rt0{{e$IFA(#*kP@SQd6l<gO0qV6sCD7Vl>WT2-#>`
zP1)7_@IO!9lk>Zt?#CU?cuhiLF&)+XEM9B)cS(gvQT!X3`wL*{fArTS;Ak`J<84du
zALKPz4}3nlG8Fo^MH0L|oK2-4xIY!~Oux~1sw!+It)&D3p;+N8AgqKI<GHze0K;7v
zH(+WEQqQ~(T0<)QjJr`7lg^24K~?@;_<cT}hEd4HZB%o_OQsl^L70Ju&(6N2Jbrfe
z{_b&PJgA)_dyARwqVQ$xthjN!Eyh&j;D~!^U-07v?ZtU+{rtxuW4xJPKdBd+XtoJk
zHGuql=D%L$>`ld6v71wy8I!eP0o~=RVcFQR2Gr(eP_JbSytoQ$Yt}l*4r@A8Me94y
z8cTDWhqlq^qoAhbOzGBXv^Wa4vUz$(7B!mX`T=x_ueKRRDfg&Uc-e1+z4x$jyW_Pm
zp?U;-R#xt^Z8Ev~`m`iL4*c#65Nn)q#=Y0l1AuD&+{|8-Gsij3LUZXpM0Bx0u7WWm
zH|%yE@-#XEph2}-$-thl+S;__ciBxSSzHveP%~v}5I%u!z_l_KoW{KRx2=eB33umE
zIYFtu^5=wGU`Jab8#}cnYry@9p5UE#U|VVvx_4l49JQ;jQdp(uw=$^A$EA$LM%vmE
zvdEOaIcp5qX8wX{mYf0;#51~imYYPn4=k&#DsKTxo{_Mg*;S495?OBY?#gv=edYC*
z^O@-sd-qa+U24xvcbL0@C7_6o!$`)sVr-jSJE4XQUQ$?L7}2(}Eixqv;L8AdJAVqc
zq}RPgpnDb@E_;?6K58r3h4-!4rT4Ab#rLHLX?eMOfluJk=3i1@Gt1i#iA=O`M0@x!
z(HtJP9BMHXEzuD93m|B&woj0g6T?f#^)>J>|I4C5?Gam>n9!8CT%~aT;=oco5d6U8
zMXl(=W;$ND_8+DD<ykE9Jy7gkqr#{X4q*TB+m~s#gS@r(GY*77ySFy{9E;{vV}3na
z%pxHTT*dvMnlo4+oTy^p7miJ3ziqr(ZOJ)L+PUs&R@+OotCT;pPyt{0jl<-}(V7Gp
zX$>*?|5bJ!;8ebESXMUKBAf7YBwNVJibGaJ*(2G`F%wx)grqVPjudiaq^Kl&g$8A2
zWMxMr@_$c}d<p;ey3Tcu>+;_B`#kUX-t|4VKH&_f^^EP0&=DPLW)H)UzBG%%Tra*5
z%$kyZe3I&S#gfie^z5)!twG={3Cuh)Fde<XTsb9xO3ZH)#ow2vM~pRh=a%Jxr4}vf
zpeoa8O2Xww;R&D4PixE%^{woC{=Bqwy7h$AGh*xb_!Z$59PhU?bnh=6>A!Kj<-9**
zvT*5%Tb`|QbE!iW-XcOuy39>D3oe6x{>&<#E$o8Ac|j)wq#kQzz|ATd=Z0K!p2$QE
zPu?jL8Lb^y3_CQE{*}sTDe!2!dtlFjq&YLY@2#4>XS`}v#PLrpvc4*@q^O{mmnr5D
zmyJq~t?8>FWU5vZdE(%4cuZuao0GNjp3~Dt*SLaxI#g_u>hu@k&9Ho*#CZP~lFJHj
z(e!SYlLigyc?&5-YxlE{uuk$9b&l6d`uIlpg_z15dPo*iU&|Khx2*A5Fp;8iK_bdP
z?T6|^7@lcx2j0T@x>X7|kuuBSB7<^zeY~R~4McconTxA2flHC0_jFxmSTv-~?zVT|
zG_|<oYEZfi84t5$?vv+%b)zg;Tm0h&qX7^OaItn%bat|_vvqef-&inSz3!+*B~MXf
zn>yDqa9lkF*B6_{j=T>=M8r<0s;@z#h)3BQ4NLl@`Xr__o7;~M&dL3J8fP&zLfDfy
z);ckcTev{@OUlZ`<a~3lY1y7T*bPTeFJ6B%#~z9?lT!*(A@tJdla9v|(yEo_D!5l3
zgWpU~zc-S_OEaBH!tqx5iHR`(p_}%5+rGBpw+VO8i%xcu<ZEk%m%_6nMT>bCo(-3?
z1u1xD`PKgSg?RqeVVsF<1SLF;XYA@Bsa&cY!I48ZJn1V<3d!?s=St?T<RZHAo{>Lo
zC0cNr`qD<Wz+@C|#V>*M#s6f~X>SCNVkva^9A2ZP>CoJ9bvgXe_c}WdX-)pHM5m7O
zrHt#g$F0AO+nGA;7dSJ?)|Mo~cf{z2L)Rz!`fpi73Zv)H=a5K)*$5sf_IZypi($P5
zsPwUc4~P-J1@^3C6-r9{V-u0Z&Sl7vNfmuMY4yy*cL>_)BmQF!8Om9Dej%cHxbIzA
zhtV0d{=%cr?;bpBPjt@4w=#<>k5ee=TiWAXM2~tUG<V}0zLoj=i_-Df@ocJ$(doRp
ztKallYpOUL#3IL6u(+quF)vpQn3m46D_;nvUCNo3?ECVPP9X(bd00g%F#AlS@SJ#4
z%8N#aRo==*hh^$QLCs*-+4DRsO2)x^3cbV3Q3KH=HsOMoWaaL-P@E2B9AQu{uH>fm
z$s&!Dm0R^V$}fOR*B^kGaipi~rx~A2cS0;t&k<A0G-}=%(v(Q0cfU+X-TJJhn(DnP
z4JUVy2A}-oOBotf4Se48>hV1a<cf@1eDWd;R?38Krle_gtcZK}=dkLCqItP$?~n+g
zae42{<6B27z2%?Bsw0ffr{rV{k~Rp8I~N^Hl7A(kh?&)UkI(~LwR%>4u38*XRUP~f
za!rZMtay8bsLt6yFYl@>-y^31(*P!L^^s@mslZy(SMsv9bVoX`O#yBgEcjCmGpyc*
zeH$Dw6vB5P*;jor+JOX@;6K#+xc)Z9B8M=x2a@Wx-{snPGpRmOC$zpsqW*JCh@M2Y
z#K+M(>=#d^>Of9C`))h<=Bsy)6zaMJ&x-t%&+Ucp<HIt~W~b;(@$>LjV`jo4R2025
z<Y{{N1{{e3B{Jn+c77XlWtbx9OBU+M_(;<8;0~=8Ph2QMs3+Zw?bSQV;q%^JEaX$e
z;Vd8f)b9ET29wV$Q>XaG8EA!0lQa)|dx-@{O)qP6`$rhCkoQqZ`^SW8g-kOwrwsK8
z3ms*AIcyj}-1x&A&vSq{r=QMyp3CHdWH35!sad#!Sm>^|-|afB+Q;|Iq@LFgqIp#Z
zD1%H+3I?6RGnk&IFo|u+E0dCxXz4yI^1i!QTu7uvIEH>i3rR{srcST`LIRwdV1P;W
z+%AN1NIf@xxvVLiSX`8ILA8MzNqE&7>%jMzGt9wm78bo9<;h*W84i29^w!>V>{N+S
zd`5Zmz^G;f=icvoOZfK5#1ctx*~UwD=ab4DGQXehQ!XYnak*dee%YN$_ZPL%KZuz$
zD;$PpT;HM^$KwtQm@7uvT`i6>Hae1CoRVM2)NL<2-k2PiX=eAx+-6j#JI?M}(tuBW
zkF%jjLR)O`gI2fcPBxF^HeI|DWwQWHVR!;;{BXXHskxh8F@BMDn`oEi-NHt;CLymW
z=KSv5)3dyzec0T5B*`g-MQ<;gz=nIWKUi9ko<|4I(-<w4I#sX{Ql80P;8bcKjlGSK
zp~yQ(;^y0s9RFCvc2u(I^#Y^!@tjudAd*v;f|XiHBQNGS6_b-95puIO<;QO*=%?{0
z;mryS)gDuCe~tZ`DPIW5W_fNj_#jL{`6lJ5cJ6SG=+^EJr^`JeJsTD;MclG_sxisZ
z?uhn5F($|2nJ7pvty*2qAtsOJRY_NI77&m{ISD+{sJ_)^o**`w`N>E0k$QncH>E4l
z**1w&#={&zv4Tvhgz#c29`m|;<Ue5bFAZpjqANUFk~kBGuYK<_JK>lU-jmaXFMC11
z*dlXDMEOG>VoLMc>!rApwOu2prKSi*!w%`yzGmS+k(zm*CsLK*wv{S_0WX^8A-rKy
zbk^Gf_92^7iB_uUF)EE+ET4d|X|>d&mdN?x@vxKAQk`O+r4Qdu>XGy(a(19g;=jU}
zFX{O*_NG>!$@jh!U369Lnc+D~qch3uT+_Amyi}*k#LAAwh}k8IPK5a-WZ81ufD>l>
z$4cF}GSz>ce`3FAic}6W4Z7m9KGO?(eWqi@L|5Hq0@L|&2flN1PVl}XgQ2q*_n2s3
zt5KtowNkTYB5b;SVuoXA@i5irXO)A&%7?V`1@HGCB&)Wgk+l|^XXChq;u(nyPB}b3
zY>m5jkxpZgi)zfbgv&ec4Zqdvm+D<<?3uny=i;xwOlAC_Tc+b0;kY7-vx;A)KO<$b
z!mM&%JEI}t>?Im*mXweS9H+V>)zF#Zp3)bhl$PbISY{5=_z!8&*Jv~NYtI-g!>fDs
zmvL5O^U%!^VaKA9gvKw|5?-jk>~%CVGvctKmP$kpnpfN{D8@X*Aazi$txfa%vd-|E
z>kYmV66W!lNekJPom29LdZ%(I+ZLZYTXzTg*to~m?7vp%{V<~>H+2}PQ?PPAq`36R
z<%wR8v6UkS>Wt#hzGk#44W<%9S=nBfB);6clKwnxY}T*w21Qc3_?IJ@4gYzC7s;WP
zVQNI(M=S=JT#xsZy7G`cR(BP9*je0bfeN8JN5~zY(DDs0t{LpHOIbN);?T-69Pf3R
zSNe*&p2%AwXHL>__g+xd4Hlc_vu<25H?(`nafS%)3UPP7_4;gk-9ckt8SJRTv5v0M
z_Hww`qPudL?ajIR&X*;$y-`<)6dxx1U~5eGS13CB!lX;3w7n&lDDiArbAhSycd}+b
zya_3p@A`$kQy;|NJZ~s44Hqo7Hwt}X86NK=(ey>lgWTtGL6k@Gy;PbO!M%1~Wcn2k
zUFP|*5d>t-X*RU8g%>|(wwj*~#l4z^Aatf^DWd1Wj#Q*AY<o|l&}{LI>0D^V@sC`M
zjJc6qXu0I7<!pZblLF~RwT5!S6dVx}2`xj{-i;+(qkgJG1)noJqLA@@RN<oLUCRPP
zxfjHQUai*rkwqrT60~IzB@%WBX02*tw3*sCrM8W>Y*2;;gGu!plAFzG=J;1%eIOdn
zQA>J&e05UN*7I5@yRhK|lbBSfJ+5Uq;!&HV@xfPZrgD}kE*1DSq^=%{o%|LChhl#0
zlMb<^a6ixzpd{kNZr|3jTGeEzuo}-eLT-)Q$#b{!vKx8Tg}swCni>{#%vDY$Ww$84
zew3c9BBovqb}_&BRo#^!G(<gf6o^lp99LD#kx<MER=<@tCX1^BFTbwM^``7(LOQY@
zEqxVCkp#2PI<XB`ov%%Q&@SoBV=IvAgzt#VzvgC(Kk;TpN40`oC^`5s%Q9iB#w=Cj
zv1+$@qJ9DCi{ddRIdFp4*=KLoO^UY)$YpX=UdXvuhtp5Oj@vhVm%-sV85eDjNH{EX
z*kvKl&?&j<QGMeW7tPWM6{1)n`=ac?#8d9f@kIV3kA+gW*^Tqv$T~yoa2DpOjcxOS
z{G<-ajSf74;}+hudPnyuH|_19-h+%2{H$u`G5T5vjwblv={62_r17YY1X@Bcq7XM-
z)mu@onGHy+sUpJW64FX6=h6@DEhZ~&X>1Eg((BScRZ}C)Oz?y`T5wOrv);)b^4XR8
zhJo7+<^7)qB>I;46!GySzdneZ>n_E1oWZY;kf94#)s)kWjuJN1c+wbVoNQcmnv}{>
zN0pF+Sl3E}UQ$}slSZeLJrwT>Sr}#V(dVaezCQl2|4LN`7L7v&siYR|r7M(*JYfR$
zst3=YaDw$FSc{g}KHO&QiKxuhEzF{f%RJLKe3p*7=oo`WNP)M(9X1zIQPP0XHhY3c
znrP{$4#Ol$A0s|4S7Gx2L23<cPp>dv*Gv2o;h((XVn+9+$qvm}s%zi6nI-_s6?mG!
zj{DV;qesJb&owKeEK?=J>UcAlYckA7Sl+I&IN=yasrZOkejir*kE@SN`fk<8Fgx*$
zy&fE6?}G)d_N`){P~U@1jRVA|2*69)KSe_}!~?+`Yb{Y=O~_+@!j<&oVQQMnhoIRU
zA0CyF1OFfkK44n*JD~!2!SCPM;PRSk%1XL=0&rz00wxPs&-_eapJy#$h!eqY%nS0{
z<se?qfQ89XwwA;8XB>!aGg58JIJP<C?-Lq`lTNsm#AgHVz-Y0s_<jRmVW9#JfaAO^
zUgrN5kYa6CiV<`BwJ8O)sIywY6(a>F3_ci%n)QSVpa2H`vIe$RD43;#IRfDV&Ibit
z+?>HW4{2wOfC6Fw)}4x}i1maDxcE1qi@BS*qcxD2gE@h3#4cgU*D-&3z7D|tVZWt=
z-Cy2+*Cm@P4GN_TPUtaVyVesbVDazF@)j8VJ4>XZv!f%}&eO1SvIgr}4`A*3#vat<
z_MoByL(qW6L7SFZ#|Gc1fFN)L2PxY+{B8tJp+pxRyz*87)vXR}*=&ahXjBlQKguuf
zX6x<<6fQulE^C*KH8~W%ptpaC0l?b=_{~*U4?5Vt;dgM4t_{&UZ1C2j?b><dx`$8!
ze4sJ^8}?7VYiLoIC$69~0MIA!!7Rwu6Dq)kX*<lHqT0U&4WX!<G&bkefpSP0=xCcO
z()hqGP~~kv6H&HvLm+kCE!Nz>b+5}{IF_CUyvz-@QZPMlJ)r_tS$9kH%RPv#2_nMb
zRLj5;chJ72*U`Z@Dqt4$@_+k$%|8m(HqLG!qT4P^DdfvGf&){gKnGCX#H0!;W=AGP
zbA&Z`-__a)VTS}k<aEJ311DSHJIu)Ndl?O_C*N_MS1q7Laqq*zlG()h4UCODa;iH4
z(XC(Z`(-cCxkOrT?MTkb=V=+hyg5L(*^!(=yP$&GArQczUu2*gZo{O9t9~>KFjWGk
z%|>yE?t*EJ!qeQ%dPk$;xIQ+P0;()PCBDgjJm6Buj{f^awNoVx+9<|lg3%-$G(*f)
zll6oOkN|yamn1uyl2*N-lnqRI1cvs_JxLTeahEK=THV$Sz*gQhKNb*p0fNoda#-&F
zB-qJgW^g}!TtM|0bS2QZekW7_tKu%GcJ!4?lObt0z_$mZ4rbQ0o=^curCs3bJK6sq
z9fu-aW-l#>z~ca(B;4yv;2RZ?tGYAU)^)Kz{L|4oP<SkWyBU+f_%F<#?yy=LhA~g^
ztueiO@sJ(BDN3Mz`8So5#&T!OUtM8qWT<xiIyfpo(&lgE-7DEcM?<Kd`UVf_*}r(8
zCzgNsXNSi)1{V0~XToTF|4Nv-??<~$G(Uy7p@qc!_j+!O;`gtF$xU(Y@7%v-yrD2q
z{qJ=kRDjxcFq_oCp_our<PFSF$4y0BpPO%|kqiZgitTQIUv=I!_}1+UsxG+!y@1>j
zdOf_?de|#yS)p2v8-N||+XL=O*%3+y)oI(HbM)Ds?q8~HPzI<h)CPl@-?j`}I~*GQ
zcLT0AdRsV9-Yt|ap{0ce+ueYFd~HkkokH(I37}yNHwen&wj}s>P(vs*G`iddbWq}!
z(2!VjP&{Z1w+%eUq^<EbM|6YYL8Gs1;NfI!i}!ad7AQ0{B*q4GUFLSsTemUjW%3QQ
z?x$O#{du(<S~Tcw-wm+KV87yz$<g}Aw&`BzzwZ7*S)lh#H&`6YcV^kz4bZzc8<<74
zTVg_=YnyK3KuZig$=*P(YT6QgZ5w5ab8RRz^rUbD`bEoj(3{T<PpIR8sX1nHE{??k
LmiCMtn7{r93&V3<

literal 0
HcmV?d00001

diff --git a/examples/example-oauth/gradle/wrapper/gradle-wrapper.properties b/examples/example-oauth/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 00000000000..ae04661ee73
--- /dev/null
+++ b/examples/example-oauth/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/examples/example-oauth/gradlew b/examples/example-oauth/gradlew
new file mode 100755
index 00000000000..a69d9cb6c20
--- /dev/null
+++ b/examples/example-oauth/gradlew
@@ -0,0 +1,240 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+
+APP_NAME="Gradle"
+APP_BASE_NAME=${0##*/}
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"
diff --git a/examples/example-oauth/gradlew.bat b/examples/example-oauth/gradlew.bat
new file mode 100644
index 00000000000..53a6b238d41
--- /dev/null
+++ b/examples/example-oauth/gradlew.bat
@@ -0,0 +1,91 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
new file mode 100644
index 00000000000..929002c9a1d
--- /dev/null
+++ b/examples/example-oauth/pom.xml
@@ -0,0 +1,126 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>io.grpc</groupId>
+  <artifactId>example-oauth</artifactId>
+  <packaging>jar</packaging>
+  <!-- Feel free to delete the comment at the end of these lines. It is just
+       for safely updating the version in our release process. -->
+  <version>1.59.0-SNAPSHOT</version><!-- CURRENT_GRPC_VERSION -->
+  <name>example-oauth</name>
+  <url>https://github.com/grpc/grpc-java</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <grpc.version>1.59.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
+    <protobuf.version>3.24.0</protobuf.version>
+    <protoc.version>3.24.0</protoc.version>
+    <!-- required for jdk9 -->
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+  </properties>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>io.grpc</groupId>
+        <artifactId>grpc-bom</artifactId>
+        <version>${grpc.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+  <dependencies>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-netty-shaded</artifactId>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-protobuf</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.tomcat</groupId>
+      <artifactId>annotations-api</artifactId>
+      <version>6.0.53</version>
+      <scope>provided</scope> <!-- not needed at runtime -->
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-testing</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.13.2</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+      <version>3.4.0</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <extensions>
+      <extension>
+        <groupId>kr.motd.maven</groupId>
+        <artifactId>os-maven-plugin</artifactId>
+        <version>1.7.1</version>
+      </extension>
+    </extensions>
+    <plugins>
+      <plugin>
+        <groupId>org.xolstice.maven.plugins</groupId>
+        <artifactId>protobuf-maven-plugin</artifactId>
+        <version>0.5.1</version>
+        <configuration>
+          <protocArtifact>
+            com.google.protobuf:protoc:${protoc.version}:exe:${os.detected.classifier}
+          </protocArtifact>
+          <pluginId>grpc-java</pluginId>
+          <pluginArtifact>
+            io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}
+          </pluginArtifact>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>compile</goal>
+              <goal>compile-custom</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>1.4.1</version>
+        <executions>
+          <execution>
+            <id>enforce</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <requireUpperBoundDeps/>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/examples/example-oauth/settings.gradle b/examples/example-oauth/settings.gradle
new file mode 100644
index 00000000000..273558dd9cf
--- /dev/null
+++ b/examples/example-oauth/settings.gradle
@@ -0,0 +1,8 @@
+pluginManagement {
+    repositories {
+        maven { // The google mirror is less flaky than mavenCentral()
+            url "https://maven-central.storage-download.googleapis.com/maven2/"
+        }
+        gradlePluginPortal()
+    }
+}
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java
new file mode 100644
index 00000000000..33e5182430c
--- /dev/null
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.oauth;
+
+import io.grpc.CallCredentials;
+import io.grpc.Grpc;
+import io.grpc.InsecureChannelCredentials;
+import io.grpc.ManagedChannel;
+import io.grpc.examples.helloworld.GreeterGrpc;
+import io.grpc.examples.helloworld.HelloReply;
+import io.grpc.examples.helloworld.HelloRequest;
+import io.grpc.auth.MoreCallCredentials;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Logger;
+
+/**
+ * An authenticating client that requests a greeting from the {@link AuthServer}.
+ */
+public class AuthClient {
+
+  private static final Logger logger = Logger.getLogger(AuthClient.class.getName());
+
+  private final ManagedChannel channel;
+  private final GreeterGrpc.GreeterBlockingStub blockingStub;
+  private final CallCredentials callCredentials;
+
+  /**
+   * Construct client for accessing GreeterGrpc server.
+   */
+  AuthClient(CallCredentials callCredentials, String host, int port) {
+    this(
+        callCredentials,
+        // For this example we use plaintext to avoid needing certificates, but it is
+        // recommended to use TlsChannelCredentials.
+        Grpc.newChannelBuilderForAddress(host, port, InsecureChannelCredentials.create())
+            .build());
+  }
+
+  /**
+   * Construct client for accessing GreeterGrpc server using the existing channel.
+   */
+  AuthClient(CallCredentials callCredentials, ManagedChannel channel) {
+    this.callCredentials = callCredentials;
+    this.channel = channel;
+    this.blockingStub = GreeterGrpc.newBlockingStub(channel);
+  }
+
+  public void shutdown() throws InterruptedException {
+    channel.shutdown().awaitTermination(5, TimeUnit.SECONDS);
+  }
+
+  /**
+   * Say hello to server.
+   *
+   * @param name name to set in HelloRequest
+   * @return the message in the HelloReply from the server
+   */
+  public String greet(String name) {
+    logger.info("Will try to greet " + name + " ...");
+    HelloRequest request = HelloRequest.newBuilder().setName(name).build();
+
+    // Use a stub with the given call credentials applied to invoke the RPC.
+    HelloReply response =
+        blockingStub
+            .withCallCredentials(callCredentials)  //   callCredentials
+            .sayHello(request);
+
+    logger.info("Greeting: " + response.getMessage());
+    return response.getMessage();
+  }
+
+  private static CallCredentials getOauthCred(String clientId) {
+    ExampleOAuth2Credentials oAuth2Credentials = new ExampleOAuth2Credentials(clientId);
+    return MoreCallCredentials.from(oAuth2Credentials);
+  }
+
+  /**
+   * Greet server. If provided, the first element of {@code args} is the name to use in the greeting
+   * and the second is the client identifier to set in JWT
+   */
+  public static void main(String[] args) throws Exception {
+
+    String host = "localhost";
+    int port = 50051;
+    String user = "world";
+    String clientId = "default-client";
+
+    if (args.length > 0) {
+      host = args[0]; // Use the arg as the server host if provided
+    }
+    if (args.length > 1) {
+      port = Integer.parseInt(args[1]); // Use the second argument as the server port if provided
+    }
+    if (args.length > 2) {
+      user = args[2]; // Use the the third argument as the name to greet if provided
+    }
+    if (args.length > 3) {
+      clientId = args[3]; // Use the fourth argument as the client identifier if provided
+    }
+
+    CallCredentials credentials = getOauthCred(clientId);
+    AuthClient client = new AuthClient(credentials, host, port);
+
+    try {
+      client.greet(user);
+    } finally {
+      client.shutdown();
+    }
+  }
+}
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthServer.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthServer.java
new file mode 100644
index 00000000000..c44d55476da
--- /dev/null
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthServer.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.oauth;
+
+import io.grpc.Grpc;
+import io.grpc.InsecureServerCredentials;
+import io.grpc.Server;
+import io.grpc.examples.helloworld.GreeterGrpc;
+import io.grpc.examples.helloworld.HelloReply;
+import io.grpc.examples.helloworld.HelloRequest;
+import io.grpc.stub.StreamObserver;
+import java.io.IOException;
+import java.util.logging.Logger;
+
+/**
+ * Server that manages startup/shutdown of a {@code Greeter} server. This also uses a
+ * {@link OAuth2ServerInterceptor} to intercept the OAuth2 token passed.
+ */
+public class AuthServer {
+
+  private static final Logger logger = Logger.getLogger(AuthServer.class.getName());
+
+  private Server server;
+  private int port;
+
+  public AuthServer(int port) {
+    this.port = port;
+  }
+
+  private void start() throws IOException {
+    server = Grpc.newServerBuilderForPort(port, InsecureServerCredentials.create())
+        .addService(new GreeterImpl())
+        .intercept(new OAuth2ServerInterceptor())
+        .build()
+        .start();
+    logger.info("Server started, listening on " + port);
+    Runtime.getRuntime().addShutdownHook(new Thread() {
+      @Override
+      public void run() {
+        // Use stderr here since the logger may have been reset by its JVM shutdown hook.
+        System.err.println("*** shutting down gRPC server since JVM is shutting down");
+        AuthServer.this.stop();
+        System.err.println("*** server shut down");
+      }
+    });
+  }
+
+  private void stop() {
+    if (server != null) {
+      server.shutdown();
+    }
+  }
+
+  /**
+   * Await termination on the main thread since the grpc library uses daemon threads.
+   */
+  private void blockUntilShutdown() throws InterruptedException {
+    if (server != null) {
+      server.awaitTermination();
+    }
+  }
+
+  /**
+   * Main launches the server from the command line.
+   */
+  public static void main(String[] args) throws IOException, InterruptedException {
+
+    // The port on which the server should run
+    int port = 50051; // default
+    if (args.length > 0) {
+      port = Integer.parseInt(args[0]);
+    }
+
+    final AuthServer server = new AuthServer(port);
+    server.start();
+    server.blockUntilShutdown();
+  }
+
+  static class GreeterImpl extends GreeterGrpc.GreeterImplBase {
+    @Override
+    public void sayHello(HelloRequest req, StreamObserver<HelloReply> responseObserver) {
+      // get client id added to context by interceptor
+      String clientId = Constant.CLIENT_ID_CONTEXT_KEY.get();
+      logger.info("Processing request from " + clientId);
+      HelloReply reply = HelloReply.newBuilder().setMessage("Hello, " + req.getName()).build();
+      responseObserver.onNext(reply);
+      responseObserver.onCompleted();
+    }
+  }
+}
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java
new file mode 100644
index 00000000000..cec9e35fe05
--- /dev/null
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.oauth;
+
+import static io.grpc.Metadata.ASCII_STRING_MARSHALLER;
+
+import io.grpc.Context;
+import io.grpc.Metadata;
+
+/**
+ * Constants definition
+ */
+final class Constant {
+
+    static final String REFRESH_SUFFIX = "+1";
+    static final String ACCESS_TOKEN = "access-token";
+    static final Context.Key<String> CLIENT_ID_CONTEXT_KEY = Context.key("clientId");
+    static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY = Metadata.Key.of("Authorization", ASCII_STRING_MARSHALLER);
+
+    private Constant() {
+        throw new AssertionError();
+    }
+}
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java
new file mode 100644
index 00000000000..3ae482b92fa
--- /dev/null
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.oauth;
+
+import com.google.auth.oauth2.AccessToken;
+import com.google.auth.oauth2.OAuth2Credentials;
+import java.io.IOException;
+import java.time.Instant;
+import java.util.Date;
+
+/**
+ * Subclass of {@link OAuth2Credentials } with a simple implementation of
+ * {@link OAuth2Credentials#refreshAccessToken()}.
+ */
+public class ExampleOAuth2Credentials extends OAuth2Credentials {
+
+  public ExampleOAuth2Credentials(String clientId) {
+    super(new AccessToken(Constant.ACCESS_TOKEN + ":" + clientId,
+        new Date()));
+  }
+
+
+  /**
+   * Refreshes access token by simply appending ":+1" to the previous value.
+   */
+  @Override
+  public AccessToken refreshAccessToken() throws IOException {
+    AccessToken accessToken = getAccessToken();
+    if (accessToken == null) {
+      throw new IOException("No existing token found");
+    }
+    String tokenValue = accessToken.getTokenValue();
+    return new AccessToken(tokenValue + ":" + Constant.REFRESH_SUFFIX,
+        Date.from((Instant.now().plusSeconds(120))));
+  }
+}
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java
new file mode 100644
index 00000000000..289b996533c
--- /dev/null
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.oauth;
+
+import io.grpc.Context;
+import io.grpc.Contexts;
+import io.grpc.Metadata;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptor;
+import io.grpc.Status;
+
+/**
+ * This interceptor gets the OAuth2 access token from metadata, verifies it and sets the client
+ * identifier obtained from the token into the context. The one check it does on the access token
+ * is that the token has been refreshed at least once.
+ */
+class OAuth2ServerInterceptor implements ServerInterceptor {
+
+  private static final String BEARER_TYPE = "Bearer";
+
+  @Override
+  public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall,
+      Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
+    String value = metadata.get(Constant.AUTHORIZATION_METADATA_KEY);
+
+    Status status = Status.OK;
+    if (value == null) {
+      status = Status.UNAUTHENTICATED.withDescription("Authorization token is missing");
+    } else if (!value.startsWith(BEARER_TYPE)) {
+      status = Status.UNAUTHENTICATED.withDescription("Unknown authorization type");
+    } else {
+      // remove authorization type prefix
+      String tokenValue = value.substring(BEARER_TYPE.length()).trim();
+      if (!tokenValue.startsWith(Constant.ACCESS_TOKEN)) {
+        status = Status.UNAUTHENTICATED.withDescription("Invalid access token value");
+      } else {
+        String[] tokens = tokenValue.split(":");
+        if (tokens.length >= 3 && tokens[2].equals(Constant.REFRESH_SUFFIX)) {
+          // set access tokenValue into current context
+          Context ctx = Context.current()
+              .withValue(Constant.CLIENT_ID_CONTEXT_KEY, tokens[1]);
+          return Contexts.interceptCall(ctx, serverCall, metadata, serverCallHandler);
+        } else {
+          status = Status.UNAUTHENTICATED.withDescription("stale credentials");
+        }
+      }
+    }
+
+    serverCall.close(status, new Metadata());
+    return new ServerCall.Listener<ReqT>() {
+      // noop
+    };
+  }
+
+}
diff --git a/examples/example-oauth/src/main/proto/helloworld.proto b/examples/example-oauth/src/main/proto/helloworld.proto
new file mode 100644
index 00000000000..6340c54f7bb
--- /dev/null
+++ b/examples/example-oauth/src/main/proto/helloworld.proto
@@ -0,0 +1,37 @@
+// Copyright 2019 The gRPC Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+syntax = "proto3";
+
+option java_multiple_files = true;
+option java_package = "io.grpc.examples.helloworld";
+option java_outer_classname = "HelloWorldProto";
+option objc_class_prefix = "HLW";
+
+package helloworld;
+
+// The greeting service definition.
+service Greeter {
+  // Sends a greeting
+  rpc SayHello (HelloRequest) returns (HelloReply) {}
+}
+
+// The request message containing the user's name.
+message HelloRequest {
+  string name = 1;
+}
+
+// The response message containing the greetings
+message HelloReply {
+  string message = 1;
+}
diff --git a/examples/example-oauth/src/test/java/io/grpc/examples/oauth/AuthClientTest.java b/examples/example-oauth/src/test/java/io/grpc/examples/oauth/AuthClientTest.java
new file mode 100644
index 00000000000..739018cc5a8
--- /dev/null
+++ b/examples/example-oauth/src/test/java/io/grpc/examples/oauth/AuthClientTest.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2023 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.examples.oauth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.AdditionalAnswers.delegatesTo;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
+import io.grpc.CallCredentials;
+import io.grpc.ManagedChannel;
+import io.grpc.Metadata;
+import io.grpc.ServerCall;
+import io.grpc.ServerCallHandler;
+import io.grpc.ServerInterceptors;
+import io.grpc.auth.MoreCallCredentials;
+import io.grpc.examples.helloworld.GreeterGrpc;
+import io.grpc.examples.helloworld.HelloReply;
+import io.grpc.examples.helloworld.HelloRequest;
+import io.grpc.inprocess.InProcessChannelBuilder;
+import io.grpc.inprocess.InProcessServerBuilder;
+import io.grpc.ServerCall.Listener;
+import io.grpc.ServerInterceptor;
+import io.grpc.stub.StreamObserver;
+import io.grpc.testing.GrpcCleanupRule;
+import java.io.IOException;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatchers;
+
+/**
+ * Unit tests for {@link AuthClient} testing the default and non-default tokens
+ *
+ *
+ */
+@RunWith(JUnit4.class)
+public class AuthClientTest {
+  /**
+   * This rule manages automatic graceful shutdown for the registered servers and channels at the
+   * end of test.
+   */
+  @Rule
+  public final GrpcCleanupRule grpcCleanup = new GrpcCleanupRule();
+
+  private final ServerInterceptor mockServerInterceptor = mock(ServerInterceptor.class, delegatesTo(
+      new ServerInterceptor() {
+        @Override
+        public <ReqT, RespT> Listener<ReqT> interceptCall(
+            ServerCall<ReqT, RespT> call, Metadata headers, ServerCallHandler<ReqT, RespT> next) {
+          return next.startCall(call, headers);
+        }
+      }));
+
+  private AuthClient client;
+
+
+  @Before
+  public void setUp() throws IOException {
+    // Generate a unique in-process server name.
+    String serverName = InProcessServerBuilder.generateName();
+
+    // Create a server, add service, start, and register for automatic graceful shutdown.
+    grpcCleanup.register(InProcessServerBuilder.forName(serverName).directExecutor()
+        .addService(ServerInterceptors.intercept(
+            new GreeterGrpc.GreeterImplBase() {
+
+              @Override
+              public void sayHello(
+                  HelloRequest request, StreamObserver<HelloReply> responseObserver) {
+                HelloReply reply = HelloReply.newBuilder()
+                    .setMessage("AuthClientTest user=" + request.getName()).build();
+                responseObserver.onNext(reply);
+                responseObserver.onCompleted();
+              }
+            },
+            mockServerInterceptor))
+        .build().start());
+
+    CallCredentials credentials = MoreCallCredentials.from(
+        new ExampleOAuth2Credentials("test-client"));
+    ManagedChannel channel = InProcessChannelBuilder.forName(serverName).directExecutor().build();
+    client = new AuthClient(credentials, channel);
+  }
+
+  @Test
+  public void greet() {
+    ArgumentCaptor<Metadata> metadataCaptor = ArgumentCaptor.forClass(Metadata.class);
+    String retVal = client.greet("John");
+
+    verify(mockServerInterceptor).interceptCall(
+        ArgumentMatchers.<ServerCall<HelloRequest, HelloReply>>any(),
+        metadataCaptor.capture(),
+        ArgumentMatchers.<ServerCallHandler<HelloRequest, HelloReply>>any());
+
+    String token = metadataCaptor.getValue().get(Constant.AUTHORIZATION_METADATA_KEY);
+    assertNotNull(token);
+    assertTrue(token.startsWith("Bearer"));
+    assertEquals("AuthClientTest user=John", retVal);
+  }
+}

From b7adcfd0f76e73ac3cecfbfc59ba2b79951e6fed Mon Sep 17 00:00:00 2001
From: Sanjay Pujare <sanjaypujare@users.noreply.github.com>
Date: Fri, 15 Sep 2023 23:28:55 -0700
Subject: [PATCH 2/4] address review comments and fix pom.xml to include Google
 OAuth2 dependency

---
 examples/README.md                                 |  2 ++
 examples/example-oauth/README.md                   |  5 ++++-
 examples/example-oauth/pom.xml                     |  5 +++++
 .../java/io/grpc/examples/oauth/AuthClient.java    |  2 +-
 .../main/java/io/grpc/examples/oauth/Constant.java |  1 -
 .../examples/oauth/ExampleOAuth2Credentials.java   | 12 +++++++++++-
 .../examples/oauth/OAuth2ServerInterceptor.java    | 14 +++++++++-----
 7 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/examples/README.md b/examples/README.md
index 9664942b5fa..b51d560d7bb 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -205,6 +205,8 @@ $ bazel-bin/hello-world-client
 
 - [JWT-based Authentication](example-jwt-auth)
 
+- [OAuth2-based Authentication](example-oauth)
+
 - [Pre-serialized messages](src/main/java/io/grpc/examples/preserialized)
 
 ## Unit test examples
diff --git a/examples/example-oauth/README.md b/examples/example-oauth/README.md
index 012400b6864..6370a3a1ecb 100644
--- a/examples/example-oauth/README.md
+++ b/examples/example-oauth/README.md
@@ -2,7 +2,10 @@ Authentication Example
 ==============================================
 
 This example illustrates a simple OAuth2-based authentication implementation in gRPC using
- server interceptor. It uses the Google OAuth2 library to create OAuth2 Credentials.
+ server interceptor. It uses the Google OAuth2 library since it already has the OAuth2
+semantics which makes it easy to illustrate the OAuth2 flow. The example creates an OAuth2
+credentials using the library and converts it to gRPC CallCredentials. However, if you may
+use your own OAuth2 implementation, so use of Google OAuth2 library is not necessary.
 
 The example requires grpc-java to be pre-built. Using a release tag will download the relevant binaries
 from a maven repository. But if you need the latest SNAPSHOT binaries you will need to follow
diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 929002c9a1d..2ec688c3570 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -47,6 +47,11 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-stub</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.google.auth</groupId>
+      <artifactId>google-auth-library-oauth2-http</artifactId>
+      <version>1.18.0</version>
+    </dependency>
     <dependency>
       <groupId>org.apache.tomcat</groupId>
       <artifactId>annotations-api</artifactId>
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java
index 33e5182430c..a43f6fbd98e 100644
--- a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/AuthClient.java
@@ -51,7 +51,7 @@ public class AuthClient {
   }
 
   /**
-   * Construct client for accessing GreeterGrpc server using the existing channel.
+   * Construct a client for accessing GreeterGrpc server using an existing channel.
    */
   AuthClient(CallCredentials callCredentials, ManagedChannel channel) {
     this.callCredentials = callCredentials;
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java
index cec9e35fe05..1db9b6e4e47 100644
--- a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/Constant.java
@@ -32,6 +32,5 @@ final class Constant {
     static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY = Metadata.Key.of("Authorization", ASCII_STRING_MARSHALLER);
 
     private Constant() {
-        throw new AssertionError();
     }
 }
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java
index 3ae482b92fa..e2171ea20f4 100644
--- a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/ExampleOAuth2Credentials.java
@@ -24,10 +24,18 @@
 
 /**
  * Subclass of {@link OAuth2Credentials } with a simple implementation of
- * {@link OAuth2Credentials#refreshAccessToken()}.
+ * {@link OAuth2Credentials#refreshAccessToken()}. A real implementation
+ * will maintain a refresh token and use it to exchange it for a new
+ * access token from the authorization server.
  */
 public class ExampleOAuth2Credentials extends OAuth2Credentials {
 
+  /**
+   * Creates an access token using the passed in clientId. A real
+   * implementation will contact the authorization server to get an access
+   * token and a refresh token.
+   *
+   */
   public ExampleOAuth2Credentials(String clientId) {
     super(new AccessToken(Constant.ACCESS_TOKEN + ":" + clientId,
         new Date()));
@@ -36,6 +44,8 @@ public ExampleOAuth2Credentials(String clientId) {
 
   /**
    * Refreshes access token by simply appending ":+1" to the previous value.
+   * A real implementation will use the existing refresh token to get
+   * fresh access and refresh tokens from the authorization server.
    */
   @Override
   public AccessToken refreshAccessToken() throws IOException {
diff --git a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java
index 289b996533c..032c9297de4 100644
--- a/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java
+++ b/examples/example-oauth/src/main/java/io/grpc/examples/oauth/OAuth2ServerInterceptor.java
@@ -28,6 +28,9 @@
  * This interceptor gets the OAuth2 access token from metadata, verifies it and sets the client
  * identifier obtained from the token into the context. The one check it does on the access token
  * is that the token has been refreshed at least once.
+ *
+ * A real implementation will validate the access token using the resource server (or the
+ * authorization server).
  */
 class OAuth2ServerInterceptor implements ServerInterceptor {
 
@@ -36,18 +39,18 @@ class OAuth2ServerInterceptor implements ServerInterceptor {
   @Override
   public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall,
       Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
-    String value = metadata.get(Constant.AUTHORIZATION_METADATA_KEY);
+    String authHeaderValue = metadata.get(Constant.AUTHORIZATION_METADATA_KEY);
 
     Status status = Status.OK;
-    if (value == null) {
+    if (authHeaderValue == null) {
       status = Status.UNAUTHENTICATED.withDescription("Authorization token is missing");
-    } else if (!value.startsWith(BEARER_TYPE)) {
+    } else if (!authHeaderValue.startsWith(BEARER_TYPE)) {
       status = Status.UNAUTHENTICATED.withDescription("Unknown authorization type");
     } else {
       // remove authorization type prefix
-      String tokenValue = value.substring(BEARER_TYPE.length()).trim();
+      String tokenValue = authHeaderValue.substring(BEARER_TYPE.length()).trim();
       if (!tokenValue.startsWith(Constant.ACCESS_TOKEN)) {
-        status = Status.UNAUTHENTICATED.withDescription("Invalid access token value");
+        status = Status.UNAUTHENTICATED.withDescription("Invalid access token authHeaderValue");
       } else {
         String[] tokens = tokenValue.split(":");
         if (tokens.length >= 3 && tokens[2].equals(Constant.REFRESH_SUFFIX)) {
@@ -61,6 +64,7 @@ public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, Re
       }
     }
 
+    // at this point we have auth failure: skip further processing and close the call
     serverCall.close(status, new Metadata());
     return new ServerCall.Listener<ReqT>() {
       // noop

From 8d9e5da551917258156f274a904561bee7990ed7 Mon Sep 17 00:00:00 2001
From: Sanjay Pujare <sanjaypujare@users.noreply.github.com>
Date: Fri, 15 Sep 2023 23:58:46 -0700
Subject: [PATCH 3/4] fix the RequireUpperBoundDeps issue related to
 google-auth-library-credentials

---
 examples/example-oauth/pom.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml
index 2ec688c3570..2812166e589 100644
--- a/examples/example-oauth/pom.xml
+++ b/examples/example-oauth/pom.xml
@@ -47,6 +47,16 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-stub</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-auth</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>com.google.auth</groupId>
+          <artifactId>google-auth-library-credentials</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-oauth2-http</artifactId>

From 92ba676e82d28b8cafc975874be41679cb408fd1 Mon Sep 17 00:00:00 2001
From: Sanjay Pujare <sanjaypujare@users.noreply.github.com>
Date: Mon, 18 Sep 2023 09:18:34 -0700
Subject: [PATCH 4/4] fix readme typo

---
 examples/example-oauth/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/example-oauth/README.md b/examples/example-oauth/README.md
index 6370a3a1ecb..26a6e223f60 100644
--- a/examples/example-oauth/README.md
+++ b/examples/example-oauth/README.md
@@ -4,7 +4,7 @@ Authentication Example
 This example illustrates a simple OAuth2-based authentication implementation in gRPC using
  server interceptor. It uses the Google OAuth2 library since it already has the OAuth2
 semantics which makes it easy to illustrate the OAuth2 flow. The example creates an OAuth2
-credentials using the library and converts it to gRPC CallCredentials. However, if you may
+credentials using the library and converts it to gRPC CallCredentials. However, you may
 use your own OAuth2 implementation, so use of Google OAuth2 library is not necessary.
 
 The example requires grpc-java to be pre-built. Using a release tag will download the relevant binaries