From 6f05f639fb1429540e796284e919483794c8e500 Mon Sep 17 00:00:00 2001
From: Roger Willis <roger.willis@r3cev.com>
Date: Tue, 2 Oct 2018 16:29:19 +0100
Subject: [PATCH 01/83] Added more docs for reference states to key concepts
 and api docs. (#4013)

* Added more docs for reference states to key concepts and api docs.

* Updated with requested changes
---
 docs/source/api-states.rst                | 44 ++++++++++++++++++++++-
 docs/source/api-transactions.rst          | 43 +++++++++++-----------
 docs/source/index.rst                     |  1 +
 docs/source/key-concepts-states.rst       | 11 +++++-
 docs/source/key-concepts-transactions.rst | 14 +++++++-
 5 files changed, 90 insertions(+), 23 deletions(-)

diff --git a/docs/source/api-states.rst b/docs/source/api-states.rst
index 6b3aea888d..ad05640b16 100644
--- a/docs/source/api-states.rst
+++ b/docs/source/api-states.rst
@@ -151,4 +151,46 @@ Where:
 * ``notary`` is the notary service for this state
 * ``encumbrance`` points to another state that must also appear as an input to any transaction consuming this
   state
-* ``constraint`` is a constraint on which contract-code attachments can be used with this state
\ No newline at end of file
+* ``constraint`` is a constraint on which contract-code attachments can be used with this state
+
+Reference States
+----------------
+
+A reference input state is a ``ContractState`` which can be referred to in a transaction by the contracts of input and
+output states but whose contract is not executed as part of the transaction verification process. Furthermore,
+reference states are not consumed when the transaction is committed to the ledger but they are checked for
+"current-ness". In other words, the contract logic isn't run for the referencing transaction only. It's still a normal
+state when it occurs in an input or output position.
+
+Reference data states enable many parties to reuse the same state in their transactions as reference data whilst
+still allowing the reference data state owner the capability to update the state. A standard example would be the
+creation of financial instrument reference data and the use of such reference data by parties holding the related
+financial instruments.
+
+Just like regular input states, the chain of provenance for reference states is resolved and all dependency transactions
+verified. This is because users of reference data must be satisfied that the data they are referring to is valid as per
+the rules of the contract which governs it and that all previous participants of teh state assented to updates of it.
+
+**Known limitations:**
+
+*Notary change:* It is likely the case that users of reference states do not have permission to change the notary
+assigned to a reference state. Even if users *did* have this permission the result would likely be a bunch of
+notary change races. As such, if a reference state is added to a transaction which is assigned to a
+different notary to the input and output states then all those inputs and outputs must be moved to the
+notary which the reference state uses.
+
+If two or more reference states assigned to different notaries are added to a transaction then it follows that this
+transaction cannot be committed to the ledger. This would also be the case for transactions not containing reference
+states. There is an additional complication for transaction including reference states, however. It is unlikely that the
+party using the reference states has the authority to change the notary for the state (in other words, the party using the
+reference state would not be listed as a participant on it). Therefore, it is likely that a transaction containing
+reference states with two different notaries cannot be committed to the ledger.
+
+As such, if reference states assigned to multiple different notaries are added to a transaction builder
+then the check below will fail.
+
+        .. warning:: Currently, encumbrances should not be used with reference states. In the case where a state is
+                     encumbered by an encumbrance state, the encumbrance state should also be referenced in the same
+                     transaction that references the encumbered state. This is because the data contained within the
+                     encumbered state may take on a different meaning, and likely would do, once the encumbrance state
+                     is taken into account.
diff --git a/docs/source/api-transactions.rst b/docs/source/api-transactions.rst
index 3c286cc831..d3180c5c37 100644
--- a/docs/source/api-transactions.rst
+++ b/docs/source/api-transactions.rst
@@ -94,15 +94,6 @@ to "walk the chain" and verify that each input was generated through a valid seq
 Reference input states
 ~~~~~~~~~~~~~~~~~~~~~~
 
-A reference input state is a ``ContractState`` which can be referred to in a transaction by the contracts of input and
-output states but whose contract is not executed as part of the transaction verification process. Furthermore,
-reference states are not consumed when the transaction is committed to the ledger but they are checked for
-"current-ness". In other words, the contract logic isn't run for the referencing transaction only. It's still a normal
-state when it occurs in an input or output position.
-
-Reference data states enable many parties to "reuse" the same state in their transactions as reference data whilst
-still allowing the reference data state owner the capability to update the state.
-
 A reference input state is added to a transaction as a ``ReferencedStateAndRef``. A ``ReferencedStateAndRef`` can be
 obtained from a ``StateAndRef`` by calling the ``StateAndRef.referenced()`` method which returns a
 ``ReferencedStateAndRef``.
@@ -123,20 +114,32 @@ obtained from a ``StateAndRef`` by calling the ``StateAndRef.referenced()`` meth
             :end-before: DOCEND 55
             :dedent: 12
 
-**Known limitations:**
+**Handling of update races:**
 
-*Notary change:* It is likely the case that users of reference states do not have permission to change the notary assigned
-to a reference state. Even if users *did* have this permission the result would likely be a bunch of
-notary change races. As such, if a reference state is added to a transaction which is assigned to a
-different notary to the input and output states then all those inputs and outputs must be moved to the
-notary which the reference state uses.
+When using reference states in a transaction, it may be the case that a notarisation failure occurs. This is most likely
+because the creator of the state (being used as a reference state in your transaction), has just updated it.
 
-If two or more reference states assigned to different notaries are added to a transaction then it follows
-that this transaction likely *cannot* be committed to the ledger as it unlikely that the party using the
-reference state can change the assigned notary for one of the reference states.
+Typically, the creator of such reference data will have implemented flows for syndicating the updates out to users.
+However it is inevitable that there will be a delay between the state being used as a reference being consumed, and the
+nodes using it receiving the update.
 
-As such, if reference states assigned to multiple different notaries are added to a transaction builder
-then the check below will fail.
+This is where the ``WithReferencedStatesFlow`` comes in. Given a flow which uses reference states, the
+``WithReferencedStatesFlow`` will execute the the flow as a subFlow. If the flow fails due to a ``NotaryError.Conflict``
+for a reference state, then it will be suspended until the state refs for the reference states are consumed. In this
+case, a consumption means that:
+
+1. the owner of the reference state has updated the state with a valid, notarised transaction
+2. the owner of the reference state has shared the update with the node attempting to run the flow which uses the
+   reference state
+3. The node has successfully committed the transaction updating the reference state (and all the dependencies), and
+   added the updated reference state to the vault.
+
+At the point where the transaction updating the state being used as a reference is committed to storage and the vault
+update occurs, then the ``WithReferencedStatesFlow`` will wake up and re-execute the provided flow.
+
+.. warning:: Caution should be taken when using this flow as it facilitates automated re-running of flows which use
+             reference states. The flow using reference states should include checks to ensure that the reference data is
+             reasonable, especially if the economics of the transaction depends upon the data contained within a reference state.
 
 Output states
 ^^^^^^^^^^^^^
diff --git a/docs/source/index.rst b/docs/source/index.rst
index fc92e187ef..ac64315eb6 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -79,6 +79,7 @@ We look forward to seeing what you can do with Corda!
    design/kafka-notary/design.md
    design/monitoring-management/design.md
    design/sgx-integration/design.md
+   design/reference-states/design.md
    design/sgx-infrastructure/design.md
    design/threat-model/corda-threat-model.md
    design/data-model-upgrades/signature-constraints.md
diff --git a/docs/source/key-concepts-states.rst b/docs/source/key-concepts-states.rst
index 05c0b2928e..b1c6addc29 100644
--- a/docs/source/key-concepts-states.rst
+++ b/docs/source/key-concepts-states.rst
@@ -59,4 +59,13 @@ is aware of, and which it considers to be relevant to itself:
    :align: center
 
 We can think of the ledger from each node's point of view as the set of all the current (i.e. non-historic) states that
-it is aware of.
\ No newline at end of file
+it is aware of.
+
+Reference states
+----------------
+
+Not all states need to be updated by the parties which use them. In the case of reference data, there is a common pattern
+where one party creates reference data, which is then used (but not updated) by other parties. For this use-case, the
+states containing reference data are referred to as "reference states". Syntactically, reference states are no different
+to regular states. However, they are treated different by Corda transactions. See :doc:`key-concepts-transactions` for
+more details.
\ No newline at end of file
diff --git a/docs/source/key-concepts-transactions.rst b/docs/source/key-concepts-transactions.rst
index 9f3cb8bfef..f1c1d65da5 100644
--- a/docs/source/key-concepts-transactions.rst
+++ b/docs/source/key-concepts-transactions.rst
@@ -33,7 +33,7 @@ Here is an example of an update transaction, with two inputs and two outputs:
    :scale: 25%
    :align: center
 
-A transaction can contain any number of inputs and outputs of any type:
+A transaction can contain any number of inputs, outputs and references of any type:
 
 * They can include many different state types (e.g. both cash and bonds)
 * They can be issuances (have zero inputs) or exits (have zero outputs)
@@ -108,6 +108,18 @@ Each required signers should only sign the transaction if the following two cond
 If the transaction gathers all the required signatures but these conditions do not hold, the transaction's outputs
 will not be valid, and will not be accepted as inputs to subsequent transactions.
 
+Reference states
+----------------
+
+As mentioned in :doc:`key-concepts-states`, some states need to be referred to by the contracts of other input or output
+states but not updated/consumed. This is where reference states come in. When a state is added to the references list of
+a transaction, instead of the inputs or outputs list, then it is treated as a *reference state*. There are two important
+differences between regular states and reference states:
+
+* The specified notary for the transaction **does** check whether the reference states are current. However, reference
+  states are not consumed when the transaction containing them is committed to the ledger.
+* The contracts for reference states are not executed for the transaction containing them.
+
 Other transaction components
 ----------------------------
 As well as input states and output states, transactions contain:

From bc6ef74c6aa7e36db2933e6757d7e571a23cc668 Mon Sep 17 00:00:00 2001
From: szymonsztuka <szymon.sztuka@r3.com>
Date: Tue, 2 Oct 2018 16:49:31 +0100
Subject: [PATCH 02/83] CordaPersistence class minor refactoring to align with
 Enterprise repo. (#4012)

---
 .../corda/nodeapi/internal/persistence/CordaPersistence.kt    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
index 9bdbeccfcd..e1558971eb 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
@@ -38,7 +38,8 @@ enum class TransactionIsolationLevel {
     /**
      * The JDBC constant value of the same name but prefixed with TRANSACTION_ defined in [java.sql.Connection].
      */
-    val jdbcValue: Int = java.sql.Connection::class.java.getField("TRANSACTION_$name").get(null) as Int
+    val jdbcString = "TRANSACTION_$name"
+    val jdbcValue: Int = java.sql.Connection::class.java.getField(jdbcString).get(null) as Int
 }
 
 private val _contextDatabase = InheritableThreadLocal<CordaPersistence>()
@@ -63,6 +64,7 @@ class CordaPersistence(
             HibernateConfiguration(schemas, databaseConfig, attributeConverters, jdbcUrl)
         }
     }
+
     val entityManagerFactory get() = hibernateConfig.sessionFactoryForRegisteredSchemas
 
     data class Boundary(val txId: UUID, val success: Boolean)

From fa8761793f69dc9618dc6a30ba9a803ae99543e6 Mon Sep 17 00:00:00 2001
From: Tommy Lillehagen <tommy.lillehagen@r3.com>
Date: Tue, 2 Oct 2018 17:55:22 +0100
Subject: [PATCH 03/83] NOTICK - Python script for creating test tickets in
 JIRA (#3979)

Python script for creating 'Platform Test' and 'Platform Test Run'
instances in JIRA for use in release testing.
---
 release-tools/testing/.gitignore       |   1 +
 release-tools/testing/README.md        |  83 +++++++
 release-tools/testing/args.py          |  71 ++++++
 release-tools/testing/jira_manager.py  | 187 +++++++++++++++
 release-tools/testing/login_manager.py |  60 +++++
 release-tools/testing/requirements.txt |   3 +
 release-tools/testing/test-manager     | 312 +++++++++++++++++++++++++
 7 files changed, 717 insertions(+)
 create mode 100644 release-tools/testing/.gitignore
 create mode 100644 release-tools/testing/README.md
 create mode 100644 release-tools/testing/args.py
 create mode 100644 release-tools/testing/jira_manager.py
 create mode 100644 release-tools/testing/login_manager.py
 create mode 100644 release-tools/testing/requirements.txt
 create mode 100755 release-tools/testing/test-manager

diff --git a/release-tools/testing/.gitignore b/release-tools/testing/.gitignore
new file mode 100644
index 0000000000..0d20b6487c
--- /dev/null
+++ b/release-tools/testing/.gitignore
@@ -0,0 +1 @@
+*.pyc
diff --git a/release-tools/testing/README.md b/release-tools/testing/README.md
new file mode 100644
index 0000000000..0a1fbf8551
--- /dev/null
+++ b/release-tools/testing/README.md
@@ -0,0 +1,83 @@
+# Release Tools - Test Tracker and Generator
+
+## Introduction
+
+This command-line tool lets the user create and track tests in the [R3T](https://r3-cev.atlassian.net/projects/R3T) JIRA project. All generic test cases are captured as tickets of type **Platform Test Template** with a label "OS" for tests pertaining to **Corda Open Source**, "ENT" for **Corda Enterprise**, and "NS" for **Corda Network Services**. These tickets can be set to **Active** or **Inactive** status based on their relevance for a particular release.
+
+The tool creates a set of new release tests by cloning the current set of active test templates into a set of **Platform Test** tickets. These will each get assigned to the appropriate target version. Further, the tool lets the user create sub-tasks for each of the release tests, one for each release candidate. These steps are described in more detail further down.
+
+## List Test Cases
+
+To list the active test cases for a product, run the following command:
+
+```bash
+$ ./test-manager list-tests <PRODUCT>
+```
+
+Where `<PRODUCT>` is either `OS`, `ENT` or `NS`. This will list the test cases that are currently applicable to Corda Open Source, Corda Enterprise and Corda Network Services, respectively.
+
+## Show Test Status
+
+To show the status of all test runs for a specific release or release candidate, run:
+
+```bash
+$ ./test-manager status <PRODUCT> <VERSION> <CANDIDATE>
+```
+
+Here, `<VERSION>` represents the target version, e.g., product `OS` and version `3.3` would represent Corda Open Source 3.3. `<CANDIDATE>` is optional and will narrow down the report to only show the provided candidate version, e.g., `1` for `RC01`.
+
+## Create JIRA Version
+
+To create a new release version in JIRA, you can run the following command:
+
+```bash
+$ ./test-manager create-version <PRODUCT> <VERSION> <CANDIDATE>
+```
+
+Note that `<CANDIDATE>` is optional. This command will create new versions in the following JIRA projects: `CORDA`, `ENT`, `ENM`, `CID` and `R3T`.
+
+## Create Release Tests
+
+To create the set of parent tests for a new release, you can run:
+
+```bash
+$ ./test-manager create-release-tests <PRODUCT> <VERSION>
+```
+
+This will create the test cases, but none of the test run tickets for respective release candidates. Note also that "blocks"-links between active test templates will be carried across to the created test tickets.
+
+## Create Release Candidate Tests
+
+To create a set of test run tickets for a new release candidate, you can run:
+
+```bash
+$ ./test-manager create-release-candidate-tests <PRODUCT> <VERSION> <CANDIDATE>
+```
+
+This will create a new sub-task under each of the test tickets for `<PRODUCT>` `<VERSION>`, for release candidate `<CANDIDATE>`.
+
+## Options
+
+Each command described above has a set of additional options. More specifically, if you want to use a particular JIRA user instead of being prompted for a user name every time, you can specify `--user <USER>`. For verbose logging, you can supply `--verbose` or `-v`. And to auto-reply to the prompt of whether to proceed or not, provide `--yes` or `-y`.
+
+There is also a useful dry-run option, `--dry-run` or `-d`, that lets you run through the command without creating any tickets or applying any changes to JIRA.
+
+## Example
+
+As an example, say you want to create test cases for Corda Network Services 1.0 RC01. You would then follow the following steps:
+
+```bash
+$ ./test-manager create-version NS 1.0   # Create "Corda Network Services 1.0" - if it doesn't exist
+$ ./test-manager create-version NS 1.0 1 # Create "Corda Network Services 1.0 RC01" - if it doesn't exist
+$ ./test-manager create-release-tests NS 1.0 # Create test cases
+$ ./test-manager create-release-candidate-tests NS 1.0 1 # Create test run for release candidate
+```
+
+Later, when it's time to test RC02, you simply run the following:
+
+```bash
+$ ./test-manager create-version NS 1.0 2
+$ ./test-manager create-release-candidate-tests NS 1.0 2
+```
+
+That's it. Voila, you've got yourself a whole new set of JIRA tickets :-)
diff --git a/release-tools/testing/args.py b/release-tools/testing/args.py
new file mode 100644
index 0000000000..9eb92a8a59
--- /dev/null
+++ b/release-tools/testing/args.py
@@ -0,0 +1,71 @@
+from __future__ import print_function
+from argparse import Action, ArgumentParser
+import sys, traceback
+
+# {{{ Representation of a command-line program
+class Program:
+
+    # Create a new command-line program represenation, provided an optional name and description
+    def __init__(self, name=None, description=None):
+        self.parser = ArgumentParser(name, description=description)
+        self.subparsers = self.parser.add_subparsers(title='commands')
+        self.arguments = []
+
+    # Enter program definition block
+    def __enter__(self):
+        return self
+
+    # Add argument to the top-level command-line interface and all registered sub-commands
+    def add(self, name, *args, **kwargs):
+        self.parser.add_argument(name, *args, **kwargs)
+        self.arguments.append(([name] + list(args), kwargs))
+
+    # Add sub-command to the set of command-line options
+    def command(self, name, description, handler):
+        return Command(self, self.subparsers, name, description, handler)
+
+    # Parse arguments from the command line, and run the associated command handler
+    def __exit__(self, type, value, tb):
+        args = self.parser.parse_args()
+        try:
+            if 'func' in args:
+                args.func(args)
+            else:
+                self.parser.print_help()
+        except KeyboardInterrupt:
+            print()
+        except Exception as error:
+            if args.verbose:
+                t, exception, tb = sys.exc_info()
+                self.parser.error('{}\n\n{}'.format(error.message, '\n'.join(traceback.format_tb(tb))))
+            else:
+                self.parser.error(error.message)
+# }}}
+
+# {{{ Representation of a sub-command of a command-line program
+class Command:
+
+    # Create a sub-command, provided a name, description and command handler
+    def __init__(self, program, subparsers, name, description, handler):
+        self.program = program
+        self.subparsers = subparsers
+        self.name = name
+        self.description = description
+        self.handler = handler
+
+    # Enter sub-command definition block
+    def __enter__(self):
+        self.parser = self.subparsers.add_parser(self.name, description=self.description)
+        return self
+
+    # Add argument to the CLI command
+    def add(self, name, *args, **kwargs):
+        self.parser.add_argument(name, *args, **kwargs)
+
+    # Exit sub-command definition block and register default handler
+    def __exit__(self, type, value, traceback):
+        for (args, kwargs) in self.program.arguments:
+            self.parser.add_argument(*args, **kwargs)
+        self.parser.set_defaults(func=self.handler)
+
+# }}}
diff --git a/release-tools/testing/jira_manager.py b/release-tools/testing/jira_manager.py
new file mode 100644
index 0000000000..af57865398
--- /dev/null
+++ b/release-tools/testing/jira_manager.py
@@ -0,0 +1,187 @@
+# {{{ JIRA dependency
+from jira import JIRA
+from jira.exceptions import JIRAError
+# }}}
+
+# {{{ Class for interacting with a hosted JIRA system
+class Jira:
+
+    # {{{ Constants
+    BLOCKS = 'Blocks'
+    DUPLICATE = 'Duplicate'
+    RELATES = 'Relates'
+    # }}}
+
+    # {{{ init(address) - Initialise JIRA class, pointing it to the JIRA endpoint
+    def __init__(self, address='https://r3-cev.atlassian.net'):
+        self.address = address
+        self.jira = None
+        self.mock_key = 1
+        self.custom_fields_by_name, self.custom_fields_by_key = {}, {}
+    # }}}
+
+    # {{{ login(user, password) - Log in as a specific JIRA user
+    def login(self, user, password):
+        try:
+            self.jira = JIRA(self.address, auth=(user, password))
+            for x in self.jira.fields():
+                if x['custom']:
+                    self.custom_fields_by_name[x['name']] = x['key']
+                    self.custom_fields_by_key[x['key']] = x['name']
+            return self
+        except Exception as error:
+            message = error.message
+            if isinstance(error, JIRAError):
+                message = error.text if error.text and len(error.text) > 0 and not error.text.startswith('<!') else message
+            raise Exception('failed to log in to JIRA{}{}'.format(': ' if message else '', message))
+    # }}}
+
+    # {{{ search(query) - Search for issues and manually traverse pages if multiple pages are returned
+    def search(self, query, *args):
+        max_count = 50
+        index, offset, count = 0, 0, max_count
+        query = query.format(*args) if len(args) > 0 else query
+        while count == max_count:
+            try:
+                issues = self.jira.search_issues(query, maxResults=max_count, startAt=offset)
+                count = len(issues)
+                offset += count
+                for issue in issues:
+                    index += 1
+                    yield Issue(self, index=index, issue=issue)
+            except JIRAError as error:
+                raise Exception('failed to run query "{}": {}'.format(query, error.text))
+    # }}}
+
+    # {{{ find(key) - Look up issue by key
+    def find(self, key):
+        try:
+            issue = self.jira.issue(key)
+            return Issue(self, issue=issue)
+        except JIRAError as error:
+            raise Exception('failed to look up issue "{}": {}'.format(key, error.text))
+    # }}}
+
+    # {{{ create(fields, dry_run) - Create a new issue
+    def create(self, fields, dry_run=False):
+        if dry_run:
+            return Issue(self, fields=fields)
+        try:
+            issue = self.jira.create_issue(fields)
+            return Issue(self, issue=issue)
+        except JIRAError as error:
+            raise Exception('failed to create issue: {}'.format(error.text))
+    # }}}
+
+    # {{{ link(issue_key, other_issue_key, relationship, dry_run) - Link one issue to another
+    def link(self, issue_key, other_issue_key, relationship=RELATES, dry_run=False):
+        if dry_run:
+            return
+        try:
+            self.jira.create_issue_link(
+                type=relationship,
+                inwardIssue=issue_key,
+                outwardIssue=other_issue_key,
+                comment={
+                    'body': 'Linked {} to {}'.format(issue_key, other_issue_key),
+                }
+            )
+        except JIRAError as error:
+            raise Exception('failed to link {} and {}: {}'.format(issue_key, other_issue_key, error.text))
+    # }}}
+
+# }}}
+
+# {{{ Representation of a JIRA issue
+class Issue:
+
+    mock_index = 1
+
+    # {{{ init(jira, index, issue, key, fields) - Instantiate an abstract representation of an issue
+    def __init__(self, jira, index=0, issue=None, key=None, fields=None):
+        self._jira = jira
+        self._index = index
+        self._issue = issue
+        self._fields = fields
+        self._key = key if key else u'DRY-{:03d}'.format(Issue.mock_index)
+        if not key and not issue:
+            Issue.mock_index += 1
+    # }}}
+
+    # {{{ getattr(key) - Get attribute from issue
+    def __getattr__(self, key):
+        if key == 'index':
+            return self._index
+        if self._issue:
+            value = self._issue.__getattr__(key)
+            return WrappedDictionary(value) if key == 'fields' else value
+        elif self._fields:
+            if key == 'key':
+                return self._key
+            elif key == 'fields':
+                return WrappedDictionary(self._fields)
+        return None
+    # }}}
+
+    # {{{ getitem(key) - Get item from issue
+    def __getitem__(self, key):
+        return self.__getattr__(key)
+    # }}}
+
+    # {{{ str() - Get a string representation of the issue
+    def __str__(self):
+        summary = self.fields.summary.strip()
+        labels = self.fields.labels
+        if len(labels) > 0:
+            return u'[{}] {} ({})'.format(self.key, summary, ', '.join(labels))
+        else:
+            return u'[{}] {}'.format(self.key, summary)
+    # }}}
+
+    # {{{ clone(..., dry_run) - Create a clone of the issue, resetting any provided fields)
+    def clone(self, **kwargs):
+        dry_run = kwargs['dry_run'] if 'dry_run' in kwargs else False
+        fields = self.fields.to_dict()
+        whitelisted_fields = [
+            'project', 'summary', 'description', 'issuetype', 'labels', 'parent', 'priority',
+            self._jira.custom_fields_by_name['Target Version/s'],
+        ]
+        if 'parent' not in kwargs:
+            whitelisted_fields += [
+                self._jira.custom_fields_by_name['Epic Link'],
+                self._jira.custom_fields_by_name['Preconditions'],
+                self._jira.custom_fields_by_name['Test Steps'],
+                self._jira.custom_fields_by_name['Acceptance Criteria'],
+                self._jira.custom_fields_by_name['Primary Test Environment'],
+            ]
+        for key in kwargs:
+            value = kwargs[key]
+            if key == 'parent' and type(value) in (str, unicode):
+                fields[key] = { 'key' : value }
+            elif key == 'version':
+                fields[self._jira.custom_fields_by_name['Target Version/s']] = [{ 'name' : value }]
+            else:
+                fields[key] = value
+        for key in [key for key in fields if key not in whitelisted_fields]:
+            del fields[key]
+        new_issue = self._jira.create(fields, dry_run=dry_run)
+        return new_issue
+    # }}}
+
+# }}}
+
+# {{{ Dictionary with attribute getters
+class WrappedDictionary:
+    def __init__(self, dictionary):
+        self.dictionary = dictionary
+
+    def __getattr__(self, key):
+        return self.__getitem__(key)
+
+    def __getitem__(self, key):
+        return self.dictionary[key]
+
+    def to_dict(self):
+        return dict(self.dictionary)
+
+# }}}
diff --git a/release-tools/testing/login_manager.py b/release-tools/testing/login_manager.py
new file mode 100644
index 0000000000..08a4e1412a
--- /dev/null
+++ b/release-tools/testing/login_manager.py
@@ -0,0 +1,60 @@
+# {{{ Dependencies
+
+from __future__ import print_function
+import sys
+
+try:
+    from getpass import getpass
+except:
+    def getpass(message): return raw_input(message)
+
+try:
+    from keyring import get_password, set_password
+except:
+    def get_password(account, user): return None
+    def set_password(account, user, password): pass
+
+# Python 2.x fix; raw_input was renamed to input in Python 3
+try: input = raw_input
+except NameError: pass
+
+# }}}
+
+# {{{ prompt(message, secret) - Get input from user; if secret is true, hide the input
+def prompt(message, secret=False):
+    try:
+        return getpass(message) if secret else input(message)
+    except:
+        print()
+        return ''
+# }}}
+
+# {{{ confirm(message, auto_yes) - Request confirmation from user and proceed if the response is 'yes'
+def confirm(message, auto_yes=False):
+    if auto_yes:
+        print(message.replace('?', '.'))
+        return
+    if not prompt(u'{} (y/N) '.format(message)).lower().strip().startswith('y'):
+        sys.exit(1)
+# }}}
+
+# {{{ login(account, user, password, use_keyring) - Present user with login prompt and return the provided username and password. If use_keyring is true, use previously provided password (if any)
+def login(account, user=None, password=None, use_keyring=True):
+    if not user:
+        user = prompt('Username: ')
+        user = u'{}@r3.com'.format(user) if '@' not in user else user
+        if not user: return (None, None)
+    else:
+        user = u'{}@r3.com'.format(user) if '@' not in user else user
+        print('Username: {}'.format(user))
+    password = get_password(account, user) if password is None and use_keyring else password
+    if not password:
+        password = prompt('Password: ', secret=True)
+        if not password: return (None, None)
+    else:
+        print('Password: ********')
+    if use_keyring:
+        set_password(account, user, password)
+    print()
+    return (user, password)
+# }}}
diff --git a/release-tools/testing/requirements.txt b/release-tools/testing/requirements.txt
new file mode 100644
index 0000000000..b4bc32760d
--- /dev/null
+++ b/release-tools/testing/requirements.txt
@@ -0,0 +1,3 @@
+jira==2.0.0
+keyring==13.1.0
+termcolor==1.1.0
diff --git a/release-tools/testing/test-manager b/release-tools/testing/test-manager
new file mode 100755
index 0000000000..96bfd97a36
--- /dev/null
+++ b/release-tools/testing/test-manager
@@ -0,0 +1,312 @@
+#!/usr/bin/env python
+
+# {{{ Dependencies
+from __future__ import print_function
+import sys
+from args import Program
+from login_manager import login, confirm
+from jira_manager import Jira
+# }}}
+
+# {{{ Dependencies for printing coloured content to the console
+try:
+    from termcolor import colored
+    def blue(message): return colored(message, 'blue')
+    def green(message): return colored(message, 'green')
+    def red(message): return colored(message, 'red')
+    def yellow(message): return colored(message, 'yellow')
+    def faint(message): return colored(message, 'white', attrs=['dark'])
+    def on_green(message): return colored(message, 'white', 'on_green')
+    def on_red(message): return colored(message, 'white', 'on_red')
+    def blue_on_white(message): return colored(message, 'blue', 'on_white')
+    def yellow_on_white(message): return colored(message, 'yellow', 'on_white')
+except:
+    def blue(message): return u'[{}]'.format(message)
+    def green(message): return message
+    def red(message): return message
+    def yellow(message): return message
+    def faint(message): return message
+    def on_green(message): return message
+    def on_red(message): return message
+    def blue_on_white(message): return message
+    def yellow_on_white(message): return message
+# }}}
+
+# {{{ Mapping from product code to product name
+product_map = {
+    'OS'   : 'Corda',
+    'ENT'  : 'Corda Enterprise',
+    'NS'   : 'Corda Network Services',
+    'TEST' : 'Corda', # for demo and test purposes
+}
+# }}}
+
+# {{{ JIRA queries
+QUERY_LIST_TEST_CASES = \
+    u'project = R3T AND type = "Platform Test Template" AND status = Active AND labels = "{}" ORDER BY key'
+QUERY_LIST_TEST_INSTANCES = \
+    u'project = R3T AND type = "Platform Test" AND labels = "{}" AND "Target Version/s" = "{}" ORDER BY key'
+QUERY_LIST_TEST_INSTANCE_FOR_TICKET = \
+    u'project = R3T AND type = "Platform Test" AND labels = "{}" AND "Target Version/s" = "{}" AND issue IN linkedIssues({})'
+QUERY_LIST_ALL_TEST_RUNS_FOR_TICKET = \
+    u'project = R3T AND type = "Platform Test Run" AND labels = "{}" AND parent = {} ORDER BY "Target Version/S"'
+QUERY_LIST_TEST_RUN_FOR_TICKET = \
+    u'project = R3T AND type = "Platform Test Run" AND labels = "{}" AND "Target Version/s" = "{}" AND parent = {}'
+QUERY_LIST_BLOCKING_TEST_CASES = \
+    u'project = R3T AND type = "Platform Test Template" AND labels = "{}" AND issue IN linkedIssues({}, "Blocks")'
+# }}}
+
+# {{{ list_test_cases() - List active test cases for a specific product
+def list_test_cases(args):
+    user, password = login('jira', args.user)
+    if not user or not password: sys.exit(1)
+    jira = Jira().login(user, password)
+    print(u'List of active test cases for {}:'.format(yellow(product_map[args.PRODUCT])))
+    if args.verbose:
+        print(faint('[{}]'.format(QUERY_LIST_TEST_CASES.format(args.PRODUCT))))
+    print()
+    has_tests = False
+    for issue in jira.search(QUERY_LIST_TEST_CASES, args.PRODUCT):
+        print(u' - {} {}'.format(blue(issue.key), issue.fields.summary))
+        has_tests = True
+    if not has_tests:
+        print(u' - No active test cases found')
+    print()
+# }}}
+
+# {{{ show_status() - Show the status of all test runs for a specific release or release candidate
+def show_status(args):
+    user, password = login('jira', args.user)
+    if not user or not password: sys.exit(1)
+    jira = Jira().login(user, password)
+    version = '{} {}'.format(product_map[args.PRODUCT], args.VERSION).replace('.0', '')
+    candidate = '{} RC{:02d}'.format(version, args.CANDIDATE) if args.CANDIDATE else version
+    if args.CANDIDATE:
+        print(u'Status of test runs for {} version {} release candidate {}:'.format(yellow(product_map[args.PRODUCT]), yellow(args.VERSION), yellow('RC{:02d}'.format(args.CANDIDATE))))
+    else:
+        print(u'Status of test runs for {} version {}:'.format(yellow(product_map[args.PRODUCT]), yellow(args.VERSION)))
+    if args.verbose:
+        print(faint('[{}]'.format(QUERY_LIST_TEST_INSTANCES.format(args.PRODUCT, version))))
+    print()
+    has_tests = False
+    for issue in jira.search(QUERY_LIST_TEST_INSTANCES, args.PRODUCT, version):
+        status = issue.fields.status['name'].lower()
+        if status == 'pass':
+            status = on_green('Pass')
+        elif status == 'fail':
+            status = on_red('Fail')
+        elif status == 'descope':
+            status = on_green('Descoped')
+        else:
+            status = ''
+        print(u' - {} {} {}'.format(blue(issue.key), issue.fields.summary, status))
+        has_test_runs = False
+        if args.CANDIDATE:
+            if args.verbose:
+                print(faint('   [{}]'.format(QUERY_LIST_TEST_RUN_FOR_TICKET.format(args.PRODUCT, candidate, issue.key))))
+            run_list = jira.search(QUERY_LIST_TEST_RUN_FOR_TICKET, args.PRODUCT, candidate, issue.key)
+        else:
+            if args.verbose:
+                print(faint('   [{}]'.format(QUERY_LIST_ALL_TEST_RUNS_FOR_TICKET.format(args.PRODUCT, issue.key))))
+            run_list = jira.search(QUERY_LIST_ALL_TEST_RUNS_FOR_TICKET, args.PRODUCT, issue.key)
+        for run in run_list:
+            has_test_runs = True
+            print()
+            status = run.fields.status['name'].lower()
+            if status == 'pass':
+                status = on_green('Pass    ')
+            elif status == 'fail':
+                status = on_red('Fail    ')
+            elif status == 'descope':
+                status = on_green('Descoped')
+            elif status == 'in progress':
+                status = yellow_on_white('Active  ')
+            else:
+                status = blue_on_white('Open    ')
+            print(u'    {} {} ({})'.format(status, faint(run.fields[jira.custom_fields_by_name['Target Version/s']][0]['name']), blue(run.key)))
+        if not has_test_runs:
+            print()
+            print(u'    - No release candidate tests found')
+        print()
+        has_tests = True
+    if not has_tests:
+        print(u' - No test cases found for the specified release')
+    print()
+# }}}
+
+# {{{ create_version() - Create a new JIRA version
+def create_version(args):
+    user, password = login('jira', args.user)
+    if not user or not password: sys.exit(1)
+    jira = Jira().login(user, password)
+    version = '{} {}'.format(product_map[args.PRODUCT], args.VERSION).replace('.0', '')
+    version = '{} RC{:02d}'.format(version, args.CANDIDATE) if args.CANDIDATE else version
+    confirm(u'Create new version {}?'.format(yellow(version)), auto_yes=args.yes or args.dry_run)
+    print()
+    if not args.dry_run:
+        for project in ['CORDA', 'ENT', 'ENM', 'R3T', 'CID']:
+            print(u' - Creating version {} for project {} ...'.format(yellow(version), blue(project)))
+            try:
+                jira.jira.create_version(name=version, project=project, description=version)
+                print(u'   {} - Created version for project {}'.format(green('SUCCESS'), blue(project)))
+            except Exception as error:
+                print(u'   {} - Failed to version: {}'.format(red('FAIL'), error))
+            print()
+
+
+# }}}
+
+# {{{ create_release() - Create test cases for a specific version of a product
+def create_release(args):
+    user, password = login('jira', args.user)
+    if not user or not password: sys.exit(1)
+    jira = Jira().login(user, password)
+    version = '{} {}'.format(product_map[args.PRODUCT], args.VERSION).replace('.0', '')
+    confirm(u'Create test cases for {} version {}?'.format(yellow(product_map[args.PRODUCT]), yellow(args.VERSION)), auto_yes=args.yes or args.dry_run)
+    if args.verbose:
+        print(faint('[{}]'.format(QUERY_LIST_TEST_CASES.format(args.PRODUCT))))
+    print()
+    has_tests = False
+    for issue in jira.search(QUERY_LIST_TEST_CASES, args.PRODUCT):
+        print(u' - {} {}'.format(blue(issue.key), issue.fields.summary))
+        print()
+        has_tests = True
+        print(u'    - Creating test case for version {} ...'.format(yellow(args.VERSION)))
+        if args.verbose:
+            print(faint(u'      [{}]'.format(QUERY_LIST_TEST_INSTANCE_FOR_TICKET.format(args.PRODUCT, version, issue.key))))
+        has_test_case_for_version = len(list(jira.search(QUERY_LIST_TEST_INSTANCE_FOR_TICKET.format(args.PRODUCT, version, issue.key))))
+        if has_test_case_for_version:
+            print(u'      {} - Test case for version already exists'.format(yellow('SKIPPED')))
+        else:
+            try:
+                test_case = issue.clone(issuetype='Platform Test', version=version, dry_run=args.dry_run)
+                print(u'      {} - Created ticket {}'.format(green('SUCCESS'), blue(test_case.key)))
+            except Exception as error:
+                print(u'      {} - Failed to create ticket: {}'.format(red('FAIL'), error))
+            print()
+            print(u'    - Linking test case to template ...')
+            try:
+                jira.link(issue.key, test_case.key, dry_run=args.dry_run)
+                print(u'      {} - Linked {} to {}'.format(green('SUCCESS'), blue(issue.key), blue(test_case.key)))
+            except Exception as error:
+                print(u'      {} - Failed to link tickets: {}'.format(red('FAIL'), error))
+        print()
+    print(u'Copying links from test templates for {} version {}?'.format(yellow(product_map[args.PRODUCT]), yellow(args.VERSION)))
+    print()
+    for issue in jira.search(QUERY_LIST_TEST_CASES, args.PRODUCT):
+        print(u' - {} {}'.format(blue(issue.key), issue.fields.summary))
+        print()
+        print(u'    - Copying links for test case {} ...'.format(blue(issue.key)))
+        has_links = False
+        if args.verbose:
+            print(faint(u'      [{}]'.format(QUERY_LIST_BLOCKING_TEST_CASES.format(args.PRODUCT, issue.key))))
+        for blocking_issue in jira.search(QUERY_LIST_BLOCKING_TEST_CASES, args.PRODUCT, issue.key):
+            from_ticket = list(jira.search(QUERY_LIST_TEST_INSTANCE_FOR_TICKET.format(args.PRODUCT, version, issue.key)))
+            to_ticket = list(jira.search(QUERY_LIST_TEST_INSTANCE_FOR_TICKET.format(args.PRODUCT, version, blocking_issue.key)))
+            if len(from_ticket) == 0 or len(to_ticket) == 0:
+                continue
+            has_links = True
+            from_key = from_ticket[0].key
+            to_key = to_ticket[0].key
+            try:
+                jira.link(from_key, to_key, Jira.BLOCKS, dry_run=args.dry_run)
+                print(u'      {} - Linked {} to {}'.format(green('SUCCESS'), blue(from_key), blue(to_key)))
+            except Exception as error:
+                print(u'      {} - Failed to link tickets {} and {}: {}'.format(red('FAIL'), blue(from_key), blue(to_key), error))
+        if not has_links:
+            print(u'      {} - No relevant links found for ticket {}'.format(yellow('SKIPPED'), blue(issue.key)))
+        print()
+    if not has_tests:
+        print(u' - No active test cases found')
+        print()
+# }}}
+
+# {{{ create_release_candidate() - Create test run tickets for a specific release candidate of a product
+def create_release_candidate(args):
+    user, password = login('jira', args.user)
+    if not user or not password: sys.exit(1)
+    jira = Jira().login(user, password)
+    version = '{} {}'.format(product_map[args.PRODUCT], args.VERSION).replace('.0', '')
+    CANDIDATE = args.CANDIDATE[0]
+    candidate = '{} RC{:02d}'.format(version, CANDIDATE)
+    confirm(u'Create test run tickets for {} version {} release candidate {}?'.format(yellow(product_map[args.PRODUCT]), yellow(args.VERSION), yellow('RC{:02d}'.format(CANDIDATE))), auto_yes=args.yes or args.dry_run)
+    if args.verbose:
+        print(faint('[{}]'.format(QUERY_LIST_TEST_INSTANCES.format(args.PRODUCT, version))))
+    print()
+    has_tests = False
+    for issue in jira.search(QUERY_LIST_TEST_INSTANCES, args.PRODUCT, version):
+        print(u' - {} {}'.format(blue(issue.key), issue.fields.summary))
+        epic_field = jira.custom_fields_by_name['Epic Link']
+        epic = issue.fields[epic_field] if epic_field in issue.fields.to_dict() else ''
+        labels = issue.fields.labels + [epic]
+        print()
+        has_tests = True
+        print(u'    - Creating test run ticket for release candidate {} ...'.format(yellow('RC{:02d}'.format(CANDIDATE))))
+        if args.verbose:
+            print(faint(u'      [{}]'.format(QUERY_LIST_TEST_RUN_FOR_TICKET.format(args.PRODUCT, candidate, issue.key))))
+        has_test_instance_for_version = len(list(jira.search(QUERY_LIST_TEST_RUN_FOR_TICKET.format(args.PRODUCT, candidate, issue.key))))
+        if has_test_instance_for_version:
+            print(u'      {} - Ticket for release candidate already exists'.format(yellow('SKIPPED')))
+        else:
+            try:
+                test_case = issue.clone(issuetype='Platform Test Run', version=candidate, parent=issue.key, labels=labels, dry_run=args.dry_run)
+                print(u'      {} - Created ticket {}'.format(green('SUCCESS'), blue(test_case.key)))
+            except Exception as error:
+                print(u'      {} - Failed to create ticket: {}'.format(red('FAIL'), error))
+        print()
+    if not has_tests:
+        print(u' - No active test cases found')
+        print()
+# }}}
+
+# {{{ main() - Entry point
+def main():
+    with Program(description='tool for managing test cases and test runs in JIRA') as program:
+
+        PRODUCTS = ['OS', 'ENT', 'NS', 'TEST']
+
+        program.add('--verbose', '-v', help='turn on verbose logging', action='store_true')
+        program.add('--yes', '-y', help='automatically answer "yes" to all prompts', action='store_true')
+        program.add('--user', '-u', help='the user name or email address used to log in to JIRA', type=str, metavar='USER')
+        program.add('--no-keyring', help='do not retrieve passwords persisted in the keyring', action='store_true')
+
+        def mixin_dry_run(command):
+            command.add('--dry-run', '-d', help='run action without applying any changes to JIRA', action='store_true')
+
+        def mixin_product(command):
+            command.add('PRODUCT', help='the product under test (OS, ENT, NS)', choices=PRODUCTS, metavar='PRODUCT')
+
+        def mixin_version_and_product(command):
+            mixin_product(command)
+            command.add('VERSION', help='the target version of the release, e.g., 4.0', type=float)
+
+        def mixin_candidate(command, optional=False):
+            if optional:
+                nargs = '?'
+            else:
+                nargs = 1
+            command.add('CANDIDATE', help='the number of the release candidate, e.g., 1 for RC01', type=int, nargs=nargs)
+
+        with program.command('list-tests', 'list test cases applicable to the provided specification', list_test_cases) as command:
+            mixin_product(command)
+
+        with program.command('status', 'show the status of all test runs for a specific release or release candidate', show_status) as command:
+            mixin_version_and_product(command)
+            mixin_candidate(command, True)
+
+        with program.command('create-version', 'create a new version in JIRA', create_version) as command:
+            mixin_dry_run(command)
+            mixin_version_and_product(command)
+            mixin_candidate(command, True)
+
+        with program.command('create-release-tests', 'create test cases for a new release in JIRA', create_release) as command:
+            mixin_dry_run(command)
+            mixin_version_and_product(command)
+
+        with program.command('create-release-candidate-tests', 'create test runs for a new release candidate in JIRA', create_release_candidate) as command:
+            mixin_dry_run(command)
+            mixin_version_and_product(command)
+            mixin_candidate(command)
+# }}}
+
+if __name__ == '__main__': main()

From 1e72298a461b755ef82c7a81db87660b4602a5d5 Mon Sep 17 00:00:00 2001
From: szymonsztuka <szymon.sztuka@r3.com>
Date: Tue, 2 Oct 2018 20:45:50 +0100
Subject: [PATCH 04/83] CORDA-1915 Update to Network Bootstrapper for signed
 JARs (#4008)

The cordapp and cordformation plugins (from v4.0.30) are going to have ability to sign JARs (in cordformation signing will be by default), to enable signature constraints to work out of box Network Bootstrapper will not whitelist contracts form signed JARs.
For unsigned JARs the Network Bootstrapper behaviour is unchanged.
---
 docs/source/network-bootstrapper.rst                     | 8 +++++---
 .../nodeapi/internal/network/NetworkBootstrapper.kt      | 9 ++++++++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/docs/source/network-bootstrapper.rst b/docs/source/network-bootstrapper.rst
index a1d33d0034..4cc6ec559d 100644
--- a/docs/source/network-bootstrapper.rst
+++ b/docs/source/network-bootstrapper.rst
@@ -87,9 +87,11 @@ Any CorDapps provided when bootstrapping a network will be scanned for contracts
 The CorDapp JARs will be hashed and scanned for ``Contract`` classes. These contract class implementations will become part
 of the whitelisted contracts in the network parameters (see ``NetworkParameters.whitelistedContractImplementations`` :doc:`network-map`).
 
-By default the bootstrapper will whitelist all the contracts found in all the CorDapp JARs. To prevent certain
-contracts from being whitelisted, add their fully qualified class name in the ``exclude_whitelist.txt``. These will instead
-use the more restrictive ``HashAttachmentConstraint``.
+By default the bootstrapper will whitelist all the contracts found in the unsigned CorDapp JARs (a JAR file not signed by jarSigner tool).
+Whitelisted contracts are checked by `Zone constraints`, while contract classes from signed JARs will be checked by `Signature constraints`.
+To prevent certain contracts from unsigned JARs from being whitelisted, add their fully qualified class name in the ``exclude_whitelist.txt``.
+These will instead use the more restrictive ``HashAttachmentConstraint``.
+Refer to :doc:`api-contract-constraints` to understand the implication of different constraint types before adding ``exclude_whitelist.txt`` files.
 
 For example:
 
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
index d0c987d1be..0a80988f27 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
@@ -34,6 +34,7 @@ import java.time.Instant
 import java.util.*
 import java.util.concurrent.Executors
 import java.util.concurrent.TimeUnit
+import java.util.jar.JarInputStream
 import kotlin.collections.component1
 import kotlin.collections.component2
 import kotlin.collections.set
@@ -208,7 +209,7 @@ internal constructor(private val initSerEnv: Boolean,
             println("Gathering notary identities")
             val notaryInfos = gatherNotaryInfos(nodeInfoFiles, configs)
             println("Generating contract implementations whitelist")
-            val newWhitelist = generateWhitelist(existingNetParams, readExcludeWhitelist(directory), cordappJars.map(contractsJarConverter))
+            val newWhitelist = generateWhitelist(existingNetParams, readExcludeWhitelist(directory), cordappJars.filter { !isSigned(it) }.map(contractsJarConverter))
             val newNetParams = installNetworkParameters(notaryInfos, newWhitelist, existingNetParams, nodeDirs)
             if (newNetParams != existingNetParams) {
                 println("${if (existingNetParams == null) "New" else "Updated"} $newNetParams")
@@ -398,4 +399,10 @@ internal constructor(private val initSerEnv: Boolean,
             return magic == amqpMagic && target == SerializationContext.UseCase.P2P
         }
     }
+
+    private fun isSigned(file: Path): Boolean = file.read {
+        JarInputStream(it).use {
+            JarSignatureCollector.collectSigningParties(it).isNotEmpty()
+        }
+    }
 }

From 149b6034e1b1bf5c71abd2f4910c0e14c6276efe Mon Sep 17 00:00:00 2001
From: Patrick Kuo <patrick.kuo@r3.com>
Date: Wed, 3 Oct 2018 08:59:31 +0100
Subject: [PATCH 05/83]  CORDA-2016 Add unit tests to ensure SNI header
 generation will not be changed by accident (#4014)

* Add test for SNI header to prevent changing it accidentally.

* added hardcoded values test to ensure hashing function and corda x500 name format can't be changed
---
 .../internal/protonwrapper/netty/SSLHelper.kt |  2 +-
 .../protonwrapper/netty/SSLHelperTest.kt      | 35 +++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt

diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
index 9850e6a8ce..2024be3359 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
@@ -167,5 +167,5 @@ internal fun x500toHostName(x500Name: CordaX500Name): String {
     val secureHash = SecureHash.sha256(x500Name.toString())
     // RFC 1035 specifies a limit 255 bytes for hostnames with each label being 63 bytes or less. Due to this, the string
     // representation of the SHA256 hash is truncated to 32 characters.
-    return String.format(HOSTNAME_FORMAT, secureHash.toString().substring(0..32).toLowerCase())
+    return String.format(HOSTNAME_FORMAT, secureHash.toString().take(32).toLowerCase())
 }
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
new file mode 100644
index 0000000000..54d42edd0d
--- /dev/null
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
@@ -0,0 +1,35 @@
+package net.corda.nodeapi.internal.protonwrapper.netty
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.utilities.NetworkHostAndPort
+import net.corda.nodeapi.internal.config.CertificateStore
+import net.corda.testing.internal.configureTestSSL
+import org.junit.Test
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.SNIHostName
+import javax.net.ssl.TrustManagerFactory
+import kotlin.test.assertEquals
+
+class SSLHelperTest {
+    @Test
+    fun `ensure SNI header in correct format`() {
+        val legalName = CordaX500Name("Test", "London", "GB")
+        val sslConfig = configureTestSSL(legalName)
+
+        val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
+        val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+
+        keyManagerFactory.init(CertificateStore.fromFile(sslConfig.keyStore.path, sslConfig.keyStore.password, false))
+        trustManagerFactory.init(initialiseTrustStoreAndEnableCrlChecking(CertificateStore.fromFile(sslConfig.trustStore.path, sslConfig.trustStore.password, false), false))
+
+        val sslHandler = createClientSslHelper(NetworkHostAndPort("localhost", 1234), setOf(legalName), keyManagerFactory, trustManagerFactory)
+        val legalNameHash = SecureHash.sha256(legalName.toString()).toString().take(32).toLowerCase()
+
+        // These hardcoded values must not be changed, something is broken if you have to change these hardcoded values.
+        assertEquals("O=Test, L=London, C=GB", legalName.toString())
+        assertEquals("f3df3c01a5f5aa5b9d394680cde3a414", legalNameHash)
+        assertEquals(1, sslHandler.engine().sslParameters.serverNames.size)
+        assertEquals("$legalNameHash.corda.net", (sslHandler.engine().sslParameters.serverNames.first() as SNIHostName).asciiName)
+    }
+}
\ No newline at end of file

From ff9bf68e373bce75a81319f8bacd62b00f825502 Mon Sep 17 00:00:00 2001
From: Michele Sollecito <michele.sollecito@gmail.com>
Date: Wed, 3 Oct 2018 11:18:28 +0200
Subject: [PATCH 06/83] [ENT-2545]: Failing flow sent to Hospital does not log
 any ERROR's (fixed). (#4015)

---
 .../main/kotlin/net/corda/node/services/CoreFlowHandlers.kt | 2 ++
 .../node/services/statemachine/FlowStateMachineImpl.kt      | 2 +-
 .../corda/node/services/statemachine/StaffedFlowHospital.kt | 6 +++++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt b/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
index c350b81849..df2a1ec019 100644
--- a/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
+++ b/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
@@ -20,6 +20,8 @@ class FinalityHandler(private val sender: FlowSession) : FlowLogic<Unit>() {
     override fun call() {
         subFlow(ReceiveTransactionFlow(sender, true, StatesToRecord.ONLY_RELEVANT))
     }
+
+    internal fun sender(): Party = sender.counterparty
 }
 
 class NotaryChangeHandler(otherSideSession: FlowSession) : AbstractStateReplacementFlow.Acceptor<Party>(otherSideSession) {
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt
index 3b099e5c9a..4fcd24e7d6 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt
@@ -218,7 +218,7 @@ class FlowStateMachineImpl<R>(override val id: StateMachineRunId,
             suspend(FlowIORequest.WaitForSessionConfirmations, maySkipCheckpoint = true)
             Try.Success(result)
         } catch (throwable: Throwable) {
-            logger.info("Flow threw exception... sending to flow hospital", throwable)
+            logger.info("Flow threw exception... sending it to flow hospital", throwable)
             Try.Failure<R>(throwable)
         }
         val softLocksId = if (hasSoftLockedStates) logic.runId.uuid else null
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/StaffedFlowHospital.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/StaffedFlowHospital.kt
index 1502945568..512497b6b9 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/StaffedFlowHospital.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/StaffedFlowHospital.kt
@@ -217,7 +217,11 @@ class StaffedFlowHospital {
      */
     object FinalityDoctor : Staff {
         override fun consult(flowFiber: FlowFiber, currentState: StateMachineState, newError: Throwable, history: MedicalHistory): Diagnosis {
-            return if (currentState.flowLogic is FinalityHandler) Diagnosis.OVERNIGHT_OBSERVATION else Diagnosis.NOT_MY_SPECIALTY
+            return (currentState.flowLogic as? FinalityHandler)?.let { logic -> Diagnosis.OVERNIGHT_OBSERVATION.also { warn(logic, flowFiber, currentState) } } ?: Diagnosis.NOT_MY_SPECIALTY
+        }
+
+        private fun warn(flowLogic: FinalityHandler, flowFiber: FlowFiber, currentState: StateMachineState) {
+            log.warn("Flow ${flowFiber.id} failed to be finalised. Manual intervention may be required before retrying the flow by re-starting the node. State machine state: $currentState, initiating party was: ${flowLogic.sender().name}")
         }
     }
 }

From beb4dc008f90a1dfc390e1137a09eacd861740aa Mon Sep 17 00:00:00 2001
From: Michele Sollecito <michele.sollecito@gmail.com>
Date: Wed, 3 Oct 2018 12:31:20 +0200
Subject: [PATCH 07/83] [ENT-2545]: Fixed broken unit test. (#4019)

---
 .../corda/node/services/statemachine/RetryFlowMockTest.kt   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/node/src/test/kotlin/net/corda/node/services/statemachine/RetryFlowMockTest.kt b/node/src/test/kotlin/net/corda/node/services/statemachine/RetryFlowMockTest.kt
index 82f4d45a82..7822e6f136 100644
--- a/node/src/test/kotlin/net/corda/node/services/statemachine/RetryFlowMockTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/statemachine/RetryFlowMockTest.kt
@@ -3,6 +3,7 @@ package net.corda.node.services.statemachine
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.flows.*
+import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.internal.FlowStateMachine
 import net.corda.core.internal.concurrent.flatMap
@@ -15,6 +16,7 @@ import net.corda.node.services.FinalityHandler
 import net.corda.node.services.messaging.Message
 import net.corda.node.services.persistence.DBTransactionStorage
 import net.corda.nodeapi.internal.persistence.contextTransaction
+import net.corda.testing.core.TestIdentity
 import net.corda.testing.node.internal.*
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatThrownBy
@@ -136,10 +138,10 @@ class RetryFlowMockTest {
     @Test
     fun `Patient records do not leak in hospital when using killFlow`() {
         // Make sure we have seen an update from the hospital, and thus the flow went there.
+        val alice = TestIdentity(CordaX500Name.parse("L=London,O=Alice Ltd,OU=Trade,C=GB")).party
         val records = nodeA.smm.flowHospital.track().updates.toBlocking().toIterable().iterator()
         val flow: FlowStateMachine<Unit> = nodeA.services.startFlow(FinalityHandler(object : FlowSession() {
-            override val counterparty: Party
-                get() = TODO("not implemented")
+            override val counterparty = alice
 
             override fun getCounterpartyFlowInfo(maySkipCheckpoint: Boolean): FlowInfo {
                 TODO("not implemented")

From 7edc18f85deb0b18171dc63f37d1dfa8ea87e4c3 Mon Sep 17 00:00:00 2001
From: josecoll <jose.coll@r3cev.com>
Date: Wed, 3 Oct 2018 13:41:25 +0100
Subject: [PATCH 08/83] CORDA-1997 Added constraint type information to vault
 states table. (#3975)

* Added constraint type information to vault states table.

* Added Vault Query criteria support for constraint data.

* Added documentation and changelog entry.

* Added missing @CordaSerializable.

* Fix minor bug in test setup and parsing code.

* Use binary encoding data types instead of serialize/deserialize.

* Optimized storage of constraints data.
Additional assertions on Vault Query constraint data contents (to validate encoding/decoding).
Tested with CompositeKey containing 10 keys.

* Addressing PR review feedback.

* Query by constraints type and data.

* Revert back accidentally removed code for contractStateType filtering.

* Incorporating final PR review feedback. Use @JvmOverloads on constructor.

* Make sure constraintInfo is class evolution friendly.
---
 .../corda/core/node/services/VaultService.kt  |  74 +++++++--
 .../core/node/services/vault/QueryCriteria.kt |   6 +-
 .../node/services/vault/QueryCriteriaUtils.kt |   3 +-
 docs/source/api-contract-constraints.rst      |   2 +
 docs/source/api-vault-query.rst               |  19 ++-
 docs/source/changelog.rst                     |   2 +
 .../vault/HibernateQueryCriteriaParser.kt     |  35 ++++-
 .../node/services/vault/NodeVaultService.kt   |  13 +-
 .../corda/node/services/vault/VaultSchema.kt  |  12 +-
 .../vault-schema.changelog-master.xml         |   1 +
 .../migration/vault-schema.changelog-v6.xml   |  17 ++
 .../node/services/vault/VaultQueryTests.kt    | 147 ++++++++++++++++++
 .../testing/internal/vault/VaultFiller.kt     |   6 +-
 13 files changed, 316 insertions(+), 21 deletions(-)
 create mode 100644 node/src/main/resources/migration/vault-schema.changelog-v6.xml

diff --git a/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt b/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
index 20d1984d8d..43b71bf966 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
@@ -5,6 +5,7 @@ import net.corda.core.DeleteForDJVM
 import net.corda.core.DoNotImplement
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.contracts.*
+import net.corda.core.crypto.Crypto
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowException
 import net.corda.core.flows.FlowLogic
@@ -18,6 +19,7 @@ import net.corda.core.serialization.CordaSerializable
 import net.corda.core.toFuture
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.utilities.NonEmptySet
+import net.corda.core.utilities.toHexString
 import rx.Observable
 import java.time.Instant
 import java.util.*
@@ -125,6 +127,44 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
         RELEVANT, NOT_RELEVANT, ALL
     }
 
+    /**
+     *  Contract constraint information associated with a [ContractState].
+     *  See [AttachmentConstraint]
+     */
+    @CordaSerializable
+    data class ConstraintInfo(val constraint: AttachmentConstraint) {
+        @CordaSerializable
+        enum class Type {
+            ALWAYS_ACCEPT, HASH, CZ_WHITELISTED, SIGNATURE
+        }
+        fun type(): Type {
+            return when (constraint::class.java) {
+                AlwaysAcceptAttachmentConstraint::class.java -> Type.ALWAYS_ACCEPT
+                HashAttachmentConstraint::class.java -> Type.HASH
+                WhitelistedByZoneAttachmentConstraint::class.java -> Type.CZ_WHITELISTED
+                SignatureAttachmentConstraint::class.java -> Type.SIGNATURE
+                else -> throw IllegalArgumentException("Invalid constraint type: $constraint")
+            }
+        }
+        fun data(): ByteArray? {
+            return when (type()) {
+                Type.HASH -> (constraint as HashAttachmentConstraint).attachmentId.bytes
+                Type.SIGNATURE -> (constraint as SignatureAttachmentConstraint).key.encoded
+                else -> null
+            }
+        }
+        companion object {
+            fun constraintInfo(type: Type, data: ByteArray?): ConstraintInfo {
+                return when (type) {
+                    Type.ALWAYS_ACCEPT -> ConstraintInfo(AlwaysAcceptAttachmentConstraint)
+                    Type.HASH -> ConstraintInfo(HashAttachmentConstraint(SecureHash.parse(data!!.toHexString())))
+                    Type.CZ_WHITELISTED -> ConstraintInfo(WhitelistedByZoneAttachmentConstraint)
+                    Type.SIGNATURE -> ConstraintInfo(SignatureAttachmentConstraint(Crypto.decodePublicKey(data!!)))
+                }
+            }
+        }
+    }
+
     @CordaSerializable
     enum class UpdateType {
         GENERAL, NOTARY_CHANGE, CONTRACT_UPGRADE
@@ -151,7 +191,7 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
                                            val otherResults: List<Any>)
 
     @CordaSerializable
-    data class StateMetadata constructor(
+    data class StateMetadata @JvmOverloads constructor(
             val ref: StateRef,
             val contractStateClassName: String,
             val recordedTime: Instant,
@@ -160,18 +200,9 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
             val notary: AbstractParty?,
             val lockId: String?,
             val lockUpdateTime: Instant?,
-            val relevancyStatus: Vault.RelevancyStatus?
+            val relevancyStatus: Vault.RelevancyStatus? = null,
+            val constraintInfo: ConstraintInfo? = null
     ) {
-        constructor(ref: StateRef,
-                    contractStateClassName: String,
-                    recordedTime: Instant,
-                    consumedTime: Instant?,
-                    status: Vault.StateStatus,
-                    notary: AbstractParty?,
-                    lockId: String?,
-                    lockUpdateTime: Instant?
-        ) : this(ref, contractStateClassName, recordedTime, consumedTime, status, notary, lockId, lockUpdateTime, null)
-
         fun copy(
                 ref: StateRef = this.ref,
                 contractStateClassName: String = this.contractStateClassName,
@@ -184,6 +215,19 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
         ): StateMetadata {
             return StateMetadata(ref, contractStateClassName, recordedTime, consumedTime, status, notary, lockId, lockUpdateTime, null)
         }
+        fun copy(
+                ref: StateRef = this.ref,
+                contractStateClassName: String = this.contractStateClassName,
+                recordedTime: Instant = this.recordedTime,
+                consumedTime: Instant? = this.consumedTime,
+                status: Vault.StateStatus = this.status,
+                notary: AbstractParty? = this.notary,
+                lockId: String? = this.lockId,
+                lockUpdateTime: Instant? = this.lockUpdateTime,
+                relevancyStatus: Vault.RelevancyStatus?
+        ): StateMetadata {
+            return StateMetadata(ref, contractStateClassName, recordedTime, consumedTime, status, notary, lockId, lockUpdateTime, relevancyStatus, ConstraintInfo(AlwaysAcceptAttachmentConstraint))
+        }
     }
 
     companion object {
@@ -194,6 +238,12 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
     }
 }
 
+/**
+ * The maximum permissible size of contract constraint type data (for storage in vault states database table).
+ * Maximum value equates to a CompositeKey with 10 EDDSA_ED25519_SHA512 keys stored in.
+ */
+const val MAX_CONSTRAINT_DATA_SIZE = 563
+
 /**
  * A [VaultService] is responsible for securely and safely persisting the current state of a vault to storage. The
  * vault service vends immutable snapshots of the current vault for working with: if you build a transaction based
diff --git a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
index 609434a60b..2ee555dee1 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
@@ -74,6 +74,8 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
     abstract class CommonQueryCriteria : QueryCriteria() {
         abstract val status: Vault.StateStatus
         open val relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+        open val constraintTypes: Set<Vault.ConstraintInfo.Type> = emptySet()
+        open val constraints: Set<Vault.ConstraintInfo> = emptySet()
         abstract val contractStateTypes: Set<Class<out ContractState>>?
         override fun visit(parser: IQueryCriteriaParser): Collection<Predicate> {
             return parser.parseCriteria(this)
@@ -90,7 +92,9 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
             val notary: List<AbstractParty>? = null,
             val softLockingCondition: SoftLockingCondition? = null,
             val timeCondition: TimeCondition? = null,
-            override val relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+            override val relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL,
+            override val constraintTypes: Set<Vault.ConstraintInfo.Type> = emptySet(),
+            override val constraints: Set<Vault.ConstraintInfo> = emptySet()
     ) : CommonQueryCriteria() {
         override fun visit(parser: IQueryCriteriaParser): Collection<Predicate> {
             super.visit(parser)
diff --git a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt
index faac1f7fef..2492313d0b 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteriaUtils.kt
@@ -184,7 +184,8 @@ data class Sort(val columns: Collection<SortColumn>) : BaseSort() {
         STATE_STATUS("stateStatus"),
         RECORDED_TIME("recordedTime"),
         CONSUMED_TIME("consumedTime"),
-        LOCK_ID("lockId")
+        LOCK_ID("lockId"),
+        CONSTRAINT_TYPE("constraintType")
     }
 
     enum class LinearStateAttribute(val attributeName: String) : Attribute {
diff --git a/docs/source/api-contract-constraints.rst b/docs/source/api-contract-constraints.rst
index 3863926981..df09bb5f26 100644
--- a/docs/source/api-contract-constraints.rst
+++ b/docs/source/api-contract-constraints.rst
@@ -51,6 +51,8 @@ upgrade approach is that you can upgrade states regardless of their constraint,
 anticipate a need to do so. But it requires everyone to sign, requires everyone to manually authorise the upgrade,
 consumes notary and ledger resources, and is just in general more complex.
 
+.. _implicit_constraint_types:
+
 How constraints work
 --------------------
 
diff --git a/docs/source/api-vault-query.rst b/docs/source/api-vault-query.rst
index a012b84ea7..2243a6bfea 100644
--- a/docs/source/api-vault-query.rst
+++ b/docs/source/api-vault-query.rst
@@ -78,7 +78,8 @@ and/or composition and a rich set of operators to include:
 There are four implementations of this interface which can be chained together to define advanced filters.
 
 1. ``VaultQueryCriteria`` provides filterable criteria on attributes within the Vault states table: status (UNCONSUMED,
-   CONSUMED), state reference(s), contract state type(s), notaries, soft locked states, timestamps (RECORDED, CONSUMED).
+   CONSUMED), state reference(s), contract state type(s), notaries, soft locked states, timestamps (RECORDED, CONSUMED),
+   state constraints (see :ref:`Constraint Types <implicit_constraint_types>`).
 
 	.. note:: Sensible defaults are defined for frequently used attributes (status = UNCONSUMED, always include soft
 	   locked states).
@@ -260,6 +261,22 @@ Query for unconsumed states for several contract state types:
     :end-before: DOCEND VaultQueryExample3
     :dedent: 12
 
+Query for unconsumed states for specified contract state constraint types and sorted in ascending alphabetical order:
+
+.. literalinclude:: ../../node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
+    :language: kotlin
+    :start-after: DOCSTART VaultQueryExample30
+    :end-before: DOCEND VaultQueryExample30
+    :dedent: 12
+
+Query for unconsumed states for specified contract state constraints (type and data):
+
+.. literalinclude:: ../../node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
+    :language: kotlin
+    :start-after: DOCSTART VaultQueryExample31
+    :end-before: DOCEND VaultQueryExample31
+    :dedent: 12
+
 Query for unconsumed states for a given notary:
 
 .. literalinclude:: ../../node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index 78e75bd607..3017257931 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -9,6 +9,8 @@ Unreleased
 
 * Introduce minimum and target platform version for CorDapps.
 
+* Vault storage of contract state constraints metadata and associated vault query functions to retrieve and sort by constraint type.
+
 * New overload for ``CordaRPCClient.start()`` method allowing to specify target legal identity to use for RPC call.
 
 * Case insensitive vault queries can be specified via a boolean on applicable SQL criteria builder operators. By default queries will be case sensitive.
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt b/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt
index a3fa9aee01..f4d912ffb1 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/HibernateQueryCriteriaParser.kt
@@ -225,6 +225,7 @@ class HibernateQueryCriteriaParser(val contractStateType: Class<out ContractStat
     private val rootEntities = mutableMapOf<Class<out PersistentState>, Root<*>>(Pair(VaultSchemaV1.VaultStates::class.java, vaultStates))
     private val aggregateExpressions = mutableListOf<Expression<*>>()
     private val commonPredicates = mutableMapOf<Pair<String, Operator>, Predicate>()   // schema attribute Name, operator -> predicate
+    private val constraintPredicates = mutableSetOf<Predicate>()
 
     var stateTypes: Vault.StateStatus = Vault.StateStatus.UNCONSUMED
 
@@ -508,7 +509,7 @@ class HibernateQueryCriteriaParser(val contractStateType: Class<out ContractStat
                 else
                     aggregateExpressions
         criteriaQuery.multiselect(selections)
-        val combinedPredicates = commonPredicates.values.plus(predicateSet)
+        val combinedPredicates = commonPredicates.values.plus(predicateSet).plus(constraintPredicates)
         criteriaQuery.where(*combinedPredicates.toTypedArray())
 
         return predicateSet
@@ -561,6 +562,38 @@ class HibernateQueryCriteriaParser(val contractStateType: Class<out ContractStat
             }
         }
 
+        // contract constraint types
+        if (criteria.constraintTypes.isNotEmpty()) {
+            val predicateID = Pair(VaultSchemaV1.VaultStates::constraintType.name, IN)
+            if (commonPredicates.containsKey(predicateID)) {
+                val existingTypes = (commonPredicates[predicateID]!!.expressions[0] as InPredicate<*>).values.map { (it as LiteralExpression).literal }.toSet()
+                if (existingTypes != criteria.constraintTypes) {
+                    log.warn("Enriching previous attribute [${VaultSchemaV1.VaultStates::constraintType.name}] values [$existingTypes] with [${criteria.constraintTypes}]")
+                    commonPredicates.replace(predicateID, criteriaBuilder.and(vaultStates.get<Vault.ConstraintInfo.Type>(VaultSchemaV1.VaultStates::constraintType.name).`in`(criteria.constraintTypes.plus(existingTypes))))
+                }
+            } else {
+                commonPredicates[predicateID] = criteriaBuilder.and(vaultStates.get<Vault.ConstraintInfo.Type>(VaultSchemaV1.VaultStates::constraintType.name).`in`(criteria.constraintTypes))
+            }
+        }
+
+        // contract constraint information (type and data)
+        if (criteria.constraints.isNotEmpty()) {
+            criteria.constraints.forEach { constraint ->
+                val predicateConstraintType = criteriaBuilder.equal(vaultStates.get<Vault.ConstraintInfo>(VaultSchemaV1.VaultStates::constraintType.name), constraint.type())
+                if (constraint.data() != null) {
+                    val predicateConstraintData = criteriaBuilder.equal(vaultStates.get<Vault.ConstraintInfo>(VaultSchemaV1.VaultStates::constraintData.name), constraint.data())
+                    val compositePredicate = criteriaBuilder.and(predicateConstraintType, predicateConstraintData)
+                    if (constraintPredicates.isNotEmpty()) {
+                        val previousPredicate = constraintPredicates.last()
+                        constraintPredicates.clear()
+                        constraintPredicates.add(criteriaBuilder.or(previousPredicate, compositePredicate))
+                    }
+                    else constraintPredicates.add(compositePredicate)
+                }
+                else constraintPredicates.add(criteriaBuilder.or(predicateConstraintType))
+            }
+        }
+
         return emptySet()
     }
 
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
index e3d11f0cab..1d20d8311f 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
@@ -11,8 +11,12 @@ import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.StatesToRecord
 import net.corda.core.node.services.*
 import net.corda.core.node.services.vault.*
+import net.corda.core.node.services.Vault.ConstraintInfo.Companion.constraintInfo
 import net.corda.core.schemas.PersistentStateRef
+import net.corda.core.serialization.SerializationDefaults.STORAGE_CONTEXT
 import net.corda.core.serialization.SingletonSerializeAsToken
+import net.corda.core.serialization.deserialize
+import net.corda.core.serialization.serialize
 import net.corda.core.transactions.*
 import net.corda.core.utilities.*
 import net.corda.node.services.api.SchemaService
@@ -132,12 +136,15 @@ class NodeVaultService(
                 // Adding a new column in the "VaultStates" table was considered the best approach.
                 val keys = stateOnly.participants.map { it.owningKey }
                 val isRelevant = isRelevant(stateOnly, keyManagementService.filterMyKeys(keys).toSet())
+                val constraintInfo = Vault.ConstraintInfo(stateAndRef.value.state.constraint)
                 val stateToAdd = VaultSchemaV1.VaultStates(
                         notary = stateAndRef.value.state.notary,
                         contractStateClassName = stateAndRef.value.state.data.javaClass.name,
                         stateStatus = Vault.StateStatus.UNCONSUMED,
                         recordedTime = clock.instant(),
-                        relevancyStatus = if (isRelevant) Vault.RelevancyStatus.RELEVANT else Vault.RelevancyStatus.NOT_RELEVANT
+                        relevancyStatus = if (isRelevant) Vault.RelevancyStatus.RELEVANT else Vault.RelevancyStatus.NOT_RELEVANT,
+                        constraintType = constraintInfo.type(),
+                        constraintData = constraintInfo.data()
                 )
                 stateToAdd.stateRef = PersistentStateRef(stateAndRef.key)
                 session.save(stateToAdd)
@@ -513,7 +520,9 @@ class NodeVaultService(
                                     vaultState.notary,
                                     vaultState.lockId,
                                     vaultState.lockUpdateTime,
-                                    vaultState.relevancyStatus))
+                                    vaultState.relevancyStatus,
+                                    constraintInfo(vaultState.constraintType, vaultState.constraintData)
+                            ))
                         } else {
                             // TODO: improve typing of returned other results
                             log.debug { "OtherResults: ${Arrays.toString(result.toArray())}" }
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt b/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt
index e12f8fc7ac..8755eccd94 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt
@@ -5,6 +5,7 @@ import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.contracts.UniqueIdentifier
 import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.Party
+import net.corda.core.node.services.MAX_CONSTRAINT_DATA_SIZE
 import net.corda.core.node.services.Vault
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.schemas.PersistentState
@@ -66,7 +67,16 @@ object VaultSchemaV1 : MappedSchema(schemaFamily = VaultSchema.javaClass, versio
 
             /** refers to the last time a lock was taken (reserved) or updated (released, re-reserved) */
             @Column(name = "lock_timestamp", nullable = true)
-            var lockUpdateTime: Instant? = null
+            var lockUpdateTime: Instant? = null,
+
+            /** refers to constraint type (none, hash, whitelisted, signature) associated with a contract state */
+            @Column(name = "constraint_type", nullable = false)
+            var constraintType: Vault.ConstraintInfo.Type,
+
+            /** associated constraint type data (if any) */
+            @Column(name = "constraint_data", length = MAX_CONSTRAINT_DATA_SIZE, nullable = true)
+            @Type(type = "corda-wrapper-binary")
+            var constraintData: ByteArray? = null
     ) : PersistentState()
 
     @Entity
diff --git a/node/src/main/resources/migration/vault-schema.changelog-master.xml b/node/src/main/resources/migration/vault-schema.changelog-master.xml
index a9fbc181c5..0c3d274098 100644
--- a/node/src/main/resources/migration/vault-schema.changelog-master.xml
+++ b/node/src/main/resources/migration/vault-schema.changelog-master.xml
@@ -9,4 +9,5 @@
     <include file="migration/vault-schema.changelog-v4.xml"/>
     <include file="migration/vault-schema.changelog-pkey.xml"/>
     <include file="migration/vault-schema.changelog-v5.xml"/>
+    <include file="migration/vault-schema.changelog-v6.xml"/>
 </databaseChangeLog>
diff --git a/node/src/main/resources/migration/vault-schema.changelog-v6.xml b/node/src/main/resources/migration/vault-schema.changelog-v6.xml
new file mode 100644
index 0000000000..71214f8050
--- /dev/null
+++ b/node/src/main/resources/migration/vault-schema.changelog-v6.xml
@@ -0,0 +1,17 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+    <changeSet author="R3.Corda" id="add_is_constraint_information_columns">
+        <addColumn tableName="vault_states">
+            <column name="constraint_type" type="INT" defaultValue="0">
+                <constraints nullable="false"/>
+            </column>
+        </addColumn>
+        <addColumn tableName="vault_states">
+            <column name="constraint_data" type="varbinary(563)">
+                <constraints nullable="true"/>
+            </column>
+        </addColumn>
+    </changeSet>
+</databaseChangeLog>
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
index 0d9cbe9f68..99010acca7 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
@@ -9,6 +9,7 @@ import net.corda.core.internal.packageName
 import net.corda.core.node.services.*
 import net.corda.core.node.services.vault.*
 import net.corda.core.node.services.vault.QueryCriteria.*
+import net.corda.core.node.services.Vault.ConstraintInfo.Type.*
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.*
@@ -472,6 +473,125 @@ abstract class VaultQueryTestsBase : VaultQueryParties {
         }
     }
 
+    @Test
+    fun `query by contract states constraint type`() {
+        database.transaction {
+            // insert states with different constraint types
+            vaultFiller.fillWithSomeTestLinearStates(1).states.first().state.constraint
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = AlwaysAcceptAttachmentConstraint).states.first().state.constraint
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = WhitelistedByZoneAttachmentConstraint).states.first().state.constraint
+            // hash constraint
+            val linearStateHash = vaultFiller.fillWithSomeTestLinearStates(1, constraint = HashAttachmentConstraint(SecureHash.randomSHA256()))
+            val constraintHash = linearStateHash.states.first().state.constraint as HashAttachmentConstraint
+            // signature constraint (single key)
+            val linearStateSignature = vaultFiller.fillWithSomeTestLinearStates(1, constraint = SignatureAttachmentConstraint(alice.publicKey))
+            val constraintSignature = linearStateSignature.states.first().state.constraint as SignatureAttachmentConstraint
+            // signature constraint (composite key)
+            val compositeKey = CompositeKey.Builder().addKeys(alice.publicKey, bob.publicKey, charlie.publicKey, bankOfCorda.publicKey, bigCorp.publicKey, megaCorp.publicKey, miniCorp.publicKey, cashNotary.publicKey, dummyNotary.publicKey, dummyCashIssuer.publicKey).build()
+            val linearStateSignatureCompositeKey = vaultFiller.fillWithSomeTestLinearStates(1, constraint = SignatureAttachmentConstraint(compositeKey))
+            val constraintSignatureCompositeKey = linearStateSignatureCompositeKey.states.first().state.constraint as SignatureAttachmentConstraint
+
+            // default Constraint Type is ALL
+            val results = vaultService.queryBy<LinearState>()
+            assertThat(results.states).hasSize(6)
+
+            // search for states with Vault.ConstraintInfo.Type = ALWAYS_ACCEPT
+            val constraintTypeCriteria1 = VaultQueryCriteria(constraintTypes = setOf(ALWAYS_ACCEPT))
+            val constraintResults1 = vaultService.queryBy<LinearState>(constraintTypeCriteria1)
+            assertThat(constraintResults1.states).hasSize(1)
+
+            // search for states with [Vault.ConstraintInfo.Type] = HASH
+            val constraintTypeCriteria2 = VaultQueryCriteria(constraintTypes = setOf(HASH))
+            val constraintResults2 = vaultService.queryBy<LinearState>(constraintTypeCriteria2)
+            assertThat(constraintResults2.states).hasSize(2)
+            assertThat(constraintResults2.states.map { it.state.constraint }).containsOnlyOnce(constraintHash)
+
+            // search for states with [Vault.ConstraintInfo.Type] either HASH or CZ_WHITELISED
+            // DOCSTART VaultQueryExample30
+            val constraintTypeCriteria = VaultQueryCriteria(constraintTypes = setOf(HASH, CZ_WHITELISTED))
+            val sortAttribute = SortAttribute.Standard(Sort.VaultStateAttribute.CONSTRAINT_TYPE)
+            val sorter = Sort(setOf(Sort.SortColumn(sortAttribute, Sort.Direction.ASC)))
+            val constraintResults = vaultService.queryBy<LinearState>(constraintTypeCriteria, sorter)
+            // DOCEND VaultQueryExample30
+            assertThat(constraintResults.states).hasSize(3)
+
+            // search for states with [Vault.ConstraintInfo.Type] = SIGNATURE
+            val constraintTypeCriteria4 = VaultQueryCriteria(constraintTypes = setOf(SIGNATURE))
+            val constraintResults4 = vaultService.queryBy<LinearState>(constraintTypeCriteria4)
+            assertThat(constraintResults4.states).hasSize(2)
+            assertThat(constraintResults4.states.map { it.state.constraint }).containsAll(listOf(constraintSignature, constraintSignatureCompositeKey))
+
+            // search for states with [Vault.ConstraintInfo.Type] = SIGNATURE or CZ_WHITELISED
+            val constraintTypeCriteria5 = VaultQueryCriteria(constraintTypes = setOf(SIGNATURE, CZ_WHITELISTED))
+            val constraintResults5 = vaultService.queryBy<LinearState>(constraintTypeCriteria5)
+            assertThat(constraintResults5.states).hasSize(3)
+        }
+    }
+
+    @Test
+    fun `query by contract states constraint type and data`() {
+        database.transaction {
+            // insert states with different constraint types
+            vaultFiller.fillWithSomeTestLinearStates(1).states.first().state.constraint
+            val alwaysAcceptConstraint = vaultFiller.fillWithSomeTestLinearStates(1, constraint = AlwaysAcceptAttachmentConstraint).states.first().state.constraint
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = WhitelistedByZoneAttachmentConstraint)
+            // hash constraint
+            val linearStateHash = vaultFiller.fillWithSomeTestLinearStates(1, constraint = HashAttachmentConstraint(SecureHash.randomSHA256()))
+            val constraintHash = linearStateHash.states.first().state.constraint as HashAttachmentConstraint
+            // signature constraint (single key)
+            val linearStateSignature = vaultFiller.fillWithSomeTestLinearStates(1, constraint = SignatureAttachmentConstraint(alice.publicKey))
+            val constraintSignature = linearStateSignature.states.first().state.constraint as SignatureAttachmentConstraint
+            // signature constraint (composite key)
+            val compositeKey = CompositeKey.Builder().addKeys(alice.publicKey, bob.publicKey, charlie.publicKey, bankOfCorda.publicKey, bigCorp.publicKey, megaCorp.publicKey, miniCorp.publicKey, cashNotary.publicKey, dummyNotary.publicKey, dummyCashIssuer.publicKey).build()
+            val linearStateSignatureCompositeKey = vaultFiller.fillWithSomeTestLinearStates(1, constraint = SignatureAttachmentConstraint(compositeKey))
+            val constraintSignatureCompositeKey = linearStateSignatureCompositeKey.states.first().state.constraint as SignatureAttachmentConstraint
+
+            // default Constraint Type is ALL
+            val results = vaultService.queryBy<LinearState>()
+            assertThat(results.states).hasSize(6)
+
+            // search for states with AlwaysAcceptAttachmentConstraint
+            val constraintCriteria1 = VaultQueryCriteria(constraints = setOf(Vault.ConstraintInfo(AlwaysAcceptAttachmentConstraint)))
+            val constraintResults1 = vaultService.queryBy<LinearState>(constraintCriteria1)
+            assertThat(constraintResults1.states).hasSize(1)
+            assertThat(constraintResults1.states.first().state.constraint).isEqualTo(alwaysAcceptConstraint)
+
+            // search for states for a specific HashAttachmentConstraint
+            val constraintsCriteria2 = VaultQueryCriteria(constraints = setOf(Vault.ConstraintInfo(constraintHash)))
+            val constraintResults2 = vaultService.queryBy<LinearState>(constraintsCriteria2)
+            assertThat(constraintResults2.states).hasSize(1)
+            assertThat(constraintResults2.states.first().state.constraint).isEqualTo(constraintHash)
+
+            // search for states with a specific SignatureAttachmentConstraint constraint
+            val constraintCriteria3 = VaultQueryCriteria(constraints = setOf(Vault.ConstraintInfo(constraintSignatureCompositeKey)))
+            val constraintResults3 = vaultService.queryBy<LinearState>(constraintCriteria3)
+            assertThat(constraintResults3.states).hasSize(1)
+            assertThat(constraintResults3.states.first().state.constraint).isEqualTo(constraintSignatureCompositeKey)
+
+            // search for states for given set of mixed constraint types
+            // DOCSTART VaultQueryExample31
+            val constraintCriteria = VaultQueryCriteria(constraints = setOf(Vault.ConstraintInfo(constraintSignature),
+                    Vault.ConstraintInfo(constraintSignatureCompositeKey), Vault.ConstraintInfo(constraintHash)))
+            val constraintResults = vaultService.queryBy<LinearState>(constraintCriteria)
+            // DOCEND VaultQueryExample31
+            assertThat(constraintResults.states).hasSize(3)
+            assertThat(constraintResults.states.map { it.state.constraint }).containsAll(listOf(constraintHash, constraintSignature, constraintSignatureCompositeKey))
+
+            // exercise enriched query
+
+            // Base criteria
+            val baseCriteria = VaultQueryCriteria(constraints = setOf(Vault.ConstraintInfo(AlwaysAcceptAttachmentConstraint)))
+
+            // Enrich and override QueryCriteria with additional default attributes
+            val enrichedCriteria = VaultQueryCriteria(constraints = setOf(Vault.ConstraintInfo(constraintSignature)))
+
+            // Execute query
+            val enrichedResults = services.vaultService.queryBy<LinearState>(baseCriteria and enrichedCriteria).states
+            assertThat(enrichedResults).hasSize(2)
+            assertThat(enrichedResults.map { it.state.constraint }).containsAll(listOf(constraintSignature, alwaysAcceptConstraint))
+        }
+    }
+
     @Test
     fun `consumed states`() {
         database.transaction {
@@ -2211,6 +2331,33 @@ abstract class VaultQueryTestsBase : VaultQueryParties {
         }
     }
 
+    @Test
+    fun `sorted, enriched and overridden composite query with constraints handles defaults correctly`() {
+        database.transaction {
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = WhitelistedByZoneAttachmentConstraint)
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = SignatureAttachmentConstraint(alice.publicKey))
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = HashAttachmentConstraint( SecureHash.randomSHA256()))
+            vaultFiller.fillWithSomeTestLinearStates(1, constraint = AlwaysAcceptAttachmentConstraint)
+
+            // Base criteria
+            val baseCriteria = VaultQueryCriteria(constraintTypes = setOf(ALWAYS_ACCEPT))
+
+            // Enrich and override QueryCriteria with additional default attributes (contract constraints)
+            val enrichedCriteria = VaultQueryCriteria(constraintTypes = setOf(SIGNATURE, HASH, ALWAYS_ACCEPT)) // enrich
+
+            // Sorting
+            val sortAttribute = SortAttribute.Standard(Sort.VaultStateAttribute.CONSTRAINT_TYPE)
+            val sorter = Sort(setOf(Sort.SortColumn(sortAttribute, Sort.Direction.ASC)))
+
+            // Execute query
+            val results = services.vaultService.queryBy<LinearState>(baseCriteria and enrichedCriteria, sorter).states
+            assertThat(results).hasSize(3)
+            assertThat(results[0].state.constraint is AlwaysAcceptAttachmentConstraint)
+            assertThat(results[1].state.constraint is HashAttachmentConstraint)
+            assertThat(results[2].state.constraint is SignatureAttachmentConstraint)
+        }
+    }
+
     @Test
     fun unconsumedCashStatesForSpending_single_issuer_reference() {
         database.transaction {
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/vault/VaultFiller.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/vault/VaultFiller.kt
index f5ae1f852a..eb46690305 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/vault/VaultFiller.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/vault/VaultFiller.kt
@@ -102,7 +102,8 @@ class VaultFiller @JvmOverloads constructor(
                                      linearString: String = "",
                                      linearNumber: Long = 0L,
                                      linearBoolean: Boolean = false,
-                                     linearTimestamp: Instant = now()): Vault<LinearState> {
+                                     linearTimestamp: Instant = now(),
+                                     constraint: AttachmentConstraint = AutomaticHashConstraint): Vault<LinearState> {
         val myKey: PublicKey = services.myInfo.chooseIdentity().owningKey
         val me = AnonymousParty(myKey)
         val issuerKey = defaultNotary.keyPair
@@ -116,7 +117,8 @@ class VaultFiller @JvmOverloads constructor(
                         linearString = linearString,
                         linearNumber = linearNumber,
                         linearBoolean = linearBoolean,
-                        linearTimestamp = linearTimestamp), DUMMY_LINEAR_CONTRACT_PROGRAM_ID)
+                        linearTimestamp = linearTimestamp), DUMMY_LINEAR_CONTRACT_PROGRAM_ID,
+                        constraint = constraint)
                 addCommand(dummyCommand())
             }
             return@map services.signInitialTransaction(dummyIssue).withAdditionalSignature(issuerKey, signatureMetadata)

From 3110c758474e26ddb30e2c03b957680ace2cb6db Mon Sep 17 00:00:00 2001
From: josecoll <jose.coll@r3cev.com>
Date: Wed, 3 Oct 2018 13:41:52 +0100
Subject: [PATCH 09/83] =?UTF-8?q?Network=20bootstrapper=20tool:=20optional?=
 =?UTF-8?q?=20configuration=20setting=20to=20specify=20the=20minimum=20pla?=
 =?UTF-8?q?t=E2=80=A6=20(#4005)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Provide an optional configuration setting to specify the minimum platform version to use in the network params file.

* Leave Cordform signature intact.

* Leave previous Gradle Plugin called signature intact.

* Incorporating feedback from PR review.

* Added minimum platform version validation check.

* Removed final 2 references to "default"

* Added changelog entry.
---
 docs/source/changelog.rst                     |  2 ++
 .../internal/network/NetworkBootstrapper.kt   | 28 +++++++++++++------
 .../network/NetworkBootstrapperTest.kt        |  3 +-
 .../kotlin/net/corda/bootstrapper/Main.kt     |  6 +++-
 4 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index 3017257931..9b3e3bb571 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -7,6 +7,8 @@ release, see :doc:`upgrade-notes`.
 Unreleased
 ----------
 
+* Introduced new optional network bootstrapper command line option (--minimum-platform-version) to set as a network parameter
+
 * Introduce minimum and target platform version for CorDapps.
 
 * Vault storage of contract state constraints metadata and associated vault query functions to retrieve and sort by constraint type.
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
index 0a80988f27..49d0704c84 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
@@ -162,16 +162,23 @@ internal constructor(private val initSerEnv: Boolean,
     }
 
     /** Entry point for the tool */
-    fun bootstrap(directory: Path, copyCordapps: Boolean) {
+    fun bootstrap(directory: Path, copyCordapps: Boolean, minimumPlatformVersion: Int) {
+        require(minimumPlatformVersion <= PLATFORM_VERSION) { "Minimum platform version cannot be greater than $PLATFORM_VERSION" }
         // Don't accidently include the bootstrapper jar as a CorDapp!
         val bootstrapperJar = javaClass.location.toPath()
         val cordappJars = directory.list { paths ->
             paths.filter { it.toString().endsWith(".jar") && !it.isSameAs(bootstrapperJar) && it.fileName.toString() != "corda.jar" }.toList()
         }
-        bootstrap(directory, cordappJars, copyCordapps, fromCordform = false)
+        bootstrap(directory, cordappJars, copyCordapps, fromCordform = false, minimumPlatformVersion = minimumPlatformVersion)
     }
 
-    private fun bootstrap(directory: Path, cordappJars: List<Path>, copyCordapps: Boolean, fromCordform: Boolean) {
+    private fun bootstrap(
+            directory: Path,
+            cordappJars: List<Path>,
+            copyCordapps: Boolean,
+            fromCordform: Boolean,
+            minimumPlatformVersion: Int = PLATFORM_VERSION
+    ) {
         directory.createDirectories()
         println("Bootstrapping local test network in $directory")
         if (!fromCordform) {
@@ -210,7 +217,7 @@ internal constructor(private val initSerEnv: Boolean,
             val notaryInfos = gatherNotaryInfos(nodeInfoFiles, configs)
             println("Generating contract implementations whitelist")
             val newWhitelist = generateWhitelist(existingNetParams, readExcludeWhitelist(directory), cordappJars.filter { !isSigned(it) }.map(contractsJarConverter))
-            val newNetParams = installNetworkParameters(notaryInfos, newWhitelist, existingNetParams, nodeDirs)
+            val newNetParams = installNetworkParameters(notaryInfos, newWhitelist, existingNetParams, nodeDirs, minimumPlatformVersion)
             if (newNetParams != existingNetParams) {
                 println("${if (existingNetParams == null) "New" else "Updated"} $newNetParams")
             } else {
@@ -337,10 +344,13 @@ internal constructor(private val initSerEnv: Boolean,
         throw IllegalStateException(msg.toString())
     }
 
-    private fun installNetworkParameters(notaryInfos: List<NotaryInfo>,
-                                         whitelist: Map<String, List<AttachmentId>>,
-                                         existingNetParams: NetworkParameters?,
-                                         nodeDirs: List<Path>): NetworkParameters {
+    private fun installNetworkParameters(
+            notaryInfos: List<NotaryInfo>,
+            whitelist: Map<String, List<AttachmentId>>,
+            existingNetParams: NetworkParameters?,
+            nodeDirs: List<Path>,
+            minimumPlatformVersion: Int
+    ): NetworkParameters {
         // TODO Add config for minimumPlatformVersion, maxMessageSize and maxTransactionSize
         val netParams = if (existingNetParams != null) {
             if (existingNetParams.whitelistedContractImplementations == whitelist && existingNetParams.notaries == notaryInfos) {
@@ -355,7 +365,7 @@ internal constructor(private val initSerEnv: Boolean,
             }
         } else {
             NetworkParameters(
-                    minimumPlatformVersion = 4,
+                    minimumPlatformVersion = minimumPlatformVersion,
                     notaries = notaryInfos,
                     modifiedTime = Instant.now(),
                     maxMessageSize = 10485760,
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt
index 0b265171e6..1871ea553f 100644
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt
@@ -11,6 +11,7 @@ import net.corda.core.serialization.serialize
 import net.corda.node.services.config.NotaryConfig
 import net.corda.nodeapi.internal.DEV_ROOT_CA
 import net.corda.nodeapi.internal.NODE_INFO_DIRECTORY
+import net.corda.nodeapi.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.SignedNodeInfo
 import net.corda.nodeapi.internal.config.parseAs
 import net.corda.nodeapi.internal.config.toConfig
@@ -217,7 +218,7 @@ class NetworkBootstrapperTest {
 
     private fun bootstrap(copyCordapps: Boolean = true) {
         providedCordaJar = (rootDir / "corda.jar").let { if (it.exists()) it.readAll() else null }
-        bootstrapper.bootstrap(rootDir, copyCordapps)
+        bootstrapper.bootstrap(rootDir, copyCordapps, PLATFORM_VERSION)
     }
 
     private fun createNodeConfFile(nodeDirName: String, config: FakeNodeConfig) {
diff --git a/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt b/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
index 09e6ca9972..9d382516fa 100644
--- a/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
+++ b/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
@@ -2,6 +2,7 @@ package net.corda.bootstrapper
 
 import net.corda.cliutils.CordaCliWrapper
 import net.corda.cliutils.start
+import net.corda.nodeapi.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.network.NetworkBootstrapper
 import picocli.CommandLine.Option
 import java.nio.file.Path
@@ -24,8 +25,11 @@ class NetworkBootstrapperRunner : CordaCliWrapper("bootstrapper", "Bootstrap a l
     @Option(names = ["--no-copy"], description = ["""Don't copy the CorDapp JARs into the nodes' "cordapps" directories."""])
     private var noCopy: Boolean = false
 
+    @Option(names = ["--minimum-platform-version"], description = ["The minimumPlatformVersion to use in the network-parameters"])
+    private var minimumPlatformVersion = PLATFORM_VERSION
+
     override fun runProgram(): Int {
-        NetworkBootstrapper().bootstrap(dir.toAbsolutePath().normalize(), copyCordapps = !noCopy)
+        NetworkBootstrapper().bootstrap(dir.toAbsolutePath().normalize(), copyCordapps = !noCopy, minimumPlatformVersion = minimumPlatformVersion)
         return 0 //exit code
     }
 }
\ No newline at end of file

From 6f241b69fc9955bfa4850ad893a30d43191ef144 Mon Sep 17 00:00:00 2001
From: Michele Sollecito <michele.sollecito@gmail.com>
Date: Wed, 3 Oct 2018 17:24:03 +0200
Subject: [PATCH 10/83] [CORDA-2064]: Add "extraNetworkMapKeys" to node startup
 log. (#4021)

---
 node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 681d7ad264..74f3b0f40f 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -378,7 +378,11 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         if (agentProperties.containsKey("sun.jdwp.listenerAddress")) {
             logger.info("Debug port: ${agentProperties.getProperty("sun.jdwp.listenerAddress")}")
         }
-        logger.info("Starting as node on ${conf.p2pAddress}")
+        var nodeStartedMessage = "Starting as node on ${conf.p2pAddress}"
+        if (conf.extraNetworkMapKeys.isNotEmpty()) {
+            nodeStartedMessage = "$nodeStartedMessage with additional Network Map keys ${conf.extraNetworkMapKeys.joinToString(prefix = "[", postfix = "]", separator = ", ")}"
+        }
+        logger.info(nodeStartedMessage)
     }
 
     protected open fun registerWithNetwork(conf: NodeConfiguration, versionInfo: VersionInfo, nodeRegistrationConfig: NodeRegistrationOption) {

From 8629316dd1f80fbecc4aaf087441aa368b0dbad3 Mon Sep 17 00:00:00 2001
From: Michele Sollecito <michele.sollecito@gmail.com>
Date: Wed, 3 Oct 2018 17:27:04 +0200
Subject: [PATCH 11/83] [CORDA-2021]: Error message in log when
 keyStorePassword is incorrect is not accurately describing the problem
 (fixed). (#4022)

---
 .../net/corda/node/internal/AbstractNode.kt     | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 2391cf7fca..3c0be454c7 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -723,9 +723,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             val identitiesKeyStore = configuration.signingCertificateStore.get()
             val trustStore = configuration.p2pSslOptions.trustStore.get()
             AllCertificateStores(trustStore, sslKeyStore, identitiesKeyStore)
-        } catch (e: KeyStoreException) {
-            log.warn("At least one of the keystores or truststore passwords does not match configuration.")
-            null
         } catch (e: IOException) {
             log.error("IO exception while trying to validate keystores and truststore", e)
             null
@@ -736,11 +733,15 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
 
     private fun validateKeyStores(): X509Certificate {
         // Step 1. Check trustStore, sslKeyStore and identitiesKeyStore exist.
-        val certStores = requireNotNull(getCertificateStores()) {
-            "One or more keyStores (identity or TLS) or trustStore not found. " +
-                    "Please either copy your existing keys and certificates from another node, " +
-                    "or if you don't have one yet, fill out the config file and run corda.jar --initial-registration. " +
-                    "Read more at: https://docs.corda.net/permissioning.html"
+        val certStores = try {
+            requireNotNull(getCertificateStores()) {
+                "One or more keyStores (identity or TLS) or trustStore not found. " +
+                        "Please either copy your existing keys and certificates from another node, " +
+                        "or if you don't have one yet, fill out the config file and run corda.jar --initial-registration. " +
+                        "Read more at: https://docs.corda.net/permissioning.html"
+            }
+        } catch (e: KeyStoreException) {
+            throw IllegalArgumentException("At least one of the keystores or truststore passwords does not match configuration.")
         }
         // Step 2. Check that trustStore contains the correct key-alias entry.
         require(CORDA_ROOT_CA in certStores.trustStore) {

From 3cf1450fc1839a7fbf134f75b3b95004367cdce1 Mon Sep 17 00:00:00 2001
From: Michele Sollecito <michele.sollecito@gmail.com>
Date: Wed, 3 Oct 2018 18:16:07 +0200
Subject: [PATCH 12/83] [CORDA-2066]: `setting-up-a-corda-network` docs file is
 misleading (fixed). (#4025)

---
 docs/source/corda-networks-index.rst       |   2 +-
 docs/source/corda-test-networks.rst        |  77 +++++++++
 docs/source/setting-up-a-corda-network.rst | 190 ---------------------
 3 files changed, 78 insertions(+), 191 deletions(-)
 create mode 100644 docs/source/corda-test-networks.rst
 delete mode 100644 docs/source/setting-up-a-corda-network.rst

diff --git a/docs/source/corda-networks-index.rst b/docs/source/corda-networks-index.rst
index 67f544d69c..d1bf86f03e 100644
--- a/docs/source/corda-networks-index.rst
+++ b/docs/source/corda-networks-index.rst
@@ -5,7 +5,7 @@ Networks
    :maxdepth: 1
 
    joining-a-network
-   setting-up-a-corda-network
+   corda-test-networks
    running-a-notary
    permissioning
    network-map
diff --git a/docs/source/corda-test-networks.rst b/docs/source/corda-test-networks.rst
new file mode 100644
index 0000000000..f5c2991fcf
--- /dev/null
+++ b/docs/source/corda-test-networks.rst
@@ -0,0 +1,77 @@
+.. _log4j2: http://logging.apache.org/log4j/2.x/
+
+Corda networks
+==============
+
+A Corda network consists of a number of machines running nodes. These nodes communicate using persistent protocols in
+order to create and validate transactions.
+
+There are three broader categories of functionality one such node may have. These pieces of functionality are provided
+as services, and one node may run several of them.
+
+* Notary: Nodes running a notary service witness state spends and have the final say in whether a transaction is a
+  double-spend or not
+* Oracle: Network services that link the ledger to the outside world by providing facts that affect the validity of
+  transactions
+* Regular node: All nodes have a vault and may start protocols communicating with other nodes, notaries and oracles and
+  evolve their private ledger
+
+Bootstrap your own test network
+-------------------------------
+
+Certificates
+~~~~~~~~~~~~
+
+Every node in a given Corda network must have an identity certificate signed by the network's root CA. See
+:doc:`permissioning` for more information.
+
+Configuration
+~~~~~~~~~~~~~
+
+A node can be configured by adding/editing ``node.conf`` in the node's directory. For details see :doc:`corda-configuration-file`.
+
+An example configuration:
+
+.. literalinclude:: example-code/src/main/resources/example-node.conf
+:language: cfg
+
+      The most important fields regarding network configuration are:
+
+      * ``p2pAddress``: This specifies a host and port to which Artemis will bind for messaging with other nodes. Note that the
+  address bound will **NOT** be ``my-corda-node``, but rather ``::`` (all addresses on all network interfaces). The hostname specified
+  is the hostname *that must be externally resolvable by other nodes in the network*. In the above configuration this is the
+  resolvable name of a machine in a VPN.
+* ``rpcAddress``: The address to which Artemis will bind for RPC calls.
+* ``webAddress``: The address the webserver should bind. Note that the port must be distinct from that of ``p2pAddress`` and ``rpcAddress`` if they are on the same machine.
+
+Starting the nodes
+~~~~~~~~~~~~~~~~~~
+
+You will first need to create the local network by bootstrapping it with the bootstrapper. Details of how to do that
+can be found in :doc:`network-bootstrapper`.
+
+Once that's done you may now start the nodes in any order. You should see a banner, some log lines and eventually
+``Node started up and registered``, indicating that the node is fully started.
+
+.. TODO: Add a better way of polling for startup. A programmatic way of determining whether a node is up is to check whether it's ``webAddress`` is bound.
+
+In terms of process management there is no prescribed method. You may start the jars by hand or perhaps use systemd and friends.
+
+Logging
+~~~~~~~
+
+Only a handful of important lines are printed to the console. For
+details/diagnosing problems check the logs.
+
+Logging is standard log4j2_ and may be configured accordingly. Logs
+are by default redirected to files in ``NODE_DIRECTORY/logs/``.
+
+Connecting to the nodes
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Once a node has started up successfully you may connect to it as a client to initiate protocols/query state etc.
+Depending on your network setup you may need to tunnel to do this remotely.
+
+See the :doc:`tutorial-clientrpc-api` on how to establish an RPC link.
+
+Sidenote: A client is always associated with a single node with a single identity, which only sees their part of the ledger.
diff --git a/docs/source/setting-up-a-corda-network.rst b/docs/source/setting-up-a-corda-network.rst
deleted file mode 100644
index 320cca5f0d..0000000000
--- a/docs/source/setting-up-a-corda-network.rst
+++ /dev/null
@@ -1,190 +0,0 @@
-.. _log4j2: http://logging.apache.org/log4j/2.x/
-
-Setting up a Corda network
-==========================
-
-.. contents::
-
-Bootstrapping a development network
------------------------------------
-
-When testing CorDapps during development, you should use the :doc:`bootstrapper tool <network-bootstrapper>` to create
-a local test network.
-
-Creating your own compatibility zone
-------------------------------------
-
-This section documents how to implement your own doorman and network map servers, which is the basic process required to
-create a dedicated zone. At this time we do not provide tooling to do this, because the needs of each zone are different
-and no generic, configurable doorman codebase has been written.
-
-Do you need a zone?
-^^^^^^^^^^^^^^^^^^^
-
-Think twice before going down this route:
-
-1. It isn't necessary for testing.
-2. It isn't necessary for adding another layer of permissioning or 'know your customer' requirements onto your app.
-
-**Testing.** Creating a production-ready zone isn't necessary for testing as you can use the :doc:`network bootstrapper <network-bootstrapper>`
-tool to create all the certificates, keys, and distribute the needed map files to run many nodes. The bootstrapper can
-create a network locally on your desktop/laptop but it also knows how to automate cloud providers via their APIs and
-using Docker. In this way you can bring up a simulation of a real Corda network with different nodes on different
-machines in the cloud for your own testing. Testing this way has several advantages, most obviously that you avoid
-race conditions in your tests caused by nodes/tests starting before all map data has propagated to all nodes.
-You can read more about the reasons for the creation of the bootstrapper tool
-`in a blog post on the design thinking behind Corda's network map infrastructure <https://medium.com/corda/cordas-new-network-map-infrastructure-8c4c248fd7f3>`__.
-
-**Permissioning.** And creating a zone is also unnecessary for imposing permissioning requirements beyond that of the
-base Corda network. You can control who can use your app by creating a *business network*. A business network is what we
-call a coalition of nodes that have chosen to run a particular app within a given commercial context. Business networks
-aren't represented in the Corda API at this time, partly because the technical side is so simple. You can create one
-via a simple three step process:
-
-1. Distribute a list of X.500 names that are members of your business network, e.g. a simple way to do this is by
-   hosting a text file with one name per line on your website at a fixed HTTPS URL. You could also write a simple
-   request/response flow that serves the list over the Corda protocol itself, although this requires the business
-   network to have a node for itself.
-2. Write a bit of code that downloads and caches the contents of this file on disk, and which loads it into memory in
-   the node. A good place to do this is in a class annotated with ``@CordaService``, because this class can expose
-   a ``Set<Party>`` field representing the membership of your service.
-3. In your flows use ``serviceHub.findService`` to get a reference to your ``@CordaService`` class, read the list of
-   members and at the start of each flow, throw a FlowException if the counterparty isn't in the membership list.
-
-In this way you can impose a centrally controlled ACL that all members will collectively enforce.
-
-.. note:: A production-ready Corda network and a new iteration of the testnet will be available soon.
-
-Why create your own zone?
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The primary reason to create a zone and provide the associated infrastructure is control over *network parameters*. These
-are settings that control Corda's operation, and on which all users in a network must agree. Failure to agree would create
-the Corda equivalent of a blockchain "hard fork". Parameters control things like the root of identity,
-how quickly users should upgrade, how long nodes can be offline before they are evicted from the system and so on.
-
-Creating a zone involves the following steps:
-
-1. Create the zone private keys and certificates. This procedure is conventional and no special knowledge is required:
-   any self-signed set of certificates can be used. A professional quality zone will probably keep the keys inside a
-   hardware security module (as the main Corda network and test networks do).
-2. Write a network map server.
-3. Optionally, create a doorman server.
-4. Finally, you would select and generate your network parameter file.
-
-Writing a network map server
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This server implements a simple HTTP based protocol described in the ":doc:`network-map`" page.
-The map server is responsible for gathering NodeInfo files from nodes, storing them, and distributing them back to the
-nodes in the zone. By doing this it is also responsible for choosing who is in and who is out: having a signed
-identity certificate is not enough to be a part of a Corda zone, you also need to be listed in the network map.
-It can be thought of as a DNS equivalent. If you want to de-list a user, you would do it here.
-
-It is very likely that your map server won't be entirely standalone, but rather, integrated with whatever your master
-user database is.
-
-The network map server also distributes signed network parameter files and controls the roll-out schedule for when they
-become available for download and opt-in, and when they become enforced. This is again a policy decision you will
-probably choose to place some simple UI or workflow tooling around, in particular to enforce restrictions on who can
-edit the map or the parameters.
-
-Writing a doorman server
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-This step is optional because your users can obtain a signed certificate in many different ways. The doorman protocol
-is again a very simple HTTP based approach in which a node creates keys and requests a certificate, polling until it
-gets back what it expects. However, you could also integrate this process with the rest of your signup process. For example,
-by building a tool that's integrated with your payment flow (if payment is required to take part in your zone at all).
-Alternatively you may wish to distribute USB smartcard tokens that generate the private key on first use, as is typically
-seen in national PKIs. There are many options.
-
-If you do choose to make a doorman server, the bulk of the code you write will be workflow related. For instance,
-related to keeping track of an applicant as they proceed through approval. You should also impose any naming policies
-you have in the doorman process. If names are meant to match identities registered in government databases then that
-should be enforced here, alternatively, if names can be self-selected or anonymous, you would only bother with a
-deduplication check. Again it will likely be integrated with a master user database.
-
-Corda does not currently provide a doorman or network map service out of the box, partly because when stripped of the
-zone specific policy there isn't much to them: just a basic HTTP server that most programmers will have favourite
-frameworks for anyway.
-
-The protocol is:
-
-* If $URL = ``https://some.server.com/some/path``
-* Node submits a PKCS#10 certificate signing request using HTTP POST to ``$URL/certificate``. It will have a MIME
-  type of ``application/octet-stream``. The ``Platform-Version`` header is set to be "1.0" and the ``Client-Version`` header to reflect the node software version
-* The server returns an opaque string that references this request (let's call it ``$requestid``, or an HTTP error if something went wrong
-* The returned request ID should be persisted to disk, to handle zones where approval may take a long time due to manual
-  intervention being required
-* The node starts polling ``$URL/$requestid`` using HTTP GET. The poll interval can be controlled by the server returning
-  a response with a ``Cache-Control`` header
-* If the request is answered with a ``200 OK`` response, the body is expected to be a zip file. Each file is expected to
-  be a binary X.509 certificate, and the certs are expected to be in order
-* If the request is answered with a ``204 No Content`` response, the node will try again later
-* If the request is answered with a ``403 Not Authorized`` response, the node will treat that as request rejection and give up
-* Other response codes will cause the node to abort with an exception
-
-You can use any standard key tools to create the required key pairs and certificates. The ``X509Utilities`` class in the
-`Corda repository
-<https://github.com/corda/corda/blob/master/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt>`__
-shows how to generate the required key pairs and certificates using Bouncy Castle.
-
-Setting zone parameters
-^^^^^^^^^^^^^^^^^^^^^^^
-
-Zone parameters are stored in a file containing a Corda AMQP serialised ``SignedDataWithCert<NetworkParameters>``
-object. It is easy to create such a file with a small Java or Kotlin program. The ``NetworkParameters`` object is a
-simple data holder that could be read from e.g. a config file, or settings from a database. Signing and saving the
-resulting file is just a few lines of code. A full example can be found in `NetworkParametersCopier.kt
-<https://github.com/corda/corda/blob/master/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkParametersCopier.kt>`__,
-but a flavour of it looks like this:
-
-.. container:: codeset
-
-   .. sourcecode:: java
-
-      NetworkParameters networkParameters = new NetworkParameters(
-                4,                        // minPlatformVersion
-                Collections.emptyList(),  // notaries
-                1024 * 1024 * 20,         // maxMessageSize
-                1024 * 1024 * 15,         // maxTransactionSize
-                Instant.now(),            // modifiedTime
-                2,                        // epoch
-                Collections.emptyMap()    // whitelist
-      );
-      CertificateAndKeyPair signingCertAndKeyPair = loadNetworkMapCA();
-      SerializedBytes<SignedDataWithCert<NetworkParameters>> bytes = SerializedBytes.from(netMapCA.sign(networkParameters));
-      Files.copy(bytes.open(), Paths.get("params-file"));
-
-   .. sourcecode:: kotlin
-
-      val networkParameters = NetworkParameters(
-         minimumPlatformVersion = 4,
-         notaries = listOf(...),
-         maxMessageSize = 1024 * 1024 * 20   // 20mb, for example.
-         maxTransactionSize = 1024 * 1024 * 15,
-         modifiedTime = Instant.now(),
-         epoch = 2,
-         ... etc ...
-      )
-      val signingCertAndKeyPair: CertificateAndKeyPair = loadNetworkMapCA()
-      val signedParams: SerializedBytes<SignedNetworkParameters> = signingCertAndKeyPair.sign(networkParameters).serialize()
-      signedParams.open().copyTo(Paths.get("/some/path"))
-
-Each individual parameter is documented in `the JavaDocs/KDocs for the NetworkParameters class
-<https://docs.corda.net/api/kotlin/corda/net.corda.core.node/-network-parameters/index.html>`__. The network map
-certificate is usually chained off the root certificate, and can be created according to the instructions above. Each
-time the zone parameters are changed, the epoch should be incremented. Epochs are essentially version numbers for the
-parameters, and they therefore cannot go backwards. Once saved, the new parameters can be served by the network map server.
-
-Selecting parameter values
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-How to choose the parameters? This is the most complex question facing you as a new zone operator. Some settings may seem
-straightforward and others may involve cost/benefit trade-offs specific to your business. For example, you could choose
-to run a validating notary yourself, in which case you would (in the absence of SGX) see all the users' data. Or you could
-run a non-validating notary, with BFT fault tolerance, which implies recruiting others to take part in the cluster.
-
-New network parameters will be added over time as Corda evolves. You will need to ensure that when your users upgrade,
-all the new network parameters are being served. You can ask for advice on the `corda-dev mailing list <https://groups.io/g/corda-dev>`__.
\ No newline at end of file

From febe737a7a7b23b27d71fab4f485c8b4016ca44a Mon Sep 17 00:00:00 2001
From: Joel Dudley <joel.dudley@r3cev.com>
Date: Thu, 4 Oct 2018 10:45:55 +0100
Subject: [PATCH 13/83] Updates homepage link. (#4027)

---
 docs/source/index.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/source/index.rst b/docs/source/index.rst
index ac64315eb6..9aaaeaaf73 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -14,7 +14,7 @@ follow our :doc:`quickstart guide </quickstart-index>`.
 
 If you want to start coding on Corda, then familiarise yourself with the :doc:`key concepts </key-concepts>`, then read
 our :doc:`Hello, World! tutorial </hello-world-introduction>`. For the background behind Corda, read the non-technical
-`introductory white paper`_ or for more detail, the `technical white paper`_.
+`platform white paper`_ or for more detail, the `technical white paper`_.
 
 If you have questions or comments, then get in touch on `Slack <https://slack.corda.net/>`_ or ask a question on
 `Stack Overflow <https://stackoverflow.com/questions/tagged/corda>`_ .
@@ -24,7 +24,7 @@ We look forward to seeing what you can do with Corda!
 .. note:: You can read this site offline. Either `download the PDF`_ or download the Corda source code, run ``gradle buildDocs`` and you will have
    a copy of this site in the ``docs/build/html`` directory.
 
-.. _`introductory white paper`: _static/corda-introductory-whitepaper.pdf
+.. _`platform white paper`: _static/corda-platform-whitepaper.pdf
 .. _`technical white paper`: _static/corda-technical-whitepaper.pdf
 .. _`download the PDF`: _static/corda-developer-site.pdf
 

From 5d03a03ec44f3160881b2ba104e9b16f69e0edff Mon Sep 17 00:00:00 2001
From: josecoll <jose.coll@r3cev.com>
Date: Thu, 4 Oct 2018 11:48:24 +0100
Subject: [PATCH 14/83] CORDA-2030 - ensure the correct kotlin runtime library
 is used to resolve `AutoCloseable` (#4028)

Fixes compatibility issue surfaced as "java.lang.NoClassDefFoundError: kotlin/jdk7/AutoCloseableKt"
---
 node/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/node/build.gradle b/node/build.gradle
index 3a344867a3..ff7be256dc 100644
--- a/node/build.gradle
+++ b/node/build.gradle
@@ -79,6 +79,7 @@ dependencies {
     compile "org.slf4j:jul-to-slf4j:$slf4j_version"
 
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+    runtime "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
     compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
     testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
 

From 064c72dfb14f9559eec5e91bbe5edf32a7c47e30 Mon Sep 17 00:00:00 2001
From: cburlinchon <chris.burlinchon@r3.com>
Date: Thu, 4 Oct 2018 11:55:18 +0100
Subject: [PATCH 15/83] ENT-2554: Add back hibernate dependency as required by
 explorer runDemoNodes (#4029)

---
 tools/explorer/build.gradle | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/tools/explorer/build.gradle b/tools/explorer/build.gradle
index fe52056591..e16e786058 100644
--- a/tools/explorer/build.gradle
+++ b/tools/explorer/build.gradle
@@ -11,13 +11,6 @@ processResources {
     from file("$rootDir/config/dev/log4j2.xml")
 }
 
-configurations {
-    compile {
-        // We don't need Hibernate just for its @Type annotation.
-        exclude group: 'org.hibernate', module: 'hibernate-core'
-    }
-}
-
 dependencies {
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
     testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"

From 85d2a85e8515be4be46abd80e7fe9603bcb21634 Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Thu, 4 Oct 2018 16:00:07 +0100
Subject: [PATCH 16/83] Safe parsing of min platform version and target version
 from CorDapp MANIFEST files (#4031)

Also includes some cleanup
---
 .../core/internal/cordapp/CordappImpl.kt      |  3 +-
 .../cordapp/JarScanningCordappLoader.kt       |  8 ++--
 .../node/internal/cordapp/ManifestUtils.kt    | 37 ++++++++++---------
 .../cordapp/JarScanningCordappLoaderTest.kt   | 28 ++++++--------
 4 files changed, 37 insertions(+), 39 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
index 38891ef254..2e1761afa8 100644
--- a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
@@ -42,8 +42,7 @@ data class CordappImpl(
     // TODO Why a seperate Info class and not just have the fields directly in CordappImpl?
     data class Info(val shortName: String, val vendor: String, val version: String, val minimumPlatformVersion: Int, val targetPlatformVersion: Int) {
         companion object {
-            private const val UNKNOWN_VALUE = "Unknown"
-
+            const val UNKNOWN_VALUE = "Unknown"
             val UNKNOWN = Info(UNKNOWN_VALUE, UNKNOWN_VALUE, UNKNOWN_VALUE, 1, 1)
         }
 
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index c691af76c7..96d1e4f435 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -112,10 +112,12 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
     )
 
     private fun loadCordapps(): List<CordappImpl> {
-        val cordapps = cordappJarPaths.map { scanCordapp(it).toCordapp(it) }
+        val cordapps = cordappJarPaths
+                .map { scanCordapp(it).toCordapp(it) }
                 .filter {
                     if (it.info.minimumPlatformVersion > versionInfo.platformVersion) {
-                        logger.warn("Not loading CorDapp ${it.info.shortName} (${it.info.vendor}) as it requires minimum platform version ${it.info.minimumPlatformVersion} (This node is running version ${versionInfo.platformVersion}).")
+                        logger.warn("Not loading CorDapp ${it.info.shortName} (${it.info.vendor}) as it requires minimum " +
+                                "platform version ${it.info.minimumPlatformVersion} (This node is running version ${versionInfo.platformVersion}).")
                         false
                     } else {
                         true
@@ -126,7 +128,7 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
     }
 
     private fun RestrictedScanResult.toCordapp(url: RestrictedURL): CordappImpl {
-        val info = url.url.openStream().let(::JarInputStream).use { it.manifest }.toCordappInfo(CordappImpl.jarName(url.url))
+        val info = url.url.openStream().let(::JarInputStream).use { it.manifest?.toCordappInfo(CordappImpl.jarName(url.url)) ?: CordappImpl.Info.UNKNOWN }
         return CordappImpl(
                 findContractClassNames(this),
                 findInitiatedFlows(this),
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt
index c71a5bf7cb..6e10661c86 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt
@@ -1,6 +1,7 @@
 package net.corda.node.internal.cordapp
 
 import net.corda.core.internal.cordapp.CordappImpl
+import net.corda.core.internal.cordapp.CordappImpl.Info.Companion.UNKNOWN_VALUE
 import java.util.jar.Attributes
 import java.util.jar.Manifest
 
@@ -23,23 +24,23 @@ fun createTestManifest(name: String, title: String, version: String, vendor: Str
     return manifest
 }
 
-operator fun Manifest.set(key: String, value: String) {
-    mainAttributes.putValue(key, value)
+operator fun Manifest.set(key: String, value: String): String? {
+    return mainAttributes.putValue(key, value)
 }
 
-fun Manifest?.toCordappInfo(defaultShortName: String): CordappImpl.Info {
-    var info = CordappImpl.Info.UNKNOWN
-    (this?.mainAttributes?.getValue("Name") ?: defaultShortName).let { shortName ->
-        info = info.copy(shortName = shortName)
-    }
-    this?.mainAttributes?.getValue("Implementation-Vendor")?.let { vendor ->
-        info = info.copy(vendor = vendor)
-    }
-    this?.mainAttributes?.getValue("Implementation-Version")?.let { version ->
-        info = info.copy(version = version)
-    }
-    val minPlatformVersion = this?.mainAttributes?.getValue("Min-Platform-Version")?.toInt() ?: 1
-    val targetPlatformVersion = this?.mainAttributes?.getValue("Target-Platform-Version")?.toInt() ?: minPlatformVersion
-    info = info.copy(minimumPlatformVersion = minPlatformVersion, targetPlatformVersion = targetPlatformVersion)
-    return info
-}
\ No newline at end of file
+operator fun Manifest.get(key: String): String? = mainAttributes.getValue(key)
+
+fun Manifest.toCordappInfo(defaultShortName: String): CordappImpl.Info {
+    val shortName = this["Name"] ?: defaultShortName
+    val vendor = this["Implementation-Vendor"] ?: UNKNOWN_VALUE
+    val version = this["Implementation-Version"] ?: UNKNOWN_VALUE
+    val minPlatformVersion = this["Min-Platform-Version"]?.toIntOrNull() ?: 1
+    val targetPlatformVersion = this["Target-Platform-Version"]?.toIntOrNull() ?: minPlatformVersion
+    return CordappImpl.Info(
+            shortName = shortName,
+            vendor = vendor,
+            version = version,
+            minimumPlatformVersion = minPlatformVersion,
+            targetPlatformVersion = targetPlatformVersion
+    )
+}
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
index e71786f8b6..927852e1e8 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
@@ -4,7 +4,6 @@ import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.flows.*
 import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
-import net.corda.nodeapi.internal.PLATFORM_VERSION
 import net.corda.testing.node.internal.cordappsForPackages
 import net.corda.testing.node.internal.getTimestampAsDirectoryName
 import net.corda.testing.node.internal.packageInDirectory
@@ -45,7 +44,7 @@ class JarScanningCordappLoaderTest {
     }
 
     @Test
-    fun `test that classes that aren't in cordapps aren't loaded`() {
+    fun `classes that aren't in cordapps aren't loaded`() {
         // Basedir will not be a corda node directory so the dummy flow shouldn't be recognised as a part of a cordapp
         val loader = JarScanningCordappLoader.fromDirectories(listOf(Paths.get(".")))
         assertThat(loader.cordapps).containsOnly(loader.coreCordapp)
@@ -56,10 +55,9 @@ class JarScanningCordappLoaderTest {
         val isolatedJAR = JarScanningCordappLoaderTest::class.java.getResource("isolated.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(isolatedJAR))
 
-        val actual = loader.cordapps.toTypedArray()
-        assertThat(actual).hasSize(2)
+        assertThat(loader.cordapps).hasSize(2)
 
-        val actualCordapp = actual.single { it != loader.coreCordapp }
+        val actualCordapp = loader.cordapps.single { it != loader.coreCordapp }
         assertThat(actualCordapp.contractClassNames).isEqualTo(listOf(isolatedContractId))
         assertThat(actualCordapp.initiatedFlows.single().name).isEqualTo("net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Acceptor")
         assertThat(actualCordapp.rpcFlows).isEmpty()
@@ -113,7 +111,7 @@ class JarScanningCordappLoaderTest {
     fun `cordapp classloader sets target and min version to 1 if not specified`() {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/no-min-or-target-version.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN)
-        loader.cordapps.filter { !it.info.shortName.equals("corda-core") }.forEach {
+        loader.cordapps.filter { it.info.shortName != "corda-core" }.forEach {
             assertThat(it.info.targetPlatformVersion).isEqualTo(1)
             assertThat(it.info.minimumPlatformVersion).isEqualTo(1)
         }
@@ -126,7 +124,7 @@ class JarScanningCordappLoaderTest {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN)
         // exclude the core cordapp
-        val cordapp = loader.cordapps.filter { it.cordappClasses.contains("net.corda.core.internal.cordapp.CordappImpl")}.single()
+        val cordapp = loader.cordapps.single { it.cordappClasses.contains("net.corda.core.internal.cordapp.CordappImpl") }
         assertThat(cordapp.info.targetPlatformVersion).isEqualTo(3)
         assertThat(cordapp.info.minimumPlatformVersion).isEqualTo(2)
     }
@@ -137,17 +135,17 @@ class JarScanningCordappLoaderTest {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-no-target.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN)
         // exclude the core cordapp
-        val cordapp = loader.cordapps.filter { it.cordappClasses.contains("net.corda.core.internal.cordapp.CordappImpl")}.single()
+        val cordapp = loader.cordapps.single { it.cordappClasses.contains("net.corda.core.internal.cordapp.CordappImpl") }
         assertThat(cordapp.info.targetPlatformVersion).isEqualTo(2)
         assertThat(cordapp.info.minimumPlatformVersion).isEqualTo(2)
     }
 
     @Test
-    fun `cordapp classloader does not load apps when their min platform version is greater than the platform version`() {
-        val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
+    fun `cordapp classloader does not load apps when their min platform version is greater than the node platform version`() {
+        val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-no-target.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 1))
         // exclude the core cordapp
-        assertThat(loader.cordapps.size).isEqualTo(1)
+        assertThat(loader.cordapps).hasSize(1)
     }
 
     @Test
@@ -155,7 +153,7 @@ class JarScanningCordappLoaderTest {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 1000))
         // exclude the core cordapp
-        assertThat(loader.cordapps.size).isEqualTo(2)
+        assertThat(loader.cordapps).hasSize(2)
     }
 
     @Test
@@ -163,11 +161,10 @@ class JarScanningCordappLoaderTest {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 2))
         // exclude the core cordapp
-        assertThat(loader.cordapps.size).isEqualTo(2)
+        assertThat(loader.cordapps).hasSize(2)
     }
 
-    private fun cordappLoaderForPackages(packages: Iterable<String>, versionInfo: VersionInfo = VersionInfo.UNKNOWN): CordappLoader {
-
+    private fun cordappLoaderForPackages(packages: Iterable<String>): CordappLoader {
         val cordapps = cordappsForPackages(packages)
         return testDirectory().let { directory ->
             cordapps.packageInDirectory(directory)
@@ -176,7 +173,6 @@ class JarScanningCordappLoaderTest {
     }
 
     private fun testDirectory(): Path {
-
         return Paths.get("build", getTimestampAsDirectoryName())
     }
 }

From 962e111389be6ec241c000bfde21c70154d01681 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@r3.com>
Date: Thu, 4 Oct 2018 17:44:24 +0200
Subject: [PATCH 17/83] Make the reference states design doc render better and
 more consistently with the other design docs.

---
 docs/source/design/reference-states/design.md | 84 +++----------------
 1 file changed, 10 insertions(+), 74 deletions(-)

diff --git a/docs/source/design/reference-states/design.md b/docs/source/design/reference-states/design.md
index 56e012499e..619bbdd094 100644
--- a/docs/source/design/reference-states/design.md
+++ b/docs/source/design/reference-states/design.md
@@ -1,42 +1,4 @@
-![Corda](https://www.corda.net/wp-content/uploads/2016/11/fg005_corda_b.png)
-
-# Design 
-
-DOCUMENT MANAGEMENT
----
-
-Design documents should follow the standard GitHub version management and pull request (PR) review workflow mechanism.
-
-## Document Control
-
-| Title                |                                          |
-| -------------------- | ---------------------------------------- |
-| Date                 | 27 March 2018                            |
-| Author               | Roger Willis                             |
-| Distribution         | Matthew Nesbit, Rick Parker              |
-| Corda target version | open source and enterprise               |
-| JIRA reference       | No JIRA's raised.                        |
-
-## Approvals
-
-#### Document Sign-off
-
-| Author            |                                          |
-| ----------------- | ---------------------------------------- |
-| Reviewer(s)       | (GitHub PR reviewers)                    |
-| Final approver(s) | (GitHub PR approver(s) from Design Approval Board) |
-
-#### Design Decisions
-
-There's only really one way to do this that satisfies our requirements - add a new input `StateAndRef` component group to the transaction classes. Other possible solutions are discussed below and why they are inappropriate.
-
-## Document History 
-
-* [Version 1](https://github.com/corda/enterprise/blob/779aaefa5c09a6a28191496dd45252b6e207b7f7/docs/source/design/reference-states/design.md) (Received comments from Richard Brown and Mark Oldfield).
-* [Version 2](https://github.com/corda/enterprise/blob/a87f1dcb22ba15081b0da92ba1501b6b81ae2baf/docs/source/design/reference-states/design.md) (Version presented to the DRB).
-
-HIGH LEVEL DESIGN
----
+# Reference states 
 
 ## Overview
 
@@ -44,13 +6,15 @@ See a prototype implementation here: https://github.com/corda/corda/pull/2889
 
 There is an increasing need for Corda to support use-cases which require reference data which is issued and updated by specific parties, but available for use, by reference, in transactions built by other parties.
 
-Why is this type of reference data required?
+Why is this type of reference data required? A key benefit of blockchain systems is that everybody is sure they see the
+same as their counterpart - and for this to work in situations where accurate processing depends on reference data
+requires everybody to be operating on the same reference data. This, in turn, requires any given piece of reference data
+to be uniquely identifiable and, requires that any given transaction must be certain to be operating on the most current
+version of that reference data. In cases where the latter condition applies, only the notary can attest to this fact and
+this, in turn, means the reference data must be in the form of an unconsumed state.
 
-1. A key benefit of blockchain systems is that everybody is sure they see the same as their counterpart - and for this to work in situations where accurate processing depends on reference data requires everybody to be operating on the same reference data.
-2. This, in turn, requires any given piece of reference data to be uniquely identifiable and, requires that any given transaction must be certain to be operating on the most current version of that reference data.
-3. In cases where the latter condition applies, only the notary can attest to this fact and this, in turn, means the reference data must be in the form of an unconsumed state.
-
-This document outlines the approach for adding support for this type of reference data to the Corda transaction model via a new approach called "reference input states".
+This document outlines the approach for adding support for this type of reference data to the Corda transaction model
+via a new approach called "reference input states".
 
 ## Background
 
@@ -71,16 +35,10 @@ However, neither of these solutions are optimal for reasons discussed in later s
 
 As such, this design document introduces the concept of a "reference input state" which is a better way to serve "periodically changing subjective reference data" on Corda.
 
-*What is a "reference input state"?*
-
 A reference input state is a `ContractState` which can be referred to in a transaction by the contracts of input and output states but whose contract is not executed as part of the transaction verification process and is not consumed when the transaction is committed to the ledger but _is_ checked for "current-ness". In other words, the contract logic isn't run for the referencing transaction only. It's still a normal state when it occurs in an input or output position.
 
-*What will reference input states enable?*
-
 Reference data states will enable many parties to "reuse" the same state in their transactions as reference data whilst still allowing the reference data state owner the capability to update the state. When data distribution groups are available then reference state owners will be able to distribute updates to subscribers more easily. Currently, distribution would have to be performed manually.
 
-*Roughly, how are reference input states implemented?*
-
 Reference input states can be added to Corda by adding a new transaction component group that allows developers to add reference data `ContractState`s that are not consumed when the transaction is committed to the ledger. This eliminates the problems created by long chains of provenance, contention, and allows developers to use any `ContractState` for reference data. The feature should allow developers to add _any_ `ContractState` available in their vault, even if they are not a `participant` whilst nevertheless providing a guarantee that the state being used is the most recent version of that piece of information.
 
 ## Scope
@@ -93,14 +51,6 @@ Non-goals (eg. out of scope)
 
 * Data distribution groups are required to realise the full potential of reference data states. This design document does not discuss data distribution groups.
 
-## Timeline
-
-This work should be ready by the release of Corda V4. There is a prototype which is currently good enough for one of the firm's most critical projects, but more work is required:
-
-* to assess the impact of this change
-* write tests
-* write documentation
-
 ## Requirements
 
 1. Reference states can be any `ContractState` created by one or more `Party`s and subsequently updated by those `Party`s. E.g. `Cash`, `CompanyData`, `InterestRateSwap`, `FxRate`. Reference states can be `OwnableState`s, but it's more likely they will be `LinearState`s.
@@ -222,18 +172,4 @@ It does the following:
 4. If the subflow throws a NotaryException because it tried to finalise and failed, that exception is caught and examined. If the failure was due to a conflict on a referenced state, the flow suspends until that state has been updated in the vault (there is an API to do wait for transaction already, but here the flow must wait for a state update).
 5. Then it re-does the initial calculation, re-creates the subflow with the new resolved tips using the factory, and re-runs it as a new subflow.
 
-Care must be taken to handle progress tracking correctly in case of loops.
-
-## Complementary solutions
-
-See discussion of alternative approaches above in the "design decisions" section.
-
-## Final recommendation
-
-Proceed to Implementation
-
-TECHNICAL DESIGN
----
-
-* Summary of changes to be included.
-* Summary of outstanding issues to be included.
\ No newline at end of file
+Care must be taken to handle progress tracking correctly in case of loops.
\ No newline at end of file

From bffac331a37666415b91c0780d811669885a5d48 Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Fri, 5 Oct 2018 09:28:00 +0100
Subject: [PATCH 18/83] Moved the PLATFORM_VERSION constant to core and added
 some missing usages (#4026)

---
 build.gradle                                     |  1 -
 .../net/corda/client/rpc/CordaRPCClient.kt       |  2 +-
 constants.properties                             |  6 ++++--
 .../kotlin/net/corda/core/internal/CordaUtils.kt |  2 ++
 .../kotlin/net/corda/core/NodeVersioningTest.kt  | 16 ++++------------
 .../corda/nodeapi/internal/NodeInfoConstants.kt  |  1 -
 .../internal/network/NetworkBootstrapperTest.kt  |  2 +-
 .../node/services/AttachmentLoadingTests.kt      |  1 -
 .../main/kotlin/net/corda/node/VersionInfo.kt    |  2 +-
 .../net/corda/node/internal/NodeStartup.kt       |  2 +-
 .../internal/cordapp/CordappProviderImplTests.kt |  1 -
 .../net/corda/testing/node/MockServices.kt       |  2 --
 .../corda/testing/node/internal/DriverDSLImpl.kt |  4 +---
 .../testing/node/internal/InternalMockNetwork.kt |  2 +-
 .../corda/testing/node/internal/NodeBasedTest.kt |  9 +++++----
 .../main/kotlin/net/corda/bootstrapper/Main.kt   |  2 +-
 16 files changed, 22 insertions(+), 33 deletions(-)

diff --git a/build.gradle b/build.gradle
index 233c8be5c1..36872b5fef 100644
--- a/build.gradle
+++ b/build.gradle
@@ -5,7 +5,6 @@ buildscript {
 
     // Our version: bump this on release.
     ext.corda_release_version = "4.0-SNAPSHOT"
-    // Increment this on any release that changes public APIs anywhere in the Corda platform
     ext.corda_platform_version = constants.getProperty("platformVersion")
     ext.gradle_plugins_version = constants.getProperty("gradlePluginsVersion")
 
diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
index 116e6baf84..db445caa55 100644
--- a/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
@@ -13,7 +13,7 @@ import net.corda.core.utilities.days
 import net.corda.core.utilities.minutes
 import net.corda.core.utilities.seconds
 import net.corda.nodeapi.internal.ArtemisTcpTransport.Companion.rpcConnectorTcpTransport
-import net.corda.nodeapi.internal.PLATFORM_VERSION
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.serialization.internal.AMQP_RPC_CLIENT_CONTEXT
 import java.time.Duration
 
diff --git a/constants.properties b/constants.properties
index 8d23d66503..d472994d01 100644
--- a/constants.properties
+++ b/constants.properties
@@ -1,7 +1,9 @@
 gradlePluginsVersion=4.0.29
 kotlinVersion=1.2.51
-# When adjusting platformVersion upwards please also modify CordaRPCClientConfiguration.minimumServerProtocolVersion \
-# if there have been any RPC changes. Also please modify InternalMockNetwork.kt:MOCK_VERSION_INFO and NodeBasedTest.startNode
+# ***************************************************************#
+# When incrementing platformVersion make sure to update          #
+# net.corda.core.internal.CordaUtilsKt.PLATFORM_VERSION as well. #
+# ***************************************************************#
 platformVersion=4
 guavaVersion=25.1-jre
 proguardVersion=6.0.3
diff --git a/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt b/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt
index 35ea7158ef..c7651da4cb 100644
--- a/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt
@@ -17,6 +17,8 @@ import org.slf4j.MDC
 
 // *Internal* Corda-specific utilities
 
+const val PLATFORM_VERSION = 4
+
 fun ServicesForResolution.ensureMinimumPlatformVersion(requiredMinPlatformVersion: Int, feature: String) {
     val currentMinPlatformVersion = networkParameters.minimumPlatformVersion
     if (currentMinPlatformVersion < requiredMinPlatformVersion) {
diff --git a/core/src/smoke-test/kotlin/net/corda/core/NodeVersioningTest.kt b/core/src/smoke-test/kotlin/net/corda/core/NodeVersioningTest.kt
index 20f7e8cbfd..e118fe0326 100644
--- a/core/src/smoke-test/kotlin/net/corda/core/NodeVersioningTest.kt
+++ b/core/src/smoke-test/kotlin/net/corda/core/NodeVersioningTest.kt
@@ -10,11 +10,9 @@ import net.corda.core.utilities.getOrThrow
 import net.corda.nodeapi.internal.config.User
 import net.corda.smoketesting.NodeConfig
 import net.corda.smoketesting.NodeProcess
-import net.corda.testing.common.internal.ProjectStructure
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
 import java.nio.file.Paths
-import java.util.*
 import java.util.concurrent.atomic.AtomicInteger
 import java.util.jar.JarFile
 import kotlin.streams.toList
@@ -23,12 +21,6 @@ class NodeVersioningTest {
     private companion object {
         val user = User("user1", "test", permissions = setOf("ALL"))
         val port = AtomicInteger(15100)
-
-        val expectedPlatformVersion = (ProjectStructure.projectRootDir / "constants.properties").read {
-            val constants = Properties()
-            constants.load(it)
-            constants.getProperty("platformVersion").toInt()
-        }
     }
 
     private val factory = NodeProcess.Factory()
@@ -45,7 +37,7 @@ class NodeVersioningTest {
     @Test
     fun `platform version in manifest file`() {
         val manifest = JarFile(factory.cordaJar.toFile()).manifest
-        assertThat(manifest.mainAttributes.getValue("Corda-Platform-Version").toInt()).isEqualTo(expectedPlatformVersion)
+        assertThat(manifest.mainAttributes.getValue("Corda-Platform-Version").toInt()).isEqualTo(PLATFORM_VERSION)
     }
 
     @Test
@@ -60,9 +52,9 @@ class NodeVersioningTest {
         factory.create(aliceConfig).use { alice ->
             alice.connect().use {
                 val rpc = it.proxy
-                assertThat(rpc.protocolVersion).isEqualTo(expectedPlatformVersion)
-                assertThat(rpc.nodeInfo().platformVersion).isEqualTo(expectedPlatformVersion)
-                assertThat(rpc.startFlow(NodeVersioningTest::GetPlatformVersionFlow).returnValue.getOrThrow()).isEqualTo(expectedPlatformVersion)
+                assertThat(rpc.protocolVersion).isEqualTo(PLATFORM_VERSION)
+                assertThat(rpc.nodeInfo().platformVersion).isEqualTo(PLATFORM_VERSION)
+                assertThat(rpc.startFlow(NodeVersioningTest::GetPlatformVersionFlow).returnValue.getOrThrow()).isEqualTo(PLATFORM_VERSION)
             }
         }
     }
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/NodeInfoConstants.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/NodeInfoConstants.kt
index 79cb6844de..371ed2cd57 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/NodeInfoConstants.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/NodeInfoConstants.kt
@@ -2,4 +2,3 @@ package net.corda.nodeapi.internal
 
 // TODO: Add to Corda node.conf to allow customisation
 const val NODE_INFO_DIRECTORY = "additional-node-infos"
-const val PLATFORM_VERSION = 4
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt
index 1871ea553f..a3ddb3cc93 100644
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapperTest.kt
@@ -11,7 +11,7 @@ import net.corda.core.serialization.serialize
 import net.corda.node.services.config.NotaryConfig
 import net.corda.nodeapi.internal.DEV_ROOT_CA
 import net.corda.nodeapi.internal.NODE_INFO_DIRECTORY
-import net.corda.nodeapi.internal.PLATFORM_VERSION
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.SignedNodeInfo
 import net.corda.nodeapi.internal.config.parseAs
 import net.corda.nodeapi.internal.config.toConfig
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
index d21de023cb..b9e5029fc9 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
@@ -26,7 +26,6 @@ import net.corda.core.utilities.getOrThrow
 import net.corda.node.VersionInfo
 import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.node.internal.cordapp.CordappProviderImpl
-import net.corda.nodeapi.internal.PLATFORM_VERSION
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.DUMMY_BANK_A_NAME
 import net.corda.testing.core.DUMMY_NOTARY_NAME
diff --git a/node/src/main/kotlin/net/corda/node/VersionInfo.kt b/node/src/main/kotlin/net/corda/node/VersionInfo.kt
index b3d0ec0fbb..01492ee396 100644
--- a/node/src/main/kotlin/net/corda/node/VersionInfo.kt
+++ b/node/src/main/kotlin/net/corda/node/VersionInfo.kt
@@ -1,6 +1,6 @@
 package net.corda.node
 
-import net.corda.nodeapi.internal.PLATFORM_VERSION
+import net.corda.core.internal.PLATFORM_VERSION
 
 /**
  * Encapsulates various pieces of version information of the node.
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 74f3b0f40f..1b089a7c63 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -28,7 +28,7 @@ import net.corda.node.utilities.registration.NodeRegistrationException
 import net.corda.node.utilities.registration.NodeRegistrationHelper
 import net.corda.node.utilities.saveToKeyStore
 import net.corda.node.utilities.saveToTrustStore
-import net.corda.nodeapi.internal.PLATFORM_VERSION
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.addShutdownHook
 import net.corda.nodeapi.internal.config.UnknownConfigurationKeysException
 import net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt
index d622f834f8..77d97f5715 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappProviderImplTests.kt
@@ -4,7 +4,6 @@ import com.typesafe.config.Config
 import com.typesafe.config.ConfigFactory
 import net.corda.core.node.services.AttachmentStorage
 import net.corda.node.VersionInfo
-import net.corda.nodeapi.internal.PLATFORM_VERSION
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.internal.MockCordappConfigProvider
 import net.corda.testing.services.MockAttachmentStorage
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
index be91c42c1f..112cf3f19f 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
@@ -28,10 +28,8 @@ import net.corda.node.services.identity.InMemoryIdentityService
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.node.services.transactions.InMemoryTransactionVerifierService
 import net.corda.node.services.vault.NodeVaultService
-import net.corda.nodeapi.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
-import net.corda.nodeapi.internal.persistence.HibernateConfiguration
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.internal.DEV_ROOT_CA
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index 850cf8f8d5..92615f3fd0 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -28,7 +28,7 @@ import net.corda.node.services.Permissions
 import net.corda.node.services.config.*
 import net.corda.node.utilities.registration.HTTPNetworkRegistrationService
 import net.corda.node.utilities.registration.NodeRegistrationHelper
-import net.corda.nodeapi.internal.PLATFORM_VERSION
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.DevIdentityGenerator
 import net.corda.nodeapi.internal.SignedNodeInfo
 import net.corda.nodeapi.internal.addShutdownHook
@@ -54,10 +54,8 @@ import net.corda.testing.node.User
 import net.corda.testing.node.internal.DriverDSLImpl.Companion.cordappsInCurrentAndAdditionalPackages
 import okhttp3.OkHttpClient
 import okhttp3.Request
-import rx.Observable
 import rx.Subscription
 import rx.schedulers.Schedulers
-import rx.subjects.AsyncSubject
 import java.lang.management.ManagementFactory
 import java.net.ConnectException
 import java.net.URL
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
index cebb7f6d30..9d6ce49198 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
@@ -74,7 +74,7 @@ import java.time.Clock
 import java.util.concurrent.TimeUnit
 import java.util.concurrent.atomic.AtomicInteger
 
-val MOCK_VERSION_INFO = VersionInfo(4, "Mock release", "Mock revision", "Mock Vendor")
+val MOCK_VERSION_INFO = VersionInfo(PLATFORM_VERSION, "Mock release", "Mock revision", "Mock Vendor")
 
 data class MockNodeArgs(
         val config: NodeConfiguration,
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
index b21df970db..66a4f2408d 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
@@ -2,6 +2,7 @@ package net.corda.testing.node.internal
 
 import com.typesafe.config.ConfigValueFactory
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.core.internal.concurrent.fork
 import net.corda.core.internal.concurrent.transpose
 import net.corda.core.internal.createDirectories
@@ -31,12 +32,12 @@ import java.nio.file.Path
 import java.util.concurrent.Executors
 import kotlin.concurrent.thread
 
-// TODO Some of the logic here duplicates what's in the driver - the reason why it's not straightforward to replace it by using DriverDSLImpl in `init()` and `stopAllNodes()` is because of the platform version passed to nodes (driver doesn't support this, and it's a property of the Corda JAR)
+// TODO Some of the logic here duplicates what's in the driver - the reason why it's not straightforward to replace it by
+// using DriverDSLImpl in `init()` and `stopAllNodes()` is because of the platform version passed to nodes (driver doesn't
+// support this, and it's a property of the Corda JAR)
 abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyList()) {
     companion object {
         private val WHITESPACE = "\\s++".toRegex()
-
-        private val logger = loggerFor<NodeBasedTest>()
     }
 
     @Rule
@@ -85,7 +86,7 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
 
     @JvmOverloads
     fun startNode(legalName: CordaX500Name,
-                  platformVersion: Int = 4,
+                  platformVersion: Int = PLATFORM_VERSION,
                   rpcUsers: List<User> = emptyList(),
                   configOverrides: Map<String, Any> = emptyMap()): NodeWithInfo {
         val baseDirectory = baseDirectory(legalName).createDirectories()
diff --git a/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt b/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
index 9d382516fa..e3a1967e2e 100644
--- a/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
+++ b/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
@@ -2,7 +2,7 @@ package net.corda.bootstrapper
 
 import net.corda.cliutils.CordaCliWrapper
 import net.corda.cliutils.start
-import net.corda.nodeapi.internal.PLATFORM_VERSION
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.network.NetworkBootstrapper
 import picocli.CommandLine.Option
 import java.nio.file.Path

From d75fd7bd8a16757a6e92b3178ef64a684e2147bf Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Fri, 5 Oct 2018 11:01:27 +0100
Subject: [PATCH 19/83] CORDA-2030: Resolve build warnings created by adding
 kotlin-stdlib-jre8 to node. (#4033)

---
 testing/test-utils/build.gradle         | 5 ++++-
 tools/network-bootstrapper/build.gradle | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/testing/test-utils/build.gradle b/testing/test-utils/build.gradle
index 36c44a076b..715c795317 100644
--- a/testing/test-utils/build.gradle
+++ b/testing/test-utils/build.gradle
@@ -9,7 +9,10 @@ description 'Testing utilities for Corda'
 
 dependencies {
     compile project(':test-common')
-    compile project(':node')
+    compile(project(':node')) {
+        // The Node only needs this for binary compatibility with Cordapps written in Kotlin 1.1.
+        exclude group: 'org.jetbrains.kotlin', module: 'kotlin-stdlib-jre8'
+    }
     compile project(':client:mock')
 
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
diff --git a/tools/network-bootstrapper/build.gradle b/tools/network-bootstrapper/build.gradle
index 674b97f229..316be6e723 100644
--- a/tools/network-bootstrapper/build.gradle
+++ b/tools/network-bootstrapper/build.gradle
@@ -16,6 +16,9 @@ configurations {
     compile {
         exclude group: "log4j", module: "log4j"
         exclude group: "org.apache.logging.log4j"
+
+        // The Node only needs this for binary compatibility with Cordapps written in Kotlin 1.1.
+        exclude group: 'org.jetbrains.kotlin', module: 'kotlin-stdlib-jre8'
     }
 }
 

From fa4c54a080faec87f42899ff51a2ceb64dac81fb Mon Sep 17 00:00:00 2001
From: Konstantinos Chalkias <konstantinos.chalkias@r3.com>
Date: Fri, 5 Oct 2018 12:01:16 +0100
Subject: [PATCH 20/83] [CORDA-2063] Ensure signatures and BC operations always
 use newSecureRandom (#4020)

* special handling for Sphincs due a BC implementation issue

* delete all sign operations from DJVM and stub out BC's default RNG

* copy Crypto signing functions to deterministic.crypto.CryptoSignUtils as they are required for testing transaction signatures.
---
 .../deterministic/crypto/CryptoSignUtils.kt   | 68 +++++++++++++++++++
 .../crypto/TransactionSignatureTest.kt        |  7 +-
 .../kotlin/net/corda/core/crypto/Crypto.kt    | 27 +++++++-
 .../net/corda/core/crypto/CryptoUtils.kt      |  5 ++
 .../net/corda/core/internal/InternalUtils.kt  |  4 ++
 .../core/transactions/SignedTransaction.kt    |  1 +
 6 files changed, 108 insertions(+), 4 deletions(-)
 create mode 100644 core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/CryptoSignUtils.kt

diff --git a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/CryptoSignUtils.kt b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/CryptoSignUtils.kt
new file mode 100644
index 0000000000..9351d06bc3
--- /dev/null
+++ b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/CryptoSignUtils.kt
@@ -0,0 +1,68 @@
+@file:JvmName("CryptoSignUtils")
+
+package net.corda.deterministic.crypto
+
+import net.corda.core.crypto.*
+import net.corda.core.crypto.Crypto.findSignatureScheme
+import net.corda.core.crypto.Crypto.isSupportedSignatureScheme
+import net.corda.core.serialization.serialize
+import java.security.*
+
+/**
+ * This is a slightly modified copy of signing utils from net.corda.core.crypto.Crypto, which are normally removed from DJVM.
+ * However, we need those for TransactionSignatureTest.
+ */
+object CryptoSignUtils {
+    @JvmStatic
+    @Throws(InvalidKeyException::class, SignatureException::class)
+    fun doSign(schemeCodeName: String, privateKey: PrivateKey, clearData: ByteArray): ByteArray {
+        return doSign(findSignatureScheme(schemeCodeName), privateKey, clearData)
+    }
+
+    /**
+     * Generic way to sign [ByteArray] data with a [PrivateKey] and a known [Signature].
+     * @param signatureScheme a [SignatureScheme] object, retrieved from supported signature schemes, see [Crypto].
+     * @param privateKey the signer's [PrivateKey].
+     * @param clearData the data/message to be signed in [ByteArray] form (usually the Merkle root).
+     * @return the digital signature (in [ByteArray]) on the input message.
+     * @throws IllegalArgumentException if the signature scheme is not supported for this private key.
+     * @throws InvalidKeyException if the private key is invalid.
+     * @throws SignatureException if signing is not possible due to malformed data or private key.
+     */
+    @JvmStatic
+    @Throws(InvalidKeyException::class, SignatureException::class)
+    fun doSign(signatureScheme: SignatureScheme, privateKey: PrivateKey, clearData: ByteArray): ByteArray {
+        require(isSupportedSignatureScheme(signatureScheme)) {
+            "Unsupported key/algorithm for schemeCodeName: ${signatureScheme.schemeCodeName}"
+        }
+        require(clearData.isNotEmpty()) { "Signing of an empty array is not permitted!" }
+        val signature = Signature.getInstance(signatureScheme.signatureName, signatureScheme.providerName)
+        signature.initSign(privateKey)
+        signature.update(clearData)
+        return signature.sign()
+    }
+
+    /**
+     * Generic way to sign [SignableData] objects with a [PrivateKey].
+     * [SignableData] is a wrapper over the transaction's id (Merkle root) in order to attach extra information, such as
+     * a timestamp or partial and blind signature indicators.
+     * @param keyPair the signer's [KeyPair].
+     * @param signableData a [SignableData] object that adds extra information to a transaction.
+     * @return a [TransactionSignature] object than contains the output of a successful signing, signer's public key and
+     * the signature metadata.
+     * @throws IllegalArgumentException if the signature scheme is not supported for this private key.
+     * @throws InvalidKeyException if the private key is invalid.
+     * @throws SignatureException if signing is not possible due to malformed data or private key.
+     */
+    @JvmStatic
+    @Throws(InvalidKeyException::class, SignatureException::class)
+    fun doSign(keyPair: KeyPair, signableData: SignableData): TransactionSignature {
+        val sigKey: SignatureScheme = findSignatureScheme(keyPair.private)
+        val sigMetaData: SignatureScheme = findSignatureScheme(keyPair.public)
+        require(sigKey == sigMetaData) {
+            "Metadata schemeCodeName: ${sigMetaData.schemeCodeName} is not aligned with the key type: ${sigKey.schemeCodeName}."
+        }
+        val signatureBytes = doSign(sigKey.schemeCodeName, keyPair.private, signableData.serialize().bytes)
+        return TransactionSignature(signatureBytes, keyPair.public, signableData.signatureMetadata)
+    }
+}
diff --git a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt
index 4825d4787f..0e9191f308 100644
--- a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt
+++ b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt
@@ -37,7 +37,7 @@ class TransactionSignatureTest {
 
         // Sign the meta object.
         val transactionSignature: TransactionSignature = CheatingSecurityProvider().use {
-            keyPair.sign(signableData)
+            CryptoSignUtils.doSign(keyPair, signableData)
         }
 
         // Check auto-verification.
@@ -52,7 +52,7 @@ class TransactionSignatureTest {
     fun `Signature metadata full failure clearData has changed`() {
         val signableData = SignableData(testBytes.sha256(), SignatureMetadata(1, Crypto.findSignatureScheme(keyPair.public).schemeNumberID))
         val transactionSignature = CheatingSecurityProvider().use {
-            keyPair.sign(signableData)
+            CryptoSignUtils.doSign(keyPair, signableData)
         }
         Crypto.doVerify((testBytes + testBytes).sha256(), transactionSignature)
     }
@@ -137,7 +137,8 @@ class TransactionSignatureTest {
     private fun signOneTx(txId: SecureHash, keyPair: KeyPair): TransactionSignature {
         val signableData = SignableData(txId, SignatureMetadata(3, Crypto.findSignatureScheme(keyPair.public).schemeNumberID))
         return CheatingSecurityProvider().use {
-            keyPair.sign(signableData)
+            CryptoSignUtils.doSign(keyPair, signableData)
+
         }
     }
 }
diff --git a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
index a172f31747..29465d2808 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
@@ -2,6 +2,7 @@ package net.corda.core.crypto
 
 import net.corda.core.DeleteForDJVM
 import net.corda.core.KeepForDJVM
+import net.corda.core.StubOutForDJVM
 import net.corda.core.crypto.internal.*
 import net.corda.core.serialization.serialize
 import net.i2p.crypto.eddsa.EdDSAEngine
@@ -23,6 +24,7 @@ import org.bouncycastle.asn1.sec.SECObjectIdentifiers
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers
+import org.bouncycastle.crypto.CryptoServicesRegistrar
 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey
 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey
 import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey
@@ -381,6 +383,7 @@ object Crypto {
      * @throws InvalidKeyException if the private key is invalid.
      * @throws SignatureException if signing is not possible due to malformed data or private key.
      */
+    @DeleteForDJVM
     @JvmStatic
     @Throws(InvalidKeyException::class, SignatureException::class)
     fun doSign(privateKey: PrivateKey, clearData: ByteArray): ByteArray = doSign(findSignatureScheme(privateKey), privateKey, clearData)
@@ -395,6 +398,7 @@ object Crypto {
      * @throws InvalidKeyException if the private key is invalid.
      * @throws SignatureException if signing is not possible due to malformed data or private key.
      */
+    @DeleteForDJVM
     @JvmStatic
     @Throws(InvalidKeyException::class, SignatureException::class)
     fun doSign(schemeCodeName: String, privateKey: PrivateKey, clearData: ByteArray): ByteArray {
@@ -411,6 +415,7 @@ object Crypto {
      * @throws InvalidKeyException if the private key is invalid.
      * @throws SignatureException if signing is not possible due to malformed data or private key.
      */
+    @DeleteForDJVM
     @JvmStatic
     @Throws(InvalidKeyException::class, SignatureException::class)
     fun doSign(signatureScheme: SignatureScheme, privateKey: PrivateKey, clearData: ByteArray): ByteArray {
@@ -419,7 +424,16 @@ object Crypto {
         }
         require(clearData.isNotEmpty()) { "Signing of an empty array is not permitted!" }
         val signature = Signature.getInstance(signatureScheme.signatureName, providerMap[signatureScheme.providerName])
-        signature.initSign(privateKey)
+        // Note that deterministic signature schemes, such as EdDSA, do not require extra randomness, but we have to
+        // ensure that non-deterministic algorithms (i.e., ECDSA) use non-blocking SecureRandom implementations (if possible).
+        // TODO consider updating this when the related BC issue for Sphincs is fixed.
+        if (signatureScheme != SPHINCS256_SHA256) {
+            signature.initSign(privateKey, newSecureRandom())
+        } else {
+            // Special handling for Sphincs, due to a BC implementation issue.
+            // As Sphincs is deterministic, it does not require RNG input anyway.
+            signature.initSign(privateKey)
+        }
         signature.update(clearData)
         return signature.sign()
     }
@@ -436,6 +450,7 @@ object Crypto {
      * @throws InvalidKeyException if the private key is invalid.
      * @throws SignatureException if signing is not possible due to malformed data or private key.
      */
+    @DeleteForDJVM
     @JvmStatic
     @Throws(InvalidKeyException::class, SignatureException::class)
     fun doSign(keyPair: KeyPair, signableData: SignableData): TransactionSignature {
@@ -1017,5 +1032,15 @@ object Crypto {
     @JvmStatic
     fun registerProviders() {
         providerMap
+        // Adding our non-blocking newSecureRandom as default for any BouncyCastle operations
+        // (applies only when a SecureRandom is not specifically defined, i.e., if we call
+        // signature.initSign(privateKey) instead of signature.initSign(privateKey, newSecureRandom()
+        // for a BC algorithm, i.e., ECDSA).
+        setBouncyCastleRNG()
+    }
+
+    @StubOutForDJVM
+    private fun setBouncyCastleRNG() {
+        CryptoServicesRegistrar.setSecureRandom(newSecureRandom())
     }
 }
diff --git a/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt b/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt
index 1cc29b5fdd..535f0013ef 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt
@@ -24,6 +24,7 @@ import java.security.*
  * @throws InvalidKeyException if the private key is invalid.
  * @throws SignatureException if signing is not possible due to malformed data or private key.
  */
+@DeleteForDJVM
 @Throws(InvalidKeyException::class, SignatureException::class)
 fun PrivateKey.sign(bytesToSign: ByteArray): DigitalSignature = DigitalSignature(Crypto.doSign(this, bytesToSign))
 
@@ -36,6 +37,7 @@ fun PrivateKey.sign(bytesToSign: ByteArray): DigitalSignature = DigitalSignature
  * @throws InvalidKeyException if the private key is invalid.
  * @throws SignatureException if signing is not possible due to malformed data or private key.
  */
+@DeleteForDJVM
 @Throws(InvalidKeyException::class, SignatureException::class)
 fun PrivateKey.sign(bytesToSign: ByteArray, publicKey: PublicKey): DigitalSignature.WithKey {
     return DigitalSignature.WithKey(publicKey, this.sign(bytesToSign).bytes)
@@ -49,10 +51,12 @@ fun PrivateKey.sign(bytesToSign: ByteArray, publicKey: PublicKey): DigitalSignat
  * @throws InvalidKeyException if the private key is invalid.
  * @throws SignatureException if signing is not possible due to malformed data or private key.
  */
+@DeleteForDJVM
 @Throws(InvalidKeyException::class, SignatureException::class)
 fun KeyPair.sign(bytesToSign: ByteArray): DigitalSignature.WithKey = private.sign(bytesToSign, public)
 
 /** Helper function to sign the bytes of [bytesToSign] with a key pair. */
+@DeleteForDJVM
 @Throws(InvalidKeyException::class, SignatureException::class)
 fun KeyPair.sign(bytesToSign: OpaqueBytes): DigitalSignature.WithKey = sign(bytesToSign.bytes)
 
@@ -64,6 +68,7 @@ fun KeyPair.sign(bytesToSign: OpaqueBytes): DigitalSignature.WithKey = sign(byte
  * @throws InvalidKeyException if the private key is invalid.
  * @throws SignatureException if signing is not possible due to malformed data or private key.
  */
+@DeleteForDJVM
 @Throws(InvalidKeyException::class, SignatureException::class)
 fun KeyPair.sign(signableData: SignableData): TransactionSignature = Crypto.doSign(this, signableData)
 
diff --git a/core/src/main/kotlin/net/corda/core/internal/InternalUtils.kt b/core/src/main/kotlin/net/corda/core/internal/InternalUtils.kt
index 078cfcaa11..9814502433 100644
--- a/core/src/main/kotlin/net/corda/core/internal/InternalUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/InternalUtils.kt
@@ -457,11 +457,13 @@ $trustAnchor""", e, this, e.index)
     }
 }
 
+@DeleteForDJVM
 inline fun <T : Any> T.signWithCert(signer: (SerializedBytes<T>) -> DigitalSignatureWithCert): SignedDataWithCert<T> {
     val serialised = serialize()
     return SignedDataWithCert(serialised, signer(serialised))
 }
 
+@DeleteForDJVM
 fun <T : Any> T.signWithCert(privateKey: PrivateKey, certificate: X509Certificate): SignedDataWithCert<T> {
     return signWithCert {
         val signature = Crypto.doSign(privateKey, it.bytes)
@@ -469,10 +471,12 @@ fun <T : Any> T.signWithCert(privateKey: PrivateKey, certificate: X509Certificat
     }
 }
 
+@DeleteForDJVM
 inline fun <T : Any> SerializedBytes<T>.sign(signer: (SerializedBytes<T>) -> DigitalSignature.WithKey): SignedData<T> {
     return SignedData(this, signer(this))
 }
 
+@DeleteForDJVM
 fun <T : Any> SerializedBytes<T>.sign(keyPair: KeyPair): SignedData<T> = SignedData(this, keyPair.sign(this.bytes))
 
 fun ByteBuffer.copyBytes(): ByteArray = ByteArray(remaining()).also { get(it) }
diff --git a/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt b/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt
index f035192a48..601efcd8cf 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/SignedTransaction.kt
@@ -91,6 +91,7 @@ data class SignedTransaction(val txBits: SerializedBytes<CoreTransaction>,
         return descriptions
     }
 
+    @DeleteForDJVM
     @VisibleForTesting
     fun withAdditionalSignature(keyPair: KeyPair, signatureMetadata: SignatureMetadata): SignedTransaction {
         val signableData = SignableData(tx.id, signatureMetadata)

From 0621efe7c6a29c35c7d54aa715908ed0961f9873 Mon Sep 17 00:00:00 2001
From: Konstantinos Chalkias <konstantinos.chalkias@r3.com>
Date: Fri, 5 Oct 2018 14:11:56 +0100
Subject: [PATCH 21/83] Do not remove entropyToKeyPair from DJVM (it is
 deterministic anyway and we might use it in tests) (#4036)

---
 .../net/corda/deterministic/crypto/TransactionSignatureTest.kt  | 1 -
 core/src/main/kotlin/net/corda/core/crypto/Crypto.kt            | 2 --
 core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt       | 1 -
 3 files changed, 4 deletions(-)

diff --git a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt
index 0e9191f308..ac5e7971eb 100644
--- a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt
+++ b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt
@@ -138,7 +138,6 @@ class TransactionSignatureTest {
         val signableData = SignableData(txId, SignatureMetadata(3, Crypto.findSignatureScheme(keyPair.public).schemeNumberID))
         return CheatingSecurityProvider().use {
             CryptoSignUtils.doSign(keyPair, signableData)
-
         }
     }
 }
diff --git a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
index 29465d2808..e131cdc7df 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
@@ -809,7 +809,6 @@ object Crypto {
      * @return a new [KeyPair] from an entropy input.
      * @throws IllegalArgumentException if the requested signature scheme is not supported for KeyPair generation using an entropy input.
      */
-    @DeleteForDJVM
     @JvmStatic
     fun deriveKeyPairFromEntropy(signatureScheme: SignatureScheme, entropy: BigInteger): KeyPair {
         return when (signatureScheme) {
@@ -825,7 +824,6 @@ object Crypto {
      * @param entropy a [BigInteger] value.
      * @return a new [KeyPair] from an entropy input.
      */
-    @DeleteForDJVM
     @JvmStatic
     fun deriveKeyPairFromEntropy(entropy: BigInteger): KeyPair = deriveKeyPairFromEntropy(DEFAULT_SIGNATURE_SCHEME, entropy)
 
diff --git a/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt b/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt
index 535f0013ef..a58665c069 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/CryptoUtils.kt
@@ -150,7 +150,6 @@ fun generateKeyPair(): KeyPair = Crypto.generateKeyPair()
  * @param entropy a [BigInteger] value.
  * @return a deterministically generated [KeyPair] for the [Crypto.DEFAULT_SIGNATURE_SCHEME].
  */
-@DeleteForDJVM
 fun entropyToKeyPair(entropy: BigInteger): KeyPair = Crypto.deriveKeyPairFromEntropy(entropy)
 
 /**

From 39434dcbecdd2cd656e40622530e84d02443b8e2 Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Fri, 5 Oct 2018 18:05:10 +0100
Subject: [PATCH 22/83] Assorted set of clean ups (#4039)

---
 client/rpc/.attach_pid14784                   |  0
 .../core/flows/ContractUpgradeFlowTest.kt     |  2 +-
 .../flows/WithReferencedStatesFlowTests.kt    | 52 ++++++++---------
 .../corda/core/flows/mixins/WithFinality.kt   | 27 +++++----
 .../docs/java/tutorial/twoparty/IOUFlow.java  |  6 +-
 .../kotlin/tutorial/helloworld/IOUState.kt    |  4 +-
 .../docs/kotlin/tutorial/twoparty/IOUFlow.kt  |  8 ++-
 .../tutorial/twoparty/IOUFlowResponder.kt     |  4 +-
 .../docs/{ => kotlin}/CustomVaultQueryTest.kt |  3 +-
 .../FxTransactionBuildTutorialTest.kt         | 10 +---
 .../WorkflowTransactionBuildTutorialTest.kt   |  6 +-
 docs/source/hello-world-flow.rst              |  3 +-
 .../net/corda/loadtest/tests/NotaryTest.kt    | 57 -------------------
 13 files changed, 61 insertions(+), 121 deletions(-)
 delete mode 100644 client/rpc/.attach_pid14784
 rename docs/source/example-code/src/test/kotlin/net/corda/docs/{ => kotlin}/CustomVaultQueryTest.kt (98%)
 rename docs/source/example-code/src/test/kotlin/net/corda/docs/{ => kotlin}/FxTransactionBuildTutorialTest.kt (92%)
 rename docs/source/example-code/src/test/kotlin/net/corda/docs/{ => kotlin}/WorkflowTransactionBuildTutorialTest.kt (95%)
 delete mode 100644 tools/loadtest/src/main/kotlin/net/corda/loadtest/tests/NotaryTest.kt

diff --git a/client/rpc/.attach_pid14784 b/client/rpc/.attach_pid14784
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt b/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
index ead8da3ae4..8d30b83b62 100644
--- a/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
@@ -52,7 +52,7 @@ class ContractUpgradeFlowTest : WithContracts, WithFinality {
     @Test
     fun `2 parties contract upgrade`() {
         // Create dummy contract.
-        val signedByA = aliceNode.signDummyContract(alice.ref(1),0, bob.ref(1))
+        val signedByA = aliceNode.signDummyContract(alice.ref(1), 0, bob.ref(1))
         val stx = bobNode.addSignatureTo(signedByA)
 
         aliceNode.finalise(stx, bob)
diff --git a/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt b/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
index 2263f85b39..a6d007b549 100644
--- a/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
@@ -24,14 +24,14 @@ import org.junit.After
 import org.junit.Test
 import kotlin.test.assertEquals
 
-
 // A dummy reference state contract.
 internal class RefState : Contract {
     companion object {
-        val CONTRACT_ID = "net.corda.core.flows.RefState"
+        const val CONTRACT_ID = "net.corda.core.flows.RefState"
     }
 
     override fun verify(tx: LedgerTransaction) = Unit
+
     data class State(val owner: Party, val version: Int = 0, override val linearId: UniqueIdentifier = UniqueIdentifier()) : LinearState {
         override val participants: List<AbstractParty> get() = listOf(owner)
         fun update() = copy(version = version + 1)
@@ -46,34 +46,32 @@ internal class CreateRefState : FlowLogic<SignedTransaction>() {
     @Suspendable
     override fun call(): SignedTransaction {
         val notary = serviceHub.networkMapCache.notaryIdentities.first()
-        return subFlow(FinalityFlow(
-                transaction = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
-                    addOutputState(RefState.State(ourIdentity), RefState.CONTRACT_ID)
-                    addCommand(RefState.Create(), listOf(ourIdentity.owningKey))
-                })
-        ))
+        val stx = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
+            addOutputState(RefState.State(ourIdentity), RefState.CONTRACT_ID)
+            addCommand(RefState.Create(), listOf(ourIdentity.owningKey))
+        })
+        return subFlow(FinalityFlow(stx))
     }
 }
 
 // A flow to update a specific reference state.
-internal class UpdateRefState(val stateAndRef: StateAndRef<ContractState>) : FlowLogic<SignedTransaction>() {
+internal class UpdateRefState(private val stateAndRef: StateAndRef<ContractState>) : FlowLogic<SignedTransaction>() {
     @Suspendable
     override fun call(): SignedTransaction {
         val notary = serviceHub.networkMapCache.notaryIdentities.first()
-        return subFlow(FinalityFlow(
-                transaction = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
-                    addInputState(stateAndRef)
-                    addOutputState((stateAndRef.state.data as RefState.State).update(), RefState.CONTRACT_ID)
-                    addCommand(RefState.Update(), listOf(ourIdentity.owningKey))
-                })
-        ))
+        val stx = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
+            addInputState(stateAndRef)
+            addOutputState((stateAndRef.state.data as RefState.State).update(), RefState.CONTRACT_ID)
+            addCommand(RefState.Update(), listOf(ourIdentity.owningKey))
+        })
+        return subFlow(FinalityFlow(stx))
     }
 }
 
 // A set of flows to share a stateref with all other nodes in the mock network.
 internal object ShareRefState {
     @InitiatingFlow
-    class Initiator(val stateAndRef: StateAndRef<ContractState>) : FlowLogic<Unit>() {
+    class Initiator(private val stateAndRef: StateAndRef<ContractState>) : FlowLogic<Unit>() {
         @Suspendable
         override fun call() {
             val sessions = serviceHub.networkMapCache.allNodes.flatMap { it.legalIdentities }.map { initiateFlow(it) }
@@ -85,7 +83,7 @@ internal object ShareRefState {
     }
 
     @InitiatedBy(ShareRefState.Initiator::class)
-    class Responder(val otherSession: FlowSession) : FlowLogic<Unit>() {
+    class Responder(private val otherSession: FlowSession) : FlowLogic<Unit>() {
         @Suspendable
         override fun call() {
             logger.info("Receiving dependencies.")
@@ -99,7 +97,7 @@ internal object ShareRefState {
 }
 
 // A flow to use a reference state in another transaction.
-internal class UseRefState(val linearId: UniqueIdentifier) : FlowLogic<SignedTransaction>() {
+internal class UseRefState(private val linearId: UniqueIdentifier) : FlowLogic<SignedTransaction>() {
     @Suspendable
     override fun call(): SignedTransaction {
         val notary = serviceHub.networkMapCache.notaryIdentities.first()
@@ -108,14 +106,12 @@ internal class UseRefState(val linearId: UniqueIdentifier) : FlowLogic<SignedTra
                 relevancyStatus = Vault.RelevancyStatus.ALL
         )
         val referenceState = serviceHub.vaultService.queryBy<ContractState>(query).states.single()
-        return subFlow(FinalityFlow(
-                transaction = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
-                    @Suppress("DEPRECATION") // To be removed when feature is finalised.
-                    addReferenceState(referenceState.referenced())
-                    addOutputState(DummyState(), DummyContract.PROGRAM_ID)
-                    addCommand(DummyContract.Commands.Create(), listOf(ourIdentity.owningKey))
-                })
-        ))
+        val stx = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
+            addReferenceState(referenceState.referenced())
+            addOutputState(DummyState(), DummyContract.PROGRAM_ID)
+            addCommand(DummyContract.Commands.Create(), listOf(ourIdentity.owningKey))
+        })
+        return subFlow(FinalityFlow(stx))
     }
 }
 
@@ -165,4 +161,4 @@ class WithReferencedStatesFlowTests {
         assertEquals(updatedRefState.ref, result.tx.references.single())
     }
 
-}
\ No newline at end of file
+}
diff --git a/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt b/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt
index 4e2ac3c5c5..038e360644 100644
--- a/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/mixins/WithFinality.kt
@@ -1,37 +1,42 @@
 package net.corda.core.flows.mixins
 
 import co.paralleluniverse.fibers.Suspendable
+import com.natpryce.hamkrest.MatchResult
 import com.natpryce.hamkrest.Matcher
 import com.natpryce.hamkrest.equalTo
 import net.corda.core.flows.FinalityFlow
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.StartableByRPC
 import net.corda.core.identity.Party
+import net.corda.core.internal.FlowStateMachine
 import net.corda.core.messaging.CordaRPCOps
+import net.corda.core.messaging.FlowHandle
 import net.corda.core.messaging.startFlow
 import net.corda.core.transactions.SignedTransaction
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.node.internal.TestStartedNode
 
 interface WithFinality : WithMockNet {
-
     //region Operations
-    fun TestStartedNode.finalise(stx: SignedTransaction, vararg additionalParties: Party) =
-        startFlowAndRunNetwork(FinalityFlow(stx, additionalParties.toSet()))
+    fun TestStartedNode.finalise(stx: SignedTransaction, vararg additionalParties: Party): FlowStateMachine<SignedTransaction> {
+        return startFlowAndRunNetwork(FinalityFlow(stx, additionalParties.toSet()))
+    }
 
-    fun TestStartedNode.getValidatedTransaction(stx: SignedTransaction) =
-        services.validatedTransactions.getTransaction(stx.id)!!
+    fun TestStartedNode.getValidatedTransaction(stx: SignedTransaction): SignedTransaction {
+        return services.validatedTransactions.getTransaction(stx.id)!!
+    }
 
-    fun CordaRPCOps.finalise(stx: SignedTransaction, vararg parties: Party) =
-        startFlow(::FinalityInvoker, stx, parties.toSet())
-            .andRunNetwork()
+    fun CordaRPCOps.finalise(stx: SignedTransaction, vararg parties: Party): FlowHandle<SignedTransaction> {
+        return startFlow(::FinalityInvoker, stx, parties.toSet()).andRunNetwork()
+    }
     //endregion
 
     //region Matchers
     fun visibleTo(other: TestStartedNode) = object : Matcher<SignedTransaction> {
         override val description = "has a transaction visible to ${other.info.singleIdentity()}"
-        override fun invoke(actual: SignedTransaction) =
-                equalTo(actual)(other.getValidatedTransaction(actual))
+        override fun invoke(actual: SignedTransaction): MatchResult {
+            return equalTo(actual)(other.getValidatedTransaction(actual))
+        }
     }
     //endregion
 
@@ -41,4 +46,4 @@ interface WithFinality : WithMockNet {
         @Suspendable
         override fun call(): SignedTransaction = subFlow(FinalityFlow(transaction, extraRecipients))
     }
-}
\ No newline at end of file
+}
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java
index 5ad1a12ce2..a7dd8c6c22 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java
@@ -66,11 +66,11 @@ public class IOUFlow extends FlowLogic<Void> {
         final SignedTransaction signedTx = getServiceHub().signInitialTransaction(txBuilder);
 
         // Creating a session with the other party.
-        FlowSession otherpartySession = initiateFlow(otherParty);
+        FlowSession otherPartySession = initiateFlow(otherParty);
 
         // Obtaining the counterparty's signature.
         SignedTransaction fullySignedTx = subFlow(new CollectSignaturesFlow(
-                signedTx, ImmutableList.of(otherpartySession), CollectSignaturesFlow.tracker()));
+                signedTx, ImmutableList.of(otherPartySession), CollectSignaturesFlow.tracker()));
 
         // Finalising the transaction.
         subFlow(new FinalityFlow(fullySignedTx));
@@ -78,4 +78,4 @@ public class IOUFlow extends FlowLogic<Void> {
         return null;
         // DOCEND 02
     }
-}
\ No newline at end of file
+}
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUState.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUState.kt
index f79e3311cd..b66604a504 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUState.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUState.kt
@@ -1,3 +1,5 @@
+@file:Suppress("MemberVisibilityCanBePrivate")
+
 package net.corda.docs.kotlin.tutorial.helloworld
 
 import net.corda.core.contracts.ContractState
@@ -12,4 +14,4 @@ class IOUState(val value: Int,
                val borrower: Party) : ContractState {
     override val participants get() = listOf(lender, borrower)
 }
-// DOCEND 01
\ No newline at end of file
+// DOCEND 01
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt
index 22714acd33..bffd19472d 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt
@@ -1,3 +1,5 @@
+@file:Suppress("MemberVisibilityCanBePrivate")
+
 package net.corda.docs.kotlin.tutorial.twoparty
 
 // DOCSTART 01
@@ -48,13 +50,13 @@ class IOUFlow(val iouValue: Int,
         val signedTx = serviceHub.signInitialTransaction(txBuilder)
 
         // Creating a session with the other party.
-        val otherpartySession = initiateFlow(otherParty)
+        val otherPartySession = initiateFlow(otherParty)
 
         // Obtaining the counterparty's signature.
-        val fullySignedTx = subFlow(CollectSignaturesFlow(signedTx, listOf(otherpartySession), CollectSignaturesFlow.tracker()))
+        val fullySignedTx = subFlow(CollectSignaturesFlow(signedTx, listOf(otherPartySession), CollectSignaturesFlow.tracker()))
 
         // Finalising the transaction.
         subFlow(FinalityFlow(fullySignedTx))
         // DOCEND 02
     }
-}
\ No newline at end of file
+}
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlowResponder.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlowResponder.kt
index 45e792abe0..c6ac0704b4 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlowResponder.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlowResponder.kt
@@ -1,3 +1,5 @@
+@file:Suppress("unused")
+
 package net.corda.docs.kotlin.tutorial.twoparty
 
 import co.paralleluniverse.fibers.Suspendable
@@ -30,4 +32,4 @@ class IOUFlowResponder(val otherPartySession: FlowSession) : FlowLogic<Unit>() {
         subFlow(signTransactionFlow)
     }
 }
-// DOCEND 01
\ No newline at end of file
+// DOCEND 01
diff --git a/docs/source/example-code/src/test/kotlin/net/corda/docs/CustomVaultQueryTest.kt b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/CustomVaultQueryTest.kt
similarity index 98%
rename from docs/source/example-code/src/test/kotlin/net/corda/docs/CustomVaultQueryTest.kt
rename to docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/CustomVaultQueryTest.kt
index e5a5ec8786..3738e977a3 100644
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/CustomVaultQueryTest.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/CustomVaultQueryTest.kt
@@ -1,4 +1,4 @@
-package net.corda.docs
+package net.corda.docs.kotlin
 
 import net.corda.core.contracts.Amount
 import net.corda.core.contracts.ContractState
@@ -8,7 +8,6 @@ import net.corda.core.node.services.vault.*
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
 import net.corda.docs.java.tutorial.helloworld.IOUFlow
-import net.corda.docs.kotlin.TopupIssuerFlow
 import net.corda.finance.*
 import net.corda.finance.contracts.getCashBalances
 import net.corda.finance.flows.CashIssueFlow
diff --git a/docs/source/example-code/src/test/kotlin/net/corda/docs/FxTransactionBuildTutorialTest.kt b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/FxTransactionBuildTutorialTest.kt
similarity index 92%
rename from docs/source/example-code/src/test/kotlin/net/corda/docs/FxTransactionBuildTutorialTest.kt
rename to docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/FxTransactionBuildTutorialTest.kt
index 430fc025c8..1a0808fe91 100644
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/FxTransactionBuildTutorialTest.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/FxTransactionBuildTutorialTest.kt
@@ -1,18 +1,12 @@
-package net.corda.docs
+package net.corda.docs.kotlin
 
 import net.corda.core.identity.Party
 import net.corda.core.toFuture
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
-import net.corda.docs.kotlin.ForeignExchangeFlow
-import net.corda.docs.kotlin.ForeignExchangeRemoteFlow
-import net.corda.finance.DOLLARS
-import net.corda.finance.GBP
-import net.corda.finance.POUNDS
-import net.corda.finance.USD
+import net.corda.finance.*
 import net.corda.finance.contracts.getCashBalances
 import net.corda.finance.flows.CashIssueFlow
-import net.corda.finance.issuedBy
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.node.MockNetwork
 import net.corda.testing.node.StartedMockNode
diff --git a/docs/source/example-code/src/test/kotlin/net/corda/docs/WorkflowTransactionBuildTutorialTest.kt b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/WorkflowTransactionBuildTutorialTest.kt
similarity index 95%
rename from docs/source/example-code/src/test/kotlin/net/corda/docs/WorkflowTransactionBuildTutorialTest.kt
rename to docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/WorkflowTransactionBuildTutorialTest.kt
index ccc0793663..d19fa0c33b 100644
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/WorkflowTransactionBuildTutorialTest.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/kotlin/WorkflowTransactionBuildTutorialTest.kt
@@ -1,4 +1,4 @@
-package net.corda.docs
+package net.corda.docs.kotlin
 
 import net.corda.core.contracts.LinearState
 import net.corda.core.contracts.StateAndRef
@@ -9,10 +9,6 @@ import net.corda.core.node.services.queryBy
 import net.corda.core.node.services.vault.QueryCriteria
 import net.corda.core.toFuture
 import net.corda.core.utilities.getOrThrow
-import net.corda.docs.kotlin.SubmitCompletionFlow
-import net.corda.docs.kotlin.SubmitTradeApprovalFlow
-import net.corda.docs.kotlin.TradeApprovalContract
-import net.corda.docs.kotlin.WorkflowState
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.node.MockNetwork
diff --git a/docs/source/hello-world-flow.rst b/docs/source/hello-world-flow.rst
index b50ff584ec..1454b96498 100644
--- a/docs/source/hello-world-flow.rst
+++ b/docs/source/hello-world-flow.rst
@@ -73,7 +73,8 @@ annotation out will lead to some very weird error messages!
 
 There are also a few more annotations, on the ``FlowLogic`` subclass itself:
 
-  * ``@InitiatingFlow`` means that this flow can be started directly by the node
+  * ``@InitiatingFlow`` means that this flow is part of a flow pair and that it triggers the other side to run the
+    the counterpart flow.
   * ``@StartableByRPC`` allows the node owner to start this flow via an RPC call
 
 Let's walk through the steps of ``FlowLogic.call`` itself. This is where we actually describe the procedure for
diff --git a/tools/loadtest/src/main/kotlin/net/corda/loadtest/tests/NotaryTest.kt b/tools/loadtest/src/main/kotlin/net/corda/loadtest/tests/NotaryTest.kt
deleted file mode 100644
index a8cff6abb9..0000000000
--- a/tools/loadtest/src/main/kotlin/net/corda/loadtest/tests/NotaryTest.kt
+++ /dev/null
@@ -1,57 +0,0 @@
-package net.corda.loadtest.tests
-
-import net.corda.client.mock.Generator
-import net.corda.core.flows.FinalityFlow
-import net.corda.core.flows.FlowException
-import net.corda.core.identity.CordaX500Name
-import net.corda.core.internal.concurrent.thenMatch
-import net.corda.core.messaging.startFlow
-import net.corda.core.transactions.SignedTransaction
-import net.corda.loadtest.LoadTest
-import net.corda.loadtest.NodeConnection
-import net.corda.testing.contracts.DummyContract
-import net.corda.testing.core.DUMMY_NOTARY_NAME
-import net.corda.testing.core.TestIdentity
-import net.corda.testing.node.MockServices
-import net.corda.testing.node.makeTestIdentityService
-import org.slf4j.LoggerFactory
-
-private val log = LoggerFactory.getLogger("NotaryTest")
-private val dummyCashIssuer = TestIdentity(CordaX500Name("Snake Oil Issuer", "London", "GB"), 10)
-private val DUMMY_CASH_ISSUER = dummyCashIssuer.ref(1)
-private val dummyNotary = TestIdentity(DUMMY_NOTARY_NAME, 20)
-private val megaCorp = TestIdentity(CordaX500Name("MegaCorp", "London", "GB"))
-private val miniCorp = TestIdentity(CordaX500Name("MiniCorp", "London", "GB"))
-
-data class NotariseCommand(val issueTx: SignedTransaction, val moveTx: SignedTransaction, val node: NodeConnection)
-
-val dummyNotarisationTest = LoadTest<NotariseCommand, Unit>(
-        "Notarising dummy transactions",
-        generate = { _, _ ->
-            val issuerServices = MockServices(emptyList(), megaCorp.name, makeTestIdentityService(megaCorp.identity, miniCorp.identity, dummyCashIssuer.identity, dummyNotary.identity), dummyCashIssuer.keyPair)
-            val generateTx = Generator.pickOne(simpleNodes).flatMap { node ->
-                Generator.int().map {
-                    val issueBuilder = DummyContract.generateInitial(it, notary.info.legalIdentities[0], DUMMY_CASH_ISSUER) // TODO notary choice
-                    val issueTx = issuerServices.signInitialTransaction(issueBuilder)
-                    val asset = issueTx.tx.outRef<DummyContract.SingleOwnerState>(0)
-                    val moveBuilder = DummyContract.move(asset, dummyCashIssuer.party)
-                    val moveTx = issuerServices.signInitialTransaction(moveBuilder)
-                    NotariseCommand(issueTx, moveTx, node)
-                }
-            }
-            Generator.replicate(10, generateTx)
-        },
-        interpret = { _, _ -> },
-        execute = { (issueTx, moveTx, node) ->
-            try {
-                val proxy = node.proxy
-                val issueFlow = proxy.startFlow(::FinalityFlow, issueTx)
-                issueFlow.returnValue.thenMatch({
-                    proxy.startFlow(::FinalityFlow, moveTx)
-                }, {})
-            } catch (e: FlowException) {
-                log.error("Failure", e)
-            }
-        },
-        gatherRemoteState = {}
-)

From c88d3d8c1bac16931d34a24384953c1401bbccb5 Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Mon, 8 Oct 2018 12:49:05 +0100
Subject: [PATCH 23/83] CORDA-2030: Resolve build warnings about
 kotlin-stdlib-jre8 in unit tests too. (#4043)

---
 confidential-identities/build.gradle | 1 -
 core/build.gradle                    | 1 -
 2 files changed, 2 deletions(-)

diff --git a/confidential-identities/build.gradle b/confidential-identities/build.gradle
index 6b5616d000..38a2f43807 100644
--- a/confidential-identities/build.gradle
+++ b/confidential-identities/build.gradle
@@ -20,7 +20,6 @@ dependencies {
     testCompile "com.google.guava:guava-testlib:$guava_version"
 
     // Bring in the MockNode infrastructure for writing protocol unit tests.
-    testCompile project(":node")
     testCompile project(":node-driver")
 
     // AssertJ: for fluent assertions for testing
diff --git a/core/build.gradle b/core/build.gradle
index 671b7b616d..05e9716dc9 100644
--- a/core/build.gradle
+++ b/core/build.gradle
@@ -61,7 +61,6 @@ dependencies {
     testCompile "com.google.guava:guava-testlib:$guava_version"
 
     // Bring in the MockNode infrastructure for writing protocol unit tests.
-    testCompile project(":node")
     testCompile project(":node-driver")
 
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"

From d9ea19855f52fd2972cf1328e50e336f55665567 Mon Sep 17 00:00:00 2001
From: Dominic Fox <40790090+distributedleetravis@users.noreply.github.com>
Date: Mon, 8 Oct 2018 13:39:28 +0100
Subject: [PATCH 24/83] CORDA-2006: Simplify checkpoint serialization (#4042)

* CORDA-2006: Simplify checkpoint serialization

* Supply rule to KryoTest
---
 .../amqp/AMQPClientSerializationScheme.kt     |  3 +-
 .../CheckpointSerializationFactory.kt         | 74 ---------------
 .../verifier/LocalSerializationRule.kt        |  8 +-
 .../internal/CheckpointSerializationAPI.kt    | 95 ++++---------------
 .../internal/SerializationEnvironment.kt      | 65 +++++++++----
 .../flows/SerializationApiInJavaTest.java     |  6 +-
 .../internal/network/NetworkBootstrapper.kt   |  4 +-
 .../corda/node/internal/CheckpointVerifier.kt |  3 +-
 .../kotlin/net/corda/node/internal/Node.kt    | 15 +--
 ...nScheme.kt => KryoCheckpointSerializer.kt} |  5 +-
 .../SingleThreadedStateMachineManager.kt      |  2 +-
 .../transactions/RaftTransactionCommitLog.kt  |  6 +-
 .../node/serialization/kryo/KryoTests.kt      | 74 +++++++--------
 .../internal/SerializeAsTokenContextImpl.kt   |  6 +-
 .../LambdaCheckpointSerializationTest.java    | 17 ++--
 .../ContractAttachmentSerializerTest.kt       | 31 +++---
 .../internal/SerializationTokenTest.kt        | 28 +++---
 .../testing/core/SerializationTestHelpers.kt  | 10 +-
 .../CheckpointSerializationTestHelpers.kt     | 11 +--
 .../InternalSerializationTestHelpers.kt       | 15 ++-
 .../net/corda/blobinspector/BlobInspector.kt  |  6 +-
 .../kotlin/net/corda/demobench/DemoBench.kt   |  4 +-
 .../serialization/SerializationHelper.kt      |  9 +-
 23 files changed, 186 insertions(+), 311 deletions(-)
 delete mode 100644 core-deterministic/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationFactory.kt
 rename node/src/main/kotlin/net/corda/node/serialization/kryo/{KryoSerializationScheme.kt => KryoCheckpointSerializer.kt} (97%)

diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt
index df12645479..a0e2bfc307 100644
--- a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/serialization/amqp/AMQPClientSerializationScheme.kt
@@ -6,7 +6,6 @@ import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationContext.*
 import net.corda.core.serialization.SerializationCustomSerializer
 import net.corda.core.serialization.internal.SerializationEnvironment
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
 import net.corda.core.serialization.internal.nodeSerializationEnv
 import net.corda.serialization.internal.*
 import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
@@ -35,7 +34,7 @@ class AMQPClientSerializationScheme(
         }
 
         fun createSerializationEnv(classLoader: ClassLoader? = null): SerializationEnvironment {
-            return SerializationEnvironmentImpl(
+            return SerializationEnvironment.with(
                     SerializationFactoryImpl().apply {
                         registerScheme(AMQPClientSerializationScheme(emptyList()))
                     },
diff --git a/core-deterministic/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationFactory.kt b/core-deterministic/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationFactory.kt
deleted file mode 100644
index dbb6fb54c0..0000000000
--- a/core-deterministic/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationFactory.kt
+++ /dev/null
@@ -1,74 +0,0 @@
-package net.corda.core.serialization.internal
-
-import net.corda.core.KeepForDJVM
-import net.corda.core.serialization.SerializedBytes
-import net.corda.core.utilities.ByteSequence
-import java.io.NotSerializableException
-
-/**
- * A deterministic version of [CheckpointSerializationFactory] that does not use thread-locals to manage serialization
- * context.
- */
-@KeepForDJVM
-class CheckpointSerializationFactory(
-        private val scheme: CheckpointSerializationScheme
-) {
-
-    val defaultContext: CheckpointSerializationContext get() = _currentContext ?: effectiveSerializationEnv.checkpointContext
-
-    private val creator: List<StackTraceElement> = Exception().stackTrace.asList()
-
-    /**
-     * Deserialize the bytes in to an object, using the prefixed bytes to determine the format.
-     *
-     * @param byteSequence The bytes to deserialize, including a format header prefix.
-     * @param clazz The class or superclass or the object to be deserialized, or [Any] or [Object] if unknown.
-     * @param context A context that configures various parameters to deserialization.
-     */
-    @Throws(NotSerializableException::class)
-    fun <T : Any> deserialize(byteSequence: ByteSequence, clazz: Class<T>, context: CheckpointSerializationContext): T {
-        return withCurrentContext(context) { scheme.deserialize(byteSequence, clazz, context) }
-    }
-
-    /**
-     * Serialize an object to bytes using the preferred serialization format version from the context.
-     *
-     * @param obj The object to be serialized.
-     * @param context A context that configures various parameters to serialization, including the serialization format version.
-     */
-    fun <T : Any> serialize(obj: T, context: CheckpointSerializationContext): SerializedBytes<T> {
-        return withCurrentContext(context) { scheme.serialize(obj, context) }
-    }
-
-    override fun toString(): String {
-        return "${this.javaClass.name} scheme=$scheme ${creator.joinToString("\n")}"
-    }
-
-    override fun equals(other: Any?): Boolean {
-        return other is CheckpointSerializationFactory && other.scheme == this.scheme
-    }
-
-    override fun hashCode(): Int = scheme.hashCode()
-
-    private var _currentContext: CheckpointSerializationContext? = null
-
-    /**
-     * Change the current context inside the block to that supplied.
-     */
-    fun <T> withCurrentContext(context: CheckpointSerializationContext?, block: () -> T): T {
-        val priorContext = _currentContext
-        if (context != null) _currentContext = context
-        try {
-            return block()
-        } finally {
-            if (context != null) _currentContext = priorContext
-        }
-    }
-
-    companion object {
-        /**
-         * A default factory for serialization/deserialization.
-         */
-        val defaultFactory: CheckpointSerializationFactory get() = effectiveSerializationEnv.checkpointSerializationFactory
-    }
-}
\ No newline at end of file
diff --git a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt
index 15848a4be4..e388c7c6d9 100644
--- a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt
+++ b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/LocalSerializationRule.kt
@@ -4,7 +4,7 @@ import net.corda.core.serialization.ClassWhitelist
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationContext.UseCase.P2P
 import net.corda.core.serialization.SerializationCustomSerializer
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
+import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal._contextSerializationEnv
 import net.corda.serialization.internal.*
 import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
@@ -58,13 +58,11 @@ class LocalSerializationRule(private val label: String) : TestRule {
         _contextSerializationEnv.set(null)
     }
 
-    private fun createTestSerializationEnv(): SerializationEnvironmentImpl {
+    private fun createTestSerializationEnv(): SerializationEnvironment {
         val factory = SerializationFactoryImpl(mutableMapOf()).apply {
             registerScheme(AMQPSerializationScheme(emptySet(), AccessOrderLinkedHashMap(128)))
         }
-        return object : SerializationEnvironmentImpl(factory, AMQP_P2P_CONTEXT) {
-            override fun toString() = "testSerializationEnv($label)"
-        }
+        return SerializationEnvironment.with(factory, AMQP_P2P_CONTEXT)
     }
 
     private class AMQPSerializationScheme(
diff --git a/core/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationAPI.kt b/core/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationAPI.kt
index 448d1ab25f..6769b73b03 100644
--- a/core/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationAPI.kt
+++ b/core/src/main/kotlin/net/corda/core/serialization/internal/CheckpointSerializationAPI.kt
@@ -13,75 +13,12 @@ import java.io.NotSerializableException
 object CheckpointSerializationDefaults {
     @DeleteForDJVM
     val CHECKPOINT_CONTEXT get() = effectiveSerializationEnv.checkpointContext
-    val CHECKPOINT_SERIALIZATION_FACTORY get() = effectiveSerializationEnv.checkpointSerializationFactory
-}
-
-/**
- * A class for serializing and deserializing objects at checkpoints, using Kryo serialization.
- */
-@KeepForDJVM
-class CheckpointSerializationFactory(
-    private val scheme: CheckpointSerializationScheme
-) {
-
-    val defaultContext: CheckpointSerializationContext get() = _currentContext.get() ?: effectiveSerializationEnv.checkpointContext
-
-    private val creator: List<StackTraceElement> = Exception().stackTrace.asList()
-
-    /**
-     * Deserialize the bytes in to an object, using the prefixed bytes to determine the format.
-     *
-     * @param byteSequence The bytes to deserialize, including a format header prefix.
-     * @param clazz The class or superclass or the object to be deserialized, or [Any] or [Object] if unknown.
-     * @param context A context that configures various parameters to deserialization.
-     */
-    fun <T : Any> deserialize(byteSequence: ByteSequence, clazz: Class<T>, context: CheckpointSerializationContext): T {
-        return withCurrentContext(context) { scheme.deserialize(byteSequence, clazz, context) }
-    }
-
-    /**
-     * Serialize an object to bytes using the preferred serialization format version from the context.
-     *
-     * @param obj The object to be serialized.
-     * @param context A context that configures various parameters to serialization, including the serialization format version.
-     */
-    fun <T : Any> serialize(obj: T, context: CheckpointSerializationContext): SerializedBytes<T> {
-        return withCurrentContext(context) { scheme.serialize(obj, context) }
-    }
-
-    override fun toString(): String {
-        return "${this.javaClass.name} scheme=$scheme ${creator.joinToString("\n")}"
-    }
-
-    override fun equals(other: Any?): Boolean {
-        return other is CheckpointSerializationFactory && other.scheme == this.scheme
-    }
-
-    override fun hashCode(): Int = scheme.hashCode()
-
-    private val _currentContext = ThreadLocal<CheckpointSerializationContext?>()
-
-    /**
-     * Change the current context inside the block to that supplied.
-     */
-    fun <T> withCurrentContext(context: CheckpointSerializationContext?, block: () -> T): T {
-        val priorContext = _currentContext.get()
-        if (context != null) _currentContext.set(context)
-        try {
-            return block()
-        } finally {
-            if (context != null) _currentContext.set(priorContext)
-        }
-    }
-
-    companion object {
-        val defaultFactory: CheckpointSerializationFactory get() = effectiveSerializationEnv.checkpointSerializationFactory
-    }
+    val CHECKPOINT_SERIALIZER get() = effectiveSerializationEnv.checkpointSerializer
 }
 
 @KeepForDJVM
 @DoNotImplement
-interface CheckpointSerializationScheme {
+interface CheckpointSerializer {
     @Throws(NotSerializableException::class)
     fun <T : Any> deserialize(byteSequence: ByteSequence, clazz: Class<T>, context: CheckpointSerializationContext): T
 
@@ -167,32 +104,36 @@ interface CheckpointSerializationContext {
 /*
  * Convenience extension method for deserializing a ByteSequence, utilising the default factory.
  */
-inline fun <reified T : Any> ByteSequence.checkpointDeserialize(serializationFactory: CheckpointSerializationFactory = CheckpointSerializationFactory.defaultFactory,
-                                                                context: CheckpointSerializationContext): T {
-    return serializationFactory.deserialize(this, T::class.java, context)
+@JvmOverloads
+inline fun <reified T : Any> ByteSequence.checkpointDeserialize(
+        context: CheckpointSerializationContext = effectiveSerializationEnv.checkpointContext): T {
+    return effectiveSerializationEnv.checkpointSerializer.deserialize(this, T::class.java, context)
 }
 
 /**
  * Convenience extension method for deserializing SerializedBytes with type matching, utilising the default factory.
  */
-inline fun <reified T : Any> SerializedBytes<T>.checkpointDeserialize(serializationFactory: CheckpointSerializationFactory = CheckpointSerializationFactory.defaultFactory,
-                                                                      context: CheckpointSerializationContext): T {
-    return serializationFactory.deserialize(this, T::class.java, context)
+@JvmOverloads
+inline fun <reified T : Any> SerializedBytes<T>.checkpointDeserialize(
+        context: CheckpointSerializationContext = effectiveSerializationEnv.checkpointContext): T {
+    return effectiveSerializationEnv.checkpointSerializer.deserialize(this, T::class.java, context)
 }
 
 /**
  * Convenience extension method for deserializing a ByteArray, utilising the default factory.
  */
-inline fun <reified T : Any> ByteArray.checkpointDeserialize(serializationFactory: CheckpointSerializationFactory = CheckpointSerializationFactory.defaultFactory,
-                                                             context: CheckpointSerializationContext): T {
+@JvmOverloads
+inline fun <reified T : Any> ByteArray.checkpointDeserialize(
+        context: CheckpointSerializationContext = effectiveSerializationEnv.checkpointContext): T {
     require(isNotEmpty()) { "Empty bytes" }
-    return this.sequence().checkpointDeserialize(serializationFactory, context)
+    return this.sequence().checkpointDeserialize(context)
 }
 
 /**
  * Convenience extension method for serializing an object of type T, utilising the default factory.
  */
-fun <T : Any> T.checkpointSerialize(serializationFactory: CheckpointSerializationFactory = CheckpointSerializationFactory.defaultFactory,
-                                    context: CheckpointSerializationContext): SerializedBytes<T> {
-    return serializationFactory.serialize(this, context)
+@JvmOverloads
+fun <T : Any> T.checkpointSerialize(
+        context: CheckpointSerializationContext = effectiveSerializationEnv.checkpointContext): SerializedBytes<T> {
+    return effectiveSerializationEnv.checkpointSerializer.serialize(this, context)
 }
\ No newline at end of file
diff --git a/core/src/main/kotlin/net/corda/core/serialization/internal/SerializationEnvironment.kt b/core/src/main/kotlin/net/corda/core/serialization/internal/SerializationEnvironment.kt
index 441cd52be4..b213b6322d 100644
--- a/core/src/main/kotlin/net/corda/core/serialization/internal/SerializationEnvironment.kt
+++ b/core/src/main/kotlin/net/corda/core/serialization/internal/SerializationEnvironment.kt
@@ -11,38 +11,63 @@ import net.corda.core.serialization.SerializationFactory
 
 @KeepForDJVM
 interface SerializationEnvironment {
+
+    companion object {
+        fun with(
+                serializationFactory: SerializationFactory,
+                p2pContext: SerializationContext,
+                rpcServerContext: SerializationContext? = null,
+                rpcClientContext: SerializationContext? = null,
+                storageContext: SerializationContext? = null,
+
+                checkpointContext: CheckpointSerializationContext? = null,
+                checkpointSerializer: CheckpointSerializer? = null
+        ): SerializationEnvironment =
+                SerializationEnvironmentImpl(
+                        serializationFactory = serializationFactory,
+                        p2pContext = p2pContext,
+                        optionalRpcServerContext = rpcServerContext,
+                        optionalRpcClientContext = rpcClientContext,
+                        optionalStorageContext = storageContext,
+                        optionalCheckpointContext = checkpointContext,
+                        optionalCheckpointSerializer = checkpointSerializer
+                )
+    }
+
     val serializationFactory: SerializationFactory
-    val checkpointSerializationFactory: CheckpointSerializationFactory
     val p2pContext: SerializationContext
     val rpcServerContext: SerializationContext
     val rpcClientContext: SerializationContext
     val storageContext: SerializationContext
+
+    val checkpointSerializer: CheckpointSerializer
     val checkpointContext: CheckpointSerializationContext
 }
 
 @KeepForDJVM
-open class SerializationEnvironmentImpl(
+private class SerializationEnvironmentImpl(
         override val serializationFactory: SerializationFactory,
         override val p2pContext: SerializationContext,
-        rpcServerContext: SerializationContext? = null,
-        rpcClientContext: SerializationContext? = null,
-        storageContext: SerializationContext? = null,
-        checkpointContext: CheckpointSerializationContext? = null,
-        checkpointSerializationFactory: CheckpointSerializationFactory? = null) : SerializationEnvironment {
-    // Those that are passed in as null are never inited:
-    override lateinit var rpcServerContext: SerializationContext
-    override lateinit var rpcClientContext: SerializationContext
-    override lateinit var storageContext: SerializationContext
-    override lateinit var checkpointContext: CheckpointSerializationContext
-    override lateinit var checkpointSerializationFactory: CheckpointSerializationFactory
+        private val optionalRpcServerContext: SerializationContext? = null,
+        private val optionalRpcClientContext: SerializationContext? = null,
+        private val optionalStorageContext: SerializationContext? = null,
+        private val optionalCheckpointContext: CheckpointSerializationContext? = null,
+        private val optionalCheckpointSerializer: CheckpointSerializer? = null) : SerializationEnvironment {
 
-    init {
-        rpcServerContext?.let { this.rpcServerContext = it }
-        rpcClientContext?.let { this.rpcClientContext = it }
-        storageContext?.let { this.storageContext = it }
-        checkpointContext?.let { this.checkpointContext = it }
-        checkpointSerializationFactory?.let { this.checkpointSerializationFactory = it  }
-    }
+    override val rpcServerContext: SerializationContext get() = optionalRpcServerContext ?:
+            throw UnsupportedOperationException("RPC server serialization not supported in this environment")
+
+    override val rpcClientContext: SerializationContext get() = optionalRpcClientContext ?:
+        throw UnsupportedOperationException("RPC client serialization not supported in this environment")
+
+    override val storageContext: SerializationContext get() = optionalStorageContext ?:
+        throw UnsupportedOperationException("Storage serialization not supported in this environment")
+
+    override val checkpointContext: CheckpointSerializationContext get() = optionalCheckpointContext ?:
+        throw UnsupportedOperationException("Checkpoint serialization not supported in this environment")
+
+    override val checkpointSerializer: CheckpointSerializer get() = optionalCheckpointSerializer ?:
+        throw UnsupportedOperationException("Checkpoint serialization not supported in this environment")
 }
 
 private val _nodeSerializationEnv = SimpleToggleField<SerializationEnvironment>("nodeSerializationEnv", true)
diff --git a/core/src/test/java/net/corda/core/flows/SerializationApiInJavaTest.java b/core/src/test/java/net/corda/core/flows/SerializationApiInJavaTest.java
index 55e66c1766..9f48a7ba0a 100644
--- a/core/src/test/java/net/corda/core/flows/SerializationApiInJavaTest.java
+++ b/core/src/test/java/net/corda/core/flows/SerializationApiInJavaTest.java
@@ -1,7 +1,5 @@
 package net.corda.core.flows;
 
-import net.corda.core.serialization.internal.CheckpointSerializationDefaults;
-import net.corda.core.serialization.internal.CheckpointSerializationFactory;
 import net.corda.core.serialization.SerializationDefaults;
 import net.corda.core.serialization.SerializationFactory;
 import net.corda.testing.core.SerializationEnvironmentRule;
@@ -32,12 +30,10 @@ public class SerializationApiInJavaTest {
         SerializationDefaults defaults = SerializationDefaults.INSTANCE;
         SerializationFactory factory = defaults.getSERIALIZATION_FACTORY();
 
-        CheckpointSerializationDefaults checkpointDefaults = CheckpointSerializationDefaults.INSTANCE;
-        CheckpointSerializationFactory checkpointSerializationFactory = checkpointDefaults.getCHECKPOINT_SERIALIZATION_FACTORY();
         serialize("hello", factory, defaults.getP2P_CONTEXT());
         serialize("hello", factory, defaults.getRPC_SERVER_CONTEXT());
         serialize("hello", factory, defaults.getRPC_CLIENT_CONTEXT());
         serialize("hello", factory, defaults.getSTORAGE_CONTEXT());
-        checkpointSerialize("hello", checkpointSerializationFactory, checkpointDefaults.getCHECKPOINT_CONTEXT());
+        checkpointSerialize("hello");
     }
 }
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
index 49d0704c84..1747cc2333 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
@@ -14,7 +14,7 @@ import net.corda.core.node.services.AttachmentId
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializedBytes
 import net.corda.core.serialization.deserialize
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
+import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal._contextSerializationEnv
 import net.corda.core.utilities.days
 import net.corda.core.utilities.getOrThrow
@@ -393,7 +393,7 @@ internal constructor(private val initSerEnv: Boolean,
 
     // We need to to set serialization env, because generation of parameters is run from Cordform.
     private fun initialiseSerialization() {
-        _contextSerializationEnv.set(SerializationEnvironmentImpl(
+        _contextSerializationEnv.set(SerializationEnvironment.with(
                 SerializationFactoryImpl().apply {
                     registerScheme(AMQPParametersSerializationScheme)
                 },
diff --git a/node/src/main/kotlin/net/corda/node/internal/CheckpointVerifier.kt b/node/src/main/kotlin/net/corda/node/internal/CheckpointVerifier.kt
index 53f22b3147..48b8c71971 100644
--- a/node/src/main/kotlin/net/corda/node/internal/CheckpointVerifier.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/CheckpointVerifier.kt
@@ -4,7 +4,6 @@ import net.corda.core.cordapp.Cordapp
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowLogic
 import net.corda.core.node.ServiceHub
-import net.corda.core.serialization.SerializationDefaults
 import net.corda.core.serialization.internal.CheckpointSerializationDefaults
 import net.corda.core.serialization.internal.checkpointDeserialize
 import net.corda.node.services.api.CheckpointStorage
@@ -21,7 +20,7 @@ object CheckpointVerifier {
      */
     fun verifyCheckpointsCompatible(checkpointStorage: CheckpointStorage, currentCordapps: List<Cordapp>, platformVersion: Int, serviceHub: ServiceHub, tokenizableServices: List<Any>) {
         val checkpointSerializationContext = CheckpointSerializationDefaults.CHECKPOINT_CONTEXT.withTokenContext(
-                CheckpointSerializeAsTokenContextImpl(tokenizableServices, CheckpointSerializationDefaults.CHECKPOINT_SERIALIZATION_FACTORY, CheckpointSerializationDefaults.CHECKPOINT_CONTEXT, serviceHub)
+                CheckpointSerializeAsTokenContextImpl(tokenizableServices, CheckpointSerializationDefaults.CHECKPOINT_SERIALIZER, CheckpointSerializationDefaults.CHECKPOINT_CONTEXT, serviceHub)
         )
         checkpointStorage.getAllCheckpoints().forEach { (_, serializedCheckpoint) ->
 
diff --git a/node/src/main/kotlin/net/corda/node/internal/Node.kt b/node/src/main/kotlin/net/corda/node/internal/Node.kt
index f1c9140938..3db80bdf25 100644
--- a/node/src/main/kotlin/net/corda/node/internal/Node.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/Node.kt
@@ -21,8 +21,7 @@ import net.corda.core.messaging.RPCOps
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.NodeInfo
 import net.corda.core.node.ServiceHub
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
+import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal.nodeSerializationEnv
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.contextLogger
@@ -38,7 +37,7 @@ import net.corda.node.internal.security.RPCSecurityManagerImpl
 import net.corda.node.internal.security.RPCSecurityManagerWithAdditionalUser
 import net.corda.node.serialization.amqp.AMQPServerSerializationScheme
 import net.corda.node.serialization.kryo.KRYO_CHECKPOINT_CONTEXT
-import net.corda.node.serialization.kryo.KryoSerializationScheme
+import net.corda.node.serialization.kryo.KryoCheckpointSerializer
 import net.corda.node.services.Permissions
 import net.corda.node.services.api.FlowStarter
 import net.corda.node.services.api.ServiceHubInternal
@@ -470,17 +469,19 @@ open class Node(configuration: NodeConfiguration,
     private fun initialiseSerialization() {
         if (!initialiseSerialization) return
         val classloader = cordappLoader.appClassLoader
-        nodeSerializationEnv = SerializationEnvironmentImpl(
+        nodeSerializationEnv = SerializationEnvironment.with(
                 SerializationFactoryImpl().apply {
                     registerScheme(AMQPServerSerializationScheme(cordappLoader.cordapps))
                     registerScheme(AMQPClientSerializationScheme(cordappLoader.cordapps))
                 },
-                checkpointSerializationFactory = CheckpointSerializationFactory(KryoSerializationScheme),
                 p2pContext = AMQP_P2P_CONTEXT.withClassLoader(classloader),
                 rpcServerContext = AMQP_RPC_SERVER_CONTEXT.withClassLoader(classloader),
+                rpcClientContext = if (configuration.shouldInitCrashShell()) AMQP_RPC_CLIENT_CONTEXT.withClassLoader(classloader) else null, //even Shell embeded in the node connects via RPC to the node
                 storageContext = AMQP_STORAGE_CONTEXT.withClassLoader(classloader),
-                checkpointContext = KRYO_CHECKPOINT_CONTEXT.withClassLoader(classloader),
-                rpcClientContext = if (configuration.shouldInitCrashShell()) AMQP_RPC_CLIENT_CONTEXT.withClassLoader(classloader) else null) //even Shell embeded in the node connects via RPC to the node
+
+                checkpointSerializer = KryoCheckpointSerializer,
+                checkpointContext = KRYO_CHECKPOINT_CONTEXT.withClassLoader(classloader)
+            )
     }
 
     /** Starts a blocking event loop for message dispatch. */
diff --git a/node/src/main/kotlin/net/corda/node/serialization/kryo/KryoSerializationScheme.kt b/node/src/main/kotlin/net/corda/node/serialization/kryo/KryoCheckpointSerializer.kt
similarity index 97%
rename from node/src/main/kotlin/net/corda/node/serialization/kryo/KryoSerializationScheme.kt
rename to node/src/main/kotlin/net/corda/node/serialization/kryo/KryoCheckpointSerializer.kt
index 22edf8258e..cd74dafb4c 100644
--- a/node/src/main/kotlin/net/corda/node/serialization/kryo/KryoSerializationScheme.kt
+++ b/node/src/main/kotlin/net/corda/node/serialization/kryo/KryoCheckpointSerializer.kt
@@ -12,10 +12,9 @@ import com.esotericsoftware.kryo.serializers.ClosureSerializer
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.CheckpointSerializationContext
-import net.corda.core.serialization.internal.CheckpointSerializationScheme
+import net.corda.core.serialization.internal.CheckpointSerializer
 import net.corda.core.utilities.ByteSequence
 import net.corda.serialization.internal.*
-import java.security.PublicKey
 import java.util.concurrent.ConcurrentHashMap
 
 val kryoMagic = CordaSerializationMagic("corda".toByteArray() + byteArrayOf(0, 0))
@@ -31,7 +30,7 @@ private object AutoCloseableSerialisationDetector : Serializer<AutoCloseable>()
     override fun read(kryo: Kryo, input: Input, type: Class<AutoCloseable>) = throw IllegalStateException("Should not reach here!")
 }
 
-object KryoSerializationScheme : CheckpointSerializationScheme {
+object KryoCheckpointSerializer : CheckpointSerializer {
     private val kryoPoolsForContexts = ConcurrentHashMap<Pair<ClassWhitelist, ClassLoader>, KryoPool>()
 
     private fun getPool(context: CheckpointSerializationContext): KryoPool {
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/SingleThreadedStateMachineManager.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/SingleThreadedStateMachineManager.kt
index a47799e0aa..60fb528bcb 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/SingleThreadedStateMachineManager.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/SingleThreadedStateMachineManager.kt
@@ -127,7 +127,7 @@ class SingleThreadedStateMachineManager(
     override fun start(tokenizableServices: List<Any>) {
         checkQuasarJavaAgentPresence()
         val checkpointSerializationContext = CheckpointSerializationDefaults.CHECKPOINT_CONTEXT.withTokenContext(
-                CheckpointSerializeAsTokenContextImpl(tokenizableServices, CheckpointSerializationDefaults.CHECKPOINT_SERIALIZATION_FACTORY, CheckpointSerializationDefaults.CHECKPOINT_CONTEXT, serviceHub)
+                CheckpointSerializeAsTokenContextImpl(tokenizableServices, CheckpointSerializationDefaults.CHECKPOINT_SERIALIZER, CheckpointSerializationDefaults.CHECKPOINT_CONTEXT, serviceHub)
         )
         this.checkpointSerializationContext = checkpointSerializationContext
         this.actionExecutor = makeActionExecutor(checkpointSerializationContext)
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt b/node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt
index 72fa52bdc1..c35ae146ab 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt
+++ b/node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt
@@ -22,7 +22,7 @@ import net.corda.core.internal.notary.isConsumedByTheSameTx
 import net.corda.core.internal.notary.validateTimeWindow
 import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.CheckpointSerializationDefaults
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
+
 import net.corda.core.serialization.internal.checkpointSerialize
 import net.corda.core.utilities.ByteSequence
 import net.corda.core.utilities.contextLogger
@@ -201,7 +201,7 @@ class RaftTransactionCommitLog<E, EK>(
 
         class CordaKryoSerializer<T : Any> : TypeSerializer<T> {
             private val context = CheckpointSerializationDefaults.CHECKPOINT_CONTEXT.withEncoding(CordaSerializationEncoding.SNAPPY)
-            private val factory = CheckpointSerializationFactory.defaultFactory
+            private val checkpointSerializer = CheckpointSerializationDefaults.CHECKPOINT_SERIALIZER
 
             override fun write(obj: T, buffer: BufferOutput<*>, serializer: Serializer) {
                 val serialized = obj.checkpointSerialize(context = context)
@@ -213,7 +213,7 @@ class RaftTransactionCommitLog<E, EK>(
                 val size = buffer.readInt()
                 val serialized = ByteArray(size)
                 buffer.read(serialized)
-                return factory.deserialize(ByteSequence.of(serialized), type, context)
+                return checkpointSerializer.deserialize(ByteSequence.of(serialized), type, context)
             }
         }
     }
diff --git a/node/src/test/kotlin/net/corda/node/serialization/kryo/KryoTests.kt b/node/src/test/kotlin/net/corda/node/serialization/kryo/KryoTests.kt
index 5598f38f67..abfec25bc2 100644
--- a/node/src/test/kotlin/net/corda/node/serialization/kryo/KryoTests.kt
+++ b/node/src/test/kotlin/net/corda/node/serialization/kryo/KryoTests.kt
@@ -13,7 +13,6 @@ import net.corda.core.crypto.*
 import net.corda.core.internal.FetchDataFlow
 import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.CheckpointSerializationContext
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
 import net.corda.core.serialization.internal.checkpointDeserialize
 import net.corda.core.serialization.internal.checkpointSerialize
 import net.corda.core.utilities.ByteSequence
@@ -23,11 +22,13 @@ import net.corda.node.services.persistence.NodeAttachmentService
 import net.corda.serialization.internal.*
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.TestIdentity
+import net.corda.testing.core.internal.CheckpointSerializationEnvironmentRule
 import net.corda.testing.internal.rigorousMock
 import org.assertj.core.api.Assertions.*
 import org.junit.Assert.assertArrayEquals
 import org.junit.Assert.assertEquals
 import org.junit.Before
+import org.junit.Rule
 import org.junit.Test
 import org.junit.runner.RunWith
 import org.junit.runners.Parameterized
@@ -48,12 +49,12 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
         fun compression() = arrayOf<CordaSerializationEncoding?>(null) + CordaSerializationEncoding.values()
     }
 
-    private lateinit var factory: CheckpointSerializationFactory
+    @get:Rule
+    val serializationRule = CheckpointSerializationEnvironmentRule()
     private lateinit var context: CheckpointSerializationContext
 
     @Before
     fun setup() {
-        factory = CheckpointSerializationFactory(KryoSerializationScheme)
         context = CheckpointSerializationContextImpl(
                 javaClass.classLoader,
                 AllWhitelist,
@@ -69,15 +70,15 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     fun `simple data class`() {
         val birthday = Instant.parse("1984-04-17T00:30:00.00Z")
         val mike = Person("mike", birthday)
-        val bits = mike.checkpointSerialize(factory, context)
-        assertThat(bits.checkpointDeserialize(factory, context)).isEqualTo(Person("mike", birthday))
+        val bits = mike.checkpointSerialize(context)
+        assertThat(bits.checkpointDeserialize(context)).isEqualTo(Person("mike", birthday))
     }
 
     @Test
     fun `null values`() {
         val bob = Person("bob", null)
-        val bits = bob.checkpointSerialize(factory, context)
-        assertThat(bits.checkpointDeserialize(factory, context)).isEqualTo(Person("bob", null))
+        val bits = bob.checkpointSerialize(context)
+        assertThat(bits.checkpointDeserialize(context)).isEqualTo(Person("bob", null))
     }
 
     @Test
@@ -85,10 +86,10 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
         val noReferencesContext = context.withoutReferences()
         val obj : ByteSequence = Ints.toByteArray(0x01234567).sequence()
         val originalList : ArrayList<ByteSequence> = ArrayList<ByteSequence>().apply { this += obj }
-        val deserialisedList = originalList.checkpointSerialize(factory, noReferencesContext).checkpointDeserialize(factory, noReferencesContext)
+        val deserialisedList = originalList.checkpointSerialize(noReferencesContext).checkpointDeserialize(noReferencesContext)
         originalList += obj
         deserialisedList += obj
-        assertThat(deserialisedList.checkpointSerialize(factory, noReferencesContext)).isEqualTo(originalList.checkpointSerialize(factory, noReferencesContext))
+        assertThat(deserialisedList.checkpointSerialize(noReferencesContext)).isEqualTo(originalList.checkpointSerialize(noReferencesContext))
     }
 
     @Test
@@ -105,14 +106,14 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
             this += instant
             this += instant
         }
-        assertThat(listWithSameInstances.checkpointSerialize(factory, noReferencesContext)).isEqualTo(listWithCopies.checkpointSerialize(factory, noReferencesContext))
+        assertThat(listWithSameInstances.checkpointSerialize(noReferencesContext)).isEqualTo(listWithCopies.checkpointSerialize(noReferencesContext))
     }
 
     @Test
     fun `cyclic object graph`() {
         val cyclic = Cyclic(3)
-        val bits = cyclic.checkpointSerialize(factory, context)
-        assertThat(bits.checkpointDeserialize(factory, context)).isEqualTo(cyclic)
+        val bits = cyclic.checkpointSerialize(context)
+        assertThat(bits.checkpointDeserialize(context)).isEqualTo(cyclic)
     }
 
     @Test
@@ -124,7 +125,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
         signature.verify(bitsToSign)
         assertThatThrownBy { signature.verify(wrongBits) }
 
-        val deserialisedKeyPair = keyPair.checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val deserialisedKeyPair = keyPair.checkpointSerialize(context).checkpointDeserialize(context)
         val deserialisedSignature = deserialisedKeyPair.sign(bitsToSign)
         deserialisedSignature.verify(bitsToSign)
         assertThatThrownBy { deserialisedSignature.verify(wrongBits) }
@@ -132,28 +133,28 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
 
     @Test
     fun `write and read Kotlin object singleton`() {
-        val serialised = TestSingleton.checkpointSerialize(factory, context)
-        val deserialised = serialised.checkpointDeserialize(factory, context)
+        val serialised = TestSingleton.checkpointSerialize(context)
+        val deserialised = serialised.checkpointDeserialize(context)
         assertThat(deserialised).isSameAs(TestSingleton)
     }
 
     @Test
     fun `check Kotlin EmptyList can be serialised`() {
-        val deserialisedList: List<Int> = emptyList<Int>().checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val deserialisedList: List<Int> = emptyList<Int>().checkpointSerialize(context).checkpointDeserialize(context)
         assertEquals(0, deserialisedList.size)
         assertEquals<Any>(Collections.emptyList<Int>().javaClass, deserialisedList.javaClass)
     }
 
     @Test
     fun `check Kotlin EmptySet can be serialised`() {
-        val deserialisedSet: Set<Int> = emptySet<Int>().checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val deserialisedSet: Set<Int> = emptySet<Int>().checkpointSerialize(context).checkpointDeserialize(context)
         assertEquals(0, deserialisedSet.size)
         assertEquals<Any>(Collections.emptySet<Int>().javaClass, deserialisedSet.javaClass)
     }
 
     @Test
     fun `check Kotlin EmptyMap can be serialised`() {
-        val deserialisedMap: Map<Int, Int> = emptyMap<Int, Int>().checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val deserialisedMap: Map<Int, Int> = emptyMap<Int, Int>().checkpointSerialize(context).checkpointDeserialize(context)
         assertEquals(0, deserialisedMap.size)
         assertEquals<Any>(Collections.emptyMap<Int, Int>().javaClass, deserialisedMap.javaClass)
     }
@@ -161,7 +162,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     @Test
     fun `InputStream serialisation`() {
         val rubbish = ByteArray(12345) { (it * it * 0.12345).toByte() }
-        val readRubbishStream: InputStream = rubbish.inputStream().checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val readRubbishStream: InputStream = rubbish.inputStream().checkpointSerialize(context).checkpointDeserialize(context)
         for (i in 0..12344) {
             assertEquals(rubbish[i], readRubbishStream.read().toByte())
         }
@@ -171,7 +172,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     @Test
     fun `InputStream serialisation does not write trailing garbage`() {
         val byteArrays = listOf("123", "456").map { it.toByteArray() }
-        val streams = byteArrays.map { it.inputStream() }.checkpointSerialize(factory, context).checkpointDeserialize(factory, context).iterator()
+        val streams = byteArrays.map { it.inputStream() }.checkpointSerialize(context).checkpointDeserialize(context).iterator()
         byteArrays.forEach { assertArrayEquals(it, streams.next().readBytes()) }
         assertFalse(streams.hasNext())
     }
@@ -182,8 +183,8 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
         val testBytes = testString.toByteArray()
 
         val meta = SignableData(testBytes.sha256(), SignatureMetadata(1, Crypto.findSignatureScheme(ALICE_PUBKEY).schemeNumberID))
-        val serializedMetaData = meta.checkpointSerialize(factory, context).bytes
-        val meta2 = serializedMetaData.checkpointDeserialize<SignableData>(factory, context)
+        val serializedMetaData = meta.checkpointSerialize(context).bytes
+        val meta2 = serializedMetaData.checkpointDeserialize<SignableData>(context)
         assertEquals(meta2, meta)
     }
 
@@ -191,7 +192,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     fun `serialize - deserialize Logger`() {
         val storageContext: CheckpointSerializationContext = context
         val logger = LoggerFactory.getLogger("aName")
-        val logger2 = logger.checkpointSerialize(factory, storageContext).checkpointDeserialize(factory, storageContext)
+        val logger2 = logger.checkpointSerialize(storageContext).checkpointDeserialize(storageContext)
         assertEquals(logger.name, logger2.name)
         assertTrue(logger === logger2)
     }
@@ -203,7 +204,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
                 SecureHash.sha256(rubbish),
                 rubbish.size,
                 rubbish.inputStream()
-        ).checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        ).checkpointSerialize(context).checkpointDeserialize(context)
         for (i in 0..12344) {
             assertEquals(rubbish[i], readRubbishStream.read().toByte())
         }
@@ -230,8 +231,8 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
                 21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
                 31, 32
         ))
-        val serializedBytes = expected.checkpointSerialize(factory, context)
-        val actual = serializedBytes.checkpointDeserialize(factory, context)
+        val serializedBytes = expected.checkpointSerialize(context)
+        val actual = serializedBytes.checkpointDeserialize(context)
         assertEquals(expected, actual)
     }
 
@@ -278,14 +279,13 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
             }
         }
         Tmp()
-        val factory = CheckpointSerializationFactory(KryoSerializationScheme)
         val context = CheckpointSerializationContextImpl(
                 javaClass.classLoader,
                 AllWhitelist,
                 emptyMap(),
                 true,
                 null)
-        pt.checkpointSerialize(factory, context)
+        pt.checkpointSerialize(context)
     }
 
     @Test
@@ -293,7 +293,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
         val exception = IllegalArgumentException("fooBar")
         val toBeSuppressedOnSenderSide = IllegalStateException("bazz1")
         exception.addSuppressed(toBeSuppressedOnSenderSide)
-        val exception2 = exception.checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val exception2 = exception.checkpointSerialize(context).checkpointDeserialize(context)
         assertEquals(exception.message, exception2.message)
 
         assertEquals(1, exception2.suppressed.size)
@@ -308,7 +308,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     @Test
     fun `serialize - deserialize Exception no suppressed`() {
         val exception = IllegalArgumentException("fooBar")
-        val exception2 = exception.checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val exception2 = exception.checkpointSerialize(context).checkpointDeserialize(context)
         assertEquals(exception.message, exception2.message)
         assertEquals(0, exception2.suppressed.size)
 
@@ -322,7 +322,7 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     fun `serialize - deserialize HashNotFound`() {
         val randomHash = SecureHash.randomSHA256()
         val exception = FetchDataFlow.HashNotFound(randomHash)
-        val exception2 = exception.checkpointSerialize(factory, context).checkpointDeserialize(factory, context)
+        val exception2 = exception.checkpointSerialize(context).checkpointDeserialize(context)
         assertEquals(randomHash, exception2.requested)
     }
 
@@ -330,17 +330,17 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
     fun `compression has the desired effect`() {
         compression ?: return
         val data = ByteArray(12345).also { Random(0).nextBytes(it) }.let { it + it }
-        val compressed = data.checkpointSerialize(factory, context)
+        val compressed = data.checkpointSerialize(context)
         assertEquals(.5, compressed.size.toDouble() / data.size, .03)
-        assertArrayEquals(data, compressed.checkpointDeserialize(factory, context))
+        assertArrayEquals(data, compressed.checkpointDeserialize(context))
     }
 
     @Test
     fun `a particular encoding can be banned for deserialization`() {
         compression ?: return
         doReturn(false).whenever(context.encodingWhitelist).acceptEncoding(compression)
-        val compressed = "whatever".checkpointSerialize(factory, context)
-        catchThrowable { compressed.checkpointDeserialize(factory, context) }.run {
+        val compressed = "whatever".checkpointSerialize(context)
+        catchThrowable { compressed.checkpointDeserialize(context) }.run {
             assertSame<Any>(KryoException::class.java, javaClass)
             assertEquals(encodingNotPermittedFormat.format(compression), message)
         }
@@ -351,8 +351,8 @@ class KryoTests(private val compression: CordaSerializationEncoding?) {
         class Holder(val holder: ByteArray)
 
         val obj = Holder(ByteArray(20000))
-        val uncompressedSize = obj.checkpointSerialize(factory, context.withEncoding(null)).size
-        val compressedSize = obj.checkpointSerialize(factory, context.withEncoding(CordaSerializationEncoding.SNAPPY)).size
+        val uncompressedSize = obj.checkpointSerialize(context.withEncoding(null)).size
+        val compressedSize = obj.checkpointSerialize(context.withEncoding(CordaSerializationEncoding.SNAPPY)).size
         // If these need fixing, sounds like Kryo wire format changed and checkpoints might not surive an upgrade.
         assertEquals(20222, uncompressedSize)
         assertEquals(1111, compressedSize)
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/SerializeAsTokenContextImpl.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/SerializeAsTokenContextImpl.kt
index 785ce47597..025e27a38a 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/SerializeAsTokenContextImpl.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/SerializeAsTokenContextImpl.kt
@@ -5,7 +5,7 @@ import net.corda.core.DeleteForDJVM
 import net.corda.core.node.ServiceHub
 import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.CheckpointSerializationContext
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
+import net.corda.core.serialization.internal.CheckpointSerializer
 
 val serializationContextKey = SerializeAsTokenContext::class.java
 
@@ -70,8 +70,8 @@ class SerializeAsTokenContextImpl(override val serviceHub: ServiceHub, init: Ser
  */
 @DeleteForDJVM
 class CheckpointSerializeAsTokenContextImpl(override val serviceHub: ServiceHub, init: SerializeAsTokenContext.() -> Unit) : SerializeAsTokenContext {
-    constructor(toBeTokenized: Any, serializationFactory: CheckpointSerializationFactory, context: CheckpointSerializationContext, serviceHub: ServiceHub) : this(serviceHub, {
-        serializationFactory.serialize(toBeTokenized, context.withTokenContext(this))
+    constructor(toBeTokenized: Any, serializer: CheckpointSerializer, context: CheckpointSerializationContext, serviceHub: ServiceHub) : this(serviceHub, {
+        serializer.serialize(toBeTokenized, context.withTokenContext(this))
     })
 
     private val classNameToSingleton = mutableMapOf<String, SerializeAsToken>()
diff --git a/serialization/src/test/java/net/corda/serialization/internal/LambdaCheckpointSerializationTest.java b/serialization/src/test/java/net/corda/serialization/internal/LambdaCheckpointSerializationTest.java
index feab89ad92..0c9c9f2b5a 100644
--- a/serialization/src/test/java/net/corda/serialization/internal/LambdaCheckpointSerializationTest.java
+++ b/serialization/src/test/java/net/corda/serialization/internal/LambdaCheckpointSerializationTest.java
@@ -2,14 +2,14 @@ package net.corda.serialization.internal;
 
 import net.corda.core.serialization.*;
 import net.corda.core.serialization.internal.CheckpointSerializationContext;
-import net.corda.core.serialization.internal.CheckpointSerializationFactory;
+import net.corda.core.serialization.internal.CheckpointSerializer;
 import net.corda.node.serialization.kryo.CordaClosureSerializer;
-import net.corda.testing.core.SerializationEnvironmentRule;
 import net.corda.testing.core.internal.CheckpointSerializationEnvironmentRule;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 
+import java.io.NotSerializableException;
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.concurrent.Callable;
@@ -23,12 +23,11 @@ public final class LambdaCheckpointSerializationTest {
     public final CheckpointSerializationEnvironmentRule testCheckpointSerialization =
             new CheckpointSerializationEnvironmentRule();
 
-    private CheckpointSerializationFactory factory;
     private CheckpointSerializationContext context;
+    private CheckpointSerializer serializer;
 
     @Before
     public void setup() {
-        factory = testCheckpointSerialization.getCheckpointSerializationFactory();
         context = new CheckpointSerializationContextImpl(
                 getClass().getClassLoader(),
                 AllWhitelist.INSTANCE,
@@ -36,6 +35,8 @@ public final class LambdaCheckpointSerializationTest {
                 true,
                 null
         );
+
+        serializer = testCheckpointSerialization.getCheckpointSerializer();
     }
 
     @Test
@@ -63,11 +64,11 @@ public final class LambdaCheckpointSerializationTest {
         assertThat(throwable).hasMessage(CordaClosureSerializer.ERROR_MESSAGE);
     }
 
-    private <T> SerializedBytes<T> serialize(final T target) {
-        return factory.serialize(target, context);
+    private <T> SerializedBytes<T> serialize(final T target) throws NotSerializableException {
+        return serializer.serialize(target, context);
     }
 
-    private <T> T deserialize(final SerializedBytes<? extends T> bytes, final Class<T> type) {
-        return factory.deserialize(bytes, type, context);
+    private <T> T deserialize(final SerializedBytes<? extends T> bytes, final Class<T> type) throws NotSerializableException {
+        return serializer.deserialize(bytes, type, context);
     }
 }
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/ContractAttachmentSerializerTest.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/ContractAttachmentSerializerTest.kt
index 73b799217d..e3426a1fd9 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/ContractAttachmentSerializerTest.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/ContractAttachmentSerializerTest.kt
@@ -4,11 +4,9 @@ import net.corda.core.contracts.ContractAttachment
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.CheckpointSerializationContext
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
 import net.corda.core.serialization.internal.checkpointDeserialize
 import net.corda.core.serialization.internal.checkpointSerialize
 import net.corda.testing.contracts.DummyContract
-import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.internal.CheckpointSerializationEnvironmentRule
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.node.MockServices
@@ -27,24 +25,25 @@ class ContractAttachmentSerializerTest {
     @JvmField
     val testCheckpointSerialization = CheckpointSerializationEnvironmentRule()
 
-    private lateinit var factory: CheckpointSerializationFactory
-    private lateinit var context: CheckpointSerializationContext
     private lateinit var contextWithToken: CheckpointSerializationContext
     private val mockServices = MockServices(emptyList(), CordaX500Name("MegaCorp", "London", "GB"), rigorousMock())
 
     @Before
     fun setup() {
-        factory = testCheckpointSerialization.checkpointSerializationFactory
-        context = testCheckpointSerialization.checkpointSerializationContext
-        contextWithToken = context.withTokenContext(CheckpointSerializeAsTokenContextImpl(Any(), factory, context, mockServices))
+        contextWithToken = testCheckpointSerialization.checkpointSerializationContext.withTokenContext(
+                CheckpointSerializeAsTokenContextImpl(
+                        Any(),
+                        testCheckpointSerialization.checkpointSerializer,
+                        testCheckpointSerialization.checkpointSerializationContext,
+                        mockServices))
     }
 
     @Test
     fun `write contract attachment and read it back`() {
         val contractAttachment = ContractAttachment(GeneratedAttachment(EMPTY_BYTE_ARRAY), DummyContract.PROGRAM_ID)
         // no token context so will serialize the whole attachment
-        val serialized = contractAttachment.checkpointSerialize(factory, context)
-        val deserialized = serialized.checkpointDeserialize(factory, context)
+        val serialized = contractAttachment.checkpointSerialize()
+        val deserialized = serialized.checkpointDeserialize()
 
         assertEquals(contractAttachment.id, deserialized.attachment.id)
         assertEquals(contractAttachment.contract, deserialized.contract)
@@ -59,8 +58,8 @@ class ContractAttachmentSerializerTest {
         mockServices.attachments.importAttachment(attachment.open(), "test", null)
 
         val contractAttachment = ContractAttachment(attachment, DummyContract.PROGRAM_ID)
-        val serialized = contractAttachment.checkpointSerialize(factory, contextWithToken)
-        val deserialized = serialized.checkpointDeserialize(factory, contextWithToken)
+        val serialized = contractAttachment.checkpointSerialize(contextWithToken)
+        val deserialized = serialized.checkpointDeserialize(contextWithToken)
 
         assertEquals(contractAttachment.id, deserialized.attachment.id)
         assertEquals(contractAttachment.contract, deserialized.contract)
@@ -76,7 +75,7 @@ class ContractAttachmentSerializerTest {
         mockServices.attachments.importAttachment(attachment.open(), "test", null)
 
         val contractAttachment = ContractAttachment(attachment, DummyContract.PROGRAM_ID)
-        val serialized = contractAttachment.checkpointSerialize(factory, contextWithToken)
+        val serialized = contractAttachment.checkpointSerialize(contextWithToken)
 
         assertThat(serialized.size).isLessThan(largeAttachmentSize)
     }
@@ -88,8 +87,8 @@ class ContractAttachmentSerializerTest {
         // don't importAttachment in mockService
 
         val contractAttachment = ContractAttachment(attachment, DummyContract.PROGRAM_ID)
-        val serialized = contractAttachment.checkpointSerialize(factory, contextWithToken)
-        val deserialized = serialized.checkpointDeserialize(factory, contextWithToken)
+        val serialized = contractAttachment.checkpointSerialize(contextWithToken)
+        val deserialized = serialized.checkpointDeserialize(contextWithToken)
 
         assertThatThrownBy { deserialized.attachment.open() }.isInstanceOf(MissingAttachmentsException::class.java)
     }
@@ -100,8 +99,8 @@ class ContractAttachmentSerializerTest {
         // don't importAttachment in mockService
 
         val contractAttachment = ContractAttachment(attachment, DummyContract.PROGRAM_ID)
-        val serialized = contractAttachment.checkpointSerialize(factory, contextWithToken)
-        serialized.checkpointDeserialize(factory, contextWithToken)
+        val serialized = contractAttachment.checkpointSerialize(contextWithToken)
+        serialized.checkpointDeserialize(contextWithToken)
 
         // MissingAttachmentsException thrown if we try to open attachment
     }
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/SerializationTokenTest.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/SerializationTokenTest.kt
index 7f2bad6854..49e5d1f2ed 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/SerializationTokenTest.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/SerializationTokenTest.kt
@@ -5,7 +5,6 @@ import com.esotericsoftware.kryo.KryoException
 import com.esotericsoftware.kryo.io.Output
 import net.corda.core.serialization.*
 import net.corda.core.serialization.internal.CheckpointSerializationContext
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
 import net.corda.core.serialization.internal.checkpointDeserialize
 import net.corda.core.serialization.internal.checkpointSerialize
 import net.corda.core.utilities.OpaqueBytes
@@ -14,7 +13,6 @@ import net.corda.node.serialization.kryo.CordaKryo
 import net.corda.node.serialization.kryo.DefaultKryoCustomizer
 import net.corda.node.serialization.kryo.kryoMagic
 import net.corda.testing.internal.rigorousMock
-import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.internal.CheckpointSerializationEnvironmentRule
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Before
@@ -28,12 +26,10 @@ class SerializationTokenTest {
     @JvmField
     val testCheckpointSerialization = CheckpointSerializationEnvironmentRule()
 
-    private lateinit var factory: CheckpointSerializationFactory
     private lateinit var context: CheckpointSerializationContext
 
     @Before
     fun setup() {
-        factory = testCheckpointSerialization.checkpointSerializationFactory
         context = testCheckpointSerialization.checkpointSerializationContext.withWhitelisted(SingletonSerializationToken::class.java)
     }
 
@@ -49,16 +45,16 @@ class SerializationTokenTest {
         override fun equals(other: Any?) = other is LargeTokenizable && other.bytes.size == this.bytes.size
     }
 
-    private fun serializeAsTokenContext(toBeTokenized: Any) = CheckpointSerializeAsTokenContextImpl(toBeTokenized, factory, context, rigorousMock())
+    private fun serializeAsTokenContext(toBeTokenized: Any) = CheckpointSerializeAsTokenContextImpl(toBeTokenized, testCheckpointSerialization.checkpointSerializer, context, rigorousMock())
     @Test
     fun `write token and read tokenizable`() {
         val tokenizableBefore = LargeTokenizable()
         val context = serializeAsTokenContext(tokenizableBefore)
         val testContext = this.context.withTokenContext(context)
 
-        val serializedBytes = tokenizableBefore.checkpointSerialize(factory, testContext)
+        val serializedBytes = tokenizableBefore.checkpointSerialize(testContext)
         assertThat(serializedBytes.size).isLessThan(tokenizableBefore.numBytes)
-        val tokenizableAfter = serializedBytes.checkpointDeserialize(factory, testContext)
+        val tokenizableAfter = serializedBytes.checkpointDeserialize(testContext)
         assertThat(tokenizableAfter).isSameAs(tokenizableBefore)
     }
 
@@ -69,8 +65,8 @@ class SerializationTokenTest {
         val tokenizableBefore = UnitSerializeAsToken()
         val context = serializeAsTokenContext(tokenizableBefore)
         val testContext = this.context.withTokenContext(context)
-        val serializedBytes = tokenizableBefore.checkpointSerialize(factory, testContext)
-        val tokenizableAfter = serializedBytes.checkpointDeserialize(factory, testContext)
+        val serializedBytes = tokenizableBefore.checkpointSerialize(testContext)
+        val tokenizableAfter = serializedBytes.checkpointDeserialize(testContext)
         assertThat(tokenizableAfter).isSameAs(tokenizableBefore)
     }
 
@@ -79,7 +75,7 @@ class SerializationTokenTest {
         val tokenizableBefore = UnitSerializeAsToken()
         val context = serializeAsTokenContext(emptyList<Any>())
         val testContext = this.context.withTokenContext(context)
-        tokenizableBefore.checkpointSerialize(factory, testContext)
+        tokenizableBefore.checkpointSerialize(testContext)
     }
 
     @Test(expected = UnsupportedOperationException::class)
@@ -87,14 +83,14 @@ class SerializationTokenTest {
         val tokenizableBefore = UnitSerializeAsToken()
         val context = serializeAsTokenContext(emptyList<Any>())
         val testContext = this.context.withTokenContext(context)
-        val serializedBytes = tokenizableBefore.toToken(serializeAsTokenContext(emptyList<Any>())).checkpointSerialize(factory, testContext)
-        serializedBytes.checkpointDeserialize(factory, testContext)
+        val serializedBytes = tokenizableBefore.toToken(serializeAsTokenContext(emptyList<Any>())).checkpointSerialize(testContext)
+        serializedBytes.checkpointDeserialize(testContext)
     }
 
     @Test(expected = KryoException::class)
     fun `no context set`() {
         val tokenizableBefore = UnitSerializeAsToken()
-        tokenizableBefore.checkpointSerialize(factory, context)
+        tokenizableBefore.checkpointSerialize(context)
     }
 
     @Test(expected = KryoException::class)
@@ -112,7 +108,7 @@ class SerializationTokenTest {
             kryo.writeObject(it, emptyList<Any>())
         }
         val serializedBytes = SerializedBytes<Any>(stream.toByteArray())
-        serializedBytes.checkpointDeserialize(factory, testContext)
+        serializedBytes.checkpointDeserialize(testContext)
     }
 
     private class WrongTypeSerializeAsToken : SerializeAsToken {
@@ -128,7 +124,7 @@ class SerializationTokenTest {
         val tokenizableBefore = WrongTypeSerializeAsToken()
         val context = serializeAsTokenContext(tokenizableBefore)
         val testContext = this.context.withTokenContext(context)
-        val serializedBytes = tokenizableBefore.checkpointSerialize(factory, testContext)
-        serializedBytes.checkpointDeserialize(factory, testContext)
+        val serializedBytes = tokenizableBefore.checkpointSerialize(testContext)
+        serializedBytes.checkpointDeserialize(testContext)
     }
 }
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/core/SerializationTestHelpers.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/core/SerializationTestHelpers.kt
index 514b23a855..526f1251b6 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/core/SerializationTestHelpers.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/core/SerializationTestHelpers.kt
@@ -3,9 +3,7 @@ package net.corda.testing.core
 import com.nhaarman.mockito_kotlin.any
 import com.nhaarman.mockito_kotlin.doAnswer
 import com.nhaarman.mockito_kotlin.whenever
-import net.corda.core.DoNotImplement
 import net.corda.core.internal.staticField
-import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal.effectiveSerializationEnv
 import net.corda.testing.common.internal.asContextEnv
@@ -40,7 +38,7 @@ class SerializationEnvironmentRule(private val inheritable: Boolean = false) : T
 
         /** Do not call, instead use [SerializationEnvironmentRule] as a [org.junit.Rule]. */
         fun <T> run(taskLabel: String, task: (SerializationEnvironment) -> T): T {
-            return SerializationEnvironmentRule().apply { init(taskLabel) }.runTask(task)
+            return SerializationEnvironmentRule().apply { init() }.runTask(task)
         }
     }
 
@@ -48,14 +46,14 @@ class SerializationEnvironmentRule(private val inheritable: Boolean = false) : T
     val serializationFactory get() = env.serializationFactory
 
     override fun apply(base: Statement, description: Description): Statement {
-        init(description.toString())
+        init()
         return object : Statement() {
             override fun evaluate() = runTask { base.evaluate() }
         }
     }
 
-    private fun init(envLabel: String) {
-        env = createTestSerializationEnv(envLabel)
+    private fun init() {
+        env = createTestSerializationEnv()
     }
 
     private fun <T> runTask(task: (SerializationEnvironment) -> T): T {
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/CheckpointSerializationTestHelpers.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/CheckpointSerializationTestHelpers.kt
index eb92d12cf6..69b634e107 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/CheckpointSerializationTestHelpers.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/core/internal/CheckpointSerializationTestHelpers.kt
@@ -39,7 +39,7 @@ class CheckpointSerializationEnvironmentRule(private val inheritable: Boolean =
 
         /** Do not call, instead use [SerializationEnvironmentRule] as a [org.junit.Rule]. */
         fun <T> run(taskLabel: String, task: (SerializationEnvironment) -> T): T {
-            return CheckpointSerializationEnvironmentRule().apply { init(taskLabel) }.runTask(task)
+            return CheckpointSerializationEnvironmentRule().apply { init() }.runTask(task)
         }
     }
 
@@ -47,14 +47,14 @@ class CheckpointSerializationEnvironmentRule(private val inheritable: Boolean =
     private lateinit var env: SerializationEnvironment
 
     override fun apply(base: Statement, description: Description): Statement {
-        init(description.toString())
+        init()
         return object : Statement() {
             override fun evaluate() = runTask { base.evaluate() }
         }
     }
 
-    private fun init(envLabel: String) {
-        env = createTestSerializationEnv(envLabel)
+    private fun init() {
+        env = createTestSerializationEnv()
     }
 
     private fun <T> runTask(task: (SerializationEnvironment) -> T): T {
@@ -65,7 +65,6 @@ class CheckpointSerializationEnvironmentRule(private val inheritable: Boolean =
         }
     }
 
-    val checkpointSerializationFactory get() = env.checkpointSerializationFactory
     val checkpointSerializationContext get() = env.checkpointContext
-
+    val checkpointSerializer get() = env.checkpointSerializer
 }
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt
index 53bee6f798..3257cca802 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalSerializationTestHelpers.kt
@@ -4,11 +4,10 @@ import com.nhaarman.mockito_kotlin.doNothing
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.client.rpc.internal.serialization.amqp.AMQPClientSerializationScheme
 import net.corda.core.DoNotImplement
-import net.corda.core.serialization.internal.CheckpointSerializationFactory
 import net.corda.core.serialization.internal.*
 import net.corda.node.serialization.amqp.AMQPServerSerializationScheme
 import net.corda.node.serialization.kryo.KRYO_CHECKPOINT_CONTEXT
-import net.corda.node.serialization.kryo.KryoSerializationScheme
+import net.corda.node.serialization.kryo.KryoCheckpointSerializer
 import net.corda.serialization.internal.*
 import net.corda.testing.core.SerializationEnvironmentRule
 import java.util.concurrent.ConcurrentHashMap
@@ -30,22 +29,20 @@ fun <T> withoutTestSerialization(callable: () -> T): T { // TODO: Delete this, s
     }
 }
 
-internal fun createTestSerializationEnv(label: String): SerializationEnvironmentImpl {
+internal fun createTestSerializationEnv(): SerializationEnvironment {
     val factory = SerializationFactoryImpl().apply {
         registerScheme(AMQPClientSerializationScheme(emptyList()))
         registerScheme(AMQPServerSerializationScheme(emptyList()))
     }
-    return object : SerializationEnvironmentImpl(
+    return SerializationEnvironment.with(
             factory,
             AMQP_P2P_CONTEXT,
             AMQP_RPC_SERVER_CONTEXT,
             AMQP_RPC_CLIENT_CONTEXT,
             AMQP_STORAGE_CONTEXT,
             KRYO_CHECKPOINT_CONTEXT,
-            CheckpointSerializationFactory(KryoSerializationScheme)
-    ) {
-        override fun toString() = "testSerializationEnv($label)"
-    }
+            KryoCheckpointSerializer
+    )
 }
 
 /**
@@ -54,7 +51,7 @@ internal fun createTestSerializationEnv(label: String): SerializationEnvironment
  */
 fun setGlobalSerialization(armed: Boolean): GlobalSerializationEnvironment {
     return if (armed) {
-        object : GlobalSerializationEnvironment, SerializationEnvironment by createTestSerializationEnv("<global>") {
+        object : GlobalSerializationEnvironment, SerializationEnvironment by createTestSerializationEnv() {
             override fun unset() {
                 _globalSerializationEnv.set(null)
                 inVMExecutors.remove(this)
diff --git a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
index 570a9cbe2e..e65a7441be 100644
--- a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
+++ b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
@@ -8,11 +8,10 @@ import net.corda.cliutils.CordaCliWrapper
 import net.corda.cliutils.ExitCodes
 import net.corda.cliutils.start
 import net.corda.core.internal.isRegularFile
-import net.corda.core.internal.rootMessage
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationDefaults
 import net.corda.core.serialization.deserialize
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
+import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal._contextSerializationEnv
 import net.corda.core.utilities.base64ToByteArray
 import net.corda.core.utilities.hexToByteArray
@@ -22,7 +21,6 @@ import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
 import net.corda.serialization.internal.amqp.DeserializationInput
 import net.corda.serialization.internal.amqp.amqpMagic
 import org.slf4j.event.Level
-import picocli.CommandLine
 import picocli.CommandLine.*
 import java.io.PrintStream
 import java.net.MalformedURLException
@@ -128,7 +126,7 @@ class BlobInspector : CordaCliWrapper("blob-inspector", "Convert AMQP serialised
 
     private fun initialiseSerialization() {
         // Deserialise with the lenient carpenter as we only care for the AMQP field getters
-        _contextSerializationEnv.set(SerializationEnvironmentImpl(
+        _contextSerializationEnv.set(SerializationEnvironment.with(
                 SerializationFactoryImpl().apply {
                     registerScheme(AMQPInspectorSerializationScheme)
                 },
diff --git a/tools/demobench/src/main/kotlin/net/corda/demobench/DemoBench.kt b/tools/demobench/src/main/kotlin/net/corda/demobench/DemoBench.kt
index 86430dadf3..dfecae05ac 100644
--- a/tools/demobench/src/main/kotlin/net/corda/demobench/DemoBench.kt
+++ b/tools/demobench/src/main/kotlin/net/corda/demobench/DemoBench.kt
@@ -2,7 +2,7 @@ package net.corda.demobench
 
 import javafx.scene.image.Image
 import net.corda.client.rpc.internal.serialization.amqp.AMQPClientSerializationScheme
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
+import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal.nodeSerializationEnv
 import net.corda.demobench.views.DemoBenchView
 import net.corda.serialization.internal.AMQP_P2P_CONTEXT
@@ -56,7 +56,7 @@ class DemoBench : App(DemoBenchView::class) {
     }
 
     private fun initialiseSerialization() {
-        nodeSerializationEnv = SerializationEnvironmentImpl(
+        nodeSerializationEnv = SerializationEnvironment.with(
                 SerializationFactoryImpl().apply {
                     registerScheme(AMQPClientSerializationScheme(emptyList()))
                 },
diff --git a/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/serialization/SerializationHelper.kt b/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/serialization/SerializationHelper.kt
index ce978e4131..d0efa8d492 100644
--- a/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/serialization/SerializationHelper.kt
+++ b/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/serialization/SerializationHelper.kt
@@ -1,9 +1,10 @@
 package net.corda.bootstrapper.serialization
 
-import net.corda.core.serialization.internal.SerializationEnvironmentImpl
+import net.corda.core.serialization.internal.SerializationEnvironment
 import net.corda.core.serialization.internal.nodeSerializationEnv
 import net.corda.node.serialization.amqp.AMQPServerSerializationScheme
 import net.corda.node.serialization.kryo.KRYO_CHECKPOINT_CONTEXT
+import net.corda.node.serialization.kryo.KryoCheckpointSerializer
 import net.corda.serialization.internal.AMQP_P2P_CONTEXT
 import net.corda.serialization.internal.AMQP_STORAGE_CONTEXT
 import net.corda.serialization.internal.SerializationFactoryImpl
@@ -14,14 +15,16 @@ class SerializationEngine {
             synchronized(this) {
                 if (nodeSerializationEnv == null) {
                     val classloader = this::class.java.classLoader
-                    nodeSerializationEnv = SerializationEnvironmentImpl(
+                    nodeSerializationEnv = SerializationEnvironment.with(
                             SerializationFactoryImpl().apply {
                                 registerScheme(AMQPServerSerializationScheme(emptyList()))
                             },
                             p2pContext = AMQP_P2P_CONTEXT.withClassLoader(classloader),
                             rpcServerContext = AMQP_P2P_CONTEXT.withClassLoader(classloader),
                             storageContext = AMQP_STORAGE_CONTEXT.withClassLoader(classloader),
-                            checkpointContext = KRYO_CHECKPOINT_CONTEXT.withClassLoader(classloader)
+
+                            checkpointContext = KRYO_CHECKPOINT_CONTEXT.withClassLoader(classloader),
+                            checkpointSerializer = KryoCheckpointSerializer
                     )
                 }
             }

From d987f18871657b11c5fe5e42205368bb070abb3a Mon Sep 17 00:00:00 2001
From: josecoll <jose.coll@r3cev.com>
Date: Mon, 8 Oct 2018 13:56:02 +0100
Subject: [PATCH 25/83] Gradle cache friendly Junit test fix. (#4044)

---
 core-deterministic/testing/data/build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core-deterministic/testing/data/build.gradle b/core-deterministic/testing/data/build.gradle
index 59992d92eb..03da2a8977 100644
--- a/core-deterministic/testing/data/build.gradle
+++ b/core-deterministic/testing/data/build.gradle
@@ -22,6 +22,9 @@ test {
         // Running this class is the whole point, so include it explicitly.
         includeTestsMatching "net.corda.deterministic.data.GenerateData"
     }
+    // force execution of these tests to generate artifacts required by other module (eg. VerifyTransactionTest)
+    // note: required by Gradle Build Cache.
+    outputs.upToDateWhen { false }
 }
 assemble.finalizedBy test
 

From b8e88232b45601293c13a1394afdf2177a9ef248 Mon Sep 17 00:00:00 2001
From: Tommy Lillehagen <tommy.lillehagen@r3.com>
Date: Mon, 8 Oct 2018 14:19:56 +0100
Subject: [PATCH 26/83] NOTICK Create semantic version numbers (#4045)

---
 release-tools/testing/test-manager | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release-tools/testing/test-manager b/release-tools/testing/test-manager
index 96bfd97a36..57c55c2259 100755
--- a/release-tools/testing/test-manager
+++ b/release-tools/testing/test-manager
@@ -278,7 +278,7 @@ def main():
 
         def mixin_version_and_product(command):
             mixin_product(command)
-            command.add('VERSION', help='the target version of the release, e.g., 4.0', type=float)
+            command.add('VERSION', help='the target version of the release, e.g., 4.0', type=str)
 
         def mixin_candidate(command, optional=False):
             if optional:

From d1adb09ca9c1653899ab17b9b3994fd6917296c0 Mon Sep 17 00:00:00 2001
From: Tommy Lillehagen <tommy.lillehagen@r3.com>
Date: Mon, 8 Oct 2018 15:26:44 +0100
Subject: [PATCH 27/83] NOTICK Python 3 compat, ENM version name, skip closed
 tests (#4046)

---
 release-tools/testing/args.py         |  7 +++++--
 release-tools/testing/jira_manager.py |  7 +++++++
 release-tools/testing/test-manager    | 10 ++++++++--
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/release-tools/testing/args.py b/release-tools/testing/args.py
index 9eb92a8a59..58ed3f0b90 100644
--- a/release-tools/testing/args.py
+++ b/release-tools/testing/args.py
@@ -5,7 +5,7 @@ import sys, traceback
 # {{{ Representation of a command-line program
 class Program:
 
-    # Create a new command-line program represenation, provided an optional name and description
+    # Create a new command-line program representation, provided an optional name and description
     def __init__(self, name=None, description=None):
         self.parser = ArgumentParser(name, description=description)
         self.subparsers = self.parser.add_subparsers(title='commands')
@@ -39,7 +39,10 @@ class Program:
                 t, exception, tb = sys.exc_info()
                 self.parser.error('{}\n\n{}'.format(error.message, '\n'.join(traceback.format_tb(tb))))
             else:
-                self.parser.error(error.message)
+                try:
+                    self.parser.error(error.message)
+                except AttributeError:
+                    self.parser.error(str(error))
 # }}}
 
 # {{{ Representation of a sub-command of a command-line program
diff --git a/release-tools/testing/jira_manager.py b/release-tools/testing/jira_manager.py
index af57865398..5f9e66fa60 100644
--- a/release-tools/testing/jira_manager.py
+++ b/release-tools/testing/jira_manager.py
@@ -3,6 +3,13 @@ from jira import JIRA
 from jira.exceptions import JIRAError
 # }}}
 
+# {{{ Python 2 and 3 interoperability
+try:
+    unicode('')
+except NameError:
+    unicode = str
+# }}}
+
 # {{{ Class for interacting with a hosted JIRA system
 class Jira:
 
diff --git a/release-tools/testing/test-manager b/release-tools/testing/test-manager
index 57c55c2259..bfea84eb68 100755
--- a/release-tools/testing/test-manager
+++ b/release-tools/testing/test-manager
@@ -36,7 +36,8 @@ except:
 product_map = {
     'OS'   : 'Corda',
     'ENT'  : 'Corda Enterprise',
-    'NS'   : 'Corda Network Services',
+    'NS'   : 'ENM',
+    'ENM'  : 'ENM',
     'TEST' : 'Corda', # for demo and test purposes
 }
 # }}}
@@ -235,10 +236,15 @@ def create_release_candidate(args):
     print()
     has_tests = False
     for issue in jira.search(QUERY_LIST_TEST_INSTANCES, args.PRODUCT, version):
-        print(u' - {} {}'.format(blue(issue.key), issue.fields.summary))
+        test_status = issue.fields.status['name']
+        print(u' - {} {} ({})'.format(blue(issue.key), issue.fields.summary, test_status))
         epic_field = jira.custom_fields_by_name['Epic Link']
         epic = issue.fields[epic_field] if epic_field in issue.fields.to_dict() else ''
         labels = issue.fields.labels + [epic]
+        if test_status in ['Pass', 'Fail', 'Descope']:
+            print(u'   {} - Parent test is marked as {}'.format(yellow('SKIPPED'), test_status))
+            print()
+            continue
         print()
         has_tests = True
         print(u'    - Creating test run ticket for release candidate {} ...'.format(yellow('RC{:02d}'.format(CANDIDATE))))

From 5d84640d1f666bb60a0660bd06a27f6884fa02d8 Mon Sep 17 00:00:00 2001
From: Konstantinos Chalkias <konstantinos.chalkias@r3.com>
Date: Tue, 9 Oct 2018 09:48:54 +0100
Subject: [PATCH 28/83] Add missing validation in the
 OpaqueBytesSubSequence.init (#4047)

---
 .../main/kotlin/net/corda/core/utilities/ByteArrays.kt | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/utilities/ByteArrays.kt b/core/src/main/kotlin/net/corda/core/utilities/ByteArrays.kt
index 0407bd95bb..7190e0c770 100644
--- a/core/src/main/kotlin/net/corda/core/utilities/ByteArrays.kt
+++ b/core/src/main/kotlin/net/corda/core/utilities/ByteArrays.kt
@@ -29,7 +29,7 @@ sealed class ByteSequence(private val _bytes: ByteArray, val offset: Int, val si
      */
     abstract val bytes: ByteArray
 
-    /** Returns a [ByteArrayInputStream] of the bytes */
+    /** Returns a [ByteArrayInputStream] of the bytes. */
     fun open() = ByteArrayInputStream(_bytes, offset, size)
 
     /**
@@ -41,8 +41,6 @@ sealed class ByteSequence(private val _bytes: ByteArray, val offset: Int, val si
      */
     @Suppress("MemberVisibilityCanBePrivate")
     fun subSequence(offset: Int, size: Int): ByteSequence {
-        require(offset >= 0)
-        require(offset + size <= this.size)
         // Intentionally use bytes rather than _bytes, to mirror the copy-or-not behaviour of that property.
         return if (offset == 0 && size == this.size) this else of(bytes, this.offset + offset, size)
     }
@@ -108,7 +106,7 @@ sealed class ByteSequence(private val _bytes: ByteArray, val offset: Int, val si
                 return Integer.signum(unsignedThis - unsignedOther)
             }
         }
-        // First min bytes is the same, so now resort to size
+        // First min bytes is the same, so now resort to size.
         return Integer.signum(this.size - other.size)
     }
 
@@ -190,12 +188,12 @@ fun ByteArray.toHexString(): String = DatatypeConverter.printHexBinary(this)
 fun String.parseAsHex(): ByteArray = DatatypeConverter.parseHexBinary(this)
 
 /**
- * Class is public for serialization purposes
+ * Class is public for serialization purposes.
  */
 @KeepForDJVM
 class OpaqueBytesSubSequence(override val bytes: ByteArray, offset: Int, size: Int) : ByteSequence(bytes, offset, size) {
     init {
         require(offset >= 0 && offset < bytes.size)
-        require(size >= 0 && size <= bytes.size)
+        require(size >= 0 && offset + size <= bytes.size)
     }
 }

From 9c8a1cd14ad8544e7ca8e8db2320ec152aabd676 Mon Sep 17 00:00:00 2001
From: Anthony Keenan <anthony.keenan@r3.com>
Date: Tue, 9 Oct 2018 15:49:24 +0200
Subject: [PATCH 29/83] CORDA-2028 - Fix use of required paramers/options on
 command line (#4040)

* Make required parameters work with --install-shell-extensions and make errors look a bit more errorey

* Make blobinspector required parameter work the way it used to

* Fix compilation Error
---
 .../net/corda/blobinspector/BlobInspector.kt  |  7 +--
 .../corda/blobinspector/BlobInspectorTest.kt  |  2 +-
 .../net/corda/cliutils/CordaCliWrapper.kt     | 59 +++++++++++++------
 3 files changed, 45 insertions(+), 23 deletions(-)

diff --git a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
index e65a7441be..8887247bf6 100644
--- a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
+++ b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
@@ -34,8 +34,8 @@ fun main(args: Array<String>) {
 }
 
 class BlobInspector : CordaCliWrapper("blob-inspector", "Convert AMQP serialised binary blobs to text") {
-    @Parameters(index = "*..0", paramLabel = "SOURCE", description = ["URL or file path to the blob"], converter = [SourceConverter::class])
-    var source: MutableList<URL> = mutableListOf()
+    @Parameters(index = "0", paramLabel = "SOURCE", description = ["URL or file path to the blob"], converter = [SourceConverter::class])
+    var source: URL? = null
 
     @Option(names = ["--format"], paramLabel = "type", description = ["Output format. Possible values: [YAML, JSON]"])
     private var formatType: OutputFormatType = OutputFormatType.YAML
@@ -61,8 +61,7 @@ class BlobInspector : CordaCliWrapper("blob-inspector", "Convert AMQP serialised
     }
 
     fun run(out: PrintStream): Int {
-        require(source.count() == 1) { "You must specify URL or file path to the blob" }
-        val inputBytes = source.first().readBytes()
+        val inputBytes = source!!.readBytes()
         val bytes = parseToBinaryRelaxed(inputFormatType, inputBytes)
                 ?: throw IllegalArgumentException("Error: this input does not appear to be encoded in Corda's AMQP extended format, sorry.")
 
diff --git a/tools/blobinspector/src/test/kotlin/net/corda/blobinspector/BlobInspectorTest.kt b/tools/blobinspector/src/test/kotlin/net/corda/blobinspector/BlobInspectorTest.kt
index 04cc72d621..65e1223c4f 100644
--- a/tools/blobinspector/src/test/kotlin/net/corda/blobinspector/BlobInspectorTest.kt
+++ b/tools/blobinspector/src/test/kotlin/net/corda/blobinspector/BlobInspectorTest.kt
@@ -53,7 +53,7 @@ class BlobInspectorTest {
     }
 
     private fun run(resourceName: String): String {
-        blobInspector.source = mutableListOf(javaClass.getResource(resourceName))
+        blobInspector.source = javaClass.getResource(resourceName)
         val writer = StringWriter()
         blobInspector.run(PrintStream(WriterOutputStream(writer, UTF_8)))
         val output = writer.toString()
diff --git a/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt b/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt
index f30c3ed05d..5a35be8089 100644
--- a/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt
+++ b/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt
@@ -21,8 +21,6 @@ import java.util.concurrent.Callable
 interface Validated {
     companion object {
         val logger = contextLogger()
-        const val RED = "\u001B[31m"
-        const val RESET = "\u001B[0m"
     }
 
     /**
@@ -36,8 +34,8 @@ interface Validated {
     fun validate() {
         val errors = validator()
         if (errors.isNotEmpty()) {
-            logger.error(RED + "Exceptions when parsing command line arguments:")
-            logger.error(errors.joinToString("\n") + RESET)
+            logger.error(ShellConstants.RED + "Exceptions when parsing command line arguments:")
+            logger.error(errors.joinToString("\n") + ShellConstants.RESET)
             CommandLine(this).usage(System.err)
             exitProcess(ExitCodes.FAILURE)
         }
@@ -55,6 +53,11 @@ object CordaSystemUtils {
     fun getOsName(): String = System.getProperty(OS_NAME)
 }
 
+object ShellConstants {
+    const val RED = "\u001B[31m"
+    const val RESET = "\u001B[0m"
+}
+
 fun CordaCliWrapper.start(args: Array<String>) {
     this.args = args
 
@@ -66,27 +69,47 @@ fun CordaCliWrapper.start(args: Array<String>) {
     cmd.registerConverter(Path::class.java) { Paths.get(it).toAbsolutePath().normalize() }
     cmd.commandSpec.name(alias)
     cmd.commandSpec.usageMessage().description(description)
+    cmd.commandSpec.parser().collectErrors(true)
     try {
-        val defaultAnsiMode = if (CordaSystemUtils.isOsWindows()) { Help.Ansi.ON } else { Help.Ansi.AUTO }
-        val results = cmd.parseWithHandlers(RunLast().useOut(System.out).useAnsi(defaultAnsiMode),
-                DefaultExceptionHandler<List<Any>>().useErr(System.err).useAnsi(defaultAnsiMode),
-                *args)
-        // If an error code has been returned, use this and exit
-        results?.firstOrNull()?.let {
-            if (it is Int) {
-                exitProcess(it)
-            } else {
+        val defaultAnsiMode = if (CordaSystemUtils.isOsWindows()) {
+            Help.Ansi.ON
+        } else {
+            Help.Ansi.AUTO
+        }
+
+        val results = cmd.parse(*args)
+        val app = cmd.getCommand<CordaCliWrapper>()
+        if (cmd.isUsageHelpRequested) {
+            cmd.usage(System.out, defaultAnsiMode)
+            exitProcess(ExitCodes.SUCCESS)
+        }
+        if (cmd.isVersionHelpRequested) {
+            cmd.printVersionHelp(System.out, defaultAnsiMode)
+            exitProcess(ExitCodes.SUCCESS)
+        }
+        if (app.installShellExtensionsParser.installShellExtensions) {
+            System.out.println("Install shell extensions: ${app.installShellExtensionsParser.installShellExtensions}")
+            // ignore any parsing errors and run the program
+            exitProcess(app.call())
+        }
+        val allErrors = results.flatMap { it.parseResult?.errors() ?: emptyList() }
+        if (allErrors.any()) {
+            val parameterExceptions = allErrors.asSequence().filter { it is ParameterException }
+            if (parameterExceptions.any()) {
+                System.err.println("${ShellConstants.RED}${parameterExceptions.map{ it.message }.joinToString()}${ShellConstants.RESET}")
+                parameterExceptions.filter { it is UnmatchedArgumentException}.forEach { (it as UnmatchedArgumentException).printSuggestions(System.out) }
+                usage(cmd, System.out, defaultAnsiMode)
                 exitProcess(ExitCodes.FAILURE)
             }
+            throw allErrors.first()
         }
-        // If no results returned, picocli ran something without invoking the main program, e.g. --help or --version, so exit successfully
-        exitProcess(ExitCodes.SUCCESS)
-    } catch (e: ExecutionException) {
+        exitProcess(app.call())
+    } catch (e: Exception) {
         val throwable = e.cause ?: e
         if (this.verbose) {
             throwable.printStackTrace()
         } else {
-            System.err.println("*ERROR*: ${throwable.rootMessage ?: "Use --verbose for more details"}")
+            System.err.println("${ShellConstants.RED}${throwable.rootMessage ?: "Use --verbose for more details"}${ShellConstants.RESET}")
         }
         exitProcess(ExitCodes.FAILURE)
     }
@@ -126,7 +149,7 @@ abstract class CordaCliWrapper(val alias: String, val description: String) : Cal
     var loggingLevel: Level = Level.INFO
 
     @Mixin
-    private lateinit var installShellExtensionsParser: InstallShellExtensionsParser
+    lateinit var installShellExtensionsParser: InstallShellExtensionsParser
 
     // This needs to be called before loggers (See: NodeStartup.kt:51 logger called by lazy, initLogging happens before).
     // Node's logging is more rich. In corda configurations two properties, defaultLoggingLevel and consoleLogLevel, are usually used.

From b6f2532ce67ce02376f9bc7e20690876e6c6d91f Mon Sep 17 00:00:00 2001
From: Dominic Fox <40790090+distributedleetravis@users.noreply.github.com>
Date: Tue, 9 Oct 2018 14:54:31 +0100
Subject: [PATCH 30/83] Corda 1922 serialize states with calculated values
 (#3938)

* Introduce SerializeForCarpenter annotation

* Apply SerializableComputedProperty annotation to Cash.exitKeys, fix bugs

* info -> trace

* Remove annotation from FungibleAsset, as we do not know whether all implementing classes will provide the property as a calculated value

* Remove redundant import

* Explicit lambda params

* Restore explicit import for Enum valueOf

* Moving and rescoping

* More meaningful error message

* Add java test and documentation

* Fix accidentally broken unit test

* Ignore superclass annotation if property not calculated in implementing class

* Exclude calculated properties from Jackson serialisation

* Fix broken test
---
 .../client/jackson/internal/CordaModule.kt    |   2 +-
 .../net/corda/core/contracts/FungibleAsset.kt |   2 +
 ...lizable.kt => SerializationAnnotations.kt} |  10 +-
 docs/source/serialization.rst                 |  25 ++-
 .../net/corda/finance/contracts/asset/Cash.kt |   1 +
 .../vault/VaultSoftLockManagerTest.kt         |   3 +-
 .../internal/amqp/DeserializationInput.kt     |   4 +-
 .../internal/amqp/EvolutionSerializer.kt      |  13 +-
 .../internal/amqp/ObjectSerializer.kt         |  23 ++-
 .../internal/amqp/PropertyDescriptor.kt       |  52 ++++-
 .../internal/amqp/PropertySerializers.kt      |  44 +++--
 .../internal/amqp/SerializationHelper.kt      |  47 +++--
 .../internal/amqp/SerializerFactory.kt        | 187 +++++++++---------
 .../internal/carpenter/MetaCarpenter.kt       |   5 +
 ...aCalculatedValuesToClassCarpenterTest.java | 107 ++++++++++
 ... => EvolutionSerializerProviderTesting.kt} |   4 +-
 .../internal/amqp/FingerPrinterTesting.kt     |   2 +-
 .../internal/amqp/RoundTripTests.kt           |  59 ++++++
 .../internal/amqp/SerializationOutputTests.kt |   2 +-
 .../internal/amqp/testutils/AMQPTestUtils.kt  |   2 +-
 .../CalculatedValuesToClassCarpenterTests.kt  | 101 ++++++++++
 .../carpenter/ClassCarpenterTestUtils.kt      |   3 +-
 ...berCompositeSchemaToClassCarpenterTests.kt |  17 +-
 .../InheritanceSchemaToClassCarpenterTests.kt |  13 --
 ...berCompositeSchemaToClassCarpenterTests.kt |   6 +-
 ...berCompositeSchemaToClassCarpenterTests.kt |  24 +--
 26 files changed, 554 insertions(+), 204 deletions(-)
 rename core/src/main/kotlin/net/corda/core/serialization/{CordaSerializable.kt => SerializationAnnotations.kt} (76%)
 create mode 100644 serialization/src/test/java/net/corda/serialization/internal/carpenter/JavaCalculatedValuesToClassCarpenterTest.java
 rename serialization/src/test/kotlin/net/corda/serialization/internal/amqp/{EvolutionSerializerGetterTesting.kt => EvolutionSerializerProviderTesting.kt} (85%)
 create mode 100644 serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CalculatedValuesToClassCarpenterTests.kt

diff --git a/client/jackson/src/main/kotlin/net/corda/client/jackson/internal/CordaModule.kt b/client/jackson/src/main/kotlin/net/corda/client/jackson/internal/CordaModule.kt
index 2212638551..e56711a50d 100644
--- a/client/jackson/src/main/kotlin/net/corda/client/jackson/internal/CordaModule.kt
+++ b/client/jackson/src/main/kotlin/net/corda/client/jackson/internal/CordaModule.kt
@@ -98,7 +98,7 @@ private class CordaSerializableBeanSerializerModifier : BeanSerializerModifier()
             val ctor = constructorForDeserialization(beanClass)
             val amqpProperties = propertiesForSerialization(ctor, beanClass, serializerFactory)
                     .serializationOrder
-                    .map { it.serializer.name }
+                    .mapNotNull { if (it.isCalculated) null else it.serializer.name }
             val propertyRenames = beanDesc.findProperties().associateBy({ it.name }, { it.internalName })
             (amqpProperties - propertyRenames.values).let {
                 check(it.isEmpty()) { "Jackson didn't provide serialisers for $it" }
diff --git a/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt b/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt
index d28362a34b..ddcd04be56 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt
@@ -3,6 +3,7 @@ package net.corda.core.contracts
 import net.corda.core.KeepForDJVM
 import net.corda.core.flows.FlowException
 import net.corda.core.identity.AbstractParty
+import net.corda.core.serialization.SerializableCalculatedProperty
 import java.security.PublicKey
 
 /**
@@ -38,6 +39,7 @@ interface FungibleAsset<T : Any> : OwnableState {
      * There must be an ExitCommand signed by these keys to destroy the amount. While all states require their
      * owner to sign, some (i.e. cash) also require the issuer.
      */
+    @get:SerializableCalculatedProperty
     val exitKeys: Collection<PublicKey>
 
     /**
diff --git a/core/src/main/kotlin/net/corda/core/serialization/CordaSerializable.kt b/core/src/main/kotlin/net/corda/core/serialization/SerializationAnnotations.kt
similarity index 76%
rename from core/src/main/kotlin/net/corda/core/serialization/CordaSerializable.kt
rename to core/src/main/kotlin/net/corda/core/serialization/SerializationAnnotations.kt
index ce80444256..95fd23e60f 100644
--- a/core/src/main/kotlin/net/corda/core/serialization/CordaSerializable.kt
+++ b/core/src/main/kotlin/net/corda/core/serialization/SerializationAnnotations.kt
@@ -19,4 +19,12 @@ import java.lang.annotation.Inherited
 @Target(AnnotationTarget.CLASS)
 @Retention(AnnotationRetention.RUNTIME)
 @Inherited
-annotation class CordaSerializable
\ No newline at end of file
+annotation class CordaSerializable
+
+
+/**
+ * Used to annotate methods which expose calculated values that we want to be serialized for use by the class carpenter.
+ */
+@Retention(AnnotationRetention.RUNTIME)
+@Target(AnnotationTarget.PROPERTY_GETTER, AnnotationTarget.FUNCTION)
+annotation class SerializableCalculatedProperty
\ No newline at end of file
diff --git a/docs/source/serialization.rst b/docs/source/serialization.rst
index c015eb317e..00f4baa07a 100644
--- a/docs/source/serialization.rst
+++ b/docs/source/serialization.rst
@@ -556,10 +556,33 @@ be able to use reflection over the deserialized data, for scripting languages th
 ensuring classes not on the classpath can be deserialized without loading potentially malicious code.
 
 If the original class implements some interfaces then the carpenter will make sure that all of the interface methods are
-backed by feilds. If that's not the case then an exception will be thrown during deserialization. This check can
+backed by fields. If that's not the case then an exception will be thrown during deserialization. This check can
 be turned off with ``SerializationContext.withLenientCarpenter``. This can be useful if only the field getters are needed,
 say in an object viewer.
 
+Calculated values
+`````````````````
+
+In some cases, for example the `exitKeys` field in ``FungibleState``, a property in an interface may normally be implemented
+as a *calculated* value, with a "getter" method for reading it but neither a corresponding constructor parameter nor a
+"setter" method for writing it. In this case, it will not automatically be included among the properties to be serialized,
+since the receiving class would ordinarily be able to re-calculate it on demand. However, a synthesized class will not
+have the method implementation which knows how to calculate the value, and a cast to the interface will fail because the
+property is not serialized and so the "getter" method present in the interface will not be synthesized.
+
+The solution is to annotate the method with the ``SerializableCalculatedProperty`` annotation, which will cause the value
+exposed by the method to be read and transmitted during serialization, but discarded during normal deserialization. The
+synthesized class will then include a backing field together with a "getter" for the serialized calculated value, and will
+remain compatible with the interface.
+
+If the annotation is added to the method in the *interface*, then all implementing classes must calculate the value and
+none may have a corresponding backing field; alternatively, it can be added to the overriding method on each implementing
+class where the value is calculated and there is no backing field. If the field is a Kotlin ``val``, then the annotation
+should be targeted at its getter method, e.g. ``@get:SerializableCalculatedProperty``.
+
+Future enhancements
+```````````````````
+
 Possible future enhancements include:
 
     #.  Java singleton support.  We will add support for identifying classes which are singletons and identifying the
diff --git a/finance/src/main/kotlin/net/corda/finance/contracts/asset/Cash.kt b/finance/src/main/kotlin/net/corda/finance/contracts/asset/Cash.kt
index 73681e44b7..58d5bae36c 100644
--- a/finance/src/main/kotlin/net/corda/finance/contracts/asset/Cash.kt
+++ b/finance/src/main/kotlin/net/corda/finance/contracts/asset/Cash.kt
@@ -16,6 +16,7 @@ import net.corda.core.node.ServiceHub
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.schemas.PersistentState
 import net.corda.core.schemas.QueryableState
+import net.corda.core.serialization.SerializableCalculatedProperty
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.finance.contracts.asset.cash.selection.AbstractCashSelection
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
index 6784d43362..93e60859fe 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
@@ -34,6 +34,7 @@ import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.startFlow
 import org.junit.After
 import org.junit.Test
+import java.security.PublicKey
 import java.util.*
 import java.util.concurrent.atomic.AtomicBoolean
 import kotlin.reflect.jvm.jvmName
@@ -127,7 +128,7 @@ class VaultSoftLockManagerTest {
         override val owner get() = participants[0]
         override fun withNewOwner(newOwner: AbstractParty) = throw UnsupportedOperationException()
         override val amount get() = Amount(1, Issued(PartyAndReference(owner, OpaqueBytes.of(1)), Unit))
-        override val exitKeys get() = throw UnsupportedOperationException()
+        override val exitKeys get() = emptyList<PublicKey>()
         override fun withNewOwnerAndAmount(newAmount: Amount<Issued<Unit>>, newOwner: AbstractParty) = throw UnsupportedOperationException()
         override fun equals(other: Any?) = other is FungibleAssetImpl && participants == other.participants
         override fun hashCode() = participants.hashCode()
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/DeserializationInput.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/DeserializationInput.kt
index b9c50f7250..0cea2003f7 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/DeserializationInput.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/DeserializationInput.kt
@@ -117,7 +117,7 @@ class DeserializationInput constructor(
             des {
                 val envelope = getEnvelope(bytes, context.encodingWhitelist)
 
-                logger.trace("deserialize blob scheme=\"${envelope.schema.toString()}\"")
+                logger.trace("deserialize blob scheme=\"${envelope.schema}\"")
 
                 clazz.cast(readObjectOrNull(envelope.obj, SerializationSchemas(envelope.schema, envelope.transformsSchema),
                         clazz, context))
@@ -149,7 +149,7 @@ class DeserializationInput constructor(
             if (obj is DescribedType && ReferencedObject.DESCRIPTOR == obj.descriptor) {
                 // It must be a reference to an instance that has already been read, cheaply and quickly returning it by reference.
                 val objectIndex = (obj.described as UnsignedInteger).toInt()
-                if (objectIndex !in 0..objectHistory.size)
+                if (objectIndex >= objectHistory.size)
                     throw AMQPNotSerializableException(
                             type,
                             "Retrieval of existing reference failed. Requested index $objectIndex " +
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt
index 79a3f85c00..4604af4505 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt
@@ -125,7 +125,7 @@ abstract class EvolutionSerializer(
             // any particular NonNullable annotation type to indicate cross
             // compiler nullability
             val isKotlin = (new.type.javaClass.declaredAnnotations.any {
-                        it.annotationClass.qualifiedName == "kotlin.Metadata"
+                it.annotationClass.qualifiedName == "kotlin.Metadata"
             })
 
             constructor.parameters.withIndex().forEach {
@@ -270,8 +270,8 @@ class EvolutionSerializerViaSetters(
  * be an object that returns an [EvolutionSerializer]. Of course, any implementation that
  * extends this class can be written to invoke whatever behaviour is desired.
  */
-abstract class EvolutionSerializerGetterBase {
-    abstract fun getEvolutionSerializer(
+interface EvolutionSerializerProvider {
+    fun getEvolutionSerializer(
             factory: SerializerFactory,
             typeNotation: TypeNotation,
             newSerializer: AMQPSerializer<Any>,
@@ -283,12 +283,12 @@ abstract class EvolutionSerializerGetterBase {
  * between the received schema and the class as it exists now on the class path,
  */
 @KeepForDJVM
-class EvolutionSerializerGetter : EvolutionSerializerGetterBase() {
+object DefaultEvolutionSerializerProvider : EvolutionSerializerProvider {
     override fun getEvolutionSerializer(factory: SerializerFactory,
                                         typeNotation: TypeNotation,
                                         newSerializer: AMQPSerializer<Any>,
                                         schemas: SerializationSchemas): AMQPSerializer<Any> {
-        return factory.serializersByDescriptor.computeIfAbsent(typeNotation.descriptor.name!!) {
+        return factory.registerByDescriptor(typeNotation.descriptor.name!!) {
             when (typeNotation) {
                 is CompositeType -> EvolutionSerializer.make(typeNotation, newSerializer as ObjectSerializer, factory)
                 is RestrictedType -> {
@@ -310,5 +310,4 @@ class EvolutionSerializerGetter : EvolutionSerializerGetterBase() {
             }
         }
     }
-}
-
+}
\ No newline at end of file
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/ObjectSerializer.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/ObjectSerializer.kt
index dc142fce16..9ae529b608 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/ObjectSerializer.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/ObjectSerializer.kt
@@ -2,6 +2,7 @@ package net.corda.serialization.internal.amqp
 
 import net.corda.core.internal.isConcreteClass
 import net.corda.core.serialization.SerializationContext
+import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.trace
 import net.corda.serialization.internal.amqp.SerializerFactory.Companion.nameForType
@@ -61,7 +62,7 @@ open class ObjectSerializer(val clazz: Type, factory: SerializerFactory) : AMQPS
             context: SerializationContext,
             debugIndent: Int) = ifThrowsAppend({ clazz.typeName }
     ) {
-        if (propertySerializers.size != javaConstructor?.parameterCount &&
+        if (propertySerializers.deserializableSize != javaConstructor?.parameterCount &&
                 javaConstructor?.parameterCount ?: 0 > 0
         ) {
             throw AMQPNotSerializableException(type, "Serialization constructor for class $type expects "
@@ -86,8 +87,9 @@ open class ObjectSerializer(val clazz: Type, factory: SerializerFactory) : AMQPS
             input: DeserializationInput,
             context: SerializationContext): Any = ifThrowsAppend({ clazz.typeName }) {
         if (obj is List<*>) {
-            if (obj.size > propertySerializers.size) {
-                throw AMQPNotSerializableException(type, "Too many properties in described type $typeName")
+            if (obj.size != propertySerializers.size) {
+                throw AMQPNotSerializableException(type, "${obj.size} objects to deserialize, but " +
+                        "${propertySerializers.size} properties in described type $typeName")
             }
 
             return if (propertySerializers.byConstructor) {
@@ -109,8 +111,19 @@ open class ObjectSerializer(val clazz: Type, factory: SerializerFactory) : AMQPS
 
         return construct(propertySerializers.serializationOrder
                 .zip(obj)
-                .map { Pair(it.first.initialPosition, it.first.serializer.readProperty(it.second, schemas, input, context)) }
-                .sortedWith(compareBy({ it.first }))
+                .mapNotNull { (accessor, obj) ->
+                    // Ensure values get read out of input no matter what
+                    val value = accessor.serializer.readProperty(obj, schemas, input, context)
+
+                    when(accessor) {
+                        is PropertyAccessorConstructor -> accessor.initialPosition to value
+                        is CalculatedPropertyAccessor -> null
+                        else -> throw UnsupportedOperationException(
+                                "${accessor::class.simpleName} accessor not supported " +
+                                        "for constructor-based object building")
+                    }
+                }
+                .sortedWith(compareBy { it.first })
                 .map { it.second })
     }
 
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertyDescriptor.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertyDescriptor.kt
index 882f067eba..3de78db04e 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertyDescriptor.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertyDescriptor.kt
@@ -3,6 +3,7 @@ package net.corda.serialization.internal.amqp
 import com.google.common.reflect.TypeToken
 import net.corda.core.KeepForDJVM
 import net.corda.core.internal.isPublic
+import net.corda.core.serialization.SerializableCalculatedProperty
 import net.corda.serialization.internal.amqp.MethodClassifier.*
 import java.lang.reflect.Field
 import java.lang.reflect.Method
@@ -84,7 +85,7 @@ private val propertyMethodRegex = Regex("(?<type>get|set|is)(?<var>\\p{Lu}.*)")
  * take a single parameter of a type compatible with exampleProperty and isExampleProperty must
  * return a boolean
  */
-fun Class<out Any?>.propertyDescriptors(): Map<String, PropertyDescriptor> {
+internal fun Class<out Any?>.propertyDescriptors(): Map<String, PropertyDescriptor> {
     val fieldProperties = superclassChain().declaredFields().byFieldName()
 
     return superclassChain().declaredMethods()
@@ -96,9 +97,23 @@ fun Class<out Any?>.propertyDescriptors(): Map<String, PropertyDescriptor> {
             .validated()
 }
 
+/**
+ * Obtain [PropertyDescriptor]s for those calculated properties of a class which are annotated with
+ * [SerializableCalculatedProperty]
+ */
+internal fun Class<out Any?>.calculatedPropertyDescriptors(): Map<String, PropertyDescriptor> =
+        superclassChain().withInterfaces().declaredMethods()
+                .thatArePublic()
+                .thatAreCalculated()
+                .toCalculatedProperties()
+
 // Generate the sequence of classes starting with this class and ascending through it superclasses.
 private fun Class<*>.superclassChain() = generateSequence(this, Class<*>::getSuperclass)
 
+private fun Sequence<Class<*>>.withInterfaces() = flatMap {
+    sequenceOf(it) + it.genericInterfaces.asSequence().map { it.asClass() }
+}
+
 // Obtain the fields declared by all classes in this sequence of classes.
 private fun Sequence<Class<*>>.declaredFields() = flatMap { it.declaredFields.asSequence() }
 
@@ -108,18 +123,45 @@ private fun Sequence<Class<*>>.declaredMethods() = flatMap { it.declaredMethods.
 // Map a sequence of fields by field name.
 private fun Sequence<Field>.byFieldName() = map { it.name to it }.toMap()
 
-// Select only those methods that are public (and are not the "getClass" method)
+// Select only those methods that are public (and are not the "getClass" method).
 private fun Sequence<Method>.thatArePublic() = filter { it.isPublic && it.name != "getClass" }
 
+// Select only those methods that are annotated with [SerializableCalculatedProperty].
+private fun Sequence<Method>.thatAreCalculated() = filter {
+    it.isAnnotationPresent(SerializableCalculatedProperty::class.java)
+}
+
+// Convert a sequence of calculated property methods to a map of property descriptors by property name.
+private fun Sequence<Method>.toCalculatedProperties(): Map<String, PropertyDescriptor> {
+    val methodsByName = mutableMapOf<String, Method>()
+    for (method in this) {
+        val propertyNamedMethod = getPropertyNamedMethod(method)
+                ?: throw IllegalArgumentException("Calculated property method must have a name beginning with 'get' or 'is'")
+
+        require(propertyNamedMethod.hasValidSignature()) {
+            "Calculated property name must have no parameters, and a non-void return type"
+        }
+
+        val propertyName = propertyNamedMethod.fieldName.decapitalize()
+        methodsByName.compute(propertyName) { _, existingMethod ->
+            if (existingMethod == null) method
+            else leastGenericBy({ genericReturnType }, existingMethod, method)
+        }
+    }
+    return methodsByName.mapValues { (_, method) -> PropertyDescriptor(null, null, method) }
+}
+
 // Select only those methods that are isX/getX/setX methods
-private fun Sequence<Method>.thatArePropertyMethods() = map { method ->
-    propertyMethodRegex.find(method.name)?.let { result ->
+private fun Sequence<Method>.thatArePropertyMethods() = mapNotNull(::getPropertyNamedMethod)
+
+private fun getPropertyNamedMethod(method: Method): PropertyNamedMethod? {
+    return propertyMethodRegex.find(method.name)?.let { result ->
         PropertyNamedMethod(
                 result.groups[2]!!.value,
                 MethodClassifier.valueOf(result.groups[1]!!.value.toUpperCase()),
                 method)
     }
-}.filterNotNull()
+}
 
 // Pick only those methods whose signatures are valid, discarding the remainder without warning.
 private fun Sequence<PropertyNamedMethod>.withValidSignature() = filter { it.hasValidSignature() }
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertySerializers.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertySerializers.kt
index c56071a84e..65a8998a14 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertySerializers.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertySerializers.kt
@@ -1,6 +1,7 @@
 package net.corda.serialization.internal.amqp
 
 import net.corda.core.KeepForDJVM
+import net.corda.core.serialization.SerializableCalculatedProperty
 import net.corda.core.utilities.loggerFor
 import java.io.NotSerializableException
 import java.lang.reflect.Field
@@ -19,9 +20,9 @@ abstract class PropertyReader {
  * Accessor for those properties of a class that have defined getter functions.
  */
 @KeepForDJVM
-class PublicPropertyReader(private val readMethod: Method?) : PropertyReader() {
+class PublicPropertyReader(private val readMethod: Method) : PropertyReader() {
     init {
-        readMethod?.isAccessible = true
+        readMethod.isAccessible = true
     }
 
     private fun Method.returnsNullable(): Boolean {
@@ -47,10 +48,10 @@ class PublicPropertyReader(private val readMethod: Method?) : PropertyReader() {
     }
 
     override fun read(obj: Any?): Any? {
-        return readMethod!!.invoke(obj)
+        return readMethod.invoke(obj)
     }
 
-    override fun isNullable(): Boolean = readMethod?.returnsNullable() ?: false
+    override fun isNullable(): Boolean = readMethod.returnsNullable()
 }
 
 /**
@@ -112,7 +113,6 @@ class EvolutionPropertyReader : PropertyReader() {
  * making the property accessible.
  */
 abstract class PropertyAccessor(
-        val initialPosition: Int,
         open val serializer: PropertySerializer) {
     companion object : Comparator<PropertyAccessor> {
         override fun compare(p0: PropertyAccessor?, p1: PropertyAccessor?): Int {
@@ -120,13 +120,15 @@ abstract class PropertyAccessor(
         }
     }
 
+    open val isCalculated get() = false
+
     /**
      * Override to control how the property is set on the object.
      */
     abstract fun set(instance: Any, obj: Any?)
 
     override fun toString(): String {
-        return "${serializer.name}($initialPosition)"
+        return serializer.name
     }
 }
 
@@ -135,9 +137,8 @@ abstract class PropertyAccessor(
  * is serialized and deserialized via JavaBean getter and setter style methods.
  */
 class PropertyAccessorGetterSetter(
-        initialPosition: Int,
         getter: PropertySerializer,
-        private val setter: Method) : PropertyAccessor(initialPosition, getter) {
+        private val setter: Method) : PropertyAccessor(getter) {
     init {
         /**
          * Play nicely with Java interop, public methods aren't marked as accessible
@@ -159,16 +160,34 @@ class PropertyAccessorGetterSetter(
  * of the object the property belongs to.
  */
 class PropertyAccessorConstructor(
-        initialPosition: Int,
-        override val serializer: PropertySerializer) : PropertyAccessor(initialPosition, serializer) {
+        val initialPosition: Int,
+        override val serializer: PropertySerializer) : PropertyAccessor(serializer) {
     /**
-     * Because the property should be being set on the obejct through the constructor any
+     * Because the property should be being set on the object through the constructor any
      * calls to the explicit setter should be an error.
      */
     override fun set(instance: Any, obj: Any?) {
         NotSerializableException("Attempting to access a setter on an object being instantiated " +
                 "via its constructor.")
     }
+
+    override fun toString(): String =
+            "${serializer.name}($initialPosition)"
+}
+
+/**
+ * Implementation of [PropertyAccessor] representing a calculated property of an object that is serialized
+ * so that it can be used by the class carpenter, but ignored on deserialisation as there is no setter or
+ * constructor parameter to receive its value.
+ *
+ * This will only be created for calculated properties that are accessible via no-argument methods annotated
+ * with [SerializableCalculatedProperty].
+ */
+class CalculatedPropertyAccessor(override val serializer: PropertySerializer): PropertyAccessor(serializer) {
+    override val isCalculated: Boolean
+        get() = true
+
+    override fun set(instance: Any, obj: Any?) = Unit // do nothing, as it's a calculated value
 }
 
 /**
@@ -186,7 +205,7 @@ abstract class PropertySerializers(
         val serializationOrder: List<PropertyAccessor>) {
     companion object {
         fun make(serializationOrder: List<PropertyAccessor>) =
-                when (serializationOrder.firstOrNull()) {
+                when (serializationOrder.find { !it.isCalculated }) {
                     is PropertyAccessorConstructor -> PropertySerializersConstructor(serializationOrder)
                     is PropertyAccessorGetterSetter -> PropertySerializersSetter(serializationOrder)
                     null -> PropertySerializersNoProperties()
@@ -198,6 +217,7 @@ abstract class PropertySerializers(
 
     val size get() = serializationOrder.size
     abstract val byConstructor: Boolean
+    val deserializableSize = serializationOrder.count { !it.isCalculated }
 }
 
 class PropertySerializersNoProperties : PropertySerializers(emptyList()) {
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializationHelper.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializationHelper.kt
index f2820cc505..aed85b9825 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializationHelper.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializationHelper.kt
@@ -3,10 +3,7 @@ package net.corda.serialization.internal.amqp
 import com.google.common.primitives.Primitives
 import com.google.common.reflect.TypeToken
 import net.corda.core.internal.isConcreteClass
-import net.corda.core.serialization.ClassWhitelist
-import net.corda.core.serialization.ConstructorForDeserialization
-import net.corda.core.serialization.CordaSerializable
-import net.corda.core.serialization.SerializationContext
+import net.corda.core.serialization.*
 import org.apache.qpid.proton.codec.Data
 import java.lang.reflect.*
 import java.lang.reflect.Field
@@ -68,12 +65,33 @@ fun <T : Any> propertiesForSerialization(
         kotlinConstructor: KFunction<T>?,
         type: Type,
         factory: SerializerFactory): PropertySerializers = PropertySerializers.make(
-            if (kotlinConstructor != null) {
-                propertiesForSerializationFromConstructor(kotlinConstructor, type, factory)
-            } else {
-                propertiesForSerializationFromAbstract(type.asClass(), type, factory)
-            }.sortedWith(PropertyAccessor)
-    )
+            getValueProperties(kotlinConstructor, type, factory)
+                .addCalculatedProperties(factory, type)
+                .sortedWith(PropertyAccessor))
+
+fun <T : Any> getValueProperties(kotlinConstructor: KFunction<T>?, type: Type, factory: SerializerFactory)
+        : List<PropertyAccessor> =
+    if (kotlinConstructor != null) {
+        propertiesForSerializationFromConstructor(kotlinConstructor, type, factory)
+    } else {
+        propertiesForSerializationFromAbstract(type.asClass(), type, factory)
+    }
+
+private fun List<PropertyAccessor>.addCalculatedProperties(factory: SerializerFactory, type: Type)
+        : List<PropertyAccessor> {
+    val nonCalculated = map { it.serializer.name }.toSet()
+    return this + type.asClass().calculatedPropertyDescriptors().mapNotNull { (name, descriptor) ->
+        if (name in nonCalculated) null else {
+            val calculatedPropertyMethod = descriptor.getter
+                    ?: throw IllegalStateException("Property $name is not a calculated property")
+            CalculatedPropertyAccessor(PropertySerializer.make(
+                    name,
+                    PublicPropertyReader(calculatedPropertyMethod),
+                    calculatedPropertyMethod.genericReturnType,
+                    factory))
+        }
+    }
+}
 
 /**
  * From a constructor, determine which properties of a class are to be serialized.
@@ -145,7 +163,7 @@ fun propertiesForSerializationFromSetters(
         properties: Map<String, PropertyDescriptor>,
         type: Type,
         factory: SerializerFactory): List<PropertyAccessor> =
-        properties.asSequence().withIndex().map { (index, entry) ->
+        properties.asSequence().map { entry ->
             val (name, property) = entry
 
             val getter = property.getter
@@ -154,7 +172,6 @@ fun propertiesForSerializationFromSetters(
             if (getter == null || setter == null) return@map null
 
             PropertyAccessorGetterSetter(
-                    index,
                     PropertySerializer.make(
                             name,
                             PublicPropertyReader(getter),
@@ -191,9 +208,9 @@ private fun propertiesForSerializationFromAbstract(
         clazz: Class<*>,
         type: Type,
         factory: SerializerFactory): List<PropertyAccessor> =
-        clazz.propertyDescriptors().asSequence().withIndex().map { (index, entry) ->
+        clazz.propertyDescriptors().asSequence().withIndex().mapNotNull { (index, entry) ->
             val (name, property) = entry
-            if (property.getter == null || property.field == null) return@map null
+            if (property.getter == null || property.field == null) return@mapNotNull null
 
             val getter = property.getter
             val returnType = resolveTypeVariables(getter.genericReturnType, type)
@@ -201,7 +218,7 @@ private fun propertiesForSerializationFromAbstract(
             PropertyAccessorConstructor(
                     index,
                     PropertySerializer.make(name, PublicPropertyReader(getter), returnType, factory))
-        }.filterNotNull().toList()
+        }.toList()
 
 internal fun interfacesForSerialization(type: Type, serializerFactory: SerializerFactory): List<Type> =
         exploreType(type, serializerFactory).toList()
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializerFactory.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializerFactory.kt
index 8c869e2eda..cfce4fa76e 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializerFactory.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/SerializerFactory.kt
@@ -7,10 +7,7 @@ import net.corda.core.StubOutForDJVM
 import net.corda.core.internal.kotlinObjectInstance
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.serialization.ClassWhitelist
-import net.corda.core.utilities.contextLogger
-import net.corda.core.utilities.debug
-import net.corda.core.utilities.loggerFor
-import net.corda.core.utilities.trace
+import net.corda.core.utilities.*
 import net.corda.serialization.internal.carpenter.*
 import org.apache.qpid.proton.amqp.*
 import java.io.NotSerializableException
@@ -30,7 +27,7 @@ data class CustomSerializersCacheKey(val clazz: Class<*>, val declaredType: Type
 /**
  * Factory of serializers designed to be shared across threads and invocations.
  *
- * @property evolutionSerializerGetter controls how evolution serializers are generated by the factory. The normal
+ * @property evolutionSerializerProvider controls how evolution serializers are generated by the factory. The normal
  * use case is an [EvolutionSerializer] type is returned. However, in some scenarios, primarily testing, this
  * can be altered to fit the requirements of the test.
  * @property onlyCustomSerializers used for testing, when set will cause the factory to throw a
@@ -52,7 +49,7 @@ data class CustomSerializersCacheKey(val clazz: Class<*>, val declaredType: Type
 open class SerializerFactory(
         val whitelist: ClassWhitelist,
         val classCarpenter: ClassCarpenter,
-        private val evolutionSerializerGetter: EvolutionSerializerGetterBase = EvolutionSerializerGetter(),
+        private val evolutionSerializerProvider: EvolutionSerializerProvider = DefaultEvolutionSerializerProvider,
         val fingerPrinterConstructor: (SerializerFactory) -> FingerPrinter = ::SerializerFingerPrinter,
         private val serializersByType: MutableMap<Type, AMQPSerializer<Any>>,
         val serializersByDescriptor: MutableMap<Any, AMQPSerializer<Any>>,
@@ -64,13 +61,13 @@ open class SerializerFactory(
     @DeleteForDJVM
     constructor(whitelist: ClassWhitelist,
                 classCarpenter: ClassCarpenter,
-                evolutionSerializerGetter: EvolutionSerializerGetterBase = EvolutionSerializerGetter(),
+                evolutionSerializerProvider: EvolutionSerializerProvider = DefaultEvolutionSerializerProvider,
                 fingerPrinterConstructor: (SerializerFactory) -> FingerPrinter = ::SerializerFingerPrinter,
                 onlyCustomSerializers: Boolean = false
     ) : this(
             whitelist,
             classCarpenter,
-            evolutionSerializerGetter,
+            evolutionSerializerProvider,
             fingerPrinterConstructor,
             ConcurrentHashMap(),
             ConcurrentHashMap(),
@@ -84,13 +81,13 @@ open class SerializerFactory(
     constructor(whitelist: ClassWhitelist,
                 carpenterClassLoader: ClassLoader,
                 lenientCarpenter: Boolean = false,
-                evolutionSerializerGetter: EvolutionSerializerGetterBase = EvolutionSerializerGetter(),
+                evolutionSerializerProvider: EvolutionSerializerProvider = DefaultEvolutionSerializerProvider,
                 fingerPrinterConstructor: (SerializerFactory) -> FingerPrinter = ::SerializerFingerPrinter,
                 onlyCustomSerializers: Boolean = false
     ) : this(
             whitelist,
             ClassCarpenterImpl(whitelist, carpenterClassLoader, lenientCarpenter),
-            evolutionSerializerGetter,
+            evolutionSerializerProvider,
             fingerPrinterConstructor,
             onlyCustomSerializers)
 
@@ -98,12 +95,6 @@ open class SerializerFactory(
 
     val classloader: ClassLoader get() = classCarpenter.classloader
 
-    private fun getEvolutionSerializer(typeNotation: TypeNotation,
-                                       newSerializer: AMQPSerializer<Any>,
-                                       schemas: SerializationSchemas): AMQPSerializer<Any> {
-        return evolutionSerializerGetter.getEvolutionSerializer(this, typeNotation, newSerializer, schemas)
-    }
-
     /**
      * Look up, and manufacture if necessary, a serializer for the given type.
      *
@@ -117,11 +108,11 @@ open class SerializerFactory(
 
         val declaredClass = declaredType.asClass()
         val actualType: Type = if (actualClass == null) declaredType
-            else inferTypeVariables(actualClass, declaredClass, declaredType) ?: declaredType
+        else inferTypeVariables(actualClass, declaredClass, declaredType) ?: declaredType
 
         val serializer = when {
-        // Declared class may not be set to Collection, but actual class could be a collection.
-        // In this case use of CollectionSerializer is perfectly appropriate.
+            // Declared class may not be set to Collection, but actual class could be a collection.
+            // In this case use of CollectionSerializer is perfectly appropriate.
             (Collection::class.java.isAssignableFrom(declaredClass) ||
                     (actualClass != null && Collection::class.java.isAssignableFrom(actualClass))) &&
                     !EnumSet::class.java.isAssignableFrom(actualClass ?: declaredClass) -> {
@@ -130,8 +121,8 @@ open class SerializerFactory(
                     CollectionSerializer(declaredTypeAmended, this)
                 }
             }
-        // Declared class may not be set to Map, but actual class could be a map.
-        // In this case use of MapSerializer is perfectly appropriate.
+            // Declared class may not be set to Map, but actual class could be a map.
+            // In this case use of MapSerializer is perfectly appropriate.
             (Map::class.java.isAssignableFrom(declaredClass) ||
                     (actualClass != null && Map::class.java.isAssignableFrom(actualClass))) -> {
                 val declaredTypeAmended = MapSerializer.deriveParameterizedType(declaredType, declaredClass, actualClass)
@@ -142,8 +133,8 @@ open class SerializerFactory(
             Enum::class.java.isAssignableFrom(actualClass ?: declaredClass) -> {
                 logger.trace {
                     "class=[${actualClass?.simpleName} | $declaredClass] is an enumeration " +
-                    "declaredType=${declaredType.typeName} " +
-                    "isEnum=${declaredType::class.java.isEnum}"
+                            "declaredType=${declaredType.typeName} " +
+                            "isEnum=${declaredType::class.java.isEnum}"
                 }
 
                 serializersByType.computeIfAbsent(actualClass ?: declaredClass) {
@@ -203,33 +194,86 @@ open class SerializerFactory(
      * if not, use the [ClassCarpenter] to generate a class to use in its place.
      */
     private fun processSchema(schemaAndDescriptor: FactorySchemaAndDescriptor, sentinel: Boolean = false) {
-        val metaSchema = CarpenterMetaSchema.newInstance()
-        for (typeNotation in schemaAndDescriptor.schemas.schema.types) {
-            logger.trace { "descriptor=${schemaAndDescriptor.typeDescriptor}, typeNotation=${typeNotation.name}" }
+        val requiringCarpentry = schemaAndDescriptor.schemas.schema.types.mapNotNull { typeNotation ->
             try {
-                val serialiser = processSchemaEntry(typeNotation)
-                // if we just successfully built a serializer for the type but the type fingerprint
-                // doesn't match that of the serialised object then we are dealing with  different
-                // instance of the class, as such we need to build an EvolutionSerializer
-                if (serialiser.typeDescriptor != typeNotation.descriptor.name) {
-                    logger.trace { "typeNotation=${typeNotation.name} action=\"requires Evolution\"" }
-                    getEvolutionSerializer(typeNotation, serialiser, schemaAndDescriptor.schemas)
-                }
+                getOrRegisterSerializer(schemaAndDescriptor, typeNotation)
+                return@mapNotNull null
             } catch (e: ClassNotFoundException) {
                 if (sentinel) {
                     logger.error("typeNotation=${typeNotation.name} error=\"after Carpentry attempt failed to load\"")
                     throw e
                 }
-                else {
-                    logger.trace { "typeNotation=\"${typeNotation.name}\" action=\"carpentry required\"" }
-                }
-                metaSchema.buildFor(typeNotation, classloader)
+                logger.trace { "typeNotation=\"${typeNotation.name}\" action=\"carpentry required\"" }
+                return@mapNotNull typeNotation
+            }
+        }.toList()
+
+        if (requiringCarpentry.isEmpty()) return
+
+        runCarpentry(schemaAndDescriptor, CarpenterMetaSchema.buildWith(classloader, requiringCarpentry))
+    }
+
+    private fun getOrRegisterSerializer(schemaAndDescriptor: FactorySchemaAndDescriptor, typeNotation: TypeNotation) {
+        logger.trace { "descriptor=${schemaAndDescriptor.typeDescriptor}, typeNotation=${typeNotation.name}" }
+        val serialiser = processSchemaEntry(typeNotation)
+
+        // if we just successfully built a serializer for the type but the type fingerprint
+        // doesn't match that of the serialised object then we may be dealing with different
+        // instance of the class, and such we need to build an EvolutionSerializer
+        if (serialiser.typeDescriptor == typeNotation.descriptor.name) return
+
+        logger.trace { "typeNotation=${typeNotation.name} action=\"requires Evolution\"" }
+        evolutionSerializerProvider.getEvolutionSerializer(this, typeNotation, serialiser, schemaAndDescriptor.schemas)
+    }
+
+    private fun processSchemaEntry(typeNotation: TypeNotation) = when (typeNotation) {
+        // java.lang.Class (whether a class or interface)
+        is CompositeType -> {
+            logger.trace("typeNotation=${typeNotation.name} amqpType=CompositeType")
+            processCompositeType(typeNotation)
+        }
+        // Collection / Map, possibly with generics
+        is RestrictedType -> {
+            logger.trace("typeNotation=${typeNotation.name} amqpType=RestrictedType")
+            processRestrictedType(typeNotation)
+        }
+    }
+
+    // TODO: class loader logic, and compare the schema.
+    private fun processRestrictedType(typeNotation: RestrictedType) =
+            get(null, typeForName(typeNotation.name, classloader))
+
+    private fun processCompositeType(typeNotation: CompositeType): AMQPSerializer<Any> {
+        // TODO: class loader logic, and compare the schema.
+        val type = typeForName(typeNotation.name, classloader)
+        return get(type.asClass(), type)
+    }
+
+    private fun typeForName(name: String, classloader: ClassLoader): Type = when {
+        name.endsWith("[]") -> {
+            val elementType = typeForName(name.substring(0, name.lastIndex - 1), classloader)
+            if (elementType is ParameterizedType || elementType is GenericArrayType) {
+                DeserializedGenericArrayType(elementType)
+            } else if (elementType is Class<*>) {
+                java.lang.reflect.Array.newInstance(elementType, 0).javaClass
+            } else {
+                throw AMQPNoTypeNotSerializableException("Not able to deserialize array type: $name")
             }
         }
-
-        if (metaSchema.isNotEmpty()) {
-            runCarpentry(schemaAndDescriptor, metaSchema)
-        }
+        name.endsWith("[p]") -> // There is no need to handle the ByteArray case as that type is coercible automatically
+            // to the binary type and is thus handled by the main serializer and doesn't need a
+            // special case for a primitive array of bytes
+            when (name) {
+                "int[p]" -> IntArray::class.java
+                "char[p]" -> CharArray::class.java
+                "boolean[p]" -> BooleanArray::class.java
+                "float[p]" -> FloatArray::class.java
+                "double[p]" -> DoubleArray::class.java
+                "short[p]" -> ShortArray::class.java
+                "long[p]" -> LongArray::class.java
+                else -> throw AMQPNoTypeNotSerializableException("Not able to deserialize array type: $name")
+            }
+        else -> DeserializedParameterizedType.make(name, classloader)
     }
 
     @StubOutForDJVM
@@ -251,31 +295,6 @@ open class SerializerFactory(
         processSchema(schemaAndDescriptor, true)
     }
 
-    private fun processSchemaEntry(typeNotation: TypeNotation) = when (typeNotation) {
-    // java.lang.Class (whether a class or interface)
-        is CompositeType -> {
-            logger.trace("typeNotation=${typeNotation.name} amqpType=CompositeType")
-            processCompositeType(typeNotation)
-        }
-    // Collection / Map, possibly with generics
-        is RestrictedType -> {
-            logger.trace("typeNotation=${typeNotation.name} amqpType=RestrictedType")
-            processRestrictedType(typeNotation)
-        }
-    }
-
-    // TODO: class loader logic, and compare the schema.
-    private fun processRestrictedType(typeNotation: RestrictedType) = get(null,
-            typeForName(typeNotation.name, classloader))
-
-    private fun processCompositeType(typeNotation: CompositeType): AMQPSerializer<Any> {
-        // TODO: class loader logic, and compare the schema.
-        val type = typeForName(typeNotation.name, classloader)
-        return get(
-                type.asClass(),
-                type)
-    }
-
     private fun makeClassSerializer(
             clazz: Class<*>,
             type: Type,
@@ -352,6 +371,9 @@ open class SerializerFactory(
         return MapSerializer(declaredType, this)
     }
 
+    fun registerByDescriptor(name: Symbol, serializerCreator: () -> AMQPSerializer<Any>): AMQPSerializer<Any> =
+            serializersByDescriptor.computeIfAbsent(name) { _ -> serializerCreator() }
+
     companion object {
         private val logger = contextLogger()
 
@@ -405,35 +427,6 @@ open class SerializerFactory(
             is TypeVariable<*> -> "?"
             else -> throw AMQPNotSerializableException(type, "Unable to render type $type to a string.")
         }
-
-        private fun typeForName(name: String, classloader: ClassLoader): Type {
-            return if (name.endsWith("[]")) {
-                val elementType = typeForName(name.substring(0, name.lastIndex - 1), classloader)
-                if (elementType is ParameterizedType || elementType is GenericArrayType) {
-                    DeserializedGenericArrayType(elementType)
-                } else if (elementType is Class<*>) {
-                    java.lang.reflect.Array.newInstance(elementType, 0).javaClass
-                } else {
-                    throw AMQPNoTypeNotSerializableException("Not able to deserialize array type: $name")
-                }
-            } else if (name.endsWith("[p]")) {
-                // There is no need to handle the ByteArray case as that type is coercible automatically
-                // to the binary type and is thus handled by the main serializer and doesn't need a
-                // special case for a primitive array of bytes
-                when (name) {
-                    "int[p]" -> IntArray::class.java
-                    "char[p]" -> CharArray::class.java
-                    "boolean[p]" -> BooleanArray::class.java
-                    "float[p]" -> FloatArray::class.java
-                    "double[p]" -> DoubleArray::class.java
-                    "short[p]" -> ShortArray::class.java
-                    "long[p]" -> LongArray::class.java
-                    else -> throw AMQPNoTypeNotSerializableException("Not able to deserialize array type: $name")
-                }
-            } else {
-                DeserializedParameterizedType.make(name, classloader)
-            }
-        }
     }
 
     object AnyType : WildcardType {
@@ -443,4 +436,4 @@ open class SerializerFactory(
 
         override fun toString(): String = "?"
     }
-}
+}
\ No newline at end of file
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/carpenter/MetaCarpenter.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/carpenter/MetaCarpenter.kt
index c85bb6ebd6..b5e6593286 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/carpenter/MetaCarpenter.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/carpenter/MetaCarpenter.kt
@@ -32,6 +32,11 @@ data class CarpenterMetaSchema(
         val dependencies: MutableMap<String, Pair<TypeNotation, MutableList<String>>>,
         val dependsOn: MutableMap<String, MutableList<String>>) {
     companion object CarpenterSchemaConstructor {
+        fun buildWith(classLoader: ClassLoader, types: List<TypeNotation>) =
+            newInstance().apply {
+                types.forEach { buildFor(it, classLoader) }
+            }
+
         fun newInstance(): CarpenterMetaSchema {
             return CarpenterMetaSchema(mutableListOf(), mutableMapOf(), mutableMapOf())
         }
diff --git a/serialization/src/test/java/net/corda/serialization/internal/carpenter/JavaCalculatedValuesToClassCarpenterTest.java b/serialization/src/test/java/net/corda/serialization/internal/carpenter/JavaCalculatedValuesToClassCarpenterTest.java
new file mode 100644
index 0000000000..1171d7713d
--- /dev/null
+++ b/serialization/src/test/java/net/corda/serialization/internal/carpenter/JavaCalculatedValuesToClassCarpenterTest.java
@@ -0,0 +1,107 @@
+package net.corda.serialization.internal.carpenter;
+
+import net.corda.core.serialization.SerializableCalculatedProperty;
+import net.corda.core.serialization.SerializationContext;
+import net.corda.core.serialization.SerializationFactory;
+import net.corda.core.serialization.SerializedBytes;
+import net.corda.serialization.internal.AllWhitelist;
+import net.corda.serialization.internal.amqp.*;
+import net.corda.serialization.internal.amqp.Schema;
+import net.corda.testing.core.SerializationEnvironmentRule;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+
+import static java.util.Collections.singletonList;
+import static net.corda.serialization.internal.amqp.testutils.AMQPTestUtilsKt.testDefaultFactoryNoEvolution;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class JavaCalculatedValuesToClassCarpenterTest extends AmqpCarpenterBase {
+    public JavaCalculatedValuesToClassCarpenterTest() {
+        super(AllWhitelist.INSTANCE);
+    }
+
+    public interface Parent {
+        @SerializableCalculatedProperty
+        int getDoubled();
+    }
+
+    public static final class C implements Parent {
+        private final int i;
+
+        public C(int i) {
+            this.i = i;
+        }
+
+        @SerializableCalculatedProperty
+        public String getSquared() {
+            return Integer.toString(i * i);
+        }
+
+        @Override
+        public int getDoubled() {
+            return i * 2;
+        }
+
+        public int getI() {
+            return i;
+        }
+    }
+
+    @Rule
+    public final SerializationEnvironmentRule serializationEnvironmentRule = new SerializationEnvironmentRule();
+    private SerializationContext context;
+
+    @Before
+    public void initSerialization() {
+        SerializationFactory factory = serializationEnvironmentRule.getSerializationFactory();
+        context = factory.getDefaultContext();
+    }
+
+    @Test
+    public void calculatedValues() throws Exception {
+        SerializerFactory factory = testDefaultFactoryNoEvolution();
+        SerializedBytes<C> serialized = serialise(new C(2));
+        ObjectAndEnvelope<C> objAndEnv = new DeserializationInput(factory)
+                .deserializeAndReturnEnvelope(serialized, C.class, context);
+
+        C amqpObj = objAndEnv.getObj();
+        Schema schema = objAndEnv.getEnvelope().getSchema();
+
+        assertEquals(2, amqpObj.getI());
+        assertEquals("4", amqpObj.getSquared());
+        assertEquals(2, schema.getTypes().size());
+        assertTrue(schema.getTypes().get(0) instanceof CompositeType);
+
+        CompositeType concrete = (CompositeType) schema.getTypes().get(0);
+        assertEquals(3, concrete.getFields().size());
+        assertEquals("doubled", concrete.getFields().get(0).getName());
+        assertEquals("int", concrete.getFields().get(0).getType());
+        assertEquals("i", concrete.getFields().get(1).getName());
+        assertEquals("int", concrete.getFields().get(1).getType());
+        assertEquals("squared", concrete.getFields().get(2).getName());
+        assertEquals("string", concrete.getFields().get(2).getType());
+
+        assertEquals(0, AMQPSchemaExtensions.carpenterSchema(schema, ClassLoader.getSystemClassLoader()).getSize());
+        Schema mangledSchema = ClassCarpenterTestUtilsKt.mangleNames(schema, singletonList(C.class.getTypeName()));
+        CarpenterMetaSchema l2 = AMQPSchemaExtensions.carpenterSchema(mangledSchema, ClassLoader.getSystemClassLoader());
+        String mangledClassName = ClassCarpenterTestUtilsKt.mangleName(C.class.getTypeName());
+
+        assertEquals(1, l2.getSize());
+        net.corda.serialization.internal.carpenter.Schema carpenterSchema = l2.getCarpenterSchemas().stream()
+                .filter(s -> s.getName().equals(mangledClassName))
+                .findFirst()
+                .orElseThrow(() -> new IllegalStateException("No schema found for mangled class name " + mangledClassName));
+
+        Class<?> pinochio = new ClassCarpenterImpl(AllWhitelist.INSTANCE).build(carpenterSchema);
+        Object p = pinochio.getConstructors()[0].newInstance(4, 2, "4");
+
+        assertEquals(pinochio.getMethod("getI").invoke(p), amqpObj.getI());
+        assertEquals(pinochio.getMethod("getSquared").invoke(p), amqpObj.getSquared());
+        assertEquals(pinochio.getMethod("getDoubled").invoke(p), amqpObj.getDoubled());
+
+        Parent upcast = (Parent) p;
+        assertEquals(upcast.getDoubled(), amqpObj.getDoubled());
+    }
+}
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializerGetterTesting.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializerProviderTesting.kt
similarity index 85%
rename from serialization/src/test/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializerGetterTesting.kt
rename to serialization/src/test/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializerProviderTesting.kt
index 74ab702687..7239e6a467 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializerGetterTesting.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializerProviderTesting.kt
@@ -3,12 +3,12 @@ package net.corda.serialization.internal.amqp
 import java.io.NotSerializableException
 
 /**
- * An implementation of [EvolutionSerializerGetterBase] that disables all evolution within a
+ * An implementation of [EvolutionSerializerProvider] that disables all evolution within a
  * [SerializerFactory]. This is most useful in testing where it is known that evolution should not be
  * occurring and where bugs may be hidden by transparent invocation of an [EvolutionSerializer]. This
  * prevents that by simply throwing an exception whenever such a serializer is requested.
  */
-class EvolutionSerializerGetterTesting : EvolutionSerializerGetterBase() {
+object FailIfEvolutionAttempted : EvolutionSerializerProvider {
     override fun getEvolutionSerializer(factory: SerializerFactory,
                                         typeNotation: TypeNotation,
                                         newSerializer: AMQPSerializer<Any>,
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/FingerPrinterTesting.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/FingerPrinterTesting.kt
index 023f291394..6d88f3ccf2 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/FingerPrinterTesting.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/FingerPrinterTesting.kt
@@ -42,7 +42,7 @@ class FingerPrinterTestingTests {
         val factory = SerializerFactory(
                 AllWhitelist,
                 ClassLoader.getSystemClassLoader(),
-                evolutionSerializerGetter = EvolutionSerializerGetterTesting(),
+                evolutionSerializerProvider = FailIfEvolutionAttempted,
                 fingerPrinterConstructor = { _ -> FingerPrinterTesting() })
 
         val blob = TestSerializationOutput(VERBOSE, factory).serializeAndReturnSchema(C(1, 2L))
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/RoundTripTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/RoundTripTests.kt
index 381032cfbd..5f9ee087b3 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/RoundTripTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/RoundTripTests.kt
@@ -1,6 +1,7 @@
 package net.corda.serialization.internal.amqp
 
 import net.corda.core.serialization.ConstructorForDeserialization
+import net.corda.core.serialization.SerializableCalculatedProperty
 import net.corda.serialization.internal.amqp.testutils.deserialize
 import net.corda.serialization.internal.amqp.testutils.serialize
 import net.corda.serialization.internal.amqp.testutils.testDefaultFactoryNoEvolution
@@ -61,4 +62,62 @@ class RoundTripTests {
         val newC = DeserializationInput(factory).deserialize(bytes)
         newC.copy(l = (newC.l + "d"))
     }
+
+    @Test
+    fun calculatedValues() {
+        data class C(val i: Int) {
+            @get:SerializableCalculatedProperty
+            val squared = i * i
+        }
+
+        val factory = testDefaultFactoryNoEvolution()
+        val bytes = SerializationOutput(factory).serialize(C(2))
+        val deserialized = DeserializationInput(factory).deserialize(bytes)
+        assertThat(deserialized.squared).isEqualTo(4)
+    }
+
+    @Test
+    fun calculatedFunction() {
+        class C {
+            var i: Int = 0
+            @SerializableCalculatedProperty
+            fun getSquared() = i * i
+        }
+
+        val instance = C().apply { i = 2 }
+        val factory = testDefaultFactoryNoEvolution()
+        val bytes = SerializationOutput(factory).serialize(instance)
+        val deserialized = DeserializationInput(factory).deserialize(bytes)
+        assertThat(deserialized.getSquared()).isEqualTo(4)
+    }
+
+    interface I {
+        @get:SerializableCalculatedProperty
+        val squared: Int
+    }
+
+    @Test
+    fun inheritedCalculatedFunction() {
+        class C: I {
+            var i: Int = 0
+            override val squared get() = i * i
+        }
+
+        val instance = C().apply { i = 2 }
+        val factory = testDefaultFactoryNoEvolution()
+        val bytes = SerializationOutput(factory).serialize(instance)
+        val deserialized = DeserializationInput(factory).deserialize(bytes) as I
+        assertThat(deserialized.squared).isEqualTo(4)
+    }
+
+    @Test
+    fun inheritedCalculatedFunctionIsNotCalculated() {
+        class C(override val squared: Int): I
+
+        val instance = C(2)
+        val factory = testDefaultFactoryNoEvolution()
+        val bytes = SerializationOutput(factory).serialize(instance)
+        val deserialized = DeserializationInput(factory).deserialize(bytes) as I
+        assertThat(deserialized.squared).isEqualTo(2)
+    }
 }
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/SerializationOutputTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/SerializationOutputTests.kt
index 37bf6e8b47..a0259ca36c 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/SerializationOutputTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/SerializationOutputTests.kt
@@ -210,7 +210,7 @@ class SerializationOutputTests(private val compression: CordaSerializationEncodi
         return SerializerFactory(
                 AllWhitelist,
                 ClassLoader.getSystemClassLoader(),
-                evolutionSerializerGetter = EvolutionSerializerGetterTesting()
+                evolutionSerializerProvider = FailIfEvolutionAttempted
         )
     }
 
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/testutils/AMQPTestUtils.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/testutils/AMQPTestUtils.kt
index e3820e2d6b..ea81448da7 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/testutils/AMQPTestUtils.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/amqp/testutils/AMQPTestUtils.kt
@@ -23,7 +23,7 @@ fun testDefaultFactoryNoEvolution(): SerializerFactory {
     return SerializerFactory(
             AllWhitelist,
             ClassLoader.getSystemClassLoader(),
-            evolutionSerializerGetter = EvolutionSerializerGetterTesting())
+            evolutionSerializerProvider = FailIfEvolutionAttempted)
 }
 
 fun testDefaultFactoryWithWhitelist() = SerializerFactory(EmptyWhitelist, ClassLoader.getSystemClassLoader())
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CalculatedValuesToClassCarpenterTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CalculatedValuesToClassCarpenterTests.kt
new file mode 100644
index 0000000000..893f81833b
--- /dev/null
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CalculatedValuesToClassCarpenterTests.kt
@@ -0,0 +1,101 @@
+package net.corda.serialization.internal.carpenter
+
+import net.corda.core.serialization.SerializableCalculatedProperty
+import net.corda.serialization.internal.AllWhitelist
+import net.corda.serialization.internal.amqp.CompositeType
+import net.corda.serialization.internal.amqp.DeserializationInput
+import net.corda.serialization.internal.amqp.testutils.deserializeAndReturnEnvelope
+import net.corda.serialization.internal.amqp.testutils.testDefaultFactoryNoEvolution
+import org.junit.Test
+import kotlin.test.assertEquals
+
+class CalculatedValuesToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
+
+    interface Parent {
+        @get:SerializableCalculatedProperty
+        val doubled: Int
+    }
+
+    @Test
+    fun calculatedValues() {
+        data class C(val i: Int): Parent {
+            @get:SerializableCalculatedProperty
+            val squared = (i * i).toString()
+
+            override val doubled get() = i * 2
+        }
+
+        val factory = testDefaultFactoryNoEvolution()
+        val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(C(2)))
+        val amqpObj = obj.obj
+        val serSchema = obj.envelope.schema
+
+        assertEquals(2, amqpObj.i)
+        assertEquals("4", amqpObj.squared)
+        assertEquals(2, serSchema.types.size)
+        require(serSchema.types[0] is CompositeType)
+
+        val concrete = serSchema.types[0] as CompositeType
+        assertEquals(3, concrete.fields.size)
+        assertEquals("doubled", concrete.fields[0].name)
+        assertEquals("int", concrete.fields[0].type)
+        assertEquals("i", concrete.fields[1].name)
+        assertEquals("int", concrete.fields[1].type)
+        assertEquals("squared", concrete.fields[2].name)
+        assertEquals("string", concrete.fields[2].type)
+
+        val l1 = serSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
+        assertEquals(0, l1.size)
+        val mangleSchema = serSchema.mangleNames(listOf((classTestName("C"))))
+        val l2 = mangleSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
+        val aName = mangleName(classTestName("C"))
+
+        assertEquals(1, l2.size)
+        val aSchema = l2.carpenterSchemas.find { it.name == aName }!!
+
+        val pinochio = ClassCarpenterImpl(whitelist = AllWhitelist).build(aSchema)
+        val p = pinochio.constructors[0].newInstance(4, 2, "4")
+
+        assertEquals(pinochio.getMethod("getI").invoke(p), amqpObj.i)
+        assertEquals(pinochio.getMethod("getSquared").invoke(p), amqpObj.squared)
+        assertEquals(pinochio.getMethod("getDoubled").invoke(p), amqpObj.doubled)
+
+        val upcast = p as Parent
+        assertEquals(upcast.doubled, amqpObj.doubled)
+    }
+
+    @Test
+    fun implementingClassDoesNotCalculateValue() {
+        class C(override val doubled: Int): Parent
+
+        val factory = testDefaultFactoryNoEvolution()
+        val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(C(5)))
+        val amqpObj = obj.obj
+        val serSchema = obj.envelope.schema
+
+        assertEquals(2, serSchema.types.size)
+        require(serSchema.types[0] is CompositeType)
+
+        val concrete = serSchema.types[0] as CompositeType
+        assertEquals(1, concrete.fields.size)
+        assertEquals("doubled", concrete.fields[0].name)
+        assertEquals("int", concrete.fields[0].type)
+
+        val l1 = serSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
+        assertEquals(0, l1.size)
+        val mangleSchema = serSchema.mangleNames(listOf((classTestName("C"))))
+        val l2 = mangleSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
+        val aName = mangleName(classTestName("C"))
+
+        assertEquals(1, l2.size)
+        val aSchema = l2.carpenterSchemas.find { it.name == aName }!!
+
+        val pinochio = ClassCarpenterImpl(whitelist = AllWhitelist).build(aSchema)
+        val p = pinochio.constructors[0].newInstance(5)
+
+        assertEquals(pinochio.getMethod("getDoubled").invoke(p), amqpObj.doubled)
+
+        val upcast = p as Parent
+        assertEquals(upcast.doubled, amqpObj.doubled)
+    }
+}
\ No newline at end of file
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/ClassCarpenterTestUtils.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/ClassCarpenterTestUtils.kt
index 22f93a5b16..5c3701dc49 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/ClassCarpenterTestUtils.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/ClassCarpenterTestUtils.kt
@@ -1,6 +1,7 @@
 package net.corda.serialization.internal.carpenter
 
 import net.corda.core.serialization.ClassWhitelist
+import net.corda.core.serialization.SerializedBytes
 import net.corda.serialization.internal.amqp.*
 import net.corda.serialization.internal.amqp.Field
 import net.corda.serialization.internal.amqp.Schema
@@ -47,7 +48,7 @@ open class AmqpCarpenterBase(whitelist: ClassWhitelist) {
     var cc = ClassCarpenterImpl(whitelist = whitelist)
     var factory = SerializerFactoryExternalCarpenter(cc)
 
-    fun serialise(clazz: Any) = SerializationOutput(factory).serialize(clazz)
+    fun <T: Any> serialise(obj: T): SerializedBytes<T> = SerializationOutput(factory).serialize(obj)
     @Suppress("NOTHING_TO_INLINE")
     inline fun classTestName(clazz: String) = "${this.javaClass.name}\$${testName()}\$$clazz"
 }
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CompositeMemberCompositeSchemaToClassCarpenterTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CompositeMemberCompositeSchemaToClassCarpenterTests.kt
index cca81755e9..5e5b262a6f 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CompositeMemberCompositeSchemaToClassCarpenterTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/CompositeMemberCompositeSchemaToClassCarpenterTests.kt
@@ -30,9 +30,7 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
         val b = B(A(testA), testB)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(b))
 
-        require(obj.obj is B)
-
-        val amqpObj = obj.obj as B
+        val amqpObj = obj.obj
 
         assertEquals(testB, amqpObj.b)
         assertEquals(testA, amqpObj.a.a)
@@ -92,8 +90,6 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(b))
         val amqpSchema = obj.envelope.schema.mangleNames(listOf(classTestName("A")))
 
-        require(obj.obj is B)
-
         amqpSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
     }
 
@@ -111,8 +107,6 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
         val b = B(A(testA), testB)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(b))
 
-        require(obj.obj is B)
-
         val amqpSchema = obj.envelope.schema.mangleNames(listOf(classTestName("B")))
         val carpenterSchema = amqpSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
 
@@ -138,9 +132,6 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
 
         val b = B(A(testA), testB)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(b))
-
-        require(obj.obj is B)
-
         val amqpSchema = obj.envelope.schema.mangleNames(listOf(classTestName("A"), classTestName("B")))
         val carpenterSchema = amqpSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
 
@@ -198,8 +189,6 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
         val c = C(B(testA, testB), testC)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(c))
 
-        require(obj.obj is C)
-
         val amqpSchema = obj.envelope.schema.mangleNames(listOf(classTestName("A"), classTestName("B")))
 
         amqpSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
@@ -224,8 +213,6 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
         val c = C(B(testA, testB), testC)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(c))
 
-        require(obj.obj is C)
-
         val amqpSchema = obj.envelope.schema.mangleNames(listOf(classTestName("A"), classTestName("B")))
 
         amqpSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
@@ -250,8 +237,6 @@ class CompositeMembers : AmqpCarpenterBase(AllWhitelist) {
         val c = C(B(testA, testB), testC)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(c))
 
-        require(obj.obj is C)
-
         val carpenterSchema = obj.envelope.schema.mangleNames(listOf(classTestName("A"), classTestName("B")))
         TestMetaCarpenter(carpenterSchema.carpenterSchema(
                 ClassLoader.getSystemClassLoader()), ClassCarpenterImpl(whitelist = AllWhitelist))
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/InheritanceSchemaToClassCarpenterTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/InheritanceSchemaToClassCarpenterTests.kt
index b7e09664f6..6a1a2c6e3e 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/InheritanceSchemaToClassCarpenterTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/InheritanceSchemaToClassCarpenterTests.kt
@@ -44,7 +44,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
 
         assertEquals(testJ, a.j)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-        assertTrue(obj.obj is A)
         val serSchema = obj.envelope.schema
         assertEquals(2, serSchema.types.size)
         val l1 = serSchema.carpenterSchema(ClassLoader.getSystemClassLoader())
@@ -84,8 +83,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
 
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
 
-        assertTrue(obj.obj is A)
-
         val serSchema = obj.envelope.schema
 
         assertEquals(2, serSchema.types.size)
@@ -128,8 +125,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
         val a = A(testI, testII)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
 
-        assertTrue(obj.obj is A)
-
         val serSchema = obj.envelope.schema
 
         assertEquals(3, serSchema.types.size)
@@ -176,8 +171,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
         val a = A(testI, testIII)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
 
-        assertTrue(obj.obj is A)
-
         val serSchema = obj.envelope.schema
 
         assertEquals(3, serSchema.types.size)
@@ -225,8 +218,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
         val b = B(a, testIIII)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(b))
 
-        assertTrue(obj.obj is B)
-
         val serSchema = obj.envelope.schema
 
         // Expected classes are
@@ -281,8 +272,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
         val b = B(a, testIIII)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(b))
 
-        assertTrue(obj.obj is B)
-
         val serSchema = obj.envelope.schema
 
         // The classes we're expecting to find:
@@ -305,8 +294,6 @@ class InheritanceSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhitelist) {
         val a = A(testI)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
 
-        assertTrue(obj.obj is A)
-
         val serSchema = obj.envelope.schema
 
         // The classes we're expecting to find:
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/MultiMemberCompositeSchemaToClassCarpenterTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/MultiMemberCompositeSchemaToClassCarpenterTests.kt
index 8b50f9d996..3a560566bb 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/MultiMemberCompositeSchemaToClassCarpenterTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/MultiMemberCompositeSchemaToClassCarpenterTests.kt
@@ -21,8 +21,7 @@ class MultiMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhi
         val a = A(testA, testB)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
 
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(testA, amqpObj.a)
         assertEquals(testB, amqpObj.b)
@@ -65,8 +64,7 @@ class MultiMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWhi
         val a = A(testA, testB)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
 
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(testA, amqpObj.a)
         assertEquals(testB, amqpObj.b)
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/SingleMemberCompositeSchemaToClassCarpenterTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/SingleMemberCompositeSchemaToClassCarpenterTests.kt
index abcf831091..5642b0b824 100644
--- a/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/SingleMemberCompositeSchemaToClassCarpenterTests.kt
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/carpenter/SingleMemberCompositeSchemaToClassCarpenterTests.kt
@@ -17,9 +17,7 @@ class SingleMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWh
         val test = 10
         val a = A(test)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(test, amqpObj.a)
         assertEquals(1, obj.envelope.schema.types.size)
@@ -53,9 +51,7 @@ class SingleMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWh
         val a = A(test)
 
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(test, amqpObj.a)
         assertEquals(1, obj.envelope.schema.types.size)
@@ -83,9 +79,7 @@ class SingleMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWh
         val test = 10L
         val a = A(test)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(test, amqpObj.a)
         assertEquals(1, obj.envelope.schema.types.size)
@@ -118,9 +112,7 @@ class SingleMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWh
         val test = 10.toShort()
         val a = A(test)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(test, amqpObj.a)
         assertEquals(1, obj.envelope.schema.types.size)
@@ -153,9 +145,7 @@ class SingleMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWh
         val test = 10.0
         val a = A(test)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(test, amqpObj.a)
         assertEquals(1, obj.envelope.schema.types.size)
@@ -188,9 +178,7 @@ class SingleMemberCompositeSchemaToClassCarpenterTests : AmqpCarpenterBase(AllWh
         val test = 10.0F
         val a = A(test)
         val obj = DeserializationInput(factory).deserializeAndReturnEnvelope(serialise(a))
-
-        require(obj.obj is A)
-        val amqpObj = obj.obj as A
+        val amqpObj = obj.obj
 
         assertEquals(test, amqpObj.a)
         assertEquals(1, obj.envelope.schema.types.size)

From 9ebeac1ad87448a17e45519161e76e756ea0f854 Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Wed, 10 Oct 2018 10:04:22 +0100
Subject: [PATCH 31/83] CORDA-535:  Extract notary implementations into
 CorDapps (#3978)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Move Raft and BFT notaries into separate modules

* Move schemas

* Fix tests & demos

* Modified logic for creating notary services:

Added a new field 'className' to the notary configuration. The node now
loads the specified implementation via reflection. The default className
value points to the simple notary implementation for backwards compatibility.
Relevant schemas are loaded in a similar fashion.

For backwards compatibility purposes the default SimpleNotaryService will
remain built-in to node, but its cordapp will be generated on startup – so
the loading of notary services is streamlined.

* Move test namedcache factory to test utils
---
 .idea/compiler.xml                            |  6 +-
 build.gradle                                  |  4 +-
 .../kotlin/net/corda/core/cordapp/Cordapp.kt  |  2 +
 .../core/internal/cordapp/CordappImpl.kt      | 13 ++-
 .../net/corda/core/flows/AttachmentTests.kt   |  2 +-
 .../AttachmentSerializationTest.kt            |  2 +-
 experimental/notary-bft-smart/build.gradle    | 35 ++++++++
 .../net/corda/notary/bftsmart}/BFTSMaRt.kt    | 11 +--
 .../corda/notary/bftsmart}/BFTSMaRtConfig.kt  |  3 +-
 .../notary/bftsmart/BftSmartNotaryService.kt  | 28 +++++--
 .../net/corda/notary/bftsmart/Schema.kt       | 20 +++++
 .../notary-bft-smart.changelog-init.xml       | 45 +++++++++++
 .../notary-bft-smart.changelog-master.xml     |  9 +++
 .../notary-bft-smart.changelog-pkey.xml       | 11 +++
 .../notary-bft-smart.changelog-v1.xml         | 10 +++
 .../notary/bftsmart}/system.config.printf     |  0
 .../notary/bftsmart}/BFTNotaryServiceTests.kt | 10 ++-
 .../notary/bftsmart}/BFTSMaRtConfigTests.kt   |  4 +-
 experimental/notary-raft/build.gradle         | 35 ++++++++
 .../corda/notary/raft/RaftNotaryService.kt    | 46 +++++++++++
 .../notary/raft}/RaftTransactionCommitLog.kt  |  9 ++-
 .../notary/raft}/RaftUniquenessProvider.kt    |  4 +-
 .../kotlin/net/corda/notary/raft/Schema.kt    | 19 +++++
 .../migration/notary-raft.changelog-init.xml  | 46 +++++++++++
 .../notary-raft.changelog-master.xml          | 11 +++
 .../migration/notary-raft.changelog-pkey.xml  | 11 +++
 .../migration/notary-raft.changelog-v1.xml    | 11 +++
 .../notary/raft}/RaftNotaryServiceTests.kt    |  2 +-
 .../raft}/RaftTransactionCommitLogTests.kt    |  6 +-
 node/build.gradle                             |  9 ---
 .../distributed/DistributedServiceTests.kt    |  2 +-
 .../messaging/ArtemisMessagingTest.kt         |  2 +-
 .../network/PersistentNetworkMapCacheTest.kt  |  2 +-
 .../services/messaging/P2PMessagingTest.kt    |  1 +
 .../net/corda/node/internal/AbstractNode.kt   | 81 ++++++++++---------
 .../kotlin/net/corda/node/internal/Node.kt    |  8 --
 .../net/corda/node/internal/NodeStartup.kt    | 14 +++-
 .../cordapp/JarScanningCordappLoader.kt       | 69 ++++++++--------
 .../node/internal/cordapp/VirtualCordapps.kt  | 60 ++++++++++++++
 .../node/services/config/NodeConfiguration.kt |  3 +-
 .../node/services/schema/NodeSchemaService.kt | 20 +----
 .../RaftNonValidatingNotaryService.kt         | 26 ------
 .../RaftValidatingNotaryService.kt            | 26 ------
 .../transactions/SimpleNotaryService.kt       | 27 ++++++-
 .../transactions/ValidatingNotaryService.kt   | 17 ----
 .../migration/node-notary.changelog-init.xml  | 21 +----
 .../migration/node-notary.changelog-pkey.xml  |  5 --
 .../migration/node-notary.changelog-v1.xml    |  4 -
 .../cordapp/JarScanningCordappLoaderTest.kt   | 24 +++---
 .../node/messaging/TwoPartyTradeFlowTests.kt  | 21 ++---
 .../net/corda/node/services/TimedFlowTests.kt |  5 +-
 .../PersistentIdentityServiceTests.kt         |  2 +-
 .../AppendOnlyPersistentMapTest.kt            |  2 +-
 .../persistence/DBTransactionStorageTests.kt  |  5 +-
 .../HibernateColumnConverterTests.kt          |  2 +-
 .../persistence/NodeAttachmentServiceTest.kt  |  2 +-
 .../services/schema/NodeSchemaServiceTest.kt  | 12 +--
 .../transactions/MaxTransactionSizeTests.kt   |  2 +-
 .../PersistentUniquenessProviderTests.kt      |  4 +-
 .../vault/VaultSoftLockManagerTest.kt         |  2 +-
 samples/notary-demo/build.gradle              | 57 ++++++-------
 settings.gradle                               |  2 +
 testing/node-driver/build.gradle              |  2 +
 .../testing/node/internal/DriverDSLImpl.kt    |  1 +
 .../node/internal/InternalMockNetwork.kt      | 39 +++------
 .../internal}/TestingNamedCacheFactory.kt     |  3 +-
 66 files changed, 637 insertions(+), 362 deletions(-)
 create mode 100644 experimental/notary-bft-smart/build.gradle
 rename {node/src/main/kotlin/net/corda/node/services/transactions => experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart}/BFTSMaRt.kt (97%)
 rename {node/src/main/kotlin/net/corda/node/services/transactions => experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart}/BFTSMaRtConfig.kt (97%)
 rename node/src/main/kotlin/net/corda/node/services/transactions/BFTNonValidatingNotaryService.kt => experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt (87%)
 create mode 100644 experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt
 create mode 100644 experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-init.xml
 create mode 100644 experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml
 create mode 100644 experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml
 create mode 100644 experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-v1.xml
 rename {node/src/main/resources/net/corda/node/services/transactions => experimental/notary-bft-smart/src/main/resources/net/corda/notary/bftsmart}/system.config.printf (100%)
 rename {node/src/integration-test/kotlin/net/corda/node/services => experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart}/BFTNotaryServiceTests.kt (96%)
 rename {node/src/test/kotlin/net/corda/node/services/transactions => experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart}/BFTSMaRtConfigTests.kt (92%)
 create mode 100644 experimental/notary-raft/build.gradle
 create mode 100644 experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
 rename {node/src/main/kotlin/net/corda/node/services/transactions => experimental/notary-raft/src/main/kotlin/net/corda/notary/raft}/RaftTransactionCommitLog.kt (96%)
 rename {node/src/main/kotlin/net/corda/node/services/transactions => experimental/notary-raft/src/main/kotlin/net/corda/notary/raft}/RaftUniquenessProvider.kt (98%)
 create mode 100644 experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt
 create mode 100644 experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml
 create mode 100644 experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml
 create mode 100644 experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-pkey.xml
 create mode 100644 experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml
 rename {node/src/integration-test/kotlin/net/corda/node/services => experimental/notary-raft/src/test/kotlin/net/corda/notary/raft}/RaftNotaryServiceTests.kt (99%)
 rename {node/src/integration-test/kotlin/net/corda/node/services/transactions => experimental/notary-raft/src/test/kotlin/net/corda/notary/raft}/RaftTransactionCommitLogTests.kt (98%)
 create mode 100644 node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt
 delete mode 100644 node/src/main/kotlin/net/corda/node/services/transactions/RaftNonValidatingNotaryService.kt
 delete mode 100644 node/src/main/kotlin/net/corda/node/services/transactions/RaftValidatingNotaryService.kt
 rename {node/src/test/kotlin/net/corda/node/utilities => testing/test-utils/src/main/kotlin/net/corda/testing/internal}/TestingNamedCacheFactory.kt (95%)

diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index d981d5fd35..4cfe9a6d84 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -157,8 +157,12 @@
       <module name="node_main" target="1.8" />
       <module name="node_smokeTest" target="1.8" />
       <module name="node_test" target="1.8" />
+      <module name="notary-bft-smart_main" target="1.8" />
+      <module name="notary-bft-smart_test" target="1.8" />
       <module name="notary-demo_main" target="1.8" />
       <module name="notary-demo_test" target="1.8" />
+      <module name="notary-raft_main" target="1.8" />
+      <module name="notary-raft_test" target="1.8" />
       <module name="publish-utils_main" target="1.8" />
       <module name="publish-utils_test" target="1.8" />
       <module name="quasar-hook_main" target="1.8" />
@@ -235,4 +239,4 @@
   <component name="JavacSettings">
     <option name="ADDITIONAL_OPTIONS_STRING" value="-parameters" />
   </component>
-</project>
+</project>
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index 36872b5fef..f3cc3c97ca 100644
--- a/build.gradle
+++ b/build.gradle
@@ -361,7 +361,9 @@ bintrayConfig {
             'corda-tools-blob-inspector',
             'corda-tools-explorer',
             'corda-tools-network-bootstrapper',
-            'corda-tools-cliutils'
+            'corda-tools-cliutils',
+            'corda-notary-raft',
+            'corda-notary-bft-smart'
     ]
     license {
         name = 'Apache-2.0'
diff --git a/core/src/main/kotlin/net/corda/core/cordapp/Cordapp.kt b/core/src/main/kotlin/net/corda/core/cordapp/Cordapp.kt
index ddf369b668..9ca4e04e36 100644
--- a/core/src/main/kotlin/net/corda/core/cordapp/Cordapp.kt
+++ b/core/src/main/kotlin/net/corda/core/cordapp/Cordapp.kt
@@ -4,6 +4,7 @@ import net.corda.core.DeleteForDJVM
 import net.corda.core.DoNotImplement
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowLogic
+import net.corda.core.internal.notary.NotaryService
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.serialization.SerializationCustomSerializer
 import net.corda.core.serialization.SerializationWhitelist
@@ -48,4 +49,5 @@ interface Cordapp {
     val jarPath: URL
     val cordappClasses: List<String>
     val jarHash: SecureHash.SHA256
+    val notaryService: Class<out NotaryService>?
 }
diff --git a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
index 2e1761afa8..8ab16a5190 100644
--- a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
@@ -4,6 +4,7 @@ import net.corda.core.DeleteForDJVM
 import net.corda.core.cordapp.Cordapp
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowLogic
+import net.corda.core.internal.notary.NotaryService
 import net.corda.core.internal.toPath
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.serialization.SerializationCustomSerializer
@@ -25,7 +26,10 @@ data class CordappImpl(
         override val allFlows: List<Class<out FlowLogic<*>>>,
         override val jarPath: URL,
         val info: Info,
-        override val jarHash: SecureHash.SHA256) : Cordapp {
+        override val jarHash: SecureHash.SHA256,
+        override val notaryService: Class<out NotaryService>? = null,
+        /** Indicates whether the CorDapp is loaded from external sources, or generated on node startup (virtual). */
+        val isLoaded: Boolean = true) : Cordapp {
     override val name: String = jarName(jarPath)
 
     companion object {
@@ -37,7 +41,10 @@ data class CordappImpl(
      *
      * TODO: Also add [SchedulableFlow] as a Cordapp class
      */
-    override val cordappClasses: List<String> = (rpcFlows + initiatedFlows + services + serializationWhitelists.map { javaClass }).map { it.name } + contractClassNames
+    override val cordappClasses: List<String> = run {
+        val classList = rpcFlows + initiatedFlows + services + serializationWhitelists.map { javaClass } + notaryService
+         classList.mapNotNull { it?.name } + contractClassNames
+    }
 
     // TODO Why a seperate Info class and not just have the fields directly in CordappImpl?
     data class Info(val shortName: String, val vendor: String, val version: String, val minimumPlatformVersion: Int, val targetPlatformVersion: Int) {
@@ -48,4 +55,4 @@ data class CordappImpl(
 
         fun hasUnknownFields(): Boolean = arrayOf(shortName, vendor, version).any { it == UNKNOWN_VALUE }
     }
-}
+}
\ No newline at end of file
diff --git a/core/src/test/kotlin/net/corda/core/flows/AttachmentTests.kt b/core/src/test/kotlin/net/corda/core/flows/AttachmentTests.kt
index eaabb2d987..e2a2e22b71 100644
--- a/core/src/test/kotlin/net/corda/core/flows/AttachmentTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/AttachmentTests.kt
@@ -128,7 +128,7 @@ class AttachmentTests : WithMockNet {
     // Makes a node that doesn't do sanity checking at load time.
     private fun makeBadNode(name: CordaX500Name) = mockNet.createNode(
             InternalMockNodeParameters(legalName = makeUnique(name)),
-            nodeFactory = { args, _ ->
+            nodeFactory = { args ->
                 object : InternalMockNetwork.MockNode(args) {
                     override fun start() = super.start().apply { attachments.checkAttachmentsOnLoad = false }
                 }
diff --git a/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt b/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt
index 43c35ca0dd..3ba769ce88 100644
--- a/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt
+++ b/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt
@@ -161,7 +161,7 @@ class AttachmentSerializationTest {
     }
 
     private fun rebootClientAndGetAttachmentContent(checkAttachmentsOnLoad: Boolean = true): String {
-        client = mockNet.restartNode(client) { args, _ ->
+        client = mockNet.restartNode(client) { args ->
             object : InternalMockNetwork.MockNode(args) {
                 override fun start() = super.start().apply { attachments.checkAttachmentsOnLoad = checkAttachmentsOnLoad }
             }
diff --git a/experimental/notary-bft-smart/build.gradle b/experimental/notary-bft-smart/build.gradle
new file mode 100644
index 0000000000..b4ff48b444
--- /dev/null
+++ b/experimental/notary-bft-smart/build.gradle
@@ -0,0 +1,35 @@
+apply plugin: 'kotlin'
+apply plugin: 'kotlin-jpa'
+apply plugin: 'idea'
+apply plugin: 'net.corda.plugins.cordapp'
+apply plugin: 'net.corda.plugins.publish-utils'
+
+configurations {
+    integrationTestCompile.extendsFrom testCompile
+    integrationTestRuntime.extendsFrom testRuntime
+}
+
+dependencies {
+    cordaCompile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+
+    // Corda integration dependencies
+    cordaCompile project(':node')
+
+    // BFT-SMaRt
+    compile 'commons-codec:commons-codec:1.10'
+    compile 'com.github.bft-smart:library:master-v1.1-beta-g6215ec8-87'
+
+    testCompile "junit:junit:$junit_version"
+    testCompile project(':node-driver')
+}
+
+idea {
+    module {
+        downloadJavadoc = true // defaults to false
+        downloadSources = true
+    }
+}
+
+publish {
+    name 'corda-notary-bft-smart'
+}
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/BFTSMaRt.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRt.kt
similarity index 97%
rename from node/src/main/kotlin/net/corda/node/services/transactions/BFTSMaRt.kt
rename to experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRt.kt
index 885746ecb6..a825b3c1a5 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/BFTSMaRt.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRt.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services.transactions
+package net.corda.notary.bftsmart
 
 import bftsmart.communication.ServerCommunicationSystem
 import bftsmart.communication.client.netty.NettyClientServerCommunicationSystemClientSide
@@ -34,10 +34,11 @@ import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.services.api.ServiceHubInternal
-import net.corda.node.services.transactions.BFTSMaRt.Client
-import net.corda.node.services.transactions.BFTSMaRt.Replica
+import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.persistence.currentDBSession
+import net.corda.notary.bftsmart.BFTSMaRt.Client
+import net.corda.notary.bftsmart.BFTSMaRt.Replica
 import java.nio.file.Path
 import java.security.PublicKey
 import java.util.*
@@ -78,7 +79,7 @@ object BFTSMaRt {
         fun waitUntilAllReplicasHaveInitialized()
     }
 
-    class Client(config: BFTSMaRtConfig, private val clientId: Int, private val cluster: Cluster, private val notaryService: BFTNonValidatingNotaryService) : SingletonSerializeAsToken() {
+    class Client(config: BFTSMaRtConfig, private val clientId: Int, private val cluster: Cluster, private val notaryService: BftSmartNotaryService) : SingletonSerializeAsToken() {
         companion object {
             private val log = contextLogger()
         }
@@ -178,7 +179,7 @@ object BFTSMaRt {
     abstract class Replica(config: BFTSMaRtConfig,
                            replicaId: Int,
                            createMap: () -> AppendOnlyPersistentMap<StateRef, SecureHash,
-                                   BFTNonValidatingNotaryService.CommittedState, PersistentStateRef>,
+                                   BftSmartNotaryService.CommittedState, PersistentStateRef>,
                            protected val services: ServiceHubInternal,
                            protected val notaryIdentityKey: PublicKey) : DefaultRecoverable() {
         companion object {
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/BFTSMaRtConfig.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
similarity index 97%
rename from node/src/main/kotlin/net/corda/node/services/transactions/BFTSMaRtConfig.kt
rename to experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
index e642dc858f..489f190d6f 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/BFTSMaRtConfig.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
@@ -1,10 +1,11 @@
-package net.corda.node.services.transactions
+package net.corda.notary.bftsmart
 
 import net.corda.core.internal.div
 import net.corda.core.internal.writer
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
+import net.corda.node.services.transactions.PathManager
 import java.io.PrintWriter
 import java.net.InetAddress
 import java.net.Socket
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/BFTNonValidatingNotaryService.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
similarity index 87%
rename from node/src/main/kotlin/net/corda/node/services/transactions/BFTNonValidatingNotaryService.kt
rename to experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
index 156640c443..57560699cb 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/BFTNonValidatingNotaryService.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services.transactions
+package net.corda.notary.bftsmart
 
 import co.paralleluniverse.fibers.Suspendable
 import com.google.common.util.concurrent.SettableFuture
@@ -10,6 +10,7 @@ import net.corda.core.identity.Party
 import net.corda.core.internal.notary.NotaryInternalException
 import net.corda.core.internal.notary.NotaryService
 import net.corda.core.internal.notary.verifySignature
+import net.corda.core.schemas.MappedSchema
 import net.corda.core.schemas.PersistentStateRef
 import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
@@ -21,6 +22,7 @@ import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.config.BFTSMaRtConfiguration
+import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import java.security.PublicKey
@@ -33,16 +35,30 @@ import kotlin.concurrent.thread
  *
  * A transaction is notarised when the consensus is reached by the cluster on its uniqueness, and time-window validity.
  */
-class BFTNonValidatingNotaryService(
+class BftSmartNotaryService(
         override val services: ServiceHubInternal,
-        override val notaryIdentityKey: PublicKey,
-        private val bftSMaRtConfig: BFTSMaRtConfiguration,
-        cluster: BFTSMaRt.Cluster
+        override val notaryIdentityKey: PublicKey
 ) : NotaryService() {
     companion object {
         private val log = contextLogger()
     }
 
+    private val notaryConfig = services.configuration.notary
+            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: notary configuration not present")
+
+    private val bftSMaRtConfig = notaryConfig.bftSMaRt
+            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: raft configuration not present")
+
+    private val cluster: BFTSMaRt.Cluster = makeBFTCluster(notaryIdentityKey, bftSMaRtConfig)
+
+    protected open fun makeBFTCluster(notaryKey: PublicKey, bftSMaRtConfig: BFTSMaRtConfiguration): BFTSMaRt.Cluster {
+        return object : BFTSMaRt.Cluster {
+            override fun waitUntilAllReplicasHaveInitialized() {
+                log.warn("A BFT replica may still be initializing, in which case the upcoming consensus change may cause it to spin.")
+            }
+        }
+    }
+
     private val client: BFTSMaRt.Client
     private val replicaHolder = SettableFuture.create<Replica>()
 
@@ -71,7 +87,7 @@ class BFTNonValidatingNotaryService(
 
     override fun createServiceFlow(otherPartySession: FlowSession): FlowLogic<Void?> = ServiceFlow(otherPartySession, this)
 
-    private class ServiceFlow(val otherSideSession: FlowSession, val service: BFTNonValidatingNotaryService) : FlowLogic<Void?>() {
+    private class ServiceFlow(val otherSideSession: FlowSession, val service: BftSmartNotaryService) : FlowLogic<Void?>() {
         @Suspendable
         override fun call(): Void? {
             val payload = otherSideSession.receive<NotarisationPayload>().unwrap { it }
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt
new file mode 100644
index 0000000000..360c1af5df
--- /dev/null
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/Schema.kt
@@ -0,0 +1,20 @@
+package net.corda.notary.bftsmart
+
+import net.corda.core.schemas.MappedSchema
+import net.corda.node.services.transactions.PersistentUniquenessProvider
+import net.corda.notary.bftsmart.BftSmartNotaryService
+
+object BftSmartNotarySchema
+
+object BftSmartNotarySchemaV1 : MappedSchema(
+        schemaFamily = BftSmartNotarySchema.javaClass,
+        version = 1,
+        mappedTypes = listOf(
+                PersistentUniquenessProvider.BaseComittedState::class.java,
+                PersistentUniquenessProvider.Request::class.java,
+                BftSmartNotaryService.CommittedState::class.java
+        )
+) {
+    override val migrationResource: String?
+        get() = "notary-bft-smart.changelog-master"
+}
\ No newline at end of file
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-init.xml b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-init.xml
new file mode 100644
index 0000000000..1b8dbf7464
--- /dev/null
+++ b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-init.xml
@@ -0,0 +1,45 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
+                   logicalFilePath="migration/node-services.changelog-init.xml">
+    <changeSet author="R3.Corda" id="1511451595465-6">
+        <createTable tableName="node_bft_committed_states">
+            <column name="output_index" type="INT">
+                <constraints nullable="false"/>
+            </column>
+            <column name="transaction_id" type="NVARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="consuming_transaction_id" type="NVARCHAR(64)"/>
+        </createTable>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1521131680317-17">
+        <createTable tableName="node_notary_request_log">
+            <column name="id" type="INT">
+                <constraints nullable="false"/>
+            </column>
+            <column name="consuming_transaction_id" type="NVARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="requesting_party_name" type="NVARCHAR(255)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="request_timestamp" type="TIMESTAMP">
+                <constraints nullable="false"/>
+            </column>
+            <column name="request_signature" type="BLOB">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1511451595465-31">
+        <addPrimaryKey columnNames="output_index, transaction_id" constraintName="node_bft_states_pkey"
+                       tableName="node_bft_committed_states"/>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1521131680317-48">
+        <addPrimaryKey columnNames="id" constraintName="node_notary_request_log_pkey"
+                       tableName="node_notary_request_log"/>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml
new file mode 100644
index 0000000000..fdf0632cf8
--- /dev/null
+++ b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-master.xml
@@ -0,0 +1,9 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+    <include file="migration/node-bft-smart.changelog-init.xml"/>
+    <include file="migration/node-bft-smart.changelog-v1.xml"/>
+    <include file="migration/node-bft-smart.changelog-pkey.xml"/>
+</databaseChangeLog>
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml
new file mode 100644
index 0000000000..59a5b1fb50
--- /dev/null
+++ b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-pkey.xml
@@ -0,0 +1,11 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+    <changeSet id="non-clustered_pk-bft_stae" author="R3.Corda" onValidationFail="MARK_RAN">
+        <dropPrimaryKey tableName="node_bft_committed_states" constraintName="node_bft_states_pkey"/>
+        <addPrimaryKey tableName="node_bft_committed_states" columnNames="output_index, transaction_id"
+                       constraintName="node_bft_states_pkey" clustered="false"/>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-v1.xml b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-v1.xml
new file mode 100644
index 0000000000..57b9adbf93
--- /dev/null
+++ b/experimental/notary-bft-smart/src/main/resources/migration/notary-bft-smart.changelog-v1.xml
@@ -0,0 +1,10 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
+                   logicalFilePath="migration/node-services.changelog-init.xml">
+    <changeSet author="R3.Corda" id="nullability">
+        <addNotNullConstraint tableName="node_bft_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/node/src/main/resources/net/corda/node/services/transactions/system.config.printf b/experimental/notary-bft-smart/src/main/resources/net/corda/notary/bftsmart/system.config.printf
similarity index 100%
rename from node/src/main/resources/net/corda/node/services/transactions/system.config.printf
rename to experimental/notary-bft-smart/src/main/resources/net/corda/notary/bftsmart/system.config.printf
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/BFTNotaryServiceTests.kt b/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
similarity index 96%
rename from node/src/integration-test/kotlin/net/corda/node/services/BFTNotaryServiceTests.kt
rename to experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
index c906474274..1924470588 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/BFTNotaryServiceTests.kt
+++ b/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services
+package net.corda.notary.bftsmart
 
 import com.nhaarman.mockito_kotlin.doReturn
 import com.nhaarman.mockito_kotlin.whenever
@@ -23,8 +23,6 @@ import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.seconds
 import net.corda.node.services.config.BFTSMaRtConfiguration
 import net.corda.node.services.config.NotaryConfig
-import net.corda.node.services.transactions.minClusterSize
-import net.corda.node.services.transactions.minCorrectReplicas
 import net.corda.nodeapi.internal.DevIdentityGenerator
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.testing.common.internal.testNetworkParameters
@@ -84,7 +82,11 @@ class BFTNotaryServiceTests {
 
             val nodes = replicaIds.map { replicaId ->
                 mockNet.createUnstartedNode(InternalMockNodeParameters(configOverrides = {
-                    val notary = NotaryConfig(validating = false, bftSMaRt = BFTSMaRtConfiguration(replicaId, clusterAddresses, exposeRaces = exposeRaces))
+                    val notary = NotaryConfig(
+                            validating = false,
+                            bftSMaRt = BFTSMaRtConfiguration(replicaId, clusterAddresses, exposeRaces = exposeRaces),
+                            className = "net.corda.notary.bftsmart.BftSmartNotaryService"
+                    )
                     doReturn(notary).whenever(it).notary
                 }))
             } + mockNet.createUnstartedNode()
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/BFTSMaRtConfigTests.kt b/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfigTests.kt
similarity index 92%
rename from node/src/test/kotlin/net/corda/node/services/transactions/BFTSMaRtConfigTests.kt
rename to experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfigTests.kt
index 1837953266..cdf5364b83 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/BFTSMaRtConfigTests.kt
+++ b/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfigTests.kt
@@ -1,7 +1,7 @@
-package net.corda.node.services.transactions
+package net.corda.notary.bftsmart
 
 import net.corda.core.utilities.NetworkHostAndPort
-import net.corda.node.services.transactions.BFTSMaRtConfig.Companion.portIsClaimedFormat
+import net.corda.notary.bftsmart.BFTSMaRtConfig.Companion.portIsClaimedFormat
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.Test
 import kotlin.test.assertEquals
diff --git a/experimental/notary-raft/build.gradle b/experimental/notary-raft/build.gradle
new file mode 100644
index 0000000000..b07659ef2f
--- /dev/null
+++ b/experimental/notary-raft/build.gradle
@@ -0,0 +1,35 @@
+apply plugin: 'kotlin'
+apply plugin: 'idea'
+apply plugin: 'net.corda.plugins.cordapp'
+apply plugin: 'net.corda.plugins.publish-utils'
+
+configurations {
+    integrationTestCompile.extendsFrom testCompile
+    integrationTestRuntime.extendsFrom testRuntime
+}
+
+dependencies {
+    cordaCompile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+
+    // Corda integration dependencies
+    cordaCompile project(':node')
+
+    // Java Atomix: RAFT library
+    compile 'io.atomix.copycat:copycat-client:1.2.8'
+    compile 'io.atomix.copycat:copycat-server:1.2.8'
+    compile 'io.atomix.catalyst:catalyst-netty:1.2.1'
+
+    testCompile "junit:junit:$junit_version"
+    testCompile project(':node-driver')
+}
+
+idea {
+    module {
+        downloadJavadoc = true // defaults to false
+        downloadSources = true
+    }
+}
+
+publish {
+    name 'corda-notary-raft'
+}
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
new file mode 100644
index 0000000000..3913551802
--- /dev/null
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
@@ -0,0 +1,46 @@
+package net.corda.notary.raft
+
+import net.corda.core.flows.FlowSession
+import net.corda.core.internal.notary.NotaryServiceFlow
+import net.corda.core.internal.notary.TrustedAuthorityNotaryService
+import net.corda.node.services.api.ServiceHubInternal
+import net.corda.node.services.transactions.NonValidatingNotaryFlow
+import net.corda.node.services.transactions.ValidatingNotaryFlow
+import java.security.PublicKey
+
+/** A highly available notary service using the Raft algorithm to achieve consensus. */
+class RaftNotaryService(
+        override val services: ServiceHubInternal,
+        override val notaryIdentityKey: PublicKey
+) : TrustedAuthorityNotaryService() {
+    private val notaryConfig = services.configuration.notary
+            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: notary configuration not present")
+
+    override val uniquenessProvider = with(services) {
+        val raftConfig = notaryConfig.raft
+                ?: throw IllegalArgumentException("Failed to register ${this::class.java}: raft configuration not present")
+        RaftUniquenessProvider(
+                configuration.baseDirectory,
+                configuration.p2pSslOptions,
+                database,
+                clock,
+                monitoringService.metrics,
+                services.cacheFactory,
+                raftConfig
+        )
+    }
+
+    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow {
+        return if (notaryConfig.validating) {
+            ValidatingNotaryFlow(otherPartySession, this)
+        } else NonValidatingNotaryFlow(otherPartySession, this)
+    }
+
+    override fun start() {
+        uniquenessProvider.start()
+    }
+
+    override fun stop() {
+        uniquenessProvider.stop()
+    }
+}
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftTransactionCommitLog.kt
similarity index 96%
rename from node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt
rename to experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftTransactionCommitLog.kt
index c35ae146ab..a6fcd0b8a3 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLog.kt
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftTransactionCommitLog.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services.transactions
+package net.corda.notary.raft
 
 import io.atomix.catalyst.buffer.BufferInput
 import io.atomix.catalyst.buffer.BufferOutput
@@ -27,6 +27,7 @@ import net.corda.core.serialization.internal.checkpointSerialize
 import net.corda.core.utilities.ByteSequence
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
+import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.currentDBSession
@@ -111,7 +112,7 @@ class RaftTransactionCommitLog<E, EK>(
         }
     }
 
-    private fun logRequest(commitCommand: RaftTransactionCommitLog.Commands.CommitTransaction) {
+    private fun logRequest(commitCommand: Commands.CommitTransaction) {
         val request = PersistentUniquenessProvider.Request(
                 consumingTxHash = commitCommand.txId.toString(),
                 partyName = commitCommand.requestingParty,
@@ -192,8 +193,8 @@ class RaftTransactionCommitLog<E, EK>(
                 registerAbstract(SecureHash::class.java, CordaKryoSerializer::class.java)
                 registerAbstract(TimeWindow::class.java, CordaKryoSerializer::class.java)
                 registerAbstract(NotaryError::class.java, CordaKryoSerializer::class.java)
-                register(RaftTransactionCommitLog.Commands.CommitTransaction::class.java, CordaKryoSerializer::class.java)
-                register(RaftTransactionCommitLog.Commands.Get::class.java, CordaKryoSerializer::class.java)
+                register(Commands.CommitTransaction::class.java, CordaKryoSerializer::class.java)
+                register(Commands.Get::class.java, CordaKryoSerializer::class.java)
                 register(StateRef::class.java, CordaKryoSerializer::class.java)
                 register(LinkedHashMap::class.java, CordaKryoSerializer::class.java)
             }
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/RaftUniquenessProvider.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
similarity index 98%
rename from node/src/main/kotlin/net/corda/node/services/transactions/RaftUniquenessProvider.kt
rename to experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
index 2192343fa1..c7670d0c18 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/RaftUniquenessProvider.kt
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services.transactions
+package net.corda.notary.raft
 
 import com.codahale.metrics.Gauge
 import com.codahale.metrics.MetricRegistry
@@ -26,12 +26,12 @@ import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.services.config.RaftConfig
-import net.corda.node.services.transactions.RaftTransactionCommitLog.Commands.CommitTransaction
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
+import net.corda.notary.raft.RaftTransactionCommitLog.Commands.CommitTransaction
 import java.nio.file.Path
 import java.time.Clock
 import java.util.concurrent.CompletableFuture
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt
new file mode 100644
index 0000000000..3a93164875
--- /dev/null
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/Schema.kt
@@ -0,0 +1,19 @@
+package net.corda.notary.raft
+
+import net.corda.core.schemas.MappedSchema
+import net.corda.node.services.transactions.PersistentUniquenessProvider
+
+object RaftNotarySchema
+
+object RaftNotarySchemaV1 : MappedSchema(
+        schemaFamily = RaftNotarySchema.javaClass,
+        version = 1,
+        mappedTypes = listOf(
+                PersistentUniquenessProvider.BaseComittedState::class.java,
+                PersistentUniquenessProvider.Request::class.java,
+                RaftUniquenessProvider.CommittedState::class.java
+        )
+) {
+    override val migrationResource: String?
+        get() = "notary-raft.changelog-master"
+}
\ No newline at end of file
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml
new file mode 100644
index 0000000000..5fe85ce568
--- /dev/null
+++ b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-init.xml
@@ -0,0 +1,46 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
+                   logicalFilePath="migration/node-services.changelog-init.xml">
+    <changeSet author="R3.Corda" id="1511451595465-18">
+        <createTable tableName="node_raft_committed_states">
+            <column name="transaction_id" type="NVARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="output_index" type="INT">
+                <constraints nullable="false"/>
+            </column>
+            <column name="raft_log_index" type="BIGINT"/>
+            <column name="consuming_transaction_id" type="NVARCHAR(64)"/>
+        </createTable>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1521131680317-17">
+        <createTable tableName="node_notary_request_log">
+            <column name="id" type="INT">
+                <constraints nullable="false"/>
+            </column>
+            <column name="consuming_transaction_id" type="NVARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="requesting_party_name" type="NVARCHAR(255)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="request_timestamp" type="TIMESTAMP">
+                <constraints nullable="false"/>
+            </column>
+            <column name="request_signature" type="BLOB">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1511451595465-43">
+        <addPrimaryKey columnNames="output_index, transaction_id" constraintName="node_raft_state_pkey"
+                       tableName="node_raft_committed_states"/>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1521131680317-48">
+        <addPrimaryKey columnNames="id" constraintName="node_notary_request_log_pkey"
+                       tableName="node_notary_request_log"/>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml
new file mode 100644
index 0000000000..555344167e
--- /dev/null
+++ b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-master.xml
@@ -0,0 +1,11 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <include file="migration/node-notary-raft.changelog-init.xml"/>
+    <include file="migration/node-notary-raft.changelog-v1.xml"/>
+    <include file="migration/node-notary-raft.changelog-pkey.xml"/>
+
+</databaseChangeLog>
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-pkey.xml b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-pkey.xml
new file mode 100644
index 0000000000..24cf747d58
--- /dev/null
+++ b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-pkey.xml
@@ -0,0 +1,11 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+    <changeSet id="non-clustered_pk-raft_state" author="R3.Corda" onValidationFail="MARK_RAN">
+        <dropPrimaryKey tableName="node_raft_committed_states" constraintName="node_raft_state_pkey"/>
+        <addPrimaryKey tableName="node_raft_committed_states" columnNames="output_index, transaction_id"
+                       constraintName="node_raft_state_pkey" clustered="false"/>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml
new file mode 100644
index 0000000000..f95c8e7923
--- /dev/null
+++ b/experimental/notary-raft/src/main/resources/migration/notary-raft.changelog-v1.xml
@@ -0,0 +1,11 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
+                   logicalFilePath="migration/node-services.changelog-init.xml">
+    <changeSet author="R3.Corda" id="nullability">
+        <addNotNullConstraint tableName="node_raft_committed_states" columnName="raft_log_index" columnDataType="BIGINT"/>
+        <addNotNullConstraint tableName="node_raft_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt b/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftNotaryServiceTests.kt
similarity index 99%
rename from node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt
rename to experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftNotaryServiceTests.kt
index 43090937cc..35f6fc3f89 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt
+++ b/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftNotaryServiceTests.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services
+package net.corda.notary.raft
 
 import net.corda.core.contracts.StateAndRef
 import net.corda.core.contracts.StateRef
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLogTests.kt b/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
similarity index 98%
rename from node/src/integration-test/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLogTests.kt
rename to experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
index 38389ef595..8b0f31f12d 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/transactions/RaftTransactionCommitLogTests.kt
+++ b/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
@@ -1,4 +1,4 @@
-package net.corda.node.services.transactions
+package net.corda.notary.raft
 
 import io.atomix.catalyst.transport.Address
 import io.atomix.copycat.client.ConnectionStrategies
@@ -16,7 +16,7 @@ import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.internal.configureDatabase
 import net.corda.node.services.schema.NodeSchemaService
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.ALICE_NAME
@@ -154,7 +154,7 @@ class RaftTransactionCommitLogTests {
     private fun createReplica(myAddress: NetworkHostAndPort, clusterAddress: NetworkHostAndPort? = null): CompletableFuture<Member> {
         val storage = Storage.builder().withStorageLevel(StorageLevel.MEMORY).build()
         val address = Address(myAddress.host, myAddress.port)
-        val database = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(), { null }, { null }, NodeSchemaService(includeNotarySchemas = true))
+        val database = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(), { null }, { null }, NodeSchemaService(extraSchemas = setOf(RaftNotarySchemaV1)))
         databases.add(database)
         val stateMachineFactory = { RaftTransactionCommitLog(database, Clock.systemUTC(), { RaftUniquenessProvider.createMap(TestingNamedCacheFactory()) }) }
 
diff --git a/node/build.gradle b/node/build.gradle
index ff7be256dc..b100797903 100644
--- a/node/build.gradle
+++ b/node/build.gradle
@@ -153,18 +153,9 @@ dependencies {
     // We only need this dependency to compile our Caplet against.
     compileOnly "co.paralleluniverse:capsule:$capsule_version"
 
-    // Java Atomix: RAFT library
-    compile 'io.atomix.copycat:copycat-client:1.2.8'
-    compile 'io.atomix.copycat:copycat-server:1.2.8'
-    compile 'io.atomix.catalyst:catalyst-netty:1.2.1'
-
     // OkHTTP: Simple HTTP library.
     compile "com.squareup.okhttp3:okhttp:$okhttp_version"
 
-    // BFT-SMaRt
-    compile 'commons-codec:commons-codec:1.10'
-    compile 'com.github.bft-smart:library:master-v1.1-beta-g6215ec8-87'
-
     // Apache Shiro: authentication, authorization and session management.
     compile "org.apache.shiro:shiro-core:${shiro_version}"
 
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt
index 9bebdc794c..1bb2148e96 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/distributed/DistributedServiceTests.kt
@@ -42,7 +42,7 @@ class DistributedServiceTests {
                 invokeRpc(CordaRPCOps::stateMachinesFeed))
         )
         driver(DriverParameters(
-                extraCordappPackagesToScan = listOf("net.corda.finance.contracts", "net.corda.finance.schemas"),
+                extraCordappPackagesToScan = listOf("net.corda.finance.contracts", "net.corda.finance.schemas", "net.corda.notary.raft"),
                 notarySpecs = listOf(
                         NotarySpec(
                                 DUMMY_NOTARY_NAME,
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt b/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt
index fef890d2ec..4a427940cf 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt
@@ -14,7 +14,6 @@ import net.corda.node.services.config.configureWithDevSSLCertificate
 import net.corda.node.services.network.PersistentNetworkMapCache
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AffinityExecutor.ServiceAffinityExecutor
-import net.corda.node.utilities.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.ALICE_NAME
@@ -26,6 +25,7 @@ import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.stubs.CertificateStoreStubs
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.internal.MOCK_VERSION_INFO
+import net.corda.testing.internal.TestingNamedCacheFactory
 import org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatThrownBy
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt b/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt
index 1eea4f49db..8f35b7a543 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt
@@ -5,11 +5,11 @@ import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.node.internal.configureDatabase
 import net.corda.node.internal.schemas.NodeInfoSchemaV1
 import net.corda.node.services.identity.InMemoryIdentityService
-import net.corda.node.utilities.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.DEV_ROOT_CA
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
+import net.corda.testing.internal.TestingNamedCacheFactory
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatIllegalArgumentException
 import org.junit.After
diff --git a/node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt b/node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt
index 004f27a026..f23aeb1a4d 100644
--- a/node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt
@@ -40,6 +40,7 @@ class P2PMessagingTest {
     private fun startDriverWithDistributedService(dsl: DriverDSL.(List<InProcess>) -> Unit) {
         driver(DriverParameters(
                 startNodesInProcess = true,
+                extraCordappPackagesToScan = listOf("net.corda.notary.raft"),
                 notarySpecs = listOf(NotarySpec(DISTRIBUTED_SERVICE_NAME, cluster = ClusterSpec.Raft(clusterSize = 2)))
         )) {
             dsl(defaultNotaryHandle.nodeHandles.getOrThrow().map { (it as InProcess) })
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 3c0be454c7..bea2d435ae 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -34,9 +34,7 @@ import net.corda.node.CordaClock
 import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.classloading.requireAnnotation
-import net.corda.node.internal.cordapp.CordappConfigFileProvider
-import net.corda.node.internal.cordapp.CordappProviderImpl
-import net.corda.node.internal.cordapp.CordappProviderInternal
+import net.corda.node.internal.cordapp.*
 import net.corda.node.internal.rpc.proxies.AuthenticatedRpcOpsProxy
 import net.corda.node.internal.rpc.proxies.ExceptionMaskingRpcOpsProxy
 import net.corda.node.internal.rpc.proxies.ExceptionSerialisingRpcOpsProxy
@@ -115,7 +113,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
                                val platformClock: CordaClock,
                                cacheFactoryPrototype: NamedCacheFactory,
                                protected val versionInfo: VersionInfo,
-                               protected val cordappLoader: CordappLoader,
                                protected val serverThread: AffinityExecutor.ServiceAffinityExecutor,
                                private val busyNodeLatch: ReusableLatch = ReusableLatch()) : SingletonSerializeAsToken() {
 
@@ -141,7 +138,8 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         }
     }
 
-    val schemaService = NodeSchemaService(cordappLoader.cordappSchemas, configuration.notary != null).tokenize()
+    protected val cordappLoader: CordappLoader = makeCordappLoader(configuration, versionInfo)
+    val schemaService = NodeSchemaService(cordappLoader.cordappSchemas).tokenize()
     val identityService = PersistentIdentityService(cacheFactory).tokenize()
     val database: CordaPersistence = createCordaPersistence(
             configuration.database,
@@ -498,6 +496,24 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         )
     }
 
+    private fun makeCordappLoader(configuration: NodeConfiguration, versionInfo: VersionInfo): CordappLoader {
+        val generatedCordapps = mutableListOf(VirtualCordapp.generateCoreCordapp(versionInfo))
+        if (isRunningSimpleNotaryService(configuration)) {
+            // For backwards compatibility purposes the single node notary implementation is built-in: a virtual
+            // CorDapp will be generated.
+            generatedCordapps += VirtualCordapp.generateSimpleNotaryCordapp(versionInfo)
+        }
+        return JarScanningCordappLoader.fromDirectories(
+                configuration.cordappDirectories,
+                versionInfo,
+                extraCordapps = generatedCordapps
+        )
+    }
+
+    private fun isRunningSimpleNotaryService(configuration: NodeConfiguration): Boolean {
+        return configuration.notary != null && configuration.notary?.className == SimpleNotaryService::class.java.name
+    }
+
     private class ServiceInstantiationException(cause: Throwable?) : CordaException("Service Instantiation Error", cause)
 
     private fun installCordaServices(myNotaryIdentity: PartyAndCertificate?) {
@@ -780,17 +796,32 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     }
 
     private fun makeNotaryService(myNotaryIdentity: PartyAndCertificate?): NotaryService? {
-        return configuration.notary?.let {
-            makeCoreNotaryService(it, myNotaryIdentity).also {
-                it.tokenize()
-                runOnStop += it::stop
-                installCoreFlow(NotaryFlow.Client::class, it::createServiceFlow)
-                log.info("Running core notary: ${it.javaClass.name}")
-                it.start()
+        return configuration.notary?.let { notaryConfig ->
+            val serviceClass = getNotaryServiceClass(notaryConfig.className)
+            log.info("Starting notary service: $serviceClass")
+
+            val notaryKey = myNotaryIdentity?.owningKey
+                    ?: throw IllegalArgumentException("Unable to start notary service $serviceClass: notary identity not found")
+            val constructor = serviceClass.getDeclaredConstructor(ServiceHubInternal::class.java, PublicKey::class.java).apply { isAccessible = true }
+            val service = constructor.newInstance(services, notaryKey) as NotaryService
+
+            service.run {
+                tokenize()
+                runOnStop += ::stop
+                installCoreFlow(NotaryFlow.Client::class, ::createServiceFlow)
+                start()
             }
+            return service
         }
     }
 
+    private fun getNotaryServiceClass(className: String): Class<out NotaryService> {
+        val loadedImplementations = cordappLoader.cordapps.mapNotNull { it.notaryService }
+        log.debug("Notary service implementations found: ${loadedImplementations.joinToString(", ")}")
+        return loadedImplementations.firstOrNull { it.name == className }
+                ?: throw IllegalArgumentException("The notary service implementation specified in the configuration: $className is not found. Available implementations: ${loadedImplementations.joinToString(", ")}}")
+    }
+
     protected open fun makeKeyManagementService(identityService: PersistentIdentityService): KeyManagementServiceInternal {
         // Place the long term identity key in the KMS. Eventually, this is likely going to be separated again because
         // the KMS is meant for derived temporary keys used in transactions, and we're not supposed to sign things with
@@ -798,32 +829,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         return PersistentKeyManagementService(cacheFactory, identityService, database)
     }
 
-    private fun makeCoreNotaryService(notaryConfig: NotaryConfig, myNotaryIdentity: PartyAndCertificate?): NotaryService {
-        val notaryKey = myNotaryIdentity?.owningKey
-                ?: throw IllegalArgumentException("No notary identity initialized when creating a notary service")
-        return notaryConfig.run {
-            when {
-                raft != null -> {
-                    val uniquenessProvider = RaftUniquenessProvider(configuration.baseDirectory, configuration.p2pSslOptions, database, platformClock, monitoringService.metrics, cacheFactory, raft)
-                    (if (validating) ::RaftValidatingNotaryService else ::RaftNonValidatingNotaryService)(services, notaryKey, uniquenessProvider)
-                }
-                bftSMaRt != null -> {
-                    if (validating) throw IllegalArgumentException("Validating BFTSMaRt notary not supported")
-                    BFTNonValidatingNotaryService(services, notaryKey, bftSMaRt, makeBFTCluster(notaryKey, bftSMaRt))
-                }
-                else -> (if (validating) ::ValidatingNotaryService else ::SimpleNotaryService)(services, notaryKey)
-            }
-        }
-    }
-
-    protected open fun makeBFTCluster(notaryKey: PublicKey, bftSMaRtConfig: BFTSMaRtConfiguration): BFTSMaRt.Cluster {
-        return object : BFTSMaRt.Cluster {
-            override fun waitUntilAllReplicasHaveInitialized() {
-                log.warn("A BFT replica may still be initializing, in which case the upcoming consensus change may cause it to spin.")
-            }
-        }
-    }
-
     open fun stop() {
         // TODO: We need a good way of handling "nice to have" shutdown events, especially those that deal with the
         // network, including unsubscribing from updates from remote services. Possibly some sort of parameter to stop()
diff --git a/node/src/main/kotlin/net/corda/node/internal/Node.kt b/node/src/main/kotlin/net/corda/node/internal/Node.kt
index 3db80bdf25..0af843dd5b 100644
--- a/node/src/main/kotlin/net/corda/node/internal/Node.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/Node.kt
@@ -28,10 +28,8 @@ import net.corda.core.utilities.contextLogger
 import net.corda.node.CordaClock
 import net.corda.node.SimpleClock
 import net.corda.node.VersionInfo
-import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.artemis.ArtemisBroker
 import net.corda.node.internal.artemis.BrokerAddresses
-import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.node.internal.security.RPCSecurityManager
 import net.corda.node.internal.security.RPCSecurityManagerImpl
 import net.corda.node.internal.security.RPCSecurityManagerWithAdditionalUser
@@ -87,14 +85,12 @@ class NodeWithInfo(val node: Node, val info: NodeInfo) {
 open class Node(configuration: NodeConfiguration,
                 versionInfo: VersionInfo,
                 private val initialiseSerialization: Boolean = true,
-                cordappLoader: CordappLoader = makeCordappLoader(configuration, versionInfo),
                 cacheFactoryPrototype: NamedCacheFactory = DefaultNamedCacheFactory()
 ) : AbstractNode<NodeInfo>(
         configuration,
         createClock(configuration),
         cacheFactoryPrototype,
         versionInfo,
-        cordappLoader,
         // Under normal (non-test execution) it will always be "1"
         AffinityExecutor.ServiceAffinityExecutor("Node thread-${sameVmNodeCounter.incrementAndGet()}", 1)
 ) {
@@ -132,10 +128,6 @@ open class Node(configuration: NodeConfiguration,
 
         private val sameVmNodeCounter = AtomicInteger()
 
-        private fun makeCordappLoader(configuration: NodeConfiguration, versionInfo: VersionInfo): CordappLoader {
-            return JarScanningCordappLoader.fromDirectories(configuration.cordappDirectories, versionInfo)
-        }
-
         // TODO: make this configurable.
         const val MAX_RPC_MESSAGE_SIZE = 10485760
 
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 1b089a7c63..110a29cdca 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -21,7 +21,6 @@ import net.corda.node.services.config.NodeConfiguration
 import net.corda.node.services.config.NodeConfigurationImpl
 import net.corda.node.services.config.shouldStartLocalShell
 import net.corda.node.services.config.shouldStartSSHDaemon
-import net.corda.node.services.transactions.bftSMaRtSerialFilter
 import net.corda.node.utilities.createKeyPairAndSelfSignedTLSCertificate
 import net.corda.node.utilities.registration.HTTPNetworkRegistrationService
 import net.corda.node.utilities.registration.NodeRegistrationException
@@ -256,7 +255,8 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         }
 
         val nodeInfo = node.start()
-        logLoadedCorDapps(node.services.cordappProvider.cordapps)
+        val loadedCodapps = node.services.cordappProvider.cordapps.filter { it.isLoaded }
+        logLoadedCorDapps(loadedCodapps)
 
         node.nodeReadyFuture.thenMatch({
             // Elapsed time in seconds. We used 10 / 100.0 and not directly / 1000.0 to only keep two decimal digits.
@@ -411,6 +411,16 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         SerialFilter.install(if (conf.notary?.bftSMaRt != null) ::bftSMaRtSerialFilter else ::defaultSerialFilter)
     }
 
+    /** This filter is required for BFT-Smart to work as it only supports Java serialization. */
+    // TODO: move this filter out of the node, allow Cordapps to specify filters.
+    private fun bftSMaRtSerialFilter(clazz: Class<*>): Boolean = clazz.name.let {
+        it.startsWith("bftsmart.")
+                || it.startsWith("java.security.")
+                || it.startsWith("java.util.")
+                || it.startsWith("java.lang.")
+                || it.startsWith("java.net.")
+    }
+
     protected open fun getVersionInfo(): VersionInfo {
         return VersionInfo(
                 PLATFORM_VERSION,
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index 96d1e4f435..e47badd63e 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -9,6 +9,8 @@ import net.corda.core.flows.*
 import net.corda.core.internal.*
 import net.corda.core.internal.cordapp.CordappImpl
 import net.corda.core.internal.cordapp.CordappInfoResolver
+import net.corda.core.internal.notary.NotaryService
+import net.corda.core.internal.notary.TrustedAuthorityNotaryService
 import net.corda.core.node.services.CordaService
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.serialization.SerializationCustomSerializer
@@ -36,9 +38,12 @@ import kotlin.streams.toList
  * @property cordappJarPaths The classpath of cordapp JARs
  */
 class JarScanningCordappLoader private constructor(private val cordappJarPaths: List<RestrictedURL>,
-                                                   private val versionInfo: VersionInfo = VersionInfo.UNKNOWN) : CordappLoaderTemplate() {
+                                                   private val versionInfo: VersionInfo = VersionInfo.UNKNOWN,
+                                                   extraCordapps: List<CordappImpl>) : CordappLoaderTemplate() {
 
-    override val cordapps: List<CordappImpl> by lazy { loadCordapps() + coreCordapp }
+    override val cordapps: List<CordappImpl> by lazy {
+        loadCordapps() + extraCordapps
+    }
 
     override val appClassLoader: ClassLoader = URLClassLoader(cordappJarPaths.stream().map { it.url }.toTypedArray(), javaClass.classLoader)
 
@@ -58,9 +63,10 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
          *
          * @param corDappDirectories Directories used to scan for CorDapp JARs.
          */
-        fun fromDirectories(corDappDirectories: Iterable<Path>, versionInfo: VersionInfo = VersionInfo.UNKNOWN): JarScanningCordappLoader {
+        fun fromDirectories(corDappDirectories: Iterable<Path>, versionInfo: VersionInfo = VersionInfo.UNKNOWN, extraCordapps: List<CordappImpl> = emptyList()): JarScanningCordappLoader {
             logger.info("Looking for CorDapps in ${corDappDirectories.distinct().joinToString(", ", "[", "]")}")
-            return JarScanningCordappLoader(corDappDirectories.distinct().flatMap(this::jarUrlsInDirectory).map { it.restricted() }, versionInfo)
+            val paths = corDappDirectories.distinct().flatMap(this::jarUrlsInDirectory).map { it.restricted() }
+            return JarScanningCordappLoader(paths, versionInfo, extraCordapps)
         }
 
         /**
@@ -68,11 +74,12 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
          *
          * @param scanJars Uses the JAR URLs provided for classpath scanning and Cordapp detection.
          */
-        fun fromJarUrls(scanJars: List<URL>, versionInfo: VersionInfo = VersionInfo.UNKNOWN): JarScanningCordappLoader {
-            return JarScanningCordappLoader(scanJars.map { it.restricted() }, versionInfo)
+        fun fromJarUrls(scanJars: List<URL>, versionInfo: VersionInfo = VersionInfo.UNKNOWN, extraCordapps: List<CordappImpl> = emptyList()): JarScanningCordappLoader {
+            val paths = scanJars.map { it.restricted() }
+            return JarScanningCordappLoader(paths, versionInfo, extraCordapps)
         }
 
-        private fun URL.restricted(rootPackageName: String? = null) =  RestrictedURL(this, rootPackageName)
+        private fun URL.restricted(rootPackageName: String? = null) = RestrictedURL(this, rootPackageName)
 
         private fun jarUrlsInDirectory(directory: Path): List<URL> {
 
@@ -85,32 +92,7 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
                 }
             }
         }
-
-        /** A list of the core RPC flows present in Corda */
-        private val coreRPCFlows = listOf(
-                ContractUpgradeFlow.Initiate::class.java,
-                ContractUpgradeFlow.Authorise::class.java,
-                ContractUpgradeFlow.Deauthorise::class.java)
     }
-
-    /** A Cordapp representing the core package which is not scanned automatically. */
-    @VisibleForTesting
-    internal val coreCordapp = CordappImpl(
-            contractClassNames = listOf(),
-            initiatedFlows = listOf(),
-            rpcFlows = coreRPCFlows,
-            serviceFlows = listOf(),
-            schedulableFlows = listOf(),
-            services = listOf(),
-            serializationWhitelists = listOf(),
-            serializationCustomSerializers = listOf(),
-            customSchemas = setOf(),
-            info = CordappImpl.Info("corda-core", versionInfo.vendor, versionInfo.releaseVersion, 1, versionInfo.platformVersion),
-            allFlows = listOf(),
-            jarPath = ContractUpgradeFlow.javaClass.location, // Core JAR location
-            jarHash = SecureHash.allOnesHash
-    )
-
     private fun loadCordapps(): List<CordappImpl> {
         val cordapps = cordappJarPaths
                 .map { scanCordapp(it).toCordapp(it) }
@@ -126,7 +108,6 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
         cordapps.forEach { CordappInfoResolver.register(it.cordappClasses, it.info) }
         return cordapps
     }
-
     private fun RestrictedScanResult.toCordapp(url: RestrictedURL): CordappImpl {
         val info = url.url.openStream().let(::JarInputStream).use { it.manifest?.toCordappInfo(CordappImpl.jarName(url.url)) ?: CordappImpl.Info.UNKNOWN }
         return CordappImpl(
@@ -142,10 +123,21 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
                 findAllFlows(this),
                 url.url,
                 info,
-                getJarHash(url.url)
+                getJarHash(url.url),
+                findNotaryService(this)
         )
     }
 
+    private fun findNotaryService(scanResult: RestrictedScanResult): Class<out NotaryService>? {
+        // Note: we search for implementations of both NotaryService and TrustedAuthorityNotaryService as
+        // the scanner won't find subclasses deeper down the hierarchy if any intermediate class is not
+        // present in the CorDapp.
+        val result = scanResult.getClassesWithSuperclass(NotaryService::class) +
+                scanResult.getClassesWithSuperclass(TrustedAuthorityNotaryService::class)
+        logger.info("Found notary service CorDapp implementations: " + result.joinToString(", "))
+        return result.firstOrNull()
+    }
+
     private fun getJarHash(url: URL): SecureHash.SHA256 = url.openStream().readFully().sha256()
 
     private fun findServices(scanResult: RestrictedScanResult): List<Class<out SerializeAsToken>> {
@@ -202,7 +194,7 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
     }
 
     private fun findCustomSchemas(scanResult: RestrictedScanResult): Set<MappedSchema> {
-        return scanResult.getClassesWithSuperclass(MappedSchema::class).toSet()
+        return scanResult.getClassesWithSuperclass(MappedSchema::class).instances().toSet()
     }
 
     private val cachedScanResult = LRUMap<RestrictedURL, RestrictedScanResult>(1000)
@@ -243,18 +235,21 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
         val qualifiedNamePrefix: String get() = rootPackageName?.let { "$it." } ?: ""
     }
 
+    private fun <T : Any> List<Class<out T>>.instances(): List<T> {
+        return map { it.kotlin.objectOrNewInstance() }
+    }
+
     private inner class RestrictedScanResult(private val scanResult: ScanResult, private val qualifiedNamePrefix: String) {
         fun getNamesOfClassesImplementing(type: KClass<*>): List<String> {
             return scanResult.getNamesOfClassesImplementing(type.java)
                     .filter { it.startsWith(qualifiedNamePrefix) }
         }
 
-        fun <T : Any> getClassesWithSuperclass(type: KClass<T>): List<T> {
+        fun <T : Any> getClassesWithSuperclass(type: KClass<T>): List<Class<out T>> {
             return scanResult.getNamesOfSubclassesOf(type.java)
                     .filter { it.startsWith(qualifiedNamePrefix) }
                     .mapNotNull { loadClass(it, type) }
                     .filterNot { Modifier.isAbstract(it.modifiers) }
-                    .map { it.kotlin.objectOrNewInstance() }
         }
 
         fun <T : Any> getClassesImplementing(type: KClass<T>): List<T> {
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt
new file mode 100644
index 0000000000..8fa3d24222
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/VirtualCordapps.kt
@@ -0,0 +1,60 @@
+package net.corda.node.internal.cordapp
+
+import net.corda.core.crypto.SecureHash
+import net.corda.core.flows.ContractUpgradeFlow
+import net.corda.core.internal.cordapp.CordappImpl
+import net.corda.core.internal.location
+import net.corda.node.VersionInfo
+import net.corda.node.services.transactions.NodeNotarySchemaV1
+import net.corda.node.services.transactions.SimpleNotaryService
+
+internal object VirtualCordapp {
+    /** A list of the core RPC flows present in Corda */
+    private val coreRpcFlows = listOf(
+            ContractUpgradeFlow.Initiate::class.java,
+            ContractUpgradeFlow.Authorise::class.java,
+            ContractUpgradeFlow.Deauthorise::class.java
+    )
+
+    /** A Cordapp representing the core package which is not scanned automatically. */
+    fun generateCoreCordapp(versionInfo: VersionInfo): CordappImpl {
+        return CordappImpl(
+                contractClassNames = listOf(),
+                initiatedFlows = listOf(),
+                rpcFlows = coreRpcFlows,
+                serviceFlows = listOf(),
+                schedulableFlows = listOf(),
+                services = listOf(),
+                serializationWhitelists = listOf(),
+                serializationCustomSerializers = listOf(),
+                customSchemas = setOf(),
+                info = CordappImpl.Info("corda-core", versionInfo.vendor, versionInfo.releaseVersion, 1, versionInfo.platformVersion),
+                allFlows = listOf(),
+                jarPath = ContractUpgradeFlow.javaClass.location, // Core JAR location
+                jarHash = SecureHash.allOnesHash,
+                notaryService = null,
+                isLoaded = false
+        )
+    }
+
+    /** A Cordapp for the built-in notary service implementation. */
+    fun generateSimpleNotaryCordapp(versionInfo: VersionInfo): CordappImpl {
+        return CordappImpl(
+                contractClassNames = listOf(),
+                initiatedFlows = listOf(),
+                rpcFlows = listOf(),
+                serviceFlows = listOf(),
+                schedulableFlows = listOf(),
+                services = listOf(),
+                serializationWhitelists = listOf(),
+                serializationCustomSerializers = listOf(),
+                customSchemas = setOf(NodeNotarySchemaV1),
+                info = CordappImpl.Info("corda-notary", versionInfo.vendor, versionInfo.releaseVersion, 1, versionInfo.platformVersion),
+                allFlows = listOf(),
+                jarPath = SimpleNotaryService::class.java.location,
+                jarHash = SecureHash.allOnesHash,
+                notaryService = SimpleNotaryService::class.java,
+                isLoaded = false
+        )
+    }
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index 1d7f89f7bc..28e73e4600 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -123,7 +123,8 @@ data class NotaryConfig(val validating: Boolean,
                         val raft: RaftConfig? = null,
                         val bftSMaRt: BFTSMaRtConfiguration? = null,
                         val custom: Boolean = false,
-                        val serviceLegalName: CordaX500Name? = null
+                        val serviceLegalName: CordaX500Name? = null,
+                        val className: String = "net.corda.node.services.transactions.SimpleNotaryService"
 ) {
     init {
         require(raft == null || bftSMaRt == null || !custom) {
diff --git a/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt b/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
index 3fdaa4b798..f75a6ad83a 100644
--- a/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
@@ -16,9 +16,7 @@ import net.corda.node.services.messaging.P2PMessageDeduplicator
 import net.corda.node.services.persistence.DBCheckpointStorage
 import net.corda.node.services.persistence.DBTransactionStorage
 import net.corda.node.services.persistence.NodeAttachmentService
-import net.corda.node.services.transactions.BFTNonValidatingNotaryService
 import net.corda.node.services.transactions.PersistentUniquenessProvider
-import net.corda.node.services.transactions.RaftUniquenessProvider
 import net.corda.node.services.upgrade.ContractUpgradeServiceImpl
 import net.corda.node.services.vault.VaultSchemaV1
 
@@ -29,7 +27,7 @@ import net.corda.node.services.vault.VaultSchemaV1
  * TODO: support plugins for schema version upgrading or custom mapping not supported by original [QueryableState].
  * TODO: create whitelisted tables when a CorDapp is first installed
  */
-class NodeSchemaService(private val extraSchemas: Set<MappedSchema> = emptySet(), includeNotarySchemas: Boolean = false) : SchemaService, SingletonSerializeAsToken() {
+class NodeSchemaService(private val extraSchemas: Set<MappedSchema> = emptySet()) : SchemaService, SingletonSerializeAsToken() {
     // Core Entities used by a Node
     object NodeCore
 
@@ -47,26 +45,12 @@ class NodeSchemaService(private val extraSchemas: Set<MappedSchema> = emptySet()
         override val migrationResource = "node-core.changelog-master"
     }
 
-    // Entities used by a Notary
-    object NodeNotary
-
-    object NodeNotaryV1 : MappedSchema(schemaFamily = NodeNotary.javaClass, version = 1,
-            mappedTypes = listOf(PersistentUniquenessProvider.BaseComittedState::class.java,
-                    PersistentUniquenessProvider.Request::class.java,
-                    PersistentUniquenessProvider.CommittedState::class.java,
-                    RaftUniquenessProvider.CommittedState::class.java,
-                    BFTNonValidatingNotaryService.CommittedState::class.java
-            )) {
-        override val migrationResource = "node-notary.changelog-master"
-    }
-
     // Required schemas are those used by internal Corda services
     private val requiredSchemas: Map<MappedSchema, SchemaService.SchemaOptions> =
             mapOf(Pair(CommonSchemaV1, SchemaOptions()),
                   Pair(VaultSchemaV1, SchemaOptions()),
                   Pair(NodeInfoSchemaV1, SchemaOptions()),
-                  Pair(NodeCoreV1, SchemaOptions())) +
-     if (includeNotarySchemas) mapOf(Pair(NodeNotaryV1, SchemaOptions())) else emptyMap()
+                  Pair(NodeCoreV1, SchemaOptions()))
 
     fun internalSchemas() = requiredSchemas.keys + extraSchemas.filter { schema -> // when mapped schemas from the finance module are present, they are considered as internal ones
         schema::class.qualifiedName == "net.corda.finance.schemas.CashSchemaV1" || schema::class.qualifiedName == "net.corda.finance.schemas.CommercialPaperSchemaV1" }
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/RaftNonValidatingNotaryService.kt b/node/src/main/kotlin/net/corda/node/services/transactions/RaftNonValidatingNotaryService.kt
deleted file mode 100644
index 158d86b3c7..0000000000
--- a/node/src/main/kotlin/net/corda/node/services/transactions/RaftNonValidatingNotaryService.kt
+++ /dev/null
@@ -1,26 +0,0 @@
-package net.corda.node.services.transactions
-
-import net.corda.core.flows.FlowSession
-import net.corda.core.internal.notary.NotaryServiceFlow
-import net.corda.core.internal.notary.TrustedAuthorityNotaryService
-import net.corda.core.node.ServiceHub
-import java.security.PublicKey
-
-/** A non-validating notary service operated by a group of mutually trusting parties, uses the Raft algorithm to achieve consensus. */
-class RaftNonValidatingNotaryService(
-        override val services: ServiceHub,
-        override val notaryIdentityKey: PublicKey,
-        override val uniquenessProvider: RaftUniquenessProvider
-) : TrustedAuthorityNotaryService() {
-    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow {
-        return NonValidatingNotaryFlow(otherPartySession, this)
-    }
-
-    override fun start() {
-        uniquenessProvider.start()
-    }
-
-    override fun stop() {
-        uniquenessProvider.stop()
-    }
-}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/RaftValidatingNotaryService.kt b/node/src/main/kotlin/net/corda/node/services/transactions/RaftValidatingNotaryService.kt
deleted file mode 100644
index f0cb8c1f8e..0000000000
--- a/node/src/main/kotlin/net/corda/node/services/transactions/RaftValidatingNotaryService.kt
+++ /dev/null
@@ -1,26 +0,0 @@
-package net.corda.node.services.transactions
-
-import net.corda.core.flows.FlowSession
-import net.corda.core.internal.notary.NotaryServiceFlow
-import net.corda.core.internal.notary.TrustedAuthorityNotaryService
-import net.corda.core.node.ServiceHub
-import java.security.PublicKey
-
-/** A validating notary service operated by a group of mutually trusting parties, uses the Raft algorithm to achieve consensus. */
-class RaftValidatingNotaryService(
-        override val services: ServiceHub,
-        override val notaryIdentityKey: PublicKey,
-        override val uniquenessProvider: RaftUniquenessProvider
-) : TrustedAuthorityNotaryService() {
-    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow {
-        return ValidatingNotaryFlow(otherPartySession, this)
-    }
-
-    override fun start() {
-        uniquenessProvider.start()
-    }
-
-    override fun stop() {
-        uniquenessProvider.stop()
-    }
-}
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/SimpleNotaryService.kt b/node/src/main/kotlin/net/corda/node/services/transactions/SimpleNotaryService.kt
index 51909ea5b1..d382b2feae 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/SimpleNotaryService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/transactions/SimpleNotaryService.kt
@@ -3,15 +3,38 @@ package net.corda.node.services.transactions
 import net.corda.core.flows.FlowSession
 import net.corda.core.internal.notary.NotaryServiceFlow
 import net.corda.core.internal.notary.TrustedAuthorityNotaryService
+import net.corda.core.schemas.MappedSchema
 import net.corda.node.services.api.ServiceHubInternal
 import java.security.PublicKey
 
-/** A simple Notary service that does not perform transaction validation */
+/** An embedded notary service that uses the node's database to store committed states. */
 class SimpleNotaryService(override val services: ServiceHubInternal, override val notaryIdentityKey: PublicKey) : TrustedAuthorityNotaryService() {
+    private val notaryConfig = services.configuration.notary
+            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: notary configuration not present")
+
     override val uniquenessProvider = PersistentUniquenessProvider(services.clock, services.database, services.cacheFactory)
 
-    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow = NonValidatingNotaryFlow(otherPartySession, this)
+    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow {
+        return if (notaryConfig.validating) {
+            log.info("Starting in validating mode")
+            ValidatingNotaryFlow(otherPartySession, this)
+        } else {
+            log.info("Starting in non-validating mode")
+            NonValidatingNotaryFlow(otherPartySession, this)
+        }
+    }
 
     override fun start() {}
     override fun stop() {}
 }
+
+// Entities used by a Notary
+object NodeNotarySchema
+
+object NodeNotarySchemaV1 : MappedSchema(schemaFamily = NodeNotarySchema.javaClass, version = 1,
+        mappedTypes = listOf(PersistentUniquenessProvider.BaseComittedState::class.java,
+                PersistentUniquenessProvider.Request::class.java,
+                PersistentUniquenessProvider.CommittedState::class.java
+        )) {
+    override val migrationResource = "node-notary.changelog-master"
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/ValidatingNotaryService.kt b/node/src/main/kotlin/net/corda/node/services/transactions/ValidatingNotaryService.kt
index 6e39a3ea1e..e69de29bb2 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/ValidatingNotaryService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/transactions/ValidatingNotaryService.kt
@@ -1,17 +0,0 @@
-package net.corda.node.services.transactions
-
-import net.corda.core.flows.FlowSession
-import net.corda.core.internal.notary.NotaryServiceFlow
-import net.corda.core.internal.notary.TrustedAuthorityNotaryService
-import net.corda.node.services.api.ServiceHubInternal
-import java.security.PublicKey
-
-/** A Notary service that validates the transaction chain of the submitted transaction before committing it */
-class ValidatingNotaryService(override val services: ServiceHubInternal, override val notaryIdentityKey: PublicKey) : TrustedAuthorityNotaryService() {
-    override val uniquenessProvider = PersistentUniquenessProvider(services.clock, services.database, services.cacheFactory)
-
-    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow = ValidatingNotaryFlow(otherPartySession, this)
-
-    override fun start() {}
-    override fun stop() {}
-}
diff --git a/node/src/main/resources/migration/node-notary.changelog-init.xml b/node/src/main/resources/migration/node-notary.changelog-init.xml
index fed5c691b8..8d0f1bcb6f 100644
--- a/node/src/main/resources/migration/node-notary.changelog-init.xml
+++ b/node/src/main/resources/migration/node-notary.changelog-init.xml
@@ -27,18 +27,6 @@
             <column name="consuming_transaction_id" type="NVARCHAR(64)"/>
         </createTable>
     </changeSet>
-    <changeSet author="R3.Corda" id="1511451595465-18">
-        <createTable tableName="node_raft_committed_states">
-            <column name="transaction_id" type="NVARCHAR(64)">
-                <constraints nullable="false"/>
-            </column>
-            <column name="output_index" type="INT">
-                <constraints nullable="false"/>
-            </column>
-            <column name="raft_log_index" type="BIGINT"/>
-            <column name="consuming_transaction_id" type="NVARCHAR(64)"/>
-        </createTable>
-    </changeSet>
     <changeSet author="R3.Corda" id="1521131680317-17">
         <createTable tableName="node_notary_request_log">
             <column name="id" type="INT">
@@ -58,18 +46,11 @@
             </column>
         </createTable>
     </changeSet>
-    <changeSet author="R3.Corda" id="1511451595465-31">
-        <addPrimaryKey columnNames="output_index, transaction_id" constraintName="node_bft_states_pkey"
-                       tableName="node_bft_committed_states"/>
-    </changeSet>
+
     <changeSet author="R3.Corda" id="1511451595465-41">
         <addPrimaryKey columnNames="output_index, transaction_id" constraintName="node_notary_states_pkey"
                        tableName="node_notary_committed_states"/>
     </changeSet>
-    <changeSet author="R3.Corda" id="1511451595465-43">
-        <addPrimaryKey columnNames="output_index, transaction_id" constraintName="node_raft_state_pkey"
-                       tableName="node_raft_committed_states"/>
-    </changeSet>
     <changeSet author="R3.Corda" id="1521131680317-48">
         <addPrimaryKey columnNames="id" constraintName="node_notary_request_log_pkey"
                        tableName="node_notary_request_log"/>
diff --git a/node/src/main/resources/migration/node-notary.changelog-pkey.xml b/node/src/main/resources/migration/node-notary.changelog-pkey.xml
index 64a99cc978..c4d7c59376 100644
--- a/node/src/main/resources/migration/node-notary.changelog-pkey.xml
+++ b/node/src/main/resources/migration/node-notary.changelog-pkey.xml
@@ -13,9 +13,4 @@
         <addPrimaryKey tableName="node_bft_committed_states" columnNames="output_index, transaction_id"
                        constraintName="node_bft_states_pkey" clustered="false"/>
     </changeSet>
-    <changeSet id="non-clustered_pk-raft_state" author="R3.Corda" onValidationFail="MARK_RAN">
-        <dropPrimaryKey tableName="node_raft_committed_states" constraintName="node_raft_state_pkey"/>
-        <addPrimaryKey tableName="node_raft_committed_states" columnNames="output_index, transaction_id"
-                       constraintName="node_raft_state_pkey" clustered="false"/>
-    </changeSet>
 </databaseChangeLog>
\ No newline at end of file
diff --git a/node/src/main/resources/migration/node-notary.changelog-v1.xml b/node/src/main/resources/migration/node-notary.changelog-v1.xml
index 0856d543b4..3002133bad 100644
--- a/node/src/main/resources/migration/node-notary.changelog-v1.xml
+++ b/node/src/main/resources/migration/node-notary.changelog-v1.xml
@@ -7,10 +7,6 @@
 
     <changeSet author="R3.Corda" id="nullability">
         <addNotNullConstraint tableName="node_bft_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
-
         <addNotNullConstraint tableName="node_notary_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
-
-        <addNotNullConstraint tableName="node_raft_committed_states" columnName="raft_log_index" columnDataType="BIGINT"/>
-        <addNotNullConstraint tableName="node_raft_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
     </changeSet>
 </databaseChangeLog>
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
index 927852e1e8..4dd255f414 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
@@ -47,7 +47,7 @@ class JarScanningCordappLoaderTest {
     fun `classes that aren't in cordapps aren't loaded`() {
         // Basedir will not be a corda node directory so the dummy flow shouldn't be recognised as a part of a cordapp
         val loader = JarScanningCordappLoader.fromDirectories(listOf(Paths.get(".")))
-        assertThat(loader.cordapps).containsOnly(loader.coreCordapp)
+        assertThat(loader.cordapps).isEmpty()
     }
 
     @Test
@@ -55,9 +55,9 @@ class JarScanningCordappLoaderTest {
         val isolatedJAR = JarScanningCordappLoaderTest::class.java.getResource("isolated.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(isolatedJAR))
 
-        assertThat(loader.cordapps).hasSize(2)
+        assertThat(loader.cordapps).hasSize(1)
 
-        val actualCordapp = loader.cordapps.single { it != loader.coreCordapp }
+        val actualCordapp = loader.cordapps.single()
         assertThat(actualCordapp.contractClassNames).isEqualTo(listOf(isolatedContractId))
         assertThat(actualCordapp.initiatedFlows.single().name).isEqualTo("net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Acceptor")
         assertThat(actualCordapp.rpcFlows).isEmpty()
@@ -73,8 +73,8 @@ class JarScanningCordappLoaderTest {
         val loader = cordappLoaderForPackages(listOf(testScanPackage))
 
         val actual = loader.cordapps.toTypedArray()
-        // One core cordapp, one cordapp from this source tree. In gradle it will also pick up the node jar.
-        assertThat(actual.size == 2 || actual.size == 3).isTrue()
+        // One cordapp from this source tree. In gradle it will also pick up the node jar.
+        assertThat(actual.size == 0 || actual.size == 1).isTrue()
 
         val actualCordapp = actual.single { !it.initiatedFlows.isEmpty() }
         assertThat(actualCordapp.initiatedFlows).first().hasSameClassAs(DummyFlow::class.java)
@@ -111,7 +111,7 @@ class JarScanningCordappLoaderTest {
     fun `cordapp classloader sets target and min version to 1 if not specified`() {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/no-min-or-target-version.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN)
-        loader.cordapps.filter { it.info.shortName != "corda-core" }.forEach {
+        loader.cordapps.forEach {
             assertThat(it.info.targetPlatformVersion).isEqualTo(1)
             assertThat(it.info.minimumPlatformVersion).isEqualTo(1)
         }
@@ -123,8 +123,7 @@ class JarScanningCordappLoaderTest {
         // make sure classloader extracts correct values
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN)
-        // exclude the core cordapp
-        val cordapp = loader.cordapps.single { it.cordappClasses.contains("net.corda.core.internal.cordapp.CordappImpl") }
+        val cordapp = loader.cordapps.first()
         assertThat(cordapp.info.targetPlatformVersion).isEqualTo(3)
         assertThat(cordapp.info.minimumPlatformVersion).isEqualTo(2)
     }
@@ -144,24 +143,21 @@ class JarScanningCordappLoaderTest {
     fun `cordapp classloader does not load apps when their min platform version is greater than the node platform version`() {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-no-target.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 1))
-        // exclude the core cordapp
-        assertThat(loader.cordapps).hasSize(1)
+        assertThat(loader.cordapps).hasSize(0)
     }
 
     @Test
     fun `cordapp classloader does load apps when their min platform version is less than the platform version`() {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 1000))
-        // exclude the core cordapp
-        assertThat(loader.cordapps).hasSize(2)
+        assertThat(loader.cordapps).hasSize(1)
     }
 
     @Test
     fun `cordapp classloader does load apps when their min platform version is equal to the platform version`() {
         val jar = JarScanningCordappLoaderTest::class.java.getResource("versions/min-2-target-3.jar")!!
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 2))
-        // exclude the core cordapp
-        assertThat(loader.cordapps).hasSize(2)
+        assertThat(loader.cordapps).hasSize(1)
     }
 
     private fun cordappLoaderForPackages(packages: Iterable<String>): CordappLoader {
diff --git a/node/src/test/kotlin/net/corda/node/messaging/TwoPartyTradeFlowTests.kt b/node/src/test/kotlin/net/corda/node/messaging/TwoPartyTradeFlowTests.kt
index 8303cacefd..30e4a518ba 100644
--- a/node/src/test/kotlin/net/corda/node/messaging/TwoPartyTradeFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/messaging/TwoPartyTradeFlowTests.kt
@@ -313,20 +313,11 @@ class TwoPartyTradeFlowTests(private val anonymous: Boolean) {
     // of gets and puts.
     private fun makeNodeWithTracking(name: CordaX500Name): TestStartedNode {
         // Create a node in the mock network ...
-        return mockNet.createNode(InternalMockNodeParameters(legalName = name), nodeFactory = { args, cordappLoader ->
-            if (cordappLoader != null) {
-                object : InternalMockNetwork.MockNode(args, cordappLoader) {
-                    // That constructs a recording tx storage
-                    override fun makeTransactionStorage(transactionCacheSizeBytes: Long): WritableTransactionStorage {
-                        return RecordingTransactionStorage(database, super.makeTransactionStorage(transactionCacheSizeBytes))
-                    }
-                }
-            } else {
-                object : InternalMockNetwork.MockNode(args) {
-                    // That constructs a recording tx storage
-                    override fun makeTransactionStorage(transactionCacheSizeBytes: Long): WritableTransactionStorage {
-                        return RecordingTransactionStorage(database, super.makeTransactionStorage(transactionCacheSizeBytes))
-                    }
+        return mockNet.createNode(InternalMockNodeParameters(legalName = name), nodeFactory = { args ->
+            object : InternalMockNetwork.MockNode(args) {
+                // That constructs a recording tx storage
+                override fun makeTransactionStorage(transactionCacheSizeBytes: Long): WritableTransactionStorage {
+                    return RecordingTransactionStorage(database, super.makeTransactionStorage(transactionCacheSizeBytes))
                 }
             }
         })
@@ -611,7 +602,7 @@ class TwoPartyTradeFlowTests(private val anonymous: Boolean) {
             fillUpForBuyer(bobError, issuer, bob, notary).second
         }
         val alicesFakePaper = aliceNode.database.transaction {
-            fillUpForSeller(aliceError, issuer, alice,1200.DOLLARS `issued by` issuer, null, notary).second
+            fillUpForSeller(aliceError, issuer, alice, 1200.DOLLARS `issued by` issuer, null, notary).second
         }
 
         insertFakeTransactions(bobsBadCash, bobNode, bob, notaryNode, bankNode)
diff --git a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
index 1edf477911..71eef309ad 100644
--- a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
@@ -22,6 +22,7 @@ import net.corda.core.transactions.SignedTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.seconds
+import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.config.FlowTimeoutConfiguration
 import net.corda.node.services.config.NodeConfiguration
 import net.corda.node.services.config.NotaryConfig
@@ -90,6 +91,7 @@ class TimedFlowTests {
                 whenever(it.custom).thenReturn(true)
                 whenever(it.isClusterConfig).thenReturn(true)
                 whenever(it.validating).thenReturn(true)
+                whenever(it.className).thenReturn(TestNotaryService::class.java.name)
             }
 
             val notaryNodes = (0 until CLUSTER_SIZE).map {
@@ -176,8 +178,7 @@ class TimedFlowTests {
         }.bufferUntilSubscribed().toBlocking().toFuture()
     }
 
-    @CordaService
-    private class TestNotaryService(override val services: AppServiceHub, override val notaryIdentityKey: PublicKey) : TrustedAuthorityNotaryService() {
+    private class TestNotaryService(override val services: ServiceHubInternal, override val notaryIdentityKey: PublicKey) : TrustedAuthorityNotaryService() {
         override val uniquenessProvider = mock<UniquenessProvider>()
         override fun createServiceFlow(otherPartySession: FlowSession): FlowLogic<Void?> = TestNotaryFlow(otherPartySession, this)
         override fun start() {}
diff --git a/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
index 091a47d168..186cfb13cc 100644
--- a/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
@@ -8,7 +8,7 @@ import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.node.services.UnknownAnonymousPartyException
 import net.corda.node.internal.configureDatabase
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.crypto.CertificateType
 import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.crypto.x509Certificates
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
index 5ed16e74a8..b52d8f39a8 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
@@ -5,7 +5,7 @@ import net.corda.core.utilities.loggerFor
 import net.corda.node.internal.configureDatabase
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.junit.After
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt
index f0c7c95859..44c92b6630 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt
@@ -9,7 +9,7 @@ import net.corda.core.toFuture
 import net.corda.core.transactions.SignedTransaction
 import net.corda.node.internal.configureDatabase
 import net.corda.node.services.transactions.PersistentUniquenessProvider
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
@@ -154,7 +154,8 @@ class DBTransactionStorageTests {
     }
 
     private fun newTransactionStorage(cacheSizeBytesOverride: Long? = null) {
-        transactionStorage = DBTransactionStorage(database, TestingNamedCacheFactory(cacheSizeBytesOverride ?: 1024))
+        transactionStorage = DBTransactionStorage(database, TestingNamedCacheFactory(cacheSizeBytesOverride
+                ?: 1024))
     }
 
     private fun assertTransactionIsRetrievable(transaction: SignedTransaction) {
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt
index 0c5213eb63..4ce3b354e5 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateColumnConverterTests.kt
@@ -9,7 +9,7 @@ import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.flows.CashIssueFlow
 import net.corda.node.services.identity.PersistentIdentityService
 import net.corda.node.services.keys.E2ETestKeyManagementService
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.testing.core.BOC_NAME
 import net.corda.testing.node.InMemoryMessagingNetwork
 import net.corda.testing.node.MockNetwork
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
index 70c827b496..e4f6549e48 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
@@ -15,7 +15,7 @@ import net.corda.core.node.services.vault.Sort
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.internal.configureDatabase
 import net.corda.node.services.transactions.PersistentUniquenessProvider
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.internal.LogHelper
diff --git a/node/src/test/kotlin/net/corda/node/services/schema/NodeSchemaServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/schema/NodeSchemaServiceTest.kt
index e258334897..2dad47df2c 100644
--- a/node/src/test/kotlin/net/corda/node/services/schema/NodeSchemaServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/schema/NodeSchemaServiceTest.kt
@@ -10,20 +10,18 @@ import net.corda.core.schemas.PersistentState
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.schema.NodeSchemaService.NodeCoreV1
-import net.corda.node.services.schema.NodeSchemaService.NodeNotaryV1
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
 import net.corda.testing.driver.internal.InProcessImpl
 import net.corda.testing.internal.vault.DummyLinearStateSchemaV1
-import net.corda.testing.node.internal.cordappsForPackages
 import net.corda.testing.node.internal.InternalMockNetwork
+import net.corda.testing.node.internal.cordappsForPackages
 import org.hibernate.annotations.Cascade
 import org.hibernate.annotations.CascadeType
 import org.junit.Ignore
 import org.junit.Test
 import javax.persistence.*
 import kotlin.test.assertEquals
-import kotlin.test.assertFalse
 import kotlin.test.assertTrue
 
 class NodeSchemaServiceTest {
@@ -47,7 +45,6 @@ class NodeSchemaServiceTest {
 
         // check against NodeCore schemas
         assertTrue(schemaService.schemaOptions.containsKey(NodeCoreV1))
-        assertFalse(schemaService.schemaOptions.containsKey(NodeNotaryV1))
         mockNet.stopNodes()
     }
 
@@ -57,9 +54,8 @@ class NodeSchemaServiceTest {
         val mockNotaryNode = mockNet.notaryNodes.first()
         val schemaService = mockNotaryNode.services.schemaService
 
-        // check against NodeCore + NodeNotary Schemas
+        // check against NodeCore Schema
         assertTrue(schemaService.schemaOptions.containsKey(NodeCoreV1))
-        assertTrue(schemaService.schemaOptions.containsKey(NodeNotaryV1))
         mockNet.stopNodes()
     }
 
@@ -97,7 +93,6 @@ class NodeSchemaServiceTest {
             val mappedSchemas = result.returnValue.getOrThrow()
             // check against NodeCore schemas
             assertTrue(mappedSchemas.contains(NodeCoreV1.name))
-            assertFalse(mappedSchemas.contains(NodeNotaryV1.name))  // still gets loaded due TODO restriction
         }
 
     }
@@ -107,9 +102,8 @@ class NodeSchemaServiceTest {
         driver(DriverParameters(startNodesInProcess = true)) {
             val notary = defaultNotaryNode.getOrThrow()
             val mappedSchemas = notary.rpc.startFlow(::MappedSchemasFlow).returnValue.getOrThrow()
-            // check against NodeCore + NodeNotary Schemas
+            // check against NodeCore Schema
             assertTrue(mappedSchemas.contains(NodeCoreV1.name))
-            assertTrue(mappedSchemas.contains(NodeNotaryV1.name))
         }
 
     }
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/MaxTransactionSizeTests.kt b/node/src/test/kotlin/net/corda/node/services/transactions/MaxTransactionSizeTests.kt
index 14ff42b13e..28db2d7d13 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/MaxTransactionSizeTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/MaxTransactionSizeTests.kt
@@ -37,7 +37,7 @@ class MaxTransactionSizeTests {
 
     @Before
     fun setup() {
-        mockNet = MockNetwork(listOf("net.corda.testing.contracts", "net.corda.node.services.transactions"), networkParameters = testNetworkParameters(maxTransactionSize = 3_000_000))
+        mockNet = MockNetwork(listOf("net.corda.testing.contracts"), networkParameters = testNetworkParameters(maxTransactionSize = 3_000_000))
         aliceNode = mockNet.createNode(MockNodeParameters(legalName = ALICE_NAME))
         bobNode = mockNet.createNode(MockNodeParameters(legalName = BOB_NAME))
         notaryNode = mockNet.defaultNotaryNode
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt b/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt
index 4bf28c246c..65401708d4 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt
@@ -10,7 +10,7 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.notary.NotaryInternalException
 import net.corda.node.internal.configureDatabase
 import net.corda.node.services.schema.NodeSchemaService
-import net.corda.node.utilities.TestingNamedCacheFactory
+import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.SerializationEnvironmentRule
@@ -39,7 +39,7 @@ class PersistentUniquenessProviderTests {
     @Before
     fun setUp() {
         LogHelper.setLevel(PersistentUniquenessProvider::class)
-        database = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(), { null }, { null }, NodeSchemaService(includeNotarySchemas = true))
+        database = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(), { null }, { null }, NodeSchemaService(extraSchemas = setOf(NodeNotarySchemaV1)))
     }
 
     @After
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
index 93e60859fe..073800fd0b 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
@@ -82,7 +82,7 @@ class VaultSoftLockManagerTest {
     private val mockVault = rigorousMock<VaultServiceInternal>().also {
         doNothing().whenever(it).softLockRelease(any(), anyOrNull())
     }
-    private val mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages(ContractImpl::class.packageName), defaultFactory = { args, _ ->
+    private val mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages(ContractImpl::class.packageName), defaultFactory = { args ->
         object : InternalMockNetwork.MockNode(args) {
             override fun makeVaultService(keyManagementService: KeyManagementService, services: ServicesForResolution, database: CordaPersistence): VaultServiceInternal {
                 val node = this
diff --git a/samples/notary-demo/build.gradle b/samples/notary-demo/build.gradle
index 586d67109b..7f52642b53 100644
--- a/samples/notary-demo/build.gradle
+++ b/samples/notary-demo/build.gradle
@@ -4,10 +4,8 @@ apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.quasar-utils'
-apply plugin: 'net.corda.plugins.publish-utils'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.cordformation'
-apply plugin: 'maven-publish'
 
 configurations {
     integrationTestCompile.extendsFrom testCompile
@@ -16,7 +14,6 @@ configurations {
 
 dependencies {
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
-    testCompile "junit:junit:$junit_version"
 
     // Corda integration dependencies
     cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
@@ -24,26 +21,11 @@ dependencies {
     cordaCompile project(':core')
     cordaCompile project(':client:jfx')
     cordaCompile project(':client:rpc')
-    cordaCompile project(':node-driver')
-}
+    cordaCompile project(':test-utils')
 
-idea {
-    module {
-        downloadJavadoc = true // defaults to false
-        downloadSources = true
-    }
-}
-
-publishing {
-    publications {
-        jarAndSources(MavenPublication) {
-            from components.java
-            artifactId 'notarydemo'
-
-            artifact sourceJar
-            artifact javadocJar
-        }
-    }
+    // Notary implementations
+    cordapp project(':experimental:notary-raft')
+    cordapp project(':experimental:notary-bft-smart')
 }
 
 task deployNodes(dependsOn: ['deployNodesSingle', 'deployNodesRaft', 'deployNodesBFT', 'deployNodesCustom'])
@@ -99,9 +81,11 @@ task deployNodesCustom(type: Cordform, dependsOn: 'jar') {
 }
 
 task deployNodesRaft(type: Cordform, dependsOn: 'jar') {
+    def className = "net.corda.notary.raft.RaftNotaryService"
     directory file("$buildDir/nodes/nodesRaft")
     nodeDefaults {
         extraConfig = [h2Settings: [address: "localhost:0"]]
+        cordapp project(':experimental:notary-raft')
     }
     node {
         name "O=Alice Corp,L=Madrid,C=ES"
@@ -124,7 +108,8 @@ task deployNodesRaft(type: Cordform, dependsOn: 'jar') {
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
                 raft: [
                         nodeAddress: "localhost:10008"
-                ]
+                ],
+                className: className
         ]
     }
     node {
@@ -140,7 +125,8 @@ task deployNodesRaft(type: Cordform, dependsOn: 'jar') {
                 raft: [
                         nodeAddress: "localhost:10012",
                         clusterAddresses: ["localhost:10008"]
-                ]
+                ],
+                className: className
         ]
     }
     node {
@@ -156,16 +142,19 @@ task deployNodesRaft(type: Cordform, dependsOn: 'jar') {
                 raft: [
                         nodeAddress: "localhost:10016",
                         clusterAddresses: ["localhost:10008"]
-                ]
+                ],
+                className: className
         ]
     }
 }
 
 task deployNodesBFT(type: Cordform, dependsOn: 'jar') {
     def clusterAddresses = ["localhost:11000", "localhost:11010", "localhost:11020", "localhost:11030"]
+    def className = "net.corda.notary.bftsmart.BftSmartNotaryService"
     directory file("$buildDir/nodes/nodesBFT")
     nodeDefaults {
         extraConfig = [h2Settings: [address: "localhost:0"]]
+        cordapp project(':experimental:notary-bft-smart')
     }
     node {
         name "O=Alice Corp,L=Madrid,C=ES"
@@ -189,7 +178,8 @@ task deployNodesBFT(type: Cordform, dependsOn: 'jar') {
                 bftSMaRt: [
                         replicaId: 0,
                         clusterAddresses: clusterAddresses
-                ]
+                ],
+                className: className
         ]
     }
     node {
@@ -203,9 +193,10 @@ task deployNodesBFT(type: Cordform, dependsOn: 'jar') {
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
                 bftSMaRt: [
-                        replicaId: 0,
+                        replicaId: 1,
                         clusterAddresses: clusterAddresses
-                ]
+                ],
+                className: className
         ]
     }
     node {
@@ -219,9 +210,10 @@ task deployNodesBFT(type: Cordform, dependsOn: 'jar') {
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
                 bftSMaRt: [
-                        replicaId: 0,
+                        replicaId: 2,
                         clusterAddresses: clusterAddresses
-                ]
+                ],
+                className: className
         ]
     }
     node {
@@ -235,9 +227,10 @@ task deployNodesBFT(type: Cordform, dependsOn: 'jar') {
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
                 bftSMaRt: [
-                        replicaId: 0,
+                        replicaId: 3,
                         clusterAddresses: clusterAddresses
-                ]
+                ],
+                className: className
         ]
     }
 }
diff --git a/settings.gradle b/settings.gradle
index 026a092f27..118033c379 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -23,6 +23,8 @@ include 'experimental:behave'
 include 'experimental:quasar-hook'
 include 'experimental:kryo-hook'
 include 'experimental:corda-utils'
+include 'experimental:notary-raft'
+include 'experimental:notary-bft-smart'
 include 'jdk8u-deterministic'
 include 'test-common'
 include 'test-cli'
diff --git a/testing/node-driver/build.gradle b/testing/node-driver/build.gradle
index 102249761e..cdcb25d649 100644
--- a/testing/node-driver/build.gradle
+++ b/testing/node-driver/build.gradle
@@ -25,6 +25,8 @@ sourceSets {
 }
 
 dependencies {
+    // Bundling in the Raft notary service for tests involving distributed notaries
+    compile project(':experimental:notary-raft')
     compile project(':test-utils')
 
     // Integration test helpers
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index 92615f3fd0..bd562e41f5 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -473,6 +473,7 @@ class DriverDSLImpl(
             val config = NotaryConfig(
                     validating = spec.validating,
                     serviceLegalName = spec.name,
+                    className = "net.corda.notary.raft.RaftNotaryService",
                     raft = RaftConfig(nodeAddress = nodeAddress, clusterAddresses = clusterAddresses))
             return config.toConfigMap()
         }
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
index 9d6ce49198..05ebe55eae 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
@@ -28,14 +28,15 @@ import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.hours
 import net.corda.core.utilities.seconds
 import net.corda.node.VersionInfo
-import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.AbstractNode
 import net.corda.node.internal.InitiatedFlowFactory
-import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.node.services.api.FlowStarter
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.api.StartedNodeServices
-import net.corda.node.services.config.*
+import net.corda.node.services.config.FlowTimeoutConfiguration
+import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.services.config.NotaryConfig
+import net.corda.node.services.config.VerifierType
 import net.corda.node.services.identity.PersistentIdentityService
 import net.corda.node.services.keys.E2ETestKeyManagementService
 import net.corda.node.services.keys.KeyManagementServiceInternal
@@ -43,8 +44,6 @@ import net.corda.node.services.messaging.Message
 import net.corda.node.services.messaging.MessagingService
 import net.corda.node.services.persistence.NodeAttachmentService
 import net.corda.node.services.statemachine.StateMachineManager
-import net.corda.node.services.transactions.BFTNonValidatingNotaryService
-import net.corda.node.services.transactions.BFTSMaRt
 import net.corda.node.utilities.AffinityExecutor.ServiceAffinityExecutor
 import net.corda.node.utilities.DefaultNamedCacheFactory
 import net.corda.nodeapi.internal.DevIdentityGenerator
@@ -69,7 +68,6 @@ import java.math.BigInteger
 import java.nio.file.Path
 import java.nio.file.Paths
 import java.security.KeyPair
-import java.security.PublicKey
 import java.time.Clock
 import java.util.concurrent.TimeUnit
 import java.util.concurrent.atomic.AtomicInteger
@@ -149,7 +147,7 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
                                val notarySpecs: List<MockNetworkNotarySpec> = defaultParameters.notarySpecs,
                                val testDirectory: Path = Paths.get("build", getTimestampAsDirectoryName()),
                                val networkParameters: NetworkParameters = testNetworkParameters(),
-                               val defaultFactory: (MockNodeArgs, CordappLoader?) -> MockNode = { args, cordappLoader -> cordappLoader?.let { MockNode(args, it) } ?: MockNode(args) },
+                               val defaultFactory: (MockNodeArgs) -> MockNode = { args -> MockNode(args) },
                                val cordappsForAllNodes: Set<TestCorDapp> = emptySet(),
                                val autoVisibleNodes: Boolean = true) : AutoCloseable {
     init {
@@ -276,12 +274,11 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         }
     }
 
-    open class MockNode(args: MockNodeArgs, cordappLoader: CordappLoader = JarScanningCordappLoader.fromDirectories(args.config.cordappDirectories, args.version)) : AbstractNode<TestStartedNode>(
+    open class MockNode(args: MockNodeArgs) : AbstractNode<TestStartedNode>(
             args.config,
             TestClock(Clock.systemUTC()),
             DefaultNamedCacheFactory(),
             args.version,
-            cordappLoader,
             args.network.getServerThread(args.id),
             args.network.busyLatch
     ) {
@@ -424,27 +421,13 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         var acceptableLiveFiberCountOnStop: Int = 0
 
         override fun acceptableLiveFiberCountOnStop(): Int = acceptableLiveFiberCountOnStop
-
-        override fun makeBFTCluster(notaryKey: PublicKey, bftSMaRtConfig: BFTSMaRtConfiguration): BFTSMaRt.Cluster {
-            return object : BFTSMaRt.Cluster {
-                override fun waitUntilAllReplicasHaveInitialized() {
-                    val clusterNodes = mockNet.nodes.map { it.started!! }.filter { notaryKey in it.info.legalIdentities.map { it.owningKey } }
-                    if (clusterNodes.size != bftSMaRtConfig.clusterAddresses.size) {
-                        throw IllegalStateException("Unable to enumerate all nodes in BFT cluster.")
-                    }
-                    clusterNodes.forEach {
-                        (it.notaryService as BFTNonValidatingNotaryService).waitUntilReplicaHasInitialized()
-                    }
-                }
-            }
-        }
     }
 
     fun createUnstartedNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters()): MockNode {
         return createUnstartedNode(parameters, defaultFactory)
     }
 
-    fun createUnstartedNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters(), nodeFactory: (MockNodeArgs, CordappLoader?) -> MockNode): MockNode {
+    fun createUnstartedNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters(), nodeFactory: (MockNodeArgs) -> MockNode): MockNode {
         return createNodeImpl(parameters, nodeFactory, false)
     }
 
@@ -453,11 +436,11 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
     }
 
     /** Like the other [createNode] but takes a [nodeFactory] and propagates its [MockNode] subtype. */
-    fun createNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters(), nodeFactory: (MockNodeArgs, CordappLoader?) -> MockNode): TestStartedNode {
+    fun createNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters(), nodeFactory: (MockNodeArgs) -> MockNode): TestStartedNode {
         return uncheckedCast(createNodeImpl(parameters, nodeFactory, true).started)!!
     }
 
-    private fun createNodeImpl(parameters: InternalMockNodeParameters, nodeFactory: (MockNodeArgs, CordappLoader?) -> MockNode, start: Boolean): MockNode {
+    private fun createNodeImpl(parameters: InternalMockNodeParameters, nodeFactory: (MockNodeArgs) -> MockNode, start: Boolean): MockNode {
         val id = parameters.forcedID ?: nextNodeId++
         val baseDirectory = baseDirectory(id)
         val certificatesDirectory = baseDirectory / "certificates"
@@ -474,7 +457,7 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         val cordappDirectories = sharedCorDappsDirectories + TestCordappDirectories.cached(cordapps)
         doReturn(cordappDirectories).whenever(config).cordappDirectories
 
-        val node = nodeFactory(MockNodeArgs(config, this, id, parameters.entropyRoot, parameters.version), JarScanningCordappLoader.fromDirectories(cordappDirectories, parameters.version))
+        val node = nodeFactory(MockNodeArgs(config, this, id, parameters.entropyRoot, parameters.version))
         _nodes += node
         if (start) {
             node.start()
@@ -482,7 +465,7 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         return node
     }
 
-    fun restartNode(node: TestStartedNode, nodeFactory: (MockNodeArgs, CordappLoader?) -> MockNode): TestStartedNode {
+    fun restartNode(node: TestStartedNode, nodeFactory: (MockNodeArgs) -> MockNode): TestStartedNode {
         node.internals.disableDBCloseOnStop()
         node.dispose()
         return createNode(
diff --git a/node/src/test/kotlin/net/corda/node/utilities/TestingNamedCacheFactory.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt
similarity index 95%
rename from node/src/test/kotlin/net/corda/node/utilities/TestingNamedCacheFactory.kt
rename to testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt
index 4582246e09..7908d5dd27 100644
--- a/node/src/test/kotlin/net/corda/node/utilities/TestingNamedCacheFactory.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt
@@ -1,4 +1,4 @@
-package net.corda.node.utilities
+package net.corda.testing.internal
 
 import com.codahale.metrics.MetricRegistry
 import com.github.benmanes.caffeine.cache.Cache
@@ -9,6 +9,7 @@ import net.corda.core.internal.buildNamed
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.node.services.config.MB
 import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.utilities.NamedCacheFactory
 
 class TestingNamedCacheFactory private constructor(private val sizeOverride: Long, private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : NamedCacheFactory, SingletonSerializeAsToken() {
     constructor(sizeOverride: Long = 1024) : this(sizeOverride, null, null)

From 554b1fa371eb35c9009df83b65afa852602f317b Mon Sep 17 00:00:00 2001
From: Konstantinos Chalkias <konstantinos.chalkias@r3.com>
Date: Wed, 10 Oct 2018 10:35:18 +0100
Subject: [PATCH 32/83] [CORDA-2084] EdDSA, SPHINCS-256 and RSA PKCS#1 are
 deterministic, no RNG required. (#4051)

---
 .../kotlin/net/corda/core/crypto/Crypto.kt    |  20 +-
 .../net/corda/core/crypto/CryptoUtilsTest.kt  | 222 ++++++++++--------
 2 files changed, 138 insertions(+), 104 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
index e131cdc7df..9da4417c7d 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
@@ -424,15 +424,19 @@ object Crypto {
         }
         require(clearData.isNotEmpty()) { "Signing of an empty array is not permitted!" }
         val signature = Signature.getInstance(signatureScheme.signatureName, providerMap[signatureScheme.providerName])
-        // Note that deterministic signature schemes, such as EdDSA, do not require extra randomness, but we have to
-        // ensure that non-deterministic algorithms (i.e., ECDSA) use non-blocking SecureRandom implementations (if possible).
-        // TODO consider updating this when the related BC issue for Sphincs is fixed.
-        if (signatureScheme != SPHINCS256_SHA256) {
-            signature.initSign(privateKey, newSecureRandom())
-        } else {
-            // Special handling for Sphincs, due to a BC implementation issue.
-            // As Sphincs is deterministic, it does not require RNG input anyway.
+        // Note that deterministic signature schemes, such as EdDSA, original SPHINCS-256 and RSA PKCS#1, do not require
+        // extra randomness, but we have to ensure that non-deterministic algorithms (i.e., ECDSA) use non-blocking
+        // SecureRandom implementation. Also, SPHINCS-256 implementation in BouncyCastle 1.60 fails with
+        // ClassCastException if we invoke initSign with a SecureRandom as an input.
+        // TODO Although we handle the above issue here, consider updating to BC 1.61+ which provides a fix.
+        if (signatureScheme == EDDSA_ED25519_SHA512
+                || signatureScheme == SPHINCS256_SHA256
+                || signatureScheme == RSA_SHA256) {
             signature.initSign(privateKey)
+        } else {
+            // The rest of the algorithms will require a SecureRandom input (i.e., ECDSA or any new algorithm for which
+            // we don't know if it's deterministic).
+            signature.initSign(privateKey, newSecureRandom())
         }
         signature.update(clearData)
         return signature.sign()
diff --git a/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt b/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt
index a8f156b77a..dbfa620d15 100644
--- a/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt
+++ b/core/src/test/kotlin/net/corda/core/crypto/CryptoUtilsTest.kt
@@ -1,6 +1,12 @@
 package net.corda.core.crypto
 
 import com.google.common.collect.Sets
+import net.corda.core.crypto.Crypto.ECDSA_SECP256K1_SHA256
+import net.corda.core.crypto.Crypto.ECDSA_SECP256R1_SHA256
+import net.corda.core.crypto.Crypto.EDDSA_ED25519_SHA512
+import net.corda.core.crypto.Crypto.RSA_SHA256
+import net.corda.core.crypto.Crypto.SPHINCS256_SHA256
+import net.corda.core.utilities.OpaqueBytes
 import net.i2p.crypto.eddsa.EdDSAKey
 import net.i2p.crypto.eddsa.EdDSAPrivateKey
 import net.i2p.crypto.eddsa.EdDSAPublicKey
@@ -30,17 +36,20 @@ import kotlin.test.*
  */
 class CryptoUtilsTest {
 
-    private val testBytes = "Hello World".toByteArray()
+    companion object {
+        private val testBytes = "Hello World".toByteArray()
+        private val test100ZeroBytes = ByteArray(100)
+    }
 
     // key generation test
     @Test
     fun `Generate key pairs`() {
         // testing supported algorithms
-        val rsaKeyPair = Crypto.generateKeyPair(Crypto.RSA_SHA256)
-        val ecdsaKKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
-        val ecdsaRKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
-        val eddsaKeyPair = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
-        val sphincsKeyPair = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256)
+        val rsaKeyPair = Crypto.generateKeyPair(RSA_SHA256)
+        val ecdsaKKeyPair = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
+        val ecdsaRKeyPair = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
+        val eddsaKeyPair = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
+        val sphincsKeyPair = Crypto.generateKeyPair(SPHINCS256_SHA256)
 
         // not null private keys
         assertNotNull(rsaKeyPair.private)
@@ -69,7 +78,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `RSA full process keygen-sign-verify`() {
-        val keyPair = Crypto.generateKeyPair(Crypto.RSA_SHA256)
+        val keyPair = Crypto.generateKeyPair(RSA_SHA256)
         val (privKey, pubKey) = keyPair
         // test for some data
         val signedData = Crypto.doSign(privKey, testBytes)
@@ -101,8 +110,8 @@ class CryptoUtilsTest {
         }
 
         // test for zero bytes data
-        val signedDataZeros = Crypto.doSign(privKey, ByteArray(100))
-        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, ByteArray(100))
+        val signedDataZeros = Crypto.doSign(privKey, test100ZeroBytes)
+        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, test100ZeroBytes)
         assertTrue(verificationZeros)
 
         // test for 1MB of data (I successfully tested it locally for 1GB as well)
@@ -124,7 +133,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `ECDSA secp256k1 full process keygen-sign-verify`() {
-        val keyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPair = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val (privKey, pubKey) = keyPair
         // test for some data
         val signedData = Crypto.doSign(privKey, testBytes)
@@ -156,8 +165,8 @@ class CryptoUtilsTest {
         }
 
         // test for zero bytes data
-        val signedDataZeros = Crypto.doSign(privKey, ByteArray(100))
-        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, ByteArray(100))
+        val signedDataZeros = Crypto.doSign(privKey, test100ZeroBytes)
+        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, test100ZeroBytes)
         assertTrue(verificationZeros)
 
         // test for 1MB of data (I successfully tested it locally for 1GB as well)
@@ -179,7 +188,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `ECDSA secp256r1 full process keygen-sign-verify`() {
-        val keyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
+        val keyPair = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
         val (privKey, pubKey) = keyPair
         // test for some data
         val signedData = Crypto.doSign(privKey, testBytes)
@@ -211,8 +220,8 @@ class CryptoUtilsTest {
         }
 
         // test for zero bytes data
-        val signedDataZeros = Crypto.doSign(privKey, ByteArray(100))
-        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, ByteArray(100))
+        val signedDataZeros = Crypto.doSign(privKey, test100ZeroBytes)
+        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, test100ZeroBytes)
         assertTrue(verificationZeros)
 
         // test for 1MB of data (I successfully tested it locally for 1GB as well)
@@ -234,7 +243,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `EDDSA ed25519 full process keygen-sign-verify`() {
-        val keyPair = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
+        val keyPair = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
         val (privKey, pubKey) = keyPair
         // test for some data
         val signedData = Crypto.doSign(privKey, testBytes)
@@ -266,8 +275,8 @@ class CryptoUtilsTest {
         }
 
         // test for zero bytes data
-        val signedDataZeros = Crypto.doSign(privKey, ByteArray(100))
-        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, ByteArray(100))
+        val signedDataZeros = Crypto.doSign(privKey, test100ZeroBytes)
+        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, test100ZeroBytes)
         assertTrue(verificationZeros)
 
         // test for 1MB of data (I successfully tested it locally for 1GB as well)
@@ -289,7 +298,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `SPHINCS-256 full process keygen-sign-verify`() {
-        val keyPair = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256)
+        val keyPair = Crypto.generateKeyPair(SPHINCS256_SHA256)
         val (privKey, pubKey) = keyPair
         // test for some data
         val signedData = Crypto.doSign(privKey, testBytes)
@@ -321,8 +330,8 @@ class CryptoUtilsTest {
         }
 
         // test for zero bytes data
-        val signedDataZeros = Crypto.doSign(privKey, ByteArray(100))
-        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, ByteArray(100))
+        val signedDataZeros = Crypto.doSign(privKey, test100ZeroBytes)
+        val verificationZeros = Crypto.doVerify(pubKey, signedDataZeros, test100ZeroBytes)
         assertTrue(verificationZeros)
 
         // test for 1MB of data (I successfully tested it locally for 1GB as well)
@@ -354,7 +363,7 @@ class CryptoUtilsTest {
     @Test
     fun `RSA encode decode keys - required for serialization`() {
         // Generate key pair.
-        val keyPair = Crypto.generateKeyPair(Crypto.RSA_SHA256)
+        val keyPair = Crypto.generateKeyPair(RSA_SHA256)
         val (privKey, pubKey) = keyPair
 
         // Encode and decode private key.
@@ -369,7 +378,7 @@ class CryptoUtilsTest {
     @Test
     fun `ECDSA secp256k1 encode decode keys - required for serialization`() {
         // Generate key pair.
-        val keyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPair = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val (privKey, pubKey) = keyPair
 
         // Encode and decode private key.
@@ -384,7 +393,7 @@ class CryptoUtilsTest {
     @Test
     fun `ECDSA secp256r1 encode decode keys - required for serialization`() {
         // Generate key pair.
-        val keyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
+        val keyPair = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
         val (privKey, pubKey) = keyPair
 
         // Encode and decode private key.
@@ -399,7 +408,7 @@ class CryptoUtilsTest {
     @Test
     fun `EdDSA encode decode keys - required for serialization`() {
         // Generate key pair.
-        val keyPair = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
+        val keyPair = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
         val (privKey, pubKey) = keyPair
 
         // Encode and decode private key.
@@ -414,7 +423,7 @@ class CryptoUtilsTest {
     @Test
     fun `SPHINCS-256 encode decode keys - required for serialization`() {
         // Generate key pair.
-        val keyPair = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256)
+        val keyPair = Crypto.generateKeyPair(SPHINCS256_SHA256)
         val privKey: BCSphincs256PrivateKey = keyPair.private as BCSphincs256PrivateKey
         val pubKey: BCSphincs256PublicKey = keyPair.public as BCSphincs256PublicKey
 
@@ -443,7 +452,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `RSA scheme finder by key type`() {
-        val keyPairRSA = Crypto.generateKeyPair(Crypto.RSA_SHA256)
+        val keyPairRSA = Crypto.generateKeyPair(RSA_SHA256)
         val (privRSA, pubRSA) = keyPairRSA
         assertEquals(privRSA.algorithm, "RSA")
         assertEquals(pubRSA.algorithm, "RSA")
@@ -451,7 +460,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `ECDSA secp256k1 scheme finder by key type`() {
-        val keyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPair = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val (privKey, pubKey) = keyPair
 
         // Encode and decode private key.
@@ -466,7 +475,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `ECDSA secp256r1 scheme finder by key type`() {
-        val keyPairR1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
+        val keyPairR1 = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
         val (privR1, pubR1) = keyPairR1
         assertEquals(privR1.algorithm, "ECDSA")
         assertEquals((privR1 as ECKey).parameters, ECNamedCurveTable.getParameterSpec("secp256r1"))
@@ -476,7 +485,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `EdDSA scheme finder by key type`() {
-        val keyPairEd = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
+        val keyPairEd = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
         val (privEd, pubEd) = keyPairEd
 
         assertEquals(privEd.algorithm, "EdDSA")
@@ -487,7 +496,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `SPHINCS-256 scheme finder by key type`() {
-        val keyPairSP = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256)
+        val keyPairSP = Crypto.generateKeyPair(SPHINCS256_SHA256)
         val (privSP, pubSP) = keyPairSP
         assertEquals(privSP.algorithm, "SPHINCS-256")
         assertEquals(pubSP.algorithm, "SPHINCS-256")
@@ -495,7 +504,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Automatic EdDSA key-type detection and decoding`() {
-        val keyPairEd = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
+        val keyPairEd = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
         val (privEd, pubEd) = keyPairEd
         val encodedPrivEd = privEd.encoded
         val encodedPubEd = pubEd.encoded
@@ -511,7 +520,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Automatic ECDSA secp256k1 key-type detection and decoding`() {
-        val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPairK1 = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val (privK1, pubK1) = keyPairK1
         val encodedPrivK1 = privK1.encoded
         val encodedPubK1 = pubK1.encoded
@@ -527,7 +536,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Automatic ECDSA secp256r1 key-type detection and decoding`() {
-        val keyPairR1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
+        val keyPairR1 = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
         val (privR1, pubR1) = keyPairR1
         val encodedPrivR1 = privR1.encoded
         val encodedPubR1 = pubR1.encoded
@@ -543,7 +552,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Automatic RSA key-type detection and decoding`() {
-        val keyPairRSA = Crypto.generateKeyPair(Crypto.RSA_SHA256)
+        val keyPairRSA = Crypto.generateKeyPair(RSA_SHA256)
         val (privRSA, pubRSA) = keyPairRSA
         val encodedPrivRSA = privRSA.encoded
         val encodedPubRSA = pubRSA.encoded
@@ -559,7 +568,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Automatic SPHINCS-256 key-type detection and decoding`() {
-        val keyPairSP = Crypto.generateKeyPair(Crypto.SPHINCS256_SHA256)
+        val keyPairSP = Crypto.generateKeyPair(SPHINCS256_SHA256)
         val (privSP, pubSP) = keyPairSP
         val encodedPrivSP = privSP.encoded
         val encodedPubSP = pubSP.encoded
@@ -575,12 +584,12 @@ class CryptoUtilsTest {
 
     @Test
     fun `Failure test between K1 and R1 keys`() {
-        val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPairK1 = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val privK1 = keyPairK1.private
         val encodedPrivK1 = privK1.encoded
         val decodedPrivK1 = Crypto.decodePrivateKey(encodedPrivK1)
 
-        val keyPairR1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
+        val keyPairR1 = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
         val privR1 = keyPairR1.private
         val encodedPrivR1 = privR1.encoded
         val decodedPrivR1 = Crypto.decodePrivateKey(encodedPrivR1)
@@ -590,7 +599,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Decoding Failure on randomdata as key`() {
-        val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPairK1 = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val privK1 = keyPairK1.private
         val encodedPrivK1 = privK1.encoded
 
@@ -610,7 +619,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `Decoding Failure on malformed keys`() {
-        val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPairK1 = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val privK1 = keyPairK1.private
         val encodedPrivK1 = privK1.encoded
 
@@ -630,25 +639,25 @@ class CryptoUtilsTest {
 
     @Test
     fun `Check ECDSA public key on curve`() {
-        val keyPairK1 = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val keyPairK1 = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val pubK1 = keyPairK1.public as BCECPublicKey
-        assertTrue(Crypto.publicKeyOnCurve(Crypto.ECDSA_SECP256K1_SHA256, pubK1))
+        assertTrue(Crypto.publicKeyOnCurve(ECDSA_SECP256K1_SHA256, pubK1))
         // use R1 curve for check.
-        assertFalse(Crypto.publicKeyOnCurve(Crypto.ECDSA_SECP256R1_SHA256, pubK1))
+        assertFalse(Crypto.publicKeyOnCurve(ECDSA_SECP256R1_SHA256, pubK1))
         // use ed25519 curve for check.
-        assertFalse(Crypto.publicKeyOnCurve(Crypto.EDDSA_ED25519_SHA512, pubK1))
+        assertFalse(Crypto.publicKeyOnCurve(EDDSA_ED25519_SHA512, pubK1))
     }
 
     @Test
     fun `Check EdDSA public key on curve`() {
-        val keyPairEdDSA = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
+        val keyPairEdDSA = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
         val pubEdDSA = keyPairEdDSA.public
-        assertTrue(Crypto.publicKeyOnCurve(Crypto.EDDSA_ED25519_SHA512, pubEdDSA))
+        assertTrue(Crypto.publicKeyOnCurve(EDDSA_ED25519_SHA512, pubEdDSA))
         // Use R1 curve for check.
-        assertFalse(Crypto.publicKeyOnCurve(Crypto.ECDSA_SECP256R1_SHA256, pubEdDSA))
+        assertFalse(Crypto.publicKeyOnCurve(ECDSA_SECP256R1_SHA256, pubEdDSA))
         // Check for point at infinity.
-        val pubKeySpec = EdDSAPublicKeySpec((Crypto.EDDSA_ED25519_SHA512.algSpec as EdDSANamedCurveSpec).curve.getZero(GroupElement.Representation.P3), Crypto.EDDSA_ED25519_SHA512.algSpec as EdDSANamedCurveSpec)
-        assertFalse(Crypto.publicKeyOnCurve(Crypto.EDDSA_ED25519_SHA512, EdDSAPublicKey(pubKeySpec)))
+        val pubKeySpec = EdDSAPublicKeySpec((EDDSA_ED25519_SHA512.algSpec as EdDSANamedCurveSpec).curve.getZero(GroupElement.Representation.P3), EDDSA_ED25519_SHA512.algSpec as EdDSANamedCurveSpec)
+        assertFalse(Crypto.publicKeyOnCurve(EDDSA_ED25519_SHA512, EdDSAPublicKey(pubKeySpec)))
     }
 
     @Test(expected = IllegalArgumentException::class)
@@ -658,12 +667,12 @@ class CryptoUtilsTest {
         val pairSun = keyGen.generateKeyPair()
         val pubSun = pairSun.public
         // Should fail as pubSun is not a BCECPublicKey.
-        Crypto.publicKeyOnCurve(Crypto.ECDSA_SECP256R1_SHA256, pubSun)
+        Crypto.publicKeyOnCurve(ECDSA_SECP256R1_SHA256, pubSun)
     }
 
     @Test
     fun `ECDSA secp256R1 deterministic key generation`() {
-        val (priv, pub) = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256)
+        val (priv, pub) = Crypto.generateKeyPair(ECDSA_SECP256R1_SHA256)
         val (dpriv, dpub) = Crypto.deriveKeyPair(priv, "seed-1".toByteArray())
 
         // Check scheme.
@@ -673,11 +682,11 @@ class CryptoUtilsTest {
         assertTrue(dpub is BCECPublicKey)
         assertEquals((dpriv as ECKey).parameters, ECNamedCurveTable.getParameterSpec("secp256r1"))
         assertEquals((dpub as ECKey).parameters, ECNamedCurveTable.getParameterSpec("secp256r1"))
-        assertEquals(Crypto.findSignatureScheme(dpriv), Crypto.ECDSA_SECP256R1_SHA256)
-        assertEquals(Crypto.findSignatureScheme(dpub), Crypto.ECDSA_SECP256R1_SHA256)
+        assertEquals(Crypto.findSignatureScheme(dpriv), ECDSA_SECP256R1_SHA256)
+        assertEquals(Crypto.findSignatureScheme(dpub), ECDSA_SECP256R1_SHA256)
 
         // Validate public key.
-        assertTrue(Crypto.publicKeyOnCurve(Crypto.ECDSA_SECP256R1_SHA256, dpub))
+        assertTrue(Crypto.publicKeyOnCurve(ECDSA_SECP256R1_SHA256, dpub))
 
         // Try to sign/verify.
         val signedData = Crypto.doSign(dpriv, testBytes)
@@ -704,7 +713,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `ECDSA secp256K1 deterministic key generation`() {
-        val (priv, pub) = Crypto.generateKeyPair(Crypto.ECDSA_SECP256K1_SHA256)
+        val (priv, pub) = Crypto.generateKeyPair(ECDSA_SECP256K1_SHA256)
         val (dpriv, dpub) = Crypto.deriveKeyPair(priv, "seed-1".toByteArray())
 
         // Check scheme.
@@ -714,11 +723,11 @@ class CryptoUtilsTest {
         assertTrue(dpub is BCECPublicKey)
         assertEquals((dpriv as ECKey).parameters, ECNamedCurveTable.getParameterSpec("secp256k1"))
         assertEquals((dpub as ECKey).parameters, ECNamedCurveTable.getParameterSpec("secp256k1"))
-        assertEquals(Crypto.findSignatureScheme(dpriv), Crypto.ECDSA_SECP256K1_SHA256)
-        assertEquals(Crypto.findSignatureScheme(dpub), Crypto.ECDSA_SECP256K1_SHA256)
+        assertEquals(Crypto.findSignatureScheme(dpriv), ECDSA_SECP256K1_SHA256)
+        assertEquals(Crypto.findSignatureScheme(dpub), ECDSA_SECP256K1_SHA256)
 
         // Validate public key.
-        assertTrue(Crypto.publicKeyOnCurve(Crypto.ECDSA_SECP256K1_SHA256, dpub))
+        assertTrue(Crypto.publicKeyOnCurve(ECDSA_SECP256K1_SHA256, dpub))
 
         // Try to sign/verify.
         val signedData = Crypto.doSign(dpriv, testBytes)
@@ -745,7 +754,7 @@ class CryptoUtilsTest {
 
     @Test
     fun `EdDSA ed25519 deterministic key generation`() {
-        val (priv, pub) = Crypto.generateKeyPair(Crypto.EDDSA_ED25519_SHA512)
+        val (priv, pub) = Crypto.generateKeyPair(EDDSA_ED25519_SHA512)
         val (dpriv, dpub) = Crypto.deriveKeyPair(priv, "seed-1".toByteArray())
 
         // Check scheme.
@@ -755,11 +764,11 @@ class CryptoUtilsTest {
         assertTrue(dpub is EdDSAPublicKey)
         assertEquals((dpriv as EdDSAKey).params, EdDSANamedCurveTable.getByName("ED25519"))
         assertEquals((dpub as EdDSAKey).params, EdDSANamedCurveTable.getByName("ED25519"))
-        assertEquals(Crypto.findSignatureScheme(dpriv), Crypto.EDDSA_ED25519_SHA512)
-        assertEquals(Crypto.findSignatureScheme(dpub), Crypto.EDDSA_ED25519_SHA512)
+        assertEquals(Crypto.findSignatureScheme(dpriv), EDDSA_ED25519_SHA512)
+        assertEquals(Crypto.findSignatureScheme(dpub), EDDSA_ED25519_SHA512)
 
         // Validate public key.
-        assertTrue(Crypto.publicKeyOnCurve(Crypto.EDDSA_ED25519_SHA512, dpub))
+        assertTrue(Crypto.publicKeyOnCurve(EDDSA_ED25519_SHA512, dpub))
 
         // Try to sign/verify.
         val signedData = Crypto.doSign(dpriv, testBytes)
@@ -786,110 +795,131 @@ class CryptoUtilsTest {
 
     @Test
     fun `EdDSA ed25519 keyPair from entropy`() {
-        val keyPairPositive = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("10"))
+        val keyPairPositive = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("10"))
         assertEquals("DLBL3iHCp9uRReWhhCGfCsrxZZpfAm9h9GLbfN8ijqXTq", keyPairPositive.public.toStringShort())
 
-        val keyPairNegative = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("-10"))
+        val keyPairNegative = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("-10"))
         assertEquals("DLC5HXnYsJAFqmM9hgPj5G8whQ4TpyE9WMBssqCayLBwA2", keyPairNegative.public.toStringShort())
 
-        val keyPairZero = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("0"))
+        val keyPairZero = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("0"))
         assertEquals("DL4UVhGh4tqu1G86UVoGNaDDNCMsBtNHzE6BSZuNNJN7W2", keyPairZero.public.toStringShort())
 
-        val keyPairOne = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("1"))
+        val keyPairOne = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("1"))
         assertEquals("DL8EZUdHixovcCynKMQzrMWBnXQAcbVDHi6ArPphqwJVzq", keyPairOne.public.toStringShort())
 
-        val keyPairBiggerThan256bits = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("2").pow(258).minus(BigInteger.TEN))
+        val keyPairBiggerThan256bits = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("2").pow(258).minus(BigInteger.TEN))
         assertEquals("DLB9K1UiBrWonn481z6NzkqoWHjMBXpfDeaet3wiwRNWSU", keyPairBiggerThan256bits.public.toStringShort())
         // The underlying implementation uses the first 256 bytes of the entropy. Thus, 2^258-10 and 2^258-50 and 2^514-10 have the same impact.
-        val keyPairBiggerThan256bitsV2 = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("2").pow(258).minus(BigInteger("50")))
+        val keyPairBiggerThan256bitsV2 = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("2").pow(258).minus(BigInteger("50")))
         assertEquals("DLB9K1UiBrWonn481z6NzkqoWHjMBXpfDeaet3wiwRNWSU", keyPairBiggerThan256bitsV2.public.toStringShort())
-        val keyPairBiggerThan512bits = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("2").pow(514).minus(BigInteger.TEN))
+        val keyPairBiggerThan512bits = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("2").pow(514).minus(BigInteger.TEN))
         assertEquals("DLB9K1UiBrWonn481z6NzkqoWHjMBXpfDeaet3wiwRNWSU", keyPairBiggerThan512bits.public.toStringShort())
 
         // Try another big number.
-        val keyPairBiggerThan258bits = Crypto.deriveKeyPairFromEntropy(Crypto.EDDSA_ED25519_SHA512, BigInteger("2").pow(259).plus(BigInteger.ONE))
+        val keyPairBiggerThan258bits = Crypto.deriveKeyPairFromEntropy(EDDSA_ED25519_SHA512, BigInteger("2").pow(259).plus(BigInteger.ONE))
         assertEquals("DL5tEFVMXMGrzwjfCAW34JjkhsRkPfFyJ38iEnmpB6L2Z9", keyPairBiggerThan258bits.public.toStringShort())
     }
 
     @Test
     fun `ECDSA R1 keyPair from entropy`() {
-        val keyPairPositive = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("10"))
+        val keyPairPositive = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("10"))
         assertEquals("DLHDcxuSt9J3cbjd2Dsx4rAgYYA7BAP7A8VLrFiq1tH9yy", keyPairPositive.public.toStringShort())
         // The underlying implementation uses the hash of entropy if it is out of range 2 < entropy < N, where N the order of the group.
-        val keyPairNegative = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("-10"))
+        val keyPairNegative = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("-10"))
         assertEquals("DLBASmjiMZuu1g3EtdHJxfSueXE8PRoUWbkdU61Qcnpamt", keyPairNegative.public.toStringShort())
 
-        val keyPairZero = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("0"))
+        val keyPairZero = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("0"))
         assertEquals("DLH2FEHEnsT3MpCJt2gfyNjpqRqcBxeupK4YRPXvDsVEkb", keyPairZero.public.toStringShort())
         // BigIntenger.Zero is out or range, so 1 and hash(1.toByteArray) would have the same impact.
         val zeroHashed = BigInteger(1, BigInteger("0").toByteArray().sha256().bytes)
         // Check oneHashed < N (order of the group), otherwise we would need an extra hash.
-        assertEquals(-1, zeroHashed.compareTo((Crypto.ECDSA_SECP256R1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
-        val keyPairZeroHashed = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, zeroHashed)
+        assertEquals(-1, zeroHashed.compareTo((ECDSA_SECP256R1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
+        val keyPairZeroHashed = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, zeroHashed)
         assertEquals("DLH2FEHEnsT3MpCJt2gfyNjpqRqcBxeupK4YRPXvDsVEkb", keyPairZeroHashed.public.toStringShort())
 
-        val keyPairOne = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("1"))
+        val keyPairOne = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("1"))
         assertEquals("DLHrtKwjv6onq9HcrQDJPs8Cgtai5mZU5ZU6sb1ivJjx3z", keyPairOne.public.toStringShort())
         // BigIntenger.ONE is out or range, so 1 and hash(1.toByteArray) would have the same impact.
         val oneHashed = BigInteger(1, BigInteger("1").toByteArray().sha256().bytes)
         // Check oneHashed < N (order of the group), otherwise we would need an extra hash.
-        assertEquals(-1, oneHashed.compareTo((Crypto.ECDSA_SECP256R1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
-        val keyPairOneHashed = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, oneHashed)
+        assertEquals(-1, oneHashed.compareTo((ECDSA_SECP256R1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
+        val keyPairOneHashed = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, oneHashed)
         assertEquals("DLHrtKwjv6onq9HcrQDJPs8Cgtai5mZU5ZU6sb1ivJjx3z", keyPairOneHashed.public.toStringShort())
 
         // 2 is in the range.
-        val keyPairTwo = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("2"))
+        val keyPairTwo = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("2"))
         assertEquals("DLFoz6txJ3vHcKNSM1vFxHJUoEQ69PorBwW64dHsAnEoZB", keyPairTwo.public.toStringShort())
 
         // Try big numbers that are out of range.
-        val keyPairBiggerThan256bits = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("2").pow(258).minus(BigInteger.TEN))
+        val keyPairBiggerThan256bits = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("2").pow(258).minus(BigInteger.TEN))
         assertEquals("DLBv6fZqaCTbE4L7sgjbt19biXHMgU9CzR5s8g8XBJjZ11", keyPairBiggerThan256bits.public.toStringShort())
-        val keyPairBiggerThan256bitsV2 = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("2").pow(258).minus(BigInteger("50")))
+        val keyPairBiggerThan256bitsV2 = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("2").pow(258).minus(BigInteger("50")))
         assertEquals("DLANmjhGSVdLyghxcPHrn3KuGatscf6LtvqifUDxw7SGU8", keyPairBiggerThan256bitsV2.public.toStringShort())
-        val keyPairBiggerThan512bits = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("2").pow(514).minus(BigInteger.TEN))
+        val keyPairBiggerThan512bits = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("2").pow(514).minus(BigInteger.TEN))
         assertEquals("DL9sKwMExBTD3MnJN6LWGqo496Erkebs9fxZtXLVJUBY9Z", keyPairBiggerThan512bits.public.toStringShort())
-        val keyPairBiggerThan258bits = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger("2").pow(259).plus(BigInteger.ONE))
+        val keyPairBiggerThan258bits = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256R1_SHA256, BigInteger("2").pow(259).plus(BigInteger.ONE))
         assertEquals("DLBwjWwPJSF9E7b1NWaSbEJ4oK8CF7RDGWd648TiBhZoL1", keyPairBiggerThan258bits.public.toStringShort())
     }
 
     @Test
     fun `ECDSA K1 keyPair from entropy`() {
-        val keyPairPositive = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("10"))
+        val keyPairPositive = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("10"))
         assertEquals("DL6pYKUgH17az8MLdonvvUtUPN8TqwpCGcdgLr7vg3skCU", keyPairPositive.public.toStringShort())
         // The underlying implementation uses the hash of entropy if it is out of range 2 <= entropy < N, where N the order of the group.
-        val keyPairNegative = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("-10"))
+        val keyPairNegative = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("-10"))
         assertEquals("DLnpXhxece69Nyqgm3pPt3yV7ESQYDJKoYxs1hKgfBAEu", keyPairNegative.public.toStringShort())
 
-        val keyPairZero = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("0"))
+        val keyPairZero = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("0"))
         assertEquals("DLBC28e18T6KsYwjTFfUWJfhvHjvYVapyVf6antnqUkbgd", keyPairZero.public.toStringShort())
         // BigIntenger.Zero is out or range, so 1 and hash(1.toByteArray) would have the same impact.
         val zeroHashed = BigInteger(1, BigInteger("0").toByteArray().sha256().bytes)
         // Check oneHashed < N (order of the group), otherwise we would need an extra hash.
-        assertEquals(-1, zeroHashed.compareTo((Crypto.ECDSA_SECP256K1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
-        val keyPairZeroHashed = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, zeroHashed)
+        assertEquals(-1, zeroHashed.compareTo((ECDSA_SECP256K1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
+        val keyPairZeroHashed = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, zeroHashed)
         assertEquals("DLBC28e18T6KsYwjTFfUWJfhvHjvYVapyVf6antnqUkbgd", keyPairZeroHashed.public.toStringShort())
 
-        val keyPairOne = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("1"))
+        val keyPairOne = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("1"))
         assertEquals("DLBimRXdEQhJUTpL6f9ri9woNdsze6mwkRrhsML13Eh7ET", keyPairOne.public.toStringShort())
         // BigIntenger.ONE is out or range, so 1 and hash(1.toByteArray) would have the same impact.
         val oneHashed = BigInteger(1, BigInteger("1").toByteArray().sha256().bytes)
         // Check oneHashed < N (order of the group), otherwise we would need an extra hash.
-        assertEquals(-1, oneHashed.compareTo((Crypto.ECDSA_SECP256K1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
-        val keyPairOneHashed = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, oneHashed)
+        assertEquals(-1, oneHashed.compareTo((ECDSA_SECP256K1_SHA256.algSpec as ECNamedCurveParameterSpec).n))
+        val keyPairOneHashed = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, oneHashed)
         assertEquals("DLBimRXdEQhJUTpL6f9ri9woNdsze6mwkRrhsML13Eh7ET", keyPairOneHashed.public.toStringShort())
 
         // 2 is in the range.
-        val keyPairTwo = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("2"))
+        val keyPairTwo = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("2"))
         assertEquals("DLG32UWaevGw9YY7w1Rf9mmK88biavgpDnJA9bG4GapVPs", keyPairTwo.public.toStringShort())
 
         // Try big numbers that are out of range.
-        val keyPairBiggerThan256bits = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("2").pow(258).minus(BigInteger.TEN))
+        val keyPairBiggerThan256bits = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("2").pow(258).minus(BigInteger.TEN))
         assertEquals("DLGHsdv2xeAuM7n3sBc6mFfiphXe6VSf3YxqvviKDU6Vbd", keyPairBiggerThan256bits.public.toStringShort())
-        val keyPairBiggerThan256bitsV2 = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("2").pow(258).minus(BigInteger("50")))
+        val keyPairBiggerThan256bitsV2 = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("2").pow(258).minus(BigInteger("50")))
         assertEquals("DL9yJfiNGqteRrKPjGUkRQkeqzuQ4kwcYQWMCi5YKuUHrk", keyPairBiggerThan256bitsV2.public.toStringShort())
-        val keyPairBiggerThan512bits = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("2").pow(514).minus(BigInteger.TEN))
+        val keyPairBiggerThan512bits = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("2").pow(514).minus(BigInteger.TEN))
         assertEquals("DL3Wr5EQGrMTaKBy5XMvG8rvSfKX1AYZLCRU8kixGbxt1E", keyPairBiggerThan512bits.public.toStringShort())
-        val keyPairBiggerThan258bits = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256K1_SHA256, BigInteger("2").pow(259).plus(BigInteger.ONE))
+        val keyPairBiggerThan258bits = Crypto.deriveKeyPairFromEntropy(ECDSA_SECP256K1_SHA256, BigInteger("2").pow(259).plus(BigInteger.ONE))
         assertEquals("DL7NbssqvuuJ4cqFkkaVYu9j1MsVswESGgCfbqBS9ULwuM", keyPairBiggerThan258bits.public.toStringShort())
     }
+    
+    @Test
+    fun `Ensure deterministic signatures of EdDSA, SPHINCS-256 and RSA PKCS1`() {
+        listOf(EDDSA_ED25519_SHA512, SPHINCS256_SHA256, RSA_SHA256)
+                .forEach { testDeterministicSignatures(it) }
+    }
+
+    private fun testDeterministicSignatures(signatureScheme: SignatureScheme) {
+        val privateKey = Crypto.generateKeyPair(signatureScheme).private
+        val signedData1stTime = Crypto.doSign(privateKey, testBytes)
+        val signedData2ndTime = Crypto.doSign(privateKey, testBytes)
+        assertEquals(OpaqueBytes(signedData1stTime), OpaqueBytes(signedData2ndTime))
+
+        // Try for the special case of signing a zero array.
+        val signedZeroArray1stTime = Crypto.doSign(privateKey, test100ZeroBytes)
+        val signedZeroArray2ndTime = Crypto.doSign(privateKey, test100ZeroBytes)
+        assertEquals(OpaqueBytes(signedZeroArray1stTime), OpaqueBytes(signedZeroArray2ndTime))
+
+        // Just in case, test that signatures of different messages are not the same.
+        assertNotEquals(OpaqueBytes(signedData1stTime), OpaqueBytes(signedZeroArray1stTime))
+    }
 }

From b8b2cc772d27ab78330557f4deb13be112a63642 Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Wed, 10 Oct 2018 13:31:29 +0100
Subject: [PATCH 33/83] CORDA-535: Remove the old mechanism for loading custom
 notary service implementations.

All notary service implementations are now assumed to be loaded from CorDapps.
---
 docs/source/tutorial-custom-notary.rst        | 13 ++--
 .../net/corda/node/internal/AbstractNode.kt   | 75 +++++--------------
 .../node/services/config/NodeConfiguration.kt |  5 +-
 .../net/corda/node/services/TimedFlowTests.kt |  1 -
 samples/notary-demo/build.gradle              |  5 +-
 .../corda/notarydemo/MyCustomNotaryService.kt |  5 +-
 6 files changed, 32 insertions(+), 72 deletions(-)

diff --git a/docs/source/tutorial-custom-notary.rst b/docs/source/tutorial-custom-notary.rst
index cd102e484f..cf7b78a0ff 100644
--- a/docs/source/tutorial-custom-notary.rst
+++ b/docs/source/tutorial-custom-notary.rst
@@ -4,13 +4,12 @@ Writing a custom notary service (experimental)
 ==============================================
 
 .. warning:: Customising a notary service is still an experimental feature and not recommended for most use-cases. The APIs
-   for writing a custom notary may change in the future. Additionally, customising Raft or BFT notaries is not yet
-   fully supported. If you want to write your own Raft notary you will have to implement a custom database connector
-   (or use a separate database for the notary), and use a custom configuration file.
+   for writing a custom notary may change in the future.
 
-Similarly to writing an oracle service, the first step is to create a service class in your CorDapp and annotate it
-with ``@CordaService``. The Corda node scans for any class with this annotation and initialises them. The custom notary
-service class should provide a constructor with two parameters of types ``AppServiceHub`` and ``PublicKey``.
+The first step is to create a service class in your CorDapp that extends the ``NotaryService`` abstract class.
+This will ensure that it is recognised as a notary service.
+The custom notary service class should provide a constructor with two parameters of types ``ServiceHubInternal`` and ``PublicKey``.
+Note that ``ServiceHubInternal`` does not provide any API stability guarantees.
 
 .. literalinclude:: ../../samples/notary-demo/src/main/kotlin/net/corda/notarydemo/MyCustomNotaryService.kt
    :language: kotlin
@@ -32,5 +31,5 @@ To enable the service, add the following to the node configuration:
 
     notary : {
         validating : true # Set to false if your service is non-validating
-        custom : true
+        className : "net.corda.notarydemo.MyCustomValidatingNotaryService" # The fully qualified name of your service class
     }
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index bea2d435ae..141c92778b 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -42,9 +42,12 @@ import net.corda.node.services.ContractUpgradeHandler
 import net.corda.node.services.FinalityHandler
 import net.corda.node.services.NotaryChangeHandler
 import net.corda.node.services.api.*
-import net.corda.node.services.config.*
+import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.services.config.NotaryConfig
+import net.corda.node.services.config.configureWithDevSSLCertificate
 import net.corda.node.services.config.rpc.NodeRpcOptions
 import net.corda.node.services.config.shell.toShellConfig
+import net.corda.node.services.config.shouldInitCrashShell
 import net.corda.node.services.events.NodeSchedulerService
 import net.corda.node.services.events.ScheduledActivityObserver
 import net.corda.node.services.identity.PersistentIdentityService
@@ -59,7 +62,8 @@ import net.corda.node.services.network.PersistentNetworkMapCache
 import net.corda.node.services.persistence.*
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.node.services.statemachine.*
-import net.corda.node.services.transactions.*
+import net.corda.node.services.transactions.InMemoryTransactionVerifierService
+import net.corda.node.services.transactions.SimpleNotaryService
 import net.corda.node.services.upgrade.ContractUpgradeServiceImpl
 import net.corda.node.services.vault.NodeVaultService
 import net.corda.node.utilities.*
@@ -518,9 +522,9 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
 
     private fun installCordaServices(myNotaryIdentity: PartyAndCertificate?) {
         val loadedServices = cordappLoader.cordapps.flatMap { it.services }
-        filterServicesToInstall(loadedServices).forEach {
+        loadedServices.forEach {
             try {
-                installCordaService(flowStarter, it, myNotaryIdentity)
+                installCordaService(flowStarter, it)
             } catch (e: NoSuchMethodException) {
                 log.error("${it.name}, as a Corda service, must have a constructor with a single parameter of type " +
                         ServiceHub::class.java.name)
@@ -532,24 +536,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         }
     }
 
-    private fun filterServicesToInstall(loadedServices: List<Class<out SerializeAsToken>>): List<Class<out SerializeAsToken>> {
-        val customNotaryServiceList = loadedServices.filter { isNotaryService(it) }
-        if (customNotaryServiceList.isNotEmpty()) {
-            if (configuration.notary?.custom == true) {
-                require(customNotaryServiceList.size == 1) {
-                    "Attempting to install more than one notary service: ${customNotaryServiceList.joinToString()}"
-                }
-            } else return loadedServices - customNotaryServiceList
-        }
-        return loadedServices
-    }
-
-    /**
-     * If the [serviceClass] is a notary service, it will only be enabled if the "custom" flag is set in
-     * the notary configuration.
-     */
-    private fun isNotaryService(serviceClass: Class<*>) = NotaryService::class.java.isAssignableFrom(serviceClass)
-
     /**
      * This customizes the ServiceHub for each CordaService that is initiating flows.
      */
@@ -590,53 +576,30 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         override fun hashCode() = Objects.hash(serviceHub, flowStarter, serviceInstance)
     }
 
-    private fun <T : SerializeAsToken> installCordaService(flowStarter: FlowStarter, serviceClass: Class<T>, myNotaryIdentity: PartyAndCertificate?) {
+    private fun <T : SerializeAsToken> installCordaService(flowStarter: FlowStarter, serviceClass: Class<T>) {
         serviceClass.requireAnnotation<CordaService>()
 
         val service = try {
-           if (isNotaryService(serviceClass)) {
-               myNotaryIdentity ?: throw IllegalStateException("Trying to install a notary service but no notary identity specified")
-               try {
-                   val constructor = serviceClass.getDeclaredConstructor(ServiceHubInternal::class.java, PublicKey::class.java).apply { isAccessible = true }
-                   constructor.newInstance(services, myNotaryIdentity.owningKey )
-               } catch (ex: NoSuchMethodException) {
-                   val constructor = serviceClass.getDeclaredConstructor(AppServiceHub::class.java, PublicKey::class.java).apply { isAccessible = true }
-                   val serviceContext = AppServiceHubImpl<T>(services, flowStarter)
-                   val service = constructor.newInstance(serviceContext, myNotaryIdentity.owningKey)
-                   serviceContext.serviceInstance = service
-                   service
-               }
-           } else {
-               try {
-                   val serviceContext = AppServiceHubImpl<T>(services, flowStarter)
-                   val extendedServiceConstructor = serviceClass.getDeclaredConstructor(AppServiceHub::class.java).apply { isAccessible = true }
-                   val service = extendedServiceConstructor.newInstance(serviceContext)
-                   serviceContext.serviceInstance = service
-                   service
-               } catch (ex: NoSuchMethodException) {
-                   val constructor = serviceClass.getDeclaredConstructor(ServiceHub::class.java).apply { isAccessible = true }
-                   log.warn("${serviceClass.name} is using legacy CordaService constructor with ServiceHub parameter. " +
-                           "Upgrade to an AppServiceHub parameter to enable updated API features.")
-                   constructor.newInstance(services)
-               }
-           }
+            val serviceContext = AppServiceHubImpl<T>(services, flowStarter)
+            val extendedServiceConstructor = serviceClass.getDeclaredConstructor(AppServiceHub::class.java).apply { isAccessible = true }
+            val service = extendedServiceConstructor.newInstance(serviceContext)
+            serviceContext.serviceInstance = service
+            service
+        } catch (ex: NoSuchMethodException) {
+            val constructor = serviceClass.getDeclaredConstructor(ServiceHub::class.java).apply { isAccessible = true }
+            log.warn("${serviceClass.name} is using legacy CordaService constructor with ServiceHub parameter. " +
+                    "Upgrade to an AppServiceHub parameter to enable updated API features.")
+            constructor.newInstance(services)
         } catch (e: InvocationTargetException) {
             throw ServiceInstantiationException(e.cause)
         }
 
         cordappServices.putInstance(serviceClass, service)
 
-        if (service is NotaryService) handleCustomNotaryService(service)
         service.tokenize()
         log.info("Installed ${serviceClass.name} Corda service")
     }
 
-    private fun handleCustomNotaryService(service: NotaryService) {
-        runOnStop += service::stop
-        installCoreFlow(NotaryFlow.Client::class, service::createServiceFlow)
-        service.start()
-    }
-
     private fun registerCordappFlows() {
         cordappLoader.cordapps.flatMap { it.initiatedFlows }
                 .forEach {
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index 28e73e4600..5da2e9724f 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -122,13 +122,12 @@ fun NodeConfiguration.shouldInitCrashShell() = shouldStartLocalShell() || should
 data class NotaryConfig(val validating: Boolean,
                         val raft: RaftConfig? = null,
                         val bftSMaRt: BFTSMaRtConfiguration? = null,
-                        val custom: Boolean = false,
                         val serviceLegalName: CordaX500Name? = null,
                         val className: String = "net.corda.node.services.transactions.SimpleNotaryService"
 ) {
     init {
-        require(raft == null || bftSMaRt == null || !custom) {
-            "raft, bftSMaRt, and custom configs cannot be specified together"
+        require(raft == null || bftSMaRt == null) {
+            "raft and bftSMaRt configs cannot be specified together"
         }
     }
 
diff --git a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
index 71eef309ad..3dd2d51152 100644
--- a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
@@ -88,7 +88,6 @@ class TimedFlowTests {
 
             val networkParameters = NetworkParametersCopier(testNetworkParameters(listOf(NotaryInfo(notaryIdentity, true))))
             val notaryConfig = mock<NotaryConfig> {
-                whenever(it.custom).thenReturn(true)
                 whenever(it.isClusterConfig).thenReturn(true)
                 whenever(it.validating).thenReturn(true)
                 whenever(it.className).thenReturn(TestNotaryService::class.java.name)
diff --git a/samples/notary-demo/build.gradle b/samples/notary-demo/build.gradle
index 7f52642b53..acf513708c 100644
--- a/samples/notary-demo/build.gradle
+++ b/samples/notary-demo/build.gradle
@@ -76,7 +76,10 @@ task deployNodesCustom(type: Cordform, dependsOn: 'jar') {
             address "localhost:10010"
             adminAddress "localhost:10110"
         }
-        notary = [validating: true, "custom": true]
+        notary = [
+                validating: true,
+                className: "net.corda.notarydemo.MyCustomValidatingNotaryService"
+        ]
     }
 }
 
diff --git a/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/MyCustomNotaryService.kt b/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/MyCustomNotaryService.kt
index ad684fc489..51bc918242 100644
--- a/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/MyCustomNotaryService.kt
+++ b/samples/notary-demo/src/main/kotlin/net/corda/notarydemo/MyCustomNotaryService.kt
@@ -8,8 +8,6 @@ import net.corda.core.internal.ResolveTransactionsFlow
 import net.corda.core.internal.notary.NotaryInternalException
 import net.corda.core.internal.notary.NotaryServiceFlow
 import net.corda.core.internal.notary.TrustedAuthorityNotaryService
-import net.corda.core.node.AppServiceHub
-import net.corda.core.node.services.CordaService
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.transactions.TransactionWithSignatures
 import net.corda.core.transactions.WireTransaction
@@ -19,13 +17,12 @@ import java.security.PublicKey
 import java.security.SignatureException
 
 /**
- * A custom notary service should provide a constructor that accepts two parameters of types [AppServiceHub] and [PublicKey].
+ * A custom notary service should provide a constructor that accepts two parameters of types [ServiceHubInternal] and [PublicKey].
  *
  * Note that the support for custom notaries is still experimental – at present only a single-node notary service can be customised.
  * The notary-related APIs might change in the future.
  */
 // START 1
-@CordaService
 class MyCustomValidatingNotaryService(override val services: ServiceHubInternal, override val notaryIdentityKey: PublicKey) : TrustedAuthorityNotaryService() {
     override val uniquenessProvider = PersistentUniquenessProvider(services.clock, services.database, services.cacheFactory)
 

From 0e68f26c0f60207399d9978fe8eaef56bf451689 Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <viktor.kolomeyko@r3.com>
Date: Wed, 10 Oct 2018 17:52:00 +0100
Subject: [PATCH 34/83] ENT-2569: Clean-up content of `registeredShutdowns`.
 (#4048)

Please see comment for more info.
---
 .../net/corda/testing/node/internal/ShutdownManager.kt     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/ShutdownManager.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/ShutdownManager.kt
index f69c4e8de1..f7cd8f7823 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/ShutdownManager.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/ShutdownManager.kt
@@ -48,7 +48,12 @@ class ShutdownManager(private val executorService: ExecutorService) {
                 emptyList<CordaFuture<() -> Unit>>()
             } else {
                 isShutdown = true
-                registeredShutdowns
+                val result = ArrayList(registeredShutdowns)
+                // It is important to clear `registeredShutdowns` that has been actioned upon as more than 1 driver can be created per test.
+                // Given that `ShutdownManager` is reachable from `ApplicationShutdownHooks`, everything that was scheduled for shutdown
+                // during 1st driver launch will not be eligible for GC during second driver launch therefore retained in memory.
+                registeredShutdowns.clear()
+                result
             }
         }
 

From 825c544cacb3f7e53646b2eb59be6efd4a436559 Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Thu, 11 Oct 2018 13:48:32 +0100
Subject: [PATCH 35/83] ENT-1906: Modify the DJVM to wrap Java primitive types.
 (#4035)

* WIP - sandbox classloading
* Fix handling of Appendable in the sandbox.
* WIP - Load wrapped Java types into SandboxClassLoader.
* Add explicit toDJVM() invocation after invoking Object.toString().
* Add simple ThreadLocal to the sandbox to complete AbstractStringBuilder.
* Add support for Enum types inside the sandbox.
* Simplify type conversions into and out of the sandbox.
* Small refactors and comments to tidy up code.
* Fix Enum support to include EnumSet and EnumMap.
* Fix use of "$" in whitelist regexps.
* Add extra methods (i.e. bridges) to stitched interfaces.
* Rename ToDJVMStringWrapper to StringReturnTypeWrapper.
* Support lambdas within the sandbox.
* Fix mapping of java.lang.System into the sandbox.
* Don't remap exception classes that we catch into sandbox classes.
* Remove unnecessary "bootstrap" classes from the DJVM jar.
* Ensure that Character.UnicodeScript is available inside the sandbox.
* Tweak sandboxed implementations of System and Runtime.
* Ensure that Character.UnicodeScript is loaded correctly as Enum type.
* Disallow invoking methods of ClassLoader inside the sandbox.
* Apply updates after review.
* More review fixes.
---
 djvm/build.gradle                             |  14 +
 .../java/sandbox/java/lang/Appendable.java    |  19 +
 .../main/java/sandbox/java/lang/Boolean.java  | 100 ++++
 .../src/main/java/sandbox/java/lang/Byte.java | 129 +++++
 .../java/sandbox/java/lang/CharSequence.java  |  21 +
 .../java/sandbox/java/lang/Character.java     | 481 ++++++++++++++++++
 .../java/sandbox/java/lang/Comparable.java    |   8 +
 .../main/java/sandbox/java/lang/Double.java   | 163 ++++++
 .../src/main/java/sandbox/java/lang/Enum.java |  27 +
 .../main/java/sandbox/java/lang/Float.java    | 163 ++++++
 .../main/java/sandbox/java/lang/Integer.java  | 241 +++++++++
 .../main/java/sandbox/java/lang/Iterable.java |  15 +
 .../src/main/java/sandbox/java/lang/Long.java | 239 +++++++++
 .../main/java/sandbox/java/lang/Number.java   |  21 +
 .../main/java/sandbox/java/lang/Object.java   |  71 +++
 .../main/java/sandbox/java/lang/Runtime.java  |  27 +
 .../main/java/sandbox/java/lang/Short.java    | 128 +++++
 .../main/java/sandbox/java/lang/String.java   | 398 +++++++++++++++
 .../java/sandbox/java/lang/StringBuffer.java  |  20 +
 .../java/sandbox/java/lang/StringBuilder.java |  20 +
 .../main/java/sandbox/java/lang/System.java   |  28 +
 .../java/sandbox/java/lang/ThreadLocal.java   |  59 +++
 .../sandbox/java/nio/charset/Charset.java     |  18 +
 .../java/sandbox/java/util/Comparator.java    |   9 +
 .../java/sandbox/java/util/LinkedHashMap.java |  13 +
 .../main/java/sandbox/java/util/Locale.java   |   9 +
 djvm/src/main/java/sandbox/java/util/Map.java |   7 +
 .../sandbox/java/util/function/Function.java  |  10 +
 .../sandbox/java/util/function/Supplier.java  |  10 +
 .../java/sandbox/sun/misc/JavaLangAccess.java |  10 +
 .../java/sandbox/sun/misc/SharedSecrets.java  |  20 +
 .../djvm/analysis/AnalysisConfiguration.kt    | 127 ++++-
 .../djvm/analysis/ClassAndMemberVisitor.kt    |  23 +-
 .../net/corda/djvm/analysis/ClassResolver.kt  |  11 +-
 .../net/corda/djvm/analysis/Whitelist.kt      |  39 +-
 .../net/corda/djvm/code/ClassMutator.kt       |  50 +-
 .../net/corda/djvm/code/EmitterModule.kt      |  94 +++-
 .../main/kotlin/net/corda/djvm/code/Types.kt  |   4 +-
 .../code/instructions/ConstantInstruction.kt  |   6 +
 .../djvm/code/instructions/MethodEntry.kt     |   9 +
 .../corda/djvm/execution/SandboxExecutor.kt   |  32 +-
 .../net/corda/djvm/rewiring/ClassRewriter.kt  |  54 +-
 .../corda/djvm/rewiring/SandboxClassLoader.kt | 115 +++--
 .../djvm/rewiring/SandboxClassRemapper.kt     |  52 ++
 .../corda/djvm/rewiring/SandboxClassWriter.kt |   6 +-
 .../corda/djvm/rewiring/SandboxRemapper.kt    |  32 +-
 .../rules/implementation/ArgumentUnwrapper.kt |  35 ++
 .../DisallowNonDeterministicMethods.kt        |  14 +-
 .../rules/implementation/ReturnTypeWrapper.kt |  27 +
 .../implementation/RewriteClassMethods.kt     |  56 ++
 .../implementation/StaticConstantRemover.kt   |  30 ++
 .../implementation/StringConstantWrapper.kt   |  22 +
 .../implementation/StubOutNativeMethods.kt    |   2 +-
 .../StubOutReflectionMethods.kt               |   2 +-
 .../net/corda/djvm/source/ClassSource.kt      |   3 +
 .../net/corda/djvm/utilities/Discovery.kt     |   2 +-
 .../corda/djvm/validation/RuleValidator.kt    |   1 +
 djvm/src/main/kotlin/sandbox/Task.kt          |  24 +
 .../src/main/kotlin/sandbox/java/lang/DJVM.kt | 158 ++++++
 .../main/kotlin/sandbox/java/lang/Object.kt   |  19 -
 .../main/kotlin/sandbox/java/lang/System.kt   |  99 ----
 .../kotlin/foo/bar/sandbox/KotlinClass.kt     |  11 +-
 .../test/kotlin/net/corda/djvm/DJVMTest.kt    | 126 +++++
 .../test/kotlin/net/corda/djvm/TestBase.kt    |  33 +-
 .../test/kotlin/net/corda/djvm/Utilities.kt   |  22 +
 .../corda/djvm/analysis/ClassResolverTest.kt  |  10 +-
 .../net/corda/djvm/analysis/WhitelistTest.kt  |   4 +-
 .../assertions/AssertiveClassWithByteCode.kt  |   5 +
 .../net/corda/djvm/costing/RuntimeCostTest.kt |   9 +-
 .../corda/djvm/execution/SandboxEnumTest.kt   |  86 ++++
 .../djvm/execution/SandboxExecutorTest.kt     | 320 ++++++++++--
 .../corda/djvm/rewiring/ClassRewriterTest.kt  |  48 +-
 .../djvm/source/SourceClassLoaderTest.kt      |   2 +-
 73 files changed, 3986 insertions(+), 336 deletions(-)
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Appendable.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Boolean.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Byte.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/CharSequence.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Character.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Comparable.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Double.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Enum.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Float.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Integer.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Iterable.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Long.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Number.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Object.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Runtime.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Short.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/String.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/StringBuffer.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/StringBuilder.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/System.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/ThreadLocal.java
 create mode 100644 djvm/src/main/java/sandbox/java/nio/charset/Charset.java
 create mode 100644 djvm/src/main/java/sandbox/java/util/Comparator.java
 create mode 100644 djvm/src/main/java/sandbox/java/util/LinkedHashMap.java
 create mode 100644 djvm/src/main/java/sandbox/java/util/Locale.java
 create mode 100644 djvm/src/main/java/sandbox/java/util/Map.java
 create mode 100644 djvm/src/main/java/sandbox/java/util/function/Function.java
 create mode 100644 djvm/src/main/java/sandbox/java/util/function/Supplier.java
 create mode 100644 djvm/src/main/java/sandbox/sun/misc/JavaLangAccess.java
 create mode 100644 djvm/src/main/java/sandbox/sun/misc/SharedSecrets.java
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/code/instructions/ConstantInstruction.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/code/instructions/MethodEntry.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ArgumentUnwrapper.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ReturnTypeWrapper.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/RewriteClassMethods.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StaticConstantRemover.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StringConstantWrapper.kt
 create mode 100644 djvm/src/main/kotlin/sandbox/Task.kt
 create mode 100644 djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt
 delete mode 100644 djvm/src/main/kotlin/sandbox/java/lang/Object.kt
 delete mode 100644 djvm/src/main/kotlin/sandbox/java/lang/System.kt
 create mode 100644 djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
 create mode 100644 djvm/src/test/kotlin/net/corda/djvm/Utilities.kt
 create mode 100644 djvm/src/test/kotlin/net/corda/djvm/execution/SandboxEnumTest.kt

diff --git a/djvm/build.gradle b/djvm/build.gradle
index db88e8c4c5..eb41df17cc 100644
--- a/djvm/build.gradle
+++ b/djvm/build.gradle
@@ -52,6 +52,20 @@ shadowJar {
     baseName 'corda-djvm'
     classifier ''
     relocate 'org.objectweb.asm', 'djvm.org.objectweb.asm'
+    
+    // These particular classes are only needed to "bootstrap"
+    // the compilation of the other sandbox classes. At runtime,
+    // we will generate better versions from deterministic-rt.jar.
+    exclude 'sandbox/java/lang/Appendable.class'
+    exclude 'sandbox/java/lang/CharSequence.class'
+    exclude 'sandbox/java/lang/Character\$*.class'
+    exclude 'sandbox/java/lang/Comparable.class'
+    exclude 'sandbox/java/lang/Enum.class'
+    exclude 'sandbox/java/lang/Iterable.class'
+    exclude 'sandbox/java/lang/StringBuffer.class'
+    exclude 'sandbox/java/lang/StringBuilder.class'
+    exclude 'sandbox/java/nio/**'
+    exclude 'sandbox/java/util/**'
 }
 assemble.dependsOn shadowJar
 
diff --git a/djvm/src/main/java/sandbox/java/lang/Appendable.java b/djvm/src/main/java/sandbox/java/lang/Appendable.java
new file mode 100644
index 0000000000..168607c511
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Appendable.java
@@ -0,0 +1,19 @@
+package sandbox.java.lang;
+
+import java.io.IOException;
+
+/**
+ * This is a dummy class that implements just enough of [java.lang.Appendable]
+ * to keep [sandbox.java.lang.StringBuilder], [sandbox.java.lang.StringBuffer]
+ * and [sandbox.java.lang.String] honest.
+ * Note that it does not extend [java.lang.Appendable].
+ */
+public interface Appendable {
+
+    Appendable append(CharSequence csq, int start, int end) throws IOException;
+
+    Appendable append(CharSequence csq) throws IOException;
+
+    Appendable append(char c) throws IOException;
+
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Boolean.java b/djvm/src/main/java/sandbox/java/lang/Boolean.java
new file mode 100644
index 0000000000..6d347fdd3e
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Boolean.java
@@ -0,0 +1,100 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+import java.io.Serializable;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Boolean extends Object implements Comparable<Boolean>, Serializable {
+
+    public static final Boolean TRUE = new Boolean(true);
+    public static final Boolean FALSE = new Boolean(false);
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Boolean> TYPE = (Class) java.lang.Boolean.TYPE;
+
+    private final boolean value;
+
+    public Boolean(boolean value) {
+        this.value = value;
+    }
+
+    public Boolean(String s) {
+        this(parseBoolean(s));
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Boolean) && ((Boolean) other).value == value;
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(value);
+    }
+
+    public static int hashCode(boolean value) {
+        return java.lang.Boolean.hashCode(value);
+    }
+
+    public boolean booleanValue() {
+        return value;
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Boolean.toString(value);
+    }
+
+    @Override
+    @NotNull
+    public String toDJVMString() {
+        return toString(value);
+    }
+
+    public static String toString(boolean b) {
+        return String.valueOf(b);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Boolean fromDJVM() {
+        return value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Boolean other) {
+        return compare(value, other.value);
+    }
+
+    public static int compare(boolean x, boolean y) {
+        return java.lang.Boolean.compare(x, y);
+    }
+
+    public static boolean parseBoolean(String s) {
+        return java.lang.Boolean.parseBoolean(String.fromDJVM(s));
+    }
+
+    public static Boolean valueOf(boolean b) {
+        return b ? TRUE : FALSE;
+    }
+
+    public static Boolean valueOf(String s) {
+        return valueOf(parseBoolean(s));
+    }
+
+    public static boolean logicalAnd(boolean a, boolean b) {
+        return java.lang.Boolean.logicalAnd(a, b);
+    }
+
+    public static boolean logicalOr(boolean a, boolean b) {
+        return java.lang.Boolean.logicalOr(a, b);
+    }
+
+    public static boolean logicalXor(boolean a, boolean b) {
+        return java.lang.Boolean.logicalXor(a, b);
+    }
+
+    public static Boolean toDJVM(java.lang.Boolean b) { return (b == null) ? null : new Boolean(b); }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Byte.java b/djvm/src/main/java/sandbox/java/lang/Byte.java
new file mode 100644
index 0000000000..95b329f25d
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Byte.java
@@ -0,0 +1,129 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Byte extends Number implements Comparable<Byte> {
+    public static final byte MIN_VALUE = java.lang.Byte.MIN_VALUE;
+    public static final byte MAX_VALUE = java.lang.Byte.MAX_VALUE;
+    public static final int BYTES = java.lang.Byte.BYTES;
+    public static final int SIZE = java.lang.Byte.SIZE;
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Byte> TYPE = (Class) java.lang.Byte.TYPE;
+
+    private final byte value;
+
+    public Byte(byte value) {
+        this.value = value;
+    }
+
+    public Byte(String s) throws NumberFormatException {
+        this.value = parseByte(s);
+    }
+
+    @Override
+    public byte byteValue() {
+        return value;
+    }
+
+    @Override
+    public short shortValue() {
+        return (short) value;
+    }
+
+    @Override
+    public int intValue() {
+        return (int) value;
+    }
+
+    @Override
+    public long longValue() {
+        return (long) value;
+    }
+
+    @Override
+    public float floatValue() {
+        return (float) value;
+    }
+
+    @Override
+    public double doubleValue() {
+        return (double) value;
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(value);
+    }
+
+    public static int hashCode(byte b) {
+        return java.lang.Byte.hashCode(b);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Byte) && ((Byte) other).value == value;
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Byte.toString(value);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Byte fromDJVM() {
+        return value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Byte other) {
+        return compare(this.value, other.value);
+    }
+
+    public static int compare(byte x, byte y) {
+        return java.lang.Byte.compare(x, y);
+    }
+
+    public static String toString(byte b) {
+        return Integer.toString(b);
+    }
+
+    public static Byte valueOf(byte b) {
+        return new Byte(b);
+    }
+
+    public static byte parseByte(String s, int radix) throws NumberFormatException {
+        return java.lang.Byte.parseByte(String.fromDJVM(s), radix);
+    }
+
+    public static byte parseByte(String s) throws NumberFormatException {
+        return java.lang.Byte.parseByte(String.fromDJVM(s));
+    }
+
+    public static Byte valueOf(String s, int radix) throws NumberFormatException {
+        return toDJVM(java.lang.Byte.valueOf(String.fromDJVM(s), radix));
+    }
+
+    public static Byte valueOf(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Byte.valueOf(String.fromDJVM(s)));
+    }
+
+    public static Byte decode(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Byte.decode(String.fromDJVM(s)));
+    }
+
+    public static int toUnsignedInt(byte b) {
+        return java.lang.Byte.toUnsignedInt(b);
+    }
+
+    public static long toUnsignedLong(byte b) {
+        return java.lang.Byte.toUnsignedLong(b);
+    }
+
+    public static Byte toDJVM(java.lang.Byte b) {
+        return (b == null) ? null : valueOf(b);
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/CharSequence.java b/djvm/src/main/java/sandbox/java/lang/CharSequence.java
new file mode 100644
index 0000000000..1847103093
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/CharSequence.java
@@ -0,0 +1,21 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+/**
+ * This is a dummy class that implements just enough of [java.lang.CharSequence]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+public interface CharSequence extends java.lang.CharSequence {
+
+    @Override
+    CharSequence subSequence(int start, int end);
+
+    @NotNull
+    String toDJVMString();
+
+    @Override
+    @NotNull
+    java.lang.String toString();
+
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Character.java b/djvm/src/main/java/sandbox/java/lang/Character.java
new file mode 100644
index 0000000000..2db6054272
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Character.java
@@ -0,0 +1,481 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+import java.io.Serializable;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Character extends Object implements Comparable<Character>, Serializable {
+    public static final int MIN_RADIX = java.lang.Character.MIN_RADIX;
+    public static final int MAX_RADIX = java.lang.Character.MAX_RADIX;
+    public static final char MIN_VALUE = java.lang.Character.MIN_VALUE;
+    public static final char MAX_VALUE = java.lang.Character.MAX_VALUE;
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Character> TYPE = (Class) java.lang.Character.TYPE;
+
+    public static final byte UNASSIGNED = java.lang.Character.UNASSIGNED;
+    public static final byte UPPERCASE_LETTER = java.lang.Character.UPPERCASE_LETTER;
+    public static final byte LOWERCASE_LETTER = java.lang.Character.LOWERCASE_LETTER;
+    public static final byte TITLECASE_LETTER = java.lang.Character.TITLECASE_LETTER;
+    public static final byte MODIFIER_LETTER = java.lang.Character.MODIFIER_LETTER;
+    public static final byte OTHER_LETTER = java.lang.Character.OTHER_LETTER;
+    public static final byte NON_SPACING_MARK = java.lang.Character.NON_SPACING_MARK;
+    public static final byte ENCLOSING_MARK = java.lang.Character.ENCLOSING_MARK;
+    public static final byte COMBINING_SPACING_MARK = java.lang.Character.COMBINING_SPACING_MARK;
+    public static final byte DECIMAL_DIGIT_NUMBER = java.lang.Character.DECIMAL_DIGIT_NUMBER;
+    public static final byte LETTER_NUMBER = java.lang.Character.LETTER_NUMBER;
+    public static final byte OTHER_NUMBER = java.lang.Character.OTHER_NUMBER;
+    public static final byte SPACE_SEPARATOR = java.lang.Character.SPACE_SEPARATOR;
+    public static final byte LINE_SEPARATOR = java.lang.Character.LINE_SEPARATOR;
+    public static final byte PARAGRAPH_SEPARATOR = java.lang.Character.PARAGRAPH_SEPARATOR;
+    public static final byte CONTROL = java.lang.Character.CONTROL;
+    public static final byte FORMAT = java.lang.Character.FORMAT;
+    public static final byte PRIVATE_USE = java.lang.Character.PRIVATE_USE;
+    public static final byte SURROGATE = java.lang.Character.SURROGATE;
+    public static final byte DASH_PUNCTUATION = java.lang.Character.DASH_PUNCTUATION;
+    public static final byte START_PUNCTUATION = java.lang.Character.START_PUNCTUATION;
+    public static final byte END_PUNCTUATION = java.lang.Character.END_PUNCTUATION;
+    public static final byte CONNECTOR_PUNCTUATION = java.lang.Character.CONNECTOR_PUNCTUATION;
+    public static final byte OTHER_PUNCTUATION = java.lang.Character.OTHER_PUNCTUATION;
+    public static final byte MATH_SYMBOL = java.lang.Character.MATH_SYMBOL;
+    public static final byte CURRENCY_SYMBOL = java.lang.Character.CURRENCY_SYMBOL;
+    public static final byte MODIFIER_SYMBOL = java.lang.Character.MODIFIER_SYMBOL;
+    public static final byte OTHER_SYMBOL = java.lang.Character.OTHER_SYMBOL;
+    public static final byte INITIAL_QUOTE_PUNCTUATION = java.lang.Character.INITIAL_QUOTE_PUNCTUATION;
+    public static final byte FINAL_QUOTE_PUNCTUATION = java.lang.Character.FINAL_QUOTE_PUNCTUATION;
+    public static final byte DIRECTIONALITY_UNDEFINED = java.lang.Character.DIRECTIONALITY_UNDEFINED;
+    public static final byte DIRECTIONALITY_LEFT_TO_RIGHT = java.lang.Character.DIRECTIONALITY_LEFT_TO_RIGHT;
+    public static final byte DIRECTIONALITY_RIGHT_TO_LEFT = java.lang.Character.DIRECTIONALITY_RIGHT_TO_LEFT;
+    public static final byte DIRECTIONALITY_RIGHT_TO_LEFT_ARABIC = java.lang.Character.DIRECTIONALITY_RIGHT_TO_LEFT_ARABIC;
+    public static final byte DIRECTIONALITY_EUROPEAN_NUMBER = java.lang.Character.DIRECTIONALITY_EUROPEAN_NUMBER;
+    public static final byte DIRECTIONALITY_EUROPEAN_NUMBER_SEPARATOR = java.lang.Character.DIRECTIONALITY_EUROPEAN_NUMBER_SEPARATOR;
+    public static final byte DIRECTIONALITY_EUROPEAN_NUMBER_TERMINATOR = java.lang.Character.DIRECTIONALITY_EUROPEAN_NUMBER_TERMINATOR;
+    public static final byte DIRECTIONALITY_ARABIC_NUMBER = java.lang.Character.DIRECTIONALITY_ARABIC_NUMBER;
+    public static final byte DIRECTIONALITY_COMMON_NUMBER_SEPARATOR = java.lang.Character.DIRECTIONALITY_COMMON_NUMBER_SEPARATOR;
+    public static final byte DIRECTIONALITY_NONSPACING_MARK = java.lang.Character.DIRECTIONALITY_NONSPACING_MARK;
+    public static final byte DIRECTIONALITY_BOUNDARY_NEUTRAL = java.lang.Character.DIRECTIONALITY_BOUNDARY_NEUTRAL;
+    public static final byte DIRECTIONALITY_PARAGRAPH_SEPARATOR = java.lang.Character.DIRECTIONALITY_PARAGRAPH_SEPARATOR;
+    public static final byte DIRECTIONALITY_SEGMENT_SEPARATOR = java.lang.Character.DIRECTIONALITY_SEGMENT_SEPARATOR;
+    public static final byte DIRECTIONALITY_WHITESPACE = java.lang.Character.DIRECTIONALITY_WHITESPACE;
+    public static final byte DIRECTIONALITY_OTHER_NEUTRALS = java.lang.Character.DIRECTIONALITY_OTHER_NEUTRALS;
+    public static final byte DIRECTIONALITY_LEFT_TO_RIGHT_EMBEDDING = java.lang.Character.DIRECTIONALITY_LEFT_TO_RIGHT_EMBEDDING;
+    public static final byte DIRECTIONALITY_LEFT_TO_RIGHT_OVERRIDE = java.lang.Character.DIRECTIONALITY_LEFT_TO_RIGHT_OVERRIDE;
+    public static final byte DIRECTIONALITY_RIGHT_TO_LEFT_EMBEDDING = java.lang.Character.DIRECTIONALITY_RIGHT_TO_LEFT_EMBEDDING;
+    public static final byte DIRECTIONALITY_RIGHT_TO_LEFT_OVERRIDE = java.lang.Character.DIRECTIONALITY_RIGHT_TO_LEFT_OVERRIDE;
+    public static final byte DIRECTIONALITY_POP_DIRECTIONAL_FORMAT = java.lang.Character.DIRECTIONALITY_POP_DIRECTIONAL_FORMAT;
+    public static final char MIN_HIGH_SURROGATE = java.lang.Character.MIN_HIGH_SURROGATE;
+    public static final char MAX_HIGH_SURROGATE = java.lang.Character.MAX_HIGH_SURROGATE;
+    public static final char MIN_LOW_SURROGATE = java.lang.Character.MIN_LOW_SURROGATE;
+    public static final char MAX_LOW_SURROGATE = java.lang.Character.MAX_LOW_SURROGATE;
+    public static final char MIN_SURROGATE = java.lang.Character.MIN_SURROGATE;
+    public static final char MAX_SURROGATE = java.lang.Character.MAX_SURROGATE;
+    public static final int MIN_SUPPLEMENTARY_CODE_POINT = java.lang.Character.MIN_SUPPLEMENTARY_CODE_POINT;
+    public static final int MIN_CODE_POINT = java.lang.Character.MIN_CODE_POINT;
+    public static final int MAX_CODE_POINT = java.lang.Character.MAX_CODE_POINT;
+    public static final int BYTES = java.lang.Character.BYTES;
+    public static final int SIZE = java.lang.Character.SIZE;
+
+    private final char value;
+
+    public Character(char c) {
+        this.value = c;
+    }
+
+    public char charValue() {
+        return this.value;
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(this.value);
+    }
+
+    public static int hashCode(char value) {
+        return java.lang.Character.hashCode(value);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Character) && ((Character) other).value == value;
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Character.toString(value);
+    }
+
+    @Override
+    @NotNull
+    public String toDJVMString() {
+        return toString(value);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Character fromDJVM() {
+        return value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Character var1) {
+        return compare(this.value, var1.value);
+    }
+
+    public static int compare(char x, char y) {
+        return java.lang.Character.compare(x, y);
+    }
+
+    public static String toString(char c) {
+        return String.toDJVM(java.lang.Character.toString(c));
+    }
+
+    public static Character valueOf(char c) {
+        return (c <= 127) ? Cache.cache[(int)c] : new Character(c);
+    }
+
+    public static boolean isValidCodePoint(int codePoint) {
+        return java.lang.Character.isValidCodePoint(codePoint);
+    }
+
+    public static boolean isBmpCodePoint(int codePoint) {
+        return java.lang.Character.isBmpCodePoint(codePoint);
+    }
+
+    public static boolean isSupplementaryCodePoint(int codePoint) {
+        return java.lang.Character.isSupplementaryCodePoint(codePoint);
+    }
+
+    public static boolean isHighSurrogate(char ch) {
+        return java.lang.Character.isHighSurrogate(ch);
+    }
+
+    public static boolean isLowSurrogate(char ch) {
+        return java.lang.Character.isLowSurrogate(ch);
+    }
+
+    public static boolean isSurrogate(char ch) {
+        return java.lang.Character.isSurrogate(ch);
+    }
+
+    public static boolean isSurrogatePair(char high, char low) {
+        return java.lang.Character.isSurrogatePair(high, low);
+    }
+
+    public static int charCount(int codePoint) {
+        return java.lang.Character.charCount(codePoint);
+    }
+
+    public static int toCodePoint(char high, char low) {
+        return java.lang.Character.toCodePoint(high, low);
+    }
+
+    public static int codePointAt(CharSequence seq, int index) {
+        return java.lang.Character.codePointAt(seq, index);
+    }
+
+    public static int codePointAt(char[] a, int index) {
+        return java.lang.Character.codePointAt(a, index);
+    }
+
+    public static int codePointAt(char[] a, int index, int limit) {
+        return java.lang.Character.codePointAt(a, index, limit);
+    }
+
+    public static int codePointBefore(CharSequence seq, int index) {
+        return java.lang.Character.codePointBefore(seq, index);
+    }
+
+    public static int codePointBefore(char[] a, int index) {
+        return java.lang.Character.codePointBefore(a, index);
+    }
+
+    public static int codePointBefore(char[] a, int index, int limit) {
+        return java.lang.Character.codePointBefore(a, index, limit);
+    }
+
+    public static char highSurrogate(int codePoint) {
+        return java.lang.Character.highSurrogate(codePoint);
+    }
+
+    public static char lowSurrogate(int codePoint) {
+        return java.lang.Character.lowSurrogate(codePoint);
+    }
+
+    public static int toChars(int codePoint, char[] dst, int dstIndex) {
+        return java.lang.Character.toChars(codePoint, dst, dstIndex);
+    }
+
+    public static char[] toChars(int codePoint) {
+        return java.lang.Character.toChars(codePoint);
+    }
+
+    public static int codePointCount(CharSequence seq, int beginIndex, int endIndex) {
+        return java.lang.Character.codePointCount(seq, beginIndex, endIndex);
+    }
+
+    public static int codePointCount(char[] a, int offset, int count) {
+        return java.lang.Character.codePointCount(a, offset, count);
+    }
+
+    public static int offsetByCodePoints(CharSequence seq, int index, int codePointOffset) {
+        return java.lang.Character.offsetByCodePoints(seq, index, codePointOffset);
+    }
+
+    public static int offsetByCodePoints(char[] a, int start, int count, int index, int codePointOffset) {
+        return java.lang.Character.offsetByCodePoints(a, start, count, index, codePointOffset);
+    }
+
+    public static boolean isLowerCase(char ch) {
+        return java.lang.Character.isLowerCase(ch);
+    }
+
+    public static boolean isLowerCase(int codePoint) {
+        return java.lang.Character.isLowerCase(codePoint);
+    }
+
+    public static boolean isUpperCase(char ch) {
+        return  java.lang.Character.isUpperCase(ch);
+    }
+
+    public static boolean isUpperCase(int codePoint) {
+        return java.lang.Character.isUpperCase(codePoint);
+    }
+
+    public static boolean isTitleCase(char ch) {
+        return java.lang.Character.isTitleCase(ch);
+    }
+
+    public static boolean isTitleCase(int codePoint) {
+        return java.lang.Character.isTitleCase(codePoint);
+    }
+
+    public static boolean isDigit(char ch) {
+        return java.lang.Character.isDigit(ch);
+    }
+
+    public static boolean isDigit(int codePoint) {
+        return java.lang.Character.isDigit(codePoint);
+    }
+
+    public static boolean isDefined(char ch) {
+        return java.lang.Character.isDefined(ch);
+    }
+
+    public static boolean isDefined(int codePoint) {
+        return java.lang.Character.isDefined(codePoint);
+    }
+
+    public static boolean isLetter(char ch) {
+        return java.lang.Character.isLetter(ch);
+    }
+
+    public static boolean isLetter(int codePoint) {
+        return java.lang.Character.isLetter(codePoint);
+    }
+
+    public static boolean isLetterOrDigit(char ch) {
+        return java.lang.Character.isLetterOrDigit(ch);
+    }
+
+    public static boolean isLetterOrDigit(int codePoint) {
+        return java.lang.Character.isLetterOrDigit(codePoint);
+    }
+
+    @Deprecated
+    public static boolean isJavaLetter(char ch) {
+        return java.lang.Character.isJavaLetter(ch);
+    }
+
+    @Deprecated
+    public static boolean isJavaLetterOrDigit(char ch) {
+        return java.lang.Character.isJavaLetterOrDigit(ch);
+    }
+
+    public static boolean isAlphabetic(int codePoint) {
+        return java.lang.Character.isAlphabetic(codePoint);
+    }
+
+    public static boolean isIdeographic(int codePoint) {
+        return java.lang.Character.isIdeographic(codePoint);
+    }
+
+    public static boolean isJavaIdentifierStart(char ch) {
+        return java.lang.Character.isJavaIdentifierStart(ch);
+    }
+
+    public static boolean isJavaIdentifierStart(int codePoint) {
+        return java.lang.Character.isJavaIdentifierStart(codePoint);
+    }
+
+    public static boolean isJavaIdentifierPart(char ch) {
+        return java.lang.Character.isJavaIdentifierPart(ch);
+    }
+
+    public static boolean isJavaIdentifierPart(int codePoint) {
+        return java.lang.Character.isJavaIdentifierPart(codePoint);
+    }
+
+    public static boolean isUnicodeIdentifierStart(char ch) {
+        return java.lang.Character.isUnicodeIdentifierStart(ch);
+    }
+
+    public static boolean isUnicodeIdentifierStart(int codePoint) {
+        return java.lang.Character.isUnicodeIdentifierStart(codePoint);
+    }
+
+    public static boolean isUnicodeIdentifierPart(char ch) {
+        return java.lang.Character.isUnicodeIdentifierPart(ch);
+    }
+
+    public static boolean isUnicodeIdentifierPart(int codePoint) {
+        return java.lang.Character.isUnicodeIdentifierPart(codePoint);
+    }
+
+    public static boolean isIdentifierIgnorable(char ch) {
+        return java.lang.Character.isIdentifierIgnorable(ch);
+    }
+
+    public static boolean isIdentifierIgnorable(int codePoint) {
+        return java.lang.Character.isIdentifierIgnorable(codePoint);
+    }
+
+    public static char toLowerCase(char ch) {
+        return java.lang.Character.toLowerCase(ch);
+    }
+
+    public static int toLowerCase(int codePoint) {
+        return java.lang.Character.toLowerCase(codePoint);
+    }
+
+    public static char toUpperCase(char ch) {
+        return java.lang.Character.toUpperCase(ch);
+    }
+
+    public static int toUpperCase(int codePoint) {
+        return java.lang.Character.toUpperCase(codePoint);
+    }
+
+    public static char toTitleCase(char ch) {
+        return java.lang.Character.toTitleCase(ch);
+    }
+
+    public static int toTitleCase(int codePoint) {
+        return java.lang.Character.toTitleCase(codePoint);
+    }
+
+    public static int digit(char ch, int radix) {
+        return java.lang.Character.digit(ch, radix);
+    }
+
+    public static int digit(int codePoint, int radix) {
+        return java.lang.Character.digit(codePoint, radix);
+    }
+
+    public static int getNumericValue(char ch) {
+        return java.lang.Character.getNumericValue(ch);
+    }
+
+    public static int getNumericValue(int codePoint) {
+        return java.lang.Character.getNumericValue(codePoint);
+    }
+
+    @Deprecated
+    public static boolean isSpace(char ch) {
+        return java.lang.Character.isSpace(ch);
+    }
+
+    public static boolean isSpaceChar(char ch) {
+        return java.lang.Character.isSpaceChar(ch);
+    }
+
+    public static boolean isSpaceChar(int codePoint) {
+        return java.lang.Character.isSpaceChar(codePoint);
+    }
+
+    public static boolean isWhitespace(char ch) {
+        return java.lang.Character.isWhitespace(ch);
+    }
+
+    public static boolean isWhitespace(int codePoint) {
+        return java.lang.Character.isWhitespace(codePoint);
+    }
+
+    public static boolean isISOControl(char ch) {
+        return java.lang.Character.isISOControl(ch);
+    }
+
+    public static boolean isISOControl(int codePoint) {
+        return java.lang.Character.isISOControl(codePoint);
+    }
+
+    public static int getType(char ch) {
+        return java.lang.Character.getType(ch);
+    }
+
+    public static int getType(int codePoint) {
+        return java.lang.Character.getType(codePoint);
+    }
+
+    public static char forDigit(int digit, int radix) {
+        return java.lang.Character.forDigit(digit, radix);
+    }
+
+    public static byte getDirectionality(char ch) {
+        return java.lang.Character.getDirectionality(ch);
+    }
+
+    public static byte getDirectionality(int codePoint) {
+        return java.lang.Character.getDirectionality(codePoint);
+    }
+
+    public static boolean isMirrored(char ch) {
+        return java.lang.Character.isMirrored(ch);
+    }
+
+    public static boolean isMirrored(int codePoint) {
+        return java.lang.Character.isMirrored(codePoint);
+    }
+
+    public static String getName(int codePoint) {
+        return String.toDJVM(java.lang.Character.getName(codePoint));
+    }
+
+    public static Character toDJVM(java.lang.Character c) {
+        return (c == null) ? null : valueOf(c);
+    }
+
+    // These three nested classes are placeholders to ensure that
+    // the Character class bytecode is generated correctly. The
+    // real classes will be loaded from the from the bootstrap jar
+    // and then mapped into the sandbox.* namespace.
+    public static final class UnicodeScript extends Enum<UnicodeScript> {
+        private UnicodeScript(String name, int index) {
+            super(name, index);
+        }
+
+        @Override
+        public int compareTo(@NotNull UnicodeScript other) {
+            throw new UnsupportedOperationException("Bootstrap implementation");
+        }
+    }
+    public static final class UnicodeBlock extends Subset {}
+    public static class Subset extends Object {}
+
+    /**
+     * Keep pre-allocated instances of the first 128 characters
+     * on the basis that these will be used most frequently.
+     */
+    private static class Cache {
+        private static final Character[] cache = new Character[128];
+
+        static {
+            for (int c = 0; c < cache.length; ++c) {
+                cache[c] = new Character((char) c);
+            }
+        }
+
+        private Cache() {}
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Comparable.java b/djvm/src/main/java/sandbox/java/lang/Comparable.java
new file mode 100644
index 0000000000..686539c1b4
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Comparable.java
@@ -0,0 +1,8 @@
+package sandbox.java.lang;
+
+/**
+ * This is a dummy class that implements just enough of [java.lang.Comparable]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+public interface Comparable<T> extends java.lang.Comparable<T> {
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Double.java b/djvm/src/main/java/sandbox/java/lang/Double.java
new file mode 100644
index 0000000000..d3488edde2
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Double.java
@@ -0,0 +1,163 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Double extends Number implements Comparable<Double> {
+    public static final double POSITIVE_INFINITY = java.lang.Double.POSITIVE_INFINITY;
+    public static final double NEGATIVE_INFINITY = java.lang.Double.NEGATIVE_INFINITY;
+    public static final double NaN = java.lang.Double.NaN;
+    public static final double MAX_VALUE = java.lang.Double.MAX_VALUE;
+    public static final double MIN_NORMAL = java.lang.Double.MIN_NORMAL;
+    public static final double MIN_VALUE = java.lang.Double.MIN_VALUE;
+    public static final int MAX_EXPONENT = java.lang.Double.MAX_EXPONENT;
+    public static final int MIN_EXPONENT = java.lang.Double.MIN_EXPONENT;
+    public static final int BYTES = java.lang.Double.BYTES;
+    public static final int SIZE = java.lang.Double.SIZE;
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Double> TYPE = (Class) java.lang.Double.TYPE;
+
+    private final double value;
+
+    public Double(double value) {
+        this.value = value;
+    }
+
+    public Double(String s) throws NumberFormatException {
+        this.value = parseDouble(s);
+    }
+
+    @Override
+    public double doubleValue() {
+        return value;
+    }
+
+    @Override
+    public float floatValue() {
+        return (float)value;
+    }
+
+    @Override
+    public long longValue() {
+        return (long)value;
+    }
+
+    @Override
+    public int intValue() {
+        return (int)value;
+    }
+
+    @Override
+    public short shortValue() {
+        return (short)value;
+    }
+
+    @Override
+    public byte byteValue() {
+        return (byte)value;
+    }
+
+    public boolean isNaN() {
+        return java.lang.Double.isNaN(value);
+    }
+
+    public boolean isInfinite() {
+        return isInfinite(this.value);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Double) && doubleToLongBits(((Double)other).value) == doubleToLongBits(value);
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(value);
+    }
+
+    public static int hashCode(double d) {
+        return java.lang.Double.hashCode(d);
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Double.toString(value);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Double fromDJVM() {
+        return value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Double other) {
+        return compare(this.value, other.value);
+    }
+
+    public static String toString(double d) {
+        return String.toDJVM(java.lang.Double.toString(d));
+    }
+
+    public static String toHexString(double d) {
+        return String.toDJVM(java.lang.Double.toHexString(d));
+    }
+
+    public static Double valueOf(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Double.valueOf(String.fromDJVM(s)));
+    }
+
+    public static Double valueOf(double d) {
+        return new Double(d);
+    }
+
+    public static double parseDouble(String s) throws NumberFormatException {
+        return java.lang.Double.parseDouble(String.fromDJVM(s));
+    }
+
+    public static boolean isNaN(double d) {
+        return java.lang.Double.isNaN(d);
+    }
+
+    public static boolean isInfinite(double d) {
+        return java.lang.Double.isInfinite(d);
+    }
+
+    public static boolean isFinite(double d) {
+        return java.lang.Double.isFinite(d);
+    }
+
+    public static long doubleToLongBits(double d) {
+        return java.lang.Double.doubleToLongBits(d);
+    }
+
+    public static long doubleToRawLongBits(double d) {
+        return java.lang.Double.doubleToRawLongBits(d);
+    }
+
+    public static double longBitsToDouble(long bits) {
+        return java.lang.Double.longBitsToDouble(bits);
+    }
+
+    public static int compare(double d1, double d2) {
+        return java.lang.Double.compare(d1, d2);
+    }
+
+    public static double sum(double a, double b) {
+        return java.lang.Double.sum(a, b);
+    }
+
+    public static double max(double a, double b) {
+        return java.lang.Double.max(a, b);
+    }
+
+    public static double min(double a, double b) {
+        return java.lang.Double.min(a, b);
+    }
+
+    public static Double toDJVM(java.lang.Double d) {
+        return (d == null) ? null : valueOf(d);
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Enum.java b/djvm/src/main/java/sandbox/java/lang/Enum.java
new file mode 100644
index 0000000000..ffcdd8c916
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Enum.java
@@ -0,0 +1,27 @@
+package sandbox.java.lang;
+
+import java.io.Serializable;
+
+/**
+ * This is a dummy class. We will load the actual Enum class at run-time.
+ */
+@SuppressWarnings("unused")
+public abstract class Enum<E extends Enum<E>> extends Object implements Comparable<E>, Serializable {
+
+    private final String name;
+    private final int ordinal;
+
+    protected Enum(String name, int ordinal) {
+        this.name = name;
+        this.ordinal = ordinal;
+    }
+
+    public String name() {
+        return name;
+    }
+
+    public int ordinal() {
+        return ordinal;
+    }
+
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Float.java b/djvm/src/main/java/sandbox/java/lang/Float.java
new file mode 100644
index 0000000000..bebc75f916
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Float.java
@@ -0,0 +1,163 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Float extends Number implements Comparable<Float> {
+    public static final float POSITIVE_INFINITY = java.lang.Float.POSITIVE_INFINITY;
+    public static final float NEGATIVE_INFINITY = java.lang.Float.NEGATIVE_INFINITY;
+    public static final float NaN = java.lang.Float.NaN;
+    public static final float MAX_VALUE = java.lang.Float.MAX_VALUE;
+    public static final float MIN_NORMAL = java.lang.Float.MIN_NORMAL;
+    public static final float MIN_VALUE = java.lang.Float.MIN_VALUE;
+    public static final int MAX_EXPONENT = java.lang.Float.MAX_EXPONENT;
+    public static final int MIN_EXPONENT = java.lang.Float.MIN_EXPONENT;
+    public static final int BYTES = java.lang.Float.BYTES;
+    public static final int SIZE = java.lang.Float.SIZE;
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Float> TYPE = (Class) java.lang.Float.TYPE;
+
+    private final float value;
+
+    public Float(float value) {
+        this.value = value;
+    }
+
+    public Float(String s) throws NumberFormatException {
+        this.value = parseFloat(s);
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(value);
+    }
+
+    public static int hashCode(float f) {
+        return java.lang.Float.hashCode(f);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return other instanceof Float && floatToIntBits(((Float)other).value) == floatToIntBits(this.value);
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Float.toString(value);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Float fromDJVM() {
+        return value;
+    }
+
+    @Override
+    public double doubleValue() {
+        return (double)value;
+    }
+
+    @Override
+    public float floatValue() {
+        return value;
+    }
+
+    @Override
+    public long longValue() {
+        return (long)value;
+    }
+
+    @Override
+    public int intValue() {
+        return (int)value;
+    }
+
+    @Override
+    public short shortValue() {
+        return (short)value;
+    }
+
+    @Override
+    public byte byteValue() {
+        return (byte)value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Float other) {
+        return compare(this.value, other.value);
+    }
+
+    public boolean isNaN() {
+        return isNaN(value);
+    }
+
+    public boolean isInfinite() {
+        return isInfinite(value);
+    }
+
+    public static String toString(float f) {
+        return String.valueOf(f);
+    }
+
+    public static String toHexString(float f) {
+        return String.toDJVM(java.lang.Float.toHexString(f));
+    }
+
+    public static Float valueOf(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Float.valueOf(String.fromDJVM(s)));
+    }
+
+    public static Float valueOf(float f) {
+        return new Float(f);
+    }
+
+    public static float parseFloat(String s) throws NumberFormatException {
+        return java.lang.Float.parseFloat(String.fromDJVM(s));
+    }
+
+    public static boolean isNaN(float f) {
+        return java.lang.Float.isNaN(f);
+    }
+
+    public static boolean isInfinite(float f) {
+        return java.lang.Float.isInfinite(f);
+    }
+
+    public static boolean isFinite(float f) {
+        return java.lang.Float.isFinite(f);
+    }
+
+    public static int floatToIntBits(float f) {
+        return java.lang.Float.floatToIntBits(f);
+    }
+
+    public static int floatToRawIntBits(float f) {
+        return java.lang.Float.floatToIntBits(f);
+    }
+
+    public static float intBitsToFloat(int bits) {
+        return java.lang.Float.intBitsToFloat(bits);
+    }
+
+    public static int compare(float f1, float f2) {
+        return java.lang.Float.compare(f1, f2);
+    }
+
+    public static float sum(float a, float b) {
+        return java.lang.Float.sum(a, b);
+    }
+
+    public static float max(float a, float b) {
+        return java.lang.Float.max(a, b);
+    }
+
+    public static float min(float a, float b) {
+        return java.lang.Float.min(a, b);
+    }
+
+    public static Float toDJVM(java.lang.Float f) {
+        return (f == null) ? null : valueOf(f);
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Integer.java b/djvm/src/main/java/sandbox/java/lang/Integer.java
new file mode 100644
index 0000000000..ae05ea0f91
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Integer.java
@@ -0,0 +1,241 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Integer extends Number implements Comparable<Integer> {
+
+    public static final int MIN_VALUE = java.lang.Integer.MIN_VALUE;
+    public static final int MAX_VALUE = java.lang.Integer.MAX_VALUE;
+    public static final int BYTES = java.lang.Integer.BYTES;
+    public static final int SIZE = java.lang.Integer.SIZE;
+
+    static final int[] SIZE_TABLE = new int[] { 9, 99, 999, 9999, 99999, 999999, 9999999, 99999999, 999999999, MAX_VALUE };
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Integer> TYPE = (Class) java.lang.Integer.TYPE;
+
+    private final int value;
+
+    public Integer(int value) {
+        this.value = value;
+    }
+
+    public Integer(String s) throws NumberFormatException {
+        this.value = parseInt(s, 10);
+    }
+
+    @Override
+    public int hashCode() {
+        return Integer.hashCode(value);
+    }
+
+    public static int hashCode(int i) {
+        return java.lang.Integer.hashCode(i);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Integer) && (value == ((Integer) other).value);
+    }
+
+    @Override
+    public int intValue() {
+        return value;
+    }
+
+    @Override
+    public long longValue() {
+        return value;
+    }
+
+    @Override
+    public short shortValue() {
+        return (short) value;
+    }
+
+    @Override
+    public byte byteValue() {
+        return (byte) value;
+    }
+
+    @Override
+    public float floatValue() {
+        return (float) value;
+    }
+
+    @Override
+    public double doubleValue() {
+        return (double) value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Integer other) {
+        return compare(this.value, other.value);
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Integer.toString(value);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Integer fromDJVM() {
+        return value;
+    }
+
+    public static String toString(int i, int radix) {
+        return String.toDJVM(java.lang.Integer.toString(i, radix));
+    }
+
+    public static String toUnsignedString(int i, int radix) {
+        return String.toDJVM(java.lang.Integer.toUnsignedString(i, radix));
+    }
+
+    public static String toHexString(int i) {
+        return String.toDJVM(java.lang.Integer.toHexString(i));
+    }
+
+    public static String toOctalString(int i) {
+        return String.toDJVM(java.lang.Integer.toOctalString(i));
+    }
+
+    public static String toBinaryString(int i) {
+        return String.toDJVM(java.lang.Integer.toBinaryString(i));
+    }
+
+    public static String toString(int i) {
+        return String.toDJVM(java.lang.Integer.toString(i));
+    }
+
+    public static String toUnsignedString(int i) {
+        return String.toDJVM(java.lang.Integer.toUnsignedString(i));
+    }
+
+    public static int parseInt(String s, int radix) throws NumberFormatException {
+        return java.lang.Integer.parseInt(String.fromDJVM(s), radix);
+    }
+
+    public static int parseInt(String s) throws NumberFormatException {
+        return java.lang.Integer.parseInt(String.fromDJVM(s));
+    }
+
+    public static int parseUnsignedInt(String s, int radix) throws NumberFormatException {
+        return java.lang.Integer.parseUnsignedInt(String.fromDJVM(s), radix);
+    }
+
+    public static int parseUnsignedInt(String s) throws NumberFormatException {
+        return java.lang.Integer.parseUnsignedInt(String.fromDJVM(s));
+    }
+
+    public static Integer valueOf(String s, int radix) throws NumberFormatException {
+        return toDJVM(java.lang.Integer.valueOf(String.fromDJVM(s), radix));
+    }
+
+    public static Integer valueOf(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Integer.valueOf(String.fromDJVM(s)));
+    }
+
+    public static Integer valueOf(int i) {
+        return new Integer(i);
+    }
+
+    public static Integer decode(String nm) throws NumberFormatException {
+        return new Integer(java.lang.Integer.decode(String.fromDJVM(nm)));
+    }
+
+    public static int compare(int x, int y) {
+        return java.lang.Integer.compare(x, y);
+    }
+
+    public static int compareUnsigned(int x, int y) {
+        return java.lang.Integer.compareUnsigned(x, y);
+    }
+
+    public static long toUnsignedLong(int x) {
+        return java.lang.Integer.toUnsignedLong(x);
+    }
+
+    public static int divideUnsigned(int dividend, int divisor) {
+        return java.lang.Integer.divideUnsigned(dividend, divisor);
+    }
+
+    public static int remainderUnsigned(int dividend, int divisor) {
+        return java.lang.Integer.remainderUnsigned(dividend, divisor);
+    }
+
+    public static int highestOneBit(int i) {
+        return java.lang.Integer.highestOneBit(i);
+    }
+
+    public static int lowestOneBit(int i) {
+        return java.lang.Integer.lowestOneBit(i);
+    }
+
+    public static int numberOfLeadingZeros(int i) {
+        return java.lang.Integer.numberOfLeadingZeros(i);
+    }
+
+    public static int numberOfTrailingZeros(int i) {
+        return java.lang.Integer.numberOfTrailingZeros(i);
+    }
+
+    public static int bitCount(int i) {
+        return java.lang.Integer.bitCount(i);
+    }
+
+    public static int rotateLeft(int i, int distance) {
+        return java.lang.Integer.rotateLeft(i, distance);
+    }
+
+    public static int rotateRight(int i, int distance) {
+        return java.lang.Integer.rotateRight(i, distance);
+    }
+
+    public static int reverse(int i) {
+        return java.lang.Integer.reverse(i);
+    }
+
+    public static int signum(int i) {
+        return java.lang.Integer.signum(i);
+    }
+
+    public static int reverseBytes(int i) {
+        return java.lang.Integer.reverseBytes(i);
+    }
+
+    public static int sum(int a, int b) {
+        return java.lang.Integer.sum(a, b);
+    }
+
+    public static int max(int a, int b) {
+        return java.lang.Integer.max(a, b);
+    }
+
+    public static int min(int a, int b) {
+        return java.lang.Integer.min(a, b);
+    }
+
+    public static Integer toDJVM(java.lang.Integer i) {
+        return (i == null) ? null : valueOf(i);
+    }
+
+    static int stringSize(final int number) {
+        int i = 0;
+        while (number > SIZE_TABLE[i]) {
+            ++i;
+        }
+        return i + 1;
+    }
+
+    static void getChars(final int number, int index, char[] buffer) {
+        java.lang.String s = java.lang.Integer.toString(number);
+        int length = s.length();
+
+        while (length > 0) {
+            buffer[--index] = s.charAt(--length);
+        }
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Iterable.java b/djvm/src/main/java/sandbox/java/lang/Iterable.java
new file mode 100644
index 0000000000..6032fd97db
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Iterable.java
@@ -0,0 +1,15 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+import java.util.Iterator;
+
+/**
+ * This is a dummy class that implements just enough of [java.lang.Iterable]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+public interface Iterable<T> extends java.lang.Iterable<T> {
+    @Override
+    @NotNull
+    Iterator<T> iterator();
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Long.java b/djvm/src/main/java/sandbox/java/lang/Long.java
new file mode 100644
index 0000000000..0f07158af1
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Long.java
@@ -0,0 +1,239 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Long extends Number implements Comparable<Long> {
+
+    public static final long MIN_VALUE = java.lang.Long.MIN_VALUE;
+    public static final long MAX_VALUE = java.lang.Long.MAX_VALUE;
+    public static final int BYTES = java.lang.Long.BYTES;
+    public static final int SIZE = java.lang.Long.SIZE;
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Long> TYPE = (Class) java.lang.Long.TYPE;
+
+    private final long value;
+
+    public Long(long value) {
+        this.value = value;
+    }
+
+    public Long(String s) throws NumberFormatException {
+        this.value = parseLong(s, 10);
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(value);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Long) && ((Long) other).longValue() == value;
+    }
+
+    public static int hashCode(long l) {
+        return java.lang.Long.hashCode(l);
+    }
+
+    @Override
+    public int intValue() {
+        return (int) value;
+    }
+
+    @Override
+    public long longValue() {
+        return value;
+    }
+
+    @Override
+    public short shortValue() {
+        return (short) value;
+    }
+
+    @Override
+    public byte byteValue() {
+        return (byte) value;
+    }
+
+    @Override
+    public float floatValue() {
+        return (float) value;
+    }
+
+    @Override
+    public double doubleValue() {
+        return (double) value;
+    }
+
+    @Override
+    public int compareTo(@NotNull Long other) {
+        return compare(value, other.value);
+    }
+
+    public static int compare(long x, long y) {
+        return java.lang.Long.compare(x, y);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Long fromDJVM() {
+        return value;
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Long.toString(value);
+    }
+
+    public static String toString(long l) {
+        return String.toDJVM(java.lang.Long.toString(l));
+    }
+
+    public static String toString(long l, int radix) {
+        return String.toDJVM(java.lang.Long.toString(l, radix));
+    }
+
+    public static String toUnsignedString(long l, int radix) {
+        return String.toDJVM(java.lang.Long.toUnsignedString(l, radix));
+    }
+
+    public static String toUnsignedString(long l) {
+        return String.toDJVM(java.lang.Long.toUnsignedString(l));
+    }
+
+    public static String toHexString(long l) {
+        return String.toDJVM(java.lang.Long.toHexString(l));
+    }
+
+    public static String toOctalString(long l) {
+        return String.toDJVM(java.lang.Long.toOctalString(l));
+    }
+
+    public static String toBinaryString(long l) {
+        return String.toDJVM(java.lang.Long.toBinaryString(l));
+    }
+
+    public static long parseLong(String s, int radix) throws NumberFormatException {
+        return java.lang.Long.parseLong(String.fromDJVM(s), radix);
+    }
+
+    public static long parseLong(String s) throws NumberFormatException {
+        return java.lang.Long.parseLong(String.fromDJVM(s));
+    }
+
+    public static long parseUnsignedLong(String s, int radix) throws NumberFormatException {
+        return java.lang.Long.parseUnsignedLong(String.fromDJVM(s), radix);
+    }
+
+    public static long parseUnsignedLong(String s) throws NumberFormatException {
+        return java.lang.Long.parseUnsignedLong(String.fromDJVM(s));
+    }
+
+    public static Long valueOf(String s, int radix) throws NumberFormatException {
+        return toDJVM(java.lang.Long.valueOf(String.fromDJVM(s), radix));
+    }
+
+    public static Long valueOf(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Long.valueOf(String.fromDJVM(s)));
+    }
+
+    public static Long valueOf(long l) {
+        return new Long(l);
+    }
+
+    public static Long decode(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Long.decode(String.fromDJVM(s)));
+    }
+
+    public static int compareUnsigned(long x, long y) {
+        return java.lang.Long.compareUnsigned(x, y);
+    }
+
+    public static long divideUnsigned(long dividend, long divisor) {
+        return java.lang.Long.divideUnsigned(dividend, divisor);
+    }
+
+    public static long remainderUnsigned(long dividend, long divisor) {
+        return java.lang.Long.remainderUnsigned(dividend, divisor);
+    }
+
+    public static long highestOneBit(long l) {
+        return java.lang.Long.highestOneBit(l);
+    }
+
+    public static long lowestOneBit(long l) {
+        return java.lang.Long.lowestOneBit(l);
+    }
+
+    public static int numberOfLeadingZeros(long l) {
+        return java.lang.Long.numberOfLeadingZeros(l);
+    }
+
+    public static int numberOfTrailingZeros(long l) {
+        return java.lang.Long.numberOfTrailingZeros(l);
+    }
+
+    public static int bitCount(long l) {
+        return java.lang.Long.bitCount(l);
+    }
+
+    public static long rotateLeft(long i, int distance) {
+        return java.lang.Long.rotateLeft(i, distance);
+    }
+
+    public static long rotateRight(long i, int distance) {
+        return java.lang.Long.rotateRight(i, distance);
+    }
+
+    public static long reverse(long l) {
+        return java.lang.Long.reverse(l);
+    }
+
+    public static int signum(long l) {
+        return java.lang.Long.signum(l);
+    }
+
+    public static long reverseBytes(long l) {
+        return java.lang.Long.reverseBytes(l);
+    }
+
+    public static long sum(long a, long b) {
+        return java.lang.Long.sum(a, b);
+    }
+
+    public static long max(long a, long b) {
+        return java.lang.Long.max(a, b);
+    }
+
+    public static long min(long a, long b) {
+        return java.lang.Long.min(a, b);
+    }
+
+    public static Long toDJVM(java.lang.Long l) {
+        return (l == null) ? null : valueOf(l);
+    }
+
+    static int stringSize(final long number) {
+        long l = 10;
+        int i = 1;
+
+        while ((i < 19) && (number >= l)) {
+            l *= 10;
+            ++i;
+        }
+
+        return i;
+    }
+
+    static void getChars(final long number, int index, char[] buffer) {
+        java.lang.String s = java.lang.Long.toString(number);
+        int length = s.length();
+
+        while (length > 0) {
+            buffer[--index] = s.charAt(--length);
+        }
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Number.java b/djvm/src/main/java/sandbox/java/lang/Number.java
new file mode 100644
index 0000000000..89d0a7fd8e
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Number.java
@@ -0,0 +1,21 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+import java.io.Serializable;
+
+@SuppressWarnings("unused")
+public abstract class Number extends Object implements Serializable {
+
+    public abstract double doubleValue();
+    public abstract float floatValue();
+    public abstract long longValue();
+    public abstract int intValue();
+    public abstract short shortValue();
+    public abstract byte byteValue();
+
+    @Override
+    @NotNull
+    public String toDJVMString() {
+        return String.toDJVM(toString());
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Object.java b/djvm/src/main/java/sandbox/java/lang/Object.java
new file mode 100644
index 0000000000..4208a52a53
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Object.java
@@ -0,0 +1,71 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+import sandbox.net.corda.djvm.rules.RuleViolationError;
+
+public class Object {
+
+    @Override
+    public int hashCode() {
+        return sandbox.java.lang.System.identityHashCode(this);
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return toDJVMString().toString();
+    }
+
+    @NotNull
+    public String toDJVMString() {
+        return String.toDJVM("sandbox.java.lang.Object@" + java.lang.Integer.toString(hashCode(), 16));
+    }
+
+    @NotNull
+    java.lang.Object fromDJVM() {
+        return this;
+    }
+
+    public static java.lang.Object[] fromDJVM(java.lang.Object[] args) {
+        if (args == null) {
+            return null;
+        }
+
+        java.lang.Object[] unwrapped = (java.lang.Object[]) java.lang.reflect.Array.newInstance(
+            fromDJVM(args.getClass().getComponentType()), args.length
+        );
+        int i = 0;
+        for (java.lang.Object arg : args) {
+            unwrapped[i] = unwrap(arg);
+            ++i;
+        }
+        return unwrapped;
+    }
+
+    private static java.lang.Object unwrap(java.lang.Object arg) {
+        if (arg instanceof Object) {
+            return ((Object) arg).fromDJVM();
+        } else if (Object[].class.isAssignableFrom(arg.getClass())) {
+            return fromDJVM((Object[]) arg);
+        } else {
+            return arg;
+        }
+    }
+
+    private static Class<?> fromDJVM(Class<?> type) {
+        try {
+            java.lang.String name = type.getName();
+            return Class.forName(name.startsWith("sandbox.") ? name.substring(8) : name);
+        } catch (ClassNotFoundException e) {
+            throw new RuleViolationError(e.getMessage());
+        }
+    }
+
+    static java.util.Locale fromDJVM(sandbox.java.util.Locale locale) {
+        return java.util.Locale.forLanguageTag(locale.toLanguageTag().fromDJVM());
+    }
+
+    static java.nio.charset.Charset fromDJVM(sandbox.java.nio.charset.Charset charset) {
+        return java.nio.charset.Charset.forName(charset.name().fromDJVM());
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Runtime.java b/djvm/src/main/java/sandbox/java/lang/Runtime.java
new file mode 100644
index 0000000000..830233072b
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Runtime.java
@@ -0,0 +1,27 @@
+package sandbox.java.lang;
+
+@SuppressWarnings("unused")
+public final class Runtime extends Object {
+    private static final Runtime RUNTIME = new Runtime();
+
+    private Runtime() {}
+
+    public static Runtime getRuntime() {
+        return RUNTIME;
+    }
+
+    /**
+     * Everything inside the sandbox is single-threaded.
+     * @return 1
+     */
+    public int availableProcessors() {
+        return 1;
+    }
+
+    public void loadLibrary(String libraryName) {}
+
+    public void load(String fileName) {}
+
+    public void runFinalization() {}
+    public void gc() {}
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Short.java b/djvm/src/main/java/sandbox/java/lang/Short.java
new file mode 100644
index 0000000000..a0e1cbfd39
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Short.java
@@ -0,0 +1,128 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public final class Short extends Number implements Comparable<Short> {
+    public static final short MIN_VALUE = java.lang.Short.MIN_VALUE;
+    public static final short MAX_VALUE = java.lang.Short.MAX_VALUE;
+    public static final int BYTES = java.lang.Short.BYTES;
+    public static final int SIZE = java.lang.Short.SIZE;
+
+    @SuppressWarnings("unchecked")
+    public static final Class<Short> TYPE = (Class) java.lang.Short.TYPE;
+
+    private final short value;
+
+    public Short(short value) {
+        this.value = value;
+    }
+
+    public Short(String s) throws NumberFormatException {
+        this.value = parseShort(s);
+    }
+
+    @Override
+    public byte byteValue() {
+        return (byte)value;
+    }
+
+    @Override
+    public short shortValue() {
+        return value;
+    }
+
+    @Override
+    public int intValue() {
+        return value;
+    }
+
+    @Override
+    public long longValue() {
+        return (long)value;
+    }
+
+    @Override
+    public float floatValue() {
+        return (float)value;
+    }
+
+    @Override
+    public double doubleValue() {
+        return (double)value;
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return java.lang.Integer.toString(value);
+    }
+
+    @Override
+    @NotNull
+    java.lang.Short fromDJVM() {
+        return value;
+    }
+
+    @Override
+    public int hashCode() {
+        return hashCode(value);
+    }
+
+    public static int hashCode(short value) {
+        return java.lang.Short.hashCode(value);
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof Short) && ((Short) other).value == value;
+    }
+
+    public int compareTo(@NotNull Short other) {
+        return compare(this.value, other.value);
+    }
+
+    public static int compare(short x, short y) {
+        return java.lang.Short.compare(x, y);
+    }
+
+    public static short reverseBytes(short value) {
+        return java.lang.Short.reverseBytes(value);
+    }
+
+    public static int toUnsignedInt(short x) {
+        return java.lang.Short.toUnsignedInt(x);
+    }
+
+    public static long toUnsignedLong(short x) {
+        return java.lang.Short.toUnsignedLong(x);
+    }
+
+    public static short parseShort(String s, int radix) throws NumberFormatException {
+        return java.lang.Short.parseShort(String.fromDJVM(s), radix);
+    }
+
+    public static short parseShort(String s) throws NumberFormatException {
+        return java.lang.Short.parseShort(String.fromDJVM(s));
+    }
+
+    public static Short valueOf(String s, int radix) throws NumberFormatException {
+        return toDJVM(java.lang.Short.valueOf(String.fromDJVM(s), radix));
+    }
+
+    public static Short valueOf(String s) throws NumberFormatException {
+        return toDJVM(java.lang.Short.valueOf(String.fromDJVM(s)));
+    }
+
+    public static Short valueOf(short s) {
+        return new Short(s);
+    }
+
+    public static Short decode(String nm) throws NumberFormatException {
+        return toDJVM(java.lang.Short.decode(String.fromDJVM(nm)));
+    }
+
+    public static Short toDJVM(java.lang.Short i) {
+        return (i == null) ? null : valueOf(i);
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/java/sandbox/java/lang/String.java b/djvm/src/main/java/sandbox/java/lang/String.java
new file mode 100644
index 0000000000..4cce494d30
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/String.java
@@ -0,0 +1,398 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+import sandbox.java.nio.charset.Charset;
+import sandbox.java.util.Comparator;
+import sandbox.java.util.Locale;
+
+import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+
+@SuppressWarnings("unused")
+public final class String extends Object implements Comparable<String>, CharSequence, Serializable {
+    public static final Comparator<String> CASE_INSENSITIVE_ORDER = new CaseInsensitiveComparator();
+
+    private static class CaseInsensitiveComparator extends Object implements Comparator<String>, Serializable {
+        @Override
+        public int compare(String s1, String s2) {
+            return java.lang.String.CASE_INSENSITIVE_ORDER.compare(String.fromDJVM(s1), String.fromDJVM(s2));
+        }
+    }
+
+    private static final String TRUE = new String("true");
+    private static final String FALSE = new String("false");
+
+    private final java.lang.String value;
+
+    public String() {
+        this.value = "";
+    }
+
+    public String(java.lang.String value) {
+        this.value = value;
+    }
+
+    public String(char value[]) {
+        this.value = new java.lang.String(value);
+    }
+
+    public String(char value[], int offset, int count) {
+        this.value = new java.lang.String(value, offset, count);
+    }
+
+    public String(int[] codePoints, int offset, int count) {
+        this.value = new java.lang.String(codePoints, offset, count);
+    }
+
+    @Deprecated
+    public String(byte ascii[], int hibyte, int offset, int count) {
+        this.value = new java.lang.String(ascii, hibyte, offset, count);
+    }
+
+    @Deprecated
+    public String(byte ascii[], int hibyte) {
+        this.value = new java.lang.String(ascii, hibyte);
+    }
+
+    public String(byte bytes[], int offset, int length, String charsetName)
+            throws UnsupportedEncodingException {
+        this.value = new java.lang.String(bytes, offset, length, fromDJVM(charsetName));
+    }
+
+    public String(byte bytes[], int offset, int length, Charset charset) {
+        this.value = new java.lang.String(bytes, offset, length, fromDJVM(charset));
+    }
+
+    public String(byte bytes[], String charsetName)
+            throws UnsupportedEncodingException {
+        this.value = new java.lang.String(bytes, fromDJVM(charsetName));
+    }
+
+    public String(byte bytes[], Charset charset) {
+        this.value = new java.lang.String(bytes, fromDJVM(charset));
+    }
+
+    public String(byte bytes[], int offset, int length) {
+        this.value = new java.lang.String(bytes, offset, length);
+    }
+
+    public String(byte bytes[]) {
+        this.value = new java.lang.String(bytes);
+    }
+
+    public String(StringBuffer buffer) {
+        this.value = buffer.toString();
+    }
+
+    public String(StringBuilder builder) {
+        this.value = builder.toString();
+    }
+
+    @Override
+    public char charAt(int index) {
+        return value.charAt(index);
+    }
+
+    @Override
+    public int length() {
+        return value.length();
+    }
+
+    public boolean isEmpty() {
+        return value.isEmpty();
+    }
+
+    public int codePointAt(int index) {
+        return value.codePointAt(index);
+    }
+
+    public int codePointBefore(int index) {
+        return value.codePointBefore(index);
+    }
+
+    public int codePointCount(int beginIndex, int endIndex) {
+        return value.codePointCount(beginIndex, endIndex);
+    }
+
+    public int offsetByCodePoints(int index, int codePointOffset) {
+        return value.offsetByCodePoints(index, codePointOffset);
+    }
+
+    public void getChars(int srcBegin, int srcEnd, char dst[], int dstBegin) {
+        value.getChars(srcBegin, srcEnd, dst, dstBegin);
+    }
+
+    @Deprecated
+    public void getBytes(int srcBegin, int srcEnd, byte dst[], int dstBegin) {
+        value.getBytes(srcBegin, srcEnd, dst, dstBegin);
+    }
+
+    public byte[] getBytes(String charsetName) throws UnsupportedEncodingException {
+        return value.getBytes(fromDJVM(charsetName));
+    }
+
+    public byte[] getBytes(Charset charset) {
+        return value.getBytes(fromDJVM(charset));
+    }
+
+    public byte[] getBytes() {
+        return value.getBytes();
+    }
+
+    @Override
+    public boolean equals(java.lang.Object other) {
+        return (other instanceof String) && ((String) other).value.equals(value);
+    }
+
+    @Override
+    public int hashCode() {
+        return value.hashCode();
+    }
+
+    @Override
+    @NotNull
+    public java.lang.String toString() {
+        return value;
+    }
+
+    @Override
+    @NotNull
+    public String toDJVMString() {
+        return this;
+    }
+
+    @Override
+    @NotNull
+    java.lang.String fromDJVM() {
+        return value;
+    }
+
+    public boolean contentEquals(StringBuffer sb) {
+        return value.contentEquals((CharSequence) sb);
+    }
+
+    public boolean contentEquals(CharSequence cs) {
+        return value.contentEquals(cs);
+    }
+
+    public boolean equalsIgnoreCase(String anotherString) {
+        return value.equalsIgnoreCase(fromDJVM(anotherString));
+    }
+
+    @Override
+    public CharSequence subSequence(int start, int end) {
+        return toDJVM((java.lang.String) value.subSequence(start, end));
+    }
+
+    @Override
+    public int compareTo(@NotNull String other) {
+        return value.compareTo(other.toString());
+    }
+
+    public int compareToIgnoreCase(String str) {
+        return value.compareToIgnoreCase(fromDJVM(str));
+    }
+
+    public boolean regionMatches(int toffset, String other, int ooffset, int len) {
+        return value.regionMatches(toffset, fromDJVM(other), ooffset, len);
+    }
+
+    public boolean regionMatches(boolean ignoreCase, int toffset,
+                                 String other, int ooffset, int len) {
+        return value.regionMatches(ignoreCase, toffset, fromDJVM(other), ooffset, len);
+    }
+
+    public boolean startsWith(String prefix, int toffset) {
+        return value.startsWith(fromDJVM(prefix), toffset);
+    }
+
+    public boolean startsWith(String prefix) {
+        return value.startsWith(fromDJVM(prefix));
+    }
+
+    public boolean endsWith(String suffix) {
+        return value.endsWith(fromDJVM(suffix));
+    }
+
+    public int indexOf(int ch) {
+        return value.indexOf(ch);
+    }
+
+    public int indexOf(int ch, int fromIndex) {
+        return value.indexOf(ch, fromIndex);
+    }
+
+    public int lastIndexOf(int ch) {
+        return value.lastIndexOf(ch);
+    }
+
+    public int lastIndexOf(int ch, int fromIndex) {
+        return value.lastIndexOf(ch, fromIndex);
+    }
+
+    public int indexOf(String str) {
+        return value.indexOf(fromDJVM(str));
+    }
+
+    public int indexOf(String str, int fromIndex) {
+        return value.indexOf(fromDJVM(str), fromIndex);
+    }
+
+    public int lastIndexOf(String str) {
+        return value.lastIndexOf(fromDJVM(str));
+    }
+
+    public int lastIndexOf(String str, int fromIndex) {
+        return value.lastIndexOf(fromDJVM(str), fromIndex);
+    }
+
+    public String substring(int beginIndex) {
+        return toDJVM(value.substring(beginIndex));
+    }
+
+    public String substring(int beginIndex, int endIndex) {
+        return toDJVM(value.substring(beginIndex, endIndex));
+    }
+
+    public String concat(String str) {
+        return toDJVM(value.concat(fromDJVM(str)));
+    }
+
+    public String replace(char oldChar, char newChar) {
+        return toDJVM(value.replace(oldChar, newChar));
+    }
+
+    public boolean matches(String regex) {
+        return value.matches(fromDJVM(regex));
+    }
+
+    public boolean contains(CharSequence s) {
+        return value.contains(s);
+    }
+
+    public String replaceFirst(String regex, String replacement) {
+        return toDJVM(value.replaceFirst(fromDJVM(regex), fromDJVM(replacement)));
+    }
+
+    public String replaceAll(String regex, String replacement) {
+        return toDJVM(value.replaceAll(fromDJVM(regex), fromDJVM(replacement)));
+    }
+
+    public String replace(CharSequence target, CharSequence replacement) {
+        return toDJVM(value.replace(target, replacement));
+    }
+
+    public String[] split(String regex, int limit) {
+        return toDJVM(value.split(fromDJVM(regex), limit));
+    }
+
+    public String[] split(String regex) {
+        return toDJVM(value.split(fromDJVM(regex)));
+    }
+
+    public String toLowerCase(Locale locale) {
+        return toDJVM(value.toLowerCase(fromDJVM(locale)));
+    }
+
+    public String toLowerCase() {
+        return toDJVM(value.toLowerCase());
+    }
+
+    public String toUpperCase(Locale locale) {
+        return toDJVM(value.toUpperCase(fromDJVM(locale)));
+    }
+
+    public String toUpperCase() {
+        return toDJVM(value.toUpperCase());
+    }
+
+    public String trim() {
+        return toDJVM(value.trim());
+    }
+
+    public char[] toCharArray() {
+        return value.toCharArray();
+    }
+
+    public static String format(String format, java.lang.Object... args) {
+        return toDJVM(java.lang.String.format(fromDJVM(format), fromDJVM(args)));
+    }
+
+    public static String format(Locale locale, String format, java.lang.Object... args) {
+        return toDJVM(java.lang.String.format(fromDJVM(locale), fromDJVM(format), fromDJVM(args)));
+    }
+
+    public static String join(CharSequence delimiter, CharSequence... elements) {
+        return toDJVM(java.lang.String.join(delimiter, elements));
+    }
+
+    public static String join(CharSequence delimiter,
+                              Iterable<? extends CharSequence> elements) {
+        return toDJVM(java.lang.String.join(delimiter, elements));
+    }
+
+    public static String valueOf(java.lang.Object obj) {
+        return (obj instanceof Object) ? ((Object) obj).toDJVMString() : toDJVM(java.lang.String.valueOf(obj));
+    }
+
+    public static String valueOf(char data[]) {
+        return toDJVM(java.lang.String.valueOf(data));
+    }
+
+    public static String valueOf(char data[], int offset, int count) {
+        return toDJVM(java.lang.String.valueOf(data, offset, count));
+    }
+
+    public static String copyValueOf(char data[], int offset, int count) {
+        return toDJVM(java.lang.String.copyValueOf(data, offset, count));
+    }
+
+    public static String copyValueOf(char data[]) {
+        return toDJVM(java.lang.String.copyValueOf(data));
+    }
+
+    public static String valueOf(boolean b) {
+        return b ? TRUE : FALSE;
+    }
+
+    public static String valueOf(char c) {
+        return toDJVM(java.lang.String.valueOf(c));
+    }
+
+    public static String valueOf(int i) {
+        return toDJVM(java.lang.String.valueOf(i));
+    }
+
+    public static String valueOf(long l) {
+        return toDJVM(java.lang.String.valueOf(l));
+    }
+
+    public static String valueOf(float f) {
+        return toDJVM(java.lang.String.valueOf(f));
+    }
+
+    public static String valueOf(double d) {
+        return toDJVM(java.lang.String.valueOf(d));
+    }
+
+    static String[] toDJVM(java.lang.String[] value) {
+        if (value == null) {
+            return null;
+        }
+        String[] result = new String[value.length];
+        int i = 0;
+        for (java.lang.String v : value) {
+            result[i] = toDJVM(v);
+            ++i;
+        }
+        return result;
+    }
+
+    public static String toDJVM(java.lang.String value) {
+        return (value == null) ? null : new String(value);
+    }
+
+    public static java.lang.String fromDJVM(String value) {
+        return (value == null) ? null : value.fromDJVM();
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/java/sandbox/java/lang/StringBuffer.java b/djvm/src/main/java/sandbox/java/lang/StringBuffer.java
new file mode 100644
index 0000000000..e9cbcad328
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/StringBuffer.java
@@ -0,0 +1,20 @@
+package sandbox.java.lang;
+
+import java.io.Serializable;
+
+/**
+ * This is a dummy class that implements just enough of [java.lang.StringBuffer]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+public abstract class StringBuffer extends Object implements CharSequence, Appendable, Serializable {
+
+    @Override
+    public abstract StringBuffer append(CharSequence seq);
+
+    @Override
+    public abstract StringBuffer append(CharSequence seq, int start, int end);
+
+    @Override
+    public abstract StringBuffer append(char c);
+
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/StringBuilder.java b/djvm/src/main/java/sandbox/java/lang/StringBuilder.java
new file mode 100644
index 0000000000..ed80b2e508
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/StringBuilder.java
@@ -0,0 +1,20 @@
+package sandbox.java.lang;
+
+import java.io.Serializable;
+
+/**
+ * This is a dummy class that implements just enough of [java.lang.StringBuilder]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+public abstract class StringBuilder extends Object implements Appendable, CharSequence, Serializable {
+
+    @Override
+    public abstract StringBuilder append(CharSequence seq);
+
+    @Override
+    public abstract StringBuilder append(CharSequence seq, int start, int end);
+
+    @Override
+    public abstract StringBuilder append(char c);
+
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/System.java b/djvm/src/main/java/sandbox/java/lang/System.java
new file mode 100644
index 0000000000..95525d0b50
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/System.java
@@ -0,0 +1,28 @@
+package sandbox.java.lang;
+
+@SuppressWarnings({"WeakerAccess", "unused"})
+public final class System extends Object {
+
+    private System() {}
+
+    /*
+     * This class is duplicated into every sandbox, where everything is single-threaded.
+     */
+    private static final java.util.Map<java.lang.Integer, java.lang.Integer> objectHashCodes = new java.util.LinkedHashMap<>();
+    private static int objectCounter = 0;
+
+    public static int identityHashCode(java.lang.Object obj) {
+        int nativeHashCode = java.lang.System.identityHashCode(obj);
+        // TODO Instead of using a magic offset below, one could take in a per-context seed
+        return objectHashCodes.computeIfAbsent(nativeHashCode, i -> ++objectCounter + 0xfed_c0de);
+    }
+
+    public static final String lineSeparator = String.toDJVM("\n");
+
+    public static void arraycopy(java.lang.Object src, int srcPos, java.lang.Object dest, int destPos, int length) {
+        java.lang.System.arraycopy(src, srcPos, dest, destPos, length);
+    }
+
+    public static void runFinalization() {}
+    public static void gc() {}
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java b/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java
new file mode 100644
index 0000000000..f416d3db16
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java
@@ -0,0 +1,59 @@
+package sandbox.java.lang;
+
+import sandbox.java.util.function.Supplier;
+
+/**
+ * Everything inside the sandbox is single-threaded, so this
+ * implementation of ThreadLocal<T> is sufficient.
+ * @param <T>
+ */
+@SuppressWarnings({"unused", "WeakerAccess"})
+public class ThreadLocal<T> extends Object {
+
+    private T value;
+    private boolean isSet;
+
+    public ThreadLocal() {
+    }
+
+    protected T initialValue() {
+        return null;
+    }
+
+    public T get() {
+        if (!isSet) {
+            set(initialValue());
+        }
+        return value;
+    }
+
+    public void set(T value) {
+        this.value = value;
+        this.isSet = true;
+    }
+
+    public void remove() {
+        value = null;
+        isSet = false;
+    }
+
+    public static <V> ThreadLocal<V> withInitial(Supplier<? extends V> supplier) {
+        return new SuppliedThreadLocal<>(supplier);
+    }
+
+    // Stub class for compiling ThreadLocal. The sandbox will import the
+    // actual SuppliedThreadLocal class at run-time. Having said that, we
+    // still need a working implementation here for the sake of our tests.
+    static final class SuppliedThreadLocal<T> extends ThreadLocal<T> {
+        private final Supplier<? extends T> supplier;
+
+        SuppliedThreadLocal(Supplier<? extends T> supplier) {
+            this.supplier = supplier;
+        }
+
+        @Override
+        protected T initialValue() {
+            return supplier.get();
+        }
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/nio/charset/Charset.java b/djvm/src/main/java/sandbox/java/nio/charset/Charset.java
new file mode 100644
index 0000000000..371a21404a
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/nio/charset/Charset.java
@@ -0,0 +1,18 @@
+package sandbox.java.nio.charset;
+
+/**
+ * This is a dummy class that implements just enough of [java.nio.charset.Charset]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+@SuppressWarnings("unused")
+public abstract class Charset extends sandbox.java.lang.Object {
+    private final sandbox.java.lang.String canonicalName;
+
+    protected Charset(sandbox.java.lang.String canonicalName, sandbox.java.lang.String[] aliases) {
+        this.canonicalName = canonicalName;
+    }
+
+    public final sandbox.java.lang.String name() {
+        return canonicalName;
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/util/Comparator.java b/djvm/src/main/java/sandbox/java/util/Comparator.java
new file mode 100644
index 0000000000..20679dee59
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/util/Comparator.java
@@ -0,0 +1,9 @@
+package sandbox.java.util;
+
+/**
+ * This is a dummy class that implements just enough of [java.util.Comparator]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+@FunctionalInterface
+public interface Comparator<T> extends java.util.Comparator<T> {
+}
diff --git a/djvm/src/main/java/sandbox/java/util/LinkedHashMap.java b/djvm/src/main/java/sandbox/java/util/LinkedHashMap.java
new file mode 100644
index 0000000000..37d8c56210
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/util/LinkedHashMap.java
@@ -0,0 +1,13 @@
+package sandbox.java.util;
+
+/**
+ * This is a dummy class to bootstrap us into the sandbox.
+ */
+public class LinkedHashMap<K, V> extends java.util.LinkedHashMap<K, V> implements Map<K, V> {
+    public LinkedHashMap(int initialSize) {
+        super(initialSize);
+    }
+
+    public LinkedHashMap() {
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/util/Locale.java b/djvm/src/main/java/sandbox/java/util/Locale.java
new file mode 100644
index 0000000000..3ceaea9382
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/util/Locale.java
@@ -0,0 +1,9 @@
+package sandbox.java.util;
+
+/**
+ * This is a dummy class that implements just enough of [java.util.Locale]
+ * to allow us to compile [sandbox.java.lang.String].
+ */
+public abstract class Locale extends sandbox.java.lang.Object {
+    public abstract sandbox.java.lang.String toLanguageTag();
+}
diff --git a/djvm/src/main/java/sandbox/java/util/Map.java b/djvm/src/main/java/sandbox/java/util/Map.java
new file mode 100644
index 0000000000..576e462583
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/util/Map.java
@@ -0,0 +1,7 @@
+package sandbox.java.util;
+
+/**
+ * This is a dummy class to bootstrap us into the sandbox.
+ */
+public interface Map<K, V> extends java.util.Map<K, V> {
+}
diff --git a/djvm/src/main/java/sandbox/java/util/function/Function.java b/djvm/src/main/java/sandbox/java/util/function/Function.java
new file mode 100644
index 0000000000..5cd806a01e
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/util/function/Function.java
@@ -0,0 +1,10 @@
+package sandbox.java.util.function;
+
+/**
+ * This is a dummy class that implements just enough of [java.util.function.Function]
+ * to allow us to compile [sandbox.Task].
+ */
+@FunctionalInterface
+public interface Function<T, R> {
+    R apply(T item);
+}
diff --git a/djvm/src/main/java/sandbox/java/util/function/Supplier.java b/djvm/src/main/java/sandbox/java/util/function/Supplier.java
new file mode 100644
index 0000000000..31f236bae6
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/util/function/Supplier.java
@@ -0,0 +1,10 @@
+package sandbox.java.util.function;
+
+/**
+ * This is a dummy class that implements just enough of [java.util.function.Supplier]
+ * to allow us to compile [sandbox.java.lang.ThreadLocal].
+ */
+@FunctionalInterface
+public interface Supplier<T> {
+    T get();
+}
diff --git a/djvm/src/main/java/sandbox/sun/misc/JavaLangAccess.java b/djvm/src/main/java/sandbox/sun/misc/JavaLangAccess.java
new file mode 100644
index 0000000000..189a7f9711
--- /dev/null
+++ b/djvm/src/main/java/sandbox/sun/misc/JavaLangAccess.java
@@ -0,0 +1,10 @@
+package sandbox.sun.misc;
+
+import sandbox.java.lang.Enum;
+
+@SuppressWarnings("unused")
+public interface JavaLangAccess {
+
+    <E extends Enum<E>> E[] getEnumConstantsShared(Class<E> enumClass);
+
+}
diff --git a/djvm/src/main/java/sandbox/sun/misc/SharedSecrets.java b/djvm/src/main/java/sandbox/sun/misc/SharedSecrets.java
new file mode 100644
index 0000000000..a03f7689c1
--- /dev/null
+++ b/djvm/src/main/java/sandbox/sun/misc/SharedSecrets.java
@@ -0,0 +1,20 @@
+package sandbox.sun.misc;
+
+import sandbox.java.lang.Enum;
+
+@SuppressWarnings("unused")
+public class SharedSecrets extends sandbox.java.lang.Object {
+    private static final JavaLangAccess javaLangAccess = new JavaLangAccessImpl();
+
+    private static class JavaLangAccessImpl implements JavaLangAccess {
+        @SuppressWarnings("unchecked")
+        @Override
+        public <E extends Enum<E>> E[] getEnumConstantsShared(Class<E> enumClass) {
+            return (E[]) sandbox.java.lang.DJVM.getEnumConstantsShared(enumClass);
+        }
+    }
+
+    public static JavaLangAccess getJavaLangAccess() {
+        return javaLangAccess;
+    }
+}
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt
index 2a1e7d63cf..f8d87fd1ea 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt
@@ -1,12 +1,17 @@
 package net.corda.djvm.analysis
 
+import net.corda.djvm.code.EmitterModule
 import net.corda.djvm.code.ruleViolationError
 import net.corda.djvm.code.thresholdViolationError
 import net.corda.djvm.messages.Severity
 import net.corda.djvm.references.ClassModule
+import net.corda.djvm.references.Member
 import net.corda.djvm.references.MemberModule
+import net.corda.djvm.references.MethodBody
 import net.corda.djvm.source.BootstrapClassLoader
 import net.corda.djvm.source.SourceClassLoader
+import org.objectweb.asm.Opcodes.*
+import org.objectweb.asm.Type
 import sandbox.net.corda.djvm.costing.RuntimeCostAccounter
 import java.io.Closeable
 import java.io.IOException
@@ -41,19 +46,22 @@ class AnalysisConfiguration(
 
     /**
      * Classes that have already been declared in the sandbox namespace and that should be made
-     * available inside the sandboxed environment.
+     * available inside the sandboxed environment. These classes belong to the application
+     * classloader and so are shared across all sandboxes.
      */
-    val pinnedClasses: Set<String> = setOf(
-        SANDBOXED_OBJECT,
-        RuntimeCostAccounter.TYPE_NAME,
-        ruleViolationError,
-        thresholdViolationError
-    ) + additionalPinnedClasses
+    val pinnedClasses: Set<String> = MANDATORY_PINNED_CLASSES + additionalPinnedClasses
+
+    /**
+     * These interfaces are modified as they are mapped into the sandbox by
+     * having their unsandboxed version "stitched in" as a super-interface.
+     * And in some cases, we need to add some synthetic bridge methods as well.
+     */
+    val stitchedInterfaces: Map<String, List<Member>> get() = STITCHED_INTERFACES
 
     /**
      * Functionality used to resolve the qualified name and relevant information about a class.
      */
-    val classResolver: ClassResolver = ClassResolver(pinnedClasses, whitelist, SANDBOX_PREFIX)
+    val classResolver: ClassResolver = ClassResolver(pinnedClasses, TEMPLATE_CLASSES, whitelist, SANDBOX_PREFIX)
 
     private val bootstrapClassLoader = bootstrapJar?.let { BootstrapClassLoader(it, classResolver) }
     val supportingClassLoader = SourceClassLoader(classPath, classResolver, bootstrapClassLoader)
@@ -65,13 +73,114 @@ class AnalysisConfiguration(
         }
     }
 
+    fun isTemplateClass(className: String): Boolean = className in TEMPLATE_CLASSES
+    fun isPinnedClass(className: String): Boolean = className in pinnedClasses
+
     companion object {
         /**
          * The package name prefix to use for classes loaded into a sandbox.
          */
         private const val SANDBOX_PREFIX: String = "sandbox/"
 
-        private const val SANDBOXED_OBJECT = SANDBOX_PREFIX + "java/lang/Object"
+        /**
+         * These class must belong to the application class loader.
+         * They should already exist within the sandbox namespace.
+         */
+        private val MANDATORY_PINNED_CLASSES: Set<String> = setOf(
+            RuntimeCostAccounter.TYPE_NAME,
+            ruleViolationError,
+            thresholdViolationError
+        )
+
+        /**
+         * These classes will be duplicated into every sandbox's
+         * classloader.
+         */
+        private val TEMPLATE_CLASSES: Set<String> = setOf(
+            java.lang.Boolean::class.java,
+            java.lang.Byte::class.java,
+            java.lang.Character::class.java,
+            java.lang.Double::class.java,
+            java.lang.Float::class.java,
+            java.lang.Integer::class.java,
+            java.lang.Long::class.java,
+            java.lang.Number::class.java,
+            java.lang.Runtime::class.java,
+            java.lang.Short::class.java,
+            java.lang.String::class.java,
+            java.lang.String.CASE_INSENSITIVE_ORDER::class.java,
+            java.lang.System::class.java,
+            java.lang.ThreadLocal::class.java,
+            kotlin.Any::class.java,
+            sun.misc.JavaLangAccess::class.java,
+            sun.misc.SharedSecrets::class.java
+        ).sandboxed() + setOf(
+            "sandbox/Task",
+            "sandbox/java/lang/DJVM",
+            "sandbox/sun/misc/SharedSecrets\$1",
+            "sandbox/sun/misc/SharedSecrets\$JavaLangAccessImpl"
+        )
+
+        /**
+         * These interfaces will be modified as follows when
+         * added to the sandbox:
+         *
+         * <code>interface sandbox.A extends A</code>
+         */
+        private val STITCHED_INTERFACES: Map<String, List<Member>> = mapOf(
+            sandboxed(CharSequence::class.java) to listOf(
+                object : MethodBuilder(
+                    access = ACC_PUBLIC or ACC_SYNTHETIC or ACC_BRIDGE,
+                    className = "sandbox/java/lang/CharSequence",
+                    memberName = "subSequence",
+                    descriptor = "(II)Ljava/lang/CharSequence;"
+                ) {
+                    override fun writeBody(emitter: EmitterModule) = with(emitter) {
+                        pushObject(0)
+                        pushInteger(1)
+                        pushInteger(2)
+                        invokeInterface(className, memberName, "(II)L$className;")
+                        returnObject()
+                    }
+                }.withBody()
+                 .build(),
+                MethodBuilder(
+                    access = ACC_PUBLIC or ACC_ABSTRACT,
+                    className = "sandbox/java/lang/CharSequence",
+                    memberName = "toString",
+                    descriptor = "()Ljava/lang/String;"
+                ).build()
+            ),
+            sandboxed(Comparable::class.java) to emptyList(),
+            sandboxed(Comparator::class.java) to emptyList(),
+            sandboxed(Iterable::class.java) to emptyList()
+        )
+
+        private fun sandboxed(clazz: Class<*>) = SANDBOX_PREFIX + Type.getInternalName(clazz)
+        private fun Set<Class<*>>.sandboxed(): Set<String> = map(Companion::sandboxed).toSet()
     }
 
+    private open class MethodBuilder(
+            protected val access: Int,
+            protected val className: String,
+            protected val memberName: String,
+            protected val descriptor: String) {
+        private val bodies = mutableListOf<MethodBody>()
+
+        protected open fun writeBody(emitter: EmitterModule) {}
+
+        fun withBody(): MethodBuilder {
+            bodies.add(::writeBody)
+            return this
+        }
+
+        fun build() = Member(
+            access = access,
+            className = className,
+            memberName = memberName,
+            signature = descriptor,
+            genericsDetails = "",
+            body = bodies
+        )
+    }
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt
index d0d9cb4e8c..8bfb997ae7 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt
@@ -85,8 +85,12 @@ open class ClassAndMemberVisitor(
 
     /**
      * Process class after it has been fully traversed and analyzed.
+     * The [classVisitor] has finished visiting all of the class's
+     * existing elements (i.e. methods, fields, inner classes etc)
+     * and is about to complete. However, it can still add new
+     * elements to the class, if required.
      */
-    open fun visitClassEnd(clazz: ClassRepresentation) {}
+    open fun visitClassEnd(classVisitor: ClassVisitor, clazz: ClassRepresentation) {}
 
     /**
      * Extract the meta-data indicating the source file of the traversed class (i.e., where it is compiled from).
@@ -136,7 +140,7 @@ open class ClassAndMemberVisitor(
      */
     protected fun shouldBeProcessed(className: String): Boolean {
         return !configuration.whitelist.inNamespace(className) &&
-                className !in configuration.pinnedClasses
+                !configuration.isPinnedClass(className)
     }
 
     /**
@@ -241,7 +245,7 @@ open class ClassAndMemberVisitor(
                     .getClassReferencesFromClass(currentClass!!, configuration.analyzeAnnotations)
                     .forEach(::recordTypeReference)
             captureExceptions {
-                visitClassEnd(currentClass!!)
+                visitClassEnd(this, currentClass!!)
             }
             super.visitEnd()
         }
@@ -385,7 +389,9 @@ open class ClassAndMemberVisitor(
          */
         override fun visitCode() {
             tryReplaceMethodBody()
-            super.visitCode()
+            visit(MethodEntry(method)) {
+                super.visitCode()
+            }
         }
 
         /**
@@ -494,6 +500,15 @@ open class ClassAndMemberVisitor(
             }
         }
 
+        /**
+         * Transform values loaded from the constants pool.
+         */
+        override fun visitLdcInsn(value: Any) {
+            visit(ConstantInstruction(value), defaultFirst = true) {
+                super.visitLdcInsn(value)
+            }
+        }
+
         /**
          * Finish visiting this method, writing any new method body byte-code
          * if we haven't written it already. This would (presumably) only happen
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassResolver.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassResolver.kt
index b1aa3ae541..a05b4ec7ec 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassResolver.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassResolver.kt
@@ -26,6 +26,7 @@ import net.corda.djvm.code.asResourcePath
  */
 class ClassResolver(
         private val pinnedClasses: Set<String>,
+        private val templateClasses: Set<String>,
         private val whitelist: Whitelist,
         private val sandboxPrefix: String
 ) {
@@ -83,7 +84,7 @@ class ClassResolver(
      * Reverse the resolution of a class name.
      */
     fun reverse(resolvedClassName: String): String {
-        if (resolvedClassName in pinnedClasses) {
+        if (resolvedClassName in pinnedClasses || resolvedClassName in templateClasses) {
             return resolvedClassName
         }
         if (resolvedClassName.startsWith(sandboxPrefix)) {
@@ -103,10 +104,10 @@ class ClassResolver(
     }
 
     /**
-     * Resolve class name from a fully qualified name.
+     * Resolve sandboxed class name from a fully qualified name.
      */
     private fun resolveName(name: String): String {
-        return if (isPinnedOrWhitelistedClass(name)) {
+        return if (isPinnedOrWhitelistedClass(name) || name in templateClasses) {
             name
         } else {
             "$sandboxPrefix$name"
@@ -122,10 +123,10 @@ class ClassResolver(
                 sandboxRegex.matches(name)
     }
 
-    private val sandboxRegex = "^$sandboxPrefix.*$".toRegex()
+    private val sandboxRegex = "^$sandboxPrefix.*\$".toRegex()
 
     companion object {
-        private val complexArrayTypeRegex = "^(\\[+)L(.*);$".toRegex()
+        private val complexArrayTypeRegex = "^(\\[+)L(.*);\$".toRegex()
     }
 
 }
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt
index 3cbbfe8223..c19cc8111e 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt
@@ -89,36 +89,25 @@ open class Whitelist private constructor(
      * Enumerate all the entries of the whitelist.
      */
     val items: Set<String>
-        get() = textEntries + entries.map { it.pattern }
+        get() = textEntries + entries.map(Regex::pattern)
 
     companion object {
         private val everythingRegex = setOf(".*".toRegex())
 
         private val minimumSet = setOf(
-                "^java/lang/Boolean(\\..*)?$".toRegex(),
-                "^java/lang/Byte(\\..*)?$".toRegex(),
-                "^java/lang/Character(\\..*)?$".toRegex(),
-                "^java/lang/Class(\\..*)?$".toRegex(),
-                "^java/lang/ClassLoader(\\..*)?$".toRegex(),
-                "^java/lang/Cloneable(\\..*)?$".toRegex(),
-                "^java/lang/Comparable(\\..*)?$".toRegex(),
-                "^java/lang/Double(\\..*)?$".toRegex(),
-                "^java/lang/Enum(\\..*)?$".toRegex(),
-                "^java/lang/Float(\\..*)?$".toRegex(),
-                "^java/lang/Integer(\\..*)?$".toRegex(),
-                "^java/lang/Iterable(\\..*)?$".toRegex(),
-                "^java/lang/Long(\\..*)?$".toRegex(),
-                "^java/lang/Number(\\..*)?$".toRegex(),
-                "^java/lang/Object(\\..*)?$".toRegex(),
-                "^java/lang/Override(\\..*)?$".toRegex(),
-                "^java/lang/Short(\\..*)?$".toRegex(),
-                "^java/lang/String(\\..*)?$".toRegex(),
-                "^java/lang/ThreadDeath(\\..*)?$".toRegex(),
-                "^java/lang/Throwable(\\..*)?$".toRegex(),
-                "^java/lang/Void(\\..*)?$".toRegex(),
-                "^java/lang/.*Error(\\..*)?$".toRegex(),
-                "^java/lang/.*Exception(\\..*)?$".toRegex(),
-                "^java/lang/reflect/Array(\\..*)?$".toRegex()
+            "^java/lang/Class(\\..*)?\$".toRegex(),
+            "^java/lang/ClassLoader(\\..*)?\$".toRegex(),
+            "^java/lang/Cloneable(\\..*)?\$".toRegex(),
+            "^java/lang/Object(\\..*)?\$".toRegex(),
+            "^java/lang/Override(\\..*)?\$".toRegex(),
+                // TODO: sandbox exception handling!
+                "^java/lang/StackTraceElement\$".toRegex(),
+                "^java/lang/Throwable\$".toRegex(),
+            "^java/lang/Void\$".toRegex(),
+            "^java/lang/invoke/LambdaMetafactory\$".toRegex(),
+            "^java/lang/invoke/MethodHandles(\\\$.*)?\$".toRegex(),
+            "^java/lang/reflect/Array(\\..*)?\$".toRegex(),
+            "^java/io/Serializable\$".toRegex()
         )
 
         /**
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt b/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt
index 777e69f9fe..3c800d9859 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt
@@ -2,26 +2,48 @@ package net.corda.djvm.code
 
 import net.corda.djvm.analysis.AnalysisConfiguration
 import net.corda.djvm.analysis.ClassAndMemberVisitor
+import net.corda.djvm.code.instructions.MethodEntry
 import net.corda.djvm.references.ClassRepresentation
 import net.corda.djvm.references.Member
+import net.corda.djvm.references.MethodBody
 import net.corda.djvm.utilities.Processor
 import net.corda.djvm.utilities.loggerFor
 import org.objectweb.asm.ClassVisitor
+import org.objectweb.asm.Opcodes.*
 
 /**
  * Helper class for applying a set of definition providers and emitters to a class or set of classes.
  *
  * @param classVisitor Class visitor to use when traversing the structure of classes.
+ * @property configuration The configuration to use for class analysis.
  * @property definitionProviders A set of providers used to update the name or meta-data of classes and members.
- * @property emitters A set of code emitters used to modify and instrument method bodies.
+ * @param emitters A set of code emitters used to modify and instrument method bodies.
  */
 class ClassMutator(
         classVisitor: ClassVisitor,
         private val configuration: AnalysisConfiguration,
         private val definitionProviders: List<DefinitionProvider> = emptyList(),
-        private val emitters: List<Emitter> = emptyList()
+        emitters: List<Emitter> = emptyList()
 ) : ClassAndMemberVisitor(configuration, classVisitor) {
 
+    /**
+     * Internal [Emitter] to add static field initializers to
+     * any class constructor method.
+     */
+    private inner class PrependClassInitializer : Emitter {
+        override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+            if (instruction is MethodEntry
+                    && instruction.method.memberName == "<clinit>" && instruction.method.signature == "()V"
+                    && initializers.isNotEmpty()) {
+                writeByteCode(initializers)
+                initializers.clear()
+            }
+        }
+    }
+
+    private val emitters: List<Emitter> = emitters + PrependClassInitializer()
+    private val initializers = mutableListOf<MethodBody>()
+
     /**
      * Tracks whether any modifications have been applied to any of the processed class(es) and pertinent members.
      */
@@ -44,6 +66,29 @@ class ClassMutator(
         return super.visitClass(resultingClass)
     }
 
+    /**
+     * If we have some static fields to initialise, and haven't already added them
+     * to an existing class initialiser block then we need to create one.
+     */
+    override fun visitClassEnd(classVisitor: ClassVisitor, clazz: ClassRepresentation) {
+        tryWriteClassInitializer(classVisitor)
+        super.visitClassEnd(classVisitor, clazz)
+    }
+
+    private fun tryWriteClassInitializer(classVisitor: ClassVisitor) {
+        if (initializers.isNotEmpty()) {
+            classVisitor.visitMethod(ACC_STATIC, "<clinit>", "()V", null, null)?.also { mv ->
+                mv.visitCode()
+                EmitterModule(mv).writeByteCode(initializers)
+                mv.visitInsn(RETURN)
+                mv.visitMaxs(-1, -1)
+                mv.visitEnd()
+            }
+            initializers.clear()
+            hasBeenModified = true
+        }
+    }
+
     /**
      * Apply definition providers to a method. This can be used to update the name or definition (pertinent meta-data)
      * of a class member.
@@ -71,6 +116,7 @@ class ClassMutator(
         }
         if (field != resultingField) {
             logger.trace("Field has been mutated {}", field)
+            initializers += resultingField.body
             hasBeenModified = true
         }
         return super.visitField(clazz, resultingField)
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt b/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt
index afe9b5165d..2e2d2fc2e4 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt
@@ -1,5 +1,6 @@
 package net.corda.djvm.code
 
+import net.corda.djvm.references.MethodBody
 import org.objectweb.asm.Label
 import org.objectweb.asm.MethodVisitor
 import org.objectweb.asm.Opcodes.*
@@ -44,17 +45,9 @@ class EmitterModule(
     }
 
     /**
-     * Emit instruction for loading an integer constant onto the stack.
+     * Emit instruction for loading a constant onto the stack.
      */
-    fun loadConstant(constant: Int) {
-        hasEmittedCustomCode = true
-        methodVisitor.visitLdcInsn(constant)
-    }
-
-    /**
-     * Emit instruction for loading a string constant onto the stack.
-     */
-    fun loadConstant(constant: String) {
+    fun loadConstant(constant: Any) {
         hasEmittedCustomCode = true
         methodVisitor.visitLdcInsn(constant)
     }
@@ -67,6 +60,14 @@ class EmitterModule(
         methodVisitor.visitMethodInsn(INVOKESTATIC, owner, name, descriptor, isInterface)
     }
 
+    /**
+     * Emit instruction for invoking a virtual method.
+     */
+    fun invokeVirtual(owner: String, name: String, descriptor: String, isInterface: Boolean = false) {
+        hasEmittedCustomCode = true
+        methodVisitor.visitMethodInsn(INVOKEVIRTUAL, owner, name, descriptor, isInterface)
+    }
+
     /**
      * Emit instruction for invoking a special method, e.g. a constructor or a method on a super-type.
      */
@@ -82,6 +83,19 @@ class EmitterModule(
         invokeSpecial(Type.getInternalName(T::class.java), name, descriptor, isInterface)
     }
 
+    fun invokeInterface(owner: String, name: String, descriptor: String) {
+        methodVisitor.visitMethodInsn(INVOKEINTERFACE, owner, name, descriptor, true)
+        hasEmittedCustomCode = true
+    }
+
+    /**
+     * Emit instruction for storing a value into a static field.
+     */
+    fun putStatic(owner: String, name: String, descriptor: String) {
+        methodVisitor.visitFieldInsn(PUTSTATIC, owner, name, descriptor)
+        hasEmittedCustomCode = true
+    }
+
     /**
      * Emit instruction for popping one element off the stack.
      */
@@ -98,11 +112,52 @@ class EmitterModule(
         methodVisitor.visitInsn(DUP)
     }
 
+    /**
+     * Emit instruction for pushing an object reference
+     * from a register onto the stack.
+     */
+    fun pushObject(regNum: Int) {
+        methodVisitor.visitVarInsn(ALOAD, regNum)
+        hasEmittedCustomCode = true
+    }
+
+    /**
+     * Emit instruction for pushing an integer value
+     * from a register onto the stack.
+     */
+    fun pushInteger(regNum: Int) {
+        methodVisitor.visitVarInsn(ILOAD, regNum)
+        hasEmittedCustomCode = true
+    }
+
+    /**
+     * Emit instructions to rearrange the stack as follows:
+     *     [W1]    [W3]
+     *     [W2] -> [W1]
+     *     [w3]    [W2]
+     */
+    fun raiseThirdWordToTop() {
+        methodVisitor.visitInsn(DUP2_X1)
+        methodVisitor.visitInsn(POP2)
+        hasEmittedCustomCode = true
+    }
+
+    /**
+     * Emit instructions to rearrange the stack as follows:
+     *     [W1]    [W2]
+     *     [W2] -> [W3]
+     *     [W3]    [W1]
+     */
+    fun sinkTopToThirdWord() {
+        methodVisitor.visitInsn(DUP_X2)
+        methodVisitor.visitInsn(POP)
+        hasEmittedCustomCode = true
+    }
+
     /**
      * Emit a sequence of instructions for instantiating and throwing an exception based on the provided message.
      */
     fun <T : Throwable> throwException(exceptionType: Class<T>, message: String) {
-        hasEmittedCustomCode = true
         val exceptionName = Type.getInternalName(exceptionType)
         new(exceptionName)
         methodVisitor.visitInsn(DUP)
@@ -121,6 +176,14 @@ class EmitterModule(
         hasEmittedCustomCode = true
     }
 
+    /**
+     * Emit instruction for a function that returns an object reference.
+     */
+    fun returnObject() {
+        methodVisitor.visitInsn(ARETURN)
+        hasEmittedCustomCode = true
+    }
+
     /**
      * Emit instructions for a new line number.
      */
@@ -131,6 +194,15 @@ class EmitterModule(
         hasEmittedCustomCode = true
     }
 
+    /**
+     * Write the bytecode from these [MethodBody] objects as provided.
+     */
+    fun writeByteCode(bodies: Iterable<MethodBody>) {
+        for (body in bodies) {
+            body(this)
+        }
+    }
+
     /**
      * Tell the code writer not to emit the default instruction.
      */
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt b/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt
index e137f196d5..93a9c5bf7d 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt
@@ -12,4 +12,6 @@ val thresholdViolationError: String = Type.getInternalName(ThresholdViolationErr
  * Local extension method for normalizing a class name.
  */
 val String.asPackagePath: String get() = this.replace('/', '.')
-val String.asResourcePath: String get() = this.replace('.', '/')
\ No newline at end of file
+val String.asResourcePath: String get() = this.replace('.', '/')
+
+val String.emptyAsNull: String? get() = if (isEmpty()) null else this
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/ConstantInstruction.kt b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/ConstantInstruction.kt
new file mode 100644
index 0000000000..ebd90d6f02
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/ConstantInstruction.kt
@@ -0,0 +1,6 @@
+package net.corda.djvm.code.instructions
+
+import net.corda.djvm.code.Instruction
+import org.objectweb.asm.Opcodes
+
+class ConstantInstruction(val value: Any) : Instruction(Opcodes.LDC)
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/MethodEntry.kt b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/MethodEntry.kt
new file mode 100644
index 0000000000..cde092c056
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/MethodEntry.kt
@@ -0,0 +1,9 @@
+package net.corda.djvm.code.instructions
+
+import net.corda.djvm.references.Member
+
+/**
+ * Pseudo-instruction marking the beginning of a method.
+ * @property method [Member] describing this method.
+ */
+class MethodEntry(val method: Member): NoOperationInstruction()
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/execution/SandboxExecutor.kt b/djvm/src/main/kotlin/net/corda/djvm/execution/SandboxExecutor.kt
index b69585538f..245e00902d 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/execution/SandboxExecutor.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/execution/SandboxExecutor.kt
@@ -5,6 +5,7 @@ import net.corda.djvm.analysis.AnalysisContext
 import net.corda.djvm.messages.Message
 import net.corda.djvm.references.ClassReference
 import net.corda.djvm.references.MemberReference
+import net.corda.djvm.references.ReferenceWithLocation
 import net.corda.djvm.rewiring.LoadedClass
 import net.corda.djvm.rewiring.SandboxClassLoader
 import net.corda.djvm.rewiring.SandboxClassLoadingException
@@ -67,12 +68,24 @@ open class SandboxExecutor<in TInput, out TOutput>(
         val context = AnalysisContext.fromConfiguration(configuration.analysisConfiguration)
         val result = IsolatedTask(runnableClass.qualifiedClassName, configuration).run {
             validate(context, classLoader, classSources)
-            val loadedClass = classLoader.loadClassAndBytes(runnableClass, context)
-            val instance = loadedClass.type.newInstance()
-            val method = loadedClass.type.getMethod("apply", Any::class.java)
+
+            // Load the "entry-point" task class into the sandbox. This task will marshall
+            // the input and outputs between Java types and sandbox wrapper types.
+            val taskClass = Class.forName("sandbox.Task", false, classLoader)
+
+            // Create the user's task object inside the sandbox.
+            val runnable = classLoader.loadForSandbox(runnableClass, context).type.newInstance()
+
+            // Fetch this sandbox's instance of Class<Function> so we can retrieve Task(Function)
+            // and then instantiate the Task.
+            val functionClass = Class.forName("sandbox.java.util.function.Function", false, classLoader)
+            val task = taskClass.getDeclaredConstructor(functionClass).newInstance(runnable)
+
+            // Execute the task...
+            val method = taskClass.getMethod("apply", Any::class.java)
             try {
                 @Suppress("UNCHECKED_CAST")
-                method.invoke(instance, input) as? TOutput
+                method.invoke(task, input) as? TOutput
             } catch (ex: InvocationTargetException) {
                 throw ex.targetException
             }
@@ -101,7 +114,7 @@ open class SandboxExecutor<in TInput, out TOutput>(
     fun load(classSource: ClassSource): LoadedClass {
         val context = AnalysisContext.fromConfiguration(configuration.analysisConfiguration)
         val result = IsolatedTask("LoadClass", configuration).run {
-            classLoader.loadClassAndBytes(classSource, context)
+            classLoader.loadForSandbox(classSource, context)
         }
         return result.output ?: throw ClassNotFoundException(classSource.qualifiedClassName)
     }
@@ -146,7 +159,7 @@ open class SandboxExecutor<in TInput, out TOutput>(
     ): ReferenceValidationSummary {
         processClassQueue(*classSources.toTypedArray()) { classSource, className ->
             val didLoad = try {
-                classLoader.loadClassAndBytes(classSource, context)
+                classLoader.loadForSandbox(classSource, context)
                 true
             } catch (exception: SandboxClassLoadingException) {
                 // Continue; all warnings and errors are captured in [context.messages]
@@ -155,7 +168,7 @@ open class SandboxExecutor<in TInput, out TOutput>(
             if (didLoad) {
                 context.classes[className]?.apply {
                     context.references.referencesFromLocation(className)
-                            .map { it.reference }
+                            .map(ReferenceWithLocation::reference)
                             .filterIsInstance<ClassReference>()
                             .filter { it.className != className }
                             .distinct()
@@ -201,6 +214,7 @@ open class SandboxExecutor<in TInput, out TOutput>(
         }
     }
 
-    private val logger = loggerFor<SandboxExecutor<TInput, TOutput>>()
-
+    private companion object {
+        private val logger = loggerFor<SandboxExecutor<*, *>>()
+    }
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt
index 473718512a..081bff4fa5 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt
@@ -1,23 +1,26 @@
 package net.corda.djvm.rewiring
 
 import net.corda.djvm.SandboxConfiguration
+import net.corda.djvm.analysis.AnalysisConfiguration
 import net.corda.djvm.analysis.AnalysisContext
+import net.corda.djvm.analysis.ClassAndMemberVisitor.Companion.API_VERSION
 import net.corda.djvm.code.ClassMutator
+import net.corda.djvm.code.EmitterModule
+import net.corda.djvm.code.emptyAsNull
+import net.corda.djvm.references.Member
 import net.corda.djvm.utilities.loggerFor
 import org.objectweb.asm.ClassReader
-import org.objectweb.asm.commons.ClassRemapper
+import org.objectweb.asm.ClassVisitor
 
 /**
- * Functionality for rewrite parts of a class as it is being loaded.
+ * Functionality for rewriting parts of a class as it is being loaded.
  *
  * @property configuration The configuration of the sandbox.
  * @property classLoader The class loader used to load the classes that are to be rewritten.
- * @property remapper A sandbox-aware remapper for inspecting and correcting type names and descriptors.
  */
 open class ClassRewriter(
         private val configuration: SandboxConfiguration,
-        private val classLoader: ClassLoader,
-        private val remapper: SandboxRemapper = SandboxRemapper(configuration.analysisConfiguration.classResolver)
+        private val classLoader: ClassLoader
 ) {
 
     /**
@@ -29,20 +32,53 @@ open class ClassRewriter(
     fun rewrite(reader: ClassReader, context: AnalysisContext): ByteCode {
         logger.debug("Rewriting class {}...", reader.className)
         val writer = SandboxClassWriter(reader, classLoader)
-        val classRemapper = ClassRemapper(writer, remapper)
+        val analysisConfiguration = configuration.analysisConfiguration
+        val classRemapper = SandboxClassRemapper(InterfaceStitcher(writer, analysisConfiguration), analysisConfiguration)
         val visitor = ClassMutator(
                 classRemapper,
-                configuration.analysisConfiguration,
+                analysisConfiguration,
                 configuration.definitionProviders,
                 configuration.emitters
         )
         visitor.analyze(reader, context, options = ClassReader.EXPAND_FRAMES)
-        val hasBeenModified = visitor.hasBeenModified
-        return ByteCode(writer.toByteArray(), hasBeenModified)
+        return ByteCode(writer.toByteArray(), visitor.hasBeenModified)
     }
 
     private companion object {
         private val logger = loggerFor<ClassRewriter>()
     }
 
+    /**
+     * Extra visitor that is applied after [SandboxRemapper]. This "stitches" the original
+     * unmapped interface as a super-interface of the mapped version.
+     */
+    private class InterfaceStitcher(parent: ClassVisitor, private val configuration: AnalysisConfiguration)
+        : ClassVisitor(API_VERSION, parent)
+    {
+        private val extraMethods = mutableListOf<Member>()
+
+        override fun visit(version: Int, access: Int, className: String, signature: String?, superName: String?, interfaces: Array<String>?) {
+            val stitchedInterfaces = configuration.stitchedInterfaces[className]?.let { methods ->
+                extraMethods += methods
+                arrayOf(*(interfaces ?: emptyArray()), configuration.classResolver.reverse(className))
+            } ?: interfaces
+
+            super.visit(version, access, className, signature, superName, stitchedInterfaces)
+        }
+
+        override fun visitEnd() {
+            for (method in extraMethods) {
+                method.apply {
+                    visitMethod(access, memberName, signature, genericsDetails.emptyAsNull, exceptions.toTypedArray())?.also { mv ->
+                        mv.visitCode()
+                        EmitterModule(mv).writeByteCode(body)
+                        mv.visitMaxs(-1, -1)
+                        mv.visitEnd()
+                    }
+                }
+            }
+            extraMethods.clear()
+            super.visitEnd()
+        }
+    }
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt
index 5740534526..7f2abccb6a 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt
@@ -18,7 +18,7 @@ import net.corda.djvm.validation.RuleValidator
 class SandboxClassLoader(
         configuration: SandboxConfiguration,
         private val context: AnalysisContext
-) : ClassLoader(null) {
+) : ClassLoader() {
 
     private val analysisConfiguration = configuration.analysisConfiguration
 
@@ -36,11 +36,6 @@ class SandboxClassLoader(
     val analyzer: ClassAndMemberVisitor
         get() = ruleValidator
 
-    /**
-     * Set of classes that should be left untouched due to pinning.
-     */
-    private val pinnedClasses = analysisConfiguration.pinnedClasses
-
     /**
      * Set of classes that should be left untouched due to whitelisting.
      */
@@ -61,6 +56,17 @@ class SandboxClassLoader(
      */
     private val rewriter: ClassRewriter = ClassRewriter(configuration, supportingClassLoader)
 
+    /**
+     * Given a class name, provide its corresponding [LoadedClass] for the sandbox.
+     */
+    fun loadForSandbox(name: String, context: AnalysisContext): LoadedClass {
+        return loadClassAndBytes(ClassSource.fromClassName(analysisConfiguration.classResolver.resolveNormalized(name)), context)
+    }
+
+    fun loadForSandbox(source: ClassSource, context: AnalysisContext): LoadedClass {
+        return loadForSandbox(source.qualifiedClassName, context)
+    }
+
     /**
      * Load the class with the specified binary name.
      *
@@ -69,69 +75,68 @@ class SandboxClassLoader(
      *
      * @return The resulting <tt>Class</tt> object.
      */
+    @Throws(ClassNotFoundException::class)
     override fun loadClass(name: String, resolve: Boolean): Class<*> {
-        return loadClassAndBytes(ClassSource.fromClassName(name), context).type
+        val source = ClassSource.fromClassName(name)
+        return if (name.startsWith("sandbox.") && !analysisConfiguration.isPinnedClass(source.internalClassName)) {
+            loadClassAndBytes(source, context).type
+        } else {
+            super.loadClass(name, resolve)
+        }
     }
 
     /**
      * Load the class with the specified binary name.
      *
-     * @param source The class source, including the binary name of the class.
+     * @param request The class request, including the binary name of the class.
      * @param context The context in which the analysis is conducted.
      *
      * @return The resulting <tt>Class</tt> object and its byte code representation.
      */
-    fun loadClassAndBytes(source: ClassSource, context: AnalysisContext): LoadedClass {
-        logger.debug("Loading class {}, origin={}...", source.qualifiedClassName, source.origin)
-        val name = analysisConfiguration.classResolver.reverseNormalized(source.qualifiedClassName)
-        val resolvedName = analysisConfiguration.classResolver.resolveNormalized(name)
+    private fun loadClassAndBytes(request: ClassSource, context: AnalysisContext): LoadedClass {
+        logger.debug("Loading class {}, origin={}...", request.qualifiedClassName, request.origin)
+        val requestedPath = request.internalClassName
+        val sourceName = analysisConfiguration.classResolver.reverseNormalized(request.qualifiedClassName)
+        val resolvedName = analysisConfiguration.classResolver.resolveNormalized(sourceName)
 
         // Check if the class has already been loaded.
-        val loadedClass = loadedClasses[name]
+        val loadedClass = loadedClasses[requestedPath]
         if (loadedClass != null) {
-            logger.trace("Class {} already loaded", source.qualifiedClassName)
+            logger.trace("Class {} already loaded", request.qualifiedClassName)
             return loadedClass
+        } else if (analysisConfiguration.isPinnedClass(requestedPath)) {
+            logger.debug("Class {} is loaded unmodified", request.qualifiedClassName)
+            return loadUnmodifiedClass(requestedPath)
         }
 
-        // Load the byte code for the specified class.
-        val reader = supportingClassLoader.classReader(name, context, source.origin)
+        val byteCode = if (analysisConfiguration.isTemplateClass(requestedPath)) {
+            loadUnmodifiedByteCode(requestedPath)
+        } else {
+            // Load the byte code for the specified class.
+            val reader = supportingClassLoader.classReader(sourceName, context, request.origin)
 
-        // Analyse the class if not matching the whitelist.
-        val readClassName = reader.className
-        if (!analysisConfiguration.whitelist.matches(readClassName)) {
-            logger.trace("Class {} does not match with the whitelist", source.qualifiedClassName)
-            logger.trace("Analyzing class {}...", source.qualifiedClassName)
-            analyzer.analyze(reader, context)
-        }
-
-        // Check if the class should be left untouched.
-        val qualifiedName = name.asResourcePath
-        if (qualifiedName in pinnedClasses) {
-            logger.trace("Class {} is marked as pinned", source.qualifiedClassName)
-            val pinnedClasses = LoadedClass(
-                    supportingClassLoader.loadClass(name),
-                    ByteCode(ByteArray(0), false)
-            )
-            loadedClasses[name] = pinnedClasses
-            if (source.origin != null) {
-                context.recordClassOrigin(name, ClassReference(source.origin))
+            // Analyse the class if not matching the whitelist.
+            val readClassName = reader.className
+            if (!analysisConfiguration.whitelist.matches(readClassName)) {
+                logger.trace("Class {} does not match with the whitelist", request.qualifiedClassName)
+                logger.trace("Analyzing class {}...", request.qualifiedClassName)
+                analyzer.analyze(reader, context)
             }
-            return pinnedClasses
-        }
 
-        // Check if any errors were found during analysis.
-        if (context.messages.errorCount > 0) {
-            logger.trace("Errors detected after analyzing class {}", source.qualifiedClassName)
-            throw SandboxClassLoadingException(context)
-        }
+            // Check if any errors were found during analysis.
+            if (context.messages.errorCount > 0) {
+                logger.debug("Errors detected after analyzing class {}", request.qualifiedClassName)
+                throw SandboxClassLoadingException(context)
+            }
 
-        // Transform the class definition and byte code in accordance with provided rules.
-        val byteCode = rewriter.rewrite(reader, context)
+            // Transform the class definition and byte code in accordance with provided rules.
+            rewriter.rewrite(reader, context)
+        }
 
         // Try to define the transformed class.
         val clazz = try {
             when {
-                whitelistedClasses.matches(qualifiedName) -> supportingClassLoader.loadClass(name)
+                whitelistedClasses.matches(sourceName.asResourcePath) -> supportingClassLoader.loadClass(sourceName)
                 else -> defineClass(resolvedName, byteCode.bytes, 0, byteCode.bytes.size)
             }
         } catch (exception: SecurityException) {
@@ -140,19 +145,31 @@ class SandboxClassLoader(
 
         // Cache transformed class.
         val classWithByteCode = LoadedClass(clazz, byteCode)
-        loadedClasses[name] = classWithByteCode
-        if (source.origin != null) {
-            context.recordClassOrigin(name, ClassReference(source.origin))
+        loadedClasses[requestedPath] = classWithByteCode
+        if (request.origin != null) {
+            context.recordClassOrigin(sourceName, ClassReference(request.origin))
         }
 
         logger.debug("Loaded class {}, bytes={}, isModified={}",
-                source.qualifiedClassName, byteCode.bytes.size, byteCode.isModified)
+                request.qualifiedClassName, byteCode.bytes.size, byteCode.isModified)
 
         return classWithByteCode
     }
 
+    private fun loadUnmodifiedByteCode(internalClassName: String): ByteCode {
+        return ByteCode((getSystemClassLoader().getResourceAsStream("$internalClassName.class")
+                ?: throw ClassNotFoundException(internalClassName)).readBytes(), false)
+    }
+
+    private fun loadUnmodifiedClass(className: String): LoadedClass {
+        return LoadedClass(supportingClassLoader.loadClass(className), UNMODIFIED).apply {
+            loadedClasses[className] = this
+        }
+    }
+
     private companion object {
         private val logger = loggerFor<SandboxClassLoader>()
+        private val UNMODIFIED = ByteCode(ByteArray(0), false)
     }
 
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt
new file mode 100644
index 0000000000..7412999727
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt
@@ -0,0 +1,52 @@
+package net.corda.djvm.rewiring
+
+import net.corda.djvm.analysis.AnalysisConfiguration
+import net.corda.djvm.analysis.ClassAndMemberVisitor.Companion.API_VERSION
+import org.objectweb.asm.ClassVisitor
+import org.objectweb.asm.Label
+import org.objectweb.asm.MethodVisitor
+import org.objectweb.asm.commons.ClassRemapper
+
+class SandboxClassRemapper(cv: ClassVisitor, private val configuration: AnalysisConfiguration)
+    : ClassRemapper(cv, SandboxRemapper(configuration.classResolver, configuration.whitelist)
+) {
+    override fun createMethodRemapper(mv: MethodVisitor): MethodVisitor {
+        return MethodRemapperWithPinning(mv, super.createMethodRemapper(mv))
+    }
+
+    /**
+     * Do not attempt to remap references to methods and fields on pinned classes.
+     * For example, the methods on [RuntimeCostAccounter] really DO use [java.lang.String]
+     * rather than [sandbox.java.lang.String].
+     */
+    private inner class MethodRemapperWithPinning(private val nonmapper: MethodVisitor, remapper: MethodVisitor)
+        : MethodVisitor(API_VERSION, remapper) {
+
+        private fun mapperFor(element: Element): MethodVisitor {
+            return if (configuration.isPinnedClass(element.owner) || configuration.isTemplateClass(element.owner) || isUnmapped(element)) {
+                nonmapper
+            } else {
+                mv
+            }
+        }
+
+        override fun visitMethodInsn(opcode: Int, owner: String, name: String, descriptor: String, isInterface: Boolean) {
+            val method = Element(owner, name, descriptor)
+            return mapperFor(method).visitMethodInsn(opcode, owner, name, descriptor, isInterface)
+        }
+
+        override fun visitTryCatchBlock(start: Label, end: Label, handler: Label, type: String?) {
+            // Don't map caught exception names - these could be thrown by the JVM itself.
+            nonmapper.visitTryCatchBlock(start, end, handler, type)
+        }
+
+        override fun visitFieldInsn(opcode: Int, owner: String, name: String, descriptor: String) {
+            val field = Element(owner, name, descriptor)
+            return mapperFor(field).visitFieldInsn(opcode, owner, name, descriptor)
+        }
+    }
+
+    private fun isUnmapped(element: Element): Boolean = configuration.whitelist.matches(element.owner)
+
+    private data class Element(val owner: String, val name: String, val descriptor: String)
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassWriter.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassWriter.kt
index e1a051d45c..fc0ad559f6 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassWriter.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassWriter.kt
@@ -8,13 +8,13 @@ import org.objectweb.asm.ClassWriter.COMPUTE_MAXS
 import org.objectweb.asm.Type
 
 /**
- * Class writer for sandbox execution, with configurable a [classLoader] to ensure correct deduction of the used class
+ * Class writer for sandbox execution, with a configurable classloader to ensure correct deduction of the used class
  * hierarchy.
  *
  * @param classReader The [ClassReader] used to read the original class. It will be used to copy the entire constant
  * pool and bootstrap methods from the original class and also to copy other fragments of original byte code where
  * applicable.
- * @property classLoader The class loader used to load the classes that are to be rewritten.
+ * @property cloader The class loader used to load the classes that are to be rewritten.
  * @param flags Option flags that can be used to modify the default behaviour of this class. Must be zero or a
  * combination of [COMPUTE_MAXS] and [COMPUTE_FRAMES]. These option flags do not affect methods that are copied as is
  * in the new class. This means that neither the maximum stack size nor the stack frames will be computed for these
@@ -61,7 +61,7 @@ open class SandboxClassWriter(
         }
     }
 
-    companion object {
+    private companion object {
 
         private const val OBJECT_NAME = "java/lang/Object"
 
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxRemapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxRemapper.kt
index 566b377fe6..e828fa4480 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxRemapper.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxRemapper.kt
@@ -1,15 +1,19 @@
 package net.corda.djvm.rewiring
 
 import net.corda.djvm.analysis.ClassResolver
+import net.corda.djvm.analysis.Whitelist
+import org.objectweb.asm.*
 import org.objectweb.asm.commons.Remapper
 
 /**
  * Class name and descriptor re-mapper for use in a sandbox.
  *
  * @property classResolver Functionality for resolving the class name of a sandboxed or sandboxable class.
+ * @property whitelist Identifies the Java APIs which are not mapped into the sandbox namespace.
  */
 open class SandboxRemapper(
-        private val classResolver: ClassResolver
+        private val classResolver: ClassResolver,
+        private val whitelist: Whitelist
 ) : Remapper() {
 
     /**
@@ -26,6 +30,32 @@ open class SandboxRemapper(
         return rewriteTypeName(super.map(typename))
     }
 
+    /**
+     * Mapper for [Type] and [Handle] objects.
+     */
+    override fun mapValue(obj: Any?): Any? {
+        return if (obj is Handle && whitelist.matches(obj.owner)) {
+            obj
+        } else {
+            super.mapValue(obj)
+        }
+    }
+
+    /**
+     * All [Object.toString] methods must be transformed to [sandbox.java.lang.Object.toDJVMString],
+     * to allow the return type to change to [sandbox.java.lang.String].
+     *
+     * The [sandbox.java.lang.Object] class is pinned and not mapped.
+     */
+    override fun mapMethodName(owner: String, name: String, descriptor: String): String {
+        val newName = if (name == "toString" && descriptor == "()Ljava/lang/String;") {
+            "toDJVMString"
+        } else {
+            name
+        }
+        return super.mapMethodName(owner, newName, descriptor)
+    }
+
     /**
      * Function for rewriting a descriptor.
      */
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ArgumentUnwrapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ArgumentUnwrapper.kt
new file mode 100644
index 0000000000..952efc4251
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ArgumentUnwrapper.kt
@@ -0,0 +1,35 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.code.Emitter
+import net.corda.djvm.code.EmitterContext
+import net.corda.djvm.code.Instruction
+import net.corda.djvm.code.instructions.MemberAccessInstruction
+
+/**
+ * Some whitelisted functions have [java.lang.String] arguments, so we
+ * need to unwrap the [sandbox.java.lang.String] object before invoking.
+ *
+ * There are lots of rabbits in this hole because method arguments are
+ * theoretically arbitrary. However, in practice WE control the whitelist.
+ */
+class ArgumentUnwrapper : Emitter {
+    override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+        if (instruction is MemberAccessInstruction && context.whitelist.matches(instruction.owner)) {
+            fun unwrapString() = invokeStatic("sandbox/java/lang/String", "fromDJVM", "(Lsandbox/java/lang/String;)Ljava/lang/String;")
+
+            if (hasStringArgument(instruction)) {
+                unwrapString()
+            } else if (instruction.owner == "java/lang/Class" && instruction.signature.startsWith("(Ljava/lang/String;ZLjava/lang/ClassLoader;)")) {
+                /**
+                 * [kotlin.jvm.internal.Intrinsics.checkHasClass] invokes [Class.forName], so I'm
+                 * adding support for both of this function's variants. For now.
+                 */
+                raiseThirdWordToTop()
+                unwrapString()
+                sinkTopToThirdWord()
+            }
+        }
+    }
+
+    private fun hasStringArgument(method: MemberAccessInstruction) = method.signature.contains("Ljava/lang/String;)")
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowNonDeterministicMethods.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowNonDeterministicMethods.kt
index 04ef9e3d5c..2e3b43f935 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowNonDeterministicMethods.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowNonDeterministicMethods.kt
@@ -17,7 +17,7 @@ class DisallowNonDeterministicMethods : Emitter {
     override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
         if (instruction is MemberAccessInstruction && isForbidden(instruction)) {
             when (instruction.operation) {
-                INVOKEVIRTUAL -> {
+                INVOKEVIRTUAL, INVOKESPECIAL -> {
                     throwException<RuleViolationError>("Disallowed reference to API; ${memberFormatter.format(instruction.member)}")
                     preventDefault()
                 }
@@ -31,12 +31,20 @@ class DisallowNonDeterministicMethods : Emitter {
                             || instruction.signature.contains("Ljava/lang/reflect/"))
                     )
 
+    private fun isClassLoading(instruction: MemberAccessInstruction): Boolean =
+            (instruction.owner == "java/lang/ClassLoader") && instruction.memberName in CLASSLOADING_METHODS
+
     private fun isObjectMonitor(instruction: MemberAccessInstruction): Boolean =
-            (instruction.signature == "()V" && (instruction.memberName == "notify" || instruction.memberName == "notifyAll" || instruction.memberName == "wait"))
+            (instruction.signature == "()V" && instruction.memberName in MONITOR_METHODS)
                     || (instruction.memberName == "wait" && (instruction.signature == "(J)V" || instruction.signature == "(JI)V"))
 
     private fun isForbidden(instruction: MemberAccessInstruction): Boolean
-            = instruction.isMethod && (isClassReflection(instruction) || isObjectMonitor(instruction))
+            = instruction.isMethod && (isClassReflection(instruction) || isObjectMonitor(instruction) || isClassLoading(instruction))
 
     private val memberFormatter = MemberFormatter()
+
+    private companion object {
+        private val MONITOR_METHODS = setOf("notify", "notifyAll", "wait")
+        private val CLASSLOADING_METHODS = setOf("defineClass", "loadClass", "findClass")
+    }
 }
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ReturnTypeWrapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ReturnTypeWrapper.kt
new file mode 100644
index 0000000000..7f103f346b
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ReturnTypeWrapper.kt
@@ -0,0 +1,27 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.code.Emitter
+import net.corda.djvm.code.EmitterContext
+import net.corda.djvm.code.Instruction
+import net.corda.djvm.code.instructions.MemberAccessInstruction
+
+/**
+ * Whitelisted classes may still return [java.lang.String] from some
+ * functions, e.g. [java.lang.Object.toString]. So always explicitly
+ * invoke [sandbox.java.lang.String.toDJVM] after these.
+ */
+class ReturnTypeWrapper : Emitter {
+    override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+        if (instruction is MemberAccessInstruction && context.whitelist.matches(instruction.owner)) {
+            fun invokeMethod() = invokeVirtual(instruction.owner, instruction.memberName, instruction.signature)
+
+            if (hasStringReturnType(instruction)) {
+                preventDefault()
+                invokeMethod()
+                invokeStatic("sandbox/java/lang/String", "toDJVM", "(Ljava/lang/String;)Lsandbox/java/lang/String;")
+            }
+        }
+    }
+
+    private fun hasStringReturnType(method: MemberAccessInstruction) = method.signature.endsWith(")Ljava/lang/String;")
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/RewriteClassMethods.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/RewriteClassMethods.kt
new file mode 100644
index 0000000000..555ada7ed1
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/RewriteClassMethods.kt
@@ -0,0 +1,56 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.code.Emitter
+import net.corda.djvm.code.EmitterContext
+import net.corda.djvm.code.Instruction
+import net.corda.djvm.code.instructions.MemberAccessInstruction
+import org.objectweb.asm.Opcodes.*
+
+/**
+ * The enum-related methods on [Class] all require that enums use [java.lang.Enum]
+ * as their super class. So replace their all invocations with ones to equivalent
+ * methods on the DJVM class that require [sandbox.java.lang.Enum] instead.
+ */
+class RewriteClassMethods : Emitter {
+    override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+        if (instruction is MemberAccessInstruction && instruction.owner == "java/lang/Class") {
+            when (instruction.operation) {
+                INVOKEVIRTUAL -> if (instruction.memberName == "enumConstantDirectory" && instruction.signature == "()Ljava/util/Map;") {
+                    invokeStatic(
+                        owner = "sandbox/java/lang/DJVM",
+                        name = "enumConstantDirectory",
+                        descriptor = "(Ljava/lang/Class;)Lsandbox/java/util/Map;"
+                    )
+                    preventDefault()
+                } else if (instruction.memberName == "isEnum" && instruction.signature == "()Z") {
+                    invokeStatic(
+                        owner = "sandbox/java/lang/DJVM",
+                        name = "isEnum",
+                        descriptor = "(Ljava/lang/Class;)Z"
+                    )
+                    preventDefault()
+                } else if (instruction.memberName == "getEnumConstants" && instruction.signature == "()[Ljava/lang/Object;") {
+                    invokeStatic(
+                        owner = "sandbox/java/lang/DJVM",
+                        name = "getEnumConstants",
+                        descriptor = "(Ljava/lang/Class;)[Ljava/lang/Object;")
+                    preventDefault()
+                }
+
+                INVOKESTATIC -> if (isClassForName(instruction)) {
+                    invokeStatic(
+                        owner = "sandbox/java/lang/DJVM",
+                        name = "classForName",
+                        descriptor = instruction.signature
+                    )
+                    preventDefault()
+                }
+            }
+        }
+    }
+
+    private fun isClassForName(instruction: MemberAccessInstruction): Boolean
+        = instruction.memberName == "forName" &&
+            (instruction.signature == "(Ljava/lang/String;)Ljava/lang/Class;" ||
+                    instruction.signature == "(Ljava/lang/String;ZLjava/lang/ClassLoader;)Ljava/lang/Class;")
+}
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StaticConstantRemover.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StaticConstantRemover.kt
new file mode 100644
index 0000000000..ea6826903e
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StaticConstantRemover.kt
@@ -0,0 +1,30 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.analysis.AnalysisRuntimeContext
+import net.corda.djvm.code.EmitterModule
+import net.corda.djvm.code.MemberDefinitionProvider
+import net.corda.djvm.references.Member
+
+/**
+ * Removes static constant objects that are initialised directly in the byte-code.
+ * Currently, the only use-case is for re-initialising [String] fields.
+ */
+class StaticConstantRemover : MemberDefinitionProvider {
+
+    override fun define(context: AnalysisRuntimeContext, member: Member): Member = when {
+        isConstantField(member) -> member.copy(body = listOf(StringFieldInitializer(member)::writeInitializer), value = null)
+        else -> member
+    }
+
+    private fun isConstantField(member: Member): Boolean = member.value != null && member.signature == "Ljava/lang/String;"
+
+    class StringFieldInitializer(private val member: Member) {
+        fun writeInitializer(emitter: EmitterModule): Unit = with(emitter) {
+            member.value?.apply {
+                loadConstant(this)
+                invokeStatic("sandbox/java/lang/String", "toDJVM", "(Ljava/lang/String;)Lsandbox/java/lang/String;", false)
+                putStatic(member.className, member.memberName, "Lsandbox/java/lang/String;")
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StringConstantWrapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StringConstantWrapper.kt
new file mode 100644
index 0000000000..6223cfd0b4
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StringConstantWrapper.kt
@@ -0,0 +1,22 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.code.Emitter
+import net.corda.djvm.code.EmitterContext
+import net.corda.djvm.code.Instruction
+import net.corda.djvm.code.instructions.ConstantInstruction
+
+/**
+ * Ensure that [String] constants loaded from the Constants
+ * Pool are wrapped into [sandbox.java.lang.String].
+ */
+class StringConstantWrapper : Emitter {
+    override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+        if (instruction is ConstantInstruction) {
+            when (instruction.value) {
+                is String -> {
+                    invokeStatic("sandbox/java/lang/String", "toDJVM", "(Ljava/lang/String;)Lsandbox/java/lang/String;", false)
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutNativeMethods.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutNativeMethods.kt
index 74a58f6c7f..d1b6918fef 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutNativeMethods.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutNativeMethods.kt
@@ -23,7 +23,7 @@ class StubOutNativeMethods : MemberDefinitionProvider {
 
     private fun writeExceptionMethodBody(emitter: EmitterModule): Unit = with(emitter) {
         lineNumber(0)
-        throwException(RuleViolationError::class.java, "Native method has been deleted")
+        throwException<RuleViolationError>("Native method has been deleted")
     }
 
     private fun writeStubMethodBody(emitter: EmitterModule): Unit = with(emitter) {
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutReflectionMethods.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutReflectionMethods.kt
index 4e486bf289..9c60f420bd 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutReflectionMethods.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/StubOutReflectionMethods.kt
@@ -19,7 +19,7 @@ class StubOutReflectionMethods : MemberDefinitionProvider {
 
     private fun writeMethodBody(emitter: EmitterModule): Unit = with(emitter) {
         lineNumber(0)
-        throwException(RuleViolationError::class.java, "Disallowed reference to reflection API")
+        throwException<RuleViolationError>("Disallowed reference to reflection API")
     }
 
     // The method must be public and with a Java implementation.
diff --git a/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt b/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt
index cebe0b0b82..99ef5319fb 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt
@@ -1,17 +1,20 @@
 package net.corda.djvm.source
 
+import net.corda.djvm.code.asResourcePath
 import java.nio.file.Path
 
 /**
  * The source of one or more compiled Java classes.
  *
  * @property qualifiedClassName The fully qualified class name.
+ * @property internalClassName The fully qualified internal class name, i.e. with '/' instead of '.'.
  * @property origin The origin of the class source, if any.
  */
 class ClassSource private constructor(
         val qualifiedClassName: String = "",
         val origin: String? = null
 ) {
+    val internalClassName: String = qualifiedClassName.asResourcePath
 
     companion object {
 
diff --git a/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt b/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt
index 9092e5c044..33886e76ae 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt
@@ -7,7 +7,7 @@ import java.lang.reflect.Modifier
  * Find and instantiate types that implement a certain interface.
  */
 object Discovery {
-    const val FORBIDDEN_CLASS_MASK = (Modifier.STATIC or Modifier.ABSTRACT)
+    const val FORBIDDEN_CLASS_MASK = (Modifier.STATIC or Modifier.ABSTRACT or Modifier.PRIVATE or Modifier.PROTECTED)
 
     /**
      * Get an instance of each concrete class that implements interface or class [T].
diff --git a/djvm/src/main/kotlin/net/corda/djvm/validation/RuleValidator.kt b/djvm/src/main/kotlin/net/corda/djvm/validation/RuleValidator.kt
index 1f4ead8cd1..b409e83df5 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/validation/RuleValidator.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/validation/RuleValidator.kt
@@ -17,6 +17,7 @@ import org.objectweb.asm.ClassVisitor
  * Helper class for validating a set of rules for a class or set of classes.
  *
  * @property rules A set of rules to validate for provided classes.
+ * @param configuration The configuration to use for class analysis.
  * @param classVisitor Class visitor to use when traversing the structure of classes.
  */
 class RuleValidator(
diff --git a/djvm/src/main/kotlin/sandbox/Task.kt b/djvm/src/main/kotlin/sandbox/Task.kt
new file mode 100644
index 0000000000..8a2bbab78a
--- /dev/null
+++ b/djvm/src/main/kotlin/sandbox/Task.kt
@@ -0,0 +1,24 @@
+@file:JvmName("TaskTypes")
+package sandbox
+
+import sandbox.java.lang.sandbox
+import sandbox.java.lang.unsandbox
+
+typealias SandboxFunction<TInput, TOutput> = sandbox.java.util.function.Function<TInput, TOutput>
+
+@Suppress("unused")
+class Task(private val function: SandboxFunction<in Any?, out Any?>?) : SandboxFunction<Any?, Any?> {
+
+    /**
+     * This function runs inside the sandbox. It marshalls the input
+     * object to its sandboxed equivalent, executes the user's code
+     * and then marshalls the result out again.
+     *
+     * The marshalling should be effective for Java primitives,
+     * Strings and Enums, as well as for arrays of these types.
+     */
+    override fun apply(input: Any?): Any? {
+        return function?.apply(input?.sandbox())?.unsandbox()
+    }
+
+}
diff --git a/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt b/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt
new file mode 100644
index 0000000000..b6a3acdc77
--- /dev/null
+++ b/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt
@@ -0,0 +1,158 @@
+@file:JvmName("DJVM")
+@file:Suppress("unused")
+package sandbox.java.lang
+
+import org.objectweb.asm.Opcodes.ACC_ENUM
+
+private const val SANDBOX_PREFIX = "sandbox."
+
+fun Any.unsandbox(): Any {
+    return when (this) {
+        is Enum<*> -> fromDJVMEnum()
+        is Object -> fromDJVM()
+        is Array<*> -> fromDJVMArray()
+        else -> this
+    }
+}
+
+fun Any.sandbox(): Any {
+    return when (this) {
+        is kotlin.String -> String.toDJVM(this)
+        is kotlin.Char -> Character.toDJVM(this)
+        is kotlin.Long -> Long.toDJVM(this)
+        is kotlin.Int -> Integer.toDJVM(this)
+        is kotlin.Short -> Short.toDJVM(this)
+        is kotlin.Byte -> Byte.toDJVM(this)
+        is kotlin.Float -> Float.toDJVM(this)
+        is kotlin.Double -> Double.toDJVM(this)
+        is kotlin.Boolean -> Boolean.toDJVM(this)
+        is kotlin.Enum<*> -> toDJVMEnum()
+        is Array<*> -> toDJVMArray<Object>()
+        else -> this
+    }
+}
+
+private fun Array<*>.fromDJVMArray(): Array<*> = Object.fromDJVM(this)
+
+/**
+ * These functions use the "current" classloader, i.e. classloader
+ * that owns this DJVM class.
+ */
+private fun Class<*>.toDJVMType(): Class<*> = Class.forName(name.toSandboxPackage())
+private fun Class<*>.fromDJVMType(): Class<*> = Class.forName(name.fromSandboxPackage())
+
+private fun kotlin.String.toSandboxPackage(): kotlin.String {
+    return if (startsWith(SANDBOX_PREFIX)) {
+        this
+    } else {
+        SANDBOX_PREFIX + this
+    }
+}
+
+private fun kotlin.String.fromSandboxPackage(): kotlin.String {
+    return if (startsWith(SANDBOX_PREFIX)) {
+        drop(SANDBOX_PREFIX.length)
+    } else {
+        this
+    }
+}
+
+private inline fun <reified T : Object> Array<*>.toDJVMArray(): Array<out T?> {
+    @Suppress("unchecked_cast")
+    return (java.lang.reflect.Array.newInstance(javaClass.componentType.toDJVMType(), size) as Array<T?>).also {
+        for ((i, item) in withIndex()) {
+            it[i] = item?.sandbox() as T
+        }
+    }
+}
+
+private fun Enum<*>.fromDJVMEnum(): kotlin.Enum<*> {
+    return javaClass.fromDJVMType().enumConstants[ordinal()] as kotlin.Enum<*>
+}
+
+private fun kotlin.Enum<*>.toDJVMEnum(): Enum<*> {
+    @Suppress("unchecked_cast")
+    return (getEnumConstants(javaClass.toDJVMType() as Class<Enum<*>>) as Array<Enum<*>>)[ordinal]
+}
+
+/**
+ * Replacement functions for the members of Class<*> that support Enums.
+ */
+fun isEnum(clazz: Class<*>): kotlin.Boolean
+        = (clazz.modifiers and ACC_ENUM != 0) && (clazz.superclass == sandbox.java.lang.Enum::class.java)
+
+fun getEnumConstants(clazz: Class<out Enum<*>>): Array<*>? {
+    return getEnumConstantsShared(clazz)?.clone()
+}
+
+internal fun enumConstantDirectory(clazz: Class<out Enum<*>>): sandbox.java.util.Map<String, out Enum<*>>? {
+    // DO NOT replace get with Kotlin's [] because Kotlin would use java.util.Map.
+    return allEnumDirectories.get(clazz) ?: createEnumDirectory(clazz)
+}
+
+@Suppress("unchecked_cast")
+internal fun getEnumConstantsShared(clazz: Class<out Enum<*>>): Array<out Enum<*>>? {
+    return if (isEnum(clazz)) {
+        // DO NOT replace get with Kotlin's [] because Kotlin would use java.util.Map.
+        allEnums.get(clazz) ?: createEnum(clazz)
+    } else {
+        null
+    }
+}
+
+@Suppress("unchecked_cast")
+private fun createEnum(clazz: Class<out Enum<*>>): Array<out Enum<*>>? {
+    return clazz.getMethod("values").let { method ->
+        method.isAccessible = true
+        method.invoke(null) as? Array<out Enum<*>>
+    // DO NOT replace put with Kotlin's [] because Kotlin would use java.util.Map.
+    }?.apply { allEnums.put(clazz, this) }
+}
+
+private fun createEnumDirectory(clazz: Class<out Enum<*>>): sandbox.java.util.Map<String, out Enum<*>> {
+    val universe = getEnumConstantsShared(clazz) ?: throw IllegalArgumentException("${clazz.name} is not an enum type")
+    val directory = sandbox.java.util.LinkedHashMap<String, Enum<*>>(2 * universe.size)
+    for (entry in universe) {
+        // DO NOT replace put with Kotlin's [] because Kotlin would use java.util.Map.
+        directory.put(entry.name(), entry)
+    }
+    // DO NOT replace put with Kotlin's [] because Kotlin would use java.util.Map.
+    allEnumDirectories.put(clazz, directory)
+    return directory
+}
+
+private val allEnums: sandbox.java.util.Map<Class<out Enum<*>>, Array<out Enum<*>>> = sandbox.java.util.LinkedHashMap()
+private val allEnumDirectories: sandbox.java.util.Map<Class<out Enum<*>>, sandbox.java.util.Map<String, out Enum<*>>> = sandbox.java.util.LinkedHashMap()
+
+/**
+ * Replacement functions for Class<*>.forName(...) which protect
+ * against users loading classes from outside the sandbox.
+ */
+@Throws(ClassNotFoundException::class)
+fun classForName(className: kotlin.String): Class<*> {
+    return Class.forName(toSandbox(className))
+}
+
+@Throws(ClassNotFoundException::class)
+fun classForName(className: kotlin.String, initialize: kotlin.Boolean, classLoader: ClassLoader): Class<*> {
+    return Class.forName(toSandbox(className), initialize, classLoader)
+}
+
+/**
+ * Force the qualified class name into the sandbox.* namespace.
+ * Throw [ClassNotFoundException] anyway if we wouldn't want to
+ * return the resulting sandbox class. E.g. for any of our own
+ * internal classes.
+ */
+private fun toSandbox(className: kotlin.String): kotlin.String {
+    if (bannedClasses.any { it.matches(className) }) {
+        throw ClassNotFoundException(className)
+    }
+    return SANDBOX_PREFIX + className
+}
+
+private val bannedClasses = setOf(
+    "^java\\.lang\\.DJVM(.*)?\$".toRegex(),
+    "^net\\.corda\\.djvm\\..*\$".toRegex(),
+    "^Task\$".toRegex()
+)
diff --git a/djvm/src/main/kotlin/sandbox/java/lang/Object.kt b/djvm/src/main/kotlin/sandbox/java/lang/Object.kt
deleted file mode 100644
index 14ae5df025..0000000000
--- a/djvm/src/main/kotlin/sandbox/java/lang/Object.kt
+++ /dev/null
@@ -1,19 +0,0 @@
-package sandbox.java.lang
-
-/**
- * Sandboxed implementation of `java/lang/Object`.
- */
-@Suppress("EqualsOrHashCode")
-open class Object {
-
-    /**
-     * Deterministic hash code for objects.
-     */
-    override fun hashCode(): Int = sandbox.java.lang.System.identityHashCode(this)
-
-    /**
-     * Deterministic string representation of [Object].
-     */
-    override fun toString(): String = "sandbox.java.lang.Object@${hashCode().toString(16)}"
-
-}
diff --git a/djvm/src/main/kotlin/sandbox/java/lang/System.kt b/djvm/src/main/kotlin/sandbox/java/lang/System.kt
deleted file mode 100644
index 0b40e0cfd7..0000000000
--- a/djvm/src/main/kotlin/sandbox/java/lang/System.kt
+++ /dev/null
@@ -1,99 +0,0 @@
-@file:Suppress("UNUSED_PARAMETER")
-
-package sandbox.java.lang
-
-import java.io.IOException
-import java.util.*
-
-object System {
-
-    private var objectCounter = object : ThreadLocal<Int>() {
-        override fun initialValue() = 0
-    }
-
-    private var objectHashCodes = object : ThreadLocal<MutableMap<Int, Int>>() {
-        override fun initialValue() = mutableMapOf<Int, Int>()
-    }
-
-    @JvmField
-    val `in`: java.io.InputStream? = null
-
-    @JvmField
-    val out: java.io.PrintStream? = null
-
-    @JvmField
-    val err: java.io.PrintStream? = null
-
-    fun setIn(stream: java.io.InputStream) {}
-
-    fun setOut(stream: java.io.PrintStream) {}
-
-    fun setErr(stream: java.io.PrintStream) {}
-
-    fun console(): java.io.Console? {
-        throw NotImplementedError()
-    }
-
-    @Throws(java.io.IOException::class)
-    fun inheritedChannel(): java.nio.channels.Channel? {
-        throw IOException()
-    }
-
-    fun setSecurityManager(manager: java.lang.SecurityManager) {}
-
-    fun getSecurityManager(): java.lang.SecurityManager? = null
-
-    fun currentTimeMillis(): Long = 0L
-
-    fun nanoTime(): Long = 0L
-
-    fun arraycopy(src: Object, srcPos: Int, dest: Object, destPos: Int, length: Int) {
-        java.lang.System.arraycopy(src, srcPos, dest, destPos, length)
-    }
-
-    fun identityHashCode(obj: Object): Int {
-        val nativeHashCode = java.lang.System.identityHashCode(obj)
-        // TODO Instead of using a magic offset below, one could take in a per-context seed
-        return objectHashCodes.get().getOrPut(nativeHashCode) {
-            val newCounter = objectCounter.get() + 1
-            objectCounter.set(newCounter)
-            0xfed_c0de + newCounter
-        }
-    }
-
-    fun getProperties(): java.util.Properties {
-        return Properties()
-    }
-
-    fun lineSeparator() = "\n"
-
-    fun setProperties(properties: java.util.Properties) {}
-
-    fun getProperty(property: String): String? = null
-
-    fun getProperty(property: String, defaultValue: String): String? = defaultValue
-
-    fun setProperty(property: String, value: String): String? = null
-
-    fun clearProperty(property: String): String? = null
-
-    fun getenv(variable: String): String? = null
-
-    @Suppress("PLATFORM_CLASS_MAPPED_TO_KOTLIN")
-    fun getenv(): java.util.Map<String, String>? = null
-
-    fun exit(exitCode: Int) {}
-
-    fun gc() {}
-
-    fun runFinalization() {}
-
-    fun runFinalizersOnExit(flag: Boolean) {}
-
-    fun load(path: String) {}
-
-    fun loadLibrary(path: String) {}
-
-    fun mapLibraryName(path: String): String? = null
-
-}
diff --git a/djvm/src/test/kotlin/foo/bar/sandbox/KotlinClass.kt b/djvm/src/test/kotlin/foo/bar/sandbox/KotlinClass.kt
index 44ea7e29f7..f54128a2d6 100644
--- a/djvm/src/test/kotlin/foo/bar/sandbox/KotlinClass.kt
+++ b/djvm/src/test/kotlin/foo/bar/sandbox/KotlinClass.kt
@@ -1,12 +1,9 @@
 package foo.bar.sandbox
 
-import java.util.*
-
-fun testRandom(): Int {
-    val random = Random()
-    return random.nextInt()
+fun testClock(): Long {
+    return System.nanoTime()
 }
 
-fun String.toNumber(): Int {
-    return this.toInt()
+fun String.toNumber(): Long {
+    return this.toLong()
 }
diff --git a/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt b/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
new file mode 100644
index 0000000000..d71fa1a36a
--- /dev/null
+++ b/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
@@ -0,0 +1,126 @@
+package net.corda.djvm
+
+import org.assertj.core.api.Assertions.*
+import org.junit.Assert.*
+import org.junit.Test
+import sandbox.java.lang.sandbox
+import sandbox.java.lang.unsandbox
+
+class DJVMTest {
+
+    @Test
+    fun testDJVMString() {
+        val djvmString = sandbox.java.lang.String("New Value")
+        assertNotEquals(djvmString, "New Value")
+        assertEquals(djvmString, "New Value".sandbox())
+    }
+
+    @Test
+    fun testSimpleIntegerFormats() {
+        val result = sandbox.java.lang.String.format("%d-%d-%d-%d".toDJVM(),
+                          10.toDJVM(), 999999L.toDJVM(), 1234.toShort().toDJVM(), 108.toByte().toDJVM()).toString()
+        assertEquals("10-999999-1234-108", result)
+    }
+
+    @Test
+    fun testHexFormat() {
+        val result = sandbox.java.lang.String.format("%0#6x".toDJVM(), 768.toDJVM()).toString()
+        assertEquals("0x0300", result)
+    }
+
+    @Test
+    fun testDoubleFormat() {
+        val result = sandbox.java.lang.String.format("%9.4f".toDJVM(), 1234.5678.toDJVM()).toString()
+        assertEquals("1234.5678", result)
+    }
+
+    @Test
+    fun testFloatFormat() {
+        val result = sandbox.java.lang.String.format("%7.2f".toDJVM(), 1234.5678f.toDJVM()).toString()
+        assertEquals("1234.57", result)
+    }
+
+    @Test
+    fun testCharFormat() {
+        val result = sandbox.java.lang.String.format("[%c]".toDJVM(), 'A'.toDJVM()).toString()
+        assertEquals("[A]", result)
+    }
+
+    @Test
+    fun testObjectFormat() {
+        val result = sandbox.java.lang.String.format("%s".toDJVM(), object : sandbox.java.lang.Object() {}).toString()
+        assertThat(result).startsWith("sandbox.java.lang.Object@")
+    }
+
+    @Test
+    fun testStringEquality() {
+        val number = sandbox.java.lang.String.valueOf((Double.MIN_VALUE / 2.0) * 2.0)
+        require(number == "0.0".sandbox())
+    }
+
+    @Test
+    fun testSandboxingArrays() {
+        val result = arrayOf(1, 10L, "Hello World", '?', false, 1234.56).sandbox()
+        assertThat(result)
+            .isEqualTo(arrayOf(1.toDJVM(), 10L.toDJVM(), "Hello World".toDJVM(), '?'.toDJVM(), false.toDJVM(), 1234.56.toDJVM()))
+    }
+
+    @Test
+    fun testUnsandboxingObjectArray() {
+        val result = arrayOf<sandbox.java.lang.Object>(1.toDJVM(), 10L.toDJVM(), "Hello World".toDJVM(), '?'.toDJVM(), false.toDJVM(), 1234.56.toDJVM()).unsandbox()
+        assertThat(result)
+                .isEqualTo(arrayOf(1, 10L, "Hello World", '?', false, 1234.56))
+    }
+
+    @Test
+    fun testSandboxingPrimitiveArray() {
+        val result = intArrayOf(1, 2, 3, 10).sandbox()
+        assertThat(result).isEqualTo(intArrayOf(1, 2, 3, 10))
+    }
+
+    @Test
+    fun testSandboxingIntegersAsObjectArray() {
+        val result = arrayOf(1, 2, 3, 10).sandbox()
+        assertThat(result).isEqualTo(arrayOf(1.toDJVM(), 2.toDJVM(), 3.toDJVM(), 10.toDJVM()))
+    }
+
+    @Test
+    fun testUnsandboxingArrays() {
+        val arr = arrayOf(
+            Array(1) { "Hello".toDJVM() },
+            Array(1) { 1234000L.toDJVM() },
+            Array(1) { 1234.toDJVM() },
+            Array(1) { 923.toShort().toDJVM() },
+            Array(1) { 27.toByte().toDJVM() },
+            Array(1) { 'X'.toDJVM() },
+            Array(1) { 987.65f.toDJVM() },
+            Array(1) { 343.282.toDJVM() },
+            Array(1) { true.toDJVM() },
+            ByteArray(1) { 127.toByte() },
+            CharArray(1) { '?'}
+        )
+        val result = arr.unsandbox() as Array<*>
+        assertEquals(arr.size, result.size)
+        assertArrayEquals(Array(1) { "Hello" }, result[0] as Array<*>)
+        assertArrayEquals(Array(1) { 1234000L }, result[1] as Array<*>)
+        assertArrayEquals(Array(1) { 1234 }, result[2] as Array<*>)
+        assertArrayEquals(Array(1) { 923.toShort() }, result[3] as Array<*>)
+        assertArrayEquals(Array(1) { 27.toByte() }, result[4] as Array<*>)
+        assertArrayEquals(Array(1) { 'X' }, result[5] as Array<*>)
+        assertArrayEquals(Array(1) { 987.65f }, result[6] as Array<*>)
+        assertArrayEquals(Array(1) { 343.282 }, result[7] as Array<*>)
+        assertArrayEquals(Array(1) { true }, result[8] as Array<*>)
+        assertArrayEquals(ByteArray(1) { 127.toByte() }, result[9] as ByteArray)
+        assertArrayEquals(CharArray(1) { '?' }, result[10] as CharArray)
+    }
+
+    private fun String.toDJVM(): sandbox.java.lang.String = sandbox.java.lang.String.toDJVM(this)
+    private fun Long.toDJVM(): sandbox.java.lang.Long = sandbox.java.lang.Long.toDJVM(this)
+    private fun Int.toDJVM(): sandbox.java.lang.Integer = sandbox.java.lang.Integer.toDJVM(this)
+    private fun Short.toDJVM(): sandbox.java.lang.Short = sandbox.java.lang.Short.toDJVM(this)
+    private fun Byte.toDJVM(): sandbox.java.lang.Byte = sandbox.java.lang.Byte.toDJVM(this)
+    private fun Float.toDJVM(): sandbox.java.lang.Float = sandbox.java.lang.Float.toDJVM(this)
+    private fun Double.toDJVM(): sandbox.java.lang.Double = sandbox.java.lang.Double.toDJVM(this)
+    private fun Char.toDJVM(): sandbox.java.lang.Character = sandbox.java.lang.Character.toDJVM(this)
+    private fun Boolean.toDJVM(): sandbox.java.lang.Boolean = sandbox.java.lang.Boolean.toDJVM(this)
+}
\ No newline at end of file
diff --git a/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt b/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt
index b54d92b16e..a771798655 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt
@@ -13,6 +13,7 @@ import net.corda.djvm.messages.Severity
 import net.corda.djvm.references.ClassHierarchy
 import net.corda.djvm.rewiring.LoadedClass
 import net.corda.djvm.rules.Rule
+import net.corda.djvm.rules.implementation.*
 import net.corda.djvm.source.ClassSource
 import net.corda.djvm.utilities.Discovery
 import net.corda.djvm.validation.RuleValidator
@@ -35,8 +36,19 @@ abstract class TestBase {
 
         val ALL_EMITTERS = Discovery.find<Emitter>()
 
+        // We need at least these emitters to handle the Java API classes.
+        val BASIC_EMITTERS: List<Emitter> = listOf(
+            ArgumentUnwrapper(),
+            ReturnTypeWrapper(),
+            RewriteClassMethods(),
+            StringConstantWrapper()
+        )
+
         val ALL_DEFINITION_PROVIDERS = Discovery.find<DefinitionProvider>()
 
+        // We need at least these providers to handle the Java API classes.
+        val BASIC_DEFINITION_PROVIDERS: List<DefinitionProvider> = listOf(StaticConstantRemover())
+
         val BLANK = emptySet<Any>()
 
         val DEFAULT = (ALL_RULES + ALL_EMITTERS + ALL_DEFINITION_PROVIDERS).distinctBy(Any::javaClass)
@@ -86,14 +98,6 @@ abstract class TestBase {
         }
     }
 
-    /**
-     * Short-hand for analysing a class.
-     */
-    inline fun analyze(block: (ClassAndMemberVisitor.(AnalysisContext) -> Unit)) {
-        val validator = RuleValidator(emptyList(), configuration)
-        block(validator, context)
-    }
-
     /**
      * Run action on a separate thread to ensure that the code is run off a clean slate. The sandbox context is local to
      * the current thread, so this allows inspection of the cost summary object, etc. from within the provided delegate.
@@ -106,8 +110,8 @@ abstract class TestBase {
             action: SandboxRuntimeContext.() -> Unit
     ) {
         val rules = mutableListOf<Rule>()
-        val emitters = mutableListOf<Emitter>()
-        val definitionProviders = mutableListOf<DefinitionProvider>()
+        val emitters = mutableListOf<Emitter>().apply { addAll(BASIC_EMITTERS) }
+        val definitionProviders = mutableListOf<DefinitionProvider>().apply { addAll(BASIC_DEFINITION_PROVIDERS) }
         val classSources = mutableListOf<ClassSource>()
         var executionProfile = ExecutionProfile.UNLIMITED
         var whitelist = Whitelist.MINIMAL
@@ -137,7 +141,12 @@ abstract class TestBase {
                     minimumSeverityLevel = minimumSeverityLevel
                 ).use { analysisConfiguration ->
                     SandboxRuntimeContext(SandboxConfiguration.of(
-                            executionProfile, rules, emitters, definitionProviders, enableTracing, analysisConfiguration
+                        executionProfile,
+                        rules.distinctBy(Any::javaClass),
+                        emitters.distinctBy(Any::javaClass),
+                        definitionProviders.distinctBy(Any::javaClass),
+                        enableTracing,
+                        analysisConfiguration
                     )).use {
                         assertThat(runtimeCosts).areZero()
                         action(this)
@@ -163,7 +172,7 @@ abstract class TestBase {
     inline fun <reified T : Any> SandboxRuntimeContext.loadClass(): LoadedClass = loadClass(T::class.jvmName)
 
     fun SandboxRuntimeContext.loadClass(className: String): LoadedClass =
-            classLoader.loadClassAndBytes(ClassSource.fromClassName(className), context)
+            classLoader.loadForSandbox(className, context)
 
     /**
      * Run the entry-point of the loaded [Callable] class.
diff --git a/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt b/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt
new file mode 100644
index 0000000000..d493238723
--- /dev/null
+++ b/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt
@@ -0,0 +1,22 @@
+package net.corda.djvm
+
+import sandbox.net.corda.djvm.costing.ThresholdViolationError
+import sandbox.net.corda.djvm.rules.RuleViolationError
+
+object Utilities {
+    fun throwRuleViolationError(): Nothing = throw RuleViolationError("Can't catch this!")
+
+    fun throwThresholdViolationError(): Nothing = throw ThresholdViolationError("Can't catch this!")
+
+    fun throwContractConstraintViolation(): Nothing = throw IllegalArgumentException("Contract constraint violated")
+
+    fun throwError(): Nothing = throw Error()
+
+    fun throwThrowable(): Nothing = throw Throwable()
+
+    fun throwThreadDeath(): Nothing = throw ThreadDeath()
+
+    fun throwStackOverflowError(): Nothing = throw StackOverflowError("FAKE OVERFLOW!")
+
+    fun throwOutOfMemoryError(): Nothing = throw OutOfMemoryError("FAKE OOM!")
+}
diff --git a/djvm/src/test/kotlin/net/corda/djvm/analysis/ClassResolverTest.kt b/djvm/src/test/kotlin/net/corda/djvm/analysis/ClassResolverTest.kt
index 8f39f32808..d1ae149cb7 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/analysis/ClassResolverTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/analysis/ClassResolverTest.kt
@@ -5,25 +5,25 @@ import org.junit.Test
 
 class ClassResolverTest {
 
-    private val resolver = ClassResolver(emptySet(), Whitelist.MINIMAL, "sandbox/")
+    private val resolver = ClassResolver(emptySet(), emptySet(), Whitelist.MINIMAL, "sandbox/")
 
     @Test
     fun `can resolve class name`() {
         assertThat(resolver.resolve("java/lang/Object")).isEqualTo("java/lang/Object")
-        assertThat(resolver.resolve("java/lang/String")).isEqualTo("java/lang/String")
+        assertThat(resolver.resolve("java/lang/String")).isEqualTo("sandbox/java/lang/String")
         assertThat(resolver.resolve("foo/bar/Test")).isEqualTo("sandbox/foo/bar/Test")
     }
 
     @Test
     fun `can resolve class name for arrays`() {
         assertThat(resolver.resolve("[Ljava/lang/Object;")).isEqualTo("[Ljava/lang/Object;")
-        assertThat(resolver.resolve("[Ljava/lang/String;")).isEqualTo("[Ljava/lang/String;")
+        assertThat(resolver.resolve("[Ljava/lang/String;")).isEqualTo("[Lsandbox/java/lang/String;")
         assertThat(resolver.resolve("[Lfoo/bar/Test;")).isEqualTo("[Lsandbox/foo/bar/Test;")
         assertThat(resolver.resolve("[[Ljava/lang/Object;")).isEqualTo("[[Ljava/lang/Object;")
-        assertThat(resolver.resolve("[[Ljava/lang/String;")).isEqualTo("[[Ljava/lang/String;")
+        assertThat(resolver.resolve("[[Ljava/lang/String;")).isEqualTo("[[Lsandbox/java/lang/String;")
         assertThat(resolver.resolve("[[Lfoo/bar/Test;")).isEqualTo("[[Lsandbox/foo/bar/Test;")
         assertThat(resolver.resolve("[[[Ljava/lang/Object;")).isEqualTo("[[[Ljava/lang/Object;")
-        assertThat(resolver.resolve("[[[Ljava/lang/String;")).isEqualTo("[[[Ljava/lang/String;")
+        assertThat(resolver.resolve("[[[Ljava/lang/String;")).isEqualTo("[[[Lsandbox/java/lang/String;")
         assertThat(resolver.resolve("[[[Lfoo/bar/Test;")).isEqualTo("[[[Lsandbox/foo/bar/Test;")
     }
 
diff --git a/djvm/src/test/kotlin/net/corda/djvm/analysis/WhitelistTest.kt b/djvm/src/test/kotlin/net/corda/djvm/analysis/WhitelistTest.kt
index a817be4108..74d223af13 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/analysis/WhitelistTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/analysis/WhitelistTest.kt
@@ -11,8 +11,8 @@ class WhitelistTest : TestBase() {
         val whitelist = Whitelist.MINIMAL
         assertThat(whitelist.matches("java/lang/Object")).isTrue()
         assertThat(whitelist.matches("java/lang/Object.<init>:()V")).isTrue()
-        assertThat(whitelist.matches("java/lang/Integer")).isTrue()
-        assertThat(whitelist.matches("java/lang/Integer.<init>:(I)V")).isTrue()
+        assertThat(whitelist.matches("java/lang/reflect/Array")).isTrue()
+        assertThat(whitelist.matches("java/lang/reflect/Array.setInt(Ljava/lang/Object;II)V")).isTrue()
     }
 
     @Test
diff --git a/djvm/src/test/kotlin/net/corda/djvm/assertions/AssertiveClassWithByteCode.kt b/djvm/src/test/kotlin/net/corda/djvm/assertions/AssertiveClassWithByteCode.kt
index cc122b7a8f..0957217f47 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/assertions/AssertiveClassWithByteCode.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/assertions/AssertiveClassWithByteCode.kt
@@ -28,4 +28,9 @@ class AssertiveClassWithByteCode(private val loadedClass: LoadedClass) {
         assertThat(loadedClass.type.name).isEqualTo(className)
         return this
     }
+
+    fun hasInterface(className: String): AssertiveClassWithByteCode {
+        assertThat(loadedClass.type.interfaces.map(Class<*>::getName)).contains(className)
+        return this
+    }
 }
diff --git a/djvm/src/test/kotlin/net/corda/djvm/costing/RuntimeCostTest.kt b/djvm/src/test/kotlin/net/corda/djvm/costing/RuntimeCostTest.kt
index 0e68806d33..0eb2d1c03e 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/costing/RuntimeCostTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/costing/RuntimeCostTest.kt
@@ -4,6 +4,7 @@ import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatExceptionOfType
 import org.junit.Test
 import sandbox.net.corda.djvm.costing.ThresholdViolationError
+import kotlin.concurrent.thread
 
 class RuntimeCostTest {
 
@@ -16,17 +17,13 @@ class RuntimeCostTest {
 
     @Test
     fun `cannot increment cost beyond threshold`() {
-        Thread {
+        thread(name = "Foo") {
             val cost = RuntimeCost(10) { "failed in ${it.name}" }
             assertThatExceptionOfType(ThresholdViolationError::class.java)
                     .isThrownBy { cost.increment(11) }
                     .withMessage("failed in Foo")
             assertThat(cost.value).isEqualTo(11)
-        }.apply {
-            name = "Foo"
-            start()
-            join()
-        }
+        }.join()
     }
 
 }
diff --git a/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxEnumTest.kt b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxEnumTest.kt
new file mode 100644
index 0000000000..af78c3183b
--- /dev/null
+++ b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxEnumTest.kt
@@ -0,0 +1,86 @@
+package net.corda.djvm.execution
+
+import net.corda.djvm.TestBase
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Test
+import java.util.*
+import java.util.function.Function
+
+class SandboxEnumTest : TestBase() {
+    @Test
+    fun `test enum inside sandbox`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<Int, Array<String>>(configuration)
+        contractExecutor.run<TransformEnum>(0).apply {
+            assertThat(result).isEqualTo(arrayOf("ONE", "TWO", "THREE"))
+        }
+    }
+
+    @Test
+    fun `return enum from sandbox`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, ExampleEnum>(configuration)
+        contractExecutor.run<FetchEnum>("THREE").apply {
+            assertThat(result).isEqualTo(ExampleEnum.THREE)
+        }
+    }
+
+    @Test
+    fun `test we can identify class as Enum`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<ExampleEnum, Boolean>(configuration)
+        contractExecutor.run<AssertEnum>(ExampleEnum.THREE).apply {
+            assertThat(result).isTrue()
+        }
+    }
+
+    @Test
+    fun `test we can create EnumMap`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<ExampleEnum, Int>(configuration)
+        contractExecutor.run<UseEnumMap>(ExampleEnum.TWO).apply {
+            assertThat(result).isEqualTo(1)
+        }
+    }
+
+    @Test
+    fun `test we can create EnumSet`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<ExampleEnum, Boolean>(configuration)
+        contractExecutor.run<UseEnumSet>(ExampleEnum.ONE).apply {
+            assertThat(result).isTrue()
+        }
+    }
+}
+
+
+class AssertEnum : Function<ExampleEnum, Boolean> {
+    override fun apply(input: ExampleEnum): Boolean {
+        return input::class.java.isEnum
+    }
+}
+
+class TransformEnum : Function<Int, Array<String>> {
+    override fun apply(input: Int): Array<String> {
+        return ExampleEnum.values().map(ExampleEnum::name).toTypedArray()
+    }
+}
+
+class FetchEnum : Function<String, ExampleEnum> {
+    override fun apply(input: String): ExampleEnum {
+        return ExampleEnum.valueOf(input)
+    }
+}
+
+class UseEnumMap : Function<ExampleEnum, Int> {
+    override fun apply(input: ExampleEnum): Int {
+        val map = EnumMap<ExampleEnum, String>(ExampleEnum::class.java)
+        map[input] = input.name
+        return map.size
+    }
+}
+
+class UseEnumSet : Function<ExampleEnum, Boolean> {
+    override fun apply(input: ExampleEnum): Boolean {
+        return EnumSet.allOf(ExampleEnum::class.java).contains(input)
+    }
+}
+
+enum class ExampleEnum {
+    ONE, TWO, THREE
+}
\ No newline at end of file
diff --git a/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt
index 92fe59e159..a3919c964c 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt
@@ -1,10 +1,19 @@
 package net.corda.djvm.execution
 
 import foo.bar.sandbox.MyObject
-import foo.bar.sandbox.testRandom
+import foo.bar.sandbox.testClock
 import foo.bar.sandbox.toNumber
 import net.corda.djvm.TestBase
 import net.corda.djvm.analysis.Whitelist
+import net.corda.djvm.Utilities
+import net.corda.djvm.Utilities.throwContractConstraintViolation
+import net.corda.djvm.Utilities.throwError
+import net.corda.djvm.Utilities.throwOutOfMemoryError
+import net.corda.djvm.Utilities.throwRuleViolationError
+import net.corda.djvm.Utilities.throwStackOverflowError
+import net.corda.djvm.Utilities.throwThreadDeath
+import net.corda.djvm.Utilities.throwThresholdViolationError
+import net.corda.djvm.Utilities.throwThrowable
 import net.corda.djvm.assertions.AssertionExtensions.withProblem
 import net.corda.djvm.rewiring.SandboxClassLoadingException
 import org.assertj.core.api.Assertions.assertThat
@@ -13,8 +22,8 @@ import org.junit.Test
 import sandbox.net.corda.djvm.costing.ThresholdViolationError
 import sandbox.net.corda.djvm.rules.RuleViolationError
 import java.nio.file.Files
-import java.util.*
 import java.util.function.Function
+import java.util.stream.Collectors.*
 
 class SandboxExecutorTest : TestBase() {
 
@@ -34,7 +43,7 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can load and execute contract`() = sandbox(
-            pinnedClasses = setOf(Transaction::class.java)
+            pinnedClasses = setOf(Transaction::class.java, Utilities::class.java)
     ) {
         val contractExecutor = DeterministicSandboxExecutor<Transaction, Unit>(configuration)
         val tx = Transaction(1)
@@ -44,13 +53,13 @@ class SandboxExecutorTest : TestBase() {
                 .withMessageContaining("Contract constraint violated")
     }
 
-    class Contract : Function<Transaction?, Unit> {
-        override fun apply(input: Transaction?) {
-            throw IllegalArgumentException("Contract constraint violated")
+    class Contract : Function<Transaction, Unit> {
+        override fun apply(input: Transaction) {
+            throwContractConstraintViolation()
         }
     }
 
-    data class Transaction(val id: Int?)
+    data class Transaction(val id: Int)
 
     @Test
     fun `can load and execute code that overrides object hash code`() = sandbox(DEFAULT) {
@@ -65,7 +74,11 @@ class SandboxExecutorTest : TestBase() {
             val obj = Object()
             val hash1 = obj.hashCode()
             val hash2 = obj.hashCode()
-            require(hash1 == hash2)
+            //require(hash1 == hash2)
+            // TODO: Replace require() once we have working exception support.
+            if (hash1 != hash2) {
+                throwError()
+            }
             return Object().hashCode()
         }
     }
@@ -123,37 +136,37 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can detect illegal references in Kotlin meta-classes`() = sandbox(DEFAULT, ExecutionProfile.DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, Long>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestKotlinMetaClasses>(0) }
-                .withCauseInstanceOf(RuleViolationError::class.java)
-                .withMessageContaining("Disallowed reference to reflection API")
+                .withCauseInstanceOf(NoSuchMethodError::class.java)
+                .withProblem("sandbox.java.lang.System.nanoTime()J")
     }
 
-    class TestKotlinMetaClasses : Function<Int, Int> {
-        override fun apply(input: Int): Int {
-            val someNumber = testRandom()
+    class TestKotlinMetaClasses : Function<Int, Long> {
+        override fun apply(input: Int): Long {
+            val someNumber = testClock()
             return "12345".toNumber() * someNumber
         }
     }
 
     @Test
     fun `cannot execute runnable that references non-deterministic code`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, Long>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestNonDeterministicCode>(0) }
-                .withCauseInstanceOf(RuleViolationError::class.java)
-                .withProblem("Disallowed reference to reflection API")
+                .withCauseInstanceOf(NoSuchMethodError::class.java)
+                .withProblem("sandbox.java.lang.System.currentTimeMillis()J")
     }
 
-    class TestNonDeterministicCode : Function<Int, Int> {
-        override fun apply(input: Int): Int {
-            return Random().nextInt()
+    class TestNonDeterministicCode : Function<Int, Long> {
+        override fun apply(input: Int): Long {
+            return System.currentTimeMillis()
         }
     }
 
     @Test
-    fun `cannot execute runnable that catches ThreadDeath`() = sandbox(DEFAULT) {
+    fun `cannot execute runnable that catches ThreadDeath`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         TestCatchThreadDeath().apply {
             assertThat(apply(0)).isEqualTo(1)
         }
@@ -167,7 +180,7 @@ class SandboxExecutorTest : TestBase() {
     class TestCatchThreadDeath : Function<Int, Int> {
         override fun apply(input: Int): Int {
             return try {
-                throw ThreadDeath()
+                throwThreadDeath()
             } catch (exception: ThreadDeath) {
                 1
             }
@@ -175,7 +188,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `cannot execute runnable that catches ThresholdViolationError`() = sandbox(DEFAULT) {
+    fun `cannot execute runnable that catches ThresholdViolationError`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         TestCatchThresholdViolationError().apply {
             assertThat(apply(0)).isEqualTo(1)
         }
@@ -190,7 +203,7 @@ class SandboxExecutorTest : TestBase() {
     class TestCatchThresholdViolationError : Function<Int, Int> {
         override fun apply(input: Int): Int {
             return try {
-                throw ThresholdViolationError("Can't catch this!")
+                throwThresholdViolationError()
             } catch (exception: ThresholdViolationError) {
                 1
             }
@@ -198,7 +211,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `cannot execute runnable that catches RuleViolationError`() = sandbox(DEFAULT) {
+    fun `cannot execute runnable that catches RuleViolationError`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         TestCatchRuleViolationError().apply {
             assertThat(apply(0)).isEqualTo(1)
         }
@@ -213,7 +226,7 @@ class SandboxExecutorTest : TestBase() {
     class TestCatchRuleViolationError : Function<Int, Int> {
         override fun apply(input: Int): Int {
             return try {
-                throw RuleViolationError("Can't catch this!")
+                throwRuleViolationError()
             } catch (exception: RuleViolationError) {
                 1
             }
@@ -221,7 +234,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `can catch Throwable`() = sandbox(DEFAULT) {
+    fun `can catch Throwable`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
         contractExecutor.run<TestCatchThrowableAndError>(1).apply {
             assertThat(result).isEqualTo(1)
@@ -229,7 +242,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `can catch Error`() = sandbox(DEFAULT) {
+    fun `can catch Error`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
         contractExecutor.run<TestCatchThrowableAndError>(2).apply {
             assertThat(result).isEqualTo(2)
@@ -237,7 +250,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `cannot catch ThreadDeath`() = sandbox(DEFAULT) {
+    fun `cannot catch ThreadDeath`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestCatchThrowableErrorsAndThreadDeath>(3) }
@@ -248,8 +261,8 @@ class SandboxExecutorTest : TestBase() {
         override fun apply(input: Int): Int {
             return try {
                 when (input) {
-                    1 -> throw Throwable()
-                    2 -> throw Error()
+                    1 -> throwThrowable()
+                    2 -> throwError()
                     else -> 0
                 }
             } catch (exception: Error) {
@@ -264,20 +277,20 @@ class SandboxExecutorTest : TestBase() {
         override fun apply(input: Int): Int {
             return try {
                 when (input) {
-                    1 -> throw Throwable()
-                    2 -> throw Error()
+                    1 -> throwThrowable()
+                    2 -> throwError()
                     3 -> try {
-                        throw ThreadDeath()
+                        throwThreadDeath()
                     } catch (ex: ThreadDeath) {
                         3
                     }
                     4 -> try {
-                        throw StackOverflowError("FAKE OVERFLOW!")
+                        throwStackOverflowError()
                     } catch (ex: StackOverflowError) {
                         4
                     }
                     5 -> try {
-                        throw OutOfMemoryError("FAKE OOM!")
+                        throwOutOfMemoryError()
                     } catch (ex: OutOfMemoryError) {
                         5
                     }
@@ -292,7 +305,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `cannot catch stack-overflow error`() = sandbox(DEFAULT) {
+    fun `cannot catch stack-overflow error`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestCatchThrowableErrorsAndThreadDeath>(4) }
@@ -301,7 +314,7 @@ class SandboxExecutorTest : TestBase() {
     }
 
     @Test
-    fun `cannot catch out-of-memory error`() = sandbox(DEFAULT) {
+    fun `cannot catch out-of-memory error`() = sandbox(DEFAULT, pinnedClasses = setOf(Utilities::class.java)) {
         val contractExecutor = DeterministicSandboxExecutor<Int, Int>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestCatchThrowableErrorsAndThreadDeath>(5) }
@@ -371,7 +384,7 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can load and execute code that uses notify()`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, String?>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestMonitors>(1) }
                 .withCauseInstanceOf(RuleViolationError::class.java)
@@ -381,7 +394,7 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can load and execute code that uses notifyAll()`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, String?>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestMonitors>(2) }
                 .withCauseInstanceOf(RuleViolationError::class.java)
@@ -391,7 +404,7 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can load and execute code that uses wait()`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, String?>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestMonitors>(3) }
                 .withCauseInstanceOf(RuleViolationError::class.java)
@@ -401,7 +414,7 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can load and execute code that uses wait(long)`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, String?>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestMonitors>(4) }
                 .withCauseInstanceOf(RuleViolationError::class.java)
@@ -411,7 +424,7 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `can load and execute code that uses wait(long,int)`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, String?>(configuration)
         assertThatExceptionOfType(SandboxException::class.java)
                 .isThrownBy { contractExecutor.run<TestMonitors>(5) }
                 .withCauseInstanceOf(RuleViolationError::class.java)
@@ -421,13 +434,13 @@ class SandboxExecutorTest : TestBase() {
 
     @Test
     fun `code after forbidden APIs is intact`() = sandbox(DEFAULT) {
-        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        val contractExecutor = DeterministicSandboxExecutor<Int, String?>(configuration)
         assertThat(contractExecutor.run<TestMonitors>(0).result)
                 .isEqualTo("unknown")
     }
 
-    class TestMonitors : Function<Int, String> {
-        override fun apply(input: Int): String {
+    class TestMonitors : Function<Int, String?> {
+        override fun apply(input: Int): String? {
             return synchronized(this) {
                 @Suppress("PLATFORM_CLASS_MAPPED_TO_KOTLIN")
                 val javaObject = this as java.lang.Object
@@ -493,6 +506,73 @@ class SandboxExecutorTest : TestBase() {
         }
     }
 
+    @Test
+    fun `check building a string`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String?, String?>(configuration)
+        contractExecutor.run<TestStringBuilding>("Hello Sandbox!").apply {
+            assertThat(result)
+                .isEqualTo("SANDBOX: Boolean=true, Char='X', Integer=1234, Long=99999, Short=3200, Byte=101, String='Hello Sandbox!', Float=123.456, Double=987.6543")
+        }
+    }
+
+    class TestStringBuilding : Function<String?, String?> {
+        override fun apply(input: String?): String? {
+             return StringBuilder("SANDBOX")
+                    .append(": Boolean=").append(true)
+                    .append(", Char='").append('X')
+                    .append("', Integer=").append(1234)
+                    .append(", Long=").append(99999L)
+                    .append(", Short=").append(3200.toShort())
+                    .append(", Byte=").append(101.toByte())
+                    .append(", String='").append(input)
+                    .append("', Float=").append(123.456f)
+                    .append(", Double=").append(987.6543)
+                    .toString()
+        }
+    }
+
+    @Test
+    fun `check System-arraycopy still works with Objects`() = sandbox(DEFAULT) {
+        val source = arrayOf("one", "two", "three")
+        assertThat(TestArrayCopy().apply(source))
+            .isEqualTo(source)
+            .isNotSameAs(source)
+
+        val contractExecutor = DeterministicSandboxExecutor<Array<String>, Array<String>>(configuration)
+        contractExecutor.run<TestArrayCopy>(source).apply {
+            assertThat(result)
+                .isEqualTo(source)
+                .isNotSameAs(source)
+        }
+    }
+
+    class TestArrayCopy : Function<Array<String>, Array<String>> {
+        override fun apply(input: Array<String>): Array<String> {
+            val newArray = Array(input.size) { "" }
+            System.arraycopy(input, 0, newArray, 0, newArray.size)
+            return newArray
+        }
+    }
+
+    @Test
+    fun `test System-arraycopy still works with CharArray`() = sandbox(DEFAULT) {
+        val source = CharArray(10) { '?' }
+        val contractExecutor = DeterministicSandboxExecutor<CharArray, CharArray>(configuration)
+        contractExecutor.run<TestCharArrayCopy>(source).apply {
+            assertThat(result)
+                .isEqualTo(source)
+                .isNotSameAs(source)
+        }
+    }
+
+    class TestCharArrayCopy : Function<CharArray, CharArray> {
+        override fun apply(input: CharArray): CharArray {
+            val newArray = CharArray(input.size) { 'X' }
+            System.arraycopy(input, 0, newArray, 0, newArray.size)
+            return newArray
+        }
+    }
+
     @Test
     fun `can load and execute class that has finalize`() = sandbox(DEFAULT) {
         assertThatExceptionOfType(UnsupportedOperationException::class.java)
@@ -515,4 +595,152 @@ class SandboxExecutorTest : TestBase() {
             throw UnsupportedOperationException("Very Bad Thing")
         }
     }
+
+    @Test
+    fun `can execute parallel stream`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, String>(configuration)
+        contractExecutor.run<TestParallelStream>("Pebble").apply {
+            assertThat(result).isEqualTo("Five,Four,One,Pebble,Three,Two")
+        }
+    }
+
+    class TestParallelStream : Function<String, String> {
+        override fun apply(input: String): String {
+            return listOf(input, "One", input, "Two", input, "Three", input, "Four", input, "Five")
+                    .stream()
+                    .distinct()
+                    .sorted()
+                    .collect(joining(","))
+        }
+    }
+
+    @Test
+    fun `users cannot load our sandboxed classes`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Class<*>>(configuration)
+        assertThatExceptionOfType(SandboxException::class.java)
+                .isThrownBy { contractExecutor.run<TestClassForName>("java.lang.DJVM") }
+                .withCauseInstanceOf(ClassNotFoundException::class.java)
+                .withMessageContaining("java.lang.DJVM")
+    }
+
+    @Test
+    fun `users can load sandboxed classes`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Class<*>>(configuration)
+        contractExecutor.run<TestClassForName>("java.util.List").apply {
+            assertThat(result?.name).isEqualTo("sandbox.java.util.List")
+        }
+    }
+
+    class TestClassForName : Function<String, Class<*>> {
+        override fun apply(input: String): Class<*> {
+            return Class.forName(input)
+        }
+    }
+
+    @Test
+    fun `test case-insensitive string sorting`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<Array<String>, Array<String>>(configuration)
+        contractExecutor.run<CaseInsensitiveSort>(arrayOf("Zelda", "angela", "BOB", "betsy", "ALBERT")).apply {
+            assertThat(result).isEqualTo(arrayOf("ALBERT", "angela", "betsy", "BOB", "Zelda"))
+        }
+    }
+
+    class CaseInsensitiveSort : Function<Array<String>, Array<String>> {
+        override fun apply(input: Array<String>): Array<String> {
+            return listOf(*input).sortedWith(String.CASE_INSENSITIVE_ORDER).toTypedArray()
+        }
+    }
+
+    @Test
+    fun `test unicode characters`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        contractExecutor.run<ExamineUnicodeBlock>(0x01f600).apply {
+            assertThat(result).isEqualTo("EMOTICONS")
+        }
+    }
+
+    class ExamineUnicodeBlock : Function<Int, String> {
+        override fun apply(codePoint: Int): String {
+            return Character.UnicodeBlock.of(codePoint).toString()
+        }
+    }
+
+    @Test
+    fun `test unicode scripts`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Character.UnicodeScript?>(configuration)
+        contractExecutor.run<ExamineUnicodeScript>("COMMON").apply {
+            assertThat(result).isEqualTo(Character.UnicodeScript.COMMON)
+        }
+    }
+
+    class ExamineUnicodeScript : Function<String, Character.UnicodeScript?> {
+        override fun apply(scriptName: String): Character.UnicodeScript? {
+            val script = Character.UnicodeScript.valueOf(scriptName)
+            return if (script::class.java.isEnum) script else null
+        }
+    }
+
+    @Test
+    fun `test users cannot define new classes`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Class<*>>(configuration)
+        assertThatExceptionOfType(SandboxException::class.java)
+                .isThrownBy { contractExecutor.run<DefineNewClass>("sandbox.java.lang.DJVM") }
+                .withCauseInstanceOf(RuleViolationError::class.java)
+                .withMessageContaining("Disallowed reference to API;")
+                .withMessageContaining("java.lang.ClassLoader.defineClass")
+    }
+
+    class DefineNewClass : Function<String, Class<*>> {
+        override fun apply(input: String): Class<*> {
+            val data = ByteArray(0)
+            val cl = object : ClassLoader(this::class.java.classLoader) {
+                fun define(): Class<*> {
+                    return super.defineClass(input, data, 0, data.size)
+                }
+            }
+            return cl.define()
+        }
+    }
+
+    @Test
+    fun `test users cannot load new classes`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Class<*>>(configuration)
+        assertThatExceptionOfType(SandboxException::class.java)
+                .isThrownBy { contractExecutor.run<LoadNewClass>("sandbox.java.lang.DJVM") }
+                .withCauseInstanceOf(RuleViolationError::class.java)
+                .withMessageContaining("Disallowed reference to API;")
+                .withMessageContaining("java.lang.ClassLoader.loadClass")
+    }
+
+    class LoadNewClass : Function<String, Class<*>> {
+        override fun apply(input: String): Class<*> {
+            val cl = object : ClassLoader(this::class.java.classLoader) {
+                fun load(): Class<*> {
+                    return super.loadClass(input)
+                }
+            }
+            return cl.load()
+        }
+    }
+
+    @Test
+    fun `test users cannot lookup classes`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Class<*>>(configuration)
+        assertThatExceptionOfType(SandboxException::class.java)
+                .isThrownBy { contractExecutor.run<FindClass>("sandbox.java.lang.DJVM") }
+                .withCauseInstanceOf(RuleViolationError::class.java)
+                .withMessageContaining("Disallowed reference to API;")
+                .withMessageContaining("java.lang.ClassLoader.findClass")
+    }
+
+    class FindClass : Function<String, Class<*>> {
+        override fun apply(input: String): Class<*> {
+            val cl = object : ClassLoader(this::class.java.classLoader) {
+                fun find(): Class<*> {
+                    return super.findClass(input)
+                }
+            }
+            return cl.find()
+        }
+    }
 }
diff --git a/djvm/src/test/kotlin/net/corda/djvm/rewiring/ClassRewriterTest.kt b/djvm/src/test/kotlin/net/corda/djvm/rewiring/ClassRewriterTest.kt
index bd7e86dac0..68b60da1cd 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/rewiring/ClassRewriterTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/rewiring/ClassRewriterTest.kt
@@ -1,16 +1,14 @@
 package net.corda.djvm.rewiring
 
-import foo.bar.sandbox.A
-import foo.bar.sandbox.B
-import foo.bar.sandbox.Empty
-import foo.bar.sandbox.StrictFloat
+import foo.bar.sandbox.*
 import net.corda.djvm.TestBase
 import net.corda.djvm.assertions.AssertionExtensions.assertThat
 import net.corda.djvm.execution.ExecutionProfile
-import org.assertj.core.api.Assertions.assertThatExceptionOfType
+import org.assertj.core.api.Assertions.*
 import org.junit.Test
 import sandbox.net.corda.djvm.costing.ThresholdViolationError
 import java.nio.file.Paths
+import java.util.*
 
 class ClassRewriterTest : TestBase() {
 
@@ -102,4 +100,44 @@ class ClassRewriterTest : TestBase() {
             return input
         }
     }
+
+    @Test
+    fun `can load class with constant fields`() = sandbox(DEFAULT) {
+        assertThat(loadClass<ObjectWithConstants>())
+                .hasClassName("sandbox.net.corda.djvm.rewiring.ObjectWithConstants")
+                .hasBeenModified()
+    }
+
+    @Test
+    fun `test rewrite static method`() = sandbox(DEFAULT) {
+        assertThat(loadClass<Arrays>())
+                .hasClassName("sandbox.java.util.Arrays")
+                .hasBeenModified()
+    }
+
+    @Test
+    fun `test stitch new super-interface`() = sandbox(DEFAULT) {
+        assertThat(loadClass<CharSequence>())
+                .hasClassName("sandbox.java.lang.CharSequence")
+                .hasInterface("java.lang.CharSequence")
+                .hasBeenModified()
+    }
+
+    @Test
+    fun `test class with stitched interface`() = sandbox(DEFAULT) {
+        assertThat(loadClass<StringBuilder>())
+                .hasClassName("sandbox.java.lang.StringBuilder")
+                .hasInterface("sandbox.java.lang.CharSequence")
+                .hasBeenModified()
+    }
 }
+
+@Suppress("unused")
+private object ObjectWithConstants {
+    const val MESSAGE = "Hello Sandbox!"
+    const val BIG_NUMBER = 99999L
+    const val NUMBER = 100
+    const val CHAR = '?'
+    const val BYTE = 7f.toByte()
+    val DATA = Array(0) { "" }
+}
\ No newline at end of file
diff --git a/djvm/src/test/kotlin/net/corda/djvm/source/SourceClassLoaderTest.kt b/djvm/src/test/kotlin/net/corda/djvm/source/SourceClassLoaderTest.kt
index 85f4596f1f..401e0b5c0a 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/source/SourceClassLoaderTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/source/SourceClassLoaderTest.kt
@@ -10,7 +10,7 @@ import java.nio.file.Path
 
 class SourceClassLoaderTest {
 
-    private val classResolver = ClassResolver(emptySet(), Whitelist.MINIMAL, "")
+    private val classResolver = ClassResolver(emptySet(), emptySet(), Whitelist.MINIMAL, "")
 
     @Test
     fun `can load class from Java's lang package when no files are provided to the class loader`() {

From e3685f5e8119f3947e63b1151defa0e627f8ae97 Mon Sep 17 00:00:00 2001
From: Anthony Keenan <anthony.keenan@r3.com>
Date: Thu, 11 Oct 2018 18:01:54 +0200
Subject: [PATCH 36/83] Make blobinspector not log to console by default
 (#4059)

---
 .../main/kotlin/net/corda/blobinspector/BlobInspector.kt  | 8 --------
 tools/blobinspector/src/main/resources/log4j2.xml         | 5 +++--
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
index 8887247bf6..8670989fd1 100644
--- a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
+++ b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
@@ -52,14 +52,6 @@ class BlobInspector : CordaCliWrapper("blob-inspector", "Convert AMQP serialised
 
     override fun runProgram() = run(System.out)
 
-    override fun initLogging() {
-        if (verbose) {
-            loggingLevel = Level.TRACE
-        }
-        val loggingLevel = loggingLevel.name.toLowerCase(Locale.ENGLISH)
-        System.setProperty("logLevel", loggingLevel) // This property is referenced from the XML config file.
-    }
-
     fun run(out: PrintStream): Int {
         val inputBytes = source!!.readBytes()
         val bytes = parseToBinaryRelaxed(inputFormatType, inputBytes)
diff --git a/tools/blobinspector/src/main/resources/log4j2.xml b/tools/blobinspector/src/main/resources/log4j2.xml
index 98b3648e6b..b7a8bfcd2f 100644
--- a/tools/blobinspector/src/main/resources/log4j2.xml
+++ b/tools/blobinspector/src/main/resources/log4j2.xml
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Configuration status="info">
     <Properties>
-        <Property name="logLevel">off</Property>
+        <Property name="consoleLogLevel">${sys:consoleLogLevel:-error}</Property>
+        <Property name="defaultLogLevel">${sys:defaultLogLevel:-info}</Property>
     </Properties>
     <Appenders>
         <Console name="STDOUT" target="SYSTEM_OUT" ignoreExceptions="false">
@@ -9,7 +10,7 @@
         </Console>
     </Appenders>
     <Loggers>
-        <Root level="${sys:logLevel}">
+        <Root level="${sys:consoleLogLevel}">
             <AppenderRef ref="STDOUT"/>
         </Root>
     </Loggers>

From 8c41ae208da787fd59e084ae549659d504afa9c3 Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Thu, 11 Oct 2018 10:45:43 +0100
Subject: [PATCH 37/83] CORDA-535: Remove BFT-Smart related migration parts

---
 .../migration/node-notary.changelog-init.xml          | 11 -----------
 .../migration/node-notary.changelog-pkey.xml          |  5 -----
 .../resources/migration/node-notary.changelog-v1.xml  |  1 -
 3 files changed, 17 deletions(-)

diff --git a/node/src/main/resources/migration/node-notary.changelog-init.xml b/node/src/main/resources/migration/node-notary.changelog-init.xml
index 8d0f1bcb6f..7bb5a20c52 100644
--- a/node/src/main/resources/migration/node-notary.changelog-init.xml
+++ b/node/src/main/resources/migration/node-notary.changelog-init.xml
@@ -5,17 +5,6 @@
                    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd"
                    logicalFilePath="migration/node-services.changelog-init.xml">
 
-    <changeSet author="R3.Corda" id="1511451595465-6">
-        <createTable tableName="node_bft_committed_states">
-            <column name="output_index" type="INT">
-                <constraints nullable="false"/>
-            </column>
-            <column name="transaction_id" type="NVARCHAR(64)">
-                <constraints nullable="false"/>
-            </column>
-            <column name="consuming_transaction_id" type="NVARCHAR(64)"/>
-        </createTable>
-    </changeSet>
     <changeSet author="R3.Corda" id="1511451595465-16">
         <createTable tableName="node_notary_committed_states">
             <column name="output_index" type="INT">
diff --git a/node/src/main/resources/migration/node-notary.changelog-pkey.xml b/node/src/main/resources/migration/node-notary.changelog-pkey.xml
index c4d7c59376..8130c3b156 100644
--- a/node/src/main/resources/migration/node-notary.changelog-pkey.xml
+++ b/node/src/main/resources/migration/node-notary.changelog-pkey.xml
@@ -8,9 +8,4 @@
         <addPrimaryKey tableName="node_notary_committed_states" columnNames="output_index, transaction_id"
                        constraintName="node_notary_states_pkey" clustered="false"/>
     </changeSet>
-    <changeSet id="non-clustered_pk-bft_stae" author="R3.Corda" onValidationFail="MARK_RAN">
-        <dropPrimaryKey tableName="node_bft_committed_states" constraintName="node_bft_states_pkey"/>
-        <addPrimaryKey tableName="node_bft_committed_states" columnNames="output_index, transaction_id"
-                       constraintName="node_bft_states_pkey" clustered="false"/>
-    </changeSet>
 </databaseChangeLog>
\ No newline at end of file
diff --git a/node/src/main/resources/migration/node-notary.changelog-v1.xml b/node/src/main/resources/migration/node-notary.changelog-v1.xml
index 3002133bad..4a7fc0e723 100644
--- a/node/src/main/resources/migration/node-notary.changelog-v1.xml
+++ b/node/src/main/resources/migration/node-notary.changelog-v1.xml
@@ -6,7 +6,6 @@
                    logicalFilePath="migration/node-services.changelog-init.xml">
 
     <changeSet author="R3.Corda" id="nullability">
-        <addNotNullConstraint tableName="node_bft_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
         <addNotNullConstraint tableName="node_notary_committed_states" columnName="consuming_transaction_id" columnDataType="NVARCHAR(64)"/>
     </changeSet>
 </databaseChangeLog>
\ No newline at end of file

From aced03df5400e05f0bb50833cae0dbe9865c1b5c Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Thu, 11 Oct 2018 19:50:26 +0100
Subject: [PATCH 38/83] CORDA-1274: Migrated usage of FastClasspathScanner to
 ClassGraph (#4060)

FastClasspathScanner was renamed to ClassGraph for the version 4 release
---
 build.gradle                                  |  2 +-
 djvm/build.gradle                             |  4 +-
 .../net/corda/djvm/tools/cli/Utilities.kt     | 18 ++++-----
 .../net/corda/djvm/utilities/Discovery.kt     | 26 ++++++-------
 experimental/behave/build.gradle              |  4 +-
 .../corda/behave/scenarios/StepsContainer.kt  | 16 ++++----
 node-api/build.gradle                         |  4 +-
 .../nodeapi/internal/ContractsScanning.kt     | 16 ++++----
 .../cordapp/JarScanningCordappLoader.kt       | 38 ++++++++++++-------
 serialization/build.gradle                    |  4 +-
 .../internal/amqp/AMQPSerializationScheme.kt  | 18 ++++++---
 .../node/internal/TestCordappsUtils.kt        | 11 ++++--
 12 files changed, 89 insertions(+), 72 deletions(-)

diff --git a/build.gradle b/build.gradle
index f3cc3c97ca..500dc25229 100644
--- a/build.gradle
+++ b/build.gradle
@@ -68,7 +68,7 @@ buildscript {
     ext.commons_cli_version = '1.4'
     ext.protonj_version = '0.27.1' // This is now aligned with the Artemis version, but retaining in case we ever need to diverge again for a bug fix.
     ext.snappy_version = '0.4'
-    ext.fast_classpath_scanner_version = '2.12.3'
+    ext.class_graph_version = '4.2.12'
     ext.jcabi_manifests_version = '1.1'
     ext.picocli_version = '3.5.2'
 
diff --git a/djvm/build.gradle b/djvm/build.gradle
index eb41df17cc..d40a4d5523 100644
--- a/djvm/build.gradle
+++ b/djvm/build.gradle
@@ -36,8 +36,8 @@ dependencies {
     compile "org.ow2.asm:asm-tree:$asm_version"
     compile "org.ow2.asm:asm-commons:$asm_version"
 
-    // Classpath scanner
-    shadow "io.github.lukehutch:fast-classpath-scanner:$fast_classpath_scanner_version"
+    // ClassGraph: classpath scanning
+    shadow "io.github.classgraph:classgraph:$class_graph_version"
 
     // Test utilities
     testCompile "junit:junit:$junit_version"
diff --git a/djvm/cli/src/main/kotlin/net/corda/djvm/tools/cli/Utilities.kt b/djvm/cli/src/main/kotlin/net/corda/djvm/tools/cli/Utilities.kt
index 66d5d4d918..adc88a1423 100644
--- a/djvm/cli/src/main/kotlin/net/corda/djvm/tools/cli/Utilities.kt
+++ b/djvm/cli/src/main/kotlin/net/corda/djvm/tools/cli/Utilities.kt
@@ -1,8 +1,9 @@
 @file:JvmName("Utilities")
 package net.corda.djvm.tools.cli
 
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
-import java.lang.reflect.Modifier
+import io.github.classgraph.ClassGraph
+import java.lang.reflect.Modifier.isAbstract
+import java.lang.reflect.Modifier.isStatic
 import java.nio.file.Files
 import java.nio.file.Path
 import java.nio.file.Paths
@@ -92,13 +93,10 @@ val userClassPath: String = System.getProperty("java.class.path")
  * Get a reference of each concrete class that implements interface or class [T].
  */
 inline fun <reified T> find(scanSpec: String = "net/corda/djvm"): List<Class<*>> {
-    val references = mutableListOf<Class<*>>()
-    FastClasspathScanner(scanSpec)
-            .matchClassesImplementing(T::class.java) { clazz ->
-                if (!Modifier.isAbstract(clazz.modifiers) && !Modifier.isStatic(clazz.modifiers)) {
-                    references.add(clazz)
-                }
-            }
+    return ClassGraph()
+            .whitelistPaths(scanSpec)
+            .enableAllInfo()
             .scan()
-    return references
+            .use { it.getClassesImplementing(T::class.java.name).loadClasses(T::class.java) }
+            .filter { !isAbstract(it.modifiers) && !isStatic(it.modifiers) }
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt b/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt
index 33886e76ae..a08261bb02 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/utilities/Discovery.kt
@@ -1,6 +1,6 @@
 package net.corda.djvm.utilities
 
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
+import io.github.classgraph.ClassGraph
 import java.lang.reflect.Modifier
 
 /**
@@ -13,19 +13,19 @@ object Discovery {
      * Get an instance of each concrete class that implements interface or class [T].
      */
     inline fun <reified T> find(): List<T> {
-        val instances = mutableListOf<T>()
-        FastClasspathScanner("net/corda/djvm")
-                .matchClassesImplementing(T::class.java) { clazz ->
-                    if (clazz.modifiers and FORBIDDEN_CLASS_MASK == 0) {
-                        try {
-                            instances.add(clazz.newInstance())
-                        } catch (exception: Throwable) {
-                            throw Exception("Unable to instantiate ${clazz.name}", exception)
-                        }
+        return ClassGraph()
+                .whitelistPaths("net/corda/djvm")
+                .enableAllInfo()
+                .scan()
+                .use { it.getClassesImplementing(T::class.java.name).loadClasses(T::class.java) }
+                .filter { it.modifiers and FORBIDDEN_CLASS_MASK == 0 }
+                .map {
+                    try {
+                        it.newInstance()
+                    } catch (exception: Throwable) {
+                        throw Exception("Unable to instantiate ${it.name}", exception)
                     }
                 }
-                .scan()
-        return instances
-    }
 
+    }
 }
diff --git a/experimental/behave/build.gradle b/experimental/behave/build.gradle
index c5cba5eb8a..8cf7b06b80 100644
--- a/experimental/behave/build.gradle
+++ b/experimental/behave/build.gradle
@@ -51,8 +51,8 @@ dependencies {
     // JOptSimple: command line option parsing
     compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version"
 
-    // FastClasspathScanner: classpath scanning
-    compile "io.github.lukehutch:fast-classpath-scanner:$fast_classpath_scanner_version"
+    // ClassGraph: classpath scanning
+    compile "io.github.classgraph:classgraph:$class_graph_version"
 
     compile "commons-io:commons-io:$commonsio_version"
     compile "com.spotify:docker-client:$docker_client_version"
diff --git a/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/StepsContainer.kt b/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/StepsContainer.kt
index fbc06d59a9..dc5a0762e3 100644
--- a/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/StepsContainer.kt
+++ b/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/StepsContainer.kt
@@ -1,27 +1,29 @@
 package net.corda.behave.scenarios
 
 import cucumber.api.java8.En
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
+import io.github.classgraph.ClassGraph
 import net.corda.behave.scenarios.api.StepsBlock
 import net.corda.behave.scenarios.api.StepsProvider
 import net.corda.behave.scenarios.steps.*
 import net.corda.core.internal.objectOrNewInstance
-import net.corda.core.utilities.loggerFor
+import net.corda.core.utilities.contextLogger
 
 @Suppress("KDocMissingDocumentation")
 class StepsContainer(val state: ScenarioState) : En {
 
     companion object {
+        private val log = contextLogger()
+
         val stepsProviders: List<StepsProvider> by lazy {
-            FastClasspathScanner().addClassLoader(this::class.java.classLoader).scan()
-                    .getNamesOfClassesImplementing(StepsProvider::class.java)
-                    .mapNotNull { this::class.java.classLoader.loadClass(it).asSubclass(StepsProvider::class.java) }
+            ClassGraph()
+                    .addClassLoader(this::class.java.classLoader)
+                    .enableAllInfo()
+                    .scan()
+                    .use { it.getClassesImplementing(StepsProvider::class.java.name).loadClasses(StepsProvider::class.java) }
                     .map { it.kotlin.objectOrNewInstance() }
         }
     }
 
-    private val log = loggerFor<StepsContainer>()
-
     private val stepDefinitions: List<StepsBlock> = listOf(
             CashSteps(),
             ConfigurationSteps(),
diff --git a/node-api/build.gradle b/node-api/build.gradle
index d70b5af596..0f2c1a8c3e 100644
--- a/node-api/build.gradle
+++ b/node-api/build.gradle
@@ -27,8 +27,8 @@ dependencies {
 
     compile "org.apache.qpid:proton-j:$protonj_version"
 
-    // FastClasspathScanner: classpath scanning - needed for the NetworkBootstrapper.
-    compile "io.github.lukehutch:fast-classpath-scanner:$fast_classpath_scanner_version"
+    // ClassGraph: classpath scanning
+    compile "io.github.classgraph:classgraph:$class_graph_version"
 
     // For caches rather than guava
     compile "com.github.ben-manes.caffeine:caffeine:$caffeine_version"
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/ContractsScanning.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/ContractsScanning.kt
index 674868e909..3ec56d525b 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/ContractsScanning.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/ContractsScanning.kt
@@ -1,6 +1,6 @@
 package net.corda.nodeapi.internal
 
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
+import io.github.classgraph.ClassGraph
 import net.corda.core.contracts.Contract
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.contracts.UpgradedContract
@@ -28,15 +28,13 @@ class ContractsJarFile(private val file: Path) : ContractsJar {
     override val hash: SecureHash by lazy(LazyThreadSafetyMode.NONE, file::hash)
 
     override fun scan(): List<ContractClassName> {
-        val scanResult = FastClasspathScanner()
-                // A set of a single element may look odd, but if this is removed "Path" which itself is an `Iterable`
-                // is getting broken into pieces to scan individually, which doesn't yield desired effect.
-                .overrideClasspath(singleton(file))
-                .scan()
+        val scanResult = ClassGraph().overrideClasspath(singleton(file)).enableAllInfo().scan()
 
-        val contractClassNames = coreContractClasses
-                .flatMap { scanResult.getNamesOfClassesImplementing(it.qualifiedName) }
-                .toSet()
+        val contractClassNames = scanResult.use {
+            coreContractClasses
+                    .flatMap { scanResult.getClassesImplementing(it.qualifiedName).names }
+                    .toSet()
+        }
 
         return URLClassLoader(arrayOf(file.toUri().toURL()), Contract::class.java.classLoader).use { cl ->
             contractClassNames.mapNotNull {
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index e47badd63e..4981ae7977 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -1,7 +1,7 @@
 package net.corda.node.internal.cordapp
 
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
-import io.github.lukehutch.fastclasspathscanner.scanner.ScanResult
+import io.github.classgraph.ClassGraph
+import io.github.classgraph.ScanResult
 import net.corda.core.cordapp.Cordapp
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.sha256
@@ -95,7 +95,7 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
     }
     private fun loadCordapps(): List<CordappImpl> {
         val cordapps = cordappJarPaths
-                .map { scanCordapp(it).toCordapp(it) }
+                .map { url -> scanCordapp(url).use { it.toCordapp(url) } }
                 .filter {
                     if (it.info.minimumPlatformVersion > versionInfo.platformVersion) {
                         logger.warn("Not loading CorDapp ${it.info.shortName} (${it.info.vendor}) as it requires minimum " +
@@ -202,7 +202,8 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
     private fun scanCordapp(cordappJarPath: RestrictedURL): RestrictedScanResult {
         logger.info("Scanning CorDapp in ${cordappJarPath.url}")
         return cachedScanResult.computeIfAbsent(cordappJarPath) {
-            RestrictedScanResult(FastClasspathScanner().addClassLoader(appClassLoader).overrideClasspath(cordappJarPath.url).scan(), cordappJarPath.qualifiedNamePrefix)
+            val scanResult = ClassGraph().addClassLoader(appClassLoader).overrideClasspath(cordappJarPath.url).enableAllInfo().scan()
+            RestrictedScanResult(scanResult, cordappJarPath.qualifiedNamePrefix)
         }
     }
 
@@ -239,40 +240,49 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
         return map { it.kotlin.objectOrNewInstance() }
     }
 
-    private inner class RestrictedScanResult(private val scanResult: ScanResult, private val qualifiedNamePrefix: String) {
+    private inner class RestrictedScanResult(private val scanResult: ScanResult, private val qualifiedNamePrefix: String) : AutoCloseable {
         fun getNamesOfClassesImplementing(type: KClass<*>): List<String> {
-            return scanResult.getNamesOfClassesImplementing(type.java)
-                    .filter { it.startsWith(qualifiedNamePrefix) }
+            return scanResult.getClassesImplementing(type.java.name).names.filter { it.startsWith(qualifiedNamePrefix) }
         }
 
         fun <T : Any> getClassesWithSuperclass(type: KClass<T>): List<Class<out T>> {
-            return scanResult.getNamesOfSubclassesOf(type.java)
+            return scanResult
+                    .getSubclasses(type.java.name)
+                    .names
                     .filter { it.startsWith(qualifiedNamePrefix) }
                     .mapNotNull { loadClass(it, type) }
-                    .filterNot { Modifier.isAbstract(it.modifiers) }
+                    .filterNot { it.isAbstractClass }
         }
 
         fun <T : Any> getClassesImplementing(type: KClass<T>): List<T> {
-            return scanResult.getNamesOfClassesImplementing(type.java)
+            return scanResult
+                    .getClassesImplementing(type.java.name)
+                    .names
                     .filter { it.startsWith(qualifiedNamePrefix) }
                     .mapNotNull { loadClass(it, type) }
-                    .filterNot { Modifier.isAbstract(it.modifiers) }
+                    .filterNot { it.isAbstractClass }
                     .map { it.kotlin.objectOrNewInstance() }
         }
 
         fun <T : Any> getClassesWithAnnotation(type: KClass<T>, annotation: KClass<out Annotation>): List<Class<out T>> {
-            return scanResult.getNamesOfClassesWithAnnotation(annotation.java)
+            return scanResult
+                    .getClassesWithAnnotation(annotation.java.name)
+                    .names
                     .filter { it.startsWith(qualifiedNamePrefix) }
                     .mapNotNull { loadClass(it, type) }
                     .filterNot { Modifier.isAbstract(it.modifiers) }
         }
 
         fun <T : Any> getConcreteClassesOfType(type: KClass<T>): List<Class<out T>> {
-            return scanResult.getNamesOfSubclassesOf(type.java)
+            return scanResult
+                    .getSubclasses(type.java.name)
+                    .names
                     .filter { it.startsWith(qualifiedNamePrefix) }
                     .mapNotNull { loadClass(it, type) }
-                    .filterNot { Modifier.isAbstract(it.modifiers) }
+                    .filterNot { it.isAbstractClass }
         }
+
+        override fun close() = scanResult.close()
     }
 }
 
diff --git a/serialization/build.gradle b/serialization/build.gradle
index eafc8cd155..fc1275c382 100644
--- a/serialization/build.gradle
+++ b/serialization/build.gradle
@@ -19,8 +19,8 @@ dependencies {
     // For AMQP serialisation.
     compile "org.apache.qpid:proton-j:$protonj_version"
 
-    // FastClasspathScanner: classpath scanning
-    compile "io.github.lukehutch:fast-classpath-scanner:$fast_classpath_scanner_version"
+    // ClassGraph: classpath scanning
+    compile "io.github.classgraph:classgraph:$class_graph_version"
 
     // Pure-Java Snappy compression
     compile "org.iq80.snappy:snappy:$snappy_version"
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
index 94c0d2223f..f6b5556f82 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
@@ -2,11 +2,12 @@
 
 package net.corda.serialization.internal.amqp
 
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
+import io.github.classgraph.ClassGraph
 import net.corda.core.DeleteForDJVM
 import net.corda.core.KeepForDJVM
 import net.corda.core.StubOutForDJVM
 import net.corda.core.cordapp.Cordapp
+import net.corda.core.internal.isAbstractClass
 import net.corda.core.internal.objectOrNewInstance
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.serialization.*
@@ -16,7 +17,6 @@ import net.corda.serialization.internal.CordaSerializationMagic
 import net.corda.serialization.internal.DefaultWhitelist
 import net.corda.serialization.internal.MutableClassWhitelist
 import net.corda.serialization.internal.SerializationScheme
-import java.lang.reflect.Modifier
 import java.util.*
 
 val AMQP_ENABLED get() = SerializationDefaults.P2P_CONTEXT.preferredSerializationVersion == amqpMagic
@@ -72,10 +72,16 @@ abstract class AbstractAMQPSerializationScheme(
         @StubOutForDJVM
         private fun scanClasspathForSerializers(scanSpec: String): List<SerializationCustomSerializer<*, *>> =
                 this::class.java.classLoader.let { cl ->
-                    FastClasspathScanner(scanSpec).addClassLoader(cl).scan()
-                            .getNamesOfClassesImplementing(SerializationCustomSerializer::class.java)
-                            .map { cl.loadClass(it).asSubclass(SerializationCustomSerializer::class.java) }
-                            .filterNot { Modifier.isAbstract(it.modifiers) }
+                    ClassGraph()
+                            .whitelistPackages(scanSpec)
+                            .addClassLoader(cl)
+                            .enableAllInfo()
+                            .scan()
+                            .use {
+                                val serializerClass = SerializationCustomSerializer::class.java
+                                it.getClassesImplementing(serializerClass.name).loadClasses(serializerClass)
+                            }
+                            .filterNot { it.isAbstractClass }
                             .map { it.kotlin.objectOrNewInstance() }
                 }
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
index 6f755db697..6980e8eaca 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
@@ -1,6 +1,6 @@
 package net.corda.testing.node.internal
 
-import io.github.lukehutch.fastclasspathscanner.FastClasspathScanner
+import io.github.classgraph.ClassGraph
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.deleteIfExists
 import net.corda.core.internal.outputStream
@@ -69,9 +69,12 @@ fun Iterable<TestCorDapp>.packageInDirectory(directory: Path) {
  * Returns all classes within the [targetPackage].
  */
 fun allClassesForPackage(targetPackage: String): Set<Class<*>> {
-
-    val scanResult = FastClasspathScanner(targetPackage).strictWhitelist().scan()
-    return scanResult.namesOfAllClasses.filter { className -> className.startsWith(targetPackage) }.map(scanResult::classNameToClassRef).toSet()
+    return ClassGraph()
+            .whitelistPackages(targetPackage)
+            .enableAllInfo()
+            .scan()
+            .use { it.allClasses.loadClasses() }
+            .toSet()
 }
 
 /**

From b769ad80bd9b86cf795d3dda7364fa945ae39d8f Mon Sep 17 00:00:00 2001
From: szymonsztuka <szymon.sztuka@r3.com>
Date: Fri, 12 Oct 2018 16:54:39 +0100
Subject: [PATCH 39/83] CORDA-195 When collecting JAR Signatures allow
 META-INF/*.EC block signature to follow jarsinger tool capabilities  (#4065)

jarsigner can produce META-INF/*.EC block signature for EC algorithm (https://docs.oracle.com/javase/8/docs/technotes/tools/windows/jarsigner.html) even if this is contrary to JAR File spec (https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html). Allow block signature be also in *.EC file.
---
 .../core/internal/JarSignatureCollector.kt    |  7 +++++--
 .../internal/JarSignatureCollectorTest.kt     | 20 +++++++++++++++++--
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt b/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
index 70d8c84873..78d5a15517 100644
--- a/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
@@ -11,8 +11,11 @@ import java.util.jar.JarInputStream
  */
 object JarSignatureCollector {
 
-    /** @see <https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File> */
-    private val unsignableEntryName = "META-INF/(?:.*[.](?:SF|DSA|RSA)|SIG-.*)".toRegex()
+    /**
+     * @see <https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File>
+     * also accepting *.EC as this can be created and accepted by jarsigner tool @see https://docs.oracle.com/javase/8/docs/technotes/tools/windows/jarsigner.html
+     * and Java Security Manager. */
+    private val unsignableEntryName = "META-INF/(?:.*[.](?:SF|DSA|RSA|EC)|SIG-.*)".toRegex()
 
     /**
      * Returns an ordered list of every [Party] which has signed every signable item in the given [JarInputStream].
diff --git a/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt b/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
index b8620082d8..fed904c1fa 100644
--- a/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
+++ b/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
@@ -4,6 +4,7 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
+import net.corda.testing.core.CHARLIE_NAME
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.AfterClass
@@ -38,15 +39,18 @@ class JarSignatureCollectorTest {
         private const val ALICE_PASS = "alicepass"
         private const val BOB = "bob"
         private const val BOB_PASS = "bobpass"
+        private const val CHARLIE = "Charlie"
+        private const val CHARLIE_PASS = "charliepass"
 
-        private fun generateKey(alias: String, password: String, name: CordaX500Name) =
-                execute("keytool", "-genkey", "-keystore", "_teststore", "-storepass", "storepass", "-keyalg", "RSA", "-alias", alias, "-keypass", password, "-dname", name.toString())
+        private fun generateKey(alias: String, password: String, name: CordaX500Name, keyalg: String = "RSA") =
+                execute("keytool", "-genkey", "-keystore", "_teststore", "-storepass", "storepass", "-keyalg", keyalg, "-alias", alias, "-keypass", password, "-dname", name.toString())
 
         @BeforeClass
         @JvmStatic
         fun beforeClass() {
             generateKey(ALICE, ALICE_PASS, ALICE_NAME)
             generateKey(BOB, BOB_PASS, BOB_NAME)
+            generateKey(CHARLIE, CHARLIE_PASS, CHARLIE_NAME, "EC")
 
             (dir / "_signable1").writeLines(listOf("signable1"))
             (dir / "_signable2").writeLines(listOf("signable2"))
@@ -141,6 +145,18 @@ class JarSignatureCollectorTest {
         assertFailsWith<SecurityException> { getJarSigners() }
     }
 
+    // Signing using EC algorithm produced JAR File spec incompatible signature block (META-INF/*.EC) which is anyway accepted by jarsiner, see [JarSignatureCollector]
+    @Test
+    fun `one signer with EC sign algorithm`() {
+        createJar("_signable1", "_signable2")
+        signJar(CHARLIE, CHARLIE_PASS)
+        assertEquals(listOf(CHARLIE_NAME), getJarSigners().names) // We only reused CHARLIE's distinguished name, so the keys will be different.
+
+        (dir / "my-dir").createDirectory()
+        updateJar("my-dir")
+        assertEquals(listOf(CHARLIE_NAME), getJarSigners().names) // Unsigned directory is irrelevant.
+    }
+
     //region Helper functions
     private fun createJar(vararg contents: String) =
             execute(*(arrayOf("jar", "cvf", FILENAME) + contents))

From 2c9a942e1a15d4d7c6f403915229b187f1d93de2 Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Mon, 15 Oct 2018 10:11:18 +0100
Subject: [PATCH 40/83] CORDA-2088: Simplified the TestCordapp public API
 (#4064)

The entry point to the API has been simplified to just requireing a list of packages to scan, with sensible defaults provided for the metadata. Because of the wither methods, having parameters for the metadata (with default values) seems unnecessary. Also the ability to scan just individual classes has been made internal, as it seems unlikely app developers would need that level of control when testing their apps.

TestCordappImpl is a data class and thus acts as a natural key for the Jar caching, where previously the key was the package names. This fixes an issue where it was not possible to create two CorDapp Jars of the same package but different metadata.
---
 .ci/api-current.txt                           |  89 +-------
 ...tachmentsClassLoaderStaticContractTests.kt |  29 +--
 .../node/flows/AsymmetricCorDappsTests.kt     |  29 +--
 ...owCheckpointVersionNodeStartupCheckTest.kt | 201 ++++++++---------
 .../node/services/AttachmentLoadingTests.kt   |  20 +-
 .../cordapp/JarScanningCordappLoader.kt       |  10 +-
 .../node/internal/cordapp/ManifestUtils.kt    |   3 +-
 .../net/corda/node/flows/cordapp.properties   |   1 -
 .../cordapp/JarScanningCordappLoaderTest.kt   |  43 +---
 .../node/services/FinalityHandlerTest.kt      |   9 +-
 .../kotlin/net/corda/testing/driver/Driver.kt |  29 +--
 .../net/corda/testing/driver/DriverDSL.kt     |   7 +-
 .../net/corda/testing/driver/TestCorDapp.kt   |  85 -------
 .../net/corda/testing/node/MockNetwork.kt     |  44 ++--
 .../net/corda/testing/node/MockServices.kt    |   8 +-
 .../net/corda/testing/node/TestCordapp.kt     |  69 ++++++
 .../testing/node/internal/DriverDSLImpl.kt    |  59 +++--
 .../node/internal/InternalMockNetwork.kt      |  14 +-
 .../node/internal/MutableTestCorDapp.kt       |  73 ------
 .../testing/node/internal/NodeBasedTest.kt    |   5 +-
 .../corda/testing/node/internal/RPCDriver.kt  |   4 +-
 .../node/internal/TestCordappDirectories.kt   |  70 ++----
 .../testing/node/internal/TestCordappImpl.kt  |  26 +++
 .../node/internal/TestCordappsUtils.kt        | 208 +++---------------
 .../node/internal/TestCordappsUtilsTest.kt    |  93 ++++++++
 .../corda/testing/node/internal/resource.txt  |   0
 26 files changed, 475 insertions(+), 753 deletions(-)
 delete mode 100644 node/src/main/resources/net/corda/node/flows/cordapp.properties
 delete mode 100644 testing/node-driver/src/main/kotlin/net/corda/testing/driver/TestCorDapp.kt
 create mode 100644 testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
 delete mode 100644 testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MutableTestCorDapp.kt
 create mode 100644 testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
 create mode 100644 testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt
 create mode 100644 testing/node-driver/src/test/resources/net/corda/testing/node/internal/resource.txt

diff --git a/.ci/api-current.txt b/.ci/api-current.txt
index 13ae84905c..8d3efd6638 100644
--- a/.ci/api-current.txt
+++ b/.ci/api-current.txt
@@ -5822,8 +5822,6 @@ public interface net.corda.testing.driver.DriverDSL
   @NotNull
   public abstract net.corda.core.concurrent.CordaFuture<net.corda.testing.driver.NodeHandle> startNode(net.corda.testing.driver.NodeParameters, net.corda.core.identity.CordaX500Name, java.util.List<net.corda.testing.node.User>, net.corda.testing.driver.VerifierType, java.util.Map<String, ?>, Boolean, String)
   @NotNull
-  public abstract net.corda.core.concurrent.CordaFuture<net.corda.testing.driver.NodeHandle> startNode(net.corda.testing.driver.NodeParameters, net.corda.core.identity.CordaX500Name, java.util.List<net.corda.testing.node.User>, net.corda.testing.driver.VerifierType, java.util.Map<String, ?>, Boolean, String, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>, boolean)
-  @NotNull
   public abstract net.corda.core.concurrent.CordaFuture<net.corda.testing.driver.WebserverHandle> startWebserver(net.corda.testing.driver.NodeHandle)
   @NotNull
   public abstract net.corda.core.concurrent.CordaFuture<net.corda.testing.driver.WebserverHandle> startWebserver(net.corda.testing.driver.NodeHandle, String)
@@ -5832,10 +5830,7 @@ public final class net.corda.testing.driver.DriverParameters extends java.lang.O
   public <init>()
   public <init>(boolean, java.nio.file.Path, net.corda.testing.driver.PortAllocation, net.corda.testing.driver.PortAllocation, java.util.Map<String, String>, boolean, boolean, boolean, java.util.List<net.corda.testing.node.NotarySpec>, java.util.List<String>, net.corda.testing.driver.JmxPolicy, net.corda.core.node.NetworkParameters)
   public <init>(boolean, java.nio.file.Path, net.corda.testing.driver.PortAllocation, net.corda.testing.driver.PortAllocation, java.util.Map<String, String>, boolean, boolean, boolean, java.util.List<net.corda.testing.node.NotarySpec>, java.util.List<String>, net.corda.testing.driver.JmxPolicy, net.corda.core.node.NetworkParameters, java.util.Map<String, ?>, boolean, boolean)
-  public <init>(boolean, java.nio.file.Path, net.corda.testing.driver.PortAllocation, net.corda.testing.driver.PortAllocation, java.util.Map<String, String>, boolean, boolean, boolean, java.util.List<net.corda.testing.node.NotarySpec>, java.util.List<String>, net.corda.testing.driver.JmxPolicy, net.corda.core.node.NetworkParameters, java.util.Map<String, ?>, boolean, boolean, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
-  public <init>(boolean, java.nio.file.Path, net.corda.testing.driver.PortAllocation, net.corda.testing.driver.PortAllocation, java.util.Map<String, String>, boolean, boolean, boolean, java.util.List<net.corda.testing.node.NotarySpec>, java.util.List<String>, net.corda.testing.driver.JmxPolicy, net.corda.core.node.NetworkParameters, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
   public <init>(boolean, java.nio.file.Path, net.corda.testing.driver.PortAllocation, net.corda.testing.driver.PortAllocation, java.util.Map<String, String>, boolean, boolean, boolean, java.util.List<net.corda.testing.node.NotarySpec>, java.util.List<String>, net.corda.testing.driver.JmxPolicy, net.corda.core.node.NetworkParameters, boolean, boolean)
-  public <init>(boolean, java.nio.file.Path, net.corda.testing.driver.PortAllocation, net.corda.testing.driver.PortAllocation, java.util.Map<String, String>, boolean, boolean, boolean, java.util.List<net.corda.testing.node.NotarySpec>, java.util.List<String>, net.corda.testing.driver.JmxPolicy, net.corda.core.node.NetworkParameters, boolean, boolean, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
   public final boolean component1()
   @NotNull
   public final java.util.List<String> component10()
@@ -6028,75 +6023,6 @@ public static final class net.corda.testing.driver.PortAllocation$Incremental ex
   public final java.util.concurrent.atomic.AtomicInteger getPortCounter()
   public int nextPort()
 ##
-@DoNotImplement
-public interface net.corda.testing.driver.TestCorDapp
-  @NotNull
-  public abstract java.util.Set<Class<?>> getClasses()
-  @NotNull
-  public abstract String getName()
-  @NotNull
-  public abstract java.util.Set<java.net.URL> getResources()
-  @NotNull
-  public abstract String getTitle()
-  @NotNull
-  public abstract String getVendor()
-  @NotNull
-  public abstract String getVersion()
-  @NotNull
-  public abstract java.nio.file.Path packageAsJarInDirectory(java.nio.file.Path)
-  public abstract void packageAsJarWithPath(java.nio.file.Path)
-##
-public static final class net.corda.testing.driver.TestCorDapp$Factory extends java.lang.Object
-  public <init>()
-  @NotNull
-  public static final net.corda.testing.driver.TestCorDapp$Mutable create(String, String, String, String, java.util.Set<? extends Class<?>>, kotlin.jvm.functions.Function2<? super String, ? super java.net.URL, Boolean>)
-  public static final net.corda.testing.driver.TestCorDapp$Factory$Companion Companion
-##
-public static final class net.corda.testing.driver.TestCorDapp$Factory$Companion extends java.lang.Object
-  @NotNull
-  public final net.corda.testing.driver.TestCorDapp$Mutable create(String, String, String, String, java.util.Set<? extends Class<?>>, kotlin.jvm.functions.Function2<? super String, ? super java.net.URL, Boolean>)
-##
-@DoNotImplement
-public static interface net.corda.testing.driver.TestCorDapp$Mutable extends net.corda.testing.driver.TestCorDapp
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minus(Class<?>)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minusPackage(Package)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minusPackage(String)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minusPackages(Package, Package...)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minusPackages(String, String...)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minusPackages(java.util.Set<String>)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable minusResource(String, java.net.URL)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plus(Class<?>)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plusPackage(Package)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plusPackage(String)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plusPackages(Package, Package...)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plusPackages(String, String...)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plusPackages(java.util.Set<String>)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable plusResource(String, java.net.URL)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable withClasses(java.util.Set<? extends Class<?>>)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable withName(String)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable withTitle(String)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable withVendor(String)
-  @NotNull
-  public abstract net.corda.testing.driver.TestCorDapp$Mutable withVersion(String)
-##
 public final class net.corda.testing.driver.VerifierType extends java.lang.Enum
   protected <init>()
   public static net.corda.testing.driver.VerifierType valueOf(String)
@@ -6238,9 +6164,9 @@ public class net.corda.testing.node.MockNetwork extends java.lang.Object
   @NotNull
   public final net.corda.testing.node.StartedMockNode createNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>)
   @NotNull
-  public final net.corda.testing.node.StartedMockNode createNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.List<String>)
+  public final net.corda.testing.node.StartedMockNode createNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Collection<? extends net.corda.testing.node.TestCordapp>)
   @NotNull
-  public final net.corda.testing.node.StartedMockNode createNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
+  public final net.corda.testing.node.StartedMockNode createNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.List<String>)
   @NotNull
   public final net.corda.testing.node.StartedMockNode createNode(net.corda.testing.node.MockNodeParameters)
   @NotNull
@@ -6256,9 +6182,9 @@ public class net.corda.testing.node.MockNetwork extends java.lang.Object
   @NotNull
   public final net.corda.testing.node.UnstartedMockNode createUnstartedNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>)
   @NotNull
-  public final net.corda.testing.node.UnstartedMockNode createUnstartedNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.List<String>)
+  public final net.corda.testing.node.UnstartedMockNode createUnstartedNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Collection<? extends net.corda.testing.node.TestCordapp>)
   @NotNull
-  public final net.corda.testing.node.UnstartedMockNode createUnstartedNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
+  public final net.corda.testing.node.UnstartedMockNode createUnstartedNode(net.corda.core.identity.CordaX500Name, Integer, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.List<String>)
   @NotNull
   public final net.corda.testing.node.UnstartedMockNode createUnstartedNode(net.corda.testing.node.MockNodeParameters)
   @NotNull
@@ -6339,8 +6265,7 @@ public final class net.corda.testing.node.MockNetworkParameters extends java.lan
 public final class net.corda.testing.node.MockNodeParameters extends java.lang.Object
   public <init>()
   public <init>(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>)
-  public <init>(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.List<String>)
-  public <init>(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
+  public <init>(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Collection<? extends net.corda.testing.node.TestCordapp>)
   @Nullable
   public final Integer component1()
   @Nullable
@@ -6352,9 +6277,7 @@ public final class net.corda.testing.node.MockNodeParameters extends java.lang.O
   @NotNull
   public final net.corda.testing.node.MockNodeParameters copy(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>)
   @NotNull
-  public final net.corda.testing.node.MockNodeParameters copy(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.List<String>)
-  @NotNull
-  public final net.corda.testing.node.MockNodeParameters copy(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Set<? extends net.corda.testing.driver.TestCorDapp>)
+  public final net.corda.testing.node.MockNodeParameters copy(Integer, net.corda.core.identity.CordaX500Name, java.math.BigInteger, kotlin.jvm.functions.Function1<? super net.corda.node.services.config.NodeConfiguration, ?>, java.util.Collection<? extends net.corda.testing.node.TestCordapp>)
   public boolean equals(Object)
   @NotNull
   public final kotlin.jvm.functions.Function1<net.corda.node.services.config.NodeConfiguration, Object> getConfigOverrides()
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt
index c699439e19..f7b7f49cfe 100644
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoaderStaticContractTests.kt
@@ -15,7 +15,6 @@ import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
 import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.transactions.TransactionBuilder
-import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.cordapp.CordappProviderImpl
 import net.corda.node.internal.cordapp.JarScanningCordappLoader
@@ -25,16 +24,13 @@ import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.internal.MockCordappConfigProvider
 import net.corda.testing.internal.rigorousMock
+import net.corda.testing.node.internal.TestCordappDirectories
 import net.corda.testing.node.internal.cordappsForPackages
-import net.corda.testing.node.internal.getTimestampAsDirectoryName
-import net.corda.testing.node.internal.packageInDirectory
 import net.corda.testing.services.MockAttachmentStorage
+import org.assertj.core.api.Assertions.assertThat
 import org.junit.Assert.assertEquals
-import org.junit.Assert.assertNotNull
 import org.junit.Rule
 import org.junit.Test
-import java.nio.file.Path
-import java.nio.file.Paths
 
 class AttachmentsClassLoaderStaticContractTests {
     private companion object {
@@ -101,22 +97,11 @@ class AttachmentsClassLoaderStaticContractTests {
     @Test
     fun `verify that contract DummyContract is in classPath`() {
         val contractClass = Class.forName("net.corda.nodeapi.internal.AttachmentsClassLoaderStaticContractTests\$AttachmentDummyContract")
-        val contract = contractClass.newInstance() as Contract
-
-        assertNotNull(contract)
+        assertThat(contractClass.newInstance()).isInstanceOf(Contract::class.java)
     }
 
-    private fun cordappLoaderForPackages(packages: Iterable<String>): CordappLoader {
-
-        val cordapps = cordappsForPackages(packages)
-        return testDirectory().let { directory ->
-            cordapps.packageInDirectory(directory)
-            JarScanningCordappLoader.fromDirectories(listOf(directory), VersionInfo.UNKNOWN)
-        }
+    private fun cordappLoaderForPackages(packages: Collection<String>): CordappLoader {
+        val dirs = cordappsForPackages(packages).map { TestCordappDirectories.getJarDirectory(it) }
+        return JarScanningCordappLoader.fromDirectories(dirs)
     }
-
-    private fun testDirectory(): Path {
-
-        return Paths.get("build", getTimestampAsDirectoryName())
-    }
-}
\ No newline at end of file
+}
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt b/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt
index 2875c21527..6e1e07d8ee 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/AsymmetricCorDappsTests.kt
@@ -4,7 +4,6 @@ import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.flows.*
 import net.corda.core.identity.Party
 import net.corda.core.internal.concurrent.transpose
-import net.corda.core.internal.packageName
 import net.corda.core.messaging.startFlow
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
@@ -12,8 +11,8 @@ import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.driver.DriverParameters
-import net.corda.testing.driver.TestCorDapp
 import net.corda.testing.driver.driver
+import net.corda.testing.node.internal.cordappForClasses
 import org.junit.Test
 import kotlin.test.assertEquals
 
@@ -46,23 +45,18 @@ class AsymmetricCorDappsTests {
     }
 
     @Test
-    fun noSharedCorDappsWithAsymmetricSpecificClasses() {
-
+    fun `no shared cordapps with asymmetric specific classes`() {
         driver(DriverParameters(startNodesInProcess = false, cordappsForAllNodes = emptySet())) {
-
-            val nodeA = startNode(providedName = ALICE_NAME, additionalCordapps = setOf(TestCorDapp.Factory.create("Szymon CorDapp", "1.0", classes = setOf(Ping::class.java)))).getOrThrow()
-            val nodeB = startNode(providedName = BOB_NAME, additionalCordapps = setOf(TestCorDapp.Factory.create("Szymon CorDapp", "1.0", classes = setOf(Ping::class.java, Pong::class.java)))).getOrThrow()
+            val nodeA = startNode(providedName = ALICE_NAME, additionalCordapps = setOf(cordappForClasses(Ping::class.java))).getOrThrow()
+            val nodeB = startNode(providedName = BOB_NAME, additionalCordapps = setOf(cordappForClasses(Ping::class.java, Pong::class.java))).getOrThrow()
             nodeA.rpc.startFlow(::Ping, nodeB.nodeInfo.singleIdentity(), 1).returnValue.getOrThrow()
         }
     }
 
     @Test
-    fun sharedCorDappsWithAsymmetricSpecificClasses() {
-
-        val resourceName = "cordapp.properties"
-        val cordappPropertiesResource = this::class.java.getResource(resourceName)
-        val sharedCordapp = TestCorDapp.Factory.create("shared", "1.0", classes = setOf(Ping::class.java)).plusResource("${AsymmetricCorDappsTests::class.java.packageName}.$resourceName", cordappPropertiesResource)
-        val cordappForNodeB = TestCorDapp.Factory.create("nodeB_only", "1.0", classes = setOf(Pong::class.java))
+    fun `shared cordapps with asymmetric specific classes`() {
+        val sharedCordapp = cordappForClasses(Ping::class.java)
+        val cordappForNodeB = cordappForClasses(Pong::class.java)
         driver(DriverParameters(startNodesInProcess = false, cordappsForAllNodes = setOf(sharedCordapp))) {
 
             val (nodeA, nodeB) = listOf(startNode(providedName = ALICE_NAME), startNode(providedName = BOB_NAME, additionalCordapps = setOf(cordappForNodeB))).transpose().getOrThrow()
@@ -71,12 +65,9 @@ class AsymmetricCorDappsTests {
     }
 
     @Test
-    fun sharedCorDappsWithAsymmetricSpecificClassesInProcess() {
-
-        val resourceName = "cordapp.properties"
-        val cordappPropertiesResource = this::class.java.getResource(resourceName)
-        val sharedCordapp = TestCorDapp.Factory.create("shared", "1.0", classes = setOf(Ping::class.java)).plusResource("${AsymmetricCorDappsTests::class.java.packageName}.$resourceName", cordappPropertiesResource)
-        val cordappForNodeB = TestCorDapp.Factory.create("nodeB_only", "1.0", classes = setOf(Pong::class.java))
+    fun `shared cordapps with asymmetric specific classes in process`() {
+        val sharedCordapp = cordappForClasses(Ping::class.java)
+        val cordappForNodeB = cordappForClasses(Pong::class.java)
         driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = setOf(sharedCordapp))) {
 
             val (nodeA, nodeB) = listOf(startNode(providedName = ALICE_NAME), startNode(providedName = BOB_NAME, additionalCordapps = setOf(cordappForNodeB))).transpose().getOrThrow()
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
index ab2d706403..169ba207ce 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
@@ -1,27 +1,30 @@
 package net.corda.node.flows
 
-import net.corda.client.rpc.CordaRPCClient
+import net.corda.core.internal.concurrent.transpose
 import net.corda.core.internal.div
 import net.corda.core.internal.list
+import net.corda.core.internal.moveTo
 import net.corda.core.internal.readLines
 import net.corda.core.messaging.startTrackedFlow
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.internal.CheckpointIncompatibleException
 import net.corda.node.internal.NodeStartup
-import net.corda.node.services.Permissions.Companion.invokeRpc
-import net.corda.node.services.Permissions.Companion.startFlow
-import net.corda.testMessage.Message
-import net.corda.testMessage.MessageState
+import net.corda.testMessage.*
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.singleIdentity
+import net.corda.testing.driver.DriverDSL
 import net.corda.testing.driver.DriverParameters
-import net.corda.testing.driver.TestCorDapp
 import net.corda.testing.driver.driver
-import net.corda.testing.node.User
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.internal.ListenProcessDeathException
+import net.corda.testing.node.internal.TestCordappDirectories
+import net.corda.testing.node.internal.cordappForClasses
+import net.test.cordapp.v1.Record
 import net.test.cordapp.v1.SendMessageFlow
 import org.junit.Test
+import java.nio.file.StandardCopyOption.REPLACE_EXISTING
+import java.util.*
 import java.util.concurrent.TimeUnit
 import kotlin.test.assertEquals
 import kotlin.test.assertFailsWith
@@ -30,125 +33,111 @@ import kotlin.test.assertNotNull
 class FlowCheckpointVersionNodeStartupCheckTest {
     companion object {
         val message = Message("Hello world!")
-        val classes = setOf(net.corda.testMessage.MessageState::class.java,
-                net.corda.testMessage.MessageContract::class.java,
-                net.test.cordapp.v1.SendMessageFlow::class.java,
-                net.corda.testMessage.MessageSchema::class.java,
-                net.corda.testMessage.MessageSchemaV1::class.java,
-                net.test.cordapp.v1.Record::class.java)
-        val user = User("mark", "dadada", setOf(startFlow<SendMessageFlow>(), invokeRpc("vaultQuery"), invokeRpc("vaultTrack")))
+        val defaultCordapp = cordappForClasses(
+                MessageState::class.java,
+                MessageContract::class.java,
+                SendMessageFlow::class.java,
+                MessageSchema::class.java,
+                MessageSchemaV1::class.java,
+                Record::class.java
+        )
     }
 
     @Test
     fun `restart node successfully with suspended flow`() {
-
-        val cordapps = setOf(TestCorDapp.Factory.create("testJar", "1.0", classes = classes))
-
-        return driver(DriverParameters(isDebug = true, startNodesInProcess = false, inMemoryDB = false, cordappsForAllNodes = cordapps)) {
-            {
-                val alice = startNode(rpcUsers = listOf(user), providedName = ALICE_NAME).getOrThrow()
-                val bob = startNode(rpcUsers = listOf(user), providedName = BOB_NAME).getOrThrow()
-                alice.stop()
-                CordaRPCClient(bob.rpcAddress).start(user.username, user.password).use {
-                    val flowTracker = it.proxy.startTrackedFlow(::SendMessageFlow, message, defaultNotaryIdentity, alice.nodeInfo.singleIdentity()).progress
-                    //wait until Bob progresses as far as possible because alice node is off
-                    flowTracker.takeFirst { it == SendMessageFlow.Companion.FINALISING_TRANSACTION.label }.toBlocking().single()
-                }
-                bob.stop()
-            }()
-            val result = {
-                //Bob will resume the flow
-                val alice = startNode(rpcUsers = listOf(user), providedName = ALICE_NAME, customOverrides = mapOf("devMode" to false)).getOrThrow()
-                startNode(providedName = BOB_NAME, rpcUsers = listOf(user), customOverrides = mapOf("devMode" to false)).getOrThrow()
-                CordaRPCClient(alice.rpcAddress).start(user.username, user.password).use {
-                    val page = it.proxy.vaultTrack(MessageState::class.java)
-                    if (page.snapshot.states.isNotEmpty()) {
-                        page.snapshot.states.first()
-                    } else {
-                        val r = page.updates.timeout(5, TimeUnit.SECONDS).take(1).toBlocking().single()
-                        if (r.consumed.isNotEmpty()) r.consumed.first() else r.produced.first()
-                    }
-                }
-            }()
+        return driver(parametersForRestartingNodes(listOf(defaultCordapp))) {
+            createSuspendedFlowInBob(cordapps = emptySet())
+            // Bob will resume the flow
+            val alice = startNode(providedName = ALICE_NAME).getOrThrow()
+            startNode(providedName = BOB_NAME).getOrThrow()
+            val page = alice.rpc.vaultTrack(MessageState::class.java)
+            val result = if (page.snapshot.states.isNotEmpty()) {
+                page.snapshot.states.first()
+            } else {
+                val r = page.updates.timeout(5, TimeUnit.SECONDS).take(1).toBlocking().single()
+                if (r.consumed.isNotEmpty()) r.consumed.first() else r.produced.first()
+            }
             assertNotNull(result)
             assertEquals(message, result.state.data.message)
         }
     }
 
-    private fun assertNodeRestartFailure(
-            cordapps: Set<TestCorDapp>?,
-            cordappsVersionAtStartup: Set<TestCorDapp>,
-            cordappsVersionAtRestart: Set<TestCorDapp>,
-            reuseAdditionalCordappsAtRestart: Boolean,
-            assertNodeLogs: String
-    ) {
+    @Test
+    fun `restart node with incompatible version of suspended flow due to different jar name`() {
+        driver(parametersForRestartingNodes()) {
+            val cordapp = defaultCordapp.withName("different-jar-name-test-${UUID.randomUUID()}")
+            // Create the CorDapp jar file manually first to get hold of the directory that will contain it so that we can
+            // rename the filename later. The cordappDir, which acts as pointer to the jar file, does not get renamed.
+            val cordappDir = TestCordappDirectories.getJarDirectory(cordapp)
+            val cordappJar = cordappDir.list().single()
 
-        return driver(DriverParameters(
-                startNodesInProcess = false, // start nodes in separate processes to ensure CordappLoader is not shared between restarts
-                inMemoryDB = false, // ensure database is persisted between node restarts so we can keep suspended flow in Bob's node
-                cordappsForAllNodes = cordapps)
-        ) {
-            val bobLogFolder = {
-                val alice = startNode(rpcUsers = listOf(user), providedName = ALICE_NAME, additionalCordapps = cordappsVersionAtStartup).getOrThrow()
-                val bob = startNode(rpcUsers = listOf(user), providedName = BOB_NAME, additionalCordapps = cordappsVersionAtStartup).getOrThrow()
-                alice.stop()
-                CordaRPCClient(bob.rpcAddress).start(user.username, user.password).use {
-                    val flowTracker = it.proxy.startTrackedFlow(::SendMessageFlow, message, defaultNotaryIdentity, alice.nodeInfo.singleIdentity()).progress
-                    // wait until Bob progresses as far as possible because Alice node is offline
-                    flowTracker.takeFirst { it == SendMessageFlow.Companion.FINALISING_TRANSACTION.label }.toBlocking().single()
-                }
-                val logFolder = bob.baseDirectory / NodeStartup.LOGS_DIRECTORY_NAME
-                // SendMessageFlow suspends in Bob node
-                bob.stop()
-                logFolder
-            }()
+            createSuspendedFlowInBob(setOf(cordapp))
 
-            startNode(rpcUsers = listOf(user), providedName = ALICE_NAME, customOverrides = mapOf("devMode" to false),
-                    additionalCordapps = cordappsVersionAtRestart, regenerateCordappsOnStart = !reuseAdditionalCordappsAtRestart).getOrThrow()
+            // Rename the jar file. TestCordappDirectories caches the location of the jar file but the use of the random
+            // UUID in the name means there's zero chance of contaminating another test.
+            cordappJar.moveTo(cordappDir / "renamed-${cordappJar.fileName}")
 
-            assertFailsWith(ListenProcessDeathException::class) {
-                startNode(providedName = BOB_NAME, rpcUsers = listOf(user), customOverrides = mapOf("devMode" to false),
-                        additionalCordapps = cordappsVersionAtRestart, regenerateCordappsOnStart = !reuseAdditionalCordappsAtRestart).getOrThrow()
-            }
-
-            val logFile = bobLogFolder.list { it.filter { it.fileName.toString().endsWith(".log") }.findAny().get() }
-            val numberOfNodesThatLogged = logFile.readLines { it.filter { assertNodeLogs in it }.count() }
-            assertEquals(1, numberOfNodesThatLogged)
+            assertBobFailsToStartWithLogMessage(
+                    setOf(cordapp),
+                    CheckpointIncompatibleException.FlowNotInstalledException(SendMessageFlow::class.java).message
+            )
         }
     }
 
     @Test
-    fun `restart nodes with incompatible version of suspended flow due to different jar name`() {
+    fun `restart node with incompatible version of suspended flow due to different jar hash`() {
+        driver(parametersForRestartingNodes()) {
+            val originalCordapp = defaultCordapp.withName("different-jar-hash-test-${UUID.randomUUID()}")
+            val originalCordappJar = TestCordappDirectories.getJarDirectory(originalCordapp).list().single()
 
-        assertNodeRestartFailure(
-                emptySet(),
-                setOf(TestCorDapp.Factory.create("testJar", "1.0", classes = classes)),
-                setOf(TestCorDapp.Factory.create("testJar2", "1.0", classes = classes)),
-                false,
-                CheckpointIncompatibleException.FlowNotInstalledException(SendMessageFlow::class.java).message)
+            createSuspendedFlowInBob(setOf(originalCordapp))
+
+            // The vendor is part of the MANIFEST so changing it is sufficient to change the jar hash
+            val modifiedCordapp = originalCordapp.withVendor("${originalCordapp.vendor}-modified")
+            val modifiedCordappJar = TestCordappDirectories.getJarDirectory(modifiedCordapp).list().single()
+            modifiedCordappJar.moveTo(originalCordappJar, REPLACE_EXISTING)
+
+            assertBobFailsToStartWithLogMessage(
+                    setOf(originalCordapp),
+                    // The part of the log message generated by CheckpointIncompatibleException.FlowVersionIncompatibleException
+                    "that is incompatible with the current installed version of"
+            )
+        }
     }
 
-    @Test
-    fun `restart nodes with incompatible version of suspended flow`() {
-
-        assertNodeRestartFailure(
-                emptySet(),
-                setOf(TestCorDapp.Factory.create("testJar", "1.0", classes = classes)),
-                setOf(TestCorDapp.Factory.create("testJar", "1.0", classes = classes + net.test.cordapp.v1.SendMessageFlow::class.java)),
-                false,
-                // the part of the log message generated by CheckpointIncompatibleException.FlowVersionIncompatibleException
-                "that is incompatible with the current installed version of")
+    private fun DriverDSL.createSuspendedFlowInBob(cordapps: Set<TestCordapp>) {
+        val (alice, bob) = listOf(ALICE_NAME, BOB_NAME)
+                .map { startNode(providedName = it, additionalCordapps = cordapps) }
+                .transpose()
+                .getOrThrow()
+        alice.stop()
+        val flowTracker = bob.rpc.startTrackedFlow(::SendMessageFlow, message, defaultNotaryIdentity, alice.nodeInfo.singleIdentity()).progress
+        // Wait until Bob progresses as far as possible because Alice node is offline
+        flowTracker.takeFirst { it == SendMessageFlow.Companion.FINALISING_TRANSACTION.label }.toBlocking().single()
+        bob.stop()
     }
 
-    @Test
-    fun `restart nodes with incompatible version of suspended flow due to different timestamps only`() {
+    private fun DriverDSL.assertBobFailsToStartWithLogMessage(cordapps: Collection<TestCordapp>, logMessage: String) {
+        assertFailsWith(ListenProcessDeathException::class) {
+            startNode(
+                    providedName = BOB_NAME,
+                    customOverrides = mapOf("devMode" to false),
+                    additionalCordapps = cordapps,
+                    regenerateCordappsOnStart = true
+            ).getOrThrow()
+        }
 
-        assertNodeRestartFailure(
-                emptySet(),
-                setOf(TestCorDapp.Factory.create("testJar", "1.0", classes = classes)),
-                setOf(TestCorDapp.Factory.create("testJar", "1.0", classes = classes)),
-                false,
-                // the part of the log message generated by CheckpointIncompatibleException.FlowVersionIncompatibleException
-                "that is incompatible with the current installed version of")
+        val logDir = baseDirectory(BOB_NAME) / NodeStartup.LOGS_DIRECTORY_NAME
+        val logFile = logDir.list { it.filter { it.fileName.toString().endsWith(".log") }.findAny().get() }
+        val matchingLineCount = logFile.readLines { it.filter { line -> logMessage in line }.count() }
+        assertEquals(1, matchingLineCount)
     }
-}
\ No newline at end of file
+
+    private fun parametersForRestartingNodes(cordappsForAllNodes: List<TestCordapp> = emptyList()): DriverParameters {
+        return DriverParameters(
+                startNodesInProcess = false, // Start nodes in separate processes to ensure CordappLoader is not shared between restarts
+                inMemoryDB = false, // Ensure database is persisted between node restarts so we can keep suspended flows
+                cordappsForAllNodes = cordappsForAllNodes
+        )
+    }
+}
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
index b9e5029fc9..5f77275446 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
@@ -3,17 +3,11 @@ package net.corda.node.services
 import com.nhaarman.mockito_kotlin.doReturn
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.CordaRuntimeException
-import net.corda.core.contracts.Contract
-import net.corda.core.contracts.ContractState
-import net.corda.core.contracts.PartyAndReference
-import net.corda.core.contracts.StateAndRef
-import net.corda.core.contracts.StateRef
-import net.corda.core.contracts.TransactionState
+import net.corda.core.contracts.*
 import net.corda.core.cordapp.CordappProvider
 import net.corda.core.flows.FlowLogic
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
-import net.corda.core.internal.concurrent.transpose
 import net.corda.core.internal.toLedgerTransaction
 import net.corda.core.node.NetworkParameters
 import net.corda.core.node.ServicesForResolution
@@ -21,19 +15,16 @@ import net.corda.core.node.services.AttachmentStorage
 import net.corda.core.node.services.IdentityService
 import net.corda.core.serialization.SerializationFactory
 import net.corda.core.transactions.TransactionBuilder
-import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.VersionInfo
-import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.node.internal.cordapp.CordappProviderImpl
+import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.DUMMY_BANK_A_NAME
 import net.corda.testing.core.DUMMY_NOTARY_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
-import net.corda.testing.driver.DriverDSL
 import net.corda.testing.driver.DriverParameters
-import net.corda.testing.driver.NodeHandle
 import net.corda.testing.driver.driver
 import net.corda.testing.internal.MockCordappConfigProvider
 import net.corda.testing.internal.rigorousMock
@@ -59,7 +50,6 @@ class AttachmentLoadingTests {
     private val appContext get() = provider.getAppContext(cordapp)
 
     private companion object {
-        private val logger = contextLogger()
         val isolatedJAR = AttachmentLoadingTests::class.java.getResource("isolated.jar")!!
         const val ISOLATED_CONTRACT_ID = "net.corda.finance.contracts.isolated.AnotherDummyContract"
 
@@ -70,12 +60,6 @@ class AttachmentLoadingTests {
                         .asSubclass(FlowLogic::class.java)
         val DUMMY_BANK_A = TestIdentity(DUMMY_BANK_A_NAME, 40).party
         val DUMMY_NOTARY = TestIdentity(DUMMY_NOTARY_NAME, 20).party
-        private fun DriverDSL.createTwoNodes(): List<NodeHandle> {
-            return listOf(
-                    startNode(providedName = bankAName),
-                    startNode(providedName = bankBName)
-            ).transpose().getOrThrow()
-        }
     }
 
     private val services = object : ServicesForResolution {
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index 4981ae7977..ac1badeafe 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -61,11 +61,13 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
         /**
          * Creates a CordappLoader from multiple directories.
          *
-         * @param corDappDirectories Directories used to scan for CorDapp JARs.
+         * @param cordappDirs Directories used to scan for CorDapp JARs.
          */
-        fun fromDirectories(corDappDirectories: Iterable<Path>, versionInfo: VersionInfo = VersionInfo.UNKNOWN, extraCordapps: List<CordappImpl> = emptyList()): JarScanningCordappLoader {
-            logger.info("Looking for CorDapps in ${corDappDirectories.distinct().joinToString(", ", "[", "]")}")
-            val paths = corDappDirectories.distinct().flatMap(this::jarUrlsInDirectory).map { it.restricted() }
+        fun fromDirectories(cordappDirs: Collection<Path>,
+                            versionInfo: VersionInfo = VersionInfo.UNKNOWN,
+                            extraCordapps: List<CordappImpl> = emptyList()): JarScanningCordappLoader {
+            logger.info("Looking for CorDapps in ${cordappDirs.distinct().joinToString(", ", "[", "]")}")
+            val paths = cordappDirs.distinct().flatMap(this::jarUrlsInDirectory).map { it.restricted() }
             return JarScanningCordappLoader(paths, versionInfo, extraCordapps)
         }
 
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt
index 6e10661c86..fbca1b7eec 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/ManifestUtils.kt
@@ -5,7 +5,7 @@ import net.corda.core.internal.cordapp.CordappImpl.Info.Companion.UNKNOWN_VALUE
 import java.util.jar.Attributes
 import java.util.jar.Manifest
 
-fun createTestManifest(name: String, title: String, version: String, vendor: String): Manifest {
+fun createTestManifest(name: String, title: String, version: String, vendor: String, targetVersion: Int): Manifest {
     val manifest = Manifest()
 
     // Mandatory manifest attribute. If not present, all other entries are silently skipped.
@@ -20,6 +20,7 @@ fun createTestManifest(name: String, title: String, version: String, vendor: Str
     manifest["Implementation-Title"] = title
     manifest["Implementation-Version"] = version
     manifest["Implementation-Vendor"] = vendor
+    manifest["Target-Platform-Version"] = targetVersion.toString()
 
     return manifest
 }
diff --git a/node/src/main/resources/net/corda/node/flows/cordapp.properties b/node/src/main/resources/net/corda/node/flows/cordapp.properties
deleted file mode 100644
index 4b10332984..0000000000
--- a/node/src/main/resources/net/corda/node/flows/cordapp.properties
+++ /dev/null
@@ -1 +0,0 @@
-key=value
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
index 4dd255f414..176bbfb5d8 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
@@ -2,14 +2,12 @@ package net.corda.node.internal.cordapp
 
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.flows.*
+import net.corda.core.internal.packageName
 import net.corda.node.VersionInfo
-import net.corda.node.cordapp.CordappLoader
-import net.corda.testing.node.internal.cordappsForPackages
-import net.corda.testing.node.internal.getTimestampAsDirectoryName
-import net.corda.testing.node.internal.packageInDirectory
+import net.corda.testing.node.internal.TestCordappDirectories
+import net.corda.testing.node.internal.cordappForPackages
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
-import java.nio.file.Path
 import java.nio.file.Paths
 
 @InitiatingFlow
@@ -38,7 +36,6 @@ class DummyRPCFlow : FlowLogic<Unit>() {
 
 class JarScanningCordappLoaderTest {
     private companion object {
-        const val testScanPackage = "net.corda.node.internal.cordapp"
         const val isolatedContractId = "net.corda.finance.contracts.isolated.AnotherDummyContract"
         const val isolatedFlowName = "net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Initiator"
     }
@@ -70,32 +67,18 @@ class JarScanningCordappLoaderTest {
 
     @Test
     fun `flows are loaded by loader`() {
-        val loader = cordappLoaderForPackages(listOf(testScanPackage))
+        val dir = TestCordappDirectories.getJarDirectory(cordappForPackages(javaClass.packageName))
+        val loader = JarScanningCordappLoader.fromDirectories(listOf(dir))
 
-        val actual = loader.cordapps.toTypedArray()
         // One cordapp from this source tree. In gradle it will also pick up the node jar.
-        assertThat(actual.size == 0 || actual.size == 1).isTrue()
+        assertThat(loader.cordapps).isNotEmpty
 
-        val actualCordapp = actual.single { !it.initiatedFlows.isEmpty() }
+        val actualCordapp = loader.cordapps.single { !it.initiatedFlows.isEmpty() }
         assertThat(actualCordapp.initiatedFlows).first().hasSameClassAs(DummyFlow::class.java)
         assertThat(actualCordapp.rpcFlows).first().hasSameClassAs(DummyRPCFlow::class.java)
         assertThat(actualCordapp.schedulableFlows).first().hasSameClassAs(DummySchedulableFlow::class.java)
     }
 
-    @Test
-    fun `duplicate packages are ignored`() {
-        val loader = cordappLoaderForPackages(listOf(testScanPackage, testScanPackage))
-        val cordapps = loader.cordapps.filter { LoaderTestFlow::class.java in it.initiatedFlows }
-        assertThat(cordapps).hasSize(1)
-    }
-
-    @Test
-    fun `sub-packages are ignored`() {
-        val loader = cordappLoaderForPackages(listOf("net.corda.core", testScanPackage))
-        val cordapps = loader.cordapps.filter { LoaderTestFlow::class.java in it.initiatedFlows }
-        assertThat(cordapps).hasSize(1)
-    }
-
     // This test exists because the appClassLoader is used by serialisation and we need to ensure it is the classloader
     // being used internally. Later iterations will use a classloader per cordapp and this test can be retired.
     @Test
@@ -159,16 +142,4 @@ class JarScanningCordappLoaderTest {
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 2))
         assertThat(loader.cordapps).hasSize(1)
     }
-
-    private fun cordappLoaderForPackages(packages: Iterable<String>): CordappLoader {
-        val cordapps = cordappsForPackages(packages)
-        return testDirectory().let { directory ->
-            cordapps.packageInDirectory(directory)
-            JarScanningCordappLoader.fromDirectories(listOf(directory))
-        }
-    }
-
-    private fun testDirectory(): Path {
-        return Paths.get("build", getTimestampAsDirectoryName())
-    }
 }
diff --git a/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt b/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt
index 0f1e21be0e..f055b468fb 100644
--- a/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt
@@ -15,11 +15,7 @@ import net.corda.node.services.statemachine.StaffedFlowHospital.MedicalRecord.Ke
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.singleIdentity
-import net.corda.testing.driver.TestCorDapp
-import net.corda.testing.node.internal.InternalMockNetwork
-import net.corda.testing.node.internal.InternalMockNodeParameters
-import net.corda.testing.node.internal.TestStartedNode
-import net.corda.testing.node.internal.startFlow
+import net.corda.testing.node.internal.*
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.Test
@@ -38,8 +34,7 @@ class FinalityHandlerTest {
         // CorDapp. Bob's FinalityHandler will error when validating the tx.
         mockNet = InternalMockNetwork()
 
-        val assertCordapp = TestCorDapp.Factory.create("net.corda.finance.contracts.asset", "1.0").plusPackage("net.corda.finance.contracts.asset")
-        val alice = mockNet.createNode(InternalMockNodeParameters(legalName = ALICE_NAME, additionalCordapps = setOf(assertCordapp)))
+        val alice = mockNet.createNode(InternalMockNodeParameters(legalName = ALICE_NAME, additionalCordapps = setOf(FINANCE_CORDAPP)))
 
         var bob = mockNet.createNode(InternalMockNodeParameters(legalName = BOB_NAME))
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
index e413f5d90c..793c6fd8bb 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
@@ -19,6 +19,7 @@ import net.corda.testing.core.DUMMY_NOTARY_NAME
 import net.corda.testing.driver.PortAllocation.Incremental
 import net.corda.testing.driver.internal.internalServices
 import net.corda.testing.node.NotarySpec
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.User
 import net.corda.testing.node.internal.*
 import rx.Observable
@@ -134,8 +135,8 @@ abstract class PortAllocation {
  *     in. If null the Driver-level value will be used.
  * @property maximumHeapSize The maximum JVM heap size to use for the node.
  * @property logLevel Logging level threshold.
- * @property additionalCordapps Additional [TestCorDapp]s that this node will have available, in addition to the ones common to all nodes managed by the [DriverDSL].
- * @property regenerateCordappsOnStart Whether existing [TestCorDapp]s unique to this node will be re-generated on start. Useful when stopping and restarting the same node.
+ * @property additionalCordapps Additional [TestCordapp]s that this node will have available, in addition to the ones common to all nodes managed by the [DriverDSL].
+ * @property regenerateCordappsOnStart Whether existing [TestCordapp]s unique to this node will be re-generated on start. Useful when stopping and restarting the same node.
  */
 @Suppress("unused")
 data class NodeParameters(
@@ -146,7 +147,7 @@ data class NodeParameters(
         val startInSameProcess: Boolean? = null,
         val maximumHeapSize: String = "512m",
         val logLevel: String? = null,
-        val additionalCordapps: Set<TestCorDapp> = emptySet(),
+        val additionalCordapps: Collection<TestCordapp> = emptySet(),
         val regenerateCordappsOnStart: Boolean = false
 ) {
     /**
@@ -226,8 +227,8 @@ data class NodeParameters(
      * @param startInSameProcess Determines if the node should be started inside the same process the Driver is running
      *     in. If null the Driver-level value will be used.
      * @param maximumHeapSize The maximum JVM heap size to use for the node.
-     * @param additionalCordapps Additional [TestCorDapp]s that this node will have available, in addition to the ones common to all nodes managed by the [DriverDSL].
-     * @param regenerateCordappsOnStart Whether existing [TestCorDapp]s unique to this node will be re-generated on start. Useful when stopping and restarting the same node.
+     * @param additionalCordapps Additional [TestCordapp]s that this node will have available, in addition to the ones common to all nodes managed by the [DriverDSL].
+     * @param regenerateCordappsOnStart Whether existing [TestCordapp]s unique to this node will be re-generated on start. Useful when stopping and restarting the same node.
      */
     constructor(
             providedName: CordaX500Name?,
@@ -236,7 +237,7 @@ data class NodeParameters(
             customOverrides: Map<String, Any?>,
             startInSameProcess: Boolean?,
             maximumHeapSize: String,
-            additionalCordapps: Set<TestCorDapp> = emptySet(),
+            additionalCordapps: Set<TestCordapp> = emptySet(),
             regenerateCordappsOnStart: Boolean = false
     ) : this(
             providedName,
@@ -291,7 +292,7 @@ data class NodeParameters(
     fun withStartInSameProcess(startInSameProcess: Boolean?): NodeParameters = copy(startInSameProcess = startInSameProcess)
     fun withMaximumHeapSize(maximumHeapSize: String): NodeParameters = copy(maximumHeapSize = maximumHeapSize)
     fun withLogLevel(logLevel: String?): NodeParameters = copy(logLevel = logLevel)
-    fun withAdditionalCordapps(additionalCordapps: Set<TestCorDapp>): NodeParameters = copy(additionalCordapps = additionalCordapps)
+    fun withAdditionalCordapps(additionalCordapps: Set<TestCordapp>): NodeParameters = copy(additionalCordapps = additionalCordapps)
     fun withDeleteExistingCordappsDirectory(regenerateCordappsOnStart: Boolean): NodeParameters = copy(regenerateCordappsOnStart = regenerateCordappsOnStart)
 }
 
@@ -379,7 +380,7 @@ fun <A> driver(defaultParameters: DriverParameters = DriverParameters(), dsl: Dr
  * @property inMemoryDB Whether to use in-memory H2 for new nodes rather then on-disk (the node starts quicker, however
  *     the data is not persisted between node restarts). Has no effect if node is configured
  *     in any way to use database other than H2.
- * @property cordappsForAllNodes [TestCorDapp]s that will be added to each node started by the [DriverDSL].
+ * @property cordappsForAllNodes [TestCordapp]s that will be added to each node started by the [DriverDSL].
  */
 @Suppress("unused")
 data class DriverParameters(
@@ -398,7 +399,7 @@ data class DriverParameters(
         val notaryCustomOverrides: Map<String, Any?> = emptyMap(),
         val initialiseSerialization: Boolean = true,
         val inMemoryDB: Boolean = true,
-        val cordappsForAllNodes: Set<TestCorDapp>? = null
+        val cordappsForAllNodes: Collection<TestCordapp>? = null
     ) {
     constructor(
             isDebug: Boolean = false,
@@ -480,7 +481,7 @@ data class DriverParameters(
             extraCordappPackagesToScan: List<String>,
             jmxPolicy: JmxPolicy,
             networkParameters: NetworkParameters,
-            cordappsForAllNodes: Set<TestCorDapp>? = null
+            cordappsForAllNodes: Collection<TestCordapp>? = null
     ) : this(
             isDebug,
             driverDirectory,
@@ -549,7 +550,7 @@ data class DriverParameters(
             networkParameters: NetworkParameters,
             initialiseSerialization: Boolean,
             inMemoryDB: Boolean,
-            cordappsForAllNodes: Set<TestCorDapp>? = null
+            cordappsForAllNodes: Set<TestCordapp>? = null
     ) : this(
             isDebug,
             driverDirectory,
@@ -584,7 +585,7 @@ data class DriverParameters(
     fun withNetworkParameters(networkParameters: NetworkParameters): DriverParameters = copy(networkParameters = networkParameters)
     fun withNotaryCustomOverrides(notaryCustomOverrides: Map<String, Any?>): DriverParameters = copy(notaryCustomOverrides = notaryCustomOverrides)
     fun withInMemoryDB(inMemoryDB: Boolean): DriverParameters = copy(inMemoryDB = inMemoryDB)
-    fun withCordappsForAllNodes(cordappsForAllNodes: Set<TestCorDapp>?): DriverParameters = copy(cordappsForAllNodes = cordappsForAllNodes)
+    fun withCordappsForAllNodes(cordappsForAllNodes: Set<TestCordapp>?): DriverParameters = copy(cordappsForAllNodes = cordappsForAllNodes)
 
     fun copy(
             isDebug: Boolean,
@@ -660,7 +661,7 @@ data class DriverParameters(
             extraCordappPackagesToScan: List<String>,
             jmxPolicy: JmxPolicy,
             networkParameters: NetworkParameters,
-            cordappsForAllNodes: Set<TestCorDapp>?
+            cordappsForAllNodes: Set<TestCordapp>?
     ) = this.copy(
             isDebug = isDebug,
             driverDirectory = driverDirectory,
@@ -693,7 +694,7 @@ data class DriverParameters(
             jmxPolicy: JmxPolicy,
             networkParameters: NetworkParameters,
             initialiseSerialization: Boolean,
-            cordappsForAllNodes: Set<TestCorDapp>?
+            cordappsForAllNodes: Set<TestCordapp>?
     ) = this.copy(
             isDebug = isDebug,
             driverDirectory = driverDirectory,
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt
index 1c4c01c3c0..bd1bcb464a 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt
@@ -6,6 +6,7 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.internal.concurrent.map
 import net.corda.node.internal.Node
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.User
 import net.corda.testing.node.NotarySpec
 import java.nio.file.Path
@@ -95,8 +96,8 @@ interface DriverDSL {
      * @param maximumHeapSize The maximum JVM heap size to use for the node as a [String]. By default a number is interpreted
      *     as being in bytes. Append the letter 'k' or 'K' to the value to indicate Kilobytes, 'm' or 'M' to indicate
      *     megabytes, and 'g' or 'G' to indicate gigabytes. The default value is "512m" = 512 megabytes.
-     * @param additionalCordapps Additional [TestCorDapp]s that this node will have available, in addition to the ones common to all nodes managed by the [DriverDSL].
-     * @param regenerateCordappsOnStart Whether existing [TestCorDapp]s unique to this node will be re-generated on start. Useful when stopping and restarting the same node.
+     * @param additionalCordapps Additional [TestCordapp]s that this node will have available, in addition to the ones common to all nodes managed by the [DriverDSL].
+     * @param regenerateCordappsOnStart Whether existing [TestCordapp]s unique to this node will be re-generated on start. Useful when stopping and restarting the same node.
      * @return A [CordaFuture] on the [NodeHandle] to the node. The future will complete when the node is available and
      * it sees all previously started nodes, including the notaries.
      */
@@ -108,7 +109,7 @@ interface DriverDSL {
             customOverrides: Map<String, Any?> = defaultParameters.customOverrides,
             startInSameProcess: Boolean? = defaultParameters.startInSameProcess,
             maximumHeapSize: String = defaultParameters.maximumHeapSize,
-            additionalCordapps: Set<TestCorDapp> = defaultParameters.additionalCordapps,
+            additionalCordapps: Collection<TestCordapp> = defaultParameters.additionalCordapps,
             regenerateCordappsOnStart: Boolean = defaultParameters.regenerateCordappsOnStart
     ): CordaFuture<NodeHandle>
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/TestCorDapp.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/TestCorDapp.kt
deleted file mode 100644
index 8dd209c34f..0000000000
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/TestCorDapp.kt
+++ /dev/null
@@ -1,85 +0,0 @@
-package net.corda.testing.driver
-
-import net.corda.core.DoNotImplement
-import net.corda.testing.node.internal.MutableTestCorDapp
-import java.net.URL
-import java.nio.file.Path
-
-/**
- * Represents information about a CorDapp. Used to generate CorDapp JARs in tests.
- */
-@DoNotImplement
-interface TestCorDapp {
-
-    val name: String
-    val title: String
-    val version: String
-    val vendor: String
-
-    val classes: Set<Class<*>>
-
-    val resources: Set<URL>
-
-    fun packageAsJarInDirectory(parentDirectory: Path): Path
-
-    fun packageAsJarWithPath(jarFilePath: Path)
-
-    /**
-     * Responsible of creating [TestCorDapp]s.
-     */
-    class Factory {
-        companion object {
-
-            /**
-             * Returns a builder-style [TestCorDapp] to easily generate different [TestCorDapp]s that have something in common.
-             */
-            @JvmStatic
-            fun create(name: String, version: String, vendor: String = "R3", title: String = name, classes: Set<Class<*>> = emptySet(), willResourceBeAddedBeToCorDapp: (fullyQualifiedName: String, url: URL) -> Boolean = MutableTestCorDapp.Companion::filterTestCorDappClass): TestCorDapp.Mutable {
-
-                return MutableTestCorDapp(name, version, vendor, title, classes, willResourceBeAddedBeToCorDapp)
-            }
-        }
-    }
-
-    @DoNotImplement
-    interface Mutable : TestCorDapp {
-
-        fun withName(name: String): TestCorDapp.Mutable
-
-        fun withTitle(title: String): TestCorDapp.Mutable
-
-        fun withVersion(version: String): TestCorDapp.Mutable
-
-        fun withVendor(vendor: String): TestCorDapp.Mutable
-
-        fun withClasses(classes: Set<Class<*>>): TestCorDapp.Mutable
-
-        fun plusPackages(pckgs: Set<String>): TestCorDapp.Mutable
-
-        fun minusPackages(pckgs: Set<String>): TestCorDapp.Mutable
-
-        fun plusPackage(pckg: String): TestCorDapp.Mutable = plusPackages(setOf(pckg))
-
-        fun minusPackage(pckg: String): TestCorDapp.Mutable = minusPackages(setOf(pckg))
-
-        fun plusPackage(pckg: Package): TestCorDapp.Mutable = plusPackages(pckg.name)
-
-        fun minusPackage(pckg: Package): TestCorDapp.Mutable = minusPackages(pckg.name)
-
-        operator fun plus(clazz: Class<*>): TestCorDapp.Mutable = withClasses(classes + clazz)
-
-        operator fun minus(clazz: Class<*>): TestCorDapp.Mutable = withClasses(classes - clazz)
-
-        fun plusPackages(pckg: String, vararg pckgs: String): TestCorDapp.Mutable = plusPackages(setOf(pckg, *pckgs))
-
-        fun plusPackages(pckg: Package, vararg pckgs: Package): TestCorDapp.Mutable = minusPackages(setOf(pckg, *pckgs).map { it.name }.toSet())
-
-        fun minusPackages(pckg: String, vararg pckgs: String): TestCorDapp.Mutable = minusPackages(setOf(pckg, *pckgs))
-
-        fun minusPackages(pckg: Package, vararg pckgs: Package): TestCorDapp.Mutable = minusPackages(setOf(pckg, *pckgs).map { it.name }.toSet())
-
-        fun plusResource(fullyQualifiedName: String, url: URL): TestCorDapp.Mutable
-
-        fun minusResource(fullyQualifiedName: String, url: URL): TestCorDapp.Mutable
-    }
-}
\ No newline at end of file
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
index 61b0198c2a..3c3ba57aa5 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
@@ -16,7 +16,6 @@ import net.corda.node.internal.InitiatedFlowFactory
 import net.corda.node.services.config.NodeConfiguration
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.DUMMY_NOTARY_NAME
-import net.corda.testing.driver.TestCorDapp
 import net.corda.testing.node.internal.*
 import rx.Observable
 import java.math.BigInteger
@@ -34,36 +33,29 @@ import java.util.concurrent.Future
  * @property entropyRoot the initial entropy value to use when generating keys. Defaults to an (insecure) random value,
  * but can be overridden to cause nodes to have stable or colliding identity/service keys.
  * @property configOverrides Add/override behaviour of the [NodeConfiguration] mock object.
- * @property additionalCordapps [TestCorDapp]s that will be added to this node in addition to the ones shared by all nodes, which get specified at [MockNetwork] level.
+ * @property additionalCordapps [TestCordapp]s that will be added to this node in addition to the ones shared by all nodes, which get specified at [MockNetwork] level.
  */
 @Suppress("unused")
-data class MockNodeParameters constructor(
+data class MockNodeParameters(
         val forcedID: Int? = null,
         val legalName: CordaX500Name? = null,
         val entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
         val configOverrides: (NodeConfiguration) -> Any? = {},
-        val additionalCordapps: Set<TestCorDapp>) {
+        val additionalCordapps: Collection<TestCordapp> = emptyList()) {
 
-    @JvmOverloads
-    constructor(
-            forcedID: Int? = null,
-            legalName: CordaX500Name? = null,
-            entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
-            configOverrides: (NodeConfiguration) -> Any? = {},
-            extraCordappPackages: List<String> = emptyList()
-    ) : this(forcedID, legalName, entropyRoot, configOverrides, additionalCordapps = cordappsForPackages(extraCordappPackages))
+    constructor(forcedID: Int? = null,
+                legalName: CordaX500Name? = null,
+                entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
+                configOverrides: (NodeConfiguration) -> Any? = {}
+    ) : this(forcedID, legalName, entropyRoot, configOverrides, emptyList())
 
     fun withForcedID(forcedID: Int?): MockNodeParameters = copy(forcedID = forcedID)
     fun withLegalName(legalName: CordaX500Name?): MockNodeParameters = copy(legalName = legalName)
     fun withEntropyRoot(entropyRoot: BigInteger): MockNodeParameters = copy(entropyRoot = entropyRoot)
     fun withConfigOverrides(configOverrides: (NodeConfiguration) -> Any?): MockNodeParameters = copy(configOverrides = configOverrides)
-    fun withExtraCordappPackages(extraCordappPackages: List<String>): MockNodeParameters = copy(forcedID = forcedID, legalName = legalName, entropyRoot = entropyRoot, configOverrides = configOverrides, extraCordappPackages = extraCordappPackages)
-    fun withAdditionalCordapps(additionalCordapps: Set<TestCorDapp>): MockNodeParameters = copy(additionalCordapps = additionalCordapps)
+    fun withAdditionalCordapps(additionalCordapps: Collection<TestCordapp>): MockNodeParameters = copy(additionalCordapps = additionalCordapps)
     fun copy(forcedID: Int?, legalName: CordaX500Name?, entropyRoot: BigInteger, configOverrides: (NodeConfiguration) -> Any?): MockNodeParameters {
-        return MockNodeParameters(forcedID, legalName, entropyRoot, configOverrides, additionalCordapps = emptySet())
-    }
-    fun copy(forcedID: Int?, legalName: CordaX500Name?, entropyRoot: BigInteger, configOverrides: (NodeConfiguration) -> Any?, extraCordappPackages: List<String> = emptyList()): MockNodeParameters {
-        return MockNodeParameters(forcedID, legalName, entropyRoot, configOverrides, extraCordappPackages)
+        return MockNodeParameters(forcedID, legalName, entropyRoot, configOverrides)
     }
 }
 
@@ -293,7 +285,7 @@ inline fun <reified F : FlowLogic<*>> StartedMockNode.registerResponderFlow(
  * @property notarySpecs The notaries to use in the mock network. By default you get one mock notary and that is usually sufficient.
  * @property networkParameters The network parameters to be used by all the nodes. [NetworkParameters.notaries] must be
  * empty as notaries are defined by [notarySpecs].
- * @property cordappsForAllNodes [TestCorDapp]s that will be added to each node started by the [MockNetwork].
+ * @property cordappsForAllNodes [TestCordapp]s that will be added to each node started by the [MockNetwork].
  */
 @Suppress("MemberVisibilityCanBePrivate", "CanBeParameter")
 open class MockNetwork(
@@ -304,7 +296,7 @@ open class MockNetwork(
         val servicePeerAllocationStrategy: InMemoryMessagingNetwork.ServicePeerAllocationStrategy = defaultParameters.servicePeerAllocationStrategy,
         val notarySpecs: List<MockNetworkNotarySpec> = defaultParameters.notarySpecs,
         val networkParameters: NetworkParameters = defaultParameters.networkParameters,
-        val cordappsForAllNodes: Set<TestCorDapp> = cordappsForPackages(cordappPackages)) {
+        val cordappsForAllNodes: Collection<TestCordapp> = cordappsForPackages(cordappPackages)) {
 
     @JvmOverloads
     constructor(cordappPackages: List<String>, parameters: MockNetworkParameters = MockNetworkParameters()) : this(cordappPackages, defaultParameters = parameters)
@@ -345,7 +337,9 @@ open class MockNetwork(
     fun createPartyNode(legalName: CordaX500Name? = null): StartedMockNode = StartedMockNode.create(internalMockNetwork.createPartyNode(legalName))
 
     /** Create a started node with the given parameters. **/
-    fun createNode(parameters: MockNodeParameters = MockNodeParameters()): StartedMockNode = StartedMockNode.create(internalMockNetwork.createNode(InternalMockNodeParameters(parameters)))
+    fun createNode(parameters: MockNodeParameters = MockNodeParameters()): StartedMockNode {
+        return StartedMockNode.create(internalMockNetwork.createNode(InternalMockNodeParameters(parameters)))
+    }
 
     /**
      * Create a started node with the given parameters.
@@ -375,13 +369,13 @@ open class MockNetwork(
      * @param entropyRoot The initial entropy value to use when generating keys. Defaults to an (insecure) random value,
      * but can be overridden to cause nodes to have stable or colliding identity/service keys.
      * @param configOverrides Add/override behaviour of the [NodeConfiguration] mock object.
-     * @param additionalCordapps Additional [TestCorDapp]s that this node will have available, in addition to the ones common to all nodes managed by the [MockNetwork].
+     * @param additionalCordapps Additional [TestCordapp]s that this node will have available, in addition to the ones common to all nodes managed by the [MockNetwork].
      */
     fun createNode(legalName: CordaX500Name? = null,
                    forcedID: Int? = null,
                    entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
                    configOverrides: (NodeConfiguration) -> Any? = {},
-                   additionalCordapps: Set<TestCorDapp>): StartedMockNode {
+                   additionalCordapps: Collection<TestCordapp>): StartedMockNode {
         val parameters = MockNodeParameters(forcedID, legalName, entropyRoot, configOverrides, additionalCordapps)
         return StartedMockNode.create(internalMockNetwork.createNode(InternalMockNodeParameters(parameters)))
     }
@@ -417,13 +411,13 @@ open class MockNetwork(
      * @param entropyRoot The initial entropy value to use when generating keys. Defaults to an (insecure) random value,
      * but can be overridden to cause nodes to have stable or colliding identity/service keys.
      * @param configOverrides Add/override behaviour of the [NodeConfiguration] mock object.
-     * @param additionalCordapps Additional [TestCorDapp]s that this node will have available, in addition to the ones common to all nodes managed by the [MockNetwork].
+     * @param additionalCordapps Additional [TestCordapp]s that this node will have available, in addition to the ones common to all nodes managed by the [MockNetwork].
      */
     fun createUnstartedNode(legalName: CordaX500Name? = null,
                             forcedID: Int? = null,
                             entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
                             configOverrides: (NodeConfiguration) -> Any? = {},
-                            additionalCordapps: Set<TestCorDapp>): UnstartedMockNode {
+                            additionalCordapps: Collection<TestCordapp>): UnstartedMockNode {
         val parameters = MockNodeParameters(forcedID, legalName, entropyRoot, configOverrides, additionalCordapps)
         return UnstartedMockNode.create(internalMockNetwork.createUnstartedNode(InternalMockNodeParameters(parameters)))
     }
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
index 112cf3f19f..e78d0c12a3 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
@@ -34,10 +34,7 @@ import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.internal.DEV_ROOT_CA
 import net.corda.testing.internal.MockCordappProvider
-import net.corda.testing.node.internal.MockKeyManagementService
-import net.corda.testing.node.internal.MockTransactionStorage
-import net.corda.testing.node.internal.TestCordappDirectories
-import net.corda.testing.node.internal.getCallerPackage
+import net.corda.testing.node.internal.*
 import net.corda.testing.services.MockAttachmentStorage
 import java.security.KeyPair
 import java.sql.Connection
@@ -70,8 +67,7 @@ open class MockServices private constructor(
     companion object {
 
         private fun cordappLoaderForPackages(packages: Iterable<String>, versionInfo: VersionInfo = VersionInfo.UNKNOWN): CordappLoader {
-
-            val cordappPaths = TestCordappDirectories.forPackages(packages)
+            val cordappPaths = cordappsForPackages(packages).map { TestCordappDirectories.getJarDirectory(it) }
             return JarScanningCordappLoader.fromDirectories(cordappPaths, versionInfo)
         }
 
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
new file mode 100644
index 0000000000..6f881660c1
--- /dev/null
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
@@ -0,0 +1,69 @@
+package net.corda.testing.node
+
+import net.corda.core.DoNotImplement
+import net.corda.core.internal.PLATFORM_VERSION
+import net.corda.testing.node.internal.TestCordappImpl
+import net.corda.testing.node.internal.simplifyScanPackages
+
+/**
+ * Represents information about a CorDapp. Used to generate CorDapp JARs in tests.
+ */
+@DoNotImplement
+interface TestCordapp {
+    /** Returns the name, defaults to "test-cordapp" if not specified. */
+    val name: String
+
+    /** Returns the title, defaults to "test-title" if not specified. */
+    val title: String
+
+    /** Returns the version string, defaults to "1.0" if not specified. */
+    val version: String
+
+    /** Returns the vendor string, defaults to "Corda" if not specified. */
+    val vendor: String
+
+    /** Returns the target platform version, defaults to the current platform version if not specified. */
+    val targetVersion: Int
+
+    /** Returns the set of package names scanned for this test CorDapp. */
+    val packages: Set<String>
+
+    /** Return a copy of this [TestCordapp] but with the specified name. */
+    fun withName(name: String): TestCordapp
+
+    /** Return a copy of this [TestCordapp] but with the specified title. */
+    fun withTitle(title: String): TestCordapp
+
+    /** Return a copy of this [TestCordapp] but with the specified version string. */
+    fun withVersion(version: String): TestCordapp
+
+    /** Return a copy of this [TestCordapp] but with the specified vendor string. */
+    fun withVendor(vendor: String): TestCordapp
+
+    /** Return a copy of this [TestCordapp] but with the specified target platform version. */
+    fun withTargetVersion(targetVersion: Int): TestCordapp
+
+    class Factory {
+        companion object {
+            @JvmStatic
+            fun fromPackages(vararg packageNames: String): TestCordapp = fromPackages(packageNames.asList())
+
+            /**
+             * Create a [TestCordapp] object by scanning the given packages. The meta data on the CorDapp will be the
+             * default values, which can be specified with the wither methods.
+             */
+            @JvmStatic
+            fun fromPackages(packageNames: Collection<String>): TestCordapp {
+                return TestCordappImpl(
+                        name = "test-cordapp",
+                        version = "1.0",
+                        vendor = "Corda",
+                        title = "test-title",
+                        targetVersion = PLATFORM_VERSION,
+                        packages = simplifyScanPackages(packageNames),
+                        classes = emptySet()
+                )
+            }
+        }
+    }
+}
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index bd562e41f5..d952d07414 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -28,7 +28,6 @@ import net.corda.node.services.Permissions
 import net.corda.node.services.config.*
 import net.corda.node.utilities.registration.HTTPNetworkRegistrationService
 import net.corda.node.utilities.registration.NodeRegistrationHelper
-import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.DevIdentityGenerator
 import net.corda.nodeapi.internal.SignedNodeInfo
 import net.corda.nodeapi.internal.addShutdownHook
@@ -38,6 +37,7 @@ import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.nodeapi.internal.network.NodeInfoFilesCopier
 import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.DUMMY_BANK_A_NAME
@@ -91,7 +91,7 @@ class DriverDSLImpl(
         val networkParameters: NetworkParameters,
         val notaryCustomOverrides: Map<String, Any?>,
         val inMemoryDB: Boolean,
-        val cordappsForAllNodes: Set<TestCorDapp>
+        val cordappsForAllNodes: Collection<TestCordapp>
 ) : InternalDriverDSL {
 
     private var _executorService: ScheduledExecutorService? = null
@@ -184,7 +184,25 @@ class DriverDSLImpl(
         }
     }
 
-    override fun startNode(defaultParameters: NodeParameters, providedName: CordaX500Name?, rpcUsers: List<User>, verifierType: VerifierType, customOverrides: Map<String, Any?>, startInSameProcess: Boolean?, maximumHeapSize: String) = startNode(defaultParameters, providedName, rpcUsers, verifierType, customOverrides, startInSameProcess, maximumHeapSize, defaultParameters.additionalCordapps, defaultParameters.regenerateCordappsOnStart)
+    override fun startNode(defaultParameters: NodeParameters,
+                           providedName: CordaX500Name?,
+                           rpcUsers: List<User>,
+                           verifierType: VerifierType,
+                           customOverrides: Map<String, Any?>,
+                           startInSameProcess: Boolean?,
+                           maximumHeapSize: String): CordaFuture<NodeHandle> {
+        return startNode(
+                defaultParameters,
+                providedName,
+                rpcUsers,
+                verifierType,
+                customOverrides,
+                startInSameProcess,
+                maximumHeapSize,
+                defaultParameters.additionalCordapps,
+                defaultParameters.regenerateCordappsOnStart
+        )
+    }
 
     override fun startNode(
             defaultParameters: NodeParameters,
@@ -194,7 +212,7 @@ class DriverDSLImpl(
             customOverrides: Map<String, Any?>,
             startInSameProcess: Boolean?,
             maximumHeapSize: String,
-            additionalCordapps: Set<TestCorDapp>,
+            additionalCordapps: Collection<TestCordapp>,
             regenerateCordappsOnStart: Boolean
     ): CordaFuture<NodeHandle> {
         val p2pAddress = portAllocation.nextHostAndPort()
@@ -225,7 +243,7 @@ class DriverDSLImpl(
                                     startInSameProcess: Boolean? = null,
                                     maximumHeapSize: String = "512m",
                                     p2pAddress: NetworkHostAndPort = portAllocation.nextHostAndPort(),
-                                    additionalCordapps: Set<TestCorDapp> = emptySet(),
+                                    additionalCordapps: Collection<TestCordapp> = emptySet(),
                                     regenerateCordappsOnStart: Boolean = false): CordaFuture<NodeHandle> {
         val rpcAddress = portAllocation.nextHostAndPort()
         val rpcAdminAddress = portAllocation.nextHostAndPort()
@@ -535,16 +553,12 @@ class DriverDSLImpl(
         }
     }
 
-    private val sharedCordappsDirectories: Iterable<Path> by lazy {
-        TestCordappDirectories.cached(cordappsForAllNodes)
-    }
-
     private fun startNodeInternal(specifiedConfig: NodeConfig,
                                   webAddress: NetworkHostAndPort,
                                   startInProcess: Boolean?,
                                   maximumHeapSize: String,
                                   localNetworkMap: LocalNetworkMap?,
-                                  additionalCordapps: Set<TestCorDapp>,
+                                  additionalCordapps: Collection<TestCordapp>,
                                   regenerateCordappsOnStart: Boolean = false): CordaFuture<NodeHandle> {
         val visibilityHandle = networkVisibilityController.register(specifiedConfig.corda.myLegalName)
         val baseDirectory = specifiedConfig.corda.baseDirectory.createDirectories()
@@ -558,11 +572,17 @@ class DriverDSLImpl(
 
         val useHTTPS = specifiedConfig.typesafe.run { hasPath("useHTTPS") && getBoolean("useHTTPS") }
 
-        val existingCorDappDirectoriesOption = if (regenerateCordappsOnStart) emptyList<String>() else if (specifiedConfig.typesafe.hasPath(NodeConfiguration.cordappDirectoriesKey)) specifiedConfig.typesafe.getStringList(NodeConfiguration.cordappDirectoriesKey) else emptyList()
+        val existingCorDappDirectoriesOption = if (regenerateCordappsOnStart) {
+            emptyList()
+        } else if (specifiedConfig.typesafe.hasPath(NodeConfiguration.cordappDirectoriesKey)) {
+            specifiedConfig.typesafe.getStringList(NodeConfiguration.cordappDirectoriesKey)
+        } else {
+            emptyList()
+        }
 
-        val cordappDirectories = existingCorDappDirectoriesOption + sharedCordappsDirectories.map { it.toString() } + TestCordappDirectories.cached(additionalCordapps, regenerateCordappsOnStart).map { it.toString() }
+        val cordappDirectories = existingCorDappDirectoriesOption + (cordappsForAllNodes + additionalCordapps).map { TestCordappDirectories.getJarDirectory(it).toString() }
 
-        val config = NodeConfig(specifiedConfig.typesafe.withValue(NodeConfiguration.cordappDirectoriesKey, ConfigValueFactory.fromIterable(cordappDirectories)))
+        val config = NodeConfig(specifiedConfig.typesafe.withValue(NodeConfiguration.cordappDirectoriesKey, ConfigValueFactory.fromIterable(cordappDirectories.toSet())))
 
         if (startInProcess ?: startNodesInProcess) {
             val nodeAndThreadFuture = startInProcessNode(executorService, config)
@@ -687,8 +707,13 @@ class DriverDSLImpl(
 
         private fun <A> oneOf(array: Array<A>) = array[Random().nextInt(array.size)]
 
-        fun cordappsInCurrentAndAdditionalPackages(packagesToScan: Iterable<String> = emptySet()): Set<TestCorDapp> = cordappsForPackages(getCallerPackage() + packagesToScan)
-        fun cordappsInCurrentAndAdditionalPackages(firstPackage: String, vararg otherPackages: String): Set<TestCorDapp> = cordappsInCurrentAndAdditionalPackages(otherPackages.toList() + firstPackage)
+        fun cordappsInCurrentAndAdditionalPackages(packagesToScan: Collection<String> = emptySet()): List<TestCordapp> {
+            return cordappsForPackages(getCallerPackage() + packagesToScan)
+        }
+
+        fun cordappsInCurrentAndAdditionalPackages(firstPackage: String, vararg otherPackages: String): List<TestCordapp> {
+            return cordappsInCurrentAndAdditionalPackages(otherPackages.asList() + firstPackage)
+        }
 
         private fun startInProcessNode(
                 executorService: ScheduledExecutorService,
@@ -1085,7 +1110,7 @@ fun <A> internalDriver(
         compatibilityZone: CompatibilityZoneParams? = null,
         notaryCustomOverrides: Map<String, Any?> = DriverParameters().notaryCustomOverrides,
         inMemoryDB: Boolean = DriverParameters().inMemoryDB,
-        cordappsForAllNodes: Set<TestCorDapp> = DriverParameters().cordappsForAllNodes(),
+        cordappsForAllNodes: Collection<TestCordapp> = DriverParameters().cordappsForAllNodes(),
         dsl: DriverDSLImpl.() -> A
 ): A {
     return genericDriver(
@@ -1125,7 +1150,7 @@ private fun Config.toNodeOnly(): Config {
     return if (hasPath("webAddress")) withoutPath("webAddress").withoutPath("useHTTPS") else this
 }
 
-internal fun DriverParameters.cordappsForAllNodes(): Set<TestCorDapp> = cordappsForAllNodes
+internal fun DriverParameters.cordappsForAllNodes(): Collection<TestCordapp> = cordappsForAllNodes
         ?: cordappsInCurrentAndAdditionalPackages(extraCordappPackagesToScan)
 
 fun DriverDSL.startNode(providedName: CordaX500Name, devMode: Boolean, parameters: NodeParameters = NodeParameters()): CordaFuture<NodeHandle> {
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
index 05ebe55eae..d60f9f6ee1 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
@@ -51,8 +51,8 @@ import net.corda.nodeapi.internal.config.User
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.common.internal.testNetworkParameters
-import net.corda.testing.driver.TestCorDapp
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.setGlobalSerialization
 import net.corda.testing.internal.stubs.CertificateStoreStubs
@@ -89,7 +89,7 @@ data class InternalMockNodeParameters(
         val entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
         val configOverrides: (NodeConfiguration) -> Any? = {},
         val version: VersionInfo = MOCK_VERSION_INFO,
-        val additionalCordapps: Set<TestCorDapp>? = null) {
+        val additionalCordapps: Collection<TestCordapp>? = null) {
     constructor(mockNodeParameters: MockNodeParameters) : this(
             mockNodeParameters.forcedID,
             mockNodeParameters.legalName,
@@ -148,7 +148,7 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
                                val testDirectory: Path = Paths.get("build", getTimestampAsDirectoryName()),
                                val networkParameters: NetworkParameters = testNetworkParameters(),
                                val defaultFactory: (MockNodeArgs) -> MockNode = { args -> MockNode(args) },
-                               val cordappsForAllNodes: Set<TestCorDapp> = emptySet(),
+                               val cordappsForAllNodes: Collection<TestCordapp> = emptySet(),
                                val autoVisibleNodes: Boolean = true) : AutoCloseable {
     init {
         // Apache SSHD for whatever reason registers a SFTP FileSystemProvider - which gets loaded by JimFS.
@@ -174,10 +174,6 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
     }
     private val sharedUserCount = AtomicInteger(0)
 
-    private val sharedCorDappsDirectories: Iterable<Path> by lazy {
-        TestCordappDirectories.cached(cordappsForAllNodes)
-    }
-
     /** A read only view of the current set of nodes. */
     val nodes: List<MockNode> get() = _nodes
 
@@ -453,8 +449,8 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
             parameters.configOverrides(it)
         }
 
-        val cordapps: Set<TestCorDapp> = parameters.additionalCordapps ?: emptySet()
-        val cordappDirectories = sharedCorDappsDirectories + TestCordappDirectories.cached(cordapps)
+        val cordapps = (parameters.additionalCordapps ?: emptySet()) + cordappsForAllNodes
+        val cordappDirectories = cordapps.map { TestCordappDirectories.getJarDirectory(it) }.distinct()
         doReturn(cordappDirectories).whenever(config).cordappDirectories
 
         val node = nodeFactory(MockNodeArgs(config, this, id, parameters.entropyRoot, parameters.version))
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MutableTestCorDapp.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MutableTestCorDapp.kt
deleted file mode 100644
index d06270c2cd..0000000000
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MutableTestCorDapp.kt
+++ /dev/null
@@ -1,73 +0,0 @@
-package net.corda.testing.node.internal
-
-import net.corda.core.internal.div
-import net.corda.testing.driver.TestCorDapp
-import java.io.File
-import java.net.URL
-import java.nio.file.Path
-
-internal class MutableTestCorDapp private constructor(override val name: String, override val version: String, override val vendor: String, override val title: String, private val willResourceBeAddedToCorDapp: (String, URL) -> Boolean, private val jarEntries: Set<JarEntryInfo>) : TestCorDapp.Mutable {
-
-    constructor(name: String, version: String, vendor: String, title: String, classes: Set<Class<*>>, willResourceBeAddedToCorDapp: (String, URL) -> Boolean) : this(name, version, vendor, title, willResourceBeAddedToCorDapp, jarEntriesFromClasses(classes))
-
-    companion object {
-
-        private const val jarExtension = ".jar"
-        private const val whitespace = " "
-        private const val whitespaceReplacement = "_"
-        private val productionPathSegments = setOf<(String) -> String>({ "out${File.separator}production${File.separator}classes" }, { fullyQualifiedName -> "main${File.separator}${fullyQualifiedName.packageToJarPath()}" })
-        private val excludedCordaPackages = setOf("net.corda.core", "net.corda.node")
-
-        fun filterTestCorDappClass(fullyQualifiedName: String, url: URL): Boolean {
-
-            return isTestResource(fullyQualifiedName, url) || !isInExcludedCordaPackage(fullyQualifiedName)
-        }
-
-        private fun isTestResource(fullyQualifiedName: String, url: URL): Boolean {
-
-            return productionPathSegments.map { it.invoke(fullyQualifiedName) }.none { url.toString().contains(it) }
-        }
-
-        private fun isInExcludedCordaPackage(packageName: String): Boolean {
-
-            return excludedCordaPackages.any { packageName.startsWith(it) }
-        }
-
-        private fun jarEntriesFromClasses(classes: Set<Class<*>>): Set<JarEntryInfo> {
-
-            val illegal = classes.filter { it.protectionDomain?.codeSource?.location == null }
-            if (illegal.isNotEmpty()) {
-                throw IllegalArgumentException("Some classes do not have a location, typically because they are part of Java or Kotlin. Offending types were: ${illegal.joinToString(", ", "[", "]") { it.simpleName }}")
-            }
-            return classes.map(Class<*>::jarEntryInfo).toSet()
-        }
-    }
-
-    override val classes: Set<Class<*>> = jarEntries.filterIsInstance(JarEntryInfo.ClassJarEntryInfo::class.java).map(JarEntryInfo.ClassJarEntryInfo::clazz).toSet()
-
-    override val resources: Set<URL> = jarEntries.map(JarEntryInfo::url).toSet()
-
-    override fun withName(name: String) = MutableTestCorDapp(name, version, vendor, title, classes, willResourceBeAddedToCorDapp)
-
-    override fun withTitle(title: String) = MutableTestCorDapp(name, version, vendor, title, classes, willResourceBeAddedToCorDapp)
-
-    override fun withVersion(version: String) = MutableTestCorDapp(name, version, vendor, title, classes, willResourceBeAddedToCorDapp)
-
-    override fun withVendor(vendor: String) = MutableTestCorDapp(name, version, vendor, title, classes, willResourceBeAddedToCorDapp)
-
-    override fun withClasses(classes: Set<Class<*>>) = MutableTestCorDapp(name, version, vendor, title, classes, willResourceBeAddedToCorDapp)
-
-    override fun plusPackages(pckgs: Set<String>) = withClasses(pckgs.map { allClassesForPackage(it) }.fold(classes) { all, packageClasses -> all + packageClasses })
-
-    override fun minusPackages(pckgs: Set<String>) = withClasses(pckgs.map { allClassesForPackage(it) }.fold(classes) { all, packageClasses -> all - packageClasses })
-
-    override fun plusResource(fullyQualifiedName: String, url: URL): TestCorDapp.Mutable = MutableTestCorDapp(name, version, vendor, title, willResourceBeAddedToCorDapp, jarEntries + JarEntryInfo.ResourceJarEntryInfo(fullyQualifiedName, url))
-
-    override fun minusResource(fullyQualifiedName: String, url: URL): TestCorDapp.Mutable = MutableTestCorDapp(name, version, vendor, title, willResourceBeAddedToCorDapp, jarEntries - JarEntryInfo.ResourceJarEntryInfo(fullyQualifiedName, url))
-
-    override fun packageAsJarWithPath(jarFilePath: Path) = jarEntries.packageToCorDapp(jarFilePath, name, version, vendor, title, willResourceBeAddedToCorDapp)
-
-    override fun packageAsJarInDirectory(parentDirectory: Path): Path = (parentDirectory / defaultJarName()).also { packageAsJarWithPath(it) }
-
-    private fun defaultJarName(): String = "${name}_$version$jarExtension".replace(whitespace, whitespaceReplacement)
-}
\ No newline at end of file
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
index 66a4f2408d..dae33f8c4b 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
@@ -9,7 +9,6 @@ import net.corda.core.internal.createDirectories
 import net.corda.core.internal.div
 import net.corda.core.node.NodeInfo
 import net.corda.core.utilities.getOrThrow
-import net.corda.core.utilities.loggerFor
 import net.corda.node.VersionInfo
 import net.corda.node.internal.Node
 import net.corda.node.internal.NodeWithInfo
@@ -108,9 +107,9 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
 
         val existingCorDappDirectoriesOption = if (config.hasPath(NodeConfiguration.cordappDirectoriesKey)) config.getStringList(NodeConfiguration.cordappDirectoriesKey) else emptyList()
 
-        val cordappDirectories = existingCorDappDirectoriesOption + TestCordappDirectories.cached(cordapps).map { it.toString() }
+        val cordappDirectories = existingCorDappDirectoriesOption + cordapps.map { TestCordappDirectories.getJarDirectory(it).toString() }
 
-        val specificConfig = config.withValue(NodeConfiguration.cordappDirectoriesKey, ConfigValueFactory.fromIterable(cordappDirectories))
+        val specificConfig = config.withValue(NodeConfiguration.cordappDirectoriesKey, ConfigValueFactory.fromIterable(cordappDirectories.toSet()))
 
         val parsedConfig = specificConfig.parseAsNodeConfiguration().also { nodeConfiguration ->
             val errors = nodeConfiguration.validate()
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt
index 05b5662a83..38109bf114 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt
@@ -24,11 +24,11 @@ import net.corda.node.services.messaging.RPCServerConfiguration
 import net.corda.nodeapi.RPCApi
 import net.corda.nodeapi.internal.ArtemisTcpTransport
 import net.corda.serialization.internal.AMQP_RPC_CLIENT_CONTEXT
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.MAX_MESSAGE_SIZE
 import net.corda.testing.driver.JmxPolicy
 import net.corda.testing.driver.PortAllocation
-import net.corda.testing.driver.TestCorDapp
 import net.corda.testing.node.NotarySpec
 import net.corda.testing.node.User
 import net.corda.testing.node.internal.DriverDSLImpl.Companion.cordappsInCurrentAndAdditionalPackages
@@ -118,7 +118,7 @@ fun <A> rpcDriver(
         networkParameters: NetworkParameters = testNetworkParameters(),
         notaryCustomOverrides: Map<String, Any?> = emptyMap(),
         inMemoryDB: Boolean = true,
-        cordappsForAllNodes: Set<TestCorDapp> = cordappsInCurrentAndAdditionalPackages(),
+        cordappsForAllNodes: Collection<TestCordapp> = cordappsInCurrentAndAdditionalPackages(),
         dsl: RPCDriverDSL.() -> A
 ): A {
     return genericDriver(
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt
index 6f261817d2..3cd553de39 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt
@@ -1,70 +1,46 @@
 package net.corda.testing.node.internal
 
+import net.corda.core.crypto.sha256
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.deleteRecursively
 import net.corda.core.internal.div
-import net.corda.core.internal.exists
+import net.corda.core.utilities.debug
 import net.corda.core.utilities.loggerFor
-import net.corda.testing.driver.TestCorDapp
+import net.corda.testing.node.TestCordapp
 import java.nio.file.Path
 import java.nio.file.Paths
+import java.util.*
 import java.util.concurrent.ConcurrentHashMap
-import java.util.concurrent.ConcurrentMap
-
-internal object TestCordappDirectories {
 
+object TestCordappDirectories {
     private val logger = loggerFor<TestCordappDirectories>()
 
-    private const val whitespace = " "
-    private const val whitespaceReplacement = "_"
+    private val whitespace = "\\s".toRegex()
 
-    private val cordappsCache: ConcurrentMap<List<String>, Path> = ConcurrentHashMap<List<String>, Path>()
+    private val testCordappsCache = ConcurrentHashMap<TestCordappImpl, Path>()
 
-    internal fun cached(cordapps: Iterable<TestCorDapp>, replaceExistingOnes: Boolean = false, cordappsDirectory: Path = defaultCordappsDirectory): Iterable<Path> {
-
-        cordappsDirectory.toFile().deleteOnExit()
-        return cordapps.map { cached(it, replaceExistingOnes, cordappsDirectory) }
-    }
-
-    internal fun cached(cordapp: TestCorDapp, replaceExistingOnes: Boolean = false, cordappsDirectory: Path = defaultCordappsDirectory): Path {
-
-        cordappsDirectory.toFile().deleteOnExit()
-        val cacheKey = cordapp.resources.map { it.toExternalForm() }.sorted()
-        return if (replaceExistingOnes) {
-            cordappsCache.remove(cacheKey)
-            cordappsCache.getOrPut(cacheKey) {
-
-                val cordappDirectory = (cordappsDirectory / "${cordapp.name}_${cordapp.version}".replace(whitespace, whitespaceReplacement)).toAbsolutePath()
-                cordappDirectory.createDirectories()
-                cordapp.packageAsJarInDirectory(cordappDirectory)
-                cordappDirectory
-            }
-        } else {
-            cordappsCache.getOrPut(cacheKey) {
-
-                val cordappDirectory = (cordappsDirectory / "${cordapp.name}_${cordapp.version}".replace(whitespace, whitespaceReplacement)).toAbsolutePath()
-                cordappDirectory.createDirectories()
-                cordapp.packageAsJarInDirectory(cordappDirectory)
-                cordappDirectory
+    fun getJarDirectory(cordapp: TestCordapp, cordappsDirectory: Path = defaultCordappsDirectory): Path {
+        cordapp as TestCordappImpl
+        return testCordappsCache.computeIfAbsent(cordapp) {
+            val cordappDir = (cordappsDirectory / UUID.randomUUID().toString()).createDirectories()
+            val uniqueScanString = if (cordapp.packages.size == 1 && cordapp.classes.isEmpty()) {
+                cordapp.packages.first()
+            } else {
+                "${cordapp.packages}${cordapp.classes.joinToString { it.name }}".toByteArray().sha256().toString()
             }
+            val jarFileName = cordapp.run { "${name}_${vendor}_${title}_${version}_${targetVersion}_$uniqueScanString.jar".replace(whitespace, "-") }
+            val jarFile = cordappDir / jarFileName
+            cordapp.packageAsJar(jarFile)
+            logger.debug { "$cordapp packaged into $jarFile" }
+            cordappDir
         }
     }
 
-    internal fun forPackages(packages: Iterable<String>, replaceExistingOnes: Boolean = false, cordappsDirectory: Path = defaultCordappsDirectory): Iterable<Path> {
-
-        cordappsDirectory.toFile().deleteOnExit()
-        val cordapps = simplifyScanPackages(packages).distinct().fold(emptySet<TestCorDapp>()) { all, packageName -> all + testCorDapp(packageName) }
-        return cached(cordapps, replaceExistingOnes, cordappsDirectory)
-    }
-
     private val defaultCordappsDirectory: Path by lazy {
-
         val cordappsDirectory = (Paths.get("build") / "tmp" / getTimestampAsDirectoryName() / "generated-test-cordapps").toAbsolutePath()
         logger.info("Initialising generated test CorDapps directory in $cordappsDirectory")
-        if (cordappsDirectory.exists()) {
-            cordappsDirectory.deleteRecursively()
-        }
+        cordappsDirectory.toFile().deleteOnExit()
+        cordappsDirectory.deleteRecursively()
         cordappsDirectory.createDirectories()
-        cordappsDirectory
     }
-}
\ No newline at end of file
+}
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
new file mode 100644
index 0000000000..831198320c
--- /dev/null
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
@@ -0,0 +1,26 @@
+package net.corda.testing.node.internal
+
+import net.corda.testing.node.TestCordapp
+
+data class TestCordappImpl(override val name: String,
+                           override val version: String,
+                           override val vendor: String,
+                           override val title: String,
+                           override val targetVersion: Int,
+                           override val packages: Set<String>,
+                           val classes: Set<Class<*>>) : TestCordapp {
+
+    override fun withName(name: String): TestCordappImpl = copy(name = name)
+
+    override fun withVersion(version: String): TestCordappImpl = copy(version = version)
+
+    override fun withVendor(vendor: String): TestCordappImpl = copy(vendor = vendor)
+
+    override fun withTitle(title: String): TestCordappImpl = copy(title = title)
+
+    override fun withTargetVersion(targetVersion: Int): TestCordappImpl = copy(targetVersion = targetVersion)
+
+    fun withClasses(vararg classes: Class<*>): TestCordappImpl {
+        return copy(classes = classes.filter { clazz -> packages.none { clazz.name.startsWith("$it.") } }.toSet())
+    }
+}
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
index 6980e8eaca..5ab15cb556 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappsUtils.kt
@@ -1,100 +1,34 @@
 package net.corda.testing.node.internal
 
 import io.github.classgraph.ClassGraph
-import net.corda.core.internal.createDirectories
-import net.corda.core.internal.deleteIfExists
 import net.corda.core.internal.outputStream
 import net.corda.node.internal.cordapp.createTestManifest
-import net.corda.testing.driver.TestCorDapp
-import org.apache.commons.io.IOUtils
-import java.io.OutputStream
-import java.net.URI
-import java.net.URL
+import net.corda.testing.node.TestCordapp
 import java.nio.file.Path
 import java.nio.file.attribute.FileTime
 import java.time.Instant
-import java.util.*
 import java.util.jar.JarOutputStream
 import java.util.zip.ZipEntry
-import java.util.zip.ZipOutputStream
 import kotlin.reflect.KClass
 
-/**
- * Packages some [JarEntryInfo] into a CorDapp JAR with specified [path].
- * @param path The path of the JAR.
- * @param willResourceBeAddedBeToCorDapp A filter for the inclusion of [JarEntryInfo] in the JAR.
- */
-internal fun Iterable<JarEntryInfo>.packageToCorDapp(path: Path, name: String, version: String, vendor: String, title: String = name, willResourceBeAddedBeToCorDapp: (String, URL) -> Boolean = { _, _ -> true }) {
+@JvmField
+val FINANCE_CORDAPP: TestCordappImpl = cordappForPackages("net.corda.finance")
 
-    var hasContent = false
-    try {
-        hasContent = packageToCorDapp(path.outputStream(), name, version, vendor, title, willResourceBeAddedBeToCorDapp)
-    } finally {
-        if (!hasContent) {
-            path.deleteIfExists()
-        }
-    }
+/** Creates a [TestCordappImpl] for each package. */
+fun cordappsForPackages(vararg packageNames: String): List<TestCordappImpl> = cordappsForPackages(packageNames.asList())
+
+fun cordappsForPackages(packageNames: Iterable<String>): List<TestCordappImpl> {
+    return simplifyScanPackages(packageNames).map { cordappForPackages(it) }
 }
 
-/**
- * Packages some [JarEntryInfo] into a CorDapp JAR using specified [outputStream].
- * @param outputStream The [OutputStream] for the JAR.
- * @param willResourceBeAddedBeToCorDapp A filter for the inclusion of [JarEntryInfo] in the JAR.
- */
-internal fun Iterable<JarEntryInfo>.packageToCorDapp(outputStream: OutputStream, name: String, version: String, vendor: String, title: String = name, willResourceBeAddedBeToCorDapp: (String, URL) -> Boolean = { _, _ -> true }): Boolean {
-
-    val manifest = createTestManifest(name, title, version, vendor)
-    return JarOutputStream(outputStream, manifest).use { jos -> zip(jos, willResourceBeAddedBeToCorDapp) }
+/** Creates a single [TestCordappImpl] containing all the given packges. */
+fun cordappForPackages(vararg packageNames: String): TestCordappImpl {
+    return TestCordapp.Factory.fromPackages(*packageNames) as TestCordappImpl
 }
 
-/**
- * Transforms a [Class] into a [JarEntryInfo].
- */
-internal fun Class<*>.jarEntryInfo(): JarEntryInfo {
-
-    return JarEntryInfo.ClassJarEntryInfo(this)
-}
-
-/**
- * Packages some [TestCorDapp]s under a root [directory], each with it's own JAR.
- * @param directory The parent directory in which CorDapp JAR will be created.
- */
-fun Iterable<TestCorDapp>.packageInDirectory(directory: Path) {
-
-    directory.createDirectories()
-    forEach { cordapp -> cordapp.packageAsJarInDirectory(directory) }
-}
-
-/**
- * Returns all classes within the [targetPackage].
- */
-fun allClassesForPackage(targetPackage: String): Set<Class<*>> {
-    return ClassGraph()
-            .whitelistPackages(targetPackage)
-            .enableAllInfo()
-            .scan()
-            .use { it.allClasses.loadClasses() }
-            .toSet()
-}
-
-/**
- * Maps each package to a [TestCorDapp] with resources found in that package.
- */
-fun cordappsForPackages(packages: Iterable<String>): Set<TestCorDapp> {
-
-    return simplifyScanPackages(packages).toSet().fold(emptySet()) { all, packageName -> all + testCorDapp(packageName) }
-}
-
-/**
- * Maps each package to a [TestCorDapp] with resources found in that package.
- */
-fun cordappsForPackages(firstPackage: String, vararg otherPackages: String): Set<TestCorDapp> {
-
-    return cordappsForPackages(setOf(*otherPackages) + firstPackage)
-}
+fun cordappForClasses(vararg classes: Class<*>): TestCordappImpl = cordappForPackages().withClasses(*classes)
 
 fun getCallerClass(directCallerClass: KClass<*>): Class<*>? {
-
     val stackTrace = Throwable().stackTrace
     val index = stackTrace.indexOfLast { it.className == directCallerClass.java.name }
     if (index == -1) return null
@@ -105,112 +39,42 @@ fun getCallerClass(directCallerClass: KClass<*>): Class<*>? {
     }
 }
 
-fun getCallerPackage(directCallerClass: KClass<*>): String? {
-
-    return getCallerClass(directCallerClass)?.`package`?.name
-}
-
-/**
- * Returns a [TestCorDapp] containing resources found in [packageName].
- */
-internal fun testCorDapp(packageName: String): TestCorDapp {
-
-    val uuid = UUID.randomUUID()
-    val name = "$packageName-$uuid"
-    val version = "$uuid"
-    return TestCorDapp.Factory.create(name, version).plusPackage(packageName)
-}
+fun getCallerPackage(directCallerClass: KClass<*>): String? = getCallerClass(directCallerClass)?.`package`?.name
 
 /**
  * Squashes child packages if the parent is present. Example: ["com.foo", "com.foo.bar"] into just ["com.foo"].
  */
-fun simplifyScanPackages(scanPackages: Iterable<String>): List<String> {
-
-    return scanPackages.sorted().fold(emptyList()) { listSoFar, packageName ->
+fun simplifyScanPackages(scanPackages: Iterable<String>): Set<String> {
+    return scanPackages.sorted().fold(emptySet()) { soFar, packageName ->
         when {
-            listSoFar.isEmpty() -> listOf(packageName)
-            packageName.startsWith(listSoFar.last()) -> listSoFar
-            else -> listSoFar + packageName
+            soFar.isEmpty() -> setOf(packageName)
+            packageName.startsWith("${soFar.last()}.") -> soFar
+            else -> soFar + packageName
         }
     }
 }
 
-/**
- * Transforms a class or package name into a path segment.
- */
-internal fun String.packageToJarPath() = replace(".", "/")
+fun TestCordappImpl.packageAsJar(file: Path) {
+    // Don't mention "classes" in the error message as that feature is only available internally
+    require(packages.isNotEmpty() || classes.isNotEmpty()) { "At least one package must be specified" }
 
-private fun Iterable<JarEntryInfo>.zip(outputStream: ZipOutputStream, willResourceBeAddedBeToCorDapp: (String, URL) -> Boolean): Boolean {
+    val scanResult = ClassGraph()
+            .whitelistPackages(*packages.toTypedArray())
+            .whitelistClasses(*classes.map { it.name }.toTypedArray())
+            .scan()
 
-    val entries = filter { (fullyQualifiedName, url) -> willResourceBeAddedBeToCorDapp(fullyQualifiedName, url) }
-    if (entries.isNotEmpty()) {
-        zip(outputStream, entries)
-    }
-    return entries.isNotEmpty()
-}
-
-private fun zip(outputStream: ZipOutputStream, allInfo: Iterable<JarEntryInfo>) {
-
-    val time = FileTime.from(Instant.EPOCH)
-    val classLoader = Thread.currentThread().contextClassLoader
-    allInfo.distinctBy { it.url }.sortedBy { it.url.toExternalForm() }.forEach { info ->
-
-        try {
-            val entry = ZipEntry(info.entryName).setCreationTime(time).setLastAccessTime(time).setLastModifiedTime(time)
-            outputStream.putNextEntry(entry)
-            classLoader.getResourceAsStream(info.entryName).use {
-                IOUtils.copy(it, outputStream)
+    scanResult.use {
+        val manifest = createTestManifest(name, title, version, vendor, targetVersion)
+        JarOutputStream(file.outputStream(), manifest).use { jos ->
+            val time = FileTime.from(Instant.now())
+            // The same resource may be found in different locations (this will happen when running from gradle) so just
+            // pick the first one found.
+            scanResult.allResources.asMap().forEach { path, resourceList ->
+                val entry = ZipEntry(path).setCreationTime(time).setLastAccessTime(time).setLastModifiedTime(time)
+                jos.putNextEntry(entry)
+                resourceList[0].open().use { it.copyTo(jos) }
+                jos.closeEntry()
             }
-        } finally {
-            outputStream.closeEntry()
         }
     }
 }
-
-/**
- * Represents a single resource to be added to a CorDapp JAR.
- */
-internal sealed class JarEntryInfo(val fullyQualifiedName: String, val url: URL) {
-
-    abstract val entryName: String
-
-    /**
-     * Represents a class to be added to a CorDapp JAR.
-     */
-    class ClassJarEntryInfo(val clazz: Class<*>) : JarEntryInfo(clazz.name, clazz.classFileURL()) {
-
-        override val entryName = "${fullyQualifiedName.packageToJarPath()}$fileExtensionSeparator$classFileExtension"
-    }
-
-    /**
-     * Represents a resource file to be added to a CorDapp JAR.
-     */
-    class ResourceJarEntryInfo(fullyQualifiedName: String, url: URL) : JarEntryInfo(fullyQualifiedName, url) {
-
-        override val entryName: String
-            get() {
-                val extensionIndex = fullyQualifiedName.lastIndexOf(fileExtensionSeparator)
-                return "${fullyQualifiedName.substring(0 until extensionIndex).packageToJarPath()}${fullyQualifiedName.substring(extensionIndex)}"
-            }
-    }
-
-    operator fun component1(): String = fullyQualifiedName
-
-    operator fun component2(): URL = url
-
-    private companion object {
-
-        private const val classFileExtension = "class"
-        private const val fileExtensionSeparator = "."
-        private const val whitespace = " "
-        private const val whitespaceReplacement = "%20"
-
-        private fun Class<*>.classFileURL(): URL {
-
-            require(protectionDomain?.codeSource?.location != null) { "Invalid class $name for test CorDapp. Classes without protection domain cannot be referenced. This typically happens for Java / Kotlin types." }
-            return URI.create("${protectionDomain.codeSource.location}/${name.packageToJarPath()}$fileExtensionSeparator$classFileExtension".escaped()).toURL()
-        }
-
-        private fun String.escaped(): String = this.replace(whitespace, whitespaceReplacement)
-    }
-}
\ No newline at end of file
diff --git a/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt
new file mode 100644
index 0000000000..581195dfc8
--- /dev/null
+++ b/testing/node-driver/src/test/kotlin/net/corda/testing/node/internal/TestCordappsUtilsTest.kt
@@ -0,0 +1,93 @@
+package net.corda.testing.node.internal
+
+import net.corda.core.internal.inputStream
+import net.corda.node.internal.cordapp.get
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Rule
+import org.junit.Test
+import org.junit.rules.TemporaryFolder
+import java.nio.file.Path
+import java.util.jar.JarInputStream
+
+class TestCordappsUtilsTest {
+    @Rule
+    @JvmField
+    val tempFolder = TemporaryFolder()
+
+    @Test
+    fun `test simplifyScanPackages`() {
+        assertThat(simplifyScanPackages(emptyList())).isEmpty()
+        assertThat(simplifyScanPackages(listOf("com.foo.bar"))).containsExactlyInAnyOrder("com.foo.bar")
+        assertThat(simplifyScanPackages(listOf("com.foo", "com.foo"))).containsExactlyInAnyOrder("com.foo")
+        assertThat(simplifyScanPackages(listOf("com.foo", "com.bar"))).containsExactlyInAnyOrder("com.foo", "com.bar")
+        assertThat(simplifyScanPackages(listOf("com.foo", "com.foo.bar"))).containsExactlyInAnyOrder("com.foo")
+        assertThat(simplifyScanPackages(listOf("com.foo.bar", "com.foo"))).containsExactlyInAnyOrder("com.foo")
+        assertThat(simplifyScanPackages(listOf("com.foobar", "com.foo.bar"))).containsExactlyInAnyOrder("com.foobar", "com.foo.bar")
+        assertThat(simplifyScanPackages(listOf("com.foobar", "com.foo"))).containsExactlyInAnyOrder("com.foobar", "com.foo")
+    }
+
+    @Test
+    fun `packageAsJar writes out the CorDapp info into the manifest`() {
+        val cordapp = cordappForPackages("net.corda.testing.node.internal")
+                .withTargetVersion(123)
+                .withName("TestCordappsUtilsTest")
+
+        val jarFile = packageAsJar(cordapp)
+        JarInputStream(jarFile.inputStream()).use {
+            assertThat(it.manifest["Target-Platform-Version"]).isEqualTo("123")
+            assertThat(it.manifest["Name"]).isEqualTo("TestCordappsUtilsTest")
+        }
+    }
+
+    @Test
+    fun `packageAsJar on leaf package`() {
+        val entries = packageAsJarThenReadBack(cordappForPackages("net.corda.testing.node.internal"))
+
+        assertThat(entries).contains(
+                "net/corda/testing/node/internal/TestCordappsUtilsTest.class",
+                "net/corda/testing/node/internal/resource.txt" // Make sure non-class resource files are also picked up
+        ).doesNotContain(
+                "net/corda/testing/node/MockNetworkTest.class"
+        )
+
+        // Make sure the MockNetworkTest class does actually exist to ensure the above is not a false-positive
+        assertThat(javaClass.classLoader.getResource("net/corda/testing/node/MockNetworkTest.class")).isNotNull()
+    }
+
+    @Test
+    fun `packageAsJar on package with sub-packages`() {
+        val entries = packageAsJarThenReadBack(cordappForPackages("net.corda.testing.node"))
+
+        assertThat(entries).contains(
+                "net/corda/testing/node/internal/TestCordappsUtilsTest.class",
+                "net/corda/testing/node/internal/resource.txt",
+                "net/corda/testing/node/MockNetworkTest.class"
+        )
+    }
+
+    @Test
+    fun `packageAsJar on single class`() {
+        val entries = packageAsJarThenReadBack(cordappForClasses(InternalMockNetwork::class.java))
+
+        assertThat(entries).containsOnly("${InternalMockNetwork::class.java.name.replace('.', '/')}.class")
+    }
+
+    private fun packageAsJar(cordapp: TestCordappImpl): Path {
+        val jarFile = tempFolder.newFile().toPath()
+        cordapp.packageAsJar(jarFile)
+        return jarFile
+    }
+
+    private fun packageAsJarThenReadBack(cordapp: TestCordappImpl): List<String> {
+        val jarFile = packageAsJar(cordapp)
+        val entries = ArrayList<String>()
+        JarInputStream(jarFile.inputStream()).use {
+            while (true) {
+                val e = it.nextJarEntry ?: break
+                entries += e.name
+                it.closeEntry()
+            }
+        }
+        return entries
+    }
+}
diff --git a/testing/node-driver/src/test/resources/net/corda/testing/node/internal/resource.txt b/testing/node-driver/src/test/resources/net/corda/testing/node/internal/resource.txt
new file mode 100644
index 0000000000..e69de29bb2

From acd3490cde130568b6e4e486bd8b4be80b06af21 Mon Sep 17 00:00:00 2001
From: Joel Dudley <joel.dudley@r3cev.com>
Date: Mon, 15 Oct 2018 11:40:10 +0200
Subject: [PATCH 41/83] Updates docs structure. (#4072)

---
 docs/source/building-a-cordapp-index.rst | 12 +++++++-----
 docs/source/getting-set-up.rst           |  4 ++--
 docs/source/quickstart-index.rst         |  9 ---------
 docs/source/tutorial-cordapp.rst         |  4 ++--
 docs/source/writing-a-cordapp.rst        |  4 ++--
 5 files changed, 13 insertions(+), 20 deletions(-)

diff --git a/docs/source/building-a-cordapp-index.rst b/docs/source/building-a-cordapp-index.rst
index ad7b5457e5..1586941e93 100644
--- a/docs/source/building-a-cordapp-index.rst
+++ b/docs/source/building-a-cordapp-index.rst
@@ -5,16 +5,18 @@ CorDapps
    :maxdepth: 1
 
    cordapp-overview
+   getting-set-up
+   tutorial-cordapp
+   building-a-cordapp-samples
    writing-a-cordapp
+   cordapp-build-systems
+   building-against-master
    debugging-a-cordapp
    upgrade-notes
    upgrading-cordapps
-   cordapp-build-systems
-   building-against-master
-   corda-api
    secure-coding-guidelines
+   corda-api
    flow-cookbook
+   cheat-sheet
    vault
    soft-locking
-   cheat-sheet
-   building-a-cordapp-samples
diff --git a/docs/source/getting-set-up.rst b/docs/source/getting-set-up.rst
index fe0f0f62e8..e6c2c27d52 100644
--- a/docs/source/getting-set-up.rst
+++ b/docs/source/getting-set-up.rst
@@ -1,5 +1,5 @@
-Getting set up
-==============
+Getting set up for CorDapp development
+======================================
 
 Software requirements
 ---------------------
diff --git a/docs/source/quickstart-index.rst b/docs/source/quickstart-index.rst
index 40a2798807..c20b4ed10b 100644
--- a/docs/source/quickstart-index.rst
+++ b/docs/source/quickstart-index.rst
@@ -1,15 +1,6 @@
 Quickstart
 ==========
 
-.. only:: pdfmode
-
-   .. toctree::
-      :caption: Other docs
-      :maxdepth: 1
-
-      getting-set-up.rst
-      tutorial-cordapp.rst
-
 Welcome to the Corda Quickstart Guide. Follow the links below to help get going quickly with Corda.
 
 I want to:
diff --git a/docs/source/tutorial-cordapp.rst b/docs/source/tutorial-cordapp.rst
index 06789ea9a0..805808b761 100644
--- a/docs/source/tutorial-cordapp.rst
+++ b/docs/source/tutorial-cordapp.rst
@@ -4,8 +4,8 @@
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/codesets.js"></script>
 
-The example CorDapp
-===================
+Running the example CorDapp
+===========================
 
 .. contents::
 
diff --git a/docs/source/writing-a-cordapp.rst b/docs/source/writing-a-cordapp.rst
index 02bca02c2b..9678e0f9e6 100644
--- a/docs/source/writing-a-cordapp.rst
+++ b/docs/source/writing-a-cordapp.rst
@@ -1,5 +1,5 @@
-CorDapp structure
-=================
+Structuring a CorDapp
+=====================
 
 .. contents::
 

From af48612d46ca61254f081d795cb2f9d81784787c Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Mon, 15 Oct 2018 10:40:58 +0100
Subject: [PATCH 42/83] ENT-1906: Fix JavaDoc error for DJVM. (#4063)

---
 djvm/src/main/java/sandbox/java/lang/ThreadLocal.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java b/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java
index f416d3db16..8a2853bf82 100644
--- a/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java
+++ b/djvm/src/main/java/sandbox/java/lang/ThreadLocal.java
@@ -4,8 +4,8 @@ import sandbox.java.util.function.Supplier;
 
 /**
  * Everything inside the sandbox is single-threaded, so this
- * implementation of ThreadLocal<T> is sufficient.
- * @param <T>
+ * implementation of ThreadLocal is sufficient.
+ * @param <T> Underlying type of this thread-local variable.
  */
 @SuppressWarnings({"unused", "WeakerAccess"})
 public class ThreadLocal<T> extends Object {

From 194969477714286a46f0d13cdf5989fa0da24f12 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@r3.com>
Date: Mon, 20 Aug 2018 17:58:36 +0200
Subject: [PATCH 43/83] Add design doc on package namespace ownership

---
 .../package-namespace-ownership.md            | 92 +++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 docs/source/design/data-model-upgrades/package-namespace-ownership.md

diff --git a/docs/source/design/data-model-upgrades/package-namespace-ownership.md b/docs/source/design/data-model-upgrades/package-namespace-ownership.md
new file mode 100644
index 0000000000..aaffcf7473
--- /dev/null
+++ b/docs/source/design/data-model-upgrades/package-namespace-ownership.md
@@ -0,0 +1,92 @@
+# Package namespace ownership
+
+This design document outlines a new Corda feature that allows a compatibility zone to give ownership of parts of the Java package namespace to certain users.
+
+"*There are only two hard problems in computer science: 1. Cache invalidation, 2. Naming things, 3. Off by one errors*"
+
+
+
+## Background
+
+Corda implements a decentralised database that can be unilaterally extended with new data types and logic by its users, without any involvement by the closest equivalent we have to administrators (the "zone operator"). Even informing them is not required.
+
+This design minimises the power zone operators have and ensures deploying new apps can be fast and cheap - it's limited only by the speed with which the users themselves can move. But it introduces problematic levels of namespace complexity which can make programming securely harder than in regular non-decentralised programming. 
+
+#### Java namespaces
+
+A typical Java application, seen from the JVM level, has a flat namespace in which a single string name binds to a single class. In object oriented programming a class defines both a data structure and the code used to enforce various invariants like "a person's age may not be negative", so this allows a developer to reason about what the identifier `com.example.Person` really means throughout the lifetime of his program. 
+
+More complex Java applications may have a nested namespace using classloaders, thus inside a JVM a class is actually a pair of (classloader pointer, class name) and this can be used to support tricks like having two different versions of the same class in use simultaneously. The downside is more complexity for the developer to deal with. When things get mixed up this can surface (in Java 8) as nonsensical error messages like "com.example.Person cannot be casted to com.example.Person". In Java 9 classloaders were finally given names so these errors make more sense.
+
+#### Corda namespaces
+
+Corda has an even more complex namespace. States are identified using ordinary Java class names because programmers have to be able to write source code that works with them. But because there's no centralised coordination point and Java package namespacing is just a convention, the true name of a class when loaded and run includes the hash of the JAR that defines it. These "attached JARs" are a property of a *transaction* not a state, thus a state only has specific meaning within the context of a transaction. In this way the code that defines a state/contract can evolve over time without needing to constantly edit the ledger when new versions are released. We call this type of just-in-time selection of final logic when building a transaction as "implicit upgrades". The assumption is that data may live for much longer than code.
+
+The node maps attachments to class paths to classloaders, which ensures that the JVM's namespace is synced with the ledger during verification and it will interpret names relative to the transaction being processed. States outside of a transaction are bound to these true "decentralised names" using an indirection intended to allow for smooth migration between versions called *contract constraints*. 
+
+A constraint specifies what attachments can be used to implement the state's class name, with differing levels of ambiguity. Therefore a transaction's attachments must satisfy the included state's constraints. This scheme is somewhat complex, but gives developers freedom to combine multiple applications together in an agile environment where software is constantly changing, might be malicious and where trust relationships can be complex.
+
+The problem is that working with these sorts of sophisticated namespaces is hard, including for platform developers. 
+
+As the Java 8 error message example shows, even implementors of complex namespaces often don't get every detail right. Corda expects developers to understand that a `com.megacorp.token.MegaToken` class they find in a transaction or deserialise out of the vault might *not* have been the same as the `com.megacorp.token.MegaToken` class they had in mind when writing a program. It might be a legitimate later version, but it may also be a totally different class in the worst case written by an adversary e.g. one that gives the adversary the right to spend the token.
+
+## Goals
+
+* Provide a way to reduce the complexity of naming and working with names in Corda by allowing for a small amount of centralisation, balanced by a reduction in developer mental load.
+* Keep it optional for both zones and developers.
+* Allow most developers to work just with ordinary Java class names, without needing to consider the complexities of a decentralised namespace.
+
+## Non-goals
+
+* Directly make it easier to work with "decentralised names". This might come later.
+
+## Design
+
+To make it harder to accidentally write insecure code, we would like to support a compromise configuration in which a compatibility zone can publish a map of Java package namespaces to public keys. An app/attachment JAR may only define a class in that namespace if it is signed by the given public key. Using this feature would make a zone  slightly less decentralised, in order to obtain a significant reduction in mental overhead for developers.
+
+Example of how the network parameters would be extended, in pseudo-code:
+
+```kotlin
+data class JavaPackageName(name: String) {
+	init { /* verify 'name' is a valid Java package name */ }    
+}
+
+data class NetworkParameters(
+    ...
+    val packageOwnership: Map<JavaPackageName, PublicKey>
+)
+```
+
+Where the `PublicKey` object can be any of the algorithms supported by signature constraints. The map defines a set of dotted package names like `com.foo.bar` where any class in that package or any sub-package of that package is considered to match (so `com.foo.bar.baz.boz.Bish` is a match but `com.foo.barrier` does not).
+
+When a class is loaded from an attachment or application JAR signature checking is enabled. If the package of the class matches one of the owned namespaces, the JAR must be have enough signatures to satisfy the PublicKey (there may need to be more than one if the PublicKey is composite).
+
+Please note the following:
+
+* It's OK to have unsigned JARs.
+* It's OK to have JARs that are signed, but for which there are no claims in the network parameters.
+* It's OK if entries in the map are removed (system becomes more open). If entries in the map are added, this could cause consensus failures if people are still using old unsigned versions of the app.
+* The map specifies keys not certificate chains, therefore, the keys do not have to chain off the identity key of a zone member. App developers do not need to be members of a zone for their app to be used there.
+
+From a privacy and decentralisation perspective, the zone operator *may* learn who is developing apps in their zone or (in cases where a vendor makes a single app and thus it's obvious) which apps are being used. This is not ideal, but there are mitigations:
+
+* The privacy leak is optional.
+* The zone operator still doesn't learn who is using which apps.
+* There is no obligation for Java package namespaces to correlate obviously to real world identities or products. For example you could register a trivial "front" domain and claim ownership of that, then use it for your apps. The zone operator would see only a codename.
+
+#### Claiming a namespace
+
+The exact mechanism used to claim a namespace is up to the zone operator. A typical approach would be to accept an SSL certificate with the domain in it as proof of domain ownership, or to accept an email from that domain as long as the domain is using DKIM to prevent from header spoofing.
+
+#### The vault API
+
+The vault query API is an example of how tricky it can be to manage truly decentralised namespaces. The `Vault.Page` class does not include constraint information for a state. Therefore, if a generic app were to be storing states of many different types to the vault without having the specific apps installed, it might be possible for someone to create a confusing name e.g. an app created by MiniCorp could export a class named `com.megacorp.example.Token` and this would be mapped by the RPC deserialisation logic to the actual MegaCorp app - the RPC client would have no way to know this had happened, even if the user was correctly checking, which it's unlikely they would.
+
+The `StateMetadata` class can be easily extended to include constraint information, to make safely programming against a decentralised namespace possible. As part of this work this extension will be made.
+
+But the new field would still need to be used - a subtle detail that would be easy to overlook. Package namespace ownership ensures that if you have an app installed locally on the client side that implements `com.megacorp.example` , then that code is likely to match closely enough with the version that was verified by the node.
+
+
+
+
+

From 8e590cfc55b7d1d1839edf5dc3b8de29c5dfa058 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@r3.com>
Date: Fri, 12 Oct 2018 15:56:13 +0200
Subject: [PATCH 44/83] Attempt to improve the explanation at the start.

---
 .../package-namespace-ownership.md            | 30 +++++++++++++++----
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/docs/source/design/data-model-upgrades/package-namespace-ownership.md b/docs/source/design/data-model-upgrades/package-namespace-ownership.md
index aaffcf7473..2878222be1 100644
--- a/docs/source/design/data-model-upgrades/package-namespace-ownership.md
+++ b/docs/source/design/data-model-upgrades/package-namespace-ownership.md
@@ -18,17 +18,35 @@ A typical Java application, seen from the JVM level, has a flat namespace in whi
 
 More complex Java applications may have a nested namespace using classloaders, thus inside a JVM a class is actually a pair of (classloader pointer, class name) and this can be used to support tricks like having two different versions of the same class in use simultaneously. The downside is more complexity for the developer to deal with. When things get mixed up this can surface (in Java 8) as nonsensical error messages like "com.example.Person cannot be casted to com.example.Person". In Java 9 classloaders were finally given names so these errors make more sense.
 
+
+
 #### Corda namespaces
 
-Corda has an even more complex namespace. States are identified using ordinary Java class names because programmers have to be able to write source code that works with them. But because there's no centralised coordination point and Java package namespacing is just a convention, the true name of a class when loaded and run includes the hash of the JAR that defines it. These "attached JARs" are a property of a *transaction* not a state, thus a state only has specific meaning within the context of a transaction. In this way the code that defines a state/contract can evolve over time without needing to constantly edit the ledger when new versions are released. We call this type of just-in-time selection of final logic when building a transaction as "implicit upgrades". The assumption is that data may live for much longer than code.
+Corda faces an extension of the Java namespace problem - we have a global namespace in which malicious adversaries might be choosing names to be deliberately confusing. Nothing forces an app developer to follow the standard conventions for Java package or class names - someone could make an app that uses the same class name as one of your own apps. Corda needs to keep these two different classes, from different origins, separated.
 
-The node maps attachments to class paths to classloaders, which ensures that the JVM's namespace is synced with the ledger during verification and it will interpret names relative to the transaction being processed. States outside of a transaction are bound to these true "decentralised names" using an indirection intended to allow for smooth migration between versions called *contract constraints*. 
+On the core ledger this is done by associating each state with an _attachment_. The attachment is the JAR file that contains the class files used by states. To load a state, a classloader is defined that uses the attachments on a transaction, and then the state class is loaded via that classloader.
 
-A constraint specifies what attachments can be used to implement the state's class name, with differing levels of ambiguity. Therefore a transaction's attachments must satisfy the included state's constraints. This scheme is somewhat complex, but gives developers freedom to combine multiple applications together in an agile environment where software is constantly changing, might be malicious and where trust relationships can be complex.
+With this infrastructure in place, the Corda node and JVM can internally keep two classes that share the same name separated. The name of the state is, in effect, a list of attachments (hashes of JAR files) combined with a regular class name.
 
-The problem is that working with these sorts of sophisticated namespaces is hard, including for platform developers. 
 
-As the Java 8 error message example shows, even implementors of complex namespaces often don't get every detail right. Corda expects developers to understand that a `com.megacorp.token.MegaToken` class they find in a transaction or deserialise out of the vault might *not* have been the same as the `com.megacorp.token.MegaToken` class they had in mind when writing a program. It might be a legitimate later version, but it may also be a totally different class in the worst case written by an adversary e.g. one that gives the adversary the right to spend the token.
+
+#### Namespaces and versioning
+
+Names and namespaces are a critical part of how platforms of any kind handle software evolution. If component A is verifying the precise content of component B, e.g. by hashing it, then there can be no agility - component B can never be upgraded. Sometimes this is what's wanted. But usually you want the indirection of a name or set of names that stands in for some behaviour. Exactly how that behaviour is provided is abstracted away behind the mapping of the namespace to concrete artifacts.
+
+Versioning and resistance to malicious attack are likewise heavily interrelated, because given two different codebases that export the same names, it's possible that one is a legitimate upgrade which changes the logic behind the names in beneficial ways, and the other is an imposter that changes the logic in malicious ways. It's important to keep the differences straight, which can be hard because by their very nature, two versions of the same app tend to be nearly identical.
+
+
+
+#### Namespace complexity
+
+Reasoning about namespaces is hard and has historically led to security flaws in many platforms.
+
+Although the Corda namespace system _can_ keep overlapping but distinct apps separated, that unfortunately doesn't mean that everywhere it actually does. In a few places Corda does not currently provide all the data needed to work with full state names, although we are adding this data to RPC in Corda 4. 
+
+Even if Corda was sure to get every detail of this right in every area, a full ecosystem consists of many programs written by app developers - not just contracts and flows, but also RPC clients, bridges from internal systems and so on. It is unreasonable to expect developers to fully keep track of Corda compound names everywhere throughout the entire pipeline of tools and processes that may surround the node: some of them will lose track of the attachments list and end up with only a class name, and others will do things like serialise to JSON in which even type names go missing.
+
+Although we can work on improving our support and APIs for working with sophisticated compound names, we should also allow people to work with simpler namespaces again - like just Java class names. This involves a small sacrifice of decentralisation but the increase in security is probably worth it for most developers.
 
 ## Goals
 
@@ -38,7 +56,7 @@ As the Java 8 error message example shows, even implementors of complex namespac
 
 ## Non-goals
 
-* Directly make it easier to work with "decentralised names". This might come later.
+* Directly make it easier to work with "decentralised names". This can be a project that comes later.
 
 ## Design
 

From 6d4bdb84b94398448505e5eee494e1734517407c Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Mon, 15 Oct 2018 12:01:15 +0100
Subject: [PATCH 45/83] Code cleanup, mostly shortening long lines (#4070)

---
 .../net/corda/core/flows/FinalityFlowTests.kt | 16 ++---
 .../flows/WithReferencedStatesFlowTests.kt    |  5 +-
 docs/source/changelog.rst                     | 63 ++++++++++++-------
 .../net/corda/docs/java/FlowCookbook.java     |  8 +--
 .../java/tutorial/helloworld/IOUFlow.java     | 10 +--
 .../docs/java/tutorial/twoparty/IOUFlow.java  |  6 +-
 .../kotlin/tutorial/helloworld/IOUFlow.kt     |  2 +-
 .../docs/kotlin/tutorial/twoparty/IOUFlow.kt  |  1 -
 docs/source/tutorial-attachments.rst          |  4 ++
 .../FlowsDrainingModeContentionTest.kt        | 30 ++++-----
 .../events/ScheduledFlowIntegrationTests.kt   | 25 ++++++--
 .../test/cordapp/v1/FlowCheckpointCordapp.kt  |  9 ++-
 .../ScheduledFlowsDrainingModeTest.kt         | 35 ++++++-----
 .../node/services/FinalityHandlerTest.kt      |  8 +--
 .../services/ServiceHubConcurrentUsageTest.kt | 12 ++--
 .../services/events/ScheduledFlowTests.kt     |  6 +-
 .../vault/VaultSoftLockManagerTest.kt         | 18 ++++--
 .../net/corda/verification/TestCommsFlow.kt   | 13 ++--
 .../net/corda/verification/TestNotaryFlow.kt  | 13 ++--
 19 files changed, 157 insertions(+), 127 deletions(-)

diff --git a/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt b/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt
index 08d6741580..fd8ceab510 100644
--- a/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/FinalityFlowTests.kt
@@ -2,8 +2,6 @@ package net.corda.core.flows
 
 import com.natpryce.hamkrest.and
 import com.natpryce.hamkrest.assertion.assert
-import net.corda.testing.internal.matchers.flow.willReturn
-import net.corda.testing.internal.matchers.flow.willThrow
 import net.corda.core.flows.mixins.WithFinality
 import net.corda.core.identity.Party
 import net.corda.core.transactions.SignedTransaction
@@ -12,6 +10,8 @@ import net.corda.finance.POUNDS
 import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.issuedBy
 import net.corda.testing.core.*
+import net.corda.testing.internal.matchers.flow.willReturn
+import net.corda.testing.internal.matchers.flow.willThrow
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.TestStartedNode
 import net.corda.testing.node.internal.cordappsForPackages
@@ -21,7 +21,10 @@ import org.junit.Test
 class FinalityFlowTests : WithFinality {
     companion object {
         private val CHARLIE = TestIdentity(CHARLIE_NAME, 90).party
-        private val classMockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.finance.contracts.asset","net.corda.finance.schemas"))
+        private val classMockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages(
+                "net.corda.finance.contracts.asset",
+                "net.corda.finance.schemas"
+        ))
 
         @JvmStatic
         @AfterClass
@@ -33,7 +36,6 @@ class FinalityFlowTests : WithFinality {
     private val aliceNode = makeNode(ALICE_NAME)
     private val bobNode = makeNode(BOB_NAME)
 
-    private val alice = aliceNode.info.singleIdentity()
     private val bob = bobNode.info.singleIdentity()
     private val notary = mockNet.defaultNotaryIdentity
 
@@ -59,11 +61,9 @@ class FinalityFlowTests : WithFinality {
     }
 
     private fun TestStartedNode.signCashTransactionWith(other: Party): SignedTransaction {
-        val amount = 1000.POUNDS.issuedBy(alice.ref(0))
+        val amount = 1000.POUNDS.issuedBy(info.singleIdentity().ref(0))
         val builder = TransactionBuilder(notary)
         Cash().generateIssue(builder, amount, other, notary)
-
         return services.signInitialTransaction(builder)
     }
-
-}
\ No newline at end of file
+}
diff --git a/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt b/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
index a6d007b549..16be871aa0 100644
--- a/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/WithReferencedStatesFlowTests.kt
@@ -55,13 +55,13 @@ internal class CreateRefState : FlowLogic<SignedTransaction>() {
 }
 
 // A flow to update a specific reference state.
-internal class UpdateRefState(private val stateAndRef: StateAndRef<ContractState>) : FlowLogic<SignedTransaction>() {
+internal class UpdateRefState(private val stateAndRef: StateAndRef<RefState.State>) : FlowLogic<SignedTransaction>() {
     @Suspendable
     override fun call(): SignedTransaction {
         val notary = serviceHub.networkMapCache.notaryIdentities.first()
         val stx = serviceHub.signInitialTransaction(TransactionBuilder(notary = notary).apply {
             addInputState(stateAndRef)
-            addOutputState((stateAndRef.state.data as RefState.State).update(), RefState.CONTRACT_ID)
+            addOutputState(stateAndRef.state.data.update(), RefState.CONTRACT_ID)
             addCommand(RefState.Update(), listOf(ourIdentity.owningKey))
         })
         return subFlow(FinalityFlow(stx))
@@ -160,5 +160,4 @@ class WithReferencedStatesFlowTests {
         val result = useRefTx.getOrThrow()
         assertEquals(updatedRefState.ref, result.tx.references.single())
     }
-
 }
diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index 9b3e3bb571..f5fd3d3ae3 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -15,7 +15,8 @@ Unreleased
 
 * New overload for ``CordaRPCClient.start()`` method allowing to specify target legal identity to use for RPC call.
 
-* Case insensitive vault queries can be specified via a boolean on applicable SQL criteria builder operators. By default queries will be case sensitive.
+* Case insensitive vault queries can be specified via a boolean on applicable SQL criteria builder operators. By default
+  queries will be case sensitive.
 
 * Getter added to ``CordaRPCOps`` for the node's network parameters.
 
@@ -32,7 +33,8 @@ Unreleased
 * "app", "rpc", "p2p" and "unknown" are no longer allowed as uploader values when importing attachments. These are used
   internally in security sensitive code.
 
-* Introduced ``TestCorDapp`` and utilities to support asymmetric setups for nodes through ``DriverDSL``, ``MockNetwork`` and ``MockServices``.
+* Introduced ``TestCorDapp`` and utilities to support asymmetric setups for nodes through ``DriverDSL``, ``MockNetwork``
+  and ``MockServices``.
 
 * Change type of the ``checkpoint_value`` column. Please check the upgrade-notes on how to update your database.
 
@@ -46,7 +48,8 @@ Unreleased
   rather than IllegalStateException.
 
 * The Corda JPA entities no longer implement java.io.Serializable, as this was causing persistence errors in obscure cases.
-  Java serialization is disabled globally in the node, but in the unlikely event you were relying on these types being Java serializable please contact us.
+  Java serialization is disabled globally in the node, but in the unlikely event you were relying on these types being Java
+  serializable please contact us.
 
 * Remove all references to the out-of-process transaction verification.
 
@@ -104,7 +107,8 @@ Unreleased
 * The node's configuration is only printed on startup if ``devMode`` is ``true``, avoiding the risk of printing passwords
   in a production setup.
 
-* ``NodeStartup`` will now only print node's configuration if ``devMode`` is ``true``, avoiding the risk of printing passwords in a production setup.
+* ``NodeStartup`` will now only print node's configuration if ``devMode`` is ``true``, avoiding the risk of printing passwords
+  in a production setup.
 
 * SLF4J's MDC will now only be printed to the console if not empty. No more log lines ending with "{}".
 
@@ -169,13 +173,15 @@ Unreleased
 * Added public support for creating ``CordaRPCClient`` using SSL. For this to work the node needs to provide client applications
   a certificate to be added to a truststore. See :doc:`tutorial-clientrpc-api`
 
-* The node RPC broker opens 2 endpoints that are configured with ``address`` and ``adminAddress``. RPC Clients would connect to the address, while the node will connect
-  to the adminAddress. Previously if ssl was enabled for RPC the ``adminAddress`` was equal to ``address``.
+*The node RPC broker opens 2 endpoints that are configured with ``address`` and ``adminAddress``. RPC Clients would connect
+  to the address, while the node will connect to the adminAddress. Previously if ssl was enabled for RPC the ``adminAddress``
+  was equal to ``address``.
 
 * Upgraded H2 to v1.4.197
 
-* Shell (embedded available only in dev mode or via SSH) connects to the node via RPC instead of using the ``CordaRPCOps`` object directly.
-  To enable RPC connectivity ensure node’s ``rpcSettings.address`` and ``rpcSettings.adminAddress`` settings are present.
+* Shell (embedded available only in dev mode or via SSH) connects to the node via RPC instead of using the ``CordaRPCOps``
+  object directly. To enable RPC connectivity ensure node’s ``rpcSettings.address`` and ``rpcSettings.adminAddress`` settings
+  are present.
 
 * Changes to the network bootstrapper:
 
@@ -183,7 +189,8 @@ Unreleased
     whitelist.
   * The CorDapp jars are also copied to each nodes' ``cordapps`` directory.
 
-* Errors thrown by a Corda node will now reported to a calling RPC client with attention to serialization and obfuscation of internal data.
+* Errors thrown by a Corda node will now reported to a calling RPC client with attention to serialization and obfuscation
+  of internal data.
 
 * Serializing an inner class (non-static nested class in Java, inner class in Kotlin) will be rejected explicitly by the serialization
   framework. Prior to this change it didn't work, but the error thrown was opaque (complaining about too few arguments
@@ -191,13 +198,15 @@ Unreleased
   reference to the outer class) as per the Java documentation `here <https://docs.oracle.com/javase/tutorial/java/javaOO/nested.html>`_
   we are disallowing this as the paradigm in general makes little sense for contract states.
 
-* Node can be shut down abruptly by ``shutdown`` function in ``CordaRPCOps`` or gracefully (draining flows first) through ``gracefulShutdown`` command from shell.
+* Node can be shut down abruptly by ``shutdown`` function in ``CordaRPCOps`` or gracefully (draining flows first) through
+  ``gracefulShutdown`` command from shell.
 
 * API change: ``net.corda.core.schemas.PersistentStateRef`` fields (index and txId) are now non-nullable.
   The fields were always effectively non-nullable - values were set from non-nullable fields of other objects.
   The class is used as database Primary Key columns of other entities and databases already impose those columns as non-nullable
   (even if JPA annotation nullable=false was absent).
-  In case your Cordapps use this entity class to persist data in own custom tables as non Primary Key columns refer to :doc:`upgrade-notes` for upgrade instructions.
+  In case your Cordapps use this entity class to persist data in own custom tables as non Primary Key columns refer to
+  :doc:`upgrade-notes` for upgrade instructions.
 
 * Adding a public method to check if a public key satisfies Corda recommended algorithm specs, `Crypto.validatePublicKey(java.security.PublicKey)`.
   For instance, this method will check if an ECC key lies on a valid curve or if an RSA key is >= 2048bits. This might
@@ -248,9 +257,10 @@ Version 3.0
 * Per CorDapp configuration is now exposed. ``CordappContext`` now exposes a ``CordappConfig`` object that is populated
   at CorDapp context creation time from a file source during runtime.
 
-* Introduced Flow Draining mode, in which a node continues executing existing flows, but does not start new. This is to support graceful node shutdown/restarts.
-  In particular, when this mode is on, new flows through RPC will be rejected, scheduled flows will be ignored, and initial session messages will not be consumed.
-  This will ensure that the number of checkpoints will strictly diminish with time, allowing for a clean shutdown.
+* Introduced Flow Draining mode, in which a node continues executing existing flows, but does not start new. This is to
+  support graceful node shutdown/restarts. In particular, when this mode is on, new flows through RPC will be rejected,
+  scheduled flows will be ignored, and initial session messages will not be consumed. This will ensure that the number of
+  checkpoints will strictly diminish with time, allowing for a clean shutdown.
 
 * Make the serialisation finger-printer a pluggable entity rather than hard wiring into the factory
 
@@ -261,17 +271,19 @@ Version 3.0
 * Refactored ``NodeConfiguration`` to expose ``NodeRpcOptions`` (using top-level "rpcAddress" property still works with warning).
 * Modified ``CordaRPCClient`` constructor to take a ``SSLConfiguration?`` additional parameter, defaulted to ``null``.
 
-* Introduced ``CertificateChainCheckPolicy.UsernameMustMatchCommonName`` sub-type, allowing customers to optionally enforce username == CN condition on RPC SSL certificates.
+* Introduced ``CertificateChainCheckPolicy.UsernameMustMatchCommonName`` sub-type, allowing customers to optionally enforce
+  username == CN condition on RPC SSL certificates.
 
 * Modified ``DriverDSL`` and sub-types to allow specifying RPC settings for the Node.
 
-* Modified the ``DriverDSL`` to start Cordformation nodes allowing automatic generation of "rpcSettings.adminAddress" in case "rcpSettings.useSsl" is ``false`` (the default).
+* Modified the ``DriverDSL`` to start Cordformation nodes allowing automatic generation of "rpcSettings.adminAddress" in case
+  "rcpSettings.useSsl" is ``false`` (the default).
 
 * Introduced ``UnsafeCertificatesFactory`` allowing programmatic generation of X509 certificates for test purposes.
 
 * JPA Mapping annotations for States extending ``CommonSchemaV1.LinearState`` and ``CommonSchemaV1.FungibleState`` on the
-  `participants` collection need to be moved to the actual class. This allows to properly specify the unique table name per a collection.
-  See: DummyDealStateSchemaV1.PersistentDummyDealState
+  `participants` collection need to be moved to the actual class. This allows to properly specify the unique table name per
+  a collection. See: DummyDealStateSchemaV1.PersistentDummyDealState
 
 * X.509 certificates now have an extension that specifies the Corda role the certificate is used for, and the role
   hierarchy is now enforced in the validation code. See ``net.corda.core.internal.CertRole`` for the current implementation
@@ -556,7 +568,9 @@ Release 1.0
 * Vault query soft locking enhancements and deprecations
 
   * removed original ``VaultService`` ``softLockedStates`` query mechanism.
-  * introduced improved ``SoftLockingCondition`` filterable attribute in ``VaultQueryCriteria`` to enable specification of different soft locking retrieval behaviours (exclusive of soft locked states, soft locked states only, specified by set of lock ids)
+  * introduced improved ``SoftLockingCondition`` filterable attribute in ``VaultQueryCriteria`` to enable specification of
+    different soft locking retrieval behaviours (exclusive of soft locked states, soft locked states only, specified by set
+    of lock ids)
 
 * Trader demo now issues cash and commercial paper directly from the bank node, rather than the seller node self-issuing
   commercial paper but labelling it as if issued by the bank.
@@ -586,7 +600,8 @@ Release 1.0
   This may require adjusting imports of Cash flow references and also of ``StartFlow`` permission in ``gradle.build`` files.
 
 * Removed the concept of relevancy from ``LinearState``. The ``ContractState``'s relevancy to the vault can be determined
-  by the flow context, the vault will process any transaction from a flow which is not derived from transaction resolution verification.
+  by the flow context, the vault will process any transaction from a flow which is not derived from transaction resolution
+  verification.
 
 * Removed the tolerance attribute from ``TimeWindowChecker`` and thus, there is no extra tolerance on the notary side anymore.
 
@@ -769,9 +784,11 @@ Milestone 14
 
     * Pagination simplification. Pagination continues to be optional, with following changes:
 
-      - If no PageSpecification provided then a maximum of MAX_PAGE_SIZE (200) results will be returned, otherwise we fail-fast with a ``VaultQueryException`` to alert the API user to the need to specify a PageSpecification.
-        Internally, we no longer need to calculate a results count (thus eliminating an expensive SQL query) unless a PageSpecification is supplied (note: that a value of -1 is returned for total_results in this scenario).
-        Internally, we now use the AggregateFunction capability to perform the count.
+      - If no PageSpecification provided then a maximum of MAX_PAGE_SIZE (200) results will be returned, otherwise we fail-fast
+        with a ``VaultQueryException`` to alert the API user to the need to specify a PageSpecification. Internally, we no
+        longer need to calculate a results count (thus eliminating an expensive SQL query) unless a PageSpecification is
+        supplied (note: that a value of -1 is returned for total_results in this scenario). Internally, we now use the
+        AggregateFunction capability to perform the count.
       - Paging now starts from 1 (was previously 0).
 
     * Additional Sort criteria: by StateRef (or constituents: txId, index)
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/FlowCookbook.java b/docs/source/example-code/src/main/java/net/corda/docs/java/FlowCookbook.java
index b8cb3a439b..db7ea8818d 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/FlowCookbook.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/FlowCookbook.java
@@ -28,11 +28,11 @@ import java.security.GeneralSecurityException;
 import java.security.PublicKey;
 import java.time.Duration;
 import java.time.Instant;
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static java.util.Collections.*;
 import static net.corda.core.contracts.ContractsDSL.requireThat;
 import static net.corda.core.crypto.Crypto.generateKeyPair;
 
@@ -528,7 +528,7 @@ public class FlowCookbook {
             // other required signers using ``CollectSignaturesFlow``.
             // The responder flow will need to call ``SignTransactionFlow``.
             // DOCSTART 15
-            SignedTransaction fullySignedTx = subFlow(new CollectSignaturesFlow(twiceSignedTx, Collections.emptySet(), SIGS_GATHERING.childProgressTracker()));
+            SignedTransaction fullySignedTx = subFlow(new CollectSignaturesFlow(twiceSignedTx, emptySet(), SIGS_GATHERING.childProgressTracker()));
             // DOCEND 15
 
             /*------------------------
@@ -557,7 +557,7 @@ public class FlowCookbook {
                 // ``Arrays.asList(counterpartyPubKey)`` instead of
                 // ``Collections.singletonList(counterpartyPubKey)``.
                 // DOCSTART 54
-                onceSignedTx.verifySignaturesExcept(Collections.singletonList(counterpartyPubKey));
+                onceSignedTx.verifySignaturesExcept(singletonList(counterpartyPubKey));
                 // DOCEND 54
 
                 // We can also choose to only check the signatures that are
@@ -583,7 +583,7 @@ public class FlowCookbook {
             // We can also choose to send it to additional parties who aren't one
             // of the state's participants.
             // DOCSTART 10
-            Set<Party> additionalParties = Collections.singleton(regulator);
+            Set<Party> additionalParties = singleton(regulator);
             SignedTransaction notarisedTx2 = subFlow(new FinalityFlow(fullySignedTx, additionalParties, FINALISATION.childProgressTracker()));
             // DOCEND 10
 
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/helloworld/IOUFlow.java b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/helloworld/IOUFlow.java
index fd35ab75ac..c752acd59d 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/helloworld/IOUFlow.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/helloworld/IOUFlow.java
@@ -15,7 +15,7 @@ import net.corda.core.utilities.ProgressTracker;
 
 import static com.template.TemplateContract.TEMPLATE_CONTRACT_ID;
 
-// Replace TemplateFlow's definition with:
+// Replace Initiator's definition with:
 @InitiatingFlow
 @StartableByRPC
 public class IOUFlow extends FlowLogic<Void> {
@@ -44,7 +44,7 @@ public class IOUFlow extends FlowLogic<Void> {
     @Override
     public Void call() throws FlowException {
         // We retrieve the notary identity from the network map.
-        final Party notary = getServiceHub().getNetworkMapCache().getNotaryIdentities().get(0);
+        Party notary = getServiceHub().getNetworkMapCache().getNotaryIdentities().get(0);
 
         // We create the transaction components.
         IOUState outputState = new IOUState(iouValue, getOurIdentity(), otherParty);
@@ -52,12 +52,12 @@ public class IOUFlow extends FlowLogic<Void> {
         Command cmd = new Command<>(cmdType, getOurIdentity().getOwningKey());
 
         // We create a transaction builder and add the components.
-        final TransactionBuilder txBuilder = new TransactionBuilder(notary)
+        TransactionBuilder txBuilder = new TransactionBuilder(notary)
                 .addOutputState(outputState, TEMPLATE_CONTRACT_ID)
                 .addCommand(cmd);
 
         // Signing the transaction.
-        final SignedTransaction signedTx = getServiceHub().signInitialTransaction(txBuilder);
+        SignedTransaction signedTx = getServiceHub().signInitialTransaction(txBuilder);
 
         // Finalising the transaction.
         subFlow(new FinalityFlow(signedTx));
@@ -65,4 +65,4 @@ public class IOUFlow extends FlowLogic<Void> {
         return null;
     }
 }
-// DOCEND 01
\ No newline at end of file
+// DOCEND 01
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java
index a7dd8c6c22..afc88a12fb 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/twoparty/IOUFlow.java
@@ -43,11 +43,11 @@ public class IOUFlow extends FlowLogic<Void> {
     @Override
     public Void call() throws FlowException {
         // We retrieve the notary identity from the network map.
-        final Party notary = getServiceHub().getNetworkMapCache().getNotaryIdentities().get(0);
+        Party notary = getServiceHub().getNetworkMapCache().getNotaryIdentities().get(0);
 
         // DOCSTART 02
         // We create a transaction builder.
-        final TransactionBuilder txBuilder = new TransactionBuilder();
+        TransactionBuilder txBuilder = new TransactionBuilder();
         txBuilder.setNotary(notary);
 
         // We create the transaction components.
@@ -63,7 +63,7 @@ public class IOUFlow extends FlowLogic<Void> {
         txBuilder.verify(getServiceHub());
 
         // Signing the transaction.
-        final SignedTransaction signedTx = getServiceHub().signInitialTransaction(txBuilder);
+        SignedTransaction signedTx = getServiceHub().signInitialTransaction(txBuilder);
 
         // Creating a session with the other party.
         FlowSession otherPartySession = initiateFlow(otherParty);
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUFlow.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUFlow.kt
index 9c92571ce3..d560b5553d 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUFlow.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/helloworld/IOUFlow.kt
@@ -18,7 +18,7 @@ import net.corda.core.utilities.ProgressTracker
 
 import com.template.TemplateContract.TEMPLATE_CONTRACT_ID
 
-// Replace TemplateFlow's definition with:
+// Replace Initiator's definition with:
 @InitiatingFlow
 @StartableByRPC
 class IOUFlow(val iouValue: Int,
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt
index bffd19472d..f438107c88 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/twoparty/IOUFlow.kt
@@ -14,7 +14,6 @@ import net.corda.core.flows.StartableByRPC
 import net.corda.core.identity.Party
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.ProgressTracker
-
 // DOCEND 01
 
 @InitiatingFlow
diff --git a/docs/source/tutorial-attachments.rst b/docs/source/tutorial-attachments.rst
index cbd3ad8013..4c01efb226 100644
--- a/docs/source/tutorial-attachments.rst
+++ b/docs/source/tutorial-attachments.rst
@@ -1,4 +1,8 @@
 .. highlight:: kotlin
+.. raw:: html
+
+   <script type="text/javascript" src="_static/jquery.js"></script>
+   <script type="text/javascript" src="_static/codesets.js"></script>
 
 Using attachments
 =================
diff --git a/node/src/integration-test/kotlin/net/corda/node/modes/draining/FlowsDrainingModeContentionTest.kt b/node/src/integration-test/kotlin/net/corda/node/modes/draining/FlowsDrainingModeContentionTest.kt
index 72bd435160..24b4c83340 100644
--- a/node/src/integration-test/kotlin/net/corda/node/modes/draining/FlowsDrainingModeContentionTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/modes/draining/FlowsDrainingModeContentionTest.kt
@@ -1,10 +1,8 @@
 package net.corda.node.modes.draining
 
 import co.paralleluniverse.fibers.Suspendable
-import net.corda.testMessage.MESSAGE_CONTRACT_PROGRAM_ID
-import net.corda.testMessage.Message
-import net.corda.testMessage.MessageContract
-import net.corda.testMessage.MessageState
+import net.corda.RpcInfo
+import net.corda.client.rpc.CordaRPCClient
 import net.corda.core.contracts.Command
 import net.corda.core.contracts.StateAndContract
 import net.corda.core.flows.*
@@ -15,9 +13,11 @@ import net.corda.core.transactions.SignedTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
-import net.corda.RpcInfo
-import net.corda.client.rpc.CordaRPCClient
 import net.corda.node.services.Permissions.Companion.all
+import net.corda.testMessage.MESSAGE_CONTRACT_PROGRAM_ID
+import net.corda.testMessage.Message
+import net.corda.testMessage.MessageContract
+import net.corda.testMessage.MessageState
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.singleIdentity
@@ -53,7 +53,11 @@ class FlowsDrainingModeContentionTest {
     @Test
     fun `draining mode does not deadlock with acks between 2 nodes`() {
         val message = "Ground control to Major Tom"
-        driver(DriverParameters(startNodesInProcess = true, portAllocation = portAllocation, extraCordappPackagesToScan = listOf(MessageState::class.packageName))) {
+        driver(DriverParameters(
+                startNodesInProcess = true,
+                portAllocation = portAllocation,
+                extraCordappPackagesToScan = listOf(MessageState::class.packageName)
+        )) {
             val nodeA = startNode(providedName = ALICE_NAME, rpcUsers = users).getOrThrow()
             val nodeB = startNode(providedName = BOB_NAME, rpcUsers = users).getOrThrow()
 
@@ -70,11 +74,12 @@ class FlowsDrainingModeContentionTest {
 
 @StartableByRPC
 @InitiatingFlow
-class ProposeTransactionAndWaitForCommit(private val data: String, private val myRpcInfo: RpcInfo, private val counterParty: Party, private val notary: Party) : FlowLogic<SignedTransaction>() {
-
+class ProposeTransactionAndWaitForCommit(private val data: String,
+                                         private val myRpcInfo: RpcInfo,
+                                         private val counterParty: Party,
+                                         private val notary: Party) : FlowLogic<SignedTransaction>() {
     @Suspendable
     override fun call(): SignedTransaction {
-
         val session = initiateFlow(counterParty)
         val messageState = MessageState(message = Message(data), by = ourIdentity)
         val command = Command(MessageContract.Commands.Send(), messageState.participants.map { it.owningKey })
@@ -91,10 +96,8 @@ class ProposeTransactionAndWaitForCommit(private val data: String, private val m
 
 @InitiatedBy(ProposeTransactionAndWaitForCommit::class)
 class SignTransactionTriggerDrainingModeAndFinality(private val session: FlowSession) : FlowLogic<Unit>() {
-
     @Suspendable
     override fun call() {
-
         val tx = subFlow(ReceiveTransactionFlow(session))
         val signedTx = serviceHub.addSignature(tx)
         val initiatingRpcInfo = session.receive<RpcInfo>().unwrap { it }
@@ -105,9 +108,8 @@ class SignTransactionTriggerDrainingModeAndFinality(private val session: FlowSes
     }
 
     private fun triggerDrainingModeForInitiatingNode(initiatingRpcInfo: RpcInfo) {
-
         CordaRPCClient(initiatingRpcInfo.address).start(initiatingRpcInfo.username, initiatingRpcInfo.password).use {
             it.proxy.setFlowsDrainingModeEnabled(true)
         }
     }
-}
\ No newline at end of file
+}
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/events/ScheduledFlowIntegrationTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/events/ScheduledFlowIntegrationTests.kt
index f858e6189c..c7442a3cc7 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/events/ScheduledFlowIntegrationTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/events/ScheduledFlowIntegrationTests.kt
@@ -32,11 +32,14 @@ import kotlin.test.assertEquals
 
 class ScheduledFlowIntegrationTests {
     @StartableByRPC
-    class InsertInitialStateFlow(private val destination: Party, private val notary: Party, private val identity: Int = 1, private val scheduledFor: Instant? = null) : FlowLogic<Unit>() {
+    class InsertInitialStateFlow(private val destination: Party,
+                                 private val notary: Party,
+                                 private val identity: Int = 1,
+                                 private val scheduledFor: Instant? = null) : FlowLogic<Unit>() {
         @Suspendable
         override fun call() {
-            val scheduledState = ScheduledState(scheduledFor
-                    ?: serviceHub.clock.instant(), ourIdentity, destination, identity.toString())
+            val creationTime = scheduledFor ?: serviceHub.clock.instant()
+            val scheduledState = ScheduledState(creationTime, ourIdentity, destination, identity.toString())
             val builder = TransactionBuilder(notary)
                     .addOutputState(scheduledState, DummyContract.PROGRAM_ID)
                     .addCommand(dummyCommand(ourIdentity.owningKey))
@@ -90,8 +93,20 @@ class ScheduledFlowIntegrationTests {
             val scheduledFor = Instant.now().plusSeconds(10)
             val initialiseFutures = mutableListOf<CordaFuture<*>>()
             for (i in 0 until N) {
-                initialiseFutures.add(aliceClient.proxy.startFlow(::InsertInitialStateFlow, bob.nodeInfo.legalIdentities.first(), defaultNotaryIdentity, i, scheduledFor).returnValue)
-                initialiseFutures.add(bobClient.proxy.startFlow(::InsertInitialStateFlow, alice.nodeInfo.legalIdentities.first(), defaultNotaryIdentity, i + 100, scheduledFor).returnValue)
+                initialiseFutures.add(aliceClient.proxy.startFlow(
+                        ::InsertInitialStateFlow,
+                        bob.nodeInfo.legalIdentities.first(),
+                        defaultNotaryIdentity,
+                        i,
+                        scheduledFor
+                ).returnValue)
+                initialiseFutures.add(bobClient.proxy.startFlow(
+                        ::InsertInitialStateFlow,
+                        alice.nodeInfo.legalIdentities.first(),
+                        defaultNotaryIdentity,
+                        i + 100,
+                        scheduledFor
+                ).returnValue)
             }
             initialiseFutures.getOrThrowAll()
 
diff --git a/node/src/integration-test/kotlin/net/test/cordapp/v1/FlowCheckpointCordapp.kt b/node/src/integration-test/kotlin/net/test/cordapp/v1/FlowCheckpointCordapp.kt
index 75ca920b44..e32f106338 100644
--- a/node/src/integration-test/kotlin/net/test/cordapp/v1/FlowCheckpointCordapp.kt
+++ b/node/src/integration-test/kotlin/net/test/cordapp/v1/FlowCheckpointCordapp.kt
@@ -46,12 +46,12 @@ class SendMessageFlow(private val message: Message, private val notary: Party, p
 
         progressTracker.currentStep = FINALISING_TRANSACTION
 
-        if (reciepent != null) {
+        return if (reciepent != null) {
             val session = initiateFlow(reciepent)
             subFlow(SendTransactionFlow(session, signedTx))
-            return  subFlow(FinalityFlow(signedTx, setOf(reciepent), FINALISING_TRANSACTION.childProgressTracker()))
+            subFlow(FinalityFlow(signedTx, setOf(reciepent), FINALISING_TRANSACTION.childProgressTracker()))
         } else {
-            return subFlow(FinalityFlow(signedTx, FINALISING_TRANSACTION.childProgressTracker()))
+            subFlow(FinalityFlow(signedTx, FINALISING_TRANSACTION.childProgressTracker()))
         }
     }
 }
@@ -59,10 +59,9 @@ class SendMessageFlow(private val message: Message, private val notary: Party, p
 
 @InitiatedBy(SendMessageFlow::class)
 class Record(private val session: FlowSession) : FlowLogic<Unit>() {
-
     @Suspendable
     override fun call() {
         val tx = subFlow(ReceiveTransactionFlow(session, statesToRecord = StatesToRecord.ALL_VISIBLE))
         serviceHub.addSignature(tx)
     }
-}
\ No newline at end of file
+}
diff --git a/node/src/test/kotlin/net/corda/node/modes/draining/ScheduledFlowsDrainingModeTest.kt b/node/src/test/kotlin/net/corda/node/modes/draining/ScheduledFlowsDrainingModeTest.kt
index 9382566ab5..ba34d75539 100644
--- a/node/src/test/kotlin/net/corda/node/modes/draining/ScheduledFlowsDrainingModeTest.kt
+++ b/node/src/test/kotlin/net/corda/node/modes/draining/ScheduledFlowsDrainingModeTest.kt
@@ -8,8 +8,8 @@ import net.corda.core.flows.FlowLogicRefFactory
 import net.corda.core.flows.SchedulableFlow
 import net.corda.core.identity.Party
 import net.corda.core.transactions.TransactionBuilder
+import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.getOrThrow
-import net.corda.core.utilities.loggerFor
 import net.corda.testing.contracts.DummyContract
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
@@ -28,6 +28,9 @@ import kotlin.reflect.jvm.jvmName
 import kotlin.test.fail
 
 class ScheduledFlowsDrainingModeTest {
+    companion object {
+        private val logger = contextLogger()
+    }
 
     private lateinit var mockNet: InternalMockNetwork
     private lateinit var aliceNode: TestStartedNode
@@ -38,10 +41,6 @@ class ScheduledFlowsDrainingModeTest {
 
     private var executor: ScheduledExecutorService? = null
 
-    companion object {
-        private val logger = loggerFor<ScheduledFlowsDrainingModeTest>()
-    }
-
     @Before
     fun setup() {
         mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.testing.contracts"), threadPerNode = true)
@@ -61,7 +60,6 @@ class ScheduledFlowsDrainingModeTest {
 
     @Test
     fun `flows draining mode ignores scheduled flows until unset`() {
-
         val latch = CountDownLatch(1)
         var shouldFail = true
 
@@ -73,7 +71,8 @@ class ScheduledFlowsDrainingModeTest {
                 .map { update -> update.produced.single().state.data as ScheduledState }
 
         scheduledStates.filter { state -> !state.processed }.doOnNext { _ ->
-            // this is needed because there is a delay between the moment a SchedulableState gets in the Vault and the first time nextScheduledActivity is called
+            // This is needed because there is a delay between the moment a SchedulableState gets in the Vault and the
+            // first time nextScheduledActivity is called
             executor!!.schedule({
                 logger.info("Disabling flows draining mode")
                 shouldFail = false
@@ -96,8 +95,11 @@ class ScheduledFlowsDrainingModeTest {
         latch.await()
     }
 
-    data class ScheduledState(private val creationTime: Instant, val source: Party, val destination: Party, val processed: Boolean = false, override val linearId: UniqueIdentifier = UniqueIdentifier()) : SchedulableState, LinearState {
-
+    data class ScheduledState(private val creationTime: Instant,
+                              val source: Party,
+                              val destination: Party,
+                              val processed: Boolean = false,
+                              override val linearId: UniqueIdentifier = UniqueIdentifier()) : SchedulableState, LinearState {
         override fun nextScheduledActivity(thisStateRef: StateRef, flowLogicRefFactory: FlowLogicRefFactory): ScheduledActivity? {
             return if (!processed) {
                 val logicRef = flowLogicRefFactory.create(ScheduledFlow::class.jvmName, thisStateRef)
@@ -111,12 +113,12 @@ class ScheduledFlowsDrainingModeTest {
     }
 
     class InsertInitialStateFlow(private val destination: Party, private val notary: Party) : FlowLogic<Unit>() {
-
         @Suspendable
         override fun call() {
-
             val scheduledState = ScheduledState(serviceHub.clock.instant(), ourIdentity, destination)
-            val builder = TransactionBuilder(notary).addOutputState(scheduledState, DummyContract.PROGRAM_ID).addCommand(dummyCommand(ourIdentity.owningKey))
+            val builder = TransactionBuilder(notary)
+                    .addOutputState(scheduledState, DummyContract.PROGRAM_ID)
+                    .addCommand(dummyCommand(ourIdentity.owningKey))
             val tx = serviceHub.signInitialTransaction(builder)
             subFlow(FinalityFlow(tx))
         }
@@ -124,10 +126,8 @@ class ScheduledFlowsDrainingModeTest {
 
     @SchedulableFlow
     class ScheduledFlow(private val stateRef: StateRef) : FlowLogic<Unit>() {
-
         @Suspendable
         override fun call() {
-
             val state = serviceHub.toStateAndRef<ScheduledState>(stateRef)
             val scheduledState = state.state.data
             // Only run flow over states originating on this node
@@ -137,9 +137,12 @@ class ScheduledFlowsDrainingModeTest {
             require(!scheduledState.processed) { "State should not have been previously processed" }
             val notary = state.state.notary
             val newStateOutput = scheduledState.copy(processed = true)
-            val builder = TransactionBuilder(notary).addInputState(state).addOutputState(newStateOutput, DummyContract.PROGRAM_ID).addCommand(dummyCommand(ourIdentity.owningKey))
+            val builder = TransactionBuilder(notary)
+                    .addInputState(state)
+                    .addOutputState(newStateOutput, DummyContract.PROGRAM_ID)
+                    .addCommand(dummyCommand(ourIdentity.owningKey))
             val tx = serviceHub.signInitialTransaction(builder)
             subFlow(FinalityFlow(tx, setOf(scheduledState.destination)))
         }
     }
-}
\ No newline at end of file
+}
diff --git a/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt b/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt
index f055b468fb..9a09548b82 100644
--- a/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/FinalityHandlerTest.kt
@@ -21,7 +21,7 @@ import org.junit.After
 import org.junit.Test
 
 class FinalityHandlerTest {
-    private lateinit var mockNet: InternalMockNetwork
+    private val mockNet = InternalMockNetwork()
 
     @After
     fun cleanUp() {
@@ -32,8 +32,6 @@ class FinalityHandlerTest {
     fun `sent to flow hospital on error and attempted retry on node restart`() {
         // Setup a network where only Alice has the finance CorDapp and it sends a cash tx to Bob who doesn't have the
         // CorDapp. Bob's FinalityHandler will error when validating the tx.
-        mockNet = InternalMockNetwork()
-
         val alice = mockNet.createNode(InternalMockNodeParameters(legalName = ALICE_NAME, additionalCordapps = setOf(FINANCE_CORDAPP)))
 
         var bob = mockNet.createNode(InternalMockNodeParameters(legalName = BOB_NAME))
@@ -82,8 +80,6 @@ class FinalityHandlerTest {
     }
 
     private fun TestStartedNode.getTransaction(id: SecureHash): SignedTransaction? {
-        return database.transaction {
-            services.validatedTransactions.getTransaction(id)
-        }
+        return services.validatedTransactions.getTransaction(id)
     }
 }
diff --git a/node/src/test/kotlin/net/corda/node/services/ServiceHubConcurrentUsageTest.kt b/node/src/test/kotlin/net/corda/node/services/ServiceHubConcurrentUsageTest.kt
index 4d2b8147b7..df679fcbb5 100644
--- a/node/src/test/kotlin/net/corda/node/services/ServiceHubConcurrentUsageTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/ServiceHubConcurrentUsageTest.kt
@@ -24,8 +24,11 @@ import rx.schedulers.Schedulers
 import java.util.concurrent.CountDownLatch
 
 class ServiceHubConcurrentUsageTest {
-
-    private val mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.finance.schemas", "net.corda.node.services.vault.VaultQueryExceptionsTests", Cash::class.packageName))
+    private val mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages(
+            "net.corda.finance.schemas",
+            "net.corda.node.services.vault.VaultQueryExceptionsTests",
+            Cash::class.packageName
+    ))
 
     @After
     fun stopNodes() {
@@ -34,7 +37,6 @@ class ServiceHubConcurrentUsageTest {
 
     @Test
     fun `operations requiring a transaction work from another thread`() {
-
         val latch = CountDownLatch(1)
         var successful = false
         val initiatingFlow = TestFlow(mockNet.defaultNotaryIdentity)
@@ -57,10 +59,8 @@ class ServiceHubConcurrentUsageTest {
     }
 
     class TestFlow(private val notary: Party) : FlowLogic<SignedTransaction>() {
-
         @Suspendable
         override fun call(): SignedTransaction {
-
             val builder = TransactionBuilder(notary)
             val issuer = ourIdentity.ref(OpaqueBytes.of(0))
             Cash().generateIssue(builder, 10.DOLLARS.issuedBy(issuer), ourIdentity, notary)
@@ -68,4 +68,4 @@ class ServiceHubConcurrentUsageTest {
             return subFlow(FinalityFlow(stx))
         }
     }
-}
\ No newline at end of file
+}
diff --git a/node/src/test/kotlin/net/corda/node/services/events/ScheduledFlowTests.kt b/node/src/test/kotlin/net/corda/node/services/events/ScheduledFlowTests.kt
index c9515977ba..eeb2f0582e 100644
--- a/node/src/test/kotlin/net/corda/node/services/events/ScheduledFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/events/ScheduledFlowTests.kt
@@ -33,7 +33,6 @@ import kotlin.test.assertEquals
 
 class ScheduledFlowTests {
     companion object {
-        const val PAGE_SIZE = 20
         val SORTING = Sort(listOf(Sort.SortColumn(SortAttribute.Standard(Sort.CommonStateAttribute.STATE_REF_TXN_ID), Sort.Direction.DESC)))
     }
 
@@ -168,6 +167,7 @@ class ScheduledFlowTests {
         assertTrue("Expect all states have run the scheduled task", statesFromB.all { it.state.data.processed })
     }
 
-    private fun queryStates(vaultService: VaultService): List<StateAndRef<ScheduledState>> =
-        vaultService.queryBy<ScheduledState>(VaultQueryCriteria(), sorting = SORTING).states
+    private fun queryStates(vaultService: VaultService): List<StateAndRef<ScheduledState>> {
+        return vaultService.queryBy<ScheduledState>(VaultQueryCriteria(), sorting = SORTING).states
+    }
 }
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
index 073800fd0b..5972fcf4df 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
@@ -52,7 +52,7 @@ class NodePair(private val mockNet: InternalMockNetwork) {
 
     @InitiatingFlow
     abstract class AbstractClientLogic<out T>(nodePair: NodePair) : FlowLogic<T>() {
-        protected val server = nodePair.server.info.singleIdentity()
+        private val server = nodePair.server.info.singleIdentity()
         protected abstract fun callImpl(): T
         @Suspendable
         override fun call() = callImpl().also {
@@ -82,9 +82,12 @@ class VaultSoftLockManagerTest {
     private val mockVault = rigorousMock<VaultServiceInternal>().also {
         doNothing().whenever(it).softLockRelease(any(), anyOrNull())
     }
+
     private val mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages(ContractImpl::class.packageName), defaultFactory = { args ->
         object : InternalMockNetwork.MockNode(args) {
-            override fun makeVaultService(keyManagementService: KeyManagementService, services: ServicesForResolution, database: CordaPersistence): VaultServiceInternal {
+            override fun makeVaultService(keyManagementService: KeyManagementService,
+                                          services: ServicesForResolution,
+                                          database: CordaPersistence): VaultServiceInternal {
                 val node = this
                 val realVault = super.makeVaultService(keyManagementService, services, database)
                 return object : VaultServiceInternal by realVault {
@@ -97,13 +100,11 @@ class VaultSoftLockManagerTest {
             }
         }
     })
+
     private val nodePair = NodePair(mockNet)
-    @After
-    fun tearDown() {
-        mockNet.stopNodes()
-    }
 
     object CommandDataImpl : CommandData
+
     class ClientLogic(nodePair: NodePair, val state: ContractState) : NodePair.AbstractClientLogic<List<ContractState>>(nodePair) {
         override fun callImpl() = run {
             subFlow(FinalityFlow(serviceHub.signInitialTransaction(TransactionBuilder(notary = ourIdentity).apply {
@@ -151,6 +152,11 @@ class VaultSoftLockManagerTest {
         verifyNoMoreInteractions(mockVault)
     }
 
+    @After
+    fun tearDown() {
+        mockNet.stopNodes()
+    }
+
     @Test
     fun `plain old state is not soft locked`() = run(false, PlainOldState(nodePair), false)
 
diff --git a/samples/network-verifier/src/main/kotlin/net/corda/verification/TestCommsFlow.kt b/samples/network-verifier/src/main/kotlin/net/corda/verification/TestCommsFlow.kt
index 3437cce254..55a3f66109 100644
--- a/samples/network-verifier/src/main/kotlin/net/corda/verification/TestCommsFlow.kt
+++ b/samples/network-verifier/src/main/kotlin/net/corda/verification/TestCommsFlow.kt
@@ -14,10 +14,9 @@ import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.unwrap
 
-
 @StartableByRPC
 @InitiatingFlow
-class TestCommsFlowInitiator(val x500Name: CordaX500Name? = null) : FlowLogic<List<String>>() {
+class TestCommsFlowInitiator(private val x500Name: CordaX500Name? = null) : FlowLogic<List<String>>() {
 
     object SENDING : ProgressTracker.Step("SENDING")
     object RECIEVED_ALL : ProgressTracker.Step("RECIEVED_ALL")
@@ -42,7 +41,7 @@ class TestCommsFlowInitiator(val x500Name: CordaX500Name? = null) : FlowLogic<Li
                     progressTracker.currentStep = RECIEVED_ALL
                 }
         val tx = TransactionBuilder(notary = serviceHub.networkMapCache.notaryIdentities.first())
-        tx.addOutputState(CommsTestState(responses, serviceHub.myInfo.legalIdentities.first()), CommsTestContract::class.qualifiedName!!)
+        tx.addOutputState(CommsTestState(responses, serviceHub.myInfo.legalIdentities.first()), CommsTestContract::class.java.name)
         tx.addCommand(CommsTestCommand, serviceHub.myInfo.legalIdentities.first().owningKey)
         val signedTx = serviceHub.signInitialTransaction(tx)
         subFlow(FinalityFlow(signedTx))
@@ -55,27 +54,23 @@ class TestCommsFlowInitiator(val x500Name: CordaX500Name? = null) : FlowLogic<Li
 }
 
 @InitiatedBy(TestCommsFlowInitiator::class)
-class TestCommsFlowResponder(val otherSideSession: FlowSession) : FlowLogic<Unit>() {
+class TestCommsFlowResponder(private val otherSideSession: FlowSession) : FlowLogic<Unit>() {
     @Suspendable
     override fun call() {
         otherSideSession.send("Hello from: " + serviceHub.myInfo.legalIdentities.first().name.toString())
     }
-
 }
 
 @CordaSerializable
 data class CommsTestState(val responses: List<String>, val issuer: AbstractParty) : ContractState {
     override val participants: List<AbstractParty>
         get() = listOf(issuer)
-
 }
 
-
 @CordaSerializable
 object CommsTestCommand : CommandData
 
-
 class CommsTestContract : Contract {
     override fun verify(tx: LedgerTransaction) {
     }
-}
\ No newline at end of file
+}
diff --git a/samples/network-verifier/src/main/kotlin/net/corda/verification/TestNotaryFlow.kt b/samples/network-verifier/src/main/kotlin/net/corda/verification/TestNotaryFlow.kt
index 1dd423ff40..febc4fcfce 100644
--- a/samples/network-verifier/src/main/kotlin/net/corda/verification/TestNotaryFlow.kt
+++ b/samples/network-verifier/src/main/kotlin/net/corda/verification/TestNotaryFlow.kt
@@ -13,7 +13,6 @@ import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.ProgressTracker
 import co.paralleluniverse.fibers.Suspendable
 
-
 @StartableByRPC
 class TestNotaryFlow : FlowLogic<String>() {
 
@@ -28,38 +27,34 @@ class TestNotaryFlow : FlowLogic<String>() {
     override fun call(): String {
         val issueBuilder = TransactionBuilder()
         val notary = serviceHub.networkMapCache.notaryIdentities.first()
-        issueBuilder.notary = notary;
+        issueBuilder.notary = notary
         val myIdentity = serviceHub.myInfo.legalIdentities.first()
-        issueBuilder.addOutputState(NotaryTestState(notary.name.toString(), myIdentity), NotaryTestContract::class.qualifiedName!!)
+        issueBuilder.addOutputState(NotaryTestState(notary.name.toString(), myIdentity), NotaryTestContract::class.java.name)
         issueBuilder.addCommand(NotaryTestCommand, myIdentity.owningKey)
         val signedTx = serviceHub.signInitialTransaction(issueBuilder)
         val issueResult = subFlow(FinalityFlow(signedTx))
         progressTracker.currentStep = ISSUED
         val destroyBuilder = TransactionBuilder()
-        destroyBuilder.notary = notary;
+        destroyBuilder.notary = notary
         destroyBuilder.addInputState(issueResult.tx.outRefsOfType<NotaryTestState>().first())
         destroyBuilder.addCommand(NotaryTestCommand, myIdentity.owningKey)
         val signedDestroyT = serviceHub.signInitialTransaction(destroyBuilder)
         val result = subFlow(FinalityFlow(signedDestroyT))
         progressTracker.currentStep = DESTROYING
         progressTracker.currentStep = FINALIZED
-        return "notarised: " + result.notary.toString() + "::" + result.tx.id
+        return "notarised: ${result.notary}::${result.tx.id}"
     }
 }
 
-
 @CordaSerializable
 data class NotaryTestState(val id: String, val issuer: AbstractParty) : ContractState {
     override val participants: List<AbstractParty>
         get() = listOf(issuer)
-
 }
 
-
 @CordaSerializable
 object NotaryTestCommand : CommandData
 
-
 class NotaryTestContract : Contract {
     override fun verify(tx: LedgerTransaction) {
     }

From 380a942954f0b632bad4aa20e933cf468f56f6e5 Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Mon, 15 Oct 2018 13:44:02 +0100
Subject: [PATCH 46/83] CORDA-2030: Prevent kotlin-stdlib-jre8 from becoming an
 accidental transitive dependency. (#4073)

---
 node/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/build.gradle b/node/build.gradle
index b100797903..c0a64db26b 100644
--- a/node/build.gradle
+++ b/node/build.gradle
@@ -79,7 +79,7 @@ dependencies {
     compile "org.slf4j:jul-to-slf4j:$slf4j_version"
 
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
-    runtime "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
+    runtimeOnly "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
     compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
     testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
 

From 1f835a349619408cd4f237a53511501bee5b1679 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@r3.com>
Date: Mon, 15 Oct 2018 15:01:51 +0100
Subject: [PATCH 47/83] Add package namespace ownership design doc to toc tree

---
 docs/source/index.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/source/index.rst b/docs/source/index.rst
index 9aaaeaaf73..8e191c699e 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -83,6 +83,7 @@ We look forward to seeing what you can do with Corda!
    design/sgx-infrastructure/design.md
    design/threat-model/corda-threat-model.md
    design/data-model-upgrades/signature-constraints.md
+   design/data-model-upgrades/package-namespace-ownership.md
 
 .. conditional-toctree::
    :caption: Participate

From 2248f54f9f94b0bd29f03b1a16c7544b78cafeaf Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Mon, 15 Oct 2018 19:51:28 +0100
Subject: [PATCH 48/83] CORDA-2096: Migrate finance test classes into .test
 sub-packages. (#4079)

---
 .../finance/compat/CashExceptionSerialisationTest.kt | 10 +---------
 .../flows/{ => test}/CashConfigDataFlowTest.kt       |  7 +++++--
 .../asset/{ => test}/DummyFungibleContract.kt        | 11 ++++++-----
 .../finance/flows/test/CashExceptionThrowingFlow.kt  | 12 ++++++++++++
 .../finance/schemas/{ => test}/SampleCashSchemaV1.kt |  2 +-
 .../finance/schemas/{ => test}/SampleCashSchemaV2.kt |  2 +-
 .../finance/schemas/{ => test}/SampleCashSchemaV3.kt |  2 +-
 .../{ => test}/SampleCommercialPaperSchemaV1.kt      |  2 +-
 .../{ => test}/SampleCommercialPaperSchemaV2.kt      |  2 +-
 .../node/services/vault/VaultQueryJavaTests.java     |  2 +-
 .../persistence/HibernateConfigurationTest.kt        |  8 ++++----
 .../node/services/vault/VaultQueryExceptionsTests.kt |  3 +--
 .../net/corda/node/services/vault/VaultQueryTests.kt |  4 ++--
 13 files changed, 37 insertions(+), 30 deletions(-)
 rename finance/src/integration-test/kotlin/net/corda/finance/flows/{ => test}/CashConfigDataFlowTest.kt (74%)
 rename finance/src/test/kotlin/net/corda/finance/contracts/asset/{ => test}/DummyFungibleContract.kt (95%)
 create mode 100644 finance/src/test/kotlin/net/corda/finance/flows/test/CashExceptionThrowingFlow.kt
 rename finance/src/test/kotlin/net/corda/finance/schemas/{ => test}/SampleCashSchemaV1.kt (97%)
 rename finance/src/test/kotlin/net/corda/finance/schemas/{ => test}/SampleCashSchemaV2.kt (97%)
 rename finance/src/test/kotlin/net/corda/finance/schemas/{ => test}/SampleCashSchemaV3.kt (97%)
 rename finance/src/test/kotlin/net/corda/finance/schemas/{ => test}/SampleCommercialPaperSchemaV1.kt (98%)
 rename finance/src/test/kotlin/net/corda/finance/schemas/{ => test}/SampleCommercialPaperSchemaV2.kt (98%)

diff --git a/finance/src/integration-test/kotlin/net/corda/finance/compat/CashExceptionSerialisationTest.kt b/finance/src/integration-test/kotlin/net/corda/finance/compat/CashExceptionSerialisationTest.kt
index ad7ac19fc8..cd6efc7f2d 100644
--- a/finance/src/integration-test/kotlin/net/corda/finance/compat/CashExceptionSerialisationTest.kt
+++ b/finance/src/integration-test/kotlin/net/corda/finance/compat/CashExceptionSerialisationTest.kt
@@ -1,10 +1,9 @@
 package net.corda.finance.compat
 
-import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.StartableByRPC
 import net.corda.core.messaging.startFlow
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.flows.CashException
+import net.corda.finance.flows.test.CashExceptionThrowingFlow
 import net.corda.node.services.Permissions.Companion.all
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
@@ -26,10 +25,3 @@ class CashExceptionSerialisationTest {
         }
     }
 }
-
-@StartableByRPC
-class CashExceptionThrowingFlow : FlowLogic<Unit>() {
-    override fun call() {
-        throw CashException("BOOM!", IllegalStateException("Nope dude!"))
-    }
-}
\ No newline at end of file
diff --git a/finance/src/integration-test/kotlin/net/corda/finance/flows/CashConfigDataFlowTest.kt b/finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt
similarity index 74%
rename from finance/src/integration-test/kotlin/net/corda/finance/flows/CashConfigDataFlowTest.kt
rename to finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt
index 4c9374075c..77316c148e 100644
--- a/finance/src/integration-test/kotlin/net/corda/finance/flows/CashConfigDataFlowTest.kt
+++ b/finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt
@@ -1,9 +1,10 @@
-package net.corda.finance.flows
+package net.corda.finance.flows.test
 
 import net.corda.core.messaging.startFlow
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.EUR
 import net.corda.finance.USD
+import net.corda.finance.flows.CashConfigDataFlow
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
 import org.assertj.core.api.Assertions.assertThat
@@ -12,7 +13,9 @@ import org.junit.Test
 class CashConfigDataFlowTest {
     @Test
     fun `issuable currencies are read in from node config`() {
-        driver(DriverParameters(notarySpecs = emptyList())) {
+        driver(DriverParameters(
+                extraCordappPackagesToScan = listOf("net.corda.finance.flows"),
+                notarySpecs = emptyList())) {
             val node = startNode(customOverrides = mapOf("custom" to mapOf("issuableCurrencies" to listOf("EUR", "USD")))).getOrThrow()
             val config = node.rpc.startFlow(::CashConfigDataFlow).returnValue.getOrThrow()
             assertThat(config.issuableCurrencies).containsExactly(EUR, USD)
diff --git a/finance/src/test/kotlin/net/corda/finance/contracts/asset/DummyFungibleContract.kt b/finance/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
similarity index 95%
rename from finance/src/test/kotlin/net/corda/finance/contracts/asset/DummyFungibleContract.kt
rename to finance/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
index 2b6b79d9a6..aec5b1f088 100644
--- a/finance/src/test/kotlin/net/corda/finance/contracts/asset/DummyFungibleContract.kt
+++ b/finance/src/test/kotlin/net/corda/finance/contracts/asset/test/DummyFungibleContract.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.contracts.asset
+package net.corda.finance.contracts.asset.test
 
 import net.corda.core.contracts.*
 import net.corda.core.crypto.toStringShort
@@ -8,9 +8,10 @@ import net.corda.core.schemas.MappedSchema
 import net.corda.core.schemas.PersistentState
 import net.corda.core.schemas.QueryableState
 import net.corda.core.transactions.LedgerTransaction
-import net.corda.finance.schemas.SampleCashSchemaV1
-import net.corda.finance.schemas.SampleCashSchemaV2
-import net.corda.finance.schemas.SampleCashSchemaV3
+import net.corda.finance.contracts.asset.OnLedgerAsset
+import net.corda.finance.schemas.test.SampleCashSchemaV1
+import net.corda.finance.schemas.test.SampleCashSchemaV2
+import net.corda.finance.schemas.test.SampleCashSchemaV3
 import net.corda.finance.utils.sumCash
 import net.corda.finance.utils.sumCashOrNull
 import net.corda.finance.utils.sumCashOrZero
@@ -18,7 +19,7 @@ import java.security.PublicKey
 import java.util.*
 
 class DummyFungibleContract : OnLedgerAsset<Currency, DummyFungibleContract.Commands, DummyFungibleContract.State>() {
-    override fun extractCommands(commands: Collection<CommandWithParties<CommandData>>): List<CommandWithParties<DummyFungibleContract.Commands>>
+    override fun extractCommands(commands: Collection<CommandWithParties<CommandData>>): List<CommandWithParties<Commands>>
             = commands.select()
 
     data class State(
diff --git a/finance/src/test/kotlin/net/corda/finance/flows/test/CashExceptionThrowingFlow.kt b/finance/src/test/kotlin/net/corda/finance/flows/test/CashExceptionThrowingFlow.kt
new file mode 100644
index 0000000000..a8e03cd67f
--- /dev/null
+++ b/finance/src/test/kotlin/net/corda/finance/flows/test/CashExceptionThrowingFlow.kt
@@ -0,0 +1,12 @@
+package net.corda.finance.flows.test
+
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.StartableByRPC
+import net.corda.finance.flows.CashException
+
+@StartableByRPC
+class CashExceptionThrowingFlow : FlowLogic<Unit>() {
+    override fun call() {
+        throw CashException("BOOM!", IllegalStateException("Nope dude!"))
+    }
+}
diff --git a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV1.kt b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV1.kt
similarity index 97%
rename from finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV1.kt
rename to finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV1.kt
index 86efb2c5c5..b3b1262803 100644
--- a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV1.kt
+++ b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV1.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas
+package net.corda.finance.schemas.test
 
 import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.schemas.MappedSchema
diff --git a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV2.kt b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV2.kt
similarity index 97%
rename from finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV2.kt
rename to finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV2.kt
index a17f863841..ba6473f4b8 100644
--- a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV2.kt
+++ b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV2.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas
+package net.corda.finance.schemas.test
 
 import net.corda.core.identity.AbstractParty
 import net.corda.core.schemas.CommonSchemaV1
diff --git a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV3.kt b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV3.kt
similarity index 97%
rename from finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV3.kt
rename to finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV3.kt
index 987210cd84..eded7dfbdf 100644
--- a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCashSchemaV3.kt
+++ b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCashSchemaV3.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas
+package net.corda.finance.schemas.test
 
 import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.identity.AbstractParty
diff --git a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCommercialPaperSchemaV1.kt b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV1.kt
similarity index 98%
rename from finance/src/test/kotlin/net/corda/finance/schemas/SampleCommercialPaperSchemaV1.kt
rename to finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV1.kt
index 236d96fdd5..e7f5fa0def 100644
--- a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCommercialPaperSchemaV1.kt
+++ b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV1.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas
+package net.corda.finance.schemas.test
 
 import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.schemas.MappedSchema
diff --git a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCommercialPaperSchemaV2.kt b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV2.kt
similarity index 98%
rename from finance/src/test/kotlin/net/corda/finance/schemas/SampleCommercialPaperSchemaV2.kt
rename to finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV2.kt
index 9eeac47cc0..eacd846df5 100644
--- a/finance/src/test/kotlin/net/corda/finance/schemas/SampleCommercialPaperSchemaV2.kt
+++ b/finance/src/test/kotlin/net/corda/finance/schemas/test/SampleCommercialPaperSchemaV2.kt
@@ -1,4 +1,4 @@
-package net.corda.finance.schemas
+package net.corda.finance.schemas.test
 
 import net.corda.core.contracts.MAX_ISSUER_REF_SIZE
 import net.corda.core.identity.AbstractParty
diff --git a/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java b/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java
index 6ccb168d58..9472c5b330 100644
--- a/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java
+++ b/node/src/test/java/net/corda/node/services/vault/VaultQueryJavaTests.java
@@ -19,7 +19,7 @@ import net.corda.core.node.services.vault.QueryCriteria.VaultQueryCriteria;
 import net.corda.finance.contracts.DealState;
 import net.corda.finance.contracts.asset.Cash;
 import net.corda.finance.schemas.CashSchemaV1;
-import net.corda.finance.schemas.SampleCashSchemaV2;
+import net.corda.finance.schemas.test.SampleCashSchemaV2;
 import net.corda.node.services.api.IdentityServiceInternal;
 import net.corda.nodeapi.internal.persistence.CordaPersistence;
 import net.corda.nodeapi.internal.persistence.DatabaseTransaction;
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
index dc1867bf19..72071192cd 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
@@ -23,11 +23,11 @@ import net.corda.finance.DOLLARS
 import net.corda.finance.POUNDS
 import net.corda.finance.SWISS_FRANCS
 import net.corda.finance.contracts.asset.Cash
-import net.corda.finance.contracts.asset.DummyFungibleContract
+import net.corda.finance.contracts.asset.test.DummyFungibleContract
 import net.corda.finance.schemas.CashSchemaV1
-import net.corda.finance.schemas.SampleCashSchemaV1
-import net.corda.finance.schemas.SampleCashSchemaV2
-import net.corda.finance.schemas.SampleCashSchemaV3
+import net.corda.finance.schemas.test.SampleCashSchemaV1
+import net.corda.finance.schemas.test.SampleCashSchemaV2
+import net.corda.finance.schemas.test.SampleCashSchemaV3
 import net.corda.finance.utils.sumCash
 import net.corda.node.internal.configureDatabase
 import net.corda.node.services.api.IdentityServiceInternal
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt
index 9d3cb8a5f8..137de148c0 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryExceptionsTests.kt
@@ -6,8 +6,7 @@ import net.corda.core.node.services.vault.*
 import net.corda.core.node.services.vault.QueryCriteria.*
 import net.corda.finance.*
 import net.corda.finance.contracts.asset.Cash
-import net.corda.finance.schemas.SampleCashSchemaV3
-import net.corda.finance.schemas.CashSchemaV1
+import net.corda.finance.schemas.test.SampleCashSchemaV3
 import net.corda.testing.core.*
 import net.corda.testing.internal.vault.DummyLinearStateSchemaV1
 import org.assertj.core.api.Assertions.assertThatThrownBy
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
index 99010acca7..d7f890a7ab 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
@@ -22,8 +22,8 @@ import net.corda.finance.contracts.asset.cash.selection.AbstractCashSelection
 import net.corda.finance.schemas.CashSchemaV1
 import net.corda.finance.schemas.CashSchemaV1.PersistentCashState
 import net.corda.finance.schemas.CommercialPaperSchemaV1
-import net.corda.finance.schemas.SampleCashSchemaV2
-import net.corda.finance.schemas.SampleCashSchemaV3
+import net.corda.finance.schemas.test.SampleCashSchemaV2
+import net.corda.finance.schemas.test.SampleCashSchemaV3
 import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig

From 47068e6b7ad0afb3ed8df61a429470f19331b7b5 Mon Sep 17 00:00:00 2001
From: Florian Friemel <florian.friemel@r3.com>
Date: Mon, 15 Oct 2018 21:11:52 +0100
Subject: [PATCH 49/83] [CORDA-2077] Use latest gradle plugin version (4.0.32),
 set target version in core and sample CorDapps (#4038)

* Upgrade gradle plugin; add target version attribute to finance and sample cordapps.
* Remove '-SNAPSHOT' from gradlePluginsVersion.
* Fix naming.
* Update docs.
* Respond to feedback.
* Fix irs demo
* Fix more samples
* Fix more samples
* Fix deployNodes
* Fix deployNodes
* more fixes
* fix simm valuation
* more fixes
* more fixes
* more fixes
* more fixes
* Publication should have *nothing* to do with cordformation and deployNodes.
Remove it! And if this exposes a bug then "so be it".
* Disable CorDapp signing for Cordapp Configuration and Network Verifier.
* Disable CorDapp signing for SIMM Valuation Demo.
* Remove remaining publishing nonsense from samples.
* Workarounds fpr cordapp-configuration, network-verifier and simm-valuation-demo:
JarSigner rejects jars with duplicates inside, so remove them.
* Upgrade to Gradle plugin 4.0.32 and reenable CorDapp signing for samples.
---
 constants.properties                          |  2 +-
 docs/source/cordapp-build-systems.rst         | 18 ++++++++--
 experimental/notary-bft-smart/build.gradle    | 10 ++++++
 experimental/notary-raft/build.gradle         |  9 +++++
 finance/build.gradle                          |  2 ++
 samples/attachment-demo/build.gradle          | 32 ++++++++---------
 samples/bank-of-corda-demo/build.gradle       | 31 ++++++++---------
 samples/cordapp-configuration/build.gradle    | 27 ++++++++++-----
 .../corda/configsample/GetStringConfigFlow.kt | 25 ++++++++++++++
 samples/irs-demo/build.gradle                 |  1 -
 samples/irs-demo/cordapp/build.gradle         | 24 ++++++++-----
 samples/network-verifier/build.gradle         | 23 +++++++++----
 samples/notary-demo/build.gradle              | 24 +++++++++----
 samples/simm-valuation-demo/build.gradle      | 17 ++++++++--
 .../contracts-states/build.gradle             |  6 ++++
 .../simm-valuation-demo/flows/build.gradle    |  4 +++
 samples/trader-demo/build.gradle              | 34 ++++++++-----------
 17 files changed, 199 insertions(+), 90 deletions(-)

diff --git a/constants.properties b/constants.properties
index d472994d01..5bc1a09cd5 100644
--- a/constants.properties
+++ b/constants.properties
@@ -1,4 +1,4 @@
-gradlePluginsVersion=4.0.29
+gradlePluginsVersion=4.0.32
 kotlinVersion=1.2.51
 # ***************************************************************#
 # When incrementing platformVersion make sure to update          #
diff --git a/docs/source/cordapp-build-systems.rst b/docs/source/cordapp-build-systems.rst
index af785ae777..7ca31b2b1a 100644
--- a/docs/source/cordapp-build-systems.rst
+++ b/docs/source/cordapp-build-systems.rst
@@ -198,11 +198,23 @@ CorDapps can advertise their minimum and target platform version. The minimum pl
 
 .. sourcecode:: groovy
 
-    'Min-Platform-Version': 3
+    'Min-Platform-Version': 4
     'Target-Platform-Version': 4
 
+Using the `cordapp` Gradle plugin, this can be achieved by putting this in your CorDapp's `build.gradle`:
 
-In gradle, this can be achieved by modifying the jar task as shown in this example:
+.. container:: codeset
+
+    .. sourcecode:: groovy
+
+        cordapp {
+            info {
+                targetPlatformVersion 4
+                minimumPlatformVersion 4
+            }
+        }
+
+Without using the `cordapp` plugin, you can achieve the same by modifying the jar task as shown in this example:
 
 .. container:: codeset
 
@@ -211,7 +223,7 @@ In gradle, this can be achieved by modifying the jar task as shown in this examp
         jar {
             manifest {
                 attributes(
-                        'Min-Platform-Version': 3
+                        'Min-Platform-Version': 4
                         'Target-Platform-Version': 4
                 )
             }
diff --git a/experimental/notary-bft-smart/build.gradle b/experimental/notary-bft-smart/build.gradle
index b4ff48b444..bcd0614686 100644
--- a/experimental/notary-bft-smart/build.gradle
+++ b/experimental/notary-bft-smart/build.gradle
@@ -33,3 +33,13 @@ idea {
 publish {
     name 'corda-notary-bft-smart'
 }
+
+
+cordapp {
+    info {
+        name "net/corda/experimental/notary-bft-smart"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/experimental/notary-raft/build.gradle b/experimental/notary-raft/build.gradle
index b07659ef2f..fc6a1894da 100644
--- a/experimental/notary-raft/build.gradle
+++ b/experimental/notary-raft/build.gradle
@@ -33,3 +33,12 @@ idea {
 publish {
     name 'corda-notary-raft'
 }
+
+cordapp {
+    info {
+        name "net/corda/experimental/notary-raft"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/finance/build.gradle b/finance/build.gradle
index b55819f201..be028830eb 100644
--- a/finance/build.gradle
+++ b/finance/build.gradle
@@ -87,6 +87,8 @@ cordapp {
     info {
         name "net/corda/finance"
         vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
     }
 }
 
diff --git a/samples/attachment-demo/build.gradle b/samples/attachment-demo/build.gradle
index 71fbfe48d7..7629c833fa 100644
--- a/samples/attachment-demo/build.gradle
+++ b/samples/attachment-demo/build.gradle
@@ -1,11 +1,8 @@
-apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.quasar-utils'
-apply plugin: 'net.corda.plugins.publish-utils'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.cordformation'
-apply plugin: 'maven-publish'
 
 sourceSets {
     integrationTest {
@@ -27,14 +24,16 @@ dependencies {
     testCompile "junit:junit:$junit_version"
 
     // Corda integration dependencies
-    cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
-    cordaCompile project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
     cordaCompile project(':core')
     cordaCompile project(':webserver')
     cordaCompile project(':node-driver')
 }
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     ext.rpcUsers = [['username': "demo", 'password': "demo", 'permissions': ["StartFlow.net.corda.attachmentdemo.AttachmentDemoFlow",
                                                                              "InvokeRpc.wellKnownPartyFromX500Name",
                                                                              "InvokeRpc.attachmentExists",
@@ -92,18 +91,6 @@ idea {
     }
 }
 
-publishing {
-    publications {
-        jarAndSources(MavenPublication) {
-            from components.java
-            artifactId 'attachmentdemo'
-
-            artifact sourceJar
-            artifact javadocJar
-        }
-    }
-}
-
 task runSender(type: JavaExec) {
     classpath = sourceSets.main.runtimeClasspath
     main = 'net.corda.attachmentdemo.AttachmentDemoKt'
@@ -125,3 +112,12 @@ jar {
         )
     }
 }
+
+cordapp {
+    info {
+        name "net/corda/samples/attachment-demo"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/samples/bank-of-corda-demo/build.gradle b/samples/bank-of-corda-demo/build.gradle
index c05f0172e3..0990cc5987 100644
--- a/samples/bank-of-corda-demo/build.gradle
+++ b/samples/bank-of-corda-demo/build.gradle
@@ -2,10 +2,8 @@ apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.quasar-utils'
-apply plugin: 'net.corda.plugins.publish-utils'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.cordformation'
-apply plugin: 'maven-publish'
 
 dependencies {
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
@@ -14,8 +12,8 @@ dependencies {
     cordapp project(':finance')
 
     // Corda integration dependencies
-    cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
-    cordaCompile project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
     cordaCompile project(':core')
     cordaCompile project(':client:jfx')
     cordaCompile project(':client:rpc')
@@ -32,7 +30,9 @@ dependencies {
     testCompile "junit:junit:$junit_version"
 }
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     nodeDefaults {
         cordapp project(':finance')
     }
@@ -82,18 +82,6 @@ idea {
     }
 }
 
-publishing {
-    publications {
-        jarAndSources(MavenPublication) {
-            from components.java
-            artifactId 'bankofcorda'
-
-            artifact sourceJar
-            artifact javadocJar
-        }
-    }
-}
-
 task runRPCCashIssue(type: JavaExec) {
     classpath = sourceSets.main.runtimeClasspath
     main = 'net.corda.bank.IssueCash'
@@ -123,3 +111,12 @@ jar {
         )
     }
 }
+
+cordapp {
+    info {
+        name "net/corda/samples/bank-of-corda-demo"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/samples/cordapp-configuration/build.gradle b/samples/cordapp-configuration/build.gradle
index b1f121b9d1..2203482080 100644
--- a/samples/cordapp-configuration/build.gradle
+++ b/samples/cordapp-configuration/build.gradle
@@ -1,17 +1,20 @@
 apply plugin: 'kotlin'
-apply plugin: 'java'
+apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.cordformation'
 
 dependencies {
-    cordaCompile project(":core")
-    cordaCompile project(":node-api")
-    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
-    cordaRuntime project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
+    cordaCompile project(':core')
+    cordaCompile project(':node-api')
     runtimeOnly "org.apache.logging.log4j:log4j-slf4j-impl:$log4j_version"
+
+    // Corda integration dependencies
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
 }
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     directory file("$buildDir/nodes")
     nodeDefaults {
         cordapps = []
@@ -25,7 +28,6 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
             port 10003
             adminPort 10004
         }
-        rpcUsers = []
         extraConfig = ['h2Settings.address' : 'localhost:10005']
     }
     node {
@@ -54,4 +56,13 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
         }
         extraConfig = ['h2Settings.address' : 'localhost:10013']
     }
-}
\ No newline at end of file
+}
+
+cordapp {
+    info {
+        name "net/corda/samples/cordapp-configuration"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/samples/cordapp-configuration/src/main/kotlin/net/corda/configsample/GetStringConfigFlow.kt b/samples/cordapp-configuration/src/main/kotlin/net/corda/configsample/GetStringConfigFlow.kt
index 7fbbaeff77..87cafce820 100644
--- a/samples/cordapp-configuration/src/main/kotlin/net/corda/configsample/GetStringConfigFlow.kt
+++ b/samples/cordapp-configuration/src/main/kotlin/net/corda/configsample/GetStringConfigFlow.kt
@@ -1,8 +1,14 @@
 package net.corda.configsample
 
 import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.contracts.CommandData
+import net.corda.core.contracts.Contract
+import net.corda.core.contracts.ContractState
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.StartableByRPC
+import net.corda.core.identity.AbstractParty
+import net.corda.core.serialization.CordaSerializable
+import net.corda.core.transactions.LedgerTransaction
 import net.corda.core.utilities.ProgressTracker
 
 @StartableByRPC
@@ -17,3 +23,22 @@ class GetStringConfigFlow(private val configKey: String) : FlowLogic<String>() {
         return config.getString(configKey)
     }
 }
+
+
+
+@CordaSerializable
+data class GetStringTestState(val responses: List<String>, val issuer: AbstractParty) : ContractState {
+    override val participants: List<AbstractParty>
+        get() = listOf(issuer)
+
+}
+
+
+@CordaSerializable
+object GetStringTestCommand : CommandData
+
+
+class GetStringTestContract : Contract {
+    override fun verify(tx: LedgerTransaction) {
+    }
+}
\ No newline at end of file
diff --git a/samples/irs-demo/build.gradle b/samples/irs-demo/build.gradle
index f1fb1ef397..74bb3241a3 100644
--- a/samples/irs-demo/build.gradle
+++ b/samples/irs-demo/build.gradle
@@ -21,7 +21,6 @@ ext['jackson.version'] = "$jackson_version"
 ext['dropwizard-metrics.version'] = "$metrics_version"
 ext['mockito.version'] = "$mockito_version"
 
-apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'org.springframework.boot'
diff --git a/samples/irs-demo/cordapp/build.gradle b/samples/irs-demo/cordapp/build.gradle
index fba2b8f523..0359cc52d1 100644
--- a/samples/irs-demo/cordapp/build.gradle
+++ b/samples/irs-demo/cordapp/build.gradle
@@ -1,11 +1,8 @@
-apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.quasar-utils'
-apply plugin: 'net.corda.plugins.publish-utils'
 apply plugin: 'net.corda.plugins.cordformation'
 apply plugin: 'net.corda.plugins.cordapp'
-apply plugin: 'maven-publish'
 apply plugin: 'application'
 
 mainClassName = 'net.corda.irs.IRSDemo'
@@ -31,7 +28,7 @@ dependencies {
     cordapp project(':finance')
 
     // Corda integration dependencies
-    cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
     cordaCompile project(':core')
 
     // Cordapp dependencies
@@ -57,7 +54,8 @@ def rpcUsersList = [
          ]]
 ]
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask]) {
 
     node {
         name "O=Notary Service,L=Zurich,C=CH"
@@ -112,7 +110,7 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
 
 }
 
-task prepareDockerNodes(type: net.corda.plugins.Dockerform, dependsOn: ['jar']) {
+task prepareDockerNodes(type: net.corda.plugins.Dockerform, dependsOn: ['jar', nodeTask]) {
 
     node {
         name "O=Notary Service,L=Zurich,C=CH"
@@ -159,15 +157,25 @@ tasks.withType(CreateStartScripts).each { task ->
 
 idea {
     module {
-        downloadJavadoc = true // defaults to false
+        downloadJavadoc = true
         downloadSources = true
     }
 }
 
 jar {
     from sourceSets.test.output
+    duplicatesStrategy = DuplicatesStrategy.EXCLUDE
 }
 
 artifacts {
     demoArtifacts jar
-}
\ No newline at end of file
+}
+
+cordapp {
+    info {
+        name "net/corda/irs-demo"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/samples/network-verifier/build.gradle b/samples/network-verifier/build.gradle
index 0245d6027f..eea17b8ae2 100644
--- a/samples/network-verifier/build.gradle
+++ b/samples/network-verifier/build.gradle
@@ -1,18 +1,20 @@
 apply plugin: 'kotlin'
-apply plugin: 'java'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.cordformation'
 
 dependencies {
-    cordaCompile project(":core")
-    cordaCompile project(":node-api")
-    cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
+    cordaCompile project(':core')
+    cordaCompile project(':node-api')
 
     testCompile project(":test-utils")
     testCompile "junit:junit:$junit_version"
+
+    // Corda integration dependencies
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
 }
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask]) {
     ext.rpcUsers = [['username': "default", 'password': "default", 'permissions': [ 'ALL' ]]]
 
     directory "./build/nodes"
@@ -48,4 +50,13 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
         }
         extraConfig = ['h2Settings.address' : 'localhost:0']
     }
-}
\ No newline at end of file
+}
+
+cordapp {
+    info {
+        name "net/corda/samples/network-verifier"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/samples/notary-demo/build.gradle b/samples/notary-demo/build.gradle
index acf513708c..ad7f9110e1 100644
--- a/samples/notary-demo/build.gradle
+++ b/samples/notary-demo/build.gradle
@@ -16,8 +16,8 @@ dependencies {
     compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
 
     // Corda integration dependencies
-    cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
-    cordaCompile project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
     cordaCompile project(':core')
     cordaCompile project(':client:jfx')
     cordaCompile project(':client:rpc')
@@ -28,9 +28,12 @@ dependencies {
     cordapp project(':experimental:notary-bft-smart')
 }
 
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
+
 task deployNodes(dependsOn: ['deployNodesSingle', 'deployNodesRaft', 'deployNodesBFT', 'deployNodesCustom'])
 
-task deployNodesSingle(type: Cordform, dependsOn: 'jar') {
+task deployNodesSingle(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     directory file("$buildDir/nodes/nodesSingle")
     nodeDefaults {
         extraConfig = [h2Settings: [address: "localhost:0"]]
@@ -55,7 +58,7 @@ task deployNodesSingle(type: Cordform, dependsOn: 'jar') {
     }
 }
 
-task deployNodesCustom(type: Cordform, dependsOn: 'jar') {
+task deployNodesCustom(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     directory file("$buildDir/nodes/nodesCustom")
     nodeDefaults {
         extraConfig = [h2Settings: [address: "localhost:0"]]
@@ -83,7 +86,7 @@ task deployNodesCustom(type: Cordform, dependsOn: 'jar') {
     }
 }
 
-task deployNodesRaft(type: Cordform, dependsOn: 'jar') {
+task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     def className = "net.corda.notary.raft.RaftNotaryService"
     directory file("$buildDir/nodes/nodesRaft")
     nodeDefaults {
@@ -151,7 +154,7 @@ task deployNodesRaft(type: Cordform, dependsOn: 'jar') {
     }
 }
 
-task deployNodesBFT(type: Cordform, dependsOn: 'jar') {
+task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     def clusterAddresses = ["localhost:11000", "localhost:11010", "localhost:11020", "localhost:11030"]
     def className = "net.corda.notary.bftsmart.BftSmartNotaryService"
     directory file("$buildDir/nodes/nodesBFT")
@@ -250,3 +253,12 @@ jar {
         )
     }
 }
+
+cordapp {
+    info {
+        name "net/corda/samples/notary-demo"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}
diff --git a/samples/simm-valuation-demo/build.gradle b/samples/simm-valuation-demo/build.gradle
index 8fc1e65c05..27a7b83e1b 100644
--- a/samples/simm-valuation-demo/build.gradle
+++ b/samples/simm-valuation-demo/build.gradle
@@ -4,7 +4,6 @@ allprojects {
     }
 }
 
-apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.quasar-utils'
@@ -27,7 +26,7 @@ configurations {
 }
 
 dependencies {
-    compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+    cordaCompile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
 
     // The SIMM demo CorDapp depends upon Cash CorDapp features
     cordapp project(':finance')
@@ -62,7 +61,9 @@ dependencies {
     testCompile "org.assertj:assertj-core:$assertj_version"
 }
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     directory file("$buildDir/nodes")
     nodeDefaults {
         cordapp project(':finance')
@@ -70,6 +71,9 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
         cordapp project(':samples:simm-valuation-demo:flows')
         rpcUsers = [['username': "default", 'password': "default", 'permissions': [ 'ALL' ]]]
     }
+    signing {
+        enabled false
+    }
     node {
         name "O=Notary Service,L=Zurich,C=CH"
         notary = [validating : true]
@@ -137,3 +141,10 @@ task integrationTest(type: Test, dependsOn: []) {
     testClassesDirs = sourceSets.integrationTest.output.classesDirs
     classpath = sourceSets.integrationTest.runtimeClasspath
 }
+
+cordapp {
+    info {
+        vendor = 'R3'
+        targetPlatformVersion = corda_platform_version.toInteger()
+    }
+}
diff --git a/samples/simm-valuation-demo/contracts-states/build.gradle b/samples/simm-valuation-demo/contracts-states/build.gradle
index 146966bbee..2849ad30ff 100644
--- a/samples/simm-valuation-demo/contracts-states/build.gradle
+++ b/samples/simm-valuation-demo/contracts-states/build.gradle
@@ -6,6 +6,12 @@ def shrinkJar = file("$buildDir/libs/${project.name}-${project.version}-tiny.jar
 cordapp {
     info {
         vendor = 'R3'
+        targetPlatformVersion = corda_platform_version.toInteger()
+    }
+    signing {
+        // We need to sign the output of the "shrink" task,
+        // but the jar signer doesn't support that yet.
+        enabled false
     }
 }
 
diff --git a/samples/simm-valuation-demo/flows/build.gradle b/samples/simm-valuation-demo/flows/build.gradle
index fd3b512fab..4520f321dd 100644
--- a/samples/simm-valuation-demo/flows/build.gradle
+++ b/samples/simm-valuation-demo/flows/build.gradle
@@ -4,6 +4,10 @@ apply plugin: 'net.corda.plugins.cordapp'
 cordapp {
     info {
         vendor = 'R3'
+        targetPlatformVersion = corda_platform_version.toInteger()
+    }
+    signing {
+        enabled false
     }
 }
 
diff --git a/samples/trader-demo/build.gradle b/samples/trader-demo/build.gradle
index afd027fdbc..f8ffd4edf3 100644
--- a/samples/trader-demo/build.gradle
+++ b/samples/trader-demo/build.gradle
@@ -1,11 +1,8 @@
-apply plugin: 'java'
 apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.quasar-utils'
-apply plugin: 'net.corda.plugins.publish-utils'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.cordformation'
-apply plugin: 'maven-publish'
 
 sourceSets {
     integrationTest {
@@ -29,8 +26,8 @@ dependencies {
     cordapp project(':finance')
 
     // Corda integration dependencies
-    cordaCompile project(path: ":node:capsule", configuration: 'runtimeArtifacts')
-    cordaCompile project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":node:capsule", configuration: 'runtimeArtifacts')
+    cordaRuntime project(path: ":webserver:webcapsule", configuration: 'runtimeArtifacts')
     cordaCompile project(':core')
 
     // Corda Plugins: dependent flows and services
@@ -41,7 +38,9 @@ dependencies {
     testCompile "org.assertj:assertj-core:${assertj_version}"
 }
 
-task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+def nodeTask = tasks.getByPath(':node:capsule:assemble')
+def webTask = tasks.getByPath(':webserver:webcapsule:assemble')
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask, webTask]) {
     ext.rpcUsers = [['username': "demo", 'password': "demo", 'permissions': ["ALL"]]]
 
     directory "./build/nodes"
@@ -104,18 +103,6 @@ idea {
     }
 }
 
-publishing {
-    publications {
-        jarAndSources(MavenPublication) {
-            from components.java
-            artifactId 'traderdemo'
-
-            artifact sourceJar
-            artifact javadocJar
-        }
-    }
-}
-
 task runBank(type: JavaExec) {
     classpath = sourceSets.main.runtimeClasspath
     main = 'net.corda.traderdemo.TraderDemoKt'
@@ -136,4 +123,13 @@ jar {
                 'Automatic-Module-Name': 'net.corda.samples.demos.trader'
         )
     }
-}
\ No newline at end of file
+}
+
+cordapp {
+    info {
+        name "net/corda/samples/trader-demo"
+        vendor "Corda Open Source"
+        targetPlatformVersion corda_platform_version.toInteger()
+        minimumPlatformVersion 1
+    }
+}

From 38517af8f3cb14ddc8581d545e8ee29d854c46c1 Mon Sep 17 00:00:00 2001
From: Rick Parker <rick.parker@r3.com>
Date: Tue, 16 Oct 2018 10:00:32 +0100
Subject: [PATCH 50/83] CORDA-1707 Tests to prove bug doesn't exist. (#4075)

---
 .../net/corda/node/flows/FlowRetryTest.kt     | 81 +++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
index cc5361ee4c..92334a7548 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
@@ -2,8 +2,10 @@ package net.corda.node.flows
 
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.client.rpc.CordaRPCClient
+import net.corda.core.CordaRuntimeException
 import net.corda.core.flows.*
 import net.corda.core.identity.Party
+import net.corda.core.internal.IdempotentFlow
 import net.corda.core.messaging.startFlow
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.utilities.ProgressTracker
@@ -16,6 +18,8 @@ import net.corda.testing.core.singleIdentity
 import net.corda.testing.driver.DriverParameters
 import net.corda.testing.driver.driver
 import net.corda.testing.node.User
+import org.assertj.core.api.Assertions.assertThatExceptionOfType
+import org.hibernate.exception.ConstraintViolationException
 import org.junit.Before
 import org.junit.Test
 import java.lang.management.ManagementFactory
@@ -51,6 +55,42 @@ class FlowRetryTest {
         assertNotNull(result)
         assertEquals("$numSessions:$numIterations", result)
     }
+
+    @Test
+    fun `flow gives up after number of exceptions, even if this is the first line of the flow`() {
+        val user = User("mark", "dadada", setOf(Permissions.startFlow<RetryFlow>()))
+        assertThatExceptionOfType(CordaRuntimeException::class.java).isThrownBy {
+            driver(DriverParameters(
+                    startNodesInProcess = isQuasarAgentSpecified(),
+                    notarySpecs = emptyList()
+            )) {
+                val nodeAHandle = startNode(providedName = ALICE_NAME, rpcUsers = listOf(user)).getOrThrow()
+
+                val result = CordaRPCClient(nodeAHandle.rpcAddress).start(user.username, user.password).use {
+                    it.proxy.startFlow(::RetryFlow).returnValue.getOrThrow()
+                }
+                result
+            }
+        }
+    }
+
+    @Test
+    fun `flow that throws in constructor throw for the RPC client that attempted to start them`() {
+        val user = User("mark", "dadada", setOf(Permissions.startFlow<ThrowingFlow>()))
+        assertThatExceptionOfType(CordaRuntimeException::class.java).isThrownBy {
+            driver(DriverParameters(
+                    startNodesInProcess = isQuasarAgentSpecified(),
+                    notarySpecs = emptyList()
+            )) {
+                val nodeAHandle = startNode(providedName = ALICE_NAME, rpcUsers = listOf(user)).getOrThrow()
+
+                val result = CordaRPCClient(nodeAHandle.rpcAddress).start(user.username, user.password).use {
+                    it.proxy.startFlow(::ThrowingFlow).returnValue.getOrThrow()
+                }
+                result
+            }
+        }
+    }
 }
 
 fun isQuasarAgentSpecified(): Boolean {
@@ -60,6 +100,8 @@ fun isQuasarAgentSpecified(): Boolean {
 
 class ExceptionToCauseRetry : SQLException("deadlock")
 
+class ExceptionToCauseFiniteRetry : ConstraintViolationException("Faked violation", SQLException("Fake"), "Fake name")
+
 @StartableByRPC
 @InitiatingFlow
 class InitiatorFlow(private val sessionsCount: Int, private val iterationsCount: Int, private val other: Party) : FlowLogic<Any>() {
@@ -157,3 +199,42 @@ data class SessionInfo(val sessionNum: Int, val iterationsCount: Int)
 enum class Step { First, BeforeInitiate, AfterInitiate, AfterInitiateSendReceive, BeforeSend, AfterSend, BeforeReceive, AfterReceive }
 
 data class Visited(val sessionNum: Int, val iterationNum: Int, val step: Step)
+
+@StartableByRPC
+class RetryFlow() : FlowLogic<String>(), IdempotentFlow {
+    companion object {
+        object FIRST_STEP : ProgressTracker.Step("Step one")
+
+        fun tracker() = ProgressTracker(FIRST_STEP)
+    }
+
+    override val progressTracker = tracker()
+
+    @Suspendable
+    override fun call(): String {
+        progressTracker.currentStep = FIRST_STEP
+        throw ExceptionToCauseFiniteRetry()
+        return "Result"
+    }
+}
+
+@StartableByRPC
+class ThrowingFlow() : FlowLogic<String>(), IdempotentFlow {
+    companion object {
+        object FIRST_STEP : ProgressTracker.Step("Step one")
+
+        fun tracker() = ProgressTracker(FIRST_STEP)
+    }
+
+    override val progressTracker = tracker()
+
+    init {
+        throw IllegalStateException("This flow can never be ")
+    }
+
+    @Suspendable
+    override fun call(): String {
+        progressTracker.currentStep = FIRST_STEP
+        return "Result"
+    }
+}
\ No newline at end of file

From 87a65855738256aa8fa178223f1e85bcea99c453 Mon Sep 17 00:00:00 2001
From: Joel Dudley <joel.dudley@r3cev.com>
Date: Tue, 16 Oct 2018 10:51:57 +0100
Subject: [PATCH 51/83] Documents default node tables. (#4077)

* Documents default node tables.

* Addresses review comment.
---
 docs/source/node-database.rst | 89 +++++++++++++++++++++++++++--------
 1 file changed, 69 insertions(+), 20 deletions(-)

diff --git a/docs/source/node-database.rst b/docs/source/node-database.rst
index 924f52ac4c..f9c7e3a06c 100644
--- a/docs/source/node-database.rst
+++ b/docs/source/node-database.rst
@@ -1,20 +1,22 @@
 Node database
 =============
 
-Default in-memory database
---------------------------
+.. contents::
+
+Configuring the node database
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+H2
+--
 By default, nodes store their data in an H2 database. See :doc:`node-database-access-h2`.
 
+Nodes can also be configured to use PostgreSQL and SQL Server. However, these are experimental community contributions.
+The Corda continuous integration pipeline does not run unit tests or integration tests of these databases.
+
 PostgreSQL
 ----------
-Nodes can also be configured to use PostgreSQL 9.6, using PostgreSQL JDBC Driver 42.1.4.
-
-.. warning:: This is an experimental community contribution. The Corda continuous integration pipeline does not run unit 
-   tests or integration tests of this feature.
-
-Configuration
-~~~~~~~~~~~~~
-Here is an example node configuration for PostgreSQL:
+Nodes can also be configured to use PostgreSQL 9.6, using PostgreSQL JDBC Driver 42.1.4. Here is an example node
+configuration for PostgreSQL:
 
 .. sourcecode:: groovy
 
@@ -40,15 +42,9 @@ Note that:
   the schema search path must be set explicitly for the user.
 
 SQLServer
-----------
-Nodes also have untested support for Microsoft SQL Server 2017, using Microsoft JDBC Driver 6.2 for SQL Server.
-
-.. warning:: This is an experimental community contribution, and is currently untested. We welcome pull requests to add
-   tests and additional support for this feature.
-
-Configuration
-~~~~~~~~~~~~~
-Here is an example node configuration for SQLServer:
+---------
+Nodes also have untested support for Microsoft SQL Server 2017, using Microsoft JDBC Driver 6.2 for SQL Server. Here is
+an example node configuration for SQLServer:
 
 .. sourcecode:: groovy
 
@@ -69,5 +65,58 @@ Note that:
 * The ``database.schema`` property is optional and is ignored as of release 3.1.
 * Ensure the directory referenced by jarDirs contains only one JDBC driver JAR file; by the default,
   sqljdbc_6.2/enu/contains two JDBC JAR file for different Java versions.
-=======
 
+Node database tables
+^^^^^^^^^^^^^^^^^^^^
+
+By default, the node database has the following tables:
+
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Table name                  | Columns                                                                                                                                                                                                  |
++=============================+==========================================================================================================================================================================================================+
+| DATABASECHANGELOG           | ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, EXECTYPE, MD5SUM, DESCRIPTION, COMMENTS, TAG, LIQUIBASE, CONTEXTS, LABELS, DEPLOYMENT_ID                                                              |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| DATABASECHANGELOGLOCK       | ID, LOCKED, LOCKGRANTED, LOCKEDBY                                                                                                                                                                        |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_ATTACHMENTS            | ATT_ID, CONTENT, FILENAME, INSERTION_DATE, UPLOADER                                                                                                                                                      |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_ATTACHMENTS_CONTRACTS  | ATT_ID, CONTRACT_CLASS_NAME                                                                                                                                                                              |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_CHECKPOINTS            | CHECKPOINT_ID, CHECKPOINT_VALUE                                                                                                                                                                          |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_CONTRACT_UPGRADES      | STATE_REF, CONTRACT_CLASS_NAME                                                                                                                                                                           |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_IDENTITIES             | PK_HASH, IDENTITY_VALUE                                                                                                                                                                                  |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_INFOS                  | NODE_INFO_ID, NODE_INFO_HASH, PLATFORM_VERSION, SERIAL                                                                                                                                                   |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_INFO_HOSTS             | HOST_NAME, PORT, NODE_INFO_ID, HOSTS_ID                                                                                                                                                                  |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_INFO_PARTY_CERT        | PARTY_NAME, ISMAIN, OWNING_KEY_HASH, PARTY_CERT_BINARY                                                                                                                                                   |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_LINK_NODEINFO_PARTY    | NODE_INFO_ID, PARTY_NAME                                                                                                                                                                                 |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_MESSAGE_IDS            | MESSAGE_ID, INSERTION_TIME, SENDER, SEQUENCE_NUMBER                                                                                                                                                      |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_NAMES_IDENTITIES       | NAME, PK_HASH                                                                                                                                                                                            |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_OUR_KEY_PAIRS          | PUBLIC_KEY_HASH, PRIVATE_KEY, PUBLIC_KEY                                                                                                                                                                 |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_PROPERTIES             | PROPERTY_KEY, PROPERTY_VALUE                                                                                                                                                                             |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_SCHEDULED_STATES       | OUTPUT_INDEXTRANSACTION_IDSCHEDULED_AT                                                                                                                                                                   |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| NODE_TRANSACTIONS           | TX_ID, TRANSACTION_VALUE, STATE_MACHINE_RUN_ID                                                                                                                                                           |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| VAULT_FUNGIBLE_STATES       | OUTPUT_INDEX, TRANSACTION_ID, ISSUER_NAME, ISSUER_REF, OWNER_NAME, QUANTITY                                                                                                                              |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| VAULT_FUNGIBLE_STATES_PARTS | OUTPUT_INDEX, TRANSACTION_ID, PARTICIPANTS                                                                                                                                                               |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| VAULT_LINEAR_STATES         | OUTPUT_INDEX, TRANSACTION_ID, EXTERNAL_ID, UUID                                                                                                                                                          |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| VAULT_LINEAR_STATES_PARTS   | OUTPUT_INDEX, TRANSACTION_ID, PARTICIPANTS                                                                                                                                                               |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| VAULT_STATES                | OUTPUT_INDEX, TRANSACTION_ID, CONSUMED_TIMESTAMP, CONTRACT_STATE_CLASS_NAME, LOCK_ID, LOCK_TIMESTAMP, NOTARY_NAME, RECORDED_TIMESTAMP, STATE_STATUS, RELEVANCY_STATUS, CONSTRAINT_TYPE, CONSTRAINT_DATA  |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| VAULT_TRANSACTION_NOTES     | SEQ_NO, NOTE, TRANSACTION_ID                                                                                                                                                                             |
++-----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

From 68d736dd8116636d8f7b95b3ad5660b3f6b93095 Mon Sep 17 00:00:00 2001
From: Konstantinos Chalkias <konstantinos.chalkias@r3.com>
Date: Tue, 16 Oct 2018 11:16:28 +0100
Subject: [PATCH 52/83] Doorman can sign TLS certs directly. (#4078)

---
 .../net/corda/core/internal/CertRole.kt       | 17 ++--
 .../net/corda/core/internal/CertRoleTests.kt  | 79 ++++++++++++++++++-
 2 files changed, 87 insertions(+), 9 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/internal/CertRole.kt b/core/src/main/kotlin/net/corda/core/internal/CertRole.kt
index b53f8977e8..f2946d3c72 100644
--- a/core/src/main/kotlin/net/corda/core/internal/CertRole.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/CertRole.kt
@@ -26,20 +26,25 @@ import java.security.cert.X509Certificate
 enum class CertRole(val validParents: NonEmptySet<CertRole?>, val isIdentity: Boolean, val isWellKnown: Boolean) : ASN1Encodable {
     /** Signing certificate for the Doorman CA. */
     DOORMAN_CA(NonEmptySet.of(null), false, false),
+
     /** Signing certificate for the network map. */
     NETWORK_MAP(NonEmptySet.of(null), false, false),
+
     /** Well known (publicly visible) identity of a service (such as notary). */
     SERVICE_IDENTITY(NonEmptySet.of(DOORMAN_CA), true, true),
+
     /** Node level CA from which the TLS and well known identity certificates are issued. */
     NODE_CA(NonEmptySet.of(DOORMAN_CA), false, false),
+
+    // [DOORMAN_CA] is also added as a valid parent of [TLS] and [LEGAL_IDENTITY] for backwards compatibility purposes
+    // (eg. if we decide [TLS] has its own [ROOT_CA] and [DOORMAN_CA] directly issues [TLS] and [LEGAL_IDENTITY]; thus,
+    // there won't be a requirement for [NODE_CA]).
     /** Transport layer security certificate for a node. */
-    TLS(NonEmptySet.of(NODE_CA), false, false),
+    TLS(NonEmptySet.of(DOORMAN_CA, NODE_CA), false, false),
+
     /** Well known (publicly visible) identity of a legal entity. */
-    // TODO: at the moment, Legal Identity certs are issued by Node CA only. However, [DOORMAN_CA] is also added
-    //      as a valid parent of [LEGAL_IDENTITY] for backwards compatibility purposes (eg. if we decide TLS has its
-    //      own Root CA and Doorman CA directly issues Legal Identities; thus, there won't be a requirement for
-    //      Node CA). Consider removing [DOORMAN_CA] from [validParents] when the model is finalised.
     LEGAL_IDENTITY(NonEmptySet.of(DOORMAN_CA, NODE_CA), true, true),
+
     /** Confidential (limited visibility) identity of a legal entity. */
     CONFIDENTIAL_LEGAL_IDENTITY(NonEmptySet.of(LEGAL_IDENTITY), true, false);
 
@@ -88,4 +93,4 @@ enum class CertRole(val validParents: NonEmptySet<CertRole?>, val isIdentity: Bo
     fun isValidParent(parent: CertRole?): Boolean = parent in validParents
 
     override fun toASN1Primitive(): ASN1Primitive = ASN1Integer(this.ordinal + 1L)
-}
\ No newline at end of file
+}
diff --git a/core/src/test/kotlin/net/corda/core/internal/CertRoleTests.kt b/core/src/test/kotlin/net/corda/core/internal/CertRoleTests.kt
index 60f81927c8..49653648de 100644
--- a/core/src/test/kotlin/net/corda/core/internal/CertRoleTests.kt
+++ b/core/src/test/kotlin/net/corda/core/internal/CertRoleTests.kt
@@ -1,9 +1,12 @@
 package net.corda.core.internal
 
+import net.corda.core.crypto.Crypto
+import net.corda.nodeapi.internal.crypto.CertificateType
+import net.corda.nodeapi.internal.crypto.X509Utilities
 import org.bouncycastle.asn1.ASN1Integer
 import org.junit.Test
-import kotlin.test.assertEquals
-import kotlin.test.assertFailsWith
+import javax.security.auth.x500.X500Principal
+import kotlin.test.*
 
 class CertRoleTests {
     @Test
@@ -22,4 +25,74 @@ class CertRoleTests {
         // Outside of the range of integers
         assertFailsWith<IllegalArgumentException> { CertRole.getInstance(ASN1Integer(Integer.MAX_VALUE + 1L)) }
     }
-}
\ No newline at end of file
+
+    @Test
+    fun `check cert roles verify for various cert hierarchies`(){
+
+        // Testing for various certificate hierarchies (with or without NodeCA).
+        // ROOT -> Intermediate Root -> Doorman -> NodeCA -> Legal Identity cert -> Confidential key cert
+        //                                      -> NodeCA -> TLS
+        //                                      -> Legal Identity cert -> Confidential key cert
+        //                                      -> TLS
+        val rootSubject = X500Principal("CN=Root,O=R3 Ltd,L=London,C=GB")
+        val intermediateRootSubject = X500Principal("CN=Intermediate Root,O=R3 Ltd,L=London,C=GB")
+        val doormanSubject = X500Principal("CN=Doorman,O=R3 Ltd,L=London,C=GB")
+        val nodeSubject = X500Principal("CN=Node,O=R3 Ltd,L=London,C=GB")
+
+        val rootKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val rootCert = X509Utilities.createSelfSignedCACertificate(rootSubject, rootKeyPair)
+        val rootCertRole = CertRole.extract(rootCert)
+
+        val intermediateRootKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        // Note that [CertificateType.ROOT_CA] is used for both root and intermediate root.
+        val intermediateRootCert = X509Utilities.createCertificate(CertificateType.ROOT_CA, rootCert, rootKeyPair, intermediateRootSubject, intermediateRootKeyPair.public)
+        val intermediateRootCertRole = CertRole.extract(intermediateRootCert)
+
+        val doormanKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        // Note that [CertificateType.INTERMEDIATE_CA] has actually role = CertRole.DOORMAN_CA, see [CertificateType] in [X509Utilities].
+        val doormanCert = X509Utilities.createCertificate(CertificateType.INTERMEDIATE_CA, intermediateRootCert, intermediateRootKeyPair, doormanSubject, doormanKeyPair.public)
+        val doormanCertRole = CertRole.extract(doormanCert)!!
+
+        val nodeCAKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val nodeCACert = X509Utilities.createCertificate(CertificateType.NODE_CA, doormanCert, doormanKeyPair, nodeSubject, nodeCAKeyPair.public)
+        val nodeCACertRole = CertRole.extract(nodeCACert)!!
+
+        val tlsKeyPairFromNodeCA = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val tlsCertFromNodeCA = X509Utilities.createCertificate(CertificateType.TLS, nodeCACert, nodeCAKeyPair, nodeSubject, tlsKeyPairFromNodeCA.public)
+        val tlsCertFromNodeCARole = CertRole.extract(tlsCertFromNodeCA)!!
+
+        val tlsKeyPairFromDoorman = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val tlsCertFromDoorman = X509Utilities.createCertificate(CertificateType.TLS, doormanCert, doormanKeyPair, nodeSubject, tlsKeyPairFromDoorman.public)
+        val tlsCertFromDoormanRole = CertRole.extract(tlsCertFromDoorman)!!
+
+        val legalIDKeyPairFromNodeCA = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val legalIDCertFromNodeCA = X509Utilities.createCertificate(CertificateType.LEGAL_IDENTITY, nodeCACert, nodeCAKeyPair, nodeSubject, legalIDKeyPairFromNodeCA.public)
+        val legalIDCertFromNodeCARole = CertRole.extract(legalIDCertFromNodeCA)!!
+
+        val legalIDKeyPairFromDoorman = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val legalIDCertFromDoorman = X509Utilities.createCertificate(CertificateType.LEGAL_IDENTITY, doormanCert, doormanKeyPair, nodeSubject, legalIDKeyPairFromDoorman.public)
+        val legalIDCertFromDoormanRole = CertRole.extract(legalIDCertFromDoorman)!!
+
+        val confidentialKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val confidentialCert = X509Utilities.createCertificate(CertificateType.CONFIDENTIAL_LEGAL_IDENTITY, legalIDCertFromNodeCA, legalIDKeyPairFromNodeCA, nodeSubject, confidentialKeyPair.public)
+        val confidentialCertRole = CertRole.extract(confidentialCert)!!
+
+        assertNull(rootCertRole)
+        assertNull(intermediateRootCertRole)
+        assertEquals(tlsCertFromNodeCARole, tlsCertFromDoormanRole)
+        assertEquals(legalIDCertFromNodeCARole, legalIDCertFromDoormanRole)
+
+        assertTrue { doormanCertRole.isValidParent(intermediateRootCertRole) } // Doorman is signed by Intermediate Root.
+        assertTrue { nodeCACertRole.isValidParent(doormanCertRole) } // NodeCA is signed by Doorman.
+        assertTrue { tlsCertFromNodeCARole.isValidParent(nodeCACertRole) } // TLS is signed by NodeCA.
+        assertTrue { tlsCertFromDoormanRole.isValidParent(doormanCertRole) } // TLS can also be signed by Doorman.
+        assertTrue { legalIDCertFromNodeCARole.isValidParent(nodeCACertRole) } // Legal Identity is signed by NodeCA.
+        assertTrue { legalIDCertFromDoormanRole.isValidParent(doormanCertRole) } // Legal Identity can also be signed by Doorman.
+        assertTrue { confidentialCertRole.isValidParent(legalIDCertFromNodeCARole) } // Confidential key cert is signed by Legal Identity.
+
+        assertFalse { legalIDCertFromDoormanRole.isValidParent(tlsCertFromDoormanRole) } // Legal Identity cannot be signed by TLS.
+        assertFalse { tlsCertFromNodeCARole.isValidParent(legalIDCertFromNodeCARole) } // TLS cannot be signed by Legal Identity.
+        assertFalse { confidentialCertRole.isValidParent(nodeCACertRole) } // Confidential key cert cannot be signed by NodeCA.
+        assertFalse { confidentialCertRole.isValidParent(doormanCertRole) } // Confidential key cert cannot be signed by Doorman.
+    }
+}

From 715c38766d1bc6520afee2a8d2441cd4ba1ccc71 Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Tue, 16 Oct 2018 16:33:04 +0100
Subject: [PATCH 53/83] CORDA-2109: Fix a bug that prevents consecutive
 multiparty contract upgrades

The contract upgrade handler assumes that the state to be upgraded is
created by a WireTransaction. This breaks the upgrade process if it was
in fact issued by a ContractUpgradeWireTransactions or a NotaryChangeWireTransaction.
---
 .../core/flows/ContractUpgradeFlowTest.kt     | 96 ++++++++++---------
 .../corda/core/flows/mixins/WithContracts.kt  | 10 +-
 .../corda/node/services/CoreFlowHandlers.kt   |  2 +-
 .../testing/contracts/DummyContractV3.kt      | 36 +++++++
 4 files changed, 93 insertions(+), 51 deletions(-)
 create mode 100644 testing/test-utils/src/main/kotlin/net/corda/testing/contracts/DummyContractV3.kt

diff --git a/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt b/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
index 8d30b83b62..889b8ceeee 100644
--- a/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
@@ -3,15 +3,12 @@ package net.corda.core.flows
 import com.natpryce.hamkrest.*
 import com.natpryce.hamkrest.assertion.assert
 import net.corda.core.contracts.*
-import net.corda.testing.internal.matchers.flow.willReturn
-import net.corda.testing.internal.matchers.flow.willThrow
 import net.corda.core.flows.mixins.WithContracts
 import net.corda.core.flows.mixins.WithFinality
 import net.corda.core.identity.AbstractParty
 import net.corda.core.internal.Emoji
 import net.corda.core.transactions.ContractUpgradeLedgerTransaction
 import net.corda.core.transactions.LedgerTransaction
-import net.corda.core.transactions.SignedTransaction
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.USD
@@ -20,9 +17,12 @@ import net.corda.finance.contracts.asset.Cash
 import net.corda.finance.flows.CashIssueFlow
 import net.corda.testing.contracts.DummyContract
 import net.corda.testing.contracts.DummyContractV2
+import net.corda.testing.contracts.DummyContractV3
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.singleIdentity
+import net.corda.testing.internal.matchers.flow.willReturn
+import net.corda.testing.internal.matchers.flow.willThrow
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.TestStartedNode
 import net.corda.testing.node.internal.cordappsForPackages
@@ -57,54 +57,67 @@ class ContractUpgradeFlowTest : WithContracts, WithFinality {
 
         aliceNode.finalise(stx, bob)
 
-        val atx = aliceNode.getValidatedTransaction(stx)
-        val btx = bobNode.getValidatedTransaction(stx)
+        val aliceTx = aliceNode.getValidatedTransaction(stx)
+        val bobTx = bobNode.getValidatedTransaction(stx)
 
         // The request is expected to be rejected because party B hasn't authorised the upgrade yet.
         assert.that(
-            aliceNode.initiateDummyContractUpgrade(atx),
+                aliceNode.initiateContractUpgrade(aliceTx, DummyContractV2::class),
                 willThrow<UnexpectedFlowEndException>())
 
-        // Party B authorise the contract state upgrade, and immediately deauthorise the same.
-        assert.that(bobNode.authoriseDummyContractUpgrade(btx), willReturn())
-        assert.that(bobNode.deauthoriseContractUpgrade(btx), willReturn())
+        // Party B authorises the contract state upgrade, and immediately de-authorises the same.
+        assert.that(bobNode.authoriseContractUpgrade(bobTx, DummyContractV2::class), willReturn())
+        assert.that(bobNode.deauthoriseContractUpgrade(bobTx), willReturn())
 
-        // The request is expected to be rejected because party B has subsequently deauthorised a previously authorised upgrade.
+        // The request is expected to be rejected because party B has subsequently de-authorised a previously authorised upgrade.
         assert.that(
-            aliceNode.initiateDummyContractUpgrade(atx),
+                aliceNode.initiateContractUpgrade(aliceTx, DummyContractV2::class),
                 willThrow<UnexpectedFlowEndException>())
 
-        // Party B authorise the contract state upgrade
-        assert.that(bobNode.authoriseDummyContractUpgrade(btx), willReturn())
+        // Party B authorises the contract state upgrade.
+        assert.that(bobNode.authoriseContractUpgrade(bobTx, DummyContractV2::class), willReturn())
 
         // Party A initiates contract upgrade flow, expected to succeed this time.
         assert.that(
-            aliceNode.initiateDummyContractUpgrade(atx),
+                aliceNode.initiateContractUpgrade(aliceTx, DummyContractV2::class),
                 willReturn(
-                        aliceNode.hasDummyContractUpgradeTransaction()
-                                and bobNode.hasDummyContractUpgradeTransaction()))
+                        aliceNode.hasContractUpgradeTransaction<DummyContract.State, DummyContractV2.State>()
+                                and bobNode.hasContractUpgradeTransaction<DummyContract.State, DummyContractV2.State>()))
+
+        val upgradedState = aliceNode.getStateFromVault(DummyContractV2.State::class)
+
+        // We now test that the upgraded state can be upgraded further, to V3.
+        // Party B authorises the contract state upgrade.
+        assert.that(bobNode.authoriseContractUpgrade(upgradedState, DummyContractV3::class), willReturn())
+
+        // Party A initiates contract upgrade flow which is expected to succeed.
+        assert.that(
+                aliceNode.initiateContractUpgrade(upgradedState, DummyContractV3::class),
+                willReturn(
+                        aliceNode.hasContractUpgradeTransaction<DummyContractV2.State, DummyContractV3.State>()
+                                and bobNode.hasContractUpgradeTransaction<DummyContractV2.State, DummyContractV3.State>()))
     }
 
     private fun TestStartedNode.issueCash(amount: Amount<Currency> = Amount(1000, USD)) =
-        services.startFlow(CashIssueFlow(amount, OpaqueBytes.of(1), notary))
-            .andRunNetwork()
-            .resultFuture.getOrThrow()
+            services.startFlow(CashIssueFlow(amount, OpaqueBytes.of(1), notary))
+                    .andRunNetwork()
+                    .resultFuture.getOrThrow()
 
     private fun TestStartedNode.getBaseStateFromVault() = getStateFromVault(ContractState::class)
 
     private fun TestStartedNode.getCashStateFromVault() = getStateFromVault(CashV2.State::class)
 
     private fun hasIssuedAmount(expected: Amount<Issued<Currency>>) =
-        hasContractState(has(CashV2.State::amount, equalTo(expected)))
+            hasContractState(has(CashV2.State::amount, equalTo(expected)))
 
     private fun belongsTo(vararg recipients: AbstractParty) =
-        hasContractState(has(CashV2.State::owners, equalTo(recipients.toList())))
+            hasContractState(has(CashV2.State::owners, equalTo(recipients.toList())))
 
     private fun <T : ContractState> hasContractState(expectation: Matcher<T>) =
-        has<StateAndRef<T>, T>(
-            "contract state",
-            { it.state.data },
-            expectation)
+            has<StateAndRef<T>, T>(
+                    "contract state",
+                    { it.state.data },
+                    expectation)
 
     @Test
     fun `upgrade Cash to v2`() {
@@ -123,14 +136,14 @@ class ContractUpgradeFlowTest : WithContracts, WithFinality {
         val upgradedState = aliceNode.getCashStateFromVault()
         assert.that(upgradedState,
                 hasIssuedAmount(Amount(1000000, USD) `issued by` (alice.ref(1)))
-                and belongsTo(anonymisedRecipient))
+                        and belongsTo(anonymisedRecipient))
 
         // Make sure the upgraded state can be spent
         val movedState = upgradedState.state.data.copy(amount = upgradedState.state.data.amount.times(2))
         val spendUpgradedTx = aliceNode.signInitialTransaction {
             addInputState(upgradedState)
             addOutputState(
-                upgradedState.state.copy(data = movedState)
+                    upgradedState.state.copy(data = movedState)
             )
             addCommand(CashV2.Move(), alice.owningKey)
         }
@@ -161,35 +174,24 @@ class ContractUpgradeFlowTest : WithContracts, WithFinality {
         override fun verify(tx: LedgerTransaction) {}
     }
 
-    //region Operations
-    private fun TestStartedNode.initiateDummyContractUpgrade(tx: SignedTransaction) =
-            initiateContractUpgrade(tx, DummyContractV2::class)
-
-    private fun TestStartedNode.authoriseDummyContractUpgrade(tx: SignedTransaction) =
-            authoriseContractUpgrade(tx, DummyContractV2::class)
-    //endregion
-
     //region Matchers
-    private fun TestStartedNode.hasDummyContractUpgradeTransaction() =
-            hasContractUpgradeTransaction<DummyContract.State, DummyContractV2.State>()
-
-    private inline fun <reified FROM : Any, reified TO: Any> TestStartedNode.hasContractUpgradeTransaction() =
-        has<StateAndRef<ContractState>, ContractUpgradeLedgerTransaction>(
-            "a contract upgrade transaction",
-            { getContractUpgradeTransaction(it) },
-            isUpgrade<FROM, TO>())
+    private inline fun <reified FROM : Any, reified TO : Any> TestStartedNode.hasContractUpgradeTransaction() =
+            has<StateAndRef<ContractState>, ContractUpgradeLedgerTransaction>(
+                    "a contract upgrade transaction",
+                    { getContractUpgradeTransaction(it) },
+                    isUpgrade<FROM, TO>())
 
     private fun TestStartedNode.getContractUpgradeTransaction(state: StateAndRef<ContractState>) =
-        services.validatedTransactions.getTransaction(state.ref.txhash)!!
-                .resolveContractUpgradeTransaction(services)
+            services.validatedTransactions.getTransaction(state.ref.txhash)!!
+                    .resolveContractUpgradeTransaction(services)
 
     private inline fun <reified FROM : Any, reified TO : Any> isUpgrade() =
             isUpgradeFrom<FROM>() and isUpgradeTo<TO>()
 
-    private inline fun <reified T: Any> isUpgradeFrom() =
+    private inline fun <reified T : Any> isUpgradeFrom() =
             has<ContractUpgradeLedgerTransaction, Any>("input data", { it.inputs.single().state.data }, isA<T>(anything))
 
-    private inline fun <reified T: Any> isUpgradeTo() =
+    private inline fun <reified T : Any> isUpgradeTo() =
             has<ContractUpgradeLedgerTransaction, Any>("output data", { it.outputs.single().data }, isA<T>(anything))
     //endregion
 }
diff --git a/core/src/test/kotlin/net/corda/core/flows/mixins/WithContracts.kt b/core/src/test/kotlin/net/corda/core/flows/mixins/WithContracts.kt
index c5794007fe..7206b1ce76 100644
--- a/core/src/test/kotlin/net/corda/core/flows/mixins/WithContracts.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/mixins/WithContracts.kt
@@ -51,9 +51,13 @@ interface WithContracts : WithMockNet {
 
     fun <T : UpgradedContract<*, *>> TestStartedNode.authoriseContractUpgrade(
         tx: SignedTransaction, toClass: KClass<T>) =
-        startFlow(
-            ContractUpgradeFlow.Authorise(tx.tx.outRef<ContractState>(0), toClass.java)
-        )
+        authoriseContractUpgrade(tx.tx.outRef(0), toClass)
+
+    fun <T : UpgradedContract<*, *>> TestStartedNode.authoriseContractUpgrade(
+            stateAndRef: StateAndRef<ContractState>, toClass: KClass<T>) =
+            startFlow(
+                    ContractUpgradeFlow.Authorise(stateAndRef, toClass.java)
+            )
 
     fun TestStartedNode.deauthoriseContractUpgrade(tx: SignedTransaction) = startFlow(
         ContractUpgradeFlow.Deauthorise(tx.tx.outRef<ContractState>(0).ref)
diff --git a/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt b/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
index df2a1ec019..7b6bbb75a6 100644
--- a/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
+++ b/node/src/main/kotlin/net/corda/node/services/CoreFlowHandlers.kt
@@ -56,7 +56,7 @@ class ContractUpgradeHandler(otherSide: FlowSession) : AbstractStateReplacementF
         // verify outputs matches the proposed upgrade.
         val ourSTX = serviceHub.validatedTransactions.getTransaction(proposal.stateRef.txhash)
         requireNotNull(ourSTX) { "We don't have a copy of the referenced state" }
-        val oldStateAndRef = ourSTX!!.tx.outRef<ContractState>(proposal.stateRef.index)
+        val oldStateAndRef = ourSTX!!.resolveBaseTransaction(serviceHub).outRef<ContractState>(proposal.stateRef.index)
         val authorisedUpgrade = serviceHub.contractUpgradeService.getAuthorisedContractUpgrade(oldStateAndRef.ref) ?: throw IllegalStateException("Contract state upgrade is unauthorised. State hash : ${oldStateAndRef.ref}")
         val proposedTx = stx.coreTransaction as ContractUpgradeWireTransaction
         val expectedTx = ContractUpgradeUtils.assembleUpgradeTx(oldStateAndRef, proposal.modification, proposedTx.privacySalt, serviceHub)
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/contracts/DummyContractV3.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/contracts/DummyContractV3.kt
new file mode 100644
index 0000000000..eb8b9a1e97
--- /dev/null
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/contracts/DummyContractV3.kt
@@ -0,0 +1,36 @@
+package net.corda.testing.contracts
+
+import net.corda.core.contracts.*
+import net.corda.core.identity.AbstractParty
+import net.corda.core.transactions.LedgerTransaction
+
+// The dummy contract doesn't do anything useful. It exists for testing purposes.
+
+/**
+ * Dummy contract state for testing of the upgrade process.
+ */
+class DummyContractV3 : UpgradedContractWithLegacyConstraint<DummyContractV2.State, DummyContractV3.State> {
+    companion object {
+        const val PROGRAM_ID: ContractClassName = "net.corda.testing.contracts.DummyContractV3"
+    }
+
+    override val legacyContract: String = DummyContractV2.PROGRAM_ID
+    override val legacyContractConstraint: AttachmentConstraint = AlwaysAcceptAttachmentConstraint
+
+    data class State(val magicNumber: Int = 0, val owners: List<AbstractParty>) : ContractState {
+        override val participants: List<AbstractParty> = owners
+    }
+
+    interface Commands : CommandData {
+        class Create : TypeOnlyCommandData(), Commands
+        class Move : TypeOnlyCommandData(), Commands
+    }
+
+    override fun upgrade(state: DummyContractV2.State): State {
+        return State(state.magicNumber, state.participants)
+    }
+
+    override fun verify(tx: LedgerTransaction) {
+        // Other verifications.
+    }
+}

From 456c9a85e1d13aaebd6fb7fa9cbdee9494a6204f Mon Sep 17 00:00:00 2001
From: Stefano Franz <roastario@gmail.com>
Date: Wed, 17 Oct 2018 11:27:14 +0100
Subject: [PATCH 54/83] =?UTF-8?q?remove=20requirement=20to=20override=20de?=
 =?UTF-8?q?fault=20progress=20tracker=20for=20interacti=E2=80=A6=20(#3985)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* remove requirement to override default progress tracker for interactive shell - this is no longer needed

* fix failing tests
---
 .../kotlin/net/corda/core/flows/FlowLogic.kt  | 21 +++--
 .../corda/core/utilities/ProgressTracker.kt   | 84 +++++++++++--------
 .../core/utilities/ProgressTrackerTest.kt     | 42 +++++-----
 .../statemachine/FlowStateMachineImpl.kt      |  6 +-
 .../statemachine/FlowFrameworkTests.kt        |  6 +-
 .../corda/attachmentdemo/AttachmentDemo.kt    | 13 ++-
 .../net/corda/tools/shell/InteractiveShell.kt | 10 +--
 7 files changed, 110 insertions(+), 72 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt b/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt
index e85439a601..10f101bdc7 100644
--- a/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/FlowLogic.kt
@@ -64,8 +64,10 @@ abstract class FlowLogic<out T> {
         /**
          * Return the outermost [FlowLogic] instance, or null if not in a flow.
          */
-        @Suppress("unused") @JvmStatic
-        val currentTopLevel: FlowLogic<*>? get() = (Strand.currentStrand() as? FlowStateMachine<*>)?.logic
+        @Suppress("unused")
+        @JvmStatic
+        val currentTopLevel: FlowLogic<*>?
+            get() = (Strand.currentStrand() as? FlowStateMachine<*>)?.logic
 
         /**
          * If on a flow, suspends the flow and only wakes it up after at least [duration] time has passed.  Otherwise,
@@ -123,10 +125,11 @@ abstract class FlowLogic<out T> {
      * Note: The current implementation returns the single identity of the node. This will change once multiple identities
      * is implemented.
      */
-    val ourIdentityAndCert: PartyAndCertificate get() {
-        return serviceHub.myInfo.legalIdentitiesAndCerts.find { it.party == stateMachine.ourIdentity }
-                ?: throw IllegalStateException("Identity specified by ${stateMachine.id} (${stateMachine.ourIdentity}) is not one of ours!")
-    }
+    val ourIdentityAndCert: PartyAndCertificate
+        get() {
+            return serviceHub.myInfo.legalIdentitiesAndCerts.find { it.party == stateMachine.ourIdentity }
+                    ?: throw IllegalStateException("Identity specified by ${stateMachine.id} (${stateMachine.ourIdentity}) is not one of ours!")
+        }
 
     /**
      * Specifies the identity to use for this flow. This will be one of the multiple identities that belong to this node.
@@ -141,9 +144,11 @@ abstract class FlowLogic<out T> {
     // Used to implement the deprecated send/receive functions using Party. When such a deprecated function is used we
     // create a fresh session for the Party, put it here and use it in subsequent deprecated calls.
     private val deprecatedPartySessionMap = HashMap<Party, FlowSession>()
+
     private fun getDeprecatedSessionForParty(party: Party): FlowSession {
         return deprecatedPartySessionMap.getOrPut(party) { initiateFlow(party) }
     }
+
     /**
      * Returns a [FlowInfo] object describing the flow [otherParty] is using. With [FlowInfo.flowVersion] it
      * provides the necessary information needed for the evolution of flows and enabling backwards compatibility.
@@ -342,7 +347,7 @@ abstract class FlowLogic<out T> {
      * Note that this has to return a tracker before the flow is invoked. You can't change your mind half way
      * through.
      */
-    open val progressTracker: ProgressTracker? = null
+    open val progressTracker: ProgressTracker? = ProgressTracker.DEFAULT_TRACKER()
 
     /**
      * This is where you fill out your business logic.
@@ -383,7 +388,7 @@ abstract class FlowLogic<out T> {
      *
      * @return Returns null if this flow has no progress tracker.
      */
-    fun trackStepsTree(): DataFeed<List<Pair<Int,String>>, List<Pair<Int,String>>>? {
+    fun trackStepsTree(): DataFeed<List<Pair<Int, String>>, List<Pair<Int, String>>>? {
         // TODO this is not threadsafe, needs an atomic get-step-and-subscribe
         return progressTracker?.let {
             DataFeed(it.allStepsLabels, it.stepsTreeChanges)
diff --git a/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt b/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt
index f646f0569a..7741500c31 100644
--- a/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt
+++ b/core/src/main/kotlin/net/corda/core/utilities/ProgressTracker.kt
@@ -30,10 +30,11 @@ import java.util.*
  * using the [Observable] subscribeOn call.
  */
 @CordaSerializable
-class ProgressTracker(vararg steps: Step) {
+class ProgressTracker(vararg inputSteps: Step) {
+
     @CordaSerializable
     sealed class Change(val progressTracker: ProgressTracker) {
-        data class Position(val tracker: ProgressTracker,  val newStep: Step) : Change(tracker) {
+        data class Position(val tracker: ProgressTracker, val newStep: Step) : Change(tracker) {
             override fun toString() = newStep.label
         }
 
@@ -64,6 +65,10 @@ class ProgressTracker(vararg steps: Step) {
         override fun equals(other: Any?) = other === UNSTARTED
     }
 
+    object STARTING : Step("Starting") {
+        override fun equals(other: Any?) = other === STARTING
+    }
+
     object DONE : Step("Done") {
         override fun equals(other: Any?) = other === DONE
     }
@@ -74,7 +79,7 @@ class ProgressTracker(vararg steps: Step) {
     private val childProgressTrackers = mutableMapOf<Step, Child>()
 
     /** The steps in this tracker, same as the steps passed to the constructor but with UNSTARTED and DONE inserted. */
-    val steps = arrayOf(UNSTARTED, *steps, DONE)
+    val steps = arrayOf(UNSTARTED, STARTING, *inputSteps, DONE)
 
     private var _allStepsCache: List<Pair<Int, Step>> = _allSteps()
 
@@ -83,42 +88,16 @@ class ProgressTracker(vararg steps: Step) {
     private val _stepsTreeChanges by transient { PublishSubject.create<List<Pair<Int, String>>>() }
     private val _stepsTreeIndexChanges by transient { PublishSubject.create<Int>() }
 
-
-
-    init {
-        steps.forEach {
-            val childTracker = it.childProgressTracker()
-            if (childTracker != null) {
-                setChildProgressTracker(it, childTracker)
-            }
-        }
-    }
-
-    /** The zero-based index of the current step in the [steps] array (i.e. with UNSTARTED and DONE) */
-    var stepIndex: Int = 0
-        private set(value) {
-            field = value
-        }
-
-    /** The zero-bases index of the current step in a [allStepsLabels] list */
-    var stepsTreeIndex: Int = -1
-        private set(value) {
-            field = value
-            _stepsTreeIndexChanges.onNext(value)
-        }
-
-    /**
-     * Reading returns the value of steps[stepIndex], writing moves the position of the current tracker. Once moved to
-     * the [DONE] state, this tracker is finished and the current step cannot be moved again.
-     */
     var currentStep: Step
         get() = steps[stepIndex]
         set(value) {
-            check(!hasEnded) { "Cannot rewind a progress tracker once it has ended" }
+            check((value === DONE && hasEnded) || !hasEnded) {
+                "Cannot rewind a progress tracker once it has ended"
+            }
             if (currentStep == value) return
 
             val index = steps.indexOf(value)
-            require(index != -1, { "Step ${value.label} not found in progress tracker." })
+            require(index != -1) { "Step ${value.label} not found in progress tracker." }
 
             if (index < stepIndex) {
                 // We are going backwards: unlink and unsubscribe from any child nodes that we're rolling back
@@ -144,6 +123,39 @@ class ProgressTracker(vararg steps: Step) {
             }
         }
 
+
+    init {
+        steps.forEach {
+            configureChildTrackerForStep(it)
+        }
+        this.currentStep = UNSTARTED
+    }
+
+    private fun configureChildTrackerForStep(it: Step) {
+        val childTracker = it.childProgressTracker()
+        if (childTracker != null) {
+            setChildProgressTracker(it, childTracker)
+        }
+    }
+
+    /** The zero-based index of the current step in the [steps] array (i.e. with UNSTARTED and DONE) */
+    var stepIndex: Int = 0
+        private set(value) {
+            field = value
+        }
+
+    /** The zero-bases index of the current step in a [allStepsLabels] list */
+    var stepsTreeIndex: Int = -1
+        private set(value) {
+            field = value
+            _stepsTreeIndexChanges.onNext(value)
+        }
+
+    /**
+     * Reading returns the value of steps[stepIndex], writing moves the position of the current tracker. Once moved to
+     * the [DONE] state, this tracker is finished and the current step cannot be moved again.
+     */
+
     /** Returns the current step, descending into children to find the deepest step we are up to. */
     val currentStepRecursive: Step
         get() = getChildProgressTracker(currentStep)?.currentStepRecursive ?: currentStep
@@ -263,7 +275,7 @@ class ProgressTracker(vararg steps: Step) {
     /**
      * An observable stream of changes to the [allStepsLabels]
      */
-    val stepsTreeChanges: Observable<List<Pair<Int,String>>> get() = _stepsTreeChanges
+    val stepsTreeChanges: Observable<List<Pair<Int, String>>> get() = _stepsTreeChanges
 
     /**
      * An observable stream of changes to the [stepsTreeIndex]
@@ -272,6 +284,10 @@ class ProgressTracker(vararg steps: Step) {
 
     /** Returns true if the progress tracker has ended, either by reaching the [DONE] step or prematurely with an error */
     val hasEnded: Boolean get() = _changes.hasCompleted() || _changes.hasThrowable()
+
+    companion object {
+        val DEFAULT_TRACKER = { ProgressTracker() }
+    }
 }
 // TODO: Expose the concept of errors.
 // TODO: It'd be helpful if this class was at least partly thread safe.
diff --git a/core/src/test/kotlin/net/corda/core/utilities/ProgressTrackerTest.kt b/core/src/test/kotlin/net/corda/core/utilities/ProgressTrackerTest.kt
index 6a682faff6..e476df1a8b 100644
--- a/core/src/test/kotlin/net/corda/core/utilities/ProgressTrackerTest.kt
+++ b/core/src/test/kotlin/net/corda/core/utilities/ProgressTrackerTest.kt
@@ -50,11 +50,11 @@ class ProgressTrackerTest {
         assertEquals(0, pt.stepIndex)
         var stepNotification: ProgressTracker.Step? = null
         pt.changes.subscribe { stepNotification = (it as? ProgressTracker.Change.Position)?.newStep }
-
+        assertEquals(ProgressTracker.UNSTARTED, pt.currentStep)
+        assertEquals(ProgressTracker.STARTING, pt.nextStep())
         assertEquals(SimpleSteps.ONE, pt.nextStep())
-        assertEquals(1, pt.stepIndex)
+        assertEquals(2, pt.stepIndex)
         assertEquals(SimpleSteps.ONE, stepNotification)
-
         assertEquals(SimpleSteps.TWO, pt.nextStep())
         assertEquals(SimpleSteps.THREE, pt.nextStep())
         assertEquals(SimpleSteps.FOUR, pt.nextStep())
@@ -87,8 +87,10 @@ class ProgressTrackerTest {
         assertEquals(SimpleSteps.TWO, (stepNotification.pollFirst() as ProgressTracker.Change.Structural).parent)
         assertNextStep(SimpleSteps.TWO)
 
+        assertEquals(pt2.currentStep, ProgressTracker.UNSTARTED)
+        assertEquals(ProgressTracker.STARTING, pt2.nextStep())
         assertEquals(ChildSteps.AYY, pt2.nextStep())
-        assertNextStep(ChildSteps.AYY)
+        assertEquals((stepNotification.last  as ProgressTracker.Change.Position).newStep, ChildSteps.AYY)
         assertEquals(ChildSteps.BEE, pt2.nextStep())
     }
 
@@ -115,19 +117,19 @@ class ProgressTrackerTest {
 
         // Travel tree.
         pt.currentStep = SimpleSteps.ONE
-        assertCurrentStepsTree(0, SimpleSteps.ONE)
+        assertCurrentStepsTree(1, SimpleSteps.ONE)
 
         pt.currentStep = SimpleSteps.TWO
-        assertCurrentStepsTree(1, SimpleSteps.TWO)
+        assertCurrentStepsTree(2, SimpleSteps.TWO)
 
         pt2.currentStep = ChildSteps.BEE
-        assertCurrentStepsTree(3, ChildSteps.BEE)
+        assertCurrentStepsTree(5, ChildSteps.BEE)
 
         pt.currentStep = SimpleSteps.THREE
-        assertCurrentStepsTree(5, SimpleSteps.THREE)
+        assertCurrentStepsTree(7, SimpleSteps.THREE)
 
         // Assert no structure changes and proper steps propagation.
-        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(0, 1, 3, 5))
+        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(1, 2, 5, 7))
         assertThat(stepsTreeNotification).isEmpty()
     }
 
@@ -153,16 +155,16 @@ class ProgressTrackerTest {
         }
 
         pt.currentStep = SimpleSteps.ONE
-        assertCurrentStepsTree(0, SimpleSteps.ONE)
+        assertCurrentStepsTree(1, SimpleSteps.ONE)
 
         pt.currentStep = SimpleSteps.FOUR
-        assertCurrentStepsTree(3, SimpleSteps.FOUR)
+        assertCurrentStepsTree(4, SimpleSteps.FOUR)
 
         pt2.currentStep = ChildSteps.SEA
-        assertCurrentStepsTree(6, ChildSteps.SEA)
+        assertCurrentStepsTree(8, ChildSteps.SEA)
 
         // Assert no structure changes and proper steps propagation.
-        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(0, 3, 6))
+        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(1, 4, 8))
         assertThat(stepsTreeNotification).isEmpty()
     }
     
@@ -189,18 +191,18 @@ class ProgressTrackerTest {
         }
 
         pt.currentStep = SimpleSteps.TWO
-        assertCurrentStepsTree(1, SimpleSteps.TWO)
+        assertCurrentStepsTree(2, SimpleSteps.TWO)
 
         pt.currentStep = SimpleSteps.FOUR
-        assertCurrentStepsTree(6, SimpleSteps.FOUR)
+        assertCurrentStepsTree(8, SimpleSteps.FOUR)
 
 
         pt.setChildProgressTracker(SimpleSteps.THREE, pt3)
 
-        assertCurrentStepsTree(9, SimpleSteps.FOUR)
+        assertCurrentStepsTree(12, SimpleSteps.FOUR)
 
         // Assert no structure changes and proper steps propagation.
-        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(1, 6, 9))
+        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(2, 8, 12))
         assertThat(stepsTreeNotification).hasSize(2) // 1 change + 1 our initial state
     }
 
@@ -228,14 +230,14 @@ class ProgressTrackerTest {
         pt.currentStep = SimpleSteps.TWO
         pt2.currentStep = ChildSteps.SEA
         pt3.currentStep = BabySteps.UNOS
-        assertCurrentStepsTree(4, ChildSteps.SEA)
+        assertCurrentStepsTree(6, ChildSteps.SEA)
 
         pt.setChildProgressTracker(SimpleSteps.TWO, pt3)
 
-        assertCurrentStepsTree(2, BabySteps.UNOS)
+        assertCurrentStepsTree(4, BabySteps.UNOS)
 
         // Assert no structure changes and proper steps propagation.
-        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(1, 4, 2))
+        assertThat(stepsIndexNotifications).containsExactlyElementsOf(listOf(2, 6, 4))
         assertThat(stepsTreeNotification).hasSize(2) // 1 change + 1 our initial state.
     }
 
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt
index 4fcd24e7d6..34b81ff9df 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/FlowStateMachineImpl.kt
@@ -14,6 +14,7 @@ import net.corda.core.identity.Party
 import net.corda.core.internal.*
 import net.corda.core.serialization.internal.CheckpointSerializationContext
 import net.corda.core.serialization.internal.checkpointSerialize
+import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.Try
 import net.corda.core.utilities.debug
 import net.corda.core.utilities.trace
@@ -205,6 +206,7 @@ class FlowStateMachineImpl<R>(override val id: StateMachineRunId,
 
     @Suspendable
     override fun run() {
+        logic.progressTracker?.currentStep = ProgressTracker.STARTING
         logic.stateMachine = this
 
         setLoggingContext()
@@ -263,7 +265,7 @@ class FlowStateMachineImpl<R>(override val id: StateMachineRunId,
         processEventImmediately(
                 Event.EnterSubFlow(subFlow.javaClass,
                         createSubFlowVersion(
-                               serviceHub.cordappProvider.getCordappForFlow(subFlow), serviceHub.myInfo.platformVersion
+                                serviceHub.cordappProvider.getCordappForFlow(subFlow), serviceHub.myInfo.platformVersion
                         )
                 ),
                 isDbTransactionOpenOnEntry = true,
@@ -435,7 +437,7 @@ val Class<out FlowLogic<*>>.flowVersionAndInitiatingClass: Pair<Int, Class<out F
             current = current.superclass
                     ?: return found
                     ?: throw IllegalArgumentException("$name, as a flow that initiates other flows, must be annotated with " +
-                    "${InitiatingFlow::class.java.name}. See https://docs.corda.net/api-flows.html#flowlogic-annotations.")
+                            "${InitiatingFlow::class.java.name}. See https://docs.corda.net/api-flows.html#flowlogic-annotations.")
         }
     }
 
diff --git a/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt b/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt
index 948aa59f5d..075d324e9f 100644
--- a/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt
@@ -38,7 +38,10 @@ import net.corda.testing.node.internal.*
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.assertj.core.api.AssertionsForClassTypes.assertThatExceptionOfType
-import org.junit.*
+import org.junit.After
+import org.junit.Before
+import org.junit.Ignore
+import org.junit.Test
 import rx.Notification
 import rx.Observable
 import java.time.Instant
@@ -423,6 +426,7 @@ class FlowFrameworkTests {
         }
         assertThat(receiveFlowException.message).doesNotContain("evil bug!")
         assertThat(receiveFlowSteps.get()).containsExactly(
+                Notification.createOnNext(ProgressTracker.STARTING),
                 Notification.createOnNext(ReceiveFlow.START_STEP),
                 Notification.createOnError(receiveFlowException)
         )
diff --git a/samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt b/samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt
index 052606583d..9ff022f1b6 100644
--- a/samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt
+++ b/samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt
@@ -11,6 +11,7 @@ import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FinalityFlow
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.StartableByRPC
+import net.corda.core.flows.StartableByService
 import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.Party
 import net.corda.core.internal.Emoji
@@ -23,9 +24,9 @@ import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.getOrThrow
-import net.corda.testing.node.internal.poll
 import net.corda.testing.core.DUMMY_BANK_B_NAME
 import net.corda.testing.core.DUMMY_NOTARY_NAME
+import net.corda.testing.node.internal.poll
 import java.io.InputStream
 import java.net.HttpURLConnection
 import java.net.URL
@@ -131,6 +132,16 @@ class AttachmentDemoFlow(private val otherSide: Party,
     }
 }
 
+@StartableByRPC
+@StartableByService
+class NoProgressTrackerShellDemo : FlowLogic<String>() {
+    @Suspendable
+    override fun call(): String {
+        return "You Called me!"
+    }
+}
+
+
 @Suppress("DEPRECATION")
 // DOCSTART 1
 fun recipient(rpc: CordaRPCOps, webPort: Int) {
diff --git a/tools/shell/src/main/kotlin/net/corda/tools/shell/InteractiveShell.kt b/tools/shell/src/main/kotlin/net/corda/tools/shell/InteractiveShell.kt
index 6729ab0ea2..55109ff233 100644
--- a/tools/shell/src/main/kotlin/net/corda/tools/shell/InteractiveShell.kt
+++ b/tools/shell/src/main/kotlin/net/corda/tools/shell/InteractiveShell.kt
@@ -17,7 +17,10 @@ import net.corda.core.flows.FlowLogic
 import net.corda.core.internal.*
 import net.corda.core.internal.concurrent.doneFuture
 import net.corda.core.internal.concurrent.openFuture
-import net.corda.core.messaging.*
+import net.corda.core.messaging.CordaRPCOps
+import net.corda.core.messaging.DataFeed
+import net.corda.core.messaging.FlowProgressHandle
+import net.corda.core.messaging.StateMachineUpdate
 import net.corda.nodeapi.internal.pendingFlowsCount
 import net.corda.tools.shell.utlities.ANSIProgressRenderer
 import net.corda.tools.shell.utlities.StdoutANSIProgressRenderer
@@ -359,11 +362,6 @@ object InteractiveShell {
                     errors.add("${getPrototype()}: Wrong number of arguments (${args.size} provided, ${ctor.genericParameterTypes.size} needed)")
                     continue
                 }
-                val flow = ctor.newInstance(*args) as FlowLogic<*>
-                if (flow.progressTracker == null) {
-                    errors.add("A flow must override the progress tracker in order to be run from the shell")
-                    continue
-                }
                 return invoke(clazz, args)
             } catch (e: StringToMethodCallParser.UnparseableCallException.MissingParameter) {
                 errors.add("${getPrototype()}: missing parameter ${e.paramName}")

From cc75a65f9233b5ac0bcdc5e03c2af032c43fbba5 Mon Sep 17 00:00:00 2001
From: Katelyn Baker <katelyn.baker@r3.com>
Date: Wed, 17 Oct 2018 15:09:48 +0100
Subject: [PATCH 55/83] RELEASE - Merge 3.3 upgrade / notes / changelog backto
 master (#4085)

---
 docs/source/changelog.rst     | 116 ++++++++++++++++++++++----
 docs/source/release-notes.rst | 150 +++++++++++++++++++++++++++++++++-
 docs/source/upgrade-notes.rst |  36 +++++---
 3 files changed, 273 insertions(+), 29 deletions(-)

diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index f5fd3d3ae3..827dee6db5 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -26,8 +26,6 @@ Unreleased
 
 * Removed experimental feature ``CordformDefinition``
 
-* Vault query fix: support query by parent classes of Contract State classes (see https://github.com/corda/corda/issues/3714)
-
 * Added ``registerResponderFlow`` method to ``StartedMockNode``, to support isolated testing of responder flow behaviour.
 
 * "app", "rpc", "p2p" and "unknown" are no longer allowed as uploader values when importing attachments. These are used
@@ -57,9 +55,6 @@ Unreleased
   interfaces that will have unimplemented methods. This is useful, for example, for object viewers. This can be turned on
   with ``SerializationContext.withLenientCarpenter``.
 
-* Introduced a grace period before the initial node registration fails if the node cannot connect to the Doorman.
-  It retries 10 times with a 1 minute interval in between each try. At the moment this is not configurable.
-
 * Added a ``FlowMonitor`` to log information about flows that have been waiting for IO more than a configurable threshold.
 
 * H2 database changes:
@@ -173,7 +168,7 @@ Unreleased
 * Added public support for creating ``CordaRPCClient`` using SSL. For this to work the node needs to provide client applications
   a certificate to be added to a truststore. See :doc:`tutorial-clientrpc-api`
 
-*The node RPC broker opens 2 endpoints that are configured with ``address`` and ``adminAddress``. RPC Clients would connect
+* The node RPC broker opens 2 endpoints that are configured with ``address`` and ``adminAddress``. RPC Clients would connect
   to the address, while the node will connect to the adminAddress. Previously if ssl was enabled for RPC the ``adminAddress``
   was equal to ``address``.
 
@@ -227,6 +222,73 @@ Unreleased
   normal state when it occurs in an input or output position. *This feature is only available on Corda networks running
   with a minimum platform version of 4.*
 
+Version 3.3
+-----------
+
+* Vault query fix: support query by parent classes of Contract State classes (see https://github.com/corda/corda/issues/3714)
+
+* Fixed an issue preventing Shell from returning control to the user when CTRL+C is pressed in the terminal.
+
+* Fixed a problem that sometimes prevented nodes from starting in presence of custom state types in the database without a corresponding type from installed CorDapps.
+
+* Introduced a grace period before the initial node registration fails if the node cannot connect to the Doorman.
+  It retries 10 times with a 1 minute interval in between each try. At the moment this is not configurable.
+
+* Fixed an error thrown by NodeVaultService upon recording a transaction with a number of inputs greater than the default page size.
+
+* Changes to the JSON/YAML serialisation format from ``JacksonSupport``, which also applies to the node shell:
+
+  * ``Instant`` and ``Date`` objects are serialised as ISO-8601 formatted strings rather than timestamps
+  * ``PublicKey`` objects are serialised and looked up according to their Base58 encoded string
+  * ``Party`` objects can be deserialised by looking up their public key, in addition to their name
+  * ``NodeInfo`` objects are serialised as an object and can be looked up using the same mechanism as ``Party``
+  * ``NetworkHostAndPort`` serialised according to its ``toString()``
+  * ``PartyAndCertificate`` is serialised as the name
+  * ``SerializedBytes`` is serialised by materialising the bytes into the object it represents, and then serialising that
+    object into YAML/JSON
+  * ``X509Certificate`` is serialised as an object with key fields such as ``issuer``, ``publicKey``, ``serialNumber``, etc.
+    The encoded bytes are also serialised into the ``encoded`` field. This can be used to deserialise an ``X509Certificate``
+    back.
+  * ``CertPath`` objects are serialised as a list of ``X509Certificate`` objects.
+
+* ``fullParties`` boolean parameter added to ``JacksonSupport.createDefaultMapper`` and ``createNonRpcMapper``. If ``true``
+  then ``Party`` objects are serialised as JSON objects with the ``name`` and ``owningKey`` fields. For ``PartyAndCertificate``
+  the ``certPath`` is serialised.
+
+* Several members of ``JacksonSupport`` have been deprecated to highlight that they are internal and not to be used
+
+* ``ServiceHub`` and ``CordaRPCOps`` can now safely be used from multiple threads without incurring in database transaction problems.
+
+* Fixed an issue preventing out of process nodes started by the ``Driver`` from logging to file.
+
+* The Vault Criteria API has been extended to take a more precise specification of which class contains a field. This primarily impacts Java users; Kotlin users need take no action. The old methods have been deprecated but still work - the new methods avoid bugs that can occur when JPA schemas inherit from each other.
+
+* Removed -xmx VM argument from Explorer's Capsule setup. This helps avoiding out of memory errors.
+
+* Node will now gracefully fail to start if one of the required ports is already in use.
+
+* Fixed incorrect exception handling in ``NodeVaultService._query()``.
+
+* Avoided a memory leak deriving from incorrect MappedSchema caching strategy.
+
+* Fix CORDA-1403 where a property of a class that implemented a generic interface could not be deserialised in
+  a factory without a serialiser as the subtype check for the class instance failed. Fix is to compare the raw
+  type.
+
+* Fix CORDA-1229. Setter-based serialization was broken with generic types when the property was stored
+  as the raw type, List for example.
+
+.. _changelog_v3.2:
+
+Version 3.2
+-----------
+
+* Doorman and NetworkMap URLs can now be configured individually rather than being assumed to be
+  the same server. Current ``compatibilityZoneURL`` configurations remain valid. See both :doc:`corda-configuration-file`
+  and :doc:`permissioning` for details.
+
+* Table name with a typo changed from ``NODE_ATTCHMENTS_CONTRACTS`` to ``NODE_ATTACHMENTS_CONTRACTS``.
+
 .. _changelog_v3.1:
 
 Version 3.1
@@ -235,7 +297,7 @@ Version 3.1
 * Update the fast-classpath-scanner dependent library version from 2.0.21 to 2.12.3
 
   .. note:: Whilst this is not the latest version of this library, that being 2.18.1 at time of writing, versions
-later than 2.12.3 (including 2.12.4) exhibit a different issue.
+    later than 2.12.3 (including 2.12.4) exhibit a different issue.
 
 * Updated the api scanner gradle plugin to work the same way as the version in master. These changes make the api scanner more
   accurate and fix a couple of bugs, and change the format of the api-current.txt file slightly. Backporting these changes
@@ -254,21 +316,25 @@ later than 2.12.3 (including 2.12.4) exhibit a different issue.
 Version 3.0
 -----------
 
-* Per CorDapp configuration is now exposed. ``CordappContext`` now exposes a ``CordappConfig`` object that is populated
-  at CorDapp context creation time from a file source during runtime.
+* Due to a security risk, the `conflict` property has been removed from `NotaryError.Conflict` error object. It has been replaced
+  with `consumedStates` instead. The new property no longer specifies the original requesting party and transaction id for
+  a consumed state. Instead, only the hash of the transaction id is revealed. For more details why this change had to be
+  made please refer to the release notes.
 
-* Introduced Flow Draining mode, in which a node continues executing existing flows, but does not start new. This is to
-  support graceful node shutdown/restarts. In particular, when this mode is on, new flows through RPC will be rejected,
-  scheduled flows will be ignored, and initial session messages will not be consumed. This will ensure that the number of
-  checkpoints will strictly diminish with time, allowing for a clean shutdown.
+* Added ``NetworkMapCache.getNodesByLegalName`` for querying nodes belonging to a distributed service such as a notary cluster
+  where they all share a common identity. ``NetworkMapCache.getNodeByLegalName`` has been tightened to throw if more than
+  one node with the legal name is found.
 
-* Make the serialisation finger-printer a pluggable entity rather than hard wiring into the factory
+* Introduced Flow Draining mode, in which a node continues executing existing flows, but does not start new. This is to support graceful node shutdown/restarts.
+  In particular, when this mode is on, new flows through RPC will be rejected, scheduled flows will be ignored, and initial session messages will not be consumed.
+  This will ensure that the number of checkpoints will strictly diminish with time, allowing for a clean shutdown.
 
 * Removed blacklisted word checks in Corda X.500 name to allow "Server" or "Node" to be use as part of the legal name.
 
 * Separated our pre-existing Artemis broker into an RPC broker and a P2P broker.
 
 * Refactored ``NodeConfiguration`` to expose ``NodeRpcOptions`` (using top-level "rpcAddress" property still works with warning).
+
 * Modified ``CordaRPCClient`` constructor to take a ``SSLConfiguration?`` additional parameter, defaulted to ``null``.
 
 * Introduced ``CertificateChainCheckPolicy.UsernameMustMatchCommonName`` sub-type, allowing customers to optionally enforce
@@ -284,6 +350,28 @@ Version 3.0
 * JPA Mapping annotations for States extending ``CommonSchemaV1.LinearState`` and ``CommonSchemaV1.FungibleState`` on the
   `participants` collection need to be moved to the actual class. This allows to properly specify the unique table name per
   a collection. See: DummyDealStateSchemaV1.PersistentDummyDealState
+* Database schema changes - an H2 database instance of Corda 1.0 and 2.0 cannot be reused for Corda 3.0, listed changes for Vault and Finance module:
+
+    * ``NODE_TRANSACTIONS``:
+       column ``"TRANSACTION”`` renamed to ``TRANSACTION_VALUE``, serialization format of BLOB stored in the column has changed to AMQP
+    * ``VAULT_STATES``:
+       column ``CONTRACT_STATE`` removed
+    * ``VAULT_FUNGIBLE_STATES``:
+        column ``ISSUER_REFERENCE`` renamed to ``ISSUER_REF`` and the field size increased
+    * ``"VAULTSCHEMAV1$VAULTFUNGIBLESTATES_PARTICIPANTS"``:
+        table renamed to ``VAULT_FUNGIBLE_STATES_PARTS``,
+        column ``"VAULTSCHEMAV1$VAULTFUNGIBLESTATES_OUTPUT_INDEX"`` renamed to ``OUTPUT_INDEX``,
+        column ``"VAULTSCHEMAV1$VAULTFUNGIBLESTATES_TRANSACTION_ID"`` renamed to ``TRANSACTION_ID``
+    * ``VAULT_LINEAR_STATES``:
+        type of column ``"UUID"`` changed from ``VARBINARY`` to ``VARCHAR(255)`` - select varbinary column as ``CAST("UUID" AS UUID)`` to get UUID in varchar format
+    * ``"VAULTSCHEMAV1$VAULTLINEARSTATES_PARTICIPANTS"``:
+        table renamed to ``VAULT_LINEAR_STATES_PARTS``,
+        column ``"VAULTSCHEMAV1$VAULTLINEARSTATES_OUTPUT_INDEX"`` renamed to ``OUTPUT_INDEX``,
+        column ``"VAULTSCHEMAV1$VAULTLINEARSTATES_TRANSACTION_ID"`` renamed to ``TRANSACTION_ID``
+    * ``contract_cash_states``:
+        columns storing Base58 representation of the serialised public key (e.g. ``issuer_key``) were changed to store Base58 representation of SHA-256 of public key prefixed with `DL`
+    * ``contract_cp_states``:
+        table renamed to ``cp_states``, column changes as for ``contract_cash_states``
 
 * X.509 certificates now have an extension that specifies the Corda role the certificate is used for, and the role
   hierarchy is now enforced in the validation code. See ``net.corda.core.internal.CertRole`` for the current implementation
diff --git a/docs/source/release-notes.rst b/docs/source/release-notes.rst
index 3f3e0e9d60..b1db04faf5 100644
--- a/docs/source/release-notes.rst
+++ b/docs/source/release-notes.rst
@@ -1,11 +1,14 @@
 Release notes
 =============
 
-Unreleased
-----------
+.. _release_notes_v4_0:
+
+Release 4.0 (Unreleased)
+------------------------
 
 Significant Changes in 4.0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 * **Retirement of non-elliptic Diffie-Hellman for TLS**
   The TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 family of ciphers is retired from the list of allowed ciphers for TLS
   as it is a legacy cipher family not supported by all native SSL/TLS implementations.
@@ -18,9 +21,150 @@ Significant Changes in 4.0
   for "current-ness". In other words, the contract logic isn't run for the referencing transaction only. It's still a
   normal state when it occurs in an input or output position.
 
+<< MORE TO COME >>
+
+.. _release_notes_v3_3:
+
+Release 3.3
+-----------
+
+Corda 3.3 brings together many small improvements, fixes, and community contributions to deliver a stable and polished release
+of Corda. Where both the 3.1 and 3.2 releases delivered a smaller number of critical bug fixes addressing immediate and impactful error conditions, 3.3
+addresses a much greater number of issues, both small and large, that have been found and fixed since the release of 3.0 back in March. Rolling up a great
+many improvements and polish to truly make the Corda experience just that much better.
+
+In addition to work undertaken by the main Corda development team, we've taken the opportunity in 3.3 to bring back many of the contributions made
+by community members from master onto the currently released stable branch. It has been said many times before, but the community and its members
+are the real life-blood of Corda and anyone who takes the time to contribute is a star in our eyes. Bringing that code into the current version we hope
+gives people the opportunity to see their work in action, and to help their fellow community members by having these contributions available in a
+supported release.
+
+Changes of Note
+~~~~~~~~~~~~~~~
+
+* **Serialization fixes**
+
+  Things "in the lab" always work so much better than they do in the wild, where everything you didn't think of is thrown at your code and a mockery
+  is made of some dearly held assumptions.  A great example of this is the serialization framework which delivers Corda's wire stability guarantee
+  that was introduced in 3.0 and has subsequently been put to a rigorous test by our users. Corda 3.3 consolidates a great many fixes in that framework,
+  both programmatically in terms of fixing bugs, but also in the documentation, hopefully making things clearer and easier to work with.
+
+* **Certificate Hierarchy**
+
+  After consultation, collaboration, and discussion with industry experts, we have decided to alter the default Certificate Hierarchy (PKI) utilized by
+  Corda and the Corda Network. To facilitate this, the nodes have had their certificate path verification logic made much more flexible. All existing
+  certificate hierarchy, certificates, and networks will remain valid. The possibility now exists for nodes to recognize a deeper certificate chain and
+  thus Compatibility Zone operators can deploy and adhere to the PKI standards they expect and are comfortable with.
+
+  Practically speaking, the old code assumed a 3-level hierarchy of Root -> Intermediate CA (Doorman) -> Node, and this was hard coded. From 3.3 onward an
+  arbitrary depth of certificate chain is supported. For the Corda Network, this means the introduction of an intermediate layer between the root and the
+  signing certificates (Network Map and Doorman). This has the effect of allowing the root certificate to *always* be kept offline and never retrieved or
+  used. Those new intermediate certificates can be used to generate, if ever needed, new signing certs without risking compromise of the root key.
+
+Special Thanks
+~~~~~~~~~~~~~~
+
+The Corda community is a vibrant and exciting ecosystem that spreads far outside the virtual walls of the
+R3 organisation. Without that community, and the most welcome contributions of its members, the Corda project
+would be a much poorer place.
+
+We're therefore happy to extend thanks to the following members of that community for their contributions
+
+  * `Dan Newton <https://github.com/lankydan>`_ for a fix to cleanup node registration in the test framework. The changes can be found `here <https://github.com/corda/corda/commit/599aa709dd025a56e2c295cc9225ba2ee5b0fc9c>`_.
+  * `Tushar Singh Bora <https://github.com/kid101>`_ for a number of `documentation tweaks <https://github.com/corda/corda/commit/279b8deaa6e1045fa4890ef179ee9a41c8a6406b>`_. In addition, some updates to the tutorial documentation `here <https://github.com/corda/corda/commit/37656a58f5fd6cad7a2fa1c08e887777b375cedd>`_.
+  * `Jiachuan Li <https://github.com/lijiachuan1982>`_ for a number of corrections to our documentation. Those contributions can be found `here <https://github.com/corda/corda/commit/83a09885172f22ad4e03909d942b473bccb4e228>`_ and `here <https://github.com/corda/corda/commit/f23f2ee6966cf46a3f8b598e868393f9f2e610e7>`_.
+  * `Yogesh <https://github.com/acetheultimate>`_ for a documentation tweak that can be see `here <https://github.com/corda/corda/commit/07e3ff502f620d5201a29cf12f686b50cd1cb17c>`_.
+  * `Roman Plášil <https://github.com/Quiark>`_ for speeding up node shutdown when connecting to an http network map. This fix can be found `here <https://github.com/corda/corda/commit/ec1e40109d85d495b84cf4307fb8a7e34536f1d9>`_.
+  * `renlulu <https://github.com/renlulu>`_ for a small `PR <https://github.com/corda/corda/commit/cda7c292437e228bd8df5c800f711d45a3d743e1>`_ to optimize some of the imports.
+  * `cxyzhang0 <https://github.com/cxyzhang0>`_ for making the ``IdentitySyncFlow`` more useful. See `here <https://github.com/corda/corda/commit/a86c79e40ca15a8b95380608be81fe338d82b141>`_.
+  * `Venelin Stoykov <https://github.com/vstoykov>`_ with updates to the `documentation <https://github.com/corda/corda/commit/4def8395b3bd100b2b0a3d2eecef5e20f0ec7f47>`_ around the progress tracker.
+  * `Mohamed Amine Legheraba <https://github.com/MohamedLEGH>`_ for updates to the Azure documentation that can be seen `here <https://github.com/corda/corda/commit/14e9bf100d0b0236f65ee4ffd778f32307b9e519>`_.
+  * `Stanly Johnson <https://github.com/stanly-johnson>`_ with a `fix <https://github.com/corda/corda/commit/f9a9bb19a7cc6d202446890e4e11bebd4a118cf3>`_ to the network bootstrapper.
+  * `Tittu Varghese <https://github.com/tittuvarghese>`_ for adding a favicon to the docsite. This commit can be found `here <https://github.com/corda/corda/commit/cd8988865599261db45505060735880c3066792e>`_
+
 Issues Fixed
 ~~~~~~~~~~~~
-* Cordform Gradle task (`deployNodes`) doesn't work when `configFile` element was used.
+
+* Refactoring ``DigitalSignatureWithCertPath`` for more performant storing of the certificate chain. [`CORDA-1995 <https://r3-cev.atlassian.net/browse/CORDA-1995>`_]
+* The serializers class carpenter fails when superclass has double-size primitive field. [`Corda-1945 <https://r3-cev.atlassian.net/browse/Corda-1945>`_]
+* If a second identity is mistakenly created the node will not start. [`CORDA-1811 <https://r3-cev.atlassian.net/browse/CORDA-1811>`_]
+* Demobench profile load fails with stack dump. [`CORDA-1948 <https://r3-cev.atlassian.net/browse/CORDA-1948>`_]
+* Deletes of NodeInfo can fail to propagate leading to infinite retries. [`CORDA-2029 <https://r3-cev.atlassian.net/browse/CORDA-2029>`_]
+* Copy all the certificates from the network-trust-store.jks file to the node's trust store. [`CORDA-2012 <https://r3-cev.atlassian.net/browse/CORDA-2012>`_]
+* Add SNI (Server Name Indication) header to TLS connections. [`CORDA-2001 <https://r3-cev.atlassian.net/browse/CORDA-2001>`_]
+* Fix duplicate index declaration in the Cash schema. [`CORDA-1952 <https://r3-cev.atlassian.net/browse/CORDA-1952>`_]
+* Hello World Tutorial Page mismatch between code sample and explanatory text. [`CORDA-1950 <https://r3-cev.atlassian.net/browse/CORDA-1950>`_]
+* Java Instructions to Invoke Hello World CorDapp are incorrect. [`CORDA-1949 <https://r3-cev.atlassian.net/browse/CORDA-1949>`_]
+* Add ``VersionInfo`` to the ``NodeInfo`` submission request to the network map element of the Compatibility Zone. [`CORDA-1938 <https://r3-cev.atlassian.net/browse/CORDA-1938>`_]
+* Rename current INTERMEDIATE_CA certificate role to DOORMAN_CA certificate role. [`CORDA-1934 <https://r3-cev.atlassian.net/browse/CORDA-1934>`_]
+* Make node-side network map verification agnostic to the certificate hierarchy. [`CORDA-1932 <https://r3-cev.atlassian.net/browse/CORDA-1932>`_]
+* Corda Shell incorrectly deserializes generic types as raw types. [`CORDA-1907 <https://r3-cev.atlassian.net/browse/CORDA-1907>`_]
+* The Corda web server does not support asynchronous servlets. [`CORDA-1906 <https://r3-cev.atlassian.net/browse/CORDA-1906>`_]
+* Amount<T> is deserialized from JSON and YAML as Amount<Currency>, for all values of T. [`CORDA-1905 <https://r3-cev.atlassian.net/browse/CORDA-1905>`_]
+* ``NodeVaultService.loadStates`` queries without a ``PageSpecification`` property set. This leads to issues with large transactions. [`CORDA-1895 <https://r3-cev.atlassian.net/browse/CORDA-1895>`_]
+* If a node has two flows, where one's name is a longer version of the other's, they cannot be started [`CORDA-1892 <https://r3-cev.atlassian.net/browse/CORDA-1892>`_]
+* Vault Queries across ``LinearStates`` and ``FungibleState`` tables return incorrect results. [`CORDA-1888 <https://r3-cev.atlassian.net/browse/CORDA-1888>`_]
+* Checking the version of the Corda jar file by executing the jar with the ``--version`` flag without specifying a valid node configuration file causes an exception to be thrown. [`CORDA-1884 <https://r3-cev.atlassian.net/browse/CORDA-1884>`_]
+* RPC deadlocks after a node restart. [`CORDA-1875 <https://r3-cev.atlassian.net/browse/CORDA-1875>`_]
+* Vault query fails to find a state if it extends some class (``ContractState``) and it is that base class that is used as the predicate (``vaultService.queryBy<I>()``). [`CORDA-1858 <https://r3-cev.atlassian.net/browse/CORDA-1858>`_]
+* Missing unconsumed states from linear id when querying vault caused by a the previous transaction failing with an SQL exception. [`CORDA-1847 <https://r3-cev.atlassian.net/browse/CORDA-1847>`_]
+* Inconsistency in how a web path is written. [`CORDA-1841 <https://r3-cev.atlassian.net/browse/CORDA-1841>`_]
+* Cannot use ``TestIdentities`` with same organization name in ``net.corda.testing.driver.Driver``. [`CORDA-1837 <https://r3-cev.atlassian.net/browse/CORDA-1837>`_]
+* Docs page typos. [`CORDA-1834 <https://r3-cev.atlassian.net/browse/CORDA-1834>`_]
+* Adding flexibility to the serialization frameworks unit tests support and utility code. [`CORDA-1808 <https://r3-cev.atlassian.net/browse/CORDA-1808>`_]
+* Cannot use ``--initial-registration`` with the ``networkServices`` configuration option in place of the older ``compatibilityzone`` option within ``node.conf``. [`CORDA-1789 <https://r3-cev.atlassian.net/browse/CORDA-1789>`_]
+* Document more clearly the supported version of both IntelliJ and the IntelliJ Kotlin Plugins. [`CORDA-1727 <https://r3-cev.atlassian.net/browse/CORDA-1727>`_]
+* DemoBench's "Launch Explorer" button is not re-enabled when you close Node Explorer. [`CORDA-1686 <https://r3-cev.atlassian.net/browse/CORDA-1686>`_]
+* It is not possible to run ``stateMachinesSnapshot`` from the shell. [`CORDA-1681 <https://r3-cev.atlassian.net/browse/CORDA-1681>`_]
+* Node won't start if CorDapps generate states prior to deletion [`CORDA-1663 <https://r3-cev.atlassian.net/browse/CORDA-1663>`_]
+* Serializer Evolution breaks with Java classes adding nullable properties. [`CORDA-1662 <https://r3-cev.atlassian.net/browse/CORDA-1662>`_]
+* Add Java examples for the creation of proxy serializers to complement the existing kotlin ones. [`CORDA-1641 <https://r3-cev.atlassian.net/browse/CORDA-1641>`_]
+* Proxy serializer documentation isn't clear on how to write a proxy serializer. [`CORDA-1640 <https://r3-cev.atlassian.net/browse/CORDA-1640>`_]
+* Node crashes in ``--initial-registration`` polling mode if doorman returns a transient HTTP error. [`CORDA-1638 <https://r3-cev.atlassian.net/browse/CORDA-1638>`_]
+* Nodes started by gradle task are not stopped when the gradle task exits. [`CORDA-1634 <https://r3-cev.atlassian.net/browse/CORDA-1634>`_]
+* Notarizations time out if notary doesn't have up-to-date network map. [`CORDA-1628 <https://r3-cev.atlassian.net/browse/CORDA-1628>`_]
+* Node explorer: Improve error handling when connection to nodes cannot be established. [`CORDA-1617 <https://r3-cev.atlassian.net/browse/CORDA-1617>`_]
+* Validating notary fails to resolve an attachment. [`CORDA-1588 <https://r3-cev.atlassian.net/browse/CORDA-1588>`_]
+* Out of process nodes started by the driver do not log to file. [`CORDA-1575 <https://r3-cev.atlassian.net/browse/CORDA-1575>`_]
+* Once ``--initial-registration`` has been passed to a node, further restarts should assume that mode until a cert is collected. [`CORDA-1572 <https://r3-cev.atlassian.net/browse/CORDA-1572>`_]
+* An array of primitive byte arrays (an array of arrays) won't deserialize in a virgin factory (i.e. one that didn't build the serializer for serialization). [`CORDA-1545 <https://r3-cev.atlassian.net/browse/CORDA-1545>`_]
+* Ctrl-C in the shell fails to aborts the flow. [`CORDA-1542 <https://r3-cev.atlassian.net/browse/CORDA-1542>`_]
+* One transaction with two identical cash outputs cannot be save in the vault. [`CORDA-1535 <https://r3-cev.atlassian.net/browse/CORDA-1535>`_]
+* The unit tests for the enum evolver functionality cannot be regenerated. This is because verification logic added after their initial creation has a bug that incorrectly identifies a cycle in the graph. [`CORDA-1498 <https://r3-cev.atlassian.net/browse/CORDA-1498>`_]
+* Add in a safety check that catches flow checkpoints from older versions. [`CORDA-1477 <https://r3-cev.atlassian.net/browse/CORDA-1477>`_]
+* Buggy ``CommodityContract`` issuance logic. [`CORDA-1459 <https://r3-cev.atlassian.net/browse/CORDA-1459>`_]
+* Error in the process-id deletion process allows multiple instances of the same node to be run. [`CORDA-1455 <https://r3-cev.atlassian.net/browse/CORDA-1455>`_]
+* Node crashes if network map returns HTTP 50X error. [`CORDA-1414 <https://r3-cev.atlassian.net/browse/CORDA-1414>`_]
+* Delegate Property doesn't serialize, throws an erroneous type mismatch error. [`CORDA-1403 <https://r3-cev.atlassian.net/browse/CORDA-1403>`_]
+* If a vault query throws an exception, the stack trace is swallowed. [`CORDA-1397 <https://r3-cev.atlassian.net/browse/CORDA-1397>`_]
+* Node can fail to fully start when a port conflict occurs, no useful error message is generated when this occurs. [`CORDA-1394 <https://r3-cev.atlassian.net/browse/CORDA-1394>`_]
+* Running the ``deployNodes`` gradle task back to back without a clean doesn't work. [`CORDA-1389 <https://r3-cev.atlassian.net/browse/CORDA-1389>`_]
+* Stripping issuer from Amount<Issued<T>> does not preserve ``displayTokenSize``. [`CORDA-1386 <https://r3-cev.atlassian.net/browse/CORDA-1386>`_]
+* ``CordaServices`` are instantiated multiple times per Party when using ``NodeDriver``. [`CORDA-1385 <https://r3-cev.atlassian.net/browse/CORDA-1385>`_]
+* Out of memory errors can be seen when using Demobench + Explorer. [`CORDA-1356 <https://r3-cev.atlassian.net/browse/CORDA-1356>`_]
+* Reduce the amount of classpath scanning during integration tests execution. [`CORDA-1355 <https://r3-cev.atlassian.net/browse/CORDA-1355>`_]
+* SIMM demo throws "attachment too big" errors. [`CORDA-1346 <https://r3-cev.atlassian.net/browse/CORDA-1346>`_]
+* Fix vault query paging example in ``ScheduledFlowTests``. [`CORDA-1344 <https://r3-cev.atlassian.net/browse/CORDA-1344>`_]
+* The shell doesn't print the return value of a started flow. [`CORDA-1342 <https://r3-cev.atlassian.net/browse/CORDA-1342>`_]
+* Provide access to database transactions for CorDapp developers. [`CORDA-1341 <https://r3-cev.atlassian.net/browse/CORDA-1341>`_]
+* Error with ``VaultQuery`` for entity inheriting from ``CommonSchemaV1.FungibleState``. [`CORDA-1338 <https://r3-cev.atlassian.net/browse/CORDA-1338>`_]
+* The ``--network-root-truststore`` command line option not defaulted. [`CORDA-1317 <https://r3-cev.atlassian.net/browse/CORDA-1317>`_]
+* Java example in "Upgrading CorDapps" documentation is wrong. [`CORDA-1315 <https://r3-cev.atlassian.net/browse/CORDA-1315>`_]
+* Remove references to ``registerInitiatedFlow`` in testing documentation as it is not needed. [`CORDA-1304 <https://r3-cev.atlassian.net/browse/CORDA-1304>`_]
+* Regression: Recording a duplicate transaction attempts second insert to vault. [`CORDA-1303 <https://r3-cev.atlassian.net/browse/CORDA-1303>`_]
+* Columns in the Corda database schema should have correct NULL/NOT NULL constraints. [`CORDA-1297 <https://r3-cev.atlassian.net/browse/CORDA-1297>`_]
+* MockNetwork/Node API needs a way to register ``@CordaService`` objects. [`CORDA-1292 <https://r3-cev.atlassian.net/browse/CORDA-1292>`_]
+* Deleting a ``NodeInfo`` from the additional-node-infos directory should remove it from cache. [`CORDA-1093 <https://r3-cev.atlassian.net/browse/CORDA-1093>`_]
+* ``FailNodeOnNotMigratedAttachmentContractsTableNameTests`` is sometimes failing with database constraint "Notary" is null. [`CORDA-1976 <https://r3-cev.atlassian.net/browse/CORDA-1976>`_]
+* Revert keys for DEV certificates. [`CORDA-1661 <https://r3-cev.atlassian.net/browse/CORDA-1661>`_]
+* Node Info file watcher should block and load ``NodeInfo`` when node startup. [`CORDA-1604 <https://r3-cev.atlassian.net/browse/CORDA-1604>`_]
+* Improved logging of the network parameters update process. [`CORDA-1405 <https://r3-cev.atlassian.net/browse/CORDA-1405>`_]
+* Ensure all conditions in cash selection query are tested. [`CORDA-1266 <https://r3-cev.atlassian.net/browse/CORDA-1266>`_]
+* ``NodeVaultService`` bug. Start node, issue cash, stop node, start node, ``getCashBalances()`` will not show any cash
+* A Corda node doesn't re-select cluster from HA Notary.
+* Event Horizon is not wire compatible with older network parameters objects.
+* Notary unable to resolve Party after processing a flow from same Party.
+* Misleading error message shown when a node is restarted after a flag day event.
 
 .. _release_notes_v3_2:
 
diff --git a/docs/source/upgrade-notes.rst b/docs/source/upgrade-notes.rst
index f2c51349b9..09ccfb1c9f 100644
--- a/docs/source/upgrade-notes.rst
+++ b/docs/source/upgrade-notes.rst
@@ -9,33 +9,31 @@ first public Beta (:ref:`Milestone 12 <changelog_m12>`), to :ref:`V1.0 <changelo
 
 General rules
 -------------
-* Always remember to update the version identifiers in your project gradle file:
+Always remember to update the version identifiers in your project's gradle file:
 
 .. sourcecode:: shell
 
     ext.corda_release_version = 'x.y.0'
     ext.corda_gradle_plugins_version = 'x.y.0'
 
-* It may also be necessary to update the version of major dependencies:
+It may also be necessary to update the version of major dependencies:
 
 .. sourcecode:: shell
 
     ext.kotlin_version = 'x.y.z'
     ext.quasar_version = 'x.y.z'
 
-* Please consult the relevant release notes of the release in question. If not specified, you may assume the
-  versions you are currently using are still in force
-  
-  * We also strongly recommend cross referencing with the :doc:`changelog` to confirm changes
+Please consult the relevant release notes of the release in question. If not specified, you may assume the
+versions you are currently using are still in force.
 
-* To run database upgrades against H2, you'll need to connect to the node's database without starting the node. You can 
-  do this by connecting directly to the node's ``persistence.mv.db`` file. See :ref:`h2_relative_path`
+We also strongly recommend cross referencing with the :doc:`changelog` to confirm changes
+
+To run database upgrades against H2, you'll need to connect to the node's database without starting the node. You can
+do this by connecting directly to the node's ``persistence.mv.db`` file. See :ref:`h2_relative_path`
 
 UNRELEASED
 ----------
 
-<<< Fill this in >>>
-
 * Database upgrade - Change the type of the ``checkpoint_value``.
 This will address the issue that the `vacuum` function is unable to clean up deleted checkpoints as they are still referenced from the ``pg_shdepend`` table.
 
@@ -86,6 +84,17 @@ For H2:
   No action is needed for default node tables as ``PersistentStateRef`` is used as Primary Key only and the backing columns are automatically not nullable
   or custom Cordapp entities using ``PersistentStateRef`` as Primary Key.
 
+V3.2 to v3.3
+------------
+
+* Update the Corda Release version
+
+  The ``corda_release_version`` identifier in your projects gradle file will need changing as follows:
+
+  .. sourcecode:: shell
+
+    ext.corda_release_version = '3.3-corda'
+
 v3.1 to v3.2
 ------------
 
@@ -118,8 +127,11 @@ Database schema changes
 
     ALTER TABLE node_checkpoints ALTER COLUMN checkpoint_value set data type bytea using null;
 
-  .. important::
-     The Corda node will fail on startup if the database was not updated with the above commands.
+  .. note::
+    This change will also need to be run when migrating from version 3.0.
+
+.. important::
+   The Corda node will fail on startup if the database was not updated with the above commands.
 
 v3.0 to v3.1
 ------------

From 55731ef81606e93d2f7d413a08f600b6c3536091 Mon Sep 17 00:00:00 2001
From: Rick Parker <rick.parker@r3.com>
Date: Thu, 18 Oct 2018 10:38:43 +0100
Subject: [PATCH 56/83] ENT-2431 Tidy up buildNamed and CacheFactory

---
 .../client/jfx/model/NetworkIdentityModel.kt  |  3 +-
 .../client/rpc/internal/ClientCacheFactory.kt | 19 +++++
 .../rpc/internal/RPCClientProxyHandler.kt     |  8 +--
 .../net/corda/core/internal/NamedCache.kt     | 37 ++++------
 .../net/corda/core/internal/NamedCacheTest.kt | 14 +++-
 .../notary/raft/RaftUniquenessProvider.kt     |  2 +-
 .../raft/RaftTransactionCommitLogTests.kt     |  2 +-
 .../nodeapi/internal/DeduplicationChecker.kt  |  9 ++-
 .../internal/persistence/CordaPersistence.kt  |  4 +-
 .../persistence/HibernateConfiguration.kt     |  5 +-
 .../messaging/ArtemisMessagingTest.kt         |  4 +-
 .../network/PersistentNetworkMapCacheTest.kt  |  4 +-
 .../node/services/rpc/ArtemisRpcTests.kt      |  4 +-
 .../net/corda/node/internal/AbstractNode.kt   | 28 +++-----
 .../kotlin/net/corda/node/internal/Node.kt    |  6 +-
 .../security/RPCSecurityManagerImpl.kt        | 33 ++++-----
 .../node/services/api/ServiceHubInternal.kt   |  2 +-
 .../identity/PersistentIdentityService.kt     |  2 +-
 .../keys/PersistentKeyManagementService.kt    |  2 +-
 .../messaging/InternalRPCMessagingClient.kt   |  5 +-
 .../messaging/P2PMessageDeduplicator.kt       |  2 +-
 .../services/messaging/P2PMessagingClient.kt  |  2 +-
 .../node/services/messaging/RPCServer.kt      | 23 ++----
 .../network/PersistentNetworkMapCache.kt      |  2 +-
 .../persistence/DBTransactionStorage.kt       |  2 +-
 .../persistence/NodeAttachmentService.kt      |  1 -
 .../NodePropertiesPersistentStore.kt          | 10 +--
 .../PersistentUniquenessProvider.kt           |  2 +-
 .../upgrade/ContractUpgradeServiceImpl.kt     | 10 +--
 .../node/utilities/AppendOnlyPersistentMap.kt |  2 +-
 .../corda/node/utilities/NodeNamedCache.kt    | 71 +++++++++++++------
 .../node/utilities/NonInvalidatingCache.kt    |  1 +
 .../utilities/NonInvalidatingUnboundCache.kt  | 10 +--
 .../net/corda/node/utilities/PersistentMap.kt |  7 +-
 .../net/corda/node/CordaRPCOpsImplTest.kt     |  3 +-
 .../corda/node/internal/AbstractNodeTests.kt  |  2 +-
 .../net/corda/node/internal/NodeTest.kt       |  1 +
 .../node/services/RPCSecurityManagerTest.kt   |  4 +-
 .../events/NodeSchedulerServiceTest.kt        |  2 +-
 .../PersistentScheduledFlowRepositoryTest.kt  |  3 +-
 .../PersistentIdentityServiceTests.kt         |  2 +-
 .../AppendOnlyPersistentMapTest.kt            |  2 +-
 .../persistence/DBCheckpointStorageTests.kt   |  6 +-
 .../persistence/DBTransactionStorageTests.kt  |  2 +-
 .../persistence/HibernateConfigurationTest.kt |  2 +-
 .../persistence/NodeAttachmentServiceTest.kt  |  2 +-
 .../persistence/TransactionCallbackTest.kt    |  2 +-
 .../schema/PersistentStateServiceTests.kt     |  9 +--
 .../PersistentUniquenessProviderTests.kt      |  2 +-
 .../node/services/vault/VaultQueryTests.kt    |  2 +-
 .../corda/node/utilities/ObservablesTests.kt  |  2 +-
 .../node/utilities/PersistentMapTests.kt      |  6 +-
 .../corda/irs/api/NodeInterestRatesTest.kt    |  5 +-
 .../internal/SerializationScheme.kt           |  3 +-
 .../net/corda/testing/node/MockServices.kt    |  2 +-
 .../corda/testing/node/internal/RPCDriver.kt  |  7 +-
 .../testing/internal/InternalTestUtils.kt     | 41 ++++++++++-
 .../internal/TestingNamedCacheFactory.kt      | 13 ++--
 .../explorer/identicon/IdenticonRenderer.kt   |  3 +-
 59 files changed, 269 insertions(+), 197 deletions(-)
 create mode 100644 client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ClientCacheFactory.kt

diff --git a/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NetworkIdentityModel.kt b/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NetworkIdentityModel.kt
index aa7f7e50f2..af2acc1aac 100644
--- a/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NetworkIdentityModel.kt
+++ b/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NetworkIdentityModel.kt
@@ -7,7 +7,6 @@ import javafx.collections.FXCollections
 import javafx.collections.ObservableList
 import net.corda.client.jfx.utils.*
 import net.corda.core.identity.AnonymousParty
-import net.corda.core.internal.buildNamed
 import net.corda.core.node.NodeInfo
 import net.corda.core.node.services.NetworkMapCache.MapChange
 import java.security.PublicKey
@@ -32,7 +31,7 @@ class NetworkIdentityModel {
     private val rpcProxy by observableValue(NodeMonitorModel::proxyObservable)
 
     private val identityCache = Caffeine.newBuilder()
-            .buildNamed<PublicKey, ObservableValue<NodeInfo?>>("NetworkIdentityModel_identity", CacheLoader { publicKey: PublicKey ->
+            .build<PublicKey, ObservableValue<NodeInfo?>>(CacheLoader { publicKey: PublicKey ->
                 publicKey.let { rpcProxy.map { it?.cordaRPCOps?.nodeInfoFromParty(AnonymousParty(publicKey)) } }
             })
     val notaries = ChosenList(rpcProxy.map { FXCollections.observableList(it?.cordaRPCOps?.notaryIdentities() ?: emptyList()) }, "notaries")
diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ClientCacheFactory.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ClientCacheFactory.kt
new file mode 100644
index 0000000000..bad74ecd2b
--- /dev/null
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ClientCacheFactory.kt
@@ -0,0 +1,19 @@
+package net.corda.client.rpc.internal
+
+import com.github.benmanes.caffeine.cache.Cache
+import com.github.benmanes.caffeine.cache.CacheLoader
+import com.github.benmanes.caffeine.cache.Caffeine
+import com.github.benmanes.caffeine.cache.LoadingCache
+import net.corda.core.internal.NamedCacheFactory
+
+class ClientCacheFactory : NamedCacheFactory {
+    override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V> {
+        checkCacheName(name)
+        return caffeine.build<K, V>()
+    }
+
+    override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String, loader: CacheLoader<K, V>): LoadingCache<K, V> {
+        checkCacheName(name)
+        return caffeine.build<K, V>(loader)
+    }
+}
\ No newline at end of file
diff --git a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/RPCClientProxyHandler.kt b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/RPCClientProxyHandler.kt
index be74d7b316..6ceff2b9d0 100644
--- a/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/RPCClientProxyHandler.kt
+++ b/client/rpc/src/main/kotlin/net/corda/client/rpc/internal/RPCClientProxyHandler.kt
@@ -83,7 +83,8 @@ class RPCClientProxyHandler(
         private val sessionId: Trace.SessionId,
         private val externalTrace: Trace?,
         private val impersonatedActor: Actor?,
-        private val targetLegalIdentity: CordaX500Name?
+        private val targetLegalIdentity: CordaX500Name?,
+        private val cacheFactory: NamedCacheFactory = ClientCacheFactory()
 ) : InvocationHandler {
 
     private enum class State {
@@ -169,8 +170,7 @@ class RPCClientProxyHandler(
             }
             observablesToReap.locked { observables.add(observableId) }
         }
-        return Caffeine.newBuilder().
-                weakValues().removalListener(onObservableRemove).executor(SameThreadExecutor.getExecutor()).buildNamed("RpcClientProxyHandler_rpcObservable")
+        return cacheFactory.buildNamed(Caffeine.newBuilder().weakValues().removalListener(onObservableRemove).executor(SameThreadExecutor.getExecutor()), "RpcClientProxyHandler_rpcObservable")
     }
 
     private var sessionFactory: ClientSessionFactory? = null
@@ -179,7 +179,7 @@ class RPCClientProxyHandler(
     private var rpcProducer: ClientProducer? = null
     private var rpcConsumer: ClientConsumer? = null
 
-    private val deduplicationChecker = DeduplicationChecker(rpcConfiguration.deduplicationCacheExpiry)
+    private val deduplicationChecker = DeduplicationChecker(rpcConfiguration.deduplicationCacheExpiry, cacheFactory = cacheFactory)
     private val deduplicationSequenceNumber = AtomicLong(0)
 
     private val sendingEnabled = AtomicBoolean(true)
diff --git a/core/src/main/kotlin/net/corda/core/internal/NamedCache.kt b/core/src/main/kotlin/net/corda/core/internal/NamedCache.kt
index 2a96de4835..632b0c3060 100644
--- a/core/src/main/kotlin/net/corda/core/internal/NamedCache.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/NamedCache.kt
@@ -6,30 +6,21 @@ import com.github.benmanes.caffeine.cache.Caffeine
 import com.github.benmanes.caffeine.cache.LoadingCache
 
 /**
- * Restrict the allowed characters of a cache name - this ensures that each cache has a name, and that
- * the name can be used to create a file name or a metric name.
+ * Allow extra functionality to be injected to our caches.
  */
-internal fun checkCacheName(name: String) {
-    require(!name.isBlank())
-    require(allowedChars.matches(name))
+interface NamedCacheFactory {
+    /**
+     * Restrict the allowed characters of a cache name - this ensures that each cache has a name, and that
+     * the name can be used to create a file name or a metric name.
+     */
+    fun checkCacheName(name: String) {
+        require(!name.isBlank())
+        require(allowedChars.matches(name))
+    }
+
+    fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V>
+
+    fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String, loader: CacheLoader<K, V>): LoadingCache<K, V>
 }
 
 private val allowedChars = Regex("^[0-9A-Za-z_.]*\$")
-
-/* buildNamed is the central helper method to build caffeine caches in Corda.
- * This allows to easily add tweaks to all caches built in Corda, and also forces
- * cache users to give their cache a (meaningful) name that can be used e.g. for
- * capturing cache traces etc.
- *
- * Currently it is not used in this version of CORDA, but there are plans to do so.
- */
-
-fun <K, V> Caffeine<in K, in V>.buildNamed(name: String): Cache<K, V> {
-    checkCacheName(name)
-    return this.build<K, V>()
-}
-
-fun <K, V> Caffeine<in K, in V>.buildNamed(name: String, loader: CacheLoader<K, V>): LoadingCache<K, V> {
-    checkCacheName(name)
-    return this.build<K, V>(loader)
-}
diff --git a/core/src/test/kotlin/net/corda/core/internal/NamedCacheTest.kt b/core/src/test/kotlin/net/corda/core/internal/NamedCacheTest.kt
index 3358696bce..4d9f9297ab 100644
--- a/core/src/test/kotlin/net/corda/core/internal/NamedCacheTest.kt
+++ b/core/src/test/kotlin/net/corda/core/internal/NamedCacheTest.kt
@@ -1,9 +1,21 @@
 package net.corda.core.internal
 
+import com.github.benmanes.caffeine.cache.Cache
+import com.github.benmanes.caffeine.cache.CacheLoader
+import com.github.benmanes.caffeine.cache.Caffeine
+import com.github.benmanes.caffeine.cache.LoadingCache
 import org.junit.Test
 import kotlin.test.assertEquals
 
-class NamedCacheTest {
+class NamedCacheTest : NamedCacheFactory {
+    override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V> {
+        throw IllegalStateException("Should not be called")
+    }
+
+    override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String, loader: CacheLoader<K, V>): LoadingCache<K, V> {
+        throw IllegalStateException("Should not be called")
+    }
+
     fun checkNameHelper(name: String, throws: Boolean) {
         var exceptionThrown = false
         try {
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
index c7670d0c18..8146178559 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
@@ -18,6 +18,7 @@ import net.corda.core.contracts.TimeWindow
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.NotarisationRequestSignature
 import net.corda.core.identity.Party
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.notary.NotaryInternalException
 import net.corda.core.internal.notary.UniquenessProvider
 import net.corda.core.schemas.PersistentStateRef
@@ -27,7 +28,6 @@ import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.services.config.RaftConfig
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
diff --git a/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt b/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
index 8b0f31f12d..f8848a4746 100644
--- a/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
+++ b/experimental/notary-raft/src/test/kotlin/net/corda/notary/raft/RaftTransactionCommitLogTests.kt
@@ -14,7 +14,6 @@ import net.corda.core.internal.concurrent.asCordaFuture
 import net.corda.core.internal.concurrent.transpose
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.getOrThrow
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
@@ -23,6 +22,7 @@ import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.driver.PortAllocation
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.hamcrest.Matchers.instanceOf
 import org.junit.After
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/DeduplicationChecker.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/DeduplicationChecker.kt
index 71d99e0fec..8b913c6ea2 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/DeduplicationChecker.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/DeduplicationChecker.kt
@@ -2,7 +2,7 @@ package net.corda.nodeapi.internal
 
 import com.github.benmanes.caffeine.cache.CacheLoader
 import com.github.benmanes.caffeine.cache.Caffeine
-import net.corda.core.internal.buildNamed
+import net.corda.core.internal.NamedCacheFactory
 import java.time.Duration
 import java.util.concurrent.TimeUnit
 import java.util.concurrent.atomic.AtomicLong
@@ -10,11 +10,10 @@ import java.util.concurrent.atomic.AtomicLong
 /**
  * A class allowing the deduplication of a strictly incrementing sequence number.
  */
-class DeduplicationChecker(cacheExpiry: Duration, name: String = "DeduplicationChecker") {
+class DeduplicationChecker(cacheExpiry: Duration, name: String = "DeduplicationChecker", cacheFactory: NamedCacheFactory) {
     // dedupe identity -> watermark cache
-    private val watermarkCache = Caffeine.newBuilder()
-            .expireAfterAccess(cacheExpiry.toNanos(), TimeUnit.NANOSECONDS)
-            .buildNamed("${name}_watermark", WatermarkCacheLoader)
+    private val watermarkCache = cacheFactory.buildNamed(Caffeine.newBuilder()
+            .expireAfterAccess(cacheExpiry.toNanos(), TimeUnit.NANOSECONDS), "${name}_watermark", WatermarkCacheLoader)
 
     private object WatermarkCacheLoader : CacheLoader<Any, AtomicLong> {
         override fun load(key: Any) = AtomicLong(-1)
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
index e1558971eb..d3320d46ee 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/CordaPersistence.kt
@@ -1,6 +1,7 @@
 package net.corda.nodeapi.internal.persistence
 
 import co.paralleluniverse.strands.Strand
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.utilities.contextLogger
 import rx.Observable
@@ -52,6 +53,7 @@ class CordaPersistence(
         databaseConfig: DatabaseConfig,
         schemas: Set<MappedSchema>,
         val jdbcUrl: String,
+        cacheFactory: NamedCacheFactory,
         attributeConverters: Collection<AttributeConverter<*, *>> = emptySet()
 ) : Closeable {
     companion object {
@@ -61,7 +63,7 @@ class CordaPersistence(
     private val defaultIsolationLevel = databaseConfig.transactionIsolationLevel
     val hibernateConfig: HibernateConfiguration by lazy {
         transaction {
-            HibernateConfiguration(schemas, databaseConfig, attributeConverters, jdbcUrl)
+            HibernateConfiguration(schemas, databaseConfig, attributeConverters, jdbcUrl, cacheFactory)
         }
     }
 
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateConfiguration.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateConfiguration.kt
index 5afeb3fe8d..ae371ca88e 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateConfiguration.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateConfiguration.kt
@@ -1,7 +1,7 @@
 package net.corda.nodeapi.internal.persistence
 
 import com.github.benmanes.caffeine.cache.Caffeine
-import net.corda.core.internal.buildNamed
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.castIfPossible
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.utilities.contextLogger
@@ -31,6 +31,7 @@ class HibernateConfiguration(
         private val databaseConfig: DatabaseConfig,
         private val attributeConverters: Collection<AttributeConverter<*, *>>,
         private val jdbcUrl: String,
+        cacheFactory: NamedCacheFactory,
         val cordappClassLoader: ClassLoader? = null
 ) {
     companion object {
@@ -58,7 +59,7 @@ class HibernateConfiguration(
         }
     }
 
-    private val sessionFactories = Caffeine.newBuilder().maximumSize(databaseConfig.mappedSchemaCacheSize).buildNamed<Set<MappedSchema>, SessionFactory>("HibernateConfiguration_sessionFactories")
+    private val sessionFactories = cacheFactory.buildNamed<Set<MappedSchema>, SessionFactory>(Caffeine.newBuilder(), "HibernateConfiguration_sessionFactories")
 
     val sessionFactoryForRegisteredSchemas = schemas.let {
         logger.info("Init HibernateConfiguration for schemas: $it")
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt b/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt
index 4a427940cf..04b5e2e973 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/messaging/ArtemisMessagingTest.kt
@@ -7,7 +7,6 @@ import net.corda.core.crypto.generateKeyPair
 import net.corda.core.internal.div
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.seconds
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.config.FlowTimeoutConfiguration
 import net.corda.node.services.config.NodeConfiguration
 import net.corda.node.services.config.configureWithDevSSLCertificate
@@ -21,11 +20,12 @@ import net.corda.testing.core.MAX_MESSAGE_SIZE
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.driver.PortAllocation
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.TestingNamedCacheFactory
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.stubs.CertificateStoreStubs
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.internal.MOCK_VERSION_INFO
-import net.corda.testing.internal.TestingNamedCacheFactory
 import org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatThrownBy
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt b/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt
index 8f35b7a543..175b7530dd 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/network/PersistentNetworkMapCacheTest.kt
@@ -2,14 +2,14 @@ package net.corda.node.services.network
 
 import net.corda.core.node.NodeInfo
 import net.corda.core.utilities.NetworkHostAndPort
-import net.corda.node.internal.configureDatabase
 import net.corda.node.internal.schemas.NodeInfoSchemaV1
 import net.corda.node.services.identity.InMemoryIdentityService
 import net.corda.nodeapi.internal.DEV_ROOT_CA
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
-import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.internal.TestingNamedCacheFactory
+import net.corda.testing.internal.configureDatabase
+import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatIllegalArgumentException
 import org.junit.After
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/rpc/ArtemisRpcTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/rpc/ArtemisRpcTests.kt
index c1e3cc935b..75a2838286 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/rpc/ArtemisRpcTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/rpc/ArtemisRpcTests.kt
@@ -23,6 +23,8 @@ import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.config.User
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.driver.PortAllocation
+import net.corda.testing.internal.TestingNamedCacheFactory
+import net.corda.testing.internal.fromUserList
 import net.corda.testing.internal.p2pSslOptions
 import org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException
 import org.apache.activemq.artemis.api.core.management.ActiveMQServerControl
@@ -128,7 +130,7 @@ class ArtemisRpcTests {
 
     private fun <OPS : RPCOps> InternalRPCMessagingClient.start(ops: OPS, securityManager: RPCSecurityManager, brokerControl: ActiveMQServerControl) {
         apply {
-            init(ops, securityManager)
+            init(ops, securityManager, TestingNamedCacheFactory())
             start(brokerControl)
         }
     }
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 141c92778b..950e2df204 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -17,6 +17,7 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.internal.FlowStateMachine
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.VisibleForTesting
 import net.corda.core.internal.concurrent.map
 import net.corda.core.internal.concurrent.openFuture
@@ -115,7 +116,7 @@ import net.corda.core.crypto.generateKeyPair as cryptoGenerateKeyPair
 // TODO Log warning if this node is a notary but not one of the ones specified in the network parameters, both for core and custom
 abstract class AbstractNode<S>(val configuration: NodeConfiguration,
                                val platformClock: CordaClock,
-                               cacheFactoryPrototype: NamedCacheFactory,
+                               cacheFactoryPrototype: BindableNamedCacheFactory,
                                protected val versionInfo: VersionInfo,
                                protected val serverThread: AffinityExecutor.ServiceAffinityExecutor,
                                private val busyNodeLatch: ReusableLatch = ReusableLatch()) : SingletonSerializeAsToken() {
@@ -150,8 +151,8 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             identityService::wellKnownPartyFromX500Name,
             identityService::wellKnownPartyFromAnonymous,
             schemaService,
-            configuration.dataSourceProperties
-    )
+            configuration.dataSourceProperties,
+            cacheFactory)
     init {
         // TODO Break cyclic dependency
         identityService.database = database
@@ -169,7 +170,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     val servicesForResolution = ServicesForResolutionImpl(identityService, attachments, cordappProvider, transactionStorage)
     @Suppress("LeakingThis")
     val vaultService = makeVaultService(keyManagementService, servicesForResolution, database).tokenize()
-    val nodeProperties = NodePropertiesPersistentStore(StubbedNodeUniqueIdProvider::value, database)
+    val nodeProperties = NodePropertiesPersistentStore(StubbedNodeUniqueIdProvider::value, database, cacheFactory)
     val flowLogicRefFactory = FlowLogicRefFactoryImpl(cordappLoader.appClassLoader)
     val networkMapUpdater = NetworkMapUpdater(
             networkMapCache,
@@ -185,7 +186,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     ).closeOnStop()
     @Suppress("LeakingThis")
     val transactionVerifierService = InMemoryTransactionVerifierService(transactionVerifierWorkerCount).tokenize()
-    val contractUpgradeService = ContractUpgradeServiceImpl().tokenize()
+    val contractUpgradeService = ContractUpgradeServiceImpl(cacheFactory).tokenize()
     val auditService = DummyAuditService().tokenize()
     @Suppress("LeakingThis")
     protected val network: MessagingService = makeMessagingService().tokenize()
@@ -999,23 +1000,12 @@ class FlowStarterImpl(private val smm: StateMachineManager, private val flowLogi
 
 class ConfigurationException(message: String) : CordaException(message)
 
-// TODO This is no longer used by AbstractNode and can be moved elsewhere
-fun configureDatabase(hikariProperties: Properties,
-                      databaseConfig: DatabaseConfig,
-                      wellKnownPartyFromX500Name: (CordaX500Name) -> Party?,
-                      wellKnownPartyFromAnonymous: (AbstractParty) -> Party?,
-                      schemaService: SchemaService = NodeSchemaService(),
-                      internalSchemas: Set<MappedSchema> = NodeSchemaService().internalSchemas()): CordaPersistence {
-    val persistence = createCordaPersistence(databaseConfig, wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous, schemaService, hikariProperties)
-    persistence.startHikariPool(hikariProperties, databaseConfig, internalSchemas)
-    return persistence
-}
-
 fun createCordaPersistence(databaseConfig: DatabaseConfig,
                            wellKnownPartyFromX500Name: (CordaX500Name) -> Party?,
                            wellKnownPartyFromAnonymous: (AbstractParty) -> Party?,
                            schemaService: SchemaService,
-                           hikariProperties: Properties): CordaPersistence {
+                           hikariProperties: Properties,
+                           cacheFactory: NamedCacheFactory): CordaPersistence {
     // Register the AbstractPartyDescriptor so Hibernate doesn't warn when encountering AbstractParty. Unfortunately
     // Hibernate warns about not being able to find a descriptor if we don't provide one, but won't use it by default
     // so we end up providing both descriptor and converter. We should re-examine this in later versions to see if
@@ -1023,7 +1013,7 @@ fun createCordaPersistence(databaseConfig: DatabaseConfig,
     JavaTypeDescriptorRegistry.INSTANCE.addDescriptor(AbstractPartyDescriptor(wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous))
     val attributeConverters = listOf(AbstractPartyToX500NameAsStringConverter(wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous))
     val jdbcUrl = hikariProperties.getProperty("dataSource.url", "")
-    return CordaPersistence(databaseConfig, schemaService.schemaOptions.keys, jdbcUrl, attributeConverters)
+    return CordaPersistence(databaseConfig, schemaService.schemaOptions.keys, jdbcUrl, cacheFactory, attributeConverters)
 }
 
 fun CordaPersistence.startHikariPool(hikariProperties: Properties, databaseConfig: DatabaseConfig, schemas: Set<MappedSchema>, metricRegistry: MetricRegistry? = null) {
diff --git a/node/src/main/kotlin/net/corda/node/internal/Node.kt b/node/src/main/kotlin/net/corda/node/internal/Node.kt
index 0af843dd5b..c6cad69913 100644
--- a/node/src/main/kotlin/net/corda/node/internal/Node.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/Node.kt
@@ -85,7 +85,7 @@ class NodeWithInfo(val node: Node, val info: NodeInfo) {
 open class Node(configuration: NodeConfiguration,
                 versionInfo: VersionInfo,
                 private val initialiseSerialization: Boolean = true,
-                cacheFactoryPrototype: NamedCacheFactory = DefaultNamedCacheFactory()
+                cacheFactoryPrototype: BindableNamedCacheFactory = DefaultNamedCacheFactory()
 ) : AbstractNode<NodeInfo>(
         configuration,
         createClock(configuration),
@@ -223,7 +223,7 @@ open class Node(configuration: NodeConfiguration,
         val securityManagerConfig = configuration.security?.authService
                 ?: SecurityConfiguration.AuthService.fromUsers(configuration.rpcUsers)
 
-        val securityManager = with(RPCSecurityManagerImpl(securityManagerConfig)) {
+        val securityManager = with(RPCSecurityManagerImpl(securityManagerConfig, cacheFactory)) {
             if (configuration.shouldStartLocalShell()) RPCSecurityManagerWithAdditionalUser(this, User(INTERNAL_SHELL_USER, INTERNAL_SHELL_USER, setOf(Permissions.all()))) else this
         }
 
@@ -267,7 +267,7 @@ open class Node(configuration: NodeConfiguration,
         // Start up the MQ clients.
         internalRpcMessagingClient?.run {
             closeOnStop()
-            init(rpcOps, securityManager)
+            init(rpcOps, securityManager, cacheFactory)
         }
         network.closeOnStop()
         network.start(
diff --git a/node/src/main/kotlin/net/corda/node/internal/security/RPCSecurityManagerImpl.kt b/node/src/main/kotlin/net/corda/node/internal/security/RPCSecurityManagerImpl.kt
index bd7fcb9f72..5186e234b7 100644
--- a/node/src/main/kotlin/net/corda/node/internal/security/RPCSecurityManagerImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/security/RPCSecurityManagerImpl.kt
@@ -4,14 +4,13 @@ package net.corda.node.internal.security
 import com.github.benmanes.caffeine.cache.Cache
 import com.github.benmanes.caffeine.cache.Caffeine
 import com.google.common.primitives.Ints
-import net.corda.core.context.AuthServiceId
-import net.corda.core.internal.buildNamed
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.utilities.loggerFor
 import net.corda.node.internal.DataSourceFactory
+import net.corda.node.services.config.AuthDataSourceType
 import net.corda.node.services.config.PasswordEncryption
 import net.corda.node.services.config.SecurityConfiguration
-import net.corda.node.services.config.AuthDataSourceType
 import net.corda.nodeapi.internal.config.User
 import org.apache.shiro.authc.*
 import org.apache.shiro.authc.credential.PasswordMatcher
@@ -28,22 +27,22 @@ import org.apache.shiro.realm.jdbc.JdbcRealm
 import org.apache.shiro.subject.PrincipalCollection
 import org.apache.shiro.subject.SimplePrincipalCollection
 import java.io.Closeable
-import javax.security.auth.login.FailedLoginException
 import java.util.concurrent.ConcurrentHashMap
-import java.util.concurrent.TimeUnit
+import javax.security.auth.login.FailedLoginException
+
 private typealias AuthServiceConfig = SecurityConfiguration.AuthService
 
 /**
  * Default implementation of [RPCSecurityManager] adapting
  * [org.apache.shiro.mgt.SecurityManager]
  */
-class RPCSecurityManagerImpl(config: AuthServiceConfig) : RPCSecurityManager {
+class RPCSecurityManagerImpl(config: AuthServiceConfig, cacheFactory: NamedCacheFactory) : RPCSecurityManager {
 
     override val id = config.id
     private val manager: DefaultSecurityManager
 
     init {
-        manager = buildImpl(config)
+        manager = buildImpl(config, cacheFactory)
     }
 
     @Throws(FailedLoginException::class)
@@ -75,14 +74,8 @@ class RPCSecurityManagerImpl(config: AuthServiceConfig) : RPCSecurityManager {
 
         private val logger = loggerFor<RPCSecurityManagerImpl>()
 
-        /**
-         * Instantiate RPCSecurityManager initialised with users data from a list of [User]
-         */
-        fun fromUserList(id: AuthServiceId, users: List<User>) =
-                RPCSecurityManagerImpl(AuthServiceConfig.fromUsers(users).copy(id = id))
-
         // Build internal Shiro securityManager instance
-        private fun buildImpl(config: AuthServiceConfig): DefaultSecurityManager {
+        private fun buildImpl(config: AuthServiceConfig, cacheFactory: NamedCacheFactory): DefaultSecurityManager {
             val realm = when (config.dataSource.type) {
                 AuthDataSourceType.DB -> {
                     logger.info("Constructing DB-backed security data source: ${config.dataSource.connection}")
@@ -98,7 +91,8 @@ class RPCSecurityManagerImpl(config: AuthServiceConfig) : RPCSecurityManager {
                 it.cacheManager = config.options?.cache?.let {
                     CaffeineCacheManager(
                             timeToLiveSeconds = it.expireAfterSecs,
-                            maxSize = it.maxEntries)
+                            maxSize = it.maxEntries,
+                            cacheFactory = cacheFactory)
                 }
             }
         }
@@ -294,7 +288,8 @@ private fun <K : Any, V> Cache<K, V>.toShiroCache() = object : ShiroCache<K, V>
  * cache implementation in [com.github.benmanes.caffeine.cache.Cache]
  */
 private class CaffeineCacheManager(val maxSize: Long,
-                                   val timeToLiveSeconds: Long) : CacheManager {
+                                   val timeToLiveSeconds: Long,
+                                   val cacheFactory: NamedCacheFactory) : CacheManager {
 
     private val instances = ConcurrentHashMap<String, ShiroCache<*, *>>()
 
@@ -306,11 +301,7 @@ private class CaffeineCacheManager(val maxSize: Long,
 
     private fun <K : Any, V> buildCache(name: String): ShiroCache<K, V> {
         logger.info("Constructing cache '$name' with maximumSize=$maxSize, TTL=${timeToLiveSeconds}s")
-        return Caffeine.newBuilder()
-                .expireAfterWrite(timeToLiveSeconds, TimeUnit.SECONDS)
-                .maximumSize(maxSize)
-                .buildNamed<K, V>("RPCSecurityManagerShiroCache_$name")
-                .toShiroCache()
+        return cacheFactory.buildNamed<K, V>(Caffeine.newBuilder(), "RPCSecurityManagerShiroCache_$name").toShiroCache()
     }
 
     companion object {
diff --git a/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt b/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt
index 8d5583544f..7ccd6db8b9 100644
--- a/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt
+++ b/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt
@@ -6,6 +6,7 @@ import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.StateMachineRunId
 import net.corda.core.internal.FlowStateMachine
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.concurrent.OpenFuture
 import net.corda.core.messaging.DataFeed
 import net.corda.core.messaging.StateMachineTransactionMapping
@@ -25,7 +26,6 @@ import net.corda.node.services.network.NetworkMapUpdater
 import net.corda.node.services.persistence.AttachmentStorageInternal
 import net.corda.node.services.statemachine.ExternalEvent
 import net.corda.node.services.statemachine.FlowStateMachineImpl
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import java.security.PublicKey
 
diff --git a/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt b/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
index 46f29b1ffd..43de48c6b7 100644
--- a/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
@@ -2,6 +2,7 @@ package net.corda.node.services.identity
 
 import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.*
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.hash
 import net.corda.core.node.services.UnknownAnonymousPartyException
 import net.corda.core.serialization.SingletonSerializeAsToken
@@ -10,7 +11,6 @@ import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.services.api.IdentityServiceInternal
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.crypto.X509CertificateFactory
 import net.corda.nodeapi.internal.crypto.x509Certificates
 import net.corda.nodeapi.internal.persistence.CordaPersistence
diff --git a/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt b/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt
index 835a751c73..574ca82aca 100644
--- a/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/keys/PersistentKeyManagementService.kt
@@ -2,11 +2,11 @@ package net.corda.node.services.keys
 
 import net.corda.core.crypto.*
 import net.corda.core.identity.PartyAndCertificate
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.utilities.MAX_HASH_HEX_SIZE
 import net.corda.node.services.identity.PersistentIdentityService
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import org.apache.commons.lang.ArrayUtils.EMPTY_BYTE_ARRAY
diff --git a/node/src/main/kotlin/net/corda/node/services/messaging/InternalRPCMessagingClient.kt b/node/src/main/kotlin/net/corda/node/services/messaging/InternalRPCMessagingClient.kt
index a484261ba5..1390e14236 100644
--- a/node/src/main/kotlin/net/corda/node/services/messaging/InternalRPCMessagingClient.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/InternalRPCMessagingClient.kt
@@ -1,6 +1,7 @@
 package net.corda.node.services.messaging
 
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.messaging.RPCOps
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.serialization.internal.nodeSerializationEnv
@@ -20,7 +21,7 @@ class InternalRPCMessagingClient(val sslConfig: MutualSslConfiguration, val serv
     private var locator: ServerLocator? = null
     private var rpcServer: RPCServer? = null
 
-    fun init(rpcOps: RPCOps, securityManager: RPCSecurityManager) = synchronized(this) {
+    fun init(rpcOps: RPCOps, securityManager: RPCSecurityManager, cacheFactory: NamedCacheFactory) = synchronized(this) {
 
         val tcpTransport = ArtemisTcpTransport.rpcInternalClientTcpTransport(serverAddress, sslConfig)
         locator = ActiveMQClient.createServerLocatorWithoutHA(tcpTransport).apply {
@@ -32,7 +33,7 @@ class InternalRPCMessagingClient(val sslConfig: MutualSslConfiguration, val serv
             isUseGlobalPools = nodeSerializationEnv != null
         }
 
-        rpcServer = RPCServer(rpcOps, NODE_RPC_USER, NODE_RPC_USER, locator!!, securityManager, nodeName, rpcServerConfiguration)
+        rpcServer = RPCServer(rpcOps, NODE_RPC_USER, NODE_RPC_USER, locator!!, securityManager, nodeName, rpcServerConfiguration, cacheFactory)
     }
 
     fun start(serverControl: ActiveMQServerControl) = synchronized(this) {
diff --git a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessageDeduplicator.kt b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessageDeduplicator.kt
index b8c29d8955..a5c2975e2a 100644
--- a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessageDeduplicator.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessageDeduplicator.kt
@@ -2,9 +2,9 @@ package net.corda.node.services.messaging
 
 import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.node.services.statemachine.DeduplicationId
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import java.time.Instant
diff --git a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
index 13b96c61b0..b2f54fc909 100644
--- a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
@@ -4,6 +4,7 @@ import co.paralleluniverse.fibers.Suspendable
 import com.codahale.metrics.MetricRegistry
 import net.corda.core.crypto.toStringShort
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.ThreadBox
 import net.corda.core.messaging.CordaRPCOps
 import net.corda.core.messaging.MessageRecipients
@@ -27,7 +28,6 @@ import net.corda.node.services.statemachine.DeduplicationId
 import net.corda.node.services.statemachine.ExternalEvent
 import net.corda.node.services.statemachine.SenderDeduplicationId
 import net.corda.node.utilities.AffinityExecutor
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.ArtemisMessagingComponent
 import net.corda.nodeapi.internal.ArtemisMessagingComponent.*
 import net.corda.nodeapi.internal.ArtemisMessagingComponent.Companion.BRIDGE_CONTROL
diff --git a/node/src/main/kotlin/net/corda/node/services/messaging/RPCServer.kt b/node/src/main/kotlin/net/corda/node/services/messaging/RPCServer.kt
index 7c9ca38e93..d8e144e17b 100644
--- a/node/src/main/kotlin/net/corda/node/services/messaging/RPCServer.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/RPCServer.kt
@@ -13,7 +13,7 @@ import net.corda.core.context.Trace
 import net.corda.core.context.Trace.InvocationId
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.LifeCycle
-import net.corda.core.internal.buildNamed
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.messaging.RPCOps
 import net.corda.core.serialization.SerializationContext
 import net.corda.core.serialization.SerializationDefaults
@@ -33,13 +33,8 @@ import net.corda.nodeapi.internal.persistence.contextDatabase
 import net.corda.nodeapi.internal.persistence.contextDatabaseOrNull
 import org.apache.activemq.artemis.api.core.Message
 import org.apache.activemq.artemis.api.core.SimpleString
+import org.apache.activemq.artemis.api.core.client.*
 import org.apache.activemq.artemis.api.core.client.ActiveMQClient.DEFAULT_ACK_BATCH_SIZE
-import org.apache.activemq.artemis.api.core.client.ClientConsumer
-import org.apache.activemq.artemis.api.core.client.ClientMessage
-import org.apache.activemq.artemis.api.core.client.ClientProducer
-import org.apache.activemq.artemis.api.core.client.ClientSession
-import org.apache.activemq.artemis.api.core.client.ClientSessionFactory
-import org.apache.activemq.artemis.api.core.client.ServerLocator
 import org.apache.activemq.artemis.api.core.management.ActiveMQServerControl
 import org.apache.activemq.artemis.api.core.management.CoreNotificationType
 import org.apache.activemq.artemis.api.core.management.ManagementHelper
@@ -49,12 +44,7 @@ import java.lang.reflect.InvocationTargetException
 import java.lang.reflect.Method
 import java.time.Duration
 import java.util.*
-import java.util.concurrent.ConcurrentHashMap
-import java.util.concurrent.Executors
-import java.util.concurrent.LinkedBlockingQueue
-import java.util.concurrent.ScheduledExecutorService
-import java.util.concurrent.ScheduledFuture
-import java.util.concurrent.TimeUnit
+import java.util.concurrent.*
 import kotlin.concurrent.thread
 
 private typealias ObservableSubscriptionMap = Cache<InvocationId, ObservableSubscription>
@@ -91,7 +81,8 @@ class RPCServer(
         private val serverLocator: ServerLocator,
         private val securityManager: RPCSecurityManager,
         private val nodeLegalName: CordaX500Name,
-        private val rpcConfiguration: RPCServerConfiguration
+        private val rpcConfiguration: RPCServerConfiguration,
+        private val cacheFactory: NamedCacheFactory
 ) {
     private companion object {
         private val log = contextLogger()
@@ -136,7 +127,7 @@ class RPCServer(
     private val responseMessageBuffer = ConcurrentHashMap<SimpleString, BufferOrNone>()
     private val sendJobQueue = LinkedBlockingQueue<RpcSendJob>()
 
-    private val deduplicationChecker = DeduplicationChecker(rpcConfiguration.deduplicationCacheExpiry)
+    private val deduplicationChecker = DeduplicationChecker(rpcConfiguration.deduplicationCacheExpiry, cacheFactory = cacheFactory)
     private var deduplicationIdentity: String? = null
 
     init {
@@ -154,7 +145,7 @@ class RPCServer(
             log.debug { "Unsubscribing from Observable with id $key because of $cause" }
             value!!.subscription.unsubscribe()
         }
-        return Caffeine.newBuilder().removalListener(onObservableRemove).executor(SameThreadExecutor.getExecutor()).buildNamed("RPCServer_observableSubscription")
+        return cacheFactory.buildNamed(Caffeine.newBuilder().removalListener(onObservableRemove).executor(SameThreadExecutor.getExecutor()), "RPCServer_observableSubscription")
     }
 
     fun start(activeMqServerControl: ActiveMQServerControl) {
diff --git a/node/src/main/kotlin/net/corda/node/services/network/PersistentNetworkMapCache.kt b/node/src/main/kotlin/net/corda/node/services/network/PersistentNetworkMapCache.kt
index f873120c32..4eea7af890 100644
--- a/node/src/main/kotlin/net/corda/node/services/network/PersistentNetworkMapCache.kt
+++ b/node/src/main/kotlin/net/corda/node/services/network/PersistentNetworkMapCache.kt
@@ -6,6 +6,7 @@ import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.bufferUntilSubscribed
 import net.corda.core.internal.concurrent.OpenFuture
 import net.corda.core.internal.concurrent.openFuture
@@ -23,7 +24,6 @@ import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.internal.schemas.NodeInfoSchemaV1
 import net.corda.node.services.api.NetworkMapCacheInternal
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.node.utilities.NonInvalidatingCache
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.bufferUntilDatabaseCommit
diff --git a/node/src/main/kotlin/net/corda/node/services/persistence/DBTransactionStorage.kt b/node/src/main/kotlin/net/corda/node/services/persistence/DBTransactionStorage.kt
index 034e91a2cf..2330d42571 100644
--- a/node/src/main/kotlin/net/corda/node/services/persistence/DBTransactionStorage.kt
+++ b/node/src/main/kotlin/net/corda/node/services/persistence/DBTransactionStorage.kt
@@ -3,6 +3,7 @@ package net.corda.node.services.persistence
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.TransactionSignature
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.ThreadBox
 import net.corda.core.internal.VisibleForTesting
 import net.corda.core.internal.bufferUntilSubscribed
@@ -15,7 +16,6 @@ import net.corda.core.transactions.SignedTransaction
 import net.corda.node.services.api.WritableTransactionStorage
 import net.corda.node.services.statemachine.FlowStateMachineImpl
 import net.corda.node.utilities.AppendOnlyPersistentMapBase
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.node.utilities.WeightBasedAppendOnlyPersistentMap
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
diff --git a/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt b/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
index ca96ef1ad5..31f937f62b 100644
--- a/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
@@ -19,7 +19,6 @@ import net.corda.core.node.services.vault.AttachmentSort
 import net.corda.core.serialization.*
 import net.corda.core.utilities.contextLogger
 import net.corda.node.services.vault.HibernateAttachmentQueryCriteriaParser
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.node.utilities.NonInvalidatingCache
 import net.corda.node.utilities.NonInvalidatingWeightBasedCache
 import net.corda.nodeapi.exceptions.DuplicateAttachmentException
diff --git a/node/src/main/kotlin/net/corda/node/services/persistence/NodePropertiesPersistentStore.kt b/node/src/main/kotlin/net/corda/node/services/persistence/NodePropertiesPersistentStore.kt
index 2c48dfd6f9..386415f7c9 100644
--- a/node/src/main/kotlin/net/corda/node/services/persistence/NodePropertiesPersistentStore.kt
+++ b/node/src/main/kotlin/net/corda/node/services/persistence/NodePropertiesPersistentStore.kt
@@ -1,5 +1,6 @@
 package net.corda.node.services.persistence
 
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.services.api.NodePropertiesStore
@@ -17,12 +18,12 @@ import javax.persistence.Table
 /**
  * Simple node properties key value store in DB.
  */
-class NodePropertiesPersistentStore(readPhysicalNodeId: () -> String, database: CordaPersistence) : NodePropertiesStore {
+class NodePropertiesPersistentStore(readPhysicalNodeId: () -> String, database: CordaPersistence, cacheFactory: NamedCacheFactory) : NodePropertiesStore {
     private companion object {
         val logger = contextLogger()
     }
 
-    override val flowsDrainingMode = FlowsDrainingModeOperationsImpl(readPhysicalNodeId, database, logger)
+    override val flowsDrainingMode = FlowsDrainingModeOperationsImpl(readPhysicalNodeId, database, logger, cacheFactory)
 
     fun start() {
         flowsDrainingMode.map.preload()
@@ -40,7 +41,7 @@ class NodePropertiesPersistentStore(readPhysicalNodeId: () -> String, database:
     )
 }
 
-class FlowsDrainingModeOperationsImpl(readPhysicalNodeId: () -> String, private val persistence: CordaPersistence, logger: Logger) : FlowsDrainingModeOperations {
+class FlowsDrainingModeOperationsImpl(readPhysicalNodeId: () -> String, private val persistence: CordaPersistence, logger: Logger, cacheFactory: NamedCacheFactory) : FlowsDrainingModeOperations {
     private val nodeSpecificFlowsExecutionModeKey = "${readPhysicalNodeId()}_flowsExecutionMode"
 
     init {
@@ -52,7 +53,8 @@ class FlowsDrainingModeOperationsImpl(readPhysicalNodeId: () -> String, private
             { key -> key },
             { entity -> entity.key to entity.value!! },
             NodePropertiesPersistentStore::DBNodeProperty,
-            NodePropertiesPersistentStore.DBNodeProperty::class.java
+            NodePropertiesPersistentStore.DBNodeProperty::class.java,
+            cacheFactory
     )
 
     override val values = PublishSubject.create<Pair<Boolean, Boolean>>()!!
diff --git a/node/src/main/kotlin/net/corda/node/services/transactions/PersistentUniquenessProvider.kt b/node/src/main/kotlin/net/corda/node/services/transactions/PersistentUniquenessProvider.kt
index b6c8ebf437..122e10d3c3 100644
--- a/node/src/main/kotlin/net/corda/node/services/transactions/PersistentUniquenessProvider.kt
+++ b/node/src/main/kotlin/net/corda/node/services/transactions/PersistentUniquenessProvider.kt
@@ -9,6 +9,7 @@ import net.corda.core.flows.NotarisationRequestSignature
 import net.corda.core.flows.NotaryError
 import net.corda.core.flows.StateConsumptionDetails
 import net.corda.core.identity.Party
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.concurrent.OpenFuture
 import net.corda.core.internal.concurrent.openFuture
 import net.corda.core.internal.notary.AsyncUniquenessProvider
@@ -22,7 +23,6 @@ import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
 import net.corda.node.utilities.AppendOnlyPersistentMap
-import net.corda.node.utilities.NamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import net.corda.nodeapi.internal.persistence.currentDBSession
diff --git a/node/src/main/kotlin/net/corda/node/services/upgrade/ContractUpgradeServiceImpl.kt b/node/src/main/kotlin/net/corda/node/services/upgrade/ContractUpgradeServiceImpl.kt
index e6924dd3c7..9aa5739a61 100644
--- a/node/src/main/kotlin/net/corda/node/services/upgrade/ContractUpgradeServiceImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/services/upgrade/ContractUpgradeServiceImpl.kt
@@ -2,6 +2,7 @@ package net.corda.node.services.upgrade
 
 import net.corda.core.contracts.StateRef
 import net.corda.core.contracts.UpgradedContract
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.node.services.ContractUpgradeService
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.node.utilities.PersistentMap
@@ -11,7 +12,7 @@ import javax.persistence.Entity
 import javax.persistence.Id
 import javax.persistence.Table
 
-class ContractUpgradeServiceImpl : ContractUpgradeService, SingletonSerializeAsToken() {
+class ContractUpgradeServiceImpl(cacheFactory: NamedCacheFactory) : ContractUpgradeService, SingletonSerializeAsToken() {
 
     @Entity
     @Table(name = "${NODE_DATABASE_PREFIX}contract_upgrades")
@@ -26,7 +27,7 @@ class ContractUpgradeServiceImpl : ContractUpgradeService, SingletonSerializeAsT
     )
 
     private companion object {
-        fun createContractUpgradesMap(): PersistentMap<String, String, DBContractUpgrade, String> {
+        fun createContractUpgradesMap(cacheFactory: NamedCacheFactory): PersistentMap<String, String, DBContractUpgrade, String> {
             return PersistentMap(
                     "ContractUpgradeService_upgrades",
                     toPersistentEntityKey = { it },
@@ -37,12 +38,13 @@ class ContractUpgradeServiceImpl : ContractUpgradeService, SingletonSerializeAsT
                             upgradedContractClassName = value
                         }
                     },
-                    persistentEntityClass = DBContractUpgrade::class.java
+                    persistentEntityClass = DBContractUpgrade::class.java,
+                    cacheFactory = cacheFactory
             )
         }
     }
 
-    private val authorisedUpgrade = createContractUpgradesMap()
+    private val authorisedUpgrade = createContractUpgradesMap(cacheFactory)
 
     fun start() {
         authorisedUpgrade.preload()
diff --git a/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt b/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt
index 81f080e425..532a71f497 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/AppendOnlyPersistentMap.kt
@@ -2,6 +2,7 @@ package net.corda.node.utilities
 
 import com.github.benmanes.caffeine.cache.LoadingCache
 import com.github.benmanes.caffeine.cache.Weigher
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.utilities.contextLogger
 import net.corda.nodeapi.internal.persistence.DatabaseTransaction
 import net.corda.nodeapi.internal.persistence.contextTransaction
@@ -12,7 +13,6 @@ import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicReference
 
-
 /**
  * Implements a caching layer on top of an *append-only* table accessed via Hibernate mapping. Note that if the same key is [set] twice,
  * typically this will result in a duplicate insert if this is racing with another transaction.  The flow framework will then retry.
diff --git a/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt b/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
index d11c9667c2..5c963ac80d 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
@@ -5,50 +5,77 @@ import com.github.benmanes.caffeine.cache.Cache
 import com.github.benmanes.caffeine.cache.CacheLoader
 import com.github.benmanes.caffeine.cache.Caffeine
 import com.github.benmanes.caffeine.cache.LoadingCache
-import net.corda.core.internal.buildNamed
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.serialization.SerializeAsToken
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.node.services.config.NodeConfiguration
+import java.util.concurrent.TimeUnit
 
 /**
- * Allow passing metrics and config to caching implementations.
+ * Allow passing metrics and config to caching implementations.  This is needs to be distinct from [NamedCacheFactory]
+ * to avoid deterministic serialization from seeing metrics and config on method signatures.
  */
-interface NamedCacheFactory : SerializeAsToken {
+interface BindableNamedCacheFactory : NamedCacheFactory, SerializeAsToken {
     /**
      * Build a new cache factory of the same type that incorporates metrics.
      */
-    fun bindWithMetrics(metricRegistry: MetricRegistry): NamedCacheFactory
+    fun bindWithMetrics(metricRegistry: MetricRegistry): BindableNamedCacheFactory
 
     /**
      * Build a new cache factory of the same type that incorporates the associated configuration.
      */
-    fun bindWithConfig(nodeConfiguration: NodeConfiguration): NamedCacheFactory
-
-    fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V>
-    fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String, loader: CacheLoader<K, V>): LoadingCache<K, V>
+    fun bindWithConfig(nodeConfiguration: NodeConfiguration): BindableNamedCacheFactory
 }
 
-class DefaultNamedCacheFactory private constructor(private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : NamedCacheFactory, SingletonSerializeAsToken() {
+open class DefaultNamedCacheFactory private constructor(private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : BindableNamedCacheFactory, SingletonSerializeAsToken() {
     constructor() : this(null, null)
 
-    override fun bindWithMetrics(metricRegistry: MetricRegistry): NamedCacheFactory = DefaultNamedCacheFactory(metricRegistry, this.nodeConfiguration)
-    override fun bindWithConfig(nodeConfiguration: NodeConfiguration): NamedCacheFactory = DefaultNamedCacheFactory(this.metricRegistry, nodeConfiguration)
+    override fun bindWithMetrics(metricRegistry: MetricRegistry): BindableNamedCacheFactory = DefaultNamedCacheFactory(metricRegistry, this.nodeConfiguration)
+    override fun bindWithConfig(nodeConfiguration: NodeConfiguration): BindableNamedCacheFactory = DefaultNamedCacheFactory(this.metricRegistry, nodeConfiguration)
 
-    override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V> {
+    protected fun <K, V> configuredForNamed(caffeine: Caffeine<K, V>, name: String): Caffeine<K, V> {
+        return with(nodeConfiguration!!) {
+            when {
+                name.startsWith("RPCSecurityManagerShiroCache_") -> with(security?.authService?.options?.cache!!) { caffeine.maximumSize(maxEntries).expireAfterWrite(expireAfterSecs, TimeUnit.SECONDS) }
+                name == "RPCServer_observableSubscription" -> caffeine
+                name == "RpcClientProxyHandler_rpcObservable" -> caffeine
+                name == "SerializationScheme_attachmentClassloader" -> caffeine
+                name == "HibernateConfiguration_sessionFactories" -> caffeine.maximumSize(database.mappedSchemaCacheSize)
+                name == "DBTransactionStorage_transactions" -> caffeine.maximumWeight(transactionCacheSizeBytes)
+                name == "NodeAttachmentService_attachmentContent" -> caffeine.maximumWeight(attachmentContentCacheSizeBytes)
+                name == "NodeAttachmentService_attachmentPresence" -> caffeine.maximumSize(attachmentCacheBound)
+                name == "PersistentIdentityService_partyByKey" -> caffeine.maximumSize(defaultCacheSize)
+                name == "PersistentIdentityService_partyByName" -> caffeine.maximumSize(defaultCacheSize)
+                name == "PersistentNetworkMap_nodesByKey" -> caffeine.maximumSize(defaultCacheSize)
+                name == "PersistentNetworkMap_idByLegalName" -> caffeine.maximumSize(defaultCacheSize)
+                name == "PersistentKeyManagementService_keys" -> caffeine.maximumSize(defaultCacheSize)
+                name == "FlowDrainingMode_nodeProperties" -> caffeine.maximumSize(defaultCacheSize)
+                name == "ContractUpgradeService_upgrades" -> caffeine.maximumSize(defaultCacheSize)
+                name == "PersistentUniquenessProvider_transactions" -> caffeine.maximumSize(defaultCacheSize)
+                name == "P2PMessageDeduplicator_processedMessages" -> caffeine.maximumSize(defaultCacheSize)
+                name == "DeduplicationChecker_watermark" -> caffeine
+                name == "BFTNonValidatingNotaryService_transactions" -> caffeine.maximumSize(defaultCacheSize)
+                name == "RaftUniquenessProvider_transactions" -> caffeine.maximumSize(defaultCacheSize)
+                else -> throw IllegalArgumentException("Unexpected cache name $name. Did you add a new cache?")
+            }
+        }
+    }
+
+    protected fun checkState(name: String) {
+        checkCacheName(name)
         checkNotNull(metricRegistry)
         checkNotNull(nodeConfiguration)
-        return caffeine.maximumSize(1024).buildNamed<K, V>(name)
+    }
+
+    override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V> {
+        checkState(name)
+        return configuredForNamed(caffeine, name).build<K, V>()
     }
 
     override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String, loader: CacheLoader<K, V>): LoadingCache<K, V> {
-        checkNotNull(metricRegistry)
-        checkNotNull(nodeConfiguration)
-        val configuredCaffeine = when (name) {
-            "DBTransactionStorage_transactions" -> caffeine.maximumWeight(nodeConfiguration!!.transactionCacheSizeBytes)
-            "NodeAttachmentService_attachmentContent" -> caffeine.maximumWeight(nodeConfiguration!!.attachmentContentCacheSizeBytes)
-            "NodeAttachmentService_attachmentPresence" -> caffeine.maximumSize(nodeConfiguration!!.attachmentCacheBound)
-            else -> caffeine.maximumSize(1024)
-        }
-        return configuredCaffeine.buildNamed<K, V>(name, loader)
+        checkState(name)
+        return configuredForNamed(caffeine, name).build<K, V>(loader)
     }
+
+    protected val defaultCacheSize = 1024L
 }
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingCache.kt b/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingCache.kt
index 2cf4904282..25688233c2 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingCache.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingCache.kt
@@ -4,6 +4,7 @@ import com.github.benmanes.caffeine.cache.CacheLoader
 import com.github.benmanes.caffeine.cache.Caffeine
 import com.github.benmanes.caffeine.cache.LoadingCache
 import com.github.benmanes.caffeine.cache.Weigher
+import net.corda.core.internal.NamedCacheFactory
 
 class NonInvalidatingCache<K, V> private constructor(
         val cache: LoadingCache<K, V>
diff --git a/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingUnboundCache.kt b/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingUnboundCache.kt
index f16ec74f8f..634189a7b7 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingUnboundCache.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/NonInvalidatingUnboundCache.kt
@@ -5,21 +5,21 @@ import com.github.benmanes.caffeine.cache.CacheLoader
 import com.github.benmanes.caffeine.cache.Caffeine
 import com.github.benmanes.caffeine.cache.LoadingCache
 import com.github.benmanes.caffeine.cache.RemovalListener
-import net.corda.core.internal.buildNamed
+import net.corda.core.internal.NamedCacheFactory
 
 class NonInvalidatingUnboundCache<K, V> private constructor(
         val cache: LoadingCache<K, V>
 ) : LoadingCache<K, V> by cache {
 
-    constructor(name: String, loadFunction: (K) -> V, removalListener: RemovalListener<K, V> = RemovalListener { _, _, _ -> },
+    constructor(name: String, cacheFactory: NamedCacheFactory, loadFunction: (K) -> V, removalListener: RemovalListener<K, V> = RemovalListener { _, _, _ -> },
                 keysToPreload: () -> Iterable<K> = { emptyList() }) :
-            this(buildCache(name, loadFunction, removalListener, keysToPreload))
+            this(buildCache(name, cacheFactory, loadFunction, removalListener, keysToPreload))
 
     private companion object {
-        private fun <K, V> buildCache(name: String, loadFunction: (K) -> V, removalListener: RemovalListener<K, V>,
+        private fun <K, V> buildCache(name: String, cacheFactory: NamedCacheFactory, loadFunction: (K) -> V, removalListener: RemovalListener<K, V>,
                                       keysToPreload: () -> Iterable<K>): LoadingCache<K, V> {
             val builder = Caffeine.newBuilder().removalListener(removalListener).executor(SameThreadExecutor.getExecutor())
-            return builder.buildNamed(name, NonInvalidatingCacheLoader(loadFunction)).apply {
+            return cacheFactory.buildNamed(builder, name, NonInvalidatingCacheLoader(loadFunction)).apply {
                 getAll(keysToPreload())
             }
         }
diff --git a/node/src/main/kotlin/net/corda/node/utilities/PersistentMap.kt b/node/src/main/kotlin/net/corda/node/utilities/PersistentMap.kt
index 2f04ea7bbe..a006ee9883 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/PersistentMap.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/PersistentMap.kt
@@ -2,6 +2,7 @@ package net.corda.node.utilities
 
 import com.github.benmanes.caffeine.cache.RemovalCause
 import com.github.benmanes.caffeine.cache.RemovalListener
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.utilities.contextLogger
 import net.corda.nodeapi.internal.persistence.currentDBSession
 import java.util.*
@@ -14,7 +15,8 @@ class PersistentMap<K : Any, V, E, out EK>(
         val toPersistentEntityKey: (K) -> EK,
         val fromPersistentEntity: (E) -> Pair<K, V>,
         val toPersistentEntity: (key: K, value: V) -> E,
-        val persistentEntityClass: Class<E>
+        val persistentEntityClass: Class<E>,
+        cacheFactory: NamedCacheFactory
 ) : MutableMap<K, V>, AbstractMap<K, V>() {
 
     private companion object {
@@ -24,7 +26,8 @@ class PersistentMap<K : Any, V, E, out EK>(
     private val cache = NonInvalidatingUnboundCache(
             name,
             loadFunction = { key -> Optional.ofNullable(loadValue(key)) },
-            removalListener = ExplicitRemoval(toPersistentEntityKey, persistentEntityClass)
+            removalListener = ExplicitRemoval(toPersistentEntityKey, persistentEntityClass),
+            cacheFactory = cacheFactory
     )
 
     /** Preload to allow [all] to take data only from the cache (cache is unbound) */
diff --git a/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt b/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt
index 8c8c794378..8d25b1ac66 100644
--- a/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt
+++ b/node/src/test/kotlin/net/corda/node/CordaRPCOpsImplTest.kt
@@ -38,10 +38,11 @@ import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.expect
 import net.corda.testing.core.expectEvents
 import net.corda.testing.core.sequence
-import net.corda.testing.node.internal.cordappsForPackages
+import net.corda.testing.internal.fromUserList
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.InternalMockNodeParameters
 import net.corda.testing.node.internal.TestStartedNode
+import net.corda.testing.node.internal.cordappsForPackages
 import net.corda.testing.node.testActor
 import org.apache.commons.io.IOUtils
 import org.assertj.core.api.Assertions.*
diff --git a/node/src/test/kotlin/net/corda/node/internal/AbstractNodeTests.kt b/node/src/test/kotlin/net/corda/node/internal/AbstractNodeTests.kt
index 7e92e706b6..d4e6a24186 100644
--- a/node/src/test/kotlin/net/corda/node/internal/AbstractNodeTests.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/AbstractNodeTests.kt
@@ -7,7 +7,7 @@ import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.getOrThrow
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.common.internal.relaxedThoroughness
-import net.corda.testing.internal.rigorousMock
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.internal.ProcessUtilities.startJavaProcess
 import org.junit.Rule
 import org.junit.Test
diff --git a/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt b/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt
index 6134aa348f..48a266ce31 100644
--- a/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt
@@ -18,6 +18,7 @@ import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.createNodeInfoAndSigned
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
diff --git a/node/src/test/kotlin/net/corda/node/services/RPCSecurityManagerTest.kt b/node/src/test/kotlin/net/corda/node/services/RPCSecurityManagerTest.kt
index f64d72ea87..64ed341993 100644
--- a/node/src/test/kotlin/net/corda/node/services/RPCSecurityManagerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/RPCSecurityManagerTest.kt
@@ -9,6 +9,8 @@ import net.corda.node.internal.security.tryAuthenticate
 import net.corda.node.services.Permissions.Companion.invokeRpc
 import net.corda.node.services.config.SecurityConfiguration
 import net.corda.nodeapi.internal.config.User
+import net.corda.testing.internal.TestingNamedCacheFactory
+import net.corda.testing.internal.fromUserList
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.Test
 import javax.security.auth.login.FailedLoginException
@@ -134,7 +136,7 @@ class RPCSecurityManagerTest {
 
     private fun checkUserActions(permissions: Set<String>, permitted: Set<ArrayList<String>>) {
         val user = User(username = "user", password = "password", permissions = permissions)
-        val userRealms = RPCSecurityManagerImpl(SecurityConfiguration.AuthService.fromUsers(listOf(user)))
+        val userRealms = RPCSecurityManagerImpl(SecurityConfiguration.AuthService.fromUsers(listOf(user)), TestingNamedCacheFactory())
         val disabled = allActions.filter { !permitted.contains(listOf(it)) }
         for (subject in listOf(
                 userRealms.authenticate("user", Password("password")),
diff --git a/node/src/test/kotlin/net/corda/node/services/events/NodeSchedulerServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/events/NodeSchedulerServiceTest.kt
index 7cd1955776..b0279be977 100644
--- a/node/src/test/kotlin/net/corda/node/services/events/NodeSchedulerServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/events/NodeSchedulerServiceTest.kt
@@ -10,13 +10,13 @@ import net.corda.core.internal.FlowStateMachine
 import net.corda.core.internal.concurrent.openFuture
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.utilities.days
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.api.FlowStarter
 import net.corda.node.services.api.NodePropertiesStore
 import net.corda.node.services.messaging.DeduplicationHandler
 import net.corda.node.services.statemachine.ExternalEvent
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.doLookup
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.spectator
diff --git a/node/src/test/kotlin/net/corda/node/services/events/PersistentScheduledFlowRepositoryTest.kt b/node/src/test/kotlin/net/corda/node/services/events/PersistentScheduledFlowRepositoryTest.kt
index f25588ea74..d478dc473d 100644
--- a/node/src/test/kotlin/net/corda/node/services/events/PersistentScheduledFlowRepositoryTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/events/PersistentScheduledFlowRepositoryTest.kt
@@ -4,9 +4,8 @@ import net.corda.core.contracts.ScheduledStateRef
 import net.corda.core.contracts.StateRef
 import net.corda.core.crypto.SecureHash
 import net.corda.core.utilities.days
-import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
-import net.corda.testing.internal.rigorousMock
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices
 import org.junit.Test
 import java.time.Instant
diff --git a/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
index 186cfb13cc..bf8a16880f 100644
--- a/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
@@ -7,7 +7,6 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
 import net.corda.core.node.services.UnknownAnonymousPartyException
-import net.corda.node.internal.configureDatabase
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.crypto.CertificateType
 import net.corda.nodeapi.internal.crypto.X509Utilities
@@ -17,6 +16,7 @@ import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
 import net.corda.testing.internal.DEV_INTERMEDIATE_CA
 import net.corda.testing.internal.DEV_ROOT_CA
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.makeTestIdentityService
 import org.junit.After
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
index b52d8f39a8..5e36bd301c 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/AppendOnlyPersistentMapTest.kt
@@ -2,11 +2,11 @@ package net.corda.node.services.persistence
 
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.utilities.loggerFor
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.junit.After
 import org.junit.Assert.*
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/DBCheckpointStorageTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/DBCheckpointStorageTests.kt
index 7fd4072d38..12782348c2 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/DBCheckpointStorageTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/DBCheckpointStorageTests.kt
@@ -3,16 +3,15 @@ package net.corda.node.services.persistence
 import net.corda.core.context.InvocationContext
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.StateMachineRunId
-import net.corda.core.serialization.internal.CheckpointSerializationDefaults
 import net.corda.core.serialization.SerializedBytes
+import net.corda.core.serialization.internal.CheckpointSerializationDefaults
 import net.corda.core.serialization.internal.checkpointSerialize
 import net.corda.node.internal.CheckpointIncompatibleException
 import net.corda.node.internal.CheckpointVerifier
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.api.CheckpointStorage
 import net.corda.node.services.statemachine.Checkpoint
-import net.corda.node.services.statemachine.SubFlowVersion
 import net.corda.node.services.statemachine.FlowStart
+import net.corda.node.services.statemachine.SubFlowVersion
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
@@ -20,6 +19,7 @@ import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.assertj.core.api.Assertions
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt b/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt
index 44c92b6630..00b9356d21 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/DBTransactionStorageTests.kt
@@ -7,13 +7,13 @@ import net.corda.core.crypto.SignatureMetadata
 import net.corda.core.crypto.TransactionSignature
 import net.corda.core.toFuture
 import net.corda.core.transactions.SignedTransaction
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.createWireTransaction
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.assertj.core.api.Assertions.assertThat
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
index 72071192cd..726d6b1cb6 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/HibernateConfigurationTest.kt
@@ -29,7 +29,6 @@ import net.corda.finance.schemas.test.SampleCashSchemaV1
 import net.corda.finance.schemas.test.SampleCashSchemaV2
 import net.corda.finance.schemas.test.SampleCashSchemaV3
 import net.corda.finance.utils.sumCash
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.api.IdentityServiceInternal
 import net.corda.node.services.api.WritableTransactionStorage
 import net.corda.node.services.schema.ContractStateAndRef
@@ -41,6 +40,7 @@ import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.nodeapi.internal.persistence.HibernateConfiguration
 import net.corda.testing.core.*
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.vault.DummyDealStateSchemaV1
 import net.corda.testing.internal.vault.DummyLinearStateSchemaV1
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
index e4f6549e48..255f0c323f 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
@@ -13,12 +13,12 @@ import net.corda.core.node.services.vault.AttachmentSort
 import net.corda.core.node.services.vault.Builder
 import net.corda.core.node.services.vault.Sort
 import net.corda.core.utilities.getOrThrow
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.startFlow
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/TransactionCallbackTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/TransactionCallbackTest.kt
index 7231c3afed..e6c4e8fdf2 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/TransactionCallbackTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/TransactionCallbackTest.kt
@@ -1,7 +1,7 @@
 package net.corda.node.services.persistence
 
-import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.junit.After
 import org.junit.Test
diff --git a/node/src/test/kotlin/net/corda/node/services/schema/PersistentStateServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/schema/PersistentStateServiceTests.kt
index f1abf5e618..9fac402e43 100644
--- a/node/src/test/kotlin/net/corda/node/services/schema/PersistentStateServiceTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/schema/PersistentStateServiceTests.kt
@@ -7,24 +7,21 @@ import net.corda.core.contracts.TransactionState
 import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.CordaX500Name
-import net.corda.core.node.services.Vault
 import net.corda.core.schemas.MappedSchema
 import net.corda.core.schemas.PersistentState
 import net.corda.core.schemas.QueryableState
 import net.corda.node.services.api.SchemaService
-import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.nodeapi.internal.persistence.currentDBSession
-import net.corda.testing.internal.LogHelper
-import net.corda.testing.core.TestIdentity
 import net.corda.testing.contracts.DummyContract
+import net.corda.testing.core.TestIdentity
+import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.junit.After
 import org.junit.Before
-import org.junit.Ignore
 import org.junit.Test
-import rx.subjects.PublishSubject
 import kotlin.test.assertEquals
 
 class PersistentStateServiceTests {
diff --git a/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt b/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt
index 65401708d4..3c63c71847 100644
--- a/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/transactions/PersistentUniquenessProviderTests.kt
@@ -8,7 +8,6 @@ import net.corda.core.flows.NotarisationRequestSignature
 import net.corda.core.flows.NotaryError
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.notary.NotaryInternalException
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.schema.NodeSchemaService
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
@@ -17,6 +16,7 @@ import net.corda.testing.core.SerializationEnvironmentRule
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.core.generateStateRef
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.junit.After
 import org.junit.Before
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
index d7f890a7ab..7f55504ee9 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultQueryTests.kt
@@ -24,13 +24,13 @@ import net.corda.finance.schemas.CashSchemaV1.PersistentCashState
 import net.corda.finance.schemas.CommercialPaperSchemaV1
 import net.corda.finance.schemas.test.SampleCashSchemaV2
 import net.corda.finance.schemas.test.SampleCashSchemaV3
-import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.nodeapi.internal.persistence.DatabaseTransaction
 import net.corda.testing.core.*
 import net.corda.testing.internal.TEST_TX_TIME
 import net.corda.testing.internal.chooseIdentity
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.vault.*
 import net.corda.testing.node.MockServices
diff --git a/node/src/test/kotlin/net/corda/node/utilities/ObservablesTests.kt b/node/src/test/kotlin/net/corda/node/utilities/ObservablesTests.kt
index d319c0b1d1..a28619a4d1 100644
--- a/node/src/test/kotlin/net/corda/node/utilities/ObservablesTests.kt
+++ b/node/src/test/kotlin/net/corda/node/utilities/ObservablesTests.kt
@@ -3,8 +3,8 @@ package net.corda.node.utilities
 import com.google.common.util.concurrent.SettableFuture
 import net.corda.core.internal.bufferUntilSubscribed
 import net.corda.core.internal.tee
-import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.*
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
diff --git a/node/src/test/kotlin/net/corda/node/utilities/PersistentMapTests.kt b/node/src/test/kotlin/net/corda/node/utilities/PersistentMapTests.kt
index baaf99a34f..69212e7369 100644
--- a/node/src/test/kotlin/net/corda/node/utilities/PersistentMapTests.kt
+++ b/node/src/test/kotlin/net/corda/node/utilities/PersistentMapTests.kt
@@ -1,9 +1,10 @@
 package net.corda.node.utilities
 
 import net.corda.core.crypto.SecureHash
-import net.corda.node.internal.configureDatabase
 import net.corda.node.services.upgrade.ContractUpgradeServiceImpl
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.internal.TestingNamedCacheFactory
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices
 import org.junit.Test
 import kotlin.test.assertEquals
@@ -25,7 +26,8 @@ class PersistentMapTests {
                         upgradedContractClassName = value
                     }
                 },
-                persistentEntityClass = ContractUpgradeServiceImpl.DBContractUpgrade::class.java
+                persistentEntityClass = ContractUpgradeServiceImpl.DBContractUpgrade::class.java,
+                cacheFactory = TestingNamedCacheFactory()
         ).apply { preload() }
     }
 
diff --git a/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/NodeInterestRatesTest.kt b/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/NodeInterestRatesTest.kt
index 4b2e01d4e4..09946bef03 100644
--- a/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/NodeInterestRatesTest.kt
+++ b/samples/irs-demo/cordapp/src/test/kotlin/net/corda/irs/api/NodeInterestRatesTest.kt
@@ -10,13 +10,14 @@ import net.corda.finance.DOLLARS
 import net.corda.finance.contracts.Fix
 import net.corda.finance.contracts.asset.CASH
 import net.corda.finance.contracts.asset.Cash
-import net.corda.node.internal.configureDatabase
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.core.*
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.internal.rigorousMock
-import net.corda.testing.node.*
+import net.corda.testing.node.MockServices
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
+import net.corda.testing.node.createMockCordaService
 import org.junit.After
 import org.junit.Assert.*
 import org.junit.Before
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt
index e94e2b95b4..9c78e01926 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/SerializationScheme.kt
@@ -6,7 +6,6 @@ import net.corda.core.DeleteForDJVM
 import net.corda.core.KeepForDJVM
 import net.corda.core.contracts.Attachment
 import net.corda.core.crypto.SecureHash
-import net.corda.core.internal.buildNamed
 import net.corda.core.internal.copyBytes
 import net.corda.core.serialization.*
 import net.corda.core.utilities.ByteSequence
@@ -77,7 +76,7 @@ data class SerializationContextImpl @JvmOverloads constructor(override val prefe
  */
 @DeleteForDJVM
 internal class AttachmentsClassLoaderBuilder(private val properties: Map<Any, Any>, private val deserializationClassLoader: ClassLoader) {
-    private val cache: Cache<List<SecureHash>, AttachmentsClassLoader> = Caffeine.newBuilder().weakValues().maximumSize(1024).buildNamed("SerializationScheme_attachmentClassloader")
+    private val cache: Cache<List<SecureHash>, AttachmentsClassLoader> = Caffeine.newBuilder().weakValues().maximumSize(1024).build()
 
     fun build(attachmentHashes: List<SecureHash>): AttachmentsClassLoader? {
         val serializationContext = properties[serializationContextKey] as? SerializeAsTokenContext ?: return null // Some tests don't set one.
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
index e78d0c12a3..9d7dfa7cf6 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
@@ -21,7 +21,6 @@ import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.ServicesForResolutionImpl
-import net.corda.node.internal.configureDatabase
 import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.node.services.api.*
 import net.corda.node.services.identity.InMemoryIdentityService
@@ -34,6 +33,7 @@ import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.TestIdentity
 import net.corda.testing.internal.DEV_ROOT_CA
 import net.corda.testing.internal.MockCordappProvider
+import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.internal.*
 import net.corda.testing.services.MockAttachmentStorage
 import java.security.KeyPair
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt
index 38109bf114..d9c1cc3a2f 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/RPCDriver.kt
@@ -24,12 +24,14 @@ import net.corda.node.services.messaging.RPCServerConfiguration
 import net.corda.nodeapi.RPCApi
 import net.corda.nodeapi.internal.ArtemisTcpTransport
 import net.corda.serialization.internal.AMQP_RPC_CLIENT_CONTEXT
-import net.corda.testing.node.TestCordapp
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.MAX_MESSAGE_SIZE
 import net.corda.testing.driver.JmxPolicy
 import net.corda.testing.driver.PortAllocation
+import net.corda.testing.internal.TestingNamedCacheFactory
+import net.corda.testing.internal.fromUserList
 import net.corda.testing.node.NotarySpec
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.User
 import net.corda.testing.node.internal.DriverDSLImpl.Companion.cordappsInCurrentAndAdditionalPackages
 import org.apache.activemq.artemis.api.core.SimpleString
@@ -485,7 +487,8 @@ data class RPCDriverDSL(
                 locator,
                 rpcSecurityManager,
                 nodeLegalName,
-                configuration
+                configuration,
+                TestingNamedCacheFactory()
         )
         driverDSL.shutdownManager.registerShutdown {
             rpcServer.close(queueDrainTimeout)
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalTestUtils.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalTestUtils.kt
index 4ddca172af..8f82cf3792 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalTestUtils.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalTestUtils.kt
@@ -1,26 +1,42 @@
 package net.corda.testing.internal
 
+import net.corda.core.context.AuthServiceId
 import net.corda.core.contracts.*
 import net.corda.core.crypto.Crypto
 import net.corda.core.crypto.Crypto.generateKeyPair
 import net.corda.core.crypto.SecureHash
+import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.identity.PartyAndCertificate
+import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.node.NodeInfo
+import net.corda.core.schemas.MappedSchema
 import net.corda.core.transactions.WireTransaction
 import net.corda.core.utilities.loggerFor
+import net.corda.node.internal.createCordaPersistence
+import net.corda.node.internal.security.RPCSecurityManagerImpl
+import net.corda.node.internal.startHikariPool
+import net.corda.node.services.api.SchemaService
+import net.corda.node.services.config.SecurityConfiguration
+import net.corda.node.services.schema.NodeSchemaService
 import net.corda.nodeapi.BrokerRpcSslOptions
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
-import net.corda.nodeapi.internal.registerDevP2pCertificates
+import net.corda.nodeapi.internal.config.User
 import net.corda.nodeapi.internal.createDevNodeCa
-import net.corda.nodeapi.internal.crypto.*
+import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair
+import net.corda.nodeapi.internal.crypto.CertificateType
+import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.loadDevCaTrustStore
+import net.corda.nodeapi.internal.persistence.CordaPersistence
+import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.nodeapi.internal.registerDevP2pCertificates
 import net.corda.serialization.internal.amqp.AMQP_ENABLED
 import net.corda.testing.internal.stubs.CertificateStoreStubs
 import java.nio.file.Files
 import java.nio.file.Path
 import java.security.KeyPair
+import java.util.*
 import javax.security.auth.x500.X500Principal
 
 @Suppress("unused")
@@ -136,3 +152,24 @@ fun createWireTransaction(inputs: List<StateRef>,
     val componentGroups = WireTransaction.createComponentGroups(inputs, outputs, commands, attachments, notary, timeWindow)
     return WireTransaction(componentGroups, privacySalt)
 }
+
+/**
+ * Instantiate RPCSecurityManager initialised with users data from a list of [User]
+ */
+fun RPCSecurityManagerImpl.Companion.fromUserList(id: AuthServiceId, users: List<User>) =
+        RPCSecurityManagerImpl(SecurityConfiguration.AuthService.fromUsers(users).copy(id = id), TestingNamedCacheFactory())
+
+/**
+ * Convenience method for configuring a database for some tests.
+ */
+fun configureDatabase(hikariProperties: Properties,
+                      databaseConfig: DatabaseConfig,
+                      wellKnownPartyFromX500Name: (CordaX500Name) -> Party?,
+                      wellKnownPartyFromAnonymous: (AbstractParty) -> Party?,
+                      schemaService: SchemaService = NodeSchemaService(),
+                      internalSchemas: Set<MappedSchema> = NodeSchemaService().internalSchemas(),
+                      cacheFactory: NamedCacheFactory = TestingNamedCacheFactory()): CordaPersistence {
+    val persistence = createCordaPersistence(databaseConfig, wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous, schemaService, hikariProperties, cacheFactory)
+    persistence.startHikariPool(hikariProperties, databaseConfig, internalSchemas)
+    return persistence
+}
\ No newline at end of file
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt
index 7908d5dd27..6802fd042e 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestingNamedCacheFactory.kt
@@ -5,21 +5,20 @@ import com.github.benmanes.caffeine.cache.Cache
 import com.github.benmanes.caffeine.cache.CacheLoader
 import com.github.benmanes.caffeine.cache.Caffeine
 import com.github.benmanes.caffeine.cache.LoadingCache
-import net.corda.core.internal.buildNamed
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.node.services.config.MB
 import net.corda.node.services.config.NodeConfiguration
-import net.corda.node.utilities.NamedCacheFactory
+import net.corda.node.utilities.BindableNamedCacheFactory
 
-class TestingNamedCacheFactory private constructor(private val sizeOverride: Long, private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : NamedCacheFactory, SingletonSerializeAsToken() {
+class TestingNamedCacheFactory private constructor(private val sizeOverride: Long, private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : BindableNamedCacheFactory, SingletonSerializeAsToken() {
     constructor(sizeOverride: Long = 1024) : this(sizeOverride, null, null)
 
-    override fun bindWithMetrics(metricRegistry: MetricRegistry): NamedCacheFactory = TestingNamedCacheFactory(sizeOverride, metricRegistry, this.nodeConfiguration)
-    override fun bindWithConfig(nodeConfiguration: NodeConfiguration): NamedCacheFactory = TestingNamedCacheFactory(sizeOverride, this.metricRegistry, nodeConfiguration)
+    override fun bindWithMetrics(metricRegistry: MetricRegistry): BindableNamedCacheFactory = TestingNamedCacheFactory(sizeOverride, metricRegistry, this.nodeConfiguration)
+    override fun bindWithConfig(nodeConfiguration: NodeConfiguration): BindableNamedCacheFactory = TestingNamedCacheFactory(sizeOverride, this.metricRegistry, nodeConfiguration)
 
     override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String): Cache<K, V> {
         // Does not check metricRegistry or nodeConfiguration, because for tests we don't care.
-        return caffeine.maximumSize(sizeOverride).buildNamed<K, V>(name)
+        return caffeine.maximumSize(sizeOverride).build<K, V>()
     }
 
     override fun <K, V> buildNamed(caffeine: Caffeine<in K, in V>, name: String, loader: CacheLoader<K, V>): LoadingCache<K, V> {
@@ -29,6 +28,6 @@ class TestingNamedCacheFactory private constructor(private val sizeOverride: Lon
             "NodeAttachmentService_attachmentContent" -> caffeine.maximumWeight(1.MB)
             else -> caffeine.maximumSize(sizeOverride)
         }
-        return configuredCaffeine.buildNamed<K, V>(name, loader)
+        return configuredCaffeine.build<K, V>(loader)
     }
 }
\ No newline at end of file
diff --git a/tools/explorer/src/main/kotlin/net/corda/explorer/identicon/IdenticonRenderer.kt b/tools/explorer/src/main/kotlin/net/corda/explorer/identicon/IdenticonRenderer.kt
index db17fc7749..97a8549688 100644
--- a/tools/explorer/src/main/kotlin/net/corda/explorer/identicon/IdenticonRenderer.kt
+++ b/tools/explorer/src/main/kotlin/net/corda/explorer/identicon/IdenticonRenderer.kt
@@ -14,7 +14,6 @@ import javafx.scene.image.WritableImage
 import javafx.scene.paint.Color
 import javafx.scene.text.TextAlignment
 import net.corda.core.crypto.SecureHash
-import net.corda.core.internal.buildNamed
 
 /**
  *  (The MIT License)
@@ -76,7 +75,7 @@ object IdenticonRenderer {
 
     private const val renderingSize = 30.0
 
-    private val cache = Caffeine.newBuilder().buildNamed("IdentIconRenderer_image", CacheLoader<SecureHash, Image> { key ->
+    private val cache = Caffeine.newBuilder().build(CacheLoader<SecureHash, Image> { key ->
         key.let { render(key.hashCode(), renderingSize) }
     })
 

From 4c3b9a067c235758cce4a817e4b5539258c97eff Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Wed, 17 Oct 2018 11:34:03 +0100
Subject: [PATCH 57/83] CORDA-535: Make notary implementations publishable

---
 experimental/notary-bft-smart/build.gradle | 1 +
 experimental/notary-raft/build.gradle      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/experimental/notary-bft-smart/build.gradle b/experimental/notary-bft-smart/build.gradle
index bcd0614686..d9c0976b79 100644
--- a/experimental/notary-bft-smart/build.gradle
+++ b/experimental/notary-bft-smart/build.gradle
@@ -3,6 +3,7 @@ apply plugin: 'kotlin-jpa'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.publish-utils'
+apply plugin: 'com.jfrog.artifactory'
 
 configurations {
     integrationTestCompile.extendsFrom testCompile
diff --git a/experimental/notary-raft/build.gradle b/experimental/notary-raft/build.gradle
index fc6a1894da..adf7118c1c 100644
--- a/experimental/notary-raft/build.gradle
+++ b/experimental/notary-raft/build.gradle
@@ -2,6 +2,7 @@ apply plugin: 'kotlin'
 apply plugin: 'idea'
 apply plugin: 'net.corda.plugins.cordapp'
 apply plugin: 'net.corda.plugins.publish-utils'
+apply plugin: 'com.jfrog.artifactory'
 
 configurations {
     integrationTestCompile.extendsFrom testCompile

From 07c28c1fbf3ee359e497045a27d5ce22cf719af7 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@r3.com>
Date: Wed, 17 Oct 2018 17:24:27 +0100
Subject: [PATCH 58/83] Docs: improve organisation of the networks section.

---
 ...-a-network.rst => compatibility-zones.rst} | 13 ++--
 docs/source/corda-networks-index.rst          |  5 +-
 docs/source/corda-test-networks.rst           | 77 -------------------
 docs/source/corda-testnet-intro.rst           | 18 ++---
 4 files changed, 16 insertions(+), 97 deletions(-)
 rename docs/source/{joining-a-network.rst => compatibility-zones.rst} (82%)
 delete mode 100644 docs/source/corda-test-networks.rst

diff --git a/docs/source/joining-a-network.rst b/docs/source/compatibility-zones.rst
similarity index 82%
rename from docs/source/joining-a-network.rst
rename to docs/source/compatibility-zones.rst
index 6de161b781..060496c2ca 100644
--- a/docs/source/joining-a-network.rst
+++ b/docs/source/compatibility-zones.rst
@@ -4,12 +4,15 @@
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/codesets.js"></script>
 
-Connecting to a compatibility zone
-==================================
+Compatibility zones
+===================
 
-Every Corda node is part of a network (also called a zone) that is *permissioned*. Production deployments require a
-secure certificate authority. Most users will join an existing network such as the main Corda network or the Corda
-TestNet.
+Every Corda node is part of a "zone" (also sometimes called a Corda network) that is *permissioned*. Production
+deployments require a secure certificate authority. Most users will join an existing network such as the main Corda
+network or the Corda TestNet. We use the term "zone" to refer to a set of technically compatible nodes reachable
+over a TCP/IP network like the internet. The word "network" is used in Corda but can be ambiguous with the concept
+of a "business network", which is usually more like a membership list or subset of nodes in a zone that have agreed
+to trade with each other.
 
 To connect to a compatibility zone you need to register with its certificate signing authority (doorman) by submitting
 a certificate signing request (CSR) to obtain a valid identity for the zone. You could do this out of band, for instance
diff --git a/docs/source/corda-networks-index.rst b/docs/source/corda-networks-index.rst
index d1bf86f03e..435beb7981 100644
--- a/docs/source/corda-networks-index.rst
+++ b/docs/source/corda-networks-index.rst
@@ -4,13 +4,12 @@ Networks
 .. toctree::
    :maxdepth: 1
 
-   joining-a-network
-   corda-test-networks
+   compatibility-zones
+   corda-testnet-intro
    running-a-notary
    permissioning
    network-map
    versioning
-   corda-testnet-intro
    azure-vm-explore
    aws-vm-explore
    gcp-vm
diff --git a/docs/source/corda-test-networks.rst b/docs/source/corda-test-networks.rst
deleted file mode 100644
index f5c2991fcf..0000000000
--- a/docs/source/corda-test-networks.rst
+++ /dev/null
@@ -1,77 +0,0 @@
-.. _log4j2: http://logging.apache.org/log4j/2.x/
-
-Corda networks
-==============
-
-A Corda network consists of a number of machines running nodes. These nodes communicate using persistent protocols in
-order to create and validate transactions.
-
-There are three broader categories of functionality one such node may have. These pieces of functionality are provided
-as services, and one node may run several of them.
-
-* Notary: Nodes running a notary service witness state spends and have the final say in whether a transaction is a
-  double-spend or not
-* Oracle: Network services that link the ledger to the outside world by providing facts that affect the validity of
-  transactions
-* Regular node: All nodes have a vault and may start protocols communicating with other nodes, notaries and oracles and
-  evolve their private ledger
-
-Bootstrap your own test network
--------------------------------
-
-Certificates
-~~~~~~~~~~~~
-
-Every node in a given Corda network must have an identity certificate signed by the network's root CA. See
-:doc:`permissioning` for more information.
-
-Configuration
-~~~~~~~~~~~~~
-
-A node can be configured by adding/editing ``node.conf`` in the node's directory. For details see :doc:`corda-configuration-file`.
-
-An example configuration:
-
-.. literalinclude:: example-code/src/main/resources/example-node.conf
-:language: cfg
-
-      The most important fields regarding network configuration are:
-
-      * ``p2pAddress``: This specifies a host and port to which Artemis will bind for messaging with other nodes. Note that the
-  address bound will **NOT** be ``my-corda-node``, but rather ``::`` (all addresses on all network interfaces). The hostname specified
-  is the hostname *that must be externally resolvable by other nodes in the network*. In the above configuration this is the
-  resolvable name of a machine in a VPN.
-* ``rpcAddress``: The address to which Artemis will bind for RPC calls.
-* ``webAddress``: The address the webserver should bind. Note that the port must be distinct from that of ``p2pAddress`` and ``rpcAddress`` if they are on the same machine.
-
-Starting the nodes
-~~~~~~~~~~~~~~~~~~
-
-You will first need to create the local network by bootstrapping it with the bootstrapper. Details of how to do that
-can be found in :doc:`network-bootstrapper`.
-
-Once that's done you may now start the nodes in any order. You should see a banner, some log lines and eventually
-``Node started up and registered``, indicating that the node is fully started.
-
-.. TODO: Add a better way of polling for startup. A programmatic way of determining whether a node is up is to check whether it's ``webAddress`` is bound.
-
-In terms of process management there is no prescribed method. You may start the jars by hand or perhaps use systemd and friends.
-
-Logging
-~~~~~~~
-
-Only a handful of important lines are printed to the console. For
-details/diagnosing problems check the logs.
-
-Logging is standard log4j2_ and may be configured accordingly. Logs
-are by default redirected to files in ``NODE_DIRECTORY/logs/``.
-
-Connecting to the nodes
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Once a node has started up successfully you may connect to it as a client to initiate protocols/query state etc.
-Depending on your network setup you may need to tunnel to do this remotely.
-
-See the :doc:`tutorial-clientrpc-api` on how to establish an RPC link.
-
-Sidenote: A client is always associated with a single node with a single identity, which only sees their part of the ledger.
diff --git a/docs/source/corda-testnet-intro.rst b/docs/source/corda-testnet-intro.rst
index ae62d02b80..0e8a5a34ff 100644
--- a/docs/source/corda-testnet-intro.rst
+++ b/docs/source/corda-testnet-intro.rst
@@ -22,7 +22,7 @@ Click on "Join the Corda Testnet".
 
 Select whether you want to register a company or as an individual on the Testnet.
 
-This will create you an account with the Testnet onboarding application which will enable you to provision and manage multiple Corda nodes on Testnet. You will log in to this account to view and manage you Corda Testnet identitiy certificates.
+This will create an account with the Testnet on-boarding application which will enable you to provision and manage multiple Corda nodes on Testnet. You will log in to this account to view and manage you Corda Testnet identity certificates.
 
 .. image:: resources/testnet-account-type.png 
 
@@ -30,23 +30,17 @@ Fill in the form with your details.
 
 .. note::
 
-   Testnet is currently invitation only. If your request is approved you will receive an email. Please fill in as many details as possible as it helps us proritise requests. The approval process will take place daily by a member of the r3 operations team reviewing all invite requests and making a decision based on current rate of onboarding of new customers.
+   Testnet is currently invitation only. If your request is approved you will receive an email. Please fill in as many details as possible as it helps us prioritise requests. The approval process will take place daily by a member of the r3 operations team reviewing all invite requests and making a decision based on current rate of onboarding of new customers.
 
 .. image:: resources/testnet-form.png 
 
-.. note::
-
-   We currently only support federated login using Google email accounts. Please ensure the email you use to register is a Gmail account or is set up as a Google account and that you use this email to log in.
-
-Gmail is recommended. If you want to use a non-Gmail account you can enable your email for Google: https://support.google.com/accounts/answer/176347?hl=en
-	   
 Once you have been approved, navigate to https://testnet.corda.network and click on "I have an invitation".
 
-Sign in using the Google login service:
+Sign in using either your email address and password, or "Sign in with Google":
 
 .. image:: resources/testnet-signin.png 
 
-When prompted approve the Testnet application:
+If using Google accounts, approve the Testnet application when prompted:
 
 .. image:: resources/testnet-signin-auth.png 
 
@@ -66,7 +60,7 @@ Select the cloud provider you wish to use for documentation on how to specifical
 
 Once your cloud instance is set up you can install and run your Testnet pre-provisioned Corda node by clicking on "Copy" and pasting the one time link into your remote cloud terminal.
 	   
-The installation script will download the Corda binaries as well as your PKI certificates, private keys and suporting files and will install and run Corda on your fresh cloud VM. Your node will register itself with the Corda Testnet when it first runs and be added to the global network map and be visible to counterparties after approximately 5 minutes. 
+The installation script will download the Corda binaries as well as your PKI certificates, private keys and supporting files and will install and run Corda on your fresh cloud VM. Your node will register itself with the Corda Testnet when it first runs and be added to the global network map and be visible to counterparties after approximately 5 minutes.
 
 Hosting a Corda node locally is possible but will require manually configuring firewall and port forwarding on your local router. If you want this option then click on the "Download" button to download a Zip file with a pre-configured Corda node.
 
@@ -76,5 +70,5 @@ Hosting a Corda node locally is possible but will require manually configuring f
 A note on identities on Corda Testnet
 -------------------------------------
 
-Unlike the main Corda Network, which is designed for verified real world identities, The Corda Testnet automatically assigns a "distinguished name" as your identity on the network. This is to prevent name abuse such as the use of offensive language in the names or name squatting. This allows the provision of a node to be automatic and instantaneous. It also enables the same user to safely generate many nodes without accidental name conflicts. If you require a human readable name then please contact support and a partial organsation name can be approved. 
+Unlike the main Corda Network, which is designed for verified real world identities, The Corda Testnet automatically assigns a "distinguished name" as your identity on the network. This is to prevent name abuse such as the use of offensive language in the names or name squatting. This allows the provision of a node to be automatic and instantaneous. It also enables the same user to safely generate many nodes without accidental name conflicts. If you require a human readable name then please contact support and a partial organisation name can be approved.
 

From 8af404427f79685831fea4f8e264b98037189774 Mon Sep 17 00:00:00 2001
From: Mike Hearn <mike@r3.com>
Date: Thu, 18 Oct 2018 14:49:25 +0100
Subject: [PATCH 59/83] Address review comments

---
 docs/source/compatibility-zones.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/source/compatibility-zones.rst b/docs/source/compatibility-zones.rst
index 060496c2ca..eb3e6680b2 100644
--- a/docs/source/compatibility-zones.rst
+++ b/docs/source/compatibility-zones.rst
@@ -8,8 +8,8 @@ Compatibility zones
 ===================
 
 Every Corda node is part of a "zone" (also sometimes called a Corda network) that is *permissioned*. Production
-deployments require a secure certificate authority. Most users will join an existing network such as the main Corda
-network or the Corda TestNet. We use the term "zone" to refer to a set of technically compatible nodes reachable
+deployments require a secure certificate authority. Most users will join an existing network such as Corda
+Network (the main network) or the Corda Testnet. We use the term "zone" to refer to a set of technically compatible nodes reachable
 over a TCP/IP network like the internet. The word "network" is used in Corda but can be ambiguous with the concept
 of a "business network", which is usually more like a membership list or subset of nodes in a zone that have agreed
 to trade with each other.

From 7cfd44e38348421c1da5b2d3845ee4e3065ab0be Mon Sep 17 00:00:00 2001
From: Katelyn Baker <katelyn.baker@r3.com>
Date: Thu, 18 Oct 2018 15:39:42 +0100
Subject: [PATCH 60/83] CORDA-2113 - Include PNM ID in CSR (#4086)

* CORDA-2113 - Include PNM ID in CSR

If Compatibility Zone operator is using private networks and the node
should be joining one, optionally the ID (a UUID) of that network can be
included as part of the node's CSR to to the Doorman.

* fix broken test
---
 .idea/compiler.xml                            |  2 +-
 docs/source/corda-configuration-file.rst      |  1 +
 .../node/services/network/NetworkMapTest.kt   | 12 ++++--
 .../registration/NodeRegistrationTest.kt      |  1 +
 .../net/corda/node/internal/NodeStartup.kt    | 28 ++++++++-----
 .../node/services/config/NodeConfiguration.kt |  6 ++-
 .../HTTPNetworkRegistrationService.kt         | 11 +++--
 .../registration/NetworkRegistrationHelper.kt | 23 ++++++----
 .../testing/node/internal/DriverDSLImpl.kt    | 42 +++++++++++++++----
 9 files changed, 89 insertions(+), 37 deletions(-)

diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index 4cfe9a6d84..1a8dc8210d 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -239,4 +239,4 @@
   <component name="JavacSettings">
     <option name="ADDITIONAL_OPTIONS_STRING" value="-parameters" />
   </component>
-</project>
\ No newline at end of file
+</project>
diff --git a/docs/source/corda-configuration-file.rst b/docs/source/corda-configuration-file.rst
index 8c6e003ee0..e5afa2f27b 100644
--- a/docs/source/corda-configuration-file.rst
+++ b/docs/source/corda-configuration-file.rst
@@ -194,6 +194,7 @@ absolute path to the node's base directory.
 
     :doormanURL: Root address of the network registration service.
     :networkMapURL: Root address of the network map service.
+    :pnm: Optional UUID of the private network operating within the compatibility zone this node should be joinging.
 
         .. note:: Only one of ``compatibilityZoneURL`` or ``networkServices`` should be used.
 
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/network/NetworkMapTest.kt b/node/src/integration-test/kotlin/net/corda/node/services/network/NetworkMapTest.kt
index 487135a000..943b2c0707 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/network/NetworkMapTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/network/NetworkMapTest.kt
@@ -47,18 +47,22 @@ class NetworkMapTest(var initFunc: (URL, NetworkMapServer) -> CompatibilityZoneP
         @JvmStatic
         @Parameterized.Parameters(name = "{0}")
         fun runParams() = listOf(
-                { addr: URL, nms: NetworkMapServer ->
-                    SharedCompatibilityZoneParams(
+                {
+                    addr: URL,
+                    nms: NetworkMapServer -> SharedCompatibilityZoneParams(
                             addr,
+                            pnm = null,
                             publishNotaries = {
                                 nms.networkParameters = testNetworkParameters(it, modifiedTime = Instant.ofEpochMilli(random63BitValue()), epoch = 2)
                             }
                     )
                 },
-                { addr: URL, nms: NetworkMapServer ->
-                    SplitCompatibilityZoneParams(
+                {
+                    addr: URL,
+                    nms: NetworkMapServer -> SplitCompatibilityZoneParams (
                             doormanURL = URL("http://I/Don't/Exist"),
                             networkMapURL = addr,
+                            pnm = null,
                             publishNotaries = {
                                 nms.networkParameters = testNetworkParameters(it, modifiedTime = Instant.ofEpochMilli(random63BitValue()), epoch = 2)
                             }
diff --git a/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt b/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
index 40f01263c0..d86c365366 100644
--- a/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
@@ -81,6 +81,7 @@ class NodeRegistrationTest {
     fun `node registration correct root cert`() {
         val compatibilityZone = SharedCompatibilityZoneParams(
                 URL("http://$serverHostAndPort"),
+                null,
                 publishNotaries = { server.networkParameters = testNetworkParameters(it) },
                 rootCert = DEV_ROOT_CA.certificate)
         internalDriver(
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 110a29cdca..3d0f1b8c58 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -152,7 +152,7 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
 
     private val handleRegistrationError = { error: Exception ->
         when (error) {
-            is NodeRegistrationException -> error.logAsExpected("Node registration service is unavailable. Perhaps try to perform the initial registration again after a while.")
+            is NodeRegistrationException -> error.logAsExpected("Issue with Node registration: ${error.message}")
             else -> error.logAsUnexpected("Exception during node registration")
         }
     }
@@ -385,17 +385,23 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         logger.info(nodeStartedMessage)
     }
 
-    protected open fun registerWithNetwork(conf: NodeConfiguration, versionInfo: VersionInfo, nodeRegistrationConfig: NodeRegistrationOption) {
-        val compatibilityZoneURL = conf.networkServices?.doormanURL ?: throw RuntimeException(
-                "compatibilityZoneURL or networkServices must be configured!")
+    protected open fun registerWithNetwork(
+            conf: NodeConfiguration,
+            versionInfo: VersionInfo,
+            nodeRegistrationConfig: NodeRegistrationOption
+    ) {
+        println("\n" +
+                "******************************************************************\n" +
+                "*                                                                *\n" +
+                "*      Registering as a new participant with a Corda network     *\n" +
+                "*                                                                *\n" +
+                "******************************************************************\n")
 
-        println()
-        println("******************************************************************")
-        println("*                                                                *")
-        println("*       Registering as a new participant with Corda network      *")
-        println("*                                                                *")
-        println("******************************************************************")
-        NodeRegistrationHelper(conf, HTTPNetworkRegistrationService(compatibilityZoneURL, versionInfo), nodeRegistrationConfig).buildKeystore()
+        NodeRegistrationHelper(conf,
+                HTTPNetworkRegistrationService(
+                        requireNotNull(conf.networkServices),
+                        versionInfo),
+                nodeRegistrationConfig).buildKeystore()
 
         // Minimal changes to make registration tool create node identity.
         // TODO: Move node identity generation logic from node to registration helper.
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index 5da2e9724f..f7cf92aa36 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -156,6 +156,8 @@ data class BFTSMaRtConfiguration(
  *
  * @property doormanURL The URL of the tls certificate signing service.
  * @property networkMapURL The URL of the Network Map service.
+ * @property pnm If the compatibility zone operator supports the private network map option, have the node
+ * at registration automatically join that private network.
  * @property inferred Non user setting that indicates weather the Network Services configuration was
  * set explicitly ([inferred] == false) or weather they have been inferred via the compatibilityZoneURL parameter
  * ([inferred] == true) where both the network map and doorman are running on the same endpoint. Only one,
@@ -164,6 +166,7 @@ data class BFTSMaRtConfiguration(
 data class NetworkServicesConfig(
         val doormanURL: URL,
         val networkMapURL: URL,
+        val pnm: UUID? = null,
         val inferred : Boolean = false
 )
 
@@ -371,8 +374,9 @@ data class NodeConfigurationImpl(
             """.trimMargin())
         }
 
+        // Support the deprecated method of configuring network services with a single compatibilityZoneURL option
         if (compatibilityZoneURL != null && networkServices == null) {
-            networkServices = NetworkServicesConfig(compatibilityZoneURL, compatibilityZoneURL, true)
+            networkServices = NetworkServicesConfig(compatibilityZoneURL, compatibilityZoneURL, inferred = true)
         }
         require(h2port == null || h2Settings == null) { "Cannot specify both 'h2port' and 'h2Settings' in configuration" }
     }
diff --git a/node/src/main/kotlin/net/corda/node/utilities/registration/HTTPNetworkRegistrationService.kt b/node/src/main/kotlin/net/corda/node/utilities/registration/HTTPNetworkRegistrationService.kt
index 3e422bc969..5de12f20c4 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/HTTPNetworkRegistrationService.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/HTTPNetworkRegistrationService.kt
@@ -6,6 +6,7 @@ import net.corda.core.internal.post
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.seconds
 import net.corda.node.VersionInfo
+import net.corda.node.services.config.NetworkServicesConfig
 import net.corda.nodeapi.internal.crypto.X509CertificateFactory
 import okhttp3.CacheControl
 import okhttp3.Headers
@@ -19,8 +20,11 @@ import java.util.*
 import java.util.zip.ZipInputStream
 import javax.naming.ServiceUnavailableException
 
-class HTTPNetworkRegistrationService(compatibilityZoneURL: URL, val versionInfo: VersionInfo) : NetworkRegistrationService {
-    private val registrationURL = URL("$compatibilityZoneURL/certificate")
+class HTTPNetworkRegistrationService(
+        val config : NetworkServicesConfig,
+        val versionInfo: VersionInfo
+) : NetworkRegistrationService {
+    private val registrationURL = URL("${config.doormanURL}/certificate")
 
     companion object {
         private val TRANSIENT_ERROR_STATUS_CODES = setOf(HTTP_BAD_GATEWAY, HTTP_UNAVAILABLE, HTTP_GATEWAY_TIMEOUT)
@@ -54,7 +58,8 @@ class HTTPNetworkRegistrationService(compatibilityZoneURL: URL, val versionInfo:
     override fun submitRequest(request: PKCS10CertificationRequest): String {
         return String(registrationURL.post(OpaqueBytes(request.encoded),
                 "Platform-Version" to "${versionInfo.platformVersion}",
-                "Client-Version" to versionInfo.releaseVersion))
+                "Client-Version" to versionInfo.releaseVersion,
+                "Private-Network-Map" to (config.pnm?.toString() ?: "")))
     }
 }
 
diff --git a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
index 3d4e735498..eb1aac885b 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
@@ -96,10 +96,9 @@ open class NetworkRegistrationHelper(private val certificatesDirectory: Path,
         val requestId = try {
             submitOrResumeCertificateSigningRequest(keyPair)
         } catch (e: Exception) {
-            if (e is ConnectException || e is ServiceUnavailableException || e is IOException) {
-                throw NodeRegistrationException(e)
-            }
-            throw e
+            throw if (e is ConnectException || e is ServiceUnavailableException || e is IOException) {
+                NodeRegistrationException(e.message, e)
+            } else e
         }
 
         val certificates = try {
@@ -200,7 +199,8 @@ open class NetworkRegistrationHelper(private val certificatesDirectory: Path,
                 if (idlePeriodDuration != null) {
                     Thread.sleep(idlePeriodDuration.toMillis())
                 } else {
-                    throw NodeRegistrationException(e)
+                    throw NodeRegistrationException("Compatibility Zone registration service is currently unavailable, "
+                            + "try again later!.", e)
                 }
             }
         }
@@ -249,10 +249,17 @@ open class NetworkRegistrationHelper(private val certificatesDirectory: Path,
     protected open fun isTlsCrlIssuerCertRequired(): Boolean = false
 }
 
-class NodeRegistrationException(cause: Throwable?) : IOException("Unable to contact node registration service", cause)
+class NodeRegistrationException(
+        message: String?,
+        cause: Throwable?
+) : IOException(message ?: "Unable to contact node registration service", cause)
 
-class NodeRegistrationHelper(private val config: NodeConfiguration, certService: NetworkRegistrationService, regConfig: NodeRegistrationOption, computeNextIdleDoormanConnectionPollInterval: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1))) :
-        NetworkRegistrationHelper(
+class NodeRegistrationHelper(
+        private val config: NodeConfiguration,
+        certService: NetworkRegistrationService,
+        regConfig: NodeRegistrationOption,
+        computeNextIdleDoormanConnectionPollInterval: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1))
+) : NetworkRegistrationHelper(
                 config.certificatesDirectory,
                 config.signingCertificateStore,
                 config.myLegalName,
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index d952d07414..e87557f716 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -222,7 +222,7 @@ class DriverDSLImpl(
 
         val registrationFuture = if (compatibilityZone?.rootCert != null) {
             // We don't need the network map to be available to be able to register the node
-            startNodeRegistration(name, compatibilityZone.rootCert, compatibilityZone.doormanURL())
+            startNodeRegistration(name, compatibilityZone.rootCert, compatibilityZone.config())
         } else {
             doneFuture(Unit)
         }
@@ -275,14 +275,18 @@ class DriverDSLImpl(
         return startNodeInternal(config, webAddress, startInSameProcess, maximumHeapSize, localNetworkMap, additionalCordapps, regenerateCordappsOnStart)
     }
 
-    private fun startNodeRegistration(providedName: CordaX500Name, rootCert: X509Certificate, compatibilityZoneURL: URL): CordaFuture<NodeConfig> {
+    private fun startNodeRegistration(
+            providedName: CordaX500Name,
+            rootCert: X509Certificate,
+            networkServicesConfig: NetworkServicesConfig
+    ): CordaFuture<NodeConfig> {
         val baseDirectory = baseDirectory(providedName).createDirectories()
         val config = NodeConfig(ConfigHelper.loadConfig(
                 baseDirectory = baseDirectory,
                 allowMissingConfig = true,
                 configOverrides = configOf(
                         "p2pAddress" to portAllocation.nextHostAndPort().toString(),
-                        "compatibilityZoneURL" to compatibilityZoneURL.toString(),
+                        "compatibilityZoneURL" to networkServicesConfig.doormanURL.toString(),
                         "myLegalName" to providedName.toString(),
                         "rpcSettings" to mapOf(
                                 "address" to portAllocation.nextHostAndPort().toString(),
@@ -305,7 +309,7 @@ class DriverDSLImpl(
             executorService.fork {
                 NodeRegistrationHelper(
                         config.corda,
-                        HTTPNetworkRegistrationService(compatibilityZoneURL, versionInfo),
+                        HTTPNetworkRegistrationService(networkServicesConfig, versionInfo),
                         NodeRegistrationOption(rootTruststorePath, rootTruststorePassword)
                 ).buildKeystore()
                 config
@@ -371,7 +375,7 @@ class DriverDSLImpl(
                 startNotaryIdentityGeneration()
             } else {
                 // With a root cert specified we delegate generation of the notary identities to the CZ.
-                startAllNotaryRegistrations(compatibilityZone.rootCert, compatibilityZone.doormanURL())
+                startAllNotaryRegistrations(compatibilityZone.rootCert, compatibilityZone)
             }
             notaryInfosFuture.map { notaryInfos ->
                 compatibilityZone.publishNotaries(notaryInfos)
@@ -422,16 +426,22 @@ class DriverDSLImpl(
         }
     }
 
-    private fun startAllNotaryRegistrations(rootCert: X509Certificate, compatibilityZoneURL: URL): CordaFuture<List<NotaryInfo>> {
+    private fun startAllNotaryRegistrations(
+            rootCert: X509Certificate,
+            compatibilityZone: CompatibilityZoneParams): CordaFuture<List<NotaryInfo>> {
         // Start the registration process for all the notaries together then wait for their responses.
         return notarySpecs.map { spec ->
             require(spec.cluster == null) { "Registering distributed notaries not supported" }
-            startNotaryRegistration(spec, rootCert, compatibilityZoneURL)
+            startNotaryRegistration(spec, rootCert, compatibilityZone)
         }.transpose()
     }
 
-    private fun startNotaryRegistration(spec: NotarySpec, rootCert: X509Certificate, compatibilityZoneURL: URL): CordaFuture<NotaryInfo> {
-        return startNodeRegistration(spec.name, rootCert, compatibilityZoneURL).flatMap { config ->
+    private fun startNotaryRegistration(
+            spec: NotarySpec,
+            rootCert: X509Certificate,
+            compatibilityZone: CompatibilityZoneParams
+    ): CordaFuture<NotaryInfo> {
+        return startNodeRegistration(spec.name, rootCert, compatibilityZone.config()).flatMap { config ->
             // Node registration only gives us the node CA cert, not the identity cert. That is only created on first
             // startup or when the node is told to just generate its node info file. We do that here.
             if (startNodesInProcess) {
@@ -1067,6 +1077,7 @@ sealed class CompatibilityZoneParams(
 ) {
     abstract fun networkMapURL(): URL
     abstract fun doormanURL(): URL
+    abstract fun config() : NetworkServicesConfig
 }
 
 /**
@@ -1074,11 +1085,18 @@ sealed class CompatibilityZoneParams(
  */
 class SharedCompatibilityZoneParams(
         private val url: URL,
+        private val pnm : UUID?,
         publishNotaries: (List<NotaryInfo>) -> Unit,
         rootCert: X509Certificate? = null
 ) : CompatibilityZoneParams(publishNotaries, rootCert) {
+
+    val config : NetworkServicesConfig by lazy {
+        NetworkServicesConfig(url, url, pnm, false)
+    }
+
     override fun doormanURL() = url
     override fun networkMapURL() = url
+    override fun config() : NetworkServicesConfig = config
 }
 
 /**
@@ -1087,11 +1105,17 @@ class SharedCompatibilityZoneParams(
 class SplitCompatibilityZoneParams(
         private val doormanURL: URL,
         private val networkMapURL: URL,
+        private val pnm : UUID?,
         publishNotaries: (List<NotaryInfo>) -> Unit,
         rootCert: X509Certificate? = null
 ) : CompatibilityZoneParams(publishNotaries, rootCert) {
+    val config : NetworkServicesConfig by lazy {
+        NetworkServicesConfig(doormanURL, networkMapURL, pnm, false)
+    }
+
     override fun doormanURL() = doormanURL
     override fun networkMapURL() = networkMapURL
+    override fun config() : NetworkServicesConfig = config
 }
 
 fun <A> internalDriver(

From e99fa975f7f5e599b6f7ef1207868fba89948d3f Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Fri, 19 Oct 2018 11:17:20 +0100
Subject: [PATCH 61/83] CORDA-535: Allow notary implementations to specify a
 serialization filter (#4054)

Only allow custom serialization filters in dev mode.
---
 docs/source/changelog.rst                     |  3 +++
 docs/source/running-a-notary.rst              |  4 +++-
 .../corda/notary/bftsmart/BFTSMaRtConfig.kt   |  7 ------
 .../notary/bftsmart/BftSmartNotaryService.kt  | 12 +++++++++-
 .../net/corda/node/internal/AbstractNode.kt   | 24 +++++++++++++++++++
 .../net/corda/node/internal/NodeStartup.kt    | 13 ++--------
 6 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index 827dee6db5..c942bff9d3 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -11,6 +11,9 @@ Unreleased
 
 * Introduce minimum and target platform version for CorDapps.
 
+* BFT-Smart and Raft notary implementations have been extracted out of node into ``experimental`` CorDapps to emphasise
+  their experimental nature. Moreover, the BFT-Smart notary will only work in dev mode due to its use of Java serialization.
+
 * Vault storage of contract state constraints metadata and associated vault query functions to retrieve and sort by constraint type.
 
 * New overload for ``CordaRPCClient.start()`` method allowing to specify target legal identity to use for RPC call.
diff --git a/docs/source/running-a-notary.rst b/docs/source/running-a-notary.rst
index cebfbfb459..567908c471 100644
--- a/docs/source/running-a-notary.rst
+++ b/docs/source/running-a-notary.rst
@@ -43,6 +43,8 @@ Byzantine fault-tolerant (experimental)
 
 A prototype BFT notary implementation based on `BFT-Smart <https://github.com/bft-smart/library>`_ is available. You can
 try it out on our `notary demo <https://github.com/corda/corda/tree/release-V3.1/samples/notary-demo>`_ page. Note that it
-is still experimental and there is active work ongoing for a production ready solution.
+is still experimental and there is active work ongoing for a production ready solution. Additionally, BFT-Smart requires Java
+serialization which is disabled by default in Corda due to security risks, and it will only work in dev mode where this can
+be customised.
 
 We do not recommend using it in any long-running test or production deployments.
\ No newline at end of file
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
index 489f190d6f..d31e6fb203 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
@@ -92,10 +92,3 @@ fun maxFaultyReplicas(clusterSize: Int) = (clusterSize - 1) / 3
 fun minCorrectReplicas(clusterSize: Int) = (2 * clusterSize + 3) / 3
 fun minClusterSize(maxFaultyReplicas: Int) = maxFaultyReplicas * 3 + 1
 
-fun bftSMaRtSerialFilter(clazz: Class<*>): Boolean = clazz.name.let {
-    it.startsWith("bftsmart.")
-            || it.startsWith("java.security.")
-            || it.startsWith("java.util.")
-            || it.startsWith("java.lang.")
-            || it.startsWith("java.net.")
-}
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
index 57560699cb..391b92a630 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
@@ -10,7 +10,6 @@ import net.corda.core.identity.Party
 import net.corda.core.internal.notary.NotaryInternalException
 import net.corda.core.internal.notary.NotaryService
 import net.corda.core.internal.notary.verifySignature
-import net.corda.core.schemas.MappedSchema
 import net.corda.core.schemas.PersistentStateRef
 import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
@@ -41,6 +40,17 @@ class BftSmartNotaryService(
 ) : NotaryService() {
     companion object {
         private val log = contextLogger()
+        @JvmStatic
+        val serializationFilter
+            get() = { clazz: Class<*> ->
+                clazz.name.let {
+                    it.startsWith("bftsmart.")
+                            || it.startsWith("java.security.")
+                            || it.startsWith("java.util.")
+                            || it.startsWith("java.lang.")
+                            || it.startsWith("java.net.")
+                }
+            }
     }
 
     private val notaryConfig = services.configuration.notary
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 950e2df204..c196bf639e 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -32,6 +32,7 @@ import net.corda.core.serialization.SerializeAsToken
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.utilities.*
 import net.corda.node.CordaClock
+import net.corda.node.SerialFilter
 import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.classloading.requireAnnotation
@@ -86,6 +87,7 @@ import org.slf4j.Logger
 import rx.Observable
 import rx.Scheduler
 import java.io.IOException
+import java.lang.UnsupportedOperationException
 import java.lang.reflect.InvocationTargetException
 import java.nio.file.Paths
 import java.security.KeyPair
@@ -153,6 +155,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             schemaService,
             configuration.dataSourceProperties,
             cacheFactory)
+
     init {
         // TODO Break cyclic dependency
         identityService.database = database
@@ -766,6 +769,10 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
 
             val notaryKey = myNotaryIdentity?.owningKey
                     ?: throw IllegalArgumentException("Unable to start notary service $serviceClass: notary identity not found")
+
+            /** Some notary implementations only work with Java serialization. */
+            maybeInstallSerializationFilter(serviceClass)
+
             val constructor = serviceClass.getDeclaredConstructor(ServiceHubInternal::class.java, PublicKey::class.java).apply { isAccessible = true }
             val service = constructor.newInstance(services, notaryKey) as NotaryService
 
@@ -779,6 +786,23 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         }
     }
 
+    /** Installs a custom serialization filter defined by a notary service implementation. Only supported in dev mode. */
+    private fun maybeInstallSerializationFilter(serviceClass: Class<out NotaryService>) {
+        try {
+            @Suppress("UNCHECKED_CAST")
+            val filter = serviceClass.getDeclaredMethod("getSerializationFilter").invoke(null) as ((Class<*>) -> Boolean)
+            if (configuration.devMode) {
+                log.warn("Installing a custom Java serialization filter, required by ${serviceClass.name}. " +
+                        "Note this is only supported in dev mode – a production node will fail to start if serialization filters are used.")
+                SerialFilter.install(filter)
+            } else {
+                throw UnsupportedOperationException("Unable to install a custom Java serialization filter, not in dev mode.")
+            }
+        } catch (e: NoSuchMethodException) {
+            // No custom serialization filter declared
+        }
+    }
+
     private fun getNotaryServiceClass(className: String): Class<out NotaryService> {
         val loadedImplementations = cordappLoader.cordapps.mapNotNull { it.notaryService }
         log.debug("Notary service implementations found: ${loadedImplementations.joinToString(", ")}")
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 3d0f1b8c58..10fc55f7e5 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -414,17 +414,8 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
     protected open fun loadConfigFile(): Pair<Config, Try<NodeConfiguration>> = cmdLineOptions.loadConfig()
 
     protected open fun banJavaSerialisation(conf: NodeConfiguration) {
-        SerialFilter.install(if (conf.notary?.bftSMaRt != null) ::bftSMaRtSerialFilter else ::defaultSerialFilter)
-    }
-
-    /** This filter is required for BFT-Smart to work as it only supports Java serialization. */
-    // TODO: move this filter out of the node, allow Cordapps to specify filters.
-    private fun bftSMaRtSerialFilter(clazz: Class<*>): Boolean = clazz.name.let {
-        it.startsWith("bftsmart.")
-                || it.startsWith("java.security.")
-                || it.startsWith("java.util.")
-                || it.startsWith("java.lang.")
-                || it.startsWith("java.net.")
+        // Note that in dev mode this filter can be overridden by a notary service implementation.
+        SerialFilter.install(::defaultSerialFilter)
     }
 
     protected open fun getVersionInfo(): VersionInfo {

From f685df46b51a2593c238f587ab93ead704ac544c Mon Sep 17 00:00:00 2001
From: Thomas Schroeter <thomas.schroeter@r3.com>
Date: Fri, 19 Oct 2018 11:40:59 +0100
Subject: [PATCH 62/83] [ENT-1774] FlowAsyncOperation deduplication ID (#4068)

---
 .idea/compiler.xml                            |  2 +
 .../corda/core/internal/FlowAsyncOperation.kt | 12 +++--
 .../core/internal/WaitForStateConsumption.kt  |  4 +-
 .../flowstatemachines/SummingOperation.java   |  2 +-
 .../SummingOperationThrowing.java             |  2 +-
 .../TutorialFlowAsyncOperation.kt             |  4 +-
 .../net/corda/node/flows/FlowRetryTest.kt     | 51 ++++++++++++++++++-
 .../node/services/statemachine/Action.kt      |  2 +-
 .../statemachine/ActionExecutorImpl.kt        |  2 +-
 .../transitions/StartedFlowTransition.kt      |  5 +-
 10 files changed, 73 insertions(+), 13 deletions(-)

diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index 1a8dc8210d..6f25d0a850 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -134,6 +134,8 @@
       <module name="loadtest_test" target="1.8" />
       <module name="mock_main" target="1.8" />
       <module name="mock_test" target="1.8" />
+      <module name="net.corda-verifier_main" target="1.8" />
+      <module name="net.corda-verifier_test" target="1.8" />
       <module name="net.corda_buildSrc_main" target="1.8" />
       <module name="net.corda_buildSrc_test" target="1.8" />
       <module name="net.corda_canonicalizer_main" target="1.8" />
diff --git a/core/src/main/kotlin/net/corda/core/internal/FlowAsyncOperation.kt b/core/src/main/kotlin/net/corda/core/internal/FlowAsyncOperation.kt
index 48959c885d..fb02a4da97 100644
--- a/core/src/main/kotlin/net/corda/core/internal/FlowAsyncOperation.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/FlowAsyncOperation.kt
@@ -12,8 +12,14 @@ import net.corda.core.serialization.CordaSerializable
  */
 @CordaSerializable
 interface FlowAsyncOperation<R : Any> {
-    /** Performs the operation in a non-blocking fashion. */
-    fun execute(): CordaFuture<R>
+    /**
+     * Performs the operation in a non-blocking fashion.
+     * @param deduplicationId  If the flow restarts from a checkpoint (due to node restart, or via a visit to the flow
+     * hospital following an error) the execute method might be called more than once by the Corda flow state machine.
+     * For each duplicate call, the deduplicationId is guaranteed to be the same allowing duplicate requests to be
+     * de-duplicated if necessary inside the execute method.
+     */
+    fun execute(deduplicationId: String): CordaFuture<R>
 }
 // DOCEND FlowAsyncOperation
 
@@ -24,4 +30,4 @@ fun <T, R : Any> FlowLogic<T>.executeAsync(operation: FlowAsyncOperation<R>, may
     val request = FlowIORequest.ExecuteAsyncOperation(operation)
     return stateMachine.suspend(request, maySkipCheckpoint)
 }
-// DOCEND executeAsync
\ No newline at end of file
+// DOCEND executeAsync
diff --git a/core/src/main/kotlin/net/corda/core/internal/WaitForStateConsumption.kt b/core/src/main/kotlin/net/corda/core/internal/WaitForStateConsumption.kt
index 6c6dcb8605..ad6d94f93f 100644
--- a/core/src/main/kotlin/net/corda/core/internal/WaitForStateConsumption.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/WaitForStateConsumption.kt
@@ -22,7 +22,7 @@ class WaitForStateConsumption(val stateRefs: Set<StateRef>, val services: Servic
         val logger = contextLogger()
     }
 
-    override fun execute(): CordaFuture<Unit> {
+    override fun execute(deduplicationId: String): CordaFuture<Unit> {
         val futures = stateRefs.map { services.vaultService.whenConsumed(it).toCompletableFuture() }
         val completedFutures = futures.filter { it.isDone }
 
@@ -40,4 +40,4 @@ class WaitForStateConsumption(val stateRefs: Set<StateRef>, val services: Servic
 
         return CompletableFuture.allOf(*futures.toTypedArray()).thenApply { Unit }.asCordaFuture()
     }
-}
\ No newline at end of file
+}
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperation.java b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperation.java
index d313fdb8ce..7b23e22efe 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperation.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperation.java
@@ -12,7 +12,7 @@ public final class SummingOperation implements FlowAsyncOperation<Integer> {
 
     @NotNull
     @Override
-    public CordaFuture<Integer> execute() {
+    public CordaFuture<Integer> execute(String deduplicationId) {
         return CordaFutureImplKt.doneFuture(this.a + this.b);
     }
 
diff --git a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperationThrowing.java b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperationThrowing.java
index 1a759074b0..91c30eaf4c 100644
--- a/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperationThrowing.java
+++ b/docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/flowstatemachines/SummingOperationThrowing.java
@@ -11,7 +11,7 @@ public final class SummingOperationThrowing implements FlowAsyncOperation<Intege
 
     @NotNull
     @Override
-    public CordaFuture<Integer> execute() {
+    public CordaFuture<Integer> execute(String deduplicationId) {
         throw new IllegalStateException("You shouldn't be calling me");
     }
 
diff --git a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/flowstatemachines/TutorialFlowAsyncOperation.kt b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/flowstatemachines/TutorialFlowAsyncOperation.kt
index dfbf8c158d..c956a713ec 100644
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/flowstatemachines/TutorialFlowAsyncOperation.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/kotlin/tutorial/flowstatemachines/TutorialFlowAsyncOperation.kt
@@ -11,7 +11,7 @@ import net.corda.core.internal.executeAsync
 
 // DOCSTART SummingOperation
 class SummingOperation(val a: Int, val b: Int) : FlowAsyncOperation<Int> {
-    override fun execute(): CordaFuture<Int> {
+    override fun execute(deduplicationId: String): CordaFuture<Int> {
         return doneFuture(a + b)
     }
 }
@@ -19,7 +19,7 @@ class SummingOperation(val a: Int, val b: Int) : FlowAsyncOperation<Int> {
 
 // DOCSTART SummingOperationThrowing
 class SummingOperationThrowing(val a: Int, val b: Int) : FlowAsyncOperation<Int> {
-    override fun execute(): CordaFuture<Int> {
+    override fun execute(deduplicationId: String): CordaFuture<Int> {
         throw IllegalStateException("You shouldn't be calling me")
     }
 }
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
index 92334a7548..b1b0f0443f 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowRetryTest.kt
@@ -3,9 +3,13 @@ package net.corda.node.flows
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.client.rpc.CordaRPCClient
 import net.corda.core.CordaRuntimeException
+import net.corda.core.concurrent.CordaFuture
 import net.corda.core.flows.*
 import net.corda.core.identity.Party
+import net.corda.core.internal.FlowAsyncOperation
 import net.corda.core.internal.IdempotentFlow
+import net.corda.core.internal.concurrent.doneFuture
+import net.corda.core.internal.executeAsync
 import net.corda.core.messaging.startFlow
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.utilities.ProgressTracker
@@ -56,6 +60,21 @@ class FlowRetryTest {
         assertEquals("$numSessions:$numIterations", result)
     }
 
+    @Test
+    fun `async operation deduplication id is stable accross retries`() {
+        val user = User("mark", "dadada", setOf(Permissions.startFlow<AsyncRetryFlow>()))
+        driver(DriverParameters(
+                startNodesInProcess = isQuasarAgentSpecified(),
+                notarySpecs = emptyList()
+        )) {
+            val nodeAHandle = startNode(providedName = ALICE_NAME, rpcUsers = listOf(user)).getOrThrow()
+
+            CordaRPCClient(nodeAHandle.rpcAddress).start(user.username, user.password).use {
+                it.proxy.startFlow(::AsyncRetryFlow).returnValue.getOrThrow()
+            }
+        }
+    }
+
     @Test
     fun `flow gives up after number of exceptions, even if this is the first line of the flow`() {
         val user = User("mark", "dadada", setOf(Permissions.startFlow<RetryFlow>()))
@@ -218,6 +237,36 @@ class RetryFlow() : FlowLogic<String>(), IdempotentFlow {
     }
 }
 
+@StartableByRPC
+class AsyncRetryFlow() : FlowLogic<String>(), IdempotentFlow {
+    companion object {
+        object FIRST_STEP : ProgressTracker.Step("Step one")
+
+        fun tracker() = ProgressTracker(FIRST_STEP)
+
+        val deduplicationIds = mutableSetOf<String>()
+    }
+
+    class RecordDeduplicationId: FlowAsyncOperation<String> {
+        override fun execute(deduplicationId: String): CordaFuture<String> {
+            val dedupeIdIsNew = deduplicationIds.add(deduplicationId)
+            if (dedupeIdIsNew) {
+                throw ExceptionToCauseFiniteRetry()
+            }
+            return doneFuture(deduplicationId)
+        }
+    }
+
+    override val progressTracker = tracker()
+
+    @Suspendable
+    override fun call(): String {
+        progressTracker.currentStep = FIRST_STEP
+        executeAsync(RecordDeduplicationId())
+        return "Result"
+    }
+}
+
 @StartableByRPC
 class ThrowingFlow() : FlowLogic<String>(), IdempotentFlow {
     companion object {
@@ -237,4 +286,4 @@ class ThrowingFlow() : FlowLogic<String>(), IdempotentFlow {
         progressTracker.currentStep = FIRST_STEP
         return "Result"
     }
-}
\ No newline at end of file
+}
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/Action.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/Action.kt
index 73ac04b73e..a785347ff3 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/Action.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/Action.kt
@@ -124,7 +124,7 @@ sealed class Action {
     /**
      * Execute the specified [operation].
      */
-    data class ExecuteAsyncOperation(val operation: FlowAsyncOperation<*>) : Action()
+    data class ExecuteAsyncOperation(val deduplicationId: String, val operation: FlowAsyncOperation<*>) : Action()
 
     /**
      * Release soft locks associated with given ID (currently the flow ID).
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/ActionExecutorImpl.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/ActionExecutorImpl.kt
index 00a0406dbe..bd2e5a5169 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/ActionExecutorImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/ActionExecutorImpl.kt
@@ -221,7 +221,7 @@ class ActionExecutorImpl(
 
     @Suspendable
     private fun executeAsyncOperation(fiber: FlowFiber, action: Action.ExecuteAsyncOperation) {
-        val operationFuture = action.operation.execute()
+        val operationFuture = action.operation.execute(action.deduplicationId)
         operationFuture.thenMatch(
                 success = { result ->
                     fiber.scheduleEvent(Event.AsyncOperationCompletion(result))
diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/transitions/StartedFlowTransition.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/transitions/StartedFlowTransition.kt
index 7dd43cb299..2d4a9b6ddc 100644
--- a/node/src/main/kotlin/net/corda/node/services/statemachine/transitions/StartedFlowTransition.kt
+++ b/node/src/main/kotlin/net/corda/node/services/statemachine/transitions/StartedFlowTransition.kt
@@ -411,7 +411,10 @@ class StartedFlowTransition(
 
     private fun executeAsyncOperation(flowIORequest: FlowIORequest.ExecuteAsyncOperation<*>): TransitionResult {
         return builder {
-            actions.add(Action.ExecuteAsyncOperation(flowIORequest.operation))
+            // The `numberOfSuspends` is added to the deduplication ID in case an async
+            // operation is executed multiple times within the same flow.
+            val deduplicationId = context.id.toString() + ":" + currentState.checkpoint.numberOfSuspends.toString()
+            actions.add(Action.ExecuteAsyncOperation(deduplicationId, flowIORequest.operation))
             FlowContinuation.ProcessEvents
         }
     }

From 73a4953ae95860f2115e9aeca546fdc8b9087975 Mon Sep 17 00:00:00 2001
From: Dominic Fox <40790090+distributedleetravis@users.noreply.github.com>
Date: Fri, 19 Oct 2018 15:53:47 +0100
Subject: [PATCH 63/83] CORDA-2099: Define TypeIdentifier (#4081)

* Corda-2099: Define TypeIdentifier

* Comments, naming and formatting tweaks
---
 .../internal/model/TypeIdentifier.kt          | 145 ++++++++++++++++++
 .../internal/model/TypeIdentifierTests.kt     |  53 +++++++
 2 files changed, 198 insertions(+)
 create mode 100644 serialization/src/main/kotlin/net/corda/serialization/internal/model/TypeIdentifier.kt
 create mode 100644 serialization/src/test/kotlin/net/corda/serialization/internal/model/TypeIdentifierTests.kt

diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/model/TypeIdentifier.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/model/TypeIdentifier.kt
new file mode 100644
index 0000000000..3e4816b0c6
--- /dev/null
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/model/TypeIdentifier.kt
@@ -0,0 +1,145 @@
+package net.corda.serialization.internal.model
+
+import com.google.common.reflect.TypeToken
+import java.lang.reflect.*
+
+/**
+ * Used as a key for retrieving cached type information. We need slightly more information than the bare classname,
+ * and slightly less information than is captured by Java's [Type] (We drop type variance because in practice we resolve
+ * wildcards to their upper bounds, e.g. `? extends Foo` to `Foo`). We also need an identifier we can use even when the
+ * identified type is not visible from the current classloader.
+ *
+ * These identifiers act as the anchor for comparison between remote type information (prior to matching it to an actual
+ * local class) and local type information.
+ *
+ * [TypeIdentifier] provides a family of type identifiers, together with a [prettyPrint] method for displaying them.
+ */
+sealed class TypeIdentifier {
+
+    /**
+     * The name of the type.
+     */
+    abstract val name: String
+
+    /**
+     * Obtain a nicely-formatted representation of the identified type, for help with debugging.
+     */
+    fun prettyPrint(simplifyClassNames: Boolean = true): String = when(this) {
+            is TypeIdentifier.Unknown -> "?"
+            is TypeIdentifier.Top -> "*"
+            is TypeIdentifier.Unparameterised -> name.simplifyClassNameIfRequired(simplifyClassNames)
+            is TypeIdentifier.Erased -> "${name.simplifyClassNameIfRequired(simplifyClassNames)} (erased)"
+            is TypeIdentifier.ArrayOf -> "${componentType.prettyPrint()}[]"
+            is TypeIdentifier.Parameterised ->
+                name.simplifyClassNameIfRequired(simplifyClassNames) + parameters.joinToString(", ", "<", ">") {
+                    it.prettyPrint()
+                }
+        }
+
+    private fun String.simplifyClassNameIfRequired(simplifyClassNames: Boolean): String =
+        if (simplifyClassNames) split(".", "$").last() else this
+
+    companion object {
+        /**
+         * Obtain the [TypeIdentifier] for an erased Java class.
+         *
+         * @param type The class to get a [TypeIdentifier] for.
+         */
+        fun forClass(type: Class<*>): TypeIdentifier = when {
+            type.name == "java.lang.Object" -> Top
+            type.isArray -> ArrayOf(forClass(type.componentType))
+            type.typeParameters.isEmpty() -> Unparameterised(type.name)
+            else -> Erased(type.name)
+        }
+
+        /**
+         * Obtain the [TypeIdentifier] for a Java [Type] (typically obtained by calling one of
+         * [java.lang.reflect.Parameter.getAnnotatedType],
+         * [java.lang.reflect.Field.getGenericType] or
+         * [java.lang.reflect.Method.getGenericReturnType]). Wildcard types and type variables are converted to [Unknown].
+         *
+         * @param type The [Type] to obtain a [TypeIdentifier] for.
+         * @param resolutionContext Optionally, a [Type] which can be used to resolve type variables, for example a
+         * class implementing a parameterised interface and specifying values for type variables which are referred to
+         * by methods defined in the interface.
+         */
+        fun forGenericType(type: Type, resolutionContext: Type = type): TypeIdentifier = when(type) {
+            is ParameterizedType -> Parameterised((type.rawType as Class<*>).name, type.actualTypeArguments.map {
+                forGenericType(it.resolveAgainst(resolutionContext))
+            })
+            is Class<*> -> forClass(type)
+            is GenericArrayType -> ArrayOf(forGenericType(type.genericComponentType.resolveAgainst(resolutionContext)))
+            else -> Unknown
+        }
+    }
+
+    /**
+     * The [TypeIdentifier] of [Any] / [java.lang.Object].
+     */
+    object Top : TypeIdentifier() {
+        override val name get() = "*"
+        override fun toString() = "Top"
+    }
+
+    /**
+     * The [TypeIdentifier] of an unbounded wildcard.
+     */
+    object Unknown : TypeIdentifier() {
+        override val name get() = "?"
+        override fun toString() = "Unknown"
+    }
+
+    /**
+     * Identifies a class with no type parameters.
+     */
+    data class Unparameterised(override val name: String) : TypeIdentifier() {
+        override fun toString() = "Unparameterised($name)"
+    }
+
+    /**
+     * Identifies a parameterised class such as List<Int>, for which we cannot obtain the type parameters at runtime
+     * because they have been erased.
+     */
+    data class Erased(override val name: String) : TypeIdentifier() {
+        override fun toString() = "Erased($name)"
+    }
+
+    /**
+     * Identifies a type which is an array of some other type.
+     *
+     * @param componentType The [TypeIdentifier] of the component type of this array.
+     */
+    data class ArrayOf(val componentType: TypeIdentifier) : TypeIdentifier() {
+        override val name get() = componentType.name + "[]"
+        override fun toString() = "ArrayOf(${componentType.prettyPrint()})"
+    }
+
+    /**
+     * A parameterised class such as Map<String, String> for which we have resolved type parameter values.
+     *
+     * @param parameters [TypeIdentifier]s for each of the resolved type parameter values of this type.
+     */
+    data class Parameterised(override val name: String, val parameters: List<TypeIdentifier>) : TypeIdentifier() {
+        override fun toString() = "Parameterised(${prettyPrint()})"
+    }
+}
+
+internal fun Type.resolveAgainst(context: Type): Type = when (this) {
+    is WildcardType -> this.upperBound
+    is ParameterizedType,
+    is TypeVariable<*> -> TypeToken.of(context).resolveType(this).type.upperBound
+    else -> this
+}
+
+private val Type.upperBound: Type
+    get() = when (this) {
+        is TypeVariable<*> -> when {
+            this.bounds.isEmpty() || this.bounds.size > 1 -> this
+            else -> this.bounds[0]
+        }
+        is WildcardType -> when {
+            this.upperBounds.isEmpty() || this.upperBounds.size > 1 -> this
+            else -> this.upperBounds[0]
+        }
+        else -> this
+    }
\ No newline at end of file
diff --git a/serialization/src/test/kotlin/net/corda/serialization/internal/model/TypeIdentifierTests.kt b/serialization/src/test/kotlin/net/corda/serialization/internal/model/TypeIdentifierTests.kt
new file mode 100644
index 0000000000..f07f88526a
--- /dev/null
+++ b/serialization/src/test/kotlin/net/corda/serialization/internal/model/TypeIdentifierTests.kt
@@ -0,0 +1,53 @@
+package net.corda.serialization.internal.model
+
+import com.google.common.reflect.TypeToken
+import net.corda.serialization.internal.model.TypeIdentifier.*
+import org.junit.Test
+import java.lang.reflect.Type
+import kotlin.test.assertEquals
+
+class TypeIdentifierTests {
+
+    @Test
+    fun `primitive types and arrays`() {
+        assertIdentified(Int::class.javaPrimitiveType!!, "int")
+        assertIdentified<Int>("Integer")
+        assertIdentified<IntArray>("int[]")
+        assertIdentified<Array<Int>>("Integer[]")
+    }
+
+    @Test
+    fun `erased and unerased`() {
+        assertIdentified(List::class.java, "List (erased)")
+        assertIdentified<List<Int>>("List<Integer>")
+    }
+
+    @Test
+    fun `nested parameterised`() {
+        assertIdentified<List<List<Int>>>("List<List<Integer>>")
+    }
+
+    interface HasArray<T> {
+        val array: Array<out List<T>>
+    }
+
+    class HasStringArray(override val array: Array<out List<String>>): HasArray<String>
+
+    @Test
+    fun `resolved against an owning type`() {
+        val fieldType = HasArray::class.java.getDeclaredMethod("getArray").genericReturnType
+        assertIdentified(fieldType, "List<*>[]")
+
+        assertEquals(
+                "List<String>[]",
+                TypeIdentifier.forGenericType(fieldType, HasStringArray::class.java).prettyPrint())
+    }
+
+    private fun assertIdentified(type: Type, expected: String) =
+            assertEquals(expected, TypeIdentifier.forGenericType(type).prettyPrint())
+
+    private inline fun <reified T> assertIdentified(expected: String) =
+            assertEquals(expected, TypeIdentifier.forGenericType(typeOf<T>()).prettyPrint())
+
+    private inline fun <reified T> typeOf() = object : TypeToken<T>() {}.type
+}
\ No newline at end of file

From e62a3edcd19c8e31a2a3948ca5bbc39e92c0aecf Mon Sep 17 00:00:00 2001
From: josecoll <jose.coll@r3cev.com>
Date: Fri, 19 Oct 2018 16:40:06 +0100
Subject: [PATCH 64/83] Explicitly disable remote gradle build cache when
 building locally. (#4095)

---
 buildCacheSettings.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/buildCacheSettings.gradle b/buildCacheSettings.gradle
index fcfc1513bf..b4d0175f6e 100644
--- a/buildCacheSettings.gradle
+++ b/buildCacheSettings.gradle
@@ -9,6 +9,7 @@ buildCache {
         enabled = !isCiServer
     }
     remote(HttpBuildCache) {
+        enabled = isCiServer
         url = gradleBuildCacheURL
         push = isCiServer
     }

From e10119031cdc0b4b62068dcd2e70b98884d05e2c Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Fri, 19 Oct 2018 17:23:14 +0100
Subject: [PATCH 65/83] ENT-1906: Allow DJVM code to throw and catch sandbox
 exceptions. (#4088)

* First phase of supporting exceptions within the DJVM.
* Suppress unwanted inspection warnings about Kotlin/Java Map.
* Add support for exception stack traces within the sandbox.
* Simple review fixes.
* Extra fixes after review.
* Add DJVM support for String.intern().
* Partially restore implementation of SandboxClassLoader.loadClass().
* More review fixes.
---
 djvm/build.gradle                             |   2 +-
 .../java/sandbox/java/lang/Appendable.java    |   8 +-
 .../java/sandbox/java/lang/CharSequence.java  |   4 +-
 .../java/sandbox/java/lang/Comparable.java    |   4 +-
 .../java/lang/DJVMThrowableWrapper.java       |  37 ++++
 .../src/main/java/sandbox/java/lang/Enum.java |  10 +-
 .../main/java/sandbox/java/lang/Iterable.java |   4 +-
 .../main/java/sandbox/java/lang/Object.java   |   3 +-
 .../sandbox/java/lang/StackTraceElement.java  |  46 +++++
 .../main/java/sandbox/java/lang/String.java   |  27 +++
 .../java/sandbox/java/lang/StringBuffer.java  |   4 +-
 .../java/sandbox/java/lang/StringBuilder.java |   4 +-
 .../java/sandbox/java/lang/Throwable.java     | 137 ++++++++++++++
 .../sandbox/java/nio/charset/Charset.java     |   4 +-
 .../java/sandbox/java/util/Comparator.java    |   4 +-
 .../main/java/sandbox/java/util/Locale.java   |   4 +-
 .../sandbox/java/util/function/Function.java  |   4 +-
 .../sandbox/java/util/function/Supplier.java  |   4 +-
 .../net/corda/djvm/SandboxConfiguration.kt    |   3 +-
 .../djvm/analysis/AnalysisConfiguration.kt    | 171 +++++++++++++++---
 .../djvm/analysis/ClassAndMemberVisitor.kt    |  37 ++--
 .../corda/djvm/analysis/ExceptionResolver.kt  |  41 +++++
 .../net/corda/djvm/analysis/PrefixTree.kt     |   2 +-
 .../net/corda/djvm/analysis/Whitelist.kt      |   3 -
 .../net/corda/djvm/code/ClassMutator.kt       |   9 +-
 .../kotlin/net/corda/djvm/code/Emitter.kt     |   6 +-
 .../net/corda/djvm/code/EmitterModule.kt      |   8 +
 .../main/kotlin/net/corda/djvm/code/Types.kt  |  11 ++
 .../corda/djvm/code/instructions/TryBlock.kt  |   8 +
 .../djvm/code/instructions/TryCatchBlock.kt   |   6 +-
 .../djvm/code/instructions/TryFinallyBlock.kt |   5 +-
 .../net/corda/djvm/rewiring/ClassRewriter.kt  |  55 ++++--
 .../corda/djvm/rewiring/SandboxClassLoader.kt |  68 ++++++-
 .../djvm/rewiring/SandboxClassRemapper.kt     |   6 -
 .../djvm/rewiring/ThrowableWrapperFactory.kt  | 152 ++++++++++++++++
 .../DisallowCatchingBlacklistedExceptions.kt  |  44 +++--
 .../HandleExceptionUnwrapper.kt               |  46 +++++
 .../implementation/ThrowExceptionWrapper.kt   |  20 ++
 .../instrumentation/TraceAllocations.kt       |   5 +-
 .../instrumentation/TraceInvocations.kt       |   5 +-
 .../instrumentation/TraceJumps.kt             |   5 +-
 .../instrumentation/TraceThrows.kt            |   5 +-
 .../net/corda/djvm/source/ClassSource.kt      |   2 +
 .../corda/djvm/source/SourceClassLoader.kt    |  12 +-
 djvm/src/main/kotlin/sandbox/Task.kt          |   5 +-
 .../src/main/kotlin/sandbox/java/lang/DJVM.kt | 153 +++++++++++++++-
 .../kotlin/sandbox/java/lang/DJVMException.kt |  12 ++
 .../djvm/costing/ThresholdViolationError.kt   |   2 +-
 .../corda/djvm/rules/RuleViolationError.kt    |   2 +-
 .../test/java/net/corda/djvm/WithJava.java    |  24 +++
 .../djvm/execution/SandboxEnumJavaTest.java   | 106 +++++++++++
 .../execution/SandboxThrowableJavaTest.java   |  79 ++++++++
 .../net/corda/djvm/DJVMExceptionTest.kt       | 100 ++++++++++
 .../test/kotlin/net/corda/djvm/DJVMTest.kt    |  10 -
 .../test/kotlin/net/corda/djvm/TestBase.kt    |  11 +-
 .../test/kotlin/net/corda/djvm/Utilities.kt   |  26 +--
 .../djvm/execution/SandboxExecutorTest.kt     |  30 +--
 .../djvm/execution/SandboxThrowableTest.kt    |  95 ++++++++++
 58 files changed, 1508 insertions(+), 192 deletions(-)
 create mode 100644 djvm/src/main/java/sandbox/java/lang/DJVMThrowableWrapper.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/StackTraceElement.java
 create mode 100644 djvm/src/main/java/sandbox/java/lang/Throwable.java
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/analysis/ExceptionResolver.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryBlock.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rewiring/ThrowableWrapperFactory.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/HandleExceptionUnwrapper.kt
 create mode 100644 djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ThrowExceptionWrapper.kt
 create mode 100644 djvm/src/main/kotlin/sandbox/java/lang/DJVMException.kt
 create mode 100644 djvm/src/test/java/net/corda/djvm/WithJava.java
 create mode 100644 djvm/src/test/java/net/corda/djvm/execution/SandboxEnumJavaTest.java
 create mode 100644 djvm/src/test/java/net/corda/djvm/execution/SandboxThrowableJavaTest.java
 create mode 100644 djvm/src/test/kotlin/net/corda/djvm/DJVMExceptionTest.kt
 create mode 100644 djvm/src/test/kotlin/net/corda/djvm/execution/SandboxThrowableTest.kt

diff --git a/djvm/build.gradle b/djvm/build.gradle
index d40a4d5523..1b33bdd3ae 100644
--- a/djvm/build.gradle
+++ b/djvm/build.gradle
@@ -33,7 +33,6 @@ dependencies {
 
     // ASM: byte code manipulation library
     compile "org.ow2.asm:asm:$asm_version"
-    compile "org.ow2.asm:asm-tree:$asm_version"
     compile "org.ow2.asm:asm-commons:$asm_version"
 
     // ClassGraph: classpath scanning
@@ -62,6 +61,7 @@ shadowJar {
     exclude 'sandbox/java/lang/Comparable.class'
     exclude 'sandbox/java/lang/Enum.class'
     exclude 'sandbox/java/lang/Iterable.class'
+    exclude 'sandbox/java/lang/StackTraceElement.class'
     exclude 'sandbox/java/lang/StringBuffer.class'
     exclude 'sandbox/java/lang/StringBuilder.class'
     exclude 'sandbox/java/nio/**'
diff --git a/djvm/src/main/java/sandbox/java/lang/Appendable.java b/djvm/src/main/java/sandbox/java/lang/Appendable.java
index 168607c511..c95eaf6e53 100644
--- a/djvm/src/main/java/sandbox/java/lang/Appendable.java
+++ b/djvm/src/main/java/sandbox/java/lang/Appendable.java
@@ -3,10 +3,10 @@ package sandbox.java.lang;
 import java.io.IOException;
 
 /**
- * This is a dummy class that implements just enough of [java.lang.Appendable]
- * to keep [sandbox.java.lang.StringBuilder], [sandbox.java.lang.StringBuffer]
- * and [sandbox.java.lang.String] honest.
- * Note that it does not extend [java.lang.Appendable].
+ * This is a dummy class that implements just enough of {@link java.lang.Appendable}
+ * to keep {@link sandbox.java.lang.StringBuilder}, {@link sandbox.java.lang.StringBuffer}
+ * and {@link sandbox.java.lang.String} honest.
+ * Note that it does not extend {@link java.lang.Appendable}.
  */
 public interface Appendable {
 
diff --git a/djvm/src/main/java/sandbox/java/lang/CharSequence.java b/djvm/src/main/java/sandbox/java/lang/CharSequence.java
index 1847103093..10b024d027 100644
--- a/djvm/src/main/java/sandbox/java/lang/CharSequence.java
+++ b/djvm/src/main/java/sandbox/java/lang/CharSequence.java
@@ -3,8 +3,8 @@ package sandbox.java.lang;
 import org.jetbrains.annotations.NotNull;
 
 /**
- * This is a dummy class that implements just enough of [java.lang.CharSequence]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.lang.CharSequence}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 public interface CharSequence extends java.lang.CharSequence {
 
diff --git a/djvm/src/main/java/sandbox/java/lang/Comparable.java b/djvm/src/main/java/sandbox/java/lang/Comparable.java
index 686539c1b4..59b3278a1b 100644
--- a/djvm/src/main/java/sandbox/java/lang/Comparable.java
+++ b/djvm/src/main/java/sandbox/java/lang/Comparable.java
@@ -1,8 +1,8 @@
 package sandbox.java.lang;
 
 /**
- * This is a dummy class that implements just enough of [java.lang.Comparable]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.lang.Comparable}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 public interface Comparable<T> extends java.lang.Comparable<T> {
 }
diff --git a/djvm/src/main/java/sandbox/java/lang/DJVMThrowableWrapper.java b/djvm/src/main/java/sandbox/java/lang/DJVMThrowableWrapper.java
new file mode 100644
index 0000000000..60de2e117d
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/DJVMThrowableWrapper.java
@@ -0,0 +1,37 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+/**
+ * Pinned exceptions inherit from {@link java.lang.Throwable}, but we
+ * still need to be able to pass them through the sandbox's
+ * exception handlers. In which case we will wrap them inside
+ * one of these.
+ *
+ * Exceptions wrapped inside one of these cannot be caught.
+ *
+ * Also used for passing exceptions through finally blocks without
+ * any expensive unwrapping to {@link sandbox.java.lang.Throwable}
+ * based types.
+ */
+final class DJVMThrowableWrapper extends Throwable {
+    private final java.lang.Throwable throwable;
+
+    DJVMThrowableWrapper(java.lang.Throwable t) {
+        throwable = t;
+    }
+
+    /**
+     * Prevent this wrapper from creating its own stack trace.
+     */
+    @Override
+    public final Throwable fillInStackTrace() {
+        return this;
+    }
+
+    @Override
+    @NotNull
+    final java.lang.Throwable fromDJVM() {
+        return throwable;
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/Enum.java b/djvm/src/main/java/sandbox/java/lang/Enum.java
index ffcdd8c916..d3a4bf352e 100644
--- a/djvm/src/main/java/sandbox/java/lang/Enum.java
+++ b/djvm/src/main/java/sandbox/java/lang/Enum.java
@@ -1,11 +1,13 @@
 package sandbox.java.lang;
 
+import org.jetbrains.annotations.NotNull;
+
 import java.io.Serializable;
 
 /**
  * This is a dummy class. We will load the actual Enum class at run-time.
  */
-@SuppressWarnings("unused")
+@SuppressWarnings({"unused", "WeakerAccess"})
 public abstract class Enum<E extends Enum<E>> extends Object implements Comparable<E>, Serializable {
 
     private final String name;
@@ -24,4 +26,10 @@ public abstract class Enum<E extends Enum<E>> extends Object implements Comparab
         return ordinal;
     }
 
+    @Override
+    @NotNull
+    final java.lang.Enum<?> fromDJVM() {
+        throw new UnsupportedOperationException("Dummy implementation");
+    }
+
 }
diff --git a/djvm/src/main/java/sandbox/java/lang/Iterable.java b/djvm/src/main/java/sandbox/java/lang/Iterable.java
index 6032fd97db..01f8108ac0 100644
--- a/djvm/src/main/java/sandbox/java/lang/Iterable.java
+++ b/djvm/src/main/java/sandbox/java/lang/Iterable.java
@@ -5,8 +5,8 @@ import org.jetbrains.annotations.NotNull;
 import java.util.Iterator;
 
 /**
- * This is a dummy class that implements just enough of [java.lang.Iterable]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.lang.Iterable}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 public interface Iterable<T> extends java.lang.Iterable<T> {
     @Override
diff --git a/djvm/src/main/java/sandbox/java/lang/Object.java b/djvm/src/main/java/sandbox/java/lang/Object.java
index 4208a52a53..62ac16d4dd 100644
--- a/djvm/src/main/java/sandbox/java/lang/Object.java
+++ b/djvm/src/main/java/sandbox/java/lang/Object.java
@@ -54,8 +54,7 @@ public class Object {
 
     private static Class<?> fromDJVM(Class<?> type) {
         try {
-            java.lang.String name = type.getName();
-            return Class.forName(name.startsWith("sandbox.") ? name.substring(8) : name);
+            return DJVM.fromDJVMType(type);
         } catch (ClassNotFoundException e) {
             throw new RuleViolationError(e.getMessage());
         }
diff --git a/djvm/src/main/java/sandbox/java/lang/StackTraceElement.java b/djvm/src/main/java/sandbox/java/lang/StackTraceElement.java
new file mode 100644
index 0000000000..7b8173134a
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/StackTraceElement.java
@@ -0,0 +1,46 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+
+/**
+ * This is a dummy class. We will load the genuine class at runtime.
+ */
+public final class StackTraceElement extends Object implements java.io.Serializable {
+
+    private final String className;
+    private final String methodName;
+    private final String fileName;
+    private final int lineNumber;
+
+    public StackTraceElement(String className, String methodName, String fileName, int lineNumber) {
+        this.className = className;
+        this.methodName = methodName;
+        this.fileName = fileName;
+        this.lineNumber = lineNumber;
+    }
+
+    public String getClassName() {
+        return className;
+    }
+
+    public String getMethodName() {
+        return methodName;
+    }
+
+    public String getFileName() {
+        return fileName;
+    }
+
+    public int getLineNumber() {
+        return lineNumber;
+    }
+
+    @Override
+    @NotNull
+    public String toDJVMString() {
+        return String.toDJVM(
+            className.toString() + ':' + methodName.toString()
+                + (fileName != null ? '(' + fileName.toString() + ':' + lineNumber + ')' : "")
+        );
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/lang/String.java b/djvm/src/main/java/sandbox/java/lang/String.java
index 4cce494d30..476669bfe9 100644
--- a/djvm/src/main/java/sandbox/java/lang/String.java
+++ b/djvm/src/main/java/sandbox/java/lang/String.java
@@ -7,6 +7,8 @@ import sandbox.java.util.Locale;
 
 import java.io.Serializable;
 import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Constructor;
+import java.util.Map;
 
 @SuppressWarnings("unused")
 public final class String extends Object implements Comparable<String>, CharSequence, Serializable {
@@ -22,6 +24,18 @@ public final class String extends Object implements Comparable<String>, CharSequ
     private static final String TRUE = new String("true");
     private static final String FALSE = new String("false");
 
+    private static final Map<java.lang.String, String> INTERNAL = new java.util.HashMap<>();
+    private static final Constructor SHARED;
+
+    static {
+        try {
+            SHARED = java.lang.String.class.getDeclaredConstructor(char[].class, java.lang.Boolean.TYPE);
+            SHARED.setAccessible(true);
+        } catch (NoSuchMethodException e) {
+            throw new NoSuchMethodError(e.getMessage());
+        }
+    }
+
     private final java.lang.String value;
 
     public String() {
@@ -88,6 +102,17 @@ public final class String extends Object implements Comparable<String>, CharSequ
         this.value = builder.toString();
     }
 
+    String(char[] value, boolean share) {
+        java.lang.String newValue;
+        try {
+            // This is (presumably) an optimisation for memory usage.
+            newValue = (java.lang.String) SHARED.newInstance(value, share);
+        } catch (Exception e) {
+            newValue = new java.lang.String(value);
+        }
+        this.value = newValue;
+    }
+
     @Override
     public char charAt(int index) {
         return value.charAt(index);
@@ -310,6 +335,8 @@ public final class String extends Object implements Comparable<String>, CharSequ
         return toDJVM(value.trim());
     }
 
+    public String intern() { return INTERNAL.computeIfAbsent(value, s -> this); }
+
     public char[] toCharArray() {
         return value.toCharArray();
     }
diff --git a/djvm/src/main/java/sandbox/java/lang/StringBuffer.java b/djvm/src/main/java/sandbox/java/lang/StringBuffer.java
index e9cbcad328..4d8fea7e1d 100644
--- a/djvm/src/main/java/sandbox/java/lang/StringBuffer.java
+++ b/djvm/src/main/java/sandbox/java/lang/StringBuffer.java
@@ -3,8 +3,8 @@ package sandbox.java.lang;
 import java.io.Serializable;
 
 /**
- * This is a dummy class that implements just enough of [java.lang.StringBuffer]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.lang.StringBuffer}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 public abstract class StringBuffer extends Object implements CharSequence, Appendable, Serializable {
 
diff --git a/djvm/src/main/java/sandbox/java/lang/StringBuilder.java b/djvm/src/main/java/sandbox/java/lang/StringBuilder.java
index ed80b2e508..a90fef7dde 100644
--- a/djvm/src/main/java/sandbox/java/lang/StringBuilder.java
+++ b/djvm/src/main/java/sandbox/java/lang/StringBuilder.java
@@ -3,8 +3,8 @@ package sandbox.java.lang;
 import java.io.Serializable;
 
 /**
- * This is a dummy class that implements just enough of [java.lang.StringBuilder]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.lang.StringBuilder}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 public abstract class StringBuilder extends Object implements Appendable, CharSequence, Serializable {
 
diff --git a/djvm/src/main/java/sandbox/java/lang/Throwable.java b/djvm/src/main/java/sandbox/java/lang/Throwable.java
new file mode 100644
index 0000000000..df19e2fc6e
--- /dev/null
+++ b/djvm/src/main/java/sandbox/java/lang/Throwable.java
@@ -0,0 +1,137 @@
+package sandbox.java.lang;
+
+import org.jetbrains.annotations.NotNull;
+import sandbox.TaskTypes;
+
+import java.io.Serializable;
+
+@SuppressWarnings({"unused", "WeakerAccess"})
+public class Throwable extends Object implements Serializable {
+    private static final StackTraceElement[] NO_STACK_TRACE = new StackTraceElement[0];
+
+    private String message;
+    private Throwable cause;
+    private StackTraceElement[] stackTrace;
+
+    public Throwable() {
+        this.cause = this;
+        fillInStackTrace();
+    }
+
+    public Throwable(String message) {
+        this();
+        this.message = message;
+    }
+
+    public Throwable(Throwable cause) {
+        this.cause = cause;
+        this.message = (cause == null) ? null : cause.toDJVMString();
+        fillInStackTrace();
+    }
+
+    public Throwable(String message, Throwable cause) {
+        this.message = message;
+        this.cause = cause;
+        fillInStackTrace();
+    }
+
+    protected Throwable(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+        if (writableStackTrace) {
+            fillInStackTrace();
+        } else {
+            stackTrace = NO_STACK_TRACE;
+        }
+        this.message = message;
+        this.cause = cause;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public String getLocalizedMessage() {
+        return getMessage();
+    }
+
+    public Throwable getCause() {
+        return (cause == this) ? null : cause;
+    }
+
+    public Throwable initCause(Throwable cause) {
+        if (this.cause != this) {
+            throw new java.lang.IllegalStateException(
+                    "Can't overwrite cause with " + java.util.Objects.toString(cause, "a null"), fromDJVM());
+        }
+        if (cause == this) {
+            throw new java.lang.IllegalArgumentException("Self-causation not permitted", fromDJVM());
+        }
+        this.cause = cause;
+        return this;
+    }
+
+    @Override
+    @NotNull
+    public String toDJVMString() {
+        java.lang.String s = getClass().getName();
+        String localized = getLocalizedMessage();
+        return String.valueOf((localized != null) ? (s + ": " + localized.toString()) : s);
+    }
+
+    public StackTraceElement[] getStackTrace() {
+        return (stackTrace == NO_STACK_TRACE) ? stackTrace : stackTrace.clone();
+    }
+
+    public void setStackTrace(StackTraceElement[] stackTrace) {
+        StackTraceElement[] traceCopy = stackTrace.clone();
+
+        for (int i = 0; i < traceCopy.length; ++i) {
+            if (traceCopy[i] == null) {
+                throw new java.lang.NullPointerException("stackTrace[" + i + ']');
+            }
+        }
+
+        this.stackTrace = traceCopy;
+    }
+
+    @SuppressWarnings({"ThrowableNotThrown", "UnusedReturnValue"})
+    public Throwable fillInStackTrace() {
+        if (stackTrace == null) {
+            /*
+             * We have been invoked from within this exception's constructor.
+             * Work our way up the stack trace until we find this constructor,
+             * and then find out who actually invoked it. This is where our
+             * sandboxed stack trace will start from.
+             *
+             * Our stack trace will end at the point where we entered the sandbox.
+             */
+            final java.lang.StackTraceElement[] elements = new java.lang.Throwable().getStackTrace();
+            final java.lang.String exceptionName = getClass().getName();
+            int startIdx = 1;
+            while (startIdx < elements.length && !isConstructorFor(elements[startIdx], exceptionName)) {
+                ++startIdx;
+            }
+            while (startIdx < elements.length && isConstructorFor(elements[startIdx], exceptionName)) {
+                ++startIdx;
+            }
+
+            int endIdx = startIdx;
+            while (endIdx < elements.length && !TaskTypes.isEntryPoint(elements[endIdx])) {
+                ++endIdx;
+            }
+            stackTrace = (startIdx == elements.length) ? NO_STACK_TRACE : DJVM.copyToDJVM(elements, startIdx, endIdx);
+        }
+        return this;
+    }
+
+    private static boolean isConstructorFor(java.lang.StackTraceElement elt, java.lang.String className) {
+        return elt.getClassName().equals(className) && elt.getMethodName().equals("<init>");
+    }
+
+    public void printStackTrace() {}
+
+    @Override
+    @NotNull
+    java.lang.Throwable fromDJVM() {
+        return DJVM.fromDJVM(this);
+    }
+}
diff --git a/djvm/src/main/java/sandbox/java/nio/charset/Charset.java b/djvm/src/main/java/sandbox/java/nio/charset/Charset.java
index 371a21404a..453006bb7f 100644
--- a/djvm/src/main/java/sandbox/java/nio/charset/Charset.java
+++ b/djvm/src/main/java/sandbox/java/nio/charset/Charset.java
@@ -1,8 +1,8 @@
 package sandbox.java.nio.charset;
 
 /**
- * This is a dummy class that implements just enough of [java.nio.charset.Charset]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.nio.charset.Charset}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 @SuppressWarnings("unused")
 public abstract class Charset extends sandbox.java.lang.Object {
diff --git a/djvm/src/main/java/sandbox/java/util/Comparator.java b/djvm/src/main/java/sandbox/java/util/Comparator.java
index 20679dee59..f6363d9c34 100644
--- a/djvm/src/main/java/sandbox/java/util/Comparator.java
+++ b/djvm/src/main/java/sandbox/java/util/Comparator.java
@@ -1,8 +1,8 @@
 package sandbox.java.util;
 
 /**
- * This is a dummy class that implements just enough of [java.util.Comparator]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.util.Comparator}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 @FunctionalInterface
 public interface Comparator<T> extends java.util.Comparator<T> {
diff --git a/djvm/src/main/java/sandbox/java/util/Locale.java b/djvm/src/main/java/sandbox/java/util/Locale.java
index 3ceaea9382..ed06b79058 100644
--- a/djvm/src/main/java/sandbox/java/util/Locale.java
+++ b/djvm/src/main/java/sandbox/java/util/Locale.java
@@ -1,8 +1,8 @@
 package sandbox.java.util;
 
 /**
- * This is a dummy class that implements just enough of [java.util.Locale]
- * to allow us to compile [sandbox.java.lang.String].
+ * This is a dummy class that implements just enough of {@link java.util.Locale}
+ * to allow us to compile {@link sandbox.java.lang.String}.
  */
 public abstract class Locale extends sandbox.java.lang.Object {
     public abstract sandbox.java.lang.String toLanguageTag();
diff --git a/djvm/src/main/java/sandbox/java/util/function/Function.java b/djvm/src/main/java/sandbox/java/util/function/Function.java
index 5cd806a01e..ce26393f67 100644
--- a/djvm/src/main/java/sandbox/java/util/function/Function.java
+++ b/djvm/src/main/java/sandbox/java/util/function/Function.java
@@ -1,8 +1,8 @@
 package sandbox.java.util.function;
 
 /**
- * This is a dummy class that implements just enough of [java.util.function.Function]
- * to allow us to compile [sandbox.Task].
+ * This is a dummy class that implements just enough of {@link java.util.function.Function}
+ * to allow us to compile {@link sandbox.Task}.
  */
 @FunctionalInterface
 public interface Function<T, R> {
diff --git a/djvm/src/main/java/sandbox/java/util/function/Supplier.java b/djvm/src/main/java/sandbox/java/util/function/Supplier.java
index 31f236bae6..0ff9f56dfb 100644
--- a/djvm/src/main/java/sandbox/java/util/function/Supplier.java
+++ b/djvm/src/main/java/sandbox/java/util/function/Supplier.java
@@ -1,8 +1,8 @@
 package sandbox.java.util.function;
 
 /**
- * This is a dummy class that implements just enough of [java.util.function.Supplier]
- * to allow us to compile [sandbox.java.lang.ThreadLocal].
+ * This is a dummy class that implements just enough of @{link java.util.function.Supplier}
+ * to allow us to compile {@link sandbox.java.lang.ThreadLocal}.
  */
 @FunctionalInterface
 public interface Supplier<T> {
diff --git a/djvm/src/main/kotlin/net/corda/djvm/SandboxConfiguration.kt b/djvm/src/main/kotlin/net/corda/djvm/SandboxConfiguration.kt
index da7cd0d553..ffd233df25 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/SandboxConfiguration.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/SandboxConfiguration.kt
@@ -2,6 +2,7 @@ package net.corda.djvm
 
 import net.corda.djvm.analysis.AnalysisConfiguration
 import net.corda.djvm.code.DefinitionProvider
+import net.corda.djvm.code.EMIT_TRACING
 import net.corda.djvm.code.Emitter
 import net.corda.djvm.execution.ExecutionProfile
 import net.corda.djvm.rules.Rule
@@ -51,7 +52,7 @@ class SandboxConfiguration private constructor(
                 executionProfile = profile,
                 rules = rules,
                 emitters = (emitters ?: Discovery.find()).filter {
-                    enableTracing || !it.isTracer
+                    enableTracing || it.priority > EMIT_TRACING
                 },
                 definitionProviders = definitionProviders,
                 analysisConfiguration = analysisConfiguration
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt
index f8d87fd1ea..ff71421a54 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/AnalysisConfiguration.kt
@@ -58,11 +58,21 @@ class AnalysisConfiguration(
      */
     val stitchedInterfaces: Map<String, List<Member>> get() = STITCHED_INTERFACES
 
+    /**
+     * These classes have extra methods added as they are mapped into the sandbox.
+     */
+    val stitchedClasses: Map<String, List<Member>> get() = STITCHED_CLASSES
+
     /**
      * Functionality used to resolve the qualified name and relevant information about a class.
      */
     val classResolver: ClassResolver = ClassResolver(pinnedClasses, TEMPLATE_CLASSES, whitelist, SANDBOX_PREFIX)
 
+    /**
+     * Resolves the internal names of synthetic exception classes.
+     */
+    val exceptionResolver: ExceptionResolver = ExceptionResolver(JVM_EXCEPTIONS, pinnedClasses, SANDBOX_PREFIX)
+
     private val bootstrapClassLoader = bootstrapJar?.let { BootstrapClassLoader(it, classResolver) }
     val supportingClassLoader = SourceClassLoader(classPath, classResolver, bootstrapClassLoader)
 
@@ -76,11 +86,14 @@ class AnalysisConfiguration(
     fun isTemplateClass(className: String): Boolean = className in TEMPLATE_CLASSES
     fun isPinnedClass(className: String): Boolean = className in pinnedClasses
 
+    fun isJvmException(className: String): Boolean = className in JVM_EXCEPTIONS
+    fun isSandboxClass(className: String): Boolean = className.startsWith(SANDBOX_PREFIX) && !isPinnedClass(className)
+
     companion object {
         /**
          * The package name prefix to use for classes loaded into a sandbox.
          */
-        private const val SANDBOX_PREFIX: String = "sandbox/"
+        const val SANDBOX_PREFIX: String = "sandbox/"
 
         /**
          * These class must belong to the application class loader.
@@ -111,60 +124,162 @@ class AnalysisConfiguration(
             java.lang.String.CASE_INSENSITIVE_ORDER::class.java,
             java.lang.System::class.java,
             java.lang.ThreadLocal::class.java,
+            java.lang.Throwable::class.java,
             kotlin.Any::class.java,
             sun.misc.JavaLangAccess::class.java,
             sun.misc.SharedSecrets::class.java
         ).sandboxed() + setOf(
             "sandbox/Task",
+            "sandbox/TaskTypes",
             "sandbox/java/lang/DJVM",
+            "sandbox/java/lang/DJVMException",
+            "sandbox/java/lang/DJVMThrowableWrapper",
             "sandbox/sun/misc/SharedSecrets\$1",
             "sandbox/sun/misc/SharedSecrets\$JavaLangAccessImpl"
         )
 
+        /**
+         * These are thrown by the JVM itself, and so
+         * we need to handle them without wrapping them.
+         *
+         * Note that this set is closed, i.e. every one
+         * of these exceptions' [Throwable] super classes
+         * is also within this set.
+         *
+         * The full list of exceptions is determined by:
+         * hotspot/src/share/vm/classfile/vmSymbols.hpp
+         */
+        val JVM_EXCEPTIONS: Set<String> = setOf(
+            java.io.IOException::class.java,
+            java.lang.AbstractMethodError::class.java,
+            java.lang.ArithmeticException::class.java,
+            java.lang.ArrayIndexOutOfBoundsException::class.java,
+            java.lang.ArrayStoreException::class.java,
+            java.lang.ClassCastException::class.java,
+            java.lang.ClassCircularityError::class.java,
+            java.lang.ClassFormatError::class.java,
+            java.lang.ClassNotFoundException::class.java,
+            java.lang.CloneNotSupportedException::class.java,
+            java.lang.Error::class.java,
+            java.lang.Exception::class.java,
+            java.lang.ExceptionInInitializerError::class.java,
+            java.lang.IllegalAccessError::class.java,
+            java.lang.IllegalAccessException::class.java,
+            java.lang.IllegalArgumentException::class.java,
+            java.lang.IllegalStateException::class.java,
+            java.lang.IncompatibleClassChangeError::class.java,
+            java.lang.IndexOutOfBoundsException::class.java,
+            java.lang.InstantiationError::class.java,
+            java.lang.InstantiationException::class.java,
+            java.lang.InternalError::class.java,
+            java.lang.LinkageError::class.java,
+            java.lang.NegativeArraySizeException::class.java,
+            java.lang.NoClassDefFoundError::class.java,
+            java.lang.NoSuchFieldError::class.java,
+            java.lang.NoSuchFieldException::class.java,
+            java.lang.NoSuchMethodError::class.java,
+            java.lang.NoSuchMethodException::class.java,
+            java.lang.NullPointerException::class.java,
+            java.lang.OutOfMemoryError::class.java,
+            java.lang.ReflectiveOperationException::class.java,
+            java.lang.RuntimeException::class.java,
+            java.lang.StackOverflowError::class.java,
+            java.lang.StringIndexOutOfBoundsException::class.java,
+            java.lang.ThreadDeath::class.java,
+            java.lang.Throwable::class.java,
+            java.lang.UnknownError::class.java,
+            java.lang.UnsatisfiedLinkError::class.java,
+            java.lang.UnsupportedClassVersionError::class.java,
+            java.lang.UnsupportedOperationException::class.java,
+            java.lang.VerifyError::class.java,
+            java.lang.VirtualMachineError::class.java
+        ).sandboxed() + setOf(
+            // Mentioned here to prevent the DJVM from generating a synthetic wrapper.
+            "sandbox/java/lang/DJVMThrowableWrapper"
+        )
+
         /**
          * These interfaces will be modified as follows when
          * added to the sandbox:
          *
          * <code>interface sandbox.A extends A</code>
          */
-        private val STITCHED_INTERFACES: Map<String, List<Member>> = mapOf(
-            sandboxed(CharSequence::class.java) to listOf(
-                object : MethodBuilder(
-                    access = ACC_PUBLIC or ACC_SYNTHETIC or ACC_BRIDGE,
-                    className = "sandbox/java/lang/CharSequence",
-                    memberName = "subSequence",
-                    descriptor = "(II)Ljava/lang/CharSequence;"
-                ) {
-                    override fun writeBody(emitter: EmitterModule) = with(emitter) {
-                        pushObject(0)
-                        pushInteger(1)
-                        pushInteger(2)
-                        invokeInterface(className, memberName, "(II)L$className;")
-                        returnObject()
-                    }
-                }.withBody()
-                 .build(),
-                MethodBuilder(
-                    access = ACC_PUBLIC or ACC_ABSTRACT,
-                    className = "sandbox/java/lang/CharSequence",
-                    memberName = "toString",
-                    descriptor = "()Ljava/lang/String;"
-                ).build()
-            ),
+        private val STITCHED_INTERFACES: Map<String, List<Member>> = listOf(
+            object : MethodBuilder(
+                access = ACC_PUBLIC or ACC_SYNTHETIC or ACC_BRIDGE,
+                className = sandboxed(CharSequence::class.java),
+                memberName = "subSequence",
+                descriptor = "(II)Ljava/lang/CharSequence;"
+            ) {
+                override fun writeBody(emitter: EmitterModule) = with(emitter) {
+                    pushObject(0)
+                    pushInteger(1)
+                    pushInteger(2)
+                    invokeInterface(className, memberName, "(II)L$className;")
+                    returnObject()
+                }
+            }.withBody()
+             .build(),
+
+            MethodBuilder(
+                access = ACC_PUBLIC or ACC_ABSTRACT,
+                className = sandboxed(CharSequence::class.java),
+                memberName = "toString",
+                descriptor = "()Ljava/lang/String;"
+            ).build()
+        ).mapByClassName() + mapOf(
             sandboxed(Comparable::class.java) to emptyList(),
             sandboxed(Comparator::class.java) to emptyList(),
             sandboxed(Iterable::class.java) to emptyList()
         )
 
-        private fun sandboxed(clazz: Class<*>) = SANDBOX_PREFIX + Type.getInternalName(clazz)
+        /**
+         * These classes have extra methods added when mapped into the sandbox.
+         */
+        private val STITCHED_CLASSES: Map<String, List<Member>> = listOf(
+            object : MethodBuilder(
+                access = ACC_FINAL,
+                className = sandboxed(Enum::class.java),
+                memberName = "fromDJVM",
+                descriptor = "()Ljava/lang/Enum;",
+                signature = "()Ljava/lang/Enum<*>;"
+            ) {
+                override fun writeBody(emitter: EmitterModule) = with(emitter) {
+                    pushObject(0)
+                    invokeStatic("sandbox/java/lang/DJVM", "fromDJVMEnum", "(Lsandbox/java/lang/Enum;)Ljava/lang/Enum;")
+                    returnObject()
+                }
+            }.withBody()
+             .build(),
+
+            object : MethodBuilder(
+                access = ACC_BRIDGE or ACC_SYNTHETIC,
+                className = sandboxed(Enum::class.java),
+                memberName = "fromDJVM",
+                descriptor = "()Ljava/lang/Object;"
+            ) {
+                override fun writeBody(emitter: EmitterModule) = with(emitter) {
+                    pushObject(0)
+                    invokeVirtual(className, memberName, "()Ljava/lang/Enum;")
+                    returnObject()
+                }
+            }.withBody()
+             .build()
+        ).mapByClassName()
+
+        private fun sandboxed(clazz: Class<*>): String = (SANDBOX_PREFIX + Type.getInternalName(clazz)).intern()
         private fun Set<Class<*>>.sandboxed(): Set<String> = map(Companion::sandboxed).toSet()
+        private fun Iterable<Member>.mapByClassName(): Map<String, List<Member>>
+                      = groupBy(Member::className).mapValues(Map.Entry<String, List<Member>>::value)
     }
 
     private open class MethodBuilder(
             protected val access: Int,
             protected val className: String,
             protected val memberName: String,
-            protected val descriptor: String) {
+            protected val descriptor: String,
+            protected val signature: String = ""
+    ) {
         private val bodies = mutableListOf<MethodBody>()
 
         protected open fun writeBody(emitter: EmitterModule) {}
@@ -179,7 +294,7 @@ class AnalysisConfiguration(
             className = className,
             memberName = memberName,
             signature = descriptor,
-            genericsDetails = "",
+            genericsDetails = signature,
             body = bodies
         )
     }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt
index 8bfb997ae7..3ab04895e4 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/ClassAndMemberVisitor.kt
@@ -2,6 +2,7 @@ package net.corda.djvm.analysis
 
 import net.corda.djvm.code.EmitterModule
 import net.corda.djvm.code.Instruction
+import net.corda.djvm.code.emptyAsNull
 import net.corda.djvm.code.instructions.*
 import net.corda.djvm.messages.Message
 import net.corda.djvm.references.*
@@ -232,7 +233,7 @@ open class ClassAndMemberVisitor(
             analysisContext.classes.add(visitedClass)
             super.visit(
                     version, access, visitedClass.name, signature,
-                    visitedClass.superClass.nullIfEmpty(),
+                    visitedClass.superClass.emptyAsNull,
                     visitedClass.interfaces.toTypedArray()
             )
         }
@@ -285,12 +286,19 @@ open class ClassAndMemberVisitor(
         ): MethodVisitor? {
             var visitedMember: Member? = null
             val clazz = currentClass!!
-            val member = Member(access, clazz.name, name, desc, signature ?: "")
+            val member = Member(
+                access = access,
+                className = clazz.name,
+                memberName = name,
+                signature = desc,
+                genericsDetails = signature ?: "",
+                exceptions = exceptions?.toMutableSet() ?: mutableSetOf()
+            )
             currentMember = member
             sourceLocation = sourceLocation.copy(
-                    memberName = name,
-                    signature = desc,
-                    lineNumber = 0
+                memberName = name,
+                signature = desc,
+                lineNumber = 0
             )
             val processMember = captureExceptions {
                 visitedMember = visitMethod(clazz, member)
@@ -320,12 +328,19 @@ open class ClassAndMemberVisitor(
         ): FieldVisitor? {
             var visitedMember: Member? = null
             val clazz = currentClass!!
-            val member = Member(access, clazz.name, name, desc, "", value = value)
+            val member = Member(
+                access = access,
+                className = clazz.name,
+                memberName = name,
+                signature = desc,
+                genericsDetails = "",
+                value = value
+            )
             currentMember = member
             sourceLocation = sourceLocation.copy(
-                    memberName = name,
-                    signature = desc,
-                    lineNumber = 0
+                memberName = name,
+                signature = desc,
+                lineNumber = 0
             )
             val processMember = captureExceptions {
                 visitedMember = visitField(clazz, member)
@@ -578,10 +593,6 @@ open class ClassAndMemberVisitor(
          */
         const val API_VERSION: Int = Opcodes.ASM6
 
-        private fun String.nullIfEmpty(): String? {
-            return if (this.isEmpty()) { null } else { this }
-        }
-
     }
 
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/ExceptionResolver.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/ExceptionResolver.kt
new file mode 100644
index 0000000000..0bfeb103e2
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/ExceptionResolver.kt
@@ -0,0 +1,41 @@
+package net.corda.djvm.analysis
+
+import org.objectweb.asm.Type
+
+class ExceptionResolver(
+    private val jvmExceptionClasses: Set<String>,
+    private val pinnedClasses: Set<String>,
+    private val sandboxPrefix: String
+) {
+    companion object {
+        private const val DJVM_EXCEPTION_NAME = "\$1DJVM"
+
+        fun isDJVMException(className: String): Boolean = className.endsWith(DJVM_EXCEPTION_NAME)
+        fun getDJVMException(className: String): String = className + DJVM_EXCEPTION_NAME
+        fun getDJVMExceptionOwner(className: String): String = className.dropLast(DJVM_EXCEPTION_NAME.length)
+    }
+
+    fun getThrowableName(clazz: Class<*>): String {
+        return getDJVMException(Type.getInternalName(clazz))
+    }
+
+    fun getThrowableSuperName(clazz: Class<*>): String {
+        return getThrowableOwnerName(Type.getInternalName(clazz.superclass))
+    }
+
+    fun getThrowableOwnerName(className: String): String {
+        return if (className in jvmExceptionClasses) {
+            className.unsandboxed
+        } else if (className in pinnedClasses) {
+            className
+        } else {
+            getDJVMException(className)
+        }
+    }
+
+    private val String.unsandboxed: String get() = if (startsWith(sandboxPrefix)) {
+        drop(sandboxPrefix.length)
+    } else {
+        this
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/PrefixTree.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/PrefixTree.kt
index a063965b76..26679cc133 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/PrefixTree.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/PrefixTree.kt
@@ -35,4 +35,4 @@ class PrefixTree {
         return false
     }
 
-}
\ No newline at end of file
+}
diff --git a/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt b/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt
index c19cc8111e..ed3fb32e88 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/analysis/Whitelist.kt
@@ -100,9 +100,6 @@ open class Whitelist private constructor(
             "^java/lang/Cloneable(\\..*)?\$".toRegex(),
             "^java/lang/Object(\\..*)?\$".toRegex(),
             "^java/lang/Override(\\..*)?\$".toRegex(),
-                // TODO: sandbox exception handling!
-                "^java/lang/StackTraceElement\$".toRegex(),
-                "^java/lang/Throwable\$".toRegex(),
             "^java/lang/Void\$".toRegex(),
             "^java/lang/invoke/LambdaMetafactory\$".toRegex(),
             "^java/lang/invoke/MethodHandles(\\\$.*)?\$".toRegex(),
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt b/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt
index 3c800d9859..4d8f2b6307 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/ClassMutator.kt
@@ -41,7 +41,11 @@ class ClassMutator(
         }
     }
 
-    private val emitters: List<Emitter> = emitters + PrependClassInitializer()
+    /*
+     * Some emitters must be executed before others. E.g. we need to apply
+     * the tracing emitters before the non-tracing ones.
+     */
+    private val emitters: List<Emitter> = (emitters + PrependClassInitializer()).sortedBy(Emitter::priority)
     private val initializers = mutableListOf<MethodBody>()
 
     /**
@@ -128,8 +132,7 @@ class ClassMutator(
      */
     override fun visitInstruction(method: Member, emitter: EmitterModule, instruction: Instruction) {
         val context = EmitterContext(currentAnalysisContext(), configuration, emitter)
-        // We need to apply the tracing emitters before the non-tracing ones.
-        Processor.processEntriesOfType<Emitter>(emitters.sortedByDescending(Emitter::isTracer), analysisContext.messages) {
+        Processor.processEntriesOfType<Emitter>(emitters, analysisContext.messages) {
             it.emit(context, instruction)
         }
         if (!emitter.emitDefaultInstruction || emitter.hasEmittedCustomCode) {
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/Emitter.kt b/djvm/src/main/kotlin/net/corda/djvm/code/Emitter.kt
index f904d276b7..2eb5e0de5d 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/Emitter.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/Emitter.kt
@@ -18,10 +18,10 @@ interface Emitter {
     fun emit(context: EmitterContext, instruction: Instruction)
 
     /**
-     * Indication of whether or not the emitter performs instrumentation for tracing inside the sandbox.
+     * Determines the order in which emitters are executed within the sandbox.
      */
     @JvmDefault
-    val isTracer: Boolean
-        get() = false
+    val priority: Int
+        get() = EMIT_DEFAULT
 
 }
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt b/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt
index 2e2d2fc2e4..e51647830b 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/EmitterModule.kt
@@ -168,6 +168,14 @@ class EmitterModule(
 
     inline fun <reified T : Throwable> throwException(message: String) = throwException(T::class.java, message)
 
+    /**
+     * Attempt to cast the object on the top of the stack to the given class.
+     */
+    fun castObjectTo(className: String) {
+        methodVisitor.visitTypeInsn(CHECKCAST, className)
+        hasEmittedCustomCode = true
+    }
+
     /**
      * Emit instruction for returning from "void" method.
      */
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt b/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt
index 93a9c5bf7d..3d3b86d2af 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/Types.kt
@@ -2,11 +2,22 @@
 package net.corda.djvm.code
 
 import org.objectweb.asm.Type
+import sandbox.java.lang.DJVMException
 import sandbox.net.corda.djvm.costing.ThresholdViolationError
 import sandbox.net.corda.djvm.rules.RuleViolationError
 
+/**
+ * These are the priorities for executing [Emitter] instances.
+ * Tracing emitters are executed first.
+ */
+const val EMIT_TRACING: Int = 0
+const val EMIT_TRAPPING_EXCEPTIONS: Int = EMIT_TRACING + 1
+const val EMIT_HANDLING_EXCEPTIONS: Int = EMIT_TRAPPING_EXCEPTIONS + 1
+const val EMIT_DEFAULT: Int = 10
+
 val ruleViolationError: String = Type.getInternalName(RuleViolationError::class.java)
 val thresholdViolationError: String = Type.getInternalName(ThresholdViolationError::class.java)
+val djvmException: String = Type.getInternalName(DJVMException::class.java)
 
 /**
  * Local extension method for normalizing a class name.
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryBlock.kt b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryBlock.kt
new file mode 100644
index 0000000000..a984766d29
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryBlock.kt
@@ -0,0 +1,8 @@
+package net.corda.djvm.code.instructions
+
+import org.objectweb.asm.Label
+
+open class TryBlock(
+        val handler: Label,
+        val typeName: String
+) : NoOperationInstruction()
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryCatchBlock.kt b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryCatchBlock.kt
index ac9b9e643f..943d745c80 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryCatchBlock.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryCatchBlock.kt
@@ -9,6 +9,6 @@ import org.objectweb.asm.Label
  * @property handler The label of the exception handler.
  */
 class TryCatchBlock(
-        val typeName: String,
-        val handler: Label
-) : NoOperationInstruction()
+        typeName: String,
+        handler: Label
+) : TryBlock(handler, typeName)
diff --git a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryFinallyBlock.kt b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryFinallyBlock.kt
index 808575b05d..7ec2149b73 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryFinallyBlock.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/code/instructions/TryFinallyBlock.kt
@@ -7,7 +7,6 @@ import org.objectweb.asm.Label
  *
  * @property handler The handler for the finally-block.
  */
-@Suppress("MemberVisibilityCanBePrivate")
 class TryFinallyBlock(
-        val handler: Label
-) : NoOperationInstruction()
+        handler: Label
+) : TryBlock(handler, "")
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt
index 081bff4fa5..4804074457 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/ClassRewriter.kt
@@ -1,7 +1,6 @@
 package net.corda.djvm.rewiring
 
 import net.corda.djvm.SandboxConfiguration
-import net.corda.djvm.analysis.AnalysisConfiguration
 import net.corda.djvm.analysis.AnalysisContext
 import net.corda.djvm.analysis.ClassAndMemberVisitor.Companion.API_VERSION
 import net.corda.djvm.code.ClassMutator
@@ -11,6 +10,8 @@ import net.corda.djvm.references.Member
 import net.corda.djvm.utilities.loggerFor
 import org.objectweb.asm.ClassReader
 import org.objectweb.asm.ClassVisitor
+import org.objectweb.asm.Label
+import org.objectweb.asm.MethodVisitor
 
 /**
  * Functionality for rewriting parts of a class as it is being loaded.
@@ -22,6 +23,7 @@ open class ClassRewriter(
         private val configuration: SandboxConfiguration,
         private val classLoader: ClassLoader
 ) {
+    private val analysisConfig = configuration.analysisConfiguration
 
     /**
      * Process class and allow user to rewrite parts/all of its content through provided hooks.
@@ -32,13 +34,15 @@ open class ClassRewriter(
     fun rewrite(reader: ClassReader, context: AnalysisContext): ByteCode {
         logger.debug("Rewriting class {}...", reader.className)
         val writer = SandboxClassWriter(reader, classLoader)
-        val analysisConfiguration = configuration.analysisConfiguration
-        val classRemapper = SandboxClassRemapper(InterfaceStitcher(writer, analysisConfiguration), analysisConfiguration)
+        val classRemapper = SandboxClassRemapper(
+            ClassExceptionRemapper(SandboxStitcher(writer)),
+            analysisConfig
+        )
         val visitor = ClassMutator(
-                classRemapper,
-                analysisConfiguration,
-                configuration.definitionProviders,
-                configuration.emitters
+            classRemapper,
+            analysisConfig,
+            configuration.definitionProviders,
+            configuration.emitters
         )
         visitor.analyze(reader, context, options = ClassReader.EXPAND_FRAMES)
         return ByteCode(writer.toByteArray(), visitor.hasBeenModified)
@@ -50,25 +54,30 @@ open class ClassRewriter(
 
     /**
      * Extra visitor that is applied after [SandboxRemapper]. This "stitches" the original
-     * unmapped interface as a super-interface of the mapped version.
+     * unmapped interface as a super-interface of the mapped version, as well as adding
+     * any extra methods that are needed.
      */
-    private class InterfaceStitcher(parent: ClassVisitor, private val configuration: AnalysisConfiguration)
+    private inner class SandboxStitcher(parent: ClassVisitor)
         : ClassVisitor(API_VERSION, parent)
     {
         private val extraMethods = mutableListOf<Member>()
 
         override fun visit(version: Int, access: Int, className: String, signature: String?, superName: String?, interfaces: Array<String>?) {
-            val stitchedInterfaces = configuration.stitchedInterfaces[className]?.let { methods ->
+            val stitchedInterfaces = analysisConfig.stitchedInterfaces[className]?.let { methods ->
                 extraMethods += methods
-                arrayOf(*(interfaces ?: emptyArray()), configuration.classResolver.reverse(className))
+                arrayOf(*(interfaces ?: emptyArray()), analysisConfig.classResolver.reverse(className))
             } ?: interfaces
 
+            analysisConfig.stitchedClasses[className]?.also { methods ->
+                extraMethods += methods
+            }
+
             super.visit(version, access, className, signature, superName, stitchedInterfaces)
         }
 
         override fun visitEnd() {
             for (method in extraMethods) {
-                method.apply {
+                with(method) {
                     visitMethod(access, memberName, signature, genericsDetails.emptyAsNull, exceptions.toTypedArray())?.also { mv ->
                         mv.visitCode()
                         EmitterModule(mv).writeByteCode(body)
@@ -81,4 +90,26 @@ open class ClassRewriter(
             super.visitEnd()
         }
     }
+
+    /**
+     * Map exceptions in method signatures to their sandboxed equivalents.
+     */
+    private inner class ClassExceptionRemapper(parent: ClassVisitor) : ClassVisitor(API_VERSION, parent) {
+        override fun visitMethod(access: Int, name: String, descriptor: String, signature: String?, exceptions: Array<out String>?): MethodVisitor? {
+            val mappedExceptions = exceptions?.map(analysisConfig.exceptionResolver::getThrowableOwnerName)?.toTypedArray()
+            return super.visitMethod(access, name, descriptor, signature, mappedExceptions)?.let {
+                MethodExceptionRemapper(it)
+            }
+        }
+    }
+
+    /**
+     * Map exceptions in method try-catch blocks to their sandboxed equivalents.
+     */
+    private inner class MethodExceptionRemapper(parent: MethodVisitor) : MethodVisitor(API_VERSION, parent) {
+        override fun visitTryCatchBlock(start: Label, end: Label, handler: Label, exceptionType: String?) {
+            val mappedExceptionType = exceptionType?.let(analysisConfig.exceptionResolver::getThrowableOwnerName)
+            super.visitTryCatchBlock(start, end, handler, mappedExceptionType)
+        }
+    }
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt
index 7f2abccb6a..4dbeae7ab2 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassLoader.kt
@@ -3,6 +3,9 @@ package net.corda.djvm.rewiring
 import net.corda.djvm.SandboxConfiguration
 import net.corda.djvm.analysis.AnalysisContext
 import net.corda.djvm.analysis.ClassAndMemberVisitor
+import net.corda.djvm.analysis.ExceptionResolver.Companion.getDJVMExceptionOwner
+import net.corda.djvm.analysis.ExceptionResolver.Companion.isDJVMException
+import net.corda.djvm.code.asPackagePath
 import net.corda.djvm.code.asResourcePath
 import net.corda.djvm.references.ClassReference
 import net.corda.djvm.source.ClassSource
@@ -33,7 +36,7 @@ class SandboxClassLoader(
     /**
      * The analyzer used to traverse the class hierarchy.
      */
-    val analyzer: ClassAndMemberVisitor
+    private val analyzer: ClassAndMemberVisitor
         get() = ruleValidator
 
     /**
@@ -56,6 +59,18 @@ class SandboxClassLoader(
      */
     private val rewriter: ClassRewriter = ClassRewriter(configuration, supportingClassLoader)
 
+    /**
+     * We need to load this class up front, so that we can identify sandboxed exception classes.
+     */
+    private val throwableClass: Class<*>
+
+    init {
+        // Bootstrap the loading of the sandboxed Throwable class.
+        loadClassAndBytes(ClassSource.fromClassName("sandbox.java.lang.Object"), context)
+        loadClassAndBytes(ClassSource.fromClassName("sandbox.java.lang.StackTraceElement"), context)
+        throwableClass = loadClassAndBytes(ClassSource.fromClassName("sandbox.java.lang.Throwable"), context).type
+    }
+
     /**
      * Given a class name, provide its corresponding [LoadedClass] for the sandbox.
      */
@@ -77,11 +92,43 @@ class SandboxClassLoader(
      */
     @Throws(ClassNotFoundException::class)
     override fun loadClass(name: String, resolve: Boolean): Class<*> {
-        val source = ClassSource.fromClassName(name)
-        return if (name.startsWith("sandbox.") && !analysisConfiguration.isPinnedClass(source.internalClassName)) {
-            loadClassAndBytes(source, context).type
+        var clazz = findLoadedClass(name)
+        if (clazz == null) {
+            val source = ClassSource.fromClassName(name)
+            clazz = if (analysisConfiguration.isSandboxClass(source.internalClassName)) {
+                loadSandboxClass(source, context).type
+            } else {
+                super.loadClass(name, resolve)
+            }
+        }
+        if (resolve) {
+            resolveClass(clazz)
+        }
+        return clazz
+    }
+
+    private fun loadSandboxClass(source: ClassSource, context: AnalysisContext): LoadedClass {
+        return if (isDJVMException(source.internalClassName)) {
+            /**
+             * We need to load a DJVMException's owner class before we can create
+             * its wrapper exception. And loading the owner should also create the
+             * wrapper class automatically.
+             */
+            loadedClasses.getOrElse(source.internalClassName) {
+                loadSandboxClass(ClassSource.fromClassName(getDJVMExceptionOwner(source.qualifiedClassName)), context)
+                loadedClasses[source.internalClassName]
+            } ?: throw ClassNotFoundException(source.qualifiedClassName)
         } else {
-            super.loadClass(name, resolve)
+            loadClassAndBytes(source, context).also { clazz ->
+                /**
+                 * Check whether we've just loaded an unpinned sandboxed throwable class.
+                 * If we have, we may also need to synthesise a throwable wrapper for it.
+                 */
+                if (throwableClass.isAssignableFrom(clazz.type) && !analysisConfiguration.isJvmException(source.internalClassName)) {
+                    logger.debug("Generating synthetic throwable for ${source.qualifiedClassName}")
+                    loadWrapperFor(clazz.type)
+                }
+            }
         }
     }
 
@@ -134,7 +181,7 @@ class SandboxClassLoader(
         }
 
         // Try to define the transformed class.
-        val clazz = try {
+        val clazz: Class<*> = try {
             when {
                 whitelistedClasses.matches(sourceName.asResourcePath) -> supportingClassLoader.loadClass(sourceName)
                 else -> defineClass(resolvedName, byteCode.bytes, 0, byteCode.bytes.size)
@@ -167,6 +214,15 @@ class SandboxClassLoader(
         }
     }
 
+    private fun loadWrapperFor(throwable: Class<*>): LoadedClass {
+        val className = analysisConfiguration.exceptionResolver.getThrowableName(throwable)
+        return loadedClasses.getOrPut(className) {
+            val superName = analysisConfiguration.exceptionResolver.getThrowableSuperName(throwable)
+            val byteCode = ThrowableWrapperFactory.toByteCode(className, superName)
+            LoadedClass(defineClass(className.asPackagePath, byteCode.bytes, 0, byteCode.bytes.size), byteCode)
+        }
+    }
+
     private companion object {
         private val logger = loggerFor<SandboxClassLoader>()
         private val UNMODIFIED = ByteCode(ByteArray(0), false)
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt
index 7412999727..9f90981f57 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/SandboxClassRemapper.kt
@@ -3,7 +3,6 @@ package net.corda.djvm.rewiring
 import net.corda.djvm.analysis.AnalysisConfiguration
 import net.corda.djvm.analysis.ClassAndMemberVisitor.Companion.API_VERSION
 import org.objectweb.asm.ClassVisitor
-import org.objectweb.asm.Label
 import org.objectweb.asm.MethodVisitor
 import org.objectweb.asm.commons.ClassRemapper
 
@@ -35,11 +34,6 @@ class SandboxClassRemapper(cv: ClassVisitor, private val configuration: Analysis
             return mapperFor(method).visitMethodInsn(opcode, owner, name, descriptor, isInterface)
         }
 
-        override fun visitTryCatchBlock(start: Label, end: Label, handler: Label, type: String?) {
-            // Don't map caught exception names - these could be thrown by the JVM itself.
-            nonmapper.visitTryCatchBlock(start, end, handler, type)
-        }
-
         override fun visitFieldInsn(opcode: Int, owner: String, name: String, descriptor: String) {
             val field = Element(owner, name, descriptor)
             return mapperFor(field).visitFieldInsn(opcode, owner, name, descriptor)
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rewiring/ThrowableWrapperFactory.kt b/djvm/src/main/kotlin/net/corda/djvm/rewiring/ThrowableWrapperFactory.kt
new file mode 100644
index 0000000000..3557ed50cf
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rewiring/ThrowableWrapperFactory.kt
@@ -0,0 +1,152 @@
+package net.corda.djvm.rewiring
+
+import net.corda.djvm.analysis.ExceptionResolver.Companion.isDJVMException
+import net.corda.djvm.code.djvmException
+import org.objectweb.asm.ClassWriter
+import org.objectweb.asm.Opcodes.*
+
+/**
+ * Generates a synthetic [Throwable] class that will wrap a [sandbox.java.lang.Throwable].
+ * Only exceptions which are NOT thrown by the JVM will be accompanied one of these.
+ */
+class ThrowableWrapperFactory(
+    private val className: String,
+    private val superName: String
+) {
+    companion object {
+        const val CONSTRUCTOR_DESCRIPTOR = "(Lsandbox/java/lang/Throwable;)V"
+        const val FIELD_TYPE = "Lsandbox/java/lang/Throwable;"
+        const val THROWABLE_FIELD = "t"
+
+        fun toByteCode(className: String, superName: String): ByteCode {
+            val bytecode: ByteArray = with(ClassWriter(0)) {
+                ThrowableWrapperFactory(className, superName).accept(this)
+                toByteArray()
+            }
+            return ByteCode(bytecode, true)
+        }
+    }
+
+    /**
+     * Write bytecode for synthetic throwable wrapper class. All of
+     * these classes implement [sandbox.java.lang.DJVMException],
+     * either directly or indirectly.
+     */
+    fun accept(writer: ClassWriter) = with(writer) {
+        if (isDJVMException(superName)) {
+            childClass()
+        } else {
+            baseClass()
+        }
+    }
+
+    /**
+     * This is a "base" wrapper class that inherits from a JVM exception.
+     *
+     * <code>
+     *     public class CLASSNAME extends JAVA_EXCEPTION implements DJVMException {
+     *         private final sandbox.java.lang.Throwable t;
+     *
+     *         public CLASSNAME(sandbox.java.lang.Throwable t) {
+     *             this.t = t;
+     *         }
+     *
+     *         @Override
+     *         public final sandbox.java.lang.Throwable getThrowable() {
+     *             return t;
+     *         }
+     *
+     *         @Override
+     *         public final java.lang.Throwable fillInStackTrace() {
+     *             return this;
+     *         }
+     *     }
+     * </code>
+     */
+    private fun ClassWriter.baseClass() {
+        // Class definition
+        visit(
+            V1_8,
+            ACC_SYNTHETIC or ACC_PUBLIC,
+            className,
+            null,
+            superName,
+            arrayOf(djvmException)
+        )
+
+        // Private final field to hold the sandbox throwable object.
+        visitField(ACC_PRIVATE or ACC_FINAL, THROWABLE_FIELD, FIELD_TYPE, null, null)
+
+        // Constructor
+        visitMethod(ACC_PUBLIC, "<init>", CONSTRUCTOR_DESCRIPTOR, null, null).also { mv ->
+            mv.visitCode()
+            mv.visitVarInsn(ALOAD, 0)
+            mv.visitMethodInsn(INVOKESPECIAL, superName, "<init>", "()V", false)
+            mv.visitVarInsn(ALOAD, 0)
+            mv.visitVarInsn(ALOAD, 1)
+            mv.visitFieldInsn(PUTFIELD, className, THROWABLE_FIELD, FIELD_TYPE)
+            mv.visitInsn(RETURN)
+            mv.visitMaxs(2, 2)
+            mv.visitEnd()
+        }
+
+        // Getter method for the sandbox throwable object.
+        visitMethod(ACC_PUBLIC or ACC_FINAL, "getThrowable", "()$FIELD_TYPE", null, null).also { mv ->
+            mv.visitCode()
+            mv.visitVarInsn(ALOAD, 0)
+            mv.visitFieldInsn(GETFIELD, className, THROWABLE_FIELD, FIELD_TYPE)
+            mv.visitInsn(ARETURN)
+            mv.visitMaxs(1, 1)
+            mv.visitEnd()
+        }
+
+        // Prevent these wrappers from generating their own stack traces.
+        visitMethod(ACC_PUBLIC or ACC_FINAL, "fillInStackTrace", "()Ljava/lang/Throwable;", null, null).also { mv ->
+            mv.visitCode()
+            mv.visitVarInsn(ALOAD, 0)
+            mv.visitInsn(ARETURN)
+            mv.visitMaxs(1, 1)
+            mv.visitEnd()
+        }
+
+        // End of class
+        visitEnd()
+    }
+
+    /**
+     * This wrapper class inherits from another wrapper class.
+     *
+     * <code>
+     *     public class CLASSNAME extends SUPERNAME {
+     *         public CLASSNAME(sandbox.java.lang.Throwable t) {
+     *             super(t);
+     *         }
+     *     }
+     * </code>
+     */
+    private fun ClassWriter.childClass() {
+        // Class definition
+        visit(
+            V1_8,
+            ACC_SYNTHETIC or ACC_PUBLIC,
+            className,
+            null,
+            superName,
+            arrayOf()
+        )
+
+        // Constructor
+        visitMethod(ACC_PUBLIC, "<init>", CONSTRUCTOR_DESCRIPTOR, null, null).also { mv ->
+            mv.visitCode()
+            mv.visitVarInsn(ALOAD, 0)
+            mv.visitVarInsn(ALOAD, 1)
+            mv.visitMethodInsn(INVOKESPECIAL, superName, "<init>", CONSTRUCTOR_DESCRIPTOR, false)
+            mv.visitInsn(RETURN)
+            mv.visitMaxs(2, 2)
+            mv.visitEnd()
+        }
+
+        // End of class
+        visitEnd()
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowCatchingBlacklistedExceptions.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowCatchingBlacklistedExceptions.kt
index a5524ec12b..d898a747b0 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowCatchingBlacklistedExceptions.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/DisallowCatchingBlacklistedExceptions.kt
@@ -27,30 +27,36 @@ class DisallowCatchingBlacklistedExceptions : Emitter {
 
     companion object {
         private val disallowedExceptionTypes = setOf(
-                ruleViolationError,
-                thresholdViolationError,
+            ruleViolationError,
+            thresholdViolationError,
 
-                /**
-                 * These errors indicate that the JVM is failing,
-                 * so don't allow these to be caught either.
-                 */
-                "java/lang/StackOverflowError",
-                "java/lang/OutOfMemoryError",
+            /**
+             * These errors indicate that the JVM is failing,
+             * so don't allow these to be caught either.
+             */
+            "java/lang/StackOverflowError",
+            "java/lang/OutOfMemoryError",
 
-                /**
-                 * These are immediate super-classes for our explicit errors.
-                 */
-                "java/lang/VirtualMachineError",
-                "java/lang/ThreadDeath",
+            /**
+             * These are immediate super-classes for our explicit errors.
+             */
+            "java/lang/VirtualMachineError",
+            "java/lang/ThreadDeath",
 
-                /**
-                 * Any of [ThreadDeath] and [VirtualMachineError]'s throwable
-                 * super-classes also need explicit checking.
-                 */
-                "java/lang/Throwable",
-                "java/lang/Error"
+            /**
+             * Any of [ThreadDeath] and [VirtualMachineError]'s throwable
+             * super-classes also need explicit checking.
+             */
+            "java/lang/Throwable",
+            "java/lang/Error"
         )
 
     }
 
+    /**
+     * We need to invoke this emitter before the [HandleExceptionUnwrapper]
+     * so that we don't unwrap exceptions we don't want to catch.
+     */
+    override val priority: Int
+        get() = EMIT_TRAPPING_EXCEPTIONS
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/HandleExceptionUnwrapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/HandleExceptionUnwrapper.kt
new file mode 100644
index 0000000000..b616128b85
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/HandleExceptionUnwrapper.kt
@@ -0,0 +1,46 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.code.EMIT_HANDLING_EXCEPTIONS
+import net.corda.djvm.code.Emitter
+import net.corda.djvm.code.EmitterContext
+import net.corda.djvm.code.Instruction
+import net.corda.djvm.code.instructions.CodeLabel
+import net.corda.djvm.code.instructions.TryBlock
+import org.objectweb.asm.Label
+
+/**
+ * Converts an exception from [java.lang.Throwable] to [sandbox.java.lang.Throwable]
+ * at the beginning of either a catch block or a finally block.
+ */
+class HandleExceptionUnwrapper : Emitter {
+    private val handlers = mutableMapOf<Label, String>()
+
+    override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+        if (instruction is TryBlock) {
+            handlers[instruction.handler] = instruction.typeName
+        } else if (instruction is CodeLabel) {
+            handlers[instruction.label]?.let { exceptionType ->
+                if (exceptionType.isNotEmpty()) {
+                    /**
+                     * This is a catch block; the wrapping function is allowed to throw exceptions.
+                     */
+                    invokeStatic("sandbox/java/lang/DJVM", "catch", "(Ljava/lang/Throwable;)Lsandbox/java/lang/Throwable;")
+
+                    /**
+                     * When catching exceptions, we also need to tell the verifier which
+                     * which kind of [sandbox.java.lang.Throwable] to expect this to be.
+                     */
+                    castObjectTo(exceptionType)
+                } else {
+                    /**
+                     * This is a finally block; the wrapping function MUST NOT throw exceptions.
+                     */
+                    invokeStatic("sandbox/java/lang/DJVM", "finally", "(Ljava/lang/Throwable;)Lsandbox/java/lang/Throwable;")
+                }
+            }
+        }
+    }
+
+    override val priority: Int
+        get() = EMIT_HANDLING_EXCEPTIONS
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ThrowExceptionWrapper.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ThrowExceptionWrapper.kt
new file mode 100644
index 0000000000..037b4012b0
--- /dev/null
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/ThrowExceptionWrapper.kt
@@ -0,0 +1,20 @@
+package net.corda.djvm.rules.implementation
+
+import net.corda.djvm.code.Emitter
+import net.corda.djvm.code.EmitterContext
+import net.corda.djvm.code.Instruction
+import org.objectweb.asm.Opcodes.ATHROW
+
+/**
+ * Converts a [sandbox.java.lang.Throwable] into a [java.lang.Throwable]
+ * so that the JVM can throw it.
+ */
+class ThrowExceptionWrapper : Emitter {
+    override fun emit(context: EmitterContext, instruction: Instruction) = context.emit {
+        when (instruction.operation) {
+            ATHROW -> {
+                invokeStatic("sandbox/java/lang/DJVM", "fromDJVM", "(Lsandbox/java/lang/Throwable;)Ljava/lang/Throwable;")
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceAllocations.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceAllocations.kt
index 839ac609bc..a8577c19ac 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceAllocations.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceAllocations.kt
@@ -1,5 +1,6 @@
 package net.corda.djvm.rules.implementation.instrumentation
 
+import net.corda.djvm.code.EMIT_TRACING
 import net.corda.djvm.code.Emitter
 import net.corda.djvm.code.EmitterContext
 import net.corda.djvm.code.Instruction
@@ -40,7 +41,7 @@ class TraceAllocations : Emitter {
         }
     }
 
-    override val isTracer: Boolean
-        get() = true
+    override val priority: Int
+        get() = EMIT_TRACING
 
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceInvocations.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceInvocations.kt
index b71f1f4657..cafafba1ea 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceInvocations.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceInvocations.kt
@@ -1,5 +1,6 @@
 package net.corda.djvm.rules.implementation.instrumentation
 
+import net.corda.djvm.code.EMIT_TRACING
 import net.corda.djvm.code.Emitter
 import net.corda.djvm.code.EmitterContext
 import net.corda.djvm.code.Instruction
@@ -17,7 +18,7 @@ class TraceInvocations : Emitter {
         }
     }
 
-    override val isTracer: Boolean
-        get() = true
+    override val priority: Int
+        get() = EMIT_TRACING
 
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceJumps.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceJumps.kt
index 1d7695380b..ce4e41eaa8 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceJumps.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceJumps.kt
@@ -1,5 +1,6 @@
 package net.corda.djvm.rules.implementation.instrumentation
 
+import net.corda.djvm.code.EMIT_TRACING
 import net.corda.djvm.code.Emitter
 import net.corda.djvm.code.EmitterContext
 import net.corda.djvm.code.Instruction
@@ -17,7 +18,7 @@ class TraceJumps : Emitter {
         }
     }
 
-    override val isTracer: Boolean
-        get() = true
+    override val priority: Int
+        get() = EMIT_TRACING
 
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceThrows.kt b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceThrows.kt
index b4756b272e..dc8064ff15 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceThrows.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/rules/implementation/instrumentation/TraceThrows.kt
@@ -1,5 +1,6 @@
 package net.corda.djvm.rules.implementation.instrumentation
 
+import net.corda.djvm.code.EMIT_TRACING
 import net.corda.djvm.code.Emitter
 import net.corda.djvm.code.EmitterContext
 import net.corda.djvm.code.Instruction
@@ -17,7 +18,7 @@ class TraceThrows : Emitter {
         }
     }
 
-    override val isTracer: Boolean
-        get() = true
+    override val priority: Int
+        get() = EMIT_TRACING
 
 }
diff --git a/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt b/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt
index 99ef5319fb..4cb15b9194 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/source/ClassSource.kt
@@ -21,12 +21,14 @@ class ClassSource private constructor(
         /**
          * Instantiate a [ClassSource] from a fully qualified class name.
          */
+        @JvmStatic
         fun fromClassName(className: String, origin: String? = null) =
                 ClassSource(className, origin)
 
         /**
          * Instantiate a [ClassSource] from a file on disk.
          */
+        @JvmStatic
         fun fromPath(path: Path) = PathClassSource(path)
 
         /**
diff --git a/djvm/src/main/kotlin/net/corda/djvm/source/SourceClassLoader.kt b/djvm/src/main/kotlin/net/corda/djvm/source/SourceClassLoader.kt
index 8b4789f8df..fbc0f1b0f0 100644
--- a/djvm/src/main/kotlin/net/corda/djvm/source/SourceClassLoader.kt
+++ b/djvm/src/main/kotlin/net/corda/djvm/source/SourceClassLoader.kt
@@ -2,6 +2,8 @@ package net.corda.djvm.source
 
 import net.corda.djvm.analysis.AnalysisContext
 import net.corda.djvm.analysis.ClassResolver
+import net.corda.djvm.analysis.ExceptionResolver.Companion.getDJVMExceptionOwner
+import net.corda.djvm.analysis.ExceptionResolver.Companion.isDJVMException
 import net.corda.djvm.analysis.SourceLocation
 import net.corda.djvm.code.asResourcePath
 import net.corda.djvm.messages.Message
@@ -61,7 +63,15 @@ abstract class AbstractSourceClassLoader(
      */
     override fun loadClass(name: String, resolve: Boolean): Class<*> {
         logger.trace("Loading class {}, resolve={}...", name, resolve)
-        val originalName = classResolver.reverseNormalized(name)
+        val originalName = classResolver.reverseNormalized(name).let { n ->
+            // A synthetic exception should be mapped back to its
+            // corresponding exception in the original hierarchy.
+            if (isDJVMException(n)) {
+                getDJVMExceptionOwner(n)
+            } else {
+                n
+            }
+        }
         return super.loadClass(originalName, resolve)
     }
 
diff --git a/djvm/src/main/kotlin/sandbox/Task.kt b/djvm/src/main/kotlin/sandbox/Task.kt
index 8a2bbab78a..0be04225bf 100644
--- a/djvm/src/main/kotlin/sandbox/Task.kt
+++ b/djvm/src/main/kotlin/sandbox/Task.kt
@@ -6,7 +6,10 @@ import sandbox.java.lang.unsandbox
 
 typealias SandboxFunction<TInput, TOutput> = sandbox.java.util.function.Function<TInput, TOutput>
 
-@Suppress("unused")
+internal fun isEntryPoint(elt: java.lang.StackTraceElement): Boolean {
+    return elt.className == "sandbox.Task" && elt.methodName == "apply"
+}
+
 class Task(private val function: SandboxFunction<in Any?, out Any?>?) : SandboxFunction<Any?, Any?> {
 
     /**
diff --git a/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt b/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt
index b6a3acdc77..a098d78020 100644
--- a/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt
+++ b/djvm/src/main/kotlin/sandbox/java/lang/DJVM.kt
@@ -2,19 +2,25 @@
 @file:Suppress("unused")
 package sandbox.java.lang
 
+import net.corda.djvm.analysis.AnalysisConfiguration.Companion.JVM_EXCEPTIONS
+import net.corda.djvm.analysis.ExceptionResolver.Companion.getDJVMException
+import net.corda.djvm.rules.implementation.*
 import org.objectweb.asm.Opcodes.ACC_ENUM
+import org.objectweb.asm.Type
+import sandbox.isEntryPoint
+import sandbox.net.corda.djvm.rules.RuleViolationError
 
 private const val SANDBOX_PREFIX = "sandbox."
 
 fun Any.unsandbox(): Any {
     return when (this) {
-        is Enum<*> -> fromDJVMEnum()
         is Object -> fromDJVM()
         is Array<*> -> fromDJVMArray()
         else -> this
     }
 }
 
+@Throws(ClassNotFoundException::class)
 fun Any.sandbox(): Any {
     return when (this) {
         is kotlin.String -> String.toDJVM(this)
@@ -27,6 +33,7 @@ fun Any.sandbox(): Any {
         is kotlin.Double -> Double.toDJVM(this)
         is kotlin.Boolean -> Boolean.toDJVM(this)
         is kotlin.Enum<*> -> toDJVMEnum()
+        is kotlin.Throwable -> toDJVMThrowable()
         is Array<*> -> toDJVMArray<Object>()
         else -> this
     }
@@ -38,8 +45,11 @@ private fun Array<*>.fromDJVMArray(): Array<*> = Object.fromDJVM(this)
  * These functions use the "current" classloader, i.e. classloader
  * that owns this DJVM class.
  */
-private fun Class<*>.toDJVMType(): Class<*> = Class.forName(name.toSandboxPackage())
-private fun Class<*>.fromDJVMType(): Class<*> = Class.forName(name.fromSandboxPackage())
+@Throws(ClassNotFoundException::class)
+internal fun Class<*>.toDJVMType(): Class<*> = Class.forName(name.toSandboxPackage())
+
+@Throws(ClassNotFoundException::class)
+internal fun Class<*>.fromDJVMType(): Class<*> = Class.forName(name.fromSandboxPackage())
 
 private fun kotlin.String.toSandboxPackage(): kotlin.String {
     return if (startsWith(SANDBOX_PREFIX)) {
@@ -66,10 +76,12 @@ private inline fun <reified T : Object> Array<*>.toDJVMArray(): Array<out T?> {
     }
 }
 
-private fun Enum<*>.fromDJVMEnum(): kotlin.Enum<*> {
+@Throws(ClassNotFoundException::class)
+internal fun Enum<*>.fromDJVMEnum(): kotlin.Enum<*> {
     return javaClass.fromDJVMType().enumConstants[ordinal()] as kotlin.Enum<*>
 }
 
+@Throws(ClassNotFoundException::class)
 private fun kotlin.Enum<*>.toDJVMEnum(): Enum<*> {
     @Suppress("unchecked_cast")
     return (getEnumConstants(javaClass.toDJVMType() as Class<Enum<*>>) as Array<Enum<*>>)[ordinal]
@@ -87,10 +99,11 @@ fun getEnumConstants(clazz: Class<out Enum<*>>): Array<*>? {
 
 internal fun enumConstantDirectory(clazz: Class<out Enum<*>>): sandbox.java.util.Map<String, out Enum<*>>? {
     // DO NOT replace get with Kotlin's [] because Kotlin would use java.util.Map.
+    @Suppress("ReplaceGetOrSet")
     return allEnumDirectories.get(clazz) ?: createEnumDirectory(clazz)
 }
 
-@Suppress("unchecked_cast")
+@Suppress("unchecked_cast", "ReplaceGetOrSet")
 internal fun getEnumConstantsShared(clazz: Class<out Enum<*>>): Array<out Enum<*>>? {
     return if (isEnum(clazz)) {
         // DO NOT replace get with Kotlin's [] because Kotlin would use java.util.Map.
@@ -100,7 +113,7 @@ internal fun getEnumConstantsShared(clazz: Class<out Enum<*>>): Array<out Enum<*
     }
 }
 
-@Suppress("unchecked_cast")
+@Suppress("unchecked_cast", "ReplacePutWithAssignment" )
 private fun createEnum(clazz: Class<out Enum<*>>): Array<out Enum<*>>? {
     return clazz.getMethod("values").let { method ->
         method.isAccessible = true
@@ -109,6 +122,7 @@ private fun createEnum(clazz: Class<out Enum<*>>): Array<out Enum<*>>? {
     }?.apply { allEnums.put(clazz, this) }
 }
 
+@Suppress("ReplacePutWithAssignment")
 private fun createEnumDirectory(clazz: Class<out Enum<*>>): sandbox.java.util.Map<String, out Enum<*>> {
     val universe = getEnumConstantsShared(clazz) ?: throw IllegalArgumentException("${clazz.name} is not an enum type")
     val directory = sandbox.java.util.LinkedHashMap<String, Enum<*>>(2 * universe.size)
@@ -154,5 +168,130 @@ private fun toSandbox(className: kotlin.String): kotlin.String {
 private val bannedClasses = setOf(
     "^java\\.lang\\.DJVM(.*)?\$".toRegex(),
     "^net\\.corda\\.djvm\\..*\$".toRegex(),
-    "^Task\$".toRegex()
+    "^Task(.*)?\$".toRegex()
 )
+
+/**
+ * Exception Management.
+ *
+ * This function converts a [sandbox.java.lang.Throwable] into a
+ * [java.lang.Throwable] that the JVM can actually throw.
+ */
+fun fromDJVM(t: Throwable?): kotlin.Throwable {
+    return if (t is DJVMThrowableWrapper) {
+        // We must be exiting a finally block.
+        t.fromDJVM()
+    } else {
+        try {
+            /**
+             * Someone has created a [sandbox.java.lang.Throwable]
+             * and is (re?)throwing it.
+             */
+            val sandboxedName = t!!.javaClass.name
+            if (Type.getInternalName(t.javaClass) in JVM_EXCEPTIONS) {
+                // We map these exceptions to their equivalent JVM classes.
+                Class.forName(sandboxedName.fromSandboxPackage()).createJavaThrowable(t)
+            } else {
+                // Whereas the sandbox creates a synthetic throwable wrapper for these.
+                Class.forName(getDJVMException(sandboxedName))
+                    .getDeclaredConstructor(sandboxThrowable)
+                    .newInstance(t) as kotlin.Throwable
+            }
+        } catch (e: Exception) {
+            RuleViolationError(e.message)
+        }
+    }
+}
+
+/**
+ * Wraps a [java.lang.Throwable] inside a [sandbox.java.lang.Throwable].
+ * This function is invoked at the beginning of a finally block, and
+ * so does not need to return a reference to the equivalent sandboxed
+ * exception. The finally block only needs to be able to re-throw the
+ * original exception when it finishes.
+ */
+fun finally(t: kotlin.Throwable): Throwable = DJVMThrowableWrapper(t)
+
+/**
+ * Converts a [java.lang.Throwable] into a [sandbox.java.lang.Throwable].
+ * It is invoked at the start of each catch block.
+ *
+ * Note: [DisallowCatchingBlacklistedExceptions] means that we don't
+ * need to handle [ThreadDeath] here.
+ */
+fun catch(t: kotlin.Throwable): Throwable {
+    try {
+        return t.toDJVMThrowable()
+    } catch (e: Exception) {
+        throw RuleViolationError(e.message)
+    }
+}
+
+/**
+ * Worker functions to convert [java.lang.Throwable] into [sandbox.java.lang.Throwable].
+ */
+private fun kotlin.Throwable.toDJVMThrowable(): Throwable {
+    return (this as? DJVMException)?.getThrowable() ?: javaClass.toDJVMType().createDJVMThrowable(this)
+}
+
+/**
+ * Creates a new [sandbox.java.lang.Throwable] from a [java.lang.Throwable],
+ * which was probably thrown by the JVM itself.
+ */
+private fun Class<*>.createDJVMThrowable(t: kotlin.Throwable): Throwable {
+    return (try {
+        getDeclaredConstructor(String::class.java).newInstance(String.toDJVM(t.message))
+    } catch (e: NoSuchMethodException) {
+        newInstance()
+    } as Throwable).apply {
+        t.cause?.also {
+            initCause(it.toDJVMThrowable())
+        }
+        stackTrace = sanitiseToDJVM(t.stackTrace)
+    }
+}
+
+private fun Class<*>.createJavaThrowable(t: Throwable): kotlin.Throwable {
+    return (try {
+        getDeclaredConstructor(kotlin.String::class.java).newInstance(String.fromDJVM(t.message))
+    } catch (e: NoSuchMethodException) {
+        newInstance()
+    } as kotlin.Throwable).apply {
+        t.cause?.also {
+            initCause(fromDJVM(it))
+        }
+        stackTrace = copyFromDJVM(t.stackTrace)
+    }
+}
+
+private fun sanitiseToDJVM(source: Array<java.lang.StackTraceElement>): Array<StackTraceElement> {
+    var idx = 0
+    while (idx < source.size && !isEntryPoint(source[idx])) {
+        ++idx
+    }
+    return copyToDJVM(source, 0, idx)
+}
+
+internal fun copyToDJVM(source: Array<java.lang.StackTraceElement>, fromIdx: Int, toIdx: Int): Array<StackTraceElement> {
+    return source.sliceArray(fromIdx until toIdx).map(::toDJVM).toTypedArray()
+}
+
+private fun toDJVM(elt: java.lang.StackTraceElement) = StackTraceElement(
+    String.toDJVM(elt.className),
+    String.toDJVM(elt.methodName),
+    String.toDJVM(elt.fileName),
+    elt.lineNumber
+)
+
+private fun copyFromDJVM(source: Array<StackTraceElement>): Array<java.lang.StackTraceElement> {
+    return source.map(::fromDJVM).toTypedArray()
+}
+
+private fun fromDJVM(elt: StackTraceElement) = java.lang.StackTraceElement(
+    String.fromDJVM(elt.className),
+    String.fromDJVM(elt.methodName),
+    String.fromDJVM(elt.fileName),
+    elt.lineNumber
+)
+
+private val sandboxThrowable: Class<*> = Throwable::class.java
diff --git a/djvm/src/main/kotlin/sandbox/java/lang/DJVMException.kt b/djvm/src/main/kotlin/sandbox/java/lang/DJVMException.kt
new file mode 100644
index 0000000000..553e8533ab
--- /dev/null
+++ b/djvm/src/main/kotlin/sandbox/java/lang/DJVMException.kt
@@ -0,0 +1,12 @@
+package sandbox.java.lang
+
+/**
+ * All synthetic [Throwable] classes wrapping non-JVM exceptions
+ * will implement this interface.
+ */
+interface DJVMException {
+    /**
+     * Returns the [sandbox.java.lang.Throwable] instance inside the wrapper.
+     */
+    fun getThrowable(): Throwable
+}
\ No newline at end of file
diff --git a/djvm/src/main/kotlin/sandbox/net/corda/djvm/costing/ThresholdViolationError.kt b/djvm/src/main/kotlin/sandbox/net/corda/djvm/costing/ThresholdViolationError.kt
index 0fe4283caf..b312a4091f 100644
--- a/djvm/src/main/kotlin/sandbox/net/corda/djvm/costing/ThresholdViolationError.kt
+++ b/djvm/src/main/kotlin/sandbox/net/corda/djvm/costing/ThresholdViolationError.kt
@@ -6,4 +6,4 @@ package sandbox.net.corda.djvm.costing
  *
  * @property message The description of the condition causing the problem.
  */
-class ThresholdViolationError(override val message: String) : ThreadDeath()
+class ThresholdViolationError(override val message: String?) : ThreadDeath()
diff --git a/djvm/src/main/kotlin/sandbox/net/corda/djvm/rules/RuleViolationError.kt b/djvm/src/main/kotlin/sandbox/net/corda/djvm/rules/RuleViolationError.kt
index 24b0e73775..1bd39bdf39 100644
--- a/djvm/src/main/kotlin/sandbox/net/corda/djvm/rules/RuleViolationError.kt
+++ b/djvm/src/main/kotlin/sandbox/net/corda/djvm/rules/RuleViolationError.kt
@@ -7,4 +7,4 @@ package sandbox.net.corda.djvm.rules
  *
  * @property message The description of the condition causing the problem.
  */
-class RuleViolationError(override val message: String) : ThreadDeath()
\ No newline at end of file
+class RuleViolationError(override val message: String?) : ThreadDeath()
\ No newline at end of file
diff --git a/djvm/src/test/java/net/corda/djvm/WithJava.java b/djvm/src/test/java/net/corda/djvm/WithJava.java
new file mode 100644
index 0000000000..3e8cf05145
--- /dev/null
+++ b/djvm/src/test/java/net/corda/djvm/WithJava.java
@@ -0,0 +1,24 @@
+package net.corda.djvm;
+
+import net.corda.djvm.execution.ExecutionSummaryWithResult;
+import net.corda.djvm.execution.SandboxExecutor;
+import net.corda.djvm.source.ClassSource;
+
+import java.util.function.Function;
+
+public interface WithJava {
+
+    static <T,R> ExecutionSummaryWithResult<R> run(
+            SandboxExecutor<T, R> executor, Class<? extends Function<T,R>> task, T input) {
+        try {
+            return executor.run(ClassSource.fromClassName(task.getName(), null), input);
+        } catch (Exception e) {
+            if (e instanceof RuntimeException) {
+                throw (RuntimeException) e;
+            } else {
+                throw new RuntimeException(e.getMessage(), e);
+            }
+        }
+    }
+
+}
diff --git a/djvm/src/test/java/net/corda/djvm/execution/SandboxEnumJavaTest.java b/djvm/src/test/java/net/corda/djvm/execution/SandboxEnumJavaTest.java
new file mode 100644
index 0000000000..0343d9517d
--- /dev/null
+++ b/djvm/src/test/java/net/corda/djvm/execution/SandboxEnumJavaTest.java
@@ -0,0 +1,106 @@
+package net.corda.djvm.execution;
+
+import net.corda.djvm.TestBase;
+import net.corda.djvm.WithJava;
+import static net.corda.djvm.messages.Severity.*;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import org.junit.Test;
+
+import java.util.EnumMap;
+import java.util.EnumSet;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Stream;
+
+import static java.util.Collections.emptySet;
+
+public class SandboxEnumJavaTest extends TestBase {
+
+    @Test
+    public void testEnumInsideSandbox() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<Integer, String[]> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+            ExecutionSummaryWithResult<String[]> output = WithJava.run(executor, TransformEnum.class, 0);
+            assertThat(output.getResult())
+                    .isEqualTo(new String[]{ "ONE", "TWO", "THREE" });
+            return null;
+        });
+    }
+
+    @Test
+    public void testReturnEnumFromSandbox() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<String, ExampleEnum> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+            ExecutionSummaryWithResult<ExampleEnum> output = WithJava.run(executor, FetchEnum.class, "THREE");
+            assertThat(output.getResult())
+                    .isEqualTo(ExampleEnum.THREE);
+            return null;
+        });
+    }
+
+    @Test
+    public void testWeCanIdentifyClassAsEnum() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<ExampleEnum, Boolean> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+            ExecutionSummaryWithResult<Boolean> output = WithJava.run(executor, AssertEnum.class, ExampleEnum.THREE);
+            assertThat(output.getResult()).isTrue();
+            return null;
+        });
+    }
+
+    @Test
+    public void testWeCanCreateEnumMap() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<ExampleEnum, Integer> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+            ExecutionSummaryWithResult<Integer> output = WithJava.run(executor, UseEnumMap.class, ExampleEnum.TWO);
+            assertThat(output.getResult()).isEqualTo(1);
+            return null;
+        });
+    }
+
+    @Test
+    public void testWeCanCreateEnumSet() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<ExampleEnum, Boolean> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+            ExecutionSummaryWithResult<Boolean> output = WithJava.run(executor, UseEnumSet.class, ExampleEnum.ONE);
+            assertThat(output.getResult()).isTrue();
+            return null;
+        });
+    }
+
+    public static class AssertEnum implements Function<ExampleEnum, Boolean> {
+        @Override
+        public Boolean apply(ExampleEnum input) {
+            return input.getClass().isEnum();
+        }
+    }
+
+    public static class TransformEnum implements Function<Integer, String[]> {
+        @Override
+        public String[] apply(Integer input) {
+            return Stream.of(ExampleEnum.values()).map(ExampleEnum::name).toArray(String[]::new);
+        }
+    }
+
+    public static class FetchEnum implements Function<String, ExampleEnum> {
+        public ExampleEnum apply(String input) {
+            return ExampleEnum.valueOf(input);
+        }
+    }
+
+    public static class UseEnumMap implements Function<ExampleEnum, Integer> {
+        @Override
+        public Integer apply(ExampleEnum input) {
+            Map<ExampleEnum, String> map = new EnumMap<>(ExampleEnum.class);
+            map.put(input, input.name());
+            return map.size();
+        }
+    }
+
+    public static class UseEnumSet implements Function<ExampleEnum, Boolean> {
+        @Override
+        public Boolean apply(ExampleEnum input) {
+            return EnumSet.allOf(ExampleEnum.class).contains(input);
+        }
+    }
+}
diff --git a/djvm/src/test/java/net/corda/djvm/execution/SandboxThrowableJavaTest.java b/djvm/src/test/java/net/corda/djvm/execution/SandboxThrowableJavaTest.java
new file mode 100644
index 0000000000..26203f641b
--- /dev/null
+++ b/djvm/src/test/java/net/corda/djvm/execution/SandboxThrowableJavaTest.java
@@ -0,0 +1,79 @@
+package net.corda.djvm.execution;
+
+import net.corda.djvm.TestBase;
+import net.corda.djvm.WithJava;
+import static net.corda.djvm.messages.Severity.*;
+
+import org.junit.Test;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.function.Function;
+
+import static java.util.Collections.emptySet;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+public class SandboxThrowableJavaTest extends TestBase {
+
+    @Test
+    public void testUserExceptionHandling() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<String, String[]> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+            ExecutionSummaryWithResult<String[]> output = WithJava.run(executor, ThrowAndCatchJavaExample.class, "Hello World!");
+            assertThat(output.getResult())
+                    .isEqualTo(new String[]{ "FIRST FINALLY", "BASE EXCEPTION", "Hello World!", "SECOND FINALLY" });
+            return null;
+        });
+    }
+
+    @Test
+    public void testCheckedExceptions() {
+        sandbox(new Object[]{ DEFAULT }, emptySet(), WARNING, true, ctx -> {
+            SandboxExecutor<String, String> executor = new DeterministicSandboxExecutor<>(ctx.getConfiguration());
+
+            ExecutionSummaryWithResult<String> success = WithJava.run(executor, JavaWithCheckedExceptions.class, "http://localhost:8080/hello/world");
+            assertThat(success.getResult()).isEqualTo("/hello/world");
+
+            ExecutionSummaryWithResult<String> failure = WithJava.run(executor, JavaWithCheckedExceptions.class, "nasty string");
+            assertThat(failure.getResult()).isEqualTo("CATCH:Illegal character in path at index 5: nasty string");
+
+            return null;
+        });
+    }
+
+    public static class ThrowAndCatchJavaExample implements Function<String, String[]> {
+        @Override
+        public String[] apply(String input) {
+            List<String> data = new LinkedList<>();
+            try {
+                try {
+                    throw new MyExampleException(input);
+                } finally {
+                    data.add("FIRST FINALLY");
+                }
+            } catch (MyBaseException e) {
+                data.add("BASE EXCEPTION");
+                data.add(e.getMessage());
+            } catch (Exception e) {
+                data.add("NOT THIS ONE!");
+            } finally {
+                data.add("SECOND FINALLY");
+            }
+
+            return data.toArray(new String[0]);
+        }
+    }
+
+    public static class JavaWithCheckedExceptions implements Function<String, String> {
+        @Override
+        public String apply(String input) {
+            try {
+                return new URI(input).getPath();
+            } catch (URISyntaxException e) {
+                return "CATCH:" + e.getMessage();
+            }
+        }
+    }
+}
diff --git a/djvm/src/test/kotlin/net/corda/djvm/DJVMExceptionTest.kt b/djvm/src/test/kotlin/net/corda/djvm/DJVMExceptionTest.kt
new file mode 100644
index 0000000000..886b1efacc
--- /dev/null
+++ b/djvm/src/test/kotlin/net/corda/djvm/DJVMExceptionTest.kt
@@ -0,0 +1,100 @@
+package net.corda.djvm
+
+import org.assertj.core.api.Assertions.assertThat
+import org.assertj.core.api.Assertions.assertThatExceptionOfType
+import org.junit.Test
+import sandbox.SandboxFunction
+import sandbox.Task
+import sandbox.java.lang.sandbox
+
+class DJVMExceptionTest {
+    @Test
+    fun testSingleException() {
+        val result = Task(SingleExceptionTask()).apply("Hello World")
+        assertThat(result).isInstanceOf(Throwable::class.java)
+        result as Throwable
+
+        assertThat(result.message).isEqualTo("Hello World")
+        assertThat(result.cause).isNull()
+        assertThat(result.stackTrace)
+            .hasSize(2)
+            .allSatisfy { it is StackTraceElement && it.className == result.javaClass.name }
+    }
+
+    @Test
+    fun testMultipleExceptions() {
+        val result = Task(MultipleExceptionsTask()).apply("Hello World")
+        assertThat(result).isInstanceOf(Throwable::class.java)
+        result as Throwable
+
+        assertThat(result.message).isEqualTo("Hello World(1)(2)")
+        assertThat(result.cause).isInstanceOf(Throwable::class.java)
+        assertThat(result.stackTrace)
+            .hasSize(2)
+            .allSatisfy { it is StackTraceElement && it.className == result.javaClass.name }
+        val resultLineNumbers = result.stackTrace.toLineNumbers()
+
+        val firstCause = result.cause as Throwable
+        assertThat(firstCause.message).isEqualTo("Hello World(1)")
+        assertThat(firstCause.cause).isInstanceOf(Throwable::class.java)
+        assertThat(firstCause.stackTrace)
+            .hasSize(2)
+            .allSatisfy { it is StackTraceElement && it.className == result.javaClass.name }
+        val firstCauseLineNumbers = firstCause.stackTrace.toLineNumbers()
+
+        val rootCause = firstCause.cause as Throwable
+        assertThat(rootCause.message).isEqualTo("Hello World")
+        assertThat(rootCause.cause).isNull()
+        assertThat(rootCause.stackTrace)
+            .hasSize(2)
+            .allSatisfy { it is StackTraceElement && it.className == result.javaClass.name }
+        val rootCauseLineNumbers = rootCause.stackTrace.toLineNumbers()
+
+        // These stack traces should share one line number and have one distinct line number each.
+        assertThat(resultLineNumbers.toSet() + firstCauseLineNumbers.toSet() + rootCauseLineNumbers.toSet())
+            .hasSize(4)
+    }
+
+    @Test
+    fun testJavaThrowableToSandbox() {
+        val result = Throwable("Hello World").sandbox()
+        assertThat(result).isInstanceOf(sandbox.java.lang.Throwable::class.java)
+        result as sandbox.java.lang.Throwable
+
+        assertThat(result.message).isEqualTo("Hello World".toDJVM())
+        assertThat(result.stackTrace).isNotEmpty()
+        assertThat(result.cause).isNull()
+    }
+
+    @Test
+    fun testWeTryToCreateCorrectSandboxExceptionsAtRuntime() {
+        assertThatExceptionOfType(ClassNotFoundException::class.java)
+            .isThrownBy { Exception("Hello World").sandbox() }
+            .withMessage("sandbox.java.lang.Exception")
+        assertThatExceptionOfType(ClassNotFoundException::class.java)
+            .isThrownBy { RuntimeException("Hello World").sandbox() }
+            .withMessage("sandbox.java.lang.RuntimeException")
+    }
+}
+
+class SingleExceptionTask : SandboxFunction<Any?, sandbox.java.lang.Throwable> {
+    override fun apply(input: Any?): sandbox.java.lang.Throwable? {
+        return sandbox.java.lang.Throwable(input as? sandbox.java.lang.String)
+    }
+}
+
+class MultipleExceptionsTask : SandboxFunction<Any?, sandbox.java.lang.Throwable> {
+    override fun apply(input: Any?): sandbox.java.lang.Throwable? {
+        val root = sandbox.java.lang.Throwable(input as? sandbox.java.lang.String)
+        val nested = sandbox.java.lang.Throwable(root.message + "(1)", root)
+        return sandbox.java.lang.Throwable(nested.message + "(2)", nested)
+    }
+}
+
+private infix operator fun sandbox.java.lang.String.plus(s: String): sandbox.java.lang.String {
+    return (toString() + s).toDJVM()
+}
+
+private fun Array<StackTraceElement>.toLineNumbers(): IntArray {
+    return map(StackTraceElement::getLineNumber).toIntArray()
+}
\ No newline at end of file
diff --git a/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt b/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
index d71fa1a36a..37048ee7f2 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/DJVMTest.kt
@@ -113,14 +113,4 @@ class DJVMTest {
         assertArrayEquals(ByteArray(1) { 127.toByte() }, result[9] as ByteArray)
         assertArrayEquals(CharArray(1) { '?' }, result[10] as CharArray)
     }
-
-    private fun String.toDJVM(): sandbox.java.lang.String = sandbox.java.lang.String.toDJVM(this)
-    private fun Long.toDJVM(): sandbox.java.lang.Long = sandbox.java.lang.Long.toDJVM(this)
-    private fun Int.toDJVM(): sandbox.java.lang.Integer = sandbox.java.lang.Integer.toDJVM(this)
-    private fun Short.toDJVM(): sandbox.java.lang.Short = sandbox.java.lang.Short.toDJVM(this)
-    private fun Byte.toDJVM(): sandbox.java.lang.Byte = sandbox.java.lang.Byte.toDJVM(this)
-    private fun Float.toDJVM(): sandbox.java.lang.Float = sandbox.java.lang.Float.toDJVM(this)
-    private fun Double.toDJVM(): sandbox.java.lang.Double = sandbox.java.lang.Double.toDJVM(this)
-    private fun Char.toDJVM(): sandbox.java.lang.Character = sandbox.java.lang.Character.toDJVM(this)
-    private fun Boolean.toDJVM(): sandbox.java.lang.Boolean = sandbox.java.lang.Boolean.toDJVM(this)
 }
\ No newline at end of file
diff --git a/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt b/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt
index a771798655..ad16eee53a 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/TestBase.kt
@@ -37,22 +37,29 @@ abstract class TestBase {
         val ALL_EMITTERS = Discovery.find<Emitter>()
 
         // We need at least these emitters to handle the Java API classes.
+        @JvmField
         val BASIC_EMITTERS: List<Emitter> = listOf(
             ArgumentUnwrapper(),
+            HandleExceptionUnwrapper(),
             ReturnTypeWrapper(),
             RewriteClassMethods(),
-            StringConstantWrapper()
+            StringConstantWrapper(),
+            ThrowExceptionWrapper()
         )
 
         val ALL_DEFINITION_PROVIDERS = Discovery.find<DefinitionProvider>()
 
         // We need at least these providers to handle the Java API classes.
+        @JvmField
         val BASIC_DEFINITION_PROVIDERS: List<DefinitionProvider> = listOf(StaticConstantRemover())
 
+        @JvmField
         val BLANK = emptySet<Any>()
 
+        @JvmField
         val DEFAULT = (ALL_RULES + ALL_EMITTERS + ALL_DEFINITION_PROVIDERS).distinctBy(Any::javaClass)
 
+        @JvmField
         val DETERMINISTIC_RT: Path = Paths.get(
                 System.getProperty("deterministic-rt.path") ?: throw AssertionError("deterministic-rt.path property not set"))
 
@@ -89,7 +96,7 @@ abstract class TestBase {
         val reader = ClassReader(T::class.java.name)
         AnalysisConfiguration(
             minimumSeverityLevel = minimumSeverityLevel,
-            classPath = listOf(DETERMINISTIC_RT)
+            bootstrapJar = DETERMINISTIC_RT
         ).use { analysisConfiguration ->
             val validator = RuleValidator(ALL_RULES, analysisConfiguration)
             val context = AnalysisContext.fromConfiguration(analysisConfiguration)
diff --git a/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt b/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt
index d493238723..6313661b0c 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/Utilities.kt
@@ -1,22 +1,24 @@
+@file:JvmName("UtilityFunctions")
 package net.corda.djvm
 
 import sandbox.net.corda.djvm.costing.ThresholdViolationError
 import sandbox.net.corda.djvm.rules.RuleViolationError
 
+/**
+ * Allows us to create a [Utilities] object that we can pin inside the sandbox.
+ */
 object Utilities {
     fun throwRuleViolationError(): Nothing = throw RuleViolationError("Can't catch this!")
 
     fun throwThresholdViolationError(): Nothing = throw ThresholdViolationError("Can't catch this!")
-
-    fun throwContractConstraintViolation(): Nothing = throw IllegalArgumentException("Contract constraint violated")
-
-    fun throwError(): Nothing = throw Error()
-
-    fun throwThrowable(): Nothing = throw Throwable()
-
-    fun throwThreadDeath(): Nothing = throw ThreadDeath()
-
-    fun throwStackOverflowError(): Nothing = throw StackOverflowError("FAKE OVERFLOW!")
-
-    fun throwOutOfMemoryError(): Nothing = throw OutOfMemoryError("FAKE OOM!")
 }
+
+fun String.toDJVM(): sandbox.java.lang.String = sandbox.java.lang.String.toDJVM(this)
+fun Long.toDJVM(): sandbox.java.lang.Long = sandbox.java.lang.Long.toDJVM(this)
+fun Int.toDJVM(): sandbox.java.lang.Integer = sandbox.java.lang.Integer.toDJVM(this)
+fun Short.toDJVM(): sandbox.java.lang.Short = sandbox.java.lang.Short.toDJVM(this)
+fun Byte.toDJVM(): sandbox.java.lang.Byte = sandbox.java.lang.Byte.toDJVM(this)
+fun Float.toDJVM(): sandbox.java.lang.Float = sandbox.java.lang.Float.toDJVM(this)
+fun Double.toDJVM(): sandbox.java.lang.Double = sandbox.java.lang.Double.toDJVM(this)
+fun Char.toDJVM(): sandbox.java.lang.Character = sandbox.java.lang.Character.toDJVM(this)
+fun Boolean.toDJVM(): sandbox.java.lang.Boolean = sandbox.java.lang.Boolean.toDJVM(this)
\ No newline at end of file
diff --git a/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt
index a3919c964c..32fa876195 100644
--- a/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt
+++ b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxExecutorTest.kt
@@ -6,14 +6,8 @@ import foo.bar.sandbox.toNumber
 import net.corda.djvm.TestBase
 import net.corda.djvm.analysis.Whitelist
 import net.corda.djvm.Utilities
-import net.corda.djvm.Utilities.throwContractConstraintViolation
-import net.corda.djvm.Utilities.throwError
-import net.corda.djvm.Utilities.throwOutOfMemoryError
 import net.corda.djvm.Utilities.throwRuleViolationError
-import net.corda.djvm.Utilities.throwStackOverflowError
-import net.corda.djvm.Utilities.throwThreadDeath
 import net.corda.djvm.Utilities.throwThresholdViolationError
-import net.corda.djvm.Utilities.throwThrowable
 import net.corda.djvm.assertions.AssertionExtensions.withProblem
 import net.corda.djvm.rewiring.SandboxClassLoadingException
 import org.assertj.core.api.Assertions.assertThat
@@ -55,7 +49,7 @@ class SandboxExecutorTest : TestBase() {
 
     class Contract : Function<Transaction, Unit> {
         override fun apply(input: Transaction) {
-            throwContractConstraintViolation()
+            throw IllegalArgumentException("Contract constraint violated")
         }
     }
 
@@ -74,11 +68,7 @@ class SandboxExecutorTest : TestBase() {
             val obj = Object()
             val hash1 = obj.hashCode()
             val hash2 = obj.hashCode()
-            //require(hash1 == hash2)
-            // TODO: Replace require() once we have working exception support.
-            if (hash1 != hash2) {
-                throwError()
-            }
+            require(hash1 == hash2)
             return Object().hashCode()
         }
     }
@@ -180,7 +170,7 @@ class SandboxExecutorTest : TestBase() {
     class TestCatchThreadDeath : Function<Int, Int> {
         override fun apply(input: Int): Int {
             return try {
-                throwThreadDeath()
+                throw ThreadDeath()
             } catch (exception: ThreadDeath) {
                 1
             }
@@ -261,8 +251,8 @@ class SandboxExecutorTest : TestBase() {
         override fun apply(input: Int): Int {
             return try {
                 when (input) {
-                    1 -> throwThrowable()
-                    2 -> throwError()
+                    1 -> throw Throwable()
+                    2 -> throw Error()
                     else -> 0
                 }
             } catch (exception: Error) {
@@ -277,20 +267,20 @@ class SandboxExecutorTest : TestBase() {
         override fun apply(input: Int): Int {
             return try {
                 when (input) {
-                    1 -> throwThrowable()
-                    2 -> throwError()
+                    1 -> throw Throwable()
+                    2 -> throw Error()
                     3 -> try {
-                        throwThreadDeath()
+                        throw ThreadDeath()
                     } catch (ex: ThreadDeath) {
                         3
                     }
                     4 -> try {
-                        throwStackOverflowError()
+                        throw StackOverflowError("FAKE OVERFLOW!")
                     } catch (ex: StackOverflowError) {
                         4
                     }
                     5 -> try {
-                        throwOutOfMemoryError()
+                        throw OutOfMemoryError("FAKE OOM!")
                     } catch (ex: OutOfMemoryError) {
                         5
                     }
diff --git a/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxThrowableTest.kt b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxThrowableTest.kt
new file mode 100644
index 0000000000..ae013a9c1e
--- /dev/null
+++ b/djvm/src/test/kotlin/net/corda/djvm/execution/SandboxThrowableTest.kt
@@ -0,0 +1,95 @@
+package net.corda.djvm.execution
+
+import net.corda.djvm.TestBase
+import org.assertj.core.api.Assertions.*
+import org.junit.Test
+import java.util.function.Function
+
+class SandboxThrowableTest : TestBase() {
+
+    @Test
+    fun `test user exception handling`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Array<String>>(configuration)
+        contractExecutor.run<ThrowAndCatchExample>("Hello World").apply {
+            assertThat(result)
+                .isEqualTo(arrayOf("FIRST FINALLY", "BASE EXCEPTION", "Hello World", "SECOND FINALLY"))
+        }
+    }
+
+    @Test
+    fun `test rethrowing an exception`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<String, Array<String>>(configuration)
+        contractExecutor.run<ThrowAndRethrowExample>("Hello World").apply {
+            assertThat(result)
+                .isEqualTo(arrayOf("FIRST CATCH", "FIRST FINALLY", "SECOND CATCH", "Hello World", "SECOND FINALLY"))
+        }
+    }
+
+    @Test
+    fun `test JVM exceptions still propagate`() = sandbox(DEFAULT) {
+        val contractExecutor = DeterministicSandboxExecutor<Int, String>(configuration)
+        contractExecutor.run<TriggerJVMException>(-1).apply {
+            assertThat(result)
+                .isEqualTo("sandbox.java.lang.ArrayIndexOutOfBoundsException:-1")
+        }
+    }
+}
+
+class ThrowAndRethrowExample : Function<String, Array<String>> {
+    override fun apply(input: String): Array<String> {
+        val data = mutableListOf<String>()
+        try {
+            try {
+                throw MyExampleException(input)
+            } catch (e: Exception) {
+                data += "FIRST CATCH"
+                throw e
+            } finally {
+                data += "FIRST FINALLY"
+            }
+        } catch (e: MyExampleException) {
+            data += "SECOND CATCH"
+            e.message?.apply { data += this }
+        } finally {
+            data += "SECOND FINALLY"
+        }
+
+        return data.toTypedArray()
+    }
+}
+
+class ThrowAndCatchExample : Function<String, Array<String>> {
+    override fun apply(input: String): Array<String> {
+        val data = mutableListOf<String>()
+        try {
+            try {
+                throw MyExampleException(input)
+            } finally {
+                data += "FIRST FINALLY"
+            }
+        } catch (e: MyBaseException) {
+            data += "BASE EXCEPTION"
+            e.message?.apply { data += this }
+        } catch (e: Exception) {
+            data += "NOT THIS ONE!"
+        } finally {
+            data += "SECOND FINALLY"
+        }
+
+        return data.toTypedArray()
+    }
+}
+
+class TriggerJVMException : Function<Int, String> {
+    override fun apply(input: Int): String {
+        return try {
+            arrayOf(0, 1, 2)[input]
+            "No Error"
+        } catch (e: Exception) {
+            e.javaClass.name + ':' + (e.message ?: "<MESSAGE MISSING>")
+        }
+    }
+}
+
+open class MyBaseException(message: String) : Exception(message)
+class MyExampleException(message: String) : MyBaseException(message)
\ No newline at end of file

From 72cab905770e84e8c341701b1d31d96829a4e5fd Mon Sep 17 00:00:00 2001
From: Konstantinos Chalkias <konstantinos.chalkias@r3.com>
Date: Fri, 19 Oct 2018 18:34:32 +0100
Subject: [PATCH 66/83] [CORDA-738] Ensure encumbrances are bi-directional
 (#4089)

---
 .../TransactionVerificationException.kt       |  23 ++-
 .../flows/AbstractStateReplacementFlow.kt     |   1 +
 .../net/corda/core/flows/NotaryChangeFlow.kt  |   8 +-
 .../core/transactions/LedgerTransaction.kt    |  89 +++++++--
 .../transactions/NotaryChangeTransactions.kt  |  28 +--
 .../net/corda/core/utilities/KotlinUtils.kt   |   1 -
 .../TransactionEncumbranceTests.kt            | 178 +++++++++++++++---
 .../corda/node/services/NotaryChangeTests.kt  |  22 +--
 8 files changed, 271 insertions(+), 79 deletions(-)

diff --git a/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt b/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt
index 29db493d86..980589e9cb 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt
@@ -116,13 +116,32 @@ sealed class TransactionVerificationException(val txId: SecureHash, message: Str
     class TransactionMissingEncumbranceException(txId: SecureHash, val missing: Int, val inOut: Direction)
         : TransactionVerificationException(txId, "Missing required encumbrance $missing in $inOut", null)
 
+    /**
+     * If two or more states refer to another state (as their encumbrance), then the bi-directionality property cannot
+     * be satisfied.
+     */
+    @KeepForDJVM
+    class TransactionDuplicateEncumbranceException(txId: SecureHash, index: Int)
+        : TransactionVerificationException(txId, "The bi-directionality property of encumbered output states " +
+            "is not satisfied. Index $index is referenced more than once", null)
+
+    /**
+     * An encumbered state should also be referenced as the encumbrance of another state in order to satisfy the
+     * bi-directionality property (a full cycle should be present).
+     */
+    @KeepForDJVM
+    class TransactionNonMatchingEncumbranceException(txId: SecureHash, nonMatching: Collection<Int>)
+        : TransactionVerificationException(txId, "The bi-directionality property of encumbered output states " +
+            "is not satisfied. Encumbered states should also be referenced as an encumbrance of another state to form " +
+            "a full cycle. Offending indices $nonMatching", null)
+
     /** Whether the inputs or outputs list contains an encumbrance issue, see [TransactionMissingEncumbranceException]. */
     @CordaSerializable
     @KeepForDJVM
     enum class Direction {
-        /** Issue in the inputs list */
+        /** Issue in the inputs list. */
         INPUT,
-        /** Issue in the outputs list */
+        /** Issue in the outputs list. */
         OUTPUT
     }
 
diff --git a/core/src/main/kotlin/net/corda/core/flows/AbstractStateReplacementFlow.kt b/core/src/main/kotlin/net/corda/core/flows/AbstractStateReplacementFlow.kt
index 55946b4817..53f547076b 100644
--- a/core/src/main/kotlin/net/corda/core/flows/AbstractStateReplacementFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/AbstractStateReplacementFlow.kt
@@ -62,6 +62,7 @@ abstract class AbstractStateReplacementFlow {
         @Throws(StateReplacementException::class)
         override fun call(): StateAndRef<T> {
             val (stx) = assembleTx()
+            stx.verify(serviceHub, checkSufficientSignatures = false)
             val participantSessions = getParticipantSessions()
             progressTracker.currentStep = SIGNING
 
diff --git a/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt b/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt
index 7690f01843..18b98ae2d4 100644
--- a/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt
+++ b/core/src/main/kotlin/net/corda/core/flows/NotaryChangeFlow.kt
@@ -46,14 +46,14 @@ class NotaryChangeFlow<out T : ContractState>(
         return AbstractStateReplacementFlow.UpgradeTx(stx)
     }
 
-    /** Resolves the encumbrance state chain for the given [state] */
+    /** Resolves the encumbrance state chain for the given [state]. */
     private fun resolveEncumbrances(state: StateAndRef<T>): List<StateAndRef<T>> {
-        val states = mutableListOf(state)
+        val states = mutableSetOf(state)
         while (states.last().state.encumbrance != null) {
             val encumbranceStateRef = StateRef(states.last().ref.txhash, states.last().state.encumbrance!!)
             val encumbranceState = serviceHub.toStateAndRef<T>(encumbranceStateRef)
-            states.add(encumbranceState)
+            if (!states.add(encumbranceState)) break // Stop if there is a cycle.
         }
-        return states
+        return states.toList()
     }
 }
diff --git a/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt b/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
index fdb255348b..5c97af83a4 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
@@ -169,30 +169,79 @@ data class LedgerTransaction @JvmOverloads constructor(
 
     private fun checkEncumbrancesValid() {
         // Validate that all encumbrances exist within the set of input states.
-        val encumberedInputs = inputs.filter { it.state.encumbrance != null }
-        encumberedInputs.forEach { (state, ref) ->
-            val encumbranceStateExists = inputs.any {
-                it.ref.txhash == ref.txhash && it.ref.index == state.encumbrance
-            }
-            if (!encumbranceStateExists) {
+        inputs.filter { it.state.encumbrance != null }
+                .forEach { (state, ref) -> checkInputEncumbranceStateExists(state, ref) }
+
+        // Check that in the outputs,
+        // a) an encumbered state does not refer to itself as the encumbrance
+        // b) the number of outputs can contain the encumbrance
+        // c) the bi-directionality (full cycle) property is satisfied.
+        val statesAndEncumbrance = outputs.withIndex().filter { it.value.encumbrance != null }.map { Pair(it.index, it.value.encumbrance!!) }
+        if (!statesAndEncumbrance.isEmpty()) {
+            checkOutputEncumbrances(statesAndEncumbrance)
+        }
+    }
+
+    private fun checkInputEncumbranceStateExists(state: TransactionState<ContractState>, ref: StateRef) {
+        val encumbranceStateExists = inputs.any {
+            it.ref.txhash == ref.txhash && it.ref.index == state.encumbrance
+        }
+        if (!encumbranceStateExists) {
+            throw TransactionVerificationException.TransactionMissingEncumbranceException(
+                    id,
+                    state.encumbrance!!,
+                    TransactionVerificationException.Direction.INPUT
+            )
+        }
+    }
+
+    // Using basic graph theory, a full cycle of encumbered (co-dependent) states should exist to achieve bi-directional
+    // encumbrances. This property is important to ensure that no states involved in an encumbrance-relationship
+    // can be spent on their own. Briefly, if any of the states is having more than one encumbrance references by
+    // other states, a full cycle detection will fail. As a result, all of the encumbered states must be present
+    // as "from" and "to" only once (or zero times if no encumbrance takes place). For instance,
+    // a -> b
+    // c -> b    and     a -> b
+    // b -> a            b -> c
+    // do not satisfy the bi-directionality (full cycle) property.
+    //
+    // In the first example "b" appears twice in encumbrance ("to") list and "c" exists in the encumbered ("from") list only.
+    // Due the above, one could consume "a" and "b" in the same transaction and then, because "b" is already consumed, "c" cannot be spent.
+    //
+    // Similarly, the second example does not form a full cycle because "a" and "c" exist in one of the lists only.
+    // As a result, one can consume "b" and "c" in the same transactions, which will make "a" impossible to be spent.
+    //
+    // On other hand the following are valid constructions:
+    // a -> b            a -> c
+    // b -> c    and     c -> b
+    // c -> a            b -> a
+    // and form a full cycle, meaning that the bi-directionality property is satisfied.
+    private fun checkOutputEncumbrances(statesAndEncumbrance: List<Pair<Int, Int>>) {
+        // [Set] of "from" (encumbered states).
+        val encumberedSet = mutableSetOf<Int>()
+        // [Set] of "to" (encumbrance states).
+        val encumbranceSet = mutableSetOf<Int>()
+        // Update both [Set]s.
+        statesAndEncumbrance.forEach { (statePosition, encumbrance) ->
+            // Check it does not refer to itself.
+            if (statePosition == encumbrance || encumbrance >= outputs.size) {
                 throw TransactionVerificationException.TransactionMissingEncumbranceException(
                         id,
-                        state.encumbrance!!,
-                        TransactionVerificationException.Direction.INPUT
-                )
+                        encumbrance,
+                        TransactionVerificationException.Direction.OUTPUT)
+            } else {
+                encumberedSet.add(statePosition) // Guaranteed to have unique elements.
+                if (!encumbranceSet.add(encumbrance)) {
+                    throw TransactionVerificationException.TransactionDuplicateEncumbranceException(id, encumbrance)
+                }
             }
         }
-
-        // Check that, in the outputs, an encumbered state does not refer to itself as the encumbrance,
-        // and that the number of outputs can contain the encumbrance.
-        for ((i, output) in outputs.withIndex()) {
-            val encumbranceIndex = output.encumbrance ?: continue
-            if (encumbranceIndex == i || encumbranceIndex >= outputs.size) {
-                throw TransactionVerificationException.TransactionMissingEncumbranceException(
-                        id,
-                        encumbranceIndex,
-                        TransactionVerificationException.Direction.OUTPUT)
-            }
+        // At this stage we have ensured that "from" and "to" [Set]s are equal in size, but we should check their
+        // elements do indeed match. If they don't match, we return their symmetric difference (disjunctive union).
+        val symmetricDifference = (encumberedSet union encumbranceSet).subtract(encumberedSet intersect encumbranceSet)
+        if (symmetricDifference.isNotEmpty()) {
+            // At least one encumbered state is not in the [encumbranceSet] and vice versa.
+            throw TransactionVerificationException.TransactionNonMatchingEncumbranceException(id, symmetricDifference)
         }
     }
 
diff --git a/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt b/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt
index 2603b6ca3c..55f329540d 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/NotaryChangeTransactions.kt
@@ -102,13 +102,21 @@ data class NotaryChangeLedgerTransaction(
 
     override val references: List<StateAndRef<ContractState>> = emptyList()
 
-    /** We compute the outputs on demand by applying the notary field modification to the inputs */
+    /** We compute the outputs on demand by applying the notary field modification to the inputs. */
     override val outputs: List<TransactionState<ContractState>>
-        get() = inputs.mapIndexed { pos, (state) ->
+        get() = computeOutputs()
+
+    private fun computeOutputs(): List<TransactionState<ContractState>> {
+        val inputPositionIndex: Map<StateRef, Int> = inputs.mapIndexed { index, stateAndRef -> stateAndRef.ref to index }.toMap()
+        return inputs.map { (state, ref) ->
             if (state.encumbrance != null) {
-                state.copy(notary = newNotary, encumbrance = pos + 1)
+                val encumbranceStateRef = StateRef(ref.txhash, state.encumbrance)
+                val encumbrancePosition = inputPositionIndex[encumbranceStateRef]
+                        ?: throw IllegalStateException("Unable to generate output states – transaction not constructed correctly.")
+                state.copy(notary = newNotary, encumbrance = encumbrancePosition)
             } else state.copy(notary = newNotary)
         }
+    }
 
     override val requiredSigningKeys: Set<PublicKey>
         get() = inputs.flatMap { it.state.data.participants }.map { it.owningKey }.toSet() + notary.owningKey
@@ -118,18 +126,16 @@ data class NotaryChangeLedgerTransaction(
     }
 
     /**
-     * Check that encumbrances have been included in the inputs. The [NotaryChangeFlow] guarantees that an encumbrance
-     * will follow its encumbered state in the inputs.
+     * Check that encumbrances have been included in the inputs.
      */
     private fun checkEncumbrances() {
-        inputs.forEachIndexed { i, (state, ref) ->
-            state.encumbrance?.let {
-                val nextIndex = i + 1
-                fun nextStateIsEncumbrance() = (inputs[nextIndex].ref.txhash == ref.txhash) && (inputs[nextIndex].ref.index == it)
-                if (nextIndex >= inputs.size || !nextStateIsEncumbrance()) {
+        val encumberedStates = inputs.asSequence().filter { it.state.encumbrance != null }.associateBy { it.ref }
+        if (encumberedStates.isNotEmpty()) {
+            inputs.forEach { (state, ref) ->
+                if (StateRef(ref.txhash, state.encumbrance!!) !in encumberedStates) {
                     throw TransactionVerificationException.TransactionMissingEncumbranceException(
                             id,
-                            it,
+                            state.encumbrance,
                             TransactionVerificationException.Direction.INPUT)
                 }
             }
diff --git a/core/src/main/kotlin/net/corda/core/utilities/KotlinUtils.kt b/core/src/main/kotlin/net/corda/core/utilities/KotlinUtils.kt
index 240edbfd1e..97b9248be2 100644
--- a/core/src/main/kotlin/net/corda/core/utilities/KotlinUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/utilities/KotlinUtils.kt
@@ -134,4 +134,3 @@ fun <V> Future<V>.getOrThrow(timeout: Duration? = null): V = try {
 } catch (e: ExecutionException) {
     throw e.cause!!
 }
-
diff --git a/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt b/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt
index 468f9cee95..6cbd8e3483 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/TransactionEncumbranceTests.kt
@@ -4,6 +4,7 @@ import com.nhaarman.mockito_kotlin.doReturn
 import com.nhaarman.mockito_kotlin.whenever
 import net.corda.core.contracts.Contract
 import net.corda.core.contracts.ContractState
+import net.corda.core.contracts.TransactionVerificationException
 import net.corda.core.contracts.requireThat
 import net.corda.core.identity.AbstractParty
 import net.corda.core.identity.CordaX500Name
@@ -21,33 +22,43 @@ import org.junit.Rule
 import org.junit.Test
 import java.time.Instant
 import java.time.temporal.ChronoUnit
+import kotlin.test.assertFailsWith
 
 const val TEST_TIMELOCK_ID = "net.corda.core.transactions.TransactionEncumbranceTests\$DummyTimeLock"
 
 class TransactionEncumbranceTests {
+    @Rule
+    @JvmField
+    val testSerialization = SerializationEnvironmentRule()
+
     private companion object {
         val DUMMY_NOTARY = TestIdentity(DUMMY_NOTARY_NAME, 20).party
         val megaCorp = TestIdentity(CordaX500Name("MegaCorp", "London", "GB"))
         val MINI_CORP = TestIdentity(CordaX500Name("MiniCorp", "London", "GB")).party
         val MEGA_CORP get() = megaCorp.party
         val MEGA_CORP_PUBKEY get() = megaCorp.publicKey
+
+        val defaultIssuer = MEGA_CORP.ref(1)
+
+        val state = Cash.State(
+                amount = 1000.DOLLARS `issued by` defaultIssuer,
+                owner = MEGA_CORP
+        )
+
+        val stateWithNewOwner = state.copy(owner = MINI_CORP)
+        val extraCashState = state.copy(amount = state.amount * 3)
+
+        val FOUR_PM: Instant = Instant.parse("2015-04-17T16:00:00.00Z")
+        val FIVE_PM: Instant = FOUR_PM.plus(1, ChronoUnit.HOURS)
+        val timeLock = DummyTimeLock.State(FIVE_PM)
+
+
+        val ledgerServices = MockServices(listOf("net.corda.core.transactions", "net.corda.finance.contracts.asset"), MEGA_CORP.name,
+                rigorousMock<IdentityServiceInternal>().also {
+                    doReturn(MEGA_CORP).whenever(it).partyFromKey(MEGA_CORP_PUBKEY)
+                })
     }
 
-    @Rule
-    @JvmField
-    val testSerialization = SerializationEnvironmentRule()
-    val defaultIssuer = MEGA_CORP.ref(1)
-
-    val state = Cash.State(
-            amount = 1000.DOLLARS `issued by` defaultIssuer,
-            owner = MEGA_CORP
-    )
-    val stateWithNewOwner = state.copy(owner = MINI_CORP)
-
-    val FOUR_PM: Instant = Instant.parse("2015-04-17T16:00:00.00Z")
-    val FIVE_PM: Instant = FOUR_PM.plus(1, ChronoUnit.HOURS)
-    val timeLock = DummyTimeLock.State(FIVE_PM)
-
     class DummyTimeLock : Contract {
         override fun verify(tx: LedgerTransaction) {
             val timeLockInput = tx.inputsOfType<State>().singleOrNull() ?: return
@@ -65,23 +76,136 @@ class TransactionEncumbranceTests {
         }
     }
 
-    private val ledgerServices = MockServices(listOf("net.corda.core.transactions", "net.corda.finance.contracts.asset"), MEGA_CORP.name,
-            rigorousMock<IdentityServiceInternal>().also {
-                doReturn(MEGA_CORP).whenever(it).partyFromKey(MEGA_CORP_PUBKEY)
-            })
-
     @Test
-    fun `state can be encumbered`() {
+    fun `states can be bi-directionally encumbered`() {
+        // Basic encumbrance example for encumbrance index links 0 -> 1 and 1 -> 0
         ledgerServices.ledger(DUMMY_NOTARY) {
             transaction {
                 attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
                 input(Cash.PROGRAM_ID, state)
-                output(Cash.PROGRAM_ID, encumbrance = 1, contractState = stateWithNewOwner)
-                output(TEST_TIMELOCK_ID, "5pm time-lock", timeLock)
+                output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock", encumbrance = 1, contractState = stateWithNewOwner)
+                output(TEST_TIMELOCK_ID, "5pm time-lock", 0, timeLock)
                 command(MEGA_CORP.owningKey, Cash.Commands.Move())
                 verifies()
             }
         }
+
+        // Full cycle example with 4 elements 0 -> 1, 1 -> 2, 2 -> 3 and 3 -> 0
+        // All 3 Cash states and the TimeLock are linked and should be consumed in the same transaction.
+        // Note that all of the Cash states are encumbered both together and with time lock.
+        ledgerServices.ledger(DUMMY_NOTARY) {
+            transaction {
+                attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                input(Cash.PROGRAM_ID, extraCashState)
+                output(Cash.PROGRAM_ID, "state encumbered by state 1", encumbrance = 1, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by state 2", encumbrance = 2, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by state 3", encumbrance = 3, contractState = stateWithNewOwner)
+                output(TEST_TIMELOCK_ID, "5pm time-lock", 0, timeLock)
+                command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                verifies()
+            }
+        }
+
+        // A transaction that includes multiple independent encumbrance chains.
+        // Each Cash state is encumbered with its own TimeLock.
+        // Note that all of the Cash states are encumbered both together and with time lock.
+        ledgerServices.ledger(DUMMY_NOTARY) {
+            transaction {
+                attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                input(Cash.PROGRAM_ID, extraCashState)
+                output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock A", encumbrance = 3, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock B", encumbrance = 4, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock C", encumbrance = 5, contractState = stateWithNewOwner)
+                output(TEST_TIMELOCK_ID, "5pm time-lock A", 0, timeLock)
+                output(TEST_TIMELOCK_ID, "5pm time-lock B", 1, timeLock)
+                output(TEST_TIMELOCK_ID, "5pm time-lock C", 2, timeLock)
+                command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                verifies()
+            }
+        }
+
+        // Full cycle example with 4 elements (different combination) 0 -> 3, 1 -> 2, 2 -> 0 and 3 -> 1
+        ledgerServices.ledger(DUMMY_NOTARY) {
+            transaction {
+                attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                input(Cash.PROGRAM_ID, extraCashState)
+                output(Cash.PROGRAM_ID, "state encumbered by state 3", encumbrance = 3, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by state 2", encumbrance = 2, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by state 0", encumbrance = 0, contractState = stateWithNewOwner)
+                output(TEST_TIMELOCK_ID, "5pm time-lock", 1, timeLock)
+                command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                verifies()
+            }
+        }
+    }
+
+    @Test
+    fun `non bi-directional encumbrance will fail`() {
+        // Single encumbrance with no back link.
+        assertFailsWith<TransactionVerificationException.TransactionNonMatchingEncumbranceException> {
+            ledgerServices.ledger(DUMMY_NOTARY) {
+                transaction {
+                    attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                    input(Cash.PROGRAM_ID, state)
+                    output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock", encumbrance = 1, contractState = stateWithNewOwner)
+                    output(TEST_TIMELOCK_ID, "5pm time-lock", timeLock)
+                    command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                    verifies()
+                }
+            }
+        }
+
+        // Full cycle fails due to duplicate encumbrance reference.
+        // 0 -> 1, 1 -> 3, 2 -> 3 (thus 3 is referenced two times).
+        assertFailsWith<TransactionVerificationException.TransactionDuplicateEncumbranceException> {
+            ledgerServices.ledger(DUMMY_NOTARY) {
+                transaction {
+                    attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                    input(Cash.PROGRAM_ID, state)
+                    output(Cash.PROGRAM_ID, "state encumbered by state 1", encumbrance = 1, contractState = stateWithNewOwner)
+                    output(Cash.PROGRAM_ID, "state encumbered by state 3", encumbrance = 3, contractState = stateWithNewOwner)
+                    output(Cash.PROGRAM_ID, "state encumbered by state 3 again", encumbrance = 3, contractState = stateWithNewOwner)
+                    output(TEST_TIMELOCK_ID, "5pm time-lock", timeLock)
+                    command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                    verifies()
+                }
+            }
+        }
+
+        // No Full cycle due to non-matching encumbered-encumbrance elements.
+        // 0 -> 1, 1 -> 3, 2 -> 0 (thus offending indices [2, 3], because 2 is not referenced and 3 is not encumbered).
+        assertFailsWith<TransactionVerificationException.TransactionNonMatchingEncumbranceException> {
+            ledgerServices.ledger(DUMMY_NOTARY) {
+                transaction {
+                    attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                    input(Cash.PROGRAM_ID, state)
+                    output(Cash.PROGRAM_ID, "state encumbered by state 1", encumbrance = 1, contractState = stateWithNewOwner)
+                    output(Cash.PROGRAM_ID, "state encumbered by state 3", encumbrance = 3, contractState = stateWithNewOwner)
+                    output(Cash.PROGRAM_ID, "state encumbered by state 0", encumbrance = 0, contractState = stateWithNewOwner)
+                    output(TEST_TIMELOCK_ID, "5pm time-lock", timeLock)
+                    command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                    verifies()
+                }
+            }
+        }
+
+        // No Full cycle in one of the encumbrance chains due to non-matching encumbered-encumbrance elements.
+        // 0 -> 2, 2 -> 0 is valid. On the other hand, there is 1 -> 3 only and 3 -> 1 does not exist.
+        // (thus offending indices [1, 3], because 1 is not referenced and 3 is not encumbered).
+        assertFailsWith<TransactionVerificationException.TransactionNonMatchingEncumbranceException> {
+            ledgerServices.ledger(DUMMY_NOTARY) {
+                transaction {
+                    attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
+                    input(Cash.PROGRAM_ID, state)
+                    output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock A", encumbrance = 2, contractState = stateWithNewOwner)
+                    output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock B", encumbrance = 3, contractState = stateWithNewOwner)
+                    output(TEST_TIMELOCK_ID, "5pm time-lock A", 0, timeLock)
+                    output(TEST_TIMELOCK_ID, "5pm time-lock B", timeLock)
+                    command(MEGA_CORP.owningKey, Cash.Commands.Move())
+                    verifies()
+                }
+            }
+        }
     }
 
     @Test
@@ -132,7 +256,7 @@ class TransactionEncumbranceTests {
             unverifiedTransaction {
                 attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
                 output(Cash.PROGRAM_ID, "state encumbered by 5pm time-lock", encumbrance = 1, contractState = state)
-                output(TEST_TIMELOCK_ID, "5pm time-lock", timeLock)
+                output(TEST_TIMELOCK_ID, "5pm time-lock",0, timeLock)
             }
             transaction {
                 attachments(Cash.PROGRAM_ID)
@@ -151,7 +275,7 @@ class TransactionEncumbranceTests {
             transaction {
                 attachments(Cash.PROGRAM_ID)
                 input(Cash.PROGRAM_ID, state)
-                output(Cash.PROGRAM_ID, encumbrance = 0, contractState = stateWithNewOwner)
+                output(Cash.PROGRAM_ID, "state encumbered by itself", encumbrance = 0, contractState = stateWithNewOwner)
                 command(MEGA_CORP.owningKey, Cash.Commands.Move())
                 this `fails with` "Missing required encumbrance 0 in OUTPUT"
             }
@@ -164,7 +288,7 @@ class TransactionEncumbranceTests {
             transaction {
                 attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
                 input(Cash.PROGRAM_ID, state)
-                output(TEST_TIMELOCK_ID, encumbrance = 2, contractState = stateWithNewOwner)
+                output(TEST_TIMELOCK_ID, "state encumbered by state 2 which does not exist", encumbrance = 2, contractState = stateWithNewOwner)
                 output(TEST_TIMELOCK_ID, timeLock)
                 command(MEGA_CORP.owningKey, Cash.Commands.Move())
                 this `fails with` "Missing required encumbrance 2 in OUTPUT"
@@ -178,7 +302,7 @@ class TransactionEncumbranceTests {
             unverifiedTransaction {
                 attachments(Cash.PROGRAM_ID, TEST_TIMELOCK_ID)
                 output(Cash.PROGRAM_ID, "state encumbered by some other state", encumbrance = 1, contractState = state)
-                output(Cash.PROGRAM_ID, "some other state", state)
+                output(Cash.PROGRAM_ID, "some other state", encumbrance = 0, contractState = state)
                 output(TEST_TIMELOCK_ID, "5pm time-lock", timeLock)
             }
             transaction {
diff --git a/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt b/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt
index 6ac3f82c7e..04fd10546c 100644
--- a/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt
@@ -109,20 +109,13 @@ class NotaryChangeTests {
         // Check that all encumbrances have been propagated to the outputs
         val originalOutputs = issueTx.outputStates
         val newOutputs = notaryChangeTx.outputStates
-        assertTrue(originalOutputs.minus(newOutputs).isEmpty())
+        assertTrue(originalOutputs.size == newOutputs.size && originalOutputs.containsAll(newOutputs))
 
-        // Check that encumbrance links aren't broken after notary change
-        val encumbranceLink = HashMap<ContractState, ContractState?>()
-        issueTx.outputs.forEach {
-            val currentState = it.data
-            val encumbranceState = it.encumbrance?.let { issueTx.outputs[it].data }
-            encumbranceLink[currentState] = encumbranceState
-        }
-        notaryChangeTx.outputs.forEach {
-            val currentState = it.data
-            val encumbranceState = it.encumbrance?.let { notaryChangeTx.outputs[it].data }
-            assertEquals(encumbranceLink[currentState], encumbranceState)
-        }
+        // Check if encumbrance linking between states has not changed.
+        val originalLinkedStates = issueTx.outputs.asSequence().filter { it.encumbrance != null }.map { Pair(it.data, issueTx.outputs[it.encumbrance!!].data) }.toSet()
+        val notaryChangeLinkedStates = notaryChangeTx.outputs.asSequence().filter { it.encumbrance != null }.map { Pair(it.data, notaryChangeTx.outputs[it.encumbrance!!].data) }.toSet()
+
+        assertTrue { originalLinkedStates.size == notaryChangeLinkedStates.size && originalLinkedStates.containsAll(notaryChangeLinkedStates) }
     }
 
     @Test
@@ -172,10 +165,11 @@ class NotaryChangeTests {
         val stateB = DummyContract.SingleOwnerState(Random().nextInt(), owner.party)
         val stateC = DummyContract.SingleOwnerState(Random().nextInt(), owner.party)
 
+        // Ensure encumbrances form a cycle.
         val tx = TransactionBuilder(null).apply {
             addCommand(Command(DummyContract.Commands.Create(), owner.party.owningKey))
             addOutputState(stateA, DummyContract.PROGRAM_ID, notaryIdentity, encumbrance = 2) // Encumbered by stateB
-            addOutputState(stateC, DummyContract.PROGRAM_ID, notaryIdentity)
+            addOutputState(stateC, DummyContract.PROGRAM_ID, notaryIdentity, encumbrance = 0) // Encumbered by stateA
             addOutputState(stateB, DummyContract.PROGRAM_ID, notaryIdentity, encumbrance = 1) // Encumbered by stateC
         }
         val stx = services.signInitialTransaction(tx)

From 3a8fd51a08e82fc6fd0f0113ad5e9a5b88694a46 Mon Sep 17 00:00:00 2001
From: szymonsztuka <szymon.sztuka@r3.com>
Date: Fri, 19 Oct 2018 20:30:08 +0100
Subject: [PATCH 67/83] ENT-2608 - Fix deserialization of evolution  (#4096)

Fix deserialization could mix together the object trees of two threads when passing through evolution (ENT-2608).
---
 .../serialization/internal/amqp/EvolutionSerializer.kt     | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt
index 4604af4505..700a3b51bb 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/EvolutionSerializer.kt
@@ -116,7 +116,6 @@ abstract class EvolutionSerializer(
                 factory: SerializerFactory,
                 constructor: KFunction<Any>,
                 readersAsSerialized: Map<String, OldParam>): AMQPSerializer<Any> {
-            val constructorArgs = arrayOfNulls<Any?>(constructor.parameters.size)
 
             // Java doesn't care about nullability unless it's a primitive in which
             // case it can't be referenced. Unfortunately whilst Kotlin does apply
@@ -144,7 +143,7 @@ abstract class EvolutionSerializer(
                     }
                 }
             }
-            return EvolutionSerializerViaConstructor(new.type, factory, readersAsSerialized, constructor, constructorArgs)
+            return EvolutionSerializerViaConstructor(new.type, factory, readersAsSerialized, constructor)
         }
 
         private fun makeWithSetters(
@@ -210,8 +209,7 @@ class EvolutionSerializerViaConstructor(
         clazz: Type,
         factory: SerializerFactory,
         oldReaders: Map<String, EvolutionSerializer.OldParam>,
-        kotlinConstructor: KFunction<Any>,
-        private val constructorArgs: Array<Any?>) : EvolutionSerializer(clazz, factory, oldReaders, kotlinConstructor) {
+        kotlinConstructor: KFunction<Any>) : EvolutionSerializer(clazz, factory, oldReaders, kotlinConstructor) {
     /**
      * Unlike a normal [readObject] call where we simply apply the parameter deserialisers
      * to the object list of values we need to map that list, which is ordered per the
@@ -226,6 +224,7 @@ class EvolutionSerializerViaConstructor(
     ): Any {
         if (obj !is List<*>) throw NotSerializableException("Body of described type is unexpected $obj")
 
+        val constructorArgs : Array<Any?> = arrayOfNulls<Any?>(kotlinConstructor.parameters.size)
         // *must* read all the parameters in the order they were serialized
         oldReaders.values.zip(obj).map { it.first.readProperty(it.second, schemas, input, constructorArgs, context) }
 

From dd60ae27f2dadd12d121d3ecbb951bdaf2725272 Mon Sep 17 00:00:00 2001
From: Roger Willis <roger.willis@r3cev.com>
Date: Sat, 20 Oct 2018 10:52:24 +0100
Subject: [PATCH 68/83] FungibleState and design document for tokens (#4049)

---
 .ci/api-current.txt                           |   9 ++++-
 .../net/corda/core/contracts/FungibleAsset.kt |   4 +-
 .../net/corda/core/contracts/FungibleState.kt |  37 ++++++++++++++++++
 .../corda/core/node/services/VaultService.kt  |  18 +++++----
 .../core/node/services/vault/QueryCriteria.kt |  16 ++++++++
 docs/source/api-states.rst                    |  31 +++++++++++++++
 docs/source/changelog.rst                     |   9 +++++
 docs/source/resources/state-hierarchy.png     | Bin 182078 -> 174750 bytes
 .../node/services/schema/NodeSchemaService.kt |  11 ++++++
 .../node/services/vault/NodeVaultService.kt   |  37 ++++++++++++------
 .../corda/node/services/vault/VaultSchema.kt  |   4 +-
 .../vault-schema.changelog-master.xml         |   1 +
 .../migration/vault-schema.changelog-v7.xml   |   8 ++++
 .../services/vault/NodeVaultServiceTest.kt    |  26 ++++++++++++
 14 files changed, 186 insertions(+), 25 deletions(-)
 create mode 100644 core/src/main/kotlin/net/corda/core/contracts/FungibleState.kt
 create mode 100644 node/src/main/resources/migration/vault-schema.changelog-v7.xml

diff --git a/.ci/api-current.txt b/.ci/api-current.txt
index 8d3efd6638..6aecda8fa6 100644
--- a/.ci/api-current.txt
+++ b/.ci/api-current.txt
@@ -561,7 +561,7 @@ public final class net.corda.core.contracts.ContractsDSL extends java.lang.Objec
   public static final java.util.List<net.corda.core.contracts.CommandWithParties<C>> select(java.util.Collection<? extends net.corda.core.contracts.CommandWithParties<? extends net.corda.core.contracts.CommandData>>, Class<C>, java.util.Collection<? extends java.security.PublicKey>, java.util.Collection<net.corda.core.identity.Party>)
 ##
 @CordaSerializable
-public interface net.corda.core.contracts.FungibleAsset extends net.corda.core.contracts.OwnableState
+public interface net.corda.core.contracts.FungibleAsset extends net.corda.core.contracts.FungibleState, net.corda.core.contracts.OwnableState
   @NotNull
   public abstract net.corda.core.contracts.Amount<net.corda.core.contracts.Issued<T>> getAmount()
   @NotNull
@@ -569,6 +569,11 @@ public interface net.corda.core.contracts.FungibleAsset extends net.corda.core.c
   @NotNull
   public abstract net.corda.core.contracts.FungibleAsset<T> withNewOwnerAndAmount(net.corda.core.contracts.Amount<net.corda.core.contracts.Issued<T>>, net.corda.core.identity.AbstractParty)
 ##
+@CordaSerializable
+public interface net.corda.core.contracts.FungibleState extends net.corda.core.contracts.ContractState
+  @NotNull
+  public abstract net.corda.core.contracts.Amount<T> getAmount()
+##
 @DoNotImplement
 @CordaSerializable
 public final class net.corda.core.contracts.HashAttachmentConstraint extends java.lang.Object implements net.corda.core.contracts.AttachmentConstraint
@@ -3366,7 +3371,7 @@ public interface net.corda.core.node.services.VaultService
   public abstract net.corda.core.messaging.DataFeed<net.corda.core.node.services.Vault$Page<T>, net.corda.core.node.services.Vault$Update<T>> trackBy(Class<? extends T>, net.corda.core.node.services.vault.QueryCriteria, net.corda.core.node.services.vault.Sort)
   @Suspendable
   @NotNull
-  public abstract java.util.List<net.corda.core.contracts.StateAndRef<T>> tryLockFungibleStatesForSpending(java.util.UUID, net.corda.core.node.services.vault.QueryCriteria, net.corda.core.contracts.Amount<U>, Class<? extends T>)
+  public abstract java.util.List<net.corda.core.contracts.StateAndRef<T>> tryLockFungibleStatesForSpending(java.util.UUID, net.corda.core.node.services.vault.QueryCriteria, net.corda.core.contracts.Amount<?>, Class<? extends T>)
   @NotNull
   public abstract net.corda.core.concurrent.CordaFuture<net.corda.core.node.services.Vault$Update<net.corda.core.contracts.ContractState>> whenConsumed(net.corda.core.contracts.StateRef)
 ##
diff --git a/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt b/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt
index ddcd04be56..78878461f4 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/FungibleAsset.kt
@@ -28,12 +28,12 @@ class InsufficientBalanceException(val amountMissing: Amount<*>) : FlowException
  * (GBP, USD, oil, shares in company <X>, etc.) and any additional metadata (issuer, grade, class, etc.).
  */
 @KeepForDJVM
-interface FungibleAsset<T : Any> : OwnableState {
+interface FungibleAsset<T : Any> : FungibleState<Issued<T>>, OwnableState {
     /**
      * Amount represents a positive quantity of some issued product which can be cash, tokens, assets, or generally
      * anything else that's quantifiable with integer quantities. See [Issued] and [Amount] for more details.
      */
-    val amount: Amount<Issued<T>>
+    override val amount: Amount<Issued<T>>
 
     /**
      * There must be an ExitCommand signed by these keys to destroy the amount. While all states require their
diff --git a/core/src/main/kotlin/net/corda/core/contracts/FungibleState.kt b/core/src/main/kotlin/net/corda/core/contracts/FungibleState.kt
new file mode 100644
index 0000000000..0e4a241ccd
--- /dev/null
+++ b/core/src/main/kotlin/net/corda/core/contracts/FungibleState.kt
@@ -0,0 +1,37 @@
+package net.corda.core.contracts
+
+import net.corda.core.KeepForDJVM
+
+/**
+ * Interface to represent things which are fungible, this means that there is an expectation that these things can
+ * be split and merged. That's the only assumption made by this interface.
+ *
+ * This interface has been defined in addition to [FungibleAsset] to provide some additional flexibility which
+ * [FungibleAsset] lacks, in particular:
+ *
+ * - [FungibleAsset] defines an amount property of type Amount<Issued<T>>, therefore there is an assumption that all
+ *   fungible things are issued by a single well known party but this is not always the case. For example,
+ *   crypto-currencies like Bitcoin are generated periodically by a pool of pseudo-anonymous miners
+ *   and Corda can support such crypto-currencies.
+ * - [FungibleAsset] implements [OwnableState], as such there is an assumption that all fungible things are ownable.
+ *   This is not always true as fungible derivative contracts exist, for example.
+ *
+ * The expectation is that this interface should be combined with the other core state interfaces such as
+ * [OwnableState] and others created at the application layer.
+ *
+ * @param T a type that represents the fungible thing in question. This should describe the basic type of the asset
+ * (GBP, USD, oil, shares in company <X>, etc.) and any additional metadata (issuer, grade, class, etc.). An
+ * upper-bound is not specified for [T] to ensure flexibility. Typically, a class would be provided that implements
+ * [TokenizableAssetInfo].
+ */
+// DOCSTART 1
+@KeepForDJVM
+interface FungibleState<T : Any> : ContractState {
+    /**
+     * Amount represents a positive quantity of some token which can be cash, tokens, stock, agreements, or generally
+     * anything else that's quantifiable with integer quantities. See [Amount] for more details.
+     */
+    val amount: Amount<T>
+}
+// DOCEND 1
+
diff --git a/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt b/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
index 43b71bf966..a9087e12af 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/VaultService.kt
@@ -334,24 +334,26 @@ interface VaultService {
 
     /**
      * Helper function to determine spendable states and soft locking them.
-     * Currently performance will be worse than for the hand optimised version in `Cash.unconsumedCashStatesForSpending`.
-     * However, this is fully generic and can operate with custom [FungibleAsset] states.
+     * Currently performance will be worse than for the hand optimised version in
+     * [Cash.unconsumedCashStatesForSpending]. However, this is fully generic and can operate with custom [FungibleState]
+     * and [FungibleAsset] states.
      * @param lockId The [FlowLogic.runId]'s [UUID] of the current flow used to soft lock the states.
      * @param eligibleStatesQuery A custom query object that selects down to the appropriate subset of all states of the
      * [contractStateType]. e.g. by selecting on account, issuer, etc. The query is internally augmented with the
      * [StateStatus.UNCONSUMED], soft lock and contract type requirements.
-     * @param amount The required amount of the asset, but with the issuer stripped off.
-     * It is assumed that compatible issuer states will be filtered out by the [eligibleStatesQuery].
+     * @param amount The required amount of the asset. It is assumed that compatible issuer states will be filtered out
+     * by the [eligibleStatesQuery]. This method accepts both Amount<Issued<*>> and Amount<*>. Amount<Issued<*>> is
+     * automatically unwrapped to Amount<*>.
      * @param contractStateType class type of the result set.
      * @return Returns a locked subset of the [eligibleStatesQuery] sufficient to satisfy the requested amount,
      * or else an empty list and no change in the stored lock states when their are insufficient resources available.
      */
     @Suspendable
     @Throws(StatesNotAvailableException::class)
-    fun <T : FungibleAsset<U>, U : Any> tryLockFungibleStatesForSpending(lockId: UUID,
-                                                                         eligibleStatesQuery: QueryCriteria,
-                                                                         amount: Amount<U>,
-                                                                         contractStateType: Class<out T>): List<StateAndRef<T>>
+    fun <T : FungibleState<*>> tryLockFungibleStatesForSpending(lockId: UUID,
+                                                                eligibleStatesQuery: QueryCriteria,
+                                                                amount: Amount<*>,
+                                                                contractStateType: Class<out T>): List<StateAndRef<T>>
 
     // DOCSTART VaultQueryAPI
     /**
diff --git a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
index 2ee555dee1..553320c7fa 100644
--- a/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/vault/QueryCriteria.kt
@@ -168,6 +168,22 @@ sealed class QueryCriteria : GenericQueryCriteria<QueryCriteria, IQueryCriteriaP
         }
     }
 
+    /**
+     * FungibleStateQueryCriteria: provides query by attributes defined in [VaultSchema.VaultFungibleStates]
+     */
+    data class FungibleStateQueryCriteria(
+            val participants: List<AbstractParty>? = null,
+            val quantity: ColumnPredicate<Long>? = null,
+            override val status: Vault.StateStatus = Vault.StateStatus.UNCONSUMED,
+            override val contractStateTypes: Set<Class<out ContractState>>? = null,
+            override val relevancyStatus: Vault.RelevancyStatus = Vault.RelevancyStatus.ALL
+    ) : CommonQueryCriteria() {
+        override fun visit(parser: IQueryCriteriaParser): Collection<Predicate> {
+            super.visit(parser)
+            return parser.parseCriteria(this)
+        }
+    }
+
     /**
      * FungibleStateQueryCriteria: provides query by attributes defined in [VaultSchema.VaultFungibleStates]
      */
diff --git a/docs/source/api-states.rst b/docs/source/api-states.rst
index ad05640b16..156a38fcd7 100644
--- a/docs/source/api-states.rst
+++ b/docs/source/api-states.rst
@@ -100,6 +100,37 @@ Because ``OwnableState`` models fungible assets that can be merged and split ove
 not have a ``linearId``. $5 of cash created by one transaction is considered to be identical to $5 of cash produced by
 another transaction.
 
+FungibleState
+~~~~~~~~~~~~~
+
+`FungibleState<T>` is an interface to represent things which are fungible, this means that there is an expectation that
+these things can be split and merged. That's the only assumption made by this interface. This interface should be
+implemented if you want to represent fractional ownership in a thing, or if you have many things. Examples:
+
+* There is only one Mona Lisa which you wish to issue 100 tokens, each representing a 1% interest in the Mona Lisa
+* A company issues 1000 shares with a nominal value of 1, in one batch of 1000. This means the single batch of 1000
+  shares could be split up into 1000 units of 1 share.
+
+The interface is defined as follows:
+
+.. container:: codeset
+
+    .. literalinclude:: ../../core/src/main/kotlin/net/corda/core/contracts/FungibleState.kt
+        :language: kotlin
+        :start-after: DOCSTART 1
+        :end-before: DOCEND 1
+
+As seen, the interface takes a type parameter `T` that represents the fungible thing in question. This should describe
+the basic type of the asset e.g. GBP, USD, oil, shares in company <X>, etc. and any additional metadata (issuer, grade,
+class, etc.). An upper-bound is not specified for `T` to ensure flexibility. Typically, a class would be provided that
+implements `TokenizableAssetInfo` so the thing can be easily added and subtracted using the `Amount` class.
+
+This interface has been added in addition to `FungibleAsset` to provide some additional flexibility which
+`FungibleAsset` lacks, in particular:
+* `FungibleAsset` defines an amount property of type Amount<Issued<T>>, therefore there is an assumption that all
+  fungible things are issued by a single well known party but this is not always the case.
+* `FungibleAsset` implements `OwnableState`, as such there is an assumption that all fungible things are ownable.
+
 Other interfaces
 ^^^^^^^^^^^^^^^^
 You can also customize your state by implementing the following interfaces:
diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index c942bff9d3..51330fffd3 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -225,6 +225,15 @@ Unreleased
   normal state when it occurs in an input or output position. *This feature is only available on Corda networks running
   with a minimum platform version of 4.*
 
+* Removed type parameter `U` from `tryLockFungibleStatesForSpending` to allow the function to be used with `FungibleState`
+  as well as `FungibleAsset`. This _might_ cause a compile failure in some obscure cases due to the removal of the type
+  parameter from the method. If your CorDapp does specify types explicitly when using this method then updating the types
+  will allow your app to compile successfully. However, those using type inference (e.g. using Kotlin) should not experience
+  any changes. Old CorDapp JARs will still work regardless.
+
+* `issuer_ref` column in `FungibleStateSchema` was updated to be nullable to support the introduction of the
+  `FungibleState` interface. The `vault_fungible_states` table can hold both `FungibleAssets` and `FungibleStates`.
+
 Version 3.3
 -----------
 
diff --git a/docs/source/resources/state-hierarchy.png b/docs/source/resources/state-hierarchy.png
index a1c950683ad4fe844e28dba5da39d3d5a083e96c..232ac7d1f59530091bc77047725d9753376305e0 100644
GIT binary patch
literal 174750
zcmeFZWmH|w5+HhT*WgZo;4Z=4-Q6`<fZ*;B`~;WalHeZPo#4S;g1bA+A<4Zr-<>xz
zYrQ}3$D6E0*wWoqU0&6-2~(7pK!V4E2LJ#_Qj(&|001-)0D$m=g$6z08)kY00N{%)
zMMM;(L_|mwKiHXD+L!?Vl3@vnFsiS1vHIFlq!?=iA@hQkA$K8x`XWilIq2xpRLqb8
z;a|Vfm91(kqJf!-VF_XACcL&5qSMrb#Hg?Xiiv4qBjn^%LGX4iT#tAjH+znxAG;oT
zooDhGd>Flj5ZpCKfGn&)1Xw=E8dW6GlCjXF`uoCv1cVl#XH|3If+uB>2>A6b-d*2}
zp=9k|MxWM9x2-&vlYWmHT?GK3vI+WzSM##HpoiZ?3ns$>SW3Uta;q>6Hz_7!=OE?i
zvJZz<FR~0fR4;N>Q?kt>nK1((;nV14A^mv6r*XADi>ihS3(dukZk{UX2UL+!h7F5x
z!EB0IS{4^HK$|_*`%Xwbq?vyfjT@GaKRKuyg6v37B9$~Ne-wz>@RiUmdUr&a`c64E
zXt`sDCOAV&Zji<R?tB9rd^@=>eNLcD>h*C2*OqC$*eG+-;So<?PCQc*mpQ_A=B8Pd
z@U~_>jb_fM0@6v`PG2=SLFO77OCKDs!Zd*eWw7{=0~RB%VKl3<u-Eo=z0{ttQbpc2
zWcHVz_&->-JU1$~R}xY%_V`vr^74q^H#ddmjiAIGV4F5dvq2RKoj-o@klMr5B8|0R
z9T%7-pse-|*m4da--hV)<1z$CF@&=5rv{{)TC;pfbJn5Ir2R?p#*9UG%reZP;)Wnj
z4AD`A^$p-h_1pU&t+}H^7@}=l1~TsOex-bXlcrm3IuC{@W`JVUmURf`j^-(#o^BWo
zuG-u>c^3f-=*I?>_@a&U4$Rvy(&Zh}fj{efJ_;;kHVJ$QfB*<N;fGoR&1LwiA12rk
zdlp7o2#OQjsvXWAo-NRE6}=w%z5n|$7$R_H9O&|PoEyL!QrJ!r)sN8BLVG}DQ^*t%
z*?zP$zlSVCD){hVbW(oufDc*pilnNL3BsY-+B+6IbWU)MV3&f|*+TCiJrKM@(2~Kw
zcNJAIG~<|eGE^`Uz%z!vT65yW9|?4Ar?98+B6uIb*ipC2uZh?e(1+#+MB~o!$03vL
zMuHQ~`2;EY(MAv+Xq<;$D53oc`6u#gaq&+II0PXfMuw5hS2%XEI3a;jeKzejeeuRt
zOmfMz$vnwILpWRbiQ#G;ct(d6bT;H1Xia!&G4#FaCis;amEN;P2QUQ45`DXCHulT)
zRJtth3E%S^k(7bWgzR@9t@WO|HKQ-X9{ZtmSD&Wbcs+nUI6R1XG5X*<e-eE2_0<qu
zM$kL(%!(96Sx)hK!5s=-N?CNXkKCd>#w4F)bY&K$N?w0Mw|f;D7DuiXOEln*AuavJ
z_H_bqPf9~7M)J7dwCc@VVsrcu*><c<Kjpy8K;TaW46bm}o+xw?G$j|sXytjTYwF{#
zsznS_DR^?jc}H2(%8V+RiUQK(d9rz$%DRP7%4W)P$}P&}`C${>6ATlydDZz5`3f>C
zi9`vcgFA!u0~KZ*{qX~z6L5jJN%;e*1JHv71Midg-gt^!1rzAYYmA6Q(<V{6iXK%h
zq9SEmjxW9=n8(t_JfyMJB%&;*9F0{-WQ-ReU7-*tAo*fgh+0-5o-Mo99FQD6=DbVi
zLE}yNh|!Yy<nF%*o&<G@@Qwbf!B~@_utRoEwQ;ktzj2^(=DGz%NNlKb_{95s^ZdR+
z95a#4{K4V`6lw!CB0Z|MF&|P3qmE7$1mdslG$Aw{H2bR2U!95~i;D_93gJ~zzUr$J
zs^u1Q6;l)+sx@VC<jAYIs%{q^tF?W7ip_4fH_Bs?#?inr!K1-j#(N#rg{OxXm+Fyf
zl$yql&qi$hsU}$)PTR9~zP7h!s`jzgv1Y%9cn8%vnOlnc-kIC!jnkzQnN!^!$A0UW
z%B0Dz+5Xfn-^7<ap4~6|8hb13?YK-x%81B#PWYW6>LF4gW+8P^hGf=c8RJ5^8Dg_y
z-y&`zXt0rRR3h~vt0VU#VdQq+_`FGzOO?}SoYp63al2lR?pcv7l~s`|mL*OdNV!e6
z<*;V=w0{3?gqe}G&047Tq-OTrxbbQ4L_f>&8E})2HZ`GbO1;>nxO|#pT6o`M9}V9&
zO*8F78dw1@>&J$4_a!XreXFMNtIvm&Jl0LJO)4(F^Y{y2W{InPD@E<39%73qM37UF
zZ9=<{jU_@%N;YDmjVX~Rzp3Q^P_dx5D08emcf^KBGELfGDA$wI3oeT)d-dMs{r=MY
zBAP4XHTX3H3RetMjB*TRMruY_hI59AzPkQ?^L%sVa_e$a3yfwF9ddCZ`<BT@_40N&
zW6#^}y2<Op%<Rmu@+so0>(iBuXDUHTKjJY0Sa2<WPjF(GU8sDR$103Ews)3u6BZrj
z9b6rRq&2_<(mrASpvI6RL~on|;y3WtC`rgMaOFsuAMInP!cip{qIHSgX{EWsv8T|Z
zVvu9XqKOQ)Ds5J()^LiGACjLoJ-*M-wN(nci|vJ<)8=bbX=FtA^on;AMLc#Qn`%_`
zZD=}dI+zf=9q}2VEn{_MbR}OVZKZm04-gSn>WmN#?dA(3laiO}k;>(Lt51C_SLOOa
z>`YYJaBw`naPs412%E6B&Ae7Cfk3dYS;Bk~d$9+kcz~Bb=Msar!Cms0hGsgL8Qti+
zfp`fy`7e?N7wPYqzB3oo?QiUzOnsT@FIy|$)wQm7S(x9R%a{`=?JC(Qu^t`opNnU$
zUp9MOLmCUIM>@o><=C<%7`YrQofDmpuiBj%E=Y^uXj?(A%x70%XMAh7!&82|cb0z^
zd<&s-Sf}n4bDMGPJ;M=U3-isJb`@)pj*Xs<;h`$M`f&@zTp<2|sg}%0Vn%*HJ=A5*
z<<#}^*kxW%g<L0IkFBQ9SK)_#?{YxP@pb8<Ywm1Sy|I90+q<^<?()1%zbk(|nAZ3=
z30DaXiR|&k@piPCoc(;Wp8dCq-oaL4Mm^ia?gGm^2hR0{%5_yYut$>9pDfhY)CdKb
zeTz!f%NR<YJmP&-bzkW^=1&)VyGkCcOn0_V|N8!?+tBIJt0PM7y{LVZw`2J53ITCB
zag4svj}6c9$AwovhJIXHIE}==oxnp#%_^vsGZ~f|UQhg*m{HAdv7mFPgYV0HySc*^
z<!H8zIda@A*a&nr+B3fDIpq*q*vapf5jmt?Al8p=_PQRNpw-jxF4u3{azFeKD%01q
zk32KFRMF&c_2%6CoPJ+NE?qr6s!jWGe%5Sh%4uQCMW)Wy)p|5G1EEE}CF!VsrNJf1
z`C8pT&_Kag^SQ-88SIqrs0I64<+#lqcxiZMbVPQL8_>rR6Os9qxA0+jwGO(n_U0k$
z-f;T|@C!;Pr%1Wa=*{DI`(@U>>h<ltQEP+bHqN)}ToaEU=Dx3K1Zc$N-um`GDLrXF
zU#1A8KOYc85a9ced9hx)-1FqSO04L#+7YAR`JRy;cKsCXkjRf=&rHtb=9lpD;cvJ@
zc#;{=2rMsM@oM8sl}<}VuLwTCrS;2#qa+8MTv6@e=K!*tAp~PnFMC<RhVO21!Joq{
z9?xYpAryBJ1tC-YZK-k#GZFmQ8s&9z6)gZdnv!S4pFSBH@fV8;5x%+Fn4IKM1Duos
zyfEeE<cL0}-i3R3{p1JO?p9}baX&;Vec!j+Bi?nN`NEF<AoBn<&JUh3O5iL8ieBOD
zCAAy@04$1^A22Cp@)H06EW=V&(@9fKmfOV6mchu>&e)8>&DI_?8UWyR;|5*YnmHMf
zxY^pgcjR{Cd;Mz!H|YB1G2?5JUqhU%`Ce<vDUyiTeJ~?oXJBJsdd&|{LPEm(!PJ~v
zSycSbbkH5&>vv90_S}q&uCA^OuB;4pA1oM|xwyC(nOGQESm;3`=pEhPI~lprzjq}2
zy~w}T5jAr(`Cw`9WNG)F<YiqWV>@RjzSpl`0R8*lZ#>Q1EdK-Pz2l#4fi}qa@`jO_
zfr;_oYlEipzC7htv~)AG(G<0`HGA&}g2B(s!O6t?Yr_BZ>OUa=nyU4mshnIKf6x5u
z&7YaPj4wO*Ye&Dy_3J5!Ui|R9jQ^%RKYZbMp(ThN1eT%-s-WNCFT4S9t{wCr)$iY+
zYp@dYHMeX706-8RB`T!q26nInrHe5K0dqo3Ple?IW04gb{&8t3-NH4)!NPO-wr=D|
z-lpeBT~&4B=tv!M;Bl0Jsi}*hLbAWAtz~o|?XBH%^KI++^Yhhq8Z!`%_(TK@UeOO6
zBMSgUCHVh*=}!d)0WH~#{l9wu?^&u)I3$Hu6|(<+@V}S=0Idf1zj*f_9LT{Df#d{>
z{~N@9!!h*h_Wa*(05neUbvr<+vjge>v{x_?YB2v7wLik}|5K{%6bRbeGrfNO+R5>R
zfc=+VkW03YjiH*Go5OL3L{a}oNMA&ST-6UuS-595<F^(82O&GVx+<-vXuKY7(9Re!
zZ?j*>>0d)j^2{pWd3CTeo(qGBh&XW+d^Y$GQS&!oXb0>jDS*NJ0U-I=@8Nql6av<2
zS11Z15M5#*_XT#I2iR@qEtlg~ce_6XE=m5~+&bWIoU#@`s^jGO#Od)z+<zLpVbHAy
zf}tNny*%+CK_w(X!eR0QizOO*%lPSU?Qc`|1DhzH+-~@@pcF|vfEo^U4(f#rglL9-
zd1SA8jFkUUI1(gSCP8V4xPF=6s``ip8nkjgTKok7bs+<S;WPZUJn{c~7+G?D<aT7w
zNyNX1BKZg|E-nsyF5c||NX5bL|C13vQ4Rg#35pKl{;)Iv{1i&k$jFFFznN1yp6XLT
z?t0;`8LJjh?-%R+@2`)$W@j}^5uhcl$V>idvSOt`;=$5UrSqE^g3@r^*d)P0L0Rgh
z+FzA&#ifzLwtq{AC@cZj2S|&N&;Eslh1!gWz)49>p??@t@;CrQo@szt-EVvCACErv
zMzBb~h1+VTEL~Y--TfC*BxvBF$b_8@j@vjS6rI4(zq#cH9)=Cto14hh9~ryJ2MLQ0
zwSa;=2olKv$b?gHQS;>e!yWhtgM>mM>lF3R7Oc=gOQf0yn!Ml*bORa9u(zft|L`G#
z>n|%U1Nr_q7oS29<_3eKaVj9uk^BIfA|*eF{I}E!`e%Zue(~xZZ_ppAr$XY8<QL4X
zYQF4>TpvWnb)-3nfB32Y0`6}>^P)j#=RaSNiPZ&7iH)lg`Hl9UEv-_5mVJc8L-|E?
zkT$&mAya6{!HM-U?7yh<hn4>Yd^HK4N$@WJftTw=vB_Tu`ZMnU__vH>+`xgB74YvB
z`6F3{FJfSoiWD6T8us7R`7`Fffd9W`4WwvLFey131`|_ISQuPnBx0OdctBtv8XD=V
zySD*_g;G_Y1JmDB`pH7~G{Y_7;o~A)hdQ8Vl5932AU}cOA_7N-=r-jCSs&3sTWAYP
zr_BF{G#G>QJshl4?l)Ea%HVda{haO_-^vqn2RZ7uy50T6<@b34hXoVb8q)g2=<5?t
zeH`96W!*Vm#u@4JLD?75tMiuii^J*(+G5K!VAP-$GoXkmkF`!P<Kb4ZCXaA$rZ9r0
zY(z3szNy;l`GJTisf<Jyi;IeMMG%h10%O1$^O)+<n_=U&_?n4{NwJ1qJ`+=oHZio&
zey?KHj??q#b%03M#vx^+zbx$HV1v5&RU}q;k%a4m!+wWj<@1h9NJt2iOcF9K9V^^7
zs86(>i931%m**W(-|Nps-3iYWyO;A{pP5!Z6h0XfUEKA&a{J5~VnR8(x>jxB_IO7a
z<c5YzNB4=xP9K9t4f@h*Qd}(QLx21-+t!*N9Yzv^+v>&)iIM5Nw`r$nqCHjU>xOD;
zSHHy4Wxke}DC?Q^Jo`~z?<@4R&d-}@TkZMAm^Fv9aQX0C;p1_LPs<r@Pj_)lG0ZMK
zRn)|u{_FXQjqf@%wW*2?1X{t4(-gWrMSY&1%=i6P&Uy$!&ysg0(za37Hhpz?IU4!P
zGO<!h6e|N*BZIBsZZ70+S{yOa90*ZOGK2H&y?XjLOb(={(hz~lmlyW-e=F=5K8V*I
ztW(X3zt}2S41R}2qQ~EY;<&}o*_!+1gpZ1R#FCw(T67MNojI$Iq{dbYV!jL)9_21l
zt~klCBQ~M_!-mo4ZB%92c<SwN(k_V{>;2x3cBenO5JHVKD*3@xJ!(srh_J8h0t)Cv
z=43;V<%*5ZmmQ50#7^<t);+=JCcrWc7E!_JCA=Q6>cZSAatwpWTI&@1j^6f63y?J#
zclz$<$*I;MMge&g_%W)f1EclsvLyP%B~P@=fs9{|L6sLD1yxV+a$gO@+u4lR#-R7j
z_1iIG2-t>8Sgy@p_oNwJNJ_KQaC+R=LYWzaK%VM`D(@Z2c;|}HnW!&=-1O3pb;R93
z^~>6Kg?e#aI_kz_V{P`&phB-yCK>V5XC_P&XeVVjDYCI|MrJlVZbD6QqP2K8ZMT|C
z9*VquK}M1hc*)0Q%`lrVs>dwwl+$uCZ*3M@t?=eA2na{H@|sH1i`%y+a7|Ic^X@IK
zyUMIgAf?l~8`Qo!@hx5mKsv6u>D@62PUO$6YyNE-fi56pn!nVrnV|IIc>OY9cVzr9
zZf@D%MBYF|OxyOxR0PSFp;^`K`9Ym;<+x>(I1qWQT!V*P?1u&>J#5%~Y5jpJH-Fig
z(^Cy(l<~M+Qeux`BnpnR*7J(5VQT*hmB#FCs3TSCBoZ>xnRJc6q!2NcA~VzRNGoAT
zfdbTD77b(BJlQe<Z`FS*6>6eUo}E})n=?x7d)ZyTTipG$!GM$X{iLnZxYsTD4T)Hz
ziwEUr>)Os39EAL{_%iS|TFPK1*`@^DiOOK(jT|l<R(G0=mPfj!{2p~79gCr~I)Gd;
zm&7;ZN5rHLW^23Gf)Tk1a##nPLH_jn)U@bI+|`a0cuog_?W;G_3piQl?VmKcJ!$A<
zf4)K^g^ZdC&N{UT7~yxi6CT24CmAu}=e-ce?Spr_6vI<aHDd&4G+>M$jN=;Fa4ky-
zQ(uzknR~M(pBB!(=6+QFTF}GoiR3fQTTx;2+4(Z&2k$Eu!Em_mw*PP%e&E_5t2Y52
zCigFMt|dqeo`-_+IF>JhPjJzk_O-BIZ4oMMX;E>w@MEu!m;907cjT6n9Xa9FoJ1Ej
z(VGCz(MD$~J<W5nT{aj=!A81Z`-2=98q86$L&e2#0YMu5MuKG@X+b|zn-CNI8D9_<
z1hZe~@R__dDIMY+uuYT4O1Yl2nj~6MvZ<#Lip{xaoRwFwHRSr=KJe7=^fJz&X%xF%
z;}(oYQ?n**l=}<=NCjyOrs0wvH*~z;9C8$b=e486C{=!b<wY!IBECD9r$ZPj+d0qm
zDp;aLEXzC2YPL$DQCf0d+gm0LFkpKp>2$X*a2Xh!3K!wBdi+GseiTvmkOC;ovqsY8
z_g()2k(cu=%6{0D7$R>+YE|LC2nP2OLjmYG{y2|3asL`35^vvYSo-}*RHE7|O)}pR
zUNOaQC4^OG1F%}6ko>KlP<D2in#4xtDW#CenViTP3(c`lNABr@OVDyBJEa}~lXo`Z
z=oGd_CMHo%Z+c-7ZzA`7^y}|;67phpqQG4)9j<=5U<?(tqEmkZNcq^@LN7U39n&OR
z>ju42@FVB#EEC1GXqHm+i$|6S#+0l*G&b-zCFlJn?{<jX*=bCN8{Vi{{aI{ve<KjR
zfmPhVr$hk4U@0&z@YVaa+k#5D;gK$Tr$?JZ;s{EFuE~x=X7lW=lYZVnOoCvNul6AO
zfVI4F!MBR={^ow|szsu*S)vc)N8({`W=m0afVZWtw4ooH?>#A^Rl*IXWFH5EVERZP
zg?P$`pJE&0az=PpxDv<&-4Q5*z#r|C1SaMTy?H`<m|)5hq=NJD?EuS@$>8K`4FXzV
zKwD001O)QE74lSx9)8#MkiIEXBBD-JrS&CZ&B5uHJcib&bxf<(B8daASpRJQlUYf!
z{*{fqT{0A)SF=l3KupDt?k?{CVweLcs0oh?<@sZI3Jpl)U?i(hBM%k{o*M{N(>{Xt
zd|xlG^v!X9<nB+9!_#l}yoKz$vg`9&)04`mBa(@x*K1(-X8S>8z-tgwINM-3O9&I2
z;5z9WROEPt9AzX9H(-;{#wcS%^?-KuJI`kxFW6`Kdu(j4<FL!|;H{QkqrNlW$xdKB
zI5}+TbKMYOuIJmZBk@g(MKEPedjNx8Gac`;!c#vh#9AgvBn~fXYhC;?-k?%D*msQ)
z#gZ+c?-D~CZbx=ALX}yh*K^D~*#Qf7cL+PJ65AIpe%}Ybg(rSZZfl04q9E)u=26XR
zY_cW}RovpO^{0H5@w^qBcTYvcOs~|9^e{)1xDCvQ3A?}YeKSJddwzoHG;w;DND2cT
zjT3!DxRC2M{=lRRhXNjqIv@i}o=EpO)b@T<m>ugokW4_`X4c=ud9Y(YHuQwQkeCTI
z8j}Tn2%BiCZhMEq0kQzAp~7@n8KY*9L^lQz&4>k~+F3MvaqwQ+=5u>ztkmQ9^D)J`
z67+6q#qKIxO|kKpubv(o@OPIxR3-gQFe(uT$#uqDcP{U+ru0M7S~X7Bmn@79pqVhB
zkB`2=B4{*4Jc4Z{e{+Ky#QOdPR{wP;8E|wSnnUcou;vq%-RF;97g-+7cvB<fd{>{Z
zgkR09Pe7=B<8Sst%-rv!5hfjqi#eQvAa>dpKrfmz?Q(%&D$zg?!=Xb&-bz%bGFVoE
z?FGoiRP6Iu;We@q2f&i@s^7!*r4@`KN`y|(9Dh`{PN1Q^LC#a<q9?%kJ66At2jzmx
za$JnbzvASHR6%WIVA+9Is5E`!Yw}*#E;a4z&eYp#Me-!G&p&QAHfSHtuiwdLw#lPm
z)KA(*m%iUu61<r(xU9ZACf#ASY_-Bf9AYtCETKqd%8ElJ>v_68y`^}<nZ=e_ypqCC
zDd>xiOB$;(wv_T-1VaZhTPS@#t%tqOnWN}~b5QtvEEqnnIg2PJrvdZ1*-d0oZLEO*
zXqgk%4Drp8GR7o$9sx(acNca~b;?Jia^ksY>0zE#8Q__i>JlY=XHnQ=4+kE?n!s4A
zIg}08MzMpd(`Ish6H~sz`OdJWuaEB~ploDw_4y$#Pj1;5S+miF3{S1%(`2!&Xpr&D
zyx7ijpJwwd`bQgg1d~G-SGE#V+=*@*fv=vdbh^1-7a4_S%!?jwNMcnz1-R8PhjrKr
z2cckbN#QU!X8mC*8Bbqr;zUaB?-q$|d5|Rf&{W0?m9#4LRgA`K&~P|C5(mqMI5!;$
zrw;OqPgL=`sRo%UJrQK}t9is*oT__(&qmve;}e6N-!hhXVXPNuV3nj!?_#w4#Z)}3
zc%@bR*c_*fB6svPOg#0<O#Sk{SNB!Eq;3DoYe^1YGJYP%0ovaw6d$H!HCQYij^2Kw
z@e;G$z)<7lad_8JF>pZEtt?fY7<XD8FDhL>rn1u(>4RA5w=jOTokKEC1X_tQnPpGY
zfXefkjTNE8oV1=>*4N~K$N9ItXL?^K4hK07;Zd&HnK0EAM19v0fIkn5zU@Wj>Lhij
zeh7m@1e&fWwFI!rdoD-vv%|-i1X@2y0GSg-W$6V6_0ea%8FN*M658nx5OjTL;YRxg
z`>v<<?ir)$acMIoRMsj-;bzspM%i@?ZVKO?>yZ6iz;C`S@yc7W!%TyZ5q6aDm@*T=
z<6h*xXRN{J*Q=sbVZbNg@`l`u=xdD?|KL}#=4<mdBql9N0GnQ@v?|~D2&?Y?c^OA$
z`WU-Tj@~zLg`P3KAK&#OH4)ISbA&==tmv6@0PSij&G`B%DjZW`oablpd&J-=-c#?b
zM;=6xzEL&HL^uiF7Nx$1kJ5SvJ$^IStA@ux_cSp?Ly5Tn7M!Q{jTyTh2v$rg2!j<F
zs`wt^l89pam1{`pgi;DP;N4RLj!ePj54Yq3faUyz_f53|S=6C(Lo8S<!zfYTOMd?^
zCi>Tqfyz3ELlot|bL|UNl2T~N<0IXGQWdr4C!*IQC6>{`C-tjgRbmOW%-!jy7_WoW
zkUNW&C;7ijkBUXDgi7swpR|nl4pT>x9&!~MLW6IRp&#hjFj#+o6`^UJ%)m3^d7Bd;
zM^q`F27rSuNUk*!c-qm_;brKc1;&yKR&|tG3rohbrgKKSqO=$>>TZ9J84OLS#o>V9
zv53J~ct<ltJdPw{UYc-lrvPiZoUR|RTZ}@rFUM+ljLXR8LS0Z2p#_g1T3j?T>n_yL
zDE(C5@m#tRIG&E*Z9{nM;%1K%Ib<v~l@l#L0NC9i6X4`hZ{HXdimhBww~Lg+pMmq&
z$CC2)!Vg0NBGaV>^m_M65%JC1of*%jEed6hpR3B-`OT$88*AQc(>PaR$GsN3vztOg
zJl3bYird*Cf|lgwb|B#R+rUjEgGwB19NEnTzX&}h;9rABLa233yyu({g5LJbj$r-e
z=~G_ZgT$BK<c$JdEpQRm5-txSJ?q{_O(wZOP3{8XJ2^Fe57}k&hrO2M#nQ@IT|Pk;
zQLfOc`ZZr%f0~%H!T2^dUWN>b!se8mXt`TVN$9y!ho7tZ@%^8OIs{rbo}2|_)42#O
z7^R3s-n#cNL>|xSHuok6SB#dg(lm?g4Q^boGej&>*q=ue^JgxFe~4-#QEgy?qYr(E
zB6OtuXlsJS&v)ft+Jcbbs}vFu9GpP6yd6VYtu-_)Rh<r!B(H9SKBV?6>WC@m%!O9G
zZ>3tn(pU4PM6s^GuK?-;nE5HHn9}Wso=TilvmWN-eS0RKfc2|{Q~6DYkSiqa^|Pla
zCM7LrN+O(GAO@K7Z4r{vHz(4lW5HOsW5L11a`N6NTtrs--d84WZBB7u6O5bN1AnJN
zf}qm~P>mk*PZ-Y4091#_gA(B}K53R)KfvkNDENFSo_p37<{ZWl<n!vTx(h5*!dL@0
zf^(x_)cxo1SFhukde)3ilVdU}m25C@RsH$Nl6%Pd@;e<~We~C3BYPH3w;s@k=ADFX
zC>bXY*uX<MhD3i#D)S2l_>&F|4;zv5QpovaLP0$OBNbYWVoBeQ+}(8ca9^nzZGWQ^
zjk*fV^0G!B%UU5P(Bws1TUp62%H`udYQ?x8iLXQSdf-)>9n>vRp<m=|#2vZhCQ+nt
z+PgmfKu5G7Q>zu5sKPB6esc=dk~Y&*)Rkd1^GVCiYcb~%e?0rWS*>>}4f-n*zAJ8c
zm?V!If`V=arCfTiXaw4eplh2){W|n%;wHL`X-Q3I*YzUCqD1Ag##gSrRODiQ7`ZaF
z!(Ki6t4F0|Ocs85=3VgrF$cda!zmmn{8RXN|F7^*_r)Zb%(Hh)mfnkcN7zs}92Q`Q
zo6Zo>d_;Ps`0<9OB$C=3Vf5`_0<+mZdtb0fQ;u*Nq|+NVB%f!<5sL5a&n;)^{Ot42
zJz>Mv-O-Z}<c9NAfjbKofI)7~jVGSX+%-cW@_8L`Z&spO@P@CDA9*zQm2jwlg~>*Z
z(Z|R8Tg3}oUCi%S2C6Q`HvWW^Wm#sJ_+m?Er!C{#E0}|iOx;dvO7C*#XH*MSutw|Y
zg)ZeE)rbnsBh`*9##^+Y%yP*Y@}2z1iG5bnzTC7(sT|bP>77!nSQuttz6!#Wjti+x
zu<N~*lJ#SAb;CwXYZ01wj!(E}E|3rrTPlpIR;oU?PiO!%%IQW<#j&;ZN!I4Z!vaeV
z@w!$l7$L~j+!FsGm|*bls6mHJGE^M7zsqHL>i#vjBm*a&5viKTKGLRjL+?ZP>-dyN
ztS9(#5BlyU?CB0a>e%r|Y!}XbK#e|5W_(Zi74-tk`Lm7v!8FWi1>RvJ9N2`FgN};d
z#VELIB>pU-C)RUdBE%cPO(~at)owTqhR?lrT&!7+5qq;cKH3Mgj=S9TzMHTm@#R$L
z*QC_T{&@#-A_J(yo=?GQ=Woa&#10rEJRGmXPZ)}&-SD%#7IlTTp-*_)h*NSh9Iy87
z+&MWl`tTDZvborI0wV5bEWI%1qt$+lYjf6}nFL&V@{Kh(aG9y0C;5o^k+%h9)r~S`
zS?H9^eL-&zn=udX*r42K8}RMLb$hb$!#LZd7+hHBx<2JOjl^=dUEOwtnpVdOZzL9e
zw`aT$+onO>!@(uf(D{6Z`?KQXeTy<R8VM$ynt@x)j1aWs`a#8?67|304na?l>d)&`
zQv9~MBx>+^!vMJCu~zD*xhf5|QD7<L!+SVdV3nAU1O1VtsL&61@)>bk2bUGBZlbVm
zpU#s}M#b?03|<3oG<-E|b&~W*3n*nLzo0RIlcnY>d{rX2H^*Nsk56Y?Y*-p$!6rgf
zQAxCT)Os?zB(f#$p&d$i!^t)8M-`pYm=rF6*u6tb0n{R@8Y4m37G2?*&Wf8#@37_^
z&cYdsX1@x+51ag8QQe)zMl&w&gwI<7{S;VQLn&Wuia~mJCa(oDd57sZCH&l84Rd66
zod9ZXuUkOmIqG0%i#PelN}zl@62M)+ic0$IyES%&!)_N*H8KWSe4Qat7cw%)jg+4U
z3p~T53u$g(K{ysv<~LTjRK4{n{wRmPO`>-o^HVkLODfBXf4o&e0K}h4_b>PFr;h+C
zWbE&5_xuX!1hr8mi@_#_mP?tfdXOE$Bk5Sy>bIR$Y10)-WSrLeBqpoqgI`_iN9b)j
ze+7Gv==(H9x3<FB*6IzGPgu0xg|fNegXfGF?v20o@v*NKTxxk|&Kad%wJa(rGqBsl
z&@|dMRDS)YaX|CPMY2TU2vf2k<-DU%(?z%WfGk5re}~T*De-YiP5FzZ$QwxF+Vn$*
z^*a@ZI?F^aPM2kfXsD`i=QCIObp1BK@ZB?omiLs&x>w0(Hpw}LqMy~S^t!1ofgj{v
zoy>T>l_i`MDz#Nsdnm$`T)#0})8uj{5P#x<$PA1hPcd$Dcw-~r09{%%8#b(lAb?3S
z(D|B}&uukeHX%C<YMOvEDiKqfhFHtO(C>a5IY;`3%T2-AQMnZ%^m@<&_?l5rrElzO
z!PIXy0#65ox124rqj{d5I3&BvpB=jY9T~rzZA5_1Qzq6+&QgE5D8X{b2`j%E&pC3o
z<NLZnT|C3d5~SoO35kTpZY(mU3OQT4c^~DuPnPBcSm1GuF2V86+KE?msJ*;5cAH82
zoemJ@@4GwE2ATV?Nd^=)IXn@$Q8H<EzW{Byelnr-m?>=D+sE<<vJCDA<?a_`>s0r;
z;hl)6_5*Wq81!3$CT^=gI;X<7hQ7`6dSr;r>KmIR2u8pTDKvsKRf-TtL_|WnyQC%J
z^<`+-`rM<tw(Skg^+Sd@`0DBiD&C<ax^5)_EmkB7`Gj{3Ydd$5ElO#j(SV3V4C&%x
z+4<c<zQD4NlDkG?MY(Ad#|dv0RATR5$Mz_sq}`FOU%CkUT4g}?>rejK%xBot;fQZS
zK7LH)y<HT8gj!qM=!1>QP+WukA$z;FyA5+6P`N@Tg-$}h6e@7fhTfN~4i6&ZpzIm<
zA5Z^_#{bjFCWy8dv-?y8G?QK1ikrEGXNhG2#n{oLN%@ws!w(r^abq@FR*F!Qhs^My
z>hdv{pA1vwiSSOa*uN)rHKYwraWGZ1^P@1b6)6hyilzait~O}rCksOexASOyv)n2&
z&XA-A2uVnrkcgJALhgf(a9ZERxgnhihZ?a4Wm)It$v2XA84%(d-W7CB>;>82CL3;o
zp<H}r^sf6vcY|P+RGUy@!@~AGGM$oltRzQHcqGetVG^BW0Or8K{*`vkaY&s(0vMib
zsr~#6iki%pT2nzL9B}%HRnzTa6}+|;U76XcgF}{hmU~(Rhonau)Q3^IV2|>5)JX;W
z01`OmkyMME-)@IILQoqCh<XNvq)X_~zn|S*I_2kE>AW_}NgPGNB{<7jV}cZI;2VJ(
z_oV7sH~z(9X7%SzfW)zyx>IsqU+kg8cwM3OP?_;k#@hmz5P3cNIfM3wH(sMeB3KE1
zYnHD_26)`p9icair@PYZ1``AnMYRV7>2D$OV(Z<zP~2Nrf&yD;i3&?Rn7=2(^p)v~
zZyN9U2YWpj7%Yagw8TxSwUYT~;+2N1&R#WGowpb|y+zFUraqyA)}+np>_H4~Do<G$
zW4+PiZ6N!(7JTC=B}90R&cybP7M%Q9hVo>J9GiwKK^cE0{1jsRenpJtQe4wx2mNl6
zwpbZkOZJ@~`TZ&G)c3iy$iZBgDekG9oUbAfZk|UH;;$~%l+L<vNqVCD0n{$|M}J#I
z0F*MQJfS?ObuRl`nf*=CUXt1@=XZ~YY&VYzg=yKiAtSnxxV}y?&kkl)s5biCuO7u^
zJCoX(5FhUahEkby=_8YQig-eXb;-D5EU$z$o2|$^*vhC1HCA9d22(be-VMoqZN8Iy
zXYPlqgKTWN;1MfQg9Q8uQ<}y?pw~B?NKoGR2_0<0dF4A*0wn}i^kJ~jvreIh$K(+g
zc&NsZ>UsRz`C5B)ZKPQK5rq#GiTDLt@T*njj0f<NAdNj*!{m%F4Z_Y;RbPYkZsa%)
z87{_#BaL-$wm9MOMP2f^3LZ_jurFMK<f*e2%Fv9K0VPHYP20(DP4J#{Y9JHEXx6Iw
z(0-1PBlW!hybv{^mRhWv3-(mE$tGS`n)92uKRvsV7%sU<HA}xhs>2@3&O1*a4AW9;
ztQKB@!ug4z1Q_NV3Gb=*KSWc&lv9(%^&$V3RVUCHZtRExDdX=v^g@q>9!3&PpfyWt
z3Vzo0Rz1>^LpX4HiD^B?|LcJbj7b+xli6DRkvkZx#RCfd5(=5H*>yj)<H=~h5ECmi
zx^-JiYmD>==IZl7izX!_4o*t$LKYeh|5p^7@UP`H?)E?M9p5N)#+KfbZv%;~bxM&&
z;EwYK-qGlJe*yxiU+<8mYPk03kMf)`Oz~6Wl0Y>#Kx|iy)L%Xnb0R~WmvF8+KwT1s
ze{>EPen*0*K_B{vZ5MtizDqaWszPa6%Y?P!O@0(fgM){+w%KJp+j<;iI%9CY#N@09
zBbDxDGH~;>^L&h6>tTIQgCk&sm^xJ!9*LXR5z&0wM0s6lK8G%w&O@9T*x9{7J7pI#
zyg&2W;G3+mo)c+4cwSu7^hONx#+s|dEmik?X_LugcyNCLH4R1tY<DulA@h{2-Ni{z
zX78-m2>u~Wf>L1w-5WZ=Sfk{VosI@j^pKimd5=sLPxk8d>v-B#RRvQ+!;gL_qm@SI
z@<BxpA=cBryo=a!>b5kApv)HU>6+zYUlYQ}Xi$PDoDvnjV3#G!u%j7IM1IPpuyhDO
zT{{fh_m57oM+{JxN9OrRalwn#@n<6kCPI+kvhkhpe%zZ%U7L$hywqZ?64cs0`>LJK
zQWEUfrwALJ!QY4y<49ERaSIRLsoFXa%|B26cEsI1TRCNMoIN~q+oe>b1$hY#r^F}H
zY<lslW+4kr12<VjJ{NzhyT1%J<NA8O%*_qG<V1{D7h4j$Jdr?jcs_j5p^T&-xxh`w
zW}rQ0*|RP1?(&N%DDMA0|16%f(Et2X>~v$khFHFdF=S6=kVu~!a4#KoBDcxo-Pf4D
z>g*QirfU<NHRGyS6i-Ivt;(-lA*lt*EU>T0;`XG1kcHb?h4%3hD*E<Ydyh(F=5wp8
zDQ0<Q+dC&=Gx?i4dJwQ3F4rk|J)fmEm|tNXbgV$6eLa*Z1Xvzd`Hs~bL)M<_Br(Li
z*W-bs&5NwGSP(zp-y^k*W6)8$x%13*JBp0;xD^)$&nq7-@5qisAo5Ya+h)*0d;2g#
z77?aBGZB7b_tnZeu=;Ig#ARZG&FY~q?)2P`2<P!&PzZ<^6=`US!zvWb4`FD#0MOTP
z>C#Qzpux|ZK!?av<z^<p`da}nWI+m;A;-y>^t%R|A*hW4{K@KKxo=f-xPYP{AVaK?
zI5t<)uLNLCDwSAyqn5qPV{z?_FjjcY1R3&`oEVNbOl*0jV#1bZUZeJho2f7axjUsy
z?=`0SJe|ruV?IP4aI{>pR#!{6@mZM*YXfoi!_U|A(^T}+!vqs(xm$MVb)?PiR##iO
zIMZbz(t0*Mu#tP3FsyG2ON7yvrD`|gv9;Cd%3Q`mJ)d?KTk}uK=!QvS=fNt~aBy;e
z%<gKknKQAZ;uqIS7Xsjngm#u{u+#~fvp7QPX;P6=BGVoFtaUBpfPeu#w+lmrwei5B
z%+|Ohglj{_sUpqqw3L@(j7Dm}GcsOnyGPQ<BV7$GOf~6nfK=%Z9857={I%3$erQQ%
z-Fm6Ns%4-{!I$Ild8$gJ-_#_*MA#AWBj0ZGSpzg);J{`s#Q0iqgf~p~7WJGf4G5jz
zYv%Cq(U*wsvD;G}wcQcu<zFgTH%V)@yl1Cbc*NRg7I;Mx4AU$TxQA(fQN%_rwF^40
zQi4g86^nZ^A&)tzE}nx+3Yrqz4O*o5xuF6&q3)~wGKk5aC`RBgd=Cz9&Jr;t<{Ub+
zjP!M^1VLCWBXPQUTl7GiS*kWg^Xch`6#8O6#+fJPqca?}<`zRF^$&9s#U%4eqC{h`
zSf&6J1-o4R7LR(5eW{WSrKL|R-@xUG_z?F$?-j@VJgh+mf{y$xF)a?%+%K{mdOvfz
z_n;(1Y^w5^m2A$;Ft$%O;4K%HBs+ec21^1(K)pW*Kz=K>R?p<-{=m!+V?WXX=5MJ3
z*@s!s0d~*(F1|mJaysf*5<rR{*I<Re<H7PrrPmL0Ue8>;_P8cPrHdT_SdshdU^VDN
z@JMWwGLyZwxV3L4jQlW=eV)Xo-v(pk`CtquzxwxQsy!;{6%q1s`@;6nzV+LK*zFyi
z^B)k=DdJF}HQ=ekRx5hjW0BCK)GJ1_F%?zaU+|PlEQkfbZelrUzS2DSUL=Ug>t+v~
zGKoD)H7`prjT^W99%G>^hveZ%KhRcRrjlX(9%j<TrF$T4(DkC<b!5Q<BXD7|cWv`o
z<dNT`=ju%Oi&Axk(H(JYV?9S_TU%gpIue6`Vr$$WlM0w_+ipy(`{as3-VQA<?1Bb;
z$3;WLn)AMp?oz}(9gDe8+&4nzt<g_ZDm8wZ<%MIpw)7>-1ywYIB#iHQTj0{XQbq9P
zyvg&9Hu(e)58eWfDDz^9BIYFK_K+$*Y)a2!4iGvf)jzHTJ>lHO>^0@c+MjgNPnIjH
z+K@3W^0y#xOz8+y)CD@m>DO0SG*pDhevhHUNZ(5gU0^0ofRJ@KIg^`Yq~u%CJI<v#
zBG*fqbl%}DNnzF8)HFL?PVuJFDuq+^L7;N&RUT9+;W%319|TZi5v%`w5&-h!A3-gC
z%DUW(62BE@3=GU09+>lG<1j*k)A@!;K7%V1Aw%Pof(bR-=#v30ep>QtlY$}pGDTc9
z>uJFjZT3&!X%fds8@n`p_?tH)L}0ErZYo*peV$3d0|QWrh``89UM1@!=hoyRSix<7
zH7F+y-x?*7VVu}w?3~poUkM<lnNr)U5f`JhPQV-P5z(3Mxc+o@>afKHpQ|wA!ZdSp
z=mWbrUE1{{X%O{IoSM?b!5nl!Wi!iG=dK8+<G2QIgOCU9#m+L)9IK>(kK@J!^8uf;
znhj;18kN;{00)xQ>V$tf=ccblgMu5IZuM1Lu4xCsORoqKjLTZdGht=E>_;YTr@d(O
z+v+e-t|bJPX@5FNO~B=jzCHT6?|V!pDgi+NY|2=m*YeP?k;#5gxLQ$`(4z;HN=Ze*
z`^mlNqZP1n>+5b06BSyg<0T~ZL}mO+A#@B=BLVw&EAMSSICeoDTf@S~uCRwlQtAfQ
zig49fjpGq&vj^s<^x_K=bg0E_aJpQD*CXYLG_5pc+h+{XIJfJKvd%i3fvXx|s}}0h
zs=9pi7E8|y{2H~8@ny~DEayX#p+UX_zA7DAOP@fCdjO{OTcI0z3LgU9y<B}~PY0da
zligd9lDP`ZQ;EjG+^Q|QH;Y~LXfozSHpzq1UNFiuX{gAd|2Y%_wUvT;@1ztcGm_+f
ziGrnsATb2_)Eoi=TyLEp05VjxY?ql`21Z6kCK;#iF~8A@cs|}2(g%CwoX}`(4H&A5
z8|0XrmSW{dweUdW|IyxPq?MHEB=ohQ@{mplB9p?GCFvRib{o0vN1_uohvxx^yo=5j
zi<D(y71rr|G?0C^G=1%k`*$ur<^X!i&F@dZ|Jxi1u0W74gJDP_fv<I}I9v{5LIyuR
zypyG)Q<@$?GZ!zi_VZ~KAS!GEB~(tXN1Px2u8`(Yyg;zzaHs#Bi6(&tU3{2#A1{<$
zy=OIuuW{+FMxA;KOJNVhg<tD!*{>MDy!Na?pQTOP&jLV@6MkkxPWhW$mWm+7!TYSL
zkNyj}og~np$5cCg+dT}}rw8Z=EQap;EZ6~_pc>**RNfSeuB;9SAZ_jupRvOIzNw5Y
zsEg4ux0~bd{bmV%02Ozn-y2;i{MJTEa}d%4h(kv&mCC#d(D?)g^!D!G8MPo-6lf!C
zRTZ(nam(U)*}O#=r}E3@=U<v$#KUa=F~k2SsKYmYvGXAF_Y~j|Xi6+@^3t!?P9qRR
zYQ&KrzdDtEXQZHo@Idz8($wfr<xbEQg#7M^u0!4n_BAhE#Zl-B|301ih5G<K=!B{v
zcuwGt$4z<ZCuL=70(BKr0Xsnum2p0Q`BQ2AGm{O}z%bF@DgB#men&6Jr#GxizHI&-
z=)g+~pW@p;lfGCT5Dz{eRQvv(BFOSWK668t7xIw=zcgJjaVq?=Y=5ed?_L7mPr(U)
z=)UxVJdb0~r<W$%F>z3M#UX9;k4PDwybeV7pIGM4zo+<{zL0OI{otivToC>RqLF<@
z^xvX^F-8T#mJEURPl37d1$o!4aI%+Pnye_0pxDOGhWulO<og#+(+@rUnKD2JB43LC
z93O~${unP1J6CxLf79}J_C=MY1j1GvOZ`uKu#*Jn_Gk!GLK?LB|B841%m6OFa9St%
z@sAIP)dG=^1)|#Xg?!X65Q971|Jha|m<z%-imv2OL-9^D=yoZEHaZ@Jy&nf?xf&&7
z{NL37BP=8hFPyGpx_{yHOXF`fh<v8d=GQOeQ`Q7QgbzG-`a}LdtQH4t9#2d2PtZ0-
z2)b=#)gYjLS>XRF%KuqWf)GT~n@rJ`+nxa;A|gHQQC*#+4>8R-1nB4idsD@^E{F4t
zj!M7j$%pk3mqZK)k7Ti5lJxbn3`E0+&Cao9?+eY3Nq?U)gA7g(h;#9ZTU=B?QShpB
zec+Ni$pz@I3Gh{cI8H(jD=I3w+I{-!h6oh^u_hy);tzI|&>zu$VIGbe2Bxf?Y^D!t
z_RdlOF9M6@<sH0x!iN{|2!zEUc`Y0giOZTJK8(kN`qaD)azc{(;GG8WgP$OvqlybI
z5jHRXWqp9~FG}1gwFaa@O%v2y_yjw*^~THD5KHIPG)Ra&s7Rjg#&F(rW+I*Wn!*N>
zPG6J+ZbMadQ1OC9^Wvmnl>#)1n?4JVBsdkP<8%<BX3-IOP02S*^38)5G0j64s1}!n
z0-nvppiT7V+I6q1=M3+U24YB>y;!NaAbU<wkVJBDT?wn#rgam*si!+!9|JNLCjR|^
z0a$#GsqTmebr7^0{ndOBv_@J~R>7)kkB?YK*g^eNXUr~*o@NA~PII6=*qUprH&^nF
zjr2`6Z@|CxpB(hfhVpALcTOnfmn&(jb6t!vxfdPavitr0iW=yq2#-!ha0Nt;-Fw3J
z{Xfd}APsucrkuH5APD}VcBqlV)LEe~d$*r(9{|~>)K?(Wu~iU{E$S}{vZvCJL@592
z1}FIh8ix+o-$f0Kec7pU+IEiL`<Es%>t)lMlPh-cz^-m_t?Erd5630n^2Jc>YbNWb
z4?*JnjB+6dP~k@X?aNGYZ6pzy<d|-5UHGl8#9d?UsAy;`vz%&zVF3-X7X$)7wEF8@
zZ|tskz2ITh2{J}lXrYmaqX~B9YWL-_BBva;R=0{#I&(jOk+C9N5ObhIm9V^X<<+5h
z`P_hf)6@dve~JOVypZ7H!r|oZ4almln17y;@ecx7;qWfH*Qk0{34!+sUzDOED@@Oo
zoUDEl^a(Xq?oTIlRXCI}B7gg+LUE(V2jg?e7)!2YG=B08hto4{b|oGul(|4f&*5GJ
zv$eG~xU(&xw+|o|4*R2o%VFaPLQ^My=Dj2u*gM4%NMt@Yw7F$YLf&KE0LM=T#L<?n
zV3x(05P3E1naz0c<nka6u0Oc3{mWE`fgDUc4j+*W$cm3K2!=nbQw4|izPQ&m&33^`
zb3kV~OAs8RmcdFfmj2JW03|m_VPRp#77ypiGQE53m^185{&gPhrugn?+R+?n<BwBK
zykn&e-x-NC*A;yG_Nk<KX2dinpCM;eOTxZy$B2C2AvuK@%Oy&Twu<p#t^26KyL3n;
z?tF9ER@d6n5QuIzxVG737hY*Lq64e(Sf2Y%o&Fen?OFms$FqK=zMONJ+yqPaq$Rj2
z*fD%&P<RmT9XwFG(NpjSPm3T(_U1eT^Z^b@DQy3YPwzLIWRRYxnCbsX7X`6jc(Y#O
zFyujt>g#7p^<WViynJ`kNu4zc-T{l%DjgpNHZi?Cb;4qx4wC4%!6#7e_%q70N4Mlf
z(>T_PquJK1py#r5eJ|0&d*UNGJkW>4%D5|i@2WOpaYzQ9C;U=QPy|4NJ&y{6dlo?M
zJhmSuhL%j#)0FugGGz%$zsNb9Sw<kZ6gjG^A9)E^zYh4DW$V}-n*)&39mDjuH%b^U
znkqio-Jrz56MsUQCUH~|r5ap?&)W$z^~0d=$P9aFeud>FDysFf0+puvsptrH1IXHR
z6Q5Hu`8-{mj+Y6cE9o`I?qqEwL533Azaqnz%xOi46mR-snH%&yicvHt^dINe`V!X6
zq-;Cy=Lt50DUVMuHMGf4mPZAGN^d^;B)XdJHHIDFUT)7qpmGo<A>1<rqf5WUte6rx
zhhVJO>PC|*EFzpp0iAk<Y^FS$I(<+u<l18>3TzT?Cyl3k9;*`n2kBZpug!8|fmLfm
z)QSA>el~L~eRB^M#75VT3)o(dXGkn-tpmwi2rQb(eeM}IF5*GKt6fbfu*fh~oBjSy
z1*zqa602{$ZZ4og#NYI1uu?|8x}m7|S~Li9KzQpF8_C0_$#0Q~%HV~cNhZONjMu}T
zrDnpNy{-E8lkxNw>rJj2rUTD6;r^Io;r@HvY%~_r{$#imR_)$twh@np)BBj?V8dBJ
zN|m{PzSvLi<i(f@gj=+aG4Nz2rnQ6cj;wK<eFN!XuRx9oZiR++I(g6&2?a%BM3;-X
z;u+x1{=#oOR9Ne`@Yy=9@NHk%OX*Dg;z3PGNq<h5$Fx9ZkekPupq?MT8=nLd4LlD9
zWCKr^SK0ULUcSKtotdo%qH2r6NEW?D1m>{Szygt*==-K~iI`ZJh3X%cl;|6?^_+D|
z^eRyot_Zu9bX-r??oocyKHwKkSqH6kg=A^!)AqpW^EC%kd{5k%9Z;!vd~QX>!0Bof
zrJl52BzU~L5cfa8Rr>;^@W9JtdBlQ)oAR2M4l$p0y6=RDzQXPYUdd7w;nU3fjm`U*
z{&+6R@Fco0X!?a5i6oc)RQ*RgN=kB2IC=ANY2lmk`B6)~<26x+fG1Q+CEOVnRnY5c
zj&~D{?AmYbBI&kzV^783iyCf5`mQ?cS2DdP3knX(IbW@`A2bV~_`bcdI(}a7x=qvy
zhd>dYP$SfWb;y+GYxi>y1NXz?W$Q;MnWVLcd>OZs8{9})dd0<FEc$s@@zE6?(&FF(
zNAV1<4~se#me>4?EsofunQd5odTbtx^mt^B+{4~B`n-gpWs6vyq+~|#MNaR>9H?x~
z{KU?;)>l&;>phRrgoC^}I^DQk_JjGCxI1(yp1G@>*%y&BJJP>@vA^A79q%nvmYaP{
zL`jj3?~7D=B;oU<8aZ4Et<|aPJf275^}fLH@7(+Jx#2v={*&=nibWAyo*JRG&syD2
z#<b0?z6i84CEaUr77ow;h6L~Yyu{!;vc1GEj^<FxC|KGXHF2BW(o{jcNbtuzC`Pwy
z{!DcU4rhyMyr_}FNJEOV^LS>o8X}n)d~3SB+AKdm5*skNT)b<(#X}S!1tOqzcKhd2
zb~I@6OYv-moNUiL_ihX>X)rNk9Tlz`PFgR#I>b{`;~4LX)%MFX&VmI7tva`Z`t;Y)
z$uV)UsI!{Djcg@eJ1sDPoHtMKi`RdVP?BMg36QQ<`Hmp-pVQ@EpT241S)q|c5zoUt
zkEoO}6s~+@Mby{t>u}`9Q;1z?d>x%RAJe|@Wvo?&anbi&$fQX)-+H5e?NE3&UTX2U
z$pV5P)fuhs`%F<F%Uo2&hjY?O2J>vU;E>rGD<}e)t;B-~4#CE4M>L50tM>8lb>w}0
zixrNgp<)PFIXNcdI8B{ndFJj1JiGMMuDb%TZ=;*K_KzGZ<!e_J^C6;%bOTw_uyUTq
z#@+C7avF8$G`{{oxL-<wC5@G~dR2R!F$#rv@Z*(4c{ksCPoqTyY&!H_J<)@=jZ9Ta
z&JV7uP8V<X*lYuno-FJi$MHd{DmK^(*yu5%G|-c2%n$9&A(N@ws@cA#-Y%LYQW&)p
zzG(am`hLKuyPZh0<q@ZooIW4Fp;TtW_Xk$4_4mOELK+>5#iZ;$ze=|g>GMakc!pPv
zPWxdZJnCzgO{3vttlRWK#ZNOzY}OtL8S7N=Z35b}^Iea<-eP3uL+Usj6|B<?+F?nV
z;A}+iQmH9>Wiw*J0vD*Rzjrb<>+uaOy9k%;Ga0{GG>=BDQ$rYipAp<*!tR9_t^Gg9
z`pclWzNZTm4i;R3yKAuE4uiWB+}+(Bf&_OD4#C~sJ-B;t8Qh(B$nW{z_g396)Nrb%
z>dZd9yVqL1dLK56Ul?XpkGYOvOW;)V`Lnj5-q=c}mM#tyE68&-Q_%bWP$s1xAlNeZ
z4IUo?s{Vs#QlMuj0wzD0KG&8eq(p+aDQQH(|IPw%9qNBypyo~#z?FKl6X9K7{azfI
zGqh-b|9uzhzJ{%8^Hu&thfP*Hce~3EZIt8eCs7RninLD_X(gw(HRC9HnD!&N-EUcc
z=YvrTR`Ug1WWCOqLNg1OWNp!E9d{z(@!Em!u0grqe|%l?ILynFd+Y9h@ZLo%o39K8
z9>{O`#8%@|L{I))27Yr&WmZYx=%6ouuvlu3TG*LL*TTNv_)$!P!||=rgzv>}@yoz6
zMg)6M&)7C0lBcXj_@2=db#&Tn8^oJ>jfUdFjda#mg3E_LVj!d1#T{%qhgJ9v)+;O9
z_cE4mk}+ImjrtM?VwTUmYbkja&tMNI<x%y#-VyD^{h)bUh_HrU1T<5d?oGdXOszG(
zIxIQ13{v7z4kurphX-9iZaJo5#$oTAAi+1&+?fW06sDyn+wcv6^e8Z;8-m_!^eJRe
z@_%BQZ2zBd!0=IU2Q+q4Z&g8*ctehl@fY}i!x7>wECFEgR{&zQ+)agnc_=XX^R0(R
z>8bXR&%<^)sFe&RmwT5wzb-CB%;)mpJoJtn(SzSz1YVN)97QFx!IYSIsL)3fAg<h?
z)|)-QUoP>^U#eIwB8zj-he*!BD}X%CLR}q#uTm47Tkk3-gWbGj$LzKNA>VcMP0_(N
zBZg|meFQfAzU%6c47E0Un-bNU{nS+>LyYa82ojoRj<&C%4K`bBcUU+NIcAV-3Hrf;
zFO4-cYo*J1?xkE?CDGD)(P59BtT-6}|9FRss6DpR?{d@(gx#@4VYAJS7^+@>^*3G%
z&OGk9{^M&bU!^@>fJ<DG#j59^rQ%2(mE!j5u<+b^%wWu@OZcWsI81R<=ddC|x8?&`
zmAx^9mXri|jKCDnvQCR#&E;=oOe2R3GI%JHHj>%2S1)8F<NRI~x)60ttR)7|+wOv)
z)nq&L0}JE<8`QYkSre6SMpvt3fOmiWR2jWze>zW9li42I2KbUlV?iH8N7C#DWGCeJ
zp<ia)lo<Uq!Yr<v*uaSRSeC2H*Zc$To=AGa>=y}-oNi~}C<VOOLMT*@Xi}|xm%F$%
zhr=nD%u`1|Gd-iXk0+X(>z>2A(=Hs9Fbgey=ilI!XvJ3vP2l3^|KvA%5Cpv>{Ga8F
zcph%}0i+o@ixJn4VQUb>jRh(w^>uZP2!*pQrde$PXaE5PXfW{b3FDbOYV5u*?#umQ
zX!CCbe4h0mgZ`3kLOQ23ynuyPZ$Xa&wA-p0>!@eZk@*+Cyo}MeVOI>i7Y46~V<Y3X
z3zX$_zt3X`h<VQnZ{>@Y#V32Ac5$bqLdIi*_i>FZwTY+PUTVDAoBSMU7pBA`kCAoz
zN#p8`I(KZ;BGzuJ!1i)eC>}|k)ZZxt&3PxlyLmEZBViLgb_}ag@P0z$+RO+liRh+L
zHIc^WKNv}vaRYd2a-&jO2PyTL_1-a3Z3-G=PZ;FSds(N?vavo054q-8m=B`tjaEht
z?EbmslfzuKc8ZIbgf|-Or9L{6Jo)7VCX3lV7?Vv#)9xd_WiO&8UK5tM_plmAd5`2a
zMU`CCcVvu_79@Nr-fQ%&$cY^<xWyk$RRDXT9ke9Tw+XWA=0~v_0bWvVOweqy7H?i=
z!MI8jS-2<3@b~&QFN3N-Gb&tIgP6&+@2YljP~z0C5nb(Gu38IuwiJ?jQC_mKqIamv
z*6Uq;<j)5B)K)C^<tNh_#m|c7cSrMR%l-TWCPK|*7POEOwa-K<=irxf>F~YhG5dw(
z6h1Ik7sm6Nw+T947ec(0f3JC#Pe#a$DF;L18>6105=wNp11OY@g*M0=X^v)u?)X$r
z#1z%}9IBi3_=y-Qo<<E>;|O!awV;s+6Gz@p7H-U*njLnG;W6nH*4#WrdZh~i>6kD!
zEJ6?G?WDMGc=B(XJ`1%d&vzD2PaY2c6R!$%!72f$Z&pb}aEIZa)QFEpWgLE?OK5<u
z&dfYhsS;}#(<2}oK*joOm2XQLZ*KO?H?lJDdDAYKFqp$LRz*-77J7@QT|A3d(_4hL
zop*^gunatP987~unggzXK<;p{{nS%e6ya4>wC5-WZ?9+Uh9L1h9p7T_NrlPF>uSR*
zebEF?HBc)uFD!!ZPN$>D+zK>ex2%O^ATfp;yU9~ZL`FvTkhv5%ipaC0Wxt!@75?28
zc5{|TpTSQzv$|F6_KWLP`b%MHFYrpzxJiLER&8siqpaG=e&G5%H{9ltk>V>yPtvSc
ztl%<&ytiDQ%yRkz=BqRN&RVngI@VtJ0SX}_6;TtxonDkTRZMOT&b~EYP!D~n6@Jrs
z*m!Xsw%aZnM%4n+Rjae&K|~8UjoW4T1u7vhg~zic;oBf%%!|I67Lq)8-k?pYthy{k
zdrXlt;U#x+lx0jOh`g@Ou16cFglcZzCHmTYvpsTkXxq_asc|@lf!RU}dM8H#?k(u)
zt_77@iLQC$K0XM~{u<aicf%NPGDRuw%I~b>LwXj`?Rx3v=6mnY#hA?z!k*WI9K5p(
zd#_ldzsp9ajs11}5}g3OKx#A>{;kF-_nY4z076=;L^;T+kN)yfm8Wk?f{DQ|czzCF
zmOQ$(A5kpMgR7-KbR=!AQ4?wS9wQ&4*i(Y<O(e>vq}cqv9<2umwY&>|eR_ij1;mF`
zv&iug4^21+xBp+I_8VYZ_CwtU9mr51DJr}!4=J&ShtORJ0YA?T+-&7eKH;QaSOhW=
zg4}PIO&GyH0ri-jbej%G1}Ysi>?hZNA~6$;RVI*mt5SB$$F>REU4jR~b(}CpweS5q
z-BIj$UC9QbFO?eYMhUu_|IKY$70SL!_YQKLofh*qW<eTpDs?z{H|0T`X)_l8fN!>T
zn^rJLVKOdsj_5%t?=Fe4p}4r<1q@`E2J3&`rU^ve5MBc{8KOD22z*YvW7BL?dGdY~
z=o~&nQ`?!rXQu?j-BNnk@3kU>X4gn~H~xrYH^CG7MS2(Lw(nrRMK`822?z=04`$Y(
zw7*v6x+6U{7lI}S?A!=hpn*jQNmxnQf8~o6d%%jkvqTnfOozAx^i-5!W0T>)lmsOG
zomF6BEyWwL2-g=1;tB3NzE-s<(D3YjA=IKOpHR%ADm6AH?>ohNd${1DZvD(N;hAq@
zqP6wpV{ooc7{d<=14VAyUw2pH6nG}7g)3VbJcQL~z0Dk8J>kb7Ao7`Vf5~wP&BjvX
zGk@tpe2QPYhrgpMQu7<-S7Nq_AU?D9ss4uICFlK|XzT|2gy!{}XY&)iTY-V+C|8Cj
zyo%3qsP{>g3!hVB?1EdaN`7qf`_O@K$dJYX8xSOcllx@(=<@s@A8`5T8mwRUO)LKY
zkLV$m0)ds}re078WDZUYh4?|2Wa=AtH9puKvDb7?&S9uOsmVL=)S?8O$(HGl>&6s6
zHA562LA*gX1?L;x<gR(|dZ08W;gS+N8pK{q<cjrLCizsOWT9b#9(*ql8($l^t@G2<
zKlg+$I$nbvzkN6O=?*GL?3gz8w>57#6G1*WdQFBtYpKQ;XgSX?Hm9{oL-V@P?Z!Nm
z2g0OLo*uF%0`ae4GuLH9e-AaG&l4j+cEiCYipb~KB97zbJ+=DC7Vsm#-qGCYue71)
zQN{vO)vdHhS(jlad;wre{Y@#wq~&tg?sPt8ir&KC*Wd4-$Wo_TkaVAa1sXl3yJOsv
zR%n}8?hGd74_p3T(JaKj1G%@X?H`_`MNJGL$Ro-J{<^I~FDxgO9ji=Gq6<&AM8mTa
zUPqU*5B&a-GS%7nW9g*k+<~)sZs6eWu)^e@QWW0TU;qoA!q|wQd((V=aU-RA?JN0H
zV<|ad**O#lH2OkcJl)EI*1dC_v+6%j4fX%4gJutfdj8Q&`L73ZoFwpt_%^j3g_a6Q
z0ca(%$)4IE^O#!e5V3Y4?{{>J3xJ7DhXISPKBm4xbMv1wnetQT@M~Ua$)nA3Clbd=
zS$V+3C{|yE1B*ZBPaOiyf$(~vM1RNImUb40eY1ddlNVrhVxYq>AtWAO@x=G5FTu%I
zBLS3dg+mnO^+7>c^E%)VScz12qT-D~kei9SueoDt6rvLIaXO*M&7*Rht*5+B*K3oA
zZi4c`vX;EQdIs*c0x5h?9N5fJu>;jN0G!V|I>UhV*6Yzh!@FiHk@7QZztiN7eYrZ`
zd0rN?`fvl&%jDVja{LIU!{PCtpI8~qeynfAC4*+HnAMX)-ZN>btuY=YxNn_8@~w78
z)tlZ8=NN83!G7sE)GUHqfOR5zeRLXOsGqonVi<3ObyMCgiWMes*W(SMGd)H=h~Sso
z^kx1p6&|;JY>6%i_t*dHs?E`Y6u;XEL~$`NHc-A)A~S%3q9*=m0ba2`gncS`?hjUH
zqj~#eF?wu+JzL=t89+`4aI{%LJ8-K~;N74V6Azb-8HZP_*dY!Qr6>QYSxIlJy#f9h
znAogJ?9=Q(=(<<BEvm5lHCCHq%-~MINdGJR>;()@cQ-(yAc${TUOVF3H?aZBhS)`^
zYqFEKRY&~3)j=ZS)0+!1_(kmVrZ6&qr{637N#@>8bo*azicF@1?CEchB@Sf*y|xR<
zXb<@|GoK}3p8UC^**RUGD-0)OnD@IQHR|F7q`60)W6*hm^++qAPN`3R!r(}8x8%u8
zw?BBlqn_Z?Zd=U3=gF{O1)d`cB>qWYda@sx%;9h|(ECky)*0blpbZLt5QpV-eZ(zI
znV{l|Y5sCUIDazw_fN-S-1pB%HK$7^^_3Q6>~UCfwt7L_HlInqLJQ|^j^_FAx&6BB
zq-e~jUm-wiV?%4w_ymH-3_1S3AI!Dtaew}QH3@XQO+3Rm=1}SVNB7_jllT+VfBo1z
z-Ly!snXa-%L+g8XrirxbPa~|tw)ma)Q1fHEQPVNiH1J{vAbZ{A&36aASwTOe`xn^o
z(`N93YP%}Mo&_W|BJmJh(=?}@#0!Q@IMJYkpA--Io#2wIpDczvw$}ME8jwMDrH;Ue
zOoDd84&}%hIw!&b9)Im{bqe>nD+t3%fK>7)$)A!>>}3HUgen$2J%w=XhToI3{~e8Y
z|7W*bF}e2pz;ji<5%lDWzlWbQDu}&n?MDj^87K$4*u`aoa{HC;3UXSstdqFtE%mFz
zpe#&CD}vBZ6weU>Q&lK?4flgYn@E4!8=#d+jZ=T&&?r#hl*Z}{)q`iY_?t{kg|m`P
zg@6etU$88;E5QwaFbw|xhha2)Xgd`weGZBM5c?-bq%H>;xtl@1&x<$-TH<Pq`cRXI
zXR$m;xrTT9doVQg-%STHrlYPxLjwJ;yxb?et*mrK#SyfC_$taLy((4gHpdkAcAI&z
zr3Mea@cjwWg%SAN0KIDWL3D3+#-CX_t0Z<4sRpv6P!d-T@<+?4JE|=aM)hS2*gPB+
zvz%w5z0F<f=;8Qo(dFAr)4_?bvHtnAMfti_UH$VqY4C|b&y|_Q`zp+y)QSRq)n2zk
zzdCPW`Mli3k2c{3myl)7H!=O_mnj!AOh&>e%GN-w2Iqm4Aux{m*A60G@1NQ}<O0Mr
z;N&o6v2VK7xI3P#p~roD?UO`e5sf+*yC%lXR04Xzls@*Z_e$7fSk(g$beT)guat~2
zig+zt##feq2sUMR_<cU+k|*mXtro>U$U7&n-Sq#|a@&tBALX%4O_KxC;QR3cK#Dzi
zH-<#I3hUev0OSgF+5Z(hRWWp4tgnZw$KTmoc?)zn40PO!YmbuMQ@!BrM8uIH>#B(1
z0f6hSH$#dqeszCkJBE@HB5Hw85z6l5Q>>E`RZktZ2bNMTRBD9pWO3{j0VceIrz^dP
zA_>?KmS;1*9<z2p(6p$6Mm8R<21Pkli^Dml8GTWYuV8l02>5J`aBMwwPzO5@sPcv~
zyS}Zsok!G=g_3A_CKNjq&B2kA1U)|?xzMKc(Y#Y_x6m{1^`G;#=4<3X4aZUNWvz8Y
zoo1*Sj%6u_i?<a{S_f0ouNs~N!BT%GE^=R^eY|Z`832CTYsX1V%@=J$GFPc$p9y~N
zK1vAv+h{=xF4W(L9!w4!i_VvpqdUfKzFf`DteM(-J;zkO(TtPb^{$XLH3iNirz14>
z)g;m7YoXgc@77-hD8^1{=rj^DChg0XK-3mCfn@nY_zqf7K5nBqfC9FFVwbNA%>D8I
z^0CT?9RNcfDO4;V6_gPS!|gM`(PKflW#)>1D((|aXBpGPFQPN?m|Vq{ZNu3IaB`16
zM0l$F=bSJYw3u)@Y;4>fiQ(Md-uz9aeCxj|&u;i%HpYxiz7X^m?7|fcJCy5PaI_+4
zk#`DHc{)2pwOMCYavpc$YxFx5X@eef_T(~O@nQi1Xg~#41090HzozC3=!}mEaQ&oB
zLaGVEA37vQ`B00X4}^V5F~1`^-yVD^b^Osc)BG{}-a>8a#QUfhes5vVG&1bl@sL<d
zyY3=br!grh4Mj<SLarT+I!Es#(^++TH2fc*)A>N*(scth#~q->=;(ri`JcO{SPg_g
zrBhIsT=qQX_#w(S_DFb<$^)0~-cK^2Q<X)rLb`5rS|!jRk2>xtm8?|+Oa1*Nutd@g
z^Jy^)@?l`4)U2uD;ARpxyyA!;A&<b}+m0S5TR282Gfrx0+hVOJF34NlOwSVCR9VvO
zCejpzTMcgd8QbsIH?l%JjGnyC`LKR?HS`oLZ@Swu-PIMkmw9=ecX)1zH2rqD9GKKv
zyX5}!ZUCQUSJ|4m+GWUO$$AbM)2~pV?qF`K-5Vyoh?a=vm%*j?MJA&OT_?L3mq=1g
z-0dxJW<Kk#RhCw<49wL=HzLxvMLU(_R0n~OA8yeI0t%t4-1%BPf>8ZwKxKCX^EAO&
zysQYg{jAsMvBR%ji!02-d)A@GNN29pMX74L1dP(Vd$z4F(Hilp((cz4JS}yen2fu&
zY-i_aBwCKK9B_KvmDXqj3e2KO^JmBBtak$|viiL?tL~C{3`TGfj{cs*AywyG8nM+_
z<`=Cm*Iagk@oKVf6#k_WUd`VWzqH*OWPE|@<Ka7^Uv#Q@T(lcLE=HDn@fko%IyCFK
zy1krFxmK(&ek1m<elUKqNAUI{wGP0|=J1O%+;iAECu=4s(xf$+Q2ykFL?9M-^5zG%
z0gb9V<wrz6mOOMtMwNu_qrw^`Y+$|YM{OXN?S-h>$%~rp$BC-JCuYfC(wVZV_DA>>
zbA3x8MkX-2ymsMyC8AaI>cKR@iUaIR?5?~Zj0h&^1F2PeVUrL51_q3T7_v9aA4Xz}
zRdZ(HClxWcQvW+F%qJ3*M9@XS8c4C$KZn!hguY9cDLk?<CD~PgP|BnZkD_Q_s2x+f
zyA3z|J3>li;91ALb|n4^ME0Ne9;XNn%E>`mg6zwUGAua+(BUr9zUy1j9EO9v*;98T
zaHBp#U`J_L5KJCZ*Y4L*P1RRT0vC3F=<Pf-i2ei*r8f@#<j@sPLJct6`?b>bC5CSr
zWX;+34m*z7Uc}h!R(rZcceMxFrSdx9s+PY)s8#9)_Z>-sF`G;TD(#i!_C@eb=R0{B
zUt$w_)NxLQK0ThMpKhco)^&+>nH_ta&%@JlH&_PFXWV)198{`Dn9h%Ro+m{#TbbV(
z3tJ29W5(WiTma9l6l;EVVIUpsxyt9cz9)*bWji(TI04!M92lLu=du?(fkb>jyc?Ux
z;(OhW>Kvo7-|BT5HciqA5CS&pp~n<E>!UtQtym%B4;#;Gt1Ml;{$@b0b00>AO#a9c
zG)kkR@b8>%Z$zmTm%TbFA(7My#ps%@CqZC7URztx%n$sy_8qnZDcJ8l<krg#L`{Y}
zYe$;96ZfD@4vYxU(aLct!{l^3`W>IlChuFmalr$(k*jSdI-&0DRSxFM?<y6>Z0ds|
zQ1Jx2+L;|g!?M5qkXC10_<NsS%mi?Gl{976jdF9e_7!%F%<d@l#Z(W$*X_63uJ`c(
zXsXeSSA{C_@^M#+f*3shg#spEm=qKk#!*c-s{e&d5P<Uw3K-2VG3gcDOGpvWJh=cE
z7%^lZD(E70a!y>6-9Y!g22>F~4zp><G|IXAm}NA`>ACH*AfbwllP9y`H7TlnVxwMu
zc`zfAfUVE`xfHXe$w>c}3GcFkG1q^t*-G!_<#9*~!%U8F=<Ua|!|CSga26TS=!}O1
z)HQ`|$(Hld7vaDJErCF}A}S_o<@ku}6vnKf?4juG-83ir=^q-kdqO456bgrNffs_?
zN457XXLt1K)|WyO&Vw@FaBeo7CkN;aZSD;+nUqbjhkY{ia>9)aZR3CLS+rn+mMTOp
zqq)5Mlwa<YKPhKDxMUqR;=Y2`<J5I)p+bxQbb&fAJ<I2%<p;$X`!*fFQMSZ8-{T|8
z{vg}S`Q#3#=Qg?Z&Aop3Xdr5#bdJOp=`cFMgWJw?`FX>bMIY?(b1p<Eim=V_t%9IR
zPFEB!7h#Sy!&<Y0FpjjZSiYi$CEKOVJw5HkO7JSv&1R^Y;@s4xh^jfw&M8pM{_m9U
zFHV=}w?+xxuisG%#}Y-HmHeprG1j>K5Wdr@_0>c$NtF*KA_~~71rN@{Kkvp%>w%LJ
zKhDHjk;J~i{`60L8&dbAh79sYK>-&c)&^Zcw<Q~bXG*C8lcVY=zMS4=6wzRXX^JMF
z*%*5Vhko1rj;slti^MO&U@e6qMSk58;W}*?WBLr%ea!!|ED{mMW{%as&?BUd%OMF_
z!1|eP06yRwD0r0Ik+hXSfA1tT=^+Er9t>~vo$=U4GStgN8LiddXyO?&J&2-G;XxV6
zw74)|2tYy%K11+^VmPvOK98s1%2v%d2h9wTmT;7JizFH<a)nsSz3G#hzO4)G5z8K;
zLhbvW;Tlz*eoq*smpvkixor}$_U<YP|KBhBoAnWo!OfX!Z@~@M8B;?o!9nC%Zar{5
zRjyOcmdPTOi4@DOM8Wx^5mU2YmKc_DthDh~vWtq!V^JnfU#`^Dd2aGCaZCJ6vGv>u
zTU+way&`l{s`}E)a2k$kXE5mrLzwo(uWl3S+tTK2n_(nMWK~Adz>j`><WsI_QsUr)
zX2~*Tv2O2M1WUEzNWO#0Qsm=2ruW5h_fCU>L=1F;7EwTWHCW1-7;k_AR_qDTt((gc
z_lToDfDK3R{SpXBn?u7jETRi~ONuG>MSG=e>b`jU^miVB)i+|UDPihhy9NO?A}F@u
zF7z8L$_}(Gv`q39z&m+)L{`sWHtVS6H!@$veX8Pb&z6mE4gUAM|MH`JtjZLD*}I^2
zz|ave!L^(G2s?xztiOl#3ejA=Be7Q#b<%dZl_*)0z<gyt=j!y^LOJ|;G9#)V@gF4>
zuoA|G6?$TqbMSSuTvB2-ihZ?W8;11e{m{z=IAWvfS&A8?Ru~D3Ayp|%@GThtWWfbK
z-<Q~4r?rB48nTP=n=j@p`sMez+qYT<i|KZ8M;o{fUO?m&P!#l<6cl6%5xc+ywfY<D
zT##AoJjJ(vNs2^jL%Drs&avGy-j&r&POYiSAz;cnHf!p|6p6z99Jw1+bVSDKM+H_w
z2rr?jX;a<3)Xd~8Fxh;b=~PJ$Rx$!Vht%XhS4n@P=WD;YN`VLpdr<KU@RA1I9Qu{(
ziw~H?BOVn>EU)kLE4&dr?(EXmROkGvz!t+9-6~SI<~5h&;}&M@ajgH%P<tCSQ#~PK
zHQ-ndQ-Xwy_)(qMLIPk2PyQuV2#749Nd`&!Q9HM|F1%700fosr?NN3Q+Q=`B?v3}l
z3_*Zqw4cxSc5@|4NM3R}_pT-@i@>Qa7oYPEZOD)EYtMj63pqm@5Q`Oy`HrAf^acxA
z@E1tjzQt@gtCZt<tdTz0&Vtw4w4qD~nuoNwQP799<CP^6#E8wxpKymPC=!+cT-5+9
z7sVh8ZZ4^)I{y9Ef}fyUqUnW##ERt&evr=ree;jiROk9o!d9h#D4^9U=)J`M6P7C}
z@hesIRV*kkSO|mGrhY4Zp)iZD9zt0_3n3+WEoo{wWZ>(fSoVa?Osgi19?TjGxLM3u
ze}Oy}pe%njTASezlmg4D5C!id4Sk)91W~|_<bud`U<w$)w`hnju^*}eit|aqm89Oe
zMFCPYOe2i{Wug1{kNYb)WhB0QLm`XQi-aJYsCfByM;nd#L!thY0(G|D&H7sEJwa&2
zcHJeW#O<+Q(^g#@4Rb*j27Ez5sIc}D#kjaqFreUL%PWcNKG8!40X#oakSBr0Q3?u-
z9Puwm@_{7Z1=1-Wmapz+=6#<^lb~u%;j-R{42}4IL9dtXY}3bX5FoX0Tni+kr^kS@
zV)_ng1?s<80ZaP0!53)>YT_da0Q0YxFp<2_1iBHAU36BhyQyjZGhwPsB=f9t#NCmj
z`(I;*5S{Oc)iXt65KE_1=p)ExdoxpXdeEyi%GFVisWL;E^@~GbK3UsSeoNvb;YG)v
zxCk$3kr!>d8$97JhHRJI-b)gTXk(#^)xK!nNotoQ`uS$_3|-Dn*)B^TaLzC&LN_#7
zE9OYyG`kW(sh0oPX<GMRM$p+a{77uPL__ZzK@l&9tqayauBY^-#PD)U^b}1L+faXP
zzI?XAbA3GEf;d8AIAM4%yE}I~-rPW&iZw5yKRnyapZC8S@b*l6D2$+NsdQP*B~hJ_
zh2E-F&n;6Iu~D1#v|ssEZQ>D_s;3G!9S)_m{f$EOV=Kvl!o@3E`z!j#auv{kK;{g3
z6*>c?P&A+!Rzh)LOvveEmB-Qftr0Q3>phnZs-t#G)hO>a)(metj@$VhP1{coa>2Hc
zpw$-syC(89Yq4AzVLjc|Gef^`8`8=i?IF5lt$ATx4kA6S@an#UIkOpL`aC=}a+9IO
zc)+6IU3bkXjJ7ImMJ6u{ub35b{h5C{hPUN?m-9>wRC>c|3B9KOf{nt3f%)<GfQSX>
z3y6vz<-hAwwWg98U~GndccV4Dz{5BmgtI}^BL%W)ZT)qD&rDu08lCop;9ISx{H1kN
z9H?n?G_u=Lz0=sdU<1K^60%d}mqTLP8eXrfT*k|~mKFN4m=?$?85Q1wxH#F)UxzUP
zL6ysPoa<2@*ot&z{+-ieeekLOI&snIb9{5PbYda-KLkF*1X?a7&SpWV0yJk#xi7V>
zQly+nnL&ltTIopIh1$ENpV_&wYq*>RWG*vK`Vk*tQaPh2#dsYYr;9Lu>mBqZb8zsz
zll$1rl8dFWdVJlXNs>)7#a@id-g=tngRP!?!@c8YF`sctmU8@R;*e))e3oNY3)pP@
z;!G6({#X3UGy7UQm5R~d2_<t&1lq*WOLkndS8@9bCx5#9J;%Du?p5;%HMW<V|6RU8
zSQh-QKG?~ln?<cld{%B4@#{_wKM|tQf!SZufKhgH)`3zqbR$$V;$<_sfR1;W(Py{7
zt7er3zmRBo!Liq|j0mzHpAW+7s&8@N5A5)$Gbu~wjF1RTpA7eMy^0viPY0FoWvyv`
z`WNWOa)9WGP!MS6kuamoAb|b}0(|`do=E^HCLv-On4nC5l|;w_fpa?I<pW=2U_{jv
zqxD<Vc-MR8H(6}h@mSl9IEVOV!^&BLl@9XiDNSfC&Lc&X5b4dH_6u=N=q^F|I<^EY
zZKbSTmfVW^Q&vW24nHvFAuS%R<cg5j!kE9UF9M^&cm^F^=Z}KARKuV8&|GpeC4i77
z5FEcWyPlvL?--SAC_Ohm3uB-br!NNh%$Yg+C5<Yt=2l{1>sv44uf%ME6aM*KPq&p}
zw2ri-hYfvjB%HY0#vq)bSJD+iDgVhP%fI0nFHsIp%OJNQPh<iR9u|B$4{QJDCHiVT
z=cT>0S9_l7Q8|?NTcihJ`l4=uPYYc$6!P8o4E^&vByFr18l3I1E%tPM^L0q~c1mlX
z&EL+Ljeouk<4E)vNR|J?c$sJ)H6H?B1)#}+$FP!wiY@WUlelcrd9_v_>X%N)R7wrE
z$2Q~NLs+s;_q!u^*XPw76jr3^a~D{wY4_c%@mDdPVdYlQz1k%dvIXvrIdUl5Kqp08
zsz^M{coRi7iWMerxbky(x5WW8e9ZKd8^fcJ^V?CjCc%^vn8;OAutIocZSQaLdI$&p
z93>~_6!EL$39Jn^S>9`MNW9ZwqAKqjQ!+bYF@E3tS`ni8$%;+S@D|4dR`aAJM=MA-
zjDKTCIF8xCe<kL!km521w@xrqdT%c8e;QKN#5{CN3A((O4={w9v-IAu34MdMdeoib
zl2<Gb)BVG4&^8Pw^JSVd3TLJOR5O46fcyxmU{FxyGNaBQ{R^t&4@l&~DMbT9!!SV^
z{>GzvsOgB=Q<DclR%l-x#)Y{K4;qerC@NQ1r@U)YQ6KKvBhbWB8yP-X7OMi14bZmI
z0eE^HN1mw*6Hvq8BfMKqoS{*URgw=213+XD_NecrCFY`J@V6P}k>bl@L%!wUtqQ$p
z1?zgi>IxqH1F`cPr&Kf^wX9R4O9w&=xRIE!Iz|iGjwD2AnE2O1_=OwBoS^^Vq;85K
zLqeJ&%bBf7a{=WmZ89mZp<M6n=Z*eR5JXsr5At_D(p%C*2=rO~JUVH!!+!AuSEXow
zQ65#iou0eLGR5eN{4-i9!DoXW-Z!XY3^>Q2>m_O1CIYw;q)z#ViGF@iJ-E<SJ;0R=
z(gXaW6M<e1yu-IBqR*!ngd4-nSmIz#2g<f@sA_JmsjhT^36RuIa_P>oY*9}GcEPy}
znRfLdbk^qEdrNKz`{Ac+vjmg7!4Z3&%M2r;q$9kJWNJ{!B`O=;UlM!K*yWm(JTc9I
zDnYbXpPP~15Qoypq{20^!X#RxyY1a!V>2Nc-9Qz$#H1tvjlNbnirw?F5^FN(huf5K
z$Ys@@FQ)9Bj<|lwO2CSo>8cd6dvCwbFu>-onZ{wup4`q|DIFSGEZzBJu+szQ=s*Ic
z{Cln7GxaSai-z<mAH>jOeqyhMtuiohFK4p}Wf--KWyGYBv{F;e96A1|iJ9;wSEkeX
z#`tq*uIu`5w@G7Vn-mxcI9v}j5NQg60l@>IA0)D0{?$A1j|2{uhfV_7`xC$kEAdtJ
z&E`Y{S^{PzxR{<CWuC5zyxDe5Nc&N4DvPU}H(&jBmlpOltjb`u8oseePi28c9mU`a
zh2@;Sx!9d@R)Y*l6?N5xouBTieoa4`I!xYt5Q0Ze+XVrv1df4LE8N||XC=C(r~wR2
zQ)Yl#1-Ld>-6tx>9*3Jx15R9PuDVntUyiC6Ul$lr;Up5{z^h;{JjGp~j6p5Hq|+k-
zuV|7Mi^)a6K>RNa*l6VgeTKCVr6qX82%eXMq${!Mh(%^~x@{K}d9V4~5PeJuh75xJ
z!PkII-`utKo|ILiqS|W+`B?|(`jLf8AW1l%_|X~z11-{^?t0FvGr7(XblWyT=wh-V
zwGzf$Din?E4Z71^eFTmpSC(s-zsR@$iXQ1d$cKOT7aSFyG#~&9Wj1v&$EPiZV_K5m
zls;+X*F(Q=_zt7l(+s0JZnQRQ?sDfc!I0^~vH^EzV!0`yV%8puhy6aOwQ-oS%{`o~
zz#K~~!roWm_uFSF!re*4p$2SqLR(3+3|jP|1h6aQwRG*hs5AIPn$rD<y6(pvPv$Y-
znBSidlDz3$MHRK!_-zo;W1Dr5yIJixWtEP5T~-mshH>oapVGJa5~$$wFlE8G*_DB$
ztPbOPA^TJ-7zICB|BS*4<5|uE8NpjDz{L*uxiBkpYE6~eb`tL{`g$PAvw}3>>ZV-R
zGbh1>Lsh4uP7o96`eUX)6SMr<oUY8BSQFr{`>FFe{mU&$n5A%=0}_S$!E9wlrM28-
z0!L-cpIP|iK;I`6Zk`do%T)&$2Ooi;{TbNNt)qN(Vw&z<SrG7w1yN?DVT52-kq>Dm
z_A5w@k-~^n`iTOA2fjr`%(Ma`5BNk4VGGQbYByJIC%g#KY^ZVQ()hYX)q?jo3Ds5G
zQQ7Tb$vbpYi{<dIAzYW0iw_8UWgI9xKCt!5ri!|{!Zp2fT|BH1*;F<^`lEzAwn!Ik
z9UfN!(q~umvIVZ#MEQs<XrIBpk160om1V9i*ipDSp7(mh`E6dCDx+$6c70m^^F<1i
zLJJ(8T(?VqdXO`%y|3OcJpC-lWE;y~CQJDB5=PizSI4wqu?-=`h?3*+!I?p)=5JrX
z%8k3Q`OwUY%p0#WFlgtwp}L)U-puF65mak+9sN_<0*CHz?{><bHQArI0-p}2LneA$
z+a}uF5u+_4^u0pctC|Pc@0JW#YJ#v63pv^PUGR~{<EsuS!*!3JB5QD3-iW3nwBHZN
z<&ZeLG@-69a8$C*@)-}%!A7DK`2VR0U&KE+B9ezaSXhN4IF)=j)C~32B5;Fmr)0G8
zmH33Mb&5P_JeALM=!I9Fe~$5@m?9wnDT*(~U4Xs~sZX<kKo)O_E{&2nh97QSEGw~?
z#CDDD@9BN9br!-Dm$W<|?CDo_Xk>)wjv<4R{shhqkL^IY6rzx_dM_#~QwpbVU?cT^
z$;`Ri21rItiu!2i(=uk98Fha$kH4X4W)0gvWt-{KYy{3Mv!=UMPH9N>=>?j;(Ed8X
zvUV;msF3utMArIxd6o~ra^2@B>b*T9Hvu0q!O>*@an>g3yXS6uqIK7&nc=!d{VQ|o
zfEw;qPj41S);L%+ZM)Phz;(#9bz8C+(GzoLVcM8B;N0*)Kuy176Fz+hnuaJQ4n_h}
zFc1VVNJK!3go2A;5&jQtV1SZiA{<H~3<-)DWUoA6TW_u%36<`HJu~OXQFMunB?cSI
zvZnivd9j<;s-fy4Zy{z|%O*e!qLK4Lap`gIcTAc?9JeKAaQMyqo_DAMx4XMbw#yyQ
zMLOSC;1(|N#yGrZP=%tjW4P`0cmn?ewW_RvMIA^mXY%9n&wXjJFjD}g1i8A;1tn{r
z?nUyhGv^nzU*!>UrB;xmE0g9|{47EZzZ`X2qMLu!t8T4NNtrkovg8Zk$*!B!(D5%d
z5&BoC%3F?fp^wnLK#`|JNFBIj_^i@oE;8VM8z+u_<?hGYb~5qsBlNJwk>4xXP?uTf
z7UHq{72oG@hWZEDsm*q#!}8Ju7l5g+Y@T2b?iO_C!ed~w6zW*>v!HSkgv|JJ_LM$0
zEQ;XAhTYPqLXTbI)qIw4aEuZQMD(e7hN3#n!4VQtyjS&|_BP7mB&sAaI<lDD9Z3jw
zb-6j)Z-N+1=*>>Hf!42h)Nc1zDPnN;`=eaj{7WtsZwf~QZ*jWA%ka{e%zP9*PnJcF
zB4#r~6@IKBiB*tGe45uGpO2cyJnvv5bDNQvD`!#}!81!8M_nWgxn>e6<gSf~x>v#^
zZncvOEyt&(A-<>ef{HWCZ(v<M9etk;u8-z>e;6al+t*4CrnFlw(TjkjH}LqeGyg(Y
zH~k?>se`v^uwSy-LBBcEY^Y`gt_z50Hbp&4&}NGv$YZAk(~wYu%RRJ|+LnaEW+fc8
zr1A0Qa)90Xdk~a(_x8%9vo2f^G$`@?pyjdO1cj3G=2Q_de4K;PXqjW|i#U%Bm+_xu
zh>GDMzt8EP*V?@?^%(VF+alOQr(O;Mcps;0MR)u)WJ|#vS1u2-hwN#ib!MiTnkIf4
zQb-Z69Co23Sh_g+48?3Gr%ehKfQDkw85L0#Kf6pMTHZ<s3K7GAYIz_aj+!Jk8a61!
zzn@_>FPB~xNIaS*!0;YN;$|5_VeF%vHRBT)A(~=pELvwtF;I)L3;V+R+Nj5!M&}LA
zG3{8H>Sii@zu<M_wMI`IMF<y3EKTV46DR{dnMdI)&TuLj$vj_<Xk$~`>QLR*3K;;2
z55xlgZ68&Y;0>)NIS%ClTn{BizJa6K5Q^Gjzw3Y*lT|VClT-?Xv9cU;nVbeL2zs|q
zF8Qt^J@4owJwn{eMrePlE$dk0@|OD9#Tt_Z8<`IH(*FD7@xE~*Tji>%EFel9U=&lQ
zdQRgeI5sMR-;slJ*{y}R5YCIf8rDdrv|%HdrO*O77tR-Zro$H^dGU-czuiV%Q6A#)
z6+>Rf#`uR3%{H|1lYz(MMSA}uuB4G4stCTlA6Qrsp5izBLdG>zsP8)@n^zBQztr#_
zFvwH2W(y9qo=EQ*nqnoC3s`U3_Pr|nQTdY-{db8MZJO$u{6`$qDG9O$&^Iv9jc0c0
zQ=#Z4g<xcVnRdY6SeF$%!AYEyakPGiw>%d)PsoB_y`Zsg7YMfXsNH8I9*7-?JzF19
zfzT3}7Lizf6-pQp3H)9oM2hBU7_R`Rtvlbf9=DKkc@wyaf$j?^9!T&%Nbjw^Mk$|P
zQP!{?*(-P=4B5gAlQqsnr{lC8B4JQQOE=9_ix&mJiAipQ3P7_SXn(fq?asP&97Nj*
z<|;KTD@UL@V$wwXfJP?9@+l-*YscR^uD=1N)-40Ov(*K<%xud_j7K!nnrqjAFA#Q=
zTE|C?>R@X%+K89%rYY4WKh)al^`kj=-w&cKCY5OaZXc*N0kWfyVR%=fyys}c2DE{6
zz?pTHMAVNq3k(%l7*u+3o=Gm(9b$zGq}EB!=7!*o#YoUvd789y(EcC|E}_eKpw5W+
z?THMYq&OwFu_Ua-i?qOR*4IXX+KftGJZBHYphY26_;#9wI#VG`+5C`Cwv$Yq;HXXG
zDh-q#3>qj3u{JA)oVvad+v`ALe(;%7`7ZFMb~(1{za|umE>Sr;<CS}X(5r;pr8$mP
zqmu{7kMI)vF63ftCqh<VvIZ#5m?DH<aOmv$^LYXmxodkb1XlXBI0XzhG9lJ8K<liV
zZSjgwuLoUu=`Pjq)(PF{>7CW!Ne7A^Lgp))4-N1q9jHZ7Xx|P2MNWn=BmwzV_ggSU
z9DKtWS#Da>&#Y_jmV^?QTihwTmq>PZ_wAPmStUTLB)IfKk%eK8DjP4(_6W3mI%<ac
zLyD}c;!ocMnVzAJa`Fdw3D%NhSsrt5ZwRj}*T_fog}4)T#&pXotXSJFnKsAY<9V=B
ztR_VeOha8r2!7Mo=G{deJGM(iKp7u<`CqL9$OIW4%K9u9OTX5-fX+jCSO;5S%8n4X
z=Y34wQ)ksLHP8#<JSZLnBjUTqRZ@tDjS2SRsv13kKPGa*X{O+&oiR~o(ZOi2DZ)U!
z;jb@9zBuxYli$3}dUwK;QZ0{2Rd)fS)H@nos`J8foY5T4t)NxtRCRhn`Yzlul-1jK
zTQ;K(XpN*QP3%u6TTGOa^$6FW%<8b9Ce{J`7^SFrdq6DgM0gB0IzQthC2kqg=ATIh
zt*gbDniLjzt{CwNWC5v34p)yV0}Z@4Wqk`miwcid5aEqGyX4w<N6`&A6#12yBafZa
zVUkmnilT%Ll|&D>M3b%m>Uc(%zewdlIzQrR_)*qxcL4&Y&ftav1x;vJ^jO2ANb<#4
z#rl<QEAskeA=_<M<;@HJjEi2!8}#zRtioGZ?#VQ$qCt7#`#MkbfZL*|YBr#piO0gv
z2i}u{ex}VC9g#FSxfRJQ<I=>QQ;s4)zV*fTRg72e%>0`(+D_yL9W7S^2clekwI>qr
zcp}1<e@sgR;h$7C2a?M2Z%nlF6vCxy89;b6^9V)koB{RLp|Lg0^VQ@@3Hgm8E78CI
z;LG~&>z{e(@C5Wp)<H)l;v=PlEYr=xXs4{OM=Rj&cMcRr{{C|bYnM>V7`wzyR>0!>
zl1=~^&3=W&R7W4CMEmt1c;EGDZpOQ99%4=T(kF2zR}3ukfZZGjRyz|rq1QH{1gxeb
z*M!#kt)aRx>S@Dy$TPhz*KTE(EiUP=8{kJI*oMB~%q9q$KYviRI%q6`9|guUfGa7;
zpn?Lw+XuwAXMDi3C&~~-!Hz~s3u~S(FoL~rghgv2AT#Uh0ImKZ-=&P!Yy6U)nD-b1
z)_L3_{1YeM&x8xTKpm!02??H{?hX=^Wbm2nO-f6PL~OR}h<yJRc$#Ims6fAUD+6sd
z`1GP<NFP=juo1~hXFE(E%xNm*X>PF9BL$6HD~RQ~sRpw$=_$i`30*4p-(Y|FJ&6GT
z%NO)|Tc)8V^q~_w{ZqEcV;J;U+sV9qFi&Kv>Ci>N@^8GVM6I_@-bD9pji&{5m1Wau
zQs@~|;54?kn4DQBQhds%2?)awI>6GY=J;ujiM%2uDg<!Ck%%BONgT~74~enm44Dgk
zoi4P-&jcl=x4aafvg;JD{!ftc{Ah*1iE|eFCknxn4`rJf(7)l!vhpSiS?i7qW-?rS
zpMztzv(=1Yd=*jxM<v=duN2=N+mE`53>c*n{=I48sM-{+hcnV4i3m3Gw8v=gd?;^Y
z5EuG#E{5U11un~4XNt5E*?chKcG=5F6Xo;%lpU~Jzia^VqNjJPQfE?yuoA4cB)ZNd
zB5JBC#Z5@R_r^cteBB{6F)AbDKD<8A0PFzvwWIf*8+K`%iS~?39Y3S8#C-^qhaXy!
z^B^f-g9s$3Cp0s=>C}8H3Rz%}$7E53(#!*HKto(O1wPVfjB!E$J;P}E_B!5GCfTf5
z`M4pc_NdP*-gSPx|J&<578Jg&Vh)oXpHGz>XMe-6?;4($SpZgxUf?D7bu3{d8l$|1
z>!hfTDVioEvq7{Ngi)Xf;a1?TFGjkbt@qH~KgXZ?`Sq#RV_b&iI&+s3I|*V}PVcLA
z3<c7f#|e^E2)rYS&l1iN>UwQoXI^!?htZ8Vnj)tQRBrN2c{8WX>>?E8_>=#KQ%U~e
zQ~)%bg!gAuS;%lK1iG*T(Cdb;F5iK*T>6!pXzAm4)B#;Vr{9bj;STzi|1Nc9)?Ulu
zXYuZZUb2P>z*1s^>e3Cdp|}tD_#tvJzAKK|k6cHWL-yEjsQtBr4lk@}(eDtl`ROm_
z0141zbJ!>9=bH)KCCoax=#TwV^X&4&^=nIQejlyRkJk*g>INJc8?z>7-g!_e=d@e1
zat@h>R^EA5D?)NEJL;C)10B6EW6te-NM4^(37E}k^$UDHQ~jYkRi!8G_SMO!M`@Qo
zHmL2z<K>D+UeCV}DQdaJ2z@evHQn68+}qHX9LTWmeID2W%%~pM6M8kv9)SHp(AsM<
z(#7=3C-u=d&->7T6#HJYxq*%=28Df*k-MZRMU*43_ey|Tb-G>A<dYagNezrmu^q?Y
z>SJQNZZPIu`e<SC=sf*op8H|jy56Haf|0>Qy2iDBv_d$8@o6h5pS0_g-nhQdSjO2*
z;0_caZA;g@`H_mau+*_iX<)?KrMeCKA>yvJ8dr{XRLcGE2mRlTY`9T@`4&)(7Taz{
z429E03?!CA72FPQBwOD8%GaIDx+~Uc%cuU%DR~`#E%nRM)G>i_ilJ!p1-3t~0FvA`
zz~ju#zLPUZ75~AFnE)}i2>ZsX^V8MtU*oR7FB$A{guF;L`Jlsu*)Mpw*&xXeZn69M
zrUE@n@1iCX*&D5q*0=A?PXjCBw}1HbF{lIYa~sR7C}HVi-Q`fU&bSVd&htXuPXi|+
zJ%4CVc3eAplklrW-}2;)#UWB_{h?CraMsRaDRxxm87_<9M%vA*vVt~Wo{gOLLo(HC
zfNdOX$Ki~=vP`<gsR6)&8UX+4l*AtyB6L{~^rlP5+6o$N@bo|A<grKfdexwVbcI3%
zUHumDY;c$$Dr?Y=vZxSCOB#>vAFHv3p;yUlidkd6$K!+y%H}-B{R#64O6Gx;xT_;~
zMK_m319xreMPorN9#soGdj*@C>X{vmhkZC;#@~!nXZdS1>ID0QJD*E5msV~!ysncR
ziCz>khZ5Udu*6{ey<VT`cATtHA%oBkW_@_0RNaXODVovO|MrJR;*gAdajz1H&iiiD
z(G6%SB4uf}JgWtZ)Lt?QD(C<DnwZ%J`MlWG&HiBY^<3`|xDe>8PxaS=Idl@;@1kKZ
z^tM`HHbH6&bZC=my+T3_@l74HqQ;(w``?vTtYqDKJnB1yy-OJeQ2;46DhN-(kbv-1
z@RWX#lJbdax!xmLr}i7!9l=@ze2OiJ{F_j*!~s43y*3rEW(&Hn`Zs9kN!{NiA<2;N
zJen?N(X~)SN}h51;PJD8*`2!nlURPCI?plP`jKKIwHQ+uVS|TjHEe``PTnS5`?s!J
zoE*+xG`!huzRKzB1tUDEP9!3}J|h=+bE|mdvEi!GR`h#q7&5#?RVC98Q~}xlPEF^3
zTg_9*v!<D|c_43fIr0DXq?O9;gH+D#m?0g(f>V1Sbe_dXI*Ji7dEgyV_ipbqYyX5h
zDQm7nasA^^K>riraItU&rOkA)A*}rO<03XBpjuTg2d(d5oN%c9(>eS%5%GM9OC@Tp
zN?grGA56AUD2Dw9Ovl%3<y1bP5uIKG;Q^zr=p8<Cu6ALm`D!i%E=RFw9R_Ti5J<_8
zz_B<gLQ#MXO7QO&NPLVm@_CH!37r(|O2LYP`iibLql1a}r`|)k&V+3Jno{%Dt!eA!
zzPjS+M?Z_>mORB3=xz3WN8)zEJk4cS<p-y7;PIqOyS9j#w~U@a>lJZ76T3JO5{}IM
zhf3plcu-Xsbb@~z*WG4)PT6C`mQo9{#jaSaHwPSP@O>u%?KTFwv#65p2gy0wNp2XM
zi@my(&2waQnolY7pRsK68rlUj{MUhaFWN$2VLNo!e*XDD;=F=NG8&+QPIj=ZJ=QHJ
z)JDAwUXaZ!R^Qu^;V2fAPbgKcR|}a!=7OYo)&XqI>t?X&pmnzE^pnhb>r@m_+V<?K
z$E2~hVb@H3&^}Aulg`&i43ZpK^zmPJ_n(DOiE|?W9M!L<?#KoFQX(u&c&?ZuhhSO0
zWT4fR2R~{_dr9j41<E$$$Oe^maO&&}Tyn5L&m*ta-{J%+OohBnFEsa4Q3{=ry3<eP
zY}sU?_DF@gMg&iJ??zc1nT*yf$-Nuz^j|}vkQpNAJ)Ng;;6DY|^|;*N^ZCThc#w9J
z%HZpWlUM?kaz2O2oW*K_$M4K}sKdMEaKGio^R;O<%YH89W5IFGC_!vG(#3F`3nN2A
ztOsoW)}ZnR8>(hfAw2KglB7%#B@AHU7YbCtJl@=#>yl1H-4vi_?x{D!QDE|o2j+!U
zv|wDmT|#?qu#_mT!#cKU-%OUs>^390$Q%X+!bp6D_P_#F0+o+S@RjTf_i3{vv?TJ$
zEHZqjp6sS(Ko3eLhR^4&Xuh(}ZX#zuEfrm^PBp>tcU9Y2P>on`4^-1V42<d0IVxE>
zuQMNLO?^D#Wi8cBWOvXOiwYd51|5vj#oNj8O3Ba{DQMHKxazABwBe&Sz@PpD68=$2
zbwGN3W&3oi%Hxq&r4$v3Xf4Xx0ZXv~z;x0&nDIR@R88RV%lW;<zAUeoG1ljfHRR2T
zWjUwNzk=d{i`VOVJ<moVWNNCqpRSNYIm$(fusrqcs@Z{&=IcJxrn1<d&szQecNT!8
zIQPYixX?df=1F95l#Oyhg`x|hkePn;*W3~pD6d0mfJ`Z=ymv}X*Mr}o4s2m)F$qv8
z!Od7=Lf4N%t=s2faz%B&n&>{cLzMHZNdmU5?@Y=J?1rpp+u8f9z}EP6G2F4KlOQU|
zunu|Nc?T}+yyTju#w3TJz2%0WdBqkjCFsFMJodQh3b}=x_Bb(49?x8>bf|&E<iuN;
zg$`Qo;{keWp74=T*&!1LYZO>ES2d09P?g_zTjey`^xssEB`M7<oKWCJqPygjv=Nf>
z76ukWdgnpSpJ6+)ik%k|_3PQE$ZOW5q-q_FpAy?Z7E<C%7|DMI8WF;OykoxyvY<a)
z-(Zl{m9yUNHiX%OS~ww8+E2+9Q}K{^;J6`IOa5%nd#!5V79a7?<FC#ejj6vQ31JgV
z=|H}rLy%)AtC4f#4ZG37xI@IGKZ3nIsQ*3-7EQj~9bDMOn~5-;f&P%2zaZJapJGML
zF8Fn%$Jr%LmsfIY<jdkDW9Pm;$ggedPC7)>1EOt$5YJW#2H6*3@$wj14>Pj@S^f@0
ze6JB97Du5|^?vCrk5C7Deg;<jFcUU-=nKbAzXs}F`u6PG9`t39v_nD7EVzHoEaQ*x
zWfuN|irC_EDer8)04Z?F>o9a@-ayGYf+~TCOZRNV0eWje@!Ic9|J~mDT)xXI@ob9a
z&cpWkYQIfS^l|)9&tT~-H_ZzPx^~_@Eg6rNr1<u|HVyMfZ$0hS(?<sR6B;rPoW=yO
zmh>u#J<X*CBbM4h9idFp!kRQXe^hw8KTojdH`aONMC%P;ll7J{J7ylyP6rCtm#Pm>
zWx>PufX{aOOSEPeAj8*^_f;SV!;)xO0MXX!2yb?L?8b+waYJ1Fi3;)sHYnSFchmQs
zhg;8m7B%Pp$KG2-#kB?N!ng-_ZJ=>?f@|;~!QFxrBm{St;3T+1Ah^2*3lLm`6WrY)
z+||k6`<(mmKmRXxjAo1m*0hqZYSyfp%T;=Q?j*Rr8};%aV~%Y8MH;+nWujY>+aTw6
zvJ5_l9{pULIzO@kLPMr1@#G>nG(-X@43V5o`56CRqNAzrFgsgrdy(Z~9?Kzf#6kyf
zSsySX)fOaI%tgFmTXL8AzmcdZi2Z^g6GZRP4AUR^`FfHJ)jX>nBg@OZ!lRv%y4s{W
zDkN77IszLCyWr41w7bFN#g^skw&U(n+$B+Ta>}8vNx8#nxc%kX3GSNOO4lB4Kt!QI
z#sh71a(IfBHOi>t=+_m|3e?CE72C_B1+nKXL>D&kziGHskj!lcQhUTqB3!*Sr?kk^
z;NFWq;x<faG2$!QI)@u^JB1qV`!f>Hzz`&CP#o-+9wP+r)Yf-PfrYwSO~03<J$_y;
zpcuHw5kBW3YgZte{H($FykKwD(v=8vPNH8(?jq>X_}bW!RR?)-e9tjcRNUjpw|uM8
zkJoQDnGJC{3^su701nqUs|_kfyvLdtTd8>@+;bh?YCGn|_Z@dHfwB!*f3@>?pj;ko
z<yDXReP_W7NEkO;o3EF&ZtY*Ds%Ig}Iax^fv7``p(A>DI<4h;{fjIjFW%<z!X6P4^
ztCuCkHHUt(vg(TQ6LszV(AHN!ZVnr5YAYi7%@J)zOBmAHj(q2LDoH0zHo0sHUykxU
zdlt5p<U0$5@}!{&9m*59;;@St8331YNfK~~mL=yYjXsf8imsxZu;{O^stH6D8FvSU
zbGA5MooncK46V8$_q1ch9r8WDnu+}MT_F7F<b6)VCx#%zON+y0w~P+knWmkUd#Kt~
z^6-zNB<^3{!5;FvVa-+OhxS#Vh<JCX#ALk8E#eCFjL8g|VB_tMo(fZ~eWgU&zUv^I
z#4!x(ew$0`D8S6`we65nZbKxmam-igZ{G27`vbA*T!=!G{FTm;O%%6)u=D2k+-bhk
zo;&yQsSO}y5G|`j1F@6hL9m0q2ERnNQN%`rS&2!<38=y%<2_kl9yrUDKEb+m-L`uB
zHO!2UH9ck^$zaNc{EfOr(pPotWaaGMpBE)@Z-?ICzVFlzjk#j%Cje{hL1IOFu2zL+
z5+Hg=4k|MwF+hRhtv$#J@sUbSY~h?GWAh6O>s)Q!an}xMb&6!g0pnbV@030$Qab8(
zZQd7YmU!$<#{urwtVT1tRjihf4eQQgbUvA}g4NB9;@|Z0MfDMlVX$W3@$}=?a%#Ou
zgXq3_Y+{ZuXlF!VlnCX8WyMgA$DSb8p)Q%*JVh?8H~IlD8|Wi_LoJYO{Q{W-InZod
ztLpkK24`Ep<N=7<FwE7(I9-1;bamy1jDOZH#~XjBvf+CzZNBXpZXL@(kNoF;(xeY@
zp)MKS4s}2IO+Yu!*H}~Qx2Lv41GYH(q%<NV6p3*!LV2%ppB#}?*p0l^0-5I4-&Ea@
zqYhA{f5jDOoTxNV9j|vlU}=7?z4nUEG9TjsgM_E>?@#Dx=;hx1&7=jj|H-NW-T|w(
zrrr8Npw%*2Mh%`nhrxi9^?uSdzS7{u-JBMz4*o={OvmxGw}Mla5aLL8K5n0&IlYPj
zG4J!}6KKAXjkl($7YCk^P77Uh>K#qziC!6e#fVqV&o%-eyP^BtVx5ahK?Q4S&|JZL
zUmMlt2-49*A?YK2$6)!5OlEbhbr^9BQx{+~(x<7+*ah8cG?g{VRn1-_L94VnC%UeV
z7>uXbdvO>gmZ32i&H5TB9k}L(!!M6ZZY8zGzB%4!w>vn76L)eIO4FjAKdqfY$Jocy
z(8fh{RfR7i49@RH32{VDy!_&V8&(^>Rr?a?yUaIq7#ms<&%w{vWucR~{jNbK7Qoa?
zEqMC_O6kcaIP~XItMSP_t=&bkO0xT}4EFh4CVl+SXP<O-@ne8=vOADi!VYXk;Bn@{
z85852^~VF=v5cU$*3acJ7$WW%Bl~lqa>_>a&l!D(H!Iy<wW49Ee65}k#eA2w5;f$4
z(Dht#?#6hka(6%9>cir^cc)lzM|iqVIDII9X7rJ$n3=CS1aM^e*4liC$|)+NuLjh`
zX&9AF$_yIOftwek)Lm%Je;9w8&Rym>&G%R#KLh8;HU1`i?gu4-JAYro$HMCInQT^3
z-dZD`xWr&EgN~LOh<>`f)-SpzZDh@P+oOBC5zN@|_PZYL!Pky&7_X=WBrVLtc}+)K
z+46VNr`kfy$Fz{%So(yzMw4`{W%<pI@Kw1Sqg|2-5I6ps7P0-PQ~m44z)Gz>{QQtF
zF)Vi^2YJQWGdeR`d38U4iD1<DJVlFRXQw@-VUwh8>t$kaIAp&og;wjLhUAV6q(^TG
zDVz3<!VaCdIpilct*s7ue@5p$%3J-xOx`@lRx(8_m6ai$?UK;yJ0guQ?atyKj47<7
zOFX0Q8@2c>1iOr7_};M+Cy5aOH~%W4H!ynEw&4&SNHVHE0%dH%yq4@-zTz3`(rAU@
zuD2%Z{eFakHj1j{fAp~AQ^*qmTs%+`u-aKM^$hiZ{swx9wj_3;fZ<x!I3SDACN^po
z_fRmFQQ3+KFD!J-x<axd$jo$Iw{avhao?MspgcC|LWt;AZbu}jEL@*Ex$0T^2xQoT
zSSvnN#hAIHXbYl2g%`nL4h;<%?y8)wX!m10n$%!|2V~xqAn<vm;4<?PtZY+kfUyI=
zi>8DO2?qcNsXBmAMV6g?UI~2(xN6_Lp$hLLK+%9_ll02Cr)pkK(y(hSBHK$ZtI(0=
zvE!H^i4C(!o6BoS?9$V#gpZ949k?INbz6Z>rP}l@>4Qu?HmCVe$U3!*sc~h6JG;Uw
z{SJ3>9p|kOhIItY0}UZ*&6l0zUqZ-GCNS{&vf3Y1skG{x9b%h<TkwWW7YB!jggbfm
zE)YKZoumJBc|g3l@;g18x~g_wbaDvP5<55NHIkqf5Og{M;<`eq=gD0w%MU8xuol||
zrvuJ?RiE_dfhdDIaREjqk!Ncb0iJ@89MJmkSBKmUrjsf<LmHurNo{Y@%<_tWPucBJ
zw8AUu6?f&1cP%MGd&1lfvZ(yHziDlY!!E{66N1AbF`{0ydf;{ndN>IK;2kdi<TL}J
zR;pwG|KkO(CokB+z*B_iY1}$UORx}A3HyCrC4>w8h`ciN?E!kTUTJswn`Gl9|7&qQ
zht4Yu8?B09GC#x1?M?z1?2}2d$z~wIO?Pju0;W$P|HNNwyvR$-e7LLQ2`9K|*uBQa
zy6hS&&h=;|NX>(jfoSa5An2SY>)VG$ua;fJ^NH<^pkft}USQz#V!7y#?tB)nZ%4W4
z(7;I)s+D#j_v{^#Y^&Sxt7?6s>HF))KxZD}jZh_x;LFsST<eSN?*&fu4`n_~Ggfs~
zy%_^;OtatCdC{5lo1w4m^rD!-+6GUyq9vN;A)OWd{i3e~8%TJp11Kd!fl@y67c7+j
z1oBui@nA5a<$fdmN&NT|Wm17;kQc{%tW!V&(gtDFFzK;r;DVu~#1cedLi|&iT^K)q
zs~k{AB~?;?UAEGK7|pn;fIGf8CK~O8>gQCnN`eZmI9&KCX*IFtWOu(B;@^PBU;w|-
zuPhdZfAutV3<8lE)<ew@y9LMuGEC%fp_dutG<9FF$+kzex|3=ERe$SD_%u|7Fq2t$
z*|`=M<U<pa-9w#kGB}Kg4p(boX`D;&)tPpD{CSs+E*e%J+FpfyDL3k!{<@)hn|ruo
z)hxRT!P?agrgj_{WQdm>7rulF4T-Tsia~NA(GC?NWa}_YSp-095}@U3kOGh(k^qP9
z8OJK<U?|p}@V0u7;_4&lDd?`+{svl|HI7I29goeV|7SuWpJu_Q6=Yfc^}dY<4&!k#
z<_C}V*59`nKI*R&pC1)2->q_soTI}`j#i3D9$gC?zZX?)oB};|IGR3QAXkviDd)cn
znVk20^(jM*5oG`9EwJCo4(eK<7w3sswV)4QmbuAQ`^~%})XAJ0;#(QrHCRht%I<(I
zulY5a!uJ-s?_7kCg5m#mVt{1?n#RliyF>{P9AtL`69iJigc*de(^*bV<UhE0UDw!f
zV5Qm4?Yl4>#_(p`qD#xRA=f^rX5Xi)6{kIIy6^Cl-V(!&rkEPzhm^A(E!4A#g0J&U
z8~#S9T$`*BWUUQ3E+UPnErLk019NQBpF+phKR<lT4I2`Qq4v_Gwms#lak}b7SEn~3
z+4*%S-_C#+hhBC|I+NZBRoglvT{0^ZJFCoqAK*(Sx7m;P>4mW8wOAJOeyV(yUGi9F
zZy8Y{hwU*;Mzi}ePPsSl!5Q!8G4gy;=c8m0-(C#FcY7yWC@BGw12mQ<LI(S<X96j1
zd5{Ho`+#Irf)B$0S+;zHoG&FN5d<YaI(58fBimiBp|oIG-5pt|8$&9)HLtr_x%u_0
zdZbt-ADVTgswMv<$bYlqr%6Qj9IAzBR~1K-_tWRb)Dt$HAT2>|wUZMN$Uv~3WQ%e7
z+Z|!OD6!eAA4c^=nIuU!pLe`C93Gi=fA`}$sLR6_C=4{@=x=#8;g+JP+zrk4<UWza
zX>72ZSFo~X2n2IbuYCI<z1p*d-^WQnAN%yskZ;WEH?dd2m=GojNfM-d$vg>UV^}~W
znX68%3X)^=2lE}1fj_k<_@6gnHvRdUTvy0Si75j76(ze`{^0X(elu>}OA0(AC3OqM
ztXd>kL7v#y{8GK-u^h|fYwZ@BQsqZs+_(&jkEEB_&g$=?p$*dA7psi-WnGB)`@L2#
zdT3I3>ViD|5TTK;wS}}g5k9{Y*!2<d3t6~5TYOur!e7Z3!{%E4gg(}A5Xhyq(N~g$
zB3sqJ_OoT?bUDWCxQ1s}z>aj=`xN2Qw|?S9z5PU6^LMpk&NS|l7Y3N|drK26?mm}A
zguj1>(Hnq@THyrAD^<xm?M3reESZAKy<Br&bt7WWf^PO8nHGC?VugYdYv_<w!-C}S
z{~-ei?wACS`ePE$ui8ij8Nh=KmbA)90kRO60sPVV{NAd=8R4o#voB^UxgEm_ZDM!)
zNZQ4>g3S3X_pk3OM=88-VO&W?Hb(Ldm#Co!-}ZPpw0)dgO-GIvA<p!|5UU(LikHTT
z;>cg^<zw1lDSqYio9mUUeHrh`YZ&aUg*q47ebG6B5~a9%?a@bR4#!g_E0tCR{c65y
z&#lIkvomJ>=B<}3awEy6&=KT|RqhDHANDcAbc4@Vilt@HcIRL}4Sx!pHR)bo*5i18
z5B63#hJz;C7oNcterOMF7|9BjD;06yI^+OeN<!*)_=IzZlAL>u-ZOPovVIvbvdd*f
zIBK9~@bm3=Eo`rw!&lWA6CylAZ#^L}=1Hotmxw6~AxcDTJnny}u=X1$6x#cJp1cqu
z771|@sPq$bkp7%51Eq+GGZQmLz8~>{cY^=ansF4ho<1<Ce;8uwkX|8y-iwl>p0Iap
z`-IgfR?5{~T-{?A>rh9_$i#cR64p{ku1b=M28|rUe|a<y!_}#~vB<HdTUyi;cgV{R
zt2Q0}Oa<yD3iBOn?5B&;LP)wdj?o`)I&5;j(iPJ!x4bvLnxml3H-vpSvb9<$Cih)-
z{my0-ibjM*;<d<Dp*t0GyD=c$JH)2@ZjusU`s8|!d~&cDHbggIV!+7%LHiA)VCe?0
zQ=Jt~?G=CoNoNU55+F4Q7BWz0F8K;nTish-k_zEF@!qVz6es6Nt)UVaia6jiZTmX>
zdp?Nw10&<j&ht_zHs1c4W(MQ_CX)uT*Y|rGI<n69RtG3ar8A^ilfyG!*o(Z6ft&Mv
zq`J>s3-t%VJ;@rS#131?tSzx=fj_B@LKkHbLC|{<jD=O(-!*887?iPW#tf5&5(iJ@
zF0S71&eT)mKVmuzZYFp8By#OY-rg+0&y(4(p=gza7%cKprw=?Y0ZxEQGwv+KjrKF{
zz{;|h3bPhM=dUu3<TJI(<CI#L5F>9>zWVIrkCpg7k={RNob`FRL_Eys4O7`+fAgyT
zrrCXu+Z9`?xv|IC_k^>_Y5=JcGe9qOkw*f{1H_S<kcFf%{(~ynfSq*7MieU{fMI|b
zeR(T6LrTn-0Er_rs$a_~&y{OOa%}XQ^)x&g=F0dO2FU|^_oWo4l&5YG^YbTzQYR2<
z!Kzzsy`ET$qbcH$W=WK7qlON(ACTnHY+FPHB3r)3VVr)49xI};UR_k>u{>lB*wCq;
zL3$jUS6JFt!@9lmzsh6yS-dL3#=TBS+-<G=%*UNR3IZ9F>h+x3KDUwBSecFVuE$Gc
zAdpiY%P|6NrzrlE1zXq8i{vHvVhSQo%bwcIha8y$nTfVOF2jJ2EOD-O%bRo{o)TSz
zgP5mMp%ex`xx<C##H9fsmq(sTM}#HqC0?RvR+K?lEZy43OKy7oJko{B-5@Qa{b<De
z_L`J){_m{&i_KH)HjiLZey0U8f@jqR8?ukt++-vBCBF>4BlQcl06SDT7yro@IbaO}
z!=uus|H~vPLrjt=!c7PK>jmqB4Jrfy-QKn2;5f)>|96adZWW{@0*LELaA>0Xb=f&x
zDwb@%!-HwmpgpGS=S7}H=6<niJuzpB3%}Pr*z{d`yU(Ce6+5S8xY{w9CfDmMA$XE8
z5_&>KReJp<c9%_&5sMBb>!NncXQ{W}gC*cm;}jDT*1D>FysF+l@RB~Q>R2gG&}(&|
z*vu7224d_WGlwsAXNug3E;SSfCTcoJQQE}HW#5u+4~5jucYI*tm=9WX#debaES)L9
zqxwagvWe7!RM;1rwUOu(2O}&B0V7g*5zgz9lWF7<<qw`kJSj=PNr=R#x)m*%$>tj|
zyl#&Ao_`C-G;@DXY{X>LC=W;38lu*-_+(ENOMTt1aX8=nVzKe0TcZYTIEjhPM&oNJ
z@NNvy`#O&50k8-eL}<y-OI+lTz~TTQ!D|JY2|*oWcU#B^3x#=dkAlmIN+SPKTS@>x
z2dY!Hu4-?xj2_xaeFk|Qp$Uuw7^Ra2ELp0@7G@Z=+vwCfZKNes2+2{0)WRStu(krp
zP+F<}oE9ub4@qS>lIgzQms)$cszaCPa5s3pn;ZlCU85XQMf2BB23bRVj}bb9FS-^i
zLG3r7-M9e#vfgi(*S6y^L~*PSX)6LW01}g^?!{utl0gInU4{WD8U!|NkaTsFPw{cC
zKn3BSg3}%E(mSYKO=h}9;|2s*Dx02Uv35plqw4AZM*9J1C+;@vtx=jo>ctCE;jqcv
z=?O5XubbP3u#WoSDLHR5)eBN}?1iRZf&*hB0eodAqPPA6Ssf@90+h7$gS2py$PoDS
z1vxYl!yVm-#`#O(%QA!P_0fcMUmh`iCjNI55d6<}@>$_RTI`-}T4I9;sPr`>Ex?li
zO+(<+hMMZ=Pj1o@8N>?5WDBvteTxRr*ILvRSgWwv*MGvblXQ>~cbaH_G6Al3FV18H
za6)@|D!Tz>0Z~J;fF#-Q{`lsT!I0L08Yp-$l#mkTItpT-Vb*^{*h>WdzxQ50@lYcH
zW->LZYc$AlB{G0lk2gn`Xe~FRdzecPD(Zzf?CUU<Nha7kY~J0VovYrJwxdx+iq~{;
zKvwURr`p!V|2Ps@5EMirbKh$KsPuou1c50Bn##?5mx2ek!t!4e=zGONp(Ap~Zo)Et
zf~he_Gkh-B9+I&o0s`ZsMeFHOK)~Em2)GFWwLD1nUqr>Eg|Im>Kz_u67B?=hzY|_7
zDzpmY0jVOpF%jP-(~wtydQkR#24arw4ZTbL-p7K3kjFHWXYZG!Y;6i2x0v$4MH{w~
z4>NF(!?0O4t?n5Uv@JfBI<kAu!knkK2$+2$;WXedfGUHzV2@z2O+bbj&inN}nSq3y
zds+Zp?#YezGBIT#K5?*=+VhH$m@{yCnCzI<3G)!Hye8ltI4kx}t?;#OW%w7Zce|^0
z@JFS~u)XBAbB+FYw)AY3X4=LX*PP>>W_d4oZ-`KjibR_)(oNi3xwy>`z-dO1Blkbc
z4JHOCCSfmiEbiqE4_**}wf{NfNG>FU^QF@|&%6NNojGv6?7Q?c^Y{eZP?aY(ckJAG
z!?^D+2kl5<Nox+=qFg`P6m)OcB$n-wjb_J*3i9_etX&-}Nn<%lL_AkyRtPTV=J8|Z
z5Y;4#14m(oivb!Xy_Tbp3<<5xLF9X`hba>W1{y+iv4njrAU7L-VPR%{zAb2$?pHDE
z%I1DG)vphjHN=5<Et481w;u%J*!Y%9yE&g__*>8mG;j>(s(MakU+%{GNPA*e7TzL;
z)mTg>oY(O8ZINKr$IdDa5!{T?yZyD7Ks8+oKzT|be(M=-AQRZOdMZkq8b8X8yL??a
zYvmM9R)!7TwPg%#>KNX9)Ic{n@1_a8C-=^o$l&algiA5#UX1HZ!=Yv8TZ;|OVRY*o
z7X8@76^hWa)f0a^9U+}fF36@u9sxW^1xFPJjD*F%JNXuXpGh8wK3$#4?*xlM0bgO_
z3Os{5{d@Zo1%0bfeVt8;^e-Zj96m;`svl4}$r;t4pe=TSZXQY$1nHXdxpsW<7v|qw
zl2#`3V_sd5=A7lb98vrTqV3|jGh<9_Z_v(hctX20QobAm|IbPxjwGdsnDs;(aHc~i
zU)PG@kxOxp7Plk5)<AR}tJURkM$aR@EVp4AQ2cvi{5NmnCGCv-V1qB69S|T6p$t<C
zUEjYEy9VCF*s9Nc<k`knXRGxlBVwPE+UC%9ylrMNU4}IQQggEDl%OvGnnVK2h}q0n
zQIh*Tp2<p5KjA^Vlwg_wjZ#gMjs9qM;u()72fEwmyXN;h{R(XDQUmYYU4J}m19yD@
zSNr?}L%>PBLq>g%b{kCHa+c=kd)KUXq($|G-N@2Q(^4?HQ~13x9Qz^s)#sHFYKtzO
zYiemi(^!^%{E-|zk-qd%f|w{Rlfj-@ndIHq3Lf?B_PR*Z6`RS*@BR~dh_R9I37*XH
z34lp>5z45M`*2U4W4v-pTshDsvL-xFknpmB)5EkC%#zo@j9{awa{lrsk3mSxIQdHX
z=KA29=?sh<51`Uu)S=-B(WHDLpqFOl=SIO8Df^=&)tju06(Q$%A&8xcP29wWiGKxp
z38S{$@<FxJ_vwFAW!3lLg<gXl7BmC1j509`oEoGoJ&8+U4+oeR*%x1f+*EeBa0^sQ
zH+~oF+0T;eLQeiv+ERJZHLCC?O_$|!D1*Ouh_s`oh~%2eg?e{rQ)A*!)!TBM#~hqa
zd=T1Rzk3+G59d2f+n)(@eX?`DqWacJkf8r389rD{8={oVp$s2L_JFi|D~St`qNNpQ
zlBlwn^e8{-ugLn4V^Te;J-mb5T~*0|_@_1x7K*9$M7DPEttt{h?0iOzuy+IAHQSoY
zt9>6l$<q3a)QFWczTfX|WsNI(EI+jAgR>zRXG!xiL=248l<42feCgSK9tmch)B@NI
zTrPoKwRp6qRRzMA?Jkzhz(jI@nA@k@I}};wUBdn8kl!~R;_ze-71UMgTS`@$HiWJ9
z@4GJrbuebif7x5vp$Z`G4dA()T-Th>f~@+{RVFimGtx&#TPri~rKP7+hVizJ8;|Dy
zfSnbBG0E}reXc;BJ}|;V2h{R_1D&qqp<tcDcKOZxTH5)zRH>@u?(C2AZ8!ZE1ci6J
zBOS6%C04jsf|;MB5}6jOr>Z`IpSy-eNweIgyIqocORz)Q#)hTOA>k@-&4f2dQrH2T
zNV12o)&FtQgE0bnm!=~8aYfANS@8ai>O9?e11as<XQWpn16{Qdt!^Dx+RD3p75OO9
zU<$xJutuw^6gsi@|FA{j$n6n7%Rl`->qE;UyFRrtlMZJ$=ZP18D@Gx=tE5d(g*iOo
zH5+9RZLFS<1BWx^zn;z}#P>LtOuBz@Nf7tT_|Xd2C8(8FH~vH4EB>^byg`g~-NhWg
zGU!V?&m){4J_Fr6?^(B0%0DWSElRdp3H^Xw4YS=Zl5caiG9PFdXY(A}k!x0j_#tW%
z3g;*R-znorp&6X5WR?GTaeL_iv-iBb3*F-705PtkaPxy63@L60U#ru{TlH;=<M<C|
zs|e^3PP7d6PK>|U|21;Lt!Kizg1%52#_(F1jR`1P3^-{163#S(zhLIY5Cc!`Y;@Bn
zWz|xbWBX6s8~}+}V3>723%BK8P|$llSmQ6EMKL)|;I|#-x@OYQ_cUB*0q3a0>xyLi
z_HFHn5SlFycC-~8hLvX_O{05@s706l&D$C|(_yd(w;JM9Orh9Jjqliy(*NckutX~B
zy245TyZ$<+Pi$iM+2jxoU*{8pKu5G=^q=Hube;4?1v+;Vo0E?5;{xs4c>Hc(>Q}}%
zITX}?n=i&Xd|K?8D8VTAKgEJ_-F=TAvOYa0){ho3OY`4iBvOIJ<O&H`PxAt%NPm*Y
z7Un7T4Nf_WYnRu!V)j-8Ro){@y5!9=xbyLlcu;Le+IaX?q$QU<!PXc&9qR<07upvC
zz854C4|;6}f}Jp%v^o&ugHJmMhNFVS+pzdHCrtodqk`BxETP-UE0@16nl3QjEZvuw
zPz$l59K2T2*S(+LAugXiC5_HX<EL13VkpJ(`rc*kuukd7u*fpEygC!my<;C=kg;g#
zC|kOCuZpwV<WIT0YxwU@G~g5xz;KUQG^k(D5;M&WqmxoSu(AYB*r2xrl(T}Gky4E|
z7z_948;Ml8<W%;TSwWR=yHWUC$GhVrQ+eqGlPsqNGQxG`G!>LZiBB`6{x9$VkSgJo
z-aR7#8U>JJ%*kh%g6F+>U{ThhC4k33wqO@xEF?~@M(z#Daem0lHaQXspB2CTXt_da
z>%Yg|+{UEA4|1?e=F2q@+oHF8b#af<d8-dbY~KkyJ9h@jxV9t%i1f!R0trF%CTqi0
ztNfZEu8AH|Da!fV=`vx?TS<qXz)`2k2|IR7tqgsP+cLk^uS+OJzxb~=)E@13LIg1>
z+S)b3u;mwM(q~e`IJ@KD&oxZu>-{6woxzWg&E}Jq^LYm5{|<8lGIk4Wl?IbT^-%*Z
zAv>iy3K@Vo2h=x@c%>4e*|Xw9cyCCI-MX6BWae8sB{|2HA~!y~V7jb7km$_f?Inhp
z<FZS??$*3{Db1;ds=9i&1fDv8&Gos#TeWKbH|mDz3c<cs%GL)2ASqg(HcHZSmr>Kd
zLe`L<?GbhHOC~Ob4BH35&Cj7vgR)LYfl4(hlB8Zumv}4flzVI(WWA?uwZL~R^?k<=
zY<waD)8K)Mb9#kq5mur7k}$?^BO*>2B4)u*Y_zY_xRJFg^aC_YqvH$}`2K)Hyqy1Y
zb~c?ddE5CA)3_CPJhHea3*00Tv{%u36^r4k&I?6x&sQXzOmjIeQc;5n<kX#!;ZS7l
zn9OO`=>#uhHG+@36|2a8lU(ONSdsEqxo@ghMB9pleNk1S;ayKpl%jiI&pLj*{8|pd
zjZ-uk?@MO~YRet336b+ZSN2GNk|10i%1?Y{j|x;T&XA_-T)+*!*0ReR37`|rq9}A?
z*DQxUa^MPJPEDFNc8D=6GGX``N^8QAR92V(aMGK`<o1FIw4kMqa_tg4@H70WGJP$Q
z2gen|je=Hyj1&jItJ(uc+LQK+$etZlB?HuxR;3y^w#aV{d#{+$Dmy2_p@I2#gfkr=
z!`e7&?|0G31mL3jsG=fFgcBxjpCxjfKMf>Y%^w?(Bz#ilL=I4)TXPYJr<6oUVl@z$
zPG>v<Dsudhn#y>MXDIe9*{SO82F{Lm91l&Qsm8yB@Ojx#FvC3k5ZBigLmpz2xqmA5
z$kR;doPj0(SQRb?J@^_fg}l?9EV$C0`m-fkhKs%Q^jb%kOwX>snQ`WWFew{){*G|x
z)Cl|aKFU!MHIARG+J6oc1oXd|=cv`Deoi&|w&KP<D6PsZSJQne#Wg=_7`na7S`sP^
z_B{hf(kTjko&0ud_r}UH7N*8B|DiW1%2g^&p&@Kr>d_=ob*dlwDO=%@Qce|l+|<AP
zNQJ-SDeV{sXVG0EJ?R6qvX>4f8k*2-OWRu$A^G2_T$X4*Kpg*i?%(45LorHUzj8d=
z#{UmPk2#?4qwVZPFh@U$s`Yg<e{2$VyA!N*lqN)H4yBd66h79!Rd*{LR2Z+&e_h~#
zRyXcyk1;@SV7;|Lx?FqO0~DOQll8tjOEo55#&B=tV~M5b%uFCY9C6*mwJXdnRQnl(
zTKOf#ctN@IK)B*8P#Em=-+Y1r05aiJ`TA3FF^#3Gw^<#mobhA)X1_SaOt6S0@cmB*
z$75l+H?*iq*)<Y#O{8^fLa=o{oH|NX4)gGOPZiuIrdU04IK^%3hWV1z6qr%Tn@}!C
z!YB$f_>13BBIv)otLkZTq^iqID|}b2miBkg1{{_^4D5rP(f(iU4lu`bv=@a^h<=@v
zSQfAL<dy~7&sHR{c>LA84(wd3z4DB<@M00kKmJu0^3zAYb!Yzd41SCXiUy$mSE#T#
zXC#ZH<?~F=(K33mA*)VT8MSDr*$)}@iU@h&YO*#W;2s~j+1doTzgb+tV#N>uo|f4)
zY#furXC`3ndD~dpn(QnTmxtfWLj*N4l)Xok#h+?I%!9iSUuP>LQG-06O@jU~`8FvV
zzGE82)oRZhyz#rwd?_hy>x<??0V#kSe?;vW0_e|J8A7ywe+TZ_Du3aTej7U4D>t+1
zvH3R7TZ7Q`2c1FhhRBiOHDl&<-@DC9{i4xvPuc4-u`g(Y$0-*>o$Nd22h{jE^O1o2
z5sm6EQ%c*4Hu&EKg8$$E@P?#Xdr>6Y=pCz}-ghVS_w<4v{roUChsi92o5x0$A@_lh
z6=T``&Pr-+NvcaMi^Y$-QnjoWkw@kkWcoWl6ET1f?1W(JyuX}ja-H<}G&8>_Wur^^
z(pZ<5ER9zgY3)I(>k(Rqy`A@SS?v6acD&G*tDHslFyEn~S%<raX^yY|UQ_80@u1F&
z;%wkd7tw>R4;+exviK)*<Db051dpQCnM4y%YTSIuuBDAybXM%gthIEj&)LJTCYA$}
zcK!y^K)4W)i_E98|9fU00D`kCN1RG+-25f1Q5M&GPmlD=i+HQaBfTtESKLxq>8i$f
zQ)>D=RV)hOrjAT4^<N3AgBWw&$>^LK`!MBix?gy7D87chvcY<>VS=3~j~4?%`8q$N
zUN2G8TppWNWC~kI|1S?IB><XW5+PZK{_Sfi!au6bwb+tUhyGw$yEv|t2b<}mk#bPO
zhx1XUjyH>7;Vn4kY}TOKF~=Ga&V&tt^Ly1gAs58tI1wvF50mrYf2V{AITj2@S8U=L
zp0q{Nuias^SoF3k$Q`L2XL+DsYQa)Fsuxw(ltt~#<6Ry}mFBgI((-p&rF!{5U+_wc
znEEfvzCunH)Fm0<|DHXFE#SzKF@bADO0-`*Tb?klrME1w|DI-;m2g`1UssE4U37FK
z9F6<t|Dv(mxJj_bXWqD}72guJzdtV4zUj?~+axdF4KJU4+83osp}VJs46jY$le^Bl
zj^(MH@Wnd~|8(0&!4Yyaq~P|4@GdspZ+C-As$ZhT*@ZqU!3*$l6c3|egP<XwDoYsL
zxWkv84Zplnw4YoqVNUN^*1(#oAt5j{C@?x)^O0fKdjs`?NX(OJW#*B?2C}Aj(+jDN
z@7~Ob5RKdZ(@S^+6nsGnQgsHLtUsJ=S16LyQpofxcU<sqC(fQ);Dnl7Z>RgK(+94F
z+6ZZ+wkIf3fg-*ws^9o(?YL`Sg(tHq{^>|o2#y{^lcntpj))VJ4KqQ~DQ`y|%rKCp
zbR5(ptVo{w#t`xH2!~PyJ>t($pfju-|D;>fA*^^P<Tx=ZI?N?+ObNdg+E>=2LP{B&
zxywE-?`SfXma$(lpvV4c0-4|fFp7>K%waZM9<}2Ws|emZN}H5gRJqm%tI&C$%eOAV
zRUiL(_%Iy`9{dnP(M|`U7a};P*##${Z)7<H7bTX(^hOouSj4$28$C=B1}p~oAiws9
zQ46HD3<F~d!cdZhQJc>oOwjX|PD%7G%Y>}E+LL9t2Us5Z*YYCA0aNz(0Ty6xbe7ln
zxA{6;pdQ+*-R*KJprV%iMC8|4*uS#|nINl($!o71M#GsZiBY>!!uNX;V7pQD5p$D3
zx`INUr-Me3y(Z%GRD#R|{k2#pDuYTK=FLvZC2~mXywB#3Wf|HDQ<{H>4GL(&$??Z^
z3#}7_IeQIqb)$^Xu=em-cYPbJ{bL)*{jY}o=gBHYpkvLxu~9jIdj4=f=rAYkFeMsN
zJP8s~cJ4mox>1xvExF&s-%bBa_;0$r0FnDb@edOG>yef)TjNmb{rd}A<0RIqeQ7gv
zXX-yU9wz_uFm?<eKfz`rSrGB@hhvr(d%yR&3H57z710zcIJy`IA=dt4eY!YJ+9!wO
z-`PWBheMj}?gG5B3m20uibv9E)^tw-6Ib?@)OiEE@t^le3T}<fgYKjH(<q=<0$`45
z1b9IF4}s)BO<Rpf%XQKpg<D$VdW9;r8JaQ;C|xO<1;BLZY5%UIO8_D+VS-*X0opj@
zOOLPt@Ot5{6uqMTqu=p?rDwzMXnruY&wlZD_Oe~90HbP#t0t`fj*0}6233tZ$o9oR
zHrMoK0;c+*n6VlnuYW&cf!Kfy=QRB!Lhg+g>t!wY@GX2{pSzlo#c%VNdc_BqZ`|$=
zL&3(Pz(js3m+dnAl^w<a%xYAI-d)xLP}A+F7=Xb;%Q7WUsdE3wA{f&F!UGarV%h+A
z5N0!~oLLnr!@1&NbnW_do~DqCV&Y$^0~_Z<dbTp&#sAy$ARLTu4_&8bo@d<cfZQyz
zGmy55l|iijd5i16&H-7M1jzZ#(Si+Z%mG80DMM-Ae9a2JV+9`_=bJjd(0)O8EK);g
zOHB0_YG5Hy1Cn)#|3g?1EevIOhvfJEY-yf5A?4PGVl@3R<}jQSkw|39;lF|g5cF37
zz+-oR`9v^gCEUAJ8ON1vq&~d~rCtNs*S`igc09zU_Rki0q7(lT(|-h_Pwy#nCI7C>
z0<+1NKs-c`N>RXG0;hvu&}@!sZ8*|`&>ZJ~$&ny*DXMIxQD=WTpTpWFc=Zd}O~3>U
zGFTUebyW8J3S6+%p{K~Y)K@@-OHsSozqs+fnUQ4zArm$V1BN&n!O+l9HkI?OcS?~G
zHYgyN3aE_Em93?~4(AE59LrjtDpIa~H-G?Mi-W7XXdB&#b3UQu7<-R%(T3^${SDN~
z^+;eM{RW`tAPX2)R#w?;5#fx?yUx@U>uLlDJ5pYC?ZZs|etK}aJvC`+ZB5_iu#NW*
z!a>4G3`2Wv7azDo4EDyQqQxh+bI?WCiZTyVa10NcT0fQRa)A*S7cW-LM<~%KweX~#
z1p|mL46wnDjrKAejtaR<zZtvHVKub0lqnS$saFj2V}?kFyi?+#4{@ClAK6A!w6V-z
z55C4RivU&-KhgiQziWVTjrri($q9zCva$r_U)Ewm2#API+7(YN1Lz8U4)+EjoP@rC
zio=smQpX3xn~X`5k??(__pT_Szq&Y(9Fu@|I>YEffAzfDFV?NMS&9b89p`_A1Sk%<
z*R>)H2c~wt4c_rmvm`VF!fR$)XtDs6YVE3tlBv^&4f1z%WBymL&Es+dp{rm_9Oz8{
z=|%@56j_dL)0Ys6^#%e$quphyfn9|MvtS@={p=A@322s4`sdyct7B`#q}B2xn%)Hz
zVB-Ub;Clw|QXr?u`oknd<Y-63VP^r&gDpqNkJ9}$#fC0-UkWgb1lzL=uiXUxTqFMG
zk>w-vX@w3K07Yc!v?pLdeq!Kz48Btg-vs7(xNQ##;$w*5UG1+o*iNq+<|{@pfW_?r
zBc+Z;^2l|4f#Ad5>G;b5T40A%y)ibCuADQz)p@FyYlr0e9_vEr;;4!SnI9X{DXx9Y
zCqOhPA>c2&a2N&0tO!!nN82OCw=gN?mVt>82c~V-o0{(e1u&Kr^qn-X9RL*b%J}@%
zSz1hyv8iwm@;++Yu)wE9ETBVIT;>*e7_hMxWZ@c3yUc$zz7RrsT)72GXePiYm~TN<
zd112ywk*Mkm-!ziGXt$ZZ^_w0G%JT%3|dYmaP_a2p-Te~N`|BdDg6L?rP<zfwsVEF
z%|whlhA5^#8AK~(y7Nkb=Ut_{SONc)eB!N^D5HP^1gjb(x^ze{tPUli2MLL`6a6zG
zk6S|Lx5h|;XrbjE21JfT9|1B$KK=}F85tQlPclc6&~niz7ZA_|9mCn_icO-(0GepE
z()Kd%f!cV9V;m4Epn;evH6}4}<VZT-2Jlnz{36#sX`X8Ij32TdbP`YWrE6p<I#5V(
zFvxN=15lRGBaC43gg>Lr!vz44@ay($!}0xluG27>1ZZrFKeLcVns4*p+}MEi^Ye>B
z`~2!J_LGMByJCGS)2Tf@-%<dWhvOPEjRkPdxwrWJ4_67005k(XKVb+8o<yl;`Jp+t
zOX43a1RN4p{U(3=#fI+X<>f9s6j=n>ls`5KpVF8BMlD;!XYJQ7(|G79q`x#U!yNx@
zVgslLz;Ws&(n4y0XPe(AcINFf#1vuFx&z@ST0Yp4P{1!!|5Z>tn4Qtgo)|Jgfa&sL
zyNCcCB{6|Em?qmG2-bF;0sMDvOL^amE)Os+2qCMd0TF`Nl=7E<@cJ+e;s-_G3DZDh
z|BsjUm;Ic;gXZih;DBC5h<%M=9kAGeNS6oHo(N>V^MnAUdGRq@Bw@g7n81HtN~OG%
zh2XEF5JYC#wn?jl0GZv)3D~JR0stTE6^`u#U=;}ZffCRVUsGviV3ODvKsOO|pGlGb
z65%88AQ2j^9Eby0eNsyPaP`lZz!R?IVlB!Lsp5SFtRxyf_!yW1KOBVFSQhAi{1ehx
zpy@!=OPRwQ$ZV|EUfOwqfPu*Kq$vJS!xy3r+1e9t06g!7Sh-&jG%^x@%qj>X`3OOB
z*s}j0vK|c)UNh)iL0}5#5apB%P7V6Am;s>a;F;+tmLNT3HpK4ei{y}j!ssVtAk?U$
zfKZ%H^D+q#=`(;mN$#eD@epx?LjDdsn9yyU0Ef*5p~A}+()3J-qV7N!JV3Z$YzCpY
zw%9KE|6}d{W9|Rb+W+6RR;&&4_VgYexGdjo$?p`2lGxJxM*`X1#g=%QI>SbxC@~GR
z0t6`-66z#jcp=s@8ZrF%B`2WWX9Q0-4u<O|ozLHl{6xPU@KLPo@55x*?ZvUkpqr0<
z#ye(xeKz-!CD9)l&hYVqu<_k$|MPDT6gobP&0A)=^Q|YCL1AG<s}V+U4y0oNf^CR7
z6Y~Zz7B|}kC+KL+?Y6>_P2cOB6zdJ<i}O3pfoWt|>g;F?=k65B+pQ%Ye(6zzwyCZD
zKxwY^t=#M%ZJzEV?OrdshO3YSiC?HR7<zp?TwZ8e|DF)S)j1I3Qxx)q<n_+Fvn#>l
zO&n`;dfrjLj;LwhO1_$~bnZ~lEB=X^VUUZBrcxod&1Z!7uWtH|FK)mOrbxRSrkuo|
zSP1KD&UV)LPEQsI+$e;2iZ_1!f^oyZF#nza+vn}0TH<1j`y+8GC##U_n@D?4&C4lv
z%QKWm-)G7|Nr|3TM^`85FJ&*st9%I1NX8LU)o8R_guNym4`1Sg&Qx$qgseQ~-c7;(
zK1%<Z#8``7mKw5Wdn4aa-<izF(z?F*I{FiyMiwjCYD9eEb`<v0iE?2Y71Ps>2Zz_T
zOMxT&?}rUy&l{4!n@Hjb(SkvBs0)JE;?5IU*}-&xtG}LFD}!By0`N_<d-Szj7cKze
zin+M00(@f>J&`lErw1#Nw{MtFQP5CkNiZ*{#tInXD#O|K{eBXX3D)&n>P+qpYpCfF
zDEB7V4;0?mx>dTQymSz8E_hv{MxxETC-~^CC^+yw@LIUT1H;edow{EA@hY^;I@`9i
zczof)JsILh@zS(HD(AozQ^&DNr;F^J^|6KXA07%O$8{XCzshXXhJ-rYsA)%aDeuU(
zGtkV6M#R4g5fun<&{UAF1e?4`j<UhJfVF>yXPoItqHI^n=CFd{_@Yda@o-UnD!rOt
z>x#Z}9OLp+G{|T@kKV8i*Bf<vR*OAB_xuUTPPjZ%L0VmQ{o>^|TNXTpG66LURgIBo
zN7Rb&!-jORE3eJMfcoMWovAs`hgC_%RDS5vS%>bP=PXL*Ng6Fax6M&4q$95@$xhaz
z_#a9L%+4a-GC#uJHhbnXGT67>e@qK!8^+aO_+)9#?)OpDHLI2B$*_*~1I2G@;$$Xp
zWpUcd?G#$se4CL?sjgfW!{d3WA;v1kAz7A}^@--kly<3)!@cnl*L{rKy|*U9Tbijc
zU?3|+6dq!5W!(W@VP`e_ToGPkf9j){h!y^=eBSE5Rq43?U3s#$T55HFi~VNY`s=))
zncPyl8@{#B729iNhb-}cz_*miN*ReoJ;!F2Dy8!~YI^ljKCJ~V|K0^KcKxB+YJ}WJ
zHPp1}c~QswMiWI=)YT@GlBsd`AT{p(-7j55;z`>6v`TVA>GemN)6-15U$nX!Ky(;U
zONrwO4-3gVG!PzTeY@Sy^pMLsQr&8{0?|T|BzBrZ5p2qBQ6MqCXt_J_^@XOLuyMgF
zscXxSVY9x-zT(|<<&wE-IlQt3S9MQbnhB3v3~gRtt4ocb)nCJt($#`%%F^wZ@TF_p
zAwj1RCZC&amzk#>7L6u&zl8mOe{|d!l6FUh-dzuoq*tjCSm~dZ)y!h`l3r@|LNgr7
zE+|7tJd*=lBJasUd+aJofP!}Pgf1a)Nq_^w;L*Fa*XhN_ZgJ^Yw$g@r5=f=B+Gose
zzfF2d!HvFp*BDmni}J;)-fZ2Sd!I+`^G@i9Ol6Kv;bTo(xcU4;5xrIu)adW8+3j~c
zhY_fY1jVCXvtvX-yiff@hfNzhICB$qj|5mA*;)DDc03%_m^G*UGT5zWDsL-%$b3G_
z+l&M{Sv_A_>By-aHaX(Fh}?<Wl1@ew&!*Mja9Bi^rfIBecG~EF>mARUO0~Khv<<tz
zH5g`eBEqgKt+y6GjjFWZ(lb41)(0c>!RfW$$)cwQ$JQM6g840-&O)9kx(^o78!0xB
zaH|hA{Ke<q&X!PGZ#o46YeA381|@bHjk}$(1FMw+hS!GeOj}=RhGy-<W`->`F3`SG
zMVfI?d|pgv+b(S<)=IV{DgbmOAkWm$?YaK-(8pr6uOm>TI)VmQjZA!;7RE9kGdtw7
z@XT5~7vJ$$Sva}32ch~&MH@<*+EG`k6s|*&u80_9^|^on*m-1txQJrkAYSn4kE7Co
z9IfKiN_O<eJC*ZRyOCr5dWZN+JLWT`WyX~1onrM25gCuAwh#JcS(9UiS<3>5s}hB0
z^h2cdetj1F&3-s)gRV?+p;S0Nf_&eWwge08Zb%EAZqA*|qo_bi2eSx4pDU90Qxgb9
zKEU>4*b$k{C~>{Y+v3}Ju}>qH44ceqB>r2`5aDeJQNY-`)(;Hm#^0JOn!{yN)oi|o
zoTzeJOpViw{Q_*bqL=nj>+ku}rYGs%pqDMT;nfe_ht8cWl;D51Uvf~>Gbkj_r!!km
z>28skIa#E0{nn@p>#c6{!M|2elY&3WRfGCo%buC@#x5hQrTm_dNpoaOrwolXOOT8e
zB#gozXzHthXIf-Ktz*%^R<f}W4GZj26tOwwpcyEwYuT`?s34FXJXRqG@&tr9Z^z7L
z?=DDhVz1Qj_9)(0HT$c5{S~nbk-zjW^-#1yG%X(CHgC+3;puOsVo$+k&mZekCOV_V
z3EajG1C09E&UnGj3K7NeoVL*VSf~{u3Yon*zsDOsa9C&hc4xcI1~z#<QPp@zlbc-c
z!IwldZ?8YZ;@Kx!j)o-`z0Q@rR*&?)>$&d}%~6V7zh~B>I27_izIv=VxX6<e?j-P+
z@ZCDyyeguv&)_h*<3&4|2FZ8C%TR)NumnFgEQcGiPt>z&HnTRoTk$`%R@<$?UF}Jm
z?(emKC}`tORan1wD2k&*fZn^yRG`<)0h0&sZqO5PB*-Re%y-b(>B)+rJY8a!+i0P$
z=2{deNV^6ke5&%8Lf9N;b&XEtpqM4rtJ}bA;VUkwBDpddKIE|4W+MQy@!ShWLQ$c$
zROqA5R#O|cZz&Bp&IjJAj=Xx%Z=9OD{czWIDiD^eC|Q3TlvhqsU!{4`J>P2WJZ&d}
z3XuGk3&3C?VD{IFE^5VUV#ftD`UgyDn(p%*eLRm;hTdzHJ7C{yC5)Ls^@u`v8)dQ+
zBC77~^6mRwI!A@pn@^mdn7NEn!dMnQA}^bX+$$Bz<m)`QGSJ%6F#Y<8xV70cIA~zE
zi18}r7!4*hB(Gj~W4iJnPMz8CV7iP^^W8*cTA~J5+99VY)n{Ldr;;*cBfg$+_<g}a
zn+5{5`BGY$R?ow^t6J5{=uTCNX_Oj##u!^@f*<&ClW!}TT|s2I{sjnp(C0wV1IpZ0
z9Hv1GaJN{b0z~5cAtCb;ZPQO4t~WN^HdAEJ#7Jb-oI$^M1Wg9|rN3_;Rag<8Un9#$
zC1SD)PoKb)OxLl+JPIwYEqh)SK<~1<e904Di`haP%Y9Q%KM)SzA@wOi+UYXQ*Yb6>
zXQrd?j<f88!AB(71$4&x>w$oJE)%<QeSP?X`ovE0))NaUB86VF?h+QK-(3jq0;Tv&
zTxJX)Ym&Jm9t6RiSbQ$S9%Ts>S%%5GU)SxZ->oR2_vY`LfxAm8yL0sQ6F}VDB`O4}
z<xg>6wRxP3ZzD)UQ1JVsMY9O&Vp+|)8(?>T(x;KhQl3mS<xw<bH<#O3%pXRlj5mhZ
zq_V#Mk@NbOd+(<fnZyp;hJzTNQfmC=G-{BBJvUTXgA-x`u^o!6je3d<WIuhT0GN`;
z^LoDnO`N!1^<F_#^i2NfbNJd4XKpPqXD6k=nyq2VuVMVjid#597zckjEKl!ZSBrC5
zqydM<hP!LASkRQpew#sy0$RowOE6enAOdiPKpuDIl6%;9xyY#f8#1w{Yn2b~4;(5J
zobPiPn_Q3mrDJOrYaC(Hu84C_1_p^{bX~qRIdqCUxAnC2U2xbAGI~c&C!a@t^0J*R
z4_PI^Dt-DAL+*bR#@hAs=gY^8T|e@t5WyNUy9KWP3j&5nZbOD|V@epPFC=}cB@P6u
z-~5>0+3>qjt*K&r_xK=RFQ4G@(}`h?@!XQPW8>gkZZ?NwT?$wrilLNWU1+z5Ngu5V
zVWRy~F8QV4`SuU;<K%0_Bea*Oravd)Wf^=KZ3N>)#@=8Wd4JZJP9}<|`!aGds1Fx~
zuZ-L&DYqXS0S5#Y7`jzzsj;hA0kNCi8e5SA5ko*Nz)WJIhond)SC{PZDSMrAD0_z`
z`2H$AM|bA@``SiyRUBxk{R2^}>v4ZYJL0LxxMPA^=P;(7jsVuso*aD(UqvL%Vypsr
zA(J+6w+@B40PxaT{NQVzVbhUZ1vO!VysMl+Z9Zv_w60D!);!sGwOcJdYs^oA7^y*T
zao*CwNKu0#Bv;ujd){4Ie-)vNit;bGyCnV~e`~TD?bSj_-zltS{G4iAyq+$ZT6tXn
z<YCI+G&cp6a0afn_wJbuNIzyV>9%-ob=~<x-TJ<3y68)QQM=B#i(_*`r+$z3BB5w7
zL|S1doO*kvfH`ECR@j^AHBu^-ASK*8xpDhb*-QIH+>>mPt|bb;t_5Kk8ohcw*KfZ(
zYU5|<;4v?Wg$3OD%R8S@vn6d#{97&_K0IDz`~KcJ+z&AAi;B3bXR7mBlj!qN4x$}J
zBM1lQt75w;ABP&vc$$t@*qhuAYP7IckUncH4VY_x8P*YeMr77*)l;OV-fm>e66ud#
zP3p|d@IVE<7sw93v)3k+pRozFrtU=MGXbJbJ&jTf1vh6Xm6ZoFH)QzuC`L|H!?Dz!
zyEV5g|HhagJ}L;{BQ{dqva6XiwA^r+`xP&Li&yk{;D~I>Hi~T4iigwFHO;1?<>R6C
zn_oP+T1+3c2}d{_SO?FB_lAp&IJJIktHS|j8nBqB?|Vz~*K)*`TD{Si7a9fzy)Z7X
z6WrH#3rUKTM59F5V!m#PUdrsO*MgZw874O_>jmjQQ5PmPe(2zDsl0K&)qEGNM6yjO
z<N0$_28r!_?&2+1X#QeXgqj|Rp@FR3KNRmmdefRIiYV|nPg_Ttq4~MUx_E}B#s2v<
zp~$o4$CDW;8?zKl-$7EZ%LnVttMYJ+nhgPgTjjn;A}qH1h3kd;(NWWDDiIr)$>P*>
zj@i{3!LDzD8=cG&0Io{2Pa+}DivR-NKmm}c3h+1kC@;kwCK_C6$^@NtOnMpQP%eo$
z@u?r&WOUiCygXU61^l~LFZ*&YRNV}k%+A=t#>;&@LPkE}+~-drJw0?L%Gi*$dz0Z^
zyiM3|_wYuQMoGfF`R*Ne?h<iGbFg;*bvaV{jb$UNMCupe4;sCVIQYjRQRE-w_b>AB
z;{3UPqHJ8IZhS9yW_H(yD@YG(%yEylm<;4^m%LYBJo#c4J@16KAtNousGBRyN@0Yz
za=F*zb$T*Reh`}#pX%Jd?_)V$@#Ukm`BxhFg5PF--#)4u4c<qun#X?mRONo)^fi%N
zBD~G*iLgM&{M75?jYCvCs;_wZF?F^3H9hzu?m9n2xx;*l$Hn0dq5|Jx;-U4<nU-It
zzkbWZSH%>W*ZWiWk~`&zc7$O41e1qBC~jsl54L1+_;{?hzO4=yFw@pQ^)#oD-_Mdu
zoy=+!2;B)ys)%9Vd?4!#M!-9lze;7#1OlZ~I@Pq05Tte_@QXscVwr0hGsv2bIDgx&
zYhEODacBb!dICcFm)oea6xq)q3DUhWDFc=H(cV$eiPcUm&OBK*usqOT<^166RLM&n
zT{d9U9j<sJKD^Qwsy<$muB*r}O2*kanc<Sj>G4NSAfvOy_?Xg+y>UNu5{%NrCh9-{
zV<a48#$FH_A3-w}mg@z)nQwsO?3?~XFM)*;XhD-L>O&Z8UYe$mpK2}xE5&ajxf#CC
z4Er_|buemKd3d-mY6Bfp)us*iQmPtaX&uOBh}?WtBmalJuMCPS3f2q+*FYe+1$UR=
z?jBr&y9aj&5Zv9}Ay{y?;O_43?t3SB@9o>I-QW9Xt5T^NYUWH&-|o|Wy1)Jo!V;+F
z%eKi+FHX1$6zM~pdyawTHYxB&E&GlMM+b#gE8Q3Oc7~m_X`GtGN};n)j`}Rmrwhd2
zEvFDPk<-3TkL;=<CdwXvY?i(DZfN(ijs2jc@maj&;KxAeoxW{zisEQ7ZK!;)tK3f+
z0w{t+!vov(XJw@U`qS#*=V9zc#20ef8J?~ME@<!ytxtE@u2QZ)1^6dbo)vMGUqU%b
zI1llYfh#kKo7sBqjoSBL<R$V))lui@Gx-b928rJgN=jhGcNW*X2I|ITq`dgr5Zjbf
zC?HCWnj^Cv(nFwjX{ZRp)dR6|xp1ygbg?{ttTWrZ=nS-^nsAn_dA^gO#z?sAT5a#x
zT`3%IQ1@&QE1QZP%pq&~T@h}?1V&lx%&XPxIk6p(m8tU_t|;PZcd{{5RDeD<^6cHQ
zn=FLxI>B?i!cE|)K>?Z9Xn~aLyfj!cG7XV;B1WIBNBVKEyF>+#Jr-ac?8_hq;1j>_
zL9xlehJZ&?n;-Q_d2+j>irGYgTh$Gc`3f@6qrvfx$v*Ewem-=h`_<^HLTRZYruk|W
zJHGa+Kl9vcoV2S6{f|=BQKHoP!nnc|1_k~mJHyg>zcnScMu&bsUAbHnZ9e6iT|*tN
zTF870)^0J0d~mHE$^L=Rx%JdrM13no8U97D>l_!oh-F_i|6VcG$ZYXsa~C3qBDH|W
zKe3NIvu7M-HYXXl&2rkJ>6>K7_o(IgAw#CQr~HTW&M6<FuDPPF`(~U8!;>2!b6;|o
zZb<4oz6*j5UgJFr1h8rV4u*u<*QB201E@;R$gEh7LiR~snbO~}KfXEAEnNM_LvC{^
zo5GOC)3&n`l_pr?8DA`V^S9N6?)#=-ofen3domACsrA#TNX6Dq@7ploH?I3N<o0Q0
zb(7i^s8q?)7_2W;!j5MtK5Npvv(Rnin8j@;QXW!nVFMpM6@Y8ChWrXa!idrtQyw&4
zC!ju%z@}H>bNxD?jYhp0#3gsr4{ki73UxDN*!`Tjz2(sPY!x(78l4f_1-9Z33qF}1
z%O#&@PwWx1t7@(0yicQ{N?TC#*;7-I|Iv6E&Mr(tY{1EbeD;L{!Yb&wXrD}ZS4*wN
zmHIG&GVc%jj(`k5+?sEkj_01XQmWYOu)xgi3)+GVmq)mF#YulLwYT^KWzA0i%n(L2
zaa~~?hPM7#!9x*_5%lCTYtRp$yft4En@Tc5fL0IkW^gY-)nHK=h<(x!z2<*A90I@#
z8W?7UlxjbpZMsnwBse66b()nT=m=|d803XXW(UYT5}n3hPwPk?31r2G$=!?1HZ6*U
z0g?3_q3S2ZWWpyU@qLTLs@M6}1Gd|TXZH?Q!r!rYbTjEIex}o@=pmXaYbO-OD4|4!
z)ZvCn;gCti^R;;fzw#{VT|BNR;tRL8XEcU1d40KYwUdEt7n-6ns=AqW%qNZ9#$<6M
zs_lRGXU}s`GEmMAJ!%*EBxE%<VE}<kud8IGD02hr+5C6V^Y^=i_hfqA*Jp-~;pDVL
zgf}=}2-dzAhceiW)-CogjNqv=nFLB9lpaklGSQ!cB3wEVZIq8T&<rxf(94O904gsr
zu6A!{cUKfzWw@^|MVTM-M|4qDN7IE1wkNb^b0$|#d--y_B8j5f%V*8m-?^*EVVLj;
zdv)<<+o|(e@;OT-`Y#({ZyXj|olmQvas`wmP=pY(<BP^wkiU<?M2%Li64Aw7;ow@{
zEi}24FUlf#y;t?t5K2Ea_~kya|8ua(yY!gf-oa78_UEKa({jG;=`~T+J9&ECBx=GF
z4Hl#ucdD0tCMU2q8+8~+c-5XzLY`tKeIz%JB|$Ut=uxZQ`VgOO&8qj{5#<P#w+AC%
z5%#Cy-~%x8pYr}_KqS&<3dj-&b#?(mo2u^%zQuVv*cDcINplj^uF29_|A`@G)*_BP
zPDo6S^?GXOqEIj6@Oo3FA2mB6`FJ-os!<1~Z5|&HzX04XmO}Ww{43JXt@iZYK?+(>
z#dAc^QsGZxoW1?4-q+uh7PsHzHD4mQ)UyR9QNbs3!rQZq2hv2}@S{o8B@HDr`?73|
z-vNhI>i_MK3QI@$Wuuhtz1>w0c3S&YWLP|PUnS^5`|0S*Vf3i9G_9yfYErGR77B}A
zAF!>2Z%Vp1%~trjUy#<SXU>(_vY!OC>|Iahjk(*szyl<e6^;`wN|*3WoXY)DS%hK(
zv*e0k#IY_D1?zVmvtVKSQWNFu9{-?dJ)cyxg^TC^p^KPkwii9NW%6c^@A|ggeYSU-
zZGHmfaw+K@B_bS+({@P^u@Ecvxv^P#<SR33G6n`1<@Skpky0&%?AwFzVJEStwN{%O
z<b$G@aB^3G?Jcrrvh%H<{>?n3p;WwZi4Bb&EEuK4<hJ-BWkj9)mq8(FVdFt{utHgY
zu;_UAp-;=$iv|=fNf}hg!Q4UNQioWq9nS~Y`>y;v47)9rtWGLTmmRtkX)tF+qD=;c
z{-pL(e9eQQTlJ<>mP;>0wbthRaXoN7)K%a$1?F#3mT>5j_k@e_z9Q?}E}Dz&4MPZ8
zWuR)bTY@GN{WSI0cT30_2|E5?4e7#g=6VL;i(}VsgYhU7@=;bLIio(3(XIIsr5{S&
zc7LP-R}3hzidwjlvz+%<QK+|DgPrGePl_{1@IiY-p{0uJ+hv|3;S%2@j#z8<I}Di2
zb?rsHf9O#z9%jvNfWO^jjr)@>JIE{!dIZ(zqGQ&yD9@)@NXM%oS95O(tPb5t0Y?l?
zL62HfG2k&lCQKw!RJ*~VyHv$Y=)J`b&`|=nTv1=lRqXc$%}ifs2q8odrUr;<$z(GF
z&)TeQs#kz$E?1HH!{(sm{?6a4QE${f-0o^yrKQCY8&XQC>k8S;_qSR(8%MJ{?Xq;z
zW}h~{z2GGp<;H2j+gc`Wi0H>aDnxgKq05U)%K~EHA#BR|f)E5{{QS?+Qze-%Pj?o9
zNO&b!JZ`m}e8gfA)5B?BzJ5eS)mJ9KYr5)4Ou^1HnQ42Kc#A7vSRo;Kf2fqOXu4E5
zrl50mER>XUGL>q=s-AZ9yY41%Y`*MEonv<2j6`xKlMt^=$BT*L6R$3-(!BGSg2vU|
z5Mi-aV$xz=T~3AvP2XfUS>+rn`+Wvi-d8kt*^~|VdeLe4m%Ib{6*+~|&16}J>sf>M
zTp?j{V=TRwCaSf}yQ$pmEA>-o#xxJMrVr9GArw^;H`-MaVk52IYe~~9n`T0}VbsOO
zPZOGCbv(^h*`h5f)QfZb*Xg2n)G2(msW}L?Gt%1Le@K>)t<$GTZfsR*F~sJvte(y%
z^<)+)+V)*ApGMP4Q+DGw<R(oCXnxW7W@QnMTpvuaF1{rcy|9Zutz`%WNk6r!%`$5M
zK#5-zU?dnZt*~!uwO_G;*9-w2gYnd?-9gBzFK6e!^txG&X3Lp-!@6hGAGMKtxu~?3
zS#ji+SyF}0j9JlcWAcWJ8gJJdyH=y)YgjjJ_Nv{iQ<S0Ue#|W}Xg}~~7JnlhscO|^
zp+vi4RSoCJCTe-z#TtB+m1tpks^pcw#&|uyXe=;~7_R2cE}p!{30K?CA4ua4{!Cy!
zz)F3q8)I3f$s(YBdYHT5deNp-k<j4nRo^$H{qU;$%iLllX#D45^ADM-T{*q_ySyFq
zf@@d3GuCkUU6oo!HuewhUMwSzGSl_S5{On>QhL-fyNW5~Hu|r?^$1HCtP5K42F#~o
zJ(yojsIpxz*^HN{tVLtd%aWP1O7#)k_|jPM0;Q*0UeRP6)D;qeOUpNrNJdt?R|m{7
z<>)Y1NkfojQ;4qE#8_b9r#+NQ^KzC+B{W8|aU#QT;^L22Ipii(a8!ZPPZ_`lY<e+G
zaTDLp$V1@i6<**UCwfnU!r^{fHqlNLfz2v;wH3){&g*ecIAh}X4=H#GQLAZO{+R7!
zsQk?6Yz+x!wtlbNRrw*@JC+KHUISh8(E^;fH9`)|?0y=t#L{o|IhQh>*}sdvidfX)
z$lHz4=q+SGflPP&`<qu)2@mBI0vM(0g=k8<PD`S6kC^`4b1`-%#plpdNOskYloX#O
zs*jx%5lQrf0j6&3#bw_RG2}*?gy!<_@pZU9KRYN-Q|eTP_MwfC5kcfx>M9lbkcd!k
zd<1opzPOWsm409l;hvn`00H_s0T*RLe%P*DqF%L0k9DyaT?y9{&|uM~#hw<>8{;ve
z8VP8BRj9pRvoT>Q=FvjCX$n`z*C~`ruMT<E&<?Z^<ZT^~8%$P-UNgH-JAd>{p@u9~
z%1oT)_QEOKr+*d@;V+S|S9O^<BxqBZpB)uo!YHEngy4lh&o0KF!o)wI{1o&SOnocv
z)#`rPOeVL87UETdR-Wy8AyMxkQ&J+=qsTwFrz%lnw1(yRL{a<$Eo#ybeKW2Xl7ulU
zN-pKVv)NoL_orQxtKp4kD~p^??=!R)kY=qrznKm0j28XOb$?7t!HLw7szol(FlI10
z<23eF!q@%`XhvfMT5QixC{cmme*fIz97y3*0A%EV<oZd0rUi`nS|v>X)$`a;3im-P
z8oigT{gkvWMwI~}FJzt#d4&SvL~=PF*748c71yF#V$r4jt*NJ!uH;s9FB2*?ovUjh
zmeOW@BEm1tE~ePOkBlyn2xokIK3{Fq53#6EQIab*CBD%#!kdn+wqTUA0ut|eLzprZ
zDpha~7o>MU4wBhs`=&(9#BsH0#TL$_J@f3sItc<}ebvh2MV29<2^jFSVnC*~qc({O
zJI?~-@@#ncoO|;?LY9p27Tmf>wTnuZfyJ8m`aH*NkTVmapi6n&SSVfIhzZ<^<^HDh
z^-KF@<f&2W&18$`t9Yy!BZlp)w0a%aav~Al5!LZ7m4fco?TM639r&QO$PSM4tg!W^
zLIe>u80B%dl*|^>1Nv>9LloP4@}MO(f+0L{0eS+9kR9>DUx`cxULz}ogOILUO)QGj
zzBThNj@KoVHV<FRAoBj;kyYrV41_xUDHlHgo@Gn{WzK`H2Qays3p-Jk^jJ<-oa&_-
zZjDs@LZ@BhyL$ou@>v?zhXyz!eD~^?^q-P8ce+<$G(q;bt?y&Epb{yY+M~{WIBN|V
zr@WF#m4*Q;wikM%XuVVbDJKG=9R!vl+<-YpBDuKjl4F5DeMTbrwth#=;3(X0Tj)fK
zp4jGulVdwht_h~qVvFq{>J@MhS}$p|3B$GA>Y=p^o!4S(tWnQ~S^K@UO=nU%iNO_@
z$&Gvhu1K+sTY+Co<0$ow*)>5tD95{|B&lwvA?|ED17S%{OVmH6F`wH?e>O{YpU*0v
zW(;rWHcfbMk<`$&I&Tn9yrSY11~%9pI$BkfM!OkSyN!n40{3kobuThYXek2bek)tR
zWC32KE7-t2inVTo^w;9x?y7IC(<OiHlXX)YAGrxaW)1$9d;R!c@O1IWl|sHU0YuP&
z!GgiDAPw$}kOKXoKj|qzI`Er7V}_b`lLYU)VxLTX@cVtWj!cq^c3ciE!KSQ_^MB><
z>v-Z$C}f-mNf0j3KmxD3zlPpwOdpHQ)kxae7Rs)Wd%mZrV~Lu}$<ljQdUHh<8CPt#
zyGVO)EJx3r+u5Pw$l$rfOG$5)0jI`!N?mKYf|c3zxq3y>u;*fEPM*^Q8&~TKUL7Z*
zupx?8OO5`};g|iT0!aL}nK1)5Sv9&-n?sU?cvN#|!kLqRt@csm%FF%-Pl~Vkycq+h
zRd$!>T@|@|DBt%mSWY?Am>~aK`^m64Hgz{!afmmjaxrK2J-Pmh(vH^E8N9nf(Q={-
zP8klmeEpH_u?7?VrVCehB%phpgX&zB8+(_xL-f^FFJDd7ip_(k$dKQo_y<*Y({|J6
zPlC}l16)z&Y^Q;;v?YYof3$ju&CI7Q<e@V*kMHjvj~5%zR+^u-22zosw3TcoklQOV
zjlNeHuHuR7-4_@+4$prVK9u7!S+l?XjGZ_@y<_&#A?Uln8i9ArPNUwy=+-{fuJeTF
zrWbS!G!z0s5Go`SF^dvkQ2bpoqq~k$sl3+T&grUePv&2UC<!;<;IL!MZEm&IJ`i>j
zW^;Y4zbyACA?rWsA`3J{wKF(hh*GX8fekP_dM!U(aaOw|+X@vJ;(g%KUq8}BLSFNX
zvFDjI>b|!#h#vil`wsu%bZ`6EuYDB1yWv3!{bSsqewV#VH||YvP>7FGivT;?_;T-H
zx>)|}`eq<3e7(NfoZDjygk-CS3y!CoXMkgS2IGF!)~^FKUOk_~`C*hOmQ0;or(peg
z?=87vdh$7veRg~BXZt+gd4IHwv+eC4$Zt<L#C>7CSNyF%V;Q~GwVG{l&0<P)rAw?V
zVZjcb8kZPzoP`F&$SgyFG<_)qx|PV+1=KZI9iL=??TH8F?l7ks4A?jA_~aJHVQ1cp
z!6>>j@jJ;$2(F<`Mj`rRA}{Walh-1)SF`Hd;_1SA+j|Sd6U*K$afv<Dv{Z?}6*17G
zfi}bwpF9*QP%3bjpyV!6UM{`f0gO-nVrQRwKbs&=S13dEBjff4eMrZ0F5~m~R9<p_
z$aKBN2(+<6Li=t-#uy!Ltc0oBKe#lpQ-{C47d^bnMUV2EXq7dhS#a0T)y>nmBM9K^
zwf{_GPn6<ho$Y!Dw-t!kn^}3|CpLMVxuxG>v^^B3IKc}FjhE%)_+b62BGWTJHqX{7
z3<mdY7|-_Jhuk_YA@)_w#G*S;03cm|FST$=p(V=4+P?0UQ0VcBug+=hu6&YrbV-e_
z1kb6;p)mv(rV&2Zo0ZfQDtR=oUZohv+>?gAcWaSCk9mV%p4Rqcza6*q>L(Yyel32O
z<Dlv3+kaL3;0#7dd7IYgyO^I#r#AD{8D|F+Fv4o|{=!##FaVpo5MisDulwyo!ol0<
ziN7PM+^Jig=t9me=Taygm^hXxktg#hs^w~P(FP-$T8OE*oHDqM&&%IQ$T&$+xh_Ji
z<e0<#1}?<-hK)uQB}%dmD@6IFBunW*!v#G@H#v?>%ucK6JNQD5^gTkj1~2)2x0J_9
zF>68yhUY^+k0-uXt38-2b6%85P~ix`8jZjDW0O@wk{S;&tS@OJBHvvuTZ(q8^fwI=
zVfeqIY2*Zs$}c29@Y#(~9f`l$jil}NaTJ6!=oF}=IOulw9x2Ck0NaK3X~-$M$;#Gi
zPNSjUzUI%FSbetPNP)gsxEJq+W;5dGDO>H$(!~jdayjFw<YuH3ql)Q0!Ia~Z9cM(6
zKl<8Tur0^&#}rk%fJ`~9P#339-cHC<Ghu%uQ+UbgwA%chv0}vx|GZiG0aO#OScmcS
zp`NOzgBqOO<eqNaZ+F4G^w?kr?MsCU4K7B{PjqU!d@7XWVIRnKJ=V&j^{COoicK5Y
z8f@)pd+_)l$NEi*v?~y9wO@q>uLhNI*}-LrrQlv*u@lgu9wYx2P^DhfnJ?B}G)-4)
zVI!cIRT`peEDf~2w4o0u&%PuR6P9OkVp>7TDPN<cLOWNMaggpF_tq4$Ee->f1*a<F
z61{v6(Wh^|{}&4Y1Ct1~-#V@`-Qp9i%7qRoM);5k9z!O7{F9Q@sYh$3a+#UDN66T+
zr{|RxA+-cXTqG5tV~2K%A<GPLc-c*SqTnrWC+R|)Ttr8Z2cq3O!s*81+f?*WHJvuV
zCrDabt|gp+5zQjTkG+tO()U)|-JxR1R8ouUBZN~xt#UoE^p!tmN<7UB02VV>;G)A~
zg33)kKd?x?QUA?&U`GlQi!}N$#44Z5+1FzruGmk6D#_4qTp9DbR&$NYCFj4N$K>p;
z50o;v+PaHm+!CGl>Ymf8A++<j8p(f(j)pjj(BeNDgv`G*%5~2<Y7m)pm=>;3l(9P*
z9{T{zhUq2!A*wdqI(<GMgcUpFBlPxWoKxh_<1g4?W(yqN-|={se!Zz}Z<mkbg6T)6
z77C)HLP?`X3D1z`KIJ@dELfM+KG?k+x}psi>CPvqL6XoOzP+}DU@M!iFZvfQ_Mb<(
zAJT9*pFo8e-%c7ytW^QT8LK(6$@=p+Sr`W-236t+8NZQY+s&+MAt6a}O;PiJrnKKT
zV{%a4F$?GtNcj3ALqS*y^9zo1)fRtM#`U)C>=4lw^?(y+kF-YT(oflpt;Lp`vp8;Z
zh<`=}BX<_~{fDN@2dH!{<?(_49`5jm4^n8cx8jaZe>sV!#Gun@Atb}0YEIVQi!nb@
zl{+<<yx(w1E@Sv4^E#R}8vh<=UA3mpV=%C)6zQAN(;<|j0X3oL{T+S?`fcyY+bZ^a
zh)keZiDd(!N+kMV3gG&XB+4|wRI%WSIdJ6ALg0O%lgDTvDakh@VAmN&?%4f8Jdu<6
z%JHR~v~oD$*GY%9(m-M_M7LfNa{<9)WO|{CiQMN111=0(`~c>MqInq6y_Ec_XMP{a
z<b6Kif<$ybv0Ej4#fOuRT=Hd-#2!&62{CXYIXhXw^9&-cV^K=hIX-#ie4g?c2x+&m
z)6;}{!u*pSX!=?bM13n!!FEvL2BWt2GQKM&bh%C!X@i4RAEL;v&4N&_W)GJNhayu|
zM?+WCgT?qCulh*Cuz7IXZXWg50ba#^?BvITAm4o^EvK>a=G)VfchgrR#`5gH0p4o^
zu64~^6yB8P37Sd&G_N`oTQ_9ICY%Pe3;{5SbSc3dMSe+&$>YB>l-GbMAE-0ri}L?H
zG}SlEEB&^YEKmRQRA7xhJnx`HC6k%k!eQ~m;bAy5_Mf;Y@!u|%{}NiU;&i%;`$yQg
z3N^e)odbHqnRv5yV1Mqx6Zd|0e4ngXLhB!^Ib9g!Wc5>G$ZNvnXIyGCwAK&U7rhT5
z`le&!NU%tP;zgFW6$8Ic?nPKa?0v~|P@-z7k3^kp!Y-uZUh1(p(Jgx68%X&C2v)!K
z2ku}p--<1}5k~y5l?u#cJLymjkK0q!U9JMp$M(!m3X?^{h(|KhS?EZghZE=WPWcI?
z9Y}fH(9qO5G9$9gZ1m&zZOi5O2MEX^bY60V^j3TTaaH^)-~HDQpX--pT|n>~N3sX2
z|2aAEA3-U>NrG?`<oJ;c_cwe+ioZEzSKP`NVm@0C4X3jrp7iom^%*n!R%YrQihGA;
z)X3VkhtA4JUR+h#y3hy6Jaqf%@m$;p-{6U$Yut8MA=aS11hzau8^NJ>_CCE0j0hK`
zGZ=IeUE8RO<Vzd&3i89bzCf^2C-g;IAWvHX%z<>Lx}leKOGNT);Q+MPw>dTSqA|ef
z$L48H2Vp+ygxk1bSt^s-LOZCCobBK6-Yh?7b!Mx1qSlUj**#mABvAub&zW`|fvIrZ
z#)4_yH?EH6_5KR2<ysld$q{+%OiQo|ob-ZFnC}kvxf@#=e^Eu1RHt2+$J1};ifpSt
zS?c`k=<fUzJpLW-eB|T<-`DGATVb2)6b9YQz2r~s^jf0j;K?_x(Zzt?iQU*be~2uh
zIV~@*^rmSKqoX%ILeG3@mQu9*;sho$xHG33m%m9zNZP$x!!BQ{gp{mICi5>`mi<M*
zBmimHfIZE}LQ-_FgR5sFhF@~f7mDTHUuKYamA1lC5L1cd5?D59XlMz|!YfiQX%{`Y
zL~bC*fpoN&m{p_BEJA4@Ob*+e_4LQ%Oh{1V)=O-&zE~K+Dfd+SapB7_GS}~NRQ)8C
zX_!jmb9xgKjAy4?RhE-+0(<q`g*k&N*HsFm7gI=*s+G6ZFKDz1C~`W7z07w?>UNvY
zB5}j<vS!psa-}`ixe;qJDr)D_$w*s;BZ7Mgh#T?4%4L0=KC9Yp>&xk4)o%FnuBTLo
z@x#PJq2hg#0Ho|^g1&yk!8PkZM6A1c*-8~2aIM4#u@Y);hbBo`*-@9bYdIFnaR_8x
zk8vYn=i;V@@0+UKc)B@(q!4+VJLb8T7xW*nbK16<l$+=oEM3~qr2<I{lf)T-9Ss$M
zmFqLu5opp)`}H^-A_o{0qQvGPLrY(1Lsd@w-c?w1g=nHWT{H*I)8r^f*`6aF%SqbR
z(^co4!QEAy3teT}37*#UoGO5viC!G?Rq)TBB*k`r3iJHXb{di3z?B^1AU^MQTO85r
zpKi!eP{f=wy+7jJ5f?cc3p+1LRTX$`$o#9%!_<J(^^qOPT5!Rw{9L61>VT#cP8=J-
zS{dUj`=Ez|egAYOTaMlXI7~eK_0+<Imjz^yT;=$0bz+ER^w7i4e8u)?eRV^7(Y=~|
zaw7bLF*TTNIKTx=9mw}<{z3W|n|Q}d&L3>}4)^ReVwJg&`h3x2yOE9OZcvo@B~R1Q
zyTv@=D@g`>zh`G>pVR7o-0>vd)inoK+=x+DXp|Pnb%;0I><QE(hUy*?f-$yx{E?+Q
z)Ra_n;L|0!n-;)evC2JNt_Ve^=gUFiHOAwP)F-sC(nmSD*R_+X8a+i`oKt>F#0EYY
z<bB#%`IErw?X1qQpWGegx!MzNlEjgf>XZ52asAktNbIdAQ8O6=qI*QwEu;ad=B4m5
zBnkVp)iQ2l^*wOHduG$ED%oFY3~tf<?{(|{n6$Lk<pGkKKIru@8R&`}*PEZrRa-**
zg6q_^MGCN~ju>@=X^hJJF|3R!ah0=+HJ0FqPI%cxORn3NG&pmr(S?tMWFqk)=zSM!
z*VNEJo8afr+$gb$xtwP#CIpF9ui2VYUl!#MaIz>7NSv5&`yQr`o|Pj=L-5+_4u(Fc
z+`UrhRwZq+dA0nop1zFOzSb0s>?_$x;`wS1V8vi2gD;CR=V8Q==}v{BFC8x=o!T00
z!e=?!z0)sI7mLz`d66yE@ut}ECKH=Tx@Tj-Otl{2J#`ERQNd$;Cn&IZ)v4Db-TODJ
zev(Sc@b*E25`TesHi-@>AVybrW{s1g{seLi%8GUf#9iroq!&?XMso_QKpOGHKAh}M
zUzf{!6rJ{`A`N!4U61+OBf4pt%SQ7?x~m;sRe2?v4EJ-{M%$qUX1oX}Es+3#IYl}D
zjM&0B*WBIvKt1t%Ko_5Vlt3iVkgkbl$C(C_<YWPv@75xe$YGZH#57Y0BCkHOXN6Pb
z<$TYf)i$>3o2ynkg={Z_0827^9`)mMgY;}7e1R3`Pn+#RI-oC74J8^|flvAC=3af8
zzIb^DRhgg3oFC1D%Z}Cycap3nB*h0!Thl7JP)=|8iTWMZSIl5JX(+>;J?C;^^eUJu
ze~+EK-&!zE5AeGm!6(U=8(f#Z5t%mb>Tb>Vxo(iV{}~P-Hy|cF(dC7$<3v_YGNt~M
zQSo3G^;zyl;5j_IL{|^D@j;$SHiMA>yh2;}lqIlB1u(W^oZMhZ#Amzj{nEKRK(+}s
z5S=?#1x%l+flj;@(e;U52Bd_p`a?ujGtK6{=M%l5J|r}2?H(}s)HA*9Ha8!^tb%}q
zKTvMP=i+_ugo&QMn6z>g@otir7(x%*6EQ|bmc6g^##Y#YZm8Jp2Qd+v1Z9WL?f7QK
z1|b>G44`|S+F!5GSIJ`iQrbQ}D<Zvpo8IPQE>d$~)yr6CvY<45#HnV-t$j_F&R};_
zi8)yjVO|HA)fALtSC-l37JeF|*$A)4-0!B6lcHn{XF8z;C~YD>%bbI`kLOn{dJ3f)
zhR}ZvYN4$t!h#*CBNSW_jS2Qj9E?(rqXq-@7bjp@D#&1XgkYeMjz#=2^_gKfl>>Dx
z;vS43E+t|>lxgp-JBIa0p`YD(*vfA$#|ew?xcR%P!d(q&o!w3xa1G&3s|qzII&f1g
z@*3rg{~+zNoy(T=R_Ka85PjrY-F>i)hPJk?UI?DL@sv@b*v3BHi9bZDhULy7^Xa{g
zSE9N0;p1z4fmw^GJO8YP+-A5^!BJ-ctL2#LG>jUhHSWHsKm1ZqBQRHm5|#I*^p}2w
zPaK&ArB=Hm99B#}01MfR{-&Q9fyri5-kB6;)IcH=iq}83F4dk^qAdL>>IcV6fg4sC
zpS_4pe>e2gn67Aem->zCL|#I~1NKTEUDS+iUyo5ULtf1WF8jY4w80tK&Hy3P9xkT@
z*g$soSSQFN{^2z0Q-MpWlz8L>aGT!dArg7cuR23bHE8vrCw&&<864K^inW_8jqHx@
zViivLIYU1~4z7DE(%LysHtZy^RmalwGc?}2dtYO+YAUR!)RCNOa|K%}{C1Z<S;Y2F
zw343=KhT@szDZ(eK!2S){Yj~bV`CH|Jkf+_t5WuhNpC{Kg*~z|Q@B$x{`@f4Yg3`t
z+#(IV*_`|P*`Xl+CGBA-b^8&yU;xg;)*;(YNiMnp)Ou;vV9OxwOO^MFbi)A|BO@YR
zpFN^+_zRSO->?#Ht4W!9zfHfvK;DMvlP<Rvg&RT&iA4s)QUpYn!j4BZH{t#caU7)v
z1Q@ao0L7?A?@_j^IyNabY_7{w>=xc{Hlf(lgxPz&7o(ESAR?&HY4#bLI;1b0`2^Gr
zJr(k}c?a~Dvd5Il(sI2jr*nO}DGpT;$4G}5$(i;_$WC840ZTMix={27S8Vx~ukgQ8
z4FFr+vfRdaLGM17A&u9Q6t6?bKpQm`n{{L_GdYnQ+f-yL{#+xNDE(S7!>UJzp=ApG
z&MSd7V%2_y$d2M>+|Q$?wDU88P2NdLPff~8G-N^klFz#-Vs*}yqF#fuC&6Fa2j8M9
zsVBU3=bNE+j_Smsp5-A-Y@Y2;;SMpz@D&*E@eUJjx+_AR^8!Z)rna_sN-1KgTjMaS
zKC^rnDTznD+t7+H`9dz?Z=g@E^57923LD@v-SAD%vfWXx<fC>MPcpk3;+w#-%ryKd
z6?za`MX<yYa#0+n@xgA{B5Jvh5{s@~?@Cu7ZQPe)=J<}0B@-GFLRi>?E$ZvX650gI
z<?>_koq;bBaMD^0;A>7SUecP0Dy$b%qCD`(mD~+>PpJ0!s-s7*NE|<NjLiAHl<hYb
zt?az+uw(a*<*YLVI#G8n1lfSGy++7Uyk!_Wx2(+?&EurUYGneE)wG$Q@j`87k&M%g
z@y+6*)$TuUPT%8mJm$>VVBFbp)?6|3n}m22`R$8r9ex4FS~fwTf*%giWxN9879L1C
zxVi87;K_ctYQ7#^#}%35)!VXx9>`W2^Z+d@9zSJ5A6m0_N9c%32|v~Y|1Ds0=DeNZ
zrE}F&jHb(lXjS+Q_T?PB{BXA8b;w(MCdQDS=(Kskp9XM-;nO*EVpZz|(7*_b7o_N|
zRamCzjlf%SX<h#}F^{wr2D5=r*XAk%Xv`>%EWY~_zsT5drz(F=R{UP{d`6Spi%4sM
zXcNv4K@ae`=C9Ul*qGy}GS9g#lksqSeOFhi(z)|Amghl!XE<MbhH3tZSx+Q;nrgSl
zm$vi*Ahoo6++?+DkJo!C)32Tb#xU=l&4MY;rb7m)_aa2vH>UEr5o7dTPIK?8moXGG
z*ig=g;FN6E<jS<CI-zRsL}*jzbrt9fg7OU>_144U6<NbYkMA|=-t*unM_twi_t%f*
zxCC%+a`3kPnk(oRrb&7Ry5XlA7c(D=<g@WJj#j47v0g?~N~vTsR|=XGr%Z`Ise#7U
zL$mXUP=8qgd8{QD@AYUlC=sx{*L}TW_tN-{iNpRHR@%NI6cz2x5u1N57+gIwo^L^4
zYpJoaFGz2&dZNLIck<kS7>VQH)c-u<KJmLLvx-cO@j&xlPKzYoqDNt}w4Ok)J7iGA
zKoQbvb4toC$Q&!}UXzS)<~WciwUDX=i}#0~$C*=7^{#5M_*Md3DpCgjNsfB=6}}Gl
zPy4#mtvbuQsM|b0?b1RKF6U?jQL<aQ%n-Jhb_@r!m%_38008UnC>*#;ycka#ls*9?
zzG^l}>|CKmp^^=!!Dfxn4&Hd(my_35YvG5*g)B0l>^(iAUY9@i)({esPrVgw*>YHZ
z-N>6PwLTo+DQ<K8Q@~R>_N$)2Sru@7iF9fW4EyOSyXD>{*^d-BOdcoPlo=WmHM*e#
z>eF``bs}S*i&b^fnp_|<3%}x1*V~uzJ<4hlrPeg-cXee>6dIu?*I~w_5PGcSvCZPQ
zktlz^koMQ^m(8)v2m>Cn-M1x0mLn3~@B3lJQcgLVp_d_UO+mTTdpUaT8=#?uQuc#L
z+M)gwrMU?zpnF;S)1d|MnE#mV=uGe&|FN-ig`w}5_#D5G)IEAG8;^~Dielf@tV(~u
z%OGBIytx@M&0D-q^Yq?BO`HLM^<{sch#|cbyfkErm#EH?hG_E+QaxLhN|vp#K9@*e
zTz}q1w$TZNm*SJSk(MBl+6dp4;5onDf%kxcn`O7N50pz`v5iL-)HP?hIXKa5c|8|U
z$e83}<>vW3=JO$~4%g2pmcO1vB6^WJASe8G<0Tct<xXKYR#cpc@@v48h5VNYEFu8{
zyVqffG+t+vv5a=KSaB2s0)lNiMFi!+IA1x*ouOt8X9B*K?$r864gm|HTds+^hih2|
zH-Z2KDgu|L=EIVtYdq|G*fF5=AveQzDV=~y8B6WV7!b0y3MfO`FY|OOS!r4-yR48J
z9uc++zLTGx{XjCzySc%wqrYF1EEubD2z3a=S>RewD-O;ELbAyO2FOPHBmi_P_YZgw
zo*toV6>A*<@E8}{3(PI<Zz!^(bm9l;a0~Xkg2kJpQBO5x#?BR<nO=0Oh57Y{<QR;R
zSH7vCmY*?t-J(pd6kn0(o-a_Wa?;rWJkJVG3{kxECB-ZvLARejKu|p-MZhR`^~pg1
zdG2SU>3Bb~%foKDQke{i6y>f<27X9O5<ZLm=(*Bx5b38J-{!(|#{5w+M4jNvjt@H*
zp7zc784?@mleRkKmAO*w?k{j>e2|Cuxi7PTVaIm~3iW7-a8)L_V_P|Jgg!LN#XY!Q
z(@N8OzCB{e;&X-g9Mzv+-e{V>eOiyD!wZR{3cVx^>71f%BK?W-(t<+6JE+DH+?%H1
zt(`O6OUq`Wni@H{cO2b~{Co{o*^_ilK%RFk2{}d*?cnYy;39cakC`9RnJX5veSWKW
zTFX?lorMK3X|SB*0=!~A%Aoy(%F9XiFJr|AT_79m#ZX@)1;YW=8v4KmoyGa(0QF};
zegzC0_-6+i!8%1S`wJ%02aV)d23PUI&J+4Z&B-wo>Dny26D=j9N%3iaHR>BqW{%>i
zdqhf8OEGZ#Z&|1B56~I>Zz{^*4{UPGSyiyGB!s@+*6D$7<H7eIQVl-k+$ZWRn{nR-
z>4|UR=KDmFd_V>X_g*Ol#E{{O39wv*fPDy+=)i}8;B5_p>kZvFZ1*+BPb?7lIcLJ*
zd`k0d@3Pb#bwCW;1Mu}IhW%9Yg+K)zse*|ka7A)}*<MP8z<7U2VTf1mI=uYS`W~F{
zi!In(oQhkHa~6@K_1%G!a}~Z$+NNC^Vt~&Jn25J9wEU+8fQ^T86vhmIQ_1nWCr;;z
zA*0}$KPJyX>4esdFq@2okdUQ`S&b(Eb#Z?{>V<Fe`>3!z|MNWe8Tg|*1aWv2e+vrC
z<2`=l>z(lOg<*yd#KdIp$j60hW0hq`TpOgRU){j>ZlCjkfdkmWU*Mp$-Di{z)Jz8m
zuQEa2U^0v^-a!T;2MJ~vheeeKp4)$t-TW6s-SThwXcy#Byj;KkGK`@9(gVd54vz2P
z5HuhMBQ=}+1gjPY3OSp3f2q@KK{L;|ujKsifak6PLcqg~FOY)p{ZahSAa%TjExd=F
z2l1t_p+Ip8fSUuqs#rk}|L<FT8i7~IQV}O0zMBpYV5wn~{)B%<#0Idx#2`WkRYd!c
zf((#EX7MvvD5yfCkj5ekGBYHQ(RIH;z<@ps2htW8XY)V7e|iIJZDumM6N06Jgd*$W
zCl}`r2LxxO8vaLO!;lEPau}$>14)tuTI%6={vY35M<D16H`d2lQGbC(ViWQtG)cZG
z087$@#P<D_bpv>Z{e9*;Fwi6eh+~GD-z4#$;1|GJiqFi($RyuB0zxeaW9~!176If8
zd7=TX|K73-`WbXze*cx^3RsFM6HoI$ID!~Js=~!>5(Nho0X7iBVg`^jfmn1z>?Scm
zvT}g>%Sdk@3Eu%j=hUFy3grIrKfwuKfwe-s`;L7fECJFgl2n-Y>4adcfZ)?b4F3oV
zJG4MrChd0uN%9Re{<2$RAO#v<Cj`R*5l9943(bjl#DLTpLuM82BLdO|g)9icMhF%J
zc=o`CH#h|7!;rvAW$)6p{|Vm12ds55mc$d~BLfoZqh8iWk}MEu4mSGkKYqF-U@M4e
z+@6mBS>`ZkDGw*he++Qnx<RV4wcW>tRf_>6mzvC@1tI9*#6R^)7=UD5KL_6N<yp?>
z9q{2Y&}1ZfR?R=beeXdV&MQ_8H0m!{Kq$-42;co6rU83b%<ba-_uCvmT291W0!iZY
z04$X}7D4;ZM=X<oFT_DY(k2Fz0zDXslv)w+PoSb|4u{!a=0;qA!iyy64fX@*!{{JC
z0{`yxPw)?Kz*@b02Dd;G45H_e`Qa-Y<pUz{`p=m}l5e0Xy4@H9E|4S)fJ2g8EmZyU
z5g$a5zjb$JTabK{03@f8i2W_zkpnELjz%8-SJr>d{RYkh@t<4(|KHL7zoY-ZadaPA
zRF}(heAzT^|Gmn!&Y>mf1->zVeUYo~sg;>eD|Kd>EP6yPkJng&T`abK_x%g#W|MgV
zrJ=DhPwDe%xge&r!HXy#6u{EMeDv60)j-a0)bE22Y-<3s8i?wUQ6$y?V2JyL0oq(}
zi~ZZJI|tzBa$Pnc*xA_)htu#H?e_#TT3n-6`?)0Xc*#V;-&Vdv;=gvE(+U4U($o8+
zUCp^Giwl?Nf`7bWRXR~T_m2Ddu5mgxHk5p~awR;2mRib{EfK~eT%fgieeh+@)_$^M
zg^PHXUhBs(uf*2OOqS}KP-e!;`Q8=b&$o{O&a>QV9NtJC-09s<o_F_1=5dt~?YvL{
ze1(5fkb`c|gnlcXUL2}Q_tBqd2b~qreJo2u`Gg&!aq_siG#YMTZd|_u&~UMR|DFb+
z58&Jsk6o(RfIJ4+672k2t+ph!UQXx(P)^*_Qk%J|4PR(HDw5cB@$+PpwG@JogJU~Z
z9Nfp9dz5~3sSl$IDO6i)J~RB1+QhY_5xsdHquyU|X3z;PP6VLbV<9SC&&9dxpWtz-
zO0mNTpl>=}sgc)@Np?@H2N+#XKchWyYab8)`mGMy{Q|<nL4k}=7PNiA>MrBlolU~j
zcrBuY6OkJZzkXTtoWU>%y7Mojc4iQMKXe+3pRpDUbPCt4w#DIQ%>9Sl=lV*0(4G$&
zsn7tDaPOmDV!S^CQcec8bDT|LOHZ%&1XLKK0S4Z}9~@+35!owNgxkU{xPp<M&)7nC
z#v(Pxy1SBH_Aa~2srRB8)$@F=&&fO-(0d64h&FbBVp7KqHP|0(Bd~+@YQ~}o$1=2j
zBw}N|ox7L3y`BVMLhAouNqG%D{QkR+L+g7ydtulUArcGrJ0f?hYnxne5f_{$42KZ#
zs9_!P>F^s%S&7rSBXmMlHV4R)HMwN3jrQ*zLS}lXWgvXH<5SlcqiKJ(=ezsv%k$E!
zWHu2@WJ@vOwmfr{pbu^q5s8o6edU*wUq1dD8@fR8@e+AssZvvK&@Y_Kb)xD`jV7HJ
zZaPZ3%P27(U;7!o&FE-D-S)?m*A3_T@@V`8C)V@UrWYEe0z83XPs^mS54j(s?Isn%
zp`xmazQI7GoI>vX+d?y3Ls2!ISD^7b0YPC1bTpDY2nX8Z(Yj`bISpsWa+?wDW^HYF
zbc++wDtH`56irElJd0hAyAcMP)pV>6v!73&UanWT_m<y0bMIQ-TK5{e2A*t;0<jjA
zegHIt0y~qs$^0SkLD(7iwp^Ur1#^paPylERMe+(_((~N$)>o|f(yazA?<Cw}EuEjU
z&JK#@m_0tT=XENfyXk=V-a|o(0lc_qgaQXyh!7eA(>LxtLs=5h`3uT7h{?TSFu_Ws
z*I!0w$=t9HH<fh^dx^dz9!$+4RN&b`bAmT2{sO0Z?`m<Gu#n0#6qJHe_w0ICVWBF`
z!->eWM+ue9mLV&kt=>u?Cf|7@t9f&3S?A7!%Le=qeDA!(y)=yd>I{72^;(qy4;DBA
zSYU^@h!2YR8+s%CG(8^#st;HhmlOUY`^}5sVsesSV8<O{lpy`_`%2D12IG7!&yD?T
zPkD_*2(fW?-$@lxcx-7&cTC^Bp3lgXqJ$HKMuvv`xuW46YipSm-@XLC6UwqB>VV1X
zV$~g9)DL(^9K~zWbR|aU+Xji-=z*Bxu6mD~UuFX)3W$(G9t8YnM_G~|#!pqkJk;0w
z;TsH^AxPMC6R~*yON&J?FH5!eim01J*Sn4!_Dq<Q%p@)Gj$DyGU%3*zXFgK4FeTjY
z!t^ZjLMfN9?#U58{62-BL$bUtaau<H0%6Unam87}W(GeOdA4;0$r=3smg2(I8SK75
z9yO@s$Cd4zm6PA8%Bp#}L3!WU+*Mw5{89Xrb>s9#>RU0rYU*{#w+w#HX4g;CXFSRM
z#_Mk?or}dn55Uv>^-)~JN_4>m6Z{Jy@N02>^m-9|&m#Z+T%>8(ygt6$fIcs}sQXtu
zt#&uah)iDS$>U$zX$5o!#@)98ANj;6k2HNy8k{Y8l&pAt_<X0$=ao1b6tOaz-le`O
z%eXtgAt+s31nmO?;mb62mT&oPODX6c#dKu_R-BI&i`heNLrgB<++|rC9aZK>4WI*J
zkbq&*3;-%*fM`Pj595Cn<=@K_jpxUHm=jgIl_F?!T^~#yciu+(Gwg(530$alVxihG
z$?sqbJ}l|qtmjNf!-Ce;o#`hmhCv0e4FC`dB|8T&PwkNxj)1exoOL06?0wT<enAdu
zY8*`pqFMhRcN4ZZhpY{bC!bp6qJ6#^v7Z;~AaYY%tgev78+Mc?RtiXhQ)CIleVR4u
zm{x<PgM#k7s7cJuD}P^mHV!tJ$h6g8EN+-jE;OGmpZtO%_eYHK1~KdN#NO#C>}f^(
zPpgoGFKfCY%l-!Bej5ivrVPyWPz3Gf@+*~8aSVfA&6y6WE-&1EA3oG?tfn^`mL13!
zl<_pETtLX(QGGMBjxiXkjf40Z7EDYqF-@j>8t2#MixNj^fEZJ2*dUtL92Etyg1x?<
zS9S_AM#S+IQg^dUj!%ZF%*i1-oRu)0F=Oa4aR@xUS?X-Nf%gp+QD_Ro!#p@RXX9>j
zPY=675N>saR+)7&lr0guDOvqiln5PFo!{b)1FtH3>Z`I6cxA6`e&3zZ;h04q?^kD~
z{sE^*EYb_*;$4MyJDlDf0r-9#L}iJNd^q>V-wDQ1@i8!!Icx7sEk07@WmynHH8bVA
zKBS-)|6pi!XGat4KJAX(qZbI`u1BY8<d3J?ZX^{B_dRrwVu%Qf_;G!2y1&pwspW-D
z|FKke5FZJT0|C7ZA^S%Ft6DOZ&_Zjd8&v;*1Iq0=EGAZ}uZc2Wk-`XanSHXVvZg``
zWM%GWB1%qN&RR=I<gGu68Uscf`><lSXHf8r5}HeXt4}8DTiY@LznU?ea0W4ne#F`k
zX_K@UiplBn!#Zf1&X=Jm-PtNA=QF+$(P3BUHp8(C*$8^%d{VM^h~GHXslqj*511Rv
zi0$ydT;qswSLbpcC+16u+m8GolMy?_l_*%bmT+F}jr#@t6?+LoUJQD0anaX$l>kpi
zR6rKkItj;+YQl-mAwl~k21IPIK8%MtXrK7vQu0yUp+3V$x0!wL6IB4@SJBQN$<zZ>
z@?Neimhf}3$M0Klwc3VjfpL)|Heqg0#6>75`QUqUd)?B{rhDU&vG_Pwa50M2{HbLa
zq^KxyL`Tx2XD$R+;1yAIR{J+xQAzoT*7*4An&sFWT&75S@$u1cl{#WzrYO2ZQsDVR
z3Gd&ZAi(gtLC6Lz|EP{%&Ng^*`er5hX_iVATYW0fz76}r@r$mUt|f$QMOynhSjFg$
zvWCT|=yEGqzidX}pLt7yka>-jIdVDP>6-pKqep^e&v&o~>fdxbQI>yJ?r)qT8IuL3
zpvO#Z|G4|`a{C@uq!LlF7$Qu1xT7f!GLO8kJ3ea2_GD4UB{2#Dou?F4w~A=KMA%21
z{OXg$bLms(Qr1@10O1|~JAhFM>1Zzunlc$pbCde;YP1@yt3sD-iyQuok1VFq9)fR^
zTIHtV5_0wl)dlkt)fFTGuNN3p!R-3p5u#U5Wi<nekmNJhPge}&&zta)15%L0Q!(<3
zliXsK_9fzSukTF8(tNMBmGJzKI2zrBWS9aa(Ff19Nfvm&54T>8H+ky1q!M|XZE7_`
z;?7I6t;FmtEEdpU9vxkJZo~fQzw2IK3@^2PoA@}6uIXD@iGd}=N?~M-U<OM-$a&hj
zoJnfHz(5CPR8}so`eT0HR9rG52zEuIBcqgldlNyL$o34S=+qD~(D>6ggNoOTt?nhv
z%j0Fg=6WHb%M&pQGizA7?S<maU9g=K$>RC`>PAqQS{~PP1VZ9Fp>=8^pS1@#IJmCh
zkK~)RW>eFz(#cGa81y<}>gwui3xkz~uZeov4a!JwCi`Wqan;*%cN02tsg?CbO6a=1
zCW=;Q$;?k|dQ*q1;yRdDC+O96wTR<2PD0DS$i*kLPIz;5$yr#Kx=_i;OexqpNBU*A
zW{n&s8a>QdU7JLW=MVc|UA83RQquB@g7!5=QNx3AiG>(PU)<p%4yTa5n2T6P!pspg
z7fj0e1=W}JH0fB2e{wT_{C*wwOQTz*;pko@-fPg(*q(dz$qGUv5v}wZBRe*T;PvWE
z!pI<A$?%>QccPp)fyyjrQq?+C+m#&ms^23lT<+@u<=85B1EdrtRt_vy4P)mofqns(
zgB~Kw<0Idm{v5*;&85ve5pRPKVamgYn{Ty@qzyQSidJ>Cwc|bWn20pT=lAJz)ku_Q
z`sekXD-**%t)-H1uZwpg-!huA(Vl~+drnW}brTbaQ4g}J7?Zh}Ex5h5C`mU?j%;y7
zY^!OqLm0E_T8U-T-;gur>#?MM#;e`G%|k;9<!^h2dHIGGgbN{)Lz5i2n;$RNe4d=_
zr(!+a%0X;qP`)4IALOz;Rzc|%g`!Y&)#=eEM#BlUdoJ;`*PcXJZZU;Y`NgOjYopqU
zwO6(rf~7cEhRa-BC0A9_$~sXhH-s8I4nU9gSv!q_DzaJVz|#@qt%mVh&X*r*=G(QI
zStgWUGa4BWu~WXy5pA7|XemaxG4g;VzA?h$olJX&K9bU$_qXL<?4DTcADB`<t=Ns}
zQC<%7y2Vn&x;|$@_OKC8&lNfz?e9mK%wmp|PWR8jro3qnEEM_a3JFecbOpdiKeY=_
zy)iDo@pN`}LV6Pp3j&r%=nT<;$w=>QpV(y%<ZHf_J{<)zspofV-gEbF=Xnyb3=9mw
z7521LpY!KyJUz`vz5s|mb6W*=+3ezPh$r%;q+~F2!yZS{+`r7QUe`DL3@Zsqzy8Lb
zVeUJWSzOQfnD~JIUC^&PWrpZT!XUYwn2kE1U&wm%@}OO>k?E89C4z)!BA5XK_u+fm
z!0pdx>HSQf?7#H&8Q+hMdd`=NX!{~C;<rD9ohHWn`3~)6RZ58naP4p)^c1L7T45kG
zeGfV%|C8Sq*(o99ZhD>FV!_toEvJJ~TM!#*lhMgro|;o!l@0ZxvA=%oJN2ou6Jn&|
zGyc;P{iaFiPFs#zn6{X7_j;?Z+ShIuj!g5_K5qq%Z~*2-%G-p3jkz!XSXWnPWZ~Lv
zkB^C+OvwEBQcBKIYe7x&#9#dT^CfQ<Qu5Xm`{(`69pby|QPShpX@YR2<Mj+8cc6WX
z?*hY4_dtLh&1nDnGie!GHX{`o@v?y3?^b`MWHjz24QVT8cK)tV;{H*)x=e379p04w
zD*LAB_vh&4AT}B^f9OiS-0OC@cHfsp7UEZ`m7rLgqy0ed@|ED`S$bgup+>%;@cgOs
ziv_01DrbM}9t;*?T3T#fp~=;s_gO1sm08z-V!GPB@B)yW*y6&|cuymf0}!3CS>Vph
zTq*@&^|A1MsZ}es?~&{dr;G3RGQIUBCE?aGNHIZ)JFrV#q4<npT)3iQ`U-y(--bYi
zH2qV>&oc4pA`}q^LpMxD#TAc!pu;t`pYTguPyJUK@#!<S`L{i+q?F>%{-!Uwb8Jf9
zs;XkFmqN-JjpgJS4QR3pX=o20@FcOWs;M{@zi#tW7Mf$GM|Iu}42pNIiQRnsAl(=y
zGz8Nxs~M79LjRnf%n=ktRdTD~8jV><yI3r0to5Z4gL<)ui&tsw7&61XF2UulnA6P3
z!RB3zr%a2N!B^&L(*lh9l1sN}I|}2Chh78mTgr<U<t4uebf}dG;bG~{Xj+`@<%mDy
zY`?nVmt?Q*cN3DvoAgGjzlUEG`S82B?%~?mv(S44+%6_MWE;MYS8(ykX49g~MHtA;
zT`Fm2<Ia4)!WUwoqkL+Vi0E$moo|1_<u;&`+=S=-D$C<tVn1*zcKmY1eVHonS@dIe
zaEfvwazZ9|t0;+!R;&811lu>S(8edh7^-nmv$vhRO$wzc#6CS4wu+<0pjGS1-k`d+
zSQth;AL*k7mj@a-c~k^lYP^MaD_q_AjhHB5@fZiS9*}m!L4vyyMK-V<>w|LeFQ6P8
z_s<M0i9L8QYJ>L+H%S%vy<>)E>ugeqEkm`YaRK>8Ww)EBK2I90&=Q1qdR5G4`fYs@
zjs|O1ok(#_=oM}1|H0KehF8`!VWTs#lZkEHHYUczwr$&<*qI~~Yhv4WCbn(!+k2k(
zeCJ%}SF*0PSFhF8)!kKf-&K9(aev>S{i{RTr~R5Rqn3;L3^xPI__c}H#@U%xdZbjl
z4W67vM@&ZA^QTDLjIX8Ki!)rM{RNDRqGCpRut3v8@m<O2G;?*oiB=GmR?B$&`Da{=
z?@8vN@~hJ`x2)Ip7$;Xe397U8v$a%HdI&gCP!fM<D=puf%U=ZD{(GHMr^n=p>}xq?
zW>d1x0ff$rBzl!)!#bGeQ)5a7o~j5fp@1X(%DZco{n6VOb2Gh&*-f{d@%FN~hNxzD
zT$_Q>825}j<<bTGoDSK+B`ve~EZE<7Kh7J*ue$%5wST-~Jmgzx)Mc%X86W@l;i4#$
zZR^ReGbu1|BTy@gofUs^dokgvVt6^`vsSK@`g4x<PG_y{V0VSq$soNK4RE&{2Sfid
zf&r#SKo!v0>_o5iNGkUP8R<IJe{*}ZU8}XllY8>OTv1O~ghj|9*J0Gz=X(rY?ozNZ
zjzV&b>@SL@OQExh3iUjRnj=z5Db;uqZ)!YobkvG7SxjGj-szLrzhI69K+&oKBl(s2
z@^XSl29MCU;H_kwe%5|29V;*DgN?K)4Rk@Cq^$vl28GS?nld~PRh;6YYK7VU?n-x7
zd>;&`o#cL=@1!a0YI;zq^|T?buC9B9U7k8*n?;!S@f*6XPI_PV+e<Gb6pt`A#0D4K
z_iNVjJUzFe5~?0bVw9FQP=g5iw}a-|;=pS1S4(4*V8iIvh`Tut_tFk}*L|rSg%A;S
zy@*e<ZXUoFoIY7S3hLFU%H>}1Ex{Dec5#k$E|j9&3gJT5AhID1g}JXIl{WNU%GX|h
zYPJ%PMZ_N&>I4o-gU)Cc_9?vOzVyw0(Q=$8ah_KZ*e<UA*~YNsBo-q$I(93#gSw;G
zpyZg&X`}D!n>xDLYGL68@Q|CI5V1l3nhh^t=rMsv_C?nb1LFV+K+jm1Np^gAC*q%D
zyzv*hAhyqMV7*^$t=<&=gSUVoqtx2ka>lJ9vX?fCtt|D0TVcrmu|WdLsNv<9=2In}
zq=)Ffth@o`Pk@sYk2^a>CS-Caia23<)ZfK9PY6R~6%9x~jau2#%q(8))%@fPT{<78
zYp3(+Mi~niL$QLeG1n}`QNmI!3O9w!cjLygX9Z$hW&!^bx7{UnR`y)^D<>a1>Ex8>
zNK^9B39ZQMMe_}<iz+BmJT0a$Y|wKY%Ee0<tTi2LEi95+j-Ze;b?JMI#>B#yvE4qm
zba%%w;s#ezOMIOon{XD8Ag~1=Zmjn$7}fe&=NBol#<HJ6H}B*VFZCduV&n)moBoZd
ziKRPTSSu<$<qVtKnObIXVCiahQ>j>68*#<V$Co*qLWn%~Zm5>(H$KUZtB6>MHU`+P
zWxt<MvxMbVYobhS<~F*7{p{|Qlp)B;Os3?H6;E)~W5&mJj;9ZKv1#+LzJ4dP7z{~f
z{%=MA#okHY>Je8dMM#B?pK(d7jpUw?@N)9uQO}--vBj3**55(Fu+xS}z{Es^e;J(B
zOT?$C082yXC`Beg#_DehB8h?HauO8K_P8ByG-TgbMy5We<1;hw@g}2urI`UmiUKSC
z_IM=L?!X5|!25H1$o_JNA9+@~g>!fC{L@H}*K?cO_bJUEnqYJH-YKlcOX~$J)OX~D
z)LR#q;czW>VE(C$?L7AIk9L1{=I7vv?Y^-~rTAw+1js}9YQ#cA9^~ID)Mcjo#SFTq
zGZ#2=3X1J=ibsd%HNBbHB=7d`)oHj~PIy(B(j~|ek&Uum@Vz1wlRL{skkxAC+(~eM
zCi>A{O&pOo+6TM+Cz_A^c84Qa$neqHt#%<4JE`<}Iwi-u@nF9zF>Bu8#vE2@6W-QB
z>73C?W}_oy+;YIMpZ{<zGriE}|LG@J3_W~v!QX5$B)8UitLJ?$hp%dLp7bM0chVKd
zOg^j28y=s>6%6rgH6W-h9)R^mqhbO+3K==JQXEu(&0|vcufs)xiu+dg*R?J?#L4Gf
zH|KKmsV0_&+Mf8t!!1bqlx$Ko#P>E7&;@#NH?2aFT=CwE35`aGmQ*xAk)WOOQ}Jn0
z@dz`IDG2wyHE`ZmKb*!2Efw-M%dmha?jOhVWrn2VW(EDbzia}UZJ+hjCuKZ($LANm
zr2^u~cMx0e7!GMty__&2OH|eNrN=*UT+e!xih~@O9S-2ZoF*EsFWDqZ5H538f09$n
zb<jhvGg{6%^E%!^;q$c;n8{;>naIw&iNQb@q#_D4>EEIwzf`0Aq$sYkebsID7(-vH
zJw+lv3=jlV4gteL@BM=$gUk|7bVY^)@YquY<45$NywU!7?9~8|J(8_(kcSAO5qyq9
zT6pS0xMtL|PIB=p>HMl}deuGC2VZCwSGbPmyI|$F0adi?$tX9FT_?i0`u?TPOQ^TU
zZX#aqJIX(roEYnP=ad>*mH8MpTP7C7aTQ~)`d1;D?$0-3-uU@zY3{a{)EQ4i6e%l+
zZvg%bV&6~b2+U7@gekn$2)a`*CGH6t<>YLIAC&7g`m`#W6|eHl1eUue1EhDYXr*(#
zU+YwV@GF1c!KpYD%88}E)J0RXT@R}=+F_)kg3jS>j;SL@AR}52Ch8I6G~>gwR7e&~
zn8-;%_~10;g~;KT7xusGR~4A{rF#B?_~An+${x(YfWLd-PseGbEnvx#SL}xaM`-mN
z6X3-dQL&E^eN2m44CVDRI|AcRR-ei3N4KMDzaHV#aMJw^B|MBZzt2?fwN3`~-lz|a
z8Zx)f#9$?}p8exP%u-EFYt>i`iyj#AGO7C1M8;yFT5m=c%&NR_Ku&iKgli%ntf9Ca
z986-Ou%unSJ<fG<>f}rEii~EXl#BMz^K@q8b`%G}2vQ-ZQydb`GbXOL<?f9i`^aFm
z+amheMp?}u6s;5p6|6kLO4!%T1p^&5A#(>GqbyD{CO~ptFALG5NgRD9ZyW(+SWrL>
zRcyu!MJT^FwU_ITq3+Iwf1!F|!tCb$%5wvzzr~3V6+fTsKnXZWT;z;#T^?|)0*3%B
zTt0`T!-xU%C9m$NqP~e5{7&XxmIkx+hxRAIG4}3$AMBVeU~O(0h)>xRKFzLWU<ne&
z;a#-r-y619$hx9>Z7WZeJmD*84BVsNnmf4zNP7YK-Htjce`IiHgpMlA4N`w3s;p4f
zDrPZ0iCYRS9=h#QmDL5nQhA-YV2M>HC~1z=d}}s5_iS+AavNsy-j3xdhp~0PrNT25
z%6lI?_AysdY&jjBpM=e6R~h{KSCp^;hch4pc4P>%;#^;Pnall6Dg<Vk?_v_V9vR8f
z*XC8}Uh805RPJ!b$sLbrPZ@CN_$pg)R<3A?3BC@G@bcbV3H)F3_dct;y5cT^y}t#Z
z{1Gw5D-P*Crw4fv{Icd{$P$YW6~(v&lLn_;XNcaZX@AHW_)oA9Y!*>hA3ve(!nzd7
z#bvt5FS6z++(6*QlzYtxl4vf%qk{dvaZaFFHIOjX?H6DcbqsYa{^?1jE*@c}{J|jQ
z9>8ysl!sQaZnX{R$SCDN*4bYColxb*DmtEE@49vWynwScTfmNo1LBgq1H8DQ;7RMT
zNZALvEz*5YDoq&P?`N|s3?DURHl18boS-6Wd$kKancdYmTVxrrhZ&e+e3mLZWvD+l
z!2VSn3Qh*t#ZW*~I4c4$yrjMOyXXpFPzjg*2$nh`)em!nzji-{dva-USF7;Q4r~EI
zcGwlb5}`fZ^t>7iyE2^UP(@PhKqnudds8_-+Hfsf>rIiv9Z(P@tt<yOLTW;4IJA=N
z!9`4`^JdY=%!^sb$%5t8l*fT9r=7<uhW3Qf0bMmG&*DKq&AwAK9)^6zk`#fkB2kqI
zfaL}bFYDf+q_}pjv;Fc*w+a%n-ITm3!pTbH2rahbs9>q6A{Z`y*A-F;=-ToLI1PL)
zn+VE{nGfw?C;1Tn`^i<CpW6i`4%@pc(CLA_m>_HP++m2XEo@a2M+j=oV~*RY0^cDk
zT*;8lu6Qo0-U(H(r(UtE7)cQHs|63g^(~I$xjR-C)BBYvM~!rcAX^;AXJ3+j%5)t~
zrPk|hjM14<>E#Bu5xx!nM-+A7-rN_Q19?%tWO#2W5J@Um1(BX(ViM_g%<GgYnP^Xc
zxrI^q5^h5$ZNDR0JqAE|9Wi})j^|LdNqRz}*Uyez+`4Ky=`lbA71;~<pFi2%Bre!r
zO8WW3r|Gmm0>%F2&SH9wWF}LEzEl|o9UYy~aZiGfAY8eW4tp88udTOTg~t&q8cJp?
zDd=n8Q1{(6NkDtn;i{C<h9I3h15`wKN^*qry}?ay*LIlHLL6EA&3SXMgftHGhIqGs
zp3%0BVQ9r4V=jhf99Oi_I1<4%wtO$1v{sug+KG3Su5~ER1~)D)ra!&_eMIc!XCr*m
zF?20Nui(K3dCz<X0T|uC_<gTPRdp$5IRf(4dUH$FxTF*;wZYs~uLFjb&z<{=7`+Ct
zuPALmkg49)EiH}(-^w!?_4kY=M&gF|mb}=4tIH{Jga1J3uJa(`^Scn~^0R9A3{a~W
z>>bTaH+i`+vMKBoF&b_(^D`P4_!Gmzw<3l}zH<wH|4yz)E*&nKE59>1k;xActLK@d
zQw)pqGb@aLqI~S8>A@}(``j}~xT7;2KC8<C;|+J5O5@h=1f+|0btD!3-G!_ogC}~b
ztJ4>=-Krt5X_;Kv<}Z#gf-T6voZs!9Ysp44j`20$7hbD{pc$hf;YT?e!FM%M^E8p0
z$$|H+XAz#xh1D)HZ3KR>J=XX$PkRFa_rDfHKPRdS=)gkONT)QYI)5@=YkjI-9ftOK
ze<O<98vjK{nDdn?`gj2u-A-U|@ip#Rn-d!<G*ak>EfVaJ*4z_D(!mm!^}!`1@o{q$
z8|VK*orAUBQfo>jC&%!J`6$L77YwJ4Xa>XK@r>?*e${LgLWm!I$@mxu01oVyt8;5b
zQ-c+Jv(G(o5_`f==3}&HAI{hAd}R+lfBK3IFNo0kaxsgxY9p-q^OwZv_Z{l8g-duf
zdAkII<YY|vza8z{2XpEk1o7x^cI&=rD^+M@BJo@eHqfl6T-eNYelNj-f#n8|-6M*z
z;ENaYgILqmo62GsfXXvm6`A~jQy2}Rrl#bydY!m{x>a8^Nmav7#GuH{=S#jly}p*K
z*6@n>6Dg!20cfO~j>;7pFmqdJm2d&QF@l1EUxLHJK%r%e*pV(iE!^DPjut92HSuV+
zkOYtZ_7F72u^Go=M97<}bP`8nfAYv+uE2u*AtoK*CGAWh;PuHQJ^f>44RNdb0h(Od
zf6|%Kh|uokiU#q)3O`$mkr>-Ku{D{TFDS<tFAXDdx)|6s6?#?VjKc&8lKMG#7!skz
zAs@7fI6=tHw#qZh7TTA3DHv6TMtE}JQKHzv4}jAcH1BE82=`nu-ILkSBK?=HXcPv@
z+4~DeSFzMnLiWp5gXlEu5^VyNwQOv3+`oC^hQ2rY&ySRQXWj>oiF1HH?yd7Tz?QL{
z!3i@=)qU4_N`F$|<8A=wV^b4>A@Q>Yq4|J6xOc{8!wRkc1B#U{EFbMo)vq>>X42hX
z)3@~k+M<WBGKl2Nhl=gRHT*)L$Ays*lQulY+~gLL*<>fulHe$y{e!8<2v5EJFpwCw
zP7U8bqEGYodAiRk&$GNI_li*yAssGEb!zMMr?n;&-D~Xbt#Lm7yzLt9U^E^iUM3q-
z(jlLR`@7z>Wp|Z#*lco{(C|I1zFuIX&VpbD3?7bZ5TDt_%{g=c*r}Q9&TR`hBW&om
zHML9r2@V!krXV>!&z`CL??NhzQr<0$-@GU=+soKO)1068)c!-n4}ErTy*@%c@xpHS
zQ(LlWv|D}AvZS$~2aJnZ^7JxWtFO1vI%AO}s?F|&`4NpFAfCLsU*@)Nm}|hZV4y=F
zE*fj!p83l2e1{D7)JVEUJ>S339Lj;>S&%mc@U$uW&i(xxgwmGM*WNJt$oNh{ALvpi
zu5_;cJwi}I0_tqDOK+D)6hV)KgalLU7lw$4hzUgsFfarRR!oWb16;F1G*r}J6biY1
zi@BoGcfdiWFo5a=n02*D6fm8|m3ksgC(xv)FlY+$;_iVWh=+EF3nedoiRJ1W$}MxD
zywGcwq*H$NF?82wL6o}eJ|L2iix*w}ixyHcCjfIbjnS>GA|22|O$aD|xawybC5G;}
zaNlG44L1a+6(n5LcnZx#KUaR66>eLUxQcdz1)?dn;n_&Vc&`DSaxYjoe?Z~Z9lF`>
zkyxgOy0ScBa@AjaB}$*0qOVcpitNZB5ve_7x;i|;DS;>w!Ggc#P$gLs9QuD^?+BxK
zwOcI=bo&%jdU%Wk>n@2ei$am2LOAnuSdgn+E*dKQF}ws%RKNnMC_$0HBB)6&W<(99
z|Fh)8ujbLBn!pGdquny?b949$Nn%e!x}eosk2{^arN~@sp$FQGRx>Cfa6LeINSoQh
z4nHq7W(zFA3O-s+5no7=FQC9=KfDQTs!Z^rZ!D}t$vzlRsFBbo94gOu^Cczu+M(hK
zEKv|i($vR0gx_^keI-MV5Zvx5XehET07;@gjyT1LA}(?%xOSTn%u(1sTW}N_OLY?I
z=>iIX_~)>Imr=xtn(uD;uLQcVA7vPBVcpLiXDyheKIWwpCb2wr$PRFGGPp5uEq})8
zd6i`e&Z6(eTYYPRqepptft4q+*iP`Dt9<~pBE_RRv}C-`tx0tEu-!1vVG6C3$naXJ
zU1p%1@WuynC=zort6=0;h3#U0s*C2wLxQjMJRMJ>+|`#KnrE*&%>7z*PJt#O^cO|K
zH~agwOK<<0-ircYR3z17nh-1V<OsikM3hZQME4=MtWjY(@`yc&<fphF&AXKO=ra3#
zet%tB9~_@*Snc`CQkrP}%pD*~D$t1^Y$BVS*Nes(C7smYNiwMaM6)kR5JJS1x7RlK
zZ<vJ*tfOq4LVu*yp9zS~sO-L5Z!w>cCci)zu%2ypOHwIW2Nd_}-qwPA<n}G@KQ33!
z7$9Au+z4v~iUXv%lcx_22o3oYT}>eA6P<Np&1ayMB1`0(()V86dnZSIt9`0iDd8yl
zg>+cZ(d>y#ryQ$BgRbt;hO_ekyWMWU8ekkbM1OdIO86&@H>uXC*ZNspTm_mGg$B|4
zgFSgMUt*1`77tz-eZ`}WCzEuprdP==ndp#I($2yA(KSg{%0qL>Y~C&{A^ki{BB3T*
zd;oXlAST!<@jXDsmbVN{(FNI44%9E0XJInW`5;wr$GNbde`rJYRM9bMcYX-E4xN~*
zC;9MH32gQkS0bfOM-lCW%0rtt#*A)-^Hnfd0xJ=^)hcBla(I6s<I}H%{&AJ+qETKX
z2};>MvMx9gz6Qko(Zd#pSA0yA92Ta0NgH2iQWi*g?`t9vS!K~9Dq&2T91fxYRF8X9
zO;}%oeX9mV*ggs9Byyuv?EU8!Loj4wlDHCzU=vIbF${pugtp#dLPB!~#RzijRHTp%
zD6wu$$L{E~wdj?FIQ{z&EQTS|?hG~;8go|lm}QTs(k|$bpkoC8i!7nV@$&9DMXw!c
z=})KGFDndMwNw%d63K$KPL{#fy-n}SzvVva{E3NgOn5j{qehL5(j8-RUJk$?Y;+kQ
z;qL6;qQTRW&qYjpq6e`}l5py7Dl?A=*!?IFBdG)CUH6<j<<iuj1h}<506mmjSPkb{
zDl1AIbcl48wf_*v5FUfA%$;-coWA8Wx@Bq&kh-|2fj1{~U$~Jbbl9P{)(b+Dnj@M=
zb5dBC!D9&K|6T7JDX7WS&Ji;7v_IOC2WDdSOJ^;}G?4M=nJn%DdntLgxSFrZ?eqk%
z6h1q{ns(9zz$u!nn;M)15MsO;z|^65Zn~Zx+m%I@-rMb2;9NQU%Vd3nSvMH@)Lph%
z;cRrG7`BmXnkECA^nAio#GOHdkjZ*R@_3iEia2Ry+0@1)1mSKM?ShK<0U;`9C?3!y
zp9gN|lGCCE`5)ExGH#en?wQ1}UE^zTe(xJfbivsXDrn8OThvKSgwm2dXuggdPwdBF
z5o<S*+TY14a}~L?8jRL&H1E5}JP)er?J1PY&8bR~x;wk!86T%SkQ^yqC0cS_@3LH~
zkD5M=B{Ly9-gphhV$Rq}`}N4oFc@bOt5CspSjk(iB4b`;{6ls<M^98lmYy5VA=Mr#
zQ$vVRU<kpGo$+`h7)I@&c*MjlOku1)%)rO>>TxgleM>1PJEQbB2KyL0<(-lpCzj<y
zs(Cs+xmj@@1UjAOK9shWS_PikEs1XyB(KUg(h&P7;0(ef9Td81ak8SK6W!+6g8B~a
zgriQ-ln3_cJ|mD^g^3P-UWRDYnf6@Yas&_5I-mM>^<20(NjyO}P{)8j!yA~X1_ZaY
zIm85)<_5v>L-T?E>4YaD;Xw{%3|?P-#poVtqHmW<{uGo_t$=?VvFogNK&bg(-jz&~
zP=jh^K+NtDUiw;%<cdw8r#g&8=?Mk+U(8N!IXn^$gf@8nP^Qoms?CE(E<n$c^63$;
zFKh_;I5Q#6fN1(pC`;klN4$+fhlyJpWHl%wI|De{IhP&{Lnm?Id^a{oqa9?`jkbg>
zcW}1EA~Jnwh>+~zY?7RTsWyh6dh;!-UcGrAH0F9!ye1S6PjRR{#TjYZ%$RXAW;N=`
z{WDgrjt*m8W5^A=s>dDLH&HS?gU3IWTl%GNMr0E*A#|szz3pPs+qTVRh~SKFeMC<U
zcGBH@oaRRd5XE}KKInAF)Emn!%t&fX@)(CSuCFHeGG~947j)Tzbuzc-^gknyEo-3y
zz;=rm4##eBdgW%A=(zAdG}sBytJGoTb-R9`j$IJri9m5WBY3jk7mhlO(!L&xKUpky
zdEb`^aP-YWI})TZppw#GYC;3Zb6X;R4rzk31t-gg3>e)O2&z4XbR}ezc)@QV*yVif
zuXij;^r;Yq9!rs2GmGGYJ6RU5XT9XLzh;^u9^RHkv<)={>fQc|OL_lA+(mSz8h!MY
zL=ED`&_*&%l7?lMm#=N@a&E8=`V28`DlF*`ye1g#D|&A%AJl&kCJ*6NM;c9tE+9q-
z+eEwl2`G<~A}A93#&Nwn*6hjCMLr+K$@P|yf03_5#k4uORzuD2lNnxGT8jNyP;92}
z>FMdJ15;E`5O?K2YX9{PnzUO;NsX#V^8MGtx6Br`Ef**DNrX6pIW>U*W$+ve&Vajv
z9<h3MMc=r&$>MK=<V6<s**Hp`5N3X^d^I|zehA_=vxytKuC-PZ>pdB@GZk4Jop0UQ
zp$R)rf8di`R$iJ9y2WJV$Ako^4&_)VtM{Fq+^OjS`);t{Y%_}eYsRuvHdx)KBZy>P
zVjD$AR4*HB@$ZfXEV9L(Dl*^s>O}b^wfGMJC$JoHL9y+#BKu9Exsg`Pt-)(65ITvj
z7e#_nvhU)f7tethSHLeZBbpauZyzi{5Yqws`f1}!#UTw8m*9brv3X1?K9zhObgQ|{
z!7G>|xFgJE$4jv28p7l?n4;7;sB<IxcFp|kx7`hCMAnr)w9aN15IVTzE(%wW2!I`P
zZD4=~7w|ju3r~RZylGNQF%(g^9HGyoaoI0HkgS$tN<&W&_WL4vB9DgS7z^reP=*&-
z-)Tfl%<o|SX6&w_hA@;|FqFM&mQrr}(7k{mV<6ZaXmYn_*cV`3>gLL0^*|%j`K+O$
zQd|A@1t}%+RnQ|hdTLpxL>FDXvYo+6oMZ9uli5zCy2z>;e09vKl6Vu3PzF!3CgCEm
zJpXN>-pP6{lKf~xF91&_IWXz6o^)yt>cnfmPgGP`x;uC*FD<Qhi#Fos;voSrMFF-=
z6$&}J48h20((~dooB>7BK;h<h{vPl-@%)g8o9wR?O`e%TC3nUuUNg^?w}T4o9vml9
zAz}GiByu=wzbrrX<Orcn07WwKA)PIxp7Yl*O+WIzKloihj<+(7lVs)CH1!Q9FKFqN
zp~=!VQ6#)lrVUPC-#Woqz%P+erz&;;r^rNDEMM9;Kf;ynt%CyU!UK&(EF9Io{|K1q
zAZzsDm!1GPEJQG);X6A4BK?_=5g%END8IiXREEf%c6{o!&M8#qF3D`K<QV8Nd!Y7C
z8>Tl#4l!k3BES-Xwld>=lyGvd@h6*$^Nvf>3y-*?y}rqpNbhb(mPmW}`o4ai%v=v|
z-}A6r|08himE#9yPSTj7T0)>W0&YR?`#`6AxQY(AXsQ7fuY($Y(YkceO>2u-iF}=H
zT8Z`{ENddE1F>#LY~C1Hi=8B)q~gZTcF<5MlE*hUdP5JPG;lf`wf3PQS`5rGqGu|Q
z<Gv^!^+{1l8T+Z7>J~q%xZtOY0lvG6+&A)XVKicd@w!&UGfX8hXKRe4+8<};$et%#
z=)4Y+7xra;590;7eT)SLp?K%!pVX~aOG5QOMw-%M_xQ-4nh4_*GGh5ophwsRr_lKr
zb>}!TYZdLyDg1iezhDLQLy<OY!qNbE!72dsKv~%=C8it-2rN#ei@JbV3_`RBxZ6I$
zoZ!$2viE^!<u2A{O(`rchw2en9%Js*t`|G99{E_4`pQhsVD$p9#M|0tw$2zOx^|4)
zANlQFzBp1HR~T9<{X=%h#x}Q7goT|xvH0v{?%6A$Ma}1TbTKc@y&ONPpn3|@8Fx;|
zs4l}1U7~ODeg*4%7uPDhB(D7vZLn-`iT?9+?DSx8wf<5)1_#Wfb`F`5S@V6BR~ygG
zM;e6c`5czl^R8Z|YNx8a_#rR3G(nWvq3S172LDp|5n;0ccUvm)jo=Uz#wX1tC$%}b
zG=IAzT&48UkLGs_kmH_v7Wel_mH>C?$xPv}M=Lf{e7#S=i0oJDvtoFgVT!&y4ZU=D
z`x)%)>+Gm$QP=Do@OOdDCdQGN6GH`<sZPT8=^o(TT;GqS&O1@nhZX(>1OXGc$t!}1
zx`Eb_4G@=U`1TR({nw5Veu5k@AOU?ma|AE-uB9RI*LSu_D5nQXQBFD}N?GiF@SV?b
z!&WKA1^QQ=bVph>v?=9#0W60MeHb$imOQn}(4@9C#@k0htB7Dmju~0a+qh9=pPBv;
zo_Aq%Rt<Q8Sj%nhH!_6ZV4EgCLNxUwCo1fFGHjlR;(5qOyO<UEcX}$zr~gi3)3iMA
zyrG>ko}5D_i>08ZzT2_(2nU~g!uNT}?-A6<kWj>HF5Ie~5Q5E)Sc6b~?DIJ{D*U?I
z8eFYi{Q?K?_eX)QO`y#W{<X;}_~2k+$?Is!o$T(bsp*VXN+(u;s6^jpm{UPMJpv{R
zc+U615o?)fuUHkG(d*s$T8BPJy>LNc3-Z{@wWQRE?Seup|32SLGOt)p4muh>GzQ$w
zm<B#DV?2wY1{Jcn4gRix2i4G|_F06BX4hL^=1a#wrG(^&Dq{SdcFFviVA=<lepOD3
zNy}(?Wg?_oK|(wz^=Js=uX=SqAlsAh7_>6tBLyC9XsU%U)X-Q#BDSy#Ze9<rDi&LL
zbfLY1HH^heloLYa2{s0abTXg@iHEYkNkj`Kyzh2@7($@}6AF}ZP19p);)wsvjOHw8
z(s7A?*LyG==n?FhLSON>G$9m9oRMP`+xL<uBbm4Kfm7E6Sr4fkW<D<bM;p!9NfYTj
zB{Tu;dQZ^7_9(UM2EZyiVv=(EFw|Ep!YF$HCB^ix&yvM$%4iAQxjS-fE8xt{z)%I)
z2bc^$hIQM|vv6;j5t?mZiDaadkaegCcI{6ixk!nFz*}Dzdb&VecUFH&w(~E;Nz6Lj
z3}1+*&_8@WyLsPeUWkwlbchNx-LxZA&eFRxa7!-i|E*+E9~C^hwKSO8Mq%6uVYCcD
zz0~80!NYmVQ=#(0eI7GzzdfSTD5lBxw(spk3m}z@8T!CG$xlha9Qv$5BH7(5(2?nv
zt<cZswK4e)Rj|a1EHPW}Zmre8{PP<JVkjA{{ot(26S?lkBoW;)2|ko|3>vs`)=v5u
zL%`kJ1zLsn0^Ed6mc#7_q0EGD(W8yF;PSNTxc4%zgP%{NVDGr`nMxJ)Up;wk5Wmbi
zxcrg2Ngb@x2zT!(@;iHlgg=o?djRLrH%G^64(F@R+sV$1)8daO^lhDamaNw?g?d(+
z2zV`*UZ0^UBxL1*&18+C4`jg5krH9k0vux?c?ceen6PsmmXL{qMBKT1WYTI5^d=Jc
zchTj_V@i$?*Z6>XI`q;xpW$WII6dkvb=fgg?C-~NQ%AX<jy5pz%1JUiKv)vT8Ap-R
z={P$&487c+<aO9sSZ<S*V*n1^jkEWSekO`zM*dy%2V%CTrk2O`bQ$vX;Ub{Z77)o9
zJg!jhK>Kc%2(2gy@h3wdeI>-q*fb_4v%b4*(%Bud&hgLFN&c+CN_`x^?&JtNwLxr*
zR^vbbD5U<_ApCH=pO5EwtD&~n6|sOW{WTp_!T23&7Pspclc*LKF6)H~veuQ<yipoe
zyI^RkuE<&yw%bww<nyX#a5!SioN>2ZU0Y2R)o{utNYFG|LbGH-=0z{T=cYy$$LXPU
zShhRa(BM`P43ER{UC&Owo;iPn?@y;iReT!x-H;<$T!DL>xBp+!E1X#t=DybZOhddJ
zYD(k}a=3}BQKLMTVU6_Lds#q$<USz@agU^V^a=|`8$Mb(S3YJ%y)A<wBRSV?m}-R)
zB;uO{mq1TND3L-x0L51PmZ`v=^*i_<m4)4jC@y?SYp5|lP1Emmr&jPK_=o13RmHKX
z_%rmH=FH4r(6+~uC?8KZip**1vS-c7hE*f$+AEbNQ;>+n!b&rLTl`<@RTqfnMr2T0
z;wOM3Y84UONr+P*i7&yBcZP-`j|_`>iAePhE%VBY86M8&2)yo(0xx1mWu0$4yDcjr
z^@SUsHH=yI>#u_-;l`y$d?-242u6FR2n1lfOSpDl6y7<Xi&7SrYIP`fXdZ^hU99pW
z^4R}=pK3<EXp;%c{y+y))VzVjovnj6k+$HWu%4*^SEV!&N?x>H%_L@i8W|ySxW6);
zM+-(#-qLOrCaX~E`kD?(23=gDw00{($meB`$CsV_O-isJ=whRxI^EBQl{r_QeL}M<
ztmz>U4B5itag85&TTFDjds%(76XY5ZCpRpS#4^6U*LIt46AXC<!}V9z+N@e=+}@tW
zDYjt@H+=P`f51|U2o9}T<%bs*qYIY+eabYD=Eb_(EA?OU(xNCJb4U+mop*RLMsUYf
z=bb5+q#>Nj;xI&hW7tiMs$ZNBdH@?gR+(ozP@JyPCfZ5ua*#GTZ5lOz6uFcO+0wBY
zJmt?fIqmzZUeskiKmyd_w!;zlO(pStHb3_Lx9rwX^ry$z#1clmjQC(soWGNEPvR50
zvghA-<;>o>lMqPK5_QEq66Hv)YyuO4cLuKj+I{!Lu{7Rbh(A~w<HT`sI6gX;i~$mX
z;%t0s$cobcLv8E2w2d4D8v3FO{yaUbh7#l2kj6`!z&RpA;0-K*)lA|i@3HxY9jz%;
zM5#RCV<i;nWOV8yL%ti?DQ}F3sBcr`GXS;&<WgN@)>(!M&IkcyAZA9tED?$O4_T#}
z0L0ch>9|X{&OwtOtpn|-b|9~}Cs>XY`R%MEZShLYj6+Uca{!k6Gn6@qWb=V?1s~f+
zOr`ztuR2sHz&g+z%Q1N&(xx~%$AW!t?`!cuKyvHYOz}j1$zts79YnWIbA2D_dg6x6
ztV>p*@qL!(Y_s$S{tNZ}Bj$&Ij0{?}f-&4?px_H8R)ER~745wPl}+N`_{%a|Zr6y6
zM0qpPX3Gb2>fm>Zd*dl_U#J4uHuhX~##F9j%6;YJc9b8X^5d`p{V@(>vs5MW@qeh7
z_HtjlkR-A?ZOYB^^Zv{Vj9KtTI)+iZTs;^~<RESB)kwzz)M6<SXutrLOFp0&9@3Ps
z{Vo{b^1+wvR$$6LWS?AUtpqQ%kC`tR8t_CMs&clvCnu%_-OGggK!yiLK-JE9C65)1
zDM2KoyyY!USgn;O$cDs9u%L;mjaLoC+&+Fiz2L84(qKqw8j5>k7sE*oaiEgw@^uES
zYc4$R{hpt!Be&&4CO)E)FB%lvxr#j@SX8DRY)0&G#eBi>&5f-xjv|^|9PRQQVm>J1
zicL<;H?xfJAs-(=r0QLFcf?x!(2>7)v0KqGiaw*GDN;IriPaU3**6*HXGI#%wCbCj
z*Y5Ir_~KX4xh}%sDc1VJ>Aqsv@bgGfN|_m8K1na{Dc2Fr-lf&{jre>$Ql>Y9tT#+<
z<ussuzgF8kz+*G)@!2(-o5eC$dr^vwMSq#Mj41xIsfPVqqOjla{3bB*N0G^uZW6CD
z=%T1pFTo`CG9<k7@n+mj3n4|p%3c5ArMaRi5r46l<{79nvkL$2_kBJlYRM5nvUaGx
z+CY!_hCks`8-?W&uw7W92A7&0QQs?w`|R}VUjCLe_A+5+u5Q_(6z8{WX{oG`qdyVy
zEVK(dOs`NSMdPDjP?bgQWxuA~0EqAoqe)bpHY=<R0zfomYio;`%N0N&5UddfDEfe9
z>#{y9#y>@WPB1J!_*>ern$&PdUK4&BHZ59xu(uGli*Bc+^s+NUceYl+j#eYooT6MX
z=CL?vgp+Rc|I`A&6S`|k+Uo`A|Egego!NUpXYyZp4l3hhqP#iK*m4xKDiQg-U)=`@
zjSW{FFU;xKeL<Or)h2jC>W)HwA^aB?+HC;h`%T=*m<d0xU$_qTVnH?P1IqEyZg(l{
zkGbOSEL?tp-g6_P>RV3c({|P-K}LradHH0<T8`$|pOove5OT_O@ib{X5&TqaK2-17
zzcOFd6dbW1vIR#x@I0Y$RF!_}=3<ufL$5x(MhgDY&gb@HCh74{cAEK42G%aj?p8Ik
zC5}7W1Z!gScs<8YrLnX%+)8F{md;|JzOW37s9PxSF1E=n_l|&jT0fA5U#f$X@;f^;
zQ6SR6{jYh10Q|XhOrFQ)wlIn$H+<V7694OqJMmqz6pqKk)32B#CCR0fhfNbt7r1KO
z;;&CvCX<^pvy|;==*%FcX>z<c?7+Ca&Nn27l@UM9&2w&t9k48ZAMCrkVP?hs1gS!O
z1B0)CgRj7BY;2NOe#i5*+TmoicxMvG#F*mc`UIVL|B}XCX~mx0^hnVOC2XvK>WamK
z+iRnzP6e~g5`b@eAPAo3aU*;ifh8<<&J9jyb9ZkMS%;9#bICkVSQ%F@%;Dwvk1!yh
z*R+49a<rud?P{xy7#0*nbob#iJUksFl}sZd`x!c&uf<_cZ8gxOM#_w`+1pDdz3pSz
zS|Ool4Vv$V1%5y}DEudt6qNoK|JOD|+|cSa1ElM>25SpjTML@HE}?w%=~^+AYDOZ|
zs3KUF?eRR&YO77(W>*^29ez^(ymYcBcTb^AgzQ|U%p$?q!bA4~ULPo)$MYbXR1w0v
z4NwV5Sx6lnBYW3!IDX%TT%Tfut$k%VqtD^jCjIB4bHa%~4Nm1SB%W>%@lvNeYVv&x
z>qAeo*!RQUO$w77&~sm+Qtg71tc6T;y!Ayl>66y?=23CiJ78T2_+XmsHbb8JjTvjG
zK|77JvOVwo(eJIUZ*CL9J$w<-D`B=WQyiQF;)7m=<?8O49>}cMThZixal<}d2n51S
zgHmv~nJ*PU!yV1RGH(imgwSw+LVu%Zqi*)-i`&roTdhFpjdPESaJ~t8NUs;vhKMh`
zw(71}2>Y;)*WC~a%WAcZj?Ga5X~?I-Dp@y9`ee2Y;*Oh1j8bf5_*LMO7h5WQ`t#Qs
zuOD)w-R9R+yN%FACOe_k5+Fq*xM)I4u*y~-kSL-nHAgz(4LyZH7wQKzvId8dl@}(9
zBWGMSRIT^-Hym|tKc;?@(Np;G5xcG89}2T^3%C3)(Bpco5TudMu2&)PBEIwC$)tSH
z2p8+{uZVa7S{$~0L-lag^ruj4R*S(K?+}4*WHf0kukts%1tZpsjO;-_jD`XV<B_An
zaeAs<&5#6?y9RCYl=9#B7`zXK<A%q_gZIZ$0SAr|2ue%8FUtR45&=fw3?m9K4+r-f
zQv71EM++kpL!~+nFc|}u7zqjK%l7tmZhn3~dGf2@%KAE9>$jXhoeU(wr5X>qwf5KG
zD(jUNh9@<b?b|QNP}&Vp!Z|}DqnwMKNg^tkJV_4(#>pDT_WVzrXI##xy}i9#BT*8H
zv>>qMwaj{BIZv8&nye5`Mm_=FVu~;#5kIdVmytXIV)3(DUNPG%oQdq$xjB6wXxDr&
zh1iR+1Ebn--lhwv?v7@$&S<46!LA<rIi?JHX8#Hz91oAm&}HeLHGjqS*6NI+C6bg5
zRicRP`REhhzUXMX+Hs+!S_C;|eoz?b1I=hOhnK}(3`2%EnZl+JOo)dWdO#vLfzpsR
zdsP@@CKyHGb~*h@_ii<Iw|BRA``TnMw9#Szz5);Bbp<ucQY*Nb3)bw>9H4ja2{_e5
ztHfGQ)96t=b*lTtNBo(4F(W2dzHQK3H=fhaQ2>|QK{7tX^!!CAC?omV`>qd3z0m+M
z-Q{^-v5(-T(Qb6nDWZPQowL~p=ZxY~!*;V1am3<SU$+SN>G?_Ual<F?PY&c?{;u?4
z3O6GCTUAcK4`g1?mjuytmO$!_U;SoQVsB-WS5FTbP-{L}7^jQ5Sk9IU{!@o!-|p|e
zdOUE5FkX)lgbIL0q#$r|w+WpS`1*f<LI}1fnkJ<cq(Q0ITho!6j6_MR-T3D~JPgm|
z_}miXf;3u(I2}&*fy#9@5;c2y3htWH<=RczBE3IhSFDzKGwkSgAl#iyOXae_x>jmH
zE#|Z*rXEKcT$RjhncGmC=gW|H_<=$WdqpZ0PYRkZ>A1gskUZ}n3q41oMd;ey{P_(!
zU$qaKk)vIRo033+gp3UG`gpncgb@GA0Z3be`W}M~9vT`7$NUdY?M8YM24aA)Up0^h
z3W~>|ac%H)re{?BJjyKVr~~Rhj<}8%D-bqmN%-IkNSUhx0&YTB^_~Y%ppK8Rm`l0)
zg=Q8O1o8KND^ZUGj?+S$$Jd-57@U>;W@ceA-piB#oQ6UU?nafGoD7ZJ%Wr;q5`gfm
zdEV5?Jj@bm{9Io3Y4QuYR8;sNM(f#+D_vMdfjS_1oEFI<-s3M_^DT9~h7xxaZw|6B
z!s*FzpIe%%EIHaRGXT9DwlMh41lGw5+}m%`m?Pi<7=Zp&CsLfAc69e5v2XAL1xC^d
z*ldlJ!SwuCL=$cHQzUNQZQ&b;Zgmlu6m&o$Rrxc+sR8tLUM+uL*bY0914CIuxO|?L
zzYmNp-MG!@Um|`H{&fr4lJaDSOB_*Rx*dkovcEp1An9F_uH+|HOZIPM&cpkOhYvKd
zLgvN6?Zv~ymsFi8T{QD5%5(q!!UW23W`{Vd4}jnsPG;Xc(|=qJpplXTPH;MoM9B*n
zh0?2Ww7U8wV0!6q=KUP<xX4k7WlkXLBQOTgIhcnx##7+cZy-HC@}T{r_y-fnu|Urt
zH?Tc$R3NN79bsS!5DY6&Ftg#z9st3F0tJJaw5fpv_<IY+cn^S61la*UF#HJu*qH$;
z@BmbSRU=(}wvU-gI+;~p|0X*;XoE#Pq~6%7{{im`P(W9fD2>#VSY%5Y7)WIZAWrN-
zdZGqCT;BbH7c6BU(Scoku*TM6dn21+#BuQhfYb;5kRbzdso(&iLq(=6XLe)Y3fM*h
zXyB3`9DK-M<Gr;zOGjLS)-3+)Re<IZH)uoF@iWc5r{<SN?>{5m91x}w-R*IN3m}dH
z_WW$VHUP~R7`u8pRNx1pg0nk7{EA^0cWD>-rNP-?YMEwwsZQ|+79kEK@XZqcK0KY$
zlpJ_f0KAINn4H3qvEG9P<USKS!4xP4&${k+uZg~S2y58=$1}(V{BG6_<X5Q)l(!Wy
z&RO}*>;)6V16Y5;Becw)L)86!2aB|*ASj$94k_3A8Aji*M6dhY^Z+;*V(`GhXuvYr
z{g>Va3XnE6TwTAl@&9N%-oXBQiwtrDIIa}Hn_0Jm74+ypB~X`P!6E%`TugzY%@mqI
z{iiQq@d0gKD^!F1y9o$vlL1ALWSSTgLKFuJXk-)|S9JjCsT26r>&{d?%RemxAU6P+
ztwh&e0~tgiUx6PMs$t0fFVzE}37x=!=_E431KdOb-kkI>QpJD;woO}<4xjK}s29*y
zz}-ZyY2-fw=oetY3U^BNz<)Ox!6K1?eUPdf8SF(G1_v~<4}wq*NVV4kKIL<5w(`#f
z7yKat5Z?dFUjWE-{(wec`e>PO{@n#6ux<jroN6<!1_5vrsN*n)?M&rS;J~)g=f)xa
zSE2$7aQ$Mcz#{e!7W5Yfw8@J~+w)IV0Fs9W_Mvdu*vJ5CFA&g(<JT}1z>Hu3KGpfe
za{lkB+>(E@j6L6)7dRUX1ObhN7^I}dv=I8orN=`nifZ7*OTaq2xCoJs7Q&WO*FyDo
z`a=Bt)$Wg+V$wY}Q92x(2v2JV{9rrI8dbOeVW3E0-cf76qUr!;=Y06k6-!ISk09KK
z@86gQ{iJ#ik?s9#)BiX|+L?nIa2ncwJeT<F`;2^}Cu{Z&oYx@#1kz2)hyuJa3<ES6
zxt@ek`L)Z-1re}sB0`sH)COpzxP?{*X!R)OaD5ZAD*8%%8P=U;aw-I(Nti6rU1*Ae
zxn6}LFm6TBD3Z!A&{KEBIn6=+RfK#zEJO)1fPFKNED{GOQCpVDK`m?G;MZh(vR?)M
z`~DAHA8FY9UOU0VNu4dlBa|<AeC8YX6ibb+2uY07@#)u3o{Y3lW{}HpC3ISsuk4nH
zLEIdNvNB$eFrF@F5b`KWCMFQ757j1Cgv!;7d#nGHRiPgEmYH9A?A(C4m8%boH3xDr
zjF<5eBi%nybGE96v2yu=6;ihfsjFiqF#~>#PejW)(Hr{#icbe|{jhM!g)V2OOE@L1
zn5*)BV*k{u(}^Elx$S6<Id5OBm{Ozs|N47TEWpkI2^_lJz}J4w$+ffIxXWql`%JOT
zum5m*!-g~8p`mH3Hld$CW{a=7Wb|Y|(=8Y;9^i$zgt@q4q!U^AzPR$W_aZpJ2>>LA
z0dr^regjwF$cMMunSX2Tzlk#LVW7JIE#N5JYHLRWmcM8ii&P7Pq1oe>oFwihT+hJL
zmBE}u*=hw*u{Oqb_EU|s)AkQ<Dn6o%58w9Ndg>@qJVs<&)mkXRU)&@UT9pdm%2bnK
z%f7S&j9f+Dp4HW0*aLN`o8ky3lcPu+MIF~YaQ5Z3HJ`E0k40m-@cec=%(ly)my=6y
z@!GGa(WC3?e9n+0H=~Xt*hdBcB-mtcqhG&gVFvUY^&<m%0gQb_zQEO8|Les!;8f|?
zFks&Y=6~&Dl?iV$s)0m+HD<C_vy5vrg%K1dClYA4c|(k**WpF*QV!7eKouCWZ(BDH
z{38)<wwRGHTmdFQX}A0g2b=xliN>_WlCf@a$`Z1icFWffl`|6npJpe|0Lb3@{}eF#
z2Oo(6R|m8nliywZz{&Z7iGd1_C}#_@Iq36@A|VU;1~K%J-j|vB#*b|(^9$@%PA7DB
zpQew%?*rO}FZ<auh0+)J>Zb`V90w*~X`%t=o#krS|1Gw6=hjK4g}o<Trah4ppMjkk
z7ML6!+;`?0IUHM~vET~jr|utMicQeBgjZA7-h4a({USX85gGp5V$SF50)WfsCQw8^
z;#XZ=mQ?MYAE?Cme1Rp+i29W5fsV0qTSr@8Ovy6@L^FP6fTSZ+Jy(}PA$@bchZodS
z`<PLZ-IbJ<4W*^}@+d}JstnTV8LFRKRbEQf{xd4n>+z!JwE1UlaUr<tK5q9&3vvzF
zAqr^*RDo8LZ6H>Gi060m@NnEoIU5~5#`(p$l2n>;3HcB>LrOCWWS)lldm-9|#U=jj
zKCN(fT!g6{{xD@|;q==5?ixd~>ZXQ;r4J_<E}4ss4#;@BIwmT4Mu$<X#ENk^32Eun
zn9OJ}(Un$0_Gw;($v+j*&Jw%!2@@0?Ke+X+3p_3oQTV$P!|mO%ui+AyYjf*mHS8<)
z!1m9_hVAEA<s?<f3yKQAJ!|&kf{_>*IZg%R5UFkTB&uy~?R@S0^(VJj_Qa{VV3ro(
z%!WZyu#2oe^byjvW&2Id*z4cR2r^rQhJMc#JD`g?l9rPN#nbU&WSs^Dxc<795FV~9
z!`|_E30&W&Ss1_Y-JJa<h3_Q@?aO~fBqGAgtMx*=y0Zt@K}%Fj<nMid{pa#eFQ5cz
zq1o9xm35DOD(~1>lZpn1^+jRC`*XMIiyzF+)DR~%Qa_jesrV28E<B%5xTk|il-5Aa
zsh+^BYr_0jb&7QvYGh=@c!WNoDmCKRkfe5SfiZYInsvv@<eQ!dPBa|bD}n{ph+xV_
zZPYC&d`xt}EjC#Kt%Q^uk&la@%*)A<`Pe9D&i3f!z;wYU>My~QyIZ&=POE6^4hHhm
z_h^n2qBCKUOF=PMzNaU4h~DtcyE7G3%yjhtJ$Qj?8k@YHmrn)Jw|I)51U*6Gh=lw^
zu-0R0UpP20C{=2MWz;ntkt4#oJrc6Ug8Hk_gV?V{(9|rkdxVJ}Be-%Ta-zk=wZM-1
zyPDlD>3JjF<#4f?+`UvnMiFl2)FV4{y!@VNaeFWL0{iFTkWe-|emj|zsLupE={b6-
z>=z^FNdCTh9Ff6{a|7ef0xfiutYsz)@s5%zAOj(p{oVmCXsStF;Ka{fy7%j=4=B@h
zS3OZWFHY@YbfV-H5(+{5Y0lFJ{I$<zZ(`~XeSKBrH}AJx?Q})z45!J#uBeHJIX#dX
zxY4EL)aPSYb}l~@j>M<F+D8axif`dvmS72Yq|M&P$h<!zAUT*R@F!!9`JEQVEIa9d
zi$bG2i_L%gJkWL+xZ#THKIU81pBZJdzgV%6kdWBJI9~hxryful3gEl?VzI$cC$Z-v
zad+B&gL^iDCJJ;mVK^<H|M>P`n+`d;csF_=$%L4vF@}J2&jeaO5-9WA3M8NnQ3M_X
z$Al!o^Y(;^R-^d~`{fdBJd>S&`)aCAt0#m)N}NO`&s}hQAEYpu*L_G1ISAF+23<H$
z9f2kwovMJ_lR2z^t&<uIZyov|^n^x$baU!>rISnB=MKVoSXh7rWqYcjE!WD(ZgjHw
z@KJw6FG_!PJ0A%P5B4~{A9jmAo;@u?Q?P;Hq;D(7FHkPVa%@as_mZQkw~lGK_*)`7
zo@Wmf7I{ii%J4MobeR!@1hFVmlLQClF_d@^f`3N~#1O)qzWdKc`@K=4X|hQ@2%?0+
zDGkW{R*nK=@=gzgu|v9GS+B>wsKuGMlwavO41vf+WIba|=yw!TQdNzz^SI+yLydxm
zd0i;N;)u@CwEBNfOsY*Es;Uo<GyqXT?Ljo#wN|N}6r3O2A?dGX2*R&I`9xGy_`i)d
zZl|aZgI7`-L!*(|k(`M!iRCN9gu31&hw*f_!pmQ>Uwd0y=4!<x4Yc)cDt@)eN|4dT
z8JqU*?Q3;o{We(1T1IkwB_b^xE~VnT!MUn9Mr1La3MyiwM(LzM15u?91utLxc5{T4
z?j~FxFKw+2V##j#b*^|Kl%Sp3`1D6t$R;N&>>*v~d+}t?s@tVWF!iETCT}L$1c1tX
zo5JXMXI^qTASYd#|L8#m&?nwEb-Pf(JRlAdVp^7#H-HG-1B<v)yO(sc4K~GUb;%0^
z(LM47{C0JZ)Z1YApms!}kCqV-^gO{lO;f556_A=&XK{WfkPrx!quXqoIHDu{$hEro
zLLrY2F>*^YU0`E3Oq^M&Kpo<U?~5e*HjDELnmg8f9G7y1Z#Zl!JYZsM2*X}TE2z8z
zs4~t4W-^--Bu^&)fg?e7w!Wo3?aSF>fmN~5jQ4Ax|E3^WCEan_?g=xE)fP1kyX4g$
z1}~>IXT1ybfL<F6!!B5en5eTkYPG=3MD1&<>nS3N@5$GEPv_8S3_D{ZF+P$dmpw4|
zR3#(=EXFb;D^6z~;R7qFLhfqsTRDjiKM2z)JrK8%BGC{%3u99R8=gl}-(gz&YC@b#
z{@qsJ53n~jJASb24ln|gz0K&I{)iaa?twl?&j(zPch66#qVIR6(_LmVga$os0rbn}
zsgmJ!26L(1RUIoO8nyPbg6gewn4$&i2@{aHvMv~{vMb_8>t$Tp?$|W9U9)1}k(xg#
z-?nlQZE#ovt2v;VH-9WPqgpRFqW!u2fJCochLR`FclR6l?W}RcWREG6eFv+KX}J+R
zN)_Yl4U3K<;4?Hs7#<swXal!DDyF%j5XhU)cFGpK-M?w6v-p#y=ntQjY0uKK6?A+l
zXv+SY{`J|W{!N;J{ee`;nMT>xA}%0$3`cg)6&a-i{?9E6*3f4MI!OZvUu#7U+H{44
zgg6~`M6=j!GFEb^l!~@?2BMf~XinQ!)RU4D*I7C5i$6-l5s>1;_!b3BsNHvaSU5_z
zhxpoJOk`Y=-{I)4?mE<zal}ktcQ%vH!|8vT{vXcXG9aoi+5;t|OF~jYI;6W>kS^)&
z?q(<hK~kEbk?w97kZ$Sjk}m0bXY_yXeedi0HfQGSefH|#T5F#@{%i)tg$b*y$19;M
z+ss9t;KS-lkDqlitP|<)S@zF9aJ@P>eRMErJyj$&)tn$H-LW4@g8#h+{<QzdA3TeN
zMB&14Q;*M5$4<)-H{ro=jny1qx3*|q{hbMSk9h6Z*##T7yhT=g?Gh)!({j-0wn*8~
z#3<1-zh@YJ;`h)pyCxOS(Iw{~$GCJq*CWDj1F)}qwEvVDustZ^OkWxHGyHL@-dv<#
zC|;HpnDbaOk5C@Sx-+`*dbO&hrw`}vpLQ!m_rtL-`-Y*=@d!;!LPhP7{*m_8X@I@J
z@%#<lbpFxWIGkQ}rP&2o!~dvRl){C!h$CCyOkPVU@IXZA^%PAXkG>x#33=<|VWe0R
zN0a{uWi8M6P@O1US4TJTvwpk5{P(<eWH=%sqDJR+iLEEr@jrp+*MZ8;&Zh+9J)fb{
z0WcXG?S0b4>8>ESUxV|-Hzv4L9*3W+fzJk;&s}k}ia$F#IyO)hgI`}~YzL|w%y>#Z
z7g$<NE!S8Vv2H9X>fTo9rcyl*Zyq$&l?O(jQNzG&d@7MCa@_@E#9aItE7y}vK%3pF
z{sWv2igil=O$2?-$rmdaCYzUG!VgJ2moba}BL%)az4W)BBlTY=T_MOh#?oT(#j@%G
zvL|hbFOj7MU?t#kM|k~`78l!EsFUQ^7W~G3%%`WPq~DJ0EgwHy*2^-xP>Lw#>OaV6
zj1iRYV4#M*Oc;EneqA;=;MVY)M|(-ub8F$Pv;y&EGxCf+>wGZ;G~G+tEGANiAyTcV
z7nM1gyo9YhTUJbl1d`q^PH>;iOuS6A{bkr~*jiphg_K&<(Ea%uDfAb`1$VW@WB#K6
zvp^WBOOkuSi2=9FY`rbBU+AJu^V^NlX+G7G&rM^|S9JlI-Htcv{T^&n0ZB#op^fGG
zrgUkz7--T(d#7ml2_;KbE3@(Jbv4JEtl>-z_N%zM+)mB(<YtcHMG@OZkSu5Ro5zYT
zPmD&PHkp{}W2A<Kp@kpv;+rd`#_!9j?nd3l_TYdsQAhufZQP$gSVbQHsDF=--}>VT
zq|8|`2tx10QcRDg2;gO}V?>Xlyc?9UmI){)2}-iEjNc?(R14rILK?NJHVgB=@0o60
zMDLwnzJ5sAX>{QfW;d)YQ+pT3sseiMqcvzB2~@yW4W8NMsvFpMGFLsj2OBgC*dxTS
zEO8i8JP6np?mWDV6l|wfds{&|q26tW#XGxAay8Gj%zss3K!GY9^81|LA+E+&%Go*Q
zL$mAQEw2c>KKdSGwVBoAQf6*g=7>O<P(17G?YD1Dc3uazhWxi^%SlgikphdY)^{gp
z(Fda!!)xr#zDmbBbc1-~peC(Ry63YCte8hkP0gsu1g$6!U&q2@IJ2&kRh{ketIY$^
znf*~4JF7l&_3Bdi;GXUPA~7)UhrsNG?ddn*eKqNZsF5jO`#OU~mPya`WC@8UT4iP{
zxrT?urm;YDf*vsLHw4iDmMv5aO$&JVPf{u|ky)|mKm8vz$rl(K)8%0iV_Z@CH}ISZ
zVEsPI$dR?viv|0!bihmq(~V7|RAer*4$6EjUNxeUo5goIYjF1nxCk)1Y&=hI{0VO$
zm2<TcaOZFaTD;p45(zfl-*5;Kz#Jg297vd)GW(EP$D_|#_9Xr+ymH>cvxU_XwTMi?
zP?9i|FgSHrI!M&scmM4K-#l<6`yh8I<#Aik(*TKZ%m%X%L28RYj~PyOjH@uaUX^9o
zL?(6na?5Y?ZK`=+Kr!Lto!fqsz2EOPIc{sJ4HlY0kAl@G0teef_E~H-?Fau;V1d<D
zu6J6^<Tujs#k5gI<ExeAoRtMlnEaSdQIFFqG7FJzIq%0M_Sx@yUv5m=1nw_n9oj#-
zHHV_twU=|~7a+~IE0LdeN-cXVvi?}rSTx<<CZSC{6maw~q~+5Jf~DTQyEw$l3i3jA
zMiIPa?$k3RA$SVaOgBnYM&f{gg_d4bK<-fYHJh-C8k~$D&wU7mkL_NEwd7b9pLfK~
z)q?OTw`*y(Jxni5r|jpkQM@ALeWZK)E&8t<rF}*?%=Pe<-qnn<QgHuB+^EwtKFR+;
z|I%DvWNo2Io6Bwr4@oIyjEaC)EL=t)Td@Z5R9U%m=aoF0(`85maYP_$LdDle60K}d
zHnQZ$GMYor<E5~log$4sS8V%J<<UQqBGj+^;eS-w4`B*vl+^0(raaoI6a?7mH#^wd
zI4juLuhx-#2q#WDmRD?zz#Q2(={e@BQ_vW=|K-*3QfR!LCg<lzXAV!^fE!OCOBU^t
z9q}OjX5(8+cL&vxw8W8_x<ITSMO^&ecg3_;FuI-~yt34pBwDX6zPFtZ5MJ9T_%BRT
zNp@TnQcWM<#Z4XT{wh^+u>U@UKxin^ncQyA>04V~l-S~FDY`#nAG)a(ImC7oLeQ~a
z=65Exy%8cr$&D?%$lW>o!Ec&l9U*+9=SlKcjhi6eH`K2AKupv9T$CG|9UQ_{6uB7~
zg$I8cL%-Ih?4{nO)gODf{!;?+ksI42CL1?cF1Hgj?!T81q<`4Itten{xvKn={)9A2
zz8d)+!lJUOem(6Nk&(VYF(Qg1xkC7vy9UyM+xE4D#sUV#4MG%Gl^JrJu4{UgbGh$g
z(PhNKK7Ns)HD2#xkT%y&wh4JAOWIN+Nv!BtgY#~8BIl~mBBk>z?MlLhbS3ER7!nju
zA>VtJ$|xkeu=g>!`2ET<q<Rgp_cg`c!Xd?AcU}{#wNt|q57+~mRLs56&p1pxq$<h;
z`oBf&SDIgO58<gyHm*0qBvraCMbR*<X~OCM94!k8kGy1oWii=x+)R&J7hW*^Gn_z#
zaoyMLV|TXjBNF4@=6%ws@sWVG*H%Q6S@60mf6KCW<FS88t-MS_mgbS=4ezF)NA{p%
zW#FPNUgByTmXpypTa1O0q2U1-9M8eLnbE_AP=<@d^*>J-$pT(q-u%qg(5xGf^v;RY
zClktLL&P`?uO#VHtuSTwKoL}@%8^Ty$<*44-R;RayZ%U&TxFc#i%BykIo9@NTV167
zHjPZ3bOCZkca?2OdTa0mKGPlW9wsjn@DMMU8QD^Ex8bXFV+u&;K|(1a8UkBsP{7O1
zRqj&kCo#u<kBzV*nd#&5Da-Rm__7^0`{waiv8To1YVB*>0B}^Q*YNBc_G!KKj+s}X
ziL-TA?K8|bC=M;Hp^H01crV`JNi~ouXTQ6hkd1%@A-L@r&$3_Cm8p5%uQ-`@<|@C8
zaVgFeIgBQdQBYC7UnqQ^d^3vH>;F9>iQMO<D9emt+?~nra1Y@`TjU#M+n+vM6(4X@
zqm8%@@3)zv6wirU0_H!;YDIl04vySqDY|4L!IqX=&lB-iEzrj<H4;J+9eGk`$+j9*
zD{v#XPk%0Jc7Hmuv-(vnE^N;ab{S!+!DrM$cr+yc+^5Sc^Epl6YOIs=#_=cLL%Vy8
z?ssKpt|#3VqN9T(-rUE#TfN^jN#e8Zwp;<|nSpayF1s6N8rS8>V~tojBV7)=D1eLF
zoxd0c+!X;DpP*wek?ghgi>(REXx>>ChaIL2lB?j#<VZ*B;aglJsUNo6T##-QJkhsH
zrjFKk%;Rkz6h~ah&sMtU!J7jcc~N&d!cI}?CL$~i?Y{EQLxou&gq~!Zi$Cgv+Yv=N
zo1)m`op(h175;zHb+t4(W8xL4jQk`fl|qj{Jr^W?;1MC8(DQ1&7&<wKVof;@bIeyf
zyWe)T=o{NVC-j==>2qqMec*-!+5NF5cj?2gjGU00xZ%y5uA|WggU*KFnBr250^Xu(
zC;xf8@iQn}jRGlZX$>7ex|<0f;XbmKfrYNX$3lzG5ASD_3S(b&gN3V_-I6^6USDK5
z+I&S-Y!0;}8j{i;5j&55>Grf@#R&cZ>3hmxk>IWg7U<UzU6?(5e@Amz4GyM$PGVgn
zpzKwcd5(2BzPa{*<g1_GBFcomha4n{rajF&r?Y;P4?mJ&DH$OWJS18^Yjz;ReO`&N
zW72J%I9Ynh>S<Tu7cG2|PX*zrElh4fgdG*zAPI&ur0gJ)HRSkpm@kOxj2L?#xv(Qj
zyQj%%J#AO$OIl^Nu8}IAeeG>lyD(0K&nb}M)Az7EGlNcj1h*i#6Hs(-xFoNx$=_La
zA>$!G$FMq$mRL?%|5_wF!>HeGI%(l|QhE8rDMPlA^<o+@4(nvEA`c`%*;7bvsXJZe
zu;-Lx>hd_TIX@z%ws1&*LzB;<T?CvE=5%1?iLf0v6rL$RwLM@<_o&(WTcx7(m^jyd
zq}OyiO0wCMw>$&4D|4oT{$r4Hm2=6h?#b{9#A9|X@4(~bEGG;r*}_}XpQT#ZMbD?<
zKWo+2uD+;$Mt@i2U~~F=XumFh8=bm`>TQ06cHL%HetMDVO&saexm*TL!U9QB$58*}
zqSoE^`Ou6#C1xhOQFIEEJod?ej?O}g(_rkk{P%8&oG~BIlkoJS<_$BJ^ywPX7yveo
zPVF`^h`~C&TEp=)<Tx+5u6U(-u9G*I#JZj7O!QK_*&~|I{WOTrS?pQa{t)|Y^7k8C
zLz=+*-PMWrWw#$h9op=Vt~PXgCtM0VOXCkrQz055y&5=Q$5vE^3g`^5M;Hlar%tF=
z2!%fgJ2ss~q7V0zOBUVAYx=1e!1K4jOoWvUeNMZ~O~i<9GJ5?qJC~Sy@f>Q)zC*JB
zg8R|EQ3ht%-z(b48@&_LUVT=?lQA_b8^(MsM2&f<&0HMMkd-mSTO2=!>(x^&$a6gz
z%MzZSP<!BYA8L|$kTfxgpLVlTA`quGtru3(Fg#v7B;ysTb}KPe|3V56I~9{?c0)<A
zk)Dj+NJ1EKmE!Ee=+4TZ?c(E8PR{)rR?l}TnbLdzwJg5sz*K8pNp&N!c<rj)-0Y@A
z*j$Ne@VD^04{Wu|gRXwh69dgKYKsIbQ`=)UFh!n28Jc5T&2D>*g{oXX?WtD1Mp~{W
znccF|{tSu=O1m6g#66gH@4&xX{iCO~r43$PZ4d6;2;U3*HYa&5Y<jl3&?)(~C!}Xm
zDwyqJ0*(DcYB*COTI7N6AgLb$p;)!nw_EzP9XND~rdycm+l;pzFn|#pr<YhsAF1uo
z^h%gAhISD|%qoA%v@f{Nuy3x9Xs*cM^Ot-_I1$@Tg>lTgdp1Ug@9-=m-OmzKYtn1I
z%sr|uc`2W#hZF<q4h?ggzEdPQu#A{R=mZX{uzdBvzFl{h3Z@s}E;l{?)JpdIEI**g
z$sr|SvM&tAf}t(q;DaBWtV1SIaoNvG|FctCRfP-t)tJJ23z+vLhBb^i@_h9lL{>F%
zYf+HHv4=cu%N^>PPV@;3h&8kpOKTtZ#50rK`giF)92}oI3zfx0h>QhH`9y5CC=B@3
zA^u%v-FI^rAwrUV9#dOqxS1o`*)tAIK~vXVC)1nxk;37D*sf<dbs1_2i(q(Jn}%&H
zUAvM#7;<*^Lvx?>fVn$gdBcK}<yxuuaCW0jgdPn%8CK$?qZ)LI4^G#$#D^SpUjhx}
z0Zckej8z{3hj)qzfcjRmw4Qu^Gj5|w3edx&w6=F6G8)FKZ2afXU%m`*U0^tD%bR?m
zJ?g=j9COdr*&jj6ammX83&8ip_vm4OpGkii#9^M@bbJ@s9+Ke+k6qu%Qj%Slqr3v`
z7)5PHpWyZ6aCOE!u$$fwl!OS>pi!VSA$nDKg1H+lj8<M-fwWIfaAo!vbV?+#{Kej!
zwOZ@sWw9v7)Uw}cH-8B`J!M-zaWZ@+KE<8XI>=Pc{q*Zl|JyRP+~*WU35%?Q{x8FU
zE}oZjn5tYxl?(Mj57IrOd_Tgf7TnKvYN8AK64*g3o3L4S0jY(0V=WqwGn7wC%}v}k
zVL5iVN9bIkVz*=i#jCKe3jvZK_C@dS#zbPazsd``jQTGGg8u9y@qA1?&$(XTnRa({
z3KSf(kE=@Xe2lQxFubsne5N!V5;uckc*-2faTmGJ{@Ew<nf|$q=&5A_;uK$ddiv5t
z`(7{VJBL!Rs&r31Zhe5T)igS-IaLRY8jqNe0<1E&G0cGayV%E5F+dJWZYnaD(?(<d
z?EZO;{<nqnS{)A{YW1~_(^)#Phf3q{MhdI)tqV>g0uB2m)unhBnn|WHc-eL7o@Ocn
zh3S&OXa~Kw5?o`HBky7MMz_s!G*J{q;d6SLAFZaEnRzGTSiaG2kIeSW1FGM%Tcf3?
zNu{>2DOJa@a}b_}7?b#LYP8I)AlXD5a=ZIQvjA5<U;^pDw*H9m*t&Y;(f4zC`|fHi
z=YY9$nMd73v-{D#@fw}F^!a7Y#*@U3v7*%3eUE6;@NAtXEH#mN8sx+Mu!R}bD5)-M
z4)<)|0*sp6!+TYTLSs3pxJi9QgM?(lL7B>Wfsbg1sMPSPX_|`#k=Xv-z8^7yV{;A+
zylgoiqdhJH{n{R2{XTcdR)3tH_#O$wjtGSP>fr}@a0)64e%Izdc~u_E>s>fLc3)l;
zNF^kLY@3}_YPIXT_(*y*Zo2dHBt+JwN7Ty)s3^s8(>S)(pJ@$nM&!B+Z?W}N-Y%0`
z@ufMyyx&=1+ttI);x{T<aIGJmF3B-F`nDsm&PqG1`y)ebzR_bnxlmQb?JTRPi;R<I
z>^VOr&>^p6$#l0nghoQd<Gq9OZ9b{Agy!lEF6+1a9&Xw<2tC!p1@3jd<tcPOxgiqa
zjOvnU5Ld<4x%%(EWO<QPbiV`Zk}|yC*V301=}ofu-9HXm^-`o;z!ZJho%L`S9#Aqw
ziV;a^AMV|Y>-ph8{2SDM*VQZO<z(=R**2bick)Gyl4IhD(-DH4(j(|ROtjwo+)kW?
z*-{PaEiD|osPInd0i_bM<(nrO!vXY6xbNcEDkNM*k)p6C?y+asNhSqy|5MBTa7qym
z6GLTkK~zvG!mk3-T%pg4-k{wpQ~@uWO|y-K%?kd6OM9gLl_ykXgb|M)g~H(3s-p0v
zsi7iOU{A=#aAYaV@PyPV=FYspJYvk&K9<{zO_JS^^<|lS&dejt2MC~C`OzRr=8`!G
z+qoU?*Aa-!>|4BZlxEwMjZ48$Z^g=!yCUJ7h#i@<Ji9vlA%X`=IPRK{V4<7jMo6KL
zbo94Kfv^<OsL7G1{XfM|eYuIS)Xxt++tItFT1Snpwwd&J7VY@6h%x1TN4T$kj+_Yl
zRj7{Kf_fU8Qqfs}2u6T7AVy@w!VE+Yc`Pgv8CX>B!l390)?4xY+S&8%p(@`?+ZTw4
zx^-`ag-OT9$A7OvL?5=4-`%+CuZ^+3%h@C$FMRb`dP`DUwi2DfHbbF^tZoIFMTa2u
z$uM*S`)R-Pzy(RAKneae#1_<OtrD#E`&L$7A?2!OJ+&~lDxhy=j)Hv0#+RZX7QexR
zf1k%ToQde9HTH7RWVM&3->O`9AirH|1A(htgH&(SQplRKlugrNJ`$+}zo*G;QKiWe
zS6`V!#JSdcTX(L>jSkh0j0c?I{;KR?ws-$iL4?QM*Uj7AjLwrdh`7YN>u^n*5Me#7
zA1cXBz}vL1Wi|(=tC&{iM2((dqzL+1$=exoQx{qlc;khfly5L3n}uU+$R>m1Qj@YB
z<2)O|s!m0Sq`3n|p~G7atd1EnRJW(&WzUw$p9y+xZ6>PaRMiv2_L<$C=8<c7lgZ|Y
zgA7^QKUz#e`g-&jLO|F(CC0$<1N2(-!}=_HsAR?ZuS%4N$YuAbo)?)^D2QE`t>;e;
z1<SX5o*tdpeLHaH_^$o9{Bxppy@p2ND}A55Jw)k9kP;QeKY6y9_{Nv%|HPEv?lM%Y
z;1~4|ab#_`S@;4%#Muepq%{-8SQf17K9oL~-pqVz#_RH{|8N~iGT>dS$oW>gN>MSh
z%2zPMR!3`@*M6z_8$QOq@zE2XS#uz^{d@}=1|vb|-pG(@!FxUZ(JWMCO!23F*|4PY
zC$H=Z1xV5{NmwR9Sx499;BPEv);>4}28Nrvg9>bNax5eMk)d-Mcm?a_W^Ua&TMM7i
zdmv#FM7inLGrnq-`Y7C#{1pzbUoto|@QKKk$o%F$6=IfJtR+%V@}VSzOxQO$_GVW4
zMfZ_+t%C|Y(^WcqE&W>o(QhFLYjZ{6A&(uuC+4agFjfMaNuTEM>=eQog9w{;=2Fm-
zFjjrwslv^c%Z05~Sagr3*N@~?%f$V1EkMfU3#Ht^iL98D3H`k(nLl)*P4>Mkn?93T
zMv&zvLj2bWi8YEN{b!wsCnUnPezN!+X;oE%)QWdJ?tURI8QsHDFS8pSLQ{9g420Vs
zKkbcpmC40E?bkW~Za%x?s5NIkTx~<JK+|5WVAD+eNT4^}t6YLb=m}IfNUmN>JyuI|
zj3)d|vun$UX3g8hlP|87+#L+1R}&YLR9ier4@E!=F)Tn*?q)5>h{wM7yGHML<Ytxa
z59q{=`*zQ(cRfiJe%gO1vMX>*av7<ma8}a-?EZ754((;OVPL+=+9osm6V~QsT%a{F
zBR*^BCz;5ji!+SQ2MoQc$NPrU^(|41>3hVlIp*v1X(E@b=;tEhHy+zOe?XPZzIT5<
zUs$tLnDJ(`n9Ih&QroXoA$bgeSLp_WOA4;npNJ!!_rPcS%7`(QPA6(ogU<=n{r4{~
znP%VF_i~pRiBX_#X_ZfIUus?@m2gChzEjMI))JWMtH^|WG3*lgusG}YOZ$P#Gp2bA
zV-|O=+5&B7EYs<NEXS2qqWnA<79Np;n!5Xvcnn`P2oBF#9UAQ2*IXA4%K|~+@1i03
z0Yrh7yJ8OlJIuLx#1KNgnSv$z4<F@wS&iX<KS2o%3k!x+L{M5Ap0xj=7XjCb#pNvj
z>1#lHewP`gSQjSCSBJ!H$J-HBG7#bp3B{RfbmJwCpAEF(di8Cw8NE(dB*Ly?0{wmG
zI8BxRYJdhav5gkYdxk$l$-HL~tuO<Jmv_GhZd`v~+;ugWQ{;(zlr990#*igLUOeg7
zzfK7MToSbaCn6$pF3&_k@QIU}$;j~h6@6%b<sqbTDReOsTt~dI#r-2J(ER<U_mB6e
z*2>wAnM=)hb$UV{?HUwm^D51r12h<NAYt|H3xq-shbo%{-gUJ;n?>1~{ox#Lzj~ah
z4G=SQr#cTWzhbnscd910Tl0gLjk<RTTqPkEeUp<TkC<agMu>_(g(-u$>_#x%{j#En
z6z2yigWMmtl%|TO3F#_G`Z)4!aZB~NWDsRJa}w^rTc}=g#*!#<mNx@ls_xl8kuj=w
zab|Nkj`v>>icPpUe}&6n0z$%W6tmyX6*R{<dHHl25ZHRYiozrKtMp#1G?gEdbK65I
zdcD4)YTw-#MGyZ0#^LubQaIV7S>+!t>EO8lp_Mr=q8GOgBc4LztzgA)J%Z>g&q&13
zHs@vMB^}sYZqD9pi?L2y5+>fGC<8kyiQYf<?fF1YKg0hT?NYl-#@FOA$ENvAm-m9C
z_HcZ5r_TIr;mF0k&-C?^9V+nvc_eWKXlfsw<V$f~#}jjj3g6UHXe%;B-ZEdfWu2Yz
z#aT(n#pmw$zVmH)71}_R{MkLZcb7mO;3X|hAR%SV1}}>!etidYM2@))?U?~U^#<--
za;m7pVkj}JVKqQ6f{^{^e&+RxpK=5VuTpNlWnFuUdg=)e9mL(f1w>zP+w>M&`UF>S
zgClTM&bHbUVQaX>$NrJ>``E@U@3|<(wo)U#=FuA${_$S-=Xj|z>rZkaLiw%A?N{x;
zgue8Fe%9)3T=tPqY?qA}w=^c4C01IY2<BBE6kvs(r<Bf<0(Hu&YmL_1w0+HH!U==>
zEN$}f=SlMEAN4$H4(_v>A|<u)sX1=`N3p&ym+vAg2Q6h|#`gAB^Af(i$8uTh4W#wj
z7z@42Lp?YL5BqnahJWyLsMvkn3o7uiXvTW%_tfK1i&M9c%Ba-;sWd7!Se;RdxpRr*
z>53Q|Ik}9Tu6K}`LIW>5a~oS8id1_LXqQ-tJAjho&wRm|3)&`LTxHRAGWZHMHCvl9
zTk4Ml>Zn7JWJ78lkuMrQr;}jdr|vsIE2{o755vdYlmfq$y%dcbqfUXc*f1~4bDq8#
ze&m#>;H-NYyXAsw$>{Daj%Uv{jweqBiQoR3@7JWtIIKHtR!{5F1Fv)$qnBZK(@WFs
zir&v33=CTmEA{-um@6E&Tv1vszVe1A8(&-$fIyNx*MX&)C9{tDqIFtREJcuauOH?$
z9PqoY%7$EW-YLKuJS%Jpn*ZUF%&7g0mZRE3$#c>AFzQ_*;J|Fs@Ys0iAI4N2nZj&R
z5HUU!%{84isnyDDl0V%vjIx&^f;H%hBFGOvpdX>f!q7o;sPC#hM~|w~(S;CiWWsmZ
z12lX#lv|kZgeUYbXwY(8KP8%OvTSxyO>5?^VlxG1zTMYsGjjL2v#9bsAX^M3Rfi>7
z^SR4zZuV6)Vnp)44QEK2UcFrnEM(n0U^4VI`^@Jy{<^=3&`avi!L&|82*(<g$h}9H
zZe|-SbzaA_;ZeD$)w`^N_4bpZOC3l1Oi`T|7F+6f+XP@`5Qhs`w)F>OFYxImV7$Oi
zP_@R;?QA5Th*IRuKy|VG^{)SQaJ&D+*0u>%Pl~){92%XO^lE{iPD(_EBNL&iP~O93
zR{KiC)0E!>O}5UC?reLYxiOnu%`yMOr=G=35OeuzYuOON^NFab_X(YJ9Wh4tE-qbI
z_!+NzUmHgdH9~%%kb)K2huqp5izhjsq91{zEA2||j)uxy4%6?44J)OnX@FyxcXtg(
z0iQFNLg1#};Q$miTo<#=x`d5@Oq`d@%qRWYJDj-rq;~L9rIS&yrzti6q?BQ!P9{}n
zJB;2?@xg8WZeHpbTMWl^JD&Bk{($0ah0@p+fy|h`8WI=7dT}zFZ74DZ*R!npnTsaO
z`~HJR5#`?%*Hk%X-CF8_xM2;7;}z~zW{(_aVi*_E%kex&JFLu}8C=(jN4ZNk%9(WT
zm?3r>g*fL;(mPpWvrZ86gg#zA-M6c55_$<Hf=+O<5~a5mt@@#(LhpjH$2W!s+`7xm
zAF)W3`;KwOyzCi(mse?M6*H+EsrM?Zh{URiDU+0elw<pAC`K;OlvN3mpBr!zTR9h~
zcVO5T{iVv{XK7f^!k0s_AhJXjxyAKZn`<}MXp5j(y801sn<)!)ix84!m&wcS@qpYf
z_HASqJdgXU*e`H->Z(#=yUJnAQ-cLOW|_iutDnQdoNBtxv&mtTuh1i(BspT6@Ez=m
zRORPIdEDxv+q~z!?73X&+KIjur+lJecqIfspmBABxy>(0>ddTD6Q3L?@=#|ZC@{t3
zG?@RK3jVwj-Ow5Tg~Vfzd!PGVOTEL(IMLUAS4TfL@&ezmn9ak{m=(!+u=%fmxY{6}
z%k?z{ZO-Q<qwB4|i8heTV)Je@8{Uc7xCZ9aUJAJP75hwLe>X8@w7T=Vy}`UKEw<$I
zf2?PC|Af)499S-S@|DDTf-990I90@}^LG&%cbM20TaQ!OuUGWgapZJZ<Q=hjfg5u+
zn|IT4y_9*38(-%yepQ)RNb)OtBdRGSRjLaF-0$lM&6UFPkl)R&8Q&x+Q-Fo$P|Ngq
zWE%A){7-f;w5weaSm=@oK!x+?s>7**1}u;)qrPQ*lm=Hyz`9*?dRp<E&7iHI-cNn`
ze$CKE(Ft~js0lUM!E<mqE^GTWcfdnsCb-@)u@xUwEIO=}+(A_l)t%$?uFyw;<hb&4
z`ozqiTyJ;VdBQ-4Nu#7!EULtcU~ZX!Ca%jUQoYLSU!wWtMS<ycz>Pt1Em}WZCO!Ew
z%|R<=MXDd{X2hG+dR!j&r4JX{F;IxcLO4jt?{1?BAA7^|4VG6QnJlvd?h9h7T$|Um
zFX-;gE)Oe=ef1}b4472)L^f}VcLZ8Yhsx*LTrnkvOJ<1%cY1I<<)k-8F@W|X|I>}&
z=Db?Sg1@;S_=iF2*O#P3pQ&2B)++MCU9PInQgq}JU8hq`M<1FB)$1#>Ut|WG8#|W-
zx}XR)5VP<k0u{2C&?MTN;^?S1!bv9kI_P;V>WU-)|I6biw2c-bxAFU`osix8xj``4
z8HL#b#<q)nv*u&GQ2KpT_XEld0mj0)%YDPz_tEIh4wMl^PY1;CqmKz-<GpHxLiNFi
z(%iHcF)<kty9-=BV<q(^+*(feT=kEaXde|;1E#5VBEwyf&a4ZR=2}l0`Poy;Fqe(`
zYRN@q+`UIL%-l>@E#1`=l)%h20v~`@T$TGCXo|&#r)o4as=?2*n~oE|<g472&8Ie!
zB#J=GaMPhQUY1OWYnJp%^R_GbCfzS1k-ZLn>kUM!IohzBU50JkLAh&(%Z-HT<R{r^
zZx^K0as9_nM2$>`L)($h8yY9nE}W_80Hm}n74E~Z)(gc<XKPh^8Ne=pSik7gy2iFb
z19g!C?#-{(?b!%bu8S<SrKV5c_2nLjrYa0@{WdrPZgxpN6Ad+N6lrpo3Y@S2E`Ghw
z^Epx}y?O04#ZL3FpRqFq_|m|wAfoT00{xxDw;h={9j?Z0H_58CzVXmsBBgS1M*X{R
z4aItBf#d>a3YRDy4HsHJl<7v?q9z@)7bPRvtRiol&)O;iyS_eV{F*Xf8ZLo}Ra@Mf
zJNmuU1iZ*PV4XTWUy9q@e#1iRFO2iOvlo*y$lPITp8+7~4!O!7NayHK*@Cvhet;D-
z@rQ3PyFwu0R95BYDK#oR#Du(8et$rXCW*K4pF|_~zY;uijwg@tYK-R0fBkBgG*rLT
zB-wK23lX_-xSV-=!DG8fwAucIkHLgDy?uZE8$Z5iN;aMSl|elYP~Lyh^i;!=X=AnQ
zw0YJM2d~&dC}>54=;4reY*p`art#MB<etNFNJo$;uEyR91HEg~wReU$6Oy_YL9vK1
zQnZVC{1e9J{C;(DIE<&BxWON9lNR&|ar=^%r+Q;;fxmD*C-rWqgO_f&o6f&waj;lk
zz7d4z)cV9oJ9eYaTry<5aE2z)XZU!wd7~Qo9dgCdHZztIw6lDd>N(!{STfgmLjq06
z@A02QiLoH1_%`Eq$WIwO@0K%fA7y@z?;3bKe<wgR9?v}^y0`f~QO~}^%$xdjvI{vq
z<|LhZ=#4aY_s$YYEafzMP%vu45Z0ZU+>Ikpi?r3~Ni-winD|k-*CEbToI@TCzc`z7
zV&`A!*%FYS-p)ZmAE=5RaBmhteD#`8pnA#$lnG1SccdK)=STynn;x*)_P_wDf%o18
z>(feD8!gfY=%hsp$2y1lLa&1HlK=p*0`C;SJsCrnFQI<8T7!rnSsIw_Wqn{&IB|;o
zDo_7$XRgJAIYLwze&+cO1$^zRC;W7i6@7ZIeeneJ%v5Wp9{Ir7ug{pZiIJ|!rSb?L
z4<FT$X0sKhk){sn&+Ev#It>CTtVECCqmB(f8IHAoF1wE^a+q+sS+An=H5qDd;`3tf
z^zIiWOf}OHw+@4WVcLH$C9V<u!-Rj*L!6^|x;Tp8FRD=5>Zy%<Sx@7`H3mro>-y8+
z2W-FdSa#vch^3Y2Z_<hacZWJhWzUaRtpX3sulX`=qjBIRfBq^Pdl_->O`Y?prXB8f
zCtYj&dh-Om0G(BfyvmO!E4c@Yh5&S7B(!ktFG;rgD`(FC6s9<7)M<M7&u6znqh?Ca
zUaMhL)TrJ>_^;zx`r-yFOa)h23Ox&rK7HPo28{~xuZ5e5zvBm&bM{?jKbNqYJPnqf
z(A|V=aX!Rc9YlvvYG2Ge+{V4}K0d12Z}Ph$i8O+c6(75GT>@CgwT;~*oL&rei~s-v
z7kzV<SgbvyT@^K!{S3=Y+XPiV8lCwKcP=E?DSK41O)Y8<{?Ipj`n|S5oj3eAT0L<y
z`IX&y&d*f<#P}`ADU?;jZ)pGL&*}&pQQ=$Kr!+w{(J^p1{5=-c@v7VTPymcvJY(ej
z!Bo$ru<u6I*Ts$*^AwWZXtT97-f4^59QpX3WY%5^qoAG-ioF99I2Fdf*E;!p7+|wi
z^VqLS##H&1HuMUMOcDbp9nE?^-X>oyp3F6zz(l1BeVLl#dhtanM<NfkaB&UR{RB80
zcc#QqhokQvF>ck$biY(Ici>H$fY*w(S~L1_1+${>Rfid=ed?S*imYOH=(=R(Nw@UP
zfR06`KR^C9>et0VTPkJ@lEk+^r{>)%{jLpP^9SGz3=|=wM|AkV8p?i`-uru|1Zjb{
z#EDy;+4F#-^|FfJSfed~4g_p0;2HhyKT#xH!e+mv#m0Q2S#r5aIDSG@x0e6m;%r_^
zed@9Ih`i@iWX$Ri4fHsEe@+m0KfO7INfyk4HKhhr$BJ&ew*=>!cMHKHpeaJGay2EO
zIz~;mCJMa2Dz+qT)@%d|;&DW0j1QgIjq@8o(PDENwI2pUkiVLlxt!O60?~p)L0?p=
z)O@%c#_^Xk15oRj66+a<J};rL1;q=BCguk%A_K0IN3tixHxsDiAB*k?YCQx$E8XaL
zb|V=W5r-6z+t^PR#re&c{zfwUPJ436yElc~W#~P@7#(|ha@OYU{~K9S!~&wRtxNbg
zj@;B(fA*@yQDo)G^c(Sw&B``Ey3bWr#1FB-x(mXYK(-B>NO?CTg11rZX1!U-J4p6&
zJ405OKb~W}T<EBNX*8R<MclfFHgAD-vq?$9w8l*Kx5&>HA87dA1{QiV@A2fI;!BR`
za-R*$SL7^qDYAo3Dbo1N&>voW{=E64$|xHYvDZxTYBL0@3;csF(&_@E<MespAbgPK
z(n|S#$J!f7=ks9;NnaK1_n@;&YrJrdXFg>kii5VBKxN~F+RQ5B0o2!F!XZPm<z1p|
z`i2dOGU+>58$E`?<As{jrAz~SzQ?DY=mA!E@!CpVJi=$1Mh9n#d|nz+M=cX{2o|=Y
zLF^}3^|xJoE(gRb$Gk7A&Un%5?!U-vPO_W17_B24=s6ljNkYWCT&TvqFSQz_NFzwD
z$?Usn-l*YJZACZTY+w7F_vIp;jSWl!Z|=y*TH`S;8IfI*2!|ez34O8TjvOkrQ?B(~
z=Zbi=DF;s#PYw~D{_NTp;ni1$whBpb>q7w`1cCygz=)b7lZWY{#uRV)oeObqDUq${
zi9nyB`j0}x&KGyw`YqonScyU3Sp#9ELcVU99QkNXr|X3^g1E`{_TZjiJL$FQiD3iU
zeZ1fl70b<IU3c+W44Q0jB#!B<NTmrFgR)=*;hn)EJ_nYjKRvpQAaCGhU1wCClR>L^
zl|ClhWg<SyPKYt*y78B)9n#Q5YCPDah8~73sM{;J54qo}+pygkyFpFO!k7{V;m6T^
zcHYH3tMlcA1@%fhhA2eL=TTF|5Mq<R#s>-ZS@^j49;Fc{aM?MX?B&akAHV!qKe4;-
z%k%Ly)$|+#oLIBfln^!o;Ke=wj7a!M0^MRtzxE!8IzAKD)vS2^5<#%JZ=JnE;YMEp
zZm#J`NDz9rGA?j2`7Zu38wO!X92n|FNK^kE4m#QuXkn{G4QL0!9Wy{dQ&ehOnNkwg
zM`Z=Lt?EwXSTut#z`s}e#-^18%IL_wSE3pvK)G2-PuabyZj=`R>V_7%b4sWx!0<QF
z;Ssoc?}2VcB4B43+!==$(5IsU?*|8UH^3pZN&%0KCi@-k3PQ8<^Og`9t5mRY7&KT_
zGHk>PPHzE^slO9x+3FU*5NY55*3Y0$Oa>)T3>G-kPs|l2QW`qjmKs2#K3p~5-?<y}
zp{+T77W-ES=lUH9aI&~`ur&ejlt<nfTYH=xy{}x~DOzX5dCPqntf9qyq|BZaauGv}
zkz1Z*q3w5x{LR}B8U;@WEvF9OFAZt{Gb`A512s|Lv9DhOOoQdZ2Y5yw^S_%-|1um5
z4f8vVl^^i>-Czk&DCW^U&1dK548(fQ=eMg58ehVRBvrr-4070=f8gppO45ll_{qJB
zyv2Lff8(TuOyPnU>nT;eWC_C{PeukLq`=12*8seWmt?anfIbZgn136Vvg9A}vry?>
z_I_s0=`g@{{tgp6Vl3lHI@)F2pD=Fp#`i{Whx6TlkKoxe_<GrSDBp$*JTGs`4Ic(e
z?Y9TWWLaZa78WWYPe2UjNH{gXN4$PBz<SOJ<ENno;H)4!sD~up?9fzMD@SW|gW21+
zp$OE-c&UTHFJzp;4cxj_wmu~X2!T;lSqYe}V-t|bdE*<4uYgE+p`5}%3{(6^N*WqK
ziW_HQR*)WQqbrO}w_ZoT*9pqO2m|NKmHSs0O}3f|V|(-VD_&j9G(qm_K&Iz9Cbof2
z-Lk5PPBE|86Y*EAjlTkt^`u}&gR(~mA5e#AaUIfsLJxroogLF20pYkghzV#+-m|jV
zt6aS}n+;~A+rN0UB3wJEP)_ATY4jdX#>ZzoAVaoa#ds|m{F!%EvU`Bf|7l>A=sGSo
zNGqeEoRu5n#sZ(shq%%!lievk4STu~mdzYSrJ}xFWHQ5bR65+koesNDlgRtYhA^X(
z%LDPWQ|7!=dNzVTl^eFV|M4*6B6sS#v#;Y0qt`W09`*zsq1m%j8X}9wldg4}I*sEg
z^Ynf99#y;k=MrLGxt1YYEq3;s1@NCmudSLNy@6;74=eihl6q@>D6)pNc)`n=?7LPl
z1NPrX@Zn|WVb0k861^o0Xy<DecFw>206O&y%7i*7|M&rh@`H!c9t+_(HVElOjGAVt
zv{<UlA2HHJShPU($x=%~2APTS%|m}~l_d`6+{6j{Qawa2yHeWFS9WWY`9GSS+^86F
z8mT|2;RlzR-OA^*GRVH*SF~RArJiys&t%9gbM9VrrJWI6!1K8G4ae+n@N8?&JPL_~
ziN$G^D_lnZ?ssKr0GiRrTHKuRiF%F1I9;nW_Vx>G?y!031W<vYG=cj^1=K_7uT{}Q
zuaKY)^JP>I)T~uH>Y!IgXC?>qF;;Npuf@P@h`&p8G+Dxxo|*1dhtF?%aK*Aex_U;Z
z;ZY^I4pj(0g`~atb1T!RQo>+bjh05g%~g}FW`0Uf(X#g4m&M1`MSWSFXSCl9c)=-c
zL5&AaboLHiV(Qve^MjHh&wf~(XWmg+7iCOhVhl32&I^3Ew(9ao*xXWoE*T=R31jED
ze-0Ap(yEoC=)eLC4t@<)Z8Hx1e}?G=)qB!+VGg-sWXOP~Gcb~~*;2>QC&f&*nXA0h
z2~fJgS-kEj2;fxwwlwS=H697rt81etV)WZg%A~M3&QFJ!J85%R@eGlF+=Hc>-liQl
zNet@H4Q(&(&xj9lvcBoy;Hw3}{<;&dbMVYmXMV%`)>4BZm_(GQao}u-5=arL>_Axz
zr<VjBm`z-UCnER-zmU2|J@%t=!k?=9<3@n~);vrK7LZKVui^jWzahZ?C6a1Hs7K(3
zI@to#VdcO6!4c}g_0Vxi-UlzCLCGmuv3TKLt23HdX4&?7xik}d^-<^X@W;Svzt!Cz
z4*U=KbPV#1805jB?3=^WM2VS#G)YZyWBh7{;=v)JUirgfDo)`#s=TAH*y|yigOKum
zi|w4cp+Som)e1x$7!(XOeqbIr9(x3E1CIsoQyp@%KKU)mxj&m+W`UWXai@JpACd&(
z2*_Q$CZZG!C>nYT%O{iO6rGAci0vd!<=0y_S@y3k+N(Wi@#ziGi_VEu8sKtDKiO2Z
zM2tDaj^%%2Rgo})sIBC%%HbH*1KL%6^iu;$H=eTs5Q+Mhw7&r&7IOq#*&wup{?`=_
zLG$ct$*vGp3MYgm?jUniHEXW!`HNEqRq;4eJ9W`dz425g8`M&NNX!=!YLbd!TX<8h
zIqORkTS?9mK_cTV%^+S2!Ji&SF}n)NY%e_HBY5CtiNuN2rIWVL-4Q&7CI<v29AVnq
zL*8m0sbu8k@_&tG@V^qe@eJ(M$UCc`4KkmU7a<sQ$5a<Dxw3rAY+cjJ!&gu%j-n==
zBoT0#qRjCfmKxWgK9ERkFfo+qukld)4H+=uI>3%X)UEG;JMeiiVEdn4L4#-6nXw(c
z^Xv<NqIhpuWQ;n~Ch8;&rugYtTl}Gc6vj$a3JaXA%7B?z^d*HSGTA|GOXYfo^-s|+
zT{uQH>K;n4p0p9nxyH0OUdbiOpCjxiZgB#MC%Bn9b5CO~UgtLTOo7fJwwjc+Pm8xp
z7FSFz9yXtC2xgL`0)BhYw)hOTHkf-`_MKmx#jP0dA7QLR^Sa{T^A1IRJ0^WWJ0@H`
zgEz;7z)GRpOrie&92(|Zr_2qY7l+UgC_=ZB^A`>9La#;;BS!Lqen1@s@mYP^GF7HQ
zu9QM8Ym=0oWkqi8;wc8xXJb90YGnO6T(LpGP1KL($#WtF#+w5h=4NXAhCSx&`(E4*
z=d`mPj4_7m#|7sP!^vv;&m@eR(oqGO8>}q7bFe7^=|p_0f878?%Nv%zRv+Ao2N(@2
zw+;c+p6-DaSC54?{p0iql+!h^W^N2?h0w5MKRi58p6Yc>E%`!b5tD*pjQg9YT@9+=
z$JcVNhZrf$YIugE{EcZEV5w7&DordnGc6HgKV&kerq7GO%ccx$`3L}VR2oEu3e~#~
z5UQc@!=Vs>_^5&Pq`erM{HwAZ%YYg09p6=ZqBceZeMN{F9iTb<W(ia`dpLa+HjQ5?
zRI$tV?hI!lf#H6<gKKa~Ev|mjYr;`!Ed*yQ0&v2Uj}3mW9(1f;2`DJq4$K>#U8ka>
zK1pWuF}G@t8tvjSjkPHKpDdyBb18hTf0F(;3<1#YfA@}|s;sd9D8ijUMTh3Er{RNk
z6LzCv^?<i>DA&YcbGK@Cv9)s~c<k@y#qx(WJ7d5ff|pYjzfMD3CQ53X>3HpjAI8b*
z>(YTWsTEAuB-_{W(mV-(P~(Fj_1It{Sq7#ViY!H$5mlSG3}a+W8ywDMg@4F#KRPok
zp|jewxt2uONMb8OXNQZVlm9~8(FU;k30vpXf36(puBtgA=wv{xeiZm+u!%?>>JGAk
zNT2`+@l!Xg8U^bMef}UWlL%1x7?bDqx&6E?eE`R38bpC%EsUijnRUcwFmZ2Q4y*yx
z@HkT6Elq8)IqD(=#)BAUVFC@3d-Yj_Nl!1iPllLF1nggASNkHys?Fcxld6~>`5Lr^
zE+c5XbyA4y{PBWF=-aPd7%o8gu)HJ=;~%p3l<)FNPMJ&53ShZQ209jL>-vwfpT#Tl
zMB!zNl|6xfN422q-uw%WVsHTs_**K6n#wz<skoRk|NUvr6pBvgf-3p(8ug&&p?0@a
z_30=hQv@D}`BI-rqQZ~-*3=;>A}7sxVl}j~G5)ovxzvU*5|Yyoyzc_P^sk>3-iJhj
zr-KVJ;b;SpN{t+ob>gZ`%hKvDLPauhq;wnL3e|B>FW^~>U=u44MQ)H);B>)Rk!ozL
zaI#@FyKhSGIq{ETTAW&0p0~|NxqxGNt;44kXlYiN+Jc`WVJP!-T{&L*q2HLGo<34{
zZ1AfQ<T;qAFXuz#*2*31jOXRdo)!1<A?Oq-)YXqeFlzNu!%&0(1S}xpG9YOW%K=vu
z(SWrLQpsvc{{5*OT7<KUMADNCZlPV<2jaLuIZB8&f&^DE=E1yl^+eQB&=*KiUBQXq
zi&bKbDgP1-8tv)QsyFld`kE=sI9x{>QCre54BXrpMX;*<J2ukz7~fm)9jZuQ*0AK~
zYY(%@#RfO140WV}`QtDUV>p7Vlq_Ke7Ctll<9Z`to>7Zc)KJ}*LC_Zo(x@~RZ+&V$
zmzM%wO#8QbTtZ&Q*X4!@@_0ILA-PkrZvzunnmz1lZKoNn5;%AP!`6jk!4Z>FCXoFT
zUYo%XpP<=$;pwQ95`4OXFTd=d2R~I}M$f$UBHOMVyWdG?c6w6miJtqC+{Pud*{Z7Q
zFH|rym7v6-44+%oJeqK=4neB}Q(BH0UZB{&B}rNaS`j9xHRZ!~#0@#-&*cL&R|>4*
zFtM@rZYlig0YeaQN7~*m2!Q{RuU_ZF=R+*y4y-8IgUn+GuADq!bBVcavw%ZB=4ZOl
z|57amD{Xv#b(AdV#R3NpUnchX;U^wGe#n0tO!oP3|M^9B*d)OFJzroY$h&dbOmy#z
zi1sxPtNmjf2AqwJ&0M1kmE&?V0y%lp>)4)fSZcJF$7&r02>R4Pxu*sPQ>3Z@pfNh%
zK*>@O*N@#swHeYGj#Xv+AM-yDsUlbTNRmIBZl22pdI`I*7PU7Q>9+6cBNvNvdQSR8
zrnY_I|Dfpe_L)(>DKchgL-@J&xPLl>HM;|F7PSDR5o#O0cOAOBmEb^4%%IRJsJVHr
zO5;zUuu{@t9w$h^;;SaH>3nk<*U563fbFh+tw>Ux5kIO-DRz&}Fv&i-N~R2F6ky55
zOT!SDV27Ehg+!9nI7y~b&zZsNp%kU6I!QQP%9t5fJI_IP?SO3lN=!|pARLe3Bd}p>
zo_>J(FD%Ils_Q6HFK|9x6K~om*LR)W=z)nvK=%3<)Pv-aV&X*@$zcXLq(Fc3HXwax
z1P)y^=Jd{;>Vi>I;!eqgV_{sA01!6Hz)9==5J!IwSqw=&NN4-|P}ds~vl*pikdm4;
z59Fs}v&C=)Xg3kEB<&pYz%(?U+*ZWXli^99ax{|UjNAAIUSUu^<%7k%WnM<<o&8&e
zPZ}Jnmn33pvFy@CGCrCbF_)|fiqcaMxp}wUH>@HNm<VXU$84O8rcj%{e}H*E{$5#G
z#@3cG`#;_HM4@Mrzqwz0+Cu}fI&2PLCoL3CH-cao`h-pYng`&9Ndeb2AKd*G&lw3;
z8HJ+h6ZfJlkQ$p4hz*)}3_}x7z+3nKztVKEa;Ot{MUJNa*NwM8!CN_1pQm~UkZ1f;
zA`fU#POmbShpxoC88Fifk)Ma;fU&)WMp2rvi+{jR9h!bX)7#)y0ADbiyw$-)IM)U|
zs}Q1v$6r;ADFOzkOq~8r*!59>RDekYKmRWz@q(6H3}m8?@`JtrH{nw(<pmu;V~T)T
zXCidbr|!VRg#16xivpRB4nQWqe8z6x-?0VIMQa3Pq`~>n0Rd`7r<xXZs|uLK2Yql~
zNWypv$?R~yuOHiKE+IMvAmRt`6NnBvX`>*V5*7usUOjq=W|@Ss@!Im<8@qp#qRzck
z0bUGPsO^-*5;otYj{^oaK(}{0gnYxe6bS~@jFN{3|LN&zW!C2^87>7GbhBEO@_L*O
z^1Nc~4|ffS=PiN)Y%Xw!JtZ|Y^-!zOzbe8N8lP}bt>dzQ{Zb<~EG+C*1DGGGpTK&W
z@MPb=7q77#`BiH(sXx=b0Z8=!xLW!m;Qoj=jn4%xARs`;Vv`-!JE0?n_ubs|Dr+yu
zSWCnbKz9*vaxe^BTzGAM*YBL2*>wJD58&z3$i(F2<t2T6eaSq&PD5#jqC$ex%gb#=
z=KH4PIJk0X`N}Q|O-~w@AqEUa-3}o$0-mo!K~WjxLl<5azg431dixE){luW?Xe_I?
zg^wo0P$kqy1_+7|udn%=lKy9h4M3u|b#wxAl?g=$ekiAILv6j`W&iQky9p41;S-|q
z^?#HD_voRWzDv`?A}4_+Qym8{Zko0|Bu6p->LpNh(*e}ci%hsa{qM^Es$vU_Q@78(
zV9+D9=Cfu9_pszzab{}w-;{>X9%d2*cFzCblA!m@z_nuU&UE$lLT5b{fDLf;S&pgc
z`p*@60X33=beU)e=zRYqvcl3q;<ECDY5WYGwJ`}sv|-7vbx!v`DwCj8ZacwvLaF>W
zsId-MRnz5Z)fx1gR;8d!Jwx8D!+#|Rm5y|%k?f9}E&d<j4N$@xAn<d6&{>aZI>wl<
ziCOD`UNv;ewQWGxeQrsDmj7>6j?BQS9ECyl0F)Jjt-xK|O`OHx7gYFX-p*Elr7ZdU
zne+TV!jAyLlXy>pa`nVaW2?$5RVcWqo%SvM0iG-ZV1kuTe*a5CEg&5hVIlk1|HB3V
z?j=HJpotbniW|$2F%Cn$E47)0H8S!i1{585F2yy#{=v34cK@+KWi0~*0JCF-K9v8v
z3ZM!_uol^<ABRdLc0P^}^CHIc6X0ows^Orw@Bk9GfdBITe^*fqtfE|i!~Soc@NW{a
zE9ffPRC)LTr-c~$70Se|JU}StYH=R_d31W`B!I`wLmj11nEIb2*H}<b-|3gT02v?m
z8z$(t#t>lGVT0-4+AH+FG^oBzehtF-pD}=nIBN&-ZoJOtd}R(ZK-~#}-gX=ej5~(q
zP!|8k?JO}vfY5lY*ivAN@c#^5TLEOMUq15x_i?pEVmQ3P@>)T`UBQZaL3Xo2h4fh`
zLmg`YK@dn0pPKsQny4q7^E%~AGDJKU>*0c(U-m$KZuns&S@}KL4RMUo%+O!9Ibj2$
zZHVBy2a3v2qd!H4dQnrtd6a()g(_Gcl&1&54VV-IjDjNQZ||5cnprboPzS`mgYq(j
z;Ge4#E`6>Y5sS5^3kKQ(x4mCY=C`xM+&oY@pf*4y;9U=}M92>`FZgfLpsxT&woKp$
zkN@*CP$k8IN*=3W1OTITs1!$tYX{-ApQS?kDcQ!}$9@s4hsPgGc?Z_|3*hy2<0yF>
z%3$}W#|vDd0k#Iwp#csgPA19!$3KC3rvb`A#+!Ti@_$wIloEC&bm-Dp5ML~|ApHU3
z6vWzfJ2qwe4ae`wcEJ>rEd?hI0O!BfPm(>ijZ)}@VNcJ-b6ucCs-UmX>AR4Um;Yz_
z|8M>MFXvePPVa3+EascVP-zeQ5-;@6_sov#PpWrr($a8eRv0z|2MrXJK6d{Pdv6(4
zRoC{9!Um*NL`p=EloAk-PLWbl8YvY}kdW@!sEBk42vSOSNVh?!beACA-DmE#LGCmD
z?-<YXo-@v;bAMsLX0AD}{9Q5UT>EIvwi*81zo)=`BSM^gTJvGDdSG_VW@EC@F#`X_
z$$_h^2UtF5JH-GBYG8R@pnZF0QUEuUfZ<sQErQMm`A{?6?4Q~BDvhG+IB|YmiIFcz
zu}d9Wd0=~7Qje5{(Ts~-h(lZ$n}_!r4VP_lWMe}Un}3iaR1td%V2J|RqwQ1E1g~KM
zShBgAZ~fO&!685g8rD8EQ*u!b%y$K0^s>=!-@CoJ`+!5wC;HLUE0_IWg~D&HY#q_I
zT9!H<<VSxad@G>*oHBKXIZ8kOc0^8>1ESBj3ig1^9a|N@CY;W!fN1RzNCvx}xda?G
z$^=lWl)}*&O*)NU;YYP8(a|0&urs2&iJE;hp)cex%7g;GT5T&?E-lir>ZRCEQ2=2H
zA%qp1_gvvjSd>6mm=~$b5vYR<V-;$Uur_-=ZVqt<EiVeZjlX_r6LF*F1Dd6k;6oE@
zhUR`VP2Zt!zp#3f>z83n;eE+aNej2f0*V)?i>!n?@4%GbBkYPJXz{|iT|I;ppF0FH
zD-B&%#|b5LyXADgxQlm<!*i7{Yp_|<6FA$TJ#XoaAmHIT7)H!AE`gx>%eUw1r&KSq
z0jduIshs~owK_!gb}uTe=JaT*s4btf^ag)lnt%`MzD(#dA!SC!Id0ewoNv1-v~s<v
z4C7HQx*_XM(~jfiITt@2Lhk)vL;r$3ycIMBGM-147SPmBsHY{@mI6$xll^j9-dO9J
ztx7)-vP5A}ZgPp%LTIt#0f=3rcLx`lk+P^+Ld32EDg(^Z;0PRt1j0E?kuEU#1~VH9
zK0YY$v)VbIUhLQ*%GjLR(z?=LQK(wR{>`p~F|<V%k?f5-B7{@HZWwqv4+Y{DC?+0j
zx#VA!3hF|_`Kfs!C_i0@j$*a=apq;P;ppua9Q2fap^pp=-Y$|a{{ja=+W!LN>>1z%
zW-N+1cF8kU9UF8%TRs}P9?ITUtoUfluZ$qa!53gzg<;}=!YP(XA(Bx19}V*7SjI*K
zVVMgOs|K~(VWhi`sYK?gSzbY*mVayvnVD|pPQQwO=IB~h8><@g?zeVT+iUM~ATJ&q
zU~gnnF|Nq07pEi(*qgb4jVW?74!H(!$dyrau?r3#A_4=~a@JP_8f&JR>yD&L8Fa);
z_B4pKsOPvlzvJ91t|5=eX%_QC>>=eKkiPFCmjI%)M<6{q0_mR;4q%?S3B!06K>C>w
z8h6(z`i7lv46Z{ZE-_Ht2k$aL_(6S4<r!UwOx>K{!j${3AH>56$NhODT*$OP{8rNF
z;{YD|d;Bs`XC*?Nqj@jdPi@_t0jQJg^7T)r`3M35f~bJ+v+k%}LALW<%Oxu?{9M%I
z>Vy!~jWPh7dUeBgI}#Z}$BO_?l`eJUP5i|vI4s&@%4x-evoPw*&)CZScRGTogiNUl
zzX3)73ji&}#{VQ%kkjl^@UG+Capkt)#D5=*J5c!Ql1k3x>q~}+<Q|6?v9U`ZzwzO0
zQC=p%NP^XEaJ}qI`Qt7C46Ki@<zhgC{x?a4{yk_Gi`T%wqTy}IP|<{Nhg2ZyfTp~E
zBwO$e0LpE9`ZdJRy6__);rub5voe9u0#Ss?--K}^@ee_~V$D+oWgi1DAT88jgGa1j
z{0gUWKOQuCLCM5aZ*|5Tn7IvPW4us<5n^x~5d__s|C~ahVh!S=CZ8)-KgwVBMNz#F
zls)AqMh>D!z$f;sAhKZzrVK!oVyQQp&vG$@SoMG_M~hrAMQi|};`FltT_0qDg5#8u
z6hscaN%aH`Vgt$14Pro<*PKQWG$@)9Jo2w%{#DGWx&P}i|6hBIJ@`U4a%owZQWrd4
zl=AMBc{JStzfKbQK=B8@3T*(BZ0=~e2Y;cYCJTWISzdwuP$h1Q2nc0VFA(Kf-_;U^
z6A^8Vp+tfM500cl#vOwp)j>-I{^n3nDT5euR>eXXvuXuEY-61Vr5tJkv?7`S&(Z4s
zDAkn0K+JRDw?U<*$$!=0j~;*UTXZbqYx_bHUuPG_)qk8zQN~v{t`}OmtMKQ4iXs44
zs<4rO8H1QzKB2Zq2_W5R-@bn=fP>D10CTB5PNxkN%ZFV0tcGdDhmQurEarZTq4c@X
z1nCVuq(=|ZP9lGN!CaY=6NFig(5L+Wh?5J5f_@<oUklmrc@9$JNR|=_u-U^LbjR{4
z_5P(M?zku_JT&QtLB9ho7NLXJqFthA*-17NGcVGiv-r)l)ZkCo>=X#(Gs@Y!$oO~e
zRY8P&&Qd3bd_>*lXfwcrGgT@YfF><e2J51qc_1Lj-Y~)BY87TT)kx+U=1>9Vp%D4G
zNO?Zb6U02@-wgW@qHu^u%wwTAK!-Cdgt~wd5>5PpI^x5|PPH?APxlSBlei?U<s~Rf
zy5;3;#^mwola*T7*Eo+UrX`D<U-~97h^>RKQ;xdlfdcG+g9>>0k|r9o=&%3~!ia!L
ztT&8;@(CyWgB{xHR%@00*BMkyyvPkMlZyrB#-r**^060^51+}FM`Bg13wAb-VUESU
zK#5>Q`!Uutv$96JszER6$gQ-O4_8W=UT6@h`IrMYWS&CvGRT#23}dBRa6<)WOhg^S
zL#9m*%%A*vMmiE~mZ~-oq|m_N+paPYfG5n+*Olp=skN+r`<3P!H@&o#H-R2oWPWo^
zdt;<HHcPL4-GUi1TVr}SgKo_E7A;r2^eU1!S01OpJ-ms6a&q#j{`2RvZva~yagWxP
zh?zZFnIgF&E&Byswg!&&{^8qrG<Defi;I(<*RFV)+|kWf;GVkYjdi)5$>1BV!-_AK
zI>EP^?-!<Fc&QPhKbha<9=c3<U8T&p(0AK_3jeB{*t@q>kp{8+oLwU`QZdW(!m1-W
zDIyzQbHX|^T4PRq#tSy?d?`cw-Epg4C@?HaIP?P^2s2A)$zNXJHj!dRzaol)imr{5
zYhKz-#|<kbn5~-QCfy42z5iQD@AvW`6NiDc(Wm1Hr>zqnf=M<rCpm+~kH=Zxc)n}B
z^9#wF;8s6=vl)A$XW0Mk=H*v%j+wB{N*x!LU7u3trZtZJ+6bSa0=(tD;0C@p--^wY
zJj^C4&_gv>wv2ODDie?o>gGIRu4c6ADW+z}Q5fCtelaB!D5B}`cyCPIjozvQlX@xN
zFX>8yB!#EOp|2<n#vlVFS4dnHK7wk9bPnuQ3GG|Lc9Mt>Qoo`ssKtDnyNp_mQGk)C
z_$zsM)=v1a<f6#drco$CAc5oJ=VP;#QMcknb`$x{t=MYmF+FaXAyhBPVv{%tUrm#q
zlWMunqApXHNp<Ra_x#=O3sQ1nXiP-0K3SMIjc`P?SW7hOhOM+J4EJWDcs1*;+B|0t
zT=(8!f^Ff)!&Pp+aJqL!*%b?_8WKxZ6>o2Z*vB8jZJWbxTjDn)iRQx--#N|+1|Mzv
z2G|dA2b1bu;ad!9*xs6Nip8#FcD|tJbYwX9>CU}THT9bk*{h|?FN3pv4eQHz4BkFK
zor_14(A{%&@5sU>Zk%m?rj8!Nt2%|r^ZsxfBUqC}d|fGmRU%tAJq>PCH|BHuz?gkG
zd)bV`X7jjqrVj5JMq;LZUYM8V@m=wnJQNJt`kJ>==Oi-#k}q3g`y)txq60|gXGFzs
z_zEwAf8ZWhyqD5p(0B7h=bhVZ!}l%^_c!0$QWUQ4Z5MuCN{|1lHL_lsW%fjCg*DjT
zDN%~ZVEbZW$avG|-vLAe1I!#Q8Yfwsb}P%F#qR<FMsZ%X-46al629%CI>Ns)9{3>^
zGf;&}=9c{ISomX6oc&MxapJK~YEy5OzZ}%p9rUW6+#e+%4SnfWXH1PZJS37WtUC45
zm!$Od`_Hft|GfSN8h*uCstyfQ9BKcp6nms`01NTB4RgVdkO*{zOlF>?rcCvf<^KH|
z6OT*`@J-TbwUN1gf9$;rs)IM1s?*1CeMVEW6?F1GluVCg7hkRJ`q1#ZZb5?eMv15H
zWa05o8I0udIlb<sxlxi*p%^A7PdB`IIa{)dBkJOBzC^Vuej_`qVN^417r%!ci($}`
z>E{JYG4fGRbvPghi$ml1Yq(cZRpD%tFT?aj5VU$oV&$51iNy%xud2nT!#a~lyj^w#
z8uQH6YNIVNX^TmUQ^kD$*oSRmB#x!QIx&5mFW?oWeQ6n8`yy-csS=Ok#><p!)BUE}
z&olEA<18Dm{k>sIvxVQ~1>82i_|5WGt*RVpF;QZanyVB~k==AsRTAXRIJrqdW=_IH
zX-MvyCHQ@A?V5)quA=D6&5Io(f6+p83CK^qoZOijfgas@aNCUIKb!C2^{_#hQoEkS
z_O;LR^yx3J9y1TSu~wL^TCUH>C?-V25=S2X>Uihjm5f1a7T|3Zb?Gy8@B>svM_a`-
zIN`99`KK~}-6@_JbCv39n~5<g{_MNS2)mS`HIAk1cmjlVDHf&d+%Ov`fnk!a_7fr8
zK7JXNsbx!_av$A=Sep3mLy6Frb%k?e8-~MMV_hrxhp55I!Z8k6N_k1S_c`jnGZP&b
zYKV6Jx$dLaAU?!ugQ3)$XY{)-NQz4DSR$Sj9YD&D+d*jOESn)%{zT?Xg<$!vBw(3+
zdD91;0&9FNxrLFaGcsf_JA2fO1zy)yF7ZtLj<GM*=VvlhPuk^*8)Mgox`b8<f-ARg
z-~Dwmw3qfQuGI>$q6J2XTl&C!F>tx+nZU&}1oP-69``Njjdhm{1dHw7swtZu@(X5z
zT_VbTB)Y$lB22U5df2%B`%dM<KU)zJx8&dd9Nb&g=Q!-<6dT&aNK<_C^9QhG%5i|u
zIl(OfD#g>z_eNsbHj9;yC{#Y}3#C5&Y<88&XW*Kz|NkQ$j}6t)3~trCM|{4?&oOvh
zW@5Nu7}4B6s}>ydN#b4DL*_x|pi_WfEY%+&<Cuisrx_Ag4)VF%U#Vr#5Hxv<3?q?8
z<+JID!{^26FlsMyj*dVk3fqjyM^pA8uhq}o1pgf-)?E)2jKo_X(Utz;CXWzq@>ZV*
za+7xmH+dT)kH4x)sVS;N!)KM>;DJf&RiHZZZn=y8z4lhtq{%`(1p`5mDWfpSBX!I)
z*az<A=nV;TT@}-eN^-5$bSBZp-wNKc{R)M8{bRzGJ#x9W0E<kr2}!daatqkKuQ;R+
zb}!SJ3Lg@$^CKRp$aWtacQ+*rDjF$Q*%r2c&i;JuThd1N5ANWFYQ14X$1A|EhQ0>W
zs!;^raC|Ka@)%04D{<Lp8b(FuzyUEzQq&GI=hO@kqjXB=E~1WM6nMs3z2Tn~wUuaH
zInY|v*begBU7ShCigT8oB9QXkp8pa*o!lp07r?mub$Oh|U^2tRx19!0Od>u8PbAx1
z-`;6zI$t3`P;5kZxv%yXH;!~=WqG3g?zOblW|>-H-!rtAVi%$KUwKu3*^^+us!SV+
zN40qukCy|BL<yO8(Je=-j?4#M^hO&sAY<ud5xIge4UIf+(yrkClku0y--}{jX;V2T
z>r5*fsqFHEH-7@*^GMevZ8g2DX$}#^WZHWYgl#h_iW;)kRZhx_B+Whhc0Q3LW&Pf5
zaPy|uSMj**qN<h&CoE{^2!G<P<%piQdq4gcj4<fB5ZWffN04cZVmXT5&mQyoSm^I9
zk|!hS)qFzK<9VWrcL$PuZYAm6O26|_3|0DQG%$7S!28hC9nWah^U^%A{qG;OANs@Y
z9kq66O^Dl@l=QQ#><?w{zgaw7Br$LpRF%1xz~**u>Y&ei@u2Eh=k>|JUHu}z@`Kn(
zYt8lh!5h^oPT3Soqa_dC`Na_qCgVt#_m~|Ff|&5#oyluCkUaD-D}j9lfA2SLzDau}
z0xD#jE5ISqpV&z=o>E)^Nx9|yO$pb6fVoS;VM_YLa}cUQLAd4}U~52;_5y-W(MoiU
z;(0nb5iH6pSm+Vd818G-%{9FqCoBbN-Ps3bw#IGc)IZ+&_zg-OX(eYCYHb~am+>1N
zY<mbxF4J*XB{opdd>4|sNwUrmVUp`*TuwPQZvXjp^>~rXy~`8Tl=4YcueS^R=!OFU
z{IfgyiGnlVls)*LvZ2fh`f(d~RU+C@@jC>CyhKk%teRvjPJ?SMvnXm~HvO;j(esP|
zrMJ41*&tud1SqYEF>v!VQ=11BL|Q<<jptt-KG6iOef!PT%ZL#*X($Wf%DS&<PP0@U
z5CiOlyx;vDt*C%n^*$qo+ZCe40MOFJ)Np)e4xsfWZTmC%G@(V1)C^Gk1?dM1XoNh5
zMsf7|)f=a@EaE7N<}W<Bd&&ujzfK4r6)FVZWC%W^MEI!Mz3tQZ<G~Mxr_*rjKr2J`
zrvXr#w>kdpeT3F5m;h>jh!{Vm<%v2R7NVo@<$QFvGGKH*O->IQp$TZo$H_m7vE85r
zrbM1MhjU6B5Jf&P0?i9_HxNbuS4Qn+NvS|Ti-qOD6&9VYUiv#aJ{A$K6wLO;5VSM^
zTEbL=j!w}hJ^&1#e=i5FLLlXe0t?63rEcS3n1Iw44KjbeX*%9hx9TT~ha2>T8l8{c
zA_U>d>17uQWRPm8y;+&B7th=f9M*uVNST&FD?^Z-dmC6l_&sc>-WXQ_2_z%iw^Leb
zvO(-Cj}?bx28~WlK{&DUrz(h+d_apKk%9ZEQc}SdTO$9nE}~P~fG7-s1$@2ukQW+}
z0?bR^5j)`2K<t3+4s6k0|2tY#2r!x*JGcoMT#zc<mN|p+;MBbSds8=}@TjU1Ha=)h
zRuWqwqwnlhb84eOzp^R@luXhk9&#?K$AG%7{9Js5X5t?JB}dsjlLq!=id*5<t-?26
z8}aaIPWj`+g~?893Mx391gNIs<E;?!zv*`eFv93?Pk(4mIiSg&M1uQ|K_;#>E~hFw
z7zhh7Q=6nxv`5%FBK`U6c_s*3_YV<;9<;pzzz~f?2LK2smIa0qXA6vvGDrtlncaQr
zzh;1S_aQLK>vRg$&_jhFu=aeZ69$zExQ0WENALduzXMBAv@<>z`>(0h5C9f848BMc
zKs<tE&=(CA75%X|nA=zO?vIvApt4~FcC^1NflE&$mVB|=?+|`Gr3iH371|VZMO2ht
z6!k&McW(4Uf_V7USadM^x!&#px^S)@`XUrN{sy1|-dFJeAcT9Ak3=6s08DGOq7=NM
zO`pFla=~e@AD>#J<etI0)R#)(J->!dL+XP?mi2A!;2b>$4ok5Df2Sg6`?!mxZov(o
z$Sw@J9Wn$P$2};}2N_@YEr3bfJlp36Y;*yzX!1@IeAyU6x(Me}W*h|Cnt^%4LN*%(
z^y`{*wTfn?wrkschYJ&T2jl7}7`(&>mx<?;Jrn!KiVX1@N8?lv-ksQ)6O(e^uJEkK
zqEtlK^7V=Se|Rl6I<QXcTONdv68(U=_@x=WM}fKF(&9>A_+7f@6pTBw$>U;OXF9O5
z?EFOlS$j7W@d$5`4xFsf%M2m2lg(%;EXtq<Km})IFyvcCsld0mKE$;_-j_}YY~rfl
zA0W{TQ8^4++pv(uWnyEK&??(k(un%k%YCGWT8D(B7^666h})*XkIDQINHkJcpHtAl
zMa_VzzO>eda2>J+kLOnaE<FE;VFfLA2cR)W*cWmbmIG_hV^JrldREe*+YC3Qu!sBk
z2W}*#^sG?17Pv1w-a3g4rOwHKDUS`+vba_|J{sf?U=v<(&)sULPT2M~|4j<?avSL7
zIltXsJGx?2f?&r5M;daLcpLykOu0rrC@^7MBV6g6>f1ommKrOFFus<j@6&#8^KCZA
zJhGY5NhEcY<Mr&&aj<m#IPT<2!O1;LpNjPZ$PGoG18<7N#y*2bEXs~M2oty_L=Is^
zHzg<;(XN*R_z46i&>40@Y1K0w{CP7C*Qe+rDN!X3W4HOiHU(+kP8G-PiauoJ_GQGr
z5l^D+M5%-;5MPuMp?*L3;u%(fHAE3>PzvinYp5W~QZ7;futpqMLut0@%j)}4!I$Za
zJCia=a`Y7R>;3m@XT1B~j6F~)&U4-gJYjWqnQeGhevCOZN=VAbQRe^Re`f@6V^rh9
z{gc`sKi>Ee1=$Ji`T6lqe6YX`?mJ;1JD!o_INo0gE3!T)3&9Ayk_$q2BlWG%fAI!=
z9^u!v7g7WeUg9AOpg3~3pA;4S5MP=w$h<;#>N}q|YNq;0wZ^_G?UvOnvE9AjBjpDM
zLmj_3m?~zxm8WAO+~}Rn29yS!+5^Sg_O$2t0zu^S0ocRrhko8f0WJabj>z~ChV~L+
z#`pmvU?h)+IO<#jjkxZvt--bOvf{>$Uk6e}-hb5W&w4ZkI)|jiIljKDH&B^@{bt^|
zivAbL;;8^)_Fb{#mq6H4>LXC&N%Go($TWt274!vAUPRx@U!<@7OzS=-U0DEClscva
zg0rq$T%>lZQq)7#3MH;OZ{N^k^@A8_pd6}k9tXCFfNShKb&(+;O_Up0s;S!|=%|ch
z0ZTm^*zq3T6&ffVcjh?kDa>0-?X$D@Ehwxl^37B|IpJf>v$gnvw)0;0pxrnppBxkq
z0EC<1_1Wk1UqV!j7ZgxNkhVhyY=?-%A78Xa&tns&6v?i$Cl{Pim1Nf8+GWNu&rD*X
z7aCjrelgGMn5&2yE_w@L?~t-i)fxX8Aqzz}eq?>31Z45>P81Cso&y^k>Ix&1^&INh
zGFu5Qs@##2<XumgFAj^9H-CW(!_ojfF9XkD%74&?4`_Rr+r<d+?hovO>w6v$#O|$J
z%fZt8m3DXbkK5x}b8frs)MXj(|Fm2!b$nV&W&Vi0o>2cX_sq5}(TEXTlo-&cx!F&0
zuCF`<jT-JwNE+n<jr?qn0gYoY*K`ZQLr=G^R0T7Wp?p<?1G`{+8u3v9HBftc*byDu
zH)D`Af7CMfEgCG<H0aNr<&Fh#&IMNJWx#%Wo?hAmkIWF@BZnFt1|WtarQXp5J1wdP
zIQ?pt7QSB>l&tXvW=fxl4jB&wfT_NSOvW=(9+K&8>|Arr*R&U5SOrlv0nQOk@2y`*
zdR0PZL_Si-iGC%Q33wC}{kMO36cfUurjx-xfk*iP$&sQC0R2B!eR9-~X81jv<?}?w
z(C;Oc_EJ}!hPPf={Ukv6V;|n13xDe>5WdrcE<A+r;g>+@BJ=qPCL<>3ue1!kNGig}
zKaVWjkTS4E$lw7s2s)>8DDog=K*mK5rLG!42KjJlEc7czT*w?~nL5~P=)ya<4ovYX
z8&>t3g@Yb74rJ5-tEm=k02ZH4^F#tf@H2Odmj|razD_1P%~o=$0O#+h+0Qw@P6Igi
zw@guoI3ENx&p$#9@PCZNGlPOwfD-{CzkZj#0uAQ}qVB<tGC!RT)K8%6hT!_lbd3BE
z08$sDiv$n?03faYm8Zi241mJ&yL`&I5Y<3jZo{Fu2aTAgeNtwAG}6LPC(Z*vTM2ga
zIH-ZAs#od$^IU+pav<n(i)=%^XJ|#EMED$urR#`)OUP-D`r4H{I>oDq{6ZTm+T}}w
z52lXzty>@$QUTA((}zF(TP3hiJ=vGIfsq)_d*d1{5M{?EEO|k#3-2vDaBUf&DqVT9
z2Q(dEt4P|vJLT1>IDvXiVaa+wABi^oX&HssutS&aV-cvt#{eRD4=NWQr`3z7=uC(j
zMp_*0{JCVJJ4e(3VCznv${Rri3mss#kPzpM1d2x)HW-aCgdh^Io@3;LI*&8;7JNbQ
zNEq~ZZT3kESWt8W`(w6NYXl!D6<m}8bknAv5|g6AY(XiZqHfNAp6%x{K@8GnETTgn
zrar2%8A)dsEJrME2-5ek=?Mw+E7E|_hf%o*>XBNkAwlh8n`EHe<4Bl7^wOuaz;jK-
zu!Q@dZ3^go`9biAdOQm#{#8oA&(mT92>j=!FE5VtjoXk=S}6f@T=%o5z*>7C=loF3
zXDE)vOANBlYadt7)qfd7w)%Yne9Gb~7P1L`8$3sfnMegRqUZ^15t(&>J{4`ixhzrL
zPaj*k5y}Tf2GM)CA6v#s{?GuWfF}C!YJP(~iCWt`n35sQV<0kdpnOE|_?wOE0zTGX
zmPr$zbL~;%BPAgpsm6B)Be6-c04N&a3Rsv5r(yvdR$K+-_t*sAKJz>{91W=JvLZH+
z)Bi~#5TSs*!Fdw$L<-a}<WgS%L7<vZdj0m&IYFZ!?5saemnJ+XC>Zc8mHQTe9*`>9
z`Ossauyy<8hO^=t1m^%SR3Je79*W0XKr=cv**|CoF=MJ#C79uyW*RVIz!Pkc@Dm2{
zUN|3m2ux^dWjGiiQJ^;P15OTx+THMejRM04zhPhH{wqN&2O0n@pVFuwo!JcvsuY;;
z#<#0Ls0@^r7te?8B03jir8L&(Lj}OlMc%8x>aK#{uF{&GBgiV~(uD9ROME$_0tFTT
zCggif2js3OI(h9MLlLEawY3z;vylX&!0f=#0ZUpO7#1z~jZV7%>>nT%_XlEnmFy#a
zZnHOl9ay2uXrNz-hyP^%$Iu)w)O{wP<$UNOSUdl>G$HU9@Y}<nTu_Ofc?=m4&ZsPr
zHx$btQg{)jf)x%>OBB^x|1Ua%qyY>)ZX=I`k_l*NKO(Bv2QvUO22^~Ye0ts*hw}j8
zR75geJ&$}Av_O{lx1ZvR!eLkI&p-mGsu~PEj1k~CYg~Y!htN;}%_GoY0YQNA-uDY<
z1f!t70>W|RRHZ$SBID9PmNXjQ0S~~}{_=(beC=ODKJ|!y4f(HK{A<YPnDZ|p{{^_!
ze-Zi2F8)R2e^ZNpQwv0f@^5N!o_PJ6Bmd2^|ILxlv#EcJy}uRQzs26)Z0g@)@3im&
z_3i&(yA~Z59&sl(gYCz%qU&Z}sF@QK?9P#g4K3w)HIT-o4F?dP<(nYVcHbXgDwfdI
zRxM2#tD;;lY-TDx*nLDjR-J8CzEi0_b>B<XTnZPQTKGRUjs*!zRu`y6DhjK--KSS1
z+$`?99wb6%z)mr$6I`w&<lB@EF3d?PwD@{dU;Mu1@XM!uanPE`K{OM%bZDV1WCXky
zyst6I@x8Im9!x%e-&*K+`x@1HN`(03j~aoavuJ-&4+WLe!~HQe$BS4^EwZf3W+Zz*
zUP-*WT!`;~4I~YvpbybbAGCSag7Fx}>E2+X%@%H2dit~GZ*G}`G4D!rRsE);Ye|qG
ztO#)|ftZfs+-}G{oOC>Y_DI?N@dYiGv*2TnK5vV7sx(sM3pm9DmI|Z~>^@%#xBEA=
z)X~$QC}*Fdf~BB`99=(xrC0&irHXW*xqLb+=$7@VQ(0~W$AG)_=bvhwemb;A!w-u^
zH1BLCrOD2OU_^=<fq3Xq^9{+1f4hIHk10!V=5iCnb&v3PevHr4@MMci)L4VwQLF;x
z+~3|&DTxI{(DZS~Q}`Jf;LRc0I-WKSm=bCtY#cU5*(KM&&WHinzW6W_gmpFw1(uDW
zt&I>&_6z^r^G~@kz{8sfpCqaTe>_kADTd+^4cc8zjp7^^&ypC*K3GwX*yMbI_D$A{
z&|xA3U^QgHmokD%_8E%3aM14mpBn=fY)>|r5^+y-r|QUtXJqltmjruyxsVD6qRF38
z1qlEyOFt=H_`6p$rBc(YDoyjwH&c_&s^(|382jxrQcyg!ar?_~yfXr=TtD97MK?t>
z={`&UB^AYEAFICv@&9>F^-a*mJY98M5;3K=>(q0%_dcSCh%;@(LHbu|LCzkTkW!ZM
z@Gtz`uPJyd+Kb>YmF_aZ1#eL`K<7WsTY=7V6-+Z5A(#C&qRPMf3|J-j4Ngc?Bl$ud
z#0j3_`=t2p%^59Iy7ADg3_D&I&JS`teu(@uH3_Wc`#)^ZvBL@>?fFMCJN=_ONTaxb
z<VzUv1ulV7PFpCEUOi(Q@bwbX-0;n-7q9#^!3U?Gh6~DGy9+Bs>|Ce@9R2k$^y|!u
zt%zB>`%Ax^AN5A%f%WJj49NVCN9zBu!BR?crxMbPJHs8(Glj(`VaP%hgbT}F6ND84
zeWgqIyPmHVb-!i`;dw6uN~r--o%MQoV9Ahck+}mI>LX-$ddLOxJs`tQ1c4t8?!!^f
zo3IQX4-pUHdtn1;1dZ6V3wQ1QvDHoOVFf9fK#nl&FEC*75~SK7)Ww%Te+T9WHY`5O
z3>cc8S*s{BRw4u^S$7Wnprc1nu#Tq;vO_#X^mZ3)qNXFxY0+J4g@9w7*`h~PecIl_
z59|sd_-RMih!Fa8r?WK-Wu;nMj{c1?l?PS1eRG9GapOl8Et&*fr$5H)--B=ZoBjrb
z@6vQM*ha!aMC!34A=Y?_jiz2NIvAbaBd8HT?KNCU_IqnhTXVoB722rySbqF>do^uW
zI15{Vb5{v_{%nRjy{nm7t(hQLz8d{{DXX&R`ho_P7DSI1%wIc*{IYKcl1B%|nzF^|
zf?ykYbcd5^18P!98JwR;l?h(FX48gzylLRuPYXypFG&D7+RnX;(7g+|s4#{`#0FoE
zUlShcsJmMWfhKj(Ek(!$JKy#P!1cgt5sZ|3wwXaJ2(yIW_mE_5xa=iigj6<o38Bum
z)u1##J*?uyiX-@9f*}TuI+c)9r{&@Hqh<<>i-HQsDW>P7pCLD!A^}a5FCIq6Ad$M^
zGs=S1W%@8GN1B?0c4&)23FETnMtbJnIIY_OgX(*dE2~oR!3!Lq#~(nz0lAOG?T!YF
zfwc}S<Y7CwJuI_%RE`vTMjF1O7jP@|Gh`tSY)ED7c;TTzrkP8Jc&zu@d!#>$>H_6%
zaD@8(kOJHbw_WFhuzE@rS}n1HLe&pC@fiOS!L=%V^JS#ar?la=d@}?st5J`^a>@#L
zjSzkmd=#bWGsKZ*vCC!GM##s*2JzgS=GrM#WdUUkM{TsFe!35yvu;7tL>lrHth-h^
z$zV$Z30^hv@VVEfgO|ZR2Sl|r&d2P8<fRZH#I|2P&c~_~*&)MLuhUbE4GHi${+EMo
zp7<EFB<Vk)LqV%bH8%IS&1UFe50KGkT%*Q@oXc#6SLZuTM+hu=MWoA)#k(OMse)9n
z{TC2bl+mFh$EGZr?(H7~ExgX~q>S=YQF8*mKJo|{Wd^hqtBEk;kmCc?uAMmJasxcm
zGcWD3?JkJHeS{<Z_g+sD#7UbBdI)kGxF!!ttYz6-sdzdJ*)jLzrN>u;?;)vFya!RK
z{<%C#HyN%%KqdgmbqZ{S0&XItXzGwr27ozYDV<)IevuT|&=|g>z1MZ^xCUoQ-;1Q3
zA3eBbC{zPRH;-NnW;ZPxBe(QKWw0PAYR5kkwfg)}7LqL+hAfFemz^$k&|M_x24Kkc
zJ?gRx=%TCef(e8R(Sons+Ee<2NzSm|v?9~Ku$ij4o@!VE$**v#1{?@Pq$pE5Na=p}
zg@xd%K7;(;fe{kk##N6*q>wGZUMUc=b+ozb_c5DK4MHMBq(bRd?m3mL>nB3DIjjt(
zi&zG~XgLOeiz-RKZaThgz^!H#%IQjY-k1<R5rxotPYBup(qw|{ArZvjvi(=mZu_w^
zIzm76E`az==Of052z8$ucG7c>;ZomNdbwYbzQ1F|7M!P_FK*)FO5pkFf{sV`ZO3j7
z#{XA*W^b&z&eJ=AV_<ap8FO=CW8OD5Jzj2i6kXbPQ{Sq5vD>45tXdmOI667<`#IzA
zT^Wi(+4#AG_5vLizFg>(1`5oP<c^M%+)(N27x<J|*hfg*x;P(M8<LkQ#3_xD4srt*
z((H|t1wj`%j6}H{%~B=lq2i>;57s3d<acEzk~P;E?uYG%K$E|esz9cdqPWQCv=x>9
z8;h`|(AD}`x_(nUyKLBT>>lQ)p=atMmC(s`+qofC`c|b9<8Z;3mfWr<kwqDFnA=FN
zpj-h56;h1_NOTE<v{SD_XG6h(g)WSNf|v*_T4);`4%bI&^S4cmS08auHgpcQ$@P_+
z%+vvo#E{M}Iu26}n<2SkZ`1xex!|->{z0cB$5g$&uj!$0gJGUn4@otp)t|e;<Hf<3
z`81|>6(sdB+K)>lr}ibNtDQ7P++VHkgx*Tins40`2;OKXz;=^i+$K5f?FxDl$Ah`C
z>)yS)?HbpRG5<3Cl@8syJH_>W{T63&)@T~5ISK0f?|y!H8(UR=-(ccd@F#P|>D9<;
z{L(GSfwc`UgP*0GGXBj+7nH!wwiDaHh7bX9-N#%X-|Um8Dp1f^c{fcEC_l8c2{fJl
z>^o9p2AR~Q8#u_beUu#qr{Y0N`Y$yc4(n|5x*0K%5=+s#=2uOmx!pBcRQ#%1YdbOt
zhvRegC|7mp)1{l2%pN$Wy3wYsEKT~lG7T&<);G_R=rNgh375=BQO~%rt}Cr%<TU5L
z5z!t@_R+|1X9#|!r!`3In7BWh>?21bC0VpBviG~%7n~%V+Ad&W#7M02x*1xe+%7$2
z^5o#-uk?;0Zp{z4x`iL4_Rz0yq(jD~FL^Hqi3xX$kw{l-#Q3-FfJeZRar2D@*zl#V
zBeRQoB=_}m{CGJmlp_vDHLAQ9Ds$9}<7I{|%zrQ+sqYx+XD~bOR|zW&UgqtlEMuBn
z9DH1H)hKJ;B;=d!kzDMq>ePG^IH-DUn{-}Od3T_vQf^;zg)Pq{Q%t~^;^pL`N^QbK
zn2%JgViT2$G%oj0Q$oK)sL&mRnVRHJ1YbrXpBxnup4b`wOF%L475rv4oL%`)$K$I|
zZ#9#FjVnuj)(Q{XL#_I?U^A=4va(sv6vKtr5*+*auRL{?4_1b$1x62j{q8VQdg8D(
zYA`K&D}&ngO~Wg_E0MPMQsc&-7R)LsqcUQBeK0a<o>`VOJU$ke62rW5vd4y_(0Y8y
zpQfLxBxbbebAp7<3E`2}7jy5OwFJYNmH`eyx3HddOmX==o4iVYL7#6?s~(U>2rdVI
zK!#DHl2eVq&nv<Iq>-?NtuS{YJ|m^X+Oju+LEbs(Lz$i@%X@jI!aL0z+!bbxcs;KO
zU5%f}tPY8+Y)S`~MZIXZ_ypbSRP{{O4W5|izqutKe(&2fi>ih9&nQlrsXv}cLT|=6
z_;+cNX1*o#=@CcrTDYpbL}g?UJ9<d;;@#yixj5cOb+x!WY(gv?j^lRDl}t1C?*bnX
zyXopOTJ=*=&+~ld4iun_dJ!a*3E#{v%NnD|8`^K|74h{Oq&FHl+38bol^i|T4fRY>
zVrar3Go5~fGwKouMcb%XZw*eP=x=1OW0e#~ZS-Vfhr(0^;T@eIxgkey(N3ft^AbY{
z%qQRHxSNhE?fL8h!`JRf*;KhhpZIY)v#}^x8252@u}^Ukv(3i-Bjsth1uBCLv#^;T
zr@V4?-)89d<@M!q0fX7t75~xL<+2QrUX$z;|Ej|xsa451e%9wKLaASD%2?-55;Usf
zxJ=Tv(d2%mbbejQd280pwz<-kTHQE}IUPC&>YXJ>P0l?)03{x`$SCHJ!LWny6hz+q
zmtmr!=)H1wpV=!PzZ;Q8d5=a0&Bm;X?R-aGvtY$99fXagG201W@vdGPP0HUX<)j&!
z>U5;ODac!pB{#*4<{3L#mtT8RH3<8tO6h4_p+4S+2NRPD40V^o>fbw12)W}A=m&mZ
zK02w&%Dyv5@8bDr5hrnKMKVo0e3&}lbv4|hsrX=MEcj7yM%lx?!6upzn@}P4|M%|5
ztL~<(gP-75&fvg)n3C=G;9#h#QtI7e<*Q9Q8_&8t*u$q^i(bj0rX3^?8K_k7s$eNC
zk14LvJNC$@Q35w9@nIySiS!bd{GwxYm{#phC@*$U(ydPIw(6`9^-SZ74g;PUiCn=i
zD6jH<C&_dQbpEGqRr6oF)#O{BTglky#qJBr#qPd;>Lz^8-UV<N`{?NmdqU3&S{Ab)
z^Kr(KzzhcM(nnwFX^Ia%;@;n{U?f^uRGeLVVuU5nlqWAKl{FSbo*(dU2!)bPRt0Xq
z(_?a4Nb}Hg<YEdaihpz;b*_D$*lvZ*9=E*z6$Zxdp6x6~%B@u9plv^JN*KPs^rf<3
zI{m8QOv=7HXKFRu)+aHuwK2j@?Lz(EIEnT>EQ{OHrJga{IEe%)KHAP<(h3TUJG%*Z
z?$QR62M5Jb#6eBd_;_Qc?Q)3xHp<Lp>a^bAJk3G<z-@{DoG5|>YLHq!3?q>|otKkZ
zDf(BEPTA|^)%2p3K0P(h5Nyv|M<>fJyX>TH^Q526n0l9&pII_&ip}3AE6yFtTcjdg
z8)%n0=$I<EturNc-4RN%%hRgQG9#l4eVF5;vS7v-Xo1tZ-4E$=pib&EnZ5hwRG%OJ
zdwmW&R5o~8`yJ@oui|s8^%N#;W4ek?Eq)cxK5;YFT1{OYdiX}G&~<EsCfHh-WI#bH
zK3&CT0J;GC>;||1J3_|O7_=7L8Q2gk^}b?t;hBigSc%xSU!Z`R=tJ#k!r|BEGsMA9
zfB0BZ<2^%MgiZ{+<@{{_nA5D!;0FykG7XFpLuTR66#wf?%ks5u`>tQrN}n!?Be<23
zus!Eqc^bif6)6bPS{+(;W@Q(U61hqk41J=ek=lOMGup=DFkNOMLE-+;;JX_&58L9a
za@|@V-H1f)_DDLb)-dV>Rkr{8McHT7<pv3GLfZU$)9k_ySB`OUp1WK7G~}qge~WAE
z$(;vfH0tUqF}e=6t9q*9PLofA69NfI`BkRa+=(=g*{H{k+eBOXvyM!s@MYrDVxeMy
zt7lyL0+dF0+`>nu$=8Vgs~T`-LK#<j+UYV8=T*-b#fe*cT0%^-r0&f5iz&6U-Wd@-
zIjNYRHTJ*AlvplWE;dnWVI(er*C{kKR}n2_e(%yiWi*Ph$haaV_UE3mmZQpi(W9JC
zi1LK%<&8~bS6P(vG`IE(`!6j$O&v9C!Ex2z9eIsbZBfm>UFg=jcf!GrJd6D4t2MX<
zVqGL9qvNwje;ub~SnZFpR(+`y(q8N7f1|j@=ule#-~97P*{~WUdKg{9Os}A`;l#Gh
zr3KY*Zb{^bcM=9AI)AbW92If&RD0ZlEQ6+0nH|Ncx!aLZ<qs)o<Y`n9JdG+e;Kb{H
zE<Us(R<)92nDyO`aW|^CE2#5V4h#|oUyZH0<z=|NhMyIaMvI{8p=HP?JYLpevRZEW
z{<X8(x=p<}S4+i-Lh$hx=D^+nTZ6?&)+7!~^)5#6ie6uw{?kxXHyNjTa>^e*WGa>~
z?Te+gv@B&-DW87clS>v>B{lhUu;rmOEwQbpaKU|MuD$8c5ymGPk#sluxj6?JY#;mk
zte@B_=XpXOI@U&E6xWw4>8#ltJLZw7JZe#*@UD@|{RW``_B(N$Q&f*RMFEumDt+a4
z-yP>j_^y|EO}T&g<ke@LQtpxYmkF`<67SN+P;lJzjWu3sN)WlLRKGG)-LV=H?r3eO
zyx^u~9EcxmPM{#We#e*q{j$~W1{t-0z0YE0al=8K1g=uD<!cR4-VbDEzhwG3XpKjt
ze5BSLMD;CW`o#3lqpFm$%9jWbP%r*DhlNb21HtibP{6aklmBmWnut}bf<!o!C(2NB
zoc6SskRZ)uqu$jFE_OZBr$^w6haj@-TsQjp5t&amFhLn}a}*x9Hz}%AgODKW0Gbx^
zzoJMm68rGq*gxw8zR_trC0yL#w6&)K4#$JqS9LZ!8MNSfe%8rDs&PbSXw$#mvm?9K
zL8{PF5nMOHm0XWgcJeWckX8&w>d}+oe?SJYAEC=(%jR1&y{gBT#!Nmek{-mYjK-P|
zRHSJYWsLPu2)mRla=py-BPTLZDT<>QsIUyJ;JhOGT6mjWApMYHWaLX3^HG|c)Kck-
zImaX^kf*i^b&?g3amz~jlQXL>3SFyI=g!fi&#BnHnZLYsX<a=`d6nncPpkp`ZeG48
zli~v>HE0HtRr<Bk_xa5IcmtFIj5SrGswZBuzW%(Vxotmyi5YU3lCB+69#N#y^tGGg
z*eK^wLd)=^z;mZj8nV7Bri{MBPZisBdOgnK-P!>mI{{?OnB;@3m~zpH0beyRD}_3b
z<fn}MxKfvm2P`wHxXt^!-4|C>M1*fvjCGgGSI#uuU~b#kFbl}|gg2)33DIbC*`aht
zk9q_tG@G=(Kbo(n$Zf98^UYe%flEmWW1HuJRBZdkM7R)1K&6%m-;SSWhe*~$wAM`{
ziwu8<!XtOFAknqMkv&IyO?2JN|Il0u?qatU0dGHzrM2(rd@v)XX+O57#IUlNStV0<
zlamL3?u&qWV`0}Vx*~e+&FtXjdbwbUHInDIgD?5E%M;r=^)-EGlMQE9`)RM(K9tfN
zGGrd~HE>jY<C(E?dsJK_eM(CRSCZWPFNu7suEI`p#kqlsZO77+(Gxm*ZPyGz67S&c
z#QV?fTR&J=3+e>K+*KQ5Xtmr93A6e!u=L9{J-T{(`!e5l7ky*ei)cprIPh8@wQKsS
zrQ)2v!WkUxvu)HdxD;Urti1eH1HU#}*Bh2Zf@Ee`-jkCwE+^~R_`87DM{q@aE0332
zjsjn7IvQuHz7XDK(p@rRTsQLd;h%uGsQs!K*A#xW<k|qDzCA~-`ogyNV+WB4O&s=8
zI-^G^BQ?P%HDI7=s9F7N=KHsX&bFB7Xgr>8r51Po2*%;1w5DuV2-Zj+G+RZdecTcv
z>Am<R*;+v^x*_>-dnwI5F@@W;Updrorj5<K4no0eMOHq4ggzA~!VSzNWFQZZ#)TS7
zR&9o^4kPVsAH3;x9_bIuYgR1_^V#LT?yj7F9?4tCjGuAe6}w7oht8oQiC<GhhUn|n
zt@r?pe7jnVt8B%ITk1GNtTO5%^z;hSIU%$9;`ORNBu?FxlIGP`0WIY{nWlt;Uw3oA
zF39h#9U9ldv?nlJ<>%idB!3JtJLWf-cyn@lCN4;KIOA4?*m0Tr*XcCs<Qr&ZRr#h1
zIwx;i_z!K;vM&JJ=9=dv+X`v9;jR>Rpw>|I`?~F7yUdLPlL#H^(DrgJ*O~3T{O5)d
z;!P<+?E<as5q$De%_q!=UR3#^FS{7}JlhipJ5TU;`}B*pm>t_b+AU8_y6|S@bl&C_
zB)QCQ?6EO%SAWFOu~BG`VaPIhvS&`4H*&8gJgQBo>vh^vWLxQuoLkXX()K28p?<23
z`OVV!i=1p>$YdmJF8xmgcw>TWJ-D6>I&O{xP-QvYTEFGcDNGo-MOLXq&l0|dnOVSA
z(u0|7n+{hg=}ZgKdhG7mcW|Pr&Ss{h&PFHl{9-|8{p<%R)u)TI4qk6O%GKFI*=}0v
z=64Xy^)EJZ1!jjj<^^o>B@qTG`Pe<L#4DIDvkz+#k<$}TzZGHSnq13RtT0vR<YJ_D
zVmK{ptEymIo8WOfN3%-pkLwhXE9za2p!wK>_A2Gr@~4j%cbCG4+M^gYu7>p*E!Hyg
zH27_I2yJ)b6#N=VcOq_U_vOoeX|rcyis<Dw$6cWji(f;w)BSHg+ISIUcH|R_i<uzj
zI|E7bec2o9iDS#6hCPd@yfv50@{*6E8??iml>)6Nx{pl+cVvAdwxSRE``y)y_+rCK
z9}iNwr+{zo?UKD%<ken&DXJ^+H3Z<<V)k5>vZ!gdxb2``JfiCl_6S%5C0Xk~ETQu~
zHhSP|c!=68f%;&A#ZApM*v(<qck@cB@XTz9SgYa2Msagu=pRoWLnoKkg!EMlo6Y+{
z!u0kSv_zT|+SYN=S4y=FpJ?<<DP5*!kuP<n&XLo*O}6|oxWfNw;-hf-%Jt@EfvIST
zU!O>$Bp2iA11lM=>&Zi%wD`I-g6+yC=jx;qzaF*t6w5A_JTEO<U+GsW8SRnZFgfO9
zeN-?{1GVcj_&LnM+ti@_i_#V@w!E)ddX3g~1rDrjUS0b>?f$LS6O?w$F?cDYWbHHK
z28p%a?W*(EGc(`QgnYZ5meVd7Peco>4>a0UY*Odi@s|02(`Mm&%$i+41JgM%<-7{T
zOH$j%hBP?Rs;_@RS8gb)p`Kg$;lol=%~Cv0@|YM7{-mKSExj=86dg91GI>^A@?hfT
zU9|87Sct58b&rkITyfO*`<*k<haB<lajgo{Gl^ZyE|z22ZoiGfWrgOkNJXBPEDje*
zjB1oWcH5X@o9;abEiTvE?dIomx7t*qca`rU3QBI*yFHUuB4D51VsF#TT<xx%tr2uA
zqaK4Bt5nT?mru6qq$EoFs(=@FVlB3hy3R(RvdFa#f|umZsk-|O?tAIcLO`p&g-zQ9
z!^3th;R4m1GQ!8-jwFg+h4uATP~zP#eL(E_$2$HB@55M)UDZhYlj_EM3BOmOv+|!w
zSRG@AEC;o<IXDMr<y0}zAMGT0XZ+|rG|iTc3=@u^d+%$|(`%AsW2TwYbr|IqAajT1
zpaHQ()R!N0@dm0F(xxvfx5~|KZpn;rWj0w)pwO|z`ff}VR9y|#U(n{o(q4{E>$h|R
z%JcJ|vF@N{k?)GeC7EH}i{G|xH^|Jd4_xE3pXIz)`a3V&fyq$7S~ad6<N8x>QsjQt
z#qz9lQjEm(5^xC-^dN&?KuvL-*eq>7mL>GkK|G0j=8^iPOq6NE#Hq}#tnUx|UZO?q
zN84f~QtS;3uZ0{}x|VBOuLK(Q8ix`T50cG37+ENHPB`5Db;2UDThChRzA6^6H{bh0
zCvWJ^taW-eykI=-lGV4VepU66jHz`{yf0IK3fP-}8J6AA!}R8XdZ^6P=rVWZ--(3T
zHtgEw3vRkcZha3L$5ukNSv3o-+)}ZWo4z<7ZRAf?+cpxVhg+|tdrcKQFy?u9qyI%u
zE2rVhzM~|RH-R?A?6P;6%=>TS3eYza85gELEBC-GgBfN%STpWDjB*X|MKhbggs_-6
z*<cpzVngj%>u{q0SW32D)L86YQoBD6s?m5UTS?8F2c;HQ3bzn)&N#~aa6RQgo2PAk
zOAUAVOl(nmsaZX4opxYplhbI7uwKP8WLC<#R2*eT7?l3&3$$-5nvLA)Dy_4+Q_@W^
zbzS)GivZPH%s+7IUwY+(AMG&n156B-d>pUtuk`G55wPzU-@=s^%2)|mt8ZCy=h_qD
z>}DBvi#JDAuYxNM=19fr+4&Azt!Qz)nBbY7&HHt<$)~C=+BtHaZMOO#(vxGYoB3fH
zAw|-#dS#S0&S#sGL7xO)GyS3TAyvy4y7?ucc7|#!uF39-vZHl(xQ_P?Ii^=PLcAQC
z^2UB`#b<tW7kgQ<imSO{vdwonuu%0Tl$bs43AUseM`qe>hS`qZX3j@VH*$P7CdBm^
zXV8wU!`8HU-~aNN`GNiW8`{`o)U<c)+HV-UXKps1NlMYI)v**C$V!KmJ0}v{%>-FS
zi&IuM5k}&Cg%PwH0}d=8c4u?~(xNZ6{=v5TqoL~Z<no=)eVI4&P8R+xfkz#I!jcv6
zZsulIQu>*Zbl+hrnZC@RP_F8mi6&<Ga&e(Cun-#&D&<?TvA0DF98l->JYO_EP|uW>
zRdDW8(&Rgt`nmm>yMH&n<S|iMzyrdv=grC)Z6WT_E@iY*ceK>Z%kB*(a6L5J*WAeX
zQ_^#*MsfyOiq2qnp~6@gpupYt`mHM7!1jI^pDxkN4`bIPs%|&d8{(#|AZY(qW277q
z-YIZxGZWCYNF0jVpi~>w>)lu`C^6+hZmC7?n2v_PLQ08PpuVpaD{`-wFJfzAK=5AM
zjSL^W7Sy*zBDOgTzL#Ae5sxI5*Q-Zlj`Hi>dP`Wy-o3IeSO)T<veho}k@jXy0)<W&
zJ~j^5wXat7en0Nxe--JTF-U=Tf1S4@6|vQ&ZY*F{O>d;bzgzH4Em~1J1CK{IPjpbB
z`Z3wpg|;vb_s6Soo6irLkMCI~-2T|fs$QR+ZxZL4lUXrATY8ka#=)j}FQg#j*JMIt
zl-}2NOP7kQ-C+o>eBSwyqV^%-Dtn{#zRS>pI^;Pf2UeD>H)L&mWARM<iKI-x4aPX<
zLE)Jq@|+Vzy(DupAudOgg_kpe@58nuwkiZzScm>|T394Zh~aGrdCunX^M=mpl%}MV
zwuicg33gGgGfbsV2NR#{9E-TN{ep#5$>ko{INJOmx3XDGd3S-j@3`9dXim5wv9RYP
zyX|?Y>mS+&+BIL4Vsf(E=6!Txi2Nv7s#qheXypC7Xm?x{D&6<T<N2Sn1+BPlR5wkz
zn#3(;-XwJHJCv=Hiwt|hdKl0<Xc*C8&}wLfhLPNL^`Mr=pfzV;hF5r0&BYv%pO{G8
zuk(YOK>PFpeS3eX+~)UHe`nQl)Mre(XpBW1Sx-EP-EzgqnL2RcH5+ymAi4aU<9KFr
zxNDoQc*()z-h8yy;cy5Lj<C95jxJPYs=HnY+W`k=2Hqo&GO|!ZhGT-yZSteQ@pbg|
z=1nvQqMIMlP+Z-+rqkq3Xmi|bE28Zq0vMfS*j)XLP#KrdtM!kqG=JG<W{1iSZSu{X
z$kZ1U>Fi{G@J$H_jnxf%xFWFL*QXm2r|lYWyF>dk^?dBEiCPQ6h|X^3<j{Uc=JAG{
zqeT_RaMAr&+|ORy+!$glj4<1LN}%Pe);PSTEaBYn_PTvrl_YEAh6LY)MT}bN=RZ#e
zEe)JJgN}*GIj7Pt`5IcG6zt*8McX9P=2R-LV5`n9zDj7!$YnHfGp>Kw)nfTHp5-tH
zak3)YlaZ7k)`kvkpG4C|CDa%%sApBb`FOqk+g@%J+X1LYY*J$Ar;c1SUS*1~vF#K|
z`*yX=Jdke_GK;ew3P`z?M`0bd?Z$DWt+=f5n~M{<*{hk;Q}_k05<`-O^gwVv0CC!a
zJuLKdQY>Y0d$^}g+?9dPC(llFNa<3JBEA|b&3-y6(5S1uz>GnwdN>eo4!%N%l~l+u
zyZ5%s5T9$?bBx3}+_(^dwzwM$`U!`o6VLXJ%ALbmoHjQ%8=QsLc{pYk^$C`M#6?n*
z3;pTBjtjoZ#2&4=@KsopS7|gC?ABTHUt?pD&lFhd@@zK`+Q7pjHyTtM;K|+_(2nHD
zP{KBjkF%S$JF>54qAw2QTIL<XtSz+Knr+Od?A5Zc{bkJ)eG5&*vOCLMpXZS?nZU>^
zil1UhZtMp8_j<kf0s>2WVv$JRnlo2denhV7GA10<J4z!Vx!hyJ7^1j^bmX2F9Zt@P
z*?L^jxR_4HYkuu9>AW|4cMMOod9SGtI?9f=du`S2Z>-laE&*yEAFOUW#o&4!5L((V
z8y`du*;P2Ts16=9ZdM5Js|#jGAPraMa@h7~xXOd~eUQ8#OG2kg`Zz4YFGNkFJH9I;
zAD;9nev>hYrUvZy&BTKB%7^Ls9p3<Q)nzX?8Fi44GJtLFz+o=yik3<d?5goJTaZi`
zO((r5-1q;iA5zW!Vc7YJFY7yD`bz!BLj}i^Loe7gS;y2QGG`ecW_3=Ixnpx&V`7m{
zOWBm#I-u-fv2TrGux@=ReS~e_qRU{fZC@pOEp<E*PpmRz`pvUJOI7e1mCwHmhWZ=*
z=<<!%2Htoki!IDnYp&x`@3GhaVlN)#L}u1|TwM<Kna=kmZ&(=JP11SgeUbDkc$LNq
z(r7Etj6}a{_U7!CS_HX07W{3U!qn!q<vJita#^ycZ03iP{*j|2C4fO<`Ycxm=c6`H
znaVODD17kf3jJYPaI`m0c2Gf{{>knYY+8~+O^d#qgFN;00jfl@lU8qE<Zi~c@+u>$
z_i>aW`6}%@J&9)BkycgR(Q|(xqVdCz_O4@MrJ2`K(^a?u**ET&O+U9)m5TV&`>G7j
zdOsTM?_l=)?BG)y(&P2mwhQJmdCd}IHPcjX_}F=!DXw6*O#6G@@4&9fpF?x83w}0B
zi>3?Vdb&r3d{WLi)gLGZ*+RmqtJLng1e52xD7rkqmlEw{d-%uZ^H3j=)5A)Cor&f|
zu^&?i>3!MbtZ&RKZX!lXuY~J2?|}+x8jF(XJi$O=7)*&%UM-9-64BFE9dMQ5ZqIkC
zZTCd0DR8KpktfEHu06TZ)KqG5lKObtg?Gc{a#cp><i#rO?YR9|T)f1|V+cSi9kxDZ
zWX_Bj;$73d`=4u*aDu5_uRjGEtipFNukRz?kK6MnI748%1!IkE^i3tE`N~?Jd%0$v
z+!7A=+vD%-+|8{qp@}jClTlKAjTH$Aeaki?)rz-bZ6p}f_PomQ-tJo>fpyxsr*aUP
zq3DY&g%XcB$YYj2^i61{tukwDx@2XSG%xFt;@8fT<0xKr;Lm9ooNSSLNyydPwB+~V
z&n2uMW+un+{pFIZq&yPlmoRZDGKTuhm`1CzSD)>hEwYx`7iv2Xz7_lNvzlv$=UQVi
zpFB!I%>_uZxItV?R~RX|mbwk(TcG}^wHV74%I19{5t7R#os*<-0t2@x(_Hf7K+XJe
zWMiUbgLE~mx_}ogC;VirEDpDCZkY30;gYpE+1fn2x@LQM^G)`OmmuVT=*Btsb&wmR
zxI_s;h$9T5=BFvHr`6ru+w=`<LobqQt=2sF#yfUMSdafN*4{EIu4wBP3=#+yG!Ptu
zySoPs8r<EbAh=tw;O-WJySoN=cXxLvT)G0uece5J-2UF^{#kJ9oW0kYYc8#Q@<fu;
zBZj}^2Io8xrNX7hHp)1ub;|^<*wA8aB)&DyFXW4g_1%M;v?9=?=ip>YPLE8Cmi{n=
zd-CfDDjk%B3~4oKwAdWF8te@J%uKC#EDk;Ihm+}((uAu*f7~0alV94lP}^iRcF}id
zF#jet?>WBS8`4#Aj-MOUG*P%D;~yG#^`*QZt|dFV_&}NGQ>~_BF?F4`BcyO+lhLhO
zqNBx~)u*XDf%5y?WJOs<txYu5pRfrSov;Z4A_tz%^*A2Gzf5d?SMCKXMw*M5MHWs!
zz~bI=_V_)huW7#sn<|0j;3G)b2ZIJ9124jM6}b(MXz;*<=K)2Ahf(MwT_Ar|y6apN
z3Ud4!#V))>Y{S>}-<pScd^QSBjW1HTek77;&8IB9IQ_=e?$+wpHjdc{vAYbc*dA-s
z%TV^H-fK>czA?bPScSTIg$cKHT!N}_l+g+vxoezzND_d@OL1;!r$&tdVp8AB$1Yyx
zLWdDLZVBmzPpWU^;=lEdL-Uaur)jl#RqbzA8We2fIpEGvE7zWKvFc_nM8x?Nf=3<K
z#zLLXlh=+sVkbJzU`ZvVp0Cc|Z~A^k5VEp35d^VV`w|9SyD6jjWzI2hWFYE!nnZaq
zR!hw6#O15fu<}V_Osg6nIj_wv8i#G9Q46P0uLTg5e1YgOGzKuTNO^6Z6l|AwtBIVr
za#~Wot^6a>rO1h~$Ip86_En;3#Yyg<qivJi{mn*3UK%7<l4`~yRlveH+ckcgKiROZ
zyY|(HpO1C*{%zSZ`^ru`kn<Wotnem1)b{w>pxS!&aDA8UJctF>7|!chU&j^!sxd3U
z;BwCRS}(J#CWNo~2Hcn`X2B5Z=3u#tQs3a2e6;e39d(2~6>Y@s(E2#<PclAciTPsw
z7@fvD!k;V<e2{48A>As^y;C+fiEy7wG4Q10McEb!Maeul^G1K(Sh3)v$l*>|NiSjC
z4doL!si|w~79@n6CvZIx*B91hToQPEkWzEopc8-+TnLiyuVM(F=B@Zjnx1GA-2OKi
zENB&uD%$=?emvW#wjIVL!lm5Bs>q$tY>>V9t>*5GYDin^)^B~&FicRee@XBKg~wjp
zSV*AXXOI^5E4;M73l3XIl0iu=i-&5;OR93$@@uF3F*@lbS1b7AeS+T-58b*8uKcj)
zzNTgyrrud>sGI7nWZ7xphFz#gbHrFbwK{sqfEwqSzN|!p%QYaBzO*;05?-B8*9{}$
z3@BGqqfRUrTEaRy>@6O%3%oATB*l#$iSFz|O)c=U)Ak3C+P456F>NI{mtzm)uSXW(
z0drB@vbFZv?tV8aKfbZ<Sxah~<YhwVqY5_0S;o&?d{($1Bpi}euKHrGUgMQ@tlz40
zNnEcMeY$Q8Dh+l>d?^3pmzdXrk}bL@pe$B>SR6G!$#0W_UVp&;(V#=GvG&Kp!{Fyc
zJ2Ua$1?WC8*K$Y&N%{&i_G#NHY%SatOn+KDTfaMJ7(mCLxm$te`3ieyXi;y0OrO+i
zeuQ8W*{rPuyFF5YPO|+Fu&~f5;r}>-Exf!)P%*OnX=8<Lv}E?v<tiK9kB3%1ToVk7
zr}<|ZMy0N;k-(R>R%$e{E&3!VN&JuPTj(}afTAh}H6SQjO<4h#;~C+B>oJ;dtxmHw
z4mCC(o;ZJ3W6X0xi;+At_}WY}YF3&F0++Mbs(KmX?FG&7{wY27C`kJoT|m|w4{7dS
z`)-?^OD<zcO^Br_*9LLr2dQ`M+0J;H#1%Z5H#miaR_KT~YG@YF`;DJOWScAX_I>ck
z$xT9p0XeBZu_%o;|9+gGJZb+25G*o1l#R7^9qq^0Yi+>tje$puPYE{w#3@4A9ClP3
z`Y9X;2xyg3>c%X=;YLL!SqKEPn-zz8N1(0Eyze+hpC7^0j`FPSs<wKMI5Xvl#cQ?6
zVq2tWA2RAKarHCiv+Cwfs~BR{+J{JY#SF1WV9Q+tJl9RfSk0e_tJ};m!2aA_jVvQ!
z6L35j<P%d*(ec#LUP?5T32K&tb6TzY&b&n<JRW#l?DmPE&d|qV&}X*k^!Rw!=-D9o
zlJLXQsq4i`xfYOAbGukVm0#;KtRgkZuZ%kA%4+omtZy+W?xi@+0ZPh2V^>=#19zuI
zX#}}THiCvrW7P^ugM1u3&!ORB#`lTmDLKM3<1CEY@)=`0Y3CWLU7C%DD2Z-q+x?M3
z>3ttTmH(0}%@`AoGTjF5I+wtdpSN-?Wr83YxZD``{3>OxUg8zwk{vJZuqJ=7`Ouf0
z{5Gd+L><g@h^Thp`Kk80pMxo<FKhf1ZUW=h@sW-$zGGwz2d)NA?1Lp6>KDp01F5z3
zhEA#p3|=b7l=LREk|cd*WCcK(ebKI7<xtpbqfuH(C|{Ugoxk8?o{YhaQY4|Ef$}x$
z9(J?mW&bMElafJV!#Me6t?LFUCZmU(NwCY!qW-6Jc23Y4jnl8uY7t4?2LJR-DQ6nu
zfvrqh4|)#W0H^?#`QdNS|Gn~9Tix2Oyckf}QJ)Kn4HnM82S5S;^o6Cl?Q*;KYXg}4
z|EX_{l~A>Wy7^K)WR$qx;4}+K)pYEqSxF(i@22&bZQ71!wCd;RTjAYz+>6;dIF8n5
z(cT9w;(4@)_o{y@lPq|<@Oc(~S5INN*8I%p+*9g4OY-9f?4Nc6baZ_3!>TdV;d`(=
ze?hHzItf*;W3#7Z=LZ&7n?^WdsYV?TFfJ3k!r)n7w9BdF;_3>Qq5u3IZiR;8(MKh;
zl@95EdSk+}zTWni9Z*K5(T=7?YiJ`d$youP9Mtw;3g?hf-#sj%k2B*V2fZAid8*|0
zsCfA8er*|T-ow@r6Wnl=e5qDsm1#Pixst<|hhOz(7s1fdTuPMnog1f%e|!3xIYK4G
zU)90B2y4C^7(0po1kB9o2cv62+b>Yip|n_R0UdDObg1r^yRSWE^fGN=f{h4xt=!KI
z(v+6V&6Fm2Cg*tUblff4@09z^6}s_qjWW`RY&~8$fGk1j*;=Dy*bmxh>G7|Mpm4^w
z7q>Y8pdwT|SCXgsYZYoL?aN&nTEsZO>19;wXBXtlKt4@(ymMVXSucx+iFB~Cc$KD+
z2D9MPgeX~o)y7PpL~E0TrDmi@a7lYW<@i&!=v~V=@9F!)_^aP}Xe>@y;kqs|r(x18
zEgSQOA(y@BGY_&)TP62`t)*y3eTrcD`gax_du8Qa!!9nY11ITE7^-I)m<Q$xvL?&r
zUGCqZT{gs`C&?<~i(;^c-+O2lXrwqK@(Kd$0qSNr&i4S0Ly2e2?ex?pGg9|lO07Lj
zqWF;HPiN*6oH^RW6I|hO9ak&r4wehVbkxs*)O8Z_5ql>En#UTz6v<??f|f41ykj4|
zyLg#k<${%bGZ}Pf{iQD>X7&<&`rF-X*L>O)X3;6Q1Jw-=QMwc1v7`wb1`RazT`$G1
zs2@^{yOZGKf97U^UZ4Za4X#12{_uCZpEv2&7YVk|nrQ{}M340TK$Q+`dFm_`3VSxN
zUbq9jSjKm?HU`#H`=O~<Qv!D6X2$!~J@}y6VlV<83$Dx#=q1$#<*>Ox8uhpYX|$#C
z#Y-H4yoAOm^>ZoPPWxj=UPt{-XSKsfJ#K18?nr&}OJuVZ&aK7r+Ve}iR0UweicJNL
z;r$uMAgFzf6Bj>oV5!W**c{;}P4KxX@cHhYPx^BS*%C^5lDi*o@i9YRTWQbE(JB+u
zLBVFn<89n7?DT)RkfSY!6{dIJE$}j!_sn0iaCYcGuyHD)&0wQFQaqMzYyhnF|6V{h
z3Y=IGy=SR#*y5&$?d%6?9GRPM?NdY>3b+7@_1eO25euj)q{$ab3J`;qMtVV|%2=WL
zf@TS&(iHqho~TK!iDxR^B}GZat=zrJ`W=<%Z*Z23f8264f$jvnsyaXC2D3d}L%NX7
z;y2KE+tXBa1|YjI<ZiNqMo>if*%R0s9@KPd=Xt-%>L@q`IR4~G(Hf0r+7T`JTFgj{
zGL1}~m@b_MWsr4uDSt?fFB~^v++wF)AVi51e;ON6OzBSBbJ%Z6Y~SYiR%>8q(Q<gL
za?tsiLHD$t1eASe>xa)!y*ducYZZ4mkcgAZp<l8d>9<dwSIf}61shG*Pt_O}7RsHy
zU^~CEel2k-OBJJwVa$=#sbI@3eXEZWl*9&mBv7Xt@5xu#aAjkIGRQ@rY+jCoio78@
zpGQWBiz@sGp%nNfpWZuyz)1k6AA7RfB{)hvG+QkwTW@;0=APHsafHKmJ7p>L(KbtS
zPnFkXB<*5wkZFa<)@YlXX(W%ex4@<nE!uo8XhvYzWK^<cC0(UrzUCKEwWQOi!x=Se
z9Q#d4u<&M)YlT2%|6t#Z<waH2ePdF&nJq!}VP~WzC(Ap}#3}0al+sC!*{(0N!+T~a
zSSG@WhZ7-L8+#~Zp9V~21j$^k$Kj;z3{Yf<zwfh#R9X5OtORNFKZNf-eF~jzlG;7F
zB4gRlV*DCX+rwV~tjP6SoIR>Z%y<JWs6ctgA=`iCdYE;#$dx-ER?t7h^SwS=zY(mD
z89q==n)mq=Ebo2Yx1h}&6XCI@U9&#zNuDsS*7INAQs4VLi&G_7b~OgHgsGd?z|D|T
zH<qG0)!F8$Ju7T2j@dYLVU<3LR}WRoCi*{>RURK-`&Bm$$3B%Y=`Sofa7XgFuif0M
zXR9HiT=U?I#;>u?Bde}Q*YMVIx!*`0I}<~|Zp2C6F9iymDSiMiILa$X5l_nRF9V}c
z)T17OOn8H;16~>DW#&^v$!0E4A5-2(1ua`OZ56yEL3`MM9eq-%2bY)r4q<(C2Tx!F
z4krF?cYNB)3S!u8W28)OnYxeit??2n=r@_N#K|Ajf|twPPdl$g{8v{wnE6`ppmCOm
zB+R;>_kbJgfu#2Z>1fA&o3ZE(o{by1k(=U2Y0})cDt-WMN*)!`GuOu|%3M<^;sVL_
zK%v#_4`NG}#r(hQO?d)N1MNetH4*l?H?6D$v0KU=GXZ>rs?zuFejyy@xFH-@iY8|R
z#sgi*7SZv693<#m7%QQv(5a8{U&|+{H}~&2$Px~&XH^gC?Ukx=6=RdtFKwu53!t(_
zf$6%-rS6>t550U~!7KP2#^C|d&*`mTtnRRaRWA8r8qJ-@2SqrVciDfmp&@6hBz&-#
zp2cIycm!u2qj8MLb->Hxu1n);o57dz<(bs;u6<(W`eAoOtKTerA(YpR^jf13<MLFD
z)3UE>1@}w9vw;x*pCt^4C9-?Zd7(kWryGGwdcn|p*NgI33n;}VyFxMzSeu*@<Iye|
z*v4+1916+{TN_2n@2<5(JDm+cqaNbwlV%)oT+Ch-=V{1;UsTsPYx2UrchGg;Gg6UM
zXyMuAn@_M~dH1<v*XhnP<EhP>LJct~4A-YsgXW~eeP`7Ekem~OP6ZgDH|6O<RVaH_
zZhz|j09JI#PJK)G8)@qRano(gxyKddQ1rr>*N6YRd)8$Y4;~_H{8I3}l8g1qJoFiZ
z6$Ltp`gru`2N%veM?qJ*E6X3p-a^>t<Olfy7_IJ`pN>sXFsy&MsrCHUP4URa1<<i>
z)MbC2)4!Nv&CtDPjfrPp5p;c50GA6vo^KXM>pZsX3XYw{6FU4Bul>%bk5d)1t!<5y
zL_aq1U46du4-Hmv*|A>qp1amio8MkBK^{gA?XtX!`T|S!PI)gTC+uGzW!$(HpalJR
z4|zJ!Y9V{J)M8!-tW{PW7N93E#enk6e-no;W2--7i~jqqqpGs|lOWyc+Dch>S8Ihd
zfAv#-zoF)D)sGnq?z#wx>W^z0yKtfxY{B;(n3q=P`E=aH?jsi0^_6((_Zx8`_e+(h
zs@zMeasW}qt;NxF1To96TkMH{>`9V<4(5fmoM8x|W8OpgBqSw$lG@&=`TkZMDkWy}
z{aXf3M&I;ji;tOXmaEOz<d-zHt6^Nno$H8hZ-gD`-jXDDllkhLlI}?h?5v1b=Ov^S
z_4$4#+~{m_&JPHOdarBa21#Vq;^&F`_|~#hW!bt1x9;(3!FmSzSY+*&u$VB<%t>IR
zId23EWREDr<p^H~Jpj*hLnNzgJxsW~LQTk!Wl0abyh%<|9jUd%FHd?oB!-A`UZDmf
zOU@|^KGE<?BYk>7|95snSxr6)n5RT&NQDJi#d_}E^CHEuF|W;4t>fkrtBttlCsS_-
z%p^z*hxxaS$y}VbiBfGdT*Yhc&!i9Ag0=7Rruh^(YA;hl&yoPy5+JcAQ9bIGAEouR
zd?WT*#2?=1XFz=wDsFmXt$a~qV9(p*eFipt<rk^`?1ds`%d<)OV<2Fp5%G`;*anLA
zO}=g7OkkvKf5_`wqL&$00p(6b1CBd5xB~<VjCS*znDKqWwF^4zC#2_Ft5%Yf@=^tt
zom2wLdi`?u_1;uRa08)mH<K=s_jpL_YyWGNn@+FV^McuA0-JJBP#i`;x8S$&q3r2<
z<w@r+FD5!5@veyZkDC9iDjp`UCbPhXws2sKj9}G-e|+;To9**c_%r^~gy$_T1v(=E
zM-j1$?XB73V@F|5kqP(s@YBRI9QD281t)&J$P4W1bI3&pU!NgK5dL~c%bz+BQP>I`
z(ytrsl>je5s3_3T`mB=;TBevd0kazx%fU0WKO9_ie*sL0uEn81lam9!5_+DW4h3n%
z$g9fSj3Q4OdRPcdF&CadzqCiJZk@Lp*^YmPt(yCJ^x(R3^qa<<*OCjLXU)Pch-fgE
ziTLLqs$*0L@Bzs<LLah@FGZitcdAeQ)p=kO%zAA?DTYP=(MTKQdDM&Rh>u57F$H~$
zLP=;E|Ng7GF}gpSvTSFN085!xoaN&HlXnx*&p%eWh3lo7_3bl++%GrjP>74e<hsWm
zPhaZ|J{sRlnnzFOH=egUfqGl!s;|qa$ioutf=u9lkF@&q?foL8lCBcc*B5Abwf`4r
zM8vcitO%eLUy;R1NVWOYET8CS8Vi{HR!M@{Bz#dVEh6$DR_p{LfhH&1!*Ng@{BluA
z*OK-#-_^nM10w&J+`TjJ1}xarT`uKLP!tXYNZm{#UiTeL{%NRbhA*P!U^^`X>q98O
zA$!HbCJERSl&T^v9bwrx2pYsBtJ5I^ZMTGzv7Ez=G6kq`^xkftUWFjPY@A&3%)sfd
zttDq+bfC!iaMN#nQR{(GtBKD%VlL{~g1E~8;daATw3Dq}!%j3a=bq}@2TU&j$|w%o
z`*Hk{d`|3}>ww%3Y-Fs#{{W-+-vA>`z#Nv=`b^u+z*k=s)rpp4Nzp!k9y@HA9J8)N
zNE*TSikFAJTk2_MNhrLd3yD^=$LXh*d%V+9D`8JM;ti+Yr3o`AIDRWI>nkTJ@WDP@
z4%+cv30(0C2k8YVTxvE&pnVU11Up6?`RF3;<beFDs-GSIMOFWID}H1~b-IW1^uB(a
z(=rE@`G))Tu{`oYG*WN+H8J|H(UC?t{#C)7|E7W$gldq!$h^LYR+MiDQp6+wjRdu6
z#XTonnCV@{AE@Vi0Z9A5qB((I>+hO-xv?V_fA(85zVHmc7RpyZgyPmY3OLo!Ups9x
zd^L!HeVfY(F@lHZ2c*``#{`zHTs}lM-FP6*vrVd(*`s`{t){N@3x9#O%8v)S(I0=o
z-}b*H6O@~st-`b4_*&ID?B_CV>(}ZdXLK_#FZ4R|Vf*irK*aTm?qLMT{~h9z0iB(V
z^M;et+p`gDQ7Y_^lJ|X#hXE(cYLy=3AJyXc7`~Dn2zH0Bf_H^YOxJ~w+lJ?W0{sz0
z#0ey?<gEJLuk!alDl2@&R1sxQBm)>J65$KAe5CrvouoQsFS?nN?|p#Bj$kzIWq46p
zLK`*V&v}Bv{vj0V6ol9N>wv40yj*Ok$PpF-ikIHK7-x^lKhCBH<9a3Sw9nhdvtBVA
zf??jTS~Y@sF-*%ioi&Ts`@cc$rF^A<!hUN55NL&7Jym!Ae<V5kYE)NfjC>tXS%a81
z@Go>vN-y#5H6ek7Gxqt18l~5ZRTaaC^g-VL^9!jnDE(WxWE&{D00n)Oxe>RRtOSO`
z5&Ew{_ErU5`X}fkQDMh^y?+~Ih4^cPSYU&L36c~t_#dkeD}P1epYX!r6?i;;gCn3Y
z-qs%n;#Hu7C@(Hzk@|Q0+<y#3@#SI-wSM;<oYTv62xBb?Dt2f+@XA+kCLcAid;WX!
zI7sRsj?T^$tf05x7Z>?a`s!xeQvRv~^IMASzfDoR60w{Z)+mDL%B>}{iW6h@D)k`b
z_A70&Dc4!^{!>mCXrCYfNRR*&Rapu0qx3lbq6YXEHHaZhz5h^y@VdV!*orkV#7-#U
zR7g)IFt`_W8waL%{!`(LX#V6g*eY}X#U;IDIJBrQW`|OMJ@PFJ8pM;*-&+&C{9f#{
zQfQd(<)S}g_yemK&tLREHK4G4QYM@|?^&;`=v6CHomY%gM_wTQ6VwYHK%2LPp!%P3
zim;|)M<m`41TjvSCnIq57X%EWa6JFhY8&LIzx-EL@n2lf|C#@UC#9yoW$i@%|94Ny
zzHD>$@e5Fh_E$mKccO#}TmN6SZt}Ta5<%1jZ|<KkBg&p&q6%z2Bk>yihk-zx1d2sD
z*xLSQTj%UI9QeO%JPh>KBjm>n${nN_84xSIve(7mn|l4vZmPCf0bsY`2*=?;O(=$J
zx$DJW%f+W;tT4{c?N;UeUusf#_Yxgan&wb~SVSSPocph-s=b<O(c3Oe5M#WCw_qUX
zF@Ngu&x9AV{Yo0)4sOBU&nq7m`N}fewB9jyT}-}#2x3f-Y0<BY?7c`7fr#LEEUO>-
z55id@{MpSkEl*678u(Bx7fX|$jQ>Pt8YCc(qkLww`T8*Wo_Bed!7RiDHkPaU|0QgA
z*-D)xfh<=6X4rJvEuIJ9G+lH0d!{jn=WszQ6c4}((EYoERnT><D)1SUWd42A4A>DB
z!ciNq|MPAFF+GUTw|J0-UoxaWJH~j&UY%*dZUe?F+6SpY09qf$Pn(#(>obO72L`9=
z<n?p-4PD}ZoC8Vk+AEvrOoNyQ<cy6FJ`TTo6(_wnHOe<L(fG#+ner>Hl^#Yd=NRE}
zoDZnIykH={O{eJjOD?wYUh=K8f&K+4^0Sg7<zN)@-*M9ZdI^MAFEQ=47V?i`dOvv!
z9g$;4RlG~e)B~qQ0!8F-Upd4{>8W5O*ZccuHLy}bHjf{#-Ed;J@CN1k%}I4*QFJm?
zB?x@I(`LS{A0nP^(|uPdTa|V*xrNAE{OT{vk+dW9s3!~ZVhoZsVRK$FG*LK+ue;df
zc?}>>yuU%cXtSQ5fH~0HobUJQE}dBNZJqv^-oqUaiAoazMvOi#h^@!N%>1(eKF{E8
zJB@q9zjZ<1`WDFFf*H{r0L|dQL_C%d;CzYh`gByA33}l=T3+*5-1=%dNW#R#^m7o}
zW1Je}e%!9~vkQ4wD16anE-nu|&@dsHnJpiIxK~ANshGZ=hL%YY3U^&<VG3J^^&|f;
zZn`Z5`Qs6XuS}77r<atEnFfxjFbsC2g~9onuNfCsr0XN~sqsh!AqBoA^#MECyUl1Y
zidoNh5=tzj&2%mMq}*o)Jkw|x#Ic5d%n}U-vQ+0Fs+zqd_#XTtry6v&THF^E9-gN(
zTS$=+mX1o^)r6CpWn_!X&FwbAY>#sN<3+wcDB^2OTiCxAMFwfpxb}X1@wbuNRwG{*
zuH)jGWQ>t4`s2<s_=$UKK*ha8`43}xPTTcL&^I>UdXMU0z)G<7j8&uTh`!HcX6x~`
zw%eZI^sbs$XC>adxk-i@B=>e>B#^qo6&f>ZWh`yW2b+wgQHnGEZGoE58F>f&bpkn=
zbsd;_vLHpi%^+1HAS2^ef!r$rm37RFAeQf&nzm?783t)o@g91t+#Y5hA((_>_bg*g
z9{;yrTkYv?S7jcpETcB(_TW&oDKL0Rp_kB-m4JhPP5!T8u)%EFb?`X9Mf^}KTzg)8
zrZZ9=KPKjpa~r(_`F-PK-4p3@V$!dW!5+;44+x358S%80$wdWEH>WpNEx`AmNRF-=
zPqEXogFN<^`bPGQ@C(5GH&7{%@rU7YyZRS#pv4=`WfJ*Cj*b#-H#;^)Dr-Mc;4CEz
zOh<Y$dDlx5WV$2~oyxHgfK~6}E<ht<QycBRmtJ2L6h6g<z{8i8RoCtYJi;%9!$%uJ
z$oapyV7QT-*5v^F1g^is47KsBQRS_w1@T(XT`%WraN$J-Y16P4$F&*+iN$$eR{Kju
zHmS=dl3zO*vCt8YZj6W7wN%;qN{iO$hkd^k_+`jhWHNF_mhMO*A@gv8AL#vwkZvYC
zW4<WxYmLn(YZKvsPC1Xh_~b2$KqXaEtIFz6!H()f|IPvcvFDd#bnUc4$O<_b<Bw@W
zUYmf=p0)TA-vuP4wM304jMq+()Oo)yu!#Y*EsvuaI@ogwZ;{^fDEtuV@DeHv?J=ol
zs0B{6E&CB~o)uOFk)y$mX&G2sT1J)8nheMq`L%)e>pG9IcPopM`@@i=Q8kDdAA}wP
z!#yKg=D)ane%<mI!y;ZO#z*XqHvYjWpCi^&UP4x4XNO-Wt4c*zaOP+7XZUHx&W85J
z5ndfkMk3n3-ro0GJ(*2d@n)R89o{g}+=KtTo>eJKP<RB$@h1j7<DkZdyE24d>0l4O
zyc{!PlUE@RALv&|a9n#ld4+Igw`LAVb;{nTD<@0uIp`pxs$Gpt3O)TnW$;og#B92n
zMp*4G)w^$LR$(f|4`{g*#_`C8h}Y9}=y8w#r28Dz9@gE?`g`J;?ZzS#e<|`?Ec^6|
zzm5A<=O#e|XN&*vu<|#J@Q-*m1$==t$@ss!SsY{_GsbwECg(*Onsj#8&zxkh`ot$K
zN(B;|5EX(<L$2(8?nxM1`#jM+%{m+wHsUKcXmx6PmQRh2ZDd#BJ>%dle8p1V!)dP<
z99iF#>9$^bvqutxVPy|7jSeQT=yN1vDX~9H%gp<uvJ|&xrR9oK>sgj9G*T~87LN+Q
z=qI<OpmX4ql&%XWoH!{5&JkZgDZXXTnN{L-x|{iL<y!(u)<;5C0J)E41$^k$>Rb+M
z5~W}|Hrs0c9nJ%GSIY={1NhJ`juW&a(nce%oKH@-%@1?xyKu;|>)AK;Jh_ZcjfgTl
zwFnX!u@cP|G&wf)i00qk(r7=JSK*EhR71yBv&^1t>Z{bxK27r&*4V66RD6J-F=RiB
z2Rq~&MJ|-+%&5Uif1ZG%bp1@bSr&EnMKn!rX%eFAR+_^TEnI(&<D5Gw-Ad50NZQ4{
z+No*JQ?H{x8|{-AaE(d<e?H`H6{xr|Hp1t(&v?}E7%hGq=$o_COV}`j(Oc-H<bQk)
z=t&2t6FGhOQQv*y9^8-Qe(dr_=25kpfntC`W<n(()A?gp{f4&ay+qI07=RbKYUkL;
zoa!`SYKoi*uZi#y=gz$8F52^V?e1-cvNH{yHUL6t8H)O*ICNIFSxyJ(3yJa5rl9Kp
zR8|TFZP8zcJjm>wVp+E(&HVfPh{Go{lqz%fv%qEgBP_3c^}@L6I4viFZ>IN+6)(~*
zU)6^~EMW*aIFT^RN_eyjLi{5AFw~#%ChB`6Nngj2*!jLUB+eW3en}73&l?CZ_2uv=
zv=!h{o?o!jTmX4+j3CH^2p>p|{M?BYnPjlOD-;);A-G^<q|1t{WU{g9LfB-)1UmY+
zW3w3;N6kHD0-lK!^{H3W)8KR}p`Y|{iZKEP-8r(#MoEJ-D{_iU->2d1ex3>%Le~%e
zSn6;HFzE?w#tz}#Fz|#9Qkojj+qN3PgTG?M>JG6RuNyx{0-cZ%*0m>KPcmw);g)Sq
zx?|4io%zIK_gxA1zSlmLr7%ZlvsdEyumQE968nhb-3VtZ+VE3lMl*&hTS9mBrCm*r
zIUj20UfeUBVq@2GtR`$4R0>}sMz+C^s#sO#pH_Nw@SZ3gWaYmMqUo0}R%dnS`t9M+
zFoPUusDFbIB_<4LGol9`kMhJ$k#kE!(FjU&pRRSbv6YL^f6DHf)_tJN(c`)L8G4mB
zmv<sd6i_|2#Jr!wA}~-|buP+~CFk&9;Hzb0f!gWp{R`zu|IvgJBUCIuK3&YMX6N11
zfn}xE!a;JiWp-4q#f+}h^XRJSWQ>w(H}NO3$GRFI_m!e~x1!%pz@^2+MsMtin~4=D
zrlHFA1HJ~q-k4+&69~17fuw5a5ON`DfNI#(+V{RvgBfRF507Wc--_;CcW=jlyMFDT
z7w@^uWq~UNr-A2kqwL*xiHD-1>KOjZ2%kQ>;VbcJ2v**}($9M)8BN=-1L637+p8h_
zwHrE>t?N!&EcnXlo@R)$ertdz)xi73{$1rXV=8Y&DXcGz=w_hR39nQ;_f*CIE{-nK
zGITaD=e;2(=RqKpDd|L@^0&*`FAovth1qgqF3T5ORA+5u)B1v4;;tS<x`H2fZ(W<t
z_Zi$yJ|k|?Vd<__xR%%af>p%k^&Zb=m79#mB~U8W*#+nc3p$>30P_fxI+Uf?yW;1q
zw}JRwc6Aunib``vW$#mXzuWSqcgkp4_yU{#FkIE}x;{4rIIc9mZLJObNLMj}GFb_D
zOv`H0XkSS`>UJ!B`q<IYNeBym4O-Ia@->WtWsw*6Ei;O!|84nx<gW4^r`kYle81vb
zSUo1=R`E*P%<Hgz_96bIr#Y9RG3_hgZqv90-K4E6PL~pGvMsS33mR5{Co`)$y?2X3
ziHme<+e-6tC=*|nD`iahy^;rf3-E)Jj$wI6NG;NxjN`B1eSu3`D&7WNswuJ!1pZAs
zlN(qqi<55OE2?+Y8d~0>p_q+!v=jHA*TQi)0{Q|AO%@+N6H7gY*E%5LJ!(>#o-_xm
z^Pb+%D#)%!AZpI9apAK1^J0kMTT8R^Twq<TuC07>C-q)gJQXEZryNwU7t`X)=1JGO
z-CkMWOvD#Sm$CDVr)h+y!gqUfK*gq$t?!*Xy0?ojVMp4pCo&?6JI(CgIKP}@CZ-25
z&b(wVO}g@~PE95k#{bB$X@nETxGL8V{(U3Od{qj5JL{1YuX_m&vHp*G!f@f?J3*(u
zlTqW^{{B`uxP^HMR~PEr@~)2rJ>*X%fRm0E1OtzE2ztu8`8p~{*?K*fQ66QDv}XKK
z+Ml_89OQ;D@A^)t2*p==x{l6y!hDdhGV1a&a6bdc3~|ecUJw<J?(}Bm+Mc&K;!A<6
z(@29eeJI1<JH%D$ss@JY>RU56uT2b*=fkSB-<wv;%HOW<*00er(gRo#B=Kw(W)FJC
z(FU?}Gf<mdsX!c~m#mlMh5v{uRizfhYopTV6{EDoY@^R7M&*enWoFouRssw;r5;_E
z&V4XJCe_Ww)ObIprJqwMcF^)Ge~Y5g{^RB1ocKL28ACnR?5`7!Z4yrpP|;K;?idU^
zVw|LB?KN@KnMUs2^R8G#Cccw~$~v<hBG<CQRba=AfNB6&DX-@^<C!$-NX?o1)_#B3
zM@2)fX8yj)UFyhbb6VO$n!d7R>wy5F(@%^(Ebc?sEI?A^Qdee`X!eLtXRK$z4tD8@
zaYLhl(;OMnG;aHjxRROY33V4RZX^JkuEPhOuIjgKxt7wA!2!|VL|%D*w{SZ9J^m{y
z8zX)_$*s{KO&_tE329CpFcPy8n3qwRepO$AHD81>rkx4u4T~ONZ45G_2|A5}4lAtr
z^7PC!5dP8gVPnv)D!y=fIN)qZ3i!kE{wf8lO&@<>RI2Z;4kC6xj>%*RU44%%pV#e}
zV7l}=*~f0L;cQ~Yce(U_t$dd2@OoCzutk~tLhXjC3VK?toIniXr{qa6&hqG-!zjPc
zUGtbg^HI{HP=kd6@N67*(9->F4$ti@W>V_BBvTK>@P&EiXJ%VRFQen`<;Gpv>_SiG
zhs*db$+U2nwA>3<wRv?#K@{wWoQr8&HD@6mwf+17ZVM=4CuEb{_`Q?RjOPcov4`)I
zf<IXuyp&djl6?E{7{`k$FA0-4>GYtba^4|a>+IawJL$F!dX3@R?pBIsaZkOwIqBeQ
zn*D*1WkkX6`hMEf^?f&-1hP{zo>~a=o1r$~Lg{mPS$_cS-PP*4GQMEnr=i#h=^}G9
zQeUTs-2=eqatowi^v&9?@Ljcj^o%!xcJ4sB(Yxsm_60TE#IJ^~86{Cr`6wq_w$+}9
z+#96}3CcAoJ!^p0z_hR(YlmHcTPcT*?y<Q^yN@HdRpvX-rcBNZI4;|juXGRIJzs%m
z_h-M`Z=EWyKb(*29F+!cWM10QhAvLmdE)dV(!dBB>rfph@&%!4TXr75&v+v%1UBy}
zK?SWT<5aFnt}z8@Hd*?p$pAW^0#*UH%>RNJhe%(>St#~*i6;4yMOc25s|oj%*hapS
zVQ~Le8Wy6~%96#}`_U(PqN-<wqLU=_1t(LNd|Ga-T-vX<B@^&<HY%WIW}8yJWp}fx
zf@LU=aixMo($#87A%Gpp7^q33*>mk6=mGim@_}npw)kN*feX3uozEq_*o15VU<7x(
zHX|EVeP+>T3_pcmKXen|w;1&v&mHYqXe9hNgU!0)*2}O+{mTgANh&kM$xPwt$NKM*
zmRC|=#Wb2?5RYiEBQ&Vr;IRBn|1n--rZ9pGdq#p(IBs8Hl=o*G0#ipJJQd;=iRr|z
zSKdzRqhp1!n>OoZt2UnxtIT{db_sg9gZzTv$uoT_CGDV&vgKr4^HpXT*>{g(<3Q($
zo8)W<buzK|nShe3-Uxm6gm2#j2;cQ^O&a5yNt~G)CG=-0=i2CmYw4P{k{}(WvP_%J
z*)bQpT5a~AIH%wz?(b@ptP{tLn_6$@;*FX@<#`O9C2Or-PQc+zOp@(mBdpoc0q9sd
z!I<9;T(;x|T+8zCQcmjkXoyG~wTmd?lPOh*JmLaX6w|A=^+zb?>6-_cZH#|;DnOqt
z_sg)V4orG*#dd|Hh3Au`v+S7ytfDcaK-K%|`+nphTJQ-q8O_hR^EpD%rJXSI+9pyK
zo`m%X<<(pexGHtOmPZ%sjz^8J6>8U+F^xXaAQaO(f7j@SCB>_hIYC0t>(2M4%Lq}r
z4ERpy0(J)lH1BdxHUYNv$`&z`=KFrjYC&QVxxi4@q)#`xqC+;iGLKeo5s6mc)oeZz
zM9mu)_gSw1s+*MJ+v-IXC3C02jP?KctZN8~$<W>VBjaY8O{j2~4pfuHZ)rt4Uw6Ch
zs$%Eumo&z1?uAK)GqVw%;i|#FBcjVRaqflaSitui9~eFD(<GlW!1CsIg$~6jA@zjn
zFwv6z?lt8hL<l@n>osy?ghzRAC_x=hNIBy7*_jkT{n%19%bBezVXv$Gy#a{;<H(-b
zTH-y`rRPLR@^CGs4Qug(tXOWvgv%3i0Z}xW>C_6W8qm02`+FfTmN~D0zSNoO&-ek!
zewj}WvXFXwid@kaZ^xOZbORn`%=?x$d4Df$vKM2~)D&TTupc?RMK)w&^1R4sHiQ@-
zj6sl&eXWhzMDR<qE!vPJ-R$|mBN&pihn;w4Vjgs11|WCGvI}-&1LX8KiAH!sQZCz8
z&Z(zea=zKD7~$-O^>w#&hN+uDSTo^iuW}<miR+VXN*7X);bBrmFitu*k@4dW88MhC
zutJv2IU-s<Tr!3oS&10fB+%23`EGgVI1J0r`5M=*1mt^1&n}X~A65nDWqYsj>gy!X
z7P8t%RYV^9O;z&~gZ1z=(7E*lcYkRV=vP+_hCN|S8o$-IgS-s22z_J1$?)bG%T`sy
z=$2vGECFUVjB!e~SYs|qkzF@NSaZ5u(hS4&Vr`%CVL^t|WJ5!9_5s~EVtz?f<)8|$
zpOrqg-!$i%WY!T$Lg^m3x$Y^k*ZpBILaOW;DXz#Y1iRVe_nqX}NYF|ZY_BL4ZrA;4
zzL3tf(V}3oxb{<{J~P~%6R}tJd&4|W1)oIP;QbN1$XPqQ5iwWnk%&&Hti2{+iV_}j
zLZnNQA@4rGfaZv)a%9oi|1x4hTSgG>ss9?x=AeMW84e)riI;2!p3^-A_-MNH<E>44
zs?y~(5Y}~;z4Iu$*{h+t*=w_Gvee|@krxQ(=Mm#0DY2vN%^bXI1DEe`+eWGjbfXUY
zWaBCdMVy};ZsrMBGa({O#j`C0OU4s3PQYVm+1+3Ck-|B<oIS1lI<!ax9@XJIbM=PY
zf7uPrs`cVMeR@sQ-MQKgLT1ubm!lCU*TJVA)g|%59|hH4NVdsJGE5$D+`10@V$n8j
z!bu%s!+P)W_pF^qmuG?zx(p&z$gzlhVRUWk%cU%^$k=qc+Ibb$gPnO&cWW8d1DJ^l
z*L-&k*Z|fC-$xN+=O|~S2$zHc`foGE3^X^-mqjh<mEoAcx7@=v&vGpJqc)`SA9@$x
zI*hpuJSrSC$4$gtY^veL0dvZM!dU9+wS3jsvg#)I^?=Cc%EMc^)Q7k{ZpohNCKIcU
zhkq68KaG?$kGs9H{%6eJ_7^rz5&{Bs{CBNQP25dxw>AsTnk6NVNy1Bo0CnQItu^IR
z85l<WwHg{ZPDQ|4U_xi-loExTq{G0|=@fEQ5*C~zA6c#d<3KuG_{V%n--UuKX1!a=
zl{s`?*9@-3t3{@@D>%VOq{Mx<`fBm<TTCK8+1Q-+nNqFy+KnYUQNz-+&U7ocX0xC7
zD^i6I6q&*diY&u4;Z7V^PZ#IN^YfGS*UDkmZzby$pSMPQS3V}c3l9zP6&2}jXG16n
zd~fNmy_69fy|tDKSXw*K*OT6@(e$Lzpp7j)e~hO=HcG;mFbLygoMO<bSHoLgai?*!
zHT&dNQ$5@-*LyJ>PbcK0?e3hbnd9c^Bsn^#MGDtG;MhbRbN1~fNuK*HSBH^(<$*d0
z!%S4uJmpmGxst@~&_j!)Ur%>l5l4)7YN;li%vVgDj0#rP45e{KW7LTq1lL5j?P@l?
zJMtLUf)2&@$EmbHu8}05ygnC;1CQJ7d3BizF5`@L@SKNL=E&wAd2l|@1Pj1;J#&28
zjIqQ`ix2z#vxhKyh<4zUBMEX?49q5<H)e6JYWvQlh-H3ZCD8d3ptI2GUB0xRcJO6#
z%6*{=-@<wE^@mMf*VyW%X_Umerj_}b*>Sw15enbbh9@(p`pFj6%Wrj8i*JiDm<&(k
zVJik|xiMPM%}FO@I+m?Wn=JsYTdsOX_q|8PiYl<Qi$u8{`KQ&#HK%dsH~K`WQ%?g%
zBhts_**TTbcrl2k+$3Shmq^lE1mfn@O|6S+SM$q1pJcC@%5C&VR>G7`7n#ossx^*~
zx@o@*C^24{mPsY$C}CusDKs_cT!M}QP3Cm!Ibl8*JtL;#%GU~y8-O1OA6(MOHRe8R
zmd>eEw|81MORj!^Jt43gs^)bl)L;uab6j^zwBB5n1r<|!c`S;M|FuC9316~pWHczZ
zJASdJ<uQlfdZ$0^>WF=WZ*4Iw%5p74e$lKAlsop=1TaKx$FU9!*kd*Orblx+ynU;<
z2G@Nfd%P$NEv9(Cmz{PbnA!<%AIJ4O33)3qo{o&UY4$=DFK(G9I)@G5Uq(}`9Evl$
zK|my^*|@dk>9onRAo1paf1a0~;+qq)E^*Rkn;9#LUvB%+IKT2Vk@_vNygjG1wrH+R
zHTR+=JZ06SNc#wN?fc$p#s>|@NfpegfaAi>_I|fP)^8N#v&bz*@@|w5HmNCbH=jC7
zN(VJ2dXzk}1$3s5gFBc+JiJl1qIa!oX1`)3?hCGg{MC8EPJ4U+3TAsncI)G^*+}YP
zeAi%lc;InP@{G-|<|%|PmPRofM&Qnp1Z4ZB{tp%a;^v5uDscH3T+*{2?uxlr{FW2h
zD_o74^ZiHhf~|nVBFlF_x*{*L>tWiB?8G=pRY2V@v6C!G-^S~nbji$XW5zFn$F)EF
zv1l;PdCITcH?QOm*%IN`aW&(}mWXwT_G1%=rRQfCjB|OXRBD+`1N*&sHKOe2KW{V~
z?+ku1+~P`yJ3;GKpBJhvELGiDpt!QyvY`NyRa^hE|DGP}u4b{toVwrcr*QBY%6?)`
zscSepmJgO{g{)k|R5sU<r{kQ+R_08LY+|mM(}IbVGX?`dT`ONO18CUd`hpp@w4d_O
zA8-|?IV;tp#w`7JTH*XVzcd|g4b7f(NL58KVgOsx{h3e}u3L#YZ#V=^Y+K`r2vHMI
z>EZGl(fc2k>5%xd4$1_>B_x|$cWRtuP~mz~om~D+O({`f7GA0tKm<A?8f;E&jvv3O
zrD+?gq~!2LfjQ5x;hW^{KQ~~C@-TShqJy5^P{tz_BzOqHhI$lYbB!ScU=`{@_QpG3
zcqN)Lygw>B6nVqS25F=+mDx8Ypz%C60veDE!<Ls%;CrUQS)4SnHve=GS^Q9!o7t@4
ze4UaJ>eCnAa0c@$(*uTjVV(U{vUf3q7VDTb#O@b#W^VFYKFZ?4s43v$05HGZRy7iP
znDf=Bq$}zx1`WE6fU<$Lz>Wf0bUagIBUYg+hE#l3dQo{s49@!ak_+(^(I*|pz`TG9
zrTa4{DV8Vm#GZ!462YXohT4*tE^2Okd(w%=)QO`byN=b%1pY9T1O(vZw1`|X-z@Hd
zRaiPHo37&bWcp$*vj&YgO$o)?l=f)E7JN1<X^zG6+d9`o=wN0UTO0ND(UFL2wzDG+
zzsyiWab1QvpMaog7<blrqWtSGO`iLtI4q4vmQF!$ukDh8G9TH2{kq)3k182(SbfT!
zOUGnSEJw_n9>I$a1J|AN*OB)kN;7KjSBK;~H66xwiY>o;UO<qmxpC2YTC-q%(3}Oa
zRsMHpwDvwtEejOZR#W!r@aC;;>4c;r03XH@!Y56*@iZZcPM*Lf-ka`*G2BL7DYCm$
z{u3gV-1~jt&DZ)v&aeaU)A89tF4n8@Pcc_*6|n=5hZBa$%u@3(*Y85>%?26b#Wlqm
zEzL$#dH1%%*Tt2VCmOXPRBt2eC)izgO>phPujW5?Hq4Y%r;+@@EDqM;_gcHkTgi%g
z)k({=C1Lx6E@Xvx6T}rrLlwBBj&zW(wjICh7XMG19t@m==Rz>;3tFPH{D<XwThY3H
zU12}gg~zFbaY<L`c<J*3lAV=pcxLDB$eN1YzUt1|w|y+od)S^1Uj^#KRqFNYfvTe%
zIC!vpJH5Rr9BQ@CEc)H)aZifL3taNkiL#ds?7?!OvD^#cDq@y{o2oi*Yg7%;^<X>}
z;kDiEJyXv0M$(H!YtEzj1sY-k!}?UsObbsX$v3`Ybj2F$J*60()?iZos>rkgv6NuT
zrfQ7dGEO+|x>z_u*D;cE!Cgp-`|v)jU{bkCSrhHUJocT2_73yJ1RvM6l731Vwb9mX
zUN+-ndWxl0E<SW_FQiRWn?+u34XfO~;M^kQM3CM&8v3oqvX#BJ#*~@;5%zTsN0l}g
z&GFeG6%e8Jw~fk|6|tlm<JLV2f)eR7TFFpfZTIe^kstR5@Z%8+H1$VuCxO+i6t(H<
z?aJ9}l1)Xki`sjI4SHb95sOa2E`~Xkl_E9ezFFbha$mLbEe+2^oC3zI7&NDamoR7%
z9iyRJ0^wZvMC(ezolSuLds*Rjl4>;uSKA-y05vvAG5ABc<+qsS_51SqaHca-Ou7TI
z^S7BQQL(9ZrN#;#7K?@L#(wRm-G$=?bf(<tlE$_BWlAE3Ctyc2MTlPcY+7-5S4JFC
zH9^BR6Sjw<Aoq6IPTK>EP}uQ09K<9_kc(}pF8Y<ZLDE-y$+Ur)9v+8z7ws<S%G-y5
zyc`=bg#8nvQIF&?eK!k1UkL|!+Ev}az>x@QCK~(ZLV-H>l2j^@^%Ai%iTdF0SbZFr
zMG^LXu2Uu`o|rr=D(5mIV?xLE2_}Li_|_VxFHhMID$wO~1L4+I0O-X1gp};KEZ7lW
z#`lIcJ%uxX`Z4JcyORhgjxX@}QD<L+i85&Ic+|HBuk^h8eQs=oCrI|l%q_@C0_x<Z
z1Af&nH?M4y%9V`x%Z?BZB{tP!o%mj_2xxOy4Yy|RWX6p$d)hQKry8NB;Gp&@f>&mw
z&CiSV5!haYI;e9!N)8^)M3k?D%*`yWJo>NVxlnR5*zmYrO(`XfPGNZndX8Z3%r#{K
zt52)hO8gdZ?+!)oNdsapL*qUK1j<%n>|wY2d&skqnRt#=u1y;|_+KB;9f}V7*HY6V
z@=bWKa{oFIN7izkn^z8$-WO*=2$Hd^4Qc9vZE%w*dX#EBC`moSXcwF*^&d%V#=#ro
zIqO<SX|*^mt*OF{?jSYM76zridCEqd!D<OTMDMq9OMn(mhuaD&3p<mh+R~YPD8V^g
zS}Unnf}!l%X>~dS@yo|nrc6s_qQ4~6YBoKp=9I;fi&Km&ipqVi^xb{-+Xte~<R+Ht
z=xkInXtOlgh8FZW#JN1tBq}PRkAWfm;e*l}(yl3*q}!#O4Q0$H)lj5~!<JLJJ73bd
z+KpE}X711)fn9aaeM_|@2#wADPGiKAD=Yh%EkteE1{e*hy)>2$tdUq0VZDY<l62lF
zTAb8$!eq=!@rXXN)n#Z(0cQNGgGl>I-RMO!QRV@^s=p7w1!Yyhq$W!+2wM)WyC17u
z$;QNsXwvpdOjCfTU~+`S&KFp(5jAcT08kssDz}Ayki&7pmFw1>5Nkc03qW!<bWL<y
zdo2b}MY@(#LF2cpwJPT17o%p^N^&$n2a0?n<881+i0f9FRaISr5bEfaING{5a}13L
zgKInk6<xI&7kYC&zRr#MhA+wcUSmkE-(s~+g~HW)a#7ZK4k&qCR&AXO+Di`0Nys}4
ztadVGg!m)}J8jJjQwPFv{k9Jq&OI4bDzfA*dG;+T<q5s)PaLX-$tG|7#t{3%Him^2
zt+j)R&d}YC#ixV)F%+Y`mO+PN<IeC#jo!u%8{I(a*_1L^)q@v{J7<j`cVWS_myhf>
z<hl1NM~!dS3>?4zVs4yidF(&dR0gReS~Z_~(RM)9sd7y+F%`9XJeU6{?$(Mu%2$pN
znO3uSHFp`>&FtoaAzrYl#b>$={Lb8wEs>+ox#YJ`4162x+w!xv0tGH0+^0hKb{7EP
zG&Mo)b0_EF<w3qpQ@Q_obtR7|ic64!wJ(ym7ckJ2g&S$khhKkHY0$IbSBun1<T5R&
z$B8LhI%ro@p!*c0>>&v=fD9D&&!hWfWOb?WCJi`*&TtfvyY|uLI&NZ&z5WxGKeIt#
zZ!IuPCsXv}PZAn+M%N6!L|S!@p&v$pPdE9r%oLM;P8QLVLr!0Ellg+^ROh}tyEJik
z_xWZ&KwA51ILy4G#oq7@N<}}e{+y;!*b(E<v?I;^2rPHKbotJRL-!qrBmJfJXOmS{
zhV^%<<KoXmfWxkrI<!Wc&J1mgWgJxWcRGMCR9WFSzpmaaL`ucI0bCIpjfp_8n;B~K
zU*BepMQ~IW9#9uTNkt4)N9TS>u)hmMT+QA-GI9IOI4EQ|;Ec1ZwBHtW6^qFc#Hfoy
zDzxKdVr+PnA_~!mtH}lDyqeK`7zdpY2K$c8P<t(D?L@^ByFY$7_>13Yc{LL7d+KLe
z?YaK&pK)9Cwz$!ilPFbZc1|48UrA>JiY1f;`Gwj0-dHEVBgNr>@puQ6m8dcc1sS%L
zl;&ncYrRu=S3dgYH1J;b;`>vB5ABybqoWpfZv7%3MuB3d09AcK81`MFmczi@&+8Y2
z@F}h^3o~qL+VryS>@xnRa&?YYTX$J|iDfBWj8R{^vv>6M{O9VECXN6O6}{#3pm8#K
z?EU=WQ05T9?W6MRbRLs~dtO#_x;BGnWbU$pZhFpyj7_57b!(#@edFsVZHWR&haVO)
z#nL{m{<LB~BnBelm0clriuviwOi*0j4Imxz`H~c3`BA+Om`umyZlb9nGu<~eVd%gA
z*$=37li9qoz9Gi!Vg0g^_@jW?6!3$zI1oLq*ZC3gi0cyah>Q3t@lv9_)=~%s*sowr
z=rW)i(LeGizLkr<6L3XXA)NEk2hdu$E6jJ4JBhX+)5khS{%PEcmr-2Jp+ico=J0+!
z1?yM2jIU!7DCF;I;=rj*!OwF4JhlH>&3=M#Xg8nvLex7t7PlUsERKujNN9$Mf-l-V
zz$AQ<7|4_4d}qGI$D*3HSlE&DIePb(@xnGSP$jwuz!UC1l|8R}7@Y@yz*v8qig5%e
zp<U5y{x>Tq$@Yi!4$IJ%_RqadmYT4Zf6?u*w!{Z$V~;=b^bRzz#N#NX_cC52qoP((
zh2BQS7adrlsL=`GPzXVa;#~1jBDwW1#K$iz)xc1QON`0SIGY{1-0W8$d>=sOxq?Yv
zIckW{^r*Me0#w&C=g)fzAeua<HDIPCAbpXg1z4+qNRFs{1@*S2-x3lQcE5e*Qr&E(
z^DKlWtbmm&JfE$dizNO{1s({6ncwXgUr;z+lTB3DIchIKtuG^52wjXp{hp{pUa-_}
zAk-zVv31V$u=wYc&ot#@(~~Bi$5DfaZ6C`P({KrepQdYt(r}7KxA2v~Xa>2vaWDeO
z_URzgViNft<A)ZHBeR=^)p1cohl`3P(S<OT)c&}qE2m8m45R8&gsY`M&m)^MZWuOb
zXtf3TY0Hl(c&NRyfBf`v6KQ>3q3hguY3R>ZXQ^3p5%chBcOhU+f<pmjJ<f7#X8$zZ
z<bB)!(cW8y#rbUOgSZ7kfCPd=a1Rba6CglvclY4#79c=y5AN>n8r<EXad&s7>CT?#
zf9Cx5p7YEzmxqhKfaY6OwN@?r>U|4#Q(<+xmo90HZQxL8%64_e7`1<AnbpNr3NTRX
ztJT7-+k9U^KdHsM2J8-%=4ZL8DNgZV@w#e+t&-PEESSuYj4P=SEPuZDR&`}k{gI#Z
znf`RXnEq5Xq?s@iJN&p0b8ZS}DcypCU2UL?SDuCb9)M;ORMWMpso<xkWl<R%CD_a~
zGglJmK`!gDw-!Sfa$l&UmzM+2)M5#29T7LCEu&*LCdthlJ`T}I>cwUm>>JiKOH!u7
zo;}H#lx3HjB#&ZQw0?TqGHOUi7~v9as3B5sfuo-Mdc2oVD5~f{-L$kaT6j((-A#iw
zE+IBPI(2`k`1Pf`^G&@{X#^LCHADKR0ZqNWvkeRU(2Y-Sx0^TjSM;UxXdVh44&U2%
zOy*jIX#Y&R2?^R<NCA_-CMYWQkg%e6;21p!yofgCcJ*VTOiFn!F&EZ}j(erOLP(q;
zfy2b0z#;SOB}}ob3$cya(`kD4`MJ|cttWo%NNPvti04m2t)tJ|t4kb`GJ(w58`#2z
zcr1>Ai|IUd+7OM<SC?lk5cL9uYS<XHrA=1-K?IIDpR`O)bq+2118Omg8*8+eez{72
zWbh??T8b+xAy1>gxMefE7#n<|Fs_abkr#Ny+j{x=;ZCDgZ!a0~!EB{xXZNV{2)c@(
zs}kO)Iiy@Ak;Sv%m}uzX?A2*dq144hpUSM#mb9`KG!!a*Ti^O~fPd=^cY(Pa=H*Q$
z;EJQknDbJ>jEbgvqm7fr(}iavQ1gtZPtl_&A-<JqhLKZ@j@3CQwJAebsJmVq3dNi4
z=19dCm#;OLVVYg6P~B^<MzhLda;xP#VZvcukYPW;8$~RkVOQy;6Vb(+X-K>{29ud3
zRqqWBu}PnwJgmwm>oeAyC3H9Q%ORLE)M)nEd~-Si5udovJB=cuiykR9dxYt^s&jSB
z<!EZ$zT+QJQS<K%5w3}al?tS(A*>O{Q8mlNQO%8c<_u)qF>9oKEcWMIT9%|ilnh4P
zp!ZghlM*0?+2#9)`U-Q0rqtkw6k}3f<ohzz9fMXbpj|Y$h4V+?sCnHX+feqY8!atm
zX9kqXWBH<oOe4>@hCgh&HS+7FENON|*48&dVptJhB?&d+1n*S;NQ8#z>YG8GTQs6<
z#NnJ<Y6Wx%1+644z3CRFB0MI_8Thi;tZ$8{!kjEWj^OuWG`z<kAAkYX+=j-Mjf>ZF
zlGwR_b=&De5K9}{GcYN`ha@wbp3XSfYEEDwIV3D|IzCH%`d-c7t}>&t#A|{*CRK-;
zkKGz~%g+L;7VSE_b4gV3Q|^9Fa!RdNf3BUzzTDoX5>1nJJdVxjfFh;HHNC~BXxV-<
z{NHkTKJ(4l*4q+`p}K3@BT=!UJX)uhA!*XZiD;{xp0Xo^Ch=KKMlKp7dM=w30jurA
zE?dSUaA{@6R3Sc@$jHrj{n6HR%jct;pNat4ePcSoO+wX%#8U<ZY_H-LL%PnGm9RqH
zDQNygI!Qh}bYQilW%(B*$?8)f0gp%tY10ma>!->%FkDYT_DnnaL!8!$>8>AKSXx=t
z*KZ98i_Fy-^0?`pjKLz1w0vE0H4Y>{gjj}A8A4I)G8a#5a<6Qr0%!%2&EcR)bZ^^y
zu3E%qrST3GdR!xD{h2)Op*B=YhMn3ijABwCsZyS8d6s?-dmI!89LZ#-Mzsn{vHy`X
zV2$l#I<u^IGoazK`E&=&Rpn`vYR-tT^;z5_`?F-o`<nD^DLxzvr&WsF(CsER-!uKf
zOodM<o;nry8q3R6p}d&RfoK>g(G5rHV#r%1IDbAQs&%MtPSJg(AgHCOFZ8@fAGF5I
zLx5g8QuqSQwAddw1s+@#0YP$xuz%X5YJ9KVMus1z1UnT<FyJd1T|x$kx1fU3v;K<+
zXa*xwiXv^4@rhbj!g46?pF&dJX}yPoms(@aP9&0Slgcuk$p3sZknxmv$WVyk7p!^i
zc$J?2#qH2+W{i`;a4~*|_THLJubN=0Mx(POgsh{FNRrJHE|FI3o$tU|dIu8eL|h$#
zvR@aG`I`D(S)eUT==>G$!2;3Q)H-JCx@85;x4<4?YZ2gD*m_{B9P<#6AJ7xOmls<T
zWlh<jQj;H4JUBW)s6t-Nq!PsJbDw5ut)0UXDxelLCh}@_&7HgD`&$Rc--Yp{8Wql3
zYsXw^Cc<!KjAyyW+(MHX9*VOZz#YE*o9uHgVHM$oK$Vih*|s_zedvKe;73>v+eh1a
z+VK|q4(27qCA%cK7vNfsfDy2fILHcuq*x4}=s}Ms)lY#@LHulBw8Pw}Xs8d02ou`V
zU#y%hm|q}HAw1oKdsV~0npttl1+920qn#uHc=!d=Y5KT^6ky{Kz()4YAvqb3zXuB%
zA-s{3f<YysZTZ_x?R1)l7$;_rCeDJEqSAV2*I`}RwG7L^Qw?{FvH2q)k3LGN2gby9
z@SZMFPZ4w=VU7GZ=4B?|_#}3_4j$(T@)b)@Utukdx#!bcw)u--axSM5=n)TMuTZg5
z5$Bb{$G3YmGnpBk%7%U`5avmZUlyHIlo1W}Ez$8Wh4QePo~Fj#mnfEIMt9zEH@nll
zo?ZUwYBDv6sLD##^vJdr`}*bl?3HIauXe4X6ZQ2<7en+a4bAjtC7~9Ixxuik_*-TY
z{HcBgPhlQK#5SI4^P8uZ5KOEO(84KgzY?&-n~mjm)Bh|4PZ@OkWf_c%SsXq%J&Yk`
zzQ)$Mgr*yj^2EHnN(`EBV|;L4g65FX3cz{nz7dJb%%PuaW*}DIb;2>-KTK3|#r<@8
z*j%pgso^NFh1o!W#@itRS5yXL!IoC$&d$6p7kcC%Sj(|6asEX9&sSRe0$%Lh)F6Wh
zFAnaBC?dPV3J{h$Ap?&Q<M$sB^lvfgGnJHAIJw6l_UnIPzofw^Rw}ZDj5oO9vM}9i
ze~TDbFzVeR94S(3uh;(pjq9E@Ec;u_Z@rR5R`?A>HywCJ-Usq!H`6b+@vj#>xG*E1
zFZ}#o^DgaHEO`l9%zX{jC2RId#>4L%9iiZ-pE_-6<P~`;!nmiNdBmWYW{4#mQ2PEU
z@w3nS>?TR^@X&<F=o!>S4d1Syq-BD{^oz`u4a#La=ODLk)3mCUSAB%cx4$V;4^H()
z-5q;??=C`?^doLsBtxSJci49|BW7Ia%-^M6j=ddhMFT9)JaZ<5-PW#`pwj=5P4<?t
z02bFH79QfoMZ)nr#udR@M=01fs+f*^zFD*|$)XN+`Urf$!zs%1{#QbE`$sVMxPsZ8
zt;Ez?mg>)(RcqOY8Yk@rU89yk<he7C`Yp%FrNVMdXUP}0pFQsUjXix6<;Q!C?mE7l
zvC~tNP^TPl2(W!^S-;hmisjV^n_fbsJ|DZcz3)Ix%cH#YK#j;_9tCXhgczXh@)Ew|
zH<S?s(MV)`2clfGp&0+}M=unV4<}ad5*jlx!kSoQHho!S42H{Ag8#x;Wx-&;ahM4p
zltmV2l;dB=btS=YB(tmyV}6_u(2-?zCTv@Y=bhlFF$czO8%QyS1_BQRfRTd}>zkHf
zR|!1n*+vRN4#qPY9Rt1SoL(OzxMj<q0tDW@0B7<1Gw*<iy3P&?Fo=f;7CaOr(aIM`
z{0n4kNxBuZ-G5Pl+LC{fxL!T~jFb%*G+`qmgY1m^`#>r%pwr|B?F-JfAM`-=ek3c1
ze+|;s3rrON$HYcd|2bwIj41PN0uKEJnMCGG`b|pH<n!44(vN7Y+@B3H-Sh`A<ZgeF
zLxEu57C63U3bghtAXx{HE+RV@)?fE8_~~QgUl{i2zky+k<k(rg(ExCSK8-n&M7|2*
z{UtHAsT@s<rv=1Pfe>JC!0XJY3><QW6i9-BmcYLNV88jFz$nH=qW^?_2jSWN4_X8u
zLM`g=R`%_U2a}Bef&IRq#fT%VucEJnq@pv!3-}9zA_2po*qGM1|J8QyjRt=?pBDs{
z0^)3euy`XW?~#Auq_n|^O<ckMDG*a#F%F0zvjvg|00Gj8QExaWz$*Y`5CFqUBT3_?
z4cLgX{X(F@qi8b&>uCshRU5^>R2mOPQ!`EZ{{ezYfN0_uJof?B3HHCfAP$0^+WJub
zPmz}|Xl`+BNp$IA&jK4;blp(>Pb~9cGm;PZ9w$-kXq`}t&e#4YZFk?IoiR59e(rtu
z{So!M3A>|d0ZF<{I|a?k<^-uhQnN#UWAOg;K9O3cqPNKc;S-)d`ZRGvQBuEru2WJ)
zhI*)Qq{%X~LF&4b?w;RAPTs)LCTB`YN-tH3zObat%vcal4=(b5qFMme@PBcw|Ig*L
zC7M`w$EVcPu$<`x6(GG77~^db6lED(up|s9ht0E%?HIT2*<JqCjSSc`36dxsS~;<e
z;vG1MhPOl*$>`So6$zYJ8f<4Ni1$g*Ygy7|gi^FBu$kn}IHRs64BTcyHW{pR+h8DO
zwBi3dfDo()6^+mo#6eN8vy%LhbSfT};p_+R4GAw)u<&ubA!3?jbHE7QpMd&{UTuCU
zgB6_czT#KO3;e}jQ%~#NT|7o`V|B7aUeTh;B<-|>S*3Eik}8VKJsAU%%M(VadK_zc
z%yW)!gbE)!roJU%e+rI)?V#dKQv7S4{gwYiu<Q$2zzED1Dag>-DTs%ya(o`~l`Hxi
z?s}CLyuyMt+iH)T-WsVDM(`a6A9h0?r!enW4DvxoI%pl`-e)XaJ|w#v7f{wj$6kcI
z59CxqkGJQG+;m45-Xr9f5Dspd32U)rPghoTj^e$4fcVZ%bZhl}hqC`{TPK__O>R^c
z1ePW?F_2*+qRQ0$3^wQAhv1ZSZaC<?=dYUtVlZE9Mg7w!tM|Zfp<{pyH&AZ9(Be&5
zGi8ZcSMTZ`x2nB<Hq-1>@c5ATtf;Dr{Tj^PG;PSk@J6;LxlS=o!DHlckTJr9Uaw%T
zVA92n(Z1talhhhfvF<r;;cOBLMSR)FtCDm`mgjaP7+nHFo+-#A<6?m-@=c-FhRKm&
zWA*y~YOF>a6X{O^z|)<^#;d0F0htTmf&rDgZBOH#0qV26V$@#{{I+ybs>TIJT6u~Z
z?zwnE<y*|J$*fY;Ph(Uw%JxY&C<JdmKRhUZSR;h;epCOM_U$5(;@ZQkPV~3UA9JsI
zZ>&_o&f9`==$~WBKk~`^-;OhB;f+A1yHkEOiocdKWSlNR0XG3dKd(w)!XYaq&2$JN
zqr{g?4#$UmW6xb6=cJz8>24$tUG*;%&AIZQe?U2fa))hgFO1@gP3{+VtxG&(;3|GU
zzxAmbzkK&_iM3$0Sf?2x%=i4ZU|?<VIu%b)sb^+%?)Dej&#E7#cTuwyw`gYS>!QDy
zSlnKZc-)e9d*0DCS#iUWp!fU3@zuNGYI!|BZM=5NdnV(a@F2$2LSy5*B%P*Z1>~5X
zazBc5Esv90KwLle$<1O;EJO&+1Vzs%3Rs54&GJ2Qa@V9s58_{qY^=Pqb2}unOL4}J
z3kd63Z?AA2IEg^T!Y<7EvF>#&^+?H}=`}_pd~%>9xtc5@?-<b{k!5LzMRA+$IdBVE
zgw5mK=KW~rnTcHGs`fa$Jyupe7@!sO?e%`0r>x@f0Bi$;VSFau*W*_PS1G^vx@uUv
z*pgL;ujM=%PW+ntZpqhJFs_F@wgq-LFKAorbPyazyKv=O_^yixvpZrHq8>GzT#gZ&
z1fbaYujc{2NKzM?!fS~K0xP==dR|C>P^c3L7oOzxSrcrRw^#A99nUD%>#V#|P=9<`
z-h(Tm8~?t?GyAkr6Trn)&z;qw88E;4(YKw($oioZux3wve#b0;adAg2BctMDuGU|!
zoJTuXr{y5@)tdB#R?_5zrGcg<Gv6Xan&QU}*DXpFK6fxyuu-PJ9j(A-EY76#BV%gt
zUd5m7*V&IvjA!AxJXL4+7~I!8@F#2A1pd!{M<UTJIeIrat&69(`dOSP@Zfz!{coMr
z5gLMo?#jH>M~=H!-}HEol$+kSdPpH+zS1MUMjuK4ZDPf3^(Y}OB;SDI$UxJb5smHp
zk(WDwokF*qwh6aO%umMXwE-53FpH<%5S3NYAT5{~Wk^>(iIx1L9ykR{#E#G6G5D3$
z>_NNhe5GAhi{>Il%;JQ@nytWLfmZRH2W~2N`_a&$>Kq>J1PKr2$!Q?kDI>G|q<k<>
zRt7?e9<0$%3HOEN>Zbx&I7j^o-X+p8)D6AQ6kh)6kTl!)*=deO3?fQNRl3Td_VI^R
z&h8|U8&4R*Eo7DL6H{^|4}s+bmEHZohw`kBju|^B;YU;7N$=GO$Y^<1wc)P&^va4H
zAj2oIyVBRo7_GaWAR3#N8WfUyHXP(lARmIsr{kcbVaaJK84owt0O0)_>}VAG)tv?$
zYS%+0jqarxpb}gA2pW8h{QbutE)Nu=3;J8uHyiZPW}mdxug5%;g-!TqO`k59m{8%}
zHyR|X@UV$5p&1ULC-LXtDKV~G%&v}QY*M$;7PsffGK_FWfoFYFexvmzq)r~k=}|}V
zoV+V$PG#0~;dR&_=@GS?#7b}Z!>GTJrE)AA;rF<lb<#A3E}2W9dK-}*dT@LP<0E3|
z28oPcjDf5hQ91D>{1O3dNud873q=(T%vaafs~Gz@AwxDpf(6#rS?|cGaHR*|+Z-C7
zsKZ~?w*Hh!Kym89Z~bMzz!ww}p;DKSa|M~nD=kSz*xup;WKd*)VT5<@=u6@lj4cVQ
z-x5?*K_pKDXH0UEzhQxSwKO>>ql(6mRQSjepy8MOQHzXAa0O-b)p$c5q{$gl4Q8>#
zckXdLv=GGnCgtfrJ<k^WfKJW#rGuiS{vxGEH;}<JX9EuFUk>=EyyQ=Pz7}E9s_SZ2
z=WR5*T*O_>S5GQCfiN_8dpW1JC+|wxwX{vq$Zu}KP{Pa2%jqO!0FxJxz@zKswI9B>
zMg9488p&#*dK^@{i;TUiIDeJ^fvPcnbA=Ablh1hQor&y8ymhzzrk9pUKqE*aWY5*D
z%HFB?13A-K2oWmhF`#1B*ISbhQ~1NH)eU+EHbgk`rC!Qy1{a1UW}?1><TD)3xG$Uq
zq)Ji#dL`tW51k==HlGWOPJMwV{?$KlL+{>l2#yGwD~ti((9Ijsu1>slc@z;+loJ{b
zA_yxn%-EJ_xRjQZlNz`wA=k4hG!bVTmOA$a)zm*<s-J&k60@5|^o47bR&L;wY}#;j
z^>wox!GuOP?^o5TgNhY3ja6wq+p6BEB4N|}_?oC^;tWE-_R-pKhZ0%oIyBvIOJC7W
zqTk-|tUI5{+YVfT?C!O{fO-PJ6-1X5)gPL(AQb??g~uV|TL5N9?+WVJ<y0&Gz8dPf
znW_B-Y(6)MhFJ6e31t|v*!Lw&Naqz{o~*W~Kh^xI$bQ(ap|oH{H2ghFwITHQklayv
zx(RL=HNAvo54k@FYjgcCo@8kTh$nGtM?N^sEUoQh;f+`NAe=r%zzuN0v_wr7OcPLc
zSj`ud3&Coywd}g%bAEfyWm;juUvPEoZS-KzA{Jk4#wo?nm04I1*O-zPH)-fWeU10$
zJY@4X-=fb}@xB$mw6oMbqI`)4^bmCVpq3jXoz_HzJUgrv;S*%YkfBS2X$z*Ra~Yj1
z`9_&;lS(r~bnCWO);-e`4-Bo_PRqe5lx3>~O%H+4WkPmM6V9#7N+KoSS+)F{#C6NA
zNdO?dorHzA08MggZEcn}+L*@jr<ATxAGs;dWUxN8K53A0c&~AjGz-qX)%O$1sxDib
zr;O_g2p;^A^@Guc8%^6b-K<MimeqDHM4n$KJzNF&8ne6K3Zl(5rmrNv;u2z;S7jU)
zU#yoOD%7=Z`26O(B-eD_Vm@(1m}Y8Uq1zS?W0%ud!wxUO%TkE-IR89lSA@kyK>2lN
z3&F!F=auKFJO#ni9ix2QTcUR=5|*3{x;zsl1A64v!M`ndq9-QD1KoO?^Nm)};e5Bf
zJWR-26hLe#XaAOP$|$)FL<7(vG8_5j2#1&Ud%;t<)|&CEFBXF&O?YR!w+&MjRDN#-
zlnES1xB6)_b9Vh$VpwDBBU~&dg5-c+d<49J33g+ojRIMZjW`iIIN7R?pqc)GI7kmB
zuVMXkX6B-WfgS!3Uc>N<obVts{<@H^Fzow+YoC2=ed(x^)T>`Jfk%Kr-k*;KS@6Z%
zQkkDBoL@ChYJO&@_PcJI-}9{rGAfVItocFi!~HqROpy8KDHQ8$*d1A+FCs_u7J@`D
zBl&wj5UQga8DB0}P+j2BU%IYf><t(!KN*mj98H{QC<y_<Xdo*1S^iva2jdm-wN58*
zBA()a=|KF%ET%OT#lC6sM<AN-puN0ZGrEU+JK0s2cp5j{IAiL)MAa|*(hU|N_f69T
z-mPXxxKM8IcdTDKqXnYU@umYD=Z^-28W_kJ_r@4ha^-LObwVDbC;yt33X|bOcnCi~
z@Q53eI4#kA#1v05K~{QYm|{o-qYwGEvx!ZL%oGfXR}vrNae~^e0P4Gpv9d7bfw+`V
zJYnkK3yuT8{F89p>GVBsa7>D_&Wzs=9w+0zPZMQiMF=)RShw-<M9n$Fnm06q+nFU5
zS9JTaBGaPFE|%!;!<q8@D?$?pro82DWHqq2{JzM40Or*0H#vb4``}O`;QY^B5g5f!
zz+-+i7FCd@`+?-q+6aI{chpo5GZMQn0u@QOyG&ar#?1Pp_oQ(cW9gAge#tjXUleq1
z{eIq{^RtGE0}qY5DL1QqM0V+Y6ewNtcX)AEtP_h?PUIhf9d@8;*6&WG$mv1Z`hdyO
zLU5Xq-2)7-aF2cU5Ebs#%97crDw>L7w35CkUushtJEl(ASR*X-B9OKQzg<c*X}>qV
zdit(&)pDdL7N(jaWZA@Dy(`rHd$_d&{zQ{>hprYP4%O^SWrQe`_@xISF3(RtQK^nI
zy6evyym3i{0;$ThfgJ-n2ACDNJdEZv@JvKw{pe@X!h~}tf;3{re$Lo)fU2;hoV-#u
z33fI?fpIN0t^ObkpCx4s$0;O@-|6>j(KA3*)1uolY22FZHdq6yoRWFBjU$&_bRv_F
z8V*ShJxLpKnLDOy^mGAmHkF1N?cnye477Si(*i|>%3l>9Tymg$`2Tp1kKLhW*&O0n
z<!szq=Uc7d!7KvhBdKT?F;Gp$v(HSM5nYQz_jH)|aPy58J(%w7oIaw+L1K$KR_xGa
zaXX}_)UZg=jkn*#B@fv>wO@LTA~$E~!UJ5ZR~h}gTD?-NjZK+M&Y$I;xe;;L&g`YD
zj5)-R(hk!t67O1m`O3A-JmhHA6B9f9wMBKE`<S9Cr+Ei8>d$dz2eS1~6W7TTMo{_S
zrk$)<@(W3&G?)xaeq3CN+;?Kg^NnM5ZEgjkmgh36IohZ`fLOKNtfbew%%)vDk^K4Q
z*9z8FKvj5Qz4^v>Ne^sn4gvZdnCJR@%^9t<c}4l({hd7DBiYg%(WCE)GSGyh;x4By
z$JW2S)qG7;De~6g!VV&(z>o)9bwwsH)~GLet{&Q$TU)trr>X8(Lf1WNHxnE6HLu{c
zLI7`yj`a3Nx$Cao<*W`R!}M*638#r>%dL<af)K6rDGyV>DUTM#V0;aKBP^FUZ-lC0
zKSIw3s$NJP{F$QYZM*ogAt+c-Y>A8;lo=Z$=<Eoj_^fY>T^I3l7fg5Z?7p|&5!32?
z;`gt2=@*^W9W4)KugC~83r8D&g_8QSHj6scgMg*l6aNWCMo)vfLY2*+M7Msjq{r1z
zUlw(fMW{AiHKG1Y2E-HCi}mk1SIHVs=^kcu>IT*^=ye=F8v=Ze56EK(%ZCV{WuMcF
zm8YB*J0%&?zxKwpaA!&oAe+FETC){nLlQE2*9(B!F^OCo9J%7!cVO;2N7mHNT}-|L
z2VCCetc?tskY6Q{uNJF2#65fZ2s5i%f5ES@o%JE3xagh@e7l7;Y1%(4K;>z<0aOu+
zKa<Ims&vp_e_muE>T{Mzx`L>oSJ&Ak<l0ow6nYz$ipe%sZM?XSKuh~myXFg!d{ORN
zh>S1rhFmvdCn44%!-<tf^3ye4KVY@gte2lvQlqG2SRwI)E3Aq8Rt`_=&#k3~{m(;W
z8$maxM$;eC7Q&4A$~@*#%}i+TI&Y(Th;wiSWEwlIN%cs(N%6w2wM|bOvJ809zkJ-O
z%Lp3O5Rnq|v{@m2NL}`Qom?J{a#+?-j8%-AX>lkUA;HcNKlw-B<eN%jc`CR9!`At?
zdqhCn20}PA>CZ+dEXy|rW;YbqlM_q2PS>b5ON$$lXgabeA2yOhE3B`85OPn`G2!y+
z2JWpZ2_>ok8VygMqo=^xz^=U68rbY02`wn-T&|P;O=1|I&$Kt;SeFab(r@s(`z)IR
zuKpOEWHOp7NE64#Ecw&1E|iyxYhh>Q61&OO*-|uEolQEPuCx1_2#tNAeT->5)j39T
zGhQvuS!q08E7`;?OQ-#0hkLNwaa#H46laG(??l*yTa%GNy4M!^lXSziN#um*wcwJ%
zV#owOL)tlzB*Ru?0!`WBnBw&0s(7|4$G1sNjqhxQZLA<=^akST>4t`5`jO}2VaJ6f
z<G;`}jQ7IzPrqGz#^G>>+4kTKOl_Jqp4*78>Fi306%HJCb-G?sJ8?~9OOJlwp0y9T
zQ+r;ij&e#b#;4GFmeDU()LCt=E3H5Zn>4dqtR-et8jtH&7ha%w?~+&-g*|X@#beFT
zb`k@mz0P(>k`WgkxwQgt+9h)b9(x@3yiZAMY_*~~da6d%>$3Dj=vabZayOf;(7CG9
znS?y41#?ewD#dK}#<$^-feM)%Xg#Yc!dy+x;M@mzGv=M@xD>6sB|^1p$p}qeVS7B`
zpwjmlajNc?vHA=o6D_==u4!)(UDJ#i#$8i8?{h7_oLiB3ZUG$Fxw~8d-&(#u#oiP3
zA&Z<HJP;jn)(g(s$|9%ImIjU!@Gb>MQV-x@$nDO`2<&4Y6l<Drrcz4WR}-@!75+JJ
zl^*j=`D_y={Qgh}o{IJ*iewmkDv@OT0NfKui8~3H_8Bi8i7^Jh<;Tu!1I%U5kQi?&
z*3we>re_sY@$vD|ACi<yMj!Oc8yXtx#~bTR57$J=w1w9003z$B4eQ<u?C?9)Ue?7U
z3jrzf#nH*V9%!-wtNV~+?Ms*TGP?J6=-U*hkLc)?1muiFLVi9w$DDqDv|NzjLkD8B
zR4+mgeR|%f<@fbF%Xlp7O9Q=<fk5rM!NEr`+jTGEzx7H$j(O(nCfDJ#M(gY$Kpk5i
z2kWHyjawKct21m%Ms+vDH!dT4tuGARileVkGsBJr7RvokWfhvuwIFz+cya99qu?~Y
zKJz)~G?hZ90vp((VyNpk=E!#X_$<dHxug3GL9kKq7V{>A)I3XNAriX8+|}kBjh2~R
zy(Fj>>woDARFX__g5)30SXLf(oAnRSq`J9Mvf{o8#m0R*CABBqbkNv6QoOU;t>XxI
zt9SaBEd@E!Po|-kNePEP5;y!qJ4(O|;AanJlW)S-%`V>lGkL#xWn7Q7{!FfnE&s_9
zNx`;NlfU|nvgSBP?+Fz-5%^U^XWi{@AdBR|8&Ds1ZtNRl>?mbJ%2MbMWF<=QLDX5k
zquD*#ZZ|Q{)@U2r+Y%zj@7+CaeMtuf`tvjSVb^aiPsPn?tPM9lD)tW~pd?Se-rx-|
zh8Wikzr2)9Emk|O^n)9HfTtlclYwSz!c+8M#N{)u2Qt~{ZSw`)3JBDBtCi*Dy(het
zKt<XZ&i852O{m~Kxf{DbBwr`Hc0#QeQ=_O8!%*}c&<SzM-EZNjs|_ubJDBd-Hf=5a
z>Jj;IG9#4G^6r{0r(!*>E;V8`pWb1`gyZLOvpig1+Cq`N7z!jaHKXPHT<78j_h=S<
zfl;<Bj~Jfthp#!B(<Gc4qkFYz^GXs@zqu7@-*PLyUoX(V6&1!B7w_}Z-_ou+MyM$*
zK}(UU%COZZM81@eA&rcwr{=Q+Ca5+EHqL1Bsbc~l0?v@Zf6MHvLQI6(vL;l3+Ie`k
zHGo7?v^bahYFe_4gTwm04mO$!YLWG5^-DJ)k@>M`+}cB-Rwv7zq}UbBKA?ZkIrynU
zD-0uZ(~b<K2z4d~XItJ0#o_SFuHhJD2-@Om8l*dhYlJqBB5m-JXN!P-gq%yuVMF&T
z;-p;fb#2GwGN_?pi7+ixAfmze-W$T)7!NyppONC(;t>C{ePl>eR8I%GZ6N4<8GGEU
zwPt*q9U90MN_Kf%UaRq)!n(~q!%ljBN5Sk_?z<v%hARASH>1QdMS2$bL=U4Fo#xCx
znS)8u3p@Ro0;M{5@6LU@d#N}h5kvR>QxhFi1lim`??ox<!ezmt&vI<fO5mX?A(Eu-
z4h3IZpB}|&$u$~_qOp5(Ct<xM(KWuld-ZI>{D`)|*qfG{9YY%U2J)YAfBGN$ZcGMT
z#hs-OOWUDSuGgp4EW7Ax7oi4Qp@jyxZ$w1PyI8F<ST;@3m{L^jJj}Ubn{8pGN}|Z+
zBknueGsjwD@umj{E*7zzaIN+V7p(6`Jb&e11A<~wghY{v15w~l&!YlAe|Wsdtj9Wi
zLQd`c6)DmE>w`?usxseIEQ1hg@v@4MN^_>z914HnndGF|y*6uAN{5jWAk;fmGJWGI
zW^~JvER=-NRfBoImS+igfOnoxBC(k*Fv`29EMG<WC#w%!R!VGfUh9QU)j>f|LS)yN
z8O;4@XQaZ%)Exa4f=|KuZ1yVVjA?@kLF$LjQ69kBm}TFA#kBrR3EW%L`nMe!MFg08
zRGmI*ov1C2@~>Kk(esA)oF#dpeO_-VKIcwM9lkeR(k}Y)X+|6l#=3#Z&&1e7xC@^A
zG=^dyUkT~<q32{M$L1GFeEJ`cB~h|_&V2|O4=SB?gT(xtt{v~zO_icc@zsr%p*PpY
z(<Re2*Sdh8`V4xLmorM6v-VT6VoxUfxala~m+^sDc3p8Cs%9p+0^O-04W~vIEN&^(
z`~A#X(DSKzZ5#2WX}m<p79q4ZD@~DoZ&skmwZX5D=g?O$fNxawf!(~9TMde&lMu{k
ztopj9I#$<5o3(e_FR=Xo<T^&&vrHk9d+iuf0gXz$q-SDa{W9`=l~KJxU$yz--GR&U
zn)`q|bp7!gyq&hlcbBI>7KVdXqc&MR=82Omo}lGL-6hm?BQRoi4(?lJ(DqTuzR9(0
z;iWn&vP&8pZIrpFjFm|AxQ~sG@!d5`WJQtVrdqB&WW6{TiIK$fYf5Y>o=6#`sEZ8S
zG~9Rke||T8IMm1y7Q~qCHik;9Q>L?iI(RhUp&q*zSmQviWM8i&;KXiklCNcSK#V9j
zOlR!nFA5#`4QYZ0Z&Dqn<@jagG~;a9kAvP-B0$`3!B^5?E-#%e>ZLFDajv;)IXnJ7
z`-S1SJ_6(4R=Z*_U)~euN`!X1ob0~4`&u@Z_n6%5<YrHNC<pVFR`YGV3Kc4pIUE|D
zF&tc0&hUAjmMiMlVZ63q5<}D6F4x*=jc8+>hU0DCq>ssu#svZ95~d3fiVoFAgueqB
zaE*H}pKBdk)2$bcpn6iV*k*aNQtXxKFuQi?ATK${9A5YI-O8fxyVSAfZ(QMU%+dGh
z=(d(~!o&FEVxZ?bhQrD&R8a~aB^5?!zQ>}l7Elis5c!z(+Cg<+WU#tHUWpb5QBD3s
zjE(B-eTZTs*R#Xc+#G(f;TFxjarODble?ktNdL%i@HT<SW?z%jQ3Cg4?Gh8ahv;iu
zX2<-s*+f028xfOO9nH+rqo_mwL!J$NrweFjH@RD>K@(?t0J*jAMS|3OElT%}I&O;A
zW4~LIcvg1On-hP}<A)wpTS7lnz!SwT<)B#m1C^R9fd2A3uZr7cr<~1k!NQs4Gw^nL
zK4s^F3YFuUahJ!%q>^PmLmFFD+@7Po2IQ3AtRV?f25}>U6}&Mwmqvvpo1Pna!ClZW
z(NOc;1tD^;#oj|9OcJN@JXKlSBWoz-?Fn#g(Po@hO3^3JanWF<-X<J4XRC(iv#va)
z7ux8ixxiiQ3~cd|`zTSbUVZVo)Su;3gtJVINlkF($^IP&yz4n;*NLDGz)%n1qHSrN
zH9C?|kvL4@J&>AR@K=Ee<+-Y;vc#@(#6PKXiFF$NZL#3>x)|4LUK4fN<JElW5P;#s
z`q|?Z!6}X2)fOP)6+8h#eAKmjssjL~l(kMPunquq?KkK2CrRfb?>?mL@k#$Yv!c|t
zaof`8ar^6L=kQtM<T$0yeqx<IQm@oaU)*p3RWcREg$n{>LHTUQjnMASoSa_azR5xi
zLdP_QQ&N3H@x#tjnubBsyl1Y$d;)xKN$5ZnPvQ3`iR}=L){E#}zO`fAeMg08K$wol
zRejA_Ia}EGbzK#)2nOKYSrEVrw3OdE9o29DN_hU`=cTHB<YH~9rdB?5^_;%XoU+Bt
z?vKZ4ZvH4F^;=4dq7+bl$tuS^ag0}3Y;J3PlVjUNBh2pF?b3?AcBE%{x|L)eu(q`J
zs;1g$d)ES>c);hpH0|x!$lAkP!ny2zO*VtK@Qcgr5yo}st-tzfE=?BzoB#M9*s$B>
zHTxb_9tk|DMZEd_B)w<p@($ymi{a|xy4$ugW{0!lHA8>Xy2OcUWwUOMBi=iIi+M%e
zZl~)!y`dvcjvu#>-Vl%yCDpn&Um(1v5lOc>l4)AF>?Wgx#g3cVu)>nu2AW*0J?Y+-
zrt+yA01i9=@^{X*&k<|5GZaf9zX(wYtvA|<XYS*|{82e-8UcX1+QtQ}pjTaqmXj%Q
z)j3bl4DSGs#Q?6?BX&Wygs5CwmDj<{r3^L7H|EwmZLfusSckWo8Q$@=xYjy7@lW+G
z^A2WQ&DI7n)GdY~H_J5HY!<KKS|%~1aPPTz8f?irAmL2tm@XSFwLE&9_J-~)4jgw~
zw^+68ELVPhjFnGp)GFfL_HfO1YTMKvI_<p$(7wiI%bjoOYMU{+@W?!_jnp}O9)8?v
z+P+zG9e-MO2hz{TT$|cip1L1<<JVn{BX9julKd1l(KXY(mDvTLjsB2<JEfUfy?Hcr
z-qp-|@76PxzIGy3Gvodo-w!}6A2c{xUqd@rr6I&HuQ@H6*&Oq@2K<@=1X;SP3zbsT
ze84!pmdJO1?9utHWuQst5$@|YfGtuUy}9!ibO~D^)V!3P@p`0jTT&wJ8<%Nm6YlHW
zo&<ZiNC5T+IZMJgb<gD*>HEjnrkNcFw}$COBW*{ExI^-SW}Dk9*g3-z)8;Dlk=(I^
z)PO2po~u2JbJ3YSf5$Fs=qVd^-c**V9$1%mgZ2$v2Q#}hpAKUl@_8dh_!vU8OUj>H
zjZg=6&&Y5vQ|(K$->UAnrbso+)3fVXuCpuU#=kpku5tXGXxn%_5k8%;kKbb(_-5e|
zvPh*R4q$#1Ccor-#Hq~aMx2H=x+P<tWGJrthChuL^6)e_q|ow$a%}71IA1jWHnZL@
zbg-{u&*4^g8%{-z_qOh9T%{Zale3ZJbWLewJ!iz#Fhl>(nlm!}<`AUm_-@z;g~I9I
z&+MMA^*wXDRPjw*B!$x@?^Kk-r}pQw^_n?tmy8B&Z~@1L73bNAi8a-@BT`bmhmEf)
zrjb-;h;iAY0gLfh=RvQos!%J-(iZhxm$6WiqT<t&Yw}0LTAJk!wt+l`&g!o%X_C9%
zuo$){En6B=14X)5POe{c)(!qv@*Sk>Z5XDnv>Z?~6G-s?{5VgNSfho>Mb~V&J@}xQ
z=-yONEH}Ndh4qPo5OAjMGY@A@BT;yJU(8)P4~Ww=QuK08zH3$-IM+ljKh$$f-K<mX
z+0kvP&uHt+{pzvwo$+kkqy$OF)4=x%P5U?{?A)kwgu-HA$#1HnM%!c6&aSWfG8@3|
zQL0sF&TUKOiffvxMeR4Y+XdjOn15hn?U8i#ziqB#k=k|{eAo-1s|`83&sm(l(;TsW
zzh`t@ClprgERT!T!$e8cmHsUibct!;+fj0TbM+5szwK;cRn_^=?%_Q~2#<0`PeQ4n
zRN~A&&h$kE!E+gm1SGdNIF7!mcpN$E-R1E&?;@cw<S&tUE$X-lP-%kwu#MMI6W7BU
zH@;wA(ymdg@OvNxIX+Ptm3F!FlNHL*08?}$@}q?#0?L(o&euIkB8BFGb>Dhl^J@m8
zDK1H!gWU1*&HS@0%+~EYxJ|#@+JR)T+|9E6ZW(uhnT-SfT9OpPH=_u~=Xq?B%;by+
zMAE5VS2q*gQ|zC{Ox~R|`7_7KKAk*FM5;aX?EVODy*?gqHI?qBhS*~2tQ|B6V4r_>
zZmo!bA0Tb>P$M_~*_Y+@;<?xOv%KE=Q@elgf`CFGmE}(iueJ^p)E*ytC!!A7N9(zk
zQRTQ_GRC8ggdh+K^+h?I#LP9`bKdRFE^2)uR}s=={B3xVYRq<+vMbtPPt&65i6fFo
z>`1mzO)ti;dj?ue)Z>IT;^!2MhYH=oQjkbD_*GGuH^w6Tt`8>bI0?uhawO8{DGK#T
zy~@>Q@+xKfW;^}o+{%iOR|^$3%*x#`RWC||Cxp%7kl)1sd4~w7dEcTCF;b`~ixMv>
z#y{4gb=hN0un~J9>NFT<^+k!53>wzmT(Ol_OrLC|YY6R<e#poFc>H|4!g<?Qo*ZNZ
zqmYW4=reNlpkQ0MlJXsEnk02#G@n6d+YwF{z{pvf+oKL?*v=Vxn9EncU8*lU@^yi^
z9Tm6USEJboE<Q4Td)#xFx$(=d?=jiF7tCDL@QpP=y2k@2{(KQVwwnVB@^CAVP}Gp-
z1XJDlaAXLOFnj2u1fKJC4R913T~OyXyEpXCACBun%bs0oU-wtfgo?6TvOl=TUaEj6
zo%46n1pj8z{2Ne_*Eaa)TW7kci334%e2H@xP?1!!hewMRjp9p+oGdrti}j}w4=#pZ
z=h>HOJgor&XT?2^eKkiYyo$uINU2`}E?Ow{uwDl>*LKv^N2`XN%YMK5A*zj5^pPBJ
zJo_Qnyz;yeE85&P%RdE5_L!>PeN|NHbFru&J|TOff3+8XR6ml>^~laZqe0_ggLi$4
zz}XOr<3^^|<NP9Dn#NJ{Go<rQd25sgV3r)0<2)~;-{%hYMUzU;$j06fP&!ca>r%K_
zYy=CHWFHytYLYw;jn3LbwE8?XZqv@5*lMelYIrVYD)!X?v6f~7oJV3&bm=kms#gpB
ziwuL*bD)eZNWce57O&tU5NNza;UbXcU#7ds(7i?3m4KJ|Hk?-2@qF5O@4BCEdv;EE
zp#Jd3`D$8d*V8Jjj<0a;04h=;Yp)6bP2ng~((>4JQ8c6Y>c^|M9!BG|^e!vW!6-cS
z@`4FW*L+OZ8Wn)&UYJ8df*6c2OI2i4`dFuJqAhes%TTRw;cwSk4jgKHgCoPgs;cQU
z2}UZ*yD?IrBJKGoQ^gu!N2(X=9fyaZWM;1n--d5(=E4)k=6)?8>lZL8={pDPZV_7c
zHwGR{V7!D2^$GH?!oa<a2C|lKJ=~y_iXX!J7ijBH<FlVa!e)`{j=uxlqger4g{XoX
zXNF=3cnfI&nXi4sRW-Hfn0F_2ojqpTe7~8fbt@>@x>k@wD^W5BOB(N@R<m)(b6%#l
zG03{d_30?$o^Xk(vGv~Exzn0lRyqAoWAnUYDc%4dx!!h444PxM_#oLM`A9$XG)nlO
zlCq59!y5B=<#vp$)n;q6&E6v4fZp|EeUVx-5p(NvvYXu_md(*Y<yiyvh>41c{CRtb
zT;t}Lk;Z-Yb@&FM8cCeyv*qm(swXWpk9oQ+9m<Nm$`e#%uWOI1fzk?@flcIqeJ_uv
zbL+tYfDUlv>dPGQz2(d78`89)%=x;s^4XsdP-8GvJ*jN;^R&i(FG}~~Zva^pmOtjd
z*(zQYUZhNP4A&NspQTnwojwg`2rHvyOe$HOb|pPljwC&vyPVWr6}#UK*j%;MWaoBl
ztt?p_7f!Di_bf-#_=L%`!I!rC#t+Q$=+WzK(-SLvI&og9x<ItzVZGGUv}p`&OeubH
z+F7K#Z66K^q$ZL`WL{;fANDOQ={=T7RVU!0SvZ&>ym+<F38M}&T3h>(Fa)Ae7*I-J
z+7Z12_2SbYyeAP~oICw%A|w&(ym1Q9<UW8EECNHmr0zY3ThX{Lv%ur`J$09f>#o4g
zoDc7#ha}vc;8)Gkl-vzkm%#+FR(nqR$1U!l?8$1a)6KKPR~6>Fa9y>UM=|jGMf%AN
z4r(dtO@FLs@tPK(G1cd*E`J9<xk<Clm1JPmz!k1O+>qV+r%>Qseb&Qo<fivo_^!S_
zT)SF_XL%gabX>DXcFkg2O@D~hblg#MpBiHTD9twcc_H^cW;ygQMT~4(S$B80g*cv@
zOL}JW8R}k7j~wL5;t*Ld1KXHh8He$iFEUA`u7Ya?5npf+QfB#g%Hzb?y5AE2JyD}6
zrNP>TX=}pVTAHsF+&iJgw?pS*w!~2S*wflOvmvp&<6JP#VtMyTde>Bwp7*@$rBc)0
z<FZ#6=ADxZtR)x(;6x0=qt2%+FwBrkiPY9}FFq724Y3)a6&`o#aGtSioXr`f_H`IV
z+1TIoMAnwv8s5*}t#R3Go<MKKmvJgz&+W2Y&rz{2GZ0GhGGIL4CLQ2hq%cgn8jE;b
zJb0N^y$dUfoo-GbV7vZaP-4elBKcZ$WSs1%zj@%`ckshUhTDe#x|)jW3vJU><RjN_
zuaA~wt~Y0q<k&ara|vT6l+@k(6|o82<p=;(UpZ$~usLVR;A!Y{AXx1rB$4eH?D4h=
zSP^l0%odEcRygj>_<u6+(P>l=r9J|Tm~O`uZcnwB6}0!>S*G_NwvQlifcC}qL2@cE
z|HKA)+nHd_G0+9P5KtyycZ0|KHhfJwTMA@=f=I>~6>Rho2;!eGy>D-CyF8SNRY?lf
zyWSjo!N%hd#sL7gKD~QWz}u@`^(Wxe+Vej$oWoA^UsQMJmj1vVm^VYI%9+;o`?0IX
z_-(p~N=aj}3qNA<$@Z*0FnJBnQ2eUe63sQa-91Nc7LS_1@ZcNZd;*B;lZ(GyCmd>M
zCDPiPC&itoR%;eFj5!Z_gXvdHm?~0O#>#V=@8)9k6%$jut-*f0#i6*$(XRKd=IqWL
zw;&}cIVHSLN&--!I$cvcfW^gLcNJn$qEMT6&vwTFD;K^0QK)`TY4~kB??<7J+q~}y
z=O}nWsWD))3b4bfKpS!*R16OaVF&ibu}JbUMS$``1bt!tMB!>{>s}fDUji|_XfK`^
zohnVDcfL;W!^d6ZS56F;v0VB{B79bu;W@&>`aM@Zq0BB1!*=~2^*_Y%njU#hZq_|V
zXhE9HCs9@ZNupBVxfaU;Ivo3H*DIwD?|xs{fOfn^{nii%g1#syAF9yrQ3Z*5Gl~St
z^|&l}tlx(3jeWobWj<5j%!d^-NG!drsOkGry4|chC)+-{rF-+)=GDli<FQucLjV`Q
z{>~p!Y~Wqw<Wfj77?q^016Zn2#|xg~F2@T*sUr`P^vQh#?_3Xik=}EVIQqB9@k9-}
zgfhT<0Vf_zc!_BIL_a_orqFLFiND*m8N6K~GXF7WjK}=#a$mP`cW#e;u?dK%gfF@$
zJdH8)M(nfPja@&2l3B^P+c>*XnXBRb7!ZQs1QNB4?L`4JP#v&0boyfVl86G`Iuh8e
z!=wG9XBcj3+v#co9%ZxcA=`V9aUt_O(%Nhrws;=mPUQC9mFXjVO2PBwY5G-V@2Lsg
zoshdVODQzYuME43(Lr&xaJsz?Axj0c=Hq5v^WX^vP=g{(-Z{c|VMr<we{+y2#G`{s
zgq#y)vj!NXN+yT%xU(?|y|cb&@jk+>?XCx@>4#mcjR6g<h*Dmw)I~tEXq~Y}gM+Ix
zYbA!>*?<~h-)t#gM1CJ%z}#h!me$Tgh1=$GX}`PLQJlp7+`R!q%M1fZ@SPF=E0{M3
z7@+81b~+mhUJJ~>A&&ST*W&9-*M*<R5R`3paceXP6Gefxdz`2sW(fER0U*VF`59Cd
z4<$>=hC}?a%2_g?bl-$UR|0JEEa2&X-4<|#d2@pF;;fS#VNyPW1VDhFPy7v%>b1h1
z;LGnsfHefM={kB~TNc=615`kJhEXc+2(32@WIYDx5ke#&oxb@1nq&Ct2lE`Sw}ByF
zK|)Qy^%qWvGRBMEA)rD)c3(1fI|{sxy$LjtZG3Mdu!8u(don=wpZ25)xC5n&3DWT3
zM7Apo6BVeL7cZzk2A-lXsDh%`uM<h6A`;TgL<1Qc4miwyC7JdGuU96>F__x%RtZBu
zmVzeYEWCmZ7Vrl2e7uZ*be%ZhVE!AdvU9s#0&j89N~)8isjz^jNDO-VD{T64LnM)i
zS!0mU@UNisHG3?86{H=a(L9jSaFS6E(fHeFKoeO;bAkg2fCTSTf6D(giT^c;|22u1
zTJnFr#Q)Gs6pQx;!sv~I9bzXXzh)>}TnQQi+RDu<NL^;IiyELD?Qar?G{JUc5dgWP
zA~SDA@{Jg}KL=n>tn2}Kc6OG?`~k`UGPJb<1^|u##?AaR=S;9!)5o5MAg^Ec1x7VK
zTnPbk0$j>!cOitwDGiorf53jbax<_ZY19WA2#sP|jB`BH_%C;rkBp#nbQ9Cq;EU!_
zH4_1NNHiK=O-<w1Z_dRkA$qhDuIWt$KtU)0EHSHD^)~~^o0~xaXIM`6D-=8=kvs@z
z&UCI&liV*}>kRK2BZOYU3__M5NTBRDO+i}d7oVDD{W8ODBPmqy%4CUoH6@ii_I-~e
zYdeiAdh9X-J#U;2v@%pnrF4q^FVRBUpPvT927iJS)VYT676(p{xja#21L@t$jaoX_
zPZQ7r>dS)Vk!#t|f`UYwR9Xz;oFy+e=qX<Ov9P@ZD$Dmp%~Mc#p2f@1!C~N7qyYXu
zd%hE39|;)f*I%ZGoojRp9;Opa?*IXM3cvOo498P!NP;(5KM3!P4K#sqw!swvwD7&Z
zUPh@HtO6=5A)r(t&ngsualj-nw4Khl$+>_6IzLeXcro)_Lma@52d&kA`{4fuOG%V%
z*Hc0JHzfY;Q~Zrhe}gqq0R(JTo=p`<PyhH0paNy7`5~#Yxnd2#Q4eG^|NTP-C{HLR
z6CZ2}|2(vCSx6)is-<$;SO0Ywf76%0BMo?wSAci;cZ~n_kADa09gQT-|7|zaK;@q$
zfyc)$50odfX$;mMNLl~=BTL>3O7@#0?ZB6Rl=OF`89;fzsD-)y<7#F@y$zRb&{M(u
zPmAzI0Vq$NbN)ZBCe^z%ujq07fr|gQ2zfwx8U16g|I=!U<O5Y4eWV-<?#BH0`GZVH
q5Ge1hLg@dR)c=~)|9>WR<9RnwdKxvCF$@9x5fzdYEcv4S<NpFTFJ4&y

literal 182078
zcmeFZXH-*b*EVW*3nFgmP1sVUiqfk}69EC~y-6p8-XWqQ(iNmAO^{xVK<GhAK#<-c
z6e08$LJJU*oTd1@-?NYW`Sy5!oN>l>3{6b3*2+EaIj?!mYtEH0jYmpkB=jVwPMsoC
zejxuCcz~Tcb#~#83&1PS&T!eEIz>`sFDIv=EGNgJ;Rd#`cd|Zp>Ook1!bNS0G5R)i
zXBLei%bCab!OuL-JSfdjxu|*R68l@)Gxrp<wW;-76#o44w6y~DJxb&F8;<vQ_4Uv3
zj*5QG%q)sHuc<k9`ufbe|6;xOly|o%)*D`pm7Sh==ikkI>Y;!U%YzW>Qx8zKB+u)O
z>E3AeT|Q#@a^^D2SqAggg(rU)KYMm`iryVHjcPVIr4~~enOi}?6Ch*;&H)!Lp5ppr
zUd;IdC)vD~9n9rilj^D0_R_^e@1EIDg?+BO3c5P~-u_X_Jj^~id4A)act)c$SHx)+
zjZr6y8>i+p%e%kMvSmt8l62$*@W;e#U3<$UuI$9$A<iZ6P{l~N%ad!h4IlStc3KF<
z_TI@W^M&oSHOC(tb(imP`>zwLnTV48j}_c|dgbF{*><idD&6$xS$V8`@Gyy)=Bikm
z)JEqK-J@&1p<RNU&3t~*)lS~i;?&tMsyhXZ#2OM3+euQbW(v&1WMqZEsAn?w#JU8$
zRQk%uxhZAfo{~yQFW6>KxA|1O`@tnlYC4J|pH!hSHjUy%TCBI~w<L5_a~ed~=5Zc2
zfc#BtP!(q5daQ)3>TR>v%iMjGSr@vn=_~B{wogJH4BKSNjxutV1wLEwe8z@5+w@f2
z{0zDId8go;r`};4Z|5d^8nNs1%&~J=-!|?YxYlEi5$A}YUC6N!Ii;FjKc<e0mT}Kv
zIov%k?9e*pw0`>Obk~SwU!Z;T>8B1tW_OD2$54?!jp%25bITF-@*Uj#^rZ)9eLtKV
zd`jJWvDGeg_{(*%k0yst?_MRz{6g~Ov@#3XAB_&L&x!;GX#C;zO!@<(cCg%sD~xA3
z@A8P9<$uca{le0D?=NyJ7n;9Q(Vk`g!glVS&nuEX7WM~B{lSqe?yoM1-@pEvnewv2
zJ*dWwmQZ<(E9K|8Uxa74EwN~m<1eSa<i9)eL1sxt=#Qwo;EbMIXSB?H^{IwKXqr_=
z&+moE&CI*pNV#I$?7MlT>T=1;m?pl>^ZOS9E>bs_es?{`^5jLd9ZTyU6s~e--q^97
z{__UI>oZxD`HJ*!ys}8ELteenoTIo9nqfgpYZWQo%0TgQ#=KvU;TBSGK1o8Abm7_p
zwawK#FArX3Tk3pL)R*KXWe8JiDQR7>Qh`>C+N@cxF|FO&J9{PcBWlM*L=0?9$xl~#
zrIM+VdE~|Fm))6{E+`)<(@WqN-d`@xj_s=k$OJJHxCl~kX4y#M0~U(GOAF`J?+XR1
zkE(L9Gyavrx<iph!4Y;_o+*<_@by>r5_al89bc`tB)3@1vMDEIDY>zP#KtNoKd{bH
z?6>Y`?U%g$u1FciF2KJ1wR-OMmg|<z7Rv#JLbT-r*N-h4@^6{mHov{n5!fNg9bcg0
znWLz6CtosecQ9g*b1>$y&`pY)36y#cAGJfYBeWX^9qlvAqst?9NS2+JA1}xCi)JfX
zzq(y>+xfQBJF?qUw{xv8JZZJI|7`O)__O_Iq;<?!)40IDLK6q#w_l?==G&QKYq><_
z<?IZFMCn6eA-Zz4stgHj?W^r&b8+*e^D*t%uQ4~j-qh!Q!BeD}ry*9zlEdm@A`y}H
zP#`n?!*n*p^h3=T>w8DfK&13EI|4}>#(7Icw59qVMzegBFlE=|+U0I4*e5<N?6<Ox
z{G74%cz&qk;#&cp82-0rb`7t~KAF#ig^+8TQ_01f$9r;zYS-wr>I`YuYo9N`X$urY
z7xWFK48;yT9PG}I${QGD8uDFXUs)V7yG=>UAE~WKhq`8^DyPtFB$wr?@lna@v6lKB
zRrfNRxCJY|SZXbvdxi3aT8^qlCP*_$rP_PA;47M;`EglgdbujL_x038?|T<I7jBSB
zD@Z4p!c3n}u?7~v<AQ2}DhQynDW?Zm5atc{O8;`Qvrc-VZ{aiWhsbA<S-N%66{8m>
zPikK^<oWeI6-108#J*KE`t-hVp0)ivmNhiDYq^f-i}2>#Fg)rS><}6%Z{5jwm+~%V
z%%;q%ta9Py0^>HxHj-MKR6Qb!8bl4|jp9Y|k?T*DWf~k9fhtzY4;?^OeC5vN*P(r|
zu!{V0I`fV@&y$ev^gvKp35)^MGaB@{4EC*D(gK@X4-E{*|B0hf*-2;-$Tzq>_hI>q
zm)H`E*AuZ;3BnSWSHFv;q>iMt=djy?#E68fx1fu%m-x!o_|Txv()gOhjLjl!s<@fS
z73(J8g2uew{$ra9>oc3b{BCLNyZD0jd_{L*GsEioYW+9=r`a8|pH>X4WJF|E1Njdg
z2gn6{3rs(xJG_J+$6G*{iIaqwGahI5PZtNXyr!y>+;n|ys^QlwpyI0XJVBQ?klKkl
zg<^v0KB)nn8{3>*o}-=SQu8hRElqvfDi0r3pTK?j7yk0DFT~tj=MKLzXm)7U<-zO%
zJbXMrJNvg|to;+n+Vl}~Z4)LXl>uE_jy!MmvP#5iAN#TU&$sJ4ImxfR85LN&>m}?j
z6-}i_C)(<YTAQz%m2g+7V#Qp+ATT`?jMu^`OxYyZHXbo5yFKJqqo1$Fbohc}>*ESz
zIUk?Vx{|A!t(YZ}{b#@Bz@zQ?{hLQBg@d}q21A^;uFa9QEPE~c_qV-(H;rHBvhr0l
z%8_z#t5G=2M9V)nh&G@yVAcyQm8n+rB7>-54Vx>F!!kX4odkO(8zx&5+i1n^oRr30
z{#A14ry?z&rHQ->K`_dtM9+DWqd(`ZT7$F5q;cH=KH(MLx^IDRwXfW?Z{Wylfp~#V
z=23@+iWUD(Y#rJkX5fUZTsJyh`Q0zW-okz+aXn>y1ab?Pu@;)obV<@LyeQ(zTFd$z
zx~}${y`Blw$<+(f>r9;FV~>n|7K`=Q-Kf@eFfgo0EY~a7GhWaehN=5ccL$nv#C4#x
zt8|5Q3bdUIQ$~9xry*Ys?pnn==vWLbGW*I-NiKPQ$~LU5*}1x*F`Qv5JR@u(D+nnl
z)hXdC!uusb^o?nZz4NDX;DlElZ!#}b-5b2+CbVFO7Q|YCqFSRaCNHUlv^Bc+VG?EA
z2m#m^=&<g%&bX*tk4HKp1Mf)<KO|J}Srsc6&%*Lx@Bx`zN#r^*86tQvzeyK$hsu_!
zn>v*>^_!%qrws1MC-j5W&i&btjPCeUasfrtx<LEo?6hz2#8OjCog4I9_Ue&NXrXP%
zn2BUys&D=7%iX91Ak-Jkii1EK&<*=)d-t;95m;qCSb4fSD3?H5IRQ4Q?y3nyJ^GRg
zueI<-leJuag?2^PSEc(AyPg+aj3akvwqT}`O7Jy4l%H4L1z%_o4l733UYxvGoBmQN
zP^^W{Z`Z#SZT50IO*1`SMh{|2Y&t@``?KfGRN^<&D-GA`-ZOR)<@RDaMh;8W@ykcH
zSpB)tO@^7|{7U5X&3ehBsja|8pWgjAa(iYDP7)dJz#?4B(crH5?Dls1klChL2b?|t
zL|nkF_i2w0zJ1E~q(}esIW@7rPCu;-)ttV1{!}r|so23H(X>l;!#zD$_tm9V(`}pR
zpE}r{y3u=i?Jk`f-uP5jpX)e%h{V~^ru(tPSCQvPw+;A6R&GI=b91Kh&pZWR{9fqd
z;NV6a9Ml^`v0_gzJxJf38<??;G&F^15g+s*W!9^|o6QOs8J_8*yu2F-(AP^Y4-DK-
zouX#{@%OayW46sxr%tEYYwLUHtEoy@fkFHhPr#Pe{5~KT;M1p0N%=?sPeIlm7A!s>
zCuesFAL$!EKOq4;|M9ZG4VIrD@o<#Bp|7UFA_sP}W)bEW;=gr6hJ=NMMau1ojl^Sl
z#b1X5|C7F9=i%WZAt2!G?al9fhac=_D<CK?E-rBEw!rP%e84C8+<l!rEPVK!-C2)M
z@}Kj_Tf1Ai*}HhygPmD^oY%q<?CBwW<HnB*{m-A{?`iF0|9`IJ?EY(6zybw+ydxmU
ze@ozh&J7$Y_2X3u4SOGJCw+N)khQZra1EI|!h*M?ejf1KTmR>h|8=Or|2b4#T<pJ(
z{I7R@9VsR7V+H@UqGNOYd=;>l42hJ$|JYuJq<-*F8Q2a+dwF$j;PK3ly#aP^8~BIo
z_z`%1T45;n01<ua)ZJ6c^7piTPOnXpN9q{7r`-c*{besgAG@Jk7RQmiAy`Bfee+r`
zNh~ju-i#AHs6S-5d?cswG^gB~3Pifk#dEjq&XXjW8VP;9t||T5{#}mn6|pmH<a~~K
zQ`v2Q+MUyt`~2NxQ)KLE`S;Vwv1hNatMN~gndsE%p;NI_`B>+AGZogUS_s^~8(oVX
ztnEKo2w1m8KxSmmocrS{%iX7^PXFIOxutx@Olwp`xu0L|A07Yms_CR$PVTJ#^efzb
z`X!5m%PCpgnTGYBE#k*fA)t+au>AjAFG(9XL0reW<v+LNhfiJ7|2f@1*o-*t51&Af
zt4$*R$u1sWml9Te@gF<FUGvB1DPd~dl@WjbgKvLqwx>-Z*nj@@|4=P>+5}Uc_Y(ZS
zcjNyUUSo9O`ak~qr-GHKG)6`8C-@crc`T41C(izJC%Tn?h6KqGk3{_QeY|Ut?ElZd
z{y7evyB5eSw_4hN9!&rkkpBw?|AN8)N5Meje(>~R@iezZq42xEqt#oZFF2p-?cCkp
z12~oa!>8i1tqkGc-#WK)?be$TevXTO2hQLG5+7#p&0O=}k1*i}PWBCaYLfFmxb;7n
z#g+Rs%wxVYS(oB}UIL!ntv+8DlPC!>RR1lqdkp}@kl<l9JRyI7;6F{VykhBg_3yE4
zm;V%tNpK_i9p!rGfs@r7UFZ$`4T6K+NRl4tb=TPo|LtV|n(SYb{p)4_2Ijw5_P+%G
zcT2)Ns%I0l3<@v(H;4LAbf$U=?2h0oEc5zXYB<hdc8Yf`jPCe#v;US*Sb8~vjVYGh
z5Fm=UZ`b~oR1!(%{2IEbDpdxukpGuS>fdkquPuMN%)fs5Z}j|)EB=c_Cz1Mp@$z51
z{1-3(WgGv^zy5#7+#ZF0d2o5Uo+=$5!GP&0CEPoTkgcH;4I;+O#(*coFUsQWk9Lx$
zBf&vq(R6og5Iw{r2rUt_25wuE#c*2fr5_^pDN4J-6B{s1S>-}F1;v-By{?|wR_3Ga
z{rc$!`Vm4Yk(00)LlnC%<#YAC0wtw7yXA0EdW_kATp4O;40408Ga*Y+)*#Je>Wg7e
zC*KqR<cbx_TNg$y4KamANrfkmKm=s!cjESUh;`HrM1KfvWq8BA9s&>H3URg)@)u#?
zJgF5X(=1$88a=e%I+DJ=8w~7})+3e?9H^v9i~qEQ{BI)6-49oQ{(&cp_=~>_N<SF<
z-P}ua?;j-cIOiVNtH+&DI6V^eO*V`fj{;WiGUAVMjho4=l!Y}wZzKqyqliUM;?|fa
z8|Y*Y=1^kpM^Dyp-?iPZNryBe&BTuSkMuqU&Ihr&ZjTS`FQZ=BSNQEzi7ibNy*ktJ
zmc^__pNN_hRa^d;(g@ulCq1d?wgEVmw7XeYfiQ#m1}c-b4DQ2c7ZiUrhO`+>uvD*;
z(DZEoim&q8C66#2+VIW(rkbpqq?UYrAeV;tDE+zsB{7-ML^=fGKEM0{#ENkDJ|Kq}
z?&QnFw8i8i1o%@Jv~oPkd97UDr9rRMG%(nAY<8(&VhD}qj9df`vqzUd`QaM%iHXF=
zys0?1*>@kWpqq@ncf_>c2e2JY(R$Wa9HQbH{+!-;#~`4KZ|q&+2^W2LT<D~#GK}0f
zp_;k*L+)ay7{B-XCa~ON8Ii9scBQCU=)FQ+1wq|UIow3I)mY93z=?jA_zgaco-W>j
zH*K<o4HrPhdxM4oDuCxAG=7(auGZ&#J1i(K7lkn&MeTosEH^|{3#hw=AvZ&olA&xF
z=1|V=i9?|&pX`TvhULEd9p;@&V;Ye1wCAqqfhf)5Ip_WUj3lU?79Ml^dNuK=ezc~_
zP=(d4q9T`z+vKykCe&}BZokK$pxTK?h$BeCQ)S8^Y>&Y2sPX6=_9xhCNvOMhZuHIF
z-E1c-ml7OIrWmR;<k#AI-6Rv-EINxffk+S6BcE98#_?mpF=deL+CI_BLw#+v9Gu(a
z7)rx_>&=n>$8o07wY@Yk;`af4DeHpt<lQ90#l;`6>+P_-O7=J9?q_uwe0Yu$Hncd$
z^*0W8j8aVOuN`lglvFW=<O;T*5fw;{_Vz|cdaGxboQ(^}hjQ+Kqpcu;EJ2{<36T<0
zks9Tg+3{ZTS;*vPewifsa6(t8RgX6@G>O>3MpY$UL+O|!5KgY>T|c}?XvTb>yE{w;
zjU`1ol;0FL<$KPt$6V(lAi`f{s(Sk!Xx*e<I>-ud7Ebh9J}NqJN-E@fp|444%8`gE
zlA$J#DOq_9Wh=&7Gd<_rh8MFNuF@5H261jQ_|M??ciC63g}+{1MXca+XM2Z53#rfR
zh4*__Z*02e2_4wYVHL9(J}raru9(Jl{k%`b_U(@@zh1?Q=uJEl8ss>^4%I+kY@V7r
z{e;lIa9mn<-DR0$`(vVhOLJ|qTxzPTg3DksP@hSuo1j~?k<7GisIsybLIDNgjp7V@
zMbd2Xjdw7jqVPA`PPb$fO{N)A?BECcyJDZ*yi5}9=041Y9o8#ACpC60Yv+8Tglf9o
z9jGSDbBpn=Ye!hiq1jFq%#i)g&ZlHfSc@Z=oquHSpuOI8uUlg$-mVY!Ii_*F8k|0L
z(~4NU8yO{Cv)y2F;G(iqH~H0F!*<$Fr0swi@5LKb4R5HKOjv!y9QrUW<^lvf=u5-N
znDdG6bfHJ+!p}_Y@r7RX_bB^t9*980r(EYw@TPX^uflKm^(NZ)T<bZ`zXZ2@FG07w
z+|w(MT7N*?5F^&3TW8x1tJm6x()EuPN)a!y9Ijz7X#I68$TOwdk83K)DA2Ril`{(h
z^2ziCr__p4s@xIg^UZ`e!FDF}#H@B3-Cduc`e9V@(V+fGu|d&0BEtGkwTEBl#cI3=
zqpwr<LE({&?LAJd#;Vy(Fw*CamhCUIgoPR2u7_DALO6B1N~QC>^-3fmjNEE6^o07p
z?|de^LLnd>`<yS)#^}oG*+-|{Ony((EU$S#eByi8dFgkd<lMNxaiFZz3_SBY?;Nxh
zRCjP#v-I|M$;0)jz$3Rc<97{W^BdXZs1cfaCbHpPZ3n+^Fp#X5;9iO0=w~0RGs1WJ
z0(PN3J{~%Cw>Zol;cV)IdZWYi`!^n<H|}7XQ^8N#9UrnPIS0@VEYzjCb&Oj1d$kp-
zdn?)&-xGy}Y1v<X6lBx(xO@kxebcE{x}4L74>|NW*|70SS}her;-jNM53Q1Kx30u<
zFn1kI<$0nw*7ZgcT68`?cdwsb2sgTI+I5n0bPY&qd=``^B(*PdBtMhd#@tGkq1Blf
z%cWj#%dwnx{qs3c>S&ol+imE6U$72lYblBkCv`1xis;O1h;{yUW8sg%TD;HE$9kTR
zdxjEWdSJKAgS|VImS_eFntN=prS0Z8&J`Xf#~0Nr;`oa_ZS7GJg&XOSOzCw4G^Jq2
zlEIzL`HO<LhzxOk6D^La^@3st@6;$&!~-5u!X}Aqho*k@e28IO&s2DE;85GHbB8Bg
zYexUv$M$K4n^s?1+PIyPM{_6qkC*KXD*nA#W9dx-+R&{NDGDd}e({-Vj{f;@q%JQ_
zDc>zO$qOT0;bil9_P7FBX(VbZ2CL}ksQnVP6HQo}9x=vr>P2-P<rB>VyezHi4tJ?d
zbC<&w3Q<STKSHYz6>{wqyHv1>&7A!kgBzJu){Ey5e0&Yxm!7hYSelR5`G9v|7i6$b
zvJ~kXfggkK+)2Bw(Dr@KR)p2{fE0Nh5f;3R(JdptOVJwIGaVL;i2v4J%Q3=E_amNj
zAYdU^xfpRB3nXpy%{}&G?h<L{eL`P(@JDOwxAxV~=w9MI2Do)z>0&z8%_YM%11SM7
zlj~&_@@Bei)sjk<%ioIg)@qoUuN;l};Ob*7b~d6{Whdy$%<MGB4F&rG@E9Mds@sNd
z;&baCrsb7>TEA&RN?eaB^M09G>IPCFE!_^ttCjP&T=;C#gMKj8Z*l&zmd_7wj&nC4
zUa}T&^7mNBC&_?K@J!uqPt+M32q=AV+(E&-bGxU(&z+@e5H)lw^&XuLN!U?-oqNn4
z0>_<+e-k^8!F!1V@aW06pupd~J?ZxG)=FA`&oxvEe-_T9poxUX4!KIFza)tHugdS#
z_p8zkxo8gVeVgZT@P7#v=a&`heLu8nDAX4~1oF41{VMl|*dN~O@8w;-Bd1xu|B1`c
zNr%Zg5X6(#BYbCeoqR>IW>_;>J&^k1R6xbB#Q|0w^TUI?xJ);iU~k0gtu=QVkObLb
ze5gQMd+<Szb%CUtN!riE)rXE+bpAR=MuLoOf9P?)1dB9wRgo{uKLL;oIe;CtetYKc
z4auK7nk03+qp4DKdIe_Ry%<-Lsgh+%h>_hgpQ~qK>Ql=RBbD)tA8jEMhaQe~{Z5&N
zB7FgY#zA7V+eX@_<E1psER4#$?+<OO2kwahi+FdxzaWDLU4_%+O{$hM)E(BEV8Fh-
zFpKEWOU^3Rg8bOaI~|ENpVs^0_3zYk(wDBTg{7sv`j(jN|IE)jJzPt2I&yKuF=8p)
zIMMD0DjV+ke;jL+11|F{H6ZBcIwi**BTw+$xoaAu2`akACnRmU^KNQc->5`cLwd<B
zMYbqOQX{q!_=kom3PnpJt%*Yd3OzrHjp0h07Ex25zjD-)sWJPmQjETo<Y>GQVQJ6S
zbvGT))}1ExCv(8W1RHL#7A`G=8=HDy61u#gBsp6#k4qyT*-S{&Z@{nbmnQDCtbrS-
zrw<oIQHwd!{IofUavw(W>qkP)ki8yMI({y_wVeX3$V2BRk{%v$aVj$BVYH!GU!5)P
zT~!q}YGHia`a0k|Biv549$YrO<AW{<M!uHCnaOkT%FnJ;mb=%bnB^E~^hV=s2jUxr
z`^qvfpVJ-|OPEqF7N>O1)(J)}MGN{=$@h#V?RbnPDveCVEN>69R~Fdf2|nP}8hs($
zyg=*sS@h=ms%#j=bBLr!y+8NOsYBL9D;LnNEu6v4B<H82&7h;Q7!IqS;{cqBgH}Br
zT5xY0*ANN*nH>|l^!)$Um^cQ>^7}ylfrk=tLgKvD{wuKBrTF#azV9jdTMloT2uBxy
zy@?CYp{{C>qsKjkn5Y(qf|*)T6la4!cl6pAC3E?Q)?#n$*#1m6{DC3MniuriV9{{V
zxr!j{n|&TI{vmG??%{m~#o3LnLQHKgA!u!E$5}-;Ydmm4cP-#!m?zRus_*Fgfj`vM
zb=%R3oyL2J%ZZ^{nsOQ+C5I7c&}>uPoB4)m%r8$a_ugGe(rL323gDR)2tfNo9h`T)
z*s#)mR@-~*f`Og8%&qE>LjhC_@w;1!L(Tio&>Q`NUHQ0gU89(ak<9q)Ty_4*+6Jy}
zq+z{A?#6<!i+N>aqqScv{R321svD{$A!&QKR(Zq-GH0pz3ifG599tSl$*{;*>PS^J
znOoA<Eo!S5wfm%Pu*b9dC#D5YGZcz~W6WrAZJ;Lqvc2wEFshlz1zSVXyT=9H9gbdm
z)qVBrZcs9hvu&RJ`IDH~k4dKLsgmD&{C7XF|4L%9k4XFJgK_Ed(<-HHZEA|ElL2h-
zN|ZqBM52)(sSlg8>7nN34b$tme(E>A!x4n%i?c1Q*<n1-Cu8IS1rRwLg2QN8DoMhk
zC~9cMQ@Lkcd?r-M+iL0JMa!`o8x^1T#=cp>VG9&{JR)toZ5J)QEN4*rN$m&|VG?9(
zTly020o1a;Jc}ys5VeJh6KrUgkp*eFP2*x(n&TV`Y4oXiL?`Qa4U7+R+pNAJYw5Z3
zqyi4^UG4<$<v_-pSBO{4=y`RAksA1?FR?{2g)tYcoFm+{z3)UeQss~1BXyj#L!Ihw
zS7qu$Z_UJ@4pA5v7wg?cqJ4v+b8AL?DI(|6eP(e8=P-ZJ!7?4+L1kohnj5M&PZcK2
z+}<FnO9L^Afvtg8xh^p0e!BY;hjLxGJ)%yi19X72qGP{yg7^1U|1x%U?BwugC09#x
zzq(!1JNS(l6iov&4-L#K6E{FTxj%>BUo9<-xU?`PE4?$;P)MF0^YQF5kAU!JlJ2qy
znS<UknQj6a!gFX-39GW5+sGc>U5&6bqd4y^jqGVb)Pvcm4+F<)=fW1Ow7G+pCj<Fk
zdhr)ml}<$g_U7YtQh|F385oOQVLv!jm`0P4wM3w1wU7L;_b+!EU(0W9T47B@EsY;g
z$-$ga4^pN+a~)2r8S#})t)gYUIbr-=cM^1*p9@xfR*~P5o|?5SGOU%bzyUa<V1c~o
zDVj~(oEH<<K$rQ7UeN1|TwGl^L;+#b!cb<UStkQqp8vM1%@8WV^~0`)xJu8W7ho-&
zUxJD-`QZsn%lrmlQi|nKr4vY)+%dLS%F)%97<kM2a@xS*#h4&0bL6V*C@tMWbqr|W
z>-xUS$cj&GbVtc<8-LsP0zb~pm>N~6Lw~sCe9hZ4HJY|cJquQtk7o;Sm??L<q)e4@
z9C{0nH@&jbV{R>|CZl9$Qx{_9)534Ru?#7#P%GMuH@@7r&;*Mhf7IGUJtSp=#;s>8
zC0Fp;v$qkR)1c;BLxw1(!lj#OED@3HWU{%!$)67OrKD;K_BwQh&klJ%6|Ab!+LAV<
zgjH<O6;6HLLo4$;sRW8d#3T23{rJ433z;VwY0ylsLOgX^b8v6@N3@(6>C>UG1=a(s
zB325E+Me@A9rGJdU2Zqq@9Kz#DPXnvuGECzTf`pF;~s>UYk@@Gs;E`lh-pM187$8m
zmoHX<?XuHMePmKxh3S(NwDsM+U$@>?+By~Qz8Wq}_>jRwYB>hCE!%HHr)~NZ31zO9
zj%HSc8EUi#2dRlu%&!zyACL4O-hM=U<KyB6^6QS}d@nn_(P0E@vz0|Ml<H0yxI1pm
z`G<g%s~d!>Zcs}%IB5;lsVZ6+4HR<gg75=OK>7Meb1<>={_b)}I3%j^<E=DY(oul7
zrUf!v4pCNpGy7|GFcikMx4{!$FS{|xJOZf_c0BDr<|bXynz4Aj{-v&plYyrF7Md&s
z)MMM5V0dh&;vr_-3F%5z0kD&nVBz8KQr@lkWAF0r;LJM5REKL%v#fxbkX3lxCarE2
zb=e;eTS~_cyYnco%eYH>!3F(~W_AM`Bq>R4_#+fM#&wxxn3XP4k9en2GkLB9$d4Va
zB~y?Lz}&l>#m|r+)mKNz*=3e8E7}@LGIJAr(FDr^h+i_N<+vkwD7};VP#3;*T-OE~
z`+^H$B{FW}(Ip`Bp|+L_w9h#&s06`l^FFN;LgX<0v1$}&qmjs3oYPTUs{Q%V=1Oqu
z*G@eYqBMqdc(!!DV|S1~lso%#@xcQ^ea5Ha$5%kf`o~d6fo(NCfi-Dq0mGkzorR{q
zGe=d|U&L{Cnd=_*B??b<$I_(ZnSj||f$esFmCyGsWrNfr`nj*`8Tz7*1_7J%r;n?!
zQf<k)g}t32F#M0PGQ6ts1WwV2m!GWUrtW|rw?<in8B_1q0#G|eS3`}lbb7Q2gtpM8
zL8B+bDq1-$V7jTPaL%!^YKi0EFlq<?lR_?zxr<zA=uadxBf_7aRYthSH)$jHmRdsv
z1G|w!UV39w6w(Uq4v+gBdN!(dm%Hr(<n#OA3MNN2T8VK7D8t)~jv{sJ9=AC?tUSnE
z#^ZXZ3M2SI-=>SgHv4e{aLb&0;VU}b4~@2e2x@`Y`_|G%-&l?nqT5LhtS2N}U10v*
zu_Djs1S-z)OOxabZei!RR)q&xa)ng!C~DgWi7HE9kJ94|mo~s{1YL8qAyn+oZ_9=U
zBLqZ)hTbqht;bUym=TL6sj(5WEs6BpkEFaRxY&}DH68$NBqhisjf=RSS==5X-yVl%
zxVcf#AOByLB5?L$`&WC4qxD1BGT%6AlkFWvtMBa~R%`nc9Fc(=x<yq`KEL5?s^IHz
z<02<9B14a8rjAi$qcD3M8bd8>CCo6|eKtIEAUJbrr~bltZx{k(-Ld<YKD1y$7SyHm
zGthMU?Y7VTl50Qkc>V4)SCc*iVo{EhgXiyK?dII1#}a~ew*uXv*Lrhs64vYR?LMml
zv~4^EaUJx90sfN-zYUmwPJ>3Yh6r$^kMvV)TtPg0_brx`(%(BhA|q9075s2Ze)~{P
zR@!ZM=9{aBIbopG6Q3+~01pY#YaelT?Ni&@Wmv*}<asVwZ!2d~y?^v!mL4ckZhX_~
z)A*}rrRr$kuCu{i0xnY6KnS8#k}-(F3|I=c8WZWBJAUJsM)3u;I#hnDS27kWzmeeN
zU_LgKIR>~5HBaTPXJ-c}yM33EA+%t!@jqr6+OqTaJf_RK=rHLMydtLrkQnlljii6S
z;UTH%7hMj~(tK9(i)odI#M}VNhPI1SYe`|7#m}yfLs=5mYg4G5k5wbKBHsjR*_kC3
z1=r@xx!IR3Lkj=~b9#Iq%aC?mDT}}?6q-R`*~6i8?N~BOZyiUutqLP!kGKH*g+oHS
zB+u+FXqTpYhtjGg#4_?L#(08hoZ?R6dO<>TIMUxMJxbksj|#WZW)7{Hd3jj-I3=!3
zzlqjZ&;lg_n8(0fq{KCKvtmYv2)7I9+0(+H>cNVwo|jg2xm8MXhsCs|rGJ_xD#gmv
zlhwb2?>Ly;937=k2&Ps*krrN9;5`AJKvc)_BFxeghltRDABO9|`&Y*OW;=`3QBit1
zv{PTBMsI^2)g_M>Ta5r|d`!H<`x?X6+@|IEcfteyv(H<!;tpQ}(E}A!Cr3-`7wuO-
zH>et7Ij2Q6CU(p1QA9PkS44z!Y-#!^c1Gnn;^9k%R&W0%H2$JMYkL$ar&JC!wHZSQ
zr-Sn6-{PD7Iur`^+MwxKUXSr=DVoQ{@;4j|+PZ%4(u?cPUp2RKF;Q*D`b4BdYv{*@
zpDWJpBq;O|oh>c)mPATru6ak7L?tSL9h(>3=KR8=<S6E<e?m28z9VIKq(!~gy|zZ-
z7_TQ|Y49iH`&)(pUfYqSpOE6-${#mFRGK8%lYMLT5A1YTI+TzR@iBWc1_yQyc<j<R
zfS6NA`_z>WL*r>8M;$oFOj{E}d*mT%#L8uUE%z@Df~aq%uRIv69&qI9*N8Z@(z9|I
zng~N~&rboK6oxRN5WaCR&c|P)3=bmC0LlNu-ij(K7S+^_Zi}sisSV=8aeL{t6h?_Q
zTyN~3SQn(>T^9$6&8XIdT*#FyGprTfk}yOyQfY8IJ^T+YFM_zk*=Q(3R+d@U^GX0c
zsW8{8bwY%HQa9XK9qMW~$h0}p25=(ZqK&ZK+Ue*q;)eUAon>=F6l51{+e+M@3|@Lm
zB!A8!ff^+F#R7WIC!Zi6sQUh30Wt`Q2fvZbTU5VT0QbTN-oP3UI|bhHx3HZ)OwaYU
z4!ztdH`);y##g@JhQzlu_(e2g7$Lxs8i)UWTukK_H&q^JOUZ2748{)ulzbI6TO3TA
zQo+^lk^W$}^_`>~Mv-Y(6Tt1->QBYq5M!d!bQm2gYmakVTMTm>DwKS-u>sCdNkA|o
z=2aRP+V<*4%-^VjQ~0)q^^~U4gg<nX>s^Rw>LTl+alW#?6k(0)A1;tGE$XiNjEE;|
z{eE~Y9UxCu7Do4cQ9B7q1L-vzOZ$vP(Rb1VWv6^9q<P*X{57HlVx)&$j3i7A2e1*R
zXeYOHgEpeJ$zNK!GLXs`jWIx5kLLruomK;X$0?RxCIH%NSbO}Gf43gu+)wqzI~<dk
zC;2O0vP(cm9ZKvg>n&<bVKH7u4|&zOJq(x<nXgA3tiQv_-t)eW2zAV9Ln>Fuu13Hw
z504}QrUTkEnD+g>YH7^l*_Eg1-k*sNpf#i8?+YW?)!}G>j$hhHOIYL9eNn4d^vB3y
zY)>*2<yeY<XDRNrRr_;VEmyTl)$9d9@1tt69@OJ{+Ioi(%8RN2p9Fm@(@Xa_WT#CG
zN2xJ$;IYhEuz}VpEbt0sbIleCMGuw6-cnANko{q&_hQgv1PjCU?@!HocLKtQhJ_L8
z1yg{{u|Spdc;EyNdqM#SR8hL-Ct%sZv57>}Uwow?orsnuwLz4;I6&9e_8@w@vnfLP
z=BH+8dBcxHvM3LR3|xk;L^B{(+}&e!(^ZnnQvn{?puar#1lq5x=_0B@Igu@Zq(0Ua
zQ>wn)@ZG9!f;m;%NFO-N%{C`qK}0Gf_dhDGp`V%bv2E-eO}Ir+aEdOBA#a(eNf0T@
zeb@Tk?`;}m9N;t{3nWD`67y)fXfy%FG80FUjsxT0Y-7Af_)EaTJ&WDWPI9@6ek%Z6
zE$07(D?wK?`sw6NhI~wfSee?d`sDvTY<gTY+Z6(N54Ke+b|UWo^qESisYIcD@Qe!7
zvNiKT{``30-lMfO|LSEGZ{w#*dX`-~X%7tMihdTHw;E72TUqy_iWEK9R+{yNE2HNZ
zfxH*<{%R00P9M|1s*IhW`4X=;NgtIibzllWC7e3Q)Ql2B2K%(XYCiw~@|W@@b>2uR
zAB?G!v6yo;Oh7J&=BeVEj9z50ijmL-`se8!l?x5+J>GgWFshVhJxg;%bv7A(s_ot~
zppDTz6;G#YUgT4KMZhxU8A@YbND4VVY%6epZ7s8@+;7gC7UYZOHO8HH`_X1W1_|<=
zAQ9X;00N0)dV=Z%6c^$<ZY`;K>pyKh7aLLShgwU`NDB7^X{x4~3Q8A$1!q2c*LtnL
zsmyJU(>L>A^wNx|I{MYfAvW9F>zEv9^VF-P1(bf`lfLMg0wwJ4(i)4`Mzd0o-weNj
z3(x#ou8?<JsOgLxI<nbB;cn&YwSKRuj!j291N!?7|4J^lw6O<&xrUVQY{UTSK7Cms
z*%zuu_8wYFi#2ZqStSA(3*O`%m#I<RLUsOY=%km;Vo=s!%YO5U{)7sjr3~<e&M!^B
zm#SC4{&l=+@yjhmK$ivgaX;SR8wH6%&SuNh1rBv@4-4e4L~n!>@$r(M#4E$-A=8)J
za6C3GHE*-eG&s#4H<e1I9JiOq0idOVMJ+gXEoLsQ-qQ@&j~bR|pqOtB3r^bB9Y55n
z(9>ZIqd;)G*jpIseRsTkJ#O|=1DotL2~q~j2uOxJwtSA}@tqHs^_dsZN0a(TTO&N{
zPGhh~-MiY1p$_aNKjT2NP&8_TnJAglC)T|xf6V{9GBZR@pv7PLfM#Olr~MPC;q5<;
zr$sKD`D^tmEnJB94mBtb^))wCbtbI-SX)qzBgU9PXn8oT4&LV;DHC&OV$@76jQZZx
zB03;<64@zrWY&*Xs`kIz@fK-_$N%(vtwCyht#pa(6hm3rVBJKNH+5$uC{gSEIEC#-
z06n-)3L}mcU<^-8aC*Q0!PQ@nxtdXFq?@@?7+)w@6;w92Xk>xBGx5f99_ESY05MA;
z`#VFY#DaFUi&Bg%t~zt9<+)3Wj%c|v(kqx@tc<pSa?|pWlT-1rZf1n^?>hk=-^u~1
zvG`V2{0VkwJ+{L}QY-GZ{TWbdk(7OX5&Av=W>gA6HxYaa!9&fNUsgg6XVnRsOs1o{
zPbb8n+4{je)@s!PRH8r0awKL~s~ua`1RI`AIBw6i9;sIF$CL!p4lLHE4o_L`R)r!~
zTq~ISex;4KOVYKd;atg&TjRmI7aziHYpe7lbnsXm1Z!w1BHApC1{WJH$D?={fSTF%
zwlsH*D(G9uRj<m`a+lU=%eWM$x#r|31B_HWjKTB$QfNtQcu(q;_g~_2;xXwEN;*ML
zl>d1XK!<_<x&DaioQ-f0tEhTg=E&hkf;f=`xnhRT9S?Muy?`?fCu7c?CgOS~!-`ef
zsCC%X;Xq&airGx$)Oy=2^M(nPRhj0@7Y-4!_2mfb+J5J^lL+b0?i13Fi!UW!&}+#g
z%Pm+hslxy0srEi$PZzAZ0YXFpXh%bHTK8PQXV*C|Mnh2^ks(<hJu*O`CX}TkhT(bu
z4StiF`hGQE;>u8m=FiR6^;-i6|Jv+c>%UIg>_@<6FF(#{JYlnc+_}6$StU&wSeBrG
zpT99g@^+=pl#_XH>0!~kDT<rh_!#5BtB#8{hM5KSh23V*b!8eQXPWaNWsgZn(wmB6
zzL8(FBIM0i0ZblfzlD!|Z>V?OpTJs~FRxwbDcvr=kk<8T*L4?T-pSNZWLBX<jh%Vc
zg8KwCU-muF3_~}DD<^4<)3sc+x3-Hv6^E|_dSD+j9=AgLX2#yTn2b%Y*P*NwuJxK3
z<?&GDA#wW8Zvi|h$=wnYN+4E)L0zFuu*EG4xz+P-R3CsAvES)GPXKfeIDmTHJ#VN_
z=uY|oGiE>Lm(o|ClEtyUma?dl?Uogzi;%2HD5R@+67lL+87$&H6tE~$Lw$B&5#fJH
zFRxa%U6+DJ-qaVOwo{~X^X5^e7K$|DrzupbBo&#*DUdOYulNdav-5tWZHnn>`v-eU
zl0X+GP}z2OLzY?2h=wyI&h!uZVy+a2?*{KbTe(CzvCB>ue^rkXiTB1nF!mvqw#Iti
zg#1;2-5cEvg*xozaidm3hbwX^+@-VIGUyHL9c5zMzS5`K`*?#fIBz=#0s%DoWF;l(
z=VVPjYboam+rC1hF{;}T&w7%bB7e!1myIihvw|-*Ulfqx3a`#Fw?=Me>kC?GraY{=
zc*QK}>e+3{!OUPndEqC%S?9Vka~r4Hl&8e`jE~5aAHZiM;RAg*)@&L7c{u*lpu>IE
z^R|Ds$@(+$n5h-k{F;=|DZFR32bS42VD#A@5=6$rX`inyJPd+U!G_A~#XY!8jbQl;
zt`+2?#zn7vJ`kv`Ii6dqGgimA=EZHlkphV3yVdC!#GP;|3&$NE5OxH`AkZKd2Ep|k
zE-o#cJ5K$^;8eBWc=Fv3DM0G)cqdxS@tc;r<o2uezU5I-iX)?vRqJblUC<RX3Y>Fe
zG?8owJV^fDu^e*x&$beoS32&iT!W70nFk2V?1r$Fzm%L)UfH`(z5k#z<OPaeRk(*(
z%Y1pWy2r$1beKX~IuYgOAZURmR0)?0o8~7(Q-hhS10|@tR${VjsD0~2g|4<c-ju1i
z=9q((?;j7YzZl^NQf(O4;<Vb-3VTlkNHYo2;k}Hw`F`uN{+(Re{Jh%7-_zD@Q3LgX
z@m}oU)pBF?1J^vom*eka6obH0yg^`9(_K$8>DvDtA&r}4B2t>vG{WSP4y!aGTrHiN
zM?|fj_|nP+5jpz$^An?EA$m}gL}b}`WXg<UdpP^;(vDK`Y?*DU-IGk;s3sUERDj9w
z&j^uhw(k+tKoro(86|Q%t&VN-DhSK&Fh}@L6LpWq-hJy2Zw>#VR{B`C%=L#-DGkM~
zrH+naxAg8^lM!~SM~y@b&7^7TitGU3X$pf;j|?Kee!h-fQmosiS!{vr%y_HD#84I{
zm4F(#b5avl6<b5xqU5al_a_no#xwvl^(E}(^hl5I#43!--u^vKOn88HzN1zt>i4&-
ze+^vSHcG5rkC|;29zd<XJ<Q#A2q|*I1_rDu&3<Hxusndj;BJUE`O{8pN+5h^n4Rk8
zF=7Tu7p6Q(wo5ae+ZKvYDv^mELKqqiEEN0K<nJ|1)>#_$VM7rGHnL;D><#*`3O1C)
z%Hepq>Q5uM2<H@&`?>^trzEC}G^ix{Y#Z}!X~O1YU^|Z<U`#VgUH<FLMcwGu?-CjP
zq<WHG0VS1fae)&6t`0Ec+fj{qUer9aQ#W;QITaP{6pDfPvJMOA%z{>4x-L~eiW%!2
z4tRpA7tD!(dsH81m0Bs2niKAR&i+w^3Snw~4=xSo;{f8T^r|+3Wb2O=+L}DJHe!VD
zvs|F|nw7BbnxEb1O-rhF(tG@Raxr`;BSAzmN_IK6f*dYM8HjjjtUUiPSsj5o3sy8)
zePo?tM_3xi2});+t>-HOv2#>uqu6sJ1f;IaafG$koW`qXqO(T^HsWt=u2|`zmI|sV
zOf$z)f3YeDkxsUh2AL9>>yg!-(o#L5ZL~*q%GrD%zLNaG4>zkpZ2XrAL;9a*>R<X-
z;?{~S5iNT3GQ{?<)VHh7bfFv%^#MH^gKd=$gq7C*!W5ISKBE&VOS3<KA7J48@0$mI
z0S{NkuiH>w`*aA22R6CM_blAOEC-9`L^hU1PY}4MI}NYjbc9h+$zV2@3i50-%4|p4
zk7k-OsGv`@`rSbPDIVYn)@gQtZiwKvM8<Y(tvF)$Kc-Q8M@>(C!R{>P$@0sH(G?ev
ztHB9*a5L_WM1?S{isra((WZAfoQgod8A%&Padu#~xOLT$zQ*Arr?A%d_bIiRZ?wEF
zr?H$~epDRT%3(MD7U?<P%-6T=wPhG)Cbq*Ic9C;L@lG~6HEwkSut-f9@_kHagDA&J
zW#A<1v81@s9+`GRV%>iT$YgrdGAA%`uBcx&x!}bu;<10fC<)5e-|+z`v+99gPo&AE
z|GGX}X0E&Tu)rxo%<bS_QR;N35P@1k<ZaI@6d*BnjCm$3&ZpVQxUs@ilPSm&bOvL@
z3#tkUaoo&f!(l{)xY$zJ8gz4_Wmlxa8<?||Jh3st)eY6u!P4ana$&Ew5kPJpbWv7`
z>~uaF60GvO5R1kDS<$3yFO3IHPFYwj^4MUUc`+h$5}|gayq09_Js>93$k#U<Fh{5t
zyw|Y4a{X7Sp>DJD_IED%MGuG&_~*^A-`~1xf2=`N3VqW0oY5>;WvS@&pwI~yfcOxB
zC;*wITXN8Z4>cuZl~51+-`cngicFOJk_jE^{?*qTMiP{h>|_G$Zvpcv8sG@HR7vi>
zXa={dhpXOfd@J+RkM&yt>n}kcgD`s{4Dmyhv444Hgn{`=OG+if%>uggckPF!l<y~R
zh6ggxpNnkVeRA{Qy56WR`Ra={V_IVh6_KoH(m%V3%=feIrN*vq04<1V5>QtgFhQO-
z<?jE#B9U4r`xbNEcsFwQ&vt^lx8-X8OK$Pc`ZDy_qiNuMEw=>~3a^{^%jWbLB~HM*
z+DhAk<ICcD9Oo|qyu77+Wa{CSv09w*<#l62qHi294rZrr#*5r_#jih<b~AR>TUq`X
z172+*X8zSa!aR+A<0yCwWSW%_%RVjnv9BNq&Vc4kqC;MDpe%g(zJ;kU#yI+;<D#gC
z0x*~ZoAWoeFaiy}SCR@JFrro>*4mR>fuZkF8We@%UWz5PV8#M3$#P-lxE=qGhSMPQ
zm0#YVq`MRQ`<8#v2P97`>3|dTJPndxczJ$B+j(v>#<H<<{-&czV16IqeN@TRw))VU
z@wknU#-!>eaz(OU;urLUb&a<W!V&FjfeM;xZqhn;cto=IVEvfN2(KQ850d~jk&V<T
zGs~ka--5Njx0^DD>dY(ZjY`0)3Y-4gb$0k+k~i%mrM=kX+{zY5JbD;8FA%dDcBhiR
zm7%oUdA(IJLWP1MZDw=Qb=6i96|Z=M;kjc0`!tFKNir}~<u(7PP6Xn`7P)EVE*S8a
zZm0gWn-Mj8%y3%Hi`3Ckaht^yZj<pSjd;ciz(BkHA0JMGHvTsZ^wxRqLCW<cYJC1T
zVQIl-X<F}>B8rkDpjz>rM|ChKWZ7kqfUY_c*|K8q9lF=jX<eI!D8$LBYmRQ&KM&#a
zG|TD_W)&=7)T1|=blL^F<{lunVt3IniY~O77^MK;n0Ed^7r0PkV#ux+_UK4}J~aRz
z9@s!93EwkZQ&AWV;J(i6bH`9;JRvX}K1g6^gzRrUr%g)V5elRO3YiG;gX`$6CKyii
zr6txo0a2^)W{<FqwREJQT1uxZw1uaA_OpRtyyu_HPRDDC-sPODk!;J*RHog979S+F
zOf!6}S+h#Kbj(S<^?$7Wop_v+0l52u;t6sV@bfA^?>FcB3-i`->mvhm>y9{Bbg(q7
zs}0o@93NHs$3U-6gV=I^sF7tKvZwTR1+LQ;x*es*5E&r3$D2e|%P;EUr^)4oUK&rT
zQ&>}+jq}!RT}3_~9ylm4QwqPIQjs4b7AMhH$F)E9V@?IcMrXELHk%ucFrkVms)iO*
z5F>`!%^Ds~Gw`hdytDNE(nlVsjh}je1_%-gMvnz>@L%`&m~lhaYO|$X4c=B;0SqU0
ziD8fs)~Rvf!<*xbBh1XN#>jNjfeE8Xx(E@~ln;IW5t#X@-n-3^i^#N9{_CNNxtQfe
z*n-t#2v}+z3aM55)u>5e#{WKC%CadB{45jh_X6PQ-AliQSzfegeQN*3;QHKWDExqC
zx%QC{I@z8F!rlTQ^wzps0>ER03!k?uII1MB6_1W%AI8^HfZ@1yNx|*iQr+O>{Uuj_
z9C_<5vs2`lKqPW%tF+nGPaU$8Ta<ODhO96K(fqNnpY$51f2Qx&uA;ZwvmTxBS`M*~
zD<wa?%rHIxUl7>9fZpkf1Pw74c3g;>QbA=-66};Z4b$puCaSpBkAPgnoDzwM;vJ`M
z{T_BZF(Ag<!~*%i_+ZH&>UWTnr+r}p7)ZFhzLxx|Y6Y&O2aF*~uNG`ToR!*1kv0B|
ze*DSH5HrJrHFhE%9TS0|t^1TAxPJgg_A?zz$LrBWOYA4;!%!fPwfgO!G|)zQ+%h#H
z8RWN{`x-?d2<kS9!g}n^?62X@VjLEpmCP{6VUinQyi<ij{t)9;^0ZnChD5lOv!k>b
zy3KrA1^QRTmqmjmf|wTu2X(Mu9SNe&It;bcNoz#cQ8Uo<$_HHA-v<ic&u><0MO1~r
z9_-MSr--xypaYhs<7!*`qh%<2ZyIeT0YvY(HZ+|ABxPJg5Pe;9IGyzLIJMe2VHySB
zj2~EU=l9HhNscO}w!d7GRz2rm7mpAgN*?;t|0Ou!8V<hgr>e1t_m%XfK}<<9aP7e{
zGj}_EarK9|8iJ1$qf-FY$lk)Zn2<~#(34;Y0!N}7&{}4{rm19E{eJIe-TnTf)76ta
zdjEG1{DAu9fT(-5Il-)$zGww#fEg2&m5!Pp>gyO9VYZf>48NuijH_(WRx`^%z}~#b
zP3K}(;Fi4rjOk_G0M|~K9~@}1Sg59By`)2RrE?%yjM)BUJRjd)t^cxofNh^qpDJEm
z9qQMUOI9*P0eWXg;CggfHKy{K15W|R{BrcA@Y=NNkI@aF)O|Cd+Xsgfdx1cyLee>$
zJ!P)Y=`VNo4IwKqL&|O2L)E{y!E~!zx&&)J^9g$IqLoWU3($j})EM1c@=6ga=bIYW
zg@kNFGf#QyJUqSfwF2k|n`Rvit;+@oKDxqNl+f`WiG1gX>fK(px0M;+_DA`iHOhhg
z8t?NG*@^x=Y2LL4tQT+MbV6MB_Wc^~>r0v(u9_hQnijD+;W;v#s|HL;SDd0`r$uGq
zeMK{0U5pQBLNUpBhRnY6gRz|3kg<j1aSZzUm4Rq%%Z3$%lQ3?kPcIOJUxw`fIAs=2
z4#A09HP?2*Y>(%!8B7dH`9eS;dW9QZxjPip-qO-}a0pTYL%h@#-<Sl91jAcp#0wOs
znN9o~xK@nyAaw#U6A;29CzFX$?vTVQ#jk)iP{A@VqeO!v;)rb5Wf+x#5a0|5JRCuB
zLTpXybR2IMxi-?9l3|onbSD?Jo?H%km>dwJj%k9`(oDt3Rz5MwO3c8v%xv3Qnqzp>
z?K$_o#bg-w=Y49^<~5ZR435<a$Y4Tw%z9^q>(YU7#U17-N?2;Wrx4-WZ0I6tv9`Y@
z!Cny0ARtd6JM+E@rsaNI{fbtGo+OA%Xac$+r;Wl%9o)gI#{&WMlTiQI^Ui5gf0pi|
z9s6|rt#FORo4SOR^e9<rT>PP)D}yg(WhsQd!Ts<e6oRZJQ=MX-K1u@w>^7*Iv*o+V
zuThp2@5Pl1hawxc^rrnSw;Msw1wCT&(mTAH2}PFDOLXge`jK;r*jD{0_Fma}kXiW?
zVs+-eoxK%8DP74<&%($RgJfQRW$?|&13b*NamWp>kgf2Xh4j_Ut&XhuKj)d-U5hbF
zcaHLVXw#Y}vXipgc5so?%5|1idZETMfUX*2p_&{AbF)Gdwgt;QU77lLm@O{{O|c(b
zPhSZErPop1F`M3#(oQwf1*UFsqHwxW?VBz^9@xi6d*0NDl5)d=p3<N>pbsWl`S82M
z_z29HA(Y!D7j)p$|9)<ofvUFmSyVk@Iyqwv0ygZ`_>2CRK7H22gX9Ff?FWXMcmhd0
zPk;=DUy#AzJ~$TW{3$QnCfCn$_s}fL>`;KZH9ZASD!47XU%g*#KOiH!iXq}kQD*o;
z*=Poc3!e-gL;MpR)ceKh&~OAT&PXo9^uYAqMjwFMf!#(GnVcH}ydtHMW`t~C%t~dD
zjOh`UklNEjBoewB!f;pudVg&N-KH)>Xu~wNEw5r!2VYN3+FIG!PRoZ5P9*}3QCWWK
z^AAXk9zWGCVkx&#ti#`1w;7hov~ktz`lIKH-4D`91(42<=pUkb`N(1VE_8|<*)tJd
z56+5*O*U*ksw-zJevoUs{SFvwi>e`!Uj_Nkqc&P4No`tTSxT;f#(`3_?hK|=ZM0G{
zH0{`ZN&zPx?x1j}i(j0Tg{D(I#OP>zD?|`yG#zP=px2Yde{{suaz?kj42-(+IXS|g
zc$WejbQWb0;RdweiGzWd`r;nbEp${zpk0t752Q_Kn*L8ip5u~sc+XVmgd%_bDo`Xw
zOWB{4DFuH`5anRt9xv}g-P)t=-7^&&tvv6hi?q%AU$i7dL<!F?DER|7G1SsaR%>;y
z$TE6Ax*|{ESP|G42Xx)}(yj)1a~%RBjX5Kwg&(U5rv`tz@>jr>hk*HeyS7YyxIlhp
zp<UNr6``zNu-3FL^X_8HmmQzg`Wp59qc5z9%q`;weEA7QzB9+A-T-}7tv;Qr?HwLg
z`sZzPfLnt#p#w>Z9^;8fX2dffZa!t&uSyJ;;hh3%fcx;4_vXgMwAcCV)MemKYJhbd
z>h1m?_TD?F$?aVm-Xe;K2-1;i0~HVy=~a=UbP!OwpcH8$B}m<fN)r(29Yg`?HS{1#
zQMw>CK$Hlfg&10ZP`(wDaK8Q9d*;kL^PV~L&g}nW67xLkUiZ50>#obwCmcuz&WWnN
zO|*AH=!SoouSa?7G>Dj;4ei(X2gzlVDm&ak6&!CMp4IC6yK~WoJzuY(1IA(}CtTNp
zWvrKIv?Z>tW2zWstR_v)39T(m@MP@76k#8J5>Sh{qMmLyxdrm9T8^PoE{!tzy0pH9
z1vLe*n&0N@^5)jsdgJ-iraDX~a^j&y3Z8O@jRx<IdG5u``pm6WUT+0OFbe}k(a=k#
zezk>Ox6e44`U!G#n=xzB%CvpAol^sh6r|7kYOmDrd5d4Is~Z!YjQ5lD-?>+qI`Pdc
zLq5Ig^l*eM((KCds<lyd(8E}6^29WAXfKi-a=-$9o~SqCdbL;o;Z#FG*2#gRk>($=
zu6Cxx^aBUxy=Vo^F^f>Hrg6qE;o=Wm?xeBa2{^lStk}svt{e=QMy{qO4p@}O!3|jj
zs<@n*Z#ijyiQ!L1CDQvV95!lT;?R<Fx_xkO$Yk6=b(X*^#}a&Zp1}f^wJaK7LLPn%
zYp$C=EW1jwVbjKCC&wCE2K$D1>W!Itx{J<;7D>O29!w?Vxve~!Z4%V39u7!v0VIjJ
z6%;V|mABP$0dJWZu2-P#R%ySI<mLN4!Vc<R$5ktS+@R^ySag(a(aqgP>|z&7z-O#X
zPOBzU@jaqXEIzKw{}0ij^JO3<!@#dS@b@%Coe@za^%DB$<~BcfOI9vdjeOHMq03QM
zxAlE=W48@9W2lkew**%Twi+teWL|fl%po{BkmH3fSxrVO!C6Y;dxrQOT1#(89uW<D
zHdSnky1m&)h>fIxI<tNpku|9KZR6=IB4ZA&6okl408fZXS*reZ*yAnacw<ai<vWSB
zf%V&axZUTFsdwk#`8+!JdWkjr#)p};IGet(rTRxfH1C<Ts9k2c^w36-GoVRqwNasm
zwRd`oMK<9J^6mhTkY?=im)`cgAwt2AhqJnZ%@)@{zxdIiJR$+&K<BRfQ|j(6Fu_R`
zx#++9fo1~4RJ~bBo}S0Hf9fO_l^tL)-=T?~1>Jh`5b4A5uw?Yqr(vxddkxiZV#J0(
zfph@G(siH!B^#UwO7RfSeyJFaJ{ii01(M-6*!?XT5H$l8cmhG7BJC4ZoQ#EsgYN8d
z=6Ux`mBE8kU#oD|TMZtAba|Da^w`QEPr@X?!l-U&7Nkk7IxD5HOS4X53YbU}1vq=j
zH`(I!gLOW~v|#Nimpt?N`P1CG&{>eMrwf%II}M@!_@rLYd|I@bA~Q;mk1xN5r+ix_
zAE@9+tT5R)hrlGVi0kDYCY3T+N~Hah1M&^{Cb!b$BmUk^I%`Nu;|$5hl_7@Zz4>Q^
zTo6AulWlhDk;~EO%X_UQ!?Klg2bU~D<pN;*o*t$iCfb}*5Wb;HPMT8PZd#x++D+?7
z6G!ltO<Ru2<5zda*HS;_(Gswx^33Med%pnpb3+=K&~N?F$sLrH-9o>vp0&bp^d0)n
z^>aeQEWyI^A%V{sZ+AvC-cWBc^RiVI9F2#1PW<Rp_CZw_H%>?&=0_mS3`f>~sx&R{
zDy|m#l)S_F$~AlAG9m)Xt4bcU=ES4{#@uo@ebM)&Jpqa@+gATl?*YXvjyXECq&PvA
zmh?Zx7{7q-`8e6Y<bR0Wr;)gG+TDvTC92LAA%0C|XFcByLhfUJ?IKx`0e5RlAH*yy
zIQ+`qxc|tf0d~rXD|gFE;?cMHAlJ3NwnV(uLDY~Bq5QXj@uRA9dZc~H+Aw^pBvM^y
zX=}a<CI8!KCI4KI=))0>kbbz$?+Th(pG~Rqke~RxkgxiMf3DjX7%CR@<(y1WaZW$K
zR8{?uQ_K?rg5$2(4;(^V33aXn^{Fo{MSn?yyg%=3aurlV?|}YLy0AA;*0#xYO}~_H
zfNedTd8oH?873C-)7JN8yl*dFCg+?c)7$?W@bh44Q_U1Vi)nQcM9@bF#t(L+<1q3p
z0X{4Fi4%3o(XUf*vop^(&`o9Xo_?>OTep{==co7afDr`fJ8+5m`4d9$XmHr}p8fiL
zsFbF>tq6s{qK*VQr2A#qB@YA6&hX5Qht#&c>u*XOFe}f^sujjgRK#NnRE%Bm^JhR#
zW2}}Lr`gknZ#^0)e6E;&gcu7D;>oCU_${GIAR)I$D>2PpD{HjT_>!+n`bO5Ml%fD`
ze$nB!tg$nw`!mQ|0{VDex*jh6bB}A_&5NT0f0EE=_Kp5Op^rJCa6murAI54=oF}5s
zL}K=Z0aP^J^+)iY$s)Y=l-6{*vchqvwe?SB(<Mb=&r2#BtnQD;&F^{RJ5;fd$x#+O
zU(tsmh2z`^?ghh3kvH|v^Cg!g!p_fIl)792h)pcWi}fkZnkw$VT{q$1W!1a|^AGZK
zd3)q%=m>U!&U$+BtAq4JRP!4}M<qQ2N8+>sw_=q$QjONoN!iA8<_p>a7`X4YH|L$C
z_p_DiZQp?z3#Wn0H{A=~3s_$|{JHo_Bi**>g-2PV(HFn}ssG(9kpao@CI9AIjhnlF
z);vdZU12t!4rw`{dkw3iSF88BbeR5x5`%7_@<JGWoW@Nri8sfrkZL#2P6?j9`;2y-
zZSck|y9Z}#kI9^;E~Jv`S4mSgQ^79ADe55%5pc|$&m<g$RE;abyDqs+;&7?*xb%FS
z0&2$#o0Jjm(fc;zef{xOe{B_L3rC4_xIy*I<`BDiNm}q$)n>oXr-k-+a$1|!zc3LO
zGKAKCi1@e1N?W!bJ@T^-)@@Mz;hW>Fe{dBpQ#^Hwuzwf&_jFX{P2S<_b*3KhZz(f9
zYrekjQ)=7cMtj$`m#upr)Q7`Ak8EuuH8qIuF3!@mb<>o*7euwF@=tXK)CuqIN~Cu&
zY?#!0*cRf$t+7h#E)nltv$Fow;0_OFd3j@N=j%{gbcJwhxh#7~r+&ID_EupHvU#<h
zDFPi<K_wo`a6}OHtI0Gb)LOXhO|(aXkd2=Rsy2WLZZyFV#eDRw@=LTV1C_W?{gpzg
z@#nVpJDVlTk+4Ku(^lvwY~P!>Ly>zSG}fTc-Dk3C&?X}Yg?Cx(Xf`QPW#o@)OGiOl
zXHd6})I_{&Ew;@FYg(;(cQ<M}Yi;bw`8i8&V+EU&nm-U6qRbbNRgar0I@zL6PE!+w
z*pO84_l_jROnD&0wYj+He;_Y4g0CD-nHAS1P%T|kqU>pZAJdK;sg7*f+Z0BG1gwAT
zoV%B8PjM#O8oTz@$9g(yR|m`^*cEVHS$mRwYQWQ?V?Z?R6})M8M&{t%moJMV#0r)o
zcy^+hvHU75s?SCJ-X&hR{^ti?ik{}6Sutz{syFpz^`w`a|Mav=3yrdK$=K%c$-1rH
z_7UxEJ3))bE8A4+DI=V2rxh*D4?Q+R%;d|I-0{@<yJA?TQ&Pfbs3)EOPP&d9J55|u
zP}iXC!YL6cS3a$P?X-;vgbec@CaDLxw~WW)oA&T#L3`=KeivY??-r0b93T$1Gl_}d
zaITSOF_*yLZ0AoRziaoj-?!aGNbO`yDR>CV@Af2Z2siCnNV6DS4CuwVb4t54Ej}8E
zc<N~6B@5p9I9R8fqQk6ek9K+}ox*k$7NhOYW~-I4<V$6iH2WNr!2!eIr`l5X?0ok$
z5v;?)g%*k19gg7t{`p~%qPEz@Z7|JG1^N$R@jlrD&Cr>(Z!iCjaK^mE^$OXAUiixv
zD?X?EEkl!2(n_cPRw2SGauxh!mM;9nKk)oz%Ev-)I}NJ;u2D9upFR9i3YHc{%m1ly
zc!v52RIDV|=I?sgM-gaBGxvDV>6*Gm^k1T67tg+0*b+CIIQo_SpCSoa;3sJ##v=c|
z@*}bQ#HCMno1P>2YKnCqezx53O@?hYxYSzy_*i2zse11Zz&!0<C>AfkO+8YwoLT-(
zL@C3-Q<zuE|2m$WIOOQok)OtD2?fsQ`i?y%zPMe|hZ~FLRp-TFcQfpx9Oc+l(_z{*
zMe;(TdK8ow1xd@%KY8*WMC%An<ES0;-%ECQUuhE|ZRKVjd2r6`Igt~>#pX;4$Jf1^
zo|Z%{g$)FYx2!R9CZ7V?=uBs#&J?ATVE?l7#J4=Jq*z*XOj+z71b6H%@lnBD))0~~
z0wWdWf}Ct+nxW6Pez(mYr1_01knhw2e^(yG%okuCVvfnD{=pUeT=nXbkr@{`OL)w}
z^0a4(F%t)Zb2lB;pbBwJ5ly25FKk&y+>+cVgxf#3+D`QJjt)u*-G9{<!fG;IDQa2z
zr}N=8hZ9ND>2(eUe)00d4{h-8X}7RCh>V43PsMP+xSKXw{FX)x!~NOM9-uHFDzEdP
zTtw7gRPeWm6pw=g!I}T?A4K_?gp)~9vHwBR&4^ooKH2b3C2Gc}c}Ip`tEBM#O%W6;
zNJs4Mmd#&h@BjOf|4MRSIsetk{{)7A56-_3^xGc&i<AH2<i9xiFTvQ?0pdUYrE353
z$=~+jUuOQVkF)Rk{_BYSXAtdQoctFj|Ha9Ie`7&^;ZOhLI9bJ%xbg9|aU?wRze4w`
zjFRQcR8zyd!4G!C=e&C<8ZRB!-iPkr0lypy<zknBC6}F`<evW0{r@_D_SbWs8X?#!
zykyw^a~nB@^!XC+NPODJapG?T)*U$l9ek(Xwm)h_=LU$3hQvGV|IY7cTmTVG&AGQv
z$jPSUGaz`EYMx9@4BqLa|7mIRB>p0)4M>cY-m&1xLE8Pn?v^Sbe8_&c;jaa>wBTzF
zUO}2<Tdbo5zI9T(`xWuofs2H2a44FD&UxYB8D`QCQuia&${^7ZW;YuDmt9IGu>M%B
zWGYfvF;fcsO84BmB+{!-gJ5=??Ry5&i@SkGCQJ1F+Fz~>6TM?fbZhwjQwaa)dj!7r
zLSkf<D76C=V&Gc^_XduUt~vczsQ(J}e^FB_4J?<lC07fYSeo$oia*>ZEw&jI*ae(n
z&hfO3pno%vg<2!^<?!B|OWWLNjw}Y%CyHI)9iCF?@-E&>zq7SAShm{cV3QJ!qo&V$
z50058hwTVC_i>m8q^)Xdb4b-WU3V2roqF8mNk{prCV&fjE-@Z*EHaP=oVUoJwxg*T
zA)<_^n4IcgTMM6Fubs_r1B267H}6#Xy7kLu_@Ufo>!!BeIyv3=Q}Ouk{Deg)8j%{J
zywi~($6>LHG2rJV&jR3qv_(?Iufsch&K>zS!zt}5X((jO?!wnKS}T9x3m@e}LEaHV
z<P5ts`OIg5cc67Dv?t-wK|-3W1@(!zB*hqj8_C}^-S!iIHD`H8Ja2w%>Sjm`VKovC
z^PtkV5j%-V1@lQ*avU8}a%eO-;auS=;(VHJsOW(*`y@*fhWLmh_fI5-Ocb!Rwmoz2
zAL%*cYB^9Yn60xKrs&j@6{CvGI@F1r7Er=$ey)Y_M@SsGdL78>gws`Oay~8_yvWHx
ztr*ga++v`26rk2)Cw`o{3l_14$zmsC?h#WV@S0VjM#;Q=)H3c*oj78iI$68^TnxO!
zH!}3BjZQXr?AevW>F+5hlX+ipTd_EDXf-*w9cOmr=s9ptnDQYnkWvsI`)RV29)Jf3
zIn>ONk~%lRpEotcNms*+fo~7JxRgSk%9!Z~K1MG*k+DhT_6z~Q-F`V*yc0aIKgU{t
zf|gZHVVDL=i_*#KmbzW)BuVwGkv=aFs1j}R{SdM$#e;pQD*Tb7PK5Nc;LmfHM?;AC
zZ5IT-%~9tVN&faa;oBuBbfT;G$hFcUF4Y_Jf)0!wYH6>~N3I(4?wAUXh^HRR5=ZGY
zLw|76uV2qR3|>*p?)52hmdcn9tfBlx$|d58Ux96oZ@GVlBwt$aZKv6CDe||+_`$bf
z>DAV4bN8s4p`M&4-d7ZAo<HMp9eSqEE^yVY(GvdX__MK8r9<!+Zi*u`fhP&ZGxO#P
zvRSiB0!!#T>0C!rwAbKIhL{MFsTBv`uFC41+5dJ1_!#d!8Ofd-%tZ+wbG`Alr(8Vi
z<u~flNX6_!{k>~Xojys?Kl~rrLBa-}h?XX7pdSBy8HxxN(grI2zqEn1Pn~F*eBRLd
z?hBPy<bL33n$@slLPis(txJUhM-TOXI{wtD!U1X@4i-E1jmhm?pZ;&{8DcE^Ch=Rm
z0#%r>6L}THl<R_{(;`_1bEvnQUG@;zJ)up}ciQTuMecfsNbKY=*iNy`&>T_%I2JG>
z!^rH5r2lz<;?s%Wx!#E%c_Zpz+6>_(&{7xmY>ZQMR66cEDrI6R=1|@Q)jd`v6?_z&
zoj*%iDa7c1*AO_<s?m~jyL~4C`53AkyFq&JQSe}cOzIb;2j3>7vQPSn9NkCYtHf#o
z&6K#JBX5tsB`BAkCcMnd={h^wF8D4(qB8OD&^);5GCae1al}xsJ?@lFK%nVxb?y9+
z#rQEY&FMY?^h8Uzn{-b}9t>#gn$P`b#6^C11@P+yrIW<|n%|Mi0WQQCKKt+>aJ4kZ
z68_*Sois%i^@CZK0~D;gR>;=DaI1;t(aV%@8;Oh7;lGblhh6na%9E#v#Q`drDded>
znWw-RrL})+Pr|?|koGQ6PB}*Ezh!&zrzKn@79B)pfSKS{4MHJ>ki+CW{e}jw+#>JD
zOk&bSofMt6Z`XV@GONfkKl?u|^O-Xvo-^5u*pjAAt?e0?T|>?%ILH*-1;&m{$Q5U>
zb}(vNF4>*i2+i2|dI$D%re<c@=Mc9>dZ;yqJJMx$%LL1j<`)rAUlAoB6B_;XD_gDG
z)g|_wuQdx)O((-$8j2OMzA5IFn?_tI5NUCYsgtPm*7Qb4S|^e!U?bRi+Gy{-VC~wL
z9+m!cowm(Tee5KLGdvryWrQutZl8iTiB3wXwB>T1IdSI98SJz$WY=Z0e`7u^;9~qP
z_8m5^RYFCqPSQ=C6PHnYwW2A;b-AS;^!e>BV2cnNHVrbnXs?QeX9H3tMW)QS-HnWh
zl8F^1*M+qQT<;mnd<Nf)Y|M1EkAE|Aqk_**4u|UVBN1GihTB`!{-TjwPatEEHZ_zC
zvNH|yQh`Nbc`yz;$gIG2CT*o#1EFak8LWl&>1{uE2tI?CDL`#ET>De8oOn26_-&N-
z75%Rc0`DV0P0&}KQxVls5q=1Osy}6-0@>b~6DuQ3gw3*xV2bIM@Sk6dkh#tr;VzKt
z%6@wbl+r4mT%if#f+^*rNs?Rh3NN{OL1#YWb+!Zr$#U`a-H9gdfZgJAqA!kIa=~o|
zg#sHNHz8w%6cyGED8Q_IUF&TVmMy<zC{$a9@svZP%ASZStT~e&uJy+ol#1(R(`wso
ziK!p&XmTCJPN-V!sh0WR>%6i;x}P8A%1F~LjB2XcDz0(OiEWK-d@GyUq|<gI)eE1|
zF5L7h!Yilmz!eX}Gi49pXR!LX06D|1swn+Vzugg6g@d<#B;>;pYTNL}U+q4FPte=%
zz3@Csp-tHD*1A8n!Ia5juleYV$al|o?X=t02XU>|h^6gOi**d8d@iM@aML)l`MIJU
zE+DNpYB97zSdLS_S8W2m>SOo=w$8CWjpIX(WCd^r>}}d2Yl9B)3j6xs7fkna)Gyrm
zV&J+Gn>w|frX;L=5#6lV4Bg!6*_!QJubED7zjQbiuj$#a(q4v+phJclNZ{awzkG5h
z{pFqOd{zqaO&jgC{uZ2*jXC{U3m^ZG?~^1Vka+O{K5~&%UKxO#h!opd(x##T<UAa{
za*$Lb^cZl2>DLAcWB}j|RxEz*UOPV{qEpdL@#Lu!qbj8R%```hW$q-`Z1$&;mfk{N
zk>h-R<?SljCdkhU-qP`Fb=O8)@Ytys1=fXh4m;t?<^HzY9m39G=alui8C9*<-b~+g
z8-McC-EqtJG{1~^3RP9Dnm9u*x384{I_%xe10T3ME^mWFCW+nJV+lY{M%?slZ1Wpj
zur`^h%H@tK5lXYxalLh|eTV7gN4f$8;{2~_nY9MbskI5LXc`i#mgyvo7;03tf*<Vc
z-?gE6>9*y+CC@X#Y)j{Kp3Sk~ngw1<dMY~`k1U(Usg@mC)lil}P5Svv*$(>-wg1Ra
zvOTH)(ZTH))ZmAV!*Yv2+4o2)M!wO}`|h@>@|737cihzku6PuPrq!RFeC3|dLX$Bj
z<}WVperPmzXgN_)j8q9nE0(=qTvr3g-;5;r&tuwv@_P-fllJ7cDKI!wv{z*J&*3E^
z>i#bDIn45z$x&vA8X9r-Fx)euJ&@KSbhvu&_BejT@?M1ir!}@M7;in;JyFe<;<Y#E
zHM?HM5TxsXEQ+!Ss}H;XChQqyTW@R5JCxNPGT_oufX%BrUCc?HQA0~FasKxDg6WT`
zvN|#6WZ52`M|PEYJ)BUJy*u>d@~7=K=u)`F7}O@Sew6t#y93-+A!u_t;bA{P-1VNl
zSTB3@Q!oDszp~Bgr;v@hW1{HhEi>#71e|_A%V9u#URFq?r$AvG75AnYTDMw-itTMF
z&@KuuE7z8_?rp;c{IVP01p`LVTnpYye)AmqN<I1(JRL}i_JN)bKU-#+1hkz0CGI;{
z+J#%~yAvhXtxymh<A6@OK~0XAxs<mUh<5$vfZ+?WvSv~O!_Gh-N0#&1qks=zA0-X+
zwj&tZ6(7eJB<mW;M@_7?i&^Y`ca&m<$I+zT&0>57ohuE|5xB7Jn&jd4G6T+~u3(WZ
z@46V*b9$vkrrNYPdfC#U0XH{LRwJV{j1N-2PEpc$BBp*Rw13&(C?cP+3;#%aT+Bgl
zCZFy&I?~BD62_oVx7~amKU?Fi!fJjOf!*+NTdw&vcN(w|E*$HhHX9{cJ3=gM9N}fr
zL9V5X2O;+zI2E?tSGy;fB-^|CUQY@$174h8BHF#NjW6@-Mzi-eE?8qGF;P@JzK?Sn
zE!K>ko;opa1E5%IN5=bP)ONV%u&O{|CouAj4|A%I!o=C}5`rOk3pM-*v|2ur|LD1&
z1M_2HilfAeG9jPcd6H{Kd8Eq>Xy=lrJUN1O{vse^x4YI!fME@+z)83<Be~-4svfbt
zk7JZFCRsIblNK7`Ze#AbluhG?o|MG(A9U^hVr0GPWIehrR=!pxxx6}j`T{&&z`b7#
zds@3~s)}yCeb`y^<j(X*<?E(yv=35!{d~qfG1dt<sZ^>nWsvRRsla!`tdnN>HwB{b
z>{l0t5LV65o@Z`ib#CS|aH$fZ)aKPG_1d1xq0P{-HIF*v&rmPlRxYf@kZ|st40_ME
z7}d9Hz=-JfkUh7wJKufO-!@I*1V?e>nf@y_*4UoWgJo|}Ji~+8Npo>4X$a0?Pk*<!
zJJn+H8%qPO4r6W5(;_8AIi(p1%Iw$V%>wUoVd@w8%DGntilssVB~v6Zr2$->|0ZO;
z--%5wRMaW{uzeT~ctzJBbZPDx+*6kA9fIC@Y{`>Lii0EmT;YonQ?>6OZ?sKC(Bazi
zDIm`3w611(@(DU^p*vCST)5nc2dIzo9lI{Q(F53D<yJqSr}-X4LA)C~xNrl9@3il-
z0IYDo?u29y((Q%0NpqWhMQ(I?MBW5CR9>PV)%^u0lLdtbGd)z-mhYM7l=d(_DA(g5
zOM5lX3UN2Mx+F3#v|8S*3Fo!wZ}~+rTV{15%~jj#%HvKL&Z<4R^&q-8nEIGH@9>&a
zaowlKW&aha7zL_fBe7qrn<)s6WBJ)Zk~jWP80Zn6C3*j}8juPr^Jfwl=_!+W962ba
zZ0p%3*mLQe!nk!~1U}{62a@;&ZSl!i3TX|Ma28;gx_Gifa&3LRW^U;o;ywCSxV+C*
z1}X(f1{`xujM<5pIiCXb$~UBc2j#*T0vxal1Klg7j8|m*>^^m&QcO{acb_^{p%<o)
zYqki`358Kvz_zbH;AWBwj+g#r+CK0hNMo-@dQTTsTvUB_vdZJWiSNb|qw9)kJ7flZ
z$K%rk)}|jd+>X_Tw7+h_OuT(9e)^RzQ4;JIV)yH8&z}cNrSF;{Bh3Mz42M6g=n?@w
z^DZFa-SfGl<UmC7C1Po@CMI~3)&v*>S!@gM?FUK}C$iy_VM^NLaX0kNwiuj`b)9)s
z2)p-yQ{$xaOvKT{oMDOgxi{%M`MGfkDz}llh8IVMu;V`4rn03!>(tAQcDp?y+2O$K
zIfk%f)bFBT{+A%jgY8IY*=D`^&$z?pJ9&LltMgHG>$i%L_NBUJ+wNNs!?M09-bvLA
z3$9LyT)&_Q^vS4$9P#nIS(Jf4hz%4F$&2gz;~8Fo@NoQ_`y3?OrAUYlPfO;LKEJ96
zR&zk}>LK#S;iO7b<)X`jSx0Wmj)-45>7WW@uy~1SkrC#3i8bY8U9VUcIFaGY-$pgk
zI~2szGJu;H3y6IXOsS$`b>COEO=eF8g}Al{$2I4c@%^~;0KmrFslYEIP4}*i?|tO7
zxm+%u?)P(dqbx2!b{CFmJXKulMU}eZy1t5O!+vsUQ`oeSXs5BS?wcFi9Fs$0`#;$?
z2c70KlS$fr8`=);ydA1<nmz<qv2sMK@$-sb?%T9+L`6%M+K;Yg^IJ_lDm1RVf{oM#
zGYe1xXVU8RU@`+{7aS&sX&BRGS?Gk=La(_DiT6v<ML~K#olA=pu0FlP>AiVoTF&k>
zWGLwq9Qh(H6hdLvB;12GXB2Hw!Pm1$N48C+4NzIN7FIt&H>qP7*m8*UJlNjaf}}+U
zD0aa4+QNI0$(c?LFlb514@t;f#R7ae5B#xo(gEv}CKbV(1!+iDD2fF+Wt(`m3OjFp
zVXIwht4Y+Z%M)S8H0?woT_$(FfA|rkp65`Fj!+HQn!Mw^@-1!}_$ad_t!@iT5vZdx
zEh-s){Kw_$rt~(G_Jq!y6{(Y7-~ISv16#6NR^$5P+dCWz*`<nUh3~B<AVVX1yM&I6
z-0j=5x4pK<j7!SZJ=+p@vV&m71yA0USUK*~C|!5X9KN}NwN`gY_vp&i;tb;oK&N~0
zp>3oyFqh?gbz1J{%w658!D!Sh?QltsKs`+wu)_h;OXgSB?leAvZL(rl>&m>czHjoi
zt-CK}uKzj)(MbuxMfuTZn96@Hj&La1=`F+98n(qy|LFNz<b&i;XcUy+`8m+Zd`Z4$
z-3J+2To$nIiN=p5wUx2*ghhL}g;y0#K>4|!eCMBvn(%frm6&dM;=insx(x{ijtLz3
zrS|Q^+}Yf8rCi^)4Z*aVJz<jUQ2{@oYW4gGy9O*a>yC%@<u)A7B?QhGGdc%J5fDFY
z!ua_D(GO2$dAMJ|&cp~plQRz-Naq5ytvq!Kn%xv6x>kMX0dlHT4csTk4I)^Hv5z*1
z7Rq2johnPX-J;yG0QN(<f58{+)}>(Qun4zKUf-p9`AIJftM%a2bH4_KFq9F3Atn4-
zrV6BWREfjpNV3Lgx8kY5uOn-1!mTe1!gHAxv5%JTH<UZM$=(rc^(ed3VFnL-R?~l-
z9XOq9Z$|EX@L7PJ0TboR?;doTxQ;@O?AluW+~u#gSXyy(x8*Obv5)^?g<4V8sDlhY
zMZ(-5<#jm7D@!;u2#Ia++gaL{U@uWvvz?lZ{W&@vWUJ1(=dLQ4#E?_BJ!C+~2VxgA
zR%Ra&!z0C5$<i#uom>`|>lP@lYG|1)^0Tm0*aHbIT2}3<+U1RJWy45Tm8FQ<@t4cj
z<0{=|<96b<@=hV{vTB4;viVG&DC2jI{ywhOu>K=@W32mTK!Y4^mX_iZ3$cZy)NhfT
z6;sTt2It0w14D-24sdV;Om54O&>0H0qRJ^Pki1vM7l`Ow<oNogEmNLesngl@Mu_B)
zV7lB{dd6Vj&csE(`kL76EI29c$GcSL|Drml>9*Ik0Dim2#f(?yB%Xg1Q{eeF3uRN-
zxFLv6XiWjlJu5g11a~z8KXMGS>TiD^&VgNGEbw;edy=abB5*ENcePl%7q)g!)_b_y
zuYCm5t?#111Fo2>MeylQnsBK0z?eF1%7m>Rzw?rb#Ph8}ikqRfh*{2p0=>w=)6I!A
zsyZm=r?zx0VRs`tdn2n>-Ta~zwHdd(mj_j+pk=7y?VEhE#`OzDBNac2pJt8eV>`|$
zu+XtIGTYh8UO@FdyVvU!^TOBGEOq;RkJ*TG9Y2G!>By+Bdc!bv<Rz`H^fc+!+vD!q
z;EuS?<_-6Dze7<OwN<^jM`B63eg#zw!c#=#`d~>=?#)edlYeFikU!}1B*lp%fcPEU
zeKg7AYzSWK@8%uTgBo_}glHq{btYBmQ(>bY<yiTyCj8k;1nu__>iO{}4{%DCuLQ%P
zP7BX8($$V8`3@y#*BiAj|AdE}qtu*XU|@qY^YDz&?<`plV-%&`+#%zozSd2eIgQog
zZM}_5>Uhf4uvM>h;BI<(e5$$}?<JF6W~M3)i8U5?>T1n^HSI;$?Ce%5c5eA$T9?Fj
zFtJ80Kl|<AuHzEfO>Tf{$>R+<y;qCX(dlc5D04qqXLcW(A+$W4cPDjRN&vDn0zD7h
z02!G8ixj<GSaRR6D0Vxa!^+LLf9^CszOmi9{h&I7&sD#Q71!DKVy?Y0tyZHI8A`dB
z+!hpom@SRBBbQTleSX|VN!DH1lpG`2_dbaO7FK()r*+;C&4hYto!-8gI0)Px+9R{%
z8LWX6K>UYF$vux(2?S$wM@)unk_Sj8*?xCM6hSd}FSwx@Y6VfL&GRHuo=}MS=J*qL
zBjEd<(sLg2d@mZqZytIGBI`9bC%DH)sd+S*vVVz1yz|3UOE||=q(|tNGOaQ*q^-45
z2K*B<wQDy3exhMauuW-sj#GuU24mz;T);IYH<|__n;0+2!l_x;>!l1&#Pqfey+*=L
z?Fex@njok{mX<i^8|T@CtPFS^Q_qbU-Y+!RsTbOk)9XlsYPGIw9honqxL0?#H_M1i
z?HsJ{6{b-AG-FyO?#;JM$j2vp*C(vRaPBa5?j^k0WBbD0b2?(gh=^f#uNN6xoe28p
zhU-ov+D$enh=G>2qDgR(R|u5#fr<5h&F&B-#$=a{>HlH~JV1Gr(&y;2^I?a5hcM`I
z+J(Sf$fr8**S1y=l$Hz!&9j5)zcX`h)C!9#hFAEfq8%_Hm3Z$s9!Ge8t^P>l-6bZ^
zs&0*v)R*l|k4)Z9(mX^L_i(L>ufl@Nqq%!oI?n4kKtD`qh+=SKn~cJ3Rgl7k>Mtlv
z_ayxEN{vpXP`lrWgp0UpyHcmZ6$$suUPNCP)x?d(rSZE$XujwQo*1L`X#Zj!^#*Gb
zaQ<h0t+;;b=r&5+l0O+yt;G{of7JhZ*X_sUZj*Okxle8`4pgKm*^a5&moS6)$C}JS
zSi36rTUvEX4ARJa4rhn(L0NTA$yW=5wPNFfSz3c`epw7jOGBJW3EMqBC!vTr!A8=_
zU^Q!_eVwcTG4^hXpH5_@3k5oP&gvrRvW0I1ot)ee^(KD|C+Vcq&Sk_nK_`77jvNsZ
z^72dt&Vus8)zu|o^)W6!1GOuowFy>to7Uz;k7wP_zJ4lDYW%B1o0RYR)E6V3D0mw~
zwvz*{tu}!>#N1T*x=_XQE0K*GIxh>=H4eQjidv&l2-V)|65S~h_H?dVx!&L_f@Z9E
zUL2NqqY_o)aw{PGFnrzbmwjRFT5@HOLx*87pv3|bxty^p9F7jxEuuUN6Zr2!cCD%#
znS;}79B$<vesbrh&pXB!(*4v*LIS6BB@#|a{FHH+|As&`opNqcKp)RJlLl*o=VDL@
z1kdoK|K7LdMxH2H4xT2wUDpqk7AAS}lnA(zfsi>k9^F<<)>29vkUB^?^chYPX&?h2
zgST34hY__lk6_ap@wThvkD;XC27JpJR(mK+uvnW;mx*S>F#;zK=4Z3^2HeQ9Y@O|q
z^t01viaPB6QW|1?HzBtEmdHhV2DL^vy=C1iPXxJ*MHp`ChZbS4<q9`GmQwZ}SBTa9
z$)=HRA5S}sk(;co`2IS*Dm?K<do@?PpWBwn`4RDQA$eb1XiY8ZYd=218bGmHKY;ok
zi3CW@WN_t*mUm;PQerMu<DPT)IG3;$!Y3_r$`qF8-G%>_l{=N=lfH;`#&z!WW=+83
zcME}mH@ieKvJ5;Cv#enXJS7U{vP*uK(CaQH7I=~L-7(Xiqh{H-XCE4fy~&Wt%*Fky
z3cg<iRH{I&ft1{#{|r)?;GUa%L`?%-jZd9C783Vc8ppsbCWIzs^iuq2g0Rln)K}bZ
z&NKaDhcnvJ$#T-5L~2jt*+;jGIiGAfTn^qg<%CbvW{<SRO5S;@8~93b^WF=q9e)(a
zAb-uith|Wt&HkJ?^XOIVM)W9!g0jXNF|w2t1GHgVYN(#D-gBI_)ToqBgMPdS+;#Wv
zmsRhCU=eLPFo5ne=M47^v=mx2O(t&gk#@tVTabXuszR{&=%vnVV4O9pr3kKhuc&=s
zr4W8HoXdelTlj?Qyw3QO0lDZq=O*z>k%?IygC337Gv5#c7)9r^?~wyN#uq?(wgZ|%
zGRq>`Kol#KF4aU0Qd|Q*YyL3f8B+TC2>mQcG>x`XToi66&X<=e$lcIA`+Y#hT?FrY
z6m2^Ue58A$i^{emR{kK7j_sM#DlOa)nz2c2j!WoBRzHE?&3Y*ccqMJLdr-c>Kw^ff
zb-nbdE?POIL}iUJw{eNwCS|}BRw2tH;boTh%|2dE_t%O9dDPs9MruDz3HGxgWA)KI
zt@@Bj25r8#Z?-a&d@xzDkk>&@gS$P+&X+fLL9lk6Dz`~?WhL4ciG=V(aO5`nc;V;o
zY~C63LwF;k9vSOuQ{M)6OA?|N%sE%d6RQ*#z<P~`A2X7i_!(Ug1>?q|N#TmTcyPX|
zw(ecsN3@+o#J1%<#|HJxJjKB0JJH;4^6r1IwdEgyzBg}%o=KC*5n6C<uY8jRtMr>D
zgw6?}?`Rg<nycYYwjh;^jxx6^EaAR9INEtk=~JgURPU<W<GE%i-|E^n9=lOh-7ZR<
z8&g?oaXqV8v%e`|fx)q08Dhw~)5>o<wP_&HG81bu;{inwqR)b9%g<9eH|k3(sxJF4
zy}RQ*(aMDnpnM2sa}oNT$F6gbZ!*dZ1RG83n16w!2yx87Z*+7xMhcVuhy4Scv-Cth
z#&y3~Uj6&Sz}4q#r$#)*5C$b@DK%fSe&YXD_i(SGNvGD*q`ZC6trPa#(u8hGzWrg)
zmcWSkyB*D0hrmZ5IkfEc<QCr6e*`5fvO@LRTxdbYAt%jmbqnd**?8e=TTgB^=SywK
zIP0*l`D}{-AQDs-iSHK;N+Qs{xr~Jtu7eBaygCx3oND*57cqN#fI^dCzaK-oNw*#6
zC4-$Bl(v#3?i2t8V0kzixyW?>NEf*0k}%ByC8Er8s!ugjt{Hl5$xDC!<JM0_wJIfw
zIY?aCtb+xwX+KJlyT?TA7<8>FL%Apx3A?t#?3nWS!_}-3ly=LR;mH%dnn{Kw!62A(
z4BGm$%*(D>?YbT2WAx>dE~&s$6=P%<$I+N*2N!K=&r7~bMLnpcx?fUzC-T6cctU%)
zLyr@Aj9{P&culeVG(J*)?tkP2EWN;<eX4-+lMLh^fz3qqgZyGIP_)bkl;w7Wd6YW!
zhUrCf-jVg8xr6V7UkE!~dUpseeIT&Cq*0CmljL^O)qfXF3D@Eoqi<ZMR@OL7-N7{4
z+du_B`ON~v$^twiz+PdR%H&+vKYS{CbhP<9opu{IZ7kZ6z2^3>nvkOfz2(YEunO<)
z<zMTAWy@tjjgw2>e&}?p*W8bHx<9pC&X^!VAQ|R^2JMU#9?ZlTy;)jB3OOio1Hdt#
z=U^()t_9`;u4+&v+D0M*#|W|K*`J=|k`7)GFmQ#Ce>yH=z;jL{==U-6rz$($oH9h|
zdufh8m{J-d?Spc6H2x}};_==xIv{)vpH@L-r5truHJTeo_uy@m{e4Hj!mVZ2aE+Q4
zCt&cMH@vr}7;$UIs+lg^_qrldcaK6fcibLcw-`XtmjT!WE-K6>zxmH7ZI7j0j{!NX
z&Gn>R;1p2=IramJX-<jKhMgRq6dzhZ+n2aR&^6&#%JzByrN7RL{TPh<O&F@W4%&{r
zl0El7Vapd;9a9=Ps8tSKr^uE;ges*NcERA^gpMxCSUK>2#=7_Nsz%cr?dh~7jWo``
z7)gA!#0D4RrV<y_Ohflo3t081Tbj5L4(FP7KDA#OD7j*7ZL3W2XocZ=T9aFcHI><B
zvG0|%TQzaANw>52q^`bi8JD>Dt5J6vQ#koY8sZuVoq7o4CavaWtR32?zITRFb&vVE
zF1-`eozxZeILpn*1|!9<gzrb~LuMm@Snn@hB%;l$LrBPM=3FHCfno$4vPT}<R~0>y
zA84PVA(H~WdK6tYLD%}ZE!F@t4I=0;^*+GyLg8)c>Pe4VwtAj!Pc*XrWCi{PONST!
zy@4w(hWZPXYz78wL{^K!5-a&fSiZ)B4foi)DV9}23UfY>Re?5wWJy^*$Gx83FkhVK
z(&Ur3Zn&NY4<;KcK7617rf@rL(4{SRa*|tOV&_hi=FIA3I<^A)tDn1CE=^yV=d?%@
zDMw%-<g=e6NCdePaf46RWL|3yw7&tCPr@QGkU=QWtvD7(Ivk3;zfFo!=aE<eo%^nS
z*X<TonyEKd=k&5(Df06@`V}<diYW3sngjE=!oBy=39B(R<ACFgO5ir{cUw3umo5~m
zd-irIYNOW6>!uhcK)>a!W-~Nr)u^-x@80(erp4(e&mx2vmn%!}RY68X(Y59?ysiS?
z+{;72tEkPLbLsLto(A)K-^;O_HaPqf7@^Nq)v8vD^)Bx_T_TACA!J)m2-AH!Nb%q(
zaS%*bZNdJPX(EXLh%Ei($yZ#Q2f<;(8=X)RrN{=9_2h(k%zo+!+#*CkVvgZI7?W**
zXkrg{A-Ld|UOGFy%<#Doe>`zo8l?S--4^tgq;W}~(~)U1-GXy|xk;x_72j22&y~Ix
zow5}A%m=Fc(sOCdGcOt91hhNH(&Xyfrl(E=J@J~e3rU~KwqC?Vd-g(mw#gPoBm4aN
zs)lS6I2@_&AMu6Dg{VHOgXf_h&6XwxO%*mN?pwHR$2fVPy-|=YQ^j07btnlcV{(Em
zjHK01t^TVY_OE4rM`8(UKAL@+v}Q)2^T~b6ZseR~r7CgF@BwyFu1KKOVQyPbanI_<
zn2%GttJHXEr~1$RkV0%ucYS3=zL=haP|d%Um}=C9v`op*MSyjWDzO9Sl7F`B^5xmf
zYUc|J5Gd`|uV<P#EX-k7i!q|Z#l5Rf^jhw}k^<1axZcQrd(sv0k^pfEh9LNG8WEV$
z9nd+6EJFrPLMl>=ukLKZdli@<E?RW#78~2V0qp}gi;X7$<ZaR*{CQ7o`7Pz-7hYW8
za0~}PcVj%Y{JqnWZ)!vWCH6+_Hd(ikgxy70F_JESy$Ff}4YO?6NMlyO@c{I4!3DFA
z2H@t+-*aC^79BM$#RE@=Z!ums$-oq={mL;rka4`v^g0Er>G0A^I*_FvH~!V*#7`&3
zQ$10!xzh7?C#FB<w44_8179M4=zU9DS}{1}*N&VMbE8XWNwUU%%isv*7k)9PVhx|P
z2#HXrz341BE93D&Swrt-?oj$x&1ZkT#ozyEur#^BxMlLw1tPhlslc!LHe(_DB_Nz~
z9<%Rj=F<6dxwk6h&6^g|Hhee?nHt>SHyU=oDY;@|zTkrEWh1ZcMhdegEd&8Z-YvgF
zPD3o3^gvtVLG~gN@0{i&ieb!4BN=@v#}6bK1pY@U@NF&N20s?M%u5uhB@F1!jQXTM
zndwl@kj4$UC1v*#_&6vWRReAv^&}Iuu11Dx^v*GcW9LP`>!0Nm^@Fi`mtsB(w<bT3
zFy9$kHIjy$@ma%cJHC`NT<lRik&PXiQ*s?%8=&!25Jv3Ym)(61KP@*l^mU|80*3v0
z(A6zVWQ<UOAu%O9UjL*`X2o&zi3n77)plw~YW!nS$jyaFd|p66_%`}@Zqpp<r)e|P
z4#aLnf@y3&MQe?07^Nea)NQ1U%tt(zvp<zNp*y_zu*I>g@}g@^*I-RKLrDY3+QaZm
zONG*iyBFLtB<o}VHYJwZXE+TJ6Ko7i6l1phlcz<5Nyy52R%Sn)nn>X1DlEbz<3U*t
z0t^rC8IZ0O$;$>Oi>uzIi!AB&qr_alkIaLaCqS%vrUi_Sc*n}@g^UP`je>wv{<D!L
z$U6IQ6o0QT6T;g%U^@aY(QbN$DZ3ZO9L(M5U>FY$-#48$)e?olS_hLd8Getcb7}QO
z=#Y%v3P^i5P3}GSZmTPk3fl!(NcAL7@3{|!6Hp26i48Cl^MlZMSmH7M4W{Ua2<5fS
z7`-UGR(BoFsMIMZ`|Sb0MlVN}dh4IJLxt*(x4p>Vj5sH8DRt{H3cD%k@mO|uR2UQD
zq0K_e21z*i6H`;)&zVlk1l~TtV58?&$|gBLV{g)1IY^9+s@r;ZI#50oCXxRjvQ1UY
zyhb4Z4|Cp=g5Pn3&Jy47W3NcTFW~0DOW&e{$rdT|7|{p|S@%4ouL02J+4=^Tt#?rV
z+%w9YNOyNfC*Ns2j1BvRA1lKX*`DHZy!3RFn`#ZDhdYFMV1->DvayK-f?L&Td++5x
zs97d;%1ivyD=T+&{2jkux^}v42!eI5yNVUMaka-6g=i1WZesSycyg~zrn39C?Ysja
zXO+J9KxuqTSQNKO1uXdG5f)v{Z_3u0xK%Ub*C-hmW#z-)w>rX`+Z+A$j?8l0##HM7
z7GkwM9pomB(uiwZl>`~MImUCla6sQ~N8>C;>8lksuFua5K-Kq-r>$Sprv7%Fh-g)c
zVrpbWQwNG-+;2BPMzm7^(L%-9NX3*ohk(Vp=-$k>AEMDCa&id|bLg2@ggC?0?P*Js
zjt%|l(Q-`VNSTdm{|rc0Dqm+uX)i@NxYR4yA5$8&14-szAj$0Tu?MV9bY!SD*dPKg
zFfxRX${h0B@ik^_H-D*oX2DzgF*oAE<KsepiRY-`9h?@?n8KesTAY!C;f8I^Kj}<I
zMb;v7jpTov2=pcmX)~`=A(e*H+kvpANd?})lXxN&tH9dw2kEj&$@%|qcfr`BQX=tY
zNzbICpA`V1f&|oxgvkj|BqPxSTU9(eUWk5k3((B3zv~iOxNr&y{mEVMm#rqbbS-AX
zx#*mbn<ha{tY;U-fN!xIKn2q7vG!d4{vL(nvI%Mfv8UO&SqOReXZeTWpd{m6N@~<F
zj|DeQUVnAn?+kXV9n&`KtbvFTqW%VMtRT4S9xGzz<h_Xj)+Tw}%#Fk)@`1Pwt0LLx
zh)D+#7lO4>acL)={{s|m^u!FBl*U)pBdZ{mwh-jDS=2@azce1VsD>)OKWv)5Tu29!
zUtz&ldfLHlAEEUqG0Q6q_(>T~2Nny7g4TDmV1J~*{<xS3f&KBEQ^TyeXyV7j(n3e}
zK1a3e^fJ?mc`#qtxrueN3suUqDs?)JxT}1FPrHGQX6d{a4kko}9N@w!2bO$2tyC@)
z2!?(A9!SVwcla8)W%d!kweCQ2w2BS%fx&+jqDkXQ^J>5*wsPF}+FurEJpVnMO3X|9
z$T85h5r2JT))GEjfo*Q`s?^CtKfN1GKWwVRu4*w(-#Og)s{hUFYWC1ZWD^UWpk{*s
z9OWZy)xTs3x3%<GD6upd%eaf)@*b>|{sC>5`2qb1S***~u@~-I<23I0BcH`F1qm^{
z9Ig)%7%5gODRUWP_{mzYOhtO>#&RL*+kn~-wrMb0l!3HOe;jBQZzp5Pe>kz3Q(%vn
zU0(el2c(X;lVX;`-{nq;l!B!m{o#8E4qY5)Z>oOc){uJTbFE{Ar;+bQ|BIR@$1{W&
zrcR!XbzSaTafQpJphP~_f-=hEFr40awb#8L6v`TuaCu~re!wAk|K8b$gTw5(V(h_C
zP&v0U(#($F+HM85?t!lCimCC=wVtelQB}bDc7P4z(t>Syjf<~qjI|FfMYsve(a+&<
z8UhXi6b6h$hjwuLB^e?6Yyb*~LlEOcBOQ1TbobDjjPH{C+YW+%3l%%OKZ+Olu)iJJ
z9+5-BC)hxFgwP=u*i)za$bgd^&Qjdk5fLphhn6^FuH>%CAVSho47;D4@&|jEnf3BZ
z)baMADgk8eYue(+#`U6+0oMA07t-zP@8pMsTEdxk>HyP6-|E%l9?U86<8zx@L%X&&
zMy-unU2-V`!SiuONQRG8aigD^Uf{LfteY}(Rl0$eCUH#_-kL5m!~E8JFPL5TXpo{!
za%fQW+FM!Xb&EHb$XeWt^T?#0S4RT~DlwsmOiO}*>7{*xsvsfDe>CA7xoS>g`3QPO
z&T_&qyT<e4d=pn~1S3=B=sOv%D^SS$joslr`{+U0_I*zO2PUAR6uWfU&y(lO0<y|t
zGXv?MUW}<8EW|L+VdI{38AE#y$GENzvQ7n@gmb<_!BvLaC!5ynWFHMr$>TG2ica$Z
z@-GJpLus0!gEaA~9dnOK%q}>QiXFdNtnw|h#E7nLA#No%vJJ60>VX~Uv_F+wOsDNr
zzCIe1W{hi%7<QL_><AG&IV$NCo|F;qc08?iy|6?a1oMZUXpMf~{<7nWcEV{tdDr{t
zYZ^%XYr0xzXf`NkULcYcr?C3}YVIVo{ye*se2@rEI;=ot>fAddNh<RnRo9A{ApHNk
z=-zey)`{68Otk`E#<WV&@7{s}Ydqe%6^&E9b<EO{7;a6i(>=>py6|~!q}0**Uh%37
z^c-9Fg|ok;dRy>i0lkQbTycej`!dWP_t8UMQzg6Zh2~|F(n(=~djkE)Yl|f(XE#G7
z*G=|hcX0_8k+$Y)p=@RbKUP>(tahNPQ^JV7wL4{RQ`N4Yhyk^VjbkD^Ye#Vsd{M1R
zG%8cmbJpoUHXm)JJc8BALMfV|2YS9FKqPjq#o?v>3gyx>q+QRiFZ#=K`xI|Hu|*G=
zVLw~!sFy9yEL<|;8Nv-ubM>rU3&a!_^sF&&_1wzX-SpbQPP<}6FEm-6hQhG-WE<ya
zR+ph?b*xEYzr?XVverd_3JM2Pbxl&YQyu{?o~Kyb5w-BcBVZq1EI7IBBV`Z~T$U^=
z*6b-LXUsAc)iP0L-qNR{aZ!6IlG`&Stt9~qY7L_PB5n0U-=kV)XA_V;aSBWdzPOCY
zlHwXs=f>SznO2juw@!Z8{342-Y{FM#UE23NICqL%T4kC<xm{qRhp?OJ@+%u19n;vL
zPT0xLy`O5n53t=|WusqP3h1c>2=s@%4%WrN(laEP+xNPoH)dQKnVYcPfUJB^8F<<T
z3ie0T3b(U(LhJWd=~}~N5>yUqH?>BFN&DHRNi#tv-Fqw3*OQlqHon(uw-+@|u1g2L
zAX)o++d1UvetA_u8bxs1U!*hH4XpjcA(2lc`n*i2@~$u-HQNGX?@Q7+3q@rL$`==P
zQ~)tOkfFeXQV7^dcIc?#hik}Si4!L6ia)^NMy(T3jY(IV*Ff4~!hwa~$>9uzCaKeg
zv8y|f1o?eTK+|*F`(;UJC=HNeFiX9S6y7_g3^@GxF3<g9GM(2%aE!m|^xz16qHrK^
zDmIg&c7BumK)xdyB(n3iwlD(gCfur5y{pk*t}9BcxP~9|s35!9R|!o#?0#2ih=wSW
z8`zq)*%)1tyPyR6UN|Vq&B!GnM`HPid7pQhrl){*sDc;sA4d}dGpi>gq4+Ge(T&F$
zLd6YY&=ob#k;=sm8txNz;2vp0AlIaiL7zktk9<=BPZlq_qC<M}0RrK+dvgIiiZ}NI
z&-S$zp0Pb)TSO~A>h$im_6^^!d*4utcia%y6=s|hmTxvgna;uY-|MzA5j+c~Y&bz_
zF2U)Ed?Zh_CReCQLxhbBovwn~lk-b;@&k8b&*|urlH9RhOUc}{2=rGwJb-H^{}FiL
zP@xMKeQ8V7f^ul$En3nZ=-v5VpQgP%td(ptvS+pu{Gzda5if(2un0LsWxi0K@nui;
z#IPLRElsDt(XV>NM&^+G&iC6I{+q>bzX)%md&<@iT4;?8skkxrMb*~6^S@OpWY9q(
zn?M^3Nc8JsB0E6Ag9MB5Co225b^_%i6LP&D(M~Qc_1cBEz%NlIlV-K@ji%5Lky9~q
z2}o0HF0-obomhu4vj4n^+2^gH`AQ4n`~jLXHvuH5yOj^pAA-R*vo?A5`d)8*QW{6S
zGZVWU>$csgz>U~z4yd^b9EwZhlhn|iZHu{0n8cXCFAD`(#th#*I=%yf+v^-BswZAo
z7DdePW%9VWsqe&En&ii#$&#eZC(Xb$5D`60L3x;<Nq_XJ{)Qz`PmO6mV^JfQu6|L5
zSe82Bt=T^$e!A~0aZkj*Oq!B^$%Ei~`BN2%U8+_cI+?IAI`nX;+Aw#;TQ|*|?It0O
zksMR>;{2l@?K2q9r%o0pr{smv`Jq{<h)u?TOS`l6d&BQ8tZ#$p9>3-S;ukW<IQUQh
zpXgvq6LX6}GE7o-FcXRIW7`sNfR(^AIizd3h$qUNf~RrUYy2@r6om2p{dQoI)jpc0
z!#nx5l*XjyF~h5^XUV@M2557Ee|F)2^THw}djdyk8{n}#DN3?l9CZQ;&iR9Pc0R-D
z{{O*GN)Y5Ep1J8Bb1{HAV2*;g`(qj6ITEGuWrAZG&T(^OY);ITEJ=Y@0Q1vB;uEba
zo+Q@HWp-Je><!2fycq<)LqsP!x~gs38(NjTRx~)*V17H7Rpm9o6`Q$VaO&tr+1*P}
zo)qwTSu&5r;C$WxnYfZDdpJS-x6s!yr@GkR$<ZiPuJja(`A($KkxG*LSY#J=lN^$G
zNQeaPsN8ihb&diu8?GoCEOaT-Lan`#ZWMV<n23Cp--K58Lsa+UvYipZ;fjdC?V9(7
z!)s?;6e!`#TlxFLsC9}-xG3W@c!Zv<4mbsUU(iIK-BjoipJz$kDRJ17H5t*y<wcoX
z<X7h5-qrZw|HZe`U`>>S%CJN@rtU6x^^z)nBzm`tji~?kMCDGS(FUr%L#Qm4{Hwrr
zl=#tW2cU<{U3}6M1xPj|EGH2R?<E2g9{`&{msp@s>z|F0kLBRT-2iOd&Hn>zwnqe6
z;b0Tx;CH&CQXYDkDJ-uml?s)V%<q$rX;S#9w!$dlkH9R@{vI(H9^c;lj0+?CSQ<=k
zm%pc;LIVBw6r}p9#G1``FU$Z}*+z0px06a{7KvHfacG2-46Kei(4zV3Zt!+K_lsO>
z)18WJ{2V-_OIQczo=3k0X8xVj=)({Sf5-T6bh{1syl|#nvugD__7Qm&KwUA<6a1->
z_+cXt(rNl5@G&X3Jw95X^5=)XLwwpT>)in|lY3J<p~CB<oBU0<o7)=}d#!gW?%&HO
zY9J*5n3yHY_TF#6_m&mfcs8w?T&6;_<u@DeY_B!3M@?4O%wBTTCX7=i%pP|F)qN!D
z#;apZScOFI|KTeB+czgWp1*zTE#ipjYC^uA>}-o@fCt}u*z065bh5X*XgIe}Z0Q_w
z?KH(uHOtqI`Xck6YX*(J;5*Bj2An#XpQE}Lc7G*IjZO5r@8(kRQ;j>IkQu4rUK_9w
zVRH$uqN4`CtShc}=gsL54l;7}zd6WcvO?H+MN+r$dPW3<jJK38K#7L92D%pAX^gA|
z&8I*W8}B!m-}taKblUhy^<X&2B_$BrDq!!!4jyINEUW$113$CdU2?pp-6mi>s@nz!
zVXIg{+OT!Z;rpW83u+xNjEJ*}WsssiM2<!9HPVFn@%yn=!g~dJlJYxgW>?5n%8Fuu
zROgQ-yw5Hl^2%@f9#tg9J+AZo$bw0M8`G?^hxfg+_Tb3aYe7%GQOx2=sh(iMqN`s>
z)@`9XqPn-%3Ll<X2Ud#fYgEGyy<_J>0eQZ}pNh4lR??+K19EnVbR0mP1z|WpJV1PM
z{{`7V<vU!Y3I!E*h(OH@E$9!O#J$FPpE$5!5^gs=VJHm1)0~uDJbwOr`^=wz4#@kH
z2|(id{Gc|g^ImO8#-4ytlWv<pK;MOBOcNtE!2Nni$&R<iE*uf*mUh`p^xe8xfS0ad
z&02g25B^6;$plx~c4Wu`tJdh7r*ztB5hJ)><aWvS!&D9hZtPwKMB$O%Z3qn4#M^RB
zh=MIdVC#r*MEJrLwmz!0qldqpP5wh(_qD*3!0W>A$$q~qzJ-StVznDyvwa($KlE7Q
zS7F}p?9x$h#uDAz?mKSGZ|Iqog-gR6QlIIn+<Rn`n44Udl%BLy?B+f1Zj`pw_5U&V
z)=^P+-QTbQ79uK03aF?kDczw6NQ;!fP$J#kB^RKQf`D{~bPg#<t8@-9APoZ29Rtt#
zGBaHFbFcM2@A|FvK5M=IxUTEV#M%4o{n?)#=gi`*s;Y&)uQtDHdu7A-Q0anKg*>(u
zNIEi(C0ZnlYiZ)#L;EZe4)YeiEgOexy2?1OvXlyL2dKeKl@|S|-RzI-acQoF%aYQ^
zIc3=nUw-h7(8elk+iqH&KdUS>+xg)YWY(|tpVx)YoW(i$$NBL%-KP$v+HbK;el(tE
z&Rx3m??2iP#uttTlxmg3Qdmy^;Hhx-3Nm)Rxre8sx$w#I()}A1%@y6L0&=$bhGksS
z6b|P<y^{%+qN%T5EBENB@%_OO<RaRoC5iLMR7xVTh`lXU!_>X{FPCwGU6i$tio8&}
zj!y6R2c4uYg`MXdjFq)pX@SE|BSa}S5^nYP(#)>d*OJvN6=&4$1oKE;G<Oo$;psIH
zs^HvvmVOBD$rqR#6hFT}knbp{Rx8o&u|rsz<6g5V(Yk!uKcDHCVm_;2-26{s5u=&?
zvZ}5~^WvRSlGj^*b>#S0%Ec=GjO6iopvuW>HqQ6kjjC-cgwR`7p~QP?66ldk5pm4l
zl7f$CjZ16Svy>d{yw7cExq7psvRx30dEU_^@CUY(WK;XZ;LvVH@m(LY`2dO(F|1mP
z=+J6a4J6z+eTde2W}s*Gfw~H6K<q>Dy;Efq5hjBAi)0b}lgVHCJS%gf2kdg6U8g3;
z4xZ0a(AwhPB4H>BhfUpkWcn-gjE|Y>M|;WH=o0_-Q9iZJIg~i^77HWltL;%)PNTz;
zaqo6z%2LNhm6nejH=k9flfB=qS&tEe&({igO>C#M8=n{{?51+WBp3`V3O$q#wqvOK
zBHwciyN6HE(%VW+k<BDmgg4iJy`wcfG56r5_W`lwnBcdASw}&OBjJ^R*v#LNXMAye
z=t-m$YKjbC9Q3AAySyK-Mq8}Ck1e3ae`LBr6V!GNV_?^ReDutI&Z~mbf56m6h<%8*
zzdK~-@|G<$wqmYwh<TmbUI<VH<KChtOm~A6SE8MxL+0*;Q}Q&0cy2MyGzG0IzUbwT
zu&EdK$lr>9UrsY^<WVY?9&XaVme1oFswTC29|$(?Jy)L*fX^xTcIrp3ZP%<r0P^D8
zKTYyG|A@XyKn<491hY7mJ~lNmGeh{b#OJy(CJ^bf2D!#)Z`&HJZS4i$`ZoL;SIXk5
zKT&5-f~=s{f%4&WMP9?z8mFSom#?{rr#fkcV40(3jYxwhvoGd%==%;c<oa0uzE0_G
zUNamo$w{%kBiNKO!tXXBt`ie1uP2N3E6>_<c{k@_TZ<O=zmT0e)rsuFH*sO3W0ebB
zAAAEYV-@uy3+(pK;A$l*!v_S8nVyhV{0vhc$n_b=eX@Y{yH1tlBv~KR-9?ngUOOmy
z2!5+*;9mT@Jv9v+#rZdEE!!<TT*kEz98@pC=?pzuGf@d1a9Bds`h^rYWng`cgT?3l
z%^{b7K;&=ltG~Yx!%Hp9yZmTqGZUUBe6#3D9}lzZaX(MD@T<ePZ1@8HfFQNIVt0ik
zr6QN1(AF3{UFxb-Y2fhD5sQJ5he6XnNn39I{hM+A$-adK9u|1Wo{}I*uU(?xS2mkY
zd_HD^;*k}1u_k|Xxm+^Ura#}~hPD`1I~W^~AhxvgSj-x`ug=PehN<hqcTCO^!5;`s
zayliZI~7>9MZ=~Ho7iVQ4CfTDss>L}s5~CymNCif<9Y|1dc|tm3F%EW(DmJ%naz#s
z0X)x~_a?I1XG;ZBY%`mNDutAC2a_0ep1!tueO-S;;jfV;r@8VR>mw>tw^@Q=o(a<!
zb6rCU!J6&SjI@b{oP(m$EQ(DhjuzNp1cmLBwbmYm9kpN~4`Fkv7{34n$?X6}k84Q8
zZz6b_8Kqs>8Y9){Tx57B5nS&<&%Z{$D)L?FUR<_2>ZJkke@Sd~11)h$Ijiic#CRtX
z{{j+ElRGr`Hs@|+{&7fe@-}KEEZw>{#_gOtt*#ht5ew(|oM3ST(4iV9|B~%303_KL
z6K>woh6LYD-t>qMwZ7Q2)?2o5*|4edpv2109-mCzROP2xU2khzSP*07n10^gwRe1Z
zpO|>Lj;&Tq9=I(Dl()rX`nStbJ1bYEyXQ+2m^&z0>*(tCGcy>Q*Z~))UQ?g{@oC^i
z1&?BWCgTo@?s)WvTw<u>bdbyx@2^gtodtFND{~R0J3tAHlWinegMLwlhJ$qVnC|}y
zIH@w<`%$^s?!B|EjyJFoDghS+4tHC#b>W{J%K;gI>T~klE6LV@HUg<Ea(&JIu2Znj
zqq7tlR`@fD>q67ya}OLv6Enc(3&;$<(mfmF?^*6={OWTt4a2l?G2Qf)1crfX*<pt<
zs)kY5bq31v{R%3il-Z*l6&hGYc-5e(My)8{Vy&`qxzaGzzPT2K;E}1v)J8=SE0yrm
z2J0H!cIWC+4L$*0%aXcjzCKi+k%qX>#_D4#pN(IWE?1C6q;|6bSSU+XL2r03efy77
zfzaFA^9UVVjo9_uu(sftf3o34V9bo;XV`s2`69WbNxUH=LRF>iiHtLV?cRmu7#g92
z(6Q(N4n@*CT5sgJX@ApPj|AdcN%Y8>o-3`s^rT|2O{Q;~q&2>FyWp{F5v(p4CAw&i
z%a|{L+P}5gvo{c~{`F1ez<@o+rjX=C+iOYsD+?EvGL8autYRjD>FFDKcMOSLS992H
zUj#3uasG8R%~g|&kvDdbDT{IUTlbdU0Q*~);W$0_c}4|DeA{g{=u~1kjKs8U@Bdq3
z28_gT{lBLYTbxLo3`yJ$Nvunm#v@k}v6wSh_9T0+*+^4lk2};PHgf!y*Ccr9Ee9PF
zd|YFv8`{o=6)t5Zb_w$2ZzqUGtO9MjD_nwh(Y9@3W&7IbcoNl9m?A|LM$wzlz|tRX
zDnArd`P5FQd$3jDn!CX-7{2pvHx)94vk#wF7)9bsJhuCh-BQRX!HxHt(ePu`vXh%*
zzem4d%-Dy8^p+#-dAYQW+J0S^Lj1Md!c`+HLhze2ADjD`GaY~G6yC5MC1xmxRZhOk
zqmXj_Xz~|z0bg;^4|!`RC0M3bWN$vriE?IkT%CX2>gPH=0Hz>88*waG=%Gb(g?U2#
zMyz5m`ZU4-A-g)8Jr)+ea{&StO5I&<y+arE)hPacMKfikQ3qk51qcWus4D$^fnSu7
zvmBo(z%R`|dR#G9!L#NqJOZ@W#3<?Ujrjed*6;AEjkA$&4`wg8@ms&^H+tug@Y$C-
z6|o=ClSC|jA<{!-f3Nxv4gBb<Nld4k?8?!Y!TiPrpEq@XEu@aOB#p#v$^`4JbCWcr
zc8B4d#w~YgZOus59+O%XY__>g9QuisTy@}LpKs{xKnUhnlaJb4_^->AAdw8Ny+{sX
zX?|tracbvs!;Opk!OU{qXF*JHto*T)7XMM@@Au$Hl-N=+6Fr>XTHSJQCyiR;5&pGG
zxEX<v`JQm@@ygcl-s(!_a`EBY4NA!a-e29jL<FrbU68T$oE9Rjji=0(85j1Tr(yxo
zdgsYwtm@Dj_iDUSURi6`Z}H|X87Vddhde#e>gMlRuWfx_PNz`S4vr483<0^4vc&+`
zsh%<R-WB;_#7kLE*i_G=r@*CYfJ?1XtI?!hzcq0-_3x$E-rtzp{bSJDzw?V?of==$
z!Q^`*VX4j5#s#wt88xDk+PGtFROQ;2V%w0XUau`%f*WXmwX-jH*bL5jU2vP_!&7Do
zO?Q28+`VhJBXXQBm+ss2+E*xDPH?fE9M8Q>k+;-UeoS1bTFK4g@|@{mFM0EB?vH`+
zAU;x?)XjP!se|ocem}T*Z@P$VA4#%0v6;>W<*x-^Nn`$x7udZi9-FpmcSW(D%KPT5
z$_LxLeHj)GkyA@VEAK@TnxLkKe7Spy(7&&|9E>>ZQjV4*YiToGzi%_wY7A)VvT8eF
zdwZPgRP3{PYM>!y#Py2iG{iNRL!!ij_RjKjXJw<x!M3LsR8G;?*d6bw={>znEl{=8
zw0c?nJUt&j|F7}_v$~m{TO`lpTj1*gughMMQxYpH?e<o>7uyebjIRFS#5J>c;dT&V
zrZrEFr|BxpyPe;<9XDpQqgb<QWMf8gujSiDVX3iznb;ALSbiPlM#DSNDqU+zu8uDm
z?mI`>-8@$)qBITn3xZrfitAi0K8ml0=j5N64L-#zDGX+%wHp36W-(zfYe)YO>zbZ&
zCzur-KI_%Y!q&_Gv))FJ5y8#nK)wE)Uc+FTf+X)~az&;_TrlUZb)bJsLhdD75)hNC
zE+v>Sy_^>nzI~o+@4*m?pU=MJPZ&x(JMSQfRPf>s>e>D_*|&wq%k^*>h1mr>0wH7e
z^zk5*`s6H|z~Km!lBpzve$FkIndrZxBstY=uDm1D-xB=4eSI5<>*4Xqc4_3z=&jKK
zBI2Z<<(JxX3e0q0KX(cdy`g7;=uGe^f0<CFXVtwIK5V#8xvoRG2T0jk+ob*fHxVm*
z+N+s^9@53ezq(L8(ZylUsV=1Q&u-s&`3O+dqzfyAcVGS#6^22&Q2h&Q?>v0UNZ7#y
z&z>}^Yh;#^8&zLh+dDtSU|Re^W;7AiSIfe%{Bgd;kxDlxMAN<eud3N>ceniR{qj)@
zNw@vaOJ$ZBqdduYNHuk2|KRbXsdK-^V|&wFh>5R#P2PcfJZPNed#fAPXE&|DPp3vo
zMg3eSrln5L_;geKFtl9f(wCc9A3-x!;ddBXUibMbK9<G&h=pi5L4^#}n~`FcpJ5F4
z9XWt|%$gG>q|SaA?nt4T1*tIi^JBIJm+1!bdkAi4O7H`A)!<!Dmo*7#v^V@8Ek6}U
zg))H3f_|HV<w|XY$(usv>H;Gdkp(1T^2?-5AYMH&j7h`l>6)w{(s<(qVth0sbwY~)
znb6)b>l@q;(hYBsWdBA}1R6~`+u6At5D#OZJh^7w7!fEcBpO_?)xJ}*!Q3kJA+LDR
z9+z>#>0oPdL~)`D-sR@^$))A8bd88$4o$+O{6x>{_LD2fYJ5gQ5o~CxCbA5FF_)#q
z?EO9U6j{+|dXpaQ8XtV#YGbu1eBp$wb(w7lPsM(ch=2QaL+>ueHEcEtAm@mgcA9&e
zmbvnYz~nt_D(Llw9F8<74Y0{4%P8TRGM}5g4O?xtNTU%~9+`=86PstI6Rh0$o~bnu
z$CxtKq&m30Ry3CBHlWu{i?5EOD<+X}TrH3MBerCW`a`(HPInWplTu#MpsM-Zl1aVn
zPB4{z88J1=v|?Y=Nu(^dNl=Ugj^g>dXd~w4Bl7LAs;6`A7N5K*QX26x&nB#Nv4MB}
zG1V=`E5QWG1?^MgtQ^?L@m&NBms?M8q@mpGMTGE%i`v#|nDcS(dmWzxg5!lU_M`F2
zN&KmW4968yQLF~D9-`Hx<UR2mtEMyOJ^=_3z1d&wWkzKfd;TG!{7{75dO#5TT=%R_
zRmTr5L8*&Tv(6UIFme|D7T9KsAII}NtM0C%8(zr}3)0ikWyCdQItOT5{!z9E<+U=o
z6~AiwLywK%y;r-Rv)$;HTes(xn`DU&QDc$_O_-?)kkLQ%oHs2zYFnvWSeO4%`3gx-
zS?8mnlu>e|9Et)F@i%)U2wcM<igLHKt9Y2O<j-Wv=CQB-8U|m&HL`?>`n=kZqUg6C
zA@X+matpo(!Kt6THe28OdiYh`n6Ia$45~}$yzb((^jSz#CBnVKNDj-`ArJMMy*;x^
z>%;NnjStxg$#E_fg{r{}<-&OJW<B4nH;^?NG{>`?jIk`0FnYNiooOTOC}QA?A&zHN
zcFI7g;(v7hIaaT%_W_Kodz(dGl+3eId@i%WD+6+ZIo2g+V_4o!m__V}t1k5b2u69e
zb(<?;!0!Y_d&4RQVWt;O5QJNvt?cXd6~WcYr|0YMWsQMhpX|=`+Cdp6PML#+eotL)
zZeyl?HC;Yx_3VLOebTl^l?Cl1HKI=skQe6IEqaEB^O}#uzc!9pEcbl+Nr-Hl>q%S8
z@_1Ah)HWA#=%`4^IYFCRz&LUCjpM)Du7PvHNy=Ks_fD|odX;eReiQj?k0klpvfQEc
z3SB9{()xnCg{uwwQk%jqF4WT|)3PnWIh-w*2mko~F8%(aDuneeu*y3RFr|~5%Dx}4
zk?id=P!O5+t59=F%)9Rj2uxJe-0RAloQq|!c*8tD<6O4&K$qrLKaRJ87p((b^3K5D
z%7Ay|i1OoZlvZ9MWsx2(;k7Du-kDb2KU|n&Xz9-z4~tAgU3g8UQd2R{+?45GJfdn!
z*U}pNYw369JMnA|{nh(buZo9COXU-&te<@y#YIlhoBBt))Jf$2HowiUdC_fGewyVW
zP=5~1)Jk~DB$9jT23cPK2dMGro;9e%Do6Miny+!qj9jIL%m#wW(kt>|5pg^(i<O@z
z2(|i{k&5OMsGSrj8=28=wT9P4a|+kOX}~#@=v2N<<v`hD(A5Ad*;F0bTmq+L9`<ZI
zeM1EX(rJnv#Wfv#GLQTp9Lp7F219uO?_(udpOzb3xOXRsB!-XkSi+1(uBiT+e!>IB
zn(hVCu;%7kA{wSl`;~~J^3F$;+SWbfWtZ;_`1F(eTR!IMhZhu>iA(#K<!_OtiL}Q3
zEp~f|`|-l)rs13FAWi|MK+@k+yN4IF20k&b{b=z)$bv8AWpwnzZrYs?R}2-ac|-%*
zcMl^l?c7Om9rY4^v2L-FlT6t1E?QuwtAGA2q9w9|&!V%*o|RX2O1#07)_>b!qQbR}
zqochulD~TdmNP)M*UZB@m9Z7>5&}++0mK!MdgpOR8#qtQ4Z^^z$J%x`Lc09h+iB!_
zy<)}+-{K_<Za>}qT$Uul5KKQdQhw+0<hx%FnP$YN-SaJc%s5F5C74Y&Ao@VCGuFHr
z=T#5iYznw>N)uIyPXfjmL(9hs=wbhLz<kJmHFZ4gR%Qv$Lq1tpsH25I)yw!YnuM3a
zxC#E<!4k0R-D0KYI${2#;R<Tm6}w+dVv9>Y$mIUrm<v>+;Ix^SIWmV4^sGLp?Qa&K
zZdLmhp(aw(n5>)^%jE*LUyphALqcIYbIPmQtHwM(gWcgUxBTj)`nx5d{FPm=>rYLr
zq7&23JUB`7_4h!gola@<y(>q*+UfG}+DCYPUj_1$%*bvJ)%=E$MlSw#q|}@KU{=$Z
z0&6R-3<j<u7VmT_>^wR;j@i<&8AC290KUJUPMOF|v{jeL>^a^^@E}3^>0-U7;J@UO
z4yyLDmKjs&g<p*R?q|3gZ4#?~ewqU5LHL7f*?6`UFotpy*xo<Fka_-^FUWs*&ZuV4
zbZ8`T_7kD=3~{VYrEO=u=9au;fz{K{r)MMQY2@)bwfuJkiQ!}|R&6(WS_xV@YOGcr
zDK{s;8G;BGcFQAe>VZ#kCpLHueCq4VSl>Hy&gdq3+t`O#l_5z2Pb4w^pGYE_XJu^@
zXtVg;4_F?5&Op>tD*L?7H$qm#@V(Hng$DBV2gFSS49M&6)dA#`i_YgG&MA|ey}VC<
zg>x$C*%kL4`uRS>lxVUguA?+V%cpuH2vC&PqBLT!*`?U}bdBmB>M$!*1KF6xB`2KS
z<daTxtZ;0Pu5~M^yehHrlhBDFSo~po&FH<j!KPy*P;sCgw%7=w$U}^mg)!<v(YXiW
zp}EOo-OB$XFPkP8_ibjU?P1RtC>L4}+-dZ6or;(01CYuKL27dX;}BH7c43h_4Cr+(
z+&lVQF?>8BuDfogvih?X)KZ;C6Xuyk!~EM3;_>MsoVA2JfaFt4k+cVxs$^eKHfc*7
z&+p@(tnM0dZByl44Ofwh%WB=$Mjl68AoyF9%S9cnHJlkSl}>7>^J;MRgs_NtwZEhR
zC`M$O{t=5Rj(5;S1*#A>TxdtTPj;05f3l;HZ6?;k833;x@B$cG;q)2`Ah!%^3Qx$}
zNZEU8oHmHO*(597!p&hichkDC0+Xc_()Ht$CmsdXuGl326Zm%Apk8{+=zp(;2r)<_
zr>Jv2n<F9wuU+Wav_jBf249Tr8q=})ZeyjBn3)WDR9+HH3mr2OCUuG~6!rOnb%@4P
zoRW-r612f?`m>#f#2Y#hPw;;z9-t0y4W&1p%TOhM;*0uMM7_!&Yq<Pg^GOD0^J(_t
zSvKG>ZLx+*qGz-HJ#k>BaE_&(Z7<!vPA~b@9TEvd$C6TKI?3gSBr&;*WrhYQL_jm)
zNeS(}Jkpq}NKN;0MHj|<uYRqkJ>tj@+a5&}xXtUE;ZvKm6zEEE{ejaiJYz$Q_(3^J
zrO%TMYLK!Y-aLb4Jl9`@V=AXtBI_VUJO(LtuJY3qLwYr;6hj(xU@X6WQb^V!xv+Uk
z3+}v(0<aohp|tTRoBySCAdLv2L7vs}TQuJ+1$;AzV{Gt*V=k*V5}eZq%8cUa&iZ)b
zpyh)j+>X`P_E%{Pp4C-`_xz!uUl!`{Z`Y_AF8Q`>*iRPlkkl%qWM0BM0+durn{Qet
z4FPuKdn7)8MkEiNg^|OVMolrT7)c;$OKL&;|Ig&)0PtG99l5X*rXFDTjz!07`0q;A
z{6!&FL9yZ7#2JpST6&%T_#eF4*ed9nzuxeSHZ0>inMgGmu?nSArqzZue(u2QXH4ui
z8!Ul(?#p#<wIMZbVn-=ki?l-Od7~=7we4ahbky@iPB6IOO3_^4W77@(@6rT-?3_gS
zRcUk?LSV{(7a+6nB=D?kr5BHeKSs1X8h(%N7%<_Sw1^NsXWdSH;gTZM_0co$=l?}V
z@EJDsqwCA8$nZ4oK?tq!$>zcgeDI~$1KnPWq>trR%Y@q0Zs<<mI!gk!x#DG7r{?9?
z8aU_<iDq1WkGJ}ms~q34by3sA(v@h0#KCfQdrNHEc`c{@-N8hX4R(}|p>yHTVOzFw
zlx4);pvn=K(Xabc+oKe-S^Z<jJt|v!0!_9_6K-Wvy|r{(^S$4`t{DJtPsD4VjpWRl
zDSzC&(Z+Fg`3tiKd&9yP*i^84`AatoRa3XvpFa9|3TOpgD`~m-a&XqlGKw6_4#q)U
z3Th-elb%ce2jJX&Nf1cXe7uu$4V?m#0}W3)h~v-DJp>KXE?VpxJ%#mvs7kZS?J0m5
zx_t6RB6;*U5ZrUKBJr91yfkBj3yW_;E&f7z`k=9D7k2}AxgPhfL|kRNsPJxx3ho#`
zN5t2XnvM8<)UrxXSKTMn(r-qTRf0V4ogzI0@A3Jnw6Nx-A?*Xh?vbZ;JqeO?9@)hr
z4GvZ$@EO?ywFLPhCwsLg2gsh}gh7%NfsKnCvfS!T@k%5N<*zC?t0uz!ZnJ#;W2#@=
zERA=>>$2jCfS1biUE@iz5&7vbp|Cg1301&MKaJ^_B=9kPA<e65ITk9;I9f97J`hhx
zLg6R;ilkOK>YskbHa1|-B%v-|;WXHB*FpN#)F%oGp_@KtIp;8D2B;T1y7OicZAwND
zbo5d-@vDx%rus&5yz|;viF-S}TG{;NT)g9S)fTyL3$%fXs4ulW5-pVZQ_Ts9`wf1?
zD2v!Vnn~xh0!G@QtR2pr?yz9Ntg$@jXRRvy-9BYC?xA7>!QCHdDKiLV59N5xH+8ZW
z!66j_88v>VM5e#aS;>?#Rc3)yv3&49HNVZJ7b^dLQDF_R)-^IS?oy{fm@N4-&o`AW
zmKsg*nmNCT+jjS9;N05UBIjW}94qhUHE$~<ciS{{dwfW><DP44_ytu=Y%*l}w&WQU
z*zcp6vQd#<4wm6~u7DkVAXI<SN)vDC1!QG82hI~A0Xk_=nMyprxSlv2^c%E9!d(fh
zTS81=<!X)zxB&HwuFrgK@1DJPXZdT?QK%~>H42cUMpH1RC3S>FcgKFd-4OBCUB{ir
zM!O^_(RM>ClW&T77`RO?<8^>xd6(hgp^4sseKCHsrS{zYUPK3?=0cNF-ON~+c{RK1
zO-+xfiNT!0R1L%7qb;vzpF!C#ZN*OxNw44E$AFry{rdG?Mu{CyOL|M%jRrifaMy%w
zyU#IS<klXMWd<z$pHnGT=B}Kr>?6_IN|gR+WpV*d^O<z_X!9E5JbibQqH9c<0Y>fz
zXXC6IZBaZ7$&Yu6nR24lOZ2N|1Mq)wC=B2s;nl02?z|S25u`+4?4Avn{7zonLRlmv
zHC!Y)AT)_%<oj*b{f;eTAxlPQt@pQvj{N7Q&>y#C>`<43^R=>;9OClVZ!9}2wq)GT
zYfUAaNsTU<m_JVQP_xc3S2HgazS6a5_tP$NK}hb{w>g+xtw7+YtY5WtEjWe>5N5CY
zm}31+d@@3;Lx(7VjR~c8isA1nHxS8N!);DA>O}7(1+%{ZzD%t+*vX2Yp(dtfoQ82S
z&^D6oJntNaw(-N4!_bknMcTgYxY|-~yX<$P6#jy_e^J!GvrrbQZ@X302N5x%2Xy@(
z{OjQ(6`Vo*G8f5+;%`x?JXzy58nB(uuO%W@T|#!h-Eiq?kju3CIeH7VH8~z@@lTU?
z84;gGuo<TbgAqw|#m{O^5I9k*DO4M*qc6E0y*%DeN%hi+Zrl#;FW>k1*ybPCInAf&
z2#ZF@yHg1^(FkQQ)V>;wnEAuzfc4fpZs@{fjG&Gf)K|2<R9&`xR)fR5GGd23Rg-J1
zRxvV8z`oNX*hH=B_4yVJ!@fl`@G~CEgLQgHeK`2pA#d~AKYW#r6{2>kH-1VH3*_zD
zJj~9q?p2H9v5ZwF;;B)IdC1tatz?sP1$ncIiSX@bmv>{n;z#nwGn;r*fkP!yo5;od
z0fcx9Y+Sj$bR-+MwGN6;&gf9YB~TPVbQ;6703=Vh3_c`aUmp50EfH!m@-=>zUp~f8
ztj5ZqP3Cu$Yw$WM)d_!QPB_m>^PLLLN4%GV$|F9x97F{bm)^U4k*~ckWHyqdA=0cC
z$GPy>grebInm5D8&+jZ`L#X!C)<|Ku;H4aHS(N9ij`dWhbeet_n0L7^jFk^$YQ=Cw
zG~%_xa|4I1eq0u_$+b_(TzR>(mI``rbCU}E>o&js-+FJtDax8cQoXY+ux9op{clG?
zd3`rxBEKHX7YBTKY)aqJS8{Y#COaWdGNG<N1+nj>wlOWIRODOWl-oh^gvs|_i@5=u
z4ot&TO8+DO2U)I(=*&_X(Hg7&Ars?J>+Uo<L~guZP+NcAzdC<kjfwRFCo~Nqh_>+j
zU>5DuF%e<4lS=Be>ALV#yo@5$<kM*Cjiog%25fDad?!;*ek`Sas<+yAed7*-o4Jnu
zToZT){c`;P`ISK!PNP6urdH@lMS@Y59Niz)3pO+vPFp(P@>+m}es?rKRY8scY2luc
zT@QyHCkSrl*vp_aj}$pvM^E@p!qBmcX>oI?V^Wm&5vH$YY^ZtICqI_-Mm)`q@>WMv
zh9gl2z5fazs&D$D*iPM36O(G?v(t#5@shq$Qj?2oK%JERCeLWGBsRBdMezAtJYTJi
zLX-m$e5=uDwCL58n6$!5eD6T9mQgg-*uLjOYS?rw7oyUT9)GcDKuqTa1>$!~egGe$
zZuk*gQ{QB3fR8<C(E0H|^$&P-&dj|jZ3rF4Q_!ueebV!@5Jfnt6{RXcMk(HLVwBHk
zAfr^^&vi=Xgc^JCR?KA&7F_yJgC%)M^-cizGwWP%DnYkvpx;~W^7Rv|ET3_gINI|o
zTd*l(U=`GRGU?xwo)Iv-g6@p#^ubf)tKKb5^!|K@q6xNA9gN`Hqt)^1Uydez?L&;z
z{Ct5RpyUTvfvT>=x30GK8E>);_VM2y?Q--t@@Hy9W-febw(D~f1Or0{BSo80|HoA4
zM}Y9g1r33tN25d@O^Qwb5W(#-kjdEx0bMeqTrJy9>G5Osk<A3l13HZU@SY+j6C)yD
zlU5o$_Q}ocO5BdE7U$7#%M$IRqi%IyV#~x#hTa;MJOxpcACor_{D?Y--N*4jkT(1z
zNRy#594USrNh^_OWwgW&+8a3_4U}rB8H~3cOL?<ogX}5yt?cxHO)cMZ6-xv|S)9tx
zCUHQ0dXmcZt5zr`BVv#xAy((`QzbZ9HgRp^Q<ydGY6vDT%cm$w*yr+XGP@y^hljMz
zu+ZG5C~d1`cypi0-mhatkP)9+zrUiLTx#7%-@FGoH<BqRwOkZk+uEE~Bl2)g8p%t?
zNekK+rtYePVmj)?$!)h!>ntAVdMkq3N&nrMbDDVUwUorAl=5lG@codU9Os~VcwV;o
z(j*(l@-u_r-bHRzRQvG$uW;V-)xJ`?VaeXgoN#&4415AuZc2I;y#oX6O4Dy<jbfR(
z;8J??>>)KK&a-gHgQ+kc>~~jN5=%LRjZZxI588vj@=I6;rlj>opglM!$V12f74Trr
zrr#N6__t!tS2Q;%4o28Pk*en0O>U2qxfQLyk#9{*s>t`L)6O%<67zq9@y@^Yr%4^D
z=Gvi5V}5=67VJo4es1Fzm3&}5T;ROpybK2=SLxr^lcN=UuCI_%%5ui731j+!4^Yq8
zxH8gBB3}sYiMl(p)cQ7g&m9UGSMEGbarbxg3%J(CCE3mUi=g5lTV?H!V8vC}^a957
zPxU`y#qku!G{|lUC;)r0z>T);bUJTmzMJ3>wk@Kg{`5I{!oc)h!ma0Z4{0q7nEK&W
z9V(HmY0*SxX{H(jjW3KHoxOZza<;>UEAy+Ja|f%%6bKd(ZsKd5rLfi}@kXfb^qmh~
z>EB{HBYg=QQ(hFFSYbTc3L}6O7W!C!Tz_r`6*raIxMaJ@>9*SMAj&^qMHbV6Oh}m~
zVcZD`VPN1Jk{C=oENkuSI~&=^WmUtGngSi<fY=iE^gs17pH{p{Rw9EaHHtL)uOO{y
z2D_7mDBXOwM-OFxt~D0YeBqXLzUL~bI#zSb&Y-xt$1<tn;zX2CrcwRSEvL_dnKE^>
zi<|RIMu-sRNOR?aj6sJ??Xn@{=bV(Hu(iijdbA5;vR9CY{*T!pYI>6BxuQ#?S_!&!
zBS2&VFYp5c1MiJWU4|8SL_ulTjy%3bkU=|otfH=|%Bai;oN2ET%w=?-QV~_}B{n+n
zwjm;ll3Ezh!w=}&eb;f@y85<IL;effkEU6*Os+j+90Ca0Pw5;Qt)k5h4<V(BW0cBr
zq3v|6@I^MH)Zp0vP->dBBvz>%T(UpO=?);JG7#_;KLARFPsV*5T1F>5%5pFKP2P+$
za|%Je+F99_e4vcGWT9HJGE_3(;Su4!ni9_^X?{5YHgI^+Xsq*=nS6ge{O}T$dWvsv
zhmyvTjdXt9d+)Sx|Fmwc1*PB$y!M@jjHxJoA7&1cXr50RX8WtzV+g_Qgq3i)<?->A
zW7$g1L#<t11<N56UrC0y<ngCfJ0c#&vB?`eIzr?iPZYl$g^Pu)kXz{R(=G}70&>7q
z#YCrX9TYF~e+%a1*3@V&4&*BA-mGahc&ekGF*Dp`U_9bO{6IP^-Dvv@^FnYwL-&=i
zmg;ai<5v8nd0ZJPN7q9+|Lj^Bq-GRyYu>VABh5-f8Tq2!S-azmj8^FR;=`{AUt^f#
z@)UxF)cmNppQE<<4Re){W#94<T8__-_s5tAZiaF6E|suF=JjgKMIL$ovo{O&XYc7M
zRIYQx%oxP`dC#8?M}EBt&A?88eAF8@HNq<882@Omx%-$Y)2YU)9`Q2uPDS&l=j=ax
z!7dKHx5?6vs=72tN=%6o#TV0f{aM$en?mr}mUls-;h%BM;6qfHfzfe)C)o}m8ZSP=
zxtL6=rpV`$ZTz?8*P6FtQnM}OdmDn4Mtq1WHIKM@lt})8dpmc_%_S*&JWV2Dn#I+b
z2<smHow<A2HjeG!uZBpNy_Rc=V8u=yRaG)44wy`5yo%^?kJI}wyKxC`@}%!UWk+6x
zx~w7I9Jb0x)l4X7AaVuSL&hZ*h>gr|mCz-RVshG9@NoY6>)OBk{he7kIcBqVQg-tJ
z`3w2i_+Hz&T+!v79T^_UWX%7T=t9igbtsvod*u%pz|mzl8j3p4(VCfO7QL+HkkLU!
zc~n=@=^jn~dw_7~$U9xb)x=!^fv^@eb5Y}*U)qW()m@QC_17MYR~{!%af~ING483Z
zvYP|H%JJY(sz}3qpE@%|j56olOtFCjFG9~QFnWNw_xrx81~-k6bmjBfZ%bF=$nyf1
zXGeq01`8zdj$0pB{xoc#364*nD-+0E(>q>CR?D9`eC-5PnGeweTw1j$b$`)i9+1-5
zUWR6A96y=d796jO1p8|(WeDwW+ObARx$D$Fc}YF*Mz=#uM)3a$R)wm`CN~UfE`iHT
z7?k@Wge2u^9-%g9j8P2~!xejR_h^g|o;Uom##CrujK$uM+tf3%e3?oa6M$2nLA}s_
zOc*VcHE@wysh2+A?m%e1A-Rsl<3XHLG`sG{%`}lzLAQX)Jc*Q&e44RI`7qJ(qf}57
z;+nmR#r-qq)-crqSGEkOb8|=EOETdj$C7^T-V7{|a(GWXSu!w32Su}Qg__TrPI^@#
z2<Tudr^!s(6vxuQpO%Ss%|dW1y*+X1jLVO2@R~B^4TGRw8J{M@Poic%0z@?y*Zh|*
zklsSdsF%nRbbN3RMa2IWP>rN~6%+uPpgKt@?dK0?M{C6paRP9p2R(CuLE%oW+VOXp
ztOUW@!H#6)!_n<(<#tLfTdkJn`*}004SFO13qoFD+QyIB8cs*>tD&)^)&kbA?3cii
z1$O-Arsh8i?k2;C5V^uf@PR>J;maTdOMWjP!=QB$EdammHyr_3QsKppchcXsh|VSB
zJ9lZ9u|RJojhrR7k+51)+HE$uUyaw`ot~An_j1LiVw}m#&;6(pBKVAG^p^1JLC(?d
zmOY~}rN+%Vdmstm^mTJfOUeJ}KWsf3E#zb}Y-X}KK2j*!++!2QyjY~GZysQpFkrv2
zkXvc}Z0$`;{Ea^qX%q8E4%5jd0SBT{Rs|FISX$wOV|%Te2<z?-1vkK|UzB3Tx5#7a
zPFq#+z~p9Cg`=)vK=QsC;Ka}U{OT}>15N>fYGXR*+-aD){wEh*Zrir6xed)qmESPz
zTMG00Gg(jTAR7B8v`Pz6PnL2|Eqr)1O9_#Xt1z4Ys6X)!m?&Cjn8kh7!#-NO9Lejl
z*>zYasu{Dn`OBks!oXGI;tqWg(lBiAOB){Y5bW|lOaW@8*0LTlY_3-)OGI_#CvF!f
z*IVm&9C%6DHQE+G8ywoHO=~is)=cKJ30ugWxhbLtWf~!1fbC=|;6Df0s)4t(V>;we
zynRss0P^y+Ya*D57Ow?B?3FbvI()GZbf*h&4rmZ=Y1EX59K6Nye%EfvLxQMBQ<ZQj
z<xIT^#a7x<J8BniVri=M>;O4B`N09Ba`!c-tXfN_Ip6mVY!)?IT!%|TygAch#rJsM
zkC<sDzJ(3Wc31u#x6$sa)||u7jO>=otd&*Qst^ko%FeaC@ugD~9m*Ar=O0)wl5~Xa
z0EhFW#`FsPc#E;)&p3ymgW4X<&5G_O0+IZHNb~OrQ!t|tUUZj$NVsoh|2;r)JqEpV
z&74-e(0;xlGIX7=$LBeE(?CUQv;|j+ell3#6s6xz5n=RQzW7(kpGr{bkR?#BI{Z{@
zQKhBQ$;-xInZ4U>x|dh^Et-Tk3iR+wnD`1Nxs26nU!PxO{!8pXNllWA%;QOs3Xi-c
zls+;ruzG+T`*Xl2V*(e-EPNmvS6vD-ANUI?zUMKzA~&z7--pE&&je7B+apua_rdJM
zPvDu1QC2#Nm{+_!4;<0hv*R(=@y_DVVVcVyX@7Y^>JsrPElc=nMUwx7w;^>=*`%L?
zFko1Wi<Nov=awiKGW+9F>E349uBB4me&}|HYd%}Z&S<(}q+$R3p?k_!Yd!5wJFBy1
z47(Xz{~}*WgKN}hql$#SlIN}MN2N*YqIMGMt$OM0Oc3a$VWur!>HD5WFUQBAiyo<?
z_X@M(ke6V^H_1tTu_E<DV}JXzv5;4y_cPHNZEU%&>9?WwO!-a2o=LWg3(p$Pg&&L=
zcMtis?3CpDDj`e;A8!Oc1S0?{>Ao2xhJ%gSmF6Xfwm;42ZJYjn<t^`6|4!9D#WcKb
zqG4~@WKqI!xZJ^dxV(Ky^%hrK&4C?bJWJLzSy*X=)U_~5us)EDpwE_+c3r)VUC!!D
zkg5@Q|N4ws-JL?HO3KN8^(y8SS<oaxX%i1MmRflVTVO_5xNK%#L*z2h)2T3!UCyHP
zP?2SzR3b2&-RZ|;=Xz~xkeG@a_tU5Z_s(-E?GD1<EzdG)<kEK}B-Y^~|Nf57rzr-*
zNIQ|fc0)Qwf*HGkf0M}^7XR$sH)3oNaM_3K#uzi?QA(nVgV8Zaww!>L*Kbyzwm+5u
za@kn4kzs{+0E9@p|MKd;V-niIXn(i~9VWTsbZ)kZGa9alq~_OpniJ+IhX^Li+q+Pz
z3I?mZJ>>8n5+IZwhI=(#TPZSwQ;oUCJfv3sIfZOP$lHEWFn>9VO4HG>e-hLAvn`Xw
zb$IgnR0gB{WxG-#X?3EbDqY#eTE5Vti0r_IJ!nBY7?0Nchwa~kbzcAo>C=hwom#~X
zSn}5I5Gsra-wA<;{Fm?do`L}DJ#;sh>@r^ObEtq1Dk|9r)JZW{n@yEXb-UyvAI>%j
z0+o9$9(Gl0MqbNA<i@ExZ<%*5<VLeiXtxTsO&OL1@vBEteqo{D$nB3h-(uvWmulSO
z`s(!{oGz<?@wV!{0c)9mxF3VP9#=#+QR3co@tkhGXE*>JWf=QuEOmzRg8W@>QjE2@
z0?yi=VaQ5?mFv3)+S<2-?zLS%i}Q+BTmH7LV#r&3ZOy+RWh5IJU{vEb$zp<;ul}iG
z9i4U<J>1pT;MprU6!%uy;3m(d=^W6zsNE*kZesV_(@M?!dR#OY3!`Z(e#xv!#jM&@
z2;$#spx3H<F;N8j#b>-eLgDO7(D_sFFaavf`N<8v1JbH1I3?4L_`%AIeam+_%v#y5
zv|RyfW$dba8o4d>>yMF^7_P(s>4|zpr}DHagtvP0KAIbLO~U)B4VV8(y1-~7bE@6<
zEEK9l$7C0}HP~Y6;hkdgRi%G}yyC$!yworQFS)VY%%@5fmILc@jxNB(tn0cZP-+al
z>ON+G(5nyPij^TO+SrBO>BSU;=e1d!Ksd;R959`+fBRym%JoHQ_@8|i8uqdAr@Ekr
zTUW+u-X)~z@QJB<>vHjVNqBT>KT_GKemoTaiv5>-8c=`me^$Ys(|RrQOQ71=KtC$D
zO9of|#a|>CX+mc4u&PPohGn*^F_E6JfHWzG={^$Lr=La}$Gc#`Bsy<zVo~rWkm%LT
zN50th^MCm#Q2rz#x_Q5=FDnOO6Abdmo(Im^dP&z-NDvhb?&Qiw>jesLU%eC6iHUQW
zLdq>t=b`x8wai~~yiQ)+U!+3NBcz!M%Pfocct3sv*KI8piDcP}ZT0G#tp7k=Ij`Kb
z!&jpFgKKlcBwZOsq&`{-6D600a9L3TZ7$i3^+p(X11q`;O)&^3U&ijsb!cFa<!KK-
z=0Pe{*WPRiAv<+qRm{W;Lz6F<N)T4Vi7we~^QyG;8FF0lFv;i;tnSDue434ca(p#O
zA~+e#mSJC2a$=NPF^VZL&{bONP*hzow>2oS(X21C2~ewN-dSBn{sZ%MJSi?YfhA^{
z9cr>MSEe9aNXFo|GiDy_1R63Uz%u(oXZf+{==ofSA{)HA`R=(C>|Fq8DR-p-)<>L{
z_B@57(Ll~60}r@$7N>}&V0#<X!QK@A;@qHhjM|MN*`Ib!DQIsjv5gTBeHtm(=UV)7
zWyx@RG~Z+`K;A`&#6y=#3P897kl<SJZeV<kd(p!Vu1wSHT2<<5>oi|t0?h?@rAF)5
zDedpjE~lbtshI5h3)tnJ0hh0V5NX^Ods^)QLpvM*<k7FdoUu3^YPl0~0qvzS-j8(w
z4*tE&p8HJ$G(AkY*Cd<|y_KSGi}*-y`09~c_AxYUyc*QMssz``9uTq&TgZqJc)*MZ
zSG}u-(RxUuMc?Y?Is6z$rJ?t84oq%t86DKO#(If2Py@^T{c3rm0o)ML9GAp&lzF=T
z^;^$xK=a%Bw@=+bk?uPok}iCT8{?;|vOwP}&wl-LYGnDC11XEzPk4ae<_k~Z@!I@Y
zV|5QfJfQC@vdr4wGHwp6bX&i!VY*uI_0Y)ijk;#?ph+=#^uCdyHgR}!X)F8NSU`~5
zs!BKV$mq0g-ty><;8%;Jya9OTb>gUNe4=7nDH0P3NaeJNuV$s1txYvrrY8)H5yQX+
z^f$4}_tb(I*eyAIZ!7~N1`KRyO~)4VikG6mle6Bpe?1ie$C(iwhrY!>p@dvP7N-r*
zd_ALfdKpn_*_?SOzKF=M5RxNg)-<=f?PHc!9=-WJ)+@T^ZM3q5n=s)uPI`0oTGOBf
z1IEYwMswQ|{v~GpxAB)pUQNgCk+Zs-gDn%yy3Jnv+-En$BDk^lg@VJ_>h&GxBze7<
z`QDxNXgy7JiW2+w19Beok_$16Wvp?xmL==em~IoSK=>qt!6yPc{nL%vh46{m>Mi!f
zWe7C;)^mea42w@n(1_xdAF-zgmWA(dqOB~@Y|<9$A~Z5|6)ZU8^Xb(n<rk9(<nzr2
zl(|}~hf!4=@y7{{?e1B+v^>{AYJPmjm76rDBGT!q*UO&kxX2_U!2ifl;m~Z+S8u`N
zbDaV*9W>f5&Skm=Gkt{L*Ba0h#~C60w)3N(+<jlB$s6`|vHCy@A=jB#{YWWr(GI1$
zweZ?H%yx8CXuxMIIwxs{dS2!2{ZXz5dW;U#BnePd*~CMSQSLWIoyB;~o$+8`oJWnJ
zQ5dumUOy>C2aw*yyh2d|z!}|B8**$=Ipg&j0|yZjy$}kHKiBrpTV{JUJHtZhotfYi
zvs~qtCl>Azi->P-U-_1}s85w2v(E84Vgo3Tb`a0Mvv-YT+jV`kx+(#2NH(REH(+SC
z+X%P%;QmJ4yv9AJHRwmhW7F(L!(ph}a!AHo4t@fta73+i;uGIiTrcxLCDlQyl(~A6
zR0p4kpVIE7vT4xO3DbqTIw62HpQL&`Tn(pZm8v1Ok!{IJhLPb#IS~3X!S#mIR1ZW>
zWdW0p(>~ChE*JE^E};VEq0w|pTJ3}BjQUToB14~9SCddN{G}sUzA}fYYR2)N93F>>
zd*`{Fdcox13WEbmh7AId3z;?+OO=JI3MlE(Z>y3rQQT@zYwIaxoG0RAY!55+^#a1o
z-8HlGZfgxb{j`$@_Lv$Fm@iT(iwzm@AptA-EP@0${N-2ztNcX=jXR^0$ec1Q$JfVC
zEGo@89!bVIjgD5X*IO8sG|`NNmPS;`Bm@Ir^t^~6k!N`nPGBGUr}_pEKjtOt4XpTH
zK>Wv-Zi-;j!UZTTq%`ONjSq}JU&qkkW;PRNsO1B@T%Ccd>${lsCRmqMKo51lJ?A)d
z8!0zjI2Ei`<|^8q!53w(G6=dPvVn}ju>2d%KGIv!JO>nD_ChD?z|fm2)+77sLfCfv
z-_TnzrIrgiP*j-8Go)uQlR{PgePUzOmx!b#=xyTkV!Sk+8Ws7cP2ngk=&-gX6Lm0W
zUy`{Ne4K}GlF&QK#rX9PAOC!)sM>xp4{wf?yk4DzkV{N;>4;5$DYVv}|EGgkdqgs`
zSP>;azQs6y<Bcm8z&IcP6KntQFMz$dj;0=@>Cz;SY8AZFw_4c?+#`Bz6o+|y%qXq#
znMd+;TC`w~Q?{&jYD*PB;eo^|wl$gY@zP?^`OaMV#fXc29*vvtxs|LOP<F$Izc}br
zZbr2MhC%axlVLdHYL=s<DLvLcHiDUb&aVqiQeo!3a3vcKZflNm#^GOag6)e%-ksmN
zeJ?Wg%lBFY21FcO=q+(ZdPl$1pSbV9ScRB?%6h`3Xev=QEEsz_d?uU-O<t#&4Pt}A
zrA8?C8%f^8&Z&O|jG3`CNp~EhTu<SLn2G(cr*C?IlRoo$C}24+5$(QM`8+VL9{%LE
z%p!+@_O}Sd$E*&uH41EEq5`>$T%<dq>J>Jrb{h8oWRr{KI`3~6a}=igeBG)%&Lv4s
zSdSbmg{3i*WI(%~g*haxlsbVe3xJ?=1H>)SGldjb%KTm)pcyI4JfQ6-8+|fAUpdwC
z2MP($Bd;7x33Fhw!S#mlo%VA&H@f?EtdKH4ADgEXEER8U{-%rLIV7rZPyd}7qhit@
zPI#5XisK{PT0~;5@~?1C#HSMbq1%BmO1bMT^$%X<S0MzxlBKlrXXO?+-9uPUoN<CG
zWV@IdefLZ@Y_$gTcYqBZzNf(!bi8bVUq%FRvq)kbH}f4(ypr%N5mv8f&J|*oYf6|w
z174L#cdlKnbX;ihb2cperA$w?)P;p~_4fUYf?T#gx$0EiLo~7uDkGd`p9CE(gM97d
zStm8NKEhKs0WqsKCYMlG9?iRv0lR&pjN3u3_hZ>|PhZ3NY}v4~h+JPeUGN2WZegk$
zR}?Q`qvEBv&w*A0aH5SciMH@Pz>%e%lak_K@Z|ne@Phl#y;x2;@ue?U&_{pfs|_Ku
zxi6vJK!a!7H?PvfpBm-ty7)?FqymNt{-W2%<zqJbg&eWalONEV%Oa$h@4o#?0KV($
zp9~)<&r&Z5=hKZI&@-<tePZmsg4-VBRBi5-tc%le#IwQq&3z6QSd?wFcw07kz<RFW
z<S51NJv76qDQ6?VXjb_9MWB1v_xEhDc2EN8KH>!n_KF2dCcq7B-heCFPB9V;5I{4A
z&D?gCQ0Xj-u4}kJxwhOiB2Vr20bN!USN^4g=&U4E{i}p6e~yBqXDJl`X9K><2amYN
z$=2=;yy43&Yp-$%%!^@B)-h!8$kGB=Mrf;nIG}G9U@cd!US<8koqOp`ljazw5q$aR
zXLvNrgk|g2s~o3S1J;Fwh0qy8=#m8Jj+p=Lk_30ChO5FKg-uHCLxc2hTl~7QHQZZJ
z(tD3H<3DP+pcV{?v+Z1O3klixI#H*Aj#0z43S7MHv-Lv1Lp@dMc)5z)#d7qwuGtkN
zF*t?9qkC~h06rKqTSncrOOxK3dYA|Eu-Z~E4Pb(oa@ORI9qv=xE&6aNDOR%|RHo^e
z>KpfIAB4h#_Ffa2F{-6poC^pHzdOIkdRffatY?4jC~{e&2FAr$czk4kAxE<~ze;f|
z<_JHKnxn+VMta4#HbOW0(kNs_mv5qP!NBQeA;NCroekjbdhVCcU^ht#8hidY7>jlH
zPzb1srW*eIi}ICdJG4M_Z=4*~%NI6L@YeKj3XFF%FO7HFcFI*>dtUaY$XO;@Ie$uy
zUxH9hP=2Z<U|_t%8NMmYzeZy*5P_fnr)e&sr&eGmN7KnYEdDhjw=Lg2G`-(Lf|kmm
zC`iDly5>;D&xMd;AZ_TJnVET?dOqr@$Lk%JT(@OWfm*A$c*kTU?@+JOu0TBdD=l94
zSXok+*k-p1O)cI-ZKb*F*rifaVhJ^9`}ENsXu?T<^1o;-P=xNcF@9uo4XX?EY{h93
zw+fAQGeG107@YgB!A`8kz^4iCWAaDTWE=X$z{*y|K_KyX^HUo00eAL*svii61zh(s
zz0AK^Qc_%T80+x&bH`p~$;#ZXGF>SD(T1v?;5uR~xPmer=B^`-rpf7lLG0weq6pC&
z+J^i7@@X&PGL&c3)#(^sn#TFTp?{J{XhOEF#2t0@+&uB%H}(Au!4yS<CxPREW0K-Q
z?1mDAK*;Yfuv{B@wbRPqr9Mq`|ImcF`4UzMm>^JunF3Y)h;M_brJThH1^%wyL({lh
z!~n+6B2qd>ZU}!@fj}aVVdL2ypL0t~JymYvMj>^B-q0OZz7!>?5F6HpaH8TC<A2D^
zj8269_tNBv%%C!Ga(NB9GJrvrQ);40492xuyA75B$A)_FHDVD?cSD|?W#UvIW%mv6
zGyq%RMEo-SG!BFI@W};T|66+)t>*jE=**O`xy2GIzLzu@sEe3iW!w7)FT^Bv^$ZI?
zP+j6VAS9je)OA35X}&k5Q>ZutrPzRnZMlZ0kbmbTh9KvDBc;LE6h@ube}tkDN&hit
z8>knczwSjPkU%2%`c!MtnTlr2r50KMg*G^f+VH%Hu2>dE)hDvN#o>qgGR2;(lvrE+
zZiA-cTl}~Goq$Jw<sBVNG<qWFd#Z)EP`^srFX1OG3|zqQ&&Br>kk{OTIPO_;KS1Ot
zfCfj)d%!&N7oY%rb5SYmSDo=1#&qnKnn+J`B(!e`M_`5+r3!WOu(m7Q1EovO|Bz}$
z;Qrv~u-=S<`g~xrBqslpp5~?0m!AIZL>B_@(u_m?7mxdS{xkx{qrWMCZbI7``*9cx
zxQuayf7V!TW0wYMc>vpZ52Xbs&P|ik@(W*u2wA2uko8IzH_lm{kxQ0^^UdL!z)b(|
z8$Zl6{fXgKva_8a&~Gp#N?*io^C}E;GJ)V?FDARf{^`XRv{^h12%b3ALKNiSpxL*6
znFJU+<_N4XE|68pv-vJCd@)ad8LqrdP}i9S52Mt(Z(=`BIB^?Y-c)yC0T&`;!}7_0
zg*-r~f$gtMzd&>A=!dqzh(oFFHb?56wGJ#s-$hdc3hc8cZ=*=S8JY1nY(7tQe_V0|
zha_SQ&gwyDD^5Pwa}G1n<i!1j3j1;BKMB`k%tFWY>ZulfKnywRnoyWrIWTr?rb!1?
z56-b)19X+^9L%)RDoq9F`V)|dw2yp@z<$-4bETN`O2hsv{|@4x2<^pysS8KEX@Fq?
z#w!)_;>}AeH4Km!qX&Xl!5kx}7ENpQ^%qHJNMaseB^MF<4joM5$9vQZ(d84T<VSy#
zR%b)qCKePhf4Ye|i+*`Zmm9k@;dEf^t+u;SuJyp!WgR_9Azi$LvdLSCR+pf*@A#YE
zK>Ba@JUuJG!&&8$(=*uDGrytf#einOjnmynfAU*Qowb;VV)nFtcV7cocB=UMH9b|}
z#SG#J;Ed?WrAK?@s<S@AS8(4{4UVjR-Tccte>9f0*PT&fvr)BBhDgykFLpc2oz_*A
zcP^$!B`EA2YI}JG@SwL41u|_(7&;9uMwr@i$sVgF*3B@{(H2uGsVpTE!0z`rbaj$@
zQ`pe%1L3?vt+ltDVEMvO?QQ@-#eK0v1W8P14#ICvBi)U&R+l5A^6ACQW1-P|GCV^I
z<@L?E%w~NZQ|XywiC#W2F4Yz&%c^%I)FDBrMXCem;v_qi{!-4d^YmU!!v?|8EY5tA
z*7mIJZGX=)2<9o&9-j809WnPXYF_Y?!0<V&_1{;<z&zg1@7Nvnx(ZA@qArnbrtcD%
zS#`?%!I3u-L<4Xl7YJnTHcxpLhXIGKX3%v*0M();J8+hGj_!AfM%_w;L`M8eSBI!v
z%)ztPl0PH2z%^kd^ItpgS*l&!rj2+T3lf<fx%hWhEw3H|bwDYMb4USHGQmJ}9i|7N
zE$MqI0onkdLpl(1#U9c*d77#WwyDoI$jd+&?E5co={&0$d#C|w4vf!cQECN**t^<x
zg?r0kI#vTuhXv;@Y^fHFOfq!Kcz>8mrEL&A*!*A)>#ARPx8iM(mLzf|DDTkhWQeaZ
zhqO~vUSo!4?gdULG^?@xrv5!vOJ{K;G0;CBRdDLaShlo_p+xRyo&Uq66~R&^XSlC{
z*4;F@iauDXp80LiIp_xkmt5YCSkS4tij%{{nNTCQay)7`d>pQV@0^z^5%W%NK;i)Z
ziD3C&luAGA1VhSp-QR-INs7Q>F%D<UeN&nGF54Ful_gVx*^Q-WaEhQasKhB9v8R5&
ziD9nJX=ML)-cAfbm>jd*z~%t#aLV;lNN~LlX7!35g_^*kD8%o23fn=4$AZ`l04$sb
zcc965FTXJ?Qm@+{ld3yvb~9UGlhk@*Ou0P@e+n)e$+Y_lPF+@&=#GDRRaIqXA>Vam
zUuNbC3hd9o&R^khJiRLCPKYf!Zp&2CPW@LXSd~JXDXPZ+aw7DiE1^*8a7g-X3}_SC
z5((3FVG9Bo`G3q|=;4Gq6h={)zV_VyN#87IZc=XlVZnXfpSAe!$gL3)_`x<=90i?Y
znO#R9dHFO`3XONTgQUVkiqf<j=TxDhMD{0x-=|;5iz!OP{R)7lIsSvi+{wl83T1=l
z(;ogV*nyM#8Eb$WnNoux-KBPJPzlbW2Rmc;jfdjgrO!8B%r@zpf6tu=>-bH_w%(yp
z<xuh`1zg;tHJ2WWxjM~6YB_kg8*?cHQ`SU0%535`CwXZqSR)h-(ToqHlzmLC)vZ1N
z+dIWNRy$^m`X<e%cdG3|k?Vi4_m)vnZtnxAj-Vhaq5>i)2nx~)0wSphh)5_6QX(bY
z-6|^GC7~eQF?5M^3DT`}4lr~KcTa#GkN@-Yu64iMwfy25XI}RE?5Ar#+lWAumlqen
zNDSs&%$MkZ9poW7l6~PFaL3-_Tv>lAb)0E0eFbhKC^TsHbs|7}x}vjnb>Pu6(adQR
z-Or1Zb{{x)H?<pA3+ats8=i;aENo<%w>^x7-n>iEi1b4^x0-;~Ktpmr8m-ymB|?83
z?nfgzP618lulmhB`+R$N80j-GerT$t0akea1L)C>Bu*pXk6{N3ch*GafD##jO93<c
z?9r1Qwd97~hrj8WZS?g=t8Is8-qqi$GgKVj!Jpr06!DukJ&8H%@u>fkkfm%fVQvZa
zDyxn6lWz*vKKyIoMU5&=VFv?geYG$gnZu@WkR1N82~-sQ^Cl2T-@r&eOkoRqZdp5a
zQZ(IU2+T!5j!vYIbO8LGY}7&mAb-J6MjV0cQr+IWbHOgKBVVGMb$&xy5&GDRZzGG2
zb}5_ou3Z`!2hq1Wca=AfUPpyyzS!u^ZZ!wYdWthoEK<f^J3ozGB4XC^8aV-KUQiew
z=h=hm`D08eC8<Vhai4oJ8b1l+Ds~)ZJt+HDXdn&!DJCh=Qs8||T)xuXgK{t=mB9DU
zXIpy#$ow%@#1ZN)Jsx|M7wydN_*4&1wB*1)k#<0z*(@E^gog9x&5vr9KiW=hY*^_i
zq?b1?G_S^vBt0>tK-l82oSi#-$W28TWK+*UvyT1{9dMuy6@mPGpbi5mIEIaibuh=U
zQHHjH96+@5<|^xw1aequC^&?L^2QU9mML#_at`2`LUOuV>-u+!>3NxNXZyB@R)}_?
zyJ37&qqy3_91J?@TPr#H$BPNcl(q~~T-Wj+z!snhn;*TNa~eJXqkQ;|PQGIr%*osk
zhXUsM|JFol<WL0Y=}+9F2bmaTi*5buBe6hfNyhklG^?RzE6B}tmlfV2_j#vgVjtm(
znn88%QjTuJ6Nhi#gsJ++FJLkAp5`@J$nfejBm<+*`gXh@^^c%zmuFu)sCHff0~oM>
z(EXPI4ExR;Ai{rFcs6MG({B{kAkv;|fjS48ZWK2lYk&{@6#7ZKB%aUme!~YN^|qUe
zQnx4kqus2c{a-m{jUjftgEMu~doy)fa`{^Yqc@k9ft&UV;ji*jDi?jP{&gza&gl`y
zfuCB^_+yaMu*S`M-1!ZF6Y1@E9;dJ-PdWA-P$zT10OW9t;vgIA)a<fIQcI-5SvZ5+
zO1i)}VzxQjg3;P`K~^tCBlN5ozeoM(Q3nkDmhk!<^O2d!253F(#Lz~X`B>eKFftP2
zccy`oP_%*Y2*aab!&lm`QlC5V<0}*bDFh$`KHArM9_|OMEJ&@cCD8g=iUNf;TKV`B
zpgD^H2_sf4Ft`P0Gr<T@nJ)-geYf7t9>u&U_Nv5kweKMx6BgK>7mvQ5>|nPD29#We
zJ>ZL$%brj0;>y*l>+#>lv+6+4J76C8YzHC$WY^xIH`G5U{Dy$SkLkvHHHsf!p+1qE
z8FAzmsMJcveDA9O#D|5{mO2UoRB1h%cqNPG>z~su6_L)()moV&rqgfno|1Yt7k&)R
zOk6OCHG^S}Bv&L_U|8~;!7hw-LU*xrPtja;-3vYLb-paD6^G(9D2pm#oi0Am;8<sn
z)c)|PQtgN2qdu`vR_s~}L7H!39{o9JW#23tyAXm;U05^j(BlD|BxE_?w(A|px=|vX
zBo5^Gn@er6g9~2Z2)UbzP3K6=;BnMx<_oz&(3ZkSM?wZPJJ{uI5^idm`ap{<^K^v=
z+h)2oB*2_a-sbcklAc#TA_R=q!P%hYr;Lm?(UkoKm-R#dmp@goo%zWCOIN?YPY%Ku
zif(z(PT$=30R(7?kw{&XGuebg@kOj+=P4@#gPx7pjJE7V=lsp9eC$J;tuyOx<Us?&
zg;nX9X{9C!yqA{8TdEpMQb=#|?~*zV#|l>EiAt{rsIK&==nELD_AK;kpX;v%9cHfq
z=@}uf2Y<l!<_sYHqi<^0e|&}dL_z?-rE<{<$9(UrizNL;N9t%}K>DkuUT4ehlYnqc
z9+}Y)t2vD7MVNW|_4^y$_)!ZPaLjD4#xG$yrWtnr<W=<1<8>&TRsBV9Tk?9u<7i$x
zpGgoT{VpNmdtYw*{PkZ$(K%dWzNperR%B5CDM58n08PCfoUGzL&Nkv{g8~c>fqb(E
zeYgnXryohNiY(_=;)v$flH_1qZ4z9xVm3DFzgX^g*I;<FzcjkB6c;_pu8<mZgu1W*
zssvT4BfGRQF41?a`*EUA?w>z>@D<vBJc?C7-pcPAMv3|UnF?^vo0tzDI)lvM2^)iu
zb&*n22S5X|z!7XD$3QBG{%|xid-G)QR|B~(%gG%X!<S|_wmsWb&%d|gX_-2G0l3G+
z0MSLpi$6s)-;gQ<lYsfjX{-=Eyii+uf<E9Nr(OhdPF*kE@WJ?j3T|=^2MK-FXeFjA
z%4V;Ctah+y0wVuNkpfxW#8$A*>Rs*|`jk;1G`74{QFw#>N%1`kzRj0y#%>?^f?D>1
zQ=?Ycx$G$iK(MftKmfrxhin`zz*G7moc@60m03nVCH^9uJAmT{U>ht4y@V7X1|pq3
z<T7>~oF5<|HTB{`jhdQ9I-!G08Y?)~SJfP|Xt9lUWN({3ON9?xgDEppL5m`~etbc@
zgznII<-Qxn51+v<o<z<pO|x*T)f;msC%Jf5U-j&#IirqXAz;5jG79>g>Bp42)A!>K
zy)m!%#EU(^6B^J(CFgCE^3ld0haZrpBJ~KCKRuwIx_%uSQ^yF1#^dC`iYqnVepDlo
z&Yjg0u8kk*nO-+nObk4(eW`Yp#%cfD{i&1G-f~}Oh)?uiqT*TQLmSfvKtN>sUh(X+
z(;-OxSs-#YH`ITcxrh1@foIIO;N%&$-w8nhu%(B@R?pb>Q7~m2_t|y7C!<Uh_Q3Fd
zMplbLC9i{|X=Y(hpkftGcqt)iUrTLQ@@g)L&@T4yI|`l^(OBppX<qv9hsagc*|Ng!
zeGA*Y`{gi10a=lrrFY&u$WKfob%FBI)7&4hqCPp|0Kk4e#RMkJeuA3bo)d_HA_LI{
ziQmS|R)Cb{+d<|tZ-}(74Xz-^o9j#uDz9OQ8U?oSr8Kff;2XV~+`@}ELfLne>Xk@@
ztZ?pA4xkgj-n2g4Bi%Qlhg{-teD8+@-oJiOY(V=UAUy?i!bcrepf%At0X<lq8!qk!
z9MK@bHz1%NxCM$a$yCUY=^ZB?1m`>sP>K(bS2xhEPHTLzo2Djb-uCL#R+cTglh0Fm
ztW`wdm{tFCMAlM^lWaNpPTh|4>tOV387f6&VHYzJa=+3AauAP^3gW?)^T&Qs5Wz?V
z@i;eZKOy)GdDs^@r7PhMGS%<_%uW1F{65Fb4mvW#$mn@2eD1)iBXYsi`&ufRbHfVe
zdPraM?ZS=00zJ71%Z`g_j`7C=4Z6>GPtIpE_JEwl?^2dm+B<oVdj90KA$=1HJEZ%;
zJkhit<Yn)lCHYDPnEz@PnDKRn&HE0BhJUoG5I};S=uZ@#p!N=kdSbXY1`QdK{%Rsc
zCDdtQg|_)chN&Z8F~?_Rjh}T3xDM|=xV`#0opckpfP_d<xN-5=Pel@b=X*sLV$Ajn
z&KT|H(gZ{yYV+!$eWUsenRY&b6-FB`3;g!&FMfLZMl}RL*p-2@OrCA-1!V+J{*S~F
z7nK)eGp9v#KUZqDd?`#B@4NaOQO|sv<9w+eTH&s@D(c}zpX=6NjVpM1L?17@3!2q)
z3Y?VXe+d-73{I{359VhBZc#e*+`EGj0%-6kMv=I)KYZO`pY2`%y%C1P8t^a)upQKe
zsvA^Y*M1GzU`*^>w@;RFiYS^#-n7?g&B<K|cHDk<A>L8df@fXG5Ep@<obD_1n}0~E
zk8wD4;g{xJQEFJ$XI>wOeFN|Y!6;0SOWUVsGBZ%VtIeE0CJkb6HsF)<BTm`_e+TEQ
zX}VsDOm$RyKhfY~R-|&~H$bLhytuRl54li6OrGcyS(18kKDd3;-nAdhf!Kn<bSEdQ
zj$0{};YZ_iqw+D!1?|mzTdQYhwj;|K2V>@<Hfp8T%;)Y=PyzI5UitFyptXJRp7Xui
z5|H|v`)0vqFS@iCFE5vF^bn${Da?dSyZ=!eb>jsQ{Z9=HR310|J>y=zV7fBx_Ij%E
z{^^smT1Dq6>5Fig17EWceu%*reBWB1di^|0CO&Jf&{@`t&F>y*w{S*Q#<5lvwAywL
zX~V42RwGi(S{%E!(^r*RtD{1!mT35$!KF-sxEp)ckNP#UG52G+FdRPCpWSnU@;bp`
z*aa)~wR96=#yl*XhY}T)(COY{*255Y9MA2>iOV76)7_Q$>2G^%7w&i8GGE+z>OA14
z2mM?lz;}PcVPM(>H(&a03@%tMyhqF93hHfGIMP%jf<@1v?RWQY-a}vSMR9nKoLML5
zA^Mib(-gk6BWg<2@6@rVDMpk>&7Z+8Bq$|a;a4kyoPvsV4-ev=mZ$vE%^cxo*7CZ?
zq{=_c8&-RaFPn$`iGx8c9@FQM`e9)*lY6x$4d6*}0Q&d~`-3aozR(<IZeP{qXnOgN
zTd5QY7WbB9E&Fbx?|gCz#wOF(vsq6og+Yec#0M_}7#<{1@vChiVQ|84az5m;hr6=W
zII-1xGRtzkg|I)i&>eBsPW)ER*VSV%PQLG38Ri#aL-`FLX61b(c-xaTWvQh`j>A0}
zHY2XW3sbhv7Mr@M;R<K<hBm^-@nkT!EFIib_S+AMl4|P1Wue=vu$r>$m&*8`17M~0
zbKS}o?eX$^Y0TbxMZ!j&Y#EN5JsGpESX<Ws`f`<*(oMnx=pa~ImjPP&)+!lrPRpO0
z>JMqIoDd^e-?6V=pJ1kmCXQGb1T$(Xsq%%%%*;(o??Tv)&+S$uXzX#6tB$t&ci)5~
ztg8KnH|`>T`z>@77&2qFl84K^^a@V{!C}<_O%<P2$lvw9^_`V`{-)3km&e#8dheiS
z0JUb11)cf%u*mdhYk5Pl4?{d4%4Pbe(n}~Ul@Xhv%9jf(IX!6abET`kPa(JOE#(^`
z*={YK8sX!uH3IaPf7gAobt#GOtd6i6VxheHtP;^zyvd1vg_ZW8bcKt;yVDc$4h^Eg
zh|bnO0U0a&OpjAzTGsjwK1be!8<E|BzJAGMZPxS5r5L{Lm;7mf8B`p#OZ7@h{Eh>R
zUIiE}U#rr`xykrtx^aTf$YXQV+rz13rNmmrJvZmvNM%rn;FGoYf$doxbA4O&p`}a0
zBHb4T-~q3jnI9(0+>5bv36|=Q%j+B(>=H(b<o|%um+p({^N3t%2h$@t4`(Z{kYN$n
z1!ki-*F!FjxVL(`GIp<%Ld5XQx3UXYoV)X#F8HW!EcwlMwHkWnSutL^&V>l|%LuY{
zDXfk5<`FKZOR~@0+$30^yN`qg+eHfrOWv2EF3iQS|H+iT*S_c@VflROk!%2f#T^z8
z{@LCL1h5<ju(UedpofSZf9BNtq$51qM}Bu)Ph)+&Un4$tXyjeD;FBDl?;XTeWSq8}
zZsfg}NYl&Mr|-HAJJNh_lDpDLNBQL~zekcmd!OR8;q1Nw`7e0x6YAW^6H`=rZk3oK
zQc+w}W%U*O<6!>)uon>K*~zj{!o!eQoPj;#&#N4Q0~-N7+uMBA2w`$1)4Z3rOyMFo
z;7|_15}51j92JrqIa>9T0ozMS2@_9Sx4xdi|32?g`AL<AgVTyq@-@F160+md55N8i
zWTA2B=c#*D7Gz=prt}76^eFjbB!PN7K6vXZHS*ry!T$6&VXY3Fx|iL^pAcrP4#X)6
zVkw^0p+)XVZ_uFhe{cp$_L3lsAE6?8qVvZsuo{RK(@lD}wb!t4;s9#|PsF_i{G~w{
z8tr3k+#K8!YTj9RzG;{+>$%M1JW5C!?#+Nc>a?`HE~v`?;zIB)ms61DIPj|3FN6<p
z1L=XHF<ozI!aY4j4Mc*2xf4Kp-lJk6rHqs{dPBcG@2H&01(RO)fain+Ix;aYJJ@v%
z(k$~W&i<k^ez(cE<GH>7GR8d84uWe+fU=sf=-#swzD(dvML`b$u%3cy>X*Nlbt*k&
zpMH*aqsL17bJIiArjAQTBRAFA1vUJ$O?4)qHg)o!n?k<Iij@kOt?T|38p8;M)Urhl
zk?!+Pwp?B_EBi^Oyyl;Uup$3cue3NV`hUwYKZQ)p1QH2J$}!&Hw%Q>!CcC|+s6#G>
zz`j_(AA>vIUHq^Y6!WgC_?ib*=R%!ep6AJeq|=Zu>WoLdDDRJ66ywI9hh)~<<}QyR
znt0aT1#`Qsb`Y#0q`GJpWdkZl=#2Gph*eEl&Tyo;S0z`g_r^Cik-WD!r>%uzYLGw{
zMf|~zocTFiE+F-X#q8lutOtaE`;xe{hp=$QfHDZC*CqpRV!=WfH_eX536qOn;M|zZ
zp!DWrPm(1#3~9xY4grJ`)B6*KI6cK6sf^S-Ej((6P^RR`OiLKYVMrlB-gpBEP^2#2
zkZqVP#ah`Mqe$%0gy=I%#iU5yqcG0o7ek`s)R0m+!5=W+>HCC<C=r}VPoa{80^w~O
z;>)4or$D+y+#IohCB7((_yGIKTx2EJUQiir<b7*(3@N-gWDJsGNHE<vx_(@L{yPre
zS8KO%q){?hl}>;4|9F>(+5%!QYf{kY{)HSzOM%qEQdSfK-H8(~15MHYZM{ns?ZW&I
zTM~D?10_`!`JMleDrUgyWs!aW%=<(I>&@hzqmE0naa)yX-GU|4c__BHRl>i7!eMz9
z;=vynEq=g*s6V(p2mJ>RE(5*Xn9u4DxJv|LhQCX*_Rd)AvB77=d4_>V`4rDXF6xl0
zNU0))=I~Pe)4TXR9(|c4QTB1gK~^N@8E|4lO6(@YohuRnXL!-+a08?S6IgG#=T{e{
zWcZvXV=Gx+;vtAGy7oQIh)iWt3WDX2^;XOvpes1H90<T4Fi0HExd^0o(zNS5op={$
zCmH=%!Jm9s)FS+Q*bg3pRlD}eSOoq=5oKeco|l#N31dVP(w7DhCMx0)df)tqA=OAt
zPal)=(C-g~Gv=nt_s2jsgSwthU~XM~h7?O&ZO~qYTvGBCzX+114O6r^e`3?FNyNk<
zRm1pd2nj}JZIIGeNV0ziEv4i`B=g_B-Ei|y81linYt%?n_hw$R1+&L^XE%c|<5w6l
z9mfeoGHlvAM;1V)|4ADc7VHQ20m@~yjKYvg4*bC{D7*tHl|Viq$q`0}e&9bjj6VtU
z{Bu2|u0buhAE=<9;a7k-h$9!2W!@*+e=k^wdEQVpjPth;szXYVyeKPA6UOu>5Y}U!
zH&qJb`YnVu5C<e1%Bqlu-T0FQdoj;jN`&$J7D5+DsVH(mHR3RqKUr`Z^SrHS7~gLp
z41+j4KrX0-zfZOQ#^EOBc}G5l!@q^_J)~3wxuDLmF!n!z@FeDW0WO6jzlE?6;(+2S
z!@W=p)&3j8i<swynH4~I^BX>_gh-+I(0D!c;2z%p5NUo!%=4o33dep6VK3w>iprL-
zPz=@n8$uq;^Ah9=xW9$)8$=34W$VdMUi1V1y`UK8c_~r_yx&5&3Hge`q2sVThHC%4
zpfcupIedkazl9JRau$WdJKge-KY`Ey^SlzC0{(9yya)+E;ZV3$9z(VNhR^}?yy~7j
zaA$r)<*SghC>)B^${+m`2)!`RYi!G({Vjw%kN^}8CCcS7RQqoTBQeiw!{k96^cx5T
zA@os51^dA;>m2I$|6C6oj>neeMr!P|G!13sa{SKx|J2wPxT(*OCZNc+`uYFV*8rp$
zLiu{6O<7&@3c@J;f7%pj>ddD|BSklRuJPdJ?EkRQi3)1fNUPU5z}^KqQ<1y=#p*>@
zJU~V<DH#%}`<I~q*REp>U4l?Zw`!HY_**2tglM1`Q9VTd4EllpTF;q(9`n3iqdYlg
z!G9W+NXRIP5w(5x$@bq1?qZ&IDwn_fTL?cwG*FDF>n>09ClKPHpYOU`EKl`Y2umTO
zD4ZBM$&>uaf~4r@yM!|2ul^RoY6un5=}Rf#V(|J8MY#V{455o3DsRzF*Cp~>D(6>R
zL$b}x!pW3B@ghMkDG<qr^DA$H&Y;=r7d~Y2jYLYya!V%npGZnDRyGR24(cw9zx)du
zmh+1v1!Zgd({Yrqq}wnxaOe=WrpUcJ()-)|KOF78Gj&M&)+OsB|9emI2qY5ua<(so
z!GDs~`4Y|#8YVz=p7(kcv-vRK*lB(u!AMZ<<u6x}Vo%DW9)uSA|AufL*Bk|)ijzFX
z=kTSGY_5bF^h3vS&ttsB)8{F#Z`X}3Rb~vGOCf%Bj?wXEIo<bJ;&Q4>JeJo>z9eAY
z<U)YOy?6d_tK`4X?lOVJEum-F$QX(OCpEERqL}=(m1@35uiYG{sj~gNf7;SYQC?#g
z-M+>EA<)*ls!C|bDM?K3?I!)=8f=$Zym)lz{cJgWrP-trTl-|%5=N5v)ude%$tAsJ
zo+1N@UsRe)6|QxZ<t;)d42ua7ShsdNo}(FBU;H9EV7ov+x|SnBsyMpu|MSbaC`Oxs
zAUyAE2gZYL#$`Z8!D)rTnQEx@ud^ZFCw8*K>)$SPGSMP;+RS|3E%cLwF5^g5C#I=1
z5QxIS&C8OrW~V>`UPpC50WU;&J{YWTAgw%#Ue5)!pO5LP7-jaeYH?wLL?u|XJ;sC!
zamP;})kbh~qBok}Q*`L{i!5Dj(a4AqahXIqZ(Yy0<Zq%76dKN-hMyRJbf)H4Y#oNk
z;8{n>uC6H}^8z@hL&Gb~kO56ZUvL4MO?2+YbWM_-g0i)h5n;sIQ((jxDabXKXD^@^
z<WEMv;Bj{b2B>|~qO1||;nuH3I!Ra2yDGvVV?y#R@f}dnK>hw30vsm`M-re{Hq-e3
zEdgX)1dwtjX2CV^?*Ae{&DG4C0EYeoX=Qgb7D0Mp^{~v$R_AY$5mS^SHj1bM3<lhf
z$jukcB%!M}VB#^Ff72slqR^}9D30`YK#$<4mTz2Kn#yvE=V8G75}Jxc6m`m!;lC-7
zhGQMo)gZ1!gQkRcMGo>k@uRSG)Uz>w2~muyNTbAz=KJf}6)xaCdxnK0seT#bX!3)s
z3lk)dH)iH(OfVXpe^4XYc~Up&@eEpOT%NcbNiuNaS^ZqFJNMO;Ssl#<6#Nt-XsTZ|
zD5u0MTd{|IDh_&agC=c$kJ^zEO-*Vl$=M^x^;3ly2lFS+<<|p@n+F~3LUS%Pv+?&~
z^0!U~;a&+~!qQIjASPhed4PP?9`>O_dwa{OkjeewD|3TRo`ibgJ?q+Wm4&5k)kU66
zz0R`NU9!|l$et<EOFlCk5X(JG`<;R`TS15Hb>85!i+8BB!Tn1L9LLYky&(4&Ub$FJ
zVRlEOQt_nIi8_U?zRY0$QR??5M@x=e`f}9&y%j}&T4Mi9uwk;x0<S|+i_LICa@1{$
z<TAPNZ||gJBuZN+9a^UsCQFPu^UH7%0c1Pt$D9_Aan`w>+pifO^wEKnQjiY5=lwsX
z5%KSrK*6&v&kxV&c2aWx(qs#M&?2nUiyT#A(AVp_Eb>!F8Ri8sIuIL1Ny0Sp`h!cr
ze_EH~B3O3%mKhPI(EH=3Ok%LC8yK^q;r`R`EDChT&>_ehoUuIqAe>Wo{=E;dqr@{Y
zQL@;dr2e(4j-pFR7pHtrSFV8ntAn<T{em=q8`iR744opM|BqQO`vr2)g>W0v@wMG#
zf?@yhgP+uxeY<ZT!|R``J*E9)2M3?d5Y*|p&=HWi9zg%|3X)g(dD4!*Ncj0X)Goi|
zLTu8^GQkjk_bVs=jrR|@00T0)j#pIwwM#%1bF9RKkE2Zr|3XiN3Ppy+DI#dE&&8H~
zWd8K(E0n(75E;r_SO-UneqJHwfwQe5A&$h4>i9mDb+MNfC)L!IzMc}faL~JcuwTKm
z00YT7yZ6g}dey<N(>Rh6qP1Z;2Vd+z<Xp<HGE2swpF_^|?nk%Q0axC?N0EV@e9stX
ze+0z--=PS@A9QFnm+o}bk6sAO`utyykL9&geuBnd^uKv94)1_kZ>f<OXxs7w!vYRo
zb?~X3ASNmpeYD~iwA-OMON-C)){%d<sUX4eea)|eC;evR^e<hi=r_2~0WpxF;66C3
zx{q|1c%*azG4Q?|*6nQ-*R1u+TS3R+Wi=Uz%(tXeGN=Ca=cq=M9Ej}d&6I+$mvKLJ
zUSLo)!l)+0k@<EuGPKQ`LEo%mB5(AfZqC68lY?zP#gXqkoBF-xevrWLuyVRC)met8
zna)t_vhKm9+6UZajVIrEGWEMHjaDudUO!o;&Ahd6pZ-BF{J~z&13<A-3T`|em;Bc*
zk&v*^gPrEQjZnCM;g@qq;8jBqS&Jhn1w(I0=IcJOAJbRi8uDY0_!qDguK=KxbcUYN
zoWC@kU?|aaT)y*b>US+7|5v}9!~)HQ`OY$f6?ExVPldR$Gn)@b{3Xd>lKjM~f29Pe
z`2I@CPb`5_ZhsZm4=)o8B>rnl{z}P#XR&Yn|C;xIqU5iX{Iw-NWaG!DzqaJBEjfs+
zFcIxvkL$0;^*4G4I@0BD^!`)I%H?lD1(|yLo8$V~V*ZtqU$OC5O8!d8ul~bdDfufU
zf9oYcD*k_8FEPe@=-t?;%@-hy??mT=Se4ogh~B-c;^o<NDc?BB9#&j_*~w=9w!-k1
z((-O+<JecDR>KJ}g#j5_*$`zW)5upho2mMOQDFZnPx6~!r_Signt1d}JyXGPsefd%
zyZn-SZ?oJldbj?p&6X2Fb=gA|@mR<e7V5N0?+3HjR#bn_pu9z1XSDN?Fk8Rc>B_L`
zYDD(;Vo}X{?PzgWMLGH{&xD;frFy6F6p@w9XZI_T4b=$q+suKFzrv3xY+VcG&%8c5
z-8wFJmJ*MfB|21|Vwf?_zx5%p_QQrnIL&f`)1}<{*hg)BH%Z2JKQqJL9GYZyl<P{}
zXcD-#z%;tNv(!4)>NaGYz<c>Do}==El;GE8T<11x#gbZ<+P2cg`F+F!U@8q?m>mf{
z8S@vV3zFC!jRxs-t>0KLM{+wX<Ap7rCs98kwaFy^g_4o6vYe4|S!A(1Sc3P>b<0m5
zh-dTKLh#4&_e`SSajtzlK`RBD;-ramf?H{hCbtF&%g$Z0|F*PK-^#;BL+35J@$KGX
z??xmn=$XRtlvS49GJ|l$wS`H?PXf`#z=fkl)i`Ivh>HJJltUV?FVg55r`StT4T8nf
z=kX_Kc2<VEO=lI$-|fu2swJ?nqz(G0-Ob*c{ZY(OubE{tt|eW>@B+Cb6CWP+;zm<e
zXt)Y|c36o~^vu?&UYOl?wFS=|!A(Rs;hQkeGDkYTJtx;*65g*5;{6fg*AsNY^u+zX
zZ}&ZEk$PY#z2)W63)j>fYF&ia4w-%9&E*XphU?+QjrR|qLhR<Po7pSIPi$kglCG-~
zO_GS~UK>(<W$hJuOgq$@^(H)l_w)^?nNdk~L?E0;s!*VfmzmCN(!>NSb>^t73F#o~
zKd2sDF?B>&wct+KT1(NDb>U0(wv95pqxc_7KXyXJ2$suMXZ-Y4zMmx2t!=Ay$j;1d
z-Ro)RwAt1vFKEz!Lz3aq#FyU_KRz#Erg)o{1E0xvxtEjqcJ#`S1C=mGjr{8|ZZ|vk
zHup(Q_1VMg-VHnt3^aQ)p=<>yJ<m7kKMn`V3@gz_(?~y)Wxu*z?86%(T8r?W;~|CP
zxhFkr<T0Iu?eh1@B@LH8Wh44vUXiqIH2%fb;Z%{C=C(us&D}>mtqy}a8b)BSmUu;S
zlo}yNVbhx*H+1}z*5J1U+XteRLnSPF`Zd*QhD_@X;bos~@y0CXUG34SmL6)JNk>)0
z1Pn2mJ!95*)iAcbyG(M8w*9`TW3}7Y`Rs3*!}Ug`Th#A4c}7ijl|1HT9^y@vtUcU<
zW+V>3oPp_y`lr}DShYB(l*8i`qeVGWXv{|SCh);yCIesC-p6u=@=YZt!LBrwtBoNJ
zQ9YkpZfg_0x$fNz2*@Tsm|mn%(-XSJU2tB^%j_CFVPg7*6P-2bg=T|y?(<7`2N5Ii
zPXfNmr|%1)WS1i>HC9+%J)(*!<09;SL^IAgQHqT!8>`IMbM&y(MwVOc%(I@v(6D@w
zNUKBAWfWAq%JEhUkD2v7`r@x`+W8PPd((O*G)!PQh3exGnbOVpkb5r_P-=u&#Y<r&
z>l;;Tto9_{lHJZsixqY(hg*&F^%vBbm+19(*6q5JKk*;#&6LX;>B`8vm|$49DWD|d
zA@!9EFP)*~WLeNI^39q%DEf4?I&@QLfq}=NxTt!6_?^@H<12n-Ad$Y&QFN7@-S@2&
zm9KL}0r$m?tR0DC>kV=OxG&%*9xaqn)H*Gy)`wqZ#~Zj5HB6m$Y)4xmH?oNNh<leE
zv~0+*%CyWOi)>M;n|hE#r7kS3aRz&(pM6uhh$uCfd3Wv98eM%Jv0Ju7*eH|Yqp}RI
z+cb5>^Obk8=CKQ;bfg9+wCxf6%~0X#z3|FU?16DP>oGg|PP0Z>(b%s7wmNL$ZZba{
zOut@rMMac$_)7SN8%N;@pT33i5q_H#xur>&(KV0H%Y5brH4cOq-8jI@sjyJ>iQV0B
zU%v)BZxQF6LmU!~6`L`$KTkARDHGgMke+=`11kwn$e{9Ru?vpJJmmyARo(^n`0G)0
zEj!CwcNEG5Y>J`lwfXgt97o!RDk7jswL*eJZREk@4ZGwGEvq&8be=;M(%$y=t1*F=
zf+QSK&GZ(HyL?;Q*$6Y?_uCo;HJ&dQpUe<JKH)zq4_{q3__`u|hi|>}i1!g-j&B@J
zv2~Rh_<V-umtjdrH3$TV<V<FAf<krk>5F1__^&Q*Ra$Tk6jF6!8+4wW<F*n-3?Z76
zJ(6W>aqJKamAVSK-;8_W7rR|;7>wL(7_yjsZj&{&$(Pjceb0&Pe)hqrc*9}#($Gqh
z9F3|<2zH}Y$B_C^u%Qi$iI8leIN8#6-$0X8_$1N%%hXo##4wr9hzyd9mRF`Q!p(2^
zmT&77<t#4IHseX<r<_tt6{8&|P4Q~O*Fs1ea7{>LWu~o7CFWfnjwa5_o>+YfI1V(4
zuoqd$_e@N=lvtKf8L(4HG8|qdx1`;<8zdCbF&TP^$iQ@c-dW#M*(Ji8V_kI>f=dK#
z#!lUSXvLN>BYBb7eQY_3t&=%n?FkS28GVJ?!eUdCy_z2E5v+(n#l&L{#hO)R8INzN
zilm>|HR~;`+5OgDmnC^pT{W~Gu?^MTqFQb(ol)`G=6*R$^_|^s6x<g=fX4Vef50pM
z_5lFK&!RDYp1k=^1>^OtCtHZ(a;ELFhf72T7D}C$^P}E{G^Y#<b9JATDtuI2@$mLD
z<FV{i51X%v-T6Ls?Tj?^O5d#qXeDa4p2;+kc9))LDSl!$<W0|FX_IhEf^>7c?_HCW
z=}Oe_#2gaI!eao*ZCURbx?eFhSo&~Y^X50>NP*wib#yLLHv9TuLE*tBb+;Pqep7U^
zMD-3W5xA-Fvbqv{+lC;RF@sPF<4lx({=_bfKZfr2ae0cHxR)vVjX3#cUmUM+b><@D
z0~xaK+mfaHu3$=iF3aXlGJ||!qurhjSFr7PXKZYHqFqQ*ZA}T*_tGz2cA}1^<~haZ
zNntm`Zf~ttm?#uY%O@M$wptIG8<uwpWV2<Ec9kdA3jc=GG6a*8Dw+wkj_*Ff2(tR`
z9|G3kF4`KrdH3ev=B}T;E&eWyHJA{#JDo^#eP=OwM|_rPkLztGUhpC`ir&ri>15H1
z4`soldLa!rs{2au1gP5cs9PGKB84`YG7Z{<G$*sYoK*Z=M(4Aqd%A}#hloYI;SL6u
zCTMLux`whyCh$A-9o_-Vc9gzf?_%XFvUzDIJj{bsBz*jXOv5kowm$}DKoxGRYa;?l
zeK)0mRrc|p;aT3ac@%lI)dSr})ju`#R6Qd0*mB>JcW$pIe->7UQ_sgmJedmykE1mf
zGN%exABgLxmv1~<AaHE$z`Fu?{TS(-1<btI-lV5|<2=!=H<UW^Pold!G^%J4O{13!
zx7*8|N|zI<2X_Z~bX8Xb1<GFBvX~4ad!Dho>Hjk8`d~`e%P=kLVRkX6&pU-2gOf{p
zV&B$ZZ+Kk+H$_~bK>1A({0%SuSzW|va|$y|Z`hHzJ2)?nKWwNH<@4<-)fULt8n1>%
z=`Fj{Kt*@#^2HkF)%<#isws24JtTmL$+Xc@M>kYrrwGzN;pI5rr29H2#z<Z~Lz%&y
zaCVyM#8Hn8dqW9g_;z1>biz4@n@wcBC*a4lE-39%Xzj_lf8~aiE#GUI^IURF<qo^;
z6F6}!v0o-k+TTa2fuo+f_~{L&hN~-%T<`>dA2!K}xxlJc56;actiuE;MJ_S}LhB@;
zkBr9`(|+~#Y7C-^>7{C7yH3CsS!dM;fd!u@!K)@r*JUoUSf{H{fL_1T)xIIFAGGBp
zS9VyQ1x$Q=+{$QU{xoO8_w$;JkJslGZVpMK%&8fjNI^NXb;B<0QPa{CLCen<uit1d
zH{SCyPut_Zc~`dPll16AJXWz~q<i{$*NoZxmXP%gperbI-wFWjY=hPnW7w}>WAyPq
zGzR}DI$$7W7Q#DijO*FZOr=R1?P>K$xm)2(zX~r6b2=<UbJ&}BX}sAjyChX!tII~L
zW((R#Lm<J0Sn<zI9ZKOVntxY9(!>01IM?ol6!XZnV`lDKyA!9X5oOT&Nm`r5?!k{D
zfSa2xTkdsx&gH$I?D80aEHsv^r4<M4qne}fJSjl65T1oQi&I0l$EFm)MCsOdp`Hvw
zr$rlrJAneHUsIzx14$Vh$GibgSFs#;F8sS5ipQOtKekb?a^8I<DET@9=eWs@Stm0{
z3h{k#b*Q&$8co%aTFs?+jXZXG6$$m7ZXGXM{f^gX_r}=^;adECRC2DP`4zYCj#1it
zI7wfhr|rbhFW02X6A_uER-BopFqAL$m0V<JK=hd>$AZ~SzlpP;YqA934p-Ks^sI*P
zZ?ZLqvBE)^6s1L&|3*jm`DN^(`p)!n>f$o#ffjl^af8z3IT~S2!44U%JEsC#Ga6ij
ziqG|$H|D%y&8GbRBD~h2_+u`NzIqeP9pQ*pU-@RE&||B1J9JyM`EJpbvJ8U>n+Jx?
zMRqqEcU;0nuC(p3xozveULOkObi<&OE#T27{KpL(-(<Uw*X|@KvcOd{ihZ9W7Lw({
z$KgJkQptuVEnB)LU$Wb+F@qjN&_-w&Yxfc~c3!H}tL19fVue(nk=#=c`NS-(n=9hr
zy{K+7vp~w3d!vw$cSdzlp@(SbhMCI6pp;_bhV*M}t(+#j+|y-CcU$zuM(BhtXU&$z
zT_Rm|tsW$T&pbDgFtXc;8{qDt8_)6DWBFjOet)aDt4WkYRHHKeIuO79_-UUPjtkAC
zzB9y+H+b$2QlA0}0uRN$Pw<XB{a4d0D$3FUzlQ_yvomqTdX9%RtZKR2Iib|S9w3>2
z!t0$M8$2WBc8>7iv6*7cps|{iJH16$8XBNh?fC|NbH$JH1=%=i3R#0J?<gz5lu2$C
zWoao*=-;0LN+L4h<}rcoI2$D2GQ0;`cvxFt{bbm!9JV3sfliDLCeOUK9T#X67@y<=
zVx?D}n^FT=Vyr5>a}f!xcn)i1k4_xMXoutfw|2;TC75u+YqdW7yc{&yGZm#99+WNC
zR^@BXe`oaXVfk3GGtVDlPvpp+BiE@>m3oyNGHiY0vQmg3?Ojq12E&b|+U(+wSK7Mo
z1jk9AA-V9D<9na2QJq(;($zV;mkeImIiDV$Ej5aW=R31qNW3l<46K|<MBNgy1sL6W
zN(t_>`6auC`mc*8aDkAmr=C6&6xXSYQAS~7Hf&OCGsgUZ3eW8;qLgfo(oERI=Y~=?
zC`%_>=sDXieba|6h-`mgzLIS@R?StzNxkM^5YQs^_T~cbrH*^>W6$Hm<oCL{-D+Rm
z!V~9vB{%8UzH`W;n7e>--v4o#Utc`;>rE-T>qvi0j7@C__AVA6bD8YXX$&&0@csjt
z?t)2^!6%}6$Y5{T$*X|)kEyBm@A^3^kV9<~*bAR~ti4s_t<1poD1s)GB#QE|+n;%p
zCDC8F&64Tl;EB`AZN4*oRac=@Zm{6-B<<$%7ZqLQrA_x%*LoA1-MIwQQkYZl5p9bQ
z|Jf32)vdJ-=tT!>6(Z;*$^5qOhf+R0WJM!-r;yl)A*g!Gj8A3z78v~Q51e3-w-KW=
z`u?*UaiEgHT_Pw(X6S7r!ivXM8RDgE%zyXJF}$Mu>hxUi)xG*x{;3-arkkrUdtpa|
z$`=nGGWcS%T&AKb_wQy#c<sRWc0<~oc2n&y!oriy`jn0nIh+(K(Fj=MdeS-AM5oAU
z4=Z3me3!4L?{kk_e)d5^RyX6To`YNwR(Xa&gUy3J!_*#Ct~I(-X`9zqZTN84oSNgf
z*>fY0Pi&DT^N?4Q+>I1I4nL7_A<Zy^_3LY{F>PKfc!IeA$O-{lrWMv&Gx^fcIEMpr
z1Dz$%hzqZK4?L3VnEq{~Kj-vF^c#K)%Aea+H(5X^^_KG@cuG1vLLNWq>1rFKDsOu{
zd?(-Hp(EQGc|&D@`!kulRwWTmh!E2;rN*oEXW$*2Pl;_OI65}p+UnnrFkjdAEmS57
z-J5A03*jU8C(TM3=2`w8aW=cDcX^`k+vciUwrQ<`Oe`1ksiSypU7g$$gJ1izomPo5
ziYr!!tf__b(-TSbo>z^{9^R~kMThWhcW4MsP5Ihe2&{_<D+#+Zr1iVvlM1W8*&*iJ
zc|Z4LyzP{abx!fkZj@*KskL-sXCV5b2>0DXE;S(j1pVmjvK~4AI>mt`vl<m}d~)9E
z#qvvoe#4S7M!gV2f<cb-Z<DigrPuaWy@!MIK*DS9+#3-R$IW|)YA>fNwfOJE;x3lv
ztJJqOZ*e6h(WK@_25=nN9)}xyhi9B3Q=pF!uQ>~Rw|i^X%4?(S9hHev2Oi}p!#U7~
z<dfB5<rgr$$!N2+p!kS{oBihFu@m8ZlB}E-d-?S*m7L_t_Fzu0H;56gb$jcLstx6i
zE9LcjwsVc=qp?dXpG3#DO>QN^@2f|BJLgxVOxfg~$f-DNq=t~b&IcUM)ng)^vJ(<A
zE*%cxH6^`8C)KDRNuZSy1Woa-k0-A%=%=``=F$FSrrni~I~m6#&GeJ1y9$}f1mdOE
zw0Yo~OO~4^3SApSW6#Gz)*55+w_UlE=2>qUe5SXr)_G&AAIRJwzZcbqy)@$ev?@cT
zZq&&}?9{?-qNFJcb)9=fT~|sIX^%dJxbrUbQ-5@L%av-O5|C9kpBI_Xe{=J3i;*hR
zv6&ZT)_Y!a3K@*E644Yp!}TMl%<-hHV(5>-RuQkty5TEjX$wKG*4(!yRm>b0<RakU
zAjSn6l(*V{i?+q{KvsWB3OPrj4jH6JV)+rgrd$+n$!GRIqAJX3xfa?Y#W7arlp_;d
zz5Cq3UjC?~y%77nm!0nLYpZj%RuX;04wn&Rk6HqnDC3u3-kF9aJDBwK4uv_aENdBS
zmt}wIvP!R5q3sy%7AKdV9j1;*kfuLbJ6jmW7qhUZ<~Sr@o{Fc0&9y0h2{9&|oo|2Z
z)01elD-$a&_Qt>VzOV2=D_`xcHfDVd-WMK$n^H~Dre1!x`os7Lg?%&#bS`1EX(Ko`
z&~^lK03t>nqOjw}>cyVa`VB<3rB<3FQ$p+B7Hg8sDh~|Ql>%KgBJWA{-UNv{=z~rD
z5_+4?=QBygMq^)U5`&@?AL*4}($p`xICUmt8|M_CZ+bQ9SYuxT{$RU_$$ci6!r7uU
z1y%cjd@lK(wIC~aBk?O&*Mf}7%oPJA26%UK(0Er4dE*43I-v+G{>4J#C64x~b=$I`
z{LaYsF9^xK0lgLZ#I8{=7yV`g+HmD;w*PXg4#texqr)=?)2HNE?Pp$_=7)0{&|5S_
zI&I;{IS6Lc-==maZ^#<f4GKWeH%;8sn-M{q4Td5;QvAm0wQ5s&lOZ!Vs%+J)4}wnJ
zxi(1-)|U&E2Kq+~O;q4lhsbZx9uZcQv3fgOuyG}nIV)M{$Xyj#Csooju`?gz!xN-C
zEz1))!vV3JeDGR*cmv(=l*UuZCz@0yj}9M&iSAj|Hn~XQGc1RixxSX5%$;@295Hmr
zCT}Gmjc%?A<?Ec{WaZr2!6W(J6n*^8x2ssD*HF%H{}hwjKf^i79d!;JhpRzIwdy{c
zS#W-!^0|a3mwb|wu7rttgiZN2!8VL-iyz83Kw)9%J5Elo--?dpx5bs!YlW<v?e$Ae
zrPt+}2YjD-PC0H?Dbunxn{G;Uc~u(!5wTY8(aOkv?|h~Z4c1x4V$H>Qk~fO1=HC))
z#lShR_psG>rA8^+3Ga8`BMQ4mvLwA~&9F}E+(t(o@kin-{}FEN%aAqD62Pypjr+`m
z6GwG=AW~n+*eW{_e)7Sf+?Y?x+__@Waqoua(c+Kx4A1cd)453kB2&zXRWIHeVv6wI
z%+R03VLE5myL~r{QX<2$enz=Zbotdu+<E0BmB#5j(ecHm^$qnKlVz5dL&-ZnhLOi1
z$}AT)pY!O2+dRlSlelghHG!YFJq+94T1t@nsJWVM`xXw($~1WUxz*~Dii--+aBj8t
zqj>l34srZ10(c^fy<dhRlR=BkiNY%OW_N=(7gX}1w?Zt5pfb2Eyj~8gxxJEXmvr&o
zvwgBIdsowA-IFh-I5{kys)YwH$ejPSSux@qzd`<uhuj{w{gOTIvPD0w&02uKQ{z}@
z7_XF1#8G0{@>*Hs^lKmd3w`7>(RL@9+GR$UfQAZ3r>*m+oprDOHW_pY9Zz4P&B6o9
z`2?9lN|BwMW^6;kLfxvsd_(bj8KFg|oyEr?xeHzer&H}832m*vo_HmgVMOltQAvD@
zL(-yh<WXU+-TS%S20r^z9y`NQ|FaPx9sQb?{VP@*IT^PuSzr-+mNLAJXcH{>8WfAm
z8bQ^h5XvcgZ}*~Qhs^`R$rXptl+7br!`(iOtLdxRqoR8<VGQ~a7hIa$jZ5*v_&R%T
z_@}g%`&PyydIQGny5``wt~^q?8#97VgnBJ75kWa^DGm$?g-3ZJD%jg`7u+1!9buB4
z-NjGrk=hlt>u~kEy;p<ClD#vwX)F))aqtlY@o~5(msP&EM`dUAT58z#hqj!XH8o?6
zv)O8!r}j>K@aEfNjVqfhJ~pY@_UcG79J)H>=VU3pUj2D$HiV_nI?R5}pfjn1E2UP<
z|K%YIJ@|TA8nup&(-^|6Trpx26nl_i2*`n=!jONYr7`M=0j-W0PrQEPtf*$q-^Da^
z1<`m<tM!Y?H%DXlY#q3uR_xRzo>E6iS=g-<uBp)>;-hZG-n6pXVr3<?X^oA?BgAc3
z+GtYj%ZSMxuJsc^g~~*SxSbc2SWL8Xx*=6o_-;0kw6``8gUPY^3dc?TA(7dV7!ZMr
zrzVSu-H=F1ZeB>>j6f=+JsU*{=K0`GyIr{#*_j5<S2nkcYM=A21E!~{z2AalddmOB
z^e6U=y-$Q8nf{BW*?4d0oTo7<^(yoHBVwW?xX~E7-tFzA(%NX%px~h5z+=I2=K@t_
zs;3`kl-Qa}b7w4l)NdUalp-M=_0hBv6)9;{9>=RB94L~OGmeOmS&K@F<cpW&wcse2
z84}9)U>&Y73)da6<MDy@&y*PgyzhXqv*Ad*Tchz_<I(oZ)d3j1`xB!wp<*h|uW_cZ
zSFDmYjlDshg@pTCzVCzK<Sk+Dxqim9?UM58=#%lKdi`T&oCRthb%NWJ@g`dJ*F*Wv
zY7$iIQ>yzEjrV>gQTUdXxS&1^t$+#1`+n)}6CVt55oo~n1f?4R31xV7Q>#>R@ABfw
zLNuBSN!PtIf|$KGTP>fe_jiQC*H4na-*l4UD<5~mg(rOX@fvVIy!4%_m2-tDRJD%!
zO55PN+(n;EWG~A3XVTe)0r4RiiEqhM9_>kLm0vHfy3zoIGw9>ZhuYQlyM6FlumlEM
zwH`X@{xMfhZm#tDxhIwS%?a=4?=M$N*VGi-wU<rdEd_hrM)<!Fxh<PnkU=j$u&(){
zK!KqJsPiKpRyOv-viPxRAIMek{d1fsFfaNt;9ZdAz-yzu^5bUCA3l)eEp+7a$>KDw
zwgknePigofD|H@5;&s`tG*`r#43w_e?RIN5=dLsajC^WN;SIA<*{dvg0(<Uv@hx*l
zu~CUHtI{CLy7)0T_bIzp*~H-{A0_6ah4Us8>=$|%rF&OVl|aXZ&R1cPz#VEKn_j1w
zg$M3rhxXE2!H;$9!uA|^tn~3-dA)}<#W3_8nUJU-xnF+G@OgL-PW|Ad>gyBmgu9Z~
zxGrSCMMov{@&1Kd^$-*<<9m4H378h@dCl<eGxIugXyO@Y4`(}h7uriLDWn}%RFuto
zK9j8H<C>DLuoqI(bKYryhVi2VA_;30h78sxobE}@ZI0})_Zm~&t>&vsx1SL=o`kM7
z4HSy;7+%QBWK00ee0cZ^q7FXk$ab?8r1j6D51WSZ$AT&6KM;KI=?ViXf`~BQdLh6M
z()x=f4Ej7Vyi8peeLJ*MOez+gQ<Y0Zc3}N0m&GyZ452TZ%zULCS5wxvGW6jQQcLE1
z_DA+-0VsNBDAT=-5N|e;ucKFiTXqb~gp75897)ONQCZ_4gU3#)N;a9p8X5K}cazGi
zyl+b+&6HR~CvQKaQ>>ZX1@_Y_s;lGa*VW3WQo~k`3JYcPAzqJYwnE1rS=}q((8^O@
z2-dd6pO9b!r?4;a?cEhB+|rithxcxj;7k*!+^s-YBD;ku`RG7IFZ;6(D#(cRK?yYF
z1IKDSK-Q+IJoF>tBhT~7`;p~Fl~>+MW!Ij-Ckv^L@J@0KwuRNj#?DvXfW<KvyzS-f
z439V0Z$D4EE^dUE?mQ7~pS1mo`&N#Oea2w?OrX%h&K5LPxkylXG1|~HY4X+1(wnrW
zPUPj&tX&8>9z%ZytPaDj5=I+`VOg3!K%b>a$2?XfeMr&t>6MHn{5^dzCr|a)?g{WS
zUpIc1rhj|7n14)T2jy>RQ<rf#oqzH<PsV{jZg6m-W7x)aKtz9eRZRCJ)7{iSE33@f
zYFiqhGqLHd3N@PN-owK=AMQHLH~GCiMiP|}S4SCwVs{Q=-Q~?ywVj2<ZbsEWKLk(P
zWX}2VZ_)f-JUM;opx_%G62=#_b+O-cbCZ~5q_bS~3TL!etB3C;;795MX$D1ngL6Bv
z!0}fPI!IXiR;zZPveg9cg8hXf-m=@JFdZb$L3l=<p+8nG#7rqaP$e|p4t<&3?PSok
zeOASuh1yQmK|X4AYmGpmXgn_YGNy7WU8`dSy+n!(<mg*z7rKb9Nb+)A+uiQgmC|+H
zr5T^7l%<XKdc+PZxMsuz^J^u2mu5R~MFD5Ag{K_W|J)U=f^zH^<mi!MST-dp42vM-
z==*&&#vkqEh)jqB>Olfp$46X)Ol56Gg0wZV%>;#*j*$*bBP~r?c9Z(bdwr!II>c9&
zK3A@LCp$_7IvQt>X>OiME0OTOG+9RSt~m9UmGR+`HzSaWnQ2y_+(BnaFHH(O@NW18
z#AESEr01xi-ajVFIaKt-BB81W9>K7TLyl7<*E#=`_XYWNctY1lTN(H}N5sn$>=P0%
zV;0XqIL~D!lgd{cm=kCIGv1ovo8tx^Bt6Q5JguuoU*D}dOI&2GVngY`C1;bA2>f^u
zd5PS%v#NjV)JlJ{H4+iIQ@&@IwUb6}F7lLZ=$hPH-1Jjx6K(H%vF{Vqyt;<x7R7I7
zDdpp}{Bnd&RCytVL98s`*e;*{Nv>0^oYAcTQdYxt@4dWKipIaT<7}V6uj{Lh_^wQl
zo+cMHaEmVGF{5cyvkXvES(%Kru>Qi*%gFG{3CdOvR22(S6j(8;$|d&l??nMbE68*4
zYBMkH0#$`rNzP5}8YrZ{CHQKgi#>92R1{>l<??gW;C-yq{bf&YzZf010_Ar<vW>nh
zrRoW(_2Gv1tI;wgk2j5<q+8|Hc{9_irYselD@lI`{b~n_O$MrusYc=kc-!fe&RI>*
zmYk8FU&%|pm9_<Hlg(1eF^SvPGmz4v>f|^yTgx#HvkV*;?c9DZ74>kXo^Ca{>Fp)a
zTRv~=mM$gtSKH$l8Ba*qNL3Hr$cT2je7z}}C6t5ody^>6O+`#`QstjLFV0)|#am9d
zXk1ZtV=AyxPPsilSH}LiuGz)Dv95^2y>nRzVc?HG$LpWa3LMB`FXUsPm_4hw0WV;_
z_GQ6CHRj^2cBTk%y5!8mb$KIn`u%5>-gBtR^RbK9=kV?DDBR-YJgfio>0Rm?p=V>Q
z?&F>1yHX^!8_Z)3^~`w|!#+!WW8&A-`*~_sA07#xtAvj<=+m>wY2h_z2pE=bfR>xC
zQ2Lc5VAhGC<C_jjJXg?xLuZ=Aj7@g*HW+pb?%ee)LC4X{kb6I_9Q~;-7qf&GEHC0%
zY(XMx+dNTOSbH;0Qn^~nop5xP_a58m9UJ28V+r~7uc{F1`t;GHfr#DNPj>>X!e*zY
z{n`R(N@3^aW(u$Ri0hx?%P&DzM3Wb+Etcv-=M)IPZ9A>5=W&AcM(nX<)t334!xnoX
z<1HzT%j6Qx35uB%8|Anp4%<Reh!neJiM=)z&e^@Sh|A(*-#ZDG&y!6P!;4jt`q`@d
z7v1bz+<^=GsVYvWU;v2TSmRC-ZJ@oQ$_sN2W<q%k9hIy9Rb-~0`2?kay>Z-J7#z*k
z`FdmbJgw@9g{Zt*n{@`@1&EbrGS)AxJodKND|{!tDvq{uGQ>wooos0fK#@!)4l1>-
zIr7D}^G0}Nr-r~;?uN3;i{FNhTD?g5;Bkhws&*=)MV3Cy%u1yWv8I{F9#NW3&LL7p
z<Ivu)z7183K?ct@s)Ji`Q3*UX{?9o~PV@64ZAs?alxCmZe+`U4o~O_`iuSs+u7C8h
zAq?Fz+{kz1veFH9v#9&hqp5IK-76sNd%=^zLCRw3Zmfk9rql2i&5a>lg`H~ky_+*l
zVQr4?wxhjxo8@~groEG;nF&f!V(<J2)vb~qGebPvCV|>BW0$Dc%N?^uI2Y}eR+L!L
ztq%BAo}E9l#=dxpB`+3JX8PEmm}T~0lTI<PDZMHBK~0uQAej^5Wn9{BFSCeBV&wm_
zJ241B#+Q5*?K)B~%m(n&DRK~BV-EEYo;zegJZ;MtUxe}xXPNaM?X|ajf`+ZnPF2CP
zGgm8`%rcI#W!z?GNa$t?t`bmr#JkYJDB=2aD!E4{X3;DeWHv%StE`f=zKKkI?*h^S
zYadPJ;k$xfYnCb{%zMVITN^JwU0AA8>GFv<$2&@YA$)z^Krk6b&YsKH!MC2Q6x{(g
zua$qCMtuqbVh5BDyh>t<_1hr37aeCbmtA9Q%BV;L`K&~F2EzLt3aOns36qtBld{Rw
z&}-#Yq#*4}Y(%g}OPELef`_|YOc8%0{qbxt@$fr8zmZV?^&6COQC{^egm5{EGCN}x
zA_K`LR$Qh-+-IH~vYw$<oY?~&aPU<*cp!I$DUTEX;NB&*vf|vx0J$UEnr~o;)itTf
z_dEJYRtvWM9rMY=3@y;WWv{QF>uOn?=vX3aT?!F9c=genQc~A!5WovFSD}l;RQ|Z$
z{2!G++7?b%dUgY)m6sdAom$7FHwG)U@;!iA(pK*mE)yy2&Es!qz;*|Dtp<d}w{^0w
z#I}OAurj|`QofA2_Rp76YK5L^pTg@PVfa4Fs`Q!IvgTD8`<8qWQSd#^lDiR4W(ukI
zc0R9lESM*dbI{t?wAPL7IdBEc)E+xIkG~3<U%F^kxtnhUOGmtMI|O-zjz(g~>Tdkj
z@;p;U)m%AdqjH&RA?Wz>CI=_I>Un=eI$PL15+_>`MOm0k-h4xV+ERD&rbqcFw<#FI
z*-Lx{Q^t12ZR)Lf&B3;Y^|5CoI?eQMGo7j*=YelO$WLSnb#*k9+*;4TqcJH>29fo5
zyH0M<2D5p;1?3XpPUH(D$wl$pqPskMd)GT-NHkKo`c}Gk(3qJ;u|KzsW@_Ma8n<S+
zPZ*zOTqL};{50EygxLGB9XMs&uuYQney-#4KXV=YyC7*^F8Q%7K6KLB2L76XIl99q
z2%W*}pu<i^(ZQV;=dJa8<x_!H#mQR7S={t7i@VQ<1ehN@6yBRT)-*>jlXb&R=ey7C
z44#0pdHORx5!239m9AaYkBD+#J?pf55VbodY5KCtSL$JT9Eu7O983*%55s32xFTm(
z%F&dVmZjM>daJ=O9e)=8Fcz}G70kv-9_#t{a2{ks9yI|f_BJ>p8y+U?GE$stz?hbd
zN7h~JYgqNB364wsja)xySz*r(`m%-f{3V=)9ccY_i&3c+sCKN4lt~3heAKIazUT4v
z)sU_Ms4-ei_k*{sqB=OY7CmUVwx0m!cmO67;TYwQcMXQ}jUn(}m0+6Tl}5T~Wry`g
zlQ*o$wxfhfql=VhSgkMlJ}!$&yV2{lDOH~{u?uIu2P(Ew*RYZCh@A>u@O};4{r{4L
zHO>|6^l6t)v)Q0`J!Fn<R;U2nu61k2HY9c6eQ|W~_W#4)dxk}|EnTBq1tke8k~0WM
z7Lgnk0RhQK4oXf9k~1wLDk!nZQ6=Y`vr0|^l5>^}-9Q5k^j%Hs-g=JTIp2HVANT(7
zj}JT`J=dI7qpC)Ynrqb(;viayo4{!kKjF?pyK#{p1SDcB=c0ETn&#@l9@{Tv$hLx>
zyFm&rnIQTVvblJyG6q@T)5nt9$ioWjt?)+TlS<iHo>OB3DYt12*C&z)$rHzd>OEOe
zCA+tbgGNCAP~r}n_OQ@)xc+-M0#xEC$z3^9UT2xai>?0Kb%h{k6{TLGY7eWBLVPc5
z?UJ86c_5F|bZ7vNZW@#ViWYv=lSJA=YV0nV%p;sl$7;qS7Ei~0VoR75yrb)5V0XV7
z=N@?uG9_m$kiMx(MsZ1(Vz!o4GbSnz#5;zZXJKExK6R~U^rU!D_THD<_pR1%Px9f@
zkvr^3Dx?dE5szf|+yv^t${2B8f7Q1@WY}CzJO4vvXZ>qY{*THoTtMdOV&?u#he~zL
z3x&%C_+*q->}&TlE&>#{`4in4L39W>B{`29%+j96A7WBsd~WPJo2QnzbYj@rOjlKF
z9t1zF7tU^dY4>>0M-*x^_aZkl_fAf*-Dx7T9~;5O<;{uxNAy{x?PbjTCW!1%0>Arn
zZ@#rE;3V&CIkL4N%Bv|T&bZgJ6iUaKJ!}6O@DBG6=)RwHH)Q^I%-@x^;<FZ!Z4`&4
zZV#q3O<TD?g*u5~-M-Dk@`8gKDYuTKl*jx*^GXGBovZqR$DWJL{4%DaT~|A5>dO)#
z6#%dw`B+v<+0)knS$khl3FLlD@}&*KEDLa!CeVUs4U4{%)lhKx(4Z`KnWcNzbHwj_
z7mYF;9HX{7Jm!(#rdcO!Dm!r~wkmS3#eVmW6-}0{=7#c4IUro9m1c4P<lfhw;61-S
z1LJxTh;oPK!&)q|^R?>#wcW0EZ&}&U*UH1mUoXJQ3UbDG2h?kkOI&iLqQKo0TH@qx
zh+vr3;jACN6u&ANpxfm|V{(cFG<wHZb_`hd+P=^vhw{2u7tWP&b*IQAcZ4-m>nLUu
zs}0%C_#^C6txs&u)$J!8aU9u0KAL-lN~-{!Akm?-PEd}mw`%VInXznH6p+SVL4iJ?
z-S$YQ{2fL0Ou_}Naw=hy?SyionUg`iUB1e9J6ccg8pBilF7}Ob*+42?MdH24Cmz|B
z!SxqANG_%|SWo6IZ-caJ+}<4cfDBiw7(x_FdnpSNx71ea8U4)pdaLFq9^Oj61f)x!
z8Z-yXJ<~0Nk}~cLgdP&$aHHZgEOD-(pU&0b_`z6o^TCYj@>Q|m`DIn2yOa6Z^Msyp
zs`UY7{ARREO3fH1rxD_hpKo!9aUGA268grV0|NIzkhcIpkG%MY9$7W~dhM98D9VW(
zB)3kvm0I8(wmvXjuAqpi=_jOa&zs4DzxUx1ad~^=j?1Xi!{Kv-nseE_*E0;jsJ;Vy
zGP9zy7DVz=I+bmf=rIr(3Lf<t##B2Dhzk~}*+dyg*=b6KBzSQw!#N`_v`<tkC{DW5
zy&5wwP>5Ey{eBjDsIxd3`QM+#AvC>|lgpDU949}$^CMp$S5i(w4)^J<>eJSWx+%#u
zqgw>Vy$SB5P5QQDB%M#TR_H~WsOA;DYK<p=>TiTqx95oS4dF`t{=*&{!`aCxcj4@Y
zg1o&tD?o7)cj-3b9v!OF10G@?m0_&9z1v#s*yAZ{f6<w`tfgo!L98Zwe39@@hZrCP
zPP5c#y#;2CvY`VQ@E2zg)d)aTQKS4J0H<fQyWPLn?y3j=tU-K?Zo%!tcYPhR(i;Uu
zKMR>!<SGrR>tUe^z&?`ltb)JzOs83tn2t;aD>4vGJ9b|htRqi!SF4EhR;)`H3T;a~
zY`%RQ9;s2_oHz+{0=-p9$h#^?!xe&-<L%~03@aeMCTcd#l`}fS`)t34#NQE{r|H~`
z3ja2Q!M6-xQ^QZ?9S(p^=_qVMDVPCGLW^9K-*2mkwoEiONt0P>T*aX85(S!>S{7xi
z18-Nqkt8Nkc(Eadz0*6EXAfuYHC;O9x<28uT8~GmgFK}SLAc0UCT~@=%ubV7_kuS@
zV{8n$d1aT&C=F}WfexKDgsrJac$y}MK5kO`#2d5$#A%15{@l+KGFPWO6$H0rCXtS@
z;od_`6$ZyVqqSYGbL!2bgYI9cTZvTW#nmg=PFX%N02p=9PI15r%b=enS%h(6yh0(A
z)Cqu4S85}4e+Ysw{ttp6wU5hgUMx2&H}*IxyYY)wF_l*h$KrjS=*CabkcIADwXXZ#
z<?4CvA(G7=;jvD={(<X2=Xmx#HHA<6;7HC5QIg)areK#tk$Y4*(q9tlMOX+pPe7xE
z@Xq_tH~M%5R{lN{Bj6U26>r@^s-qeQChgBaqxuY<=DjzW2XTOS{jBb+%FeID`rTce
zfJoCDUCizJ3ox9g!KC+!CN`zhvYMJ#O3N`Vv#4(l4)6UQ&Q2{c9rdR0o!ZT>O*q?(
z(~mCKFy+JI9`1soS66Vywmu2xi-dIwYX;yEJV4AT%z?4T4@vU(m4sGFbC8qX0{}I0
zP9x^<!c{S2t5C*WhY*o?0XnwqY4!YXt0Jo*#=|SM6*=RJRN7U>Vat-Yz;c3Gskcy+
z$XN1pKu_}mkgLkLVV|Qo+j%_-Ok^g&i)bzWquKtU@rgJPe7U$ghU%m9W~}&XXj7^q
z`;*2#mKRTW>@#RLD4RG`&juVLK!>}q-qg8t=fF%A;)DP_Pj0&LNKGma(WiP*wnFI^
z@eklZBo1b4w+FfRTr@(0JepQPxSM?Z#1kM+o#d~$30okpOFf-Xg}~?D3c;H*!OzW)
zw{B|j^t`%!WN&;zW|#{HIm7RiiqjuYbWQ<O?oAYb)rrnswaZgMzpWzf6P+bcL2=Bj
zbXRmAqbbAswcPX`*E7Az{n|jg^^3yi@3&<*Yz8tMtuML4Q@#600x^xKZVR|*4+X6R
z=LjP2)jTWkQfWDYw~hD>G(E5VRN`JqjoBK6(b~Mafi*phAH3UH9mfnRc9(nKf{9WK
zApgo$5AT<$c>f-Yu>W4Sxgk4HbjvW0nHz4qr}ljE!0%|4ma!m#(Rm5!H4wluyt;9A
z4@vHQL{S|AFf&PIpoN6@z0DC9`fDEhdi$0B$w%4qUY4cpGn9blwDWnSF#TUnmo%FM
zVW+GDfN!YjjqnK&U+=nII%bI?ruB7*AFY@ztr~XN20E;5l{+>?w(MWhB$r<j-y6Z|
z&`s+P&9v49Wh@Lf(rJf3EWsr*-91zott-wwDrUgDsk(EEU3ohW@DO66H~WCTChFzB
zOhmFL8DgSfe*w^OnCPMd_jp_>{`Z#MFG-ZI1)6{AD_*#XaqY?%&QKi1QM8r>(%23m
zc#kwtUFd*Z9j(e<V$CKG@}kni@W@)F|3Z?i&^CQgf|Mfm;9_TM&(riPc9$K=OKVy5
z(0sGLUC*n(?R{{+f&E~XkA-U6utlr>*3A?BH7ioLddfw_ST*kWb6hq40g<#T>G!&6
z9(+JDGn;zZs87|Oq#duo#KVyDhTa^=g>CKTkNt;<PZ=r&4m7%(n;>n*K0I>`*V6R6
zUcKHjU^oxUuxeDV)ywQ{2&~PZSp_S}J{6-#CK;Fn<|<>*t-d%v0mVk(eo*DV$9yCr
z48KzPLq?tf2lb7Tpw|wfA+=*Ymc8*6(5RNGG+;4y`-6r~#DZoI?XIs)3EM4LAeNKN
zV`_9GVEVW?#p9YUh%}d5_TAG@{qnt}rcS>NFBWi2rRpA&+(};=?C~Pk+4XKo?p#4S
zq*3k{_`V9%$IIWWVD`;HWVHs}(89uMXYW8{#!goZVgQw2O0wsmAQW{iZ47$)G|`qH
z`CB<|C^H(!L`EU<CD?D}rh!(05=_+Yn(NMOBM%SDirgtgB)!MitpH}znFl#Qdju>y
zw`na29Y$`PJDl4d_Ss-d4CfEQm(7c%=CY#>TU><r6g{uw#1n%k_2x$C<0L(BEy=MB
z>w}l6)cYk{>8!#cvPGXStBg&R!Y;i%GBnXk!avqJMJRYO=)b7S<ButDaWa0e_0_GN
zJ%oH2<}H}B0R@4n;l`)xlLj1Lf#x8fV*I~p4tDkIr~>^m&emgV7oPczISBSjXn{%7
zY8_93AkB4`C*zKS2YHbWL)hwNlDZjA1t(?MB;HBoZCpJ`>Lk8EtC)b8Js&RU>qxUl
z<J2@lO7Sf`nc6OzE7+a*g}Dy5CrMLmwA;HYq>=HhovIo&nhErk^V9J&!Qiq$7?J0Y
zHz0;e#~lv@ln0v$KzC#m;6>QoQP&!KT{%;hrcM9iI6s`JEd?FnsS(c-;-ns{+Frsf
zEx$=@5wPN#V?QCis9N~IuD~oT$*JRuR&ws)eXzmC$6{5P3L7_Pjr!e$mYD=sZZBOx
zt}y4_G+o|9t?hwK^;#4y$WYj<rwR>9UI8spK0)bwfuSou?!DB<uuEM>NQU)=LcNnF
zFl$YZ2f=#CC6^9JfSC58XSeN|h*-JYiIT>6n&J(+OF+6+D}%d#Nb<b#IP1!FgL|~E
zey||te`P^v-vCo9eN3Mm--_4W;D~Fs9AL=bh`>AXYgV-~eKLMWHV-^4D!}!Ik214N
zP_lpxSHf8*|J2Xcqi_Cu-#Zt(xAfh72VqsM<6xH~wFM^A;@#=#sLP1@uhar1;4L7#
zqPiH}B@zOa5Vgf?@M4(*vZ`Jnt9l8LfiM(U(cWS_BW2|aemn6SD)Zg=_s<FPhBR&i
zGe@;6G1*P%vdx}LGg~Olb9wfhrD3fszsx(t%ZCZ0to7EqtQ6db&}w$A`V?rIP>6g}
zIRUPn8O`9R=*U97?pR@hL5&tZB6pbu)0_%ATJ%97Sh(fUx;FCtEW8Y*>yXQM3cG}d
z07vcXKV5E@suotdcqwNoJvF@5MtUlwc#Lxk16s=f%gFYuc$y3z{Hw|FzjdUvk3Vq+
z@sTCZPp!;wYQHLz51_}ZTWOXblMI3l^T|{oQ}woVXoWu%kn|^VE=|c26%T^HJbD{+
zvw|yn=G0fxIGRB}jDtx#A0K=+QJA&GanSVcOjy*G!F~Vhe2dK!U2Xte^oPHkTCDb-
zSjnPv20Z9XIQjfoK)>xpoKfN>XiEHn`i%3_<$|<R*HaJhCYlVpU)iVqL7@O||E%jS
z;atPF@_o1#ZyxCe&2r+<;^0#g5Hh(HQ&HG+juNE!!Z0u`Nf`R=e$8~x-u~^=dOjE|
zVrk_1)6-}6$lh&ftq~n`*RuOXCW1CkWR;KJ#8_jTsQ>GS`p?H%D@j~4%hOJ)M9ACV
z?DKxFuonJqG5`ahKToom>=4x488h(?Zl8(j!_|=cyvTlPTxhftj=bBHG<29lo-!dg
zN7WW#E^7;afit=){*AS@<(uSaUE!m8RkJi!0~TWvOL%K^b!sWU99aW9T;|Bs`)wp>
z)!w+QFz+3pB(R?XwsHyB$_J>eRQtY_n5;p+-%8Z*I<S=wLng02(3(N#>@0TQob4^{
z@8<^Wq}hgRzZDAw;qt$>)sAl~1G=c*{>FP+-7dkMgOeP^^1^iQ&1wTLC&4&&r$1>V
zeA+2o9>NtYa*s9U3h5r29yaq%Qe{-Rx=f%22m2RzgrzJa)=yYeyHe;G;h%ELJ13#{
zHkyvJ-qpN009w=?d*T(Hw@JI+>qdVr(DgESv5Un;htf*}_kdfc%+N&ogYa|y9>4sq
zgi#e}{q{*rd!$-PFiEcIG?3MDagMP&R<+G=fU>*37f=Ou=&KN8TlR!6)Po$ByPuVU
zskzdR2&%J-c6R%10foP=ENACr#Yyo_i5qCyBJ6AwQ!KCH!G!QB5C;1`mVc<X%W3tI
zM5F|W!*i%mXxojx*?gQbyY$)*i2bQu_Sd=ZdSFiBeQ8>E-%A<erk`dDoPEc8+T(ps
zt~ts*+f3ly*Wj{nr^z^z3eK@ldQf)B+}s!h(-<%W#YPJkV7P{luh=tJ?X>m}s@|@&
z)|1VzBaPVTtQQ?fZzE7WsOKAiMX=7`2!d(-Pm`Ibz1_rsDEIg%3o-rJr*GVsb0>~G
z!iakFrRI9rpv$8>VXtT~V#FVHxrYqS1I$0_jR~~LKVTN~cQBiNr|0V1)U(0FnBs3)
zWWJByMAs51uz<Jr-L?eKY+GO%c<TLS*Y!$)8`1FG0OyN9SQ|7pK6A4?&ILe17wMZq
zVO*Bzmx0j&^!xWz#d0WWLCY6SA0w;VUI3O`T$oo0SZ=Vj1^CVekeJg0iTOKiG`%0+
z9O?4g4C5V|R32PtsmId7ItvCl@N7v}Lr*62a!>X~RhfP9$IwM*?Lx0t$a6IChenFe
zPCb>A&8&zcg8=a%@o3lqZ+OjOJD}!@Y^>&!T|ta>0ZhRP^mz}>gDm7UkM-7smS}@T
zdci&F)L5Ce73=zlL6<?Br(yiJz}c^1)HyP>r|^rLBO0JKM~t|;-`k4mzqW@Zh>?ZB
zl(uDpvDFPJy@v~;SiH^t9q%j`4c&V%sAV|lnV+u4&;ets0M#e^_9o!)_gY#y<1d-I
zALbSlF;?waDf4m3eo)O3aZY!kiOdL@ZiDi&EkH6i`iTkrU=dt+a$rqIE*mx|qTC}h
zbGlWQ^NvkF;Qo>*_lJFV{}6VL-`>C9Xn58m85ZZ+zuzcFtK~F6t!Ja@eKLm@kW;vf
zmk-~qiI%pgXhRDq7VMhDo$kNb`Zy_?Sp(54J-iaE;iMN<)G3_Odo>d;c?e#notUxP
z_n{DWsecv8V!nakHt|te{E`S0=oVQ@7}>dzv*B>3Mv$Ke%xcv@v=3DB0QF9Hv-X7q
zK0wW#-710kf7rtL`3D~GnOgR-ca_aGW*An1xRLg1T@BDudzyGdZC2Y0Yn0%#qRdOj
zJme_;EBK3laM0Pr$fC)KTKDvrw<J@KP2>kokSE+r!UJpvNw{2JE8vXG1Bi@KFNR*t
zO-xt&<9m)Itxzelm1zbQnP5PSQWd(IA{z!osZSr?pY)|BBL-gruNv`P0t^rs<N;A@
z>jeH#Gyg2sde(53aOH!|)&rg;{>TDOG16w9SA@*zZ)<@2vly66XAbN-nY!U$2AEf|
z>O<-&PY~Z$Zqa{o5YxKiCQ(QGl<(eNis}}XyHjc1(c)OIAut>wU(u$#A^KGp-IB8Y
z+UidoItMR{O~}~2ng(pV>N<F@_QjV&srM;b{nfC?K_$aJf>P6CL2XE4fL>gi{|Ge2
z3$w&C!V`dD9jON)fGUL#jRSl*rz+YbONAYO&;7N{aamcGvIIGHy-oc-unb{O_QuO+
z;p{49b_2!;BbkGD+>VRZZCTnix$oV9eo=)3y2=tk=-e#;3V2(jztVfrYg$^HT)Hm^
zKaj6Fg(EMG+UGiab^bo%$lB2N3b+r%IT>vI+{a7!3!_SOKcH6#_kWhfj(ZB^x!-_d
zkq4N>xPYoX;^fXM#fq$_mh8Xnc_g7L#U#rjit{b!3l<N?(j3@3u7^B+KQi9wNe^zw
zQL<6pOq}90q^y50en()==&A3NC^zR9U3b+zDFZeFe0Q(2@kSL#+}asiPiw!L4XKri
zP?%Dk)0113&vvRaqu=M@#I3^1$PzN{G^;EeUSQcru8p^vt`IlRO_0OhWJ_<q%3xW#
z>T#;W1*qT3#>Q<50E71lAvy$lO~AzE|DD07INZqU)pUQF*cvx?&y>{JvjcS-hwR`Q
zYy2GIU~hxr?yQt|0r&Ja%erP1!gu!QHLntC%Uh+DyDsNPxM+E%m7-H3ukh#U^Ge(-
zA$CY*p>j&Bx;S0kr>2$Xx+7;<uaSejWOd{`*$nJOY@q%iDe$xgJpaf$Vd35<remN!
zKby0NK4Y$I9as8wemmlN4B$0zDauK)5f{cf=F6?bsAfaTV3!Y2LHGUnlj4uZoqH-(
z?zQZTH(jmbJJ@Fh|0?hkp5zE}$f!|Xw1BZuCrmR@;NRC>;BO%78@nam)2i8jTCd?<
zAIFhg^L|M$qN>JUlx-JKg@ErTWbhv9;d5%Sn12#_H)Oqtd%J&{(O@99zavFM*SanV
zfN3kcf!dzqtkfkr;v*QBNiDGZ82-^$+TMR}?bST{l@e*2qj5PibM>IqOxKQV93Hsk
z*XJr1pvmJ;H%e4i#><uW86SbaCW*a2K`T|Gr2<h^b<c<!9ME4{iN3RK^`Ef<>0|5X
zDR@I8@JYRWloU^=NF4f$whQ3EJmgsY{mJZQ%^H)%e6Ev_wOS@)?{NmMo9ZF)H%L^m
zQ2`K8G~by70w6Ui0FHhSfZfsizYTyh=rOW22qA(tG`LZC#oF)&f^wQ-*j8RUAMf;m
zOa8!weXdKXyYBOv<=vAhhf(-oEyom>o+lsEIH8_5|KU-2Dd*%hj~%ToX@#v!Z3`an
zhua0Gh><|Q9Gdd8h7+U)VQ`_op!=&x+J|162Wd#=#r?49D2{w=u1CgoUT0149FMY=
z0d;7m{iX+(d71v+Si%mdD><;T@=mE?toWnu4@mdK$H3&a$|RMDOyk3|Fgc9(k>?gb
z)hhqf%DC#I^2TwPg=+!}q&ls@4&aTv%bDN{zd0_-oi5ujv&1dSV_2}4A{?1OoSAft
zT%RO(`e@X9<}f*@k$XylsM4Z_R(tHi)N=uk^~Ort@|EJR0U5GZZVxYtU}w6%uMN}E
z3=|*b#ml9uDICmwaJ#hnTEW+;fS7Y0JQpB$Q}u35-5r^^p$y{o&%{>mk9cDCWT;TO
zOf|ia^pWWnBy=~)X-jx{!V|nT<+;1T8lQn!cJ1AQ)xhPpY8|J5;ZK#NdL5TB=4cA$
zZwF33lA7=d(kQj2`%Q`YgqVIYy+>mMYn9z<Vbau{hpzZ-Ll^c%k>-8@KI3{!M?q7#
z^<>tO1N_F3HP7)syL94zzM`}YV`>fn=~eLHhMS6}K8Byfda&R9%l8Ae#U8UoGe;cP
z#_wagv_y`$0$aX<qK%(K3WoG%9WzV=q~ufy?Q`ru+~X)_Z_cO?t#dZ;G2Q_DwX#7d
ztiO-V0r6CR@56P2>1atBZMs&q*I&nYXfs^zRLPK6G1&F61)OA@_Pw$Y^H4a#w|hO+
z=&Zn$JiKI{(4R{qekJ9Ua~>w0Gz9@41r@aCyH1+VmnYV-O^$1fCH8f=kMPo)<dAMS
zP+OBaXmOEn`>dL355zy<UE2cFk>Jb&tc%u*XRprdoLtngFX22#IF3iOUAFzQR6D3~
z{n}F><6+hdT#E7olu}H~e9dkQeXosQT)jLU(TzLAy!tp7Th|q;+8tFU{<#g=kum^1
zoT-9wSurpkTjqDgBe}T~6)UDj*{$J~&Yk5h`jFrTxM2ruIR$&1v>uV*?znI=J<Xy^
z)v$7Nvm!~b;XO|R1p{0WGjUt^6C|gkbiRdfv_Wx2cX5?c({XShK4XDoc<b#>w>{%Z
zwY}`v@Tf=?NNdU(`N0P4+Q<?)LbcBoGUqjwDo_-(=3<srk}H!C0Med<o39oDgVljd
z?*^0K5mi{!m;UaJV}Aj3dfw@syh=X7qRZ!lu2=fxN*M^xiK(QP2QdnI?86uN8;b7|
z$6b{9x~T;l*q+ygPHi2B6t8WhZdgKmmnZup=1gjKUZ(R0tgcTk7lTX_E~XE^^wXqn
z*X7_dK4;Z&{Y3Juy-?P}+V*yVG;ML8#;Vi3*5#mJyv~^tW+=@jQuvS`eEiB`22{cQ
zNR8P_TaW2WRfuqAa;v)VwR(qr4%~S<vp61~?6DgyZeLd?a}0Wq5QdS>pXFPW9^F`P
z=~j%{;W{sM{mUx<m%#Wk?teQ=W>s4dM9D{lbKn&;g#gJWxS#i_FVUn26u2Y(;cDw^
zS`V+oQ1;1~7FTu5OSc{x1X?_=biH$5TCVbg;5XV8h;!46sy3wb)+MDXo!Q-poEdiK
zHMal}w-cfi_%x)7ZKD2tUe)}|-3>!c@uzJ%%lu9)jtpk6Y_lY(C#SerT&7=|jE_hu
z6(omh8VFxOyvw7i>o4+zum^n8q;dC<_gUs2>Ifq}c`bVP)k&}x)&Bg7Kr+9jg3WyO
zWzpo@IWlRyJq_@CY7d^gZ}t}VPq}g)&?J+5Sycj_wvLqJmkRJlm;{<SXNS6id*!O{
zi}OWd@V7!{vimO7q5R;*=+siLq8;34Y%0>Pk~<m^(-4^Gbi}-QxS|Dxon~v<Os5V1
zH?P=@6Zn{E^S*1!U+mFakpu<_5sTc+=fr9&l?*r<K<>Gj-E#eiOhZ17fYH~5g+0l`
zEu^?aE)$Qnm*yjk^ktHQ5cc`Vt{rz8p92OmpF20iYdv^dNcd$ED1j*<DL8QsqEG9^
zb?9pg+0RCA>|aKT8ke%oJ;Np;@f5+B&&cjf?iU3voZwwuum;ZgW}tUN3_BCol}v_r
zgLZ&9E3#hJZvM=7p`^f{KegKm!z@~Y$!;Alk>KxR6@ffw=C7-gC{GTUX!P;7hpOJc
zxqQqpcf-IYe{!aqu-Kw*JT;|%O1>Wqy^IKs9&s0mB+M}kyP!xgYXzy{sy0nCMrOb$
zgx)wZY^L-O7~s^$u3t`0FAu^PUZ{OBY_d&vzxCYVV34)RVTRaMuZ#}d!yRxX^R)0Z
zLrrjN-3a{Ra)<1)W7?6Ei<q5i+(?VFuD*ZPu=b#FE+%I6mQuhD4&a{bX!mRzDy8~e
zQSW;beUd8fg_OSRn9`fc(e7;J=@T!)OE)L!4UZ>SwfD1>IzA%jQjB-N(BxCK?d$1a
zE`rU|v|8}qxWiKRz+((!iue$Nu=-CNEgN&Tw;Z-2x^&BUHaCqCjMQ5@2gSJt)!eh6
zlT9FN_s%7V7x0E;V2dh#`)Je3!tFzQGtluw5;ykfW6!C1v1j)^L}l#46H;?6OK+wP
z9AkM{_2oAOb#Hgn)IP3!4M$8zSnRO@=XIxFur*uXJxF2-qx9%<>73a{>t{YmOfQaF
zI*<m#ts0Em?#AW^DP2_xFWsIHfj)D83>Ge0w@farg;w7<72|l*E>HL>_i$Jc8CR!v
z+@xOPrbM(xMjB3~ut$9%+5pGC-hSO;`?AF=s)lpjhnEuvtGHRC3GyO?TJ?oL5p-Mv
z!=l)gLbwqRvYc!);-yz+h^kIBiV27kdgIln?l?|LCt{C&oj0|{ahwk6HwO6C>k2>!
zyUS+V=Vkf3mmU5ER4Y0smOAzz2O|oM;wx@$hcUI)I}eCoDQ?9qa=JUb*LO-9+%Jx0
z@nUk{mfM!9;gGGj;O`;1u4Ig#WV9#Z7C6|N&Y`%QQW9h-5@c+Bn<C@$fp3wV;P7-&
zy*;1ZW`wzSP4g2SU1`EL_I&?|1D#S{#XRyVg82*ss|*$SO|VJ^=X?h1ZJ?}I`N%Fq
zOY=Q=X&4*Dzdv73JQd29b2Uc)d~9tI&#}tV1e0WKVIbce>66wx9T()Wn0C?LMm8h2
zfsTR!PQY3M_`zFsVlpd!H=xT_x5Rg@@GD)2?N;=S$ppo$W=rEWZFe7!cs1rs!2ZV_
z8NSu(Q9UenN*o(<*}t$dwKVvZuWH~VJ;J5gyE<+_+qi6}iXf>oYO%e#Be6IB&eWaO
zDkhOS+YAyRh{wY_A8x`=0`{T6zFs##@A7Pu>`xc7|6}*QSJ2i@$5M#pJApMJ41S;i
z5>1NV7vN2;lBD)BZ(xs~FV%b-bScdfMn5`8VLV)<AGZh$cfI*Q*i&EQZd8&hex>GW
z|Cpnu;+7T}f57$$%A((9V2jI5rp3NhGdgZ`Q%G1dtcb|Ueap+l2oV8x`{5Xo#>F?~
zFE^q}Oy4GFU%%n6<A8i4QbHyk*)K@U(uIQor8|QiersN)ax&H#>)FeeCFH)NjG^rm
z!k=hPdqB58<K|c}1YdQTh%=QH-hKYK91?96OmRGufZYAd@<gw}1wLgR{b+pJSx9Sq
zw5I7rPJ}S&S~+b`MNXw_i%`RRM*;r)WQ(w2{7NzLLWPS-uJUTd?wZb~6b;a#1g$!C
z{K_8afW@~ddFb2%Mfk2GCXlQ72b1NGe<P%S<MFUOofdx5z7GY00}dA&QnqJq{5`()
zGfN=x`k4kePGchUy4DMce2h&)5hk_{Oiu@0>+RI?fet0Bob3K?*XOdPo<@qSZ(tZ%
z*~Ut>l=XugxI>$92YrXr`Mz|Pc5z#^hLcpl=H`hfrEeC|Yx4OdT${gSK>VrdG)(HD
zsnmMWBLFGvIZXQV3stpBd2K2tIE;_g$qC0Rky6Pcz&?*0I5fP@=dr$m4&BbpF(YP~
z&wd4TaD-q*`xUO-4?zObBla0w@<#`@uiE8#U%B)&m~CALXKL28I<Uu>IDNJZSJBQF
zt)ZnLP9M4dM%j;FsqMqwCHC@!vD7ki+Jlz`=~<XBHGAy7>GcH7#uvLcdDw60aJpV@
z^LIf|;;}3l?O8lk$k(s#JH&Qb;j3roe-3lg$5}3dxkC;Vc!oiBj_-H&GOZNoHW80D
z78(Di#*8hp=_wOcU(f8ifn%*~xg~hG+0GIEQKt9FtYq|M1A-Q%+9f_8BYNek5<|{)
z1D+k@W3bF-TRcq8fl1?q#tMxPhqY?b@X{&f*S(g3&vG_i883rT=4_JY0CV^L@}aH{
zdc43CuqQh7W82$THR=j2tOtkOecBJQQp*-jHMfq<j@6}@R|GYbVw|xSBqegDCD?3-
ztRC9%s5cIOr06%}JzpYE3*mQpDc+GVZt|K$qfeTWVZD;BbIwb+)r2&<T^=Hg$&~;r
zm=f$B?kl6Ha+O=k8(VQHd<R>U`f?b)%c5y}>2f)B9T#FLKeQszMFhBJc&U)RXrdLs
z>G`UwTinnljNJE+&uffPRYx)D#EWhUU-i0jwID?_h>xmvS7OS;SeyL)=fhgrgY?+7
za-UIh{gAk!>ofI+0|q{Tw)Z10x*8D?!2a2+|0cw)&;$0LPQ-r$lb9}4-gnk>Ijz<z
zN3Yv-t%YK6$XW9AowxpctCGkDBudjD#1t|G>6c#cLWqnW*}grGY0QzdSC%18_T>;Z
z_HE}5cX9S;n#z0xskn0UrXDied%#P3GeU;MMK|P8oc*_l(85aM+m^$4iI07ybU(Rt
zuH0@>(tj=59*ZzMfyC{o5z#bklI*edjE%CQ5oAq>yQo|FoFT5=gZM$LE>7QvQzK-j
zHyv#ubOu^d6!vcm=U;MqvTl{u(tFPBx(O*7#EH~8o<cm+kLjyjykBW_uC*po4>ReX
zNcJZk4V#UodBHxLX@eU#V$C@di&6I78x%9GH8f$baI|k%D9QRo!&R|N-qJk5VADjF
z&s8sMYu!$E;}Z%%X5-EB$B*{xoJ6g3)Se-H6g&@s7t8*S0K^CL;#OM`SUH@*zQrTc
z>`{1<b+k$A#qoksg&J=ABvmy_$@mHHDGoMcQE4kPd;+dbh-Rm)p^{!e|AajQ>4hR&
zv&K|;07rtTl^~@o^g(2(z?cmL#s;hDQUeX9vP1%=GRDL5?eBZ7sr7_?jJ#YoIGWps
z)xf?IIp_+&N^@%iLh2;D#Dx#XVvoY2xw~5WzuNTGPH7s0h^m4phM^(tbs=|4`UuBU
zLgDliyZak+r3KeT&TW*R5Ps?JG1;9xeD_i}@nh7!LHH@ePD{ba!AFv0exed-P?I~d
zDHNNdoiBo2Zx1R`TlF6~(706v0$pIPi1d>Mfv-QblFv%^=^6nH8VVTnkedO2DfNIZ
zVTRa%aVpgDv$uHU2=IPkUlDYb-3_4v{q}9cv>fQ*Xt}6B30w|yi+;F<pu@Umf>}AM
zw5UvNv%W-EgHt`gmdr_=b4!<vV%h~kZ)_>d+*?zT3U@!8?=1FMk+!$-r>xt*k8h_;
z`q%8Sd*0@9_Ue2@0_?IPS90sg=bggZIU7FfjmjI-6Udic6{D3?d_Umi*3GjJ2?Ii;
z1G{nptZx}%h(!bBBsYDgxbAgyf6xYUSs*v(UsL@T6BhtKU?#r(BP-cQXC)=;itu>V
zG3WFiV!9lohX&+t<`TedMQYmD4Qg7W3EKOES`&l6pac0zsZuos!9}Gh-GzgNy5b4a
zYT7k+kKlyqFU>;yo1OI`xmSic;r&gIpHJz!5bpN#4u|Y-dsNtXfTA7EE37+%_opI1
z#rKPYf$RjsF0RV9`;ncAs97n~GW>*W!}Q$$5X|pky%nitX@CXs2|BbmlRwf~iA-DW
z*lG`sTC~J`cpW8Kw6xTnl%`(a@TO(v=a6@r7)wm<2pBAAJC_k2vCyC5<Id2>kY}aK
zeF%Xqm(9*wGR>!L-*ZGoP~a8ERi^{{A&16UUdlqJ72eR6jtC}ev+!5VWudY)9|Mj0
zh6*Qf3W1z^Uuy2uyxa(|{<dj^{~_MvH=_XdogG2-tzS`QCTMcW-8!w}y*9<^O$z+6
z(#AAY>RlzcOf`?n5o^|qD0S=9gDah~o8xM)-}xwrtiG&Nc)QD4x!Mogs3yPq1t`k8
z_sB#teOibKx^47DP}gNWK@{$rFk!T*=K{C`Y~nR+saiG5kwzq%qjSJ(C`SGyvVy9f
zD<c?5Pz<a5m{?q@nXf0p%F)Sg#^3T_;IKB}1mzIvB0)Ja53C)$rwJ^%-dvG*w+-aB
z*gE#O1d6|9+p%6?S?pz4HeZ(YmBP9%H?x!22}LmDx9z-Cc*-WfT;*5n*jc@xWF)8J
zv3u%y+qK!{)oUTb4%?&=_BDb^uO6^6^>Mdu_|k5*EXH!L^{1ABhtl#Z{zC$cEd*UR
zm6ehFemm~LhOS}^ZwH?*X{;RBm3O3b@ppDGvV=(4i-qLr*o?Hz>9nQlKj|*FupY6M
z(r!6mc_U|!ERnbd6h9Fn4Td8LST^%@&oml*H70U#KmJ<$kRP_VtCl}HdZpMImkIA-
za830#key1LnA-h#h06v$Luz-iwQ%d!Yg8~Gj|!UbR2s?~vqd^(Iz;2?Texn$bLyG?
zvOSU`sb`!3Nvo^t2RlHz0w#kaTqx^V>^QZyo*D$GkNNOe)L6=mY$vJ}zbhT6e{bJ=
z*`1wPC#vIIMu2~lZeEX1RiS5)Hv*?}ar={QKWtxR6jm<Z>U#e}TCtNeB?P%2#ALj|
zK(EE&vW10J#RLle>};KKJ;j*GO!T7;WEtV3<*5z4dD<UMM(Dadz4m)D;{F*sX!`(%
z{ocFK^PfVt+6Tq$ju$$A+yx-W3_j>)=wE{_wnUAVQ?ExPHW)<p@^h%2)Q%Pl^6*pC
zF>g3(j)ovCH$$1d5sYc(ath_<2O1UZS~b>C^8wt!B4&VpNI%fFPyGC-1*lpdr@P@n
zV(*%9vhYTy?Zzs}514Dpuh>PW?!uD87;#fBE_6>!y9cOJ?~MZ)s(_*4UI-~TPfB<G
zQg3$>keR9lk`BLK-AWQtNGy`GpP1h@=Cu(S-@Tyev*dF%{o`#6b#z&qO)G$5Y7~F2
z^Ly&_UC()i<(ANaa=v~QJMy@Te^EbLiS9XmvtN7z{UR4wb|_yj{N#RD8=f|Lo?OBK
zz;%qg%61+m;Evkgq%?<w0NXPV7%zTT=Y@oWZ`0%O@rIKU3aH&_0ULC~wRZ&EXFvE}
zeo<qzzgVSyx7itL7#-Dl+|{sGk!@dlCc=n`JpVR1F4C0Q5}=40b<Wbhd}kv$irYoq
zf32a*nIC0X;Wbh!vIv=wQ@cYr0Zsc%i8*vwJa%j&h33Rkd$(PwV~#O7JlTB_Qv9@j
zrOHbU0R?yr)X>$3?}=G8|Ax%($~)SJXhYD#XP0c`@>L-tql};tMHC$$AiY_YeD08X
zwHyyaA(qKJ$lVYA(2lugXn>N}J>t6Jm;f7}L<|#P1P{xNx$%HyOHS?{uu~F7=kk0m
z<W&X`Dv~}609};$o>l$p9)?Pw%g*QOqeMTR@@G@^odA*s08qL)Zd{i9x0PF?KV&F?
z1=I#GPPyL;lz)}HJ)k`+yZG;Bum83=D`AUSdNfcvxAfarsh6EWh2Gld2tE_QpoV@m
zsK4vD8$hjuBK~L}x%`%ir>#KK6ppyEpZ;}$|K;3`aNgn(biRo}m=%rJ9>Po&i7ze1
zpv}>Z^X$=vVGg0xzp>CpcA_%_6_)S3Kla^#XJY@F&k$j|xpH<E0)S-zNtv_atwk!J
z$op##&9#3|*^4k<rq!7Gu2+*=FF$l)rCN_Xt>ELX;vn?KKikQf5};sxuA!G~eb@GP
z{!yZNW>=f*dDmmVUw`;a9I$t2MwAKajUlvGfL}n>ITIoSV<CW@$o^s{SL7dSDS`}W
zg*}Zo61o+;^`W^1`ow0APQmDNe1_UnARN_kU<CY5eAi`#&dW-wwQhubf21U=TRt6-
zd*K&R+a+-xZ9&+o3Z|L>e?aPuroqssD#7k+<kE$QNjSdL+7X@j{nTjX&?c)+&Hh_o
zde??N=r=YB<3GkLeC^M*DA_Zit^a!-5cqQ{hW-iad8>7a+wyaYTzbrylSZO~gk{dG
zX&X(?<ij!P?*5>Xe{u(3ZI-jj%2k6nAocr)Hu3<U>8_#Nf0nYo{!Wuf2WD*oG4Ddg
zFTV1c@fLlw5@iH<k48$2+8UtLci($ee$!lVC9s<d00pHlyPX~H6dFhN>S=HM?%wEI
zY-mU7>7Wn0^W7ZXm;hAh#gP*_`vcr)bZ&XTJ*W?u+sy7S=63cgXa8UWzeiX)$Mhgl
z|HmHw0uOC@Xr^T1UjMCs+mAxxGupyBF{b||P--+D>9|Rb<x2mwUuaasKwA%CYDfM*
zpZwET3mRxtw578o{Ws^*LOV{G;zLVGz;Yh{VmaS!4ftCq3qyqvY*kaue_JRD=^WV5
zHE~7g9lT#25%t4dU_SwlR);ygln&^g6n-ZYe?~~u|Dp9gbHfRYtYWr*TPVu3s?abH
zuls-;NDF>?MAQ$5fNcPpZFz)hW1)ZxYW?DZf8!hNAE-Vvp#Ku0|2~>)Kqd@yW)(tN
zYku3Y57k9uQ`PU@-u0N{3?znyxYI7jj+j0B6_x)vzdvqr2Ficj<X@cn|L+;iKMBwu
zH#rOaf1=61#J)d?|1asvA2<2qCja6gXW#yDlRs|qr#AUho1n{%Kefp}r4jn8KPCLn
zJMyQ5|5L*MY!82vJAd5d=WY4pCV$-IXM6bLCTEJMvkL5|fBv}1A2<2qCV%=SfAbRm
zix#)po5pYNCK?dY(5=mhNTk4VvXswi#zKbJk&5>2z?%h#I4s+1)jYbRzZquQW3xl6
zgl?v(UPE`?RmWcZUYVzfZpJ$L%NYMdI{)b8Mxj+eTC(Ytgg|>O=9l(bqpR;M!r>Gw
zPNz#yYaM1;Qc5+!4hG9>``CBiW~$PDU4(sp{`@Bg*j#ekNduqz@qHhU!)ViiYR2@-
z+CaA%6TLKDTAjGxst%q3!U90-4G0THuKc})KiCXZR}iHZvwrZ8s$EFRced#+nR76|
z%u-h@o8xkKSV;FQnP89CIuM~s?mxcInS5|raL4>p@jHVSNlEAmGG9&6);halFjvPF
z3B}ef+L3sh5Wm=>oSYj^W31_7`R=b_X%QRDirM)7;>UG*Wfsbgt(RBE8+wf7`RqxQ
zGxIzdMvRF82?o%~O7v%>H%0IIFFWb0jgnWS6S)#cytt0b)L5DEoapTm{WA$)j04IV
ziRKSkisuu?UGxM-1&fHzHv^r>vuUt9|4f4=hBs~}+G;D0MGEL-ePvJP^p+MoDd{xb
z>n(_Qq>vohu(x_!TO?W5F2Eiecv4Ja(x}ZS%;HX?mIr7_w%Ux|fc4RQJz??go&aQw
z6?9V``2|z^)93PCoDbImtQn|to{zV2xI0ei2pad%ZmJPKDB@Si1g)1B&fB1mNjTn0
z^0!^!5}EH3hAg~T;=9l6m83GS0XNb3&f#ney4YLGbgtn(wH=1XYP}hFfq|r-$@#7<
zTWkDBS(b4lRO6D8x?`L!LC5fzkN)ZAOQt8mcO$NKUX^Gx^nD^&=I*<`&THQGA}m_k
zkKYvbVbAC;v2Vxca;%sHj-|2JnpZISnaZ2lq*gsyzVhwyUHc+~ZYzroJxloIG=5mp
zne0Qp`AQq)ulXdX`sFb|ZgGmeEm#ibWlXU@*8{5IImax_Tz>CeCA$4v5@q(!xQg1f
zFPk&5R%SW7__Yl2am0!ob3{Pfc&6?zyG=cLuN=>k+({y^4uz79BT=uFXMT_y6vy_V
z%^S_YuW;2&&?@N0yAX79-8=W3;P0dvXq$-+qysJoYY|<{A}_@}hjC0e<7k7ll9QfC
zS&aF4MHfXIe+heZ6WolW`{y0~Qi-3mbCG7fj?E6F6RWz0jglZO=s)9kwIw2taMdAh
zPs*|N9JK8w9JdmM9uW>p*LK{j<SybcU{Rfxe_x(e5%x?BZP|N87Z+aqO9$=jTeO3+
zzLZG9AcaR{SbZVJxU#MEtheYShlMN%IQQ{H?Ehre5-GxNtleTGh`WI7*j<k7%0=LK
z+Dd>;Ovs+U)x;#kNjUxi1TB4O&0xTLeS$K-#=*QnZ={aNU|_V9_MNisr>ojQ5>jV+
z6V6Bfu73i&u@Pkmz>p})5CYi%=bIY}jsh<GxQcQ<tVbV$>@fr?HoiVBb~Iwc2>gL6
zmOr5iqc6LV8>_<BDwt`*nm9cI^9f*3zO^{pOFe0~8Gt!TV5+TV{aP^x;rKmehsxK$
zT2-!3#EcLZT+iA{Qy%|1{y>5TI3hr<ain#@;oc7j``IkdT!@oMl2+;bTh9(PUJKmw
zSO?6F%Oj_Q5pP>Cffe>(B&;Wl-~eug7K!V`1%O`S9GodP6lH01@TtSllNL)E5m;v{
z)H_=tdrt#I&U9r2PIRbCa}pp@kBo-;AS)IhZZR*QaBd#{2G{%IxC7|3q~=p&Bi&ln
z)cWXqAT>LNbKbyUDxla}Grru0{ljhkZr`I;f3~sec!2y{0Nj$GGfxJOAZPRi<QA>x
zy@C_x=f0HQN7<>@e>4FXDv`VAJ%Q_++ZApzr|DsxnW++BrkuR?M~PouG?JX{AS=D6
zlw{OVg0N*+O*5t#1XRU0SH$-J-dYpHj1_BU-+IdFMgYQ{P~mf8tv&j(7Rqv{^@je(
z^`=vasD@8nIw`g!QyW)hWd`<|*7baCl_N_)=T<6u)Nt1l#3^GuZi89LH+T5ISf(DZ
z%!Wx|nbQ%kfn{=`mZ>Rfq2Pg9X4HRNW;vAz{o<KURzYqQ?N{+AaAKW<3I_y$IE&pU
zq5w;M^uMrF&SY-u(s+9%^6bw5-XCKDc<*C%SH7QUW}+PSxxFVK@5;^m?`WR}s5HJ0
zNUcU-=n1*W<;j>%w=B|&9|m~srqEC!T;09}h#b#)AHJ!l=oh{<GnL)1;_iefWVfG&
zh@w31JQm919&k25Vn&we<6BWS@JOmDC;+r07j|TTQ>IWCgt4n~1_t>dytK@}iN)st
z*%TmTROQBi-k5=s@t~kz5C#3sS7sd7jlKqGRHINUcGhJ1vj*1n@8Y|m{(lBCoaN4Q
zQi&|)pR4*Zb=`fTZ#DzE40cd8821rzh%Y44zaZH^bw}KWs1vp1=eVdPKl}fF$%<4W
zi6;(E;N<gR$y4i5nnPQ+ZTXAtYJzVSfi4q{Gl?7k6ZT%$X1WvQdG&pm0p*<(UkC~m
zasr>nLqC`I^{K@2m@C#gnGXURo%qP-1_esF2uz($h>QX+HTW6J(D>#n0_eX`!qgH*
zP`vkfz*eHk;CB#;S8hxH1<Z8=_;4k3(vhvP3ZzN?pO8%=#V@13RChAobR*v&N27cn
zuWf~@Pw9CH&b4BdMQjI}<3Xyby;FjP6J6JZS72UR@me9;3y;R5<QNZkGyITwpzz+j
zQ{n#IQKrK#Xfw1Z8wA~V*xnI6tProH1AEN(rXgDlF$MMWI<jtbcPB^n<{GdyZ2NPy
z9rd1ow5x2MEV1BCHL%nni#0j*PRn;M@{%G7zOv`74R^LQG)VFJSO&2_JXa^cOB2}&
zKU%DrJ`C1dtzk9yC>Z*hd40sIx>QFD+1%UC<#mb+tx7k&EXw?5Uh9+D!IS&cQ#Bmm
zqq?nj#59tpN_1PYN=Vt6A8QkH5x96_C;Bw0cIRl>RGXZ6LF)}#XPV7nZ=nkk?vr#)
z(u>)0v@VXl%BAPS?0gaO!Ie!RklN=+`Sb(Q`)~>YW_3NX>ue<OL#!{XsD`UPP3Fiu
z6+E0<9_m~kI(Z)Pe464gxtxbyiRLtNqRLyw=PBZZwt(iMJ0>z-&L)>Na{5g&mJe6{
zY1IsT&ZB$!jUL6-Xx}GA&vjV|$De!lo&c}@-rMRN6bBpHPLpQVwaPsW0fEAzf`FG}
zAIlqtM!umy`d>V3$S1P07KqpSA4O@vGfO(np>I9=g_%j=*Fm}oJ3@!l@v4-q-yEMT
zk++CGdRR=Y#$UqO9=!l&mxNMo(BC<#4-ercKP&)?B^=iljO&xx_&+O0E0aM4YF<D*
ze}Nw1&baYzu!+HMIL)-r+K4+^Qcozj%aWk8ZVjn(I$DFeO~59Ynz-nOXUHbRaQuj^
z*miNQ@bVl7MHMq*C@;LiuW2$(=qjrtp2x*{F5$TBOWp*Xd7VhrYNhoESN#FjGP&hh
zzQet43KRQ}u_SOV>TsgP`KI{KukoI@L{}dzIw9hU@MMyw!okP7!i$Zu?PPTCW21#^
z+cr+t?hVJ1ELASi1%cgQwYAPqbBw9v9SYZCy!O}{*gHv>*o_{<w~#E3^g+k6x<s<Y
zkS$PhZ`NU?RLJrE{sj$q3U(5-iBqtAE2n?KsZS(=FrL5Nm*yfB3!(3G%Z!1g%L@6}
zp4_l8oP93fH3BPCs@^hK<NOWF8d}zdoD_9jt@Xz_4hyYZ-RE<UT;Hr}HPt!ccz8*T
z2rAdfPYyFUWNd{j5=^gzR(NjcauXM;M+IM~N!!!ZHIW^>F&TzfUX0eXiKOYZumDN2
zLOM&6436%^XdQ3BPah~!yN@@OmwQL9zCAIRAU-z0W7?@gwwBG>YK*4bwUuQmf3#Ud
z;;{fPr@m5Cz(X2sVY?PFeX_x)t>)eIS@QOJ<nUVc-7?;9h2*}0XJSsh?0;8k0&L4O
zR9+2CyQA`IB2Azic~WLPp%x=&N;aSL!DKyp+0_PTJ}En=tun(ZNTj}JP3xsi?(P<w
zJ4H&^@X>NNODlZOhLb2b@EPzizzB>U5yq=`0Q^5b{GMt_<oTH&q}v!2PFaOI3K5P=
zFHS9j>5&%moH@oiut<1En(?cJpmc!?hZ$6+2O5uyhqApBPkNs-Ukwts+?ef#oAe%S
zXdo1X=Speh`};hleXP~g)|qi9v6DV)-WCb4`;g@4s@VRazsC}Ug)EvM1FlqQ8m#<_
zw?NVLAgLBs2EOTu2RY7m#rCYLSPP`Iv<ur!`lR`n%qwg2x#OIX$(jicL)=a5e8;;v
zlLSc{(JA9YBl<k}8@XaHcbpxg@%GAOlx#XTs!Y2c-fzl1qAav%8es~tON_o?UC}`{
zPDNjVyIHdAu~1R|Hks#BMYU<un0}b9W<h5CmL^vS+~Y>f!bz(Gw4y>-@k5z_j$?en
ziQ#^`CSPu84JRud(W=OhYH~r4baivw2p_8}Cs=LYW&-k!x~5|JCFOLH;$l{6RegR*
zHB$>G<tc%$4!TY&%Uk|^ygo*a4GaXXy%N$spl_^XmSiM@t6%tBnL&<ULE|9I=WnmH
zhtpn};UP4d+qtLpQW|n+wLUzBo4hI?Y@2}d)X;9X?BmWAW%MO0IS-x?0g3ZPCbWi^
z1v}Gu8^bS^zqcg*Gm-hVdkRN>t_veQ;gt67>JJqDf)OnGEidTGRNU~Ki~ZEN)8o5b
zT(eS@AihgrvbJ+$z~P>Q^+p6ieVJ~Qrs$)aCOKcET&t(?n92u}k5o3R*+}Z4S{hs)
zlh73j&&AC*kmCNuyCzauhw{y{!pmuTV{sPSV1>JKm(q|mcI};2A-p*WJ~snXK9voi
zh6gKpAg(U9av}jw`-}7BsZZ|KuyZG-;BO?n1;IY_EF?}O>GHWhDp$GXh)BGBlO$v#
z!eOjIqJzo-9<tvVcqzkVleGrB9=MJr=i$p!>04ygr-@_b63*pp8<A{aFLj-$_$0<m
zwdJCyLobl}HT6oddy|yGJT4(8ykUe5<#PC`d#;*QYQR-v9Gws0BSkIa$A;(ftuHyo
zzh$n-a#VO|`w15#9X<J(IOOH?+bdHWanV(R!8^zcexSA~W@DUBYDpx8o4D3LoMx>s
zRwISqsZ*a7=h<YLNSl?%y%qJ|m+5j{!Gh6S>2s^emoh#~3{$w}J-vxhiY{}lJY(i~
zin?hR&PIQP7|)gACtVaR0&Nd@Let8|Ihd6hrK};=A*T|2q~;a(DO+a=8hYe4O;XqP
zb}t6?TBurw%7-{|@==L^^y{FbThV^9Qat$N)$b0!@vaEh(mCmme7rX(^5F6Atdusw
zN_&=)qcc)wIgN4YQ0pe(WHPCg59!w<r+f=bn45|p-=3X}w`=e4AiS42w(=$FbpVdL
zXa(hMwb)8yU{SmE2_wb#cEl(|M%UMS+x9nPavy{%*?5uzC-Q1V=_Oz3=}gr*cWZgI
z6W|`BRmA-~P(=KIy<9)#v9!E<hc|7Z=Eawaa*$?`_M7=di&9njiCt@EdNsG_;8GjX
z$1fyMGXLiq6JtX#!he;mpHa^~=y}6E$wYRqtB)rj@__q%u4ImenR<=a1}i+7fEaU-
z!56Tipi5F@ouLk6DzoH1hV342rBzmwi`3q4uBkBdcV4~u?t2~|@Jk+FD&%HcU!py<
zRpc2V1KbVKUk6HalqTQ;?hE3lemcc9iq9x0ysbYvRQg5q?GTO6CWm{Kj5a55<FuWC
z2z_(9Uu&75sB3a(aCM1)Iz4gz5>y%Ad*P9wSmeEq0-eQ{l7Zr$9VhmLl(jN7oS1>6
z5sfUpHElAXItBV={mSxzeH*OA%+OxPPQJAEjq6>xOyxln5Xm)-cKaZh$!)<3k^msC
z2uajaKJ1qVmxn#Nw%B9s-~+!H;58F<FR_(;309^eTc~22-`ZE*8s%y7?PKsa&)gLo
z_I~FLE87llBkym#+(qHwt61nkL5d_y`QMIP+yqh$)WsA=)&m~X02i{LqtYT8>7wnU
zR>8<IpTz$D9zPI;ZoU~pWi>d98irb_MR=>EkrzyEEpc>mlS^fTUn=@j^p1sE`}@&;
zAw^H!1gQjw;h-3hmZ2YoK9CMC@9epntXO;I>W&PG-`KFG&j@_cQssIYnmd-wuYYs*
z-6LGjqvZBr-r$me($no6t7wFLMTSqBSW%vnI`yO&yF5F&!RNT?)hTvs*HMM-Qd+F(
z)UQ`bH!E)EV%+?Y(zy_<`lX8Joq%@Md<)Mg4KGA_jhrAhGqlx_?HGfX{n0HRMH`AL
znuk`peeYyJ`*lG@%;lJnvEV#?I+^Reo{~hZ8qvb}?fxfMm8R7*VIz0F>-ku*`8v91
z1y<oB)=DPGm(9kD&PNR&^oQ}66!GbXUkseuh@fU;0FLD6*_fZ2Y0sX)(Sf~=3k#cA
z4hZZ!9nF;)Znix8MiT>g*OoEgdS=t9As;5$EAdXPieCq@`w6{%z+^mCOrD}rdSt$!
z-nNr_xl%&_<9rZ6X#yPU_|53d`CCOCa!ZR2KjMLa^R^Rkuf~4*7X|_Xv8aa1L;b^)
ze0=wsVUUw|@8tWL0R4T!@gxIrx`NuFZ_H&1N;Nm?2#!o4p9XrqUd&Xoi-YxgF8Yx$
zo4PNgxTK#?7cI&wGnY`@!V=F&4`x+uiz6_Ij*=<}IJyv_<GC=pLS@9$T^t%5NqBcn
zL2Xag3?USAXFIn*bV4^Lae$e1VSA!@F}^7Ax%No_=o54*9@oUP+OUz2Ax{8zPQk{L
zbu!-Y>c;=W-djgSy|!(`Tg5;{L`0-fN~Dx-OhO42q(ezz2<Zle4TyBdz<{K54<RWz
z3?Ur@LxVI7IplZ2xVL-X`aEmB?;qb<-}>%9bd3`8oAWy3IP18u1#oO(EY&$!HMxbH
z(&sg0s1r`)GV}a!CfN;}*4P>m8{2IWxWkv|zSHH|MJ=gX#5}Tl@9vf09LNf*@^6dq
z_wvB0fQ<Q?8nk!!sCHdKqBkV3UOKmbeM=#WXpLtArv0^k$j@Bv?%4Q(Vs+j{^G+*p
z>+fB&DBq4-ulBj#-d?a%j97!25H*$l@F4>K@*$uWkOb1H<m3>EgY8B!cAA6l5}e;q
zET-}Uj1NEHjg(>N?FK_P3IxuWHBUdDe~cwleo2tI);XqT+mP^Pe@rRW8=eszpcztG
zOC&d#c0PEi4jvz}@cfRzTkqH68uuXw>pOX`PEH5i7V(IflC`&bT|C@1cz%vQCA<JK
zb4>g;)u?|>AtQE*oviE|J8_q*rLAdeXs%YmD@8MHRIQKKWRHc7+-~MsVgqf|h7KEM
zkZ5DJU?W;YM`NZ)BHyvLaOUmpZu^C5Q7wuvJc`K_n;0?!uVJ?)N8`FBkMeAam#A}G
z*XW*sos}axyRyadUskP-GU#ejT&S!p3Gt!<q4LQyi3Smd>WqcvlGH!n-30$3eVysv
zqydIthZ2=xE@yrISySFcYmAi6OZ_6VZ>1V03QaqFgK13@Dj7bl5WMqX_3^kxV*1Zw
z=84oxuuy*$s+5fd4S@<1y^RFH9El$sBC#?FieakBIwOkM`i;1-xc$1DQCz$cMhc#=
zeKCuz>6cig!$xX*zJ{ScP-bW{h~l8@_UU$N4uXqK_nx%VifxU07~d6s&wfw`52joc
zVAR^~mYY1==P*^hI%+PZC`ZC<+8Rp(9aawq04bDa*hR^~r0sD;8x?c5PFbI<RC8AH
zE4TjKi!t6}H~1{ZyH{ikRdPl5Q`f`Xn63}Q9NeB)wq<>WW=~;8D@*Lrg9=P6KN2T>
z-dB_U<pMeMQZ&7a=a))P)l~2$t1asaX)wV>7B7HA#GzM?Bi8t!+o!hxv$xKh7PW&Y
zx;r(2NxyGuC~FL1kI;L6Q7Wg0Bmb>0IJf@k#}!BCc84qc#vL5L)>7g08r^SWtmcmx
zdoq^39K=}S2^gcSeuIdNWcOj8O{Q99L&}{c!}4?he#k$La;Ib;Y+P|PdEUrbC);n@
z*s{dpN1gb*dxx((ZFI}}i#!Ze&HnshDbN39Dfx?|%t${2Qr+PPUvxc}V}eg7$J&4v
zLr=L9yS0mkOP-<kb=U<)x#bN6!galj($;}8=HVqnX=8|KNWsXP2(6u=cEmWgr|XQk
z-pcA(i+#C+C`z=oFq(LMunpm}#AY1}TnZ!%BIlr6JDzsl_mWt+SM8b}HrU(XnatJ9
z&5`k5C)~biR$Fp@3<XGo@Y_1P4?W}15gCUw%TMjwQN%t*ht^J~G}Rj;44EoyR0EpB
z4renkgUxfh)gOe*H>m6(1}bQ4=SkgCCOfx5e+1KK84?5Kr4f5t8d>&8(6u{owOE48
z*H3>^Z9UuG%vV(=uIaR`&H1$-+?^QsGQ_04uk<DAo1K{7MbR*WcK4W>wvbN;W{7k@
zn~)-Z%`%p%Qk(Y*HdzN|OXZLA?Ot!}n>#JW%9}kgG$=PT$&zr?9f5No+u77^(m>0?
z5Z{~Ph4*}*7|ktwfhz_!RxfK~8Q~0j4bju^#Qb9Gg1y){*O!`6Vuw?@X80Jgps_I;
z1mW^<__CHDljH6C&&_xK;sOW>q&g7lw|u-=1efetJeWeOQ(W?W3FZCD#;@M#XpD_l
z7wl!%QY|u`+qq6Kh(64jdW7n|x}5itn?vi`R+;HD6NBJ9y!T|dzK{WZ^~v9q)lT3E
z|44{V2r%2x1BaZZ&AH@lE+=pButJGfXBfkCloI(mM)N0jff@-B-=eFJQ1}fK?>Rda
zv=X_Hcw)(hS&aPH@_bJ!Zw}Ed;Qx<_9!meMY73*xwi`%~O`h<mi%)IuJbx3>^XSuR
z;Mw*KWCt5$PPRMRe&u<o<v~d(oI0xXwzibz4CsqeVXWe3QB36gXjToSN`^%?WU53g
zcCG25{qlF}fhFFDW~~0RD4!uFc-Z97Sw1}^CMrZ)pVw(8_-3EeBlaaVrm5mqu9QIs
z8mX<6G%1sw^N9gwh@jpgi}D?OQ~!`bdON`Z<4PO<%}Y&VGBQ1xU77(+Q#w_w6ejvG
znWa*trAmHgmJCLIne6CQZIGz)w;KiPltO4rn0g@)20K_=78!z3^NvNT+B86C^|K2!
z!NZU_Ise#;SGS;Vo2fbvvxf8a^RU#L>uq{ial^zq`_FHZV?oFlpTblY<#&u9a7G;>
zNn1@~JFzH}&ceEw_I`G{fGLdFKGi@8i+1oLvLs8Qz4@@*7Rp-8+PH11PQihtJd{GQ
z@jJOy$+fsb2$1zUdd!d^or<z-meltTOsLw~dE;V#9J@hS6ZvoIsnxbWf<vGC-bV&-
z?6VsH_Jr$oxC?*;%B3>0v24olsIme6wJ%EQWNvv|XHLICM$g+;hwR03e7DKj$`=SJ
zLtjtZjlQ?Qf5Lk8?o;AffHvcCjNtrdjCkK7XcsLsB{gEIVjSf)e{tU*5&%Hk3gQ8;
zmy^RjmHkwa2ru*us_@C-H^aMaIUj`HmSaC(T&E6aOvOKSa|_^ql5jcEXvspW^^ZfM
zL!7G<zOEWVcE&VXViWgj+_d|I?G!9P={cjmE@ZlZFv$#+f5$BXdB$B?i#%XTI4$eD
zKL@_HrVy2q+wMJ|R_D=Alsios7Ui-eMoOngKr2w#q;oF1@DLtlVQ^=_w%9P=%%v?$
zHN?ur0voF<MkGBsR_}~4Dm|FYoFyv+Jhre+0{@W2xMs&)m*;Rb_1&%jgV=T)txzMA
zWq8v3;A6v)XUm#g6_4e`2uG?|wbb&Sr-)T$U6l@<$7gKL%8R|lN5W}WU-Z28_5Q;_
z)0+1e90E4x%BVA{9++gcv+%~W{y0F(tft@5VODG54)8$Ht>xn_P~o&p$KG8+z(UOB
z6cw@L^WkxM%=Oe_oB8Xf_oZFRHw<0<W8*B5b6<V)f?RdTv}ylb3N9W@bv6xPTGZO_
zvc-&7Qakt;Tz;?pS3@xBUkyR%B^WQ+^*Ni!&pfwDQ8P~lFn9S)<=lKc%UxaKGW(7A
zh!Pfu&URMRuW%Rfo4r74U?v}Y*}$uw9k_^|3x5n*gt>5odps@*i?PWN5w4j-`+HgY
zU>gWek1jR6HOmf&>EYQ5NtHGNr>Ai49_X|HYaho!8tdT{pRUw8=~IvDYs0I0Pwr;N
zPWwYTi(ManklIdYBn8|^`HS6fi#t&pZuXq>{ht=vPk-??*<7`1&wAUK^c3_SROIkN
z?%Sv81udkxU_O2N<k*f53qdK8!#}Eu+;(n+H_b~>Qr{*2Grx7FR|s?ks3ZDKEG7^%
zO=b16d;w7ikOAs|3^1tK{T37y<Jul##D{l#TP_zpU1-<K_A@Fi9Cqs`C}}LS9vT?Z
z*)Pj(WXXJnnv?hHJNF2;lI$nxUjN&<t*d~21dv6We#$c}w>@fUq(%r&z%oGst@}8v
zD$jH?PGjykr|!YOY7DaMzPr}&{A?7KKfI=g)@ZkUNQrUKV1)XM`O`4aj}|jwl3SW5
zP9*|E5nw<4*b5{6<%P-7HN-P&cIwpaYJ#@|Olht`4Y;H57Y}cR#M9~DihQTIbwal7
zR3lp)o`K{fI?YC<sLMj})#VJxE6G7RYQh=rJhp9{bb}gstadA8Eq+>7@x3FYQ2?uT
zxXYHGxg@1~YjeGan%_Tp(rFPdwyE76Q9wk@oyz4$GjRl_xF@_7KB3Np5EVfC8H0T+
zStuD-Uqp;Z!HH{hSIP=m9b__RiWV2cNSXKqMAJ+h=H#XxAz3V{cjDp1DD^n@epV&e
zy42GO`+_d0=JHICm&MxV=S+=a;ZJf?w3}5rCPE)Tnv&8STnXK+gY%Z|Ca5WvwS-xf
z1*jc6N2c_QXDIJ)dp`H5fb9T|0P7d8kESgC9yk5_l?QHpUrqT9`BL&bq(MvCA9t1z
z7V3{5gZ89>v20n4zcsRcW*I;*0r!St^E~aLkcy1?a7}-`w~s%dMM<~95Yx=Q9V__<
z%tEC@85TRc=9sJFr%%FwMjTPHMaTZrxZ;DTgtMq3CZW3{pT)2&^c)eqz0gpSD}yC(
z*3rySUyM@Czcd%OUuP=gCz!i7Kp}j3DQTAZ?KL)HbLhE_K_1#v6!Zbzm-5m#OC?0Y
zcOe>YD7zle7>Qnq5n9V^i&gc5w^>@enVEj&21WY5AG}U1h8^V(_n9b?ztlE%foNvs
z&(;=KFTf*uazJl`mept88S@8oRq2KC>9L_`X^tsU_L<DZI(Q9q8SqFtvZ_T-N`(}8
zz0C@d5v{F}=O^VC_TZ`*p(`p)UISwv!j0?0>P+yWO*~hog>#2OHw06ymh(h4`sDRN
ztM7ap3*Jp!W-iY7_55!k$@wED;1rVL>Td4ghbJQ1BSTW!OH$QpNYCUH0gevzOpmXl
zg@A1r`TVrt^y>safKCEG??jl(y}a%c;E1tgeJF#yvLEQR+pKVMHlSmr;9yp;bZ<C(
zK5tZ>=}OM!Tjf8@qvl`cp?>h}gL4z+eksNgum(-#!G;-ZWh<DIV--hU6Sr_cLf}}M
zX0JR7wTg*G_p{CAEC!j3W!<iw1Ih}id}%+jbWEv?j+cwwYGAplsAjDC`aCW_z<2Bq
zL)O9FBdD9y%vgOyWn+0<y7zEIV;8%n3ft1T1s(R@UJQ)MrV6qo)NBgZTOw_5wdF<b
zi13m+0RwoHFIGGkQ|7H$x+j|-bxzT+B`ZD~k~Md`(`h|=oeCXz%PTE*aim{qGY`>t
zKuK^iWhaYAUL|>}8Qr+)Z31#h`K9xwvRnPZ>!NcJGEaw=^EUeuu+$J5mczaxBa>9O
zwe#;KafT7(oeS7gf766LiEF~L-QkhhdR9HfHQhhUwPYC6Hf#B~L4?FLQ*HC806S^Z
zmro<FeIV^J*K}UzsxbA|<czXsTEPu$#=<g-yg-tx>8{G5Rcv`_j$Eu{`GaGYvm^TX
zGY0=0iFyX|6RJ=O(kk}(@OtPsURc6DjW}~q-K8#@&1@?(HL{AThi3!!X%D{F_GFsd
z|CvJ>dX@tnoNIp{jQI%edg*ROV|iM0cWdIJ#VTALXxcBn(-<UDTU=ZS%PBSqW_Zm-
zK(|SzwGfclRR_llv0t(>3lHw0L**}x5+OE+(jCVcRA(_l2>qMNcZ3GUq?~G!nh4#b
zf(%=4U809=QiUjKifQX<w>7dw(1-YBk;mB4?K*}cmmg{6_%WNF=JTqOOX|KM2e^dm
z<q7g#^hVwrlr@%VT)<XlXJD@ysZqiHFG2($F)T?{<@9PN(GZ=;5|OL}*!<%=DR@73
zFB__TWKm2^CMD3xEQD?XrcZ9*XxeHlC-~Hf3K{6%_9%3(8+|~nvnABpx05=nO9L5q
zLd<DRIE!R>nyceo#ZkrFzRd3dc$ePeh`hjf0_gQ82RFT|ok(@N1Up;oj{m}YP&GzO
z-`BNT&}t=;iN7SFj6Zy;0So|=ax%5LXsZ>dJFHXL(=`xl+$Mg0%qL_*9W&J&h}mq2
zMt)WoEmY*Cwk<KeIcS$V6Yb>OcqT87aV`k7Dd?uC$;xscK9C(bH;`5j2r@6gjJG$t
z-I|nAq)2;&2K#E9L|-<xVusR9CCYL@a32_ETHI%d>;?m0X?*qeCO6%kJM+I=mm1aR
zwly+D=$CG0%JKG(++kIX++^IuzBN%mv6Pe!>8QCoF3j3(Derp2QXDfY?jPhprUn(g
zW_V5#;b0eC=c~KF4-J6p2K0~A-WZcF#~y`-uO+Ev8+<P8^DCtZ*tO*{8GMyl4B3qd
z*n>YFl9EB%N>ZN{&tCBJztneW0+uo#?P^0KZ{Sa6b|GR{0o{13o;Vl9!l8p+nAa<B
zXuMJ!z~|VQUvhmQRz_8AphtcFd)?#sJn&4wJSZ}_*4{`PLk(XP)b)Msqel=L9nFqp
ziR@#bhuEad5$lFBkt~r@77h|28=G8wlow&}0?AD31a8Zj26krK)5J!DiA>$fRZ;|k
z%COVK$QQ7{S7OX;4)^TI@3uT%{XDIM5Dh10dph;5wdER}EL7e88#5cyn0jP7C~>2R
zE_hO=zA09oGpDdi*<<upCyn$$p(E|5eG1MkxPi5)%H{f@x+&XW4T+Kp*Wk9A?^ZO(
zyq>31AL@q`bwm@lbVr6>YIAM8IL-u?l;wIpwlOU7Y!;0TeugW(wJdG4IZhCJfT@_c
zIzyN8HqVq+Wkc2%)-0+RjV{#@p6kZpsVqZbvA;w0Kg0K^_i@!+U9MlMmiWYOd;BBN
z7rG?~+OzMZ<5Uz)1SgUuCafDQkVeKICH&dr5VmLH5X=5sQ2=!rH+Hv{ypdOZbr|KE
z*T9)nCr`|nvHQfD4jc@hc&(^r-ke!n!~i03*I^^A?tiR?MO=be^u1Hxp1Uw0Y@5|D
zCY`|(`G>`z#YsuY7q!K@YbPTnJnG(bCrrQ6R?`CA-UX)Cex`_qq(W}(>uL+~txUmG
zrF6T~VGE2&(hKr4BiWFEB<I>-K{dP#Ckx|ez}@YCOFqTb%4d6np?!SlyrH<N&jN&2
zI|c-V?(fb5+_oN+#c$%VtwoOm$)NpxBas0}9+REw*WyA2%CF3bGk9Sd6!Ii5-m(me
z^rp@`r03SKcntQ|&78&iii^sg1~o5!<N5(V|53dWMCJa$LNwn|R0c5hv*?j<)f+q%
z78UJhF#`vM8WabKY1706&Espfag;urQG1Vu8xLL{Pzw22W-wM=bzQMxefUwl=M!g+
zbMp+mctfrOkqTs5+VVfj6jT@^M$T!Al^T`@<()~Ao19r`Fx8G|IpC=nC~jl8KO-4C
zxj28#d5>GW+i-mQHiSusexE>^C&#qr`@>musgzA@o}HEah6_;+xRyI`pAC7l_l%FT
zg;f&+V!z?Q<+`(93#;TuvnBmAG+LeCEm_j3m|2T+-cQx>dhyjswZ(q#UYs|J>F<r7
zrxlDS?CVF>W&26=HH22WskyhY?arg#25iih!EPI`JoyCYS;d}s{}vZV$5e8!{x*(k
z|A?b--mEQ|>I1G@LEi0Di;b1O5Say1WZPIliSlaK5Q6(mgCJ?`jPqTTu~zZ-iBzK6
zey5+G?tY?}>lUKpMg;v9#qRFwb)FX*nAJW4Fo)VP)7wJdr82&#>}h59AW>I!H?-Zv
zY(6d_q_*PDx|8ALgNTs;KV#Cy2lwvd2oO)cmp__(FZpYx<<+65e!9Dao7vMhgfP*K
zY-@_>slfu#f!uEnUTFkW2cytI=0v3wG5yTLJC^oqZ{i^2v0R3Aci{c0(O&e9GvoNo
zVT6BXnrn62FM2PabNQVl;wZCnV$*jON&x-*=GMaq2zNc7t+g6QXRamkn?Jaj4)RI>
zbU0xP&@at%hTc+wXA>>qIj+&fC{T?*y0W38wYi?$5t>xAIyM-2JIYP1W9b-HdJt$b
zcf%P)#b__%*!lQ`FNFV=1L~PEE@`gsP1&f#FL7!R#+HIW`Bm-|m;ov+@x72Xn1$&~
zT@~zlk+IjG+dkrK!8&Mw;juOwn&~GHDmKDAT|H~o$eHx!D$#A|V5*a;quSxsSf{ca
zi5MiSc>D*Pqb}h6*J$^Lo*H7x-2<$1zV<w-H|y4E_XV>?GTr5s51R80Z%nRRtq9LU
zBAT#{y&!L{c~pI2mGNXRg3V9L(6H`vSKaDM(H`NO106Mv7&(6z8Jh}c9_<ULdTU0%
zoyj-Oi!DpuCSe6BH)g^YXUTMgKt9#r{Ys~?*wvB^7fq)d-`K9R6HfKdDFI*XPVR>-
zDKF)79=$v~dL}zBr*-nIG`_0RIz;ET_37fT!#axu7Oom{B)oQdaZ2QUk6J%rUn>H2
zJ=#d<slRFeJKtc2Yw9?tox8%4bQBbO;_~h+F((ay9@+ybz`qMb`toKE2L%TEMb6)2
zSGuxn&~Kme%Z(XDYlpN-c=7FCWlx2mo9;Z7o0}Wy2fH^oPk7y>sZV$PC@VVLmnetV
zOZ$u;*Thsg1-kWrv4%6_*Da0`+28UK#iUafn@UJI&}<-67%Vflu8({>AWVEwDx)g8
zZ{E0VXmap3!QMyM)v*=EqBYQrtYEkJsO~F{5;`OAe&D*fbe1=rO>AW^C%N%^M*-m?
z-6@q-o3pCl=)Ql@K0AZoX()-Za=7vQ7W|adg_cXQX2w^Gs@IKa8Q<$JP$^5wZ6~&c
z>^pFYpD2I|bNWQ--gv$;?|I<9p>2?B;9f*vBz)zTAD6Pb5+RFnGy3*~#Y-%@Y(`;N
ztEVEhQf|(sr=qw`WM)lh>)OVbnIV=fP4x&F(E_1#KukJLgUt)DmrP=$84fesYg3w<
zBym^aIH7l1j+`gJeu0Y3pQ?Z+_#kq6<{=a>#h&tZnxnao)vn?yI>FJ5`cy3wTqQ>C
z(csirhGqWXCL~>9jp<C1A(r=U)K_xByw<r!XRp3+`3`upf)G-*G4J^`=;JtE(Ny{+
zN(kCk+f|*^>g1XYStC5&2~9i75g#V^?RH-k3G45PHwR9tV!5*{Lb7BQHHdRd8`SOm
zKndBy`91iHns?&Cc`-xFhsgebK4w$Z4#(j<=IK5;o#n_92nPF}H{juz0B_aB-M%ts
zWTmKn+@0bly~<|_dL@cpZfKiPa}-pXXlmw<o1wGcGOgunyJ`lc*UDcydH3?SW{Njq
zY7kI(^mtU=Q|-kK?IFSsjRV@@Fkez$Q0rs_E!;$Az+$!e3|_r(hz@VQ@2+xUc8RDI
z4Hvyh=Aq5%lEkZ7!gR`u_puVbkFyV++=tI?AOvWeUax6(3FJY3^FijD*F1XUMai~f
zwoRBc8Xp-)XmTZTTC54k`&ow7j^a1;Z7oykQ)}KPB45IrYFrA+oL5$o7c}=%1{%(&
z$y~HTU`&_@;M|4*_FBygEAC!7<?w#z3G$cR`F<^^+Pt8E?9uQN%Z1PqOLdk;-YPpy
zy34f3;^vDdWBqNLkG2CRZel-~sn}z2I}Hb!%Y_fujF;V<fKigo>-RslI_eoA0>z4>
zu-HIzIe|h+trEfT8!zZ5zFM`hV7~-7?D=J^26Q4mtvR?Tjq{wuC;cH$(Cqt%JR=X|
zS78&@uO+i-1|y4SQY~z1g)CaeU&}iaYBr;bY(mZ~+3+BGL(XuaUKmUc>?h{4=6L2g
z7zT}c?_^(`;PY=vU$^J-?<JhnYd2l>d11{6_vR<I<XRn49H7xXw8)6zj`@>otERW|
zY-fS(;t*;`%Yc&2Kh|R=jZ)(Kg|)TU7FUEV{rt<!TEi$dwAQXiO5;JZhF9t}I^Xs$
z#GiLLsV%_9bND)rS!CVY1kLNNsm4nIPhM@IBI7Shj`^rG%QY<;M%nk;PpUcZ?#QLn
z#dt6s4Z-Y}Izn3fIhW5}{npI%CXAy0vf^(6X5gz6Sx(W4rT8f+bC=HdtLtdm9m!fz
z<LlqD?z#Ucq4J=ugz3v4Ksx|LVuDl_L3PMlP&s*e-7{fWL2<EzhSqI~`N<Z0=SsTO
z^Y7~}yqO{>Y|i502OA$ZM~y}wMz_v=z-w{+wk>14<`Q@b7M2VRi0VrzmDAKj&kGse
z{v7E2#Xt|MSm3<wKs<9vSvKavpxGoc>x!`E$JE2T7*r{zn~^VaRW9>Nm%%*GmS`aI
z>^0foW`!hGVpNQ`y-Ei(r~{J9P}I1<EElE0DqY#O)K4biqr=qnmHz7VOzk9toj!_2
zV}x^+)qny>Sq2Z;{n}_dfz^=TSUFa_bl>=1^v%c{A|f_Y*K#0thjLUL7b-0iAwK4G
znY_NdtFMdZPg67=_DAOAyQ!UQ&ts?ROV5kth*3I+cmB;3abYuo@i~@X>k9xYN#?#&
z6qU&s!jqS`K6~0Y`|hqEQ|^~D^Cvi$q_VGX(lv+(-05w-)9V3!Y`Y%|JWBrS<(76Y
zFa=Y<YFhyW-Q4p5W7!d_Gz}ry-=^T3pvem1n%Thm*RkMT0iKKR+wJ1sQEB4~-tRKr
z6B_bn&|SH6c%PWtzQIv=fqi*(R-dpI(Oc&D-J{UN30Z!c7)|d!g{m8kGP&u8mPeh@
z-s$G`c|TFW-^z)><Y#U<T1A(_d^HC-(ynzC21_oxlcFc@9d0W?w4o(e*4+4IkagV@
z`3qTm=flrbL{V1KKc%?HRFB6Xt6^TqZ?ku$<9<UuvbEjI{OL+}ycx;F<8`#~8GYiK
z{GMpaP>rX2KC68Sj#cG?#qurw-SM7s&GjkC7X9CSAn=PJOmIYKUpT`x6MR8Fyq7}8
z*mZfbJ*ZN?q0ZHi>_i!-ZKdH@9i2+&^QKb5jb&EqGj17|QR)Nb_h^;xvBbr{G=2M2
z`Di`n7hS(+ak>y=s5-@{6dnEL)+<ZD0axJ@6ENRhk9zC+0ZyRR+`6=FI>YA$B?z*s
zxR%mrPrf$$>l7R-Lcl5X-r0Ud(8f}#3d*2wIS+`0N-Z?oH|R8J1D#G}mA_XkExKl)
zttN@5PT(Y2ph6Y&4oesv4@|b}t+=DE)Lgv1A2~<U+WUtX_$pI5eK6ns(fE#>{ZR+<
zWmD7ID10*N9W|^%t%LoSe6mXg4600a<pDff&1=ZBteMld#diCQEEG2B7BMS50xDGB
z(CIS9#1h)D3yq=b5Vf0*XgOpoQ=cyK;~%3#n*|)=97XmaS4KEg=honPD4~==ryXxP
z|7(r@t~Uo8TMUA*rL3~}Fx3q<n(A}cq8h8UwV{!R)iB5d$B|P4#eIi}FiTYEj^oz2
z%Yei7lQfxYnOxERj9utb-8@@%m6g@%)2+h~ElN#vMjh5j<fg{6Z6|a29_Hp%C^^W{
z1cs5wl=B8WwQnp^Yiw|exjJ;k-k--dvcPBATtw;N8gH1bbjzYw)w!!U%VEnDS^ll%
zynP4`HRWYC#a!W6k`qu!%l$rO<L0I^&=o4*1>V2u_GdG4XMWej&!D&0oZYiw3-$mX
zyjuCXr``a<UK=Oh-Kr(AV)yL;y~qs1ZdZu4W)#HBKC`90V_L7R=jOpGpIJy$2;Iy^
z=^q%<6KC-XF=te#dZWP=i#Leg@~qrw)wh0ha$4-o6PfGK@Qhtjq^Qr`J%c6TkVLg`
zvf}aCtO-n;e^&#_)@kLQ>>|7C3pZ*1Cw&|#le#vX8i`h$`{9&(FG5%|bT3!cSFgHx
z@@fS(jtJ|Dynp31nvgkYQxg9<m+$pqNhZ3EmxxIlb~-LdO+zb`svs7j794)y6`?m{
zbeK9m)%Zq#A(&OwV5J*wRa{<zW^`c?9D8HF@aM*u)5v%qaBn5_c1Eb;kNXLB031QR
zO~ys=@}GvA2^qeu?_F}l?3zGX<A!*rsFrstCWg1MZ%YNEfC5Erwq5X%X}eGwT;csD
zmZm8#rhkzO%VU=Kf}>)&ZUSvPKI?`*?bm6${BdEpFrl02X{L|hYETu+mcJjim$`&t
zopQd@T!cc)qrc6TQuD^;Te!%cdn5B-YjA%dY}%S1kzHD*hw3T-Qk23lFsCN2Q9E9y
zec#^K@%HFB2V!KN=|FSu=8n(=%*~<Y>lA>14I*saKBnG|I%Ek2Q5<RTnXmze@4yT>
z4myMc%r)bdTgo5MuAWr2Kb2(xA!w_E2c9b--wxC-5WIO}jfOiJ1mzatGDe@?g}XT~
z)8%19VmGF1#~P=$nH0UT-Ml%KRL&SQq9XsR5$B+<@34cMi+$s3vQ<NwT@M$-kweS;
z{1}OnFz6_vmyV6*qO-h>8F%Ex@59bB4a?3losF#e<oa73w`^gAP2pDpIy0uhah}y)
zD!sJ15Yc*;v>_pJ85T42Me2!l`|D+I69N*EJT_wGvqv~!^pO>~O>9pL00H4E!bQt!
z3<5}1L+VqY=Ql-pHtI}LIo>XfhA=(kX$<KMx!}IlGeIaHsmwvN8pT1Ml{R!MM!}2|
zdnE%gS>R|Ee(;Ga-!c))m&4~LD{fZ7(RyOUJIbO9om6UOvk<Ol_GfY4Tc7X5G?r6e
z?2KEA*oY6GehHWKsTq=*SbMGAp0_z-M%HLY-4_+jT*oWVdUylew{!%J`H}>FWxqbE
z1JDNjI8kru<XDm;Xgs$A_6RPPeE@#dBl+%<;U~mbhCGV->6f55KeCu}p|P!Fyr0<`
zrrNJ_KH?ZqDBL355ZV=mrrmdH<b1S9?6vkJMMhPJTivJ1Go<4ALfd=?&9%@E_ga70
z=f$}V|ET_JS57FMqUkhNl%Rig;GVKx$7^N;9pdk#on3S3s@Y>fp%0bY7S(5~It^yK
z)HFb(TY!~J?1zjv4h{-nn>mcbNX){>t;N^^&KxRKcH~L4kqQSjq~1g)Ot*;&IIKL)
zM^6)(UK4w<zcnXfox0(>*Q?~JBKpNNxm=|?W)_i(=~#qdP>z>;?h{{INWcLyy&BBk
z>7LmBaC;-Qd>v7njSrb9ThX}O73*}Boi?g4t^P92^Iv8{FKUXgLARo0ri_Ix+kJ*p
zzUHr?8HS&;`o}s*t<)u(O<5O6Y7ROvMacm$7`-^GiJ|C54|AAk8HE-hKgRj+(-BY5
zVGLaDWL0I^W2&RI#QP!8O=T?w1j_#Q@C^;B!w}<vTyZq}!A*oQ9~XmMqbu#mE>bLH
z>k^E6Pjr>B)lWS%cAh~0kLkIDpzX`%8~sgrhV;Exocyh4OM0J1w{1~t-WX-V<wZFJ
ztiRnHrk(wf7cI%`4_`Ste21f;`oPf>9DaO0SWKc1sS*~|86LMd0yfxvy6qw?HW$o_
zjCU5h@vx{(fF!w@^`jV7T>reUT61Av*7iI<!$G;`P@a9jJvR`tkNq*&NBFlt{>liq
zCvk9i$_uifEh&S89+L>KoHoQ<0>0`2N<Un-sXk@Oq9jH|4V_8>Md|gy<HB7x<y_Sd
zRuiP{b96Bhhf)omRUFQ#BgLO>rwa-WdEmBBmzUv)Cn3C#0!O1zX47UmWh$ck6LD9u
z+d9~q5F+f#!!;=n>{LsoEV6>MPfva|#xH>&0~j*mF3lF>R2C=fLsal|Z(PKN*qDs+
z9*2&_{-k{^g1+Fy`8ax2u}0b1M^?|h*c~7)qM0UcOq$La=kmT5Pv6aT)>cc=mYZ7e
zw4GFDNNrX~<W3c3i)(>7xYE-p?I3rSR&?^C`opn%!`X}j4*4w{b$uj~JSlo>o^sxO
zl-TX%16h|z=ZJNs6^%}(=@j+7L7TgdpAFZ&2_pjh`fjWpJX#K4K-2=jdOk09nIAaH
zXE?0%>Y+03l9K-bOvi#h!b*|R=|V?XNx<spSf6ZN1{2$xs~XUuRl(J=1DJZFad9rc
z&4YIN%6(&-Pse!}!*x2<sZM3j50d5D<JOuTl!;?6_KISzxM&6}<;K(F8L|HWtgrqP
zu<C%KN=C@yy<J?Ulw}UlZ^%I;yma&}RvNj}!yK?27Z}DUl)oKh^g=xpRp`3%tZh+~
zN>z7*32skF_~ca!(;1FtOsm&Jk;K7KcP|dTtvSA@*CHM@s=KrLQ}q!Gn=h!9@;_er
zIxU2-xv8AuAfFhaE0xaR7A>yzr?sO#H6rLSB&m+;Mq*CVeQyI#7_!5UQO?wdcXezh
z@2(t8mKuEMQQT2(MWQV<Vs7Vg4~+ba-p?4S_WU1ui+CUn>MCrOxx@3)_F45bc>%)i
zBoN_u`fGh8PeT*(Kbp&3%RB?j!|upD#_sZp(e#>Xt5NPMmKfWs@$-nM3A?$;)pKl?
z>2MEuSHa{H+UHMKK>5zmtKDNU186s^=s*2ngRwSL8XcCBti}f8?O~<k;6UzlT3Vb}
z6|z|bzKGcC)1G1J+FqIQU9ze;!~5#Q!mZAjaf~Luy|NnbnWD)4@B#B+ZOskWw|ts`
zGpD@jk|-DvcTr>02kqniccmV+lc??W?Kvq!@#JE574!5;ms@q7wGpHAAv|{G5yqlJ
zTBamDq6Q-1ED`I8kbJ{dSQCs~$#CKY)jp@4QEH@fvP8u8XD=NcQQnTysb=YQ0UJ1p
zDJ9U&*3(g>=Z-{nluVi8Lw*YhCBeG%Q8G38MBbA0D4C-0V|q0t|CTSWB>TGhhp%Au
zQ6=6pz}jc+2n>c@0{#Y62a*{Q)#e+3uMruy*X*E4924KOj=kcjnX{K0kB6sC_d_S&
z{-Tro;B)ll@)^e0Xm{Q#bCk?3HYt45;X71Oq6Sx8s7-iVD<hAosjc~zs!MY9S|gs^
zG`sLaH1Q1j)@Q>}s47TyVW{w!NIAbJsNm3Yn$Oo4KUSXQ&|6k5Fr@dkXfep=xADEw
zfz_L-I68aAnh6n8)&^%5!hE-g>ASaFL3np!Dz%xk%%9nlJk8^GkT@l6jO^C7*bZhj
z`A{SOUA020Q$#-`$zbEAv{QEtC;&{{w1Tp5cg*ycikG}qXQ{LC2S7U%)RI6IKrMke
z^S9&*w4fh%RNx}MAX6WEgv*Qtk8s%uje3B~?%{WE=nsW>q>U*TD{HyRecR64Yf`2Z
zN|{O98=ujH9@PZ64N?yKJn}9Q-Kxiwzwo<D&R(a5V*WI<aqiNEkN0TVe;~8PhW|un
z)1YA#Cw<L@?|RkrB`u>6&u}9dn&zDQPj<vB865kd!gMUlmLLePi6(F5ulfof_#`%j
z404jB4cEa{JnQQAX5TG17(m~M5vSuKaD7<-eS>+n9>{gN@L|3ZExWzyP0jm|wOECv
zN4W!K_TKIj=t+3jYSfUTlw(RmHe#l?X9;1FwkeA3Ev*oj^N(4kAYu}w6yxn4;ylf?
zLn*`&5?dJkeL`?t=VqK|-~WX$g<;j>I|Hn@CtyaMrJ#XVV=B<gHr+P@){1Bx0Pyo;
zgzKeKtyNBOsLj48ZnzbeMf9a#3F0f>IiW?BS{K`g6urDndvcZdM+NKte^#*az`lQv
z$$}9y6J;Peo0-=Ijko;j;?}lZ{aB@F@$DmW#`>h>!!f;q(jB%CzYE2Al1@chCA6-#
z+qvq@tT)PRTZb`|7SK#^lV>k6inB-NNsB>)8Di<B&^lvr@|UTB4PF&}vf9$tknzZ@
zoccVSm=7@brro1Z_S&s6!)$0*kveVT>DqM#unAvkB!jFT;6TE4ROO#hBqut1$B3FK
zx-fuW%oZJWJyh%PtA5(1`}b&$p&&Er!J8@VelcC`(htfCA>M`8S0btV*l8%DO_zYC
z-(tX)_#Z?@F7tt?^?#h<ub1gGfVp4MihAvZGZQeUJxz`$&33URK!-o-@GbxiX|+!;
ziHJH<U<KpULs0}sFS@+@?31H)xPvJV=L8t$%BhE6-<LYqt^UK|)&SO$e*sU>w}ZC$
zg3vKPS#B;OZ?T35G}c=6TxFW(jd2mYMb(OabwD^1erw;Pl9muHL=Qnmc7<mJ)dzGh
zoy|#Fj6K^KCW}CPK=n9`!PWV@6&mRO92Cm~>=WMJ*vVW<tkc6uVwo3N6_^N-v(2#X
zaDGtJN~OLcJg{9~Zq~YS7gfbOA{8c!2hBkBXBFg|Hs+NU6YZOXqvRa)=8-J<Z)AL)
zM|Bh$JTSEanF>=+%Hx?L1~%u1%Lud|Ts~>$<FhAD{0_z~X@=70tRUK`Oa;yWNV1N0
z<=V>m6JR3K$xX4e((l!c-_%t8IIgLt8iqmNnx-#DzH8;t&sfFtbyV$_XKgSA6a6=|
z4z4ta++AX>5}T}o3(8HoeseSdIs+!JjEiDvP|vT%^qGYSgx6HD>2dhUEM$m@(?zZ3
zWXo$;(jZ0u_}^7N2B^H*UIURz7;oGl<KjMMZb&vSZZNziGJK3;8F?5i%1YFJirCON
ztkTt5VbfGaBdYANn}Lg4ZQ(`D#n9GWSta;#OR9X9#ah4t-$3Q&Vm^|5aeyJs{Y*d~
z5tOESN|EWr-F9A+7p58up;TUM{vKE8shl5nmfGq>HF|5+;J;n>kJa#@@P)Z3@!`WB
zt+Q1fC^|&7+IH^Q=UYWFLJSx^r?x74Z#HK8MjC5cK&QF(HC2T4qPFxDGd86~%UDLX
zV{@7j=LQRM^ZYsowsIyjstO;Y*_SWuS_egY2b9FwlBP#<Jb(LiU4U1a9h6fZ7`xjm
zyWf+=;kWGZ^516J)i-c8-Af%^SI^=ZXCnsvk7DHWv#*Ebi6oQFi0^1Jq3Vvz;GIrF
z4g#Xt=<hg^zJ7h{&<WGPxm}!?pKSi2LVx5^uaxE<WGwXEn#0=<D(?5jf8<}}k^jQu
zT{;oEtAYioh@>xGlMX0xACZ8keV#8ZI_+Th3NBWZuu>qMZ>px~bIEh=?2APlPBfDU
z>{lZ2GUKO{l8V+o>@~yUB4i*Dr%iN=%QNxX=QX57f*}<nf$U}$p?7EI15%=eChL@{
zZhqm-%C_U|?(gAMDPDGVw~@H~)V)HN&)c$PZSW2kR`Ot3?BJAu>xz|12#1=G<5ZIp
zRL?|@OA2G8u+9nUG>Q4H=1-(y_w`(1(YANw>`?1wJ~XzyGyMZ)jg@At#9o!00q-TZ
zzF8Wgln)+hR5eTc5=ff0KNhe-AM7TUCZdGI4?T?4SM{^Ms}>u~&3@j)R#mYpp@o?D
z;ab$CiY=9r#Wu}3d(G5_LxqaBvC%M&a2*}=*Xb}fsI9-rT3a6D$kM7%qbG`CrbO|B
z2|uA4Ev+gRFUta-?6>B{4(ek7KU&{CQ^;Hj_MOguq?&;3>4I^zRBbrx@nD*+`I=sX
zNYsYIa8@u^`2F@zpfob*-ytcx2l;+=W~~hU`aa^Ef(Fie^}PRR(^Ln)88}{?eWtP`
zwp^lG@s+;A3+jVb*U&?LOdsdoe!wJ}P<*nMa9?~gH7RdZ9y8lYfRU#d3G;M?1<U1V
z-dK|-Hr}Glbq4-?`s4aR-sblj*T5RWDu$7RH<C+!>qyD_A^NEN*J}n-sl^Ar<zEcl
zGo6Gm;VnIkHm*9PmRg?-$!NZC&<yXwowjyILUy-YZqZyj)8SaAnV2LG*hMOLxiBGd
zDEh-au8id9*V3Me9Hy}xzOExrp1jjfVVtaSy&k;meCY2q<G7`pbXc1pRgW&^jSX&%
z+mA8ck7{pDA(+o_@C~2f=ef%+w$dg-=jyDrbSQS1Geo#6JM@i~Vq}>1aDRsY6J^aZ
zmGu$UrYP%|xOcHpJTzL04Ou@Sn3flhUcG{AoN$O3{l1{gje|^yhCIpOj;_di3r8-G
znN^o0CqSdcS?%iK{4(P0dVSWK$Lg{g`3Y^-hvG$|I&p>qtL?Y`JZ!WV8T!C>`IZvy
zWJ(u(=PUvG46-_|I`W)E5P!H?GtoB}MHXdWvFFEkMP#iy$NJxCI0Mc*Ke>3-=RY#I
z<A2_h!IivwulmFSI<G~rbgLlbxas@zd*8XeQ$*j(P(OV#<0eQXzD^xCYK-uLLEb+q
z1;gX{XM67b^>fG2-0uY0%ip>kT5#3nQ7b9v)HB+X=ja~-0EzfOT=b8n_iB)Mg0v<3
zbwM{TAksRQh3i)kNy7fXhfUV|lK;5i@8}6fkGdxJGt|8v-tYQdCNOsd2U1>|Qh9w$
zp?fw0tRsDSyUXFPO5-0VW`1}p!9V_i>i_#ze;?g{1^BaL_FuL5|CCx(cjqpscGB*j
z;i<Z_u71hH3H9nJ@4v}gn?bI0l<{h^V6Xl*wys|L)(oI4g_(?z*B>X1fd6=rnEdLe
z`@l20fvXB!6UXlAYO7UxwnLOoEq5tgyAf#oe)g__<F*zuQSN{ktLq)^v}a3$Y(JRp
z)7u&>eqvmI`yamtTzSojbJSr);d1}*a6gwcF3aIO=c+=I;yK!Qc0l4{t!?x3>+kOI
z;7Xy2T@7Yh(#C7@2(@XW(Y5HNr~i7RBVMr&KhmVS)>QsqzIb%X+Te4^b=~H>_D12?
ziTK+f>KzT8JlCPyz5{yqmo<)?nSMWG#*bGdxL}YKpXT)YdBA=gcJX7QC;7E@tb=Qq
zHV_=&7kMK$`;2JPz^@I4_ve8R$5)+F{H7rK``vqET!?G97X0xSiqLm?xac<Fd33ig
z{IW8xUGU2Z+&c{-IRIfSZ*J54e*6cH3-vk|r0RbOMb$vwM={O3_ULk7wR4$2V%pyZ
z_2Vbv!7ZLgxfBU^Sio;5`7VRo9FM|ho=1}QFa7IRtjEgOSMvJkR%bT6Ufej)FW>hJ
ztVtb}B+o}TOZ=9G;{%{WIjW!aKL8AW|M_9=0Gj}(4;i|1bZ6wXlk-3Dz<++<=X<yW
z<h0CG;xCVIq_%a6xZrGjBkk9#g|6d<LwHP&?^eC=-uegR`On{^fEyDkc1yuL|K(AS
zHJJsc$?!mhU++Ej#aRqF-|^+D9@S;X?Z96bM{oZqjop{W-ukVh$Roiy3N^{wztU+n
z;0jxQ6vwx#K6v$Ca{(>E|C-Cc32gssE<ZxqjG=DjUt9nu|Nmq<{Oor`1lVbY_p^m}
z4iAD@_a$68+V#@7%fCqV<~X5N!@Gomhl>})1)_|^ubThqa*xBw=O4|Fxw%|E@cp!c
zC$hyP45XxfdQQY&LyqSEC=r7%-*duCiEFNob9s8Ox%@DFGD~Z}o&%9WV&-YwWOVe_
z=+lf-z4ar3R9+)n9&e17!_i$P`N3UjIfNIE;)pyhc%>|A3;os=2h-zRu@t<U1b~o8
z63MR{Gt6Y=tIHM8O3(U*<*6#w{l^2PhL8I_Gyietd3@4wj2;U1OZ)l+JTmQ<zuoi)
zzv}Ll$0}e7^0TPHl1M}%)UGp-=o-Zha3MBc%2e-wR#?FZG?*dTXm{MhY0kBhc4jl1
zqo`-0EXrJ9xBjKYLT#=LbPBzO{L0MJ;=OSs1zb)!G#Z|JM5FzmA^MN^lQ_^Klg-T|
z@yGkJs~`4u3cm7Sq+g|+Nj602<5x&8nGD)Z!!A+|D@2SXb^H{32mbNIqhI#aR9GDV
z8+<>(MjlZl`C<^LD~fNF9>Z0zi}v^DNJ=&IrsQtQPUX0W*my|s5XJqihaM$Mel?Og
zEl&+bScq@X^GuQV=uw?OL<3-Ghu6*H=llNS6+Ng?A7#W}OVdP8p6iafx84_*SS1c4
zK&<C3XbsUST^!eOSR9VO^$)20`3Dj!x<vAGQu9b5Xn9WpGIp6;pU<5H<)c?m*cVlA
zvh9xv@k(X4`;G)Y&gdNTm@?@wU-OO`th{N4&vA@4q;ZcJ4fk36Rk}dplEFCiK|k;U
zTxI^*>_qH*dxs`n`{NJZCIaU*e@^WwNZ{%s)(UQ0U+dtnpbO;x6ew6VGJbIXG0@w&
zlO2qUG#WxTA)7J9Mvv3i;6q{^x*KG?$EAx%5W7JZ@O0?6PxJQqvB0u@?#9c2f<wx?
zwvCxLIYBd%pxd4}dirlPaL*c7N>G$wu;T#51UMqw{BO*1nc@VX)n~k_fOi5fo&B;&
zr%Q=J1UDtO-JY6@5Cv}F&*p$r^B8ts2U-HUn><EWfg1mUsR4iW9UKP4pGYn{NBgYt
zq#!uL3USy4LSmG~)qhlbKl|hCX6`fIvWK@x4etQYPYkV1S6v71|I_Uw(D<Iy2{MBL
zU<|3dhQ%i9&B7)lya;d?%lc)31ACu|tFe6j71#j1dgp_Ky&AqJOhDI=@3a;0HjaM6
zOzm}W%F`S_MVkJje=2yp#__ebTCR+Z-`^nkeg8SYAIAGB{wDZ5*6-hhZ0cz!OKvs$
z%%7diN-vJ3I>N$7UJD!()X7}+cT#y*{QxJH3u@I@j&u|Dms~<X70KU?^rsQ@5aIF{
zs<6=t@V@<wUmE^K%J+=%K=TIr>=_YIy|R0SQoCtm)WE-dODFLo_0%2xCZ5rrd%Pl9
z{X;I}|F6mAbI7J#G6YPXThtZaV4igqz9pnoX}EI&ew;fs;gVUXlC|b<Q-@LCW3y5>
z7&Qdu+Wr1r!^X_#oS>>pr-)H=@nW5i{_=ISnm-z`S&cs%u}7HrgWn&-C~e~Nw*k@j
zOVSUbhGIMpQsGIezN*1X)WP#6!db27eEg1%oCX&OL}gwP{cRxs)MRgPmPaiiySL=v
zEUg(X?{Ca}&j~U(1<bf?E`s~oUyk>KJ5GgFq2NXZ`jh{Y`dS5V61zuCUVy44b-Sbf
z>KO`WWX;_-@B&sFh*M#&?}q1p`#b_T)hYeBc9iW(ez;fI7iXOvbb%Okr4#y@@vom5
z{b5k5NUs0wX+ncHqim%85y@tI5JLg`<oK6qR$ei)f;Ulp94yLh6vu*g#EEE=ZIbw>
zX8z+<ofghf?>$aCYO9UXT^`slNQO*;#2%mA=ciq9<5CzS)yU9R5K<WaClB~UYIo13
zMH<<SR4RCSjV-(w?L_CwmUHZp|4-AK$a4x#`zo{K0>mikght+<PfY|uBN*xT%bnFD
zsRvKP`@cL*da?VlU2iZS&yN+0CO*nIewv@3?f8{CPFLm~gx}BrK|E8vH%nd$I>=E`
zWcCvTrZ?3D;hBGD<a1APAt5UfT*~s-cqjS$e*6|`nWkDA-{utwR|Xn_fM!D1J2%Dl
z-aZn?7)3uxo|KQn9Q5UCqK8*P@(-ALk*P`?A$)7_vE)zHEuq5XSji=qnJ<|A0MAKu
z6QQ1NU6(A+lf*p(>^H|)jAkmY*-8vwlbq=w>%3Tjcz6YgbFe2My12W>JHd~i`|-K!
zrO%(_eL~QLOf&>f4&&C58)~kM`{*s{O|fOCzH<A5g>4#Jq<_0vXmQ47Jtu>R%+twH
zuQ3gJ=i`l&>y@viizA%`8C~})95KVoE?S;Tht<3Ohj*5RL>XqMTRT^l+M7tLw(Sj-
zzdUH(fk(kYJ9gbM6=owr%XYiu*iXd)<*t%R<Q2<B1b+Eht84jFspzmCWcs!5>I%Uw
zdz0i}FMta}z~O<o!(jaLJpb{k<Y;QQ>vmuL^>2(ofveTQG1$|CnV!knL?Ud)mysaC
zs>7h6D!yPUF`f~4i}fO-;oz!R6RGQFs@`IL@w5`dc29R*$zJO>3Cv<ZB}?MNEuZXy
z)bdZdahU7^S8>s;C4GC_E;*@YiVUURjlF0x8RT}qGj^%CijBs3#?fMgf-ZuLG-9`%
zA|MhyL@(sBNvgXGZ*Oj%Be;%ud4J=yPP&49hP)l;&fCt$+B%4^inYTv$NPW0Z^oI3
zB6_^}2>=Bj;(i3458l<GzQg;L*jjM=NSD$@@r~VHL59UxiAkiRizaWD#`G5t#Mjw8
zFrYL{ZKkc1J~<tQ(8{Wy>$H63j96?@@;`22z9@fm4?$=jvL~*pH>nqpne&SBpu6ii
zHbiXOvoOY~Y7*_Hm;yM;m0a|4oXorCni#Jta^_`;j$ezLp#QAZZDg;$!?pjd@a!YY
zN*D^2NYSV#vr}k0c!}RppYgj5Az}(XfOy44TnqR)AVE4xm@A={9#i`=v87B~0jAAr
zS9*}<0$(7hl)Im{UWTx6TAH?3;5+B#W}#=~E5O*+iKwSha$;pS#EKc&4h5Q~HZ(a$
z42B<aB$-SMG40!miMTwhEWgbrc9EH*E6{0qpp#K=yMYE-x^}jH4kFsa>O8V7gH2|G
z_+1&7pQyDcnu(zlcCN1?I`Nc3t-Z;N$}lM9{K5X^XI35BZ4-}a%O6*h;e1<Lb=T#;
zg37;=T?~LqV03W$Wo!h1Gk?5aRWs1*@z<&8OD-^3$wnP0rwUW^-(W$SbhXe4pmW8`
zSw`*qLbyEinnmf_&-gznO-#@)hg52<XJex^9=a@nKSF&Uo3q7~X2|W~`C))8AS&=n
zpX1cXf&k-wX}DL_8{-OEt;0pdfszEb_v&L`o)2oPil04*-9z~pOgdH7$9qVdyf757
zTnOZLO_RbvMfbl)^C`X#crA8;CL_>fdp(kJpis7rgP;AQ@?Har?)Xk)1qQY2@7?;j
z&Pt-#iVFKNQ!6}k*75PpD-m~JZn#_`nc022*HBAuCakjBfpo;dTF^%uQbmE<+~1)r
zzTqSnr_DU!B%cjs;gfTJDhdv>^L_D0Zf@u$Suid)XD6!>%y+R9YQ={15be3dmY^7r
z#juMes`~B?Z9<%HwS79^^%Sij+Juel6Br7Zgt#%YGaNdrmYLZgs`@J{$MH>pJcv^#
zuGLP^S6%2{v0gaRwn{z)i%OS@;trTbu%Plz4DVKG0ixq+K6j6{LOYi&4AH@+=M?Z~
zm?#hHmvHXuF71Dkgcn!lscBv;oMME_5NtICd%D|G;8m3$Wh+w}p)07)lyZS(X#u&j
zIn6mHXeAX#3L)L^a<WpdNK&a0$sva?RNEq!&bll%YlUOj`S&{d2oZywmU|d6?d|Bb
zk{ef{Hv*M$isS8(GX4+O^AqtOji>?KfE!VJe;ur%aV%1=GR|jmEGJA%4j1HG&F9^F
zk3P#WRXvDdd`6%(#6aLBlbx0VGQ9cx*+r~Tf1zv5#>{OEy7pdprnd<fr^CF6K>0*&
zPhF~g?10i@#n$Bddl`~|xZCVX^ZQ+65R1&$0sX_gy*a$h0&DkkoJ_VF76>3Lb1W|P
z2H`5}pY~SI>l8ao_LZA^^AZn!%=p&9M<45GfKn`HZ(E)Kv`i^lC3csriwPTTg{8+E
zLh7-9J{Sh@Q~?*L-nfVI0iSd(_lHmV99up4*{UdMGD)g3sYNwKNHoyQX6YJ=BK4vb
z4+0*dFJ>rYCKg02!_u5NHq@AsWYBj7KPqC?VIp*0j5;`$#l)biwP~fOt24LJ7&D~a
z+H&Y1*HdaMzG-@UBq71uMDua1ubOWF@ml4lJUypfuKnC{y9me1wgr<ygDO72ZJf?C
zyniqIuv2~@*9vM&BNTEtIQ5>-+&*hDtvBh7&!aLa^HP(KOmII3V$=&FS>u9R9K#|v
z`%t26#ceJsHk3YdKHz1XdPoY1$NeY_OuBf)kyAs#k;pJysGa?(t|hrZz)aaKj>~UV
z0Kx%9ab#Y+$?r~k16R2%cA<NWB$7<8E}=ZEyS*%BG<KLQXo}pIml>mA@7Gq%E@BH8
zS>{j<QVX10Zx($nJ21Tw(d%O0Q@|x8WoX(+;y0Vt$%8T0VB72&+P%l_sxr9{(I;gU
zQN+<S0r9GHQ0}9&dU+t*?3aB_N<!ofhqE~KUYvwp>%`OiH?ac*UZm1)7mcb+)S;xv
z`tVqb?T-WJg5rm#!;5W@AtPoX31jC=dsZEY`tH7*o}nde|1_>m<BzqAtn*{?>GS?`
z5adY7xE=#?`f(+IOb;Y~6oBu^;4ymTG|y0MlF71vF8r8fF@sn}Uh~lk=R(tUklF`4
z;@fG5O0En!K9EJreDno8${j6<8R&z}DUS0l!$V9Q9Lq&tzO=8?m2PK1%4z0n>cxu~
zoxyasXqm`X9WB&?<%yfUkOiBmxtOf6HpMLb?sEHj?UMu(S8(2~^h6zl!yIC(v4yMl
zxxq|2p68Y6GaewDM`*<X_W*|zEy|^TO5{FU0=;>5Y!)XbU!u3F^2Av8_m^fE*w~gq
z_QeoVDm1Z*+{?X3ift2&y~ghEC~(E8;b*BNzdO?7WiBwRf?MXI#Xngqf+lYFT~Zys
zO;|o3-Akwlr3_?T*3U{ds~=v_;HrrEqHi>(&&4>?QZZw}eQ0iimNgcwdX@hoEIY`6
zEpsz0Slnz~)zD0SY;SQ;Z?ay1dF_)k_VnXJhv}f0;s2+-w~mUc?f%A<P%uE`7F1HD
zB$br5P!I_L=~Nnqlo*B?KvYCZI)+d|knSOdAw)pBbC^Nt9vC|3J;eRo-s<yP-|zeT
z?_Ii<YaL)XoU^Ze?fC4^-WQ6k)Ytu_WgjOLO30i=n>mlHkU~vvfwO5fYlL{F)GC(m
zOX^<gzC?LUsh_F$7N|p$aS1Tq?i2uHn(Zt>D)z<VHD5ZVWP8PT4}o+r<{%eIt0I{N
zpopW_9R2i8Z|iQY``y$fskMy@e=HvOxJ2yg6x~L|te&mdj`agxu#&RXb@y%gA@9h%
zUNJf$rE7NX-qzxvRjUC$u%JQ5XN}GgVtjf!LS~_F{iVrqUW@r~vq;LXd6lQPHPpgL
z8fm5!2Se;**XtfRTJQsgJ10-d5K=A-?=#g&(Z`j+-aTJ(tKZRL)s>G>E9PedwxoV$
zQ+fM|bldIu6%w3Ct*vZzTERfM3WJErWY_9*<e7`T?dZ2l#Q`+v%X>YEd*!Bj+7!~?
zE*Ce@7!253WDY4e5JwfCY;x`8pau7GDC~+mPDImVo`^V@?h{HihV4PwE`#=4zOk0t
zMk)b=!o+$Cd2>nie`Ps?7p7w~pjXz~XZ_yPE~^1yBjN*MtE03sZa$p0mom)h>B8*|
zvLS__`bCAAFLtlBUx-uiJ^)5y6-j3nyN#UFcNIzU;3}3A(g}TWusZNQ8k|&Y*y1(d
zeXS`qyBCcS;YNUqeI0(7Esp${Ext=5dfFS<SSp#4UfQ}Hw?ZKqNle$wR-`Z}$<<gC
zqfjYd2=N|j4HsR9Iw(8yV7N^kC&k9<rDM-@c6D|232h9P0`#8UB@k^H?}(4Pj9gCd
zIlD_Xa$<@!U-ay6h3u^gKG4vyJWzrv7~fL3*4$dylUb;c1fORH9`IqhPQ5b&3fn2)
zIv4ttiA+N+b^bkV2clhywHaJS7E-jAi|^Ot#K_1Mejvj9CuI6`2UsSc=;w6)a*V$x
zF;S>Pu0<-na5PiT0AIG7v-Y6uQfe$_A&_36#P5?!^%QL+51WEQ&;#^v*bAj-YKz&j
zE5z&w?$?iHp1P$y3y{#U@PmFVt5>?hhCM0RL=z@Z(w;HOkHE)|I=Oeoa4J{|Bs@;O
zo~t04C8Z?DedTg6j79Wm+VmQ|C6M;EKyS#67@ZY~=kCZSdI{jHg@@5KI>puFp*0uH
zRX3dFH@}#A9TH16LxJ`?*&%yS1&g=_4MzQ|i_eI|Hg)<J>x=q{gJ3CUou=`obF-k?
z4wzQ2!$(7{Huynf2dHiO^B6U8M}a#$YP92o^mz=jwgs)9mtJ37`6k4$1jQn5Q!lRQ
zuu#f(wl`tQC)|Z>Y00U}_w_iIs>Iz8I;KFzS#>#>QSAi|FBa1`j)n!i44@s|sJxWB
z;Wi<WMMc(dmwETVSdH*KIQ_fC^Gwb`=4mx_TMB4_u|MPbEK>pK4UE1V5%He3w`N%?
zW}nqqN>k02JUX7gm4{jIvJ>vT<{f`ewLL0+FUT0Sm}|VoPYMsWN0oeA3PweTq;Exj
zmCFBa5j@wO#0(s|#<rDdPG@UfyW}ODZclP<j&HV_oKE#|_JlIfplNg|+Z7rO?HflX
z4T~M4`L^JiS1FtiU=$%h*>k_8JNZZ65&-yhtJa658!xgj!sX1GG1$AWh0(reghLHF
z99rdFLHurZO{!D)`Qc|Oi&?jmA5BksaHlwD2@aHfV9~@fo~0{#!N?9?e!v&n4+xd&
z+41Tnrvhqp8Oc{_TcYI?q2z5Qh(}z(@$(V1y=dcktIKJQ)4E)s2Kd%PJRyetOCD%U
zB7XaAClN`*!AJoeQ-O_Ni@SRPUG5>Z!s;O>K&_}E3U&EtF{PeJr{FT^emMn^O~%V*
z+k8_a)LPsEwq?0Qhfr)RMASSHq~&wE7mtzVge{F(XVLOSWvBt5h?Zg|bgZUf++@$r
zy3E0anS6nQ36MxV9+>T!55`F(Rgywk%^|}VnL{hDKX!7X2<ZMIoGqf206%+!k<EUj
zo+!|P2H?N(AM(Mp!~bEg3K2a%lOy}~uU@upZnMDIU_R?z@(mo!I<+h~&g|M1zIZ~W
z#QAOI-E0C7OWDSE)`#1~4(4ti2O}liofOq|nqKCV_{lUtHv6H~DG8_b2U+2iYZC)H
zXj-h^hcda#=+kVzd#2vj`0_}^w-J^h{qIgHTlsC2D6DealGBFo>#%35&h<(J5f45O
zrxb(0xK$e^_2n*sm%KduLL3V6!gP9*IRhRIkkY=LjTAo_XGN$UIUN6>N4%S(IaR5V
zeeAvi?m@+;=Bk!iv!xUnsoh|IwH&4;@`2bo`P#T}vKv6Z)!t~6MZ31W64QSS&*7Dq
z*g<t$C&lPPKiLiDYjcu2mbv|%*&QfsvmE89jpD_=^{Gew6*pM1=d6|pr)>X%mq?)+
zky0T3H=nv(IpH%kC)v0j1D2nL?=!h_z*GTuFm1<>LG8DK-r$D@=R;<Egk$Q2rg<8t
zbflbQKdSKa^Iyg?;j&wgneb}2X*_T6<<7b)Cz4Y3)FJJIJ&91zj8%$pU}{>cqxm!7
z+|_oUP|^KWeBR>04b)_S0kj8`C4e*5{+=vhNzz4{e2=d_M9mKayNDhee`yfOmtk<p
zXz2@E?Xl58TkFtHwhK|ZJY^{fl56p>RcD)9-++k+bjE0le1p-rqJ*!$Z296mU;(<(
zjx5%WCz?1)#)=ROSG8c71<OdUaeJDi*WA^@%iV*Q*tMM-ku%b)@<Z;`@Q}-SeOrWy
zRv3rJN~8zd1Z6z8?d5xkBK=PcVR<sj44e<1pF0;*P|Uh><LYqGEGT5l@t7A(v+rC%
zOYa!#<(RRSeEt4B>)kRjffcpd6l_R0*LXZwU6U}0Rj5yFufyACRm$X<w|fLr!a(^^
zgPz&BiAvb5hI`<Z#dKZrep)}+!=B7I0@fcN8*_Cix$N_s=5i~bc$Zz|A*aF>IR-6K
zYD`2D6k%pFQb<2Rn7At{qa+`gxn$y#VGvAUmF5|#9tv6F5g#q<*Ko6;3^1FouWVN+
zS-Zt|Bj|X24!zgrAw7cW(fjb<#StrP``A$tcK8m2%1+Mk$-Dio^R}dei5lCCUJ+|k
zDMh8DaSUu@W6-aVeo6f8fu6|na?ox;R)<IyqC~&UE>8u3WX+s7<Bo*SzlH08@EcBC
zHFRP^TSNXDg!j^s`I(SWXyZ)t6S0!Tm8=iD0&W%+N!nRqkF6cevg!M`WHy=_&MndC
z%L#Ob^6!dx14u?jEcZm<GPqEyPXn($UXdY~)g0%rB~o!&XQ@{0wQ()g_RCmHId<Nx
z3o$G~scChN<~4x2_4$N~F|vV2>hVf$z!?-?Ne5-U%tF2&)h&!PIjIg_=G10~S5M|=
zU^*o?F&_Z-#ww)UxRThbC~p}A4oO*jE~31nynb^f`o4xqdkmB<{HxT|#KukdDCI}W
z&2LRtY>5UgR+F38%26Qe9ZE_+0;owi;V~kcvOcLkX%MxH%qy(fU0h}mVQNgB<8nkU
zLmp|J&B*zZRKqh>C-)wvh6}+Y2%K2HQ&E0qXJbH$Dma9ak)mO~+jjGD&b`KDRDFwI
z0GoIU@;<=I-)wWc2UcvJZ32{}LFmCy8xzp~@v;0VTap>UK~z&;YG-9$du+8jTfTEz
zh1Mp%p+*n)y8DhoK>Tpzwg>L7T7MTZX2ZR-4KOAMs5Njp`LF75^Xvio!&Vh02AtmQ
z=~=@9IDH>r?v2yUThTQpfdLCr(bL5|Yf3^gs?J~gSODu`8XEoqC{n)6d983=cRi}`
zYDs%|L_s}+mE+5zMsJM?<GDeWl0iIY8ONFhXi9*8x%p0>z1Div8{c*vyiO_u9v0nv
zeTGZ_`?)WL`5t!_XSs!HpJ>}S?ZnQ?KG4nYF^Ly>!hf%gEj}yu4roBv{YE!}lHEnZ
zpKhf74TKm+b(1;k@8&dsB=#R%`RL=LXrxeV$<p0Go9ocw{?BPjgD8&1B1Zk<&n|KY
zZ4L4P9<8vJd8UbjQ9<9OXOEZ07{k9)4g)9)nD-+aNt3XhW%2z8LHcD7sO@uY3v45l
zT0DSlq&fV$q!e>SsU;lK>7){eAKfLtdJbbAYDoSDKBjtl1RUG65;(cbhLUc5&_?O)
zb~kLo3VrvkBkr}XlrpEq1vRVYv2nS&<(HRAVCGNFO+HAbM2P1$KRNro>)ot&o)-7`
z=ZOnRV}WZdJv?jzjhWO~?8{e?!2h!bb2i%$_MlJzoipS)Sj|!|_n+OuevQV91hBP0
zMyGJ(>SN&a+M8Y%N}S4WImZgSx@(M(f~D*@Ty<MIb@IN)F+5QYQ393aD)FImm2UO&
zvzO&X!owMytEWF@OQRo73IHWc(!6p;iAJ|^gotToYS*V^(OrAdUEjw~VDbwEgAjW?
z;g^9*a4zZ6io=mg=|pfOPSzGp(@58$^tJnn!CUCW93*%3i!kj-47oYJPOW=Lv|!K|
zR5)KP$4EI+>&l<5dV>yd^rsJ^)}FVVNUI-N5F96(z6Ky<LSRGIv{N>=?_fIXH+OP6
z825|EQ9B&AJC#VTj(HUqnHUWE3x?PBb8LU-Hz2!0AuoaW^c2#owixj1Op0<-W^pFY
zW)pE6cdc-5m+3h=-Q6Ar+G?}2iIz5%^Antc%HASYs-j~)g&OkK^0d^|TZbiX5=Pf1
zM9DY5$A0--@hC2P?krURmgLjXd~)TJ=^4denteftP_nrvqD+B`xXab#iGHW@6E4j6
zv!1RE3O$W%Gju6WOITWWcL&;zB@elmK2dG=e&^FSfpXy<l;%P8p@yuO^_q}-J949-
zzPU)XgWxLboVDy>tWnY{J0U1;BNeQQ-eETm(6bD6;$b5$>cBQvWk;5Yx^_Kv8y3vX
zJe+C}D7c)Bd68>}ZexfjtV+_g*5>q)79`m1Pm6KM+&F#$5gY84g~2Ld=WI;UMRS{l
zvy^P<BV9U@RcWlw^`0uloPXKGJ}i9inre!hxKD&YZssbqFDttSB;k))v(l{#H3_8I
zy>rBi<<P$uUj5PFE|XX@n%OJ}@-4lIQKEQzFaxDZHFJD*Q#R23NkEiB<VnK)`M$?|
z_64mh_ADKPTa}Q!x3@YBE&CuH3f_yMHY#&F{LgGs#u%K(CG-h##as%FMQ<!9Si0@e
z@a0}LwXfUgNnroIhO5@qyK{5F#%_AVi@alM(fO<5&A2-#{52VpPT&4q`YLwt^Rmse
zM+vGxY;0n+KX<^AFe9*=7m8hLP+7u-TVD#mU>PXT&vAB>`6*Mm>3OagsRSXI-|e#<
zv2{Cbny+qR4tM~W$Rq7PQjY(Q&%8<x!BE;;?}N#1@EA(bFk>W#F|!a<(5t!53img%
zYi>^yDAxU<F>mwfA{wuU`j~^CzSe)~e<`m--&$Df>Lw65Gt2-p%Nx8kB=dU4OA*~t
zx3fgHUI>QBAbPQ<H*dP4%A|TnS42C#jP<=tp*85X1_{+p^$XzsD>L5lrcwP#>(X#5
zf=Xhs>GW(<RNAJP4_h83nx6VPJz=KSHE)>u+<&*8LPy~*?)8P1S#yaB00Xr$t*);}
zZ3H#7%WtuEJJh^uYBDaMvgMC4xXlTin~)T?78W&u9hn@W7@GTn$;YaW1-`V6!d#x6
z5_nbP3XdMbTvbhuJcSQAW<?xwOc+`#m`k-*++QF{UgryLy^8vHa!0h{<#M%qz~|ma
zvDqMCZ<)=5U9{0^n!cK4eo_{;j<D;ZDFb1Vmq2q%@o!2+wo^a7+z#y+!3fR2llic<
z2SIg>`tf_*7kKJm+%8s4KJ$@~X*i;yG_mMzqkl!2@*tm_xx`jL^>+dLhhX~M?t$a$
zF?eBqooJr?6fkHV9&|zCJ*QzMq0264t*glU+-Fy%7m#5|DjS*aO&QVmfv_@0@}7yo
zLRJamiIQ<kN4>7mO-Ehe1V1-_jWa`G%d^^-kDtEHClqr;NYwRFgpDxxgJE*OcM*Ha
z5DtB*xqyBhYe7@n)zH1Q>v4FZvtZmYd~u>8$U|44(8=QAW68KXp?yA}mMwewJ@c5i
z?f4f^6J~BXba$ZoAKe|WV7~MrHsL)*QV~H{Qk&UPgLPXDH5_2(C)+`m>Eit)(jQG7
z7BV7lT!VYktiH&1&#Lm%&zsHBN>oT#4K;v$v%<B|gZxyVtZtVy#X0MLeIKyf`Za&!
zx^ZmZYw%#KxFV7G8_WsXO~+e)Q$D2hOST_G4bUu?#cZS^RM8qO8kdB#b%7%^IEoTZ
z%XacZz9G%v#_5YZgE1zPV<!FQuNjHC;>NK?v=@QMlq>(3m)k*umX1>H`^;ZMkt0Ma
z04oKkY8JsR-;t-X(=gm@f2>tzn(&Bti?J*WMe6cAKA7(QMHVP_G}!W^OYl4+KAx;7
z*YL`cJ#E#~So}$U*u$U=A)R!4MRn?T+w7#{MdFhyIU<VbRpznkQ*^1v!VRVzmNvni
z17f(ZmA*XT^Z1pC=8>2U&&74V^x`+}3+v&t`dT;oJCnS|>l8r4F&5rn22?u*ZJA^B
z`_GQvzTP-tsz9n(u8R1U_rN&(;WnR8DaP7>MPtYNCq00bn*Td6`PWLZ9z`;xJ_x_Y
zi73Q*t=)|-Jce%hnmKYhZ=^u$cIwh9wP<_6hfliVk>x)6DprN{=1{nJZPGr7f%30E
zCKFJPVpwLoWGx)~qOBdLz}Y_~oyxMwqM7_=F%Zp)qfq2AU7~Wt7P=b2V(&f@7uj@t
zPqLHKmRRO;Yp0Ek>XD@b2weDPT6KJgGTFE8Q){a5nD4W%)fy?rh0u7-jI&P<z!)%E
z>{R?347Y8y%-o|wZn0FXrEz_jl7vB;3ioRG%%?rJJAh9*(Q#Z1{7o$Rt>A#tlHz@9
z<jf~JFLF_&Q3<`k`3GGG^gBU50U-`#gmr}ZEB|L-M?7w@E+yL6?#*+mpV~l?mTN0#
zd-8y?XyFR#{1rWxZU8jq1SeNc6~NE#KDuf~7QXQ%SEUzDoWrGWEihjTCs}QSlc=}U
z?0C8<9?Y~P?xEoop5elpWeg8oRhmzDJNyXp60+(cGLSE?axZ8&T}D^H3E>NJuOn-j
z>1`Di1Vj6_=_Q$32g*)d+~05mQF#E%Z4YYNBh?RmHkYmfh!aYO#EEw-Z(}|B23Vw%
z>&nD=G6j&GA%e~j?>Y2|W9U|YgHW0D)u`wc<XFv$@S+Do%btoFzy?d`cXM1zTDMMw
z@JoF(q3xF_FK<UuH{Gm^GyI_Ryt(H_xxM4k4f1LB@kY#KYt7t8CK|uK3Q92pIQ!*`
zW8<L}Z|ArgqCh4FdW}lJ?4{@QZ(Po=h;}DS$gQ~z867`WQGLS7CO<)~PT_)Bp<aXU
zCve5p@VCN2I!0XSgqDIKwF=W&s-q%+wF8)lrSBDgKk<;`09)44gkS*_QH8XYcP<hL
zFI>8~-T4RB1Fqz8LZ$LdT_{m+5dry${>iU^`FPd067v*nOF@ndz1Ddl8-?oWR&m1A
z?_y9h1Cfo$ERYm9y=%oZ@l1Gba0!T2B=dAe->9b`4~C7cy02;TO%Xf1SpAxQ)pl_P
zur9;%0jX(`j^_ByoMte~g0*t^xm!b2<0H?9CE_zUU(5nry~}`$1(t>GRwx(ea{v)?
zKO`XClmkYoI`f=Mq>JL{t}NC}CpXqd#*{fnZ{t@v+tw-}!vg~w>{*yO%aBa=W~o8&
zR`l8zk!lE$!fA+$z2&u1Kh>ubAl%}jLaoF-Iz{Zt*|RzUXU`r?WyKct0YQc%($`|}
zOZSLz3#zFiaCzcoW(pIpV6N_2yK-TryIq{Q<{gSlFO-#UC%f|P#~A{dPwnFbaG9%}
zlB3WR>t!ysXIg?gua;an1nHQS*$;ga3%4Nk?|f6sp>NW1HRmOoKk;xd<aDFU>#93w
zW7yf&Bp2eDkES9y!eIbZE<!3P0#R){Kt{YTY7Nq($HnH|#pNGM0r5mXO6#HL0}VS=
z|6n4`$X`t$t`ZB7-Lr%Ty};z6q+7Itz-EcJ9-hWL+i|N@==GkFK$^NOhj1$vz5tD9
zX3OZJFr_z=(-d3Y*UwbfGf`4E7c+Zz9)<5ghVh5!{&4^{y>vKwPl!m2h(`LuGfu-t
zX=}!XwAj$@rg;Bx%-WY>`>AO5`oXn$me8HnhNJ~vh4-1c8;kn4RM>JDX||LK*C4(H
zapg+A*OfM9_4D|0)JeIXTo6f@dejy>U6CuH$eH#|#v_fT{=DXWzn#eGR@hi4<&GM6
z1nKe}k+W3ez9yY=PY)%ZXt11Km>|1(dcwZqOx`Jg6nxNF7J2K#5A@%E98k-_%pWHy
zX2COFrBv4{dc;Kn&Bxn?v<ggvyp)lH<wdswt!=JH-B@$`&^!!4YaFa>t#7U7q0Et#
z8A6|YFsC0hvvEZuwe&m?=a-Bg+XRPfIL%#r=otfMsiVyd?v!y_h3NQt8G!Q}o1R+r
zXq2h=&TwZ2-0`m?qgiEG+6@_XG#}o~As#Whe1TT2PYVoyu=_(w0s7WyYuRvhfEY<K
za7c@sB-7k}-I3}klX{ezl}LU8w#~E%+fJYyWcH9bfbp?3;Ae#ZI1Z8aF!?rPic2+(
zB#yTn-@0_tHvGkln%$3!&n1{{urSs?Cp3jh0kgeWzT4|~KAs~*)XA}~<WDNu&$pJ7
zEZ;Gp8F_hhr!C;_3-AZPlH7+X7G7;F2!!Qk_rNYsiO@`NRUp)zv?>=>yTx(@Naz6&
z8Q_G@*m0O&{2kQ5a3JT*5#{!0B(c=42P2V<FFwkbSodkfFZQ!p+*mdGbSG^D;c{ng
z1>2b&K_|JBHnJ)(wVn+zk*m&a%age{wwiy`LfbSawaB;GNjJa#LA$|~R>YU#i#ASK
zR=tK#;59G89-Mj(2?Sd=?-`k4u|_>spUOV%*@~|7Rm1q1@ANUnQr6Tn!=CC}&`Q@R
z*;>-aNS;~Bqa<emuw);{Z~GC)Z==dt_sUQ`>Zd}yYowD#vgEP+rU{FgtQ%ctkD$Yl
zvxnY@fuGVyqadB(hRJ?nVc}j)u&kH@4$6jfC-g-uzR??`msUKn`Kg)CZ}+c>UHUHL
zO{2H|Rd~;(!V-(qXKRl&$6&rl<XR2j63cT8RpTufc3iDjpT>@^_CI0)Y({Yqx8Iph
zdku$x_g%Tbs{LzkA3#YgJ@CH0Be%BBeB$y-z13f6oWD#bxcRvmjW4Q0)K3L31R(G0
z%c3`njQ2}CPZmxg#uZBzl%&F{C#u<-<w`a5b)}hYUus-I$}IQV?=jIc&BJSBqaa;|
zv7eiwTsl{s?umf1M+abbz1M>>7ll0jEnU*F-YQW+dulZOc}nW~;&-HR;d`Y_&x(VR
zJ3(E|b}vcHI4rq)271<9X?EJP79x*^0h|p-{e?(Ax{OOfzUa-Zi?S@;SJ%pOb%kvu
z&ui-Lo=9hMa%3u4ztrwJ9thC+`Pb^rcik9~5|p7NdIOM)m=({I_Gor!gDWtd?W4UP
ze5OvW1l1V4OW)_dX~e8B`34X;oiEwamn@4XqSKCP3gBd?WxtYUn1AS?l=z#ZAv?yk
zU=u2${}l&vh4tDMkpUXH&7HUEDP=3is0Z>sx{d_wjjQD1w`DtKT#W~fGYR!6)HSm^
zSV9oXv-6*K`8H>Y_tm!Q$*{tq+D4%V6zxvUu;<Uzp;As|@w+v=+n2BW%xo0rTI+jX
zc;EPewnoP-_niRT#+ic=wiFkB%)7&Yk<H909hn`=sY;yPS2Fs7#zsC$^BG9zcCJ(0
z&1VGy&nrOSS!RK_n!&g<17Ru)BeoifH85PZ)D47?9}Pu{_DhVT&3m!;LaS*_EUJwX
zo9Tc~hsyT><>-3}BwSd9!Qt^udzD$+O>Dp}{h;=yQI0~YP}PLho*kYb?i_XNnoxt|
zAI?nD+QWCwvzI`f|5B*99;CxhK#dUBT_!oRaKQ1OL6gz^mK^;SIJshf!u3S*CcrUe
zxhCqW9$_P;UQn=I)QqAW#d{TIpNu*v-g)~VqUUn8Ug_&b1SAJpEu9G170cR-MP^zb
zdN$mZ-|vE8bK!_|2CoB^Z&-E4#Cgz|!WU~i+mo2VYuNP|X?v&wZa#{$cVEV)_KdzW
zu2JT-q!;2=`pEvfnAtw20Ciu%^_SYy<oXZ7{gV2oa^>?}_2gMh#!gt2eUp@&e~alH
z$zwvu$tI1p0F0-xxj}s{*mYNgoG_CB8KNj9aJSCEa^k@d6p*V<G2FGLd1u7fh~!~J
zaeIP%VHiyFK^-h^Ph(-WF$F=Jv6lO`;R7h2X@sSyHSoifNNgR{T<gV6y#umnW+QXE
z`ETH*qZ0tW22lLOn9f{$eG^6A<S&Q*;B<DiO;{iT0R5Zb^aa+i8DB46t@63i?dK2l
z3x~oqCJ=tjy2+E-BlkQ4B;-Gna0D4Wa4Yi#9S25V`MU29lm|hmSHDr1cWMM=Z&3I4
zejBd~kOgAv%~i&_*7x=BzKHF`Ywi9g@pGBndzEyW1E5H+&6AUFk7ZSS$g)zVE=G5=
z=qO!$==>lq*laE6fj;lOOvQE@iL11zdWg^I81vGhK(x}RTIY$*=936I31lN&*EAy7
zd=A1P3DKZ+FP{|=NYsDAYZ4oUytaIsf^-mnb(1B^Abt3p$XXC}#rYR}jzCSqhIJ>W
zAPA$qr>OP!e+(FsK!^5LZO`6P@&fjDugt%f?d+BLf0OMf9|vMMVE)<+Gm9XVS1I+i
za_94Go!eezWo0@ik}oO*HSE@0^&Nf>8q+lcRMKX-_iKIzpppEi_Gxg<wZR|7Y#Vo|
z6^u|Fb||o}0O`dwnc<iv7x2UI#)-C3VASvR!21vD2=|0|Ib0SN_o(n3hyCq$Rnzj`
z08v-d-vO|K;qbhcR{2WQqYV@=1K+EVbn1L!YqwisN>N~=xVYkdwE$=EH^~8LX7e0y
z0G9O#50%tC*un5Iw~ADC@Iv1G=eHT4XSpdka3(4v5nUrJLD=;@kR~H{x%%3rr4<{N
z%T1xk<j~p=QUEGrrhUJH13g=Jqkb+w@zZ8N^F~^H%ZSt{_w7oH1Gy<4_pbe2!%Wv<
zH*@LfzfRw;H1ay!G&MXD`y7_M1)A@~bs}F8omb994DnK;7Uj};>eyvG7)18)vGZ&<
zO)ezA;%f+bRs9NT@|~LKv~;nd0Qza=-ac;DLi;~@J#)TF_vst`zSV>eK@-^8Mf#X8
zz93;JPvD5rhl{jfGn)HNIS&q$k*7T@E#nEGjQNMk*hU?7{%tZaY<<$pbbr?R+4U|2
z8IxDsep3ZqV^G~FfY+C5HO&`}NLrV5?3h@JfqT&t>Lbu(u`==P*c0W|O3QLNM_O*w
zWHJVZdR`0DoxSP7+h5-FVAF^rc<LA+$qz~c`@vLpJR5?1!oKrP_}m#g?E?Z{XVp9V
ze`3>ruAB}Dcs9f`)l_!c-%_7JhZ#h*9?^NT$ID!wN?dG`1dbP|FMTE4>jy-mGQh4y
zbFkfPuI+Ic3@BJ@Om`HoaVUTKNIE9WPeFbxr`@osKPYD9oUP8Vm@Vi6`UZe&*gjn3
zaskXBz<OZX&xePfzE~q;KBI9sE!`Ptm;ZZOdVuGL%A{piX?4nryPBECXWVaHF=aD$
zowNn2Av0rh4KNVxUv$f+#dVNpTemu=jBkCsYd-<EC@J;GokgB42zuGbHwa<#5#}kY
z?)=OHjcD?3?B~l0dHQOxIjn8J;#e`J+Bf?F$iBRgA?sf<r2<30$&zHs!8|A|wRRmg
zjRf~yPCNTt;+{%s)Vq}KyYh|W*qPq;6*@p4%eZg9n?J~Wd-Ocbul+76)dLg(D4AsX
zy=#*tnO3gc7E6*=93izG?tlNz*9@B!bQ=4m<OJhD&l+%shTcvxp+%ni?+x8;M$|RK
z5wq3u5{1Hf#iEhU^O-9{NZPf=o@yH6-ZIJa221Q&;6*#g!|?Qpw!4bfp~gWz*KzU|
z7u<mQ$uUZ+X7OEDU%<SqA9UES*vhO#0F2}>e+T=YPDr4fbg}*R1FlRAOcHNZk&Of|
z?$E@J6~C*Z(Q($@9C6SJ*5egjERC~E*K3^+ZYuK1slkIQ_lzw8(fe;#y+f_@;$}UV
z*_{WXTOXck$o4SGk1di5`v|bAcBu0{7t!ROOjLRv-WT1>AoKi<FNckjeJsg^2+jEA
zUEL2BOX-t7!LivG*}GBf;R@^lGKWdP((&qTu6_4D;n#|KlLrJ(t+{w2uhIkGu2bao
z;rl<z`_Gl)VX`H5UXa2|j3(+r#U(%WkBxuH)*lZ74ohtKCJqkTKga-Cf2X7&spV__
z*8PvMI)?WTEI_|A|4~lb`F&s2Jip<UiCG(6Lknw3m4F`DIL$>eu+Q0^vUP7xC>|e<
z0e{CwacTgrC>A*Cb#(FCqrj7#H;#b!hC{6%Z2uLD+mC4hdfE&0VRFTB^5DdZrBu-6
zsX!?(Zd6~(NazCSUabv^y#k;nuQwN3R<!ZWZFwlFr%8MU-Ls*$cw5lToqc;%A17ye
z{DDM$hTV(`Zl4RB3-#1}3dwfQU-HbLK+Syd_s6;_sZ3RW<ou4zLhYZC(cyv_{Je)S
zux{-Hs18nlzp?0dt1r)ZZ6c?qIV**UMm*fH-1!O>6|_TYKW1GK&Q*A^<hq#K1R<GL
z*tZ!rs2ZQu-$hbgKKn_*;O6TSnRnkY0u94YI#ontQCEvhwmLERZ8vzC-t<%IA|Oa*
zC?83D0Oiil>V{m_P>NO>{iiC?zbbH)Gn=l@psod|#k$|xogBWTrIUB1W!`ji>fJM8
z+lbDwWtVKS{PJOttgcy=BLN4<T?CN(T=nWiaIrtZ>8XU){JRODKl97qQyE2n7=wG|
z9q+=jdgNM{FcMkeDjkeU$&3rl-u|qvwWz+J_qxm=6K}qtG)Bh&87-@#9Q}LPx76_c
zVuc|6kebv8JoiE0=EqPK8djwsu#=XCzTQCVa{aEswiduNFu|J!LhmKBCDad{+I_i=
ze#(O{A8M+~*}Q;V1R@2^sW&xOZC31J!vbFs23Xe22sAvp52SU?L$sd!Bz=)w9>++|
zH6WDrD98imsPG>^IljNkc#jbMFb<CVD2XZQLFF>GXneAGLsJpN2kkV+X(>3=Bd47F
zR;qIkl3UIRdyu|7z^B?nLT!DzSIpRMo?8}2r|^t<6r+#^1La*DR*~n1u0rpz)!rX%
z-Cc++h~-|I^2&BG2C#(yUn`h-UbY^i>e#TTU_JCk>WI<cc_qZRHnXF^0vuA^GcWwO
z0Lr9Z<T%B<jg3g^U=3vLxO0EuT*_F&PA5~OM;V7IMuUGNkuV(f!Q{vhL8#o_TWTy%
ztA`@XJ8_Xt$3N7r+Dz?WgtemKWsk4k*#HU3Kj`nWy=TK<`<5Z4G1^PGB0-Ha94f%C
zq9q!ATgr7^#W|b8gTw&vk{he*6>n4r8?xn-LG?Ejw-c4!EF88Rr<}*Kd8Aj{6QuWk
zB2zf+^MliDo&J1#_xm>#qCdz!1ZmC`UDUn?H)fQU66C&p#A}Z;1^}HA?RTYs#>ju{
z&fixzXAffGTE?&w0O4Wdkm`25_`VBP>acJjRdz3)!c_z_XbKKp9G3!v!P)2kO3+Bz
zh-^2g3)lrHvj_m&q10aORux5lXAo7dU&ub30luB|wT_7(doOD_Qb<4h)06(9+TLy7
zbjpP4r)l&OK5XD8a9RGk>bugsUni~^@AYFY0DgaeFf{Rx4W3?UWK9Q%vYLs(J#jgw
zhLJ6HmRZL8_e@aOPi5kR1^ZP(;XHEZY%T#wPN0l~FIONALxAQW%#x7ai{XqwH0NGq
z|3*iWp8Y%3V*lm$JN+rFUVf84UV>O+iR#wgA7q*>#g6c`W8|~v&OdRq4v-KaLNP{)
zm^~copN5ZvE9I2K$XD>8Af1;ORn*}z8$Mbe#dZm+^UPiN>2l)rt1Qa2r;XpA)MJq$
z)?VlrBT;ybpcV;^@IU!dSW$NFGdajNx1fRSG|SN%Zf&PWri16(G~e(Rz%|WlLtfmK
zi|e|s_Wl*yNxi$*&d^dAzk>z_Us%Dov_L0d6Y(xsv+!t_7J^GF&T$vVwt*!?Z^hxa
zF$p$H{qBLoOYl}wo=4^MyDeN}^GXJN>K=Ytjqdt`&YBi03Bd{a2x4U%8YQB?Zo1J{
z%Y)n6Ad@ynY6xps8Wdr(ED};<aFWl8hN_W^;3&~}cJ!vkkP`Ws^GeL&bV<`$I&D>m
z28yQA#c;%F>KkT6e3CFo$!zjgOaBZH>^<=qGF$pl*2co{1@VibD=MPPRgDp14||rr
zd4K}g4crQ1UHY2~E&3OAn7C{iQMnri5N#+~PaD>7OLzw-R~=z3WFmrX)mh11Fq^L?
z6$IgW9Z9ItDd#kH;!7W*;t4RFai^F&^E~r8UC<Gz`$=o*%Q?qMRKT~><{A6W@|<P9
z>3QTR5eeCuzb|HQd8x%mq#=(N$u^R#hE-a@htiy@&JLxmw)s_XdcdY|f^-bXnKup?
z$xMT4r<~ZnZQ<fZmrW-SJY9QdqBx!4zbzO~tgM5*(<)_mr(_esUPP}mK?#>$D#|`t
zWYJ@mW(uLi%pFH#OOLvsm#(EwJg3>^zsP*kQ0ZingSQ&S$u`0p6wVOkG{Oa<W3!_m
zRSd^T+C43C&Lpsd6D3yh`D3+y;vq4hFM+nNj%>wjp*e<jYnH|YCTvx6948CSf+9|4
z?LILJXV5PvVDSyP;tl+Sp3dnzIf%lbLfa)me8F79mf0L)Yh#DOnn1nw9ReK~%AO#*
ztj;u$y(#Gw?FQK}M31i_6bKbA*e&!lj)W{Mq=8z+Y3{<mWVJ6euM4CqVC}Sdf5<y_
zB9fM~n&Ud%!omr;U|0!o>bec=WG^^i=yRd{IvPH7Y%MyUrf8cfa-*zxE~jH!`ie9r
zoLKp!@LB+VeJ+7h1k>ww-r-jCIYRNAe!u&pt<ucxuvRsNRYtKo$ueZTPxJ^l59G0O
z`YiLcw>LROWV`i5;(ioX3u&Ool5)RGqxZzNlYBqNkk}&Am}6x2X8J&j<yc`#!#P@A
zgP6;n&9(wtE8|7c&~F)y)E?VoCxarS2Z~ET3hCOFwY?3%q%)}2>h?E4X0@-54Hl((
zC|xWvNw+{w!LXJ)=-no$D^07zzjX}-&6%6i>EBw{s_592HKZg<!oN_%NanC=v;3@M
zXZpN}QYCmEyHMH$N0856_fj28MXrX=(3L-)`&OjSP3bY;!3x#qF{l{+fDeD=6Ba13
zmhLdwuxjg#w!HM?)+_=P4K!p6Lx79tvYM+wr`JY>Wz@yGoU^UVlc1TUt!odvb#d<n
zFxAMh{oR?qI}N|-S;<V4I>`Lk1!GNtc<gN06Odg1imKEmfx%|I@a;1;;y&5XcM==;
z>al#<wU>e`qzT+XOk&xCU3NCOufEM~llWyfto~xEMuo=i^am^X>bz;59#eV=6@Boe
za*5q>_EmMJ=iM}0E$dNR!Z=*L_`LX5E5<>ZZzyhS0hB-XZ*8MMpr9fUCWGC$wsR!T
z={Gr*WV<n$Ej<c9ZB0Pk48;$2rygG|*_o(2-vUPNH~OqXb32-L@tEGAa4Y8p+_Q>>
z=GMpn9mdoyX<gW=hf8FTnrZi|A9c=~SUEgXLMsqDqSWZ*BBd2w)cJj9Y#~xwZN4Ns
z6NX0RmC$Sr6kN)eR2AxkOj@rk*tjy922Rw+z*ZD4-!weprDpRs4Qa!F9L*_yZKhUZ
zK=`2{h=|<)ilCQrbt=J4Eu5vm8t8AQ@P*5_Hebl=_-oX9PzScS%`moYH-qE!nC`|;
zYEVSLarIsvbGZ`@-|4ak7mM12`gf93#|=mH$ovQ$%L7(@MOq$8G`PDXUwMlY=)}Rj
zf@|Mfu!nn91fx_@Lac*TjZB>|L`NHda3f~i+rE`efO1`W>@tpOqx)sMR$|Y|j#;FZ
zLR?awDH`&TZx;;i>O_WZA*?of>KfqpZMiE@m{^&o*;0?QiYGVoFp&s`VnQ_jOJtU|
z+WU=(J>|o1I9}Z|bI$}QZVJs!$tyt<b)9$O6dcj)4BSKDvG)#h@SreCeFynY6VO_N
z>D8@)QLtNwTB};~5~J9Nq{QaZHAe}hp51g?wxdKdzylpiEuHD+togxHXy#YeJ8T;;
zaeF|%A@cAe>RYxvLz~kKV~)ML?tu{ZO!tvDCmZ6>N%st3c(XAkY4n!urMZkujUZ|L
za<@i>u_{nck@XlK(}wc~lFvO^w>U9ut|>iJibPx$xtkKa2C5wj-3%;fI==z4(IRY3
z6jKh_su1c=-nZqTGqB$1EvE>ZfUVpu!P7H5%gWxKz3{hFkvxuW!J><HXQA7u%e#t(
z!hlA;O%sP#!2WR}|M4betZy4S0lRteC=uk&xBlZc92!H2^`%)z0vI)D-|ge_`Vk>^
zBR65EbZ|YGayDl-x-nwkHmX49aAlh+3DUNVo~7T*peDKN;*aIE(&nQZ6$z=Br-KuJ
zDWaUqwyTE*Rp#B32$%A_*Q83cX7b0jn{_fV$zceHN$6mC`2<A<!6^dpIbh1THAcp@
z10z7lg5UD2Jb!2eEPpft=ZR9V9DLggLk-f>c-fMPst9wV_B@e>OamlpyGFr7H>-3x
z7REGyq*-1{ndf9e?Z&(8%r+U=@UUYgw0Ut7B+kiL#ocFV+uQ3Eksjc6*^>Ol^r4|O
z&MnG_Edss=IMc^LLDWMA6}vq(GL|N9Gq7q9;%3HhKOTajFLg+%!iqn}?j%&>(8d+)
zxE|aFI%;i6QQU!vmv5~j(Wk*gM7q!JdsVYHh!VH!4Z0uCr9@wvH-M{8kkW2Jj*d^4
z6|ohRrSL8>Lf_d3=<wJ8-P9%+9aOE3v=t#TTHSTXmC2xh0j6l!dvf1I>rrO?vQ2=P
zKnF131!@=`?S(5uBy4}(DBR#~Du3DfnVy%AusQEwUssZ^5d=l)KEr4rBG4Wl;GMq6
z2F~~_t(A#ZdFWF#e}Z&^`+IsZ+r$EiTXr^5z53rLnssmvYf1)?DNXR?B(b>LtJ!bg
zuZ*o$?A|WHXLy{J#77gx%V97_115{fp7QvBf-NAr8j~z&f>BbgOEl59hQ{q|&9;(|
z`E$Q*IIZH;3z{<2F*$CES$}|jMShCiZhDljv5~M7iVvlh=B@KsPsBG7VmXwgQQZ}%
z@*l0@2pD{B`dYY>?#5ysj#9Xxj<-A~W75CdjyIJQHMcW@Z(1YdOAr#7!X}iqZNZyg
zASjVcO6xE#7!HqLv;so4fwir%;U%B#hQz-*?VNVvtx>G=6PbD{(oRgt#@(2cL@<xl
z&%87CeB}GWMHPs+vHt4+#1H%*Zq{Fse9x?lkj1)<6yk?HBsE|Q)wl>8;ajxBaDB?q
zQc!5c&URmS!nRt;Dy6hmR_QPvZ$vpg_bO8ob+1)zE+%te<>ZP)Q`XS!(`T4-hz~5Y
zH;smyuQ%vii<U@v2g2yb01x<c@9r>%vnNeE7fh@C^pic0Q+;B8;f*fw`2RaJJY!C?
zZ>pLDUb2bxse8p8L})*~o!EYKX>&iF_t*DkzLo)aH~DS`nvTyuSqm@I{U=8cYMOrl
z9=z|*gYPZPABq1_m48Kne>UeItMVU(_+!WSA%Z^+XfGT4<2nBo%lz@2e>~@Z4CSA&
z_D?+iuYBW==ltV2J&*j!IWd2-{2%SYA9&&qAoNcy^beBt2Rr-&!TrCC)?U&y*@NHz
zl_#XrL<zmqE(~@1#}NF-MPSdqO(~)L&zA=mURork&7$<y@G*++<3CkWuAwS3j&?88
zrQG^ga=P~?y$Z>`cJ_Rpm-*=lygVy2M18zLUT_(?pMUA*ZNnZ<PNR=N+3=UA1IIxA
z^&Y?nqGSwvVymkVTJy@#pI@`{WYa}ug$nzNzgFip{X8W=JhS>?Kf(WGWKA)SH~MIb
zwZeY+B^DCX)1S_&TmDKYIRl97_#ct|5!p}L^heA7Y|KBl?DyusPVhLI2$IF}8#Di_
z;s5P-NJ!|dPrl=n``IP@<m`U&BLCdXkCfh8$NK4upSJD){01aML=*^8<?vs8#m}zj
zzdnRl4R8k@#P!?%_iu6ZC?LsC4}Rm8{)aD8`2@HF4f_10e@6-b^_hQNGA~b0Z_rUS
z)}Q?RuOIxc-!aSu?%)UV{~rtPmpk3OSy_cRk{0s6c<i6<k)sLRp+@-LPoDgzPyK%h
ziJAGEq0W)VzXUb^a|P4n{$_}NLU-l={w>a&vCHA{O#A<_vAAjMazMEORR3(0|LxO|
zkpVH(&Br1C^Y{K)RcTJ%=tK0?lKn4)|I-foV;&A<`o}!%@8>_};b1HMF%JiJ;{O%%
bK%iuGJ}(*lhV|hQ;Gdj~;@zy<hR^>G{4Jzj

diff --git a/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt b/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
index f75a6ad83a..0310e9aa7c 100644
--- a/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/schema/NodeSchemaService.kt
@@ -2,6 +2,7 @@ package net.corda.node.services.schema
 
 import net.corda.core.contracts.ContractState
 import net.corda.core.contracts.FungibleAsset
+import net.corda.core.contracts.FungibleState
 import net.corda.core.contracts.LinearState
 import net.corda.core.schemas.*
 import net.corda.core.schemas.MappedSchemaValidator.crossReferencesToOtherMappedSchema
@@ -65,6 +66,8 @@ class NodeSchemaService(private val extraSchemas: Set<MappedSchema> = emptySet()
         if (state is LinearState)
             schemas += VaultSchemaV1   // VaultLinearStates
         if (state is FungibleAsset<*>)
+            schemas += VaultSchemaV1   // VaultFungibleAssets
+        if (state is FungibleState<*>)
             schemas += VaultSchemaV1   // VaultFungibleStates
 
         return schemas
@@ -76,6 +79,14 @@ class NodeSchemaService(private val extraSchemas: Set<MappedSchema> = emptySet()
             return VaultSchemaV1.VaultLinearStates(state.linearId, state.participants)
         if ((schema === VaultSchemaV1) && (state is FungibleAsset<*>))
             return VaultSchemaV1.VaultFungibleStates(state.owner, state.amount.quantity, state.amount.token.issuer.party, state.amount.token.issuer.reference, state.participants)
+        if ((schema === VaultSchemaV1) && (state is FungibleState<*>))
+            return VaultSchemaV1.VaultFungibleStates(
+                    participants = state.participants.toMutableSet(),
+                    owner = null,
+                    quantity = state.amount.quantity,
+                    issuer = null,
+                    issuerRef = null
+            )
         return (state as QueryableState).generateMappedObject(schema)
     }
 
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
index 1d20d8311f..c893472a6f 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
@@ -10,13 +10,10 @@ import net.corda.core.messaging.DataFeed
 import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.StatesToRecord
 import net.corda.core.node.services.*
-import net.corda.core.node.services.vault.*
 import net.corda.core.node.services.Vault.ConstraintInfo.Companion.constraintInfo
+import net.corda.core.node.services.vault.*
 import net.corda.core.schemas.PersistentStateRef
-import net.corda.core.serialization.SerializationDefaults.STORAGE_CONTEXT
 import net.corda.core.serialization.SingletonSerializeAsToken
-import net.corda.core.serialization.deserialize
-import net.corda.core.serialization.serialize
 import net.corda.core.transactions.*
 import net.corda.core.utilities.*
 import net.corda.node.services.api.SchemaService
@@ -278,7 +275,10 @@ class NodeVaultService(
                 val uuid = (Strand.currentStrand() as? FlowStateMachineImpl<*>)?.id?.uuid
                 val vaultUpdate = if (uuid != null) netUpdate.copy(flowId = uuid) else netUpdate
                 if (uuid != null) {
-                    val fungible = netUpdate.produced.filter { it.state.data is FungibleAsset<*> }
+                    val fungible = netUpdate.produced.filter { stateAndRef ->
+                        val state = stateAndRef.state.data
+                        state is FungibleAsset<*> || state is FungibleState<*>
+                    }
                     if (fungible.isNotEmpty()) {
                         val stateRefs = fungible.map { it.ref }.toNonEmptySet()
                         log.trace { "Reserving soft locks for flow id $uuid and states $stateRefs" }
@@ -397,14 +397,27 @@ class NodeVaultService(
 
     @Suspendable
     @Throws(StatesNotAvailableException::class)
-    override fun <T : FungibleAsset<U>, U : Any> tryLockFungibleStatesForSpending(lockId: UUID,
-                                                                                  eligibleStatesQuery: QueryCriteria,
-                                                                                  amount: Amount<U>,
-                                                                                  contractStateType: Class<out T>): List<StateAndRef<T>> {
+    override fun <T : FungibleState<*>> tryLockFungibleStatesForSpending(
+            lockId: UUID,
+            eligibleStatesQuery: QueryCriteria,
+            amount: Amount<*>,
+            contractStateType: Class<out T>
+    ): List<StateAndRef<T>> {
         if (amount.quantity == 0L) {
             return emptyList()
         }
 
+        // Helper to unwrap the token from the Issued object if one exists.
+        fun unwrapIssuedAmount(amount: Amount<*>): Any {
+            val token = amount.token
+            return when (token) {
+                is Issued<*> -> token.product
+                else -> token
+            }
+        }
+
+        val unwrappedToken = unwrapIssuedAmount(amount)
+
         // Enrich QueryCriteria with additional default attributes (such as soft locks).
         // We only want to return RELEVANT states here.
         val sortAttribute = SortAttribute.Standard(Sort.CommonStateAttribute.STATE_REF)
@@ -419,8 +432,10 @@ class NodeVaultService(
         var claimedAmount = 0L
         val claimedStates = mutableListOf<StateAndRef<T>>()
         for (state in results.states) {
-            val issuedAssetToken = state.state.data.amount.token
-            if (issuedAssetToken.product == amount.token) {
+            // This method handles Amount<Issued<T>> in FungibleAsset and Amount<T> in FungibleState.
+            val issuedAssetToken = unwrapIssuedAmount(state.state.data.amount)
+
+            if (issuedAssetToken == unwrappedToken) {
                 claimedStates += state
                 claimedAmount += state.state.data.amount.quantity
                 if (claimedAmount > amount.quantity) {
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt b/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt
index 8755eccd94..db23815db2 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/VaultSchema.kt
@@ -145,9 +145,9 @@ object VaultSchemaV1 : MappedSchema(schemaFamily = VaultSchema.javaClass, versio
             @Column(name = "issuer_name", nullable = true)
             var issuer: AbstractParty?,
 
-            @Column(name = "issuer_ref", length = MAX_ISSUER_REF_SIZE, nullable = false)
+            @Column(name = "issuer_ref", length = MAX_ISSUER_REF_SIZE, nullable = true)
             @Type(type = "corda-wrapper-binary")
-            var issuerRef: ByteArray
+            var issuerRef: ByteArray?
     ) : PersistentState() {
         constructor(_owner: AbstractParty, _quantity: Long, _issuerParty: AbstractParty, _issuerRef: OpaqueBytes, _participants: List<AbstractParty>) :
                 this(owner = _owner,
diff --git a/node/src/main/resources/migration/vault-schema.changelog-master.xml b/node/src/main/resources/migration/vault-schema.changelog-master.xml
index 0c3d274098..062eb5a2ec 100644
--- a/node/src/main/resources/migration/vault-schema.changelog-master.xml
+++ b/node/src/main/resources/migration/vault-schema.changelog-master.xml
@@ -10,4 +10,5 @@
     <include file="migration/vault-schema.changelog-pkey.xml"/>
     <include file="migration/vault-schema.changelog-v5.xml"/>
     <include file="migration/vault-schema.changelog-v6.xml"/>
+    <include file="migration/vault-schema.changelog-v7.xml"/>
 </databaseChangeLog>
diff --git a/node/src/main/resources/migration/vault-schema.changelog-v7.xml b/node/src/main/resources/migration/vault-schema.changelog-v7.xml
new file mode 100644
index 0000000000..5b85396391
--- /dev/null
+++ b/node/src/main/resources/migration/vault-schema.changelog-v7.xml
@@ -0,0 +1,8 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+    <changeSet author="R3.Corda" id="make_issuer_ref_nullable">
+        <dropNotNullConstraint columnDataType="varbinary(512)" columnName="issuer_ref" tableName="vault_fungible_states"/>
+    </changeSet>
+</databaseChangeLog>
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt
index 41a244990a..5bc7e6b287 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt
@@ -129,6 +129,32 @@ class NodeVaultServiceTest {
         return tryLockFungibleStatesForSpending(lockId, baseCriteria, amount, Cash.State::class.java)
     }
 
+    @Test
+    fun `fungible state selection test`() {
+        val issuerParty = services.myInfo.legalIdentities.first()
+        class FungibleFoo(override val amount: Amount<Currency>, override val participants: List<AbstractParty>) : FungibleState<Currency>
+        val fungibleFoo = FungibleFoo(100.DOLLARS, listOf(issuerParty))
+        services.apply {
+            val tx = signInitialTransaction(TransactionBuilder(DUMMY_NOTARY).apply {
+                addCommand(Command(DummyContract.Commands.Create(), issuerParty.owningKey))
+                addOutputState(fungibleFoo, DummyContract.PROGRAM_ID)
+            })
+            recordTransactions(listOf(tx))
+        }
+
+        val baseCriteria: QueryCriteria = QueryCriteria.VaultQueryCriteria(notary = listOf(DUMMY_NOTARY))
+
+        database.transaction {
+            val states = services.vaultService.tryLockFungibleStatesForSpending(
+                    lockId = UUID.randomUUID(),
+                    eligibleStatesQuery = baseCriteria,
+                    amount = 10.DOLLARS,
+                    contractStateType = FungibleFoo::class.java
+            )
+            assertEquals(states.single().state.data.amount, 100.DOLLARS)
+        }
+    }
+
     @Test
     fun `duplicate insert of transaction does not fail`() {
         database.transaction {

From 88f368134f4451304e0d4bb6f2f9c84ce1593217 Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <viktor.kolomeyko@r3.com>
Date: Mon, 22 Oct 2018 07:11:27 +0100
Subject: [PATCH 69/83] ENT-2610: Separate passwords for store and for private
 keys in Corda OS. (#4090)

* ENT-2610: Separate passwords for store and for private keys in Corda OS.

When it comes to KeyStores there are *2* passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore.
Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see:
`org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory`
where it is calling `KeyManagerFactory.init()` with store password.

Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis.
This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel.
Therefore this PR is removing this limitation and properly separating storePassword from keyPassword.

Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info.

Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made.

* ENT-2610: Address PR input from @kchalkias

* ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/

* ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/

In the implementation of `CertificateStoreSupplier`
---
 .../core/crypto/X509NameConstraintsTest.kt    |  31 ++-
 .../notary/raft/RaftUniquenessProvider.kt     |   4 +-
 .../nodeapi/internal/DevIdentityGenerator.kt  |  13 +-
 .../nodeapi/internal/KeyStoreConfigHelpers.kt |  18 +-
 .../internal/config/CertificateStore.kt       |  11 +-
 .../config/CertificateStoreSupplier.kt        |   4 +-
 .../internal/config/ConfigUtilities.kt        |   2 +-
 .../nodeapi/internal/crypto/X509KeyStore.kt   |   6 +-
 .../internal/protonwrapper/netty/SSLHelper.kt |   4 +-
 .../internal/crypto/X509UtilitiesTest.kt      |   7 +-
 .../protonwrapper/netty/SSLHelperTest.kt      |   6 +-
 .../net/corda/node/NodeKeystoreCheckTest.kt   |   6 +-
 .../CertificateRevocationListNodeTests.kt     |   8 +-
 .../messaging/MQSecurityAsNodeTest.kt         |   4 +-
 .../net/corda/node/internal/AbstractNode.kt   |   2 +-
 .../node/services/config/ConfigUtilities.kt   |   6 +-
 .../node/services/config/NodeConfiguration.kt |  12 +-
 .../registration/NetworkRegistrationHelper.kt |  14 +-
 .../testing/node/internal/DriverDSLImpl.kt    |   4 +-
 .../internal/UnsafeCertificatesFactory.kt     | 215 ------------------
 .../internal/stubs/CertificateStoreStubs.kt   |  54 +++--
 21 files changed, 134 insertions(+), 297 deletions(-)
 delete mode 100644 testing/test-common/src/main/kotlin/net/corda/testing/common/internal/UnsafeCertificatesFactory.kt

diff --git a/core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt b/core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt
index 4e5a56149b..acb2f014b8 100644
--- a/core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt
+++ b/core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt
@@ -11,23 +11,31 @@ import org.bouncycastle.asn1.x509.GeneralSubtree
 import org.bouncycastle.asn1.x509.NameConstraints
 import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.junit.Test
+import java.security.UnrecoverableKeyException
 import java.security.cert.CertPathValidator
 import java.security.cert.CertPathValidatorException
 import java.security.cert.PKIXParameters
 import javax.security.auth.x500.X500Principal
+import kotlin.test.assertEquals
 import kotlin.test.assertFailsWith
 import kotlin.test.assertTrue
 
 class X509NameConstraintsTest {
 
+    companion object {
+        private const val storePassword = "storePassword"
+        private const val keyPassword = "entryPassword"
+    }
+
     private fun makeKeyStores(subjectName: X500Name, nameConstraints: NameConstraints): Pair<X509KeyStore, X509KeyStore> {
         val (rootCa, intermediateCa) = createDevIntermediateCaCertPath()
 
-        val trustStore = X509KeyStore("password").apply {
+
+        val trustStore = X509KeyStore(storePassword).apply {
             setCertificate(X509Utilities.CORDA_ROOT_CA, rootCa.certificate)
         }
 
-        val keyStore = X509KeyStore("password").apply {
+        val keyStore = X509KeyStore(storePassword).apply {
             val nodeCaKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
             val nodeCaCert = X509Utilities.createCertificate(
                     CertificateType.NODE_CA,
@@ -43,7 +51,7 @@ class X509NameConstraintsTest {
                     nodeCaKeyPair,
                     X500Principal(subjectName.encoded),
                     tlsKeyPair.public)
-            setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeyPair.private, listOf(tlsCert, nodeCaCert, intermediateCa.certificate, rootCa.certificate))
+            setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeyPair.private, listOf(tlsCert, nodeCaCert, intermediateCa.certificate, rootCa.certificate), keyPassword)
         }
 
         return Pair(keyStore, trustStore)
@@ -90,7 +98,6 @@ class X509NameConstraintsTest {
                 .map { GeneralSubtree(GeneralName(X500Name(it))) }.toTypedArray()
 
         val nameConstraints = NameConstraints(acceptableNames, arrayOf())
-        Crypto.ECDSA_SECP256R1_SHA256
         val pathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME)
 
         assertFailsWith(CertPathValidatorException::class) {
@@ -127,4 +134,20 @@ class X509NameConstraintsTest {
             true
         }
     }
+
+    @Test
+    fun `test private key retrieval`() {
+        val acceptableNames = listOf("CN=Bank A TLS, UID=", "O=Bank A")
+                .map { GeneralSubtree(GeneralName(X500Name(it))) }.toTypedArray()
+
+        val nameConstraints = NameConstraints(acceptableNames, arrayOf())
+        val (keystore, _) = makeKeyStores(X500Name("CN=Bank A"), nameConstraints)
+
+        val privateKey = keystore.getPrivateKey(X509Utilities.CORDA_CLIENT_TLS, keyPassword)
+        assertEquals(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME.algorithmName, privateKey.algorithm)
+
+        assertFailsWith(UnrecoverableKeyException::class) {
+            keystore.getPrivateKey(X509Utilities.CORDA_CLIENT_TLS, "gibberish")
+        }
+    }
 }
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
index 8146178559..e9aac5a99e 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
@@ -161,9 +161,9 @@ class RaftUniquenessProvider(
                 .withSsl()
                 .withSslProtocol(SslProtocol.TLSv1_2)
                 .withKeyStorePath(config.keyStore.path.toString())
-                .withKeyStorePassword(config.keyStore.password)
+                .withKeyStorePassword(config.keyStore.storePassword)
                 .withTrustStorePath(config.trustStore.path.toString())
-                .withTrustStorePassword(config.trustStore.password)
+                .withTrustStorePassword(config.trustStore.storePassword)
                 .build()
     }
 
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/DevIdentityGenerator.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/DevIdentityGenerator.kt
index 456db77e9b..562af4472f 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/DevIdentityGenerator.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/DevIdentityGenerator.kt
@@ -30,9 +30,9 @@ object DevIdentityGenerator {
     /** Install a node key store for the given node directory using the given legal name. */
     fun installKeyStoreWithNodeIdentity(nodeDir: Path, legalName: CordaX500Name): Party {
         val certificatesDirectory = nodeDir / "certificates"
-        val signingCertStore = FileBasedCertificateStoreSupplier(certificatesDirectory / "nodekeystore.jks", "cordacadevpass")
-        val p2pKeyStore = FileBasedCertificateStoreSupplier(certificatesDirectory / "sslkeystore.jks", "cordacadevpass")
-        val p2pTrustStore = FileBasedCertificateStoreSupplier(certificatesDirectory / "truststore.jks", "trustpass")
+        val signingCertStore = FileBasedCertificateStoreSupplier(certificatesDirectory / "nodekeystore.jks", DEV_CA_KEY_STORE_PASS, DEV_CA_KEY_STORE_PASS)
+        val p2pKeyStore = FileBasedCertificateStoreSupplier(certificatesDirectory / "sslkeystore.jks", DEV_CA_KEY_STORE_PASS, DEV_CA_KEY_STORE_PASS)
+        val p2pTrustStore = FileBasedCertificateStoreSupplier(certificatesDirectory / "truststore.jks", DEV_CA_TRUST_STORE_PASS, DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS)
         val p2pSslConfig = SslConfiguration.mutual(p2pKeyStore, p2pTrustStore)
 
         certificatesDirectory.createDirectories()
@@ -77,13 +77,16 @@ object DevIdentityGenerator {
                     publicKey)
         }
         val distServKeyStoreFile = (nodeDir / "certificates").createDirectories() / "distributedService.jks"
-        X509KeyStore.fromFile(distServKeyStoreFile, "cordacadevpass", createNew = true).update {
+        X509KeyStore.fromFile(distServKeyStoreFile, DEV_CA_KEY_STORE_PASS, createNew = true).update {
             setCertificate("$DISTRIBUTED_NOTARY_ALIAS_PREFIX-composite-key", compositeKeyCert)
             setPrivateKey(
                     "$DISTRIBUTED_NOTARY_ALIAS_PREFIX-private-key",
                     keyPair.private,
                     listOf(serviceKeyCert, DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate),
-                    "cordacadevkeypass")
+                    DEV_CA_KEY_STORE_PASS // Unfortunately we have to use the same password for private key due to Artemis limitation, for more details please see:
+                    // org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory
+                    // where it is calling `KeyManagerFactory.init()` with store password
+                    /*DEV_CA_PRIVATE_KEY_PASS*/)
         }
     }
 }
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
index d8a856afa5..03caed3ca2 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
@@ -27,7 +27,8 @@ fun CertificateStore.registerDevSigningCertificates(legalName: CordaX500Name,
                                                     devNodeCa: CertificateAndKeyPair = createDevNodeCa(intermediateCa, legalName)) {
 
     update {
-        setPrivateKey(X509Utilities.CORDA_CLIENT_CA, devNodeCa.keyPair.private, listOf(devNodeCa.certificate, intermediateCa.certificate, rootCert))
+        setPrivateKey(X509Utilities.CORDA_CLIENT_CA, devNodeCa.keyPair.private, listOf(devNodeCa.certificate, intermediateCa.certificate, rootCert),
+                this@registerDevSigningCertificates.entryPassword)
     }
 }
 
@@ -39,7 +40,8 @@ fun CertificateStore.registerDevP2pCertificates(legalName: CordaX500Name,
     update {
         val tlsKeyPair = generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
         val tlsCert = X509Utilities.createCertificate(CertificateType.TLS, devNodeCa.certificate, devNodeCa.keyPair, legalName.x500Principal, tlsKeyPair.public)
-        setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeyPair.private, listOf(tlsCert, devNodeCa.certificate, intermediateCa.certificate, rootCert))
+        setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeyPair.private, listOf(tlsCert, devNodeCa.certificate, intermediateCa.certificate, rootCert),
+                this@registerDevP2pCertificates.entryPassword)
     }
 }
 
@@ -47,15 +49,14 @@ fun CertificateStore.storeLegalIdentity(alias: String, keyPair: KeyPair = Crypto
     val identityCertPath = query {
         val nodeCaCertPath = getCertificateChain(X509Utilities.CORDA_CLIENT_CA)
         // Assume key password = store password.
-        val nodeCaCertAndKeyPair = getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA)
+        val nodeCaCertAndKeyPair = getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA, this@storeLegalIdentity.entryPassword)
         // Create new keys and store in keystore.
         val identityCert = X509Utilities.createCertificate(CertificateType.LEGAL_IDENTITY, nodeCaCertAndKeyPair.certificate, nodeCaCertAndKeyPair.keyPair, nodeCaCertAndKeyPair.certificate.subjectX500Principal, keyPair.public)
         // TODO: X509Utilities.validateCertificateChain()
-        // Assume key password = store password.
         listOf(identityCert) + nodeCaCertPath
     }
     update {
-        setPrivateKey(alias, keyPair.private, identityCertPath)
+        setPrivateKey(alias, keyPair.private, identityCertPath, this@storeLegalIdentity.entryPassword)
     }
     return PartyAndCertificate(X509Utilities.buildCertPath(identityCertPath))
 }
@@ -96,6 +97,7 @@ const val DEV_CA_KEY_STORE_FILE: String = "cordadevcakeys.jks"
 const val DEV_CA_KEY_STORE_PASS: String = "cordacadevpass"
 const val DEV_CA_TRUST_STORE_FILE: String = "cordatruststore.jks"
 const val DEV_CA_TRUST_STORE_PASS: String = "trustpass"
+const val DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS: String = "trustpasskeypass"
 
 // We need a class so that we can get hold of the class loader
 internal object DevCaHelper {
@@ -104,6 +106,8 @@ internal object DevCaHelper {
     }
 }
 
-fun loadDevCaKeyStore(classLoader: ClassLoader = DevCaHelper::class.java.classLoader): CertificateStore = CertificateStore.fromResource("certificates/$DEV_CA_KEY_STORE_FILE", DEV_CA_KEY_STORE_PASS, classLoader)
+fun loadDevCaKeyStore(classLoader: ClassLoader = DevCaHelper::class.java.classLoader): CertificateStore = CertificateStore.fromResource(
+        "certificates/$DEV_CA_KEY_STORE_FILE", DEV_CA_KEY_STORE_PASS, DEV_CA_PRIVATE_KEY_PASS, classLoader)
 
-fun loadDevCaTrustStore(classLoader: ClassLoader = DevCaHelper::class.java.classLoader): CertificateStore = CertificateStore.fromResource("certificates/$DEV_CA_TRUST_STORE_FILE", DEV_CA_TRUST_STORE_PASS, classLoader)
+fun loadDevCaTrustStore(classLoader: ClassLoader = DevCaHelper::class.java.classLoader): CertificateStore = CertificateStore.fromResource(
+        "certificates/$DEV_CA_TRUST_STORE_FILE", DEV_CA_TRUST_STORE_PASS, DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS, classLoader)
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStore.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStore.kt
index 3ca6be6d6b..526fa8eb9b 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStore.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStore.kt
@@ -14,17 +14,18 @@ interface CertificateStore : Iterable<Pair<String, X509Certificate>> {
 
     companion object {
 
-        fun of(store: X509KeyStore, password: String): CertificateStore = DelegatingCertificateStore(store, password)
+        fun of(store: X509KeyStore, password: String, entryPassword: String): CertificateStore = DelegatingCertificateStore(store, password, entryPassword)
 
-        fun fromFile(storePath: Path, password: String, createNew: Boolean): CertificateStore = DelegatingCertificateStore(X509KeyStore.fromFile(storePath, password, createNew), password)
+        fun fromFile(storePath: Path, password: String, entryPassword: String, createNew: Boolean): CertificateStore = DelegatingCertificateStore(X509KeyStore.fromFile(storePath, password, createNew), password, entryPassword)
 
-        fun fromInputStream(stream: InputStream, password: String): CertificateStore = DelegatingCertificateStore(X509KeyStore.fromInputStream(stream, password), password)
+        fun fromInputStream(stream: InputStream, password: String, entryPassword: String): CertificateStore = DelegatingCertificateStore(X509KeyStore.fromInputStream(stream, password), password, entryPassword)
 
-        fun fromResource(storeResourceName: String, password: String, classLoader: ClassLoader = Thread.currentThread().contextClassLoader): CertificateStore = fromInputStream(classLoader.getResourceAsStream(storeResourceName), password)
+        fun fromResource(storeResourceName: String, password: String, entryPassword: String, classLoader: ClassLoader = Thread.currentThread().contextClassLoader): CertificateStore = fromInputStream(classLoader.getResourceAsStream(storeResourceName), password, entryPassword)
     }
 
     val value: X509KeyStore
     val password: String
+    val entryPassword: String
 
     fun writeTo(stream: OutputStream) = value.internal.store(stream, password.toCharArray())
 
@@ -79,4 +80,4 @@ interface CertificateStore : Iterable<Pair<String, X509Certificate>> {
     }
 }
 
-private class DelegatingCertificateStore(override val value: X509KeyStore, override val password: String) : CertificateStore
\ No newline at end of file
+private class DelegatingCertificateStore(override val value: X509KeyStore, override val password: String, override val entryPassword: String) : CertificateStore
\ No newline at end of file
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStoreSupplier.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStoreSupplier.kt
index 3703742813..7cdfeee79b 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStoreSupplier.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/CertificateStoreSupplier.kt
@@ -18,7 +18,7 @@ interface CertificateStoreSupplier {
 }
 
 // TODO replace reference to FileBasedCertificateStoreSupplier with CertificateStoreSupplier, after coming up with a way of passing certificate stores to Artemis.
-class FileBasedCertificateStoreSupplier(val path: Path, val password: String) : CertificateStoreSupplier {
+class FileBasedCertificateStoreSupplier(val path: Path, val storePassword: String, val entryPassword: String) : CertificateStoreSupplier {
 
-    override fun get(createNew: Boolean) = CertificateStore.fromFile(path, password, createNew)
+    override fun get(createNew: Boolean) = CertificateStore.fromFile(path, storePassword, entryPassword, createNew)
 }
\ No newline at end of file
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/ConfigUtilities.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/ConfigUtilities.kt
index cf3245837c..7286fe8abc 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/ConfigUtilities.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/config/ConfigUtilities.kt
@@ -151,7 +151,7 @@ private fun Config.getSingleValue(path: String, type: KType, onUnknownKeys: (Set
 
 private fun ConfigException.Missing.relative(path: String, nestedPath: String?): ConfigException.Missing {
     return when {
-        nestedPath != null -> throw ConfigException.Missing("$nestedPath.$path")
+        nestedPath != null -> throw ConfigException.Missing("$nestedPath.$path", this)
         else -> this
     }
 }
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509KeyStore.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509KeyStore.kt
index 5c0c4b501b..f039af0b3d 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509KeyStore.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509KeyStore.kt
@@ -53,17 +53,17 @@ class X509KeyStore private constructor(val internal: KeyStore, private val store
         return uncheckedCast(certArray.asList())
     }
 
-    fun getCertificateAndKeyPair(alias: String, keyPassword: String = storePassword): CertificateAndKeyPair {
+    fun getCertificateAndKeyPair(alias: String, keyPassword: String): CertificateAndKeyPair {
         val cert = getCertificate(alias)
         val publicKey = Crypto.toSupportedPublicKey(cert.publicKey)
         return CertificateAndKeyPair(cert, KeyPair(publicKey, getPrivateKey(alias, keyPassword)))
     }
 
-    fun getPrivateKey(alias: String, keyPassword: String = storePassword): PrivateKey {
+    fun getPrivateKey(alias: String, keyPassword: String): PrivateKey {
         return internal.getSupportedKey(alias, keyPassword)
     }
 
-    fun setPrivateKey(alias: String, key: PrivateKey, certificates: List<X509Certificate>, keyPassword: String = storePassword) {
+    fun setPrivateKey(alias: String, key: PrivateKey, certificates: List<X509Certificate>, keyPassword: String) {
         internal.setKeyEntry(alias, key, keyPassword.toCharArray(), certificates.toTypedArray())
     }
 
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
index 2024be3359..75d623d278 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
@@ -159,7 +159,9 @@ internal fun initialiseTrustStoreAndEnableCrlChecking(trustStore: CertificateSto
     return CertPathTrustManagerParameters(pkixParams)
 }
 
-fun KeyManagerFactory.init(keyStore: CertificateStore) = init(keyStore.value.internal, keyStore.password.toCharArray())
+// As per Javadoc in: https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/KeyManagerFactory.html `init` method
+// 2nd parameter `password` - the password for recovering keys in the KeyStore
+fun KeyManagerFactory.init(keyStore: CertificateStore) = init(keyStore.value.internal, keyStore.entryPassword.toCharArray())
 
 fun TrustManagerFactory.init(trustStore: CertificateStore) = init(trustStore.value.internal)
 
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/X509UtilitiesTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/X509UtilitiesTest.kt
index 3db9072041..e2cfff84ca 100644
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/X509UtilitiesTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/X509UtilitiesTest.kt
@@ -235,8 +235,9 @@ class X509UtilitiesTest {
         signingCertStore.get(createNew = true).also { it.registerDevSigningCertificates(MEGA_CORP.name, rootCa.certificate, intermediateCa, nodeCa) }
         p2pSslConfig.keyStore.get(createNew = true).also { it.registerDevP2pCertificates(MEGA_CORP.name, rootCa.certificate, intermediateCa, nodeCa) }
         // Load back server certificate
-        val serverKeyStore = signingCertStore.get().value
-        val (serverCert, serverKeyPair) = serverKeyStore.getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA)
+        val certStore = signingCertStore.get()
+        val serverKeyStore = certStore.value
+        val (serverCert, serverKeyPair) = serverKeyStore.getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA, certStore.entryPassword)
 
         serverCert.checkValidity()
         serverCert.verify(intermediateCa.certificate.publicKey)
@@ -244,7 +245,7 @@ class X509UtilitiesTest {
 
         // Load back SSL certificate
         val sslKeyStoreReloaded = p2pSslConfig.keyStore.get()
-        val (sslCert) = sslKeyStoreReloaded.query { getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_TLS, p2pSslConfig.keyStore.password) }
+        val (sslCert) = sslKeyStoreReloaded.query { getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_TLS, sslKeyStoreReloaded.entryPassword) }
 
         sslCert.checkValidity()
         sslCert.verify(serverCert.publicKey)
diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
index 54d42edd0d..1791a48f4c 100644
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelperTest.kt
@@ -20,8 +20,10 @@ class SSLHelperTest {
         val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
         val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
 
-        keyManagerFactory.init(CertificateStore.fromFile(sslConfig.keyStore.path, sslConfig.keyStore.password, false))
-        trustManagerFactory.init(initialiseTrustStoreAndEnableCrlChecking(CertificateStore.fromFile(sslConfig.trustStore.path, sslConfig.trustStore.password, false), false))
+        val keyStore = sslConfig.keyStore
+        keyManagerFactory.init(CertificateStore.fromFile(keyStore.path, keyStore.storePassword, keyStore.entryPassword, false))
+        val trustStore = sslConfig.trustStore
+        trustManagerFactory.init(initialiseTrustStoreAndEnableCrlChecking(CertificateStore.fromFile(trustStore.path, trustStore.storePassword, trustStore.entryPassword, false), false))
 
         val sslHandler = createClientSslHelper(NetworkHostAndPort("localhost", 1234), setOf(legalName), keyManagerFactory, trustManagerFactory)
         val legalNameHash = SecureHash.sha256(legalName.toString()).toString().take(32).toLowerCase()
diff --git a/node/src/integration-test/kotlin/net/corda/node/NodeKeystoreCheckTest.kt b/node/src/integration-test/kotlin/net/corda/node/NodeKeystoreCheckTest.kt
index cf438f16f8..0abeec4144 100644
--- a/node/src/integration-test/kotlin/net/corda/node/NodeKeystoreCheckTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/NodeKeystoreCheckTest.kt
@@ -25,7 +25,7 @@ class NodeKeystoreCheckTest {
     }
 
     @Test
-    fun `node should throw exception if cert path doesn't chain to the trust root`() {
+    fun `node should throw exception if cert path does not chain to the trust root`() {
         driver(DriverParameters(startNodesInProcess = true, notarySpecs = emptyList())) {
             // Create keystores.
             val keystorePassword = "password"
@@ -49,9 +49,9 @@ class NodeKeystoreCheckTest {
                 // Self signed root.
                 val badRootKeyPair = Crypto.generateKeyPair()
                 val badRoot = X509Utilities.createSelfSignedCACertificate(X500Principal("O=Bad Root,L=Lodnon,C=GB"), badRootKeyPair)
-                val nodeCA = getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA)
+                val nodeCA = getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA, signingCertStore.entryPassword)
                 val badNodeCACert = X509Utilities.createCertificate(CertificateType.NODE_CA, badRoot, badRootKeyPair, ALICE_NAME.x500Principal, nodeCA.keyPair.public)
-                setPrivateKey(X509Utilities.CORDA_CLIENT_CA, nodeCA.keyPair.private, listOf(badNodeCACert, badRoot))
+                setPrivateKey(X509Utilities.CORDA_CLIENT_CA, nodeCA.keyPair.private, listOf(badNodeCACert, badRoot), signingCertStore.entryPassword)
             }
 
             assertThatThrownBy {
diff --git a/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt b/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
index 66682cffa4..4b18fa28be 100644
--- a/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
@@ -423,17 +423,17 @@ class CertificateRevocationListNodeTests {
         val signingCertificateStore = first
         val p2pSslConfiguration = second
         val nodeKeyStore = signingCertificateStore.get()
-        val (nodeCert, nodeKeys) = nodeKeyStore.query { getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA) }
+        val (nodeCert, nodeKeys) = nodeKeyStore.query { getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA, nodeKeyStore.entryPassword) }
         val newNodeCert = replaceCrlDistPointCaCertificate(nodeCert, CertificateType.NODE_CA, INTERMEDIATE_CA.keyPair, nodeCaCrlDistPoint)
         val nodeCertChain = listOf(newNodeCert, INTERMEDIATE_CA.certificate, *nodeKeyStore.query { getCertificateChain(X509Utilities.CORDA_CLIENT_CA) }.drop(2).toTypedArray())
         nodeKeyStore.update {
             internal.deleteEntry(X509Utilities.CORDA_CLIENT_CA)
         }
         nodeKeyStore.update {
-            setPrivateKey(X509Utilities.CORDA_CLIENT_CA, nodeKeys.private, nodeCertChain)
+            setPrivateKey(X509Utilities.CORDA_CLIENT_CA, nodeKeys.private, nodeCertChain, nodeKeyStore.entryPassword)
         }
         val sslKeyStore = p2pSslConfiguration.keyStore.get()
-        val (tlsCert, tlsKeys) = sslKeyStore.query { getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_TLS) }
+        val (tlsCert, tlsKeys) = sslKeyStore.query { getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_TLS, sslKeyStore.entryPassword) }
         val newTlsCert = replaceCrlDistPointCaCertificate(tlsCert, CertificateType.TLS, nodeKeys, tlsCrlDistPoint, X500Name.getInstance(ROOT_CA.certificate.subjectX500Principal.encoded))
         val sslCertChain = listOf(newTlsCert, newNodeCert, INTERMEDIATE_CA.certificate, *sslKeyStore.query { getCertificateChain(X509Utilities.CORDA_CLIENT_TLS) }.drop(3).toTypedArray())
 
@@ -441,7 +441,7 @@ class CertificateRevocationListNodeTests {
             internal.deleteEntry(X509Utilities.CORDA_CLIENT_TLS)
         }
         sslKeyStore.update {
-            setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeys.private, sslCertChain)
+            setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeys.private, sslCertChain, sslKeyStore.entryPassword)
         }
         return newNodeCert
     }
diff --git a/node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityAsNodeTest.kt b/node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityAsNodeTest.kt
index 7fb2986bc4..df860ef06a 100644
--- a/node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityAsNodeTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityAsNodeTest.kt
@@ -105,11 +105,11 @@ class MQSecurityAsNodeTest : P2PMQSecurityTest() {
         val clientTLSCert = X509Utilities.createCertificate(CertificateType.TLS, clientCACert, clientKeyPair, CordaX500Name("MiniCorp", "London", "GB").x500Principal, tlsKeyPair.public)
 
         signingCertStore.get(createNew = true).update {
-            setPrivateKey(X509Utilities.CORDA_CLIENT_CA, clientKeyPair.private, listOf(clientCACert, DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate))
+            setPrivateKey(X509Utilities.CORDA_CLIENT_CA, clientKeyPair.private, listOf(clientCACert, DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate), signingCertStore.entryPassword)
         }
 
         p2pSslConfig.keyStore.get(createNew = true).update {
-            setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeyPair.private, listOf(clientTLSCert, clientCACert, DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate))
+            setPrivateKey(X509Utilities.CORDA_CLIENT_TLS, tlsKeyPair.private, listOf(clientTLSCert, clientCACert, DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate), p2pSslConfig.keyStore.entryPassword)
         }
 
         val attacker = clientTo(alice.node.configuration.p2pAddress, p2pSslConfig)
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index c196bf639e..72eb7e1bc1 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -862,7 +862,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             keyStore.storeLegalIdentity(privateKeyAlias, generateKeyPair())
         }
 
-        val (x509Cert, keyPair) = keyStore.query { getCertificateAndKeyPair(privateKeyAlias) }
+        val (x509Cert, keyPair) = keyStore.query { getCertificateAndKeyPair(privateKeyAlias, keyStore.entryPassword) }
 
         // TODO: Use configuration to indicate composite key should be used instead of public key for the identity.
         val compositeKeyAlias = "$id-composite-key"
diff --git a/node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt b/node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
index 1b8d0507b8..bfae0e983c 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
@@ -86,9 +86,9 @@ fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500N
     }
 
     if (keyStore.getOptional() == null || signingCertificateStore.getOptional() == null) {
-        val signingKeyStore = FileBasedCertificateStoreSupplier(signingCertificateStore.path, signingCertificateStore.password).get(true).also { it.registerDevSigningCertificates(myLegalName) }
+        val signingKeyStore = FileBasedCertificateStoreSupplier(signingCertificateStore.path, signingCertificateStore.storePassword, signingCertificateStore.entryPassword).get(true).also { it.registerDevSigningCertificates(myLegalName) }
 
-        FileBasedCertificateStoreSupplier(keyStore.path, keyStore.password).get(true).also { it.registerDevP2pCertificates(myLegalName) }
+        FileBasedCertificateStoreSupplier(keyStore.path, keyStore.storePassword, keyStore.entryPassword).get(true).also { it.registerDevP2pCertificates(myLegalName) }
 
         // Move distributed service composite key (generated by IdentityGenerator.generateToDisk) to keystore if exists.
         val distributedServiceKeystore = certificatesDirectory / "distributedService.jks"
@@ -97,7 +97,7 @@ fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500N
             signingKeyStore.update {
                 serviceKeystore.aliases().forEach {
                     if (serviceKeystore.internal.isKeyEntry(it)) {
-                        setPrivateKey(it, serviceKeystore.getPrivateKey(it, DEV_CA_PRIVATE_KEY_PASS), serviceKeystore.getCertificateChain(it))
+                        setPrivateKey(it, serviceKeystore.getPrivateKey(it, DEV_CA_KEY_STORE_PASS), serviceKeystore.getCertificateChain(it), signingKeyStore.entryPassword)
                     } else {
                         setCertificate(it, serviceKeystore.getCertificate(it))
                     }
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index f7cf92aa36..ecf0c407f9 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -260,12 +260,16 @@ data class NodeConfigurationImpl(
     override val certificatesDirectory = baseDirectory / "certificates"
 
     private val signingCertificateStorePath = certificatesDirectory / "nodekeystore.jks"
-    override val signingCertificateStore = FileBasedCertificateStoreSupplier(signingCertificateStorePath, keyStorePassword)
-
     private val p2pKeystorePath: Path get() = certificatesDirectory / "sslkeystore.jks"
-    private val p2pKeyStore = FileBasedCertificateStoreSupplier(p2pKeystorePath, keyStorePassword)
+
+    // TODO: There are two implications here:
+    // 1. "signingCertificateStore" and "p2pKeyStore" have the same passwords. In the future we should re-visit this "rule" and see of they can be made different;
+    // 2. The passwords for store and for keys in this store are the same, this is due to limitations of Artemis.
+    override val signingCertificateStore = FileBasedCertificateStoreSupplier(signingCertificateStorePath, keyStorePassword, keyStorePassword)
+    private val p2pKeyStore = FileBasedCertificateStoreSupplier(p2pKeystorePath, keyStorePassword, keyStorePassword)
+
     private val p2pTrustStoreFilePath: Path get() = certificatesDirectory / "truststore.jks"
-    private val p2pTrustStore = FileBasedCertificateStoreSupplier(p2pTrustStoreFilePath, trustStorePassword)
+    private val p2pTrustStore = FileBasedCertificateStoreSupplier(p2pTrustStoreFilePath, trustStorePassword, trustStorePassword)
     override val p2pSslOptions: MutualSslConfiguration = SslConfiguration.mutual(p2pKeyStore, p2pTrustStore)
 
     override val rpcOptions: NodeRpcOptions
diff --git a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
index eb1aac885b..e8f916dbb7 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
@@ -161,7 +161,7 @@ open class NetworkRegistrationHelper(private val certificatesDirectory: Path,
         println("Private key '$keyAlias' and certificate stored in node signing keystore.")
     }
 
-    private fun CertificateStore.loadOrCreateKeyPair(alias: String, privateKeyPassword: String = password): KeyPair {
+    private fun CertificateStore.loadOrCreateKeyPair(alias: String, entryPassword: String = password): KeyPair {
         // Create or load self signed keypair from the key store.
         // We use the self sign certificate to store the key temporarily in the keystore while waiting for the request approval.
         if (alias !in this) {
@@ -170,11 +170,11 @@ open class NetworkRegistrationHelper(private val certificatesDirectory: Path,
             val selfSignCert = X509Utilities.createSelfSignedCACertificate(myLegalName.x500Principal, keyPair)
             // Save to the key store.
             with(value) {
-                setPrivateKey(alias, keyPair.private, listOf(selfSignCert), keyPassword = privateKeyPassword)
+                setPrivateKey(alias, keyPair.private, listOf(selfSignCert), keyPassword = entryPassword)
                 save()
             }
         }
-        return query { getCertificateAndKeyPair(alias, privateKeyPassword) }.keyPair
+        return query { getCertificateAndKeyPair(alias, entryPassword) }.keyPair
     }
 
     /**
@@ -281,7 +281,9 @@ class NodeRegistrationHelper(
     }
 
     private fun createSSLKeystore(nodeCAKeyPair: KeyPair, certificates: List<X509Certificate>, tlsCertCrlIssuer: X500Name?) {
-        config.p2pSslOptions.keyStore.get(createNew = true).update {
+        val keyStore = config.p2pSslOptions.keyStore
+        val certificateStore = keyStore.get(createNew = true)
+        certificateStore.update {
             println("Generating SSL certificate for node messaging service.")
             val sslKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
             val sslCert = X509Utilities.createCertificate(
@@ -293,9 +295,9 @@ class NodeRegistrationHelper(
                     crlDistPoint = config.tlsCertCrlDistPoint?.toString(),
                     crlIssuer = tlsCertCrlIssuer)
             logger.info("Generated TLS certificate: $sslCert")
-            setPrivateKey(CORDA_CLIENT_TLS, sslKeyPair.private, listOf(sslCert) + certificates)
+            setPrivateKey(CORDA_CLIENT_TLS, sslKeyPair.private, listOf(sslCert) + certificates, certificateStore.entryPassword)
         }
-        println("SSL private key and certificate stored in ${config.p2pSslOptions.keyStore.path}.")
+        println("SSL private key and certificate stored in ${keyStore.path}.")
     }
 
     private fun createTruststore(rootCertificate: X509Certificate) {
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index e87557f716..cd46caf2fb 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -845,10 +845,10 @@ class DriverDSLImpl(
             config += "baseDirectory" to configuration.baseDirectory.toAbsolutePath().toString()
 
             config += "keyStorePath" to configuration.p2pSslOptions.keyStore.path.toString()
-            config += "keyStorePassword" to configuration.p2pSslOptions.keyStore.password
+            config += "keyStorePassword" to configuration.p2pSslOptions.keyStore.storePassword
 
             config += "trustStorePath" to configuration.p2pSslOptions.trustStore.path.toString()
-            config += "trustStorePassword" to configuration.p2pSslOptions.trustStore.password
+            config += "trustStorePassword" to configuration.p2pSslOptions.trustStore.storePassword
 
             return config
         }
diff --git a/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/UnsafeCertificatesFactory.kt b/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/UnsafeCertificatesFactory.kt
deleted file mode 100644
index bce2152d57..0000000000
--- a/testing/test-common/src/main/kotlin/net/corda/testing/common/internal/UnsafeCertificatesFactory.kt
+++ /dev/null
@@ -1,215 +0,0 @@
-package net.corda.testing.common.internal
-
-import net.corda.core.identity.CordaX500Name
-import net.corda.core.internal.createFile
-import net.corda.core.internal.deleteIfExists
-import net.corda.core.internal.div
-import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
-import net.corda.nodeapi.internal.config.SslConfiguration
-import net.corda.nodeapi.internal.config.MutualSslConfiguration
-import net.corda.nodeapi.internal.crypto.*
-import org.apache.commons.io.FileUtils
-import sun.security.tools.keytool.CertAndKeyGen
-import sun.security.x509.X500Name
-import java.nio.file.Files
-import java.nio.file.Path
-import java.security.KeyPair
-import java.security.KeyStore
-import java.security.PrivateKey
-import java.security.cert.X509Certificate
-import java.time.Duration
-import java.time.Instant
-import java.time.Instant.now
-import java.time.temporal.ChronoUnit
-import java.util.*
-import javax.security.auth.x500.X500Principal
-
-class UnsafeCertificatesFactory(
-        defaults: Defaults = defaults(),
-        private val keyType: String = defaults.keyType,
-        private val signatureAlgorithm: String = defaults.signatureAlgorithm,
-        private val keySize: Int = defaults.keySize,
-        private val certificatesValidityWindow: CertificateValidityWindow = defaults.certificatesValidityWindow,
-        private val keyStoreType: String = defaults.keyStoreType) {
-
-    companion object {
-        private const val KEY_TYPE_RSA = "RSA"
-        private const val SIG_ALG_SHA_RSA = "SHA1WithRSA"
-        private const val KEY_SIZE = 1024
-        private val DEFAULT_DURATION = Duration.of(365, ChronoUnit.DAYS)
-        private const val DEFAULT_KEYSTORE_TYPE = "JKS"
-
-        fun defaults() = Defaults(KEY_TYPE_RSA, SIG_ALG_SHA_RSA, KEY_SIZE, CertificateValidityWindow(now(), DEFAULT_DURATION), DEFAULT_KEYSTORE_TYPE)
-    }
-
-    data class Defaults(
-            val keyType: String,
-            val signatureAlgorithm: String,
-            val keySize: Int,
-            val certificatesValidityWindow: CertificateValidityWindow,
-            val keyStoreType: String)
-
-    fun createSelfSigned(name: X500Name): UnsafeCertificate = createSelfSigned(name, keyType, signatureAlgorithm, keySize, certificatesValidityWindow)
-
-    fun createSelfSigned(name: CordaX500Name) = createSelfSigned(name.asX500Name())
-
-    fun createSignedBy(subject: X500Principal, issuer: UnsafeCertificate): UnsafeCertificate = issuer.createSigned(subject, keyType, signatureAlgorithm, keySize, certificatesValidityWindow)
-
-    fun createSignedBy(name: CordaX500Name, issuer: UnsafeCertificate): UnsafeCertificate = issuer.createSigned(name, keyType, signatureAlgorithm, keySize, certificatesValidityWindow)
-
-    fun newKeyStore(password: String) = UnsafeKeyStore.create(keyStoreType, password)
-
-    fun newKeyStores(keyStorePassword: String, trustStorePassword: String): KeyStores = KeyStores(newKeyStore(keyStorePassword), newKeyStore(trustStorePassword))
-}
-
-class KeyStores(val keyStore: UnsafeKeyStore, val trustStore: UnsafeKeyStore) {
-    fun save(directory: Path = Files.createTempDirectory(null)): AutoClosableSSLConfiguration {
-        val keyStoreFile = keyStore.toTemporaryFile("sslkeystore", directory = directory)
-        val trustStoreFile = trustStore.toTemporaryFile("truststore", directory = directory)
-
-        val sslConfiguration = sslConfiguration(keyStoreFile, trustStoreFile)
-
-        return object : AutoClosableSSLConfiguration {
-            override val value = sslConfiguration
-
-            override fun close() {
-                keyStoreFile.close()
-                trustStoreFile.close()
-            }
-        }
-    }
-
-    private fun sslConfiguration(keyStoreFile: TemporaryFile, trustStoreFile: TemporaryFile): MutualSslConfiguration {
-
-        val keyStore = FileBasedCertificateStoreSupplier(keyStoreFile.file, keyStore.password)
-        val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile.file, trustStore.password)
-        return SslConfiguration.mutual(keyStore, trustStore)
-    }
-}
-
-interface AutoClosableSSLConfiguration : AutoCloseable {
-    val value: MutualSslConfiguration
-}
-
-typealias KeyStoreEntry = Pair<String, UnsafeCertificate>
-
-data class UnsafeKeyStore(private val delegate: KeyStore, val password: String) : Iterable<KeyStoreEntry> {
-    companion object {
-        private const val JKS_TYPE = "JKS"
-
-        fun create(type: String, password: String) = UnsafeKeyStore(newKeyStore(type, password), password)
-
-        fun createJKS(password: String) = create(JKS_TYPE, password)
-    }
-
-    operator fun plus(entry: KeyStoreEntry) = set(entry.first, entry.second)
-
-    override fun iterator(): Iterator<Pair<String, UnsafeCertificate>> = delegate.aliases().toList().map { alias -> alias to get(alias) }.iterator()
-
-    operator fun get(alias: String): UnsafeCertificate {
-        return when {
-            delegate.isKeyEntry(alias) -> delegate.getCertificateAndKeyPair(alias, password).unsafe()
-            else -> UnsafeCertificate(delegate.getX509Certificate(alias), null)
-        }
-    }
-
-    operator fun set(alias: String, certificate: UnsafeCertificate) {
-        delegate.setCertificateEntry(alias, certificate.value)
-        delegate.setKeyEntry(alias, certificate.privateKey, password.toCharArray(), arrayOf(certificate.value))
-    }
-
-    fun save(path: Path) = delegate.save(path, password)
-
-    fun toTemporaryFile(fileName: String, fileExtension: String? = delegate.type.toLowerCase(), directory: Path): TemporaryFile {
-        return TemporaryFile("$fileName.$fileExtension", directory).also { save(it.file) }
-    }
-}
-
-class TemporaryFile(fileName: String, val directory: Path) : AutoCloseable {
-    val file: Path = (directory / fileName).createFile().toAbsolutePath()
-
-    init {
-        file.toFile().deleteOnExit()
-    }
-
-    override fun close() {
-        file.deleteIfExists()
-    }
-}
-
-data class UnsafeCertificate(val value: X509Certificate, val privateKey: PrivateKey?) {
-    val keyPair = KeyPair(value.publicKey, privateKey)
-
-    val principal: X500Principal get() = value.subjectX500Principal
-
-    val issuer: X500Principal get() = value.issuerX500Principal
-
-    fun createSigned(subject: X500Principal, keyType: String, signatureAlgorithm: String, keySize: Int, certificatesValidityWindow: CertificateValidityWindow): UnsafeCertificate {
-        val keyGen = keyGen(keyType, signatureAlgorithm, keySize)
-
-        return UnsafeCertificate(X509Utilities.createCertificate(
-                certificateType = CertificateType.TLS,
-                issuer = value.subjectX500Principal,
-                issuerKeyPair = keyPair,
-                validityWindow = certificatesValidityWindow.datePair,
-                subject = subject,
-                subjectPublicKey = keyGen.publicKey
-        ), keyGen.privateKey)
-    }
-
-    fun createSigned(name: CordaX500Name, keyType: String, signatureAlgorithm: String, keySize: Int, certificatesValidityWindow: CertificateValidityWindow) = createSigned(name.x500Principal, keyType, signatureAlgorithm, keySize, certificatesValidityWindow)
-}
-
-data class CertificateValidityWindow(val from: Instant, val to: Instant) {
-    constructor(from: Instant, duration: Duration) : this(from, from.plus(duration))
-
-    val duration = Duration.between(from, to)!!
-
-    val datePair = Date.from(from) to Date.from(to)
-}
-
-private fun createSelfSigned(name: X500Name, keyType: String, signatureAlgorithm: String, keySize: Int, certificatesValidityWindow: CertificateValidityWindow): UnsafeCertificate {
-    val keyGen = keyGen(keyType, signatureAlgorithm, keySize)
-    return UnsafeCertificate(keyGen.getSelfCertificate(name, certificatesValidityWindow.duration.toMillis()), keyGen.privateKey)
-}
-
-private fun CordaX500Name.asX500Name(): X500Name = X500Name.asX500Name(x500Principal)
-
-private fun CertificateAndKeyPair.unsafe() = UnsafeCertificate(certificate, keyPair.private)
-
-private fun keyGen(keyType: String, signatureAlgorithm: String, keySize: Int): CertAndKeyGen {
-    val keyGen = CertAndKeyGen(keyType, signatureAlgorithm)
-    keyGen.generate(keySize)
-    return keyGen
-}
-
-private fun newKeyStore(type: String, password: String): KeyStore {
-    val keyStore = KeyStore.getInstance(type)
-    // Loading creates the store, can't do anything with it until it's loaded
-    keyStore.load(null, password.toCharArray())
-
-    return keyStore
-}
-
-fun withKeyStores(server: KeyStores, client: KeyStores, action: (brokerSslOptions: MutualSslConfiguration, clientSslOptions: MutualSslConfiguration) -> Unit) {
-    val serverDir = Files.createTempDirectory(null)
-    FileUtils.forceDeleteOnExit(serverDir.toFile())
-
-    val clientDir = Files.createTempDirectory(null)
-    FileUtils.forceDeleteOnExit(clientDir.toFile())
-
-    server.save(serverDir).use { serverSslConfiguration ->
-        client.save(clientDir).use { clientSslConfiguration ->
-            action(serverSslConfiguration.value, clientSslConfiguration.value)
-        }
-    }
-    clientDir.deleteIfExists()
-    serverDir.deleteIfExists()
-}
-
-fun withCertificates(factoryDefaults: UnsafeCertificatesFactory.Defaults = UnsafeCertificatesFactory.defaults(), action: (server: KeyStores, client: KeyStores, createSelfSigned: (name: CordaX500Name) -> UnsafeCertificate, createSignedBy: (name: CordaX500Name, issuer: UnsafeCertificate) -> UnsafeCertificate) -> Unit) {
-    val factory = UnsafeCertificatesFactory(factoryDefaults)
-    val server = factory.newKeyStores("serverKeyStorePass", "serverTrustKeyStorePass")
-    val client = factory.newKeyStores("clientKeyStorePass", "clientTrustKeyStorePass")
-    action(server, client, factory::createSelfSigned, factory::createSignedBy)
-}
\ No newline at end of file
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt
index 62f871ca8c..dfe21245f1 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt
@@ -1,6 +1,9 @@
 package net.corda.testing.internal.stubs
 
 import net.corda.core.internal.div
+import net.corda.nodeapi.internal.DEV_CA_KEY_STORE_PASS
+import net.corda.nodeapi.internal.DEV_CA_TRUST_STORE_PASS
+import net.corda.nodeapi.internal.DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS
 import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
 import net.corda.nodeapi.internal.config.SslConfiguration
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
@@ -11,28 +14,27 @@ class CertificateStoreStubs {
     companion object {
 
         const val DEFAULT_CERTIFICATES_DIRECTORY_NAME = "certificates"
-
-        @JvmStatic
-        fun withStoreAt(certificateStorePath: Path, password: String): FileBasedCertificateStoreSupplier = FileBasedCertificateStoreSupplier(certificateStorePath, password)
     }
 
     class Signing {
 
         companion object {
 
-            const val DEFAULT_STORE_FILE_NAME = "nodekeystore.jks"
-            const val DEFAULT_STORE_PASSWORD = "cordacadevpass"
+            private const val DEFAULT_STORE_FILE_NAME = "nodekeystore.jks"
+            private const val DEFAULT_STORE_PASSWORD = DEV_CA_KEY_STORE_PASS
 
             @JvmStatic
-            fun withCertificatesDirectory(certificatesDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
+            fun withCertificatesDirectory(certificatesDirectory: Path, password: String = DEFAULT_STORE_PASSWORD,
+                                          keyPassword: String = password, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
 
-                return FileBasedCertificateStoreSupplier(certificatesDirectory / certificateStoreFileName, password)
+                return FileBasedCertificateStoreSupplier(certificatesDirectory / certificateStoreFileName, password, keyPassword)
             }
 
             @JvmStatic
-            fun withBaseDirectory(baseDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
+            fun withBaseDirectory(baseDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, keyPassword: String = password,
+                                  certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
 
-                return FileBasedCertificateStoreSupplier(baseDirectory / certificatesDirectoryName / certificateStoreFileName, password)
+                return FileBasedCertificateStoreSupplier(baseDirectory / certificatesDirectoryName / certificateStoreFileName, password, keyPassword)
             }
         }
     }
@@ -42,10 +44,13 @@ class CertificateStoreStubs {
         companion object {
 
             @JvmStatic
-            fun withCertificatesDirectory(certificatesDirectory: Path, keyStoreFileName: String = KeyStore.DEFAULT_STORE_FILE_NAME, keyStorePassword: String = KeyStore.DEFAULT_STORE_PASSWORD, trustStoreFileName: String = TrustStore.DEFAULT_STORE_FILE_NAME, trustStorePassword: String = TrustStore.DEFAULT_STORE_PASSWORD): MutualSslConfiguration {
+            fun withCertificatesDirectory(certificatesDirectory: Path, keyStoreFileName: String = KeyStore.DEFAULT_STORE_FILE_NAME,
+                                          keyStorePassword: String = KeyStore.DEFAULT_STORE_PASSWORD, keyPassword: String = keyStorePassword,
+                                          trustStoreFileName: String = TrustStore.DEFAULT_STORE_FILE_NAME, trustStorePassword: String = TrustStore.DEFAULT_STORE_PASSWORD, trustStoreKeyPassword: String = TrustStore.DEFAULT_KEY_PASSWORD,
+                                          useOpenSsl: Boolean = false): MutualSslConfiguration {
 
-                val keyStore = FileBasedCertificateStoreSupplier(certificatesDirectory / keyStoreFileName, keyStorePassword)
-                val trustStore = FileBasedCertificateStoreSupplier(certificatesDirectory / trustStoreFileName, trustStorePassword)
+                val keyStore = FileBasedCertificateStoreSupplier(certificatesDirectory / keyStoreFileName, keyStorePassword, keyPassword)
+                val trustStore = FileBasedCertificateStoreSupplier(certificatesDirectory / trustStoreFileName, trustStorePassword, trustStoreKeyPassword)
                 return SslConfiguration.mutual(keyStore, trustStore)
             }
 
@@ -61,18 +66,20 @@ class CertificateStoreStubs {
             companion object {
 
                 const val DEFAULT_STORE_FILE_NAME = "sslkeystore.jks"
-                const val DEFAULT_STORE_PASSWORD = "cordacadevpass"
+                const val DEFAULT_STORE_PASSWORD = DEV_CA_KEY_STORE_PASS
 
                 @JvmStatic
-                fun withCertificatesDirectory(certificatesDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
+                fun withCertificatesDirectory(certificatesDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, keyPassword: String = password,
+                                              certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
 
-                    return FileBasedCertificateStoreSupplier(certificatesDirectory / certificateStoreFileName, password)
+                    return FileBasedCertificateStoreSupplier(certificatesDirectory / certificateStoreFileName, password, keyPassword)
                 }
 
                 @JvmStatic
-                fun withBaseDirectory(baseDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
+                fun withBaseDirectory(baseDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, keyPassword: String = password,
+                                      certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
 
-                    return FileBasedCertificateStoreSupplier(baseDirectory / certificatesDirectoryName / certificateStoreFileName, password)
+                    return FileBasedCertificateStoreSupplier(baseDirectory / certificatesDirectoryName / certificateStoreFileName, password, keyPassword)
                 }
             }
         }
@@ -82,18 +89,21 @@ class CertificateStoreStubs {
             companion object {
 
                 const val DEFAULT_STORE_FILE_NAME = "truststore.jks"
-                const val DEFAULT_STORE_PASSWORD = "trustpass"
+                const val DEFAULT_STORE_PASSWORD = DEV_CA_TRUST_STORE_PASS
+                const val DEFAULT_KEY_PASSWORD = DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS
 
                 @JvmStatic
-                fun withCertificatesDirectory(certificatesDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
+                fun withCertificatesDirectory(certificatesDirectory: Path, password: String = DEFAULT_STORE_PASSWORD,
+                                              keyPassword: String = DEFAULT_KEY_PASSWORD, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
 
-                    return FileBasedCertificateStoreSupplier(certificatesDirectory / certificateStoreFileName, password)
+                    return FileBasedCertificateStoreSupplier(certificatesDirectory / certificateStoreFileName, password, keyPassword)
                 }
 
                 @JvmStatic
-                fun withBaseDirectory(baseDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
+                fun withBaseDirectory(baseDirectory: Path, password: String = DEFAULT_STORE_PASSWORD, keyPassword: String = DEFAULT_KEY_PASSWORD,
+                                      certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, certificateStoreFileName: String = DEFAULT_STORE_FILE_NAME): FileBasedCertificateStoreSupplier {
 
-                    return FileBasedCertificateStoreSupplier(baseDirectory / certificatesDirectoryName / certificateStoreFileName, password)
+                    return FileBasedCertificateStoreSupplier(baseDirectory / certificatesDirectoryName / certificateStoreFileName, password, keyPassword)
                 }
             }
         }

From e0d8ea8a5836cfce714f9b7cff1fcc246a8e50a0 Mon Sep 17 00:00:00 2001
From: Andrius Dagys <andrius.dagys@r3.com>
Date: Mon, 22 Oct 2018 10:26:10 +0100
Subject: [PATCH 70/83] =?UTF-8?q?CORDA-535:=20Move=20implementation=20spec?=
 =?UTF-8?q?ific=20configuration=20values=20out=20of=20n=E2=80=A6=20(#4058)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The configuration objects for specific notary implementations have been replaced
by a single untyped "extraConfig" Config object that is left to the notary service
itself to parse.

* Remove the raft bootstrapping command from node, we'll need a different
mechanism for that.

* Remove pre-generated identity config value.

* Split up obtainIdentity() in AbstractNode to make it easier to read.

* A temporary workaround for the bootstrapper tool to support BFT notaries.

* Update docs

* Add upgrade notes

* Fix rebase issue

* Add a config diff for the bft notary as well
---
 docs/source/changelog.rst                     |  23 ++++++
 docs/source/corda-configuration-file.rst      |  25 ++-----
 .../resources/notary-config-update-bft.png    | Bin 0 -> 131365 bytes
 .../source/resources/notary-config-update.png | Bin 0 -> 86107 bytes
 docs/source/running-a-node.rst                |   2 -
 .../corda/notary/bftsmart/BFTSMaRtConfig.kt   |  18 +++++
 .../notary/bftsmart/BftSmartNotaryService.kt  |  11 +--
 .../notary/bftsmart/BFTNotaryServiceTests.kt  |  13 ++--
 .../net/corda/notary/raft/RaftConfig.kt       |  18 +++++
 .../corda/notary/raft/RaftNotaryService.kt    |  10 ++-
 .../notary/raft/RaftUniquenessProvider.kt     |   1 -
 .../internal/network/NetworkBootstrapper.kt   |  10 ++-
 .../net/corda/node/NodeCmdLineOptions.kt      |   6 --
 .../net/corda/node/internal/AbstractNode.kt   |  67 +++++++++---------
 .../net/corda/node/internal/NodeStartup.kt    |  15 +---
 .../node/services/config/NodeConfiguration.kt |  53 ++++----------
 .../net.corda.node.internal.NodeStartup.yml   |   5 --
 .../corda/node/internal/NodeStartupTest.kt    |   1 -
 .../net/corda/node/services/TimedFlowTests.kt |   7 +-
 samples/notary-demo/build.gradle              |  14 ++--
 .../testing/node/internal/DriverDSLImpl.kt    |  25 +++----
 21 files changed, 167 insertions(+), 157 deletions(-)
 create mode 100644 docs/source/resources/notary-config-update-bft.png
 create mode 100644 docs/source/resources/notary-config-update.png
 create mode 100644 experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt

diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index 51330fffd3..eb81172b4a 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -16,6 +16,29 @@ Unreleased
 
 * Vault storage of contract state constraints metadata and associated vault query functions to retrieve and sort by constraint type.
 
+* UPGRADE REQUIRED: changes have been made to how notary implementations are configured and loaded.
+  No upgrade steps are required for the single-node notary (both validating and non-validating variants).
+  Other notary implementations have been moved out of the Corda node into individual Cordapps, and require configuration
+  file updates.
+
+  To run a notary you will now need to include the appropriate notary CorDapp in the ``cordapps/`` directory:
+
+    * ``corda-notary-raft`` for the Raft notary.
+    * ``corda-notary-bft-smart`` for the BFT-Smart notary.
+
+  It is now required to specify the fully qualified notary service class name, ``className``, and the legal name of
+  the notary service in case of distributed notaries: ``serviceLegalName``.
+
+  Implementation-specific configuration values have been moved to the ``extraConfig`` configuration block.
+
+  Example configuration changes for the Raft notary:
+
+  .. image:: resources/notary-config-update.png
+
+  Example configuration changes for the BFT-Smart notary:
+
+  .. image:: resources/notary-config-update-bft.png
+
 * New overload for ``CordaRPCClient.start()`` method allowing to specify target legal identity to use for RPC call.
 
 * Case insensitive vault queries can be specified via a boolean on applicable SQL criteria builder operators. By default
diff --git a/docs/source/corda-configuration-file.rst b/docs/source/corda-configuration-file.rst
index e5afa2f27b..6f5fcf17b5 100644
--- a/docs/source/corda-configuration-file.rst
+++ b/docs/source/corda-configuration-file.rst
@@ -132,34 +132,17 @@ absolute path to the node's base directory.
 :security: Contains various nested fields controlling user authentication/authorization, in particular for RPC accesses. See
     :doc:`clientrpc` for details.
 
-:notary: Optional configuration object which if present configures the node to run as a notary. If part of a Raft or BFT SMaRt
-    cluster then specify ``raft`` or ``bftSMaRt`` respectively as described below. If a single node notary then omit both.
+:notary: Optional configuration object which if present configures the node to run as a notary.
 
     :validating: Boolean to determine whether the notary is a validating or non-validating one.
 
     :serviceLegalName: If the node is part of a distributed cluster, specify the legal name of the cluster. At runtime, Corda
         checks whether this name matches the name of the certificate of the notary cluster.
 
-    :raft: If part of a distributed Raft cluster specify this config object, with the following settings:
+    :className: The fully qualified class name of the notary service to run. The class is expected to be loaded from
+        a notary CorDapp. Defaults to run the ``SimpleNotaryService``, which is built in.
 
-        :nodeAddress: The host and port to which to bind the embedded Raft server. Note that the Raft cluster uses a
-            separate transport layer for communication that does not integrate with ArtemisMQ messaging services.
-
-        :clusterAddresses: Must list the addresses of all the members in the cluster. At least one of the members must
-            be active and be able to communicate with the cluster leader for the node to join the cluster. If empty, a
-            new cluster will be bootstrapped.
-
-    :bftSMaRt: If part of a distributed BFT-SMaRt cluster specify this config object, with the following settings:
-
-        :replicaId: The zero-based index of the current replica. All replicas must specify a unique replica id.
-
-        :clusterAddresses: Must list the addresses of all the members in the cluster. At least one of the members must
-            be active and be able to communicate with the cluster leader for the node to join the cluster. If empty, a
-            new cluster will be bootstrapped.
-
-    :custom: If `true`, will load and install a notary service from a CorDapp. See :doc:`tutorial-custom-notary`.
-
-    Only one of ``raft``, ``bftSMaRt`` or ``custom`` configuration values may be specified.
+    :extraConfig: an optional configuration block for providing notary implementation-specific values.
 
 :rpcUsers: A list of users who are authorised to access the RPC system. Each user in the list is a config object with the
     following fields:
diff --git a/docs/source/resources/notary-config-update-bft.png b/docs/source/resources/notary-config-update-bft.png
new file mode 100644
index 0000000000000000000000000000000000000000..207d87cdefcc58fbf19dda1f983791608edfd168
GIT binary patch
literal 131365
zcmaI71y~%}wl++V;I6?vxVyW1aCfJ15AF^L?!lc9tnuLP7NBtm8VJGtZ)Wbj=S(Kw
z&r?)aSJhs%Y%h6tb(D&dG%^A{0t5sEvaF1R8UzF!2m%5U4emAgj0(dhIRpd(vW>X7
zimbResfvrErH#D>1cXdfSSqYK)*}Ak>DZOjip9a_i?tQV8Q+hFk`_8Xn5lFH<QVFt
z1(A_~7>O#_vEk%(r1{!#kO*b@I+SoUllhTlW$mv%r0;Z`uW|43Uwd}8Tnn#vu<wnL
zKzu-?CnLl84n@i&l(B8&*#8q1&U_>H6}bo$q{?d~9DdsFnblPo(zC&vYcFnu{Km7+
zyUc}vwdcHU68zM@*AOn!>BCAJloapLOimkiLOF9q(g#E{#k@@7C>GvG)jAKoMy#DY
zyK0cqMurf`=--ln5HTlrm!ji`oF==YsKO?}$4>Z}+4+Y519tRJ#?bj5vv)J-{%u@u
znE<eAZ->dMuzul=M|K@VJd{tGN<Iub*U=uYUpIP??|k+mVK&E-R3i+9LPkSW6X7!s
zg#P-9KT!@#4PJcWsjJqkrnX+nk~%PFD4GWC6}c$em$egSUBe@}VN&GJiM%E<{V*+6
zi)-8AJLG-_*ahpix-s6b1C!vt<n`A!8k0cihCt+(`B#^#lh@K91QHv1AiQ-iZ1T8(
z2zgJ|9{5@!kTMZQPK0P50?HVYA&}7t67ZD(I?y37?t&n~E#);^w@@PDuWocF!sH-1
zr`K~Kt{afnuxZ`yPM9E=5M$_AD5mt+%-xV)u$rWBJ)&5V2vH(xi2_9k2O<hXNMFMA
zNtJ0J5W>mxy=Y)YLa)ScRnXO6YltFGp-xfl^SKe=2NR2aoFcq<eFs-)%%%`RWelT@
zY1xzdnf(~qF^pnEf(L3M2(`D^iSs=UAf&d}a}zxsu`4u91wvA6T6KoT9ShSU&P5!i
zphuN(j#!<z0$L-^R?5BLPUTuve@@^K3O}Z#;ElC=1N`!<A0d{7nA5&fF#Bw7g00A_
zF`Wsy63qEs#x!`&v2+7?+mUC362>zuE$J8vj3wBvQ0&1O1MR)0b#7JU3us4y$X}(*
zJWUWkmwsma#&nG4fzTG(yD8yR!SgPgAU;ffV0TMtYhtTrGu(L=c<qH@h)^5S+zY$4
zeYSLi@t)#|&L2-W#E9%C`VRa6G`ARy$=gqfD&qT;APNOc&BzA{$pYHxEIdV!Gy@eE
zrX$+h$QVit*>H1-U!;;rUu24l&WrSlWM^Q%K<I?oE25B>CZc{k8Zy|C-jPHID-fy6
zhgSPQ8$pYlOg!>##Fv;Z;dKIqGR>r6u1hXgu1T&|JG7y<q5PUd`<r&Ec3kh%vx#%`
z8?2kETkZG0HzT)9XK`nYXYXzsZ&z=&ZxC+?ZXM4j5jLQ)pzUGAU|gUl;4a`4R8`e=
zDmYUVSCy+jt>r7te&&$Oq+rZURpyr_$Y+E@fIEc0LnuK^MKna;nNf9vX{8WMHI(TR
zAt?^P`hfNY3jvdla*lz6p@D&c+MbM%I{Ph%T!8#RHI&Sh9)rR~y~toEibhvma!#B>
z@uFcLdD@#bGd&7Vk3so3_?wxtw!S3j-TSngH)sB5RPeI!zERLoA29?m&Of-xA`V**
zn+{iga8*;MWiO{GH!ZhQW5x?cl9ysAOr9RqPQ*#`NK{Iy`9Pd#n53F~mNcAdljKb<
zpKLJ_K8iEyG0HR~JKQp2F~T`4nEG~zeV1ZadFXnWnVyF3hL%vpS}R=xOVdq#OvPR;
zTcv;|gPw{`gI-W&fQ~)IELoWrwc;z?9bFRLF5R`di3Zd>&HTFxaa%l2ibk(S+eTLR
zFRjHs6+R#Die4M^N>b<*8f>SOWLxHcR~;7`XV$&bt<&Yy-Cl-VR$5+K&RKSJQ+NBu
zx66m>M%(Jq>g&$$W^`137<Q1e;9I6V?>R4=zh3>k^mQuGY|5U+ipC1hUfYCcpon!f
z17=K53Xg)mutO>>P6&?x?=685%hR~TD&;`Yw7JK}t&-1*oLMCb7798g8YTMd;X0p}
zJT3KIZCq2m8*kYWbz)RvbYtGgTZ~$d)~D81HB|9vR%?zf3@o%&x7n+3U2%DHK{Y`(
z2{l<XDgQ7(CO^(R#yP(H;ko3=YfP9;6wepSE64MNh=33`8!5+w|B~-xPDl1=c3w*v
z&`F=qz(niqqFD`Q)-Ly;Bft|15Dypx<pSwj-?l#Q1YJ5^(_DL<l>f*$SlW}kTt1oK
zznoYZX`Au|Ne{p6FI`Dn<Q{77_FS4As2xf;sy*mhc?JYpi>Ql8lQK<lf97(siTRPb
ztydCq5#kae)l3IaT=((K+Hd;ipw)B^uyW|ai-o^J1Ry>2xtM9xr-~7Z(~04HTR6r%
zPWy!OssEF!Nr{Q13HxTrrsQTldI|a<`FHYh3VHIq!m7fN0z+wj2`wq+L16z}f7QTU
ze^cM)cJMY+KVsit-}Ol%D5=woMwF9`J1EOK+e^SXXnU+&G5A9hwL9f(VxCn%wAu(a
z?Z<M<^4;>&+4r+dCFiAsrPrtGOWxLd3gHF=*KJd6-`ZN)i`lO&lunvJ292=Gm|seL
zYme8mJ7#sRbT02B?@g~Bv#V1Kk{>;~)}JN_qq3{A%N>uqY({p6cX#56Sa?;u(fn8r
zH@=dsioZqm8%7*&`&gS|^x?TY(7<U=?}wv&mw_OmzgPZL{?7~a<D?skLh12@1>7@S
z3oJz<SHT6%F`5Z_f8Y1_XDd`bR4H#G->NA&$s5S=D~;p`xcqvjW4<KQqTwwc=GFfx
zdiUL@(r{(HY(PzN*;wtvjlrBJYUOd|as_sU{DkpjQLeY)w%+Wu;Q4*H?)37*@}&Ej
zJIH79ZtZn%c(~NrKo2#Lw%F#xerl=Pm1~bLb3Ut5cc1ZgulqLnoY^1l$>bvVJnST9
zEM{DI<XL-K&SBgxWZ9#Mu|c}Yl^>EXoQc=q@Py;Q{!w<jv~_eQZL}87khWc}J=4|w
zQg@)SxF)pb_6U8kw6)nY;rixUVE=NT2)OxvdqJ@+OVBUXZxN8O*7|<s=Bk)~jQ@ux
z@=4R>(RK4v)wAnSV7JJMV6QJxh*U_9cvg4~N*1b7m!s?Rcc?*FPid|Mq`13SAwop_
zZ6PE-o_m_B>7&8&1g(L3Y8Fgy<(u4O0qg+X$CzKtjQUU~DY99^PgaJL1Et^IF$XB#
zUCz2qxQ?8EcvGGcu9LGg>gwSd!rauJ?w|3~#X{)X=;67-tN7w@aGk;b$mpk0y8pO$
z$6blBs(IZ>_1ek_)pc>{>DF2`!(Iojx6yOZ?Wfbi^}&pk24$dfabAkBr@!+PTOEFL
zYv$Lj&kNNM2(ml^gn``dk&bW>fqao(pBM>pk35B;9{ZObx{cpoYXRDtHb)nFAp&g?
zAs!Olj>Pa}iy0uilAOoMee@u-wXP>01V8k+yL07=ekWbnc|1HUfQA4nK?u2OYH2A|
z*Z9|nX8J*kXl*_J_(9UX3A@-MNmOT9qg(UjQF!=WXM^O-afGd-hP}7#30xn-JIUy{
zLO|e9z5KtDRipd~0r4u=MqS%YTTy|}%+Z0##N5%;g2~Il34AvMgn$<x_|U<^&4kp;
z!5-ks=Osw~*ByM|<CoLS<fMPy;$|mEuC1s-D(>iFLCVR*!Nfu?gg{D4D&S&n$)_eE
z^*_VG-vr66-Q1k`n3+92J()b&nH*iLm|1ywd6`+*nAzAE!FMpadIQ`{ychwl6n_)>
zUpf*Nu4XPaPHr}i0MZw_CZ>+=Zi3|GFAw^^zrXpk@Ur>OlK`&&BNkXd=9eqXtV}G-
z|3@1<RN&<-pNfr_g}t_fje`Zi75oe#Ha0FEfxia)>(YN7`CmhI{xg)5?H?om>&pL(
z6kvXl;J+mLTU~#h1?x))L4f)HbT5Q}!SqN8HV2`Ngt9vL6Y|A2V9UXQcQk*0f{$Ol
zCG|tw`vL(W0wF6Qs_ymbI0ybc_WbP=2`L&m8q^nNQ*BCkQbnxjGK<Q<Ggz7!oHEla
z8iYvl4IFh_QArV9=qmgwf_yklRnan1O&xRDCwurI3^WBw2{?E%M6{>VF;L6(ScmJ!
zti-sT3{-Q=iR???2?oyz_EWtd9~d^oASp%u-<t{mdLma)4`5Mmj6wS9pIcA?W|>sC
z;`Aq082Chp|L2xW`3eCb_ksGH{P*!QZ$-Kl57;f?|9?3k1rJB)>kaw+CY4P%6{mNb
zt)bYz6aKH~l-WYl0LyI!C$2vHlSBOj@P(Ec-^9ze|8@I+i#P=zdE};EsTs#1vk^@x
z(mjs7<WR-&PccQXslg&(pS<VFftCsU!$yY*=AQ1Iqh?1FnAyv_Y)0yTJ`VT=Ud74P
z;@T*s@^QJ*E@u9_|KlAtJrQQoKl%Mz!TLf${V}-P`_qMKd8%Z*>A_i6d45fa=>iIW
zHes4{U~tyx_TZd_0{DRK^~Ba6xXg!!dw+LO%Hy;l0>7i~g_9{?{x<LZm!FZbqW=%7
zqAyef2a7C}zhZ&h4i|<?d#>$Q3kM6s2=bg*G5)EezvM_p2%5nHSwj-ceu>lZMgS;a
z=zsi^fXO&7&Jx3L&WH_(1xiNHw3Pb;55;o%9MIe+VgwFGdJUI5!yn}v1;?`gpnkBl
zG{8+fU;)@wTqWIc>E-`GjW6f}4ybGkzZ$~92-$Zl>a9%fpGnE3K)`SpN2g_^aRiCM
zaPwL@eOF-G*h^T}GKzz8cB9pp@%#GlCk2;5%c(h;A=owWrHf@9&Q~63uw9b`Je(D1
zCY{L!LPyJyz9l+1So%fG1ko50tg=#D_J&31cP;8Ky?E@G``VHDwXBWr3Ozm#=V2LM
z=LF)$g+T`#u2A0}l=`^8TpTSb8=a&6KKjLfM3yjVWV_=ueKm{=9qho`a{wfe2zMS6
z3}eXVN2AHCcOcB>Wk&N>Zs#zf<fR1yrNwjZLH|7`UXFt*M8M{+m>Nwfi)#wbsuJ8^
z|01lfMo`#I@znSV75bgiyQtPYMY4bTId~*c3_dw|W1s<Gru&5zhKtj7Zc37SSr^gw
zW;3EzMXibpUfl`OY8zdZ8Iq|yPIbNP8WYWz1cn>C{aRb_x6p$@t#T5a6`SX|{c*B+
zW7k|9FQ{_G^mNwqYgZ_NkEEq18PVAaMq(TUv?q#meXEu^y<EeLM{pMV*(rIIa;%}!
z`rEaEW7;HZ{S_LINzK+|x@i<+%ilu`I54UpK~hlxr=vZZEzP3s8yatg>F6r(8mk^;
zZ-{FGg}(a&Avb_1#g2M`cdJN<YDtqdBFC=cQ)6eu6WB3&zY|p9giFrapx*xJ(dXX^
zgBainWgrdB{f-tmUAA*<7#c`W;4X5${e_h&yUXwgG&k&;FIoq&5mh#y$x=5ba2KB_
z<0&GT02dMPhv*>UjZQ<`9hYN4FkTRsmzVcsgbA`<xn2(l@aAk3OC7y-3iCu<@5P>w
ziAlP-QVA8jD7OzYTOH=Pu-Vt+8~8nl293z%>qB$5+-ntXw?!O#t2u4&e5iMXhZK`O
zxUXybf<B)SOrY02KKOC^XtTJ-2AZpAOv)Dq6NY<Yvk&>7=K9MOXt*K!u|fK+Zo@iO
z@9Yb8fzy4QB|}mxH9GYrOu#p+rlITx8tWUrJnK>r>%F%Fv}YmKp{rdo<kDnh{5YRR
zz!zMM8Ga{RCICGm?NqM?%}s(IoF%2j-EVgd3Jj&PJ99}5EZ!L4Y(-%bZM+KKuyo#{
zibZlJs;JO|K?IOXI-PUDaBH|beO~?DNFtEfsUprW+_oVcpW>RVaU8~;ODqT!tqY$>
zxa`w28{{1KehFqfK2Bac2|2sK1HvOWEMZ`{g;dQb|H)m@h+O`AXl`N0J|GosWNRri
z0PxP}TW;^$+V&8ui6P4{3{a8T{1GDBvmICPDSiZ5wSRxGR;k%9{c-z>rcjFSkCN#=
zMm+8QV`p~lxt8sz)B=Q&32B#TW6vvYu>^Rw=7kT650j7#Yaiq98to`{SBBH;mwE7R
zjgjse7Pa5VEAdU;Ps{F4&mko>-ef9)n&6MR^b<5Hce^xGJ44Ne`aa=tzNZWa5gx<U
z>l6=~O;l+NB`sX!(s)x4$9!k{8k~kRoC;>-aLE~un-yWxl!@yMvHa-yWAqM(<eaN2
zTvJ$L$Yt$hw`Ej#zLSCv#|%GxM{MvjIMuO`5L5jt0+0qp%e+MH5_f`k*4wA2wJ`wO
z`HHaa5Lhh<q+PXA{mzJOUmymdH#qc@Dp*SXGgv$IW76Pu$GvStpaTv^4d%Q;*WT4J
zu^XyCa<Y*ku}eQLwl@s?E;!&D$`2JjxOMS?2KqLGj8|Ko5n}o~fb3|=c_|(1M6HFg
z)35YKg$dZS$y_52a?N$0k5=>3P!6yY;u7RoYx=QyzJ+#e&4ZB^4ZoC>39mzH>A+U9
zzNWC=^l<AgSiyN@2aRkLdu%~L3#^0KLit0aRrh}h8mz0bHg>aq$<*!BeO#GSQhIjJ
z6ciNn!gHq0iKm-LZtqdGvdJX66`jjik^f0V#DWT3R)`AvlA%v?_8QB`#YQGgGD(en
zR(ZG^heYz55x|Idf4e;;UDe5x#(|#6;R2^f$?|JSyAOo@>H$CEETn)4$E?qCtdano
zyEuYfXQb)!=E|!z(#e*>Z&W?jXZSNC=H;O&5<I-vL>M6jK*=E#C04@Pz)Fn=hTBxs
z>W)I(*|k)K<KwpMvm<uNn((~N_lwI?^jZF)l&QMny9y7Y*uINqsW&(dokpMZu32HY
zdFX?Sd{9JZh{#KHc4<pw-}{zD1|r3XoHyqV0Bdr0TSw^Lk52TA4`|(Q=cZlDY{^ui
zr>W)W<5M0lRfIu3f_uEh2l0Pe{O`h4<qBF(%&BmG*^Nr0Pzu@lS@DRg<XcITHqrt#
z_v8IF^SzWIE0v~7H}ZP#FkFT9>E?0x#a)+l{^|Mh{RmkkW}4babD+oc8>!!^r(}W?
zI*fbm3hJY*JO+zz=qPgXQ4GpggFcMsyPU{$W9_UrY>pI~0*4s$B2}FrT1_KDY4kK&
zVI}O%*m^n13!)rX7UC==ZppkFu2jqTS}}=Ae&p%#5PGMBYO)E_F=W*4@sOCLb|=bA
zUdEr1*xB1>GGp+PUi{+oUk;;efvz=4y;`(sXyvUyF$7C>yZG|EO+3oHJizcMLo<z?
zXZLu9!E?8u;9zg!yg>NPN9BS#H6sK-v{;%mxNi8p)W~;(11DH1%%yZq0LSQy%VDmj
zr#dKfkN;?1H{?Su$7(Tr6HL$<LH~U1bkZv*=nsD<5$p1PPK)jI4m7&)?~+3nTyoHs
zH8TVgWRWBtWI0(q>bY$y6ajVa<UkB>V(2)c#CmSEL+QxT7?mE5#3d8WwEd&77gbcb
z@<PfW)4v&Dl-8TJ_N%I?YRaFKhpXnvATTdj&;1INRXbfGzVu*Lb{EIKO=a<#GS6=*
z(+v(JkUEg9dJl3v^8;tEhpx%>-p%E>z}};u->t&uq()5!mc0a~8tbUo5daK4z(2Xm
zu2_B%G<RkgfudVsHD`C+fs!0J51JCZbDC|g9X)hv;Q)%^`cT0EZipuUa4DC*Jk=;i
zMtRX1T_XcQ8tLazCQ*8bd0n(`wgFAI`^x-7VZZCS0`8?FIkeVrGJC708n1kJ!D6{i
zWWSU8G4j(Zlc`+}j|0k7I>4J>nvj|T`(LunG-czq>o=tIm8bxEVH!p?J$E-)!*YgP
zHVdv3)SI*O@g)7d{g1P3%Gb)a-kpf%>dr}*7DIP<tgMx7eHdwav|BEtrjG;m7SjuM
zi~doygD8C<@ddYftpT$>2hF-ToRDAw`nM;4tO?L);Jf22m!uj2X06FHRUmNl7#Ij~
zakAPbkm((k><t44I9@9~6U>gS{o;rE){&)-h8$v=DJM>7z-;j?MFn?1m(~#cr0s9*
zQ!@FB4uUHm5)<BQR5dF&>o`t-q#a}|ctZusa+1Vu)}EoeRNcNI2M#YaBZ!Nix&bTH
z*j&~xM4img(OOD9SCsYf<31<FTuj}XR$FCTR!d_OdDBiZ66ASsB64><T|A>r@!_=$
zubiFq)|%!}SnLQdZ2XwcVYpRsGVAUp`e&y7yTHJOq+$eD6<nF_1oJt`)D5hRtKdwe
z!maiGB{X=Sc71t|S~^c|v*JUUlcMD}$ZgjBX!>J7wUNy9z$eV~VA(g$JM?#J(=q>L
zZ9PdIGy3Q=4}IhSqpC&Fo=wMV*tC3I-`>>^4r^+)1@M45W_?O$FD%nMf~d%&!z0G3
zxY=~fY1~$ZffIVN=3h8(EzQg$6PT*{8Z|?K3p2tV88_HW9XL@J&l4h#{_ifol#XgK
zvr=8m$4~>OQ<YW;dop_~r?v)QFIkMCxw5n4uA=Xm5CDYMz~4(Xu=GJLlq$=?1hXm0
zHV5IsS;2g5TZjPr^_23{6?MC5Tb}jaPn2L4#1@3)jogoYir=7dmL}0F<M&Ar!24JG
zpAz|3SS+~<F?b|%EIIQ4;T|#FOE_WL!U4#sPHPdIX*J3qq|kqc3g2UMjYncxsV(fz
zMpT&WuV8!+*%-i$;j=xNXlI3nUy4cc3V;arFX*RPB3UO6CZILhUI)kj#j7Dr%7vo#
zI3>AWaPfN=i1^P0_;=6vqWO`uuEq;FYT%|XP|X+Biimq4cQot)t<R!1&~iWXU&GWj
zz-=Se-1!<brzO7QV2YD5-v{RYud9{LBLUQfw~4$yO0$c3IEXBwmNhk(&bPKjDQELT
zMJdDSf>VOHTI%!o6I*@qra1%d3hQb{Ldn4!)K)8y&~5~^xY(EWNNR?epR&@C1KcUL
zN-mr#70x_gs&q{SsoMSG4>pusksBo)zr^!`v$pCj<^JTNv@cyP*6@d+(hu<92vjq-
z*1HtPl_pRBqp%GdP6Pa{-wN+{U8q|^VoNx=qUW{$dY#KlQC8bY?3;H2`y4G|aNBK2
z`L0RrT0>dAH^((jYHZC7|06&XhI8wQwt%<fP$<2pj)@AzFLRkgo3@K(Gnx)~#()|b
z;73DF{oWQ!4I!97U#5F5bDWhzKYD7#0;};RFfw3ysi8Vu6x`e;fXieS818<F5%Ygn
z$&@OGFX_R(Pm(6^bQ3HLTyH<4?H24bT$_=ru5x!A0shHvVMARMa+ex7%+pR}ca<C5
zm6vBc*&p%DAIj4KRnyZTtREr5c+msH(b`Gx<6dSYWKala2<CV=$|y82(%P!SY>`At
z{nVIL5FL>iq1S75^#dVsC*IPiln*dq2GdZcXD8Fa_*?fY(>0^F-k}8^N+>RrlJ!TK
zpPIm!I~K0SGU^(3+jlb=tGY;6E||(SyafI{w@8NuU@;jm$sTi^IQnx$QMQxnYG2GD
z^?M<u!MG4Q&Y9@0>|*2Yakx4s_ADF#6D-T@Z&Ll$ThpTDZ<Ju=<B-XBM!0_6@&%H|
z;@_7sb;kjdCgY342z(Wgek+K}$e~9Ro$5W8x>$Ig#6G1HxSvFgQ}E;B*Q%4#0MgsR
zoy7uD2(?8W|H&_#<7$s2)79_vzDHc~luGC^ia0NQ;=}<BFRc6t{8yTHLuQyps51;x
z9N0;dbjnEywp4FDw73fRaHpy5mwhBS4v#pTFfR{G`qmi93o-QVVYp8PBMlR3Kd6D5
z%Or4fX{#0FM!Rd;&G;w3Wq$EnT<=0~g+9ykQ&3+vR&23Nu5Q^+x5^`JC(VOORrLG6
z&>{<&d=NBuM5h<YBew<C@|>aI9ht|*W!M0H3Y@8lWrcQn23ZEGx9}_a6U0Uw3LGcu
zm<_3V5zI!)S9KJiczLgf083KSA$2=G2ge(G%63lpPeKngiVvscV;T3fTmA;c1o5ow
zdfDl5No3J9-^KWZ{CE+>^R%j#_LC^;yk^~?{n)WRg_wJ=9F5KiAF$?^QRm-z?Kt4*
zZt%fO&u5CW(^Yo#ee=4bzxesd561GqV@k=%_4_?HI@i9Wpyj%i(AOj7i|%=pQDH0)
z@YN2}?-LVj_++S;AoZ$M4IEy<S(J^C$&USTg|}?o>PxQlPK=Ss8G8~O8>5qv=7hq(
zKsqhrAQw!KzIPc@;Q+2nq6-WBfiBKoP`+ii^@0leh`!W9lWc#S`plV|Ge68+%?eUC
zqrCQ|sa_d$1rC5%KS<sY`3$H2+one_LH1Jo(<1T!akIX3AK)ugwaeuc7)Wd(+WiyL
zi6T1aU~jFGsV4;6@&G0HLNT%|AZE6wQ764Q0eyV?U*MdG1sDNUv^bu3v7P<9v_A7W
zINw%^X{-Ezd-n|iP}Dc)AkW&eZeI0ndClfK{@85}x=42%WO&w}0>{8h;4s@@sF}f}
ziMe)KBQ3Ev4BaQ5o+50|lD}!^=@YED{j&EjXj&rzoR~C9YvqfJ4`4Bql5;|eYH^MC
zKZdi@{uSr*b!e0K6`jm*QnK7%^YXR~VV?^<EpiOh8HBGAfI&yGf64VXDhAfYaYlXL
zh;)7x7$A{i*{jn2HZdIDjxQn7YY9gu8L}2OA2#@V#howk0zebb(JN-~YGa`XTKAU4
z)oYwLN4sa$P&uwj(dV;t$JJxR#|i4u0-ddT{Qfkt>|Q1or*o>-EnM=WFK}cqk@5HR
z9`xa*8yx;sW!kd4F&hENa^X<8wAuUC<dFR%3uQZp{R*B1n34W)ysUr2n<}&~OwzU{
z#nEU%T09fi=x2@g{4U7`0_h9BJtbRJ5ChgQ6AtKi9$rce`mjK1pv||>n-&_)x{bCI
z7t2joT|SqGWvYeYom|b0k4iawyxT4zzgJLyw<&TVV9Ld!Dc-60;29%_%*g&568;yq
zs73)6wfvLCz#qIu1aembj6AwPPMXHN;M!ZxW^{j2sq%|T-}<F0{@(7r&{V;HaXsXU
zvHCeUFnnHsGgWKURX}a>{tuK$gD}X!?7#<^bN!JW>~OG1*d_GZ=tf{AZzEC-{2TNH
zLmrY~UZdwps(x$o|AxQ6?qZgC*xX;qr{yW`j&4qU689-wZgSAO#V>85VO3o{_v7c7
zy9Q#DSvs%ipdT70^Xc0>swFqE{(D}3#g^Zgt=60V3|Jkl2xzpOhZuaeov#$XH(H%U
z<+NRpxYTWob<kN%d{z`EFwoRd&~JiHWz;Ld<uU#m_=OP|D?d7R+ZZcv?))EVjg|8a
zf0SIo(rMG=<<V(JeCDH6iHD{;bdL!pU=9fe?~KPb=oP<-cE>Hb{&99?V1j4YSdx({
zjM{Gyyb3&=`dpNqX9GC6Vr~k-s~bRKU$#ni$EC4?QEFTkOK{~u9TnZ!IdfNRI&J3g
zd%GJ5Ef@9TQ_xKx%;mcksSaeg{?GR|qRCWL-`1?Y0>hR{q4$(3?(ph!M>sIth69w~
z-PiPPt<29MIDoO-?aV*;>qs`3utoesG+knF7JWsVw$A^$N06LIeu0vHTOk-*%z?X>
z%|FB_D_dkl0JO)-f_H(eA+$hNS@o*Rlm%w&7-GABx2P&|FCIwsIfYWsvs=;F*qF*D
zqw&pwPM0<mQ2IYEyDLFjrWE5s*J9oO>$cpw9WM)-jy)*aXSHBsV6?1oV*nA4{YDPc
zW2y(N`F=ek=oxnQB*vpa-9|L^$u6&37VLjzE0L6!Af9sUkw>7|9XDBqm-HXe<w8Xy
zbATR>gfQGE5<q20jWiL-4uGoDwuJ&%g)p&i6uRSN3rwr!TaB13P3M21vbryj_wnob
zAZ~FzVs18Ozxvlg!As151g~zrBh94?0PB%X7#i;XK#TlXutC7aNBW2HH9CW{5L<Zs
zsS&MQekJ<C|E$$Stj2#$Hr3_Rl8{VC1soO#96qg)QajOzY<1)y&zfV%4tUiQpN)B6
zcM~(O?aqREd1Rww0jc=f%>RP1%)o0xGCJvFMtITAdLl)+?P6Kj@+Comj*8%t$7o4A
z11M4wuQtY)s6&dOCkXPc7_Nn<aG>iMkNmrX+X(?dNYdv6-cYdo17U6dnG^rpFRi^y
z`Z$F*;d_>3mwh(o=HJP+*0gRGe@bs}q{6jVARTQK)4ceEGiv7)u`5Lu`6uU27m2mP
zCjOY)*)37uK7>@cc5nMjxuVBx*rBd`^j<X3l(qfc+G$e5Q|NJaM8M=LxVBIJR3$2$
znI2CPgdUwh6kr8wjkj$>eQl-G(UP1I93`VSYFB^hh@UY8U;IHVgb{{!+{cK*b-#p$
z(=8`>_gHNgS@`#K_=`rP!w|LK=z3mx*YKYf6LXpqkF3O2KK8j2U)36g?6_woCbUY`
zbU`BL<^}&;pb|h~`c8K1#rEZkOEF=<+(m5|-#C83w8nx94e)HH1&K-M)f-=%t|IdL
zY>)4Ap?R?#fz+aKE(E^)%=xCp3ad@{!nI10jdu=H9>)%FbaA%_rX0M_ZWtZ`K$zQQ
z+Vui{zDJ|a7vT)J^@(V07%g{(m<`dL$jC(QO<e%&!k-vQYD~ddAG-+qgIBw@dg~7p
z#I;6!IPId-e4z_fIkmKP95txA6(`P4(S9ma#q(V4dZNvLxe3ln{y|c3+xz_UxCUjC
z%=gULw_DMYZ7ZROjNlRt9p{)f^=wS>fq=@SJ9v-fN%;Oap8VIzAggar9(o15f4pCu
zt*5g4K-R^#qjbM_iLOTLJdK$1#92R(V({59>zcVdPjKzFP1y=aybxmADN#-_qK2V-
zOl3;HU+IszxtK&L%i#!dqJw_%anQ>&suu)jDKOy86Kr4GVYk50;|NEP{n){M57UB{
z<punA0xY|Ei49#sBj4JPPrI-qmey@PzR4Z!P&Ghjzp{i*-9Gh000`Xob5S-!y@utM
z3cl|a+WWlMOQhAbA=M{QtG_aLNnHJon5+5`Jr1-IJ)q570!8ijiD+nWQP@#JPdGs)
zg@+Usep`xk8@4d&GL>0!@M@rMhne1T^IMGG1=M`r^V?Qr2c1tm<`3DS>oeyng88hv
zjkTxlkU%kw)@=HZITwN+YZmQxTKBEll^R0*qx`?jd=s`I&BZzmSn#zV>a1@ARpd2l
zV4H>FClCSb7HqbZ>rKqL0~1NpLrocg^7At_H<UUA(lG_)WBHzzc7Zutj947S<Lz|k
z%B@!W8ecY)k|95nYVIC~4Q>y#Or*ySJb}+wNrQct{p&w_S3S3?21CN(YBirw1$(Lv
z#xVkvz9rPRc>i=<c;%3_JjlA8c_e<6w*6JShL@LJ-zefzWc3Vls&L)?u479M7j(mc
z!bCh6A33PsQ=W)!eSOBl!_kO9+}L$rpaIfupy{@{InOAUQQ~7%)^?u)n#s@6cDJWU
zB_DlfUauaggCEESN=u57qp?_W@Lk*Jl;^%v>&y--WL;)Ah1Ru?6Rkujn3)v%jKUwm
z$kDpFQ0GE&WCt2_Nig$m9^A>TWnAF%)o+fS+kI*#1TU{?U*z$$GenODr$JP;9C_|u
zg_O&|13qw*ZIp9goB##774a=W91tZ9REL{;Xx<$(h7z=qm3+oSry&k)0%yVrWcJ~f
zlKs+Jl5e>RmU9x8z8Ak9@NYm@{qd0Gx?=~8#BPhtguc}_6tcaOi<2b3)qIY2HNmw%
zNHvkzHPIKnR!k3cUTC}o7m_S^pA6lUDoAagE<9Ok8q*?m!>MS2!}2{-#Jy+b<^)e^
z+-Tf2mGvWkjPwOB{Vz>}92)>f=%foy*+z;PK|gczo+Kh|WmF3c79JDs8k-TWYZ-N3
zB^QU22pueaMJrQ(-5nPhH4u|-9XGQaHJV^-pI{~z*<^zadY{{XZh~z-^R>F5xS>+1
z;Z+43#qMYrTgDe9=0#;_Zf*^lZbjm&HGas9Wpn>Xg|hd@=_<5Taw$}L2mpP-a-|V$
zN(krTG6cPmOA%;p0|}>h`iR^%da2tR>BX-b5<APTMWFl8h=1*dySiVWSesa}$Wu!+
zkA#*z={&xxpY|(yd{EZdhrj1aop)D$1AB$-9R9j*pg>+r%c@mb|E=Q#w?~}+Y$OR6
znkecTxu#XD^VG(Iq4km6;TUF%^yjASyjbU-559O#0kDg#%zAC#W2Jr(+;<SVLtn>=
zCP+e|)3kwS?ZBY3F*+U|(u3K$w3k*yBkfzp#;#ouh_6^8Z#_VVRlKjwSuImzXM^Dh
zVV&pZ4y&l2m<fno@w0FvU2AMQdb#${6=m)|9d4>A24Wly<R(r3W{+`4w}|m%k&&X|
z;W;&AgBq2@zYc14M{1QOA0@Y?la)NvFz)Li?&s?vRZtquNd%#Mp=I^w+tk$WfQ%Yi
zAT4xr&gbm{I1YbDI1chsh5@Z>9DlQUIa&Qn&rreV7W+$dEy-G(tqPgOR&v?C4~n2i
zD70mLx7?Nt8NMdeBQ3wkvlwpE&IgjkZaU!f2vkjPYgm9Z$?9rKQ(pX=Yr#V-1RF9c
zX5c|ot>Fy?QXAhM8c7$zw${m9G+Qb^_4dpV)AwA9oOf8F$p&58F7!R|7gh}yrIw$p
zhGO!JB`HbLV?+{EfA3-fp|QY~KMl)>8#`{^^MRrO^+ym9h3?k$v;o?59ePcT^DEfq
zhd};3-mNOd!7{^}!)b!-dy5uP@DiLgY*caDM0j!92q~~->eZy-3SM3r4d1Tu;IhM=
zc^3UQI^eA?G`9m0^M-*l-FYhCw1)*eAR7mdX%R!(;>57IsT@<a0yx5`oAQkcu??VE
z1A8b@Y%nL*qaWM>$FV{fve2oGrbaD6pF32W_&ROa#O_%?6{Z04s4|)2>~PE%K8QSa
zxK<T0Z6<#E;!D6rdoNukb%FISaim}(SF;n$MQNd|Ais~Cm@a~7?MIw$KWzvJyIWBL
zW*F<|vd_@()_e_u8Xq05G3?uXb19Ty=L~KbmO=Qjc6}e@q@>uC?3dzqqUt5TQUqs(
zq=-9h&ps;i<^^)~NK25B6{7z-BOPonh|>7sSc%ph>&$Dn*qFa_-kI%_BC#CXL7&9(
zOHf+V0gXkg3d-G)tScsvq3+n#b_Gx*NJMX@9NNuKpT@#NVbdIWRj=|`L2bRt4*a$?
z_F*5E6ZLXUsXI<?p!CQ4z8^w?u_cQIS`^A14g+U?k>6aFhsp=$zrFWNk2_GwLujp%
z!2-bv%_1b_472c?NZ)a(-)~d!U8lpWo8Fz~M5jXDliQ51Pg6@_f{>(o5+=#!Y6RFL
z*85r&10vkBgq5VP=%E-=ZO5z+20tV+S|VjdUGmNM#CZ$Y9@|BBESV%<^--&5*=ygh
zCZqv3N>(U<7uKlkzJ56_KM6RVv%H;8qk*2(q@W3}IJK^RcHyr>!APgyE@O)4$dAi{
zv+&SCAjNJ)^nF&kf7RB3Vu8T~Fj8+EPaa)}CftsriMyA%dlslX7xCSI>t|ukADg~4
zepljl4&n5-`Jw9cj_^zL&!R5~0O--#N>s86`7e+%Hq8oA;F8jXb~lp}if(J?x|3Es
zsZ+D{%lbArMmv1=MXqpjn+GLdpWV*<I*h;G-s>-(Ljf=A42nHXuA3c+^mb@&Ska>m
zXwCOXW_WpGf_Cg&`Pt$tjxG?Mx4+zx0_;7OTk7gYDX>@C1Pb&>e`b+sHa^w97s_p}
z)RBaz&pOIwLz%*@?(bJ&A0^Zyz8a4gy@L(cK-Fm9V*)zs<h}_ZKzV|JQIu@KduwLU
zMh1SZq6rRg(mLTjWI3u4u3e#hDeTs@HUKl<uRzH6A!4IxQ5_*oO(+g3W@7+`$$0pF
ze@3;@rSQsgIL1_|$}qC1bWs-Oc;G{&q1IOF5uX({gWfXv31Yx4FY0*k!QD(xak9r>
z-I7#OhSv{a-_I(zzBeXIUuz<1B5JWJDmE<7Mr$c978TR)mei{FY%gTInoZJ$=`aNG
zX@o-vd*b^X(@f4jDa_UGCM5rO{+g{Ql{uuEkUz;8A3r)OIl;+I`W-M!rAn>o*N$|S
z@l<9&k9)M&5u_2%ihY?jh<-SCu(Rc6h!}f63b6+zHX-Vadil0jaPIiJtG|fF%3K;H
zmtMmObEz6p(*b*wZA<g80hltwFws|=6Bmi<LEbK}#j(<&SQ`_u@m-&f>xc5!=BSlA
zaub3rBKxUUMC#Q!Y;nLz5V0bbkS-?^HN{;}Dbj4`uZ;}BmWV8#eF2>DC;Eb7zSjAi
z#s0&16G+&om9FlsZJjcsdTKR{G}Cxu*vMl+Jikn!c|Y%7;99f%I?qf>nLI55pdo(q
zUjQ1V3gk<H`6{ybLqBc%>a+ORl!4NGw^mlc)b!=@CmE`frIg6Hbw}3{`1V#}sfSy@
zp1&x8hL+PT7W}hA5bAmxLSB_8`XT2b<ZBdxuqVN*-t|drz^Yp4+b{&cAvr}0%oZ1n
z>1cqR$vN(P(#8-&m9o&?x-&}13148U`-E<c%9YZ|L9p^#WlT$q!ECch&M)V41K#}r
zU%H+Zl6R(UT(0l<jd!=gZ=6yq72F`huZKh@gAVrHw_oi$qB$^tLS?z&i5=c8{~!a}
z#D2WTH#r|@)xLLNtWwQDX%F=GEH<0^5d~1lG8^yF<e^;n_6T+E{A*=dyQp+@FuQTk
z*%crz!2grZekv<Dp_!Xltaii50GXqiDYEz~A!|E_wvo^|4oWp(Qe<vF$9kucWE|<e
zK_#Zc0(@Z)H1}<W?6)>^Sf-tMv8g=Re8XP}JgrW}+CnVUCg?LnL9F1Fk58S8BiX`!
zgu;G6jEuTv^K7#uH}?S~ahW{hn8*R0+yKT57QwjV7J4Fh@(tm-dU?3SEZ7Dhy2-PZ
zqN8Pi&XH^B*{qcj#pC(z&>~3ZK%U@6@>+B%@Wgs{4IsvdI=E2V8^vwrEIOl(ijE#z
z^;j@iFr0T^km4yY^sN~t;>nk=Y#zGX3;=c2Pi8Z1yHhg{avj1TcOZEW8+;lklE_Au
z>u1`f5IHC(P|r-c21PMVx5I<tgAUpmEixWid*r!X1(-j7mOk8<p-)ABIJp-*yt;>~
z>H1U`Q?D8_dUrp1H!mZY7=Osvx_!42lGxxz#g_e8!RkY}7~g>$m(rwz(C&qQFJu^X
zk+H1pr0ta0`23DSAl>>P_Sa6#`#0jaO&xm;Gpc_3EH_3+nSm3yrSPH@ugSDyH`-DK
z%Iz>_`b@i9;)J(?c_*mEF8xDP_Tq&%_-;qK;+tE^5%1Rw;*LS*KfAoqdicZ!KFs-L
z*fD6FawCbVhB*1j5Sdf;Z<aF036*hsp)DKOQIIEoQMT8K*va|T?QKZJ5!VVe9_>BJ
zxm>P~8ZH#iWu{BMJ5DuZxQXY8zw%}p?zRhscmb(BFK>1C;dp}(Y;kYkU9O4sY#$Bl
zc3|vTZ9<_>hwhN_N*oB4&|-BN_mzP`aMlBeVUz3Ylg|hGz2eBA*)+z+?6moNNtv!l
zf~;I3hP?=0lnrLT+$QM}P=VIKbIOwS3MVS8q1OU07o>Sjx%}jSl*MJ21wTr=E93Y}
z3^r!|>J&v2nCZIyHO>!7DhPMdbo4&UX>Hx;LdS-O-!&@4z!6$tUT4<+V6;D0U!VPu
zd4F#1+w+f7<ZtJa7`D)N+grmwhWxEQI_K|+%>6h~>ovft#nM`3Lo(>CWsQ%Kv0o_+
z`07|`!EMjhT0{8yJdz^#hny>|yZ5$8)m}DFywR>t;;jMUMAo8tb%UP8*mVo?_~|~1
z#o>50v1A)DmK`DZO`-3N)2cA2*HU5E*S8InE&hzssU9_<GXBetqHS6UL_vwUjEvW|
zbw7ghQmb$fnO$nHCdE(md6|hM?<EtY6!);~bAjo0!J5;}pFZ)jP_FH+#c*i0t*??<
z*iKT1OySGQJUBJ}%Ko%k56g4fMGJ1fYE8>wyf3F8K6P4~R+0?$c2oVTBENn;XBToL
zJ<=$NO%py;KQZWubwm+z0o8WtYgBX2M{fb5(~Kl03Qa^iMTL{}6>^H>{^7r(lbfKg
zydFQ1G=GcPR%exQwkeVG%7xjs7Ua3}X0vqiDMH`7QzPyDb1EG1@=|G2=}BBKGyTq+
zff>z~h39n#>*-Q<{N>NgBd!IS%m{$FHQKWuv*}ImNrdLkF9$Q*$fuh6{1a~smn!Ih
zw2@N}U5|*{%RI#9?%j$^IIC`m1&DGx0#}q@n%B+Xlzv@N6b#bz@h4z6pp!F02}uCA
z`94Kkh2L1aODbaC&q3Sg@+wQPY-!5j0*lNlfFCo-G}52@%qcs#2wcrq=)eJFOdWk7
zot%JqKIdufDDuFZ&WQ2@YH$`+?K5^^6aJftyeE`_#svv}wKYGr+%y+Zh?RV+tPdZr
z7$WzH7Z~yT9pF-V^|EsCim$r~fj0fQO_@bccmZzxfySt5rCp#=@erpB9-ui4o!QdR
z+5~?6ks4`GH;cuEsZ{Jtt~7igLU%&sXaLa;bz?HezK_U<L(*%DOs?*G2nfZC1<1+;
zgwgXnKYO}@0=9TpaN@bwc>{P(@^*2mPCWP`1noTWdfrey?3An*4zld-cDamw8yno)
z!k|+iaIM&o3KhV-hj86{GmFSvEgZN>Mh#oM3JA^u`EeJ#%M-J#<=@?0(GV^uzU|cc
z7K_VeCvf<kk(6ZpseL-duwa)u#;!Ii7-5KlWb|ri&>y)SF|$48`<oi225d#AkAB8P
z9w>VI8O3^$U2uv$ZN5tQ#Q>eCUb8jVnCjyzf*6n53wNbH3leR{-F`ZBgymSAYh=%%
zQ0-yH1K+N}&ZK7=Qt^y$>-Zs>hn&jLWNmrzQmK|vgQIH7Rmg4)+5}FL4;K9lguben
zP(yv+-^C>rBg*R!j#u-MFiY;CZG&Xi+msG<yt>LXX&c`AgFC<xwlHkV3BXa^tWzN{
z*Y#duj`2fn8{5@DoX7xbSU*V+mvgUx1oxg~c3u4`$0~lbABx|!eXn+d2TF&)@eel0
z<@e>x@_{Trwu~$KuWi~RBB!i|SvXXw6LKtei3hI$32zqk2BZoHe9$F$CG{q>*`gS0
zq=imm4o%~%OT`Jp_HFjB%E;+lrG(?WZqdG_KQq7|p)VW-)#F_w^Ky$@UN!=YX-96$
z;}?xm6}sy(N`Rvsq|JWLh;xsx(r(1~E27+*MtEqf%j@+gQ1|-kYPTm+%r<aMUmfV0
zb&U;*w&-8aIg^5akn1$t!&b7&02*qUnRc$ZdHnK5SOQ-;h$;9=FNpp*g4krh{b=gG
z(0N1BtYBTJ3FB_g7w@MrtaKnbP}H$u^`33Ha?zM7qctNpWoP?xFh!0CHu2oMGJCQl
zu@75*HCm*%@!eES)VQm>YAtO48(45>GDlm){NOk)2B`87u3I}|Os%$u*0gEU+}`km
z0r@r_1%WDa3MN66_6J-#%%wkt9j5G$7#cM1j$KYA4|xxt-*ZfKm9@Bi(aHUAG(2Qn
z6bX}C*a}08F6ZlQSf_8*S7C@-SAm<400`BKseV^=9gsy{E$Yqla3Y+<x44ga#A-Hq
z>dkt>GG|Emu3<0a{F~qD<Iv10?-e;;b)T8M<wjb@fNS7AJ7oJ+<#>I9ui1_cjme4p
zkdt=5i*VH`|DCv?=G>kHV|Clcz=4mlAPMMhbd@blH{utl=C5_7U7c46UjpRC+8l|5
z^B)L|PrsrN3oi)FB#Vh?;DY*My<ZnD>xbRMjk4PAD#30tMf&=(_1KNph<{5WUoh+x
zOrpiL3Me}Dhbnw>5O9}LOphm9oEM*vjCg-iVT^R!aqE;4b3?*Sen6<A=MUwWc};1#
zfBhY8EcZ++G`h5oaJ45%(_Z}Iwimf3=DDs`^~Xth{2j!s72`mWu$zd(C{*bA=gv<E
z0G!G9M4|-5{W%5sarpOqru>xo%VwGU<ua5E$5E1Id2}jHm}`s}+W-V{>vO3x=8?&p
zn|ZuO)2u=f^fLx5dd`xqdY10-{*UQ*Uol(1Nh_QHzsUh;Bl<HZ${B1t8H-5f?lvL~
zrRMU8yA!{=hbFwg{lvIuN5;{PDAp)6o%#U_6dCgw&KbP~zVJOZ_ksHc$^WkT{PlL(
z-#>$J0<TZT5hO-`xj(nm=N>vUq$r}e3ZP`ZiP7N(V_dL%SRj4t1glzyXyt6#UuQGE
z2a(q9uigyyWsdx6)xLo-#?IuS;OD~Hltl->yGk-5-laG3$$;LwIaz~%U=5*9pLSIH
z*Js(PT%PRD1fr#UW}n|1r*1^DIvc+BiTXMq+>C>AQXaG0Dv65@qHIG1=$fgX+nq&I
z7(CPNp}F7dK;LOd+s<g*0M0a8sWK)lJ}iqnQM>~gIVul=vheZAQ-iGP_Qt&izo{=9
z1a45vjT}AQ6E@i9vsTAQ7S_7Jn^G5Tf1PcM%Pbcof%mrY#(#KTg!o8kO2RmUNK*W1
zH}|!dQ!5!n=J~2WlI<xPwME!g_Z4!TXiOO+)cMb=Z*C1AJbeh(5PRrj;*7mlqKJl9
zE|{a0pRWBb@Q7kq^iOwe2YzYCaFQP1!n=0fOO4D?zp~i6=tq|^GU-FYqTe;?9@xpZ
z?fyE^5o4j&tD5*6i^pNFg;|=~!K}$TCVMdrw?u1X$G>G=S><<R{%ep5;f&y(rv^QS
z%l|-@2mKK>Ez<N@eqU&SwT@1c0R;eJ9^9z}FQz)%24{3KL+-gp<h8GJyq&M$wh!^3
zvX1L7tTv4*>h>cKPP(4ZfxRZ%wy86Onv^Z=byN~P6#FO+eK<}K+G@(Vdwh7Ebdc?3
z8$vBSCieLjMSHVI_l?Wz(X`Xc9lKxnJrs72i>5l8EZLCZuCm{J&dqUQ>(FKuI?aWd
zO+U@0?@ll@AYTu2>`|6#Gyd!<<*xy(V?62JU!8s}PcNQmc&a<4Xt$G<$(WP%lfG(3
zSge~#`<3E%D3OLYTCbpCO>WcZW>&OjdQ0OlfRxQ0#z4k)CFBv;(a`bXG>YM7_}0y2
zQO&#$-*21y%o+OiBKjyoyyuRKU~8*YXuoc(9Y!;<Z9I025;~*mTN!&o%D0=%@FVGQ
zx#1_|@n_l$AN^_y{V@j*E%KC?6BNc<6Tp7M1^Dcnt&n&aOnE;HI))-2d1D#*wPMuV
zf;&T?v%SAYSt|c*dsX$_#5fi&cg|kAuXkr|9$Uw|+O~#4vd|Hn(Kph~Q9A9FJFOpE
zNDjX95b@z7_ql}ED;JqOb?2ZnJQgv@y2R(OOxF2R?6kL|Umng&#A}ntKAYqKSO>lR
z_u;D@s(8)t@#nsUU@Eswpmvp(d{RZUIfXVus#xq|BZ2L7Noh&}xhq@Dy$&K#78TF%
zoTc_>HqRAVM!38K<g}yys*E!*r8;W&$ho>leoLIWxnC0m{9e8Gvuy*YG|B_l+K9W%
zH_*NG@xCrV9zjKVKy(0*o&DfQvD$$-Rdnh;l;-vwV@i`Dy^)hSog5g2j>t{IAAdy{
zvY{pQNt|L^$g;%Q=qNagmi$J~j*#|{XQ~fYPg1=g2i5;N?yH6Yf4-rsje-Z=jF9%>
z7pB+DO!Lt`f;1C6pOabPsu!MK(LPcWTx*qDOW1WSuP;1}2{Q&a8O}Dy+^HEb)N>xr
zN->BN4Z!aSYNIG7`(8rD`!?=)+RGDuG4E_@jm@fRsVCg(;ezwBpn;@R@Ki0`qtUeJ
zgVe}pBk^syCQrC;G>q2{^?5=qD|A-{;h5W{`X~fN_^e}T`6va2=T6*gV>Az;VJF#J
z8Bo%Lc5Z2V&mKbcr1O{7`wEnLg9mdne$-LbOMu8PofwwS-)+aog=r9~<uUC)Sy9p)
zo{KJf$~!v+JLjA~i=1q8Yu6Sh-j~XMwc!TTJ9)Whvo10{rnLDNn`P?_#x4;rF2{W&
z{25@Fi@p1X(P$zq_H=<vKGgVsR-6tLG^_R`Wc>_5k|$2Um^uA;{4E+@V_uRfF);){
z_BX_3v=~~WzD<h=DKjr?IKz{DU@&fS6;`~4MfdmvE*OO7UmR|Gs$AN?pH|9onfsOz
z+0oL{@mU<bm%*@;h@$qq+U&!^1CfKNP})#P($8&II1Q$STwZh2>Cm;vHFH5W34LwJ
z@YO&#=QaGb5mSB)obK^sR5b5H*SP>$CiPV*W9O_8yvu1W<0*C^M^O?m&`0d~%aHBn
zYZ<=uz>C*EcIB}qPhY8Rr4`=V={|CzPuleip6M2lg4ZZz8E)N(rK*JrO2zG*ojF&X
zoGqYf0+j8=8izA!;IswKp<=Nf4AVYffFcvdsLqMI%lZdub7X7%;+6tFyIktR691ij
z{<-G{qusz)<!Eg>H#f>LKa<T0TpvbzS#RSl`)l67aEBGL!*EBWt_Q!uL^^x@I=8n3
zh99JlGLPNNL6o?Bf(JnHfa4eVq6LO--~st9HMXH&iDkI}g~6Y1Qzn1`xvF0Y(Pfa-
zM%1eZ1RndzBv#YytB1o%crtV`<1$I=!|7Aad=#-4EzGWU6JmC=Kgz0=ZcvKLn4x#>
zY}?h5f4pB{#5*Q)QC((yXJr%<mfiFeUsb<sdX6GoSLLuBeI%wg*3ra^G#mlvBVk{n
zr=c~1oaKU$r=09V=N>^jk>s^q%gL}Q(cwv`yq;TxoB8?wW9zJg;#`)7AAtZN!8KTL
zm*DR1?oM!6Ah-vYMFIqOcV}Vo;O-8KI|O(CHs{>?-uu4itEt-BKeo1>XJ)#md%FAA
z<7$2DwUeilMWXrX&ZzB0h{x`udx!rD8gbU$N_|M$NU2job6fT@I^r-s>Ti%DwoBHe
z1btO@x%&`UtWK5|mux%k)<sw6(3UXPDStP~z2s0{)Ig?A*TRWBnAdOl8?%%t`Chch
zQ(MFKx|MSp<^4e5VB|TdaaTuO12VLvOi60`?dmRZ+|&ZD;hYuwlLPpEWl48dZd!`>
zE~RN8m>OO^#r<{}_uRDkjJ)w0^Fi($v-x3zKYNG6guMyeI4Hf`K$KW<l-10j)IMFw
zfS$!M08_L%_}!^mxk{m0d5r-)aIXdPE?LNe)Z3`w%c0|+u>Yl_Y#MU9KVByG>tOe)
zd23pYP{iEPvDKYA>7UMPp1)l}r9LM(H-(uJ)aq+_YM9(ehV%sK^z=;l^XU3B;0o|i
ziUM`$a*eMr4)LtiE=-jHr6$S@r!3Wm8({{KNNF-X9eP?8vopQ6(><!)61*E#tfc4_
z4!IM<-twKy3x%e9l60pL>U5`)KV(ZN33#JtnfFUTY-$ve$f@Xg><QRN?F{}5Ar?g)
zi<scHu!NIsI)FDxg}E>mm~O#Bov{8UeFtS3!$zr4bGOhQ!hp{xiLM$0yuqTr!c1f!
z-k21_ytdr0nUvr3YQ2YNt~@LO|Dx_kJCrcCrB)$g=^6*@!r$5GoU_w2En^4ZQA*&L
zwBh&qEj}ANsIi<{>a1%UKDJq$L0ukZ5F^^0_lAdrtZUkIH<Rn*$5w-rlT>(}osL;&
z9FiOY2Mx9d(#zIE?uGNVuVh|+asl{rlq}i`4n{Mra0jbSe4kwQzVDEnD`ErJ3OF|f
zd;647hh~o#7iMjzg}6AT@ORDDut~l;yCP^r9QtYdX7>8!M;w3COYuh}3WY`Q^X?<B
zQhQjU$xx)vxaGS-BN1;priS`Tp?mDWAZ(6N?R343W&cWCvj>J7{jc8aF}m9;lMKBF
z^)wHnXv&T{U2?_*|7HPXfpQIeQur_m`I)T74bydH=v5L+P{bhXJz?+@4&JWVL3>;l
z3_VTZzu0p=`Y*yB8ne~fj)FoF8zA>(CK?dUay)AXqa<GsfejBn>(JaaYVBDxtgE|M
z2P|PD-n!d6lpBeu7-zuRmBHXrgK`t`upGORyEhrOGbE<?p<UIh+BqgSy-{1_7ioL_
zW#jP=&ZXlprWo16THu9d6S#Mj+qiN!mC;~7V*Wc++K=jL>h@FHs9zP1jle$49Xt3P
z>B#&cYKv{|5b^o!_d3P`i=jm>qlF|aluOPVCGDiY@5Z(@iO6g`FtdZ6Tz(>sOv8on
zlx@tLa^V~%2t@H48%gNUU3uKS6=jRLew>*glsLchoq}+scaOtmbQYrRKw}c3wFU!k
zgKW9g>~r&NmSJNS(ZAl~mT`NCB0A9Nb+^uZy>#$xa>5^xS|NL8{@5Y+d+6kIiRo*B
zXq)>Uy8Q90Fxw>jW>io<Vd?Wz_SCk<Em3Bd2Fp9o=RGP`5%K@6aR2rP{^T)Y+L7Vw
z-ZMONvUC+`O2YlVFM2U;4ar?AIOU&(<-l4G0e_N)gr1fnDjed9pk`n|v+iYW5xDG0
z7jIb2^dRL2TZ7f|Q6>tNSRHcM937G5q^1(6MVBcl6#jT>p*h_w9GL4sFPU;gz@k~0
zbGl-PbGnkbgJFVMh?Zpo)YBUt8oCF=r+XX<Q+jHsKkeolKUY0r-9W!R(HOyz(cvIg
z+J-g8y1r<k+5N;)0IB|@#Io_Z<PE_<a+9PxlwG1HT0H4UA)sa!Im*vD?$8o!<^f1(
zzP))Xw$vb-1EKT}9bga&Oi<~qh?fM9-Ae0#m>l%WP>vLJx97FqLJNDw&=XbpF!RIp
z<xKq*+aynF1RYNlxq)IfBysmf%*8}|B1->?wR_0woP9SYeobPtN7wmoj<Qtzbpirg
zDgv`L8wQ23ZQ;TWPF=mMPf5-j1w@Y77Tz1Qf)8wELT=Ts){=9oP(W?p3k^l-T9O!;
zAh$)rae@xmTWB7*rX_J%Gh)NjBjUq(Q3kGON=9rAJU$ykL6YGUkk5-cxz#>;$eNI;
zdDEhx0h|Q}byn8b;e9wtx|44BQybXU)z@JJiMb>gG7hryO9UL@YUh7$FyLXll21XJ
zJEwOL)q|ZnA4BYSoMPx=I2ZZMNNL{1)3sE(>HFTxii6ZlQh3v-h$89faa+g!cs<K1
zW9{p+Voze94!gdcg~9`#zrq8|Lf3Xy4&Tc;SsbNuGR+!c_EETu?Cx&5-mC^%<M+||
zrz+#X9q<ib^D6Z=sgq|`z>T_4KdFpEtwZ7*cvMIoXM;{4;Z#Ig+6@M|K%)-`ZBCN@
zvRG5i!WaZ^tS$zc+>nFpHANS@r*dI<>&>@Hw$@vBitD`2)2U_{QZtV4JIYW>BCj@>
zW$dXAV?fjbXo=J&IY0G}ChWe$Mz6l!=&?%s)OYc`M*()Y&iCA(^)6JDxo=E{&zm-f
zxmpBhWUx_!9{nHGFj-(jP16|&6PzKAShQ^9=V^P%l?^D+<hB@xKq7%ExK<Z4?(34x
zfM-1iM?RIedXmOm_^zjh>oG0e@Fgm6wkcZeYsDr0c%In<?sUmd8WD@suXLiZWaxZF
ze?(Swk=Rf}GZI&#8zmplbm*SV*vuZyb8W{)pKltHrnMm21b3facNH8s$aV}Co<Ksf
zS5pQ&NY<Av0!g&!AiSp5>*CSw`~;~k$K54*JgC0Xfkw|DCnM!3cr|qbw)2`(M{Gz^
zkLBU)xq$*Ywa-hpMp?7JewdEBe`;F55XxzxMtrR4MYIBmdoLfxl4h}e^nVf~|CM!`
z75XP|MpC65m2tl;?d178G#A6S?AGi9pw5dx+a8wHA@bqdqvm^;BU$@*9AFCgWxKYC
zMmqqEz8>;iJ;3t#;Lvm^VgK;;+jo11zXS~m`slTEQF(&bdQGWekxfHiiFmH7r-`9v
z+){xD<c_|7eEHbz`cfJcN3wD1S_B*At+c$qxR-zR@P(IbMvEA#?qJ2Ap6K3PaRt?n
zjQv^_SjHVQ5y4F9@6boyUaRbq&o;5AcykCocP)Uv{9c0fLHJd=ec@I5-O}cS0l%jK
zH3JZu7?$r;YoBXQk>Gd@>J6Tm93_}>M#M7XnUmy+6q73ad5AGdg#}163Lo#obtxbv
z{9yb2W0bCE<X}j<NY@Vhq=tN(@rcD(>TyNGbW(nExxCeaTvTb_4C5n9_oTGHv1N~)
zg@FS(>D&IAt@X}DPQGpiyCG3eA@ryOUSLCReeMoK6EfeY_h^z?dEnpa(y0cjGfLia
z+Afp_H$pVQQ9AXiw6yv#Z>)UkozW7d+kZ!jEV?>u%x=_uWds;i#Kvo0flmY0eFipi
zI+Xo#j@?qX*e;Z!bSTi{?HM6i;Yw+7`(|yu+D95XShIVht#xl79E`p3Yg`Ft>04Fj
zbcv-5Qa07lAz+HK^ntQtIxnn{S0!LcP|J@tTdr#{JbwmXyh9G@0kQeI8e3xYlk&?j
zR}CyJxNZVSRglN`n*kN_%$&5$aKT^CEv_?N^U8x0Z@QPY*WUUHZvMamYv1P=9N~w>
z_G)n;u#_)wc6}9gzY@mx))rNjPSOgfA%r750u{$;H4GWhMu@h|xgBA!#@S7<-AG|O
z)}AgUob<pZ5*JJlzDL34(R0G)*`@?f95`HWp_2L3zbkCN<v7=ij$R}-K}e0jQ%4eU
zT&RTyq|pKSk!q%*fcdGMY0EW4cf03X9>sddq5{pcrp}|+_c;;H80#Kc<`pYEY0ex`
zn$IPsRCDB4DQIK~)xs%7PvyGp(}zWg-=H52j<e3IO6T>e(`LKO$6{9LUap|RaA29b
zjc&_g)_Rkch55yUI3Apofe+&`Nh0a0QR~<w&Hknf$t+u3$p%(G*A9njZzQ!j6FSX}
zUh|i&jgqEDX7r^>HR8JMHsUd4p6;e3Gqu6Fvpt&jEFZPLStb~ua~4JYoT;_9%nsK?
zin)*{w4hIra`V<l)P`$2;!JxC?@JL%ruS%nR3z6>;^yT-?QsYH(F@4e7g`*NrD~kv
zMljX2ELWb^M}i6wJ#2qzCOJ+=*kELs4k#C!S3dB^%fAISN-D^R>-uY2B%hZ|F#}uP
z2%bkrXSIQwzF|Z1D7hihmJ1fgdBGtAQz6hKZR5vXc+ZjMgNd?{A75CiH`I?%1+mDX
zQORLKM>tlkx&1nr2!pe98$HUG=+DxV-6@u2-QLu+9Un)@O`eVozJE%dZ`pB_b$*|G
z|M}Rrl0^5Ry7wPt#ZW~P{s*jMEJ&MA*4R9o-SxD=-dFv2C}6_$dEPd7ly}ecX~+M@
zVJ9N8=9i2Y+pR+GamgZ-z@ivow~As76F%h;{=R?rC<h*pV%!C(ce78R<~-By$9HIC
zDr%((wTx2et?Q|6`qjg-Jl|eOYIO;KS=6+a(xf|1D40)N@a^Q1_4+EXsDI>^Sqg7J
zC!8|PVDZ8e@=B%w#ZeZ9BmD@Lqw%Pksf2o`;-;*SEf1yRqxO22fI&#R6u-PfWaOH-
zbA#!~>X1GqDx|C&#~+X9ODOk#zC2d3Fa{%iEsO^C+`DC7T|BBdPJN0u^vSxt^0WL7
z22OTm839AE66?4naZ1Mqv3SMt>{M~tR-+ZXUr8PilW|(r`3~yK<)a3-^v#nYwEf0W
zi<H{(T2c=4o^v0(m6z$w4=b==1KDC3J*6Ld=v9-zK{e8(Gn*R#=`tMLBc-lB>83Wo
zex8kU&ce{`DLa4btnO{Ez!}arf{K!sUi3uV^7<%e%}_<-V&@w8(4U;_saAY?aeeRK
zGMe;J&=UDidzHtHni-dp!#6vs0E@RagW8ibP0N|i+1>5J7<q6XW{KDJMP6<Be0U1Z
zUKa@%uW0q4n4de^L#u|csEGPVd#CSaq7{TS4w~TO*w$7yOEfd`2vYYA-71&+6p`>A
zb~`U<fgSA57aWr%d1{CTGFzh}T(5bMAKI@lJ#HF%p>=U>mN(A${WvfCBU+pw#a>xr
z;E}fo?jcp@)h{aPeIjR@ra2LMk^R2MI!>FTL;DWrRaPhLLnrytFVehM+y_n9nuto3
z3M->pyY6{Awj;eYuFxAIkUZON8!^d3Z^C2i5htt*T8Cx4LTlx{+sP1rV$fwKGU?IK
zP0Uq?k+}m~kM?S06NrCbKxJ*0SNk;h;Yk~Kv~kdN;g{UXP4V-(NLadEW965eE5_)s
znvalwDxJfeYx{bI0`*u~RD<&XFQv!OG7H3G`J7i@pLqLNndWAT*y(Zfiu5=+)hDFr
zFdU#53*G)m+1;W={!w?n57@mRB_fMDuUe+fwh*KF&|+wc6=>gmAn7boDCq!9X<bn+
ze&>Bi4DPu5I(%n{S$9%R@(|gJG9nj8@}pX_WI$FBRL#gEgK)z4LB;Oa-*CiaMofu0
zgXeo_Vg!*xf|In*-ZeY}-(puXoILsGjq1eojjT%jmtXcA+u`dF<%hny@lD>nHX{@F
ze!g(Khek~{j`yw%>|5y~`j0TQBmv$sgPQ+0YznOoSQCdnD97jRy42Lmx7?7U6q}?w
zXrQy9)Om0^u>@LEfk-~a*%Xwj>JWFy(<K)>6%=ExN+j%s4f$$w&j-La^Xe%#<@Flm
z`taKkOT*frJX~>SI4T&tN*v+fN^Po|N4+6n9TbFUZPG<Z+I`-jg2Z0F7%a}7le)>%
zS#1x{^D?IOALx7VblKQ>N78gg0Tx1GmpzPtTV<BkO>l!Ro?0?~G`2NB9Sz+CjyU#w
z8l|f>yG!Cc#P@LKDulb0S>C{6>#dD)$^^ouGs&43{M7jY7I!u^?XA^(!F5K;l(0Nv
z8gexNp7y_#fhV~reyO1No^sqiG~Rdf)i-6*y4QbbB#eX@ER@7}&8t&_ep3Xr5GdSz
z!;0#~F?f046Zkj+C;~nL_22)rZ>OLiFU$5^@=CM6jI~wrSDRCGIR>_DZ>L0@ll=OD
zu;k4cC3ydy9_|5wR))}lWP@sN$ljUcV;4$|V_<~K;l|+Da{kYI=k`2=eV~U4K*Z3o
z>$R+Nn%H3L6n;gd>KTyjCFh9R+kywR5Whi|hIYMvKM$+ZSfbmcckW()!woNUWzk+!
zcQ=oLl~RFp?ZwN0b#ERf1*WR$Qs#bgpx@~-Kiw3^`FwG<C#k{Tl)<zRJUcjRPzr<>
zzXzRJIv`G2r^FbS$tD3Us=i_cm4nY}&{<4>YcpV#Bpmd(ry4TKK$%-HWtlgdg|3OD
zu0e<HqT8q_ct8d{xgk|6JiX(+wB2Cl+25UmcK8<bHI>bav#|^6gJ<7tCl6{gMBgS0
zSdceWILw9}o})vG@O|`O?8ta83sAT0ZJmi}r9>%6(*WnP4S_D+0PF(oq)Fy$JRYo%
z09zAHwGt(CXpW%q0nnI03ak0S<g5}-J4*V6YEzBJSc~ok=8&&<d#CVY$|KXqM#qzz
z7HsPMR=wKM7di$KxMvZ@*`=#r17nAp%GTa@HzZJpfYwDBsM5f418gogkNojq+%0DY
z!`#ib#UElV>Dw3;$WuvbC490(*`^bfhtPX9Nxq|UuMj&6OppAWj5m4{8+q-eS_mx@
zuo_Dm+}N->IhF~tT5xI_L?7ao^9h~U&DWa)v0FSsZ|Gv~G3vpC4N>$mO~A=a)QKi%
zNwp;NFq2vp=CLq#Tu+1={e~7%nvk_~Oh_J4&zfDVk&g;Xy$nu<g#le*4>T7&DYp+=
z3W^%RS&NaVd=e@{y$n0WMApuOGr}F87nDkgdJPS!dNQH;cp+uOKA||w4m^n8M*|go
zA$T4zmHv3mTj7G@+dt~Kuxzocuq?kPQR<^33PzR{GiG3Ds4BQM<tU$vBue~%X6haL
z56Y&Ywd0Q%JV54KO_&)Xe;X6ll&N)$Y$Tr;esx5JbJvlUwI_vrtpAAmL^L5LBw`FL
z=;wgtSgB(9C$}!k5PGwVF<dAcMPb)vK*G^=Sw(O$hU!*TxWt1*L@V488Jz{m!DYx_
z++46u-9YD>wYK`SLU_2JF+`u7s3&Hxl2uAVo*|3e(t7sF1GbspXPQOfy~Kk~M3{$X
zN2GF4*$!v27aP0p!mBt8AeV{2Judo-y=vHAy?Zt_v+|+QNx?feQ(^i-L|R$NKEFa&
zoj^u);>fMs>B^Vs+Py?=>^P^_Q6%8TwT*Cj_gj~lXp4P{SKQAF^m}~jsQ`^B=O51&
zWj7(zdDZB1^TFhZ4XGahUDy<x`OQd;Y>PfO;~SJ;48w=KgS_di_YkeyJ2H71ftqCw
z@0V2mC<}~M0);04HIf1ooiAMYOhT14BJIF2nAvDsOwlM&8j&Z{{Zpa*VHA1<mBx%v
zT=2?_#BSVI;WGvk;fZEMg0V^6IHm7Td6|>%l0)mzEy3qhhQdR1+R6A=?A6<YW84U3
z@+l<T@AL>Gzduk8Kj`CI$@XJ0b)?3)d|KGmwXvSIiwM@IJpOsTw6lK%Mq@yKDi;f#
z9)5ai9~2HGP49Uh<%wLnIo0MXTUDcefr#t3M&88>F-}9d5s^xHAhwGelqOuED2PX+
zPo<n~56KIoy{huaq!-KeuI4OD+_tr8jK#KXDYZH3OXF6jW02An8%&6ewq4aGX?DS|
zMq8n{)r+yM|7y%ly2&bkvKkQQ_~M5sKgU2i4k*-Yo`{>D8*v9vU0uPe+@owWA<^l|
zTs0L!jggEQe)SDa$_gN~YJ<<;ncyW4amQ-(8Q%M(X|$jgh<1tBX6;H@10o|Q0V~~!
zW_4hz*gt`0A1vG8mFl?zsa$R(u2Phz5B<hA1qmvpi7atOUs}WhnQQChZspSaODEMo
zi!}7+q}>eO?Hy(0tPmZQPgo{s%Es8PccNU~D?>bEJZu|GD;pM{qc8XiFFZaZtB7GV
zs{;?W^-VG((Mq7UmGzK9ZQ<I_(Pr=+w1)jBzl!vAeKNUvhYL@cKd!p#s7doM$Km}k
ziLOT4oJ2#lDZK`lM)(?c`PU5eayDv<F^^>$DzgPbT7eF^9S2D54vy@{!&4-J({H=)
zdH_#3mF)~Jiz|9f<M}_k@-dE4Zlp=O%IJ;)N!dH2Hky7)-(7!X&8(4RbnMYs`jQt0
zy3IMxx5Mrj=_02DOFa@}8QEF+r)EgHaV(0U{B-m}f0OZLP$h`Fqz9j;BXV!A=i7KL
z(vZ-va9^MA#4d%uifxOo=XnXb$Q<t2mb$hRh5HK(e&&iTwIl`Zts-*-ibCZ$lECDj
zs7p;~Zk0)g(lw7|^XVxO$1g8WcAt9`+2{6zo{GLn<d@BuYu#C{$Ll3abGM_#XN&3i
zBnHQKgT3?(&gF{?`Q15#Zm4c$6WO}I8U*aFQG$zFTI_&gi5lHGz~{lDEH8|Xkzci(
zr)Dh@34e!xSc%^&7Oja(rB~O|0$OtG2`8=9X;uignYhZktCxAFP&Y;Ja6a6JrsgB}
zjKmsS_L787u>4?`-TyAt<ot<EqSU^3%j%@0v>2RYb+R8WP2JEBHO3ev(t9$r&g>tu
zw93mIA8yTA#BML*9aj@06K8z`)`@2kgbgN(9p0x-pF_zxH=f&>8%<emb4YX8_gyIX
z9GxPsvS-znpG|u{;CoJ_iTxlYCh5POSNUO7pmeB%F-OGkIv9u4L!~X^1fV@{zvcBs
zt*naISknjrH}Xd`9HwDRZz2MlsWD<e;D7}(1%sJ-N91DfuQ5@W?dSA7?z0lvPbm=*
zAk7xA2Aw{q7!ovL$i|6iKO;F=y13FdV<oCI!S8Q3cGtzaU!WRR=K(iv0OuiA^ZULb
z)`4zjA}0^NgKh<XT1YwGU^l20MYOoIVL*Zn*&)s)E+m!JIwqm@?_ht|o6d2gQ=V#k
zY}O$X{ocrwdW%gxTM0Z?l=`{mYPCMl&43L#(Nde5b&<^w7b@efXayD-76kwU5gpcx
zri`p^X}A;MU>cjRW2gjcd+qEfPe}Vm!XNB|FSGj`qhnnyBi>pT9O5%T6GV}Zsx-k4
zXCQf9s05Q<gseK_7{h;kzW?MQu+&xPnY~QK)G2DuA_>ERP($gTN(j6seW{^?P<e@F
z*>9FD@%HXB8ZdNM<H&tCZ=F4Oy-4Ithk51kdBFP<oHTBRu%Kmtrsk05dRdH#NaLL5
zWN8kYMv5xxTSAx6*H0#^*oaKWlj5J9TSILqKanhDfi^x>f4^Id1!EVxyS0lqE@lBt
zk1(-gNlmUkx9=JCN9zG}T`32>w_cAugr>~;=)iE?ga=_CwNcGsO|j+31ge59Ciz#P
zz@jXE&kx@C9Z<hufcRInxB8j#>)oq~C6K&AVH$0Xf#yr9Sh2So*I1aDPf&UJTzRK)
z;_}%!D&*@+_+DjfRma4rK#0q)x+oXvfSR}K`jgorA(vV8wo6S!CAtp)EWmdL%?5ks
zdn)PcpM06Qce0yr@a_tC&t}q(UgH@_K#`A}=WHb(Q%fAvpHA$)6xS+)d5(aVnsshG
z9uU4)+4U35)rP`$5vyOxreSzv77RR_etsL%Sked-E3xk-2k-kw+R2MYmri$UX|g^T
ziJq`_PCHroT>IlS_TL+Cix+EvPot-9J$0b52c2nQDEWvQ1C{h|vhRO?-v03)RypIP
z%Z5eV4(cmUt4S{g7?C?}jpdWDRonTR(W(z*OlpLIa|er9IA^=fh|(Lp^)?I4-k!g{
zzrN>YVj6cZW47JH0<g|W$Y)1@UD2`!Wn6^gSvolPU6mp5=~v-`n1jQsV7#Y*DccPi
ze>{h$I+G)I&Aki+%rhC0kXQZU_Kw-rvIPa<52UGO3SpjQ^1+^T3LSDN-)cp{ihULG
z<<(VpprlgM{kXMvRbabs>OK1Q=<HV*{6x)jxH3zMJwjMQW83h6tZ=u$<pU9%74ik;
zipIE@Paj_1Ny$ewHoET+XU;x9CsNi=yjP+W{Y?RCA;doW<${W=J8r#5FyfQsKU;rd
z>Q{%Z1#Xfeh#ruoFSf4f+lKya%@2VJr>M{%pNVp>YzC<V??-;_U^jUhv&XdXPxPO1
zqq-KQpTjs&y@#3JSEGvO+3G|EOvprTPE3s-O^h~ql92woJuE3@Mko=tU*f+%{*X7!
z)-6hS%&5vC8Y_Rq0;>F7c8jmaj7ZHwp#Bp>$RFf(*q!21W;paw+G~lol}MxA2O7K0
zUWQNzBe!#jKm@or=fl$L28-hcg5(OY&^SaWEYb1f>N3!mw2f-0+%blGLXV$s)_!M8
zKK%N0a5IQUqG@gO(P_yslDN<BO<!}TZjNV-8bvgwD;Yp+u;Pz3;8DON{L|^%XkZxp
z$T#0=sRVBZ<kuPt24lJaWnF(1J7>pl$_Iz21((D&y|P*nZ_U%+Z=E0v#*aD-?>ZRT
z`H`yW9^t!y7nOnxpss`Qd%)L68_!GRTU*dHo6Q?&(s!6OZ|c?usg-kBpSF42WkBQT
z=BE-dZfZv}p5QU|4IUWY1t`U`8m}<<TXgeGOP^LHXjGckq?mK=t%fg_{fo+ARWn2J
zoVR%^q#K>V2zkxjPO%d1dP9QVVCH?4IblUCh#n;G;^5r~RSZQpT-H+h*Rt4>#NTvL
zqdjVS6YFgW<aK|4A3vtI?bE-nn3;FYBwkYz3)F&Z>pM0I-sW|4SS_48HO5j_m=iTY
zZb&&``C&H(X9b)wht&Y<QgSE=(GGcm4vQWVtUqAcG)g)T6>CYqNB2wVbJkmQ7hYWG
zwlPQGqimX6SZcd!+NM`u2uW;R+nL0b)rt9z9A7VwXdC|P0{a7b8CnKVdv7(L?US0y
zn<0zZgZBW|UorEyV@7)uSroBo?INj(_}DmH8+Dz=q`#@^*LLPTRGS~9B*s?!dtN>P
zSIR4d<TD;m%hZrN<bE31yG!9LnsD;R&nqDdgv2x~e-GUmQEC<^RF3-Hnd8eBjEhwL
z@f1F`K_a^i-s26vf5v>`s*tJ-Be%8Ke9n7ww4Qv`B&hk)6d|a4c?6GK5|(yJs(ISs
znA9?(<g8V^?}Z8xgeb{jxvDziYjNH+)%*<cv`$O<GWMB9cG2sZ_uJO4b#1WFq>sd#
zR3D{Un#p<^u)C73w3x?3Q?_IyGxI;n*90;Dpdq-Nn_5(od^eRj3+OMUA1}5mP6ZMV
z&j^t=e&yci>7iOc`*j${L)8|35)_!_R;)Mv>{>B5*IJO)gXsGNOMjS#9y7?sSqJ*^
zF1jKTdzKJ|L%7{zgj0hKS{kpJG$Bgn*d{3=;fq?RTNd?8o!VkS5WShoA8+AMfc!0E
z1YfxL<QU}*?55q*0e26(w$L#a0Er&!kVB=!<ab%^-s&dCVm)`RZ)1i-875XFLT4wR
zHqDq*fndQ)pd*g61~+&8plDWm9b+!;?65T*L-q$Cw|psc_-PMG=$D$rb`ro{t!B|g
z%OnprG=2j98M}$TDkG+PVvtwi9CK<*n_kGGCDr&d_QQxvihFc=VwAwD!<)#*i#*1|
z^;@CptqUc+VLjc}@n_Zxs&Z$eIBi%0SGj2m5Kz$Yw?$o)1vMbz+@75jvHfT<U^O93
zCW(lodq(+#_5i1ofhq?NSPjy{OB2U=b-1Q{?5<jh9oTzyM7dsWDpN5C)9i`6(?)YT
z-uY;d99i$}ucQ%ZVy-~cS81)WF+EIHd`OpHVSHwqrs*|7ZzGwLZGy^M&6v{vRei92
zhLgMZDhiS+L#m<YovNr(UT<+#cGH0e-<tiUM&Y-Fal1JI3FT3!Gn!^P$_#~BK!QZB
zt!H(=<1uS&LeIvuZpgg2%wBvVNy7NXfbywm4caRE*qf-`@Sa2f5|Gh@Ys&sfFMa#>
zaOZmTs>q_ON}1Lxjw@Q<fiB-(R@Re6w3)Auy0NZX&N|bs;f1Qz5wi?0?zIk2<sJ8K
zPun4tXG1UMC$ej$MaS1KMS{PoL@-c<M2kL8`(JsZE|z3vea<2&`o7p61`@XxgLGha
zV^(8L&AuuBY!xH64l4?aYHB%?RbyB1re;uH5&*yT!o%Wv%*W!ovqRC?*f_+Jsld!)
zK6=kL)arQb=(D@R5nuaqDyi~t#>0zEOZd=eI3?`mDH6q*LF>CZWROI(2+HbU-*R;_
zwS^r|dPpzf`||Fn;tAL4?%Hs9$aTH{!%ILFmPMUgXMuS>9xq&j6KaRTthdEt``gLM
zJo)b5a@w0LiUu!VG?ShSFNhp!c0U#g6d``f^u;=$K9h6culMD}YnDg?wmA=>DWO9o
z6H0Rky3HU{2MX~Q3#dh;0>$aFajP9jzlEN2kk=n1K|&Yf^osMo;MqWy=khcw9Y1L<
zU%ni~>-+fS!j&sl?d4OMY3Ymgyt)8w+>syIpaA+4fp9tG{&$5(4>`|#t>as}<>OTV
z0{pQT1Rd;=7?;y%K`YQo8c?R0t+T@d0YJ86wLoe=YR8jX?M3)lX9@f4xha!jV*8mC
z6Catx3QqeIz#lJ{vEO{!=#XWwKh67bvVllB`cU>3aZ#U+L}0<e?1{x!w5@tMmKUCM
zZL*<~S>OaN*8zCnYYr+ZnovZa5#Ow(g192*hUPy$IP}UG!z%D!j3!pQwANiP=@36r
zEt%TlWj|gErt|nl24k~IEOYO3I{g0Z;$4sOka-p@6kD+D5z!jG{)lJad!dnS34B+i
zt{eCm;90dhgvrUdL6CM?)rpP2bmXiqeHPJIU*25y%Bauj^UHS|T=&jPUAeZnCstB8
zfjii?t3m}q^t(aB_r=zq_1b_lH7hT4sB!V5mE9!kT^hM}S|qv&)%S%XcvU8+wVcOQ
zq1bep?={;_!qj8)(~maQE!#|Pc%e4iT^13mxr`xg@u?Ue=G6T&BX_fx5HeB4hJuQY
z{pM)p4Sg<C!!Fm32)2<#BP<7V&&74?G85V7pA%Cj!4OklVah}AQj53uP6Yn$P1w<g
z#U~6sYZsG-LmJfnsju6;=TR=^16lf9KObI)M3%?%#=hs|>H7G?UK)SPbX}Zp5M5}j
zF(GUB0Pd?yC1QN-k><_5wS~aGOlqn#i_aw)WO<U2<XbWJkU{cT3b=UcgfeV=Z`U-+
z|MfpPNs@wpaBty@9o6)=-gAw9<$0aEBp)3Um%|Y2h{QS{8U&y;qtUJ-hR@)b5YI&2
zhzgDwrwc55S~>f-tZ}xn+7As<?_pRN7NZvfkeNs5GrUr{v%B(Ro@{oY214I4*s(fo
zQ^yyT+ljIKOL}*mv&=+sM)z)9dA+ulj%|83oV(1#$`{JtI`nUHGq_or+v!h$oK#B~
z=bYd6z%!ke`|r91QY5KcQgM$GZWv>nwiBC`qb3h)f5Ow;g6oJtodSure)@!d0V@6i
zi%sTzI`(f-^}NV)5HH{eB`l(eiheRaM00MS#C*<zPkp&Y^Eua%bI99i|2T5!Q2p%!
zWV+qUhw|eIgQ2N5Hv}^?@igH63$&Wb{7FJRgJ-cy=cl`!0C1UctBJ3saY5sm$LF#3
zZW=I}c-VWh-Z|$>Z;ZZ+`bomgC~RjHg!Fr?yqvR4)fS7LPNI*idoX&_eJw;Sq`67%
zWsYaB$hNuO(Fe)LtsCte3<J;UJ{@0Aui?hv7mAPF#D?I`x+bK1DT+Pkk_$(t<2jdf
z7!#=L+L3IWToPYjv2ZK~>;nOg+OC?tP_fFH1I3z3Ulz{-=vWIF+TO~8Rx%<G8LP^a
z7cR^|rLQOl>@*un0B~P$Z&<}&hZAD+)jF(P@Qu&EY&JcG9G)WrknGX|Ok1C@I@6>C
z&L}FHuFPN0(Z4hirHX@}ad1vebRkqrQhZB8RTb+Pkic@s1;PV35Z}*P_RBF2Pm*lc
z>+0DTUF+uUPsk*eP%WXKNql!`ikOcVu%W==oBHzj*(U|%xK_Jc98n_B<_MdN_=s9`
z-h|KD2OvIw-RXt3@4Pv<BE7ijrCiqWv|Cg7MxitkUB-A>?CaLIK%0f#jXwL>@>FjA
zGi$BzEP}rJ%|n@I3jl2~SBS2MS0(~LX8SA|9WCbA{?)2}k||(m$JM2l3IpCK4DT({
zI^$&F(5^Y&p@duYw>nQu^=q#|NX8K9UNLjq%b4M^qzFbErAOYjQ+>3~XrY=b5tIWo
z;KR#p@^%GSG|YA?v<i%f$3=CI&M8zygBZRfa&AXkb?rJbJwM~w+piDd?5~mx2y>Ho
zVu%}ji*i0}%Exel7HIMN1}-8jqBX<3{rSy#10HK6Be*)#Cp>*<7SADx_}=8Gok)U5
zMvrnMEk4sHbk4jrBy3~sXpe7;IHC<Cz|D5vK4B9_Us{1@>6U)qN%jG-W4pfd8Wloi
z&62#pXxK?U;y*!j$C&Z7v`MTxUL$}7^^i25HQcWQ0-IGjp9YEK>2@^F*3Uha>>ql@
z3t`^G96sAq&&m%9^CZ$$=se-}`rML#L-qm2$0j(>4`Rr5eDvv@C)QYhZ2~C3+mR=V
zT-kN=p>3$?V)=&=_zEEq3UQ%;k+Q-6+Ih7NG&A-REuQJ29P$BPNKZ++bwk-~a5y7c
z*bpl7)hI-!v;ANk4vCAcb{l~_l*$O*klCx2hM&x>>>cOD<)@DUGgaz9Gs97ah(;Hc
zU)!e#@@~UMBjS85zg_#7eh0_lP>x{@J<X4?XBnjO9mF^k*>m~w6QJ*c5w(~l2*h`6
zS4p~xIk+xaWbx;4#vbSwG|#klhkP_bjcx$Ko?Y*w!B`Ew7xXE2*e#fwUFAa)i@1gG
z5i59$pQ7n&j2-Udj>=bFaPQ6Gd|9i!%-ZXTS|_b@eG5Dabb2i#9by4dU^97$pG3t9
ziH0%eUPq?Ut*XNiYJ>F=K)#+PvMZIFWOx5Q38z2x+Z7RkJjp|^2@bbYoMsz!Ie)p}
zgutP3Y}5IswC7PDW_(JU|KgPYP<YV1i+R*TG*kP5-{otKP2FlTlZO~-+CeET)Ar-c
z+L#wHLiv*Ty;))bfF6|qAShf|)PD1^gLin)i<bMaWw&{(`U<PM#e~aZ*Q$$9bZONE
zVS#3S%a7NKXXkY_e75_w!K}xT!k%04gF42b%y_t;&BAG>O&X@(nt0F>`wPM2t)#ta
z>o<|HrExbwZXdLjL22nHF2?motX}ksOq=~GA7Lb<9V)+QpZ>vf>HsC%yQTR`7>SIQ
zt&mCcZtczp!+EQ*XN2~a0{8I_2hiCzT(v=1h3@80q9wAn02==2dtR^)EIUt`RFc%C
zVAp;_wk=*|0{U=&^yE8Nc`d(<%siXLv9|zQm!-%3&Z~4o!xy#1T9fh9OSO3}S-y)R
z+L0W2OI=~KQyv>1@%s4l3lLDUMfhhcH2GGPj+w3P_La}K1dTGObhdl5H2T>OodkYv
zx`*t#l5EfAoe8ep;e($nf!gVN391n|s;TMB1R;GR*Ek~g+3Q3AL7hG<d%u=tlAL@v
z*$HJsT@>P}Ad;`jCLyV*(hVg`Lfg@v+N&&rJkRN?xHHYJLR}ep<0bK}(OkY@eXbq$
z-x*{A@On?IK3BW?#z8daCab-bRre#fRGQ?o)^&_zGkvW<LhmsIQ75OlcU~NNiyfs5
z20kAQ^prSu<sVyi$KLFho+x12!okh?GHfdB?RFG5gqjvumzWer$WfAeH&nwY;UG)f
zLRG1tK;3ZbN4dA{K<(S}9<-%$AsHLO=X(0s>M@+vGW+LRuZpxMQGqnI#WAl*4UTpJ
zq6h3JJj(WQ{!-Hxo8(m6F%4J&pc9b0;x~a9d@JAgO3?^opV1I#E_)Tv7?p-kR3c6-
z%VgijUiWjp-lGTj4-8XhQ!KS2wZsgCNZ{AbaJoSkjPL~ZLk~~Cq^UkLv*NcbhO9Q!
z<;SO=e5*FI>M;|TODA1L(BW+30iOK?y?CLAh_snVYF4AD`d->{u5Pn<n!~nJE;{b`
z?BX{-yn9yIuKiQz6RUNp3!q(og2tg;J*qF}zqpg=V6hDgdKW5_m2@H{eh}So>I?~h
zi(dN`Ls|oh#V?!@nqtArZ8Onj%F%9Mh{ch)QlZj4f7Cqy7Ecv8>;C+b->V!(n4`-`
zONlJDJ6C5nAU+!s4u8Ne2cs6YZ8ZJQ0KC+nG@87k-l`y|Hlril%vP~C2|6XP3On)~
zMkued5-VEz{llg`uRb9BT8YThm9=x-3w2DDCoF>HIvd~-xQ~(P*Yz+(Zo_svUHK_?
zY{&fNdmV~W1nF4Mm8o^U2U`6nBy8G=sJx}J5BuCXz`c4f!u8HfhtXM?o0(|rSSSg@
za-5wnt<9>ruvDpfM3eaz;%3(O;!7N~uD*_CPepsM<f72WG#3x&yt%|9FA|JIRWStQ
z7qX=ie8szXqHcM+?@f`QBXnNopD$Cd@%ew)1uE$r&%~FLPKx+EUc&1l?Z)+;SG(T4
z-h^A7I$#wv8OUuO9wEGQSP-{*Irbt=qe*RB4p}yTgb+Yl3GU9P0+jd%98GM2u|>P*
zqNvw4%K_+UXT^p2OAQ&}9>yMl#xZN+)slv?<u@X<cV~~o(l!F>gOuJi+aYzi=*osO
zgv^1qWJmq)iAo*)>TXCS&P{2t_Y=RVR{FmC<Y_~T9nY(##S<!hOiLeI^1Ob3x=zYG
zN+?uqGn5-;<%~y6nj2N^oUd<Dd7{viDOu?oJ65?_vYf8|7L>M>A@)g%<aTPYML9Q(
z!t`pf>C2~{;+ip%YWv!an!;fcQ41+q_tC^NN(25)1$av5qOs+7=Z$z1jBVjZ(dUgh
z{F-?L=`J4J2YXA*xL+vx1g?^6Ttn`bVa{>2Wd^m{qn4siug}$YZn{ed8-A02Tv4(|
z|7z4M?c5RhF?dPtXAl8EN_2)^+CQ~ur<j=p=+c^Yi-2x`7gSa(1A=hZ-%Vzm#{MH8
z^g9gX5B^b{yb)6WT*a3sNU!aoBR$Tikjg#+ZapX|jc{CUa=z-5awHfbiimyp9`P?2
zi<IPAA?8%|o%~dj{N5~{l%^pTH8Dc>A@ZDj(&O_MS*IuP*Nv|yisv_3THgJa6gnNm
z#d1!qXE%AmH)q^`c$^cxQ2yd86D|pzd7~a3EpuplIdOF@bTk=ZSpKjA?N2G}G$T8@
zJ+USh|0rMe+xmmE{WfD>CnM4!R~N?2|JP6aG|@SI43S;JK-rr->PBN#98Uw8Ko+d_
zKt~Z*oG|C>BtocR5IRRxk&X-X6QsyMC&+foQ6g=d{RZ4baD7@!BFhmMZLO~(Rq*7b
zfAZ`1L2;<ODbUVcgobp`=c7YAbC$332xIgZ{wD%gko=Ep68non3W|XxlM<`J`6JIi
zI$?a$&gkm-;;cyp582uATf$i0oZWYU(4qaM<VlLX3<B9WRw77yUA%>m_U(YqsfZTK
z6q01_l^f0wC?GX=1Ugf%d%wxE8o|*+G}-$8f5uMtAIR$$i3~*qW&1eAnV#XlvF>1$
z`PMzTt&gd;{9NsbR?F^h7hUaw4j6p)Mc<qWe%AK|yVPX=nTGfiVAXSSs)K!SrqGyA
zQRV{jZl(f@aq%S0za9cgy#4bK1#7(|s0O>DrHQvWeUSgY=>Pk>DjF1sOoLz(D+;C9
z#;TG5{|BW0g9&EiD#V&n5Ly8z>Zb6fSmyKJle-9o*g_|FSM)FbtC}P4KO>Ak1c#yQ
zRdmNKg!n8K==&uzikL-X9Mc5YdHjb%?>9)QSZEeE2;>d_a`B*oVZ=;>CTaigomTbt
zPJ?RCn9xecoEaIf2@}9Sy-S)u6yA6kcB!2FH3})3*q;BXnvlf#d(l4sS+o{PziD!m
z%1tPQm(VuW9}k%+!7&Gc$6~#=ge&8pEH}x|JJ5{lFs}1JX(&53u!O-Z;om~|83Fz;
ziGl7I&al%A80AF4mM9$zh+7>L!OQzga})!jNw#sAW^sjPaG8YnPdSkOBM0Pua<LZF
zV5!*fuV4P>rO<)}Tb}KYU?e*t<KR!EK08BY6YMM<hF`2hzd}AXG$c~44N`1&vCYfR
zU$2{z?<y|LI3N(rz!&hr4+;wE9~<L%mQUmKgEskNArxRcH+oR=4tVP1kEk;EGv*%x
zn@rjb{~BvI_O&1FdAHp9&wgwgF-L}6?2L${b2~@e#eZV6!f~XZDN$qD(U#}h{y9E4
zt2^zP_X&L_b8I&tWl;Ho-l|Rfi}IP4L-8Hn)m&cBzV?Tf2-i0WYi8qFLT4E>@3&73
zpQAC~kNqN3Bz$u<1#Jny6#Rea)S=&@>qhv)<!CYJ^3rL#OlvBs`|Q+=Gn3bS5(TwL
zDl=CiIwvdZR}zdeIxh`UuL!@5z;EnP_FoRUP3U1q8D9M%nT7QXMv%YXt;*o^sng~y
zJ~9{KH(uG{Gy91gu_A-^HsV;NH@M_UN}JkX5d>@1OhyI<_CR)N``m60nl$n{r5rrW
zL~XMC=V_KJi4Hl=nzNe-|J2)3^c^a9sD_Q>bsmWQZ<*;Pf=UbTfvDWtM9oL~Yd2Qp
zu4LM%#*HM}C=pNi2iU)c7;|~Ixu+R)urIw5SiQR&{WHg`y<Pb-i6o??xw;9q;o;$L
z5^R4aiI2=_BIZrEnl3~8ri|C8P%%LDkhI*F%rHr)6(L&2wv+tteFudXe^&aV^_5ht
zl(ou#ymz%XCBL&bHMKxC`q!c=3V4in;zi8NTfwr^uLWHrY<G?!`skltkkr}zdz#2D
zZi=9_0PDjnV|0n8c+eXZx+SXW$a@v_Zy1a+Uqui(vY#kpbg95nd5gyS=#kJ>3R5>3
zX8bRIO^^htHG6aGr@uC&lp(m<=TqL<=bQiMF+zLaTabI0@|x*vfCnAoH);CRqC)VI
z>6L^m?BJVDFZ?sH&z{|@-Oh|f>~sI#V}_f~jmjIJW(w$s*sY?(uinbo<kBr_K0z7Z
z*xwQMpnb~TsDG+WV}c5$R8ont_<u_*+7IY6ZWpmu@NN&PRPcU0;{1*M_c)M1)~?Uq
z#?pqr^xGuv6Nw5j!&|!%@e%m5?G=fT1s+dDMC{R}$@i3%m5nt!XrY^<3`QHeFh#v+
zOGPK2X!OY!m3*Q1liRa(rXEbj`aOKm_1|a<PwIf7P~7)V?d;-o>W5QBNBnwqkYfgd
z3GONTU&>Gr_YZ<v+;EUb1L@ngVM`@`nO<}K7u;eB;u%pBaKKTr*L=o*b`C6kc#`e+
zzaRDQtsF7yx&3>gHYO$pb+MQgn-Mxa4^-q}C1bp+DC;m=D)7V_`7Jpt2ZFxeu#YZ!
z5nabfHVAk&h+g@5cazQU{N=F+R?}_Q-Op41zxVME!J0p0^bc&qm?^s11DGk<1i?@K
ze+^-SM%`L7xy_ItiZnvlQF!<qoB)`I0OuZ`4(Kqt3SLY8>vtscL}jI-$Jo&8Z_&-(
z$nu=|(R{6XC4W5fdL<nxtq}4i2W@aQ43{~m#Ke7jK_P2zUg^<kjVfyELD5MWUqMc!
zcE>zxVt*aBp!$_$ha4RhCE!!r(?gZ%68{?OXE`k;%XyTMvCvKajCN$;Y9=r`!RF1u
zEc-7aeh6BZemg>WK$oUP(C_}9i%s=VPuok+OZ7TCoP&H`hInY>CxZaOk^6NXiQwQz
z+t>Q7Vg7h<SS$bCI)&^DbSVcF8+F(5eBJ~@)d_8u2pq;W;@?C29n;dQKRf2{W!Q4V
zp_ieKC`7T6m8)}LOIs^|wm6fv$PHvY7~_Vv85xu#7+hT_Kh)A!d2ZPhc<CiTyb;=Z
zUm?+#FmiecY8R}X(j)5Yj`2@TGGs^RszbNtI0-;@9)IpkATbOxS~QiTd4X%WnWW;q
z?iEk`Vf%${m-wr}((JYtCil^p*bCB)k*y?F(^^0a_5?rume8+`hG!F}J^n#3QSBc3
z2i|t^H7zj)8WDR(D%ba;&5zWiIvO9wI!ckRI+NLGV`YN>bL##9qj&#_x4~Q`^wait
zVn%Oogez6xd^{rlx7^gto7BJl&#Oa^h=fD=U%MB6n?_E(A{-rZc?q`DZh1&DiY9uc
zo-&~(e6<kmdP~E=bpgY!$7qKojy@S72kw=pO;gUoa8V9uM+9X)C9f9K0}=3nkf~U{
z(`!kLIC@7_{_5**V~i(V8}`J_0ueKIS3)=+Wx(U{=Qej2THq@-mCw^{c38}nm`ZVZ
zTNg7OrgKi>%S>-5SMM81!0sLWb8$r8{@DZ@8uqnknG1W@eXy}}h)fp`3%Aa>(j5bm
z|E(q@KOg@wNrW&R#9ZuQlkphNi8DoYwDxDC=sD`m|BO-&n6ba7pySz4ullbuQ?r%W
z&FnAr3V#iE82&^u&j?-a814Fr9#$-!ZL=`zX{|8V>FkPlu{6g;aZ5%l+71~07uRQD
z$mNI><PK<dYq}(EF$-q5TH|!F>F-JkYOd;_S<))6+L(2j)sr2=fOI3>B<wS;m3Zz-
z`zLO6wJ2E-C|F@4iad)$rYI1lM~(28Yfn3XbJ?vnq}y>vDfM2dz_e6xBOy3ch!=)}
ze=5mv+r|42nWT*j(KvhK$eO47zNV{X+<TB#7UmpPj(DSWv(4t{oTc=sysUsKryEBL
znL~DQm2H9lGEV%a|1`fy;@%wuRQ%qN?j1+!{7c|Fe1w2-P__A&q41Xu#YeV$9gJlt
zEFpZ2Sm~3E2pF_l=-nvmW}P+C(=oqVmL-t3QEByXhT7hW`RT5eLYYzmNlS9+8Gg|(
zZq+ud7!LtZSN+TC^D`otR|f%bzt&Zboa>AOq^%x`=gSA76A8cc#bXk3-SbCPzPOMd
zq_}px^hi{>j3_N&m0FIM4_00i7cMyCP~KVio|N9M#f++DkjDEBVnQy_I^>XGIUJOx
zhGG8uz*75jv-rWeLKLw=)UivHf2#|#ESoRjUm7n*y<EFUubF*vax%*&LSqR(kcSiS
z1Gz79obcas&@rY``;lzQt?2K!JwQzWi!Ya2%Ybu74-~v_N}x?h&iH=+p1mqF<P9NT
z>q<LAJo}BhUCjOb+($c6owg)h{tO^U@Od`<3~IVMSlh{-gFWuj%Y!0BhhiI(ZhPrk
z8u}srl3xz4nvMEL)n|2ocO&^ee4!X!wX{)~eoQ$WuM{a_wK|z2+AJsE=+g+?(O3=j
z!KM+AsB+t&E8{D>7e`f($UvDduv}|hupm&Z!C0@Vqz-;wm;MS4wVxf$41ztpAwK%O
z`uQQaUi0BhcdLaO@Z8dHvI6(kt{Fk3(q@0m4fVQWHFR6X@ob_{=FRhT*U<e+V8)!j
zpN~epSPDz|2GOY|Q0FuQRR&vD=Z1tk9>jC95ZVCsG4?t5-*VT%sw1u<C2kDB)z&@U
z)mo-KMqJYX=CU=Wyv1*K)!a5MfWPMmnFo(pxgFh}%-s&3h<>Oyyz}z>_T~6vyJFFU
zoLgS0spU}W5!O1`%{s<bhc2`79RuDZ+<HhgNm<%6Lq?P9o7sCu_k|yHAMhx=0V8O1
zt4=V^OS=Ak%0w8D+t+8J|BECS4{a8Whg@W(4D<vwcddu}RP61BKaaQlIm!MEAsOud
zv$b34()L;dGO>$q+_PagB0sVDmpp827@Lgd7Zt%vd*#9mN|%*&GY@h{ev*J7$w2K$
zwgW|@nM~-RXQcL^a+WqjqZ+Y>Wj@$UuoV38QulrcBh)JL^eo^-2Y|>SZO?M@g7xl4
z#_|T;d%zpkVPL?WKnivb&)KY<UH23apRjJ}i{p;*nwT~Z))$Ev1IRA6hHg0WY^1QK
zUZ}C>3T#}vJ8B};M3f!reZ%1UQ06)^U52HNfEEOc6V-UZdg)IzI^@NV*CU;A<q2#1
zbN(dRhN608k3exZsLtFQe+pV7Z74<3x^-G9x2OmMc%||~I}B4zHE1?y(a+in*KA@X
zuG*f=)sBOjsPiWN%>t;b`LgM7>5XI1z5?eAV#Unm37jyF{`}g!TDx|@2xK<YO{aSW
z#sdmcy#(Pck+jTRyyvZ7+{bo1&sAWm6Nwy$3m!skaWyC6EvT<}?|Rz+;bwU%vu_)`
zq66n+&_jMAet!Gk4J64v{xP#l&ii9X6-#LvYnU+<naiuDWct22kh48BuaFK~|Ia~<
zv*uRhbD5V<(S{uu75u85^3?N9J7wVYhik+WALtr>{KU%Civ%_GfoVT)#l1&0)h(x8
z6c1SX&}KOibdD3o#SvVmLE$0@E@cAbEtZSS%eZMbNN>a*>eq=*$~px;9I^}MvfF;S
z3BJH@BWcfHD{xXTfc85;6A`0BMOo4fueMtWMI5d0V*{EQ-CBT_<G2@%&kqp5-ORBh
z3?c14*w|MiUovu<;U!kk)<Yc{kkLK$Lw27!BPn;sdK9~wB0V$%K{5#@I{ZH<mW{Xf
z`eICOt$`BX07BLd7nrF^(zL(GHC(EIN)Zy!talX{4kW)mQ<0hpX!!S6#>+-7hhvo?
zD0QuXo|&ixN$<IVd=#Jw7t&zc-Mu7k<oEyBd+VsIw=QZ_5hMj3TDrTD?rspIJEh?v
zl@95Y?vR%5lJ0Jhly2$n`{SJBIr`r5jdAb)pC|)$48~^1T64`g_u8@9!krZ#`XC*e
z%qotnzDvJj^awO&>VZSvY~;tZ;#$Bw0?#%fk=*XGMYYHRem_iz%&ZF%`y)Z805ATT
zqTPhy_{Cd}ic+&6Ug`HMX^f7ms1{ry@%xbDq8JXQtOxbq2VGtDS!8Ceg5AY@`64T{
zos74TYc%8BLs_{yLtwnzoTZOuq;r*1nL_y5T2B|D*lXx&vr|KzFNqxZvS31bjMto-
z!tZ=?`jHph9)$R{_}_;aHDUs9KP%!{BrRN}|5gBbK`K5KB>1e&7T@X7(9p0@1<hB<
zd3hJF)})$HtM1mu-q#7SoU51?<hHt)G)+VaZ)f!WbJp7qNB%hLZO7p5(APkX=uuBQ
zzfISNtr=S<32Pk#BMxgBBQaAEmF3GVs}W<bOUher^o@Sb&*U*C#F$l1bS*P_1{qmh
zLJ-GDZ*w0rEAjU578D7fX$Ki8up#OYf-}}Y+MeNj`%amfX??HFmz?`g#0al*VTDP9
zVmXoYM@{YLGj$kbkp+V-4@s@>@2%s*lDt|>YR(4-FD`XkH)f?KC!h(e-LZ-tr5Vz`
zr1&J)U~xY}%~ljdVhH*2>ONu?GelWs##lVa(LUb5aD8x`XEUehuC4>+I&72o1z1{b
zjP%6qM64CK%8mtTb7Yfk*nWjqa0%;gyOIe@ReRPTObbcJ)*kGaA!|U?JHEjQ$(~q&
zH%0ROr5~SWZVRC^v)|i}+!0YH)uEHmX_)0&X9+QTytaGiNr8UWFx_8VPaB7Cv8);r
zr`>sg<!m&M3k{XPi?eA6@yn<!5vc+?|1>9u?RoMdEWI}S5jJ&u(31$NCK-u3eg0ck
zeg;cQ``0nI9*CpsrlztO&jr|k?#{3z+BG=ck|Re8Hm$zxrYMDDVuF(uxb4x%UkTd>
z!*`Ia6)39z!6VV0JW4(|thI{x18gctPqk5^{yo(PV?6O{0t@dLpp>fz9$=$2pSzwx
zs@s>hC=;}=px3=#RNkJWyxWT0_`V0cFNB$xaocvsGo&b!4}~+Z^^@Ckt(M%LCeCW8
z0@m)?H`e4q*IT_+i(D+o#ekrx<h?r;o1&SYTNxkM72Oip;fh~5hAzr)r)q;)7`Jq>
z?5!r=+8Bdp>51b8UV%aabx8@P*;Lx@o~LD^es}l_zc8{#+hL*>r(SW~@E_C?l4!EM
zs;aT92vXBZ2-!&Do-@WVNG<arr%Pkj+=^u0nKyHe)2>-CUt6-<tB52n>8}YXblU^$
zTL%wx^_i4)*LOCh%h8KbeRLs_r_B|XhWI0%jSz{C(fW%gf4==k1-xH|6G6RHXPd<&
zC_KPcwfsdybp_GFF*WJUI^6VI#r2Mhj;B)-yZFb60ZMp5fqzT*z8hyIi)q>pyRtb5
zDLSKyqOtrB)~tN~+)`3fmeZoK%VPCZwqZbCY{!wd6b7{0p=jtby@U5Z3&|Vd-LD)@
zpBJIfu!nUrckyvXV1ZxX)PxN(e@6Mv5wSn-wEE5F`^yv@wt@)ycrCQLTKe7T!cQ1<
z$(ps@&T~~}-Od2f#CB=)jWeMI-{$=1r@VVj{x7Zs2r~S^9pOGVCwv_S9T5SPVl{HR
z44M>BW`!^fdUFk!fH8!GxyS15=qjkTqs6%p-r8tBUzXuzaYx+^64!xt3wFp>X{(8@
zjqjWmm8?}0sVe+tf{M#CS3aL>8sOEd%NGY`jv@8RvAU+KlPEhr7|DcUsQs;UMHf8w
zt1U;pQ}_lXL+Nx6gyChXE)R{6?5_NAbhXyWmYr+6;sc+Q<AOEoj`ep-=hyfqvSl+6
zN*|Ws5UyFf*q#$M{>xheUr0y-cd$Mxx$5YoF_}HBkc?1>Se5BIn+%xD<0>{{U6`**
z37O087pXJq6EORd17N<^KPDuttu#8HzRi=v6V}S=WCExzNao#CO)GfxgSW(ZtWNp-
z)ia_&RxxkIyS{X*06fd8q5*I^+Q%l-@p=m6<JZE`#qYzbnNC-hGSsj1`;TsGzXPwm
z6XnT>M9kmb<Pv?)Em?m5Sdl^5i4%Dt(n;q`Y;8*|-r2K4##y(W`{9L0<<?+VSqM)J
z7u*%f3o`Hh$e%)(Lm>k>^mX;H>HQdQhot9)Bp?|%6KnMrh~u{{<qX2e<!fqA;uV$@
zcR^I|-a{HQXHNK%>!_GI2!_ZaX9YNxW53w1r%NfuwL|^NZ^H4|l*X^h6m~UnU3U}7
zvoO(4&r?vh{BkDg8!rEPh|+G4mQ3TjqQ$FIx1sd+YXmJ#tyv-te>`~Py-or2(iF!#
zoU0yCbM8V9qzLURGSb%XvGa3!R+7IFtnmae&R;;$HIB980H5r%w@rVg659o2W&maM
zbex0+gkaDK0nf(|7|-U`)y*U%zXb@8W`!kHx-VfUi}`ny<*%UFt+SNOtSQPro&<bc
z7oS*aGT3+zhE%ZzT6%;P-kyG9Ym+6A0otHUvixkWyTx>6G+q3XbBDw`E$1dtBVJL|
z`K(DN$?I77=RCZhf3VMT?%|r+eJzdlX?9+%n-+$(yII!KS9t%XN$7ZOQw@Jf)N;9l
zPFfx|W!@Sas_GAYMnLZO0UcDt=Pn-#Yuv0+Ze)jO>m>Uev)B0!MDHgwB+k>#`m(sF
zN!mBE42`F0s)tObZ!Fn{%YaWIN|<X_Ps*N=I_D#_h0zr*F$jp|S+-0N(k@=&&c%_p
zR*1I#$#F~IKkePgoSQav*|~g4TvmP5gJn2bAc7D5S5FB_BmPflxz<sKVZ{Kr+x=tk
z&Uj95Z!cxMadKv6rk63!RQjY_ShaxEqGlZM{uiv3VPu^ft2_R|tkF&OGC7LD#-;ty
zs4CX?Rk8JaN|Cw>Nne@`PDD>`cuZ|xdeZHLh)n~%fFl)a9}LCLib0ifTGYt5LY3gP
znvEzHilie*yo#fpMonSbRZGuDD6KSJRiQb${q0QDE=m;Jh{(p~oEX(QSpa)YqAkpH
z@@RNi3E>uM<?u2T@(;AE6~!-3xrALU@$o~)n<T}BY2BMThy93C3=i$!-x@jVI5+&>
ztIR+<m-;E3Rrr4N&&~^q-cN9*y2t~UW+a#nT~77_+(n>zSAGwMs+vC%f)}bH6oD7|
zuT=F}N+0?!^Y!uI(`(isn4~%9GJVhNe|_*)Q|v3#ScPR4Bzqjd?baxGn&VKRN03!0
znCxlPvzytv)RA7vkd)~U_taUP+jfvCwheLH42>HwGDK_;bTqp|LmaSL<Pxogc6+<-
zWzLr}$Su<4oSZV=4%0BYg=gw7N%gJ1+r1t&Ul^mu33(L}Z*X_Eq<8Zw3*wT%65H=$
z=STU^RQ~7MEEG8S-JaEuO-atTulT5drco6Y;{#JbyXtg+^Q|#<(WwzhG9~?i5v?lU
zO7`j#=W*k>A9-(k1zs(2$BJ`lpmM`a7xmv5q=iEg9_P>pM>}S%!7+}Ux<ICFsCy?O
zQ*-kT(E_}*D0m{y2S?mujqW#WAy5ER{M}i(Q=Q>S`2a=T#dQt#d;cFrok0fupZxI`
ziipD^tYU}MzH)9G2~oOkRBQZLPE@C0PnVZsCsl@8rv>D)T^wLiS;ez%qJf#kuqt{m
z4ziq_Z2*dafZYzyT3oTp>DT#RxHZ2AoPfoLxr$Df_<66S&dguyJTrrGOjGr&MLd15
z(Qm!}iD9zx4+9{Roa<2s{qhwy+OTFjKX<|-i4Vqmkpf1k8t;C~J)IKa+p<~>5~G<;
z7V)F$QNE8Zk*|$r&eVyq&3u~(LIO8y`f?2~1CGx%-QRxaRS`fn;$b$SXJ&x20riB6
zq4tUZ0vF0c6+z-BqzdjCJHy&h!&-0_&s@#GE+4|cgEJm;O58`c+p@d8th#Iq@LqnG
z{Qb)hjr!#18a3{{JI;9B#VRABy{BO?&clrN)R7~G#3#=3)`g1TtnWiJBYc7_Z1hbk
zwd+|mYZ?>~g)R?v88GnpjS!bI=S#PHyMt$yv`7lvHg2kr>>m`tsH_>Gfxp3dLj5Op
zJiK77f8q$00Z3|Ei8x$kzmi%$frshy2#lk@J_(5n|5NdWOqRvmt^^QZ`{2~x)GRat
z@&(Zo%rNx7(a90v-W@@i-S)w8T&&8G&Cw%^blEcGU#{UVZu2*vI)3DO(<VyXXf`cT
z1c`oIw(^aK=XUD(Px!ZHUiA?=K4RXt723dvxEKJ2eHBqUG*d{+>2U4i`i1mZgZ`^o
zu6-Cpo7?9DK;3o}znR$tW5+iN$w_06-<~l>6Y4v+bW6?mG25O{LECcG{JQfb@$&VY
zgX@ClcPPU=la(lYY{@xM0S&7+Hk;(FPiF$9EZ^6^iSv14e645_jL@_P7wWwY3)|Gm
z7LgM8(_L6yo-78&m3u~qY{K1K*!DsJq8qV@#_2hnOh0Zw7ao51Zp4j5<K~JcFD9N#
zvz}jj!p>uRYl*D4F#mFKfOXr1zcG>X&jq`J0^s!!@iKPZy231tSGaL^x{lF(<o2s*
zMvpdDSHVL)X0LF*l;}ECu~ER^i`%>*2;6>ucW0?JUIi0kFQ$Km6ZehhBEHfNiv3e(
z`;dJVc&+qR+P|tL@P%T;UlNRciNHEsr;@t28lX`cDo$u{VwHURdpUhCkpHdNIhg*W
z);U}+ERBpf*guwEzWPnzAj>W9WCJ4Zb^Q;#d2*j*<(cK1(SxhAV&En6qN5P9pF}@D
z0RQb=xA@uz$9Y-vk%`NJU}LjuGZ*lldfwC1?^?hrTX$6yt2-4k5M#qycR}({Wu|_?
zbO|)^@2^qupy8~69D^cQZwkDK^C3Gb3-!T)t=+iC1S?-G2q65xG{_;7FRJ30ScnYa
z_HZV^aD|4%1*9Oyzqx5y2Naa%5VcxoCeuYR-tR@-AJyy1MHEX$ir+|u^qiQa_<c3u
zo#DY|-xrq!9mg&u$shB{-0eGl{85cqT^4J$viZbVi<1R4JY%UH?k;_y;#76!Ecpk2
zMFsFz$;?X3bV|PI4nzbeU!WpJpZonoTl&OV{ZR#R;!guADzc34g?|P-KSR{zsln!8
zqUl1NZCOQi;W%(k+QNWRs5rZ*17(o|Fedn<RCc1gL?Qy8Ji~A+dpS{y-(6sMAi`B+
z=>u~2^tRvi#SCl+Kx_aGuF;Ak@ZwnLmVx6&lWpl*IlD{<>jk3~)6ow;EEfxcDjV{7
zxS&=8t&lyveycfyyK&g<seXK+#cMWqf5CXZ@apa?TH1MA8ZBdMfXThntz<NNK>4X&
zHFl^AwfhOFmM?U=t>k@Y_5+;<wRDXI3Q@=emrSepcGuh`MV9A<?`P=Q(v1vN7y28M
z0+XosY1uny3;Ay=tR{cjmKt1Hr2BO~2SM{*Z!TiF7=xv$1}5gNqe?)v8>{@6L)`%k
zKYXX<Y$cB6R$Q~%YQI~&V|;iio|2ScrZ<chT0ecfAeCG7k=FC!)Bps%2vWgCL-@>j
ztow1@ynGs!BV4ast*w6T_`?hO{oD5|k^By=!MBIP;g+e!>Rbi7u$oeMH*OHa-!?f(
z_G$2w16vSV5YDycWC`v6fb@jkq)!iNzow3(vG0&?{ET!B-mu&D`j=ovzyBXVWX4&E
zY)&gPb<FsGP@9Na@->OxU1~Y3Q+jZzcx3_|Ctxaul(KTe-sXvYwh-NZie$XW%iSmR
z^Ke#6<pg~7@`dDa{y5WuV!WVP(g6i6-zH~n+Zo;F&`KOh&H*)!u*f-=uO*hHO4KBD
z+9}U=)5g$VS6Hcz<2}&jh1yY-%*7eUv8Dk;&GK7%mny8lLtKFX87(hW8;+5ce$C(1
z1fYb`0broW+gdIC_(qza?aKUnsprG7S6_I2e{Ek3>i^lk;|3$JS8jYFT=)&J*2LA8
zSvSdCw1Q!d#Rqgm;pc;P7PGnDApb`LalJjHd0`Zbu?pwF<m8Sjvk8PP!A~#idF8O#
zRoi68W5S_=sGgHm*@Ecz?>|B`{9v2y4K_y4Q-oxXYCm|C>2O!&3zo0)0kqLsKpTZh
zf@k<sD60QUD7v>3b-Id`1Jcsh1|gP(qrWL*(46oL!`~mKE1ka_2SD8wy!It|nOt#z
zts$Y?oVR}n<$Hc5%3;2+Hcbe}R+W{h^9JYBn<mlEVmoQOk)F4p<1BC^2$vj$!VjBK
zt9){sIXR}af-haZ(2E5`c`vk00{_y{fOesb_gM&&g=V}fzdHfEAfwWOkgLC&KoehY
z$2lJBVm%bN9{_w%RGIurprgdTzpBC~mj_W#hf?L|tiKfuY^IomZmuGWy&^u%sV|*u
zQ-!K|%iR#Mgn(rVB|9@==!$Up_W5O10~CDw`eq+zCF5D9n14h+#)5C(OM>6I+Rp;x
zfRs!wgKob;rJ829VP*>b%a0(@g+BYG8u4$N3FChQJ971T8km20K*MrwQJhs#nlYfG
zH8s@ua_<&B#C$Fm3&WO>mhN~GRNFqvJp*<UsQ?*M$gyz76%0n>F~gv<Co@J7pxE7i
zw&Y>|=~88*LUIIz%4cx@qjFCIE4k*aBpV)U%wSh*T4$H|*L?jq6tHN^|7(uGnU^je
zh`B$uGEf%Ym`}nK9E5~~gmK1aW)f2#4*{MV^FX5*H8J%(g|)1CeSk8o6T_n}x~c4B
zqb}N2rB18Vn6eG=v9^^0M#NE!^`7Pd7VSkds;F0rf-EeeaHUL}EG25gpK^TFle0tc
zZ^E0UUWf$^S#{U1WO9Nk5(pFvqprTrL;vuYfE<U5G!>Dz3q1vf=4SwGFqnTIDq{5;
zKVZP7qpf8q`MzxCk<lni`6JK+)M0aoQtm2h?bs#}WeZPr=|R2)dO(G_;XT!g>_pto
z@N#2>Auz|Cwi}EVu=2pDeM^Nf{(UU_$#@d}G>;0L-<<Y^1O>gBK-uKh;}a8M{3QZB
zf&={cR{k_^-r4x&n!^=+nC1qu6=Lu&E&1-j@^>v63m3^`Fv0ugd@p{WBJ4+0QMq!^
zSj@6m5ICk)EXWmLje<VJfb%3nCeHO5!|k6&<qXB-3M>0GsuI5UX}`nA;lD;Ds99sl
zq#~&v%~oykosHaj(&)A7=J-j3X64G0A4E1THm|_FlK1H&ApGptxT+?N{u>wV$j5w0
zc5~|-o;WMoRVmA?Zo)nJdK&Mr{s^G#46>SB0IGP5>P`;8%Z7E{sYOl>5SJ*GKN2i{
zi+SFigin+Luhl}`SVG1ZV;qg6x0!|Dfa(T0S!_Ef3rZ@$ko9ylmiw*$xA-9ZulO*!
zZ%kmdh|}j(vwEI`!K^-QI>}v&P0)cyMn=ZAmkIDW3o&(oJw+|fN=a)s!Y3IlvUUh`
zTt8N&7*sfU5;~oCqsV@DTLtn1)A(_+53q%WQQ&bo934gC4u4e~UeBkC^Z9K)f2}x5
zbn9Ru%UGT58l16?6@f9{uEsspaX89MekBl#quu#>RzK5j9k2D^h}LhVxklwklx!^X
zq|jh+{qC=L+TQ~0C{JbBuHpt1hjRap!qA^2%&(_S0-poZY4D8GI~o|hH%){(#jpSQ
zhZOThBY&FOjl5uFvj6*i{y)x-1T%!+-jZ0clQ3=$c6fD<uGlwoM3X-}Fu)phh5~tn
zNjUX0tO7Xt^HjGC;9tt-cs|^b^YMk=@xOTy0YVvQBfUY;`osO!cDtA9N>0i{ju+1)
z-5!y7T)yyRR}!5_svxGa{gpY(XkJ*ST{Xr8ea6IE>-OFob{&;afpU_MP>?7gV$VxU
zAvEr>KVBn+f9zPahOY2{#?60);Q4BMjx@!DFN7W9fZ?VoQj-xg)x2BNI`PkUa3t`a
zB7&iIx>sqh8%Vw|QYGhg_HwS&agXk5N<fHgDj1)hEhU-*eYk_ncB8`dUwb|XH6NvI
z=z`%#Piy^r`FE1!)Df!?)t8qdrw&L+OklacN1rL1`_>ny+5;bZ;N0dJ%K?mI1ZMmv
zX2Eh5E)6<Rgu^ZtL;cBc&t9sxtIAD!NZnUG{I@z`o%5f(hz=#Sj6?IlO-JS?oBHh^
z1l~h{Psx*9<j*kgL6zTEy`^`vGU_mr*uJK_Fsd2+7B-%v1d=@cPzuIa>YQFdS$V7V
zZl2A%)m=&AE|~>JfO)1<^EQ9(?&&AH<3z&58SYDg+ggdLcT#8j^=-T*V3mTF-wzeF
zWIcMi<*b*}V}v%M7Z*x6L{kgJC{dYEg%zLm__a1TuF9%wal%y{n!gPC&^9CjDl?*b
zE=>U{U60dkG>EH-dVGX*7=A|E6eeZ0^Sqq#om?s;V6WBEwZ(3F$mDm_e*Q9DSEo-U
z1>^H9@$ZM!8}bR=x+yQjT}O{u^y&9n)YTKxH?i7@>x4BZ$H>B27r?kRk`Fl7^_RXL
z?oj4iLzD161yjB4qb2^u+X#GxED!-#8c&m+-HgC4Jn~zO<+$6YxQhv^3$At4u+kjQ
zEYPVL8h;a|uxu_&cEp^pFMv@{%t=wO;xVvhE#zWUAPxf>raFsKC~TnX8*y(v8@ie0
zjkuDi`PndjfU%?PJRk?p9*Ghz?|BpQ;Cl$yDFgxnr~11=^j~9m3R(q#y^%cJ{H|4X
z`*AgR`7XIX3C4OlaM>Tjnz}ZP14$LJIVFGwx@!Cr7{A0p>`Z|RI4-fnfqeg##8K%2
zu`t%{28+k9>90?zA9s`DDjITaVv9;7V=<S3^_XE(oeqFK%jADoql}#a{DFy)p|KD&
z-1FQ#BrWy)kj*J`av$6=w5PJ$RVJ|RiC+#}v3eI!p_7d`tGJ71O=Vmm(fa5%Cf_P$
z829fXeX7KLfa83uIMl;<yCGTUnNGqF*p$7LhUvCe`rBep!5dyGF35k6R*It4xo-UR
z81%27UEl;YkiYF!_)60j#mbm4oCkJpSmTS-LOso|O3u&aV(t7LjAt>-fAD*K->^xm
z2~gNHY+X+FI=~Yag2d}T%Jc-sW*;}dKD!Y2&W+3OAee7s*tia`BN5}U#<UGOtv{(z
zq-|+@z%0*aSt5{-OD%cnuLXS;*WwiR>41aM;}HQj<|;-z0vaEV59gS8w6y_!qLBj{
z%Ohk%kH7R53yXU=ZSy>;B@#t9kKC!{X0czrHFQd#*xn0-QrmxP+IK7C`9ryx<q+cF
zpfDiHqHn}YV^yBsRhsWG?v_tJ!DAXfo|&s|=S#fo^MiWUI&|ejZc<s;WD23w=ZY^S
zlAun7YA2`{=#3k7`?Db>cehDb@MBy)+gCc}PWT>@w$NMYZ%S8mC9IcEp^xj(U(}LO
z<xR!8gtYEhe?9zx62Jesrcz>VK@Ef{83)mG^gWy2H$?MZGp&CTu}Hv<egR4booHgO
zopf}POgAxJ@_{tHi2>Hw5Q=@Sv??z$30Z1trPrjZA-d91g^=?w#+MuxNt5Gv>Ha+|
zh2zq>+mL+>!*wQsaYktPA2~Zy1b{}A-bH$ETvcUy$Ow8vGI2{04tzFjO1+LX0IUhs
zCx(%73T~@M6%9QFzyG$vlhOwqz0JlFE50z`AJ&#Vf5j0X78ybuQvmMCkfO1WGBv@%
zY25m(k{rKeDNBK`SDB?E^sgQ$cqSJh#&jpoj^4d&8{z^{S7F-vaV@MO+-i-#rnz<_
z%!p!K8+!!W{)inA_|W?miu^n|U3NE9g(5>N_shO^;RlsnK`~peP|!xhf<R_<cs7?9
zM4#bkgu;)lNYj|Cn}yVIwdftkr_Q+fR9BIiLOeWc1L_P{31@!{pbXYgY*5z)WxvYb
z*3vy=wH-Yl3B)qRI4aV_lT3rprd454gh(ecNzNoLEuvqfF+kH608m{Pp4#!@ol>Xp
zVlnq+rRFy!KFlV_vyZ*Jp?2qUa#mxMuv?hY_5My^+w*tN#eoYE&mshWKUNYMC;--c
z7X&5=YcM6LNW1Gzupcn}{%XLcIHX8?3+Hk{ky<ej{j|rK<AaBeJ*vOWaEC2^NgQW-
zw{zX-Lx*$STXKj0Fd1;^C6J~q%;r#|k<S)nhnR@PJl7|ctm*mMf?Uky>j^{(^+px8
z!iozhyQ=bFowogReMhIFq*Zw!ahy6iBAf1V=0zsMwCY^QIl5yJI!K;d+FhSZUprw7
zT9kH7099HhfzAK{RE~y^+}2M){05}(=^Z$Wwu=^}Ed;AUP_`V7MX{454#TLxx0E3o
zZMBQToQ<hC`N}42LIgBuWM+Vao;$&b(i1?8G1iF*FN!t3NQDrI1u@TI7D*k#A{--%
zqb|U{#?Y?HyuSX;)Hm?W-D=7LNmTB7rTq(*!&H&UsM|V>FOPOPYC1b^Hlyyl#IO|3
zNjGIMdR5H6YIU5{)AqZNbc1IYg<@G<*dyKyWJnJU6$Xyz3#O>Nar}<MXahXo(;23<
zr$bC7)ru$m$im-*IbCK{aevKnZeM>s<TLmjBsle*m|m6pD1g8<xO2ZnB^srpG?I<X
z>|lX*M=HtCFS?RG<^#q2SagmhW^$Z`iv&SA;+U90=f-quif0s8ALE{EeF3=1lgLT|
zd$GYL+w*>Sy#&6=Y1kQK=q3#9g>Wi_m2$|K2bD~@9a(M(P3!V0UTWWAG|*a_`Ny9n
za3g@ba|<k1Au%5B8G3JYHr5>67=f;HZ{6u$^47yts6e7EP{PD|g7L#o!7emwJSlP=
zhATK*D-fSKkT3<>;D0-TG!V)(byRac;^KW$Nmb??9jc+MCs17AH|9ZImlvX^*w5n=
zbh7*5!38lB<~$9AodZHWJRrNOZv$w;YAco|`=TQ>hy$J+f?+492ldwX@4p6GHtbR(
zpsR`Ca*OtkR+Tr{@<ZG*g_PwRC4D0pP_AWu0qXnNTW({U&3}o~w(X|e`0mlry51<~
z%P>t>k}S774#~>3fFsB=Kfr)|YVKj@eAs}frxat(b|DSZ_?%3-T}DZN9SrBCgSj%w
z8@DYM^6pyuGCVNjE)!JkKBWa}RtwM(+rap`Os)zkA@viLBU>j9xbRg%tf<f<1vFfl
zWl-yP6JAAczA2ZP(_(M=*n54Vb>KwkJX*UmK46wp?92XY7+zzAX#weFm)x$$jvSRZ
zDvfW7s1l2S2rJ9IT!Vl_ZQ0ogGw6zgj!3d;A8kc>VzcdP`o1Yb%{vLxA#mBeG2i##
zf>BTuFg`!q`BQ}}c)E+C{7hSVyjGu&{%Q-O!&vXK`Qt%<oIs>nBJdQK!A3t_4gy>3
zeZ(pFi!Ub<g$xIh$s2^HGfwZ|n*skTg931x-@5>PVZBu7aV%Xw3_cI`a>;LiS<c=W
z1t;(CB#K@9o*Udh`*1-L$BfvELZ9bPmN}gh#7hly1yXNOcM%amGVseQ5*K*3hMZd0
zg?dDTlnQ|{&~iW_0!fl~wv}iTQnvn{Ci_yomdl|@O(c<M`u*e=P4&bENndVa1X$d?
z9Qygh4^6tLW1%(0advcQU*zaOKd}O`e!Aelvfx52x!KK>&^Z%6*_3AkkI#kJO+ZmM
zq(3JnWEP?A5Wzi{S`LzpQO<QD+|jV*@)K>F5iWHA&A^oFv1rultzDMfCVrDGnz@2{
z<D%V6Yf!l2(WYQZEg0WEG{9(o?P(0(mZ3RA14^p?W?iPeoDG$+EcU5Q`oH}RlyrXq
zUL|8=%bs@;%@MUq7~{sb7m*M9^Hg;~&N%?6!tJeg1|a<G^^Uz(O2BF57%)m8Z8Z&n
z@rQ>$efSsElOn%*IxL*^@RfO<K}}N|@zXwTv}(2R^(Q$T!qz~m(E2a62Fp;6Sqj6<
zJ(1K5tzQ-8rk*)4wSpDc8r`%Lll@)`xY~wHg)~cjY=lvB3AqwfuTq#76}5xZX~fG!
ztu1R1eQj(;{?3=uK&{6K%{q?G`%cAVp{5ruo8rqtCv8pd9lK6D_M%2`^yx6?XRE+L
z7%fqzBuC6e^YDsL7DZpWk%A0-83(2yiv^AQ0eXoX_}Webne>;NDpJ(y)m<vGw)XhW
zhe5p(oQN?iV2#n;&@_T`j#VeZ>nccgYAqYk2?8e5yDc{2H}-*{llFU~#mAJjGJS{7
zO*}-;m?vxmB}}p}nb4i;0>AjfY&i|(@Eicm-E9<jf$MA3a$;hC=m`o>9`DJwah#c~
z6A$4JH11+`TL*P`FGhG5LpzA-`tY1t3*KYM{c!AwU_Wsf;k}HhcMC%E0$^i4ofUpJ
zC;xh=Y`U;*axL7YmS^s2*vALa0TDf&LBnCmQ@G)d#5WEHH@NS-VpSef0xC7vHhHu%
zVvl~K7z$zprr@lFf)9ib?sl-MI&TtNo@4NHLk`KmI#%03{5$a}y%MW+VRlSali_Sh
z8Io`vD;&ghuQs0a;%X~)wX8?~(&LLMf?%67#JWztis`PMfr1k9?bFZQ7h5HK-e;t}
zmldy+3SoQ&N79Iiu{=?_jRMidPA0|sZ7kW=k!!XY*4FHa=HWR{@~0wY)w1H>wWCR>
z<sphhe4E5{2W7?dVkoR2YIC3s>n<m<=%SlK(>&5cBric3)M#rxCa9G<zwKm1WRV9j
zOJry@UOb)eZCLbJr(nfmd|<#rIEc8_d6^z`r{?%`^Q(_F+JX`?;io^Z1pRa8G!CWM
zX3wN<nW18<95<C)C)n&0_e<fFg}@>ZL87MAltl<@#F>c3k(o>>u#{8>38YU@f-~>g
zM|ThEWvmCEQ*e90DR`Mj>&l}&@4qAQ79Da`2AqYQ((2Q42lc^*)s}}^#hSUWwO{t{
zYN>#A|4ywa^X$$1)a0QEIBSS0u>|z+y%RT<x=vvhRNghe)`>lW>aj-=PV3|%M%%}8
z0G_md0g*7SGR>iLh8c{U<Bbt9Z_Ewy=jfvLKEqYfSZK$wp0BoQ=HX35!Z?6zU}q|I
zR2T%$UThn0)rf20%|f!TmT0=$vd|Rv?7IcADt=#`u5CT(Z?>uql0jI15OkBmO%taB
zF>`k50W<DA(3Lqtsh1fL*j?|gmVrq23Dwt16|^pK3g*womCYt#b$sJ%d?=B`098yh
z3nBe&mS|p<wOWK7`n1e)QEsw;94ca&^79)_$Dh8r_$n^I{5>OX`jc=)f6CZ!8PZV=
zjyP}3eZ-TMKbh@`;cp)H&@2(a8(Hf0Z1y7Ku-7h3;=N|lxf5%X&A^V@1Sb8<>3i?~
z4IZs$P+KcTE6JWK*gzH^^1=LX1wOxpTzw0EL7UElUmFO8;s`X`waYJh{7PEa<^uXq
z#Uk0<C{y#TK08IJI(~H=64SZT%f6I-!gk(3((|hWi(}zd+1r})zIjp%8<Ac{#Y)0V
zcm;>YT`s~jO4(;5#Qv=+(yO&1HE*a#KoX^Iyd(He9Ek@_`8g_L&a7I`z$Mec**xk~
zqDGmS)2Er=Tp7pqvX$Dx)M^unh?B|!$f<)J`1irbv3Yn{$C9&12PkbLc?QOtDzdF)
zan@34uW~sKJ<4fGi5UQ7Nh7*Xs~@_fRP#uTHb=Gbs5G~S3<^^Zpv~yqrWyL?=y~|*
zqJ`xrmU@IVZ$!MY_6P1EnrmSN@H=Wgm){L-gx=IdK<J6p>q%0tNS*YAKuLySR(Lfb
z_JE%{L2`sG$^eK(p!ba;UCwo%{mi`!R{ow~034Yj{HCJ;Gy`(H503jez{keUS13w?
z*Q(wq&Z!8bt#9O9se|l8mGDI@LG<{%vh2s*GP4IJUY566;p33(xeTX|{rn+R+pa?v
zwIAtP8a`%L(WOBcyoS|^Yg9A)YEOu$y`Jd`){>9e52?6|Q_T%#jdhYMBqL_-M=KPe
zQRa{(%(9t?;e1D1uC*1YhFU)ZY-+mC;`L63nJo6kH0L%!&Qg_Nqjjk}=%QT-S1RPl
z@D9RIlGDf~u{lH`1GJJCoxYJ7mGDvPD(Tx`bQV7mjKq#MhA#8*#{>^o_)qoiLU_)H
zMk@<#{%`sL#PSFb6rX3uQi-A1LC>-=|Hz>E5CCPQ^xQ$x?iTZK?V!swQsJ~}6akH(
zV^vsi3m!W)ylU0|<Hm!<Sfkh|FNP{WBKg=^PK<7KN+t8dC$kK9IIqGE+5+&UH}Dkv
z5`MS?DjBl$U;aWOqXJgRdwCP9#&RZPliy;enc>Vk7VB(Pu{WHp`?w$PL&j3QS?mxI
z>4Op|Gh2$Y7|!DYt>vv4F1ZBBK+L{XN>AGmaUh5IL%Z4qOyj7O9{ZR-dLBK(7+n?C
zNY|XiR<58l&~6#CJbNu?kb_c13fqDGoh`cG6-!14MI1h3E%XUL9OsTlsi!P$ZGLgY
z0wT!bCmNfz<_%<>$Vn!{u>;0f08uXNnx~~nd9T4ols#H;qi<wn{gGwvq(%CeqPyUL
z$(#%X+z=!99Q-&@bnyim-6#hF=B99r$PpNK?t=7nb+Ixzt=aw%*F-=URPqYZlK;FP
z!_0taH0AV#c68G6r>QFti~J1qb93KyuFErxV&b};u@!boK||WPYtrAdx9jH}na_#1
zQd)~SE#8E8t6(nVkNWvhE3JzUB^>}Y)C(x~Nc(L0KUOY~?1}4^<ZiE$vlfX<Ak;2u
z%&YBAid6kJG9`+oE!qei9+1m14jbboq53+2c>uzRf~TsUSQH5MKvum(`K|O2@Ij^w
zI=4Oh7UdCfSD$^}%P!SDtff|AdA=EC<?0mo^V-(FFRyZmW+yWZ>fr~?Eb89f^@L`%
zxpL5r^aY7>zuDAUIM8R+Ae#J${boNZ>IKxvSzXG9xR^orA-A}~g?8L}4^J_z7t&G~
zn{hGg1uc&fJSeKmGn$IylF~Nq%+ACkAKX+G?V2`AR@L_;?02W$>yQu9QeEqusAR0h
zwp618;G5JndNAm}*oeJS;`?A3eZ|(Ne)681)S6emi6FX)R6F*48;E7(T{_d+9_hvh
z?p!!{5?;vxg%spNZa%op{hL0bh!==ldt)IG!(;#@>mQ)y$>6NytbOCZS%SrVO1y!@
z7`Y{uDlrOSJK`|e2l+Mcv+#J?oi>A+s2y5SWge$c|F@3xC7&1XQ^POfO&TX7Jz{F{
z)Xa1k&g<Ux+qO!{@4D}n>3J;lBj<~EWkvhO-{I`bQ=fZ*lW49F_dRpJpK9>mg6xJD
z*O5pX5qr;Jf_hdD`jr_Rpi1DUWn&%m?t;it;5s`q{!0Ns7YPA~F;Ygu?$D?azS|-p
zPw6;Xs`3ZE$Gg)ghUTkGquB~$vd4$Z7U|}@lYywxmWPJ*WSeHmpzD<U$)Pb;vczfJ
zg?wkSfJ_v#YvSwE^hd4Chp2l%W*G$Kt2(l(wmNe>l^?@cCmcxeKS}rp#D5{Z&p#mz
zY*xrU>25;QgIGZ@Q9AX~Me|jGO^!IR)k@`eQPdlg$;m@EK@S4ohUt){seg#Qc~*|g
zoDuFRjZc@-fXgtgaxhK1wLLG!**IsNYSv6QPxtEBrq<{*f6>83p{SWBpOb^33*76a
zad7RsUM_G_fI0DgvGaAj(~>0Z@_K_>E3BHGt(xqZ&r5no`jr~`iVd>_N-CXWaiT)K
zn?P3Vj(%A}m3a90M%rk)`i8~5)$c3o4HaUB*kf^u4;<f{UQ`kMlxW?Up7rRTN3>kf
z8ZS@Lq9c&J^$?i5R2zu?K0D?=-FIQSZ=76J7U0WCxIa8)E;r*9$va86Afv77)wZ=q
z$5X+v9r6cLCP8=uX}UswBSV90IHrN%Vi##<tU<f59_*LgfF54u1{!Uby{;n@q8#qH
zw&-ID$kZZ9ePYWvYx|rzZnfyQR#5aIjqv~Fg%rI7enPQRe9*u6mcCMacuCB@glD^D
zuenw)$UD}MHt;ZhAeecO^cMr4SLyvz3vpp$N;@!$ia0J_v{SKwP(TD0H9dOYuY1N2
z2^7)G#$6gRx|(+R^TA&pLr~Ugwtd@W!hPR1Bee#71Ry(2L5zcE$cv%rbnR))7aZD$
zMz=XZ6=6}qCTX4)<Q+?RCs7yv+F-*vn#U1|`tJH}|G^&8#cv{?Cwb1U8*fD+v)W(9
z)aBK8T0w!xM^uok57DhP=>v5w;3>#ZDuP%=99SyyI&<Qs$FX=(O;74u5IWvOhQ~Ii
zs0KgFt(*+m|Ln$qMvo+sLf!v5*=uj4^4hC^<VDm6GO@lGt`u;{nsdVZr#&*8cGDuw
zRH<39JAQqd9rmd=#2ePoiV=o6_ykA!JwMuwt0s-}y76Df+0owwSPpFvW$e&h55~0Y
zF(CT$Q;v#Br(^Az?!`r{ls@ms*?%)NSAR~cVFKK%Fu2g*0ZY20p?!}kE|uCJ8|#Ny
z`;SxmON{^nC?gC$rof3hiY_PZ%!X>Jh-CV1MbVl{xzDj3VBuO*0@iqNw^p)s0X@Y5
z{Cnw63gbNkZ~ca`Ss1#E{gKg4+%4DQ{Eg8YoA3tK0y$GdV+Lg%uXi~qDotD?&>x<2
zUj`S#P?`r{<(Q#zszzZgFFQ#}i*S9uN@l|pj36%nZw@#yU?@8Umu0_g?<X@4w$6xM
zuN+5`WRO3x%%*ZKp=uA!wJlJmWY;VXJ<qW$crdg@lXBneOXpH@wIJM?j=#XX_#8~B
z%KaJBY03#v!UcLm15fOhhK_fl@VLF@wB?~JN;P)m<v2$B1*+s$M)n7RaXKY4sXCRd
z7!<Ka(X~-1_O>e*l3G3MkA=#DBaMFuHqTM=A)hb=#3X5O6oz$FK63|}-zivs+0<Ui
zeE8`rwb)}2pc=pwA^hM(Qhlj*CiQQGse&v}0;7&7y%P-tqDkmhO?M-}hlxaZ-G)4X
zi+CR@hJ2LH6pdv5Cm=>XsnaM@U-trhk|&E@<ABF!2yJ13g|OWV=loam4a5gBB#&C|
z|J8c`uNMAC4e{3r|Nr9^@Y^^uefEE_9AE>REYqKviX?NHyuN@{c@rnPa9R!f53EM$
z{p6?U{-jaRh*gn-|H^Cle>U{rfBlD5AvXpdTp?Ah&h2+Iw41_~7XEcy{sIF}op1mb
z##`xFOyRhRtmmVD+PVIL-h}2)ZHKV?vqJ-YlGh8Sl@e`aN;C}3{zK+}nKb%^pYAoA
ze?2kiwR3s%jO!1A0gy2N`YrNwRZ>AXF$M%E`&v^;)Td#6$`-W$(*;Z5sn5-tAf2)f
zg1TJ9O97KVXW(y**E|175;docW+sNSjw;l6XWYzGZyuKOKhc*G>FMO==k$jV4eX3P
z+y3*~**|lK%nHnd$SY$-F`%o9ow7y2AUnBgarvA7nc9t~NDf`C<jiEm$&39g_1~=f
z`&48CZ&f7cf05}A1p301n9Igqcdr+)#`*u5_A_{%7!iAj=1hYuTr<}3{&#8let-}w
z9LHiVOKwekbDaG8%I=3spFENIWh0*I-H8l|4aG%qdt=Kzfn0vc)GGEF_6(>RxBds?
zA*UOs6S^EX$<=bF&~i~uG}t*gNwCManYuHIsn&3hdihN;F2#j|$QD#YraSA9LJRGW
zFsKopU}0`A>=)_n)lC}P^3HhBkaFt;?f%8z6bco1aTh<pyaMb9mBe?H*Gx7fh+pu{
zdml5aSdJ^-pIh#C6n?zDwCaku^`6`D<4Dp)qSHtXa>2LCCw8Bpac}rz?FBNQXpLZt
zf?jCdI$EVd|EhQAwd>%ttVf`&(KbtQKNhfb3QQ%v-}tsx03|#2zADqq9={|L^7X&Y
zDnfOb&dBA>XXN2&!CNQyrh9)`5s2HDq_T7f{@QY4O*=}?zJ<99;Whz}>5&l=-5%b_
zHf9!D1RCt<_Vjq~H%ogs&OA(Du(|BMnfL3#-UfA`_g-1jxKvByw+;E=)0F`i0xs6D
z9TwPNF<oA9HHRfQU6j5h^>!$^;8;DiR{cS3Ij<TxF|N7X?qniHO8V7QlCAUxvap9I
zAPZi0lvU>u;?v6{D<-W4ijxn9JKWJ_=jFB@Hp1YQ8r$t{Wd;x3!p*Rb+7@?u(%rdt
z&B(Sf9~vkSi`!F{E<d|*`CNR2!<6e4>v0HhUA{o(!?VZqaGRRdEfEaK;k*h95hx~h
zXZcLa@cUMiAQXI303Fe{<{1ev@9d?iUUT3P@VIl+=PLx)O1S_+E17q3rs>oCt`z?>
zznI1J{Qzm_ycc{nWI6@^A6k)k1z}54H_PnF>_W#Gim=kGS}t!Bwh*bBWsN>1{8zY9
zo@}LNnyo&3C48{>E)2~)aQXdbvbxzfFYFr@jdK^)7`AVRpOtUv^CJdThd&-rb$*>P
z&pb-Domq~csE1^)xREGI{K<f}651HDkM&6NGbxipi=;hV@<)5P0chb33luw-DtFt*
zMj8<Ty-5XM6?kDkm9fEd|I+u%^8trKk;0=&*p)uQn&l4t98RonKK<$i@YAK+@>?5E
ztRlneu_h?7_#|Y|XT?V~&42(jFJm#$fvf=KzNacY%4CB}j{sW4ZTBf+o8i{Hv}my=
zCa$KzC9V!WlXd;sNb+}R`6s}1J~7i%Q|d-O$>s@cCzso}Cl9E}ZtuXTIK$;qWI%XE
z9|>;Uvwzah(D$QL0$5<}fNe_`wDNCYpcW$JgJg$p7J9@~)eF->0iJ;cwaHS6y*fiy
zXp;NuxEBnO(-Rl=hBWJV`82*xIBv-mpa8f@7f$v;Tz>}7QW5+d7;Y3b@TsH<{7=PI
zWRS)=#+TTMipb$C;_ntq-?Te*avjM`c=Vyzu{BNV#&<V9)00NGzCLXhiVrtg?m@R9
z`LImly`6ODid15XUKbl81X)M9<*^1no_XF&`6Cz|=@IUhj%kSQvDK^G-EzKkc7PLd
z%l#B>F382|oZp}5@O9zc>~`ZC)jWpr*lw~5)koPs(nydH5b+8MskFfp_1c<7>B)%c
z^;xcr@1}NFqjVjMD*SBF79b0WUzaEX`*2FR>c=@J(w6D<oR-22Cz*IzLCe%;G6zzg
zazM9ey&b-sVaLD9jJF5{GPF;!VZ!|h=|anhH_#*x`g4E1>|chJJae)!m$C1D2z|75
zuqV_l%bUJQ`9<Uy_SAXFDjd`Dl_Fl5kfiqyKF?8K&UBKXhiiohU}jE!ydtPOx^cO>
z@GNDg?e$H?9jn<B>LKFTo6^s}Kg=szVItFk)n%aRK5N}nm9^)pez-<|d1ejjRmfQA
z-&m=~;<{UHtweQgZso=+xm-f(=;Frj8p%csGaNx^oNBXq1&3$*BiC;mg%P?M=P-Q?
zBz~_mf<iR1@tkPHS|-}We4fd1GOZT&`vWsFqq+M;XzJs?+vVwS6P5$X@15g$4!m{R
z%|0I1O=W?`kIf+<x!SM=UHP7Zz4%IVF$C(>lcx7nE=Qa>h)~7A9nKt;8-EG8H(2fe
z8bG}ZNZxMvBsbCIu0<g^y@u3zy#O_^q~m=#i3j-W%+UYQHp0j$37<PeetKBdQD?Yu
zF5D#kFi1nGMhOv!kN4d1fE|JEAt7wZ0Rawa0p|me9p+%`rl*`xB-|Fi+&5z^=9^an
zTh>-%qbMT1m8e|-Wf#c|<@;F-VAGW?j`DuE2@tD?XBcRcy~R?Y0EWDmrm?K!BJ=S(
z!|0wOLEN1gF5>-Eh3Pn`TGtaj9_c4mg>t-doDXl|(ax3aOli9V8XxrtUa4S50Djv>
z)0{u39c@)pzp}0EC9i*m&LPcc!v~})V1pH2`C7(S>9tc(N=Zkb9JYNivAa{RgQ!lw
zQvMt?0$o)Hp(>GPp`JK7{B7FZ2fb2drK-V<V};vyPTRT%eQ|iwZH9r}Gw#zu>2Rl?
z`imnL<wbpRaZ93*4~D~s>EgvpNW$!2Sz_Y@cSVcF22C%d(Xb+CMOmP@`PxEt5vHS@
z(H5N$glRl+=6DXNimr<La;EuJgWgi8m5|AwwNAHa>`VHx92U1%$0v=zI}OHud`y3R
zc(~L(G@=Dsu6J&;SF;_c(@VM>>KuxIa)usIDsO%*<E8os0{P4VAhE9v4dYPk5r|EA
ziI^!mj)}(-iBGK~VRr|e>t<lAIgkLq$6q3_AU}D6)j!Bdg8FX(Kd^{`zuiDEX{-b%
zZb<`EJz|*s01!B3xd8|Wc);?^StB3vb?2sq8U!e!Vp(<N>K1JxJDc{WvA!X{u-?H!
zrr2(l`>E-7Ie&fxPjN=kw&xFDoB5$9Bj0E$rtQk<ib4>{S`}%e(`%*04n11!$EQYO
z%mp=l?GeOCzYU7RLP@nb?z*nX4SbFes;PlT>S^sa3X#V$K?*L8zNV&)5lp&zrYiHT
zr^0*W`olT;<8W6>m?K%2Y4h5(i5jdMPWqOx!JR%MGYsHUx;6*PvARVO>N;Ck9LXlM
zUMEGChHJX9nHmo+Unut4wjX{jod#dur>Yg0WiNDw?t^FFTLfQg)hbp#CQBxKpJ<bt
z8ygxAkAcdnu7FZ6DTjKkSD7E(0(V%o>y7$8X7e#z{>yy3rP@odk1-rW9aXW-uH;eD
zA2<%h?@6UseaF@|v`o~C2G1S<->GC#{bo`&0?7ifNh)dI=7+`r4oT`ds(tPBQ*d}(
z{ty*s+KdhGZ|h%}CNTA1@_y8X+A3<?5(lE<P=x%y30^T-03FU+PVac>(WmH887d_l
zN$f{Bd_ief1_dUOD(6^xSmxUu@q)%@c~YFppJoYtycq6%ys%3>y#-&$diyqGR?TVT
zms--H4R6Y*>zsLNaUrJbTxw-BP2=CPX*lqpimMK_POro{qGzO8mQSe88}z_rG$AB`
z0v(g6K73IRaiLsjfa7oefEnKJBq28@F90UNFff0tK}zc7JKNc5^`1)C+gsGodEZyV
zx7a9+-3OoJ$|ve&x1<Z!S*qc<nI*lu8dUPUcGM5paWF`?)SVojYnJfC2{?6m#GSdv
zV+({zZ$0+4bajvi&y#Feo9vm`Tl3=bS3$e--$J_TA~zdi1TTvL{rv-M*yHH$q-xku
z;Mw!`yQc-Pg-4B~2qrmJ;9-R2qUk=zD8H`VFY~b+3>>(rz%Td1p;?;aOsKgGY5pO0
zUeoOCtyWr3Hgiy9`pHUSiQNT;et`)QFLt!=J<xWBYzu#F^fr~qpOPwpA){}+xGpn{
z3PSUw^R)rGIJ}{j&ZqEs@)e=SJIAV<To&{nf1+FBCv>}OE{VC|yH4Chud}m+chAL!
z<cuZ_{Y0vNJDFJJ!3CJnODBvJ)#J27CL#YpOgsGH)cnl?CYn859n$l5XO1w|-|qVe
zki0ea!MQi~{KxU}nBH`X6u!!HdRI%V;x+cAg3_0`%-Yza?%4>a61kG1-zx{c8Ui;I
zqV}$zQ>0`ypb|529;=+Q=$uPW6)&#VfU&l12K{yZCv+#7w^HhTSm`lcA@ViMHI&c8
zry<ZtF(Pf>l9or=%LBh!CRli}MWk7h9xe!y4r-TlN4DIdzu#VQkGxp0jtXQyWNr_u
z5D<3Xi+fR~`P0F!B|m`jT|TlIBtgMRUKR_oH<_>qt6y+_ZjJ~4E&;;?j?}RE9)ruI
zTgPWg24|FwE{R*i&}k)iEOrw#B8Kmw;ECDQE@xeG3^yyq1T|99)VC7rs9EBtEO9S#
zT59Y}r_y?)G`?mkzpuhPJVtqAJt4|&h7l>h*5-J0Fqw6neZc3Jxq98kdHG>-W#&^M
z1Oyhyv?@?Q*jKpQSS*pM^#x{xUb86o<kD1lT$+Q-J4LD2R$(I(^DMT?A)CZPg~T8Y
zQ7HoBNo9UnHkX}L{OJH?Fv-}5Y16R}F%m3P?Kf>d-<cw0hcjQ6Q`a$xGQFyhlYMZc
zZmmL+vfW>CTNsy7g*2x|&1$hgLC+&cMyJRsKr~!Z4=nUJ9(p!Rg3fmMXLj!c5IbrM
zl!`mpsWQR+QJCYxDDBRYgbx$2$gc1yWsM_!*fQD)sAS9{Ks@X46SK=B7(T&UA^BzJ
z5okvaj9%V^>z7*UPR91PeK&g45sOv22zcofu%-v-p!I5JcGfq8&NE73#lnO2Iz6e{
zA?@jTqkd3OeE!jc#(uRVEfQH<xwVt|QUoI=;eKIOTh^AmMA8UX1o=9jHxVNEc_)Yn
z`W}VWl&0$q>wWYgZn&K8CgyOqL}y}kTOiB+N6pOMD?gmKnO`ZRO=BFiex$nW<_1M^
zS$vJ+8c0b$G6S`R5qB#z1lkn_O8a&NXN{5Ie8u|;Qm;A@k*3Ny7^_;-Dbjia`#wAI
zJYk8*IYku4k)F_(8FBL=MzJeOQEHxmvdbqNWxXb~eXP`7oJL^R8>#%gGE%rPeGH|b
z9o53%`4Qn(v<6SqY;gae^Y-*^--9lVPwqtbkB(=qQWhP5a_m}9`1Fd-;V_Sa>2_#@
ziJbzzFwY(R9rJ;p%@%s&^~2Ujd1mR?-*<Cp%1vzDh!+8IyhzB-?P)3Y@^3g~9z{R$
zpLIYbj3Qw+bD}M6qy{_6c*Zv|NH1mqOSEPJ`)hH$Twyy!!KXXr>C4Fk=Qm#uo$XLn
zmOLYxAu!rxJCGiQFjqVE-52Z_vr}znv`CC3&XLjgGY+|RgQ7!fu8J$T2NMI>q|GTe
z2m^=2-=1j+4vwkby|_4Uy|tx#IFDzIYA(<Y?j{sP&314PpRe}*%ncG1c$j|R-(2{K
z6!Q?gtA+kttc+sgeukY-L_t6Nq2LlCd=Zm=0j4Gz5L#mOB_IhwWX8BN!C&Edd;2BC
z8>p`oxDo0J8kfcPa=+Dz$FLcKzqLSrJ>g`_WqN`7HbHG4F44d@Ky6xdBNy*1-e|g4
zXY!rH>z#o?kIAMyMxdC{na9wY!9w<P?k~%Bq9LcTkD#r4Za4Bl&uxnQjrI3VMSne+
zeOE7D^fqgZKMjf%z(pMLaGG0VKz!n5<XgmU*+lwym=~bnrgJ&={4(=Ke2?jzrh{J<
z&e}iy`fd0&hG$kZf-(X0Jy>YEn*r6Rq%n_xUO-eIXwU`DJNk`b@lR<jgSU3k9MQWd
zym^F4-&6NB+~diO)YTC<Ub<71r;6o!k$!L`wjeayu%RcxJ+$BR?JWco!5KsFGPykF
zg3+WD7gYq=R-^-t`WYbu>HSFgf}1B=<fMBPifMIXCY1x*ihL@j#oN?c`p>~sckX3I
zFp%t2-$;Fi-u1U=&*?b@Xyov`IgthXD?qVRlT?Z>4_D%%e%Kdi%Y5C2rmX+}u=kcx
zadlg`W`YEF5AN<B+}(pa1P`u3g9LZC1ef3h2m}ofB)Ge~OK`utk}vs^bH8&>_vpU2
z`^WiHqXwe}wQKFQ*P3&_&wQ72CbS?4%$qh`F7@mw{xPV#G2L}ZuVT>vbrvu32#qyh
zXk!XR&@S><ug~wi8>;xX1cl1xXdI)`m3#b8y>{)bW)U9<#&TB7NoZ?qVQp>|uY&#v
zOag$oB%~gJU&3Nr3hzR}mM!w`NUE=CwY$jG78jD!b&x5>-7c(USZd?6UDKS#8|QkN
z?&Tf<hUsbhw2%?^&k6kqhD*U<3X;>(30JmT*y5ZDyCp|Rol@_*pU_XO>|C~0G{nB@
zn31sKi{ZU<gf?PeHEZ3xn=vs{vcLC4iW+(!p7Az}Iloe%W16#&|1~W>JN&_07@ILR
zIhJ$@QMB2xXy*)u^D9_Su8bC%WW++n5h{~_erZM~NF4BB(kIWVXPVS|twqJ==@SY)
zxuoMW%hbm3sJd#fkR(2?q@Zaucx6RwiKDzGt6b`YFcwW6mTBxF2kZYRSkEw>A#-=5
zVrax68VpWJ#-hXx8&!63NbJ}`g}}#{ndyS|;a1FYF%jKT8tu>iqt~;bme@Ml1-ms$
zjn(lc$2{ETh{J(%N^imm7!^C#lDZ&IrrJx~w-8bS>2LCP6lQ4!MrO^gV&2Vr)TDcJ
z!9BkL40TKn2~{r&r_t{0DB%89$LkV4AHmry#5yTIpvF&q`Ro;cTW@+&@lfAM4<#~#
z(~jw6fx)i&T&)S(B0mVuf{ks*koN2~-fMMD#LvoIywy@#8CocOZeU*2K}*P$?T`9Y
zePNq@AZT4MKR;F9JUy4yDUFVNf}E1<7k-vJs)iV)+e2njhT=nRbfJe~GbK8^ok%5=
z;7cV$y&|e%<xE1w`^<}9$Le^cjdpNlg2%U7^N8poPHWAC2E)HL^wAg7TLaYs+r8v3
zOp%|=_K>b=ICFZVnc9elO?i`Dnla%h%-P?3J;&1-J(oD5X}$fZ%!{n?5Z#O+q%s<U
z%JvcwgJ15x4qWB~I6gIp$cW0ilsgT*0V3lc^;|n1phAo43gvk|K}>gtbq8gKJ_o=5
zY#52N+Ec>e5SX883diL`NM?q{7hK4!4KB*^0y^kio??F&A;6KbU0VAS>T4_an|71A
zD9Al6y<&N0%rFPv*&&Hvm@MTLs2fQaY4YQ_@;*X>T3^O(r{CQsQ)0iCEes}hidQ@i
z6V;l=A+T7#(@inw%dAlmL;6;T2jN>v;zk7rOCT%(<E1RduXz>=X70Y_QAm>X7=n}D
ztVgNEJ*vh3YplF^$lGVaDZBXirwJ~C)Zd;-w?SYh74_Ji!|;JA&S+y*vJBD?ewe~?
zd&yM?Bga!ZtlhSodMhGEzRWHnqqT#yyhrOSIouZFdPd~D3a6o2m?sx{to$;nn@*au
z67O_)GPGy!)fUG!ijdN>5P510OLK--S_Klc<?{`#6J+9KUe2(J4IM#^IG4GwgfNOL
ziESI6H$CNET|VV^QuErhEgx7$!#cisL30rF$t~Je+U}}cLSI~KFMbhmGkM_f9G9o!
zNM@e;Z3zX^kU$WEEb?ePhQZe8;Uwr-IcZ{=>iMk!>%ESE4cCZA$y=s2xsqIQalY&2
z1JAcxK+vM%`3%KN+T}38;d;5v2i+nI&oh^hA(-Se(7R5N!1I^d7c2={RZz?f(Y;?i
z?(jL0X)NH2N()u+xx~V@Zp7VCsKtY~*krOTiD6537o5L+7Wz&*urg+2k#hU(2fn&>
zA9W%n(MX8wU<eu@?(2tAha_l&q%?EgTpj6k&&4cuYsD^GoQ#}Mii^hWCM}1x87XEk
z>S$E-4W$vqp=yhmQD-xZp+T(A@o&a9gw=a}bOqbuxx6WXOz<Aq2BEO|C`fLK&(^u_
z>KHJURh)6=!WB-2@SbjryV+iBmqt6u&N>T4sZnOnyF}DDm>|t-_Asd)eIRfo|29O2
zD-=@ib0ka8@shKHQ7*QpggCkfelR`O^~AqQ6<<?pxuh3A+3FTbVna8jiHT?pB?j<5
z3rCwX%G&N5Au}44CN+v9caTrr>rY5*!b$&ZVCz1RW4=e14*gO8P2hnvFFN-l)e218
zUy0)Ps?h>Sq?v?0U6J0Ell?jzx1?oezuxrV-!VQ3-f@w6Z3{H!Gd*m{;imiH?)HT5
znE@*pzAkx35ZLvyu$Qze5O!g{@#Z>Sp3WWpFk7{OG`JN6XDBM51C7Z4i&7M&h}Q5+
zE2BUcc(75l8zu5fTONE`>hI9o8to!}Z&dM|bV+1<W_zn-+#>hD9Uo~;hAO35?^Fh?
zAmv?pCUkD45q{&W71-2-@eGtnaz<L@F4pdm_X5ovVq=KY)b3$n>oC+Lq~#;(!N$-}
z9lcD}bJ%k`mR)9M3RxDbh%bUGvY3coLQ7rvuP1w&B4PH$Lz5{#%<blxdkvt6z?0Pp
zC1FW8o^(*$Nqek9<oC?A?8R+X<MqXOJmhillfWuuHy)l6h^u;sEJWSDy_^VgBU2#h
zxMWy5J%6+1NqIy=w;q?vuSNSl$}-7#1vl-e;Di?xC8a|1qzdrA32dYH4eVY1<O%Hv
z-zsTGc9*Y7vXu@eI^^3&>S~5UAtx!}W6P-AX=XGN&~1sJQkZjrHf*!2amHRZ$8cw<
z>!SO4+`66!Ix4~Fo8^^B#Onhr1f}y4lVl8JMGM_infZ%iF=saMr_ztu7LN}ld+7Ef
zpe%0QiPx*uN<5WMJv1}>BB=tYqO~7hyAyp;!F00(J;2v2Li<f$6Sb+3h|E1E)>5YU
zcnU7L!4;n(2mEYyGsWtI(ic+?kq%S2F3v2&w92kT(hGkFUMlLm0rmJLWuld6%u0(g
z(U%|4V7IHDepzfjp}LRLbfceg!blahV`cq@`o!w^&t+i+)c4L+`a1np%hfH8=d%NX
z`1@&ax2=2XI!0qQcOM`8!|``w)3$xphhYyVoOX6^(q~uffHQ`mwnVscwQnN^NOB1y
zy}6`}oBL&r<pt935poCzrhP1?aDRp!uTLOQW$YXqV65JGVIicxMO_Z`!`;N1o5|5e
z{A^P>THow?Gq+ueo)t{Iqv&xG{5fX=-A&Rmqn5lTieO#5v|!Gory|pxHeW3Gxx;p!
zce<`_{&U0@RY=b4MnSpCU>f)=X*cI4Q8<^_D;hOCdeo5UyKyQoSX)KGtg(~$oC+5{
zmTD4mIn^)Vw&<-96ODQ#0QydHWj?s9{@6i)+pkgfECR6N>Lr;wjO}JnNQu#HvpjXT
z-)p|jJfdD}vNZ07qxY$zp$j2zlS3*xakSG#(s;2=f6DB{CuZPy&m_;lA|{nplTZMC
zVjV5XD<@4xkoWO{BX+3wp^Z`}f7b3;T?0u$hI@mmji||%uqdox)jj?$$vGbbQY6c7
z`%02zuFoU@*NgZv>9?@Y00Jb5%7>8)*l3dq*qq$VWXl=)T`u2C+<IREv~YC?&a1<%
zAl$jsVI&EG^eb@2>*YRMls`ihG7?`1;E-PF_h#VKd1PY!1&i8W;*~`jt>zpaxrDtH
zsnmU@O(xwR^)A7jv?!EB_%xEAQ2xOSrmWdq^q$Equ6`GqU|Q#O3A7PzPGb2!p8VmA
zAr9q{i!si|-VAJ1QEDZ=Lg#xLu_DnX3ooVYg8;DzW^wqtmt_Lsox0?8rK!}za%z%J
zXb%;kg;d$EMIboEpJtDNJ8M+Y+^YLVsIDLJqXb`OBR(Wg)lM4eFL@b{d$Xy>FS`(p
zM9;ue35ttRC(@lk<RH9h=FGSzPnGX)Rwp+aE+0Nr4WFa(%WaB*lu9ZBPM+`lW<ZIu
zkJvnJ<4$IzfLNv$fG+OYU4$jn<HSlQ<0?Z=Ll{YR@PVy1rCfcAL);)uO(`frrhT$)
zt43dxlah0DH8H`qx#X*mW*k#x#IW-D%>jMg^#_#cuT)9FGG{lHqLuw_t6$6pCCUx=
z=8UR}DQSoAkctgr+4PV9Y?nj@ofl-U6~S1(RFmW#$;VmER2EaF<aRwQaWwzHLTkg%
zWvvDX)LLmV+TsFpOOwFUbG;lsFCvgGBz%)gD4*Br@iV0I{Xzm-qaln|6a9(zWi#cH
z$W*ouzGdZ=&fChhbU$MG;K($sR*h^^JvbRzjL-iN7O%7|IruK1WO(^3Jk~~vbbMyx
zq#!^VhZBZ-dK)}cA^fBL)!uGvUZNV`O!y^_3ajHwm1plyb`SPjYjFAJFq>l&V5ql^
ztW5o8i=HyUU);6je^Nbv2i<V}#=7&4m5IA&L8-v0W*zJqxp9JkYC?sV;CW2UN9j_t
zro+ap!%1{&*%;IHHF;robi<UIySMy4r>i7=cg1L}rU^+8!Kx~LQH_6y`o006zV7s-
zjdQ{yu}Q4Ul?&ai{RyBK_%7%;Irc4vdR7EK3akx0;@5B6m_EiNC0KWM;3Z(d%cG~a
zR@ci<1|#Wz6=h<>fU)P;-3E<T_4Fe;kRzvW0O=7=qnaCIs1HiA##idw<Gi+jG;+#6
zjof2^GyyFHwig~O+|D>!GExE9QR9qj%prkx?H6FD?P42k%0KVQV_G1_EfED9wBg1c
zkxxVT{Jq;=k`1io1|xAkEvV>oqx{`@6jh&ewUh(@A4PxU6yO45K2<yi%t7TG_8~yu
zVl{3KAQOVnkAc10?#TD&67cyQ=(oK5USHtAecb{2Khfq8_xtKpsmVc!L9ffpN;}@S
zc(V<gc3=J4)Io1v(*xJ{a`@;Ch=%&~(HB^yzt&h*0}DS<z@s}mVy?>{zzFba0GP4h
z;&S})L;fcurV9jcVE5$ifshd`wZE_VCkO)i($5CKr;J7VL8*^L)nko+L^GDKfh)rU
zh!K1cG19vO+)#(or=@>Ph{ved@Sy82`~*totvMcr{kpxs2T6E<o*Q9I759M@07k4d
z=T`uZMKy>0kI@zc^9Mm52<)H$w4ncq0rSs2>GvytZ45+P_V6akE+AfnzWDFq`sr5!
z`d$Oj(Lj}18^2Gj-v#FH@9jWd7m)xi5(&aZOq|17m_MmSO#E?o9>Kr|g6{0tA9wcG
z9r^ht5?K8^nd7CV0Rw@rH6=F3oD`Eq!~cp8wSw@Wz*JDKK57bHk^FP={C?%1nE@V#
z3m}nrKqOM)IQ@O+nijj(ztBTW*ubZz6dgg)-^|NLn19s8e-0NHfWzQ+DN>k703g!j
zhx(4iWSwGhtKaVn@cs!19>TT!@1*)aJE;V3AvkM2hH<SsbHoi#)s?fyu}54%H(`Ky
zUfh2BcBd<WOMRTi_=0F3H%*brHr9vWj<d1wdQm{)!TeR9W@KJ5AGTGBq2o9~`s}Wl
zbpBO#3udy85422v6f>N}sV>sOViQcMp5Pr;eoMRmr}4aG_MXnVW|!wcQBNN?y1pKs
zHfdw(`3w6-=u_9Lp}CpJO0*IC-9RLqi^0z?tXq(l$6w`Or~`!wd%n8ygvj(cDaqPt
z5!aJ>JYlpc_CKCYcsO7U2!wQ$^*>#>#ml(QM{9bY!^D3^kZbnBpy!K+u_e#*1gbh5
znh(d@ll1rE5eM_>XWKzJgbe(Pie}<@gabH{d%v1+4c5?t!<O=EudtHuI?cd`8lVJj
zX62IKJ`=1VcHaj*(s<bj=v_8V7->UwcboS(xqGGUGZCz}7tJR@_6|xR{8hIO=mfe^
z@V&fE7`wUF5qapzZuuB8W)x9N`OgHPCdKT~-06chzY+IUqM4uSeXhL0T=~eR{3-A}
zCRt%ptFg{A2a0;tfyrzm7ddNKvHvo*_DROxg1>gnv#l{NARf|M3>)s;JG7Lz8x}F2
z*CZ(XNZ`nj)NWkM;H$Mz<iN&XNm;U69r_GKLX6PW&iLBS{Q^_RYx>$tGcx`9&W+4Z
zaNnjm%`mX?_ecLVgg9u$MKx%((QiGT^o|^vXoil%iSS>%;lMOQvbzi&8VLc2yY$Rt
zF0Z<d#X^*pv?~5PyVG{=v(h|5hB;d=&PBO`i8pt@masa1K`=NQ@#QHbPUC~ROS*vX
zbwd6dD=G==XL^2t)<Jh7xuHv@Kt%mXBP8yX_G#9MJ|G*2N!H4Kp&Wj8Uy}o+kHh|i
zk1#2Rdq}|n#%66&f*xyVnzRjvJFKSZ1M(yd8*;DMlzq3})G(!A+Dl!#9ETbr+0R`B
z5Rl>oC|cuzaHZ+#PA5SL=ANc-Hrfz!;LN+{HQCMCc$4o&FUq(J9#4qTaD;aE;UcG`
z?Dz5TR1Pk6oo3a$Ju7Q5jx=oQMUBz&70Y!2ewx*T=bx_KF(BZNt30_JMxo`1Asf$F
zv3_~>@?h`SK7|Sh>st9=_yen6;p4`?#%X>(DcYOsEzzBwYeU@BFT`!h2KoyCl)G-g
zzijfsb1xMr!(k`zX&&;w#5;NXy&N*{>4jRgKaY2+8dk4OqjXilFeJs%8ewU65`vmO
zTN1+i1lc9rpjA%J9<j_qPZdQABXp?e>9pj!J?90G{)J4*M3ueRrz~0$H?*?m9IC&3
zPMpH_PUDOi(~ZUcY!8L4WC3N5Vb>oKeeDUMZv!^#*uYuxxjl|)sQZ50q|DH_bi)U=
zK5JSyDW#1uSCvY?+CR2VCL>TlG?-T(GWkv*oKLqCPkc4cmM^qplme{Qc18KbY)XGV
zpaYk~upRsYJ0b8a&M(cdgKy3M6EHfyPCF$E0_i5&G~Q{2{NyrKmjdUny}4d{*Igcp
z4*Z&+2A7~gQaS$;=a3wwP&Z?qJP#66hFw~_JvYaM^f6e-s+Ky}*xg#?S}3sb$Wa_o
zoqE$5Fdv6f)V<nMMaQQDj($%qpb?ew+HmgEOo;3ZQokCt6LXHF+OA*HjQYx$M6~bE
z!ge_Jg?4yyeeb|i$6XVtfb~2AN$GhqS~Y`tt=hLf>X%de0+)#X1XcL9X6|;hL!&QH
zzR|(JzM8R@U9hm|s-`X7AyFG(U6oAnKu~;DxX3PtjzN7Lzd-u%ha1`FZcre5J5hF_
zBDH^SN>p=G=%LhP%$MIuon4I&32U?09p2{v1Wz^N_B$oz*H5;B&?=N5I8WQR9~g!}
zDO@w!-w7bm0>lbK9d&~Kpr@;gr#BxOLi6_rZH56m<#6TIknQn1;r4^1AzfOqU{9n>
zFMc(@^oM4QC^y+<p%)+c%nQrD<Z&V{f1F^j%X>-J`lTzBiPQE8i|Ck<&Yc%Oo0lhI
zl8+{o{{Dkl%cS|L(9XvCJx5euFODLF@wZThJ!tMN!ov0uu_m{N!`@{c15vhPBJ0Io
zjSn+uiABB1j;=vi1^Uzy1rwd5p4HqQiKMGgJQXjt!>NRm3D{uMOyO|X$|c+lALnCk
z7*9a3s@t~=hVA&X*YUYmPc1%Pbi4sqp%R=adqWYophr~j2$E$}k|f<~)5`9g9;mrQ
ziTjizS-^2*5!uEX%1>?PvEB?HEtB<8Gqi!vI7rw>2CyAib$#t;G}zlfUHh79;TU3}
zd#$CE!iO|}KOoK2Qi_fQaW3hqjX=}#Q648B{gpL&H~aYzQP-Xg5BZ(9#G&g6N{Lq)
zQTK`R8A1BIhE3$v9iTsqu368Bwno5&{AK_k2xbFnEWHKnxP06n;STO*<z4Vzk*O_a
zxCwaXEKzvh7*mP6gtaIcZ;omDF!|wLFK+?cP^5QV)+J}U*RLruhvRz*XERaS<x1Yx
zk2UXbM9BVhwTrwnYY`MNzcSNLj#1>9@V^&)|K{K{)8}9*Ur;o*J6`!>BHKKNl1g6D
z>TL07Wk2QW@p8a*XX9X@wOCdcdV(A6M3%irgeLLGJS(MQwU?nNbBNOX8U|qgY>s<8
zO7eker`ppE`s|HqC}|Gw<&_3^B3|?sLm<%?w=5WuM0cX6Pj9ST@j1{3p_?z>3IxQ3
zWrt&wyq|A;-4-c_GAjFumIKCEM3D>yDCisRi#w)A+mP^m0sL`>I1-(=6P=V3Ub)Y(
zzVyTw^GJf6m<igc8MSXx+n@5c*tDuN@YBL{C+tm@i}fpM&G3VV4k;X6?--u*JT2CB
z?}=7#zz~0gSM{*vm*(4?wu9XGt3v~ng80UOlwPjVv80TgJzMz|IqOR$Kp%IdCHL|W
zaBrx;-JX|-dKxsmx<Xi<0DN#iiumaS5D6e;sF-;H0$7^TF}3DG0RIS***C@H_c00m
zu;;ED{2wo(fWHhz{ataLlOsCtOJllS?F3dh{?IO7l{P&DGhfi-=E&tbeiS}V=l9z2
zv5??S^Rp7oQaG|PogppDER0w!Dy_a09_}suQpT?Bt_uhR*;x+=;IQAi^-|GY7t(sz
zXa;H*H7aVCTZH)b%mrW3g7;H?d+AQ6)$aCZmzZ<0PLdOL^+K%?qQO!gMmQf#2R?Jb
zgm|6AJ*~D;+4z>2d-k=emMsz7WbIYxqxG9|qnS{gI_C}KGJaPs1E0EzoCk6I$N?P;
zxAGd=uIjc2i0X%@{iv;!Zu_y-5(?B7QEOsUvyaklMvo7h5p@Jq{C62)7w2n8>SBVq
zJI7}uuV;|RYhpy}q%0(??848wi!=hq?iVtd$i$S1ER;-0KB)r~MVG6)Mih5j1heh>
zDBkRSX8D1VbGd#IL!2b*Ml)-D%>i-F+-10lY*pl1PMNJ(tCKFo`F)veH35@53x86(
z;}!A-gj24(7iYx6)t}zeq(2HJrDYT)ukLl(x{tzInxXUboBRrV&T;rv^I1KFG2h+U
z(lWUk-Fibvv_^a&lCs+cWaE#|<=>vE5_SpRhbijE<W}bsGOR(V0pk7r5N)E5vaAnK
zBB(qv!vB@8qbkCXy<4JSYM8zd2ryRI`1-&QIk*lA`@#qBpTgvHdJkP>(fB-j29Bb^
zBKlmVFxXOS=OX9+m}P$LR^2dSA!`FSQ1sQ;I4Z{0YJta!a^pevj^Zfa9QvU--_q-)
zUzixRPEx!H5fdJPc_YdXLrK`{JF?hA0{@iOA}>@eWmvDVOJ=A}4r@MFQ<OgfYO=LK
zC8{&7{suiXbQ5ZGZc!=77^w^v+CVgOm;?*~1ra9+$0Yv|k`Axm73RL8k2;T*`v|j~
z6tzh;JHLYM;FodOSEyO4G0>$Xc~LAoMHv*hO>9|^oTy%A5tv>QA#8CZC4_zaZ#pTR
zj{5}>X-D-uHvKfa(0z4pE|D#pvn0@a3X9sOTrpRQ^gWFiqk2*<{@DDNo&dSv7mEa2
z&aBI6*JC~S_9W{|4vszoLJ_&mVxSnnJL-1+UBC|q;Fh7>A8<=F%dI=0?={nUlKo7K
zgL!-}p>6p2LZ)rKBR_F#YVhqBC&$_&x$~4S^<M~ddBke=)TuG*hVX^0qHTYdO)d5~
zytQDyxDQQ2kV=R#t+bGc4{XPr@^ky1@@Jt43{8dtxXW^4i~S3s5NEwg{z-JRl~mDA
zA&8i$nIP&+Y(YE}hatvRzmLkYDx(5d1It^dCf>`kp`z)UxZzx*k+tNZ;Wn%8eHOGq
z64sP)7XKc3*{^6h6q2)-kNyjKxhrfL8R<cz&x@~@7>)F(bQmT}jxn7u_6}OJ$0Q#6
z^cuN`E4i4X=z_xPrpaL9_&2D<{TbWzgO%8j)6A4d#i0a#(m#(kDYOlRsX|AyZJ(g~
zqTKD?n&#dGj$;GX;hi~OzGsIUL9+so6h)ocg|C6=2|86m3AP8wJG;j_z~r|T=x}{i
zV1y4+t9z9%sP62RFExdK%Bo9xVD>0;OTBuY#~ucr_3YmLghvYsNI93DwgzGcVl{ZD
z1)a;8hoEP|=`hKMsCQiCd9{D@p(nXK!_3OzzyXsP!AxHv(fyMiA>_2E%&kv;$vNd)
z`yNYob(jy=y-%g|#~H+oqqAX@>-oF(X9T<729pr^SUnIr+MGj4`-nN0k*vU=l~Emb
zH6Ig)!aAM`xic<JdBKr4#p%S%NLBXC^e~ZuA;U)78_?!6oD$KJ;%{RvNAhQ$9WFs~
zYAMV&@nu)z_|M+)NhS<dGDqMf`?r0uOma?~*!(A+h0bH}Stf6q^ZtdOCR8`yqVKUP
zklN{@$>8`gzu^SbN~)^g4~qC)3R2ugd$b`q(a5t;1!P1mPJV{I?q5e2wW3OWT*|N9
zlMjHLlVYfyEgYy4$*(;3!aHq;(d;NdAI``J@hcT*7!*MAbhZCN|L-RX`K_QQ1gFyG
zDYvwY!b)AsfH~gHa$K@U7YcqhBJ!vVC?7DBoo!7>Fyi0RM{kvT$58jRFu_TgKxTk6
zs~{9zIQ>cN{icRZvwnDNy@E1WDTfLh0z}h^5kk?)1f(*v*n2(*zqEK=)Yc7Zg{{oL
zc$J809TR*PA~oz3dN9{_>&bOiP_UT&(D{Y1#o%I(j7TqGY*!USj69Nc!Ql-La6FD>
zplg4ED<hS$;(dEv7C?v8_RYlV#7F#lzGU|$krK_kkP`F-K+~`2@%+7UV2R@Ul2JqN
zm*y|v1{+52p2~Q?IGcPErGAT+em9hJIi0H6&aVl~U;L|R#P5p-GBAIG5BpexwW7Sa
z?x1Xl`6)ZF!~}Hqywyg1#0ApVX}cu;Uc<4Y1;Jo#UI&s2v_35-SkHg{O~Qv0@hazg
z&H(N$p`$It_qoe`Xz<x+s9%b4TQYkFRr{y@o4a*OeM{^)9<;eai_~20L3i0Xy?~M%
zr^-R~rS_{^)z(6mH?iW>q%YOnh3J5pD!2Zbz#*FRy2hhCaW**gdvaz6kZQW6h1`mf
zR*VE3;&6AK8xRvV`sSqdN)SX+bal+W*fFN3sE76;f>rd<WiscRBhWXa=D59jOuN{n
zYojM%u$G*}z52OFn5_}tiv&*`RZ_nt{!y-*`w{N|#vG<33$rKshH?uFv$ryR-m88-
zevV>xjzEVMu{PcHav=PE@L{qyS1)SOeRb0}(xwQ^<KW+M6%4?We=o$FD-QDTS7~le
znur*ZGo#5FTIOLL>7G4n$<(}-0_j?$*Oly|EI+iT2#dJ?)Q&j9G-C%@l8*>#Nfm%X
z$C#0<QB88yM3LSJ>h}<H8I57%zAh4kTomxb;DIxUD0X!BpeR$5gaQwil@;pzzN~gJ
zn8dP7@}SNYQs=$Q-glCT&+HM5&qTK;DXDpef{yr>pRlaP&3-w-%zpQ+;0&Ex^o<n#
zH<pCZR&8KfvU*n(jdFrBhq1i-38@tS0jXfKw+k5KRBemGJmm<2&7km^^Ch45y+==5
zrWVoLS6d52>OlQ_)&P;D9X?P3S*czFj=~*7XS<!34zHDc<A)0uO$^`+HqgtFM`ge+
zMwhvwpG7#()_Gu0Wa_e?%Zr(TeP^fi=-V&n*4M=_WSL7F6z4JrTS>Q{awM`=pwf;v
z6BTRQD~<lIktkKc1o8ev6&NS8Jx8zKE{Wl&VO+f!cMZmteD!|5=wCn-!eF~LdHk%t
zvq;2iX`W2<SNP<HVBs>VCR{fG1dplqOT#o$%o30^_uzOr@a6*Y--1inGG8S@uZ|>R
zTZvSU5w=aM??h+ko$c-j?Q~*Qd{C50Lto9CB8bt9w=v@0$|=W4m_8Y@J|*?bZu6IB
zBQ^09xZyA)H1X+RF?F4#e(t@`(-|!J?|_qQA8gwd;>Hg?xXn*H%39&uIsRVpfFkx1
z8!+nW6i=;ud_EsPI78=gR$s4}%@TWa^u|<OjK(G3ZEW5nrYO^>mH8KMVm`!c@8Qic
z1kZ&6%oSEg0oriEiwiw!U`f4|h{5b>?b7fxI&FUpfSa}Oe~0eqVD`v!zbFY?D#znR
zy;p}12KHxXg2#M?_dty=)v}cR^t)0skhLg7>H=~0y8g-;ov#+&m=tI94+14X9A&$(
zJq?J&s^PKH)92qt$uRE5XqBu$8rOO2^Jq!P371jaM$2H#<*Ms`34N8dAgmh90`hY%
zH*W*ztAnjf#uIi(M!`$ZH~P&-C#29(&qwEH!NUpAV(!MT9n!sZu;AXmufL6s7ud++
zX6q|fCSNJ76&_)>o`mGndK2s-@e+sXdCGLaagEgiUCfJtE7GqeT{<DWY`x-&*$0HY
zDq#q-a>p`pxhz)Dxh(Ch1#9!34a>Ldl@U0p19WmE9Hnd|92O|fA2*j$F*T*i*rwBH
z={;0@9I<>n{=!aNDq#`k6WpjA9u*nTFZ?R&f!+u<e#e<H>b`|#7#-i}Us6_F?nbRF
ztyaZ<JzaTA_yD0$yDf&B=mlp2M|!gtFCMwr{H=%fo<GBVhq~)VJ{NI2NG5k&vf>jJ
zKl%_76etrOZOJ-qC!cD0o{splzAFd;*3MYB{cR;}Fr&3#^+0GlgYR|FL5ANAi+Ik(
z#pJQxzGnPgJ||ay$HNsaR~?B9xl2VBI4AETo=42S^>)4P&%)+{ifTrOHH$A&>vx@b
zqZzYaT)Pi5!lawJJNS`AcZND2*_6Y;w-Ai-Q?=jDIq9@$1YMk{ExRnqSwakp`A8r{
z^4BqNoyD8!b<C}pBy-rn+c?*(R#g=YRog?ch)yYDBXa}<GU-NsH9I$G?UO=%lZU^l
z$0)Yzm@oN)s1;#tF*oPal~J5`UXwkTiphcg`Bz6R#EtHz2W31$lsA-03$E@+IW#Sz
zhZ6Vlp1UHvv6L}Jo>+G7H^NTMXl@vZ-=rY$ti(PmHQ=EwP6Y_O-4s$2e>NgIHGF$a
z&4z9R!={5cxGs{+`ix7oTdqoUh#M<76Ff!YV1Pt6H9GQsK`%Fa@JlsJ%=puMMTtX(
z?0I6+$Nm4zrd;R<UW5fwd2F-v!9o{SGhF8#+>B>GdrFF+0@44EXbPq3Z4yoL2rSD&
zk;p=O+nzru*Tp4bQ|xVj?3Ng0;+B{{e%1CR1=~y3^C^clZ^cL`^1QLDP*fdQQM?fn
zj{byTITzuqr7s7k`G>rr4=*tF;67@<p+K4I3vUc))%q6!*bQ{LM<ngi4fLXC7D2|7
z{EF*cIK}!s;&9;L(ITI7I9{)XqmGWlAfPeqi@gtg>(FUC!V?-$m0IfQiM8od$Lr<O
zLjZj6zq$yp{<Yx+#tGs<aLQ?%+%}kFclW@k3?B*HlhBo)3ihYF{|Iy~yU5H0-Y!U^
zgkonSj*CY@^IFRJ2IZc=(pJ8iQ!dsx<TKGwY{D2N5vBR$WGXOF#!&SU`jy)6;EAN%
zy3qfA@MJxSov(0Uu+^E*ASSPNsB7p9-M9a$o$FIKI{BLkwRa?awL&DvY}7Gs@iX_c
zlERGp9X~7H64O4KW?D*2=rqaiqR86%b;Ro`8CWuY*HlqKO7pR9HtmBGcGzMQjx#E5
zVrl#qhf4MYPEisN>tRe^o`MqZQ74eXGH~k)B-q|QB@Z${kT&`-Q6cbazcm9Mx}}X?
zTDSeY4C6rrdQZ_@EA)5XrzoBmEq#7+6@iiwc#PjQ#%ImWv1RQ8m?6q1IcDTD!A04@
z$W1weL8CtUe#MMWV+3T;-#0`q#q>jVhZ22cw!E4dSUxSoPqYUEx`zx0%1Vz4i*RO-
zU!)f)=Sq*IO<<Al$ZL#Y8-E!Z+_-KxpHl?@h7?@=uF$4lr^-kYnoz1G<W@P8b73c$
z+V@a96{f0gPGy}%4sIFHqMk}YKC*kWR+WrL&6Sn{skA+IJjfQ3)=$uha<b8765aiV
z1BDmU6z)*v3QQM^Q7gA5w=QVJZP0~A7P|d%WyU@1T#R2;#09%REn0H&p;l5tse@A|
z2<vGQeAp3-W|@cY9hp}S=?NkYX`n-}-q^+X7=bdCuR3P9K5|qu<lfZ4Y|?VL0Q~M=
z0=Q3PE6R7?bV@JbUU?-U@ewu!Ryv0D>%A)xy$~qzlN#~t;Q2M&pf{3apvc>YoxhkT
zq(H%oAlwNpeYnu$Xha`#rE<DGL%Js!unBt-vUced)?!bk7WN%C@e=!I+=S`Y54Zh(
z*5@;puKrTkqH9(yPjuh9KzLXDUP&FSb@=voRXze^vp@x+zQNPn!s^0xl9A<g_#U3D
znlcmuTjUQC#i!;ci9)s0@DCiylhpR;=EI*L$`;~J5M}EZh%(cX{2xFRdn4($oTqoG
zK!evv2}n$gBB5)TWfr)$N7=X^4>92UUlAwSbaDdC<_&(kEl9aBPk9Jb99Jl-nF|4i
z;V=3F&9DZbs|+xJmq$ZO`lCpkZZ0o>Rj{IUAXX^rr0gQU3#<@}!RZ8`{S5-<7O@;-
zA#6n-0#;gnIf@bE$>O&^i91vf0us{r>^K8J_mB0#Db1EZ$$Z}w7O(?nqht~?466m4
z{DnmLiUOiSM1N1+?<@q-F!b$#x`vA_K@r%=v$I)&Y^HkwQ8_m0bflkqEND0P19fBw
zVNnR>1D3>obO9oxpdJBYojni;f&w#yloVXt#{E|phoCU%AQe;1KcIyFZ*Y@{Eoh!c
zk0=_YM1`LJ7d`nedh#Pi{V#d~D&_tElxGqYhPH7BO1ug_qah1pO4u3hNF%H)OeQN$
z{*_&oKk%}ykFsq}PG_sq>BW`_SEs)q6q|p7P@Ml0ghC`%ne!7uk*0obdo!bSr$g;&
zEx5D8QlgWZ)4c8lhP-w7E$dSazA<I)>I4EI%Rz?k*BS39m$S!{&t`|I&mNk})h#1C
zFVpeX^1D7R^4M0dSW-rFltI<jkHp0Bz-)7PYynKgu<X*GJ1#a1s93m4<24<o$9)6u
z8PT@&{4AH(4z9owsEwn4{j${sB2vzO5-H5hmHuf!nbv=`Q|(ud{8fUe*)MHY-R`y~
zBd3~u<h>6YqW9sfMmpcn13iAKm^}!@LhQc}F)LpPl{25acYHus25E4eIQJflpxCca
zG(*c9)CeUJXp+4U>OAtXQyEs4cQiDQ)fkN^fL*@MkKp;{=2AVhjd1z;kq&<Vx68xY
z|6VrbP1LN{D%j2<m!B2m0g}}!<J2V>FAt~TKtOl-V?z1wF^+Z%V{eQ~3t^Nfa^ZZx
z>!=MT-9HO|`+zWXuFLj?%X2$W4qz}mj7s)(*nz5oaSAjah%=~c{za>J{aacEprV>7
zc<<U8+$do;M-UbhMeZ-D*aHs|z6*R?=ZcN)Hh+OD?FD~;D;Dc5p%@Zj(Kac$3fa!L
zRuV|fESB)@{0tI~nHg)SbKT`pS`3+05&^6Zm{uMp#AT}HM2TS)tI<srISLS*)AdW@
z>y|>vucJagcasVi&)8)p#Kqa%SD;1=zHGG)%d{Xeoo`kfQ;%PralBq&-(>q-FWDiE
zlJW|igthAJD=eu!KvQPX-gf0CbX|&hY4sjyykpd!ugB-}2hm(L1C;lm(R&8Y{|Bn~
zSrTM)lde|M8)nPz^CY8_%d^qb9*7X@1W9vKfvWY4!(6{+1}F$TIH#2pNSBZHu4|Z=
zda3YJDzM{(SRt$X^b`CTllUj_<6Chm0uuZ~xn;HHkBE>jnK#4LaY&uosrGsHH$&ab
zxR-vo;{zLL<Xp9yXs_Uj_OM(1(o$D|_OdU;B-J$NSqbbPVtQ6>4$>lRQ7e-Obid9h
z04~yP6EilM&d2YCSuA)fcSPupUaag)lbUNZkxuDOK;ct$Bk-rT2%eO5ec2bQJG3Hr
z5e(MvT8S93co``W8`JW!0A9wj*673Z^K^@%x4X>yt1Nx-A2S;D{1P|eZ)%Nfv^6C|
zSqhrddY-$<{QSk=nM+a-m3gdH#5i>H4r|gnknrwMUGcW;*oC*~;d~aTBdNTC4x_Ha
z5w5e}ngQv|r9X6LT-9R?u`_DT)Q*QrsP84J4j)Q~C%+!_b_pT|zqADfA74NO%h%@K
z(R+TV5%qpGaBxdQ{Cl%a=LcMIHT(j^>!N7l6i7~r@>V#T>zWd`95N$$KbwTn4idp(
z2+pXc&}@G(Y#z~*=WnRq4>m?}7mo~I9?`V8krz3NN=-tde3te81YtoKpY^JMLNBD5
z;ja!VuD6x8p268|>6y+#4K=Z5@`ml_SFNt<KoiV~E&<)wUKoAOE6A<Nx!c!Ue~FH*
zc8dFMJfr^FzV9f)qRpffyGJ99zsbw+<m+0fVpTfmRb&~<b2Yi%lmAruekk^0fMWke
zr+i^U-{>3{>ozWpj}=Ma=3L}o;3>8{>DN0qig%VXNSP#JscKk)r2sAz9YRu<MJT_>
zecC>ZRB(^m_BRH9i2~qz8$SRHtB0VcQzvV28eR`umnaoD(|-}i;&%4DNZ0fWD&|vn
zsP$H2k75oVR}XecN1rU#uAoFw^9G04LLrPN)SY$`&rQrgmc>VqCtqryY;5!k1_o<|
z7q<)s<wp%Je`DNTD!yykx_D~MD>>gdx404W3grvBIFzqKoVt^tM7Pj`AbujlPREUp
zKH}nI((DkRuSc&lcKlt%bKTD9d3?Qe?>xM>TDVb1!y9{=k>P}UpJVe_v!M;$hp1kr
z(!Y#uA=rKcnXHu@rHR(3({aboScEjObiOrALb3h&@Y9_yH9C>?q_B#?$Sm9%dZyq8
zo>YM2z9+&!^SW5i<?z<w8L@RM1^SvCOCQWlBT$!k%AX#<-67^CsC_^+5EI?$wa@kG
z3Nn0N$B$Q&)tZ61R7RhcrfM^5c2N^%qc&m1_cOt^O|j7W<OFqlJV|*e#HSttWxc@p
zcOEAAsTsw`NeU&_9m-JywGI36r#JXb_Zy@dH#$Pmn|V8YTn&|Td%HK36)pu|XREgl
z((N`L{fpC941oWpiRu*VHJ+?yENydm*)WDg9aM5%Z2?g9mpkT5ZqV9|;;>U9fZd7!
zD&v3}Smu@<@=SkuMLjNn{$5BJR66IRJkB?5Eu=QTY)HV4@;-HO&QfRN%8`g@-?BfB
zLR<bWS?(0abKL==F(FmW&|8AjLHs%NU`f;zv7H4ibn8=y4j9YQdtALnK2`yubj8Kw
z3mg)6D)?Z6YGvDwXFy*&B#J40?{5Ij=zj!g)P#a5#5H$(&CU19=bfh%c}Xu9T<?+P
z8A4gqD)L<b!H0)KOqO-Mbc!q-K`2J_Xj(g{2Djf{xIW|*xp;{}cvfQ~PkTg4b;EjC
z+xFk$Gp0WJj4_T{U@?v#cC?k4bg|~xq+mZh@quL_BFl~x?ck<SvcDc@;4|rtb9xTI
zG^6?dE0_jChk8-sas%${@_CxpkOWr7E8yg9!UGZZB4A&5Do`+R4e0kSIV&n38ezP0
z2?y4)m{fA;Q!w@p`@CKr5&}@|JHo|ZCF8m@Q2TRzYQ@Ht>oCzAmX8;Tbc;Kr!owcx
zogJY@*fiRQqdgyO-%n_(SXbY*{S?oKM{Hq4OFDwc(e>qsR%*LoFzi^>iCX4waxp_O
z9XI3=uhn;Z?XQpdgpw^hqKLX!VQL!_%;#-H)gO<LcMQOicSN@MI$)3SL~pTSXh*+|
zi+rcXSVpkuryYy<^{G53Rb31;vxNek$V49wHs$+m8*gR*3F{u6h1hETSLcbH4w>P+
z3MiSL52~`-%;2>Hcx~gGh){b-ST3iFh3&&B#bAduF6+r^ml?0m^>Z{yE+NWwW6!s!
zS@&bq2zod^Z`?cGHk5-;4vsBdhqbx7mO|T*8AaNkeavY-7m>0iL$Ohw8Gedq%=dvN
zk+`OXlL}rc23=C?d5R>9L|nweF<?nz9BF6Vr+vlN^-*A}*yH*9Zc<S%*+}@O!*H8Y
zk8UcY8}yjb*=g~a!lC2-S5o|zV!<chd76szYP@&7K}?iK8KC`ZLh16)77J2eP+g%`
zI^*pvb>jUF+`|_Fj~9@7*I^IXwNk)+<~$W)sQ}$)Uf@0#MHv%4h!vJgDr=1*VSNLq
z1$s|>wlI2==1yJTT(^#W+#$##lqYZhwFEz|MZ@-P?cWEwMQ<1u!hAia18t4l_l}vz
zoSH*Hk<{o_Qyd*%QBdI)l-Iv;kExU#u(UcwWM5<=>yddU`l>Sj&Z3AvJdHIpI>{<u
zZs+CkN+Tm0Tr&r?EFEgBJQdkDsmq-&4w<L5AE5m^|2G-O)Cj*5HCH7QE|%QR39sKN
z_$tmQXAU4)i<&uNi%KN@xzM{%RSH?hFuI;-UW93hoYF4{%TcB!ys1^mEVAHDzq`c{
z5(@Woo(2o!s5)cc3<&F-h1u@CMc*+0b7g$&3Tnt1p169dcb)MNe1~eS)i#@H)Ma}6
zX}ys<oi%^Sl*<C?P6O!mcqSDK=wNc!%Yp(r<`C2X&bElc|BEFggZB+Uo|El+7wWZ`
z?0edrb~*jEYU+^naxUz`yP80y*@zcuvEX}rdwD)4iAz1<-%NqcP2-31fWhn_AC-IY
z6(;urCgRe!SuKQ&1*!Hnf)q~rNpERB7uqBl3nEFd=NP}-<Bmrw!O{NSFqqW|MyaXy
zUtJL;3K&n|%#_Ji`eqEi;DjWSD7|pPoivu$=H|8JNs-OTUHx`2rot%~Kc*>@Fs8Y2
z8=w#dZG+AnX&H3qg=87(=trl97eO#Bxi4{-kf`>~oH}oeFZD;8duupb6~PHl&tnwf
zw{Xx|;r^d2bIzJiJjshNAxEBPJ*o=0(s}dg69K`Rr*fDCi?&h<w}L_t#f?uXbgDeA
z2NL)m_3qNY(A;FeslIYX^ftC9j7&EXgQrqb0fRD&+US!ozyqOv8;NuPD!nZ||G&r4
zV9m)kJ`mrY#J%c)o%>=nNZ9#~p=oQ|wzO+Pph5kW0B`O0qTuqh0;xUv4^tR4-?p!>
z1zW#UG<5H?01=pjP-xf@vQ?6VnR$2D_hMD+c9+qL%uBU_4aXl{4sZC3+h+2K@PR1$
z<CLZ}$0`BEYpY^M;2^$aJF!;+KM3X=q!EwDT?g7!+i%xG$K*p*C)5IoQC^Eaiv53+
zp$QVl1uGd&t){T_`LxNy)NG0N^lsP=zBRcm%`Xi)Ui0@px+OKB7ELzNbFtc_t}kX^
z%wJG2>4mG!cO1fGt(djcNfd*Z0h-;Pw2Gqqy}5{sFXKtBN8>L5S=S}IEx?<LvgPgG
zZ+<`7Xu%Cj8%s#<+Kj^9ZG=5saBSSKVm$Pj37k@Se>7Edq77Us{XWm3ITT`@a886C
zvY~Chody%()Wpj7pb_|MVNeHfA^h-sX~7ojzr%%V8wg`B9MHy+>_E@!K!&zac9DWe
zE8xxYpTW0G_%_tdY3i8ZJmsrl_~Ik<+^a<6l`?!P4K~u`Y?=~8^vA&wOO%ZfBIKd_
zhAs$90RW@$Mv-{VC4uy;6ct5Js!RGQb5#alD1kXZJn+<{%+!Y<_fR`Zd)DRh!r;5}
zQ3AyWWjDa!DSDOuw`%R{SwMS@6XX#b5U_eD;Q!<yeg#Wci(I%hLfUw3v7uveYfbt+
ze<bo^iV1QJ!JXYT(wwlTd?+IzmrFGfteRXmYz2j(;1vID$|D#pm=4K_cD(TJA(Xmx
zdyBKFza_rnBi1d_50(TMj(C$`{(Bqnz<&5pA#EkWY1Ke=w!ubng$3LHb9UyixIJ}z
zIcWYMQTjQ5NmwGu`TTfjD)@Tc`HG=&_0XW1yutqY8;)#Tu}86A{BY5NQ7pt6j|q~X
z*=E7E>tFaVL{tdW=*u;|ZDNW(hl?d`z_jAff>8B++;?Xb2|Wl$RX86&=M&QgAX}hq
z(X3iIsrFaW1$wij44RAsZTeRQfSla`$k}W+Sz_NrYP&ZxmeZLbIoqW?wz{$j4+e0G
zg`bYQn(j-LN(ksUwMM)xkMZW(EmJ0a)<sdr?2$=0@S^qa5>PE_aQRP^M8khV*^bq7
zcK9!=t^p+#F_ZDIXjAvPXmMNxzO4cRWTCG`c0wUEfFT-fHk3jpqgXg9vt@XM&`vA%
zf5vEnv#}d4ETyT_%z5Tf$qQMK$*D|i@h5EH&CD~mPOt1rJHp_~dBe01Ax2DF{pS=c
zW0EY!lm##z2lroET1y=618y(DKS7$_p>DR&{WkNND=oTYgE4r|^P1H)WhBqX@zf3S
z2K_27E9CZq=~P1P8;Z-LYf(HEWV2fe%E2LST^YiCDuInNrQJ2~Uw>n=Ky(c$sKLl&
z9B>tR;0;f@1`dKaZK8Lh;~_tY1Mv6*nWZg=t)K?SbRe`$Mp#q%-~pt11X4P;VOH6f
zSoGBi=m5N^Ieqk-Tlo_bkP3DCxa(n(IDTO$p92<yhhue+{-L1pCphwnHE&E%#?AHc
z#{_n*#TC{r9ySvegU>n>?qEc<FfpssSpLiZ1w`GnGygm4CTRB$`<K6|8wk#SOWj;a
z3>&>Wp0cw;OLaj+ZW5zOyOjyBw~!65VgBj=f<uX<%O^R138sc=X%T1Ch(1fo5;h`7
z=ZAY*lg;8mP#@tfs`%VZF~l@C{LpNXVo&5e32EF4um-Ts1jjv29Bw+Fo_B#w(7%zd
z=zfYonRqBtacp37?H%T&ozW&S<jB16m)#5dm$Fu;zCY<3rfQ%>iKEqAdA@Li8$xr3
z##hAFc_+bkYbQ2^v~0BB`_&!j36)~K_ZkL#(X0dk@1vBJ(U2|R_LRquBAGq-^TX{Y
zgPKzS<VMpK@o&AD4TRi0Quij#vRa%JnPj-X&f&Veq%&c6KOTtk@hg};%|_^Le)Hjt
zdp2U;Nc7@&ORgYK+K9QwW8ga*lS-#^Ea4F^B1EBI@yw!0cBz28U;dH2Sr+^E<P8|c
zZ{!XAel*IbHGq<0(N{SF3m8<tT!#}7@H>)Z2cXf<Tg)iaKL~y2O2uls_Ix*TfV?3z
zjTcyemFlY2#X2<~Cz-*|^MYngbJB9@Pa}`*<Mtr~-0Wy$f=s8OrN{34%`7Vo8*pHo
zq?A+GA(T^=Q&hg$G_#~5vCkH)reZ=$m7$}|mc&a+p<LAIksoogz12(=eW_(3`qEEy
zZ2BGA9;@8>hIH=&{I(?%65pm0n+v8q#B7<ch$}fkDBf!tjWEtXRxV^)kfiGYd3yYC
zMOkjJYI}M!E~9QVXk?XraoGoST3y-^7AXNO&rb0fE3QB<JoGWOSm;Fd(TD3|psR=w
z*dGQw`L=@`14%u83W;Qt$XKlio`lP3jAN^#kLJep^<R&eAQ?Jc*ecys=`U@cH2HG=
zu$HmhIV$)25j|c^bmI&M(S+O&;{@Nw{Lie-O2A*NP4dToVQsdzo!6{$+x7lpZGy?y
zQ`DJj-Ei_FaQ(G)_b>PMsM)ONeBn_z(4Pb#WW5haH2#*tr@`bHD{5%b^=VRO_&S{$
z6-Uy}pMf!QV<SxNI^nz%MmFJ-&-*u%^1ZEipDy&35Wj&p{YMiRXs(IS*EufS6wQ?|
zKF<dIOTwLULn?BvR#nWY=1|S+zGqctPIkf3X{I5Wjts~`P%Ke%Z^e??i1F{5nj~>D
zLM+foirHneA{X9{`=YQ&E@gdcev&ksr(fDz23J=vhXt`*sVu8U-%^4ybeB!sqgM}K
z1qMb_YSA+0)uQ!W!Z<fel=TAtAu_jbWWg=^<Do^am9t0ga_*J4i}+_pRi?c00k>kr
zS4ePGNRdl(t31^t4+-SMVX*OAVrCbiL%SV<1k~@D&p)HQ2tU5s#5B+L>Gq`L(}Ea;
zsH*;tAP#X=El=YvPt=M)%9}~Qezhzq2u@Z~M#F!09lC(+zN}4CyxnVX8x%+w<~nbu
zWLD=+>TnDMres|6i7_Y^q2mUzU2$w1vwduU=iK%p)Ae%tT~c7vukeFQfr#G^w{o>d
z0Kap^)mFU5y!}H0>O2L1OZ9hULww$^%xC(i>x;dc=#r8ZEH7Ej;B4&7W};Sy`yq9^
z-%e>VCb9BYp#96<#W|%$th<V)4rLwEGF0rjA+)NnB@L2RMO>eH<%)TXWWZjzIEtd1
zKNxJ@y8^s7HM=oc7}OR;Bm{0y$ZKOVWEqKqWP~OV>mMI|%D@xS%U8~w-Ug0SGeJ3U
zm3om>(AUji$nM_6<)ZJcc!~Z^uZDRIk}SRCH`AB-u}TehHbRj}6$p+^q}4SNmG~DE
z)pKIWw*I0k7Rn^Y8d{>r?j7CiLov=}EZWbpWN3=0ZWwoEX<-9}AxBSuMw^sgXwC_-
z4c6b{KEXB+{d6zmw9a?jp$g?`&yBP^lGu2uK*IzM?5n2Kcqzd^(jNI)`B@goXXgY;
z@3cKdAK`jg7W41yQc@Jm9&OH?={E)hf^CPO@igg;+e;U<3iCSK@4|k2Q<eCF+gp0n
zybXy#>1q^JF%)8Vi43HIhh_+MeKr!G<d69W&-^4fu!v~=raBAPt$2b)8(cIxVH)Q(
z0=XMLw&fI=zU+##FOrU-QL@$2k1ymgR5A`n5fMn+Mar>Php{O(weiHKJ!cs0cm`O$
zDCZK;k6Hgl-6V)QR_grneQEai7wo1%&DvlN>u>5NoO5E(J0xGF>QFUA<J9WZ1A~+^
zl*q#Nh0w^4VkGaBs%V41ZA}_M$W)wvu`in(aXB55<{61(icO%&w#|Fd_4b%Ax`}}t
zCugv;ozO2wX?7|cEH1SgTWASOq0kW%4aX#Qb<SKrEV|mZjweNQ%ZtN>)IDz@ltG^j
z=alz6_dI>tIY7_R;Qj%1{-FYvLh1zLZ>kzZn-P8Y4mlj(5<4pvX#J?>MPLGIi{0~B
z;d{Sy3Ap7ek#$4>_fVu#161lX+XIR%@TfDCcXl)gf7=g}Vfxm=+Bl)#U1smYmOb!C
zi(Brw$@Yh240UP{eD|-YT)A}$6?9EPqPO0^Ke!fq5*_o_|Enu<_ROYL*EnKEi&syf
zQ?8kUaH3ohS*dbuZj7aM+;c&P3>F(yhYzDr=oyzhQIi?X1Ui-$<2n73Geu*4c(d{H
zJLnA_9(MbINVRXu7bl!5*;!kyRS~cQZ@djh=V&|>0(9@%I9Bg*lJQIqxtQ|?aId}P
zhC9(M)Z`DyawSj_=l7Ed@9Ll(A9h45(t3J*z7$cnO8g61+6H1#43j8`DFEjpVLE@~
zI1r1%Y~VT!aC_jNa|mr73HtlU0af7XO7fqNhoA$B<Rc(|2Xh8#p%g&sSMq(l(?1^`
zX)QNV-HR>B{qS=+vZVXNL&O(?3`qRJ7^K1ELIC?5EqJK>6(G|GFPsATxd0bK$Y7Wh
zi1ybB5xx*0FOhz~{|MPUUPg^T-Td7+BRUg^v!sUJNJU!!jwVEK%R_8)z_tvH)c{-%
z@Kgfq>q?QG{9n6!bTshkN=?i^>`2I-`uf~pgi>r|trIU5TUpufloQHT<NS+pjDZZ`
zsiDp0NeueFGHU=C`sthkO$^kCe)n~o0#=mH!0-N@|Mdj<uhGnZjb{E&yBGOBAU%5Y
z@X*;);`-}Mn|TCJ)p6g$I{{%BXum=sQRy%$M1vi<BDD?)MJisuY(Km5*PhRi-NjD%
z!B0PCt0^g^M+zU(hq}7GCq%y0K`vohS%UThmmG(wL17`1lp|%#Hd1DWLG_&Azu9v<
ze>E*7@1R%Z(}naR<L<+`)?$r<6XS!~zS?3+l3NF~=jC#cuXB>Fi)P=)#A-j6kGTuE
z^w31FAA$Y$@}l7LOpTTE!mCa8Vuw<#8d!W=dTpNpu2uLNoB3x)qnaNVYEO^TkwxJ&
zH7X2*GRZF%JZ#}Clx|I#5V02D)cp3Zh+Yc<O%y$nOB+t5mI~~FB@y3dKHBs}N-YNA
zF6G9VR{sz7-ZQGH{%IRk!~!Z7M5L<-NL2_BiWCc=G^I-yk<bH3?*<e^K}2d2I?^G4
zp@a^i0VJV^8k+RpYbfsqy>IdPKksusoU_(h=dAaG(GR$@_xxtAx#pUgjdbNo>YMG!
zxQ>bPv!jr7Stftw){oqc=ejyQRWi=*jT@>*n)a`iY1d#crFlM6*vKho7@I0Ll_!)~
zy6E?@Pkx<MaI9gQ{mO0cmM&`}CHiPI`4g!~q0jU<SC5FoPLGS=T)T?3hgAgExkuKu
zxDM+YH@BI(DMgC*n6&o(r6db)sHx|UOmbs!S}<QeYTeDiG1bChq(NQ-u~R9bVY!A=
z^PiJ&Tr3VM?XTQU)Qj`tbewsTl=Ij@v&mpQ6J0CR9^C|yP<lpv$bzERqzBo>OVSIM
z-g0q$NMFj=k86xsCM21H?K#4_X<<m*76)l2u;x)<ji?sQu<eHj3Z!}wJ%wqN9^c<5
zp+xi0dvI)oImq(`TAp5eSeu&N{N)~qq1buJX}KW?cn4g+P$(~3IA7f7bC6wyc(Lrb
z?iBI)De9*v9^Hi1W2wCa#yf^JhV(i1iCp?69?_y}__PAm-Hw-Mr+YC+?%}GnixOoS
zPOi7}Q)2==`m%f~`3R#1Nr45V{3%lB<Y&>kS$b_*rwZ|xx$53KiL%+^EA6A6O~I$=
zlQXa+g@Jbe$Bl$eq}4=W6SS?1f34u@fatU`BVjEvB4Zo2S>1=7UaD-=f@xKfuXFX?
zHe}hhf-1H!McROd(z=#4y$hA5=RF>9C>ZmRmj;Hgd#rY;(>Sh|%yF-FgsQDh+9XNc
z0%wk|jXQWoztXXnMDm|CK7QE5?0|`Dn4Er6XB({fLBe$n1>bs&n$IzT&2ho*4{RRx
zx|4y;law0*wgvjljD*Jx;_O7QL!VY*FBtipwo#&S_!q0EM}K?%D=G3;7L2G$hVHl(
zVNQ0d5plbP94aRCa(-lXERx}V54_BhU01#b?N%b6l6^`&HJgGM=tu@;$!^&?sy1su
zWss(8K%d>H5{?o?J8qAn>0??_Vk~wA4c&c5^Rudg;KwHhB|Wu`eL!OdGtEBJ4ljz2
z+o36(cvh*Lq6J{cIj2GFEWJ$B8yo$jNo3UdJ(n2r<sr%I6_v6q+ZGuVUmisCeAIR{
zDK5Mfm%|#|-3i^8II;D8W&=h64?l4qGBo^EVezYExXIY^?b{o!r{?L=?bhzae&1f3
zauwulTx8OvMZ25HfT>j(F4Cx4HkyLeZ=XICrz2@cV8}C0#L35k)77gwebO}Sffyxp
zPJ`lvUzO6am{4Qn4q!(|1^c;GI)7tER56P+cF5{3b_n6lW_RcJ!3fG--GMP^q`y!|
z|KQp#Hs4E0W8+ll)QXkk$Z*yTj#0z(+yVnH6MsXi;`a{P7*tXEgK)Cb4F7mW`kumR
zBBr<4dDfxaxrk=T>}pp?4Gal>?>_aGhKm1g<`BCXjRZQRH%YX?UGuSk(JgnU<cXJ4
zXNefAq+rW5L$1EN0`|7Me(R2oceOlA?33lOL>4YoFN;*$M}vf-FTw80OmSs$eO{{Z
z%cV%UyYM3&kz?A%ERw=MaJb<aafM@4N?Nx%jT5i;iW<=FnHO#$R(kv^<50fAqO+B9
zGX4;`JBd8nalqXF_Jbow$<Iq4d|ZtrKSg|jDxxZ@P_OCVWq%3-t<E(0S#~A&eWsSn
zx5K+Baoa=6>xm+aK-BBAq>G>pu?)PWFZ!lIRJ4w4CD?aUOlt4Mc$RG}zllVD6VV&X
zd0_Dm98Xf$Ne`y%VhMAe_je4tXuHzA2adWqJ~!Gq`PnSf5DIJyzvGKPa~YY%;OYD^
zf$b#ptAWxvVtb4L6O@cD8`L$w8nc!CoLV}M49rSvvGTLU!f>Dw-!(>+n7>1qcic>C
z+#2LaA`2eMaJK!nis7RP?0i!hgZkhdon3zJ=}`C<$z(j#w_vYm%|UF|(8VyxfBj6s
z)pn>QKF6T#HC)TDQ2Vsw*yC+U@eC;k-sVnNc@m4zSU<bIna>^YYo9xE1wR-~C7f_>
zj>Lr!XzBGk!Ri}2p+x4nCIrp9cVJSO{&jEGf1dW#)sLlQ<WK>E^MF}jn}X2rY0|d6
zx9}rlK1ZpNa(RVVos{D6jx}MO-3HE*6oqZ^Wc9*VRZ3irZH9&WM(qZST3UPJia#iK
zl^lA-A1&1uSi?_cYDlpi^cz*-m+QV%DP?!;KtmvmU$n=R;E5r$qbA?#4&0J8QcM0Z
zqMl*LH#sMLq~0~7{{`83-_tjy$Ll7iHuw6HrcZyZ_T4xl#MO<FB^f@=2<@<|)|xI&
z;r1Reqd7Z~WUq$~Y>&xkkCiG<t*ppX3P<khJ0>^sAGdH{$HR<Km5Hfx@n1RnByOvE
z=d%8k-P^RL7tYnR*~{6?@aTuPe3oX4+sTGrQ9Hk!#s?r#T=-P>@#WQIM@86T-jtp#
zx^Z)Kr^M)KoSV;Wp{=T}nV>H%gNsvlJl?vUW6AOw_lwie)6&iedOy%!Uv{T$w@H1o
z%f6cHj7qJ4&S_*j!iIm1G4WbT<KjILxgY)Qjaon&Rg0an;3h0iJ)##F^hg!ums+>+
zRA!rx%V~HoH?5jkI!(tIAhOY}l3hvSEU0uZIT0m^p1N4^VR|xBZB(aihf?DtB@)Gb
z4&RzwZTWet8L6{uh%Hv87FP?hG{!yO*oJg4F1w@|RoC9vU~$8Tk=ECCopah_g3nU8
z&JBoYiO(Zg_@-GprW#Lv?Vl5%Aijn_z4vc`E%*btq`0~ac3VtOMlhXff7mczsnz+Q
zFP7!04Wz2usOc5RnE0Si?c=UoDK)0PeKiEJyk%0>(yGu=?xjWs-uHl75yoNL^i5vn
z^xug0@vXGeaVVGbWJhYDWf8$gSVDbi!&-iiw*o(YfcAB@Y~VHPnINzG!I$M%WcSLy
zhx&j%eRH-T;n;&JGOu1zww>2lmr37kcDB7OGSq+3K+;sL*pK%0eYWI=+DTuyji2+|
zqLs`7dWq!{jL}8Y^;|89YAQ=pEthYi!gEb&AK##xs@EeeNDB+BAEH+i;#kM0{l@V#
ze5fZX&yX~-bedN~6BfNBij}C}kzN;SMeq`~V5`yG`Kbj9VSe7ioO8x0@{x}Pu*&gu
zxD(4b;XYTbjXM{<e{&xeus^BzbC$jw#lNF!&CF2%d9~98>RWXW@`60b&EYOsY*cXI
zS$TRhbA?P_ukevp9D`?y%e;Qup2gcO&wN#x>Z6kqV;5eq!Q?(Zx&WGrzDZChKXDR*
zrwD&~Tlbi7AFC-@v@LQfZYU+836kb<`8N{oA6ebCqhw(C6wmT#VJbed*9S!8*&QvX
zZ~v|zDQ2yQdD8YH+p*&e*cnL&CHA(V6$jZR8Yjix?+0(wZ$xw~!G<LkKBzEZ<eM21
zFlOX)jl<u*t?*B(lJ<aQQ4$%SR^mL8Qn;S9g>()ix`KDEdS$oeb{qupSz0y3<GfCC
zvi{R2$a*A8m5gh<j#8|n<Fn;X_dRFky|kKK_!hzbGHGveZPRUftvF#=ToSD+ak{ay
zGucvIvJI{;GiAjLtXfT95QiPp1N%B1g*YKb)d=OLri8G_sWyVzYJn@`C-;a8mX%Ki
zvAFYXi>9pY*)}YW6IYq`7L>vt+Y?4<mY>EQ?dLsvF7O63#(d}8X~#ug&z04V<gJxF
z8mHA^a`CB(u9V2F50p@Fb+~s_&U^p8hhkf%vqGSa*9Pa1wak4Cn_Wo{d*kskF{{?2
zrecMwN=ziVVbTaYHHIHFCX&;W)Kf9(xopM?s!^Iw;yM>&Tvo!%l2GVaknrrG<?^W;
zmYQ%EYCnJL86WC$ZD;?mixR>f(0MOA!=yP&&pm86Bn7_UIG+2!@P4D)dXrcKw1p>J
zYK%MxGVRwi*Yc)1=Ig3JQ&PVH>RM#iwcH|>xs0XpJ~r)!kl-Zw4pYz;Pnq1mfhv8K
z_8=2RW;j)3C29qC(TEfk^~3E#mzr`1G-vd3?&f$sudE-8902m=+}6YI@O?hf%{FZ?
zAc1XZ-jEr28shp{XxR3GVeWHAzNPmDL7Rd8wWU}5Edyyu{}w1v7!Pp#EoFw4S>wvu
z1kgZQ@qkAXmb4dA+WYa7NhJ|@$z_<HByVCfc3?uwqGnKG#l-eRguP-K1jDUvZ%eZ8
z@giCEzF4>?)6_rY)t`&wxpfTqQ=SNM?MB<Z`LIrxeYE^5i0I*(t8Nmm@3`tMD#gxo
zaZx1UE&TEG(iDDh7%VB#=k6@tI9WEBvT04V#H~a!3gQnHlYQeM`Sgx*^0_YbV!r2+
zP!L~*fckhzQ=vJ*B+2LK73yXYjCv$;@Z&ONlK|*JBm%C93fwAx>ijc}s>7k<J4#Mo
zv{p=N0MV@x#|NHQY_`a!(E0A}5r)nonRa0fkY;A=*)RqWsqv}h8dIktC_8A?q|dPJ
zq!hXaym&IpVr4BfR2>SbG4ESVo6-vgg<_|Fo*SQ@LK)E%1*r9hNbwSo_h;$eG<N4I
z&35XiK0Y?YFn{-*Z2-@;KRI~t+<pwtjO$oy7b<=?8O!@x-5DPXp-0~OVA()niihh+
z8keE!n{Y{e6hx7oW&tk%Zu#Nm-$nGo*oSR_vwImqj~z;sWG$2V<sGoB3w4MprP=;Y
z!rq%>!iwu;vz0c_WJ9)J8b1^Vxxr0V>lxgWY>vws2*5(BxaV-9LSu`P628If0nv;1
zQ-7@b&uL9eS5+?_V^flGLt`>OM8WMYaf}S}ff(b>t}<S*OOn#pVnHOo@2iggvA)vE
z#!6NV?|@+8;`c#~j06@OkAM?H?ex<9WsO0}M)k2{%Oa@OlQVQ0OZX(TUomqG4JvL?
z)Qk*_y8WS)slNeL%S!iN*C4|i!s;wKXJf8Cjh+orowLjzo>J`-UhsHhilEEkmO|cw
zUu}1<z8Yq4JO@o0sgPtXdT=r|D|=}7=98v#;K?l%kRMkmNp@yqTa|6(i2j!-2~Z7w
z)LTEp2N$R%C+z3^53B+7<i%5f%lL^8I=q2MZJaDO)2J!oIO{RQtCvbq)Su9;<$OBl
z;qpZoQqVVb!@-NrMv*<qJ&<*G<Bg{<cF1Qcu;#mg7b>seL5<kZBHw%-&$`eL5j`F$
z%ir)^RY|6O5tH6_dAV%jXVr3IGTkuyRIHCO-7L*P&;%Mlv^`(0E2(>ex57;<^SuV!
zrFF}oV_(76D#3m)`%X>Gh12hJeUxpgxF|A|P9MH&9=f}PMUE|M$l)`bEUb^KDtjb`
zHY&2&-Is<X9rJ!OJ?43zuB%1A)1{iGb8YQbSx!rhdk;r?U#iAHW#gUx`m&!)rkbVM
zNoQFhM_SLvEN@FpdFsPTV%oH0l6=J1D3bP|Zi85^^pZmC4eOrC7y3axh`3n>$Hr$&
zdh9K;?@%TyB<#xjUVKSQWx_OaOedeEW%N!3kDhXS!MK>wBvxo^+7wcvuaWU`no=VN
z)Fwm|CFc+x!R5xz>g-znLsBjEZ0Jh0A~(+{IaaTq9IE$&=lZ{au%Qo}$BCR*KU8U?
z3N&=1x$^7V>QH0IqXhsvrDb=eJ~J3t=9T7J=I+9-WxDRLeZw}CYIG&0=GJgf{Uyg>
zyW3QzFZ7M&?P}Zfdg=U68wBuC1NG<T<Y%6LiidbF*vu(nl-#Sp7_<f(ti-7$f&-f=
zx1im+swL&9yR#o3YR+dz-RgrXTK4M5p(navNPA&;?IW5863cbcnER9$d{2y_D>FI=
zrLQE<qQ^p{jp?Ow*GJ`SEQVj%Rm<@cl45+Sl&1ahXN1=g(te~-N404k7SUy;jb}xU
zxU+c;H$5KMrVm0!r93MA&dgA|J<z~OLQX^ig_j?M^yq~jvg^x5y<rP?#Zvm4TpoCr
zlL^;}%&|FzIf~$FZnfNL{^vt4%Z`CtG&b`cg8J#L4BI*iV_Cc)kS}@bl#yETjZGgq
zJKN^Y>G@j6c^ewbX<y@x1j85@f+{cks-X5U;`To6ccg2#=$pT6j=e_OmN~9vxryN(
zQT(R8y68l6tA~a$G<2*FEW=tVuG^+%N(P=pE7!t-(mqO2Vf~8Sw=V7WM??}p_Pwil
zpX2I<E(35hT&rC(tRGk-<2mB;{vUx$@a9Jv81kLBZpvL`CRzBbp~#b*4?$Zj-Diba
zH^nzbu|R)eug9E|t;A*!K&1g|%VNJ3Yufv{&a+nK&g=HD)wwUkwn6sG7(1zy`b)aE
z4K_h?nZ4_?xlMGCluuu(lkTB^oB;=`h;gK7uD!z&pPX28=*yKO)`^e0Sv%*fpQ6!V
z(MuANN;i#&ryg}%-rN*h3g(VR%j|9wboxY>#e$oIxR3nguTg$s^vGizN&>MzanzcE
zuGADbK@fSJVJKlxv*Kw<RD)hz%}>3!A>bD)pDb$ZT;sPt#!cK|sxbIU${6H4+b#HL
zZDg9yh8n|pJ2<T5&W<qw^&{`?KXw3wIj2+SG4)TRqKQd)!B$i!ES3sP=Dan6(=ybp
zv=i<!1fT4<Ow*sHVN8;l4cRIphpO5{H-a|y!9E2rs=2UW%1A+9d8{4gruux*&>{+Z
z9Qu`wpNh8d8O87Vc$@3vaTs#gZLX7B@Ycr6gzLJJ(7<Q&n8n?NeF+P<ksMJ#V=Kj#
z(d$J0x%h_gLt~A8iL1?PuGAS<Xc#h14dlbMWrg9*_wVNNbSl{rwT<sM5RcOA)X4WO
zRh^e<%3SWip|%`~Ipbj;ABlYAH;80G<dEgau@_HGQ9XN|F;URB^N=&R+bILjbJx-b
zO<o{e9VR|ak>a7Poz8kvp}?k^b*sm1MP*PU-hc(#`f8AeCqeA^Wxb>4gO}yz;=VZ>
zum_3AY#<gZTAWKoWn>ju8Toq^VSIeOpEH{r*RuA;BfZ^}8T=ZlW=7`bB`i}jN9O7V
z+unF@DS{o&MT}dZDIu0sDemo=yJ~qfzpb*5$c6{D2eWt^7VSb(oseyS(3$3(a^`LN
z!`Xgt``#N*7*NALcllJ}V~6?tvM}xI7612B%AFhU-1XS=BRie2Lo@JiY75`N*r9t`
zEdNS5(yyhl$G`<FNaU8xno_ygwlv$hzC`5<8aNyS^c840HUqttEEPIA9_z_2@a?>7
z1n{y&xcMlo3$EGkg~|L8SM=dMr3420A=%wwG@-ksoqOS@Shn~`n>ERl{me*@8E=UV
zis2LyV=7R*5X>$z6#l`MAe6x1*=g6xb9TeZP4S5Fo?my*CdmCn{D&Nm&%Gxe)cPm(
z(0b^8arv}%r+Hz9*Jy7N>!O(yn61W0tWX!HwNjg=8p8+B7nDzP_6ZZ+tW;SIQH8Za
znW<4&a;QUwo@I$)f<-DL^-cPUE+J&d^!8EGeQd>r&PWYClWxjv77>XjUrOf){swJ`
zy`}X=I>H)U2{IPDkYyFLdFM41<me&8vrz0iy(vpCN_Tvgk{sGz9PBh8CAcEOnJQc0
zZU}}UkHG+6XAE!OUTN3}GwgxmGG7BOuGAUz;kW5K-LON?D=*P4z1Mlh$Vd6Q=$|Yu
zO-4p{j#!2^gUxMqp%$Zzip=NYCjzXg&6F-WuO5iDKV{ll-@P1&@81FHF{{@-wU)!2
z%Py&N$G60Ct>40BUYLyVT#vJEdmkA@$xO!}(!DwIY<4eOLQTQJrCL;9e^e#BNYt=A
zYtY}d_!u|_?D1I__4Z5}#`oq~yzMYwX2r7*J!Xo&3FMaFv0JKEo<Rf8hH0<9jY&@_
zDU|(TN!z*GHoLsqF}r3QObni)yjr|VIUp#fygb#zHurq;<+4Z$+$p}c=Nhzhn3+y*
zQg}HE+c~{Z4q=C{lY#03wL;*oX>oE-u%0^;T1Y`7h{*Pr+B-k8Zfx8H?Mw-wXMZ$L
zN=lgd#170SogR+RO%M7WIngENzFs$deaQ~Ogb!3I5(NosgQjpZ>8u?%`7uI^9<oSA
zAGvmUSN2aaQRTg#5!%Nu1czB9eFx2T#BbM?SZS}6y^|_TjpZx(aYuE^iJ6mzGpx)x
zu!gPa%lGgR`ui95>E{PK5fZ3TMDIOGU(WXz`7wi$!Os$-kh{;987Fy<cHPN#Gkf>W
zXYam5TL<xoY01e??p~EErY{Lx1w)MrE2HeC?S<#|3?iw7)#{@&G-6y|sSWtVCY-N3
z*-)GAFovvd3-0_5NMzjZjvaZyg_E;@WUB_(Vd%wD=(l^Wr5Kc0=`B1>U(LCkk>>K6
zZ?0L{Fis@nn7CnEZ0TI5D0|oKJ6EjUMt@y_=wlpFs5$ov_?ywRe$oz5eqE*t5WIwG
z2~aI>x6CyU-I?0>s<SHWC}kZa<TR7sfPXnSO26@z;ZC|KDKeQm-zZl?_nn63F8BQO
z)=@}G)DKTL%Q43-fh#jlaIA5PuZESW2fG~5ONLROSqxO-q2mska?~?jq|{Dz0gnuQ
z@NeDUwYo?}Y7If>(0{ryo>eW_;9OwG=D3rlzIC>a^Hj$Brl37cuI-arzT42!q^5!$
zrJdC@&Q7kSZ<3y3cq(%95gvUJtOpt^-3dRVvTnrM-n2@pXq+Lf$%cwqm{JKorpeOV
zSsx40)*L!MwJ~$Xv2ZP$|75JUNmZlkLcI8GlUdJ3?q0z`4(v=Y_iF#_x^5;}4ivJM
zcrBs(y+yvA?PDfx-X|pg`Ia}GG!tcW<C&h*^q#wMz4_}y>0;)lRk%EeW=b$FDNPTK
zlE~ype}S+M>dP|lj?QT)Q7~ypwe+^dUbDoeTn8D4YCXC6l-KLulJeBmL52g_Vu~x<
z%K{G35F3|LTgIO4$W_48_A9HK4R3)3ld?Lx(_Gb3&0ahXMm97X)EgdjzM9?V%fXv(
zOjQEB=;D?X#6#W9_vNN&*TBvE1!Ei?pg|e|{<#i5oBX@Pl3qG4K#xi9`f|@#n7K%o
zfPO+s#Y)PFZ7M<a0=$a(KgR@>GH;i3MkZS-KKVxBh@qiWtTI*;88l*^T|T*N7MIgk
z`rsBVu7kiZ-}2oKa;dv=RdkjSB);|b?fP6*&?AEh{B!CITOY0q?j`+CLt`BD_gfRz
z*YEY`oKt+2D0nH}c2?`QVGTH_Q?!Gt(>UX2|3U{fCXZ?W3Rx1p5?x>G#zLY`G+;rs
zze3INDi31I`5KpMAdpD+8c^xC85P|OjR6)$N=X?j=OX^+zL#9@_eR-th}?}x^Z8j8
zG}BZkC-S{pqKr$~Qvs)V$6XJ!_}aNJ^0}`;kb{uFvz|dluOIxj);I2#C!*gfRfGEq
zBP<^dY}`$8A)%@M05vRv4`}fCO3Zj=sY?)Uaxunh7@wZ*W_3iKB7SZZre-4nM5McL
zU*4nL^`RZM9cltTj7~@Vu6M3792dBPNhe_6ycf(SLf{fcpV(KVK$d|ARVRAvQ$x=?
z57%a#>hd>MNMT5G7)uJu4l*yIkzTah>EO8)+=yctVlVJ?Nk&z=zb*Mr(JSJv!R+?f
zM#96p-PK2T9+BOESG;k2u03#k6Xz<7Q`H4cD{V?4w4I+rg6tZvY}(JS(QFM4O`_mR
zxV2KR9NkztBY#J|gv72R{@tDA&<=-6WdbB`cDYy3NqxrtlT_Dj!(^$`jT=8DcOJG?
zm;y<YxLfTvp6|SA6?3Lha70p(KG8m+sr76PPLVf+;dws+-tExu;gkT+n`p}5c3d6R
zXaBgOxGmkf8)RRwjM_~2^0QDppP-Y*4_aGkPpy{YlCgT{)@EHw@mcR8)o1ks9vVP9
z_fD)isUjJ><||UT-=BlQyDDz>VeXMMD^sQ%8*z#%<NTl{z3oAD{XTBJ+Byl`>h6fT
z=T`5;Fg{SBH?Hk0s!)cxR{Wo`27vKx&i(G(4s?#fP_I}6-B5$>er?gt{unJsOry|R
zr^=RJCxam!-lwj4?3c1{t`FM+t<cW>R_N>1P&<*L6Ak}JwfbaqXNWIoA2?VaoLrK7
z>^hz%O;RP@*Z;$bcj;>4F>U3kd=3&~X$ec*+`&_AO*6$P-J;2?#xWJCz9~4qr00%o
z#`Y7F!H_4};?X&=ed6FNlICetoPAyyvZQkny=Z*2z)&<wLV{&-1SRKa9rVFNB|Q||
z>9(yg-I$WCk1oreJMr15xUp-77u*?3;Y6V8wdb2kIz3(Nl*L7W?}{v$B)fXRUDXlV
z!cF-CoqEGL-M1=pb2>XZM3n?HO>>qB#j(${>92?!?qF)~+eo}5dF`8>hC1VE4fgpg
zkJX8OwiQXW(?IfLi#rgq`Gwp9!huTum_cBT(2@2PJn&cF2iD)kQ@ja4XBH<O@0ak(
z!KYsl{-GlO()^Et0Jc3!vI;qV0b{P+Hx;>vjUZU&pZF7LN68V_r3bP1@%!>=+c4QP
zp+jxfU)Q^#1k}Q<H+5g!C5HmP_6ZPt@=R9gv+w>%*hgR~0Ha-ea?qMy!5n$|PsioY
z4Lzd1Y8xu}<FfX77&3y84V=4`cDd|7`ozJd;yHn|f2aN6pe6W@XdY?}{i@5QTLF>r
zM$i|T%MS)qOdK--<ycoUr-lBI>zy}ycLc_8PU!!b<WGJ5|FB8C%v0sSX!^r0bbz|8
zR{@VcTPNy4Nd^`rx~en%^%Dzuz_|oBt}C4XertAR0`lLSE<JF%pO1?AKfXK2?k^sk
z@%Q;lUcPEO+_LFKk+_i@!`z3nIDF~{5Bty;=oSfH9be!)MI5mmS8@F7C#q`qy-RH1
z*4;~$`E5x^?f>*q^Yeg@o)}@21j<&%xjPvj{*9x3|Jwj0x*)l665HFKkxp(7pv*%O
z#xG-EJqvtA>#OLRRNy)_F>-{ze}d)oezba2lB;Y3;R=QPXQX|;3q%_INBfOS<j|Lx
z<utLsVsX$I2xjJ(`N*s9414IN#&#?TQ=eKAiq^iqm`yjxs+djGT)zC5(f4ob6A<3)
zoPoTB=gGjl`IdD4mI+J>=-+wrAnvLz)VU0%{Fzos{ynWSDk_9)e*Eip#|1Jt^%K{m
zxSaY=cz;lRv`SBN5fkuoi1)8M1k6-_0eE)C+OY^##~JEbDOH-A?DK(l9A_7gjXF23
z+>8byw^#xhQwySsjM=%DefU1Ex{|?96QegCWJZ=JXpa`y>4c^hI}<<iOU+#{)pgU{
zJg~eU3ZW*nHMKnaiK266BlQCP;s_twJPbYrISV4b{`mBd-~T?8V&G6dO~Y-?!$~W|
zM6lre`z}_J^BydAXTB&+uD8p2Qs@34yMC*=<hfy6^AqC^e?SZ9Nkd^ca;UO*qV_pd
z=hO)uaiee62v2>;J@79_T;wbG68Vl`L%fI%s8YJa(s4*jKLD+dJiwvVf3mtK8lFr~
zYS#>JcQ!*pdzL1crtD-r#gm~7Fl2i-M4>*g#zf)qlXHiC_F;;&EE)KufnkP`jW@Mb
zE!=I*v_@#A71|oW+Jk|Vr-X~5`yGDGSDdIY8vf-N^Y_&XiR4gr;CxJL#13EYz#aDU
z4jd5>rjg3~{&L2~@F2f+iP>hmu7lD#RR-5Ua`$Ox3*fi$v}oKfm|BwzxD=c3NdbVa
zfaPgG+_x<Cdw2K=r9tEZ=P{eI)3F8_bk&?z<GWU$uzGGOnG_m2OYH*q?0n6FmL)^w
z79o9|(!x~JmV@X6^=s4wdEKG;Ph)xP8w+f$9>B3~Hp7baMfZ-FZ|*>%v(eLa!}HS}
z12e$%K{$MLET(q;Nrk0-$z=-SX9Y3)aU(`P`?YAg!``pT@iC+d|Nb#AVMaP$c1(7!
zzmCDPt>f4<{)~wD44o|`5SivqDVD5UmGt7k$s1kzaQ_##g{plt`dg|Iory7Nnnrz5
zgRM3-Mr9anPVW5#&N2#WZpRI@t?cyWf7hSC+_37@i>tP3mJp2gCBzV9@zy*co^P%q
ztquF;v`{ut#}sdCUj!e*mP<%9{PrvqJ#=L_J@*hRK6pCV2mm9GD$I@Lv--*nb_};~
z<XX09fDv-CtM5f;s<_AA+syYEdLV@W%De8|^neNNF0Tpv4+=|78h}Y?I-U&wD|6qV
z0B(#`W7b1kCWko>X$!R}2Mx22#u-&+cNH7>8Wfx)Yftf)XRcJ5j2n<$I>7J1b=M(T
zsaVSC!{NJ+B@ZhA2p&NSr+n)P9(b}RLn14^tS{6~4&D03I2LQ}h6^e(n|thi9{o5&
z3%I8O+pz{yM!scF>9dEgbaj)Aj)M5Gpy!Jf{9S{^eO~(ZHbvv*?{?OrLs?>K4W@ye
zLYuCQ@A7w7e%+4qqHPk(<2R0nBX>XgZWsc1x}?OQ@v~lno>T`3e<~i=D_82xuO7l`
z9RgCJr9o)hVzG@rZE5yG#vEi|d{slpeLDY!kPnH7!x#JbQQD6Tobn-+TaZ*OH6fE(
zVvS=VskC&IR#|?{b~alh^hFn$?@j)WK(e3zqjfUAwVf0kuI?=0!z|BGPzxn^yYNkB
zw61dLYz8dh*Nn%`!H}})!mb?Hp@=J`Dm`lDvYx#{@Q`DF<&*u!n&M!}7xnLttqGU?
z6O>|QorDH*(syL1D{j{#pB*tBS-mebpVE~Mjj2)HY`X=n@-jCqvwQ>K)c-#8tODlb
zWVLIF_MQnRRwq6ilh)08N;Prp+t+QW3m<;JIBW|@!FKv8?1zE>h4R&7Kx<NC_CUZd
zZTT(W-)rmE^eof={@$rutq-C9OTm{@c0y9|RT7Vol4BN8bY$Q~^{4)SC0an7UOEmC
zy@C8iHs+R3sRkXyAAZ4CZQF8H?AM+#eyCEiN3neP-Cq0^6EoDnyd-vK#tdXM8&SNc
zA(5!ZRhZQrA5?qH66BaPAIb2nG9NT`@pKuRE%pE2QK-4|G}&@0QE~&QW@smj^)wKh
zHsOBRcg{Z*w<JDL;yWev@<)NCJS{EH)AKj?`rYT1CS3*eMfQy%;Cc3?*I~4Mh?3qq
z2Cg0G%&zRF!xT4FrahTgq&wf1*i&wkws)FDHcdhNws6DoICzUV!LjO-c>D1G-bam}
z0I3e}{S>0%m?5FU?U_@s)YAi!FJ%!Gvh<-Ku5j3fW}u7!$qS>duN(Gnk7HljfM3|3
zAMJAL6SIlju|_m{=96|45^5ibk{_s?3?!t`FO_pdHjZJZT~9mg-G4oT{f1=M_0otB
zX8k#a9rmeNIx*=$oAvW9Q>)>92<B0xYe`d`V%y~9agV<ug$lNE5_+APlOX%vl$d>Y
zGeoKH%Y-Y9HzTG^3&1H0!tBm<=Z7`ozacmB40!8*@PJLW4vU5_CR}_VQ2*1M*f%{=
zLQd=!z^{GWW48^}8L+w;V~4StI6ifdYybJEzYILRtcK1GkbyEB5HC~4f*7)lBG*3t
zmUC)~Tfn6_q?in=dyg7XOz!h=s-e%#gW&LE*m2>?x_`in{(Jy{1aJtOo{5W(=hPNi
zZ611(%$9=Pr+?0kr>$)m=0j(l@TBW{Kgvic7BAL2hG@+7uG@yn&YX#PXNNgcZLf3q
zWFMwWp8&8#Vy;%6&{mfC^{9?eVQ#F1YEk{~<QT5Hrkb}EG#sM3X!W0=A+R4BYM|;b
z%3&5W(b-(-<GI>Ei@09PIny+_9SVH!|K2PBUSKU`MkUKJFEb&LCsVT>i?WnrA;B0G
zYSi4U0kXs7*Qqprx6hC@^z_oR;F$eGvDVacR1DD{Xb(sJfsXbM%o_f*%huiS7D^&|
zdANVGV=6IQ{MIX!HV(g#*|q}=l9qgLbCARiwUXn_|AKq9ecnf|tLOd`0}M>R>4|gJ
ztZ;Lfzvvd1e*8E66#I*Q22c<${g3n$68`dwe63`TDq)~P1)r{F(K$-C+UUbClBq-v
zMG(;1?ze|+wR?rs&m3k9pKg3ytWx^a6SDGr`{IK|1@Zf|b-M)?j`b7Gy6#3_0E)>E
zB0fl8_^%`z_5!HGA4R-q;PJ0gYM9aDr|P^X9sxN_lwPp{MRv&Bt=}1fQ2x(&#Gmhn
z2~q-AVRfR4eOIMK<wUP>ND<$6#q&V@^uFr<C*{jz3qI?=JfHLtm>>XnkB+^hiUYdV
zRL;yAhX#xQ3wZDVHcVRHIXD`L68L{3cbowDqq%hBkQ&hD8EQ<LI*d%OUIhc8<Kj?p
z5bOV^hW&rPhW-Dj6YTd`HEJbWc3CxGe0AcikM-TRr8i@i1^U^3QFpq^c!Vl!r}eD@
z4hAl!lDtl{tAnsFwbW<5e6EshXNzre#$z%;4&NjkByv-~G}>Y$;9}PDSZ%VYLbAbL
z@XCs3&>cClQi6xqlao^52qw!FLZ@kF=XcsPeIG}~L5G>Yll4eGK)QJ*E7~-~7F6Ci
zXmU)tgfErsK9N{z!nuqB19xSo(~b<=hIC5%80!JO`=!M{HAR)wKK825wb{S#Z!Wv_
zJnz3$#=mMxIBJ?5KAz5R6tX7uj@PbTO2IPa8!E>}srzO6zytT-PZrcY=2`>&=0wO>
z;iO8AZ0m2F>rrm&O7Z>NwerJSNFSwV>2AJZRS9R?$GEdSZOde(%qfFhf?6$2xCOW8
zKRKto{ptG8^2@KF9mxfr>V=a*43~V-WVe<=!PaYi=x+isCGm(bhcB7_F44nOpasxP
zojWG+isT%|x5&VBN#oz{9>oq_zjYk=kZ?J~Enh`SL&(6t>u?vs51oM&WZ@k*f469r
z0p;}Gu><xFFX3i;!`AuG#3aRInt{y_S%oWDD@I(xXutTdSM2Gbc^s<9AeSGRn8fX*
z#JZ=P-=9uF^hjniE=}vATyiPX+%DD`raaZ>vXJ|iM&`i<6y9`9hMC92i!A0WN%?FR
zg<XmFs4;ZYOqleo;8iZSP3n31=w3Ot$}5Px=Cd${d6ba?f*ff5zk)FG`S^klp_vQi
zemVKOgnt&(<Iu8{UNnK2V^Y_sP(ahpwU-R0Bxd>{Y{pj>vpl%K8wc7+%973_g>J~z
z>@FNR`df4sCk&ah+xA+=39fA*CSPOoXw2#s-ew2o4MIQF{T@|PZp?gawRzeJ9=cZ~
zI46L%I(r?_+)@C(p*gQk4*d}kEDSm>y1b~^ky0s{ZP^sz#1oxWUFp!#)E;XSr#V2L
z+FziHA2@W|0JU$p1Tgt+FNuX8*U!2a2}AF$o`5RPv~-Cg?;CnBsJj%51x=*(ywgXl
zeMK#7S=zMz)OD-nl_GEhmA+2Y67@x(0<gop=DXtbCx0xU_o+4qUTK%LQOPSdVn9l!
z)4|EHdU4%x+QzA;trwvU?RVX#8Z8x0wfwC?=yxjpXl%nV?1T}x>yNW|JSs7Z)}NpR
zl{R526$Z(xpM9`@uyhRUzxp6^&h4g)j}VJzstT>Rsd!ck1W8>CM-O9|%dj`>Tn?vs
zfJBo6DyHDxJ=>Ge6Z-9s(I>{uJFbi0Rx=z-dEP*Iw&%)5#{2ei>C$<Iw6bT8Tn2`p
z@7kQae}|6IpA|66wC}}FH>*VSYN7z4-|8FlAJbKw->-01Mbfw5Q?53K9p!JH=W#c1
z4%glTUi&C+oZ&ZG^r4%B!2OH3^mR69K~f@94TUXnYTjOpmdkB!Qd(|bT@{}stPBny
zt<{pzNf6G>jCQ@yN)S3XN={HT=PMFN;=tiRW0;9Zd(;}cJAZxHX2(5yl>f2RGc#hF
z{F95?t;bcy1NdqYqihLuP~0wq*DWT&wxJS3p%i>*YLrv4mK)E!j!lonROt<o;lP4k
zTl<*}{*>$vE6|)6ayh)5!+Mw2-T+-Gg#55fFC^iD6KbTNk27h&C*`pB^wREiw-;2o
z8=5vy+2hK`u8fCiGL2su_FewmvWz!K@y@`5G7&o;Q{NR>tnRd|nWt8!%#WRQ&WNv>
zW>H-a8M|(4aL%gL`7v>#Y?$LOnmXtXFavxgIags>RyT`dYnJ$l3};$uxSeM@UffnK
z)3H+bGoAm;a??RoaAH_E^_*FUZ%zXpRo<G*nk0y-Q(|Yo%0qa2zObZd?7A{+ySjdU
z*j7an094o^MtD{Ccq=m|{kJqTsNxXrTCp;l*Aywa@Iw_OGY5uwLX@ID*Y7kbmd5>J
zA|x^{kP+NVs;HCab}(<rx;LiCFOoLwVVmAH1b*+va##Gq+C;KTu-nTxZa43B(x=Kt
zZ^lC8V{;xH1GAf{wM#PIvy1E<1Vu@KjaWh1?Vvf|#E2wo`nJY<)O=idWXh{$7ta!T
z=q!C6&V^LFm~e0czifNI!ay@mvElVdd9fAck)DM)&gS2=Wdz`{3z-Y%OkD8v(_bwQ
z?PBZ~q#nEgh8^#-Ap?JhT%P1jF>9*A*Ly<Zz+|L{G5L!v0aJY)D24hT<3fe)XGAat
z)Uw2s?#@-)>_<)4VaOE`)1N$Z{H)lapDRE<vU`G~B>~_z{Z;<o@(6ZN$d3(!+r3*V
zUOfOrNTtD)$ALd!tL(Pu8Y*I7@#1Ct&g8l0YmZhbf0YL7t3Rn6Uw0s%V4s6P^0d_I
z-HY!ikWuIT#nrzw;4IWeD93Qx5QuBBs+d)Z1|6dZ`6rDC*Bd3wg6K+-9G7vOyqedR
zI0tS8cI2{1+m|S9;|whV=(Iv2j6n^Czx7Bi%MJvh#@}sA@%O0?lOU)X=1dysjobC)
zy2Lolo=YC~<_C2~b-&1hze+TXqc|HI^{O>Gy;Ud@uI;Y)YGN=B=c<oxdO#8xxAiJ1
zPiz{R8Qu<@3#GwUEZi~wo}<X5k6yx<VnoY!DS)rJ&n37gvZCzDFO{83K<VqKXj(H{
z6O>IFlm;P*Oc=Wk?OLm-7J1e&ITi_dHi9MD4rBS7^*=BH{Oc79KyyFGcQVjm>?C^1
z?QLc&_EM^bKU*|_Gxxqq@P|(sx+EDeF_1<vQB0v_0M-6<7o8@u{`7I0PGC*<rNEju
zd=wz{S`odczHEO^hVkM<_d%>gUv}ecQeWj2dN*kPEF`7Gvq#a9^k%1VnL&(GcI`lp
zb1>v<0dIvWxj+{6=OkvXD&g5wZ&A~?Xt7(hvE9+dt<|u<YQ+~+ZnFO{1F_<I1~Y~S
z-mr9E@<e?aX210FPE$QmUCJ(;;xl<DOU@4A&X;umOuhBQ=@WPQ6~*TChk029hmh}m
zs^hoFz!z49uEpQyHfC|wfG`U=VsadYzYl>3GvK>yZG{X<r#QznjJ7LSRzL|U^Sh#u
z;AYD8&1qn5@J^O5m<cp4Y{W3WI%5m651}sM_Z4YmP5yB?=r)=`1}8Jj_;b@92ES;A
zc=Qk$wtBy(XU*(PP&O=I&nnS#v>EI=F1|M5L)e+AeQF-I7F88wnp?kYW%Wz#{YN^`
zNdZXAr4>uoW8g*}k*Q`~U>@(qSg|N-d@QTEj5<Zx+Rbd(TU@Qi;Eb1OBRN#_0_M?O
z({337DpO__V2o*E>t(QSfF0)5>0#T12H)d{j$>cp!QNqU^K+HVhYPYUAS8?u*;nQ-
z{mkIf&q)lAyE%}>zjv<BU7px{Azgc+;cTv9&t!%Cbtr`4)T^hp#p~Y9xI}?kA>SZ1
zlzUvKUNznNmdi0p!*XK?p}2!Dx&LYq_cPUbFXcChUM15*bQu0|mkD=v@=JG|N-3K4
zreFIe{!mz%{gKz|V(G`EwZUdUH|N&DfZ2SU9!|0IG-qfm?^#Zt=`C^Z&ZzThq{Kn-
zPEpIX`Q{$y-HTDHwcSPiafZn5S5Ow(C{YeZ3}?Hgzk*;{@7<k5g3MY{5jLyYITLF>
z+NJ3vPC;yM_#yl6vjes8LfnB}U43B4?btVNrc*~W$|@9n`%#qYW^-ZbV|&Xst=}81
z0O47+S!L)toqy)u`==3M?pAN@Fbf5tb%2Z+V3v35P>R4GD2VNyJ9RfRx7PIx)9y-$
zO?K@{Al6VcXo||HA$F^fcWjjd6SrKn5SMK<FVn7}yalRr4E?keg|Ed7LpqReBPk$R
zXB*RgQoX~Rq##b;uSE>Y#+fvI0R8Z&F;!|;6i@J^iuw0l06VRhFm%>rU>Mvj1$p$N
zYXTY!t!~eokyw74?9CsHrflqKYeZbDGcoqmO|6hK6`G*Qsy6~PD6faCAu*`2mS;)5
zCwqTV5(QD$7S}0HLbK=`E833d1PY@^pX$^U>}*)FN2?o?foB1oaoqT?PThtcpzcxf
zy&^vb2G)=JsKw0zDXGUgBXnThq8zkH39Ovz?-+`lPkWYv9dh}sPKgTU;cS)Ys1b?I
zRKtnT58Ltur^x_&9@2kitFL}6IFRk-@<-Amg^IoyMJo19{OXpL<Or?@?IMCdtDxjq
zi`VTVv=Ft_LC(yNN3ycUQ^k+`l+>ypzzu)SI`WP*O6hk=@@lw9TLWf2FQN^YTd>;T
zD1nZ72Epwh`Ea|GYJVX%PTOH8{U^`wsdd=L_T7rqx{sd1oXfNk^++;ION~_O7z<cG
z(If6UTC3w>ddvPM47s)4<#$-&+y%PHp+38h1#Ru2VEoiV@mK^B30Z!Y9u%ysK3@o^
zXg;V#u21_*<M%pG4BK9N=W-fYvQRT(`qyWqg(+X$v^7>~&lp+lT%G8pf!Pp5ME=!`
z^DDJM2b%H3h?R0LFr%?Ac+Z`#W$Nf!&UStAgkim-YqVJ~3)1#{`61^tzXCf4^_~ef
ztAyquZ9W<-7oFJ?&5e<C$Sp4B695s(*<YvM3j9g=@$*cGs+^)eU+%Q(yp?#u4}aQN
zGZSXH(K4Z-$nTZHCOgdrMnao(z*s3;NAC#;($2luSHbDgP-PzpFX*}Cuwq=HXK-PB
zdn(>3j7gIu4B0};mSrf3mQzwX!YJh5*sSQEyv*0U_{scBTp0}=hBMtD>FdO<6Vs3D
z|33P@B?mbGM#VWXD|-Tpl?0Y)OSvxOxX)e5p_7`s_*AR37iYViC_&XZ0L*F<@^-GT
zDb+Fns<Hn|NaGN5jS*ub;bdS<@$DJFiJm`v3j6nLJ|5ej_z@BNBYBS<*DU!Xc@LYh
zky7W6ffw)HR;govJY*f~<z@ig9+V_Xq~#_m(yu$uWkb4Y&ZL7M4kIWyT5bnA$~sG|
zxfFD3L=IJk7?9#r99P{+4J{l4%3Bc0rvC6`4l&a&YvYg;(K3*@7ssInp8#gm)crA&
z6m9ZeHmX)yNaWn(2MV-d>PR|=p7fdI=k|@#RyXrK@rIRcY0T9{sXx@W%e|a((++48
zXQ<)NH~&7)fh7HGf3RUtz)XD*68Db9^}a4Kb>1MpZ~bhT1f?nS&h8J@v+nE2D&}8w
zNfcZ%=c`%@tVb49z<J75j8##T0#xH)-xk%0L}z~$(JRaJJ=E!<J6{K+aEHv`e{}j)
z(<y>Kd%Cy(gs19W|1Z7J^ZO0Ar1^d+D5gf=rTq)3>*T=4v2DSZC#O{uXYol<S)B{s
z!q*}>*IwcV#+Dbpt^1(sqC6`=B=)73ok<l{N)z2JDGR~)8L4vmsGZsj-_o;oo_a>t
zoB`P1>08aR@k1h1hu2t3U)NjW1I3Eu!ZnTVNe`Su*}w6iLNw!KR1)B6tj7I(yY>Ze
zlZFRxxjGO6a{h(ETjLkA;XmCX2)p6zE`t62yH)I->)(PBJhlH$q}%)RfXB6@0XT#B
zP5xr*(aYoJgdH{Y_HI|hOv2+^ty#Bb)|>jl!0uF$lW@u`2Mn37lDhL?E|0m1pHnNF
zNUCKreL2feJ|P)lCz3QwPyN2|OMhuOz(F~_9d4A<|JoBT<k3y}DF7M{TAk8P+fh5&
z)nLBc``ezI7#ns5`=og)=cnL|T0A-D8tZFfGQx!Vo#=M4YqWaNg4=rWPo~n%yXFg_
zYrCiW!&CI>B!%7Tcg!-een!y(#MLyL2xezbcI1<$pDst^a}>pu&eyu(KCQky361T)
zhA+b!%x{-ZJC7}@?y+v5V8C8FWDM~h+fC{aPkTOf`zy|aDJm2D!hk9~YD<JePzo#s
z)nobK-H4zMJt99yK*fLzn~Wq{GTbLxwC!;?@HxL&IumA&)#Ww%$~r!m#t*}83kZzX
zBQjHn*5TYL9Y4A+!`?NF6-IYPsaIcCbND?BVE0%x&*aSs>pRTE4yDrZ{tJk{6sLKH
zslBg~?z%{*+xVh*7)w!DI|^8a(iu>UVCH8Z6`KB%>9Zf{SwN(dT?MKoecD6XcOCt~
zd__-NcZLm%(ypD2K5>VUz`XaqBfAgfT5Z$*^xiVA$U+t}s4LV_{7d@HmUJ`-=%3K7
zEw14cI2x?PoosnaI9OTW8Zt+*4pOVzil$aN^35t!c<3BQ;*eydhVqaD=siA^o$)yt
zH<A|d<Sq3B{$46iS~~i?HRsCfKHSENOpr(VSxkydZt&$;>mLpVLMh6%c(-Xnzk13y
z^1CPYTD>aAnp%S(E4V;Aas&NF(5mAHiRTbMJ2ovpDRy2=Q<%+HAt6JgO~rO8-8TmF
z4!E!~X#7kWjz=PU>qI2}T;{gQaY*${Wp%#YgM~7fMB*`^os85{7|Z|il2=^u$rxN8
zCL#1A+I`z(tgPAtXWIsGX1E`m{>2Gg9UnXnchfQ1HlSayFAc03Xc>2~mUqar+B925
zVuW3~Zdz}d1)ye)8jH=oOe&b}D9&!KnXfu3QcF;f{vM*@eFEft0kHz*lZDo5^^0Po
z+UwCmwSvQa#!l5S%R=+DV~_!&X(s~EPtK{&H&(+fen~SX(9vT#i9YvuD+t7PmcHbl
zGNt#XPwKmeULI%_$7s2E0}hkpEY>u}%wUP59mpy<n1gm?0=D2d7yj(?*Et=Wb{K+T
zCp&>*%jF>&T7Ew?$4QCiqD|^0)bj80foqPz6Z9zHUT7G``JI9AP>5l)$=9nb(@6u!
z#SDP-x0H&{Ga&ldbK}x$%+yYDbPO?C?gXByih>nf7+X|>bsG}JU3qTZJ_<M2lxE)$
z+qO|%PiQRNkYa5#bqct0D!}_KOqc;DSJI=78+kqxNzoQ)Hh?L?u7p$21l=|cI9mt`
zfH6#4$|zu+RPrb&T+211<emWK^4;&J|MYA2|8?~S080;A0^e})ZmtU8h1Pe@mj9kB
zdE=D%OVkT(CPlrmC#8+h-lvhg4harJ0n|gaKkzcZ?{7!}x-9c*CGbiWFP6eT>xVCV
z_mxU9l;i2W97tF#-L;8knfDz1sJjwPxU}HkvcYq)jd!kAEjQhjj4QRNyL$CdNc;?^
zZy!1pL&*$<Xv3{`14{(TT7ks)JSPA73oGdtG68~(a9(x~vu!r&5^Vu3E@AWt#_&S0
zp}?vKuwfW$JO89<>0K~x^VSDqLdw_I?;%kyf08RuDluqn%T7&uJ^v&+uA`RI(r6s5
z_dUDI2$JI3_S!hh8WMq+(m+)OiK4pN9Rn=AbG~DOzX~KE{S`$f0tT~08uRQs5LUtP
zpj4L%ZIJ#JG#1T9Cso<nbF$WQCA38)PDMwp@LtmHhg>CrFwSF#jjR)~uLG})gLT$d
zRPh^$Ltn-YhK%S%3pESe(Q|Hg!A^2a1`aAP*Uu|efp4s{rhu;bRM_Q}2s=z&Bk;bT
z)}$d|P2_Jm4SuQa$sl{zNT`O`nrnE*?plzAa*S#zA8nfRIv;%HRLn1+2es$bKfQe|
zq{f@yJ|-$oKusjhnz`uG;#2lcQ6dZ}{p_2SxW_j}OCL~2W+X+)Yv%D6IX^NgEphgV
z=MY;uw=!e(-J;eyB02bH#mv5nb*RPn&_x<R_8iJ81jg@J!4YBx%}<y@)e{g+=cWgZ
zj=dneFZ+FE^tg6k<Rc5=?}xS&03xAu5l~KV6ppYsl*rStXr#54z=VzMVoLXwepX-6
zdMWc7wu>0^uDT-ksKufhZ(t@0x(B>xCh|@AA%Wnt+Ep|#d|fD5ZU1Yaj=gK=QLn^x
zTVrNJLQzGod~2ip-9tZra1SpcfkT*?3bx8T3qx8>hY+)XS-IkFoAyHzH%#wfLeu@9
z3C-vw0&yZWI*R)5r#Ln83b+>I#OE`bA;605qHc3KFq3#U=8@W=o^ag-fLt;&jUFiS
zK%0ouaJHi57SMgYBv7OD121~?FDm*<dToENt3t9qh5iDjKBd2|ujDpWWT~ed{?Nos
zoyPt(CC2|;({q7lGErsCd~M-jdYHRC*<V@k2y6yWszYOTKJgX+<p8flNbf4J@Kr<#
z?m2|1AK&j!mAc{oPh0l?Zd+FJ?xk~A{&On$2pPqGTl_rEw3NhVJB)@V7ysp)((h^a
z=Yqcjr||5*89P69<0gR6cW=kd0;?>hOv?6$90F)KU*4a6PhzDYx>Wt$t@-7P5BJlh
z&ojy1n5v*AvFNcs0KM<iybtyVg5@q^7GD|t=Pd8lkMV$?lUI8bio+P<97XVl2bPYK
z>%85chyHNGcKB$`e~vOsU%d-BD}~Rdl`|Pwa@rR0*L2UR{PPFlF<Dflgzq#=Pr*LR
zH%~>27lNcD{%0f16;+)bwv{ZcGUq!SLHSSjuctqqQ>7FXaj8IS5p^58z<GLQrObS)
zm%r@89~tmpWIh<yM<kBL8E?~IfO1YsOPKfY69OANA2+M;lUz(2Y4^l3LmkTGUG=@w
zm^V!!#6BAsGTgY=a(n9L8b7ysxkWV216+0}{C{(Q7&|cPXf6<Qi)ux8(9cf9P_IMq
z;=gyWuSZ|~__<2yP=_#E(}57A<LF-LMv>`c)1iNBu4OK*{2d=x^H0uWCf7yi+&8&x
zsb5I45g5A@{41oSo5(eT4yKtuVd}da>jM6A58$iJDE23Ry5B1?_@gbJXh5-Z27T$p
z{uZ;8j&s?4>jR(5UTEe}nCxGb{5d0vLW|P>Z@BAbYsLZZoT8c`W)$blwq3Rlo$#We
zK~&+N&Q~cBytA}g8saeL0`w${g5|yV1&tFJ3{OCPB%TzOJ>6mF<DWl8d|(h(_Fo5*
zel1*>ztdUa$6xU$ZFuq;l&Up(UeJJ?q{g_utx^h;*BKC?iqwQE|0R2zx}g!T4J^6l
z@U-SS`wqMf$j~f@A*tO3of;wG<iT|Refv!=JUSNGiUnR|m%q_OK<HIn0#6oCiJU&{
zLI(k%287EpsUUsW78o<r+M}iVmIK7V2A{be0~HZKWLYQWzf0pAGFQ!E$h)+wZCTZ>
zh=MvQTs!T*>v0Ut2Ys?Dh?2set1|Q}PPf0cr63RbcpS;;0W|jpftjM`T4&r3;qk8#
zuvb93Vz>pz<~W~(UIfIyK0s!>)dOgSjeUYPGr{?$qYMa3iOaE7O2gt;W!x`f9$n!1
z{&#SjpEuLoZ`m~<c2qd<CC2e?&is$vCCwoy*Ke`K*h4*|4*aj4QQRfZtyd6<jS|gL
z`rR2%HK8nb%TB}!&qd5N+t66<AoSmkaq4RG{*<F&WiV2hih~eg)0rRcFXTG&Oy6FG
zRxQLP|9=tp)=^b%Yx}SwAR*FSl1g`{v~+g}NOv~~A|W9t-QBgwMR!PdE;^;V<9pDv
z_u20Aj^DrEc-COR(6OF5=iS$R%{i}uBd=7<0D?1Xvtfb;uwlv=%AWI&C69RPYYby;
zuno+v6X=h0S{}ZDBtcBh-N?$mj=#evPR?7f+WRJ{%3lh~&L#bl%(%in&{QJcQRmoj
z<g#R3c`c)j|9&G<@h5ne^Z6g&{OH}Z9wEZ(8YZAqBPX>)NiP+k8bb%Lb%jrp{v<$|
zRzDKjmNjh0YipbreUz5$6sy(~Cw!Ju;$Y7h8Wc*y_pmGYfz~7eIDe)}WH02)vkt_C
z;>k*yx$K0*<A0l+U>eLL!};wdAeN`**C9X#cejy*`cJz@k%)O@#siT0WM$PqA$8uJ
znUTLCbqKa;=B6~)546KK-9x_kdwTh*v7t3a2%DxubI1iY;>d6QuW*9|6u)Lq@~9Gl
zg%_o}2?w&Mn`?i(KfAnP7(J#-l+7mT3-R27n57J3X*GpVDk(fh1zo1!>2-lk4v}7Q
ze)Hy)%SR)4M~4COGnqMw!(riDep*CRmH6~<#U}sUmj0i_!&CxTa$zBvY1yS5c+(kI
zxK-PkX`1oB&Qtj9AWcIB#r{NX%@hBP+6u5hSaa}|KyqR14`ZfC_ePwKhRNB792C@7
zsh{&XNsRu~bs(S$B4R!QqTv*_-=W5(F@fVqbJn>2iH`&7O5ocMYdyG^qd~|&1vysA
zLHbY2PZem3j%B{%IxkD1+Ah)CMZi+!RH7jwEV16pqW3CQ(MPUm`B&Za*dH;?0(^s*
z5Jfq_nir`och&1!E(bg0;r*eA@}-Z0HYA=Y`j%%t@6hc!aA_CYGCMnO9FT~;hiiR}
zy^yEYeI7E)b7muOd)VIcj=p}kd_0wQZtyUbW}@K0wO;kJ+|F=4i__ag%R=(Ae{$b{
zsg$qw<Bk=-6d=cg8h?QS%p7)@i{g(#L=gDCfVMu*zl`Ll?9_SKhne+S6kLayB6Ky%
z4`{rRS(^7ptuZ@y;)8hP8qEy(CbmDE``00Ry;-_Ft?y<#>8%(u7<~6X@h#2hF|&Ew
z{QuT-fY?wlQMX7p8Y(P{eq6bIPer}G+fX{Oor`TYiG6-!a*$Y{Kd;4uKXyI_yt;fn
zbHZk2_T$-#fSQH<)2|VdbDz6||NU-YPyAzRBp>+kG2tHQk4QChnf&8mOF%x~C?X&&
z17<891E0=!*+kWlCJN?mI*Ls?V=(b5k6dlFIQCLJ#7&(O|3hcqwX&-F`M52^8=|OK
zKf36fXn+pZKzjo4bZ2)$NB?c*hmV`JFi!2sx|a=xv~wrq=*EjAE3zGk_nLf6O||Kr
z7f*{cfa8UiL>`Y9c9)G4HKEc1DrPLF=PG~75Dm@Lcq!*^M5BsnvzRLf_kgH^W|&Lw
z#M?51IX6r5BzNoDcYB_TQ)wWW50A&BLefu#j{42`iWXvaX1#KQsha6s+HbPS>+!S?
zd(w}wrM!fq_s@5s2(}zNCIogctab#0Np;(+7gcr_vBtN9crAq!AvVNt;myhUGgA-p
z$wgJUvQ*7O(Rhw#u^*J#)0yEOBj7Mh`{1AXYYZGKi>*>NMYC>BEv5X}utgU*xGuM)
z&Z|aG<pHEC%HRX+tG;uyCXT)}FkK1|a5mhYLIH!UPsQ`sY%G+gna&oH{@0gimH^B9
z;nZrZd)c|vUAJc6-1P}V^ZT>~T(yYMUP@(HU;M6Rw7U1xe{7jS=|S@~hP7@QsmqNu
z@4`l^G2S1dH0#ec5!+S&yVfpZt60`nPU}>HHKw&RROv4DO-vYaF&i8v<pcF8GWsT(
zql3*%=uZ9%`}_^%CIH9w=9pPWinDnU?6+JS;Z<i+mxDPEV0C!L``HN}P><}K<z}gy
zVS)2IrDiEa{;Wd<#h?>#!S95U<<#<5G7(gIrOhmIO7<XUf!mS9xc%?iG|=eV^n4TX
zif`RK!t^jY9mfz<Y;ay5vn$a519JQ;x%7YBOxm$tpM3W#fpx*=MEWnI=&?4S0TNi5
zn9*xG+lnk8iF{TuJ59*!**lhSk{D0T%Ok}TWd3JVc=V%#K=}9(U(zcfdWQw%#q?yc
zxUc`27XyX`K-pcN#`S#h^EXb~xpkE?@mNx2Vo&IYXQVAw?Tr49LImy6Ip@VSpI@jw
z=D|KX^Ob*uV9oN!Vq)P;3;1H+|E0x#6s&m6G!n~1v6q07A!J_~?;or<pjUAT1fDQ)
z6ZHSzDw%gnUC#pkuYvmk)`kXsGP4hD?K!#3iv33xU`hh~D=+uAmayk9{&zR#6JKax
z*5q&-6~Iw-mqqP=mOQV9g#h`xI+6psh5z4WC$K6Sfn(Z#fCFit0WlwKNdQ$7<NxxQ
zpF*QOLI<znhMZpmCF{%Ff0e9=K*U)ciF}Ssq<nL}HvuvfUteF(ciNfcUJYg8J+D^t
zx!J2J$j=`MMt=?Ev%S52+IZmg)!xti()Lb06^S1^vRUj>`>=M&0re`rY~cv_rFGM9
z2<Cy%TJPB{|JnsfGxC+!^fzx}>*=z$Cdp2!?>)1v=Bj-`G3-{e&|R9ERpyv;GbL=3
zURh^6BiBk=T7?HqH}s4P24Pd`VybSk8k3h{XSrHKEIJfraeGjO4~If&Uj*)c%2hNL
zj3fUc1i(@v0AGV5y4Ds+CO)1n{JhFyik>kDy_W5G{^wZkGZH9^;mw`WW>qIAr}rp5
zcuSz(Gy+f3(zqTMZGpuQ=wSCiWd2*-uxt6a8c+J)^J?`mnVov_IE$VGVQ=E&8%7sk
zG7AkFCaGS|uS^YLJ`^#$(YRAv>_eDTZ{Cqh=Ej7ZRrkfG@iZjdgtjUg4pWIaqoCUP
zS~YMjyp+Q~vpXlYMESpY931N-r@Xxf4{T(NZ@ha1=7lP}>S9{t+`#V!rK0d-{~nO(
zyTy)8_YL5wE`54`H`u)RII#8)xBQSMulnPYlSI~vfgj&r3$x6r>*HB8bY1yHoh`)A
z12JT`DuKoV*pDnJry%!-3O#vR0~l>hfW-`+a&;4l%3_Gk_)0s6xuF2bU#p;hCx>k8
zYDh_X&+{c7+0Y07_&<{FtnrN(zdV5Ux#x#~3<C!R9&RZIEDd3-lj5z4%EHdN6DYc`
z4`g3|Xn(<R<lVkD$PL9&JEk^{@u%co0h6b+L<N2L3|rKiaINb(hECk{6ZZyw`L{l$
zhJ5gRHhY~q8fB;_b*sC6LEWr&)!6$e5$<%qX*pq6q=%-ZMeLdTgAh8cYG^2qNp-10
z)#5g6n<NSvZ9|>0!G88hoUk)4+cx&eQ1-!1pi@cELZB_WMERU2jQU@78&I~Q(?b~_
zzK2CNJ`B2BdQ|X7z5aYAz<1eIC(sO%Z5})5hqU$6fgZ5d{u*NsZrJ^q-UAze`fjci
z-R##Ne3;it;dY`vgrhPs#-~wU^|vY-iaA?MRyFOuMrW`!EUsUAPMBnH75@zIANFbA
z^Zx8?e-sP_6dLDSfZE}}+a|8Ky+wlEX^`Q2#?h-TJufx3DHh;y*nRCk1e1#Rs3LI+
z9Zj&8f2nH3V&E;m^rY8%ozqTKYAW$fx_$9c!c3RDXA~wF)W)tF*9AX^0=8RTzXV8e
z1P6izU;k(qUn&Dt02JZS3!?s|))zz|Vw}I!@Vznq4c^jk>;8{jl<Cwv`w9x~=8`l7
z_~;!TAU5CM80^hfaUV3Cv=PHjDL$$sU>BB#e3HFxT<M8hxYkL6gP$7*?VZ<i$!w4D
z3At6Xo0Ib<evB#3u^f*#imN3%8Q(os+B{Ug2l{xD^Se|x)8RC157F$~j{EQCPeLB#
za}UM25vgYsxQ$e{qQ*CNX!GRE3*?Wk+3NJ~aq-64wC_z4vpuT4v-D#<v2=eZ3PI`Z
z-MbJ%JjV%6ijQIMo3}4A>3vt_hz0USv0b(uwNB343Y}&K8rQD$gq&VGovzBMI4G8T
z)1+F@z13m(S#a+A?c2>%jnh$|g_UZm{+-IuP9@jm>S0i3{|85B9=uwgj@FHV3%oq>
z)BB?Z9w(=5G@H~9r6=WKE-4=>nRIJqbT0Nr6z{GcqT<?lwi<5shmm*t!1<k>1TNQ?
zx_j>S$xSyopSbTHc9RiZG1jlnZG;&GU%^6)gu||31jVKGyrpS-jzOE2M4LA3^XwXz
z77Io+{R=|MlYBUJnCsFv>Ri;+7`K9!FtjmQ2;}eKP~rT)qd}2qz+LiHR8-vT@As#C
zi->64to!D+nS62Sf&61|;e=Q2>)XPd**0)nU{M8nV0hYL1N)R{51|uXhE3krX*{Fp
z@K@Wc8(-HU5oeAgBg$+t`MYn8f<B6Ve*#=zWb_)i+X#iMpTpBj;3Em~@iPAK0zSeN
z%<qTp*_Ok{8<Gp*{XhtEEwQ}-Eu9n<Z7$qwihI>wVG}gRJ?)&S5Wb8=<{eI8{E}G6
z*h@N{?^si~?`W2<n8Wu6S{|%9gXGo`$@V0`Y)=ty*hd(6y&q0LWzBn{(8z`KcCBsA
zmgDBUFb~|(ag|Yww!(nnFzTzxh)Ss{$M@y~&Z~_*dUvkcA+8b?GtnLJuJ~wLv6wIR
z2-!?41YxXt)F`S-x$FJ63j-fF2g-nIt__9wUeV^NwPv#|#YL@%H9W2N=V~{MulhT9
z#8n46ma&^b!e3nXWgPJ!(?s<B5dVV!+TrE-ct8IuKGEJKFN_b~pZJ80dv{NGxibg5
zzh<gv|Aa@kpJHff{gKE^W3Mazf+(E3-F;<)eZf2=B=G)oG9Yc~9U2s_RT;>6;<W@Z
z2f>xzjij0V!Jt4!`)$1>IlJN<9+jbeqM@|3IZag_WXO1B3B!x%lA)3XZ!gZD64SJl
zs{b~&U(L(YqWBhNPcvqrVazpeC!MzUqMP?3QHJv}$dJ#Sa-WYNECt_>GP`K%Wsa=V
zeTU~Q$x7qo9ZZ(ox3fwG3r`c)$g8m)CLhVV=WZ)YY`<>460`;Gc!K|ky(m~YK0o&}
z68Xx12S1^y8o31V@j1Y3b87wdyhUWZCRp<Bxr+eg-EIp(W@{Y~C-z$7yF|;}3+ehA
z*@7}{S`;emM3Sx1FhaX%8k3!onVDXz%08%hnZi#PW*NQZi7Jq@-wKft2g!um=7|e=
zph8YL&>>0P<?&jKQ)G<^YRFR^i>bGm*3|O{lMRKSAmAEjC~1li=U_hSlqKUmvf`t)
zT)e|xIxy%C0;Tbq6jdb~=W3Cyg|Yq#LKzwa4Bq<A<gG}=A79pIVO-#ce^TC1u3QiV
z84~GW7R3hTt%SE(qB24@QS#J-B#tlc5q~0IVu3n>E=iiAI*`q^ypV)C{LR37F7VDY
zY+~Fs_c)QNo4F?GCqZJ<CoQ%~^A^!Pq)lN#-}#xbUu&!#eo>t(2oF|kQw-%SHxGa-
zWkqE2CBRg$T}2BL^*JR$n~mBRfZ2}I)@U7o+4V7@l%+f5W6z%3T-s5d%Hbk*X$_;E
zRy-*<(J^`%!uKX(rkC~i?Ojd41<k98U+?G_d(ORg-gb)duQ^mTYUB^<4KZ%A08hnc
z0g6&KHbX|<*0$&O*?Nu=ob!;K<em8{qEM7y#`zh9r)~0Eic{{4Lg___EUjV7l9K3i
zruuv0Roa=s)}a=~)-<g$VR&r22KX`nL0y&ZM$QNWatppkyghFYAbV=adRkEhT<{fb
zW8Fpz@^|nm#tA(bhlZys5ijlunZCHw<vl+$GkH5zWBGX~5VG6Q^bNS7w}gD}xR6GG
z<*C+r&@@>c+`NZT+6s<y9&&71mOY|1L`;AOm99RRhK{RWl$jd)mF{SE$SX6qE>&`O
z98};QUy;^<Y=Ya@KkWu0<L`nb;{8+&zo963;t4d|Fdt(P+Cp$Yg2zX|t=Vs#I-dL3
z-x%Egq{^Ej!HZ=GE^Bkf+icSO>UW`&;lF*r@HS9Oo81l4)NsIu=M>l(e-m5&RKZF!
z^9Rz@%4LcUr-P~sgON?~Y5Ju+^|7wDMRTa9JKA>T_-xu~_9T+&LP=BNw0JGPyu4K*
zwIJLZhoE4Dmqx1+=UjG5YdV4=VHOIEs~Q-bo#NRXISW;vu^g@}UwU71i^DSDIn`05
zHN6uMqR|-24iBzP%OcO#+T^3f$_wYDl{d@J&`th~#kbPoHwu%)<qrLty+q{R&qhAM
zFHwH`FXb>_78@uWbcyDI;h1#rcX_;!E-ec%*rT@*HYvvgN=<Itje=nM-%s07nB{@O
z)MCdZgm~JL-B!mHePt2xzHzAzcoq@8UfK$*0ro4ehnTRm!QgWha<Q@XS`2*#Cy*LE
zQZy$bD%xtRhK-K?Y<074r=<Pi=hTlLRkOi@r5uY2N}NSHG?o}6;R-f=I&f{Mj@~`C
zNn(xAl<_t84s}F@N3&=t+v~Huo}HtsEFRm&ge8Q}RNz{nG>tHrrz+}b!1bJ3#^ROD
z^#RH6Uisla)4j;gEn}o;2Un(2f#GFrzhB&G?s{$UB^w<Gkm_&feCf-F+QsESFd^KJ
zD_}qecFD$Gc3M601IstZeZ6vx1{d26CDmW?5hN|4w7Y^06q_5Sbi{s^R6wK-eVjD3
zmG*4GIm{NH9?))cZ7mAL1#UO#Loi-PoVR3_aRGOD8|0Mdfij}=!-EskL^@Oxc&dUF
zQKH<=t~}YD9pkqgr&OgT6?ncoMa9M=X=QRk(rkitJE1XA4U)HK9amS2lKk*rBf$QW
zhaYO%Qdjp!|KqM04LjOE8<FEMiG%3hPP5fX-;*oDOCiIHs<5$jcW0^TEkA^#K@IM&
z0Q!)!4FpjA&P8M@@X<o4Ul>=N6_4?qI^pVpRbXNXI@8?eb{rm$SmM^OW=+}E<oLOx
zX6F+G70}_4t_0jsU(WoZ$@`t=CMQ)K2OYW>K8N0$Ri%RJ2-cQ%)8*y-F-<OX)w|9k
zKNp&D8V~x!Q*}L1(0_h$LA-<D(JT~)Aa95Tb)t5U+%u=7+9DvI&zp3(rVdqht<)Im
ze=jAf=S}hzVLhfc*}6P&JzS>knED|+c|8YmF0F3XZu#URA<S2Cj?t~(sfCpGquO9r
z>aLMl=M0OZHRdbctK1&U?9Y}HUl<+N=sUpTiMq+RCC~UT(<rfMo%S4#_~;E=B0OJg
zC5E{xY&M*{Yn&4>4{DZ0tL~j&i#?9yz2^Du9p$$~xy5}JFcV(g?uWhozBM;IpqEot
z;tChpxiJ)p#xR1xaKh`9zcNVmS_6Wju{hCw&S1V&I1p)lk~`FnJ>2|2b^0?d`xL^9
z^KB`oF{(;S+t0{av?1fJ3=1;e{iAVovX~77<a;3fibA?;?V<K31GABH5c41;#DrH;
z72nVta9=kU1$3T!#xi*rzO0+xUYWUPBQW&9MXWJS_kb{|wTivzU}7qN?x5QI2Dz)Q
z<GzM+Ija3jSiDo1AKwnhqJy-Nii#n#0?beIGrf9ZSL!Z=G+^c@O8Zhe)fOice1NAW
zrgYxji)tBjE@LaWYTk-db3zKULXDa94nkKGG+A0(by{~*JZ>4~c_+-JK%+!?+jFRl
zx>J!`x~lm?u=2;#i>W?Dy>iO^-4Ivw)}G~o9Xo0kWYck6LT~gyGCixdqxA>Dqp5K2
z0}O1PcG$Fm`LN{Ge3guB9;Y?GM7H!k>=M!WR=$zE7!Q{I5`=J*)$a8jJLkxK#etL@
z8MKV+dxSF|hv#?`PPN&J-Q*jq$RmfI)a6)3ZK9cBR@`L9y*LN=i7Eu|wfEgo+hv?9
zt^A787o$Cqt_r!wx$lZ)_H68~vzB`n^QzKVOqaVBB@X!?a}RAU;NofZvPq)JqcA52
zPEX;n%b>UXv)s#xeb>CdoK|Arf(Pl}rXsiW06$TnB0N#>JJ($EhBNg`?3Z2-aXm0w
z=IF9z$cC?C%ZZGPJm(Wbx3#zlvzu&#CrrGeJ1CHQ<(K$c#I{0)+rVnMOOHX$V3KCh
zAe&DE>Gtl&KKRGkd|Y$C^#zdA)D3Ctf!WMvgZ%J0gnB!Jp<gtxO;W@tSmU;Ca+s{N
zvM-SOeSc^m)bY_8kl66r_aU0wIABGM4jMKpRcHN~PE$bHPb)N=W&U!+&x7fRA-U!C
zkDG`lFh1=4JM6kREx|};m&Ne&#<TO&csHmMF={_zEsGbSg*KydsFoi>-nYlre_JtD
z=V_!$@tkV3+KwKPWgB#6eJZzr6@p}*rKPS-x_AFF*a_n)q9i34zF79vLw)$x^i*@(
z-c=Yg_H6xz(B!D~<r#VGlOM$%;USmr+%7-(89(%1!>QVSXRg9Q%-QM183I+KLGm01
z%PIC4min9?#0-TU$xb$y;yES_w=_nLJl#wSX__G~ouqlCUY=^+WoTo%<Uu_fNS12z
zbU|dVC&F2`Wg5rjuuk<iP8nM+Qr`rR=_d;xyF}bhJhO@t<*q7D*dpN{^cow|VZgGc
z+`+OYO-cML`$>n=cKkl7qb*ERmJ`kz;oQ2d<T)0nSXM3^h2pTp{DUR)VDhP5IEn>t
zGOUOC%ktnIkZj!!C@6RR9`5T+0*YZ098(i;ygstH<Csro%g=D>WVm;xm4*ljoI6b)
z`H)|9Yvd-<sA;l1joT?9;=Y{m=t<5P!W{BA-(jbcxRmhc4^P|%KO3N!B!NBdAvhZ(
zC3ikYA#}@v-&MrS3wksDq3OA*EMvY<>6n+5yH@I`W+cCvZ7?*)zK1;Hoq;CWtEa$6
z4~W5_G>7wD4O5$t<1hsqK~IO_i|3lhB*gpp5RS{7TK?x?pd5OPw~zU<@E)R_CgbX+
z<iR`&pvB7<K2R_m#x&{vcG)CguJY%}u>|AzikVOEuUyd}&F)AIVZcqky#<t`8{`Jl
z(&E?m*ky;yysW4W3|F;mWnK<Q{capkDWr&WRaP}{#_sh^kq0b4dB5GH2#*i39kxa!
zs4u@^_8uJ~t)5;5+b1jgex^~SE$HWEz_R*S<TKS$s92-aW1sO%bD>}^or$4>vbs4T
zNWtN3G-g*;7@LDcO4#z@QY?wK=|xZ+sfm|NKS;~|XtVkqG~;*8)gRd<syY1_g#v_~
z%Cc|Svb+`08G@Wr_el>m@(?@`W(_R+>gZ7;yVymiRZ*ol4mwv<Ox#4L-A=VS+hpOP
zInpP8Ml#$lpST)*;J3Wld9Pl6Lw$<D1LQafY)K=Vk<%Nz+kG6ffiB$!gO?V`P`U6l
zJ|dD+?esxJBu@OUlj*NjYM)dzb0hSd2fdc*Vnk_`Des>ebiqh}mu#>`ToT-wX#o~t
zTRn;3njt}<whl8%oOBu7j8#h!8W-4EdWY+<>Uw{WJM8L07@AztJ#cSM3|q;YzIgsV
zL~x^Z#D?*(IyYjWDO&xI$^6La{;4o_!`Ik@vCib~&M#us?Oy_@MeHiD$mlb<gZkd&
zz86DPNE<M%yfS@az*pEnE)+tpWBT;PTkUOI$P+sm);3$2aR^J`kE$R%SgHA;pTL2V
z+iG4;SPA5!tJt6<D6Oa7Xf#w;h}v!M<d{Me-wX9xvTAp5#?re_;3{PD<FQ4*GqcNE
zcb(Laq}Vd8dZ_}vUYHirtpuvLc##%n%Z8fny2<ykM{Tjg%8L(%QL<NxS@#{YZulD|
zHN{@e#OjGfFOI&~C3R%5U&UlVrk|9!IGb<zFb>WzAWv!+?-6sqN)g#@p7y2N*gCgz
zoI~A)g(PBP|3KxUgqgZ953}gR8;U<rjC@Fta67<g9q^=S4O<w@!&Q>M*eJMkyF$Y#
zVTR@`Cu(BRKz5I5@zLX^+wJC@cEJLTkc(P=(2)+_cpKzoUaT->ycTL^I$Fa1B}8X0
zG>Eok<R;~F(+Y$R;$Qi^_KR^4^sj8n|IxCZxb99fVPIj+5<?x!uo9xtVIB@>H^uKX
z>f7r4ehwd??^6X4iDFH0M?GjNyMO)N@_^oe{d`LFvLr;MP<6TG>1qhZK`pAp3p$9a
zJT+)(gEywJ7RF&{XZ^hS#96wwFh!igS5MIv{SA$1$FQzHF}})jpl-mP2!Z8PvPfuR
zeHNuU<c6|g8|7I;!#zrXvu#jzrKJI?aVI#(b&@{dNkb>Yv6p)eob$djyfdR>(Q?Cz
zHBz^8Wfl0Ci%gY)HG~@JsPz-wVVkiBjDhHf`b13BytW{sP0-D!WLrGh;c{03payK`
zqe>8Ls{sx{PBw_#X!eLu*VE2^BYwZ|a@ux<AmE<54>z$%koK4p8b{b9rLB*QCF$Y`
zDmUH!M}44Z+&925lD@5!p&BN7Q8h@be`LXfm{zZzsgb9ic~t4SN)-Sysu4B!My+$~
zIk$XiTloo2+`w^UpvR#nDSjil3pLaJyhvCs!ydJDU{YsGX?WCZ#B|Hgkd$+TE>;8H
zT7DR6&P9wge}^BrMnO^74zb^C7Nu_ftHG`Ch8p5PZy0lFk`Tkhb{NTEq~q6MM)3;&
z@3*=yDKAFd{Fy1M8&gBha;HwMpI_GBNQIO!YCv<R6MYGSN--cXiHDhHlPy{@jgjj3
z9IC_kB$f@sgxTk5=V;J%c2lV(6EWRePkfh=P-=stXlzL@<DcX9x9~ju$IsDnC-tcf
zn5eQC9nhQb4b(H3-n~b|JOT)2cqDCPA*)N}xIJEUD$O?$xinPblt%P%k7mHoD&x>W
z>!GSGm#=C-zjSyZF25PWncImwM5%}6V!%VN-{Bb^GD=h&s(HX5#3RR{zUfeAa%aX$
zoV0`ypKq9<0S?ySdUiyI<eP4eo5Qtj6Cb=`e!_>3-%~|xUazFBGH_4`M^}vaW`q|G
zBwNhpTO!lAzVC;>vvBzG7ueDg{R+7I8)m(zh*rDK@rQLnoXy5|#3gLTeV2b{)G~g8
z!RXvn>y<EnrQ>p=&|h`krBBX3qly0d;v@Fb`soX2i^uFu7yywxQ-FuzxS6zR+j`($
zs4Z1M*5mc&F?Ul&?Wcg@@EuhYd4c7JKlV+8c5D=-56AD>kiTRC2I?zmTR4=^4+Skk
z%1HFSpCVh<k}8@I_uow_qa2pkeFsd$aksSoyCMuSW#@FJcE$@mzeIJ*_?VBNmuiaN
z1qOud#X&_Y2XCyYR2A?zi!!uP5ZNEj?+sK?O$Cb(jAR|umEk9{m3y419R#8IQ$Kw1
zpySZ_<W9_p-LC#LxN}y#qd11L;h4-%ar2WKVancgV7gTX#<Chn$$uShZfQ2LLQzD0
zwd&zBCWqmdrJNycJ0<oHsflp8Ll8r>*Fvc)oV2F1I1c1BW1T8_h6a6|0dg+wIdV=k
z;F8M~#2~X18b=#FKOH4ZI`z5`MQs@UCkff%U12KpuRKng74m{9I;n#fSHETDVZOc*
zH#99@6l@;<>gkR*8!lmsZURQ6^c=UGA?Ew487`+E_?7y0UU7#J6BLK}p2xRQZ?}D2
z5Nv+Mpd+|8kUY{W9QOgki|Iyh+HEnFFqX0;E7ZSNo6)MU`G&|Z5pd2}g*<0rqtEyY
z`#r<@f=l^3e2?l_dV}CeIj@temL!U`>4+&;GH(y2Nbk}wb~T{v%(7#w@KnJXA+yr<
zF&~KhHFH_XhO6>x;{5QxM;c;0s#6p`0JYE#KOD9rJNqn+jEoF>Uv4ljYFEcmFX1OF
z-vs1P_EyYTE&*9|;inzH-%pIsDObzyoa8rVd+g?SUu!myz{cs$`jKIvu?ETH1q_EQ
zhI<;cUt%Utwc&8iSU40J<H7O*c+Y(iO1{cjMtjw5jbO0zVlkU1b4QyvWKf5jyEII&
z->GW2GQR#M43qd_z`I_pR9CEA($g86DNUToIQKS`es3^Mw^BVCblIkdSz~G&5Z(}a
z>uDp6&p**ULM15wEe|SWpCK7-hhSkfk9_Kr2^wRWRgpDQr_5F+f?>Z1nJz^uMeiX6
zSm6o`O}LQl){$fu2(sFFA3|1Fe;CZX?4W)*ZDQsF>NyG5j}$K+Q=5~_mz^jN`TVA<
zvsb7^5%NT1aXyGnZ@h)$Wudr2f@$t6DEwWlVDjBb@vqf=+1$iX=#URzmNsx?t?QrZ
z1a7HPy-1HfIG^nJ(Kt|M<n^Ly7FXZpz`&-kvNf*MTJ@`PYZw?QF}D^;i53FhsJ4J4
z*-<1sUkL4G6}vN7P)swR1XF1gjx(GUGHCi=YGv5HMPCofOlY{v?@2x~vEy6I6YjuB
z#$@_T9TybGh_pv!PG@L1N@TZ+wbu@b)(mIR4}ACIsd&Cq+!u8yda7~%mBGAE%Y$%?
zP83EM#r-g2)z|e0l;C%5VRN}@@do|<d0mSdMjIB|_5z8)pOhS@ltB1u=>tgjl9LC8
z>xpMdjl?HE1A}Y|4p@Ant-nbwV?`}>W#xU$l$6h{W6xZ0!?*firCV7l(|As;f>8G0
zLnNB+<po5@!#GBgUp3p)$C^!WaBvWIv21MlFwAffIjJYm^HQw(Lag^cP;u)+=A};*
zC38?34DWBu=@({9dZP;l?)FaNbsP0if+G#^!$(#pL9ia&mjSS&g!)%^uKFT!r)C?g
zi3()t_TDD<Xh~d#8OHLX>M%Y$$4!jbkSAC5JQ;>ICpN;XH`s>9{-3r+yL8fGs+6@+
zWRCANl#CX1{1Fh@(*5iKO<L;|XR0mjBmDlYpKJ?_ZCVsHuzK6t2k1`Tg6WwN9D|uX
zgEjFCI)V6HM2UAqhQri5F<9NWLSGojrNoxZ0?~!$z?T9_tXkRVWKm+Bq6Qd_>i(Cm
zyZbn~;GUV+LxK+uq|}lXjwjiJf$yO?1PL}+Eq5JZs`j>=r;}pLd1oywf?<9jF?ORo
zb*mn6EAEG9X+=s1@~BAM-5*F=!Rus>M8!Ui<D9dDdG^$ciGe<w2qjiAoMC#8KHG1u
zq>($zJD(Wvfk?8k{NY&zQUs?Mh1^sID&oz#2&AMY4Z(BXtMn<S1^uK#bltIK?W7)p
zBj$w0E8!mzsNQCf6&kM`hSa_3>`w^M8u^bivi3`S8iXz-!2xZaEp8Un+dl;+&}By#
z*B!g2RQ34a&5BS)Uv;}>Bo#3{I8cc_e$%wAmaxl{H@MDjIJ}YB6m*uHx#l7zpSxJ~
zlYI~a66IN@4)x0y5k2}Mbs`?;&=@Ovz3Tdj3>f5-cWoS#S6$qT>KD5B+StFJ%C)qi
zr+>AJe$_`YRuDQrpzV&EE1P`0K;ZWX`ae^J^Gig0?y{`b_mT$@&*z|&aU~{Ua7XYN
zP#8(}awpT(6Jjw0btYwRkS6?~K_;m!>_bYVZo%PZk%Q3cd@P>MxRpW;syljJndj3+
z=Sy7{cQ?WR!t|&2A|1%y?l@Iv_^hVxCn2!ex=Eeu=T@0L^YR#R<md=nX;hK*TQy<~
zyU$t(wek>X7z!||i{>6utQOhO>i0E=gelq(;W+VR^mN}5V`K$|>Yy)BC~SGWsM5&=
zOO&RF90O%(`bzcq6ds$idR=|!$0H>_U~Y^sN-$&PKy?;$A>~MK%x^xSL!P{Dj^JX_
zOhuo)MCKd8(D{B=yGvb2Sv~ZwBQIVoES5=s!_Dy^?MmnyNyKh`$j<6a_H6WLDXR9i
zuwXDOrJZ@IAKv$s3W*2VNv#j>vDhpVr1J5#(nZ@_MlJYGxgkw)#9@g72r^|~o;(qJ
z@=oNfGTz6!lwgc>7)Iy;r9eQK_~8cwU2Y&x{U#4rEK-Nn*=y6$@@l?DAp45WTP_O{
z4d?72EqEi2DH4Yu%v)FuR_z0se-fSim^r}>WxbOPMX>Olj6NF*f2waqaeEejWq1qr
z;xzVau7UUgZg};zErrpkSUh5mmCA<iPcN0Ak(;kuj3@NU9KA1BikMH>=x-Ji{FOpp
zO8jUI=D&?TIPgZ%8Tqb@MkD+#AUb^zPQ6U^n;VLG@~FXsg%Yi<3|{zcnC69_Vd=AF
zn_qRfZ#n5>KBcku)J<7AYQ7j_v7c@!v6k}0AB)%1CyVT{U3s^F|NJiqiB9K_c4fe#
zH`r-MHHi~-I`(FPM&v7?c%P)p{1R7jaqgxpaoFYVb2kZHv&PPdKEpb{Yn6GQ1SP3L
zKvR-#PG;gl=*id!tGdf>uhUYU`5?yEolR{U*XV=|+p&%d4@7zc=-4-;A9o7`*Oom$
z$o91bybE^iCyBZg{|FWR5t;+Yf%ihn99C<B;M0OR6M|xDey)Jh5yMy3Z=gU6h8P41
zOO$KeAzDilIY=P&!UZ9WRfBbXCQ7aA8JPo<+e=T{)Z64hn8bt<5a`X^R+TwYm-feO
z`y<mpE#fa_hfNZpgr$hKNe+cziWI9^LF|Xh=8p_hclcpv<YMR%Cw3f=?-_SCML}iK
zbP({YfqDfKI>ev*SHk`|Ybt3EfgI&wloZvu3V}Rd6mP;k>@$8^#ZB4jpvmWOf`B<H
zEdVG_$m`aK+Qpowgn=hM^Ea03c!<58G*f=-UwhbIXgmg2MWEOAa;*QUSb-Dt>||TN
z%%ydY-xCX4at}?2by$$naSu2gy--ANN5MEoJF3I|a1?%5+Fd!xJvd0RcV|sCMFf@%
z%(M}#MsZK3Y~0k<$rkv{wtY$oMXk?gMiaqj{idE+oz9$EB@HTXg^4ZN1pMLTRV8;7
zI~WYLaXV2CVCn=My1)9^ZfF2X@7HurAvjUs$r5X`;Vy^L1RDGuu{b8r{!EHS{Q~P@
zkoO$Oe|OTZ>ZYr$@WYAtw(q)Gf^ZOkT|h8o;43qMuBMx3&Rk!%7P;V+_RW?Q-Y>-x
zdzW?599{XHT>i`*8@x21$dE5>ifx2-tlv2=bD>)IU&FMm9k8poB>AZf>K}&b7Lot<
zGkQ+XUo$`nW0~Rmoi}Z@v{VFFmJY`1_lGt8Rx2ma+j@f3!2Tay{iCEs$gx2psA{eh
zF7Py!S||4vh+cTGujtVty9{M^cC65_)#^<&>lKd+6fv*z+K><Y_nAnh^3N4OyDPLh
zjR*9O3f;EnYNQS3KU>8x#jj8yOCnIP3wR-p`BRY2I47RU9OGd1jVWhPXvOmRM+a*v
z&+C4^05@UYP0MFRURe|=x5|Av{lVYhtfRQu)J&cZecELZ={f!8A%3gvlzP<!wzAlG
z9eptOyhE`EzCIh})paIv<Z#!#qU3!_l?3roif)g8?8uc%@q7n%la$&%HR+27z3pf8
zv2Tw%n=1>GGj$4Hk;<cnj3SuG({*dBFG+7B1g%Htuwb<s$0C`H*qL%?m(H(zrHQ1;
znnX3#Vj#N4c0PZoD2#X_ggVq13?PgpRpF&R$TQ!kwz;~cg>wbSq2C8fpenvGG*T|D
z?rUIZI>BGR<ax}*L%0J;Hygs{+{Z7}D({+_kMHI=sJY5^`EDDU1)F&hJ7lF>2RLwC
z=7+jD`dp=LL&bYp9lgn0`Fwvw_s*?Vn?-RW3*{@(D6g9j>fxGbf|&@Pi+y{fO}ITa
zh5Q=MDM;z&hRefdPM7d!JjoJmK6sSA_}!B&LDZxk-hA?3>cpCNUU11JZ|jX)TMV6+
z?O|FUU-*UfvcO}WBo_O1C3xyS#0o9hcBfc<x+Yy5s(XFrldHi3kq0-OaZmEQI9IhT
z1N;-okB=Rpd6UGXnnYGB|7GNbgNAcV^`oQ3-5QUx?R6TB>{=5V(~o&uhB<dL{G0TF
zh(yRFV!m*an%vM7q_UUfhBPasEHtE8ufI+TH3kIKldIvW6fI+jf~{{}toyj|aGw`%
zL~mS$#k-a@y6N$v*TY-C44$Jzws<Xe4FKc9+Ui{X&+mo|H+gs(iy;^sB7;M*Bj6^5
z8tMg<$lhz(7kjqjZ$|f$d`Mp^IF;|whn?aVl!^Eg^UrRmq5!aKC)C!-C{@4Ipe>eF
zpESmWI=!0BwtBvyDfq(PI7;w(#Tw`Gb@#*CJv2uF=lZgPLG2qEI>|O_Y?tM)eCgEt
z3ijM{g;B%;XC|KC%EjNofQRxG(I8RprQf4-SXtAZdZA|55|+ocH#yYpZ}>3yB?J=q
zCGaSr2sGz1Pw~-adsd1-b0vh~MZONEA(M)=FImwcv5QvG(N-`Eyw3LS?=D0s#WRV#
z`P}WIuXbSe5|Mi!OZvCZ)BU`tXU?_J2KAj3qekjlXOZ4-oclkS8d_&u)P88)o0FDN
z{A8AB8WbwaLhfl@{zgQeI=L~MYFt0CQM=uz)fAdQ4GB!e7lPW`rZt|=7f|&lp$0yG
zm*zsfgyg_^o{mP{Qu-0{g*_}{SBTm=rqXkMxw;gN#}D_KCfiw88XZa*BLMM@n0g>2
zj2}vn$G(1<EH<B0N5isL!cA$sx_{85`{~pv39MqTjxxH^-#a?idvIcaS`gAls(f~V
zo!(AYm0T0n63ka`3o?Vk<0?9f`c;0`u@Bs2g|fhKbPXR#Ljf!WOur{E93(HEEpBb%
z-+5*(dMy79&V_mZ)olI+e(wiX+8S6dlXG+9%>w+A*Qq|YtHhkPf)C|AHw>chnJ^&Q
zU0->a%Xa#Wv<tm{XgR_TJ#gp+s?oqQIHH_=_LOpc>y5@;(=JoBCUwy#pg(Ex&?O0T
z)WMUOt~w&BEx%HkCPOd=8LOZxxhPIO>shbMTI%X-Gm#L1Gwej`i@EQN<G3~<uj2XS
zKC;<iE^3wKHH*_uVC~kgjg(J{gsa`J>xSUPO&A+luL@BVC9^OgEOM2DC|aGP>~P{`
zePK(=fJ+Tiu`by6O&aOEJRWvt;CS0*H8(U6ad5f8O^q;JQOP7GGxd79VIXigJDmNX
za+TR&o4^_V{g+k7Tr)#X!unJ2$8`omQ3G^Pnj;mghR2S+=pv4#&rg5wDN|Bbt=7{~
zNtyV>z~?ta;*D=mUt^354c>E4A6_KHRj@+s3z4|!zw7OH2*TF+lz*AQ33bN3mLVmj
z)1S$VR4~Z02h_=g^-j2Sda3!FjBY(t)8|v&=)&flt5qJ>h7<-#F|tg9M*VY1pZKjr
z`qhVDXf0TTf?hUh@>g(u`08?R9)wI}>5I+2gQ|(ID3X;~i1Y<@@xDks&1|nsaCPLR
zIIf0NXYT;{g-rX5?pH3B<wkUgrp=)KsRW6Ka(LKqRT%AT3NY0VUR%Ff`=@r8l`KE)
z>S;(kvXSpl2bA`OtdaybisF0pjBe)%{5JC2>56Ni$KIbw-33JnWXJ}ZYFC@3uAazW
z-f_IqJ`F1bFZhUb$Gfy%MwKFv_J1ZWDQXh>ZB~#kS`>FBHnH61gj;+BOkVhXYr{$G
z@q{2#2+vcdr@@B($2)c&dIX^jDqVLZc`O_+J2&aJ0Z=~D+9f?$_$HDrBVqNW0@4Sf
zjvu^vO6#oU0=FmvLw3O$1GO|lp|7Ahu!pdh`rW#Ho{_$)2iu^(<j+8CDHwD^r$f)Q
zdpny?I5k<a*Jbih)XI6*<c%yL)L#w?vQW~Synwm&T!XWJU`K^1?0U6a-z1wTvK<!}
zR^NQ%ZY8NlIFT4_R4L6vtigsJsOLDaQ!peWT+vjVt%Duuv-U*Rvm6WNAU8oXUa=3J
zl0Xt*8L%FFpLJP05s0g1ruzjR3jP2%LFiDzO|`rCB)#Y)R}sjIyXV@NPyWtsiT=oL
z?FF)6;z&(B^uc?97E>ji_jfmq9IdYm-hjEj8nM*8FA;88LYybNaOr-ijGP)6BJP^z
z=+yKr?HKexRlmF}jeLI`Q^ykg6|i#trMw#2BEP(Mm4_cd!{2s|(zBnkOIrkYFPus5
zx#__A;pdae6dk-s{8>Qby-fwuTq*BgsUss1R$s$1^E$dU21Si^m8p{b4F7^yIM)#!
z?S$os-8vv7YMV(ha19Ota~<0_cf>AriASGn9T5qo4sSyP2n?Z4U|t6LNkTFd){T{m
zU4+}qU@HcJvmwKa=RE6(wma?B^<=Xb?0ToE9}e2@kD6dO-k64f=yvMDzR&8?)F>^`
zDQ*;%i(U8g`nr*^DMS}8Hm#n16DCAIaE|tpe!J0JW)Wn=AqGnI4q}%XC=P?36FQUf
zT6FVR36P-*QsRA9;0Nch9C&~hR{u-=$g=ILjaCJcDXAw-plWP0qYO}`g)#}1hC8MV
zKs`UdsCJ^1sOynTgsG=lhxXUfI6bEYNAeQI7<g7;$~6ZMl8ID)Ac&P+sz3UgArE3T
zgxIIdWxZO?Ovz>dADOzma@cBFG+yZ-h~4U%5u->84@4uhXPoAqs4`o4ZIsm6CX-3{
zU6Rv8cps1DG0AuW?}`Fs8P9@BrJ6w2rZWRn0DJE+%=@6~FY?J-DeV7p_I`0R&1NWh
z>E>`&o7~ULKNuUk+XTGrkhe8#4`{Y*J26;mUt}^;mpio~StQWq55O(WUQzPF-Mz>>
zTv+8BnZ2!dX{G>pY1ok|X<&HvhB+LXT=BYKjHFr*48!F$0!JI4Y20<9yx=0A>aN1(
zV*Lbxrf#DbgjXy9=L3gWnjb=(qO9u*GiLPm+CRp;hJ>6u7|qeFgc6m&GkX+9p_(X&
z*&%`y$A*ovyX0najAk_7@A<*H+UEqDHa4oe#3#~C>V&&TC#A-Jgkk6~0JYnPXhHpm
zJ#KO1y?mde-h|pGbS~`AHzu;Qs@9X0OH{XnquVs(C4kr@+gNnlNO-t?iBmLPtY^{8
z*2g<fW?>Mg!$~d_C2dEX<AFAcZsxF6oa5Rb5~9v`eTrdluYqk?<#9Kpf5Bt6aMGd@
z&G(@XOSiPkz;{kefwrWIxy;AiPie`BTTIa}5uc{kIaLcJ@c?Fn&2bG8Rou7_<sV^V
zV$`V5)dbrOB>zIAY+@jQ+LNO`(87GfmVkKe+huc6D$ZaEARzCxrQDBUFa>AATfwH?
zLzYdwKXEk6<GXpDc=V){O_F*zh`eli#&)n1YFxuA=JZt=8`<kq@}1L!4x@Df?-x4<
zy0t#1$b{1O2b8<+EoK)8IK1$LDLcCpVq`;|tD}<(UxbFi`tJL|l=)Pq%A|-Kqyer9
z+JszmkT}&fEZho32z!-d*j}*B)M`tdsI^(zfbY*_JLBz&vOUaL#nLZQR0En{yN}w7
z-d$dKfr7|YgSmrLNQXct64uSP%XB{~ddf0B#I#|mIStNjO=mXIv=P;P+#Q-+xr{>Q
zTdC^X$m8F%BR@5LVfeh+l~<+fLjYf~$zqj+isJ_^23~EEr_Y9^wQc8dTBegP@AWQ^
z(gk=R*)xgDx0px6IIQkjrDNGqCt~o=TF2w-y`R36oh-)H2;M#aVwBEXZ<Ib7S3$8$
zQ1MvlJ%Q(Z<W7n#3$$>Qhxvr{YdmsV=kOCeSvYtX``5t^kbwt;(Qhgu&<`(<57I8S
zmmUKD15KG`Jwj8Dsk?_jo+Xf%K=Wj<bq*-JI37|K_x8OP5bi%S0d^W2taqA3f_enp
z`D8bw7N}RgQPtrvO{Kn7R!$kxR$G_R5?&+tGO5EWiiMa7)uC-da;m^>dc*aSOW^0E
zbq2YfwAT;pJ%Ln3k>S>e9oq1ToiF3vL+kv~pxc!hJUg;zhf__S*t{)LR%=s=(c^yg
zms6ccw#@Zdtgl@aBC+L5f4q%F1TkC7_82O5?J?8bkEat%cf`hfi3fcFa=ohL{iOcU
zKqbhs5sTd#TkPj=(_w|f8v&9MEvg?^#pUKiNmR@y#OCWpWLqUa@9kwHayqR+TdsIh
z3uzOm28W65&5jr`yC9yIU@u2YMJYQClA=O!-P*&zy*apq$5_)7^uKir%2U8+`)ud<
z#4q_t2#1U+ky8S@f8=lSs*%t~zr-hH$6=ODkpmp%joAO?i(~#PM6uGkx|YJKy?D?)
zJP-vxGy+RsMXWqIoc@VRSI1(u|Ax-9R0IvQvf4b836w8J&WU#9@?7wyr1*g?U5%gY
z;>OBA?cDNAO}v$aVNUZA9?ZItg3~B(T2kyXZO<*l1Bny-WYND<H=$5ic5U`LogS9s
zk~T;>DRch9z`Suoj7qc*)X{%M*p>;&$AOE5+hiR5?l;T--Gl3@`)3ahV037<WWw+s
zBuDJDIp_c$luZh!6i}RilUD@rTdI~HH?h|;rE+;$n-*Z_M%*u#<eV70mtPhFt*bbW
zj(IN?&T@m)_N0~>uW7r@3RyKlC-!2Y!aDsya@u;mSCdv^>4Mr8X5!;KAraGDoIC99
zviFpa#1phvzM~WX=7pT%`7F}rRlp5?ka6Gd=1!Z3(O(Jpa9i-dMoSYShXHXtKn}Hg
z)b38d^h1(}s!D)C|Dzl61>cvlJ)6Z0qT)IKp{)0EGVt2`jmY`)siJoHc2CD$@T_li
zpo-_>z7?!R#>yH_t;H(XZatBAVYN;Xcrvb|a?E6M@z}dxq9y@G_SJU<e}|v{5S{}d
z!!(T?H2VHMs?pE?8kHR4>xDwUR2nkUw#@^WM@Gy?J6Hfneu2gti0*qkAFO_>i$trw
zeOL4T*iXszu<3=!XLOYF=wDO;;ElgNB|?uai5Cgy6p;hQ&lZPIVLLctuQr$;)1pP~
z$v;bMQ==bmbqH@gTAQ(NJ<?0y_VJhNYyfxB_!4LJ5lak#5nh%^qm<VcP7&Q{O9ZOq
zWjJ52|1AA~1W@=5NQto8oqw@^){h6Y0rrpK{7o@>G#ZeTT_8D$Zt4GB<JT>DOGsgh
z-g+)KV$K>~`anHA(%2S4GMP&d5v&`!<C*Az;e*u~MILLaKR&i+kKx^*D4dWdpsh`)
zevZ7Uwn%s-vGzB9WrOn<q<$;l`|#SoFdNEh?aC#>=lOqsJiFron@>;^aN4$bj6kD0
z46scJ-i&D5nK>{pGot|{2~lNbj7n!56S|~fkOm3`i<ujG+EPw~_{X!~z7%k$e}DV|
zv&Kg>*U-=aJO2E3*NU{*GfAS-#j#tN0@Cx$jIkMaxAFgbOb_Cz&;H`+J(8f(DR+mV
ziJD&CHy#d&qeBRIU5By7nlAt@bI4YKj9}}43Xh{D=YQY!`?daTk9~!Jhd=;UYo@~_
zBt+VKJ<L(f8X5j5>(f)%K9002Sk_;%{`fCh_Y7g*Le?75?E%h+^1c(ucmR)p&wbo{
z`#FYOtBhb=Nv{Y{c}BN)iT!)7g44h%bQvJ*E;P=0=X%|oV^QJA{3)EjWrYIgJ5i`c
z#=^o9kriX+hYEo>4DrRRABuI7G1@HfdSnuL?1H{baaR8(xcsHHzjc=u4sab$0fYyU
zG4u~5`>kq^=Kkt2>nAT`l#*?gi9_P7m-_cOqWvG$@!2~72*>%Knfw-?V8r7l4>a{S
zirgj2e%PdWiod`AKRPY>DBBQUpl*hGk@@b=LH-`9#48CvQK8{!`@bpKq8mRO-2a_}
z{;eJnf)tPT-zlj0IHi$4RQbQFMGnZ*4;st(2SEF-cxvME?{}qr`=#`+r~npFyXkMX
z-M@drJsRL!D8!0242b{C$BO!Yzf1nz<GM0M0Dj@4KI^}A>i3AD-vPe<mG5T_dj#t?
z%a$3Pf4?P<{E>=;BLV1NOO%1*IbPb8lwdP#iIBt8GbNUfZ>_ZLeEr#*VQBkcSI~T^
zkYT>H^T_Pywiq5rc^bZ7*l7uiTrlfp%fX3zz=-gADS?L=3U1WaQVNL1CfOUyR=@tq
zy_R0xm@>vCcnopda&f3q%&URh$$8N=&WdZ8T?sJ^R<ASUo>i^1Q=9F1_3v3|7elkQ
z%FNd}NsZrHl+<>`>mgbQprWGYDQ17Uv-GdpIp3S(8DmaEFT+gg`jP706<@KbUr%d?
z$~L@~lPJ$nCs|9Dv6QnL_;G02??eBlt>;VZwJ3f2e=LLVA-TMyU!qjc%o*E;PdOqD
zf@8$HWcT-1cSqj&8^qsuQ$0Vah0mT=PF1y}{P03u=P;R}1l)(^m3g)aE%XZUd5Ou$
z1!;-IVfY1RMG-NhVh8sYB1XwGp-7_-LDQ7pQMyv*BoR20B>Z^sHN+AE@XDoBM$cyi
zJV2r?OWQ5xwObeThqXb#ZXkuEkeOsWgNz`3-mh-VZ&oFZ<iC`0=5u$sPB6jce=d~t
zg7Dq6TKr@1zZ4rz9MIXQjlAa<1oWFbUztu%2ztoi$H?;CXd0L@IPk<17n(>Tf&ap1
z%pZvOjVZPLh)X*{Dd5LH)w1ooAV9BS|KN3kse5(%+!A%7*`1u?%aU<i)e_}Hi%*&9
z8Hf7e_XMf75mIoxWNX;-Xh}B>M@bQmTGH@*grs|{tqqiVe^RgptzRNj!jc#*1S2O#
z+x9!XUt)DOEm$Lo+-h8eD7{*Ne`}G(4}S!m#Ew4VI<S|6&b~R$H=r?hn@~!+E92dr
zyjEAb#C6KF1<Gv9u93v+vW7d{o@l0kLun5_A~Mli3g_qu;7dn|TuicG{MRu5;{<RX
zT{|nRK;@>b$0Th>3t>3+JZ&QCCnP2DbWyHgYe3rx;uPy!H*Mc$tT}K33u52P$n_7s
z6Ldv;6S+hw#b0&-x@_5(vNfEmA=<l-F_HzgLpab!^Qjg!YmX@&e0bxR7|I~Z8Tp*m
z^u;OM$iz4E<s4dQj=q3k%oNPgZu#QFpggMzaAWUx<XbzJ;3uNjnls^{7u`Y8>7Ap+
z-V%H_Txgwm@*2c5#NlsGP&JbQ39(tk$o=X1P?`V(rMj99yauj}9nf39ny26$$;agG
z<`DaS?bK0Ti4=H|wLCLaQPyp$IVQ5}Q<-SzBsv86d<Dpp)b^|AgPXSZxSu2ZhL(js
zcG3RRiC`uO=EGapaeVD&;mbViZ(|MeMZLs;>;fFQ=fIse3r<LfU1eGkO_pT3BM=1z
zTcz~Z(i&_frlmOeW`(gtUzRAdoPRtwxk1fO?bWoc(1hmr1W>l*mtxo5lW+HA-=9R0
zpL%MrJYyvk_lftzpSOwq5iPYQ+$t0Q#5nz*19|-Y)vsx?%ENH9@&=x0oQ#wXuNUjo
z)#q;+OC-+{Gx4)T4agu^_XZTI<a@p}5v6Qcxgwx%=t^w-r<;F+4@H3nS+mp#Hj8I+
zHSU==Rp3DYM}+GS*_<<gxhgSNW7bLC)a4w_bhX@_iD-21Xi~Vy-U8oioK-A|S;%-|
z@?`?UZVvsz;=TW8r~j|DuZ*jz*&dcsTJiwW-6?tqX*jfWqm+bn2+~S(NNEWHX{4nN
zEvb}9qa2X#?$md~<9#lo_xFDJ`vEtbJu_?8teUmfta+_pMs@e66|-bvL6|25&Q209
zEm;x0U8Mc^SV5m0Dxd3|q}k$tnMCzeN}ne$6xYNH`^2xY!lMj^z_Me1s=m%ZRnz1w
z^z99N{e#KuoKae45!BehYzD)ao8eY4W!B>Udwbe_n^U5#Y<ulWslsLAbAm%<rAbaN
zGVEs!I(@5WMP**{<^}hhX4F0lzTOc~9)}U+z+}7JJ_Xyq*>#Z>`AN<3e#l$S-KOw_
z9yX9q&E9v`6l%rZdG}$*${4!gio)m^UDxX#`~>w!q<J;^(=^ju=V*q3bLEr+AD3gY
z3O%wmH|1Z@z5kxsMP^Tju^gMg5H`|zRuE|Ui4amw-j3O_H(Do`;!Ob6N#lroC>Gfv
z$KLM7b6C|0A7^t?@{ScF;WaAlX~5+<oQcI;Xr4j=OUax*V_s+yq6{4+#TQ#p`u-%W
zzKQarQ)#>w(k-+Sd*ANI_v6>+Tk3UIT<1W-e2O5slJK|NV2FFxBK;Lcykux~ybIap
zNhRThy;x^9pO`Y%pd;+e7M<a>$P`*<L<{RrCG5O=M>uHKiO+<5n?FUYWd#uPnoo$Y
z@{uw(YOIX?>@W&0JPe?2P|b9AOSqOWV46nh=f8IP&`>EE_I8-DB}N?WwJZwg5UC?L
z9U`cTF)vX@s}dOec!qLhw#b{Yk;(1H6KAc++nV-jbQ#er)vsfjXI_bOmpvJ|#qOL`
z0q#`tsC<^{o7^rt@FJl~Tz<w`;XA6r@_a~@btWrRFK>%z)5Sd4kkPwdkLOfM1h>cY
z$E{6Q_6{2b|66R|8kn`<c5cD8JB@_Y%8a{?!((nOt|^)>XptF@c1_7BG4f*Fc(yx8
z@Rb~&u+?iVq<SsrE+~0A#Pl>!#2;3YilNztIC0mhNhnkpzKcuX1C!^!uqZ&8h{#Ck
zCH|Vls9D$kj;M3Y-4VBTL}Qltx+&(<B?cG^Jj5SgrL{8KFuyW)8{9W{3$_j$O4!H@
zAVpEizjaLZnSeR1HPP4svcsQ(AD{)O)%sUlzE`#?Q|K2~CF0S>MBV!HZ`F2oQ5idu
zb|5PTp~a>1ug_E^iBk=ZD3OY5RGQL`3WLqfU?&>{&n+~S+g4<Wnw>MXn>v4#Xlszn
z54e9SCsn}3VAhl_^(Fm;6k=+X#Tz8`N`tn|I9wB^ZO2UTT+z%onFcpTU8{{wEj}0}
zbv!%VxYBg4dxO3FB)vo@h~#;b_VcHidU>*^3OmA!U8@~RZ2i`tsAx0XoTLh;l^aBn
z*;YQ<W!QAGYtr{{8~5&(A!j-0u&-Ags+~L-pa$L9E7ndXS^c!;p!&#!q#6VzW|HkN
z_0}qTJsZ4-CoX&Za62wbHihbGc4G@>`Z!f4-TB(HQ;n2xk~c{v?;gFx3r3X2i+B{$
z@?3h!L_L-@tO|p+%pO0HHLQbgPpnhB*5wr!%K!;lURA?Q=sdBOV2W?DWLe<ul3}8U
z4Y`xuo1TXJhj04#dUH)T+G}~-{Q=W^&Wj(Z(nG;HmJ2m>L>OAkZk4(8j6?P3cY!cB
z+bUFBRVn+~<{AB@Qbk9dN)iF`G^Ldw*r!45!vjeL0xi!IZj9U)Zg?X_`xXy4uUY{A
z?rs%HFx3HDpeknhb(8B|P)h%}W{HitHKns23GdL0C?k_;i1HRcSz7B?E#$P;PK?Nc
zFC%Nz#U|ZTPJBN-7}c)o<XDl5txX423J}M{q1RDo4c&Mil!4BdB90*)opC;6xm*$a
zOcFNZ9Bh@5#ef|J4VLi6jS3#dtpJLNrkl3TwVt3u_l&YXCPJcn@esbmgxs(gSHO*X
zFwZii29%Pu&D+W1guaufmEM6X`2^DB^heB@wkW~n6Uhst>Up%;)+{p84I~K&_NWox
zaBDa>D{%ReRyPLQo7y`E@yYU1ORGsy&0ENH1Q{!u`+N5*72<gnYt!!lIprz0q-f~!
zi&13}m(^!z%EV)>SweKrx9(v><O8BIxk09&b)}e^QPG9eek6LM&jN`ahbtM$Wd%<*
z+?WDmvzk$Dc|h2p0)h83UvBFuy@)7I?RxE0^NIakIH{1nTy}3gk*w14h->tB#rBM{
z4c`<SJ1j``wr&lL{w^)fd&U{g>vkTj3o!WAZX$sSrxwIPscuh&swAZ{8jFZM=J@?~
zVT~kJVVjX1qXH(y78m&T#AfWnJ0`>S#0GyVnF{QiE?&Cd)AehgbGi8urvtV!C@_0G
zxF|)b0s-|$>+k@mp{YwW{5kOypSue39qa-g&=Nf34GmF@<FLOe2TY}n1*ga_VVqeb
zm<G!UKR*xa9)|o^zkoD`ge`i1wAcV0!UMkS+l?zKD5`30(VzEzY|!U)N`%t|!DO6o
zFIcD1DG9Lx*bL63Sn<l8f~@sf>y_UT>C)p5tfamdsil4La!fL8>HElPyxFGt*U}a2
z=~(S%oyAgLlW3k-d8Vz!XnBR{$l%RLu`{M#$SYLa&mllQQ`FPCkh_vhgqx*oypPz%
z6t=4jX`kMdzf(77*1~YM6KDt4&e`XRz9OeC5x~L)P-mB+y)Pl0V6ElDvVl>gtQtsY
zo2hoRz}RuIOEMtl0&!0s0*d7Ul2iQyCcY!G&z@-xLgj$IaS{)^YJ23NUT&oVfD`(t
zem0!Y0HPqPEX5k*vK$|zFzx&r2wR<nbW@G-{@iW%vGwX;CZ0x=5ibTa2lAE_%Oo5z
zN#cU`?C5ix0uIgM)QZy!WS<z(YpRGWC868S8GX3F+$V4>8?!^@HB^{tsp&n!e`2Fi
zH6m?(?A<1<t2;=G+#D`XJj<d&IF}Xr@?8-_di49;5DSaI_?`?eOW|_INB8{ipo`hl
za^&(fK4QEOE<%a0BrBFvcz1lwB5~|nnn_$Meoc_&Bg#o6*YX9gGW)x7)snyw`UQ3m
zyz>oNywLk)F4aakLVe?b9#+qtYGYQwnuVuxZw};=8jLG#qdqEmH1P0TRR@=7E=Igi
z;>}bjtgsqSOe-z#&=`$*F;OFg`%lOu-aWXT$C$u4f7a!f$yM=4;U5_T<Rg-KV&^_!
z#HRrM6ERWOLI*_6F0g@7%SCRzYCICgUU~-bZGA~Kws<ViN>`}K6#`+RAw*g--^zIL
zi5<!*?t5Du-wZ9oo6w2CwQ}SzZ&vK*NIzkBufvn#i?yU7b3`|$OI*Blj_E*3DDol8
zfI@{uFj8-x2KJSu7F(%WdgYc&ZUE_iFHLBf>aGSd(0tOF=Wqkda3d~t>gM7A7fdtS
z7TV$T691M_ztvzAynDi3slT|L=di;yr>gN_+Ob;zfAgwbym%IEX8_8Mkc24#`mKav
z>{YEdec<_^D|6QUsvcr!2kv9E?gupR3r1elvu|CrPa2a<m5LZhpa3+mwHROoBL=8k
z#l$?IzezDxrWs)UTs<&IVTuKUL(MY*jR!xq+n&mXwI)i3zVZzHLAMcNJFsa9lHz@?
zo`gifTEOhy^&SZH34i*49NbNjX*T**)!s?2@NCE_Tb_(HB@oHMnf~GA4T;pfuhR&5
zzyXnM0_>*^$|9wLn+1S(fgS!NH=A0EPkj{q(1W0hRnS330oG4v$_27@G;O>;v{<02
zYW)7vM6?|5E(#pvIdm6TNVPjuZ`OvD5qWcvb}#gNC|m@sf}XBL6&pY~ZN*p8^f}&!
z9B@eNSJCbxn-D?A3JQ8i5p12+iG*z`hCllK!O6ETIhjqK4c7nd85-%NH|Z?)^1274
z5Kfoi7nf|054Wgz(>DaL?|C~|IH;TxvVZ)B1vc%(=T*Yvy$cwQzUEg1uFuY8(&e!|
z0Xz$OFPSdrUUFZ%ppu9KnzN!j`K$c-`19gZXkQ4w{<ieoa+P^yELgj1pB1LU_Jyq%
zM_#~&?PdqfH|F><oX|Yq<T-j8Oh@f4l~AX6>Zpg*A^zne$Vri3)E??!C~TH2M3)9D
zcBl^rNFkuvvax+~ja~5~F%(+4<yc7x@yR*NUV{z<ebuGG2(%Oih%|#2t|!#l6i1Tj
zxNiNlnI5&d_lGGD*cn%TraY}1zG}{MSnSXv^um|4RZ*R1fRkh3k#+w1J}yUBw}gus
zi)LR+a6T&;N1>!!6*E}Fp}R^K{vN9;A-aC;1_&#1SB1td>Yu&zzduFi0Yw22s#QL!
z?aOufg=uOxP$oG6e2J{M%}zK72~zw;wxF-%i0q+x%cA{c!7IQjOyml@vPS7=fP>G3
z`{pzgOe_M`B56r9Issu;(m!gB>rt&NGM~^LSgWcOTMkX)jlvv0`3DTn(0+Wy_giz8
zh9l>n1rbnEj7c!cP=~6*2r<B$?gXq}Z&-X|NFpru{TfdYz~?me$RzLTSb(!T&Pq29
zKliipQO&nOBlprH-V?xOBvLTx*Ph+W=2dRkB!Cl`2ahp5uBOY(+9z4FqJN2|Z=b0f
zu9LJKS}j_@gydK7akV&&ZFNvD@w6S2cTH&6yNqR*2y@3id7+%MtGA;1ChgODg~$9L
zFN5GY<e)PJVk{8kK+r_%?bd|Y;~A=K;+xmas&rK#F*64<urd}I>=Dn|_JKFK!RJCG
z^63zEUO1%|amWA_GfYz!vFOBSb-!NXiW9)z6fL%RYGLO#@m*8eDjCXXf&Gr1Q$3Wi
zWO?oFm2uaFFuJB<!UKhk@VpyN@fz<-3E-$b$1{j4+^xz%2&3X{8R)iVHu!H9h-m%1
zA9~0yG`mWtNRfOdqhTOn^ChZdGV-nIW;EB0d8vju)9N1fty+;$N;Ip+-;vDC0I~AX
z<CkzYI6%Zjxjw}dlir|1d<^jFzON^m?OB{jMf*-6x^0_W9}7OKknZD33Jty|u~yCo
z;gq~uT|fPzS|{ccK&u3B3!)i{e3@^cEnFR}VTE?cTQmSBL3XD;FXf@z6I-+}6@a^n
zg{h1=DM1z?k~JE=gAp;4yY-yrpU4IR1Oef$;=xX;IdMEPl0lvu<yq(9f#u@%(NU#n
zBOK%zrvBi%cl*Pz^yO}*{AFtE8|jh87z=o9;&FM^;8Ws*6U{7vq{EJ}GU6|1T_SN9
z(g~_}9QSqNoC38UNC1lc4bFv&Eag5vAT4T4xc>F)0uRcck>!|RHU5PqO^}sk`QU*@
zQBDCUqf2nKm|$^15LjTOyl%X#6R6kJR7=WUT#)fS=KJxjAAVRK-tnHg5K`eI^Z40T
zFD!-AVa4En<Iqr*lHv8G$=a&B-{a8z3#K6V#w|;$D)`E^*k&s3sX|3(Jq(q7^+Q?T
zIopNaOUTtfEQAv<GjkdEvqqA%#ErJk^pwmOOMHrYotG1PTf-PP_Y1DZqnt0sWo>u+
zqri`H3=64mM0tP({O{FRy$tlzpSKoZ%Si4J-Ee_!u7r$=zf-24m7toOR+U?oUNLBA
zRYgkN7zjM3VM<zZC6(%4ln0FLeK2?>!SOzn|4r3<$+bJ!{RYJALtSN*13~)RdNyRk
zyKO_oTaR<4f|-_=oE$;tK`!b<STcnYt#8rIhrE}Vy-*#q&ggV311BwCg*CI`?gy6<
zhY@f`<CetDGQhaeIkt6hbB=I34NG9LmIZaOcq=@I3!QL$eAz`u(+wd8r#_B}0lm4B
zLZ=x}L3}s+$lh>rTbH8EBT02uY$#apgJnyiH%*F;2x_Qiq(mf#ERR{4aZwH`$@k)p
zPsOz4VK<=x=^8Sz+}zk2Lz(T0I`7ed6u}Tusd}|%58<k&)~zc)-$dqPj2flZkMKV1
zwI*n}d)*PC-+tks3U9`k=GSlLz)bl;cpwR(rq4&It*{Ja*w4guF1z93k~5uX^Kr^G
zni0$T<$4LG&x3cc8EF{0Eg%}xELV0}FZ~o=np^yE!tcR4mxqmhSp}jp7lhUMaYlr_
znKcmBERCN^%#F^BmJ|jNIbi!4`nq60t?Y5j#F((SnuGpVT748Sj*oQo109uiLNm=r
zVg2^H@!T{$pOds9$SeUF1S-6!kC{WW23BMr_aC4RSG+rcM7miXYTqkiS#eOB_s(AE
zmt;427n=7`2)Z1{*&MF<*^pT}$`{s!0}06A@Z<r7d|5Qo!b_v3Z(@NttOjM?FgSE-
zA5fBLABfa=GtU9*Z{rLZCN6Mk5k4%`*RFBQZs6QVha`q6%+Qb|Jo#9EPk5<rCoure
zKuKzauE_Y1cD5Bt15a9~c<LzC9F9f+xu$0H_b)L_jR{~_tQOVwzKPO};im08?dqrQ
z^F`wpiWpkWSZS@x_=D@mglVmAMVi7vyW%rpz^?OGm74!Vbh@AyzU;*^ml1>QHl-hW
zKf5-)Bi|NT@!^|!)gpUU%?p+kAx_jCbY%SSsm*!MLVt8rN(e_~0ps>+J8bS1-}cT(
z)IASDmF2Z!rTD1oaF_7(XWKxyi(MY7Tznmd+=J+G&d>v-!88;zCQXwH(q*FdJ7H#+
zvVxA11Ve3)2(rF&{alaN`c}8*=B74hdRUQkFTueWNY;^<aui(&y}L3P9fI?;gQ=``
zwlrh5hrKpLaT8%&x?2brlRmT{R|-^|y5`mv(le9TqR^$2`!31f>8-scifm0<$dT#G
za)$2+rYS?7E2QEOgq3kMTWd139T(^@#d4o<wwGF#!MVRQI4C=9sN8ryH%G;I`OT<M
zl)uNKOuK{>UAd<}>FpBTkliO6^xg1Xg08*R0h>Y74aK+`MwSxMuIQHXCjBs|Qbe<5
z_IKhsxen7;<>XJT%uG&Npa<K#mbXugCciBckABy)Hp%K8uOk^uTY`Q~-IbAlHFjI=
z2P4UB2R2?e7=oSphYoZEVqQ7C9o+tl_6d<j>))GNZryrFQ~9ADOSV^UD$b~3f=w+s
zm#uE>Vl7kwv*L&>0=VM04kN8KZi1mZ`f7(=VHYcGI#TS&$(I5o=r$99Rlm~sM<pmL
zEBX^VgiEl@hnTY9At+XzSx8$WIV?VL#Tv+Ddtqgp^<IiMle}!^T~{|&tapLq8OR~}
z+#WU3Q>TM@6g!kOe=X&~M|hpe!sC~II?<3&%2K#m?)pahnv<~RiVcoygH&!-Z|)vc
zot+0%Nje0vR(xkI$3xe1En=x$1{geQKW0q?o$fGV>=+4J4U($eL*KsxhV)c&5N*v5
zciDsB{%t9MTfRl}?Oj0K>~C%Hr`#i*q`nfiWO@$loU}0!fY_%Y@uM0v3(5_RZecmQ
z+{d(<-ejYX?I@U+iRrF1xGdZO*s)4LJ6F8vN+8#RH11}rkp$qWYcb3Fs&duF?UKKU
zhn8hu#zR@}A+(0{)|-k(*0rfdX>T**bxZAjtb;$r!aGzg@T}>5H{?IYf2H}apsF(9
zl)y)?-0B1z`$u8-JXUBvEZTE`Fn{Cj%cK+1(5TE`L-~XSh@Q0y*NzeK)oSWL)zNO=
zj*6+i>YMoIx#cymxifljgz)SQkh4O?Et^dX^d4s`^OgDvBtBdhj*Rwnwab`nT$1SH
zJ6x+a4&?MLq<tpw+6^RNvb+U1ztO9krC-leLBIgsHv*1rfB>l{qW{xFAgZ8nD|O<k
zcQjA^a%cbWB1p<5;E5Vcxtu}MP&aHDs8sz`?Ft~jP%>~)PICEfkpjJ{y;>q9#tRJ!
zgkl2x!xMj-VS4?gQGBt&|2F|#uB0m__kV;TFr@E=`Tpud3mZ^<#OVIi8pn0zcIjo;
z#-zI>v;UC;AO@JQ3^ImB@qmkxi`3pF;rduCXcw-&o6-Llaeg--hXXe8wbaOOymGjG
zz52VYbLjS8mJhJVaN?0iN(>?eoL6G=Hap7itQVe3N=lBsc&DE4`{|QR-lCoz;NExU
z{zIexqj-;KFMMFsv(ym|$-bn1$bJ7~6f$6PzO(H^fBiFI+Jz6oWR4jo`;&WuCY!>`
z^}CVBOOUOn@eFX)*q{7)NwJE=*aCHzrwp!j8kchE(op#SCp!?wT(^7wiJG`xijAn;
zsfAC=v>@jFr3pcoaij*1!-K>K@Kr(jUxK89qZU4HxC4~VW>={mHovE<eF_Z@7L8-k
zP}bMC7LkTPzV%g4x?4e4jLrTwB?P=Jz~Uyw5MPlXV}~xNzSG@v4i4e%1JKJ))NwtH
z;@9311)PF}fXl=pK3PK}n%bmMKoV*R>YGMn35EU_vVSQ#J?w&E5XRK(XB7@!P&A+3
zrI3!)9Ocif0PtnY=PGt(*L1~be+VFhPlapBPqd@O1NY~afL2JO(#$S6C&M6FTZ>HM
z8ul-KRTe{yEt%?wk2I<I=)ll~Bb6}M8^<#2AQ2iL9M17VAl{eMV=&O9yHm#^zupv(
ze8-U_dRK=0Z<os47m5J)<2;@<QOG)0Xzl%X;=Ek5=iI@Rm1CLgoia@@RGYX(dkQpH
z*}s54FP=Vx4E{JUGCd*U1sxsa{3gh=b^P6Ac}Y(}Fz)aiQhz#<;Oe0EcKKX|xnX;U
z@|3!YOhm>5-8Nz_%c!^e_H-Fa-MUR`<^GMpk98Cf0Dl6pVSm#Yz?uSpCdEwQIl6d-
zAE&LggdjG+vmOeSp8YtYV&M;OA554bl=jviMfYGh3|y7f!jX!T8gQ!7K7cn6^E387
zKFQd`h)Pi|VzV?({4WCj#R?9O4<5QL$IR4d+Eit3Q%AJ^;eE^$AX^})7a4r4J+RK7
z<(l=pujo;`ky6L3h33Pwy#{1(ZsZM-La|IiigIwAFX<+(3FdX-^$#DvzDW5ClPh)j
zZwf;{)*v5-j2uwUr}P5~SZ6gMy-#FUMM;h?KMrpKF<<SJrbEXV1$FIFpw+jC3b4O#
zGCCK9_2o(LUq<;qRQi(02M^8mpy7~Apz+nFMji+#4$0gm-Q;$&b6GTKTyG{nXtRa9
znpfO9&Ug)f`(d?67uLsqYE#szhxLQ7`V4cRB&i}YxR=~F+55$$Z$PG=z_=s^P<`T$
z?1f+BU6j0l+xtI@sx+fMSu0Ikz>>3fIuRj0IsuPm#?$#G3(>%sa}Otn;`v&oXkhsp
zIB-mNFnK{omGh*@zua==fd$b=6(1gU$Ln^gH`mR+gA?R5nZ804@Q3GCKO*Y&+^07{
zqaNH$avqe<w>F1n?dnnZ^<G43m#CXkiZv^Ky=#W`m-Q4yoW2McMn{&jz?LT;Q1tDE
zwcN!Re8nPlivu`)QCa>YgwcD);x-DHLiDe+{R0gM$~sxk*10-(kUuyN^0Cm&WidRZ
zpdJ4)3^3pG@(2^#YOSrpiFtL*Dxm5f`9DElz;A-05&t)4p~H!|*g_oVEnZCk(6jE>
zm-$$_2);!R<3H||dv-kcx`Ep+Y$<HLyRjL4Jp`D;Z5;VOr8KJGMKXbFKVGw92&!%T
zCoBVyZT(J-)RWo$1-lt34}Fuhp4Y)6^M-vR>Oh_gM|Q1{nVn8kQ?PvgttHhio2CCH
zkQe|cxqVazn0|$$nHi}tz(n4!_DI*4S1Z>8*E5Z|783UlR?(SZU+ForZAqTy@>)P)
zvF^bf*>VD=uhXvUUYYb~XzCA|dm~qs%RfRI61LwstdxJx&|N;@Pao((1~ZL?mxZ4i
zzKQ*^8-S(F)7Vg6c%czm0gd3&!Tm3bUVFH45pF7{VruTCx7Inj-$C}}n+j5z!nx2l
z4QHKC`9Sf&6#3REU0H2*_Kib#7U8s5?VC6{bbnz`|A*<mXtq0LbKpK|`bV2z)LwX#
z^<f2LG(4yO^ppk0{JE{oePa7<13cCB=XZ?$%s5-`Am3!X4`!NwQ#C$vikH5fN#H0`
zmDg(jhMmp<1arNgvSiQF?6X0f&5avaUoL6^JeM`q{*?d9H+cp#EdNeq`+??R>mo_P
zml8#{`gpCICLd}3)P*c4KIrtYuZNTJOGhnA0%J!JpN`k4+v4%f)SAO9=D&zcN+wK~
z2<i>*HcEeK<hOsH#}Bz(PgntD<G23OYS$4kcA)}p;!_(oD`Mve?Q#o$Ny3>R&R5%%
z2m@*EXvs8(^KzdKl2`~Ez8ld!?YCQskr{eW4_*pdez7ziJP-Y2wO=B41&IdW!pX+>
zIBY3axorGa#`ZR~?4=uad@_bD>0$jF<llC%YvDgLK<W_=N6%VsoCR`Z6EI-@4?X-y
zF0PYI85y`KSg6!fyZ-6DUtY@dNmi2=k#BpgmX>4BfV29}mIjZ4O?2gsrOaM%llFQj
z?OA+yK=6a7SRekygV#UdPcdPnkS>mD8#3@CqSmj;0lRg8^KtVB(D0kld0Ze+c4of8
zgz4#xZy#E*a+>OD+rRmx(VO7C6UX!j$k}2#=fTZT=f8riZh=?<;IuUp)vOR80tth+
z6XSJjag6lv@OfH1eXN=@qz;9z!R)#{&PAo>j&@5CgO6mp1S@P78kP=*1gKPWqepI+
z$A?Q8BRQ}Vj)R2o?ASIJ%Dn#|Hy<uW<qhBDj6x;l>d}PHM%txoO2os*?u*WDC<-Xx
z_C#X662Uo>Mlzu?&rQ5%bz*kY8{~EC2(_^TZd>5%l<<#UA->>$nb;Zr8_nUC6E{b}
zAMRq&z8$ZPav?Yi17oK=zi(k7ZZd>V3ch__b!$b6FSDCdImM@0W47$uq_6i_>?yxH
zFH_S(>E8@7Af2(%H#sGo_^iNrY|3J|8-vl<v#%r7hAqKLt+{u*Xlc-lnD?n-AJKio
z&ZC3RRX`nY$>#q-xv&eZiY2|Qj|?RC(Qah9@X_B#7$SwvtNrAR&OnmU9g&T&feeHT
zMKSE}c?c1vDGl_%xBe8RR6ZdR>1W7b#-@%>f|@h<w?cExB3qpfs|&fF0OF}?@1Div
zI=2Vu>A5KeNO;PU69r6Ywls$G$8rFsv=2JulKWrXKnC+0ya;p9dzkUKl4TN$NjQ?-
zT)%(4xWp%KM!<Czdiv!^SIg5aAjE}TVqXvPt$?zEj=X@vQtz>%QNy34N@pmS{tQ^s
zWtpe@9Pu(5NNF#K<)uF+YlfU{Mmeq;tS?s}_no_urQVssD|u~R`@Ss4H<?n>-YH1J
ze%Bn3<t~+pzR9eD!iC{~;aHie6(DmMh@uS7Q*xPgL9C-PVt#q@wV=_I{p_XYmIjh2
zTH=X09N$=hq)F`N-Z~l>i9C=mhiE?iC%9txOhC22sT}8{g*hqpLE)&yMZ-CaM0Z+S
zJ7_j-yU-AQx(wUs<TpDi-H)G&X2|L%EkTdflWLFp8dTQL+z6N*+_`Rg1@1wtvqr;t
zBDWY}%gnyX^niLj<|{?~E9MI>_Bq+yfeEkn_eW)fywFs>mA}u3aW(!Z+c34dG94bV
zKUYI)7?YM|FcA(KP1LSbNmh9k!955bM-c?XhXykETV`E|BM?pSrhy#;JIN3pUh7+b
zaLG%*3-``HHsRdK;&I12qHX&OPixL23R?UhE6?cX1<jqUC-%_=V*S2b00oEIS`=x6
z0+LA#vS*)H>n~ahvtL;J*VNg6ezgVI&!H7}MoJj;^C{Y6T(R(`StxGitLQ0dVOoy-
zK%pj*d|e|#WqYJDd#CW$mfrfILE;4B)spf0t4U@5=}s&50@#3~Cu?_!YdT*f6P3I`
zxm{7rVfXFHOuOdpcI{8L=o$Al_&#GrF{*DeoVPHUAJ^pj7ePU*RRqk)pFh_pM63wJ
zh;L0%Cx}Z1L-WrN#bKgss^epMkJ`jpRm#e7^>A?s#6-l}Mp&5H6n4-G)o~O`@p-fG
zP}-4MCj>v&k@YNm?wwd)f6!9)!py~N(XAR?<oP(~H$vEQe!2iImFUYG2#Cn2IR8AL
zp`*gdApI`_5|mPd#tm*$to9FEO%LQ}9+SWLc}_Rnu)vt#(s{f!J(9TNscLD*SSSp`
z<q-B9)^067teZYLi#pr4p#Qy32@n%8jAUm5+o5&?3|~t-@f<sPPqsoXM&*-yE*|lp
zq5p+}9l<9#-rpwm!$_#0(MH!`F^By0dSsmaiT3Ezpnt!*d@yW7L<C16N+N;HIfLd;
zpSK>@94uzNr$)A=dG!$g+T1!ZfP1QbqV6G=R(ewROjtJ#=QuRitQyU4$CUDJI;jdF
ztVsTb3<*NuvKxEga?{66ZbUf`6$0|}56rU!I04iRl`8%ADFBTH(0v8_+C1vn8HG#Z
zW?(}DPL6qQ>-MZLZCqwH^eUE-A#7Ck_{^ff?VzXQE?MTg6(1BiA|d}>hRexO83Bm!
z54BtVea`6_7jtewhf5l!F#L{bWYj%o;PP_D*Bie#c`3S#0-yxAwjBC_Pw_h7OKPH1
zIZ9j;XuoLSS6iO}U_z2|L*%fpXB8yNUmu(w&n|X+o|!SW6$!uA{|%oZ<dG4ez)g?B
zThr<vnlU!z-`m<GXSE83Tju7TEWtV0*a(uk+y7|hhYY|aUL-P8k%VHai&yo>2S0!h
zPId>9e?uQC4pS3wdruZ*!Y4UAJY1&lJhx%mtSN~08U|ki_pO;<pKe~#MbnJ0R#3s8
zMI|NADIkX^wi&#4uF;{7B!DtJ_IlIb$;byCz=}Ey77w}JFO%Pgl@-g^Z{Dy!V|`;s
z`}v^U;D9p6vQpP%{99kd>c0Ei8hwT9jre3lrxvKF*RRhT0WkoWIQn+Y>+2JL3qX$+
zIum~lTm(c7JRDfQ>b;_XYb`zj9X+`9=Kx3mb(1iaG+$qKTvSwe*o}$U>n(g@fsRz)
zRaN5s##cVP!0Um$a*f|#12P4|KxKcI#~uH71R@|J0f3U=6dGL{7-*3MP<ATvwM9&~
z1m0>C<n8}Xp1|jFzyNCRePQI+Ta*GgG7?AnqXFt18gNJ0vIXrmw&_q2oiZaUSV;W?
zBojJd4v==of@|0iRRVw#;$Hq;U|f8()dc+IC+niXb)X7?_ohW*r!?0FM^%>u_>U%_
z0`ppnskE0LdPUF$uMG_>uOAM8LH~E$*TD5r0i<`B>Ua3{7Cy+p8sRa$r~iG8eA+Hv
zv%=<oe+^(ZkR6z|wZrap_235r2CgXGzBVudBJ@JG{<xtn3^cw%nR)5JN}z;V%3ghW
zK|Ve_z)HmC-`TiMt$dh(&}&uZz4?1bKpRnY;2Jf#OrLAyO|0f45~e0a<dapfcLVq*
NEA>#aSlrO}{{bpPxVHcR

literal 0
HcmV?d00001

diff --git a/docs/source/resources/notary-config-update.png b/docs/source/resources/notary-config-update.png
new file mode 100644
index 0000000000000000000000000000000000000000..345c3854feac0fd60ec8c8f4cf4f3155ad25dc9d
GIT binary patch
literal 86107
zcmZsC1yo#1@;4G-@BtFs1_%-cO>iGHxCVC%A-Fq%A-D#23GVJ1oDeLyI|O%!Z?f-Y
z_wD|_IcLt?d%LT;OS<Y;bs<<$UJ?_H7!3{%4)d*)m@*t3G6W6|UKxN4dr~I+4GIT`
zhG`)xs`yq^lv2^&#?0cQDIA<sa6mkY>ho#hzN7D#651NP;MS`;-}9xf>PnjU8cjpW
z;;LePXkyQCqN(6f)jHqP<Dw&k1W;!BB4J7a71Kp<l$6{MY1jrlwp(p}xEvmNIvn}5
zd6@r55`v>qrwznIKZ6GnWOQHHSLC5QLmsmmfy2p!hcAHR{Swz-d3tP%Bz4dBD6kZc
z@ZPE=zcTM4<Lb%$I52>&3eJ}wXjZ|!Km*05+W(T=t+{RoMQW5%0kD*?d88Sh69-yX
z^xu+Fu#i9};XA%0$ug6`Q6UyisAzl?3ncWdaQ4(t<?ph*-71kXBkbbBc^4TZCog(^
zFqhiUKqi$&6Io%uqyJ{sX9D{{C1b$kX~3>>pk(=~)|qPK*j3-g<hiIaf*70}5IshO
zI1>?T#g9ztC0Zer+WcvGnr&)&mhv@^0bLapT7?LW6l7}tNqopdmjU%F0xdfoX<-9Z
z!tk8OLX^(e(qc%>yuKyd2plV?_+|BVE&dw1uq7+p^V)KbN$HIj;_##2hNQRhKK`7F
zAUB9&ff4`^lqiuleA!3gnmT}q2r>pJsh{|c;XfIW7=RvnLAtqq7!}wXzWlb&NKtY#
zaZ`~mR>0iYbDb}3F&E%mIw%R@BRiiZBC~WNxT3tH1ayf!4?+uuj7K4SMc##A^pjTk
z>wsA3foPv*6!~K@Ooi{V_zQrq0*W$`cTjey95I`aFh#Jl-oD3jNA!X!u@d1!UmA*Q
zpqq8Pt3cmJv<aBCMM%Xm{}#B4+dwRcSl>Cl!gmbdhi``_D8h+D#uVA<F`pxv`rAt)
zWl<^W{3KUpE+SM5{~+O%eXDq-h*#kD6XgxQocP2T@q3jT>N$d82wmn?=Gj>8j=LjC
z6M+}DK(L;$Pp2X)E+I!4YA-6Duc5Ir8&9H<EK}YK2eQ|GNxd!Kj4I!h;7$Sdf-t)!
zj9m=RDqqate<W}Q@CE30t=eXDbEFdeAnWUXxoU4qXJ>A!ZuhOhV!?wSl_h+-XMWxP
z_~aVw$<~JBgCrD|(OC|>2B1B|^Wy`BReVttE&w^=9^&SqGKzU;<Bo;xh=$P~QpW>R
zf~SMmyTx&XX=K=G-D0w(lD^`O^Nh=l)9fN@`j$x7fl$7D83-J3+F(8vJ*5hOD1FsX
z_M?9r`z;n(8hevrQvf?o@=ISZU6?tG0+9mA2<r%=9zr=n`HLgYCC4SBCG-{-x9uB%
zXNV`Kr)-;mr>Q5wP49L5b>Thl{o%dc{mp&&ef_mLk}X0Af-{04!Yo2QlKZo~0{SA-
z$<Kq?hxt>A<tq6|m44EG@_u7}Zhq!SD9;F>&!Fc4_t0_ZAe0$hZdCD&crqSS{5xSj
z1(IB^=kd?$aIpvkX%@iz;1)0yvk?O>a}47+6+6|bQY`ZaI$~;f)f(ONU_vcfweKom
zwf)!`r%E?F5jz#Tc-OLPw-ZU+3TP2Dp_@5)0`~z|CPq01D~5F7ON>CwnerP3nZoyl
zRE3Pn4&$m84!iWbRJ+CFEISZKMt5*4bV)`(Dmuz8_HBG&3{jM3v|7wX+;EIlv=^0R
ztZ~11|BC^qA*Ozrq2>Yeey#x_WlDP1=TtA`>CYL!jIS7O8Oaqts;8>qD%mSbtA9`?
zR?nl?rl+G<XIxhAEMiqPQhlY0tY)Z&I4L#BKH2=CA~{PdRx4mGidSM$LqM-p%S+b3
z#4tBHd+aM);oAwv$?xMIr#*9DmcRJwq*|=77h3npxx_jA(wGdM%sdU8CZERDRMZ4s
zWM8~<e=gwB+Uic`UVbro{_R3xSBN!}xPge2b%*o%<9m~Sj*pzFuVc8-*j{lF8w1$+
z32(wudI^m!*IRoN!h{kDlWCGtxo(D4zrE?L8FO_0GM;xV$B~lv-DEh?Ow9~$%kd0&
zcJ!SNYywWipTr*lZ-T#pEt$+qR7<i;e`vH;P1S8_)oZcLC(i8G?N*7;^3H6{Va=e<
z+|0$z3DhRkn$L61vTze}@7wR#cXKy!lRJ?*#5fx9aBwqmlkgllA3A}WU7KT@_#M=o
zHk+KAI<0?L_bv2tF@B6#UO2>BNLz?(6gp8nl{&s2z}wqh)!e#Skm+OmRy>mOt97w?
z>@F>`R^ii#vA*fD$+ESOUb{g%a=WRI_7mhO7_QWJ5#9x%2O$T6&(BuGTclP*Mti@G
zbeWy(BQO<@ze&x)a&Ag{zPql+y16CIh0ozG04N*eBW2uAm&aF~-1z+0b1m|wjw-`6
zgI0`c3`VpRbS`ujjErE`Q2MY$)0E1{%55qps!;0foR8VkIeL<O66z8xeGPp-drEq5
z`|7$^*CA`nz3AP2-B*WEbJ2CiK{>qxtFknSG^7d|D^0eRcv;=0!DMg!`bVmTG<j}P
zHU^%b#a6{$6?zvEj9*WzP29Q^9rD*W&@Ku--0AM<mgp`Lu@l{~)4FIMl+7U?pe|0d
zs$1J!F73(&e!unV_F}v9{xSaJ)pz&iWgj2&IumEJ%b#3W%WpQ1H*6hxu@cD(_=5xq
zoorX4ma@JCwrzagT>3HbgYm~*?8spIL+OwDm&;}35#0QW1{$`%0GCqt(PKIIl6&Yk
z=o9Gq5shS)jM)U6_^kqM57(te4{L*X-FO3Zw9+~<yz+w?{Pw3R7ACt=NluzFjbb-h
zr<)-aA*(9!`N@ng8P8q`c@tbL`o9V+s{7FMYi(j?f+0U+`g-!*Yvj5u>s<+F`K5!d
z=b~7vx|fZ=lBj5on6U`nLhQmD7uxIZE1L7wWW&V6YD_ipEe<O>r;P+c(0f+*rA^N(
zq~3rniWlBso7}psIuR?rdHgx*c{*MMzR%3O`um4(4n97-J<D&BVNV!jM%QI-fV9MT
znO=Ojoy=vHpT6g~tSvk|Sd8>Qa6i0qzr@mUY4kq({1BclSlm|3HEgZdWNN>+X4QLe
z$@kf1?iTY_+lTYI(W%2W^Pp^OF+ya$^GBAPsQPE7&*h8NtuE_r6AygUDUzQhyd){Y
zkRs*y0UoS(te2~Mk_?gW$ju{+dmS>41sJ?voz&bC#OZ6%V$d-w%*kI0oq1onhHzY*
zPIv1I$(ak~^RuK!r&}aWrnSB?7vj1$8VcP_NKIfo<9S+pQomu`R2O<QyMZ}+N7uRK
z;oc<IO=xzglg-7lGm9Hoz>DC@+LY(2b?5FDI}F>4;z8&~$ye_#uU9uEr;TT!LkTC7
z4U=kEUxsw*5$I`Fg8*<#KS6CEAlxs?wSc;hu4T&)80Q4$XDI%6#rlnHM&A-j13_?;
z@o?AFyGsGAF@s5P$5iXd;^&pmD$<uSZaiotc6P1#{lANs4BSmliob=kO@s5?Dl02f
zEh+OZ6G`?02&;EJ9UM@!tfEYJsUcRHS<hL+U*-_wC#_JN*r4XO-f(m`^~3NXs;!i!
z0~{Rw%imx4x5_lfFzA?Wp{n7iAt%dgY-7c2Xkuez%Is=o3!4oG$M4DuyR<TOG^BL3
z`e^OI>ncF?uNl0s>)(%As3`w6#nDoLN<&VOQq;!Yl#+w_4Kpj1AQ~klCBMCi8LzUK
z#NXtwI{~Wqj*hmxEG#ZAF3c{knQiRNS=e}Zcvx83S=iZ`U^AE;+^ii9U74&MsQ+T}
zhmV-4gR#AZt)qpFHRW%<hDJ6{jsjFvzZd%V=dXR5x?22aC2NPj#exaQ@_U4ZjhU6@
z-@IX@{J)>_Dq6Uje$)`NurjrFfUP0O#>vXg|1X07GxVP&|3RwxAJW&ax&KM|kCDGA
z`B{ET@DGXpQrEwp!t^DG#?SI^-3y}SB7h8F<{-5YQ&5HdBEY`CKZUR_{olW^>p}3f
zg<>fjoG{#5F%eZ)`292#*XL@}eNQRU0H$+X&^dWXb|xh~8JN=305Nw)5l2KA2i>ow
z+z(02OHB;txssw1(1NOf9w7DQ)h9(f04m67;*!tB+-3X6{>QgfB+5So6{=plSU(Ie
z&d%OtI7AFUSdK$cbzUOuO_#GM4td?4Gbr*fcRx#n!!tmT^+k21J-*q_pyuS9a_EI@
z0qe79zo1U!$uXM9>7=5v!qayAd*)v^zLp5I_z<0MtJIHl9gv_WA_sIBmw%0&%B-Z=
zv~^Y*_nm5&2;T$%*-Zyy5#lx>e<u7{^Ix-DKrnKySnkMWz)V0?JXg(0QMl+lw#Hed
zc#wJnH{M^{WBr7HbDR&Pf?_wn3~F@%LucL|^Zh;a&&^%?!=Zy7GY6gA<$MEx<w|xE
ze|9b|(Ln(T(u2dfTYI^b;kK1TMMA>$ANl_yqG=?Ih3Qc$K`~A>P`N}N#pUzg3h<5d
zEe`-{o&zz1ym+kEx`SoY|G%nP22=poxN3ANxt{T(f<6%?M5m?(v}7tmRSU!LnrArT
zxpa82|H#z^JkA9g5%7!o>?24C3;Wi3Tt1-U(LT>>)`^F4w*i>w^~Qb0(D3`V)7FI6
z<=4W{?e<>^OcdUw?0`t^a!0;&eqIIzo_z|}IPS7ctiQ?Rt>e+IWaj<WG{Oc^1-JD4
zZNrY~XPykuptgaoz!`jmAlG^up_6XBHgbgNzGsQP;lf)>ldevKj^DM~)lI8bSizB8
z>Q`=||1D~)JpvdSdy1#C5NJ*VeU^Lp%_{n#QhWMFp2E7b1UYF+6(8bg>zeRKb=aua
z(tt{B{~0Es{VquZgG@CHoFl4(F-eLG!=uJmFe{NhQ+COc>DfEZrxuyrsXS-pT<(Je
zVWA(f|I@&+MhJog5a*0mUzF+lkca%W=O5!3Db2?L&*pR}V~yg|1LMCyTlug+lg~fj
zj*;2QHEdJm3Is+2V_Nr&-yGg#JMA#hGIi&Fxy!NU3Fyu`*e5Qo89^nd_{$zTUI=Zt
zkZ!5-DGKKk(U$qA-Y_DE3lv=pk0|nH>>+ilz8!Q;>7!R%BDWiD0LIT=OsC8zUbX7|
z)paA1@3-?y+~x(InA&^{fxiOX)nZ?>{d4cEpOnQr%pv`CGiTTB6m@GlI)3<y0jK>*
zr!bH68(hLR{O}YMH*)6jJ#ms*Y^Vt1kO&oYLLuZU|AiAbyzY8A*ohEmXcuJ&>i*=%
z^~VXW!+p!4Kx!GFAw2H$=Ozz$kf0fI9{aD$y~?<ZKe!(WmY$sXXmvR)n)TD6Q5ImR
zM%J-ct+RE*4By@3K@e$ua)fjDpiHx^x*7oyPtyM}vmg$HvoE!?H1r)&juA*~)7}<U
zwlt37wi-L}M8^^z5(bTGV4+>PwbRF|_c#%~C$0ICu4N1oOOyYP!|6Xmdj-`1|N4gR
zj3ZVDz{w8Oy$8;Bc6Po4ZKQh~o=huB>$L_>b)4V4UH7gAX4|jceTWN4DV@j=^u5gy
z%po;CNw}fb=@SxK7+n+nuQ-yM<f{OUy6BV7I$EQ6F28|hxtOUv>T>aJMVTEIS$KUS
zVu0g1IFK!}N(0Z=7mAvT_AF2g8qkI)K4kFM#){qRf0?L5japF=Bz9N<6z-PM@SS<u
zkEevdML&JUB6~%^G(Ug$7NF^^Y^d1C$%$<hIw3P<Y=VDc0+W)&Q@^yzwmKILBq{~a
z?1Ti7yz>nDrxG(A@s5Lmr&o>WI}M%!oD0sc-8o9JPgo5$nulI+Y4%71-gb?gE%jVp
z%c_!{KI@$l2)xoy38vfjGUpp2JGqXDJh^>1P+FRF6KW@+P)VxH{$5MwtLyV6_XgO)
zX^fw@Fx6G4x*y_l+?mB#@UD!M*~SyOdWuoANr<1Uo~v-JKO;_TQh)>1>jO^=+^Lu6
z$3D*c({Cdh)tBZabIpCu71Xz~q<+y)E-Z(8q%U8LTG1Z#w(wX+N7(ONf2TPgUJM^u
z*6~Gpdg#Vyt)xEmdbA7kaDQW6gq*5#fhD-$f|M7=+whb-_MSo0sDQ(KZKQtNKt&p^
zs@SnRmhP_EEEnItu?G?)^TzY<1d#|+_6jzr+Zxk|Ko}w_T52REB?UNaIr~w}Ikh%b
z@$ym~<L(rp7jrLIn>fUy$MOF77u7<v(gGCNR?cjFH7Vhc6ab`tmD>Byq@;+CdMySR
z^JlDsNNq7=U^ZhhUXV>4DJ)|QeJ8(F)p_(1q-uKAiJXQN0yPY^JqcARAb&5E9BjkD
zdaHY>i+!|ymCVMXRjV#^=dEzMdsls@TwPE;a>e?C`bOS+H3y0NdK9nM*vADMygs*j
zuFRfB0g~PRghR4^tf`<GSIJ@LO)cx>!N~V59%Oa12uo3;$0UEE{5YgT9TK$26z^K!
z+==TK1Qdb7Q7!c>`@$niqw@-d<s_nkJoR<=4~xTTDbPU@s@&oK<wIaxdTof*4-r{_
zb-3GjlJ(O)L88!CB<1OmK3{X8S~4~Ot!wl%-(*gBUwfy-N4BlyG5D-)7sLBB>{&2)
zr(;3LAnE7qJM5?iFTAN#8HtNbd)6mGB7c3p_X3<IKL`jXTG-j`*-P*8!tCGMZo@fZ
zxI7OK1%N`o5RjAjS(j?BB%^igwyUrApy)Z)@Ej(Xw9L20XpOeLypgY?gGW5+lDt~&
z{or=(GKAJc+)E3kjDu!}aAp+<1(OQ#hLV2h5MSv@8%VS(6>0upOkN)bhFp%c5h3ae
z$(y1Wx!p_d;1=DIY!iaWqwSIZr0f9N6?Bl8W7i?BOg9pakFzDP8K4{iHVXib*V`;Z
zt{TtZDar=Gd?JrQy#=N@K}4U{p9s_K_E0R$PL>Vg;^y1$aZ1ke#=im1e-eCdyl@ge
z<nZZ~H6Fv}kh}30o{F!Y4)^0bmN!Wa1IhJ0enPf8c53@@nr|^)GNSg3n*i$aN`<+o
zm$h!rO+WH9k?eih%eKj%ixA}HlrNV^xUFY2>i@Rfb=pbU2kQH*2XHeXl5g|iBIX9a
z^KF@EuAEpPp5{`zH+Z=Gin@qT&*6!0(;1W;G53C*bcti~8{X7c0$cX&7jnAx@;3Ds
z5UHv3IKnAoerIjQL|>}}T59EAEa;%6m`%?=a-hlob|;|F{yR_?t{8w4f>EjM2ZK*b
zt&@RrXiIzJT2&?hm_vD892H+=z@3%l?$|8?=D(@5HM&gKci#Qs^H&bZ{0gN11_|nn
z{PcC1wdMnt_^5{PVK%vqIbUQI94kJby$~cH?tnq?aq563wxo{s(It{dWuA!N`Xwsf
zUs=GPf9}KLVQJ$x=)72%JHZr5)EpwMO1r+xuX+{47(OO24YKh*2K}}k+U1fS>LnH?
zMZQ*xJP^{KWh2z{={Om1=OVDA>C~^}+|?_P=&Fm^*EVAS67%<W`FEBJ_?_hpaj3e1
zC)U`p%%POdps(g5>E1+=y9G5gzlF8po({Qg(>h-rsn1_64uuEsog$i*FKq8j4f&+^
z$#4<!>umOSlKhYCj(GIVkf3N+%A{-TyF;4z<ym2#yCf7gsuGU)5P=+fDqUQ%Uts<)
z2V+$kJiD3Om{V6KXw+Vbk4s5sWU)_olYpHnW@8lPm4-+m+qHWslWSA42AQ(Q5;{TE
zPR@f;vx79cV=}eu9^YEZwJu>vCBD+<#N{U#4DYp}w(k3mJ{QAMw&Y)_TT2zx4@)2M
zct?Lg!!ZiHKH#^3>yRs(dvV`^AaIqTl!k_e4V&@W_iSOx%I2s*NZ4WIO<VGo{@9W_
zV$yY<H{s{hDfx$b&Wt`NIoR)g;W7C?ak8)`wW3)-RI<Y*<s;F+oJgwME=r2T_o#7Q
zG_;tVOa{ggdWJ}KNPp)f;oPnBx^S3%s~!MEY$(ZWS;2%N=aXKdZHBssuZdwlnJ%K6
z9s?DZ>WXg1nW?}z{c+eq5cwm(NF7l%sU7}KqHbIjCJ!>o(VwGtj1I4l4uU+x!3R}o
zgF(K4Js>Cu29*!r;QN4}N5#4s?b$8m_^sU4#&{8VNl_lRE}p_{NH3;ag$1h41*x^&
zn-AG34FBge#|S6AfME2Xy*(Z!O&EvaM(`DphKJON&>PcDi!Ur7F>k-HSG%nEN3E_b
zyj%rFrIq}+C*FN}(km`G`Nv|+g{?P|>?bC#Ut$H-BDg&Di)#?r<6P$VzqVikJKTY;
z@`(Vyo~mkpHt4U>b9*rDIU7Fh8bf2BTsVsKuYyYFJWd{RdEUbiHd<)X&|hEz4zHg8
z-Ul7@J7Spv&_Rdt3MT{*j3ckyJM&>XhP0z%aUIC=qB`Gjc8>nHpPq?Kvoo#bDn#=C
zD#iY&%K#xa76uGYgX6ptExaq-j4?sMSd`Nm_}FEY{AhSF6@I&x(VW#3=O@!#0`DQ^
zJ#XMxpulplA`N~-6C2d8kVX77iuJrE`NQ?4WUL+lN0<9}ZJ3btiQ5XZ`}8_;^ySaB
z9U^Tgx8gDK9~WuIF#vVjyhm5GW59!4x6RqWlI<56Co8^Z?TPA{9;=Y&#2lR#|8s=I
zfUvVFC<m)O7|0UC35Ois(<kH{{4A%-T&r-K`f1lr^QA}Zr7qT-fSiKqq<Z=waTPBX
zBXUz^Q4}=JO%hDFEUTV&Pd$ze0X(K+t0d%?gfCs)pY?lQsP)u%A5v7v{wmp%?Q{u;
zMxE))bzoxq$i-oGW1moDr<wG3L8Ll09p3)Q8B4e@0koCHqswDaVKL#L{_aE0Y(di&
zv0u9spfLgl8)W|nHXsA8#Q``AznC;49PCh^?_^Qg(?$pz`0oB%kM(x701NI5I5^zb
z)5-1B2@i1Zj+lIJ6~X8Iv6^Of!TOlUeMlSCpen?ViWUQ0TOhZ+FP$GV$!1FaECh{8
zbx6e1!B#2D1sy2&GCj6?E%@aV7v2Rdvg1P5+7f;D`YM6S8g)8<sz_lG)C!=oqWvR%
zLMVlv7ln(-XshGqmQ=<9y5Zw{+IA=Dt6G>y@On6l>LeFy=lR%~j|C$;Kp0-|{2#oq
z4?Io+Rxw@jxAEGNZu%n{vL~_LT?st*<R<_CIyOk=K|#={^L?Fj3({bCrtC7TRmi=;
zw=!%)`|dKhr8!RoJoi!V7_7DGvC@+cmpV`*I!!vBzq%jE`b+I8y7<Si{N{S$fH2vw
zDT7(>RLP)7vsluQpzGDs-A_oanNC)eo21@uS8NNX3s-ev=UdnyXpz9bstrk_p;|I2
zj2n{oSLDq5ZWtUt<I!6;^#F|tV8~X5xKtK{1JWP&I+gSdh`K*Hbvg`N_c5I8q>0Ue
zJEKiJSt@7Kpb#$A=sK~hzb%l~6MgMqub6vtu`?|jOtHNu=voqaR4hOh^ZI#@SM5T&
zm-Y)tZ;W`q<VPGMly66Wxc@7&m`3=HK%?k<W<rqWuRNa3l#7d&wEFn=d3p~}Hh!_c
z*q94inbMFBCm~b!+Hd-`DC~*XPV8^l#LFCvj;xu!Y}{Mo?CfzNThd64QU72Nr6iAw
zPr{J^I_PUoGlIqQ@iP+Y?z!%s@EzsqdfYc@xMkW-xIT+x!q%;$^AZrL`#$W<iLc?R
zF4`?F?qt@*{je~Cnaubn4n$$Ys_YHKc#5iYjZ1Rkhn%IShL71+*czYfo!w^2QLfu~
zeOyCV+U5#GvEV<KOts4|1!PqzH7mjYAJ7x~ThIi~gAT@&r_-R_Rr%7B&NKo3tuq<q
zs{TY#d?FRGO&NyF8?WKo;n6Qv<x#*>++63oQ`S1HX|nutQAYFZ$x(vZ&F-ZNuFAV_
z`D0mCXCN=>?@f`cSEV+U4_#XOw4&&DLkzy|^0?l~7nHXnQ6)kpNhoXIgv_&U<`{Ma
zjS*|*ApQ1;pbh#S8jG@S8oQ$TrGoh@heU%Sl$WOi!X<Kg;ogFeCnhw|jmJ}RVl4N`
zx$1)Lgtg{;8xggXT#P<|ok!O-<)3Jk0Si3cbcE<S12;#4;)`h(<U{rCl`N0squs`W
z?ItUCzdVgDp1f+60_{25B371EN&}OJwL+IO4g!CDlHlR_FO2Pr8f%RphzF78qFvmv
zXSX|<L8XZ*HdEnLtdtl1S*$0YFc8?hfyH?Fk$t>yFbd6Sl)EZOhq7OxOyHggOo4H_
zni*RJD~4Bw_*hv#usZK)?Nz)-f7E7~NS@1ApjcE|GW~bv@)U=4r}U#Y-1%`=?mk2Y
zp~ZoAxf~1Uh7DJ(%7-RJ^)J`&fBdt!>3Akh0*?=oo+r9kb$xU%L@M*y465zj^<XwO
z<74@*dpg?|4WufPntkNSyG%pS=621UY9y&Bvr2bL2>>FYKAHc$_R4RMy7qrHtr?H{
z`*<+6CHOo6jGG0+;_N@WTy?OQrKNVw|JNCj%~ZuR0DV=>Sh~k%K9~_99e6|i*mpyC
zyq{l(W=7q6N=m%d&Kvns2NiVbH(NN+|0c!o2OL82wAjKD;*=<?5JElqcdu?4#;W^D
zwz0QLGP3}7N^v;z^(4&9klFh?cpKcwRL^omn)BO^?f%5`zjmVd^O**K;lo-_Q>(0}
ziV%jVyd~ew+7FZO4O4xcA|K^kaUnGVS%ggUnt-v_t6qPI+h}1Ofbw8_FVjfjv1RoH
zfnI*2KVyF}UJ-z4wZ&Ww+1|`(!rySGR)gpl$G7y(l5JW;le;-@5<Ya0x9HG|KY5*=
z6*eC&ECQV!p5#+@d%4;9f2+zDwc+=gmYkkn0kAHh^0TN$)ITfU(7@Vsf}iZ1|2+5y
zDgD%M0jKiw&s`z{qQ-q9+@OC;e)^lu=?|i-#DA19e<*c+Ym<XSQ2E(!a)kbcXMYM#
zPh22G>f+brnWl8gq6s?>Zg<@^IshOH>%3howlQ7K*I2Cg5B(1q{<})@{M|d%$J@L;
z74Kk%ZWIGe4=3^!yhClh|Go1L8JHWnqJ~ue!K!~E7OYP!9Q?Z<8O$x0TmJ>tBV2MA
zqW-G_`xGMs3+OQ(hYj0*1o#8*VVGw{w!`G+j3v~;epe=#&wGKlU@n{_p{?^I=%15B
z5tjGw(I**I=~ctuO>1-s#M_37Ggr!ff(HQ5AO^Oq2!5hFk#(Yw5}#Tvf*+XbS-gV*
zXL2jW<!x2*yVK?RZA0;25eQx@ODnrHmU~kHKS-ac4C^q#^ky0$oNHe@)U8-<(i<0S
zcS@NAhj&Z?@1xJ62{>79Tu+AG{}EG>>UXN9QqYceN)Cvk5*@~Tfe6#cbN??Lx&{a@
zQ+?YBE<@1C@gX5YNh{v0Fv&ZXr)6LV_;6t*{f{%jn02tg40nP)rL4k$4$9q9Jr!<&
zDKCg1iW?oamNn|NhvA6Ty0~i;Y!T?N9NQ;l>AxB6cCQ-#L;0DRzdeAyu}TT%KUH?=
zZn0=EPj#h*DOOPf;Zbjf@#B-HTKZp6CsBCz<;v0COIV-V#rmZGA95K;!Avg-PJK_E
zNdS4JR;2oBHdW>=IBtDSWHVA&Ls;Sw&DQ$27x+d9i@6HuO7AYnN%Lv*qV(n%A;@O-
z1FrAf2Ov_>Y0}mO-9V|gBKCDetMFNXA`Kh>m`z|i;!iX87!|fXPru5a?_dC~P@tBd
z^|$^Ag;!}{++lvVjP7ysD~#fGHE>O`L5Bm6p8DCnSE~u=YnUtzd7e4Kw)YM07a?~<
zeNy$awn|SDT28<_Jl8)>YGI<^E=a^Z5I{(U4hrz?6PF={ttY*}u#WZmlab_a_C2N@
zFoPw$?tFk5EWx+EJVEdU1l-ujofz|p+kx|YBR&)fdF6AEZ7g=<E&706U)<!uZ;xD<
zRa|qo?mc0$JQ+Bej{;^k$TpCo@Uxnt-A-dN=;iQKVB}TW@LudzznEvGI{h`GpC4g|
z@W*q6e&f?f+tw0Z%Ga0#YhR*LV*<YGWa=2u7jcA$#hv1_SRU(h!eWw1$|8`WrZ9rZ
z>gWC1eorm?dY|SUj#=aFw(<dyO(T_}254jamzq@Au-^d2h5#$Za1q0{z<LLMs;<wc
z<Y9?-<?!!c==P`)aJPO12F(Yrk68QVLYOv&2{*Z?U*_H|C_LdDUv=qud!#!*0_4F@
zs7X&>DI=K$XunbxFHzQ{+fo;0t}M$1ynvkUc+>Uu7(hZsRU{4EspLzSpkbwK6{=+h
z2hj{S#Ls@TBVr=zI7WR5CHoW$MVD$!%sVgEVf8EeDYh8|gyJ`+-)4&1-5nqCH5XDP
zmw$P}mMeOG@38N`^uDP7$Sdl%>Tw|6t*%5lk38Y)47<slb1v59YDmjYAN_nYsaou3
zN$Oi+ZDGW<qs4_#4cB=%{@9I$(Uc6EZxi9+Jps^flD52kVXru}GYyBc@nnn$1Vah}
znoH8s__xtpyp2_ygEu{YaR>YrK?eaaS14Nw<~&;dH1b%FGGa5#zTZ6>$Y(g!@S}j(
z^}>6l0%+v=Ar)6HNp7^!?pZ38>_TF=(7S!6SqLDQ|177-INIyy#aYGe$YRjXU_N}+
zZ!9icT@&rEh!Rqlg6rVbZ4T#}Q!=i)P(hkOKABv~Q;h9i<Mn0Yjw+^igQv3%tgGgh
z>dM<p5_g6@jGu+wKVslAn<E<5Dwb=$xWwP@`8p6f>z9~frsXiWJr|mt%N)wUg}IHD
z3QA&mCNfN%ZLLvAV$_DbaTL&c??`JmuS|M$RiqNVQ0FkZe>JZ(DGV5p7YzK;#}X~2
zgjzc%-q?b|5C$|F6bSzkjXj>q#&aP@vvElV&p(cSVO<i4=6z3$Dzy-rQ%Xm4o`nLg
zWXZG$a#&ybarF~36v%aoF1c8^Tq1nO{DZ2&lj-f90o&Z->ikilOrSg^Q|PnXxo}%K
zrcJ(qu|nmFXm3Y?wT#5Dg$IcuwKrAy*pkC^*1iXgP-Rvl_t7<g*V8$D#In#$JND_-
zMb$9`po=J*@`%hH=2OCBrs|7Y*vd=EfBws}Ujty58ca3Yzi<iPMa!%@_dyU4den|H
z>CZG}G2Z5&@TP3ze)CfaAx5hk_qz~fm4r_AhPTn@FIbHa3d#s=rQUF1q4G&&Y3bo`
z3=jXQsp&t%!epZs-Aha%-F5)=>o5X%($>M^P%9s75j=m2^$33N1=s=QYk)ip;v@Xz
z$eV`mPPyMl9`}4T^Em(n*>H;yOE1L@nO9Hk`_63s^*M39JmBVdLtaOr9aVa~xB?=z
zu-+Pd8-7Znp+~Bq$w6@v>1`t(Ef0}$ti*-9U(KdN<wo(3o^~hxVAb>@PG-uY`IU;S
zUQ6uAh1%|SHS3@Dj))O1KErdNKZh;H+Il86QJMw`Nr&%XiC`?MFI?t2e>_|&uu3@f
zVUQGBUkZoUBQ;z&ionz?0s1Zs2!6VMo9h0NdU6RHgldzM7J7&6g9f_H+N^bZo@Mzt
z`%^}Gikzo0Kkhbp4QGPDhSD?akeczT#BWNCKH92W8roORZ9~&uru+(7_6r9ES<P)9
z%3caSdIMM|ME8|)gnPN9+`K@%VL{4G%F>Vd)_Nfg9zqwa#M9aFfqp%g74;4kJ19{B
z_e&@@ckY_5ASnI2<reG&<z3DE3ZUm`0q5<{62D_%JVBw9pnU8!XIpZ`YWAsx(XLAU
zSQ1z`erd&i^Rz1d)6I#AWA24VeM|U`;$qxl0be6qqV0t3_Z(v`1^rJ<^&G5&n}Kg|
zA?Z{g6F#-YJ2efn3!L`3>p!nJGrz;)?8b*Q_t)Ny2Z$J<n8Fi#R3{7mV>>^akc*H_
zs4pXzZP%;we?|z{qcii5X)UsJF~N`>LNhMs@}f><7(EgMP(@-ap{nM|m{XA9FXwZZ
zMF*ZFv1kQWop;OE*j4({s;i~e4HW^6^c(tj@7RBV4+mkH`-^h5D}&~ft5VHRQ$zeY
zm0w2z0#=q~Fvv?+L6<Gmj}KRP*4D?Alic(JO!ije22DOpOM=0L3cSjZFm1Pt3UYxL
zx}fu*I*|@Aov80m&yhY#QurY<VL^7kvL>ZlGrY?eUgotF+_Ch-MH5gdrfo1MDL*jf
z6^S*rSxQ~|H1TsA_VTT+g~6MuB~7?<$zK_3U89<=getNCWVr<v!`Kb_uu&+qElsQ(
zaUgkn$3k_LA7Qe17N6y$(5cmSn=8wZZ)dcpxe@T0`h2UdV4E(B^@&<dNF}@EKFasr
zEovJEdw<94rRytFUUjTKIgVF+Y&S`sBv%V|s&BEept&xR_B<w(S-f%QRtV^zw$0tb
zy7p!Aun7GSx~@}WLpyvtUhFC~kgi!-N8OUT2%yo96Kr!~2I`(b-CF+}_7=hLmHmbM
z(TQ4$ZPnt%4w2eeA>JpSa`D>ezPR%_Ia^mzA5j8)c_gn?Sf+pc^x@g3@mEk_e3s>i
zf%~}|3gvJELtFrGk|Vwt2@a*DxW#Vu<gft}51tj(lgL5ReW+M*jYHY--;z6*s&y^m
zrBo~gN9h=o8BS}wBLr1y+g4N$%MI1Z1z8uMeH9eeUn_zo%k+9-KfI@|x`ODbeFmY!
z?o!=vt*_j7o7I7@l>wkD>ibj28vE6?QCM$&%!$tQh`9U8V`yqwuqH}i5*vLsm|Ml1
zo_zqB#`tvpJ)aWV>E`Fy`ZL|O!_Z$)LZgASun#G>77K4~Q~>a6INIBK#pvul4U6{v
z14n@-mOwW{-DTUZvDW}=@&SZ)@-Y2NnL^-N{0jjblR4qCYI@%$+Y6UUa}QN)#@o?1
zrpkaud%zLXti;y!=BQKm!%nILU`Xf*&4%Rx-bYJ8OD4?i`04nkmrJIV_<Z<VYczR^
zg-|(dm$f?~=e2pC$QgMXnFTj}?66<66fSi|>z;#!rQ-TZis$y5isS?*8-62JZtiQf
zbaTqd%I!DO_+@0A$O1+4b9_xWHXr!|Mx{ah(lZfn^<N2mlk-284@8b|X0KLOEI+ed
zm?$cu9(Ey#5r?%#+rABQ`~_o$gI~fdX(!+mtl_=B?aD5GtySbZ=@Z^{VOZx;<mr6V
zvGi@`a!)@(`30kTw*WOV&*h?3tQx4>kNDcfO4sw$5a7L#g<Hf&O6aw1y5Ky~PETOs
zDfq_ER}w@+%CP;*;Hdn?@piI7$%2?((7~`%mT7@V5~0012622n5?n3Cm!&V4^<C5G
z-%gg$7@~E;mf6@z>Mxpu_EJ*gunJOm?BptLs{t(%v~v-h<?!z3gPo=R<(XGbY|<a`
z5JQ1D2$Z5+oWl*f4Pa=H@mrMQ^^xVSlVOEVGYlowR^@r;I^!#=0}aJjY?vzO9}M?e
z+-EYZAX1zBUrVsMV$!6u21wS}SZmQ}v9SWY%-U}~z{nE8z8g*I^1AzvEu2dk_&fcK
z_86(rpX_oTMFbd-M<%NPY`NVl-D|r218CxhJC6kpTi80ucTD!v2lZIA<yI6M-@Rt6
zqApsxC%Er+UnOpPZo^RyZpsmT{@j}VX6<upYl(eU&9g*6OU2K3c_^o55-Q2;^>SNa
z6Ws~a@Wat~mp6(*m^hi&=OGzUm5v}V*7D(4f6@YpNWF{5w>*hT>8hv-JL*Q)B+CmF
zn-3}GOewE#c%Tu70iUfAdXupqK26XpZ3aw9bmJ`oy=@7YTbhx17~|+hn5>$qUAnCb
zy!BDS`BL{AzH#&IAr9uJqDPP1{{)EDg@|{B*Y)_MiA$09e3#<3B_v9@q~6Z=`q}5j
zsXW$C=0nYz$(LMHygH!)4kq#L&do`Pb{GzSKU&X@8}AudLa^UHv5UGpz>?JkwGMJT
zNiAYX_|dmr9L1v+8=NOJX3k4d9%*Ytg`889fUNQ!fZ*d3n%;zkJJ3%gfGmQUOSe>>
z7<JW=)?{$1DaG%Oz%YLWa+%=VnB8im&*0kdHc-U=+4d4G?ql{Bsp+<HTeH>3{!FL*
z{j%rh&EZJq@4N%Q2T<^BDKAB_b>RK94n6IUm<^aYGAdEqz#@ZgUHI2d&R)jUTXhGt
ze=%TJ7w$JkRBZQMZgdB2oX?fxxX|Ei-PUIg=?>dDufNi{zh>MhRa%SR!uZM-*-CNX
zQB+ohJCY%`P?yH~bWUO)U+!?uWxkSDu`ou#5u~Kz|Cp9j_k;YcxbS;=g!;CikGFa_
z<t1-b6wC6eI0+0msdL`F;azY@8|HY276HB`RxgVc73O&@tD@(^Z<=v-j}FM9+b?DL
zLgbcop=jl)|Axx08y3<k#6oFg-dKTwT8g=eGKEu#GGqO`$M{-rMab<{Vu0-qLhO(C
zh;HpA^;+6Nf?7g-E=xfx^EML3{%5If=h&&5a@Z&1$+5d@dKz1d89q2)Xex>Yye08Z
zzt<`~vR#}hN8MP{Kmo<T);n$mh?KWb3Ul9#4J(38i0Y4A15<fX=X!YgWyZo2^C+>5
z;r)x|sCxTQY9H(NrT)ETvKKZ-VN!N@D{FBTCz3Q|jk3#RT-iuoE;QD8mX~WB5hHHQ
z7t}Tzly91H$p`bl?3Fz|1n-Z2+;H9x$JhNpIF(G&j7|5Bypnu~oFBkMf=ul;`BBGH
zwR`E;r&ME>%m8NuqNyB(nqCjh8*289+YYwv9w(O2G7q(#=FGCty_Zq#mQm}eqg-}}
zJA7jcJuYhZ>gPNyQrRB4v<0uL{3Tj&NLkVb@{Y_eOxaX)@|rzBgQ1n?y*(>y1VSGU
zak{r(+Gt=yF@J^KPKK9<qB`ofoMyQ{itRNj$V2+SA&!o=P3`R{YrcR?9UxaZ>?onK
z-(_=yUX(#nqu3dsqz}k>(NC4~?Xwek2Gje~an~dfs21~4Yj)i}4}cHtBHKfYdzDX}
zryaF(q>}BKb^E_sE~C5^u;RT9cdZI)DfKdXT%Q<1NbD8x){O(CO+jB3uNzqZs#;@t
zf44TKRot;M)HH+5%Wxo4avv82NXL*IU(-ONYKtub7B53e^dkd+d>He0jj>{q(uxq3
zmf5lpV$uaWu|>j05I&wZ5x7YOKb$fX5B(=`EEA58F}P>Bf@Nzja{g-jkoS{bE#7`}
z-IeYBoeg7{r(^>7Xe!^}z=s#bvc0O7+PbZ8^HokQvSb*xCIFPRu{!UIy{t~`w!f{x
zKd!TyNyJ4K9{{|^3%~T@=ckkunNfeNBMG<af+~H)b$c%{&!}+V7)#LS@T0D~dynz`
zTFTB46Splums+`WKwSn9{ou8CM|aeWR+mzBz}JnfNohX$(HuMJ^Wd3{6Zn@#L|I-U
zmW}0U!;%{^$J(t0zKPEE#i3O1CnoNBkGz!c0;vcuLVG%1D_~0WO0V}2D`{@^9*yPI
z)&N*)Gm%S<{C%e_qlC{J9aR@&2^d~uea!T3%OiKJeA)a2)GP!05E0PcZ&B69qzXP*
zz42)Ym&ml&?l=&!^3|Hwq!4ec7ES904)u6(zj&w_>X_`%?a1mI>#lT72ncn$rJ9vt
z*hcHY+@<fqJTYqvodIr6VTyaXO^$G~;#{qW#p1r_^SGr^y*_kG#OBr?*=MtPMXruG
zA4>P6J@)14N2A&v9NSVy_4?>&rq%SvNop++4SHW-J!DO*3ic00FJ7dSNNyFMA6HDs
zg!kb@xgqdbVnyMbrLn6(gft>rBlb8t%L_}TOW)3^iZSFUU%o*%%NmHwdM7ghcV_sp
zoNdOt|J$7tKvp9p!cl0=1tb>INaMr&cFL}s!+u&bXU}xdT!G5_7s#dOV_)`57ipxF
zqbgv`>l-ELu-o!25nfm1zTapXFy?85wg=(FJ!~WB;})cbf@E_A)c4$uhS%y`_;RW6
zz2?M@R*7Dy*!Q^8aPOB~=1<&{l-=k!VQrc#45?wNf<tg@AtWL0$Rmj~En{Q}+pi9C
zZKy3}a3Lmbx0V$m{_<~U?e1*L{O|Vkn02qh#6s`&{9lpk_~X^TvMeYoQAe0CKDJp8
zEY0wEAhqM#uFb&AH`Kzzedpyj6iMu}9gJ~lnM+FXJ(eW0Iwugc_)3C!+VXMNqsE%f
zXFFa5wDI1aH`zulJr)j?GJc7ypB?Jm^5Ude77fH^Y0z|KO14{;C{Rk#q*!q(>SNR0
zu=#b17!}0iZgi<zzp~YfX@}W!#cg-4&VM(E!YPAmaQo!l`TcVB!=ffZ<-^rOg9)0r
zh5<sJT)OEHA3%Sk6=~9eoq>`d?G~J=Y0jYGj_?3j_QG=8+}(x7w(bb6<5{LDxd?=d
z>k?B^Pw&6aG0WMr(|tgT@LIOg>E^4)?r>Gs?8N^+`0Rw=X;a=>G<V(#yQJoW|IB7R
zAu`8B-W9AHoVNjlRFN1-s5;5<hnWk$6-ltPkHRPUtS`h87`X#4rU^GXU54}Q6a;-k
zo)&o5WSTk4p$U-1>^V9cH10I>IB?VOvgV@7O(YdTWg08gMGEBTYdsrh%XC8SdhL%>
zEkvp>NC&2r0`TO+8g)V4A?{AcMWw%rzEqvKXQ+xPF7(N;ZJsb{b^?abMM2O(@Uk1x
zk)FCZ4#92GNniHEyCED{QINq1GCA)4=y;GCTu|g^!Hpk*suU1HH&MB*IiDR2?ojl?
zYm=8)43A^mMAYuvJ%~0P*r{k{Cr``yD!1T{KuyBvrzHGACCoxk{6*63)@p5jS*C?B
z(EF(XVM)WHJa8>7wYrB-^ND;e^7i?`7={Nl6w!sn-oejHlI@^g&NZ`A!}Tjtrp0r|
zd%Odq@B%8U3(r)a9S=(@iNm)W0j!p^x8{#4PGWCzdL~{{P<xEQYgai`EG~$Wy#FMw
zTQZXVh}(7hModE)gZ(IVRbxRu<B>d@!p5wWt|K*QMn7`A5>_|G2BmsDSr$JrYs5QA
zNXf?=<8anX7{58qy72QZ;SnA1Gx%r@oxtnm>B9oq?34T~*G`2-$)NXA@2b5lsMHV}
z(srgBRL{5eX$K}9%@EA>`>oDse^x*q3N@?igzzJg+xlof!;5UGJ@01J^qL`v+Yo1n
zUY5mw5r@JhHrmD{<)wN<W?3%T4lpNxK*i+`MRgV1G-)8+*H{yHkC6p<+@>#j&>Qsh
z#Hywfmt79lzR;)5yI>&D;!U63MF~RGWYXqik>GN5RwmMR?`UymNBI3oQ#zui&G@M}
zmsSDio|_$lIzcj$iUt6`C%rI?c_Z_w?+J=+cHF1-7HqzH@aNt39i`JBN*Gl^&>z$1
zp8&hhgDYOGR-}fDT(<s7b=oYGitsS7>b_*LoN}l+CdQgL5$&h7By_T4!Q3V%G|(P>
z?OYw}0_~0=e_hIvtD?BOgQH|Wc{4YK4tk2P2>4nax98WIy)UUJ*6581B=teyIT{iE
zp|@s$F3SuJPNR|CP~Ot1+5qelhlfN@;v_obGaR*smXz;fSIdjn#wxw1@nX?gXvQ=D
zkxxZW{|v;p+!;6PQ6iVDpAk4H_o@SuVRbTCII4&ipDsS_ZzUz4gIMzn?|5Ide}=Bi
zVjAQ!paBj1B17jsrP%^5h|p@C&*ns(YI_bbF%+($#y3=uTrzgjHhpO68_jO~h9L0*
zV*fcpSh2kh@IeP}6Kt}2d{)moGDlyONibY4>L_3faCMB659(|@Ab2kq0!~tXpU$7{
z8DHHSCV7({9pRP|Xsg<&h8eFHb;GRhpiICl@sQdhRinikCH_(~y4I@bJL*kxfi4Zp
zjQPYon-&g7gaq|~A7clpXy;^H&-KDdBvq!2Lu@(8C*LsFL?NwT6=4ocTHN}fVthO~
zebf~$G=40ppG{Z!t9F_v?ZOov_f2(DZ&PadZY>L?o_q1)Ttr<ogUc^oV@(^KUcDMc
znN6XfMQ5d!fmlu^``qp|1FihXoAF;DDjVoE^&hyD70|a&XTIVwu_GvKFr3hrIUtjn
zuY0~7==ouh1NQ{C-lk{M6%YJ%4LReUOta3-y8F9czN<pkU8L*$L*NVne(Wal8%Yg$
zV)mz{fPIG06;f)taBvm!47f^+p~>3Yj_#ETYs~jj%l^4hYqz4Ou+1kyDUa6YRyUWM
zUkE|W&0<%dUT_|XYiZ?i41LeLU~LuuI<)`D-vI%PweG3uBrl+-ZQi-C?+GMM07|K>
zq8*K}*XzTGcjmH_&vv<=7@IKC3jm}p!vUt!F5CQdvBNA*U8Q^PC7)4b%=VcI4u8@K
z!GSPWidCFvhvDE>Ut+#VKgk_`(FCgDU(%dlTKe;MQi@Z*-yo8XxDrn-RRXY66|FZU
zMs9@e>-9?!Tw()&BRl(${u|S@(I+D9NAFpUvsJzDJ(|(A{-jzt+mcPq1>9V4!=B|d
z0D&9|>_Jk;eC8C%Ve6xYdZ+&(0tY<~KmGCH8F|!vYzg@DgDvs|Z~C-jPpk?e0W&mH
zVzGM8u?pfAQ=(WG@^f3I(meHXcg7Z1tZ2e$i$Qc+Lq`5cY}0LeHKI|v*7-!_wKXpd
zItacHv%<<8Fz3Qy%MiZ^M<G7h-7M_{yr_R6xN8d9Ao{gE5tvztTNz3lYvZY^w&!Yn
ze@?Zu=QXZ1QCQE*b31c-VFGSGDkw!d!H@WMRNu8&9sBj~j%`%chM}X!J5BCb_U1)T
zlL^`?EZoq~NInDThDImM#(S0#;_RS`8UG|cmi^q-kL92GuO%&n9M;jQf(q7lf-17P
zxx87&=^q0fG$lE4ZJV@_NU8N7J}~Ql95Bx6>2N#BnyoP7Ed~%zm^Vjz_;3Ys_&Se;
zbO(s4a4783f>S>YvD|++Fz9Uwc+UqOEUZ4w{>q(r*$FA0$DfsF*d4|BD$Y^g<P}X2
z$!^vb_|7<mrv$)$RnnRCSQPl|0iycuBZhpws<<kNzj$Lq+I9W6>Z!*h$@UQ1@}*3Y
zc9rQ?sZsl3;s^F$!|(i;wn-QLzARdW-kSuECxeyVGY#JkE-EOzx>D+mnMlAVBDiu0
zA~SkSC4Nn~<uvGLg{<jZ69?woCp+Ub^AqqfaOXF=%%fhr{Vac2UW2}}QMR*>C?8Ms
zBQ%P--)K{0z(^dNPP^7!Nh(%XXhBv?s?cE@eG+~mm0Aq2O7h^!l9OvfesP?uJ2T|>
z4gj)Sy>i=Gs4G(Sz&CQv5Q~c#F2yHad+lSiF1WGqb71sAZQtjxGvJASy72qM-B{_T
zlMA|yZms(z>+D*xvt`NATD$b0d3(dz5ja%o-U+(Ko1^zZJ|3Lx9})6_HAPlUYIy3@
z7Ds|Klh(l!#G!<yvdIpuwnTH-C5GG@Y}4`*TSDHSfA`zAzIs()klp63&<A6zy)3Jp
zZYgd+{8Ii@1zZaqF?;NjLZ3~Eq-=K37QIp@SawAlaCouGV|Axh<6tk8*NPu}M0VCo
zFs5~@hkJH+zf?`X+?F*t&Kgt}9B4HyMjcvOW2GN0e4G`hJy`W(XH@hiV#1q61AC&K
zyg!XpE;MXdsnCM@r`_ry!){K3-EPlvNkF%Y#OvE1QSIosf_K==3ToiOv>sz>Q1=;!
z6uu{W{RBr|n`d}*BT;DWB~FOTFzL@mv)HrU^0+N0#!+6aR!N{6;()+x<z#}AgR6F+
zM^lNw@|vp8W*OM>{Ecc-p;l}N`>9LjeN+H<{Bpvjd(!fF`q`Ztz-@Qbq6PBlXDN#z
z=6JDy*WEMM!#E223Lraz<fCUux^aw<#tlmAWuZJ_McQCvZ7O|cap3|XF66UzKvYV8
zc}M&_@kYD<Qfz-~kivFrq>3Sj-9~-nNspaJmdN#4{%(VaJ8y?KbotL4=Gd3NE6Mh1
zvic1?vG(*l#}YMkQoW`5I&S5PHkkU8Qq%xrO#ST+CUi}1t1g=Q%@V+4O6bneud5-l
zV2M!exQuOg#^>l{dj@=Y*g9q9lGQAzD6Wras36HVfoaYrB7RtCS=nCF=sL@TX5sdc
zL>^npq|ZVSPlp!6k87&POK~8nzka@?@ft&|mwkte$)vQU-<uBVt6A&67n9COx!b?J
z1{dKkJ@468Z1WHooUNjZ1PeM(P$eJMM}Id2Yi57HMlqywSqWUUs~{|A{N*l(4k)Dk
zNj^g|EwS^<d2m-yL=Q0Jd1_UYn#Zgf8grTrT{IH;It1UWD<HtK{WeGZt8<+=jgp>Q
zAv)_V(pwL#j8+*c-+Pnt{M*d{R_ajV8wRs&I_<c*P4TxQ2++aq8w*Dz3Nn{&7Pxar
zQ2t4`lI^W3Zhq=whU=@{UkwZTT3_w8`W3$2q$5T<v-a-}EQ`H`i^@>0ucy%_%^mkM
z^gxV$o8Eq7YG@<rt)MNAuNsMl{%Rdb<Y7&ZnCVsB1o+ipEyMh&%H}N(RdeGQg+tkZ
zLx{7X0weS*cs5M?sN|p#my1WXZ_22zHl!n3-j2PA>vfxfsZv|3-o^x1T*c{&RKnV@
zm?JTbF3b1pT}=7qV2Icq)jN3lI<<~j8iu?G?s5M$|CY>PY%1l&){PqwI{Gd9($+-6
z+3%N4q#i=J16538X0v7)^~tweOcLj;2qG-{o}B2s5)X+7cc)juC+4~yOwvx&VzYbC
zrzc#S((^QQS$Bob?7hxMoxZESvC}{vtCjEe{C`ZHbzD^2_xBY+Km-N^Mv)pqN<tCo
z8XBa#rAxYFKw;=^>F(|Z>F(|vy1RLXd%xb_^V;WMW}mZbt@YV!z1e>7P>nLDHT_aM
z7+(~0NydZ~O&8TesD!?tRFlxP#i7DYA6Jnqu5lW-@N?RXb@p1&G;VR{BNdDhgT<xQ
z`QvF1n=R&W3rNwFrgYzEBk(;)01t_&8(np-R7PlGdsJ_OTrW&P!PL`E?)LI6qqjQ!
z;@Y~kj8bl&#{T)JeiZ`oQ9R(}Iv1_R{SY-%_iTAK%-n3GpzQKPl27oX+A^OY)F<73
zpFQqGUjwDqz85&{q$G#_CWd1@c;~ET>8P!^S$CmSpcl_yn%(ZXo_+0|)LaOu_V%X$
zdiJ^iPg%oHKyVpGYTp1Ep?Omz_htLWL~$<PJe;uc;%`Qc7!Uk*+kc8p^4<v-pUZA`
zGFQ6b3WhbWK2V>{DhL8OZ)q7yCU-qF+Q)q66{w`ynun=EzRKsRKR-{ez+2F#QLZ!4
z=Jdqt+&}P5kgk;&MnTYg1tPV)jy}gN(UxPB%p4_j63p~#dq2**5pwV9v1*m0NL2<P
zwZ=@)?mS8oHBw}G2Ll(^9Hetf_9{5pVi+tYLbq~o<WZZ~)g>vRRMAAR9@WgKHdWZn
zf)8VZVh%D~pZ7y1E48zuD7cQm!`O02ha|X<vF<bYQ25OkNh}X5L#Ic-G?*Fx>KXV{
zr$FJO_7Q8n3C`h2cVW8<KOZ6vxCm#4)X@u%?3v&(XLvEX?4DR%Q_p`a`^HM4@<CY$
z)0;Z>L+FNJk>!u)7W)BKacw#>OB(@8OJHBl;BgAt;ij029(l9oaW3X2AKDQ<LQiE*
zOy5L*p}Gz=Cz;PdI(`*4SmFW|G-?zz*tF|6fp~}#>-aPef9NyJX9dl_hvz818vM4H
z^+I-yfX@?_-8wOXr`I=jHL<3OB_iR_A%Tagey+q_Ec8)5XzOHztOoo%w%mb8m`DTj
z+X^UBA+fmVhMWPsAuK)i@gwmxw5n=(ZezdC%6V9L(i~qUpk}8z-*&$>=_B-vU;1ut
zi-c~yE{{JWTZ`2%;=Q}@&BlGV_<#Vfm-XacG%TN>Lo5KW`W9fO+`XTILW2>=+dYF!
z5Up)ZRB8swPp;8&Ak$@nbPnpb$o`ry8HtP9-eSj=i}WcADs~c+IN`L8ky<K(8%mp?
z5{;=B*q5tDyP}gc`)G?<Z<)P=W-*tZwq|Dmbj<hGiKVQH$eV($?_wsyyjZ@uAc$wz
zy1B<IwKFp|DWi_T{iS}3=7zo=9jOT*+H_Ot(f`cC-AY|;BCbOb(>hG3W!x;_8f?od
zl*V5~Cr7W+h@?5`ZZXO?ryNw|@>%Jyn6C^e`zw*ythXR5&k34o2q%Qc@7v-~%ZzVz
zt*$ubFV0z7aTWzupqbzD#jlk?*YTm)V}~ND-2riz#<MJehZA^m_ca?gDwji!L8qFz
zQE<Gevje~G;lrJU66vRjcLnz~^_Rjfm)anKXW=@~!1&u2i~BnraxXtM>ufc?3G&SA
z8y1JlQSlzS?!-a}kdP014_FSa4YQxh9wANWAzu{xT?zdf;C!EdlEYF0;R*B^R|!YF
z{@aRX88mtgr)^|!iK3caqA-CU`K-(01ua?H2;G(v^;J=@K2ap4{Ki&8BCD_b^<J|G
z!x(Ra3tsTSJQ@5bw1PF^)tqml?ZBr$^qr6H&Q=P-X}Dj)r2rx3CPNPiW)~>sNk}$e
zKQ^X(?WQ?EYaz%j`H4S?(_0bOOi{Fqgzw!xSkO|PwxVegPk7iw#tJ|F(A?YzOQ-jT
zZ^&aY`^I6k+ULcpsbZ@j7=UYMwf@&Rqb_EYU502hRn?bbkMh2OIgef-GN|1Mt9>HP
z=OduI&8jj{EWm2tOzM5U)3_HcyuzW@C*x;n)z4}Z9(9XcG=GTEbE7;Q+CQ2?gr4~w
zHkBC8{?k2levL#h4b3}XfO_RuHspYq-7y9fgRZ^S*!V1VyxEG%d>0|KA3Gy=KXTWA
z2Zbh~F0^y_&4t+4H3T^-lF34_iUS`3ZKsx@i91VX9*v+sy_aFPVP-b9Fq&i(RU*J`
zO+*gGr6}!QO_3<U$k`YcvVi`w$w5u=#B~nbj^TkjQ%7OPM)Zoi3r#uwYC|O36m}ys
z3ihW<w>>Zg(Q1@b))&ODKjel&TgP0&n07g4{j-`O>#gSSEEky}<Et1JcQ2?5u7ju~
zaweh@Oc2kBC>H@LKi!dKKve65uVoVyifBI57<oPX!B*q}37KQ4qAKfxKQX3NEH@>2
z;4UO=R^x~`qsfG6-?oL9e9kl4v^?kjf?Tf$w(i!esM3@F6YxXnFAKn6Ee!%%LN|5M
znA!NK&gO#muKC`hKR0<U0wj=~rKb<tGo5%V7~E#g0yV9wTaT0Y3W&aqPc{uTkYsIo
z;TPN1Iy_C7(&V`~*rI2BY&WvAx=a6iFqnVs8AM_bZcCF-Wzr*wf*l!zgt;<}i(`_k
zHy>+;yh0mAbB!M7c!HBY8czW(r;4|yFYP_O02ZRPJ(Q@R<icrhtgs}vFIw&OiO9U4
zn$n!(F<Y~BZ_;ecV8`W*;-42?m#y-5^RV~v#eMcpIvoI??wKei3jd_jcGv%Bo2Z{`
zQ;#3l1FZ?h?Cw^7eln-8Pf`Bz-@c4bQKyt!tmv#3D!)2N*(-gU{h_%J6GrJ-9K}jJ
zK(`&Ai$(BTnqop%@T6j;qcGg}eO7B&)pS-=Dv$<{#VE@0VS7aFOk$---f+JsD7ZEY
zp&#@MCvy{4>%Wy^yQ|@sYb`yU<?$J=e#KR=0Y-UFqrEx4@wQ%``t#$FF(Q`>dZ!=r
zM`t!fbpNi>!{$OpS!|aBce*$CbB4;NQR!Ah&I|}+&7}wU$i@z2&PI-Nr=sR<mQr7%
zgGDn188Y2AA3v;nWyyUDF3)j<u|BXT`C8)`O~)%4U`W^NGmRfFzVpzoOu}PUCzMJR
zB)uI=dUv`cbZ(DhIXl5hy&%hheV*W&m5-)Wgja{oq485-rXwosJv`4OFF?2xZB22C
zCYblUQ!2aH&QTQ*4y=XFh4flovert<?2f7B8oeOctR#H>t@a)64)xUOGik;}wdAUo
z4|e)ytNxz5w&w)+0kk_-`)rD1L4DK#9i?HI;fda&Z>D$;0`jk^H^ZvWe;t-@o`b!%
zQ~_~?enrU99hjt$Fy*1)`W_jRu%VE8FY{UneKj{ym)GF!hOc!MK%XB{TiJ4Vkw*T>
zvePl}-G&P;^B&;e^@7NBOiy^H&y1T9uSqx82H)=~ZKRAA4oC+-Q}O5pSx)JwJImJ;
zrPV6EQrGpXoigH6Viw|`=k`xeuX(`M?GG(*Xm?{&QJ5ZzogTtJrSdqe!Gmo({g5+f
zMB?KKjO2Kv#o)umE2xii|Hoj-`Pw%m9>$qM;V^;@v-IC@{R1*8wsG=}w%8KPEo@@f
zyEo&94BWb?)C_#B45i#Lv=`vcoh$tdPpogHWJR2r%H-Qf-@PI>-Ds~99<^?^^vP#d
z?Wqp#=~uoHQv9jeUEUi!pO&-MbyyMD%&pQmcj4o9Cw&lvA;*n0^i%<DoQLR?(56J5
z!vtT(n!-^pzkrvkA{9DVkzz%8vmrsF{e~86X5G4s+?c(L@*@(2&128(P*p)t#K-{$
z=>}F7S3sbzVi<m^h*IX<lQU^Hi9mRk3$Xr7@dCa2AUpqOnnCl}2|njYhWRh{PO!+Y
z5@R$`aQ9;qxj3?v6lQ19FXOAeNp`UCknjeXMmq!bKpz(30`VtsnGWOX#tNW0-v6^Q
zyCs&5$g?<7p&fg5e4K{1zgBDfDO+kMd3KnIgE4Ot!&O(!CGqZn>$j^-C4ya`S15wE
zCpMXYKkbUd-fN%)+)SC#$F!auQ|A<XAl`2lYZ*rFZ5gJfJ6rl{G{e<D8y*JG;rf0H
z3{^z~4u!EEYv6uM%qH4C*XP`@=g9o9RV5&O9*Kr)bu~rfXsttn<K*#Kw58inK%t|$
z$~x~)>b}<U7bZ;(LVv?(s&|Cf>yCu*WXqH41*3v;S<xGR9VllZ!_?bg`+Wo-0-tsX
z)uWlOMv%tV!iRd)E4N`(wZnyGT%YgTLIL<icwBmqON&=jEJTnNU=jSD+LBsSgQSO6
z$~-@Rt^oQPKjOYGyWp0HFs)H8^b4AQaJCWb<@l!>RZgYdqXrUk2J2dEl<}Jiun6xS
z-pLD|vDw<d9-CoHS>$XaQWs0-LMl)QvWTb%Sg5Xd5?kg?<q!JP3bu|UcDFTl4ML?c
zuX8~Xu21vQm+d9}U^iK{15X1t{3K%LYIQBmcwrgy1!>ADVdH#ip>F;qInbI7#Z*`_
z(vOh<d27Bmh7NrE5VM=1TUJA}fWdU1CKrySN;H=|KseWTB2~z?D2mMKi~H_E_(?j?
zdmEZhfVjW|?q<Rv(?cJrBTkLUCY$v_3g8y<g(r_58=6H!5vnNOM!grvLGTeNZ(O%A
z`eMlBrs-dP2{9R<;~8MU9>3<>{4w)c;4(*h!0?e08O4ExXPvvI&#-vv;b7l&N}Y@V
z!ACaW9-m}`wP{;~n5WTlEq*AgA!pyIMbo?-xvW}BP+Wu2c8ITTf<16BKQVQro`9cU
znW5_7fk9`Ec1m^#!jdNwTu!PXF5-JL^+CW1*w$Wq;4w(JTRE$JpXysW;r9FRoVk1P
z%>aR|E_M1KpEag^;Jjy#0o_Hf?O~az2xXXT%oMPGb~ls3WPEak3AFC&{9z|N8N5#Y
z;Gb-vj$E!fF;x{E(nzuE-YaZwHn}*m4@a)>hHHTYdLL)}HT3w>62y@;L~|?|-r{@_
z>Q?EmH4Y^e33Nn`?&9ExyEqhje!IIQX|?~?Y8Bx><qP9Go3??@Y^Q79yLSNncP#?%
z4>f*sm3+qp`n`&wE9DAiK&K_6BaER(B|h)XSFe?pFIHJ-+I4KsowL)QWsWX!eJcg8
z1~L;+Oq$)U_<r~kW>2R6hNn$|3m=q0j70G0m@HSg8Dj^2G>p`f0{g17+Bk67HZ5co
z%pktFuE{sUQd_g~FVxom?yws*A%aVulfu88V)n^9IoSv*Y9A$#HytLmVX|!fO}X;U
z+99%BoNfjiUU!zdVnm!j{{hM7aV_ZnOd$Ormm#<KLgKV~Xw94Q>$F3ob8?CP8zLL5
zg6aHMR1w*N=t^C%vvIHW3;%g<+;ux`dk1xRjb>FaDEaP^mF`=8-f8bijFon)MQ~fI
zmk6CTNOlIvq_+9mijtJU6~Dt0fW}f9cBxv3cQP9&+}_DCuWTuTrW2gB%QD`<sdS(r
zZ=ebiAkw}0deXBfjmEF}+qO|!<XF&I_GsC22f^`Gt@REgso0XtT+^)9(;mvUCy4$s
zf)jZ|mz^?xGPX;ftQd`lCl_7F>qB&A)D#fY@YATFCih~37%cML`SpX@UCD%*%H&(D
z^~)FQ_c(}3r$R(evR{2k_N({TxL_!fsBjqx>KIokzHm#wl$vMk*!-!dpvda%rIqWI
z>+Ud92q9m!YF#Didz?nV>Yg=KocczCS5}=PS6U4xX5ePQWSLm7MGE}^et?6MFx7?-
zrvCGV#6O_R77gw>%Lx{S&H7m>b}4qacHlMP4|8q0{?QvS>&z!=t~8^_<5Gn8Cqij}
zQb_@vF|K(Td9vE9>T~R*V8d>axibIaMW`g-m=}eHbhdc68u@`xgI4?0RIX}r?xg;S
z6L5(i-C${%Tyb}I<gm|fYp9UB*p0`I$*=U%O<Q7c{)RfQ8A2@Ej5XzKHV=TXIcc48
ztwjOAt2d+iTf=g+_`P;{b31Iduq5dLwJW-Pc>eYIwke!W5*{AwCB}1@=}X<)VX0W|
z?ATQMH7BiUC2f&mw`H`k3?&R2s>E}RG^T2jJkNH0jrhfN(*ZXAqzLAekVKhYeEA$b
zA7DM}BETc@K3Ai9?L_YMpPHJdJ@iXQ2wwJ+?*R5Fx(fi#-a{SCh)R;;Y=B9JN|x~0
zLPX%%d1XEe8;0;?v5$+;YwNxGIV!o9(H^e|f@ck|-I&t7CS6HKgoxd>Z$}i?KIB~2
zd3_XUZ^ztu{8MFm>Im2a0M^=-+e2LIQ(BE6jBn;*X;3-?)F}8>T~>mLUL$CpHCKNx
z2$7;fAlv>ci<Z6BAGc6-)!5wK)D<NH>I-x<($Wk~!Uk&W1^`&#D`eO{?1QE^xcfAB
zn&}`kyyZfRY<8;`cbrs!p@_5e;&rD`@>GTClBl1>&t;SB0)jS#&)+`~uU$KNdCwwd
z-{FkH&MR_Oc50NzgN*M&CkDbNuve$$zt|nO8-iW&X(nH>xU#Ehl=LlmM5s!>3#Hvf
zwX2!!7zi9#N;g9@%nv=AM(g$~@Duwb){|0`xGuJ#vKu_&VTX@Y&uxKbzfY4=G^=C*
z1&}<+$2}Wa6#BSy2U^AS2fG@l-HMziwV%tJMah%*{S=e;f9`sLoj_vR%WkC-0~YGp
zyK7|%GM)XG!}dRz&TU5~Gm)4=^#Xw3$-#d8Cu!elCPp-seAH938&r@dm*o$ue+UK+
zMXCF^&|CNI*dw62#}u|E$88Kmtn3iT_SVK7&U!U^pn;r57}6dNFVlk08Uc~6Z|jTR
z>EYfBFx-Klzk>@qf=ww^kz?!hDb2T2G-zdoq>{rb$}c2#>p3r@UUY6s5kw579w$)5
zDAN~!$4|f8Hj1S?qP++e3)o(TnY(pEEMtaL!_K7WH_e;!@4xK$+{8xaO`c5wlO<Gs
z1EvN|$gxe=kb4UAA)kBSM`C-f4eTwkJOIEIoAZlIN@=yQRc?X>f}i;Ob15c2xvFo9
z(EYhR1RjuokT$bRhH==eT^fzeUb~18yoq*-_C@J(2orh3;DoVmc;H($>*j|8i#qUC
z)048gr$;kB_&B4dqz)eE?O!v(-f$iI4Ty)Llr5G)VBp|^aM62{H82#YXbtovl~()o
z$8JHJMYv*0oaG&wV-CF1!H+l#-8~|m)!N&{rBMtl!k#(DsW%g$owhvAw5`k=N|?D8
zy2Jvn2ZJjBR@OmwOMO)~BX5>I#s{{b_aO1l3f^6uyASWXH|K5k6n>Ys)NWaE4p80U
z6WgnQQ7otz`Yxj~RqVVDg}U8Gbict(e21Y6Wu)zIIV6?mQ|SXc<wB$jRzN-kp2w9M
zZ!ov(IaSQ>7#E9IeO_#7`+go(!R`QhR;#`bFTC;(j5D_j60DDVw!C^o&eY_xMS$-;
zg5aczs8g-b^%#WS*^OTMdwR!1^_O{HMLr>tqXMuy`TpT^QFgWtlZ^yQvHNrMybohc
zO|qdDG+GeZm)tI^I6EVlH|?J1$Fh%%K6d^&nhel($SCT4)(d{B#m+<)4WTj9aFAPX
zcIRZ<=yTj7Zm&xK1B9*K66BF4)wKJ0RwKg0cletg#Z+rF+XO*T;a*F(Mi+|A4lu1P
z+D+y+FUE`Y7#gSueHT?*s1$?l3Ek!v_2vm{U20NPwpFbM9HenR(`8)jGTiWmbCie3
zj=y|cUGYzCI+k)X{N_~cdDk@#xO>8}2hH~+t*(*bAh<8UY?9JYDG0n^x|@nX7nP+U
z%HNxG-+i|y=)BVy)Auv0tUhJFNtbF;oJBq`r9;Z*>j{k_-#&^R{oF12Vx?KV+O(2*
zPk;+4v&{;4d>7ZNm#?BE+7@5Q?G9sGPHHQOJll)bhXYG>_Kn*@@~)qV>agg1)5{p|
zY2aWk2Jj$gys1tzLBT~-ZB%ZFbfLlgovOeTul=2Nd$s%g2X1PLb(;?i(x_H6rn_xM
z^A)cU#*ACG0v<v8ND7hmmCrshXwuNVrOTKN@pZ7%9;%U?>Uz;%QS&ZSS;RL^pdi+n
ze>TOR0v*V$1s%`L7x>($ZWBRgEg*S{Y>_^Teh!EfJ@vWkiV2VhV#AOG!dM_PU;(>;
zvcV~FHFtrNMl^x4ef{|?bzwIkNU$Rh=7AkLH%B=*!Ioh=^qV<FW16-GK&sl~tdF%5
zR6nv)_VJ;6h;<3}$p?ir_?91~#c$v$e}PqotMTUfE)jpBx1L~}v5;o1e~zG)zE_lg
zvlrmLp-jyyBXqaIF`lD5p=nLV+}vHAzci!_TgUPkCey8&>r0Y$d9WeOw;9%?RkTsh
zsTFvWI><jF2cy_L?J$%Z&#PNW8`@Zpk@kanO5YGcWAR|{@?-^{mnoW*0=0YFHqx+E
zj2v<Cx|ooMUwze*4o(YiuA^d9ee#EVxUxs;-=6wWDg3~4k`>9>`c5LB6U{Tyoy77Q
zmxEat3H#QwM^J5NP(!5ovRSc@LB>auB&J!e!)ljpZ{amFKe(Gh8-G*>gX}z?Sur5;
zpRyh=_H2O%xYsMAs9vlf&PgG7S3P9GEV$5{%B>-(L^N80=uNUU{PJc|t|%&39GGs^
zb;3Be>WL&DG>pQpx>AkY|DKpnJ^=sh-5~fRwp`@?i0?O$%Lm`;o?tTJ<Vt{{y&;#i
zjA;Q4kt`-DqleYzrSUGypSv9gON+vs;FgK#3+HVbrIs-?I;ftWe)^p^7e<V-c|Ev!
zoBrZQ$c}cZdHMAk2^t8FezBcUyOmdZJ$<n9x*}r@t6bYDzuNJ~z%s?enj+&TD(AEJ
zzl9#UmY-2bXuRxO{?OU=DoX60P;d<oGYvPFLM)Yi!0Yer-&GJCXX3`cTebS9!u?q9
zHkp9FblxD#utw?7@$J-m&JI{pg7s5ILgXIUw>!2hm#Z#l{9$WiYFQMeGzG8LCGXJk
zGJ~3j>79!Zapeb<;0it;wMLg4VFsgVFM!0t4dDy%H~*%9J_@;Pc1zll?IOq-yy2W-
zZ3XqZI$Bc}VNTvNPS0WNBO3wxV6K}~FT0<qy#_#l=eHNuarURX_<f4owZ%p0_6nsk
zOVN-eH*WDXfQ|-YGS|D@!#iE#-~c$b!V8ezLFqzqFt5>r1|e;BK+{sGDOu*J(JB92
zQk@QA*`ihPx-%_*HL{^_DNwSzfwMPjWS{>FrU0Zi5nU^U4rzA6a`Sc>*3>J0W?D(4
z(IeLNGK|uV;H^)_{_5_~K%XyTodPk0vQOo2uy7;KuG!^C%s^CntBL_U>-?K0nK+FK
zfwtXsPWsnBtRpVUxo7H%wL~I;W$0+E*g->4dz$@RKw-hUAc2GfF2s!&z5Mk>Nvu=2
zC#qLt^m{NRlvJrNDtddBDtcSDDNC0D05Dp{zxkf&hb?X>qK@zPMW!!>P)ggwqvC#<
ze!M2|XUk8HxUlLqKi(@!Z0*lBF1_O$NNeC~eppzz3%y;YPi~SdJsfb2DGup8H!V~W
zXuNT4y85v}u<$ctLF>%~N8?$*wDYe&xj!RQ8V_bLjf$B&r&wGx*BoYE4MdrOWky9r
zJ{N_l=Y&xR@Go$k!6pJikA{Jrf*JDn=i&r3{qtC`bH43URUS`xjZAIHBxnUngeX#~
z!sd5!ph;cK@PWlYFa8^7J`tZOu-!F%s9ZK;<kEF;gzk%lL7i!@^EVzJPP}3LVNC`*
zWJrmc5lEmN@l)ZPgahl>+#ZeWZgTQeLk@XeP&*;T5@EmsZ_7}&%I@utj<5dLE6(8@
z_yZCxogrG_L&0YD@W`N|tJR1uY4_c^t(zXLpU8cFJetHF@0;0RpOTBPc8g$J82y^Z
z%uO68X!b-hHg`*VxK}%qFHJl!t1+5+Q0Rckm6KN|@w7*y=;M+pnD3YK{#Lk0lEClB
z)e|EqlB#aB5)Y5SbVC6ZCGwqF%|dB~2f_)}T!x@_CTbNFtXiAFuU*-4wAw8Oo@EZ3
z%K<SVX$pc<a3PdhoBH^2^`)b0oTx6$W}x2hN_*H!xFhy<_PhV!4L?D_XZH7p7(*R%
zkiK6B-Jh&>Q3HP@q)=CXH-8(QhxwZ$*e~c8(`QEWah{y)a`IQ-%sm8)1(ypu;`V|Q
zd(&->CfncI2A0&G_L~2^mSHaKj@IqjPBh9#OQMA)+r8LXn`sO-Nf}T=?P@mn0KG}D
zs6!qQZ@Gu{>TZ$sewql+c+Q<>zm!Q+@0Rcr>AqWx*I(3{7KzV2!Xu^6*tsf=Wm{Nn
z^}YwUL@#@mrE8M;Pf4i(C+i98j(5h22`VTQ@0!U-rqN7p--3<pSv75dPlnlhD<|I@
z!~)&Gim*8gIQ|J;AaPO8NjoegXD%ypjP-nkM(-ZyMc)G?_=QTkmeBo-P{27kzL=Cj
z078*E5*tm#SNg*R|8+N}*FdIngF$ei4?73lD<tx8+7h5JNZ5IGPE&uQtixy~J*h9*
zE^new1H~6Y5cC?)aNn-y&@Z1yc$Gi7TlCA|F_pWPlb+fO0%0<nTQws&EhJhGp=8J-
zVMcSEjGUx0kzR2<CYBlxKMg8hk(2()-DzW3l}I9T=kb^E9fp24|J8=OwKU0dR6V6l
zru$*ynjDu^wcLC9b#n+{AfBD*z0&&$Gm2q?Zx2V9>xqv@S&$uv_>lw&^?O_^J3Os^
z;szgl*yVCBidFxWdXLn)%WB$gnl6i#ssp)O+L7IPdo5YHS=-!ok=As8(>0O0vkj&|
zf5;@xX}bUMo2<Bv@W*RZ%KC4^%I?0eH$+dRHy^>F^Vgqt#|}1{FVjtRKWBe-ge5)_
z*2jfZ67{4hld{0bqQm?q{e$Tq@%?!2UXR6T$nIZ~B_QNfryV{U0{b3czlrj5Nty0O
zE?lz#X7deF4k267v3|0`fh3I&`R1?`qpMUjPQ7bc6H@b{cR1zmPag}rBzg1PGDd3L
z^z7uz(u667iixbN_r=TOcNIm;RLOh=l<?dDrjUcS+78pOdYi_La^v|$ygIywRa>(`
zw-bH&CR)ITnr6u$SNc%p^7@0So`7t8bfp=QB>Htr-0x2|pxWJlQG=3wq~C9_>RsPh
zM>mDc-@j}srP7+*)tj&;R;heTEF{#=-9A7NqVE4D!(C<8UiiRwF^9E*X~#JEH03(K
zGn1x!KFkYe#C*0@--xBey9q7${)#0T+)E&Z$w4&}w22QvE+E|v5>70x<^9qx{vlP6
zVe?SRO3U&lQ7ZI$P*GTGJjiJM+d)w1t#hgj-TtQZz?ze|d*hipsXN;%2IzWmV}5k~
zH&rN(_t)CCI?GSE?`(^)@fBZGn$8j^0J8>H)i3^JGX~-E<W?{gBaxeZTKvm7lumns
zQ=~~HD<wW17atk{It*b^1b%YBNUcBGzw`*T7-Hu|*t#Z5HW{v5DAYNXaC?l;Ot}~_
zCrl~Q{P|vErr!t_gwn>)EQ_g<d~QEA86WDtF?_A-(+!hgBUKckIQc~g&EPB*<K3S;
zZ_=oxx2Tq2V-5w#VTqpA^B)y#2=X)*&dD|HiK7GJbA0Kvf7PNCM~MY882f85g9OF`
zTKCocnt%4Me^mAWe}9E3q#T7J|K)QSl{ynQZDP3P^LKt}&E!Pha$5O5Wb-NvV-+!c
zZgX<jV+H!WrI6O{>RPTO-w)}<_T6+n9W~@P(BXVp#5_4-F58h=YmC}9F@N#$=r_6n
zmRRW>N(*O#TuQ4$B+QBQWEs2bvdQ_^r9)ZsAIW_k8ON>UzSnemMKg4+)&&bB?Arl9
zKVStUTkk!aqByZ>k3n-WTpI*YMyUrP`J|`^)#1d8;m)6oQM#{Bz%kQCZE}gLs+L~r
z&k$@I19Cj#=;yDT^0LVZ7<z}Ymcw|LC~A#+9YlTM9k?4)$f~Ca#CLq(xRAgPn^EXf
zoRXn7o_z4<j6Slwq4ztw($Fbp;PPvd3vcI?EfNGVx5{KTNZywi(zhJ0#<^_2ULYHe
zQAweIt|mjtJRUd~NKu+Zs}6as3ajKPxN-S8qfcK(F%-uL?Uw>{1iZ$2NuD!3sMJ0)
z+i=Z&2frYELM5OT>6y^15&osPP(b1S7{$5(Zd!b{WRew)1`o|B^#E1s4<vCG(m%%f
ze!Rv2aPR2#YU$@+9sm(CrSF?&MSo7-q)g9M-8GhMn(^Ev7PF#&9*D@Mv?>ri-dwIq
z!!rehY;Gj^gF33&RbJwmh14*+zd5=*5BCDNC-W6G>tO+;`ZKdh*ydip>G02!Pel0X
zbZR8kgHLh!guDI+EuscDf;Am-8<=GP*^O-8SOj=oXe|2z=k#X*5{6GiR>yif*7n4s
z!VS9b*=p_C&hS*_j|-!`o{%ej#=4-4ngqY_1<Vz(qq`Bb61@(1$^(8Vmp(3%X!ByZ
zcvCo+^FbrLg!v=%h~V#z`G;;k{DiTCBPVU)aq`IXl?7Qi1}9V&;_PIp|NBoAj6sg^
za_I}=oi;it{!=Zm0YJ&h2d-<OG~+Ov;hb@1A2R8ouhKX=QsZ-Cb{sy@UL3>!KSIk-
zR3msIZdywV$5T1g*3TpJTsSI7B$vC9v*z<RUJUibsVdB}?AQDenljwSR>fWLYVstM
zL#F3bhzL5>%SM~ARj=Vu2ixl?VF&wn%ky>;t{LRm{|s$tI4f<<&|ke8?o1q!!6oZE
zlxiIL0k8-)s~;y~G5knaWu_VIhND~1o_H`eBR|3@%LPTk$TnZb^5&BL%Y(@@?>+kY
z*BgOPhcqkvU2%f7j2Q}nV6k0C27`>q$<*VT6F!ph$mo#ygs7)UTmF_JTRS`Gm&phd
zGf<}{z{T`~%YJF(|Nf?+)7M(MziSTul9A8gzZv;6!WOr_8{Dk`9g+aDJ>3fvu(5O_
ziV;3{XV}99eusDa|Fc=(e=%R%!u1zp^+cf2f)D2^upl!_7EX2<$X);C$OnhlFpyZ`
z!8@CWk4$UQTxY-$Jd6=UiI3NT(-fZ|FYq54^=oT`(`x=lJNo?>yQiN{00-i%ah_7)
z!e8*{8ywG*Qi2Fy=t|QM*Lj@qT4mCnbH-m~|Db##yfpQnANswa1mNL$zrv*<`SJzl
z*RNlXLyNJ0)IL49-`T`mq$#MV0#X4d{C94kNV-Tm!4+Y5aXr8ALcok%bVf1&mCh);
zjwZ}MCu6iJyV2ZXd-AS%s6RH=aHF5?a^5E9pmCF_c*@Km39@*~nQgeiw6qzpzP_Fl
z)8zi>re|P4%Eh&C$6>krtT&Rn%^E!3?Q<_2gdU7`IE2!L1aDpr-*T9O1HxJ8g@Or;
z2V=|1$}EqT`D_;DtA421U_`~mnGB|ehljUXRN<wa<hocq=29tm$Av^OXe}nl<(7>n
z6xiRtQk5jab3mv9Sg!@K;9X{I<U?$4;uu`}2`GQH+GFDzmj4by6#4nTM~w3q6wV7b
zn}v!+(Xe4IjvOR7TPiU)Otd{NHoAm`g=urQ=Of!GyzB!JUl0eQxf3rR3ccgO9%8!=
z#eC#Be~o&Y!5R`Uk}e#7O2|wsOB|dNA`<DF$_>BjN;QhV=@e@IN&(Gbq;Q@l^`+^<
z<D-HKq^oeQQ9*HrZd(<jFc5ISVqK7Rh0tfH|2{Z82&iPx93W!_Vyc&T1*n@LT6_`M
zS268BpFWd3lWZJ|&CSh9uR{!6>k1K$qET2aLzG$d(<yuy7p4$HltJ*1^PvW{<MBoQ
zNfQ9P0<AzQYkZ_ps1F=`_i1|&si2YT^<7mF|8-~hPj^06=KvzJv1ZNnnEaIt_{8|E
zd8~mOOEUBcIJN3+)GgH`JFPz1?a0d)sxs4yhbANt$UT#>VW9A*;;wp@)(&7MmLo;+
z3Oy>7lLf>3h~((7j~00PxK$0^c+vlc8{uiV$HiUG{}7tVVeZ|va()J#Xg{t1H&)g>
z;axs8aN|0I8F#na-Ldd^o<biESmzv7N6kae(2ygV1pbAqKKpM366attD5%676ckXf
zh-j_c4?|IMUQh=4B6C&j-|0;u2Z+1{k<SjKWWJyyyb^S{LRqO<{-;p|MPrCHtlOzT
zIA#y;3RKFa>+SbBuMtb>_#y%D&Zw{i?sH)!I1Xxe(k{2kUSlfGSBDZ-7^wi+ghPxu
z#Zgq8DnNKb>HB*7o-(goSeWWLqx?5!G4{_@$$z{5iKs)$3ld;F4ls8c8DOYub7x?s
z|F?;yXL_ne`%USe?;ACr8XFsD0n*z2Gcq!cT2j2O;P3D!tsPwru{1Glch$%38~m78
z0b@`@BSYVJ7(|O8cu_$0=o7qIl3fXlr8M@eo%T6?)b1)@CJ2-BBK+@>_D3bJ0ATNn
zixmADVm{iI`+!z~g7SF2dH9k}|LHBp18zsTrGB$orBOqnOJ*zrY<x=1es1Cb3TyaU
zy=j&|meujUk+a%S2ZG0~5?|sjcsS`{PbW74ANS@17PiaAr}_Sf(EFqZvmpq}2hxAT
zMdE%166C90pA0KEdmmjm_mT{WDp?gHcOpN15lg{;A1O1#qN87CjZwREiPf@ZVlc5D
zKc&xwWu;=hdlDNqIn;qxJQTK@7Z{M#fNrP|knoiOsPz^s(!1zoWH(;<d)Ktv$&+$z
zH$M2(>m>63hFOgA7ZeYi20>MsoxIrqmK;3WfMh>S`TX&BVk`LCwN#%@Z&{!`skz#S
zxA;a3q7OPs7l|e@dG`^%H*0;c*?wTbR}pJlN~jsnP-l-Z$4?YzVb2@kmA<dp>24h!
zPTTn7-t(<g&~>4l<yAQc^FOW4)nsJbj0vvJTv&LoiuOF{sVN}1O-|eIIPY5Wex|)&
z8N4KF)1CVA+LyzYPrqtFaPC9McQ@rXgKb@=H!BIB!@5*Xk|Qj^eN6^~<~-k8xG3@Z
z2dH0z$XyPESvOWU`>T>h?=@cUy1fggCcd6+wPgIehu~+I*z;dd9PpJOOY_zSaABoc
zlK}W{^ZUO2ons%PdCnZg9kcKIc#cetN_iHVAV=>2wg4&!zInuTX5#6*ujs%(QrC0V
zXy!!UxHUWPIk38n{MsT26#IR=>^_{+n(7oL3L?MRr|zDnBj)mTzmzWCwsHTY6?(o=
zS>UNdcr0Bm%=k&QGn$LheHxYnpp(GrqH``Hn{6teET~kBuRq$Vv>Uk4Hz4$O*Mhvv
z3s4Zxpt~Nj5I}Jn2t4?#|B8sa<9;9@k}~?J6#)L~cBGZ?U>PUBgvhT5@yyQ;h<(R`
zP4fJIj|d|IDm9e+1ekPTjWcq?c74=m>GqC@8~k@SVfR#vd;yWOz?be%s$cx~GisrL
zwAS&gQNpn!Mh@fF!|K39j}HMq4W&3<4M-IP>zXJEv5~!3i!NxtAFKMFWJYa$W;H!}
z+|J(`02Ue1UgBIuy33x^%RK_SR@Pxk(zzJ57aJ)hgf}6Ed~JBIyC*<**y^iP)bXy8
zhKvL9UU4AV2h-f`xh{SH-~?iY4K6$8-xRmHBsX>>AeGn|RQSzk#*7io^E$hV^M!C!
z<@0q5__FTy)?OGnTO1iJiD$e{ZZc9Wx;jt4lhHN*zc24j<OQRG?ph<X8cqW)kBE_i
z(f)0!9?FoP%{~W*+MxjKd<x$kDU)(9j9cZzIRrmKL!Swb(!5xoM*&J{`!%rqy-{N2
z55*3$l8jxI9Pc#u)TgP1&~#5Hk|lSsUAj{WYI-qD@!(Au3i3_H$COQC?0AbO-4FDR
zZW#AFH&d8g)#=L)65Z8OX+&S<MZ~0`vF$6m+Us$gDOTF<hERmC(5>I-&^B3mg-((}
z8zeyFRcbBr|D8mcf&Y9&+T8tTrX1o3%<Cigr-Zdw{oBIe`|x4`0~@SUi8vyNQO}8M
z5I|&7EPz{?tE<l^+bqM(L47HMs;6!Jn7j2mw;$ZQyo*fV;$%f1Qh9XQ%xLOuefGml
zp<UGWR;{>FD*fP%0*Xq^S3Lej;-I0d`~4&1MVPj2<DqJTO5g1U&uz7+qv0x^O>Cx^
zSrLC%=SpAmek>EJr=dAtX8%X|rV|5OI0tejC>c4V)54`UUH$sw-NQV<ur@cJr~w$1
z58V;%?F{Zuw><TXS>E~yi&qSM@AXN%dhL57+Obi+w=%c!$Cs|0FW+R*GtDigz@m(%
zt_|iPqK(6qdb*pd6j$3_ON_>|wv>tfoXrCRHS4qD!xy7(T3sW_VFlo&x<tnDk1)>H
znzNXXrE^B!um`D`0r8`mx#X0o<#&IKbzo;*vdiOW$KARPCi`Q3rEl+>?0E9jXYg1i
z9+2B89&KovYnj15zd};$)vMj#6%}-hG1~UCN3s>X#xRfdQCfWL=(QGg;dC<>2@Pts
zZ?sG(p-09AH*3?_C@Qigxa>x;!Wb=xOI}qy4s>d1xq2HC-3=cLTiXk(`0uWm%D_Ut
z+#OwNMsk(1v1_Vg;(&h`%>U<0gz~mv!ws%LV}E~dFG8~`#v$(=!sI=|*8~h+?)A2%
zpuf{DQ`hAM2X#(hw|__%z;G!K*>Ai-mx;&bi{!z21^Sx1bsKqBS+iRx_%`#)PGp?&
z$<~aO8k7p8=kc*k-=b@rBM$6~PFArL*0jhe);sgFc&=LbGPVhE*7(wD?RbfamJOuO
zGSp!wVMaL*Tpgo;41aTxISAsxw4mGaQDjCZH>7JpM?bLFjOIXkN%RHVXVLQofwQ5m
zbG^9L)W;s%0S(8dMF&UgKY2f~)tkxcngf196{REU8O?Qszl=j;GAJS}SG^#Gj-@YS
zd2;lBUja%v{ic}=$>S=WXsyFdotLw#87{AOqyy_-rRO||$opaXMRn<F(uTOdT!5k_
zE#TC0Q-1I@``UCnm09Cn7}3q<dqAcK2l=`&6LlB1q-M4S=h;@sne!3Wi0h7!W~BTs
zBlvqP{0bK)(T0X{xm@r<Ci)m$+Bm429XEl8PZq%Ms>9_<1Nq9Odx`&nNR^Bq2tF}E
z)d`_fJCokrnZ}bJ*SycAsEE`(w}$nO2>YVb^*;QWti1Yu1?H?|AZJV*Mp2t3dQTyI
zM)e9ba-E|rjxrO}Go=+&#523i&>ld%<eO#J_kHG)?D!Ab#oWHoR<k3cs*+tHg7t>0
zf2Y}E^=E%ff0blSBGu0(v`r?97>$amGMC?oLd>&gNyWZK-!r1ou5-skrNE@PgOt9J
z1q(SIH3l20kMJ4<FGR<&-j;O|h5hj#an+g@)pxh=x*fhKyP>LfqR4_=(Kp>QiJ%xm
z)rjlyHWTHDyA+E9A*Ru*5t2jo4?M1`VCPvE*7AGH@@V{G%(j9HyGs0Y;^>*Lz%FJd
z`1v4PP2`w$eoR&GM4hyI=1=>Q>y$qFZi!lwy%^UY*HyMU`}i!%E-dLQwu4|TC35?X
z-cEr8t8^_v@1FWk7vi@DxR$#RN3DWSpKZ$ePa&+Y>FCiMqMI(ddVV*{xD7>WoxzN^
z9`Z7S?QXSS9k9tDd0Ql9whf~+Hf;r?ndq;?C>^vhtyP|ZK)H<2(CZ;B|2|Dc!XoC*
z?os7|Z8CuuL;U|uu>dHP5!{_65g!VVK$_N9Rksu`;g<d`Endsk=W+bWAOEK%J);6;
z2nFG1Dd<T`1{*8HCnlo9U2+~`u?A^U@3M^&h{u&nFddX?gx`#&_@-PC5LNAZePX~S
zObBfH5!&1!z#%m_3pKnQ>iYAl$0*JYaEfV!m^ab7Hy6J${rN!Lf$nP-|0__ft}NJB
zxWA?nIjhOB){r{y-lhp0@%2SPD^U#aVqqS5L34CiP1G92@L<w8<qSbFsIu_2yRT1$
ziAPHXWdOaGi#hOBuU|X_4GH^d!ROHMLnBm8GQVhoM4Wj*!|P^1@(UfS>?q6kjd|My
zE4SejrT2^(<}PPUHq}5aic8iev9BSH>It=vKRO+e2n+L2eCl{D=g|&zS_$bn^gr2z
zD32?D9`kxzm4-QpLHA-42rhE7c&pjiiThn0`E(WE^~~{%Z3-{80bM4V8v?8I&Reeb
z(H2#!er?gaT>h$$GHnrwAucQo3b0Vq=p)V-NX`@yFU@&3iH!umavUJ`+<iEu+K7u<
z3~}Nh0xv{fxpR0JGyZ=*s6WqBWE0JxWzOxI?_=(E{lo5?+jT!f@-@unD&)&Q@hv>Y
z-9(KB$ihRY(-+tjKXYJ$QPKr!Ryq2GkyJWpL=Q>2K641Z*z)70H2kR47s+w)6UNdb
z$y_T#a-&LXWzPdX4QXiiYo8oz6ppC6XYaSSyYYg^9TYi6l~#QQV^$ADY0PRmd^B1y
z6V;%jwyooK4vtXlKc@F1*DbV+74F@yQ($d66xI^Ib*<{vD;>0Uw0w&dFI#f;b)A0g
z<AUQbZV<?3$0q{@PLGR*lDnFTZX{1MsQRqVt)kbg=O`aK)0G9GN;zyaA<HOk`zb^<
z>odvy1(;H?9`xDDctA}nP=eFWAdlrzkA?&mMci;kOoWmt-UJmyr9@;(Q`^s%0;sAZ
z8kFtxeUeLag!Xz!lr>e~$hZ_9C~h>K;x{eE1)hj!FArEeSRe7Q>whKUsQ0!ReDQZ*
zJjWIxe+pMWYSfLp9u>*wVvi@^Ajohz3eR2Xv%>wtqa&==|2Y<X0jT+yksC{GVPwK-
zCKGv9Djr*8?FJbF1{6>#tM&(~jw%`%53&6lx0p_6YCoq0TTA2*K^np6`m&)3v0k70
z9CWhEUdbGK=o@ED&1w1uQ$~iM24i#G&DB-DFI~RmNnAEz&Rd;79kd?Y_iV!`4s=Ej
zE|nU9tg?!01zHR>;)fJrXgp9Ttz^BbFXcaVPuB^A@hsO1?ocTgNQ?7UMp2|}<dYBL
z#p_xr8KKb6Q4iXrpn*31m<4&d;#wm<F6(WsBK_ue`<iuE_c|6^OEEgsgFxcJz@DnI
zn$Z0A<O7u4un>ItGO>W78jSGsQHd9bZ<`7RG6F)CLM-lAfLlxK%7~+5+c4zssIN!o
zfTAcpzgbZvEFSy&i6ez9JRx+~)hIo!HJw3L^+Pc|Hr878>bzLwM+Tom|Hf7%AQbXI
zK$$g6Ow|Kg_vIfubGOQMcbWLVSluI<M3Gp!*+&c|SH0F+J(|Q`O7=<Uc#vB$VWaDq
zc_0z=BN0<h2k6KJR4s)xXWc;``xgu;KGUpi!ZUK#!mX<Tj_%8p)0L(U6|H2Q3*#$s
zP+YLR+2aUAg*YsfXys;pn1AB9#rWRpgf2Z{S-dNx>kpGh%nxhqo?o<I9Fb7CB(6&7
zp%q;<c8{A@mPAQJs~Hen@5M<}hHseu6KzG<eUV)ReK-)~0!eELsdh_=ye}HheDx|*
z(a`IpQ#aAe%8uHFkJYeE+3$DGbsHgkq&{N#r>J7-vq#Dr#UzpLAjE0bOUk=M(7pKr
zr|UdS!u7q$mCTE#jyp-p-Ix~L|8I4^eOjGV#Gnd9HY0k`)adGEczC8e|6mg3+B%a1
zI7y{Iac61mdI>)c1dR!S>B1pjHziD{^OYeU(_{kI&qlhuvBC1cvAKR=380czp@2c{
zAAo%iByKmB*hMosg)!#>^=Ko7+6RgtxGbXmKB<!ys_xaYv;>XwE{pK3h-xd9*oo(6
zxudpqe@ioX0bG^Z<Qb|4U|av$udX_pDnE+CFuJ^{lRk2)*_@!YoY}VPKRwa$s?ZzO
z*t)1?Kc^3hO1em86(=^y^7O?J*RhQ*3IK%N*=%vMlD+~x2m5GNB@LNm+*%ZD&l4=B
zPeVh2?LNJFOu90!K+fW{cU;dE2KVq^)uFy|IO~W#!%8Dt{q#R!E0h<m$v=6AInv^c
zIX-6Ryu?ouP;6|hv=;Iy+KQ#@dfP+W)9z*1Ead+4<iJEvF0~z>=sUnwu70NoY`Sp*
zF;w7)tH*S6pcto&F8_UQ2wEgcT6CMNe$Enx8lsGTuG2d&K)m{oTQ9QCwN-`5>2v`0
z`*KIQ{dwjtJ8XK7)^I+$H5!vgi&g1+|L59H#7Unu?=%IfUs=(;D#E6Og|JEXw!Jz<
zG{OTt7Z-L4@AaccN$Jse%TlWQ8_93CV!<>vE#SGYjIGSMOLV7ysMKX~YQRTl7f)#L
z{ObO02y<fMV)Ilnm&m&GwnHEUZF7-%v>zY7+xT1Pf?yWZN4Ih@E29sz<Y~;Ecc)+D
zV)_=sKQ`ca|0n;2^7edy+kRi?x7ktvRS!gTrThGe(Hnh+V%odG)235#x2Fj393iQx
z&4cbCOES^q2Bq}gF^4U371yjBt{gGIgW#Onn0<l;JYIRHypI$f(kOmHOxE*ppO#W*
zuwfq&eHBpNJ@ou8L0}ra)Sjy%lytm4fk~hG#tqg&EFYTVDfUK{H4V2HDN=uM*Y4YO
zE%e5%p34BgThDDu2rurqPWyAq+&kz6;u61cP~rZNbZy3Np8KW`ZLa|hG<fpOB0xcS
zuCA$Xv^V1GuH@WAz+JVzarT2ja5n}Fg5=x*ocE%RXJ380l&SCQJN$*5bpDGo=S_mC
zpHQ8n^t=~9<0GmnLO<CBPD;5g&*3>)-CAJ1khrDkH#|@VwHJVgH0i&9gZ$aQa-!7#
z<irX@zi+;-)9zxsF+&YSM^;0}gU5qbVbg1?UBvDJg{qZst+Z!w(EcM|q+?n;<{YIj
zdo`Un6%=~;i3BbGVbPNv-87Zc)xwJcZpET%E*dF*n->Op{n}^f2s%$gljp0<VTAEQ
zTBoTc&pw?83&BH9yTNoq^5F8bb0T8Qt|msrH-|=VeLvW3Di+YGy%AO%Pj^_0e_teY
z8LK!wklvMYSv!%!F)Y+a^!t1pmV@P1Kk)4);A9$NY1AqhhzAM=ob=Z#pSWjl0iPEO
z1}LG(pmO!ORl2^F<EeWo3`bB|Pb&5&RAUarPucW7R4SoWJSN-WyP2td+Vik?G_Uoy
zfL7zZ7Rryq%UC6aZe4Ep#mWtDJF4*aS37;w5)int6(#<{(cd&PbG6+fK5`u(odw1L
ze|^0hoOLOSa=bv46#iEjCV%@hwrLAWZtn&e+OG8-|4%$k>3~ikV;^5yP8O)-Xw+93
zH-;&}wHN60lRR5mC??NVb(MN?QTi&o+%~^BGo!du{{^0IlJWrOVhu(dvC<nm(@6e~
z`&i|hE}DvKyX*p8oEx*xd25$Ro6909&L5M4z#<3Z_8G-2bU=bI-m--8edDwGH6GSl
z)puBT7vGoS6t48|lx-n)q{9v<(enqdDBPRR0Y$FIO8IH#_oeH{S(2G`C;&a`@00~4
zuJ}6|M?bdCI5}B%B-PcM>&6p<JmGA<0~v+Aj9KnOu!vUa&Rcw%l`1Lk<uJ7O{>2eL
z?zmvI>LX5}iuN_|T=RcrpWp?Vhzq!_3SzD1)8AXFL=Wh&x-8+i)zw)e`u%th3&xC!
z<Z0q-Q!HlFza(HrNF2&1^H`#BJ-4Lf<Obou)Yx~WQ9;x$m*2;lew51ynW*S7T;b7K
zR83b9vA-Tl*1(EoQ;e508RtC@eOpoF?o#1u%)g~WFVHM{xg5?O`}=-!tj3{xN4jPY
zJf#8{99;kxk}09oihcy&jFPrv`fmOwxuEj>1pCe#{O5lj68`l+AuY-f5-fMjvC&bu
zs_cg=DtZxrdGsk2{3Ds9iozE=II>1NfTT*!R^x6sgc@3-E;l;m4=6)9O(SDrYOtHj
zthp9hGQ2dGsU?y@>A}T{1f*51^H8opqaij!DX1Ve8*ah1uZKP-|2m%q<PG9t&;O18
zUS6a1be`GAtQM*8O(gq-Or5o{>EG!nFG2wdCs|<(DINFGa)&8#^Nhviwj2%fH?>#I
z1|iVsyE1-=OEMr$2go&rWwxZUE1r{_L^(-vPhbkbO;=M9P{r@VEB093AGM+Fk~G{;
zUqH4HJ1r>w_{qM$vRzqrP%*G3lQ1a`D^wDbMj#+Gi1-ee&6Dt<lDP$Wx0x@V2KhYB
z>Dyn~oEHI=k0jMAQ~<8JnWiEadlhL~=K?>i^K+k32xx)%9&b+{(Nsk!;=IP&{ocT}
zE+fuqZMT014=y9OU(lts<D6%&jz3n{0n&nZzZ?}%>M4a;-e!1mFgo=ozb!GxbQ?rz
zx_f!P`+Yhpd##=3Qw~Lo;O|r%aM~YK!5R3!fK^a@rPcfufa%UiNuo=pe!h%bQ#lr8
z<gE9ulyrtha&j&;IkpVz=8p3%%fw{>uFib99=>_QkxD<y7}9Nzw2Ua5%hB$UjHAWs
z>%D}!kCB=k0`@5nrp0RdGr7#cQG7^IoH1swoKz#ol8<&S`)gMqVc(-i-(&tN>8+Sd
zpO%E%Ir=;cV+G#t?2OZ+ZpzEm1M&IH(!DL*HE-`;`2Q-oH9ctCim_;=9+Z_;bd()@
zIpqiWDfLD}k6m||(RH!&@RYpD+O@D{ev>1uZEi&1J&W)zW;5^OWaYxMz0M&|9=`1C
zeY=vMs%8hR0hkFM6qlS(rRW|=bmr7Uc;-}|0=sIT5~B~Bv8Sbcyi$K_u=|Po+gnSt
zaS`;x2qd}p;-J6UFv+h~(f>_XIb71%=tI4w5U4O0<*q<U5#;^9BTEEPJl3M=y7LSR
z+pT&b6fQdI_eC>r;=@<E8e%G7wJZQeWq7IiW3apZf$Mf)-TPyV!hJVBYr~HRL_obc
zT$J+bcF{m7m4jdPOqx#zzph1x$<dNkI^&LWHxv+RtX_(;%}h7xkX8LZ_TDNi$~J5p
z6)*^;Q_7)JQaT3^1Zn98>28KbK{}<BRJyxi=!T)YbELa#J-qe(-@mms*Ty<vV+M{V
z?z-YU&+EPei%Z@wymm-|G%%$^Yl8Eo&tBKDkM79wJ^949Dm7lL>s~wi^gCF_G|y42
zmSLpJwn+(~IJRMs+QLQIL`!a}%7>}I?`+iz_E3fYvBps%TU1d|VC3fAjfAG)bK{b|
zOs?4>!oQZa#NW-78n<V&7^fRA)Zp+`kdm?ij4`qzMUW<T|DqLJhb`7`n996jw@USQ
z2R-qplZBcDs>)5zyZr;60m8A0)ASuvLX`D5Uu==s!<8j=8g%g3oG`~%YsMG=p#Su&
z!TX*BL+_jlIzfCis}7J&RD%B9|JfTV1q&3aOw2Zx`m0Ay0{uaD?H`^E==T?z;wIqm
zv-vKMe=+)L8NHbd1}S7k0}EyINOQNul-L_=5nr$rO6><L!!nS*mY3C^bJl$uujg{M
z3X+9Z<)z-EQr7hBu0JZ;u)$VuG(21>89C5?{P;kpT!Eh-2glanBHsTWmXX`f9~*pW
z%+kCoJI>;faToSC3FIG%2?S4};^YLPV5vf&f2@>}n4PA(x99Ptc6s;<7lTy>1#WXb
zW2R#&vG3z(X$T<yk(;5c`U5>OI&2}D82HnM52mQ{Tlqg4K8r#X3p9N3s?)<pujM`Q
z;jZxG&kCjgUm4PGr-;xuASzWEOr7=8tz1?Bhx4G$&y^)*M2oo&FC_4Fao-Q+MnDC1
z-rScucZT{pxTKvg!Y^G;Sv_xZN~~)Z1F<l40<$IS$=@g-AF-{{{~Jv|LBYlREBfiL
zFDzuDx+X{!z5Avo)PO;@UO~Psvk36nKYUJ^9ekUKMZbdEE*n~xUfuh=7UGc}s~rxA
zYSjEP{W-SB!1lbXNv&`^TO4yk-X9z!oBw$i;2FbiI#lt65&P7nHvO#ZV~Rb$#Y)sU
ztXOAaV#EAF|3~vNpN=D@@c+9P0QP(2nF>?+kCuj#U;7@R4-NnXCI|h?PMtCvp81WQ
zdgKBXI8{%}B>kD)a~++n&=@RA?qd&&NeU9abNiiQ87eapd7y%**M!RAsJ}k}PGEv8
zO<Vk%W%;ejKf<4~Nn9XGN~CS-XU%Rkd?x1C4l3jpjc>j4U@Q}7Sgl8L{WO|f0g=cN
zq4Qk<*kFtCTmwy?jrH}!N&A_Z8HL|L$0xr!(5MaREYX25Fs<T$VPtAmVsVb+_HlPJ
z5Zy2ofIRQw4wPj)dL+*;wR+J0W2We`p8`$RfO^(l9Tt(*Uv1=15X+1u6kK1fI*)+;
z@KLXWmfh4?%qK$U%!qxsdjgw@7qNc(M*(oe5ArBF1aW4Td?C)^BA)SbRST<`FM%~r
zr!?xBed$CcNDJ6wqYNMN>NEi6_5bC2)H~5Li-J?4@Np^=(>uj4S=j$^`vLBv^5h@l
zG1C7JEJU#P-de>l0~;J`X6O@Zs1-*ingysQ+_}gI9052c<m#2-i8LoLGpVo7%Z~mV
z^3Ft&He?VQ!COvSvF|jpAxC>XK4aJ$d?)fD)c++h;uPsO$icBRHFgV1;-m$_#-fH=
z<}=;fjg><~4n``Yt1r+=%($-ZZw^?@WrvhKcuQb7Z)s@$GwQ$xKSNo-Ae2D`A+{vs
z)5owdUV!)f`?nDo2RF#!fD91iB)k~<@9%$q2oZi<O%G%nc>%cKWB<_L|I7j+vH~)S
zZ`+%|Cjpo*o?-l7*GVHkwsrk|=Pa<rZCQ*V-+vQM3V5D4MZ2AZFBtg-;eXcOV{=75
zPy(uh%!M-TSs4%&fk@bYjp&I3X0A3CwG$#L2*v9L@;_bp*q6Y0T)?!7u3>h_p!XLy
zX(#;eY16=428S#E&i;)Vlk1u~CHp^-32-5G!sB}II6%~r15sh3Apwn(X7Cdh7FAlC
z^DH`u&_izwtN8BK%F8&MGjQbAMQ}SA^U+DLESV)X2e^FX@#gOX?Qy}=FCN>U{uFz;
zvHs~IC)eMiiS#!pxVf0+?*x$;s}I_;n}~Y)czqr6=y~9Yv$;B1hN9KH#pT!%Z=_;(
z!U}Ny{D^;2B!_sev;I6@2Z7TKhtQ#jxGTdGyXR;_{wxK)a+;&t!V&6QPtY&u{sx0+
z>Pbz%$LX1hpX3XKgbA3KE{)*nQ$+IVVsXt$^-8)OOI=u6E%c*N*y*zioy36D@Vj8I
zU^i(*s%4M}sN-u!Vls({YV{epWnFoo>U<Wa(#Lvnd-Lb;2?<A9o|3n(VOe$fumYKr
zg^jA{ztWfvk#rINs8&b(m3>?9Cod^W`+P_}INvYX(MRwVD(QPFKBWl}iK3hOaUjG&
zF2zUL7(3qDa{urxkRTzdNyhI=%kMbO&m;#gK~=)0dzcCfwEHJs<oZISvHVYBzwZw8
zd)u*k1Zeex15N>!7Xer|XztZ2R2*}dY<i!hfv_aSk!RGAVL6xYx79PNhH9G*-A^s|
z<ToqRmU`^Uz+8ON`3Acu;BlHf!GoN-c#gt3=Hr<k%JTOP-%n57VP948a}ozciM2OP
zPxe8aqvv143PPVcZWa5VY>#^RK%D<xm37#3n4t9$6yen>a^vSD)-oTueg^XWwwYiU
zQNq*I{*C-J*dgU=pN^<SFI1ud2Q460P$UDb5IeL1lO4S1Ghg`A{YwxkMMwuD!+Me)
z(=#h9G~zO-dQnzNDVmvAB7RgLzyLseRer`;U|2ykSEc(UL7AM+$htC$Sb(Selxb98
z+FtvM=Q_vfN3E25R=_8#AZz(b@Y!@Zfg1xV=vhSNXM!Gx^U9JitN<;|o?<+GFp{@K
z&Yu`&N%hy7Kg4-#L0NFcVF)tF^&S5+Yk493a0^ulB_(VcCY^AP?xCmXB%C{fTZxp1
zrU}GUu%)mzVR>A?H;Tm-A|7FhKV0dN8d(DHT|rd3Z0RD9PW9=x8fm%PXNw)A9TcAv
z)tx#jIz9F(k%I$W*!nUAOE*3Y2XX7M)jM$oJVmDlR(@a%v}Av;dHHr~Q$JqF2Osn~
z4H;C4d{oA;tPCqydjj-7$*{vv8w5DqHId>u;t?!zZID3hd!qk8Rw*P##19!X^14y~
zge#fL&L5!MH$tYDnsAgl`7(2B#34~1Vt1H^@0GuhP1ER6KxMOgCiG~<EI#=u(H*wY
zEFx+P&8t~)n_mz^OQmug^xoj}pW_2(h#lt*!WjDvs8cMS*_$(kiUnVDFTN;oJBg#?
zv0_5OB?I0)pqtB<`k>wQ?%Q&?AheDH@a_g-9Pi*0_P%S4eCTF%rYntnuJ1o$A^Ew%
zyN@<Qe|`7}{>Q9Hd`KS-z}(<kPppyDZ>O=hdXxR8fNU%1T4ha}n3nuA_J$~pVlhV{
zW6!bbQm{{C!Xjd}g(X|n9>P35%X$fN6Ea4B4&w1)OSQbJuLmSdrEgCj;Y_)a+T@<f
zI`Jt96U&(kMx<IELBw<29gLTEqWz5MEoluXwfUsOmEZ88NNzW>`W2qXc>=qqf3~`u
zaV}msgKZ!&#vi_ft@-72(z^|xUx+V1`%p3kS^U~kprq@l0c9Ai{v)$2wqYdJ=Y6GG
zu(uF!)KRH`ZhjF;VRKqLtM;Wbr>Jm_I)Q=6kG`BrwV$Anvzg=x?7V4c#Bu13-0m)A
zKSopb;K|}1(yp7_{@R-lGwjn-Qn1%6?va(op1GVFLc1f2A{S$Rv!LcTKrOj#mi5Uw
zl4LdhPP$3U=PjAL>pHKkc}ri()Hs)S6Iu-2qpl`F^dl!1AIO-u(d(M!WfGfx%sw1X
zVpN9l68p+8BDtes<P`K*ExPgARTU;po;UW$War)AY!Zu<L{=fP#CspT9`5zA){H4~
z>@>9S<<>h}^L24W+6x$zpfwLhyJr1s(D9sZG{{h56&@XQclaFt4%#Q8hsc@4mA#?X
zTZ4)b7700ef85?ztBtcMX!Og;YFY~sCl;Yd@Co3fpx?tk=#EG)NZ}8-XY%yrxcder
z#DLCLxIa$9WQbqkt%_hP-d;Q%20LIg+z%92#R4|nr7rC?@rQp~xz!TIya0V36oJ$&
zOfb;q4&)vw4e`hM-jq{TiaqP^H(B#$*45R1!RtJw<c2;bL5OwNx{wKb(0TKFz>2%a
z=QQNd<5b%x*ZDp?2ytrQyHS}41n#!HsP=X2O5-yu%Hx=v(VC_18?CFyP#S?fh1pFZ
z-ms_|?icK;mjqzLEu{S1mKR*ImAoqc-*=Xtrp{m~lm)%2*Tbi7oL3j7I)6%~CW=!N
z{4CN3;lk}&H20Qtl?htU6CPQ8br6u^GI`Q+MX@L`OTmnGq0EBSfBn9XdPV51qEZ(D
zUP(HZE%Z{eSDQ*<8}O0z&uch6Q22yy1chYdtCKwu!qDS}kAgo;@&e~t)`=#oy)cU4
zoMKh(7oeS_HqC$~WtHY09S!90l%O~NN>&Tx7y(n9Il~Gl1=TGN-K73mYn@RdzfeIk
z)%z_U+SgBZi}(j+noA9IKJLtKM(In%zW5<tC)a?pbx%IP3Na9tW@3}WZZ()7Z_zI^
zBxJ^lrYSQ?6%Z&bdW}eOqgQawOHs^uGKi4TY1)r=?{NHkX>sxTeHig;M2$JWtM9)2
zsox2kF)3KKa>BoZVyVDin9iIYs*3Si9-z-7Fd4sj{X$fZ#BKr?BAi-ZHv4LA)`A#@
z>R$N@cZG~OLt3qEDK`SVv>wnrf}P?s%5nO1HOvIws6H{~enP4H6pAO>GIRkC^gR(*
zP?$S)T3%|)_lvdFWIe?yqg@WTjZs^N3Yu&vKA@*Eu<Up8ZJv1e2?^J)7~q3E#H}zX
zIkbfHrf@E|xyquj{Bi;+RhAF~F!%0v%u8@XqaG}uT3sn``+#SQn-4E0^89~CD;?0&
zQ+W3{3!esSjpAeFSk&bN6_EQMH`CrNrw*54TR+!jHkL_Aibq^q!bVFYTDbsIUsUYf
zvkhyA7yERKu7M4VZ7(u|mnYhUzTe@Ow0p!IbdC8jjIt0sFvRmY*y6hC_|9=;W1u(e
z6D5D;V4XYtQxFFi7LZvUxOt_R@~(@~tRrb?>3!;VkuTWkm=3wNw+I8?2c*djZ#C}6
z3jOs`cf%@_@qbNJm?tucRwC2?ylIC37T8^Wtx+=vYXylCRzND1tj160_OC*-GtgJj
zcW!@x3CSyv&}{_?sp$pLpLfG|9(OovX-zk%rPYmiRr;-nVs~-p%!<Wh(8vrHmCzCm
zpS-Vo3J2cDmfy<$_;L?8Rxh#c!?IrT-}Pb4UvGY%`L!>kdAp5Zvxw3#F8~{{X;;69
zbi{XK{pFP#wu6`<=tnfRaBY`kP}p}QPMmrvw8(Sw5njO4%+VcTf6)x%40E~|XZ45U
zfKtu2y1dK+dl#4R<GP_Q@>8SdP7z-j_3+MCnHlGQVhpsfXYn|J6f5@aH4GEmre1BU
zo(;`!%g_qz0Gml0$apk3>z+c1ZOHGgLx_Fkf0A14t?j=U{kD^7ZQ^sGlcUp~o%Pn1
ze_+~%@NCbsJgu@fxD1`kazpwSU+|jyf{*N8BNCYut>Kkr<I2uro%(E$z}?wTa@NFM
zLjteeSZdhl-thdz(Pn?s=j=Cr{%=?v)}_`0$-R4~mQJ_EUftMsg%NcP{NM=Js4yX_
zFdgFB9Qa{0ki<QdDD2}69vC{FH@_#@8Te(JihccSP}9um57AGpX4VlNrwWU9LRNj>
zs|5HCg8|XwqBclY>z@xgv2YaXdmPr4X3UrWU{HRmvgsns-~r=OT{2V>9y5Bu<FoQB
zzK<@B`*jF|5khUK!cQM)`UrFYgK9#cN!kB?0>hc+O4BFQ6R*SvLhi^t2GtI!6o}GM
z<qXA$qtR?6<CZI=Dn2YUFrLEnI#4&Oe5ps)mp1l+5vxqyvk)8II}P8R2>$YgH$FLT
zoi!OFX;~O6pC+$Ufj@Tw5(ZgLT;;H{8JP)QMoh4ZOpJO>V$#9v8Q0HATA||WDUULB
zfB!1xPem1D*P*B<TAqnpRI+pIzl<yDQND5~&!-B-<anniT$RVpEHHD-MlT-N$RT~J
zL6$GdA*$Amr{(XH&RFWVF%&%R(pZ7qfx1S?kFItnSUbMZ$1_V5T1J?=hMM2uBns*F
zN4T9l<ND%973KES49kJ;;7ap!|L9e!N^?fswxJeq*h@H91wpTphPn3Z0%Y4)K)BK}
zx%nYk&EsmzQ59AoW>tCr8_ZL3eoh1{XcBOH|Bn^DqE<);OJ!doZ1K6&Uy94OoewaD
zX*1a7SCsp)A5+x`zo4|S3LuuZOkCpXjuTcS17a9H7209F(Q0Dmeo$|@qP_L()5ct~
z=}-K6SGcw3hRc6`PL`{cRW3k$kAo3JA%P*7kOorFmMxB-zEL@;{vO7FYl{AJ=Ch4)
z+TO3?&uz^oHN;!Rw#)BQE_n}LqkL*w>?5aBHS-n_kTL3Q^3Z+y!ZE7|`QvHAt)H>w
zh2B*|kBY*a!PT9D3^-4g8BbLv9{<Ev#+aylf<YmEP?~(>+Gb=f<F^s8I^-m^qdmjP
za1DOr*hN&<xf`n}9aa}&*sXHdXy3rf$A4;ng=X!>P&bVhVx~k3b$u#yKwR2DU9L3p
zJ>Dof4Y;>${PMo>3ia-bIs!`UOCV4{U+~i8z4aogk(z|Y?kzkl`aM`Gv|5D8BhQ?R
zGs?UvGYmal@<V#@^K8NA;Z8!+R#B}B2zEQFAaOoWIE!o=&a*+WjLseV{P{$<vL<CR
z#KxaDGaeU+C^((=uaid%vKD-R5$X@L*WEkCCi@2kXaP|I;}rD3F#emtEBo$?Y0kG~
z+)OH?KpvSAO=z;P`L8tEzONsDYv;@ua5DPc%XHXw2HU$(TDR#YVpv77EX{?mpp96y
zaYKIGb<K&?$h2piMkSI@JFSSYyy+`j8VZ!&9;fXNMGwMwnHGipX?};IMF2a5mE2-a
zV3ejiAyD3Km^?q$@r>1Udsgrm8FcL|{iB}4vBBDXrcS7IfgW-0g$oSXLv}bgs*QNp
zR!!)-Rc};MF5(cjRY<m~CUFnrnb&GsJ6t3tIT{$E`-yb(LYxq?EtGB|-LZO1j`df_
za9fi|9VL?YMg+8uxzIH+7R9NatlX=5HjY-dmfd9|h8}WqN-G8%!?5-DT3`{CqOc#s
z9l-*E2t=LO2|L|aX^LesdTF-xzZ4^RO7I1e)xMr==eGMt|DD-UDXc$5RY5K**<6i;
zc2*i&4vY;IH{<Rlb=`E$zGXYO5ywJ)oZJ}Gykxm9SrY`$dq$-%EDunR$HgiWb^{pv
zbKm#M9I|}Y$mmXWO-c2bWzai#!HZop#?vNlqgQ-IHr*9!v_mPL7*?I)nQd96pX0cF
zqVaC}$iRbW6XsxS5WVQDnAE9GQK^~wR<%+NiKg-}JHRDU0377MqlzuMdFnoMABa_f
z-?S_5?<1+V0978E(mwX(h9lIO&{K}OD5T~O3H1^rMS7RI&>WtAZy6@{H2x-c*PqUN
zp|Gl#_FVg|VRGRBer?`PE`(2EC`V-o>#bnNu1UW6>S{j&cqqSfw%meWRew@1NrCNM
z^_1h5l4;WzOk_bC>aaKF_AK1(Wai949uY;(7u@q}>q-4PWQ+0E^jZ3zD2$im@#U`k
z^~LcI%VJsyG~MaN_Jn*(o>&p+S!HXe9`c~fQWOHOD<EDQ`kK<v0;&4?<-`KweFbZ4
zg;b3(|L3WxzllU6g8<<i>9+^yxIY+_X?OFU0tJM5M7i}T6y7e3RFZ;2t97?RlR&VN
z1bq_G*qcvlmPdED@}{Rl&(`1^T|et(C>w?MDW+ogqLW_>dc_4yW^djf1yZ-mL_}>K
zuIPdSnd3jJ8d#tWW`Imcwv?q96^QA<J`NF>El^I4WxYIvGHBX{l9BlZd&@iEfE{q!
z1{lXWQq`wiBi>V`dh5s2PC-2=Ssy$!&Ueve)jh!b7ic!&<~qKiAMILL3@032%83);
zlvsAvh0jL6A#n#Mn%a_PzG`2G=33u1Fxw9_DHnYwe84l^GJN)li^usdEAmCFRRLRy
z=h27^GV2{pyde?R^IkSuREnM~K-28V7VOrxumQCBKv~4oE=OI`84B@lRPYJaw9Uq!
zC)-f8is1@-e~1Ul?UvE^zhOA+(8sR42wjS*@zK?f0Wh3eQYJuk_mFT^_tqR2rAc7E
z@h!^?x#E#)pUgT21$At#gopzUqtKtM>kh5;P!Gt5!s>Z{Ovbpgl6^JGTy6fMdnNvw
ztb7tI%1G<79VL&PmpY!qIF}L5-RoaBbS{5DOKz2GkgVTg9H#tY=60SXT)wdMd}g`&
zRT6n*j;>quqmzlB)yDlCh0I5AP^N34LS}QOj8AZF?3V*}2mbIXa{oBW-<n!Snf#g(
zm-}(|EwAa=1Mu**L^kDD=dvMmd-_Dg4^<I0-lHg0Ha9%gU~t}VA%)Jzc#%b(+0+o5
zt_i>oNqz#+(6w3R&$?IL@$x8^A`UPi&$_u+Hrh=T`J11*B{6iqt{Ial#{ziI?@S#|
z=Pk$i`OS7kEvgeLSix5mdtK6&fD;QGRQLpf*H_Vh%>(k&V*t1oexsaF(i+e`AtCKh
zt8@QT$3x*ETpqzbv$*=GMmM;h_#JCx=yBTL#$peeag*VusGEJkvj7Bq9tnL8*xeGY
zQu_jlQq}1RTXN>JXdVl{Tf>%~aPrLFu?v4h#_Inr6$&wxf8JMBZh_*dL2luDujJA8
zHoc0;5!ZZdjO;AlGjHh~SQ-)xRTbJs(frx7vg%PsrXCYJCZgL_q8hC@+N_LT%QDB%
zT9zN(SVUE#@9R)l3*Mh8Q^h`6N^?gTy!nRcX}kk#IrxCIIFc|iOJSYAxA<M8`uIsa
zElB+5ie2=Yx8vu$3X@;eS1t`)h{l#z*SbR2qLaE?v{)n={6?+aFErCsE{yvxR_7O{
z<W4^ESWTmns7Qv!vR2gPX(oE*R!sO~;-&ofVV)CWt|#;pe)gC3=o~ksq3|1(2he7=
z#_syasE}7>^2u2QWuPFW0C3RP-=9c%98u~R01sCae`2xnYv^u0_QV4Cn&EHy?>HbL
z6JE{V&om6Rj2#fVoeQo-C@P1KgvJy5*esgdRvUzlc(p}7PxYJ=De;?J8asGRbmMre
zVdObOz@)C9+dK-T?sEpV^Mk8Nhd4fv-3_o-n@H_?w@=r#veGo0bY>aP@P4`QY1)nV
z+j(hpTk?&~HPv7s$(r!tkB&=)!T8j+#|CXdG4si*H9ltTD)WdESjkZNHX-XMYrHjQ
znAhn02^cj;lkt1Yoh~d*el5+t`O+>{Ri<}g&JUNxvVD_tpGtBJ29`cg{HW_@{gfmr
zK*V6{%VPV-=``z?TOOkzPcTlsQSxN9eDZQBQp%a2xy`Bnx#m6pE2AUb;O~}+{0eAl
zVRzOVd*R#%!F>!Xt~dK1mI7?NVA10SIWnZX{_h2O=r;b`758_4E29}-EZmzE^jhI!
zlx0~dv^_dUYJgR^6L!@Kzcfmk7X$XH2{rIM^Re;xQrub>8PbjN?PyQ$*L}?ptILOn
zABVpTwDCj64o)n#2)6kSh(8lnB-DAi3}Ltb(HSh_h$`?Nx#HD5EvrP>OjD2O&{b-@
zGA!|<|B(I(hmhAH^Qav|czwtA`gH5t9k)@}OCumF=mH7=!vN-r*l}}!ZF4ZmbRbPw
z7_@2nY*gd?EhpdU%fURoL^CVKDDWEN=N4atZ`X`_#E+N?znAu=cCuQ7qwqW7m&p$(
zw6Fr+5|^%5|B?&oiC8@~5`P0N5IVbMeWw}8Fo|p@o3EjfCB%X{piY{QEO8(PT9g%-
zM0EFeNsfP3iCGXBlyoU%#yE+WfrNb;!?K+wybwN|(Ci@A9(n8RO{t1BHGn1$M}bI?
zF_NA6yUDMg+*X&PD=YBFQA^aTD@j#0Y)w9~F}oajl6P@`sNa3uYHN&{ip!UfE5o{F
zy-jll#bWpfWw)fBB+gcm61kF75Yh7XP>EmJ-p>qj!@S)1*~OWiRR+%5@s_1frNg?v
z$8i-Nu9L`P9afUMc4gUGs#cWk*o6vJnxylHMt=VAnScUPE!B)x$zC?LZd#(@(pW`>
zqa%;|{kJ+7v)*`CjUj!gxzrm3lwpcY!o|~F39~b+*EEcJ@`hODvP|HP#N#NdN@QND
z>Cj9iAo5T2a-`tk?5ZQ=Dd9>}0a5^=Bzs*QDq(}df6><8I6Wn-8B79v-d8Dp1c9~j
z<kiol%zVz56}y0J^jJ#;dQAIw&UFtfb^dn2$b1$TbLVO-T;_dfip;lUO(;h0d@^%&
z(?4~PDhqXbJ<lhwz-)+DdWgn-n}C$6ZKAz{w&2#_>G812y?BZ>)Uhg3b+UR5E$;{c
zKm1(kW!Vz0?@mx%8&hR^>8%ORJSX|sz#l7L_!+UkS{d#8R3$sXRq=wH$$k|}XRPxV
z_+n6JxQ)4f#TJ)l!#A7M(d6$E<j=G-DsOIri#rEj^rx)v`&Gh&73PK>I$lL=m>p2G
zyPYl}oaG;{&yxMIB`n}*qRtb-Ruhi8xt#UF+K#z?Eoer_QRBXIoZRay=fm%CpY2N6
z)$J(28|LM3-=h+JG7p-nk*-NRHepHR7%X3dm4$|<JXo<#+RkH@S>ZMBr;&E`u?enL
zPz9^AQ%b!lL;h=U4hoyKL!)YPhz-YGd$=_HN!U*%l-S@C>=!GIvyk|5_*$Pu>dE#n
z=6Ykjly|5)%D;8XoPM5K{(so}y9BqUseI-}IezVm^<`77g=IvvtZZa>g_I;HxOE2`
z(nr%x5#{C3rM)D+kKS@8I?7V$Ja$z8^)!oSA|7KxJ(x@7Jh@0>>mvl7=PC+y4H){B
zDtfZf`C!~o$;?=Yh%K;)g>|m;{!o8bsA)Qpmlzu@e;Jwg6Rs3OB{pwWWm(9eEqMPH
zwQS=iYl!)~M?P2Q`5~p>c3ja(&_mZ8Mu)9rwKg0*&o+sqpeTZHc0)5Q?$hl%gd{ah
zh{}@6RsO{36<gWZtVeH!OtF2#>C8)B)vE~GC>b(-TkngX#(`SnaZ>%SiETFGPH2l+
z#t11F{5P?f!JZ-jRmFyxE+O?Y3Y!Oo8H~NQ3B*JjLY9tlu!0P`5Xz8~ZJzYbp8+S^
z>L1uh|LQjp`oFSSdy`l?MA6^cruO@mR>T0Uh=7gkslW3#oi}mJdL3VZ=+#FOX?n`a
z3mc2kgf<FL`-xKn;(x^hPpc_e5EYl)M~TM-xijPme4=yPrIhV&-z4$q*hV;5#$N-#
zFoQ0>+&@|LqeM&!Jil4X5(Ac+|C1Q~ujKo0mUS5upmrRBS_o9DaKWgdO#Re<le2yu
z02N1Nzwa!dCJmw@vltNj=YIcqLOVKu*W`^oMf(M4W&)nXN&JgAe*x|nqt7i6nE>#l
zku8bI|JU=PaDeCa*owAt0q@m%{Mr1U8%6~I(G%6GPUPKBdjAes2>pL_?mu+z3xELW
zTob}oX9Q~M38nGH|7{>Z4@<QzUMIdy21|WRObq(p4@@U~<gUVO-ivYufTctgJ`?@>
z!0E>ap5G1aZ9fLKLI0b#1v)q!AnaCMB#&pvP(fEudv^c1P6RO>vrP{3@xNwHgp&We
zTNFqh>D~xeYI19U*2Qoe07%WhaX@_lO>B$!|1bOhY?t8HW0uo0&Nc4$8TV5F2i}3C
z{-PaEhR-tpyaT|W`9qY_8U)tccj?~Jr>FLvn`U)NRcno8#RxXduhjMM+?+7&H1?*^
zF7pTu2Po3_J6ob&7!D;I(mT4W<V-Dg6=xo^Dv+O%TL&t~Ff+(BzYfA<ERT+T7JJhi
zXm7wQT=emF@`kH0CGBOC7OA!)pT*EtuunkW5uCvu&MU)ur{`)Ue@B^;O>00|F6T}1
zu;ua0g69|XYf;6~g4n_8a%w*7;%?yNtG+Aj!^$_vgdVO2N3(-;S|@h9bM<H{5yDvA
z@!>`5;fx7}jOdb(-8SfP)yQQ}J66BE`n>bz=hcHa%TjLT=W(-r<bD|u1>uyZ2%kF>
zAKt(I`fz(r?M>RCI{JCFW#gd}Z!lumA#M>MivuqgO-w=Kj!49Ync2TR9sFS=i5dDx
zfCXZbkH`P$d$O(n_T?+A<wm}X;+98772P1D7G67Q0xQ5+2{)Pm)&})YkzXjF7q5`$
zZM{*g=8O^YHJ|ZfxQa_3|AJ^G{9`OhoeRD_>As(`(D~WeYKFCj)|OaeiZQ&+s$ZUB
zz^d=RUGdd$ftcbm6?d7^g%0wm6^W&s{(y0d^U{awzli+K=?WT`zC!9mC1`Ntyi&d$
zKS{hG2|=u)6#J2766*A65#-B2r^oO))kEm*#{p|i1TF8H(b_lsQoQ8f`s~GIb`>Yd
z3H6{F>L(X9S0r%n1^npK`T=3#uJNu(edJ97)z3%BQGu7jn=El;3S@Zlym+!9hOEIN
zrI$A)rRT?U(MIPIZzQj^lS+l)5|viFmg+9f^0w*8dr7s(Q#E`brg@a<vlpX$DG^?J
z9yj~<mW$$hD?o;WD%V%~^>TZlBTcU<T!q`e2G1;l35%4)dg^JMV3h>fSH{4_kj|P&
zR^@|RGc21r=DsTTKBgI3Ad_FY(-J`ckX9VB_#^|{dw+ol-tn8}JqvxYIx5KCz$jY)
zkc99>wqP^!!YAsM>|q6trm;%^+UKa7vLw`T3yh6~boww*_%XV<+IwKy&WVJj_%x2u
z(C0!<N*353BhfVxEM+h{*kpC*XB~kI8bnn`?!|wWsm)kKdMsqquk>cXO+*HJD+(+{
z#U4QTR?k?L-Utmus-W^TY;&_=<>SDP0z#5-g)Xk7dvpo(_KH^dDHFs#`AC!UmO~+H
zs-M22nm}XZhkChN_!YI2^beg&xc^BhMy~?6=NW~+csX*f`Zaa-yKVhycI;+~27iH1
znP@y)Xy?n{XuJ`aFakE>KLx)v0;=y{VFY9igwHHdJZE|pj9~DCTK^(QqW0?jmFTf8
z|3gcxg=s*CuumpmGe+Qn2NL{65a?*KF5MM-QphqqEB&>~^uG6)-JKEK5}!W0dwF}P
z!BFu=)I`xE@NHXo3Su#bk_0tRGPnoS2q{Abje3l^JBx<;mMP;h=U^(~#%jEPPwXNo
zqS)z@;zi>1LY!Ylt;)1Ps@lU(EdG`!Nk8!eV}Vr<=EI-cdIH?S9|}wm6}(KY64^c&
zw+}!O!L6?ye+AsN#7{n}{o`fp_}&I-R`udrr^9;?6~6SdWSTS#D|gFDuNgd_`CMIC
zJQqm3Svp80_A{z@mI^XGA40d~(Q+0O*9SjUDOHB1aEA4k`HkB256o6K=7jOOP9@5p
zCi|?kr&@U9kV<N!7VPOFyc$Ti_w)ifF;e|g(liYv-cPZaolWAAp@qBc2-L31d=yy3
z?)W6*Fp9tO1x-%GnG(lm@b(GgTlZ=6^qQu{>TLl!f1aLW&#26z;QWXQy>j*EIhmP>
zz#c0p+~(NqiUW?!S*%}a{5g59#BWQyB|dNW8}?C?e-tEv>kL1&zrE0V(*ihp<oEb7
zXb8aEM2P(}lB@==dts-WV)_}2-A;E9;_P4Cs{be<lTU96z%;%cxx6bGc-JAQCjY1+
zDwPAS$Dcvom}Q{>%P8Y+BPESbNGuXxJ7HE5zw&gp_CMchg;s;(+oky?q@#95)fq~v
zZ=WZ0jka#C)IK4fo=>RA(m=M?lj~;oms%2hQ$r`Q(+sIK3P^M6Bp~$hl&na->o2#L
zZEwpTHO`9<oE5ft^ONL=BR<(0h3Goe#|Q0x*9$>a@FtX~(RAKn-bq4-w$~FYpUa==
zhs#A$Koa>_{JS{;(zP9J!|Zp%#FAuxf;p@+h6f!MoC|kU_dYD7eCyBW>7-cXoASDf
zMfSfN_~PPKg}gThDdIjgE<T4Xgb)wKR6QS*g|Fd#n=hlePcy^9Ud5Y>083dVw<(!}
zdv;Rx+r(&bOCjd!0T2uzG;=i>z(PWJxAaNt&w~}LfSKf$8xiPVO5b4IU6?aZNkj+T
zq+J3ve1h_$S+ZL9tZQP#Q>kSI96CGD`u8gtyE(O`eqz<-_MNv~dut|$eFl7wO!-tW
zmH%!MMkAkgJWsSSs9uN~%FuzFw=>o<J^>o1K>z5@Qjc>ep%-EsCh2E8^@L!m<~Vf%
z=?{wmTvGF^WXKZD!nMoQAN386novL2^#!d0yp|(w4bkZME~P#1lUM0e-M<<wXs-f8
z9M9xrt5_d?t;_JWqk3xJI*vCe;m1Y)3fNhnm6SLii>9>p+#^fxzEto#);;`R;*Pop
zq~d0r(rB(GB)1xj(ly>?RO2wrUdbNxI&PMbgC|#{JaGFJ3XE#<CJOXPJ?DN4#$<Bz
z)kbOo=FCABl%?(sO-dW0Reoc-Vfj&BFA?lCkMQY_^Uvp*Zhq3Y))7SDzrWicyG`%x
z7lg>|Z>a3~W-DHQiKo117rSbSuRsxgI3Tq;IF6~TsJk6xzj*ONFhF_VDtL{ew2Z}K
z>YH%s@>kIG-9Up2Ccut{u4~!0VC|KFD>N6WQ@Cu^L*h70^@nPf3?5jw(tk0-XVInV
z_ua>v?xi`4%mUxfHee7zAo_F7Rv14IuF!o>y`O35J$%OZF4cHJ)jY=%l3`g!NO(g(
zc@8DMf%i>q527!p?>b(422t+s_&R2Ix-^;glP3y0A)gBrSD2%(jS?$D_p*2@W>8Y8
zo8rSszijyIgB`9Mq<**vmv_ao%_WXiarbdo>J5ZGq@{eIa~*1`Wo?^vb?5CWX3D%>
zYOkdNYpS#!+>y2PeXCg+uuS@uI&Ui$kCPNN=U~WN5UslD<_KYLPK>VbW~U){jGJ*e
zi}ds6Id2i;p`JmVWj&`KXx4n5Y30#XgoDuO%r4XnZ!TNOno$MgrO_NQgO9Fq9j}74
z%GNirOzP&~wi4ZAI;ji_HH0&Qf7IqZYpes7&)>z#5qzWbr=vKs#s#mgJ(op>{Awq4
zTU|%B$N%Iu0~iRhIWZOXM~KJcnhZWcMq)tw=m7^G$zKEEmoEVcFdfQM)KADWlwZ0H
zSo)I2l96fwEr+MioQl*Q<x)vMpcMJNg$~UBLL%hxgV(DJEPZ86iATAEzwv4hmI}p>
z4e!4e_%+Zxhb#WN+kA4}J?PTcy!c!Wx+E0Zh=C0@5oAFO4dRNf{!5bhy!$N<!fJ<U
zA<sro({{!27u}BMRkHFg?nw`oc$F6s)D#XH9cRAyM-6EP`?B&TgaMekY~>c{OK*t|
z=ZgdPXr%Rxye@~Fpm!7E%fYq5nC06tbqDte=fu9xB^xMY6z)^e{Gj1pY@-;9dARO}
zXA-<QP%gfeBa%yh%&A_;dO~S*zP%o7(*~>Dr{C#g$pU+R+PC)VCO<Ta#$7#uRr<ol
zI=#&7<rX5bqY^z^d(t1FCw;xExQi|wq{(HZO586yjV0sJBDlnK-a@dz+P`QU&4$oi
z`8CN*Or3>BHS&AWCogU`vaa7j6Sf(=+XvLx9+u?)eDLbt>-ceJH~6C|ag<i2g+_ff
zki~v_>+KQosL-&jRP6`o{jpGCy6+ROt2`-)b6H1&|AgG_X!h%B?*ctZ$Jm+FZ!!gW
zee7&GmH|=Z#8_`W&lDECRu7-P*wN2SaZYo_zE;!I0**fOdq)9fdKt{Z-?_Sm-@V$N
zZ)P-ma=Axw#TFN?SFG`o;!cJf6y1X>T1(^KI1NQ|50dEF4<jMW+pu%XGHd=JF<h;H
z2gtG_oE0ZJ9;b<%9w5G3Zyy4!@-8>db^?@AKR_>OYBn_aNdiGs=MND-RFIk%AK4my
z39dY}SN%>(l0>(dBp>=2g%Y??HZfHU=I^BbIj5y4f(vGGOt%9>YZQ72-1xF1FwMQU
zU=-@|cDcw_JU#an6A6PV(Z1wDBB0nT@=>_`u5N7B22P0dd+`&&2OYr%GZfwH1Pvsk
ziy-GdAUmRS>=NJjF!1axZs;?Q23lENSWW5B{N0YB&QTEGt6+>ghob7W(-r}b4s5a6
zx4i>Jy7C%eneE;vOEY^(I@U_yR`=EDsTLYNp583Oa7kv{ry%hQ;on)`uqEE+A~5}+
znWFfD?G$YgQF@n<bUnU^&D<tA!Q8eM^XKB^f_6So%^1Xy&p({YP-^*#bwg{JKCd7l
zh+`;iKfWa576w-lHk(lho32JWp+#^Npbb9d>f4&{e%n4%;u+{@_uPbWtj26kqdDYz
z=zik&GxncxasFf=@nmswOxls&{3i!8M#dv{vh9CZ8Vm`*Tm~kiBh%ry6<IeWTjA}g
zji@RcDz~r)%YZOQp2?*j$6^P4^J3`QAjd_Tik@?48h1}Pnss(SN0n*Dv7gTLRsZMR
z{ZTEF9~hl=dOP4Aati-sV^q)!_j9pMeA5i~Cd#Ov(AQcw!hvB1!bw^5XkVUpiJ4gu
zkX1*jA(x@f3L6T%PS!@}e}2&hMQ};EvyZWlg!2)cH9RTsxW&$IB2}VU4AeaKh`N%H
z-}SV2p=;#rJCJMdR5^Wb(<c8x(m>MeRU|+LD8i4G71`dQ5ixpqFJjo>Sw`Yh_-C4f
zkxS2Oh}5g?x%+4m#I{+Q%I=5?A`0)@6?Zz??UzO3H9k0)@P4XY#pWzXpE4(Juu6`i
z^A_6WycUXo!6g{JkLh*ipL2MFx3ZeZnEPjM?7H4$?^lh)f!NU$J@tNa_|e2YDZ{nU
zAH=2m!DfB;loPQp`uv|}xwRcRQ-YVoYiD?dv0YBt{#>sGuj1-9Cn`C71jz73DOqF`
zONp%ZLye@+5olTNL!ey-rUUW{ff8U;9d)f;nPCOOVHEz40b7-zQlp30{WdI+G6#^V
zmTgWfrnYbZ5uBKG3thVP_Hos7_g9<`?s7kk<Lfyn`&&2;G*?*ehkAJJ(tR!ZJ=oCj
znOMj5%$EQ%e8Nln%I{ce?S8O#bbnu{y%rY1-^!|Lrr2fEUON!+{jS5>J=5U!GFi)H
zTi<s6kIX`CcQ$0rduOdH&jm7DvB0`*=`1(9K4@t*Im@_Jefc}QdA>Y_>%$M2v(t$w
zrjXczfZGgl8k<h&_v`Do<Et0MT??98lGm3nc_sVjMp;Lz3eQ(W>E)ZbYsXksH>S%b
zy&o*v6PpHJc{CIz<t&kK&kMwGdAa`}KCu1nsJE^gSoR(9yo5WfhzQEQ;dJ(-W&ow3
zZB0c_<06tQ)gY{pk?~1yXXm|ZR&@4-Y*Vc#Ny%&PW;S%=^^%GsBbW6rqwpqjX|*oG
zu}z<@CHK)g;_xl&<&H?*sJw2}+UBr>=<N<4K{dX7pSha^Hse1pjS6T5+Aoc6U#``p
z!$4d2Zs(pk10#%H&ewfEJVGa+Y}W6uw-2c}&zY~<=p9Kk3H4Ye`v+Nf9X`!}CgO)x
zU$`2@IEJT$o4Y4dX&!E#$<<K`9p911Y#kGgEG?NAy;d!p#;scDI>wT_GO9dUu4GyD
z^Onsgk7axBUd(Iwo)&D1PhXO1(lMN+svACYDC!uNWt8Sr+{!Fzt7mHTJ~#3$WM~so
z5nX+ZVe~v^urY(L_JaGKuV}OA2V0AI<m$2Y5JA{M!{Q$lwB3GmA~HHeO34UL@5_}y
z&pX*Pp@q^1lYvBofn?sX#CMkQY#!%UMzCbwu13g7*wqP~w&RvbzG-`?43<2bs&#X*
z5jep9Ip49T8Ug7!;dV)-EuaV3XMJ@2mS0m&EG!p0Ayun@I6#o|^s0cLyxOR!DfQcl
z1q*TNW08S~A{HHHXcW?mSDEK=@~a#hjFWwMQCDWPu`;r)#RFEre%NILak==Ql#PN1
zjFRKFa~A3euvauolIc~J{Cc>HB;)**+GK|{wJLQswS>%3^O0B2!~2NM!rP}PdfO-c
zpsQJFA$x8En|g_$`?!Tc^Oi&WU*fZJ@*Gx8Oft@~#ChGX)RE`Oul>Di)fMI`;&Cl*
zHlEm3o9pPO@S_iIaGGr~36^wIi1*c`<lYp424b>=x*f#eMk<!~J2l8hHL@}mq}$FR
z&Vff@byT(~`?-zgC0JFT*9^r)ma52k`kR!UTBjoqiVKz+>$}3}M5usFJY6rdF`f5A
zbZud~1lHa64s~hua&=~~Q_dK#A=~gKRY_JaR9HxKcFXnW#=-R;waVtAVCAW6l%amL
z2d{yXCfoZEVsfXoWN~|vKQiPJ*M@xzlT{2o{iEtzf;lVoQ1~2Fb?~<fjL28x!M#I3
zE@30v2AP?=ifvCtgW&^Tiq&<3hKcVrZGV-`ND=;k+h7~5u27k$;AUl~<8pb~*Nlov
z<+>a7?a8s}e)8Kz4wM}|2Fhm(fs|p~3h<NS%Zw)Dck9)y)@kLpyziNO<n$hxyU532
zRxQOP@u8F_UWqZ|9hJkw2e!A)^;74j%~XZkzh?i~yciM+TIcOWcHG{lS&4q{iw}Ao
z_FG8%@LkONLNOq{AHJ*Q%hfBQaHuY6zu}l%uJ~$WRBY=^3cao2(y+@wy$iwz1w_>L
zFb>1T?;-IPFX0pA<NL0Y)_~Eg_1N|T1cqfF;f=4km*_A|ue%`cvIA~U>~)J=Uy?oU
zc_1<Z%r(&Zec9O2`4HNGYUGX^bumw#A7qyReC~SSKaRU6YdxYv`*(rPCmqQ&D-YfE
z!0R}&lIEbPDG~I(oN|7a$&G0&&dHw8%WKt@Xivz~&F@Ut?HLTeyiE0X(4E(9=*wSD
zb#U&?FBLzepv{{XrLJKKQ0M}o=ukg@OU@^ItPa$aNZqC4=yH;Yv(`OUG3QoV@C+H~
zvoA97h1Q0|HMirpOZKZsV&V?TPVbAVxUL~RcyY0sDj2-O;cLVob4~Xp045T5+n3W)
zMSvtZ6?-n;Yg)BBd{3N&xe5)#H-Dv4f%NgNGp!r<2p&z{?`iCON%BB6IcdM!q)8&r
zg36n^*vv*eHQqb-?qH_;DH@Gu<igTWt6$R(sXXmPrsd_*q2w>~1aP@1m*r|bAH`y7
zJM^;z_}{opBZjWK=XsxCZM7dYauJC;BmR<58xw6Uvkh?@p#?aI;Y|bFBX{N=o0I1r
zc|1>DNOKC!%GK^pZuAg|2+oiG`L~rc<a02ld!n|IZhaAqN@>CU^;wIHY*BFHEKsqo
zWkpVGqZfMsO5Ui`wu#3%^C-QTMa`DSG9}^)PxJO!D^Y%DnR7{#XL3zb<{yb>S89r;
zL1;r8Mz9ojxp~Zuwk6oTEbLWccQ>0`I4=N@5pH(4d%dkpyNi@Y*LEd#uXfwz#R7j_
zE!`BI6HXj;qwU#Sj8wx4!vUnpSGPxH+mXUc*G#RT+fjG#hEV#=mZy{VqsP^u<P72|
zQGGLi1$s1Yf#06HK5`HWl~0c?-PvsyOu9WEwhh(<JNNn*58j5K^+}d<PKwHVDyC9}
zn0o*m^)~<YsJdwX>#d{fQE~UnQ)HP79vS9dY(*HhT60}L9jMI$)9)&?NG~mGV<J8U
zJ6I%M9rfXaNrk!qi?`oGhd?t#IzEKGMz6B*`dAH0{qoCOWqA5jPT<8)@_fmq4-2qS
z4K}9m37g7P-b;18-wZ*L>eKqRyf>d!ewT7`O<BG&nkQd8h5cai+F<%+l2db0J}^oA
zJtekt|4nsP+5ARuSLM~XI-V2W?6KPYMoxUQtECz5FPp9bfg&rwA9!p%A5s#ZWY?Wk
zLcBgoG`_}Gy??&F=b9jQoTCJ<&%07PX`kX9TXS}FPBGG4=Hsv-{t^$;IydMJn!0jM
zGw2#xkv-xRR%#FkM%|){uRr6=xW?e{<{8t>-z_L!3lse1Qup#~qt3}@AuNwvaKr9(
z6??4Wjt2l%^l7DhE4$Zn{ZTwZD*VoS>c)DLVMxiYo%T7?nW|KwjA0p|fvsHx*2<b-
zVV2p5WhvHegUY2fd{jMPs5aMf814fIkQ-x8wwLRG)MC>Ua6qmfG+_lrdX`?WLXHui
z{xeQU(wc*Ak>mPb8}6(Jia-H_Y>D|v_~l-N5F+xAy@&5{0b4#L&ao+sKzY@Mk`n7_
zeW*f~wpj`VZM7W+cBc}BVzKfW{#`#~w}sfw`{-55080(FBmCv#71bb}>h8W@NsTT(
zVnYU`JMkzkLU<X0%|fz$__Ukl*viZCRC<sp+?>TTF!`5ly_jbv!-#4<l>KGf+I?n>
z_@Hxk9WAQ)X6;y*=!1hShHc98k7mDAFc}&`WAC7R5v>%N57_o}KEF#|F6HUMC6o^5
z;61J-4zEO$R=+Ee^E6d+pQn$XDCyaU+?R3B3wc<*9zFoye4Oi7tI=zGDR3@Os)^=;
ze$&&$C2Lt2b!yyfct1(?DP(Kx=H;%$yJY9C-e)!jtKI?Rt)uN$#WxdiOSA2DLRSm`
zzhZO+<KZ2k_$+#WR(d|8M`d2gmmHJ)b&o^0bLaum#yhls0g9;I<^1#!D?V={>b75`
z@ZdI;=s**br?(2J=B~ceH@<~;ya@SAUl{IzL!&&C$s)2{L>~VL`evyoOzpDa;0X!g
z$@ej`i*(XHEAj}Lf;!N(Vy4TMIqDA2<2<tApABBST!~n_+%V*=r25ReUhaC3l7w-{
z1j^Q+-0F`2&LbX-t`vNga8qZS8g}Gd%$^jhl{Pw;64VXU8bDp|O5_*2du5mkqM)QU
zVng2xa3MzKSW4?XXiZ?Rx7kAmdm)salBhK&d4li>{8zAo0H7oY5#%Ohein1+!&@@>
z!%nwoY#At3_<K96pl}grK$IlyZP1i=GP#yDgGx-{9FU)mmoV6V3AK~?ivm-2PMIfb
zr0CpPiPjz6X_NR_3st<Aa00F0%KQExZRamdmG=qyxPzEWaBDG^fKv+o{lH)UHRyGk
zguGEVv_|(fk%Zcm0-wjQ)0v_^EM&poXF`%9+o@Xm<$6W}=~v9(p-e9PcOE*s5J%p_
zW&3+v2v5TKUW{?K>JZXmJq}@c>);NugiREjPV2Zxo1raEAoGmy;C=Wk(+)Vat6-o`
za-zW3#d4u`KJu>$(+Z4@RIYQ}{eJk3-K8J5owtL6?w#?eS1$e5{f0bTBh`!!c6W_$
zTK7hc>JWN~p5OawY{x2aJx*+dukvNwcaukSxAC3tqh~2}S&qk3>_N$z)JuI4M?}Ba
z^j`m=T(CCVK+4ZabER5Tu$GLbKUC)pSbx~%4J}Smbzy54(UM{RpkNA>hr7I3Lr#;B
z%&t_EPV3nmJ(_pP6lurDiQF5<GOg0TG2w;bJXlU$kdQfOgjP8|H(&p)qA{G~A2e9Z
zOM%71wb{J(o-H(*%myA_1WUO*8nBo?(;~{<sC^xz7Zb%#-9UI{9h<e>=YK<Ok8{{V
z0~FEHDBhkYL9d@k!V-FetpIBO;@(bo?|1?}bWNg$fsxED4eTqDcw&)|2l)%cfWBQ3
zoPcX2t1)stR*?ChSR6>L5Iss4I;7t$fqRyDL+vhb?R6DeHE$M_Q?oI<pFBYs{~#{<
z>B#%X%wFtJ(Oyy4%CTx^i?B|y<e)U(?l8s7Kf3R2&g-uU_aY{)xl%_-8xlS#Fx7nY
zC8YLsW2otOn>iU>rx1GtyDyubS{LCUmg#T|fx3@Jtw;SJMfarBYH@d|(>RlqZD(mM
z8c$Svxn0>h*J$K-uKsO8(Js!F5odugiB;ic+$A(So#dk+yx*2I!9K65Qn;R9-o4(L
zzH$xUVWh?n#gw0s11%x}TbG#f9G(m=Ufw2e-K*>d9;o+e9i!Tf8mUTOyk=)BmVKsu
zX3a!BZH@})MpHb=wSR;cyq-SW@>ux!i#O)sgP7%!&*}{4i%D<V(R!&;F<oz0J6&%N
z>BE#-3@hoz+E1PlbZX4k)t=&NWp4;SKbLSvu+4ETQc4v`K^o#?8QF95NSl+nlRDag
z;z}-YYg(73;LjTWyh)xgWOHmZXIs0hKBNk=D|h6|{?zcK?;^xzZ&^Nt@|HG`B<LWu
z7M;6>9go|myyZmrg`h8<@c#S!TN;vSMx%#t(NT<Bu$;as2P-y?Jo?_XN^O14;6^In
zbB&*+`d5gMo~xpnzd+UcG-d5-p1fwR^-SGo??02frX-0Y^N!+zV<|7@1Db~<F2{;H
z&FL|49~Bo><W}7`UP59CyHw`-3^XnWUsTzf-foBEgCt}d4|m4k`PU?q#k@)afV~01
z3ieX58{v(bLZjD>jQCYGo5{&)v|k@plwW<A3I7s91bloWykoHuKea}=-uW;hDP_}w
z`bJ36%b&+vfb-k6W_Rl4#7|+ABcw8k{tWb*P(5VjGUfaQoW&jt>j$iI^14Cdgm)kM
zX^&F*oF6Dw)!OxPlw&TJ)SE|mIoPu;jjwMFdGb1j0@lRD89mHxxeo-*<t%nYF8C>|
zC%pU#=U%O`qi_%*r{O^hEBu22&rA+VE%!3!%@NWg<@kN6GF{r$yFv1K7KWOPc_Ct3
zvd`G{5$g|5TVKJF{Ls4|!M>iJp7yl4_%8yZQ;Bz;+D~E?jCZ<(;g=?aBYMesm(>A3
zSt5tVJcV$$?v~d{UmW3J`%R7FCB1CLo}GVZ)y%uLXV*-{@68QOP`jv3i;}YZGn-X(
zJ%84Ev?tBa=~;4u%)nuITmL~$>yyXBIbM_Z|HIc;M@7ALe=8vkLw5|JG!oL~kP_0}
zNJ&YDGz>6wD4>9}ba!_*(%s$N@D5(@y}$eX@vfuHteG|6Q@hSSdw+H(!~46<22=CN
zk2H6tMJ#^ywIknrjM$4#8cKVRE=kQi*#yz5g&N0Za;^+&W=<wC8KjxY9IM^I_EsNa
z{X2M{ha?FszT>K2gn6Y+nt%7}yoa?u8Jd!GBS-i_vocnt(2YnDv|jo8WzQ$?#tyZt
zxE@H&vJmxbX4ATM$U&TFQ9>8q^BY7SWdY!*dYxth;#GW!W3OrWCqe$>)RN}=<MW@4
zb4oXeblQ!9X=jkr4fzk0&?s>$0;nWupl;<?5VO-|0`Q+wJ_SuOf3VTDx_3CzdjdkB
zm4dmhL=4ItwUiwaE>K%Ly(PIOX|NO9J6u4@p=%uam5wX#ZTnX!Sx&8Z2FvK4H8zvy
z?=(iRVz6VEUeWU~`sZFD{@qA%voy~<cf;nXyxZPb_>b)RSQyjgTCsN&bv4bq?{q)D
z`C*-!$|&22o97$b6~Y?Bc-r8`@Y(|TsB^#BC`dYP{X6}GklQ2?u^6s@Q&>p>5*!2O
zhpi8+vm61MEqG9v3dGJ1DMNEuR*f+ZV1T-$w?1n81JFE}<5)rVHElj6rH~{l=rtPM
z8}F2lD3rUs6B1@3?s(G^txk2Np3Wwf_M0V2R=*06F7KvlphZ;3?KetH52sH_!)-rP
z6<;}e%vGK?^CAp}EWAt}@_7#WI4|BvQq!_?q13z~=1$V{iT;h9`_{aHIR6$ZVISd`
z+!>m<#8Je?{2jK^IdA$GZpKy39QG2`?`wz{w^OBw+Ob7(ONV<D08B@E!!Ee7apzY)
zq+?=N_5gFKK!(wqEbpa(F=AlzMIi#25r=dX;@cG6Is%<i@7>96;{t>{pRQV;O4#NT
zB7M$uns)aR7N0=!*Y*MG8|(oICv8VO<#KtH$njTduiw_8J5#(ieNm`Hp0oWk`-1q$
zkLoMK>-B&|p#c9>8d|BY<8!xxE7yXgJSt+{<7+0tvkLhZqBj&C7b=W}w4I?2Fdp{}
z)n}SCD^_*#Kdd>@;QAqe5t^EP#9l7Owt4sSO9>31sz#C6yRB8*`4J#Lvvnb(Lxt%p
z-n{tG34ps!g1l&U?e3lCam<{blx@+M&JgQvs9#Yn^yGR~>7JyhU@@#&8aUUNaC3`&
zNLhKN;Q`}0lbVNBf-$Vn_#&sEPNBLK&tA%8d9WS^wUdQnVkXoFFF-l!0a>DWXPd2H
z@2Xf#DD+^{F`r39*AP6(NzN{P(43z@($HPJqahiZB^_Y4vbUUGy;tYY3~^r*yI309
zypD{Fp1oMUsDYQfE(D5Anopm=)3R>FIKDEHkQ0@!%O*HhBB#`}*f9l1y*u{=Mgez;
zzT`QlT<rs3w)FrXPgZ*uLI;K39u4qHuMLZCeoYT+r;koPPuWOCmXYhQJ)R=FyXwyD
zUpdmFvgzbqpn%84WD~=WKfItRBI&{}Png|^`>?E2w#?GswKaUW#s8TowQ+5#bz>aP
zHk0|a>X7kUG4Pt=Y|VG+%C<eue03kSI?F)hI)&-+X1pE~HK&TwJa)N~(mdIxk8X5Q
z_jdY6Q^TcTpIXgGa|SPHC5YPEYWgP$u%;$<hLJ0ms@*DG^Py$KEQ`Ha&a_#q$f7L9
z7GvQ3b3*f;X>&Ugdn}p*u>)C)NUh9oW$pKh1DLI7`>YUVDc5zpZ8sF!pV-3k_drlQ
ze{S4RIn1R%R$PN1>0t2UmNvzOY@OPxk&P8?z+MnHNVJK{!iQJDP+PeyTC9rAU44SA
zIe?irJ~tnRPy!NTk!Q7eZCQEz@M>K5WzNByXyrcX8#hma%gb*yf;W6x#{<9cjW8u#
zkEjj4n``TTuU7D?Z;43tyUDCbry{(#-b<LW_F${`Dsx>VrEf1H=h<w!dyk<iq?C$A
zGqlZ_spht$$hVxMY81Qn8Ha~a^>tteN6wpLCQ_jNq$Ekz%GI@sC$dnG8C63*GlvX!
zP7GG!S2{ySHpIqR*Mt+s=|sa=PU)XMHS!l4cB$HkLjL4LLY0y|F)jC){3XFGEPOgV
z5|CngM96Dr!|;T>ep@R3NY41FL^l3dE8!garQQuza`dJbIL0I1c3>lgextHLD#XUQ
zASd1kfsZE7V2S-+ySF5zeHqCn0e(px&mkQhwchx}KO3WCRpZiISef0XsqnPDt`f9$
zn$zPG_<p%`XtdC__8#`}*|TSlkL)4j3x8uh?fpP-#}Rw%OvZ^8HcJ(GEzbMvtul_-
zu~;(<400MJjNu_E1E)LFRPk;IWvm*!vaW)tJe-)qH3}jn#hbHe#O?D3_PVONGG{lM
zIHw+g+iU7NK943S-Z$6Kok^PZiZDFs_iOm<$99>NY=Qwzj?SdrPKuYjxxRL%$$Pbq
zyXDVx>YUEWi{o#_d+mG8dD-yITvBxnnl@lxwNEpAdSp!Lz^$ES=@4Ets}n+hCini?
z!S$~;ow<cep{0`3`uR6;l=_1L&0?eb5Bte54_^=yJsS=hb=O?$O_L}OPPp=4U*LEr
zVf)M$!gv0laKCt#)6<MjxP{kzo@i>eyHG&};f%kaqTGXxT}(cN(dpE>oEb;dKOS$+
z0DivtWQ93t#ovl37~udz)>~Y+ctSU9f%*DDW%(dao7jgIQ;m!TvYWuWHQ93a=mxa8
zmlrl#_CSSu@PM^Rr}ZLjQ+s{C_@!C;@)lx`chtk)>@N_8IN^H#s+qLt8A_a{_0Bl<
zsn{*Io+DDzu9Z-K=VFzvPwS##f9v|f72%-EF$o8!jyJ4DQ!}}MI0bo9a?51;L_i>G
zwvq=;`KB@1!_}5?h7NznsK{KhZ!7$#l{xzvD%E3w;tTAkMH=1fb-8Pnnb5GdhXX2k
z>R!ca9_+T+4hGgA%%{aB6ApWgD+URhQ9Qe>PRecr1!k9&jOGQ-Gihkw2_|}yOnN5d
zii`JuYN~hfV-$2aS6v7nxK&uXb|?7y@7gZt-=2Q-35RgYy_Yz^CjZ<qvLfq>#&qxv
z@`ae^^DN1u<_(z>|06u|W&hi=qLIwx4;u50d0B}80*|^M0~|kFk1FZnShfGs)QN;;
z@JMKKwP%UPk?RN|YvJ@_B~2K*w1(yJ9rE{$7!tA3<ZVQ-6Rav@B6;AC_i`b9U%1cy
z64YC^g*Z|F7_H_uV$TB)PcGo+nJy=6zc~F%0`QIN6IndRN5z+T3JMdOVfC?IBO@b_
zprDb#&Wie??L*VIevI$h^0!fJIxvs1mR;Icg4pG{2233Tk_%S}%J@n3K5x@7)eu_)
z^m^Z1ExA>w)VLQ-XdE@fAC8yO{C;sSiWTrV9FK;<fZlKIh*9KH`bXM;FzJMhDA#%V
z%B*maS`1EsK(gwtt#IsB*NSmW9rEwEWMixE4sV!zCeS?K9PIG?E^n)z2X@qmuFYmM
zM^bkt`1VZF)p%QfZ@$n0z@~usrC>BG5DD5)Z8*@TVt&Sz8C#^-`fjVF;<GKzgTPVe
z(bU%*@K`WwKUjLdGp`sy%J_*O+&#V)%~beP3^U%LEQB3M;`>r9wE8y&IQo}KvfN+M
zWXoxDXGyHIIK7*R=M=sMT7BfRRW6?;pr**Qg(Vs7_PS$obE0J7!=Nca%AVwh&&l+~
z)sBrJrC)9K+!JtzV?HKa0>N@vjFJp6hV|5N`*tnw-Al?1N%-imVOj3H416r(6$<rI
zQ=7oFl$<R(ro$W3DY8N!*#v@ar3?-$Wx2m)RW-B*42+1CH&6(gW7;JhT*OoL=8!rP
zrx=%QnBim#dI$)EYm^XkR*+e`-<n(~kPP&TdloVW<BaD;d}zmaQ9-77fr|`$fs`bG
zbks2O1#+KsIPOF?ejk1~{$LRa{c{bz3ulO4cdPKKJo_E=t_O9&UQsH^&eMUFM}t3<
z{0Ts(2!-N=Af@*rwxvN|+oTMl{s&O(4jS3Lf-iS|ngLL}-wCDpgAC?l14Rs@o-?Pe
z?-c=3*YEiK{1?pfcZ@xv3^Z_EUwoV%&Og#zMTe2`Pl5&b38u(EgULV%TARZ_36~M^
z&li6Zu7x9^1BFA%t%XYmDC(F8um6RuMB#JvlqcZ6`;tTo8Wu=m?qmE9e%)VhXwje#
z{+X(R)~bk@^CG65^6!}aZ_t>0tPNb{jt=M(J8+x#{wMZc>ItGPC(7R$4q9eTM~LyS
zl!j+W$_UVm(OeNG6&*t8nvuF~{2z4HCzmsT2-;z)Ey}Dq4yd)#T>bSQ@Uv`A=nRw-
za&x17p(DZC>;FIX6@H_Yp+dj^`dpV={3ie_yrPxuFO;uH;d5x6wT#c>YQ}M~AW36v
zQ_rVf{?9*S=n7=y!?iIA`bWOb1K<Vz$py#-LI*Nl{ENP%8wW&>$yrAESC+%ye`)cd
z6X}Jg!v1%QeBwo*lOD+F3wDW?#01g%l8*ja=f8iHP4qPT06zOaDHG7oeTtv9z%uV8
zBQkUg7;}C6|91=EpSHleBjw*w1CXGT6$LQ`K7`_cK&D;a{{8Cr%v7GnF>Yg8`0wX{
zO6X6(R^wo?7U-+kn_|Gf-~Im0PiUTc22L@-|5;Z`A85jYWcK=Saui5%YmeZ||D;Kn
zL#aH6=m0m#!gE5XyAM{o1j$UD>p7(0i1GVBSa`x{(5#S*0A(Y10r3nZpnFkaN<h2O
zf2bt|3z`9uBRUlmr$V;zbF4F)gQ08mWmD*8avgdDHWQcbpS^@$b9rM!7vsJ1mI(mD
z2m~LFi#MG9mw?8<3)dh4r{Vo+ZEM_1vvINgz*7Xt54ig!*7LkfA%!}1st&3Kk)C9D
zsCi+h51R^KN60B}(?b-x+P+u)yCf-422J~wJ+qs3wy$2t1Ur3PBAKg#a83-(WF5_*
zXHx!aD!(>5`~N!?ZN#t8LSOR}It1LO_K)zv;hhV7%n~6tDj%W&8X!m=eXw_Q1Jug+
zI(ihj!GSD&x~VUm_?Vl<@;Ac@8$EH>i*vomfT0CVZ%nsfQe^CiYcB2ZQ!V8IX&oaZ
zp!J=5k&{`V!+$8!XGbLE1RR-7YuR+qMlxIM88aLt32c|;-T!ec`TeM{8p@|MVG-Z|
zX5cqZ;Do^pd&%e3*F8U7Mj}|x%cWVmz7C$}W~5+3;ho=|Hq=VRld%6ws!!C)hE3}X
zTnlyT(iiPgUc(LksMH%J&ww}iV+yx~btKqgT}Kfy3WWIDN=Go$At!#?FGg*)Kj?45
zNnw2AQh!~I)yxkUROCx1zO>Gu<Ez7NAA*@mq%@RYCF?~6E;|Wm+y--^b2E)j8tf=^
zg8qO;wZJhOf`1<KI}a&0Qn&^Mc-o2H0%5kwJBmsy%LKHNTMjb${Y&;q(C%EYa@uc&
z@F;fD_df@eyi<3cq}jqUA+A?ITy}G$xj;1eog4Mf)~|z7=KLcuSct$OZVt3@tudyQ
z&~kcy1^lzvqkk6MC;mwckB=YhROyKoG0|u~*KM$4D}0A0B(015MB%k$t%?633knXH
zb!Koqlgy=rvsGZ|oO^pmd&<Z8T-NE!cFZ17ccJrO8!I-RnPfFbtZCnpz~98+{R&F%
zNuu=IjYfQAjn2<AJA>~G!&{aE15+`B6(WCx@t5paf-EUlu<k8M6yJ4(8a**Z%vkp~
zw7(zm8|?5ayN?|{sJ>V2)$_w2qvUZHdt2)&-_fHO!TRIG5Z+~Tv`g5g_0=fBWv;Sf
zwpp0de@N>Hnj;4B62#p|Xdv?=*9#UKX%2do<ijKDytKknY2aU?1L>}|PsejvJvkj|
zdN<xMBvuM&z1%^zxR?3%_qPAuFZ!>-9Vozqm1GxfHdPsd@NZ`8aoYZZ@dC#XJP_xA
zxN=vYBZWYg!8nG}FyF{v;O`sAzXY{D6m{1yGJDOw<+C=YBi#Z%NHS&h8cMALKX&1f
zRe=wfOyHx2TF?v*_J650_@z8Es5@<dkJV-3aX813J@lg&;|xb`#QvkvN-Fu}GuP`4
zc76vFJsE*r(bGmY7D`RTw`8%hqyf({ygpD0-B#Y(+Vzl)5j}7p2&MaP52E~y#rYg6
zAQZ){n%^OQ97k`u%Oj1)F<C0R7Fw;eyv(3fqq6k0WSmiHAxVc$?n+lj?1$g<AI|%|
zA(6t<Pl7^GS=;wsgGbU@eo~bv4u#<Kn9}{E%Vb{QB~jpElDD{FO@6N+r50jT`RP$#
zQ{Zw2T`WP`cnf>pa&3czu^PfD)!&*0@xzm5$+qM7kK}Avj-QgFli@WHI(g2_GCUp;
zD6SKn(?CT35MxgW1rayuzuf8l__5#rKl{@gAzTBke;ur(y#m@>{q+1AURW8YauHf&
z(n@_%?<?|gh$YYnW5GNwv`1^s%x&IBBLcO9^;md+Rj#9_XT=xcUy7@KlILleOF(dc
z-Rb90Gkq56<)Tx-<+bj7$)tu&*p3l~Jd$(N?@hysCn)=m#`CdzCBF=UFdnZBHMVIr
z-RIyw_@N*eSPr4DKT!B!g_;4^<VqwY@jpaFnwH#GY1vxJP#B)Q`g<WD%D)$4Lj~AA
zj+#K$gt#vdQfdH9TW}t-hJty&%UU_S*3~%<{SN!@c%fF3@-rVPOwfU5HH_TjQJtzg
zG7wij<asoI?GYvi!A&II&ctH)(zIaArzq?c$k{(gu835>dt*}uQg0BDc)Ab}x#B^Q
z0bWH(HEg;${#-FJ`A4uky^*(uqt`~H!zA`^=f5P2^i<X&+KnLYOtCoaT)%kM@)D;9
z4_LRrgV80Uo{}10$xN<P+YTQRw)~IzNEr!L$+@{_B>i6IF9XP9+`QWjm*>?!*a$?F
z-W~I#3C{fFg984;zVBE(X{cQxWJmayV4<s=jR<3m2U-i*YT93jz>ZGnV-l_pClo5^
zkVT2zJs268a^7^|C{pWU&=%tpEd@kh47y~<xTuN905j6Gh(`Y`vd_*_;^_FeK_~uU
z%E-{P=JWUb$Bg+TnFr6KBZ~A~U`5cyEgn{f8W0c9EL6As!`1|zcwl=VjPSoaPy?VX
z1K82>;mam}Mu0@Lkv8zH=5zK)%H{_8wce*5K4L6dEquf~%Wc#-x;bL+zwND00YD*E
z*k+0UmQX%BPqG+yVnHa+W@l9BgTI^a2)Oap>U63=)VDf>MfVHb!Fla${J|KA5LqLP
z&Ig93e5gFv)wwPR=lSnwpd1+iI5}fX$)56h7tbNOfQC;cSZVIGoe7}yDh_Kc-Q(dd
zI6<?!t3tc^=a*nysDxJ0BHczYO+Usk)X)&>y0T{hOi=WAf|L{SpH!Ec_O4;?f60Iq
zu9p$KhV*>xifhAgHpy?024~k;;B^WH8IcR6VH)Ygpk27iL17d<7>D#mNak=6;nMP}
zq=W$!lniwV54gV2_>JNZ`HoRPQD7tIXzV~&hhEnASfELe;qKBs>*iAQ;DBsaZzDwc
zw^Eq@^^N>LB>$D%hYbZNu3(3ZY%9zd=t#kU@VJI+HYmG8og&efsY35fupYt)q{etm
zkSA_iU`<-^AiDvUHq{ewARaHZYW+i5#Ly++BvElu3f-HpD;8qVV-T_3zcEYxm4@7x
zZc3^FLR`$tt8XcJ_TNQ7hwGI^qzf!nHp7Z~3GSE92~+rp_iMB$KD;Zr5$%3g%ewv_
zHAM0J6?B@3*~0@A0BBh2VqRGM=0CNZ|1t+ypraVCI=G9iKU&fy85|Np#~My~C(ZHx
zh&VCn-=3e6Y7Ntt{9%2%u|Urn)%ZAIc>lF8p~6}Cw`CNsLJ%VT??D0g={O^XUAV9<
z5f4youn772kHGm$cs(7kib?+*w|<NGC$Q#{<)yHvBxEvSm;dvyr@;U&p6qcC+!F79
zhbCVG{Y;tpa3>au^s=M+f$<-s@GqSK#ip+OTg?6L^{<7mKZcs_?XZZS{$p}@!?h+s
zWkqojCEh<JyS(A(pD?0(*LCLYpyuGbdFc9o^yQOMYvue)=l;>WP%E)Lz>kaU$&h-s
z%=8}uiWHuDvQ;ls+F}0The+Y|C(T$>pQmLFrAw`_lKOuq`1_fdRA9^5O0)`#N%8qw
zM@(|^h;QErL?t9{t)Bb)`*-*Ci8wh`UZ`nnhiX=svyyVXIWf46^6<NFePC_%Y=Jg|
zL+q3A`?Q<$kQ)0<^Fx{I>uXv%x{-y1m6erp=j^E|^?g!$divhFQe1pOxrv73R}Dr)
zCmxJI;9Iw>=#M?lr5jxns)i?Qb4c!Y(|nqk2xvq&2V%z8|47+CZ-l7;tf1~jkK4#^
z-^?D4F4P`R0_#ZTVuT*bN=qXX67udLaYAFpL^6TyQ=U^S{Ik!5xXfKCOXi;n+1`##
z(3B_G9N;H=-sD^~QY{9qwPW%Gi3StcfgtYWC(hN{%(DEf3qLael=B%|1`rB1CXuId
z6A>mZH_-CsL!S+D{%1h$*br!qEcE7KEHEB(V;zhs<0vRNR`312ANzIQqKu~|8*hct
zeAqtE)y3U<oL-u4!)Ks|ujKRgVwk8eQW=Pp@Hp3GFZ}@`a8ZkVicfvj4Fu$2Kz&RF
zgs~z2F$N@?@qHkepfwD;YpS_L%t3Z`o-Y%18|r$NLwopp_;$}?Vm}uTG@3T)H_=9T
z9`9EzrWv#aKzqZ%#r>#SaWXF*Oj*hw@Qktpa4q;!3|eb`!K$LR8fq3Wzv;01ms)-k
zHUS)^IAWCFM&j`x;h}h&+E5~p<PO!~z$2xS<UW2sa6j<g_a20PGFdM0yYf4S)r>MW
z$afyQy%>&;mUb8n_=rR)2B7mKaP#eUqY{92=8^UP?TnRdYFnlcMibBGMTPT_K6DmO
zjTWO1h7OO7w1G(_YiJyoK{dtobmQmDQ#Vl{h{01I*RSH*qW7BtLTl62u?KUE^S7rj
z6Lp}RY`<S@`9FmI9?CO_^ob(_g!73b`}fDqzp1yyQvsWabgfjzow>p4_BK(k)*<I5
zSh9rjiDKDlnUi8E6px}-0)V~*32AvNfuCi8qCOh3%usL1mtaHI|KV{N7^vy1ob~;?
zHf*xRl6^#i`!J~GZjY1YibuSU^a7=f?;CWxj1TdlsQhDK0CsMhzxIt(=|wqQ6lEaL
zxBHNp&Owq@?BSh|YY{T=q*lzFG?0XHEGGj1FV@2EmS0?c%%TYYMT*t{I!92!O$Sfu
z9yLEV7dl!3-qHpg!wBt5_oNp8S_plvKP^rxZUU|#Ji}%*$z8qBjSyLwbwL5x`3`Qb
z#vNO{YSxtJBv%>EZqg%S9tzFJy>fb?x4Cq6fL3uevaNM|$tRS~O-9STfm2Q#i)_2?
zB8rQ@v=lqv&G2mPEGMm6lw)TK)lnzBMZ_tT{>6z$dwAZMpoaJTB9q9*ib~|Y9N9=6
ze3nEZXcGsTG$$CWS2zgo`-PuA<XuoVOLmdDLZ<pLzD|xK&ATfh^u}93HYd}R;y%|c
z>KRv8{KKWLPpjRfu(W&boZ&U8YBiTAk8)YJ8>U7}M+aW=jPw+on(lfWQXs`IqRAe-
z-#B3XkvQej?;&c2$$LLquWmwv=?6Op)r2H;m6=9_v{DW#vQlFnU4QtH`9Dz0e?Sr~
z2dsR0X(X$)o4~GLAlU!;@-a+Oa7{!SuzT8CZ3v}4NVzAg*MqxN1Rx!Q`-g{yZ?|zV
zR5mOMWOPG?1629Z&djHsj=nyrIakNaXtX`dF0+xY>m~P20~i)n#ec54^&4e9a=PDM
zn6DvuHBP^Yxd3RX87Ao~+K2QcZzJ_jmypb_w5D4E1*3<|+)R?f*$+=Ipk?V7s|#1j
z5&~c0Z(py>j1$bAWiut#E9_p70dr*_uNBs}Bt~tPVn4lM)?n!e4UP27R9K91O|dP#
z+pje{YB1xmpdjMrC`glKh~!*)Tivx#adgvErck}2>L6HHFBpeXe0cM=JAN}UDR1@}
z&fII5umA_KKJK3c>+XaqiQzha5|qvjB)_W2H5NVmlYZ3qy+Sa#gd%ijWOBDVaibTQ
z&#uNS{s5RAkb?WGj0p$D&%*0QGJS<G(t<~e8_sc8rhRWqRcF<&1)Mb$vHCkvOhU|C
z^!P9Y5Z>J9q>-OH?@6R)9SWJqyeEQQ9-y9><U1oyk-C1G2M=z>7F{XD^N(LBahubJ
zyVf+t$>WrryIJy|D-_&K7Y%_T3?78i*KSuUmD6RDo==7&3^)4T`oL=QMhRC?0HA&j
z)8Nld+1Uj#?%jdx{o`b*dS!aWzni3VfMm&V;$L?LD>~b)G?6qA91v6p$F;Mei=ZBt
zBeH^{RjtmZe~Mp83UnDAHczv2>Z{m%V5oK;BLpG7%XZL)Ivz<~V~n!VTLTjSr7kiO
zbHy@UieLOAecSenkA<12+i`$iD$=2~vR)>7AV{wmimT~M&V`FQwOa*$KvsD@<=E@M
z{vo~g2a630xfm*N<bgFXLljle+7Uw#4=pKp!tmMTXe*Uh+odFNHirC7YjoWngM-E4
z<NUOmc3qtpupN1p)Sn?a|8-yJ9xnNZ!)&hdJ*nC-;j;k`0F#WdcB?YY#aB;m&K@l$
zXhyr9VUWs0sdi2%y#!*=;9@XSjv5c5!QfD8CF>?2W}p5W5|CON5lEwRAa+VK=&QH&
zvvj9jO$b@Q>X8-YvY?|-x9Yke;RMf1Dj|y=EGhUN6m_GKQAs|oW1N?%q2ZhI7@xv|
z1ZMGpt|WI^9J?Epl}S+vYEV-I<ps)9J0yED5ioP^Tay7;-B_Z?6pBlcUY*O-U`a05
zZkvMHaV}r+D;@-|hiYs$4@972FuK8&+<~#TcF@(s#pp;4vdOj*Vo<0_{HYp-`?)Do
z`>T!R{FYsL1MFJqASF$~Y}ki48i)!b?f3HtT|Z*8d3b{GleBk&BEPR34#@V|eipbD
ze&ZhrRY|w{RFTe)qh_{NEF8=-U5#<%;uoWxsAsm2SphP-iOCern4i^^FTNUQv|{Lq
z-&4D)c&Al(r5qK0Kk4+40ks~KnCWcrhn?k@(UAP`i7voM5wUV}D+Ot)?RZ;-0|IK}
zLS7sF{G{`Hv7`FZ_BCoS;RPG>K9s=MQ0cLSe7jx<+;UV^Iu#^g{-st3`fP%prs*Iu
zTX^%!W?hXr@BLWI&586P&(Cj(1yeIlr5|&YIIf7=1zgcJxpMqk6H!TYE)kH$1w-$c
zFJls}u%(iAHX$s6l@Hip^}Nh?!1fxC;TSkn7)%<ljd<0g1|75vTH>*_JBOy}Uwe@!
zM4+~Z|E5Wg8wuE==_`4xLl!V>pxx&tLcw~6TJ;ru{hmsj0TgzNUvcfs@uN!5tMH<0
zwYmE%y{kC%Nag$Edo7X+`jtd5K=DLP&p}WrF5MRs)c?ZX>jkIoW1uSo3sfb&1g{l5
z;M4^)=9hexo+-zYo>7-JH4f3Z*fcBKGxqN9I33B8*0^jceeu;N3Nr0M8m<Hm|K?{=
zTmcQUZvG^OgpQE47)muH8MR3?w%`nmhTWxr%pMCo@M}~h_GpyA%}1b6MvGULKPrnu
z`3H{PV8Z#(V3Fp~tVODJ&L@LLWVk$yOi11!w|y}ed&tML=Fp#?-f-wE)#3Y&mO8KD
zUvc+k-?x&(1giUJW`A)Sr5jJ02wrXsV<DdC(YofQ`M)Bk()xYr^e*KNNfcTy>U%@4
z))x^iO7fGSvF}6Z^DPcf+CjhRb)BCp)Oa|(_5T9E%BO+Q+Yy9`*Ak`$@=Gg-k)3F2
zMv}}bB&?XjZB9oC0~_7!Svxa!mE`q^_z=^T97cLrU7mG0T0FD{uQ$b~?!3tkELmlK
zeR!`Ung+m%nS8PMSOu@^2E@zzDv-;E;bgG3MaBK;NHaMhsEcF=9HD0&@Je^obj!jr
z;<@#Y&xn(Wr&)4itb{*~W<oo=!|2}@5l<|Kt{4?L4Auk5zZA`a1>X@$CU~)#d<w<P
zo4{W>ne`MaRXU}$^y3+N`62F#Amq>%Fqw287vp7s9NVyntR>)NGMM`%uq3YNf=IrU
zQd5oaaT0}nu`rNpL*1GizWSmxoxtM&uRQn*Co)-J_vPfJ*6L5Xk}Hkl+NCJQIgaDU
z`lNJiaHQhKN1Qw}HLm{ZS4c%nwsnxt_3l!<*8D#S^d768qleV)c&)#1C`jiwHDIfJ
zSU?qG$`6507N4FOI{p%Ddkujl7%?r2@*lF71VL!Ye|cY4GE3+g<2A7WMN0>+$_PEx
zRWVK*!#m`p{I{$GVAF?m1K}*zMM_vdu{C-;sNX3N_*cK^;Jy(fS#a_ypR3|VYb%Xk
z+CVW+aJ=o8^IE-AzI}K(BNC|oO3>%}xR{Z|TR-*(Yji2x^X88=St~+#`m@tRA6x7X
zyx`}H4)sORjxEt>Z{ydkW)F=PNY3_5Wf^HP{Tc%&?)~Rzyi&}THLD-gcbO%eaTck0
zH+W!&3ni3_o-b$j7ff+l;38wKbci2qH^Uy*to{g#mf%C;y4*S$f%&S<OGFyKd%3;n
z9@Lgliit}e_>DYS<QUYDiX)o{o?69G*fPVB>co&h7*g1Yq=h%ZQ7i?D2fx?zlhv{2
z`mkA`;afP6KXP?;h_`x_Oi0U{i7<n@yHsI&xy;fidJ}Gm^YcOsA<%=-Xx`G*9#=}V
ze<i4Gq{axvss5DaB>AELhp98pyesp{s|S>>H{~ZW$CX~xGd|hGyMS1+0y*J2_Ad=H
z-ngCBSht?;RjAWtcqwZZ(&{me#EuKwX0C>8I|++Csy}eTKa&*b?RkfOPflI(xeRL;
zB_s#UYrSXSLV2m8{cKQpWCLNi$6kkz{qm#+@r~RYGXKbv9F$BD%ugWncn2XV?-?3G
zFunN9g)z8SaLw-4U_q+iP_}UGx;4)}#q!k7JX4`Ja20T@pJQ=&Lffi22TO~3M1m>o
zgfO9;OSiZ=m9E9Q6(f7|0A!UdJ`Qh`WP6eBE^)d|<sVtp_*&fFXM(N=2jo5+JU<C5
z;Pz%Xmhc1<?n~n%v9se5*_=S_8ueL&3}fcuE<t?6r$z1UH&ZNrbra`eS#N9Mo7=OH
zk2ZB|H}p%HYP!%rtY(}~U7TzaoP0Z2HDXP<&KE=?4Xo`u?FU-ck6{_6o$#g(*$$8-
zvoDbW{d2B%9&qMP3JZ)bh@E*<y3%w6Y(6Z$7_KT%^~m3?dblIaqS0stY4}IVpM3q<
zqcx5%Fo;qwJhj&0wHnT>swID^S(4Pd+S{c|W}f{E8Mu1jXmG)Cxmhfsa|@0A<;>c!
zs(Vk@>5D6r_QP#hsWQPrwC-3fu<~lfq@~c<#C;pz{D(^>@t#L92;#B-V7Vu-t8Mg1
zhj8gnQG9M)M3ZLNp?|u8ezSnt_=4MyDV=PPNdAHbY~*!JdGX%q(D`IcYfF%Mynkg&
zLa8J3Na)+;dwiZtp@{HF=L)p$I!+HDXPDOlU3FXn4I=K6eqReWR(oWv%v$!8QA1VR
z%UxYUI0wXjT79f_yyh8d?Uy;$b_J#e*L;UcnB98rES5LoV*_6_?fh95!odldd<TJ1
zbTc59pG;S|qxu(!LGSS?rQ&)(hE)r@XPeL*oqgfj97jX{<HlNX#!V-K8VE2K-oFT~
zyWx~2K|0$t7wWaPNQk?cy-8+NDKE~RF;Z8))*$M;3RN8anv7dW>TF+jR;t4CVNxFk
z>IE?}F#!$ktoQ34PV|3oc;jVK<XjN)#>AidTU=b1=Q5l`bri-ed=pDOAHuEJ+8GKI
zm8XCPGGd21BC^nDAtE1T3O$VuM-%6Db#>WC0AS;jPapiHN33L%@K*M|+^#e{54#7W
z?}-7aUsDmb`qxfz7jOj(*#wenhT<3Y3D4dz8|}Yuj|kb(@8t8|T&lwR?5GFiRfpZ|
znv06)8sZ7Q3B)>n*y6ov|3Q7gPsv%X`(f_8spHbD0}eiRa_?I`1JR28E?$=%(&Z&Q
z0>jI5(5$YVDWWZR23@l8fL{aahO9vMDY0kQa6oQzWT@T-^#?gyBq=bnr;Rl!|0db|
zMb+I`oR@eyvzT0j*wJDq_(C!MD01Cm4yrJokGW)I9xB|QQ9C6}Nh56c6VzA2^>6P6
zwzmMdfySRWnwvIv)^R==tCt+U8m0Wn2$IZp{oGN<MxGpci%=LA#(G2VF;S<WDTmpM
z0|GmCwiDYA7uj=a1{DZ86}@ZSuj-6%9rZtTS~>Qd4Ku1AG<Q4d7kP29W;b-wVCJDG
z-6gy3hY4b?6(G;L>=R26_wQa%z$lWHEN%}^Xn(n<G?!3}@6>uvH_(6KJ~`)5u04iW
z)o3ly8b<yzeKJ=(ZGXr5l5r7?wC^xV&r<oe-0y0h!KMXCskpYTxLSSJ&1QnWMf~jZ
zy}+IGH;yPw*s)-j6m-=*zlbEioRRB~Q?Z}@D^XS6O(sN^yL_9plelQ<erK2*S;9S0
zLCzPb9eU@e$g@+pe)zbki6fI3{Pm+<x|5^uwCi*h?5K6;2;t2F^|T>RAz81Tb^t)}
z*S;l=+(95OsV3EXcWT`GbK;YtN_yH;`;ySfpx6#^2Txun2rs>8qIxSWsaV|Itj=1L
zjfV@{N-%PH%cYrt0Nzi_SWky}O_HfNzo~EBV>cdncJpqTIQ%z&opM>xpeZd8vXN`b
zc^{9+G<CWfcEn|zZ&6BV2w6gmvA3Gc^)Qn`dACHO1r6G$@AZ5*ZDV8nO>2GP+Dm(P
z7{9`w;C~^k@{B0R65NS8C!}?^eYOLU-Iey#@L3@YS*8P1yh78${}d?A(MG#QwbA>k
zymD`PPyj2SK~`E12;=#h<UAUCd8Ppu-kw}|WKOe~rO!klFiQ7$=^do;)QI{(CnV9f
z6F;{&`pnEt{OVT{yIOtVefq*kT8^r&&o4S@KB!*c8;yc!vZ6X77ev>#Uw-PJ`4s6o
zaH~7Cy35|nAX^futMw?Pm5=Hw27@V1VF-@&xV->!aj6l{eHE(5#>TE_0)yeKUZypD
z-b6JR1Z<!h{B;(2a#*$;Dm9>uwGWBVfjO+_)XT^i>FIyvo1-ANH%r)-R1O8=uw+1h
z1w5ewZ~5K8K(OS92pL=99lI!iP^~er$3e3qXP5BDB_|A_%V|%tZ89e@JJDl<=j#`-
zwmk??*L$<zCriIRIz!<Hd<)?Ph;n%m8rv6iN;+L!T*afedCL4NWbAe4yByl19toIY
zq5D~e57jtx*9`}2bW)OPj!Rl7Z&cMI_^qnQ=w`+VcTplzx@_Irg<aS-5=ZeaEmlXF
zS$92atR@7;p6@<ftKauXH4&$fKU_H^+Lh@FdVwIOJdb5gq&Hl+ecQAWgEzWYhs%~S
z{2pJnYdvnZ3GPBYXHT~s+#RNQN9BS!iFLQbFb|FeRj7-{gCNUAmL|RjA@ZklH0p`#
zCO&*%M4LJ-IKcL2&0v>c92zg@mXmyb)UBG1GVbh{2^4|%`B@>r5B4R;8WuIYL(TN2
zL;ObSa?H+;_2}5_GYNRYq`Cs$k2)zV{u|QJL#TP+dQ(TL+@p|HpWa7fI?F&cMa^aS
z{Z4;5r$_IDku;yY{a&W#>3mVt5m9iRD&k8;E#lX17z<aEi<(lYWADzAPe&f|w>9td
zAH@V7$nV~i=oGg!wC2EuH6lcml}PMiN0&)HydO3-c6P98iB+DLYG+U&N1tHyfN~=<
zxVr)U!sEDvN1Z+n_GGTRUcXB<!<ZA4JB6wh>NOkT(X@Q1due8UjZH35*ClrnA7d>#
z<#qVXs8I){(WHoYdCcDB5R;OTWsnHmFLeKyq?9ai;<)e9yvcYw)!zhuGmMt$7_b?w
z{#jGiBQ_2|DOMH`aUsEAJX~k9sJh3@{Q{a2k^E`#95(Vz5nf`Sfq?7A=4kOFkq#yc
zi6aY9J@;^I9O`w1`hkVl?DH+N4O4-vvp8cJyw;?W<o6?)hb11~56jF<(Y1&n)I}F`
zRIw}El)bLQI`8G)4m-0MTOg#a(}A;BI4nOEgyc5%nOuJrpDHmt4u<>VK(4f$PP@N~
z6{@wEEDVE2=9;qu)+3y2Y_ppD*!6n?+1nc25O3lCYE5$IobuR07(W5gU%zI^QbfT(
zv~`t{1y34!idQ20G<%$BMUIa4Fazp<-jZ*{bo)3mA`S0)oXhZXCS;U{99&pDIX>yq
zaK01DPB%*mhE;Q*XU9VZwgAh~m~R1~M8)96Vf-A}`3Z_n;bIBlH~rU#2QBP=XFdj0
z-*}Ih0&50*Ore<|*GrrCBacM)q#dJDG+yiPwmf|r8Dn_?`;nm=8R)UMSj5_fK9w=f
zPHk70XUd&SQvtVbS=Um(>{#|F@)0$w3lM|-JGvq=I|2zM3AwwBfP(yKAsCgsm_8mc
z12SFJh^%r$cl?*LM`zAhbfJ_kNi<CzA8NN%iJ!OARS0meFYAQMR#$#Vr0mvM`KDR*
z{-bN`XtmH?BcSVG_^^Ndmom^OK;3#DR5BMou<vby4HG(*Y+@p1VHR>jF!2^R@y_9a
zj4{56jHj{7HH^|?lh&X`KJWAy>NZyGRw26X4H<uBEGJB7(7-@f$iM(fvGegz_W)*W
z)Z5Staoms~*z*|*vAtQqVMV*Vb9F$sK*cZ2iX)6!_6>JIgn7C03xpEan`#AwwlEr}
zdOuCSna1Q<zF6}b{VKd8bS+N&Jom;}40|b|4+C=DQwliBKf13J#LyHT@2t&MuCV3D
zZW}=An1)gO$_!KkEqA6d<KK-byj;}51Xlh16x|`s*WKW>;7h84bM>_#9RsPV!+@AZ
znJz7y(%A3zx|A}V^z#N<2iDVSTML5K7=fkbe)6ZvLejpjQqY~2HzdG9OcHKK1SW7=
z{ql4f#S(RQ4fa9h0kjAxCGsI(UwM6`AU{c^fn1s*K#5LFb{F4%b5N`;08OM6PQeW_
z!j+*;?GK;}C-|a>nukS~%^@_QDJU5>WbrNq?(y;hgvyf=(KyGpf;u+~OjS0^*jjeo
zlbQ_?nt(i)zKj~H2EIR-?5ch<bWS`bCS`7Ms;evd%VayruaA4&Kc|Yc^Sch)Fq<ul
z_JvB6%=_Fe3evz(JdwD^Zwnh8EFp7ooz2DDROSywja%-Sb)Wd-!^6}x@vx;{&l)?3
zW1I;tG$aR6HoG9>CHY-fiq3J>32~FcewzH`9)#v3I3Zl8^f_0{L0m1AuQ95IQFVtP
zMI(R+)U-fxWz;KO64$%)y%s)1U}(udGV)ZJ3Fr>NrDu>ZNG<+3^|}E!mQkjCGVk0p
zk4cp^ga_F|#BQDN9B}by?q<{5_9X;!qq|heW`&?3l?dir(}|QtVyI9=Th*flgvB!)
z6sztk6{|vK;)XkEk{~aJ;mlX50j{36T(__D*M6n>k^VB7*JYa@!qm4)4gUHw@#49$
zo0Q$VS01PKhdw3@Mqky#%^z!3x;0CYJG{Ez;|0=|aA-M92-=TYEaEY<k>;U7sjPRX
z8rd1xPHXC#c&g?JE=M_ggCPBv6Q({^cJvgfoh`EIN>?75Qhz*!{qo8bDKSDu+UnGm
zOEB!>^5W#<8>69FsYQ*%(mPlUs_D^l5Byx(WxkGP!PJc$JNUx4`vq<CRo$AzeYi>}
zBVO)7u=w>ExV|9CrCNPNELyau3$aS8S#fEAb6<84yV`pCaScgU*0*E?sOzhI=`a7x
z?+Z#Ngj3K33LRK-cUqqDZ73M(^&Mq<$fzrS85Jwq`71*aE((tl2ZU<Au=#C|lz{aE
zY;2G5k&ff>>3mkI>{qu2n!}}V=1=t;#1i2U%t=5vYaDun8Bmn6PiGWgAn*#X8&G{T
zGe2u%lBL60yU_^XR1@NQ4vzF;zg!+qohVgoR4hf~3=vM=(=BAuGa~+mUJUmos*+dT
z8vQeI(m|PaxJ653WwnmAEtWooURbU*Tv6?9y`U;0P$&)x&Gcr7cgJK&FiFAK7!lA}
zR{gN!&oG#88Y~!4H|c6t2ypW}uhG`X20>7)j?DWeHlkIfFPJ3uFB$vLE9w<oNsn&)
znO=LusBPDi^m8s#fU6@ZV?Rod$9+7d0)sVQ34TsjBkUV}OIm-%M54|<ANI3k=5|_%
z(&jq<`3J(vrJTUXVPQlw2{6QVa(9DGCP^BDa2wBB$6qIF!76}#PGG1pSt6jk7kV@O
zC2{W1C~u0-q_lD|;OzXB6ub%Hw+ec&QNtzhbJF-&o&0khm`$oLke=z_0;_Y=Q>*or
zuixVzNX>XHAb}mpJ3_dP1yPB=oSc;6a(eGH_gqICR+z#>2H3w1MH2vBtQ-#EMWC+E
z!EGs+RII1l*8@z-g14dM3lH9eW%wUimt}(7xld~{2i!CLzuN1?7498AwS{{stecLk
zWY63NuAU)@n!6Z-2B?9TVY7S~>E@js`p=!OB7jvCdO7-F216(vm$ur=FCah3%xzQH
zI9>Fp?xcqdbRtWgi@BReD{6=Y<8N?xH5x83%WPMTpD81Bx(RyVL|pbr=tgZ@)j{Zk
z#T`xz9IP`xky*Lq!Y=M?{0e9)Ivt_8AGu`H+2V}NrN3$<uhq%-%0kmC#+Ex@IAEyV
zE)?|R*|NH+Wf@x!cZa|wDXcZzSOVOV`@g#@GYYKYDAtOlQwyTZ^X(18xC9Fb_H9II
zXS>dbW+-Yx_cgdmD|4&wZO;khz-@6Xeaj<s%2<=6LdVv{%?8#Z=r#FAi{~9e6?eHV
z23Kx&3T;NrTM^iWW3%A=M}$$u;Y}ieOw9M1zWGTL#P~z66>$>kgkt>c-ApXdky^8j
z=0h{9Z<Xd3p|x$j(h%Z9jGK9P`n+q}a)y-Sod7CdgV6Gvn^hPF>GPBG_)9ocf5eiG
zl*Bw<@(R6!JpXiSvK?etc4mYjt4X>9_Y(NlGIl{zU#Q-IxU@Z5?V(8^Yz{>pYm%gg
zbghwW!khKAB4dT)4|Q{C41ASDW=;e0^#!mFW7pX-$r-nZ4iN)sou=-V?u2A{vNe@=
z-Fu07BM;YNGXsklp(9nRXL`sajR@%lY-7|wYKgsMyRBr}62khH`9%$D^khiJV1dFS
z)t%2r*mjfi&vnR*c<PKlI$rfH;#;U7_GkcOy?L3xa*}eBzoXh%BC^~oOn`sk$r+Oz
z<C#5_lZn^wco7^?;ygyIIh>DglDfIIrk|F|xKA<0KRy(cvZKK-cS(`_Dm&1G0t;gE
z<XY(VA-Sf~eVE!vqL^MnRX<E(K`=i#IpN@hN~*bA;ZLx8_y>9k3pyZsAo)p7&LX~^
z=QYjFcwSZm7ku3-$cSu)3*~LV-Isr(286WGFhv_9dM??ZE-#)edpr}N8j>oDgbdgr
zITBxK(6>A2l|Yac#9Hhf_h)J(w+YUcd}8d^hs9CvSz{p{%$juw;^RK1R--!~_7eh$
zOYVM*zcu_&Jfr8*HpFQo#6#>QP>Kn?stki(RRVo+(V?z>OTWXPQzAcAHOb3)6!M3t
z!qJNkuoGMmDxF584;$!Qiifc6k_<oQZySEGv4RW)s;8DJ?$RF|3UVKC-1FFe;8b0#
z>oqwBb|92lyJuJlUe-2laY$DA+hBECIsz$k*1h)$k&ipG3A7#a9!RYNlrDEA|M;@H
zQVtDDKHkxB?b5K-@M(fwLdYslYM@@SUFxp`zgYK$rnpmo_^^Y^%=c{rCOg;I-a58f
ze()~yT$n(fX4Kihw?E=yl`r_@!hA^`gzXlcQLQ(S=IkCJ`$~x34|qA4WjnXuAU`Qm
z&C2<ft9NI+NKCbz;BonExbyLZu$W8n)VcD-{Es*TyI_V`6o$ZoUnmny&4X`;J`#4*
zln{kL|GT}u==Vqlye|dYP+oRI#aW7k%dUodNu@1Qhc3Z|9o(QqfEvP{J-G+Ue4$Lm
ztJPCx`5T`*kC%I+BJ0r7x7=b(T6~C1a(t61JKsSNrS*|8IMB-{hv*$EvlsZ5Z)`dw
z@%gT7@bA!;DV8;FnoCWrvYqP5XlGM-?e44_FFp6${i+!<V5+)rcY|=oGs?w=3|dMd
zF4X6unXeYRG7v#P(QOVv=Jd+@@J#Z<NsnEQwoc+(NI?v2XeoEb`Lg9DV)aT~!VkZ;
zKz5lpFxZ9T<3xKs7xR08eK16is84^{wUX(PihqFcWJME~mAC%0FzT7x;pocuq|Ju-
z03P*y!tUjTMsf%Wd7)HSf(Oy67NP1iS359w;2r547ea#-uwE<(!AmbtS_=+%18F(6
zP>SC+#*%g{@SM1emM7B)CQCsrMUm4pJ`H`vb%ag>wamvp$GW=Q<T?JFSpK@cYa_<T
zN1R}WD~uTQ+jqNt+l1<%PCuZ>W5nZ(gt^LC1pyw0wJ{d;ng+P}*;7Sw*9|MGJCsi{
z@wPYgG@wG=QjUsleV~jpFA$v$Aa1BJFzkc$CxxucM8W%)8A9oY1z*qS)wZU49z67l
z50qG6Ka}Fp?2f1npZ20xwivx(@|v7j%6_B2XA!xmnmKJhe5zNg0^yZRC^HNyCMouE
z&c<U_^?d)cw0B7;QDV-6;mElN;Z2u}LBX#+lY$k@iB)LTRG7Vl2GYV8hQn8qcy`PU
zMDw>f6U^ptP*a^CC-vOoO?XvNSs$UzzRR;tMN>uUsgWCGAa;)<Lmid#y!{rQBs?at
zz=P(mn|E;yURhi+D4~s8&_H9;K?&?sZR0DucO*V{=MGY%=={6sW^MLcW5Wv@VZSs?
z^GIT~QW)|`!LhIWBZa}+axl2EQ1=OdhZY+8py|u)NXsJ+efNs3miXGH(@plr@!;mk
z!R3<@6>qva?jj#4|EM$&EW&I+vzWRjzWIROhLw?$()<*_0>Kdq{rPUaA&Sf&;KkwC
zbY9lf{@v}&$#uc|%j?s%jOHj`R3Ml9<4y>T$rjWFPr!EobGoo7Mr{?#%(G@%A?iNg
z5H9JN>{MIxHIi4D?8i8gT9q@#S;)7;Puk(wJ8l@gk|Qg_2cOO2>qns&h=6&L{0rpu
zy~wH^>N9SZg+BX}l_pz>I04;*_vpC*!@V~vI0swNO6`i;hV#^}ko6MP`i5U0V#{n;
zWIDr9@x!e$H}`q6J!dDiY#lFkG_jH%*)FTz7IbO><4mFhH@%yhO1D|h9*ujHjH4(x
z3-!`1wGVIdFnE7#SKa_La-cMsS|amZGt-JCIUE>KqXUBo<Q&nrW9Ae*$&3Grk6%H;
zmLlt*U>Luw426QDnsRBFyXxTOpH+561RCdj*}8*S)9gTTi2-0E#MPm}qwY}&x0nMR
zP{;kz4+-z5r`R7z));?vMCBiDprnc}W~GQ)LOlZ?`Lpu1OKc^_@@>a_G!K332`8;_
z+1{!9hmPli#-7_}31I(P^nlrR-d%h?=r=Cjlh1aAVG5oc+DT~yB2SB4H7Z@|MyB4e
zI2y$a*<Zh2<mqlPD@pvO&c<{_h3@z@Vyum29vs@`sL=1G!M2z~c5g<6K9|<>t6QrE
zPDd&K5Z*C|MlXN-^8g(JkUH`lOkcj<NRbZ`&-yH&t!(n*qVr{{e~oK|%B#U4s9S$1
z&0+r;_sM}WN&PJXlikP?pS;%wp!~$8B4SXk>*5WMq+m%!rLvC3>{~O}OoKYW2(mw9
zqhCTM6W|86TqgtST7{ug%ac6?r5z)Lu&eE}Yw&ACVO$SmwU?<u;;=R0TtpPKy91Mn
z@8;xr!MCNn=OKTB#p2Hca9Hk0JCi5^o}xWar2%xl1gbP_q#}2brmLE@_GJ#ATJ0(i
zRE7$>`1d8;ncO``n}&-j-{`N9raLg>fPB|zUIccb^!X=uWNyjnxDvc_91!k%%5%ni
zxZ;3Mx3-Tc<wiBk^V?*r%CW~-_Qk$5zXg#9#6zr_I9uF`X!IYX>fQt?u>B@hPJY-Q
z<Hq6r#mtOT6>}CfRBd%fHuP-44lV403;s->vh??qY7ak1kG>Y|FB}**5yDURT>X*x
z`gw_5Hv?U#$sDEoqhbB&7;~ass5)1E_Vb5@VbtUwN*JH`od}3u6>yc7X$(kqh3N7J
z?+#6e#2&-bcIO7_BoKXA-upb$$e8QBN(T<byj4HLULD{;*R)bL;2^qK@blSs{&<}$
zBmKn`dRjdbY>b*xc`Fn@7Z-9VLH>-Bv&%mnTgG`iZ$jlRKv0s@EQmUKRgAO>$jgA+
zw<v?@W>by*^;IBe#uaiZm4>D8g6g8Two5l#y_0IJ+ou>xhi#{^89$M$y!F?=rrA#&
z5?zyRvyumF$gE8E>H=*pzkf_?nCR&2=rWuVz4atn2ZFn?pvRJntn5U-TU478)(css
zk*(MVvyGVuzX&0pz3;no@Ff=rbXq;o1B%xK`i>y3hIJmmvCNpTN`G3#Y*u%VFZzp*
zA9;Pi9s(n9Zc;yA*C`M6p=~;uBiE&=_*-?m6)O;KeKJ{M^-DBnf*J&C3<`KiU3AYG
zio=+PG~e-PGNO8IwAG4F4zfCSrEowm5<&l5S9|_;c2(4yjbwyR6=K{)2F|NPQLspl
zyuJC5jZc-Y?~$RQn1!Y|C=)QIa032T*~gUmjsazICuF$t9pi(>1<fxO*B+S`e2dv<
zu5{o?szA2(<~q;zP9xyyL|^1%#a#m%QUxcfNSYQ7eb776)eLTXA>z8>m%Uz(B9cU2
zSeg^zB0gr)5}vn6-{bgE>ioa{VKEld?HL~ce9XYSF*1!#7w{rx*(^#C!T<Xsh1>b3
zZt^Ifa)xKmc(I<ao-P@Y>*hi>q+g`H<*8TnkItgU;yuMQ&H|)y!92Y3L59XIiwdu!
zs$+bgOHYMz+5fBUE2FCFqIPKxedvyZNQa1kB6$F55R`5Vy1VO8A}w7?NJ+PJ2_oGM
zf^>Jow?TR9yLXKH=l(e`cC5YDoO8{&Vm{9z;esvN&`&)T-KM$8G~FPk(j~eO%vX%b
zl8I#pPHALP`7i<`_6RCXJrD!GdSR!0@w|`;=5&02HL~7~lrO)dUm$97uJH|J5~BYK
za1PaDtNOS7uHWi^t(!Y#yC!t2_c&Z%6&zK$RCJH;J}al^M94;LUD7N6N!ohKp`ZUy
zYy5=l*f3E2%JXsiBP41=U5-(y+3S!Rz75W4)6B!h`wTpdy`O_y+R_7xcBS1>%750Z
zFI*W^(_e2BJp3XAX_fr3JTB^mc3&a>DB=yn&sNUP4_4Hqx%P`p6DNUb=4qj?_KVM=
zqALW%YMTqUf<r~SjYoO5)t~av+9tVj+5Ak8X#tTW+w*@bw=~FO;7%%BEPa2nHf~f}
zA*j^ZJrHsL&Bwpz@g^mh$31Klk?Jt<%}i%utE}gBl)(kPo{I+JH>EDCpv({NGvm8x
z=AqL#V%TQuDi9Mb?y^e_>?Pt#H<EnA!{Z52F&yK}1=GHflr;M+4I#CHvuO9ZsjYQV
z4yRzSE1$e$yh5Fy&Vo{Mt&hVC)EwWSmuZ-_dA@U3^U@>o<YRfxsHV6|C5Pnt+B+Ey
z8w5h8s|+oiwrz%ELY;WVn2v{Lg}uV&-?p|7k{)gjlp{JCALX}I00~|MnXehk1*eKT
z9hl#wn2>{VQ>rB-$JYXir5b&O#V{bl#&79Ie-Z1dC3$c6yKh$hTDWdUISt2QBiKkK
z1ron~E}K;w)T*pL(Zif7$$qrO0-p8>CaxIziqcBB!Mlqnk3Ahi=r8-=p_1;NGHK-(
z1?anjlfj%9UV?3x{Sk&iZ(=SgM+XD}5`LN>!q0lUz|P6wnbG82G3ohB;*`X%_{(<F
z`g}RWHe4IYvs7WI9CB8np6FKV8Fuf543kIUs=oGD3@(kC2+EJLzp*u6^&C}5e86O%
z`r<h!*O%m?H6uUbB=<V4<bijcrU4u&mVT2-cu!EA%#Kv_u|8?O%|=_g7)Ion8HTf*
zRCO8f4Rnf??`eu&;7wCbvIx_kMHH9&emY?s7BjG9oRL&oPfSJm0%spq9BeHq6T_L7
z!ci+lY&SFcmBL+lovq)$J~`!`DP<M^P8+05eFzC(had-w&^5CQvsP95`>eoD^AL)Y
zd5|K4v%}8??e%cZ%tWTzC&Lk##+sorQ+ehxCDVIShDokb$7D*xbtgFN3faN?g#(wY
z!Qi}264zKsc%%MuO6#bx6r-KI^PPF*#Inp9%*wql_@}bb?gZOv!P*S7xoqa?OKgT8
z7wTmCJ~=zP>jZZvZQrJAx-5W8UHL<8hp;e;j_XC5X~lbaRn^e#@MlRC+s4N(*D!za
z*Q>F8t`bD_)75>K@n)NLeRmO5#y{X~%)7Ai{t&*!`E}Yfl}0g%#LNlWeb-o%5&UOy
zNrbvV?lMV_-@HmyGhqEu*BXbJ$_C4%@_^k>cY8K*)uV3N4ehm!x<p1>$$Ezij~EQ6
z<JQ)A8mg1BnN?HNSA`owBowxhHJYwB|1v{%pC}8{lpwy)(w{1G;y7`vaFGf}LbtMK
z^NZE2?%3tnI%C2*+h=0guW0sLq@hD!V}kq?8FYFJ-k6q~>h?03)D3MmI?+~N4EMy&
z3eOCtZ0h)f&98mYR%lr54Bmqlt=Q#Ka)EPH1{aKk7U{Y*B-#8mdKdfO4wpI0Aw<a2
zr1^n+Rvg@dAD$xthHhA!INenHJ0<-t>FccR;&i`U0NN$(P_;9KFNSWa^eZqpco25u
z0&ighaK-4!0Javpp5PIB3E5mn1mEMx{NvLzxzIG{^g5CIbf|Hqj@(W4T}D*~(tQt#
zL5B$!zAz`#ma~s|xhURgdyx?p>FhRsq08^sp!?s{jr#OF8zYISEPOWu4!!%4a0_+z
zS(})wYQ50T(ZDt-;!-ZT#V(hdS95llwc3skS?}|gM*q;?oT4nW4pQh6l`biDS|Tl!
z-ontF-x)cRB({$OYkGZVn*5U4$6O^08I?kg{lRp4Kv@HvRBa$d^;11EJTT(}T_L<&
zmQ(bm3SG>D&aqgwm<&Akhn#3q-S{mfNs+-?CM(+&s_|TB`xb6wo7<a&6^mGP>=<Iy
zPrYdK<?-5%MIv2w<N98Fc^~I&AQXNNwY2<8TI)lNa*e<vg0bfXL*gu94$nVCu}##e
z;mNv%iU$k$q(zdYNeP&a7b+1m2ZEF%48d&%U;y0YCoF~z0p`Gu_M1%zfrXR$w;=Mw
zX^s50^LICx1OSx)#r7YJEOybH>PqCrkxO{AYti+8$n%Xj9w<~!{QB&93QJI9&*lu*
z{tG2d)M(cX^B5`u0+ifSq>PiFM1n&B_MfnH%#Al9<~^y2xTy+(RR3Bu0!uY7bHr3G
zfxVGHthPk;7?jVb943$8D}2ec>)amWWh)^7U~Q`<lkUW76V}q7g}lWx>f1@*x2Hva
zCohe0BprF|F~E>Ykbn)f;)7_BQ7KS_#a_6+W@Vlw(qc6k0IpTSVh$2#bwuzVZr|jf
zZd+wAq$#(idgsX9a?Z=3f5z<Sz=f^1;O80bIwKp7MC&K~E%Al*NfUKhdw1QwGli$-
zsEu|rqtauQ<K@>+v$wcA_M(JO@B$ejFs|VzFOs>2>xAClRmZ65Qzg6yl}2iSJXEqM
zhNeW|dkdKFy{WS$h|WLtXUxE-PecLNxi_$>;q(->&b|9ZhD)oD_XUNFk2qQ@uP@QQ
zFIMl=rf#f=BXCDFesVONORcF4k}&m7!*Wc2A*$g!)artLAZv!|4eC!tlB9Wgo1?nK
zWhiL7RC+A&XSWeZqZIc7cC7tU$+@p>Tcki}z_5bw$$OQ1(?EhvN@g}Kjx!sZWa#FK
zj^%7%qpjKv)M;e6rCAy5J;m+5)2SKc^eWU5WwbsrG*80G(rKGAlKr0u5M}Y(d9G0u
zhr`2#F2n85-$;u_Fx4#ihFwD(vz9rh)V9AkdQg$oHSzsU8eh2-A%sesq8S`8GTD#>
zSeqxk(Txfq5c%bCvsa)rya1puU54;w)H#u~vV*gm#dar^h}#y{xANoO$1(o{nI&9(
zvs6vT#f5J(0<_w-lKTH4vkl_X;p%J-V%}rD{)MMu^Xl;A#AyrHKsb-y5Ku%$nwsoi
zc)#EOMBVJOogZzAT38hDoct*7J3L$NGVF0%>N4Cf?faMi!gaocqC-N+dHuhfr=`($
z=T?0D2&Y64aqcF$3w=j2kkB%Q-)i<?3quqX0pzp3);cu=;7}G&s85W19*_NWu~RPg
z4Kyx5!+`WZ02n~I0G@2TMErc0&C|}7&8`m3>W`|=tUEj)s9cM1z-DtQIdIwv);5(A
z{<$9kG%_->42@0+F5*Y9w4zw~?dEbXCa}3o_o|8<A&}tZuX0&Ybf#~qZoH-u8tq(s
z+bwYbZtg(=1yRU<U{Vo(?=~{f(?hSmlLqbuRQ~VXZ9j^RrDNmn8Bvq1scNIKB7Mmi
z8WSAOdanPq;aE{Y7BZ?Y58w^sRKdajIV^PU#;C&W*GG(TX3I@gIY4&5;fKF}i$K|~
zFtvirnun~=*R0NL*BQt``tEOmoa_43=umUz0FTwo*fQEFs}?L}ZGt6*zwwQ~4Oavg
zuyF!<l)qt@-W@k*y4tMqeP951RnWP={mpiAi$u(pzCoWx3hw`fh^Fy=KnJ{n$#Vbw
zJ242|duCtp|GWcw2gvf{15WVYCM$*w^!A7sqo4ShfJN49PVB#L-9RdZm2WVG(FgIo
ze_w~)@U!TvG3mdg1OC1wWkvt{-t9Zj0gFNM3-Xq{g@@k!(%1ly%%G&N*o#t30GcVp
z`tMt}&*Vk|70b=&t^M1^XfOdNJHX(BmQD*`^3pr?6#w&%5AAaZv?J6rbUt9yRgr}c
z1q;svlBq9XXEFg&R1}HMfg<E<R?5p%0tpa=k%IWhNA8$qwbU!K6KN4glsj|J^bAmc
zu*Kz3XCZQIA%zOSJDF%b;H+(-h{w=+MBX8dEJ(0QNxne&Sz7y@*Qf;w&s#)F3%CNp
z-cH{?me_p5(qfg3{Bfs4XG8ia%q~_Z<qRt!&0ZQ~s9=6x5tMU+KIdxBL<;bEd}t*3
z$KkrP0OB7VqJD}@a`sd8<ma~b44ohP-a_;}tIlG!x=ZFJ;Pl%z(V5doFuBD+k6}XJ
z$Io`V4#&$6bpsJvRD-~V@Z-VWd{+qPJCj$`b5$(%y_u(tUXQ8aMeTYfkiG~a(G4NX
zuTVj0s~aVE^-?>tEfLrq)kP(l_|spTwIyJkhZ9D_X562qJD52UMP>fBx}6&;;zX&;
zudglJ4NL2r0tJw<$G^Q=>i87b_jJ6e&?X6R1pJ2es<Dxrvw1RT@0<Ritv%2O04TF<
z#G@g2E%^NTO4K|mF?RD<O6DW1op_B^;C#Ukp{k6ZFmMn|kI?(mh{E^r`y3-vq#2<d
z0SpMS7tHgO#Lz%6MJF@tf*BT$->D8dl~jAI%}UKV^za?EnQxmfTcmLp7#diFo+H)1
zrP>Q!U#}+&vty50@>JY{zLYa)GrTePTPCLrbkmI2Pq(Tq;Zrd6zVls8VeH5^<l>3~
z4RAaEzpDfQ$gmR|WPof=0_C5pdDcF;z{E69_383KaI1O4TcBHlXB&_j6rnw-g7yX-
z68+x&9(Y))mx}=My0i%4beFMjo<vV_wy(251NIUI-Wwlp473y*hn8#L(qGKFqhw%2
z(4S(?{mLc%0m8BX7Z1#khJ8TWeixp;V|tZjL!9Qrh~WDh$PAMdMu$+lA1DSE9~uE{
zXW^cloSfOpc|-uxHatAstF={ZC|^_cJWsWd>ep;X#JwLMROQ~)8a8Q4UP;wbbhJbV
zR;yyRbsTlKX{5UDPA6UK&&_U0Nfex&Ec~=y(Lg4OC4e5R<&<5!6=J^!c+k8_Ig$SE
z#$u1XZE&GP<}*P}rB_+$@ALeUc|+Pb4Rph;_y8GNm{*M;_G=&Vi{e6|%=stq8I)V_
z-tUN@M3*vZcC5HhLct3J`%}*Qukju~a^+9ZVfPDX*_GK%Tp>4i+4Z^YJ~Ul7R28}C
zolU$7SEz=DYq|-AVX1+66M0X4DB5ZUXWC9Es&{o*iDsUV`jWrAB4!2P)8^Cw$BWj?
z&p7hgyq01WHTt{A=)LyrBLG0)q~>UDH{~_$t=F5Xew_8nWX$>|9wR#0lNAZ!8hNB_
zV^wj%?zb!mp%+8rB6Kfk`ZQsq*bsU%4K!BV7<5}f`1)ymW#B;i;$!<)UO&#%E$R!T
zFMWZ`fF)Dm&u5ytbX07ZffoF;s_b9Se^Ps)#Ufl!u440ooff4aN@mCt@Af)de$a~j
zs@!v(OKfYj)kVw0#8r9P`cQQ=u#EjHCdrC%E!}+WMXer7C!_T=R~w~7lErCdk&d<H
zYv%Z+cU3q#7N_K@Px9KB)iB!XY0><Hbx_$_xpaOJg|bp#N`G@+5}nKLIR1v(s-)k1
zvi3~T@a?n~96;%qJUzwr*+ZAEir<EEX9c0M!RgymDwHiD#JF>8tLN`CF~2GrBW~$s
z3cZ<|B-Z(+koK`0f3Il1;GA<bxg+yfPNEQn?<3={pL#mvTDIG2?N}SUUCG|#o?8Ly
zRT#UiZv=Limo4?z);SiU3Xwq8c8`~(WxpOdOxdSc*nFs5!jMgEKw(!Ue_zx4wA&|o
z`{%0o)8|Q6{NHAInmK!Gxn*_+-Wysidx|Yqg&m1*H(m}}v@Z&1lF0Ml9-`6;4u^K+
z71nF4Er;N#G<|~<W{OLinSFVSiwEG;`Rv!?VrUN6M<skwuxNT;wTE)2i34adYK6og
z&V)XA*4lFy%mPD+lH=0KzO_oX?%jGB_V!opu1H0wh2b?o`bcXH^=#g$PQC+ez3P6Q
zhB;2{UvV>A=av(KkTCtIVHRbt6{qCnF~Q7JG=Np<@rUGKx1X^z9v3|FFQ2*R1u6g|
zuXre2_V$cpb8n>F5*0<7;7~}byLp#UUWEh<8AcL*?D#<gg!^hrv5rEC!1w6t2z0vs
z=A$jx)zk?cvUEj-txhICic!3BU;j{_s=m_*rAYU6u(fAzo!meQiqcj|z~I)!2ChLK
zeiLFM<vd1~^SPh3G*^vo%2;0J5t9RNR?T^9slZ6f_bdVn=e)kcBeatz*^G7KHJXb>
zmXcKU6wk?*+3|zkJ5yLzoWez=f|tZ~0?M~L0GCPZ8sP?ks#%y=U0*q$EY7A|4-iy}
zCzAEMCtr-1Y$Uu?d5n!VcuV%w9Op#<)p3=}-pJ%nf`O|a#b^=9phE!efDvFN(1XNN
z3A6fSK3FFHg&bB22P<^u0ULB_+F9V)qvxsRB(n_{=sjcPY!sQ|9mCDEVuyuE>wpqY
zbT-F60zZLmcE4P?XY;zhHU35G<6T7i{4GQbok}h>1sT-;%B@iT@j{hK+|H@e$EsGB
zzRyx>0xn>eGBcBE<vnFU4L<7}s_+bTIfyB)BqZY<hyZGqkFI7KrtB-D7ETiIWQ84N
zYP%Zov8WnT#t^c@MQYK9IGUa<uTgfw(iRkw;@aL!B4{g4_qc&GQ>?3cUN21iTh>GM
z;*FOT0C_$^8ATh7=ZA+Ko`*G!atv^uR}yNfvX!ylmvJgET5YwE>{c-!;WxKwM6AZO
zf2rc}XdYOoL2iU_j+a+3E@ROaG`(6{ruFzVMmIyrT@lUbBE&+uAZ_Ek&3pOeRV$aS
zL;e;%%Ua%!^t}(4U)XowobWR^s8Q2=tR10tYOy*X$R48Je%Qs9X0C<x;S2tGM4+Jx
zj_qklT7I0ho90xR`q`0+?@1LA*1{T2#N|X=TIgPpML&XBXDGDRh-=+~!q1gwZI%D*
zr~AsiE+d=ZgV$O{LGUeSpQPR!mN=_D_`=h(e{yMeraZ{GdLbV;yU!r#c`EN#HG(IA
zuqi&@>-ocWIepq(NvuDN3E11K!dJ3Bxh9$`li7ZhWIa7_&&gTXeLscxX7Kua5KR*D
zdjIX_51L;R(P@GDgaGxx@I$dJLRvpu=NM1J6z8`cr$c3d;zAzpHFPP5sPn9!ZhU?7
zAhN9{fFHXcF6^!D=T%<L_PL#wmbue}ELW9{Yrt5Lp56A;bvb~m^8vsyWgw&(&vzH1
zgxm0L2yEyI;jpd+Uf@F!2oGC=d%m>^{Q7XzDMTv;@}>pbU1O?oP4#F}s_~*WPK!vl
zHXf#>3-U0|qGeF6Q(dIeq3q9=WaZ67Yk(B*1+VMz(DJqf?l`)m@;m!ScdSWx>lmCe
zF6<CM2Rz^$sF!O+P9v&?TQCme7~DY@8?PeQnq|B`H46b0J1|Bodp7M3#t^W9E5NJ&
zp1>!No-C-K+#a8XO6F-rFW#u?%4i4`3N{NrKbv@$1I-scb^;Yj1d$zyu=oxgfhL(R
z=;my%6d)PAIsh3*!B#rELUaH(3(v<(rn)lz%S)OloS%b23#bRCb_tU{i_&g&+j8f7
z2B@BmRd2I?3WT(lKA!tZDCe8i9Db{k{F~U?x%Q)7VY{oD>D%X(G{$A>C>USB!<~qe
znNjTGptH0|_NI^DtStgM1;ir(-Y^rd?P0jtyu)4+fH!B$kj?flf-6Q{1VUQaBh!A8
z(w?mV1bxDX7wd!u=$Aq+Ic<^Zq%Y{x^r3F2g5uyD@eg2Hl(B7m#Epbc?dr{G2F259
z^Mu~lX9$!N4!B2SaWrsWedFeRMZcOb6S4yby&}Ni=E~h-n8ATQ<E@D0ALU1BHzRyf
z35YMy2%1W)I-#~NQkrxHbFJ+Ciat1<^Si!F^t&$^5Mak^AJ0|l)@-WIW0eq~9<pYM
z4r$I^sI0avR{tVrp|(6`TRJNqWXNbVM!w)z?!WwVKOoXjc(P6#w0b?esV4X=+tMRc
z`1EA2a>`o<*4BQGO+;-HckEDOWy~Uk{E7I+&W31iW>{4ZWd?S3>h?L6)jqx>ENX?_
zb9H7X_rQI7e5i&qNR<KIrj-WaZUCW0wicHyczf8b5an5r!vj=?s&ci%<oNAj!n55U
zt$z)bJB4pp?&@>$i);o!#RNV&xp=V{oV^VkpVO)PDRjtr;8at`$}z>U*-XUHAPD^l
zuHGpMD__i9B|v$hjIXqu{fpMBn!K}4nizOxQ#oQ>&n|eU8!FTY8K1rU*_^qxbMJyx
z{l3r3DsUQq00*uJ<%;7)6MbuBG~l(+t@YItNM3<^)f7I|IhB{=Ru`7tN9MYOOAE(b
zcLMcfmV=6sFj&Nu8Ba4wR>;{d#3sVfI3*@K+aykhoa9$Ep1>U5T+)<WKi^ADV1^~J
zASH3sB2o07c<=2lHrP+ll+{@lKdrXqG`67_xVHARs@8s0T9J@grl1)c#-yG5b}4_E
zYd_^?{KuRC%$?rRZ!lbXj?9;2#Voj=y0eFkImue!g~eS^)W$&S=cb!GiUv^^_Dd&M
z^_fpS0de@S&E`cP>ooap4<AXrEji!4rSPTP`D-c;vP4*9fdz85a*u|I923czDO`T1
z_I!09p=)Y!uco49Dj0S0f@Ohz00veLY&3(&YJGmea}0-D*=q@JVeu-9V*v}7Z<w~G
z^jKRN0|Nc>fLHYxvJwaNW2^%le}3~+`ljS|`<{*BnDbfu>N%K<zr}SrxcEJQ(9=cZ
zGzn~1AzZ`Z7^D>|58PE$HK_%>$5!jve3n%$C-@igbH|<gb|g*7m(g<LAztu31W*LH
zG+<^e9CAaInw!f-t=q7J;!iQua6#s{9#F<vr#PvdRLdr$cj7ss7ja%=y@VCT`AK{+
z_yFK-0+@0eZV3O@Xl^L@as`Lu|6(l?J^?f8Ld48q@$T2r*)L?|l}kh4Ogg-3^lW`g
zI8QR1Pr3B|6WE|Xrz+3T?}2@dtPU%sy&itqC05eZ5MJEXmJ`<%)`85hXkcBzt`_z2
z(iA+(^)U7OPnadBc%(xIi}Z5^%Lfm0ue%??(&a!;Xv97&Np}P_o<kYe`qZj^1jUdx
zCoJiH^{i5djit0)f^t9VpXEUV!@epl<k){W@@#k&P{f*(N3-W1A3P7^Ss9d@ZV|=V
zWEDP<mpWEtg+2?G8xx95EIJo*sI#RCji-@y<(EAOQR`WJzK08+dcEZcc~DKGf@I78
zy2fazj##O+#D@QNr2+4T8Z}LWT`jEXMeG_hAdi$sz$3yfq?9tCAvuJ8_8r#rul{w`
zs%Op|3OTMSQ`eICP&%o7N}!{<73xsbiUSl^bwUBaD5V?r_o`yF=tnod@RP^Cf&_%;
zU%fKR%mN#<C>ry6)?wN?aJV0CdFUmP%!NJlVCk*+BG!cv6fz)p&1A5eXFS7kx`gsm
z5M{Kxj379KSnMmW{R4NOuMfmAsZX<^9Xa#r9$={dvi@fXzpS^g)^;j#Srrs#vuxR4
zONE(428+v`nuyp1+v5r~K8#r{yH`JBV})bjs4}Jeecm@Nzi=CX3I~s|pp~P|a!tm8
z)bGey1qr<v-~A}o+b`VL)<UE-SO-X}$CEMc-qn!)p$@_|U;4ISJt0FbRy**a*RW|-
z<YqC7`(|l~Ik)FP*J|xRw-}1PZ|>5<U7YGD!ow;ybl&_$m5KmrhaJ6>x;+fcYVG>g
z&KYO(?CISKmjEtLH%!jI2XYT@LNjdzT+?o$r%!{!cjF_)ll7(Il`*>SDqqAC9SwHA
zTpL?xk^S)hY+&i|j@fz})n*{TAZn9BQ8ns-)%@JQO6Jo$jL>;;unNi&;wHROls9Fw
z{s%RGlOE*H3eSl@cg%@`yfuh+WeY0#BMG5i)e`<YN}feILNB`nxQABW1upc`zFr+}
zjJI6D9mT+SCoJ<gN8M<YkO>xuDeFH!q4iLP33d}R#69O@G_+~n_<h8o_7NXpIQ}@Z
z!chKN2cJAdcbYklK!yW0*E=4#W>XzgHMplNQxMqP06SSU<}^U#ZVV>hw|a$|;EMD@
z6jK!76(hY_C{+}oRttThtCoiW!Q!J`?(vNOVGw_RqDUA7nLGsO2IynZ8vq9K`r{<H
z?qd^xfwrz~w{D`SZ^^a1?#)i<pOqy^nk3K%bx;J(e(Q0b)i$q?X|KKbc8`<mFX4UC
z%;z?HUA;TOYE&{**Hm^7x2R}FRC9mb8#n@S?$qCVOCbNi;(aNOHL#{_fj|7@lJ1_5
z$IQv2zE$?h#IQ$QBnIK0ui1o+Xm-l&qDe=7HeYc5Y@dL-S5yaxdxU&}p|{dA?E2=r
z>I#h|9Zj9=h|NXn9#&le4)eLSbbIG?do(R9`@G7@Uu9o0wFR{NL)YH&khbXj**$-7
zXsgbHegh7Yg$I7%)#o1q_!TSka8%6@OeR%Z2Gf}l+BSu#o46R9%`E2QL_p9EG6?Ko
z$S=G<)x2GzWqK`D)^pq7z?2(wmKD|hc~hDnGdT!RSH3SMY@b<05#@*?H$;UEueNsO
zmd=bj`qpIC?TuNBS<VbAbwYj`tjZs%olfLEc2*7AvP)AVGgV_4u2Cwu2P871skk3M
z5;=EbP?;@10nSyMcP$?`ank|3C<B?x?^T!E)ysG^fF87D*@!1Hs{w;xU8s{D#QFNH
z??r^B8Z43M!mE1ydIW=vGQ{06RAS%7Tji2t-`4p)I0qVNQeYvxYy7ELUM<{?3yOvj
zDdffSOV63UNDMRMdfnp(j-bZ@6Xe1EYrO&K>CDR)ji}JLaMR|_bOp;xvkRdTRo1rq
zV&u+r-{49E5P7dMX0JU!Mk?95HLYH*Hu#rkD-y!K!H1@&*DpSmYtwwe#=eGo^rYJ+
zRyEhFNLvk+!qIP1m%lx18!_t<@xnDgH!;l8_E1N+`m*)=EKY?xH6mNP+Nv89EG;F?
z%-LBu>A|~)oyMQ(Q{2Oxh!%{(*;^CYw?bCi1R0ER(5#`Y(GrxLOEX2EJo3@W)@)bm
zkM0+kT^TTyy@X(ITA_Zh-&uSN@d<RHdemVPJHrE{UsQcrmP@6{T`+QFzMh>)7M4(6
zbf&nz9~}-C2^OX!=_A6$H3S(wmachJL-wg18AYr~TM?deRYg;b;1gl2qM0>3Z$`25
zJT7uX_R7Z)O<v!3V37cePxlxZpF&VfER^q;tG>w_%F8|OexhdCaD85#x%{1Dd)h$Y
zaz=n}dF<YM1;2PzIt6X?+@~ac@`yg+)N*6}_4FGn`KW^I{oM?d`J1M(E8kL<P3n)&
zL_`8FCTu8QI0X=0FY+C34~TSo=JaiuUuT8Qvh+v2%F51I=9;KEE74eH+2v_NKmgH%
z|3W~5s9?>p*KxY1_-_{0Guc!O`2?S>Uld4m78^!M&oV0S`mZI@zL+l^)yb5>@bTal
zz|NfH2K}s`*k9ahnEh3saBk9D>2tpJ_#!Ko9xMz8j|3L}7=gfv2G!!`KlyoWGN8$l
z9`kB=kftDQgABHUx*z*<iR0At>fzKI+|5<w?I@B0#Cw-^+)w!u=jN09o`@mHb1Eoj
z#AmTIU!FANe!u2jYNjNw?Y`E!F1mm6_}c#3R;zIM>u2%9jO{B_KlM-|7*cHt%Zb*j
zGDr81y^fxdp?j{(_f9@|**EN8`i6UXyi5hQ(0iA(d(2T#wVrH9M<GGzjhyzomY8*L
z3%(ode=TT(6cRq*jEuoFEwG(^uq@`ZsIoH5e6W?-ou}(b_;s{$5n*ttxsm7i%kXr*
zOULWy{hlCb+IbN%Jd%>U7fow3<j_+<<-<dYI{6pF$O7pU{dP4#W36;IPvw!P!fbRY
z_c+Lohaq&{<W+^(2YOgHQUXLZPY*7oX;t2hN-gLwml50%B%R+BFO{ux)A7W*u6$LO
zIA5nXNz*Ef3L{sA#VfRUKInRZ5u7D0nssh@z$&Dl(zo(ejcjg$crjY}%8=?Iex^d5
zdO}63XI|H@@jbbe%VaduuF3ZoEeVb3h@%KS+=uM7%4Ao1bDRZP)F~EB$<}p-t{oIq
z^fU>^XI3&+4u%MU_wNsUtslq`P|64ztILniVoynhbi0acY|X+i)H+(|flCIpDi8f;
zxY9XJLZYsnuNu5nZQ-wH<uQwL1odW3_CLrJ?=luXX+aWMf@dFuojJ`gzM&^o?Vwwz
zPbV*at;2HIKj=AdAYN#4J}^97m~ErYv4^xcBh@7l_kBP&*S*Bf(SFG~#knPHXlxY0
zl=7)(wM93(@-fCX_frqUdPgqz*_s5=X>R!!v!>TIZ)F;n<5d+#qE)pEgB7;GMahJK
zY-ysAK~PqzX-eJoHe?n%Mdvq05K{F7cX`i{bz9k$`p4$Q=3oQ2>cW_+!X?0l*B)QC
z$GrVxzBHc^II*B6%;yF_c+AJ^dg~Grr)AyI`Kp!_D-YUxL?nIZy4Q=Yiq&mG3{+U+
zM@hI>n600##!_cu4HqVNevfUgw`Y>&E*RC%pIse~a0O8J>V8icjCtexIxeGro(3M#
zNgYN=9T&R}J~N-u{3J@6Km3VC*L<BTKOmlbF(8Dzd>UpK&{fOe9I(h#sJ*_kpGudE
ziG0rs4&e}=29%Sk`hrrs`q<EX#>~Pd*Ylw!Wq~|p_c<@yRk1C2fW~DjkGwUekHK1(
z(%q@5Fm$U$=eN0mi^M)k`G93ylw{J8AmwnyPq~q`uA@{a-H;r2sPN@y6ze#D@t*tO
zyrsM`&_)%&Jyeiwxj4qqWX!xy3P(qnQq5{+96-G*t{6@vFa$NVAgf-u`vvv!wK|!b
zzn#`oE~Z*%!tsqC7djY6KF-<`Z8?@AIJh?kzs4>MR&r!{N+kt0XjjbYol@PW{OvP<
zn~|DcG<4PNVQaX7%+J@6HW9m6`eNdxrYIFTTI6p(nTQ64jhQvBk8AscyZBf;NrS9(
zlkr+48UARl@f%QM9xAu5DQ5`h*Ywl-*^gReL#Zxoml0Nv(-9c#a0LDBZ%cAT2THP?
zTAwiW3I8f>t;LK6lq8)lrF&OWC{U6Eh5ebC0{p(t0wQ5bfg$Bv1q7E6IKXi}=Y<De
zdoq5==mV|^<-a^a2fBKu9{itf4VEMV?!P8wS`)kVhc`W)P8f{GutI0<PeUh#8d`EI
zjo;rYx|8CKenB+A&rc)}v^l3J|Ctv}#xoy<KhnOH)Bo3!Cy^kTnVDE*QE6#uD9P<o
zx0L~YgiFv_wZFaukgz5%PmPU@Z7!u06k=O`K7aPi{~;GwbaZs)#)jE;mT9$agGY!-
zaMV9qcU$W~dZ6`k?Hl(%Imm(2e~Jya0YuEin_&mK6Wi^xMde<bKH;J5j=6(gv9Zn`
z7?Cs?@>&$IKeAy01Q`kSl~Vnqs5=3Rf$@II0AGRk@4hR4@1}gARy**&%a8Ul_YI$#
zn#xA3+lu1ey7WcG0f>K|-qqRrCB9zC!Ao+*Gv7a-{9WFdW}}0MWK;iUx$QQ5xk+OB
zmze6#9?&&14G3+!S>=zCB;5hc4^c0~9awq#RTmb74^Al<QjTbJ-<wix&tPNs`B#~b
zpf_bM89L@({|a+|?OQOsL5gp0F-kGZQwlVwu?hXRL4d|2fhhCLcRH}(YJC@;xyqt?
z8+}=JKn6!{B+#Niwe~2v5%15VHwFZv0aJU&AwiT;adL9k^pcr-dOE)hS{Dmumz52<
zOSQ+Aa$60gef*)DF<LoW2o1305((_}x&NmPMX_)qk_PXOQ>d>$6;^II5Jx4aWI7;A
ztOibfX=UtrS-e_ZyyiAu`_ZLfC<}Etn^C}sEANlcf19wEA3_K=^k}p2W&2>3@p6TL
z{o1zx42G3ahU;AU_HTP16KFCPc9W-K&DXR0GzXup?J<njj54^FDdK<S-RF@4&;Q+-
z%mCXl*!9{z(NO4e)?9G->_=ep@=DR=c+GaWEn$`oJ*T}+-?3V!!9CpLd`07U?L9ZD
zohHt#yZuSj*t>s;yH(+1zeooa*X*<P7uy3(+UM&p4^azc`;5g$P$3212Q*{YUQWKC
z|GG{O${F0T2Hy!^xRDT62JE^k3dqUqU*4}b9Y16c5YWaBXyKRATD<D&=&<r6A|m3+
z&HupX+)hmPa33-HnQK~eL?PCT-qB(~gLSl#`j2H)ucqw5Ff}2Hmv<fgR%qTgvPzQA
zim9!XZ@9p_8dgJP&U<81yBy&xA#ZzmFv`?v98IYvPBG$>3bICqtkQ#+vaz8W-5Q??
zzuE1oG~+{b(24H+)?2{nRj^J(-1l0|l1r-jkiT~fJ{`pz_PQXNxb9W{dKjd@owuZ1
z;O^h?WJ4_v9m{-_1N1#r^Yb3dS3jy2qJKIY;YM2TXQ+_!VeO-C6?<x@!t<h8?Ll2G
zOLC1#Cb^PSnhYtmYQ{fO%J>Kb194xC(`bKL_l7g$aMn8eAJJq3orN)}g2RQ>7qTqc
z3O;dJP@Y-)`p|<(^Ho}rz|4zBq5o7-KXSq&khK8YLyxsQmyJ`LY2_~(Hl;3yjDb3e
z_?!1Z#<Xhe!GB(0VgL-IKm4qLXgzMmM#sZM5|Wqdu2okr@N1@i?z1)7Fwex(GN`=e
zS1crmoZ*k?yB>by4nFoH$dSP|#;O%I<r~@sJSAgaP2_ECYJT`xwB$L`j0_3ozR$N;
zhDO!;gymq`N+)D^#gc&dPpI<FAf^Eo8-W_MGRk6kT*<b%8f(wiPQsxTtVwwn!>Ch}
zSz+~Bo+~r_zer?w+$@$rOb1=KX{T>&LYIcsV%{T$(Eh^$gw?$1v7kh(8kzn0x>mdw
zLv`0VdCyYtDgvF%Fo|KWH%_4o7(FUMOf-fQlNwxCNR~`pxc}`S{a&8uF#{==BZE$`
zC&Klf<^_CL-T1Kg8$z-iN87Izi$%J(PHWhW?Ms#tyEnIW^Yf!zP$(Oj|K&9Fl7*v?
zApzJ=hL4*i4!-AlN{`1g>vF1}ZrZZ08&}cL)tS_Nu2|2i-pWN;EACw~G8%om#q9(B
z;s4J6k8m3e;C;ZsD2<+>;T6+m+n>GB-DVcNX6m<@ux7L`VfGyRLmkMU6hhRL+=n%$
z<Hkk9s>nG;WZv8->u38Bsboa(FJBEJGAg0@m4~HiH~;Z`YBPjnLdG-RK4@S-i|eVz
zK0Z6hTDipiyXYGCnTVyL;YE8nGyk`oy?5+i*D3|Lop$uL1@HO=9Q;!d(Dxp72GsYr
zPR1I?v<zOgq_-OxIL?}_MyGNpjj${YtIL<p+G{3DiUcw(2aIlw;4V+EGR<7r_U%Zm
z4G!mAQocK!JMoy=Wc}@9?{v6(Tg#DiqV@XrS^Hzd)8Ns(*_`%oHJ0$3;^<H<RC7&1
z&AQ%HDyv#MUm`a0Tzw>n2>X{mHXxjf0aT2)8K7#gQRZAc&><Tsj`o--Qt?$W$6#e`
z@&T(_YsPfHyi%`38p#=-Sf|J$646u_zYBb~9e@6QADu`?N*(G;t0jSnYV$CPC*9@i
zQ8_04Q~RAcPWG%-K&v{=0-hPqO|xV`ZNIH~CmeLCCA&Gr)Q{UqifivV(bADb{vI14
zfhC;*EwTihxOOKhrWK#B?a<l#AVYMoti!J^akeEHNE;f6O%qPvWY<f)&Uv_vl&n0~
zB>i&Y*+1))i1A1Yyr;2Bmh5;qXfaW9wQeRCuXnkg33RT4Cs6u?Cs3`ZOc}((p)+T`
zyt;L5L_Awq73m4;o!5O1guFEop^w}$Geg`gKgtI<a7fk1WIQ)2L>pX;(`y<@)4#1$
zP}Qp%s%w<T-}{BfB@t*^Vwa;<XrcXOe?n6OH{`Do)vcq|@s2}<$Y;IC3UPYLBD8;j
zqcL7nnX4IluNF(A9Lx^-KC$QBBj}N#5}#)Cxh|i3L18CG;=iFNk`dA4dGwN$so`f)
z^=^Lru=55!Q~!9;Upx&@#8~ss&K>Pc+C|RB2>P$Ch9~%PvN9L@9{;PC&2fPDX<oN{
zqqf&-Al>45hyHXuJu=AV@xbL|+3P1-;CZzdY4;Qo=W+~t(A{}!gDZJ_z#PaJe*&x?
z7cjsOqukl%UO&Q<ljRBvdaSuN_&qi^+u3L6>=Z+qg<^r}tw(%Pdd+=F{SV&%^sXRD
zP8{fG!HbwJ7pM41ho&zwk4)6IVOH40u#8x?mrYFg(}(2=<xt%a2uLchDGhWtAb1I=
zLg@+=Lft3PD^OTJdoe#gTV0u?no9Ol4TGnUTSO8^0URk*DZ8i&*zyDPM?wGmEH07(
z;A$szb9x%$3pO<!rN-mW^cM*zXO@aUa_x?`<|2Wz;5|waNjFr#kw0;a268ijqloD&
zwBH?aEIWiPJjy)gT#K1~rYvMRw0@t3+ak-dIo!~KB<lyC+VxPmY9|LM0u7pk1koY;
zyVC;=Xms(8LxEV<H^{fe3NCI9XSSTL#K+%@UUIP$g7*N7k*ymaVxE@@s{Ywxe|8!4
zWJcPVJ0{i#`L6NtKwR@ftUt!Uiof!fPJc~-gIV*O_qf;tyB_X-1I_EbHOhn$E?zxe
zmVb|dq7gVT029xcwb?e9zW!z7=y_$bgtF>7(64gD_HlELCPS_iz0Px6j_k7Ix+*O3
zp#PcN%1oClwn*TAz8;Nu6%`|JRMK;HrDuf8wtw)gZFzM{KIkE*q<s+KB6HpTL#%l9
zwV4O6y5XlsS{!vLCvYqN<D&=z)xmhPCF`>qa)5;$8)DU3>+~VNJG42aNFHcjotFP!
zh7O0QQ!O)Du{lsMeO}g(D;@8A%2)782Z3OTMSt)jap*KMz@2<bhS;cW#*eQ~yzi~b
zKLacrJO;8E5WPGcvd$E)#v}w!Xa%fBDarb$k2P3F<$b`^xH5Mp%>j5DAd^|t^}Mhh
zHG7V)cW`dYlt4FUdCOJ!mFtei7ykqss(<#OM<F+JgdXH46D4^{-3g0~S=t3Qwx!LT
zcre%-{d;#FL>Mqz6km#9_N|#uY)_B#(x4{O><amshVApYT8RIOG=bHBW*s*7mX@Af
z%W?aJ$9axc(flcjE(jPBM`9AZ`Dfq;Y<x%xn6e_^i%24o@ceN$!kvIW&$s{&iu^I4
z--CwR$uzEiBJen7;vYfLECNQZ<Po@f_nF^1(_?|3M1hot*f@{VA49~&#mgx>J?;vl
z$wZ1_*UsfJ2hN^S0On#_``W1mLaVE*TSC|YqNJpxd)KV2tY$AYlivTc4+5eVegt?9
z5FZi*S8wd@9uo&Jo7xkVMg6zxG||S`K{?widt#FAZI7w`NGehrXzaK|_}RZ7M!Eo6
zalzfpiVuT{=;Qy9SVkEjF=-r*WYK>H1tc>Dy+oQ;hkG&scZGPPpg%f%y?V9pSG9!x
zWVaQcT#YFUau-|wn8@=QptQ|r6o0w1F=;@zDlKw`cg5V+(fb21Fq1lkeD=NTio%z`
zTzYM}t^e-AAE5-X0SzBp5VgO%E<6RaVqRYUuQ&fZD90!a9)MM8k=>b#<g=T(Jq5SP
zzoH!yIPhkMFXg{^SD=?1P@oy#jve{ko41A_sR+DIK&kfC?@m3B0PmXd$tEe_?!s>?
z2oD5C@<ET8hwf&+AT^*W1`t8He@8V?s}`V^r3|gVrn!<9z$boD3FS)sOY~q60Wekl
zd+`xmR0nvr%?1Rxf4d5%`+#VaTBHo`X4u}}0E>P!6VCGQ=RkC!fKuk)BS-&r9Ss7!
z3T_d`y%WNpCUN4?fP!%8VnyyMq$Cd1S@~I{$6v4hexnM|)(O?$7m<KL8<JJgzh})i
d>(<ve{OTTMrNgfofg_{gq{QXL3ZQyE{{!yCdcyz!

literal 0
HcmV?d00001

diff --git a/docs/source/running-a-node.rst b/docs/source/running-a-node.rst
index 69264383a0..4a214b6845 100644
--- a/docs/source/running-a-node.rst
+++ b/docs/source/running-a-node.rst
@@ -48,8 +48,6 @@ Command-line options
 The node can optionally be started with the following command-line options:
 
 * ``--base-directory``, ``-b``: The node working directory where all the files are kept (default: ``.``).
-* ``--bootstrap-raft-cluster``: Bootstraps Raft cluster. The node forms a single node cluster (ignoring otherwise configured peer 
-  addresses), acting as a seed for other nodes to join the cluster.
 * ``--clear-network-map-cache``, ``-c``: Clears local copy of network map, on node startup it will be restored from server or file system.
 * ``--config-file``, ``-f``: The path to the config file. Defaults to ``node.conf``.
 * ``--dev-mode``, ``-d``: Runs the node in developer mode. Unsafe in production. Defaults to true on MacOS and desktop versions of Windows. False otherwise.
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
index d31e6fb203..a69985bafc 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BFTSMaRtConfig.kt
@@ -13,6 +13,24 @@ import java.net.SocketException
 import java.nio.file.Files
 import java.util.concurrent.TimeUnit.MILLISECONDS
 
+data class BFTSMaRtConfiguration(
+        /** The zero-based index of the current replica. All replicas must specify a unique replica id. */
+        val replicaId: Int,
+        /**
+         * Must list the addresses of all the members in the cluster. At least one of the members must be active and
+         * be able to communicate with the cluster leader for the node to join the cluster. If empty,
+         * a new cluster will be bootstrapped.
+         */
+        val clusterAddresses: List<NetworkHostAndPort>,
+        val debug: Boolean = false,
+        /** Used for testing purposes only. */
+        val exposeRaces: Boolean = false
+) {
+    init {
+        require(replicaId >= 0) { "replicaId cannot be negative" }
+    }
+}
+
 /**
  * BFT SMaRt can only be configured via files in a configHome directory.
  * Each instance of this class creates such a configHome, accessible via [path].
diff --git a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
index 391b92a630..905a8fe569 100644
--- a/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
+++ b/experimental/notary-bft-smart/src/main/kotlin/net/corda/notary/bftsmart/BftSmartNotaryService.kt
@@ -20,9 +20,9 @@ import net.corda.core.utilities.debug
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
 import net.corda.node.services.api.ServiceHubInternal
-import net.corda.node.services.config.BFTSMaRtConfiguration
 import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.node.utilities.AppendOnlyPersistentMap
+import net.corda.nodeapi.internal.config.parseAs
 import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX
 import java.security.PublicKey
 import javax.persistence.Entity
@@ -54,10 +54,13 @@ class BftSmartNotaryService(
     }
 
     private val notaryConfig = services.configuration.notary
-            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: notary configuration not present")
+            ?: throw IllegalArgumentException("Failed to register ${BftSmartNotaryService::class.java}: notary configuration not present")
 
-    private val bftSMaRtConfig = notaryConfig.bftSMaRt
-            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: raft configuration not present")
+    private val bftSMaRtConfig = try {
+        notaryConfig.extraConfig!!.parseAs<BFTSMaRtConfiguration>()
+    } catch (e: Exception) {
+        throw IllegalArgumentException("Failed to register ${BftSmartNotaryService::class.java}: BFT-Smart configuration not present")
+    }
 
     private val cluster: BFTSMaRt.Cluster = makeBFTCluster(notaryIdentityKey, bftSMaRtConfig)
 
diff --git a/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt b/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
index 1924470588..b69255d24a 100644
--- a/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
+++ b/experimental/notary-bft-smart/src/test/kotlin/net/corda/notary/bftsmart/BFTNotaryServiceTests.kt
@@ -21,9 +21,9 @@ import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.Try
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.seconds
-import net.corda.node.services.config.BFTSMaRtConfiguration
 import net.corda.node.services.config.NotaryConfig
 import net.corda.nodeapi.internal.DevIdentityGenerator
+import net.corda.nodeapi.internal.config.toConfig
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.contracts.DummyContract
@@ -55,7 +55,7 @@ class BFTNotaryServiceTests {
         @BeforeClass
         @JvmStatic
         fun before() {
-            mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.testing.contracts"))
+            mockNet = InternalMockNetwork(cordappsForAllNodes = cordappsForPackages("net.corda.testing.contracts", "net.corda.notary.bftsmart"))
             val clusterSize = minClusterSize(1)
             val started = startBftClusterAndNode(clusterSize, mockNet)
             notary = started.first
@@ -71,10 +71,10 @@ class BFTNotaryServiceTests {
         fun startBftClusterAndNode(clusterSize: Int, mockNet: InternalMockNetwork, exposeRaces: Boolean = false): Pair<Party, TestStartedNode> {
             (Paths.get("config") / "currentView").deleteIfExists() // XXX: Make config object warn if this exists?
             val replicaIds = (0 until clusterSize)
-
+            val serviceLegalName = CordaX500Name("BFT", "Zurich", "CH")
             val notaryIdentity = DevIdentityGenerator.generateDistributedNotaryCompositeIdentity(
                     replicaIds.map { mockNet.baseDirectory(mockNet.nextNodeId + it) },
-                    CordaX500Name("BFT", "Zurich", "CH"))
+                    serviceLegalName)
 
             val networkParameters = NetworkParametersCopier(testNetworkParameters(listOf(NotaryInfo(notaryIdentity, false))))
 
@@ -84,8 +84,9 @@ class BFTNotaryServiceTests {
                 mockNet.createUnstartedNode(InternalMockNodeParameters(configOverrides = {
                     val notary = NotaryConfig(
                             validating = false,
-                            bftSMaRt = BFTSMaRtConfiguration(replicaId, clusterAddresses, exposeRaces = exposeRaces),
-                            className = "net.corda.notary.bftsmart.BftSmartNotaryService"
+                            extraConfig = BFTSMaRtConfiguration(replicaId, clusterAddresses, exposeRaces = exposeRaces).toConfig(),
+                            className = "net.corda.notary.bftsmart.BftSmartNotaryService",
+                            serviceLegalName = serviceLegalName
                     )
                     doReturn(notary).whenever(it).notary
                 }))
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt
new file mode 100644
index 0000000000..75996a6ebf
--- /dev/null
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftConfig.kt
@@ -0,0 +1,18 @@
+package net.corda.notary.raft
+
+import net.corda.core.utilities.NetworkHostAndPort
+
+/** Configuration properties specific to the RaftNotaryService. */
+data class RaftConfig(
+        /**
+         * The host and port to which to bind the embedded Raft server. Note that the Raft cluster uses a
+         * separate transport layer for communication that does not integrate with ArtemisMQ messaging services.
+         */
+        val nodeAddress: NetworkHostAndPort,
+        /**
+         * Must list the addresses of all the members in the cluster. At least one of the members mustbe active and
+         * be able to communicate with the cluster leader for the node to join the cluster. If empty, a new cluster
+         * will be bootstrapped.
+         */
+        val clusterAddresses: List<NetworkHostAndPort>
+)
\ No newline at end of file
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
index 3913551802..97843cb13c 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftNotaryService.kt
@@ -6,6 +6,7 @@ import net.corda.core.internal.notary.TrustedAuthorityNotaryService
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.transactions.NonValidatingNotaryFlow
 import net.corda.node.services.transactions.ValidatingNotaryFlow
+import net.corda.nodeapi.internal.config.parseAs
 import java.security.PublicKey
 
 /** A highly available notary service using the Raft algorithm to achieve consensus. */
@@ -14,11 +15,14 @@ class RaftNotaryService(
         override val notaryIdentityKey: PublicKey
 ) : TrustedAuthorityNotaryService() {
     private val notaryConfig = services.configuration.notary
-            ?: throw IllegalArgumentException("Failed to register ${this::class.java}: notary configuration not present")
+            ?: throw IllegalArgumentException("Failed to register ${RaftNotaryService::class.java}: notary configuration not present")
 
     override val uniquenessProvider = with(services) {
-        val raftConfig = notaryConfig.raft
-                ?: throw IllegalArgumentException("Failed to register ${this::class.java}: raft configuration not present")
+        val raftConfig = try {
+            notaryConfig.extraConfig!!.parseAs<RaftConfig>()
+        } catch (e: Exception) {
+            throw IllegalArgumentException("Failed to register ${RaftNotaryService::class.java}: raft configuration not present")
+        }
         RaftUniquenessProvider(
                 configuration.baseDirectory,
                 configuration.p2pSslOptions,
diff --git a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
index e9aac5a99e..f3b7671a3e 100644
--- a/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
+++ b/experimental/notary-raft/src/main/kotlin/net/corda/notary/raft/RaftUniquenessProvider.kt
@@ -26,7 +26,6 @@ import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
-import net.corda.node.services.config.RaftConfig
 import net.corda.node.utilities.AppendOnlyPersistentMap
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.persistence.CordaPersistence
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
index 1747cc2333..c581577c57 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
@@ -126,8 +126,8 @@ internal constructor(private val initSerEnv: Boolean,
         }
         return clusteredNotaries.groupBy { it.first }.map { (k, vs) ->
             val cs = vs.map { it.second.config }
-            if (cs.any { it.hasPath("notary.bftSMaRt") }) {
-                require(cs.all { it.hasPath("notary.bftSMaRt") }) { "Mix of BFT and non-BFT notaries with service name $k" }
+            if (cs.any { isBFTNotary(it) }) {
+                require(cs.all { isBFTNotary(it) }) { "Mix of BFT and non-BFT notaries with service name $k" }
                 NotaryCluster.BFT(k) to vs.map { it.second.directory }
             } else {
                 NotaryCluster.CFT(k) to vs.map { it.second.directory }
@@ -135,6 +135,12 @@ internal constructor(private val initSerEnv: Boolean,
         }.toMap()
     }
 
+    private fun isBFTNotary(config: Config): Boolean {
+        // TODO: pass a commandline parameter to the bootstrapper instead. Better yet, a notary config map
+        //       specifying the notary identities and the type (single-node, CFT, BFT) of each notary to set up.
+        return config.getString ("notary.className").contains("BFT", true)
+    }
+
     private fun generateServiceIdentitiesForNotaryClusters(configs: Map<Path, Config>) {
         notaryClusters(configs).forEach { (cluster, directories) ->
             when (cluster) {
diff --git a/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt b/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt
index 6d04567d9d..4f4ba98c1a 100644
--- a/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt
+++ b/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt
@@ -88,12 +88,6 @@ class NodeCmdLineOptions {
     )
     var justGenerateRpcSslCerts: Boolean = false
 
-    @Option(
-            names = ["--bootstrap-raft-cluster"],
-            description = ["Bootstraps Raft cluster. The node forms a single node cluster (ignoring otherwise configured peer addresses), acting as a seed for other nodes to join the cluster."]
-    )
-    var bootstrapRaftCluster: Boolean = false
-
     @Option(
             names = ["-c", "--clear-network-map-cache"],
             description = ["Clears local copy of network map, on node startup it will be restored from server or file system."]
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 72eb7e1bc1..a8ba165e1f 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -268,7 +268,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         check(started == null) { "Node has already been started" }
         log.info("Generating nodeInfo ...")
         val trustRoot = initKeyStores()
-        val (identity, identityKeyPair) = obtainIdentity(notaryConfig = null)
+        val (identity, identityKeyPair) = obtainIdentity()
         startDatabase()
         val nodeCa = configuration.signingCertificateStore.get()[CORDA_CLIENT_CA]
         identityService.start(trustRoot, listOf(identity.certificate, nodeCa))
@@ -323,7 +323,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         networkMapCache.start(netParams.notaries)
 
         startDatabase()
-        val (identity, identityKeyPair) = obtainIdentity(notaryConfig = null)
+        val (identity, identityKeyPair) = obtainIdentity()
         identityService.start(trustRoot, listOf(identity.certificate, nodeCa))
 
         val (keyPairs, nodeInfoAndSigned, myNotaryIdentity) = database.transaction {
@@ -400,8 +400,8 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         val keyPairs = mutableSetOf(identityKeyPair)
 
         val myNotaryIdentity = configuration.notary?.let {
-            if (it.isClusterConfig) {
-                val (notaryIdentity, notaryIdentityKeyPair) = obtainIdentity(it)
+            if (it.serviceLegalName != null) {
+                val (notaryIdentity, notaryIdentityKeyPair) = loadNotaryClusterIdentity(it.serviceLegalName)
                 keyPairs += notaryIdentityKeyPair
                 notaryIdentity
             } else {
@@ -840,24 +840,14 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
                                                  myNotaryIdentity: PartyAndCertificate?,
                                                  networkParameters: NetworkParameters)
 
-    private fun obtainIdentity(notaryConfig: NotaryConfig?): Pair<PartyAndCertificate, KeyPair> {
+    /** Loads or generates the node's legal identity and key-pair. */
+    private fun obtainIdentity(): Pair<PartyAndCertificate, KeyPair> {
         val keyStore = configuration.signingCertificateStore.get()
+        val legalName = configuration.myLegalName
 
-        val (id, singleName) = if (notaryConfig == null || !notaryConfig.isClusterConfig) {
-            // Node's main identity or if it's a single node notary.
-            Pair(NODE_IDENTITY_ALIAS_PREFIX, configuration.myLegalName)
-        } else {
-            // The node is part of a distributed notary whose identity must already be generated beforehand.
-            Pair(DISTRIBUTED_NOTARY_ALIAS_PREFIX, null)
-        }
         // TODO: Integrate with Key management service?
-        val privateKeyAlias = "$id-private-key"
-
+        val privateKeyAlias = "$NODE_IDENTITY_ALIAS_PREFIX-private-key"
         if (privateKeyAlias !in keyStore) {
-            // We shouldn't have a distributed notary at this stage, so singleName should NOT be null.
-            requireNotNull(singleName) {
-                "Unable to find in the key store the identity of the distributed notary the node is part of"
-            }
             log.info("$privateKeyAlias not found in key store, generating fresh key!")
             keyStore.storeLegalIdentity(privateKeyAlias, generateKeyPair())
         }
@@ -865,30 +855,41 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         val (x509Cert, keyPair) = keyStore.query { getCertificateAndKeyPair(privateKeyAlias, keyStore.entryPassword) }
 
         // TODO: Use configuration to indicate composite key should be used instead of public key for the identity.
-        val compositeKeyAlias = "$id-composite-key"
+        val certificates = keyStore.query { getCertificateChain(privateKeyAlias) }
+        check(certificates.first() == x509Cert) {
+            "Certificates from key store do not line up!"
+        }
+
+        val subject = CordaX500Name.build(certificates.first().subjectX500Principal)
+        if (subject != legalName) {
+            throw ConfigurationException("The name '$legalName' for $NODE_IDENTITY_ALIAS_PREFIX doesn't match what's in the key store: $subject")
+        }
+
+        val certPath = X509Utilities.buildCertPath(certificates)
+        return Pair(PartyAndCertificate(certPath), keyPair)
+    }
+
+    /** Loads pre-generated notary service cluster identity. */
+    private fun loadNotaryClusterIdentity(serviceLegalName: CordaX500Name): Pair<PartyAndCertificate, KeyPair> {
+        val keyStore = configuration.signingCertificateStore.get()
+
+        val privateKeyAlias = "$DISTRIBUTED_NOTARY_ALIAS_PREFIX-private-key"
+        val keyPair = keyStore.query { getCertificateAndKeyPair(privateKeyAlias) }.keyPair
+
+        val compositeKeyAlias = "$DISTRIBUTED_NOTARY_ALIAS_PREFIX-composite-key"
         val certificates = if (compositeKeyAlias in keyStore) {
-            // Use composite key instead if it exists.
             val certificate = keyStore[compositeKeyAlias]
             // We have to create the certificate chain for the composite key manually, this is because we don't have a keystore
             // provider that understand compositeKey-privateKey combo. The cert chain is created using the composite key certificate +
             // the tail of the private key certificates, as they are both signed by the same certificate chain.
             listOf(certificate) + keyStore.query { getCertificateChain(privateKeyAlias) }.drop(1)
-        } else {
-            keyStore.query { getCertificateChain(privateKeyAlias) }.let {
-                check(it[0] == x509Cert) { "Certificates from key store do not line up!" }
-                it
-            }
-        }
+        } else throw IllegalStateException("The identity public key for the notary service $serviceLegalName was not found in the key store.")
 
-        val subject = CordaX500Name.build(certificates[0].subjectX500Principal)
-        if (singleName != null && subject != singleName) {
-            throw ConfigurationException("The name '$singleName' for $id doesn't match what's in the key store: $subject")
-        } else if (notaryConfig != null && notaryConfig.isClusterConfig && notaryConfig.serviceLegalName != null && subject != notaryConfig.serviceLegalName) {
-            // Note that we're not checking if `notaryConfig.serviceLegalName` is not present for backwards compatibility.
-            throw ConfigurationException("The name of the notary service '${notaryConfig.serviceLegalName}' for $id doesn't " +
+        val subject = CordaX500Name.build(certificates.first().subjectX500Principal)
+        if (subject != serviceLegalName) {
+            throw ConfigurationException("The name of the notary service '$serviceLegalName' for $DISTRIBUTED_NOTARY_ALIAS_PREFIX doesn't " +
                     "match what's in the key store: $subject. You might need to adjust the configuration of `notary.serviceLegalName`.")
         }
-
         val certPath = X509Utilities.buildCertPath(certificates)
         return Pair(PartyAndCertificate(certPath), keyPair)
     }
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index 10fc55f7e5..f26af3380a 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -18,7 +18,6 @@ import net.corda.node.*
 import net.corda.node.internal.Node.Companion.isValidJavaVersion
 import net.corda.node.internal.cordapp.MultipleCordappsForFlowException
 import net.corda.node.services.config.NodeConfiguration
-import net.corda.node.services.config.NodeConfigurationImpl
 import net.corda.node.services.config.shouldStartLocalShell
 import net.corda.node.services.config.shouldStartSSHDaemon
 import net.corda.node.utilities.createKeyPairAndSelfSignedTLSCertificate
@@ -27,7 +26,6 @@ import net.corda.node.utilities.registration.NodeRegistrationException
 import net.corda.node.utilities.registration.NodeRegistrationHelper
 import net.corda.node.utilities.saveToKeyStore
 import net.corda.node.utilities.saveToTrustStore
-import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.nodeapi.internal.addShutdownHook
 import net.corda.nodeapi.internal.config.UnknownConfigurationKeysException
 import net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException
@@ -189,14 +187,7 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         if (cmdLineOptions.devMode == true) {
             println("Config:\n${rawConfig.root().render(ConfigRenderOptions.defaults())}")
         }
-        val configuration = configurationResult.getOrThrow()
-        return if (cmdLineOptions.bootstrapRaftCluster) {
-            println("Bootstrapping raft cluster (starting up as seed node).")
-            // Ignore the configured clusterAddresses to make the node bootstrap a cluster instead of joining.
-            (configuration as NodeConfigurationImpl).copy(notary = configuration.notary?.copy(raft = configuration.notary?.raft?.copy(clusterAddresses = emptyList())))
-        } else {
-            configuration
-        }
+        return configurationResult.getOrThrow()
     }
 
     private fun checkRegistrationMode(): Boolean {
@@ -298,12 +289,12 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         val console: Console? = System.console()
 
         when (console) {
-        // In this case, the JVM is not connected to the console so we need to exit.
+            // In this case, the JVM is not connected to the console so we need to exit.
             null -> {
                 println("Not connected to console. Exiting")
                 exitProcess(1)
             }
-        // Otherwise we can proceed normally.
+            // Otherwise we can proceed normally.
             else -> {
                 while (true) {
                     val keystorePassword1 = console.readPassword("Enter the RPC keystore password => ")
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index ecf0c407f9..eab762dcdd 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -11,12 +11,7 @@ import net.corda.core.utilities.loggerFor
 import net.corda.core.utilities.seconds
 import net.corda.node.services.config.rpc.NodeRpcOptions
 import net.corda.nodeapi.BrokerRpcSslOptions
-import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
-import net.corda.nodeapi.internal.config.SslConfiguration
-import net.corda.nodeapi.internal.config.MutualSslConfiguration
-import net.corda.nodeapi.internal.config.UnknownConfigKeysPolicy
-import net.corda.nodeapi.internal.config.User
-import net.corda.nodeapi.internal.config.parseAs
+import net.corda.nodeapi.internal.config.*
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.tools.shell.SSHDConfiguration
 import org.slf4j.Logger
@@ -73,7 +68,7 @@ interface NodeConfiguration {
     val flowMonitorPeriodMillis: Duration get() = DEFAULT_FLOW_MONITOR_PERIOD_MILLIS
     val flowMonitorSuspensionLoggingThresholdMillis: Duration get() = DEFAULT_FLOW_MONITOR_SUSPENSION_LOGGING_THRESHOLD_MILLIS
     val crlCheckSoftFail: Boolean
-    val jmxReporterType : JmxReporterType? get() = defaultJmxReporterType
+    val jmxReporterType: JmxReporterType? get() = defaultJmxReporterType
 
     val baseDirectory: Path
     val certificatesDirectory: Path
@@ -119,34 +114,16 @@ fun NodeConfiguration.shouldStartSSHDaemon() = this.sshd != null
 fun NodeConfiguration.shouldStartLocalShell() = !this.noLocalShell && System.console() != null && this.devMode
 fun NodeConfiguration.shouldInitCrashShell() = shouldStartLocalShell() || shouldStartSSHDaemon()
 
-data class NotaryConfig(val validating: Boolean,
-                        val raft: RaftConfig? = null,
-                        val bftSMaRt: BFTSMaRtConfiguration? = null,
-                        val serviceLegalName: CordaX500Name? = null,
-                        val className: String = "net.corda.node.services.transactions.SimpleNotaryService"
-) {
-    init {
-        require(raft == null || bftSMaRt == null) {
-            "raft and bftSMaRt configs cannot be specified together"
-        }
-    }
-
-    val isClusterConfig: Boolean get() = raft != null || bftSMaRt != null
-}
-
-data class RaftConfig(val nodeAddress: NetworkHostAndPort, val clusterAddresses: List<NetworkHostAndPort>)
-
-/** @param exposeRaces for testing only, so its default is not in reference.conf but here. */
-data class BFTSMaRtConfiguration(
-        val replicaId: Int,
-        val clusterAddresses: List<NetworkHostAndPort>,
-        val debug: Boolean = false,
-        val exposeRaces: Boolean = false
-) {
-    init {
-        require(replicaId >= 0) { "replicaId cannot be negative" }
-    }
-}
+data class NotaryConfig(
+        /** Specifies whether the notary validates transactions or not. */
+        val validating: Boolean,
+        /** The legal name of cluster in case of a distributed notary service. */
+        val serviceLegalName: CordaX500Name? = null,
+        /** The name of the notary service class to load. */
+        val className: String = "net.corda.node.services.transactions.SimpleNotaryService",
+        /** Notary implementation-specific configuration parameters. */
+        val extraConfig: Config? = null
+)
 
 /**
  * Used as an alternative to the older compatibilityZoneURL to allow the doorman and network map
@@ -167,7 +144,7 @@ data class NetworkServicesConfig(
         val doormanURL: URL,
         val networkMapURL: URL,
         val pnm: UUID? = null,
-        val inferred : Boolean = false
+        val inferred: Boolean = false
 )
 
 /**
@@ -360,7 +337,7 @@ data class NodeConfigurationImpl(
 
     override val effectiveH2Settings: NodeH2Settings?
         get() = when {
-            h2port != null -> NodeH2Settings(address = NetworkHostAndPort(host="localhost", port=h2port))
+            h2port != null -> NodeH2Settings(address = NetworkHostAndPort(host = "localhost", port = h2port))
             else -> h2Settings
         }
 
@@ -372,7 +349,7 @@ data class NodeConfigurationImpl(
             "Cannot specify both 'rpcUsers' and 'security' in configuration"
         }
         @Suppress("DEPRECATION")
-        if(certificateChainCheckPolicies.isNotEmpty()) {
+        if (certificateChainCheckPolicies.isNotEmpty()) {
             logger.warn("""You are configuring certificateChainCheckPolicies. This is a setting that is not used, and will be removed in a future version.
                 |Please contact the R3 team on the public slack to discuss your use case.
             """.trimMargin())
diff --git a/node/src/main/resources/net.corda.node.internal.NodeStartup.yml b/node/src/main/resources/net.corda.node.internal.NodeStartup.yml
index a67e7cee5a..28f0651a78 100644
--- a/node/src/main/resources/net.corda.node.internal.NodeStartup.yml
+++ b/node/src/main/resources/net.corda.node.internal.NodeStartup.yml
@@ -6,11 +6,6 @@
     required: false
     multiParam: true
     acceptableValues: []
-  - parameterName: "--bootstrap-raft-cluster"
-    parameterType: "boolean"
-    required: false
-    multiParam: false
-    acceptableValues: []
   - parameterName: "--clear-network-map-cache"
     parameterType: "boolean"
     required: false
diff --git a/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt b/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt
index 947c6f0e73..ec1da7a226 100644
--- a/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt
@@ -35,7 +35,6 @@ class NodeStartupTest {
         assertThat(startup.cmdLineOptions.sshdServer).isEqualTo(false)
         assertThat(startup.cmdLineOptions.justGenerateNodeInfo).isEqualTo(false)
         assertThat(startup.cmdLineOptions.justGenerateRpcSslCerts).isEqualTo(false)
-        assertThat(startup.cmdLineOptions.bootstrapRaftCluster).isEqualTo(false)
         assertThat(startup.cmdLineOptions.unknownConfigKeysPolicy).isEqualTo(UnknownConfigKeysPolicy.FAIL)
         assertThat(startup.cmdLineOptions.devMode).isEqualTo(null)
         assertThat(startup.cmdLineOptions.clearNetworkMapCache).isEqualTo(false)
diff --git a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
index 3dd2d51152..86c6283f62 100644
--- a/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/TimedFlowTests.kt
@@ -15,9 +15,7 @@ import net.corda.core.internal.bufferUntilSubscribed
 import net.corda.core.internal.notary.NotaryServiceFlow
 import net.corda.core.internal.notary.TrustedAuthorityNotaryService
 import net.corda.core.internal.notary.UniquenessProvider
-import net.corda.core.node.AppServiceHub
 import net.corda.core.node.NotaryInfo
-import net.corda.core.node.services.CordaService
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.ProgressTracker
@@ -82,13 +80,14 @@ class TimedFlowTests {
 
         private fun startClusterAndNode(mockNet: InternalMockNetwork): Pair<Party, TestStartedNode> {
             val replicaIds = (0 until CLUSTER_SIZE)
+            val serviceLegalName = CordaX500Name("Custom Notary", "Zurich", "CH")
             val notaryIdentity = DevIdentityGenerator.generateDistributedNotaryCompositeIdentity(
                     replicaIds.map { mockNet.baseDirectory(mockNet.nextNodeId + it) },
-                    CordaX500Name("Custom Notary", "Zurich", "CH"))
+                    serviceLegalName)
 
             val networkParameters = NetworkParametersCopier(testNetworkParameters(listOf(NotaryInfo(notaryIdentity, true))))
             val notaryConfig = mock<NotaryConfig> {
-                whenever(it.isClusterConfig).thenReturn(true)
+                whenever(it.serviceLegalName).thenReturn(serviceLegalName)
                 whenever(it.validating).thenReturn(true)
                 whenever(it.className).thenReturn(TestNotaryService::class.java.name)
             }
diff --git a/samples/notary-demo/build.gradle b/samples/notary-demo/build.gradle
index ad7f9110e1..d5b6a07a89 100644
--- a/samples/notary-demo/build.gradle
+++ b/samples/notary-demo/build.gradle
@@ -112,7 +112,7 @@ task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: true,
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
-                raft: [
+                extraConfig: [
                         nodeAddress: "localhost:10008"
                 ],
                 className: className
@@ -128,7 +128,7 @@ task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: true,
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
-                raft: [
+                extraConfig: [
                         nodeAddress: "localhost:10012",
                         clusterAddresses: ["localhost:10008"]
                 ],
@@ -145,7 +145,7 @@ task deployNodesRaft(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: true,
                 serviceLegalName: "O=Raft,L=Zurich,C=CH",
-                raft: [
+                extraConfig: [
                         nodeAddress: "localhost:10016",
                         clusterAddresses: ["localhost:10008"]
                 ],
@@ -181,7 +181,7 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                bftSMaRt: [
+                extraConfig: [
                         replicaId: 0,
                         clusterAddresses: clusterAddresses
                 ],
@@ -198,7 +198,7 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                bftSMaRt: [
+                extraConfig: [
                         replicaId: 1,
                         clusterAddresses: clusterAddresses
                 ],
@@ -215,7 +215,7 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                bftSMaRt: [
+                extraConfig: [
                         replicaId: 2,
                         clusterAddresses: clusterAddresses
                 ],
@@ -232,7 +232,7 @@ task deployNodesBFT(type: Cordform, dependsOn: ['jar', nodeTask, webTask]) {
         notary = [
                 validating: false,
                 serviceLegalName: "O=BFT,L=Zurich,C=CH",
-                bftSMaRt: [
+                extraConfig: [
                         replicaId: 3,
                         clusterAddresses: clusterAddresses
                 ],
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index cd46caf2fb..c722058ba3 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -163,7 +163,7 @@ class DriverDSLImpl(
 
     private fun establishRpc(config: NodeConfig, processDeathFuture: CordaFuture<out Process>): CordaFuture<CordaRPCOps> {
         val rpcAddress = config.corda.rpcOptions.address
-        val clientRpcSslOptions =  clientSslOptionsCompatibleWith(config.corda.rpcOptions)
+        val clientRpcSslOptions = clientSslOptionsCompatibleWith(config.corda.rpcOptions)
         val client = createCordaRPCClientWithSslAndClassLoader(rpcAddress, sslConfiguration = clientRpcSslOptions)
         val connectionFuture = poll(executorService, "RPC connection") {
             try {
@@ -481,29 +481,30 @@ class DriverDSLImpl(
         }
     }
 
-    // TODO This mapping is done is several places including the gradle plugin. In general we need a better way of
-    // generating the configs for the nodes, probably making use of Any.toConfig()
-    private fun NotaryConfig.toConfigMap(): Map<String, Any> = mapOf("notary" to toConfig().root().unwrapped())
-
     private fun startSingleNotary(spec: NotarySpec, localNetworkMap: LocalNetworkMap?, customOverrides: Map<String, Any?>): CordaFuture<List<NodeHandle>> {
+        val notaryConfig = mapOf("notary" to mapOf("validating" to spec.validating))
         return startRegisteredNode(
                 spec.name,
                 localNetworkMap,
                 spec.rpcUsers,
                 spec.verifierType,
-                customOverrides = NotaryConfig(spec.validating).toConfigMap() + customOverrides
+                customOverrides = notaryConfig + customOverrides
         ).map { listOf(it) }
     }
 
     private fun startRaftNotaryCluster(spec: NotarySpec, localNetworkMap: LocalNetworkMap?): CordaFuture<List<NodeHandle>> {
         fun notaryConfig(nodeAddress: NetworkHostAndPort, clusterAddress: NetworkHostAndPort? = null): Map<String, Any> {
             val clusterAddresses = if (clusterAddress != null) listOf(clusterAddress) else emptyList()
-            val config = NotaryConfig(
-                    validating = spec.validating,
-                    serviceLegalName = spec.name,
-                    className = "net.corda.notary.raft.RaftNotaryService",
-                    raft = RaftConfig(nodeAddress = nodeAddress, clusterAddresses = clusterAddresses))
-            return config.toConfigMap()
+            val config = configOf("notary" to mapOf(
+                    "validating" to spec.validating,
+                    "serviceLegalName" to spec.name.toString(),
+                    "className" to "net.corda.notary.raft.RaftNotaryService",
+                    "extraConfig" to mapOf(
+                            "nodeAddress" to nodeAddress.toString(),
+                            "clusterAddresses" to clusterAddresses.map { it.toString() }
+                    ))
+            )
+            return config.root().unwrapped()
         }
 
         val nodeNames = generateNodeNames(spec)

From ba7727a4e1c750901df12c1e4a22fd60221de056 Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <viktor.kolomeyko@r3.com>
Date: Mon, 22 Oct 2018 12:24:05 +0100
Subject: [PATCH 71/83] ENT-2610: Resolve conflicted changes (#4102)

---
 node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index a8ba165e1f..b16ed8698c 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -874,7 +874,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         val keyStore = configuration.signingCertificateStore.get()
 
         val privateKeyAlias = "$DISTRIBUTED_NOTARY_ALIAS_PREFIX-private-key"
-        val keyPair = keyStore.query { getCertificateAndKeyPair(privateKeyAlias) }.keyPair
+        val keyPair = keyStore.query { getCertificateAndKeyPair(privateKeyAlias, keyStore.entryPassword) }.keyPair
 
         val compositeKeyAlias = "$DISTRIBUTED_NOTARY_ALIAS_PREFIX-composite-key"
         val certificates = if (compositeKeyAlias in keyStore) {

From 391c6bf66fc31f2609f787298ef1ce77ffe7fb73 Mon Sep 17 00:00:00 2001
From: Tudor Malene <tudor.malene@r3.com>
Date: Mon, 22 Oct 2018 15:00:08 +0100
Subject: [PATCH 72/83] Feature/corda 1947/add package ownership (#4097)

* Upgrade hibernate and fix tests

CORDA-1947 Address code review changes

CORDA-1947 Address code review changes

(cherry picked from commit ab98c03d1ab15479c106b89f8b85bec185a7f9fa)

* ENT-2506 Changes signers field type

ENT-2506 Clean up some docs

ENT-2506 Fix tests and api

ENT-2506 Fix compilation error

ENT-2506 Fix compilation error

(cherry picked from commit 32f279a24372e31b07cfddac53edf805175fc971)

* CORDA-1947 added packageOwnership parameter

CORDA-1947 add signers field to DbAttachment. Add check when importing attachments

CORDA-1947 add signers field to DbAttachment. Add check when importing attachments

CORDA-1947 add tests

CORDA-1947 fix comment

CORDA-1947 Fix test

CORDA-1947 fix serialiser

CORDA-1947 fix tests

CORDA-1947 fix tests

CORDA-1947 fix serialiser

CORDA-1947 Address code review changes

CORDA-1947 Address code review changes

CORDA-1947 Revert test fixes

CORDA-1947 address code review comments

CORDA-1947 move verification logic to LedgerTransaction.verify

CORDA-1947 fix test

CORDA-1947 fix tests

CORDA-1947 fix tests

CORDA-1947 address code review comments

CORDA-1947 address code review comments

(cherry picked from commit 86bc0d9606922d48a30d395af2a21d6ce7dfc03b)

CORDA-1947 fix merge
---
 .ci/api-current.txt                           |   4 +-
 build.gradle                                  |   2 +-
 .../client/jfx/model/NodeMonitorModel.kt      |   8 +-
 .../deterministic/contracts/AttachmentTest.kt |   4 +-
 .../verifier/MockContractAttachment.kt        |   4 +-
 .../net/corda/core/contracts/Attachment.kt    |   5 +-
 .../core/contracts/AttachmentConstraint.kt    |   2 +-
 .../core/contracts/ContractAttachment.kt      |   8 +-
 .../TransactionVerificationException.kt       |   9 ++
 .../corda/core/internal/AbstractAttachment.kt |   6 +-
 .../core/internal/JarSignatureCollector.kt    |  28 +++--
 .../net/corda/core/node/NetworkParameters.kt  | 107 ++++++++++++++--
 .../ContractUpgradeTransactions.kt            |   2 +-
 .../core/transactions/LedgerTransaction.kt    |  54 ++++++++
 .../core/transactions/TransactionBuilder.kt   |   4 +-
 .../net/corda/core/JarSignatureTestUtils.kt   |  45 +++++++
 .../PackageOwnershipVerificationTests.kt      |  91 ++++++++++++++
 .../internal/JarSignatureCollectorTest.kt     | 116 ++++++------------
 .../transactions/TransactionBuilderTest.kt    |  26 ++--
 .../core/transactions/TransactionTests.kt     |   4 +-
 docs/source/network-map.rst                   |   9 +-
 .../persistence/HibernateStatistics.kt        |  27 ++--
 .../net/corda/node/internal/AbstractNode.kt   |   6 +-
 .../kryo/DefaultKryoCustomizer.kt             |  10 +-
 .../persistence/NodeAttachmentService.kt      |  34 ++++-
 .../persistence/PublicKeyToTextConverter.kt   |  18 +++
 .../node/services/vault/NodeVaultService.kt   |   3 +-
 .../migration/node-core.changelog-v8.xml      |  13 ++
 .../node/internal/NetworkParametersTest.kt    |  62 +++++++++-
 .../persistence/NodeAttachmentServiceTest.kt  | 107 ++++++++++++++--
 .../custom/ContractAttachmentSerializer.kt    |   7 +-
 .../kotlin/net/corda/testing/dsl/TestDSL.kt   |   7 +-
 .../testing/dsl/TransactionDSLInterpreter.kt  |  19 +++
 .../testing/internal/MockCordappProvider.kt   |  22 ++--
 .../testing/services/MockAttachmentStorage.kt |  15 ++-
 35 files changed, 707 insertions(+), 181 deletions(-)
 create mode 100644 core/src/test/kotlin/net/corda/core/JarSignatureTestUtils.kt
 create mode 100644 core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
 create mode 100644 node/src/main/kotlin/net/corda/node/services/persistence/PublicKeyToTextConverter.kt

diff --git a/.ci/api-current.txt b/.ci/api-current.txt
index 6aecda8fa6..7c34ea623b 100644
--- a/.ci/api-current.txt
+++ b/.ci/api-current.txt
@@ -429,7 +429,7 @@ public static final class net.corda.core.contracts.AmountTransfer$Companion exte
 public interface net.corda.core.contracts.Attachment extends net.corda.core.contracts.NamedByHash
   public void extractFile(String, java.io.OutputStream)
   @NotNull
-  public abstract java.util.List<net.corda.core.identity.Party> getSigners()
+  public abstract java.util.List<java.security.PublicKey> getSigners()
   public abstract int getSize()
   @NotNull
   public abstract java.io.InputStream open()
@@ -537,7 +537,7 @@ public final class net.corda.core.contracts.ContractAttachment extends java.lang
   @NotNull
   public net.corda.core.crypto.SecureHash getId()
   @NotNull
-  public java.util.List<net.corda.core.identity.Party> getSigners()
+  public java.util.List<java.security.PublicKey> getSigners()
   public int getSize()
   @Nullable
   public final String getUploader()
diff --git a/build.gradle b/build.gradle
index 500dc25229..b5c9156435 100644
--- a/build.gradle
+++ b/build.gradle
@@ -43,7 +43,7 @@ buildscript {
     ext.hamkrest_version = '1.4.2.2'
     ext.jopt_simple_version = '5.0.2'
     ext.jansi_version = '1.14'
-    ext.hibernate_version = '5.2.6.Final'
+    ext.hibernate_version = '5.3.6.Final'
     ext.h2_version = '1.4.197' // Update docs if renamed or removed.
     ext.postgresql_version = '42.1.4'
     ext.rxjava_version = '1.3.8'
diff --git a/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt b/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt
index eb8e78898f..550344ae35 100644
--- a/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt
+++ b/client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt
@@ -191,10 +191,10 @@ class NodeMonitorModel : AutoCloseable {
         val retryInterval = 5.seconds
 
         val client = CordaRPCClient(
-            nodeHostAndPort,
-            CordaRPCClientConfiguration.DEFAULT.copy(
-                connectionMaxRetryInterval = retryInterval
-            )
+                nodeHostAndPort,
+                CordaRPCClientConfiguration.DEFAULT.copy(
+                        connectionMaxRetryInterval = retryInterval
+                )
         )
         do {
             val connection = try {
diff --git a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/contracts/AttachmentTest.kt b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/contracts/AttachmentTest.kt
index 21ad6a3e45..01f7751905 100644
--- a/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/contracts/AttachmentTest.kt
+++ b/core-deterministic/testing/src/test/kotlin/net/corda/deterministic/contracts/AttachmentTest.kt
@@ -42,8 +42,8 @@ class AttachmentTest {
         attachment = object : Attachment {
             override val id: SecureHash
                 get() = SecureHash.allOnesHash
-            override val signers: List<Party>
-                get() = listOf(ALICE)
+            override val signers: List<PublicKey>
+                get() = listOf(ALICE_KEY)
             override val size: Int
                 get() = jarData.size
 
diff --git a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/MockContractAttachment.kt b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/MockContractAttachment.kt
index 0e28c9647e..f7e90ce2cc 100644
--- a/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/MockContractAttachment.kt
+++ b/core-deterministic/testing/verifier/src/main/kotlin/net/corda/deterministic/verifier/MockContractAttachment.kt
@@ -3,13 +3,13 @@ package net.corda.deterministic.verifier
 import net.corda.core.contracts.Attachment
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.crypto.SecureHash
-import net.corda.core.identity.Party
 import net.corda.core.serialization.CordaSerializable
 import java.io.ByteArrayInputStream
 import java.io.InputStream
+import java.security.PublicKey
 
 @CordaSerializable
-class MockContractAttachment(override val id: SecureHash = SecureHash.zeroHash, val contract: ContractClassName, override val signers: List<Party> = ArrayList()) : Attachment {
+class MockContractAttachment(override val id: SecureHash = SecureHash.zeroHash, val contract: ContractClassName, override val signers: List<PublicKey> = emptyList()) : Attachment {
     override fun open(): InputStream = ByteArrayInputStream(id.bytes)
     override val size = id.size
 }
diff --git a/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt b/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt
index 8cf0ed5839..d17d053e1f 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt
@@ -7,6 +7,7 @@ import net.corda.core.serialization.CordaSerializable
 import java.io.FileNotFoundException
 import java.io.InputStream
 import java.io.OutputStream
+import java.security.PublicKey
 import java.util.jar.JarInputStream
 
 /**
@@ -51,10 +52,10 @@ interface Attachment : NamedByHash {
     fun extractFile(path: String, outputTo: OutputStream) = openAsJAR().use { it.extractFile(path, outputTo) }
 
     /**
-     * The parties that have correctly signed the whole attachment.
+     * The keys that have correctly signed the whole attachment.
      * Can be empty, for example non-contract attachments won't be necessarily be signed.
      */
-    val signers: List<Party>
+    val signers: List<PublicKey>
 
     /**
      * Attachment size in bytes.
diff --git a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
index b4fbe24ef4..76ffc8a866 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
@@ -82,5 +82,5 @@ data class SignatureAttachmentConstraint(
         val key: PublicKey
 ) : AttachmentConstraint {
     override fun isSatisfiedBy(attachment: Attachment): Boolean =
-        key.isFulfilledBy(attachment.signers.map { it.owningKey })
+        key.isFulfilledBy(attachment.signers.map { it })
 }
\ No newline at end of file
diff --git a/core/src/main/kotlin/net/corda/core/contracts/ContractAttachment.kt b/core/src/main/kotlin/net/corda/core/contracts/ContractAttachment.kt
index 7a19128c32..4b1c25fed8 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/ContractAttachment.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/ContractAttachment.kt
@@ -2,6 +2,7 @@ package net.corda.core.contracts
 
 import net.corda.core.KeepForDJVM
 import net.corda.core.serialization.CordaSerializable
+import java.security.PublicKey
 
 /**
  * Wrap an attachment in this if it is to be used as an executable contract attachment
@@ -12,7 +13,12 @@ import net.corda.core.serialization.CordaSerializable
  */
 @KeepForDJVM
 @CordaSerializable
-class ContractAttachment @JvmOverloads constructor(val attachment: Attachment, val contract: ContractClassName, val additionalContracts: Set<ContractClassName> = emptySet(), val uploader: String? = null) : Attachment by attachment {
+class ContractAttachment @JvmOverloads constructor(
+        val attachment: Attachment,
+        val contract: ContractClassName,
+        val additionalContracts: Set<ContractClassName> = emptySet(),
+        val uploader: String? = null,
+        override val signers: List<PublicKey> = emptyList()) : Attachment by attachment {
 
     val allContracts: Set<ContractClassName> get() = additionalContracts + contract
 
diff --git a/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt b/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt
index 980589e9cb..a6392a01a9 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/TransactionVerificationException.kt
@@ -5,6 +5,7 @@ import net.corda.core.KeepForDJVM
 import net.corda.core.crypto.SecureHash
 import net.corda.core.flows.FlowException
 import net.corda.core.identity.Party
+import net.corda.core.node.services.AttachmentId
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.utilities.NonEmptySet
 import java.security.PublicKey
@@ -169,4 +170,12 @@ sealed class TransactionVerificationException(val txId: SecureHash, message: Str
     @DeleteForDJVM
     class InvalidNotaryChange(txId: SecureHash)
         : TransactionVerificationException(txId, "Detected a notary change. Outputs must use the same notary as inputs", null)
+
+    /**
+     * Thrown to indicate that a contract attachment is not signed by the network-wide package owner.
+     */
+    class ContractAttachmentNotSignedByPackageOwnerException(txId: SecureHash, val attachmentHash: AttachmentId, val contractClass: String) : TransactionVerificationException(txId,
+            """The Contract attachment JAR: $attachmentHash containing the contract: $contractClass is not signed by the owner specified in the network parameters.
+           Please check the source of this attachment and if it is malicious contact your zone operator to report this incident.
+           For details see: https://docs.corda.net/network-map.html#network-parameters""".trimIndent(), null)
 }
diff --git a/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt b/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt
index 3c72e5d0ef..c509abdd4f 100644
--- a/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt
@@ -1,4 +1,5 @@
 @file:KeepForDJVM
+
 package net.corda.core.internal
 
 import net.corda.core.DeleteForDJVM
@@ -11,6 +12,7 @@ import java.io.FileNotFoundException
 import java.io.IOException
 import java.io.InputStream
 import java.io.OutputStream
+import java.security.PublicKey
 import java.util.jar.JarInputStream
 
 const val DEPLOYED_CORDAPP_UPLOADER = "app"
@@ -40,8 +42,8 @@ abstract class AbstractAttachment(dataLoader: () -> ByteArray) : Attachment {
     override val size: Int get() = attachmentData.size
 
     override fun open(): InputStream = attachmentData.inputStream()
-    override val signers by lazy {
-        openAsJAR().use(JarSignatureCollector::collectSigningParties)
+    override val signers: List<PublicKey> by lazy {
+        openAsJAR().use(JarSignatureCollector::collectSigners)
     }
 
     override fun equals(other: Any?) = other === this || other is Attachment && other.id == this.id
diff --git a/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt b/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
index 78d5a15517..963623e474 100644
--- a/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
@@ -2,6 +2,7 @@ package net.corda.core.internal
 
 import net.corda.core.identity.Party
 import java.security.CodeSigner
+import java.security.PublicKey
 import java.security.cert.X509Certificate
 import java.util.jar.JarEntry
 import java.util.jar.JarInputStream
@@ -23,22 +24,25 @@ object JarSignatureCollector {
      * @param jar The open [JarInputStream] to collect signing parties from.
      * @throws InvalidJarSignersException If the signer sets for any two signable items are different from each other.
      */
-    fun collectSigningParties(jar: JarInputStream): List<Party> {
+    fun collectSigners(jar: JarInputStream): List<PublicKey> = getSigners(jar).toOrderedPublicKeys()
+
+    fun collectSigningParties(jar: JarInputStream): List<Party> = getSigners(jar).toPartiesOrderedByName()
+
+    private fun getSigners(jar: JarInputStream): Set<CodeSigner> {
         val signerSets = jar.fileSignerSets
-        if (signerSets.isEmpty()) return emptyList()
+        if (signerSets.isEmpty()) return emptySet()
 
         val (firstFile, firstSignerSet) = signerSets.first()
         for ((otherFile, otherSignerSet) in signerSets.subList(1, signerSets.size)) {
             if (otherSignerSet != firstSignerSet) throw InvalidJarSignersException(
-                """
-                Mismatch between signers ${firstSignerSet.toPartiesOrderedByName()} for file $firstFile
-                and signers ${otherSignerSet.toPartiesOrderedByName()} for file ${otherFile}.
-                See https://docs.corda.net/design/data-model-upgrades/signature-constraints.html for details of the
-                constraints applied to attachment signatures.
-                """.trimIndent().replace('\n', ' '))
+                    """
+                    Mismatch between signers ${firstSignerSet.toOrderedPublicKeys()} for file $firstFile
+                    and signers ${otherSignerSet.toOrderedPublicKeys()} for file ${otherFile}.
+                    See https://docs.corda.net/design/data-model-upgrades/signature-constraints.html for details of the
+                    constraints applied to attachment signatures.
+                    """.trimIndent().replace('\n', ' '))
         }
-
-        return firstSignerSet.toPartiesOrderedByName()
+        return firstSignerSet
     }
 
     private val JarInputStream.fileSignerSets: List<Pair<String, Set<CodeSigner>>> get() =
@@ -63,6 +67,10 @@ object JarSignatureCollector {
         Party(it.signerCertPath.certificates[0] as X509Certificate)
     }.sortedBy { it.name.toString() } // Sorted for determinism.
 
+    private fun Set<CodeSigner>.toOrderedPublicKeys(): List<PublicKey> = map {
+        (it.signerCertPath.certificates[0] as X509Certificate).publicKey
+    }.sortedBy { it.hash} // Sorted for determinism.
+
     private val JarInputStream.entries get(): Sequence<JarEntry> = generateSequence(nextJarEntry) { nextJarEntry }
 }
 
diff --git a/core/src/main/kotlin/net/corda/core/node/NetworkParameters.kt b/core/src/main/kotlin/net/corda/core/node/NetworkParameters.kt
index 7127177c71..f707a8e308 100644
--- a/core/src/main/kotlin/net/corda/core/node/NetworkParameters.kt
+++ b/core/src/main/kotlin/net/corda/core/node/NetworkParameters.kt
@@ -7,6 +7,7 @@ import net.corda.core.node.services.AttachmentId
 import net.corda.core.serialization.CordaSerializable
 import net.corda.core.serialization.DeprecatedConstructorForDeserialization
 import net.corda.core.utilities.days
+import java.security.PublicKey
 import java.time.Duration
 import java.time.Instant
 
@@ -22,6 +23,7 @@ import java.time.Instant
  * of parameters.
  * @property whitelistedContractImplementations List of whitelisted jars containing contract code for each contract class.
  *  This will be used by [net.corda.core.contracts.WhitelistedByZoneAttachmentConstraint]. [You can learn more about contract constraints here](https://docs.corda.net/api-contract-constraints.html).
+ * @property packageOwnership List of the network-wide java packages that were successfully claimed by their owners. Any CorDapp JAR that offers contracts and states in any of these packages must be signed by the owner.
  * @property eventHorizon Time after which nodes will be removed from the network map if they have not been seen
  * during this period
  */
@@ -35,7 +37,8 @@ data class NetworkParameters(
         val modifiedTime: Instant,
         val epoch: Int,
         val whitelistedContractImplementations: Map<String, List<AttachmentId>>,
-        val eventHorizon: Duration
+        val eventHorizon: Duration,
+        val packageOwnership: Map<JavaPackageName, PublicKey>
 ) {
     @DeprecatedConstructorForDeserialization(1)
     constructor (minimumPlatformVersion: Int,
@@ -52,7 +55,28 @@ data class NetworkParameters(
             modifiedTime,
             epoch,
             whitelistedContractImplementations,
-            Int.MAX_VALUE.days
+            Int.MAX_VALUE.days,
+            emptyMap()
+    )
+
+    @DeprecatedConstructorForDeserialization(2)
+    constructor (minimumPlatformVersion: Int,
+                 notaries: List<NotaryInfo>,
+                 maxMessageSize: Int,
+                 maxTransactionSize: Int,
+                 modifiedTime: Instant,
+                 epoch: Int,
+                 whitelistedContractImplementations: Map<String, List<AttachmentId>>,
+                 eventHorizon: Duration
+    ) : this(minimumPlatformVersion,
+            notaries,
+            maxMessageSize,
+            maxTransactionSize,
+            modifiedTime,
+            epoch,
+            whitelistedContractImplementations,
+            eventHorizon,
+            emptyMap()
     )
 
     init {
@@ -63,6 +87,7 @@ data class NetworkParameters(
         require(maxTransactionSize > 0) { "maxTransactionSize must be at least 1" }
         require(maxTransactionSize <= maxMessageSize) { "maxTransactionSize cannot be bigger than maxMessageSize" }
         require(!eventHorizon.isNegative) { "eventHorizon must be positive value" }
+        require(noOverlap(packageOwnership.keys)) { "multiple packages added to the packageOwnership overlap." }
     }
 
     fun copy(minimumPlatformVersion: Int,
@@ -83,20 +108,47 @@ data class NetworkParameters(
                 eventHorizon = eventHorizon)
     }
 
+    fun copy(minimumPlatformVersion: Int,
+             notaries: List<NotaryInfo>,
+             maxMessageSize: Int,
+             maxTransactionSize: Int,
+             modifiedTime: Instant,
+             epoch: Int,
+             whitelistedContractImplementations: Map<String, List<AttachmentId>>,
+             eventHorizon: Duration
+    ): NetworkParameters {
+        return copy(minimumPlatformVersion = minimumPlatformVersion,
+                notaries = notaries,
+                maxMessageSize = maxMessageSize,
+                maxTransactionSize = maxTransactionSize,
+                modifiedTime = modifiedTime,
+                epoch = epoch,
+                whitelistedContractImplementations = whitelistedContractImplementations,
+                eventHorizon = eventHorizon)
+    }
+
     override fun toString(): String {
         return """NetworkParameters {
-  minimumPlatformVersion=$minimumPlatformVersion
-  notaries=$notaries
-  maxMessageSize=$maxMessageSize
-  maxTransactionSize=$maxTransactionSize
-  whitelistedContractImplementations {
-    ${whitelistedContractImplementations.entries.joinToString("\n    ")}
-  }
-  eventHorizon=$eventHorizon
-  modifiedTime=$modifiedTime
-  epoch=$epoch
-}"""
+      minimumPlatformVersion=$minimumPlatformVersion
+      notaries=$notaries
+      maxMessageSize=$maxMessageSize
+      maxTransactionSize=$maxTransactionSize
+      whitelistedContractImplementations {
+        ${whitelistedContractImplementations.entries.joinToString("\n    ")}
+      }
+      eventHorizon=$eventHorizon
+      modifiedTime=$modifiedTime
+      epoch=$epoch,
+      packageOwnership= {
+        ${packageOwnership.keys.joinToString()}}
+      }
+  }"""
     }
+
+    /**
+     * Returns the public key of the package owner of the [contractClassName], or null if not owned.
+     */
+    fun getOwnerOf(contractClassName: String): PublicKey? = this.packageOwnership.filterKeys { it.owns(contractClassName) }.values.singleOrNull()
 }
 
 /**
@@ -113,3 +165,32 @@ data class NotaryInfo(val identity: Party, val validating: Boolean)
  * version.
  */
 class ZoneVersionTooLowException(message: String) : CordaRuntimeException(message)
+
+/**
+ * A wrapper for a legal java package. Used by the network parameters to store package ownership.
+ */
+@CordaSerializable
+data class JavaPackageName(val name: String) {
+    init {
+        require(isPackageValid(name)) { "Attempting to whitelist illegal java package: $name" }
+    }
+
+    /**
+     * Returns true if the [fullClassName] is in a subpackage of the current package.
+     * E.g.: "com.megacorp" owns "com.megacorp.tokens.MegaToken"
+     *
+     * Note: The ownership check is ignoring case to prevent people from just releasing a jar with: "com.megaCorp.megatoken" and pretend they are MegaCorp.
+     * By making the check case insensitive, the node will require that the jar is signed by MegaCorp, so the attack fails.
+     */
+    fun owns(fullClassName: String) = fullClassName.startsWith("${name}.", ignoreCase = true)
+}
+
+// Check if a string is a legal Java package name.
+private fun isPackageValid(packageName: String): Boolean = packageName.isNotEmpty() && !packageName.endsWith(".") && packageName.split(".").all { token ->
+    Character.isJavaIdentifierStart(token[0]) && token.toCharArray().drop(1).all { Character.isJavaIdentifierPart(it) }
+}
+
+// Make sure that packages don't overlap so that ownership is clear.
+private fun noOverlap(packages: Collection<JavaPackageName>) = packages.all { currentPackage ->
+    packages.none { otherPackage -> otherPackage != currentPackage && otherPackage.name.startsWith("${currentPackage.name}.") }
+}
diff --git a/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt b/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt
index 55be2f424f..ddadaefc0f 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/ContractUpgradeTransactions.kt
@@ -197,7 +197,7 @@ data class ContractUpgradeLedgerTransaction(
     private fun verifyConstraints() {
         val attachmentForConstraintVerification = AttachmentWithContext(
                 legacyContractAttachment as? ContractAttachment
-                        ?: ContractAttachment(legacyContractAttachment, legacyContractClassName),
+                        ?: ContractAttachment(legacyContractAttachment, legacyContractClassName, signers = legacyContractAttachment.signers),
                 upgradedContract.legacyContract,
                 networkParameters.whitelistedContractImplementations
         )
diff --git a/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt b/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
index 5c97af83a4..ebce06de33 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
@@ -3,6 +3,7 @@ package net.corda.core.transactions
 import net.corda.core.KeepForDJVM
 import net.corda.core.contracts.*
 import net.corda.core.crypto.SecureHash
+import net.corda.core.crypto.isFulfilledBy
 import net.corda.core.identity.Party
 import net.corda.core.internal.AttachmentWithContext
 import net.corda.core.internal.castIfPossible
@@ -74,6 +75,9 @@ data class LedgerTransaction @JvmOverloads constructor(
     val inputStates: List<ContractState> get() = inputs.map { it.state.data }
     val referenceStates: List<ContractState> get() = references.map { it.state.data }
 
+    private val inputAndOutputStates = inputs.map { it.state } + outputs
+    private val allStates = inputAndOutputStates + references.map { it.state }
+
     /**
      * Returns the typed input StateAndRef at the specified index
      * @param index The index into the inputs.
@@ -88,10 +92,37 @@ data class LedgerTransaction @JvmOverloads constructor(
      */
     @Throws(TransactionVerificationException::class)
     fun verify() {
+        val contractAttachmentsByContract: Map<ContractClassName, ContractAttachment> = getUniqueContractAttachmentsByContract()
+
+        validatePackageOwnership(contractAttachmentsByContract)
         verifyConstraints()
         verifyContracts()
     }
 
+    /**
+     * Verify that package ownership is respected.
+     *
+     * TODO - revisit once transaction contains network parameters.
+     */
+    private fun validatePackageOwnership(contractAttachmentsByContract: Map<ContractClassName, ContractAttachment>) {
+        // This should never happen once we have network parameters in the transaction.
+        if (networkParameters == null) {
+            return
+        }
+
+        val contractsAndOwners = allStates.mapNotNull { transactionState ->
+            val contractClassName = transactionState.contract
+            networkParameters.getOwnerOf(contractClassName)?.let { contractClassName to it }
+        }.toMap()
+
+        contractsAndOwners.forEach { contract, owner ->
+            val attachment = contractAttachmentsByContract[contract]!!
+            if (!owner.isFulfilledBy(attachment.signers)) {
+                throw TransactionVerificationException.ContractAttachmentNotSignedByPackageOwnerException(this.id, id, contract)
+            }
+        }
+    }
+
     /**
      * Verify that all contract constraints are valid for each state before running any contract code
      *
@@ -123,6 +154,29 @@ data class LedgerTransaction @JvmOverloads constructor(
         }
     }
 
+    private fun getUniqueContractAttachmentsByContract(): Map<ContractClassName, ContractAttachment> {
+        val result = mutableMapOf<ContractClassName, ContractAttachment>()
+
+        for (attachment in attachments) {
+            if (attachment !is ContractAttachment) continue
+
+            for (contract in attachment.allContracts) {
+                result.compute(contract) { _, previousAttachment ->
+                    when {
+                        previousAttachment == null -> attachment
+                        attachment.id == previousAttachment.id -> previousAttachment
+                        // In case multiple attachments have been added for the same contract, fail because this
+                        // transaction will not be able to be verified because it will break the no-overlap rule
+                        // that we have implemented in our Classloaders
+                        else -> throw TransactionVerificationException.ConflictingAttachmentsRejection(id, contract)
+                    }
+                }
+            }
+        }
+
+        return result
+    }
+
     /**
      * Check the transaction is contract-valid by running the verify() for each input and output state contract.
      * If any contract fails to verify, the whole transaction is considered to be invalid.
diff --git a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
index 9b54509064..99c069de88 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
@@ -158,8 +158,8 @@ open class TransactionBuilder @JvmOverloads constructor(
         }
     }
 
-    private fun makeSignatureAttachmentConstraint(attachmentSigners: List<Party>) =
-            SignatureAttachmentConstraint(CompositeKey.Builder().addKeys(attachmentSigners.map { it.owningKey }).build())
+    private fun makeSignatureAttachmentConstraint(attachmentSigners: List<PublicKey>) =
+            SignatureAttachmentConstraint(CompositeKey.Builder().addKeys(attachmentSigners.map { it }).build())
 
     private fun useWhitelistedByZoneAttachmentConstraint(contractClassName: ContractClassName, networkParameters: NetworkParameters) =
             contractClassName in networkParameters.whitelistedContractImplementations.keys
diff --git a/core/src/test/kotlin/net/corda/core/JarSignatureTestUtils.kt b/core/src/test/kotlin/net/corda/core/JarSignatureTestUtils.kt
new file mode 100644
index 0000000000..d5d9bed118
--- /dev/null
+++ b/core/src/test/kotlin/net/corda/core/JarSignatureTestUtils.kt
@@ -0,0 +1,45 @@
+package net.corda.core
+
+import net.corda.core.internal.JarSignatureCollector
+import net.corda.core.internal.div
+import net.corda.nodeapi.internal.crypto.loadKeyStore
+import java.io.FileInputStream
+import java.nio.file.Path
+import java.nio.file.Paths
+import java.security.PublicKey
+import java.util.jar.JarInputStream
+import kotlin.test.assertEquals
+
+object JarSignatureTestUtils {
+    val bin = Paths.get(System.getProperty("java.home")).let { if (it.endsWith("jre")) it.parent else it } / "bin"
+
+    fun Path.executeProcess(vararg command: String) {
+        val shredder = (this / "_shredder").toFile() // No need to delete after each test.
+        assertEquals(0, ProcessBuilder()
+                .inheritIO()
+                .redirectOutput(shredder)
+                .redirectError(shredder)
+                .directory(this.toFile())
+                .command((bin / command[0]).toString(), *command.sliceArray(1 until command.size))
+                .start()
+                .waitFor())
+    }
+
+    fun Path.generateKey(alias: String, password: String, name: String) =
+            executeProcess("keytool", "-genkey", "-keystore", "_teststore", "-storepass", "storepass", "-keyalg", "RSA", "-alias", alias, "-keypass", password, "-dname", name)
+
+    fun Path.createJar(fileName: String, vararg contents: String) =
+            executeProcess(*(arrayOf("jar", "cvf", fileName) + contents))
+
+    fun Path.updateJar(fileName: String, vararg contents: String) =
+            executeProcess(*(arrayOf("jar", "uvf", fileName) + contents))
+
+    fun Path.signJar(fileName: String, alias: String, password: String): PublicKey {
+        executeProcess("jarsigner", "-keystore", "_teststore", "-storepass", "storepass", "-keypass", password, fileName, alias)
+        val ks = loadKeyStore(this.resolve("_teststore"), "storepass")
+        return ks.getCertificate(alias).publicKey
+    }
+
+    fun Path.getJarSigners(fileName: String) =
+            JarInputStream(FileInputStream((this / fileName).toFile())).use(JarSignatureCollector::collectSigners)
+}
diff --git a/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt b/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
new file mode 100644
index 0000000000..98fe6683bd
--- /dev/null
+++ b/core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
@@ -0,0 +1,91 @@
+package net.corda.core.contracts
+
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.whenever
+import net.corda.core.crypto.Crypto
+import net.corda.core.crypto.SecureHash
+import net.corda.core.identity.AbstractParty
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.node.JavaPackageName
+import net.corda.core.transactions.LedgerTransaction
+import net.corda.node.services.api.IdentityServiceInternal
+import net.corda.testing.common.internal.testNetworkParameters
+import net.corda.testing.core.DUMMY_NOTARY_NAME
+import net.corda.testing.core.SerializationEnvironmentRule
+import net.corda.testing.core.TestIdentity
+import net.corda.testing.internal.rigorousMock
+import net.corda.testing.node.MockServices
+import net.corda.testing.node.ledger
+import org.junit.Rule
+import org.junit.Test
+
+class PackageOwnershipVerificationTests {
+
+    private companion object {
+        val DUMMY_NOTARY = TestIdentity(DUMMY_NOTARY_NAME, 20).party
+        val ALICE = TestIdentity(CordaX500Name("ALICE", "London", "GB"))
+        val ALICE_PARTY get() = ALICE.party
+        val ALICE_PUBKEY get() = ALICE.publicKey
+        val BOB = TestIdentity(CordaX500Name("BOB", "London", "GB"))
+        val BOB_PARTY get() = BOB.party
+        val BOB_PUBKEY get() = BOB.publicKey
+        val dummyContract = "net.corda.core.contracts.DummyContract"
+        val OWNER_KEY_PAIR = Crypto.generateKeyPair()
+    }
+
+    @Rule
+    @JvmField
+    val testSerialization = SerializationEnvironmentRule()
+
+    private val ledgerServices = MockServices(
+            cordappPackages = listOf("net.corda.finance.contracts.asset"),
+            initialIdentity = ALICE,
+            identityService = rigorousMock<IdentityServiceInternal>().also {
+                doReturn(ALICE_PARTY).whenever(it).partyFromKey(ALICE_PUBKEY)
+                doReturn(BOB_PARTY).whenever(it).partyFromKey(BOB_PUBKEY)
+            },
+            networkParameters = testNetworkParameters()
+                    .copy(packageOwnership = mapOf(JavaPackageName("net.corda.core.contracts") to OWNER_KEY_PAIR.public))
+    )
+
+    @Test
+    fun `Happy path - Transaction validates when package signed by owner`() {
+        ledgerServices.ledger(DUMMY_NOTARY) {
+            transaction {
+                attachment(dummyContract, SecureHash.allOnesHash, listOf(OWNER_KEY_PAIR.public))
+                output(dummyContract, "c1", DUMMY_NOTARY, null, HashAttachmentConstraint(SecureHash.allOnesHash), DummyContractState())
+                command(ALICE_PUBKEY, DummyIssue())
+                verifies()
+            }
+        }
+    }
+
+    @Test
+    fun `Transaction validation fails when the selected attachment is not signed by the owner`() {
+        ledgerServices.ledger(DUMMY_NOTARY) {
+            transaction {
+                attachment(dummyContract, SecureHash.allOnesHash, listOf(ALICE_PUBKEY))
+                output(dummyContract, "c1", DUMMY_NOTARY, null, HashAttachmentConstraint(SecureHash.allOnesHash), DummyContractState())
+                command(ALICE_PUBKEY, DummyIssue())
+                failsWith("is not signed by the owner specified in the network parameters")
+            }
+        }
+    }
+
+}
+
+class DummyContractState : ContractState {
+    override val participants: List<AbstractParty>
+        get() = emptyList()
+}
+
+class DummyContract : Contract {
+    interface Commands : CommandData
+    class Create : Commands
+
+    override fun verify(tx: LedgerTransaction) {
+        //do nothing
+    }
+}
+
+class DummyIssue : TypeOnlyCommandData()
\ No newline at end of file
diff --git a/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt b/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
index fed904c1fa..7f83f23a47 100644
--- a/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
+++ b/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
@@ -1,6 +1,10 @@
 package net.corda.core.internal
 
-import net.corda.core.identity.CordaX500Name
+import net.corda.core.JarSignatureTestUtils.createJar
+import net.corda.core.JarSignatureTestUtils.generateKey
+import net.corda.core.JarSignatureTestUtils.getJarSigners
+import net.corda.core.JarSignatureTestUtils.signJar
+import net.corda.core.JarSignatureTestUtils.updateJar
 import net.corda.core.identity.Party
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
@@ -10,29 +14,14 @@ import org.junit.After
 import org.junit.AfterClass
 import org.junit.BeforeClass
 import org.junit.Test
-import java.io.FileInputStream
 import java.nio.file.Files
 import java.nio.file.Path
-import java.nio.file.Paths
-import java.util.jar.JarInputStream
 import kotlin.test.assertEquals
 import kotlin.test.assertFailsWith
 
 class JarSignatureCollectorTest {
     companion object {
         private val dir = Files.createTempDirectory(JarSignatureCollectorTest::class.simpleName)
-        private val bin = Paths.get(System.getProperty("java.home")).let { if (it.endsWith("jre")) it.parent else it } / "bin"
-        private val shredder = (dir / "_shredder").toFile() // No need to delete after each test.
-
-        fun execute(vararg command: String) {
-            assertEquals(0, ProcessBuilder()
-                    .inheritIO()
-                    .redirectOutput(shredder)
-                    .directory(dir.toFile())
-                    .command((bin / command[0]).toString(), *command.sliceArray(1 until command.size))
-                    .start()
-                    .waitFor())
-        }
 
         private const val FILENAME = "attachment.jar"
         private const val ALICE = "alice"
@@ -42,15 +31,11 @@ class JarSignatureCollectorTest {
         private const val CHARLIE = "Charlie"
         private const val CHARLIE_PASS = "charliepass"
 
-        private fun generateKey(alias: String, password: String, name: CordaX500Name, keyalg: String = "RSA") =
-                execute("keytool", "-genkey", "-keystore", "_teststore", "-storepass", "storepass", "-keyalg", keyalg, "-alias", alias, "-keypass", password, "-dname", name.toString())
-
         @BeforeClass
         @JvmStatic
         fun beforeClass() {
-            generateKey(ALICE, ALICE_PASS, ALICE_NAME)
-            generateKey(BOB, BOB_PASS, BOB_NAME)
-            generateKey(CHARLIE, CHARLIE_PASS, CHARLIE_NAME, "EC")
+            dir.generateKey(ALICE, ALICE_PASS, ALICE_NAME.toString())
+            dir.generateKey(BOB, BOB_PASS, BOB_NAME.toString())
 
             (dir / "_signable1").writeLines(listOf("signable1"))
             (dir / "_signable2").writeLines(listOf("signable2"))
@@ -64,7 +49,7 @@ class JarSignatureCollectorTest {
         }
     }
 
-    private val List<Party>.names get() = map { it.name }
+    private val List<Party>.keys get() = map { it.owningKey }
 
     @After
     fun tearDown() {
@@ -77,101 +62,74 @@ class JarSignatureCollectorTest {
     @Test
     fun `empty jar has no signers`() {
         (dir / "META-INF").createDirectory() // At least one arg is required, and jar cvf conveniently ignores this.
-        createJar("META-INF")
-        assertEquals(emptyList(), getJarSigners())
+        dir.createJar(FILENAME, "META-INF")
+        assertEquals(emptyList(), dir.getJarSigners(FILENAME))
 
         signAsAlice()
-        assertEquals(emptyList(), getJarSigners()) // There needs to have been a file for ALICE to sign.
+        assertEquals(emptyList(), dir.getJarSigners(FILENAME)) // There needs to have been a file for ALICE to sign.
     }
 
     @Test
     fun `unsigned jar has no signers`() {
-        createJar("_signable1")
-        assertEquals(emptyList(), getJarSigners())
+        dir.createJar(FILENAME, "_signable1")
+        assertEquals(emptyList(), dir.getJarSigners(FILENAME))
 
-        updateJar("_signable2")
-        assertEquals(emptyList(), getJarSigners())
+        dir.updateJar(FILENAME, "_signable2")
+        assertEquals(emptyList(), dir.getJarSigners(FILENAME))
     }
 
     @Test
     fun `one signer`() {
-        createJar("_signable1", "_signable2")
-        signAsAlice()
-        assertEquals(listOf(ALICE_NAME), getJarSigners().names) // We only reused ALICE's distinguished name, so the keys will be different.
+        dir.createJar(FILENAME, "_signable1", "_signable2")
+        val key = signAsAlice()
+        assertEquals(listOf(key), dir.getJarSigners(FILENAME))
 
         (dir / "my-dir").createDirectory()
-        updateJar("my-dir")
-        assertEquals(listOf(ALICE_NAME), getJarSigners().names) // Unsigned directory is irrelevant.
+        dir.updateJar(FILENAME, "my-dir")
+        assertEquals(listOf(key), dir.getJarSigners(FILENAME)) // Unsigned directory is irrelevant.
     }
 
     @Test
     fun `two signers`() {
-        createJar("_signable1", "_signable2")
-        signAsAlice()
-        signAsBob()
+        dir.createJar(FILENAME, "_signable1", "_signable2")
+        val key1 = signAsAlice()
+        val key2 = signAsBob()
 
-        assertEquals(listOf(ALICE_NAME, BOB_NAME), getJarSigners().names)
+        assertEquals(setOf(key1, key2), dir.getJarSigners(FILENAME).toSet())
     }
 
     @Test
     fun `all files must be signed by the same set of signers`() {
-        createJar("_signable1")
-        signAsAlice()
-        assertEquals(listOf(ALICE_NAME), getJarSigners().names)
+        dir.createJar(FILENAME, "_signable1")
+        val key1 = signAsAlice()
+        assertEquals(listOf(key1), dir.getJarSigners(FILENAME))
 
-        updateJar("_signable2")
+        dir.updateJar(FILENAME, "_signable2")
         signAsBob()
         assertFailsWith<InvalidJarSignersException>(
-            """
+                """
             Mismatch between signers [O=Alice Corp, L=Madrid, C=ES, O=Bob Plc, L=Rome, C=IT] for file _signable1
             and signers [O=Bob Plc, L=Rome, C=IT] for file _signable2.
             See https://docs.corda.net/design/data-model-upgrades/signature-constraints.html for details of the
             constraints applied to attachment signatures.
             """.trimIndent().replace('\n', ' ')
-        ) { getJarSigners() }
+        ) { dir.getJarSigners(FILENAME) }
     }
 
     @Test
     fun `bad signature is caught even if the party would not qualify as a signer`() {
         (dir / "volatile").writeLines(listOf("volatile"))
-        createJar("volatile")
-        signAsAlice()
-        assertEquals(listOf(ALICE_NAME), getJarSigners().names)
+        dir.createJar(FILENAME, "volatile")
+        val key1 = signAsAlice()
+        assertEquals(listOf(key1), dir.getJarSigners(FILENAME))
 
         (dir / "volatile").writeLines(listOf("garbage"))
-        updateJar("volatile", "_signable1") // ALICE's signature on volatile is now bad.
+        dir.updateJar(FILENAME, "volatile", "_signable1") // ALICE's signature on volatile is now bad.
         signAsBob()
         // The JDK doesn't care that BOB has correctly signed the whole thing, it won't let us process the entry with ALICE's bad signature:
-        assertFailsWith<SecurityException> { getJarSigners() }
+        assertFailsWith<SecurityException> { dir.getJarSigners(FILENAME) }
     }
 
-    // Signing using EC algorithm produced JAR File spec incompatible signature block (META-INF/*.EC) which is anyway accepted by jarsiner, see [JarSignatureCollector]
-    @Test
-    fun `one signer with EC sign algorithm`() {
-        createJar("_signable1", "_signable2")
-        signJar(CHARLIE, CHARLIE_PASS)
-        assertEquals(listOf(CHARLIE_NAME), getJarSigners().names) // We only reused CHARLIE's distinguished name, so the keys will be different.
-
-        (dir / "my-dir").createDirectory()
-        updateJar("my-dir")
-        assertEquals(listOf(CHARLIE_NAME), getJarSigners().names) // Unsigned directory is irrelevant.
-    }
-
-    //region Helper functions
-    private fun createJar(vararg contents: String) =
-            execute(*(arrayOf("jar", "cvf", FILENAME) + contents))
-
-    private fun updateJar(vararg contents: String) =
-            execute(*(arrayOf("jar", "uvf", FILENAME) + contents))
-
-    private fun signJar(alias: String, password: String) =
-            execute("jarsigner", "-keystore", "_teststore", "-storepass", "storepass", "-keypass", password, FILENAME, alias)
-
-    private fun signAsAlice() = signJar(ALICE, ALICE_PASS)
-    private fun signAsBob() = signJar(BOB, BOB_PASS)
-
-    private fun getJarSigners() =
-            JarInputStream(FileInputStream((dir / FILENAME).toFile())).use(JarSignatureCollector::collectSigningParties)
-    //endregion
-
+    private fun signAsAlice() = dir.signJar(FILENAME, ALICE, ALICE_PASS)
+    private fun signAsBob() = dir.signJar(FILENAME, BOB, BOB_PASS)
 }
diff --git a/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt b/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt
index f779c85678..cd9456cdc3 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/TransactionBuilderTest.kt
@@ -23,6 +23,7 @@ import org.junit.Assert.assertTrue
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
+import java.security.PublicKey
 
 class TransactionBuilderTest {
     @Rule
@@ -40,7 +41,15 @@ class TransactionBuilderTest {
         doReturn(cordappProvider).whenever(services).cordappProvider
         doReturn(contractAttachmentId).whenever(cordappProvider).getContractAttachmentID(DummyContract.PROGRAM_ID)
         doReturn(testNetworkParameters()).whenever(services).networkParameters
-        doReturn(attachments).whenever(services).attachments
+
+        val attachmentStorage = rigorousMock<AttachmentStorage>()
+        doReturn(attachmentStorage).whenever(services).attachments
+        val attachment = rigorousMock<ContractAttachment>()
+        doReturn(attachment).whenever(attachmentStorage).openAttachment(contractAttachmentId)
+        doReturn(contractAttachmentId).whenever(attachment).id
+        doReturn(setOf(DummyContract.PROGRAM_ID)).whenever(attachment).allContracts
+        doReturn("app").whenever(attachment).uploader
+        doReturn(emptyList<Party>()).whenever(attachment).signers
     }
 
     @Test
@@ -103,6 +112,7 @@ class TransactionBuilderTest {
         assertTrue(expectedConstraint.isSatisfiedBy(signedAttachment))
         assertFalse(expectedConstraint.isSatisfiedBy(unsignedAttachment))
 
+        doReturn(attachments).whenever(services).attachments
         doReturn(signedAttachment).whenever(attachments).openAttachment(contractAttachmentId)
 
         val outputState = TransactionState(data = DummyState(), contract = DummyContract.PROGRAM_ID, notary = notary)
@@ -112,19 +122,17 @@ class TransactionBuilderTest {
         val wtx = builder.toWireTransaction(services)
 
         assertThat(wtx.outputs).containsOnly(outputState.copy(constraint = expectedConstraint))
-
     }
 
-
-    private val unsignedAttachment = object : AbstractAttachment({ byteArrayOf() }) {
+    private val unsignedAttachment = ContractAttachment(object : AbstractAttachment({ byteArrayOf() }) {
         override val id: SecureHash get() = throw UnsupportedOperationException()
 
-        override val signers: List<Party> get() = emptyList()
-    }
+        override val signers: List<PublicKey> get() = emptyList()
+    }, DummyContract.PROGRAM_ID)
 
-    private fun signedAttachment(vararg parties: Party) = object : AbstractAttachment({ byteArrayOf() }) {
+    private fun signedAttachment(vararg parties: Party) = ContractAttachment(object : AbstractAttachment({ byteArrayOf() }) {
         override val id: SecureHash get() = throw UnsupportedOperationException()
 
-        override val signers: List<Party> get() = parties.toList()
-    }
+        override val signers: List<PublicKey> get() = parties.map { it.owningKey }
+    }, DummyContract.PROGRAM_ID, signers = parties.map { it.owningKey })
 }
diff --git a/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt b/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt
index 3f6f40bf51..32f9105a1c 100644
--- a/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt
+++ b/core/src/test/kotlin/net/corda/core/transactions/TransactionTests.kt
@@ -6,6 +6,7 @@ import net.corda.core.contracts.*
 import net.corda.core.crypto.*
 import net.corda.core.crypto.CompositeKey
 import net.corda.core.identity.Party
+import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.contracts.DummyContract
 import net.corda.testing.core.*
 import net.corda.testing.internal.createWireTransaction
@@ -129,7 +130,8 @@ class TransactionTests {
                 id,
                 null,
                 timeWindow,
-                privacySalt
+                privacySalt,
+                testNetworkParameters()
         )
 
         transaction.verify()
diff --git a/docs/source/network-map.rst b/docs/source/network-map.rst
index 3b5e4e5893..3af6b5d6ce 100644
--- a/docs/source/network-map.rst
+++ b/docs/source/network-map.rst
@@ -125,7 +125,14 @@ The current set of network parameters:
 :eventHorizon: Time after which nodes are considered to be unresponsive and removed from network map. Nodes republish their
         ``NodeInfo`` on a regular interval. Network map treats that as a heartbeat from the node.
 
-More parameters will be added in future releases to regulate things like allowed port numbers, whether or not IPv6 
+:packageOwnership: List of the network-wide java packages that were successfully claimed by their owners.
+    Any CorDapp JAR that offers contracts and states in any of these packages must be signed by the owner.
+    This ensures that when a node encounters an owned contract it can uniquely identify it and knows that all other nodes can do the same.
+    Encountering an owned contract in a JAR that is not signed by the rightful owner is most likely a sign of malicious behaviour, and should be reported.
+    The transaction verification logic will throw an exception when this happens.
+    Read more about *Package ownership* here :doc:`design/data-model-upgrades/package-namespace-ownership`.
+
+More parameters will be added in future releases to regulate things like allowed port numbers, whether or not IPv6
 connectivity is required for zone members, required cryptographic algorithms and roll-out schedules (e.g. for moving to post quantum cryptography), parameters related to SGX and so on.
 
 Network parameters update process
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateStatistics.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateStatistics.kt
index 2c08d3e77f..c902f57f27 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateStatistics.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateStatistics.kt
@@ -1,14 +1,8 @@
 package net.corda.nodeapi.internal.persistence
 
+import org.hibernate.stat.*
 import javax.management.MXBean
 
-import org.hibernate.stat.Statistics
-import org.hibernate.stat.SecondLevelCacheStatistics
-import org.hibernate.stat.QueryStatistics
-import org.hibernate.stat.NaturalIdCacheStatistics
-import org.hibernate.stat.EntityStatistics
-import org.hibernate.stat.CollectionStatistics
-
 /**
  * Exposes Hibernate [Statistics] contract as JMX resource.
  */
@@ -20,6 +14,25 @@ interface StatisticsService : Statistics
  * session factory.
  */
 class DelegatingStatisticsService(private val delegate: Statistics) : StatisticsService {
+    override fun getNaturalIdStatistics(entityName: String?): NaturalIdStatistics {
+        return delegate.getNaturalIdStatistics(entityName)
+    }
+
+    override fun getDomainDataRegionStatistics(regionName: String?): CacheRegionStatistics {
+        return delegate.getDomainDataRegionStatistics(regionName)
+    }
+
+    override fun getQueryRegionStatistics(regionName: String?): CacheRegionStatistics {
+        return delegate.getQueryRegionStatistics(regionName)
+    }
+
+    override fun getNaturalIdQueryExecutionMaxTimeEntity(): String {
+        return delegate.getNaturalIdQueryExecutionMaxTimeEntity()
+    }
+
+    override fun getCacheRegionStatistics(regionName: String?): CacheRegionStatistics {
+        return delegate.getCacheRegionStatistics(regionName)
+    }
 
     override fun clear() {
         delegate.clear()
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index b16ed8698c..4bee70d8c6 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -170,7 +170,9 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     val cordappProvider = CordappProviderImpl(cordappLoader, CordappConfigFileProvider(), attachments).tokenize()
     @Suppress("LeakingThis")
     val keyManagementService = makeKeyManagementService(identityService).tokenize()
-    val servicesForResolution = ServicesForResolutionImpl(identityService, attachments, cordappProvider, transactionStorage)
+    val servicesForResolution = ServicesForResolutionImpl(identityService, attachments, cordappProvider, transactionStorage).also {
+        attachments.servicesForResolution = it
+    }
     @Suppress("LeakingThis")
     val vaultService = makeVaultService(keyManagementService, servicesForResolution, database).tokenize()
     val nodeProperties = NodePropertiesPersistentStore(StubbedNodeUniqueIdProvider::value, database, cacheFactory)
@@ -1036,7 +1038,7 @@ fun createCordaPersistence(databaseConfig: DatabaseConfig,
     // so we end up providing both descriptor and converter. We should re-examine this in later versions to see if
     // either Hibernate can be convinced to stop warning, use the descriptor by default, or something else.
     JavaTypeDescriptorRegistry.INSTANCE.addDescriptor(AbstractPartyDescriptor(wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous))
-    val attributeConverters = listOf(AbstractPartyToX500NameAsStringConverter(wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous))
+    val attributeConverters = listOf(PublicKeyToTextConverter(), AbstractPartyToX500NameAsStringConverter(wellKnownPartyFromX500Name, wellKnownPartyFromAnonymous))
     val jdbcUrl = hikariProperties.getProperty("dataSource.url", "")
     return CordaPersistence(databaseConfig, schemaService.schemaOptions.keys, jdbcUrl, cacheFactory, attributeConverters)
 }
diff --git a/node/src/main/kotlin/net/corda/node/serialization/kryo/DefaultKryoCustomizer.kt b/node/src/main/kotlin/net/corda/node/serialization/kryo/DefaultKryoCustomizer.kt
index 0fd8fa7432..37bd1acd33 100644
--- a/node/src/main/kotlin/net/corda/node/serialization/kryo/DefaultKryoCustomizer.kt
+++ b/node/src/main/kotlin/net/corda/node/serialization/kryo/DefaultKryoCustomizer.kt
@@ -209,15 +209,17 @@ object DefaultKryoCustomizer {
             output.writeString(obj.contract)
             kryo.writeClassAndObject(output, obj.additionalContracts)
             output.writeString(obj.uploader)
+            kryo.writeClassAndObject(output, obj.signers)
         }
 
+        @Suppress("UNCHECKED_CAST")
         override fun read(kryo: Kryo, input: Input, type: Class<ContractAttachment>): ContractAttachment {
             if (kryo.serializationContext() != null) {
                 val attachmentHash = SecureHash.SHA256(input.readBytes(32))
                 val contract = input.readString()
-                @Suppress("UNCHECKED_CAST")
                 val additionalContracts = kryo.readClassAndObject(input) as Set<ContractClassName>
                 val uploader = input.readString()
+                val signers = kryo.readClassAndObject(input) as List<PublicKey>
                 val context = kryo.serializationContext()!!
                 val attachmentStorage = context.serviceHub.attachments
 
@@ -229,14 +231,14 @@ object DefaultKryoCustomizer {
                     override val id = attachmentHash
                 }
 
-                return ContractAttachment(lazyAttachment, contract, additionalContracts, uploader)
+                return ContractAttachment(lazyAttachment, contract, additionalContracts, uploader, signers)
             } else {
                 val attachment = GeneratedAttachment(input.readBytesWithLength())
                 val contract = input.readString()
-                @Suppress("UNCHECKED_CAST")
                 val additionalContracts = kryo.readClassAndObject(input) as Set<ContractClassName>
                 val uploader = input.readString()
-                return ContractAttachment(attachment, contract, additionalContracts, uploader)
+                val signers = kryo.readClassAndObject(input) as List<PublicKey>
+                return ContractAttachment(attachment, contract, additionalContracts, uploader, signers)
             }
         }
     }
diff --git a/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt b/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
index 31f937f62b..1ea12ffb15 100644
--- a/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/persistence/NodeAttachmentService.kt
@@ -6,13 +6,16 @@ import com.google.common.hash.HashCode
 import com.google.common.hash.Hashing
 import com.google.common.hash.HashingInputStream
 import com.google.common.io.CountingInputStream
+import net.corda.core.ClientRelevantError
 import net.corda.core.CordaRuntimeException
 import net.corda.core.contracts.Attachment
 import net.corda.core.contracts.ContractAttachment
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.crypto.SecureHash
+import net.corda.core.crypto.isFulfilledBy
 import net.corda.core.crypto.sha256
 import net.corda.core.internal.*
+import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.services.AttachmentId
 import net.corda.core.node.services.vault.AttachmentQueryCriteria
 import net.corda.core.node.services.vault.AttachmentSort
@@ -30,6 +33,7 @@ import java.io.FilterInputStream
 import java.io.IOException
 import java.io.InputStream
 import java.nio.file.Paths
+import java.security.PublicKey
 import java.time.Instant
 import java.util.*
 import java.util.jar.JarInputStream
@@ -45,6 +49,10 @@ class NodeAttachmentService(
         cacheFactory: NamedCacheFactory,
         private val database: CordaPersistence
 ) : AttachmentStorageInternal, SingletonSerializeAsToken() {
+
+    // This is to break the circular dependency.
+    lateinit var servicesForResolution: ServicesForResolution
+
     companion object {
         private val log = contextLogger()
 
@@ -94,7 +102,13 @@ class NodeAttachmentService(
             @Column(name = "contract_class_name", nullable = false)
             @CollectionTable(name = "${NODE_DATABASE_PREFIX}attachments_contracts", joinColumns = [(JoinColumn(name = "att_id", referencedColumnName = "att_id"))],
                     foreignKey = ForeignKey(name = "FK__ctr_class__attachments"))
-            var contractClassNames: List<ContractClassName>? = null
+            var contractClassNames: List<ContractClassName>? = null,
+
+            @ElementCollection(targetClass = PublicKey::class, fetch = FetchType.EAGER)
+            @Column(name = "signer", nullable = false)
+            @CollectionTable(name = "${NODE_DATABASE_PREFIX}attachments_signers", joinColumns = [(JoinColumn(name = "att_id", referencedColumnName = "att_id"))],
+                    foreignKey = ForeignKey(name = "FK__signers__attachments"))
+            var signers: List<PublicKey>? = null
     )
 
     @VisibleForTesting
@@ -212,11 +226,13 @@ class NodeAttachmentService(
 
     private fun loadAttachmentContent(id: SecureHash): Pair<Attachment, ByteArray>? {
         return database.transaction {
-            val attachment = currentDBSession().get(NodeAttachmentService.DBAttachment::class.java, id.toString()) ?: return@transaction null
+            val attachment = currentDBSession().get(NodeAttachmentService.DBAttachment::class.java, id.toString())
+                    ?: return@transaction null
             val attachmentImpl = AttachmentImpl(id, { attachment.content }, checkAttachmentsOnLoad).let {
                 val contracts = attachment.contractClassNames
                 if (contracts != null && contracts.isNotEmpty()) {
-                    ContractAttachment(it, contracts.first(), contracts.drop(1).toSet(), attachment.uploader)
+                    ContractAttachment(it, contracts.first(), contracts.drop(1).toSet(), attachment.uploader, attachment.signers
+                            ?: emptyList())
                 } else {
                     it
                 }
@@ -290,14 +306,19 @@ class NodeAttachmentService(
                 val id = bytes.sha256()
                 if (!hasAttachment(id)) {
                     checkIsAValidJAR(bytes.inputStream())
+
+                    val jarSigners = getSigners(bytes)
+
                     val session = currentDBSession()
                     val attachment = NodeAttachmentService.DBAttachment(
                             attId = id.toString(),
                             content = bytes,
                             uploader = uploader,
                             filename = filename,
-                            contractClassNames = contractClassNames
+                            contractClassNames = contractClassNames,
+                            signers = jarSigners
                     )
+
                     session.save(attachment)
                     attachmentCount.inc()
                     log.info("Stored new attachment $id")
@@ -309,6 +330,9 @@ class NodeAttachmentService(
         }
     }
 
+    private fun getSigners(attachmentBytes: ByteArray) =
+        JarSignatureCollector.collectSigners(JarInputStream(attachmentBytes.inputStream()))
+
     @Suppress("OverridingDeprecatedMember")
     override fun importOrGetAttachment(jar: InputStream): AttachmentId {
         return try {
@@ -339,4 +363,4 @@ class NodeAttachmentService(
             query.resultList.map { AttachmentId.parse(it.attId) }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/services/persistence/PublicKeyToTextConverter.kt b/node/src/main/kotlin/net/corda/node/services/persistence/PublicKeyToTextConverter.kt
new file mode 100644
index 0000000000..4ee5a15e57
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/services/persistence/PublicKeyToTextConverter.kt
@@ -0,0 +1,18 @@
+package net.corda.node.services.persistence
+
+import net.corda.core.crypto.Crypto
+import net.corda.core.utilities.hexToByteArray
+import net.corda.core.utilities.toHex
+import java.security.PublicKey
+import javax.persistence.AttributeConverter
+import javax.persistence.Converter
+
+/**
+ * Converts to and from a Public key into a hex encoded string.
+ * Used by JPA to automatically map a [PublicKey] to a text column
+ */
+@Converter(autoApply = true)
+class PublicKeyToTextConverter : AttributeConverter<PublicKey, String> {
+    override fun convertToDatabaseColumn(key: PublicKey?): String? = key?.encoded?.toHex()
+    override fun convertToEntityAttribute(text: String?): PublicKey? = text?.let { Crypto.decodePublicKey(it.hexToByteArray()) }
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
index c893472a6f..915ff0bcca 100644
--- a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt
@@ -505,7 +505,8 @@ class NodeVaultService(
             // Even if we set the default pageNumber to be 1 instead, that may not cover the non-default cases.
             // So the floor may be necessary anyway.
             query.firstResult = maxOf(0, (paging.pageNumber - 1) * paging.pageSize)
-            query.maxResults = paging.pageSize + 1  // detection too many results
+            val pageSize = paging.pageSize + 1
+            query.maxResults = if (pageSize > 0) pageSize else Integer.MAX_VALUE // detection too many results, protected against overflow
 
             // execution
             val results = query.resultList
diff --git a/node/src/main/resources/migration/node-core.changelog-v8.xml b/node/src/main/resources/migration/node-core.changelog-v8.xml
index 380faf518d..11c55db5ee 100644
--- a/node/src/main/resources/migration/node-core.changelog-v8.xml
+++ b/node/src/main/resources/migration/node-core.changelog-v8.xml
@@ -14,4 +14,17 @@
         <renameTable oldTableName="NODE_ATTACHMENTS_CONTRACT_CLASS_NAME" newTableName="NODE_ATTACHMENTS_CONTRACTS" />
     </changeSet>
 
+    <changeSet author="R3.Corda" id="add_signers">
+        <createTable tableName="node_attachments_signers">
+            <column name="att_id" type="NVARCHAR(255)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="signer" type="NVARCHAR(1024)"/>
+        </createTable>
+
+        <addForeignKeyConstraint baseColumnNames="att_id" baseTableName="node_attachments_signers"
+                                 constraintName="FK__signers__attachments"
+                                 referencedColumnNames="att_id" referencedTableName="node_attachments"/>
+    </changeSet>
+
 </databaseChangeLog>
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/internal/NetworkParametersTest.kt b/node/src/test/kotlin/net/corda/node/internal/NetworkParametersTest.kt
index b5b14d93ad..0716d4e394 100644
--- a/node/src/test/kotlin/net/corda/node/internal/NetworkParametersTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/NetworkParametersTest.kt
@@ -2,6 +2,8 @@ package net.corda.node.internal
 
 import com.nhaarman.mockito_kotlin.doReturn
 import com.nhaarman.mockito_kotlin.whenever
+import net.corda.core.crypto.generateKeyPair
+import net.corda.core.node.JavaPackageName
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
 import net.corda.finance.DOLLARS
@@ -10,6 +12,7 @@ import net.corda.node.services.config.NotaryConfig
 import net.corda.core.node.NetworkParameters
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.core.node.NotaryInfo
+import net.corda.core.utilities.days
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.DUMMY_NOTARY_NAME
@@ -65,7 +68,8 @@ class NetworkParametersTest {
     fun `choosing notary not specified in network parameters will fail`() {
         val fakeNotary = mockNet.createNode(InternalMockNodeParameters(legalName = BOB_NAME, configOverrides = {
             val notary = NotaryConfig(false)
-            doReturn(notary).whenever(it).notary}))
+            doReturn(notary).whenever(it).notary
+        }))
         val fakeNotaryId = fakeNotary.info.singleIdentity()
         val alice = mockNet.createPartyNode(ALICE_NAME)
         assertThat(alice.services.networkMapCache.notaryIdentities).doesNotContain(fakeNotaryId)
@@ -87,6 +91,62 @@ class NetworkParametersTest {
         }.withMessage("maxTransactionSize cannot be bigger than maxMessageSize")
     }
 
+    @Test
+    fun `package ownership checks are correct`() {
+        val key1 = generateKeyPair().public
+        val key2 = generateKeyPair().public
+
+        assertThatExceptionOfType(IllegalArgumentException::class.java).isThrownBy {
+            NetworkParameters(1,
+                    emptyList(),
+                    2001,
+                    2000,
+                    Instant.now(),
+                    1,
+                    emptyMap(),
+                    Int.MAX_VALUE.days,
+                    mapOf(
+                            JavaPackageName("com.!example.stuff") to key2
+                    )
+            )
+        }.withMessageContaining("Attempting to whitelist illegal java package")
+
+        assertThatExceptionOfType(IllegalArgumentException::class.java).isThrownBy {
+            NetworkParameters(1,
+                    emptyList(),
+                    2001,
+                    2000,
+                    Instant.now(),
+                    1,
+                    emptyMap(),
+                    Int.MAX_VALUE.days,
+                    mapOf(
+                            JavaPackageName("com.example") to key1,
+                            JavaPackageName("com.example.stuff") to key2
+                    )
+            )
+        }.withMessage("multiple packages added to the packageOwnership overlap.")
+
+        NetworkParameters(1,
+                emptyList(),
+                2001,
+                2000,
+                Instant.now(),
+                1,
+                emptyMap(),
+                Int.MAX_VALUE.days,
+                mapOf(
+                        JavaPackageName("com.example") to key1,
+                        JavaPackageName("com.examplestuff") to key2
+                )
+        )
+
+        assert(JavaPackageName("com.example").owns("com.example.something.MyClass"))
+        assert(!JavaPackageName("com.example").owns("com.examplesomething.MyClass"))
+        assert(!JavaPackageName("com.exam").owns("com.example.something.MyClass"))
+
+    }
+
     // Helpers
     private fun dropParametersToDir(dir: Path, params: NetworkParameters) {
         NetworkParametersCopier(params).install(dir)
diff --git a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
index 255f0c323f..e87d60de3c 100644
--- a/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
@@ -4,10 +4,16 @@ import co.paralleluniverse.fibers.Suspendable
 import com.codahale.metrics.MetricRegistry
 import com.google.common.jimfs.Configuration
 import com.google.common.jimfs.Jimfs
+import com.nhaarman.mockito_kotlin.doReturn
+import com.nhaarman.mockito_kotlin.whenever
+import net.corda.core.JarSignatureTestUtils.createJar
+import net.corda.core.JarSignatureTestUtils.generateKey
+import net.corda.core.JarSignatureTestUtils.signJar
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.sha256
 import net.corda.core.flows.FlowLogic
 import net.corda.core.internal.*
+import net.corda.core.node.ServicesForResolution
 import net.corda.core.node.services.vault.AttachmentQueryCriteria
 import net.corda.core.node.services.vault.AttachmentSort
 import net.corda.core.node.services.vault.Builder
@@ -17,33 +23,40 @@ import net.corda.node.services.transactions.PersistentUniquenessProvider
 import net.corda.testing.internal.TestingNamedCacheFactory
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
+import net.corda.testing.common.internal.testNetworkParameters
+import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.internal.LogHelper
+import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.configureDatabase
 import net.corda.testing.node.MockServices.Companion.makeTestDataSourceProperties
 import net.corda.testing.node.internal.InternalMockNetwork
 import net.corda.testing.node.internal.startFlow
 import org.assertj.core.api.Assertions.assertThatIllegalArgumentException
-import org.junit.After
-import org.junit.Before
-import org.junit.Ignore
-import org.junit.Test
+import org.junit.*
 import java.io.ByteArrayOutputStream
 import java.io.OutputStream
+import java.net.URI
 import java.nio.charset.StandardCharsets
-import java.nio.file.FileAlreadyExistsException
-import java.nio.file.FileSystem
-import java.nio.file.Path
+import java.nio.file.*
+import java.security.PublicKey
 import java.util.jar.JarEntry
 import java.util.jar.JarOutputStream
+import javax.tools.JavaFileObject
+import javax.tools.SimpleJavaFileObject
+import javax.tools.StandardLocation
+import javax.tools.ToolProvider
 import kotlin.test.assertEquals
 import kotlin.test.assertFailsWith
 import kotlin.test.assertNull
 
+
 class NodeAttachmentServiceTest {
+
     // Use an in memory file system for testing attachment storage.
     private lateinit var fs: FileSystem
     private lateinit var database: CordaPersistence
     private lateinit var storage: NodeAttachmentService
+    private val services = rigorousMock<ServicesForResolution>()
 
     @Before
     fun setUp() {
@@ -52,18 +65,40 @@ class NodeAttachmentServiceTest {
         val dataSourceProperties = makeTestDataSourceProperties()
         database = configureDatabase(dataSourceProperties, DatabaseConfig(), { null }, { null })
         fs = Jimfs.newFileSystem(Configuration.unix())
+
+        doReturn(testNetworkParameters()).whenever(services).networkParameters
+
         storage = NodeAttachmentService(MetricRegistry(), TestingNamedCacheFactory(), database).also {
             database.transaction {
                 it.start()
             }
         }
+        storage.servicesForResolution = services
     }
 
     @After
     fun tearDown() {
+        dir.list { subdir ->
+            subdir.forEach(Path::deleteRecursively)
+        }
         database.close()
     }
 
+    @Test
+    fun `importing a signed jar saves the signers to the storage`() {
+        val jarAndSigner = makeTestSignedContractJar("com.example.MyContract")
+        val signedJar = jarAndSigner.first
+        val attachmentId = storage.importAttachment(signedJar.inputStream(), "test", null)
+        assertEquals(listOf(jarAndSigner.second.hash), storage.openAttachment(attachmentId)!!.signers.map { it.hash })
+    }
+
+    @Test
+    fun `importing a non-signed jar will save no signers`() {
+        val jarName = makeTestContractJar("com.example.MyContract")
+        val attachmentId = storage.importAttachment(dir.resolve(jarName).inputStream(), "test", null)
+        assertEquals(0, storage.openAttachment(attachmentId)!!.signers.size)
+    }
+
     @Test
     fun `insert and retrieve`() {
         val (testJar, expectedHash) = makeTestJar()
@@ -289,7 +324,20 @@ class NodeAttachmentServiceTest {
         return Pair(file, file.readAll().sha256())
     }
 
-    private companion object {
+    companion object {
+        private val dir = Files.createTempDirectory(NodeAttachmentServiceTest::class.simpleName)
+
+        @BeforeClass
+        @JvmStatic
+        fun beforeClass() {
+        }
+
+        @AfterClass
+        @JvmStatic
+        fun afterClass() {
+            dir.deleteRecursively()
+        }
+
         private fun makeTestJar(output: OutputStream, extraEntries: List<Pair<String, String>> = emptyList()) {
             output.use {
                 val jar = JarOutputStream(it)
@@ -305,5 +353,48 @@ class NodeAttachmentServiceTest {
                 jar.closeEntry()
             }
         }
+
+        private fun makeTestSignedContractJar(contractName: String): Pair<Path, PublicKey> {
+            val alias = "testAlias"
+            val pwd = "testPassword"
+            dir.generateKey(alias, pwd, ALICE_NAME.toString())
+            val jarName = makeTestContractJar(contractName)
+            val signer = dir.signJar(jarName, alias, pwd)
+            return dir.resolve(jarName) to signer
+        }
+
+        private fun makeTestContractJar(contractName: String): String {
+            val packages = contractName.split(".")
+            val jarName = "testattachment.jar"
+            val className = packages.last()
+            createTestClass(className, packages.subList(0, packages.size - 1))
+            dir.createJar(jarName, "${contractName.replace(".", "/")}.class")
+            return jarName
+        }
+
+        private fun createTestClass(className: String, packages: List<String>): Path {
+            val newClass = """package ${packages.joinToString(".")};
+                import net.corda.core.contracts.*;
+                import net.corda.core.transactions.*;
+
+                public class $className implements Contract {
+                    @Override
+                    public void verify(LedgerTransaction tx) throws IllegalArgumentException {
+                    }
+                }
+            """.trimIndent()
+            val compiler = ToolProvider.getSystemJavaCompiler()
+            val source = object : SimpleJavaFileObject(URI.create("string:///${packages.joinToString("/")}/${className}.java"), JavaFileObject.Kind.SOURCE) {
+                override fun getCharContent(ignoreEncodingErrors: Boolean): CharSequence {
+                    return newClass
+                }
+            }
+            val fileManager = compiler.getStandardFileManager(null, null, null)
+            fileManager.setLocation(StandardLocation.CLASS_OUTPUT, listOf(dir.toFile()))
+
+            val compile = compiler.getTask(System.out.writer(), fileManager, null, null, null, listOf(source)).call()
+            return Paths.get(fileManager.list(StandardLocation.CLASS_OUTPUT, "", setOf(JavaFileObject.Kind.CLASS), true).single().name)
+        }
     }
+
 }
diff --git a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/ContractAttachmentSerializer.kt b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/ContractAttachmentSerializer.kt
index 05fe559ac7..f487840f25 100644
--- a/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/ContractAttachmentSerializer.kt
+++ b/serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/ContractAttachmentSerializer.kt
@@ -9,6 +9,7 @@ import net.corda.core.serialization.MissingAttachmentsException
 import net.corda.serialization.internal.GeneratedAttachment
 import net.corda.serialization.internal.amqp.CustomSerializer
 import net.corda.serialization.internal.amqp.SerializerFactory
+import java.security.PublicKey
 
 /**
  * A serializer for [ContractAttachment] that uses a proxy object to write out the full attachment eagerly.
@@ -23,13 +24,13 @@ class ContractAttachmentSerializer(factory: SerializerFactory) : CustomSerialize
         } catch (e: Exception) {
             throw MissingAttachmentsException(listOf(obj.id))
         }
-        return ContractAttachmentProxy(GeneratedAttachment(bytes), obj.contract, obj.additionalContracts, obj.uploader)
+        return ContractAttachmentProxy(GeneratedAttachment(bytes), obj.contract, obj.additionalContracts, obj.uploader, obj.signers)
     }
 
     override fun fromProxy(proxy: ContractAttachmentProxy): ContractAttachment {
-        return ContractAttachment(proxy.attachment, proxy.contract, proxy.contracts, proxy.uploader)
+        return ContractAttachment(proxy.attachment, proxy.contract, proxy.contracts, proxy.uploader, proxy.signers)
     }
 
     @KeepForDJVM
-    data class ContractAttachmentProxy(val attachment: Attachment, val contract: ContractClassName, val contracts: Set<ContractClassName>, val uploader: String?)
+    data class ContractAttachmentProxy(val attachment: Attachment, val contract: ContractClassName, val contracts: Set<ContractClassName>, val uploader: String?, val signers: List<PublicKey>)
 }
\ No newline at end of file
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TestDSL.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TestDSL.kt
index 19f282dac1..e174e0545b 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TestDSL.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TestDSL.kt
@@ -11,6 +11,7 @@ import net.corda.core.internal.UNKNOWN_UPLOADER
 import net.corda.core.internal.uncheckedCast
 import net.corda.core.node.ServiceHub
 import net.corda.core.node.ServicesForResolution
+import net.corda.core.node.services.AttachmentId
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.transactions.WireTransaction
@@ -147,7 +148,11 @@ data class TestTransactionDSLInterpreter private constructor(
     override fun _tweak(dsl: TransactionDSLInterpreter.() -> EnforceVerifyOrFail) = copy().dsl()
 
     override fun _attachment(contractClassName: ContractClassName) {
-        (services.cordappProvider as MockCordappProvider).addMockCordapp(contractClassName, services.attachments as MockAttachmentStorage)
+        attachment((services.cordappProvider as MockCordappProvider).addMockCordapp(contractClassName, services.attachments as MockAttachmentStorage))
+    }
+
+    override fun _attachment(contractClassName: ContractClassName, attachmentId: AttachmentId, signers: List<PublicKey>){
+        attachment((services.cordappProvider as MockCordappProvider).addMockCordapp(contractClassName, services.attachments as MockAttachmentStorage, attachmentId, signers))
     }
 }
 
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TransactionDSLInterpreter.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TransactionDSLInterpreter.kt
index ecee16308c..00eac984b2 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TransactionDSLInterpreter.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TransactionDSLInterpreter.kt
@@ -1,9 +1,18 @@
 package net.corda.testing.dsl
 
 import net.corda.core.DoNotImplement
+import net.corda.core.contracts.AlwaysAcceptAttachmentConstraint
+import net.corda.core.contracts.Attachment
+import net.corda.core.contracts.AttachmentConstraint
+import net.corda.core.contracts.CommandData
+import net.corda.core.contracts.ContractClassName
+import net.corda.core.contracts.ContractState
+import net.corda.core.contracts.StateRef
+import net.corda.core.contracts.TimeWindow
 import net.corda.core.contracts.*
 import net.corda.core.crypto.SecureHash
 import net.corda.core.identity.Party
+import net.corda.core.node.services.AttachmentId
 import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.seconds
 import java.security.PublicKey
@@ -80,6 +89,13 @@ interface TransactionDSLInterpreter : Verifies, OutputStateLookup {
      * @param contractClassName The contract class to attach
      */
     fun _attachment(contractClassName: ContractClassName)
+
+    /**
+     * Attaches an attachment containing the named contract to the transaction
+     * @param contractClassName The contract class to attach
+     * @param attachmentId The attachment
+     */
+    fun _attachment(contractClassName: ContractClassName, attachmentId: AttachmentId, signers: List<PublicKey>)
 }
 
 /**
@@ -186,5 +202,8 @@ class TransactionDSL<out T : TransactionDSLInterpreter>(interpreter: T, private
      */
     fun attachment(contractClassName: ContractClassName) = _attachment(contractClassName)
 
+    fun attachment(contractClassName: ContractClassName, attachmentId: AttachmentId, signers: List<PublicKey>) = _attachment(contractClassName, attachmentId, signers)
+    fun attachment(contractClassName: ContractClassName, attachmentId: AttachmentId) = _attachment(contractClassName, attachmentId, emptyList())
+
     fun attachments(vararg contractClassNames: ContractClassName) = contractClassNames.forEach { attachment(it) }
 }
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
index 9874799f6d..a6847b8fa2 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
@@ -3,6 +3,7 @@ package net.corda.testing.internal
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.cordapp.Cordapp
 import net.corda.core.crypto.SecureHash
+import net.corda.core.identity.Party
 import net.corda.core.internal.DEPLOYED_CORDAPP_UPLOADER
 import net.corda.core.internal.cordapp.CordappImpl
 import net.corda.core.node.services.AttachmentId
@@ -11,6 +12,7 @@ import net.corda.node.cordapp.CordappLoader
 import net.corda.node.internal.cordapp.CordappProviderImpl
 import net.corda.testing.services.MockAttachmentStorage
 import java.nio.file.Paths
+import java.security.PublicKey
 import java.util.*
 
 class MockCordappProvider(
@@ -21,7 +23,7 @@ class MockCordappProvider(
 
     private val cordappRegistry = mutableListOf<Pair<Cordapp, AttachmentId>>()
 
-    fun addMockCordapp(contractClassName: ContractClassName, attachments: MockAttachmentStorage) {
+    fun addMockCordapp(contractClassName: ContractClassName, attachments: MockAttachmentStorage, contractHash: AttachmentId? = null, signers: List<PublicKey> = emptyList()): AttachmentId {
         val cordapp = CordappImpl(
                 contractClassNames = listOf(contractClassName),
                 initiatedFlows = emptyList(),
@@ -36,23 +38,23 @@ class MockCordappProvider(
                 info = CordappImpl.Info.UNKNOWN,
                 allFlows = emptyList(),
                 jarHash = SecureHash.allOnesHash)
-        if (cordappRegistry.none { it.first.contractClassNames.contains(contractClassName) }) {
-            cordappRegistry.add(Pair(cordapp, findOrImportAttachment(listOf(contractClassName), contractClassName.toByteArray(), attachments)))
+        if (cordappRegistry.none { it.first.contractClassNames.contains(contractClassName) && it.second == contractHash }) {
+            cordappRegistry.add(Pair(cordapp, findOrImportAttachment(listOf(contractClassName), contractClassName.toByteArray(), attachments, contractHash, signers)))
         }
+        return cordappRegistry.findLast { contractClassName in it.first.contractClassNames }?.second!!
     }
 
-    override fun getContractAttachmentID(contractClassName: ContractClassName): AttachmentId? {
-        return cordappRegistry.find { it.first.contractClassNames.contains(contractClassName) }?.second ?: super.getContractAttachmentID(contractClassName)
-    }
+    override fun getContractAttachmentID(contractClassName: ContractClassName): AttachmentId? = cordappRegistry.find { it.first.contractClassNames.contains(contractClassName) }?.second
+            ?: super.getContractAttachmentID(contractClassName)
 
-    private fun findOrImportAttachment(contractClassNames: List<ContractClassName>, data: ByteArray, attachments: MockAttachmentStorage): AttachmentId {
-        val existingAttachment = attachments.files.filter {
-            Arrays.equals(it.value.second, data)
+    private fun findOrImportAttachment(contractClassNames: List<ContractClassName>, data: ByteArray, attachments: MockAttachmentStorage, contractHash: AttachmentId?, signers: List<PublicKey>): AttachmentId {
+        val existingAttachment = attachments.files.filter { (attachmentId, content) ->
+            contractHash == attachmentId
         }
         return if (!existingAttachment.isEmpty()) {
             existingAttachment.keys.first()
         } else {
-            attachments.importContractAttachment(contractClassNames, DEPLOYED_CORDAPP_UPLOADER, data.inputStream())
+            attachments.importContractAttachment(contractClassNames, DEPLOYED_CORDAPP_UPLOADER, data.inputStream(), contractHash, signers)
         }
     }
 }
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt
index b113dda1b8..35a59c37b2 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/services/MockAttachmentStorage.kt
@@ -6,6 +6,7 @@ import net.corda.core.contracts.ContractClassName
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.sha256
 import net.corda.core.internal.AbstractAttachment
+import net.corda.core.internal.JarSignatureCollector
 import net.corda.core.internal.UNKNOWN_UPLOADER
 import net.corda.core.internal.readFully
 import net.corda.core.node.services.AttachmentId
@@ -15,6 +16,7 @@ import net.corda.core.node.services.vault.AttachmentSort
 import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.nodeapi.internal.withContractsInJar
 import java.io.InputStream
+import java.security.PublicKey
 import java.util.*
 import java.util.jar.JarInputStream
 
@@ -53,22 +55,23 @@ class MockAttachmentStorage : AttachmentStorage, SingletonSerializeAsToken() {
         }
     }
 
-    fun importContractAttachment(contractClassNames: List<ContractClassName>, uploader: String, jar: InputStream): AttachmentId = importAttachmentInternal(jar, uploader, contractClassNames)
+    @JvmOverloads
+    fun importContractAttachment(contractClassNames: List<ContractClassName>, uploader: String, jar: InputStream, attachmentId: AttachmentId? = null,  signers: List<PublicKey> = emptyList()): AttachmentId = importAttachmentInternal(jar, uploader, contractClassNames, attachmentId, signers)
 
     fun getAttachmentIdAndBytes(jar: InputStream): Pair<AttachmentId, ByteArray> = jar.readFully().let { bytes -> Pair(bytes.sha256(), bytes) }
 
-    private class MockAttachment(dataLoader: () -> ByteArray, override val id: SecureHash) : AbstractAttachment(dataLoader)
+    private class MockAttachment(dataLoader: () -> ByteArray, override val id: SecureHash, override val signers: List<PublicKey>) : AbstractAttachment(dataLoader)
 
-    private fun importAttachmentInternal(jar: InputStream, uploader: String, contractClassNames: List<ContractClassName>? = null): AttachmentId {
+    private fun importAttachmentInternal(jar: InputStream, uploader: String, contractClassNames: List<ContractClassName>? = null, attachmentId: AttachmentId? = null, signers: List<PublicKey> = emptyList()): AttachmentId {
         // JIS makes read()/readBytes() return bytes of the current file, but we want to hash the entire container here.
         require(jar !is JarInputStream)
 
         val bytes = jar.readFully()
 
-        val sha256 = bytes.sha256()
+        val sha256 = attachmentId ?: bytes.sha256()
         if (sha256 !in files.keys) {
-            val baseAttachment = MockAttachment({ bytes }, sha256)
-            val attachment = if (contractClassNames == null || contractClassNames.isEmpty()) baseAttachment else ContractAttachment(baseAttachment, contractClassNames.first(), contractClassNames.toSet(), uploader)
+            val baseAttachment = MockAttachment({ bytes }, sha256, signers)
+            val attachment = if (contractClassNames == null || contractClassNames.isEmpty()) baseAttachment else ContractAttachment(baseAttachment, contractClassNames.first(), contractClassNames.toSet(), uploader, signers)
             _files[sha256] = Pair(attachment, bytes)
         }
         return sha256

From 6c315d6adfb332c3048b39b45c43c9ba804434cf Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Mon, 22 Oct 2018 15:53:09 +0100
Subject: [PATCH 73/83] CORDA-2111: Upgrade to Kotlin 1.2.71. (#4083)

---
 constants.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/constants.properties b/constants.properties
index 5bc1a09cd5..8fde90cd02 100644
--- a/constants.properties
+++ b/constants.properties
@@ -1,5 +1,5 @@
 gradlePluginsVersion=4.0.32
-kotlinVersion=1.2.51
+kotlinVersion=1.2.71
 # ***************************************************************#
 # When incrementing platformVersion make sure to update          #
 # net.corda.core.internal.CordaUtilsKt.PLATFORM_VERSION as well. #

From c15b693f06edcecba1597fba289de1b95eee662e Mon Sep 17 00:00:00 2001
From: Matthew Nesbit <matthew.nesbit@r3.com>
Date: Mon, 22 Oct 2018 17:17:41 +0100
Subject: [PATCH 74/83] Early Discussion Of 'Maximus' Scope and Provisional
 High Level Design (#4055)

* Move Lightning DRB to Markdown and PR.

* Wrap text in raw source
---
 docs/source/design/maximus/design.md          | 146 ++++++++++++++++++
 .../design/maximus/images/current_state.png   | Bin 0 -> 49636 bytes
 .../design/maximus/images/maximus_final.png   | Bin 0 -> 101087 bytes
 .../design/maximus/images/maximus_phase1.png  | Bin 0 -> 88344 bytes
 .../design/maximus/images/maximus_poc.png     | Bin 0 -> 74048 bytes
 .../maximus/images/shared_bridge_float.png    | Bin 0 -> 55740 bytes
 6 files changed, 146 insertions(+)
 create mode 100644 docs/source/design/maximus/design.md
 create mode 100644 docs/source/design/maximus/images/current_state.png
 create mode 100644 docs/source/design/maximus/images/maximus_final.png
 create mode 100644 docs/source/design/maximus/images/maximus_phase1.png
 create mode 100644 docs/source/design/maximus/images/maximus_poc.png
 create mode 100644 docs/source/design/maximus/images/shared_bridge_float.png

diff --git a/docs/source/design/maximus/design.md b/docs/source/design/maximus/design.md
new file mode 100644
index 0000000000..4eee260a29
--- /dev/null
+++ b/docs/source/design/maximus/design.md
@@ -0,0 +1,146 @@
+# Validation of Maximus Scope and Future Work Proposal
+
+## Introduction
+
+The intent of this document is to ensure that the Tech Leads and Product Management are comfortable with the proposed
+direction of HA team future work. The term Maximus has been used widely across R3 and we wish to ensure that the scope
+is clearly understood and in alignment with wider delivery expectations.
+
+I hope to explain the successes and failures of our rapid POC work, so it is clearer what guides our decision making in
+this.
+
+Also, it will hopefully inform other teams of changes that may cross into their area.
+
+## What is Maximus?
+
+Mike’s original proposal for Maximus, made at CordaCon Tokyo 2018, was to use some automation to start and stop node
+VM’s using some sort of automation to reduce runtime cost. In Mike’s words this would allow ‘huge numbers of
+identities’, perhaps ‘thousands’.
+
+The HA team and Andrey Brozhko have tried to stay close to this original definition that Maximus is for managing
+100’s-1000’s Enterprise Nodes and that the goal of the project is to better manage costs, especially in cloud
+deployments and with low overall flow rates. However, this leads to the following assumptions:
+
+1. The overall rate of flows is low and users will accept some latency. The additional sharing of identities on a
+reduced physical footprint will inevitably reduce throughput compared to dedicated nodes, but should not be a problem.
+
+2. At least in the earlier phases it is acceptable to statically manage identity keys/certificates for each individual
+identity. This will be scripted but will incur some effort/procedures/checking on the doorman side.
+
+3. Every identity has an associated ‘DB schema’, which might be on a shared database server, but the separation is
+managed at that level. This database is a fixed runtime cost per identity and will not be shared in the earlier phases
+of Maximus. It might be optionally shareable in future, but this is not a hard requirement for Corda 5 as it needs
+significant help from core to change the DB schemas. Also, our understanding is that the isolation is a positive feature
+in some deployments.
+
+4. Maximus may share infrastructure and possibly JVM memory between identities without breaking some customer
+requirement for isolation. In other words we are virtualizing the ‘node’, but CorDapps and peer nodes will be unaware of
+any changes.
+
+## What Maximus is not
+
+1. Maximus is not designed to handle millions of identities. That is firmly Marco Polo and possibly handled completely
+differently.
+
+2. Maximus should be not priced such as to undercut our own high-performance Enterprise nodes, or allow customers to run
+arbitrary numbers of nodes for free.
+
+3. Maximus is not a ‘wallet’ based solution. The nodes in Maximus are fully equivalent to the current Enterprise
+offering and have first class identities. There is also no remoting of the signing operations.
+
+## The POC technologies we have tried
+
+The HA team has looked at several elements of the solution. Some approaches look promising, some do not.
+
+1. We have already started the work to share a common P2P Artemis between multiple nodes and common bridge/float. This
+is the ‘SNI header’ work which has been DRB’s recently. This should be functionally complete soon and available in Corda
+4.0 This work will reduce platform cost and simplify deployment of multiple nodes. For Maximus the main effect is that it
+should make the configuration much more consistent between nodes and it means that where a node runs is immaterial as
+the shared broker distributes messages and the Corda firewall handles the public communication.
+
+2. I looked at flattening the flow state machine, so that we could map Corda operations into combining state and
+messages in the style of a Map-Reduce pattern. Unfortunately, the work involved is extreme and not compatible with the
+Corda API. Therefore a pure ‘flow worker’ approach does not look viable any time soon and in general full hot-hot is
+still a way off.
+
+3. Chris looked at reducing the essential service set in the node to those needed to support the public flow API and the
+StateMachine. Then we attached a simple start flow messaging interface. This simple ‘FlowRunner’ class allowed
+exploration of several options in a gaffer taped state.
+
+   1. We created a simple messaging interface between an RPC runner and a Flow Runner and showed that we can run
+   standard flows.
+
+   2. We were able to POC combining two identities running side-by-side in a Flow Runner, which is in fact quite similar
+   to many of our integration tests. We must address static variable leakage but should be feasible.
+
+   3. We were able to create an RPC worker that could handle several identities at once and start flows on the
+   same/different flow runner harnesses.
+
+4. We then pushed forward looking into flow sharding. Here we made some progress, but the task started to get more and more
+    complicated. It also highlighted that we don’t have suitable headers on our messages and that the message header
+    whitelist will make this difficult to change whilst maintaining wire compatibility. The conclusion from this is that
+    hot-hot flow sharding will have to wait.
+
+8. We have been looking at resource/cost management technologies. The almost immediate conclusion is that whilst cloud
+providers do have automated VM/container as service they are not standardized. Instead, the only standardized approach
+is Kubernetes+docker, which will charge dynamically according to active use levels.
+
+9. Looking at resource management in Kubernetes we can dynamically scale relatively homogeneous pods, but the metrics
+approach cannot easily cope with identity injection. Instead we can scale the number of running pods, but they will have
+to self-organize the work balancing amongst themselves.
+
+## Maximus Work Proposal
+
+#### Current State
+
+![Current Enterprise State](./images/current_state.png)
+
+The current enterprise node solution in GA 3.1 is as above. This has dynamic HA failover available for the bridge/float
+using ZooKeeper as leader elector, but the node has to be hot-cold. There is some sharing support for the ZooKeeper
+cluster, but otherwise all this infrastructure has to be replicated per identity. In addition, all elements of this have
+to have at least one resident instance to ensure that messages are captured and RPC clients have an endpoint to talk to.
+
+#### Corda 4.0 Agreed Target with SNI Shared Corda Firewalls
+
+![Corda 4.0 Enterprise State](./images/shared_bridge_float.png)
+
+Here by sharing the P2P Artemis externally and work on the messaging protocol it should be possible to reuse the corda
+firewall for multiple nodes. This means that the externally advertised address will be stable for the whole cluster
+independent of the deployed identities. Also, the durable messaging is outside nodes, which means that we can
+theoretically schedule running the nodes only if a few times a day if they only act in response to external peer
+messages. Mostly this is a prelude to greater sharing in the future Maximus state.
+
+#### Intermediate State Explored during POC
+
+![Maximus POC](./images/maximus_poc.png)
+
+During the POC we explore the model above, although none of the components were completed to a production standard. The
+key feature here is that the RPC side has been split out of the node and has API support for multiple identities built
+in. The flow and P2P elements of the node have been split out too, which means that the ‘FlowWorker’ start-up code can
+be simpler than the current AbstractNode as it doesn’t have to support the same testing framework. The actual service
+implementations are unchanged in this.
+
+The principal communication between the RPC and FlowWorker is about starting flows and completed work is broadcast as
+events. A message protocol will be defined to allow re-attachment and status querying if the RPC client is restarted.
+The vault RPC api will continue to the database directly in the RpcWorker and not involve the FlowWorker. The scheduler
+service will live in the RPC service as potentially the FlowWorkers will not yet be running when the due time occurs.
+
+#### Proposed Maximus Phase 1 State
+
+![Maximus Phase 1](./images/maximus_phase1.png)
+
+The productionised version of the above POC will introduce ‘Max Nodes’ that can load FlowWorkers on demand. We still
+require only one runs at once, but for this we will use ZooKeeper to ensure that FlowWorkers with capacity compete to
+process the work and only one wins. Based on trials we can safely run a couple of identities at one inside the same Max
+Node assuming load is manageable. Idle identities will be dropped trivially, since the Hibernate, Artemis connections
+and thread pools will be owned by the Max Node not the flow workers. At this stage there is no dynamic management of the
+physical resources, but some sort of scheduler could control how many Max Nodes are running at once.
+
+#### Final State Maximus with Dynamic Resource Management
+
+![Maximus Final](./images/maximus_final.png)
+
+The final evolution is to add dynamic cost control to the system. As the Max Nodes are homogeneous the RpcWorker can
+monitor the load and signal metrics available to Kubernetes. This means that Max Nodes can be added and removed as
+required and potentially cost zero. Ideally, separate work would begin in parallel to combine database data into a
+single schema, but that is possibly not required.
\ No newline at end of file
diff --git a/docs/source/design/maximus/images/current_state.png b/docs/source/design/maximus/images/current_state.png
new file mode 100644
index 0000000000000000000000000000000000000000..e8dd93aa31fe626a766c9c5d6a4ace1c7dc4a21a
GIT binary patch
literal 49636
zcmcG$c|4Te|1dsd7?I_!h{o1^SJX%(gRDssvNK~hl6@yj)<Nn{i9!lRc4mxy4}(I=
zzV9R1ciFN&XVkrXKcDaO{PBCeet&qG>$=W$&U-uW{alYV)D#)%5%drUgi-0%4J`<S
z2K=OIJ3<A4K*iX-W55;EO-u1QgxJD411_ko<W%J#ki77tyJnQ3bk4W*-5?OAI?5lk
z!71Y|1X6Qf>4uz+m&yDdbD?hco2AFDroH4ep3P@$<%-or|8bMIdn40Ko=>fAoBKF5
zv0r8Nb9j5Qgc%)OqZd`9^^}(#_W0qG$s1vC^Y>UJR)qVh_4>P{47ub)wvSXH!B7;f
zG>e}USx)Y^sDMW>&c{oie+Z;Smi6u*IAs^fCaiGzd_naZxn&pizMZS6@>!5gmI=IF
z2W=7OBtQMvzXWcwW^&T%@^UWghuLm?a>o&?xA)Uf+BLQ<31w-#`6IEna-~`MXD?lj
z7Y>q?kXXxr4fXf;4-aR%1_T87`0S9$i2+@HLBn`GP0!{teQ!fq-DB9ls<)5Vhs6n*
zT^G4rTWHgn)R9SDVYO}3dlK{3rIo`wz9_Mw`vY>8c%OREoL+P%pQn0Oy&efxc|hyc
z6}cnf{phxX9TRKxAb-iD&Pm7I+7Pk#Uy-WD{3U}1^BFrG-f?)W&+X!(>l0O;%=$m3
zmsd)Px%9R>eEe1T>>@e8Dmu?lONt)k$zVEVtlm7EuI1Y?4qMwFIb-XwKAe+D2*UH|
zm%lC*SV`Sx6ZOZst$Qsm(<NyA2uv?26AkP-t=TmX!DMDsSSF6)8?ZjBHXD0R1NbWm
zgw}5nL$F=4q++s`{E_1HI|{?+;7rape$hzB2REk}%<POFgTypd8iw!R{rs5!!@ZjS
zL3Zs0DAV=pA4AK(lOeqiw3(J?(i28TMu@c;n#t%K6KRk6zQ91JYRl^@R(JgwYFx4a
zWw|-YvCd6UZUmy^9Tz9(Jq!HO(o#tf-i5j$6Tooa8E1FBQmwtrvxk1v?#a)Ymmxcz
zZ38`=`8y8<{e><n2&idoNpF*#vn<MJ*=?^^-gGVtEe|&MB@6(nhYun@z~1|8I!;`+
zC>YW~8wM5JYG%z&%RIXR*=cZJpY2|k{8F>xoMn$D-b8oYec^@Uxall)8=ccY`*viq
zq%6g}l6&Dq&BpVlbd!-xrDz8<QH_w??~Ic-_S>{8IJtI1;O4;eZ^f<po<QK5B$Bdp
zICMQO&g$MD7-B5r`AszJUfW%9lDke}Y+5apn4Hut!ph|AqHq2tVxlNj@LYdTa|q0+
z*fGGXfLld>sHek7oMeGtqj3-b_kBavcD_cl@=q&=qC0iON$HJD-Mh3e%j(eOLBtem
zlxpfC?Uta`!S>T9Q_+`-!e0_(YgQuWHB`$sF7X?Qub<>+X}cQfRCv8Dng!t8wFwFL
z&aV_!_}u%N>~(7~H=5Y`#wU#R=UkNKhRpES<S<%?u*xXZT;^B#dDW2!le)Ltm*QSB
z_}nczn1?41fpIQSyJ!@!8|*SEVC>ECtp91;QYTGsyd;mzT#~-Wg!@!&YHVRyg6x3=
z|Et}R+wHco%HvGSU*0Mp?^RZ8ud!8`M|&7$x5;i*MXR>2y4TCHAFRLlygtp7o6*jf
zuoYePj8l42eY^5?(nK76`n2{po?KVfd*>AJHb_pgHVbD#KFhzZt`xbv*4rL&cw%%F
zBZqmBomvL4<%<Vs)?C)+;L?#Mdf6oN>K1qHG>+qqIMNgOZSI~^eF$(4GCx_g^X&vz
zuUH8~U(Lz=To3y47X%l#F-SrZ`BijkBL4*gRqg-nO3BtToS1t+Ca-avEQPCqWd*tc
z`_j*gTk>*gN)J>RATRn(pA!3w`AL6goVup-mnN<M%hhv90}qaX&9{EUw2XhTq`d=*
zhVdJkV~Ve9yae~3PsB3NZn6BJB^c2dD^bX*!b3*mVDT<Ma+bXf4Rw^6e=5Y!r`THK
zHsh+Ow%cJj3aTd<XvN=>^-gLOUeg+bG>j*;e6V>Vwx1*^p26m~Ggf@6m5=WzD-OmP
zE=lt5pLsX2RGMF;evy;xHMA1xy}en|sz1dW&cx$salznprZaAQh1twZ;pkZ)&r&s-
z7Za@mQ);2l_{2l2yhpE2tKa<jWdHZ5nc2jq#}2}0XuYhht!KM3+i%Q`@zmCap1g$|
zgBDj?y%KjxVp<+5bHfmgY}N&C4MsE5HV9)hJE`j~NQ}q3;xJ(d-Mk*(jRH-<h_mc9
zryc=hSGlp9SB8*VvY(_azq}$6FBw14mqV4G)P{B24-_gz_Ec3?`Z+td&Bh3t%H&&j
zrE@nt<FZ3(IDKVaUL3BlYKhN0W7cr{cC5&!{dKj5Zd;?V)EJYF<UOhYMa4(D&$y)r
z_T^O9Pw?J$e!?L^%6iJ1`1TuDO$4LuecZvlAAuRvj{}cUXnu-s5;Dl@>gidcI_sKQ
zP@v8B1!=8?(Yj7!d|ov{#yF(7STx$$=N8M#nLc7ftIUqQ^la&D=m3}OW_4{1bTUi)
zwR32Tc##w-pxoC$C+Gv|NQ?M|t0co@vBpFrEr7jCTIO$WOP|((`xM5Wh;fmTCT;BN
zK!*&Y(ZAIwGVs4#NB_AUPR2$eI|0w1l&dhbpRiKIgfDV6TsE&Sm3O4^Imk~=t{a|Z
z_Q<)T@6>#*FQqAJ2*!zZ5|+G&TNpnDb!<49!`_y>Cy?GrppkxI8mX@7Nn_n{<dVzI
zn-~7L>gBIBn(B*l(_Alr{zW27%(<R;r#BBL21(?_p4xmr#v3qDG*Qc8qMzp<)11G(
zadqybOutiP>ms7ZJC47^q5C}QOzDlF;VYT`!0?!CjAIreR3u2=3{1<~f=g?BanA-{
z*>)YLExo}dB{km!7SEWvuwCQ%Y_{Fuwi&DAC+IUwmoaqqz~o-8QuJdOXHG^%+Hrd=
zi>3jnBPX2~p9<R@%?r9I-ynPtCTD3gY79MXDbSffSd7%!YofKfPq00BKr!X^9e%im
zFb**xA?G{WU2zZ76a2R;H%BDJ#l?B2>}viHS7ZI`&3}VR=3dM;%${a!RD=_O(CTN(
z?Jf;E@=P08Ietj`v~uS7g>q{c-<-hM-7$zAPyGDD#9;~FmEf_Ak4kDjiytt7!Q(8A
zi1*c-f6|9I5#CPc2|Xo)w~kyg2FQ^i7-eN9XDaZYm{CC`6vUtUL)}Qp8OML_9j)HV
z?QnYgy1FyHp6gdhHIGwr@8N=DlPE?27^sC3N7iO{+{edRaBgyyr|h24J0-bm;foN{
zj=T|ig+uFhkNS~_6E$VW@?Ztr`@>Cj$7U-`3*a<&?QAXq;adM)oI7p3l4qddy=u<p
zLMOB*!~KjNZQq?rKl?5}FA)sTD-`;T)y$j`=MMP@RpY5yIr2?RL!Z{`?mPAQKk#-F
z9%5n%1V5lBr=smnGr!~?g!ZH`Ei`s0oQxspgWEAkwRXze9X6)#^Mz^lULD%L<qP@A
zsDnU@#m3Cn{1r;ot~<}9y&1MIztK}H$lQU-jDNik^b6s4>IV6acM?{sVcNvX&xrXE
zw_4Ag;)TLbMiMbnqa75NYJv5<LFqmimk%Q-Hg`WSI8*6SXDMxv8g835nu`NgH7R6H
z-C61^S5_0tn)xpidS2W<m4CW{Vh=?YAxkp(qup!FRZFv}iFvA`IAAaKFBiD2XMcbB
zzRZGTd#T#Liq&$+HzDA6-k%smKjg+@dI+NdT~;B*D6ul{&c>v$)8gDO0={&S=)-09
z@}m_`hC0&@QkIMrWmRiWZ<MvPxbSnyLle-ajA;x1+o<Gbs%k{4%gOQ@s<>q?LDj^8
z2@k4E6D3MbwLDtLS2;9lmEe5}>kciSsAuL-*|+<cs}lni;-nd{xR&#O%o$Bg<k9}i
zjGJA_Oyv&el(q~h;t;LSSCf-Xdmb%vifQ=*J(J-K{r2U*ZEA4`>;Fb50QGZ8tgDf9
zRv7*QA(1B%m{-cZfG?Ngy`K!6UxkZ3yGU)wOcVxCI>a6Y=BW&Ja+>hOk_Oc=)lyj>
z9qfPT002vsujf9?d^?qf$r+fCD@?TF<MXB!qR3QwCTEk$y|kR%{l!Nr$!T;CVVvsD
z7r)OqIhmXkhyWXTMX%+x*FpisRFM<?Jx5}5jMnFFSiGYGmdJ&+RW^b+Z<li46<9WN
z+NJ4b7yh*>x8=t6aWVI*_4PruU8*O%*(Ma5b7;_x7A}$V5_x|bGP-AXp#Npa8e|_V
zxb@7e#2)OH+xO*&fdSFWkZ=Ubc5`vqJ6^`mdrk7WfRZ!I(eq#y;N-7-{kZWxV&B~E
zIA^2L8`K0FFkqeK4LJ(p6ObGPD(jAd@wHkq=`JUeb3Gk%?xlA-J3H<U7Eih4){*#;
zfvx!aldsXQE}K6rDp4A18gB^anVG-A%#R`Jgf)pComKq;?J-wWT*J7YY49ZM9gCGD
z?T?+}<m^h>Nf$vCThPMcLqSYCR#F1TRps~0&RWFBa$z^^Dk9GRvY53ndp7-AW2+g2
z?e^MCxeP+uyO0>CldOobVKYL87lwRzz6oi4D{ZK#L*sdIIDkPtPPF+MUXm1{CoXj=
z-IBKSd9@Qw>Q6Hi`vMoB6!J2N%}BK$p`e1RCqdx1E;Ep0YtM;@oHTKUTu6Hj6W@Av
zt&`OOjY=5}44z6Uvt1t5OMAXdGqpHhTvB3qzxDxLry@H7k$>IFDxJHcynI_x#_awK
zu*1$ZG{~nMVvAp{wEBL1%%{VB#que4MMcGWsrUM9V*Qb4=)-x1aCS(zvt}*Z5OBWh
zvl)j$fT0GUmgyoK!@Fc`tHz0DnnWT(MRBOEb)es^6UH?4`<z*`uI|hi>>(7L3uB4a
z1qN~Ct2RV-l7dZ|Ikn>FocjSw$D~cX>iB_))9v#iXQ<AufN*ZxdsK#%Sha(ame?z_
zd%`_9MJTXjZ7j}08hi@OcBxXh_bMos{sZKa@^iMKgiEp-)lNt-U5fWXpPeg+1{}3I
zj5hJQFBsjGU|uVsQ2rdf>d*AN90!hJ$S(ne)}|^Q!NSj6mGWpuxuB^O9ASkL;`Qg0
z1Y0Z4lE=*OVmg;J8OTXz8v{8qRU~?7QCfxi-4XlDuGFnc(fLdX-uKf@^~))Ev_m=Z
z)&-#}AgFWKeW8@Sw><s}MKef17I^Xw${C%1YdKy7113z_SB<IHwuXFHA{@IrsYy4>
zAXu7j24M?<4hebHM5`7HzO$o(m6{3RKEr7*(Su*hLHrz?rRN#Q4{IQo{`z&4Xb;vl
zgNQu^9QOC^$Q49J{kdnq17g5=S^=vsuUxig(sxkM8rAAF{sF=rXF6jRxN}{jB<|5e
zHDB&NxHE9PcAo3+I415r$j!CfI438D1G^yL&d9B+87p-4>J*+|b|xnYfgtUQsdLTN
z1%)RVhCZ>ANW=HJ_V`dOfJ3s!8Omcn+T|xa3~`jGTcR-Sjp9E0(*&(=RT(KQ>(-_o
zdHG6=yMkAuQ;SiLl-swWX%#(~R%;=S>=)d~SV+ZE=FG~*BQan;#q8w5Q5o0HaOiRw
zT@NQwMsSeabqn=1P>0Cx>$F?y!kDBe<PrH!<5~al`|(ukf~-L3;VnR?$HNt#%*@Q5
z?(U3?jQy3DpBvt4hcFRkZ21|<iD{Fe9?27CkeCO1OS9AM$-@gPH8pY^CF#CBAyBD5
z0CljC-l&UA*aJT5a|dGZz5Km$>`uJ9_dVEFy0PJq(_@1$?fKRh(L`%8gSU}_;+3nn
z^CAr;law~)LK5Z1KCN9^Y)a)nM?L-yw_9H}0UR~6NKu?_nb$|0EN<NkBo1sK6&Agl
z{_JbxG6~w{g)Dz|y(cFYgBOaw9xn$hH;lqcb)gTDb<_-6(I6(7xNhh1+j5ZdFdxgF
z=<pg!{u~s=KlfqeL%tXh?!ncQ%xJ(tDn5D61jDrdM>67#o-`Qr5-Syj&tS{p+2rj}
zuP82s+B43#$Lz?*hg!UW!AceA>g632;EwDJ<df&vne!wTo?t{xYDB+j7jg(N|9nmu
zN~HJ%#CZPolU-Y@Q<HXOehu6hrsCfd)aGF+-VjsQ@AAoS?VX<P?+zYKF0u^4N_}Wz
zL<T_Y^rZ(P;#?PuiS;5Kn{+z+AXXeQs+JNype7o^oj;~{L1@hhBcVO9tU)Wk@rz|3
zGO--17Y4#!K7tx$CH<TU$!-v)nalWtW#Q)M$V}+`tS3+Z5`w|s_wEF3KyH4@Ht+~C
zwI*EniLUDks18q$BlYrxpm!50($uKbjHuKghsN~hZ*caE<S|))`*lYMZL{UZ#rz;f
ztP<nf`vLL?<Q;T!?X*RJMS+3Q!Q==Jjr?buez&>xjPw?1Wr}kVH$Pb186Divnh@}Y
zo`!{?%U26?y7a*%-FAb5>q6XjSQ!NP#ExLz7it>o>xX>KNyvF83EYI;8cwN}vhQOB
zmtrj<^XLJ&x?o4(&Y8c^#bd2eH~*ouj)Gk?eT~<jx<ZAB<X=?a`v~)LJ6Oa%?N%4G
z-;(`BT0oG%uE#!I9}A2{=eGMDnFhm5`4cva;wU~7eYsc9gy$GLr@g#P*gSR0eTY1Y
zdi-~EO&fiR+FHi#xu%Wt*~7W|Fg-ebi!c*>l)Vlc8c_G%9UdHXDF5eB+ou$w0rBRB
zJ3l%8^pPG-b=)vJ&0vIjyJMl$FHxa?e;GZC%*fONI7BYc{1nI!0JtA1BQl<gDE~0m
zB}(E%DLUQACnmNmmWo1xn;ul`q-^Cws%7ixI}r&Dd$hD-8}A)peYU)&_aD*kM_ft-
z_|JSW2>gElB#*yLnJ#JA`aU~J;OBe-pQ?fadK3!QwkBUf*OO~E9Su_$e8;*Bb#fYX
z?R<1H^+9H&+;B=jvwy&TG_OHs{#|{nh38{8)}O=zC`1F%1t`2=BwzKEA#m&DD(-ka
z{KIkaRU!Pv!Let)^1Uoz?3+GXETrV(e{ky&l%dEfdZ+Gg#uce{4IdHQsk*R0t5dej
z$t7mXH{^9W#qWI^IcL{e>NOJZe)0L|fUPfK)zeHV%FWvapHF7!7cz7)!G)q~bW3C;
zm&E)~U28nj$J`lNYakDW#RDc|1&!CYnl~L7>dk1%XN#w*R^PDQmn~CfCuzVJFR3xI
z{u+9uex!YD9PL%S;}>Vw3=%r~we`$8Ue-S(vkDbaBW0eA13UQ&iNcikYWmz@rRf3H
z6ua74sw)T63$NaFsOEOa9PwnDy^QX;q63GqH=SnpL1}iObg2LPch!)Qv6?5yz13Vw
zNu}y-eX-6Et?3I~wjVmpAmo4a=n-%+9zJ|%lp2?+XiXE8hdH5OEUyrC8MiL(y=Kip
z+S}Xn<^&$qnL?%$)kRY5{<^bCP6=C<f9Tv^fih^|*vfaRHui|c`~iL&tko26v}P*`
zuyRVx=UTJLaG|sTgY6A1`0`69|0_u7wNFAgs1`#^8}Nm;Al#_yBAUV*mtxxTlNH0!
zX7x``fxxreRQm)-ka9)4o)<cLnuCSs_2Q-HjN?j?y!!WnlLoR6?2;Y?-UZD_Zyi4$
zp9)!uL0oE*Yo=tk?Qhw=6tETmDQtoj>)QFQ0&ZGb+F?YtpQq>M<9@zg$KmY)BTVsg
zNPnWe9S!bV#0RL<>?c2M{{Zn=2yT~5f?RkAWr(;F%1l-ftn3=m0v_SoYpb`Jz#W_F
zw@RQSR-XTe204P2OP8-jv+$5AJeP{0^EU}T>Uw>O$sx_|PG`b7#2iy3Y!kgN1NUml
zW@qWRp{kFM<kE3i)KLoRypLg&SPd-dDFTK3s0jolfw7<d2wb<O9`(@?m^B1=jrpNd
zClK_4rLnb;hxN5biD}MsjA0=Z;MfnLG}3M)wdr})bhE&PDDEW+JPQk9<GdDX27#r#
zN@FBnx%8H8msZgYxCqfHyT>KG)F`gqY1y%(j$Ij=RtbP(7^7pV;Soz#@!$P^_=8jw
zAn>g1aJl<z^L}TWZPG~w@{QwCe5#m2{fLAuHY4DZvJT~lIDu?ZxG0rzjsJmu-Qdlw
z506h|W2<Y&{G-gjyt*tGhK2A&0OzVasX1u(Lp9m5CEkXHgCu$pu!UDO_O5)pvn+Y>
zW|}OHF>a!ly`PhGf$wkFATNvF0<T|or@vLF$GWguLnHN4@Os9aSsV+J8m1Smovx-^
z!-#ovr0`EHBt7V_Wuja@rLWjmOR_zAXdU5tG*S|0B{2OOR3Y|L_$xjox&r4Cgs50Y
z{ZLW7vcb%8iOqf!ke1<(88jr=;}apOJ~cG3Eszj!o2aCHW+2zR*0;I%dz^hjL5uA(
zkl=HBV=tU>(bymtUT6Y0*}5B`VV*@OxmK*JfqO4l+PmRL5hE?dC5=SjKV|g>Y(`>S
z!_gYkdR=qs2K}m8SjM5d%U(NmaqC;1L;>O?NDJi!y`l2W+%KGB>bq1z0PbxDx0iPu
z>zc0#NLsud41V;;SU*O`<7v;@e0#DaD(1X9Rmg>J?8ZynopNEkwyO4Ue~MRbOH|!9
zZ%tVx5$hZ~Y>mu7D#_r-dew;>1+lrz7|(L0%HlP4N!-U1lC!0sKLJ83Kd;tt)F0mn
z3FGNY8AC)RS)XcD*Shqs0`1tFY#csea{cpFU5)8{gpWvBzNrnYk67tGmaW)a^p5}I
zHV$!ZIX>!-fD8PF$BXkNQzzeER%w6i5EOLQ0wShm;G=P-AFZp>6!83vms(a7N2Q0E
zZXiVr3co^3K;cF%jD;eM-&F~%QbnWmHEvp!BKL-UB0$VQPu~^_6GyjOM&o=w^O+;6
zSFykuH*UYe^ur9I2-rrwW)QAi23%xqg*ckO?$I-nqfY#iP#(B*igkf9FqA@+5lRzr
zmzq=CAZkDO@=m)`{ByXo8Ss9q@>ZNhpzaUZjQWLeN0X=c>MoqIp*%Ku6OzaLMe&4&
z6+6kI4)X9D33&3C-u-^{@Li#^v?k6!Zv(f!krcuC{~py=$i_K(lPcq_Gh}I`QWE)Q
z*EITg-l#7R0)arSDk>uf!{6_qWEilx*~h0yARyZi!GVY%&uisQv|uSY=<x}@tTs?E
zY5?wU@9hjSJeQkKHC9B+?`tb(5Q4V45vn1*0@DkjJHh)3)*64+&CAQ{?j+qVln@l#
zPre7!3)Xkj<z{C;V(XiK7553~ickhDqf~*uF-*|3%82H57G(!wa!j&=P*<wM1gL>(
z&PultETxApgD8tFhkf~=jqs2{_|gXtzeS`$38_J`deMCs+Zu01Q#;*}bIlls_^$+;
z@$I}QNx@W$Ol&^F^N==n=0Pp5E%`uDS+3wX>+Yrj^fK=EtKYatq8+Xi)ltK_YYn!A
zzT91P!AqRF@3x`yyp%9)Zy~X}bUXj<6U@<5><E=m!FLNh{0p)*4lfV%h=n?gScts2
zQYVCnPioFOPSJRW%!X*uz{Ek!2gwYAa$Xo9Ajgg)5JwMh$*?}X3C6ult0eEw=hGnS
zK4})}19IPzdQV;j-2G5@^pY%};&`dc_?q=-5Bn9%FSmvt3%cvc`EH+^jbb35mPt`-
zcZ9%7e@kb=%ES7?%<AAC)UeXuLp@;Zq!4j;$l&H5C~rwg$pw7WbqoF*AjnFx7Q;b}
zjyORoM$ZcEEG#Z^zjmwj57}$1p%a$C75(Ywel`J37-j9c1*>2({CyO`-*>$8u^;Xj
zJLyLzR>aZ;GHBKE=F*JbQd7*{macS*LEAVyw+S6FR6c~*E8EzM9NN|r>9`z^gU0i~
zm%pGuK4wDAfO%<2`fHPa0@0p^(TkrGWQ&n|uA>!?jLL3gUS>ZdSenhnXLA3=jvQUw
zJ;8?BNPXk?!l{8E_Q-gqP>Ejl$<4o-`!JQ>k;uAcO;ga{yR$Ll0`y2Z+#qF$#~@Ee
zE@hmCwg^NZA*mZz7Vn!c1tuf;dzv2b0EHzhwsE=SH>oV1>Petcrt@yt91{XQ<Sij?
zE#RYq%@_;3R`)}iWh?z(ZZ>sW$oiv-6MlrR>(^9c=2g}eABEFKvo`iH1wn^GLFi@F
zKP7g1)&bjVwv+p4v@Ci-F~C9CS|g0W^BV&heU_bhqRA8MQ@BIgXn%GMeSeHGXS#h+
zR=*6<KOhGj$LEwdixjwS%~SU$7s(d8F1s)woWFWvixH{ObrcMUqzo{kEr$An0I)yh
zQ}o_Tt$A@lm05ZQxHCU+vdgo!k4_pXR6rTXJz%*^5P^Z%R}}<C_|7UX3vCwrn}noc
z2;AB3&?6tuGNTtggFciW6o}#oyK<BiZ^xUXG278aFT6MSf}8);{d*4n01caC0r|yu
zAQ<^_+T}Cq4h;SYm6PQ=V*#P)m%mfOFEHZyh2D|%GPj((d>>!8&p3XbtKPT6JDv0r
z8;+)r+zDBb+$dG%w|mKL1tJaZJz{)N^PkZtp=Ust0^AKo?ZPI)Zy;Lu5v=@VE3zY5
zy_%p{Z8Gr*Gvbo8sV<{mVOGGsr|;kIye{sHN^yrIxHk{iu;cM9TO$kYp;zQUP%y!a
z6!@yHybmdE81~tiSy`Q%n$yfTE1NG{m;2FkUuDgDmCciaw*mFjLMHOTtXKf+(>!l}
z0~cOO*taX!eTydU7~Wd!bR|rj-I!6M@at^~NHqT@*F6RP7V1Oiorp-oUb(}%02jik
zVE$|9wU_YaSLtaPRSwOnNPO;Uuxy6&_R-N54%s~O;b-rdvpENqpqYM_hXJPxYvV{h
zQspR*H*dyc-P}`oKp=%haqE41V<)Ab8M<^&TkwrcAa*LM^UAb*Hr0*v5xZM|a*J_!
zO^sxK)@{?^5#J4@pY^qD{ljkjb59&2h4EOUANguS-#})3URK=N2}OzW=DC;j*_!k9
zy$i#g^}|?(#ONuKVGp}@*A^oCegC1-oFhh`QRJcngJgf7M+XEA6IdNu?9HxMgVqJ?
z_VF4T)s(Ilfvi1dr0;t%_kuh^EnKQ<)~7^3YwY`!sb|YK4&AMxvR=I~rm&(<=~zO&
z?YDCfzD5GfFg5IE1@Wb2^^aWEvu@bYr0hq1E$0lKM32-5=NwElgzNpzj!_ft$Y66i
zKLB~TSB~Hysv+u$^`=4?M-_U?UK7hx*8Q8#O-fG;Yh)yCI#O4o?3T3T+;k&W8L_Xg
z#I&IvP~v}9tDwVh48y4Xlb-CP)W0|#<kBtllhZ&QmjCzA4oRG%tm{|C^qa_EvhmLw
zKsL5iF#CQ&q}i+k=a16AWRLYJ{u-rpK8MWkL<-?^DZ-tNxM4t>yOqP{=S`bI+>Rtx
zKSRH!Br5=GX!0v6(Bh!*j%a<sJ1qId;0gBvewVlkWOi`#x1;C#p6d0R;BKuz9)?o(
zXOIi)t?{06t^VQ5`4u(jnaKh3(c(8mBfT2S54I^z;!s#A>#uQ*S987HV0|(-%4{9N
zyN~ks4JF2_|M#$4Fg><<4xf<?*@Aa(QJISTbDHu7BlxDF1Tx^;l{=~aBoL<l@t=}T
zQAHrg{TEd!YV!{3?t90&|4=gZeSZ`AP|KogN<($0UQEe?_@3WnAS1tg-RfgcR1#PW
zm4CvS>Zc|HyA6rnaPa@+Cp6a*q5?`tIyDCwFZmD0S#SmY1JvqFZDvV^JnMY>-Rf5p
zvkM%xj*e!4t^DhB@W08Sdu=1;=xmSlHqR&I=F}2kOZQKMMlk_*0N3=4{r7y=MSnC&
z>QuRp9FJyw4AiiHF#_0{5G@Ku1o>Y&JdeI!_djv`w`Mq0r2h!YFWUmJMyeQu@DF05
zlrcaO^D7}W5J!cdQt-Nvu-6=P_n`bYe$-Lh!{>;8x_@!gBLAcAw9)GOZmHERB;GR|
z9kH?<t@w<)KrF*pwQ5iW@KsqF_dh1Af5&Q+3Qt!ZV4l7uY9kg&;FLljr;tFP6h4Eb
z-7hFDI`S9WbNU0EHNqFG5d`5;$fe!(XaC7}`o@D-cOUb-zSwq=^8R1u<$q8@s4G}E
z*~=Jp<gImvG$rkLg0bikB@vzUuHJf07{>uu7wLM{Jh}y#LP=#TfP^yxWh{v8la6<t
zf(z+<#K#pMG|va@u6CL3Pkae@|5dSdWb28eY0Sa$>jSUhGgd}Y>JDAP25?(ikVP0T
z5qy8Y+o832N7WS7VIAPqyPu($K?TwuazadaOqZYzJ&avh0aIJEj5pEj)wsZbJ<qx`
zo+MlSH4yt7I!#cuGF%;nVFrWFZ6-AA`)(iCHQBGT@?Rs_)oiU<ELmnw^ka5;r+=SC
zAVJ)k`a%*1rbQi2dybtHuo7H^Uc$sy`48ej$S~O9jRR4weC9VMEWgqB1XI(_f~mBY
z5|h5Iz*zlMfmQp>9pu~!el(!WTr;P6)uK5O1j!mm8sIZ;a!I8rGMeM({iYIi4Xy|f
z8%+0$M<*rpTQx2NsH3&uxg1HZ=KR)j(gUR8{G8{{-nmlVjjnvm8u#c;67ikZ;Uy!v
zHnjYqG6f1D+=(Lqv(zA{@3-ldL|%<wfTw<i&X2^l=>CPrD5U2irr0yZXM1xl&#y%S
z?p%3@1jiwMi@dpv<TpN#)*2y>kaLV=m+|@;m##);uCP;AZiWX32jek0=yxS0nD93G
zWnMJZ1#<`oNRv3)*=g6*Unyi_AX97ALnyss$yal^Pm!|g1LYNi#xRu>kV6@+bEG0j
z$m#rkTS7+@2%3w83y)k`^vZIm|6U`05i@l=U==X=)cO%!+>`4QzRT_Jd}0XQsqTZi
z2g|AaF>1R#tJp-f_Z$5MIa{iO(bZ^<qNgW=2WluaEu~YW21P1SNR+}ZWaI}qc!Nzh
z3{yx0(V!9+x)xfq0{JVS0oA(w9BR)qHjO+O{bO)&a9vzPB;})+!$3;D-)>z_Cf&xT
zTs`_PRE_YDv><sS^d<gkXT6!B;UMUI(Vbpe8m;u%B#}s<b&mL{zrad8UR;w#45X%P
zI?hUmwkIpnqG~1HlY@@h*F1a1)SV%}^E76i&|Q|J{*+6yryGyu@A$)(+(T4)b8qOP
zq-m)FL|8r(rq{>52pn^6?zb|2+n{ZcFp~Sc%)EgKzsc1n6P&qnqU#8wjdYfL97}QH
z^!$8bP?({>1T)smPRGYn!r89Gark0yv;bAaDP=AaLNwo$b>4L#?AoI+Mn)&QN%->P
z`z|!{bshA=pC&%X;5D$2!F<PKaXLPBncPDI*<qGt7VGDOieM>k{(!MVUK}QV&N_lF
zG}nZ+_B`2}osfux2TWu>56&lP(9^O;*I_B_a6nZ`Qs?l;1>wV14ZrO*B9Zv+-S4dP
zCysgF;|a@P*h%SnKzG9aI0Tuz1?d?Fb<_DPw_^*#C9aBO24)9wbjO%@&(N?LCD!)k
znWOL(6@y5J(yYYJKm*5t!cQ{yQW1t43)v9JIjs)JNTpB7&Tn^wa0{@GeMJ@rJtiim
zfk!V<jvxlTcgHy#F(LD6Mh0(>@<pFY6jnx%5I*~D`R&#gj4h-<H(C&@s>NrN)z#It
z1P+&k=$Mb|gYdE`NCk~!siTO{V-6CiNyNxVc$|-g<95&9g8;A1ScDPs14M9?RM_7+
zvEMTZ2>0s{$f=MMoM%}X*dfA<eB!r|>_U*c2sLNWma7VZ!66W9Dt4i>tRq2i-0eC#
zrWf>Z2FUA&|9S%g!SUjtFbG5>5G_Jh8ugzB9fI$CL*J&Q6%>s>NW4!i$nZ@i{rR*F
zRYsI0Vwp_F>eyaHNKLgG1+QN4j*Vs7#KoyD*Iui-hj{#!7pHu|H3;PSj4&9C$h)58
zn+qVuj}?y|8#CMNt#ZF(ZQZypZ$xRO8qM9`_c!zj6lG#4%}q+roWYWsdA-a|o3ab(
zsJ}ZAFV($oHJazWZo9+hhY_4As2<*A^qTzgdU$vkdC$WmmS%fTPyeU^hDdwaV_xsc
zM<RcK+-v-7x_Sc9GO!>2+V~WU^*9N4l%E2llbl!_IV8~6jHDr*zGZhQ|8jwryo?om
zCSJG)$10t!8kbh@Hq}yum`ZNx@`DuzX^_z+J<(S)4n&I*9Jw4E9Jsg=-lmxkQe#OW
ztkSA&s}!;vg*}|TaEBB<Hjmz#IPP-Q@VxxazQGA0pc3EmTHg<1gRh1_<=4AD;!db(
z!q9Qabq%IVgXy)~Bh1EoHFb4anw6}(`i_nuB3(NVg4-Nr)=N7p_?~NiRYeQ9XkDHP
z`WaBW)3GUVof5rPJTh4)O}0GoUdZ;`Iw7W{{(4|hVXHoyq)PII(LWeZ!Wp`?yXhRK
zxA;c;yg+30TsI}87EX!VK-<WL2{du0e;lb>y8I9`bdj%nF3RlfEb@DHEsF^HeoqiL
zD+s@fygrh4e8Nl1zVpm!_qWlhpz;qu)^A`aM1AA)xYg)E+N43)J&>&1`=l4P#<l|X
zrP`0Z$MQq%k}SF?28PmpYQd)lpO*9|C>^m)i?f}ek0L*&@|CD(FkUQjBhTBoVBoH?
zpvh%y#@l>#=TTqtTj}FEbEd;3SJ_p{3_v2RxccN>n6^lno7}un<m^Ojo?Ec4xW1D?
z)Ad~Yky#5;i_y8}*u(VY7hReHy&@f-I8^Rj?wfYPYgYPO4*ttM&&f*i0vY5GP5v30
z$z+#rv&I|&S~L|^QM=UhCE?j!(Rf*XLy8=rZm~;-?_NfxK1gzs+tKpDI9owG0aujc
z(LF;XMb)g5l0;qSXY7sHwNb4tMWx?0l^lj%f95Spq(7OX(A%`IZ&X&q&HAUYg-qB*
zMh(F^dT)=&)Gk^$LGE1x=&L3pw!-F+4D4CytfOD~?MX)y=EDcVup2g7QBQ3ZkL>mh
z@1Y1<G`+#=^YlystXhxZ7rD4(9Ho!=#2GLeDfjfu9<OP7F_2NOdNRWO$Zvq{sTrG*
zr7kJ?cH`=?GYAhZn{{vL!3s&y&qPJR_hYPaBEC+<Y$0q0H$&;UZwbYrO>a~G5}D)Y
ze9{|6Jo4jeHkdT(9ssGtlFsX_iF7}s9leSeGP*(6D>f>=^19-$UBWIz59GY4jzK*3
zJlAn&*yYi^`uaK^uAQ|rTs22wKWcIByoInVNbgu%#Sl2d-&>a%{`9(ny7mGIr>#uU
z3KVcgz6O`q8MbLi%X;x|3ozlnkm#6ZnSi_|$F#Mjn^wRYsp83ri&&DzId9PWWrMqY
zIA9a^4)M0n<;$sM&`f@_2r@$pdsrR}Kwmx{G#?0+AI@yUm3YMeMmoYSbeEZdeHN%9
z3Q&#Qzh;xB+*fnf@bo&0$O11PzBDGUry>3R!D%0`oF@f3lj{-E;J@S$*v&P#-+i2e
zf)7{0k|LxHR;a~h2ASWutVl(vw|DAD9#WS*Uy=VU`P=0h*(bl7Qtp=0GIZCe9LZNa
z2ICfU90C=j<j2}GOG{2pPT{<^O~9;xa!a<9h=_>g7j}No7^KWm0J>8^&xws|M~adt
ze@R&M_dqBc8Zd+jNX(;{-|mKMG3upRdkpsX+t8fK9cqd1=zmK;`RsFypqO@)sYHTD
zOYC4=to{z@mha6z@};}`3Fv6?xEH_m);dr$@28q73NA_fNf8V7-0sE&-rKJdgA#Df
zM?ry0F`U~0b=@SR!540iB8q+NUtDy=-)ny0L}b!6n7U~nNA+tC*e|;1SdfH=L5J%7
zci+`qCSO}+SyCEw*Z2~Ke3mM+UQ2osy+2!#?rhBW+inyj?A^9BBH=7HY$r8T7)pzQ
zJsAKj15$TL)LwR2Pw304wUMu^FkZ|IB8mvQR4~O@3yBrZZkEMgJbvy1>q(SeD1)ib
zi=R{tZxe!5%{SysqRUs0a>%mx$DjC8I>m_JwdsACF&n84nhBU}AE5B~B-B4dRAwkm
z_Pk|l=yo21I7`?2zUmC)6)X>ChMsb+B44%1dN>6S&SNOjoGLTSh0?#xGf=9~;C@fT
z$Q}Lu0px{hy}C2#OMRxyt#pfoEbX$3ERlWRPY=3%j4iYo^yZYQ*@e7*;S>{5lDIP>
zEs}qg&l;3RkQQ}lw|iS#bACHtaH+wMlKJW42zYyiW?C2=2x~s=;YK-e?F9+Q+|SJj
zJxllZ1MSZK0hjBLGnC1H?lXFGF>8*~xMLIn|G7IuY;dSMBr>4u2AP_c75q2<CBUJL
zdG)|??$2=p)vW$~_4{~B&~qkg)0cA}j}6F}n4X=@haY2i&ZZlgy%lqpB&Ryd!Ue}g
z0@)A!^9puT{mWzp8l--o9$+wU-n<buh?{dhP`*!3d1LpqaqZ7-5_;a6R4ay!)4Avo
zU^c_C4CH)|MwSLfL<RDssQlV|$9^z+fqv>$%#-)~vI<!pf^#ljUVWZle`6@^q4tls
zW(@j!hjXfFvdW+p2j}fxCDlQkkAqEnj4}7-;Sde}{!t5HyuewO;cn0B;!RTfP{7Fx
zn*2RW-T_O`6FXSga~Cv$4c(0$;t3EqUBqlVoBdoBzQsbBh25E+ZZ{F#)a%xeWYYYC
zC!Da`S$&|Tf732H)|WivfNb<!KQHeNw~x-*e6zJ&FffJ4wKrMluEx8-?W^DH_Y}jt
z3#-@fIWX9fXF*FlMz;9Uj$xFy_1$JjLM<H=k_x8wdmvBOjr{Juw{CO8DW*AX^Xikl
z*pGAiN4>jvdvLm5X5+N^>iEkrbj@DstFtgP2YxfTjMvy~EOO7_$*1mKqgfC*NY*$k
z{Hb<dt%ey2cRR;(ax?nJ$KY5Ao6lm3#SmM0GA+oCnsgTMWxNL#d>7S(7`~f(Za-!F
zGK^{0aKaaUQNZMKqS6?{7AS5FT#VCce3o4jv^$9CGBh}YYt5Xx18KYj;MB-B^f^FN
zn#j6ymi9DIw9L${RR^k=Oaw->-_*?`dx&VcSWMK)L~e46+g`XTge^<samxX{Y(?#s
zeczt?jA+2Rt--m7PXvS4;-xYXql0lB23cP@`V><4p}s;`9Qya=;CmN@$RbDy1_)mb
z4r&lWV(vJ1DA^2cNWk+;W`{!kb7ZD4tZI9)Hz=0(-{TP%4}#lLr}ruqcX{xujHMs^
zM+Q6+?It$TmP$Jxn?r!m!wTsGc|`PnF!U8SCuPwC^IEcfoKeqW^8}CU5NKF7xL+^r
zq*svO;jl6&ra8a>;bCA;)IGABScAlph!-2&Wj|;pK`R7VCj8y|qM5n5TlUgi$5U0Q
zmVd#FAh<H>xu9JO=-<=qkva$G4XcSaC&(oz9dp^v_8T@FkiXE?X{@Z|^gS~7;@SFs
z$_CNDdd!HwUlZbtB|);UlWAwPu%s%JrNJpzw->CGZT9zlC`|3ip}_wF?arHxkNk#;
zHC348X(32FH4JXeN+p}27pP!i_`lqI-SXNu8J!2RqUnipP@9^>w0jeV#RQot*<5?j
zEG?IMp>NYR<sXcYXsjmh6>_4M)&%IawY<BR01~tr2<d^8(Mga*wTiCoR-xp0np)1a
zRy0|(W|uTk8cG_H);%v7*{)ybFpqY`7t%AZ$5O$EIIG+@I|AHC#coRXzhw;bzuRQm
zvhQB#6ruAI;@3gc1SLEs)$UBB&)Q5(w$$E38poHT^}d%&OeV`gijclybKd9MiY{@a
z=o3b;I)-PeXXlMMsf|U5eDnKtPgAmqen(Eso2@*WTfBihIs{VEZJOh`{5x<d(55s*
zz}EP#^Xekow<8tioZggt=$0&lABQujLSc>~`t((0+cC_>hy}j0;Uwlmybq-B*3BBr
z0p`b;${u_WKBJd<Z=}~TH0x$tN_T}=-UPw>-op28ehI@$ao4q1x&v@_B!I>XKyyMI
zy}|O&RQ>4OrS9`TrJF+)i|N-cOo)*BZ$3GS1R7hYxBFjT1yXm1=47-3&5lXfPkxuS
zQ+q^9E9}sHI<p)c%BrVR%sTIb3T1+klqd`K=@ROtP!`i$m-+3UgC;R8v(4vw=;`T&
z{IZ2%Sr;xfqbm)Q5;i^aVm!sG<;(~A;gq9RpYlb#`%M`SR>l+aacc8t&%XGH`#IZv
z*yoWU;l$=6vwlAkI+Xtm^2@pD!2;oAcTT38N1|JB>H%Ytj>krEJG7%Qf+wf5cj^SL
z_?)DPZo%!<_Kog^(Hk!ji#M|LE2jil3s3S#*^wOV9JBCgyZep~hQ{k(X{Ft}?RK^m
zO^$}~E(dFUW18Da5O9tTREYj#b73TeS=yW?vdM4IqsjB!)wTWLU|}0pN=Nu))6;J3
zHsew5`@YeJlx)86nG&MMQh#~_tDu7pvp)w0Jq8LWl;--KT{nGKALGixa}XH-wu@CE
zl`DL{f^Y@P*DSpACEDl)FP9D+&N)XQh85R%pN6JCC#|YljdbV|chC3?2>Rc-d0bED
zLI<zk{_dQS{>V%dTIdJe7HB=UA?{c(pUNf}tXGvO%k}$1&I(~KgS@PLzR}ekf=Tf?
z2#8VJx2y_%S4V@;{kwv_xYSIJBqw#^E}6OJ;>^0AA<C|y?GgR6SO$i^LU-qwfi-Sl
zu~!oedInO<NdvbHJS$XB_B_rGym5R>?j!xhtPIhO_X4!*c7>NWA|sGn>!HO>`HsS`
z?2x^<H+Ovav#_K1=b{i2EfD4ZDMGqBRq3%&irK=RXpqp}GtG~8`R?};H<5{U107?#
z3Gr*$exM6bz-q@~Qa1Ot!>&S;*8kta`h9fdzA9NyzoXhjNMJzy7WdE1ipT_IIg0>g
zkc|JA)N@`H-4*017g^4>pH?s5-wqCE`qw7VUp**l+lPK?Mk?g-I1%v_G39#(#nA$F
z!^A1EY89~g{a|p^^puw#Vm)B5yQ_fs>d`uH!cQ@`_#}ossNS3)fa*few*kgDRyW;b
zS5U6_&ZB23TQnA{-~VN>>T}f6rbG}Ezc!%DEe;qt_@^bI=$ED!P9$`(>By0!?4~P@
zRjsN`Hx}k@_S}B8u6%CaMDZj2MkON59-Q0zrNCMFb2IY4apb1p>>>kA9Y^yNe{`$b
z_JEU(=o*wHP$G6@!D$d|t^Tqo6g@PdoMu<<Hl~F+wfp|zC;zB%Al^n{qx0``hQIkY
zBu_87>kt6@HSe)Q)Pnv2EkFCeZh}6hUI_|F3Xh=Vv+P3G@V`-{OZd*eRLM_sOwli>
za!_O#EKb>DuBKq#xWPjDWkV^LBVUTz038veth6rI3<`DhwyuM>%9^t<VCeLR%aCQ#
zPdiS*pnJNp-FzUItWKvpt}c-|QuXw%1*UrWofX)(Ru(%3xpBIc6vhn*{cUoA^3y%>
z>G7M#w%W#(eokA>0x;Kp&_QW@XJas9ce+!s!b$97+H5FA2X=T+ZT*YBp{c6nyW2mI
zltZeRV(%Zsy`Jc%jbM(RdNFM8B%s>eNKw4or|;;D$A^pF`uC#$*0?{7|9`0A|1USy
zH^NS9-tp6%FubwOrdD|_gAh$w`HUpv@`b;-a1og>&v65sNKy&+uT<TR{`}T3M``Rp
zw&T8O#iy!s^D^CpeC`FOjiNtw%e`%Y21I8s<h82U^;6n)?auU;$ZlX@82wPn%m$J;
zX857&q>)GUq>1kemi62H4Za^QY`?HMpc6rTyN@mG?#nV+wM>N}&oGKEMO1k6Qy)O*
zn}~ynRV<VZSZMM;2&3MDJI6XX^dncxW>H<g5}aVt&va9^bBb1TJf_sV+map8iqmyI
zIAKIQr0PH36NP~4RZtb=XS+Qm{(G11n@oVSLUS(Wt%LjO4u1lsu21_%)mbW8oXU+3
z>G>mkbM6TexFL53A>@Av(Z6jd@DRy4lbxv?2g5X48m}+?l4nQ?PB;0cQaklEUNQ|M
z<N^dl@HIyf5G@Ftp+A^S1ag+k%~XnA7@lJZxh2u?=;0T?N5zg|S&$AuEyxA(rs-B~
zY^%R$ETj>HX%NV@6JY&BIiP`jmtGXH`G2o@QnkK3A?rJ-$oyUu^scUVg3i{ruH)mN
z>a*lzc`zOu_TH26F$@OBdH+6Du}F-eGQAzN?>Z@4Rc_-`7!6US0*?lgUvYSuP`OW?
zscfI55`lqKtZgeeTPe9T*lM(rYz1po`P0AnTSB$(55HZRD<W)^0pSdN2Ru|WpD_m;
zpJNVeS3NoQ($+wm?EBqEt?_>Sl~cxh%mMzxO<2&^Lt_mG;CH<>f?YD6GCt_|V3#1h
z89VyM@1qmFN^=T!C7;FN(zPoT<TiB7NntvLWsqi&{KXAu_u&q{(%ONrg&FDAz0*<?
zCozgl?dW};+yLr78|#B6jI-vff4|IvB8P_`<W+3S+w3R%WtC0JRufYPrU=^lG<K6d
z+4iW6-Pui34*}ybN{^foMqAGo-gZ$43(1h4;KiPDRzL9P=dX@E!6u5$1O=y;FJ|^v
zOZH+#*gT_-=O?HA1ymOfoV>^Yk<qzk6puT69;3WE4hlX-m8`dgC#@<*H|<>A@2vkK
zZs#jzGr#p6!2sXga5)RmrpT6f3TOunAA~unn}5IvX9=>`*A{?+4F%fr+JenfXoJ5n
z{-Q$M(Kd!d&@4_ZqYi$!Z^~u)(T0CgcJd|*xOWWiyyI@xUx2mt+^n)o=n#gz-C;J=
z*{U1d>2(~iV^r>Ktfvy8rEp5Uj85;^MojgB=Ow$*6%-*22UR(Xy>$j9MEQ1vT74Kt
zdcHU~BSgvYxPtUH^5Y40DYNK1SS)tFFE1-z!rfMf2BQBis3fr{YUkE>`Ol-8KQ<3`
zpCjKaWf5NC8;oGZ8&1`pjl3!`-Z1NvC{Z#v2V&Uo+e>d=|1?jz_gX=`JnY&ASzZsK
zkQoDgVgy5fTbP|iaC3V+fn4LgYBehe!>c5=>@3P2BAq2%%i;81GrSD`9#n61Jv=?}
z^Bl`xUS9!)rfeb5y^QB%XYVVtiHwGxzCtm_6Q7rMnmkPy>;>s0Jh#V7_FXLs-$7J^
z&eB5|zxH>>32yh~0O8G<&+&z66CPFht~(79eYZfJV0ib*)XwNIhXd_3VIY1GNG#Zz
z5J($!(-m?hIKK>zn4<;;+BL&G+}-`wzCP(bKM*NJK%klmSDu)1&M$=7f_H2g>9$zn
zp*cLV{s#lv`<EFZki>_8#s98g{Mx)=fonx@&fVR+mm+yp^AkQ~(Sb(n4MT&62UiS}
zZ-#ZeB$!kV_+wP&iuB7I2=NjRA3YjweFTME8^{cVntIQqb}BlfjE#-2ShaK|^ZLQK
zLCf?WZEzeu7PJdK{UW6)>b5{BZMkV<z~0%D^=d;(NJ!|MZ@Ve3Vp6vHVX4EWqo>sO
zhpVBoU191xA0b<PA$cKc&~hPdGAptBwW{s-a9TN6>#$;pqHO>;#DqUx$XK?s$dOyE
zvpAu!XaIqnw&{|A#%aFhptB<7LDkU5qTlCBeKFGKwWXO7qhaWKr(EK3Y_R@_=!I8>
zYP+a%M+^JO4~}sb571`_`ZBO$L`gXDfSesP<QI;@24oIpyV^k^xRjMlP2GnKdj96q
z^Eu?{!RWGQ^et4aQr~Z@s>O@9^S;sjQ*Tfsb>Lusv%19b2_n~5Wr1q|M+Lw5&9*qS
z%x%gb%;DWm%-2vxJxV&Sr{HaB68s`zZ);`T*j%;TkFCI}6&=ReYpUE@hMZ`A`RW%g
zI(8IBX+YVXT_)GL9xH<jRFV{IaheOU{!QlIfE(?@XNs+KfPXX*xF?+>(xvXdRntIl
z24J&-niCZ4Fi0ZZPi`l=Gxk;49R>2kl7+%<s_4n{1q8Jpj6DH8?(XjHnU-CjM$@eS
z$dmmDzB<#!Vv8jSV|LE*;xF@2DwZJml-*(9H#vFSt3cLf0u+}H9_0<?+|aLScCQu`
zm`_jKMI77Feg;B{mIY3*YH=3{CjiX>0`tB}o%GQDqO*PiNTXEWgU|bW<dK{t;2!)<
zD6HqZh{3A>euvB+ii9Up0i|+SGh?$d8O_h22H2kg;{I%esHt9@-1#<6=H9N}S_&XU
z6f<3^IEdEzB}(~Y!F2}B-&W|Kog#$2g#@Rts36x)g4|su;p;~_i2g&jze;*jf0guF
zTq1P9%8erN<EJwLy&`PH8|1XcwA;Y1zaaWAiUNz7Qk$L#J>BX2EI5UtAJfJ-X_aVz
zZMa=`^{;B+|F#$a_n-RVzjhx#Vi}k=`5z)6D-P29onuQ!;zCX6YV2S?K+Ow>v{r!0
z1WY2L)afJ&mM=`FC1I{F4_vECN~cStkM(#qm}jo2V=G>B?K&t72>mRS;gIKDpUutB
zbE0g!z)^y1MQ}WTy}8j0B*sClul)uc%c8(bkjyluY~OVC-h8lsvrb8R%!5;KilPDo
z&xb_Is9|)VB2n|R+y}`@Y`f|RRPm`ey-M$OQ14B8%-Mt@(?^soj#L_kfLdfg-GlhP
z9+SkdGwin-+29OtxRG9aC$$DmNQ(>54fE6D6Tw23Hm+YcHazgpzh7u18kK3$D6~5H
z%^7Az9R*uz1)Mk4k@BOQI8CNOm1Ji(zfKyc2+I9p%WGTjgz_%5tbL6~WLV)vx;iXb
zt;dhRkAq@h@XsVaR7dWeTl{s0<x9kVD<Tw6=EF|;_L$sU+;*`LutpId?eFgcg_Myf
z+M^537F0upF`FCt3B`NXZ*#)bg(4zys80zc1UVwvoy`=~Ph4YV5hiz>$fd7>8WsTT
z-0s9Ehe&n5TxaZ~Zz5QdY|ZBwM|w7PT&R~K8;a>DphTaBJxmKatT+H*eutsYu8)3<
z7L1iE&p^5|_W5Ggy$kjIsXQ{vaZr3S=mxlpr_@LFZxYMki~K@l(4F!RF2BQ0u3o<y
z??*o%X08fq>8alL;1_++!ACEZUbE1(efdhlefHM(3_nA|xVaP@l;3RdtHDy5YMec>
z5rwfcH*)#NnpK0tv;2z>3Jj%GyJ8u`ai1)HHw;rwe`%)x&=zE12USK;Ee6tL>*Tai
zyu3Ekx!`d3bA!b@7JMRso8{TC&oJsN`>j0ixuut&ZI&jwgOW1_g-uE)ZH8Dgs2B)z
zgRdf~QcmrHkMfk38T6P6jUv;)2P#s}_Nt!&l$q3SQ%zNa+Xr8768rNu!UCZxmzu)Z
zNuoo>{o(TxlJ$<Y)urYdeTsJQ!26LB^;HhLzVM5FcV4nm8k8qnKspugYc~j$<^~PN
zC-dMEaT$by@TMPVGp#TQ%86mt2Lc^JW+ZIaC)|2$@3eF9t(zPoLN;hnQv?fnGq4N8
z;GD{gu8O5b8teP09Z)acBkG_@?vW=Q-arSx5(ArP)c%N_L!af4k?<XAw#9+XG;2kA
z5xt<?1wv=raHzax#w=&=`eI(|zT<(IDEG58?dw7jRGD&%sU=UHL7%c*szIza)4W8y
zB*qm^IQ)dstT|@vTY0n*Gg|OyZ!-S5*x<L&^$H`7&HADyO6$5g$e`o%lx0h&kV0fo
zHq4R-hda*ah_En}W{Qw->jvGS1Oi*ZkGyW{ju7+B{D9esH$W2JucdB+UJ~WG&Wt(L
zcxx_*uEwXUL{OEnx|=Te-b({TbI-3;V=z|!lO}+$Uq5kaSUWb;5+uj{!*mDAuF;H|
zzWE|!G2-MPN$zbR)+!amL-AoJJ=d?(#NqSRt~vIAYLG@viw2S~)1UmAiuM06_vYbL
zweA1#+BUmP4T=mI8jvYvE+KbONak%GGG!)05jHA!Ny%7bh?H@g=dd-X3=J~R4ah8+
zH}-ojs;B3Ep6~ZP-rsS&@A3ABBiq_*UF#ao^SsXM^ZA@DbvAaCE3q23q@&hrdz3}e
z1IVjSg4&hUzcO5cl<>Fck(%o-$I1N{Bi|DAO1$rkJM(i~^!LFlw#N~jV()p)*+<WX
zAKjE5F~hLfY5M$$oHq|^dWO!SaChF+0=Eo|tE6D1PH?2)#O{YdXE&`0N3!L)(Y6YB
zGoQ_DF;v;!>4GKCP2TLAJWy%4R<2BA%1BLbq&QY@YRbbl?MRkyQ_`D$^boJJ%3vUR
zI>eL@7!OL1;)`n2PI=SV&)JeH+AgXX(TKZO&6tKnu*+Hz%Ug~dkJep0*njHP+G1E(
zh;y>-xQHFUhh%7pVA<FOe!Z?ul2*g2wj?jC%>2oL+-EA1Fy)>P=p<))+jJHx2$ZY%
z*1Vn4i7dG+xO4S%EQMwE{dbKXt=pN&Hg+WA_YrvOQY+o*O?Ts4c&*;|F&G@yw+Y+M
zVIJets%-;F^N2HyE`=yDJUxmjC{Xvf@7CSL^bT^%v7aIseT9bKO5Vq09irq{Um5ev
za?@5@U?~!<2>}58+M}AoT}%tgMI*qFHcs-lkzc|w<eaf$ScJ5`leXh6$pPju?<MX$
z%__FMAvobleJOe6LBnWt($w3tO`e~RP^I6-uRKtLS@DKwVi-2jmV4v@rPx$``GjfY
zq)Uvov`YfUI81z`LvK-1iLnFFtj$L^bsC<jZEs6CMX4)fcXXt`GSfhd#igF3?U3J}
z{#Q1pTlOg4-bUP_DlzyD{xnNyaQ#sgA*ysH1{vKJJL-PRi3!V7ZsL;n9Pz`D*D2^_
z;Ie1B>sw2#*Jdy<lWnf0H94u-*=If99~=4geO!_Ixs7!!>6XHLYhaR`x!aKxQTO_E
z_l{f-)7NpBZhpGK!8PeAUdH^pCEM|aTa|>6bSgNXe-v)|`8NM+!jkN>$J+c@Vsz29
z$>nA~)AGaYmm`o&Dy$2weXfY~PQ4(8ds7(c=&u~8_)U@f<as8J<h%T|$*=}vG)H{H
zFr_@4`})USr?`49f4!rn_nFba2M(M{GS(Ji+4+nmk4svRzU^#%PM8Qib3o+i#%XHI
z6|4&}Wta4EX7rEeNT(~R&u_*a%>MS0Q4^w+qe`A)1FHTx*GiK)u2s>jcJ@z9`79Xd
zMqe*Yj?Y4&KvWE@2`T?@Lg=k{UlSfec!FYN5Iq7WRp;uz`~(Jf>+JSFY&`lL)<dkn
zd{|Km=0q?Y=`Zb+00`6D3+t!z5diqA^d9?QN5vxqF${VzAH6a%gH5{Z5FmjGXNDlC
zx0diwb(Se2g_e*_I<f&Q$n%^oW1H^Us&G3K5yK42q{{-T=(&FTmN-nnr<cK6%#c#p
zy~*>*UsxP#ZBP47J&ZNH(K;r<g2KEfW81$z(6hwtR!6L9HvX&^ggL<n51iDsBdu`m
zffJhRXW%0giU93i|Ml5M8`iIcXv-6T2Z9jVMgD3&oan0jYBrqZ?tkzl8NJ&TI(EqS
z{k}PRa<&H!iq?C930wj#j^X#M{_!!q2DmJ@^{alqD_nj5s>kjYPCyf&ZTz1aRrLAD
z<T~IhZgwIBP*`3l2m?-TBk;#wB`A0>*7IL>Ls24hjI3yi(HfqSu$O_AX*1maQ8;ER
zBO|~v`Ql!mgT1a+#^c$A1&w=$_QWlIjf99TjQt!y1n}aA4khbl4c*{R%!})hx<)I!
z31YQ9foMO#!59!l@ed0NKT6e^cwM?=aNDuay?ZBL-fk3KMU8fdz#D?iO-@cuAR>hi
zdwP3!o3Q1T55UGGM>*T1eCFg%PDzK4kJa(11<Vf$>*gO5TRuT#=<DNS$=K0m6Mem_
z`!h|~3nqgtXwWk>wfPhJ9ua`9sFRYBNiXn_SuzK@EFHi~OKgceEsbYB6fZE!luEao
zxx|TL$aBv`jFZ)c0|$A`X~it$X&BcBX6MmYOE@Ppp|4&;32VmhhpxeX)cpqDEd5?q
zP@zgcA-FHfB-$^hPEx$(xZK~czf#uQmtLKf)evpf{dM0TZ>JK7F|L@icXTX#8`dF3
zv-ywC$rQ85GO4~&ZfHBrQY5M4>-|J331Y>rtnO#H-DSD2optV!+|ih5V>AS@z-kM>
zkm$cWBBl2FmR_pNnEcg2dDG(a?-HqSPDx4H;>>g$d2vUwd2uEu;0X3OI{R`i-KH0Q
z!c_r>%Ao4yhGMHSP4fNQ0k*JWOREdkM?>+s3VJ20o9QfYG>z_x4|FcnWYpheTm<FG
zZtlL_x@{`ZHR!QsI2>M8yk?L|&+Z_!MjvGm9NYi1dHcTrE{fbFeI53Lk;)cF<}|gi
zE&!8|Qf3%GI^G4`tlh2tGjEE@IdpfZ-#P?h8jgnizZ#h#F_07d%6!E_<~@+(Ccbgf
zS$}DpebTTsJ&a{5v|iAG6z4dlrUrDcW}v4EnS<aW-eA$XW=!$gb>0Eg|AQ1+X3p$a
zE0QLo)YVil6`CcOnvy9iwr;QrIDW$sagB-63lRo>U>?M#NbaM1#4SQPGsP`v4D~AN
zVlQSd@T;TLGyROeo--`g)C|5HP|3O>czAtA<m+pp#;9KYmB7i0LI;6}VH$Z6zaL?T
zGF5?=O8-~R{+e5OlkFvp6TQJG<}9;5zrrWojcU@UT<+c&U+d5dzQh+z&i63wUqrsq
z)e=7KmkLMQ82;VE#BHH{Gx~~7q{69yk4cUT!Fu;#kcicWw5&f@i2X|s6SPOqVPhoP
zd$IDscpOoi%5VduUaz*pNIf`g(~pI(>gNC>NV{RN+Le?TFM-lb$ze;ssSsk*hffCz
z$#N!Wzu7B%)6)Od^BXpL|F(4lbnC2E5W|1k0cx!Blg&SyQcL(C@N01&vbcDY$@&j7
znW_`D9$ar&D)0tcD!7&Uq(rw@xXl*SzaF82>tXeN0e$dKa|2QL3~Q7|fLCYGH+w<I
zG=<S@ShjjFv301a0CPJC9s)(dpyqbw&EbKE4<Bmr131Y=m;8nw7AX+dFM=#9km9>8
z0$A$y6yyz@w?AjULWeWad0TeL%&kU2NesJ1@FTAr<-=V>hIUxyK#~j=l@*E(So@JA
zE6oWIulAa?IZzUe-wC_L2U5;)Y<X6o5bE+>qn6-EhwCwc{-Z~~7z7EHO4|y-rwe_)
z{+nZ@y}i8Ph;l~&4Lt48zz`kwx(WD#rJdpyhEAvz5<`=JcQ|G7cj9!LqvvqAV}R*a
z*c*Vh?vLxE>`61dutT)dKI`O>fLT~rc=dG2$$}(F1AZMA>ot$vQ5uJ_F;kHJGp;R|
z0%4u6#kS9@F|TU=<1$5TqMUC@<;WNV3a_0p5|YKfB@Yz>tSm~Gbs7L#ieVW;xGSIx
zmr$I{pPrrd>;4Zg4d!9|iI?_f&M_D;K7jAtW|6tkv<mxy$1SadVTHEyj-9>(-*`F4
zg3HrTVUx#@yKG1kts3T&Wtkf?mcswS@DvbX((D4CFMkAQvg^=5oVEfsW+XF!J_=wR
z`khI}F*70@ta&qIH%w>PDMgNI)izcDtz`ly4g>xq{3u)A4DskzLBB!YC+)fV{JZ+5
zZ_+91JM7EV+tWq>RM!5f(l`@rqLlXuCzjH=A@*qivP|<k9%Nv3-<UM$J*JJjx13f?
z8vzBS9DR>D832~*9W*;U?PETh8ZmSY&(hWx=LrCr0;769y}u<bfT{C#f+Mer)4AN_
z^^Kf0(9gARJ{omd7F%Ldd{D&w;$oRzn+fZoui$-Qj-K7)DP}P@-XH3zoyO3rp4kaI
z)5k#!27{o0n7xK_(ruUel<_w5Sit$b68>o3Hr0Pdy41|(Jc$_isBcK2ZJ5vTz#lDM
zX3J}K&=klpQ)y8b#MI<{$1*n(Osnc=&IU9`tE;}Dd%VP8psmQ(&X!lN$S)-@HaFI5
z{C=LLqRmo!ON>b&J39TIdOS$b^ILM7*gTwB$A3>~DX%QINR+FkMMG0|)SBep)&YrY
zW#5p_{rblJ<cD<SxMSosX*l{ha4;)7t;KA6Iqc{ivc?%?7QVcfI`Sn^dd25Fsq1vB
zqsZAwk+H6gXPCH6MqU}cz_ma-q$)2wnKcqx^CL2^;A~Kr7C-jw!Ya3({2VlU2D&hV
zC*()>u#^YQ`9}A8NKj@tNoCKV3dry13JS7-;=(^K@@<)RedS<^sG(0sK*McL0d^n&
zBCPZ!vYZp4mi3OJ!b(x_--=5A?iFShHt1iQwvDFe$n#rx)0%FPv{WG9w3yS^XI3(C
z0hc{7<+~6bT`afX!j2VA@YFP6_Eq3rq&Z3!?yCc__qpI|W#)`M<+)*mVS(_+t+|5T
zAu0OV{b_Hp*te^bkv%Pb?~R&m(*u2``}<?8i!${?GQA%Q32e(UTkJLmv~f5+oZm6Q
zq8Q5|5k8`0h@J?;KA;?(_W=IkB@yC<{*OKmYLl=aZ~A*bSYQ)CU&SPk;C4H|Qn|TC
znS`}Vgw+4at7X-dDKj!#ct-$@%TrjskN~u!jj$lCadR_AcU2a+l2D?wuLmY0gepM4
z$KqFm_kSeplJBgkUN}KkvO7m<cdU^Z(F_wGNOzz%R+Tf*kJy_lm?Ip?)!`|#a7rj1
zFkb8L6=cnxx4NxpRk)Cn#28`zHkQyEpl~m!U^OR*ZjF1N6hH&NqDR}*5La+#Nnq!@
zU&Q=i%ljJl=2mb2u|>+*G-$sB)dbkx{N2_EgkI}vcMLYByi0*Dt4ggx%+z~KdNE|c
z7M%#_d-G)Bj=|*1w#joM!5jDVJpR=qJmR<q<XYQe-OXN<sd#d&P!ppAJA_ReZQakB
z_ikdVE8gZDR!VoC5!JdV^f^B~zd)WOSG#}i$>qvW)cp9nOC)*;Lg7Dj`w8mvwCDBP
zwp6^aMrZhX3&L>YfQzY~=aQ+gTqP!p+5Z~c*LfJnsh~LO-&a1zJ)ry5$-sMH#xayb
zPFF-RhrwX=0SW;-Df!d^yx7mFA+!yG|MfvTG(ZP<0@I(fhYE1)`s;(<w+@N|$VcOd
z$FSKBiPul2dP`2n@6wGqkYl$F1&hj+PnvNCueoufQD>5o5<nvyrJbY_#Fy%l73I&7
z-WRO50?S~4XV;B^INyi`ott(yF<Hv?mpVQ8*Ah>|IeZL=MY#^1;xZrXvU7i_#*t&z
zH^Nc_n1-yKlXA|?*+YO2sQxgN6{~Ai2pXJIg1z{r@*n5qDtv(4(ZbA7W<Og~xqzxs
zzdK0r4Qq@V&2E_daL{S8pL2p~KPzW0iAgYWnbxHKkshcb-$!921*+ohs00#dH%OVU
ztSq%>jF)~e(RVcyD)n+k6{Li+EaZJq60n!Dak4+0r<)k|W+t;o=V*(V9?{H6lu$9X
z7eRqTJ7nCQ78|ElE&})a{s*@H%2m?CeIF(j_u3OM<OM=bb7QOPm)HsU3-4_ywTeHq
zn4{E9s~o>b&qull%&AsowausJ`M#6iRm)ow29szMyuIDmYKl*75s4(09I*60?UGvr
z+^az~xSo!oW2saSt7|{fCh4UdpX)yp?R`slS%Byf;3zp#kAmZc0Lr9gz>qB@zMOP)
z=%g&*!9;M`1485?+<c!WPtApL+76XyfZvU3R22Mto~G2o)Rr?sRz43aMZ5G)v(idi
z7`MrvwpkzyR{Q%xK1j~gah$`sdKn!j8~!6jqd87Vb?${I{YC%K!1bBf!T?SgeBErc
zqd(h(;Qm`U*1S7x4mWU50ZB;HzaunZS>PK;Pi1TGKH}3T2tru;x^r*%1!Ys4^aD`H
zoWm&;GAB9Y;RCC$A_yZLRd}$H-!1#rjlwgQ8Ks!>+8g8i&~6*<cJ$#3F)G5vGfZ<k
z%5<;mW$~+9+8sa0>UQD-55sODtIxub1`dO~qx^0e3|V-MxEJpUCeX$dMOJ9x3q!vA
zmU^`ojR9>oJPhKEhZtBWj7q_WemyKYHa&@yCYEg^XU}v33rm{gChpvT0o#uA_g`oW
ziE1eXs@WJ6`!w&rjsu$`y_4}7DPN55t=Nq;yjhArRcw8p!`vek21c-nE(h4J23pyi
zd0@k&mh<%FD)qtWbFHH)k*w@szI!w!He+AiY@OUk&heY7_0F+v)X~YdUA)6xnp6I!
z_=@GLqk5C9%kOg~64su1;}qn-e`yp_SPbUle=6fKmsqN6H?{WW{dX&(q4Udsy%etl
zz$UtGB^R7+zS*N7rkDDU*T|2++%dioO~+YfY8xYFF&sDgYAEv%xhW*ay*Gs7L=$O(
z_sBVRp=o!qH_n7uq0l2{Z<<kK-t@;4RJ&oiR-a1pKa#$XCZ(wE@y`(e@ZTv>vXGJ)
z^A&8&zPICs`$H$Vuk<^(r+J30_VzDIz9snaCsurVQIqP(+-6XCw0}u7CbQ{cWuK{^
zW#y?nCAv^_)JbY}B4r}!chRv*d%YI@n#*($fJ7*E2c@T%1KMTb{@gbT`ygnb+cmGf
zXtxG*R#1#~XN=x3F^nR*rLEbYz0d@bqk}vC7|DEh+|v<~toupkAZp<n367Gu;|0#e
zw1OUt1~i3k?Pii~<@Lmn0;Xw-W8K#7wjN!5&sncly&ualRf~!mrfI_^-*pFgC-c@y
zxB4%rQAWJ+hW9Z-<gO&LgWA_hyns&8LRz~^2Z|}RjuZsh23*`Y@SayMuN4fpRjP^<
zgK8i-&CWCH6uC5Dfl@1ItQa~4sM)uJ->Xl=f-6TYfTpVSK<vCz1bNHuHIhS*+yLhZ
z?l?ufD``~G@$%3rV?<Y$v9wyVR2g%$3yCsMmc~gQP-9>HX7j}F{8{L))1rrjW}UkQ
z$VKkc`iv0@0s*Gqo0X+UY%>PdR6v^6YDQlutJ(Dn-TW?<=wEBDnX!W@uTfMQ6Cc%@
zd4>LHyJ42J#al6zfmExIphl6^n%ohYA2Gy&uiTvhtFLDZ{b$qJR0gz_cvC$oHeV?o
z{^zjxB|u`$Q&uA42TQfKcu7Z3^oM7U(*gEPWAK@DB0ad!_2msmLN=Wyu)S>X+dQ_w
zJy-6NG1lAa^~2!k>b0q&oN|G7!fNGf9qGn}^D1u%t$Nkz2}0-^qZ0jqS(RQ`JCLpm
z3z1o`h=yx^`(O%gH;37(6r^meUGbF)dxcGzkJ&H%Uija-_2iFWOA4s$vN3A8Q{9;^
zRyEhHx$~H6+rzKKR#|@O&kD?54$^m_wLOB3Y2ovlDF4HVq%?P}s*o4VA=lvs{tc2d
zXZ_;=7d{GuN)8!l{^#`n(*Qk-qmaZF)(S@e4E<z63$_m2fTi-gz63tiD$>1;O}c-0
za&9?vr=&&BGAfu5FjFb}D(!zWTi1#~1f-l>0be8snhO9IQ(7Bs&(dD%sIjR8$eeDf
z?PTFcf8m%X_2xNOz<>1y5yP_EUG{Xx_YG$L|J@wc-;-(BA7ga+1~_ZM=b5dMe1|1?
zb}^Jays}hJ^V5{l<4giK{M?Bp4f-TnF!{^NTe)v|F*7MkF<hFs-lV8*3VS(-X*lZd
zT0IYFo@)=Zw^628j(puJe{?76pRTe_17s<Mk$q{`GYc0j`;6qruwi^iv>=5It+3TF
zToDpKx?s%jZ^#~@@)v`F@k~`DB}`P@D?r^KrRb8T4x}?s$HzCF=DK<;kI3*%!6d-D
z$T$2nlO1W^d>LP&@TmsSk>ovgBM;t4XU>59gF?WXCw^b~d<41QABE>hTn2otiMmS&
z^UpOAa+&f<VfCGK@9s+ms&fi`E5WzTbN=>Xh)|_syac5gCQrrd^_Myi&vW{YD}<t$
zJO>u}*+x`eCMdg0vM{LmM`p1cu>hcpGZxG-a;1HG%ba+=b$bGPh5fGxoReE`XZHoj
z8buP10UEjI5pz+phdJ{~&G~8L81kAIZ1f>~fbB~7ZmburfxTWNv5&49s(8%u^VW36
z8{>8+tQuzK*Bpyji6N@L+~_a}GO6IG<Vk-XiH<k}Iu?tO5%EPqT)qADnND)lbUx{4
z)_pgGeW&5Hq=qJIKrmRP|4xpDt7^bxkE8Bncge>9`YwTQd1Ak!Po5(Hn|J_AM`du|
zsXOI9?aEzM=aU?)TT9;>rv#DP{o2nY7#K=rKihXFSDP;p5X+O*1&)SczuUhJ8}lTN
ztUByB!Ka@TZ)sBnQK>(02HsWJ#bnLK+sBamK0FIa)UxW#bKK1l+5qwLMik3rNg4sn
z|NkBv<IQHS)jU0ATKsoWVeO>8@Ei*#?K%fTB#?n8?`r*QjmZrCu*UsZFR6~zn`wP1
z`!HyRDw#JNLmi`ezeQtO-g!N4`4!HS2>%MmVFo41F0hkp!{F7IDEsg2{@p8qxa^!b
zg_+!{H43M5fBx`?C*~#Y^3lzY`F;;YGs7ZkYI5iV(+oU{`$N5MI)9<K2ITyT@q-?*
z<vq%oq1>x=*bSZe*<m~Y*K{$bE>8+YmJWu=xq{YF<7(MO_21v1hTKN{RH5?^S7g}N
zcM0I_8EMhMQkkUz$`RJ2p?XO;g8A8bb|gNsc`91W#2SD__Z)3%!d5vVhT;H<dcjn0
zBiKZzVjCgNgRehbq{!WZ6xWgsaL?}kT|*`L0rXy!y#3{rgV|=k=S%@ct?Mt;m!aZE
z_$~73%-walx#hoyS_112l#fYK-wAO%u}}WACn%qePuNt}IBLn1hH>ek>OM`{Jo6OW
zGS%NbX^#`WKSjs9;=`6HIFVrOJ8bwGKgZgwY*buw{!!}<-#3$3!&W#i0AB^WN?M5l
z^zdNg7gjf#U%id_Wr<+P5HR{Yzm}Q>>F1h;@BR;$hkIdB72u*>ifI?2!48YvksC%0
zZuR~Wwq&j%snWfm|NT9M8U2+sp(ISVs3&!F@$ab_XGucW!mA!1Eg>usGH4qM_x(<+
zRQqiIUNd+PK<(>|Fc^4<?11RvTb#<g^tDWMqhsG(5qD*f(?{1gD+-DgkVMi!L&>~s
zmXf1b5S?jbShF+i=Y}xImM!lV-hV{DD^+{|K*9Io<4zf+v5a(==+JnWKx(LU5&YN>
z6m1>jFNRlaEL)N%bMP*_TLB_YVN!g_a&v$%`>&2`60;C82+RJ^Xds#Is#qCA9QewS
z^R+$@lO(>RETjOcFy+Nrr9qE2C;A#6P5S*tC$V^>nDS0Pj46lt0Y>Of1x1W0GoR8?
zT7H(79R!%>TqEbDRpn!H)PB#yI6IPUx|oq%g&~~B<FWc}soL3&Bf9yR?(Vn5YT;kA
zAo&K)$!2f>-FEUd5mxhjVIWKlX}q6!fq9-a$j2D_jV$>2{l2^$Hy%K$w_SphU-z_A
z?T^9G3c3PB|Bky$E5Kyuoe$(Zljo6xxX+~U*{?aG_=OP`Q}xX4j;n%CvW3g*RP8G-
zj!FKyDbE|+1A||`AXwt@U-Nzuv~XWzo3l^|v!Z&%qhW=kOzY$~9-3_Smv86_a3G(3
z8Urcqt!5x)0U)y1Tu&ckcxX_5=OuOQaXJ!kDyKp7VJ88lb4oHIH--Sf9MscZG*p-b
zK*@Db^9@@{SMgf{NQ5h`^PzEsM_+)UjeAY~6i{9xD<99xL;iang-fdpSNTpwljkV|
zn?6V!=L2{q56!lKe>_9LVmNrKGA|(;1<`)I<oR(P)J|3_xeq2>TJl3t&<bV?e_veM
znsnD?Malb|sb{x`!+i0S!egbi8htN^?=|;V?~G1do2*{&nz(~U!Yu%bX1A@t_;Stz
zZQ@duui1SlDzrROvWddu8zY?*Fqr$be$y7t8&Xs}hauIVc}jlq+k44Uxg$%<#Q3Rh
z)=SpGb4{{q4HTa@?*a-}!t5H5I7Wb!dY<#3xX`>O(M0lGo1&~%y!?QtlGwVAwC-PZ
zv$yb7`B*w-a`|hA+i&dikJL?O^bDebs7mq4-(cWf0SnyNQb5Z>rvLY)9&3$~!z&Yh
z-tx_W<o@g8+{8OdK+UQ#@Z2D8hZLW}2`6~3s+m`>=zlz#NV}42h?Yr82xv|5$n|NI
z+KRnCgktL^4u^Ow1CVy5ewG-ZFt}@;o+D7SO|L(p)ON<3@?A}5O7{G6WGx=@ERZh(
z&~#uc&GL^ie4^jWRP*xD_5xC9_3Ctg-^#3~ca?6~;r{$fku0&5S<;<P$MOCFlae*`
zZ5$ANY&?uMn<%XQblz}eT*zO?VA%hMy`)ab78X%c)<YW*a}5j6Hvp+>LeYL*I}A+4
zAjtB7#8L7*HGY>}f31~PrH1^{pes4JynNK4#rNXkCC&R9yz>Howl4w`uv(%YTz}kr
zb*+J$n_?vpT}@nim+RW;pLepfj_?r8TWR`IWzj?C3#fxNqr@;Hw}n%uvg?+&-z+R>
zO<Y@5OykN)Yc+njkPtj-7zxUZ<>gD@u70=WG;SrNbisSU|A1i_Lx=D@l#?>3-C7CE
zGu6vERjobw>Fq<RQu+zUx>u`PcS0)c_bVlLP&-|#S*+~>__*!?2a<!mt7K*0*B3*T
z4)}{4aP+t_e*AeA$0ZM2yup9PKRK(6=h~jVSO1S*3RH!^&3$3$$c^GMT6^ou%~0Ml
z=3D41R0+5$yMyc4d(tS?8-T4RU9p^Jb0oc^_{XyMv@FHAl8D+izFD2}uF<~z`h_cR
z;Na)?;I^tvO1as9W%<=dS&>lg%1)~c0;k^>@#_51lK*kMV$b~XmDUq$-jRYk{^$p}
zsHx$6RlqU+?io4g;I5y8t#1GWQ)*tg9Lk+7DWul~inu7={7BZAPPL;#^dLhSApV<L
zzd$jkw#O&`co1_8nfVP`A&_$D+gJaT=DGWhB!IpH$pzR5q*1yC|7Js)(t)@{xqZD4
zNDd|#?Da;}kW9ebOrHmWfw#Ad#Q8bKR$hw*DM>&KJT$_ZRrz?L2VEyloJc(@<~?Z=
zF9Z<!^U*u_&)&*Z2CU|FLC~$PvH$ouoenAZ%feHsH9uWnt(@BnzqHkLDt4rTh{{`;
z%mak}L*MEtETHFmtGIEl=DQ#&Y)Xs49RrPptd*sA0S7&b3m7gz2^K+N^Xe;5K?I*s
z9=c1kWajIeNRacnzbCH(&D{=Z?*jZ{FP!EH-NRJkj9wf$j95pIMk54Z{-{+klmR#a
zlt)mJAV3>N`vA~iPaIC=e%K<f1p`~x2QXHdHP4s6t1q^WfDwDAU;V>!z>Bu!e!%Jv
zI}c2pB4>XPNGp{DvE`u}-SsoJpvUuC%6xSwIIx>n-B~;lRT5jjau9b6{>jK3ke>MV
z?foNH65y`6p!!O50w$}9Y#l?{lU=hIT9ZeGSl{sFx?JwOY!x`ctBBG<js*DjgVa?D
zBaI!C9`67sHJmRJv*^tH{$huQL0UM*cn~lX6I^*0YH4;E@S2~XdVS~}v2SHcboFH{
z(dU?3ZQa<rT;oo!Rt1x}RQ}t$Ic`gBNzTwEvq&Jv1)i2VQYIE^+@NYj7jb3o$j78(
zQ<apRtkzAE-;EpIRezQSW%Gd)*VScIJq!2%mM9(N$kPgYa+O+}{{-3e{My_*ltp0O
zIHP9&x%i!GVEj<#MEARl`vr41l!&9vpWVIZ_~K)G-2-+-padSE5&S!_c~M8o|9dF+
zrKElwfT_6$*`~*wom=gGNLS|<r>3&66AbJYQ}3k6-LUGlf06?{gW0zl{!Fb@2+|Tb
z1G!k8F+1`xe-RcS9c*<~47iy@AO}nbr^D~bTP#RPGd{)~3jp#?Mt#$N2SESiH~iVK
zz)S|TT3ysBU1N>9+ngNH%B<2Z4|05dL0_aYFMs|j?c>qCpU$~sT^b}J!$|-^PH$;t
zpI!$i%K%LQ<TyChTY^lmQrx4!KoB_`+v<~`G+3e{0EgD2lasgkfI2YP(m}8ZAMygM
zii@kO!uDgQK*&LRus&KyFNSyPmMsniH8nM<si`?R&ggVcgw@0@6W^I{74p(hKk^-+
z=|WDkrkZi)agKc8FzDUpR_K#@Q=$n~@ZPYebEi49J^=7YTuWQ#xND7bVVALZY@uFB
zP@Mgyobbv!Yg`E+KprOvYc@LAFX@QK<NE7-t7!+z2B`GbIR;kk(9tTXM%bA6v)rFD
zo+K8qdu;Zd-I4cW&-tsFTDAA@3w4{^b+oPizFDEyXn0HM=|HIp)kDV2?waZqW3(bJ
zYW86j5t@pamgS-<e64fg#9b$iXrqMA#BQYYOFsGA{AtM&WmD>JhrRn(smDca+M)bn
zUf3N|pbYE}%RKuY;#6b2$HR|oc`IL<)kGyrr9#5>?v>Kk2yYdqY-@-SDV&!A6BfrS
zEO}Jd^?rAKzVpfH$3z8zQmGT3j!|;PVVbT!v!$I5SB>Adrr#GI=<zFBTjj6cKJH7z
zY*HI^iKd(Zpnl5VXD6e#JCbH-j|4861GT@KwqMZF`NXQhQ;&o997#j7@*o)XRzS&#
zV;{tel~Z6ZkH@6vW5&i^CExm+DB_0tFeToGep#=J8HW!FmYu!H?lw@J0_P8|s>9VZ
z6C95Yv=fTWeyB0uWY2SRyaHv8EEoLXaQ<K$S*^S@nLZl`5E053-E$c#zl>>y$<Zx^
zcap|C3-#>r)=8Hlil446kHrZ)kpzX!o*GP`l4I=gdM$+3zH`^3y6cAfe5dr(7WN32
zUK?^qvBbuBI~aPRC?Rczj;<_j->hTa{ns4EnQ8;L##4<a6A!~;45tG$60C`IhCdk_
z2=?H!sDAEAxl6~^2@asPu^kH9k<$4WRFYPE*HCRCboJ?;x{PzeUv;yD8!$1sZ8xEc
z0k!ezZBxov<hTfl5XytC_7=Ll3)UsWe_Q!~kVJlqnxUiwJ1uM<$|!(G*x~fprr*DR
z56~}=0CS<xx<&&4t#Y<mO)n!3Y<rfj;RBFD@e!V0SoE~n;1=N9Y^OEmz|fq`lpKKS
zhX#h#j`NR$495W-a^<bVgB{X9h(}pXYE2B60N^$RF^LFwmW9-VtxbBCZJ%wMr8?W%
zhGLq9&)x0XT~t$J?%c8jLUI;a+dwph<yC8A^91m&Oq*bVw%&+YZY!-$GZefde9=;%
zY3_%Q(=c>saT=@_S2olysZvDjmeLw(^Iz{<bsLA{p2lVdy*8P1&!}s7dQ3`Lnw(u-
z7aSQBFtTuBYH*~)19&K15$)`1wY&qMsYjkt+T?wip4IJrN0P1-FzakHS|N>U_*dxb
zeN9804nt2o_O%m&rHnN1lqVRofz7+#Qb)Mf)9@5n=YwAUjdKFwgu&Q@7-Nu7z}Jp{
z<WCoPKrq#Qg<3>R3m^+Dnj|fDX-w$6e@k<%sX}6sE3cAbl!9q^TAUpqt$%xL664tH
z!UWZpXap<eSJRxHqh`_$(PIPhB?8p^|6<e2HlyVp;5;Q2I6?$=phtWv8h#A5XHA#K
zrw;l~Cq!$Bz({*WohR8UZRW=z1i?KRID4}g;ot~BnKlwYdP$}`G_dzIVXC*{*EIaa
z_WYA)1NY~H=;Ys7M}v6|y8EGZ$Y~Cf=NKdki-Ea@@D#f-ZbCG-P+Pz+gqCNLyOHBZ
zwxLr2(WY+)alOIg2>2l6w8(#a2|h&-5zP8+;D1I`ROrjYzar}OyTSkLXg8DK7J0?{
zn9x5wVuVYMADI?<kN%c%%~1v+xbq;;P~;H{@e_j72O`jONVrkibu4mV)A|jMJA7i_
zf+X)o@AUgi1NzAuP5i%qI{K~mOxp;?LBJyShW*cGJ)WvdDY4sGSLh^)q*&=P4Or=r
z{TSjWBPyc4=F87MyjKy19LDQGf-Kjm5S3(HyBijZ1xzMHG~?;pmG5xLUHJT>-8?`p
zF5wU!)bqo3!yi$1mwEIM2w%DM$oT%nASVKno4rN$IxUu02Qp+=XFn!g`h3H#Z!_<_
z&d&e(oJ_~Ew{OpeTEhalovCa9aL8*Fw{I6v1W{doSjMA;m6fuYs(V;Wg6}zN#AfO4
zTu9BHDC<8S)vO`lRt3#%7urK@Vds2kr*8hCoycjbX!GZW3{ai>87gHs_~|o96~?x9
z<g^3TCthNiOlFQY<p)%kZamT+y!_y>m9p;Gr-gF&!Fr&x@WdT<Xo0dG!SQJ&$^qN6
zwD6_m{E`6>;!KPusdXazq{@cm`7tHD{)@TUNhW1xip-&7(c7pF{i{m@>2g1*zOjf2
zH<c0QMd-(lENsb}8*&i<#7mO%{En%a!G@e>n%7q_AZz2SocBHD8z>o-dBjhNV9zb}
z*EpLQDwO}%_sXCp(S<0c&AD=D^4!MNN}3~Eq#7fh)SSB}%|l{oH+co&-|*Xnc+r9_
z3=9V3<WhI?n@#OP>6RC&sNi7y=ZFV7C{S^JRX*kN7f}qUBo{$k4h0OCq1MaDLK^`w
zxrC*%oa(7di2)b4#<CpMr*UrMEt!$&T20ND&omJpTHQGTdGc$b<r7Nx%lZ@r%F;VM
z(G~Ljn8B4>qb|O<q@iLLk61YvefqB?D(=9yP5Fbk0c|PLlc<4ADVmgAEmegy(j2tN
zBo`rU{nwl`x1#s=c34^bzO?q_ROcf2v0`$%>N8*_^%kDLlO)aw(Q-*&)T;0yV?jK1
zf<IH`CXSvtz0buy@zIsM%>9^y7qGXqgR(qX)wVsQC8gi^>_Y=0KEGzh$Rg*i%1Ymt
z%=#xk?mKXHxKD_<L%p9M_{oPxPnf9xSBck2Dm#@!QB0noqc3cBm`6Rna?icig7tTP
zv=0g8l=W&%l<V&8Wk##We0~`kZ2W32b%aBcvDG}cv6|8pXd03_d3FX$u><vpT10(@
z3_?Z96UU&GN&tvaDSkN)7}M4coA%l9@1pzAQs1pvRap{f5y7TWqw?NdQE$;R`u(d$
zEwj2UtpIZgs_WbV6MTKqj?j_R%zZ?=CUr)97c^g`^d(<7cSJOtji%6&*R^22;E@Hs
zf$ju`u%9GpqNX`GR}W%`qbC)=gK8160Cad?HUJ%?oIO(PVUDhvfZKB6PV@dQFVfKH
z=jTZ_+P?8wHl8ot;LXbnE41^+N1tV?mHQ)YEDo}IY)(14ZDxx%P4CVR&Q<&2xnGRm
zy76<~L#w<}+EUF0xG%U~kMZ@DS`cZ!vKJX%Z%O#yj%CH%{wptTTYaEz33MRpM;*(F
z<Y}sN0Qyf`8A*1mKB<lGHR<5_%pEoIN$wsQzE2dqCu}B^k~<J5cgLro9A%OgH!@mp
zSwdCfb^iO!z>fGvBh>_j=~<~Jy#|X(RIti#{AJ8&8olc!B{jn%b{5*fR32)&H`;|j
z*{!<z{5Pl^to)JfI+!<g997<<kEs)H(K^Fpo<?57XKbtzsyw%N51)&V_pOk!pM*X~
zho!hZHD|9BlI7u<_M?U+e@C%^RCt!q{a7jGJNb{pS+)}}JhT$a>@H&i-+fEDoTs>U
z10B}9zk}8P5VOPS=yoCBttT@cyGeMq?@*fhyQ1=in6Lh2zzaGAIo_q3@yIAh5kU)J
z1=*hEom3*yQCpba?hvN<*u7jf&D4@A@%><w%WM)XDd&4uSlnIK$i~?N1kkdT!+IGV
zCZhC~-`yDMN_1$AYw>U)Gn4NgGu9e!ns1Kwt!nn2UIY<5^OYwjY7fLf)t40IjW?H~
z%DYAKdKEy{E>QJ$X<zyQAjr}(y{?gV6=mC`Lre}+^53k_`){YVkQE<0b1+_0zvS98
z{MV#L=Iav-xu@6y*&ECose&}b)0Du^ou-<ry6$WFD&MvGFiHXr%Cc^;Sj{3!ZQ|1<
zUJ2e+(AQI$J&A3kaiPRrtUV{vYjf3jem+F4S2tFzm%sC7wWwLW*;hd+MCkIU`-{=w
zP!4+1-i654Yd<n8lg1~J1Nz3k^!bzWC6u~AU$J1({gq9`nY|<Zs}s4zDK-cl<~NB7
zUe$CQ?f0i-3<%$~F28hNZJeC*;ps7D+rkxO{A@$u_HRy8{*BL)=0Ms@cgIuFjJhH9
zHCO9058rJcc-5v<pBWvx7wxt&lHd5Q_lh|f@9=1NJ$r4}R<GGDdZ|fHM`k{6dVT;;
z`4PR9hEF#?>hagr`7K4^p|V)KU}62hQ6Bwrksqcfc7_{u?X6Ec=n+$PDX{8ww6PX}
zs2|j5Ul8`D>Jtz1;-`a=O^p8hjWq-vuD6UuUP`<sr4Ck-X$nb8J56%GlDCDZ>^tlb
zdv1~0&dyoPZ4*jj6ZRXCD?}1>SMN;U8n?W3r(M9Cm;m5I-xsYiBUha!R)6GG{uobs
zV~Whny#(!N8uzJ~W!LME|5_iMrj?!jK#p0fH9ob|&$GAjRPvar98n)QkQNDKY4M!L
zq~UP&$-azAs_<1~^$#`)D@eAA^BvPB!0MYU$A8ZE-G0D8ON)6k>0rhXneM(Rc4WCO
zcN`2<3{wT`&0g8c)?~j@mCB)yF=aUBtf;Z*_IV|%a$c%K$3Z9uacVAaG1=GtGAJ@n
zXVOG=0ad%rx^R<`WRyW}(LO$nIWSf})q6s<Jl{QuS@kZ&IN{Wb?8a)EPsW%lFHY~v
z@^zIh3mIuBrj@rCn!J4w`T~rDrAG$QD!aL6;6Qdy)n?u2$hdqn3wfoidjLgnI$X?n
zl*QfJ(HbqKZR6}V$^W^f`B`D2Txcht;~Bej`H1=miC-L328OUZ)qyI{*H~QowqR<P
zaQ~h0C@%8S=<%WGqxr9@NA7E%I{*#ZOcGI)Y!@18!|tP89_zbQa*KawBb6)ucJXO}
zi%k#duK`KIUcr3CpZ#Q~u=F#P(N2*pNmO31@8ZK`8)xyWT?SvSl(($%!~_VH^;Avk
zJx7GgqsZVIx@6}rtGx1&Q<zL7_}cc!Ia4?>-ucnw5yyp8L*;RClfW`F43Z>)8|c}}
zRH@_QMl4a4oEA#39PSc)0hX)fhW>d^8~ubT^~?oqo-j!eTO>Dgn`G1TDnO#)a+2_g
zzVBdKR4F7~_p1+)<4inADYc$i?tvQu!Q~A!*WQ3jV)4fsU)I)A*T+_fg?9>l&rA-*
zb$Y!Q(>KEFZ#7C~IRZ?btU?=)VB%<6$DJKx?uvy)3B<=iRfm|(w1`FD9ZVLV<T+cl
zoRLlEKV_W4IZJMT+okGJsu`=eWLuui<r`8iwjOqXcbL37qK138!*f#3*k1h|m*ng7
zdP_s2<2fGHwj)a)Qr`~G({PI`#+vfB*9Ele+3dQt+Wp}%%0S6>q^G-fx%fk8HHlnu
zgBcA=2}lpqqcPN7SANJDdz4(wexZu#SwD}WWAH;=;RP-mC$D1B)wX%+M2Yo5EW7SV
zTV`fY(|IcQPTTUG!)0c)dyo?>m!}g_L7e#84bE37BP$jMTJ1*OaJ#Vp12wsfy!NJs
zp5>at(J0IxxA+z3S>L_gw}&FybjJMB_W_NP-ItyFUumUo{~cnOJTIm;$xXf)eRC`t
z-5r~h?Ylbq@ZGUuN=-R{R+cq-Yj03J)IN#e2>XvCF0fNbw@ed4q(5`NEXOh!?w{Y1
zH``hq{A2mH6X(ioNa$gRUDnsf#+yJhkllYF*M(D%WB!A+W4_nh{4dpSO7uWOv%LuR
zIMV<-k#_*?AlODMS{z8XTsLsA5m*oN;gXGb3w96@2&U}+$))Q@V4mADkNbQ-DVj?C
z@jdbsb~wk?f*$UCKTKJk3TFQ*gbvdE5ZKOSJb8$@XC8<n$Xvf2FmwOOJUM_3k{YyE
zVfS-d4vduD(W8`a!sxqxkbv|K6KsTd=3on!T%Nr;Z6!;uf@;D-ZsGXM0BnS`w?c#C
z8g`i-`$jbl1(mn`<1eqPj8k>Ob)XKN#8w1hg3SvO?!(SbSYozArt|u%-9NP7Fn>;k
zoaRIAqZ}h62|>7yPL#bL3;pBc^=2Jh1}%Cd{50C@KJerHMfiba5YU%G-%K6-5l*-M
z=bumbJ9zyg*uD{3PQb`Mh9Agj8rVA?AKe3k@)3R@kEnjX;t0Cc)W)ng@{cF{t81Vk
z1YHvBN*^U&$HD(){^utA@%{gyg{2VHBGc%G^AWmPUB9J24LkCA<D>tRR&l|7Bsk&6
zaY1yx$$a^I8P$u|q-hT2_hI9`2aW#Y2~=)s#}Q?ixeSOVL^|+l@2?^~{rw7F;~n$!
z^L9tSci@0kc+SlY_*5L!7V9$}Nkg~br)i=$p%fpKY{({V3%PzRJ$q{bq&pIXZoWaO
z%8SdJ&qLkB^z9WD71>P{o?}I24lU#3h3`trpGj^@o7G|b$Ni`WKJR2C)kYqIG`xND
zBdX5Uqq;p%u&gAmepvusDboOLq4s*;1R3Eh8a&}(AS11E<l_@G@lo&U-@K#E3AQM0
zXC|Jg$9sJ?8&22a<b1M1JOfG&t=)bfATb|5i~Tg(nx(hn#YoR<qt7KbK)Tte%F!x{
zi;yE$dOpOtutwKrHEIin71pWS<{BzS<ih%#P@KTJZQJ?7=0mdKWbaw}lyYf>;N=1;
zw-3&RZ-aMpRc3z@%Orm*Fv<)mXwFSfPAcF*Qg13DThLjyd%bHl$;fVNEytL6B@YEE
z=LKJpD??tBdA2U!;Vz$?3%4c49|^?`bWAk9WUus_7061W`;S|MM<FJkIR|=d^G75~
z3tl*fn%a*G-eL;Qit8LM^+?UtvQ%I`u|A++ieQDWPtIg}%p!Dq+m~-TH4Ys6H9}LL
zQMR~EavC|>CUKYK?&#iiO9;XV3o?fn$mTe<GH<dd-PJWn5F(a6>)J-pvi!HVKzA_j
zgD_=|gI*JhK>y!7s#U%h34uQ1+46hZy*`6X8nkdsXzvD^k-LZ<z6nT;CXAV9{xyPB
zF!#dmBP+mbEIEa4y)5v_xJ?$$cbxB)K=kJY#t~6P(=X_P78vTwIpw>R>kc2?U&s~-
zARDmAcjiis`6`$^wM@3sngWsvQ_<lJGY_<IUqu8kNRlW9N&Snk!5TdWjJ(e4IY4q(
z(W#dI2%!+1s%)%tjLb`!T+ijt3Y^PtV)o@ukYyY$Fj3{H+?WNPeD)?K{G1ms`SfH!
zHdzoA;qUKb7y2kD^3Le}J^@-|HQw`%Cy=vL@KSb1--f2zLt1LT;bv03uc-ealbfK*
zGxCj7Pzlm(WzJ0xwNcij%saKm)zhDADZ|<QxD38DcZ^Id)FxQfeZWD0lDaw^dV<*%
zs{BelcU|PsTA{Vs$I(5fO9Mjy_3}FPkvZC0axdaK@i#Rx@agQybrT(-Ol{%q@%W`D
z8t+d((74&J$aAOld_bv!!8H}Rp31pzZ}$b<+H#y_3PH&@mAqp+soQ&yW0ZV(<9T!s
z+8q1x%S$0#kWaDxF?`jsZV32Wi&eWcqWX30bPc)NoW^xOuOY9$K(Zi&!pPsx%iW+b
z26E%k_I5YuwGNw-^WN8XWiLU!5RD%kFH%mff?p~1-YUQN_QNxcUEF~&J#u}|FpI!3
z>ii00RRFw}*7RzaLoa)Qf~7lE;1WtbpnHY7;^DtfBpyWVU@FVv=Awd0;HR#zpDS+{
zfUSv$aazN>``a-xkQw{AKEY-~?yut_gm0BiS!fl2<iBNsnDoS~&psOE*!1si6U_Dp
z{f(Q&H!FR1cX)mldW@giWPwIL@vX(~m40Rw-;^OtAAqD0@<Q>aqbR1n580h`-Zjz;
z2v_J9qO98%HKP(xSsM~85X2dmF?Pw=hdEe?Fy9mTC>Y}Sz2}a0_fSS!myppW4;?`;
zBH$o@TXdtKMrw<eOWO%2);n^;JwZSVY0LG%;P=cd<K0;OIOG7$`np16#s9FFF$Cn6
zAPYPodFM|@)B~wSEeJS5(5&XRP4FikW;e$6^-nVmkv{S`|JYfwgq-bh@U!c730={s
z7s#^3$eg~zwhbZt<6C~nS=sxY+mUpEf4d&yorwFK7(yJFnx8)P#OpIIjg7aF<LbZt
zYVsayK51LqQ%LgTjWq|p_5C)nNDlGBec@Vse&mOc1`S~s-9-rYX*oSI#~ntE5RRcq
zV8(}6dt}!0mt`O~v>_n|RY>WT!;<S?hVD8wp`2GI<qhS1fyaK^_CY<E^_;M8-@fIk
ziex3eds`a^%2kGimsC5p6ZldXwq1$jmQ+57Y?@2I+dQVg4oUCJX#B$d7j5|mF=wYZ
zP#@EkNLWu!Lfy|gwb+BL*{BB50#p;=hO^_CWjNR-N*zRoKYzY>cUEZqzJDPuF`G#$
z+n}3oqPc2`t4!`zfru~^7#;~RsL6l%g{Pmzc_8n>1J|lOyyKgX@7RM#t5FZ^{~IQ*
z5}HUxpP%oBlx!QDoW+HSa8;5^p+?P5x~#W%DIY!cKyvrzsJwlMI{0Sc?Sx1km=8PA
zWVPL9-mi5xrw~W6(@zz-ZZncf{_fA-|GzcNiB@V}mPE`a@BhK+-Lw5gZx3S9_bSov
zfBa6WjS+9__b;!y--!vOI%t;}SKjU@8u$NkWbw4eHiD^m>0UUF95VRX%@Om+6-ZMx
zf_>ab(4EdPs8Q1xg3>0`b2L#ah)M0)w6ida4$%GEG-zf;t)DRv47&n%Z{gx{xxz}k
zjG!e4x+Ymc@;?~YtWjCgVIsN3w)G@@9jRUK>&CBjjpLiGqgrSNfZBTAcn$IiL52|p
z`Rvew9WCv~bM&NxqwfN;MeR-?M6>_$TxJ5)7%pvEmq9nAd2}V66-@<+2<iHRf(}qw
zRo}ZqIxMad>{XLC)=_w+wHFMi%`>~Y(_et{INWfvKHYDMt03k&KIa>8O^tyx`VcHb
zbn#{Xcq&ZUtf^FVu}(9XuAunouBL)5s(+#Ti<I^0y+^$Ku(&K08?Py55mG+Rg(>=)
zNgApbSg1C6an9?c(De2YK^Q<YO(f;ydG55t;^bHEsZ@Qh|KhhbbR9LfZxd7sXJ+P!
z-j8~wEG>l?L8TFlK_t56=8LVKO?2GBL1^e5boZ{G%N4nBq08@pA6UO7F)uNt|7?R2
zrsLZ2mn{}}c|%_XiKFE_?O+kJiV$H-g_F+TjcKLQV^Q#j?aMylrfBUH_E=^DZ>(<b
z<O`fdmVjSuL$81%cTcEPRbQ#7x&962f31gKV|1|>Q{s$2L_caJ2_)7Wzv^6SV~dZe
zSr;%Jtuo~+BmEyd3&<7a7?c{X8Xt2BThB;}P|Ne$B`uA_RyGVyM)__{LBQi*oQM=f
z7Xa@hyNlziC;FF`9!V`(e1E1Le<knIxeRrAgQs~Bd5a2ueAyb62$M<$Ro=5`=aLBH
zLqhs=No|Xuh_k8i%uTO2a!Z4(sd^xiJ#AmOa&mMh2SH?EzRLG>!}457A01WR*Yg9g
zIwlXsR_YM_#&flwX#JW%2-3O76l37dCNm%W9-Sp1A9Zl8bC(WC*`vw|#fL>Wmn7}4
zsVF3{Y$ipJ;~d|2L-x{1KtZS?K24EDPq|oQyFLqncOq5EQSI3?8jFk`(}Rvr_P5KM
z_Rlr(udi<~5J)(u_AWwN)|5Y#nf+w9$$hi`${UIt|GCoRj5N=9UNUbXIXFoxVL_mu
z<ZmhX`X-AEV{v{@mXu(Y<^?3Ch<8nVU@BL)4SfYz6%BoYAe!~ApOu%A>=&^<2~d-a
z6r5nky79cM>8VV}*DmA{!V3>7Q{)}ay(E^pA;jqVuE7GY`bSDVxz<0s07e(#k+tSQ
zp6G@_E<X=kkLFHjG;-XF=MVFS`T)dw6O~)xNf1>2f8`>(@9PHVY0bjvS(6usohPqb
z+%<YbGhnnTc>x0<pH*e*Ux%_@{`sz<n=Gzr_;UGo74zQH+hJH?_SBLmJ=O%-GD<J3
zeIJc0x4<yU=O-myNqLj3D1>f~lzzQRp4`@G8VeD5M@0?Ik*tyR*}9Jm#AfdrDTt<o
z+NVmqM%S14M$cj~9f={@RC#}87*#{p(><ds7S*E^`QoRKtX4mK`tsqH&WJ&aqjL~q
za`7&lQRw-De3|1^LqraXK7VaC&snroL}cbgMkAB;*|*X4+X$)rdv6b%&1k3s>*D}Z
zE~$8dq}3{9wj8Y;*j=uOc-5Ew{cPffXTXdKOiur*?rRXZjJK<4R6W(1>oU?$Z7R8!
zV@NEB{-bNw8{0gEgeIG5AJFrgOlW1tS*UDZcrmK5^n%h;+{=a*sLwj=DLh(S*Y&Dn
zxrfvfgr+vM(AWd%g!JOO6VaFs+g4db%}Zwij2gMjvwE&Vwu(kGctGBZ{^mdW(vxxh
z+$24gZqq=A(iyJ?Z}oSHYzt2x2EAU@%7UWL8S?Y=&-uuWUV%7~y?-o=&7}Eb7jt^h
zaUk|g8L2Q+qk>i$Yv?0)7jX5ew_m}Ok@oT}*jVgaa1G;vs?bdZP%ZdbVac(3t=fMy
z`r%7#UdzJd!*At(TcHJ}W9F?IZayZ~y;*Z?r<4mkfg%<cD7665T!b;Uom-;Hi*nu0
z?;PFKwAv|>W)q*5!)Qz6ep!B@G}ZXjzYS4*8hC(oD7BM#JE0&yAedcm!*Opc?9HSm
z?Uxvt`O;)9n?ITp2rgc4Hvz5sq12CG>v3oNw*e|M%#=Y=+5hOrkViBFl)(sdyGSEN
zG`ca2zU}0e9m(TtAOUCGGwY}2ueZ=4iu>(|MRHI4zN<#b@lHhB{@XKevG0S<ee`<`
zr`DnIiNLjAO&xToFZRyq&AZ&%m6%-J7w7++Dre#DD}9=|C0!SCfv(~(y!mM~JVXfN
z;iJgP(vMsaVK*q^zW`A8YKyz0b5-3ehQo?}RcOs=qY<Fy1T9|?EcG+YO!oNW(WgBT
z`SUYjCA;X-YO|MbAQ0|gl0Dat<gG*6Xi4WyCDigKQ2y7~YdWswKzwfPIqLdm_+8Cg
zNuA4Y6SiiVdGMQG4$1Nc1HP<fr80*yTiS*7<7A-*M%$&jrUj_g5ts|a<}}71m3oFk
zO|eHBoXy+A)_s;X-NyPVI*UMcNvLQ|s!J@@)4XK7_+A|7$G0v{znPRHNBQPF{hSsS
zmxhzdSnlz^T2XK+t#+N0?Pyq2H47;J?rbRIA>^g%;3^5~<J=M@O*;hB&pY2zcc7oU
z7r*g90dzK?U0%eJ>(aFb#NgGb+_(jl&V-isc%(40JcjC;){WIHH<@?tS*+=o`jYK9
zxi%9`Z}x36^!5%!S5=D2O&Itn4X)!sV+l~mdu}rH1$pb1%o71IaPooDWAsOswRkQ@
zKSl}3g)5CtY{nlxw93pmcV`%`X{Z=J(|vkTlF#`b%{Y%oOm{VrLkG>WphIa#3$p+2
zZ<@BQ#xM2Lim|H3MTJmGr`BewOv$PHHX$|<VTj2xr^WUbHI`v6zvaPXv+Z3h--9m%
z`tJ|DJBc4fi%!?My095kp7Y?TypySvoo`tpxn=T5d{n7q!@CEACAnjDJJC=9?e>Cq
zrITi=v+A)sgDLLwxv5_^p-_()2QGrCK01buXb}^lx_mi-y;7Ej%K65`SjAx_ba6yM
z*7cT0t>*%zJ#>xlwf=!6wCwU)b96uepwch$V3H*^leBFxGTv##D$0Ty%MB|9&j&(|
zPxFT-lGlKjQ3%}YCOWb6HWOn-hp+v*rSOjhQ&CF1@p+mzbZJVIrr!RQ$*29wub2?k
zeH<8r8!l_Fx3X_4ND`K6l|rWa3g1;9$=1uVg*jN+ABrmew;O1i6zvy4`De=#0{b1q
z(196ePxAaAJchrMpqAJ!?CBDJzNVbn`mK9+yQdW$>T1wMXE-F(zA|Gjf6;zhmZs6H
zXw2C}H<ej>2}E;m#uie<Uc+rZeoL4|ppYHNURId-dU5z!8t}HfDB)ip^;81;NA>y|
zWq(Ez5Xr~m^Kbq=s@b3lb;j#7?v!i4*5z;%wpVn1>a#gc#VA+G%rW0(LgA*9m3x4t
zkzi?+ZcW%5Gyp+orZpSex$q3liWg}N$IJJN#Mt=;4O}gF_^7J+Oc@TgAkb1}Wmamz
zsDl>-u$l)|LV3Fqd1M|s9k9=p*g?dgZu3OU-R-zQx->PDdL&A%+44pS|K_s?I8?iY
znyxw`sOJc`vA(L9{MQImtQayFQDl%ZK^wHA{(8i`s`w}N^|%6U#<ukTPnzLCqkiea
z(7>xx_^Hbcxw|Rm)spkx0bkl5{q<-2=i0#d<SQ^H0z0TSdsdZP;Pre6s-~<!6?E#t
zxU_$EQ07g^p$vh_JLBAIUtWn$bj~)CIUeN%S304EUZT6tj6!i4pYH)&U3&~Ke_PCl
zqBAqbIKc`F7sO?1?FReo)@t)R49B3pjAuZZQspuG-ig}m(U*S=impB?B=PMA>nAXc
zn;2DFfZu3jB5*X_H3o=F1HfYL_8wmXN)ye0ZJo^<snbsmPF9TX>TcYdQu0bHulPb_
zTGk61t0|;igW7^{^6tjC=$N*aIzLIgD!c2TA8^S84@ls>8g#XELKT*08x-Z-|6^D)
z4f5Z#r93ug>uwY@Jvr{<U0jm$BZ2anJu01PS0f`S|8B?R{>u1Phh!DX!F-Xlavxps
z;>&*hc;go~y%`)sl{Ps^HnQy~(SHapde8=`Pdl9dLit<LvH4=kD?jN3`Gvp|4m^(W
zL6MxITV|5*tjqZ2Za$G0M5FF6>@t2+B}#Enx_;<KwO6F1IH*;a>((ni?3z-HRBiw8
zG!kkk$iMD(QOY!*@9}Z8g_2B{fNR<^1ihHGyY+T5=Xcq=+1#J>Gc}YhW_hP))%EbY
zGz#UI{A*%94As`F@AaG0+WBC0=y`dQN#?~*@2}MjxVVi7`qe_@XETzVm3&_v$Nk`K
zPWBils))uB%zo8K2T+<eP{>D6i85O4ddtsFxr*5-F&CwafAs$zNtu5B%9MvTNGIVD
zYsSYov}!y))y+{7r6R`NH%Z)?UwWCo2ZMJgra=j%x!#{TEpy(O->qSTh0d3``gKQ6
z!~fOVmB&N5w*LpAQc0qs(CMVIB$X|N>XcAfVi<%<%D!dEIwx-_g;K~;l&0*2u`^P#
zCHod;>=a`+mSN_1JyV^d^Lu}v_x<BH|2;GFJkNb!_qE;EeO=#6^5tkg;AQ9)LyHNS
zu*+=eWfnD4;$35{Mn6=1#X%YF5_(FPxGcR0!{Z4J#@98?D3<KkDDN$`wNnnEn7wC3
z!+$Y_P|u%;k87##2(<!mHB$~AahJu?`{eZ|hVdk{nBLWSo^fa(RYbn|Bx-aDgcXNA
z`!6p7pAZg3m8P4HPnm0t>xv*oqw6r{8J>moV?%A-R#iD`2ds?xq3}1qs?7)Dtpi@3
z+WP3R7=9yeXLXYdqLHV(Ur!y$HcMcyE?Q&Ud+QWi`esi~d96*X2T*;{@YJ9;xRFuK
z>pM$!@v&d3<&UQM4c)Q`LDkIc!)1$Ru-Bt=G2U1cJ<LqUmJ0l9udg=%3#9E9JJ_X6
zYt!S%b0^Bh>@)R<1lkpTq&%J5h12%itB-{ZReXQzutj~#=DnsFl&uS*DH`|itIX71
zI8K(_&wf<OkRB>k%Xq@Bv8E*Cs#(3~MAtPEd7^Wy)wTiOyNNB`T=SN!%5q_`y>;HZ
zVqESMmc8L0KZGb3SYovvYohwH*%%h}GEL|Y(>+lmsx<*{3)i4e@)6AJhLYmVpCu`2
z?v_^$Bnesl%6b1wCF&aGNiBZ#5pC~p=z}^`E-T|G73!tIVp~N&kIDgx4*g1k4-49K
zX<_}@>~=aJIqmxodYTYgR?!yYLA_du0wGYjDo?RZK=-nbJ`bv-$uvzfydAC1WxwHV
z#?JmlcC%Iq70+*9n)K8>@evN|A;bel{lS9+t9AEY?A76jH4fp|K!x-~yH<mVrKm9*
z5`Z3;?%K7El}|mKNtah;n`|{VMr+AF$<mKp(~96;qHIvH+E3+n!){dgcU!*wql0(V
zo+s;37q(OeiQT)(tm5FoQW32eH|}X{!#SxLO4L(Vy<2nj<p1|D&gPoai3Ud$Ds=ar
zV$KH+h^0|4S{=1=3)SsJy8fK^F8EneV7cOnlxd#GkuXF{0K&an|6=Ln_FR|JPl|p9
zw;NtE7G6i8m3G4htSXipao*?hsHqFw63!@YN1_4<{P9eWVd%@1v1?P)HHh#ty|M~<
zq6zgIqe*(t84Nf&!h=3<`t-$L#;rznpF~`bfbUF=MoWOfrD=pZ^yDd6xW{RQy9{34
z`3;dn6NH%SQtMej)m-{4MSnGt=6CmYNP_R%8&kfy^f5X5P1PGq%=Fgt`w{W`9GR&9
zQnSdkY*xEj9WMOX-M-M%T30-Lho)ITp)s26>0)P$_wGc;Gt_Cne5`&;tibA$^X#k>
zP(1z?OD}&RnUUI+z5q>wvH;b?TI98{XE+%}E2@9+c$Abm4jQ*WHWgnpD}D_ih4l7&
z+7+4lf?Jc<<%;U)A-v6{_vo8ZXD_S|aD#|g`p2w}unJM_O@}QpL%TF>y`Yk3cr}X(
z-}STXk7Dy0fDIBZIk6Zx>hsjUTGtMSON>v%Pl~OeLJZv1tG;13K-b%ZIVG5;5!%WV
z`TUj(VX-9bc-)%52oWPj(Bf8OeE-V~f!wN6qc$^?<r*-jG&dqDLO(aWqfcl%x}g@_
zDDXujvwhHb?*Q6nNbd;NtH`;hA(mu5cV$`Yn@6KXTc^lkBvp8OQ!+I6gChjk7}#s%
zMWRps!5(NR2KL|yC91Kz@upEp7MQ+XymjAUsFSt96mtuTFIuJEN=<Ss>N;Y7kI(7-
zbiep`I+nf8HJ{3!oj&=47r)0`(l7KNUJJ9+etGP@1L*b$B6o?Qqa>%%9cH0~+^$t5
zzzL}C5VekbII2I$3mes6;xmenU<7RQUa4VeFpNbXD{qo7n0MTssoNux?;3S0mV}JF
zWAMLC`n0?)#h3?of5n!RlQsQufvsRQ?4A4=Ec*qdLgW4Hc?7}z4VxFQQ?H=%8V8Wa
zJPXB=4Lhy`vMpI``seHax&Qo2(7sRZfYk#S?L(cPtMKdg^^AqY@$WbMh)e9WWHIRA
z?Ns=qUF#s(3O$hhD`4^Kogzqh64x8jrlp++#F)8sKX$Y#$o|CIXPz}Mp}3(DU0B3*
z0=2NO1!;`}<8j<OFHujqlIO=x291qv#ND?7>@Sa(P|&~T8(PD^waK852?ZpjPx!V+
z;g`j7(B7foaaOY_AY7JXwpa=9FIptRQN)u-FiA_$406tB3|tcsht%Wumd~J@;ENR4
zaSSF3pPE5k8?vbOKOTrGli^B%JZ>*w@>?9mYdiB$k1di0`|y1OhBctZPw#B;*pM$-
z7aW$+SpfQ?HFRyjaAK2$j6>k#U&8_6@#sr-pY?CBv};Q4j;qeDSmF#Dz<i|gc933q
zrDAW}W8hTd?+}0rlB$AkOLgLh0sBQc$pOKbp;i2wFE}d?8DB;)8*-@Z!yVa&48+#_
zI`A?lxqmUSCnPrF$j~+sYqgPPIkXAvPA&2L?1|$?ek2BhgYaEka??dkZ>o+;Y3#e3
zFV(v^OWkRH^&(M6XL!fW;`iN&6NQZK*l&JFbeizKo*%K*zvCQR!ltZd&X)BsaG90t
z7cVh{M!$edNctAM{n+caPS6;kDcFrTu9;n^#MNy2rdp)t+Gz0mG}&*>O8zr`spK{$
zvo@>&1ah@SnR-oA8{<aS;~KF^y6vAnX9KFTFRdZ&Jo{aJLG?lflsEik6uwVmtISUg
zkA_g-I4<y4cGAA`L;L-Ax7($D&cEK0G98A7Ut*O!R}k4Bv$_Og8Ev1zE$jx@i^JI&
z|A$Baur#5yZ=ki7d$0vVF0g%MYXpZ8X!kyfRJ4c20r8%dkNCuCw%erR0^U?S+NC}@
zHZTnwJ-sOKG*aHOUaO1E7L!A)`-VCfCIE11)okUK6_SC5R+@~#-R8?4Z{y8!)JfO%
z1N@GC*McN;_aaF(C<(=;)uMPjrxj$8m^nh!Qe~B{#~whk$}hEF+k_tf{ERf!>A-o1
zI#En~4bAp!D!$B6oRg((j9U<zU4pS`SCWuK6+IDuxNnfwX)LV#X92Rk!ysuMj9KnS
zA6lon?b&<J&H$rY1Kyl<`r9GfoLwHtjg+e^B2w20$fzBK1nW;e%i{>>GCoBz;sd+t
zQfontkBXrvMOIJtINPT#u4!a9#P@ddzqJi+NHE2UAon*ZVj*yp*pw`?)%t=Y2dC!w
zb1PRdg&&6pDZeH|=X}b?qt{0+Bgle>1@^-d!fn{kHv*MG6=dfM-@C#mc>UZrNjFRn
zGO8cxq^Lbi5U6Pg<IE6V=jmLHvo;l9VM0!FahN3l<U*nXv_T9>6s6eNK3qJ_zm_fC
zBa>U3i(p!CX&Qxe5v0k#wNC!s(l&s8_eLMv1iGgcz<bvO>K*f;MXred86HA3sBv{3
zg%H%>+kD5bmJJH2)DhP?7iUIxtIk_;o03NIb&A#H=6OV-ec9@i8!>~ll3l{qm#Alk
zX$N)^n+YDujrrW%_OMICUzHplTSE)%3dG1{(>{gBepI?LTD-OM3E~AvcNyNT*_Mx&
zuwO<Yl-AmREuL-V6bISTX}1$QJF>_8s*cObV*e<FP#{q!PybQFvQLKA9bMzB=&zh+
zk3F(GQtm8z0iextOqtlji<B*I2zO1fc1RHA!(l-7kqD#}=3Q0s<mp_Oc5j7E**VR!
zb@xhE`=>-gG{mb%YP??b#i*L9tbB{wLs<#tnKCn0i8P`8^CDiN86iT^aUkM|6#_ya
zvfvPeRxib~02kx>-zx~fMJxxZ%R;z^uEPaRfSFvS^dE0>%67exJ3L|yHMl$kxbMUF
zx~TX7efo^1-waJNX5rI>s_>~y7DPmvsVtGiUcWuhSF=t~Z%)6w35QF+GwmnRJmsI}
z(~Kw2_LZx`lO7)U@%6zhmn5zd;iCD=x=`l122E9fj!SH#t?Ba=aRm1}no0*#SwC`K
zF_2sg8GHv}QZSMW^WAYLA*5*sAc^Co-PY%(g-oX9G8u2xm;3+Ra?u}3pGPrGj4{&n
zS$Lit^KB0uN%KQH0wUK&`_8?`qYVNfD`2iHO=>>4_1JG0>F=+-8t<B}f+m5*S0-QI
zB!0EdAM<*pFSx5cdwJlKZ<A~GxdPKDZ+a+E=U**BOVrzPp%HOiYzQudd2*w|Z;<IY
zqABD)=}WYmL?JFD+r?Vw!+*Bka*vSiqIL^Qh-nrVYb2OV(p9+_)m&ZPszK{jYhm8*
zOxlTfqxIBozKb*AZ|F`{fx*6Rq(~9|-_#Zu8H^e8jw~8u%wL1=Ufdoi4I_Mir`7zz
zt~9UNC~ngH{V|cz7ccV{iUS#w`KosGvgyw495@UVJ^;b?nN=Q2W7I^GIbLkgi%qgK
zn#?p!3wn-0aQxqCzONhl1UUBPh~`t?DGygZSoxDm1jU!u!i$1yjC;M3J98uck7b)m
zWk!wfB86f9kr$TaI;14QYaX(mUs_Z5Nv7duD{&^&Udi<{nKU=su4zG6eV){6%T4c@
z5>{GfcBGT@oemu@yk5H#Sk{mqlp)l^AzN^4gc^5xr?~Jl`IPC=>apdK@nh5!MN^x0
z-Q;A?u8UIMlsou<0u-x*H_fntN*TKKrW)0EVa#&`WS@vB64VTDzcD5kqeKfJN4w1`
zdkrL-T4S%4{>0yq8=sewqrapL(quWlO7~<iXnKW2=*+k@-s-Zvz{h?4&1PC{6#cI2
z1;vrEu`u*ZC`*FLcV}3xvUfMgOn$kB&rEY~!e9Lg?H$#V4lUF65w)CT_uUlp#Uxac
zmsMMP+QYj>Ff(OoWNYi3v*PX9`#y1Y7#C&b4_mS$*QI|@>q+~q&Hl{Xn!iZE>cBjW
z`D;E4%=15h)nE^;+`NKTI4jl(fXt^9`;{vx(aV(!ivV=>q$yf>6v#D_ME1=?0Xe?C
z{+zS42;Ew~RG>W=IX<^$+`w{Y(~d0zE=V(a03*o-4~4=<m01=P@IQ@AwK|Yw94cg;
z#9hKI>8lEGEo3SRJ}tg#{VyZMd2n`H)2BxOeS!gv6=&m{zI4%gI>vW2cr33{oD<HD
zH(9T1FZUSjxH$LF*3m6S)>OlKki0kSa$H82PWFbR+J--Y4s{vdxu0EE7#A0G^f|?c
zOt=^LIxln~<N8J%-b<2FoJu}8$B|~6P9(L}B%x;qf3cf@GpGD~qOIM=6eUE%r+0RI
zhGRX4>y9yMacZH<keOX|)i2DU!O~`1OYX{(9yZM|`atipeC!gBZT8*v^jAU{U=Ppf
z$6h=lDUE3GYc)sl`_hU|@~d9i5^QUkL6vRQtiZ&K$9=X_bvo&SMU7B3nx2H<Hfx<j
z&cC*zcYMa9VfMdB`;paQO!JbA&dQNzxN+v*TX`?|voBVXV<XOb?@G>F)y+JT`}t5v
z--g}x->-%|$L+M>ck9tat)I+<TgTa*=EE2uxoz-)2Ags&#RFm^Vk;jC$t%?G!dh3N
zX|4|>MWDzh86y>gUI)`h93JWejC-O|F2UN-ZHV*&a_E)>T1TNbsDZx{amkiglk#}w
zc$=h<auRNRL$atTO?j@yu&z(Q;3&1v?kbBx?}h`2%6q2OQdt{siiAl#5!#_dhX$q1
z{XclP^Hn2cu=o_uP{v5ycrs&J^$R*smHeM~StDUf^H#zdRAqk~nX0#Aq7HUJyW#Nv
zcVYM&=nh~<vq~L1w{d@u8RDjBK`p&2fy>*i=K_~4^t%Y!GFBLQi1a-wNM#bOVF@Yp
znEj?5cbbrsquLnbb@1OLfi<0ucbe=i(=Om~63ihGuzjhisqyt{M-&xp!{j|zi3k74
zN!|tTKO?k$b%}cV+I++C82xAb$1=~oYnC1SAZ2!JBCOQ*;T66I;mMtLHBbHp$)iK~
zoZ>_ah%(MBjk{roRQ-cnX_y1(x`p*aa;}!u8dtz~@bmM-@OH@OG+1TX*omR+)!zsO
z5J#Bf56NKWe<e_%bBgS?jy6CiyOzEgr32Sb1+v?lMSgY8Sc_c=6wUimGh?t(Jv}|p
zY%w9Eg9!hGLm=am;P1p<tsLB8cBw0$Tf><XRDnqIr-cP)-ZY=zRy)PB!j5#DPE|f8
za4ZE1pHIsY*(9KdwmfLZ$TwS^YA0Uw2E5lq{R?8`tZ&vi-_gPm)3qmdh$T)J(=><9
z`z}dA6J7`escP;;R7UEfp={@|*I>l8Z;ms=^=JdYqvIE9`pScI$X3~-ksUe)R~Y)S
zw+YHnJ-V!$9QqmREf;xOGDDpUpnd@N!Ku6M5dfnsL?;k!3cd-W%}V(wx6=L30z%T)
z>?C@y)N)M`v^X8$6y6c=TnWtE>jgI)>Ki5YRJ`rkl21boBcns_{%0YzGShq~%Z{8F
zt_HI^_-D%vdcoo&J_}Q(gmVQ9Pi4<RXpYLg{m7<c#}UK<V!`kb^Dw&G9CQapQBTBp
zf8w4nMn~qdFD{H^iwmPB=L~O}H%5K%n0bfn?VGl5N>gNwCh1^Z&(S~cIyC04u840V
z<|!`~1L-!Sbp`NrR*mY0%p^H+lSn%vgMIh4$02W~u7&0g8xdW1ke~}|SAb9E(t0Ds
z2!15i=ewf?J{@FlLaYKlDv(==`bj_`NY-38nXE|3LVGJSW+G~BtnA4P-F~WWV-E&V
zIsl72Ji=jiN>oE@ucyw@u>$&Hu!)!Skv8UU$h|i~EbiAwFzl~H)z^4gtE%$OwmjLF
zmP3%ywpOCGi{!Sbf5Up_Bqdp+P%M3rpbMXeHuI|wf9O+Um9(|8_Z=sBqK%q=z75TE
zWq$ryB9DHF7O8(9)&Du0?>9s8>O6x?>MCe)#5*Fc_|u_umPa~)JI|bR*yUm+@lb<r
zfB%U<9`j}!;{;>B`%hAv+`07bq@O#hvPw0u*@l%zo7a5fJ2O3tq7&FG4eCW=_@#q~
z+zu~J6}8_KdYwDxRiiLOI-wl%$jfg7H}{*@ufxK_ImfqY*pmts6cn}<=3Nq=HUUbP
z?PZ(z`t|F~%*=-mAF8UVzKm1G$GHUvpcIS@4Fh<fqJiU7->YLtYq+wUoZE;Wg+j5J
zhP2VGJJnydKT~weklnogM7ZNt3pY18Su0mps(|y?^t6F<o!|!!+s&}JJ2_3w16J3K
z;|xxg+>9k-Z4K8N>1vJQPWjGgX@()x#MlRVBBZvqyPNgRE1bdsi-JHP92Kc~U+d2;
z%&%H*WMrgm5`EtybE?Nkv@*UXF)uG~d$zGqSKN4S@8u18pAVI_k1j1OrOSq|F2S~i
zJe%75wsXX(?^P%1I);S*?a+|Wo#cxK1{FC2S{KQwHvH2!r~1_jpGHL7D?R!|D4Vh6
z+fzlY_U7#=-b-UK+SS?7w7eWINx^ZKymNNOFpWBxhP-d5R7Yp$_N@6>cZZpU>7mJ&
z(ZY9j5U%19w)<duRf|*lKRz57*vlutB`((I@1cf$q<v`NU)Q%c+NsIR&Is<8K5x~D
zFHQfVezWhhdA#*m5B+iX7l_x`(9_)m^<Q%EsY<2kX;<ewUE2FUo&aGe6Yk>~t~ffG
z>2r*FSTwNrEBW*(v-mfUnhc&_kn|7CtzKMQG^-17D!-I-rYl@H!|{RXLhGLnFC5oW
ziVUs9w-FozBecaY)C8UC!7G~VMf4*F@(m-O6+~QAnhRo?4~Q~0MW;5#4Pm#X$CYnF
zP87r-`iJiX)a|x8Ov)iSwn^%g52$8(Nn~&0;@VN3U`@t<{9^2$SLhfhCxFYmvU|Rn
zORzl6E9eC&`Kr+opRpZm4!KpLtthNcmY_Eh6s>i%z^I~MOOy3f_-}^hM*>2I3Awoj
zS)Z=+Ou5PE>+4V3dd9Eb@&2?U`Ki}Bp^HvS%*iNNcsfX89N!GS^W$uPT`eCNK#^3s
zWqit;J5$!#{pR$^J^}l~h<~)f+l5IF3k%WH1z|{Mu_R2ZZk}Kh-GG<ND@Gxby7sc6
zg6egcDX&FL-BQQ(^TJs##%ns*$h7FbxQQ3N?`x}lEe9X`y|15xZDR19<=}7nF=@5M
zw4rcihQ|b5*)I+Bb;;e;C8>hMu(|Wki|MT+yxTzKZQUKL;;dJ;tIpATkwTO5S)8T0
zF@%~x2|QSjdZIWJrbZZM|L-ntYjborHa3Dt8WH7`l>s10`TFGXqIQtZW!jv0O+$Ts
zJ*<3FlWul&M8vk141egEb462h&z|7mV9rx8gCglg#JKVbNKNR&mbci~1rq?ZBcTR3
zU{G%~qSvp;l<df-Pun^=1UJJtXGm@A-5&1Nmi&%xo}P*%i$xH@V+snD99yOU6ab`+
zdvd|o|6{PQ^8VmV_~hn3CA{!C?d|R^FC#<9%ZnJQZ6BplIzpG)-(mxz_De{ZN3{i3
zJ<;jQl9QFqcqQSsZ%=w*VRRQ)D?tS);wWpvB0r_~y12p+yUFl8?$9KrbmF$TQ;>wd
z&{5V)q9wf%Jx(GI+9GbB3jgG<y|q2#Zi2#lr!R$CnNClG*)5VK`P-Bzm-dv*B3?yY
zt6&YT#c`KBYQ$hLEiEkv7h7uiGO@aRV*Xj-8%o~ax@?tDGphe;#v^^50>vqa(vWPR
zF{XCO#YJXq^`E|NS?|+1Lf076Sb-ED+uffbTPDXldAkGF*=$*Vg`zg~W%|+_)M?ti
z&$GQFgRUh`NwAU35;UW?eaLl9$xh)-LGt<wy9`uSRo%u(DN8!mFQgR!I&7*_HC8Ip
z=483W%|?%OiRTU*D2*FJRbOB5W^FC_P6k&NdGni&2NjaBaaCmJ$gdM*kyHIXi!+w1
z3SVjrNSzO5wCH|HRO+7P=+@2q3M!6UdFenrt-I4w*<)sJ(&Z7SJ%W2Srdt0A%id@6
z1m!S9N#NfyT3(`NF}7f~*~xgacUm~7*oQWE9OY>Fymv_9&Gct^70p8<nd9`Ofm&Zh
zcSd!$HIU=LZ>;GfAJYbkh)2DbduJ;<-pPT1HrsrZwMLIGSfzaSYmV<??;D~IW6VK|
t6aFvD+*Nv@bs$LWmj86ookON`?Nv0tpo2Axg`p#Ar_TS8dcy41{{R=`v2y?b

literal 0
HcmV?d00001

diff --git a/docs/source/design/maximus/images/maximus_final.png b/docs/source/design/maximus/images/maximus_final.png
new file mode 100644
index 0000000000000000000000000000000000000000..4850703e00a71a5cf58642091e0713a688ca129c
GIT binary patch
literal 101087
zcmZs?1z1#F)CM|34LN{x46T4cOASaj3=#?`F@%H?LrBNaBHaywl!&y1)X*J*B3+Ww
zAszSdec%5-|9$R#ctqyRK4<T<cC7Wj?^<C`5lSS4^n@S~h(twMUK<3$1^&bu!N&rD
zz#_Ds$-pPDv$m2fsC0;N1NeYrC8Hq&0#!s4U7FrDB|s?~ID<gY_S=8pZigZZ5a=df
zMP5eN-FWNjO#<bw)O&=2n;E9w)RLP*R++}xegoy+<Ed{ItA?~+LVTKSUQic)abDK6
zw^ZG+SF4P8Bq7k;<Ib@hZarCSGg(<~LmKypK;_FQ?vMKh$%?Yd_l@cZ$SB>kq*<jE
zv?wVlpGiN{`c)FJ+v_dNn+}VOjZFo9Vt1>uBL41(9M4s-yEg83L`C%H9ln>BgNrVX
zKoO$VffUf~g`nGybrY@e_vqk>s^3B5UtU_35SKO{s9FZf41YZwSCSonE+e|lol@}4
zQ2*?r#@go3--S5*(z3E{O4!WE$jHnLal@A{UrI~uQK*rfw+usnsMK|gRu-xYk!gRN
zS~s$mfIBcZWRiAM)f;1l>GF70R>Q*M`Kag7mv+B>E7qPIu@<;Vj<PYCr2V-MDU{3`
z+j{BywG(kZs+&x-mH49vXKS&UGQLneG@Sv?*)_~><9u@=X}0_F?VbE@QcOWjjvM6S
zf?v-u+Y2gXS)UwW_pC~!(&H<iSB6y4*nV`p(v%|OoUA**Pi`}=4O@Ahgz!?Xp+@_Z
zA3ogv{-a~=_*!qA>8mqgDktZ}0}eO=!i6s)3g$ESWM`A!^wX>crvO#P{GK}GA|-E(
z=msB3YSqc)efGiq&(35Jlh4sl;eB+s*BHsw&aNvag!Ni|Lsj;L8O8Op>9IvwFC^C&
zo$_qM?>ruiY;v^9-SP@LWsumns92$&&!7meO2=youR1r&kDqvGGIqGL3XDms1ILPk
zK8<As^ol#TZ7{_k)PG5OOd!mr#=Tz@#Mr4f$s<gxAq@XciS&$Pry$})bmm}53m#V5
zsX`5(IH4pKdgk@i7V_Yrv%U7Q=^q!(eTx-iYe;BkrMWq+L5h6N`phr2c3@_DUpI|F
zONldfD#Gd+c|Gb+X6?J#ExrP6_3#iU6CE?=UJ&Hg3rE8YxXET)g0D&C3*PF$2iS#P
zK^fsu)rXiNSNppI35Wi!s8<U>H$s0sfqvnEK>;?!pK&shPDi~aAEy-jAztn%W~<8!
z<ZZb;`1VblHvXQ*i(32HAD?vK;^HxlYgt|bhdv7>`mKOfuv`W0&wf(7H(xZs1j1E}
zJqp%Jm0nm-AC9eWGY7}#QMg|oyG1@@H5_eiZ*O0pYHgLN*l>6ws07-_w@7@S_o?(w
zd3x(jIMg-E$IJOV?fN{4iNkcj&x}+MqX;qQi9fixLqc%m(v(U>FLeK%HZ1qmAhv|C
z#@iJI^EKK6gc=)bairWXmOW(p=EI=AU(yXj>626}jVL1g=Aca%PAA2mt%mj-r*okj
zL^QXpH>0stsanrQb!o83UHKNPJ68ASVt<Lahz;=xJ?jQdwTg+??PO^nn34#am4ZE%
zK-&xDpUEEbLp6T#OIN@QedXs`v#<Z;W^~X|tczk>7e|4YCR%4_XKABNZC7E5;8-`5
zaJh~KTVS@Y@284lh~pNr!Q|JMmuoK0VdAG}UcWxV=U>?JIC9`QZY?0?f40tnG&o-8
z2iA&w&4GJ}C}^-&zy?6ul4;lTUy@>DpgX&C#j$es%|+wTu2$;V`o(-7m;04Duf_GT
zgo@)!=w;O5wCz+bR_&Re)u#enQO0{43qE$U@y1{J!+%|^6X?`E<&zFQSJDuN6YeZv
zzx;MznaQ`0G#lzF&dZ@;N;=`(Ii{=kmE5*WRxI{oV1v?m$L|3wPTm`a3PA-Qq}!eP
zH$P3){fugf$IkSmczt6E5ev~$4U}V6el<xdBf5pK3{EGv@(BU8h&J&F%M=L?XRN7K
zkDQ=TYw>Nw{g4uh5$F(6{?CP4gl#SS6Kxv(gI}$0F0ZEuNxi80!e(HXtNV7Fp2wqI
z{Pkx)d{w4|f_XdF=5JDup6-4JtEZd5F&u&;HNAds8!dc4EWsK*|GuX8Xf+OYVsnFp
zTdfvcbZ*@3pK?FnQ&rCo%?n&?+&xbgG#GUj3j(E9!&3@ha2#Tf0!OCCpPiioBRplu
zp^<#^Y~!o&dW|Wfe}}*rS5OWamBU31I(u~p|1^LNT-5r1(kbkN`!6?X9*wC?BvOJ3
z1N}*#oGwgMm{)^cJk-?Avrfap2pmpm>W=~z$68~hzZrTKDOU=ASPHe?SZGA;e)SW2
z?x9r-r53$Ppoh6hu-X(?iBHrIKXP*7#!?DAVW#8at}j{Aii6ffPmIb@{s?t=Bg-sx
z9O#zLG+l2!&LHqBnQi#PCmuYQy66?T*r3^aMFV!)wdcIoug%w*jjw&e4?itDsnM)c
zf13kOp-XC<1t0XX6(-nS#GT<T!ri?u86)SKwH%o?n4E~qo8CON4YlM~Xm1JRlyZyD
zkPKeTmhk<|?QwmX8`vNDj6P@snYuZX1-*%XFvXz9v<N@RNUj!B=WUlY4qcD88a47N
zv7#MwUK>sQUZ!06L2^)WAQI;ZY|F*iJ$DQCh@>RXrRbD3jne?(Cy(Iy?7qCS(A$4w
zY22^FSJ0TnUZQb!r@b~%>hIY!TaFQDG8_K-0u@6;ZtjoXS5(nY$p@fW&7N7?NBN&}
z6K<DGj<_fXa0|Ny<mQ6c*KdcHX}+rE_i))2xqwLH9#2O0S)UQ<lX}J=iYi6Lv0=yw
z39%}7!_a^%51VvgzSjcH%Q`2olaZdfZG);qj>x}{Bqe=5E<y5#26EY?&EP4Q;S9d6
z%lf2tlrn{F(hze(1}54#aP{WE!)3O-K!Oc|r{5sH6{#KdR1uM0o{$jj<A-~*UpV=`
zctct|ycwWFd(*#ib=JB%sVm(-Y3<7iu}XrcBy~CR5mhO<u?>NXGLZf+uyzV_yTI<I
zNsP<l=*J}(BkCPbmNsYdGYKa*l=5}Bo;}}+8nFxCJe`eO$e5;ZS@z$PC`d=n^nQ$M
zreOw4Tl_;xHwoEK6du$t^%jXH<x>~bWh+g{MCRg=4kEYiH|w^zVEDIp%Hp)RVsG>G
zxZV~dQ{om^1`;#~X801a5Q;OU0}p!7(uNQH@Q<N`T*?p8KCRW8LgDpj5D5=1umpi)
z#&zifa_Vhbry<&f&(tkMM}<E@{C2^a!B4G+_gX(%i4iMUes8S!fg?PBo|Kgd8Fu+w
zpgGRB@^GY7uqq}Tf2?(HtUPn@OQFTak=nr#MjyAU6_ckDe|o=NVE!b5W^1Utmi*N6
z(2;(ku1AHTtD{4VcBU^?e6(t-U)?oxfCXPvUd{2e(=yJvUU0HXddni^c|jl;80}(P
zUF#097Xy`C17KRBk@ym)_8np?K`QlsKSOy$wuVr`I{&>>+Rnnqa2kfs5#{jqNp;+@
z(y@oDSZ&rQL@o=7l4r2Cm8BN>hgCLOTv)V51A<3^1*Wd7iALP*eELTyoSU9t1G(lI
z%==w#VQbiTY=8P+L!qJ2)h=Gc$jT@|PQWZ7nvmfXe)GNr?t>X=XXnG6*#=YfbYT*m
zwV%$SlU<Z&VrgmOZ;L7A5!6BP3fiA2AFwVceKM%BOg%a~)X>myU0LbKIrrQFFUKnE
zT-;mCYn40d*xMVT6XcNE8l&?QR^AtA_xrTYr(XYse+4p|?=WIFYIQQ>OiJuRYz02}
z>juh{^f<7vSPdfpqB=B(9W5sAt{T!gY~9vlkHcxJ;qTIyY%uNipM!0&<CrRDmQ?Np
zhKI(!x|W|317=0U%!g!*C6~7#yM9X)9*-W#8jf1m_cwyl?wbWF@G=eb{+%XGonej9
zgUr`kH&s34z3Fc%OPR@+7hpdX8U8B%QjkHzpA3J#^=5awKO^7bBllBPj;g@z_{EmX
zAwiR~#ZiaZi+iVoCMB3p2al!P)mGE6Sjn0L^PTq8=C3#n#P#<^i4@!5b@hJ}Cfdf^
zvCY!4Sf5Hm`bYid%4-4tTiwk$^c|$(ug&)6<EuI>Ia^R+Lu6#6ot>S~f<ZYFEP!d3
zAwN8{NbwcxR*cgTi{&A=APRV7=TqsJTJ1GUiSOUWc6xE+vzF@5@4^@VSMzIB!M$&u
zp{YW+ssuNR=I-JSa}q~57sM%I&i7h8yZ0mPN{kw)b(;N6LgZ*+j@8&VM;l}LqW;h%
ztAi@ARXr}*EXe6FILAOAzkHR?g_>Mi=Pft6Ygq}8=rljNKspa~d+9^MyUIYR$sZ0S
zs_m0e!kP60%#XIt=U+d8x@OSkYL`s;j%K|fOt{k<jpT5A9=zReK_^^cBo!9CG}HHl
ziUoLIS<>&{+YRJzU%jm`&?97KW@dl`kxWldk7^^vR>@ES^PzHutcDnA1uX~AkIu{k
zF0%DkY&Aml20aHX9)T6Rw1<`$hfaqM@4X3IWNwv^YyMOGnNOi*DdNSsX7htB7t~Od
znSw&hfLygK*(-=&rA<u*Wre>Ys!i)I%$sZL<_{s{*=XyVBV`>Hm-f4i^sNM;uBf&g
z2A*5w(fEW4RIjUojpAvcQXi)d8dWME%WFH`7%|y30q_RC&HcZDlc+5t^_BO(6S#Hq
z`fc{kU-|enUH;rHF>bZ6OAH2@r#L{uwKxn4c`w-mX;N|5k@M-_Uv&cR%YWla?IaA+
zxEV{mX4gDvT}&h$%qD7a5sa&}cdQrn#dkSooBwPmd;Z3kv|tZYE?DBzXk@#3)OnX-
z=lxG?Zz3vD^Q*~>1gg(|#cz)T?D(D%NIEm0KaFd#oACpXg}c`w!BB1su)Yqyt=1y)
z%4hntr=AlNtuH*{WwM+1^xSQjt$~c0d+|QWa=H9iwRiM3-z2@$H@J1c;$E`U`}f3F
zf0a+yq$<{uOzcdP1J{x2nNVM!_D-cUfy8IDqbX+k!X!h~JI3<!t*l~vF8j<nIz}Kf
z=Qyei!Ddc_;8uesAl5zvDIv@g4_+Kqnr|c%!Zq$k;JWcadqj^B5!r!*^^)6id&DRC
z9He!NsZcn#MP_qR9F#{g;~rI43@if(Bs|}}4<F-lVZ~=a0NoFDx#Sx>J&-fu2d0O=
zE{^KwTvzmk7~qHus(6d@0?pCN^z6)bF1N7>fJJaZ74~7aQWl#>PeA}wNeOXYwH?#_
z0|CNZuFAknrJ_tGHZd$bx90KSjZZ_S>a{IS5ksIf)vFJo>*c3E;K5S0i$2nG8?2+p
z?UoQVfoX1`lu~{op@8<K@ol-TK8oftDHPBbaL3ahA<lRNxMR9&G9GLbHtHNg&t6(R
zOAOdpuo)|O>yj60azJ{=@oXiT*SOIgg+jewt3YB5J_qzpH3F}a-#Ef*hdFZJ#V`2y
ziNGdt0P7Z*`GSNG`tMF;LU@fwEb*e=-473ksbiPl2r)7-g$zOql!&Fr3zgIUU_I@V
ztDYrRueu66TIh$sqGM>L?Q)A#8dC~_Lf13sf=a$<qv$CJw6<Z7HuO54F($k4LBnLP
zS$kTbXNeRH68SFUeXN2DEO_jv(LY@xTe;M5l$3S7I{)AsE4gds5h@U{i%Mv`1;0~*
zgx=iD>lz8YE(la3DCCE>08mIM<`8Lh&J>!VfKl%xmu45m5{>Nb<#V(x=AozBSvbf^
zfL+=Qs|7c8aPRwFx6r@=6BmaA&Njt?y9@m&u`gpju`<wSf6q>1{fE(KXu3;qh-B~9
z!kf~1JXl1Im^iI+gX(<iddmWjM0uxoSYgJ9oQuEvn|-Lun%aqj&<5EEH0rSvo;AW6
z(v81P>|#|-bN)5(K^VkdKZNO#4YM^QnW~c+IM7^C1QoW6mM)w_5$fOW0C(M4Asxw3
zMnG;hl`J(qzw$`jEbl+f{!D-=eHQvXlhpT+B%TNSRLZj`Kxn&%;=5b<n8%_`pBF~|
zVOGI6SuJl8Dj5Q}ySte!5Sg30L?4AYqrBy9Lkk*#0DG_uw(#g-lM-ak>orY;Le(5b
zxofUrlH}9({SdewKli`@FJtGgr{oDWfrZWcB($!D?@2z|?bV&i=*(enupaH)0*@>c
z?~Uk`p%(G0Z_iG%TSTtr)%-NivlLvhJ@r%x7J2b*pU`nmrcpSnGSe5u$szcRI%?@n
z5&lwX>)v#xF0n>raPBGn{eU>Py{W9(l<`{Of}zN=&B+JXA?>?i8fgbi%A}G&6yC{$
z{+~DMg{Ne3m(5q_nLid!@n~!!a!QJn3*_WWWP0KL+sVYSQzhxQji)VVfvdqiY~;1@
zP*ld_Wg=gTB>gJO$ckLWBiN;s@b#B5XI7g&6LcedYA4UEXNplsMC6xM^N%2CmWV@^
zcbdxF^4*^2a;D{8Zr<LEF!f=;wL_S_k;8WhjXjTGjAD7Aw}|<vg!gnOFQXp0*;K2m
z^t5F4YQ1D!b=Y@461d+*seMJO`m1CN05e{sy|M^BR5<SG&DS-+fvXU|<JX9cBK;d}
zmUMXXC6hwPm<W+9uT~YYg*s;kFbRN1H5;!Vo4;B(8UqadV}I`sBq03^%!u&FdNnps
zwcrvK!#g7vQufn<x^Q_-?d<dext)n+5*bdRR8Yp-qBl<^n3>`I+!>jip~!3r!S^<L
zyL^JDacbNu5Wm&w@U5yszM0Ak{QfK^xY|cz)VGe+;%&~<we7(TK@azo>O-9PGwg+<
zP_n9tWFM<B2dh8ZYA1JljisDj)g{0K5A$$fm!VxGh_zsja8k{@U&RurZyf);<QQ{o
zyjoaupw!hfie}mi*XSb+uM7BSurV;P;gOXYNhG6m+2@ybT3UaE`g@=ag3oQY-Uk73
zv8oN6R>c9*e?!u<;DSnJ&0KUDjWw5y>h8Do$U^{@0b<CVysTy|_y%xgOT0eejw=c*
z^elmBlx|c~<O<1Jur9H;{dKyN)b%9e>=sd6m9&I5S^0&|w)**QM|UKN4+>NQ;c7$t
zh{ph*fUpeqP)@Al6h{9wmd7{E=<4dfrsLnUOu66u>K)+!gVbq`h#896iG?a=M@FPo
zf!#+YrLI?W1`bopW;!L*#S_F0gh8%W%B22V$PCjjlOAzQ95x?#O_?{CWSLyVGKIIr
z$NIVCAiqT~XEVdky7?x&UrQZeCT9Iom{`M;DMslKoK$k3#vZc6ftdOH6A<$|aj&c+
zMeRs8-dd_AQ~m!o`0mEHaAc^Q*7nN(5DQrtuWUhf(aM<&XJRU9N)R6lCkUFQLrD48
zP^9wD))oHRcenYKYM^W*UiX3pu;`sIVj-5=btJW^wk>ZyVwC{>Piq%82F)^LRUm+@
zUP_5;L?^puZoHEB?{Gz#0?^|hqZMWo78n&8sDD?Mh5T-0y|0>SNjJ$VS+R?1nIIp1
zSYXYO6PPKA5$)J_Pkj{q!zL*f=4v(Zm{G!W9C0r2lIa#7<i-|33x>3g(_U(ZF?Wnm
zIP*&cN7gfj$U?=!J)}PgRt2$4WU_Y3L^;O#W1E47!or-ZyR|78A?=n7NM(bDA@yVY
z1=l?Q$=ElaS<+q#k3Z8hN_6ZdAEm4G&kN*#oGOqWogU#au|M!T|A!5sRp?RB5B18!
zsi@3Zk3C{Z<xy*!&A>tE+}NCEp+>{dkw7k56XNFPmM&u6!7xfUWO+YCyU;+<6@YZQ
z+I-vppf0S(b+rGy>_1TKA7H~xAGVFOAWQdQ$x`14ceYc_9H0OJAWv0#I&2`NFBm%D
zS#>6A7pl$LlTR6qFYc}p9JO})c(z!7yyfRLG*_VEn#Kh2)JMSj5luwjn!gS(KP#sB
zOyv{Vz(WqKb=LDc|DRq}){$#w3c^duhs)Vl@a_!&B>`J#BP_bac;9Kw&yTnt7v_gZ
z>!c*94Rj>bkeiz(6?&Y%OW%!AVS-_7ju#eK3P?yuF01!`5F-cDMTW2YgdPCiTG8@J
z@W}Z1J*$ledZisMs{^TA4PGbq;%fd#m{^nNUjPeDP_WnvvcsWLd+22d>8t0DLI7@S
zb=7jJveRlXO#vIW1rJD*@DPBz_r~4*W#~+j+0!c-7?b(2un;2b7LH3q%_r4o?6H!V
zdUh9lj?u42m-dZ2&t0*+6~7vmLFkrWw3oVmH9s9;-Jq>>VVIpHl@|PXr_N$>sA<*X
zyDmAY_w{D<L(hFA->zZ8OKYO`q*<kmS7)QkJp6HVtwRL^T{rVHuWn=iq`1iW(}rK_
z0A5LjJ>+b^*@xdmIRCx{L1&4~JXif<kpeVAxNO0?zJsK5PRZAqRu(+g01!~wS=bMA
z7J5Nis05R8nCQ>bSdFGGIV;<lo0#!br4AAv5&iL)3jqKN6r9%TJ7X7_gh&Xp@a2HH
z9KvU9D6{`k9m~wbb@Eke-{@nMAx?UgDvtdVUkq_a7mO}b8X|T4f*~${uA_tw_D~J{
zJ>=Q6<`mNiCD&bVaatXyzQ6hnVx{i6_{0uVRLHA^@PUWZ-@mis;ue9~&7m;?{#7Gw
zJvz^=;Dk+80%}CK7bT+T3;U*@xA^2|zPt_lCv8-XIe=A^7ay_#Ac&jX07ByzXcZLm
z=+t)1lq~DK@P%W-s&Hbxx+1i}7obm8HxsSVg2`uU?_Y!=xpK?0&prn0NNMggSE1nI
zDV*Tr8Ev`$gMhY?Sr%ZYtYGING3V8V%Xc&xi><mD5{pYDh81nk=6!o7)1XRSPK_@<
z(;7bB<hOE!&cCP~ws^!}>AH7$c6e69y`gs2wYN1{HCZ;=`hG&TfphU)NnrowWhxto
zP{6IGqO5fsZGHbW<F|H&_i|JXf=XKHBcSJ8#kBO8SXs>+s+Hg!6rlpu$2joTrN?u}
zG)t<$KYB>3bloI?24)*8c~^dLV&_<3^Xdu8P4vu4FN-hziO+ckaY$&WjgXKKa%y5?
zBB{RpU^U&LdFR_E5}*mT`yP}T);zrWfB_&9-wK88=J*$9iJ-BURE0Lr`A0xe3G^7T
z#U0cqT|&qHkxUVXIp766bOhO`9r14fs$o&-PEHSK6+0&|Ft9NcB8)-dE-b30bg-j5
zKQ9Rl7TbwV=T$zm0y+4tq)aemZRnpYo6>$}7Ly-NqKO`5NuA_jb4ANcBgBQi3_ucf
zi3@9Ohxg~m)yr-+AOKQs1E~8~cg6r&=ha%PAm1&upF-$2UB^83%}bd7CD`Kgd)Y_a
ze1cXF0_>e6aLe<+wuUqrLVU0twN}xeV(KjecbKN(EC>W$Qp7;kanA9VLOb)lA1Rb7
zk?NTBiSON)PH2``R+Ht4#V3<LOulhaWz4ZH)?P66P7>9q-03j%NFlZ;3dBdAp(m%)
z2L*9Bew!rW2Qo`I<4d8Rl{#qn>EsA6+Qx$f4nLL^>@L(2jaqV67UG3yA5oOc378g+
zMC_q0%VRxQ6$uRyQ_O;t|4dp-Z2ROrg*d9_=EbEq-3Pf*{?56I*b~VG208xD@f`b=
zi5tnx|5(lsbZ96d;n7S|^EkcMT1*(<-0X5j`h+VUJfIuHEQIDA6?!04KF07s234c-
zip~x+?{?LXz_@z=kTHd=%3WAuj8%pH4YLD{mkTPRinf|jtld((GMGbPExfp8U0dc9
zr+h9fQDz2ecUb1zd}4im*+xLiOXq$uzw4jL?U@B8<_nzgF=FSFuh5FYlYL<ury%Zn
zG>I?~ureNjm7=UcR@gP_o9MGF`&awpOR(X2ul<=mf|R=N)dI}xP(9H*9)vK0rSexH
z=SqGD_4)T4!3a!8WI^JYG<F@T2+K;Y6I*opq9hYdV0kgF)>Uy}!V^!sV}?<GnUQjf
zLS=UB#aUfxE3+Cuzzr9l;tqvqHfCL0nkbN6-uL80%EsZ6V=kU&QWp9YLT(oB5*ZVw
z*qHl{fOr^-F_V1eJ}=VxBKS;VQCRovZ`atjcB-fjobtmp4O^SEO|Y!U<FspIBtjHS
zA(Hld727Q|K3Vh5!AddT!kcMMjkFG$7ekrwlY@TVT1jZe&L>fgDp_{^!jZXc^oCJ%
z^|F_g;QM!1U(W{-gF{zenu(jECC4VzMo??TB)o|mRHgg!;~*v`#60N$2v9zglLrna
zrJH4Gk-|?nxWL|%uafiEUfFh=1De`<3UDg#U>bg0E(XQsc^7?GfG+4^Wo;9)FPWB7
zGz`-?ogtz%$_pOQHpG!!c3?Oe`#sG;<}0)N-QTP1>Z8gJzWep<VzU$>YI8da6hy&P
zr1xGvqbxo&ww~Vx$zj><$T5!&KV3GYuhD3)Ipa&k5xz=)so9E_w<21YyVhzDX3YTU
z(yR^4wY+;xkx#PllT*jSXOoY6>gQv#W~n5a{C+L50`G}n;V|MMd-AN*drG7REAEx0
zXG<p-vmq&;kHa?JjMm@kWs3xGU9t4DblQ)u^Dh9clLK;rm13joxCaj|b!T1+s)FU3
z@%t>Qjm?P4V2dgW4Zf#WAwfO~d(=I`saHLQspn_LtV$;%Qq8D`KNGRMe#an$HkThO
zF?*^;_^?b{T3Yq4z>BUQ1jx#^LS?Ow1=y!!CPtJGfQ^MM8O(E6!})hm8g${lED+b+
zPke1_3pn^yKXdf2qEQeJ-mc`=&8P=i6*iVX@PyExu`hT2EceE*?Ct|<VAuBDlW!b6
z=$9fcsuoYYU&imR%5KY7;-M;^+JR@9KYLyO92T70X*!P1yzm^1SVAGyk}Kk(CUE$U
zB}PR&ism?06mdD_P?eql6OhHETOO_R@%JrC?c&52dn~9*OtMhfY89#@A0Bti@1VxU
z&-i#wRSvt(7Feue?>BzeQt!r`8rJY#xl2C-Hpf4gvCiGw)h;-mw41QKml8tv<B=@f
z!MdpESi=^1xVcLwAQ%S)o+<-ur3_J*)wwq}T&!t!WnbKxlbPu;uLAK<WT+Pp_9ri=
zz`qA6=rII}R5*J+nk|AGKffL94KtlL8@#qwMt24k7*O}kbT``-!4f?Fer7>u()Nc3
z{$`Kj<Q&wNlVj_?_v4Pvu90tBLAUEDfD2nKKHFM@k||ypUlkK0_uZn8nmoLx2Q*IL
zldE4P6y&f{=*ItU<rmuRoi4BVwHrVM->!kf7}JT7Lx~b6MmLq2QbwZj@_b_xU;pqG
zNZ1v0^W)#E`fgGA0c?l>MnF-D!5w+{Sct>P_IgQeb!xPYA(?#`K!UoKk{4B9&Ei{1
zU*0<oZ<$hVXSyPMWe=LX&p?k^kx$h#!JY`s_Ou#`_$x&N!09PNpUU7#diXCGy##A4
z1x0D9kcy3KrYgt?SyK7o54QW%^t_|QC+FWnjhwwNHJM!`jMMU0+psT8WL96+-poOn
zMz2qP)~F;<z1;cD89SM7QU^fXsP1IjtjHHSNC(ibU&*^het;e1arY8_IkY8!BNj_3
zFtk@8pJF_mWSvx(@y}RQXj7&FO(Xm}j~{V?2kIL~{$4h1is_Yl`Cm!O3A}w*2^B)?
zl^NTWjD8&WY(h~uA}BJu>yBleM2`<omyaR?M{ry5qq(z=CdO>5*UTt20>O;{Q*y8B
zC#VIxFk0tRLd8&aw!kaG0zm!s9(FY{f~_5_Oe@!X&7U9V<t0Yebag3u@Yd2a+i`JX
zA#%2r=c=qo<Mj>bQ?ewzsCDkWeDNYABxKwI%~5c~ezR_U-c;4hb@)e5288X3PE5F%
z8XX>lU{6LQ`pYB4HZr`Xg$64Zwtpu+&=a_qo|bmn<&C!tkktGu57qCY&xSxA4o?bN
z!4e4`Wls5IWEctxiaXi(NX2`6PqME02rs*%nUkeof!a?O0*}If3$Bb_BTrprHlD)3
zj1<J05wqV%k#}fVfayxJG}t??IOHk)lWP#Vh5sb@$&a_LH?jVI@(m)1MnKST$Z?C4
z=fGOJ8{#tNSW0fOSEh2%_HW>^iH<O^B<7yD&i#CDB(xa=Yo)2ka4!;1`&kDfS$KNd
zv1uZh1VLP)U60rXPE)end)9W1hSi?4427n)Hut@n7G+P|eCfm;&Thx6)gi+HwoN81
zU3A~=*}|PhTJ%5H#}49Ris-?f;7P2)>qP;CLk77(6O>vA?c7dxB#v4NRga8<XIXFj
ze4S&H6kJ4kid-{L2O^jGQhyWD^qY>Xu0*Bv#Tg|N4bm*r36ty!yKzfBsyMDY5!yI=
z_0Agsd|Txfb{nc+UPrqWh7R(@I9u2T3=PH0Rg*Gn(sa9Gj-(5@<7nzdW!~bH8(Q4Q
zUb|eqTlIr@f&ckWwqg*TL6Xi^F#c4nNcP0^9515G|I<~#-;3k|sV;6`Us+b(TqIvW
zHwGaQ#H!}l2U3)%b<5}7Xni8dH|}VLj~52&qO6KJ{B3Tf`8PW1RU1{#^mKA_4TQmW
zqFXbvT-jKjM7Wp*Ep_!%!4*w~>7Q$u-NzYwC`$gFNS+qs_yL%#J-l)fPNw20%f~z)
z?qj?6ZHlx?`3-ANyzz2vciow^e)4r5(Z^0QrZ?Q~@`qvm1M7*c*ucZ%OU`u5u_D(X
z;ss5g>zcanHmo+|tZ+i2TYYv(u`oCfnD`<B+@WM6_QGV?v<0=v6_+U5;k;G0BARiN
zd^*{oY&MGfzLhp{sMu!3Ms>_Ui3}MbJlHh=B5z55E4v=$FXw%C-Fg@gbsqmcV#Ath
z3?ZV&JP{&75atptILz*|*!@6nMEjjlMl|~$Jtga1*|kloPq{mZiJU%`JY9C0nw7M=
zUJA)}<N?E9>cSs!XjE)*ZLuX$NU#WuAs0v@Bh1eMadGHHebY2l_Xo>a^f7UGHi9^U
zUqMnmmxcJlUzDG;?(`r<<p<ydN;#2&CwOsYI&Un7@vA!$+QFM{he8Nl&^}ZXxt`e<
zb$Owj_O>Ug2y3DrP=8^XeDkxOZTl16etOZr9oMU4gg!fhdkK)xH$cJ!-&?G@(lh_A
zp|^arm<+s;hoao?>_BUIW3r<qa;^zH=zjJ8Y#0E#?%$PK#nEpbI6jE9z3r2Y6se<@
zq-8HGMa$Qpj3DYAhzlh9Njs6e`O;HA`uA{eZEePc$6my5;({^RI5iqw;CRsUJ2B<#
zQdO$z!2$c&9>!~IwAeMd1aP8Djs;EXiH@_bU@1<Z0e>FLGeq{q+GDd&U@UhY<Fqqi
zgfra9#9QMddwM;QUWIuXHisN^IpN%d_Va#e*D(n-lP;bV>a_(<_*9tp){8+n8#tOE
zt#%D5efM^|7HZNm*}o*j*Jod)+6-4sg9Hf#2<B?nap}c?IhPM^<$4QZe?pgAM51Fn
zla?adO)Pv;eIiI&SVJD-dKgs1`g{ab3d)FK$y^9~f2S4~SO>T3Ox2Sxljg8#edYG^
zb9UkXY1G6C{cjf1zP)?qXbsW>A(Uf==CG%*+9*0fX7g>7iGtiA?HPY3fOeMSEcjZu
zd;()VCyG(FG@n%+*_AqTz=mK^RvB?G(w<hPc3S`1=FUrpFnT^8KfQBL+xba;=nViH
z1d?eSQb@M`z`C-OydFN5!FH~Yi;l>TpUj=IVGRpteaDBc-yxQ$@m@K$AG&2(t{N4C
zKLk_Yy|a_W&Ks+b4Lor`ch2`{IW9wy&F%RO@T*FO2_WBTNtY6jlSA2R7rcEzc3gep
zJmu>h!?fj{QVI}vDr5~bB(W?O_5eM^YBuDVLUF;vJ21MD|L?Mqe~d?6SP})ZHT3Ci
z|5+`G|F*Z~@5iIpl}x3TLH5G+c$0jgmXFN>868EPSJj)VH!Ayi%tzSJYXhlr3}c^5
zzZKWli)B6|r~k)h6cF)89E0K(p(1EI(R~&dYS=#)UU%S$Vd-lT{$nFeP(A0X_(9vX
zATBm>#yA9#N)>ccYZTN);B0)RlC;$8>h2^19R%(%sD1n`hfOG4Q|NXwn>f)$V6QuN
zP&6r%#{9S@=c>3)6q6}CdVAj#0d%XS$=8@kyEw1x>ic6=T}2GB-wWZ0W!9O$d5_K2
zUzutgDk?)&hlP?2a5>Hb<>Ga>e|}1g0AiM?#YYU%g~1%J@k2z=?3WC^Lt#^VE8oWM
z(bX<|&pP@`Ppf@@+9sSg-%faJlZ^9!7YGFv_fYVEhnOlo#)E&_nvElqI_}n7GvFD(
zU5~{0GE{jhqV>w{>lQ<fwhq^tXetUc(iH<8IEL|#AG|SN5yqM`GG-gd5F69~Njz`b
zv+?sY>Ca!g8T{DJO+h#7OP%-Le3uUH`UZld+kf}uDu7A4{vh+!pA)6LDVdVq`Kr+2
zG@L~H8-jy_kGybZMZ+);`{h9JI1`53w9Rg={7?wiat?(~M~#jkYwRjzEKC8)XvnkR
zy#zYTw`7t5J%2NdwN=KZi(40-E^kBTExPwgx<>(@r=R0B_Sdg9U(tJBdwV%@t(AuQ
zJvk*6ZLDjP;MLqu_uP0sysLPPO^^Bc9`4t$Bz3i3&-}=+VZAfZ_{l*J{Z`+D>*3+n
z>y@#F=C`})x4CT31|b@Y+PTE6N8{go^kF4G%96Lb2%8VBZY+PcT<VcZRcJk*zgIb!
za@Da!Bb?UOD{F{#3Iz0%d)nuTo$qZ?$NfuZnI_G4#Zi>`_zMm*hiPM{OE$%&PDNOH
zB<|#=RU(pGTkp;ej^|6Rm+W|h8}kf7s^l2kM`@8=@Xzryjsi}9Yp*L@HjRCONhGP8
zR#4M<o5y7YQUd-@WIw6NO7K?+3Nd`GXfUTC>9#Y|&)YI{ERW?&G))7pDkdMg?k0u#
zH$2(7IJG{PQ)2%}!Qggc_H7~ixc%(vrkP?0$S_E$ss0<OnPKjmUhqd*D+F}?xj|$U
zBW~6tT`G_{12t-DF9&iD^n?@S{_S$rSsB!xa`P3FC1^DSgjp-R%<5++cP`)3G^>-a
zti4J$x>xf%R>~GoeLDjNQnznduSs#R)v9j-u<BfZxr-~#xWSk~aoQIlOdqzl{3hPq
zB0p)A*$cPf0;_Z=dtAkZ6Hh_47;c5g7+K}2HTg3TDYJO>-}eu!;e(1G^H~|DydmNU
z)B8$X_K<y)oX=JAOHsX^w9l~bwr>>Z7PkCiM|5FcqJvRE1%K`<F=D%qezvloO1oCh
zYYVBmQIOSnyR|3;Cthh}XV3uhSD!5u`&Zo%I6C#1G9f4(#f@%sAJ|U%h~W(>{?qd1
zyPwPM?tp3zu<;~vc$70(b6SBTx<)I&c}y>QVFJjv-Asro_MA`O`eNZ|2Y?MX)&}U;
zgG4=Jf{!^li^ZQy51#mvF*Wuilz;BX?}`xPg*PB$B|LM7fpKO?WHxhAvEKYS&c7Y*
z4k)QRn!{`*jSr(|0nT`k9J}Iy=MhTHCo0<WX6pEvndhHBe~S0-J2IBPI*IM%wQbzz
zjJ##s()F&lcNaTK?i2p-{ysjr*|5X%3&zlGp}}=T`68#ttb-rT+4RC~Y<xa7NH(Vj
z`V1MI`#uL;@>G{!2+iJ^BRdEC_>>ZWg~}C*wS~DQBQPFqYtVx}qS-~Z;4E3-50d}a
z9l=rl|8Rh@ve^1s#_LcTZXxvlkb-j9`aqAm5C4hDh6KkG^KG8T79HqV1N2}<fdRSc
z%I@@%`dFU?K;{7nh~I!rjOMFthjbUbN#oxc+lv>Ai;DoU`Jq@NT{!0!F6^f;(qk%u
zsx<B+0A_IkM}5ZnMJnf|o9No-4E)B~1~>CQe9FLGKSg)JwzB$FdU|i7(8h$@JftWH
zz#Fn=*l7a{r2-Boa!K*F+m`mhbdhL0>=aW26B8-GPlT|s@}iP^s<BfR9!|?~2%<kT
z4hi29ENlT3e4AMkjW<_J-3BrMD?=cHX8ocEu;)^j?NS&;p#us+)RGXbP6nwU0S1Ld
zI|O7iwZ@=2{Xq&qa9@o6pD{D=RRcK##AA_a(R?;=7=tPA7|F29hz(6bhVjSxim^?~
zO35>}Xq_h=g7fe-qM#zdJ`&(~-}TIU1+XPkDiwD(M3Wn5S%oddoDXwv?U}D*y*us;
zq;6Ckei=-*eWr`TT3ray0g{{pSj7h<=4`s7o~ZZgWVWZ&JkC};D)n6^+xp(>sP6Vf
zG-?B7LZ~y%qD7kgcto-<Pd!+f8vTA7g#h`TxWPMiwwd$&ZBv-GgvuztG+0qcdPj@d
zvBpOUN@($6{g|UY{jN97NNS*O2c0Y~LMrt)KjYlk+N77MEc7Yz*|ZtTb+p|D6(G1{
zz_y#52Q1u7+_Km@@(mM0+Uyjr<Z;f23ga;Q?$muC(;d9|G88tX?^ok~J&Dci?$ytK
z8Vgn#P2wQ7jL8#h^4oZF3sg)be%%~l)6emax88hmJFoA1tY($IybL5{+917rzxWE)
zZeyOR+Gc21M32`VA@7H-#>n3#ZwsU5r)@uaHxEUsJ07dGh@c%GVz`9_G04ks|H_fq
z>RLED)K*{dZPkNO)M%DY>n%pP!Zi6GdoXO~U05rnb85ADbkMA$nR49GJN}z6$!a$y
z_1$oR&A%i@aUIRUpBzBg{ZWai#NVV==|MS0eQ((9_3Wg2Iaul1MiRpCU8^n3du(y}
ztOiqsS0n2(WJO9P0=S2}8w*FCB4}w{zPEF8*KAvW4rdrR=Tgjg<Y<n5f-RnkPIC}%
zYgdciDR>mByGt%eJZASE`Y%uE!Nvn{5@s7w5P)n}Nc@+&)y_@ke2zOJ^nmR@;xOz5
z@d8i{@K)jjuuMi6#CYz?>Xph+OaGs(^O_&+W0OWjFF2l^_(rOC;ZHpG?cTI}sRZni
z#$~F4MlPD%x_7^sGpW-3o@~Ex%uul;VyRjI4gtBbk`ZYTL%$+bmhAjDpY?c+tLjW(
ze^oxyY6aL@a?CsF)tNe>t7k&j3d8_I%oq{KfKZX-i`s^jV^6sCN%^*uoe`n&%5!X<
zTc1Kui2(h4OYl=FM;18L;umn0&zJ=Vq#Q62qqcu<yBySzjA$V%99cflt34Czr9TM%
z_fCNE@h>pYS^)g5BUYCh0kV&m7}2@#MeoB*Bh?2C$L<)RT*7_OPoMAk0ehqi_gmg2
z>auw9zXjUj@Ex`TWf3x4{FkU}b<Q<t7Cpr@0dh`8C4Kpdp@x$o^^pm{7PAPUs}{dd
zeCmG=O_3+Ytm9^&!x$!eymR1&{v)6vJmWFpFjcu+n*Z2b3V_XhCm-d{4z5vG7mk88
zp(*$rKia&?0vI(idJMSk?L|z*eF&!~_`g#K2*O#8D8)fkQr|p2-ads_eE39s>)L$;
zaq!x;S<Qm|5YSj~WwAv;*`D1qblT*X%g$=IDeG;(p(GZ@cEHtg*^a|$(p>?RJWK#W
zMn?mDy*pttMQ4j|;76>8OX!2!jsbqbr|UkPdakbVtz4msAt5I+U}L#fAyKFP&1h;|
z4J?jJ8+6-N91kj;Un<+;a??fCGH-c@30P0+oGm9M6CO+1L%?Ze>#@&8thKc#e-{_v
z1f{J(kPmEN;>F<0v>@gTG{Ndr_w=?lanBI7pb&Z+ryQiRzotMvOhb>s1r#Ifr`I4L
zX}@jc7e^)LUrt{0Un}2!bKJDG^?$G4p}-6sVppsbwtVZUo(SaoPV_&E8#t!Ug|yWd
zY$54q%~lO5Cr)b?H6SQmlS(iHW_EVNuNL3;Ei1?A&<Ws0R8mQ~TUXWQ?4n6X7E&;i
z(8KJBLx3Sa4&P`S8`^!uusWzu+Uz~DkMDzB*Y%NRj{q6OW=;y00D`HzYDt(|X{r=(
zD70_izD<Ebp{l~55FEY&AoLli8)J4xNd#Enp{SYx2?csg)ShCB<hm+`P4V5<e$WEk
zH$Zo^94^o`)2BIusX0>fZje@<&R-lhTEBy1iKkO>mB}B*hG;l|-W*|FgNe=0k2Z7{
zJPud$wKqsqC&0wmle8IkF!+`O!L#3EeY3xASCH3&vRpQZa@$5q!Xo7({H=JEZxRXH
zv*O<A<M7$Ze{5V&rcCGG^_G@1K9AJ)4(GG-C=?Y!{uv=aMjEpzf!O!Bszf37uU`j%
zwG=F-z>W5^;<N*bO@ALV>Na3quyfN?xZm%u&p22)bp<)tODf25eGOwZX$PN)+pE0a
z&YTK)isil-+5gxRmuh;E5Pw0*#I8Lx{Ys_^-zM!DNAV4%C*ZBxdPTOJc?$8Rl#5`P
zOJ72z{uJEFqj9`wQPzI8MyD59cK3G^s8vDio{!PEKPfR>EAHNO0_pAQA7A4-WY&q^
zbE=WE?FHG_Isc4n_*J<=_#p_~cy6J}#jN;yeZSy~TqlH&w-$*B`E*5fm-D4^!AnD|
z9<*4E3vk;RbMsj=qW`z_)@VWDgP;=dmXNM!`+3`kpnTZp0&nUMA%&!c%zy7cLEjBq
zq?3XxN1q<Dh0_oX)6#CfDG~KIk`|q2tx3>Xhgo&mbb$9s7PLQ}f>voBoN1tjDhto<
z<g-a9;*^tE!R0%9-XwvdsD#kJWyea`wA8?i-c?Hck1w>bCxA5{0-R3l```f^ha2lF
zoiB}=?bjE{estb|gLQAkLY&=mZ~g%~{`WNdQACcrYBZwFaC80YPK8FgADmwf{J-DE
z7X8$*hNE+8&7{s>Gu&w33pdEXE9VtLlW0`gQlefy8#L)ydaS^E=3v4P+@#QnbxKq#
z5x^5h3Vd%3>JGd1(Y5(u57Gm_2EgY>eg4Ml8;=ALvAOeL&cgY<4}!JsOYa<BFak)i
zo0cZmajM!T<-jJATc^Ondm~ib8brgKTiON)7IIe~|B(<L)dRfqUOO_RLk?TCt4;__
zfK%SV*NPEV_5_KvxJsM--JhO+Y)tyEMz94mI5XtPt<A~tkJiR2x1j}e4f6au6%58x
zR*n7>`$Mc2JCgJtc_Wgb^cemSD$D@_tIxsN+1V2D!WZ1U%o2H@^tM8W!;l6z!&(Y4
z4hcDR6}MsoZ97F|y_Oxgap`25!)*RVW4n8J2p($k12_W~Muf~5e}ZZk2-9Exl1ly<
z7);0j)UD`A)0+Q*EWy23Zp4UtU)@a`DHBN+9uIHFqU`FN6ZeytZncVrcJ5q-RP58m
z=`;>Apw<T2_$u_D=Ni695c)@yse5udD5Cw*(PPx;UwPzFF3Cdj&O8@6!{Xz@9^h~n
z23!<%Ck|?@c@7Z8*xUbdX1|<j-ds`=H2Y5{sqT4zW-TVxD=(gJD*Eq+R<Ny!^VHWr
z<@?Y7(^y8^pbOg?c6Ungjecve{cF=ZScR>3Djb_vDaHQ1&;tlSzcioJCM=5I{8@va
z{B5J#ezyMF|KCB2ZoNV9&bEAa=M4rFBw%chY5y><xb63hlVn;d0*)>oI37>UZq*$_
zqUO~+aE7g}66iKL?Vgm|Sf1XdYPa9Tyss_wbFm51vX+w{Jii}7S4fdUOdt3AoPg>e
zMoka*+rplgIfg|6AXm08c|zgDBw@8FBSQVM3Rn~RUqdfS{U-HSWM{BXNh29DXdiIj
zB+vT{KNMx$THwY#G{SlL3Xq>NMnJCn8)ZCBW)Dq_kLR|dI8!WJ7m<+Y!MTsvDR>qO
zB|p|r&83vHg{}JOo(A&9&I4~KmIK~uW5DPbYm$cC(vF$O$8Pt4LM__E7g<Y&F?3D>
zZ|!IHWBz@R1{{6i72<n2nP1JnG8-P3S8-d%1;}i|GxdLHOjM<$KsQxVYV(m1mt4(&
zuHkUk*enT~WWh-mdm`8Y)c(J`u_ZB4y5@FmJfKVo6_jO#Zu}5wmihPtOl+gj(`tX4
z^oUqhs2X(;RP>Vz+7Lr6`q;Z7Cd#A|eBbDLn$n5VF$&x|rQ7E!2;+7=RL{Y<Oc4&8
zQmTT84CE#$-HZHmw`ly{?t8p=cb~*E<XFI_B?K=&WzhIJ#)-fGzxU2P<wrFO5kVnv
zciZc4JXe2&vxw#V?>?6iyZB2FsOU_28cs>-206<oqeA@w|JsTz1nh0Shf^t8enU0k
zx@W<znbR*<GXiX!TTA9%f{BOpZ=BQreu)&;%eIxty3KwR8ir<xq6YI+RAb<pXFxNy
zp~8`#tq#pjn-`WjcvSkp+;QDUpIOCeT)eM#PJMm;#{;PGsp(F(Y^}!(xbDT!e&|~%
zV)k?0@Y39lGsyE%jP&eCn%?g)*Wq~%iMOkY-2xdmd48>Uc&p`g;_an(*S0R?ufCP^
zqQe|BD*$s@{Kglpk^ySRFEBvy@KwPiI7~v+8Su*ZrU!&MlC+_Ael-%Z7O0plP}VZd
z=UWL*h;RU8&mgfwf*fZLxjamW9H5RUjU5Yz@`Rc~NNxOX?f?yZujl@z2>1!(hLD^k
z`uSiNcnd~dmBf+JF|KpF+**Xq3dFA2zIeic<_``9H|ClD1;j=6yxUaV@5Tf9v5_13
zs{s~OfuR<l{+SGL1k0L@;9A^(T(lcut}MKT3;~$~8Q0pw3V;e@b@B2R24h<9bS<{!
z&lu5_xf;9a_4Oi^mnkVJe9!R;HM51EKe^om$@6{#QKeYxGbvO9e*1kSmaUWi6i()6
z!DQI9Y`qQaD^XC_N49uYd)stk*tB>Khfeq{*bbn6#IUkuWoc<tHoYZicdjX2<#c*#
z3J(HFCFyGPI7F&vKY{6(oC<%;!2gJOw+w@i@)EQwPSiS>n3ymZm?6c560R#Z03ptG
zXNKT6P}H{<9UaYnll182=(AH9><I`WA~7NRYE{ni)1<#`*Ecf63g_<50kF7ar9s0P
zViY=O@}g2KLm)+OHhWV(^lkaiqeRtKe8n2e1pKr6<!H8<(b2Y#v}SRH5!_}BzIc4Z
z>g2U3te&pR$)~G7A%K!ocD>W?8j%=v^Jg-Bkge)g>I1_|E|;H9s*OD)YBoo1om5#4
z=7KBo<G~Vs*O#lSt3Xkr{p>d?6*!u|=>SM0x((UDdv=OpeCA!m<_0|;ge3mKtU!+n
zRP;pooeRKm0f91NW`1`^uMs0NoKxiup5lTTA9(-C6zl4fX5+jEh>B0I!}V7rBIOzB
z`(<%?%@S{%sR7m$6KjGA%YHuwY$peh-}&e8;$%yh0M`Pg=f7Iut$<@%@mqbm(mY*#
z2`l5&@g4C{Af#2H(Ro{KTsT}JxY>2?91smdw*X|oS$q%ObU-A!FE_di7kNoO3j6{=
z9!|+rV(SB&N|drx->0yGCzwKt<BG_k(Y-Kq#ziLDt<Ou)8tzAbNG=<P81V|E2_uH;
z`olz7wE%q)31l)*dauv`x?lAbg6W<Z><{x>d*6b20^}-q&E%@_N0(G;lRO?I7N^{Z
z!^*LDZ@TMhDI#Wrstzr{wb$J}r1}XvbAv3-z}SrEV5I!24T~O0(FwB#ttr+3DCm@R
z!(n!WyXMlaKTmRng^rHn3IE%j^MwmH(SCl$wq2HDP?GjPcpZp<iyExr|EYprD)TF*
z!oxlV%Alo(Joi=tg)nEDTd5Z#p>f2T!XZ5;4jdSQundV&Nte|vTDwm<O>fF;9Vqb%
zIT4YfbfUPaV0on5--5uw{k2Z@zsb_rq9RXju7@L5{3)a?YW&{>4b)iI^eO6s8-X;H
zF6-BA$IM$2;oPfG;{1*<&?*}lrmRF#)#`U2do|r*nZtT+3#dSE0gLdIp%>^@9%SC<
zUiFh!UV3!WLm(5fJk#C{u_2C(2zPcr%JuPN@sTh8OsGQX2*|>XWnV5#qy!jL^~Djs
zI|akOYjG`H_yYpZiBUz(bNV^ti`+t3PC$y-5eAPAL#E$=01yMdo&}ko!%Y$F61Q6B
zU1fkkhO8i33k8&-k{}kPvdE1a5UFa|u@T(Q8FfA>UE;<(o(3Fg^X`V*mhywggW7`n
zuC`-Qf*ThxW&sOEV>IM=<wj%y5?-yso@8C3;We6H_=E4UqfJX3HcThjv4iyP8+^Uu
z7_L6N`x;-78;h0`W1cE%LGn(egazw#MvS5&#gjx`%kaP@n`!_2kd09M)@@^z{AhIk
z{>HL3Re|9FQ;{yH`#rF<M_OX<Fk$B0`d0I1Hh<4Nrh{060xe;cx9*yY1AS(hk($1<
zhJDrZyYZ!xDlU-EB<`Mr!)HssFSCI~`{wG?@I1AMc;v0jLY9bCHZegZ@{j1EU(^Sp
zmNNMisO(zV>os>5ooZ?{Y`iuLGZsLb<|UI0{?m=XyFU&bobF42;E`tlA$nGV(V0ID
zIaGz^BsgK|ONe2g7JO+@<AqxS!<7OA(QX~u!!O-79DsrrSahxE6wtjGyTf{WwYd9M
zS8EM0?r;h-qSL9`O34`jM`Q>&;Tg|kSV*YrHy}i*F0>w?<Q>W>*Hz+1pqLZ+zAu$g
zO=AQFglEv}^fRe#dhTT(<yX?Lu-z?O)HCL|Pe<RAknlEc!fD8_*M42U`^z_VD=pqu
z;oe+_&xbk>Uqc6i$8yG$?@-}=ln2lJgkSEAQ%s*^Ti$tQ`aW;srIbLGHM{f42KfY_
z2rGGom?C#>i$Dj4xpRF6hvNAdrv@o<-(iy=lO=+qIPWuH;wZg_G?`nEc<oQ=3h-sc
z$>WK?Z(3bR7BJLqw;%OXFsW-rQwD)cCMVkZd^UvQEM#(R31<L_P53p2vNa6z`%A2{
zz(X+_L@(Zs&8`w?YzGcMz7>h@BGm@q)#;o<oq!W=_yMA3<0JuaM}~`l>h8-UtoW2S
z{k#*i&Wdq&Fe%!-<ZCJK$C453D!Q~lo&X<PQVlFSMfG&QnoecNOj*$IE}B1iGDRuF
zY#Ml^ybR<SGiEOO(L`BJM*W6w#rAF--cxK*w8^*qH6Y5PT(lh!)}{V;nLKUsV+T;O
zqXhI;oq|2o{eLKX>#!=fu6=Z^MVB-zQc_Y`bSfY%At@jr9TJivA+YF_?vf5gdIJi=
zq8kZCLg^3$N$EIqx%YnG?|063&UKxC_C|POK68#a#+YN?_dWd}r6aEnmI)I9)bQ=_
zOFp4>7G#3^YQM=)>ML5*9_U=Kql|qfs_jPM1#CzS9hy0i;tqggt!uV^F#p6J(i;w1
zT6cpcdEL1v>dy{q`~5FC)hh`AU7$4#S>p{8g2DT{!!ylrK(p?7(5iraZke5~H<8f>
zBewX#;+GD@nOMEVuDA;U*WEjHWW9VV3QtX2>n(zp@k%C?6IF?2R4~$02nmbnr6Ubv
zmHyqf?%<OJIH&8WlSXvtytJM8^s<}08*`T<>+C7mxJ51k$YBb{6Wbe1)Z1dg=;696
ze@Y1#p6XATZGP(bZGuOG<DvQAJGn#~liavwsK}b}JwE^B^9gQBd2{HN%XAGt2OFvd
zmM+}6mK;ERioNU1=!d0qWzyn0dvCs381_Rbab+As6C0~!7)=IE7eI;+N;1&WP)o9H
zui;TMbfI<==PF_$k4V7u<;#wT5a^ichH^cO@xy@AoQU$>7p+@4xF8o}%TY|M2rp}b
z1z)g!r2|Dahzg$=#@?ST{m*V!7aKM1J#U1BkOwkqu=J2uZxGgyDqw|#Y)T#J0)O_q
z!61BQ;=G<$E`!!^+m0|{q`z=5yHnaCnW&Prvoo-FTm{A^5`P(B%cMxcAtPySy?W5U
z2ZL!XfYsbJmO}~{g>k3>h;qcbCJ>zY$dshNhqmj&nQiWYA^eZgEMbBtXnufP4XFpn
z5ca<MbIG)p3`Cz`SfUFL1oFHh{4GuydeAojlM^@xwy8mc3w(fuc<pmL_jGdk&+i!$
zaCUQ#{Qv7em^DD{55xL~*-BBMiBfiJa<<UioCRa6dwLxsFtPqad}EmniYZSU-=&9r
zO3|9)Nfu&5hJaG--7!Sl1#$!Lyjp0?W!yQ5<N7dJ%VSpJs%X>w7r$><QvJ-w5#GH^
zIkbH4l>^*G23GMoUB9Qmu4cpeVPCV+!)!*lT;j3KQ~<U4ZzJMTVJahx=@r+23NfP3
zoqCKkSyN4=`q}%aYVfZ66p;X_cp!6%0Y9hlRN9hIo2f$-x4r*OQBvDBU_3XAnhks3
z>`omL=+gZ}wU*2jOgydNJdXg@_Q)f5O0SiIo5B%Lj-=R$qb(^f#U-6zc|Gj}8f%MV
z?W&)b*`vCM@{jreU2!-=&~|^NznVW~`OZk*%ZCMtQ3KqFBqQkuah9%$-(HB^mUpv-
zt?fHe?mrMcU!^2NEm4nesFo(MaZ@C3Q)DI(4wU0GKuW&hiuLe6U><Q1z$js=Re=;T
z+TO|e+i|ovF*`!&eqNk{dc<g1`6&AUJ!;C*uJ2d0pH@#}Hjj5%XM>WbL;P1~1L9Aq
zMl)w(`rOCke*%Cc3!YiCo|MhB_|rb_Xq@CAF{3pF$<{iuWFJKLhdQyGCvL7c(AI#3
zy$iN7g^>hd<Yaly5dG|be1%3Jj|MvKgo`ovG6KSczC{!S%^O~!pe>yM`{e+MeyOix
zUI8Tp&H^mz-3r1ws=WS=TbfvvV*ktp$)x2W6^j0&YZsA!9NblDLi#-8<xDbvn;Zom
zeDge!z|C&*Z`%SM#!-@`O3>D_wV4n217Mx9r>_<76UBzt>yKuI=Q>*Zp>ZWduEEz0
zzkJS~ddQu6@5V~15m?~Wj~aBh<KZEyAZsI-bb9@tMUmyYeKFb#ed*Uq!L?&g*)j|<
zg7;tFufv`(wytEwfV<bJC**HW8BQ@j6@3`tvlM1`)VD;c=a@{vk7rh+MOkveF(Haf
z2n;Az=DLcbO#~)BM2ngK8M@`wbT$WBQ-6F>n4a4*`5jDKa5pz@)(O)HbW8F=?oc2u
z+3nX7E^v+lb=cUHT4ueSU!=W+-c^D@Tgh8H=|oR;+NJ+Yb@4W4GMUl@(A`^{Pa*3H
zyd!%dr2yRXmV^gAGv5%H%{7}MfC~aiNyO>Aa<^0%=m()c5Qp`^ajf0LwpUxP=<V1}
z0VSvT^=0_atFz779KywaI#D-(m2xPRdj6Z|`o$~LrpJ>r{Uo>1!!LfMJSQ)1J&?S(
zc-VPIYUz$)E!$nbU|`!I^MCO|v;^?$)y^#DTD;S1{U1GX1^h%h9)h43!|ABT1dg=Z
zv*MOvTdN|A(z>PrGdslj*_;c`Me#Deqi?ofU$=bMU998_cz^t^5siYduE>;)rL;kQ
z`TA8AB1t;PhGCTJ-gLT_1pq3YkP>p{S5jq|vKI4(Ci?o}1B-@W-I!Qm3o64I85<Em
zJb^m~?1$2Jt)`jAmYZPyu4Yf-c-Z5HgM+i7M5JB1jnf5TtILre%wf^1380whLyFD&
zbW_fWH8$o$GG49XD6Xvy-l^lEwuv5!mm%tTL$hLF&VdXJ3&W-j2_Y&O&uM@Oa%*DX
zv*0G+w5N_FM@pz|nBVnWHD+<Z-h$ZVXplzQ-bs7a?)DU{?fMqw?B_oEit?mEQop!H
zbp>3T!PDjYNl4Zmu2<VUq^uGWXvmCHRX$_8Rop%{QQNNj_Or727eM3)M#gBH4~Q{u
zK|n1!QBzioe+V~h7$8m3<%uHLXE4JJDyDBNbVpOyK|K>3q1g|LM<LFT19L)n`glK^
zZ1W}zzC`8CTAp$9<$e+&aTZckV6l{xWIgNNZ?39bYU0l=JCjE01tKKJcLg4yuFNao
ztS?z<GJakkKBUpTK`^P7Ec{3evr9ad*1KCg3jWpxR19(6SX`ri#m2|OcWXb}))|D<
zuqeo6C;8Ed-nc1Y<@S{j%x1_DnWY}>&&Hc)hx*ih2h==Qvq_RvAH7Bg(^>`S-WB_;
z7yQ27Q2OL|omQ3E!LCTtFb+nZvSKXm<{6SFg8i!Imv248)z;!#TkdhMgY$Xs?dG`j
zj{czQhG+iUC<c8g9sfH<P1E&Esb!9kfRnKrfKmCml^43VX&9IBKov>m#9lvb7~SDD
zIG?g1^N6uaL7U`bPZU2l95vsxE^Mm==*F96T2b#->RY_7It8iuN*)O>k)iYg@v(QW
zea{7Ksd*ExcRQ5+zUnY*{c+9_wF;q(8h}EeBW62f%_+vTWxIIi^6ajy=}?;f_u466
z9jg$|?nf5EV{W!4`>U^{{j7V4=VkS1QGZ25;Z%1zJaay4TW>-7?G4WR9;LP!UA^<2
zuSZk7x+~Di7uS0Y`q@E6<r4M)^~dn!_jX#fr-4#MdEGD3Z>LJ~=j&~)CvTkFPKqTb
zC9q_P79PuggEc8<zA03khBd+MAzxXR$WZ~$k9*c8b@H|^ygQ$${rolk*~bfY6g)>O
zGf6K#K!RE(U(bHN&MnB%h|y29`Y!(w%nMYq0lom>?u9l+7yL#5^o(<)nZaBvSDERd
zrWYyVEuxDX`Sj&=+fLUU;hmGxOMsOrbhq-bSpGFvIcGjKmG$$r{pJ2c5tmeTo#&r9
z<sfk-x9rSPr0@AqVe8ZAJi~FM5+nWcO>>Uco)h^L0bd)=>J`i8x9kbRA~37}>#yek
z`0wGdi<f_Tux{!;EQ|m(q*Wap6u|j25To#`ntw@9ReX~2N8$tKUMQPG&k`urcsB|<
zN2Rh4kdyW?sVb4-Fl2Nuhf;9C_Xy3@KB18>19IYz!RqclHFlI-=;IkRF9JjN6;4}-
zJ3y0S0DN|1r)AY&=66IX8iR*33CxiEKrI7IA;2XR^gVJs!&6+VvF!cPND0r!qT5^c
zg4|n2;%8tQknG;GvBE*1*jd`>Z&+<qJhD;I<JCqC+(gyN+g>kcFx%lEJks4?J4vXS
z6yThTmJC@Y2`j~xHIQx6Ow|N8Ot^`Mrb5=Z1(EM3>)+?M2!A$)usWXL-g{We4#SEe
z3K6YSft0SF(qMKZV$0W-m*XkQK<X+e%*jqO$c6jHGjQsPcuSCVhc7`I86!Y0$?xS+
zbGpp&IP<S4T1WQ~wVZp~^-_dmWWAO;d=^{-__o*40OMnioY-F~hgNX%WMA@;Wxja}
z)fkK}#dax2Y<v-104eFMcYUbo>yG$f6i^fR&tFlHC!V~Q<<CRG-$I;)Z>}E#6(b1^
z!uHgk61WS15Qv>@J*)>UU0tbD54RqWYMJ3xszlb(qM~X$z#UVDrw{u90K36Ixpm4C
z2SIpVi5>o@F>Z@r1Kx)Q00jd94&+DCdR$>7rFCfC_4JA{Cifv#&q>$&9o}zupchjP
zPD5+#4wd*~x2fHzF!Zi|r(Aqv0=q(wk|{^7sPWXle1Vj%cIyCu&7;48M*0}psnnky
z<Dr!zK<ZUmQ{(F81;^frK<Pev#Yxzr^We!sWnW}c>BNgi3VnPdr?xuJh0S`h)4&|>
z<okZwTHbgDFiQM6Zi^G#%KMKvpozGSaI!C=^Dhsce>K6e-27ag-rZQ-+3yk>*a>y}
z1qz6wCheU;eGlalh*&Ml`Cfi3Yp%UocB;BqT704Y{0nxy)NI|bx!7{}&QSVgNI4G|
zK*)m3$c?;!9MvK_)2fhQE)K9uS*fIrVAoU)=Q#AZ6vM4b;I7v9x5mLp0X~28Wzp+j
z#h<=kAT$V^=1!6nhaPOs!tp8?CP^JOE6(+w1z?X|SxkiAGIb;6Mw0q^+VRsqWffz<
zI>JVjpy{n^CE8qCX5No+8G8it0HSFH>#nulAEqK8D6)D&r8d4u>>f@TCOzV$m?oV7
z<39AVRx@7{QwH!DqqxJctM6-d|4VL+YO)wE5~9QpWyv4K$Y!b3go3*w!x$GRTto4z
z@8>HE9YRVqIVtcJu<~FP|M?+;=a8)apT9=%=prfc6$<ik#1xG4(HD^s-9>Rx;D_GV
zf|fye{{G=}0p!!gV%-RJb+X8?%^R^BUrNi%=(8E*o|1=?)@4{kN>+L)8X|@jdGB&_
zp#Y_^hntT?YGmCa<<I4Z(hERKhd)`w70#c<l?qfXMXcL}=xPr8T#;EKPLC}u3ssno
zi&Vf^+;Zj8E>C_r(<l!I^dr%(K#<tX5IHzFERSRC<LV-VpNi;o=fjMjib;lzm*Beu
zJr%LoAoV~7m+VWP2R;8exu<%z6u!S#cisT`lqFjA{ymMNoE!%GXl1wvel2%7G##WR
z;oaIPCL~Mv*V*Fk@x!FPR?8W(GK_)vE(r9;9g=wzFK)pfWO1YLN~R-<d)d!6v8-aW
zAIPk8#up^F!ea8*0hu$wyFCc&Fd{apY!;@5fkM)KspaM_^UIiF{Elxkl&)nOu!q>r
z>izqv+MlJ+y;b)HtEtMts);W}&}cYuwwkby85JtKLRGyTAMYxH<gb5Ml^}y9mTn`+
zWzRSgn_qAE5!P~<VmXB1_y09D2i@zOZv8DJ6<pdg2_z~jF>`Z|nBhRDb2js#B^9As
zT!2R^%_C_yT$P9q`d^E2b#G3X@Wfh50NB*UQ0I~XCU-~;(C$1lS51OR8OR^^ZsgN)
zQ*%%SN@X_#p&BuBvy`!PAphBy-6~(cpT`EHcVD3}TcJ@`2Ma4~bU<6W2?ymBpb}==
z|1CIYg8}#C@uiKJ`M3SIw}+4t#|_65Ve>CY7XZtyv)^#;y){#sk@t@PR7zN#rM$xD
znD2BoB-P1)f_ge~U&xwA+vZUfWY*nW&cR$0=5#kqJ!J;SYI4Dd>JB1qV%w9nsW(U1
zNk63yzk|PVEYkmzv|#OW=eT-d<m(4JB+2iQRDXE7>hBZ<RHxJvi)Y@NpP|pZmM-4S
zhTr;VUsUjzgcmh``TfR<Yj)n(_pR*T=j+XluP2DDQc3*j1<J~oh8l3k`++Z1dTiG6
z@w6+kQ8M<p<P(ed&-OIpj$1CMAe{aAS?PiIaji4huU=nwF%A{uv;dSB5Ry>y!!GR|
z`Cc#lz5DmO4f46#`&domE}k)Ec3%n4`zg0A2B$fa4uijK2Le89<ZBkEVE^no0mJd6
zuiTVoLo<z=MQl#4>|Ad38Pg*qOsL^kIZKT++Q>1oJy6qH@nR|#NKF}#^gJ|ARx2HS
zw3;nHvd^@G@$L8?ea~Xkn^TUs9e0cVLH)^+V^t)Ep%R6PIMvAr`(n8L*~oJ$W-BMo
zZdrs?u0L*d1W$w^kWU)bxNmH(X^}vFD*kr4izLo&NRbuU=YBj#YFo(V5I+)2N?8*;
zEkhq^x<91?mukb@Cauny{~9T%FG+LztrimC@b2h83+<Jbn7!O%>S=HBA)L)6_%!#T
znLToBrJbmh?I~YG=L1xNc5`1(v63QAuXU;keeo0oSELH=o3%2ld?!u6kE_QZ+xVN}
z@^&#3T_RFH-$~#h4M{t0p~Fgc%^OT{KG|7$fBqFt8BhmDEET<a9~+yvdq5^cs3jj>
ziz|?oUD))4GeXL3#exjW+{KGXs8Y(}Q|M#MC}@pX9ly@we9jaPabZ<~n0Zn&OstZ(
z4X=|4J=YRzefVU<IXp%t2kn{J-&Z+cKE8pW!y%_(BVsPD8J%_#gat5yeA8#i56R?I
zmWNSemZ!&QdE{ZAQJLK&Q_&DPe1uqLrWp~0Plq))CUNX>Hp?h>0uG}Jc046F1-k3h
zx2c(2F^xdiMcrvXP(G`XKG?iryZ7?&?6p6N&D_Dgz5)wcX_)!Sz^4rI6?41uk%k+O
z9^=_f7qp|PVW~RYttG!ET%*jZ)xr|{;~9Y~{~(lAzN87gL+!=0s%{jn5ofahBC*br
z)9Ka|WX}1!2knckx<+;9rdvQ(D{!AJars4d2LL`{4h^T-u%<F{qaLK$2&NDM*xX+`
zhgv=HEgRp_K3ESKU8;{fJ-+Q^_hzc0?R|}o<J=9Wx576ixD(6jr2cuaRURZOgr&#D
zldyRBF^SpdPP%lbOS&J7Cg)y~glgS*a?eakY=J89K5}%Sod3Nujrb`&#b*XjB&0B6
zs$t$+)BeQ--V7<(msFg88^VqH0<-PaoQZh{ISBTNEufIG#f-^R*jzDZM1F|o=S%`<
z(8P-y3-!+_2;op2>(${$hn7*~urV(ZjdQN@vIzS@jLSH6t!E*WW|zbU=8L~Ru9?tB
zIiB>dr{4DoKbvs&_Mj++xM8Zz(rkhMX2E!~;nGS9^bGWkuP52J+j)Kt-9oWB4!m2Y
zwzzX~#58rD=MI(6Sq%gMb2SXVx&UJK`YA)x$+w)29>1?`gd0xt&-aXKVhcDA3P2nP
z|K~CmQ{x&R$hlhC_mZAnz(-{M=zLqGYMxXqs$eJ@-Sa+3on*SRo7F6)ntttrk4kpF
zX+fGFF@znWVHj#>+W)zb8x`dyhh?Azss5z95Y1F057bhXcP`$(7JVxHe_X^`0lE3+
zp$<?CI3Id9%jZq)=mZ-l$dvaKi_*3qAOo|Lagl)Eao=4r#E;d3%Z^G17#hz25$GoL
z!_7YNM`mIciwa9T8xM4$DE`dr9~r;Bo5Ey^`uZ~3)`uV!>rb0OdtgYvHJzPw=aa9r
zYo?b{MUBUHjMo8@QDn@sjk&p?JALzflf!t&{C(gWv0<mx@m5In)2*Kmq#rA`v7)MT
zM165{9#W(Qm9<HMl%(L>sOl*CnYTVaOX8LCKW~noTl;z=-NQ}{JkgJbx)j%?H?~zx
z?oJRNYQJ?pIE)oFC+ZvTnLC~keFp=iCaa1DAgSRsJ2BE}9u7-8lJ%kcWo$j}-Jz9?
z8@b5W=1(jl>Ny_I9@RRt^Q}5V9l8C&Zz>r)g8eLbn)$Id<DY(@G*f_<<$N!3H{~lj
zZvAO0vJtev8708?_l*3vqfUn9lax8N3zy@cj21;B3poc`>_B#bPL1B@!{|lDUejn&
z^>?&Rkfa=v{c9CUw;2~~u67OOBLwJ%ZMbQ4k;~Xh(#Z+}^GvnU1tgT5>jNF=r)Wjv
zh=qicBOYX-CncEr-xdIfVD7gvfqSL%Mm}1N4o|1r%q=oDDWq+=D}I?53y9Q}RzD}?
zLlHO|$9DSt3_GM=qZE#yhe-it?_a;7O{c2ICMO^1>)VngSb%IeIC$eBKL%Jh>XfME
z-+emHCS>#d!}I1BJBn^#IhDOSEGJ3#cLvp;hyEPEdI`?4eZeTTEJi@S03@M2rKZ!>
zksykTR;o$o?E}%Z9K#O4gcO^TToN1XN5C$CP(l2hHGybWeZei#M@Z(V<XLn%hQzFl
zAw}DY82d|2d3j_3?njCoD(l~qVU9!dK#SxHEVe1?X1b{J6F<K*@iC-St0weD$+Q}K
z@ROiex@-p2U|>E)?X-Xzv<IG`GKJobg=Z(iOYakyBkGjbUIe6Fc@R5kI>JF9R`eB0
zx!PxP%6~VYLF743YBtnC_H@}QDA=p{(oWEE$bxYStroZ+k)#O6CfE(UZ4&<^#!vmR
zR%f3aawBj?9bgK=?!ro_O0>)SlQ<?YWC-|&Z=nvAo!}!PqM{RA(-0$LESFlh4$+4Y
z&{^-#tlkg`<&Z)s7u?#Xp)lMO3x8WoLb^@dV2jCFY5c#|K4;N@OcEpyA&0ZxFO^Wc
zVkFXO8a`N4PpCd&v}`wS&x`yDUtF2~=7Zml&~Nj@YHG8!D+{0)KTrB}TlkK`a3Lo&
z?8ittKgMIu89ZZ9x!oPg6do-4^xCw=i(iU>idV*I8WWx_9dNJqvQzp3qf1N%$$Zpz
zOGblo!S0`Q_zoCMIV-@20J@0P<!RHHUe3PKVS|XWu2$HPp#XRBOdyF3KF61@cVH~1
zD^Z@aa?I<zMo8uw-a(!@F=CQ0UEB!UC$JcwB7aF+5g#o02i48_kN9+dc_De?AeORV
zKbm{}`%*IDV&n;5g_*gUGpoXF&>zVPU<mX~6-3yKksQ`f7FxHa(p79VMW8)2^<TM;
z-fVB^N0DEA!s{w;bTw(3vi618@Nf+$Qbcx6ge#Gfu6*~M*lFj;W{@#tQ$QNw+*<Qr
zd~KCAQLc%LPr7h6Y3|Z<R`+C}lFI0ggqXGnw1HWJ--d5WF-zq=iLIm`Us_70!6ROh
zUt~hfU)U%DtFcZFc3y`{jqYqg23WXYEhnShL^sCENzAfj9;g-EO4udcHR5>r>?pDm
z7akVllY!3WXn|Zxln&O^)O3D$!_wm4cUItr;k$HTO;Nj&n8k}GlRZCnEFc$9BX&k4
z7)hVd<D#ro`myvtj9m??!${8T_2qkViQQsOrbdy_6v3f~l)H~*fMu{T?pVSN765xL
zo=9zS*wA{g?0JUS+&y(5u?}bnUYlH}vTWPFiK{D=92LsXp55(c`|++?N*8(qkJ60N
ztXQ=!;|(S^s=IR<`as<llb3HE`O*Gdr9Z6b@-Z=6HxgpWO-wD5dn%P^MbcSW?f5@$
z<c^j5{d6tppO;TCLWAv4Kj}W$O?^$x2~$a&Mtn#q^(FSqwI;fegAV}m3-KWG|4BNy
z;1|ISghN=A3+Ub`E)j%LF@!q(v<AS?-NU1}AjC>HL*gq@j(sP(m(SUI+I?rw&BeqA
z)&7r1Fc;MrltI!6MsDQsCUT>g!ICW+RuKUKYpS5an*%K6FnTg>6bLv$3kf}-La?{}
zP2c2s$|bk6S1PYz2U~licjp4mUzk8JcE~IbX6!3gUF^{R-C_0ns}2xB%zoueytWom
z5CH31SOq7pKaAJZqU6_jx`1`mW%*m+lW=dZ<FC9;P6Nv+S7d9e$F-u8aXXMsJOVBZ
zhzHy<UAyexO_#^!yST&_d(q<FS48=R7~Sg%vbYpxC@QmC{Jg0T4Q60c&o_0O7Zl1M
z`g9V<zwZn003C~hiWLy0P4~{7(jE3GG0TVldvo6%RBtRpaI0INLjV_<#%zyJ%7f_#
zTlcZVY*4tAXCHQZRtrKq0BJsM>|MV;>|*8MQ-7`h!PhF<s)7Nq07rk#Kb^+_K&Qt*
zK9c2mN3U~0<I?N#U{oRdt$bxnU8Ek85=$1V2_KCJH1!KjdLiCT!;R_>#;*o>3{x4T
zmw5Ua^AoS-{o~vj;biX|h2NkB-kQ*c8!q9S!^{tVwBU|r5X_7&iIAIq+e?l(Z%cbB
zOJc8t%$FIYdUgd;s+lGHIp6J@0I0g$l^^1aNx85hi*+(?S#w{@NjU~0C!1f07Nodc
z$>u@5Z@K@4TNjyx^QQx!7e2-Wh`_^-rJkpA_ghwe{q?3wJRg=VRR(zr;dw*1N4fxp
z(5kunsjp5}e-S6ee;WQlO9VRi*XHhWW19mH51yaN!MEJcKbrbWIf?%JbXIO?&)y|a
z;h!CNuzx!eNKvZYQwYub@AH|ln*8*SqvoBn0)8JfGzGm>Wm(I78P)W64*(<A73D<1
z^KF_#n?5_M=q7^<^`DNzkEdlY1@FXZI}LkRu|gDZK6%}m_hm(gjr!kfSg3HDLebhH
zYPY0aFdfOFR{rzYWQ=!o66o}Vhvz*QW@nQ#=Bby!@L4sX8jOF2j1+>SG*A34ZSi&_
zH%b`xr%QpKNT374D1Oe&*!j(30+}yUWR|d|rWXbt7fur=;sPg+dGho4o+ywWVcP@J
zBmURZq;)>R7##cUKyg#=Law^Kj1($@r*J#)#qTV6GLWhSLazIl8znYV;7=rv`Rfvk
zp>gj99EGyDNWhFM0uA2de1xnzA0v;oV~@P<j1I7ztP@(O5oXJISi+aNdZ4C((85nq
zuHC4~*;OW!A3t`|oc=)(mt7{!0dg{xP(UNos`vvaqaWLM0}=(rBd>s<`fPqXIp=-b
zW94}u%IVS}ShdO}A*h!t?Q#S!nV7q}kz?iOP&h=J3lFw+c^Oi-ka5-{YPY@ulum+s
z#6}<m`{RMVlkp**M~n>dMHB$IbsEigxz}y#6k_}JO=lt$=+pd;3)&}T^vxfde_xf>
z57hQ+*Y_7+1HiTBd$Ej=YhZHBT&JhC1T%4$3numCA+p3jC<s+nJ^_cSpbc!$D_I4}
zmBFN&G=L8+k@XG>oJsE;1gw9e@Ok%a7L<idQTbt6RAP)F(_Nq?LQL$WW?OMBu8KvT
zp^C$3Bsb0ojkXU`e&%dnmt=AA;aSE>|B=ae-2s5f&VM|6O0x?l4;4or-|1-B-twm>
z7fe#oQyQ~j5L+I2B4-Nue|rBdB*6FlrhKFVGPG=1V}_6w1)r%^k)K^~l_Z{#c_^TW
zB3Zb~Wu7T31w&Au;XxRFIA}cJ1P+KmXqMn~5ayH+-2-|q)0^^cKwQUifEDYmz*ifQ
z0E8Cze@EySDFVA39LvzLi(k#jStaO>;x-<yd2FL4%K*jBpGbEwojk%v^hvpWmrU<7
zme`%5O`KC51x`l^!zYF-tYHaL9CFw72cfCEEJt6P|F(2+LcJi8#L~;a+}^|ZLPJEw
zf@`P&SUPV+vDtfir&;j>mItdL_|+`sz~ZF_m{EG_b-CS(hf~v&(AVMKUXHgD%X%51
z9FgB1w1a5FM#+te499orJ~=%O=&^h&K=)NGvq(2_EkZ{X{QzC0`)Gyj*ooD|))x*V
zwWW(w2HP3U_qRnJ@D2Cihr}Yui76L=H8&-~zTF+SwXeyQ$2T)Mz}Po+(+H~&<d|;3
z-8)=N(H4(;$G!@LaL!xr*K*s57&7Vp=gtn;*0*qBv3qW(Z?2>4CBrnvJBuNj6B}>W
z_pt9Q4~X$wYn(k5dOZ^dcK@$mx`>oelQU?<<y-<86w6^a=D`&05O8I?shqv9X&H8Q
zXlk7Y_u26Wq`NfOr?12n8-Rh5Nw_oI3)t~#o&kCD`8{`IxR#to8H58Q59o=sg_$0<
zqa(+HYS4LBlRAUYToY7nd6zkje@kDG`z28JHsOeS*S<3RiA44M*$Tkc10S<}UZ9oL
z(uMEJlhT<tT9WnxDi9qeXDXdd^rG?s^$4;f20I;y)H~u4&Uc&Jw|$5n$sS4`fl@AP
zb{DzS(kdc<{`~nW1w;uBMptSx64iWWn4@I-*<=rfZCvD!nYhydorhS0b*W=0BWCb&
zij;0KxCkMB{#}9)4g=)V375nXGiv|6T@snn&z-gbPbFE+B(ng#9ATAAueLH284vq5
zHpUO)CjB1RDzY|KumtN6uqfe=Ok}<&DU%pV=kGKKjF`psdinC30Xs;wmb6r$u~A3v
zJqZ(F#AWp0SD9T{z#!F>todV;gN`b$a`Vx1jDZPtblslVn_o3w8LmRx4s+y-b-s|v
zT3uYomcPozWkrpCZ*P}PYC-~uoettHuqVLCDda($3)tq_j5ZKjx(Vm|IUtqZ0y4~D
z?f`DQxjF8OOBjP%8_9`&KRi5~O(0|TN1i^Z?56nQ1~_kogRsLn>P_e7myPgq_kwED
zU7+Xda&h9C)Q1D~c^oDy_#>nKaj5~PE6okY>@n8|H=haqG^E%3qHYvmOGf48NL2E!
zHqXQ!#EmV(my6g{x~d{<3Zz_f0;+`JL#%ldmEqo9Yi_6e70B+uA+G*xt39(7iUnP6
ztYN`O0w8c-!f6f4*u?WB%057q5J0bQU|4fJ%vIxX*_x^W{NthAyG9;g`N80n$ZoyY
zw6gJ^y!AU=snw|P!@@STX$UExzA_g)c`og;fK;xX0&0cJ5uSE-c7v(65ihae?naNt
zAM#IOA7E%l^6J)_PXZ|;#@Lq$Tb00_L{pkARIN)}MnAGRsmlH6ZN+Q-s8+N7hDX60
z>t2zJ!{Tbo3aa!SZg(Cm)=~(@!P+o6LpPjS?#cNkzZG)XvI>I1LRK(ccDoeP8E+50
zQA<Fw07!d1>NP9B4hdu($gyw{$UB~js0PT+%wMXQ>5QCZ`pATLReYD#VO5X`2x7()
z(}3ysI>D(U2y3OLPt%mkAWBTAF2TXZi}2Im*GnmMjzn)2uYlflz^_?ig?-^G1)Q|P
z4uGG(wGG8k%XnoYh{X~E(HBM!rCbQ>g8W=a$^!c1Sjo*ogZZ3Wh&LU`3{emro5E?e
zK;;(5F(bo*>U#$&b4;-WKtTBpSS~7Tr0A5D9eVRfIC9J7@K!qTm1#TFmn%JMu=IoA
z>(kaHxmGgLT=dI|Af}SeA8T2J7#6|>VvyjZ7|lmfCB(I$-h(CPBjdx2x<!hs<P5|8
zEdgAtQ#SSSF`?|m7V)n$fhvWm`klfNMXPG(!2uQj_<2`s@>6$UVrzdMCKa}#98{Yv
z<QLC?ZVoBNCXh6jRA-^4|A?2DL*w}~OhY9RPH+20P43AwH0$+5W6nb6`VnfvSBQbx
ztqSM$FZPA5WPiB$YsAqzl7^OMIVljeN*Ka;=?Ezo(kDESH(MHcPwy+C^d3y$OrvvB
zdYTj7{qMef_~sg7K1r`G`YM+lM_NMh3(ar&In?D;mlp!><a@q*U|*LrO*&%+y-_ww
z!y*}{yUJ$Yhex@P{SB>t!^NSFbHd!AIyzndEg|IbGC0=-{kxl1;UH^u5t{PaWG&l?
z6|`xhA&Z^EL>Sqel*b}ku1RK#**N5D+H93C?l)r_*(HddP~L=6O2A?q7w0>m1!36{
zaS(S|P#mz4G&S@+G+Upxphebx%t#BI%>|3^G%F3Ny2GW&V(Q3rg588)hZEZ}zF+gU
zZ_;FmxqDWmi{x#coQRJe(SPvZYUj1t=q6Vs2Gu}(7tE%@V(4ZxX|+mtSfMCXehqzG
zQiGo*8->>XE<S>(7RP9<BQ=osI+lH<${Hb@>7SZF{nk9<X2-^FRxX15ccUXR7L_?e
zDv#hX26%{4bYa5>EycN1v<~(NFyy$@z!^P(2M)ip7Q1kt3kkOqChFjR0;L4>ac4t8
z%rL@ppq(#ZW}g;Hv}g);(FuF6kJiWmFEp5)CHO>DNd!gR--H(pBkX))e7unWPIl?i
z&JONe-pv*hws<ShMJYkFyllBqCnOQNo9DKLSRctS+>L;ADo)R}jscZq?IRi6nK*0n
zEdsfVp@265^>0OQdm*|^C2Ue}VuD<L!NL`oR(|WP1P)+aHm#@2ie*jN&=9spZN$<o
zl%}a+_E)C-fMhj0=DRQMT0Gfc@(yuf5hOGk;X;vUjj))`kA?;d6UL-7?=Gd;CxE&Z
z$zkrHiSbI8c9c9EI)bf4_CS_&!Se3Y+kwpX_5=v;i_f@h<Qnip1RiOM)cq4Jal#+$
zKiiXGgv+~o(Q@X>zCiHjO!8q#bUd$uCBSD56rHF(;AMw%qZ06TzwY?mkVr;6k>0sE
zylE}l*Zazz9P6gg!ToQT@Rx^r2M<FCL#?R@-zyT~Q9#3P7MkO-$tN>1+e8kq5GO*g
z;KDKv;so-po4>$Lm#zib=~I+xu2z-0$P_gm9W;1U<S>ZM2^z-ywah#kB8X7}&l+b9
zNrDkt{D@(bf%c>~1t7W&nJzw?%m(cK=++XxD8(7aH_@<}p#zI2yBi4s`zP-jp0P(l
z`HH%XcaAA3f*zBb^<_<sj=d-L<5b}+o_bhmr?d~$9}xwV41cW$C1L`5rdYO|#kgAu
zxCv~`AIjRfu*#pzj|bOQE3BzdDEW&y1N!c)DNE*!T{!_pxgeIA$GCK?W;5|J*?9dG
zg0{VRqYNBjd9Cm^pY@qweG)ybXDTbbE{2IX66&F&Hm*TsG#YF5KXLNg(?hx5)Lya|
zYy@v<LSq+5yuZigR#WnLUku$Q&d~b{5&$x*Tlu?k@9?U}(@HQd^5U4;v;H_Vu^>6C
zbUrc-@5_?U@ApLGoF#?4U<yCB7&nY&>*zGR(8`9kB?AXIBaEG&PanJZIh-ZAWOv*8
zubj8<s`)L`)w_?M+PG*~U}?4GIjjg}M-vNY)Uy!iB2)4<Aksf9mHSKnwCc`l$RLMr
zex~lDQzq$E8f<$@Mm{>puX{=7A_~ZEq_WP279~4Pos5sovkx~JXVTHsuvGk#+o-`<
zry!1nb9{VRVSL2dna=Ar^^BwuPlCJ+Bnv23J*lZt1^-qA|3-iOoyPy~?7W?IA*<o)
zhRRG-Hb_$uIom+40O}txt8NfG&gr+|SP#j(*LMRH3<(esvYQ`rKO$OSy!Zn@hv=*E
z(>#hEx`{{QZ{i|wb9#)=Ya8^DvTF%H=h}-P;2akbM|f1cay4ZBFgUbij&Rb^G4KGW
zwBHn;w6q;eE89d1n`yuji+VM%>rRd^N2i}bR~}OYBVgG?v22(VTC}DtS>+PJcegKH
zjt*aeL&Iw8R#kx)25RVuFMU<dUQ4R1S?z7(<$df9%9xW01Rt9OqM|j{Fg{NQ^B!zV
zjG^7vciZ#M*_iEo5so{W9#HSxwEfkSs6OCgu(a!xTJ(a~<mAFzY-75~>E>q9B~Z2h
z0*<P4_<Xw4cH$=yaPWhN@7)wq0Y%K*I2$~q{fPFK#STT0U^?h;rnJ>)dwM7<-J9px
zu?x)o#iEV51vp2OaT*hf0J1^dO<9N7-ejQa2D0mFrfb#=qbB_r9NR#>?R4$c1cv1y
z@_VUL!;Ul&u|pkrwv;Nw@HW*Upab}12bptb@o;F_BG3zMIiLhAE#&YP_f;1`HIkMq
z2uC4AM?mMn(^+hRI;Jk-CGIP6X}^%3*QV#J&D^tgUW+C(YWHQ$^Pq|0D!j15gVsP<
zpX@O6{EA*Kco@3j_9J0Ucf(dVU-2aj>*lmK8%>~}ni8rb&{+SQAFrJ};KS7E0Z-$L
z&NYYXu7@Tef#tfP*+ODJFHP>&Z?n;wMN7;I3JKisE5<2>Y2)E$abRk+Ba(+xk_;aF
zX|g*xkKH4^1Y$BiRICo>6wUXbM0v)(MZf4L$RAPjBQg266B}$;rLD9-({}L+Aw?n#
z3kn?}{Y7`*wE9oZ&kmAFV0EI+p^L1J`B@yZ_=9CtE4jbGqnduZwB4oN<Wz|f;2*-`
zPc3GYq)siLgug2g@rf^T(O%ogXI8mUTMT7O%3D$TOT%y+eDV<$!L3v{NC)r<(CVB5
ze_1UI{bsKfzoz$nsxSHCtF(msK{39Id6^+tNmlhC1TtG|ar*Qu;u$5g-jy&>P-_qd
zbSH7S_AmWtUqTe82Dif0=%&5!Xf>vQ2q5Aj6sqFs7FJaE9Trh+CHIX{&MmnotuM@;
zq4c(8OLp`aM+rIkIva8Nv(eDnA*Qq-6-f-`(1vTmFfu`)Unf_$aZG78)7PUq3McAh
zgg=<3&elWnL=O;Df6G?TFuhx~xa$k%{Qcn;yy#;+Qsw;;?pee68BS5<iH5ho=QdOL
z^pFH{L7+nG*a*qI!3nD&Gb^qegV~)iNrDX=PE?B$ZHVW-;oO?e`D(1)`?u4c+SbJ)
z&5u`zy&K&{-ax3aDHkv&KzD<T49AbKoc6!7ev`y3=7oa%Hb<<ZwY8<)>=%|ST?06H
zUob$c{QEwTRnpO`fMaol9+*nd-A4ZLqfH$!dgkc1&)KiI0V)J+1bZ|XK|snRtAzTZ
zY+HymdMN7&@?MvSi`AqZiKrCB$ki%=jUMHx3|9K#M@t^0QtWRjKr2!i82)6|=kp8D
zV0J#aU6780cB(mF@|N}V#_zLi%G1%?LK3`}bDyX@n|Eep2otnIAFJ2$ad1yb**6-C
zd>CE)77Fic%e{_aeH^*?m-|gYp7K8ORSL5ZesRl7L!Z9p<IJiui8t}D!0*JosfF4l
zi@|Z3Xbs4_=>xvvxO+)$-iIj(WBe*^lbNq>`yRcB5PU2#dmEW?bXG`vQ*I!-jNHj3
zn<@Jx2R5??)U+Lnp>r=+UQI3A2psfBNCkaJ91~b?O;!6BgQTkMN`0dNVk~{aa{bx&
zdsg8^A>4gdKHc_|T8u2O4O>^GhpMirtG+GR83^xRpPceh-Mwx#<X4d8jDtv;=>|U^
z4i3kjc&*4muh-WjKu|rUY2i)MM+2RmcJu`&5~dX;tpmkHRmXLj(y|}G9tw!2HDARs
zuPS_w6cN)H^|V0QOAA=VA=$G8VfSVPhZ=3Cc78w@X1#m3xMz%b)9o;7_CB9j^WebK
zdy4z=VByLNuku*X9+}(9QVr8!?g`$^bhb}?lBJz@z{*i-+-mXTyo1fRxM*W2fGQM}
zps(piA8$x)`a_oGz27yv^Y@OjuTMgE_1_&7J62}PV^E+ACdv5RC^o%O>`MzIpmF(D
ze^gC;8H_WZXl{ExTv)}#Rh5dFuu{q-bAD-fzjblimFl5wGZu;Jr?9U15QRmGK3{P&
z)!f!P%Wc3HJQ$`!UTQobV|ld#<cOq{2cpG18KqcL2oh*gBuAFe_FVE+o)j0<&B{Uj
z-G1&MtJpxe*N_oCir=ofnPMQe!K`@g9?7>xq-NarmWixO{>&hm1h6cL(*B?JdsFU>
z;@?(IfnH8<Qohke=5)RqPx}*sA<}GD{6+HP({@lHzdR5)|GY8V4E-XIXT+cM#*?Z1
zG5<goFgq!W?+0O}6C30E2+YTIlG@r?eH%&T(@MGg(PzMY2~S~@<)9f_nkAP3-;Veg
zSepmTt@iZ*7C4_lT1Xcq8cJWl&9U)KdesWo1|11OqtoYPqGZ5E@q<uIg6bVXMzN)-
zAe@9X^9VjYi0f8Zl1NDE%}CY+qKO7e+iiP6qP7#LC%yJ|mKl(P%TK<X;^bD^2Y}3Y
z^53)DvNqnWp+w8aQ{9%-6af%)a!{$jACUt2C+GpLn5@Wq1sZv6PYg#V?`}$4^C)m)
zGkrvBdf!W@comXT3!JzoFKe))3X{M8{$cEK)00x9^BHkwd)##}Cz&yVP)knP#z%$}
z<mU?I@m|m#^VlvZwFbSb{4OF5+fKUbDIJ91e&p#BtTXSXE@rs<Hs6Qnz?y`+QbDhm
z2IO*2rWx<yv4V|>`{GD<{IGnq56-O1r*-bQFQUt1^67vQPJ!^R(igb7O|v#3t05ir
zDyWaue^%yeH7^x&-9pVQp7e8u-^z@)#uz^{Y3%SwHtmRGb!v*}YZTZhfLI0w2-L4#
zmm=h#Ve}I2?9*Q)W8@g4bYwRg1?z0i(+MmA-xS1gD?&`-xZIVEKz_z9bo5CdTo(J`
z1mB<_l>1}0ykuxES#7_#QBla3K=egI1D`PljKIhFPo+fCX+cs2y`Flzh1As;%0%e|
zi}J_qT#U4dD`t;rWdtI9Rub_%8Jo@Tmzu%dZg-Fj>tM15$rWYyXk>}JYnJrO#R3OA
zpb6$ZySuyK2!|iZga}$Xx(!`6N?{%p(~ZnNWH74|Gkt#I#-uSP!SfI&(`f7rXs_KZ
zaJZM%f;mI4gAj&lvY{u&7MsI@EPde<#!=Zmk+h}1TaWmD$Xhl?TD@FvP3T_3U*nzc
zT`ex3Y6x-q#XLS(lmnG#kG1`&wDFe94ukMB)5kR)6hdsb`vwLbHXSxgaFU>uwfm~o
zhm9zi<OfLT88ZqI0d}i9lO7bC+17F<#sE7-d-eY_`e<4yVTLPfO=Pn!G&G3J=#*-F
zA$3^-Mel#75=hzgSaV*1bQLFRD`JdUI{^V|fat^woo9!%kWncjmrwb_{@><e6cXR1
z;>Vx-RujEwFVNM5-ty*A{}hU&4-P^CG7-6q@L90bXXCgv(htZXN*As5X;_`dJztgo
zcvhNel0{sx+_XF`ju|EsKGVAciic@_MpOgi26YEkBbDG{xz_QU;^5=iGV?(g+GUr?
zZo7_r=yCV5UWEs|AEBb<0m8=qsknHHfQlv{pbqqUWAXN}<Vl&X@D4T<7NhN1gd+0a
zl-RI$DN<q#yBDtmPkmTucZseloo%JnTFsmFBg7Z0gco-I^ZNs_!P;#*E|5P?4C`UC
zw0-wE8O@(~t54l2_xpFZ%Z|F}b~b+@Tp(SJELt^3WB#~`6EcPDiGu!#C^5*@SIRCA
za#_F2xiK-)()6~g+DuP7(kVS5jAdx!CHSiyvej$Gf=+h&Y)%R$6;Vs!I$H@fkqwsA
zuXh!R2YCC}vh~f07oStyGgB<(C2%*7kainb8&DCEBSpd)SSay=@ev#JcS9S<VZ5I_
z!YIsc0qPi2r(6Gw;biVn^v?aLRCJC?8&4D&K#2FefGC!{KIg|XZ!+pD1dNcSpI@kV
zAg`{X^2q^NWgq%8#~A;fs6qG$E^0cg!)WLXZ0Oh#a>Q;&7Op!&M(pVQiv0&K&-(Q+
z)}Jg#eNS%brrZ)<JkeP<#0k3QD*|ba{XC*5ZRT6V^n+Jb@k_!4+JCES{c9I@gjZjM
zt(KxcdV7Zeq)29|zh)FQ&|zQ;rU0N7l*M3k`acN~H>#%K-|*4R$Wp4F6*gh8km*pF
zuQYd8+<Sio2q#Y94dqBuj||>v9`Xze=f(Z;>(?^}hqrIv3LflZ+QaGTi*7q_u^<Kw
zrqQ)$OFg=#4K)@ad>$;_LP&4Y^{Vr=%Xxs$LMz|P^XY)|fIx~Ogq1%<_KWZH`DCRt
z`=g-n)e%C6dd?ro8?i#>5dtK{h8f!YU1oC*MEw^xiAw?$eb_h>0w!Xvaj;(8zO>a{
z(ls(c$E;Xf%ygx7UG8rEyR$pF099;bX}SF2`A^4$I(~3SDJHY*Cp2W;XvKJ;#cqab
z0Ticeu^&iManvmoLGx2cQba9ac7m8GKD^%9_|O$uF0WB+QZp_wAP6z^xY{i6gkA8i
zyp9fewiuQ<*L<;uhX=|X9J<KbZ=XR!S>PlUDeG^OCG7C1<XiU_d68%Kk^%1Sg6j_k
z19_@i$m*unEPG?kQ&&7By6>zW#_niiie<u8wJ^PmMIt#}e12~x4W=@@srq#M9tk*L
zQu~DqW8KkOk>!<#3*+hqRw!Bq!}^FU>z|bReUI1K_IJ+q)3mAqMXcaEZ^b+tg^GO5
zM*@=;Knr80{7fjLh$;|DHXr#7bNAk&!sE~kt`X?Fh0>-c!3wo88&j?{X-*AVF``Sx
zwqA`1^sd!YCWg?(ixhs&CbapKJ8V6jf#vy^%&xY}4OwE;qyDofocN%n8Z3i-OY3RU
ziuvi0uKm@)8hq`z?^5&HbC3G9F@3foF!`nNsd?8)#J3bUai`_j$vZns6p7R4+3rA2
zwKjJ#h+W2<ud1%!e$GxRP8zanpUezliR5f}p+L>0fY>6fhSUMj!Ts~9tIaAq5>43z
zTdQRkl3)ef(QI{OzFw^uMJaY3zsorB?e^0^L3nX?L;(}AVn{OmJie29G0`6RQ|d+Y
z<?SI@KQWWhuJ%5qnIpXjqoM{B+bU8_mee|h5pzqUMpgV{AxNZlNwQ-wTsIG&mN8hx
zCBEO#dHvzb<7Sq~8BGqJUTw17lh%)(J;loO^$sAAS`*WY3AfV(8#6=jUFLj#zH2zx
zD1BX-Odgf!?0V0dXXMLU{q>*p_dFsr%4U)>pgjIR9>IEoX*$22USCc~cXJ9_Y6P*I
z-HDi$;?U%<BQsnuqD(cK`f(Bb(0@GjV5~CwAvA^DF{YJ(v%Rmzh=&3TqxXg-R}{p`
z@xVGQLmnF(6-7BqHEuCZg>7UcKH%7V{!F>=O!`uXu?t8eE_<7&f(?p+d^2$+zA3lZ
z30j@PP}XQF=Jl%`zfVPiyPh9e%tz&l3UpD>Zi6V}DR6Y))b79<(1N|V;xoPMxsaZD
z`GerOn^5EXUxKCv$J86FzC+i8yky3PNy_;0BNI6%8GOpGXN+C88?)~&26E_I5_>y*
zzqfVUDQDxWCD$8TpNJOB7sh)-Ku@av^e>EC?>J#%LGZU>ff%b_fB9Vf59ws<wVdcl
z%dzWICDlpiW18oB1Z9f1wC<urdQ*FkuJ`0_id|~kU+r(0%zro@{uFSTaDDW{m(`MM
zf=S^be*W2aUylV;YNf>q0FZRM04U1M)_3Lb`xc$#(R7;+17=mVAoh=tZ5JO)b1*C_
za8=4GgWV|cT(X<5sN<ZkyE}I>!?>5A427HzLT4xzUf=z;MSo(U922kR{ucU$1*JFk
z`_Exi#tMW0)51w<uY;`0X}nT>QE}OEJNg<>_p&WbyCZLzJRe+YyQq2_Y^q5qsv8Zd
z`+2>T71vw+v+em#RNKW|v|T<3(tkhV5%S~3c+QUL?``VqeaTNRk4nOwPn%cS8MyQJ
zov$nu9^17Y5K`f*xX{XFu06tdqm2C6b!7Y1^zvQr7+>+vGt+w?f1>rCKS|q%booCW
zaW}n~!!Kno`u7E3sjN2f&0a>2z~x&RjGhObLIc>4vKWy1=q1Nf2VVw~sp20#lnVy3
z0O!hG2Jt=Bf8k88t}dp*XGBbV(PHilFIDID`*M^N_i=LV#IJwy5mq8IihUF8mkMH7
znqIF`Wvr@#`}3#1&v+};QI9C$MulANo1^@94vU7qhNFeJk0~wRqv4Isn@oI8l~mv@
zk)6f;FRm_(hI<!JuL9;l3Oe*2NJ;}3SCIKlm&GD;Nv&`EF1yx-<!tF0w{&sHSW&l3
zi%gvLCGWY$*1^ypBhQ2aR3kxY9JXBaAs|_82PO=yRi<kltgktd>aI?9c6rS9+_`4Z
z25D@h!tU>Cs5c~G1%0vy*F2pW7jHuG$vfC&<nxsWDp@s|=>!<jg=z(R<GO~fI}!u5
z%xy2VqD&oJCcjgeH76e*b~GnP$zV;X?jUfL7E>GU&9D@R$8}UF?Mu&kr1yI44oXkQ
z*U>N;8Bqf4O<KXvZF{Z!I$Ti3unffo)gm43vNA;^ZuJi2hPFBHU|5(|3Uk4T{tFnU
z0i=|dVRu+gOx-Q9qU%Y4E`fO=nQ9hu$i9S^%^*NN_DMXr94UtFd^pFiHW`@ZHhiFf
zTDI9nXFabxpNsc4kMm!Au`$imc!MoAEB@@|HTmlwfXH1xG2KyY$!}5xy2_a1O$P)T
zHb)|MX1QQDNU4Vtrp(la!Ds40T@HC^jiIqJ|KT~$+hH!$=<OBiJSY@KDD$NW_cZ&S
z5$F5|J_BSRnmuddSey+bM6|tBnl^l4c6D*OE91JYeK8_kpTTN_YNk-&LI&>uM)1#B
zuRU6(1^OKe)d^#TD>!g|<Gxm7>=tW|i(cATVvhi}1#qH>*1f2WGS|2Zg6l$;RsL9@
zm?#wkJ%8%`1cH&hI}Jj^dh$571ieWh_qgv5GoF_K<SW5}haV@TrOX>5@0)ju&!t4P
zHm<KIfcJQ~G`K_>Sbcp9>BX0TjlBA>)-D(PrZGy>CH6)81)yE_6|(XgUF-e?r(2=C
z8a5El386~AQo7sIj$7YAdPzp8ZrBumcmkRS7V?}0A?_`MDvVaEt&iX@MRaquw4jw#
zVn$*dJmbGXbAkYSi<CWk*#y3%%*|&7aSc(pD;?lgMgP*&z#B97tEk7c^XvjINuArh
z%MI%f@1m3!9TyS20e@P@jlx$*2Cb?oep<;Q0UnyG3yr0;2blkgclSweSDyY7SdXWc
z^WQsnP6yp1r{{4ANNw!k8woWlAcI-eVSFt?WBz;HfPzU!N4J>avG|>WGGym%6GfEv
zLS$N|?aTGotsd*=Ba2l*@|L4Tp`TiuGs`%M7=50}eft1}WQ_K1w$+@hY}A!RMolrn
zpkYn>>S~9Yk$^TX2r@GXuFmYAp@qYqiJnGAS(g^P-l`Nt89X~_*eBeavlu6>17jns
z4UKN01zteheC3Mck>9ViaNBRGSGxDY@&isy^(A`;f=&Se_sKzUqvmbywteS->*(<L
z?xmq1$`tIgrQYk^TW6srak){N`C799E!!zH^WIl)4CB7<n!Yx=0PudNFK7K3kL567
zL!`SPQ7h9s!c9lUh;uuzW<lim6p*WbMMHNyJXWas^pUIb?MCnK=L7!SSOFT1{)ZEX
z&R_vaF24-?;BGnAzS^UW{sRlk3I__P(Iq{3r{fO<x`3{nP2rzA5~Mvav+14>6Vua5
znUkS!)s%-)nxX&C$qo76eo!!WEt`XbD-+~_XI+XC{@~6{5yd7K=ZeO%8RToS(fY*b
zbO96%c<<P#<^Ny+F8`MS2rmVEzdLr|DR$r~|2Jaa|N5IH{Eq~W|9?Ck-4lR8*!w>i
zggyUv2I2qnMSxR?RwPTF7CQ+4lsT;H`ePlJ2Y(B1q&2@DpqhDW7T#9PxpoT<bVR(f
zZLkCYdf3bDmfr)8F=Gh|J3*D4)f{5yfCD(KR)eW)1ytITLrIN3IrfehTJ$!7gqP;+
zmJ3YfsScKbY#9V+!m-2vAcf#P%1Am|+FR<G9$)nI&G89u+{mP11Sdq)y?;N=cAu$9
z#1wtFBRJ?092sz9Ktx2O16b^5u=cjiw0YE()l0w;kEYO2hWsH5MzI5Qgt;-MmzS48
z2$4bKv+tmkpw<!m5~~R!W8B=_Y+j_z)ocz)PFE%FWBuQnqkvo=&eAsx=zoPs7UFaT
z2T<MByhmuIUuleoA@^z4xs5@iY(W?>N6~^FULPE%1-vv#+---_nF}H=EFkoC+VWf%
zhh_tg$Os;RJR1qTm6Zyl6zqR(B|P}?I`^H`2~cYQIWOnU1G&CpMsPYIV|o6&cTPaI
z0TCarCoCj1MTBe`She=8cOo9HTdi5dOdPj~!8Abk`QP*bUI1z&eCv!!*hyt(qgt%3
zYeAC&8`Vwy3o9MFrvfkr7u|9OXFTu1)+OFMGva74aXEp0r=$dMC%~|bVt2#e?K%;+
za?gGsaOeMG>#f70>c0Q)nW4L35TsR_0TfATrCR|(7`g=kk!DCKX$b-85)=>wks7)M
zK}n@sk?wl-c*p1d{;uagu4_2w?6dbeYp=ccdcPJdnzh7_hVGM6U{VhEEDds<|18xt
zSqhe{{S*aZ9|S^6)>4oIKg-+7^DgED#*J3g`QM1L6+wijfZmL;nKC*Gf;A+^$+#I*
z(*f@Rg*xeVDUjX5LdMU2Jgt~(=S7Z|8K(WZei=<KoSy)JcH*aZRDK7GN;m#l8vSKf
z4AZ|2gy$Up8QUP7k8h9nW=kr6$KpLd)u{>ik@y^N@g4WspCj8UY@7gLn&c$Dt4BuV
zNms-g1}M!o5h=k`uRI~iA~`HKr3|DgkyI;;TS~(zf|Ro`q-l0?RF4<*y?vSLM)54@
z)<VLHpue;bl?oLQ_O>t^@oY0h`^4BSA#qVsC!n|KlH4%T>@)5mu*mkI_R5GF*K+63
zd`fCDS(&E^vI|qwucV=%NQzXsQ$d=min4m)hTXWsYd3qwf;raL9M_6uSEiqhSRnZE
z#k9pTjAuY8PrykJr9hmNKZY(_VJa7F2?=#|c|r3Gh?BIjaJyXJO2~-@F7|=Mi2y*p
zi=jIEz3IX0RlfiPDo@T9zdygDP=cu;>UFLu{qbi!ZCccOj~2(M)J7zON}!IW7(F|5
zv_6|Bl9B)s4C|*=;K(KZvM4HhlQ?ielt=DyfhU^`%IQaFW&K*n_)Vpw4y<dm+96as
z*AFfZeUL~!d%7;9zT*%VTiau$<;q4ZMBEHNY5KaYgmQV;^<|we9ogzwQ5Fs@K-Y?=
zcmD^BF#t4{{5kI81Sr&OYjbzpMx_X(3<6bZngpQWyZ?6D>~cqPUQ<kk-lG~9Jwbo2
z!KY->b8UErjf-Zp$^!$y84t0@y63J$E^C`f%wc`&o#ecz?9qLc8)#|0G}B@@c{^G=
zEP=6glFl`rS}L)xros*tr^CGpWRH%`@;=FrXnNmY8&V_<P+rW@@lIddj{|znV%jRi
z`+LJCgpPui6vl+-CT{>?SA#`N0oOT19%rt0aN>4t;h~svYbQiMfpIbtQuWaib=8Hu
z#n_PC((~pm)~a3^8YGUkI26}zS5414ly#>RvZ8>3q%+c5(sqT;2R6yQH5>PGG{T1K
zMhkRo4srdanT@&X2RCaINZKwP;V8#@iKbOAfQ%@A=v2maYptP!4sTk0!*{V*8P96^
z^6cjUYvMafO!v_@6it)2f?}3k5gB^DF;w!?b=mlcLXeF>*SyIVqQl2|Ylw`XOHXph
z`ufbYuiQ>|sKa;_onu?|Macv2)oQ%oCgQNOy*X|7?R@<K&w?^7=sV6{7WBA&CClV^
zT1nR)3s<nk#0DlEqy&G9$02rDbEro=BH<#!BAG(fk_x#>wLHnh!TP8MFIbyYCXF5@
zG9<<AwlU9!J{!D$M!I2Gp?Iu-de)Tu`+>M0m->!(Mz0k%uLf(zbWWAP0za5>+eF!j
z$_=C-nvhLf`qz~gj=rnd3Gz%hq#h;-B(DMbyGqJ^#{kkcs?WMaHQ!j<ICF5yFBfje
zhVBlYpT|SG@H;Z1EJr~#d$TQk91A~HG7TamOKfz`#=;{Jpv<-MpyP3fyF9p2E^&I7
zgBto8&>+W!H~iqKKp3nX329sY#%|(aJ~WYM0~Z~mPA^K8Jk777R#>W31ZtRUt#{Ii
zu7b%ry#e7%xCLrfD`Qe#smk8%w9vxKqkA@H*{wjzEpC<U<b#vyA5$YM#<~Rr&w(xJ
z9S9;39D~P4FiY$P=Wog!hHvUB6W{Jz`QjV_-aiOdH?i%%eIeiwVAW$ZW}96L<a>_G
znjv`?jh;ilR@6a3>2nAhqsUt$@+iZ)&ltuJ`sk%DwUZ4GDsgc?<7Ncitl-_8XOu%d
z%b@R4ep&S;=|kr*0m4HGs!1g~E*X);5lo~j7M!02i*{3|S8mIWvlvVvl(nQai^(XK
ztN}YasaB;WqJkUaUsAZdwOKm2l!4Y*Xd}?hRR6^DnmBiLR5WQ!)F<ZeE-GIsLLAv|
zuskybg5do!zlN(%&1D)KI-cA_IXoxUGv|1c3=tB(i>?r)YaJwRiay1Mi%NO?9^H^9
z{u=Tqh*syDXmu#-%7UDzS6<<!aU85)8s$fZeZUs7HESD0m{~6~N5`<^ctcis$2;@U
zjRZ%g=!{zTiInW;H$JNhFr?&KYlW!}vCy_RTOh|}Ig~Sm#E-eq@a5LK(TFC|bw!PF
z5ipyxR`VhA;hJ)@l{g#(X(>h@<=+!xk9T(JuHjX@!Pj8Hsi+M|y74u2vS^N_?RCvF
zer0IbHc-k{@#)jDDrnSUJB_@{0iT70-ECaHc%m<h=c<R58dGU6Y9KuJ^h*@83yth*
z<`GS>Gmy!3Ktj8vixPYWtSyq=SHY@s#pcxJhHGK1wlT#^NFH~WF3sXyG$Q5DtcULr
ztDzOl_^Au5hjmfK(Q?_eSx@w|@)5^|);*nz0oZZZTYQ8R+i+7<g_Iahs&XCM3k&jC
zbNG=fSL$SdB)jlK2A7o-EiiW`IbrvwW1AfjBFa~Xl+$6+=M!}wV2c&wPm;q8v>d^M
z^>4{fyDowAeLFDs%O`SS8JT<48O)xgt@jsvoq!RyE@!o*@#0QXd5E^*BdSGoWv>V+
zpa!D)51xvV6TaZsK)!+Sgo7CX*2T+$bv#2?Qw|9Zk5`-C^N*o2Bt&d-h9pmEP6y*x
zs+nMktIAfP{={Z~dB|@t!EVyJc|l6#Iis1PHXFzbw#~^f72@*nN}W&=1Tlo59+aOi
zL*@;R`CGBa-92!EiaU75+U=$&;9nG{d^FAJ|KEQMGj#yIl)?>)tM8;KJwY%&DDd)y
zvAZNDj=7Ig{X3|0AWt-r+AVV4yX8^nOiu%D$O9Bu<`GKR@O{zO-D{89JNs8)8#eJh
zKxU1m-`e6|?xpGk@yN$&OlVg{4C}{>dRe)2m2WM!w*-QhDB&il-3ZIDyHH%*3-;Zl
znW>oT=Z@w^7lcwNVek^YJP*izi3-1iF{)MF?xMWUhpyo(&#5`5T3A_JdXN{qU>-bu
z=u0C*GdtW$z)>);gTJ+&xa@ul-<!_8PUgq?^z*hhx|y6(_E|=t?MMz+LFL$#4fzM(
zocTmN?wmTW{~LO`l(Yw_;m_q3KUT5XPOK?9U68eXJ2um_Ki`Gjc#B%|pL>H|%+38L
z7SV$dhx7GvGpnMvlJW*K%b!N*v=#=ko$;h_YZNsYKg`ec&+$xcdG`W0T-(`n44?Sx
z=Gz?4zs8Tt2@F0^tsq|wP)lPZzuE*9<7Y{69Lis${qx3NFZr60i|h=Mt6S+fZsY$l
zdKVY66|7}C?mj6$hhG9SekdB4UtIz#16leQ*hl}?@Hs;cb375ES}UPGo!@H=o_R){
zaAw7m#YZXAI`_PVI6tvks-e*7lnc#xKhb0^HspUjObD`O0ZpTW0A%XoZF6?u8{Dlv
z7#amm_Hwgz>#AU|%VgHwt>sFo3dP5M4hzlQ$NmniK)*+$40Ok%D=3=CA=@8A1WN{<
z3$EkZ1PEyqSqy2+u6#3mvUjF&=lMHzZ(rvMnD&F;E3GbKMo%b%ku&KPj=5$Dc<sl5
zer@_@dO+s@lv$C!l?(lzex-Fj59SnCnoPPe3iEzTJ($`Hj@A74l$m^MgGh9b^V%-=
z9*8Sa6Wws!-}#-*->^Jro(bkUm+N9zcGh6Mq@fjcBgzI6iyp9zuoy-EbI`n2kf5Vr
zb(22G8dGycU7QV|2EY&`5Q78aCiI;=*srLstD@L#UqCvKc`>X^NeC?1j)P!j`Z<kT
zZv?>MKKKS`ltIcXn}DRBC&;zDlEQ{%x{m|AVGia=_&i`o0XNIL$P{Os=#8`eUV>2^
z7~p^J<z)s`nqPrjbM8fv?_MG9HW0RkYV0xHD!20Z@7+yhyq_NNeB3-qVWk9uC-q6J
z|J>v_C;%&6!N~#??8qSp8VB`BGN60}{wm%QqxWabnTP42B7opYmT6S7wky9XyC3HJ
z#?4?l?b?h=WQOk-yrGdhi~W(wpszXD%OF1=4Mh^6N%Q__mWRStHV4kHtP>I<lKC$h
z#?QC2&yU#!4x6UbEzHj{eD`yx{~f0s*mqF%8NUsqK^qP%&W6yb-JH4@)`p}rjHJw5
zwF&w6KcCpT<R;@Bp_BQGTR~ZA;WcB<5=h_AY(dJUl<@a2P-KrqJ2DOwEjX5540&)t
zms{HgDPW*Jyctu@xl_B&pLYZ6;vGdkA{UJEzZIkWUn2)M$@4cM=~PN0T<1ZPe+EF7
zjTT*tvsB7dJLE$vuC`)@Ga=aY@xv6~h3*R!0JwILeZ=~AVCVP7>%azc&V}}B;CW6c
zf-@6x>W?*}k1})NCDL)|(8LOnt98D0+o?qWma(CF+UCdQ0*=<YnEC!O`}%AeT6-;&
zpL8`jZUNQo=j01eimMA~>#vH^%M_P98oD4$J(L9SZ`S6+NcY7*{b2_7BPviotUX)D
zZw0k}r2|i`1(m$cV}#QoyUga#J+>jx>)KVB%xUt|#rOX)I6z#e6}xF5PiS0m0t1hF
zs>yWsJYg}b1weKJ-=A$djPU=)ukh`kDa;I57-qLcai}T)t4_cqkw9);L;HT))w(QJ
zUWou9OSd*xB?yqb8(?Zi2v7U|^cGr7INV=1mllJ;<TMaEl?o+rvh`4EV~h%PJfY0S
zFA+@Lfh%zv@<e7@IzV&urw_*2OQvz&R%o%qGIqfa|FL0AgS}2%0#htYamZ#yL-H=)
z-Cw&ji~=HGFf0A_rNcl{28Powy4U={^SLq|(B1s=saS++20Z=pVRw{=J%8f;G0WL=
z+Ey8`EAiLoirFL=b$!Lha0SpJI%O|GK@YW0VAF<99yn>(Jw_{$&j7-N!3TgXLYVlE
zFJxBnH;qIXfh=`CJYZ&DAl;q%<Eiuo)w&+-T}P>^tE#aNB|F8w<W@(tRRX!aJlMQS
z!U-kV0$Y?A5DueFh{AbHQKW5+BR=(34vu01I5ubi-t$8k0@lz}fG2iO7n5u*PnK})
zo6^^SzVaGT4RR86S%Q5tIT4179wSVwjUXmG9SUMo#;2SGMT`LWG&KYdq#oRQkZ<eY
zkbcMSlX8Z%GyoPT(*s$1)a#fSQr;`Ct@`@M1RK4A<`kkZ6sNbWMPRKDvaS)!clKBv
zpFB`N&2@P}rV?Kace5P><U827cg-*h#|?oBc)kkBy{?S|12sTNK*_?u7dgFvsl~}}
z<F$+37C~E}PBZ&Z9uD=8WXX6*IScSR$0BPW!`|-bGvAFbs0^+B`;Z)Lc&-5`ruXc(
zv8@T_q*M-75|r}DgI)^V`;uow{)=*=$L6#;nd6n*vZfC?+<Kzm06ICD))cz@ew8CG
zs{?E22o!897yy%|e@q20kR3TY-<f-Q=VZMj<y?+>t!s<Ar*Y#PRHc*TNy`~s^G#a~
z)@c=;PWK-XkjnSO4I8e1u8#uA|7)Ux*jR2>5#7mLNu40^A5;$zt`L+UD{Qtt0y2GZ
zGf?A>F6(3CMG-R`U}aBJekV#w_8^0`u|`Q92I`>wdQ{lJBfEdkr}+?B0V6hJU}Oy8
zBg8ugr{cktpkR_U6_$)hWbR@u&bU$f;`3M54A3cmnO@w*?NBN{m2?ngH4=T|?dC$~
zW*)@RDHl^XUC66VHCgj~b~oesjg&vLmCx5^ybHA73C{!eym1UNhUAKGWl|$g2OpN;
z<@c)Sfa;n4uWwc?NtVV*8e84eNs<6I0a5g~m5t}XzPjKDEgXeuN!S<p5xjbcDRWEz
zMUF_YKa^F-j;KPH;qE*5=`i~QzNHKa8gK}sd9aSao^!{+Kq84oHK)@>z=i)U?Dt>6
z4mO!9AtFK+A#`{UD@0(lmrAHURVcdApTHqlY$am*=6sMpBL?CYr@~;)C4!SGVs}IE
zEEL^0kBGYM(jt@KRbkJzl5q`pSLVmYnOH>sgckVrsFmet@DcZFMF6j>rI%nv66%tx
zXtyivyUUytQ?Lwhd_epTzJA&eYGfQ`cRU+01qUI6Q#hw%F_*ycu$_&yYtPhGIZ_kW
zz=P1oi%+mq7aSSjH`|zb(eNL+*AC`6VsCO4L4u9%q3vD@q>bR3KKTITl3FtdkGvSm
zsC({e!_;iRvHrD@I_v?*Zh_0M)>KG%0`oUqqKdpG)NM^fhOPD_Z`-xi3XrHx)C%&+
z&(3yf!q_zu0>hl9(wv&rPu~cIOU8T^W8#!5XT>8zSWX=#+bzal52Zj-o^0^;rF1W#
z0#1Sk%C92$Lvxj&zgJgLE++oROBpya(Q_>>4<5HB)R%gDd&96(4>egCqLI+MB2c$C
zkb6p)@2CP|k;DZ%=$*{#)?@%bEZ;IA4ehYwF?7D<+$?|zzFy{?UR8MdoUyfLX|(jc
zE6pU>E*CJ1nOqWB0Xs-V&>~C+lu!C6Fu{j+Ai3EuzznYKw;yjB8vMsM=@7F0+9)*v
z%novmb}^0J4X|DEXRnc;$TbGVRe(B!5(AQhwKQ{ovnuqokQ-hD3D#KwDT_?ZLE^(b
z5=D;C>8WWl6_71Wy-m0UR$B!Qb+h@^RIV=>YHqH9@`p8L=E?B>Ht9Fex^juse%`n_
zfsgZtYc|EyAUgcWv6!QPow`ZJZGZyaZpT)k1ngh|Hz|f=kR~vYJRlR+O!ggV!kDiG
z=yR%agcS?C1}N>9#^OA;?xU!pjcUnAin2b|0Zc>uh~ortaZ~xmPtAj_Xqr&gIT+?Z
zY39^rTx?bJiw@y3HS!`@aXh8@h!7_C+k--MY+FSZ<Ppm=Vbwb>p*wY#`G7t<K9Pa;
zs9tRI{CM!0OZr$XDMPv36X<;|^mE)B8C?%$GLYtU&p7WfZY8QOb9{|R)<G0OEZ#MY
zU3hMWpVe|aixL&U9-?p&8Gls9i%J>rpPax;QrwA2R*jMDg}g$%yT8bXmiQbkKi<^v
z1cTQgmEQKws(P}}2^J$V4VkuFI9zC0?;Css?t2#%>uC-)<>96e*mwB|T|U-le|g)f
zvlw)hi0s$xO~0=cE{ls{9XW;XytG6_Nz?au@JZv;av#LkLM+I+>h<7qyNsE*&4)P>
zdN>RcT^X``;hE#SA6Y6$@PpsQM>+eu<Q7m9GeP^N0zwiLUb|BX$Sl8s*kGNEfmDH`
zuM+3ZnJzQ3g)m03f#eS^fK|pguO=4{6$!_6zHbslO18;&14YGGfUJP*-mjfcxp8Hq
zOUxa+3}y_VKle1MtZ0C|0hf{=-Sp=<v`BKdCF$9~oUdU2sdaWY%AKufyzxBG*UXQ;
z7-sBH%nv=dv(F&!+QuD}10x3TiV!gzPmksF!jSVflK!bU6%MmL1dyhoynH?AyIV=7
zsDU8i3R78{FrZ=%Bt-l>cShn@IQ3;-niaz`;KdLuu*_41vqMSoUd*v+KY=cvlbDvy
zd<R@PJnTjF&u8q*$Q48XAcAU~BVem%OjsW|cGIxGvgk+n^6-*XDkuW2@Sl79X=66T
zXHy)TC5>8p{EYa{Wz5`dCIwW<M+ADGPs&&G!}%JHbEp-2N-0R4`#%kmxxn&x$Jg9=
zjD726J4>oSshP-%7;Gxcx++`OOe|uF+f@z+4ptN<a+t3k=N_8H@}=@U0lY9B_=1X#
z3Gt1EhyE|J^1H$olO&forn3LNKiJoH$zuNs=cjy0GwYbO-_e~qxE%k2Cw6?{p@x_C
zm1-hFa7GPsdS!47ya+5f&|v9msAULEjy;p`wreK38Zy98!jVqBXuSFMD>qv3`QPo%
z!9EJsEc{kUObo^J8wIqcg>1)XKVh(a_pa?sbEM$)<%-k*0#G-lufM_LEg%*C)72^{
z`BDpQjKAy^KznV!8_Jr^Xha$v^<OKPc#lc*{kJ#6>md5<1IhQX!MhhLLOUt$r2*9T
z5&&8Pr=P)+J#zJ2i&pt>JF?eC(R6^-q%06eWmxxd!~WO^&koS92W^EKF~$F67Muf2
zWQ*OJK@s0`f!9aFPst=E%vJxs9<%0ZV@CrzQzAdIB?za}=i&?;hXM_+BPBgJC0Z;g
z*OXq60LP=Wtf_NsdMF2CfGKh2o8Cr~^f5x4z^X~`S(n6f?^seq5gQa(_MbayqKeeg
z<W3KpFB^;3s_jOaF80fBi--sj^rzo;KKM03jcftOoB2n8UvlFrUX8mHP@>;^+;Xfh
zt+_DmaG84Ls?Bni??v6r*?ws?4FO271a{ob90*S6pK*Oc#4t(OlLh4rkdTnXKu(DR
zKrGvC25P7=HN901c`)v>@&;68yFPNfi{YE$lI_R7a>wnrql{etYaF|o>#*UJM*8}A
zSeSTC3cQ_Ke7h3e@K5|L@bVk1I~cBt*yOXP<wxft^q&bg>o1mSX*WfmaK^^`loCh3
zzy7w^|Id&`p2ZhI<evfMa|}mPs+%GTXt#a&?*OF2w=kfJZ^AMbO$W8_glIxAuTr)i
z+B}0aj^zGNJ3dW)|E?BnF{7M#UDkoCtp;*x>U$leu#iNn2*!1|JP1iX1K1Nlv_1wa
zx<moO@5cd;%4R-N-~Y>c<E3FZo**k>r>Go%3zVnI{!p!msxrac!UETJ9Tb0zBqwA(
zTV`;0J;nY^^(E|JK3Y|K>3;*2Q{MjGsxNws5@|_(pB5^D!;f+k05ec7D!U0(sS7XV
z^XIS>orFGyyL`Ex^Y3fVQOqWQH9`Zb5H!tD??JauA@>C_KZC`8dKq{inOz6G_dkR`
zG;*DbO&bI{2@@#p%m4YN7Xc-KyFEhQ1`*eII4K=Dl+a-F#!vqwD@Zi>?XCawZ}u`j
z!#;x<I%0@W5Y4wQrCR`DaQ;8f*>2Oi<i!05h-Cb7JZ0Tdy79q3&Hwrj<kbaFy$^N^
zT8$EPObnlmhr(!U4L3TjYOcXyw;0-nzG5m4a`X7khFLxNXv6L5vY{rYeGdAk%p$|>
z7nW1fyy)Y$znC;UCTCk%@2V7t11BTqNCY-^8*SD>nMRBVyC=!m#Y+9J3+1jZP)Cll
zl?Z;XD<3;l?A<~$U-}fX;pu~{L=4Oa_#EvYN@~Ow)KQgX_;1PcFetFXE4Z~`%A9YQ
zxzQ+)!u(0QKrmxtVRv@-@SP?a^F9n+|GBz286H-6;_v(VP)#;g{f;87i(6Vq?#W*t
zKS0?;&wX9>tce{Q`_mOhga5fST$#9bbKRuIWf$b8>4hXWfX+8ZO@XE^>QWOv)=bpW
zlh#9l6adAic{+lOTiafZHgBkBm;W~;dbfM2+9vMYA;aK{z>mbUqX6^r_ps{SR-tYi
z(wm7L6li!NmIQ!1Ul(<gh`wL^&vw@DatIR34jgPBgE9T^c=hHn^-HY!w*Rz|lQ*oY
zQ7P?EEmKtQXICgZ=&I$v!(IG1Bzg`NJ7|&IlOHZPZu+15hB*^I`~9;+X7qI1OKUUj
zjZVes-(v}!(l?S$7tkZp0CqU-W1liD{1Q?j|M!Ste#UE3nmAn8jWfGCd!6!^>HoTc
z2J&kClx+zVUp(G@<~ZzAXb=7M<bOXi#)DyU0q7OsG@&8*I|>&(#Q!>jX`}v=pY)we
zu=Vt)#>H*xn$?TBE6`^I|GOL~4qOgOg1!J83FQ|t>AtMlg2wE#On+N1CSy+Qh|LPq
zpLIS?@rP=5#AEm$+fx4>?OeQ@-+++;=#fwo+}m+S5zI{B5v>1vL?!;wQN!WulJ1;8
zceeVsE4vxsv%rX$UIXmGXjAFbA`j8cFbC}KUH|K~ItpL_81p1#-4^`i=w_uZIC<${
zjzfcF5rSTvG!C9SH-9|UWNLmoT>A8WZ_nV5kb{5&iKv=icg#oMTz@h@lvexR*Y^T&
zk?6bz^%je9pq(Q6^Low;(womRdah$qk0!!pP^W`2XZ5F>9_?k5Ugr$~H%s+}xBOpk
z1~MeeMu1|IYB2`6wAkYYkyo((x#IE=&wssGUr2Q2wm{k~UV4S~q^5sRLNJj3mElOu
zgAS0oq`y~7*%q+>YXIa-R=q9=<OBjAKtceSD)D;RKkuUwUzp<@&3u2Bl4qnmpBZHW
z02x=phxOQX^A^-&H{3J609qPGg_A(&-bm>3Ub_r(sj2DLM)8(oTew!z5)g{W3kc+O
zuVaN22;aT|io;0~f-^&}JUk3+Nh1u&Rz>JSPwpzgnSl4t4J0D(ivT&GGpMsPsXN2@
zO&N`;(OhO@$D%?N=HWlSDfK}$fi*(M)p<8oy8h-5Sn20SrKG^LUs`J9mi<4sBZdC{
zqi8-ISeS|n0Ogvt)cz=*pLmjzypB^@H)1ej7WE+>nTrq<4|VDNZs#0u5BuZ0<G`Ah
z1&_~2k*rB+w-K-*#$dsN##g0KjWO3`6d#!p{_3*AEpA1t;^b^^;R?Wj+^P(d1XJ&*
zY9xQv+m12-!v;MB_OEZyKfLXJ0hmKct$NsSA~}l5epJ6&kVeZEAfJHPje`c0Xla?J
z1|#kXk^ND?N=c*`!rext#bBT9O0+@YVxkrXX`_8R@YS8^1dl8_^fo`8^t~RiG|bk)
z0BS_7_{+ump8vKQeIJ@`CLbNJT_7!2#R|AfSIBNzQE(XY359=eJwB12LL$HD<me(K
zwGn?{LpXmdg|ieQf2*Xv24cZaU0Lb&2o#}Q-5#!Ip+Fi%#FNNxv}{wvL<kZoD_wjR
ze$IJTRU;K%=fb}^+0WJzoem-T70;hwF2Bg~6v3H0PZyck36K>s=4LXFHw@tw!`3>)
zjHHgz*l;FoQ(nEVujpCkZvG0IiwF_}TY*a4Lm+9c=WZHyYFbH9wsBAx<8aRt#EN)E
z!<lmf(GDSk!`NQtL&i1zqPaQK4gxq-Ug#<-wNd9sJpKmdF4pBc2f@#l!gw#Ji1XY`
z%g;(2^}9I))Z5}5KCA6qy*eLA$!^zHi}ZY-fc%enj#40Y`aamMm`=~%Lu-wyMG>>q
z3K1zVfK<}zoJ^BuV&9z58>E>O%@rUmdFUaruh~%W*;k7h!nCBoGIlg0)UBTcI5UTt
zZ+!G2m_cm$?;w`JcyFtD;lR!5wHP|fCoZsP+nAt<1hh!vAjS3BluJKg6Aer26IpLR
z?CQ$O+Vip0%Con!c6wNk@7TO0j$b<@M38Wb6Gy+jR;6Bq^vp$qb;Q4))&nT6VLK0c
zHX-I)YTs$blKHKk(jg%_!gU%XdDTNa@tL)0g0{44ASZG%y!Y8_F@*pGFxms*`m|TW
z`oTF(^Vn&NFNOpz*5`d*kJP<&Y<Sw|4~e+Mvw#ec5vdrC1GR7b@=T|wFsgB`z^{RE
zW3fMlGxZPt>MxIxB#$ah0ixTBtabJGOwo5TiCGlBB%4sq^TiU!PY1DN#4zIsq7Kx}
zCHW4WS|UOxtulk=dfrlF&NOra-|0g&z*%iD{3S#{Je8@!n^i@ZIPcAku*C<2m}86*
z8ITBhgMk|@8?AyWXdP_6tODeyXnh<}y1JKOarckK0GTT}D>~+e+`BsyY$|zsORtm@
zlT?NnAKMe-gGkp>9!E5s4J|x+DTx9peG^9jCPn_RguKD-=O%zabrha{m2h*c)b?Iu
z41IY^mC4DT<loCEOoA?^pT~j>`hb&8K9@=JyuD$^GMUwDtL@;f@qeO1O#3B3#d}lv
zrDxSQ!vQ<Mu0|gmdttCv3YaxXDnzr#*H8A3^txxay`^l>*P!PKEm{Y^LT~z(>%*i%
z_dUP%;)nlZTK%~!AL299F;}n|RqEO_VDIAF?tgl(CE6IZ(Hl=)K!B{N6?b;F-`$t!
zuSo(2L#C!nTb0ZWeb*Aa{GO(kPq=1uAR2pITNv8*_xC$hu;m^<$Nsy?<{an|{XqxO
zvuRK-REux_L#5l*6c|g7ChxdLwEGgtu(_tm#qDCTnN93dAy;UV&!$cZqq6oZ2pdCt
z!psrX&XTT~eVpV@Ca&v5>j05J1A5pRgsmq&VMny2Ll?XW0+}M+4CNUeG<UzoQHjGa
z2r#PPqAdSO18y|Eo(>A&GPmj_=-RNLcSC*6^1nKgd2pd?MlQ4x;99ny`3k)(7h%4D
zSfb5WC@L+ZlXM-`jmzpTw7Z~)c`hpr1uQ!CSq8NKfej9hr_TGBG1gjnU=JDaas47a
zRG{YzRB&@9NJ5KCd9^W_f4@6<gX%de{aZ*?C>WqrcTqoc5w)dY!kUroa6VJr?5r#!
zmf~`R@5~_3iNrI%$tq!yVxudPkxUhj^4ZpBFhgL4Q;0Of;}gqR0iguLIx}}!9b&a8
zf!Jv6gE|5nDm_JUqS3UXQQawD2ocWyA`!$2cCc>8gB6?<zVH14kjY!3HSFkYVUEyD
zAVn$PVXipZIICE48urNa7_R^5m?c5X;<~IbZy~zqp#;R2Q~-3x@*CzDV5x;Y?h)jn
z>gcr0TS<frfi-M@y;tnA-$R@DSq5}W|FSP_95Yq5gUhci7%|t<Oyij<9Oih5=eSbq
z<b19%Y?u-4tzD$cf$C19nuZ@V5;*++UI(W)^_Z{%NMVt8xq*cB^&`yD+*}w7VSfOV
z6cREo8^(H+g@BH#4v~UF5QUM%v)jO>xN!l2Lk(5PYVY}jG8Oz1(xcA-8h1I-#U$*=
z#E%eQASxnofeZTufu_BCQ}S&N&*_lSZ^gz7WN?jxYBoTs%h=PtR7Ol`SWY6A$i<M`
zVT~!-bB6CN2{srWe+;|}|0jc!J0xz3wS`j+6?;{p1}K}HrfSSSc{rWyj<Z%ejJ<1W
zx|6sC`S2pPNP5o@_phKNlE5WoaRwbDOnLVj8Vqx`NQPkQ9!~f$w$^(-qmT3=VF?EX
z$SWoi4G;-l8PtX*iHeBL6PAR733)i1o5ms|wA`rnG02|0ZZ`Mn=euA8rgn~6&4&*;
zEO@=tKfHFATdv2oL;V1txk51^o;oit537p5`OMY(52H*N94!E18HXVzGtrlU3iam&
zWKcQrS}KX%R4p)LjqIQMl<t4xp;8;?8k*8G%)FLSet55Y&C~}F@}9`t*Dq@t;ot>r
z9{RkT<mwp7)*P})GaEX3`)n;%1@*)lIhZ@gOZxr8IwGvu6-yruph?~IZSW2ekwVjc
zbFATRhcD{t>HyIe2n`HLG$&xsTpOm?Dl@FI?KU<-{ahc`H@$M@ify(Cp%XVCAlF|s
zfIy1_j)T7yh=o_tqCO83y*^#*%v{(N%lzC1aK#2+O93+4M4j7>!mSMPr-U|+F8+I8
z?kTlSH~H1~7u+L8eTYD|-8DR_b({#|`1xG8ob@B*kLh&9F=FD$12maahYH;0atEjC
zwIV8(DXqN##DCeDByFbC{)&@ToSx{Y=E?BveL_U|d!?Gq^)M3FJsPB_@HcpOrfJ1B
zGRKmDFJ-rd=m(4iWqh8nTz2~Z!rN2{%TOCjCz^)S268mOh_&0%Upe>}yS86V5`e_t
z7b<JUK_*SU$3Vj8i<1hp!HB1HIL=MS)&QvX)q0GX@*rRfLp|LdWg-Ne2Xn4U5tfk7
zPe^%|k|c;;;#jiZJ#^~NTdAhpf$M#8X(UyIiPP7fmA`z~d^oxHG|y5-Kvn|C6PmZ)
zN{>gr<hY2^f4nMf^oxWJRFlYkbJAZb*cb;d#hE;e55+K+z>&w@g3tG7TCw31qP7R?
z??AbXUJ_~m!7B&{%**K71M(hxxVfD}4!(<ORGq+1Fxj0g!mW$*)A+>fuF`f+Md)4G
z#9LTL8z;N1;H1?3{N4TMFKSP603ZZ3BT(Aw?12%8+8tI*cFuEKXZ`lN!`cn_$SK(t
z*5WWRzL`0ElIynF`8U&Z8Yx$TR|#u8Xux+{ST($9#LtBVg+=F86<>fuGeJHXRA7UM
zqK-BSB7e*hc>M`<J}osh`zkNGd)a4cLQny<L4nY&fM7*zdIJ{)gHDf)W=fJ=L@`TQ
zJ}AfMm8c=OzahGCL3a()0U}a0x*&H?8EnPPy)aw3&Kp!~JQ2(K2t&v2macDt5wnn8
za)gDnH7&n#K%`W`u;Hj`Ku7Ue`Mh`kycOHvv5WB9D+MTw*!OI^OUrN?NBwH3Ol!^M
zhkcq^kQ}~kYBt{8bLnno>54;uKsip;Iy*Z#SzVZ8r^a5nUIsq6>R_Ph{CHANb~zaE
zabUE9d+Bm}*Ob@$!msK<2lRs%v()>RziDw>oe0Z8gKuPa7&^ydMtKRTX6^AzgLi>W
z?0P1CF+`%cL#ke~`(QPmMEgpCz<@QOLN|rWJ{!hi1C>{x<+Dc2uA4Epj9+uZ_MOCT
z*gyaFKd+AEN8AI>n3Y{7diO>Qug71_1>g{nV1w^W>?0tHsm%k#W4YW*bj>?>UAl_x
z$+!Kqup=pE&+p;BNntLNn)iGY{`}MDS9dD1Q?jpu?eSQE#?zWn#2W~%g94HrO8Vm0
za6{7zGX91qb>}f}8d7(K(b?xo_8Pf@2dCn4n57wD2y(Vy&aV439lb{I6tk^yK2F-5
zpo8v&Edt82w~SvK*dPQ*yKXYb$VErWMYjOf?}twfgghgNo60Bg<&$3OJ6T$oY~bw<
zkmV|AghZIp%&KVPd`z}GVF9ow5OIaK+>3pPH@q3#PXO-2nRYC`1ej~Ic~bzgiQUcd
zzC#_gd*x;@X98wMnhq&|8FRgXj0veT8w`ON2f+MrzaA#4SN&n(_1rzB@+W_E$|nX@
zh&LeE0?s0JEGk=;m+eM_U|CA`0ytHFSh$8o#Ek}5=CuP-Bi+ut@Z74p2&UE3tT^=Y
zvYQNiM<lpGSnBYD-8`X_MIKfh_n@8k^4%PTZ0L$>vE|Z6p%us6UU$BvZWhI%-JjNF
zv(Jj^{`Z|Yq5E$gKp7A@^p|u;1r1`~Yj&kq)@&J^b5sOogA%h0vVY77a~#UcPD&i^
zx26JQaYEqCQ+xq*6HQPz`cMgf<4r61u^XEjaVbPU5**H}jo{Jl3332xar_*3+1)D_
zu$XB}c2{w_kfkZnDC@?+MNlYVLg4oeL4AJNsS|Eo&Y7MrgNftMI-bxPVWrR*>GT_^
z-C3Xy!8|Rpa%XSuB$=tp5MXWe<3I)Ty@MCxpIwLd0&yC#H^9JN+4_=KL{?;4&&>4a
zIVX48+M+rU8jRu=WZ}yF?=P{EJ6dF{S-VE7(*nJAD3K*3NiClqA^v)ZAjND9)ta+_
z2uQ0w(sz<3xC9h(#sJUUBXEY7P<zIGK53@Bya*}=t-O?eI2r^<ewjC(GhQ0l!!AHs
zyDsL0=bwh1*#WGNoa`$#6Tnx^OjPE?Kj|{mD6H)(7y{D;FlVe{=cYE(zj}D(AwL&$
zBfvN_ZDty#zEnqba4C=+T-E8;9mgLp9LwUf5n&4e);A}Fk4WADS(vHb=UqPc5PjRv
zZM<<@s=eR51ah&4StU8H@B*3jhQ40j%d>4=_84i7Sob2$H5686XCeez^Jfq69txCU
z26#2>bWqa*pb_D^y)@QI_8;A7oRkWEe>3@;#B>_3^Gkw+7TGs`jVBXX1=8o>$m0k~
z>mTry_Tgm1U>^@=s1pJgt=y&(6aS3MyKZ#@gI<sifH())_u;z$33peQDh47?5l^Li
zJ^m8F<1P8EBh+&>EYV5I_fX9bnvVfdkP}BfV-{rShfuwg0CdEIVby^v6v)T|&TF2_
zzsAv8gc?Sudd;G8f<A*|gTV@^J9oU66Z$&Js9t7B*o?MP%pSax_0%eAG$zNHyF3~<
zyoVxV)?De5>(I5&{XhzehJl1Fe8@h@C2(c;oZo**=8y3vIQ`69ERZQg9VU57h_Iaz
zIv*#SE}&{v9t67xV1t8Qjz`rO#KNrACQw{Io)A8IG(eIso#%<CmLcHN@ORzUY<Y27
zF-Oc=##02~91PAh4*xul<`$dF_XX+u(&Jvq8m!B%Dw#Dnsq>McO--!lHX+84m8Z@e
zmEqGDd)n##gkmZ=;i9U&lN3nD^_ICP`z}QbZa`1mL&FmgVfRMFa^m}O<*agIs+9>5
z#A@+WVSH!<T1U?lyb&RR+|NI!`^E0~Yhc51X#*YmHEl{FaKyBrnA|nq^;gWCvwyq-
zB))F;P^B}(AQZbf97}a>mIhY}Lv);+;Fnd^pbjA+p^a4+&zZRC2({*#^mqct)C?d|
ztUbSpIh+He80Gg0Wmlm!->8*IjpnvZg6??knQN@hgZk;KxwR#1=s2e<HIS)eO-qFz
zKkp5&p<`y~ol?RLY=OWGxJGm6KFIe33(D6RcRiIpiRg9D_}0-dngSNRcT?f~;1rl6
zWcwO1Co{=Cl#Rf6SO)c@C)TgL{4c0{+S!vF5n4Iy=$je&8?^$mZR0>KG4X^=$~MvQ
zn)wDkf+R*kY&5@%7U}2~Ui>zX#Svv;oX&=3A?8rD-7rjmjvVy+8O<lD4mHS=ix5C-
z@O~Ds)2_=f%e#^nKmyLES1xKzzn|ZTogq|zW0HG*dC+`*^od!@Y?PZEN77r5T~yDM
z?3Du7+>1Fvlb|rc!yGcRkv7B6*H%H6%rmKBm<sMmAV_YZiq(4Wcld10xhe|Mhi}BG
zJS718HDHQ6ngq#OXMP!2-v3@e_K>VFZX{lF9G&w{c010a=J$x*+R~B(N9;avA8&$k
zku?Q!hQfnBJX9PrDdbYjUR1GP{=TSpqF04n{>s_3XzagoV%C)=Vrk^zn5fLdJDY9T
z|3p|404=M5gPH(Gv-$WgKcv<kg=%OyUKpzSy{wa)ig5gC<lT;i^<HJF4qF{-@v_Av
zz{@}vV9j3LMkFP0;EczsRX)GhCA(hQf2~n`p#Bq*d9}d+i}U3aU9IddK5FF9LCOn*
zV$4h~3*cIp=Yd(1!!O}-!2?%L0=?Aao^Ww<qD_(vQ6=#}T46Cv50yT#XSmmc5-rIa
z`sH}rEMCuWd+YKCp6MO@*0}VF3Iz^OAO?@#^Emz@6K`aS&_B8vBtTou_&s79eFd?=
zb`+oni7><X>E;CJ2yFq9Wl1-WXpuGiibv$_K{BFVvZq^5gi&Eqf=@`Ty1E8mL_eZN
za>O(HlVd&EMAcLGSKkJ;0R!;?w-W5_YL_i;Pu5*rZt{zNWOO6)+$+ATB@4y)DNq`O
z@O~mkXQsJ)>Jpa;aZpZ>uK*tL=MT(;xg&*crPM-E!@?142H*LbC)qT%fScNqcVOK(
zkRIAXlgU+e7>Wa@Kjl3-earTzEuedP+Om@^Zs`S_{JycyR<7jsyQ}MSq(MS=EOE`s
zV%is~QR!Z#+-^V(Dy|om<%Rk4(!GhU{BWdA>t8YZEO=2BGdp6UH`4ga<)(T^u!guy
zneiJeTPZ-7@jRHZqa-8)9eu*xdsIP-ZIJe&kc=0^XyLQu$I?>!Bu15#otJYR&4NGe
z=K2^m+jtYTj&g!v#_<$@dimGnYnTlqR&WWgUV4*}(d0c1_>R>@P1>!AkgC^o2uVTQ
zm8*Ot*WYf*<A7}0e*>I9QBt-V22@^KV{@3^Rm*zWkX$sIwsWFh;<m8Gctx#QHf7?U
zO=R8m40Tbf-_^Cv>@ef8GZ_pR-UgAbxsg@3=HEpx!>_*;G1k2Nl$%jc3k6n(z92iG
z@1`G87PG#{g2)S*X+5(GZ<nLU>D|Kq8g`}lyPOYp23-^d@{V`)iRB5ah9U$&xTN=w
zr;^0z{e2$9L(0d;3;Hpftr0NuV~n&82mVI+#|Hq1&Ix~!`SS{C^S#)VX`BeiluEQC
z+@35Z)<rGaP)TkFvq3nQ^<hJ{Kh(`@%$l~Rr~ly<mI%Pj<$RwP1p5V2_Nzh4gdt$R
zqyo^L3=SMLQCRpsIq)ZO^5SBo%f`<WQ;If2Tr*6dVIis{#mQBR>o+CON<Yq009q(}
zf~YgXPSFFrYE&ITA0|4!k8(%`yiQE`=1njudyJjRj$BM}`0}~Ap(7TRQ<g?cFZ0-n
z7Jz`b&=vb%^5Q@q@6T(iIv_H$252)RCJ=`G%KrZUyUR*Jh{)G>RMY^^<GBUv3}V!@
zGW>J^jHLbVKSjZdq%n09(jdVdh~J0nqgt+AEfq{T6zl7-Pteb?;-~%!AX3&JNZp%8
z8mYpBRk1%deV}-`Dd`q|k)d$kaUJW_H1I8cFd<<DT|7}m$sw$ri=J>6WIQz2^Y%zL
zAKX)#1_aP~!>Y<9q)!Tm+xzYV?22TZ@vlBmP=p63&Qv{a@pC_e{EXur{?`EHJ7<JX
zJMkI<aCA3D7*=%vGL^KK1K{_|^6q#i2>^Sy`iT8P+{uo*XrU*?g9Omyq84ADU!C86
zWDALM))X222$5hK8l!*BaJV;lOD1~4b$ih$ApQ?1)Rl6;<*!x4%JO<5U+Qns5$gvA
z6tG+T=&a-3N5D~rT@@SM#n3;UamU97Pkbg1`MjZNYf1KLEnI8|Qx3K41d=De(&sI4
zPp%PMbdX3>odS@lr0}JreKy{r@ks|gkh(pup|X#J@<<lpb*>s#37^Yy_dty9)&fx2
zWGvaRGT8=zn$CLxhN(J%Q0<M~eVpvN{Up(N-)9cuQ)sP7<rA^g!bZPluP0I|N^Ev?
ze@t1ps#+C5ufSwZs_3`JX$nTPk+TXS?`NiKx<S;3cnrv<=6$OkmhO&#1o#{}*y(i2
z5v<k%;GhbQi_hP+p{m=sbO;&HZ2ka#n%bU}@_qs?5`6>IAHJU@2IWcx>;Te^y8XQB
zZrNevE_<*B?whriJe!Weegw;>`6MpSe4paYvM;Wp_1@3Tv~J~;%;P<Hyjh4RQh3Hq
z*TJL`Jp!|4qEEM#@Ti2MsQ<J%@udyGJ%IvUkteI#O~7tb=C1SVZsLUNMu*W&7Yr;q
zGx_1*-gNfq>q2C^RW#zTu2)<26Ta;@g5y@xKO_y#B?_*-SBv;H0^>+C44bUjJRZ=I
z2!>DZMnJ$YPmveFH#gUFoNg>>8vBzE8IeaS1%~M8JTBlRj(%gN^}{TV&uPs@!VXBi
zR4HFYmJokf%W)zr$qW*+bFR!#So%8-{QlLMlomw@syBdef_wlg=L6$dq=ETaZ(kp|
z(v^g?163Xot=63HL&)vmnNJI{64IQ?<;+Cu4Df0x(slu_){0J?@om(+`!ZY4lefl%
zHAM!+-+gcj^4)lEL32XCjNB${&1QC#etnV6>ZBEkGFPH><sU<@Jz??hp#pr;K4t!H
zu-6YF((gBamUQFMP|xl}qk?h9UlY+JK?QeR2=9k6>ykQM!|Loxy*U0LO&P1!!tnU?
z!+1W2-+8Ls=MJp%LZ^|xhj6W5QRkv$iB}^hreQl$-lzu|s}Ax<2e_o(J{PzU<fXTr
z@>ez|oU4^GvEH@GtNIcY(TfG<fnvx?p`oVY9WYEj+SbtNs%H5MlY&dYlZ+B+KLQM0
zON|&mJ0jN31|L<)in+xP4%^|9(uZIVU7;{5EOYU`?ZsiV%C9g2(7h$FUs@Sjqj^$m
zm$tG#A%v}AL9X~wW>01&_L?6G(J{hR%%Xo%x3CyYc3%2f@!QW{wq)zlBsLrq<&rXB
zIULW773v~xZ15!~7Jm-}Yx3+?*mu7<nwK&)hgy?mU<rD<SCOLQ^i!rtxD@i9ThRnG
zx@(SqwcmV1A0_w_${DV+HI8L2vwR}Xx}wzk!-$1D1n*ONkL}|(Ff&yq3A-8eOMX<~
zSdAYqzs42TKh6EB1W}2$Q#Hz347_M*>+56L?KY0HFgNkI9*@mI@R~{K@Jg2M`zVPC
zj-Jrg*$D_by?9AS#PJF%#tB=~dJ<r!YJhER$Yy7_A#lmCQouNoAy;xRHFX&`mO|)f
zH>w*?mcWN*wY#KZ6l->07`&?K={?A_V-7SEO3P1ebepOLj92>1dxQR-4o=_+!Q%v5
zvq#-ar58MJHsIpQWGOIYIInY!(7R|V-Q|2{-ICEmKci!zDn>>BKLf`F)!_bjMhWHx
zhcny)=rb*8B{J+(N~4)cr8cHtk&vm+%S2h)ZyfwlZUql-#+GOCh8e5>=|%8`mR%_#
zbQu5)%a*@q;o=5}&pq@_gy+(?g$x*Pn{kPHw6pW2d^{g^-K)q35In^UUR%uv;<5is
zNGt?kI-wti*FV%-<z+Lq9@U9wzPQ{t_er|{E%Wz_sl34)skS@LeWH0?J*QoBPtQ8V
ziq>{XC748&i3tL$#qdn2KJ^*vnQIAxte1!c__e#GQ|-m9c0;y9)t=B-J9o9TxD;iu
zLtwmdQK1hXKxu1pv$G>VX(wI0ezUpr)AC)PiO<G|!-o!=E5ffUyC%U-_L%Y5rtd+9
z&s%IP#8sEd4v2B(dyj_|85XlxScq;JNSHg{^3;p|`}()PHay!wHE9?`DQ56jgbmH!
zO^{SZKmh$9MxPi>!{bnd(<g?Dd&ZEUxC0&MTFQ&%@b$(;da36e6Uqrwj8NKssMn8@
z8gh&FLr26RA<LRW9kf_39leuwEv_+v(14&CB~eJ%wGCYUu#63kV>HCL(;V{7z)*tE
z;IklNb|#M3{G;MU2UTKO_<iqhSAF!$Tz;KYb)<+-DethhKz?1HfbhmHXziR_zLRuo
zQ|agOGR%1i&x51nRhYVR4BUdh`Pj>t22q<7o#5>}(l)`ore*0l5`ruEo$d1EH}gZ;
z(u_U*=4VVy3Oj5qkc=8xgJKyIvL+e-%!~Pg+Ew8S^6r76yLh&?d3ae|PM~l!?rfYK
zPFWJ9C$VDh=g+ArlPM2{!g!_~=#}6p$A%+L4@~2A=&3HSohaJ)c6RkIrwJb}<qw)X
z&8o`eU``-JA9;@&+UyfgqBND<AfsIhrExPV6rsfEo!;}Q-;ZYXHRjAAq+EJv6~Th-
z`<6IJT_rLq)RN(d(~T3krbp62Wtp^PEm&KE1COxioL7a)AK)U%2l;jcn43Byjh1qn
zJ<WACOZ;uvmG2}8K^9aVkl@bpJidD7`}+u|RHBxN+1LItAr?Ze<g9`B=5MiZ1uxSa
zwh8iQf^!@sPxfE9#Whc_>=Snjlr!JW&2Q)b>wT&5p{`@ETMn-f?6~@S)s?f5dEKoc
zdsr_xmru%Ct}2)PGS~8*SmWb+>BlMs<5nBh$eb&;_=-OJZHE}gvNh^;l}kjFckA}F
zyG4Ef@%5p<Ap8s6)RH4>PofU)Eb@`=%=xpKlSUf&nWf?@gGD`ed_Ok|Hl8Mxuhr9)
z&KeGoFf}~lnX-xYo!*=IBL-v4uRWDVEU2+ul*GVtOTvBWDZbDP&yta3tWgLt>!Yg`
z$4veT=7ah|NIBDBcsb}X-pYm+x%)h6qR#Oa&4*~ybN@Fqo$re;k7knwANiPe^_bYS
zDP1J-LX3z_zRlJxxTWJcyUB@Pt+@LD-%GOS9EJ#S+<A}paV|8#Tb;6K=AwfCu|^lq
z-@VfvT^6@YK#y7~)mZ)c@_=!D*!1;b?Y=?z!${Rp4I<h%H@<(gSS{kZYfMM*olW^#
zoE~J_`^<gvA}oZEnjONv+S}(haCQ<Sr)c`%kNFbPROn>4V!3RVK+~+2yQ)J!M{0u`
zCF_y}pVt0<R@hBWjLzrepg~D-r9&Lg^P@9TG|oTFyeFUEc3|*G<*E#aisoxUd2n`!
z(945g;%HC<SxHOkr^QuGqhmidqsp!IpBM`r8ffH@a=>wsI@FZJXs$Dc;moQm1!7ud
za~BB4{JU3eg&E}5B0lr0t$LQWI5BV=H?avf^;UQL(gZ~Ru~NwA``04;p$0`(?$v2d
z$XR*cmv&!fYv==Rw;DSvRy9RRoBa78l&KCs7|tOeiMhZJXiRAiz3|DHDqs;jnwI8G
zjvr*p|9R7TuC)CjPx@JF+2(Prx0m3?#ijt|E##k1E}_euGhuvkx_(6~W%-LcJ_ViW
zwWL=Q?Xy8C>!ixP7d1@ax%eZaS+6+0sBjsBt{O$Y7z}}q2SHP*L$R@3CK+9}_xg!`
zUeic1AVx=&)*tS*<Vig+C$I#zD%OQMYJ;dn$^}8k)$4GPj<4#U)nS`MG>pe@K5Z*V
z`Y;l7?K!&Lmw^)cr`zGEkpn9C?IfkWP&kSzMU3-P(q9e~iO$OAgQJwSkq~|hL5O}C
z#`0F+@Kk4cHq>7&sYq{t;l9+(s$=_=*bz4&hKr;13ZfSJ<#*%N2P&ux3z;)B$aO{F
z+>E<fcuN~Ky|~XV`n4c6HSs%`b}TVsVFB0D@>gp=#${!{og!J{!kvwL`S-85NTR<7
z)E)gFZwuXi{!asjv5`Lw6(dSL_st+RdScI~|8~chVV3{g7h76ZV#z=Hx_ubFxaU{@
zU=qTwHY9TDcpA(5k?F9XRM{$|XpK7Nyogt<K`sUZMfQ#^jcL*|U5}{^vLKiN50+R}
zJEE$_!9s8mS}~)31hgyUzD!6VcNm~t%-lGgx>L6?&qKNIpg{vJxbF$6(P0^E-%7A}
zYdUAT{nTjTiF%8E6<4w@&gc!9KVOhpOEatC-}d8?s04ZEAR6Wqmqudx^va>JU&5D2
zzUSB8=Z2)*W=?L`J;!n-N-P)BFERz*`S+7o%n3UT2OixHF8ycAZ+^}=b?NVZX&DU?
z>wq}+s3b|1J!it3{9d{IX>`Ljaf~tT8uBD~^!KzbmUX0t1w~Rt-daeZjL!8tmG)}3
z{uxZm>lM^Z^S&e04lNmSpSR?0DIxwg3snR@krgf;QY}l=i|~-ei?R8-eM5V7)6c^C
zL-&P?#8f!^NQ=sf>(S_5*G{)THNWQK7~MCsD~eA&4*MF7b}d?YX@9o<prumB!`0`G
zSpL&OWh#m(gx{7e8DTqiOw&u*!f!v!A7WK_F;Y}LrMUUInvwB(e%{vTfr*+eXU9$3
zP07$IjVAj~Wvbj^9uRZH_5P>OM~EW#XQA=bk6Zt?PbCB-W%-8f_lil4y@;FI*AaaU
znXHd~KRaRCAFHi3d${{E<U6Ba&Y`LAV=tSbSF^9*HKIT-YQ0&zV!On1XCOO<yi|6q
zp~Hx1SuYe1DfK%%=oKf`_>{G_Qp$C@>x-gnujYs9v4kTN+;B-G(xMD^7zld7DbIBU
zTYs};HTEATJ(DU58YK|RCeQJQh@yU}WL?hh;Pd<Ed$nUk{LcTVA9+*zhFU;$#f?fT
zGlQMk=@<2{)zSmW6YRb>SW>hr)(Nmb@`k=0tLfu)kZW#57^*{kza7ohA~k?XjV{Dk
z<V1{y_`lq$0dC{$6H2C7+M0#U9{ZaDBi&l8jK3Y9U0QMe-N)T$+6p)JcvMC^lk-=f
z2rLez`|uWNi4uhU^Tn8BBZb@Tb2V1q(%WxJ7Fd*U#QM%#N7f5J9<X<^qCFG*{rad~
z|LBGrg;L%}mF7<)*FHHs6Da)gEvyX3?M*9I#Y>o7?kzgg0_SgM%JO&2Y`#b)81M)Q
z%M2@wP(kEmZedl}g+G;RR`H}I<Kq$^OEUeGg>fC!k1<wH?Hy%Y@8NX+KFxKY>Ix%a
z5CPgt0;=m7Pe%=RR|Zpv+3!ZD-n63}jyKTNWsd-dxou;D7M-)Z8E&8B6?8N>;3(By
zDt8&k-J@#rHxo;R({xlHv&<h#gt7A4UZKVxF-V#A;_D)&D=-~!KexB8Fplp9V**F<
z*|A;kpVL0F2ZaA?9La~lqmO^SI3c%YWlE1o?c5%ABPa?KqpQll+0Cue#1>p=Ar}xN
zV#SxLi}_*+YiBiwXrJIBg_Gv5kAM3XN`O5(I@(f`YK;y#rB&{Y1}?;0-Q`rCiT+le
z*CJ^YIghEJ)929kkEszKd*(~e66^}m{~u{@9TnyGwT;g(bax5}(jYC;D4~>~bf^s7
zAt~Ky&`5)Hw{(Zn-60?)jUZjWGy3_)^LyXtuXioil36qNx%b&;$F;A0?sMxr*rDba
zc)yqU?Fti%)5RiRYvrab?DM0RITs}!i0-Jg`CdBzxhus}y(8HMc@2hU(w{G72XPz-
zdi+(}6(6JC5x*m?cuDc{I?OqVn5B*C156PvQ%?#UcXWZ|39vYCsR|YiNGgwE5Wh1&
zq~lm#DMh9?9vN1aG!5gn;as<VLF7c~@>MLj-frl@bp-khKDyH^pTD`r>qYUi8lr2q
zb}`~WLy{c#>WTzCo?;2<Ok*G8U-^CYeRvv-Xz-zA6M7}=THPJ}?Qk){pC$r|mVG^n
zF(qgO@^+=TtSs~LcxMG;g7bFYCo4ca3cOkd0se<_IZ|1WE;3w@aJi=C`o0R2QgU94
zOtd{C$O?XswMa^U>PR^MLElxcNxLvxZP2js{Tu4*fBLZd0$8uaXS!ub?z2MjUub*(
z3h_fiOCEjHrR9!b!}|RE9?y3S#!rCH;nq(72YBDTk(Q{uyu2iM`WPHu*4#T>0Icb5
zuLb=hNZgBIS&7@LBgQx2_2W?#X&pg0(SI#$fg6H=L;p@gH#j}?_iJQTOn~)`6gcFF
z2SEj2|5r*pU^e@cr^tQ!KtlfSTH;U6z(9pR#BTi+2CX$fpvnKr(1O<fWm`et74k-d
znFB`RTxJJ?E!JX6Ed8hMF|QB;NN8;-O5;lM;Zk{zmqsl?wStpFWn9YEMoCHNTdR-6
zW8MD(A$dOMn8-&X6seM4Dc?sNGn&R+laQGDH}qZQrzU0=!p%>|Bn=3_n4gi{=IJa;
zvZt!4d1#LtTZ*5)R>7cK@OTuQ>-g$0qquR_br~Ti4vh~VNUHF^DLh#K?LFqIu{;9c
zJDsL}eKsIpWmHo5rD>}1^EZ~i*f9pO+<LzD)NN3;`z7hOSBtj<f8eTGC~^nn3WI7$
z1n<+uU_n8%zrQITYXHJ9iBaM6sp4k4;%^-fLa!dBim{ebsxc&qR!_-MO46*%JFfSw
zgClC<hn<#5i<I3Fr5arzrWPx{BHPFGD{1JeCZ=mq4gJh2<ABmA{vp5Zkz>22C6XV;
zqzlP6L``Q|_SLi<#GO?alfGA9Bm>^gH@khQTw_o+q7~MYSHSf4`<kL=BX_ZCS|`?{
zd6az-A@srOV%}p6+9!2uJnJDr$dpBf&uCaL+akpa369Z*dLHu8vyZMZuZabtrfD#2
z3R(!`m_vdhN*<GiUUUT2g{=Cnis3|&H#j=9qfe9}0>^pE47zOK&n3g~2b!8>8P+S`
z$TFNZQrUg!-bb8sr)g7@%mfd98jV^PhaWT6ikTb5il&a42=GCqx|x2FxESp+Pde!%
z5pTN4{?YSltyIXDs1WlHMNv<gBvIk#Y(ycQv&u!=?a1Ah5Y4xLKq?Ut!fF$Ajf6+i
z(%s+25i249;ScC^qkEX0I~zB|#raf0@Tr$)Q&b)2o3CBmZU3nDIR{kBON8erX{^**
z#K7wV0;_{wn%_TAE;;nER;?Hbxlgvp@YOX%#iX(42ZeuKx(wC2AVYHFoYz~40uU}x
zSnFS|@duM*2**L*iyVeV4=NAPuUhSk8s7|BmGtc}|9f2{^dQx<DjE;~ejgYE1b$>|
zzFzSREo=hE3Q>pQl47@lf1p|*_fh@n^K3OIbS_#C^7Vtdy}@ihQyke(Yt5j8cnMww
zR2jW?+EP$F_vUwglg-eB#F;~ZO3f9Z*M>D$GnzRvQIC7hU5?EDfZYOoZv@f>NTNYb
z079l5(m5^6Uj7F)hYW<Y{To`h`hXbwk3+l^;xcT_d9ZW87d{2&fiQDg=?t10l1Kq{
z#oa+d)XWF~iUhO67?0cD43YuvT%l9GW~cIh!KetNzLeGZZ}Q@Q0OwW3q!KDIIp-XU
zuC&{Rr#BZZH$QAS>(^|VJq&knKE3>{Y8h!@IbP#syZcaruF?S;6Oy!}xE4-AsFMBa
z%eIT?^=Q(=fqCBJAe=N>OB#cb6BO?XQn{D=wJJ!fe<Apb;rkW2xf?~{U`Jdo!$)!+
zNfjpLR1Q}7VzXyQFdo=~WmxhPWZ=h`^3mGo70$b}FEXD9=>>U}>}*lqk;hyIheWEY
zGmd%jKX|a#AFWijT(NyfKdbU+?=G-wKf^6WPwaLd5^~-wTSd?HhQ*8Pl(ZI7H*iw)
z&}_?@Let|7;=@~$abqof#+O3pJcX--dAzWL!3|A0qXp6PhSbOjWy{+OiF*>H0na6+
zJTukps}Yi;!rw{4%D$((nX<ID?m|W?Q@oqn^K!oPICXk>_^w0X&CQK|N05--6^|x^
zG;Zr7_Iq!d)>k&3Sq#9sZ6LVH-Ts8{=btBYWoP$u9!4~j=hoGE9$R=CSiV+%C3E9a
z+Cqbs5kN#GAjp`5IzF5rPwAS)=}hcQ=A2lE=YRY)S3K~_-toC)_f!-7v1wQgD+)E7
zk5egGu)L%Mmx%JK9qp&*!OBhvr16Zh#4qdYvpv)$?jxfu0k{K?1Wz>gXe#yvY??hF
zfNNXRbLdpb;*_tKV@eNqiFsa~{p!w#YNb?-QxGUrkMxVymbLvH$&5Tob>E9DO|?uA
z_Y@{9KfgTL?FhJm`v@!ao^Paum$J}~RXiD&en>RKFw%?HpCe^$ec$B69U&Fop=2Q<
zy#Z>LrSy1(y6}(g_rvC0lDV=VKNdb{zaP{3!l%y9U$F<as}V|1Mx=X~7Q93-R+z%A
zlw@n19HBX|C-|e>JE7*){dywhA?8oY>5Y;EI<L-;BK>q*`bXdTq|?6}iszAP7qXxa
zG<?H%C&R!XDgv6OA~vwXiT@Zqlv0l%;((RWP%>_GfS)hv?u%-4eZ}UBVwtc}O8H9E
zId)%s9P0kAfE^;mGZeVoxJJnM9ir~iUxZGrn)#vY{CHt?F_%AUr!u;Cd(KsKjBaCa
zLU+C*t?;+UBQtcfmP4NB@Wo1~psB6zvX{sz8{uFSEGx!h+3Vhue~hNJLJwXy!3;4#
zZAL10TZWannWginw1)lO<C294kfBx3<AlWr_TIf~E=yX)uTAQTuT=JA^%wi|OspLJ
zJ70M7j<V#Uvy6TEwLT?imxm41kuDh4(;B%$kv{KH^sJNlFv?Jo>NMA-1;Ws9({I2=
z)ktiUW6@9cQ}RIISN%X>$Ng9|^Jc71OiK4E`Hb%>=>Ot)0yJGcs8&~&$n{n%+7Gwv
z3GaNxaS8J;#T=CWsJx}GjZ@!9e2kGIVT`g`6M~;*Q8Dfljv`_5OJyn=QZZ&U_$T~J
zng~K<c$HGopPS0NLO7|a^*qXVo|uhwM=DvMvN9+IYX;F<D)p`pN5e7eWfI>IJT$vr
zp2BRc?b^oi1YUmVpPSK!>MN}vl|fMn7@|i?*Y`CIA#6vxw%$||k2u==CMzHmPr_;L
z6UhAdFgg4xor2Oy$09^{TYjy^n6EO_W+d@}<*H??4!0&#J2HIdPJW{!@+x*Ki|Y1!
zVKbvHeS6JEpAJQZH?dpmy(@5k#C;DWc#%Bb@AoW%yRou>jcbVV2@8Ig{LlOTp6VvS
zuUV5U`8fZG`l7=}1OlUOS-GK#dJl;r_c04Fk1<3scaZV>e&LI4!>jOQ`casoVf)p!
zHa8z6#w3+O!`H-Y++0mgepuLcu6m#!?#mti<!&x+JEqpV7;GROH#l2`l|n?q6oMM1
zho&#rRc$qsLGk-P&LIM#0!pl7PDS|lz?A)bWP%?*57*GW4y;{eCL>Zwgi`Y9Fs~Lw
z*x%@E?|5)wf%>9%>u1#Oh@~bePWu4;(9W~4(C*N1u@iEplDhRoX+qn}!j|^V+tUs2
zRK8r(A6pZJJUm`kXJ(;&CPQC412<BFyV*hoa~y)0ILQ-9MTrQuEJ~UwiS!zmkfb%_
zsx*kB%$QYt-%uvKM;R%TWmC#@@=I*=I++=CQ30D{DlvLO=ev`+7}%c1akSZ7!JV<g
zE4d#(f80Zua92o6KSox9eR5lo#CQDbCOx%V6x-W(3^I@Ro)40#KqhTO%k^O|BNv-x
z$OT`j-YaLgj(ot7m&zA=2j#2zOif6>*Bi>2=O&s`{zsnZ48p2eipx+Yna4I_h^y<V
z7Mp)y&J?=lV}C_8WKYf?SCviH*rnNe3W<-yP$@Y8G}+x6!VN5ptW&ky^%UAi4r%ic
zPt$eP94~=QvI;)y>)e*tmkC2HM@M=_4=aL@skVXNQs%lW96H?ToVr=Lb^024t@ZGg
z!zU-+ZVGzScdDd4yp1wZ8FyXqH?Sx&^4D1QQa@cAjojAn+<2djv={Eb-Hb!qGLcvy
ze;t1Nb`a}!f5T`oagzlt`*S~5%k`4PjhXmlMMKXGv!pYtKhb8f3+__-OZ#g>!AGgV
zuRpTl?qxn4dNAhiwBL>@_B-w7!b<w*hUTulhFk^2HZsj_gK_Bl+qRV>8=Z-f$z6uX
zyl$MXbCtIK*W71M(hF_8mp2?9>beXWY@Y;gzp;E$)^Zs+!9AlC$SeCqnPJCy$K#Hl
zx0_L+lUdk(=`{u0qQ{MT>Qg_*gR-Ko2CX`CdkKF0a!=|zF>NwXU51`b&h(Ymt|_;8
z9#U@)#;2EDojWWx8J4TIC`J|&ZRRXC`bgRCULhZkU4AE*SPOsOxyjJNM+MEtpAftK
zepsiAH3Cz$#2V=@e^<mpb=Rn*)Y`r}c~!0pb?K6<*;hB!iAXUV{?67L9;iC?J|dO~
zBUpS<JWyqe)~kwpOd=qLF?RdK{7>cKr>E|X@`<Z5#;8lodb1`A$D{d+;?0x!Z%Dg4
zLt{dvycf9ioC_32p$MKVmcmEk`gmsYK39sQSPG@7uVS)n0yuKY!>U2`RTM4)ZRJfv
zu8xyZEB4&X$6UN_L}7M2S+~QtC*aKpEt?9-TTza!2xbt-S=z64dO9WHem+F1Thqe-
zb4%p)+2wZH6C4U3!>4%HHKyXGyC<C}D<UUb!M8Wx3SUU&)-zBeYNO{pP%VD1i!d(l
z({kJE-!pTxB{eo7+2ayo6(q&JZ&cSmi|af@U79Y(6>}EE_1wJmG1_`sIeB;QW5b?Y
zG5M<6r!0UnREWuao_)A%JLFP!xBp$Uce{m0_VQA>@7-w{9QktF>l|~^FY)E?ChyD9
zQ@tt+dIJb}vy#+p_O@QDZ|loDG27nP7Qb{152ZhH>0P25+{Rm`k+y8d{Yw#W$RMlq
zS{v1xQ+Nl9;p4ieQnepY6)NbG4GHG0Um*29HrF_Zw)-i4sC<+IE6e>o9Nu)HSH5Ig
z`WAxro7P*+klL(fb=Z&q{hc1awSIH(_k2z{Gz3cKhU9AJ<*Kf5JokbMJ{Fo_+(Zz!
zD5y*P@1TOtU=6^wbOgWqQ9-@Nx=IC;3@m}s+OWvKe+XBm-WUCHeNE(q^DRA1w6-IW
zz5Z<dI2TPkW^?N)6)w$gIiXk}c3$hp93qW+z_J)J=S!7#W#Hn8EgB6tDOf0|AR(*)
zyEV0a_i(Od-ilG@uyJ`EyH$C7uj`u3scclN3vx$9j@s@1iDiw=&uv<6Q`cUE{3t0i
zVq#*Z6oUC(MrQ}hgX8#s8H!L>P8HQwIoX{H7M0bm=yY9wC!$>Ns7pup$jiyHDq9`{
z=x5$#`Fk@|_D(<7deaBu1k$wM*WNQsIg^UgUgvK{8y^^QiUR^wo~{inQ%V+Y6X`or
zt@uR=)NOecsn5_e0CV3oza3dzl(3rS-cYzx3oGmV3?7q_d&baf&_tOr@5<ZT8A`Oh
zwUx}39}JyVt$ih|Em2+IrqG2mbse4gJ#av}X`-Y+g1$w#{kpqCN4D&*UTjGljCP?t
zq<5Lw<<NN0;K;I}&fuY+;(`K7{#2>)@$tKF)_P;(pUCcQZM9G3<m7B^ZT(vL7Ebv<
zJ_m8G1U97!?j6Cq&Kjy$NM+J5<%lCx<1o8n7M7Ngg7&Mj`BCHeJM(p_yy<spEwYlm
zZ_dxcW({VGTE;2P8Ivxo6#I}X^kK&BO&``tKhTI#R_@hp&?xH8iG#N|DPo;ja6Zs)
zM`rj)^-!tVtt9(5H^jYn47Dc!btKtEAANgN8NFu3Gq^!Ns`I{_fzQ8Y^sX~`rTUNN
z9-9gvac68+(Z$`@Wnv|yTOD(3r3~iBr$-^8?03{zM{?ojgW+*66cd;Hq=&i=%SV)9
z;y?bSK1ZbWGOnF+B&rn|J1>S+_X9?8r4>Ot4Pm)3hPw`Q!EVTU{JvyZ5y1zDM}5tL
zW9z!gsKz4&Nw)pExX}*CPJZoPJIhAH>15$dSAmm8$M?Zx|2O{@52;wab`3bOzu%zM
zP+EFdVgBYg<oy|s`6xr^Bq1F>8$&hJfs#k@2bxyBWB%%=(mlv~?ME*&{TzSI^X?{~
zX-RA)>Jbz(rf*Raq%xwU^Lr#Z#Sy1tSzuO}L!50hV{G?Wx@MhSAk}g9Q@!)ij5#~7
zGAsCXAer+6enGkAy>?+@jr!|(ph6is*pEDfaVXxS*2_j#-1fuo<=LM~HGps;3;lNA
zZ=O3Bm!=P<88vvJW9eSXfNEA&!tj9D(Zn4U-iaZN6zZ)35y+(GmI^eTek5eD&yQIT
zE0cDM1}0*eg`Dadz>fw$tu_U;)W_EnmplI9IN~ox>laCsr+YNy-x_m*SRhhZaDhwH
z-~0K~D|r>keki$%x7^4<CJ{RP0;}w**CGhhWqSChAI5zKQ%H3N7dm?DdidyGTKWJ4
z;}EA+tF%)=5g@upQ?(`oltb2OfM}d`b6~y35Qg8+Hk~{BwRV4-v+?@JJNLvS1!po`
zq16dx>{cF&1z>0;`8~a#T~1i#&;|#@C`VTc@5+cne?$cMCh(ckzmSZ4|5nm$rrP>I
zGiC|$KJ@%(<KAuUo0SOqN_$lJswTtTx}$i++tq}e@Z%<*XHbUR@gWc?=LiGFk45Ce
zDA604*1Ir=8$tgJ*+HUv`2H@Rk{pE7eRX}#al3f%luq8<AM-^ulHF{C6xTCOW>%5E
zK@tT8E*XLWc*S;zB0b19vR2#>O%Ci<1|;m(fKJqZf069ZUhVkM5m!(T9U}nHcz_Eb
z08zWmwbU{Bc>c}Lc`{|u>Y5=r#?E)6^MM22Ay0_@6H4#4KsY{!7%(uU#+-3liQQvu
zM3^W0UkMyrg`T5fgQoF9hhAo=#QFEY@{k8&YpD<2FHx0wJ;x*0+XggKKV`Y-_Y>NS
zyN?1E;ZKNu7YVXsG7NdCZs2zV12MSnc-MC#T%h}d)3*CJ@VI^@6EHgArQZ>;QW9#~
zQKaNP7@;3L_S<XIdKJb8o^CC+oLvjAWIquGI|WQC?0*KcDU5<xO;;Yd|BAd_<${$+
z!qpCq>9^dqFh~{yAT4Anf>Y8EqoBJis~<mwyTwgWw^w~v=kXn7fZd6@(g?-a=EOFy
zZtMgRU0dk4R4k*pFEl=4I>e6bX118BEWP>Z^~k4_rS0a9h1v~y%)Rb1=~@xxdWXtO
z&PIbi{naUb5jsRV02li^G3Nj4VkK$p*7E3Bsr|p%Skl1%-%G&6AVBWJPKpXA^u@$!
zMZ>*gmxCS}KDX!HRlk_6s(F1yk^7Z_iTBOVmfzQ8DF9MDe-7E(+@uh&ng*v4t)?7A
z2^w^UfFpP42v{FHcmPN>Zj*j;57b7QmORBjg}hSE3!LWsRAPVI8>11Khb84U9-H9*
zrkgKRq=HV2<xz(q(VKhEdY=WTYDVD#DK?TFJ}TbZlYiS05HNjn<JBo7HzJ#S*95|p
z_0}<YhZ<ls(6(=MLQ~Yp8zO7wJC(hZ%Z<xIUmEs)b0}pl@_VIJ*KtFNJ%ufbpFkHv
zBkob#`3k4?M>r3i{xn{HpyAgagjs9bXTMgQSo@I-@)`XE9z3AK!%XAW_bWmI2P-M>
z2v&qPqyYEKDSBB)7zob?PoY99xy7o6msH{{FPw(jF+yAGFV=4z7BW|IImu7`*Cxfv
z`6*qbcF(qNaEg7^ojxd~$jY_i(u)3`K9^8j&)wvDd74|UdAqIbeMvZr48FZ!;fLI_
z!9X-^q>q@*Iu(xFQtv)VT%W!w7(<UEd`>|5^aG`_5+tS2vTeSgfQ?Uvo4O2iP{I}6
zNtI-MTiphA8#fP=ET4F9-*73XNUYE1u6*ca!7-+v_FfM|D~qdBwlT91+A2z7z{Ewy
zMZ@jg051wh%QFkU`K9dbdGcG2%g~Tr>MZChcOI;yxcGthyJ|OA7*bj6%oV0B+Z#21
zMvYvkmI;)@kDOKi^<#mt6s$dn)moe1nIjqJSOBsAfQW?8i?293dn5QZnQc*4x4ho>
zN!u1k83m0a6@6hf9=kSoIvZ|kG0}dH(sEVdR_WURT(fHX(U3G)I~LVXpbS9`c}-Y2
z4<#QNtg2&z;*$STp)SipMuscOp7EEf_)(V$JE6iQ(diiPRzr${Ca8TTQhQm<KKMN{
zd3Lx3o4lEdfReXS^(8jdh1AZXy)PY=69q|F(K2COMTO_@mFejaMRdA=2s3U75f}*r
zL@Dr*0Rmh#06z+X-6~XT(6>)1teeagfG;Vl$PL+8YShe0Ietmvxc5#|y!unP!@U4}
zLcDVnIED=IJsvO?(r4J9uQ2>);>D#qs*(^NVtgbJ&!9*L^XobrSYTvAA`k(=cu4=-
zZU2ui&kts`KZ23KMU!x<kNA>@zNqo|KxBr>GMuOAbmxy?2+8rIw5Nma1w?qHLz%#D
z(R(<oItV0X#fSe)FTjYjdKp|oYvzN27>XBb&JOV_#NTX4ln7n^`A7oALChcVF(S<8
z?|r~WS(!gKIUjzx8}jE%BOJsvJ!s-6iHOht@1jKEd0_G*?ksEa`R@e42Ni;UqzCuN
zNB>83AetI7KSGKBl71;{X-qHeI+kLah0V|IP%xK(;EdQzWrjQbd1RLlVFDG`TaUHt
zXT<7m%kvI{?Yw^0wP8NHBy1Jaugk&BVsT)YB-+?4k)NSCQG_^U4*~m^B<^`}u-q|3
zX)s-;zw-6NT(xx)pNMhMs|M0oQ4ol9bahj*=!eI~_zXJHXXuce`&N6RUH0ZTSIOIF
zoi@_EZ=x6#l3k?&IGCBON`V+BVK_M4`Bvo5^STWlg<|7y$HtiXSOb2SInD~4E(V$`
zU%q@X*eWPI@=`bP_Pzy3_=U-<S1Hjkk2`C11azH0F|~&!X=n({_e0uah)}CF!9ea^
zL8$R+0@y5SMm*`#;BR?({#Mhw0#@UBFJ8TR1&#}ytxHU#l#48x0)gV34Y0^<Y?gF<
zCjF0Su<k>RmD0o)<Q{PM0S<L70D~x*!ZhW9&Aeb?rP`z!Cq3)I)+jAIRw_WeHfS_C
zNPf9*oc4*Z@<YvUGGkYQ{#OMaFbDjC|A?5l6U5W{NZ$DrqF_Foy)&3&nDp$MuC6Y7
zsKwoD?6UD^h5G6=;H^b+kA{jDl~EsEwai%46yJIHzpG2)^KVr0^<nv#!)zp|^Ehvb
z7wU9Dyr6QWK^sX~L>G@Hg^>NK*y;R=srKpa9P@ec=;8fucz-n&h;PvDBPl})lQ+VA
z*h)p}@x0}%bv^e~caxZegK~+l?5a3$j*iUC=S!ONeC?aDoM%*GZdKYk7}$1pC>)~h
zHe!zl0U}I#z>lG)#Qj%BOuEhhXkZuzYD_n=na`qU(*Wzw%y41d%c44BlDm{}DvAoM
zIdky_^4Gs_F87}bb6@gx^(D}#H;5IFG^!N2&m0X&NVKA%V*5H@PJ7_k#bd??@RW2D
z!94@H*8+V1Dwr-H{$F-1iG2`+LMuy`l=fZ1?m|j&XJ*u9?K6wS2*lk`%*A50JJM@^
z)AwPjh)c=u%yx`LhaoX*YwMgLHIu<)*6g;+P<>KOY%Jkj!z{eXt>eIzSjU9561i2H
zr3e!Ic5+SDVWPgbV-Qu0uw4=adi(1Xteue4<eyJ5o;msFxR~zhvzB@Ng7Sr%?cQ_8
zYjRKl4^#H<H-8V(o(;wpvF4<=c<HUkYuQ^KN0Zgql;Jec;a<dx*SJu3(PlD`FG-(V
z7j2GCTx+|HG1O1*aNpX!-k8+~<ppDpf1T&6+!P8a>ZNVk#azbtsABHN3De9P)jmxz
znlw9dJD6D_LP0<Gsmm%t?UwqB%km1%dH90oBO)@OO4yqVO((OKDf?2bN)4A`@1%c_
zu;BmWAvtxk1au@AFnQTmhm{Z4TN?2a?T3;ki^52NDbQ0b#ZgmhU3Ip-e&)L=iTOUx
zn4?C_8-Me_Fh?T5QnFt0T}MF5WF7skevsUlbU8Sblp33j@K<P}Y{uG5=Y_%UL1AKu
z=s{s#S&ml4B)x7xcA1lGq_UdUvj)nYU9LM(!~}6N^oL0;Sn#=qk13LF+n28r;~lsj
z>mNRvuF9!*p5dccyhqTNC_)ix5VgjPO|TV8jPEMd{ti`84pgPw;N;}p1r)=t?-L}v
zn<t!JiV~JSq9gwPI^q1=t4mz(!?8rWpJw~YH1qmv#B|?nEy}#Tkvy+q;f-bAdaX8l
z^{h``Ixl<_sHAu^<+l*^@hXw!;@Ln0Z=uN=nu%MpF5SiV{c2(DA!L~W*XohpmtKgN
zqU_5Q`>Y!K;Kzf@6t^@v!@eHCNfh<BjcWP8jRp>h4Wd_{%2t@D7m+`wCmMiQdY5i?
zE)iyPjZ{dLsYJ~jnzM1R#Esf#jdoZuhCLAbJt)Wbf*~-zqs(dITs*VS_Wl;$!W_K-
z4VFdNnL6C<1%ZlD+(mz~I|gR-H)S0MF(cbj@;k_3DLJmvm({6{+*WZgxG3RK>X=rg
zj?Q@BXW_(Lh2OJ60k;y+<l#D||BRrGs8_z67&})8>*RP>%)dn%iC?^5n|}3Eofhf+
zAO)|Jpg~Cmna09Ib*H)<=o6e5$_zSR0uN^~Ra4p9tF0_WIXB}5IQhz(45VO+Y)MuW
z@VXZ(V~WyuMrfsuc2k{hSGSlc;Wdc)wm~e1^!q;IPP3^BOFN$y+*_vy(Ij20D!uZ{
zP=%eAhKadp>F@mZ7nU?&tIg1$ZjFANjfD%H5IEqnn3<_ayZgQ4*u$`B?631Lgicku
zMe&_8h3w~~akxKbUcr5lzOYjrM_T249&nM83`4EevJ!N5>+x+XaaCc!G%sy+m8XkK
zIv%G@wT$YAwiI=E%hUA13WucWOzP9-o7KEGT}s7Di_2EcePrst?qAy!GSO4%Xc|=N
zmz4`0>3!dr>3N_1{OlgrPTR}Xs&%E7{rg$&0@V??2<Iq^QPic7?#AbSm?c@Q8ArR<
z^5*G~p*vdeUW^cbYgPp-42HdY!je>Jb^Vx+y2iN4w4G{Y?}K~o_h93aOXvIT^Fl)c
z-@m|XR=?#IwU0qE?T7;}B}gNwzI2a8WU?T0siCH&KBi;OfPPd&hH;=`f5$Kxx=%rb
zHLj}d2bB`&F?8-1m=H3Iof5Cm^vr3%*A~cv#_{^*1jH=r9P+kWFu`uDc9>h5jC%RP
zPbPJ4&n6NJp>f1JRltc4-=T`XNN?b(iNL|Y$Falacfskm-YYEF7T&H~$tlS{y}9=9
zl=R(=&7}TVh*6z0o7z2dub`<D{UmXEN<xs~tHnFy?%&x5VHIZu7xy#-)VquA*jpi)
zLiCmWC&PV7s88>-Q7P#0PqGsw>M!7K$PvnZ<KLQ}{vpZ=P59zZNyQktF5dQXMx}^S
zuYAb3K{R-^CrngiuA^_^wfWCG@e9-L%iGMwh2#Y`b~eA(00PLj>g|Bs!|z^?m(Y`p
z$~$$Qmk?>Vbb2EfGgpe~tN4T*x;o{nWWRwH2aOZq+gn8^Vv)B%H<DQ&xMQNVcW@?s
z_mN2_83uIHET<?0Rgm|b68<HoEPs+C_AUHqKgT9?h4=OoR%nWUTU@G~=X?xn578(j
zGpZt^T5KVarJ&HfeA1@Z_P#3xyoG0Zd9Cgfhqh~04Qc44o$+p$I*emsW!gN|vpWZK
z5np)(vM~?^%PsLP+-TGkF4EvtH@IHwXehoLQ`!%~!*^R~DiZb)O25<$Kn-3UHwoZ$
zpYkhHSJx}JH)DUpNn^r3f5_izmumJ=wtk|P0ERt(uh9Rx;Dp%{590A<m5iwHdU_oX
zt)8z~g2D0&mKDSGuKKOp%Ewd(JyHD>HDVd{oSVLZzM=-{#O#yN4;%Z%gQ97Vm?{-v
zMK#9k_)9jWc$M6yVu$TZ62FQT86&j~qR-!BH`VBpQWKuyGQUSD)@CKcu`>cjl$7S2
zNYu9SO23?eii5OyOY3DVufti%++w>~XbQ}xkFB>4B6Z+f5t8In9MT1O*J<iD>a-JM
zf>rsceYH)T-!$|MN?wp+Av6eSD@a}ItKe!-02taatIzC8IGpp|2-rYhNacn(vao+r
zB0j3@y49lW*^Vh0iSjUTnycjzO!^H@tDSL_*%#Qn{l;%gDP(jZV}di4<77HAylKoD
zM;TJHQms@~hS)bQf{&nhdxSkNw}tdgV7Ok>)@Io<C{<dkkue9CW6B!tUAFka=$aYP
zrSF$j)8&j+QN>!v_T4RiC0-LE*{MDVKESrlSol_GKNL%K^EtCAF{2$v`!MNLf7exD
zf7QZgAU=c9&?)Zsl*-Y!VZ}ctbOIsMy%=79`*cnv?sxe7I#IRyp$7-t>E1VX%BA=j
zyPe;~wx{hE84LY%!!p_AyRodNjjVx5DG5=8+_>6Vp1HF~kIp{DB=;34!rqtWg;$xJ
zQ19X1X4Y<KXjNRW6}LbjVI6YPkJU6{RH3L^DFusq-B~yRCm#~DDo0)0Add{Y9k#Oy
zp>v#i*#p6eW<lMUW3Ol2=Ii3v+aW|MGcmqU(&g7|FFL5ZijvBD#WeStZ1*>ZiDPr2
zU*(;~qXHj5<mGLwgfKpBvr@Ci(2YQzGO451M&#a6b(IsDn|sN1SghyqC^h#!^;s7Y
z4tEcmj76#JSX))m#a#77u(|w^7OcO@#Sy3w1XNK^)>)n?GXX)rweOe;Jd|+i(e*m-
zDk_f)Pg^<6M0vC8yD~bOc?>x(^iM+sSBa0_H!%xbnmtX6Wlo%a4Uk*R2WUyXb*9w|
zI#ez1NyoVtZ`Bfvzuv3McK=vf%}`GG(0PbfjE@Zf$gFRW((|)G;dS@-c^MX$Si!hW
zE211vgw~Jm6d8n|#v8>-&ax90pW-wfX?VXS4M&6b7foZ+vd0mo5BLVP_e<<Webd~^
ze7rO;Pl_wqQ_nG}Re1=D2?|1ri?x8PM)rF(tI>uSJELqgkmMNfw?@>@OFeZjcVaoJ
z*m^cCG0U9p{^YW1Ko7a9e2vDl7;k`3^wbWyyh#$BrzZpIjK?skTjEq2CvC({q@L<v
zOah;|@UQ*#qXc(9tf2;d6C_pi2x+WwwDOKHUg0aWO8yf%qr1*U1rmf_t!i$apbAqv
zhNzM-{*%XBL)-k#9iS%msvYG^v}Mc8`V+&HkNO~OG#|-`%=qtG=?X2hSD1;xKWJrD
zHqaJE8!tQ|+l<(-GvFuV#yTF4LD!|jd>yHqC(4T^fvL;pZ#DgB=gv4Xm04W)huGM9
z%Mg=@MULaGRI&b%&JzIC8FW##Y~yqA@7iTLpUy~bJ6F;9>*XCLy=!>5cOD;j?XNsP
zw1y{6h&<6C2{w{Wkc?TpAJ{V+0gCmTiba9;iyki7&>l2cTY!p^f)dWgIs%C<iYh(<
zD0y_`gL72u>kv>*E?Y*(8h7{*YF|)g=eop7Tz_?kDJKEk0B{B4pUF?Z&PVPU-fphd
zd*Al&q7ZZBM>y>g_V@2&&<6LPD^n=`OP{5T?*h9RhN#Mgg5@XqPr(;M?b0&m4ua#v
zQ&iflPeiE1Y!%=R(S)$Z$`d=)SMHOvH&-WN8dfr|p1q4zat-_cUp_VNlEn3!^n;#@
zy|baMRPJ>r(|^YBC^9}U4o3UFS2bFhol4{{anc6U-OPa>2Rk=Dn@hDhGiB!^j*vLh
z9<ZdHnY-}%)Hp1=xh?!*D|?l?kH3|nu&hZ^MuVbCbNFM8&Iz%M%y1o7YApZ~x9)2l
zldt?T0ICt><!|L-dk_6O|C#zWG68+NP{|2_q&Qr>rZxFm=1?<{69PpKhAe5m-`gzf
z{IDI~<2TvhO+<ijSpHTuqu6LDu24H4+76V-IM@{LV5Uz=ZNh25dQW8f@^iE;I$}Cz
zKKG)PVA$>&EoYFJ%2Jhz$DnSq9pKGIk!&-z(K_%osvKRA6w>gG#3{?G{DQX$%a!0K
zf*tlL!PZHeF5QwC;?`d^2O@m$kMc91Oj$d=&}O)ksgu;u<VtP|gEyj_N1&MkY;N%`
zsUJjRvppE5c?<Cw&72!?epdHIgmo78M~VB+QUnFh_yzkHDzm9g2x+KrE4Qav`S7r_
z)F73!Cyw{#KD#LO&i=wsurdky^!10oB_*3iFIrv}2jKw35N7;_*enN)9Ii&VnWO(?
zfx%(r!Z0yj2VsEi2>U~jA%Cm@OnG?Gr9QJ*L>-m9_7;sDmnd#p-bEq!#v(k=F&LE#
zYlC&2BB5COU{q?&GmC~Cmnevcl{+o*8M5X51Sv|mRfT+Uv-^=44)+$v9@$QjSkY!Z
zTKjJ}Gbh4tr(b`je+M|Bzm+tOU2}hn6V6WX&un)W-NCHigs`1+TKHR`{K~Za!b0=N
z&)vcoF4rrUMx@DQCzBa=L;9l?#8&r<a&#+-+zg%KHNvY{O6i94xUmJAEpT+59kmkZ
z25g~2JA3OBVoNopD*yP)|GeqjxS@rDNtY4o?E~|fC~0E2&$4ay`np0?RRhT$0qKjZ
zPzxXRvP48>$vIuQMigETip{K6<*;`rG0v=o)DvCL){K1yq+__6hEs|?O@xUXpC|wX
ze>Y(ON3qz<M^5AXDi)7^>$w{8^6DF<%zna3s7;Bpw5&|K4`F)C<>Y=bajzN$atz_~
z(<^riPuh5$xy6S+YgLSWewk-W9oS1v+#10v-%4s}4BYcmjZL<J6-m<Z25E~pEf*T+
zFMTr${hckn-f9?m6Z+5(8suo_1ZqMPx7VoTgc5j;Fje+H%o+_36&yjX{pbMhW7i^-
z5D~F6^WE)egEZv0=_txnWLA6=>sc(6bP1x*wXCN9Y^|+3y(CA5uMjKnVch3#yT;jT
ztZ_)1;PgAkYc#H2H4$s^S$Q-8!wC~%4a{5f>jh0}rcuVD6EfT$?sZ9Q?ktUY4mv#;
zc2iRZIHi8tLr{P7+t&c`3ihRkeo-I-;Y(Ja0d6o0S?%HPC2>CcHRfG+NlAN0Z{|Ct
zT8jyWWM6i~xBAcGW60rW{IyR7AN|Vv!SHLQI+tp2pclLCw4I{2Y}xno(}#T>Y5E6c
z<Fny<_U|yx)F~1;T7S5aqFZ~pN%ZpYb;M=z+LVUKXJ|cWVo?n;eOMw9M11OBq^Qry
z_TISIk)TL$Jp;EMqwO5V(9k_kPwZ!r+jbF#;077o5o}@Dv!T|frd%R)HI#z-%&`$K
z9bJA8)O+M>Ehb6Sr0X{wDeJrgG8Q1oAZXJWe=su@E1P+q>FdHDkIV>zf^D_vCdqVe
z`)!yfu>Qt*B1zd31glCM>)%9Ma7^;%E<c7zPth|A&$K#A|L85ezib{tf=(-+b7C{e
z?u3`Bi^Y?gUB1JeL`QT(c#CC{G>6GV{~0f22FM!H2Exe1Zyj)BgVC~P8QMe9?ZfN^
z>cQyf4nVjf5(XeyX@Gx65Z+bx4Vpex;J|%In<nHOskJE5d^kRG?HV4D`-ip!w5<^y
z_`NI!C^gt?5~*B(HiGv)HaBpAgJDkBhwi_%tvte<@%YPf{^#d!t!&fgElTqDougz?
z#ui;>J-Qthj`oH4=wEzCeQUbA3|I<RIa>-dz~yX_(fVvz=oD#d6C-$Hqwshf?lh!l
z=)W>@)?&aQ(~_{4n;i9qDLRX54mHC0D9^v6o@w<hrH8_7T`YRH(2_3Q(QYLd0ib5e
z(E|ZjI_0un$?)CX8DyW(okacrny-(@`*{nyp*K;oYrnQK=O!)&Tbw>b>u|@K_|R=W
z4I~mEddF6zbRqyM>Oix_Nun;6Y9kP$10r@FgN0><^0$&GbzG2sX|CkdqddHRLI<kX
z#`Dc<JD=3l$uY=1-7>@ZvLzVnu)Jomr%|bpCT4)>vj?Mq#d`(@Wnk9OH;(3&p&JmY
zkSl-Yv^!Y@0P=sF092RV#p|FHN@h@@sM--Pz;kT|UU^S+Rfw75LF<9nt8Yp@Ouv(V
z29I>*dMwl&2bdi3w|bRmjiM=ePXnijI~*2aHqPP^zu&?p6q#G;bnrn{3z?Nyo&x@O
zpzb<QDxPr$!gQdX#d!+Iss62P;U-fBkzVPp=W6i;v)vqB^}CKt(*H4GBr_j&{I{<J
zUzax@wA!@~zOMza?e%5%>o-X`Q|iU8Z^M;3OzCx%VDDv?BqGoDwyhIc{QPBvxu504
zK)$~oDF}TI&_b5(+V~}&Z``1Mtqc2tGIx(bJjz=q2lvYVvc%E5HI&`wO1+<Mn#UYU
z++GxMjhB7@r6vPXL+zVuo_vqN&+T+LWwp=aw{q&+#I+RsErrL%+(_A@KAKr-_&^03
zD$2(Z%qs<l+<9JXY^ux%a0S_uzaD`H)~)?YcPj7L^LS)e$pV2sgI-7v05j3uv<c*I
zJ><{7`3@yllSnWTc>*h%y=nhkEtV#_?m0wi`;L80S8Rxa<d1FsaRzh2{aD<(Ier(R
zQVBZauVB~K#04j?&uASF01)(Vvkrw8A;hB)Tlbr#=dQGCJ3b_9mOd|bp8uk4TT9$b
z^&5+We&72wZOrr^(;R&Sd--)->^4<r5d;f@eW_H3C>a>`CY28^AVgoX_X7+jQe+6Q
z(g5iwM5;lPnu2XVbMmyIzvWWCeBGfq-2;c4;g)Al*jZjUTEC9*8mzF<<O74r)ceih
z)jD9&5(2aT?PGuEv9yrGF;m%e4Ez{>+x;|Kp<X1}6y;OYdrCM#QU19!%UjJttQzBQ
zOAafPQ?z{vEbTuIh71f)fJuxVhwt-MqQv+J!{Zu`G?I&_;XYQpIh3iSCf{G)Gdced
z^OgSak@--rx3LleN<@hn*hC3viqHo{@O_4I@)ZS((%LBPEG{Gnw5sL&4V(AYnOOfg
z{&Lv;1^b$O^EWi)3cT_zPZx{&K7}1OojYKKT}Nyr{{vtDl|1-gs_v67eLG>|mXGV~
z>Uda$zl{ZU)1^iyvH)18@^Al@g%Ek4b>_B+CxyvuT)+M0eX}t!?48!zM44n4Cd_R4
zOPkj+T4#}L&wEVn8F2OgaVa;sUPAfD3>Eg|jKLlqMIgRNem>}#A(|tI*@0Yv0a{z~
zbz#;%RFgG7rBY2_HS<RXi*5w`{Sm;ho>DRz=3Z`GY=6^m3>h}QTCaK|w`1-38QAdG
zdGXz~r}F8ki!kW%8ROvC$+Vu}`~hMy4}YPCuzP=@s34S){q*2wwT&8t4)lq*i%V<x
zni(h@V-N3=-otis`Muz|Nm$<e(A(y5-(Kb*wxlddgb&ol!h%xV<E^@S?2*{9Y#?a$
zPE0&Fo7~}$gel690>fT=whT1@<*AZ3XU_alj!EGoSY!TjJO|RAPT5={m5N;wp!rUd
z5?zXaXQ^GA`CE+uuCT&{MDAD6XW+5xQmNaPNy!wTy+>CMMYQaB3_682lE-Few-^F5
zld;Qo0>Iw>XNmmgv-p`$!^JH_KnJM@yeRAm$46o#Dn66<{V0jh0M=Z5GoO3_ewnfw
zS-Br^=z8M^Iy#@~0UEJLn>)<JAe#byCS@e<SVeY1LIfD;PwKW6hXEsfNw^9^8g6SW
zU%9J(esr?%{4}(%l|?AYhE2INzslb_sq}MyKTYtBfsacplD-Sr4aUHzBeV>X76N)k
z9Okq_%8P#qV){a>M;CZ;>?W+KG$&|<gnw7jaWnuu<Q7W*0KD}n^<Eqb)B`@yi&s{g
zfb*3wFr8m9(+<?Z4yo4sm2DyN)=*x<Y`~WE^`}evf^tw!h=pQIb<dTL3-<mhO8cU9
z@%xysxksX_G&J_1NW`-;<$l6+?j(~E^s)L|sA%=xXaniaB=tv3O^MmNn{2FTUN`P7
za~9c|clx7@dGtwjLkuvaO2zA66?0jYMT66?Wq<Iu{@7-EmdLPYGh1a&#H8rs&6h$G
zVRi56#~7<_3FF?Fw&uag!GaR;l{#MVfM&GgCK<JaSEI)RoaNas;8~Oz^BQ9u?T6f8
zW0~BPsN`E1N9bM@Nq%LWT9th}C@_J2l;Hrc?0ts>L$(UPU^!#d5@h$6$Km$z^fQ&}
zWt4E2a+8O8<Rs84VKZSmPw^*@CSmr|wdquhuSSxcq*L12SRlQq=vN;KI^OEG?(2R~
zoh(gn5u)DO^4X3!q%?{m{`gn)nHC3&Uil{@?Qy-M5PJ>rS~S6{oXxP#W&@c#5`pK|
z)n~8obS8Mu2VUg`)oN#1(wPXYm&eJ|=L)}8gd1k(A*sX3EwmOhCQp6yzg&BQu1`RO
zJfj!Pib6($%fi^<)H#g6$;C@&)0JW=*(tjHKJ8vzQ96x!Fy}pH`R=}JKlHU#6dZ06
z?c23=WA2EANq~?6JnIbCLJIhOBgBXc)eV&93#Vj0UDRH7GS(ostt+@ex3{qrEn(H+
zH8IbSXERyXY(q96ozKjXT|NljBUs2gSrV31Q<*e7J{@$eenDDuVdBq@heE#8C~zNs
z`wlH=;ft`96TuN)f1(*BoVBfzDUiJaYBS?G4$#umIc6ygbh=o@E7a-3jHrQKnFXoz
z>=w=b+y*<Dip?Kj9!vG17%uLE$*9wnsWuFiHkop-*Q7xZ3M;z38Y=7(i}M9h=?#&)
zPdsQ&3E!C-%Srqy7eL&iUG}cbl{-4>F@`oTgIHl(p5~`i-J%y{n&yn<!j^HY502t)
zgU3zRkEeb@V98TCC`BxAl8O*h?*{dc#PmBN^B-j9CFrG9kzpQxk-FYnxcF)UzCjcz
z>`n#RbjrY3N<ER(<bXqVY9YQPrKVBzuQ{7-cF?y5HM*LS%*|$#73h(#$wVRr;96-U
z5yM*}exx$4yftR2V3IVbYNvuzj5dOX0Q-U}FScL>G-!?=P2o}>_XM{@lz2($XtoNx
zK+V8My*u5o%y5$kRGihNv+N6v!Aapmbz3rj10Vou%xH809*PF2Z~NnU&h9v`>sjC5
zV09*rzlA!V4$BKrNN{*F$4QVs<!-eo8wg7QO=&GBBUq8H@3ZP!(EDRVfN)R}&kaMO
z4>KYl(3Xu2zp5HlRiyVsD)W_{a`g)-j$FYHTP?bZZ!g^BpWwm@S&AfugP}PC+BsRd
zvy@j>m`W;`BWR8&nlz&=V!A8QpAm~M^NSK5*?hm})viY@A2uj**gj5;UzjGByp=>R
zhf|f%=K(kXs5YzGMZJQ&gA8y$EJ9s$P{}kWj@HNd3dkD!dOmL?!`$OOG6oU7uF1st
zsKfE58I?Q{wD4wm=BDil`y_>nX5F}B>*dS#?P|n{*f(fnC-N_h@p~5EKhPcQO={}R
z!#m-24jja3F^96V4MVogeYW(s?@}l2dWAS5qXg3_pJFXs)uDKN<D%;%s$OREtKez9
zcvr!^p8f!1!vrfd3;|$zleCaJK@@;F%dXz+Tlyw?E$Z@+V%0Dm$B+@Dpey0c{J6Mh
zxg2GI=6DjcSVb@Qk(lATI44Q~oy6(o0S^1ey?sYs0#MxyLo|_%4Sk#rv<8=S3}8hq
zAxRR^pMrr6v)cADJ$k;z*1~O6ho}mhE`B;UuZ7@85m7E-^VQUqejcMZBgV!l%icU~
zIu71Qj4%Zh;5pZRp;uMg{zI=U!@Y`QG~<`rAabvZ&Y77s7r7D152JY%&5Z<=X8it5
zMNAK7!u!q8{qpzn1~}YCvdnDn5Qh|4YwsFG(D?OW<L~pr)SE|oE}9F&E30<{@WG}R
zzW3F(YGln`hkGvWH8eHeH(5~9w#cp9F}U`N*;iQ3hLYcp@rpE06inXg)EZMvqA+s^
z9dl`ct`~lhLVSjNy7GiGDCu5}*%z306N4r>>!+a4Yr&Vc^CJ%5*{Qv+hrhp>D!qQk
z9Imw?AQMRD&7N=6+Xm^_FBTuAeNsu~{-!>7ghaO<oN+_(#7s_0Q*G9<ZENs$gLz1I
znITgJwv$up-Rjt71AFN-_rz5Ny}y8|;CDVVB0(h@Z-UISHP}NpOd{>@B~!4hL?evt
z1Dp<YW6+$DnCXD!+slzl8tzZlxQ}F&E186aF;$%e|KQG-me=<gDA$VR;1}dL+F_oy
z9s6)8hjyhUiQ$lRiF@Mp^Nx@G4z$^_&1N%7UHj{Vwa<p=982GYn4HYcuPZ)UG)y{)
z9iGt_Oqk=jmIm30!Kk%<A;+x4ZZpD*7@;t}oz$isWCKi<{&YCNC)qE(^z%%YG8xg7
zz{X2!XPI=T)qbW<tYkV-by-&I15oUCl|Ammn`^4@vXEG#E(k?>`XTO_`YSRWfwqRi
zD{Q*}y5ZSxR8~H;uKM8~O{=E1-R>NbuYq?>zj96Z?DmRs2{RBiK86gj*j?Px1^}@6
z*pnkYvzLTn=Rd_EN5UyBv<-jWVb#>RI0ossuaI%EQ9+<fBLEh%F&)ZTfX|wK_?AIh
z#ekfi2S^M7$n6n~qrS*3+VSXzgZedr7NUpAsq6im5RZEIfk<#Urkup=2%7FYQfzSq
zsOb7-P6;;y9rXltAQlBzN@Y|6{y#ThafiL9s;JDDS`zp;?1TT@4=R!>5wCI{rXSLY
zj>C;8NgvNt*}|WX#Q56ZB#Iw}H$?1~pfnUaqW5V?%=*-o6`8?8>%JW3l|3<vNapVU
zVLoEj{$ua+xQf`Sw3n8prOlJBxL~l6h?T4NJEZUE>fwVs9mTI1C8GRlP93$*4T*8=
zIR0yD&rf!#3f>y@b>s*t`#Luhso1l1LOOowYyz`VIPuv~&SpEcO<7i_guRr-;iC(p
zBfQ7oii~h>MC>nLd!YvSupeqg&`C5gk9`;22P0KQymbAyXDCq6e2>|<S1&X>VoLE!
z8CJ9(J;h5GujSbVVQVb@747bKY!;gQfJ1@@JCYm(L?6^z`g8<_yC0qb^iG%y7^ivG
zm)UvcYgtzAz}Jf;#`Btx_q;29x-TuHd`0ZI<v6o=R)t+A{<WRAP^ZYeOGahFNo1Cv
zu{Ow<^?wsJ1S)U~yXwYrCoP>>oLS&<hX`o#xu47wbbhQCiI!nOb9hmdV`i?EDJnKn
znWk~!wQT<-h>evf?*(3ozV?4D6xatxqHX0$Oah2cK@tNWu~+P(Sv$zoCU>m3jN=yJ
zE5J<TQERkQKoI|7ukU|s?9TS<>l|fxrjc@jSQDr;h>`v-`9C8~AFvK*HRgeoWf=a2
zNO1afZ;LmTu9D6seR=Icd7?pVPDj=N-2i?wJwaens22iQ1B8u{4lMy2-}1Y|ir3ya
zo<F4;y6gmC;Rk>Y3`)k7@Y<(Y-89^b0mN2ZT<0@XPem@cYbqNSuUa^B7#9w|?u|b8
zb4F1HUH)e=UBG;+Z%{#e`MNmXXsH3Vi$zER-1M)dVXux0UZd%I^ae0bgt<GgPS6G)
z%t`I3{<^XkEE`z<34mi&+RW@$rH&#Up=<dLO*y^ln{=kv8cjXd9_E79F;>k#0Y~yb
z2lav_I~gqCBeaMpp+NPBa9RlE64-%9g&^sz|8L&{8cQx@;vth<5f#E(f)UjkFva(P
z(n4%RWW^}I_{tFKB!w`~VaUe#YUt1ccyMgW^PKhPRw?KCNwxx4!;dcS<O-w;dzCJH
z9PUs8N;u$1Fz6WRG#29-%58u{(rua!ooJ9RCD&h$GR|r4?(U0Rw~p(W%1O%h{!t8|
z1_>q4zNV(865M-&O(kG8nk6?D6wj^St}S)<4Px6~GuZmrFZR!dKnhdv1h-BPte~)v
zk)SVQm4}l-_t~=#Mn_DYK>=V65&Xjymu7%lYqGmdIw;}$##xbU?X!2*tEx53Y8--A
z>Q1p)DtZ`ql!70{^k?mv0%8L2n_q|)=O(2*w52K9%zKepUtiB4!^icyk-V~?pnzc^
zD?i^HJjkQ9h1g?8^PtscTxr9u<?cVXB(wt+>xsHMD6=j=28U}uL)&J33m4Qs(~qAM
zn?tjG3Tl*v<jdLiR{)A<+YuQxZ+hddC-7`x3}FXE82$0xfAj!>VS_iO>nCdQRZbiB
zEw1;chbW)umOcx?!2sxsF3`cz+Y}(VvpLs?#R!#dslkxFFZ*9nO@gCBng-BPRFK-(
zo_o1GO*>i$p5wacd?g{cYs?&rA4U0Jv*nqFybGO3ea#MTvfHxzryBfGrr!ac+Bta8
z3eoLa|Cc(GTb<i;nlFByoY#~jIGw9F#X}PvCf>c<(+ZX;gDXu@k|DIIj<YGo6p)4X
z@AVI`eLoMH({U?buF7(uaWef@pV7<dK#9qe)w0iTwPlIrBIYm^gqAa@Lo=%CqF0Y>
z^7eebSgS0vc#f6jMHva-6AAr^qmy^3_9jG<qrksGWDkgl!f$_wN)CThmU;`F>=%wY
zpK7`JV(hYjD%hew#6%~+APSNY;dEt_(=}hir~X-FZ+F1vYjKVgi*UJ~EK_N;F52jQ
zIkj^TD8Y3-iPiO>B&EyuL--298_<`jy2je`KZ0k@Y5K6k!%81DIFl&XfLDW62l0d6
zX60s>qD{lDK+pO=%fSlMai%RUwf57)IY&2k?Ib=lWaZe7i88JixwsL$o>=sDsS}c<
z()%3P@^+y|8eI-d0)&1dNqNblW*)h}Ug_2Ulw}bx9To>yjzHMfMb3mTtXKDPdQq)P
z_t2O_|JzQrJPo5d>*+uX@Qv_nz5d*iZHI)U>!3Q9I8f#k>0Y~^$4oc|uoG6`3V$c{
z9~Te%ATH?&dOGlz6R9X>lWPjc1gebg0rsxI-DP|KZG;BLALIzPg8;^F_ucG0CFli@
zilTVWl{K&Zyiv*}CPV`Zk#*<aEB$Xz@99b1Ep{4eIc>kT4e|&$q}Fqlr{#%_eai9)
z=YP3`hxRk}e!)qP@*%qMnSQOoTf<!9C|qEta$qkM^4l-ViG>p8%jX!bS4%(IBxxjS
z-<Cyu!{ekW;^(-zm~nQSBmu(wf0X@YRF+$`J`NL#NUAgl2vQFvQj&sncXxNUfOH5d
z-QC^Y4bmVT5+Yq9Dg9p$>OOm)^ZW3=pB%%%bKmz`YsNLN8Ow0w%XKp9j{34S|7$)x
zpVmoX3HI!;kN+%+8%jvwGPkJ;6Q^_CPO+?W>cBH^6yV@2l<!Xp*XqA{tyeGzOcB}I
zAInD)^aei3j+Bc}mH4IqecjMx9}&ZUo(AQopZFrM*)FR9jdKGT3Uog=zr*BME+}|k
zwyrIm8xWRw46+)0a%jJ$_U`T7Jzz@!t2L4IOO*JfqW1hm#bus663Ms!{br44AZpt<
zL0ki=6c~0O!&Nu&3kTFv5WlW_|2kMiQ9$PC9N(ReBcLiL)b5E8y(ABn+5f@0hbbT;
z`rqfuenVjEcpepw8h`#C5+U_>i=nb8q8C*Q3x0*la{vs~H{x`6&?4ObJPOcuPZyT9
zz_Wz@`>b$B_>b!?ulddaPdb{@nhG_py$?OXvcoHY-wBHXGzkp&R6jDIepCi7Gp$gW
z7-0z#o|w7H=1GWuSTNuT|NTc52)}HOe(n{X(x*0_03G#v>&N)pru}*k;o|~=`LCmq
zRe*o`?QuUyI5Yri3)oe{y<htwuXCUAiLm{5RhW8Sx-wtp0#s3N5e;W_-gRLTr%Q<J
zf+a`T{V|1MU5E^A7l>=d`*R1tDOoB$*bFJ<I{AB$ZguS0w=@)4AOG_SePzaOJ4@Gk
zJ9RtL9+lhv452b9AX)TUFE~_&g3SLv&(DAfRnwlYa^Ih7B1&&En94aB*%e}%gZMv+
zApFnQV*W7#bK9t+NrhSy!V-PYqsUSC<tRwV#{d1uN9aKDzr+kd_0n3?7ueulVF^I)
z%SrwFuM|kZssx>j5`n3nGeR8&;#n9P$I;L_4#{HxFNRS5`|bT0RRTxv{21*zmZqjz
zqjw+61AUFc__xx=8;qPzHEb-oeY<(}O|A2{Ze*7g$%~DF_x|_gS&xq%_dC0<K`iAF
z5ZOWct`k`MbX4llI5D38^WcXze;wMvotS`SH*#Ji`7i?IAzAyk#EV>QK9AB>)zzpL
z#052onv6ek6jko^u$2f)WE0~r7af5U43>+p<uu1u^gueV@{FJcixkO+T?90DhvCUm
zi~hG)Mz3ExZTmvI;tRSutUeD1uG1|}Ovq(CfD11IX?^?~)>2`ro##1#KXI#z_Zaa;
zVB1mIU>B5)&g?%gu1Nx#@JtiIWvaFKX7J4OjF>pdZpvO!q2QR9=z4gQ_||BydE_`{
z+c^XqV!muW{o6v=6f5<fO#tN&JMzC=l9+s+Glq_8GxbHh?OX~G;(Tn)39J(|%&Nj&
zwjOl9D)r!*WYknZx=-oe_tBFMp5Ur5=tK3InC#n!l%e+cSSZjRS9aX}7=+y*R)Os!
zSYD7UPCdW*K^rTWt&w`OrCGR*pUfX8Sv4yr`*<};=srIbCGwCXLVW`pRHnkp029uB
zF}q`=z8>7~Cp1*&tog3e{u$GIR`vWbbKoFA-ksBamz0K^-%cviCmnW}qdfJAA5?df
zOrd)_1LJua;(ztoTId8vTH@mJ2hZx$UX+ZXshN{ebfu=+^R(=Xxg1I>)uZtd`Z7iw
z{?-z;v4t<wU#31Ks8kA6QntRY@AaittyDPVStPGyRoyBVL3^{uKVNi=BFdU>W8zgQ
zwVQj71gihW_`u~nVQovTKWyRgyhx0x%&5o!y;L>7KUiNGV7_#Bw!sIlJ>)wwIH$Jk
z({(tlTQ?!*;WOlg{1!E1f()y2@qnIBNqO3$%xDr9sw~Hb%8>T|SXJj6)fDQ4VO1wV
z^B)g$M?+0FE$~|RaoT4uc(|Gmd!1+!H?I_VwCr^Br?<5F-llEDX-kQ>BZsJQ!&gq#
zG#8&2Ztn}#q<G6e*J_c%U?RcSkq&}&N*n=PO<%z`sbbY~^V3xvLrv*hGhY_ufTvpr
z-yTtDsn-qk!}Jv?6E9e0f6i`C_yU6t9MONzOhyUNpJ9`zEGqu-xQvNxat!v<a6<^6
z)Sc&h^ncu&nP5O}K(&!&vDkXG6Vi;F%47RobE>FA5PlcJ1AhfhAxzO)yLwt8wo5hk
z#fiIHnA;=9ep8jDl|j}`-~#LmXS49jDiTP|X1RYU8DlmA8_Pd1yU=uyEz;$qv~f^z
zxfpeYouXfCIMtM>6u;+t#!Ae*k$`|pE<(yGISq;p>_s0K$y(XdZ+V!1)Eq`a3IH0^
z<stS6>JDvkfF(^!LM@xWyl=p7Xte8ssomYh>PU!xv*OGwjq9&5YUy=N`*Zcx#_sM6
zXI)}|YrzKVbOQN++|g+ZHQ{iCrS{q5@y)5KqG$(<*+CTnur6~%W?H<Ylo_ezecNaU
zm_XB<+Xl0TTy$eYf>z-8MKwT~fh1--zux2P0>a^(5dp)nj1m<y;DWR8mf5r2XY`pK
zC+e?Zw%3Y#SX9S{V750Sl2vBuQN7_vlH5Vo6*tV@Plc%|#c!gQdCO#5)<wcKjoX+M
zeW!*&*HO=)XlPjiI6dB3e4QCS+t9N2u(Qv$V6nfO#eX|MYSqDor-kIi3Z1VQRlE23
zV$$Z#8mJFud~Jp6qPmle0J^Bp+Jsh4O{f$_ElS~oES3e^TiTXk^$BoGA4(A$5}rJZ
z3L4A{!WXw~;-FUx;P;)4)Q-a3vaN2)E}9Ti;I<t|NM{`06pg_g`Q&3jKSf^rVBjJ+
ziz217``b|<(yy$!u&iIjFP-|fk$~?1uj42}VX#<Cs7Zc7=qg`SI!RbCYcSd2ouY3v
zVup`WhD|=7;hOC@I+#b}6bs*npf((jFoR)P(?dT(GP?a_;W|EIf9vbl%&2auK;l`N
z<ifE)+J#o7ZUg3O%)I2Dbr~}erS0j;0{S@(F*zSphIPGWM$6*I5vqAS6kPt-7A+#8
zQ0PfcaVqcg2<n*c%$eald=V?7F?tz!CI3tUR#6yo0CO8V9Sy3Dw@D?7(_4HUk%gj@
zLlV(r2djgmI74jm>x_M#%?nXw*GoZZ(X&$a8oaSZg&F<)`V$;O5hb%zvP4&q>y9hz
zED-c14`67EOW{5j#1m*Xb}LkUy-r%5S*$Ma!=gY2cpsMk7&)rjTNr)1IU0f<aP`X!
zZq66in91`(kEZPAm&<QPb+HFcy+~SHF{C~0rP{``NNQmNips}d1|!VKdm!LOly~U>
zJIW#}2g8;1S`ta=pgGh{cxW)}mx=-F1DMX14jR`vp0_nISE;ONN>q<h+n)9njYTJD
zR)fGbLad`*?S~USH6#iayKl+W`+Ua>GlU~iotlrO<2FPF<^Oq{K)Z6xZ;eIZX?^Cu
zIyKGao4hW4gQUgq5f)oh{q}Obq*D%&H9fu3u!G>X$i9<6$K<AEQVy+#yQf44NaKB6
z9g*a$927<4(fao5U`fTI&wBYfh{bgu;I5m989C!Ml1E5?sciY)hb?{0*Xzuadtq~A
zJCOPzi?@~f?eJuvNBr%jf9a|FD$A5Pw=0Lsr*iQESvKI{DF1uHdS3Yg0`N~iWW6T0
zw^E>u$W;2je*_pZhwOfsSI&enYRPB)RXa<rCVk$Y_Hv~-j+#b|%vT~VfMXE1oA|$C
z4bA(|55RQ#l)SEZo=`wwmazpoMn9Kc-go%6Q>!w`bdo;@=~W%CP|_@CRmYefZ=HiV
z+hGrj6DwY&r3MOJgmDRZg9r^o;sJ{TVkzndM(1Az+xsc=8g6B^gj$-3#h6%cN|PP2
z1!bckxrY4xgul%Iz`j_TO6WE#agLm4-87~7t)Aecx#4q@X8A3+7yVRw)1(42NPF2+
zk%T%JR^2I8pM$M2K*L`a1Azt9GlOVDP<al8VX&BKt$X`9XV(QEPEm{K-3y0R6&e2Q
z=6`>pLHo)51Yt*0U@f-_PlqSw>5R*1#lT>~bHU%gtN(xgP9_LJMH{Ut$8tkFaFH2n
zouxG=fbQC8q1^d|yR)F6p|RX?{nF*yE+97Q+2zpn*s?&B2mIB{Vzg3n`jJ*V=t;8}
zsv>Q=It8J+tBzT5bevRneF6W5GKwE)lYBP_I=#saPqrteBEo0Be%&QYcAR><k^H&q
z3E4IT47w*__XcyBD1(BCzms7lz0X_*e}Ek#)hi$x<X?wkbMgpGp^9@CtR}y2qUYw;
z7^$Gi?N)=~6HkT7@|aC@a+0Zsi&U8#r7V)!FLI>!VG<dI$H&MhY0?lM@TZ?LBds$)
z78BOC#|x3n#0&Hbe{wnJFjs0pvNlJ4)dt)sF#b+lYCsAoicqqZ6HsmVjR$hga#gUf
z+p(VevZ^D4G?dc-KI|?PS7LPg7yz>D^*k4d<>Lv7rCCo0U^3CfjVxVPVpxnaHm4QE
z4Z;CNt~5G-2-*##7w6qa`%_~{6<Bn_<;1p?*gz6NlnxjdGW#w=FXd9LJ&ACKPNF;4
z0fSn`t;}q8^08#R*?i7v1*7C78_Y`OeEkcfVoQgzmHok1ub0D?gqEvK<T1&>%AE90
ztb9d0VRu-rVhp_@q|D|8VeHrveA9_bq~eCXc9WcuX=OEU5RU+6Q7Pfo1G}=^cNfY8
zVY#4gRbriikED&U4RAP=TSj^YTL@}f<y3r%-xnHsBRDXnMBp_nudt=$1OfDdz;c+7
zVy`f^k<kE6gKMo51#WH)Unds<0eIwsw_L^foL@#hs3G7U4nVFOjHH|&lq$?<lp3Fi
zl|~Wh?26`Z%ns0-Z(6+R2i@7T&Af@l_xq0npCId64WSeOH}+KRNN4xhKKh5{Yeep2
zUo52yfRhbkSjbe66yQO`M6t^Lb+-<pdXJG)7DS}a$lcM+v=CH~ZXG8hQazl!6%YnG
z4xTT#ezEl{KzQMk>}A@T{9+)%ABQTR{~Hj&pCL13FP{Ka7UMMw<mHqnTY#<uU*`!}
z#WDkT+myEDf>4zWJW71X^zK$QV_QeF!IkD)<Ih^o!%t|25b7Gzg{aSgt$-Sxe1tg*
zI++|E0hy={-P%E}(LEe)^4sZT=W%NH6Z>d>aZhNyg;GO|#ZZI*OPdPv)5F40t5^q#
z56dFg*nN=J0#`AlAN!k~lucBu*estH!z`_5-znG&<(VCjLM?uEQ;kjRsxnC^?aGZI
zNkvv$$3s)ESw<<S)MVZ3;+%;?s2c-_mHCcGnzt9sW^PkUy)CzEP<&0M*=6*jN(8B^
z=-w?#k{Y~*qI2!UfzRYCc2WAOS+z7;5C+kiXI+6!pWq7f6ODUyu0{q=i$p|5TY1RR
zmcm?QUCt=Zfn7d!g5JDxtN6G8zYOuJc(CH5m9YA&Cks7wkNSd<D6?Scc|g<T=;Y*@
zdmrOpX%<xiUv=+dlMN6baMaT<ogW%f;fnW}vtR?d(lVH7TlQQkXJkjZx$T3=S_fGO
zE3z(89j8!j6Sv2xk`ZuolnW>qwmeLL$krDZajh4${x}A5KxTMZ(7x|FPM`A`X367=
ze1x7)zqto=7qQPArWpqcJhc?D?!O?t?##QD=4s@W%en#NiFt|&vw}Y^qN!Ks$C;#8
z){D!XmVvlTeiEtn!|cVy#Zo!He%HVJVLX$vMxj0DSOhF)3V1HdGtv*`;A}3~<!v9u
z!lEs`SQsBa+Hd@^!qGtrGrc@-4Q82TeOAdeFtxT8KA9>~9iM*1Mw@2=UH?-!Nw_=#
z_#~<N+lxex>>-#ll%z3Ao~4UZILgTfmNnQ^(w;LFmsC#-yGm6mLTaq44P?q-wVaj`
zm0VZ2+f-k+h3#IQ1rSLWzw0<SH%jRs@5Yv*MZhio2DtHO(vm~Vr54%gkKi?=0HO|i
z5+()z)CjRkMa<@4c^Ly6vu=ry(+RWF7!3u*VyWf2dRmLqw&VLZNc2Ng8;a4hRMp=>
zACcp15|6rjK7K)Pv;!LDW#A&BSTwBFK8HK-7g>6T8JRjzdEvSy*^Rj(R!p5Sz+>Q1
zHsvtJO0w^~Xb*JpW<YRRlq@7$zz?8{P=&l~1ESJ|n8itq+}|2r9Nm+VPTj>T0{?Un
zT)RG+hCc2(rL_Xalt?DBT7uc2hm#J&;6ijTnpGIVy<>@V9(2WreLilWQ7#eSV0@+-
z-0&@cz-j+$kSf6|tEgizYxFHWvH_N&qT=wG4Goq7Mi~80v}1g7pOI`Fi|g?w>4`V;
zUoq4*Plgb8U0W?SogZ(tt7|ZP4j}|%1?Iz4iLzQ+7Pm?F_xH6Lo#;w%wxnY$!1pkI
z+IRcWOu0o7h(;Ju-`w2%qxH7MNkAVfMl?pTEuM3!vsj^>!eXI8@vzPN$3o-uR~tGc
zj0jY>9A?d--_XFz5A^`>3OBLn+L-~t{b2!gO?tZ%50c^InF~XAM}sZdPD3K`K}?Mt
zmC7^GBCK=$6YEf2Y>2=Mb+K~6w7S&OsP-zH<s;A(kxZ($QWfklGuDrJL=~^YLX@J(
z0$#Pr0MkZGDi?`zm4d99mNbS;kp+v!P&<Z!oEuwtsq9|CnHWuvFovJHD}}NIPdm`C
zSHelYA;$fxom#R5d-51gBhl_+3qqnzLis@SrK&q>#Bo>0dj9P({{y1LkTWowH6jmN
z7KQAIuFRwg5t|LK+$zn%4s4HFk?r)p;WdiQaI_ff_;x1#N{{1FbzWF2B4&uziL-n6
zxgfz$K{;mNlG;c{$)FnnW+Z;R`Ds1TAcHryG+gB2F}a+oiDB&YT`qqNI0DX@`TeYQ
zKHvn9Vibu5EJTe|-?e6VWkaa|#8ML{J5na>m!D<%0lgP2a9vprA=8WL)u7f1@4%9&
z8?4xV5iFzFDyXoNI{PW}>z66$JwWUqpf)LB$3CYCaU7nuGmG0Y{WxC@Vay?y7aLvQ
zD;!LjaKJQq+yetVQ*jGr!cb-2%ulzRxd_$7q^D%v%YL>wE6?cRpSnK`WNw3f9@A~S
z0vBFt<&3mUw&e01b>J<S9k9Q*$8ERTyHA3TkI(ha!Um~KsX)EKe3~Aj8g|H%Xe=w3
zJ-i|4iZ~^O2F)so!aO9<DJv-XInE=wjwhvHa9z7SPo&*2%kCFs_dVpTT(<P2)D|Aw
zT2??Cl8yqqXyS8^&Mf5EC~bfdY-|QpXo=^J+mqW;7IOE|RvEM~UGQ~A1f0Ef<-FXo
zJ(6cAQUtMl8(&m=wk4eZY^)RM_YSqoSxI9?z<uwFx_>|$4;yo%vN|EP%;5B@3HG$|
ztJoGQgUj-u@=tzH3JF_!VFBv5c@GhA!API$L-bn)i*H!lrFj$EBdIs*I97F@x8Ksr
z6c~>kg+V#The%9(ngChD=kM0!e(5egCM%>$3PWI{v`Jwy9`<9$9L(iSbW%Ve3*#B>
z_w=&AP+UIE;Jpo@@tnodHoFma?vH{{nc2LvJ%&MUcz8&xU&PmfK=4cNU@`vtZTj*p
za+n=C*nNcZWQM>g{xX~LHs)X)P-S4rF&~D2tD+z3J)cP`Sb=5b<-OFJ97@QEy<98q
zbxHh+aqfNAqZWjqdtpfMv~38U`s?3si!W+Cm5=DE)fL2!jX%8L{t^4?HZ_sR%na}9
z(s1P%SmS9zO?l7O$OLpHl+3&)C@%&Yb~~5Z<;f)DZcRM_f{hfDlWxLM&_KYA8Hw-r
zKk+K$D4l-R{<DKu41rD2Ip6>Rx9RrgQV!F-IzcPWChFPN$;k;Jm~g;~4Nt3*=%wi3
z<Z(EfFMz_J0t#rgPJk?LXGI*hLp6k%wP4vVRlC}}|3&IkV1@yI#Ts4I^6qm-uK5zj
zn1|4^M2v6q-bF*^?5D?_p$H7Y!Ou3Bsc}JIF~0D{`Di1lHErkllIVqKF6=P-y@V`p
zkMHES7inS<e82F?p1=?&lIepGgA6oR*y&_OCh$CIrlL+r8qd?=1KDA<RZ|uBQ$=!&
zSXeE>9iB+hpJBPWKWCNkK)nYDa3aW;T_&$P9&+Y~%TV(FCJn*nRGL!_4T37N*Y_#a
z4SuqSkSTJxcOq$>Kmz&GL}8k=BL~w;IWH9Uq7F(q4?7Q;Fr#CCzi^r1IV*II=3S*Q
zwJ_U8awU&+zdqt|Be8>=!u|ew7&{<_aDY;sUB0L#dUEF0zMXjJx)4qrlNuz>NU;s_
zO*GtEedr^C@A}KtYqgIjMpHPyxAQz!nCORQ%;ZEzreA!fQWb{+JzcdP5H4mzDqusL
z%U+@~2u8~d-+u&33qVF%6ag2|cPk!%mUD_g>N#X8Hv#-xw$08-CAviM2>}fY;F67o
z!y*jDExabxu}!?P!&VeMX5U$7xStJBuS8o2-n{};S5QlaquMk9{C?DJcOO%c#E#xe
z;{a?5bpOm;5u~=@Q?0+g91;BlKQPjj0bG2Pg=%B2XZ4#YHqdrr#Bom?uQ*c<DGT;=
z+%56JQW#_e0*Nr7f!eV3M<&5`pyE+#<I$%3Wj38MuPhen23+s`K;B3gun1T7nRyT3
zqPwn#Ekn);6Jt^#8a578HI11gVxE@Y=vAMiWU&lL+r*XGP>CTGm0DH|R$@{S$uWMX
z*>wgv<Juu5D8dFwc<u&IU=A?i!}Zo4UmsT@%hX|hK+?$v$ncn{trwyGLjp)>3_`=X
zczS;q{N*qf0gm8nfVk&hxFVfrw*iW>1n+p^<5You6tG#$ZJ1c9hDKgMATv68!Lhba
zKMRL`vDiy(=c)^lE9-{ZD~WFr``Ru{G=xTS+K+;Rbi@&GDA`}a`UYaImb%?=XT^oc
z9wL@~h9(=G8vyRdGg$x`vUSWpPBjK+=t;a5Y0oVgzz--6A;ido7wakL{)8L@dn(~~
zg;GhThQL;eFP5=yvrAgE5~MyA_trpJXCp4?rCA=*%SU4{fgtBpz%0nx_VY<BtPwhc
zpnteMtiT_+7cx_u3O?a>n>8HL3{0L-DZi5NmaE*DEq^%lv{A&pi1b~Y5z)Koyy*QH
z1AFwJ-9C&14j;Gax>XWfHy_ZDwT5&BL`GrmSPwpO&lwC}fZ0&w7m<V3@ogyUo{16B
zaMOzt-W@Q18C8FAFG3xcmajoQTyVi7b{t-MwtETpK)^5ex!C%}qq9p8YLs&w%wi0T
zU{dkeZ$f4i%8i!+#o}li@m_jpi&AxJ++u*X5+7td$zH<j#g>#3x;IudqT?a4R{4Wk
zS~En^;3aER()0Rs3ly6*6z>#J?FvSf7!Ox|x~p_s%LlVMdO*)@!tG%Ts8VrLJ)tnS
zdPs%^O4Rm2RsC!NIUlNQEf3eU0w|L+SEA+nW(TLT6`j_L5XYY;pB?jjL0I~jkZW$-
zy=)+1E&mKXNx+EKF0J@;f+D`CKaa_tM`?Eoc!v7Co2)2Ud@>vR4D<Frw`I2S`_-!v
zke-IN24sBz<U;qgR@nswWj>pVM-K18%}*L1C<~sjmJ6yIA_QXw=g1%{@SR*OD%dEd
zUftvSvx@}~Sfqnb?Ey|eBocyTT;P+GQAwO1TD5mR56z7X6_g8vhD<cM4^(QhOFemC
z`$|6N%8kEWlMF0I0oT3py0}RPvfzw~b>yp6>ODrax%Ue{>ll$$j&-9G{Q-~Lg<V_&
z|7TYgrZ#07{_<=rY#oPUlt;VegQ%ukM_8yfB){1ixqA|&bxSlgSHq&z_)tAusryPl
z{3BoCz*-Jt=m5l7WNU!I9ks{+lz;ta7=SD|f@dx$i*qMp)IIb4k8R~+(od=qc&>Nh
z_NIqSy^ab<$l~Eq7^djocH9z$mu6i-m(eLBh2U~CaLEcv&;;}cL}`4tBT}1f9X3n1
zK#4t<gF~4l$Vio_o_j0wXzJoGuRyI|EZ|LAR7##@%JIzFWvN?Ox@|ycLd|}p(;M*C
zybDaue!|>V*1~98lsVGR53ixn*D~}_+gAW;hx6Oq7i1mzK?|4!EsuQNF>%v6vAnLv
znyCbw#)?}ax*4?jB-!{iKE9I729ee4kio+|N}UEhQShxKE*9^CvHGEGJ1w#=wZFP=
zNqN!gy@R7Tnt>_MezIDN6v#Bqp$}jFUP7NP<=n7D@w~~5Y8DQqjKi!|n;7X2`T-If
zW9bd6<k<)<cn;m%<0g!2bQ$uHaKm3Nm}dpEX&F_%#)CG9B`^fVNFM$i6rwRdhK|?~
z`+Nx6Fc`<_`YMe4W$`4;17P5}K>eQ#UVP!R?h$Hz{bUK^=lZRNbNwiaJafzRo(my0
zq^Ldg&0s{41DbcqV4zNZYM0-f+DLmRxV9#kKR_{{{As@lfeza$(eric=3InRTrB`~
z+VEK(bJ)2bJn2yz9E=%6`atp^#uS~QtpW-8t65RP`?9{NbrckL7oZa(Fs;*L4`0!<
zOP0ye80V~6DE?LWh}`;}vX*@)p($k+4r~r>M2pM_C3+{;KxZ(CL>n$>-nwou>%*um
z^4?;(y)5u4J)#jXil_LBiQTS&Nka}QmaWpMCZ<3Uiy4*-n_WO3vCLa42~=NkuT@^m
z(n}nCjvzfRgqa8nWOu?G-8XAHNyY?2T#qzfjyd+0=fVaw`{h;-ro@=eEkGwsXyL5O
z$dw881zaTz$wx?1qkzVQE@d{|leQFuUtoYiMUN!vXNlU6b5`b0x$qdKuf!{r)Xfn|
zDvP8>9Yh9dzg`|+E=CL<^ccAcDH<Wvbp-P2!)aHmPg)YLMPa|#F!n01Ym`<QV3wq)
z5X}hDjnV#4hTZCU8eD|b>e*Jl#*m%x8Pt>3iDi_?-orsv|KL#Pz@%AdxjsDz$SS!O
zhtR~W?QK~_ChkW3xr?uVoi4)w`t*kr{~99Vs~0AwWnde}T4V}GBB`^@0()ZA`789N
zM@2E=0j|dFAA#Xd5yH$tgP0T-I1ZX4R<TLYfUD6KDKYOyLNIbzPB84?iW#zqRGt=r
zq9w=T0-g*=PFBD=PjGf4ft9MfLJD`ATwp>paa<57o97_7fApA^`nSq4xPf~VK5lM}
z6Ppo9cICRCFtvFc4mNG*#JVVBx|#KAIy<nhJ?Pa0+o{G~3oAq<`g8Ydz*@|cva}o&
z!?XP+$1|8$`_BE=>~;Z{SfZ~EZ96lJ)he>Vz&wg)lL#)i-!PD4C!y)qrMUB7Gx_MG
z6SCPjr(CBz%+^11a$?#;s&V5N>J*B8{0*~W{M37Bt7s)@6F}J(CK|!hQ65n&X~tjm
zpv0;)kpuhNDjtxJXIZc%Re?J39#5pOASSB8gp;o&#-Ci`ErW4XT^tQR9R}vo@fV53
zJSscFR7|$I9SL;E)F3f32?nE>=Vrx%tE_Em9xyZd2|SG*>_04|Q^2`wh0ja#*|dtt
z@<86j9pojDw81>DtW$lpKe$csM#OVdRri--e&z9s*;xg?j&m@1o$BD;wk=ojhMIyE
zJc>5mIXvPod&inp3+X#u2@`_n+F4TaT)%9+3`OU-Ma-7VzCGA<7P|fQYJC4)&RNv;
zbcK7p?Po5?5ttr{^}|s(Yfz-1Se1+qf4ToDTyeyWoQf*ptocn4&LQXzG8%f>nXyc?
z4CcU+b$$tHVYrPJlv=LIS(%qrcihcci1tKwJ00aaoHnd{pu##@`FRHXdpJOxHJ}oX
z$`Ht#E1V)_J@WYm+e%6JG~u}mH)>gf>YlKoXoI2G8Ihf<S2;GGa?uSFugBEHahp|R
z;Vt&*Zn}RK1;?D~nU`^B`8>=Hn&|eVOm>uoDJaDeh1oI_@Brb9=gDRMc6A;zved5#
zyj%QPgq@ub`bC@ENC6SV6*Kc3zc7Tl2sba1lV+d!>3UQKlww*vyk*b@M80LT{-Zv{
zIXg75|C~dwZ+-TaId^40a~mk}70GZ@@4C)-J!2+0aW&=XI;0r4m9TVuwq+-006#eW
zEL+&aLykL3=UfO>7z+}<9^c%yPahn-Kv!3h7xlL7R*qA_H62=y(e@XVd#`tTR^yD;
zpoFVwu3pAbf2(rZm}y@2&j0H2<LxnN<uMlgI1Im<M;k^{KYzvfo$S(m>ituhFrgu<
z`X$%Xb-I9KL)w)D#J}04oDJaEKnJ-^*W{GM!#gFNf#GK;VKfI<Pnu(|&cbtndBU8U
zBfN_fHWD{{Me!%rJz%(RAU$$^ATx37TFmNCFlYrEtq67mS}v{3t(pe0Si{sjFC40f
zr<g&q$dOP#|CZV<?&ecmd1x#PMek&e@)a6ygs_$=Lp`sGjLvR#z%YhY_9wUqDh(1W
zOhpte9Xo0xjS&`Y$4N0DXPJe7r81K2GmBkn?k#ZgEvJlqjL8Dd?L{k^3IZ-)H8-&j
zDguHX?j=g!Y}Q>c;HAJ!ny41yaoRAuou6l6I`PqMdeV)@Y-Ff?@f1qVV<#=J{c=|2
zJ0#7oF$xDvC5<s6v!K7S0esRh$!PTXBii78<>C8b$Y|aauvr<8&-Xa74~bi6C$+g=
zZUKra%$^p0*0o7AmU?z4L?r&PvN{tvXafa9JK|wWz}O(n=+Y$QXE^StPaZzQ`qVq3
z@pdVd=UTE_NMRi_2Mg{qP5g+KlPbUQhe$Dzlz+A!)If{L8^Aw(VY?7D11}+~yQ%>r
z3$;I3pG3MCs^$DQlMI!sPE%}<u5n$8f9`lZPAb0b9H$AjsI3SZ);`f^t1THH<|#!x
zetI-u3UO(dEi~4dnyaa0@l;$`=$&G+G3y$bHq}##s>I6p9W$QFr#3lyg}Db67RNt<
zs_R=s?7Mvck}0d;w59=5zx>GL2``uiGr+I(YC;FgNUzsoMWlUD6PcNS*=oU(Aha1n
zN4}GGleJB7vMhV4i1U=*{if@avudTDtPRa7h%6&4K=!Opl$4BGw3_9EfCzk2@1xDz
zx3ln6kr{fAr6_mq(P&Ujv0onf@uyu^xmgEB^T~!QW{vm#iBPFL;df6xU}t6G@i>XP
zm0y-iY6b?h{vsU05F){GAkg6v=Q<x^=j1#^+s{c)*{&a|HtMUGXlgDM3#>GlpMKZH
z+`vL-PQD<(%0z#^ijUqM<N`8Vksrw++E%m3^MUUXL1#eX`q7b(iS<E`hbP@@6az)u
z7c&iq^=Vd~ib1lPE%+2@O+Rlu!T+BX1~el|h^Gg+X355h3s4$5I;`XUpS@=2vSN@)
zThpbYt^hA385xy#jc9<VmOP_ZB?9@$0gmdG2z%I7pVBv^uu<u-0YmEJHAf&T6?{_N
zz|WFcq{cRCKe($Z=?goRVW6&1T4lwb(V*wd9%hlYmIMN6^wXNu=3U14OOP#;q9(Z?
zsi0md0wVPw6mKE#n85VB-r(yizpv?(WLr<+k|P3j{`*=eyI^SIHB_Qm9nS9NMHf%l
zF;%4FufdQ7J8Y^tZt68OO{hC3N=}9bwT<_{=s^00D;#?wRgUY^z+wlns4v$Tm*)>v
z(<!;G&~3bE(dF?c0gf)1-ZQBjgUAY<g{CO{gpv?<(Q5x!82)YVYGqcy!y1&ml*l}x
zEj&`bb`f{eZ}Uy-q>TfH&BK#2<!U|2D_4{s_$gKW-0#t|NN+8Eh>3E6*ztkee6j+c
z9%)I9kr*`h@Tjq!7c3JZ;CYn&!_y{hD8KMScB#c!l8v*-8zV_b`L=UYC=$5&+a$Y?
ztP|YrY!SsG?l9l%>v^%c$7z`TIiu@Lnz`G<gU@JFG_1}_Y;77IrIVH6AYEP)2Q)#L
z57%J46FE<-R+kschu*#%jenL}WfY_|Rofr1YrRu$l&?1b;5IZsnuZ&jywUUSK*yHT
zsR301*S`c~-f-#(swzn9hAcnxoTEan%)@+eQ1rb7r>AaP05rw)ku=$~h(GAz+4%}M
zuY}f-hb1$oE{#6bSav(}Ase>}dzeLnPaXz^*UcqBNI+i5H&93Or?0A<w1i3}ExFY}
zRe|%c$5_IB$;(+^Mw~%6JAW1&ADV!ZlSK786E8)4*F%3$nh>_8i}YA5vOsOi3j9Xr
zU3S4i!xSwdR%E?SXG!LihRFcu@W^$FJu(hz8Dw^n{TtLCsN#X?P@*(h1^ZU#t{|b`
z8%|E<6k%qL9Rz$NN&xR?b1$Bw$<$Ta+(&fp3^BHsXFoUYEWC?5IZU`{|8&0je4?xW
z*$Mh4@o?>-cGEHT>TP4`l}L*aQyY%v4RWv8ab$Im3MLRA(aj*3K;8$vhYbFR*`kWY
z4z(S)P2l#)x9{A_dth1>oHrG2y^INUf&y7rGEaxwiEE^ixC{-w!rrUGUU!}=d4M*i
zadBa$HY(ljm`<gP)FPH1(xaweS>FfG?}0jQa2V7G-w>f;aD2;6abVJSF_FiAG*ssl
zhJW1S^qEFBrq9Ed8GPSUd=D%V<o615-rpQ_iAN9@mKj;P*uNTcBxB_&Fdk05Ig};S
zn~dubdwC76*d9V*_{2Z(&M(Qx^%ro*4`dk0-rk#a+`sni{)rVtbso`o3z{8#j|IPD
z5Fqv`8#G?@uqU7*Y3b8K^-?BB{tFivwFPJJHjdA4EUQ4NLEQsEn$zfwv9qW157Uhg
zH1<Cr)|b>JSStJbYeT~`4TO@EWQOXQ_QW+w)cpc_<KB_menai^Ve}^TLkH1;2I#wU
z<GMzjRqWFm1ts6&R!uE`_`6Lz<kPiPsE8%8xA`eHFaOycDb38g)-eVw-<yTVVfa+z
zS7<dEh!CPb7V~L95w4C3?F^l`k@52u(nLeA?zr~WdN+;9se&_p)0JbHC?k1u>bSMu
zJR{nbl7MKc*BIw7i}lkbN7#S#VTn8rEb1>j3@gIdaa^Aps;}_8Sr=cL<{?WY=N%Ka
zoV>?JXt43s=?9!73fK;i9Se!gvJ#7-c`puCXsV&of&)z>soHkmd<^NG8)Z79pi+K>
z6Av@QAxgomUIU$zufei@+^iVcD)yhuTy^7qI*z2br<T*kQXxDc$cCIN5k+vrpb?#H
z3bCG{U)4J(sZS{@BbAl}k?!ubXV{ilab^Uyn|~Bse;g_+x0m!M)}cnYUUD8}12rYF
zPiHot%JKyZ$ypAOJ|2UK9e-q^!npN`*)U|71vLfH-cZ#x#VY89=C9moW<etU`xC=K
z$j$brk&LjOdGUs}<Bx)~MwD**&7E$8W$d$-<y*{J%V%xz(+~H#b;LHzgli4ok!V6{
zaH7k}COs@W(T0eddQ_sQ@8HSW*(2I03Pu0v3WIq1tY?X)UXzuk!H|>evbu!#jNy8&
zYUMdL9~slRYZ>}{kyA|((@`5k#2TD%K1eHxKO~@)?v#UnvCwLhb*PB>`-SUz@L($E
zOI=m%FCjVYIPMv)c}?nZ_Xn2<eWr0g3?5Mn_0_Bb=PU{XC|;D{uSg_h+IN5$iMcJV
z%t+NPv3#qRhj!rN`orYj=CdvQXxSk>#BW$HQN?LB)8r!EZp(1TduhevpL|9(cwfP$
zIR3fgtr!ACtf)F96I(FPT?GDP^*}({;neM?YG-^!J`d^mlXhi;9M}*cjaTGo-mF72
zH#KkUS6-1$b9>>bm3NC`X3_-6B-I?Fcjg3JN7;T!8F9zPp<C#-8IB9cW?nGrTzq3+
z7&L}wjv5>ybIyQ(Yj2q8)tHC_5fOejm}!c{66;|hJ4>JgO<(}_uRE=`7)+ff|3A*d
zA6I8j^|}+|1!$??P(!zz(vm5X?SbF9wd+1+-Dl4;ni)y%Pj%FNF3U#o^?7jjF)1Mh
z9!48J-_!KNcBhF18Z4Og){t+3<d4-0f?x}nf1|tpx(8rp*??uw_L8H}3+n?{#z?1f
zwOey6XKEqkqOJbW)a|bv#|flyT3eNS+>S!2#r?Y}SWLT%lpJF!1-hsu0i+7AvtWCe
zStT#LbvuTLEJofe!&1A!?}GVNpvgsWx>wn{OiNh7Lrj#$PXX?a)&hdXG?t<$CqYqV
z$ludda*XbbCc<+yxVsvuOF0?qpoO%!W|^p`2u&%NZ><<brX_j=Iw*9JQH>zTthL(t
zq8gP`Msx^8H&Z8Zs7s8g%^g(^>e%1QBq&UR^^AWMjis2e&l7K?*F8V3S4tUCjQKLm
zC^JhdlUzK=7)Y!haU#aLx5Yw^t#;(n@YS7$coF8q@sFXgZaO)0)KqIFg7G}2f-Hy(
zI2kDPR;YrVI)g7Yoj)H-e<kVvcDyuSSG-l#c~|q@WLW`lJ{D=`Vp^?9>}w@^!y(NT
z@W#6?6a5-`f>xly|HU7)se!<sR?Txdmfu=qq&l{*N<-KHEG?ssO8YdBS_?xaav>a*
z9`$5Psp(wJB9&McaWX7~6h|fhQuj6@udDU#qpCr=?!}n&WeSn<n}er76QQ0-5RLmO
z9O1KpPE1llI*aT^@`cKSU?mPezN}7pwn-kC0pn}uY0Qt=zvNb#g|GN#I3Q#*C++mX
z9}w254CPmdyp59;ztIqvJ$N=!pO>ou-<_~^(4giC%W2@L9%?w@`&aXX)<9`GkWu#x
z<K>C>v89zpYlR0jHN5Z^ldL_GR084ZBz~*n8kR#*fM<_=gU+D%4eCF@Z9pvu5Z*hS
zS0Png_a~O{LSPGYds^)(G`+RRV#)dQ;q(RA+FC;5E9K^Y6*{G8{wZ`apI<~9hRhCz
z==E0gr&JeP<-L(r^N{<O4FI`FlyU+TOp~{`!NEl{Bhpml>6H125o<^*5qIFWNS=ls
zO0?f)$WY6UxVR(Vx@k{xrA$pEZ%&t*<LUIi$er&8Ma6=_Xx68Nbioa`*EkOO0#Ol4
zi23*ag(~E+N}$iT+Y|*UnnO24Y{hSXmUb7VfKKN;BAvnyir62gVfb^tNAsX3B412S
zUBCK1Mq@_<?v1z$b3mAdB)hvoiOGI^z|#g>!G$6y7~^QxO%BcV{AOaM!eOT_u0o^7
ziw}qDl`IXh+SO$(ehbw<4sZq)0jUc5TP5(UsEARFX~`h&Hih`U-?;rxa^puXZy_ft
zpl9(qKaQ3Cs`)-N7QRzoXDk&C26xBspB5DxEKa{8dvk`IorT3m?fnPKt@D@V715j?
zVFW*Q1q?aN|AppQmR{qKozm8LnN=llK}N(Ma1Tmg3^mJBQ)O01J4r_W*Wv*44-H3U
zV~5TwyJOW-3K*j!ayd4@G(I`TKLke{ciYwk&Wq-?;aO=ZfE$%K)|9~HM-UAGNtcPy
zT3QTf#ylX^6EjRvehJX~T~tJk9}Z>3v|qb_TFcKXGMVY1>5+Oj${yo~8UJTNX#Cyy
z%QPMg1GD#EYcQUt77HGZS)S3y9rcch=ibbT1*W{!Z7y12(!LIgCn^(RPQO}g0aunw
zTn)vxSR0D8g3*KD$^Vh6G04RDEV340q1Dfi#s(762TD}R*UDIsIVO3$6qDHA_Di5>
zktNiycs#+GlR8$lXCj%UEFYMK)GveKr7-y>0#=LX?Vw+zr$SLd>A04u5F~{M?!Gr`
zE<uoV2B!4&SnJ6zQwbYH2d@bj{f-2z53kuq13Gj~ijQFgRmfCMI2VPz&u(<fC7Nn<
z1EWc<0ZIXxLzCC{XqsfCXCErL($1Cb<Y9(9G>=IorF}w+YYMR$;M`;UQdZm9AL$Xl
zq4+U^@QK7_K6>j*<M5+331~-$_;Wi&&F{IMW;|H&Vy!poCzhcv7IvQs@&!xZX}E<K
zi&SPaJ%*yACYWxJ(1_6ZjMl`f6IaJYWYvA$|0M2a>jkmpS9_V5`yy9RNNum>aQ-3*
zkG`bEHe@w?OhzP5u*GGIj`7opn1?*aG<Vtsx^$DDgNn9<=XxPexP?k}Jmqx;?C`@t
z-awpf2xq(4nS%M{@^`+SB}>ozeVOk!k<GbDmmB#vu;y;g%*kP@*zoYgElsmqbJ1g`
zPq&dOdrP<p8TV$HitLLWHoN-T9~0-%<y6zS03gmJeUVM6*c8#MTk&mXi@^E#qsHu(
zz+mXw;A=285KeC5{Vv<=<r?vgE|4JF4}#h9o;Sy@T5US7FVWqWE*?UjK()`OXRG%@
z!SXZ9$$~gq(nX{7^<u??`vtV92T8&)q`4@RizoZ9Z4;qk-;T~Y)Woj`!Zp}uGaHnR
zU1LA)MA30BRvoKuJdT!BYOqQUsR;0liGmAsidD&H1o_E3HU8%B+Ajqz7@Ty<KxhBP
z^z-3&YR@H2)g@|*@jWTuM*Hk4bhXBzE-%43&Ii*gMA4s+dP&Phr)Ym^nLoB&DBC|c
zNQk>T;sh`g{bv9@4W<wn*iIhVAVg+ySFN;EV14P#vQ+UDCmP{;c13*Ta&72#BPTFH
zEoq*cB%2HhM0jD)Mt?a{Cd<6*F2=7E#3|ZuI@#00dqxL{14d&n?(&;tnwaY9y}H?1
znkVQ@--Z^HTt6b<x&pj7I3}eZ9%Y|VIdEbB0<_y#S~WU*$KM<#xRUA740c7)C?drD
zj{SbC68%>tdD@-!Ol~C(vXYs(Z5Px7s8*?EaVnGd%xKck^}7#ayO&~Cv<~Uh$kA};
zuSD;rp2`zXRV6j#v|NHa%v65L8u}}U7ls~-%VxoeT0egx_3K=*G3V;A57?VGVVO^+
zYk#Qxa@bQBo_pXKM@9w#hMfYAl$q~Wt{LYr$4(I#sd3_h;(l{aBP)iRN``9mkYP)~
zk4UH1(7y|2W6kI}uFgr7r^^bt=ojzt{XnCjFOF_@n54-wj4_-TcOldIXvzQqnl~B<
zX~DAOoqVGAA<_fX+xvu9s4trm{Xv<fjArM{_zw?7!!J^|Yuy}vDiT$!y?&(D3nl<e
zfnJW`yczP#_Q>@T*h<eCa3!0dAT#Mh5<`BVd=`MGxKE{yfa~+6TjLp4%q>YH(-H_#
z`mjH`4LWf|Q$yL@`yf!=!u+E*E1&^Eb_l3P$4X1h-g^V5+uXC|FEYM%`tDN>vUdh_
z7TFII+N((>4p=~19uuz*242q1jp$qZRw})vRbGMu70W@xC2yrm+Wfed`=efC41gg%
zW?M9gVd=F$qF4qwlm8nXiRRuJpN3qp){A@Vnr>V~O}naU2c)Fu1GeUF*2ZVcz3OKr
zQyZrDn+#M^mJOTzAk|}$)LMO7{Xt9SVTiC60#EoV1VCV8@Q_I_5@81YsJ{O(3IjGV
z^*YA!%VCe~`?MK8+)nHDH+d-O5?K#aOhkm`8?Wt=zz#s!Q+Grqm-LijtpmN~!42vS
zbFcIq_|w+rs`1IY_57l~{eFKhxyE<WSnocuk0U3-50thGVOx$n%fKBL=^m&M77TjA
zA4QM@pJarLzs$V(A$D=)Cef-44*QGus48BkMw*G2eFw=XWMXH29_~V)8>>vDQ){DH
z_(CrG@XnXB-`bCXdUuJ(EB`zyhM2hxPYyd(PciMzo0KFzaq}8bzu@_H;XGfgx<<V-
z5iDLo@DOs36`Z*$lt`*s<}d4)IGobnF%(%VR=@+{!X2d23vWR&9Z9D*SHioa>5^{m
zXp!G1Nd~BNY&7qjiW2aH-_i&uzP~64nr{GIm|?U~(pbIhL0o?W_?q+o<>Md8{qska
zS5yJ8HEK+t#sg}fA|@pJ?C#t4aoB+Wn99eB{Yx}^eG=gli2-?+cv?|Z?|*&(xV@o3
z9a%#P=<5Db+8~P#&KN4xpaRHH6ZG}~R;OU_57YU#e&o+4oP)o~zI*p?+xQQ}0U!BW
zSfCFIpWrVmnv(D?FlRHW)>i=2=1f`LyVo7gQl_Gwm;=X`2miX*A=+SO%H^w=a&yfd
zA|sTJ_(QXSE|Vh`5!ebe4HDP4N4gpmO6LVw>S%Wy+e`+qwJh0P9h1S-%`MlF1mW2M
z&Axc7yBucOg{wE%HcM0jK|fMWBH#%d1Eg-h+8{DR3mky_KrM_o9-uorWw+n1tU{RA
zY13`<*|Xn8rnS$1ao{W1o}CfIP+f=PLH}sk^>yl03rf|scxFI=dE`%nHz2ILqh6*?
z=za7-=XkKiLwqic;=DHC{b)3^2;i2ti|a@GFO=d54jNTR#N2NMA_1u>=Hz&nR{Eb~
zj(US$hQI7Zj~QNN9l_#~yl|Zd?_Ly*2C6uGRe^z68LzC@xV7Rmf~^Vy-HBAFmy|w#
zrQ$)!qjcu{g6Msv6$EL*A~*CV1!s{G=kw#D)tj33d7ll!=h$Ch5<5zsW$^+C@mp}u
zWgjBc=~@S3>W#UXwNcCO(j<H|BCRU^Sw{;OYBprXVe@25MW)5fvKaQ$*!2e|sI?b2
z$E{{z;>}|plTC{zsyGbWg=Kas=KxcBc<o&GiRr$ol^W}R(cAzWQHBEEvWw_;j$ft{
zit0Zf7?axG=})mZmQme2{q#-o>Ev}Qd=#W|@QQRtE;<pW#GFlQ2)<7#EufA71^f7m
z@RW!tA(o!z3lf?a5!_yGQ6apruJMg$=+uzrskU8l;l6~Dq-|n`qxVo2;y5c<SxVFX
zjx3&ePv&P31dv*voD_eWy(_iplFA-~rK?^^d`M1imEKSbj%KW(!{nT9hs5+$rRuA#
zt?B}jAh`$3)h{hsV!QR#gWf6<F{-;vk#Z>01UMD1Rt@?VVY0lu)kY0c6l$2ghyI&(
zf|i0o<BZ?*C}?}L&0?^glH~X7WAxk)cl_4H8c5X&OgpHv$Vfoj@=uGUrZ~U~GAd7?
z%2D19k{*KTvxH4G($k6#%rfwrJdamg;E`kFHBAs62ZRfqFI~(`!^pkTm)KjPSfyEW
z|1u)L9SmZx8F+EOOfIOhme>gDNiu+nEQaD7pXJwEQD3=+cM_R29#~s@$-bVW-D(ao
zRcOUMwU^TGDju$v8JCwD@nhQ$38o=N$8vjRaNSzwT|S_*Q%zR1M?@wiRN<Z>oz)sg
zhrS!!dy@4rkk?Hwfq7v0&4n`Dz(CNkhu)lcJ<$+fSHj9%Y@r0xcdl5>0p5O1xJ@xb
zjES#i#-$uW#X;w>fp^cBmVB9gDSTb2XfNVvA}?Ob7d*)LqYBEPxyp6Z%*Om>(13vg
z+^VXFK{rgI<!fotOHea7m%yADm-Cg5oh629=qmVhvw=_wLuoE&PJY{p#f&(_J-Rwh
zpSJoXHCE(Q<>b(lzZ}_%u-QDUEirf-0-e@B5*f6U(?z5+-l&HUf!$b@X(wjE9T^!<
z{P@u|tn{!IVe7}FxjfRV7aUkq?^We6nyp37N=0HOTg63&hKS3+PC5U8m1o46F1qpv
zOdK<x4^epw5G_6}^P_Rr2VkS_AiE_=)}sh(ffCKe(;_g)vY^1O#q(HJT6*OD<L6-}
zj9_?-+kSm+;Xq3hH&ZC6pzn(ymkME;t+ie{-Wm@?C#Gi?1_Mss9<C;HI&)M$B-x^X
z`kB0gK%Ff%p;lX0#+q3(-vZ8ezzY5ho>Qb5lHZyPKP_qGyw9jvHK9FJh9qg0mB~9~
zVX5QS-+1N)v8R`)c7V%dw{lt}B@Ak-d@xh|TSM=h)s#1l0F`8cS$5+ZtNt9`&W$0`
zSZcY1IZ~geRrh9pb$+au*4EsIo%2M@68U(V7fhXgEH$cu%4t;R=P1)@ihYRDporVB
z<n&n0w_%7gC4N7*;#C{8(L$sY_VwLRpyWqr7nheHE9zle%)-JVRUo}SH>YL*+Bu?3
z;|v9Leqa5Eii#Sm<(gm5MnYD7=OMq=B|$v<LAH5r-jtn#`DFPz%<7~uILn{%xyR6J
zEz6F6T7z*x+P?3)Wkn86aSN@a3-ovvrYxd@=SqwA=y_l5tKBPIBi<*dqqWOJMGbgI
zUHZI(E=Tzl`7}Bv3N-B8>@@{jv4K!YBlH5q>8L?F?Kv|gLrqw9>VXycV7p6$S$a%z
zmgB2)+NFNCeb{IgoLa{E=jl{O(l-@y?g2mBppUf^>ZVuVL;<-1uR&a$H<xac@NPy<
zl>KV7;u45`PeDXdDd>L&^FeFgNnkhQzFmSOul(F&B$*=i0Sm#mPWSR1viJA3!&S7~
zk6w7nXhomR!;_BGtCSv-eV5<yipY-MMVQx9VgZesRDVFZ<MQ8x%z1n{z$UgOVk8tc
zxgJE)Zra|Cwc*uX%km3N*1yjAi?P1uu!u)1uN^VAkv8Y+l~Cwq+tJwQ8~Of2+^&N(
zCmvIq&SKMBBac2Vi<vTLD+qxe=mhCyczbAY(r^v#Xs487wqzn9%e+IOa#nyLQ7%CF
zo2l2RKzsVXC=x0Rcnd>tacZ>ZdGPmaFjdIn4tUhPW0$`HiEvZE8Q8=jQ*(h#cK;6&
z6$Sr)vYAj88GO&&lDe|8aZVl6D{x;Uym`Zn5#amCcJ9m`AepBG;gcc{3E(6Z>;3{K
zD1F4s_^J2i=0@GBUa%=oMgFMe$CfGj?;GS+nHOFh41PQ`9*pxI%qfk*q_yI{XTH?(
zPWy6h`qwiPKE^iyrW}G<_+pj+1OM_FBY!hL&$3{im<xc*aQjjn7eW-c=#1if6F+^u
zu1$#t`nq*KOjc&M*8dQLg6$l92w#N|6!XX;ptomGYXHH65}`%#!m{Cpzmvsw&~kH_
z(+n^a`VLC7({!DV{dZqL-6=JbYOaz7w1gQ<`vC>Je^I9nIzzPMKal8u_8xrXKY#Q;
zsO<k2L<pG5G>|p3b@E0B$V~M^SN63fcSZ1Y?dMi7q>RI*Di_zBwgBwQI4B}UZ$~Nx
zxum4#WkHZ=qVd#l&EFqwYYXgF_g`|-&6a#1RWf5Y)1PX0_w`O<e=F(``=If8<$Y8e
zF96P{-C!`Lid6h!=#hjA2gJ~2`~<%q&X)jrCT|7+K|&f#JA-2QKcTk1te?7=pCH#-
zy{65A8ydT`qdz~Zakj>t1Hod4UOEFHaaZC6@(cH~i=9wfRmRcp4z`aX5I~dwh4#7$
zDW#U2KBtlE8nv0ly4DZmmZ_DeYRy;?KMiZTAs8ob6Z3wvq`b)5^S^pw?R24=#Y{_J
z^f>;5X{*&!X3L=t_?kl7ThaLFbfR=9yt#8G%LjbihLkE>DFD_6T-lW`Ge(s@qByq0
zAVD7km9{Y*FG<)X=OG_<>LQi}ZIsKgU-=u__E|&6@b=QKnFJR!A7PH!DwmIq)6Qa*
zi#t6g@t5fmTK%#%Q2U8EHO)!eUeeyt(T77re!Rui(P!J*nFEQm>}S&vb6(+c@Y&)!
zXJvlh$e^%@OykU>W=0T>z(vKv#`Iv|hXW89x4F-~;IO=!!mr6#^f=WF@`W*`CuYrv
zq`E&YhL4Zl?qGBIM-V8RBx{A3@+N+#zOF%LiJHq;H*)R&8?SQM{Eb&JO9WQGE=@hh
zp-3Xbwzm91NWGkiK`CuIJY5U!_nRN$OAr?8EMoZ3W<4-ja4z{xNoS}-j=y_mzIu%?
zmp$;Ixl%%QBdJzjNiQIeB4L7ET3`Q~(Z|Qivzu(NAGy|XqW18m#PUgT8$Rpz0_ZwR
z=nF=nwlaaVQRxT7J)Nw^&sYyW8pn)DOj94K-z(O2j>LiPy1>C)&GQ7@GEJ&`A54ZN
zphogHG<QHcaX9rsK0Bd`!P=j0YDohD!vHC&8|R=y>r#q93@kQ?R4X0w-XoGf`%+-p
z=A_%KbUpq8%3V|n-?cvE6$z0&3<Y=V<b*#@v}!)-3P6>j;1df;`2_t$?lxE?t75f?
zp2)@^l(#j)Bs{N>&!e%+dK(BWL2}G{d`!5?TslvQjkfui41Pp0Oa3225G$3QQh`zA
zApKTNDO{uA+X8J=DQv(h5Ar$;#>i6Bv(~-2L#aj-HQ1Cwkz6RUtsq8(fD($8p_-rH
z!38rBe1C;{&VS6sPF*Pv^cI=T%zM|*;l~JzHoB#BGUvZhB6^Ta4H8PC3sE*cSo~Ao
z;(vqxC$HMVu6%J)<2>^B!%%u^JdS*PYQ>R$UZD&Aj<YqRFrb;QHX$-VJ>0ot5U9!w
z=j1|6x$5a?FfF{!o^Dr+k+hD%VL$G>MgI~JBh1l>k|}Ai_HdCtpKkPZHk3nROXg2I
ze^m5WN&2T@T3Z%~a&-Iuzs|loEXuE2TfhX7kP=ix32EsPMnR+$B!>>ATe=ibLO>cp
zTIn7-24p}$N<xOtAxAm~B!>C+sK57|_r1>bo$EUMI}gvZ_u6ak6??7wuBb%Geo7FL
z@ST$D!T$NW^~BheLw2qf-ky%h{->)8TEEmX-?8QoDN`oWP#8rc?R1#R;x+)3UrOWf
zTRHEd3r$Br_V48D{m%A5_Kxfl_6P|MeCd%~^r#e&qy;Gl0*U4$6$b!19K%M4qLi_!
zz5h~nRYe1zu(&OKoBv`O!t<fF7Jo<3JK)vDco7!0IXAm>O@`93)Zb>qmume98h=Zk
z+QyH`^Drv?3DIR}2-QJ{jC@J~nnVdD@Z-E}3+>l{!<^fQffE{4s|1QA-3pDgiNHsz
zora0e@J16jAkWDhJ(jPINSa+k*@d@9|2#Y~)!+QMct}D;c~FDtV6iovC&)hJ&WJ%k
z&h!aMzn%#E0N-R<PN<@Osj$z)6!>Rdej7uOPB~N%cM=dxDtqu>CV@HuWo$;}Qf+9g
z^$u?!I}g*Z;xEkp1orsk%`Ev({@94<-Y$p-39#j$Zt_BhxTA)C4Bx<q-DFyPsISnA
z1LOt&2g8#R7vE=C=`=`Z*`|p!I^0nCG%kVW@pa_e8;G?j{!U%^H#{`0ds7QyXvJZr
zU84^qb^El=3j>BP4_%$gUc`S$bo!T1fUj^WrO;7JN=gbMV>Hy%T=apR;c$#aHu)1>
z09cSIys|lQtAyY_FP0^msb52WYP)R}Q^}>Ta*}{!KkCWr-Z(j_>VJO;g4?KhO=ci=
z$Y(P|UDEMeKh<~0i=Nn^cMIL_V<{^!BhJ$eR;-ntJMJPruetWV<@NoH=Fp!wU1YKu
z(&z-YWPb|YV!}KA0}_)?(o66wWnO;%Oa8##^Gkr$dfE6pIsdC(F?3~hwRmE076Rcr
z*BWxSp`-+~C7j9U7#4L}kk9wq`T+Bh<%oL6FnGff@Z{CcoF?+UIB%}wElMcZlx?v-
zUM1?5`8YiEN5YW-dz&`&-uS6wBlP@eXKx%N9kKK97ePTQe9?jJU6D&oqtEvG44pU8
zUMdM}DEsE&Dvm?<bQAYBZGum+8;8b;D-U~2{Zvp3SK>L!*KGNI3Ekklk5<6DV(^;O
zP1VktFQ?O|vGIHz8H(mQnl`v2h|(cLJI+DpPUWlS^elQ(Ot=>5)IfHTOTpQ%R-1Tn
z;4N<_gK_t(x~U`!VIhaP{z1<ro6%4cKcW*iHT!4!p;d+o0TB1T7_V=0)|P(VZ#`gf
z(*2L$@1{mQQdkLCv$D50`a&;WZmQtyT4g!$YdgagomNO4ri!68yt|0-#$w99VV%*6
zLdv$IsKKJ0e(bzYq+$c^3C~TZ*3V?-eep=+1EG<Qkg~-$BrXoEc_LC6c6Q(6Hrj6b
z&zao`N<v3hZn{`&aa2C<bq5Uc@~H$g2vb%s^Vmmr5lZf6jfk`oK>rO03AAs-f7n=L
zu&*^i_onhgk7Lb-0YC;|LurpN_j4}ksL&oW?asXY1DR1f6_)ksJNEd%yO&@6>l*Qx
zplK9V%xljwzqG1z4n7rlN0vCDt!I6QQ)dYtE%|~vPqW8e?^%R-i<d=DQea5*9l6`8
zk8l6d6oQ?T^!*$)@TNQco(UmMYo%vDOR}bJll@rj%S@jeBK9d3i3HG4G(2P7w9oFP
zdLlR3l|@DF#h21Kt;#LW6ohW&nzs>%uvl<haS2P=T$VYoZqpt1_|fCi7_0HMR)J7{
z`ixSy_QPFwe4G`*G`Onxf?i%mpP}pdXw-9In9SS=jK#j$;FA#?RVVvk-G72RKtEcP
z*x=a-rQ10v4Do@WYG{$}RGewNS+TCpVnESns=4YM-P$MG_2U(eg;K9syyu{LOfWmX
zRJPJ9{<lH`c|Rr)RCgV8o5#~M=uOrtZPlxNg>imY-hWb=_dWiCTdIJp+GDe{sAlHp
zxh4x)KH3sGFZ@y?4&Drii_T<b{P6jdD`(Squu*U3Jl!})Jl6E|j@%0U3k^>_Ft5}l
zAGUn_jd#?-(CWr$QE{=Xc6m{R1ui$RviMHQYFf{cpO9D5H5Lm^?i%vfvgVRz^sKXh
zO8#S18w=le!#6}fC<o28D=I<G!G(e8;Q(U43ierhK_oJ|h$JM<5_6*HcC`UVGD)+`
zMkGr!*xEs|Wad|FTW&xw_Qsv0$^WC&D{&5ElM?wWTFONFC}lT?u;eaVPi-`rLdsPJ
z;dgxfSJfJ&m9J1<Z7W5N)T(hcn<^fbrj|dZQ<ZGJm#4fK)Sqoyq7@Tg^&O?DB0m<z
zLv*?I(noGoN{{=ka4Rml#z>_tn_=($=lLePdP=<oa0cuwl)3wPUq|0rekBqr_gN_4
z!>P8pwy+i|9<UtV$g=_lS4!$?BuQ$vILBg9gd}6}8T7_F{rs;t9`)@^<@`wHHm>n7
zB;269U*R9MN?aE^H8J;C?<Uv{F~+#bIxmhSYdA&=bf2?W=aO;jk2+$8GQ!cRY`VLf
zxG$~`=7&}-(z!Xu_hxYQC12JL(b<ZXMeM=QSJfR|=_?AivwF`E73SW}Eu`xInkMGV
zN<+1<-OaylUzOak5@j*ok07t|=UMkKK8@t7%}de5*zN@zMQc#kVuL>X430<b(-BmB
z9qe~T`lUY{pyJj)^%FPiqB^8si#vIi8MvZgS5~B>yI{v&KyY4-FTZ*%0BoL&O6|*z
zTlUdiKMTxgO0}}aN^1?-(=<aHVy*nJO;=oU<gFcXo=#JBXz^Wn3O@){riaU+)B4ur
z>+QAy5@M*;jfgV@oNX%2Uy5!d3(u+xbnADLQCpRYRBLq2=xAnZ#vDDsuCMo=-j?-)
zz6vTGHwgGxswxXYnDI6I=_}a8z5v`oFX7NDz9%va6mPgW8?vj2UZ{TbZ{9Y12De6g
zYiyiuM`p)lpKMm<rY?zELp+8oF75++I+}Mo!1R)xo9N6Xg@~yU{Y*Ayu7KDiGfL0b
zn!~v60){!C$gUTWl3E4^#l>z<P=(|yWjW^iLr@t6;$&wCYQ*i0sUqR=*l5`O1nra3
zE4-1ZmFivMT=4$d?r81H4BCxanJZ@4LYR0}QHf!>X~>}S>Tt2L+GEOeL2>^PEDXmI
z@`=u-ot-J9r$^N5%9HP$(c~(>lctyKJb#bMKP_zpB1~Btp<F-<#Bhx6opNeES4yC)
z_N2d@HDZGX?JXA5VHNb;l^U+5@xYqWr%e`xdJ#G6^DP$>B@ng+l>~X5QVIpUz=WL|
zug2Wn(Z7D6?r2O1f|i=&$b3sfcOgM}l2ga0;g!o}wZeN<b~j*_I$^;Zrf7*yS@Ctj
zM%^&mIuxNkY6GEpY=8-fDr!0w0`90Kvh`3|e&Ca2xQgJXAGad5eTyrLbRLo=?xx1Y
z$BZol#jOE{$KrrYXStiSJk2aN3FP`Kx#xV?n6H1yJrdbGIg?c5ft+L$ncPdJZ4}te
zS1R#cLmH)%Vqx7IxL`(Z4FlI>66nl!%+H*$ReR4*Jh|q*hTfZz=+jje^>i#_y6++G
zNX08dHwm({n=q}N$qC<@AX7Zo$d55nP2a@rhz*j)6u70Vxmv5Jy}zlCmQWzAeY2nz
z)4fvf&h<@Gcw;4aF@r(kkm(C0f^R+_@@fT_8$2+ugWL0kVBF_#o(40b=xca<AO;8B
z(7l^Zhdq5Op{ECfp5^;}Mu)dJh!m!@hJ-TGj>*y;3jjzZYlG2Mhb4W?oPfLCXrr}*
z?~D~&NEFp4Zc4NSlgy{}ixwn$-eW2>pI?S(vHGwkr9qOame9^3eXrqsI@s+J3tGch
z6EVC#cFX6C%FP!C*U3g&0$%9#KSp?Tl;P$hm%=o^X|;?>)cY}?bx;hs1+fY#{$Nzz
z=+#1~{ZyYF@?|sJ*UPlf^~U1h&hF{H$~>YB1(#qv>fyK13c+-@SGP#NkSVEMRN4AI
zDtPFBnW4U<F%c0)p(ZNZU?fuH;Aw1a_eR&H9S$h-Sn~iVCBQ9w@@(qHtKR00bUZfn
zH<Ft*XQ3y61&>UG(Vd?{&1rPF$g%&I_v;}ZI)mkkFZ=27xy>`IoT3Y>uMdeYL-sGd
z-$qtB+^~Wyukot+c&Kv-i>ALEnx71!ZuN|)xPfkPrPhcu-h|;Wg)<+wsdzkp`Rebi
ziL)~Eg2=Q4v^;l9sV?T?={o@Ck8{T*b}3sMty}fUx<5LOS4c_hYu&4c$g@uNkjK-0
zn!nl^duAGTi7X&7b4|%=d`+6T)I=3*OC-&y<uLu~WX}CSrJL~|6Yevaps-0E^J7Fl
z02J7;7S|&=p_lq3Antm#5GV1k>D3K=`>NeMA54okRQWiU<vN!Evxj;ptsy2b4E%HR
z*6XJYKvvv1(2#s_BI!d5%Ls&KHqs|9cf(+G>yVStWuGgAdOGfT0Q8mq9E*xP00012
zd1vvD0xGfNRS`+Es+BxT_{x6vXnJoNOWD_Cwf9>EkxC5<fD!D#24vuk^(vemtgdqk
z3>)mVBs6*qwTzr1cf4tZwYl$eXajhi)Xk}?=W9b`xJ^c>NXgD&$7s}3_QxJWw6_g+
z0s;d5^^&NZ(v^&4L)=^?`kNsZX4JSJ%|67tJ=<qLb?PX&e|ev5e;}d6dq0C=<fBAX
z@$BtpFqTm$Hr%GsaVmYU0JaqjsmG{9+J4zcfcY%K<q-D{P4stsaq~k<)AKAU?->6z
zxwk`9ZY1IJWi#HV-N>}-B4*P+9j0(Yj6AhR5eX$=iEHjZJD6abDbo!#yJI^QX<pnM
ze>xv&E#=)tv~}JWQoIy~Osg1gv@a9V#|u0<1uEI=td9{zzg(I>LG0z^I&z~zn_Nu{
z*a6VSRZ(HL?;o6JU3rhD5wkJ4ok%TRiFQg}Pw5k|y5O(@x_RA6IPmQ`@B14Ux)JwW
zw@33;a9Gz!-^2RI&kugit)}~Fp6-7~4|2;WVAwLPIH_xAr-$<TK0u5@;Sbd`>AVMh
zCS6q`>h`bMDk+CCa8dnS)1l;SU~jwFtG3$EqqG%JtLFH{$8$XP?MQE&rxSapnd{Ix
zZ=PNdrRVrC480jw6_y*AWq)rskL^2m0jW1+X*?IPhox;-F*30;HUzry-^3^5|8!Pb
za3e@pFjKa)-|{_8&covZ_|Ke?;-L?ZZAob_0gYnLFEo73d$rjU&NJJ9$zC<;CnPyp
z<|y~*ygGMba|GO2H&>f4MgfKqrN2U?FvReM0<C=wv=-O_uzjxB61Q_!2Zez%gzsyi
z)Z^_KwpOxf7|3hBvFqvj+?2C5Vn5~Bup6g7oOplFC-#F_QURmg11rFtHgmdYZllHI
zmEq>lfT8+lnL^<!k~a05jt4}(UNc?So&qi2e)}&4e3#9BT}c8nmpme}wtio7YnFHE
zi(OASl~iteBaU~%>-hXM_LD$KSK%l<4<(STysQBxtqQvyyJ-Tset%pY^w&Rq&kB_K
zSM#weh1Gx2(xqm_5M8+9;_5196#9gHM6;x{SVt`G6FZl^v**<3Rr4X(#1Gb0JG)IG
zhVsIdNO^e39&6{EM3VAZblgpYBH8l%$>o8VcyT2;b*^<|3cVKDHzL_|`FVxY71exR
z9{4XtFJR%hxfZSOC|ZI@lLf5?Dh0;soO5H@qd<Z?<SJW6030sP#{TpygYm&q<W0$=
zA|`8VYv#Uh;S8#TYEgE8LW-Z(@;rIY^|^MyoK^-RNP6l_UW^2HSXl{i01!7*e9qRg
zKUodJHv?4rTlWftC&`VMYttrGtO#TW7Le+9z=GSYiDlBnSSZYr-rj4QN$Qrie3IOK
zRP{MC<nMOX7}VS>vD<BKUTPjbh-lxbpvCV35Oe$k=B1Vf`0A^LjjHc9)hi}0vC44<
zQ$@z5$Lj?D8G_@-##`NiU2n`sZ2X^^bQHX|n96#&wn6?lV=O3w>#we;sY1V4*!dnW
zc;98L&)6zV!)sO6)S14Id_+9Tl38^fT^~4epC+^3$Qn5GY#|k~9NBL0+>I*10xGgK
zpQ~&kb^JDaKYyqdB}TNBtpP-<th>lQ%bB&>m-8n(kM1?a(4kVZXn*K)=!(5rGc*-A
zi19KX3x2Q^!3Z&IOv)MmQqRn=B49Jj_2m6^G0Knu_VpUvuI{sazba^UC2FUIG1G4<
zX1Df2N_^UCXmzY)O|~@t7`>aDbI;W6w4+p^!k<%?)UM`2vmS-o-wl<OQR0Od@8Tdv
ztaySwB)4;3JL#BpXlMvTX)dUrz`y4+Il6!-5$3z6h0ZmDEEFy>_-7?+5qq%eYA+JG
zhlY4*yp%eVsJeazI`4+KB`x*_ZK!s#q`REv{rE|0E|SxyxdDJf&EI7=w`#6$3$H(m
zK=Pl!zpk0~wJQ4A^%U(MjaeXGwNYPS^e);&J!I<)-V+RDa-XN((VrB^l@HR{fDF7<
zaaVy^5Yao4^}c8QvmDJRMc^V+FU4H=;5;OgR@FB3KoK0r^4nn9>$&q7JZ@HErmEYK
zRzH6lsSMt$oqC5#<k1xBIX}z~u%2?C5jj6ZXkMHZVU#zIbHIw9+2N48WXNG$vZyLq
zqk6wUQ&Z>J)jPj~$ns9NbEe&O0xj1MK;KYP>e_TX@xzIv^+Kq+PTb9h>I{7nn^UVW
z2;8U6`C~BH?rU+btmBtSXQ+a-Y{j_3GMhP+hn!z_q^dJNrd`&W6~nD^lFs>EHfaS$
zs~<UfsN9>CTc_h5t;lnDM=4%3Q7Xr&#H*vC8X#zJ>-qNoJyGruo!7=jiZXTw25k~l
zZwXT0dOx<M5A()PgGq#O%v8I`jO0VqV(q1Ar8H-=mL8WrJFWtP_;cLzXyrYw8S#iF
zd;}J7e*-{F-Zf>b2kKF(tEy3FjqHe?soT;mluU3{@E%#&Vo$^$MZ@_@vcvHtJipqv
zMRd`2!yizZeM)KMkQkAstxMu=Pzp54jS&7$m*l0Ke6t#0QS487&h2*sbp}{YJ3^xx
zeo^K!BVk>cj$F4FL4|X%bQJ&F@Iw1GI@%FK@8X3^>Je;kZwz^dR_(#(@6?R;8$PJI
za9N?I2OK#Pj7Y%6_{ge^4uzVcT&gANLk?6ZM!T1L>s{<Ts})P@HLspN{;EeP*v9(2
z*Lk^19Ow4WWj}46Pf@y69i(vE1N1~CKaQ|%*!~8BVbQ}NlqO^5ZxbQ6MlOAk{l)}u
zqX!5%Ew4(<VA(5j9Os_fd}Jo%*#{{fPKXnxrbZ%P3iu<czfW>Jn}a;Pi8`S46?!s2
z20Nl_!^;7G$rX@AAsjeQt=Gbg{ofx~_?&W}*sjxeBlzCS`G_<?S_TLgL3z^RAl1IN
zt0H^b@I3`c!^#UP{NZ&sgP_FzCxy`?&2rERy0G?bI;fWbU3n`Y$}!Fzpl(D4o7sHK
zV*JOrf$L0JsHVZl<Wl1jj~C!6xmn779X3kOx(ov3_rL8dxDF?l4Spc=r$TeOxLrkJ
z_aYNBhpZj3(!?I>M;ZXmu%7#C`h-<{w>u^}-X;O&LW2><H7u456r~sz0y~%?)b+!l
zc8IDGJu@xqul8&IK*iXrr8g7baQ&S-=HI>vii^ml2jo?gzxH3P@-B;CbPX0X1LR&=
zc)OaTU9MaCtTN{wD2I@q{15rDyQyo_XKF`RzM2ZxHPx=kw9DhMh-w25|92??I1<3y
z@i=sfD#&#2g%PgFeY3bdV9Wz!TL9Oq+|YtqJfC}N@~+q<=C#LA`(3<A19f6x*5SZT
zURJQU;#i|-R>?d7%+GUB{bkv$s9YgS(n+q^6SSPkb_Bd9CT^osYr1<E1!(?<#g85k
z4CIuvC5_!{`Nxj{lpYtEtOB0Sdi>jR{vGHjRRr{Zczhu&mhtGA5mue#q9JJDf?Ul+
zxFRYnE-7#}tjyy*Izst@GY5Nn@9FsFiUh8S*iZJRN~B(wsjVOdTu3_$om#>s;1U^`
ztHLPdQ@e0o%qh#Lm)H~}ZAaNa^@FmFO=0XKFs$r()6F&zQUf2W&_r&ra2pBr!32}+
zGfK^_=|~R{!;Z9DmC~Y&!4{8aOcrrSGaHaLzv_NrsV|+EU0Oz_B|E`TS2Z5?Cx;AN
zg2KW==NKT)WI$(taF{(RgF^1xk0Xsve<&8F${j8Pr}};B(Hbqx>sN2E)>jQt@7O4=
zPf+YHtG;p>(JaSKU#szSurVov2Co^{c#?FSuh&yoe+!#?{hM!hh~?T&Ms>9tFq$&^
zo~6iNY2F)r-8ywni@<oA@;Dx-f{S@lMyUokT=yuQW#SN>?r_)_HFmbh1yl~iT<~rw
zh(YPBUlTBw4-Hvk$$tRYe7Q<mtNg*XvyF#MNn%I3r6iX9c~w$zf%##0ue6GgQymPy
zi&y_3cUzs-xX&18%-bw2TK_)keI{_nx0-iTpxAyET$@#2IAUW)%DIhb1dEJ8L)Y<<
zj>mwR-z=;Z(`=(aeDNm%O}kCvYy&y^GOq>A6`8wNp0!_24kE8sr*x&*4wet7(MaYH
z0)1eHV^0JkNvZS-8R+!w5TKYCz>^VOV#?aPZUw0W2!TdRurDV|NdO3LAB~W7KN)OC
zh+^1B=U+m!U;hZVDGGW)<ND(%41~&ijLz%GQFs{?$638Mz{uOM8d-=U7447Kp#Kv^
z;8sW@=XIN?{Z|R07w*rZG<}h)!_;xI;q{;0)(+Ab;S01rR$X^SpV+RglNI@m*jbCM
ztX-6rXT~4<R-h;&N!Tt)+sGY}VcNpgwvrWY>xX@xL4FU~kPdgLDLboXhinh(%$c}-
z{3wy%jF|Fi%O=zgmC#)9V2wc@&`M+-Xy5?;V^N_)+VR5qp9Sd<qQaB5PO^NxpvL>I
zQuIj$ysvPwAOZ-~vn+!Z@Qp}ia!Mn$IPRI}Nu?+6omn}rplPzE>KtLt%xn}<nciCU
zmQ$XGrLO3)@9JyU?zixbnLWk0neOXt+hhyd5Fc3ps9Ex8zN9ev-$Id|^va9u!pkcJ
zTE_{X7)koFUZXkJsKU1mvK9u^8D|owrR{Fead(jkoL?97P1TMVjca+=dr4pT`Cq0C
zO0Bs0rpjTa5%y}`W;k7!S_R!;-jkFf^J&+$`j)A%PX2`U%0&xueLG{)M4CzJclgD`
zzle#s2cM->7)et=*rsXsIn!U86Ou2TbVm0EHX~(=*pw6dlBA0#&waD;J7<$U|1BKg
zk|ql{yh|AZ8O@yUUrS;omvsopN6u4%mw`9RCn*eoD%n57WMTnzBlxf2e*kQXe@D-h
z1qlDZG5PxkH41Q-CM~x4!OB7sdd_6-+l}3L#u9h)fBr4$x82G6$L_?Bg)1?L>!l#y
z{C$8D6e@GT3w{HfPfWUwiUHc~KQp@oN=2wbulNV?Xum=Nl(JE;hR#H}zrW&HzyJBf
z|7T?X%p@N$?fsQlfCgxQ{yTVS4uHx0&t$2a<QTCyf&kvT@cXyvWX^y;1zF`sCDO)k
F{vR~<@ooSB

literal 0
HcmV?d00001

diff --git a/docs/source/design/maximus/images/maximus_phase1.png b/docs/source/design/maximus/images/maximus_phase1.png
new file mode 100644
index 0000000000000000000000000000000000000000..369e347adf90f85cb1f9895ae42cb45ddec2bbb2
GIT binary patch
literal 88344
zcmZ6y1yoc~*FJuS0fug*I|Za;XlW2B1p(<2kQ%ySK)Sm_KmkQbDXF0w5ez~~T0v5z
z`QOp^{l4$_cP-aqX6`-b>^S@E{XF}`>T0VI;?d#(06?gruKWN1u)setCUGzT03tyh
zkPUu<cs@{51ga<Kx4{pX_6k}G08p2Ve`$q&6c?dx><Iuwz3BgtLAOd<0JwRnp{$_q
zXTEcVpJA|`%a1p0v!}I55OC8rYj0a{X|prFpRlkhDtjX6zN%rpLp}TPCdVdk@#Qvm
zA4&hCPwX>ssvPF8O>Fu|=<e%(YSK+@O2~d5gU2HgcDIB=JxnEq|5tPAz2|Z7^_XuO
zz8oDK9=vVb$a5MW&2y^$L-QeL^=k2KVdHW`y7+8d>}!FNHqQe>hUE+;7<_#aqAlr#
zd`JX-Ts;PeX{>j;yA^0rhwGz>nf<MsMWfDwTdjVFak@iuJUA8dcGLRV)CHv7zkmNW
zvPRO;(&pvmSvEH|e*XOV_wn&enQQNCd%ff9D*A%!46TP|)+sj>vetbudS$A)%D2cl
z?+bp(MTjR~8m!)`<B~lW%4(KfWG!kJ{cJ#_9jab2Z+P`xNjf*X{CyvaVVR|dsoHIq
zO|1t0IHTU6K9an=`lb6eLnsN?Y>NYx$x7wCa$DxhX{NLeEK9eA;EWU0a;#31Z%31J
za^b@vnPG)%oD*XE-Y4zv4P?B1YX)NE4g&K1P*;UlLq5H1KP`JnLYureSY+#PZ@zCl
zGmW?NbyKadlottYTXT;gh*fle(x;TaAL-uKVbS&vAWxo96#dMBErp^n=$YEqnYAq(
z4kM}!n=S_B)g%Zfs%2f7gq*~;1}0lQu_F5n{eKml^c=c#pKPT3RW%tRAT7JK*{s9y
zwKgz8z1;9YuC2P7Xds0}DNDdYF6eZ>P}-N(|IdQ2{nyQ~1}jkIhPX2eEkCH3dOX2(
z+ft^tAKm}plH5GRvr+MJRt(_MuqQ(d0Dpe}wsHsz2<R*Cdiypp$`7+%0|J@?bH{c6
zPwCsXWPVdmpz6^(FJ@euk?H&#h&VR2Q*OpmwuAa}`yX1^rBW)RS%H4ec|X3Ztp2hw
zl9I)Zd?SyGfX!TExg5upT`nMoyA>wa;8=SmEfWY<dn4$Wk5YFclfA1c{NJ-NJmH!z
zUroRi=`DM<W5+>FyH$VNgkMeS7Xn)V70vSdHbZHDqmc_5$_)(+FXWYLcyk|I)PM_6
zfWbo|<WLr^K>>P;9uuC=SC5~+l7gsz2b!CkZRDa_jeor%zzIg;hdp~rX8g^45r5z{
zBfC3t*WIi$s8wW)lyE=(&s!9tQ)K$vcXh%vIBF5c3F!$H&8*CXxSCH!tpx47$Ko^-
zQQrkb?n?jh%J+K9$^rfM`J)M2#kU7~Z=nh4ccMJkdGojRDHJ~w)M7dqQ5lPcM-T~?
z^HNVlnNa1w!(v!YOR+~vG&d6acT}^RdmK%dBU&wyCq9HZURD{hsN#^8n((!4u8=hv
zOZ)wxDT)b*8b4gi+kme7gtIS}75Z&4R9R+%2eH-OMJ{b3O1z`MD#5oHwl45<!&-7Z
zoT{Jra0<8m%1OZT?6Pn)2UE*i3dK=+3dG;3>f?4px||Oy33EM%nv$`~s7yN&KOm{s
zz6)z%SFY;bqjzY6-Nw;M%%od>c@{EvNE}H1UHJeK5_mJW&QLr#AlbUza3}4ZBVKXr
zkzC6|)k;qti7YL*pb>VF$);foZ;#<iBoRV`TMqS|rr}({eIw1zMW)S$G)q`f7=>62
z-L9JD%WW)BMBbl+j%nUWJA;7Q&<#QcgHnbi=+c-<*{9ExzXzbsh7Yi(L{KGnqfAw~
znT_dmUy=qb^>>LpYL9t}#F~H;64Cq0$T_}lz@G7+xZ_n%876`@`}=fx)4V4bY-y0D
z4>Q7w6rTpGO^`w%hl6`}{5-CX58Q_5+9~|8|7wKw3(i2}=g}^s#z0T5(9Ztf8Goqf
zsZ7hImY`z<4OG7{&pxnLWVmc{9N}LQ*IwciYQ;Y+Dr;h@%*q~EpAsdfK7;vf71VkB
zUW*Pr`6O1pHk>})JR$N(bYBEj|HWU1;o5$~&CT>({N6WD^QjHN>8Qvw)*QEcRmGp<
z)=|s2d>_f#^+=jJ`1<bCSuuYAq@QgTa|dc_LV06}0^;~_`@!McyYjyY;}6tI#78vV
zW)eCi+Be=bqr%&jnvFx*AUA8~sBXQ~p1yB+8fQtgU&)c~VsD<uQyKx9U|$R+=QyH9
zPz=4yUV861)uH1uSAR50wUjVMD9{1hH0%nTPq5zzLs%Q!+}*h8R(l`#BE!tSDRmlL
z{(k%&(@)<P=R?1p@R^0C48&z6C9y%j!(M7Pk<q_musqDqUTAf4gSk+2Kkq>SHn?<*
z)M=1+KgYy9Xzd6D)7s_&t=`Oinq81~sKHpe*aEULnU<UX)btP2gj|>(FK-U^->Ucf
zH2KgA?JE10$n}p&o#caa0VkVJpdyiF(f@o%?u@I(><K6Yf#4F&?F$UAf#Hppt2e_3
zNVvB&<5YF}I4&3?D12oUUy=KlyN$QY$TA-iAP&2!qJ}zwLU*2f;BPNLp<Yen*dg^&
zG}QtkAAll~=w?Fi|9#?+8BdBa->1-7C8g-0SL59ite6D`P`z3r70W^>A414&Z?rpc
zKzI5SX5al39WMwU1f(m%m@~jf!cylTi_;&Qy+7z_E2SEX?#(R6-f4Sp_|EIiQh=X@
z{f0H6W;MpHR6}AxR52u~7`tL_?Q`>(QKL`8ZnmxGXjiP(y+UUW_#yE=7`0D%l%98V
zEclUQ&r&^4AUX4y4x!b0Tg<}cLd~TeL<EJ7u^Y}d=k7@5D(FrDnrUnS7tn@V{7y}V
zVcBMXH2HW%PyqJK8NzCc`2r(@6i>ZPdwT5l)@>=*f4TsrEYE#72}z=>7r1L*Fj8(-
z;kZHZGywT$tibUNH49q3ubk&Vd9_(GAgT(qNym79?JY*t&AsIZ{sL~YqSDo<9ek3u
zHf|xs<%pWAp@aGVYGqz*?J!s18f!#qLh+w=?2&58jIz!%f}MXD9G*U%YjI~wAZ1gv
z+-?sbqMA2imA8M`8%>-YJ~SMTs2^HhX69vCR(o}@I+%YvoQ{8sua-BNeE!Ezf6SD&
z^0vMFh-o9^f~}t>@&WJGqJtfV$r|{X3clB|gjP`t^0n5~t-%)ToCTeQpZG2XOArtc
z7(xzz`vT8oy|#31H=6syqN1?b9eaT%ABqU`?^xHKbsy}Ur_`P0O(%y0SXwT1wzCbA
zdL%*F8zSSL^{=YgJ$_5EQ+J!zljt5T%O?DE8Q+5Y)msvG)r$4oN5T%T)d|YG+8enI
zMcqVNgP*^Ebb6oTRlGI5z6!3%{ierSNP4+n@W|fnR_X0!=r!#0=4{xsB2!Tmt5jJE
zW>l@x?PhWF%{TPC=kuQq!t1TYvz7-P`-6K!j~}97V7SpIGWY83y7$v^_HA}z1~KB{
zPkU>86JM`*7rfKEG*G^`OVj%r3ky|_O!5bkgp(98WLVO7rYWhdp)KEBoSmJWoXQ{{
zKD~OF3Srca%PFSnJsuSkPct2f^iocd#c6uSkXktULiR^Fk~o8^TjJ{Iymw(x5Ox2{
zho=nGGIcc#$r=xt@2%~LmRF>6=?thN#*jib1N&9J1s`Sx>g`5r*XT~|q#|ZX?WOmV
zX~pivkyBg3wMqd*rU|wX0kdy0Q{F%j%8^?j|AVwZ>6g){rLy|>%R6esc^D-<jy=!H
z?`Gh5BD>x_A2rI1YG87aa>|uAo%!80{f_CI|MTp7buDMlJHCKYZ6{l@yBkDajoK2l
z%~TgFm$fw23t*{(ivvA72(IOa7Tq5^$8bnXOY8o3k5?rn5UMf3l)g*~07`X_oJ%`G
zDB##(CQY8jZ-2XgV$sX*`jkuS3(jPy^Q7a%%GOT{QDZjMYn%<r!?VreWR3w!!%xB?
zhh|px$ar%~UY>BTqEgCmLD;D#J}0$iDzyV<1-*eVYX0)Nx*DO&0d3d+AZn-RYdTUw
zTHvt-RM5X)eULN_9lLnQm|~JC3T&R3%-Xt`$H;{j@@Ed#uy6moikNk$H{)ARTCKI}
zwH<QYzqShw?zsH4=WGr>nHf3#@-XKc#0Ql>hCzT>jQ(iXduqJ~vzXyy+;18*DQG^s
zRr+cIN*QNad_~0>jQn6cHQuZnR%S?l=iY4Xx$)beW-*=;`>8S}%|pXP6aJ1>V*Ic4
z%RJ{lf0^H@aSGW)G0(l_d+DZNBu2VJKCzLyuj3yuZP0b9Yi^$e8JMD3mM|>3=Cx?5
z$5WCbj}Q|=$;~bVo>M)1SO_EYOkFR02!qROc}t>lr;YR$<BQrPjviQ5Xs+x1`x-8b
z`q;bu!2kX{pq4ldEkH^eyED45l-|RJLna|aOtjtICD0uzDbxy^-o^17-}J+-#I)z6
zJ5*mq|Ik*wCUF>)OpgF_;ZX${(j6~OioDn4fC!3BHDRVz<S3Ws3@a9XvD08bQ7}6_
zEyB0y){Sg1uuE@T|9%Xp`Ijl3BiFAdLio-a6^utYh6Ko_h*7E`typa#Key@TIMpx^
z0Z2#SBsnTLIJj04bsPg3I>CGas#CA1bl26=c#G-<O^vI!jN+nm^Kf1|5=ZBwiU^Le
z$;)MMDW!8JkA-Vus^AmUmIY*ymkKHJ42Qg2;(i+2&Y4P2P#OeLe~7DcX*)<YF{9P>
z11Hj4zc67|sJu2+rtZFWe0_9R7<=Ys@230*sxlXnM5b*|zqmgnMLX2$?Ylt}U8;g|
z?q|8n2FHXK-o7XA?);i40go6F6yt&HN;}eCGDT;!H$Ousyb2ga4PdHIVL5KM2O?Y$
zf`P$Q>%eBe&DT4q=dMQWy)POB4n-d&sBZ!mek+mGmiNbnP<IC?uK=pxmp>|)@&pe0
zaAj4pV||}g_aZtEmwD1pz&uR3%mH~Tk_Zuw?EaUkaWY_gA$en?`SasR6TJw$kTxp&
z4_#k@M+k{$#oKPg_mQC&yx@z1q@l=LDgoH1@^W%kLqEN*&+K*1&P@|x;$T*~QgBe#
zd|wLVc}RjTmgBh|YY!8c)m~0#e1O;pfm!W3s~;hyLIm`i@AsLU&%`|rd-ALkMXOiV
z(xU60%xs^I2P&9l3IpFS6*oc#zy!{U(}rn*KB_xxm9Uxr$%7m-3%T&Gx}?g|sNSV>
z7J@+C{-}>%8Z0iK-!6vIuq6E2wFrb11qz%qWIf~`YImi)rrI05Jem5O>i;CQ7x^*s
zf#T^iX7mzDbv}B{J?rb(@e2|*u{*;tS5iswB8*yMe8DU#mKDD&rjMCQykDP`X!NC7
zoG2tD$bXRQyW7k`=gbTAR3%)Ymqjynllq4If7c_2IwlD8+}SDA6hw`sOTT9}oSpgN
z324%kI2ulj@>aJDdC1@wnI^w9%Nk}zPeyVL+*}OoNwaOHmtWo<YAf4Sz*GG4NId*2
z38q~$<24XXL{owk{hS#;SS@`Oxyqxc2%8~t2#m;@m}S?<&mo+yJ#t%`<QLC*yF&o~
z&>E>Zt!f27Q{pmtRgdG7mP2AA2}iUyI{{S%#csO=&kr6WPSjgOT_~c`<-O`N*@^b4
z7TbG_jNz+Z7hla0GVT3g%TGdpiihU*v!Xxw;DO3RRKHkyDStcl-99^eAb0&S#>f1L
z$$ogc#gGBI;y$RQGwP9C-`1)<;}YNOM-t86V~1XTb^_~hosiR&0W-e9tr<O9A=E6J
zIF$sGZBe9?u;JmppyTEN=TRVPSfGz5i6g%$nI-A{6*ips30<ruGIYLWibkf`_MnqI
z*H^nAYM&hOKVspABD*|VaV^Gz=P!~IjQlzXtoUK_^8Df>9yD~e76smm-d1`)&;qXY
zG3IwYwcyT>QfMOE1=w<>QHOz0VK|gt#MT1-?46Ta^y;u(iOhov$1*|o3K0~88upH@
z`K=K)?{H_19ti)l^0*e}3&kk=o#YCu*ls8lztb)GnML<gFc0?MJ`D};a2(YRM0N!o
zj9Y6KmM8Y46tsdx#MPkoB(kCT2JW&vvy8juDF10`$_KOR#OqkY_!YVB1}0(cZ6-Eb
zi=q7?z-H_mHuf2iq28Hi%ITM}xccQX*84)~Rl1!lv*Z!cernlZR<*o3ahj-LR;_R2
zA6DY10`2?<Tse+xQIG-u)2QDfXT5?m$FsNA!s_arV6uw0lF91@3P2}%HT_PHI&GR}
z8O&Ni1q=ecj)6m__Dx=IQi4|q9+2Gow_*cv6jH=P&Jk}AV-pKC!JIn8d;(Sol8i-_
zp0~Z9<Q+t;jY*?Se7xfm$Be4yK5hGX-1ZKiRV}4iej2ueZ=a%W`yA5R4>aJUTW>!2
zVarIYuAK}~6*o8U-T-|65QQ8MDjlyq_<<?n5)t-^2;mQAiFA=Hl5DanFg03i>NYsv
ze^z4Ac}ZH4Ru7I|o{LiN1*F}P{xSc@LR{Dbaxj^L%XuGR0sQq;DFv_sdhrzb$}^**
z{L6<vV(TBVjX6a<1CO<pSfWk)WuAY^b?L@OYrw!s;^BssAXkC#ZTYE%qmj!@)BaXC
z!EIhpkR28@TBH<}Kqo<j-IWN2u}%90jffq58b%sRKCSYdbpn3>wfZb*@gF%Tw|8C-
zxOPt%wG*9rfR5{1W{uTf(IUx_p2)r8YqCP|m)e5Us?<XwsNLP&jdAK>Fm1L^3D^DS
zk6zetoR`{@U=4Zu6WS_&_27*x3;(A^5|bw{??2I`%8eCHhOyf(LN?w~lI7N|1$&TG
zT_2iAeDvW)J0@I_dif=#RPksh0y|b2n>NLSKrnuic>gJH_5-d4|GORm1cLPk;rQY(
zY7FP(4y9M*W8!2O#}vWXV9ls%rLHZjqJ}j~HPaswBQh>xafv^;{h#&8Yz8JvWzMu;
ze{*-B^1Af@X9)z1I(t%dt>X$6j+I+6AmskKN<^M#S-7pD0yYX}*CCJn{B8+y>J&ML
z+T~H6{Qk}2863PZe(B=k;*r_u@R5~oFoEV-J)MN>3lTiOpF<@anqQI`$5R2Te9FkW
z)skp-`Ib9vj=0K25Z9+qOYZ~*U7j9@3Zne&b(Nxt)`1U2vKKx00x!rV{cTA+5MEwh
zs0}M2?;rXbYO|gnWF^|<$SesG3<#)SE3#z=(i1R_TzcqIP|}BV<(utp%{OUbM<uvc
zNDo3B9_eG)zuT2@GAGlb97g%e`vskknsoU8Jf8HL=#HlIm2_EuIm{q5MbkY|&DVG1
zJ7xNiSs(tE;yZEZb<}MVjwwl$$DQ-9UvC%<D-4(Zh@UMKckb`TCf45)#Zrva4_QfG
zayRL^mNdrC!_Z?LhX!5tZHhkjwRQFSHocFVE)FKUwHsZnP6l9FKSgqW*Ji$x(H(rW
zhr!ZR#gkTPe~vn2W?v+ku=Ti5)RF8+1UE+3V{ORUE|(TA5I$}|8rGJ~BnYkZyntz2
zB8!8{2!|_ug`5TeO<v~nS}=Fsg=mFwr`jXy)*>i}lJ*c2PIk!Ml@(_r&d#B+dTHNZ
z8Q~b8khwx!>We4?2mdvWss^UW)~foqXW`Sj=B2-7MeL=(+*+T3qcriwz3$m$Mzmnl
z5ioFA(m4PYiV{&CVhjrDCL$>UQ%<<1XYt5mPNirw`O`(Ujh~rY$cC&lHkG%^f)qkE
z#b>>d59I}ZRTqCrfNZEBJH(&<pXB`)aKwtA@{`Y0Nvi-(`c<ucg@8Eg`x+J%)ABuv
ziLMh$dpD^a`Hc{F5#<8;YmExY=siA(<TaJVaHx#k2t@)n0gdL_z<vZSIlNjJ71yU2
z&9#o>g0#85$?f414M$_rx}+CsqLgApvdfD7O>wfhWtCbE0563B0pYT4N%mx%UkR*0
zQLi7w*rnx*3<}Ck6m+lfc6QQ74tcY6Bo-b}AkoKD+aYlSh(K$NmDbcGt12l$vl0^%
zU1quX1{3LghdHuQ)I!#MAl5DI>$;JQ(HlkBn|5Pq0^*9RECnB5!?l{j??U1FPXVgP
zKolVn5vwcBd$6`D612i#daByTO0=>B7RZ<CtQ0h;OC<*#9pd7ZFhW67h~Ft0=K;>Y
zA)eAr$i3ndL&le;#jPY{?anUECa=Hry(|fN#G5ct4dJY72Laydr2y&y!sIu-4^FEF
z?ihVp=*XKLVGg9kX?%eiGp&rd>aVPS1u>;iA!-r0vlaKN7;nNMb${L_c`f3V69=yK
z+sj-6+sbD+mS?A*dc-#5G1*rw9!GQ&7fD7ip*X)bKk0m>n~yk&h2@^beihN#pT~0a
zB$0fu(DCe;yf*j&w1u1O1<HNuI;UjPix=nhjRKK<F(y0j@fl&4DJZ{6A~wQ2&-Dzu
zT5GB=HC|Xi9&w^!hh7jZs>1R8Ivso~F_RU3@uL0{z#sRzYx{x18m?t98E?FP(Oep?
z?D9x7HiE_S!#kh+y=@-WNJhlEl6N_Y*M~lA!sWvfJX0K6RGk8G%V9~hBTLZAINQJj
zWzf`re*w!Ru`E{WEr_Aq19H?vvPA65?dqOz(7vNwxMv=jO#6+yN>KzW_;<Lp^1M!F
z?dKU`6Z`t0Pjsf{X>NVHLau|5dB(YnNL);?$`x(Jlg+a)?Z+WWvh&9MG~Cpv;NaZN
zFd7udY#gQ;UrVIakYMK|hLU9fjFKL<Pt3mf$cPuLyn>Uayqt25Wxj()z*TC9VZ@rQ
zFvMEyycf=-{OO|&Ot4sdQz_$E6KJ5we;$qIIRXxSa3d^Mo~OYIL}WtXfh*eAHYM%f
z7j0`WN~DS-C)$`S)sb2O$2R9Qai*HRO^!3-H}^Tiv~Kdge6YM*ijRe`|B5urC((|4
z<^c5r5%~Jf#$<}!xvy@W@{h>uhV&$}E*tP&$Y=_Bd*mC;h?we!hi%QKxA($03PP{H
zkX9UNJg3>fD;c4f!L>Xqrp+SmtZn`E>$69_z_VFxETvA(t+-@&J@^F+A2v;VyXb-z
znJAK6dHQW_>K9-`zHXiVeC%>p6yY)^Z|Pa8S;1Eq_w}<Ki5NQ}Eef}E`w_{fG>p+I
z3X+ruv13_vUKlxV_BkHRRBi*;BkR-TD${S7CpEXY9pC4(fARthN$2M0VK5jS9o@zG
z`RP1$ij%%00PDVJ5dQ|&NaEvhb4YB2H*(30LCUN0Qf6^_y0=Ak)j0bT7UJi~0$Fad
zSu@HnzQl*s7z#J5YyuWLOM*wR1cVoVwVnF5N%-bbcJFUTUnFGuuyZ2a*HZn{=YMED
zVAMwl`*Bq@x6EAUKEq2oSVkSt$Opt9;3{g5$HkOD=;;pW5pf98ZEA^c?~T5bPwTC|
z6%|F=Ji|t;;Rp}xjhS*CNcukB*n=2A2$yG`L+B-C2K+#>fJ5$TiS?e`zegib?tBMl
zlXjkMQUT*}@06f$aR(qf89Gn2<a@Bku8hynNXfK%ik?ms*?}B=9Q&bMLQZUvtOQbE
zt*-zq-R!g}nb*WeTLc|*PQP|jM{-1zo7}QyTx}1oWaw)@Gax}}CuH`4HC9puw^mgr
zOR5d|(^$J-4?}vebgC=#Dx>O$&1WZpByu6Q5CiPmQ!u@5?+D!mt23!t&gQXF7RVUE
zsI**3#asKEN&nD61EL1+Y#^3CpTM#@Q|6Dw`RhXYhwyx5!ReV=KUh|~bNQeU4k!Lc
z+j>xBF6+h13|<6{=-cxs<)raI0pUMc<z|w^{;oH3`1L=|q_bnSuIpW^X9RAnDG38l
zcrzLqZEKtzfWg=t2@5Ek_(Op2_btjlI6qD3T=*qtdYlv6vfX}4GN-1K<aInL`GVp1
z>QbVLEXMz+N)D;U*S>f_5E4?L`b*_dExJjn$TaU!{7T848kQrm@vhV%(z&kAIq}$f
z>ru~3cHzwpD*nQT;e$1fHhWO<+Mu>x;VoOaCH1F461J<!Q8`!VuTuQu6g}>(;Yk0n
zmD4ALY6c1?NY>8y<KF{3@3?t&_$}d8XI_|F8miUsF_gZ65-!6@k2Va0fr}Ni1{sO-
z9?4qSrw@^`f~PYNwqSocW1w-&$>Xt7M?vJKwn?vT3GK4)e>BB|V~HZFRc~#*bJXSU
z#++YQpE4AiKGE2$HGK#F0ETco=@`ij$3_%Xu66QL26H7XOifvmRs2<ktML$n&8C^@
zXO#xR$Q1^ZO~`rsLo4r(&I7j{fQx=56LV=Vz7G<61*a^#7Ezb!>9+ZiKVZAX<<9kn
z;vR!D{)Q&t!%9|uFhOh7tJ?Pt;;R&*$lw)xH*>2u^zZ}d+{bvq)urP;rA|=h#d-{P
z*)f6>GyeGj%2(f((oBpC95=~S=p)EbKDYO1Pkc{wa^BxkEpcA=z8mv>5l0rO$5T_7
zomR3#?ByrYKzK_O8Q+_GEQR<UO-~R1<=10Z{Rm&HnJ?lc%EXtcAB|=0(4PLTy{+T+
z6eLv`tAoG)7N<S=YVVxiIBRgm9_Pmv2V@n^Tg9?xi>mw6h<SL>DeN%KNyyX_jTXWJ
z>W;6;tXb+M6}&NPzuCrxku!z#zstjt8F>9Tf)d3%>Je*0tI&oR4+F{HSdp)&sgUmT
zX9CVmSC<irAn)#``~qbvjI7&j8F{|hXcu@Y?w=-*G|02oUK&E^Luzq1d9ttr!4;1p
zrmIlAbvw4QTa^-1@T7&o(hjk9A@44;C`wqt8W2VTh2x6O>rzX>lE~LF_iH5vdq6rI
zzc$<3Ibv6);UieUN#722q;9ko&O##^g#J%Pt(s=jEglPosW$f71I1unt5G(sGzFR_
zgA|3BuxJ!;^peuZ8;3{c=`KHLt+|=})={N(^f|d6>IW9Au^nK2JLBJqFc!(GEYJ|5
zzx8&od|FAk4a*#d7nz!?I+zM^-*~z9;$zbv?sTH~FRPQ=?76ep__Qd02U>0X9=zo$
zw_F7}F-w1taj>M{{$=H{*ydz==aGgu;`7|NNKvj@TgU3Ygg{%m6Yfl8>D)GpV;rTb
zGUVHQDE(-2{)y-3(hVPJ-R7MU8F|e>9kt@q?QfqK<2im<kzrW@Z>8VMfbXymhljr=
zwv@Zs(Jd<Us(yK)P2WqFJ=r9ZUB2?}`3{hjM`h-pyz0JnoPyThM>EA5bPd{mwx|Z9
zPaY>0_kuG<YjbHd&{U)p0UPg{I&N^Xw1KZ;vY%Q4B?+(vvl&4PV8s$HmwE-L=eckb
z6ha4Mze6r}^NYMN-ss;7I8$ZGi<%CfgwA|=V3}nyL>%yDM6)8=w#iOFnHI(SSjs4Q
zRbV8NiP5O*ckSwN`LssbTm09|$S{0Yzp>c5Er-1Oq=EzDUGJEW8eI4bmk*e$u73Es
zJwt;7e3Fn2WvZ$}{>{sfS2J?k$0^E$i!q`|$*)+JoBSHBQyVJ6id32u&Wj!~A;q9M
zrOI%h1U!^H#j{jtK_uZ$;W84JM%Bp|`OJEEQ4sGbGHm}kJM5RRxpO4glZ%;)iLN>m
z(UO%ax+ycDVsxUopZ2CnG;0@}7SK4m&Mo%Kn9fBpNfol|DV08lm_p!#nA?~-Mj0)4
zo@o<nfFUBaKoapvqJtiMWc&#`HZ6)0>3Kh8;$u3dlq~zWIEAV|WT!wn?QTW-i`j&}
zyU-Slf9smOMPkk!K=L)qsMLeAA7S*4F<+Z_c;}WM%Ns!T32oIE*IV}H_q1s*X=Jih
ze!6dYrHwf&rTxzmh=+z5d#S^kOZzWfV`*zIEtNJxc0jZPe)aPgLq=n}f3Nd$=Y(98
zgrD<1CgGc1xbS2sUpgPfXK>XN$Eq=qF*Rdqznm4D+d3te>&>pEOw%C#YlKgbB5|TF
zWs%!OrnzQ+xWZ-rjBv_w!t|d4bY+mywu5CIvPboFGawfHT|Wc1nZsPT4B6cz5qH`9
z?s0L=7ywpmGMZnRY{@dXGnX_|T3_zs5RiI)=`FyqT+DeXlKoF_q>q5nX`9kYpIVla
z+6)<A`AZDK1LjX0H+|BKgK59-zyEWakHZUpSPYb0G(VM^BDNRgQV1BNC<ca7*=XM3
zEXR^_O${7g9({0o`gFwB;4})<yY@bN*uU{hJeT2m>_|#Ilq9D*m!AyI6(;`hlalB_
zy}ly-i;{nl0Cdn6%cz04v2%9K1M7MDLhZCCB4p3PFKBypN%J-y68@F$fca@km7O-S
z`PZ<_7aguIQkoNiR%}Qi`>5S?aI#OUgnJ4E)Tjh=Y{93VSuZYeF^_CHQ<+Au!)%T(
zUQBBUHxO!s^B}O6>B(P^%P=YvCPn*}P#2i;`qQ&DzkwAprd4*+>A`AeDhV~^`V{kR
zzl9$ynkjW<9Nv)N|NjlIWAp-^tyU5JVm7J=+zFbcgA7mP{{}L3f;bo=FfdR_X#)ho
zq6lr$d~5mJcIwA|q;q+?Stn8pg{ztser*^>_Yc*JKXSD>-Cr4q!?zho5PBrW=5|T{
zxZc(z`0D&)S)F+H{$8%+v@IclzQY^K8L{B^YSDF)Gu-K)F}~1NiR%VAk=Du7a}1~^
z(yBbW3lI|#<tg9t0UG#pAPF-~O=I}vVe6yWBKNjeVgdiHKC-&qPxsYdNU9jgGjkC&
z;n(7xgS|2-7Ed>5FfAKTc<#mt<_7JPNW?lU2TKiUCa2(&I*+nHg*Jl!fEzW$Qj^PK
zy{Y+7$(y>%lC95>FQrwSzCzDq>YhSrQJ>>XLd9;}+=@Jp-q}rCEar_4GFika`Co_L
zNbSIi77)LK-E4|lTO6xy({otkl=x=34QyDJg-8aniSI86Txa*+tmrTW24p&SYT44s
zu59NDycLd|j(mZ+e`iys`7m=V-8D`Tku<v8ejOHB{zI2k1-RM&B~dT|t9bQ(1gxCI
zmdz$>5`)JiNi^4W7|jpg{xpyMRrHhsGPYPczt!F#$w5lRMrC>>@X;mkauTSf-LJ*Z
zMh|2LL~B0u&MZ6aWK4_HIF0)DRMl8cOV)Af1=yH0e-aT6Dv^#C##r^5bmCy}16CN_
z_3lvD?r_j)Md)(h>%>AM?W?bM5R1njey%t#d`z^{oKIcllCuxVM~|)q+>D!5Iat!w
znK4V`YX6E3E)1^Sb39e{$x!+?>&8tA5G54q6ejEby$`I?hjrwP4mUYYfByKfgD$;Z
z%p|FW)LN<AP~r>Qmn=n}N|O-0bGX68s`Y;4RFn3)U<pM=gxQ-E%~-li9}0h(|5*N6
z*m7SzSmJyTm<dxKSQ%|Jn%W@i`*>ezD6dz=2=cAjC0~Etiw=_D0`pIk`W8%}DXHWx
z9}_M814i7!#A`eLISFyn$chagwBQDtlNhy|l}bP@r}hDihvzGGOuzFYzEc#e3ZN-2
z;)?kY?yn4y4zH^{DlrTR3s!Yv;+3?I5G66A+aSPFyS~3p-$J7GIW~IQg+)C5Xa)D-
zS2Un1Xsg&Qn<DK*k_UFn(V`5Xo2U4oW&3)!eZWZ#CF5ZGE$*v+nvPqOC7VTo{0UJ}
zQAZ!-<^Sx#uDkQ^-)_^S7gN;<`YeeF_4p9R2EMtv%yRVhs`gYu-oIPlY@M4Cb@+!Z
z)~J<>V4u<$_&VZZdnW&^T?v0{dwWIJ<$_;G*4x|rvtKqG_Y|>O4SL-BL;FN@E6%uQ
z*9{%K?sXhSqyD?yUt?{%%*_nagSJ|?kI5dFR9dqOA*0*PB~HrJ?kkq)Qbh68f*8ys
z@QC|0H7%;ddVYI85Ko0*5+I_~^bX~*2Fv^sMW_*}z%de^G645&3>7U3PlZwmY6Onu
z07T;zLV3UcKM&EO{)_DV8<i4&xn}KR%ofY>Jtc`j2=4Aqdfc>^rXKY#h=lD>3aFNw
zIj0)2Z9cq?f!4|5J+QXq)Gmm5{iwz~agLUbuHVMP0pKD75f~86p@>YqL3(zM#G>Xw
z*d{CCuF&bVeS`$tB^sgZZbl4gN=6aVZTJC%%a}d0T$B~tS*3!9Ob8J2DenfJ7=8Kr
zHJL^vsziMV{~L$!F2LC`aze6Au*?(Ppu?j*eMiNr1w!B``{$cy=+#e)URBXUay-O$
zVQNiNVi8;v0)u)2Y?SCtLG;H0D&QQik^g-y12G)!w-LB`h{5t>%%dZf4h42c3U7Z*
z-hDBX=2ZYTHc`-36*O{u^x|cHx=kkK>n338d3Wc5)2Qajy_K*y281@S1k#dq(rwrd
z%yd~MzWIi6Xb6e1bFiQ(MPqQgn422osT<K{-%ppMXucZp=$*_SC>C*xcXTqb|CON8
z(%dEj?DXqC>yN%pk$#-iolKyf*2Hcl_>8@99ZabQ(7Ak{C)k7eJoTbq>hwcEb9}yO
zgV%|Mo}5UiG~vz%-XC8POFn;y;u1A^l0L>|5%H~m+DWfeULh3dcK~-9*u7`Pwny(5
zYA>H<H2Q)ekbMWt@HsS+sUH?CDhFPD8LQ*2S~P9dNrN}lj?tk|-#SQLJq}lP$mQQ@
zuFu8H_m9JJ+1Z~l<q602sE=@Xt(KY@9R~3IA)_6^g{Jcdw6OO#6%tsQ2d?(eX}+=B
z3itO0XecJ+4wTv`TqYtMM{kS$N!X6gmAfsIngJxGJ1iU^cMNp(&*&rzg2__II@)V_
zo|T)#^;Gr)Auh9wgU~!ztO&UwcTUpx9>nzod9Jtd%5Fj70$R;MHlVIN_P7{KJrI*<
zN16Q^*E0!-i!K}zV%F9<>#uMei;Z_!Jf2jU2Y==Ye7TRrt}WTla$6(*Ki=X1(1DOz
z6gGlD6a*|)y_dXRF(1MZnM-{S^cjwkyyUc~$o+}1?$r4AT8gAX|M><LILBEMLmhz1
zjMbkAQ-Yi%{3-x}2~*Bv>fb1E)_=&EFbI+|PBxf0PeQBjI{<;pZ+yqoS>h^7V5Yf~
zzzK?KQO252r4Rk<mO&}(nBU8J65t1CWCT$J5a6*>6ey7eD_XjLv;O@SJ>@6N+M}DW
zzP~7|>?5Pf8A!#A>OGu-E6avYf1F|d0={}rfz3!dG>0-E_1lcHcv*T0+?7$b@-Hy+
z1^k<3#X*n>!(RSA*uel2lRH$?XBCC=&2Ne&Y{vb(t5!+D*HwxDRc_%E5>z^;R-SC2
z_>Lxj>l(O8BlHXnqwREbl5L@u>VS>pld+sP(nmtDK{j=Jz;FdL<dtQYU;@qiK#`ic
z62jHj7C|^RCq0EAO82<yx1a^#cq4$Hc7LkN+xLm@TZe7bEF_g+-WW@r^qqQdIf!ts
z5nEE1sV0_U=oHELBLo|iaHWw}%yiElVo-M{G}ik5`nK)o%zg(MU2qo8EiY<f%|_|D
z42Jb7HvtW0K8zgkQa$ry&A9O#U%BTj0#~ZHJ5_S3JhI_pmfO0Z=fq(OVk8U4J1t}3
z-$EfPS-}`$-WeoG@T6>ULyTU(4P#U7v8(mLgDj`kwb29c$LVt#!jey%Q9*>TwVy2<
zw|#z1iAR7no?acaIspg)t7+5LSte2Z)N&Ju-c|NwI^z|!cBfUbQ>*f+g5oZ)@#i7j
zWPoSriL1+g40%0Y4{!E*WY(d!V+km%{zITFV|7@wc$WT&v;nW*CTd$UwSkFDlW@5`
zMi7}zPfsxt{Sh8Wf1&5L4{Yq-x<6C<uB&v-_GtKiG8^)K4!NeiJbPB?@3K($fFjKA
zDdKEqEEEKm6=gjizffUw@a-Cjt>Xh?U^6M8x({Trm)l?NFw1@yh~;CXko2^4uBl7I
zB!aB$ME5<Q@LO0}6-`5~VIw}_FrqH4Il6Es3{L9xOZ9Oo(|{)Mp<3#I@!|G}FMu|l
zRx?Iv7RJnlRWh^K=1WkNzdI>1@e@oiyU+~!yW#O!LDbceK&WubN~(9e6{I4Fyd8w`
zHzU!z@X<^qDb~ir$p>_y*LGxeTKV$QLP|8BfC+p;OQq?z$jZ-}4${byW^4I_0J_iz
zoX<onAO+yb6;*B`KH~T0^@f}EL6J58nUe(x+E@EAPU#F~lUOu}w3<Q8i!1hQuyU$$
z0jS3KqzcU2*D<#r-~8zVlR23AQKG%7nRu@;T>*SGpOFg}#8C%cInWDPV`g184}h&j
z^_^qIQVu}Hjj~xJgdVfQ3@Q?Gd}}oe?6D=k6wG1yJqc(FP7qjPK=_323)T`&F`~du
zUY@%1PdbYti}WDk2Eyq*a1rELm%6eW$amb_!$p-_rMw4JGw$_O2iY|o1XwS$&8M__
z>SzU7=|kb&wHQW=8h6iJz%r(Kct`-1O>e8a4!H!ORCdz}Gs&8&vN5-el9swDBJfmX
z<D!i(o5S$CcKdR#uT#Xc@BkYOU+Bn@@Ci$h--+qHbG0(x@s~F^bReG35{PoC`atjh
zyj?e3Lz2ED-SLh&;|FCssNZ&h7Fjje3?ja`g$6~xLA6Qwt%;Vw&R=HId9ZzCfKK`!
zvic6JGE5AAWg!Z|mK1DQ+M$l`KN$8-58<*QqbUa|-FMlF$$!XdnMw+<*wK2_86P@`
zxSIWHG1IwntR_MRt{jcr-noZo8N<^{SrGhHc=fH~KV><9DBFo_1!24|wcGE1z^xj-
zG%}y+okk0*SE5AXzi>#3k=;#Jr_s4dA@y%z4yVVx!SWa9_yk{XQ?<8%?Z^cyi;>m0
z{*8KQwd5JF-fb`t$SI1PCIruV1-GxLcf6Y#eNENhTpsx;Lg5RbE%_gH)*JUU?gVPn
zqPA7NG4~B?3gx^eW>{*zstn$oCpYI0@W3uU{M`F6XW8CO5(<<Z<s=$rX>K}u$Q<m0
za@wCLnpTDbKCE{h<Z%WoeZRvZx=^p13Wz`2UAfk@5PM{*9st}lxxXa0Nj;R8_b79m
zVcJ=a4Sy-#{SPmuMe%ofoOy8#+*=>|6Z+k+-I4YLChh0!^J{xxiVbQAHf@I<4(5(-
zC`!sc9nxI;i*kx0&DO9%984sA<>Z>pD9On03Ivs5HXfsV)mXVD++a(`FF*C^TKSo7
zn`xru>ZHZ_t`iIwzO&;}c1LHUcIfDr%r-h#v!Fed+#6!l&1GS3MQSQjKM19!n`rRY
zjf8>l=p^8iDuG-nuHVL*8I=<6c|w4nFE?+^6`1sA`hTFd#7ZdjR9wolj^*LsMpC&I
z$sgLssaFX}%QvSV?s+zN_JkaL95X2sPPALGMGVP+XU}Q`c5S>OUV?#<V%YXO%AAAS
z8NjXjs2PfuW~aM5*`e;|H}6OcXvYY4?WRHq3GWHzFJ!5;8Lfjvptb|hh9d{#&n&kJ
zt$jAQA@EbU#&xw{kiy8CGNWqA)CS}u!ry6Br*ZIRT(*LSKqJDSuGj^U&A;jIHbpnJ
zW6u*6DXwvN$=DLRfUbf|Xi0Sd6NCr!%ZmR891oYV@H@iu`ao2~o+3T2N{GGRX<sb%
zXa}v1HBATGre|EZqOuMD85#t7L+{r+E~WaoK1_Tp+`88%G@lNlZ`PJir2W+I>#qBJ
z0=ubJu8iqyDIG2J${6d`-DM7DGV(t!+Ag6Hdh`lZpr^Z6PFDMmjt-M_s8J`xD(NOq
zK8wlrvGXIX{H8@s3C5gZ#KYMv(^1{hW8(N)u`e@}<}J9BNodd^2R(!wWe()qmj-zW
zq;WF!;pjsa;e3gc-%NR(-i!p`LM|?{buF>~UeriC!@n))JXCY}<7eGkzWdG%4{mDr
zf9$O%icGDr8oVGw8TIr6MID~QApFkyBD(9h(ns?*FZE(_AH^%w&vq*bBkf#10;(xT
z^|?+O8zo%6xTT8HT_oBtT9msYbf&-AEnq6CT6jw)XMJ4We^+=KVYM9o&FD-q211a!
zHl2E?42!-c{%rc<AfXgO@GRM1GGgi98YZAz1FY*{omT1CD3~&CRMB%g<Z!#%G|$yI
zMiPnd&8Dp{h+JK|<iS}+Lx@RrTc;Htl0~#`Vb{~};u9HNuIWo=gWQdN*eYfd!&g&I
zQZ(F19@(&1=<tS*-GfZ=9}94qol3+*jXDUOP=vN%!VmG`2M^uBNrveDUWNIMhKl`Q
zwGYvF{xd8>%Pu3|7MEX(pE=#}v@hYx*qh0)MHP>)bIosDu-hX#!FyUiUV@;^K9OZb
z(~r`>NN`9hZx@nWp8d-I>n$F|jp{oTC`K)5(2tfsJu(xWw^V@6P)!(nRMkyHpr4wq
zmbrQnE#sx2^DFJclS!Wt(G3e64XN&Luy%D@#B<0F>ebu#4o%(R*tG&{nHH#6rl}KY
z|D3h@W+#;YX>JG?G8b0h(H##StF{vy!f+f8<Swg9yk?Yzm@BD$%$PHh3yj%dnV|kk
zbMN$-FQHMqjHq*0Z35AZvO8$Fem(902v>;uIT-J6nS?aiO__V7B@mDm8%gN|?_Wuq
zu2U1O_>w#VG;cFLU*3t7MmNV6(J>lxU4zxOAT_#X!tnT<VAwnbRLFEVqPuCQ<Y#G!
zBj`|Dm-)PZK4#H!-ZzUMkLZ5soNc>IW{XV{xZO=9zIm=`-E=MjrqJ}8!H9}FkL5mM
zV~6jwtoUN%=CdH)E<d}7Wn;M?vAgvCf;-D-enFaBn?BDO19CZ6FY6`FKc|u}B*3DF
zEkd^(I|-%M9LRq=z>JZmU68P~^0;8s0lZpZRPZhAT`TX->mZO`(N_c9T%B%`lXZ|}
zs)Hq-10lQTGR@m{BSyHWrt<)sGu4>vNgQ>?)OQNlf<*3Z+KfNps;LT>U~1#DpZyWW
zG7<ptCaMa~7=-*QgV=G=8I7WT2K7gG1+pF_pN=v+HR)kNf^Hi2=2CBoX;m4IEwlwJ
ztca(p16f43&%!zSfF^uJ9R!UAaS!#^=#!UXS(CPmOCVTIeKG{BWZt_a!L*j?^9qf2
zvm!s9ftR@ijiA<K^O1yW#u~4^3HbC(4`mJlHjF$jIY_Y>Kmt=5a!bsu@H)y7KL4&R
zE$ki^qST?OL=d#MGU&dM88E~zX}kCbMZWGudG|3ykqRJo4W8LtBe<5GH1=aZU}w=G
zYwnA0*<Q+E%=k03>taxgC$2HS2L>Mfhda^u4|j58xT{GEf|gI{`1I|7_~M#R3hdIe
zYqEP}sIl7iRr1XRhE`jkcj#TJpabyi2^}7q6U?YVcbb+Q-D4=p@W3#VQ2|L7wPf2l
zZE7A$6v%~a`i<DU`V9v`bPzJ%g0xq4d_Bk*O#9)ECLL;@OVpWu*BzL8S18y=j~db_
zb65tE{E}`~n^2iVjc5akzYTU~qWfRmWD_`e><_`lL0Td)<mz&0uE${KwNm+RL`gm5
zn>^xvL96C|<{2;8ekQQ@Sot(tpfmTk;2g*=Y@_e?ScLrKgiE;0#x^3PKu{IU3Q(Xf
zq%IaOw(cHfDcvvS;Y+2sD3i}Kc$eCGr7OP!UhoN&I=8gkjU_McwG81W-36iVh?U80
zmRMFI@ZdQllgh1h1~eb+#QMr4t%Gb2xh5t{VT?x97I-HIcNA=`vq9ep%Bobu>jAQ=
zpIWW^Z+oTLDiAA^qUQhnnN%e-Vuh3X;W%>AWSQbu*g_>-_7s6>IgjI+d991qEaV-b
zJ#aS1IAbuZyn^s4Yt#AwN|M{Q8H@5)9GrDuvMg#lR%_WgkaaK8*e2>I?9I_&eu+dW
zj-@i6i?m!_#{R0ENSbMX%9ECRfX$r-p=5Y}6PjvKfEh5MTA560EtDjm{C;LVzr^wT
zId&~f;Qb-v;Hp*}g5_2o4?Y?*r^91A&NtFSsAxw2hibAc`2qFYKU%$nKU=c}j$B2S
z@W&f*EZ0oE5YPt7Qf!0=8rKIIDFafJ3OE@U3|VCH+Clf>L!UKV$kwM|D#KHIbhZaJ
zzi|DfsQx)D82r{!fdMkTabSZdN)&^7ICuUQ>g4(V4hfz>tRPoga+Is+mh|2l+!Frk
ziogxXa#(XDSq$Y*`JaI;j7fv}An(=mD@+}llj-$`NGgP^iavSL#=smTZW<Dc!@%<;
zbm=r0JdEtVehisL9Fnl3?_R`XFVo+8egp7(ZN~n|l^rT)sE`14@MaJSLimN?1u$)!
z&*j?gQvM?#-3Zc!G()wI6ac7pg36%VqUq%{52Z3l2_b$h+DuqMvM5k*XvDKGTe;l;
z`O7{h5Pkg)y2NJi<KAcgR!2>dBOdznsiSl_2NYe%c3chipJ-G>uN}Y5p)L~2`%H?$
zD@_0^r_EYm^r5AGB!@u45w@W4zP)*bYtwrACFu;;zva2}2o5oMctUg5$eDAa8c0I*
zKtZ+caOp5gowU~RfGILrN(#VfRmQ_dgVHo?6od}v3TBP<zH~V)nbsf^^JDt~sJ<D=
z6d3|GrfH2vIf|2Pr#4`8ahI38Xa=q4g#vhvva=vHU&^=}VE@N2rU3p}hlzvJifN^^
z{1k4mDFgW$-*S(uE^ca@-4TpXY2>J&jCz^BY#BRPk8yx8=laLY5^GetDw;Hl>fvTX
z7W$;${mXf<qvue5jY`4*i5`%)B#hKk1*Auc|FLa<-+%r9G8Wo_ZU2A53Exc%-q3%7
zi8|O~qj`4>l29PJbMs{#WN_>Dm5w&0qyNjYA-NQBEiZJERG66CcHUc9$ByJu^jc{U
zmr8<uVUog!7GVT?zxu?S+DpnUYk7h8?CAX|#|=ogy|I=(evaK)5$=C@-7&Gv9y_)e
z!;RGQ*?yf>6Y{5NBP&!Xtt;^8CetXA12c=b8qK^ZHbsu+ZCf;oA8D{tSK5OdvE@5o
z`i&z&ufswZ5g2E=(?rozo<jXVzrw6w@T<quJO`2X-UsG7EKX<6P$s&KGIg>KIEH;9
z!}ktBwZ_u6qv^E|3o$~m_Me!s3+_v4&wGM2G`n20>ylbo=yDFjXD=zV(bT7wf5w32
zZ(m<5c{C9N9^L52GPP-WcKo?U<Oq*oI@6VqNOHf*AxJG+4yEH7jW!z$@h<FS8>$2G
z7CAG(EjpnAb?o(i%b+Ib>8wI^MGu;nB=+!Jh$hJ_J5n#XAxpc?1+=Z6pyNIrYCy{0
zW2V+h^eK;5Y!1{&G5#^0qM%*KXk%Kmlye~S!jKM~;a8)2M)Nz(?-*7dzmm!RXJgWP
zfM#EKP!=7_9X+kpA0|%(Z!_xReShi?UeN4D;!Lyswv4TO;x6U+H<F~VXV9QP3<-2S
zI&hC|5H80}|MN9PT=btTj!i5Y+#bqBfxlXfSdk!r9n=~zu<jKYc(J@}d4l&os>cXQ
zjSfy=Bq`m{7sdJC;}Y#ViWt-lrny_^TyYfV!7U{J<LDdrXNs=oGA;~={tw59rff0N
zNKlc#BoE{~SpvSjI($C;_b3I)$I9-56rZ4tjgku8*><!!qF%7vkj4t3x@qN`7d_&)
z6<EU<X?dv&dNKHJBUQrmGWo#0?WV;haxd&^@Gw-g5<UCuoqfem5I%{5Gd|eo97sZA
zWY!RhY6+wsmB@ax6Kd!!*IKhZU}s16s~Q*`GVS_9scB9x8#2;rQqVga-O><a9CoJU
z>IxjO+_~1huS4L*7RzKnB0j8;1~m#fY>eHqW4ygC)4!rsk#6gQ-wu|yA>YrM>((9*
zv(?aeT!w({1<HgPV9ORR7-_RdN|#6u{#Qy4(s4<~8&EtCaxyG1%IJDS#=3Yjz_HM~
zTU{GC(s*<Dw?QF=9qs8`7=EArC<U^?q%`D?`ny_=YWU9<vE<!_!65SABt*OII`(a^
zxV5HTRUv`h|JwABWyGpC>i2KE>z$s>YVg)#p>cM9j*v})T}ej=!)Q~JIOmb|;o7iK
zeaItocTq7hnkoPhM9tehG(Y^zbF-RB_HmL&{=QpPjr=>?*kM}gMaT~M7IDDmphbUe
zw_(DiGwn_3y_`3<YDbL3pcW8Q3kw0rjxt|5f%92$FGw1J+{X}5PR^1jQ;DfyEpKcF
z;-w=i#vsO+_Qw8GrQU32ZVatl5IkXEK$W&{*1kCLr5Wb$S}w3xTcu4_R`$3I`_=Rb
z)EY>e)h^xCPJIoR3-_90n~;~<q%U^=#ehl}6Jt}8`kfxhI?bi~tnMkcia6L@_`IYf
z44cL3*-QGZCJYfCT__$aPAaTBYd9lOif`LW)@R*0RSXI;wAvLheIoOA_LKaC*n$L-
z!Rq5+XSwY<8LD1VJ9UkTi2#}&L%`_Xxg&oG8&twhxL<5(!l_5cUEe6<Q}?dML!fmn
zEtO3zPx;ZSTH68=A3(sU_O2q<N}nJbwRn|b%@Z;)<}3&D%T*z#CaB-WSndwe?1e6x
zAuffsLdN86P^dI*PTV;IDilfcq_oEPWp8$8-##LTF1Hi~&U^l*A?Sy{#@+G!n$`i3
z0@jdcCC8#?8n`ET>6@0?`u)RAfx>#N^EjV3(GKY*+$n=%liT`D9#}f!R>rMDqooxU
zt(mj+EXJce$a$$4-L)Bw8(+K4i>J3eLGMIF26fex(Z}{(ut)jkW5?0WL9X{-&e*V1
z8q)DH_~$WYXy8#nKBM0PMG`eBR&8Qe*PfX3$KB-XFuIsKS7r-|?-&-(jHdr^-u(Lh
z^Lo8EvF-kf7r1L@LC~zZ;K=l{K-wh{+_-wP!1ZZzpj%PXnB?8jRjk!w(M(lj3<h<u
zPgALk`R}6~ZQBFp+iBrjVvoZ0x`FGJ1vfa%8j<(9SCs;?b1VZ7z52GD|H>fo1t!Aa
zc{t?q=F+y>69;>(#^Su}m6S7>AQFFY^gd@w$wB7)<uN(Hr^eLII=vToC9V&HH;wo*
zH!Z|OreM%A97`W+S>L9Y`sV(FPGzCz{I92gY88DMB!l^BI@XQncTM=MF3;5?!>gc0
z@NTWkQJZ`)q^dLc$}=>0!AV<TN}oZz6yGv>)8YcJiD*9Nj(5{ly-8@agZv&$<U`lV
zdc3Rg1_h=V(uq_9e;Fxi5S=)K0mngq9>!h%Pt*SM-S&zVaz3zXTzFqLfAXwV4EaXV
ztB(XVs1x+dSz01jvXx2wSLHX_ryNMN1Zp9WUIceZ`U#=j=C`k3qrV5ur4n=ff0Vs-
zSd`8CKD@hxuz++)N=PG$z|t+<9SW#4NJ<JUT}r2PBcg!x1HuB5(x6h(sWb>u^3I~4
z=lgrV$LD>I<L5u_viCjr%-l2ATr<~sp4U{iCgWvpPiS}9eq1S}*kw$zqI(1%9R~-&
zah$9R3^sko&6%&0*Ju>nF3P{`oI9`@Orq;U1@kfoSQv->)-7RpaK;PPV+;?x%m}-y
z2eKn=`KSO1qaQ&l?sEtzz!o(Cdr)7$Gt-!ON%ZQjWnU=eLmXKcmCElQ5GsI=U4j}e
zu%?=}2mPFEWyoy@VMXTNS0koq0J_Jj?8s>TIWvs9@EMECXuO`7nPU9=_<l&&zVq=N
zZh3EZh3E`ICU=Wmgl=ikKuCR@KzIxSBaMcYk`Bk5yOALqP!sGM3mO<4zL-KVUMv(B
z7q_*w0lbTP8egD)P<*53&cjnjtot@?_s<dZ$V)e=P*oT=&hqbpp6ljF9;VjJ>xIws
zx!x3VQgG1hU8}5FrwwSni@5~}yY9Aifajr^y56?;lJ#KX$v_@+Ii#y@=hf5p{*6Xc
z85M|IA~kBpZfZuWQDEE@!tC&i^7%t`6-+o44UUslB4n`qlQj{J$_=7kbO2=+$2=vO
zNtH>`Eg#!9%ezv!?-4HIZEDod0)=i>+K=<u>8s&6&bD=&4u}j*!Nx6y=L>kHV;hYO
zKB=P_hEawKv;ld;x(^7Pedsem-1&cf*8;T2@HW|Q2_ai~iow0L@Jvjf|G8Q#5Gv-m
zb0<;%2`HuA^VN|X8q?-MzaGkS{EP?%de|q)azGDSvbGGG+>_w#Rc|zCN^dEEB(G{0
z{vCoaJW=Td$bHGvrJGb9kdDe6J7)kSz($Bu{+<scJV_)8U~_{Zjsq$3uq&DL5#2dz
z@8ol3oGfT1_fCF}y<$Z(NM265_P%-pQy&U7?UYJ3^JA6tRD5U$;d&J6b{;CD^GpD>
z;qCmtzkgAN!~)jC;>Sopg#a)rzF%^fDf>2Z-t&pt`!G*=En2Z8@AsT?{`QMIYM(zN
zM@Y@UEDxdlb{hD){!~j0Sw-vdeT-9aUyBWzfa5?#@_DK2Wz%wkia9=m1nrw&b?yl2
zcYMwwQiCsPg!c2eybOs>Y}w&?mlN|s{zU7q%UfHvYke7fhja}brH1e>>L&>mE)Tzr
zkY)=$E5d4lHGKH+fL;cm$q5ywW7+R=1E|ig;k%0-{b_g7=Ouprc9+W5D`qRVPPQk~
zTm{gD(~%*wlhcN7XCs?~z8rx^dd72IisnBmUruOSPq&^Wt`TkBzWr-rS>^U~EWSrW
z*Lm(UJ7Sg;pc<hsR=})^s0|Jd&PVM#-Snaw0zq0CEt10oy(@SEV4J-7h_xH{^#@9}
zJLXl5Odk7-5bWKV537lx@X&S)0BF$Ey>kyq9>p1kz7Y+CU?Eote^RQ+PR0?MJx`_-
z3a^yOQxrJFEK%gtMUuni%ktO|p#VC;&Iutm|M!Euc3yq%-(SIJSh*&<Hi38>M*<vu
zQM}zct~$7dEDA1#W%%bqE(MlXzebK{3$m!j)<dVW>aB#V{K`Bnm2w8+W!kqw&7^2$
zxHE{9RxM%$b)T4)j}}j=k%#}rHnl}u3md(q&TJ*bLAH|LgZuPj1Th#1w*qHm!)og5
zGd`wM(b6VqoZSy;X_4@krKRGxdhx9axGr_u@d~-HO||L_&g<m!${oUdNrHMv^0tL%
zLBYlQqGxEh(1FV7V)*`E^;sPRL{J-Fzs5zAZdixkg$u&pbH0XB0pFvfQ#<(q(IWg3
zIQ{Vh#J*3Kk^>d!1L2iI15e8khZOEb3+QHWqN3&zvSw~j>VhPaVPSY7yX8Y@*SK4I
z2yTxUAdvaUDaemILW`m1?Jw<&$jQfB)EtMNVihRFzN?V*do`HR{ijInaj{GcSz8?}
zLt<Ka%m%TD8CcyG>D?i0zVN!A0%WBS-?7bG@&o@ihd2_#Mk|j+<&BN40S@k{x&RyF
z<J>n<9K!Q^n|kj(ery*Q!VJbM0!h070Y8pfbB%4f$)+Qx9(NZ&B<7dPW@_)mZRyjW
z(m10VVnHmhw0oc1t47=N_<QpkBDK({kE-P6^3IqdZ9lUR-fC_;abI8R>f$wH{R&g~
zax-=b(=7`e#eKwG8WsJ`_$Fj`DM?z5+&T~72>Cas>74?r0N!~L&vSccGqslg;Wu~&
z3Kx&QC&2nE<SUT5qPgb}B%Uf$=y$=%=5%j!{}*fL^@+8|l709te)c&oo!EcgU3>lm
z{!JiuLuv9(BE67d*@93t?H~PfGFzI%rB}(linkx4->ud@?siw~nX||{yWf*K8CiyX
zEB2p`oPCAkpUK51xk=B~vYcxUG}~w03MnTjLg0q=j}byCT(GL_!0GF>QUn*iGPf&}
zq`{Wh@F)Ho)g!x%`!he4TC2yB1Qgd$IME1{17pm`+uoZj_z%s3j_@Z2bG}A$8HiHz
zqMuIOj{n%~a;>Y3gzN*BBk4(JTr~vf(?n3SIhH?jPYTJY&$WnP5=pw%BjXygm|wuS
z-;*A#L>AJvAu!xvllp<e?j`H3kBi(N9c)9HI5%AFQVJPbnNc`!Zop+u!uMEJd<`qd
zi7{^OT;oA$G|yV?TS}j>+)2JS%S|huVitfaVxdS-ZiFBB4Rc)w*%sJFS`M9ew0ja~
zbk`?Z1#^mVAH}Rh_+BQoU6`*u|MdkKON_Y+y{OU%s~4S;WQ_Ifw*}6Ju@8N^8PZrB
z9IvOMhqNa29qv@g+x+E+WnzaySJQ|@es*KQk?l8Czo=A|7J8g=qLfpug!I7wE`hPy
zF&CxB!&UtL>aN%Ei`39#rxe2V;MF%W>iZQ4JIRd#RmPLyCO30-$1(_4kSvzr#^`2o
zj}%l8S3c<9siX<j|L0y4$K6th0p7p!;glwW>FF<W^9uq)i-mU@{Y?n6sBtL`=coo?
zgV-?;R>n;lmpkfticny|B4|MUwOxQh0xf^bb(+w8pIkPC{LJtilDsJBJ6??GxT7gt
z{wH`ou@JCzmXK~$tQMSnO*vdp<(XYB)bw|LUH12=J8o(R)H^|X>}7PIz=ph5C|4gO
zhMHFRR-R@d%qK|aBLTR98eI3KX_e+TTwdhQb4-S#?jj#|eYGgi)FlKDaOtQ3gg^?u
zi_abR<3YQ)7Q^6``S|M=1&R#lpJf9u^pl|e{39%6QM!K{m3a@5L#>Hj=wBkeKw9e+
zL~}5<MtrkR=1<SC5ybejW84j6)GovTKgxO`pap2_`ec~lAOU*~(u3xa@vQ-Dlh3=;
z&TxNtidx+|Lg|+${ra;^EoU(A`ljy#i>*OMJP$;3{#a8Rd;2$U-tb3i-U0e<+1d0{
zV9f>i*aGn<Jw)zSC;Ka42PEeTRyWh+jBt;eSN5p5Cl>~)dJWkD#M=NfaKa^p4FznD
zi&&_kB03!L8OY%2qv0~u$_>CAfD`%{es%EnpSM>)WXU+{2?z-8F`_g@Ig5Je@ynKi
zu<+QUhE+yvwZ6<u#l1WMI2Ml2u$YD@hBPs6S3vj;$fx(-m%*CIuo9BT{(zMQo-M`O
z<a;fCAjJaCw;G|^-f|ctiJDLNC`N9K6Pzx8*U9Ti*0<6LzHF}#FON{>tDk~vLhCq1
z1tydfkX3M=(XLKRwmpx_5$g%VPO(a$_*b<|%tj!o3)TN6hYM3B9DfS7qkNmxe6`Nt
zA3!=DLWX6y@o@RXwP}j0fiR4_vLK4W0Ge5z*^|+Y!HJp$SSvp4S8cmUxU;GAbqJwM
zQQBNOv?ENUJvZ%{2Z7Yv#{L0(m(T!!_mMf>67#l3?IMUIP1xM9CZ0xrg*IN)Z-Gcu
z;KH&IK-DDpZ~MOi{lydqk#z@>M+7`%TbP65$EIFgu?$Y5Y#M`^!lc=+bxQK<WMKHJ
z>36Xv{Q;&=_Juem)uUJk*s?D4`hTWqn=piy3Bx)HC=G_Gec)z60k~1SJ2iGPq5|TU
z+^_uFgE1t%UFm0SG*S_O<(jtg;@pyXP;rJSD|Ak#*COm5k)~C%K<|rdw`Nrn0mCPu
z70uS*g-Jz#7Bn>VjMlmPi*2#BIcVihbu3ve<{AWyV0dLan>H^>_Wf<=oTlS6C2Qgg
z$P!%SE5{K~G@RUif||>eGWDVP`a0u5-8J(%MO$O-!s|oZR8n$ro_?cF&73F;9n6N>
zvya|D)xnE#Lzf+M1;^RXo&m(7M}RU;ilO@46hj7Nny7>dEx$NWI1^Ew<?WOzuU3<c
z^Q#GKz(N2wl+6Je#wSI;?s*+zDHR17n(^=n4|eCooM4M1Ni0<=e2#rS7$`<~#$thu
zFKhKdRpM8>)eQj8>3j`y*lZuxF>wZi{4S$Bl6+PZs@@3DG$fc*%NRv+KqhG;1b?jK
zn(Fch;cr4r^Sj#b^ZI155WHYyj?c__pKc4q(cGGqBaV!IqK!4dri;`=Ci4Ohf}|93
zE!+(vr-s9K$$&p~iMzTqmSpXN9;d0<2@G<h{<n;HAG)+fErW$U4bzS5MK~u)0@yoP
zxjUHa$x>JdL?#BKoe00V_X+kUKpnEuBplg`$B|*cUKE`-LiYPFnU%2bY{DNGz$-OM
zAz&B*W321q@MfrzN*5X2Aq>ec7RSII2^2EeF0hz0@esMCWYw{$|NC3hvtz9<^TV(C
z1j`_2A@E9g<!I5Q+Uz`G&7J?bl^=tGF4Xad<wd!^mq-(~6xIIX_1>;<(vv!ZmVZbN
z<^k8K&DpgJI1xF(s9%}&UK)wQJM6m1r64y5JI0^xu-8J8-vo`3cRrM*j{8p&+3|!&
z5syCNv}BzD?n1rU3c=9kWOX{rFF_}&^W2o&s;YQud|jkHAy71QI(qQwsqmU`IDi;M
z)z-)OWKWW9AknqX=Uyf?KOy0NmWl=~ZE8FaxOY#=rcs~KtVj$@)z=t@Ka;N+2rt4V
z+$U#%V$F~5>jEe0*&(F#i9L%&0mis%|9IA?*W{mGbvrv=HVl6P*3VMhxsR)2f($2Q
zcuFZoKt6BRu|1HbIdI1NJBytQt&+HQX~py9)pJW}JAT`%l?KaDivo_fJNv;muOf4Q
z$}B2mtgecdmbNB&A{6f2j-=*1d^VMQAcq%vd$t}{ZIXB!cD~sxJo=?$&i9)ax!!eh
zbFkJJ?cRJTod=^81!$a;svi^)<G4Aey}oa`JTp|uVVLydcW~u7bI~J&9gh>G7XiRR
z%byJpCrLU9d9X~0t0B-A1b5!oTqj-xQZc>(U&3ZLe{h#ka-ueZ;g!#VruCiFy=B(q
zk%Pv=VHEZ0r;9OcOivr{Ok><0kAcVruBw|HR9Cc`M{{`r#YA80)qgOiwOdGakz?1$
z=lO>^;qtXN1z`ACp)qJZ#=3@t;Rijjy#{Z<qycLkFd3g;+7Zvsz6(6IcI-LB+1qSN
zdEG(*y5RJx+NDof6p$ISziNh=)d%pVRBy>Q{vUTvV0v{d(rH{Qi<=lJt^XJm&cMDF
zlkq&t1}s8<8dpYRfy+0z1NyLCUq8V~X>(@Gai4<|lYIVA8p{y8gm1eXsA-{^q050O
zfQGV(=IW_udGxmTYS#mrfbQgH!LS$9c6kaB1^z1eO!TFY5<*TCZ~!<_fRkGU2*AHa
zOzPezr21WET?*EIUe+o6+k5azCgNSM5H#slt@!yo{sarz#=k9#zyNOvP<JQv^<BY>
zo)tcjtt^tkYPkPz-DM!^G2W6j^c^N7dPsZBKW_vKVT6a%cK;d99h`5S=_AW;Ftu-^
z2Co}@xiR1pcfS-8&Ww_5a2f=AztNAkC46*146fQ+0E2D64G4l7oXb|umJ*{KES^A(
zpBZvDz~BjjTu$nIMSM@b@lb3-sXBfHxu$P<^VPRywEJTW#)%K;E|sVLQ^arY?ah5S
z_p}lPa&K=XHlE-0JN+dF6cTSK=aDG!dbx^=C1A$)p9z-AxJQMnkDHN!UaFD7Lj1(x
zywb~LHg2RnTAgScifsiH-@0rJb{T8m%XmvVnuQQ+5VsVm*2_LWTz|+7n6%mIfHbb9
z4|W>Z8bf>j?}Ds<nMf8sNRnN<pc7d_h)47lV1P;hT>Z=#j}pi1Kd#3gC@;2G%*unT
z!JtThhP(nIr^tO``X;T_xetwry#S+UUa^uBAaUW$z)8uLxZ5gekCBj&bGs?`VmWqB
zR#KYk5UDPmBlkNWn5RN=U=9>iVXD2Dd9QT!arg-O`0>ZP#2OuDJ~RWQPmB(xA%4WY
zWO_ZVgerI;8VazG_i_c0g)5VU;)O+aXTB#M;T!6b%DwlN&d4HLN`2<msqu7fSiK01
ziTpe@IE2grN1h02|K4!H7t^gCr@_12k3=15V5X(H8u_|fz%d+!lh2Pc>qA@WPU`bN
zGNEL~t=Jq-iOp3VCt35~TDN9h^UGzU<2T1~Hc+_jI9?5~WHssT_~D12jQbor-bUZi
zD!$f^pH)mC5wP}N<{1;(6jd#!2hkhZSI5m|u<QN%h9Z2iUnqSCC@S-1cqKdg4!>JF
zXXXdD$nyLk5g5KqN!6E@w^>{$#)BR|CnqL1_xZ-pfE^`W@!XQ1VEs-?+Ef(jGUg$w
zuH*RtRu*HxX>9=h{n0^)%!>t!&|r-2&YdTTEXEdfz{Wh5t_kuGp00CCkxSwP#{_?d
z*vFeFJ+<nrHn8Oz`LZn*u)5GFz^D}~j-gK4nA!}its<8$QiqUyK5DO-aC^B?&nQAA
z9AAsG&2LD;eh^U$hUmB~Rs+s}2X<E~g{q-zWhaYzwy9?WLGtvYg8rgOqwHa7=kH)N
z>w}GiHWJXx(~Qdln7k|BZQMNJX=L~NVwAM`Fv82Do9T7t+80IPtv+vWvztcb_nP`i
z!B7Z?JA=7kY611g?)WY|8*sE3AXO{sOE}u04=LRMYN#iWR2R!E!@F!3_g+a%2fd0v
zyu6&3>Ay!xf1OVBG*qa<d>{?;VCMS(AkeQcYsCaO&wByd_JyJT!~EQHnN3~o_0-2t
ze1YVzjP=_N${iC615wYZSIw8gys@QuV2wn#9zB~}V5-bJtzmLV#}cteJhc}2{g>Q(
zRd!Zf88iKryG2-}n<Cy%f8Jv74>O$7U>3S<WB;IW+MoAEZLdl>QN6Y>KHRbRgHD{@
zJ=)cu9h1&K7F8Fx+56X#N;zV^*{Ggr+LWU=P3zo!4jW9s)`|mD4n|=i9$$pMO$20G
zy|SftZ>+#q-hHd}q^~u*&&q?VL;7i`SiO&qF2#ZQ1Rs0I5hoG76SP>ZLrEm@!LQB^
z9Y~fo;pLgibUJi;(xEjg<Yx5~Cnjq!!b|8mQMSM)-k@)Pe`!rC0$v|>S^MEv7WKe2
zeJ2slXzxO@8iQxg4gpg>vMwAl-Fi)hKHU4lLtJ%qm%_YBxMdH+FGcbiCF?#VDCY0`
z1xwGhZ116zH%WVv7e^vsSRu>0{0}3P48gF?sOt;zc%59~P-n0gO4F>vGZ{xFU+DFT
z^A7FZSfqLr{VH+B*8YkS{Xk$pM{oWU7pFoKq{=s%*K&?<XCC|yaA!>@c8k!8ut|+}
zhoqms>1CC4b^J<xt*=not0vD{r5s$*F1x^@r+1GNghqK#2LaV7O^=Qqq*Dfcxn-w=
zT&ZT&xL`R@Zqfzs5)*nWJL7o4Ozrh$;#b~kf$|$C3=BEDKkXR^R_xD#!mn)T*(qVV
z`*kXF^j@!*bc4bib@@(_%kGH6{d@RBEW|yiKH}G4*;!u8EiDK>-<9Ex9LIBB%YNFD
z)MTYq4V#%3sI=I-o~X!-UT~SAmz(w^p$qFTg$!EWH;&&v?F}BVtX#i#sp8ie{+zX4
za^UHHhz1k@^Wc{9HrR}iAe>zT-kj}21!|fBDl)KDg**R39?Brq+DT((y@<X)GoQAY
zYT(`ez8?B(l3`}xQ^KoCTS<in5k2OTDSAogjIB$Dx2|4KyDcbA7x^a13Lg%3+gOMv
zQhq}K$EQRVTp&bW!{71rL8D0m%dPH7PX0Ip57g?~p(9&^``|4vkz@DA978_4b007>
z4MzzJ)+JvY=;N5oe!H37IQC`uNH*nX7;u~Zclq~rTYEhHT#a#}+eb2FmK8kctaXlf
zbkhj<)9VGNaWh2VRW+^kgpxag)9G}1KPk*(;aME-4^qqW<p|`#Y)|@8Pwye-GKwz+
zDTSmCgb;o}w;o~mbCMyi<;V4mjbaUi&r+LA`a+3Fd(TDa1TU-b&8P=-9~LR61SVvn
z`)4bD?UoJ`n?E_Yq_|EbKql{snMNQEG~KtJJ5FYUJu>zNq|d|34Ew3C|K|qz1bOPh
zpYw7*pz+SomMxcq<Z3|CnDT#dmchlZF*G@t5b>VMXZXnUXEY(JQIfPVp?b|WICCJM
zCvpZ-&f}E)<{;{$;3O8&KQ!0)qVB?+g-mOI_c|Zr`)ej&+EXIA17cX0ODvt8=MiGf
zMg+3wM1!W138R{`@GX3nFH>N&ht4V{LEOC2bg4CPsu!7<4UXD&w&^~;cNyVDRFs-w
zuoZJ)1hb_{yTTXJKRB-e)M6he6%(rR*z<@PBgMmLf(Qw=9u|n-q4w7SRfg194tq~Q
z!GjT}Oa^J;th6YC&kU;~TLXKT`8LE<8NSO3`@CXhbmDIAJ~<EF(ZWp_K8@v_LqvWd
zcZ~Ri4c;|!{5^ijn16sMsjBSx$ermHO7u7mUd&{zm+@1}mjiELK>L90rKU?GY*%TU
z)rmz7>5W|@UMDSc$(}we<MV`q)jPzQi67r&kOPId?M5ESFFM%C=WJX*RH@Cgzausr
ztpf%`<8Y)tEZ-Qj0mvH>Xz7?BmGEi9@YNeb9wlI`5&7$04^Fi|)I?g$dzlMr#<2c!
zagWR?vU&dg1DCCA1&sC;<Z`}6csMU<Z?yOFkzfVn`R{L~f`JFcRrzwGm{cD(!(aC4
z8tS*j`Hmw9qaYoz)q<ELOv<rDZ{#e!t*&{U-X}P^P$DbYegu1xGaR3TeZJT4<M_Tq
zT9XHc|47a`l3B?FY0)EYH*qA6&wEFxNCAfpi)xvN2nl;p^>F5S+#9K1ubb*xx3~N8
ze%W+f0)%JH<HvQa4>h6J*T{fM=7YyS^k1#-$taf(T(ktqXxhW@y-8_AL;zclHS*y7
z#8CfS49j3$T3bZSl)bc45W=a?C@qA3X@*lNg4fPjS-K2}P48xM-POoP?00Yo@iP}u
zBO!_nkjFw(#yB*hIf7xh1&nW;b<KyCP^gB-hi+e|5)Fv-CLf2KyK-PJ?#GbJWOU-@
zTOrcN-Z6aKL+Tk$b!)iad#p*tiMpA|bi47y)}(5*yW-)`(n(#sT_C3Lge2;DsQ^@e
z_3x9o@J3!pTL355IqKuhr=Rp5UI(g|K;V0Bw$;OA2uhY${o%3)sAf91^EX;jWKD8v
z`1`ouP8s|f1TgBB<d+A`bA(}k9mzqV;Aj$>h*K<JVB3V<reTTtWMGd-au0(D0`^ME
z{MezuInIH6V)I2ifG3QSE7aI_kF!k$w;v8_Y)_LxDKMDSiWKyco|MBj&;s;cHjjk?
z9-eze%>=o&{eU30`<R?8$d1hX#ZMrlUc#+x-ReCIOvy)PRF81LX9-I!k+Xr|D_e+o
z`v2?Wm26V)PQ=nnC)DMm9Rbz91(ibBq6YmBa;byc!RagtpDJ-22<M}E$j!AhXRTL5
z^bo#lBu4UB&oHS%)E~d~GZ8gFO0UMB&CV7=0&LqbC-}%D;vYfj&z5Y9XSo52GSIDy
z|G;BwtFk&-S@+pU^6`X{RKnqek`wk$?6s_mRq3blL@dh4`pvtSb!<SnAgFq&2L%va
zq9(89^wiPtQ6=7UzJpI$EYWwp0>sugg$S)Y;=mEdW0Lu@Vu##G^H9mche)~-W-q){
zf$9ym?0^jV@~nfiqMF-H+o>J|HBJHMDTr3@$t<9!rqQl6R92gz#kPe;fgQ#4>lX~R
zo_|qumjIBzihi@mTl3*@(-+cK99(pyRi5zC4K>g)agJEhFsum|k)UuE6DPZi7xWVh
z7kfmG<HG@)H4Tr*Qvfbi&gH9<`156()wdGE4|*}!w)8SYG%|nDX3Ku-UWZN-{uFW&
z#w4__J`3(|R)!ey-0*3#l@wQ(mUKVLxTaMCPKou9elE-TIj`R8{kp%^k9-}^<fSQx
zVC64Ls&i!I$CEi{e7Bh6)xC7D1;})I=+%wvj{4T5hXl1tU1K3kw1HJ0Fn<$2M9|3=
zly`Hihl97sXm>q=We7QU#$JFf%m~5irZP=@>!#P@5SggAtCpLn1N$9LGRbGe*eTlN
zuA}p1K!s$uE^!^n^L<mp>C$DLOT2+BPFZTAnb8@3npZt17NL*!oMEP!6H?W$qqH@v
z`OU38@RUis8N-h?0&w%W{6+bT>lCM6y*!Uo(y}LdGYp+#)Q^mLkHM07RDL?Tclo5A
z)%|Z-6d3tYRw$sKvRSLCp!6su(v~-(k^ARFW0h)cmjik2NH9xi;$00w0wvc39y-Q!
zOjgOVXMG8OJ8dK%bQ%{os$-Vc-mbUZC?mCJ_1ra6rD;lu=69!&38x<Nlk5PT564eF
z>^Jnl$GK4jfAq0+^=Gn>#rDXJ3a|I9gEler_rh6gY5TcQHSsU&a~DFs&AL#HnNh_(
zVJp!<&m|jH#xg~u^z2~gCg~?qHi=X*^J3YOzPrIQ@LOB>jO0_l?@%fCi#6jB3=~UN
zK*sJ1&IWZkP<eRn<ob0OVKuxjZH9d6Fj@xgJdH=Qq^Hv=tKD;)=pj8~#r-_aX`{I*
zc0$Fmx;F!U<8O4!AgSSGc$K4*PV{J-5lLcR1p3^jE0<3fnaGZMe*Z>@$9`+GT8?8p
zTmH&xt7)a=<f%=&__?*Q!O&8eDgFQFOui27dTt;${<}N=ZTTj?W0UcdMEIuyxU)C#
z$M2x0AwL8PjtSWRH6IP_Fj}VIIXhlC^7(!6%cHAbATV%>riC7|SALr_PDu~iE!HYe
za%so7ovx;r1S2=UyF+S1KT})(7|eVY4noObi64ytrz+1SKJA4og6YIpeH@(UgM~m}
zCbtUa3F~BY=lL@#^_-vXwAAxU4`L+c&`(<r124EkSl-{M&n?ELD2!6WXVjrEU+yCZ
z3g@vaU>zTV<J$!9eNtz2f>5dwNJno;F0KTJBZ-lz-zR*Z%A{jgqD3|a|HWFM|B<j<
zR`kYL&~cJu(0K!GM9ye%Hb~78C+heznXr~14D6J1UlJg`u!e?>w=vD<Z9isoGzxWa
z^o<>*7D0EB`|5DjP=)Pwt*o{T`IEcV7PV1)8u3E|XS)@}<Cnemslqq(U!J#aH+r5%
zGo%sdB!zlmPCyH8l-qxw{NmQ`mB@*DBpbOBD>VpWdsfql+kVOk>e;{$307rYB0}Xs
z*AV&PMCigRC(<gX0;u0xqY?(vp*tJvOVj+Dp6<w)t@CaU?yIiBsQO;L#7y~&pYNqg
zygZhAeAEqT5YZ*d)RDb;OAfiRm7JS3@cNptaCpkGf?)l5Mzb!S`$Io+rmKc9GTJGl
zuTcd6EZ5UedX|I%lR>W^6jmQ>)DwR17^kAw6(TxKFLVHlTo<WSmP>Hj2?0=jryoat
z3ClEMzf$l;r#m#7!wQ>?N#qi8f*@PR*0?8O*4@;ZXv<?v81bFl99|+d`w42YPb=)>
z00e2Ko*!VFw<acpC^Cc4B|AOKiaafFhg14OdtUU>Sv#X!md>N)CG+R01*_i(TajvR
znR~-vLM;C#4Ejz!zur)?bl6SvsQ7APNNItEKC1M;j!$;<hJcv7Oc$9o_VVuSzk{48
z10qUE-PinQ4FA36zfBtqdEgar<;z52r3EyQxj$)TsJArm1V-^{WjZobh#|20eV<in
zSjmU~--St&53FS;O-)F%M-M@ojOU4EV)>kG8|UHEz4HU}7kjy&)@hT{aBx(9RWxEJ
zK#aC6Sg`|RzX)y)j5ESk*5)K0K{8qCFzq}3PH=i}jKO^F^Q^rj=Jfa}wen;Djr@vY
z%kc<wS?<CkAkOIbTzkx(@8)6^UesJLy65Yea7b8D=h+2I?wC98fA~i_#MuFK+gxh%
zdY|vDZ)Zs#;GZ7&iY{M1MpHIo+xT(mH@2%T)58|oEiXIH0HpW%&!+kZBENGc2%03<
zyU?;&f>B<ShqCCYD++_(zN-6oEGkknS9ukHAZhC`zL9$opf(LLBvS4_<{WM<ZKUf0
zG>pe@FXTP%#L$XcU4FpykKz(x^iGot$ZU<961?H~Exr-wKa0vM45mOBekk+F@4Lie
z5!7FlSG{-MEztDkIxh~n|44cn)WhsQ9ao<*8L%1_9;DW;@jyX5AzbM&Jixf1`y~2?
zgDETO-?Gr*6MebRS6NWm>shr4XaHK<eHTvl3lFO=FKkN@768f6aG`nmMSOK7Xjikb
z7p%}g(z>m(0>TnmyH7YW6BGZRCFYTo?g)OvLecSNfbFyozGNS$iI0N;mgH(%TDCHQ
zA>KmBdSB*e+Z#&i#YJF=D^>Vy8iQN&?M|M~FyYly(^z;(q#iG;o@EVibR)Cb-U2s<
zhlly>#@VU<20wM~qHG)-3U%W3$IBtX!(vZRGn6{2RIX=~{fDc%My1RSXAkf7;JdD+
zKf+fGJC^8cewXLCqvejl(^u9E!w(i<<ag-z84;Rbe3J3D6cU_=!xvFIu4O~-pdN2Y
zE|npae)5hyFAFNi8e_dk7t0(efs!JyiTI7am(;A~6&bcDHdAoom?Wrgo9b8c><DEf
z^z<f*FCtGiyqzC`z!A-mkGCo`L?&N(hQL8jf^c0;C+w(paPh$)a(ZgYhLAzR)cWdF
zD++C3UqNvo<bd*oUdtZm0=2S8&U_FT_^-c#BRk#yx)6~8hq)Z2ctf$|Oe9=#*D`$f
zyo(SU_j9=T(vcwMvgmf=#QU8%;Ng^GTg0~C1$zAdLrnCU3-$bw{pZ)0+yf^U+HAoc
zz%e>{Y{agzl+U%(dxl@F*2F_Kz;n6!1Sk6Hmb~3C_%5|nX~1si?IgM_IEe1E$d9-L
zIrput$#JB!uy^oPF3)*marZFgp11bceyZz0FU%1Vm~ypvl}nflA;o}Vdiv5pm1KYB
zZpyi6#r)AVD~nzxM!Br1%^J(;1@w~M?{2UVIjSD-H(f_({GJ7;{`1#s3v7?O0n}Lp
zhq(WD<SI6y<!pW~JH|v{mofxx%I~wG?qZ}+K5pai_NYDXYZCA|i*>4MDSv8Ry|s1b
zyG+=!m|CYvgO6Ivc&m)AQqNON==DPPeq<+M$;1|2I563<g6I3GX18p2FBKQ(YU_g;
z0_)~RZaP}<;O~X2gE<}dP18%t`pSx``hXk5AfF^%{NQ|vJdO&C9j>3IZ0*O6`di~z
zssFQhls!PwvDt{`r5*)DT!7KWvNoK_6|8Oo9Pk5h_BsaIDi=U@H4U-I&0ROr&7MNm
zDKToW(sm{xn<m37b2}Ek=AZ1jr2+V(RVWqhV-LHtLdp!#;^PS$-5kTWv2F19=BlB)
zTLT_~r_kxgt+E}qDpsGb3cvS23w>zB#90baP&-o_xr2V<f7S=Z#%F&Q3?g<h5b;5e
z9*(Qk;_9S`6urz2zX;6d3(95!Q!?J~({dc%?dCXo@8jj+JXxWqGm30{wxcWvg&0~}
z(F@rdFd)_n#`pK{-~0a|3B2Ls<74xQrU|F~uD%68`OO%9#@-f5+<m#P4E@ZG>Rp}-
zxU82vnGWB+?5Z8Q{CWv})P2fwP%yu&;vb`&X}6RIcDSgpkBq1V65q3!Xs5NfiyxQA
zt<%AaYRgWDA3xZ=I#yzJ?RwhtslgHy!iW+R1(5B1y`iHfHlRN~HZjrg{KVB{*+Dg1
zjC##8C>!X3VAl0CqP$0Hcu>(4JdX&HJnpf*nJ<Lqy{)Jy;c@ziIc$x?`O|P8K@RH)
z*51t}WI|~>AFhuW3IOcbo{E)E1R6pbsX~;}H{CawCAuICQk29$sqKFO9}#-^kx{bx
zC4;1d$@ZZY6OCtWR_p86k@iJvD4-P`t+#mq0*+P6t|GyYQeE$}IdQ=<)m{|gK(bTS
znDBv)+4B5MBS?aza$zQQ;JtQJ626@-Oq!hbJ^$J(UK8X6hDnY6srz<H?4WS>tg{o-
zW!TR1YgnRl-fT19+E3MF;_qY9Jy>4^aDGPeaeOH&RQ|mri+2N9U-oBsNYrz&A6sfE
zB8w1=aQJ}Km?E!9-HV{4dO>!AzCLn{1G2I>dWayS-~HE-Mydd?>o}Q?<xz|D<Z1}Z
zy=GqV#J3YeQF?Cz#(h#%MT_%gXVd!8Y_s<S=Iie5hqKy^9}@I2eYSD1a3%3ldDe)8
z`-GnmCW8!4`~s_xbT=%j6D_-LS;DFfzyg>`_T?Ap#i!hStHeGUkz2s^k0M8q#Sjw9
zP{8-dVJhH2C_pwC36BzErYQ+d;}%I=1xSjw39Fi!H;{uUCCM7huh#~jB)Kw01&O5*
zYrF32+t_nDM&u|q;Sh>CSyL$bLnfO|IP{QJZWG>A0Ff6*;S$Ky$H|N{an<h%SO~ja
zvdkFLz4<&@P0=2DR=1x<){`cbaiuR^ujeO|o%_wriYx)xgGdc<m)K%7Q991@WFQhu
z+<OK4AN*wzQLQ?zKg(lNV=}u*Yhw551l7_%_hIpxXu%Fl`OYEP>j*f)lS+jc5?2LU
z3{>U-F97?DV)W4{g^#fbN4lfuH!NJEy|sYB#0G{i_VfjqU-W{|d_KF$;2n5f=F<DF
zaT|-ThZ{YOD_t~dBGEH>28H-OQMz(inVK((*uw~gwqZ06P52Lr^n}EBPYFxT2UiQ`
zN)xLa2Ug53y7rx{1~+jpdH5MCi<F4woo~8kQ-7@R@1WOT7>};-hzSYLHVR^1&RWTE
zsj1l-Z2qaL^?6ulnYv*mbIt$gC*`ZzU*m=3P$WOls-r?^J#?9lzTy{@@MQen|B?p8
z^T};a1HOs*%DZJ78Pr0qX$!#lj)afIjxGV^pp81U^aNE+^R8uQ>%e~(q>9<|2dDI7
zH|6&=r#RlbX&jd@Y~!_q_&#3yq$dwL<|2&~`BUTG*XiVw@{D|Zu(k)Rby;VTKFY^Y
zDt(veN{;KC5dM3%<kgPfrudka{M}qPGI`xnHE7F0)vdLUsZx)^p8R7%P)Y%P7nOGj
zRHW5B$#KDH5)<cmF~m&FyHmcN`>ackAI+N>Y^+$6OC4;rTdlveP<r;EsMHuUP4;qt
zK|C3i*LvD=GS{+ad8i4tZhu@O@_EyT?mw;p3c-GTMZmWGV}_>hYX?kOoO$~U-$W&u
zYraZ`-@l2gZml@>%}xr`l(*_q_z>vkk#({DlNT^QNg(O%)qD9*BQc5Z$VcJ1e_UF|
zNVWeKk3~MuGUi@?L-RAhZIwaTfc-^#=(KP))dxSkWb!ti3glX0A)@jOpz34*oTep>
zg-8u>`&tGtg)#i8;5Yy%<9&=ByJc)P^L)2gXo@!A;rn{MKzAHxIawzI--fdZLi%5t
z`YT0n=X|0=vW@0^Vah=T99X;m37>hZr;p;%57|$tx7W_1MtBWYR`VV_i%S(Wz|%##
zMUEBqdhRcas+}z~ZsdI3`LVe)^*fLh4OX(qab7625Y?Kw<GgQa^!j7QB(Lr@ZD!Oh
zvr_a!K>`HR6=~ql+{A>^3q7TkyvC9Z7!lqXtp^Y2S}M%Gv@_?hBh_3SZESLH+Hrzd
zRh=X@^470BSgaUQaX()^IxT63ppwk^35Wk1)XA^FL+XskTE1agOOmYAcYR@NPYWD~
z_dih<{i?;bo_2)RsjNJFxLl`ATnbsc>v<!j+8JyPrkL{OhuX^(_9a`*uMKU?d-~VC
zw-J&$s^g6NLhZ~B>KP5sy5;&B?BhcuF^V;{UP6fHn@JIhp;g>8H}30&MTnSv+aofE
zW{!%)2@x*1_bR<7X_9|U(SDybMM4%QYlo7Y#N6izO_BeazVvq88o7Cs?$e6G<S5A6
zz^g^zs$AckUd!CcFSu+P@V3Q%ePe!e4U<Gx(rZ1gI=tX<+|?^p$J6shLS&tQ4%Qu)
znw6+B3|W@Axxm!h|3vFTye%=*moL`~VhtU&pkYsMwnFH3iOeBoUALCqPB-(O|7dZ5
zVp|Pn_P(l0je_%`&iCmot)~Mybc#_JowX`^qL;%~gK2>?`ea%V>serj=#8G8(lgFy
z?vSXAJ&@l3X)*|8FGqye+$&71O^pz~h;&^r%!1I^^U8(4S9v)fIp0P1QYnP8`|#~W
zmo|G;oA4ZKN^w)v?)>Hg08t^d*wv6fOwPiZ{SCdpG(GTR>zB}CcR;K)MWh|?WhU7C
z^9F}-kUk~?ijJ6Rfk3d!xWG?`A6g&ueg(O;9IS$Oqy1Z?{XGD9Ir%nYbphtXF0ql<
zvXN2d^OMataA(-UriGKf-MSu<6gWwtOsb&l{ADHmZ2Qo*%doxxT@cm68l>m#i$Vto
z^MNO$8G^g^d@UT2*oQ|gm1&_hBtG<<iES>GVk>BEAo*;w-qD#nLQnqkBK?!98F^m&
zWQRZ1<?x%U83>n8a~||WCktQ_`%kCX86Z#0OhTDVO}#oy*OF4D{C^bJt9p_z<Z*`m
zR*($nbT^2HV3M1Alj_gCHsG7O-2(9Ms*fKti^-~g$jA@sIpgFFWrB-cD37iGxcr%K
zBI&FiK+Yl(%&X?RjWH%Kf6vQ(u&<EdqW)>-<yXl}@7-Z7@YhE~K@eHflUuiZN<RW3
z4K0AdXQ9{h(1HPv1P>FFjEhIy-YR4SMqE3o*uOa0r!kiOk_)mFHfQ?Cqvp{fjn{G>
zp8s@-ec8f$@cOx`Z0iM~N~W9TWb=B8CFSp5bh^=fLl?iDwt-!}XMICo_Xbt;bijpR
zSEy`kJX|YJYue20cnT!W6AL&`OugvH1jLD{8U438nXd(ayOjyOZPt=$Y&nF)?MW+m
zF9^rwJJiNBeAu+Ur>>yzG*BDMkeAGr%YdB>4!RC>&lPil%<^A4f)rK*qSz_Rn)~Vp
z85vuc>D&}z`KQQ=(T@72s7wDQ+0`$~;e*KNf_EEvj^fwQ3X*`+z=wXzpkR5d|N23Z
zv+gsEEVyzM2ke-%t8@v~0VBd{9q<Kp!KNHQdu4}Qq6)$B2|y3u@QKl30f-Y&%g@7Z
znM|*N>1QW<9hSWWs2CDhZ_%`hzm@-g@h|=*V*L97urM^F|8GkFOZ1@qAEL+Fe<6DO
zTmGL9NMo}33R8&(MiFSCcQir6Kc+Gt6+cf)qYR+99Ar?<XxQ_;W%525)!}scoS=8?
z&Mb)TFf^G1E)UV&q^$>JtjC?#+2XFa7ywcTNEF)au-qQucX@dhJ#jbJ08%GK3J^hz
z;)8*NG2oo0hY)&wO`!zo`KW;74@ekVbyZcw*$W`AC!NT>X@TmSjoz*cm<glB@X8=f
z=+U2Nd1Wn~o}S80AOXvRkVded#Z?oW+(IMleSJk=fW+ZI<1H!et?x21BCxOq!0H)w
zksoY55@m=X57!!c6WP9g&DmqbXC+WJH84;hOd=$ml#ixpLyaG>NuJ<lYPNyx$nK2W
zQ0Jlh_Dth$F5{ONdU0bp;*(AY!n!Cz``1QW!X$*);EB|LJ4sKk9=$iFIwJ=f@D7HB
z(<?xD!9;!)zMg2j#>>0HZ-BIz;5XNjSPhR;5r0&`D6TDQVlrK-Rbb9Y_{Pr0rcxB*
zl05zC$YDDB6=mP!4qTR^0ZiOV39JVIOo8Tugfc;zF()qZsls?r{elRDB5R5f2Sm-%
z$OLI?KBx@6Pha<A=1biVV#IOp!K%wV=q;-tOhc{z^L8p7?K56p_jnkGjvk`{@^#bh
z<6b?0WwQEA4|^d7GNL2P)w4vB-$a<YJR7G3;YCGqbF928f(=;|WS7JoVvG~Iq%&Mc
z#Vq`E2Ei?lygAh4j80k;M*0Q`D1X+~8RvlRlA<hzNyYC#q0j`7<jcm42BzuZ4M$V<
z3tIoHNOmTaC8|Z5M<`JR_T;mn^^`>$XgDAg{LfQy%x1kzyZ|?>`DOo!ixP^Pg4A*x
z*;_U9<2tcA<H}0KjrxAHNFyeIe}4lKJQV;2ACr@LxZcgK=Xq>*>o&+-iB9Zpul0r3
zurv~c-Sf%Ve}3%!+qrTqD13OOCQ*FEUAe?1%#k~oF-zq*jj3c&jHR7!nWT!>UF@W?
zf0_^mdsv0|)wx@dzXW<gJyRfmK>k7E)&oPJFRDyzg_^_^9F(ZU6Oe8XRt8B5Iv|ED
z08z^o5rIk7EtW4Egd_9g31d|mh_!d)wpReu6M-)B0h8?05Lv8+`ijY~HU3rxSTv-j
zO0ITXu>M7mdAeH()4u3t&o0REY($O$0F`p?F#OTg<kIqe*<}NOW5W&{ba~kndvRi-
z@XmHyV1qLd)HeR+@hFYV#H7GHB0f>M@j%LH+gKBm>Jyq*6EJ%#M4N|QV3-iMTU%_{
z>K5fYVMg!eE`d$ZE02sM-z3wEY(@I=(n0+_x*=g+JwL2kNB}yED~bxVg7ZfH%iwe$
zRl<b3!YLiU!BSUA21Toqp5lrau@P^?B8myXAng<G{#<{w@Pb>+T1iNZzPYH#3B(9`
z^FZCaDJK3od*QGPgnBZz@)FlzRCO(IjvS&LfFGXx-K>UFrHo1Ct!a7=!G9O}k~FT|
zc;-0~_K+qY$P+*R9)i8!LpvogN6v&rC2K`k^&b1gEa0fv%^^gFcwQ;i{{{1yL|7nr
zFA0S>d=9hXi;isAS>nE7f%a-u-jTg;G(-v*IStrh`S+k8d+EH<j)!od@iTWAM=BAg
zIxq3=Au2^Dm`FXF*?ivJyn=}Xh3wZ1ZB)Zq_-KTy^W-<a!`Vtyb}RcQ&NEXC3<C^x
z=^Hj&^}^vq^FXk6DZg*hw$J#nJM0C9HtLfck>G76*53Jc?RShDC6Fa!9jj43_GQF=
zkql9~e3~rVRXzHfo`=Wy`K!6z#t^Wq&kfZTP<OQG`Po3EE>W89$)gBeB}92^V0w_s
zcsUD7hYsrG?nV=M*Cpn%c()F|BUSPsyg#Dw4>-v2V^i;Ar%BDXBI@9=AtKmYqoVR4
zQX)xxq3#doD{ibLW`1#d&?la>4$WdoAZ{OWcq1YDv>ZKN=r=cS%wq|p99bfIDoe7O
zQVJm*X?x$l$ZRQ-$}A_D3=3}E_-<W0rPRc~9yt?ni{ZHi|BsriP#e6;{1oC?$PU=8
zlklvP&jU=z1fd~H1KKqOz#i-|yTr+z@n-9(S;Og*3UGP8@kKXYbw=S3)5w?o=NqYT
z>q|#UCDHNtB(rL%-_Bex)z}F4*;@`8T2L$PZN(+pkJVJSS{$%c&cdyq+;<YsJ|{uX
zrU@(5b48;25234cbRxDoNEb2DSbbzBh3H^JL>O5VQWNT7d)LxJh1-b|FOxwht2Rl*
z1Svgneg~1!$#@(@r!EQh`vdxMfvUvj2e+#I%&v#XFe^<1W*?l133`7%4f}oEoSy~o
zxQXs03}groy4+NOu9AihyPoA7Gs<vhd_@kj+uYD(2LZT-TM<fiLj)RekRNL}Tu~92
z2=4rFSHIrEi9NoiM6xI;G_UH>8(}B*K45Ep6E@^4wm@1NT^Y7!tVtf5d$4hk1?Iv`
zNe^2;qaVKj!{>b}(erNV(k$wwgK-`X2;r?z>q6g2<9lE1=CnR5bUD70ILLGYGd23N
zxWFs-@w*sN=Z~xIR)J|o*ii^9HGMx^o(Om$L%HDROxABdt}_^b1ylGHc@zY=9@%YP
znCQGsiMvP%EIP{4CL#ZsuhuQw@qd|#=!O}3W0SI=qN4tgZ@`KVydbe)P{;p^KL978
zyp;PK4%+=6FX)Ox_1e($mzSUY>Rc~e{#EW8AZvk2B}I*J#Vl6d!3|~NLHkHgLH(7n
zVyMArJ^l9@IJ|N;R398w#Qb4nDFHwy1dHk(@O{azZUUsSP^ReW*)45g8%e-!_lhxw
z3sQ9zVSlYZdV9Lru*XUEnGlqE^-#EC1@M#6VEDfe48Rsd*8o)LBS9;yJcn5~6Kq(R
zlK=Au;C-n>ue|_&^82@zfKAJk{O`BUx@>?bjXIPD{@>Npf#VmYEA#I+Fx}q))6Z~7
z3#e=UScW-4`i7wNLI69DYFID;Y+O8q!>KxzNuJ`hE4~=Ov12<=fc*@Xej$1Te^n@;
zGk{0@htnoSNCSEa9I(>(4;7x0)wHAQ{BH&OAlEajJ@L~*Wa8n#LH$F61Ftw<;_o-o
zP~h!dEcS9G-5lLC3eBgwsv9RN5(Ej>@A>NIv4<IpbuYXq;Qn|=(r*^9_|Wlb^I^IR
z!1$T0hRfd>UlbmUq$pC$j2U<ug%4UqjMqmx4``u{fS-jJB#Jzx(;y$YDq9zsY^{ma
z@MT^B2@pq&zzRpA*U@XeiUK4*%>ed|jxFN4xnAMaZ8=%MBmIuJAi^StOYV})x3shX
z8IyFm>tTS2QLZ`i<%=MQ-6SHsT>)2E_C1xPznD14M<_S8+n*(xnmr>n>zpqS7`6>x
zG<A{j)@nbj`EH4y-f?izmqRXeKZBg<M2z+#K}xigf0_(L)g|Swk-;TPVbG^ePT?cN
z!>B<`OOP2XuK_UNx@pvF&^*SkH_mY?m!J#fNf3~NNYE+uU8$KY^Uf3^@;W=2|GWzF
zW)w&y0py{BRs{qETzD|kI1#SPiato-RazG3%Z543G{n<S+><jp_!3s8xd2YNO^l8A
z;e6BiiBkR)$32OZ=m*_WME-OOsY1m<fS@|#*ApO*J_)~zWFL*);7CBzxLg6<H-XwN
zt2gzf1Uu^sK(t%D**W$tLs-letHEXD9gr}$Fn?PU;V>yf-T$xwq`T+C5UuvNU$qYd
zKrnT-O`uPh+MCn~^8K|LvT30CPrV({_#RXOfTI4{^hcY609@V$%qAQYAl~4hg;+Ox
z@PO_GaI*O`s37mP$XHu>P>r=p{-w5g)RkM;3d<F;o6)_^FAXc#knRr3hjCBYYIw(o
z+!$HC{jp}tw{EeYtZwnT;Kx`&xf`7p<3o1IV&{262FOlao)F_PC1_nhd9sgGSvgB*
z*v*SIc?{pdH}KvLwfk)HjekdgNcSX6^(|Je$GG|##l2c*Ku)|{5K8gr6`t&qQ3~@C
z!G6;_$3+V7iF=SYkbon1!+>H}NKh~;OGx7;VkE!jB;b6E1n0>(IEA<l4m2W_`0jdo
z5b)ue9Hzn5ri&3<{Ru30URw&<lwEw{&5VJ#B`DK8;t<426SQT!a}kPCaWm|^)?m)q
zD>iX2-t8Spuy^jZ$M1YOtI&4BGAX2RQ!P3_yuSMKz!H?rI7#sGyTT>x*^5_T#y`dG
z05i4<RRRf4k{Tqlh+x#3u#uIskX7^kl&UVupNQ7dcio5M);PH{$1<Zbt*23i)c#J;
zu1yN@s*FUj(V~19zAFv1#K5~Z6E3fXNn$QS$!#dr>;6=lpJxBl?b=XGs<35++F96U
z>Fv0`1GdW<Z|XL{X9Wg8vEy?jTiTsJD%~BfbQG=Ls<)lf!;bHc7wN_*S`&Zb1Pyao
z^Lui`yHLd+GcCkl)NzG%9}H<CMI>Nl;x34RFhnC9N!1a&Q7#t3s$uZV-Q5d^FDFMv
zkZKn8!U47ln1}J4s9J1LXKo$LO_0|rE=TZ%46NU`ITIc|rvDz~l$21xdL%KR_k1|=
z`*q<E$4`#$`uZNMH^aCkaoxV~N(x_=x!@5Xid5vWyj%{Xeasby#3O>>p$u2%C51hr
zvVO-0otY3pyw=cPU(FhaOJeQ^7oi}_g6b$kPoPwC+L-;n1NZ`Xu{OiY%qL*@%2^<l
z<o@x^Qs%7Zu6-0}mReu}OZ+u?SFB%viEeEtyi!<0>Y7SZ=e_~FSqGy|&O2%0lDZiC
zru9PUMtST29k1A<6N$q&$DmsWA;iy)YrQXr-jy*?kdd2PzP>V#fV{4#2=&Oc#N#VV
zFtOIs!9sL46gSr2K8VfW2j{IK1KG7eF<<&3t%`|~gL3|61w+f;lEhl!lAH<|Hz(>G
zE4tDtV2>O#L~M)6d3#A79B-1z{>Bz`)jBR4iWz$iifDWsxM6Z;nFE$F>IxYbxE`Q3
z`KTiT?4d4!k+L&+v={TK6z+RW<B=)shPucq{aO3g)@n0<lY|oaOiI`~ego0wP5qR%
zc+%`=F;GjX*-_W7bcGFR(yrR51T3`9IZ@qC`FH9Mi=`d6o4r3yHYzO%tNe3wR=q|}
z8eWNf&k1`G$(@;yP8g|}P{Y6zs1*&{+~Kgne^W))Y2Mu~Ytrw_@C+MWQJ1pU_TS^_
zV#aP=z=KFZC|)m#8<i&4cXK6tSWKa$jYiU=q|AJ2`|)5Q#Ybs}8@za%813d}mm5No
zh!GO357wytBZfSdc($=low!;~R48&!ASIt_(5L=K7RI({k1kTSWU`uK`?Qdu1d*uu
zB#<t@%_O-#_k#I2o)iVzzs`et{`u{%6^55bbHeV}<uF>n%tqgXMtfj@7XWM(E8GXL
z9%}b#oIQ8ufqDRH{*rP-P92@A;#d1A6@YNrm-0dfFTOg#dg<PPs5CecqQ#Ad?}ls&
zso|dKd7ty)nSVtclR%#5DHH-9P2l5gRPh4$rh(>39^Bb37l!}G1#^Cz#{_ej-d}EI
zD1($>bD}`xU>_ft_zUUB2u4m`)bo~ws8a!;qIw>TZ0=2${OIt_FDb_y<_Pt7TaoaO
zg=S`5sKV^xn&i9zE7V3y3-Efb%0RD2ob0GZ4LVqyY81PJKX#5}_bv^HDe9V1%>zDo
zOUcylLz$<cRq<P#04(@_R){-p4w>cq3GXXyZgB#ju2>56ub#)E>hdPJ*LA7bM&6;Z
zsL;Rer+}_AHolC0y8Ge#CQl+aQ>DJ>g(nX`RqQ1mPQ+y<u&KW%ggb$r<wW)Ir!hj0
zj)i4jE+9+GA(W@(x2?L)o#-cl@PT;6N`g?4bW<*fek=f*1=<tf`@3HB!7HCH&yA>@
zJy>USkWgfuEM)w;Dxv%qmI+h^uF73kL0;|_y%6b=Vi=~n9ub98N#GwRX>j`_$4dey
z>$v1mf21(aszy7=@Mmc?+oTUwNBnKTAuFoo^Bp2!2c^$prX)@W7r299vwJ#3%Q29x
z2Ov&V!2ikyQ_fhn9joDn?NNC<@Zh9);CzFKKAH0_z1WOz%TO>Qp~2hh;ddGT-c%|N
z)yD+1l&C)w{67UH0TmLm1t7i8dn`%PZZhaSxcbb@{#Tn&PRn{iccw#R(cfVRJh;(#
zW{~C8PgdRH`}pfF-~DAE$`*E=&W^+gA7u5_01SA^7I6M$O&mn64){-9!=Fda2K%28
zJ`ns$Jb!lEkKF$2ho-k~8bWTI+CaDk_;gw#`?$M+{AzQ#D%46WKnFw&3H^72L44#^
zAUN*Q0HIeHw;{+ROeP7KtTjtxgvaPKlL}AU06|i52}rjKA)GVQ13YFk!&{F<9OdDE
z#<6mE2?S&KK@{%`ao?kfL~|QAS=nG_ly`9};JtsZbRR56i{#62IW#<T0eMkxjrAtd
zQ0ySFk39&|+$s8PNus`oqi0Y#J6$Ix6^V&~!8Hun%<Qbh^Iy)~@gG$wM}Oe#g4S<x
z?ArngmvEhvP0nRT?cFSLG_w@sJM}a-!NvI6Sdw9>W~_B_HG0U43gn<++c7r;;7aUw
zzD7anYim~;PgKGEG_NRYR<h>X(fVVzbd0=y`BqeyrT(@pa^WZg@)cnA<hzrRny)|A
z(IF)m^b5zQhP^GqpN3^#uJQvGnS;50R3!KR!`WMgRoOiOzkAc&ozmS3NT;MUNQaUF
z(p{S_rA4}wP(m6}8tFz*N?JlXB&5#T_|*SB@A-1RJlAu{zSq5C*4(pZ&HSdQhQ4-n
zq~*F}&dwgB73TJlqCC5zE#4C1mVYUGD>NxM>d+j1tC-6T4g@iuLrYsONBqSQp<Hz0
z#V}}w$VG(}eOL!5>}n4R3mn$!5LIRh{QGR2KLS<&)7o&heN!rgA+)3#t&+_d!`P34
zy^R<d=@($5->IlSOH5dDX891<R`gKjpJ6j7z!-utoSR@p!`bx@bo6>{irBAdjXk>=
zZ;v*&VgTakf<Z1C*YTjvQOMxBHzD%L(Et3o6c4qYx?Ao9EIEse%3=E39ZLRIB1Urf
zz4<%Zzvc)`C8FV@-De*>s?f^u2<J+2(_;{}oBrn)EV!T^MB1X-C)XUb@=E#<)o`3=
zv48!-BW}fDvgn25uU$iL2Vr|@O2awpI#MsOu`$%Af)V*|--~@v*3mlyC2EuR2X!_U
zzov)5v#+uA*M-;TP-mi+#h!H<V9ty#3v!tH_sCWV(Epa&`Mlr%NN_#C`sdr+rUrQK
z6I=6QcgCLw&qR9Ih@#~UpLn0H4L9*<MW9}<N(vB*d^l&$FA2O=B{4rAJbg@7qdy1|
zpu*FBJ>IqFpXB`@r25bNPQGA&u_QyAi)z;7B#)7kjzK*KARzxfUH6&y?!CR9_47fZ
z<Ed3`B8b<ke<$Q);vg9fm9Xi?%F(?;_>krW(BV1Za2=x~L_p99&qvO#U$Zd_k`7C4
z+FM?*2>ImaR@_(2N;;SO-`5mAo?2Ns`aP&aw77fkKW!{W|LL5M^GgW<V#E&(|4PQ>
zi>SwB85yT5M_($kP?>gjD0t6_T!Jqa{$2U+XiO1wCE*eh3m`WTlskARA^)RoiT6M4
z1KlpeqqQcWjaonX+lMZA5%SlffX~@GN{J`%Ug=x$vk_p${m;0CBD|b-Kg$V%x93R+
z=oT*S|M$7)@J{D~Y8msnb<(-%%246F{|pw<>`fMUF2N#uv50`mELlTG@>Y4v6GOmo
z<oiJ-;GaGXWnXQIo<gZy{{1t7CYWbuK^|Ly^y*Qv3jBS@e?~$Brh5JA?DDTI+~mY&
zkM#}BTQTjAsDR<H!~W`2>hSbkVduHkBj}4I3TQmuzi(Jwj7>QT^bZ8k0R#zwLOx@L
zMd*`%v>6)h=me0mmYeZM`JYFhB=ca|!e4>*@5n<sz;rdjH^ptstpB#$*M=knq-ZG}
z=sD2SO#dpWCm$ZPJsJFWv8ZThb9?5#S-!*5qU{`(c=VO1^QxH{L=K?H5H8Zr39a8W
zomNQt{mcM`Ids_~hsk5FgLZyz(mtEBs(;7qVm`a%h2igi-F2ad<ZsRHJ`n<WlFQ-p
zw&CZg5tYryX!sqmkPO~p#p|n}gGH0LG+j}i>`NZ&qo*j1x$Ax#)r}g<6>+A?42dPk
zP{GuKZrI;X+?<S3$N3h9!Yki8SXkn{)m{U{h#a^dgP6>hc+s7q1QG;~6@OM35%l}=
z!}XI;kXIhe3W9&(35dWuQQiiwLyIY;k<VJ^f-+wl*)5lUS>T-|$Ck5umk4r-NyQrH
zT_RL!GQ~jHp&|$GG02dApaH#Ju)Z3Fr>d7e5`S7RKoK>5md}=q+%axol%mb;jgRbz
zo8&(ln&tUJj3rbk(EwQ(<!lZ&<`@c+xU!ysD?){;$15NK;FXuZjNh4&rU{b&kHgJB
zeWRT@w*Xn=p^O0pg{#wRpf-q15vpD`_>N6AH)<!zM_04A@wKf7YP`YyGe#Wfvpvb`
zvL`FE7vJb_R#Of3vHoN%ErB3&DfYKcj$v1uW6k;}*}@Ns@ze}NA20o)Z}WJFTlZ_b
z!Ogd3vxe)5p5%rwCSMi8^Gc$sRn8NTV+|4vK?#~7ZM}S;xdoa1KB44Q*XCze?ub|n
z<OUSS2iadloU{k8aF|VVk^|*@ZS~!lExZtomqG@AW)L>08lonB^LLv2pN=v^BP=`e
zcE|Ce!|7#SE*+F$-_vLeKf(IISR@Oxi2Z79FM@s*irNh-!9?fQtb*@Gp%%Onv#=G{
z-u;2dU8_m(2{e~|zSq3rHR{k?X$k9=eQ1EBq!)`t-{9PGzF|maYse0ANmwud-Ql0b
zt-|2dN&aY$$@^6XpVEuRY3e{iym8P`5ot>Av1O;ur*&`1_0Rg@jEq57OO8a>2lh7R
zTv<ma<rer(%nxD6C#s}MRdlWiB4k9G2bf(-Prz3+L7yza$d8!0tTvqpu^4d{7aE~3
zLHZ)bPymrJE5c+{QnM1+t;BZ75g-=edz2C^J)Iq`pUbwFE;|d=t-Le;=$gAB-xwMZ
zrh;9PTDrP>SM2hwFtUKTVi7~w;{mGEFWOGyE>U&r*Jt8BcVb(SI^k;{s8i2jnbc4O
z67+1C&*N|oq@ojR6C3h^stJJE3ljO^aRDFkx3I|0f0))DaX9Uh^QPRJWkBpLFGCoM
zoIvAsw6&=)V{RGk0L9m1&8C1^GHR&mZ!sErIkD12%+E$>pa8p%xRyofU^-eKAp6M@
zPXzgj5IGiHASddXgUEz0F96VjCas^?JgQK^F|C#4H?}^OABt*`K8z2Y<ZY-~;3+kg
z@UTKfPODpbb}j~nmOa#miUJ>puU?=tmDb)WMm4Ac@&#7V**0g$Kl^`Mt6us>1gzot
zMkM?5teUwpW*<_+uQJjgy6*G4ue;y(>fc8$l@UNIoE+tTY~eb+UdW6lHouVkG@Zfk
z6`J3&jFi3_I?8jieC(Ga&{*!^?>=yiNDzeEjg&!4l2ToHguyGHAxXK?4><v!?<3FJ
z<Qkm<b8s{H&-6t?9`O)@czN-ALVdox7w-HpJb5EurKpBWtEfRPw2sX)O+3PlCZ)mR
zAB|kXV<jeE**0?LRN%p_e`y_A<f&K-^!?-VbaZ=eIlB<vGG78kkTd%4OTa~DS0$1@
zyVzc+=r`(T0;a@^k5^3(;UTPlX(aYG(=do=4qoG`c`RICy}}_c&<R;{*M1^}22$EV
zJhCYfl%{!^2KQ@&Ajxu#D2cRfp^P&q+(0GbN%U#A%!_3PFbSCA`J6VeguhSu58VTR
zfiSr7yWNH7B)xEUkj$Le1)TZBSp|3do9>DZfYZh%=z-E3oLjStw3EOb6<%#eCs0Kt
z^j2qH1D)yoF(1K!;B6=duLd8KCiUufNE<xSius1+#5&-lQ#q~%>j7Px);Xx`P;hsQ
zZ_n)cyKw7QJ|GYMy9QJ+dO{kRtmF-3y(O06m5-UR?y;kuc+bU7Lr}`lDDqSVm69d}
zE{Sic+fhh;Q($DcAvutyZ;$T#ANK53$ydL5k8^a-C{6%P;8Pi(34H;#NXd%SI<R0Q
z^!>l{srH`gs0299HD{GW6b}h8>j?!+d_rrd;7pIF+`mNIeaJsT7Jl_%YTZvNxJx4^
z7{%0jz_L0}d^rIwAVslPfsQH4_6;tCGZc1yZu~G3mb$1>^w~U?p7;K7_YsYzERYuX
z0x&0v088#Ak$E5<dXvSKs`s6?k_4XTDH%I`+{ja&GqlPCh!{h4(jOHfxZBn_8;K_$
zM{glA%G-%WIpE2#2uPZ)7Nhj7XyenhMfvn>w##_DgG3_dUeJ~QJyD8Zv8FC&(ZPN=
z)T=ScJjR&D2v{Cv=_EEk*-uSHNj@o7AB-sU*J$??0i}!VF^-SiFp+){KbSuiASEzg
zjr?iD(L31N#fFEQs^-RX^OzXR8p7APM#>PAbPr_m{AWdcq1`&*bEB=8^#C)AS=s6X
z!eC_XLwZcG8vL18KJ6d@ejgL&i5<6t#=D`aWC5DrD7{4C3>1}g@X4$-Db5~rtQcL#
z5s%7}2PYSBZIUVX6P(!?O<+6mSTO+UFuEIEK4i?~NsgrndlYb@pz{Gpwvr8<@`|*z
zn*?TWJo?N%;rbwGM9Sg1=`|x3@Wdk4AI*9`yHXpsQ?qU^`NFm=y~+t3VeVjmF=_#B
zPF@m%!@FLD9FVv0n5)nbY05JM&%|dwMi-rKl4jwYrymcQtj+?(fuQ&fcuOD33IMl!
zJS|w5rlDvAZ|a`QNH)QE)5B#u3xJA2212j;<}0A<!Th)divP33#Dt4@eYwHZHmq1G
zFef`ZDaQ|wc{jE33J>xuGesS-9aNcijN0$II^G~`SAvd9-eaB4T9abjDMgi(TPpy0
z3?OaoA-xAMm_lf#fgvJnRJFVgYJ#o%H%rRF%V10on@i~e5t(G<j2ibI9bQXub%>#F
z4a?<d`%>m~_JuYTveMsXD&J{`Ggs-2TGV<7c|}_g@qadL=D$%~|G4luA&qyRgAHW=
zy#lifvz(ontxf0gt9Y}-6Lt)m{X-r-I$NMl<qQ}boNObp=|HNZvvnz70!u64GfrvU
z93MDY31rkghIzW(3F;06J5MR1U~s|+i!ILLLg)+}_$R&XvFg~`YW577WrG&F(k~u>
zyDMJ2<KFA;$<{hzj)#{3G_fTz<5XW`3|B|G2a{=y31p?nGb4%Ti~w1oMb&vy9;Gfh
zXVY{qVulE?nV{sqZ>!9G1VR($Yze0YO?|wj1wG#*eHl5|N;3^_Kt{$=Vkg;J$cO$r
zpYeEwBGccD3No~%-ubz&ITF~{YeVrFLzu8ezelg%c|^{til7oascS=4uXxppaPbD%
zhl*ZU1BlO<P5ep>plfE>+G4<}ld@GfK^77_$qn?&F1OI_zuC(1D{egto_=R8<=7Y`
zUfmASCMo#y@KLLU|BkI=fi-g4`*t6jHIZaBxDGNDt6q`L2OY&L)V#Gr6$7v?=5X!g
zLCR^uF0fgFtLZhu#HncMu23|>-#_{z9RPm<{3gN#&y7>gy;7BkBL22fbIE7`g|XH3
z{FwbmL(7FxkGA~h9HA!~+z1$zUvhsgo81gKQK=JGZ2&tKIH;BY5|plF@3?#|zLCcH
zxI45VXeT_W<pnPMTznPxE=m7bpe^r;XR<)fX8Y9R3_czEgq_0F#$rC<{DF^0GWl3Z
zp~zF4@%(}$)V{Z!@|Oy@QVoIv<U=nm<Vy?KKnDXbV2&nWHOfUay`R~aO?mmqk?66~
z6{^b6pS{D9&fa!Uh1gsY1n!VuZfV+ktpy~=10Dz}lYm+A<z@B&?<Ys!6>Z#fx%xNg
z&PvJFc=F(qSGW&2Fbx3x4Y(D0VZQ@G`gk%cih>iy*mW4K+_ylLI8;qWO@vDz!Y_~M
zZSfuw0moO;TLj}89q0)n@ggrDsJ-kz@6Sxt%=Q_GQ?KZoJ5N~CE*@Y8g4)+|gb`Oa
zn&|<DFB1?%q<yC8ED2Qb&8L!B-nVLmSDv%`T)(cGP^Sw{{}}@UkpI(_G}!O2a87{4
z;>JTddKTuEq*~n<?zJ!CHLNIvf2^{Q*m`*!_aA8_oP5s|wNPzbl<#ZX6FCF^UE+}5
zwo^s4op+ab=fH^iZ=<$n<00rw58?BQfqy@nvg6P(Yjb5m#ubpfc1TZ?^*I{y90Q0E
zQ}$M$RBZd(^tD1}$=}HInDwqaT;&1c;-uz#yaECo;sii+&!YrzNh#vDq}D@DsSCRT
zqC^FD|H!Vs<@oh&uWjaU_V<hUo&&>gmhdq_>GlGw@IF~D=jvRBpa8GB5&~ykFuy?q
zCdr{U;dv}Q9YWKQ)Y@$9i&)S5*8sJ#6a;+0J$t#V^B_&LuQc$0PArMD9}pwi*n&Qk
zAw#WYL7n2&vr{kYmco-o%uMQ5b=SOxT?uxY5;piRK}-fnvYT@01_V&JP@rloXcf1@
zUJHdsWeqnQYf1RF0_WWvOHJjw1W2rQ6vZ~nn}p&f^2#COp!}@xs7v`oJm>=s;RTEI
zt)6JIQmWP<Ye9%jsX@6a2(&{gmej;6C!+9$Tr3=1tO5>cWdx|AhA4i^Gjm2uYjlK8
zkS6~Dmtf$#DK~aL*MgsJu=`R*zITqyj_Ip>4`+D~d6M*W;eFus@L+N4`5j`(wvN5{
z85xz#5uYCz&hr@3eNu<@jXP}0t2{BQXuKowLSofwS!q{TSUJu}WHy$oDM$Q=pe$-;
z*-*1hlt>~}g_#=KQV=*KaMbXc2+Jkpwg9cpE*fw3bh*M11-^MqAuH3_T7LjQ8ZXv*
z-Rs5|HCyZdP*T0#L#9wA{WV(I8Eq`I`h?_R+D8(a3A+Z&f;*RFwhAy8-Zq{`uHb@a
z3Vx#infP{N7VjYJs~uJE?($V-O5IvIU^C?{@9O>ckkAu`FYsf82wm3kAn^ErqaA(i
z`0_xjK63sLu{p0(cqJ3!*>xFqqoj^sGO;fM*k1ta;rj6np^dl^Y$^CfvN=dyUkyt>
zJnuW<zDQ+=t~1su25jjM1)5pA7QNWc^QR989=dyCD+XfRSI&<TX0X~p+aE@3wl|cl
z$u<TUlI~~g2^M)v?Rf%}QHdP~vY8;Xr!6TGm0vNi7MYSJt}aSs&rg6Q!W4-NB|}PZ
ztyn<oj}p+BxF@dDJ!I1{2Cfs_ruSZ|qE(@@1>&O`E};{lh^M_8<#xw3bUk#p%Z+m!
zM;|J(z~ogKtB>t0`Q&%ck@e$FG4%0ME6fLSWz^96Q^};Jk0Cud&}1@-K6I1Mg=Fr0
z4W;yLu634}mDxevrA9};HEY1dx|j8=rpE2mh9dm*Tj^2Hkc)=vQUC|!9dOT@>`JPC
z1+4W4fVg5~n#E@!b#5z+Fen;%(nmDtDKHW$mS-6nj6n@8T4HpREH+;5Ay5DO`~^Ke
zo4o?e&Kc?cw>Lc`=GWW_UK>ATlvxq5I;6D1zM3+TSANd7y7)nIcP88{f(9Wg%$|qX
z{EjO0x;?<{dc<$<cTI6cFtaYt*bTh)shR817wb|n&2F>!r$`{5N;)};K#9;iXM1Cb
zeVybOV7HwSJcjctgPYU`mFp>K`usCZko2vmWRzwC@fYVV`6`Q$(oQco6LkSs2N0h*
z?;exsfs!|Z=Q}W(MrwM?@wWy@!h2YvPr*`13nR>V)ZXyWG!3Ly5$(su&xh^s8>QiH
z;WW_A&NZh~Dr2Au+o9Zd`mHdIlqRTF2d<G+fz@|PBVFaQT-4HUn7<<@C^5rOx(cOQ
zC%KC~dOb99($kqiU_LV{cD`~iiO5`mzpHzaOflePon?jEz^LdqEv-g37+_<oKv5in
z#DInmbyiEf*~u4m*i^>OZ@0!g3ieTzabbRH0P`ux;`QK49>yZGF&a*Sx@alnPlwZV
z(7&x-UfTNvRAYZ;@*y6Hp&Y>xjpZV3%4W}IT42`Pf^lQKx`%wfA)&c3-Smr&B8WDH
zg*GQtINOXcOEOjz!GRQM3=fUP$#&)Ei@+&xhs!$fL<xyZX*H7e^F4#zFj05-<N)Tu
z-a{WXB94G2Z>{SEuVSa{$U3XbUnLI!|K@fxk)XK55mFW_X0h6>$US$XSFaPh|G0dv
zkf`|K`nrfENudpaysP?K5EOwUSxYj`eTdtED2X;iV&e{UYrU65#YYF~uAEm}ysPcc
z00kD*7}SU(H#Qt&lMB3HMc^wsDRGH%SzO8^V2NU0RQRM}bwPn?wS+nlD5R(apE!_k
zeDmXa)}c$89Pnv`GIqoW^*x4@j6gbFC>Xqz>DLel#}PoI;>rliUpv(V+H&aipY54m
zi`Hb5wAB0zEaOL)2eeBLa6Oe#h*3!!<{VS|gIz7okl)9rhov^Mm3T=WHa)DpA?kuP
zY-C8GYM2NjiIhQvjrCiEZB#yV=RXX_h56j`%$fi7Q6>AlV6T~M5bU^yV;SGN2`;77
zF_4(@AQ*o;)-W0g6fG74rEU2^nY*|zp$?Ds0p_mPgPrO>z4^@2mY_;DVM0M)r6E_s
zFGf?BkHX$Cngf0H`3}NhD-GBEG#@F=rC@gA#hT$yY6dCSr#8gs`<J>GDe~mYaLdUB
z^Z%!hD6wGhSs^qj4VoEN0GJ%ws<#v5{2@yH|LybPSC_dz{C_xoK5UZ%t}sK=hiANY
zaK1os+O6fZ=!~BWaYK22>B=*6{!-`+i>yCmClR`;rx&~-D+P@x4-!8F*E>WYtO!gn
z756fUxsN&fBN$yOO`XNH;f9boAD~B*7eHivyYz_Uu`zflT*Y2mxnF5QJ)<J1)UC)(
zf&fZGehvYvTCoBWTI0ptZYZ(NDO9R7AD&vLF=`A&sd`uEclv2(%R;zR4rIPiYM%e@
zoZaA2*6FH{sQqzo3PVz{0g~yfE}fN>k2UPgeDvK)De!zbGm#3gewGbBzO#a(AvpVC
zR|n=?n3Zo&i9WND_b-BSWgur+#WmpMMZS~J4(SNs0ys@ia`hEpP0`|lBXDdQ(ua4^
zjuWjkFJmS!E4f}QyNeZ$SLB1F`-Hh#t77j%!JqAmS8SgtNX>f?*F1i&zk8VNiH-M!
z(XorG?i#!<55xI`29$f43Dv05*h~1Riy&Nm;sYcIU<~TKEJf<=oq9ku$)Y)|N*?MP
z^;(c(Ou+wzZIVA!TW%Xvd`m>i@xFF+;YYkmLV{z09-F!U5TE|VqKPPe=i4}s8t9~G
zZMKHCs{YdbiGb%hg<Ar&Z<4SotvqJ~OM(E_LS!?)+0O5kH%VZck9J7ejxaxradhH$
zx^SZZ-fPwR-Fa!|&2`HR&m)qfW#4*5dOK21W#UC=;1!Df{q41u<^TfLukeQfbxxd}
zA3&MA7_ORG04xD`5DXNt(yz}_v8s_+<_|th_2QaDLhT~8-w+AHn4blilO*dO>IsT=
z#vOz}ur+_B6DEYngYBo01xm#+xF+14!h3WOD}C?#$Mur4baE8AM_JWKUUjE5_n+2M
z4F_Zg@RnqZ>Kq`(X3TB|zhG+Zm#>N>SgD4kU&LqI&iZ{sgc1EuKNEeS^>k`{6!47l
zWL(Ju3M^Yww}IAn*l_zW7n)`<mz$m~*IEy6-q5Hk8IcLu8}U!!7G@-O`Ud$YBLYr4
zd8Wue_crJ3o4>%U#CC}}Xpg{|@ze_Z9G(%<h@2lqq{zzjL$AN1t&9R?k{V@tJoVg(
z#gUB2RY^v>D&?)9c<l~bopvRwF02zA16+Ozp$<s>M4oyAVA^+a!@jzjay*Vc=WybY
zy<?|nJp))yO6ZZUvY}nLrT_*bD#_YsEJ-0U{{4v`Rg~G`nFZ*?3bbppOg`zzu#wn-
zhpz8%n>ZzD_(>?somyUzI4l_N25Q6JURCa75`7+7Qdri2xU=u=vmnp{E^lfz*#LmF
zg5dBz9HT!h&F4cHduKdTaeWf>=m}>lU^Fc!GI>vXv=U{eSei<vCb%6)wb}t6C<)N0
zvMwU_AOiVmV~k1(18vjtgdYEto3?6@g`1N4R@@g!EESZQdb1>bnKMUqZp?E`O=MwX
zkgQfbttQV_Vg;QC`{J@m`34k9rF4usARK8O%F4PJCy{x6ew^xU-r48(Z5iJu2SBj0
z=)b6UsvUCQ4f1=y<k=IZ)?T0k^<-6J-O7m@bgIo0mqoUamA)U|ReRPuHu&DKnq(W0
z`KZ3Jg(y{u;S4PVSaCgF+-uL%CQkN0!z{p|B(y*O{;lZGI>?73f4G|9U=Nnr%da&6
z>U*~}(v5Ah-gD1W@1?X}AuD<vXIm|_mn)SYimZu2<0pgFJJY1rdq3&$m?R2gDR|df
zAS3df)KpTB+6=C<6^8k8ou@!-Y;uG;*mFcI_XuDFPo~E`<qoB87MFIc5_~MVdhhc&
zi6$!|Bq8B?*gSY~qg@><I?dSkz+(R?WKnj)m4i|cI~Rn7k-j7~_mNhh!^uAN8dkZF
zaX(yZr*5c~Yf~lM$F5#m69aHGCG2hps6_r0QO#|9gv(Tw3h3!7zSVDaW`rtKtP-l>
zszosia!R!)>31NRH<R6rx@o}yDe676=2+<$sj^i2U6u0msKu#N2Uw9QASCM_9nH?u
zcBvt$h>Mg)V6-r!*qO5pETrKg?Oe@w_P$Z}g@*3&?{l$ao)r}^{^vWO=>r|khJI;V
zed!e+i&3fSRw&3<;dt%XMiVlpDz5~GWB_t=DmePnV*_PQIZpn`P-o+=CVP$1TUKm1
z=>Wrd2&69>>jXnW$78NM7(Q+O{@Se`zx#3oU8Qbx6DE!%K>3yx|Gz&qg~5xDYDoZZ
zxumvjP{^ofN6~2iNVC??e9OqO&|(ZYV0QgEt4GFSU^?rk<OaXagUjN7`xB<UnkykW
ztXXz8eLPK~7B0J<+vJ)4=T{_$9#kPo*R2Cy&xD5yR(mk0ZK8msqSO*6yIA(i`lgET
z5TEfzOwhYvB0{+UOgh>U(K)Cp@iR&<<19DO-jwDID>{3djC<Z2QnNd)QwvSoYCfnW
zVRM1@wWu|e**?X!E4Z-$>>iCHOoMy)P(SI?T()QY7ph(7-VriIx?{bBKamJf9rD0>
zb27d%Qm7sO{Qhb~^L7ujK_47utj)I!-d((##MyS3VM})?N;6&zIZD3plDw432ZcC*
zV2nX~o@gJxbVr(Ez69}#dl|dJ{EJ6hzpW~_^B2ClEsK`=ZrkcYQ9AC+g90(%gg?H-
zx!ycl`5lj)@j@phL>QSYkyB2~dpK#=BT~R==wTj2R@uided=QXZPuk}K5RPg6Yq15
z*ixtT;L9Ooi4oZ4<t1;{ahMvQ+smO+;i3i4)rudPFoe*qulEF?x2%#+11Lxb?>y&O
zBO@AD>9XOh>DahMkQSSJs>tzQ2|C*)DH;GC%9_-xJ%F}O)Yw=q9zcQhtIIQ;OD82t
z7?in4!wWjUX!RJz3EyCS$a<H0NT$UY$x1%y-KPJOg?f3IG~hV<)L5>hyb@#;obd(K
zCc9|q0jzG^ogVXC`c<xM9(FSk;PA#mLiY!-rmk@$Q-t?e$jy6g@H(xOWJlQE3yn=0
zK1eI>1x4bw;q+XE?sthd2M6e8ttVsP8rZs%sE|Pr>Uk$v+|6k1uELq5y|6MN##nF@
z$XnCH^EsRWVWx6|f!olUrTeXB%Ik0Za+8+psev0efPmUrEU&yQZ}ot!O*Mut_t8vC
ztHQ1rU}m{V)De*kQ2sVDR9nd4=awfS7M5p!3VlgnKJVt4pbU-JI9zG*3_O33FD0Qz
z1|JZ-Epun+uB2y3>GowMb?-Yoa_0?7uTMQTFW@LCbatjTpF|3%=QB2jb*pbz)fxtP
zzD@4Bu{-GDe~DgY0%W$~wX_0k$Eg2u{5sX-`=P<Y+(JNNZ4f(7tP4&67l@O=N7sRc
zZ?s)~F$+OScK5~Hha;BM6=tXJ6e@i5Gw(gpOLrX58)oEZP|B>8{4?1E)NO;hiZ*mm
zl1%t7)c{#gX~xoewyc%XqWoyJ#y>{V7#LHSAjg1F14{Dj`!lsyNcYZ`SWH)vM;I?3
zKOs(<Fl3?J;~nt2&NlP0Sie3cRm0z|EJ4^#_UDR#4WGzffg;z6GzXy?#*A!*o`P!5
z!3~)wUuue9<0{SEaadP>=q{482-mD2hD;HJpCOv1w<d{D3+Tc)hUc$W00WWA2J63n
zud-`w<?fLJfNjD|=9(p8xaA72NfUuKLD7>70Edg1FM+HgpjOM@{r*R}!3kjKfZUa+
zZIEI{y>&YDxYwaO&-gQQ+X)Ig=E1-#$>r?^898eKKp+A)adIK-#OCY1X6dhhslQ+2
z?0~R6c=*zXe0}sA!e4LvTYvpEL;w4xry8(qFJj%Sv0n<vQ%mpaGO7PInc)}91c283
zu(|k-TAv2WsmDjNO6l;!3h7G6y|E+-7s5(OnldY>;IEtzVJ2DfZCc@aXM-BXo@?(6
z?WKxlYR`zj4c*%}D>g&cuki`hdbA1h>pZb9tuJ!ozBq}>5U44UShZbyS9T*$9l(6D
zuYGQgUu{$H2FZ^Hma-<n_1&KzfG|d232@K@pQ-kijghCvEPzc@YOy=<`|iC))X|%$
z-0wtmr=b)JzVytlZ+5?uE<<LL?EP)z<$fR_>>2oJbB!x9q1KFg8*bg1N5;8<%DqG0
z);UegKX_U_z5u2hvwfBF_CUqOkI9BXn8i291*p<~UaoWy^@6@+X*bdg54TsOO706U
z;|-|UKK%@*Fk#h8Lb2Ff^Y4W$ae+nztZwk3QJVGesEw&i9hPST2{AgQ3Wo#sPDnQ_
z(PxgHv{ci+JbH0?m@hI_^6ryY<;@g2a~EJ3)aSMH&YW0N6n^2>PhoGv=|Xo5ZFV*g
zV8o7SdOORFY-HU~DG#$7jj&e1AB-=|G4T_~<&^sY3T3z9v4vybZMd8*;u1|KlAL|q
z<4g^~j<9GzR)pI<e?&LI7aGyxNkx9AO9`=5YUWs*;fLr?S_c5VJnyo#6P2M%enO!i
zc-$k)d*X4@H*m@%smMm$ipG_!KU07cO+5CJSqhBx>j%ht!%yicPF$Tzpo}xwddl*8
zaf!KV(~1ijI4d~1g_G-QBJeq_8J2}$bxLK|M|Ip;Z~lZ*YTLOtSM8bA+lK=?5qgsi
zH`)Jei#xv%n(X{YncLq8cU7+UB#1v{u}t&Hn+AluB1cR*Mami@l3;GFfu(gsgJGN5
z#(qA=XrFR7Hghu}B6j_hd)#fKiUi8cYCQ>zKOBemULB_LhwW#+`rhZDA*ZR~BJ=G$
z*k;wqdsCcDi{;Jt>$8_c(5?i=r`9e9y&j1ACI2oTkWs(6kO*ix(G7qg9&!>NIr}*5
zBUyTbvrhVqEAd)STK(f_MoA<UNr9*sOs4d$;*SF(&6RGSutkt#t8XQE+5Ibh--6zc
z)M`$??C*d&WvDVkF2yS3pqkf(C|!p<m4g>cr_?X7K6>11m>GTv=#^C5fXMWU$IKLj
zX}*5{-U-w}0(gKXP)#uci<}=|bgV(C#?OERv=~_fO0x_{M4&LjD@JohVpBdSrhf?R
z;s}3{jHfrM9ByW0m*G=^2^h#bjcjO?j&v-^!_UuOOXj#>8eS&V3gkU;#hm$L#8StA
zdjfBwq$cEt7l017lyVBB9V}G$Ta41Io_q^g_aC^5X>PM%PcV<F>8jF)o>}yA*=F7v
z(m13R7?oUw8ec&zD>A&rlas+Ch9oG;S8IN@@mNEWMF4A4HKOzA{W2S5e0k@_7%AF{
zpuU-8wNtO2@Le?H#LU56r~4Bh8MHIYcYzK37$c6JcdDw~kDppL+<oSL0C3Ud3)8t)
z+K36nH@xEOc`4R(FklvS|2?uLmm;X4#2bHw%4iKEkUY4Yt;Brj%oI&7!12a=Wf_7(
zk))UPN45$G7H@OTzjfk4yUSkPw|Yt61&;FI5boGYFPruFNzTWBAl$I}!ks8#CCgAe
zkh+3M+e9xpHEQuqRi;<-en#&VrPe&7LnHnR4#bo$t^T#IdqajK<`?7~`8#2zk3BIP
zJ+7yYCimv8Z9=)?>1T&kdTx>#&%KzHlJ@gld-f8EDBs1WH)wxlgYV}hdUhyDV>skV
zi^}EiZ><qFAf?8Y$1qV3s9F0gaALTp22RKLFCpv0FsLoOZsRb_9{L}9RgS4`!jKH)
zMSvQcfEPjeb^P^hDTlwEF|0SeG*ncBb9yxVZ$Q;WB?&{1>+^M4t1fgY*g4VNOPkyP
z!EEg!RSRoQP-tBlh|Yh_ShiwC`F=Q15(K()-X1o=7vMh@Ivhv`DyRHoX#Y{hm6dE4
zCNfL2#Vs-$kpK>yaHUmVkW%luKu7>LEe-(=4z6TJ4Yq~=p?Ee>(@L|Ni-_Fsr$7{N
zKL4%KEAgl+C4<ddMHqMz&9+nP86rOpeIqiT+Ux9Bu`2~p@SeM~GBWv~)KURrX_@*R
zVS8#*;H)?)&4H^H3RTL$3uI~^Hb>z0nD=1k>BD#hru+6=3b#0<l#Vo4y~Hd5!&23e
zx>)v8Ir!)wqHH<?r$O=tY~>*D=$%dGK56#187sP}Q75Gc#alOpKSk+?2xfjuRmC%N
zvo*OQc!DUMNCHP&!nny!^M#0j*#zp@u2SGrjW&l-6SD4?$Yv`JK_C`BFbF-OwyyZK
z`uqvi-^SV<=C=)!y!Kn30!99lN8oGI&Dib$PV4BMAF3Bg6CC&+jPpsUhWs$<T7n;A
zQamk>$_yF8XlM<qKRYxQ$T`zy$Q5dW56suYVgsKe0f)2nTFG~~Gxcb^wj;0|C#vZM
zg^+e!;@8$wOjq;UxwnQ{FK*l6nhh(*WmBQp`l*V=m%Tw4Fl^7{-Ir2CCq41kpy$~r
zBC^Hc;K91n8*vADsl_JuyPg?s*p@;(P6u(&^*Rv>xZFqlJ^a(PJ;0XW<%2F{{XoQL
zk`wC1<z<85{+qGwPPL|4{_de@RV^}N!X93v%B|U+_nNUbRn5pCJu*TaYMq3Vq94eT
zT5k?v5^wtfI=4j6R@}=d^-TKIan{;6#x);-Qx5fTJ_Lug4fvl^+*V(Wa7;V8SW|T|
z>i;={AV$!)UH+`hUZ{s3Tt&%&cmapVt&C!h1+yZh(Vo`rNdg+58b2p+S2Kz%dbcgY
zJxn&>LqC1)C@Mrw@;{GgAbkMH?Znq>dIHf|kssryPt$kmw-=&2fu91%SsW@SV_VR9
zdFJ+I9Au!}`rsIs>eE%QLA}Cu#H;z5WIFgV{j~{3-Is~Z%uI2i5&+G(7UpQPl0upg
zgy^)8d%l<!kep7Abcla_D{e)E#ZthUEqd5iU-J-rGk>4=-tCpV7-vqG-v1HnRR1kP
z{#N#G_ZlCb^7C@HEI#00UJetK4W<4+?M%Roy0twkgsbf27hVt}|2x2*wm1gFI2Iak
zX_{(wwd+_K(>%pb|F@;`pN;>I$thshbUo)Xm)>!D{k=74EjGwy#LU!v-OS{$88gsz
zQ@%k|zF@6n@8;{YQ+U*%HCDg81A>E-x!C76i!<J+n`2Va$5K0V%stn?umP6$C~Hsr
z=RdY8ntROl))u8J2EbFiaRV8o$Iodcb7;)hhqFP-g;&<Kh0tAxDPC_4%119_K;mOO
z#l3#U$}8E3<6}!2CS(c<3V<QBC6zHUG8z->LlVsTRKb|?2xF1_Gb1~87G_qBEb)Qg
zx8}psg`1tLg%2eD*R9v_$U(ntTtm2(S8pauI5hC?8Q;4$C|)BYyX2(Gghck1_K0`U
zU99tbvq0O%KUll8xFJ8k|FtB4H^N74NLLQr;DTC9uAUJ|pa^#-3`FzgxNxa0>u2`4
zA6nYmb9^HJMT2D{aqdNTR8rFSlbB11$eK8b{c2I#Y(xb_$E(iuJnv8zqGUiN8Tmfd
z;5eJlq_X;=oT=G^_`G4xn*pOBf}vC|ogz6H25f*cWs_~zZSL*6ezd+vxMsfz4&B@}
zLPtiL^YW^Q*yQt|^&T$Zg8_;n^2&8P(-cowu+^xd>dR{&lX4k;elu8%?gVWCHiO1$
z2PTgtfgrZu0}eHa)enNDE>g1;^r}@C_OOkw-@e7uh*R8`hgmTXNyt`xc;UIGYJs_)
z<Hzj^=aBR@m8)jlMOSmU1~f!)=ZScno>Ma-L8&x>o5@wcQk~xWpg5TpxRXgZ^<laU
z3UQWefKYYEZchpU;Q0Efv*+}X#P-s{=ph~7U+5NpIY6sq<;aMYHV8oYMX8dgg+yUK
zCZ7|&S!>gVN0+$NRLNp=@?DLnisiK}+BCB@A24>joqw*gk0C~3#De0%>8^1(m99h$
zKk%qSC)%Y@IH$$?l8xx((A35rp%J8(k)x>eS<j?9w)Js^Jm)hgA=YCOU$w%ne<c%z
zNnIA+9)R#V0rG|I5#9EEtX0xxIobqEb;e?GR?oL{V||YDZC{d=04In36JMU1Y&WZ7
z-rFi;BqH+@X!g0~_S7nCsd^q|x7Hh?U=)3Kd>hN3NRS~Zf<>K?R>%Mq1>OtB(S)ok
zbc{+9Dsx%-82#{JsRX$s^tUgp5>Z`4ND_-R!V9=7`CL+l^F}~<?3I^L{?}ZhHEnO}
zZ8@rYEG3=&plJEq<klRFZO6Ug;S)}KHjnq_n>TL4&<WGp{~<Ao#ioP#OlqQhGHSOf
zZJk`%rp0RdqW>r1M)@DXAYtlcGrAk<`yexqKmBuh<;X8ks12JH^=V#Nj2c>6@VJc9
zQORiPgPExZ?7kIgfCZ^mCvTL99W4!W@mRL3{Pe0J1;bfvYCn6=St!K*LEPPWb~(K4
zlM!~UuLX)jqa0268$@<n^lGE7E8p<VvzC8^wYaUT&F>RMO-U)f5fpYD0$%}$Yk#xx
z7{q-IRq_n_5y~YkUCar?f=d>0xG#hFU^(bP)wJxf0mYAIE72P4=>n^PRKCqIjIZPS
z3~f{Qx5a|cSlQc3w0}RBh^l^^<|=xp@Gve8!}$&DS)Tz}%;P3qOa}xj?<XcEN^W|R
za^WSZ<C!4=FRSw(5y|9fzbTKUM+6asy+@*rL9)w)QWKC8e20mZsM_y%bj5)%T%qZE
zvVx2G*qtpms#D~U3Fdbw!o)M<tb!juQ@k13`u4s-Ko~aons_xOvQo^@VhBe2H;?To
z76Z;>!y^$r8B?HDLLn#mq_exRT2H^&*vUxrLuR;xIa^VRPGrFcbve?<NU8s)&G5(j
z>m=@N7xR+^U&d{c_1@r%d<4FO^*9YkbjP#HMNBi^O>g|S)xYH`AQy5{+1<>q?+CVP
ziI`01Kl+R)F3(O6Rkvi$XC*~lAMScKcTarPi$Y3AL*V6GEwJ!bn3d{`dc_PBzVZcm
zz-nV$B=2V=f-Y`%1AStlr(?SygMxEcP)miNqD%t6?)D99E#XBZ<93#^+2ZBp%-P6U
zaJd!%4vjYLc(4bgJXZka&h>rj=g;h=>Wp%*0Qx93%&NXJY(Z>5wnYS=Be9ohVI725
zJt&fMA274d$JzHIwF7OA;#^LhZ9ZNuw0^iOT{v4A*?X&H^(*=(fq5=o_PqQ02w#-S
z&C1RC^F;A3qxU|e_sP7&_HFq**xr%D5ts-$(yB6v^0T{YS>o?M>~!5+#4KFy47tH^
zlcKct8P|t;H~zb{)`K^DX6r3=S0$)*`NMDy<;_PQLBr{}wQItB<wP9l^;x_hAM306
zGfouNy-_z+z7I8lf?rPjj+XA1^B<cv`il_#e$kbwnjG^KmP4<;a;;+44EUH7&rIef
z$LxXq(M}knG{IZcnsClJ7{8l+bCgaiVlz_Wv!^{Id{1_p*4G-HdAdk;GU6w(`L^e_
zKUTY>M9naHMhUuZ%XaF6jjQFN@*<%axq?~-%HKMoVKhO%EkvBQx?mKfi=T>G1x|(+
zZhjX^ir92x9KOqKy*@o{w*LJ{yhH@r^6SwN-|_J9`#VlS$GERq#LAVkRDt;?n-EgD
z`9ggmy^$M@_R}+IJT(w;rC=o<H3$MU22(kd<%Tf!oz^a)#bWD>X;hC5{r8^irMKuI
zg0c;K$A#BLcq}(3YxgJp7#Pb-zTa2oUL|n{m8@2@Qer_U;;VVny{unJeP)skbH~C5
ze`uSn*TLZc1!#Hes{{45Ks=s1;Nz(l<QDZrE7YMm>tbCYjy&W2uFD95@M07-Y7qR-
z%Uj)seU(;lgRVi@s13#IQTRBoTa(u^cG;6aPOCg4h(81+uwtAR&VIi1YFf*>PHHRN
z%e>j4G<$%n3zLn+y234L+TA{hAtYSDtO)!$dsB%de)pf33?Qh+<s8r7Twd6;23?e%
zN=$BN;jOHK`Nw&LNUCNl74*i5y)D0!+;`g<E8sFns@mtM)@t-S=KCNe5tM&=p#iP;
zS&Cmc&m}YyIlX8--&HsJa6-Efy(`&{cd<q5O<JDELi&CG{ldphu40xqU@WY6j{)IR
z0tLaIk5%aU@M@!?`|Ls7jn9t2==IV2fb^s9#{X%ZTe-w_P0r`aEsgc{osqFSYOm)l
z1$*zuEIPzeXy86|`+0f?BZG#8W|F(jhfOx9eexzG#EkNS4COfJ``iYWJNNx#fJ!=(
zCtObvIsRuAbYRJ<$6vq-DHek0xBvNP;>A&LCS$!_3E-9_+1fST@dgfiVRxN@(agUm
zUjsTk(D}Vb@Nzb>=<7%upoF-5O<Fjg?q6Y%C^nHS^)R!^T^UrdltML}i4(qV0^TC(
zmlVElNdmkNUkKVba!(t{%fM+T;OyrU{pANhkdC^D4El9&vA2!zOa&kD{9Zf*F%{sg
zPd5r@S{v;r0YA%6*AzZA!BPsIW@Za`nBA02w;T~p0Gw+t>WQaS9|0CdB5F>f+mI-T
z@nOW+(D(D}%YDZ6UMCCQ<+&Q?n>O?Wfiyn~iQq`VbtR#zBVV<rjx2{qYi|Ocb{ld6
z$6gJA6EJAwl(Cz2VmWvvPbK*SbQw{kk-euXEtnH=|F+L~!I5nuAGl3U!q{Uy<qKSo
zblAE9QF>y+k{}usBQ#xhx2w*{c-PNH%rZA;6z57(pY8h21k{1@qUO7>fJ0G%e7)8J
zoKaD)b5rZ1yuNpeC^97GXpEE3K=E!550CU{8<H0<UO00b)}jeAHWnA7_SM(d16bY|
zfU{BDi#d6tl$;=KX$`*bS;H~K2@q|UO~!=eLa{>#CJ86ZZM8RXo4^kZ4lE(pz_p&-
z&k8u1RxD_!+_|n9=^b(4ABlK~I9(Zh*R^46zQAonoV2t^EgNHY`UJQ*I++t{RZLv_
zn4C?$m%>%o9GO7w<+|0p9UeCRSb>cNo?{=u=S}bRU{lp3VWWaCp?{AC(`IbF{&voS
z;~da<C)^*CIJKNJi|e3q?~qq+B%slW@yZQ;UIRS2L5C&i_B0m<sUm(nNF&WFL(tG*
z{NanxWq`r8tc-xdoL81?gf07fkSk=nJ$jARZyY+k-!#i=goJB!dDC#pt)Z9V^|7I5
z_&(Lhq4BZkmQjzvmMBf@fNI+P+-O8I{)niAF*oN#@1j0=CKO`S=m>Kd*-N?^!WRV=
z{CS$13?)(yPDsd!B&*DK?kdLKok9}*K9~6{!$>ILHC>?kY3t?sk8+i7^Pf)Ub?b5$
zeD&TpFZgbiH@x%O@eTU)^jr5GNYMAKXB3t9Up*)0O-dN{<1XCahis>p%!iK+ON!~0
zSI5e4y_sotyfS^>iRipav}NWb7>iOa|6#@b)#uPG)9D;q>Dbb@?mwYqJ@H^!2gVHJ
z@Pu`GtFY7JU9gf@Q1zR<t0rC*?;`RtL#rMj|5%<ooT|a8l$f}eyKKvas$)WrGopns
zN^zYLkV=pz@D%;sCUmMfZoH*2pUD3EcT{tGZm;))Tn6S^L6B79vX<qTlNrNe*11oW
zrWhQ>S95zEXc;odR0_XLrZ_)8Nm+SY3+oYK2=N>|wIA7sWMLk@Ul8>79=rJ!B^diP
zBi>8NLdy3-`LV3pdxsH3-Z(;Gg5HA>5lE(js5uS07%ru)!m(O>$Sz_f)#gL6IV%*D
z7Y!7mjzFJwmBb*g)aE5`F1ty6_gL+k7k=<e_39~|G44XB*2`M=JBngr-dt{3l_sU(
z9YD$UuC)pxX#-%0X@Llwxz!nw7^fDp@!Z~dFOK~n^>HnC79kFStUK3eGh$L9s<>_X
z6;wP2c?*cVqf8YhpT4?%FIG)2FmxI&q?JbHEZlFy9jD$h@xG}0<|%lWXxl`1mFaz;
z(kRq>?|AcTDvxhj&{bS@^=@}J=tB08@^bLeS`M{q_ao`(OJrf3J_~b@-_M#Nn`nFx
zCOc5?*qmE{L<>7G2Z-|$NpQ$a>3tK3+g9?v7usjiV|lVYUGkRH!VdRG2}-pDWMwMa
zXG}*$MI{Zfaza7$P_xnRJ5<>+%KRB>qr1uodCw{&%Xf9C;kxA_YdwHSE7Vmf1gDKp
z4jg*dagLJ@-+O&jS(a8qHJ6D($8BT6#BF25^oB4q@_R$L4Z!~xv?21+CAK3v_jMrh
z_94)~E|$7+MW4<Ni>RZahoLSeg`=7$A&WsyI|~PlM*NPDT$jd^dA4^vmC+9hc=tNi
zgyd>Kqlw8WLCs%G2yppDAp`kQONnXTT8my5TQo{baN%YAVYUaP7LmePvINS|py%a&
z_{DZvy=bo^t;<*JWUSoedovGz^JL=J_RRNlJW31Ud`cUq^T~SNkhm=PtWGP6EkZxg
zIzw{4OD!<v_a2+*2Z>kuKPzvl3OwFKPY?TAhPvxzLE-GL*x%anzJ`%|AEK&gY5AM`
z`Kk6fzQ<AOZ*|T~*_Q{eAN+=)E((M02AJ6>881T95_&;vWbMYkAJJT{zNHWw75%lv
zNCR6@)w=#=oBSD-28JH}oO3?>kuGiUF=wgB^Pb-oF{ri=+1nCUYm~(RlMKH+Rr9Zo
zUWlkHBjC1$$vq(1>sV-VVz8cA(9FFUrV;!8Z6f&8n5|uuKLu@X_%-d^av-Vcfd%2u
zEh|yFzvgIR_7MT)?dnu}lX5HnJ^0-u@Bed^(4(<vU@9auFeQ?d4d@vlNewf|6g-(B
z94J5i<h`~Q<o|t>FFH!@a_jv^x3}<xaTS4hd3xfI@tR+r9UNxvYk31|=W}rQ4rhH^
zQj#Deh9Vn*)xH4B?HS?tX5wX{tNT*yfzX-CFGgDbbrv2oal7(g-K4q3;^$XRYH54N
zFXfa6Z+<;`ar3>sC|S)+Nv!u5#J?SxwD$>>*N^=ORM)7T&CPZfHRWSPW4S>fWaqDc
z>3rL-8o|D5H~K1S?h<<KzjIL&PbK-|IB69MI!bk<I(Pl6(<$h@-9}Hugwch*8gXBq
z)P%9eL>v-JyAn(lan+^+(8sSrYsIJ~{67qbD@mmo#^nL%R!L|#s3AcY3vpW;#HUuc
zS2YX#0JeSoFFD50)-rf45SW)-7F3(vEZ%Ky<-8zFLf$H+yk6gNi;T~d+>RV5JN?{Y
zIThBw)Nn)cI#^fNLoHWPx(#LT>f4i*n-XE#he10h3)sy+guHH!M9Bz+1LzMJz5yL(
z)Y0T~^k(!DjiN{8m$|z0^SeK${NKg9RHh)Z<Gct(!RDuhWWQ5spQx_puaV=$*2itL
zruNyM7N)z8@GGmv`3PIGob2*DON+#_`Gi^1*prgyUq_j7PRv>klsK(UI4HMpsXS62
z#$a6IpLs3j9!~BJbxX23-TWqP1!<0iv<4mRdLjGbcO#^+KU7zbUvkcf3{W~l>e(~Z
zmx^4eCPSG>ic!tek$5rV5?#|CX$;l6wFf}zf0{qI^bq2XNAE*5^4yMOUBNb-e~sVt
z0!0D9ubMp4koW3s+wEc*F)mk9%V)!bmODqvJ0#sF;z{*yY`s>^c;1r?wv=9Hc^M`N
z7u<&+QZ=vY{{Xtm*5+x25)8WH{T79j35seime5%otxMq0_VlM1gir>J4U$L=N<)HA
z%cOQAhGBe&6!VJ{5!AAEGg%s#%YJv$+O#p1%P%V4oPMQce1->$RrPkmOw=pTG&~ta
zXzwOO6^$+|VH<2(JkS`zZJTuRFreJf=-#01L*{UW0?$fk>Jf**%jg*Cy&=1iDzD-t
z_lEdaI|_xGD_=FZF@)g}V5d{VerSB&R|M@bD%iGN<)J*EGrW>ppZ+q81b-40Jc&vL
zvk}q(Y7o3K>i_eV@E(DTP#8M+6+L{HhT&-;fh`=CpsMed1Mfx{UeaCR2nO&EdGI-)
z3u7dSTLSMOWNixr!=Q@}e<Cb{)`x@ve^y5E@e)}ao(z950=#9sB>n%(qqmQRr2x;+
zZS&wiOi*O_l-xF;Bn4&u^9wvJ0u9hHMna1I?AyO4ypaZfOHf@j$pihxlOe$DaR%=|
z|I<*y=MFw9x-d(GKW#BqIb$iH(WU>@oDwHhC%%j#GrYzBJlceL_x7!i^ZyJEzA)&2
zjST!u8R5^cK-UtIV1LF0`uT=252TNn{r);=UsPt3#u-8yf5cCZu!rzanUY2$t*jFf
zgN_l$8S4>&b5n;Ub=)Hd*0wjbOVIE>5wScxnPn-YCm#YXP9A0n9~8uLi@cAABBEeX
z3OdZzI}Wd=RXzJI;(i!{$!+`WnP<$Ql#R_g(<@_oO1U;`aslhXIBL->iU9r0-Rc2u
zqgvZUf%5o-ony=%4%M$q-dzz0s{if7>fMM;0h>71X|U0=3MAM$IOKo!4+vbp9n8te
z*{b-2<EW>rdtV-1?(^ih!?dv>8nKYBp59y;q@$J)CGHUz%0Ub^a$1U@SRSuIBr1`N
zB2{l777K--?P%V~iDz-Ilt)EDfsFF%guQ`5x)|}#t*!k2ncfsOZH*ooBdJVq^XjgQ
zJt+97!ubB<&uBIsKI_<kbS+}Qu5#BVk>JC}toWDYJfF7t8-gP@VT)`PyN-|P#QA<m
ze)63A|CqbfCm(omm?O$u$sWLhYqup3Im<WMti0|u*H7P_@9$S;(+NH%G~dkh?EERV
z(SXPdwRv_W!4Fx!S+hIZo^k0sz)1EGHm%BsB#%d+5;1S>!(`B+5u@?Vd-HW!cT`Xj
z+$RVgNkZ#InAhw)IX@th@QW6)BckH?ACD<qrFbl~1ZXWh<@(}zx#$hnlj=R5jH<Vk
zMKumCYgmGC!WPqLsu24#*<nrCFR>i}GwP0~mGs^>uc<>ob9P4M6dRfI4aopbdLchs
zf|hJ^VN>vE4@Vdt;lF~j>Q0<%T#dPNch3ZiG+;TJMFVH>D1F(r==D!K^{uC-c3;K!
ztX`RrECxegNqrI*)P~}GfhO}V$B00Ga)jBjU{SpXi?u=wx0zUhR6xV=2vF(IC^9`3
z-UcJ0{=QPfo%05Unkx-4^ChUEP+wb{mh)CMTSV6|^dg!!mRMH0Cnzo}v~Ku!hj*bd
zbE99<FY?6%YP^o9(z_ecO!GwMMNv!M;dqZb5W!@6OVNdW4z`@@ksscj_ndVcK9b1$
zvg_96Q?NnZi~pApJ(O)Elu;(2(U7rT6{j8a^P=SkcGK54N!Wkp4GW3_E>SZ?Jl^Ge
zM+TqrbRnl4kDtOpM9qke2^Zd0Kix!6?|BFh1q?5}Hj(ss*Zq#I{UFe7hp#wC+G}Kb
zePRBIZoTUlo_g=$Pc21VR1d_&f?lP(ZXr<)G^jFS)-9WJO11e&l0<v?lcD%$W8PZ>
zrwN0XUr52;^d_~{nqgFdkyeOr9A6m!#K~gMHL};miKD@E=B;M-LFr+B8!wx5@2%y(
z`+8N_)NX4-ngOqCYe2}}V!HO>=zy1ykX<yA8Y^a(F`k+m!SSzT@p69RP+Yepq+eF-
zYh6(mVB{N&&vibV=;}?nK7>BN9aASVY?kLY#1zQE?D*(VDoXbw)w-CI>iv`kOvx^p
z6PhaY^zt623)L8|tbn-q)^+bB50SaopBdMGz9dK^TC*`~w~pS2*!cXBdCqv0RZWi1
z?;+o}RQr7*m)bw|amsR{9}K#-erVQ_-1OoRe_dC(%+^L=vWy$}E0Lst;=!YWX*`Fr
z;U=$BpB&3>W82H~hEsF)r-s@r64!kF;;2Tf3J>OwpleAzddTSPNUGTB2`ewH9*QSF
z6)~Hd-4RpgBQn>Tc_RhGZxZkS$vHi0o4Vp?upqG1?S0zq_n`%MK<9L}4oTalS@U%N
z(nO0k$O=CP;d%EM(fkcxY?G#nSUA<grN!{!#rNydbZl@vyeyU9<BYvyV<Y7L3Y<Pq
z*U$wT^kzwmlF<5Gnp|rqt1`^*O&-X#+Q|Ll<ij~JociuY!t_<2@lMgJ4q~el-ARSA
zrx^+MOKLF46Jh$~!GqCHnVA|0LaA<J`W0fM7+dy+zU!N!)GvBA+`b2EYlZathEQ-Y
zg|7*=>lkQrQm9uASv8CC^d%$v<T&8co_ZJ7?`#i#tl*fJwA$%X^l>cKX6w3LAW#l9
zSW2(w|KaQ_qq5r8Z~;L|kdl&+?gj~I>24|M5)hD(68NN)knR+vKf1e-2I-LQ?vV7(
zPxm=zpSWY(aep|*-mq9}&bOcEedk&?KXD?(z3jWLE%l_s2U!D-&!MgF6^hsqa*GKB
zdY*}Zmp05N9w~*jBPK<WA?QS0T3`~zxw_qSzK4r_^Dgo^#Dzy)O&sL5j`ufVOZcP$
zUR_<O@vQchQauXqPY%-O%t`$@Ke<DY`A+MG%C?dE;d6Xw2pwb;Nu@R$9u7VHp?Rj(
z7*)71)Y)DT@GK4C!AXaML~mj1Clq!ELmkpxsE4r55L^p1t4XFHt?Q`>-}g_iyeM?)
zQ&*mB72DknWF`%w$EQ^oXgp|-vAEk&j@LfGc@wss^>}DVFZGo$GH0S0T1gX&9x_71
zkDUSLe%YbsMr4|aji_AaF4_|^qN{m31_8=*Ox$mw6PXDgK%NY`ha?b0krNtNe8Fc<
zUHi^O&;7L}YhqKq%~>SbH!dIkeVUyoF)l{xeCK_1-{GX+2*I`YW_~9|u30JC;tfPW
zvF>F)RC5`OC`Sf6s(XSS`hs~QM#gfMjwAx|*j3gn-zA;h2@aY3EqY;SF63#5fEtds
z=T#?h@z0kX6s>8SWAYpzw==v}bGYxeyh6^V@2P?b@21YfwzQ=uc}-IMO-OV8@FDr$
z2oA=4L{`(KaDipofUDypqmzU$ET(U?PDj;F+P_Qq|K3YyL$LiyDc6P92+~<+O=7(0
zM(n%L7vF^IG>LhYE#zcdT)J_DT=S{mNba&S7u<QW;Z_)~sJ<q8DUvRU;9cmWGfntj
zDMH|&c~@Qm3g1Kt7ZL&<F<tcO!}(DRRYt30XuG;InhKvvFqx&Yuf&Ec@m)L0qOenB
zDWV~2`(CK=Ti1k}OeB}U7VRlAJ(^EL4Bk^NewI&zzJoyjs&>DHLA%KER5t@L;P-lO
zi1lP6a*l!@kSdsu4^<U9C0JC1xx7zIBYjzO{#j?AK$)$RPYP`SUfN;S#+XJNenNgm
zusS^Le)`X!U247=I8q|?k;9J!g1R<Ku7ml;@Z7&m;0_4S%)B1&Vf~%)z!#0oN1yf(
zuTi#Km1gTnFXeLf2$J>a)oq-OYprSr@xC2;D1=K)rh-E81_It&xXNh|`Sq-+X`x~K
zVOr-ATt~ma({@uy2Ka9zg!Bqtb~&?6YW5fiyiQCczHu%F%%vu4-W7rG5!Pev;Km|*
zy$$ktJ2;h*Km@m-#50m$xi}nVEg+p~XnMz06`qFso#pFB#eg!RbIDrMm9Bjfjho#P
zbK4ObMF({d!fsQ9_JU*Kg*Af&Qn|_sza~C>oUK*IW48J6r6RYBxX-hAMkENC-w|$G
zOWOr{H`hcGGP{IHI30GiHNB{BkkpSr8U?vs6rL5;k)*h#W6?-JAEIDaB!qth|MVSB
ze&8^i)P26GcDExqzxyOrg-QEH2BBmn68$3+!+xDT4R*tl{LAkA9D(TI<+Rqa_%;-%
z1`*FT1sRbS(DVfSthL2#Nlp=&tg6CeV*~0uKN?3YP`kJcarI9Jz>>IZ8KU+A`@kaH
zdtU1cemyfUMRdlWr1>}5%X5zpE))Fs{F>cF;@N(7i>b^#8Wvd3DRL_?u}uq$19GL)
ze_??b;Xc+{@71zVRr)8{!Zs4c0}79@l+AB^J&Z#%AmJQZM##Kszb7{_JVY-vr`dG+
zc<-^>EJ*PGtYp>DBIS$gzup-?_-8>&6VH5ebANCVWV-Kj?diYt*-@ID>5=|a9DIRH
zsDG6=Pw|YR1hNnIlQc$aue#H{X@%haRqp(IolNaAt2<|W_qp2a=ao9wPM!6S-Dgja
zAfSx?V@#$sQIM5Kv^$wb4Zd$0c*-mZX+!jDPFFz;`{g}aK2eX@?*9Nl032lc78tJR
z5qO2O81cgG{N4~;^w^U7{hv29bba|VAi40qy&cY*M26K!ztav}mjewvtd0i%7v=G!
zCBE2>sd(>Zvx6w7n;f>@=dchBkLDoT0xKe6FyVLA_W$|g!|~*_Hq{TtWhe%MgMIX+
z63i_aYf2~#vTmZN-2~0oHc)?#XkVBDkYK2VfzAYe9fo{_!FDsR<D&tP=|F>FF$P$~
zWq@0&Om#~qswo?AR|5Df4hDZ@`2jYPY1$IJp1zb<>ea(gm|~y-2vP(F%Q8s-xS?K9
z$lnsWg)Rkr2S3;Q*UyW&-`=W@zi30x01&L|&&{yW*#X8u;g8pYKGX2xX~0SXU<MTk
zJIav~AD}sopFmcz228(yVS@7e7eGo82v1z!OS$dGgR5bxiE{k?L-z6_`FU&F@!ue?
z>Gu}@Yy|Lgan(uS87Y(iY#sT5-O2L*_3WcB%Pp_mp|wZPVaTk5;BWhP`w&@8+yGw5
z4}jY;GJu8=F)+>G!NIPiM)=#6pte{mTpw90RKf<p?q@5&jnr$f1t9&#ctH>VX=Qq0
zHi72XF#crF>Gv{z|1d}!T-Jg7`{Cp;`ThR8fF*FVW4qDs-V+RzK#p9n4gPuh{r|l5
z{lQakh0pIRaE~G?GG>7yQ_z82#FrobktJEwF)L69x!q04^ZD0|m?>|A0RruK@UJaA
zsMdOhaMLz#m-7*T?*2spx_?U*(P1v!;A*7Wf-`b;gq-b$O~mli%^IKGc(-qS?uiMF
ze+2!%u7zu@vFP;(40?Tt<6=+%7KH@E$ZD8K2@!DgEeicG=}7>L4V;2kVM4aGo9ed(
z%GNEy`v$qgHei(ja4^XNKpO}OGIc@caBn~b{zNMSajmQ)T~O0hQBLCf>#gPmv^XVN
z;k!2!zk*=)Sb--7+1c4)tK0knh@}np-AK%b#N4@!jdKig#CS%uJ3tk(ytU*{@Iggh
zv1YRSRj*PP742|+#*`D?&FzlW#=5)ZDHv5eh<{XHcx;jdh}44NQTqwK=wm#XPISu%
z76%6h!52+e{{f@hB5C2{KCv6MKwvGT1JlFB){Qe&RaFX?r>|%Hr&WEe0qBU#6J>(1
z@2vs~p+^9$bVM->`6JC^;$ay*>7i~<;SyRgyn!|~T%(^9jO4;INM4<O`)TEq@%B~Q
z{ym_^%p`?2IK%2V33Q|ypQ}ekHdLplr~0mQF7W$|7~-zb{QOMn`nPS*;VsHwQg)7B
zfj7~cL*+(*uj-xSK&r8w$p+PHSk?KRHtYJFzGwd^qiT)AUMnahIH@4WS_QM=(*xF6
z^4z`?hlHQLhH0doNu}ywP%<_m<%R|*y}L0j_q~r%RQxLP?RQSHa4%;YDTL4~HJ!ot
zK4m$N!jC2ks8BZ>+!3Y`e{|Twqn2B*`yOgni$F|wXuW`3=N2~|E@yQaCS{%-Uc!(P
zlw{8+sy_tTqP+HZB@{=Gq}^Z#KKW|mx&pe6943f21KdJS#_wa2(2uM5>`s+7ZU_uL
zD{i<+x$f;x<dW`PYuG$oYG2D^@ZXszd>)iFYG;ly&C71yi^ni2AnpbqC+^x8d^(-N
z^iQ!&1-ibc-J<Nehgcykgw})@P|j!t-lutrIv5xgdGYRvr5wEAXu(5VKM65c#if|?
zyp{%PZN0cO!C&WO&iB@{aX!YG=L<ZJgTAoSqkQ4Ih=(@(oEhOR@Z0c{G&ysl^DegK
z(gf8s6Q-Vq&E|>7(;t_MTrEp46bY!Wf{`*_Xp4>89vR%=<_K5go(*G^>crSkSv*_+
zr7IAWWZmEfiH*&6{GDG|hS5uCg1uR-HJ#G;@UUIdZz_7Za2CC<X+P<a?eiCZ4$F^c
z{YtCb-R&)gzh{OBv#DQaIr2{;f(8TRmDM1qM^sVw{8Mh7ba(IR28fr31xH`+6ga$0
z#QVkq*m|*n*DiDw5_;dLS;l0#`mcy(p3t_ERZ0+lAg?Rll&bcO$NmysCb9GGpn!MV
z?Cs91t;0qn9Q>fwI6_r3AG`CUfHAZ@!O&<zTpf~yG?cbV_S-eS5E%7IW+nZQoQoIj
zyEKSYc3lb97@Y<yUu+8UuTL#Egg@WSd7M|UV-=<POh*)$>Y&f%rFCf+9x#EA$=wgJ
zOv&f+<5xVa^BI(IVty+6vWlNPiB=Oso#v#p)bdk(5zkev{bjIdSjptg1T`1qN!%~0
z?L;Ck9syAZmu@8l35i+U;z)48u9E5#%5{<ed&u>3|J~niBd?Fhw@PH>%A@?ug&=S@
zc|%-?01%WfG@^H^=K!~1OJ@TD)5KDDJK(uSB-1dlJdDe&)gX|J4k6j1m00=6N-XSQ
zG`1E;*^?-YPg=E>tDK7kNQ70d44C&mxR<)ZMD%O`hzK7q2+l@DthhC7HHH1*a}dfH
zlHeW^aU%L4r(A35^$AK!zrQ3kx**ccqn&)%HyN~s{!Is^1g&biw2!s^LCByk#D%4#
z7r%P$ZSq(K99JoZG#RYQVRhseZMnE%mKl0$Eeqj;txI9#wX35Ce*+veSa0F%EL5NW
zK|yv23P1mY!>JTAsX+}r0+HnRvT{@&enpFeR9BUjJ6C4ZUp3LSRVomehYjT&U7w8}
zvP+-@0p?ZC7YA=KIQF`9+1oJBr0oOM!^ddsvIMmxPfiWGz$XJ(u(d6JA#|Y9?8|zv
za45KeVlh-VhEE+{DqFZ(UAcdPlrO*?yRl%Vjw4o=W@>UQ<Dz5xBBa+k-}@2uF^_5C
zg#E@qdGF@KD)y%VN*K-7@aVmO$})%S8}DH?KK<c^yT#nrjs;>Yth@s-;3}w$Ze7yG
zk&jneM&a#Jw_k)aZV$W(pgKf9Q12f!ttSM9`;Zuym+)-m+=!}*8hPa6j}z!Pg*!i6
zG_(Jy*{8lL67cbd^dquB6pCSSP@009dK_stBTpirmv~d!c`KxaIjoAw)X5IO`^wt5
z5mLg!D_?8B-Dc5iC)Rgpfe5zd0OE<<S_p01770B)nDbh5vbhyrk><~4o&HWg84K7S
zk)2Nh<;Q1h$-}<$ho(R(X>!X>^H1VocV2cgwy&PQxtaO2$EVF*aZSby%YL{HgaY1I
z;ck@+KaD@!&AtS%pX(Er_`A<=bcCb}Rz+^V#!ly6lBe>mjQu1*D?yaXUr_cd`%?K~
z<Dl){WucGJty!~1;AmUiS{Z9X$=F!2kt#%%RlA<O9q$Rji>i6uIn_6d&X(zT>X5_)
z>4(qzl00a~oek<5#yw=Y6!4cUX|fcE5eb{BuVj=H`U`g2`h*lfL0}5XVq@P(|4Qjj
z7EqvG+l#pO38YYSGq%{(c@8FN?cy(%y-HqHqKMFB8QXlR4DxO%Pfst5?y09`d(TP%
z*mQ~amDQXI#s~p5D=SKyhz9;3>8?k%W8L=z5I2D0)0v4y!mjVI_rjZm7|H-FqZ8c%
zHO%`Yae~)KSFdMk3{QQ@nXHW8K6f>pBv17bB_4tk0c=}J)VTKYHvS@D)_NMeUDdFK
z(p>lVM6t&{kbNb2{Y9*?o)$kJRLwLJnXd0A<|f>gWbhI`%$>xibZ{Witc$h!BlLF&
zdVk0mEKg?<aK4(@#yrtLl#(7a6K`l?@@IRbh5~;F3QX*$W;)ScS`%zt%AVx;K?q;J
zb!QjklTsxw4#Wz>4=&?a33WYYZUG#HbXr)$#=T2Y`Ir|4vk&KD$+<Kpv*6<CVSWlz
zaeF&f5EdFc{Hq$oq*HVxLRD#u8bsnEXfs(xo9*q#<{Y^8xGa@hexAPq4iXYyacd-k
zY!?efFtAq{e^98vIste_J;1WoxY_QC@`VvPQ_rO4K=e^_`)L*L?noFCas0J#?z?WN
z(V?rM`iK6o=4?1Bz(JX*b@tvmHaa(_DoF4hmjFWA8N3_e+vBqGe6PjVBp>dRAfP$4
zhHW5cD`YPjf0O|AG#tPl5lKfFh>xBVWiBX>!jjZDSz2=+qcpoc$lMA6WhM`(9c{*k
zje>HY@KE$GR}elmetVHMHX<}8;gws-!;|rk;JJ;Yy}!|1drmmN&2vn_@Y75gswvW@
z0--{E_?%jtz6DVQBJVpEZl7=yK=m;BW)^7%D6EwM8$R$zcMX^Pmv$9oLpqE2!ZLM9
zoe+L7>q8LAzy1*PO#sV&+|2~YL1#HF$eGkbk)Pwzx>k%(L9BJJyL<33`rsCOj^y=T
zmBgev<m_U#QV|gcD#8K5w1-}gdiuK91bKTVG=acJ2@($+QVnRjaOr%Y3U2_ZLNZ4J
zk?<`VG-iyHk7mc9)Uo+2fOuSf@s2j+4zuAp^9>M2B4Y7`xIE<SDSljmb$NEMd?pk~
zy@I;tL*9e`+e#%M0|#&-zs}PFY#vs*oOa_w?%S9TIaLu4t6ubg(}t}Y+)$bs;y8L&
z<x@drrVVf7+L`B{Do{1X{5%tS|L<#^8r5BjD8oMGTrp~lk@Y5cJmm3JiLu7q1@PLP
zjv1|2rk=!aRzSl4US`?P)d*@&N6<q1*QOsno<~Z`3{k^3YCP9gMnK-ldUst7XdkFP
zWiWd9I1ZGjQDLSblc-f4@5`I=?|>x!w;RxvMRpCFr@yW{RX$Jfl>o39FLeYQ2%?fR
zLr-Y-$18}ZI=Ec4vf<4Jn@(7m>@;Plo}HQ_*8Q&D3R5+@`8g;-Cnh0%*{`q6JMGH3
z{`&zR%)=RE@Bl43EPD%YqIrgGsX1g0irWjt%(l(7De3C%*A;l1+-BqXTa(0Ta+knE
zbltozEiP`ejAyK-Z!)MreNqeBbuhk21(H~R+XzROD)Ry;KN#~N)^9k14O9>NwZpr1
zGg7n?#Y`rcEqp*mp<M^=g8~p6tlfv_FVk3>AW;XHA~ol~fXtu21TYyT(!-P^$XOC}
z<Th0x*8>SV^C`}kA=N&&nyYd4%vbZdos$bSrw3g{q6J9`!r=b@<4^rN(uIB`Q?%S#
zT;)psc(J#)C4914BWI}uuo!5Q{#gXp{M7WcI~Y@V0Hzi|&Af6AJ9y~s_1OW8&L}ks
zXO<~6F8ZP;B`2q%Zj^zhU*5gmzP>E1lP_x&teLu!k^vegv>n0zFl<G_SF&R@u9x0)
z+o4snGnT=oXYn`!xybzymq6j^(b(R>mv@&Z<j;msDc<<P>?Q$A4NKhZD_>#Gz+fU5
zvbDgUejUSbFFFBhM<#$>47_>8#m$>vLf9v9l?C4mfc&A6b6skPWg-di32i1EH&4n`
zll4K_G`Y|-W2BgIZtbC#_r`69#@%~qdyV$e2Ls@6_{(x5OXUlqSF?z*biWksQyKgW
zjtfLl7+CR)5MTh&7pv{@Jw!r<M9$6_?eenC(zWVaEtQVw+c+ECKM$gI4I{IK&N;w&
zKeIf}-};K5mv<l0`}(T=F>gcD&M3<#C8qaA*jCM7D}T7}x8J__)l-yC{HsV^4kZZV
zZx8W9(x%oLI@OJp3_rVht*kucGWn7hpuPNjMnMcLBk1%UYANLsFpv?p?@CtNo=(+6
z_4a$AkMW_#_su2-<PE)zge+P^Z*^@nn0@X{p^qKU0f$8XI}8F|fWn{G!s|YvGRsQk
zyD4>uIexh=y?B9)8`$HibNc)2BAt?xvk$z&{6!;<GD8aFl_;DIw&&6brIlIjuX1yZ
zSh62@_iS(6zG&W7036aikaU0t$%vsWeS$||zP|%X&BB5goFd2FRB`)tNPOjeX^MaD
zpNThB-ss-GQ;$C|^`QB7YhkdOc{mkWy6I@w|Iy)(J?QyU9%|Er2v5V>_IhJ%9Hzf5
zIe4^90~tWGYV*La%M9Pu>w|Mxc7)Ok<&#+8C#>t9M86u%mgTYk^B`&@k|~#px-zmR
z;$!??#}J0GF8zebS2R7&6>mj&j~WeswR4`Jy%v<jzuEQ5!J(kO|2z8ujzm0jUR#0k
zB{ujhnaDaz3^~bVAX=KC_f_@DQgw)hEv8RM-WcR;d~XpCTYMSdAQ&N&`9xy-Qz!Mv
zBjC4RMrTIgU;8ZtHU}IRB*!=19e(3Me`_LjHx&-ZrHBMzjxb*4Z>~$du*nhwQ(1@R
z8S@h^JMDt%1jZ?rm{Abf{^#|sPhKX@i@Oi5Y99WW!9WHk=cG%a3jCCM{l9my6%U*n
zI)8P#M^_ct5O92NvLU}ZL9Ul2M*ZIZzJEtU0OzdcSr3~dy7^D`0z$jp3i0KCtfd8f
zxk2SF2RqGBr3-xPon-9DuN)cK<z^8~cDC;xq}#{S34x_32}wV!8n@$vYsPR#H%Ih_
zRwp>>QlNq~Akz=*wuKAOjcVNVEwa+~8G;8*mFxB`|FGO!V9use^CpbuU^790^Mm=`
z?~6I;LiFf&ShCrvPN!adjJXet&IB+IzbP?13^a$~_ocROUXx#llG7i!qObkktd8;3
zJ3uV?{cu=7i})f2KgbL8n}g}4v(~}p5t6svdv&iqOrQ`82NS520|Y8q<Pi_PkHjaP
zM66`yjJ}qBxA$&LpWE~#aMHC^Gerv}2<1O7C2R~hPU(SWhwElqV`J5J#>|S>=3Ix4
zVo@OdWAlHWueywo(#aB|iV^D`!hoX;_SgX^Oqe5~Fc5FyFQ)Bt9li&a1G6JPs)YzW
z`bj%Jhf||uaI1gH@z1Ryo#DSZ7}{stj5enhKlf=CbQpl<qBgIwWXmuDVdFUc<wcoR
z9r}=^T%tK~9XpPIs|1^&bBmlu;&L!n?_c|sdV^Gxx72a2=@~z8w>gc<)HW+l^nL*t
zGEhn|)_<(j{m~+`U54OFU?-bM$z5aZ500<{tG&0xl>YvJ>inC$BSYYxt8mN&7Jv<L
za%<ajbn4OL;=m}~f9dcO9Q=eHeKT+wx-QM_T!AMK^-s3TakX0PtBYrTjA4x)Ji?7K
z`8QEvdRFoJ99fcM)SJ$^_ReEEp|9mVH=NK@IKuDs?*R4izjk(vKvG#(<~_X|&RG|5
z46FpiWb}3`AORUikmvp>ChEuidh{ZE#~7q%zisjiUmbV?{{yNKS_<mnzZ>PUn2kL0
zw=$SB&U@K#pj$iux&)7W^><T?q4Ypsizn9>*;&sLu)ydB%KWaUKq@q~&K>g@Y<~m<
zk$<|mEFEExg$KI%nE!&-iwS~VeD(jjf*S1jMdR7l4`thc%D~!yvUw9UCu4)0SQ8Lh
zs1^UVz6d^(dGX8lHU{Gy=AtUFkPad{uBl3Gr^XGiizwQ^Nm2%z&!eR9Z9DwW*FW{>
z`&hD9@q0-N=ainK!ZLQ!-{mv>wOS>xOkCeZf-nN4xPin5v~tnVuXVrgN|y>$#~J$V
zU41z%$Ci9|{cW^17<77)jqt8yYt@%#e8JPGwK}JX&v{lI%p56Xx3pSxeUn~ip4IpH
zEXs>WDVvdV{ov;5*WaFA1yj4|f)jwLq&qHy><U|%&caYdTo4qNX<E3v>#xA8Ted|6
zdCnVn`x3O*76xwb7Ri4(-k27<rtZJF)1w}5u?K3l84evN(b|bPNCd_qHBg;CMGVzb
z=p;vT7#V)q0$L2R&#o#-(HwAqSg;7-@6N{vevKA)>5O!Cu(K~ks(VKxVBB@Opu4R0
zvJ)Y(k!_gAaN#Xxel14Z;HRM8Q-R=uxgy9i`eD)4I@`h}Q(sv^!iK!7NJD=9;3WYq
zE@>5~0{$BVDgNj1N&=D1)F?2kOtAufiKhbrbA`9Pdt5BFCODB|>STI`bBi}rxF0d~
z65A}lVT7cUyx@1)?9+1hU2X_<3`9tAru31;f_V)e%oyp*;Cv3=Bi($n7eBE#B))ZZ
z6<+!C=Tt*nBKk*LaZ*g<v1e>^_2>J={nd;cRN*l!+g5vaueU^%3uL1bP2)@$w?E5I
zP=9(C?h53j<xU;xBeur%qu>}(Qj5YB1ZleCcti?Va{0YYO7z2cdygB##&goXf`rUf
z`Gusdzn-WJs=6;;gzM4iztr0L9u`bqi;F!wXui_4iR-2cX)m2-j2G?B;u4y(6ig+V
zXL@wXPX0Rc4frAhD2}@gar|L^pu`Qd8_e9oPT!YT)`ui-XS*-3#eKzJ`5HN}_?M1D
zWtvEuj=NdCrlR9?J~^8}Mc%DK{FvaFdw+3u>>?3zVVbY(j;`?VmAU4qYT?Q5mi&C<
zOLSapv=U1R$lNhZmSt8`c{~iq{UqfYac47ZPj#c8tkQq@K;>3q(W(SRpp2eRuAgHJ
zXKWPu3U?v)pDN3ggRp#HE-q}L>~D)0?~rL7OFgM1=Cr-7Q0($1|D0!R;f(HJz-4sg
znjf|oxM5hmWo)Cip8@CjO&M}<*ZWTA6vWm6M~0L)?IuHp4;>BtL*H8Sk~q*lhE-p)
z);wGHHMHcZk>8%(<#Q!@UA{l_I+@OKU&^BI2%YFzq6xQ;y~0nM)a}dUkA9K3;-_5A
zoum#1aM0C0YL2cg!{6xlzMqcK8_b%u4~p#45gk;4L@TYbp@MQg1CEXuMiJl}RbL}%
zJh#jq>+e*LoVq%1Ct$g4nm~<?;HpEKQV!~}O|AUuVt-(<{Y+h`K4ZjIXFaL>LWqBf
zdHmdkghR4=xkZ41H*!3b8qa7*J6`m8kCDfh)E2LAn!WH3MwxvwZLw4E*VdUY3~%%C
z?A*NK@#PjH5+u{NQ7uQghKXWwAITTzGwoC&q^Qq)AWII=CWU4r&a<ACPFV2EAzm<l
zREP@8K;mDr&1duF0c~UvgsG-{*Jja;fwp=4>qC8$)i?NYFb~ANl=sDgMeZQLp^91~
z5$e*Pqewo;4eTZ|!hRti*iLs7YK*8Yrw}i7ZBjndG$w{>F=k!HYN5Wb3{Uw0X^M-o
z<-2(8t){x)%2PL^RGZjt4Rv*%;#-ri3gb9#Y-!7%p)~Mf$+@9vxyGOKlHlO9Z)7FJ
zG_-?{wq1rD`MDGLE%IWziC*-vm}h8ZtY>*no>#sZOf+LS(r1v!HqqhqC>eV}DRk7J
zPm;DU*^*xONhW9khbo+z^}iiU1C^cI{&ioNE2jOUvr458);u~D4!I`@?iM_l2nC8g
zbyjh_7rmjnrS+r|THiS>(Msq9Y(EL6#fw5|>V_=kYIAC9i`DQ`F@4O7Q}kn<x*e}3
zw-fXgSunO`O;6OUCGfXhEi_qXQsm`)kqFgG_1$e*up?zRMabOl|Cqj^pm_yiJ(|M5
znM$6}y#nIt10o})byQ%+4&sA^YLIJ9Ei{L)%@UqtH#GJyPi=00M&NlQJx;-m?$2Ir
z$h}6d^BxYE_c?=t1vFF<4VUMAH{Gf|dt@$wZ=ELl^kjZ^FCjl(Q{F@G0Y!_Opi{qE
z?MDw#jFfvRNE+M7e~3fODV9ZJXW;&~P?`DbS&MdXS}X=t%SV0N2d^sj&0RnQ@NsKk
zU6lH6Y_a<Sg56w<8$K<-v}iZ-Q4fN>GqZ*A9R55s9gfP8g(Cs@8%qoh+=sDxSurG$
z+ne279U|;-N%Io~qfI9LVfA0D^SZ}gGZ2Feu^XiI*nZ-dx$gOIx4*|{MYC(~RHt6)
zqS3VAT<Ws1i;zZq8@6;(q}i1EIfQ+Tt)svHznqL^@+6%CNgLtE?AtG`TUN9pet3eW
zgz#~*TDLoa=d`a7p(;P#8g(FxOy(^i5hhmKS62ABgdb|K1G|Jr2+ftXmNj(s7{EAZ
zO3K%+?i>+CDO_PCK6Mh&c*|I;BrLyJ>WGPtcyo%4dAWbB!ON3Ua-&a)apltEls|vk
zcQen{Fmn<&sa@o<v$aSgMYbjN->YQ6Hp-^YfRo1AQf}@46hwV&*a!09NYD+97z!x9
z7bSk<m435yZB&Qnp3$e<BWo)MKYu1let1eM;?<kD9)PJALbmk~iBBi;m+pVxACR%v
z+6WJjUV3HH*2he0nSpkDI$_hDW%r|l1sj*4{?1ra)p8I{DoseM@P&ZmQSDBih?~$>
z={U{1KWJx9`bJ<7;fF3O^tZKi++O$QXAjxs+U^QqzIYLBoWN}I$%`nE;Rw)t$Y>5<
zKpKbjdcs}q*K8(u)jMn{R%?lX4@6`Smgl7Qc)fG}LKdwerWj~k_VL7{mk88$gHBQ0
zAg@N4mF`UFF|=fXsvnkJ0ZTVcXNT~h)`iTy^h)MaE}P@!c8`Fqc>?otL;gRqafF!|
zJgeBBAOwfRXGrvO9&xAo<4AlBY6*D==4%0;o->Of)i3Q@fjyLiHcXa(<y2XGyhR-U
zKZQWd7r349d&RG(j|P_tE!uASi^1Cio7G)xtM3L&vJ0#QCI)YW44RXcs93t+I{mV8
zP{r|q_clI|gAR3P^>vv>Vd~+gGJD^g-$4z%9QCs_35Pmrp<czsD1RkaY8@aPtUtn0
zsY94`KR=~8n732x<zA|M>I%;a5*mK88W$|IyBlfJzguQ*0V$WYh{VQ48-Ym*iL`1x
z0i*aJiUwhmK4l=^$b7&zRcUWXxV>~VDd|-vsXS!(gCy6}X6FOla+PD5Y0AW`?Ly^3
zS#L4L#Lj4tq;$`?<nUi&BxFTIHm!l`WlQ2N>Pe3;g1+yc!U7JhL`aj<>MZ7*>!pp}
z+eNm5v($FI>QpPy4~l-I<u3TWs_<)$obGQ{Ecib#m+!diHYceK2&#s<<(H+X#oc#u
z-O9!J#nnQdnp=JKZfPXh49LVO^e07_?|5wEf+*(OnMv<bY!_WUfi?|HTy6wrcyEwg
z)$H&sNMDLU1*6P{$F0CeTV%)`L2(AFvi`1D(Jk<`k$Zmpo(rP_Y1Z4Ur%tN!Al@W7
z8cY^!3AZwlK8@d*Zfv7lM+jwMxD^B%2hvmFtj|z;%J$vZCXC}&B`hF9uiV#SJt50W
zeqZSAmCjm@9&x0lcTF2(y1=P<qS;FvW{i9|wxm)bmn346<R~4i6Kd<dz<czlKKFU3
z;N!lLGw3;AyjYjFWM}gyUz>PHYB@Z<s8fP{IAy=m*I=>2FLf31?60&)jgIDkD*mUO
za=Sm3#`xwj^D_SMED|Bdr%Az48%;=Cqv^Ys?$SF3t^){kg9!QtdK9S*HIBPSqd6&R
z_kg|$M<2dXiTReHXF<9O%qsR^XAl(o%C`k&_WMHy-bRg@MJ#&JnJP$x^6x2{d0p#c
zR!R}2wt3~7k9P7cGmpY1>}~==Ow5O!Y%z2$0J^pwV6Gz;>;sfvpV|cT6vG)$E>(Gr
zh)%b_h|xb{M-*sS(V+ap{eGy^1mGF%4H*`vSXG91Gnkz0R!9(cWKwz)@l_${Yw^7F
za04Ex6p0R7Z{I`1I@iJq5s*;|{kn~Dj%k%os9T~IL;TIvvJrM=fh@Jm8M>IYYP~aF
z+!#hnzPM-cexa9I-dRsiKxGquMV}JA_aE^u3JIwO@vn+03w$6*_2T8{aV0RSL+Kkl
z!G2wZi}B@aTDj*$jEq;JHE~(Y^~>!7rscTpHfk`mx)r<Mv*j$}Je6cR%g9t+yS*jM
z1u9RqGB3@8Ee~~q6{;3kaTJsA`9yc27@8J2Ewragt8+V)3yoUTS-oMu@_{Kj=(IU+
z$$uh<+Uw;<&@cHNm;Y^D^esoB*U;u8<ypj<ligR1CnsL%{jPFeFq1nvZ3i;{qEhtp
z5sl63Eft#QzDRC8D|&^;U((@~g5jvjjzsqAg(}l<12>Xg9K*Sj|CjB6Qrxd7{mc?w
zI!`6mcDA}rPQrwy1!GTfgRRy;fL6pAFBIlxIppHitJk?6U9|EoHw7cymKgoDZ=WA1
zHi#0!r*XN*#^}Wx%bTewAo7J2-5>JZ{MHqE{MyVWBQmoX9UBlvFjyp01{zRL{sj8Z
z-3T{(d2DyrmiC$%CO9$h=yoIm`wSc8I<{KmdBb6^1<yTmxUpbb7ZDkA3U9euW?JTr
z?|lrpe=t4I91c*Qd{Z~E6a*Xl6*tX=>{B+l^W;vp5lxX*38)lWJ34z5O#6|!)c2aN
z#Wx6Z&QgG`@phAsk4NME1tn96Gr7TPFzY5o96p@{Jq=@1`+{r-8+C$Vw(8v}k)K`7
z8ZO2-G0jQ3cN6*ZZ1wo5i7p{o@<1+4r8_n1Gvorc0~{(^jo77+63tStV-fpl68S9{
z^ub$-f_f7=8^VYaK}mwQ9sg<IGgdV9x;}jQY8vF5dDOU%EdI;0WXbZSvzI^Fs;iu}
z*Hk49Bx?aUqW8Yg(Bn2OSN8+_*WyS<@5YByhmyC}5!8SS0y2A`r8(}kwZA;u9@Hb?
zqbj`D*{PS}W2~B}!6jYi{AO(mmH|hww2|3q6^EBTE|`zhO3w@dlXpxM?!AMv+1_aG
zl#~NGRQ71KR-`lh=G1<}saP2whRN7kK7(U}lRl@X5G3AwLyppcW{<sRhRKH=;Mn1y
zNOA7w5b4XKyGA8ds{&KP=%h_$)_~^zXCd8`uz;#BEOc?@L;dp_fjSmsBD4!$yH#td
zs3$<69pVrqt3$vF{3KW#y>sbw)vQiPSRKL-t2@m|zZ>cq8YADly)qx(67<yd+25Sl
zrb`)7C<!xu5UrXLuQ~|Q$EVBGb3i-@WM#$xr4a+7cB0W6fag@TC=%EMWFU_c4)vgK
z!@M?Q#U_V-50!NeT##uW>aKN3how8-32}S|O1qmK?yqBhDB=NU3d``n@wSzKZoSV{
z_27%|XK@FanXvl{eG9+Y`NSye3wRMMX+XO`!j;BCt|&pSca-Cj4l{TV{qoPsqQhn}
zLN1yZbwE)2`1?QQK*ttPn$)r_ZsXp@ZA!1Sa(meS$qvAm+ZpuMFUBwf<*owqt!9!A
zOo0JfFpBVWBMf9?a8xqvrsQ3qF=y}zXKx}3(ocZD-3MaM9;gen+RVG35rk8svAeow
zBSv2vDE}s#qgqMHMX1g_L7XJIosA@q8<KcbOS`?<`V=ZS(~Ugj-q=_A3`8UAg}7%M
z-$Zn%i&K3ZRv(YZ4y7B0v6scnf{_r|9I4)8e`7T;Cm00I$H~IAPySNatuC;xQ;*>S
zcZ3lMaw`)<L$J2Nfo>iQoANxDT4yPNgX*o*w~WZ#2{f-B6<RIanm!tqnxF*u=K*Z)
zbmG2o!WaM^lz<;KQ3S{SJlZ#8d7M&4=u6(wMpaZfe>RujGq~=Q(pd%_j^s6z7|wd!
z*pVklQ*7yWuR17Kg=yS_3nW4MAc76s6=Jlp=Yi2f2{8B85&x}d1s0}uUEe<MXfAzq
zsj&ZkIAa>*CFna)zLZIzWb*W|u`AG%Bt_kaGVQRq$KCIw$l^>BZ?*x5+@@+hk-P}j
zI2!hQog3Pm8;S!BTLm<V^vVdc0HoF;OlO;}B{#4pISH1(PeIqLT%Y&|Z!tnhf<MVC
z({>p2NP@3M76GMggLL~^%4Qf_3g&I>zdL@FVuZA3pk*NQ87?}(1eo476_3&@XKmqV
z&(%}5*?z_k3fm9;m&Hn=T9-3v$wUuTe6KX^y@GK@3A4iBgg{h%wCfBQ8^?^Z_b;U@
zvn9O0BB{p<Ha)r(L%rKBE9fg3pE`o`67AEjn5r>CEwQ9nrt4R;LUoW5iV>e%oRZM)
zkiRJ6+3C)1`Nn}xrC>-v2|?(G%|F_{#tM}60!E4h{)K6fXwz+b-bL*^o=Hv_ktuyg
z+m*ZPo;D?s4ajprtw=DDPkPIs3Y{g*TW{(h;OeCwB^+mwWF8PaX@8_<SlkgPD;IRe
zV}Y2)5KT$280zs+rUwXg|BBewAkQ>b`q9?&|EayOYvDw;b59VoWbA(K2CZ@Ne^bU3
zx~KRE{KKFdTh7GtsmwMsGf<w6leORl6iP%J+-ZZei}^t@Q~eMHRjYV%2%P2Ea|yW{
zVVj8VE)2ZI4s$SnneO8`1jfw%43ltyX0Z`yT>mwJS<JRztH>gn+5T{7!3E5JYDZIV
zQe2&%CZB;GzfLqIDsemkMAHBb<_**tkuUj-=*oPBNMkwVL6hD_&6tw(u1B3`s=iPb
z=M<}6P~cUpbgV1yMH=ChmTMa$TL5S&Q-gmE^w1>M-yW%?>J99?YxdWrGGd`l$!OAQ
zJaC;JW)Q;SaE@BotJ&g+o}-oUfj;GcE=~lT{R8|NKmqZfM;;=is6NDYMc;2(QtcXD
zr3yNQk#$;TFTv<c?}E{*4u|Q2aIp-{47f;4l=R(KmD!XtvI+S-3{fhO5HNJqB}!%P
zV#anp8`R&8Zoud#xTgg_jERo*5{iHz6qiR4D?F+Kar)i4Pv}6ADV{p`M1I%H(EB)U
zXqAkEwYu|iE*9;MRtSu!&DCqk!CbVEHW4_&1y2h=y~UJOO|m;g<BmH_l^^HrdU14>
z#~ZGhPR<(ant!i6kK{><cHJ22FL#OT$a5!Pb&?ZE?Og+vU5B4x(*VA(!*wKk*Vb1+
zS(xN|ZGMz!4q(b;gvj*+L(3&P($vfo+0d)iv5mLE6Ri54-}Ap-wiXMEBWWaqlOJAO
zkJKR<O~-Kc&6*(lH2)=dW_F+b+=i+)h5<U*Hg4}1Uv_GIgwB4Fh0u7{WvR-8U{5Z1
zG4WkREOlng0U>rxOSz@OgaMVI1%*WKz$D-)tZQ&0u9Ed;=Zj506A%15GIjI${A%IY
zE3FlFr#&t$tnzMC=Fajag-U^R)rVQS;HZr1wbxaIXXY)4q<WDqt%s_&Z+ilzKr8`g
z4H6hl&6VL<ldE27o<+{D4`vm9?P}mwMLGs&*Q_XfGpZhR2@M@unHiL~Z-%-Xn}Ks+
z9pQuB8b~zWrXB?a>RV1FvvBaN>3TbMK3<CQX{_H^-@&4)tjQSNk!a<_$+B^Soq2pm
z*h;mYadoWg{gAqQIk4kC&>&HS9VosVt|&#EiB^@#TWx<5?GdskEoCSnU_c_x@T!GT
z59%jGd|jCiw~~tdl$A%ZfVW!WuUH+d4EO*Lw7xtCK|#>;Qh_?sDI?95Ebvj^Krpr-
zgi!BMfuLH|CZNQ`Jq8Y%tQTFpKXp^9w+$HKD@c})l(}n7lX3^lC%LwZ7b6f$53rxz
z6A1U;GIl`!ctdsUdPT71i7g3-G!<Nc9vJRc;MWIcu@YUdv^jdutYyKGA$p>AVfph4
zMJI`mtwj$CC_bq9(#Y|QO<Jc#T8|hbuGk6&phE9?hK&KAW|p4?1IQKTr}%!lF{b&K
zu@-w(=U8IqIw_ymK33UJ*P}_5HVG2F{v$Yr^bU2Q!fh>SZOUHrp)*{g{{6cfnIGIV
z>LUCjUWm^K(o7iES+~N*jpru&FUY}Kl;{E`41yZ<gmcS^$cOEc&nh{=Ik_2W%bSAv
zck;4!e?n<yH?vJX{+Xn(z*55;0bHLYWl$P=<)AxffP(o#<=O<zbY#wfBp%52Ol7Rw
z(P@;7E8?LDE-6XFG~Z1Uw9L6_+HJULR*ZHeiVRh7tv+D87!lcdgpHZ&K=Z?`f{3;<
zF3n~5(Gm3~a6W~t42W;}UH2+TNVRW5G}Ag@sWGZUTR5m2^P`Z=j#Y*?+$vp*_fdhZ
z_c6@@g?D`>@T>9nm7aF+Qltz=g0-KjiC>8=$f{7DN&YOX8G?&fbW$RN9dE+7Ud8A*
zuud`q2ec?DCjLif$8DG^;9-?ul?bQh()!iCM!E?~GmAMB)rFII{e>x)Sq2uA3rrm&
z21ROE1<Z|!fypP*v&!ap<OJBig;(1$z68n(A@rb30^v*{JtiY<yC|)lJ9bJL(zh|8
zOMu0gR#iZ!(SDsV#``R^+vufIZH@G{0N(lI`khT3`PIBiydXVD<t<!EXN9+;-(*9%
zaHk(ais>xaeKqPB-J1I26UoQmW5vw&D0Z{4<B!E;L{4|v=TkF>9PwXVfOo*V20gl*
zk{4M$)(`&1(sF2>M=shD55<j{z3>3#*c-e>qUM*kYtMYn$kQB~uzNcgf7$I{ApiOq
zze4WWxKnXEUZwymxn~-jFMr<L&SJ|FaZX62Y=CYWh;p5rLi~nkvEy7U6FPXx;PVCJ
z92K-b9~|ayQ>nqX>+BrA8v0D@0L=?k8P?-@>vYIsYCgnO@$sF@wBS8vrcHMbIphh8
zj4|adH{K_BMmB!b9BJ9S-~_T7O7b|9XX&*Kk}|wjvdclZnw^%E_u=KmO(|Y&(bNeg
zI+M4xwLpoUYbi6(@beHE<x^|RIfOLJ&^d&H$JC??b|_#lPeQ!me&j;h)w0jk8J`Oa
z?cjUV@RZ}^0v>Hpe9wG(C?M(Y4?)<K4o1>$eBt1kst4g9jMZU=|F)^#JJ2hDIWe3A
z;{Dar)Msh~C$j}lDHHtcZ=ZhleA(eWOzu=ud^TWzk8+)|-?8xE?#eky9KPzQ49?0%
z^mc^r+NU(YbnCErHnPR&=rqZ~pX%aVb{8xtH{A#@4?|@TPu>;p7EV<by0k8@jsl|L
ztgz)Bfw=jlKV||#sMR&R>!BPV;;3<!IX}*7F5CbOWjS_I(-_uWFKKEH#-EChxSv;m
zsFj(-uf#yH^cn6t(ga?L-7H3SB0+iC{XXGW(MG*cUyAGp?<&i@2d0Pz^PdZoyWP{w
zTVZJV_!P6hmDl$@v%rc1SIf_FaBN#fS8Ei}Cc`qg;OfwlNYpbbY*gZpO5lYVF6!>>
zdwo}jU=K09r)Zf{KNMx^D?*-(Wz(|CBu4qU%A^g!exzaK9U357)#<{bl1pZHAL_@8
zm@~4m_!5c97kQuex$}<$d2%<d2l&^SV0es@0^hIu>YjA7<F$edBdrb*_gd-MIL6?w
zG7;kXFvFTt+Qc^&FApZoQF~CpH|n+sF}M_d{;en$X9k+}G=gtFN}j#>5ij*?E_I0S
zSD&b`fNHVRquq@#nO-20)?s#a>%Z0e{@M>Ho8OJD{MxQO$R*|ol25pxA}rPr{zG!5
zsEKp>gD>1kw=3iY{H=5};rQ4A)zM^(*DqQ9wq6vi^fmq7Br%|VTgN@_+$`22_q2F=
z%%R>7oNPo^-kof#Y;ZIuY57``RCu7#7TR1&?8Iv-N>>8F%I1FYmPJAC%1dM<{aM{_
zhH7J$(l;XXA8YOLqEC5-XB5a_=D4uK(1Mt$^8eAIqek@>sasjG%$!++(mj*(Hv<($
zc(-)BkJD|mRkSfBs)5o3I`hS6osDrrK{eWz7w>-YUa^@bkod(%pCR-KSxrpCmw}Kd
zdWAH#=M6vpJ&}RO=}3dRs_FJnQogy^rHy(u)DHe!eVIega?fh+M}6Yepax*Ex%J{|
z*LS^?mH6Z<y-1}Mh70*hlzJ7-c)rTDTn_`DoXO?X2_7~Bxr_Yvxy|PY)9;H}FG5Wd
zWN<Eba8dbA@j_!z*=OE)no_k(M7iys0f4E-3i?{5()1>xJQ9O&AvL<3B*IIU52#wy
zOzOC22$ILovoPh@ziLIha3nkWpkcihTnH}-U@LOofBklW?j%)B+|duX`08^EZY%x=
z?Pj1ooBnYlBc}zxtZ!^bvwulB!yPcS4Nh**++r624QS7ofaj@Q{anyDSVphqCM3%n
z+#jQj2hZ(2Df5lvC(wpGt`AFZUiC=4YMYM*{s;Qu=TyfT_lYY=02i;cTCCjRwaFj|
zG<hU1_&d@vi2Tp~(}WvZ$)%ID+inaF4icV`2qn4oXR$tGv}maP&*_2<0_BEZI?$9z
zYUgW-yDN!;=gO*|;iRMTXH4rastb!>mG%<JidQTD^#}qZ2~zE$-au?43D&29+`1QK
zb++T-B7z144pf`$T<1(J9~UNJJ<&%FystV~T0Xk$IahEjgd0rNtDy}UI(nH-zR8J+
z_z0{K`%>i|hAw8be3Qd?>h;4)J};M2w@Zsc)cWVBj5f0G)nA?<JAbxQ{;F9NiAMKh
zrc`Z$x~HPcqxp1r+-rt0oLX{0c$(&TlFo$8BN$9*Kf$UhxBRu~JlR=QhpSt@X2vUb
z&g*I=OL3w!ZoH*7*QyTwzIWR~C(@54b%I*)<Y@lj>r$~MnQU;qSDDhE4Q>$_{r`2M
z&NWJ!$mcGCR&EGhgmtQAMnr(A)PL>K?q=!179E*(bOGMW!wTrb!FQcW{-Mnq42fv#
z4P|Xf!7afVP2TEG50SLLen_JfhsW&RzkNNT37t*-f=)K}q7H4cl9pmKK>_KpD;Yp1
z<ahIzH49GGpjU45mmkYP5=|uM!$G&FZ<J}i`NdtizXT@CEk6)jeRoXI$0>yKxqK|L
zRh_C|2IPF&dO~tAICssyHCH*_$aFGoxf!G>c17;s%{Mw|$iHnc_G_8PwP$n}@#pqq
z??CMU@6tFzSxO%-O2<tw=D7%wU}~|cB6auiY$}5H&e=ZPN-IzEg5X>fc35`(@DQ02
zaNn-bgcqZrMM@zbtT+K9*b4E3N|52U;D^Zt;?3Ifq11nT1I+xQ`2Jc1k)&_snXvb_
z%VwM?aERAiLU>HnFRpzR2PO8j-0<QAx8dkQ5D6M1bto#Kk^5s5#d0($zgU;j{VK~f
zQyAY^ai+$Fp!ZD9mM`COpq@M_M4Xv8yi`Td`*sh*0!hYn;az%0whmd-$wyoGiclF+
zv8Sn?*G6vzB`I{t_}4dd!-TtQt!_HeD39^R?Gm}=p%krPjgig5*cDsO6>ch!dr|dp
zJ3%_%Cx%CdUB0<5=g+##=oxnEzBhM0uzOQf2+b2=p!u<#a$(%3F-(iL^DtEn_bJ=F
zl(SUd({@*~NR|>OWvC8D_(0yezGh`trqam~>r{Q5ygmGSr@qNL+{1!>BsPwy4yWRr
z-%UBn?q=`K+NG2Jx_MPRipzfm83k5V_&^h}>VgEi$47YM%<%Xee$BN*HTe_y*BLw<
zLfl#78j48eq_z1(<u&!jkAf|~2$Stpe$RFqbT>zm>xkeXav_V9yvIDKU&pUmHAGNU
zr`{Z4TLtOnw}#T8Ts?VgIb(WK$?g^uNuBn52|zJq2_(XY1ugacNp`J%V?m>J&6**y
z%PzT}_jAOp<{9LQ74A<Y>S0T6mg>+CB*|-R1+cGdrL{Mbo9e{TBLu~cL@7KA@5YDw
zBrT*wmHY$Qo0SgAayA~&HeRXXTR8WF8}svzFe~Fj94gsAjtH8ezBiZm)LHdCM!x{q
z^oyRt{XYZ{)iW)_wLV^(y(r7Bx&G+HS-Qcw^<cs(Xf_ZncQ7bGnD69~JDkW^FK0c2
zKMubo)NqYQ`Ip>xr<lcJ!SR!C>p`Q;0tfR57S8!;n^j{3!vQ8<!$eFYdpwVAD!hL$
z<wF}Fk}*+IRDl1LnaC2zsSMy5xjbdz_-cUGIWArigfsd|Qqef{SafJsJj&Bj_ytPj
zr)S}EwP~#Q%34|e_xt8bG#1xR*+Mna<jOW1Jkb*(^R!#5!pH={tb>~R!u7rMO)`N4
zOj`I8rw^d<{8vf>!|RAWx3?c7B2*x^AK&G^zt8fahvty=PY9_ow_Uy+>TU2|FmZWI
zN|__ImT!SAUPDRtJZKFs_jI*1hhUk5u}|Nk!|lEP7v^kh59WS#Mj7=l6CR|M)FFc(
z@Qj#WY9XdpH`y0h<_yz}U4%}P3rd=!Ip6~$|AJr}TfY)l>c`UPxa=xfbd6wP*7-px
z<6{v@MnY8zd0=)hZ?DU6+QmEkkhsxKc1yuPwWKPY`sx>Ul`2Z#bO|IahcDR?Li5Vh
zTD+17Xy~PVR!QogZPuoA#i>9*zZjgN40=-AOpc9%1M05Ghdkduud&xs6TnY!L6w_N
z!|<)0^Ib+QgwTU&de2&}8ucUR>x4crwtK&2G@J;K`tnB5!BCZXB*amMlMHSLXPH@m
zyx{AE#uglVv&#eWIPro!{QIC&%mZSSXk8{$tM-{45p;e}zp-I>XHdZ-c>Kx$I+gda
zD0i!O=wN$x_JT_?!hqlMhs#w8IPh_DTF}it(U$-91+hGDK?pPw++GcGL<ptbcu%pk
zPGmb2(sEB6J{vBc6K}D>a?umFAe~Ci(9uVPk{XQo{3E?O%CaJaZZat5X7@5`I03Vi
zsWorLxs)oRFB*T6ww(!CU>dPQ-|tHpH_Bpgp3jGv&0K~e62ABB8=s-qxSc2;wRt-6
zIa-&fRZc8<Kpf3s0v3Nlz;uQj?k@jqQ4VXyI}byqp=-vz@j=IovgyxBg$kT(B2|=q
zvDO~hlcDq#6Gs)Z3eU(5AT(EJ7W|zos+FL3HTTW*l<4IMXr(K_vzp84f&)13C#!bd
zHV(D8jJ>xe`yrhRc>+~>KGxdmT0EpoR(I6Jh6CO!`+H#%jb-pTWBrwk1bqLcJ&B>N
zFyf1kJUzi_X_dW^db9&k=z)&}Q{8@*Yw>VV*0tc+^Zf8GR8}rE(V3tQawc>;*THQ%
zf!BjOO3uF+<($OR(_=;A6$?5G*nqhKD4}FXFu@=LWOKX?XwcCEzsM?<%1T1X4K2rW
zQ2eq0yj0@7c5wWcZ1+yKFXCjjUf(54t&9w^Y^8Rw|8?_}U~f6z?*%%TljC>jQ%{if
z1Xxrb8kkTAZTunp-<AEDdYem%dDUj~It;<~>}i{3H_e|764_7=p7^T^AoRz$!7|?)
zzSF<ebl?<8X_pu@ry_kz_ea@1ALGIUlKHwliF;SJ#JdTF<tkxl^zozRA&+_c_{|c%
zUiQ(o@?<5se<3W@m@cngt9)c7_k&IAKMjYFb_Z66Ejw(2Rzj%ZaxFL{1!gOrU5s)i
zg1NH7mAveI@#d4dI5;YAo;gOnH%6p#r^gn}^I!7l?hdO4HDgxqyd`90{*^%46()ji
z&Vo9YzJv4Ugw6j*FPJX(rvy3~xuihN_Nw7{&Dcq*dA_dMLjULg;|;<h;cR^FJk}(j
zUQYSrdO8w^x~tFr(=tHc;(tl5@c^OlEwLH|yEc%h(D?i{9r3C}(Z+5X4~?2(wr=3=
zv|e6A@rn%g9>ITxLF0r1Tu{mfwP$<)1ibejMSjji;!7)Sx=Q}||Fm|j5V6(IJC?W8
zZK`qVu@)wdFE$i#Kd7QGVE;{OT16x-2Yy_JL_S06TKp?Yg1?giYh^=oqxr>M6@;A9
zg8NSa(_w;j`B(q7G9_46?mlzPo6VY>lwULy?t%YA1`2{sD-SLCl3PARntIy}M5$&A
zJ@uJ536cKf*}*7n;N$7Xyxh0&Gf0PwUH+}u^~<>&a~-$C0O)=NV~5BQ3EBoGQVsok
zUje<=5RgBh-cs(a^0+h7TJNUJ6vdS;QaUM>(ga@P-ye#4Sv7vURrB4k>_<}4$3N<Z
z?KqC~8pgWBX>rK*7%H;(*o-S}_{hqnF)+Xzcx7&U#kEYKyZx&w#~sRrTX_%o?_H5G
z-)|HZTJEA{2{e4;JU*g+;X;inWChdOrkWppmih4pK}S>-mNcZJV5x7#%}DWB9={wB
znUV#=`{(t_@#nYpP))i!hGhevn^SToOg?gAT`({7vG0karsiDye$_#6e}~9F8nC}8
zDK2v|5w*idlgjeXr!nR*_Q1Cjng2p9%ZVUJVg@A@H#fqEA9!2Y&80~t5_~=knViky
zDQ;S_97H6jR!E|8$>ib2v4~@mo?{9x)z7n+%Bf?^^#+Ba3g%ho3Y*Ugof<~S)13|x
zNg&uqU;|N+aJ=LPjW4av_E!!xNQ<7i<?mFS+_~3nFwbz<OpK++$l_ZL-5t%b4CcLj
z^?GROoV|Q^c9bz(Xz0O?29$)~J^#i0cRj%g^;S^n_6r;-x1L{p>KX)ZSs?+hW)UzE
zh#rCg-q8Dzg*kOicVBamnQMmCm}%24Ule<7*x;t|O|9NeD9fbDK;bM?LzwjJ3-`61
zH&0<Ngn{8$_Q4Vo+O!@Sh^0_7A<zG5?JdKi>e}~VKte!8LJ$S%1}TvirKC~1K_#WT
zyQM)wVvvvy>F$soQ5itGyF2H<25;|pe)sddUtT|W9Kg)pYp->!E6!`L^IWi*O{qHy
zHuspx<3D)47<?pT3VV(sw<KknqZfPDPuY6oV;zi|x1tVY`uSSJa>b<qLei4q@eV{h
zX!o&*?*4k>s^oQXStr^{VXcL=I;Q+2F^&m`dv1KH8e>!AuL#lmZ0ZXg88-7v2a!LZ
zVVTSN9BGsV*^5lfY-`+w&#%z%l@+alv(vCNwh+*z{xEWrGOY!Hh3USRKO4R?RS_Bz
zEOKc!lOs)bx&lu=m$^V*+JHm~M{^)|BJ+^94X2jg8cFO`t(rKJjCc07`&B^82xPol
z4nEk>dI?*M!(Z&y3Fg`EEUYWoy^eNQy{rU1W<Rq;^e68q%)-5fNd9Gz<o5?jmT^sW
zmG}JBu*=vMyT8A<JC;@r`ZjoX^tdgC2n@^xewxHmz3zZHPaC5hPq4_A67Z(v<FY#(
zNhNV?m7#6Lir=bqDiAY^8E(*dXwz6xJJ<S&u5d1+lP^<4-97VpA|;K48%7k{OqI$8
z$=O#X@Q#OnJip?;8+e(#SlPpE-f0UX#*ZN6J*E{KkMP{>q9rGO!G~^__#={q-ooL}
zKoQf<sh*7Nz{Es}k{s1<NYT7nj>vT0FZ+MrOfn2!u1z5c>yk99iQ~sbxayDnjV!7%
z^vz<x=Db)8V(sh>JOb`c8b-;W-ObGtq*dH`DwPS(c3tPJbz<ZmElnmF6t5gg`ApmK
z*nbMN9-)a#fdH1!df!eSeLMP|l#~}I<uB-f79t4($8BvHv~RCY9+cMYmVa54uFxAF
zHv7WqPliQ=jxY>nWbygDMNmv%@6ayW2vTzJ%&yuo&Iz%hsvow~iGejhGLddkVp2#7
zcP0kyCA-P}Ubz@c<jERWvYv_TSGY|u6vL>lP*Aup)t92+%%iIs?nBgI9Z*9;)~Qe|
z;NA**>*qd{-|}Yw&#8l^w$)s38}TJ9UQiPoB1WmpYw=`q2sY@tPzYGtCgqu?p9d`5
z(t$;=bv!niSd+w>Mm!qzU;etCld;(&;YfKv*o)m&m(x?&a&CQCqnY{MatUYuftUfR
zdAh*UG~9;7pBqqi8I8bJg6VWow2_#yrAbv@K$EbFGdgwnEvCq$5Ur20Me*bTE6=3i
z{ensSUY1Tn*zkTMC(_#ejvX0|BbR6to*-&JY9LwkJA0*p08g`anP_2!VmOGM7GrbM
zHe7P;MFL9lCI}Za({2SuD2BNcYv-F$mpKZx|8)v);44Qv5#^J_fIWqlfJuA-u>$@G
zmRU|)=qf0QOd^UW9F6*CO@Eg*udDb{Lnz?=W~M#846<RXsOJq6=!}D@!n?oS!spKr
zgaD_mCj7=+eEH@9HJa6J$?KAMe`T#8`S^9EyG@z)#dHi_z7oO`(Z9eNUy)a|t>CZ8
zPmn90)aWG?{QrLo1Rm7JrcPHV@(T3*k7@qxp%X|Hm0it_E+0b+icJRJI=vfOS?0^2
zK^q8c5(<AZU5r4B##ZIj781F}!aueS2o{1<8Vsk0-49Jju@t?o?RJ=M)}E!+ltFaY
zKOh2uhV2|oTP=g~lKBus`)Bdu;U_i9Mb7Ih{yA14V1o;RY*yGGU=Ic$#HCxNu1Ej1
z1OA#@nTMm*dpY}i^SR$y=;{i8Y+l4L5o&M0U6q$o9W*k<+r2y_{D5^%a(68#xBm<9
zXA*#Zul*HRwp-WzKz-?Hi_w|G1*-XX^iGJ>{~Fjig*L%O*S&@`6{8S=Op)RomMNjI
zzY(MTt#&wup!pd!1-0bg3q;0dh>8jAEuUe)Klh~hO`%QZjxil=is0GvbHNE)SmHaS
ztta7<dIt7oSDkGx>$`{<NuM;1ty8pXQS=o{EtJ%)UL7dfoQx=+FE*kh0$Wv*-*Ky~
zCj$#j4L|VDo&Wde4i@z?J*t$VqSelZYM8%ktV~{ij2#8ewCfY{<Z<O*er0(7M%+2C
zq2i%m-1nx>Q;t=Sg0E#%8KR*IKIgqx-Xr3GfJT~Xu7!x8<zi-LEgcSa7A{B`U^}Mz
z#^06v#z&BaghB0yd<pQVU`-7~=ArYf@bq-LPqqAo&trpVb=^|<i>*z8rPw>W1UTCS
zaoBT1d_e_hE<BfzY?u3|>zr#+CIYcGYbYy`De+x|)nNHS)L<P#axs?Us>0!8Fe>zR
zen`q<T4PgMI03klK!qT=rX#O_gc0QzN&W0k<drr)N8xZy3F3o+8#~J4?E5*`D$&T)
zUOjF(@8^uSdShv=dQX32_XnN)`wH~#BQ@E>ylE{Uoq%D@j;Op6PkFA7eI3Tkr_8US
z>?-qCShwO9CAOG+-<B#>dJnzs&Z`(gbN~QdZNXa-;V8`FSk7hbcmuHE)ztAjQ3lU+
z`=#F_vK$5cX0ZwqgpJZavM0isCn+8+AbhtkCA6c;M7~v2C{A&i=#Rj7;*bfK=<;jb
zGp+TstyvcAUGK595Ykl2y}-D-&wp(3UwEvNlpwq85S{>P9_<h?-?wS#c?@)K)_@rO
zJe}EXnylq_#p&lxnp;+|AN7lK+8mP7w<}&>q!$<XIFFVs=R1G9qu8$=$;`*9i6q-l
zw;&&$H@I=lGp<8j@Hrb*kGDO#Cgqyz=TC~#K7Xz*aK!kE-<VrOXeZ$Xb&2RI42rT1
z?>TD?snW9mRw_oV!Xy&?sU1(^hbYBY{~pGi@zrh}F7b`-*o@6sJOF9*5;p4sRA%h?
z#po(;I$aLM28{ZB7qy)X_LT|!x9zg1t^%z_tDdqP0!G`Zw3ldfM;ce#9g9?3cW%5x
zO3r)rgTh{Np=eQv%3SQHgd+!-Y2K$dvm>yT@!!yq9Zq%eGRz-+nozF^6s}k96}fxi
z2HS%S>gjjmjR8WgV3{=1U-P~lr#daSkf(Y8=$8c17{gp^Q%wf9#rO7$MHgcYaaT^h
zvo>Vh0TYM7r1V#37n1T#FTF5;A3!X*N(x$&=JzpU@~p>yuHDCD-!A(#Sc>DMvw?xZ
zz#jC;+WI;|@%V)?hkjS&b29gGK(3a%&kKnKBFB}+gOu5wHS1$lmb2}_MA~*yKS+42
zrW4rTIING%AdaWs|0|*)@E9Es{QES4rDFGYRrD`PDv56FgY;?kolBm|01o$q4X&rm
z*CYA?X!1RM0x;9sv>83hi7mX-m%c}Vb~l1z$Of+(yrCiBoS$7R2t}$BK_0k=W%bks
zS5J_5?MZ6zQ)`2~1ADDKL#5-8FQ;{)uPfP}3Wk_M%7(@{OyXqxUul4g>eeql%=OBe
z&t$Uuv8qp)f<x8Jp$rcE6WOnIzuKeR_5yFKFyQMVH(pUHq=@h=udFx&?(B9ACPv0&
zh18zd*w`FETTZT+VDJnfULyCBtfHbKLp+Sbh|aH_5K-gX?(+T(h7#X5%Qmq4+~~#s
zxVKxmW_DQMOTOy$Uh2K|{5vO-)O}1ua&?|RRfnY;ADBT@h5&H04d|K<`!^*iTrMvU
zZ5ywx6aR(Ry#9P!wO45-%;q&rz?X5*G-*Mz*jR-wx1gu=D|d>%*kXsSNzX=isgALf
z%W~sA;_mXj7QVN#{;IvXdXH$b>u5?}oZp;lMnKV5d5=UW61GdDD(OgBY2Ays*9`0w
z)YgBG0lZjjrG{g;gJRe}$~X5i2l3O8`V(XH8GNQXy79Dg&VaT3P-WX<HlWQIz*x&!
zQesvepq?u}L}m%8s%xoD(7t)){6OwP5=jD1+5iM+TgIdv)nRqX$>s1)f^MmpJ_Gsm
ztUhWF<B(S>+1p~hB+yL}Pk~B!(YSPTXT7B${5d|Wb^iL5ipbRtM{K@GHe__5alyVO
zy#P4xfqsXJ8yO%&f9}uzrZZ>l@E2KL)?<8OJgmRcn*hM!iHO;ti}vf$gON02nV6Us
zG#g*ngTuZG*Z#+66Oh(UCIJgXS-W;kW8;Hc1q<o@^{9!Fng8sgAre7E3+*bcd&e2H
zzOqttH0jzQCMMh4+iQTgZTAz1lgg&>-QkiwLxaQ)UILDL=HfWKK8p!dQ$Pwob-u{$
zOl2&Lhy33ML;sV!w6RgAv0&}7g0+SWN0jbko7AR*0s*V(r_d=G6eiUo686`AiV;G-
zq7vW!>W%$><wAG=bB6viDF)EbRT>I_l7Ee7h)&`^X5c>)+nv5d^XJL3(`~1Tgr;#h
zHo$EY?pz)&6XAZ=346}JSJGZji^$fjUUF=doD8UJzlNs~=6fiev?@C~*ryImQJ%xF
zu~YVX-XT&gm5T(rf6eKf4Ce+iO3}8P6A2{wY6m{<Oq_u;wO;z{A^aX|$_;1L??G|S
z(fbDSt6b;?ZOdNq&plM#VM56iVF0M;W>xQ-C59gO*s~r_++zr&NQ!w4`JLj{=K>L^
z3CD43{lWCIlmUiY!n5FAso#w;Ct50mr@LOSWC{orb0@~$;i)ZvK4D=%y`sI-5@b>m
z0FLQ9aWNB4p&u{nG!rw!%LAO-`Y085oH_yr)>S}^Obo*)Pz4=Ej_%^zyMIgwKoq7p
zObAzdR}{N41;n<e0Y+f}6D57$ba{wwLV}Z-m7BtGmSY{^_hF&uB`B?vTIvC`vb`C&
z_!g5<nqMP5x9H?r54XjHLF^aas}0aKN4~pUYA_an!}{7v?JYek>+3{D#_(bt?e={V
zM>zuhmMm#j<?mmc-yO-NPU>i`DN$xlFXs<B%RQm{UH<_DAuS^ZlgoT<xy3iUi1Q#&
zZi9E+<8Ym9hrm;rfg(M<IIf>Eug8fw%rE)Vj`7w~Fv#nq+&RyZ`1`VMHysG$e5zWm
zQGc*^m8LwDLJ=J#m7se2P^a-kUvsPYO)E9~Sz;KM`%Sk>+oLCiyf%GM_HOgCAXpTP
zjiHa(rMn!){e9e~HPNr;G_hpZ^juJ0k{5JFXOpkiYu@^Hu&?(m<qzeC7yd+>somUE
z3OxH2O9FJM_`f>F0GpzBd7U!sA0l-ETD^w6HoHn&JVWl<*3Acf-x5s<@tV{pbNOzZ
zbx<!Csp}}a-tgD!ucXqr`&q{rwamC*l=_#&rl&7=UI3gyWn^oJ`@D}CzRT@FStf9}
zFI*;Y>|!YGMT1<noQZ%|;zBqz8*ZwxG7qnMp8qa;g1I3^Ufeh&YMxW>bletpjJOI`
z`$NlrALnrj!$D|jDdnc^=V%0cq5IuOvbo+$V_<o6{CnOIm`tB<y&v?aYl58qFq&D%
ztRI|^9!77^S~@YN<}Q#D_)3CWd4a=hK2EYMvvHvu*~n|{@KFynRIHuz$|}I7cPcYK
zw(`J804xrF)}%W!rKooi=A7$NQ!y^}(|wWGsbSx=S+a)I?pOIst&S4f#qG316ww4)
z@HXs-`iFguyk(6h>`_(n=bkr7zjx3-ip1Fut=G39Z5t}Qc+Aa^GKr6MIRI<av{<=8
z4En&ImFb)sGONfLj#{J;6|mO(d1bHX;U~_zV~1kBcu<&+(X&RUe(hZYy?wWx-F|S8
z{7slL2Br?{ia7xD@&zjY)l<<zUcU6hZ<Ux}zk@6Pl9LL#NN7IU6hJ%bV0~GZaj?%S
z2-!kVYnixv@C2H^u2t!PCUoE+5=+7qak%qU4M9Z1_|9oM{2*l#z$l{#oI<{`BBKIS
zcZmr9q-CEivunztM;NSgc!RtRri8f|i&aV)4bm>E3skjtOQHXz_%8`NKaSLuK@Lz(
zZ$GUp6qTvSy3AA#Z{|EAv9RPF4V(5pkrwkPJn2t&_N?Pfzsd7*y+((=d~-cE=#MRg
zn2#(<jS|#ju=&%!?p=0+@+3m?g<?L*vl);Frqu;G7uq~E^(Zs`%6>BC{1A6Xla=|$
zX-5{Y<$nbRTDyYB5h$@h;V=L17pj9M2<oH%0VOPReUm&vx7_^w1ud$SkCxkue|ph>
z*ueh+3a+YnC&SUcc-33?d<v?aXLmi1F%?dx*A3)ZL_w;WqFkeYg>dk6)U1}i9KJl@
zj@*Jzsmh)Tp;N$*m*88R@Es_wOerHL05+~_lrA3yU0u&XF(Q!7@j|7&@U#|qtd_r~
z9Ue}m5;G(DYY~E|85NO+j!%oD<s8_^Yzvi!A6Qa1k=R}M>Nec`z%fe(pQ&pSx45_G
zQ?ZOEPZH3|fIpqN6gLR%8L)wJIreVuvFb9%kgisFUQXGw_6m+L6^e2C10o_(VRnqD
zl$4ZsEt_sH<ZI$U`nxfr#TO%W_&MO}Qe?2>Vlx^bVZabMjr>BSW%bO~woGwF%f-c|
zsBV+*k&d$R0>Ofp-5qI=Y=5+STD_QPnt4sE<k^H5jIXEm%sdrHe(6P5_?H2KGbdP~
zW*~gx<1=5%eT61L8nRw2@h@bE{8YDLg(37t0?N{4(>;oko{5vwiX%_gWz_jI)$uG_
zL3k5fDB1wNIJIKR-)ej&1osT+#<L_7(5PkKU9Bs8K>N_CpTGEW_N6GY+?R*&qc*y3
z?A<`mJ#FXUC+D8GqKGy^;A5WORc-v#-7Y;N4~^jQ-ld}Roy8YVYuWAQeN}KK25Smz
zvXFw?Kw12B2W_O3wW`orMbQ~wL~*ZAX=In88M#rL`96VkNgR{^w(Sx1iV?L6IE95V
zxXDoS(f2N3{}B76#@aOy5HOdoO7)zO1;np-v-?l9N-tZnE8gH{oxWqryZ~XELRx^w
zwbE{GzB5b?DisReWG{(?^OSln$~Y72QFUR@we_+Nt4jNwOwWdVy4V=jVUiXNf2c`2
zv20;x=b}Pi{ss_tOMDATK?-60;13zfd=WTjQ(IbJuay;`zt9s47>vKnvK1%mK-gZj
z0#zmbJcxXpB*;eNvysD7Qjm`7$f1S?u`JKU(z4U5H^ijAE`rq-r29bg>al;pJ;ts>
z5&@^rb|V@FB^Hiz^iiD#4z>;F8gaQ6`n_s5->PzI6P0HSeI5s*P17yS-q&8zt5P1@
zb7c?<3Z+HDe8v#;$%gH3_EH}X6~Is)_h!i^&94B(Ac3(PBZ>m?u@mBlT14C=&XH<S
z;Y9i}cK3v7CY~lkIv}FgKU)k%E5nQjhwOkxSG4#JnwoegRzTC<V!!R%{j?$`Ula0c
z)}-_ypVQh&bOPJA>f=Uy>Yg>(wAhAut$L3U3O|$x6*eN!ZOv-d9rBP5R?r`OtEiy9
zSm9z&fnOR3m;huetey4D-$FYJFOMtMgLN(aLt!0{<n=DFQ5pK&J3~=N-cA)Kj%sWh
zTF+UuSjuBI6|mhOE&J+2g@ea*>|>`$kP^@(dG>-|{q-w5J~9-y$}&aQM#ob-^%QxF
z`j;wJd(GapFkIS+o_j2{gUL&Nk(n>ukRNwsm6qa(=u6uRKs`0OM)<ySHaFX<k$o1G
z|M2p3BhLVPhDiTV@qq}Q97G@(gQJchU{s3jw)r!zw#3X0zpXS)KU4<zB6m};;mfIW
zvhLCs%fSxNVgv4$F`+N^>_Qwb^u<~FToA+0qg}i6g2kx}>70sIE;;CyS^{>orwTY`
zF(>X&9CANg0C4WrSZ4%zH<B+f%>E$9eF>gOU+V0uoI0hb61?NKQnqaX5`1RT)gaFy
zx+jsNdKf?Y9-!EHD$`7Ye8lgD!I97zIs>)F^k{Q|mZ>qCc}TBR<!?UoJVxuTAK}<#
z_m=sF-tq99k2Xh}S*w~&W=^>4L9MDRTkk@usf9VTljU6Fkh;1>3r16n!px~LyYz71
zY>Fjp^DS~xhb@s+)wKFeKP{E6uyq|GZoXYB2)@FNTLX|nRx!?lqlu*-<Rzl^r`tYg
z6;<PuqjoEwqAP$~P=kLp-n%?m>h*aHU(j9sra9>%T`Ou3#yh@-DS5L5Ur#TEVRe`h
zE%bA?T*^CQw3>@j0f&g6vijCJoQ+$WL3~f+tp(VczT6#GYSKO+*$>o>w7XO7-p05u
zqG`o1-kixMxUa=EO(&s|9@b0r;!8Lwlf18NH_javJ9(E7=YCkJPJBHUTV%Lol>yZa
z5}w<IVwBA-Nn(5%A#sw;8j&h(>$TZV4h(ByGRU-;trrX32Shr{GE~k;9`xx>cB34E
zGc^}KO&6Hy3%;E?ibhYD6%;0MXK1~JonK7#D&<DZudF|UDgB&!sgk7~eMv6(C4zq}
zWFC3*z%TRKuU<tUDR2w#+PlN<9}Ll(oSyqWrbK088vpjwD=M>@2>tmn>2$i*`bO^e
z`tYAP|L1#wJvb=-R#GuCFG-jOrwsbP$bP2uhW7|WH8wyZ@%*lE@~=^Wd&!Zr)|F*@
z7kkinB5JobhJ*B_W5D}n<mq&>@D(YWo^qMDgQgONghkBxLz=p_-$Me@NC@hdwYnFa
zTnBn=Iyv7bd)xp)NHSdY7)bB)LNOT_ZFEVFw5`a!U9;sKJ=yQHtpQD2;udaYrLKer
zWou7$zrY3qdJ^fRM7=U-AberjFlI6x4_*hWqv5=ZLl<EQg<qASo$;&yUFL|MKv>h=
zr*EF#fc}U#4o@qk1%$JM3<+|Uwfo;1zGwFq1;!by0N}Ir3SnMWYX=OlJhgI1W}_u!
zAAtPhy6R)O%Z0J2)YH{2ew||=J3tAaI*>mvt|K(IXoPQQK5%-@;k<b2np&{Rt!Px_
zy8flilhbDWzURe|BYe&iMwA!pe65M^t%Co<<#$_xG^Evr<Cb4j`N>@H-9<9<L5DPX
zGNxJ>Ih=FES6?-HVwLQHT2O=82n)1Fj@zz}vzE@owI{!+?il{<;zv&@{Cug{!+N9)
zz7{z0rI2)rwMwX5Yf8l8c;$ZWM>xAhIP*n5x1j$3`L`+{lDWKukp3LTq&NY~HrxLP
z^B^EpJhV%-es?_>nUB&Mg8vPpGn`G+c;i6Gnb=o4lw;<@U6)C&Hyc6&lN@^$wX=&g
zfm3Q$z2#!MXN$AF#ig_dNoT2r0e)|^*~FVFp(F6iBIooTHPfJmGE52fk4Qw=Clb=-
zDo?skJN-^x$gVRu3SG7c3Bsc)$PSVW;xC7`0z6$WH*lWp_0qsHQI^t(Dn-&tD7h!k
z_<1;0WS@|?^%NCbOfS9mo0ofl5mj;jmH=;2X^=CZW#~2ZRBBgJg?ZL~DhXNvlyaBE
zANHoZxM{U7)9<M5fD@H~@5BmGpMaCKx6nN;3x8q`#@bd^U3@R)IX1VxCenD3ws70S
z3_obcG?t8v*P~}thZ_3A3mZuXI<mI&GXQJWK3tVwXAh?HLcx1-YNyL}3bM=S;Cw9P
z;0)oTrKZ~D2`X?|Q<P3k*f#(yFvH9vE9bqK-9mu0LtoXM6Ww_#fz7k^O@5&_`CNP*
z85}8Z`^d3>tn^J&8L8xhk4Q_H>jwyPg4de1Xmi3eip@JYM;6lB#}_a$uVF;B--mKG
ze}B&6au!?&INkVTuQTuvOh=<kx}N#=7Fa)sG4a?R>Dhso2N6jxUBj}Pw<?ATBEB1d
zSmBsCM!>U)Cqm!+sSVg`*KCMesL=z>7iU0-#io)u_!gE`xm9rlBjO9cJ6`d(5HgRJ
zvK~YChS*0J7SD*@xbkVniDIDfXjBhBzq7gPhx)q#BaIO{S@fawa+R#XcA+0Sc_`lt
zu5KE(oiKgA$J7LGX=4hQ++Bws4{DA?liWlM5Zn(+gSa2&A038=r26y)H7>hns^Olt
z%PdVNr{>TI7SBL#Plu&Tqx=$s&+eaNi)t^z^63h>xXGWlop=E!a;PI@vN3D{PuV=6
z@z^tRyj(enu<$fK;i`gO{7f(^>4i^3s3vJf)Co{{{L$;1{?>92tIoG&=POzL!NE@P
zjr;sY+m5Nnoe_&uyUqNL0=tt9@+uc#+*RW5axr0>MZ~5hS)QJ%9jX>?coy4^b4*1f
z@GP!F`@oDDx2MSAaUMr5^#ditb6gRsPjuiJv`z2akzG*_u}$SAW%uKoOG-s75^oMS
zoMJR}JcJ+Asc78)g5~HeeEu7(`XtgMGBf=&BJjd$bhwiRP#07*)m?NH!`rZpZ`T}#
z$A9dZN;=K@$)QlN*M0Y=6b7w8<-LoV6*8g>%OJZuuOlEhbr-P|RSn_xE2`GMzUV0|
z(&@fncAR20ipN4x=-MGZ7Yl21x+@coodZ$Yk`DPvTb`Qc#0)(Xl@C5tiNrmW3z3*2
z-&>}eC!7eF#Hrb+$luiBbDPC7MdSRBp@xghXmOYc(*z9S(LX}ZsQIL-%cUysF{PpP
zs&&xn33zp0y5!L1q+SMP&u*iYcqxy65{7PjzRb906;IcWa}|mJj|(5cOD{#@@PIw!
zU-ont*wb;#9}PWej9dO0H~(1T@inR&|C}u_1k1^)9nmq9>_S`T#X^^S8wZ9|%@7zk
z%<8d~#sbUK+ErMXG(KaPG3FtA;g#_z^Uwu4xoNuUwCm{k`K=+*KW-K%5zrbHs#tun
z5&&e|jRr1vjBKBj(5hqVerI*O?5!-?ECVM2#D<)IkBFvX*!A!*RriEoEN#cw2xuT`
zBxqOn;?H7WL^)?RHeLd4Qy@5M3yD#)xhl~dmLwqz^QGUg(5e9~^9waITlJxtF(aj7
zpjWc+7yx@1rQlGWL``tAZ1kw<syzBIX#J=Gb&Bd<18NrcIDFZtP+yuqHqQGWI$NV-
z*GVA=n<lWmJ^D|sWvBtjJ>)(;{iFOUe}O2!I)e3(9f~ifTYRBw89=sl)$C_ECd)_E
zp@192l#1ReNUwfUcob+>-Matw>&IufF1b^^9Av$W;B?d{5o(bcP9u2r1rA;Q+XxfG
z2AynsedZ8@S3LO;1}Y`eX-W?xr-C%LS#?FM!7OLotm8snR-cw~-r}jde05fjl5yyp
z2Ne`t8|tcVhBdVLMm!P3?f#+zw*F4WF$zL?`VlubzZh{ekb+Ush0!-_f0DJ0Ei(<A
zk4R`@jsfp{*#+s-lPqdQ8l-V#IInVjNn?9$-&tnK!Q+s6TRe?7V1Vx*Gvn#8pjaLu
z8+E1w)rQ;_ntj-;m?h)gkt>o|R-jd515~tae3axo<PzAP$&*3>NA!Y=j#AzSx~X<*
zc4gX|4+PW_xq8|87fAsi{m9@n6p}>x*epReg&9>1>)N>F0A-@B!EiWv646j!Vdeny
z*zK+#Gi`yrii&v?Nz!>~LO`ju*%zpdroWJrIx~ld8op=IGgmfYslM2TXL$90+ky*D
z8?4k6tUoSYs(pVQa5qrMio9wUIH8J{O}wUMl4sc<cwHwX@^7}=G}%K54ms2S6MGIy
zo`5sjg@pyVuqXSigZ|h=v)(H>9@#%d^$KEA<2<?)d+&R{Phvz9z-B2p^sZ|cB~|Xj
z_{dR9s>fw<hNfOl<zzwAVVS4ASz{o&Dj>^xM2rw`fk!C3t|Y8iAFtNjc2y71RY?e2
zS69OVOl1RSOR4bgFz!~u+WYrYD9L6y3B<>JRoiVHpow@jeY?|9a_9D`D+eS`sWwA6
z%doGu?Ko@7&6{hi^|xK!6~)A$J9BcmIG@UfsUQs<b>8Kj+K|X|+#}9rlw^!I?p23Q
zi2*tnYr$B)W8$b#o0U9<`)WPy!T2fSH~WY$2r2w@-N|DI8xK~Hx^hTqoQk}1<1$=|
zGI;Wals~-0E`zXBAy?*gyPzqpIlc)vX$mBmCgCo1)s{lNGYu+jPRY<qjD9na*&z^c
zkV!91jX$Rrc?EpO;49<fG`7;&HrfxQ*HqY*p`*BtvcW+QdkQ<xE{ck81YKkF!vxRs
z6s`KQ@vI=8kIMUK6=GosN;vx%+BBashBNw<h6g+A8-p<u(vKf$aFt;rT$Kbk#tjcT
zQ6s!}dE>KxwvrcH=}e8*QK(1AZQ-IPdEEvjafFN%W7hcfu>#pW?~)cEYYD2zal|Y;
zwnQ$KmKS8+bsEivm?xe%49(>6pw5ZMYq=-PZgLa-%T&|sV^e|n{Vu0rz8S^Oi2bGH
z^<jK(W+8s+xPnZrcq}tJ$W;(A3i?K*HvIjc+G2ez<|uq2dHy4~Qf$LPxK!m?IcSkv
zZ$ag+0zsEXyUuXGR?F@|*c(EVspLURT%U4c=Av3c5v_5cX{$gd!w*?r9P;!o@OQo6
zqqJjXJ9iCg-<OYcZ6(3NP2d5K6}d);sFyFdbOM}z+fCgCQNw`BOc>9bYhLV0_3>*p
zQAM$i(SgZ))L0TIS_ezZFfS1~$<3JbucKe}Hg>Ncp8jf0P;MTaTutBf(K1l|A_xb_
zhO5<~S!i&|(q*O@z1F_fBbj%?j&J6|OF7mLE<85KK+?j7@FWPOGz#i)D|!-ho_n-A
zfv)a;GY{p1$Uu(_=rH<;%ow)~0*>zAp#(6o0O?~Y60GO<!viGGXLQJ3UAb?xg!!IN
zy_!(hJyahIpz|8fb-;rUE{yT*5y9cv%6s8}j8}M`Ap5zBR#DFZ5!wa;>uV`q)q2mj
zhT5v;W9mx=&#qI<NF2SW-mVH<FivPE+dRMxK)7mf%BMcNAkQ7Bhluc#0x>w`|8sv<
zZ`zvl_@`7r-lT3TrYJ%#**XhocUR8a(=)&M-kFgCcqL3`xVOff(l^R)$$K82)8+U=
z)=gJ)@&pe9eY3Ym?$yUZ3&qmxV>9ZkP3g~<EgdtSnYf*i$<6L`l0Ns`RSJ{oSNxYL
zqAnJBHUFunL9M4WuT7&g@ASG9#5rF_x<HLegSsw_trd`PSO0CEfc6?m_t6VA^bEDg
zQ1=O64J9?*@85>wZ6#)3+@1O7V<Y7HqTF!&acfRX>Xz1p1XRK>7N>`7b5<V=);@25
z_=}NYQ2~26ZfkhbdX*#qT4W$Qso<5yMoDMu<*LM}DxHpa2*lg8cYCG4DgKZyn)ezv
zBO)N{n~wD0Ebp#zn^y=M71*rQm;YfD1cvlleE%{e++R7y|M~oXF{1e%cIY`sCN)L)
zXzR2DPcB-f+*?OW{o3zr9=!Ai3yci(Z20;4S!?E__XZ3`KEL93Shsq+KU4G=u<?T~
zuiB8`U()B%i9lF;KVRJk5p>7?6l(*vR#XmItvw7U3XshyM|Y6PB7S1s!R_$~uJ>Ki
zs22}U6<8l0BKKBwL#}i)8%XAj%k(dxb--BcPokp{HaFkMd6^+4b@D6x*MeTN5<=%3
zsKv{G`c<G&ukEWQg!J)cMe$U{w|h(M9yKoCex}V$R_`tvk+~VtWVVhb`cWfKtOZ7R
z`qKG{px2!%&v||U4x6oA4p8C}zPMSd`SPWA_Uk5J^qX%jE#t9>U#hF~I&Dusao-d)
zLC9(+ZXg0}dk`+iooeXI;o)IjyFoD!v1~5Y^RyjC4dOfl3TXAx5P&1!$UT*KRH%jg
z2M#eQ8GR;6jGmqzeFvJnJJf!WZe?Z@MZpowCq2t_O;0Q)5xMabYkw{*=6<(}qFCL!
z3r9c!@+Ge2utmj3m?tST(l5hRP-mv0*mm>4z3x1AZi>X?%(BUCE~X0pJsrHfI{#2!
z!U;fC+e{@-s^i{!d2u$su8+H6<d?vyHDE>}Opl&3d?QKt`o??V6tVN${#MdMN-Jq5
zNyN&W1`n9%HS(G6j+-}eHd`QvJD_1wWNwr2db|bia5wd7I=0C(HSQOF(7l*kpPAFC
zw;9j>I`>LQ%i$oi0@lnPj3{l?h;Cd2jvwBGS%3nkB{BST$0smV6ODV?KRokCv+09k
zxBAN__8GBt>=CNZx_Vn)_=lSZF;i8CAE^yT{Cd)aoboN>Q$2@9mP!)UM$b~UkcSI}
ztbUB%_KPe)c>C`NXx`)8>80+Gvsi9`<U9N5$EL`K_+k`#dDW>JwVKS{c4PY^Y(sY1
z`bqR}zJ!aVF`Ro$pnKdYxFy=?1B4Joet{gG?)Gf}<Dle*&#k>!VEQ7EQ5ovyJ}z+M
z5tr&j4MCf+<R%u&X&$l7*jg?54f9XeL{3llsxneVr*5w>wm%SD8VdE(?}?hr{=B7!
z6OAZ1z-|#Xui>tOs~m}*)b~jeOg(*YnX&NmqnjNKv4g8Wvvx9JRO7S7LHRD0+Wv_0
z>)qTteAfz2hXI`|Hg2Vi0rLno)lu6v3JH1D$0<IKI|!nG;N1Np6=<`jkOSOTR>s*-
zZp>4@T28jdF918ueJ^RMyzxh#Q{vvw3e&R&R6fNrG>ZIg;fdF|syx2a7T4CIO<E?r
zja4JBE(BC4W!6#eO4L9;?B_2A+Y4oTQ+S|b_6WKjnq7wsyq>V`sUIeAS+HQ!Kqf5k
zzjgny*;u9dK>3r?jl&<giUxR(Q_Lixx4d#x{<<DJLKOfE68y(-_bM1&4H_ZO`p54j
zBoVy)zkW~v>MxQ-TD5NH&X#c$PHee`1EpDSjZm(>51eSQ0G5@rxxW*xVo%NNg{u*a
zrO2Frx}N#h4Ja}teubE~r|SVdfHHO|7KEa!OLut1KaJ5El>Qjit192P6>|b;FC9T-
zx%#t&*;P3FHAu|g(|TK23I*YYuSOObeI*Zi^+P65BLdO$e|{Wqx(s^hdBefZ@^mxa
Q8VUT96q6Gz64vwie^1qxTL1t6

literal 0
HcmV?d00001

diff --git a/docs/source/design/maximus/images/maximus_poc.png b/docs/source/design/maximus/images/maximus_poc.png
new file mode 100644
index 0000000000000000000000000000000000000000..906a45dba4dc357eb9d35c458ef4c4505ce7a437
GIT binary patch
literal 74048
zcmYg&1z1#F*Y*q}3=PtabPJM02oeHADlH-)U6Rr@bV>}}B1lO}OARPUi*z#xh&0m8
ze|VnvegDr(z2M9~`|Pv!+H0@-UiY4;XBtWbxHPyR5QqS-te^z~VFEv5j9_DcKwvQ{
zpETe%u$z{W9H?@bZUgw`p0%vHEC^H+k9YO@t|^YQ@(VW*i16#(Kk#>_5(^OM_9I+D
zR>#YD``SN&TsL<&X6jp8=Mlm0Z;7;zTrT1zjhyC5InrUB6A<e!zUeL{wry!Q;$JgH
zH=h42dMOp{F$XjB_(a!IA>I)8c8<{QQ^}kBU~~6N!3WAOOAv2^o;~2l(5f57Om0;M
zM`Io<23_UOE_J7M_qVyNFJ?4*TJ5frYHk}eyRP+5?fJM`{vIxuR2L-hbnaOu9EQzz
zQb$O_R-B>M*|m~QmBWP*;o+>{+1Xh&?(b)RS3XjaAl=|AWy-Aey7#TU`%_CFKFTKT
zR99C&>n3yr{x~@)eW|Uj&CkzoY@Ax$5*^-5;nRL~?3`Nckg-W3f5Yx`^ylYF&pRQA
zc#(RRmDc*N^4vexe2jKJJuG`GrzhVV?KF%tHp?PvrI@X2s+yhJ9;fRUeffsoMSlrX
z%96Nvdi*JlGNm%5a=GpWEvw50{hnP>iRH|9LCTq}27#r`{ud01ynIi5))!Zh40ICp
z{+>TR@tn@E>1wfyug0U%FrJfr9!Zhn<=y(}0!`lSak@WAED%nQ75S_LMY%&aZGF;L
zBrkhS+W#iRcJI}+zs{4p$e8l9r&i)j;AEcbWU?&##4vn7Hab`=lTc8bpynPGB<VGs
zvcJWvIfIl)f_PSUzR3M-S*D8r+EV}y7*zH}_3b?$3abZ?0jtvOqGP|(XS+0o2x&~y
zZ@(o0Ojt<+Q$^}84piO<>T)35Jocw+%xP(85=uUOvbVRV6|vLN*QdnVYrou`Ka+y-
z=ryRhPoRur?RQ_sXVWsy78Y1MtCUh5-iddbc&=qkqU3{>$b}qabsi?%-P`+KxwEq~
zQMc;p;h`euM)vAsg5ZQM#P`u^z|Y~f?`f5ik<ULhF!Vei5z4!Hg8SedeQb?j$!QvE
zevq`0lVIehs7aC2z8c`AdF`biN10f|nG?tJ?#<IXEXjT{aW~qft%M2R%OJ7d?+D%6
z)<{-E69%BaF28&^j8tGQl_9Z^Oj9?yZ&Y?S<QF6_^XRAzS}zbu)CxtLoM=MAm|E6`
z>JZvp<E`Yx(yP4ZiGqnJdO8YgIBwsP8C^zM!TWwm7{ti=eEY+f<F54w9AiqrjlF2X
z-Q8WqKzx58r>b&fuZ9Rjd^dO6OpBZ~L~?qu>dl)sDKkU-i?z5dhwsFHlPI~GlD=YJ
z1gW#ncLq&Q&qghrPajuU!GH-_SHd{zZ8x`q)jLCp#@w3t`P3at$Nvy2n#U|OU#!tv
z!CJ=q35V?v6l__NR14(W!@uWJvzBStFX&qfYFiv%%fmC@4vbm-a!my7Y*7n;%_u5N
zI{)KYU3-YpueL3FV&s*vDJUE4;e3i(&s>QOR^+`XDsoHu-8rK<lDg)*fBAy|Z(s88
z1EmNfQk&xs)FdN*X?@R#D<q-xAt|dp)ZS3Z_CqVZ1CKIwV)7uC!-vCOoirS+))0|=
z*kviOs03v{d+a+&&y09@wG{qjZw$Q1C!7@|&65>!C!(M6#P8Ut@@EavQX6ept&G#x
zlBT`uba=J?)V@exu!3?y{!2)r_uj{<KhyD(j0qTmHhZSx6D06+hXi^e#rEBN!J}b3
zMw{93beyu*kb+;TF;%Fl-TVZkM6Il%M>Tr8IKMMVL*vQaKqx%+X`x~&a;FJY+>->C
zXMKBZ6Bnz$XSCD)Ot)(Jh8H$CBwWxty!^b&guSlEztCv47sujyNwKbdb2%-&EI45q
zyt#+I&u{e6T2uB&N%NI`5i7XlfY8Ik*g0bZ{s>tgqQrY)wKCbP9BX96T5f4r8hVz{
zgq=z+<@mH9XJcYJCq|9@8>Q&ae}Y)@I9H@U^!9fWflYRzlSvH2#jnC5T|sd!6}YDT
z_x6y)5c=|XkE1+^pEH+Hja0%?E|xAgbuWPBb$?mMIQNJ@8gBdH7CkXActrkfhBI!}
zQe4Bz82;utlY9Sdl>10xPF|y0tR(CyjP|K<G-PAzlueri@bH8hLA%A#ht%WQB?%Hc
z^s!5q>wB<CG1h{*!QVMw^GHSnkzBtB8G06(nfIn1(CixX;H<0f=nGej)s;SEt}|4&
zF5|}@@szQ_uuPZ~6N$3(ftu$$J)yv1(RNaRrKE9eo4!)lc6wpK7tCaPdQdjPsr?GL
zE}vfY*uF(A|LG_;A^gn_T264{X{fe%s2U7Iii+djegIbyjIro`cT33D=H{wy`1_WY
zxm9)|>w+_7P3MDt9m@L}YYA4r6!v;EI@bSis?S9~4z3BwA);g_2HNyWfBa9IwJ7zs
z(cZ<uPDH;5D={|aIxl|@KH?$)Dc<cMak2DM#w}~KO9GIn{C>%%_V$3)-o%4N&ymH&
z_BV5)tcvjr?@ZPw++Z_3{Qas<cH<?_C74wDLwl3q;o;$hB;fOOyUp=ZtFxnx$w|GI
zgYtv(Oc8c+ne#?=52^smmn-_xe=0ArTGUTx7Ce{U-Sdcz#ke^3MC3d+`-V-H>J$_5
z`?nRo3Js2c)1p+NW!&`4LFeE3vx9S|##VvLk2!HS?SH2vB|eQ5ci3zu4I{nWhi(mQ
zRFu?<y1HlVqy<TJ?paTUk?DS)TF#~~*UU&`(tfJjT<9{fv@rV10j4B&eK^Ny#a@E#
zvt!of&Tq~iu%5dV$!;WM4g9t-t+I`-E1>;UGI)<%_P5u;I3@DWw9r-SaC~MX%XOnC
zK~~MG8<bM1A=$=spDe&B(9hoYd$ID?33&z%ckrN#vyGScgKbk@B9Hx~Dt9xe*w9Xb
z->#`l;R@4B+%Aojd!iq#W|5_2Y79vl$ET9Ddav70Oh0;7d*~;O2%|O}RaI53t&3R`
zgzP7I$)3c$jV^4>##e36H8+12aI7F<xV^K+FC_ca+3J-t`9kNPTv1U`GtFLUND_x;
zYSkh<ut%fZsF|eW04rdJFyE84jea$rR!oC~vN|Nu7VE>;8H=*Ln*l41?`qHPzb*RF
zxEquZV)cUV8^Zwm7uc5?y4O(sg^)Kh>w0Bm+i3pAlXRUFXVHv!z!;qw?o5w@V^$ml
z8G$$LHZi&_s|7V|cH9<mQ9?3iJNvUuDoQ(UnxmF{<r~r8XbpD*zfhQHWLrZAs9k-1
zTkwCqEp2Y5<``5qCAQWA;be2F=SkB?U0nDS)=R<3&RGnG6FAh;5hmOE+0VCb#`bU}
zC1G*3W+b@|qCXX)T%m!@?wRn!Zz$|x7}rc^%OIwp7B}$2UiC*VQpcv)ufX-Y+=uqz
zO7=phtA9VVO@|BTecFJ$irpd04YmhGsZ{q{B~E;+uYHT%RmLuK;;x0euJGRDfubVz
zwu!xR;~C^^Sxl|+8dtOAwCqDcp6O0+M#U-eB(cePnZStOPa0*~b(e&G@oVQ0=|-aw
z163*)gze7VHUH){`4_t1V^s9ZZ5_V@iA};2HYAHvOJZkUy`LA5<2-!j`AiWW@O8od
zcmmUjj&77PPDk~N!|UWsY{JM|ALi8`eitD?Lcrfb*G1S<RU1NCC2dNiNB=5ape%}>
z?%9c|kea(R>u=V94pvX+fQ(J4_iMtXu&Ss0(}5Tr!^|lhyXY&y32#_S$jbK@g$K#?
z^mJm@p3WGR7P<#EF$u}r=zGA%{5Tf9?+k^8Ny2<c>eYV)*7o1daS|yyKdW4rw$>_T
z9uIeuz_A?AS<e@|zs;-03gk1O+7P99hJ^`{tIU^eA*`|Vk{-j^;%#khERO^6u!ap&
z_)3QcX6WhG!w6qtUG>}Ft}UHO=mq3k8!uIygKU$hRI7(+^GUmA=y`EWmxQ<X_LK}g
zs#k3={#=A6mkvk3vTS@G?Z5m(IQq3}`>m^vYt2IHc=kOrhYv9n&){z+x?ZF!huS$U
zNL)oXmAMTQDkha6X@gz2oV)Xxw145ds%(^}uy7$1@o{cxKYbOsFn_u~;~~kM9Tuff
za?(Z4=6B64Z5E403r?IT#M0AU-E@>nfD0|4FLk`2Tb?e@T-O(ut?8mQFxI#=?!}^!
zQ_RYAS!JY8O6ZNmf6aGN8cDa5IJWIKcU*3XYZS$+P2fDpmo!+^iY1&IdA57?aF{+j
z?R%wDx5mO}zq1M@Il0B}FSz0JounKZ-v||_=p?D|t-CuyV%oKiyM0N<_pvzg?{AYF
z69$+Mvu_Wl?eQ;n&(C*~11W-$@ROJ>dLyRbZ8Wfxqjp<QNA(At$(*73k*$(vK?4+~
z@n#*F%T#E>O5)EUU&Wd~cG1(Z;4v6QEJO*h6tal-aYJ^|oPTki?V^#rwIR0)D`T4!
zqW7j4AG=p%d^T#}T?$z^-)~Gye{G^N+ez-&LmJr<l9NMeWaUFd60>YswnF$YF<7$c
zc08)jeoyIxFWPNr`?2_YTP2{umxx)DOKiE}ME~!Lxh<GcKvM9Y!#wYz|AvZ2YQ}GF
zKkK!-VIO5vh-#M;G~V!lk99kz%$8NcSLUZ*uiBpMDe=iJQM(|cxJ>)m)LD-A&lo|y
z){6E0eW94oGS!~$+~fzCz_?4^lI{%QaF!A{L(>$JCC`9#g{pS@QY+qUuTVg6!UdY9
zoJik#urGQg>RyNM@A7$P-($#W@vx!jsnvy$P0?;XN5^Su(LjO@9x#*-y@aXRi7{1~
zQ}q~<2K`>A4_OQ75~_Uvbn;NHiRd>wI($0r8#?P=^(fN8W?t&t%f96F>T#ah34C)7
z^=-sV%UJx7e+|BxmE?*o)IiZ2k<?UWwIy}+>U^g+Vs@#>>ZxmsSoB_o(AR}6R<mv&
zv^2i8r|H)f#rJfEfBWqCWA_CBkrb<iA_*S_L||#29OIiMyIoE`#K|z)MUzDNFKp-B
zyGHXI=Fl~N3qq$Jplh~Xu1O7~Qs4FOJ-PFvGV4v=W6YlyZy2+pH1njL`hdNZXugwe
zxpI!*P)|~l|GkB)`Zp->xTY<S&NX(wpQk$vXMRVcv=#zY;q9<eTOt1|z?Pv)ggx&)
zp<CBjWX>M@(ef|d+`r)gcahC^TK4MP7XrGxKSL-w_FWUp!#Uw&bTqRh)z1FAto7b^
zuS>4Sh@N9by?N}*s>GJ04<rh3vZc=6IyZ&I!TIqN)MDpwp6Gyfo#b?BE0EC2C0Q?I
zKc;+U_3P~KuBrErcYb;(9&eX8PNxi&T~l7WpMuP#d{P_sIai+57X6oT58GB=@d+Jn
z5bgUGS`&9<az(pCw>r8l%UkVAZ5<<$lP%jn*yhAyYEcP(&F||XZ2#SUeAaD+BzkI^
zr4r|8bZv;;KYupD&Jni~XX=j=szO0z*W_DaCFcRxer2Q89P%_PE_ZzBzGC0eKY3Sk
zp%ZitMvEy&YXh}e6pZ7p4%taVi*pMDDO6_pj;S}^@|QTxpGF02!fUQ5gk^cb=C0|b
zxiFAd=DSQ)R8~6nCvz$HHrBAKr6&w%a1JX59c7;b7??R3kGxj5f_=85dYmFxO0o$^
z&|0Zk{=#TKO6l4|FFWG;fG51&?){AO`S8O+Cp<(lU9yP^zW8Lm^M$b(ihhvZD2%?f
zxqY$l*Y{Uq*>b9KOLIhqFJJzRiPM%3X)Z;KZ7(hwUx|u|4HSndtv&frQ}gqtzfNa*
zX(_%-UHz-m@4fBq@!BKHfpEs^94T+XqJ@SxSr&@eEU+Jh0JKl5bNpMXU95s333DQ{
z`xbfsbIAHomYB;gg+2wixZu6VFhWM@*g86jTB{-CLAuA)+27{Bug`ZiDQ?h-p4J_8
zW0N`Y^(L;@{OVC|QNB<~0QMHy;9G2>-5U&<9$$3rzhY;bq`w-Yl*n$TL}om&8-CIF
z@`wLqD{BUKS$}t9<=ci#{XlX5Wz6;VU9m}e2a}ew3xXflL#OM3KpOTWZQ*3A>eXW?
zUb*?uz2`}#*pu(ps>-&}Cvlo06`zIfu65G;9czZ~HK+_v4*zgxxhe5(VJ#!?G@!b~
z62KB6$iVr)9wO;AuoodVzqBZFRc1QVsZ0kOji=*6FLeHe|E5x~vi;Dr&<Tr4b&P$m
z-qWi@bFS5+sOfJ#n9j6jNo?aYnEt4_Kiobc;Qpu}w_&!rp7JnZ9J%!*kXtIK=hDZT
zY*Yu&-_WyN8!mL7>?ST&d-y#!DB9WF9K|6YN95MLP56bHu?R~}px=&7IY><EWT&~<
z?QjSuwO=Ve|6sRcitn*4UNqU_x57k^2|w?Ra)3qz`fy5}oE$t?7yDV-1Kj-fPwk3T
zaP<Dl_eEC<)bs1QV)dU?z2k&>J-1&ANGpBejcAkkeW%D-f2fRDfjthevWKu9|L77Q
zKiU{`31FqnP7E;_N+x~ijfi1Q2$uBvJ(w|Fp!}zO+zDSZOH}>j)2=DfpvhNI!$PtN
zc`L)x`TE`+x1n4k-KnIEi3U@0wWv)Y6Z%mgcGhkI1WQ=)Na5#w1Pg1oju7Hl?~R-V
z1rPp)r>S+8j(&>YHv7jWX!hdFL}2<mS}{kTxSN{*xUiVmO5?|mAB9ds*OIxk+0`>c
zzy0}H@I9Wf!?Y8lP$`Zs%H$mS^5x5{Bo>(Or%k~aax5(8LNgF$_hU4GC5RhIzPx+)
zZmdW>DI)WJO{Dy)(_90=Ih6vZ3TS{)&ezv>jhdk_D3s?(Tx%%Yjm+9f_mx$R9qrwa
z@X;T1#vWz2S+4i`4gvvYp{SW&xp(gMqsXPZEQ>$Z&3N~`HkIh_ob#z6mtMF<soZl_
zLf$Yu^$+}p1T0w2&!g#_O&oWk_VRFt7fG0w7Eh_NMeRcf<*4jCY)8E<^9yrMr6rsq
z6n`!2d#KD(9DwzjOAAa!MIvj}{aC~D45mwMB~3g&Y?qq*%Om+8&_4r)#M&FgQ_7P$
zDK4JyqFkWxR+i8@D>PZB$?F&_Dbz%TdRqDuG|W?L5cE^5##-JymHw-W_*~%^z#?H_
zKRv4&jF6DULc!2l^)en{gj#_=KSr<Om`X>buq3I!6kG=DOXH*EOb6c5Nm^nlXYV6;
z7%$YAnk>1oAWeRMP+_JZeS8MzwXa|6h)oQQVw@g)!o^1)<U=Sw1n53BA$TzW+>tkU
zuiEX9y+$xbm3JPZVIs}-C+$=4gQ_=GpFSl~8V;vFGT)xA@rVnl^(}h{jI?i%tIksr
zeMkJIUP#qmAFtfKp9tkeWi#LH`m`IK>Ttd(==79GhKLtDKR#Z_pOJEl)z1?eM3y9j
zV+V?-7P9g(dbqPX4QnahlzWoOUCXYbM@N+rX-r`HP7Oyc!{Tz6VO2g-qOS&GkSm%N
z!O3O<F(^X5P>#Ff9aS_Ip9Uvr(v^9m#9KHbfAj4i19_9hnmd3QO&qq)KXin$3Ztx~
z4%$~$Ir|OZ)3(6hbD<2ZhSjP8e+o>BSDc9WBmCL=(gZl&F9I}qM7V-F{WbG(B?Mvu
z1A2U$R^WQopZAKDPY%3Zja@m<{5`nR9V0B~mqWz2%~rNNNxVGbj0GbCt=}jO(AMqv
zzVGc7J%MM{L{B^Z8U;5Urbhm!miQQ;c?p@7$!f}r`Or>~M)aUr_Y-!A!A(@fn?FKT
zd#U$^->nf%kN!+iyYA)`uX-q7!W1NcNMf!vcwNE<oz&-g@SvV#hi_#H$MkuMW}?}9
z56D^YfHjATRZSO4`wz^LLhSXpBd9nMVAcTkHZ?UBScA=CSgldXSk6>H%C<I%mscA$
z7&qZ->A;5qX@CzFChoH+{@M8p>?u)mZn^G#Mj#e45kbb5_K8&rd6s4hQ;>CJ9p?Tn
z-+~ao&+}h9xvBwep5N~aG1KucCXI|Oz?2n1E4`#^^z#!ISjV!M#fV!|AC9TF&T9pR
zmtHpet6!Ilng8PGZV#q{jUF8^I<p%7n)^P~$TxMS;5ojkM~mg$4LD`+=hMHmZlbn+
z551hv_Q0hGpfMFH<^71X@$~`WyC3MZNF))Y$xHxYzFKe$6_#dfa*+M8EG@*mC4k_$
zb8f<237;Qq9h1aQn=<b+l(oe3{M-H-Wn0l>eQD2_F+UpR#Ax1GouKo4sP)g&+P)9$
z8(_b^TBk`qhmzQvv&6m3W-LVrFOy)5`@<TnYWRH<;;-!FB5)#8jvf`Qy*@BUamk<&
z#2gxr>lkISryWo>$swlt;TeIYYHEKF*vOp<<rvHK^YQ*Uz~u>e?_6ut^i;U9<%4-K
zX9=CsvWFKn@2JCA*W^zv_qNf`;h+HnJ~x23n_i3H7$#s&XREP1XSg!c95A?&z>&qm
z>m!q(#B!c^4boS(stl?LQ953U8LIyXtuhJ~lsW77qd&gN;Su4xSP#d{4A^KFK_&=z
z6q@_9s;;3xl@j>q=rYT_{ZEI%rcg~13yLixDwJ*nINPKkZ4tc+B+gnSi%F}e(sLWD
zUY5V@9{H{_Q`c|U6!(3u4pFjL@~<Cb_9gL;GYRclJSg)tK122O@x0)M{xhKUG<p;Z
zrAe3xj_F&^9FXFkm~xm_4<lde@3EzsP8NyJPG|BH%IK+G`~sqK+jI9qFt7QV+*HhI
zIkLuQ0dG@$zPKZ9vGkK_Y4s#^IM}G2y{c`g?{8v;J?Pn4*(rnTFQ^=7g%We02h97M
zOZ>!%X~z6#Ols)8{b1-+pJ_f#!XDc>;UMT?Rv}cN8p5l$^M~$c$&dJ%0g1=Hj@oc@
zBj3M6E!_ZVkmcpTZr+KUW(IL%R>u#T<={b@HU$u*K{Qon(D?p#Au^*;c!O?9KySOq
z|DVc<@3d_wLWV^8Hf*68w@enFzqz`ueYnVCi$q(Kwa;Vzk3)R?RrxL9nsYpAzry~R
z{)tulj<(v{aU3D%haUSS;aHjy;y?ShCb(-2*1Lcy5ur!9hLs9t-i)OU8T~-0C8_Y?
zqsz2gz<!-;wL2gldGp2gnZCbi8Gkp%pjgr^9xDY_4~7H~p9mpm<%$p6anFTh(&LZ%
zzs@Ci<j&aK9?APYyB!s9e997_#CM*`dX&MZ)I4L==|%pp+i0YhUReP<>YWQ|gjMQ)
zOiMrc3#?^qbUbcHKL;#>2n{$BSzq`8au<}ko=3k?n>5@k%uLz=3u_Q+6BHUIev2*(
zArKMv8pT&oQN%F#QojJn10oPQ`~+%v(!j(7=IxNaYv+AhbGXsA$=wIu=CyMVa~6nk
z4=;r7Pjy@tlA3-j8yOJ8?Hh#2C)1z~Q$57R*SNeMa}k){)^w7$<{n`RH2vxMo=p{_
zX_Y#|tPJ7@xRNmvuQ|_Csl$t1U_0q6uCqh}L`uoV9OKf(w=NCV_rP{Of*#>2e9kb&
z9OQF^cX83;w&#+glJWs`2M;n+YYgliqV@H6lit<ZZN0uS_W9mo2onEH;N)jRdhlGW
zp}~RC;Wb%OY1|S1rjD|&j8bkth@FXx1;H3#SzNe=LiT>siP2|#@&TwbAwz7E%eHZk
z=gv#MOX?Xyl}ZUs6CIfq=mRW?<xE#7WqHDCx>*@J%d;>Fw)M1xL@LZcQ_NrDcXD><
zs3*uTQQ(i@tF=i6xB$YQY`wRnk_rW0b4PCiPC+xA_*~gXdb?yKqfkX62%HiGdZ;tH
zE9f<#tg+uLfQaf87sTzOMY)y&=HE<QvaJ<G>wod<ooRJD8z<a&&~E`6C`tmQ)_71~
z9^@Lm!2WQA>HNxZ%EObWV;gG&*aC)FUpvReD(iUE*L&c;@~G#+L-!?d#8W-Oh<aq+
zqddZlDAvq-XnUoRE|A~W=HJB0b)OD**?m1v!_~E48wr_yF@8Wc5q@!K&mb0)f{$#O
zQzrg^+sX=cX0>p~#H%FNYvLBH<>-vGi?IwCuy)6!7T5>}(-C6{z?t#U2vba<=D2SC
z(w3GMfc}e0WKrsWZ`Ao^`}07!Ql9iqTcn83kqul}`0Vi<kR61Yl&W(#Qj6Fn!*!#9
zVP@(0n1Z0JpLh)XDu`=bE$m}~^iqQa1H;S4rWb#;8b}0E*q<;r)Q<TTlvh-!f6#F)
zWO_o~_l@6duJpx-vKxEiMUW_+pvi;Ugezd1OP<R7hzZuJc#QjpRWMzc3PpH(ovVL4
z$H#y5AAn=xDLr{}`mUpW^}?ib>7*tD7G_cVq92RW{}R5Q&ZDWnaPCyp(^V*j$Vnln
z%9Eiy8f$<fz}e5T3%FY!?)zgfwSjqm=&LnZ#nrZd-0YV$uDHF)!tvAjnpe2p@RHxp
z@pwRT5Y%^?J@Rd@&E+q_p^Mjl;SU;rWRgI}`;akUzu&~<ba2YaYq!eLXCZ^4-vgw?
zi6syPS}&PBxco6EDP8ZTk$ZvB0gXEfT#5L!<JT)GuEPQ@4}|nkTwb>?cia%-=Ni`T
zU<X)VZ$<Q80r*4F>U*wvpzjn7YpaL=0)7vsG%+C~e!0XVe!z-o^a$9!w}0?1f_QV0
z<}(?}U{)TFLV5Oux&wvnMz!TWkS5QrzdU__ypIy3=s@;Z@tVuCz5CTt@i2lKJJ#5)
zr|v-bIF?$dCyw5JT|w^U%T857>4JW&2o21)WgSc6Wx>jXGjb|ZF4T0^B42sz!MwNf
z7$iNeRhSzaW5stIwbMCT-;tlGBR{{B5Dj>y&1~OKT2YcwDmGG;KDpC~RcT_9^a6i8
z+}`<*hQ7&qYx59Q-r?uu#(<Oc8-kL`&~&=Yec$&0@>Teq$x-M>`-n~s6E_nBj<R}?
zVzK<iSD0o`Gkk2GuyAdaT8`0x#P|{7t5)OwAKks<j3C2q@iLv!PI(iJFYQY4IjAan
z)Y%Y^g!7X}|CmbG%TfffRowBb+?MK<-<*?r8&?oG+eq)tyvXvGv>cXlorxb_TTq$X
zccnF{1|2&q;vI%=YeX+cTxTw_vhptfnme_PU$k?jxkf|x0Wh?R9F4rs(i6`Zui)l(
z7>YyM8YqJuXJiq*!u^Oz<mq3~WCx?|w@s1P52|`G1oik?wr;79=ndaDHtJW}&gn<7
z73b$Oz0!}ufn!L80SJxt5n_u%)aZCo-U>miMI|A?#1#%!Q;vQOQtGd)O*_Rd1>vKW
zy(8w5bjTQ-6T3j{DPd5f!hNz#9SW@f(-`*>bqDie$gl)Td8N?IVPG|GJR+E!7Ct0B
zflRv|)Q&!w8E#=I15gSR{G6)}z#;$)C=}QQ>+9=_z3vL#s%#m?U*|lcS(giJ-`m^E
zllGS=Gi>qTv$MCg{Yj@C49-^0exv1{(ajvz7l;x!SyMp20dQRhNl<3OsSHaiTNj5$
zHYbiZUPODcIZ%7jAT$MW5CfnN0C&o-fg}>ZgvbO?YPEx%U8a=x=g<%D`JJbF>mUXR
z&pqN2hCmwP!=j~M2F((?n!xz>^fCcgKLT&u3h%!=z`?ZmB}~-;V@#Drgp#6qvnAZQ
zNoXo<umx~TLB$yVeTE8bO<roicl{uk*xjf3#tU)=pqpW@Re#@SV-kNXhF{Kpw2gJ`
zNo56WQ2J5ZW^dB?%kKLk)e62Ui_%CUT}gB{sQqugdZzTK5GM}V*S+DkuZ&TlcZEXn
zgFbxtCyS9j{D*2(;QA?OfZ6LC{^n%;ES4ACzvMe1j$=QQ-0|Y&01OhhsZUQ-B@=*t
zwYTU>a`2dzKDmyNnF;gl$a!1f4dK;I`I`Jt^HH29TfRx6F4OImn6E{Oz22}WR~bOQ
z^WixBxZ67$9#4uD+GcC@NgLK53k1~L5_0OuUHx^7O>N_-)*gB?zPbYmbhQ9=Q1OI#
zY)2*RN=z4rAPb^0Gy@-O3`s`BKc%k+@G1Sbny{r-Fh0e0yh}<_e64zLZ*G5<;{3xU
zFJ&xDK4Jwc8m;ugY`I3>OR5f6>EDmT!rhpIG}2aktCYt)itbfs`>uSW1s;-*w{{FB
zdoV1D!|clqSJgBaoh|fvIrxCanEjWk7Df}YYd(igIhC82E086kR$We|KwqQ0Kj8(h
zR=OcR8rad@Tps{-Uk;&L$IbsV^<dz?AGHGfK{`-`IiA%Nt@|~S@Q-I!z+Y3L6z`BT
zNR%s!ELYB?rDkuS;xW>r0Y1T|`qa-9M4Qo#t9J8$yhZ@=ZqN)9$V<U@J_<j5n#PTk
zL1+iuk0~T%aJK9MJ^V%sjp*T(w8Byz1RyghmNV08W&`zuM_(b8YJxM+xO)!Nj@i+j
zpogRk1=2<>H9rcK2L%uVp~WN8)$X6Dq|p7L;O(#HPMI9?%Jcv9P)%fFc-0I~Ob0+b
zyOiotkbeFhuu-EzN&gFR)Vy$aAOHsXPir8(@4R~$DQfr@O7aQsVcwh6bOW6o#7ajZ
zNpLN_L&`<&j=<j9LvAc*<9QH(2}MhVmUM9<TMyehIyxSnGO-n|vF&-p5kO!}u({X2
z#~6)%)(r<ddgVN`);5OaEj0OWIR+oy3Q!E8AHFeQc=g0mAO0Sa_ZcmO1Jw<M5Bd4v
z4xkWZi2ooT9J>T;*Xy4nWPYPpIcM<EWbKJxX9!R5z80ct+L!frlxd>w^e*38KfVGI
zJBLMY9b*DM^B^@&q-@_(v!|C^#jFoi1%#Q})|zYtE}#UTHUq7*1%g-}InKje&^<jp
z`T5HP+|%ILd(m)bI}l6yBZ`g6%7+}^*=@l_p1XJ-f_uxO)Y&gkV^(hx{4VuFBcFm)
zX?~XQUy$1xnk}9q!rPB%wfkO%S|*=TszU<kA0ZC4SP}QV%xYm!$2V`DViZLKL8Pgo
zf&hn$Js?YLIl%)utf}|Vtgo~@HpRqSyqzAkB_W*>s$xGD8bAO=PPuHoFKX-Xkn08w
zt4<I$31XZ@h2_B9YGrIF@(0brSg(smgc!UTGY-Q2sd+lEWeiH_Q3uy#8+_(u4r4EA
zU4=;-%6mQ)uZ0C1=ZxM>)F>G$y}z&T6QY}LjiOA?3lQQMm!JWjAsU>WMg{Q#N?s`e
zRO&wQ`fXE`(ug%zJPC)h`i>8)WOyaZY;goTq8!hLJ(SCDj^;Yvrb;mhUN)(a;hS1>
z=^jr~Vu|qX7>JBff<&ZRtcj!c!Q~-;a{H{IY)Xf!NHvC341d$|dN>>8lIZlVkMSTe
z`o~;Rtj~@R@mXYfas!k+YguT){u@5sbZ!hS5|rq$N2E&PRQ8~@4VJSOKnJqclc8>i
zd_zmctEf=kukRLCbOb)M`ifzL+97j}>4)ufW8hk9=R2Y|NIZ((ai`$4yO;iFeg0xP
zB;?hUwSVJ!sgHGk4w*Wqq4gdgn4&I_D6p=PhL6J<AXEXLHaI9e`uQxMr_cQNGfV9r
zb6t_Z`>K^(K5U+sU6FvP$}soyOb%fla90b8fpBm(>)MjiM3DyshB>YXnyWCNdUbIt
z?Xng2Lw4%sTxjK??=&^7vCZEh5)K?J=U{QtcLhrEJylmP@3x=j)@2!YWsK}=Qg>Vk
z3?Be~M1j6h-zxs(P)a|MCeeCu2!P4KW-#vqgh)6hj)VLpr0KdoURW>h%Q;`t7QhSu
zTt=9<7-B6jF>(>mHk|XYJuxH+AH)>+pu^$;WP@sz{6DT%1j(d7SFyJX^n)}6^gvsZ
zINt*1=H}eY!*?iqRSCo4-k`v`8$|e4i2lP(aiia2{Q}K!OL}0qT*U7J3i%Kwfp0?;
zw*eX@V}9h{kRgzPXPP}J?L33=&fu(q`o0JdG!iAz9wG#c-U;o`<gkvNj~E9xSJ${0
zCvedK#((m){=8w0T`YhKMb2^yR{HSK415I$t!Qch36g~?58*!?43DfDc)rG`DtrrI
zcLasglLNm9{lmhLD3GK0mpT+#M7!)Y62F2fsqoP%&x}EP3ofewbHulN@wIArscmgr
zNr>dXU7<kXr7BHwhr5QhuG-lD=|3OTP$mB6Mf>;FBF29iA`Be#yNVo|O6*tEDR5wP
zAz(Td7{O$u`hiGsF92`xv79aZ>TXa(9TFy8?!TY%?=HA}i{<pg&C&g*wUP9RNO9Vp
ziMi`xCuo=(A3Z)YC3J>Pi4iuF)Y}tb!9e|Ub@el#7^A6VsuJ&}L>W}y!+ng+QM?&l
zst#8I-OjkzDz!T6E_8*T9dX<qL4;~IU*CFP?=-(ub0izjgm5Ix5}0y~nx$k|nhGzH
z0K^>wK)HOk-V0^g0AIzVPH4n-m)&0HXAQ=NyoPGhal2D|)&ac#zfJB~fE+3w-T$%x
zE&|)=8h4AOM^_hQ3D4z2IP$I*_if$sk<uco<o)Y+oP*zq2GuAfz{L=GhPObazwiC|
zC>CpQq|QpyIGj?GK*m{?&#xgN&MdTII^AhLK#0!$>VHQa!B_OFtb40i?<&Ge03n#=
z^zvpUCgN5Gakaij7eGV3_UIg-TD*Dw;uaj-Q5Vv_9QdX9rmH`$Or=M8h@9jN%?u`P
zHX=?;0b&du`|@Yx(sR{zwx}iu)ns&n{Fl3;syptFT!|~u6<>aTOm<%J3u&<y*3lS7
z>Hz!k{Xth4CLNrbAK*V$YCXFW^q@VQS6xADV;-hankiV-Dt0C5kkey)yNi#P!#8;p
zMcg=C_<Jd`mm<RHD$z5C2O0c|YyY*t=OySvU8|nX>X7e~GGh20U(_|imr*pI5^}G7
zNCD#VKC(_(aidD7WUWmwX6=ruyR#b=s`B57VCv&~YYD^&V0Ya-+s+XXKpg%Vs2CgE
zjsa!~V9x%}2e114*0=3aI>iVble1f=JCp8ZbRXQYZFlzBAT({xuo!4(-Z3hoY5Y(F
z5J8e0RfDm7thWF!G=~3jx|2l?s>`o*SMOcQZF#B`wJl`V5)Rb*iEZQf+6;F1UvU4=
zA{U^WAr9Jv1l6H85sj*#Ik9M9PT$xBKEcY8FihA_%W#q2ot5_6Q+aEO7Fq?mMy4^T
z(%>|AIedDS26K9okYiF3i;MZc*`szb#X$ocWGk5W*hX$oiX2IH2<DhDoCZj)>uXh5
z^}T(7pX=f;>ULs+D$<;M^7Qu)SQ~<!1g7ZhjZb{kF{pP4X*1VKL|%XtGk!mIvIiJC
zaT3(w7d<s&Ul}={aimk}saZKIuB}&PCkp5M^mfZgGT;G@DHlTFCrB}2z_vD)98TT$
z_eQQ{<YASZl`+XKDr;*?oxA1E>a33u9XAUcIUpY0;gA<M7a{umLP8J2vs34QR|AE^
z`^OS56u!5mwFjFNvcawye{j;ElzYvM;}Y`jSkk{UlCPD0KoCjPuSxy(>&OiIM}@8Q
zQYpz&3u`GaU_}3Qv|vy>z%>b@%qAG6Wx5AHQvntF2Gd)^Y`M8kZ8%(ihNsr=f6EpV
zoc)A&2U#7$frI?`KTG1Hkw5=ndhD~xTGdDa>|ETBMI69)gg5oCv8{)#-Wz}l5QpC(
zxA0c;9o5MOFWel7fBo&_-;dq;={kgxUOLD;PltTC!eUJr#<cY$uvhBS=e3anTpi9d
z$B$roDek_&{r;zhPZ+->(Ct-8Wii>V7u8&aJ!8#CI0f_H$6fue?^B^<U0U@4%GPpS
z($eBtz@-mXPDCEt5@2@79nW2%?kMORhVg%%@PH8CZ*t@YL0t{p#dc2r>D129X|DhM
zHBXKO*~r<qs>AV!)<7jiaU7-IA9q~oziR@r{MefUpsmR_n-ojrYE%EeJvOk>^f?Q+
zyMJvXKb#5w3j5UV`qe?G!>!XGsZ6vbGgGZh0SI!%K)GVkdZ~_u&oQGp_w{h)BzZ(b
zW{{osNr%V3A5Y^{H@VMkPYuSpJ@{To0)oKWfSft;H0SeE_s%tI&B8}ET73Z10)$L!
zHm9D9){}s9d6|CL-sI0xKa6Q_`c@Ul+1*MD_`{7OfEdFASW{sW<I)gikLV5GMG?fu
zCv(d?!!44nqo6w-1yY$1AAQsXlIC$i1Ho&pRZHokwm7(4{3(PgYT26u*i(G&$oB&h
zMxnjCk`1snaW`a44r}ejr0ss^2vDImfN5Zw(a%p(9K|qT7!`#u_4<L#d6*EuGz>Yv
z6+patga`=<5hOA1^8<C<{1IP@e3vi|tu`9@Y}pa+dN6w_@+L5CTnQhIZuR<62FQp+
zAWUekw=;#(h=_I=7o+tEk_6>i|6&o3&-^}$vw3@jf=f>sAKkBw2d0CouCqxJ&U<)C
z{=@&0q6Euawv1d%*AJJBCzL@ZqfOl6J~x^-F)zwjmwD|bEGf3|ONmVR3c#@@3ibD@
zW047pAoFK3k_LA@#(?RJtZIgzky6%V{~)`tpC>2EqUMP2zqik!gq59rK-QX@jI|F`
zsyqN%5PqEAEg_GKadxMZ;pj2b{qYwpw6c2N9%SE2P9T+IM4~!HpDe5Ng1~eryRlAH
z=+MsjPco|o5|F#IhQvirn)5V1vxdupARIlv#!MDTj>fok^O4|K!KwL1W0lHT9|PCb
zMq5WH2~0vnDZm;i-_d=RJY@(pdtE%v(ot185A8#rEId}8R&fV0ZcyKqW-WXInaGkv
zH4ga!Jqg@=7T}7xk9&*0_H<e)U}Sv12(Pp;jHu&Nvq_2rvCFYR47$_^*^?uD-_ma<
zVGx@c@YK*72(CpcJQj?^P)6L*&2BX*o1lgP<%^qh$^Dq#Z+n3H_ay_)y^7Eh2d&i=
zeZ_nRxG4(@SU`{aR0Wq4A1(a+HMFPd-VOkrl4WbmsChU-Y1*(g`o33TRTo-IUxP_L
zlw%1D!&tTTo|#c~8O#MR`5yLHjYB%RtAG?=){MY(C*QV9I@~!m(!_;a+2Px85b-)P
zfmEhcDd17FLX(~&&ns~Gr+J`g4Yz5M6P$e6v-r%=xFJ0CKHPWRq6{c+0JIdl9G0`T
z((QK6Z;~8010DShT=b?&s$J&|>1R!9lr6IwXzq)1_oMadJ0`kQ#Cqy|t=Leo9+3Ou
zB-5k1Di@cxdV=q61pE>xhh4nAoymEjPK9D47DT+s{`w(dWNM-Hu*694cym;8(cM+&
zPnWk-5Sf-J5X|Id!!GKiDYFmzdG*XpL1|CcAk*znEe0xOD>cNqZ68u&qX8Vaw;Fk1
z?5@9|Bdwm#Qfm+eY|0qAIHn>L8T~ipwxEIMoE^Z?j${t8U`|@_wgYGLRu+&z=aL3I
zBHtD}GkQNS$A%4zR%a^6lKWD>5FD!}ZVXV%Zm42Eq2DOMlx(VX0#mXCz5;E`yr27m
zY*9~?Rsrb&z;sIkD&xYxF9Uz?6}XGDzQSV_Lab3dsspqb*5$7Tm8c0#{g0j&diH*d
zRSR1}Tk|xBsSwLTrVBOl7y!X2s~z{-uzsksW%9ci12(QRa%m;28WQ;ouoQq&fii3M
zS7wrww;~gI6`0l1pY_5A&Dg@3l~#d+H-BS5xdN|)bLCdveraj(wXxy!#Cj$Fn(j5o
z1UMYA`X@u?Cf=$B8Btqexiu`4v$~qh0oWz~w~;XZeJtk>C1IXsmhMZB5UT%1z)*0u
znH>*;Na~VTujydcd#l0<hXf}T&}d)+ag)`uLaWA~`Yt{J48k1~_}~9+F(u=`Y9y2>
z>{ewn{zGu<%B;P;Fk+3VA28p^=_w1-k5_;q$jQqn?v8#>e(LEd79c4pX(_-D&~9fb
z7atGG#ugVHwJ?=uWr<U2_Q@pL?%|>V2`!NOnpr->czL@nVA-Dxkh-cMRdzWV%V#*j
z-vT~=0l0z`mSO;0hiLt1a#?X@iD0>tjw{#I)hWwSNqX=G?7*MJ^Y#I(sK64y)b}Y7
z7#8Oc34`mZA4jrzvcqR(tJi~|(ybfpLd3y_*ys>GKK2y8Xu3oV(4Ar&j!h$aHUU`x
z5=h)}1kU|X&Ja`DhsiM#S1NJi=K2rak~4$oQCh`9Q9ZST`V?4)DWUfSNM`+PhUOaH
zB=w6R+}*R`pJ$`3*%3=Nb1pzG-r@Gc>Bf7pVTOO_h%$OY)7NLXYBD`)4E`R}Q{|s3
zX**g7(A4Qc+1ktczZ9w=P4)G<@|er4ui2HS%U`wVVLgYK!AFCy{u<adK)e9W>}Svk
zYuH`o0viuaV0tcuMRJy+Moq?=lK?WVchN8ZZdnHLx^9Sf%4+MM!Cu?wSUM~#6@IL<
z9;wEaf{z|<Q~DtB(CKn!t7sGhs6TYLpV|-iho_ZFun8bk-<yH`j$hsWrqcy<oWn{!
zkh9ws@1WXDrsIm+znTAQBemh%;YwJZ@MU@NW6`D`(9N3WNuc}nfY|NZu-bmM4UQj<
z&3`02)P9?sT=xYkG<2N&te}+E_vZ6*&Uq26pj87(W!d<(!GCpD`ffO1uk22b^fZ2;
z4q9CRNWWKp(cT^ds)XDB2)bZ$?27)^;p@)^GoD$LY2d(JOcko&Z0Wc_bDXKRqxw(l
zy|Uix<~wmmBMLPg?Uorrd=|j)doW;yY7<;cT;OcnGFlXHW@}i<3ggUa&v0z<FPDWi
zp!$*w08Smv)vRZ0YUM~BcUMB%JmPwFa!7zM^{fIU?X!K4P~{Smv2?a<chz5f;qt&v
zI`sKVNts4B;OLT{1s8(t??T{A>=4G##S~HF)uO|@piXW326}PlLPlGK`quLW9&LA(
zy9h=OF(856yWa;p`)2K&&P=*?f6kdI$_`&bkELHXJ5LQuAi%OE3L^jcMXHk&D?#49
z>Tk7t|GAe01E8CKv+Au0kV7YNS_n_X*Atkz64J&o_h%1(q=nYT`QW~RR_EqREqz%(
zy^OOb40wL9nV0R)(yDByfrpPKi4;M28u`9if8`0E6)#*RqtW;P?B9>op5OFMNhB(Q
z`+|;2bm2qZvLN#bEe?lA*7PiiGn`!cz4yg|qk3Pyd`TT;yqC6~eR+BLs99=<lZazh
zJn{YQ`~6=+Wm4G?PWBW}qb}oYIwdRm&tbK3iFY=PhE}t(Qqj=TvJq}=ZCMXxhACKE
zTYGwX>g%Un$=d*0vOE4y4noy&Pz4bHA}R+|IV_1?9f_0W8YuH5OuJa4`~7(A%<;)d
z!&<IKYQzWkxQlpfvXN$U;&*Xz$P+mZIQw;rM+RB^01CE66?He)HXumU^2x~wAYK8Y
z$DK&+05fXv`tnq@eFufjS9o7WgD~M%{Jk9YJwc}Zo1tDp(+6$}-fsxs?rK%Ujh0y;
zS6Aq??#9oT?T*j95q@^}D#2I+U5Yos{KaE5LDAo^x?V=xf{5Y=(uj#ukqCH0Lj&_N
zkT_LnFo$sRvpo+Pe${W9tPx{^9(-H_i_jrnYjd|4_@_smwx2gqSMA4(os}W}$^$31
zO}=~>1~Mz@`dV&=oFu41ZdgRJJ`DGGH`1u73%n^)5j#XREKyeNznVG<6r~m~7p#>5
z`ZCn<aTV~oz&5RrEw3U1d#mF3PU>QFuRa~Cdj2IhYpJ+7Y|BQqhxyrZqjEOj*#tz6
z<Dh_p`sMhe^_1~!3Ltpj6$tWj&bsiYScjQDcGX0V$@!Z?I$%%O3cYdZQ|_#p4{kNR
z#St<}0^S0U@mu5F`2`RLfPfwKpGz_Fc?2>q$n$SbexDa@CIgZn=0Gv?b~n?o@o!lX
zRr}T{L8S7eMbaDPuJE#s<!-TAkMvC~V1H@$bMH4FcF_yJxwxq1|655famtW!_(??n
zrg|;dt)q&FiL_wS>2jJ(T^t|%76BntT70^6z81P=+<(c9V_~Lqef%ST+I~PrAStn2
zn-u|^FL>;KarCcbiFGv!`)ae`{u+~}$_Cy%4%6CmDa2pNgTZ250nT^{E-D36mi*_B
zfjtJE#Lo1{Zk#g~+4zw~yNeu07|PiU98vQAgDWn`)UO&$Op@>fJio9|LBu2h<|R^|
zi|14^06eT;ejsuV*xrbsrx~Zk5P!WFu3D$%f=oC}&p<3E+apMuWZ~d37gHzDis!Fy
zQB;z`!i9w8w-j=5--Jv-q*^3WmTY&TNF4a1C_La;E5V30M_krxIpx<RG$_22EKLd$
zIX^U)@c(LXq)0O=6l-a#wivG*b|0q$T3IU}Oe!ZxKnp|a*q}la)V^ZH5zAqhVhEec
zVKWutjv(M#%WO7s%0;gsN=RISbYi6KG%B%B4#FO4K_luMN-U>L{vPN8n@RUQ1%cPW
zX`ZL_vD%DaR_W%p9Sub(!*G!7jGT~}C@IsLmO5m2XGf&8KN#)OZmaoEqkRVFdKW_c
zeu~WdwHer4Y0L!kKz{Vn&~Ol>GBx4u>6sPeMomLAs(IO?5E$6uCr_uAD>Y+WJv^+D
z(V|HmhPBOKn^8tc&@>B!Vp+yusdcSPp*pqKBrjC}J*OYs<Z#*VV8(wAK}$;u(3puf
zj*b*~bz6zT?8#+ySOUPTZBW?jo`eeMuL3z4eK%dL(j#%9eXfEL#I>cU_QW#VAG;Mg
zs$@PI0h}M=H=CHE?0Vd&^=}U*xDIIqzT^U;Q2FH-wN~)Bi;~PQZ%|0kALjzYQWd)K
zcC|OBjwu%xz$wkzp|^{Igu<qQ8AA$o4C|=(4nGlauV^Y~?~(-!NqXWPYsgXlo4|MX
zXsSB~t(ZmP-Atb~*q~UYYN(vMxa?4zLa?`Xhr<QR<y&Vuhw;Y*Owe;=wbI6Pj&J-5
zB~ULR%uqIRTk_#TNHp&4CJG-M4r5%r7>MXie!f^ko-o*W@voU<OF}bUyjUpwevblW
z^wt7m^)U9*>bnQ!(=^>^7gsGz>o<-VJT=@GLjwRQR8WI`b;zjxxY~;O?tJtnC;7oo
zi^yU-tNa&{*<H#@H)ndRsg;0++ja`TW^cCvxS?S9BqWS(`Zh6FmiiJ<$aq}=$D2_G
zeL=f<9bXv+KN<Ol|IqMrnehGE(o|ZoWTA^sbLRlDB^Fb$M*ygstjqQ9f4?g4IvoN?
zOl;cI>)x%dWb0y?Klc6zPTEhNM=cx$$YieQY{lo!E`LMn0}za3i--Qjce1Cm6sz<+
za?(aZdj{4N+@%ECa1JU_{&N9S5q<1}JLTnLY`3R!ycBHDjTPMiutlLB4ewIobelQ>
zTNgYR;ao>Ws=!bV#7db}mfNzdt5+nSeNi6gtr;-4dT0STL3$`hFhfsJ5WgBX8(G`E
zH+X9z`4xyi21~>~*~lJ)?@CX5(^N;4OIRdEUqs^0h_mZ6hCNe!`H=cssIu}YO&#y$
zGy`5^55L5>%oobdr8rRoU$QgZ1(e&(QP{XwcLhwm=`i!V=M+=$|2?POC&iOgZ>BTL
zV}8q~?nwAO{&=_QL58vofmSU$nJ>k&Cy;PJ*8nGY@=&_~ae}O=gFQ_U4i)VEDa!~C
z3xz=ybp-44WLL0l`OJx;H*j4UxXxj@YnySg$ittidtUljm~&bGyjBF35$WfwiVw&N
z9e*#PyQQS~fmPpU^>flZek#usa#CPO5m;)?cdL2?!4oE>;yvN(59ry}J&^x(RbkWq
zlo_>}=N+3(*M&qWPx|Ed?w0-sVA4hqT>4f*-QiT#)DLia#05BC3Y(HJ&<L#cI}}a7
z2Nz@hcSU%`zthQlk2UCv`u3}G=l3hRPzx+k=fY7S3Q?oeH((wofu5ljp#NMdHEQ}r
z6_@cOf`Dlwh=8tCxD~3V@^qe(rgl5MkD2uvxa(s+I7txoNIQ%lh`}7frdqbaH2alB
zukRxv-v{eye|S^!GT8!e#!ayIPs0$F@A$+>93aA}$V1pI5$3<I#D>JKaQd)-Q27xE
zgj!fID-3$k&_XDUK&h}S5D)R*26|5?#L7b0Q^K*-`VkQXeGGRG@*+x44)PQF`TzUV
zpc%HtDoOa|Nu&J4t|ln!>U#Y?lMYkH5E-p7x^VdnO0GqY&5R@fK9l!?f#ret$R+9}
z#BU3OBJ}Uh{QXNuR5m;LC*TaE4*u*TW9ry4%}b(=u#&!(_1;p3u!FhGP(aP-uFMKq
zADx+*85uFfVzvYT4p1LO0;l*H0q|G|9NVoH0M51ph~q1IwJ*ssxiPj7PZn~L2F#!=
z1Q;k7Z3BGoL6#?jyWoHj`X8lum`*POh%UA-P97;fzUtSoPPW_l5(1o3b{6E}0-~ex
zGe|gB^a5}uL=^)Izmc?9XHH&jz6JmzYWD+5r7MOvD+sy^{ea9(50B1m!f#}HdU{;=
zO6GZ<pm#p_ascoJG~1uTWjc^C{T8j<qq*>I#80JU*}^*-g>_XwG=RI67>BDo)f@PR
zh3yPGnkb+Ir{d#mb2boy)SIc?9ycYDz>0mIUQp;F$du#ddtNiBY@VDfd-sJ9_S8ek
z3dBIveWD^@+7~njsJ94lTA;kfFkxX~AaCpg@5^0L2%7f&oE^z|0~}CM<HK@r(@o$?
z!SfzCdjdI`ik6orPne;WzVm-K&>8kawzV7vfl+5A)^CG=cCV{qZR#b}@8~OU)fOG3
zQ(E5~L@_Sp_rUy9V@Sg~+d6o0t#M4o{+t-6cn~<$^N4D7Q;Z<}9&0lA>suhTT@KsK
zF$GS!^kzu7mr+am`v5SlH$%jp!j8uRWeViEoF|8Qw{%w9<|qMQGVNzbEV_z8t1<~;
zv<hIbxMxp%q5-A%Q^Tvz31FwCg^*oAl3(Av2@Di%t90fGgCE7XL|@J(J)!dZeZ1fi
zN7WqrnShFdXRM#xDH~d1Z$@5d0mq8<sS9YaV7fCB;DVoG!RCrUa4lY6$SlPS#`|ls
z7`kTbMVn~YB@QY{0M<3aVji*O%I|DaeH%(W{QME5hq_Kodu%|Ap`UM9!1V`CS7~FP
zgj>zPFj$LMFGD<WkZJET@zA2UsjDsOxhg@^%5-VfwZ~Z$G|__OL$WyvkeWQZE?Y6)
z$WJxMUnorn&)F2Q7Y)rmu%#ZybMdfR9I$l3J5;&HW*nS)ZI7ia?ErDK*?TOoAGRt9
z1(9pnq1-$OHnAdDlcvjI|BtY*4vV_!!gg6)asdfxBo?I`Bm@OPT3S*XX=xCtrIeCx
z0V(Nj1z{;k=|%ww5d;Jjr1@r1-{*PX@4K$=FRqK-{msmonKS2i&VAn_pxLK?eMx-b
zCcziasT(-r#)z6p_P}3*^9-Q?vzaOn6<WJg@q(Rt^-`vk0z8>C7-rytXhkx3W@=gi
z(w2GKGiF&jo?+SB%YO8CU}g#Z1xLT9zN1tnGVR?FyvbydTPfQqMrjxsco$kG!e)kA
z10K*i5N04W03oV3M(v&(cb}<L+>+qj=MX`sku+2|2~CE4uj{H9I<<why3xMsrC%<s
z;LC<!0T=A@JLH(jge1Lixzxd#k5$4wf9L7p`@4Ghf%~@NJOwxuJidE_mn$p}Z^vF8
z3VLYLDGen6vCo&xi~UnnU2Lu6pY`YGjac|5kgMeq^f<>eRn^9#ES*D*<9@%kK6)A0
zI4*1I@c!wy73z%dWzV%YlKPO#&;Im1jjrN|Wu(qX=)>ln0dSOK<M=o|zZ&<PWW}C(
zcU|FUAaDedZLGQ`|MiSl>Lry*R;YwO3j~ZwNp5Wj$se?IO;hgTo7Zz)Z%qgTprxnS
zFMu`M(Dr1qoNMyrW9go4iisw)VddoHR7c%`mWfN~`5DhWWOsPCEg}nwzCo4s=aVi3
zh*$`SQseJSKqt6)!@nz-g1Y#Aep%|vmnJoQ4~EOtGoWx`7nG4vv)>D|vLR>^=M%Gm
zJWy=R`?xmREgebO?KF6PY-|1))O7LVl<q)5hrHnwQ!tLeuUEg_;IN0%0m!HLXI(3l
zwHc6<aQxuKMd_}f4~lm?d$Ko;OIWo<w;z>$Fpv5DTU_exv(w|x<s&P#Eu^7JVlU<a
z8g4f9p%n@T%7yLc18OJh!A0cXb%W<h0X==cDWk!uu!ni=!ZPuuFD#^>Wx~Zqb3358
zT{jz=@%FG3R6&)q*dS3|vB{8FGW2K(;KIRny3IGrTNpJmoE7*47L-8vo$G3a>d6^m
z>L4_H^A*&7kDSY^<+v|ClV~ryKDu0(Mh+1*W1znOnEgkbm<aD$`%7m<qL6-So)fp$
zz;C_><A-%`q<$Ife!Ka_PPBo2sgwdP95;l->A|qRX)Mg*{c}#ysPcmr=KPDjEBTst
zpaTf-Qc!iL4c<_0xeZ#}m5{piy)5D9WHy*%9C&gxhpHR&vEOEnRFts2-KIdW+?&52
z5Y<B*bemTTU(Q#hYhn8NtOgSTRC=m2g3bz+5(JjXRcve2wbI-4%1un3ii?2St0bb%
z{P!~ujegR93vdPP{o#f+AIM_s5vC=q=+}{p{>qDg&GOxxsGS^dF@IT%4ZnHKsrS-v
zBO%uC;ThhbHM+BX;#pl8l}{&$-V9wWSV|+ns_4NMN=QTzmHT==XI;jF3(x-P@YI^l
zyLtdYsH+a6YjPf@UiHPUv$H}?KZB*ogDDAG$-%g$SH7%IJZgm+_>x^9XHHNqfL=}5
zULG_($Jo4>^UB>!_gMvv;}{XR%My{4a!`Q<?1rNZazKPOm-jpA_V9`%Odc<$9DASz
zcqrvZ&yAtzmnv8q7bDNY?WgN{UGMmE6d&EPe!xdJwp!2xf&mI(e=F1)V+lm%?TU3*
zO;zss%4>(zy$CF~RC;HL6bUbzjPvCKJdG@3T00+SerH#rw#-}W#Hs_!F?f6E?T8H*
zei$UU08m<+$%)#4IwAP8vuEDB%0&CSq!MEa0M(b@YJ#V9TYnVQ=5x`?IQx3wdlG5*
zG|)UORaDPa^SqFxdre$~J|~*rrl%h9P?PDZ4+-9q`4M(P*K<*2qE@k}4Y9mHQO~aR
zcW8PwP-cON=qG+3#vuAwQ*KE#616?WpRfyz6eAf_CjQ{;<j3$4w7`Jhg6Pm;@Kb;!
zXB4GLd@cYO=<D3a#_91-!-3+i0QY)f7&dd1X$p~nMj9E61E<mwq53j@r^v!V|3^lB
zx{{!=GAg%oO)Wu(@1A5VKj6J|#|Zd-(>|5U+a<@n=-srqv70h>Aho{Orlj(TOFPB~
z^3Ays&ijWzmnKAic4ft^29VhEQ=+|lWJlyq7T7IsV{^w%rMOeU46NFaZJMp<mu2XE
zax%e%Z$f8M={j(o;F%3ceMx+Zhx)pRtm<DRjrfU@&Q-(EXOLesTX6#G);`YFxfVn6
z!m-}8?C!JPv(B#Z%vkU7UnL6s1hg5v@zB;3@^>Ldrx8sWceGgMjgr}fe@}Dvh`6z<
z`YeHiY@01=J<~Z|SG1(a^C7!yyl{aTipZPFY_o615c(`P!tmGrpAmX;OQP2@Vxj9m
zX7T|)!y1zAqnoCo3qwlu$D>*YnAs55rPhcTCNcte#+Y}0GJz?V`Uaq&_XH*5ePMrR
z-)JuX&nOdk7Bu@xEN>Nz23=XN^g`*z+Py}CEt3Vw$D?w*@(^Hr0Xu{r=t`{%Xc~er
z7N3fTL14jE63WF`!h}yDWM?_|^DOQ(|9<yX>_Aa?0(c3y9Qb<?YK|fSPUL2-&bjoi
z+TCO5Q|>nf7!$ghRZk2>BR5aqr+RJ1df2~mcz^j``gIBMCo9=a<<UyP{f}^AAm*lW
zd|OZj5gRnw%b=lXJh`T3uRYJu6Z7U$!&(E`i``2}J-rr-+6oHIh?(1`M1p2K2j_u!
z)=z}|r(J7)pewT(-unZepU0v~^<S2MIw;5`bECRe+p-^Xi+E+35T3Ci^3n2kVuE(E
z>UScs1k$%I5vJH?3H%eo0GUu#{BV2WZPU33mr4P{pQ&PWf^md4ol~hp>-hJs*p|X+
zEe;1`Z$04b>`g3rL@_7a;M8CBeb%il*CJl@Mbz?V%jDOm0=w@g27tHUT+LQ{+1#OU
z_OkfUw5I)sSYTvqP)^ffw_UUS;dX}zVxaO85V5h=B}VKH5VY(UHzKMFoHek5e_Imq
z3CYkeLu`X`zdklLygR&eYV&q~-h0nT#e%&)(P`)W<UmO9rIdP-%xwy5L<jb!8j<q}
zTxTTK5%xNtJ&XM?)$F`g`&-QUnZnE(WVUm|+lvTillk~t`diVWwzfHjHJR)w{9Fi?
zBTMWyQR3<CrEZG}e)XXniM{sKtcWg);i!&s56!{P&1m4(hy=`To^XOMa`(&ZUUw$q
z1U{9K-n0YlEAb=XVv8pv@Io<68yKlT?~8$zaz$v)ceh`EU2A%@<-Bw6kvP+06Z53i
zim<h6{!Ywh6%pI;&-Emashs6tYUkH_;U=oIYW@1M)@?EIYKYM?*<LHXFYMfdyD78?
zX19t0^Ifn!?@B=jfcJO3BH46$+P^xcS(SU++qV}L%1|A9#p&$j=<D6$IWO$MbpgR_
zb#0OQ4*^n80vxz7bO<>rW4^QhF?-KXw0e!u@SPHz<Mok8l*;kCTU5u6psywYR0t|E
zX8p$(FGPdG;u3JEJacTVU?F{OrtR8K{mfr5s_F?cM?6+2ko&Z}1lFo?Q)i@W$p_S%
zf>F$2FrN4$ncJc7cQt<op1*EhyxT&2#o%IR&=6BO!od45-h2HBJJA`OZ}#g}yzO*j
z)?v6?ZjO^`@&JgmPqP(xIDPHohvL{rCVjq<Z=+RFz8u8`%Yi5N^IB9Tga!W9uf;`x
zAHsF>CUZ;8uEJyb1i*3xVM8JVS|Sn6RZ#20wB~f2cR$*&x<#tKQ~08xKzu9n?=bjw
z*bn7MPoF!@;l@mOcvuYp2$sBPi22OF%-i}T{IbsXWQ+Nm&|tOvog{Db$sW7GcfkrR
z*{|w_#7L}n)W8~l=d;{5{;09StmX{1p^-Hz<9?>DrHS4*|LP^<m%LxEf{wS=#jT$C
zsO7U3Nd?DnZ-oT?BB&HkNDN{HLmu@`co=A3!?JN6M)(Ss7J9F8!QnGf^{(T;jVyyx
zQvcP$k{S$F>N8sTY>l(;SNHOz$O4OHTprcgyLw%WrL?+lXxYD(T3A_aBb=8_1&LD$
zmwtXRQ?-n*muf^}n{Bpc$KryM`0tXqyu?X0;e8~g^BsDv+2&bb)_oG`*NG~r3yV)-
zM5<K@82@|~tRDA0ac;SDZpF7XJ4uiBym5A$wBYKWC(>Ylr#9SbaWg98?Zkd5N6&e1
z{O*+y`a%71dVvKHL&?{mmmubj&{|@?eOGVB*+!~te^EwXE%mj|DJb++iitDVe|_=l
za(K``XSgICVPgN5|DZPA+%u(Rfye3WDR0<R{9L_n`=*y)?xW^3k9QT{J8tc!tX<ZR
z<zicX*(wuECVfi4*NY$RJ%kJg;m0ugbW7kjJ~ihC$E?=vZtndEOq)19!`cn|IF+qg
zb?5}9l3p5}Rw%O>DMBP}axRKSeyQGfJj$HSPXyMqIP}1LU{2&@-e3_5Z(spw9!{_o
z)vTe-kC(W|LdTI>1s~{Y$U2b2wFxrBK$4}h&zKT%Ly1sF;;Stz1ca~uvBPUPh188&
zAgY3Bf|U@kO{TnVF9PZ*QnI0eqA>i{eBO!Xl1)Klx!$jC4t}AKzFnh+MWI}IA}f>(
zNcvcTLn<7X(y=I*Z289ni#t#*kh_)!5#GZgWMFRzCl3BU-2>+p*BeY_1&~V)Jat>1
zyhht>rtSvb0A!<By3LvCs2p|LD7L#hwNvz*h0T88cBYAS8BUK6OzkRK+7)I)lCa=Y
zuX1Y>1Qzh=Wyio?N%`Dy7fPTg2c39cExq(WK<K-tSL<1Afi7KJ>}nAve(zl^_eUDC
z;S%(m){T1Ka|~aH!3;ps$ZvV+>JiS1qPxI@HDRW6#af|uBLpzN$Di-k0Wm&_E2S!e
zvnh*JdM_Vx_F{R@yot6#t$^O+rYgoM0H0^)=%}5VjfBx8;!^M&HQHqF-;T7iObCvt
zdB_=N9lR0>TIms3P^8jU^V~ambwW<%NGbd>rb?@3Cl~UZIRYYEu$`2OhyEIvHT0i>
zN4X$XeHu!C;in_bER;rlciF3pa!J9<Hee<4$hZJWDlER+B78g!)=3Xb5P~1YPm}`F
z16x0cMXhJnBU_}nR1AlaeeKf`h7UoCT0`LZhR23P?xyK$+&H7*n)_H-&+m(nC2IN|
ztn{!`Roou#n4KT=9^ftQ{~AlFlA3^Ej#Y;OS_}QghaOjaLhI!cfX{!=Dq^KoE9h-%
zV%b*}#mt$r&A!5nbvfFa8-GOEMGPTsKLLyQ^yb$AI-`uC!&b8dG8rBv4%mVFyP4Y&
zvU5oSU(gyao#sT&*MDAtH{445@HK&=B5sX>jsRz)0aVtU+psu6MwalB2m%3@r;4+J
zC(Z3_ZD;GqULg=l$26OC^A4*#NT9*yZyOFUS~kPkTxqQlh9?Mo!LXIpdRibxqVNdh
zQcgqp<}&na&QvUgPFstUMCcOlo#tOVeX<|kBFKKPm+>9UF6>LRl3)`W=aWLDCr{aQ
zx>K5Z`_^=dfSt-qwZ==nY7D7Dh{xVmapDS}G-1O}8T~KcftDUt-Lfi=iKY<<QGba|
zl0AN}EoDenU}4u$C`a2Ag-gI-KJzRer(1+Vz(1XZWYIvuLv+_^K^}u-W>QVSpNUAe
zFqhegK+X%|sv0F9^UxTG8#q~5O8J2<n>58Vbej`Wq(f_@Qyq@E^tc4<zp`hN2YBO)
zKD<^)xo4$KVfK1>Y%91rh(fwOEQkv!2ODPjmYwY+ov({mkcQ(U4do)V<bS#{53Qrs
z&JFx()h6L2+{19=(A^}>%w%Z)VSJb7{t8J%>fukU*k_I-iIcJxLj&=>waDI-AtSIA
zC>#)6eAXzUG_t)+rhvNsLY|vgaZJ{0Eky_otj?Cr>8w&|0xE+w{T$u|?=D$4RVt%5
z#37dhqaAL>3<ODlUHQD4^4;!DW4Us|cHx+c?;EB>a(ZPS<ZkOQ%jVEr%Kk{Y+D{P3
z^C-nY<=W<DM_5dBBLyGMRVBKJ=(#%ntQL?K;hB>&$Q?u4KDaO|6R0k25H7vwkkP_#
z@Evy=K6Kaz(hoB)KqCAAqcaT_p#FQE$8+*7G}aMLwPIVR8G;lw%tCR3KH?@Z`MCWD
zpgYSv=J2#--h9Q83R^+u!c6LQ8+6-wIX5~V+fF;tqDLM(ohk;$eEoYAtokzCl9R&d
zC)66F0G{pE2>+AgC4HIQj;g4NOZz|gj)ZGYiq(Jk)OfBAw`OVVyXdR^-o5y&o~DYx
zi?J?rdv*`pCx0lEt__HXH1A`|@uZ>q&v))EX5YgXE+;odr}}QV+;aZ{r{H6;BJf?g
zq5-KD@e@R|upBg#ce;=Ha9fUggA0Do>@&?d**pgGHdYsYntS|Yo}yGZCko7AO?h{(
z`_lp9GQQ}Ks!`C1-v)#4BL(L(u8bT_UdbI^pUy#iPUc#VPr4y|-pLUkDScsHGdb(>
zvDJ{O`OeQjk(;LOGrsnT*Ub%+Y1-uJMs{}-v1R`B_dTe|yw!w0<9Q-8x@|eWnU-jA
z&32UIe0Z$#^KW}TiyvjznoikPoJH;pE=E7>FT}ER+n@Jjur#cbmt_V{=1PbDr<6=u
z@u#jH9`(5|U%u>mLH!)m7tgz6n3y&2=!Zu}7*i0%V*!wyP5!+vLyxXla|YH>IgWme
zG?3(fKr&R>%z*C>N=TA#><)kmumur6Rn6QL7Ac6Qi4@}ZwB1$MZ+x+AivcpNv8KCk
z*&CD7vZqDlX3G^_zPy&T4$6iclO#c)J<lOb3=x0@EpqqnUAfh;XbufL7|kny;K;oh
z#m+?K=qdb?w^FLBepgWux_=|!iN;ON8R*u=M*PnLwVWyFz^(uG)#%M@Y-<=VZJ+&N
zZ||dpHI`Sj7_W?@Hu(2lRZ=RR(5oOMT_|I8YJHaZ_k?bJ=tdyy?sxo}oA$}RF29l#
z3Vaqi17-#vDc+r)%&0J{1z-|Bb*3^Dn>IGMIh)!KgC8+QEMJ1N^gsSuJ=otHN8Ab%
zU{yy-+cSm|@ZT8;6)<>&M9^)q5tG|thy9H$K58MjriehYRVh0dq&gak<qRqqSpJ^P
z|LP=>lTl0$W6$*sUn($5Tbyxj0O=7=<MV470JG}sXRoIi0~S~}4gaHvbV{1^D_=p$
zV`Ib4%8F-60aNhj{=S0V{1mfsygb<>Q2e-_AY?w8;*W~INoLHx&~C~8z)C+QI)BR=
zWxcBD*FvL)#(;3d+A;DNTc-n|>Se9L{l*(NR5Ct}jEqc7JbIa?Y-YwZ<00vc77wbK
zd9&DLH6yfO(U&L>H{DE5kCe(o7}o&t>ez{!rWhRj_*y4AeZpiI@vWNOt$YQLZ$W!|
zdlZ5|OY_5ITP#xzKzoqn)AMP~y>WGOW3U85HWcwTuX)%ys(R${dlf5zHrAIsvBp%E
z>n~@x01A!E%&n&tfcJP65<Sn)PAOh9r>C2$tZbw=xu{L09y8fnIM)$_cbF!R&%wn5
zVuSe69V9|?3*j1hO8#0QmX|gm#iJqcJ{@ifcKdq01|*ddn=Au#qQ_s9<rcL1{X%a7
zduR0S1T4R`=IMKS3tTN0kxSN@eG!FutI0z4sr`LiB~#-V=WiBhq@0l)31#J9E~Trw
z*g+?Db#$k%sJB$72g`(CH6g2^^V-?Hzw(eRJ-ltAiDgRqYi+W>&0Xkyyl?eB_#Y0(
zslMv-`)!tEW$5~wI@D~U5TJsc%qGW&P3^EAZYm=;C2o8<=gWteH`ZECXIm12E|F_`
z-Q!&&$gckCnu<rs)1+Yeyr&ad!P6b@{RC%#Fm0e<DpVA=H&d1+F|J-}R)ZP-L&H{k
zDJHlck6n*0Gx^*=LD1NaM)wIKjEZMSWD!#)UF#Qpg-4ipLbZn#N^;wp%ktqa?T!4f
z56tj}^^%!}Z{HuM{F;C4`57y!Net+`CXA_MeA-R-^8Ha;eC<5{#vGk6?}>$yI^^Pr
znorGn)3mrxK5Q^|GD>#e<!b#|SK8kE+0M7~y)aoOJ1%RK)@SOQ;@>ttE`RM(u|EL>
z?3ByQyr?HkPBA?bO};au_n8uCJ{{^D55BVH$I}BPo!-EQUp6{0!(Nd_5Wc4l4d1B!
z@|8%~UIRnR-9;W+b}LDs?Crrsg5Tk0{@GfJ@_=v2+h&)+Z$>R^%)X;HA5b`~Is!`B
zDbQS*H9GFbk0UZK7nC*oISDAS-@auW9+vyA);!Rf<RmOR0h(vQ)}W6GSjT<rI=cWF
z(>B-iRZPX_xU0NtQt_;(TL1CcT3Act>&spJouftv#V-v#5~Zb~kx?Uyn?UaxByEZA
zIrLAH-UHMrv>3JtW;mRyzpUJHsN@!Fj1pCaHc88`_nkNUWtsK}Z$Dw)vb0>5PiZ+k
zJ84NiBAv0S85?N3Bd|dFd85%h3`TPeeas1(qU1^7Ko0qss|nP97M6p^;ldJVdxPkH
z9AJ)b+-R~wv9?WnM4s)J2?pNHPg5!v-KRNL`>{`-!q_;I({<nAG;U9nt=tN=(+W(j
zW(%Xq<ve~*sQv2Jo=mioK9HRC+^rqR#-q=M<YQaTiv(z-I_Imj44>gRHy?AqB&1nO
zs)PpSFJlhu>zOOG4RkEKx0OwtqezC4OM&Qf69%7(7t>IGDQADvzFg)D5P?fqdQxf*
z%J|rM;h3q4DHD&qK^%1d%0RQr@+RaPFZA;hJS&uXRAPOxOt6gDw7|lFG1^%Z>geAU
z9L|Q}XJwq9jlNi~-S-|Y3S&QJ$%SYn3};}`p@cm4A9|1cc*6(mP6#|WUJaks=xBjQ
z%ZWu}>Brp{4&AF3Y0p?Cf>X#}_L(zwjWmn6^g9w*&NFM=%3fqDfryn`?Js%<(IfWz
zp8KE9t-bv?`5Z{`FZ*;Rmq+X-#<;EzB?-kfOgnAX+HuKWcHDo+*U7{t0W#678hPET
zNP+y<uVv=HeD~ItotrE-i^+M#a!0Sf_RSkz;`O}LB?r`g*CigjLsfqj%FM(jyJ<ek
zvG4G1&Ey;<=6N<p318q!#yfNnJYtpd98FwBWepy*ZZA{~TY!X?t>eTeA!9GL?`y#x
zTnJ(?j1*Is6vi~4B&D5@u&A$IC{xYFdw1Z%4p;;aOw=Dx(OoaYCvj_jyJUvK<#XGj
zcc5(5MOdn`Rjw9{w@r0~x}}%|4g3Nxe-+DLMQu(8USoWJyDEroL4D0Y4j~NJ;OqRt
zhhAIPSA6)`8=gpacIoD@5mNA++`IEFDl*4jdr?%b;Bv3W!e0264H=LeqbFIJ_xdhg
zSXTgPuU9o}#W<h<e48GQpDssLK}V&>;E3-};g_{}|A5T~b*J~6M|`>)7Qf|yGy%<I
zhC=fXLWe{;{_TNa>3~t5&MYaFN0-4offX<2H~l<FX;z?q3Gn(Evj_*7WUs|dJm0oP
zg))~wNYurI;c+cBm7_vVqq4FV@ef|(oQ8v!l{_#%YCV;?Q36b#X@tP>58eR>HqxQj
zWo)SPP1x8{q;E(|9kI{Qud`4&+AnT2(g%dD8;#M^C>E^B4%%tYpN>~W#Z&__{pnIU
zodeN5GVqs)PHjgm6>`(<=OpJXh4k}BD(BlKDmHlFfkiDJ-Z{%rNm^|=xSLgcGrp#G
zugAYH+bL-H{u_^XW~d?k@3hi~>Wv(BTpB^u-(y+9qgv@4ov3EKJoZK$a9%1B^O86i
zENnDmuFsw?SyVS5Y(NzSbEVut_e+g3&e(z9lQ9l1d7P-GinnLa{N5eZ&5Jfxg&hHB
za~|&SLFDJOQ*{WsRumME0%*PDCwId~^_V4%&b!FSeO6hk;}NGN^ZPr5zGu{F_s5OS
zKLS5Sb++N^O7LRlZ1G6@o5K^Qwy_)B$6e%KPHa9z4%9Sfv5bRMHtVa5C8$+XZo)}8
z^;s!KI)y;GRpjtv!^8H(l})h^&O}n`a+_2YCzFY2P#mraTxULL-0urn#C|yU^^52r
zAnh&x_q+l|Poqv5Y=$7sU~GJfFKiB`u{2JL06iK-C8)sH`OKn(yzAwrq&&DgVTSwt
zNWHYYRM-0PYyT$P-T{cG(TY{la81240MQ}zKnSu1sjsaK)duAXh|rgY5@iPHGovEN
zH(PR_xwWrToGjzWJ?U0`5r!ZlVono~4hO#j8IJ1!i&u0B-XL7<!Ntdleioww|3Y45
zBESWX9Xj0qe%r0hjuiYq*L4cYbsr?%8=pQm3ReNWmcD%Plz*ZAa2SH3*}ya9Ewtn0
z0mknt$f@M+5)j^(l1nt9{tpuH{a++tofD!E*pngUnLUj>8z^7^z##f-uL96GK~NV6
zB2vE$=I>u{K_tju1A{@Rc;wl<aZ}O2!vF8%KsW#UYya;DUbJR2jO1?c7SfW7YdLS4
zR?>R@im8N6m^jTWu*w3U5g7_(pv}2XWLk1KHo6C-u3D`z3pCX6oB)N0BRM|P0Pwyq
zH9MU!LaSt;*D>HzMvwTf5C<^Y8@RZ*Jbd^GRIj)3o_cwGz$OHe=Rnf*CKR$=&dCkH
zHyL~uy+Hhu*IrQ(&-va9DnZkZkdN6ZWIKsFi<rb{jN%`h9|F_Y-T;6asi>{M?HmA@
zL%FS51WAJQ*ETj%hk{D7SL>xToiAG&_x`6F7%f6&m6er+YiU>}9U}`Ja5y{`x_VdE
zeY(m*F7un`j}JGQNVtTZ7CUy9x^leU0+q{UW2uPJ@^WnrX;0-#Yt><)VLOThzON}%
zU1T6*94QzIy)3Wz!bs%MK*uW=kbux=qJvteuVbRxPMs3(U=cx|pbu8#c6ppjWk-`$
zook*A3=B9ey=U;}Q`d5FseX5fNBdoq-LJaMGS4hNq5Je|b;RZ<Z``*<7qA9k@NNEu
z1pvdagC?4SSDnR<8TQNDnkf@P#`2kiY_JGEKBLvDx`$DV1~&%v-?!o*dLIPfCu@@Z
z#zX>J!6LW{eaOh0Szv_^wH5@8cOIgtPhgj9Y8_MX^eVj+g4c<H5Sx<u$%k<#qdQOn
z089F3ER;M*^0v>*tX8uTyuuc}q$fp?_6#*+pdlg0M3RFVE7Wl5R6Ybc@TDDH$l><H
z9^QEXkm}J{5Y%R6GVu81)|~};P6|)P{*B|5!v^?G$|>@KJyU0S)C1-9kFJ`+{?Y*O
zM&f?~N(Ia4=l=DiV6>`LQp{^V1LCip**OtZLn0HlpRO!osvDk`th7HjnqD)Px+zg(
zJvUNzK}ZS*NJWV}v~Vy!S}Y6={OU5*^J<f-P8PC-<^|MbD6mPw`tvi36_j8ck`OXn
z#w*$Q!^`GUIy{(>ak^wZ4;T^nwNvj!{Fkwnp}j!jf)phGH(WFbqhdSAl)t%dpl_V%
z-)!{S_9}6ZyAgw7r5t_lTc9gIbw&p&NQm$uF{9<#t^?zl@)^_o2qAzoQj}`k2~y+i
zlW^x_SRO^nKgxtON<kcg+AqgAys9q$b}&|kYwhajruw$d2F3U0>YbVVE3G=|SL~hu
zx?N-u(h4OVGKgf5?@K9&#AS@nhs5<06}_;X_5uZ;S3nA75I-ODMl?+p^4A#ky(hVr
zLqG@EsTZW-<|?D9czj=Z`qY0}O%GNm4z7XqJP%&dc3Jqq*Wmg|k~4?AEG7dO#`onH
zcezOO8Cs8W8mO=PAicZOC#g}RLKcCAB6SG#ePtM>JQY^;LFKZss#w?4DQ-ibOD#4i
zblT%Ez+53+s^q3q|1B_SBK8IvvbXij$Aj4;8M<WaA8(c$x!n?R#^{Nu!4UhEp@EOa
z^3=E>G-famc79r+K5b0^4paH#$ADC@8UX7C_6T01XE2Mo2hGg^ukk@aHL7yxq-FkP
zxy*?Dtj+zh=niCM-^N3w@yxU3=i%vQOvHtdK_Kfxld{i?53qdx1Vs=gPVFcFz{E`d
z<aG~YH8nL+LrLT~zF#<~7Y9e)8g}x&HS5Rxh7*RM8|WE3MS?5WmF?KT8X-8FxdOF6
zW-8PxUJjqaico7MJs3B|Dq%<_aTev?oH5)-Ye8#KFDSQQhe}Z;PEPW0k2FRBVd@U~
zgzDh}Jq>SI1XMj{R2th_By>y?hwEgWGIu!~vSgs)H6j-hv(!C_%Ru_TEYhGLEjl{h
zGvRwRi4l;NQNa*2OUl$*v>B<Dks9pM>W;?}{1F-4fn0$(&OJkA1mlWWDXV7vAZ6JV
zgnQLtG0?_;b8}Cpi0{0c{gvtAKJ!-qKz8GP$)V1#xj-xsMA@@Rf!LrQkxb(gT>(hI
z4>DA|j62NlKxShG04-ycFzcr$ynzIadH{)>geVX=x-oW8tJ2PZ<0bFa71n`_d2*1D
z9{i=aS~V-zFrdz2a!8=Qovwx)rkG8hErSMvxy_^mn^W@?S^(%4`nDCxe%^8j5d9nS
zMPVG8q9_`HV4qUtwpvnWjM3MD`^!{w_kx0QuD)_{!sxlOp)ktAQSaONd81|1bcnzW
zfBh4O+~bc$5XHz;*E!uO5gE7+Y%fdzpw~Kwb`st!Og8UCwCU)*y3wL3V9cmlg2h3I
z!x%G(TnURbSJ1<!=&Jr<bs6!=^alTR6VOf&Y@?U7*F?X>fa^ip%fbPjO3_&)L+;8W
z$Fh)CueQj3dKiBB2Q8im_bbtf;r;t=BG?2kB;}96@e-7bPvLL&DEjXAW5)DJBtwT>
z*~Ye0B#ADsv1c}s;p6ikbW$NJy;KN(f)q+3Vhk!rW$g3~Bzp!u^vfzX+O5zeR0KWs
zWerR%i*Tk6jaD5(+DhrzuH7Wn0xtO+TE^CMbD^`CP;TZ}$@FsktXxn~0DutVHcx<&
zAwD9rR;USkvS-eXijvJIf`a^EO6eex1xIU~c`8acOnbHAugWz8p)T~9ib2KW7Rd(C
za$Tlum2cf_Z@ZI#)7F`XgcyeY#0oVAHln@g(^%kDT?9z}eBTVkP5@7VTmvWfYohsg
zYo}+vKir~B{+?Vz$U>KRdgyhn-vj|{90)vFR2KB^?_rb)(O3=n*GVj3yiPNW3<XF}
zfPoDP0$he<%_IOtKEI$x%nGYpTcL6_g=od6$9PY^n@d$;{{0^i$LcaMgJJjJ+AYbU
z0mtgCya2E=9cT|A$p8t=W{PUURpx{J`931!6F&<KKZQez4}$(z00@pm2K=f4I)@K{
zs5C*a#2O0JqdEgYu6PnG@MYpyU(hxh1YL-FI(^DK4KNgJaCmZj*hiQUG|2q&A1LxG
zCWK`sBn}M@OSoPD`N3-C45Q%@Fpd=mffX9h{2F|c67;uQjZako)N|jMTK3{$AO~ko
zT<7$=9dGwVJSv_ZI`oKeY``g=ssoze2TxZZ0i?!Cl*y=HZ!UmEqmj;_bNG%^8|$y3
zaZ3MzLBo`)u>On&N+*QyLW8k!W@2|)txUmp{$m`NupO|66|f%WAM5dfMmAc7B7q?s
zvm1cO8_0HKGsaI>1(E)?=z_E)G}7QvAF+Cbp54;WqH3_f;ql<h3lz1qfBF_0NB#HH
zG^;GTED<4qqXuR!#9pD?26vmi14?D-{n)`r>1m`rcDhnwlF+;X@LDy2ZHfXnnBD6E
zDRlH5X3jhm#j@FF=tCKtt(PLg#*ej<htX<Oe1X^`#Kf4lp??6?l-p<`NnBX`?~o|P
ze>5LZi5@1If%}JIN5{v5b(t(%11`rdaV|xXaDouau~cmgsrKk0xUr`n`2AeLY7hW<
zr(t#PlE!kG%b^2<XN{AhDUv~#=@HnhJPTV}j}ZXnXkpS}0n(ET4Sc=&@2}m^14#M>
zJ*E(dm<SPHu?1Rjs=HAR-2W5@6de*suOg%AG5L&>O*J$|fh6LBC%C|k?<$OgOZZVg
zMGvGek&}8WY+@WlIm*t_i9w>ab2F-BY&5*49TTPcKd37D75Og5C-wOBE_a4ry@<v@
z2#qa?{{-N^=lTKq`U@KcERW^zYlf*KC?B1mp{023rO*3TvI*~pb^uC<fNZV^AiNV2
zmP0`DsR6t?5>phrNLPN8ZtvHhu}~MuMRK68vNGaF1CwJze*#G+Dz5k?z~&Y#9L@j!
zs^xB9xBN2>9vjq*NvTCil=C=|dRit7-|XAwri>mf!P(@{5K<a2eMm<!@9^@<a5_*|
z)C+ME-sBvE*8T9m|4rjM_x&2xKcOfisi5)R{l>m<$%dHR6@tp#P20Lukz18y9&+s`
z2zcE4WjTQln?rogIg_@iR2=RgeZ@SA3ZLo+-~2l)+*C*9zV7zP2Xeeg)3Tz}wcyAV
z^&m2lk_uRud_N82FvMGMUrgU;w%Ta}lrGz-tA-(uxrlAz>L6mZS*u~q<;zyQkjtvj
zWI@}+o?icx#Kf!0tDG9x=vh4f>{o`Ad=D0eGm8z1(KSHrKyEM-pRv@JgMiaoKh>Ii
zLh_1etvY^&&HS`Xo*8OHK0%;gebf{cdv!YS>si}^n>z(Fp(BI8Bx|6ShFFqXYBZmt
zN29k|77v4@oIgbI`$S%IvmqP#ZsJZWn9PY+zQ;+9T@8EFq1^og+x{?vE5HvUuCj>B
zAjYCQrVwxv8LG!@N#4w(TpWQwE4MKB2QFR>w`)!WXne3vGN1DB3>GoRnb?t$o;WN6
z@*dG8Opb|c<+%t385|2#?DWhGTjH8QK%yy2xrYr%-4g53jUQ20EH$J4EM2k&Oj=SZ
zM;YwLD5BoJ584PCml2HEicxnHvH3(FElMfMuJtq;;dcgi_iq|cxr2g}+C6gC5J>pK
z{6Nz#t_3!Z6bp1~eLcV_l2+`&JxDUI^HBQu^NOEqMeWZCk0~l{-3~UDJD}zXV^s%u
z`7A3`?Xwn0PEsLkf4$d-h1(hdazqA831t<JX70P^TB>He4j6issJ5FK*C4h*WIg-%
z9aph-7T5@L#EFKDbIxagQWbkAk4s$*Y6xz1T&B-b++tFalOwXJeBqMKOu(?QS!{SA
zv=-u$_GPw{xB!!q=T$%%whTyOy}sjc=`MvPwEFxSN4=u|sVW(99ptXwDySr#9us|3
z<6G%rokbHY{9RRp_>wzpQ6NO&HRwxGs&tnucV;RLuK@|0*$2D|B<lAbYeId>W{uR7
zqXAyREJlFY2DN*ZSp`Q&+h>A|kD0rX@-kp0X%_P7Cq|p1zXOWfx^<8ows)>q>#b0f
zUnWXVuUq`~q<T$Gjv?3huN(3`Ml(9+e){^IZ_l3$EJ`cVfQfa+Qmo+i>tV;n^qG-y
zDqHGgpmKaR+~V(Jru@Ckkc3QNp_`fdYX6)_=4?|T)8I5=p_95b%1SJ)rS^_+YX`%Y
zT$C>mG7@(tUjO|-isJ9J=gZy5IsK7*nKW{Y3M>OsFCz_z+g$A6`42%AkuCt{uYW9_
zzmj#L1^7gvpJ#H+p>wW35fO09p(&fl=9&W+%f9Q%<YmIJAMU{Np%8Y{VjI-gZbl8f
zzPpT~ELGPyC9|)>8#?kcEB%ziNbf))Sw-5?)8OQ&G8rBdsQI-nBwNjT*a6dr&6&V#
zqGI6`PQ`#{+xo*U?&_zX&9hp;dixoUqP5Y6EbN53u%K3d|7r(cN6^^eFXZ0lZ8loz
zl+QA^0wZ5T$S;e{<jO&aB82^gpx_9W<*K&e1fodD>jU^ictM;rt@vYfg-w{?ZmO;F
z1z-bEmi8Pk{qpTL)n<!J1(p)D3?CTLqK*Rx<Zr%Qv_Z`iRQZ(fKxcjkTsq3YaBdW@
z6hHP8K=D0Id@f5v%LGR(P;-8#*Hx=b(3ls&=Omm?1qBe5KA%y|3ZsM@*B(LK;k$+y
z^xQu~w7?;evkS9(l-BNhSqrdW_+b~#1cTH@nP8DA%3bf(2_Yku<NHj=B+Vap$t(rs
ziYlV6xHa!6Gy0ZEJa88a;uBZ>F=YD9uLkb`9I)7S)}g!NFe}3?ew+fya^e-hWN4$2
zzw^5{zfU<(w3TqfHcm0kmg}?JUU84`UXq0C(2(O;jZd`iX4o8$;?3c*Ur*u2!T9ek
zh0Q_T%Q(>r+_$uX?pHLG+zS&qXQ~+8wo4f*tcY#%{_l1=>3A^p6C}I10XZ@&syOh-
zRCsf;ck)0c)+~p)R*9Lp?@j=q6^Nh%0<bw0PiPnb=%dIM6)f>BJfrgDrpj2=hFPN#
zdyBIgRn-m6VWbA+PlpmfRID*Xmh~1^a_!LLWW<+TG^pm5-0MzPDavm?@u{#h+&?2O
zy#qVhN_zgO5`*nBsM~6GBJBYz&#)!_yrVC0$kTxgToe1r^bK<pPzYz`m@KnK6(Rxc
zLwHzf8rK~4y3tGoFifOY;0=gRbO$79;55fJ6n>Dxsfh8n>%&Of7eUmHRDYMso$$M4
zBS2xWVOj|gllU>+-=e7&zkhK(R~qc|02s}i{zPU7;OMF|f^zQ8>g27m$=k%)KmmGS
zV$aCB`H1^f^OF&?`;{HNcDlruKsd_0$h&ZMcJ`LPKUJ`AIYUC+b9WhB(2(p;1M)U3
zqkyz^ZC)+sUJoLGR2UE5@cygF$6xQ$lnD*$P`nFhl{K?hhg}x3`?PVf2!3>yHO3ou
z%XwK&{`S$=ob^1AB5OWcF9sZ6b0PsDq5FVfkFR5GYdhLA2(X)?prW+BC=Tu=4t`|#
zGaIq>W_c25&b{V=y#m~cTy*9EjHDTcztCv<R&HaqesBx39aQjN(n1GDPcI8B^zQ&T
z_bqpy;^g8|aK)-e$(${2y2Lwhr@<3Pqrptd0S4v|mwIqPj#42v8PaZwz91I~0h$6J
zSBu+1A+16_@r_~|u;Mnkb^#BB)$&*3*5tKMnV)pWf$G;T7$}xULPd+JVV+<+g8gE6
z#BhpcF(ABx-xg|7Lgfe~3Npe6G2nm&VYk^o+bZ)2eer{oMV3};sPfew%)d>0075b|
zgU|fix1vu<rz-4Ghuji)0t@CYKx=P`;cfMLWcD>*w=;k!^8t#BtmK#LPm`+mUUJ0Z
zpflki<&eQN5e<i<BFIf4pmfMw3NzSVtiA)iPq97b=~1f5q$z%~$^5-(+h2l{Oa$m_
z%~bQhL6H2J5PUzfs~kGU&YaMD5H|}!WByi3^9?Xwt;^4j_CIp+XwRNVSA4b-YmkiA
zeffup64He<1EGTMLLnL_&s7|2nOAgn%|Mre|4tPKAb=19z-z$%qy*c~{;~HHp9goY
z<LV0i^I3j$U}I!9lNY!k<3SEt55GoZJ^nna9A8z<BP9AQh5`7T`%utPq4_$47Y~97
z9+wO%bp~-XQPS&zcSyO=A!MAa(ICBO1K_;Ky?CINV424#JJE?BU2+F15m-}HXXh^X
z#w^BcDI(ZT_)Tez%GPp6zIuTm^jUth_c@iD?l@os$+huo#4y=f!sH%gLSD66AJe}S
zo^hhK<S=jVvDfn16(?*+;VmTPb3g%NPRy^A!u-d+wtc(ed8+O)34+jzDeu7m;q*JP
z$Yq}xKIiCHC+L1Wn7`=9bp&4SC**LrjL`!y1Viql<~&t6lYaYuKI}u{`FPWz?{T1f
z@`%mZeCZF*$J{@Nn&+0__pa5I6xM@ER#{y7mwkVKg#g4-n99|o1Me5N_{l`7_JDFb
zdI?wEaf3er3-mH!+3{!X)#BkW^nUrefR>$%XIf#L9sT<R%_*dhgv6j_-r^mh@;?T>
z8Z!R7Glyq_-j9kfx+jGGj&GRicVDhGIbTTwgrA{!rUa?FmcKv520X+uscWwsn(fhC
zk35<}x+=7q{O>-=!wkO4^zQbLwLT<!m#!2*FV_9H8wb=CgI%k<y`+pd_x6+iKCS}(
z1hB2Xc0au>LAaAr7|+-UAPitquOs$cOXkE5i(ao+6+Lfxw+v`U2mP9`Xj+?#=_85d
zTbAkdye%;gh!yUR{Gl60f0kP=ROQ1l;|lObGOtpqxFzE@7`#6Id8QNT(ZMagn|1D~
zQmeq@2svN+GX<I{fM@i>*Zb_bQF_Zls~d!ybrf0sf`<6d`b@|h>RP>awjT?i?#5Qz
zxvbi_0CmYE8}eryP2J(~;OD-8xR&$uQ5Y=Eei_O8+oGWqPi*GMS^M}kw#_uS)B%_1
z9s$FjzN#L0d(W+=6n4v}L&RpovKiGt6-*Yei3Er~gRw=W0rykkrC86ZtqWk6!m?Qb
zRzO+wY~z}t3m>bja5ivK0WhVor5`(<KYf(5Y~s`bP(4T*5(&zGVIlp<^5)gx^KV@q
zr^6bP;FcM=!h21QWQphOH~S4+HqELZ2==r-l$~eU-Z=zJwS=kdJP1hu6X-o7sQ-fc
z*!j*`BMrY|BbWWjYu$ILt;e3tSX}y-ZfpUTgaU#Z?AwbjFk(Q@TCO#;JC)m69jO=z
z*-}uCVBV0eKPA7J|Mm}i$x#{{tkOErv*VOOk>&)-)6YLNVE6G;0ENjqpit_6zjb@-
z-KU*Wj<ve!^50+4C<1pxm#RE==gR?9%T{m{{O)KQ)%Lm2Fa1bs3wb~H4@{55mn2gc
zkbI-d!d2gs`RfY6Ny2!&#)T(DXS@|$HL^^)O^!Q?Y*&3RO1wyTVJ2)_RHT`f5<u(L
z(av$LsVOds;-Iq+e;!rU$8-w3q9}!GvcfC-vsUddgxvmGtKi=4{Vn0_K$&1`Ym^C#
z87<BZmMkeiE@-x)`7K7CPiDa-JjmS_`m2nV%ZtU}9>mbJhwrdzWAh@f=H3=<zSaWh
zF>-mhDWdM+ro=HM^~|-e8>byyYvubYx6^>K;En2NVq4T#NU^R0_x?gzj`;KAR0n;o
z6j59az_E*OZO)KvD9QbtE;sAOSn9W*F7DO?ZdL&YrglryT|BUP(AR>yvVmfU*}Y`x
z5%o*K769^!&jqL$pqNIZ29OtOpuT9q$k5D=Q>!D)Xh10<QJV#GdYteH$|XO|W1Kr~
z>mr!`?3@8B6qqjea6}Ps{Ft12(X2)#TK37by}Q3eZ2+S%`WfZ<!J<)nwMo0)B|5^J
z3GzHF<Jrg=PCoM6RS=whJ$6^nuo4B$-xZS$Fb|WY^R;jav(F)%UbCscnm9!aJuP!#
zc4E9?S;e2cobMcUPy|croPEh@>^R7O{Di_R=FL}>XiA5XJil@0)|#p6D36E^EwO2K
zYWawgd=nruROld#>-Sk)b(lE=Q!BoUn-RexXxxnYH9zU$qS~0%-YeT;lfckqxQmG|
zh=wSdI7!NJOSTg*YaF%mO$>*~%>NwdwnbGqmO{pRS>B1hpn0Q}=1<4NG0H2YY<rDd
z65F~N*9^^4JGztj5$B#Ma9&R}rpr`eD<cBLPe16wR%mH~5byg;<vE-{MK&Dl|JZt%
zj;Hrqt<@@*!vP&nnqa*&Y^pRepaMUI*I2$??A_taPB1x|v-Lv@uwF6CWxB|5dL%t}
zmYT?VGu_Q;p^0=AKi^~l4Px{KpO6H86GxM_1#qOdUXcM%6EZ<#ALCwI6p!MonIS(;
zS3(^UcS4<b6X?AgI;8}MPv<>=*Sh75zOZR?cQG^i3FlB(*5^zfvqqkgr_~P{yJNo#
z8q1@GWA4oB;mxAg$^T4O4+1dGzPOd5bUX)ixgUftv(-cf2R?;Uv=u~}dChOkMFjCH
zz=5*I<pc+bw~D)`2|Cca^Xiwy)(18`AGP@zDC4cX*P5%pd(v^)lf}u_Z``KuIW>08
zTxkyw<s1QwbtS#W)Jy%B*2cNNNB0fi?@<rNLG%AG|8A?%Vrj~Xk1Bfv3gTaVL@(1P
zXWPGHOs+q(kXueClFEyV!Ws4-5DPi0k*E(=>L1IPNa1NPXTJ<croZPKP^DSbU<Pt(
z<8gO-9^n3GW`Ozu3B2KLY$++x-}M;)+qgloUG0^aqV)puzy1jmKBdBAtZdY{Gdy@-
z+B;K@M2Rf+-#*C-<r}Lw^cC|}{W8^uTjw9v@b=3S#tB0OS}!yo&}6wku6yIgD&2P3
zTp)ataO(2oPcwG!6N3NuTiG_STYSIvE_YJC)Mm*$zp<a>t<%%PaaV%S<ip&XZZ6Ny
zVY6tS3O^Um2xeDNlOL}__#d|1?@g`@-ER(WFK*&4V>=Qmo{NL-&))7$jDoNO){^gL
zy~m7(`1a@GM+UsPIQ!&nIL>_NMdtZ~mMpbzXhGi7Cm{!YpKZUI=7{$56+!*`k0@4z
z)Kx(sx)35YmFf@JuLQyNx0qSK&$7G(`?y}a(@1~64&3AhTOq-7zy9>?5zJaS3TQ%)
z8LWE*{9p@#%%Yxd_Ow)fF`TN7Xj}02A4HVOk!*022I}_SJk#9WEu<H;qCCAHXa#%=
z-K`%OiuzznjJY(Z%(X$LU&-{cTT=dfp*^tCOJallk26z-CK57A-h7-9NJGKH7EgZ9
z=7YPXHvZH=&F%PH9O0S>c=eNPb-0f1kG1by22L+0egH9CIgCU*h2`k$Q${Q>CRg0P
zuJC}dObZNAM*N0c6|Ad8aWI2;zKIwjzuyN~)l<~j{QYf^FiT3^oN+BwEg8B&04=hE
z*1d7Ft=1@Y4}XobpG4YT?yK55;OZ<;YNQeEefTke{wz#-?iW8fpK<*2Z>ww+TQRnI
z*&+vSkA98#*hWWV5IvpR?F`9|r2?#?KPx_W4t*w|G>=#jYxmd(I25!HF#I$dhM!R}
z+{zU#xyh%VtswY|<GwT_C~Vz@WXM+xa|I5)h4Gn8szZ{j-u!j@No&HVmfBxko(KP2
zPND|)o#n6<4nDy5BMQzX#{@iR8NeajjKVL1%%()YL)6{uV^L1ZD!>=!W+$+(J<W?&
zC2kq8gshkaq%J9A-89xI{J52%-^OEnOjq%6?!MPI4_NxNbve14XdEdqykQpr>S!+>
z3rL>IWFpaVpac~`R{Q{vBN>v*BpjHv3XR7l<`21x4)D>ptR0OkvfH(=B1k7X6n~W-
z?sT@)xgb8HTl!i0x|$uf=7KYGKgkAl{;}c?46Q4S)$1K3AJDEibV0EDy}SjXk*dzr
zQ#}#Vyp$D9+ITmxMlg@@R+uY67$=v*Zf%5{7<7~NBa$}31ht<Jt4-z?17wityF^)z
zj(<pG7Z18Jfjr+nWUVvPG6dY_(Zi>HK~x@{?PzLZHAz>kGrj^?qK!IbkuI>!n&fP6
zoOxRmq2By<(n$e6g(YmCMP9f%5G`lERW5-dlm3V5_BYD#J3;*#SF6gmzI~XWJIJC_
z;a56w0+t}XY^t%}bm!1%LRY!;J`3-yZLlU5GJ(70;e>fOtlgu!mpqA#NhyAxsp88}
zY7sqgWU2Bnmfh;T4MvqER*(G#dVgMJDf;{r3fM<zM&m*Vn2L}J*vabrVQ{L#`=40l
zh7&H{s1i%ksZaBXAHPZG;*?#P9*nuH`MCOW@NbeD>f#_Vfm57-XtAi=Tt2D)$w-Nb
zbO@wRQ3N5Ix<GYh=JKWrR{RAS_=0WuH~gC$o=z7hJnPe^<1HqqRp%#Weiy>TZvz<6
zXJo>e7f$$s2lu;)D-;!u!!M#vkBtn<VTp$SVa3>z(e4%d2K64Rr1P|k<l^Mv_Soea
z{~>n%Zi)|jT>?#z{FM-enEA)?J_qc1$i)uDgf|eQd{!zg{|PI96AmwCArsOykffjA
ziUgF*|M#zj4KqGf<8QHF6WM1}b|gXzr7Io@N&Eyt{Tm*d3Ax#?AkQ{#%8-*?eeY`|
zd*_1t>?jA)Etf8isUhUj<t?#C)4x6-K?efmBrb8RT{AkdJ>**e5n~Nfn<e^}7PVxM
z^_~`Wu;$3_-PeiFdF20V9fHj4m1FJ}&zS4NAvG0E_YV)nw6i^C&t_yLghEZ_`4?hE
zKM-BV0lOE02I*gf>sBZyhWXF)<6cAft9Mfuva4=?#v0xHMmeS?(S``+TS(f{*BA-U
zWawx7%fI|<jyB+Z7n;HOll&P&j>JF{P1*O5Ykkj?_3OpeT{uiqG*zxi+#`JX(xy)@
zI|ErykicV;xC1TdJ-xo=58RpzBOu$;&TaGFxbT%!z_VgJ{QvG(<)vSHEe9OvN3(=R
zmJ`gBU3YF$rpuzrXiZT%><Gy9BKWoTL$zWbyi?Qj{>Ub;MS4#%G(c8MiKHNh?<;!C
z*h2o{w*Kk0?BJxY*Nu;po@-i$xj2Ab?8=2b@3qFR-o8<&$kPCBP?&STHZ1|Q|5GiJ
zXx|&xe1JB&Vk>-#E0aw0FxdGdcoz`*|Gj90P0>eaL;0`Q+Q9G)1*&}C{hlC3qJ<m2
z6?|g2Y7*~5sAKsY6Sp|mfzz6m-a>)TxD-Az@K)R;i^ea@`=1F6k>rnt0bMnPg=SBq
zrwQcN0pYmJ>9%hePrsguaeFWL@Zsfv;=`jN)xgsr(%$$<Xx$1hV^#G3J;=~O#qwRS
z2-UJw3bm7YwSL(5F~j@D20t+wamkvM9B?`BQt>Q~HXELTpl*kqQ2i4yfgDiVz_OmT
zV&)w5^aRk^;OMJFJr*uv`33)X1J9a%+H_`>J`%n(f=QlW|8V3R*~X3Ph3448hbB`l
z!2fK>=AlE~Se&K!G;q|20b@{=4(z->o<Lc>gW<1~5?OOzdIwg=uY0vExoyaQZ&i?f
zq;xcTm1MXgle$1J^|@-EJ%z}G?0}KrCEo<^gMaOqoUE_E2TBCqYoxhHdz6wC^o(Nu
z*UKnCn}LYNS^2g3Jz159c<c)06(@eXDz}qe`$iv?VmNNTm*vemS1h-A@laVgnz8`<
zAEvRi8A`kh>ul-NV_GN?a=ODb-}y8}kRzh$=Q=or_}URzdM@4gnwV4<I~fV+DcRPH
z=ijlmDoWY;1F&9#uf_{NmqDr?O;TOHAnPhG1G3_MT6V9u=I`SkiT}8A@>;tVWY^Ke
z8WDiZy&_3+==ag9aZ`tK^!#i{`H{GIw_-Wn!L}B^631_<Du9*chhwL9pWAQM+jaFO
zpCu(VTThHa-)Dfpk^jyB5GF#ic4z==CnPhpX0s?3eW?Q=#>z+O5iiLjbq8Ho_x`(8
z@J6>qci_G9*}mn_9NK&Hae8=KOn5of(IVhH&x@%mHJfY$p@4(U+ip^PTHRxn;4aoo
z*vFx>JC@&XxXb(1`W<~<uKgvJA`yEy(?2~Pb`op&RLk}^M>q!1InW$oo$JJljj^iX
z!AxxlF-scMHbkorro|UxNk@<tmE0h*qP%{X2_XkmAI9gvmTdMYM`d1~StRe($f>IO
zQqRHJ*rf!Idp4*#k{pV+Gw*I-<*G!eQ3S1^UmPO*)}KA+y_ynEP!cB}##Wzb+4EAK
z=3fTurK}*mN*?r+SYShy@AWkfGujtA0w;+0xHUmzorVddjYYg+`n|}HYy_jw#3Vyn
zii3XqIE;UfU<;DdWEk$gwfpQlq+QoV(H!|{odvs(Xau?PT6^1=UkUf_Z`LsIu@5z8
zkbC~D<&bs`ADg@9wL{{@%7Ch(Rs-9>C%*QtZYfanAmX0DDN-i|Y0h`kstrr7_Gnqr
z;$iJk@dT-XP`i2h9VL!sJQdJI$77rKc1>C)AKx}mdDZOLX)kA%ViA4t?^e5!8k{9d
zVR!XolB<ig9;BdEs{SqpVB4gUC2)@Q9L3WAYhVHki=yCGfdfHX#Q-!p81SCaBN#$L
ztv}?q@c-|B!^6wdIG}(NXT{u!j2kr=L27&e>7bR&r$9DGeYsU&p+eX_K|Ey-@fv_*
zWIt+~R~5nG!s9g49!gOKU1cgCma_l*JF7rYL|$J6cyZ+iwP1163L5`>ru<+L_}b3O
z;@B~tFJ$0KWiJ+c!J69(r@tz+_3XPU-whP-A+%y*!RuKyNOjdD0F{<MKTqrLk+gU=
z3Zxb|A|ECojxW;&3z!byOiywq?bWodowPrZkvC%NXRpr4B?VI<uct2$<Ryet+OH&}
z*|JGy{%&?zZ~?sZm?fPv6>YAIAw>Adkz7^H)4k>^K<<E<`C5yf{oF76grbk$a@N3_
zyWol-fKs$-y)q8Y+(-2AA!PgFl$LyeM(^_@h8}-Nc&CtCja=K-20Cosw3Nsh19w?O
zjN4Q`**)svi5*8U1LOAswTGs&uiFf%M8MV2tL3}??M{3>76*>2;mW#`8g$}u*+gC_
zP?TX@CYGv7%|%$D3IjnXL+qwN4!n^LO(UCp3<VD&JPXfEI~+G%H@@hjUhIfm9t17f
zenIC3#78Kd8W8d-<hhs(t=Iqxo?Ms8mdECUZwqr)a+Z$wT-x+Fy+uJ2?d<XjAXE|s
zbXBBmJWw2E1IP7+ZG~SKuKcwAKdgOaSd~rJ_TIF#2nYz$NOy<QT>{cA4Fb|3u%!`1
zLMiDk>5xX0?(R_OmX!Wx<NZAM{k-pUe8>0W`{jZAy5^c$vu4d&Gi#k^`Cuaoa~ea{
z6EQ1GDi-OYTJP$atE;qwhmOwxI)yU#66ez06#%;m76^9ubFF953n-Bi79w&CLooG6
zpr(93^Z+DL1%dfq!AVQ|!LPXjr|20Wh}8Gn-!z9mXx0bg_!O&d&|VIz7vZgy&Pg8x
zfWmb^GI#+$#k;w_Klu@;T$CXquhd|AqHa1S7Ium*U^m2mT<-XLM@taRWIu7zeOBNa
zy-wH@3_rkz>}j|bj-S04DjYBna{+*p_J8?x(j5&YV=j#9RhP}5AP2&{z7%S4RAf>(
z@2Mr{*pic{97ow+7WL!`z*x1JbcC0Pg938yys>kMKZWZQOLvbe<8Yc1m6hf2I>)~N
zd_VTjo@-D0zoh%X2%dGVFwkgh;b8G2T(1|{k}dWGUxV-g@lo)syc#1h?-BqpP0yJH
zSEeUA!-v|FzX}M;X2p&)vdOA!MQ3)?;i#?N%p~d&fD_U2>%1+`J=e^BsmC3rs=d!A
z1ch|itpIqT0`{`vI!K@+mNadh665!cQeUSRKko?Pl_Lp>#h38xCnXgO(wTCdfs>K}
zj<apSDR)5qp2ToWZ4@cN@-9o+@-4CiNtU5Oor)6$sPQ(@^|NZdTb5NR<oyuy6ut|B
zDtq9}9folGnmAb<Q{=%u7q~r+A|#g*FTs^xL{1d!29&H--4d&S>mpxLupi_YjlP0O
zgXC>~Ry_KMDrTaQ1f)COP?+*<M+5nc1s<wG?j*-qKgQcEmHn9?#f>c>a2Q+3&63`N
z8_BKom4V|9HbJ)rlN8ArPD{n8K#qhd;Qpha#Gvbi9Ci@r5tcnVx{rP#ffyMPZvSd~
z@#cqDXU9ms-|6qFQo~bO!1GaQn(d<Yq7|Klt$!?VzU3Rm41=6(Wf1ROr4Me{F5=q7
zRT)+_-|Tm+a}u2eIoK`8B*pu+QQF(ueQ0HD0?KHDZY%#W<wY`K7V<v;imO`{D2cx$
zKn){(#IF21&0SnzMO<8Ebw7N76)!<GO<?E%7n_Sr5`nHTs|rORf^w};F5}KsP}?;)
ze+x_1cu*FLXr0SN7%*bIL2J%H(E`$?rANb%vR{yU;fxSS_inj7HeQ$+e!X-gD1T27
zE%{_v?65ilRGORPHls!aI`@jc(qhe#jr96t@rLHD@~0`5NK{gT7`91+?UFKC)TXn6
zXXeZNR?Tq?jEO@4fRu7rT?mCaMXS#6k-!1d6<%ILaZA*Z`>>>Z)*S&9yV}&GA+fqK
zJEN?L@*4CNZ}=jS#ncu`!5x?axPa+dNB4O#{o3zl8t4({)IQ{v@uO_$Wg7X?c=mg|
zQZRc5SzX}XIY!VG0KLK!A?7u1;Hbu+emkLB&juhKEB4mHmIo5K?)3E1%5)Kj*G$!Q
z=f#LA=AX%~`xxo{DZv->K&)}lmTgWR5nGRG!_LXpW*B;ag<Cw+EQm$<Hmj>Zbrhsh
zk5!5Y8KLf6knrChyJ)US{#&HQBxQ4kQnNICR(f$h#pY3Aq;-wVSkoY7h72Rjs4!2Q
z2uTnv!$)!e<Vbiv&{UcYu(B~{9T5fj==e&!GfDzDWeS7@Sf4T59+YL5-&=|3Z$_eO
z(z~F+T-TN@X_!i!Iwq=8X+Ju%A%3<V6NWwGrzV4dN)$;iP{X5+Cl>hE%pQ@H@#j-N
zIt1)1je{BKJXPV8ET`Y?C`Wg{wDL4negwtwRtMX*lTqq@iP5>k2d26^;$jQua3Bp7
zu}J!DdGEaNMxn9mcTqj8!Cu=UOybZBN})9hjSMGC-93aUYXf7&71Fn!TWmD9MwO1n
zYs9vdhv}cD6imT0K4VN@c+Snjccyyuj|$}fw%<L&ew#<t4=!*Mn6OiP8t#It*!6-p
zQ0kaxL>eiz%ZGqrRW-Oj=N-_rR_Y$3DM^s--3W+RgdTEObu##xKcAog{wl^Z4r4!X
z2nhMRX}9B48>>B6s$qDOp#_alAz8b$8;e2ztFJyrum5h*f@|fo?FCFS$LCIc2S|a{
z&aa1(6a8+>W}ebN4+UZn&b&0|9j$xiMx|mmL3jHxzNN;pIym+QribKNuN|ElNIeJ(
zBH>s9u$cA(O^sU15yz8Dbw(RF`OoxldMDSZ?t^Eko@6@8PRVGr;#i03#`#1@IdS@A
zAGY1iVXKVLtoR^H38F4Sn{TkEYar9}nZR?hd4NySv$X{1KF>=GmQn4XAzE4QrFlQY
zS6$~_Wb$$9o(mKl8T!%<I3<vgg#R*@Ca4>AG5j&NFzFg}zmOJWR>(1rMS>*D$Kr@u
z`N9VQL~!~cfQ$eTMPwHz$w6irysc+3cQYGfsX;b~U@4%7Wzu*?l%Wi8a1y?Wvpis*
zd3?lZ7Ab1@6SbH7Yu)LVJcl(E0Cgt*wk#V;qdvNCU7*jE1&+@!K{7hOGVh-7n|o}D
z1&w4RGX9w8YKnL<)af-K3+LnohMDrmYB4-PHvFMdBbod;swn@zI@oK#ExU+~WhvFH
zFI?r&n^8W>ZFc%Js#IhN<YRAWk*bP5F$zF;b)soxO9Hhqj>O+yN&+10(Ew1Qrn6!`
zaAE?Pw&pSJdR)(*vD&M}O#2q8k+j`ySEM9Fr>c!P6bC+U)z4ek-@VD!f=<6kdmk++
ziWn!RwC-a{R9VxNpb3Y3&_{Vm`t(G^xVtLlS<kZ4Y<nYW25B0<T@_!1B8PFJs>%fw
z{y&APN`t~YiL!Gb3vg?x$*9k&k|W;$-~rCipP?hYZHyeUWX$ht!Ua$%BM1d#(_xRN
zf~rK=FgNAQG{jTB0V^1WOj3qzlemP!Y_uw)k`Dlpm%Bbl>=20&Mby+~L*vCjYFFpG
z$QX=Cr&(>TXgAEMGc*eiFf$TUbQPaIeagsyhJkDskl>;SD560*kgKaJV3&<W_*2S-
zeh@tkM}z3^?<Y!TH$m`~i6mu6q)`}xxvKWIvh5s1LT6)Tu~oIC<0sE9*cyp>rUWSA
zrj~}N>{@GzHJG*ZP?bO$KpIyV5DN&hy{|2LE1w_x8#f0e^PyXUlw2tU6u=GeHjq#h
z;dux~^tPH1iXC-g5GGL!s!ooP?S0#%+32DrJGrXV6N-@mbuDEFI#B%#5EJhL(uM(4
z?iHr1!N%qX0OdO`zC<X2i9h)#3(66(KX3+So>O`o0-D>Ytjw5#6nqL+M0-0sKvyj;
zjz!dD$WV|a8(eS~F;b;$4QPl!VmZJeLSYchY(&wAf-0h*&|cWMy-Dl(9{Q7;v%zRC
z&jYh2LZu3TyO~{9bzY`u4!}SHT*#h|q?KfwF-41Ol%QfReE~?*+t5h_?j`p6OzRY9
zh0h285JT(@=H~+$d^6sA45IoVSvEZIMQfJyTk-nJ%6rdgL(B+B95+F0f1KDb{PasY
zCo3zf-xW><2HxI6C@aH-cka=(n)BRig{?4HEx!X9pPZHh$qYfigy8VaG&)p?;GA<(
zIFgWyvi?xzk(jat0eluD$)2iaM$&h|?aPUz95c-*?4HyJ?_F>_%Dz5=d`cJ=lwGHQ
zAU8wT)&?Sa>;P5+M~7%_*`x-VsO%S1%)m3=`Ty`>iuumj+Ry#@i6M56C0IArN({HV
z9EIGhq&5+W<BZ8rPWZ@495*o!)o+g3tcvItRsh{NrY5Y6U3lrXPw#7Lannp(mZmM;
zd3b_`SI^JcbzK)cM>dh~qLVKR74=HhWDrxF$-;+0A=?j;dxTl<@}<d@unB3t#Ww!G
zd=O)o1rI~cIUXsdN+}Td>Um@+2K7q|ROM0sqi6qrAN2CvYr|Lx_18>sPwl4d4pyQG
zL$*c(nIke_QV0RQs^Md!O6f@YP&Rg13_B`0W?2bil+X|WWl|9q#jZ1sf&q>nc$_4~
zED~r^RT~Nchx9HcoH?m)I7>!h095hOq5@0}P<7eUjTtGD1=yshP^-K1)j)#T13vp?
z;@0!YaX<$nUtd>Omysbh612X(&8!RHMB2?qKS+A2LwS*|0XRtVr$AaDl%z%94TUhl
zOxdSxBxN-Njur4keB;&_SX#F>_YWc={q>`b$VhBrCQK}>w?rImnD`y3(W*62L<6E<
z$8lWowl3X1vZYYeM@!1TLa<&xnJulC=N$&LP5oxi9>A4reETC8s!;i1NkbpIoNzQT
zJn;<9Q=$4mLWor}#AwG{(D*$C>*w2=`s=DChgLvu(?$aaLlMiSH9587xo4~^BIWU`
z{eHDXv3WAONj-oe0ca!i1t`TL);bpaam85%9v-IQ@KVs_Vx3Ae_C0-zzJ%9`#lBiv
z_wl^GKzf-4o_9vJQ*6rUu7=VMk4tiNyYwJljAc|;6J!CD73v_c(!#{N5z(g@PBa#p
zex`&|?V5sF$ryYbtK?!gN*DX=MHvV@tG=cy+|M|PJI}0Yi?Ke1nTXqb^(+_CI~iA2
zG<BEepvM20`W)arcZrR%WsTt&Gje)9f1WiZ5GTplxm-hL`o-8)HXY(?{;MjYRy+Zh
zbKJ;8_V<UR=%@l0o}D({uJ=6tZ@Y~%>SUkQ2Ri8n91~D~3&ZZ9qMStv6GvfA^dh8E
zh(zisGBPD*r&q|N-GO7I%nL2l(f?qzfGty7e?)_8j}TZIcWoRB*fOOE(;)kpm<Su2
z$b7~-5{SpLP_B^)BV5FqN2r|CJW>&DZLLvbG02~ka;1o;?yQD#1~F>5i;<AY7!WZZ
zzGqNh?t=tzur-wZ(9m;Xt#5Y`>N-at%CIM9(CmWI%BV0``FaasT%7K89>8gY(5J%V
z-EUzC-otH<j`#Ih%hgDHpC|$dtNkU?$c$QceuBF5HBh6zeOA=Wb2wRZy|(yjvRjM;
zEmkxaJ%&h}CwkM&s$!h$+aL`~C|BZZ=knR}d`xXTN9-|*n!?8!ve0tEa_%(r7q;)Y
zC!Uhd+giApv=`K@>$^yS8Y_OGmw!4z;z-lFgDrefOe_n4<0OAw@11<*XKUJ+E;YFN
z?bompv^RJ7QHb0&?P_Eo>U;x(EFZNxV*ua=V}<wvrbUam>>q(PR4<Gq5kKAc1$d12
zO0m2EvcLYm#+aQkjqU@^7lW*3tq|H{-4ZVd;p%2lX@_a60(%A*i|A{hh~ZhGi|cq^
zOjVzrj#dO}Tci}|>(yY)u9JMyuTw+uS@kcE0mV2|{1y97)am)qEM)@=<^Vw^w^(<m
zOJSoo087WexqhSdY`b&_Ry2S(Sp2(GOBmh#GS8A%po6$}sV9DZ2BD?1+$Jvgn@T?2
z$ca=nv=oZy<J)<`N8^bgD-5v@<lcO#IFlNkuJj}-<l}ad$pe5FjCXQu`Gpmt`mvtG
zkrCcGZJGkHcu(LCxIs~;gjfAz&T-=g^|LK-zrnsF3pi(6*j<7omh8sIfwUMW3*LLy
z(D{EY5j9(sxw=!dh(mxUbKll)1+b`XK6oM2$D9RF)>-TUeVW$%nZrOyX{PUfSHtmW
zYVJKP7>Ny)9BlzIqO_m+Z>oj)aH?N3F)qCUOeWp?7ifBNB#tYdM?vmPe)~xGBg+9R
zl7)^OCfxfon}Y2nT}fx2Gu8GR2HBrpw9GohmFioy60B;qOmA=ZAZ-SxG4q5gn1Zr<
zQ_5JB%egizN1?nR`N-y%>iIJD@FxLZnvgg9>vI75()S~V2oz#zccntvJiI@S^3tmE
z&0PfR%#CC~wTOuJS8A_jrUSx82K|m3ZWbeuEnfcBk3pFFu+bS%7>kz*V46%EB@ISC
zZ*K85IUV-}!I5f)el@}IWv<AzjPLaS>nqt%zl+ZBWH(0Z`sI$Zzh3<YlRD;FNaFu=
zM((>Wzj6aJ+loWgYIA?Iu+L<`-o?xs1|`|o*=;)d0CJg209rT5jZ!3Jh*u<GC&>!W
zYjHeO(c<sd#5;QXF}3vO`lCsb0*PZ#Io8yK(frYQJKr@^$2FjbTRa+cxPg<%HAl)H
z;MBG>?-G05004=Y>k=*au-;Edwx!v~?EeJ($n3Vt@-#&#%;&uu7#tp7RTf-ytI#o;
za(eAAcn0pUHoNAqe*7b&1aXw)TjZNEnT7p1z&b@sciHpo-Ivsx-8e%2{1#QrHX2;I
z&S8Hq)sN~e@8I&L{}dKT8T1t73O8|BsuPL0`PdS{sdGEceFEFSacF;1EM9jFw1~BN
zr`Bp<h%OWHO$Y1lR>*pVzGr9ANX+%Pdpth|HD|aUzz{-@Jq?vlhd0}$agP|U3CRZ}
z6~{{T<Va&qF}X-rSNhA*>2sl8;T)-(3{GB+K5$g^6KINi(y+-frmhy>&TPK{lF>1-
z5^iIQVyKqEU$gRqKa*tFaBDd*UPm7f5grk6FWGeed0cUrdUL(}o}TZGr*~)G5QxBB
zJKi+^`a1qd#fNeO&@P}x9tkBHT32faKQh{K>F}aeQ1}5?NRU*l0n*(aov5P!5+4Q1
zt7DZ3p~T1ouNO}d<7{sJ;QVYq^)x4p{|12vRiB92XE?b%M|55%mlsBgbo!1p8jR$t
zvl7iDdIllTZ<`US*_-r&rcHX-mjI_;6gX~80GQyzQrEjJb_+9Sb+KUwP6-7}w$%U)
zDEi=<#84COHpbxrz)*tsJevUC%ky1u*n#d;jT@80f(X>-j%jP|dg3UXtGdUhQ=3YX
zvXlbWqL3(q9dOI2)+duo50nxflCbN3Wofw~-C5c@C5xYMoM`b4MZr%5w0>VGMwD}F
z3Zv?s01zK{`t^N+7m4jGWT0t=Qg9?p>Hr1FRE<aXD~hBnhSzF><3D`64I!~e${5_w
zj~?u#QFOYg?|hz0F?gZ4qo}w`Go;^Br5o1b6t0R5=3SiwQCj5YD(}IuRTaP)8eneZ
z{A<-`0K}qM#JCAuwR<d}swYL&t0^Wxr*>_ZX-{yd2;BADj_{Q%|0|DCB@2ETT*QgI
z^cA#U;O3%G6%z8+r^}jdq^mRi;d5OUo2_d*QBEK3#$q@u3k@LvA|);x%UVfun5Vw7
zMw=&L4$k(WQP4xF=*>r8Z^B>`uCZ2s3UV~2T9lO?yT6OwPP-Th30D+v+45FL#M!I<
z>7pKB>(hi!8P*$7FeRkQ7x#oBtAK<V&b+R0tuHFLHlG%;(o}xVp>BvMge_bh#N)7N
zt8yS>|E>ZE=RX5()xw{f8<2UA(!ZdWx>)V|Lh`J*4)eOz*|7WMQJ6S(_6sa5IM!P+
z`opJ`a7_{gC1iVhrIqY;FFD~goIM<Xog(oV?nmYo6=9f1RRZvg?q6|o_}XQ__v6A%
zILIxe*)$}^J!eAI(`B5{H{B8tpp~n6BKH_9h6xx553NxSIR4PeaN!~wA`+6@*xSd^
z-i>d6HJ;gMuGaI%#p{QJ-TO7qviKY2f{Es_hh%gp77+@A{p7^N#Ly7?+^;?WLg?QI
zAm%8s6aZ~nyD=y$P*+#?@wo!Dr8FYXJ23H8KTfy!wYXUF<V8Wlf6C{=VmLpj5D(4F
zyy*jspj}kmc>bWcQw};7V94Xt5lI#<#>_Hua?s0})rddp%R3Sy%2Aw7)3{|-It&Mw
zvzaK?krmonn3@W$f{A$-!g=kS0q-1V0zhUG2Eb5N`=L}IGsIp{r1M96IIRq+xbF^N
z3W*}2bc#~t8m)>zHsq>&i#pY$SD-&E_o`=!S<H^0Rg5El?OuX@ZX4-Ky4Og8>1uh!
zJb3ke71CuQW~OeY-u00BAD)v>C(#5rWs;GWCL4C$aHdk_2M8SLC^6Fh@#zeb^~U)0
zoYLGBWgg?-oxuP4_NkrHnBd2YR^_i>zddQqlnT#o#01%hS+FA#f@Os?y%En|$XaHJ
z2wE+n#JE6PDlKX{@8t||ctszLk>aZ(o|I&bIXKX_>$sOfh15Ocdlq77Xy7B&SPiX6
z>tIuX?*IuMO~T-k{S|^T#q}Cd*^XOl&6~!W*IwD)d93R^#xK1-0@M&!`Ka26C^OKa
z5J)2gR<jCZ+^0-FN4~X_cOS6p`gK3O7)HWWEQRzw)0|~&tjXB*57bl}gOQyg1K4z<
z_a`7#0SoWFO>08wZ(2MlETVN%trGo2_xT489#rc&sN}?_`>cw$sVA<g-H__n0OS5m
zee-URT=Eg1b#!c{_;iCk$+>Uf`7DlvUHVSWb$7p_v}r5%?h2**D}v=NHW*GAR$sEf
zy+l(09eS_W{BZTVR@T`Ac0AzUNSuY;dqgE84KhgIYkiAqG`9n!LjiDihc)9f3H>bW
zdrAV~GqT68_(P!zo@3PUJxyEKQPg>8CvH(PwMVHOSp0O1cC9B{<?=B)`Y|5hRQ)Jw
zi0^~_`FehY_zPvgVXzH-6r~EvICfOkoUL2L)kYnf+;NZLtk<tDf(Fk!m^k3)RNacN
z@zGehh~<QHNZ5-t4BfrP&Xd}*O0SzmPLGX<$B?l23BY;#9Z9+VocSpe-ODz62ftTL
zc;|+q<cPs=JWO+a^)DLdOm_tGkIIHYf-|5lp`*dg;f=StH>_0tWP}}n1G{L#X)w8s
z5x~{}KKdOu27}QiUpAeWA>9E(rj5f`HvB{OTw9DbxMlrbczP}viS=Yv)FxT&qrxvO
zpK>ld<p5d4l9xT~#>s;w;#ZG5=N7j+j3>W5p8B-h8u1eCOG4gU!-8$A)4lAmpEe#k
za>C$F(ee7D2&k_VUt>ADoE8b7iywQqV!)0RqbU(|Pa%MwTvhx>Fe+bW!t>V6xg2>5
z`4|;q8I5OVa4Thv!mKGd9A+EEnWT_VawIOvt~GX;Wm#kUZdnW5G7S6}M;!`yiAmH(
zzxLp(7~Cv_3(Gs+tx`h|*<E%zntcu5mOPu%kFolGR|?#b!k~lG?boa(&T>?%yE2O|
zCk6<|T8jpzf40^rQJ}uduMSV{vjLB$5;ZofCF$DX0^8R<?gQM$Mv0E8c+Xg;;^l`s
zTzmqvjpr4KbGZTlw(5WJSZZl%9rHDM?8Sa%!=x(*iHtP3;5w|?_Yf~HMLvmc{&z8W
zgEy{r@AAezLC^1N%Y<KxV0`Y)k6^zBK=^z4Wza9c8KF{<#^M(5>zi%b^_E_o0E-qL
z_sesI!IqjY%(QX>05`JlY&?m{Z|Y!8Yp|fj_ZqltNxz%;l0_a$=VQ4}02DCf_`%d)
zgW=z=EIP6)fH)Y4kMM>(o)zVpZn2g49T%xTe2%C~4Mz?Ge)&@W>60eXlULJEnjxsi
z_uq&mAhj(E31avr25SJWI?9zwo1d&3xtA-)Es-_v)MWhxd@@}0ugwi-GX^6+u22MK
z!}Ertp)!(|8mtf7s6)KF`7XCWr^KHSoCyC~)$CMiB4Led5T@5cyRn(!8VQTu4Nt_P
zq`5bi58YdAS<D7#SWz~(JupC!D+2&wea>CZ=o-x;ABuSOyl3c=R8~+3H>1L$Q%ryv
zr49b<{A(MbecQeizX|ZVG@{G?RM~xXZ(oSQ4JRWZ@gJ0n6nsfg{s-NQ6`U>r$k=c0
z<FFjRh`=dFN_IjK3q@8smH=>GAV?q$-B1e;aC39Z#AHn4wvOpT;09c7?xgM6?z2-<
z`2qkhK!P@5bM>P`2Yt5lJuH==ayLH_hZQ&mS5+Xe$Z_lr3&P!1Ad{Z0nmqZwNA|ox
z4Jr>-CB8%uPvir>0c8kTk@J_S;9wLXnKJKIKv_X7xArL+;FpEP`A-lb?Lcd5YGx)g
zQyLl{qio~Xpbqm9kUy*Zwmk+j$8V+Cmo4{1Zr@(01K3Y_m~`JtYn|la#G`ld-a-*S
z$9sI3gnf5&<D2ZrL&a<vdswy%Q2Ovp(|DC5{cyCsH$k-&8YKY*C*lNl(Il+en^8rq
z2m^tbhjvlKxao#u2xhX7Fwy)GqjTK5mFWG)Z{VCoTz9J~F9taa&Tm=($-umYS_6pd
ze?hIm|NIALTDar5H;yamtSt(BCPU$t<B~6LlEn@-py$*NPb1d{J)j}YAuiLtEA<F8
zf`@kk3r`m@1|ZV!PSONTq(Os}l;A}uim;_t5itc2Efpy3`3ooQ{|ch^?;q9B_r{3t
zf`$U4s=he$i=#0hy8&c2(3Bd+;CBH3hCc;`4**S$ML2{yFiOoB^>$n|)%&D?`&Irm
z8C+0-QDbfY<z@JLl!0SN+Yq?q;eQp}`Kvj22kw<2!aECpD4XuKU3n9&*t@s?BliIQ
zk}ShM%h2ru1wm_oK2{C=ucopIQ@`E?KmXN2jIIZ^3>sxlD>fWEPF&XJy8tO=;Cloi
zIEEY=<-cBjg~9#jXOlmJfIq7A*E{e*B*FfS2L28Y^skq}LpBI*Fk63cp5Y_+lkp9s
z1iwe0i6l}pa?%(tH-4eruqqm*9Bj>z2Rf*gU(tR@aNi9k_d-G<qlXYH2sZ|aia!K!
zC?)|X3oNKjC$L&gfu98E>Up#7N$cr7Aanx6Wb^a$bWAAcU^Tyc$nrq4)dFz)Z35_G
z#W2!=+y_E#+y2NHeV<98TMX#`{VU=rUwOa^jJE?vW^_z4wzfqsn@LIX*BYxsLqouc
zd}`_K-Ow#hIr7rAe!8NL`<}te1|}vZ`}+{F%{vJHz0IB{A+h#Tz=H(XbxLtTZfm-_
zx->HOO}yOPUFk#9(_tkQnj^pg<iyrR+)U<p9^74BwxwTVH=QjP+ZS4254;3HJ_Ym0
z6PlQS=K8sJAMSKUl5Oq0M%95(I&_XVD3O}UZ4dZ)9(#O0Lw{D|(fp$go4w$L6}`rE
zW(KZ!jA-JTqu9Ceh{VKzNfb7FR8o^WEQhx#XPYH=kat#OVPZnFdkotw1G|j*BWrNw
ze)>AX)bF`E7ME^_?9F2H3qwN@Lyu<h4=kyrpMk2_JRkvIv7!%*qKQhvW)}=m&K+aJ
zSQ;gB6)Xu7Y#s2I8yq!czd?44>gLcS=CbGm2cYP#It}&p*^TOY1;_aQYfKu`KhDr8
zzXb<_R!Pt)Y3>C2AkA#>F)loG>cTEt$V&l0dH~O_^BuXvq~>evvKs{c<tFEk_um(n
zme$4((Rqkm@4pIS)Dt$M44fKL&99J>pbVsWt*Y{?o4R4$ZDx;E+URIlhFt1#*`B4m
z(ZFuj<_ncIYr}#Gp`EGn=RW7JAHNgzz9`Reg9R|dl%gV;dVah31W_C#z5XwqlicUy
zU29T*-VwoYl=ATC?OI<V_36{$d#M0j`uo?A9p79|=T*f5ET1PE><Xns216T`QQl<(
z21Z97v_{gN@!8u#t<d|TXd^E_pdbElX`F`U7SgAd;)>h-Jx78IKdIc^OB;3txsnm*
zt@oOKB;=nX1P1=;&YRv6I%;tnJQ8_P0{~D5z(K^|vAgtm@t=8!#Acsr@w)+tsK>jk
z3G60qjh=_edY!+X9wVbk{674UsNy%|S~jTR9;_0HIS0~o^0Lu<TS|Vas}Gnuu8)DM
zRX22@`qk!R&pZRbJ?umB5+t+4ygNu@fO8si7Mf3Yy7?B^Qr7><P|97eOD}|D=;05f
z!gZ}yG<Js0fNTlezjF2ZunL_%bV!>0j(-yG1?}r1{-Cu_$AF{Y^slbAI)6^0SU&3k
z2?ZMdkv{-79(U#U-RgBiR)9O;EV+KKN0Ea-Fc}n+83AC9=yLwEGMO+{!wys3WDb2W
zbU}1W#u4}Nfx;7~9c=bE+}<!nOY4l7i8jpzViN;!hs$`T%qR5x$JrYUq1NmgIW1Ie
z5}V7J#QnQXM7o<hI(xK};-;umOt)G`^MlmBKkw1~?I$KEvY3GaMq-2Nj4!<^J&ys6
zGQ+mBIoXv8!_TAF)oEe!+n3@8Ckn^%E$+LtpMtU)$&8~1eu0D_Yq~ezx8>`n*NvaM
zuCna(c*hc}XB=1>F1{_N--t*7i3(kV-W5Tw)&amyyGD!~dZ=ovrJX3Uu#xA_rJ+xH
z7ij>DDVPfr-rH_bR3h<1`XV?^tPpvBMNQ)RgREoe2PHdY5y!lfR1rP^UkwhUw(^Uq
zvTGJ9y^@c<^Mo!sSoeLcL}a0{p*GRwDo;>VD6qh?c=<;Hb0rJvfS{AN>U4rd*k)_y
z?QTE;jktJfDd`4B6Uj|UL8=OV6Lq0`n8`_!0KW^mz(8H-yKP^F^EaGlAp0oUv=C<d
z{eucBQ64pC&tr0s3`XHJ#24p1oKQ+r)mr!|BqXnUK2n;b7mlycEoRar_Vz=JqW4GR
z;$jAiw_<kAI;D;8mb)Vk7VL0X_s--y%hfC0v0v@fcBaq=CkdV_Wng}V+p3CTXz<;x
z&8c`c%I>imvK=@?ONu^c&e^jsUCVc<VF%~wu~nC?8xV!wh&WQ-*M(+xUiWp`_YD)r
z5k72TN5Btm2}R~t;mVPMZ*4K6jcbk=CuyGnL>U~gZy=@s{g%5rLA9U)>tU-`le^9_
z)FN%Rg(}%mR!-#Yko8^~xy#dPqe7Jmf+p67W-N_8K)QqX@~C6>lILVmi9FJZPxeYT
zugsbdVZPPx<CTjSI&0WS*E?LUql&}H4rn%1TCRHaYEMAvne$qDCVe6A@uMgD+f{gS
zac*o)%S{V59R%#0#OCg>Y8|%-$fu^}zP5+QeOnFDKlS4!O@7f`kP*++2pPD@dhM;>
zc`k0L(bf+3VVXM{>vX|$oP|ao*5abq+Xy;=)V{92#zEC2CCNP4d}46Z_*~o^qlv+z
zMgKL5<4chE*+VlbfV1DDS1}|I_)b-gPOL@aA{qMVR0pHfMH-vm=;e7bl@8G!7HZd8
zy8#vPR^y|-$FC*)re-rfa51KjXGSa|Ev5!7Czs-Tg-Qg<a<6b=E+Qz|e8ilCrUG?_
z!#5Jbq{n>&AJx9u6*2taUd;U)VEGM^5|EfNIMjaiTAQ}-u12);elrm<Eih7)bJ9Mf
z@s~=js=u-Y;1+=X+r{VQLZ3|fbK1zm4<KVtcIBjBvHO=Nwodk`@-ZglgiSyy@7Xk&
zF{Y{KvR&?$vC)1wII?Jq=E}-E*nrroR1X<-Et8_H@wr(5J{ogISZqe4?W0<fvRzL4
zwO87BEUGpB$)$FJHl}rSf~|pLyu|B}@S(UjwjKt3)`8C!%12J@7w5AC3c*V5(@4{G
za(oDjNpjy6i8Qn~+^7_1zyq#J6isVO`8X0sN@-U?z`Xgm?d*VvqMmMtXRG2~WOKb!
zT8fdZ=S2?xyJ*FWz^_IN)sFZksM_S#y$wD`yuab3H>Amo-?vc(oZNzfBuOx~eW<W$
za}FauJ(}MJnI+1J2j30}#6y)V1X}@@@CP3BQRqZ((!wtNc|K>)3AOde;bWs6*+x7p
z?}hMG27+5hXbM_#r!BcORL^~-*|X?=YR)^<Ar9w8;w$Y9HH2j6B}o&I)YrAebUaS6
z{?W6+5!YtInxhjic4YA;(;MsRV8S@nKC8B97=@ZIqO-cP*hx)6gR9~%K-Ok4*=A#=
zHCfHOg?mFRS*KMyObA{TD?aDCMoF~G^KIs#YfOQ-AGzINO*nYAv0GK+F<}U9xr}?-
ziOAZG=MWOZs?GI=%ws~z#a+l(1e#H3FXEn~zBKvG7y9GJ+9-|B0kQ5E@&x(F+g+;_
z+ffPk;1#k6$I+J~7ida1$U-_dYL)iGGvG<aTIz#XynD!o$8QaLAw=8MR>kk#O3Kj<
z3`3uC?y;LoG|q}oGEp7|QP9d*GUtT&@)PRPvVA~T#%QNQg#Q)Y^rx|0nZMhWwoYP!
z`<<608dmR5#t#=vSXFMFhU_B5Vys*iA|w)<JrO-PG!DILS0VaasjauX<XL4t`{5`0
z*GtrN`94~*y;E8S(G!v7K0><OhZ{IUlOOIt1rO;1CKlG}Uzpyy9#FV%>ylEcYOY}K
z@>96G8;2TrOZ!~1*)<s%?^&9p6KnSv{m$RkKvk0d3?A%*ur;P?3eO`i_D!7U`>)!A
z$c)uyhg93v$GO-XQ9uewdc#F`;vh2OjZ6q9#qEZ*Pg+8^^tY4OO^Wl1-*Ic=njmDr
zmu?>Q-;No4mj$iE-7NS%NaGC9LI<zYYx8}_e@zRa3P#pB*kxv@nuiC2m;^yMr05RZ
z!TW@nT)HH@AW)e{Ux*1$VgvT<X3aL$N%zhhbb5G1BL^c}g8TP{cIE|$r2BUUsrIqi
zyGcFwAb!@r*06S(z-IFhB%!_U6@xqOe^$`H`eKTj5Y-oey$`S@d0dYi1iePg2yQ*V
zzgvcP89at-dh7T9c^zm;>mfm*T{(zz$}`}dzTMr7Q9u6?1w0nI^#T9b%Q8g$dzWWC
z@4mW%L40502zhD~_8GCUs5>+&DKPj)*3BBZ@AqZZ8ct*2!D7PW7Mh=ubI?`2^gEQu
z{0`k~3v7=-pe2V7kJQXa;e8`WFUTU_=}R#0>;sWelq5V#lkI?qKX`lqO8`Ffk+Jkg
zc1|GVqrrj4RGirGzJIQB-P+$VA|MZ>3yk{qkGGgmQJRNJN<(qPL3Cyc53~O6!<y4h
z$K##z!rv4i%%Zsm|32}fAMlV&+fL9+O{gjI&o8*Qzl6YLfgDvUD$#hV00O9B_}{l(
zQ-fOUkw)bL(6QSX&<Wn%n3r&2X}~N`G3C{r!FOT-fI5vQJpSwEzv~V=BeW8ieGEXj
zz<Y(K@Moiz|L(RLbf`^MJ%G2<41~IJ5C0*b+lWsN`5*sdthL8rZ38ei{~sRyAeKbZ
zg$bAWpEi?2f$(tEAn*awoc-w>d<=|V;q*_ol|`rTyQu<kW7y#x{4+xzZX;;9$MDDg
z$iAm_A{fLzIPiIhxc7@;1MWbh34oyT??&&Y#T<ahI0`}k*f6b%m&IEpff)p?cLG3^
z92Ef^6UuB({f1!|7~Dmx0I@9%=D#QRH#<PU1hoKmjCd(G?@F&jZt4)uRVJN_r0GaA
zSB+@{qv)4z=N0rn6ldL7f8_I<OgyIl^4m5<{my-OH?6)4=mS-M02bF$A2pbAu<KSJ
zWBJQ}h7VK{tYZ)xJAl|2bZnYVH{dhy*P~(?#GCtm0WJf<EHz5z8fL!?f?~3MkL4@*
zT}k*@ht-0x0Xote2%1SqNctRqL?b`sv)6ZUDD9R9rvvJ@tEocCBf!IT<*|Bv2-u3P
z%1O2%AfH!*4hnqD?-5w^N4#q+JMc(A*|&O(yH;XiJuE0?AV1+7eD&z|>_JXXPv3z<
zvwub4L^_+0UTF}ae*+f=xobpEd|w$v0`NtKO1B+d#Yj^8kL)J?5y-j_q=HA7e|JJQ
z0KSVb3QX|1Y>@2<W(_^9;<EjO7;#OB?&o9%nb)F02~jo}t{PytCkZ&Y-g_lq&fL9~
zoC)e@ekq~W0cj!<k|bfz3YEoYjFRrPO-%+)Jw=cB|M`ij#zT5WG1RH<)1F-j-&~U$
z*pp<uf}g~NTLXT%q*|@8J`l-l2~It_hj4@llAt5HcTCr{Gx5fPxfx}M87=|$6!?$O
zo)HB64n<4hgJuKKAat!4BFx9>7TJ0IGpcH+L@POEbBK%04XD<aGv<<yF&q{}YrgQ7
z+rs>dlSHVqT`v%i%3Wg@p7@2>J2C@`E9`D9K&d^r_<M-%5&5z4d&TfTgBL__ix(D0
zFVs3x`jON8&CzbIO4?)V5t^gL?bL@+rXU`THl=^^Vy5c5cZ#d4lG0kERxaQNIaq17
z^6_cHoFQwgso`DbpSO01=UJ+F-O(Z4J;^D)k6mWwWvgkHxKr>C+1v*QF=pXWD6j3`
zon#FeiQgY!NFTvw7d^e>!@CR*yqxmz)6=ZuWmGUz=v~}*u=D1WkWZ+;=vFd!gYdD#
zG<_{MMRbh$dG%oM*=FplvW)%O!q2X6c&3EwEg4Q4p<)b}+n{h`qtjHJ_?u>ob@`>P
zw1&&~t33#+5l>3AixCGkGl8aR!}Q2ryK*w%sH1<^9<{)HP>t8{(A%h2JTv>mBf7Om
z{u$-1o!8CWg9wqeiv#x3gj4%G7s)2RCn=XPf~`{VN{sI3-#zmPs@@g8W6h$mp)WYa
z=*iEcnS$m55Y9_S4#B8`2>^<03HBp#NmE>>)4{O>#Cb-u8S|>2%U427=k=V7vWreY
zG3e{yWhcW)9P(VxDvaGc2?Spg1ubN)%C4-Fd!?;+m;(NgR`DLvl#3=%QK3%fzT1D!
zCcHcfWwjoERnv0xdU)Q|erl8Eggk*~bQhw4<rz=Yc)OYvj>wGj*cjUzeV*=74>`4H
z38pRd5HRG%#*aZyjCeN!y)Tl1MtjDOhT~7TRxuQ$a)QG>##`9ZsD<Y!@TF%+#TN?J
z>-x{no(%<VopOQ6;#orml6*KRat!H6#l$f}Mb}nF2D@{nk%D#d_wg#7rKd**8b@zJ
zs?u~ujIw+LTWLQf4Mx1Opp0E^THGC@{(xqHdchucN+s?I--hv6<TfCvjfmSUakcK7
z{g|KaJS~&l3B_9@ncj3C&MuUc;+CaWfSm=L#2h+;f6c-ZFvZF3ChTKWP%#A-o*s~v
z3co2%jB=^+cZaP+uL1yT{xeV7chLBGsI<eVuXa7|$=8Kz44ktgWd&WHG-9a{sAdN2
zaR6Djh{+5tFfN4?(A3)$;N%M}y}UJs`KQJ=s8ik{nxF$;58O@90$vi68Sfa+V(_|c
zYxmV}W0#d6YfgW!-ztga1nWMGU{F{eNPL<qLM**SEB}7ByAV%j-p@eNJ^BqfFK>4z
zZvhWf?S>x%em;ltsiY{%&k};>NKs^Gv+TN4Y}US8>aEMk)1LdY-UNjlISdXQcB{%2
zt#V~q3AIvP>BhL1D-gU01(Je0Q8s0Wa{$w@*dwDw<LQ@nE*$t7W)0eN-1Cy>P!aka
zT7<RTG?mUfKr-jd9A0g3=;L>~_20lTR0cSrN$0bG#~;>|KE*Sh93M^?#lY>B&m+y@
zCyXH8QH4fd_G^a|7<gQiaK@qP5q%WzL@@#~3)+TknZVk=&WN4c)tu6fn1}L8qJ@F8
z-EpME4agS3O5+sHr?8Y+OIZ!iABm`7@4yTA3;>yj$?!aHE=be>eCm@nn_<1!mG?OK
zXJ{fK_~D!Hioer_?>JZT{Vr^$nO2WF+R4JZ9p*M<^0w8l&!zgS+sKTYsO*jC27^6T
z#bj%`Bg9m7{zzjRl9wRRfFcx`h?;h3f;u$}Vj(|MlSe(pTfbcZ?E*+l2`c$TP5%6T
z>0^q)57o>UzrSm_%><QN>4uOT1(5^EbfnV@oMN?wT0RWSj<n@F>Hau4sCOVR0=8*5
zRyNlFqEM?w+sbnZ{xYyXdyISgoYytvM*4Dr6LoYDTfB*`S(pIj>X#r`1|Z_r^2xwS
zxa*aDe#7me^K|y=(4B&E@f>yF(M1mXdDS{g?{kCoI|_1F7{G0%(M?Xz&F|u|m@WrC
zaOv3?KQjDdIlM<5UnoiI*IK53l8)dLNFNsk->j+FykT~M4KM1ww4x6MPM6i@I!<QM
z!j^<E(r~<9>;f*J$(_3Kys(W-$<~;Go^bNJ^z0IN3*Cl%d_n1zg^7$lTirlH?$QGA
z6SjqzS4j22Q{!g%ILeo58l?Vg>*H!}u!2AZJG783gIQF^bwN}vsUUpiRp%20n^5^%
z4`rRyrn&$eca(b%JQhEl-H2NI@Ob|x8c*LekB9NnHljnKK+7=pJ{Wfwi_VA9m&a}}
zazGoYsJE`fI3kkjzPlw#`CjIf=q&#p!R9OvhdRqwY)7oShkEHeQT^<cIa%*SCCXAi
zF5KMIp4L3o)HrP}@!sa*PyPP*=Qo_w$XA~yzlSt*8mDnM9k=%P@=`{vFL)^lH*|-y
zaS(C9NF;--s!F2=Cg|zDA>v`#AQ7N_La>HLN6J$}1ErxazR=0nBR?qjylWMRqRV%x
za?_jWr1@!6x5!X)yl{=UWjM<lq)JrUe0pa4*mk0D_l4I@U}Ya7f+A<CnuA1BTJrlx
zHNvy=>UTK>od^+;Dx4hB9$T7CZR3lX$V$NY$S<e(XAkVXHET2wn#+*hVA?7hdF7WJ
zcl{KKL?thoxwnMQ`kL3d@e9J`l=I$Z+Wnhtf~zNSY73u#hzuKCSq68w-d*zdhe*75
z4T+5isil-fc!`DdxooVBc8Hw<t?V1WO)KrtkNVXX86uOK>#&wmNH~ja#;>)cJJdK2
zkcezBkobqYgo3hp?e9GOw9ktq2ZP)vM*56P(VC?2fOnm{^wMs+N(<lpylqEea(AK)
z=Y-r@1-qB7>XqN%%VAyOFI|Hv^D?fkXB&jZ-AR0>8<`yhdmG0ih;E$sO_ogpK+m2Y
zA}~KPv(&nX9{t?N)1@bhet-M7ud#d&mV-nT5}ISQ7z{(KKf*y$)tsK1cz^WhT&7mO
z+I!W$vWK?9{_D1z4r34FbBYgoMUi24PZ_P0?pnC&67zO%E+`aKd#kB$hU@AnIFm>}
z<V9m2BjjOg^?GuHwL{)hups$_hG4;~wzH7@Iqs5n+bk{(6hYq%cS&6J@aKaVeIn1P
zY}fl%YYwnLhEPcOFWr@U4?QH_!S-Zw=oSVAzdj;^Mvi>d4}?n<>2nuFYY+rVM-UP%
z(?ii3#Ti6k?3@*1ySHeEKHpQ=Lht<e3Ki<=UOah0?KQpVJcnms1m(R^S*T*T8^&{E
zDk^w+e$tWxE!I=OoccP0@%PxF2#So@)bHMl!6?nqsaj3*Og|*;7z}vSzHIlNxNj3-
zh`!)Z0jL)CQn>9C=1aoA6)9!VwyyFL#uX=7%rlk@my~!qr!m~wHBk!w?_EW{YkcYs
zBlq5&mnw22dpwgTBg#FcagtKW^OWpZna(zwOoy>Q32!vX?&)4CNXaa6ZZWOP4WXOK
zHI@|l9Ku7q5KM6gcZn(havuRHL4#EKAp@A$9(+ld&!=akYB>INef-*Nu1^cX-{!H+
zl@K&m=-#YrR_hNN9}b=<j=eQn^i|b8dF!1EZZkuX|0&84Ece&JGnriob|oUbv8`Xc
z3Kp;D7mlN!l{{@Hc*jGlX}ij4eM;MpcczY>^U~d<fT9&r{%;k{{_&0XV5;SE`MmPR
z;vG+vnJ5t98-`ZXcWRk3tygJL{>KMD(wZt-);=?fys8?!@-a9w=w;zMsi9*@C|J6K
z(`bV3dJOdUQz>+EzWjRftwV!Q00i+H!XGt(L1N$Bo9+5q(Mcl937>PG8<gP+>(a`i
zw3Xu>)F!@Y^sM--y;&>!EOXoxLY-=xI2)zwv4b32_m6F0`FQNHvE;I_G~5i|MF8;6
ze^ebl-O85;$?kXycaezHg89&5eu1|CS_sge57b`b8h;FQM}h{w|BmHvCXB}ZM{SKE
zvO$4O93p?-LxIu};~-%ES+7J8HA)i)#dm++5`&@k<twB%oy|S!@cn7s{jPcZC?Hya
zwdvJ#%Uj>4rsFhnpm7>eSU4sECZr&$j4xNFO~@aDX!h29_9PU7lfXdzaYomziq+Th
zd(&1j50s*aqE!k7iUQL>`~DUb^;o93PNa(klzjg2=H->X$M>MTW9lI1)xMXT$5|g-
zH;65h%Pj{VT7I$AY4WO`xC<h@D%FV(af65H<0K$~Dd`EN8x1-dyXd*gi&?fG=W`Kn
zaU!it$axnzXJLxXOV&EW)+@{1%|FR+j>4U@U+wt6P`(Q>!@JcSNEA9{<I|LhNej#V
zBw8Cmv#uy=nMkX!f<~)hDjf|it-KX`K|#R*;X_3oTTrr~)`?bjKWh|msub5$CKCo`
zSJ{2-OHCYEucf`O*=2ZUv3<btTmG_yvfpK0I}I=Llx5iZ?VZ_tJQp-y8oZe6_xGMq
zx+Krr3`M!nguo(hwGS@vKt2?-GIkL6)PAdHDtf5rD`bou;N?`XGZQ!!O%D`xrNVFW
z`$@IIkJ?JQ8b#u1GesVXAGK6Pw)gG4*T(0SnO=9%WnX29bf&ait<TgfHiezVPV!?w
zD7^n6?Jo$$c(xW^pLz;AEv{=yOZQ?FSc$o<RKXSSB{4;-W+mdiKf}@vb$gTB%-!%}
zV5cb8u;v>}Vh-n3q4|%riZ{hXcAq#7KKAZ3Z)|fw%y9pfWBCta<Fipt!`=`dWNodN
zS{PEHWMK#hm{M7LzdJJv*am0omr`B9<kXOk@Tp7lhGDX$)#+$%PrHv<=NAG6kzw<7
zTWj7E-eN|9MZAXZ9sd>$N%5XLOv&7t_OR)6!FHoW3)b7PJ+1WT1J#`kFT5vMrzW^v
z1Agy(GD@}8$>ei4Xxxwf#r9^grh0pQx9^MXm${3c2fM+@QA)Sg2T_zUa9`S0mt*`(
z0O}S<mVLUS@<nln<kgGmxx?xD>}fn>^?tjqelqvDjPc7m<<w7sL2w5;)>2R>@rq}e
z<^3_Cx|-2MjBASKL7!0RuCGg*Ld(^!1EIm2S+bgCmF}30Qh^T;3Wa}7fb7(RQR?qx
zz%<)_cF1@&*^cpc=|d0bE|c#px2wc&J;ia%!$+kYonIIbV2b|#8voyGabwzDgZtSf
z?<LFoJfmv6FCtrpskP5Em(#93i@~4=w}$3F7WR+!IdPpi#c$*5I->AtoHJ#t)}x<9
z0jtIEf2~-Fy3pJ>Z;Tb4dwSm-W+&Zt7G0;Tk$*s-C|!T74U~ca@1)~M)<Xu@xXh#W
zh04|s_tcN&96%J0jP|SQ+BI11GxWi5A)ZhuD<>K|BwM^~A>rYjJv0P;?zvi3LU*2X
z4Mr~v^Is<ArZ1o85p?~lClQN8C6(VDs2kOy1#^s#mt<4a%Df!2l^L`}_;s|e2J>cD
zJXL_z<mtFJ2myTyTMTXts*t>#m^1CMMs@;97Ih!Y>Q_v5h-k1V>@cV<=pcDkOR32&
zEIJLQ*kY4tHKI^C`?+0X=QRXz`Omfife<4=2k;5z#HZ&><u&m|+(`UQ!J7W(&&tHZ
zW7QZnJWBKX#-H`*7hQj~$#k^P`_4{O1n4QgM*i!=z|KR=(2)2I!6@OTr%SFNK~M38
z%`SW?S|d}C{zKwXl(<V3>$}3*6D;o?t`77Irnz0e&LGb&d?!@L<@?VEjrmpyd;VJR
zV^kDg;S5bdPK&?Zr36FNpnp#cgi|sD>9fBcy#h}`A4@L9$A8R$XmCC)bXVxQ+-kG;
zu;vXxU}MmM!F{$dJ^I?xotc)cvQb=7WzoOY2ZkBV1|@9asa0)0?se`TYSEwrlRJjr
zvO=h?8v7p&cfE&%XT`Z<m^Zb*AB(SEcrp943PF_!*BI9Lmtmuj$YyArPeGm4bz@Ge
zI|J)6xDGyVZa{ZGx8uXu{$seN_)F;a8N$aEw4DBa)@~nv?+mB@RF;6?Vj~ezu>Dy^
zkS^Ts$l6HHxSyHvfOQ}h(9e?lIfzqq`#*Zdj$mh>(fG&O@Mdko_koRn&0AIj7kTY4
zLO$(3`k5}+I9rof4AutDM+bY3c9!>0PPBi_Esa0_X6|a_3Kw5EAo~b9*x%B;S$wj1
z>8H53TZI5Q`{!IRe(}LrX<#+9l5T<~`i^rFlW(!)%Fm1IEWV>1ScF88|Kq!@A*ntx
zQtG`;x9Zx>SYg^;n;;G*1LN<Hi{9m^RgHsg9TmkTa@dOQ)_Y{swU2>ykP`d@Y@=QO
zlwq|TGI%!WNA1TXp+b*v1|YYVe+Xtd2JFee(5}@HKWNwe3XFpT$2c&W#k5<3pUiOn
z$J1taPyeiJVs#Wr8`jU3^FV=6fDO5zXl0-n1Sij3)IW{5Eop4;Qhr#m8hp9dhg|-b
z*(z-P_d;z6s#q|UcgWEHiim*3k6fHbNEv9xdl0vlTt}h#mnptX(4!Bpc=K7;VXZll
zv%-4f8=;QWH~u<3MRRiSPG9A~*#ij0bK&0`^Gvu)fxvbtN+Ww{oo09{@Ld@nH1172
z;jrtISbJqjA}8Q9wX&pO!7?*6{H*!`f*9`xQ2s{Rc%Y}w;RRr?o==%Fki%WVXID{J
za{!z0Yse!k;G<R0wyNKh9fVIV-WZXS_{>zg(x{)YRr>KC<r=-a825kv=sZ~l!-mAO
z)1bjvZ*&Z6RfM1a`0J`d|C)te-*1-O3LJ!FgjLV2ODsqf2kug~80e)Y((i_2mCM@2
z$nxxPGj`Lq`zq%?SXTRNY&vErUjp9~cpmVpWFd*d)LVt$1MPqiBSMu)z@DmM1gmx3
zKKpTesuw54nd)p`mzU$(aEQBlj|+h=+yAeZD1tigLMYJD97n+F$n8Ox8?L@lc%G-@
zB;^!M8S7hZp`Ldrx{3>4*|6L+S6Kek<U94MNLc1&s`MQgBu^Cm9W_K0|F6D&K>m#y
zyY}ntV)E*fC!XzmrG8VM6waZ<(9YBlzk|$11D)xyxnIjKitNuu^oyME>S{|itOkDp
z4bFKqLDgUNwAZX)ESgm(T=B@eQAwRod!<~G+<!I1sJ6!$e?AEKi0c2dznASy<i9U0
zn=KOwx)lb_2DsN=_fc9Pk$UUiZ=v1^H|c4Jx42&BS#4I$1ckjfRn_v_!~O7$iE%Q)
zeH8d~7lL&jrJ87G<X*jRc_Seg{{MSW+L%2~g*{FkBfY1jLd)Fe3_BqW(#2<<j@8XK
zzdhO)c#D!&F<AI`np&>AIy<XYFPg~X3ax29+9{bHb!U!WEN~ug>E_8+FQ_OdALo_l
zvfmej`D7t%e;7PBIdmO0&6~)a;(9U0IX}VGqHoC(bE?5`A1A(x4fs1Y&!W~d<1K1+
zR$i`X4B{@~frS&*_7e?)i;To?4Rl{!9l=h(Ou{?MuFZg`B8j9xwZ*lhfR4C%HS(DJ
znpRZ(Yw<e4k|dW^_o?oaS9-!XF~_Ic;hCt=6D0;{^NNDA>*xy>p}7@Zeqc14Z$!Gh
z?^aZeHrMp(Y-a+eYxPPka~}5t4{cJ(i@fWiN^T*)gQV-@ZEM3{Y7FlQK6QW3!Lb`V
zCv2Y7-O2>}{xbjio_}L_Lwr55w(gMlG*6|$nbf6zFS5J3p}^#UnqGv+016%is{9)N
zp$r5D{8Bj(#wF?!8kb%mYs3yHdO6oz7U0dkTn^xhzZx356C1_kh5Y$F-n$uoABDk4
z^^gL;TrUgD$_8@-+lk0{mo}ZE9pU;(mio5_Mb&d}cP*HKY@Zt-u*lQp=FKp8Sn5~n
z<9>CCU(}nVQD$1%eYPunW6h%9VEmC`EL5V0aaD!u`}T?AM#Os}rU^r^-?9^Y6R7qX
ze(s*J9r;Y1dZFalymWp=Ez?6QdYx(~p(_2}fc^1@uGCHGCUR(1b+VU%?Am-#p6+(1
zdw6;0v^K*3nxRSrX5IV~`Zq+XN|{`(j3sfHAu7KKzM_@IeKydY(fY`<V@t*mO`yax
zf8SkwK?Q1xiLm{Ez<5~Pb2P@qU678t<+pE+W_&%*_;R9A$!JclWTV#gkuuwb^vwI7
zk$co}HjS(GR-S$$<LBM6qtYy+cquQd=hXOY2*4%JY~eNUW3Jd@+GZiz;hYMVluy-T
zT3I5$n)LOBTUuVXxawun=F|{*yEuc`?SCw1r8{L-3xz&<sW--1g{3@XHia9xA5OiW
zxC|Csh{2T9>)GhowgqUpI^Hzx$hx4iI7`EPIH;GVetO@jDwo`Ql^b`F^zoF@eB9bo
zh}+daE4D~5q<FMNv-8Nt=EaaA$;VTJxAs+IeTC&#r@Fd$%&iq;jiq{e@7Jj|S}uP)
z5E$6?%g)}RXvGcw4`oS8f%1|FEMb-roCcOv)ALhmVKTHLGBP2M-sM7w6lq3a=HRux
zI;3Pd;^BL#tg~z{zb4gWG{izsIV?2jr<><DKgp}mXIHphelmCdrb3c$GgZ!QEob^g
z#hAY4CxLNOG-%vn-do+=`%hbDYdYtfnLo4v6Qv~Qc>YlmMv2cL90`E{Up^KE_^8!4
zWX98P5<g&3x8gNTX=e}D$B*CFwfEX-J%K$C3(<Kg3XOYzF8C||?I_|d9m_BDvTyZn
zf*lmC|EIUN46AZ`-hlT;TBIbE5=5k1S}*_w0qO2;X=wx%=>}=(4(aZal<t!5&P}{)
z<2mm+zjMz2y53Lk{^aFmKhIjTX3gAl&&*nNwAA1ikxE~k#&KmcsXe(<D`Uemzd82V
zC`M+si|L;rH6$1O@~u11I2jq(8ALu5yBD75xnnnBkg}aM0SrfJm`>rywf(v!Z8*gA
z(6rVQHV8FWJKvm<4X~xUSV4XLk}C>?@#v|$+z61D(BDpBs0b2k&3;WR<H4yDTR^^P
z%d65`{|sG&)gNM-KYlpbOEo?5W%D^~KL57nnL{y04Mco-Q!Q(&qpqDB-yZ^dB;-Ne
z_E6%ryMttO>{x+Gc4HM|qz`IR$&TE*=skudH<|IQ#b}q2FYW6jx!Ah}K`;GlPqMbR
z`HjvhMeZ{UQ_rR?r)zHST>2`)X7*LeOsAcA-}`+Rtq%G3P`^OJvJs(y)DwwA-2pAQ
zu0x^!v>U{L{vku;jx=(|o^uf<Fa4K;0JKB|3V1}{g?0Q`!Oo|ahsFQpxG(?-5(Jy)
zb69HmeB9Q9A~jvgP52du<pF++<2`B!aLWI)=BO-L{QJApS0ifDnmJR8^zL=$6UWqB
z-mVrpa(3OQUxU$q@dy0N$lVOq@iY!)ptTC?+WH{27`dRLG26_#zpC26{z>e8HO1Ti
zr)NfnO4500-m|=9PM+{9fWV4soMk=m6YCBKx-_e=_ekmO$@%7TgZT{*-@HQluPMI4
zK^nWTnUjZ=@n1KJI5b_vYC0e@o@s1&TgG0qo5_sw3Lp1gUcVO~#vnI;78HAuh^$CG
zk2EH}LqiiYqv<|<A1m>)i91KRXC+eI@hF`b*juc)SBourA`O+2NY@v~y$6X;EOUsZ
zBCE6elK-_5=@keJ2=*h1Z7P1967TZ@m>TYE1z5K{s^w9Qd+Yw4E;aEn!lqwE{$~99
zot0Qo)yaWZmE6T&i}_u8c@y=gz1@{(YJZ$j0U#3i6@*hfj0ya-ymY+=@`d~RHF=U-
zVKgT@yk?AyToZxR4FlfkS@#oa%p<Db+E}WG<quSylA20qy^>IGC3Ms+TaSuBuew(#
z7Smrx4gJ^R7S_tK>n){Hk&~;ITKZk!nYvzi1%Ry*j#+)jeyD9th6z7ajV3H=bLN{(
zM^#mH2BW-eP9=>mbzOF@Z0CfQZB!ur_uGZc)j_21UD|!&>toZEU&8y1xaQaA*x9(W
z8Poit$j+k3vN=CusHp#WQs!p*vaCY`ru~GWTczas;U?d`bnCCLs643~Ks4WP?Vt@#
z#4?I#4+W#%nUN>idhu@<pa!*fn$rOu@eQda=Mh1qwY0bgb(+a~O@4K{gQp_j=1jij
z$$%6u5VDGu`bPL*l!nPsr|;L@k}dJLVYRO~?^-G@-@0|~P?m3_KLTE4V|M=sh(VM(
z>6Tn2_jjc<N;)^Zdq#yvs2eA~;miR6r%F0xEJ#-Qwg~u4)Rl>gHT8Xqq;8lvt+kUV
zcQMYl7a75ykFwq%Csq78JSV?M(Xo?;S(m?I!LL(-^)F|G!QOBz6ELbpt$_n{1Gjvy
z%Frnf9RRHa2Um4R@jgt;o^V-V=rJXhQ6Wax0IemnwFwPXgHG8*#cE`A;3Ckzk)4g+
zm@!KC$fC}xQmNj=nl?HvMpeI(pQwdq!ZU1|G1KWw`_&@;B|~(#(&ZFgQv%4hc$frR
zh4l^7R;)Q}XRFJ$xH#!oO?K%3DBn<kQzIL(uSnHfVLzU?_9KV=WqvyNq7u@7hY=VE
zX3WDNMokyIc5Ow>arKeJsW!~uocP9&{VVDNJ9Ps)U#utqiyaI*Gq#tCZkEW6(mH4J
zVdZ%PS8wi@b`OQTLZZcU92C5Zt0l23+*FmR20c!5HII^4?$XE4nQ}=|yqrz-%ty|p
zbj$H$=-&bq4tlMQnibiV%XC*pyvQr_m4?oUb58`1!)L#JQY*femGqAKw}AN1cv?Q_
z*(Hy1>fH)u?S>reW@GN<6^KuN&Rt4lvU|e!D`MR?lopEF2ecsd;CcsZhxO@QYK@5D
zNwp)=>k0t%8I4VOIMsJXS~pR5<5vXps4Y?t(%rK1&qWkZN=?=Ej_PysO*|F*&$QRB
z88u^as3)$sd%e;n8P;~5Q?A0kx18O_1(=<+zUHY8A_B%+yFWq&93<}8AHB8l%`}<_
zQ;w;ysffF!D^d0K_3$lGKyDA1*iTNa1$4@Nb?^(_8WCy^KLjW^4jXzLP&VKSoU-Wz
z&-TO>zOSp6JTxl)L!ETp0E<-w>@^1<x3h{MSe3TtvyAtQKV}#1f!q8DfA~SV=ItC{
zhiOsAZq`ly9#n0kSi<Fpu*~H^iAax#BC&Fw*e^VQ)>yZE6b|W&8B1Oo(I2~~9*zUe
z|CZC3^QyZs3jb)bV?;#vwL2j$aH;^uwqL->YUm$$TpxO6ae4Q8w`16X=YivoZ;nw|
z_YZ;(gbYHDo7I==DJxULwm^Ksns)KCTL688P?I`sgl+%P7i54nMBOz3Fm(&z^oNMc
zrKZt3E`(PwLzqg%vWyhPlkVm{QX$gtpvJf5)WQ!4(MuX~O`>Wu7J!0C^wqpoH$03d
z_yd;66U-@=*KmQrQ`POcb%=YmrP7r3dRIQN-pTh{iI!yMc1kv9rYEMPz@8FGD>z13
z&sLAUBviJkkMStw0NekrqOFv*n7(qWD`}}72>eoix{QyJ(uND)J5hn=yp$4JsOng+
zPxs7^RB6=%jQIZJlTAL8h<1Eef<JBQ84}<Y5capzGiVXH0cAxgs}ChmQ7KQf5x3i(
ze@WLX_+)CYB~&rqn<XcA3YI=>UVEw>6@$Z)Roi`i=-iaX6c$KkE(lUR|C-(~p;ppL
zitcR1yo1-Wy2Tp$53Q@K=p9$P3xD-#?>H3Z9JN~G&-SMWJt+?4d@M^_!aDU%d&N2;
z4XJH9S4%RdT{ZMyEGYl$(b3pi!W=gtw{A1(b=DqCr2Li0zJs4gg6m1%HSgYhV7{zo
zeK%XYXq903rr1`QQK9U5qrV4Q7Deyi<NsO<Vq7h+ue-k@^HO%)OghpA`#_W`GkpO_
z2g8`zF=q;LLvLWt*aqsho9nsL-2RC>ev9#Ufd0r2Y#}Jf<FcH%Ty-W|vd<ndej*0<
z4nB*^kp3g`_^Ju$AqJ1%lmxa`CeqYNb<FtqW;imK{zp0N72|NoZ&<iY2>6=Yze6y<
zlw0>L6-*bb=bThqi=lwc@qf<<m1U9W<T5|sc|kjag9K=^<std*COoJP;&N>ljLduJ
z6s2nkBCWM6DhHY4eib<d+^q{ZXDE4o1zRFYQGE?3a%A3<9KdNRq~A6Hq<<V+r*_uC
z?nIv5=_CZI$qEl=+Vb25=`D3lTr~_N%&bN+h}F6Dp-(J`r9DbR7I{JWP{4qj!^*Q9
z{+U$`kej*zYkwCSGW7F>_Vi9CEhAt)0$BxMfnr^e69NZac2%ueQH)km;xB3GV>5@4
zapq+D=br;kI(MHa#raP}`cEl+hPf#Q?I_KMM+O061D}=G_!ux(ITuTgs&;;q!6V5s
zIL+Z){KjJUr-r7qe-uB-#LS9VlIq_9xfhL|Cyu8y%pjpK26$7s$V3@sv0UC5)jAHv
zd!q(vw~9sp2O@@6C>QoVHk<s3CSkOLRlt*9^bHT3A1@7T0?!KPFos5vfip9p>v;C_
zx#=LQ$fVT&A<g7`JKt<e<&*0DR)3ELU&(9VSmh<ku<7`~?hfWgu}1_MoJ)i_{IntG
zd497YxaF)Sq{4^q0d@9$5cv1Q=NtLvFbRnOhEQweD!7=*X+shXRDnfo8(Sh=^D1G8
zRk*Ln06k_5563lNEJ3WuB{NClnX~?)cUNkrtW#YS>k|oygSJ217yJ&3|Dl{6C}0~&
zX*y+1SXTZXrLIqiz^sqN>&wEk_3y~>&9<Y`Xn48SmL)MKxSGn+gp~pP6=}X{d|20u
z!g-eYEd*ghxErS3xQ^^2!ryPdQx*s}`T>Z;+9L_u77DxE{fcB)kS_l(UE}$dR4YAP
zUIbG=0~_OeYB<Tc2*+?uqMZX72SLWC{lOsyeDzVqGP{uK`&*{fB`lBwk!p~+xjO89
zAny6;i7zB-_=OJ$?sA`{kaJNq%!#81{f`3zX_~<n>w0?4ZdC5bsk60uR40(c130uB
z_>~+EiRo|D>mRf&G;`^Jo3@((#Ol{j55)Jng+G~GwNk3z;%azwttYiidUE~Rm1!Sc
z)b%-j@Lv`Sl|?UVX*yQUm0Eh+VF_T$c6?5zg4T#C`iRrm;}*I1`(^Sf``yf=(Izn<
zZmb=Jc;ji=;D0}oP?;rSEU%NHXDyE{`Z%J<X$fdK_5!|dH#1Yf#MT<G8bP~ud|BCl
z{0I2?A72Nu?jlyRJL?TTr+pH@3Mh7Sy`R>6gKsrl%}T4|voC2N7I;ijzfoNNnE;<d
zyqXV7Ouu$GY_3d)5skJ1*UHR>klxq^IFF)y)a)lr)Z3j!`6GBOEBaaalK`>jS#mNN
zSe!HPJ<eI(DZ-yUuNqo+Q5G07fg+gsR}E!g^`~sn{P%wEp0Ar7?y>B(7F%fZ_t5q4
z{d7L#sFbTT)BO^Odf)HMclpLnu$h38ilvU$AXQOmC}!iRFGjv|(8CAC2PR$H%KDb6
zv}<`V3#EY^kG3>}ujkPCsE=#f?{4F|QiR4{MH~wH{ICCaj2#@rLx{t^$*Vt5t=MrW
zJ)6ra`26T2SP>$2LX#fHP>#VVck@cS*Y=xh?zq$l|F%_+1`%p<U_WcpV%=CAXB;*X
ziJmMc+0?NIq>}UOTVGHY6PT~A@^XHU#NLLf2PhrbWN@%r@L47hBes79wk)Jg*z49Z
z&1>s^zeML_QbtY*Qt`zfgVztm5aA^Fi?xe8On>tZMUVeZSm!alWQ(|FgL%KOJU^<?
zWaPF_?sIJT^=<9)$lxwG^9J1njWk9)uHF<AJPUgc^7jXEez}07o~?3Sf7B2L(Kn~R
zUe^Z+doimxM3qJVyv+X=338vjsP7<u!zjwcFD*944q7*MxU7ZuL;obGA4f_7`T=j-
z0jU%K#{Op>w?J;`Pf+)xg`z0M^g60dl3h}GKjKe@S}F2{$w{@R3Ig==Dn$bnBrKEx
zSckLVdOFx=UOx^_+brD<5)*5F#f}PY@<-0EUM{wbGy4w?%T~<d58<M+yhMRw!V{GU
ze>mE^ULDLDXAQH02Le=b4;^?`_y*(J*${!$Iqmc8#h^_eATMnHR|ssZU+`SnMDVB$
z8ERenzQ2%6NgQyiFl~uRL{Z#;1qCT?nippq*Zs5(L!Ar>3Nr2iR2qZ)pxCbO3kAtg
z;hd9N{q@mO$q*CZ-?=xWbS1PkfC=ci%<py6CIPcU|F;M^A2&q4cv8aE`Dp6XgPg1o
z^dr@k7?aR>(`}{ec})Zk&Td}~s3eD1q)Wk3b9w6lv$A_o>Ep<cpaSPI-@@HAUl#rC
zqkm04{TOL%!wou|${sco$LOBjVo!25*R3zeVb}C<5j>D7ttI7&<m^E4!jSfQVpakG
z7Z%E+F{KOC@$W`V_=2|W{PK77+p1!%^o5`V3&SzL8gxLXsL&ap@<<W6A%CHc=zD~K
z=PVVKZt*a|jfW~&mFjW3G!+nuc$Btm4Gh#x<Qi*kyz<F4%3iChh~0NX$F@X3JZ<m^
z0;|>n(rf?Fj;v=;f*ugHcO8(M$sLuZzW|(S$-di;_jdF!18SkM*h%Z+CxHU-r0+VG
ze7Muky5e#u8<IEDF@bcI{zJM?Z<%peHxO&lZ=-3OO22!aPbA}kA~(WtyRdSB5d4M+
znD~DvH75vO7a9x{o&X4M+a~k>kq?|vLg>ECr{KZX`htl-0{IIQz1g~5NXvDQ_y9?X
zs_g8%Q8FWC>EeFs9GpI0j*+O};vdKh=wSMys&U#`ADaden{0*|>@gv(K@N0dj15ye
z=(tG#+7m<JkT4Trq%qg}9KVt2G%O~ent!bfV5?fN9TBHbs@blC(J1WyH8Q}N>2wJ4
zTbEv0AKzYZ66BfZ&xe4N&_8ztwifP-s}pC7@I)sRGmn@5mKZ9F&x3tb-XLnBCW?l)
ztU><n{h0-Ppt^&H6Ku##I(QZ&{@WYiNgU{&k=*2PAF+app&=oUB%NbG`rLWU`KAzF
zzmVM(9wITqBep-V`NWX51@WeAs)hYDZEvKWD!UexHQfWcu6@?sGg4>`l0v;~t0>?N
zOglAIle`ksc6-kaiCa*>uh1DAmalIWOq4I3VLhq3yDWHF^+y6_@*+n&tZIa|$ZOmE
zhidk+$KJ6$ASVPoz)mrjm*hcZNkvA$z=?Kg95hgJ+=yDSmQMmH{<n6^QX0CFvbgy&
z0Qtg;_q>6`tp1|I9ycgh>P~%n48+3;MEy#&3zI$91;B+2yr&?H%H$Pw4xBw-s&tBp
zv4PQL;OQX2>mzm{$K3x(RXzP1Rh41*2UT^x?rMoNI%Kl#qvMm-SywxJpE>q82Om^@
z-2y7II$c<C5^)nlvN$yVqKo)=Q{UmzvG&nVnNNew&SiK=RmntS6j$qYR*Xi3`KAgZ
z_459*Ol?HE!Nn0zv4T7({4{|pQtf>LMf`JkQ2Y^;ZdIJfTi>i2Cg&|PiSO&aa1PwO
z=6p%}#5c`p<1)tT{ASj3yK2_WVfzyg>v(oTi51ZL`H$-_HGx2Htz^!<i$VXw?+AjN
zw3|ou218=6E>7_8<{nRr=gq7?@;sqj>!4cYkA$FkLA*sZz7oDsdGSiwasT>){N@pl
zWvr5e_;KJ>gRohoi813>(8yKJ?tz%xE3m8LJC4++%hN?RHe|YjU7d3x9LT0sg<%ml
zD)a6=ky<D^d~)vsDe+ODpC99?coY+F<kVLJ6O{D<;_cl?okam(`W5gRuzb%SA&0zR
zioXI;ql%<_x87oY?-GbYfX0Fe&J}G39)Z%%X1a%u9C@CCpNX8WWF|g6TrNGaEbH`n
zq}dLC2i$Q@pVM5;hvYD3Q2s?EC?Pz=Kp;s_LXP@nc7H<9#TE8!R_&}yQKARyIPqMh
zElzNYgWA~O(Di<)_)(BWDS>fnj>>#O<z%k#BliiA1#vqu^Oh$Q&vtfc0`D36BJOb%
zu@MXEWTQ>?*9W&^Lc^)zLk@(x(rXnee<aISr}kNQmUc=kUZlh9_WCrw69`KU2T3V|
zHA9akdRbSsRGY+gIWa&N8g(J-+6=<nUR|_c7Swm|b%@nEJ7i*bT}q_dL}rGjzt0Ti
zR?YqR_LjF0lt9YoD<3S^$)co@JCsY@GbrB}`1nW&TMOc+)GMucwJ&cjak!s>Rcovd
zW+EZscw{Ug8*1JCdKpwjs`@<~P*tZ3=aufrQi|*}9;XYUmKS`g4=mkdJ$>x)fvU?m
z)y-<ku+0_n``hnzd=6%A1p~+aUI$Mrgezw%Hv4wM7t?FE#6!vX_2dQD#4luB%%GmQ
zjP6y*HCg}zH7bjTa1FwyX~eePv)w}*-dXl+<)K;8#J;t~?ng`3WCxe1%ud)^k1>hw
zy*zfY-Mr6rVezx3i?Nk*yc-~f+JeBu?>VsGgHvcK0$3}5)Lj9a^0nMgpN1UVX+~Bz
z4nIvwB#EdVW5Srs$G+u!{ZMeMV4^aLvfd$c{wRJ;b0HP>%iO1g;?s=8$ITiMnDX`N
zNcqfGzlo>WMD38PODfWMGF~U;iTx6)QDv)cU#;o7k!QJ*GPc&M0DsiNk~ue|$`Dy!
zSm`(@55?=;=nXfLlR(-*ds`q7a(vX+e_}oqGqPgKdr5D2|4dzTbi~`rT5@pE(~b;v
z*3pLy$|L+0lfKBVSdQgLKgDT3T%x*Ooibwsl%|#z-KQ<d|AscB6ApIzr|vtH!d~^N
z*DY`=C-GjrB{AWT=T{c}9mP9!N18NGK{dgwV>d(w5sE40k5B`a-Cr?R33CmfpP1i#
zhnKT3xIaigmF?9)W1KUaf?E_Wt%IUHR%|X#5~j#>9ZiaW`N;I0we0Y(26lyyQ)FbH
zB}Z<MDMwDi2dVu6<~>4ZkY)b{GyaNJaN1jXWI#L3AyCD;e}LLSdzXM7a0^*DAX%b;
zu;r%y9!V<MkjPP3b@@?0yFWu!iMChdS9X89{CDnemhC0iJP4`^T1M{1=l<G`O^6!u
z?THxJ4)e0t(AZCZDWkALy^MOAuR}_1^SsO=_uKslE~Je(syoL8t}^GA=w9VSKxbY)
zsP=lrI^W8uDmr^P6fB<6RU9WLAo!JkCwiIdm~4&%It=6xRAZKh^8!g4dfa-?H_QLW
zyY}#o_i|!luC$8C@|Qgq=0-+sAr_Z|xa@%(FCNS4I96c1DV@T2VTaso+nxKk-pD6#
zC3l*(`~X(~p(vTws-0mtB>%$rNG&<OoIz1n<ZQdq=+C)#@pRU3*xQpw5LV+Kuth0(
z(y%IqRK)j?y82WKIt>nf(&}ZI*aUn0&}=O~H_=eJ;4M$T&mFN!9@?zEs=g-!HngmX
zgVFL+m$}~#W~k-@l}+-$d>>Mzbk4J@@q2jA6Ayc&(WvT=>$q>!g%3~U$ADXCgd{v6
z-ZUc6$PeN2+X0wm-NBN{y4+{RVpFV92vwq%%eeaZ;-vgPI%M1wsW|i24s)Gt9!=a;
z7q=UYG3&3yIeIf2l9uY(>m204S0#7+Ts1Pli8(p)LkdIaj2P+cE2I+_$v<aU08xC0
zR$|w*C!%3nB<EIjTi#TjAppCRdD)?Kd+m04*G?UIa&)w6sgXczC5)NITlS9YM0i}!
zqC?JoeA^jk#3@$sqY_#r)$p&v1BS}$_fM2r-}^}eV~+=HQO8|iG_si*c#Vn|2V33@
ztBA`Z=;NiCn6!P_&*(+&S{0*tEGE$>_DOc@SPD~|Z{H7tYZ`xw%78TSHKzm8YovHA
zs)nkPq0<31)m0`8;4LcC*AdLZhfjnbiXRQKI@VTq^=v4*_22!Ztloz~>FsnLI-4go
z^5(FWK4;@h?5c$BYv0-%nmq9@^s6-|s1>@5!?NGCB#upzP7LnU{jm#?K#}V{BCs>r
zw+mkyK6y!{pK64zZ<N^sD)m1_Z=Bo4v`&9>DlmH`F?Mo~KftNL{xzMdI5n>s{_qfM
z@=nxX=T^-Q4$B_Xa2FDi18f-qbVBNV+sUT|&)0{$W*`CF1IK984A=n!?P!=+9Q~Ul
zp9I83L`uQ5m=iA+b-iiR2GU~nytS<wp1bR7l4VBn!QqpRvs7BY)J-ggXjZ5P>*C&*
z#&B%UWWLOWIrQ0A6v+H@^Z=mi0b4)(aJnN{^0SeG#9j9KbvwnQ7tfGgMkpOx$Vy}8
z_+%d}JRu!JtD_Q^P>#nMk)BO6a9K-0j||9eQ0)*JpNN`cR3HF|h6*r*Gz2+nlz!c4
zjo7<ePA6zBPV)C?BhW4I58K{+-`;#`!Z@&c@)QxM<$#I_ZruS?R7l1oYe&@1x@5R}
z`W4rr?Rwd-IYtpQ1PqYuhf+vUG|c<xzkBTqf4-LuUKTgl@}O+bgJ1d`G?HtxE&ncx
z<b^kAn8ILsjRcn)w`hp(T^V>=&FOJ@;18)4OTrs+06Ys%4cwmWEP>QBhwp9aR_rkC
z{d8yh@4s8XpX;Sc?B3+p7<FoKiVFX-!5g7=gMHvHB!LEo`i+oAmtBqtsvkL<wg`22
z+<+)88LP!R+v^gdg0oY)wU_dsxY`3m!@)Er8Xk(<TerW|%&P88#SBJ~Wt$4@p9U`I
z@kafEKps4N{qmVyb<pM3x)E|zswW)x#HGAywd#YMxLFsiUEYO0<u`}1ZuAV1&fZQ<
zDg$VnLTac6f|3#?lvusL8(w}{KeYJy?>J}*q#9wqM&H#yODs8DMPD`|RWSS=N*M}4
zkx@OKJ%lWxA#(F$Fx|qvxaRRAxe>3NkjQK~>zw;FE+SEK0|oAH4fn@liprnfvK<N<
zEhjGld0apD<4!4ZC!3~QmP$*w(wfsCfsZx41kI6)1G|5t>?6Q6%HqX<-Ik$RSjnV!
zKg%BM$L%0)R!PfMbG|k(ZaitOh?H=)yPMp&z3(C4MDxC$Aa6o{xX%FKI0Ua(zij~9
z(~671&lYQoD6k;qrSFRXgls$uPD&`vl%rFk<~9hYy(M-@{p%f1JX~^)I9fbBN`5*%
zahIukJnj?55h$si@-?)jnxG+PcGgC%)4`tHF3OM{DA0#Lr(gQ8LFNp!amY*DHz@B)
zEJ_alqN-9y_kx!;3K~cD5xD;lL23X}p4crq(1zGI<+8cX+n=eIWk%$^qDoK4H-GD$
zT~+KIbgX_+tT<)IMg*pu5{Y;Ukl&)*H$tZlUu(&?$`MVo0+aLkv<bAILILo3g(MJR
z+>QU(NrzQ23$cJQc5rrsd^-DRx)Qj@5-RZ?ly^`V^$NXu_$9LsaQH~bAwZX~=XOCY
z#>QKj2y5q2QOY#7uk5;<w5*)^W;A|!MA?3Na&+!u`L*uFSt)tZ%HebJFO}_nu9Z%~
zaff`(!mIcr{HQ0?yrlyGozVUOf_@dCf~zG!O8V4k-J*G4HdRrI!5Vkfav}AsMS^mK
z&hIb|Tn;BN|Ee2BZ+Vfx8ed?(Bf675Ke?``!<C7yRC7NgvI}iQJ)!6CLtK3B;TnPy
zE3X_O-<d}&m-0;~Z`+zZG%P8hT1^+N@R3#o=<HgjJi%5-e!gv|B0DQU6tR~>@R|6H
zA}bt}Yaoshva9B>cCKILN~CD6+PO<+><Qo)*C6DgDG5(R30w3>teT@TuwsreOFQte
z!xEkp1Jm%AvZ|pL`mf|#&mv;L&QD4g<wO_|7(kwsSTqJ!Wb)%GVIeXsmRPr7HRhRl
zBr`LpEaKd!Y|wsMLYJ0{tG*~OiWD~@R!UIl8z+C*ts5D0rJ9I^yr~E}(9{=)k8<H)
zm*oqh2S12EP@n|AaJ76iIx}ZG*#|2}7=m9ib7MT}@)8G1a0?n~Jv*q9HG-fJLgadB
zd_C%V6i#iZ;z0U(*Dcz4)RZdv4lr?<R}|Jq>%$rG_A2V?@dqbA!hUzwMB-KP?9?1=
zSMSt;#un~~r>*7tyYtPlF)?xX67^Sl<L^Ft!+p@rUb;Nj=p`C(uT;N_z!0=`+y`4)
zm_UoT%D8ezUE4+VwuZ2bL%UPF*4cD1=|mG8v<`=aUOf@(-O~UYG4C5!*AFeYDtO*5
z)F?5#6nr89A9DX{)CVl`twDn06OwYeSDq*0f=xD>TcPl!{<Mj{`$uz6#wuvgsjCAA
z>1CEadGdrejhc=NoKRT$;Kk>PPs&^m!I^LEwCfqQwXWdwh3#P|MKQ4EKR!XaSj5{@
zXOxNwme6-w1)YU=2&jxq_Xin{%o*R~2SjV()QAU6A!9}L{CpC7m*KZsRN!r6b&1jD
zyd-o)8jF)U<amtVUD}zZa$BkOCAISRtAIj-hD+SWvbyn*M))YFPz!aIoda&c6pjhj
z6&R?IJ*L2#(JXk06KnZEBYin7?v{r?pEZ`R<;mXB`!p2QpM*gT+T+xT52E)yM#S=T
zl5fe*uHj@c_c&R8SO_>CcQ8{qf*TrQLDAQXA1RoJWvo<_<FHd(PL>M%#A;{s@p)F>
zXjV+uS_qlq&dR?@?Q?pc=U%@U=uq#{=dFwhmb)Vwa=X}|$9i<M(+l}d)h}QAwj*|M
zVNn(fIBa~O%GK31O3m6wH5N*d0hiR(9GgRkb~4%I=e`-ts>t8Luo$J2!?{OSswovP
zWJw~3W7$(vQ@OMI@(bV`UlZgTo4(MKmN=s~48!_hN_!I_XO5*@Tfgp=8?XP&qXUnX
zdlARFPs+;5s>Ev|_;`6+K1fuWuty2qS_D)fa0-99Qjl)I%Vz(wxv^2bRW>;!3@qin
zd$u8S8znpS*KXh}haua^f;m;?3HTYYOT#LZIjUTZ6O}eA<@J~57KnF(Zv(@{Qt=QU
zP9DvX2-CskkU0Se<&+ooxf`4^b}Gt?BG<(s4p$@P`#_sruMI;Bby|IIGuQmgYOjBW
z&~YD3)Z0)RQV>LxgaYS|DC5#0p<bi-z=gFTVv{Ba-*C?!gLp#LyHyAt{Ec5B$<4)&
zZz#`qF$k|PH57pXCAuqQ`<?&^bc*OfC1oK$8aL2^f73<yg4vgRL#sC!qf_v_SBDBE
zXuW~-&nx5IP=eeN(1$1m^t*<Gigo+PcB5P7Cg-W;qqGPe5PviZUVcA>8>T#i)?@M2
zu3f47nYAN%o=%y%tDWJC7x;tIV~=lrp-bOsfUYz?PCPP9G?%P<q|?fm{)T5@W?K&7
z73qPQ?G^H4axjaI>I^ax$GcX(5DGi^YehW^a;Ad>Ei`IV6^fT_5}hsYUHg#?H1nUt
z)k8bsB7qb8a~w#)BsKXB<g>(ccf3#>rrcmjb{lbGkSyJV08pF0^bb+Y1^ItC#bnXL
z{{KyOz@7h7RC9Jn5Jyi|=*_}{S>Ugk8L`kjb^vlKmAwU_Y@QSZtIK}x-5;U>aB6rd
zqR)LME``JW>E&VFEtI%c2sZJ|m26r{%0f4LUv5s0%@q>_X=;gK_X@T{&STwjMx{M4
z6{&@c2&9lS?sm|#e74X_Ao&)ajae@$&-xJ;&#@yByUcLQgFADXqNu$5B)7Qt9*5CS
zd_^_Z{KTXe-U%a8;7%f0T3b$S(BrMb6gL`l<<>@QxH(?jo^_~vetynWxrl3AQ(8Jq
z>+4}JU&j4@S8L0|x)F)c2qjy`YZ;;f%Y<pHpT3FVcuk-zT7iH)cL?u@<hOtE8N;Vv
zT)b8$bWDN8Kxppb4t9)`lk=#{w#_oFp0x`&Is_R^oA}#SGQiU&&2x>Cw2+pUM@VBu
z%msO83hevopAEW;)wIQ*d)#uVR(X;csbj8qyS1;@uO#ui66lS%-vSf!@g%;>?S3n~
zdApsQOX`7y;R~-~48Z+Cvn4GJGk8Sz#1Oy4ccT@ahgSbAk0FSeuaH!H63!E-{9UIN
zoC~XGQ<N{s97HbY2F`n~8tSImNCsEqttLVP)uSO;6%S?&?4lS&Bc5vt?@jnczKX53
z-`ZDSWJ0rfY&)9jN!ABMXyToxuCQ?oQjHT8`P(xEGK?EC%uaf_$P$WO(}c$Da$#GN
z@x1bG#Qg6I@zx_y)2dWPeCrb58ksh3X@b7eqU4Khx1Xgk!zvBh%JpuwS3EAK?`EIe
z(x9!I%-*DcZTk_jKZ5JYU8?t?V1sRiHv#JjQ5M?y+*(@z3H^4CkV~cOh2aj)MqL<M
zZLi43Oh+R968oVDJvO|;d-MS<XF*!ooOz*K<*#Z{&;DBlj31|h?|o91c72Wc>4IZo
zhh7?ay5u`;UhalUZP5hU_zUxvob+_7%U0f@x&YNn+TkMRG^d>KQf7+-yj*Xg{-#xW
zP?M(sOUtfQz5SFyqlPiuDedE|!dI_NRimUAHa-VjLeV6~mRx<wmt9eOX}iEk3yCPX
zACFJL&?(T0IBx-y&hSD{+|Ff1kkQsmeH){2jxQH$EV-bY2zfJG|MooB;&#RrQ|P<Z
zpAXK26-S#`L|<dHlxT4@tLROj&Auo=rB%7wvUFFCi8$YGe^pNXsqX7`gvq%0?p{y@
z^L7vhMpZIx?)%mv;6Bn}_-`3c3sLul-h5?w#;Y|y6Z}-^7W%suugz&fW)XF`tr5ME
zr3+A-&SX#mRA2$x`VO+}Ldm5x4x7(2ysuY7K)zIh&1|Uo`k>7*W=GQLTr@0kRPDfT
zsa#;}9;@z-TO-H&@x0qTpRe@08K%z#HP3==MUq`jji;F|r-ofS)_8@ae?&rV=fETy
z1Q5vHoieRzsVHCwwx@;P8-exe5Np$yMnJ3ANe{hegY)S{MFb!H6i$Cu>L)`g>#xqB
zQu6rCf>;NclY@j+)P~o_(+RLN;U?ozbI2*1e)dlvKu7Qy_YMfo%XT6}EK9-l-7wtU
zvN=@=)XKbIl<{h24O=57E4Z}*MEXhHKH&dZNcj3Q4Cqyy_w0iFWZX<I)TAYFdR58Z
zFA)ZrCmeSl$1QKSPrgjj7iFs73i{PuWJ>6NR-3&aBN4B2)cXLEDa=OG;K?b=@lBqN
zttr2tAPOJ9_Oj?|o3ymLzvp$l)#dDSj$5{*?YFmgSdqCnwG>@ZF6X&Y)$wcUwDBXG
zO6KhRJ%qKLR;x{)(>`OP1{#O3zS^I1)Tbp&_X&q_E#X*U#I9UnukImTgQxwQ>O2(f
z-MPjA6$S(n7o`$*gTbm-g-`Udf2=P@{F+Sj#bQIi(7=sR&q^$tpxaCTT1=11f)`ec
z@>FH2=;*vUF(T@?BliB%lKTo(EQ2wF+{>MU>Jw_7f-AwO-r&1C>^+t&b{L$u{s_+k
z9<*^=uBA_AFcJoYTV+(FVF(Cw(@3g@ZS=292bE9nH_)5(5*|sBsGkp>-F3g5$`!t^
z7Znu0YI7{;4028+Wp<k(?0wfYRx<&ziptE|p!Xop2lsk1z-EzundGGhNz?BDG)~s(
zDX&3K{)IccX6a{zPrj?Q(dr@1lqfV*qa>6KZxP-29s9?sBUKB;WE3n;hkdQ;jXL++
z9U*C2*k}+(&?|~lU4`W{aoP1%dBMGOpG)ep^&UTtrA1uTy6VEpRpHf|Iq5Uav)6dw
zEQ|!d0%!hF&DkDFH_n2~!~&NNo?OV;pYbB$l+*QrV3kc4ryQle{^qoM)pGBrwZ42X
zorAc8c;ngV(~=`!D*VN4zNn5yTTFT(w?D`5^xA$Q&U2RkQNEnMJqROWMB}zRUz_&U
z&z}{jA9ZlnD={&1Y@~@I?8jzYS#Jq2W5W8WuC1GOc>F=(7tS9c;3m~VQkNwxh0}l%
zU$48KS<3yL59CEp3WAySRZmVG?{QGG+ab(S?O<&6^UB#pZznU^B>(X?ArlcFEGLER
z?0oFgY>jamZ1q7yuqe?>Pr<<gl`_z83A&Na1Kl_Apn4EQZWy;$*Ipm|{dY6+zPHKf
zHB23A<@j?lpZ;jd#$dwH%5((fM<OJaW2JueJo(bOr{Yn9+}6Lc+`ro|49V|LlxXB}
z-tBkeQSY+o>`ic3dSf+xP;l8i+9m)CxUZ;$(vA*_&K@>C(}PXqqqK7<vVwwZ<)=0_
z_{CY33-O8$imV{<#)l<xHU;{2WBXj2e3kY<8*mjL7H<SZ1_j#tbY#xD<s+d!2`yE2
zms=Ss`EdXV0S`A@ZzRsj?q1J!iZ^KS@AW_+A+c(j7gTne;k;ePx}9Yi=&EySv_kIX
zzVW#-G-unTcdRIt&SA33p_gE~iZ|~i>=6y|T1H2nEo{j6EXJ_T?UId0Sd~vnVL(t6
z`jQ5W7}TjTxKfrzfs!80gz{m>4rnNRJhw2J^gB3RHf7mNNX{>b*&c;8jx%D_$Q*F#
z*TVLm5C?VkUQGrBuwe+;)h<<J)VWRDtVmrH+qq1={=I_ib3AlOaqb6ntcC$`$gP4@
zB9av8&o(+2hXCp))5b=-I_-r>5sx2&a}svS<hQPEAQTPbG@WzSr>D!>qfC(>rq6U&
zd@03bfBEt{BpnbXcP59N^p5MS>C5luIBxOwB)i_{*)v{SDI^!5oF3sJ7!N53a8_tb
zAF=o>bq<eNO%fijJl3JUw80ayg{ubW_+RF02!4h=w;8rPw;#)u$8ncJvwoY0ot4e3
zn>{0c&o6RbH}PE6Yn189ec$)3S|B|I)d8I!Ad>$}W1HvLK;sSM``tZ~qpitNQht{v
z<Bekenu_LZHD!>35;tv!Jw0ojE&x3W0hX44q;cI1axXQ3Gm87De;AwNXCAtsQW2Z)
zJL)?Id#C<9(@6)CtJARS)3e<2Tw#T#(UM=2le7Fsfh6A3Fz1bJB};U8Cc^RKA50JI
zC9&GFsYz=*O{_!9q!fs~vH56GcaN?&j&$1vm1oWy$FgEaYAU75t5+IW%j?R_CUTZ6
z4iS@c>c_1fSEMJ{>(Q(9w5V@SP7;xlK|k~VX`Eb>Z@*(`F2YM!cw<{~e(dbMuwDbm
zOZZ3&<5(xIoH9!<UxcmQE{o-Lk_<NYX^Bx*IFd;z4V9rG2h9R?oTYCkY~8oh6ZfL+
zYHPQqTwl_exvgj&u4#g&{5AZCj1A+_D*dZOa<JSNeM(FWLpL(@gLv~uRNhfYrmyP5
z!a-8fv1^;;nw_~?&T>d~<-xPC$p_){Uu$t!-D5foKgLWl&*){+^hPAxN+(Ddw@5Og
z6}Gr)3`iYL8Rp5<4oe{J2!92kF0c>?LJ2}1#ZtD=-j0reb$`oQ+tsyr?8v57S$e<`
zQamh(cis-9mBqB2*}PDX*#xHz<>cbd4!fF~9NLtFyLy*0j@Du=Etfdb@|0sULAv&@
z!N{^BFrX!<^rxRYOnA@Lq5`^*;^Fdi<6>V%VqIFk#mPbt`E2cE){qnf!e+^lvcJn`
zLaiTu1$G<j)&oC_gLl?(EhPfZrg|nTEG<vSdFyPqEOHFs+<DLqMWZe9q<1zL9RU0?
z)8+1&UdfdmAvVf}(3cqs2qntDY9Ce?$w`BH+aI}tu+6S|r@W)*UCvG5LL|6#`mHzY
zU#zY^%Z=F|4KH_?YMfoHq!m_w-wT_OHCTOA1>w8n8ksARhjFT|8L{qxuH7_;OYsm?
zLL5v~uGmkxRokiChTF&?-@VXQ8<;0S0?*X*w6(R3b6k!Fmr8@Ny`FKuzN8YBycGAq
zdu5|q>dRU2AiDE&qnCcJvaVMbon+oCA~l4MF9jneCx;d<<$9CbdZmZ&tUT_Z8pfNO
znVBi><u(2J?U|yQRcl3G5#WF_WGMb15lVheOswPS`)EOrx37LCy^z|-`2JmbBUiIt
zLnRnD%YMdjWlg404!f!3R+<usM@TXOYtyotmX;9t+APO|M5!_~HL=W(sYp#RrOnxB
zns;S>Eh7>+YB*jcgrx%U3*ZUb-UWK{%eX?HF8H$_Z;mhEMZCU)T38CJ5`}JOn^!qh
z7THtquw9iPW_p+_YLdR|DMs?@B5DRwvga0UCF+$97A<0eUto*t$BwzCq2KC@zt9#i
zh$a(%K_ci@6U_@QF^CM0b(GFqPH>S83s0*uTK$<ckz1{%5M{?)v-{k<bBo=;!v1u3
zK5bo&qCtgdPLkJeRU@a!9#5b~rpGnhpM8TB&vxw#4%MMlxtudrltS3mo4;a>RNJft
z%@JQG#N3qZJfw2+D^_%FhFed!p;F?r=JNKzt|v$oR4f(#tQbsC9d8>sfA}h<f^eeQ
zmFv!(JCXrz-JeqY2pB^(r>@?bWJ@5m#axsezPK)_k^X62E{0b3i9iA7S>6(0CC5qr
zj844#R&JYV{d1(P$91AV-kM~|Z#(PBt-DAtpZn^g?Ro^IL{|L2@q)_d-|+%!FcOhk
z8xe98<h!i+N~Vm%kvL;q3PsT30<Mu28S#d5Y5OQg_i%k3k@oJymtU&+>ULe9&Gef-
zqDiJOP0>eAe8hD-LCRy;Qcc7})i2dW)u7kPTFR`0Wd@qq$t!Yv!Y@#Ygs2YN)+1!!
zdC$_!zYUHW{`Ks5`?ipX5HPx4;vQpJ=1|GAUZk7X3V8%vXPzk$+;c-7Yf_~9$Wk<4
zt-j-%_9W@!lxtRcRI7@L5$bqg)LhD9wVcD0`gV1Y4|-v~kxydz&vMrdE4-Rv1WfUc
zc7asLZE4IR2Tcgu^BxSQoTsIf+V9Y?`B2~eDP@KPt^8@uOrG}=4Y@i)&$nKQ>E*#m
zp&_|a?8E99a3A}KpjR5W(B{5D^?;+XnnM5aG<?3v=E#0I<9-MHYBoKbDl~8S>b^Fc
zk|9jr-eDa|Tc6+dVm{s0O-5iaY6pEKvnW_(40)}T4UOK^-3v^oPZ?dS<@SD0KT{hj
zd7b_fzW6l#HsJ|ex$gJ#uO)ioc-^kXRAoe+ii%-IrZ8{!>7$Sfi+CltGfO&x#+6%b
zaM;a~&qN}Z?v>S(h0czek6#aZ&kUu#{%C`@7-E9X0)Y&XftlXS_;q4Rg4xUiRp5j^
z&>Dl2*2Ks(rnJR!-}gO<Kr8%6tmOd(eicF?8G2vM3B^71Uc&Dk7@vxygfI6bwQU2C
z^q)8_w>NgW4Bw4{zYV<wMTU5AzqWm+oSB7>24BM0DjwA5jZ=GdQf?PH68nCzmS4{I
z_7co%3?I%mWhbU{i#{X!{T5tOwe>N{GMSHm{_>dzwNnC4jUmP*g;eL{mD6fzJxTC^
z|450X*!fyQ)}#6zL0gxG!SI%n0>wr|m#0Jma76(eY(%l<D$mxq7w*~8GM96d!wJuA
z$hY8!0u>CsL%tsysf9LEsTz>b;N}bs{oM=a0w)|=>$?4wpmcM=5x223+q)2x1U%#@
zr0D-OIi8TP7THlJJ%g3KUMg-Dp$A&;h;@OXY{6W~Bx>eC-$#uSdLh?M{WH`?k*w}A
zPd66JZ4+=jzZwA)f!nV5f&iyefM-fHOjAAM1o!%0)C)GlaXv^a0=fN(H3Y~>t5>Vq
zy@M>vG%Qkc{XsiPxy9FNP-9}F1l_*{&dq{Yc|zJj&WGYbVEn4H*35*qpp#xp#iuu@
z-rZ+h1?T4#f^J*cqT5dIh5JO?<6fWzbAbdm<V%=lj|S(j3E`1KAGu(hQD##2KHQZ;
z1ffs{&06!OTJd_@Rxhfy?#uNt!N9M($wy8MT6I<nz5uY<w~Pt8?CqnpUnLt`b&crK
zoJx_u1>GbN2sS$yFKlm7Fp!8Z(J=xY9uSE5J3B2(92}FKcJO?I1oOh<ApF?_qptEc
zL91Se^gFQr9Z`SBUp1x)I5Z?zVM}mOdeqsY`#H#x%zjH}oVNd}Ajs{Fy{!FlFN!AK
z=+^4Q4hgD9%#DJjf?8#Gm4%4E+u?oP<&I40q27CLI6fqivV#n|%WmdF%|T2?OHI!`
z)Cx};L;-0~kY)$#&KP;kR9z~~b_iqlXH4uI6a1oKQpal$^0hdOyY2)3ug`>UyfjH+
zqQyz`y7z&zFTvf4?Wj4FT~w&*ad1ciWqc4wFd5tKxu%VRyXnPU&6<m6-+#&Kma0UH
zqum`JKgd_6$cOa_emyJDHSBtC+mkN2@)H7q2<^jv`PS8zNq;2yj>FT_<lf{jl*dv!
z-FC|y=Y~8*S)CK*1%b*BFG*PK>ug~)(pVe0U5xdPZp*S8UoD{!NCzr790{`MADDlc
z93HxqQ@+;f9qLSG-rsfckjgS9gYZiD2av4xJv>IP`%dX+cc#zF0tF<!!OJOV<YYaZ
zot^u5H*yD`c7a?@x!L$Hz(%Q>0|%ZW5>S*)%jd8i2kys-HcZIk1ZGJs+W-n@3Q5A)
zd%1P{$dJv!bHD_+vzZ$rgL+~(yFyEXhljR5^4KgJ`3%g=JO$TGJ*U;w)SRV`Qe!jv
z`3>Bjl!1Elqi?%<k{-4D1aBp5%K;3yl7o@5>2-uqiIzN92G_b_k@A*kCQ3=%n{}9V
z-L_ZARkE7@M7S=~$R|48-*2@XZ3r%eTD>S%fHe`;X`LB%nE0C6wtT@+5e@u2Ox;>O
z37q%<E|*hy$t{3vs;VC3lOo={w}TCw$F)aa`qYY%5eLD*WB5HIG1F~MLn|JK1<H>m
z9?LP><=DRVCP~V|mv7Nq83WQyu%^qD6*$YgyD+myVn{Kz?X!rr3Lx#(UN;YfD5swz
zFeKQw;w$>!=aL*A<txY>)(dHjNzGI85cf&OEtH$?Q>s#AKmyqc-DWv<SaN#{3%JCU
z*7ml0mc{KfIwjICt|(wJ!Kdg=nSn>Z)gA6zW=Ty7`Tj_;dYf*b+3(h(0#Tu47C4>m
z=Fjk={oPQMHoM-ee8$mw#*9l4Uu@x7YO~U7=?<G5iBh>!w_IZ~oDF6Ez%*+1DR|g6
zMdLe%BKPgaX@XqwbbL#cU(?TS9^}Cg#seiNnd*KMnZ4|1Cz#Rr;Ob83;}ei46W;Bn
z8zIe@I*AF@aJ=uY=z(vV((H}pet9$+uYZX#wgv7KRe$I$8I)>?^0C4m`{sERT|lXR
zPXz)pj>x}X@*HG1ZvG|o0Awa^{`C!<<q0>(L=ND1oEvj&$hb4J$Z+!|qyzWH{HFY2
zekaq-H9-k|m!rz>ujSAXzdlR=<+q@xmM_SbuMgNg@bQ43DvFJ7gI2N#+DI+kO}Cf5
zNPF3Sf7kurW4QSe@)i|t1mT~@h<}I}f`<T#6>dK0P`F`*e~{)De_WH3K8}dJvp9J3
Pf3JllU*<p8^89}Qy!NVg

literal 0
HcmV?d00001

diff --git a/docs/source/design/maximus/images/shared_bridge_float.png b/docs/source/design/maximus/images/shared_bridge_float.png
new file mode 100644
index 0000000000000000000000000000000000000000..8c8d7be9dd93f93f14c5063124d36c7e3d201fe6
GIT binary patch
literal 55740
zcmdqJWmH^U(=7`010-mITSEl*V1Y&h!QI`0JHg!&AV7f7Sa5f1oZu3ICb(PU?k){?
zljnWEbIv`#@1L77GTQdCTD7WX&8kJ1l7b{Q1{nqt5)!tw)O!^qBvjxn%J35uBqZdw
zBwmTYCuC<8Nl~QoKNQ=*hkq>I$-hHFs*J|GGk$#ZsiTy(GZGR`*W-WW9*06xB%~Q-
z>G$u{JPh^_zA*5F?`EX6b^54>OcL3yhJ3gG{K)#^t$-rKrI23J&sYJRu-DxedV18!
zo6{djp3q8sea>5F%lwOkFiH_GC6m|qpQtxH5=NMtls%w#b?r}VrGMc`Nd^Q+Z9Q{(
z_44I2FL4LSO)1HsTfxn#J1w2t^|QsM%f*Ej;f$Nf@`)173WJ5+^?JXBmZpLh)VvT3
zRz5YyzN{cw96~*(LOAqP0aY<2;d4(<56g?m3d4-gv_IfMn9NBiM5oK$<Qy^Ulj7MY
zTxHZv^NtF*2Zx7K6^tI&C+nX+eZn}LuFR>Za4<EcE<OLYb(E|D)xZ4GKUM?Xa}qm$
z=`~rZ?YuE4O+>2=GkS*yN!&V;Go<q9>x!`VH)xw$s+=$>X6!5Xe!p&|BklI%WjWl6
zDf$dIGI_&}_f6hi;oTErX5U{Z#7jrHlF4Y3%^$ogb#U_#Zko!Ta?$pS?$&puR0|tf
zU5r1#K}V)pP}d(>UbqU1E=KhW!h3Ig-`c4}`q`}GM8_BibLE>(&EJ%EVtCxGO)mVD
z#gic{HPrRKo=R7#%pgy<#HbyWjZIqrGRW8<PBY^gT`1sM<2DdTPpbyix6cfsD~0;y
zoN%!Wa0)ARJXQ95T&TTeZP3e2r4H;DL$96^qBAzEDRt0<{wrLo+Mw5TSyn(#p9-my
z==&h(sj3~D8UB8Th8ZYh`SQALeu%*&PWQvbvhEc7Mk^;@!fcQYAcTd?D(Z{fzz7Eq
zrwM#--wC@*TwVBZrK+(^Q@K@DuYjWhYIIaov9+Xxgn;cazuO)xpoiB_iUklO`Fom}
z)>@~Yb9dW`;(PCq8j^fvEkf<xjqirx8NF|*YHYr=-q|S1lj8sTaNm3BNxm25@FSer
zW^B5>*5yXfstR<)ZpW}QvRIX&2wpy1PB~u)-D`ZO231m}Eu@)a$5rZ3Rf7rU9<{Gl
zgv4|bm-LUWAv5w;i#>@qO#|ta!SRk3qge*@9(#@^Z1#WfyEZxb&Dc_9f1Ezi!)&BF
zfD+S#fwSw1xH;Fa*l;g{B!8x5n3V4l&~Wr?a2n{NR_ka_ACsnEQtIGNa^hnB=_rq?
zxxA=f03BAd74V^bx=zT*n;+)qxjn`$c~UNh+SavL`8HN*b<M3IKL}r^BI~Wf+a;k{
zbi&j(2X8h%8&tsEu*!arm3!9*&FN$F6>U(K!M9e_QY_6T6A1MmHSRWfIF#6zf975<
zTNjd4c=G36+zTd}ADYj=-ZC`gn*~AsH#eLHrP|R3cE*Of46>xkp8d=)@1@Tf#qGzj
ztCWWoFJa=|cRS-(+7T{!6-K)2R(n%~5)vhH;iWPjy{iuC%J2-uX7dP$vhSyQkD!h&
zHct<yv8PV6pU^K#>)X#Ve44E}<^-}&;>6ps)H=Gn6~+}`uNR;*33y%9uqAJl>Xu$5
z;rfd%zfwPnlc^I<+=?@M6|$A^B|P4s@4~_4%?QK5`?OMc|0<qeFE+yrZz!RFlet`5
zo%Qjg_ZfMV0PCE<D~K6`x_?&)Bd^}={87w6+eKWDoIRwwPCX1q58}VSd0rA5n_HMb
zs~t0hvH0esk&Sif+!;|W+^}FG*LSgrmsZ6<*vgTgkX&d~qN#pldQ#82y=060oHi;h
zx9|l7m>AC=W7L9?wud=Inz;;FmwwTixsP%wp*Xvm+X&@-N4wk*My+cp;8czthLoY7
z@3O_KXmRf|FvYJKymQ%Oh_{_T#~@Pf%O7uR%DG{h`ONs*8L_eMPW_`zJ}xt=^~{D?
z{Echenn4G8`L($VTK@RM$BF&EU!H|<yweB@0WK-j`se@0A^cw!P7F1X;_pxTIh+OQ
z7$J3I_=L@Sl3l7hxI_=W&_?ZSEE@*t1%`gZ4yv0y#T->Vb^p^Ye;FRj1o|$WVrL5&
zIIb-y=XS^WVJ!x;;wFYcC*F3LS=qid5!cU8pF|PWLe9g9>3sX)J~cEJJGq<Vn64z$
z4Lo(2nCLKdc(~Lsg0Iv;YEm%4<+ii8D3;S|`SgCPr0)}d-85H%v{uJ#8l%T<R8Fyx
zgS49CuW2j!9MezcVNT9ze7EKeQh$5jWtz#<&Yrgp!}#<4XzgO5M!Ib=4~>qh!i9#M
zD`GQe<f`|0tiSmo{bl56_)Nq8w~D+V&R;{NYiw6hA@Z?#4$1WO1rOWU2p!aifs#H8
z9U4Ynle<BMqQ4`R<YC?)k@um2v&<h2jKRll!amXC>vp;}@-)jSK;p+yf}v2CvX7_w
zHo|AYh7#9Jeutb(vZJow8iMvuv79&msH3v!H@f^z<|e{L&AStGiFQ^%efTh2lV7{M
zaH!xEDDV#Vuj47w?zktjNA1*f8v6dm#K=g*`3)w$g!3C3rNKJ8xf;vu+nXB+2?=Ju
z^PP#<6k5+6_l?0MBG7)m7wX|soB#1jck$B_&Nu$|KDRq*I};xSj;>atcc&KHmzI_s
zV#W#->)8q!{Qji!wf@M$&@in++Rrt|4RQKrhPt^gnEGPtUn8x~IBnhwxUjmy?a`C<
z0d8Xrk%(mJr>I=YIt`9lD5o30Rj0?q$_p1i*@gHl2NUmTo)?qWPG$IO@)jGJcVB;g
z*|=t^-EpX`e~KzO%mVaU@Pe?J^M?ppq{=spd(_wRv5qS;ID-Fr1$<4X#Ui67A$9aN
zH7n%jf<&`5%=KP1ZRnEX)_+|e-$#w6n{%cpPV>Pd#`*yLw!Oo{OI^fBB{$1JS=0M}
zpUUzYf<+8QF-}tseL2d}Io`5IEcz@(P`=jp@6llRT9ilK1aT=s_r4}xxNr7DsLHy=
znI@9|;rn=~>+Un#{~95dGYXjc{5UH02SKrm123}=Z`>qol{eQ{$kTmXPK9*Mj)C)e
zGuaQWyXtNIxL@CNQl%~<SwQ6TyKIQ4HHe%B!V|laIDg)`Zs^@FtZB4KQw&#E+`}er
ziXx_kV$1TpSMI>>ZRN0#sVWh(r`1-?ubDp)n_}cugD(8AoR$;KPMgZEn1}kzu;Xi|
zUuV4_ocGIq#r=pahA*-zto{_iDfIew96t?&2dO#YWCn4DP^LarbJQt>f9;!l3TX7>
zXO^^vUNK8RZkwY?_+;_afVJKX$PKdiom}gEc@Vbl>_C?8e}C=1=(*Y3+xs=V4K-q`
zFganJ=%WH^{l2KA78;^_!Ku9~b~iS_kLFgWv^%0Tg@*wFZ8Ct>4xug;%B!pexHC?p
zylS@Mg+Pj7>acDPk*njHLh2^x?ZIbYLa{ctnI9?_2?B}!SXVdvbs_3DRfDG@<e^&(
z_zleUPeQijcngAD74+T2hV8-S{Oswu9x11kDOXI6E^0B%9lN2w2nzj8JYMzOxa6W+
z6jEPO4F94`HIR05%?wJ(1H{6U4IPicn;U2yv*k{5XU#<K2~JY6N*9xH8baQOd?X#K
z!|*%oNvIW*KHz&%K*)S4*XA_+tA}pW-L3>4HyyX=7a>l`G`;A`G^Iz#Oq<=P*>U)=
z9!7n}(_OrgdIA5=s_t0U$gBh=&JE)K!@?%ta7Yt?Q7(Fell)LFhnms#tIGnaWW89s
zV~N*KqjtnkU~>_N$LJ9>QZ1cHcrqhY2xn&6@ZF7~%bFKKwHO*cW=8w`b!!2`e)mgq
z#&V-1)78vt?4bnm^*?C^P$kW6bJT|p=%Kvs%+zP-{t!)LMr=HE9+dqLfQ}l2w%W&-
zW?GvF_wte|cT`w}{2Ws{AADB0nKB-de=P~DE{8=jeNjjn(9kCHZvMIQ)>hC10oJv9
za~GN0`=$S%8-3VWl8wEu#x>Kt|Il#vTLCLvYyHu-8GE*aMR%393*6NvDlhG}Eapv_
zyKnnzdlWNM!d&ctd+mfM@8a5D{u2Y;KUM8uJS&x~xF8wpO$xhF5_y_j4p%BhO7k+T
zQFTyMnN)##i<qGxa7sPJStORldK9cadJH}F$5V85usSQjC?9;MVyb@k4Y9@yxX$Pr
z3=IxcbD_JZ(e+ZVi3tH91*{rkrp?eN_(JAe7_^k>3ywewbiWAB5WhzGjHdT}|HY!d
zdMk(w?BPW-w^<x?84aGOC`+!kucSK)u;GxF1AJ<*4GV=(A4Mxmu1c(DhFIJSd>U;4
zsWf1ZHz`sMGhz=Uh;05Ybt>#DqwCd2O(_lH&iZ~I8||Gtz!UvNL7QIJrtdRWmio~}
zVl>N-T~vQ<Idz)3f8IakP=>mqjs)tW&ZUlH!SZz=4)F|h_34=@gm+Z-*S2b<{{bGs
zk5*@53jp0W>aHP*zptqjt^cm*86yRWEnD*BObwHsdJ*+5Mm9*X!u0k)19o-ke_K>&
zs=6~Bwo|{7)3aFhD9C?j{u*+}B~zE0J3xrF|9{0L|Kqj)i>kM~F&2*w-08A-oUIQR
zsmBE$t?nJ+-H$dupPA^80yV&s8_ZV<_rr?shla|ec(w@EE8trMQz~gGRaRH~!uJYs
z#_Iacr$bO|i1;-VZ*v8!zQ;tg+@o8!RIhrc`d*vCd2ZlP?^daXaVAssOa_&T&u<om
z>UstLM$q{}UbjZmFbRsC+{u}w(ubCoP0VyP_JH71hn1cDLu5}j^nSK+)$(d%)Zu~m
zx;=&Av5Wa<`((4O0^!m;mf`dz5E)=nExH}?0Jiv_kLn$5{;LwV(cdJjuya3&g?82U
zp~*krc<p<Auy1J4y3lD-u=wUwrRrV5RvE^m^h1w7UvYa@PQk2ZhtA#oj(-2rMV@0#
zT`c>1x|?BQza-mX0%d#GINM={6^wKqyV-lh?Rk^qa_5?0O!sEYIh%%8OZiPS&D)>N
zioR_9^E4T}(&O4I7zULef?Fs#?t)iD5%H<cj90{C`G9H0>?Ku`dkhy9^g5D7frwAc
znaN~>I$TrhIDvL82$L1oo-H21+`@u^JCrWy%~2gjF<F{)Mb*?<hcPQ3k1^@s?|;JZ
zqwgloic0hp1E<8o)bxGCeI6H0ogEMW?UO?;%mnP9%wo4$bn&S`02X(+!h(DThXVVb
z+7M(1rSVD6;~Vb`#^e@G7V>S}kPjcJkevN2yWCgvjo(`12udTXmV@D;fAcnkm|4r{
ze1{P0NAL~<Uy{1x*#%|q)4yF=$kYpGKW#z7W>s~gEvFH&$OM51NFa{+?7<;_L_dM(
z*%$WOM;;)J<+)mAN<NqrX|d%@3`FBE>>d3q>MJUSI)O-5o40Rks}MDT&9HnaFfb4t
ztEgq*He*Jt?-GMjZT`Cv2%9N=j@|`Z41UjA>gaffC^u{q3V)MbyweE%P>TZQwV~+_
zBKwJL@8hF~m~1>)>5h1uF)nvWPcapv-&~zt_*8adwyTk=D<bOa*J(}x49wkf(Ko~f
z9>yfA@6{(<X}WjpvYkhP*B~;Nu@7n*@uB;mW*|Z~1w1;&v}D&_1T4{ipW)VPn!8@8
z#4ynpT7Q@?zZ_~p4vjCS@#;enZuHFX0|0^#32DD|uJ~g|awG7?>Km=w`=V#+@zTdT
z*~=f!eoK{MFUeTw>#I0x14kZHcg{)s;Zl&%aSnlhnEN%?BTMXnimcWV7cVUqauO>5
z+aO$0QimDuzQZh$078RON_!i+>Wucue6=d<@fVUr4Y4X+;U97zrF)0Y2dp7mXJ}Xk
zwRUR+M^9b4QYBMcnjudt;*a!{86Ac7J9Ixu;7cRBmbmwuxw|sqsND2-;)&%-)u2=A
zNow3yH^|d>DOnxdAaH{aL>K@#0@?v?qMvL+@D#H+15d}^Y_<OmKrP1wH<%2=lLOIo
zsQxJSWP;v;h#G`k;8E{@Cplc<TXpj3@o^+5D`=Z+8C-kO7z~wDb&4rGzYQ#ZSdL_$
z4hai?4f|4D08Ai0h(r7P7PS-+sbJLX=j_3XHWQnM>CdzSn47?)qN5Z9aBaa2ZEZ`2
z95xTwHJVQ_WzGHZ&Ts_0FZRM*W0&b^sf*JAmD0eFaR|f(^AifO9^fYF($$p3i9|qA
z;;(J}ufO~4Gq{jrHiPCgmTBwy?{i*(h4~E5sTlCPgPpg{KSdPNMUF#D-*DG^`f3-A
z0^<@NX>S3O+7VW6&T!t<Y`p-YP~6ZIkLl5-H}zMKPA`zgy~QX7ipcBZKRQasH@0UL
z7k%%|e*{GP`S)4MvB|Aghtny_=eaQt%F;=@Q}+p`#<6&x{mreV4C=U&1zI_trF|A)
zVtDfp!61qxSgWqH>+RCzhb8$GpY+Mkw3riQdOxiTpm<^;9S}#|c!H9iFAAbwGj;bi
zVw-@Qz?iln$>zcpxGxS)xzA~<3w{DQ;+F}Zz-TcIw9|DqWZ65Es$|llbkMJNl_wzn
zlb3>h&_bn~z(mt+jha8aucq?h3BAFmU5wkyLn`1O2?+@pT<dL;&7t%YC-tR6s^3_}
z5zuxeXg!TzafZ<n-vzEV?XFp%m~l|w1JER;OX;VjvbgR>yY=yc8pq_g8PY^AY_{5y
zM!msW2xpfS^P_Ps+)!K3rjDZZq+-^CJw+nKyI}fvi0&2pgXOaw>~ZqTsFoyVuFjSw
zg^^g!Tum|x)1aHh;bRvxcg8q%wzk%{Ok3^j+&i|>dnq2RRbZoUx`8-Y+{#mp>v@%?
zS-<xv_+%CBQ6TI;3t#L1SU0U2{s^46>05ukV+%AX5SRpS+(EeN;|gvT-@A3sRTs{w
zJ}(T2W5ww~X!IY0*j>$bj@oiS(Iu4&)TiW$!bO(gy-gZ~MeS*UIP<!_$<mvGZp_-O
zWEy_geSJ<tV`Jbe|JLhY0JQ<hd~m!ih}F-3?e#@?NamF8n`JDpmmjU8(nun98huAw
zp)F`<_UQNZmp-o`@9ZYp?nioJ!38g@)z$M%L!;6#4CPcA9z2}rhuY#3sTw%8+Y`?m
z6q2e`>eS0jtj^kcG`^m_ubsE2@y6a-z@bPZv-(vmd(Q7<{y{G7d~2eP#M)@+#&JX?
zs*UeBx0OXlr0tZ)XJ+(s^0W;kTSL8wUA_#aRtqYTpKIC}-$JNv1H7I^46XNsG@03G
zVAoqC0H}+!0hGwrRNc9|*^g`znra-1gMrS;K$g@Ehd!B^XUc@K)_l&BEE+~<dsc`)
zOD?A;`ofpBS(8-r_6+gSwRt_b_TC4*3aB+#u`MYq+Vpc)Prz4T?dW|fvf+y2j#u#~
z06mj$eI&j#so+Io!e{vr;7yom<MQOh#*2&lRSfQH3-<7@Ms_=BHCxTVTF4KfEv9xl
zzQ4#@VCooJ4`D02^szWT$JmNq{R_9W_U~{3glHU58Q`iDuf5z~ZppB(rlsYKkGcm2
z-JD<DRGDsv6>FU&n1Ho(D!tQ^zoB{Qj%!S2cjDYl-)|Bqef6^dU?aEaZeI-Tr6-OH
zeBNs2NHJR@-XeYo-EXOpO-tO8j61J+67rfq<E0CHXI7Z!V^8+zw+rk=yzcMC$@5Zm
zOI+{E7>9O_BeawWC5z*KMOF{Y>Jn%(46uL3(bI=y5y3o9qGF~B9@bVdrc-<J#fs5n
zY3X_<CpD{934o?~o!IMQ)*PjtwZ9d(A8L}SQ+0!V)92mCXc4m!$t?NGwH2UHa%%||
zHWAKcY+c-)XLsr+HxtWRye{rtcH~eV+b@OTudiKnI4=8jqVoGEjhI#XN?*z+W$kl)
z#+h$stZ<t6Uqi7_-0R$43<!r~P01{am!9p&q1R14)s^$`9T>Yp^^7>4`oP0zw+L+Y
z+bkIyJ;^=;kXJn@Vr#EP-K2p0ir-+ocs8r_0vgNUqTyYMQn0Dn>TISqvOm^#eQ);o
za3e_U<8^SG6s&%kS>$CFh&&aQp4!FeQ#DfXXB=BcqRel@f!Kdg2=E}V4($L@QFI<&
zOeLwUb~FoQjHlpf`2X2xn5nQkv1lZ5&oMbf6)AY_hvz9&$w3UA71yMohpqKuQPFR`
zV8D-S{u?V|RM_W3-xA%AwUC0kmJ@&+y>+M;CXKIaZS^`7zTX@|!2eL$%Q-RdyTCi~
zYvGgUn!+S9RR?Iw#yV3D27Z!ISJEsHG35i>F1pb5!VuzoRryq&VP+p!|I|HQ9qRfP
zhT?N{y6d+(>fpDX@=2LbbtlL0>UPPXVYEu-G<tnS6rELIQm*>((JwNija%*CY_c!B
z)~>cY0OR~ME!ksaZxSpie9}!vaCPSIuh3@kr?qIw;lU%c#YG}w$*@H>P)d4o;RR!u
zjAiI*NeIAdRe%=&UaLN5Y<8*bV~&c@?a;Ao?)Kk~i*ZVOCD9D)X<ILc3;hU9z*iQE
zht(2GfZ`lB#wW?G&CwJmyho0Fe^Xn3ltw0OBWY1mDq8}w`3TV6ggD~pA$s_=Q*v>p
z3)tDv8deDVT5@4ae#}sb4MSfez;H`5aCWNy`;=y4#d&}!{`M<3qw9SQ+dSoVACD9%
zSr;REMrH5c0J#m!S$cQp97n+JBy0?Edl?-ajf;i#H7d$0w_=pdC8Ba{mFn)Uv2cQ?
zY)ShHSGrYy<$`KFg^a6s>3;Q)`Z^&F4FdB69Em;HqbCY{112RMVMB6>DB@>FT1#kl
zfhU%?@H|BpvEFJ&LJeWy5(!Ld1SzIaYfDAyuj9?S-JES>FzeK8-JK5Mns68cl(%$Y
z5TpdDzhhi*><~};ZMv|3YcMgZ9<Rlp)Fe&|>k+@&Lc{LM^YdV^$Hm?ZWz>gXJ+aaD
zI*F5vbHgeZmzTPKFt#-5EgrGq6(tJ-4u}8TslT+J2`Ld^Vxkt|vz)F$5%KFaK~Jwc
z>CIEjkRw9M<k2z;KoLVnqi0ujhYzqe4YD%GX9ytx+^%E<WN`p!x%`!slXmLuCw<cu
z#y27natnc%hf5CNY41`)e4-1>8d$9#sV9)ii5-zf>5hnrdES%{HlV5d-r6cujtAnx
zP_+y|iR}TzY_^oAxRlI{Bw`19ln4%%k`dr%t4`Afypg~GIH?S6a34|0tPV2_FbM<`
zK;qv;#VoS^;&676z$}mjh7h|85t&~8a9~#TFq|V82P-WY4gIkfB-DHx@D%_Ih<rnf
zn*jXq3N=GCv06n&ejc7LpW+5EbOx>y>U}5FwFawtyF-^bIXRfbtZEu5Ja#Jf7xH2e
z(kjD&&QHM&j%p5$1Bq<)0d0An0N}o<rQAaHeyDD&KR^26ys6W^*tyKM4iJ+P1h2Q+
z`2cIlTl}^G!0Ec}5SZ)0{r&y*>87qG*B$D?B4-zl?Q}8wugtQwXN-A{Kfzl0=YU+V
zQrfP`gD1%M@iD^3xwP7nap$s?UhK4oH?M><5gZ*92a2RTfjGX*RKbu0sS2H2cpvJi
zkBh%%s~3v5TL;)A)<(p&<49L4iFmn(OMPf9qt4tnAbyZylh1OkV|$oYH6C2RZP_zk
z-&oE!%L{_Ily!*PttabdoF8SG6fkF+-hdaKJBe=XXHDM}{2IE^No0|T+0Mh}%uIwF
z0o2o3Nm-|qX4zE;mo|N&<Zragy%^3h4a%6CP>I*S=Nz+L5uv*2rKM%`!~R1`4VK1+
zYVCMeAI`i_ec5&{cR_5PgO3agGC7JU!+mp4)XdAvQor+|De;25sPRB<6EFC&CLxZZ
z_j*O-9{?>Fz|KffM`csQe0Q|J1_~Ca7xjrws)6@%-U;q`(+0aA@^42Ft^S3n%bOw5
zpG!0ZE2oGjzMkpUf+EljZB}1yX5_QLt~rQs6kGkcEq79xRE(c1)aJ+8p}6)A5O^8=
zX1YNDoaIefs%Xh``WFQQANHo!mf1&Vzx{6EKAx<Y)R~GGcu<l-N^*f8x!(@-oH1SZ
zIY{;YvlE+$GcRp*sQlG5&pJM+E#~#9OeJ5n6VB_g0U1=+t!^A!dtD%8Vd?xtv1z@Z
z0P5!nmt$ih9M2-=cT}h8mI*aHXNWEL^{W|<A59q!#DDxM*&8pMeuF?Kl+(-Yl?Xa3
zg$w+>bmgcr0M;oWj?0-KIv|+9fjC;k5nx)Y?nSUJWSgV2UWu2MHaKq<QU7BXf;NTa
z0>6oK4S|YTI{p?xFYl7%i5d>%N5d{Bwaj$gq9R+rbHRc*at@2^c3p3ixWLT|XGD@j
z6-ChxNVpozGeJ|KIP-7*ZTo*mK-e`xsToo4(CtH#vEvxdsQ(Rz&>)V!TkYUaz~E*(
zKqQQQQkwho*>EjdPg{(Ws0*bi_f7h~#^OMlgml=;7YFSC9#<4~@YkfFx%hKAGBRQn
zOQoVRZE!;Q>oaiBfCj9s%YBcrM}=jDp01&>S8xvTOkN+0kE(xO9O%8;cKc5F<mGrE
zF^f*khi;5uw#Kb&-~ciXPfZmp0Y*lVmf#4dbO|_ZiV})GgD=BB_Rj=jUP(l43FtZR
zR^PV-Q+Jz^At;6U?Ad}BS`OC$#U7tYCl~r~m{w!j$rDEekl-w{m}YIY9B<IV`M8CS
zZ*WnWe-Q<Ddo-iOFjI;ayBnbbsRa`v4<M(oy1E+6ME8Urh9YC0HpUNwR8KNC18g!q
zZEh;Kfj|i6kKE<Ae_ol--U3N)+nV}XR#8j*vEmV(UW6O=osMhp%v_KlbUt9(<PJOJ
z)eybP-)i6SFgNE$H)!#yMd2vkNis$^X!C19Nf_L-n-KX2%uDxvv%{2arLJ}|a9{n(
z_=cUrt(X1iJTQ@wAI2i_27tnw%k0l&VxEoEqD{R=pX8DotGlsR83Xhu3J7z5--Rsn
z2?b~QZK)b25|#PyXd>pP8ZURBQp?vN^p6ra?yxTlmx^mkJ-*PZpigQj%c<wd5m{9!
zSuq@om;MduYAQh${OkuOxH(1JvWY^zRp&UihZgnj521$2;n2J|Lgp6QC>X)}&6h(m
zGFZsm{Ep)W`pd*<ExIAT+%v6c{Xl9K-$B5p1$4VoOm{JBfzI-4l^klf$SBY|qCi6v
z5`dzZ1+cY+hPSj0Wf=bC@pb)3kfS+k$v+xKPZ(6t?MogF+o3DGm?{~nGxS3R_&V$H
zgiLt9-^_Y>zEIP5h~)1Jry2O|U-9Eyn+6sQn=8{7uRCeT;|T?<Xm+kvi=+!Bnfmun
z3p6LV94XP9KVqLUmoDX-U5h*c^D3*95^c9IxP1Q<yx+8gF}MEI8|CNt%0Ug^`@iQE
z!z%mj#hrL*F{f#DU)f`r3s}>~ykjBmCcr?50zN?XKOrbZ%Sd2OATvI~A+gTPMFEh9
z3w*YDfgH#?<Qd-9|9W(ztF-sy#>mHiG72%L13A}53ltS}J=Xvu$zU6e&=RP@g*e*%
z*>4Ylz%GruAa0@#?(o7f#=CpNbSa`t!Qns~XM6Oz2l3)dR>Ri$dl?3TIuX$dH~5TA
zRNL)xPG9GoUcIZ!X0P_1qiz;xigv60UIB%(4aj4~+RzSGz!E9shGW4V{j4%n_Ef;^
zxJJmmOF;z>1TYGd{IUH296fS~qyD(-5--BM>Kh8pF9M4{rl00!ghx)O{j)x^csZB0
zX-)o4QN?v!y{OD@`jE3gxif~3jl=O?&~a1hgtBjASZ~&z``zwv;7gW)kd(L0@$6}T
z{(-RPiX!Y*mpS`HC2H&kf#_HDsJHd_LVG|qLrB{bL^>*l9^zHFJIg;fi!rvHp9K<g
z4T*9;d&#)ZbjskxCW0QqSjfN7;JYHepOzcnq$-FBCi#=K8?8GWN*;uRb(s0*G$!)c
zVha)-K7!oSL;(!{QZru>Orn~K24QbLFISg5y;cO>9K{U>dZ(qj;}KSzCXQkJ18#8l
z9NIBasrqIz3AS8~r4|P)V-7*N>~LraU@chy+kFNkF$T8f6EK6r%j}!ozxuy!1!C<`
z5<!0Bo^YFfTh>ShoGj4gv+5}dMN!mHp*<j87IOPwJKNv-N9tDQA~|X+;vY{9m6gW#
zDQnu&VXCLXOFkxQQ+A{N4T!Nm)}cIien*#}*)r3L?Jqj&0N>QWIzs!{z~v6eh=|wD
zYxsJM)W?F+0TZA5??ZWRhx~la7AqqW^g`p|lJ1gkpgh-riz9lns&92cDYIQbJ)5f{
zb2@+Yvy?X+SKYNta&orLFFju6=In0HTj=?OlkRzi|Jku=51^#(T=yGEX|HbyriI<k
z3Mz!FJ$3~#Lc?xD(eAH*+T>U$MyDoy_Z#wQkU_{l^!4PB#IDCe3)R(k{z8h~P}+@6
zqSmVrI+jwy-S(37=@M9h=5*_&Ro|nDMY#YEqf`2;8%G#AO<@v!SE-Zs&6a<)fEXTF
z&USDD(lk@{e2+%WzR7?3b=N0s{5c2SLI%gXwFVaJ=F_Vim8!G%>dc-4kC`7-X8E{j
zqD`RU;RuLM1%<}%<ljoZp`GLTjB^(?&UwziJ5r*KjZr8p*_Uv5^8>XMB)c<OOm}YD
zO`myMZrC>&Qk9lZZLJ=|3ZNvwtLtiO);L-Q3MyiHh-qF<9s=;_>~?FzH$Ag89w(1W
z70(WjK`t}hJn*+zC_*-m<IfFtthO?Xib(=0bH2hfXT|G0MMbr4Xe|XdwX2aX#dP)J
zluT>9EBqY2e)sbD)7*G0VGb>w{_&t)c%^BKZ5t4dyXT(zO(e9bw->()hpM|74ait5
zeIVHSih9sy(Tj4wz2L}%sf%6*tEdfdHzIwDuz%$J&?lQ$o-zwX#`(zr!V3mP+UBEn
z;!qF`wo+2M8Qs>3kZ6-C<n*PE;;C1fvPkj(V3f-Yol@Wqx^Dg^0Yv0sovr#h33Zb1
z9H(@Vgw_Dy74nD4Ublcsyi6Uq%}xMM>ZWTXZ8xjx)ozAwgt*Z$F3Aq~&GLKE+FCG%
z^-H~@uXfeV`xLc)sP<+J3}rE}D@Yr_td!sNt`)v6FQ*)Ok7!K9<jG0@l}6bKj%`Hx
zw62<EU})6gG0DI?JGr*_DmyU%L8w$sxjd2&GBSFJ|FTVxY{r8C=%ao+)5Wt`t9vG-
z4FY4WX%A7(7}p-9Phf7?T{-!B#=FY(J;lxhxl8pK*yM24H=hLr=K!>acHl0)9Ta$3
zLL9AY+FyqR?>?J!u!!5^1q_;g?dbOm3akEk>H&5d<&yqtDBcv!EHyBEY7{_0^rfhi
zHIb4QI~*m@OQ^_rb}F0Z(YkvBtjbO@Ku{6!0<|yh83LIBJj!OJK(z}GF_BeR$s#_E
zSxPRTNDSwI=4OAFxn9pu^4qU}N<&jFTO-X>r7LqDe~;&t2gNIRUA!XY$KbLy__M_Z
z)t0GAD^Fy)z6*28)szoFLL~$IFjI?3R;*&sT;!_=H4bv6g27?8WZ-<|#Q^|BfU4G`
zExOTj>k+yq%%6*1F^4XI&*zjQt(}BbpV^HTLiK1*N3={roq=Mt6S1aT|7x1CiavXs
zw=d_EWwIHg2;6|}WRciypG@V-sy4Nja>J}{{VVN~k}A*~t=q!V*$|z<SjEKqhv9%8
z&G>yTKu$76Fc6RxtisNie9|R<s79_JT_c@SMX{Gz+9R_(#yrA$b4aSwv@SvtYY@9G
zFRRua^N30sQ70>sBL(#`FEn<a1}W7oJ%c!&7VqFr{b$$nMqS_l9W=WVlsBZ+ZaU<|
z^^(aEum@!E>qhA7>$v<dLDroJl`;M_dVA|^Mtf1K{NGuBC;MO1Co>c0G_pT*`}!Ge
z3boCBsi7;<ZetzsTT7MkJk@>-y$s9PxT>zo06#<~vslV$)8#?5G-IXv39TurLZ5%b
zdbKi3z52twgK+#FZ>Br{QH9TD|JFaXiVqvNi8S8wk^oio(p#a#_1~S`2uCZ`h>PRp
zRu-=ZxFov!l;<N&U@aebvV+8CA^1kPyist*(0cK<(ky9Lw#`kMAU5n@1;ckec6?<@
zl0!D6_izw}TD$mkWDML;aMfL-GU3{XQ((o5*@6OYh;t<JLWMXoEHj^BxWH99wYLbj
z+VehF4>Ju1%09Ko(#!-U;{6e=00IS?)L?@^96g!;j~mjFkdmoH2%q)7?sMuGseB~9
zL@Si?iTvGM;vTs$uV85HmHcK};%6@aEL0r*YIK!;A_I6*f%)sM$hOO*+xxu(i$sJa
zZ%gah?~Y49+nEp+{#ZSyE`LNn=wUtLQZg@1CF8DNQTVRtaPsDv^mQhPI9-wX`nK?S
zeKtUYK>-%%{&dst8DWtXqJAzzj)R5G1^&VLxb{+_tj?82+x?S70j^b?slLiqd$&aO
zQpx>ZOkrPLHm=VJKfvq2yCUA+P2h%PzpBlCIGdrO(@rFSI94j7*Wu3j!IP={&oJfx
z<UO46>#{cA{aHfHCvUXIq`cHX+Wv%zzV=&UU9O0YdG1J8)2F9erizsT7<(1mP%PxK
zu-bOI9m>|cBbl{v-}hR%>R;wdnmS$pLc}l>I))6)C*Kd<Ug2MMiS|FORc8Vpwn`Mm
z-vHd1RbaHw@zZFomb3n2dWpYOp0wY?uSn&uXY1>8EbKMAsht^Q!X-;U$w_dG3e;5^
z;P+DcaqglYoLn5YU?{ro6bK-xi=l-+31k9oE_KE$&U)dyM2?SgDWu+Mha}A1_Z$^G
z+&b?hB>*-WaAnS$i_bAblLs4Wh65wyeKBo`n0MOCD^)F6V%b%yddr{1|73vyWL7kV
zaM@BJ=yHh@sBT3@9YmRPD5Tzn0vsVvJa~GA#TE<)_&U{`x3M-Qd-bCi$+VnXILgv$
zei69*j^76xcY)e9BC2vHZ6EE&S#Pj@`0>1?n0nX#Sv++lBls4O7fmpZo^A4O`+59d
z4$n0EKmEG^bq@b-Xnq)u?S1Z&Zn4^5P7*3%Qb0QohbX-Jk1TY+)5*17MJNv^J5Ph-
zwc5OKBX!UxSAe=!^-PsmQuok8YSt#XJcFISy<|Ng59Jad`*4uwf0wvcu9asSTlKh_
zS_sT=b_RBy31u*9TMUda3k1sX4%;lGkQIsCj8I|iN>V#=S+$dXWnn-J2jBMhdR^1L
zbbpK^OKSCMiS>CrbzCIxO|5CdBEO?hPYw=nJbCnfCae5seSWv$4wCz|e^vFd0#NPy
z<m2L0T;bZ)=G*SGYc|+_bHFh%G3UEeOzd1-xrSS>sIJ!dAAIff{g3y#0k-kOV&`oR
zQ2d0ef9bJp7&Re+&Xcd0A>^<qfLban=6BUH<a5|r;zz)}!j*hkbbEi6A}s6FhhA~O
z&v*#0CocaQ4$0f_Ge19MZn*8SF_hw9<i~b_kBlfIl2Iqwz$BTwawAX65{p4hnO4=^
zTDid$4J#O!Ad$_Ea1<c*4Nz`<vgktm+eRP}F}1^X@57d<R`|3h4GmHNfl(kb1{M)+
zX8Z8t8=$XtxskyA=TSh`+mw&n*Vp$33<ghZ00f%qH08q+6ON8_tP+_tb)<Ep9UNQa
zU91RVwmLsvhsEYR*+fQ|Nlz3&z#cBP+yZ3i)C!QX-}sYO0^lFSpA2EcwhsVRs{9p(
z1#keb=3s4YhHv_Z(~qlCYxy5;e*$&Vf(FQQF+9pBOHD-FTUU(aY(Dq_qu=U4n7ds-
z=mUiA0M(}lGYae`pX4<3-sg_MWq}EPD!Rw-e&T9{U=-6OsLRr7^#SnWl646TggKWp
zdg}=HuDA7#w=hdViVLX$Yb{7@Xd<U5c;mX1Iuv^AavZkf?-rwCxyoYpN|hV5=mbK*
z({<<aw#wTqc}_<yx@2W1cIQmlEg*t41_(e1ll~Q`{v-AJ<?PpXn0q3!h_BOZAeGO)
zOBEJUtuY4nzeMJLcu^!&^Kcvio5|8(Ok$kBv^1lU;`^;Bsz^&5Zxw5xezEQe((gB}
z=#z&)V7W(1%QBmz5JfamNqA)7J7bop?=m8eF__AyT7rg-&NA9qf<lH9=LBrX#c=!w
zTd}-)B&1wwb@atH|2E;zB(6r@A`qYVBaQ35y<Y@tO8xl#@9)C?2-+nJf8QQr)WsTN
z1aV0M?0qY-8_RAak;dj%W=At%?D-$gwQfE>^DM9jU8y&d8K{6Ry!>AEUj=$xZ<V6g
z>RFg6DUx;U7|tEsCIxDSREYh^3jd{@UH<aVA<ZWdR`@7L^bA;z-!$3Vk(8`S;4dnS
z0+2Ju+1rtkkX(?l*pZM#h})6G43_b@kmAVDczc;hjF9NL|F;&vZHq=EG!i7FOw6-v
z<n)J`!?sJ40VNiif}-8My^LorxLz{8GzCvHwHvJhfb1_+$wGPP`e+5aFabI??%IGp
zZ@0y89-m4ZV4n0LAcfmzvb|lTDsy}+e}Ab>SerNT`1s>PjYG;~lG)))1i(IpqRv&C
zgzmQ}kcArOwLW&j-o6l$u433{g<_fD1xmFo_O)2j28bPB>7`Y(>%HpREM$Xbk7GDI
z69pie-{O;Om>AnxYJ1{*0NADtB5#f55RUS2L!itQD*nr$&(>UtF0u>u*x?RDFX({h
zEbc}|0bis#)x?k~hLls)y7x~~po^^b1k%9yqn6_Vb++Rl=A#;waj{{jpDFCkY_yY5
zvDs8Z7t1(-6L){_9<p6*^@>Dehlx*q_;gtH@fGPeM=&yg8tY$S75qflzNCWGR3x?k
z9X2RE^uOz=BY~%KuEVmq0Nz;Wt<U?%z)0}^s_$br{UXXTqalCu=4Zcd8bk_^eSWL~
z#iJkEXQQfyt&|*y-rTgyhS#Xa+wi}bbGTflbgZ|EMfL;AN*(S#bmuhX{6m{Zs&y(u
zz+i=c9z$QnRCNO4l9vU|Z_U(~&pSEI_UFDP48G~=e=J<#QqEN){Q*>yM61Dp;?y&B
z*6snM6#4UBohEkiFv8aRs4@)8=~1Qgo2)m6-gAg94D!eO9$yC^02pn%U$1d6{H$)R
zoVaH4LoN`zywNKy?z_WV<V9>e26P`EhAr_X-T)h!?~A7Od%DxQel{j}LT_T+ZmMpp
z&a-3Gg4qwCdv9Dpcfd^too3^hgaTtkw!F**@-Q<tuH%%DaPe}(@J;+-Gl^@ijAsvz
zBo9Y8Eja-}VdG@32lgxVDTyXWZTs1Ny?>HCBc@>Mztl&I#p{KsSo<3ojc7F(;ukgc
zfzm{6PY%rSn9=zLUuK9^A^LfVe=Dmsd6E>1s@<USZH-5;nW113(Ql+VHIA=uLCrg1
zEsHQhrBD_4L8yV-E-ORjO%a<plNru12B`;$ch91nC~8)gXUnMfi)48!VLsOAu}&TG
z8RgiOeY_eJ`{%E(S><X6fACx`OQ<9}nvP^g%4`@!9G#>QnU$S0g-*Y=v2wBrQ1EDn
zcA9^xm2~&)64#!z+_93^578b|otwW6Dy`BzbF*2YK&}yCGgv7RE-log+onC{Z-7GF
z@c5-oqY(!c#xWQkI0@D0sgA@dG9czY78u26{d^4+s$w-A`RB~c4D$VfeH{N-W*{rL
zv4?rLU}$o;L)}@q9klg0+ue$^?fd|ap1_ffuYc*)T$U+1((fSTgQrQi<l>Xiw7i2Z
zLAZVFX?iwZ|D=uwK>q8Tsi%#sNuyX&VzGzEr{<S`LOyr_<TE^{igPXxAo0wKqKZWo
zYh1`&m}n&3G774bpA|1NQ*ADiSAlAftb%dP(JJI*RM6KCGzAPcwx)_inNR+EW`d9<
zDxqU>+$8YMcmM6=aynCt%QoN#Iu=r12r>@jA2br3Wx<l@7MqC?Q{+qn_V#z7fE619
z%06uNEdWwXnn2{(IN%e`2n-p`gWN`d>m@xYiP6@xuj#`WHB|IekMFT@Gx=}n{$YQL
zM$(UtMgn=?1){$Uc!>nUTL1K)F_8cB{_&^8%)dW@Kv>`)WCESQ3()%i`+fE@a-4Vj
zvjF6flMW<wFbXJDF&h^vQ!Xx5FQD;k1?lZW^^!kOLY$@ZC=#Q9Q)yE^C0ZE;RuO%#
zj{&ifVP2RRfHX_3rjf)XzgV{w165r<Thk0Ql#9+Qz?rP+jho{s)46W*v)miMnxU_f
zx4t2%ec2u-XB_ZYitYb!Z@R4Kwl_U8HI>M0+7I|~z#uaVKp+s4Us#wxm6d!jU^Wqt
zMgP1&HNUQU(yz|icBCmyr{pTM$Jx$Si~|R`Fq!#xU0I>^J#ee5w5T1ZT$LVSl*UIz
z82I;0x+U7l6d@t0LMM?1=#ziwKRS8S0JHr;mBty>_R`gziIU&+{RWL`ZUZ_=DNya3
zg(i3Jx>p?Klx#$72J=h8$HF5JtKuN!azH`M<h#(m%MOEI79)zi>^-tqOt0q=@dT#;
zVMKWk7`N7bmrF4=?|Te-e8cr)BAza*go#({)}dB<#v#C!w#7~j0XALJfcObebepxY
zJng)<Ml$S<vZ5WJ#=U$9q!{whzeCZmVBNj5zX4$c4ug1fd4+_8d~aMLo>v9ml$iyv
z{Bn-v=jY|Mj7gXK{A)rv*UVl`UKJh75pZe@Htg-!)WwLKaNFV@K<c)DQ57`kr4Nx9
z2SEqtfV)UCha4b^{35-Y?@uD8TIb_rVvsd>=M&eCjmhlHjLp`agV`fX8;Dd55E?Q8
z3|4(e16zMm-YV7&+Z8kbwTlGK-GrLd0}d^&n`!Qh=G&ur{bdQrM6wCY%2jRGDQz)t
z%1r{y_TmSXWw0FU{;M@=xAD-*=KXtP+`~op(az;M`+)e-Rk~__I$LDJI8JNhdLQyS
z${N$E9(>*Orm(LcTxL80+nPYj(e4yX_*fZGy~~lBHF1Urxn|N^Lb@eY`s%&tnrn)r
zIvN4ev%rG6<)#~2jHVgzP>RRwkNxDc24RyMZ9P%m&-quG<K~fUehME}nmm>TYNzL#
zpk19*2&$8A8>h693l%(Wo%Fb_LsH4}Ur%HwHE6v1$*>%S!mO#xve(v7#`8!)^TJ$=
zkC{&up56`Zfsh`Ed4QO}C<rq_$i!H;)F(td#!Xu;Wd7}5KsMyJ2IO0f<I~31?`xwu
zl%1TAcT`T04`O^*rRiVbQo>M{)2LY<uVoNz0es)<rVjzN6?y^42mfojz}ZWTl^wqL
zS~vnMJ|d2^?z`%$MFzRh3T_C6aMB>PZDm;%*p&*)@$uM!WZVR#`$NOUtV-x<L#uK?
zg}8sM82%ZW^1i#svH~~uf`H5PDmVT_h46l<x{iR$o|?;#UKGS7mZ#R!J$-$5;j^l4
zDV?tzd*5qR0~k7xa<uxaf)-yCBXH<vj;T)q5GT<@`_W>f=bQJ5Z+*xUQOq^Euo2d(
zSBc1|0$n(=O=#co{$pCJtNlfX&9i3@1G3X@K9C5*HsV+5dVD_u9y8nY=A4{sIV8)v
z+g)UqyFJb*K)G~{Yof<~*iGc$Hc)U|q@bVWak@lRD0O;@&u`O){;vC1INqnf0Jj~d
zWqx}uW}@8x=YJdV#-*L>Ljb?1+ATdk4IObNE0*Ih0SUb7nKn*b7&I1Bi5QL7G8|)!
z*JhI0oBt9h10ZSb*L}mJQ3@09THGiL@KqWhB_V<R^OVHs``YZLWI>rg_EOqw3zl!C
zNc6mqy-i@j{KIDU%2CY+zd!feu?DIlIBM!9k1JHtL1+!3o|j#ch<#TTz`NC0pV{K!
zD)ExQGZ}WsjGmJj>Bi~qWx%koj{xh|g}sCfnvVspDgI*Kjn`G!(KK+VdeyFHT>bM<
z$CWD#l^#&LVS-xhBb$mA+FNT@hpRj(@epG~RCIJ`0xue9UKR_S0V^71VT+_uE_x$-
z7ZceRi5rmJj)X2hf;{#G`2hJMs%55TA<|>j1v=3PQeQ;E{U-J}8}{~L6nl4v`NiUe
zGSiu(?`D7YjeGh2%F4)+!d<0e-iag3nhwZeOtqe+FoV{<8U@VFWMFxgZ;1zt=rDZ#
zEf(*0N}n(9wLRO1CsG+hXYE$cRBz>b=zfrTr2`W2<8^07L+XukFH80i*g>@UY!0O8
zuK`+b9=864P8mrb6@-OEY7$Mec`;i-@saQlaELSmNct$i*E26-HJH21ac*37J!^?v
z&;g)d^I340y5cQRv^Yd5ZGd>=0@R>o<vd0Mq=N?u+u~{$qgDoGs9?aUAz>c@=`s42
z_>~ErVNxJ+VCTMoL&y0Y>W}J!1*)PoZQkj&BY{NZ_adICusyhLCM0^)64jsrqx_t2
z5PZXTf)Yy)pV0Zn4FnTXj+)V%fxB>^CV(du5mA~|05m;=05HLf$n3AH&V_eODa?7U
zLXf!tKb$FftjT%uO*vw4j{Vrw<Kx3q>;+&+!@9k{xto~KS;K<9!tlNKPn&fxRRWRG
z==m=EHR=IQawSJ(zuT}ZuN?rlH=(c|B`_Adh?Tbciyytr3nzGrSgvH=Q#A}>C{KX#
z<M63&0BU<AP*BhA04I8n+@13)6V`JQ_~LqW>&d5w+l<94rllVMLT+7=S$~N3zgS|u
znb+@Au8joPH`0E+Q{h|0+FhMQ983TEzCJt77J+BR0p2kWn=EhNmlaUl;MV&?_&Rxx
zfa}~!8~xUC(N*F}^n5?;J_SAj%{$*2KCIjn{)m%)NYt&6kK(k+t}G(-^@ZmFmx!}_
zLuyt=7AmO7B3_m3K<|G8x3;;zh7lF0)%8#^IG{BE#pO#nKg8%*!X2cx2UN9*u_vO)
zR6=?TiuzRNSV_M8gVwP5g-nKy+sS+orP}|VG<s04@1waq7Y}z9aC0p3L>sue<M^g!
zl-y`vIjjr8I6q9E(N{U8;)ey}_;H(+==-rxpUtB|Igc$`C7n#T35W@F)mpe*n1gxR
zmFxGv1J`4l@8NEkLq1pdlo>yutEHHaL+VJY|JHKd-kKRBS`>D3xzA5wVF!{&gpapj
zbcMpTo6jj_iKO||4hFCt#YPW+OGfzOlOt=&=8BIq(@C;?;%9&LCD=>@DAhJIo~!WT
zaPB3ji}3=eX{J52tH2(^S`nb!@lCiUPOA(uXFE~R9bxOnqy^z)qD;^>EIK3ALozh@
zv08_+_0c)jXQz_Dfmms-<<OLXVf!<^Gq|DC?aD2DPzC3ZFAJvrjc8x4*q~Veu-n_F
zI$ANsPcWO9^Q`BqFtA~gGR7rJHkBSWXvQ~^Zx5?suYB9edQTkimFvqGshqjer(Zn7
zk^dBGIC`b(TKG{tN;wPJUTQWi@-u^3s5an9hMw0#i>r9-m_3(;BGgp<?%;J9t@mGF
zO*~t`(u_Zkq#wnGp$niN66%<ZsdVp=c<Ki_ksFaqbdeZht%|ME1yjNzXQK+<F#P)E
zTTMe`f~FNXJT!J>=gD}#acgkqG1rgsJU!oPy$9*`8Y?eVtb`A^5HKT*Dk{ssP)hcc
zSkN|65bNzXR&gB>9(AH|8@^)uKH@Hq45z*ere`Z?O@uU_wV{P`8u7m<WcOYNXn%+l
zC8KAq+EFqohDcm1tp)}P?h2xlC;J>#l90!+w|_%cW-2OnOfHfyMO@pC=jCgcY?q*F
z9t@DVlN82En9(O8CzKTX+}%GWBBl$=q~3nEsi!!~;+!oa5_9jz3gI|5?Wdl7uOeqD
zT0=jGr0dzKzR}e;=;8C7wlOX(%*pksj`=k4Z!O>t2t=_v2bbNv0{H;o@AiX-od|N9
z&~vZCa`spt)6w4;I(PF41#)VB#j>ay(b?IR3|tdo(!RHQwNt0QZlbURXW=3HEEZd|
zqqJH~k+VZ?6k7pRL&IV>l^B=lFIeNPrX@>JqV1m()1p^%a+(txw;KSy-33A(zHAK@
zA)1~Ulz!8T<RN>3J4K+rZDjg0$8$8^AsK}O>J$D7-}|{8G9V`=fj2?6XgpB-KP`ju
z)qtUaknqbd+PE<GcFzQbJy+dC$pz%RxZ1%RqX6%y!uUAFf6ro;+-KxJ)zDaPR)<uf
zn9n+|ck0$vol;#pkS-~dnXIJZhm6&WcQ{p5g`~JG7FG(DNTMh!EEWE3T&oTgil265
zA0@3Z5DMzVs{oR={7^Ef{vMRNcVd@ad!BcOJ(0iP3G)|oRq2a*Tq3zj3filoi((f4
zUB!2A%l>E9qu<6w_A{iQ-Ct8lt9wv^6gBfRo{#?D*}tB(VV_|yu0)f~>X=peObxN*
zTha6+agR)oYgoC*KalP>S;Y#XF8B|96Z~acMdx&G6C-1;*tO&CF%$-n7=#s4x94Rw
zlNmjA!YyjPUm6z}3z4HfQ1f4p0)Jz{J9kG`{l#_Pr6~qI6+-80&#eyT=i92Y)@fv`
z=zTyM*hTW77>kmX+WROR{{KpkE4M$)0^yIXZg&YK?83~Eqm4*lU!SjQh3ZuSn>t%;
zn&@B>b5Wq^{rq!Yr3k^rLx{`}Hr3OIo0a2{B{{)6fV}Xhk+M*8!JXce#<(q-gPp?x
z7*C{O>LC+92-Xf3^t)`0y{9V#@F5~i5C7I9B}8viE^e<u@clyF%UY`!7}e?_V3IHF
z?ShiyGGtIPOX$EO(AAka$Rli;V(0+!=iW`YuL(8YDot;Ek2k2$2#$!9NvZ#2X=`0l
z(<Fn-TT`l1<_HGu`72|O&G{>eaXj!_f#ZLHG;(z(3o%AXjC9A7G{M(~ek`M1fN2s>
zsnMO)zx~o^CuZFvLhV^s5lQ(A6jFEO(CV)}t^}!&co<DLc-RSyrv0DYImy-#Xq+>h
z3g0C+BGvJB5c@u8Q1lU~3|PpYT`+Tpb-tDQzE>7*ET^lk1S(bCIq5A%o2C_nlq7J-
z<sSjTQ^**&`-x!<$y|hbo~E7!mv*XKhX^&W=pF~Z6Nj8S6<WkEs-<)ai^=yUs_*ii
z3%kG?%U_YfFQm~|Hu!L>oabo&dLm-ak3IL<{`ZY4$x6Eo(AT!0|8<(|=Zs!-0=_uX
zP%g)ClRzE27K9^@oN3GcbCU>*{qryZQa_rQk9`M{*pvT%f8FJLx-s*N%?@(-|FHL#
zQB`$q+wk6QK_$H;q)`b;k(LlpN;)^)-Jo=D1Gq#&T0lCbC8ZIhLAqP%?v8gZ)cd~f
z=Xu8aJ>So7jPHkI>?Lc>p68tNJdfj;Rn&yrFI5A>MV{CS^TFr{u(ryL4=Yx3EK2wG
zXcW4~x~1Tfjg#&h12=1nfb-Os|Lgemr)C&1<JWfu$^x*k$=zl{jNon*ybMC{M@|N-
zpRDtt5MqMb_QA&4a3QYN*4o8sIpyisAGH^=s$Omb36HnaY;gvoLM28;dgp6hkI37^
z%jvs}u618g;k?*m#O*knb#`!D;~(P*W=K|4_1<HpIbqSQ(v3aMkYgU2SK+k0=BGR1
z%rOEF#|IlOox`os+Z^W>B0BpiGY^)#*1c5Hwdb!Qrpa7>e#@w>*iIS3K3#Gy70JkM
zsMu%mKCji?4y4TW5}+r>CkEd~l^?TEyhR_WGM`C!{2{!gxtocam%z2p^unTZcxfy3
zi#!L|k4}g@u;oadm-jx+5R~vAGxS)+^rnpSCzF(+qkn*p4btK6Sv&%JuhglEV@j`s
ztjbC+pFYPuRmziG#+se4UHL^nXd2g8SBC{b1QG;^oNw=5aPW#w^d?N4t@`EHEI8-Y
zO!@o4A3Pw^L)rX5{}KsBCu=J={p@c`^T+SFCscREuk_p`!){wj>#QxXdcCb+)3)<k
z)f<W*aoF~BC7+2&f|7~czuUXvWz*@SdWIV(lpP~@-sdN9FciG9D|Vm1`us&Bm$eOY
zhcwE|-r!2H-L$j7nO*VJGotAqui)s5v`Qq?AL;0Ag8zzp<AH(D(t@gPB#H0<TmtGP
zO<T{CX1?T-h~-+-#Y=Zkq~biiI@~RAky_;VjFg*piT3TFN<`>ck7|PdJu06OuN}&B
z8VyYl4|x6+hHwbuKz~G1*en}YeVkurHg;wkpdMgMV<aPZHkB|2She_{bfwI<2#H1=
zwRkK)gKcL`DR3byKTZz2DG|vQv$8lV$aZ)PltoI`069UmW0d(C6JwI-fHwZo*+6CS
zTWgz{hhuG{`S|ExzJPN^g@ir&@D-9z2LL)aO{MGcqho}dxfk1xXvwf*fmVE^$&*Hj
zl}Vjk-P|3jL6!w-ZB~kRfUBrSq&eX8tmADljWib<{ZdK6IU0;VRglIiNX=ooISLC7
zpVh8*)9Vk+8#B?Ii|y|<(svI6$w-=`<~Az++N;2%O0#nYUvn7`=%L;Lzhq*pv^lCs
zF|EYxnZ$GVfJN$Jxrn};-Fn#V+t2`7`T)04`1OZbr9T})G|i9qkG@D{M}JhsJ@PU1
z$39Vygjv{Wlb!v)zAu0WQPfK2r+#@X=5T8?H7i&w<MyAHNI@UI;39b}#(4B7&x-j@
zrDd>$Au5)N_l8m%_uJCFohh)W>iWxjju`e5O~-?SUbjrlCJMxo&vY*=q~-)so@56h
z<cRTmJrW-j_cO~c;H}tM3EugC-9TVLBewSqeBJ+7sai4~)-_(H0Cps_yf==Z?l96r
zWynaeMRQt4*8ix-WFaFa{@eoMnD6j$1r8HM{ejP}3k14CRJERq-a_kkC*xz~I$+OE
zxyxyLT-`Mpg<sZu*aENv8TV{s$`(yQfHVgGw!c^ty357+86j7t<x66A6SdU)-3(>j
zFg>Q@cI1wL<5YOU{2I#3eWp#f7DQHcPM#_j#zXAr^Csh|)7<QfySxf<L(pug%Dz}%
z7Ie2;-E~oXM8~woR+rohYo8+rR76V30~wf}Bu>?HgSF|+IKlBl-I_;`1XAq5rw#M#
zHJe$KXM-6OA5QKEr#?@-A9~hGHEQ%@>?GlM5=3n^kLbAPj`~YgLnnlk7O!dyXl?pU
z9Rkgj>^{qdk?*d`e?`O`j5LQ!r+XTNWnU{UM|O5P=MG%GzEL_}Y;?VLH;rYftQS_h
zKWgbuMn<Omh@%dKUDsDuit2Wk`j}rFtWSV=U=b8n3r5`s`exl|V9vr|+Q6#}J&>^1
z`BAt+^d*g+@8{<##kP9WfsQL03NNTR0glByoq5CiqNQ8@7A6e#p3|jnVH(|KXLUrJ
z+eX>|MC^c*_A;6ONb}c2A`(GX?Nt~G;%8%wpV{;QeP;gwGnGf@V6l0hawv$2kGYo=
z>t4EieGEZ(QI`@O1{1xHKzM-ACiBN{hUn<%z(Jd%%j}Ep0>Wnd*yy_1A9(ENrSm>s
zk9~gW=N*r6llDZAc}+j5T-?}DO_U{>p>+lNGo@zkS^#owo%VQCWgo+`U8&jZ+MMyA
zzD4ep(YR;{g2{Kw*K}M1yhJ2{NXP=?9cAA(LtJdTFUYyw<QFWUs@#PKs80E4&RaI9
zY+gGy0tve7?Y_~-$iGTZW3jyG!wRVz+R8G9BBK6;%wcxH@wr&B>IN)DSV@i7rBvEs
zngNt43zXUnnf&`%=#R#;3YBYa!(c6>8$?<2@8OZvtQ^Pf&#^iq)XCAtuj<%+Mbr4m
z=bXn}0od1_zV{-|mogGctui?30LW}36Xu9j@E%#D%>>2#a^9Rr{7A<x__FhzkJ&UX
zjUKz8V7JJ$YyX?ZuHkLSPaD8w^CjYY`90&<PD8>7cQ_1H)sqDWZHuC<gUNLk&U~i6
z3TpUQAo28hQV)<@OWdL0<8tHTxevyL4C)#`r{`-bKJfw&J$_FE{3S5d0~GZ6;+0<y
z-IeIW=ayhRbQ5TB)}7Pl^pxp-C8{|zI6pl?AQ1l1`}>vj70(7#pMwG7;Dd!#5RhH{
zw$-5H7K_#wJJ6AY<|e~~Dz`@F?Rx5geA#u~fH~W@g{b_!11U^*0%anqteQ4f>7O%g
z9nc7)K_ILsHjnpKI#s|4^e#K0`pA0?bhUkOTCH{Z{GE@S%AS#gvra%Evx5u<yQ2xp
z1nSX!^-sy;V~iUFC7y!+BkuVC2ZZ$xrG>b02gCI}MHyjXK;N(XkxQLYAGb^U_Yluk
z@GL|K)`ow_nE&;#-S+*Q8U~XW14mC)uO~mRqSzXUuDL=^uQXp)oNWvcla|CbB%37w
zZl`dPraz(UfamX3T`)+%-+l$H|CJyV!T#67Hiq02gwQAbfY()Er9~<JFOvq<`ZJaP
zV-C9Yz<x!=J1<rb!a&6OkW9bq?I=1%L`wV>pS0W9n|`-#g-TLGXn16_{W20OW%{|~
zGs*Vw>6o-hf9klel~DITPY!zXR3G&f`pgIJI~Z*cpjqQ_1g7tUs?Dco{s7rxB#O4P
z&_zi`CQYa)FIbk<5yQDs*#1Bh1hz|oag^@>K2gA)6HqUn6=LX9zU4@bkAc9F1$oh7
zJuH^3X0>r}=*Ny#12G_ga0vCm06i&l=Vt{_jYDf{Zf<yWL)~D^J&r@RKLq;Xk;0fz
z67X~K?lnPttb>DuojU>19O^#+5A9vZTo_fQNhb-~tee+7dxAo0&NM(SuzZ=mQl0@V
zA_m1tgCNw=6`0)XF7%<xLaZOFwsCPN^agjHWa3BWUU^AP<o!Ur|5ij<S!)M^p$^kD
zxXPVf)Wo*B8}W;-=7!O31AaepJ|`%q1yB2&0~8@B2!)ykSXlffofcz;B=MlyGKe>T
zj&+XBv`&;K(ld*5Lw{6#El0=<#XNF&_(k2|K+?x5%bJu#53|LT6OqGFI<;8n^dT5e
z`+j~5?Y-q^bodPzm$hD`2erm3(CXb}$XiV&e&&o6O@nh)X1kn?W_2T+@+*SiDlur7
zge^G_fSFJsj%ea6ths_1PbN~SgE~-D?&aVoQ<RTY64S@WXyhb@%#dsah;B3O<XnZ+
zE9(9G8Gz)Msx+-!Zx?7L_D_bWIsLKu(G3utv&zln$ct?HvYeHT{~ByVuo$OBtPwuR
z8A2-{)E9fFN@(qN80k|J&Kq&0-~BVGlH~vKhLP>$YT+gj?^t6iJZi?i%c2rg_~O0&
z>QDtc_3|?$1g{0a@JIgPdF6W}1i|Z&M4{+bItZ2L=N<zB+dH6bF$<tydnKb>;{}5c
z2$?*^G$rEY?nk8P`}`WZg`u1q1(wPK;GihR8tNv0f-(3W8Yk6{nncOzLz~djT!AYO
zpEk1k<G7na1R98Au37>St5>3z(Cgp?vI7~WmsUmfY^@kWqdpR>ZL=T@fpL8-)vzA+
z8m}ZUC-vjNc5X&LU_N^eAc^$o@Q9|>B=0m3i;mjeJkAFicYf;hOxK2Pca}IJtYY1-
z_%J%p^lD6nbZmawDyqps{7wdcK4%jIG&dXR!Hi<-=_TSWSlF$k6mXl13~PPy<ZoU@
zY8s+TgoLom;_xRrMfy%fpkGw@B6k*DtriO7G^<Ydv=>D@rPP2&+nu=uSQRk~06mY4
zEzBVd7PaF5uagbpLZWwA<Oh<X4Q)WL;FEtwuJp(AAmB~nQW$HI)c=m*t}8!GQgv#m
zS?tova$P;F^ckn)I|rso+UELg^DwC4Is={qsW6fdZ6K?m#p>uVG1%iuDmyE#AntE8
z<mY$rF-)2@V#h%=hALagOjnyL#%y)?eEajmn&k&t8guAs=EddBm}pkH^^ojCJ^&G;
zt^n46r8yTM0-3+OBKcFG7+Z}nkA_r5*;t<-Wm37Ht1y)N>0V6169y~m0nIOs?TMq0
z$vepjmbNgMD$ZQdI2w1w@*+1TWcmy?sG>0uSh;;4;9f>khpxfo@7&C1@Bs*;RX*DO
zQ@kxJ1`7~2lA8`;q?oXNnI#wg0ZzD{RKegpqnIj&U5>`Jg8Or#vV^a#hQR?7Ka*^T
zDbW+T{vgyh!Zi3}Pbvch!ythA9Gy6MaAhl=R!g}~v&PDv$oAz!GO<zVq1#0SAmE?T
zn(YC^CwAJH@8?EEuHGtc&xt87#rTkmo%SpirK-&s4KF3F6KH#b0WuB%zU<<T1{d6R
ze!q92EThKD59OGTMfBUmE9&))cULua+9mLJZ~f|^L2-tk4UG>4IO<~R+oq6uAXYkm
zPfCMSf9ta1VPCCF1O2+FlV06)Oy%WuSPj>18OYcD$>t+xu9C-jH2nggVM_K_D(&dg
zbYI~R%wLi?i3r7LwlI6rAsqiU7M0~&eYB66)<$V`rn=I2l&*C#S<6G~wJxcCV+?K>
z#j-2{3%49opRuV@s2Ei4SrR@t9m^wZi2b60wZSzKIA-URPsH7ebpERe99pb<^4nYA
zjP20A@UUh%#<t~W{4A-t(8_ZA(s)5bt}w2KXpJ@CAokI=L&ISksW2Bj@ZQ*6kP#00
zBb89I(C%-ea|ZV-qDgW&m2Q*hN$8V`(}qzi3;3tCaG<M|I<dXJaY}6Evv#kjlj!uN
zsk#}n#+RB)+a{(W`NEqtL7ZXLyk2z2EpT(`T8Txc<yzNn{rS8p^VE&FpH`6d1CGo$
zvql;Gn`GFG9zg|TBGy!@g{I^lJro+djX2lAfC8YA8%vpULE<4u$h2I*A-g>*X@XiC
z5j*O}$grAG2gjMq*U|(nE|;U0SOD06b%wMBGGLYG;}ZI)BmfRuBm=RR_vfvuD_Y09
zt<{FMv<hL6y{v}`ujrwAcr2z03@+}A9Swo8>uxl~hfA80_2+N(Fsh}dwS_7lY$RAJ
zL1qAio{RqIM%tT<L_QzwS6+b2gm9O=|DP$gg}{An@Jg_u<@NF#P@g}`EDkzR9MwM-
zPa-{spoevr1{}&1farYlx(nd*-gP(ia7_^5H<}(T-UN#kT3({ikzT-SoR@H475Nk5
z$FXnVZE!;}hwE4mIRej=j@p><bO)}|VFx_#z6*>7hXsGS5itP2H2ng<=%JFrq2GGD
zZ{}S#OZse38{@7FAO<P`p<O@*IK<kO*K(#bb$)a`lcxYFK&ku-4uh5W@819#;}LZ8
z%ELN&0q8Xn3L#evlFLV;pNYaCBLe78|J&aj{HSewj;r7^5AaX;A?hh(w^!o-`u9IR
z|6Nr^D5?Mcd*MBVjE6Q_Ba)_^Jhd=Ku)PDV`TZ`@v=itc`lUuz*$Koz?`fBpAdigt
zYw(w>trnNW!L*{7kGc><hv@bmA%2#p;kAR!7ti|8T|kiilGkM9TLB_XEK5^lqJ*ME
zdd~o62=uX?Tu3iWaPu%b@*IG}N<RQDH9uGz?zd=x=$+=);yRsT1&B={0{|)aW@DK!
zaN3Uot4+ri2==t0Zs;x!4i13B*!mQW-SoTk)969~+64zLYE0W|0F%ry57PoW1i~Ws
z1DiDsR%lPvsGR;uu3r=E%|O;ouy(>WeEK_4{Z|yrur`764?qw~DtOS54}sM?@Lp_p
z@>oJt3Z-cJU+6@NiZBEu4h$)2+4!(B@(Bn$cxRc-(AR%|nVAl_1Tvl(q9Ss(E$r>l
zADtoRz?R=<Yf7VcR2s{!4-8vLMPfbTM!>}veMi_jkBx&fszIz*^a`AWN{K$3bjI9J
zbr>zS9xGK3s3){**WlzfPQwB_(Hh5<LEu^5HxBXb9h-OTRi**CDF<OaOrWw71ZSxZ
zeSCUE6#&M!iyWpcfmmJN51^PtxbfB&>`(#}gmiLF&C#GuNr=9$1`@b(f-NGh9Aghz
zJO^I-V<gYsirRO;t7%KrtxY8(lxWe*<|m8{TQm0vO>(i$J|!?`b$kQ&4Nv8)W3!^7
zqQa>32|HU^Sy2M~oxR8o#M9OeI=AC)nCkrelCg}XYn^`8ru9ndCrQx8nPkLz@vm$I
z&9MqPKG2*4Dj<dVen&lo@p!cR{BiFsU5|#aQo5Z>xT2ct=$=t!xuv;Pa0L4B#E*R3
zs@Z5M3_mA@cS+aC(u!~S&P7Eahu0Y`bDJ3hiS-B+(I@ZqL1Xe0casnLuvPB+6814-
zomT*!1b|rwX2zIv^9<7_Y#en8HrrZrCmI3w*~5i+{s!1?VBF}u^z`Z)kbV94{@r;p
zY)?zyGFLojbM>GT9W7aD`^NVE!Pwxbf}GOcEr$<6`elpyRm>G|l~T6NnHv0*!-8iz
z=wW`31J&p3&J}dQpq7AR6}Xn&1wyPv9f4Wq%QwMXz(9;ErE=HNS{pcJM#8zKlr3q{
zEWl70lK0oz`=-++lEqOsZ|au=#64B$S6i)munP(wd%fTvk8-bD!Y)Y74G&gXf-$E9
z3-~@X601NI0J}$}O&o5FhSFD0eFFF^g3aBw(i(VBPJX7eQbJ}K*tk!}C*MFo`etYh
z))x2$cFYJXm50g>$ntH90y6d5KBfr(_CY#ZygL_6+uU}^6vHl%@KfR}dj?fP3f%>G
zVc0$b?eCi0TWn4KA$%*i`bT}pYq%6ShN!h8dK#s~8n_Buv!Vft{rAW>##}R}WjAq}
zDGP!}nk&~~Ss*WQsH2{`VY;J8w@LvkIYUwOVX*#wxEriu-b0yMC_3fi-h@r8SKi~)
zU%1j!lLgiS$izHYW?p+=k*&KO3XwJM4MY#5H5l<ggI?}QSpo<8@KpWXaeGj6h+Qp3
zFRrdqngx%XZP#F%nanzhdTJQ~HX=Rb24N=XCT1zf_~0pO6$z#$K0P&RN4ea>f?0hz
zLqZKQL7sKjL1<>bg4?{aI^IAZ_9b#O*|@-#Xz+6-AeRUE6@%P}I2o`Wrd~yi6N+*d
zOUsbz8Ar_b1cTt?IzX_j-GnT|3q;P73xLxR4_lGDp<rw7m(EdlJ|+3rd1H5cF~=&W
zOKUx~*R^cVde{NL0bN>B`c(KN&kLuCms`&OkYhlQgGAzW%?bdZ&<An_yGikJq`?O@
zYWDzE`18!;`%I9Stw!Csles<`?>zisIUyfYPNTH<rBGfStV|f{wFYz`UTSJIEKvB|
zXwnxi1X4len4Xt`_QOqlP>T}lHFso@PA`6HmwFYo@ugmnpRSt~aY|YHg&}JYD-B@|
zgJ$dR@|n8?gy9jZmmG(7z7x}58eK3{MUo8L^S-d48EH3ameDs}BqbZ++c&v|)L$M=
zI;PmHi&0H3smbKP6ZIg~9b-j&O!<sJjC=iQqixm)6(^P=)oJ8ewx|?uywNi~wE9|M
zhjv8Mzgy*Z=gWH{n9Osh5CUE=#wTScYsSUt9|IWYClI^V_%Z>tq7QrB^6h1D1*1vG
zIssfzGO&f7YMs}oMt|C3UANziA|1wjJjwvfe2*)l%3%8^DyaIHp&G2Zw7<7I{x-yV
znBw_~l3=S5ego?vuXq6YV^L@9g4vl8O&q536`#%T?Eu$pnJ{v&BBp4D0;q~PoMLOD
z^qh_Y!(_ZCl2AgdPP_OMoOR$l)&94JTBM@>+31+bY6I^6gP57ec;0$DMkXlewC3Gq
znd?bM?@`6tRuJ|dAG6g3dH1PCDsl~knMYXJeKGS+=SDDf4d>eK=DYc<Z8gy~$ok7(
zg)ngT--dgX9NJ+g$@TlUVMRImReshz0`!?iPTHfYBel!I9i%~QtEr13?*aCWSDc50
z4|q{dmMY+rfK}v4>LQ6)^~w!3XOz3sV8tT>7Nv72(eRYduQL+I<c6>dtTN7;9~VaX
z>jKN9yDP&VeTyzfXn?z1l1Q&b5ZZ<*29nFwnAY<`=(q}F6uGkwmAknKau`p|>5NA*
z-KA1)6<10MLpgo50NAU`QhaI(`mQF9Wp}bv1@Ij}=<(AoOF}sS!^e3~muLNX3z)2X
z3+P`Gp_S6@d4SS^P|0p=)KtjFbY4AF`zs56Hi}Hgr5xG?0H*`nHvnfVM8R$RpwF8g
znUP`HsULQ>Z@e#|dviW?aa>JDTPEp9d;>U*JLUCJ;^N{N)t$X*QeneolQDwc=fKq*
z<|6?dHWBHy-aiCu!0w?~21{xahe*$5C0Beuu-0_%vpM5^3R^FLq)P*5mth7}GH`JP
zDs{qu1b9RJ)L|3%c+7X;J_<fx3<jQGD+MONp!oU<%>)$(e8ng88vsD5zdqr(teqXy
zwjKjeaOPVSJ2j5Yk8dR=g1y(ze$Kk5PD25CSMqC)Ef%k~bFt{w@Uzt+$8}%A*O5l*
z6Wx-R;Lxo>O+NAOzS$=EJn;bkcL%Dz60u(NFmNIP;4lzA5(GZxGYf_IJZW1a)IwJR
zWkm~=JCb6Ad!4q_){gqEXY5L8(D5h`LZ%k_3vB9|%)4Rj>)(MZ=w0Er(n0LaAacGe
zEe|dbpMLvMLw(R$kpKCadacB2`LISG5Gkbj3=@6LibG<`fMBYGu)gpe&kUJZT1`t6
z;K3hY5g;X+rZ5CxG!vzb2~K^bm8l=vT>R-%2N&CKdhPF$U|<-MamZ>Ts*GB1)h?}|
zL-HksC4^20t(_l5pt>|2;Wd^>$EY$Kuj=E#KK?K?G$^}_7<i;7C(tMTN)3u8Iju5+
zZCChpY<SeU4t9Vp+#I%$W#ejI|H(RN&>ptP548*d`WI#Z6oJ`$q#2c?0c$97R0TTI
zi1^L{)aYR2YkXQO#%<HpVZB$`aw<xM0Zs@U;K-rTP=)+NenC~p?E(ZVIMmTw7%vB!
zo>?Tf?ERpP2u<3W<SE(*p2w+93M;zOFrJs7gx3&QGIvuf2g?w0OeaO!7}N?d9x9@r
zR?64}g++oo*&p7U<>J@RC;8X7;`a$WQ73vF%by8Al3TI4qyE)}DY=teLVZ^awK(=A
z?yeCv3n!N-UXS%#KAx|%c}q1$O^3#9L&?4}7GatKWFLMEM97>r5G77LY=R4svi6-o
z8XS?8FTLwu$`L;WO94Vi^UGY?x2?`rZM90Wi5bgjm?QMR`@`NZD^?CwdIiHhB<R)A
z7a4%Jxh2%yIgX7gs%xeC{K|VU=pjfXgnf+Gk8<6)a7{kQ5lDYA-}%H(2ZA&bPwUb!
z_?wnnJt`ONR6R@51g_vjWJeOyxZlmw60OT49*q1dc(W7FQ?&N)4jp@~xrOZWZdc&w
z?WQ)VklbuD_O=ViKNh|Zf~P_ahq00GRu07u+u5S9caYxD2@7V1b>i<uue)yM*95X)
z2U*-<UO$}NRy3aw@%|VKzO975Wf(msIIGeZ9~JxtUJC@T>0z9%DRA3tB%P$}a7k+g
z&4Y}=(F-OYEbApIXnUBD;}o=6iqiu47BJ=JDW#sDl*MJZQd%ecQ7Lx~p%>9E`~|!N
z2|Qop9n>CW2^xU_C+z#zi@(}4?1keWhiV0>+<AM&41~sERj>JKPH$u|IPo0!X1E{6
z@Ef6lcW-SUfigW`+riV_TX?|%`~*a>NuZ|rZHt`u`_CGspDffPE+5)^y7@tTQ73~=
zx2KELX>#6r`W2i5oQ4vexAI{#t(<;SY;uus5<r~jPQl-0Ja%o+#oM2@^cbKd0lm;|
ze|Uh7|13F?(~7HM$Fdu=8EUd#8ZH0PcQWtyxwi#W;L#xXu}E;**_3wV?=`s@<^00;
zE;e|Lt;l&*#=Zqukp~T^pJVV<<uRo>eoY)`fP@p<w@A~RgZIDKn{K<5e>1d^#{@B4
z^UvIx5>=(2b`Iyv-r}AJBSAyWeS7ex!i6of;mv*B9}}bUP}$!cV%|$-Ec^KF*a<Vv
zBmZw|jA?7|s&RwB$NQuonS{$iPELU3D<_5!q7-wD<R{)|S;i0tz0ccjsW`$DEdt{L
zz(u#Y^K|y1;3C2j7Xpa>f{L~tSz}vdkoT&~e7EIW+JXR}?@oJEy>4<Q-dg<8I3<IV
zk8Q?(3>b5C_B0D+oSAV>&!FS$AFOC&b+9ONI)}!g>ID@~OOF2Ewqc<=V<i2ueEl|v
zj$fc0h;k3`q+$@|J}}Ovy*-fl$5<)=sG^tj;gpQQ*l*szva{U+(_F+l&FHwkkn+A?
z3_UT<7Pz8k6{wx)0>RDXL*LYUqO2tj04BszGb5p^tj1dNC{4M42scnPgt$%C_MMR$
zA1@DfT!JLPs?re9`{!h}Rj4_f?C2ZId<y5YkhSKl!xBM9|5Em4(cW1U8|1XtZYzhw
zsl-P7!`O|vY{56oJ5}UHFXLP(+fGjq$B&Hh!G1mv;_TKpc3f23#xWh~p?e~k#$8vM
z0u)X-1I*28B`F(?GD}JH(C>l$m}aIDNY)T2v~L~19%JU;nUQnxD7EOz3~9ZY?*a4^
zwi{LWnT-h=l_N;?DCbz~kbAiieBp9LeGY3JMkv+CpSh)T?1G7=AK-{knKm&!JXuKC
zYUzmBUIiYccj0SZ7sEY3y!2#grOPa=QFB9~BLEo{RO>3n$|t^0-y6Dzi%oY5Njq#n
zFxMr;)O<*D)dqEfZac!d?e?Lt1|7GS!@I9j!HBuUykEYwXR|*uIf<(u9L3A3ulq17
zB0iHD+qc`)Y=}0t{H;Nv{`^d%Q0kaFfkbYy@blT6A>k4m!m5@K4?1JLWu9`g1P5IT
zdi7ZVQVW4QUE2bVhW!>5qw<nxD<vt?_2mkgGml&Edo?JfHi9dRdVf3?TMY0)S2Jz>
z(Fh4bq)LVGR%g|Kt*2W6sa{&bxXmk|+CO+NZET&gw55RfnLguoi%Nfbo>40C-&sLC
z5yD{{(Q|ylfub=C&2-##{t_EEq=7;W@&jFAkYfB}Fp5IbC!{Rq27_{O)#_w&n37{^
z48oHdl_hyx4j%eY*a<WE!6TPKIRo#}sLRhmWD}n?l9CCu;^*UB3IVx=G8}F0Y7L*Q
z8R>haOWI}fgSV65DyddgKE}q#r<jZ{X-ZiqunT%CCy*Xy1Tm4@=5d3T;?W|kv~i$K
zFvT;TE$)uC4n==9vO!}WfgmS|Zd=cy42)2n@7)84_1-C;V`$Q7WM9{OClimqxl4#+
z3d_xu(QbXle$&S=s0okss)t#qsImYd9yVuQmSH&Qv@h6%V?FCzr?H(Yj2XPfz}HY0
zzt`@3Hg3R><|)c*gA$g?F^cKRlKLPA$R5hV-ay*ca$S|*K6a2{`@TE(813Fbx`ObC
zSc6iEA}zvF=j}b3z=;<@o(jUJDX|CiH?dPFY%x^JIqq2s;Tn#^PGICD({y23TfjBY
z)LyI{C&$4sH^Lj;FN<&J|HD%O?u=}3`4oAU9iSXA5Ebj%r7~GcYAa#6W@TAFYfsy{
zGY*_ci#mmVu`00@p&=%BFq+A*uW;Qv>P{`;5~1UkQu+kdOAoh2N=0QJ84F4s+W29n
ztiWr*`moR%sY~BQ0p=)F<B}Ir8({*L>lWS?QH17R1-XH<VSVxu=xP%U_66S)kzS4(
ztb@doKjD7D8B)=Zn_o9Pg7fw5z@Hd?lh$7(sY(a~fvc!cVG_IG$fC5(=-mu$DCzVj
zMuviGW91D1F&2Y{X)+N#FF_~^Lt;t9mZI8oNy8{cEIC8PfT5^*E(tcoDm*ORCMHwe
zL#<I`SLjWKxrX(!q*%<$mQz*3R?GwSRA1WKtGW6~5T2J;Y(yRpo&Opo048t!bpw}(
z?T$=klm~z%d(<oyDJZQ_6jU@DCEe=(;Te(27TyXQs<@WZ0!I73s5+;;Cj++KqR<IL
z;Kusf!7Y>wMkRc`(p>3F+n^Xg(Ac?zunW_74VqUwg|~vR(ckxI8dbHG?*xKSWYrTr
zc$7g^4F`8GmISMbGcs4-(RSFa+d|zui|aL=0A9%_Mq+dHdzAKhquXUObKImMT5Zf)
zSOC|_g}45pe2;?xflkCm1qxdgae`0+ZQP_t?8}<e|H^U#u`jd;kCn7S(ahnw1#+d1
zrXVRk6=08qzy~*%L6c$}-g$8UQw@BOB7$~&FwR!p6Z;3n#(^^d4$G5v+)_Ig#rWJl
zx3yuVZlL~HDvErmy{Vci_%Y4i(k8P}9DTSewf^Z#yS7`C_0IIPIr(opC%Ni+ltwT#
zM^-;Qcvqb9nMvyi-+9GCNtLY^OJwFlii{OUCP!U_aA5W_5dpE@Cs`7Jo|cGlV)4n<
z(u5E&QjAXdeH!ld4=v&Z@{3Cf6G44?vyy(gQ;c1FywbzKUFYOCUrxoxTvId3VL>-$
z=3?=b>mHw%s2i|n63WwlqUdUDWAv*rMWUlA1-@2d;LNNpiRq^rF;V=ikVaxPRr@)D
zOxx%CH=_Gs5Yd+W#Em93(M=KF|Ayg*{)pc&DYt}3AGx~ZX|1N~6!;CR0Ke3~yK>JY
zaX&>j7`G2I*!K4zq9e2CxIWw>Z;oR0i?OqwBZAzBH_URi2e~wL%uzH_O6|kqlCJv?
z>#9X#oOI28o9#D%Xy&E)deq!+v_Ast*W%N?9t+KKJV5#QwWdQ2M)WrpFp5tq6K=IH
zROGgY%}In?bMPktp4`-6qSI(nCgbD7(e#5Hoy5ElrZRLy2ske=OHQqO?{x`MHWp_F
zTb;fGN?}A`y-wA>T(6^VEK!pD?e?t-Th~VWB3M-SZ6R|sIQpYu*`>G*Wl611l=$AQ
zk&zrVwv^{vd;fiz>ZJ4|Kv-mo8zo;HHnNDa(%_*JWyu4keBs2<*KJoIV9oDt^dp}f
zz-eRul&gTT`uXuUARlX?P4(6S`~R_qJ(86Pe^n97idbe#wk8X%4TO3YQ~O&zwI<>G
z&kA!n(op#!6h5pad!O1Amnx+3y8~WLa-);((SsmKr04U2aN8mh9(I+Z+b6XBzYXUJ
zes#XE$c<&GB}-5B{Gj59TDz1mAce28WVE)(MB^U!Z7McIEU+e@VO;f)KIl7S(OYJO
z@J+IBjcTG|RN9LCK(iKF9{^c$otl*e+#0Se6@AOWeOY4Rcl%GHA1cP@)y54p^m%VT
zpBrCvewCdilj2(#=$o<sX?qU@#laPAb`JXo^pf;D<!k3NS@{;rC|X&Yc85Zz;>txw
zLx8BCNgfKa$X#ycdFpe*%ju=!IGfFz_@}nkE8m5F6+*-6;Aa@6NNAqxx@=?S1fyIm
z1A|^`Jx_XVPbbw{^>e}{xFeS43ad=^ze*4Zhv@ak08rltWM-LIM(#oPNqJ_=TCUOb
zMs{3j6R#!wxm7dRAZe1|ZCmeXqcCc|a#=FqT(2q1U%oDvQ!kmX8(e(gtOKMvvp7#4
zMOetZQ*ox{glS?O5O{jkBA~(g;?Ygl(y^d54f|<IYh>T=VgGKe=EV>7i?JIKYdVD^
z#vfuaOyD$9M_B_JU}u$Nl``|mGYdFsA#s4SQ7KesROk}$@t$_imf@_q!%B0RifQcS
zr1ZJR*k)$h6Rg9a`>Ck-sMabRdDZzwwbS5{<R$Hmg`dJ`B(qqut`s$6WKtk4Lw^7#
zKSb*Z%xVzuO+sx*#U2i^@uvJ~(cE5V6MzptAapf50N41LF}hX{ezV?R7O6B-{ypeQ
z<V=7QCmz2PmrjBth;vX=?X`=`4UN_;UrvvcdH;iaOv~K^TMnNkP?*n9VOk$dHQnnh
zJU(sunNmQi*P2_{`g88YO$`pj{O<9k|0`>@)ea%xB4y_7Uax*4HM!pKtQEs>ra)?#
z0hc?8E0Cm(izI$DgO{SfZ;t55KoVhfJDTw)!9HmiMmx_wlKlPtFmGHA`C4AqwHz0)
zkB(T>56-tmF>A_%@=sDl#NKPj`S-}l4R!VHq@NpU099o!J)w@0z*j1nkkYV}85#2=
zqHkUFr93J`Nyto52ATbtZ6$KnY;~oX9VNNC9XTF9G+d4WvDDb|a!5E4O<!uqEphLr
zHh7wUPV&psRE9PR4KL|B_JIftbD{a~IT_)Ukkl`sanY=R{IgpX;M7L}`OwAedLsn^
zKr1Q8h+88}Nwq#ZE}|bzo#<WH$OtP*nJ_j$HN;-09b;&_h8S0I^t|jS%G2Gl6yIJ~
zNYZeveR!?=qm+#l*!}a`qByr>PGbu0Jr4Zg`5XucU|8Cf-M4Bm0?mb!V67q@UMJ(z
z+#>78YCT}|TqCUkT`fb|bj(O~L%7|-{OP3%g9@j9Ay~#$)M6QX4OUt6!1-W+kcN4*
zW|oqY*Qu>+Enw6FMSN+Dw+1S`2|2?<&A+O8e;~6+cX;u4)ar3+JJsW_;KH%Z`&rcG
zN(`xIc(l^#MCDcbk~EljZ}h`n<ONtI(018mgI46&>p6NpGAp*g!*7mpGUZ>q3<Npc
zTP4CfEIP3Z0zMOZ=HjnQq4Q}Cz)J?e>53RQ0DpRu95!U;f<qXfVo>ls|NhRuFu4K!
zi)ZiWL*^#_7I1zFPjMpglvAl3P(d*LBI+H!rkQ#dBW1ojBRVCE!)DpW`VG=vC6~e<
z(H>c{4tdcZgp;~sV?+Mu5XZ9p(z1rQ<ioASGC^ne7cSO`WWpXe5x*B3CsMty(7;uw
zIS9+}vX;20b(>C6SfNioA7Z&!D!iCt2?J+S2<A@`jFH50HY%!!AFT<UI{lG+3eq-E
zAau&9_a_1b77~?D4MsWW)lnax3<zD%g(oTl#R4oO;%+g(%YmpWyE68hZh*5x1Jo#a
z&YMpy0bc>&qlN$fm;XQ98n`B&pTF`z0OcwRt~h6%TbR|@)%c10hc{Vh6yD>C`TAB_
z;5^=b_UHexbe-d{x5kc-L+M(uZBSvxi>`o<GB>ljn2EiWvA-^pe23f0<)D(a?&eda
z--MQp>Vqr`r~QNb?La9<0T5aM{bega&PLzn>gCvCW#jn9E>I4Tp5PIN!r8ji!voH6
z`Rnnc`)!w)@7nFUaXGIAAWy%aAb5aS3e!FMv<op=h6Z#!rCZP2Z*L6IUMwlKmmJ-X
zJgt7A$@l1VxhAC*Cs7?-#8Nccqdri6R!1;3=z9LT(L3MX3ov1B4Tz@Y+{%4gas;k{
z@EZu)mUe>8fl|EZ<2Y;^w0IOba0+gcC<nKguJx&IoQbo;D9`(yIoI1iQv0AR0^%r!
z)GH20-Mu&150<LVMkcz%7T7ggpXwf`c^B~XL5h7(h17w&YW5Yv_T%BMs;bv+#Y@4n
z?~!Ks>jimd?FknfQ64|VvlHYb(QT{uewMJbVCb9;G$-2+=(kR`mkrJaNZp<T?a*xu
z?p)KwG2`f;fAXT{0=jrjawNND?{r*OkRmRc|5@aR_I^>|+wGQ_?G!;+PVSD>YOp)G
z@dGN!^F3YuTXBKE`85O>*C8TA@d>Q~?J<ZzJo6uu((+iV?s08NI$ypfEb%-E1>BPr
zt<5!?2R-j&gsXw}6W|rx;$2?kpZ(3h!9)XY({34oDwhV^i!JBbW{{<<LuaSpiCn_j
z^DdHUTu-MT`64|$t#8lg{VsN2%6W;e-3LUSn-I^U2gcyJSkWxF*}Cyy@xq*=#YxKB
z>7a<R<~V+;{Md_8r;9|7@AO|ho^ywamF0YaeIO;c@H#=)v{B0ccm7sbj^@f|)AcW>
zzU;;(eDr7#<Jc}m>Z+B_fa^Kj16OOS?TnSPD7fqLaJ6;}JHs3zc~7;9t!hUbe4?g~
zk}S{HodwHi8IX!vbax;Q#Vzdg5ROqDmw}7J>4B**R-g_ydC=^A{NDFm1#3q)Z`j0E
zSJ8%T2QR1}<axB)(Bnm=kIJ@KPvGCK#PojT{PkOVql19;_x?5|$5E}mJK5xOpWJEz
zL7`J~x5%tEB=pBq_$3d=?4k8DHdtuW;_-2uC8Z);t-;8fhjoF=!b6Yq?DL{!ly65A
zN(OM*0-nmR?vUX4Fb_B>Kv4X5BfdrN0|cRurZkN{S1y@DJ$fWd2e#uMQe&w#G?9|~
z;<}y;z+JbIKN-O$hh>K(=kel|I3Cml0(?Pc)@i_V26nVu{yE{MmF`omW=N#E0o}bn
ztzd-e!x|B;4Dxn8+UE#KYLbl`P)lgiFhpfDbdH>~+)j98zu(Cb@}O(q*6XkfhzI&+
zXEFSvXwM?hp-cP9!8IjQAe2|ic~SvEJ|xW)OgR0+GqPo@>~Y)C=}eD|%za%z;gBSH
zai`fAZtqGbE}A|xs;NAEP`GRZZtGP@^<qwITp22o;W>-xxPbvVZ(~JXn^R+deG!4~
zha**X7OdZBc5_GtlBOEw#*NcvuhUPp%FWnCF%{>=6=K~&|B_`yf3c+-q_L(JAX^iy
zCgZ?#lef|a)$j}%rd=~=)H3K+%J3TL;Hhq&^fxs2L1T+$EyKqiGMlHC!YgXvksY5f
z?02*);h6vege=cq-VV!GvW_AIVRIe&_}FXEAkQ&SE95Qgefrn$4h{^DfOBm~>g11T
z*r&wN=i3{A#=`?~V%>8_pAm)zv)d6dOicJ7<S4`qI`bKb2WzUdS_=`;`&43D7v*l-
zA;H*U2!uz5N1)YL>^xgK$##bLP8)shrG<U^g&Hw*jQDteJ|}4oa|okL2e^XbLFtk)
z)I-J4o?MO_w9yunXW4*BhUC4F=q;Np#8Vr9U4TQhWFoPgnltb@5NqU1cI|ifC{d`3
zM-us8S_ja;C(28CX@I?yn^pC_=lwqiZdh_`P#{2wsE9gWCHd#v0X!o>nf^05lfQB#
z)Wa6k|KE(@QCgo18H=Yx)BE(Nwu<)uNUK=p1!8<0Q3n15yf%GuS@-`v?nh|>LK+y!
zHNchWmP!6vT*IMuauN|lCdjOGJXcx9h<EZLNL}S3Gl;s<GGCDmQMJ3Fqc}}@F}K)c
z?Z@;)QXkdV(zU-K=he_=07Su$Sn}iT+Ow>fr;$tO!wd?wK#yUdH?`kLKk5DN;UP;u
zMLjy$yv2*IR*#UC1LUsS60&L^&F!6hD`wz$*h0BqnmW+2^fZ`RUng>Ns>O!uV5U;w
z)#az~lL&y*eH7hymGCE!<O6WO%P~N2yn(&n_3+D+z31cNPB#$a7=Zw&xwj1%VDI8C
zx)YC&4oJSjUV{b2A<XQd43+g9)!u>XhT<WR))Wp|KV*RPO_gf_9;p{xKYibdHSJ*?
z{Qw}AaqZFv)n{Fg^FU)V0Z>;JUB94sf2@KuN-|zD?V5PSQ49<~uDG070zME){oi(~
z6OhS(j{3hX<bU?Ez~PZ&k4ucOHegjjOUdaz!Bo(9VVu1rmQyxh5Z<d`L(~#*-84Rs
z`-|J>l8SmzQepsZx*_CoULU8n2nFym`WN6P9>AiKN`|=w2Wz=QOi!5|!n4%@PrP7<
zJ(6bGfX=gy<wdJmnc9Pq6R32py_aF_d$n7Ewk=;Y)Gldg7&+h?2q5Z6_^AZarr8u1
zJXXMj?b4QAOuu!-+z3V=<X;39_I%9ylzb#9HL<!G5KJMx+oLMUEk4YP8J3!AT6#MC
zuu>wuyOn$oAL;?oiFl#dFEr?|pZ{d7k(l!3Lz1_ysuvRj-usCia*AK#O?!0nAPv!Z
z=3{k-Jl=e8J=FFP%h`PJP|f>rEPv@rtW9tUHnR@;;co&*)g-urqp>4FaLS4uro0U{
zE8J5h`(T5^wV^cCXLbTLA;~NDq4BPqOOo67SCwF=F=c3!A3QI?D+Q5Q9h)GQYEQJ4
zpMYIwu<^+N#W~>FjeTB_SHz)1i+fn-bz?M7$`A!7`SF_=477t0w@+udId<D0TJCZq
z-Z!CloU9s3(oVVk;=hU6&(X58*pI~?I2Zk>BfUR}gQK}N{Ly@Jz&m5-R5QU%FWE_P
z{AsCVF~-1r47&Ono!o$XAt@cbb=B3!P@tW?4$@%6Xy>xOK>~xheVoVMJUl!El9)N>
z-rlu@!ca^-bg3^xa~L@NPr}q^gw<*<PHJrdB?vW{M1$)xS><YDW{fgc3A{$>(S6Sc
zV9375KOS3$lR`8K(QR%(5?XwsQGFE~kaJ}IgF5wJ9=!Y@cHPVABWsZMK42$#*-Tcc
z?EZ*QU0>a>6}8RL9P)3Pa-rf0wXgzIY+dPClTpWZW(g)hQX)0$fK_@flUEn!+!hqY
zfx*^%rMfq6y4CU7RI$EAgTc%YMAObLHk178a0E=q6wJzh3T*!0A6`acZ7wb@7Ne+3
z<AA;>`wba3psh5vN1&>u&syocp+eHgf4DE`#@IKDL0|<KmaR`MV#WZwa9cPV-Q^NN
z$_daQ0B;%3Wb_2^RQQTLj$SanRaajdl2JB}dBp~#N56jkY6Kb;L$(QB4ZSyK;@3Q+
zCF_y^@DKcQz~u2U4h3>?#a{pl6#zY50S+*ly}AA!A+zEYZub1@{h0D13MHTk*;w*S
znBF>@*ZdpMdL!U*-?w56jgYq*EA6~RN9j7?&vS9QQ<B-sKo&XGma`k#ac1SioM^-=
zgsDtn=pu4k%kHHLvv!5@%;NBEz&9*NYP8FK_n_ig2)NO{q%rFcgD#R&`%!BaGMlN1
z>CKrhMZwrz?l=Alb%D`-)_@&jk~H&IlCxzrUyVc@M-0seb%Me~joqU+TxGe%;+@p^
z?-3TRqY8}E#-&uDBTA`GrY2pO)7NzNh|d1TH+1i(7OIVCrf{p9QQ=bUmafOpb-ZLD
zYLFym0}Q5aXPhi|T_I(Zwo|maWzkJG0+TTjqDXA^le=EqVF_w(nmHVG8Z;f24*0eL
zWj@*IfAxq?*eMK-Vr6Y8%#RqndC_O9X7cW@nxtmBXwvC6!{XBhyg89(;BHRIWso9>
zmjL8Mg4XFtG9-4v>Kmq)Beg9szd_kI>B(6m@&fad<pdxDlO^H#&e(-WML>L<9f7G*
z@PUwgqO_3}it|`AAeIuh1$9KASJ_4q<1bk>Gbjr00@QFabzOyKnBVO*MwTaj=!zT`
zs1n_xC=5Uv@Y&efYNpJ0TLpwwr!s-@HkKztBY;*o8)#%_i&Ob?g|5lVXZ3ybOB$(2
zx?bs!$6M5W+vE0K=AQvrQm@gUKvK|oU8`|83v5k#`Apt3^t~B(U5Jxh!qs=Z(V6uY
zkR+`#N|7o6W+`omVy@o)EHxL=`~crj>CGnpaEhi^7ZCtg$Y0lBs{<3Yo9qu^@E6r_
zn*Ph~QkZaa7cD3fjQAxy{uM-%w4VEGX#$tB+Ii>`H6bAIaRLIZiT}+=AV;fl71sr0
z91#f#nTBWg0QMvr(KP*gc#Zx2^9L}P5f*5ze=`35?+?3~aIdwJq0pOPu5+8U!h(Z>
zWD^8DXX<_SWnA8U1aNGi|C|1-5eo}TE%lNz-ESM$^|LGj@NIE%a5U5!r=|8lwL}3Q
zlHH`EpkOsGnj5X-8xR_6|E?aO`QyPY5<Osc)<dJ=@jUkFBih_`^OTHwCSM3O7=zVg
zV?#<C!Hhdn0mCYd3$wzo87EC)9<p$2Pnp2QG~>@{*f*R2?1%!~dQ4)RoGY*s-DMV0
zA4V!;l~$5etHWszQnxY(inTVx&~n$Zd8>Fe?c^&mBoHg^C%D^;Ez(5Zm}H?N8V~(V
z{$912wXUu%k>MMP0@CS+fj-$Lz^1)t=9Doc8ApJ1)6s>Qx1wFM87BU=LG&oyM0`Tc
z!r2C89nno&7-BL{PJ>x(pVA8xH!n`|Vq`Ca2+zJohA5w$sF5rnKx%orqWrESzut({
z0SbVB;VN|<rqA$|rVvhY<X{xQ$nUTtR&gxT;7$kq@vod1>8u8f2iD;yXG7s2E~Yu=
z>uhiQ{EVW2aE*3L^tN_t!2+?3F<JvKszTR5?*MZuWDho9|D87Kf&matgCGtS3T!ee
z05EXBx&||UgcOqx8lt8uEoC5TbvFsXV6%%}mjXp$eszr>Z5=KJ6n&aNP`?$JRTLrk
z?j_b{9G~j_-^1}AgxvqKs{EI~n7z@JmI8!dz^#7GLk1I~nubaX!zY}#gTVq(P~~Cr
zY9AWlFpeuYpxIzT`uaH6VBOar)qw|?kI#Sm2>S1CykE(H*X4et0siwb{4xRXYxgSj
zbznh};9uYghL26A2SbTXGj~Hz|3i}h>vC)ont>Eh^{+0=4SxRDJfRH!vvA{hRlr98
zoB@cZGS33<n~UjzL>65O=rhgrm0*c05B*kde8@>mZ#1GozeeOnVTEC#F^mse<R$Ky
zaRPef;1XzXGox&*5l|=xD}v{G`9kObk0Ai;Gt2_g>i))5f=J0raQzw3eIL2O>Y$PL
z<%d6D9?;O!zLlLgT1dE<evM1JLMsv775-5DiOjoJNi3X)yZpoW{lx|Jux>|<m<DDr
zqqGVM7*(hh!oV(Z^kc>OxvyXZ4^RdL==(XIM~^;;5ZtuaqT(KtjS_Doz|~gg+kE))
zS(qHj|5)_Su9*((SOCLpX?b>wV0wMLt`5~WoI3;{j+z`mkM*wV2)lZf%jaGZ7o0Zx
zo@7x8E1?eyF`SkUz!hvpfcFn78fX(aO3@(0Bvw-~5nO`ZC3tZviOVko56B9#oa1?0
z5c=l3xBZcFy%8EGGc6<Qqq^=LJtg_R`gEAkkogOosHSV|xFc~595@999~n1bnl@fi
z<!sS{V`Oes*{b=a&z$dA^3<ttv4|<Vuo}akE{~VzI<^XZxS*WmvVD*s`9Idn=Q(PQ
zOe`d_mLM^RkAx?$glsxfZ{F1xEn63LeN4+TZluT*NMjdAwpRd>iWKGCpqW64Ug4`4
z!Y~5Z-*xGU={_=WR9@dQRd>kLqOw~HGjE+&g46nVIgpR90{W-*<Gj<bAr>K#0lqS%
zLL0DvJ~UVo338slih~Bb_pfnNyo;akxR9}o-NX5_M~|(?Pg4KeGiTB}b5AJ;Y~97=
zb~H*O#^Qm#fa7T$Z?KT+@#jF^I&+Mhp-s<`F}!*CA+!k`zs3UwOyplJ*E(%$)#ILF
z(iN}0!uNPPaHDERwlbJO&IL%Zf|U&GOxm<HlqNFPL(u+1Cu1aL#isQtg_XmQDn)+d
zSXNsohv&6N#_#}+ploBch?cD;xR^Hnf7D$m;NZ*f#6)&p1%rCL$hyN^^$)I|y(`7n
z!wC9|KjeH{U6s4qovo*&xC{h-wZOga=8&)_@-d?o2FxMO;8ER=k|7<<LZi1+69mxB
zq5cGn$(qe;DJy7ZK7;oerPkf_p@_PZ?GC`&uWSsHq;a$k+fwj;OvQY}>9r5wLP590
zD*(k8IpNeW_<Dxy2T+eIc1b&U);Dxbrw|F?DmQ+TKE~(+Sn*iu$G43g0hv+Z$M#z=
zZERoq#%HME6kt73T(>8lv`@Z>PojJ7soh&UQX28tUj-S_5tbH(^jF!-xtv)a8uqR-
z%c=w=kg3wXz&Ad5TnI#CVvrCgs`<k#-l%Lz1lf1Hi18svz`P{J^-Z?4q^)I1ZaOBQ
z9D^HTIT}4womD2<vB~u!<mZ%)lr=sjrCdikit|PSYL%MDtVxu#w2FZpDrtc}5|Q(l
zj`83$rC3||;a<0xZI_CUV=fKZwB)6gnKi&E+uDr2rpp({1UB!+h4;Gp*xpu+WE}${
zPvn>H#*VeGD30pZO&P)-)<iO#^+Mq!1BQdiZUvF7Wmv37FhIuTh%-c|tIV6Ue;u63
zadB`Si0v4ajGhAbY-wbN_l!b}>BB5`=0+)~_@#w*;dQB39S75u+gjVGPMY$^c-=Pg
zlv-cB{R#)|conCh6~`3Zx!dq8u!F0PA?GhO#24S^l>XM%bAMa+j)K_MV4cm<o@J%H
z^oI`WW=-|ht7dql*)mA-7sfOvY4wXkm`Wlu06sdjv`c2Q&@#g39KTFT7G1jiER(V9
z8*chj-{ME=JPu4-7R#0CF%Q%V={Np9);3Ug3+4yWYStc+)S#!e$~DQ>HBRj>>7p6u
z6qK`q5IN<4=VII!<{AmLwK_;H(ZzIm1<+!$R_r`?mDG%Z@^rmH_^_?~N+J^*|9uTh
z@hojig@y5;?ByMo(v&RjvA*mVg=`L|t3c=iz@<g{-=zVW3u=X5l_tX}uzE=@>w>0K
z_>6KATs-P}I(ul}Af8+juM^5#<QMS9SIc{_72W$Uo;s3!f=^$yBA==s?TD17*zrfP
zTfMIGGR6#7^HbV;nVx+88WF5Q)_uVaz{-ySU8T!?RgFVRjC>G)9~)b)aAtK^V2(_*
zRpy+-?Bm92X*;=?(z@<?jKyw9X(}H`ow1hEv-oH5_)8)kQFE>q4-B??I+|!TpT2yk
z1N@@LXGXQBEVZM(v3M&7pBpf*d9kGkQoDcF{CM|ll+yd4A~$8j>(Hz}^XAjX*}7*t
zjy*ylrbi#NBnG7NS}RCOJ5+pd3UKQ~n7dIM8%5VuqkocX$0!@H%gqoNb@9CDp=lR+
zP|OveGN%QW>TX9~2fPLw;?6PoxyX<ua2?(OZeVG$rVfdwvmP08;NtkxhB#rSd24Lw
zOj+#vr?lg_`BiN10%+k8S<*{+6X9bO;k{fTy30GU;ju%YN=HHWIMm;I$c7O#+1`GW
zwe#aaSZ?4X-aPlUH>Wd_ekx1Wxu)41gkk3%gNhvLpZ0G0NjzqiP&IJD<k;n>`GTlg
z++Uz{IYky-AyI9}aG}Lzt!ZA#(y|<Ska8+R62|QL2>*m#enxK{$IeWpYIancx>k=w
z2bcMc9SWYf;;=(s14sryQeQeRf4-Cd%7n@&t2&SwC2r@hiUu6Kcww%iY9;QA!ZSkl
zxzfCD_+WCIp;Gk3iEMi9J)J$ed!l?XijHJ@2g;Ub-W{|;G2?GS5MLRkIq|aG9GnuK
zG~2wJXV0dNPc%=9&f#~bUTS{~CITqA9ZDM@_}{p7%--dihK(i2l-7E57-}KO^#W(k
zrxitZvBI%e!Cm$(?YUWPd<{pp!H&s+{Jd!puh_iMV8^%Hc&}Dj^x&beYs}&jTP@!)
zxO>2Nt3-K#rR443*G)<HkgoV4Y!0Y1*V3$oX4}^+fExd<hhIX8vT?Y-?Se~%XGuZQ
zKHhP^qf-EgK!>OEu&TpRfA>DBBjH*5n<0NT-5GV(mVV*hNJBZG;zQf|KwibOhBs7j
zLF;H*?)l~F_!=>eSInl)dd=!!mfQ9$tElt-8?vHB-_%nzdwQRaDw7+)$bX&GUfMtl
zu~pftD0#7OUDEuLGoOyT^Hy;#fiPVlP2OD8G3Mub&98wJqM2Cadac!3olOo7ZA$E<
zag?=pr%jtS%>7iadZZ(dc1vnG+FO>t!=Pn~E*aqgt_75qprdp&zVj4MFGO;hH7P4^
z@8USm%^<%?2YYo}n-dj_Psv+Xc!iKSX*)ABBx&nDYS4yfdR|UNcwU&*@xjEr%H<C3
zQQhMw@4^UN4Yt45m%j?|Jj))6k#0fuDGPZeGF9{I*!vn6rG!WHmd5a!1&@j-5w3kN
z&2?}fU_p9*RO`E*i;-Yq`GZb+&smwCK<DjBEyfr|3h*1mkwu7HBbv{DT@t4fDQ};s
zkv*=O@8(zjtE~-q>I8iKLIb<iv;k6b6vP*9^%ts?3|hd39_At0T*q_;Xz}#QtUGZk
zHW<tm7UXMZKCm=o+?}A9y}=x14y0~dhDxv-SHg5}cB6C`daZ5#)hqaxU@H?ju{cOg
z?{6y#R-QwwTVNv@o=(#>@?C#`G3$kA3BwpGzwPBFOdsd}wD;9vQFdLw1E?qns7Of4
zLr93Igfs{ON_U5pba!I_($WahQbS2gqX<ZMcMM%a_ndvBKHu}c-}{|&o$ES(9{-ZL
zXZF4K+N<_jYyZ{|{zJ9p%Om=pnMLP}S0bW_$zDQ^Z=P}Em<}<={6_8h{^A>vvrIqn
zyO4D!U$Evw`|Soy!-VftfK#qn5~YX1)DP;f3U8#IN@2&N!?gUkG-c}l_WEQ+LC@$0
zE7$l*R2zPIH5-RLuctmf2XG4iWk{?iYW}abuBKdv`g8(IbZq8zI$@kFNS}TovD2^v
zaAe3bAs9lFj%M}ash1UnPohPG`zG_937L)|pX~67<AED@AufNW34ZB{##Ijxt?O(~
zhMO9U!m~y%94P>xlMit*<X&L|Eq&p%U0AAb;EF%w%K3ov!%fHo|NHHd%D{I8KfDV0
z{}(FJ+S~2TRP`zDN3wTuA4p_+gRq3g$fpy|{9&#H=HldMUguj@X~ehT)*P2%t(ahD
zkpX2q_0^Y2V5SdU_w$_cxJhc*NMSJB%XXX~(+rKt41xplZ@WM*XPP!}ycGb)F2U@2
zXu4mJTX!hEC_twm=sd^;9n~VSlDz5KKE4H09dMqioZ~--Zr(s)2iq$bBl4q3MYCdp
z^)Z6B(F~OCk^r)!g&Tx&@Y`o#$%=<-tZJQPlju0GMZL}1?QhMEV_(2;uR=4$N^+$G
zGq7ly^iX1$^t}xGAPiAL@vxs&?Fww^c8~xJb_5MAei>gDwnX?p|1C0hFZp84-TO#P
z5C!ptW*$%`BWMH0yJA7<1>zir7wa@WxpW(hX!`%|i!af!U=we^Ywx1Kaa1t-|MqV%
zBYPvSzhK^WCMSpBRLl&~Iz4qAUlyVoyYa6N8^~~B;?Od|4$8hQ3k9U<etbdU5)bqM
zjO&KF=SFoXfcPeSXGI0&p1=?w#w>2ZZc+*cy!h>9+=qhV^D6Gn$Sd!*SxN^!51_+J
zuK!^QhHq%1A~(UN7+kgcn&_>DYpU)O?^rT{w!qviOZX5ciymUj>ld7hxZqq_<xyP{
zsJAxMO-7_Lku-5B7IcaxY9tZ?_xu%(RCp_S0yf#Tz#WSGI{j79sweGm{~93u<ImW*
z(ABh8ou5XajvR{=Ok1D0>_kD6q^#7}7(tMH397ZUvi+Rn1KHP>UCk?l)weR%*f9@*
zlm3Yp2j856n=DT%8&vkoyG4R~@VE0;qJeuobQ5Qj>t<uQ3?R`5st%s|w6ru37m9nN
z-*kR<5|L#e*@9LU@zCRVx9vfd`3wz+xqd5w;=K1eGNj^5D)b`P0O(&y>3971Y)2&^
z4sjuZhP3#7cQ=P@BZ`Ug!WSJu^Ghs!*H*Mz(En14=n%AYz`wVYR}NtZiARV+SuhTj
zyXpfxzsZ#t$3Q;4L=zMm+La_w7qV%3r*(pyjI1PfVfzK%Ki)7ssfFSb?tzQ@;6l(m
z#K6HUn>gQoguu^WYw=O8wlMseJ`PZM!Fhx<T@xVL3_bvtSwZVQ7gs~ljIe@y2>ZCG
z6bo|0b>GNt+m=?O@6NK%!^RdI@ig-{4WzA@RgWcOn-p`lW^m?jkiY4aj1_Jb-XUkm
zz2tdLV7;kMI}X}6%sNy9upHA8mX>XQ%S{P*AMi#-%Y+(#wwg3U4A9bx#!<Hck~6HE
zmLLoWh2l=jyZi8?%|Uu9T5_4_zUo7p0=v<Y^K-jNreY9q4=g`Pg)YxGc2jAB=2Uur
zIaT%=N~v)aIwSQ057<OqF^B(RvUALBpHc2WL{N~ugw&xvaKR#dawXrAskd!`BC`s?
zsPpi)8XhWvLEcAPRtu`F6~X7qrW^UUoP)mapXL>9KX0++!0SGJ(2`)vwHQE@qLEdj
zp}dXcmG7le)gzCoeo7ufCU-y}LV~Gk5-C5K+#IWtO}$5~a`v4m*Ez-8YSwhA+gz-y
zRVJ5bkuhHS>u2JMSvdB=y9UNB_wPJM+Rt+oB3h%j^}a=3>}<;<S_oOAdaZF}?zUwn
zS8CJ~fwV(kvT264S0BYZod+y%4&=^y4AT{Haa`(B{oP5>F^Sok$)<tvqsJbJyHdfu
zpmxW0QAp>fK}dvWn)3_K80B<iOyv4J#Uxfzf#XpAc8BCfyhxY6gt&Q5bylJag52cj
zoujt`VebL)<mSMFV-UbHS`EwK_K8{Htj8gbQ(Qeg$y;bmD?1tPp^Rlt>PFiqW0VN@
z2P*ZhaFLTYwN8Jy(s623sNmR{wjDnctJD3DR+AqvH0#V4-l-gaQsAyvYE$#4-PgZv
zLZ3uek0uJt7AJ^CwF<>cHZ(@CSQKgfL|`Y>i#N9@tuE_v*+NKA9M@~i(t6SI<95JZ
z@%tX+r~BFW_B(_J7!ByjYYEt^Y0Yd|9#yi*W^T!oV}4B$jxb%%>U<EXiX43ylp7}l
zm|j~9ix;4U+~IDxkXsiUZ-q&;d`aa2p1dGQwK6zQ9)wal2RGP1bxdD1``n&sV(l#l
z%wz~SK^Ao@_jQBYG-DD=bOXp;Mvpddkq6-P`0vi-^}x&dR_Dz_+1dy~XLDM$4(KN%
zn=Y<RBV;iN=-g$irDxK)CryO?=mtjR=y1PC_+`BL$V#S#W&+vX4^&!q-YgKvoV36}
zL0Q<M$wt;y6o#gY-(dL2PQ$*F-pN}VeB3WQ!@A!(1yJtml_r?Op+bISHUmm3Y9wSY
zBQ<7V&A^3G`}u=ycZ&7)vF(GpvFu9}YRxwAU1o6WO6AdZTIy-t`Mz1XJa@fqBEr|i
zV%KjNzJ1S+sra#qY`=~78LFhz(sM;M_u-6i<KEc|L-vmdjcvv>C1}IV#74O5AMCtl
z3Y>tB9CwAGPy^o*Z0xNrs8M}CE0^}0NFV%7wp3`bx%7MV><<b;<`kD<2cV<9ju|g#
zqt;|6F<13`875)NbGH7YRl#3sA%$V=VPWgqi4r<3>pg|bU&<+mY`rHG^4t%(B2gW~
zd=1AwF{k-Ot@?hO<v&QdOVoKxC(z2|N0!5%Y;0avXyKD$x{wmc`2!^1AJS5$WouHh
z;4l>egf*nq=(7gc2dy6AjCFGTsq?C@V)IT-nKEzZ1<*{%o0v|ttplJCjlwjI+5BC<
zK{_?57d;wj8qhJt;3}@Qj4TP}*Odq>r2$>cVU|;sTA|`4@H%>?^hY>ZyT29hgNIHV
zyzKVwvlY3(wuO{{qg-97tzR#&9o3+bMCo}09fP(Rv<Yf2K(q&{ZhwdbMk=ZSYMOKz
zAfP7`N|kQkj|PNo#ln5a7;r&hYj5lznO&_-6v7{zOWpQ=exzv}n})^DhmGp|e5a|5
zaNO}=VSI^-y491(aKF%9-KA|`HKry~<nTm7d=rKOhh`^$4}soN^>*MYtRH9v0+9<|
zGqeVXydtdA>gpW4g92=EqA~m)wgB_NWH)i3+5LNhOpVn95;e9b5Mut~DFWA;7Qov0
zYTKk^j63yZa9g!S2J(FD&`>zHYpH9$nQ<RU-CcLQxSC3+bXzUhpsVxz8SFCfq<+6F
z!P<Ls!hta^c0Z#N#0%zmhr-7<e^M2|odn$30P-Byc*RctWZ{ztEc!X}i@Iscmdd}H
zOMB7w3lt99SgAj{Rj1DGC5p2gs3Kbx?i^!3FIA9f@bY%M3VaqrH0VXDf5Co!kZzwz
z<g;z^C==UnbTTws4({7Lw2~!o=?9HyO02BsC$%zHlJd8?>ZN$m*AJXmdFs!P0)Sn&
z1$Q4C0iH_-ldaQ<<>+VU0|y&#x7(2N1P(g=_giR!zEH^A+MD)3Zj~3ES!bwDeHpj-
zs3sqd`=#12Fc)>y{8xa97zlDlUM8D%Y~$BtOaCUMfCaJ;cfOP5->XOCfFgF5J1b70
z+QZfcRNXs+FckAPfZUtu&|UvN3!our%atRD&j9pYFUOG85=;W>9|gq*3m4Pd9xdyR
z-UP0iVG0r1G!*oD#LG2ZKFRHAtLgZ(*I9ejB>8$exk=_@OgUatMTi<Vz>(pp$t$k7
zg3s>Xwn5FcY!TEFFd(MH0;oZCrWhs5FI?qvBr*G0m!jptVoJ6fN?j21EdiO4;w(el
z>Kd|-*56+!J#5@BO$I!w!8;Fd78VFV8(%jdPonV#^kmby?`YAzuS1fz`~5y<=?h67
zD4r4NlW6Om=G?+>zc^Krldf!e+o=i7GX0&%&FHJJ$Cog_0)mK21)5+Asx2F0s!FGw
zeH6L&-PukJ&}I01OYf)B{w2^~rGX>Y0BlNPJJ29HUd_s5?x3r|)@6Kc>AV5u^WlBa
z6is9^CAR2Y`tAQdE(4~jXIh)yyvDHxo>r~$>sHk0PqP7dYkbqT+`4Dct#`=ic&>T?
zCcz+se^e4}fxsqN*9x-rZ*Z&LlTcOG^@rUB=L0u%$VG^CghfVyC7t2b@881Q;qv*^
z+Z}veYw-C(NC5pLjn3%c{uJwcSo9dU3%Q1|9hF~TFqIV(vr2oNJ#23NOj|}L^BpbW
zf0`p_K+OEXXhc)hLBj4&?v3=nO5uYIO|2GsPuM>xIVCDl=$NSkB#lPU)i7VFRM7>K
z82Gfwz$E>d*bk7|p~vRifJrz~s#<<&?zdrCSI)~io;B7X^@OpscTh$QZV366fv|DQ
z`lR^L112ahMF{QKG%PJ6YNTYYo7xJ%-ji<@UP7nm<XeRSNJYs!7ODX!77&gaXld`P
z2y;W?$c#Eoi_DV(n5ObK4PK|}WsLrVuAi5WTS7T}Kqdq@{=XPqREnwCL~NcfS`c<Q
zlSr}waNhHfeNAlvHoEfS?TppPjr4IXr?&~f)q7BRc0`}9$o>TJlEoSzweSYjfz~$&
z44H)k+}5XlH|QDw2(R%?=<EwQuOmG5BAINM=zMq?XunlU`;064E3PaPVEQ5#1d|uP
zu_a%`C?CHAM>6|&y@$c+TsM|nfCZO(2hKS_7I9(RLMEq8y<}H+c`t+;@-w0AA9)I!
zr@jg9C0NlMK*7lef#XU2=Gwx!{u3{k+1^YU+%>L*Tnv~u@3)IFu<C38au}$Z>dTa=
zTPtcKl(y{=A(D!J76vlE&wHix{4Lghr^<3UV*s3o21(D<lvUWMGMA3(Yg$s!oXcR~
zh0R@<te$9B?cTImCTLc*4f5;>pp&i{P{rzo^iRKvhaiK;ntel>SzJIBb|-YS;ugZH
z>v122Pp*O5B}5zm;4m^U_@T#(#K7ZCRsubW2`M2AGw`u#4wRu0p9AW9Lt19$EZ{aK
zI*c~W%b3mHm>O!^2%sNdgx3atnt_7Gk-Y;?IBh|&eB&X=@HW4MNJ8Z^rP_=}2&xru
z6NVoaRy2os@fe~vpU$hF1YgXZe*?hV+3HCFhzSXKMe0g|weYTX99@`qe*N#M7S>{z
zOXp542j7Z!TRX67Zf*wXA_Cx4^zGYI=0O|pH1kZl#@8@G6JoxTK?jYTsq=)Ig+tQJ
zDaqb}jKRE@79n`oVcjm!X<F?0%o7d|Ox3`!X40bu5MLalk&M1rl!%!2Dxi~)*B&*g
z*nWuA*D5SyB<Ru={g~E~=@6i&Sn|4y&TOF?fSG$7Obx1(KK?zw5P-F8K7fL`>3M}8
zv7okDsGZ7t(Ja>r7e7GsYD|xw8sm;a9pW6&PC1WQ*JNg+!S3S!nNOSylZ*p6jO?qw
zI?7VN?P)fYy~2FLlawYFM~yigaTFqCS-DInp_~AX<uex@(=`94lIIwpZY&M&wAg-G
zv~XU$vkYJ|%8=Hl;>;kBfd!J(-8aSOo<uJQ!jf}5t!P(qgW68^zW-$ETv=d+!8oCF
zICW%`)%}jwu-%6M`-$Kj+X=Mwtf*XOEFW*98}RC3gTdG?fz$TV)pR7Ogxy_OjacW|
z<ohSmbt6wWk>8mk#3z^H0orx)t$)7F^~zE3Oj;vW0go(=%r=mM`5d>SDG=l05j*s}
z1rv;T=!fAQB1=+N2&7Qfk@0LYb?Rx2-D36@WgF-XtA6y#1P05(`{#RUq4r`aQyR7R
z{1Cg^6^PH2$(pkOG(>z54OXwH7~inI=4IroA|bAT%~8OTo_#rfD5kgnO~)z|UOZ}B
z%f`LuGR#HD)9Uckm($7KDj!gtQfoEA<CojuwSRR=1|1fQ4kh(rvWl+Vn|bq~iJ2eE
z0m#U>%&|dFvv7eI2a@qYDRV~9LN>M`zSq!R*|WMFoanLIw7%&s;BSWxlO+IZ5eB2b
za#&+B3^1vjqbG}xRTJy>FTuKXfiDJw-5vUwcJi~ysrEh7#8;0XqPsFJl^BcFm~KE;
zxg$Uf%3J#~(9NJA?5d}g^7wWyPpIgaiKH^944{D2BkTk9uSUFeJ0B_i@g`rrkv4aJ
zIs+u$0{}%rzfT074ESDU=y>tgPFXmiOS}!wu=8QNOK8oG@$ShWIVE@JWe}+%xR_6}
zSx}+}c3rs!<ULg>*X*3pB)DvpU<fXMyFfmdrWRv5eHFSJ7EE28n$7fV=<fWjgX!`}
zv}7j`eS?8J9j~Y2jeJ9rJV2aHn;k?He^J!C=rz!kAWjB4$~Aq@w1CKVy2)04eU0mE
z!*41(xAxmj3UN&D-d{Bk>*#gmU%^aPL2^dhDcqD*4HMK>{GymXz%F8}_W9XR;`3^A
zI3BpM*9tlyUf-y9F2aQ+8($Pu2y!SM*O21P9Yp&91R22T$5ATnsB*Mq>tBy0cn?Rp
zyzcOUPM3!@hzzf#Phx3S<NQqr5wK+XUteK;c7Q>kELnu>>J3=@2rPLLHVInGL8(We
zvwt#OY(O{cu;xY~$Vl!`xMjYmwwkcfcDMqo__b>pqSBpf?3?a1`@d_Q49M$gfKyLU
zyL$rAZe7?&VB1$Nn5q9#9T5p4xX-F}Z;yjIMm59+S_^Q?p^BLHZe;OHjMaR@7LKa%
z?b6h(m1|aF7~Z_Uh;{9-rW^Ol{->S9tx)sdJnFr1@vM7wjoi&{(%0!!I~!<dHOvn;
z(~PDnEmygwWM;QPq#DF3z@|}%09m+0>W^0`ggMM*+xhm&rkaQO1e!JtE{q)b_duk}
z-}6r~&KwA-I2%kk9~zfb&(`SklHkDBFBY17@BL&4lSx>eo)E<nCHG>_5`cBG6}bW%
zy#%dJ@Z+~lpVS+C@mm{yp}$Su&#M=&zV#SHcuC7cD_E#nN~e$H=`Vpk!dzfiChd(1
zxcKcq@qCAUz`39_0<Dgy^#{mCI_0@8%6#u>z~&L#3P4N#B}rKR?ph~~VZ7SRliR&q
z`QL$oML&SGzWy{Rk>t7f$g^|@WL38@Ph8%z0WEehE2Juid#8nV%&9g7p-)k28J}AR
zGOI&khvU<8c^FI*L>s}>!vH}zPHiRWEq$IYR{+Xw2I7jGV0yD%Y|U-o+HZEXQ=|}>
zmgzbaIsXhZoQISg27v0~Dfo%inD-JEd+TDY=nuav+H>|m-Bp2NYh`9xvH@1w0a(W#
zAFAWauznz_$wV#=Q$3WqquXLSN8c##A5CKNJ2blqlwEhw=HB5(^=@NwY!2JeXOntk
z0h?5fW<0V*%u<RT8xE8aU|>fG|N60@R_sm0Q}V={P%`a?*O}9*=UHF*c@+<#q{fKf
zc7~T**S!aar$a>N11Mr1t$sJ6B3(-DYP1xg=N;@OU%9+%-v*>=I($-oDH>^1>Lv=@
zoNoNnZ{eF~Cv|6vY_-Ym;&bPXfpr?sp2WW3W&B|6ebZD3<m^7)BzSHS2fa1&6Oq#z
zYENd01c#m;<+|xr<+46)EgyLK_21w3afH6F__6Cf5bW0W5I#T8xfR16&Nl(6T!ARl
zhUkPBT7+nHNCybF<_R9THiWxc+s(N9bOuHw1p3LQU2z0$<iwCZ$|-p8uec9cQ-zqu
z?tloe;K!r1f>Uo)`E3;lH^*bEZ%TTl=<2-bEid45g8Y}2e33VRF9eXoLXlrFdfipr
zyw18+Z%>ujdxIF{_S;^)NWt*8rq^!2S2j#-$Ad?FN6V+>dIj(MY+zLkuw0<#T?{<Q
z01VXN^7~nhu;V~P1-M-U;9kVc(!oK>>RQQxu@aqW^HT@OMh9q_>LZ=MmRX?Vc~W=Y
z)13D762bGvIMaE9TLpL4vyt-_Epe@Wi8BD(1z>IpA`|LNK2{VsgIH}G?~n3!oIxrT
zX@rgU>Qzk6aMys78W1_lxw4Q0px)J1IYH2RF)Trj$6chYTlCu5%2Mj3NgHc#CM8YG
z*gJAPQMzNm>7{2Sxt}_dW&-tcJTFXpQESC&@7@Kl2=bH6Pdix6a8LCk+wIRsy95BN
zK^SXG<Z5Y8L#ezdyl&=`Ltv@t*|+t?TB|KWT2ekY*TFOuHv=lg+-y+_I%Hg%x-Pir
zK%5sRABQ}cVx`HngtBi+A%k%swEelIuq)OI;NqkYS=nPK*JeHLVWcfn+Vc>RFjr#+
z-ny}cQUykCO9`&>YjH|vaZJt*swxsb`WMZqvmRy$+$kD?R;9%i*C{!~XjCNFwp1mB
zR_;d7YHqcBn=wejtR^@ca{>g7O-ZBjz87t4%TB2%@(+5KDz%1CtND(uKn*6X=P{U`
z1P)C$IIFY@JF?r$hI3~e$Aza0WQAm_Dl<Hz4ZUw}r^nsTY&g6Rv7@ANLydv33!Cvi
z9*!}Ku0g8-$E848mhr`w&lRMWqxOeMD?x209Jyr3G5E5;(c$z=jKT1NRVA1DKxF{?
zfUHScw)`T%9=I800IGQ8+{sP!Oc62E_hf9r*)!UoDwIvqoK=N(nAcwQHR$?F5WTo8
z;|K8Pr{*2;pS&8f<Vp@7PQCn>P7h_TGF@DVgkzFazbkx%fV*Bjmpkgfr5c@rf!+S6
zyf7whOL^fXkP9UwS6Q^88kEoHRv9`8VHYW#r>_m^UpS+KkA~XHI>=CTJd^AX$Yp?M
zI}4XCewb+3<<PHSNN09UOpMwESW5ThnPr*9aoY3Iu32y*(g`K9^KS2-`Fi}|2_fq0
z@1~N#A&>k_cHfIU#x-5scrGY;t|Ua9LTz~AhkaJ`C^vcdV{<p4rw!?HX0+klkt(>3
z4&m9nf#s8FBBZ5GLDl>aq*EN5c!e(Fy-wQ|O=P<Tz$=L3REUUqwK-nF-9A#L4)7fu
zeFnnU`CaakjbQHQmLJ~WX_o|C<||Gr6~%pD$~})JE><+hG<&c{0m|^ITG|rv^^(0z
zxnqjp9kY#4A<GL_fIrWJ?-Jy+(tV3Vh#^z{!c^_GAJH2pEm(m)as3%g5t&}#O5H=Y
zuv^-vjDXuY)NBr~>r`mSxih!$DICM|jC;nslG*Y4=B4B;M5Tu2q&5gZ>$G&9U|n}+
zHN7b2fKY=wuE_C({58%LjPWI^C$6&5+5~c3Uxpjs0Eo_KNG-X-T>1CEiSsku!I_)p
zA8e(_6=_CRG9$0AmtYXCwOta%O>)-9bmnU!>K=G4*biXLjO~=O1@!nPwujKR!+X~Z
zv-G6c6-SNX{knS-k;Ds;P7-X7N_SI$Ikc=Z_d1Gg{)(~oD8*b!sd=EfPaXG*cq&&p
z-^=?S_3ub$Fe!nsXpdqoIDO21VD@NzyUo~bFcCr<Ibjq{y0%=ErRk8Le?V?#3s0u6
zjb0<^m|&mOHxIr3j$mD?u=gaYohlNOxKU!y?UOx-&oJ7R8nHiYGiu$iy2Du0oK>g#
zc@G<55~#aqy8D5Yk3I+8L2#4h!73-CU~H`hW3&>MTnjb!*r!-rH3Pp)VR>H*JYeJ6
z4cNyeI3mq7-G28@4c_b76Oei3_C%YMk4#&<z2W_)+DPG72y*7HiR+3B)FWu38L1xB
zo`o4Cj23K4E7fZw--Vl{MUYB}KFzuv{1%FF9IID@A4633o@>Q5nkvo1+U82tN@p<#
zt5b2<qhi(^KXF{c7lW7bB(*Y4Yx|*>mGuZ)?k0mC7)`xxGGFwwBR?6)Oo{yBheOtt
zsB%gsc7)+=w`6W}Vz|@TXE=s=4xHl<&exg5-(9eujx!Kdf?cIB`VQm1OY;#ZK8xz8
z^%pMNWxx~9oY0$p=qBT@xYzHX-B=_}#pq(78;{>drSR`G==B+T>@ognJKX5=7M5`d
zyjI>a*7iq|ZBS>!d!0XQ&(d+TBfVddvqQ1AGnhrng*nF>OT&SCqe#p>XW<pz6~7(*
zBm<S>RPl^MxPp-if@}hz;No>vq1Z@g3~(pVbp+Zu-+z)ZswCvBdWb1m;iRole~o&q
z!dlHS-@6d4bVy&MKK;XH(AqmM*r!}ZYtolb^hkp#&-}<SvxEy%b-PWtw$GX<n8FsQ
z8?~7}0iQ``f;L8<tobk>3u#F|N%BP87kA3|$N-vO#DF!65_zjf_d(kSz|k#<`91V^
zYN}^WOOw2ggJ-y{_$7;HBB^T?S5d40X-gwv=$?2Kb?t4w`;jSs6sOAP>}n}KpI19^
zI8ZY1iA-(&2pPwW-4sX`j;t%EwB%$gkGcc#A2v{Y7J5GD<XxJV7loe{sjld|FI(6V
zO0CnQg<FvuC*1aA%P3Z)5BJNwf(y01H!0t|D4sZ`-cg$bh?eU{{g@@_zL^bDg)-yN
z&LdJbvu4|y@!?OoOyK+jrK4}T!;U^}Xt*+CE9KPWs`{^sW_2$__kLC))EPiiPAfVc
zNbPUxe>R}LmQhmr=w?PaZoZNu^7(RURHpeTT6Ag%zGJ>9UPaH_?Hw!fW|_$Cp43Vs
zghW|os-9Z<jVRutFCG5NAF><zs2Cc`{J=f<S4AWn>FUB2jVG7u0FhoatlEh=(itYW
zbJHW-P^(t4uYNqyDn(d1h0qj~4^UkvpR((T@Y*oz3q9-&m{`3}N$%!5#2@(E06C@K
zfiGm+x*}3u#630jT{%~!?~p>!Fue{p+0XXoZGbbdPYsM7JDEg^Dp+^)uxkyv4=r>9
z@o8wyuITXhsI%o@!yA-TnK|Ck0xkR^C949JKSl~xDWD??FoFg%1Pl}aLzrxG6DGLt
zD6O65aIdVTHUMMYsx+nc_(;coAm+$zyH&9<s*B+{+>o6#oh`IeUb&{e@Z~bAIGqxQ
zNX%$#T(l$nN_LqAkzQ`_3tjOR?vQn-lliu$sA8>Vxdu?<S`?y?<F%YT-^U2%y%}Yu
zKv9&P@-{rOuA<6u+k%KuM*0Eii@&8zA<reGk(J!E&;EJqmvzV!{g~_P*3V2}22be~
zRiJ%mo1^LQ;24)NAiyw6NOAk;_f)+<#3$Ye%;%M4=PyFCMB|`-6yOX!O%Kixzlu<H
zS<=Myz$5@pUuUtH<1QW!IErJm*y73p?G_l2ejU>S;{66|9eYF0@h4J>G~jZJjwd48
z>iU`*s%d$i^6iBMyV07r-CaQjy`7P#6J#eq!E~k7R<u)ICCy{PqT4T0$&$mx8igC>
zecy6Geyr|SmP*eHJgIr*;vx5a0Z$}Q=GRij85=4TSF;|<A#b#1o|j9Yj+@pGYK->Y
z{Jb=;QzR>Qoe@g<+y%8VA}SOMOLAe7i+p8Uql<NC(`NDE&mtcBi(Qtd;EoZVdMYB<
zZ{r)Xsm5^{aeykSv;qfRufmP`!B0ylkE5Zq*%UyYr=*b9HvaP77f<m%LO0|*UnvH3
z5C(xgcF-01d8%nW4F$pTKSVO&4yo=~Eqjnuvrx>79{gDG_hJ|htOWopqrY~o4nH81
z6D*1&j*%)-14v$vldPQL{hZsW;bMekl6s>3Hy~FcL!+U_3uhDgcFgnmm^G!>eds}?
zhvuX}?jrou-YqY389`Y@6s6O$8t_MRnAih{xe`DwmD&SOUv#-R++)oi<V058`PiAD
zWC^YqCTSjHy6r$k>!?$|Wlg*y+=E=q0zxYy2kn9oe(tPt2phyA#?ZR*A0ytGrOKMx
z+H1*E)+RkYn|JWcpC|YF7zMOH%Ny27+b5fQQJy!fCZMKh-7orX2z)WBxtw|_LFKo#
zV)SGCScWlPvpEk6WEo3A8ZS+XBs^oebzXzX=@~NoFN>it1$Co{h0oW{K$D{~mY&(0
z1VR-nnuhB<j`pAuWvBC&xTk((EfwVDwi-01Ri!yEuVS>Mw;K~VaF{%guAo#IcDnt*
z>44#n#l1sdCaPFka)&~Q>5mxj;z1Z%6kM$Phu<uY2Z+!5hLT(W;$ajQSwVsG0!Jg$
z>)Ca^d6|97GNz2OimA-JsNQg&7?E_i@3#lZ>b`j=y=vL23OLZNMG0@f%#_LVTA#%U
zGVOpi>VdPXS^iQhZI2`MlX(d^LCNIFMknIgpGD;Hd{QzDR;~k%Fni$(B`FH!s5#eZ
zq>6=7{08sh(?8P7lcv}49v(etiD!S-^7S7yzWvwBqx>YdI5>ulp#ifF8>A%}m@qe5
zNvoBot?QHmhg^OOc)D#C73Q!d-^g{19sRLxPLKeorc7tBElPb;Md>;Mg7>*>@jneq
zdE_7rq}`MiGM^|r;G&n&Z>j_;u`)#bVvV&WQ0lotB7Ow=O8bDrOXF4|oVydG9j@a0
znF-H(siU_^9j4*$Jt^d<1L#>2WUZ7TTiOg#mg<PFinba`v+?!+vMAFiWi^jE9g6L|
z%G7_XYr)mX{%K+FO$(2&G2fAV)qSM2#N4%unctG^*1TBcT5)s!i{RY2xh^93tIy^1
zoYWdYQxH$;EL0*@;4W8X+lIJOO#&%beZG49Pnj>faqq=)K)tLaGD^X{qu&DGiGX*Z
z?8J{x?I<#*Q)#ePUo6v?WG_w}B^ws4n&skVrWnD2DlS@9XZaE+6~_Cdt69-3g4;s7
zMimK4Y~O`NbJ}}Hz2)Nr3UtG@<!?D<WgHC3QZ`{iy&8A<?cZK+sA*~2L8%whx9SvO
zr_PkBMi^!(X`QlK|1AsSX!*yK)0ZWZuHg^as?k>UxI+E8v_Ar*MNHN3n0%!;A3r?Z
zNx<m=ykPTOzo-Q|ZZaM76cQ*sI~V@=X9X&I0`*}rOApNYQ)p24-1}Xl{Que`6^$ct
z@TOg*?xCAR1JQEkB0{js^hklLf0VtWXk*;X0mi)b)N{EKjo&^?-^7eIb-~#YO=M^z
zgP&UqnIa;iBZ;S|Z@dQ{uOekqv|Gkef=NiZ-h;rDHxc4a`|Xb_;(~MQh;<2E9u%HL
z<(SJSMq%6^>CjF>xE&z~oJk^HtpvpA7bu0bKiXeRZOa6%cF{gLPi3o^4^ujwkv~&G
zg)__Z&5ps=yiU6CiM7(^FSMxUr-sethwx^@svA*>?p*(%c6ZQoxVpMT^~wC}2d;I0
zd}({LuU(mpsN;CA|B?V}T<hHe5w1ckyj&MrNotpc);zem1%h=9Aq$R&Y9}G&T5@F5
zAW6Lq3X^D6K`xM4eHQNJoAk4?$wmv{%$0GRc3FS?``s}EbF6<s7LIi>eC&JxgECn3
z!(^luR&ajkf({5`L^|A>vIJ7sV7frwC{b#gQ|#Y@x?T;z$|+C&+^f=X$XGsKGGRdV
z#r|f%Av(-q?Fx6(Q*&Yyc$7whl;pY5%PLaMBfrZL>Dj#bkf*nou_SQSP#&n^tE_(!
z{hGiIrbO)lKxBSQ@>Eui?F=)<b6UZP#zE~;E4ROsP9b3m-pD(Q+|za6ygB?;^@@R!
zABJ96I2aSK;xmRS2^Jnd0T`iEUL-c&JjwH0rZ+f7>BwG|wqy|<vfjLycH2pImb+RE
zgPK+_IF_@X3OeEb3ZkS$tp|aN3d!xfrR!1H{HQ(S8&5@g3YeEs$kBOzZ7TXzn%d-T
zu}27jXE`6<VFbZj3m!!6-B}>~*PqYll9PFEdaZV1f0AW7);YF1o|Fl{XBCJZad`R@
z)uFma8T9-+ny6CL_RRZ4B^&aW--5D|Tiu}uoUA7RI69f=@-#cfdk}o(cBIVNDy7G1
zIsZ<u%7N0+Essv!TS=57I$mj^F{!d34Jp5WZw4Ha_9jXg)O{pDxa~4)s$RC#1tGPc
zzCDMci>O|&J`~%QU(ey2?PRaLda<sP6(Urf&fz|Y$Axn<kx0(Uy#~vX#b>O<Fn>th
zS~1E;4eC>txY#yO&g<CNwZ{!yG2?U+zLog`$E|ptCC5hq1nIfy)w|O~eHkCa4PnpG
z$T55CgXpbR+JoLhy-e@cJq*P(M(4(b^}qT5fB%1a{2M=<qt+)-5lRRTOl!|k8(*F8
z0`-S;=d&~z2_dvS6Q&uTgK2UsNFI?~`Rm=gmmg@9^z2z}ND8?PXFudm-3X+~p?hYL
ztBND58Eh`qO>Za_Akj#VCf0LT&0cs7KXHup-lFHs#zfVD_P$Ha0&C}_UE<E(MzQB)
zVii+&#V)cNhL4%m)O8uQq<QRY?Cp=CIJbxnvwz^h%U1sb4UV)!gK@|3Q;@uzg$*25
zz+edylz2D~ZM;oSH9;;tJ=E_?ET<s5=L4AFVsEoBh9p@si2xBS*=~6*1&t0@HaH0z
z_P=?}rx>fRRIAfFdpU?U32N`hbhy^y=-_5cs+Lirn(=HB=UfoJzJB_EAT1ax9(Em;
zu=F#8+=u^sx+yr_L6G40r{t!ajYLLLryIpx5122TKDO~Dx%3jYBs(V-V&HMwW0b`F
zk54s`p~r{#{12(1>4721*Xt^)&aP3$(gR97hh6bzI5-Y-N*vh{&s}dgxw7HGJy_|M
zSZ&|o5s^!}F&?&Vz1kf(@><mEOmun6+7-Mk1K%6%<#$hH+mKK*+3`Y`Ryo2d+Uj&#
zWVN$)zAEXfo?Vv65Z|qpoT;N_rB%PW8k4TdlY`P4%W>XY(sYWv<#k#fI-FgTjpcrQ
z=Sv8ucQiL1%%`lQ$kkE3h;RLX+GXGk$wl{^HtS|O$&;$}`jXDhm<ylcO&mShbT8|s
zl_{?DoZBg!tFs<>dG#Juy8DifXOV~V6!M@+;s7FuB-xSyAna)mtDAPkb`k~uViCZ`
zUlCKucPr|ifXh-fxi74OZaKAQc0(4|5<Hfh!Z`33BMoN-#cq0|Js)L`_c|^_kQS&5
zXfCM@FszP_IeN_obPVNtjkD%o`pAhB<BzdU3&Z%3<wohU(Q8J*xSIigt?qi}HST^O
zyIl5o;v;7VBR=M+5bVlbIm&9|ghdsp?A0gyl$Njl{b|bHX$}FNrai*ri6sRCTL!$d
z@@P^=`*_dq+!cXwd}trb8NmXE0(*5=4t#lO<(_ato#~=Wo7Z7j*Q8@h9A@U(6g<IQ
zs}6Yt2=CsRI@YP-iE`1Iyt$de&reP#tq&IFcLOX;aj=;P?u3|I)INWk*hsqI@oHK@
z=WHf`)QM(n+%NhpAl}jQn6m6${@EuHr``KC<p&a>1eTy`)}34OlR~sVMuH?Xi-F_A
z0EcsU!r}uj=gIJsF4XBkr-rN3Fh@xlC90P%sb+r$F?9}VaQzBuESyrVZERujxpJ<5
zkSEkS_<65@__U4I$u|&d8F6YD-(ct)*g+vbpm4ELI^0i#fR}Hvr|{RFuN=(|%I-v;
z-ZeWGPAFaqvHq&+<%vAL0n_uj!d=o6k&9hW%`!Gq-F4jnllvt6we#+9oL|5q;o}!G
zpYG|*Sf`J*+7nH#ey^H}1Z+EaK>%Yu?2atcue-?Qhc<Dlbhssnu<L@UyGW^DYor5f
z%)19|Y+q`qPWAqx$Iu$%{k8hu=FEm4CVC$^yIlca`NtVhdVL#^sdLz^nMyir*kP&R
z<K2E$Tf03$g!R^JsJV8(|7V+6Lw;?cu9c??N{f1i7q9kFbm{hh=%9`b9ul|u;jyEx
zMMHY1jF>!r=BfDsB`@J-Lmpl*;gu({e`Xce+g!)vIUBy3#E=_jJTR3Y!w*BPrm^^$
z;nke%PZTt>U}2CjfxQWj<0R-R^N)EsE4X^C9!3Md>~TtTepE5Hndp3;Ufv)eyaVR9
zAW=|@kDFliW5{z;Mc0M+Ms#zgq|BxZH9uBhyiu1)PH<4ec2|{<(%Ru%MB&$l7NceN
z<+;AF{vX-SWyrd}*bx}F|1q_g{itGx!zUxL0pyNH-%Zs@x|{vr97WaCEME1bGMrxH
z0hvRpzklyormKQ?y(ZdX!1@mfO~om7y58n~k4W9V%YDSpuUKo-C9uqVozr^Bsi9)3
zGN`Uwm3Tz(?*R~Xuf|pX{5bBFhr1(xQk9L9E-Ga<BL7slOx4CucYwz0jw)qR$Y(m~
z(&AvhEDwUc$Upm;v5QPe52;g%Ey!)jFAl{cz%U)w7(Pu`new+OnOz_dYYLc~8+A{k
zj3Ek%RdS?4j3l3fU8hd)$A{03G=1|6B}+0m#sQLaL1NQz4|gNwqk{7?Fz~<dQicvC
zWs(g6g?s6Lcrw-WZ=BTI{G{;T2KevHNbli}FF~1vi=XNL=l$Z8Q$PM~s5og4_eK=b
zgz4YDYU+A`q&yi_pk|>wJM$NC*Ke3KpXraf&<yx(KVA<4ZTq}GavzCA-LC{YS{lQm
zeX`T+<w##LeXncj48zY;#klHZljK?(woI1Zkmpu#VXc`XBF3PhY}1o(<KgC@pXl6Z
zHkc*Q68|MZ4C`}D{9=r3h#5pNYG+WT_C$!|uH(^BeoY}ie<Y@w<jsGq$5i~}P`0q#
z)9LgF?T`Szwzl<NpB1?Wi`&P6*;0Wz!#0TqYAfI45th(*_<hZNE&qH`_QsqrqH61K
zx%IS}VJ^Ho#Hg#Nb<D<tH=*etGHd#jl9G{Q6&l8C!K=8ix(iogcG{hXg3=4&$6RCL
zq<YJD0E`rM&o3Jis(-#=5HQb8yfar$&D!<Om3*=DC%aQf_wz$P_l<E<*IgkVisKWv
z@|s(IKECJ8GUS?vc}CyADC{FsC{QCQUw53EWh9sJng9Es{*nK>3z7V_{y-=A`S<;J
zY?HhPX~OhSD?K0ty0dJBl4QnwXvE&nwCvjS`I5YnyF=kuR>oOQPmJo$-}YJ<R<hc}
zDFF!;Il<WK?(PPqgvZCn;ssM)UgqY|?H4UAEr8#k>DYUEw9^oK_x^Z^iGs=a3&dMD
zH@CTI05sK`j4Ib{@cqgd>m+~b3h=-D@F*YPpx?byK<Tmw?#7)>8Vc}w4Ri`w!KKv}
zb&h^iw0YWp3vkos+jU&_4ZnhK^ce7`n}a1RpIBV~O#(pHDAaGB4G(zRM$|;BJGQNO
z9aiVDc<96-uou>5xvq6wW5<t@U6RG-%L#DU*!FXa@dO2TxbCZi7F3s`EGe@e+pOHj
z$K-A{A@qJbkfY*<JUcr>8a94=bZ_xMZ5Rt?%6UF{xIg0oEc0nW^d$SHfgNh5t$f#W
zxll-fCzwfd%`fJhzGQ9jer1{ya$Tq9C@fEy#kWME@~N!9zy7S?BF`DRHP!g5P)F>_
z%1X=HqXo`a?(Xj2-dxsAX|97w_AV7nIlt;+!Z_e3S09t{vasIBv^)xwxZ=uES9P%M
zw!mB=px8xJ?z_@1ri&aGqPw<u$930w6gVYYsSZS*E<3GOC{9hq=PWEC%7-y5lHvXs
z_V1UEE^)rE>fpb>e(fPFk0}0JR>M#Gx|VIOSG9-RRal`A2KngHi@|1<@r3oQ(Y;V3
z%t};`&W|*+4z8M5&iek3iFFucK_MZa6C9HUg^sTU-z89<^<2RX-FpAye1+Yjua~2P
z0}dWu%pih)V0>bN9Hng6o{yk@%gKpSNq)<Do?G16nmKFT4G@xkoL#c%LauI4pu=Df
zJ4#SsN-$W7H}Dl<g0}z*!eHTdp+cn(m(W11kT=cMdhij=Q&>h3a9fX(SYN$!oeg5$
z-`yi0|B9S=iz%@Ro=XcW5PJ(71Y8rBs>4D$Pr;SM9M|Y;M!+L-D=dty;qx=9yQPIf
z=u_Zd)2JJ=v1@O?tT6Gk9uw<ZsT#pPS^h@%^z>mEb@~Cg9GYBwbd@d2kn%NdX=cIZ
z!0XqAXD7ek1MD#j_5v7pK!7*@$4Ms&{kn6vvbxGtlR;gxKWf$-Le5kZtCz<Mu8hid
zcfxo%I5^z)*Yfl8eSo-}D1iSn;J{6Oa|K>QLqobq!e>X=gSt~d=}t})YwL$0Bc*04
z!@@v?bi_Yl$;T-|d&+l`5|@&aVx0!$sPBiS`udnHV+cSu>MuA$bN($`%yG#kH@vZ9
zC=0Sg9fMEWb!_!dbXV*T%V`0HbNVp008*Q9K-*&j&j<jO!>mzupZ{(!o`6cOY8W5)
z<QH9G)kHp`;D&9yDZTLPW^-^bpQee07{88&vYo}Q(5lwOk8305GBPryk8mzcfBhor
z7$9?VM}xgAiGFhO;eD@|qIR-P-5W#u`}<8XN3vR;RkL5L`JYVKD;%a)Rq@;p!b{JY
zKwYyS-V~h4Z>kxX^g7#=3m&s=J*a6aH*C~rcZ^`t1{ZN<HBK<B%@1~tPfjGLrCa$q
zD-GMCw?y~_6y5p>F(hYZjHo<+#Q2O8|3Dnk6DVq`$_{(U*3z)FWj#8&q-)K&PLiF$
zdv*n9?H=4Y=JCKFVYEs$>!W@pN!N%eYaz75$W49C@F|V;G5LIVyn$NgRRLwbCl#|o
zfH8dg=BT@=cHU{%@$M^1l8j_}F}0!#yO8)ZJ_yZ>!y}!cXHv<(zs`2APPbI}*`AK)
z4NSi?qVrY3hbd<UrdCS&7F21<)lIQ-*qJ0x+6g(TXWpS(>#A1glQc-Xu&%mHtzNH>
zsBS?F0qN*>B)K$wAN6Bi;d#oQ0NR5rV#YVF-$fheqODZdZ^$LYQ2I88HWKRTW^|rK
z=6J*~<_8lc>S!ZLGTC6wIN09`+;tnzh$fqp-Bp9f<QGr0jbONRb`fm_fGx7}&d@mL
z->nr_eT*e*jSwt*LCCDfjV1A28SG@2Xp`~HA5#OG)y_8VYCMXU9DIY<zRt`ybT-i0
zppI~I$o~pB$tBk;&WTld1%PjCB>7IV>8ol+G;S26o>DZGKJr_%@|3-p2qyAJQ9Nbs
z#>NJ&o0&K)-$P@?W$JCfR5XE1_DsB{CnzWuv{=7h52UL5@qZL9y4Ch(PoBAN<w8Cz
z$~6zm_PU)-zzPKKef$m^7kEr)7bafO={cL=a1s(q#wT}N28J@mM^lw@*~6hE9Y$@O
z>puoU+bzwH-eCaA^j-?NSiz**=}5V!jyfiI^5}n~c7US0d+k5WYxItHb5j#Q1mc^M
z+1uS+8!66YoBh143#=Xh1XR;iwV$qk9mS*q>CBL|jg5Sc$4`ZYg=Z20bmPv}3=nEC
z%@$)X*n{~(98!+kLh1<(dX?B57NfUgo`ELR0L4dFKFsQu8UTY{=mF>_t6yQ76qBac
zv2C1yCa4Ztb^_?7K&b>`(9QRVQ6}&>ZL}PoHv2W14dr)i8Uct@NH)#hZX5Og)<v6}
z;PUO<m*P(DoDTx4WQ0C%A%T1}V|iPe0q#5saG*jYwr8~h?sX3h5k2W*TSW)Tj$6&>
z^7MxSy%lUVrU%zddC@}r%WwGJqoG^;fY|22d;O5EevP%^NRU|1NHf;r){d?!agiaR
z!rYyOzJ+(bhz9qs^~7ey*ts5~1BtL0%;^Q~yU-q*dBJeGEWpj#wrJ+Sp7PTQJu*UN
zLo7TKQr!B1H+qWt7VVyD;w*U4PkGnfL-LGN9hs4d281lyWP}SCUZ8Cq9EbjsU?0m3
zAe#{mgZR_;&l9$<SwFpQj*p{X8e!14qkD$-RrD*4G*`wb46-QC)%?zJt)J_R%#FLE
zTi+0%A)D2l34KY<X$_F39?+l4n`P+PP6E}&Ab`%-V?f%^b)TYySM^nrHLhurqwL{N
zdqq$5jv7H=o1_PA&^X_>72k^(@KsVgbd#QNIJNp9G*3ZHd=-sl?DG~;=C+p^<0qvf
z+;~#&wC_*dTwN30HY$26BcxqMLGO0|obP#oPDQiVE_GD?8n6>GDKKX0|6~DQ6?M9s
zj|5?!TnNG!-PM$dbOP}01OqG#Yt+w|?IMf_?i2r<!S$2!u(Y}d9va|bi9akiqx#s_
zig*~cbgu6wK6M9tx;{<aEvdYJb4iwR)CMu&w&}8;*V7A73cN$8{?n`f2Pr_G^g^Lv
XSqj;G?ZXh19<Yoe($DgRUcUKXk+XrU

literal 0
HcmV?d00001


From d3c54798265edcd80d75f5e098731aa266903be3 Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Mon, 22 Oct 2018 18:56:30 +0100
Subject: [PATCH 75/83] CORDA-1621: The finance CorDapp uses the app config
 feature rather than the node's config (#4100)

---
 docs/source/testnet-explorer-corda.rst        | 45 ++++++-----
 .../node/configuration/Configuration.kt       |  5 +-
 .../configuration/CordappConfiguration.kt     |  2 +
 .../configuration/CurrencyConfiguration.kt    |  4 +
 .../corda/behave/scenarios/helpers/Cash.kt    |  2 +-
 .../flows/test/CashConfigDataFlowTest.kt      | 24 ------
 .../corda/finance/flows/CashConfigDataFlow.kt | 77 -------------------
 .../finance/internal/CashConfigDataFlow.kt    | 48 ++++++++++++
 .../internal/CashConfigDataFlowTest.kt        | 29 +++++++
 ...owCheckpointVersionNodeStartupCheckTest.kt |  9 +--
 .../net/corda/node/internal/AbstractNode.kt   |  2 +-
 .../cordapp/CordappConfigFileProvider.kt      | 24 +++---
 .../cordapp/CordappConfigFileProviderTests.kt |  6 +-
 samples/bank-of-corda-demo/build.gradle       |  4 +-
 .../net/corda/testing/node/TestCordapp.kt     | 11 ++-
 .../node/internal/TestCordappDirectories.kt   | 24 +++---
 .../testing/node/internal/TestCordappImpl.kt  |  3 +
 .../net/corda/demobench/explorer/Explorer.kt  |  2 +-
 .../net/corda/demobench/model/NodeConfig.kt   | 31 ++++----
 .../corda/demobench/model/NodeController.kt   | 12 +--
 .../demobench/plugin/CordappController.kt     | 13 ++--
 .../demobench/profile/ProfileController.kt    |  2 +-
 .../corda/demobench/model/NodeConfigTest.kt   |  7 +-
 .../net/corda/explorer/ExplorerSimulation.kt  | 28 +++++--
 .../net/corda/explorer/model/IssuerModel.kt   |  2 +-
 25 files changed, 213 insertions(+), 203 deletions(-)
 delete mode 100644 finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt
 delete mode 100644 finance/src/main/kotlin/net/corda/finance/flows/CashConfigDataFlow.kt
 create mode 100644 finance/src/main/kotlin/net/corda/finance/internal/CashConfigDataFlow.kt
 create mode 100644 finance/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt

diff --git a/docs/source/testnet-explorer-corda.rst b/docs/source/testnet-explorer-corda.rst
index c9217dfca2..e8902a3b3c 100644
--- a/docs/source/testnet-explorer-corda.rst
+++ b/docs/source/testnet-explorer-corda.rst
@@ -20,17 +20,15 @@ Get the testing tools
 To run the tests and make sure your node is connecting correctly to the network you will need to download and install a
 couple of resources.
 
-1. Log into your Cloud VM via SSH.
+#. Log into your Cloud VM via SSH.
 
-
-2. Stop the Corda node(s) running on your cloud instance.
+#. Stop the Corda node(s) running on your cloud instance.
 
    .. code:: bash
 
        ps aux | grep corda.jar | awk '{ print $2 }' | xargs sudo kill
 
-
-3. Download the finance CorDapp
+#. Download the finance CorDapp
 
    In the terminal on your cloud instance run:
 
@@ -38,32 +36,32 @@ couple of resources.
 
        wget https://ci-artifactory.corda.r3cev.com/artifactory/corda-releases/net/corda/corda-finance/<VERSION>-corda/corda-finance-<VERSION>-corda.jar
 
-   This is required to run some flows to check your connections, and to issue/transfer cash to counterparties. Copy it to the Corda installation location:
+   This is required to run some flows to check your connections, and to issue/transfer cash to counterparties. Copy it to
+   the Corda installation location:
 
    .. code:: bash
 
        sudo cp /home/<USER>/corda-finance-<VERSION>-corda.jar /opt/corda/cordapps/
 
-4. Add the following line to the bottom of your ``node.conf``:
+#. Run the following to create a config file for the finance CorDapp:
 
    .. code:: bash
 
-       issuableCurrencies : [ USD ]
+       echo "issuableCurrencies : [ USD ]" > /opt/corda/cordapps/config/corda-finance-<VERSION>-corda.conf
 
-   .. note:: Make sure that the config file is in the correct format, e.g., by ensuring that there's a comma at the end of the line prior to the added config.
-
-4. Restart the Corda node:
+#. Restart the Corda node:
 
    .. code:: bash
 
        cd /opt/corda
        sudo ./run-corda.sh
 
-   Your node is now running the Finance Cordapp.
+   Your node is now running the finance Cordapp.
 
-   .. note:: You can double-check that the CorDapp is loaded in the log file ``/opt/corda/logs/node-<VM-NAME>.log``. This file will list installed apps at startup. Search for ``Loaded CorDapps`` in the logs.
+   .. note:: You can double-check that the CorDapp is loaded in the log file ``/opt/corda/logs/node-<VM-NAME>.log``. This
+      file will list installed apps at startup. Search for ``Loaded CorDapps`` in the logs.
 
-6. Now download the Node Explorer to your **LOCAL** machine:
+#. Now download the Node Explorer to your **LOCAL** machine:
 
    .. note:: Node Explorer is a JavaFX GUI which connects to the node over the RPC interface and allows you to send transactions.
 
@@ -73,9 +71,10 @@ couple of resources.
 
        http://ci-artifactory.corda.r3cev.com/artifactory/corda-releases/net/corda/corda-tools-explorer/<VERSION>-corda/corda-tools-explorer-<VERSION>-corda.jar
 
-   .. warning:: This Node Explorer is incompatible with the Corda Enterprise distribution and vice versa as they currently use different serialisation schemes (Kryo vs AMQP).
+   .. warning:: This Node Explorer is incompatible with the Corda Enterprise distribution and vice versa as they currently
+      use different serialisation schemes (Kryo vs AMQP).
 
-7. Run the Node Explorer tool on your **LOCAL** machine.
+#. Run the Node Explorer tool on your **LOCAL** machine.
 
    .. code:: bash
 
@@ -90,8 +89,10 @@ Connect to the node
 To connect to the node you will need:
 
 * The IP address of your node (the public IP of your cloud instance). You can find this in the instance page of your cloud console.
-* The port number of the RPC interface to the node, specified in ``/opt/corda/node.conf`` in the ``rpcSettings`` section, (by default this is 10003 on Testnet).
-* The username and password of the RPC interface of the node, also in the ``node.conf`` in the ``rpcUsers`` section, (by default the username is ``cordazoneservice`` on Testnet).
+* The port number of the RPC interface to the node, specified in ``/opt/corda/node.conf`` in the ``rpcSettings`` section,
+  (by default this is 10003 on Testnet).
+* The username and password of the RPC interface of the node, also in the ``node.conf`` in the ``rpcUsers`` section,
+  (by default the username is ``cordazoneservice`` on Testnet).
 
 Click on ``Connect`` to log into the node.
 
@@ -102,7 +103,8 @@ Once Explorer has logged in to your node over RPC click on the ``Network`` tab i
 
 .. image:: resources/explorer-network.png
 
-If your Corda node is correctly configured and connected to the Testnet then you should be able to see the identities of your node, the Testnet notary and the network map listing all the counterparties currently on the network.
+If your Corda node is correctly configured and connected to the Testnet then you should be able to see the identities of
+your node, the Testnet notary and the network map listing all the counterparties currently on the network.
 
 
 Test issuance transaction
@@ -120,8 +122,9 @@ Click ``Execute`` and the transaction will start.
 
 .. image:: resources/explorer-cash-issue3.png
 
-Click on the red X to close the notification window and click on ``Transactions`` tab to see the transaction in progress, or wait for a success message to be displayed:
+Click on the red X to close the notification window and click on ``Transactions`` tab to see the transaction in progress,
+or wait for a success message to be displayed:
 
 .. image:: resources/explorer-transactions.png
 
-Congratulations! You have now successfully installed a CorDapp and executed a transaction on the Corda Testnet.
\ No newline at end of file
+Congratulations! You have now successfully installed a CorDapp and executed a transaction on the Corda Testnet.
diff --git a/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/Configuration.kt b/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/Configuration.kt
index 6ec510c75b..de6450a6ca 100644
--- a/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/Configuration.kt
+++ b/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/Configuration.kt
@@ -21,6 +21,7 @@ class Configuration(
                 nodeInterface.dbPort,
                 password = DEFAULT_PASSWORD
         ),
+        // TODO This is not being used when it could be. The call-site is using configElements instead.
         val notary: NotaryConfiguration = NotaryConfiguration(),
         val cordapps: CordappConfiguration = CordappConfiguration(),
         vararg configElements: ConfigurationTemplate
@@ -28,9 +29,7 @@ class Configuration(
 
     private val developerMode = true
 
-    val cordaX500Name: CordaX500Name by lazy({
-        CordaX500Name(name, location, country)
-    })
+    val cordaX500Name: CordaX500Name = CordaX500Name(name, location, country)
 
     private val basicConfig = """
             |myLegalName="C=$country,L=$location,O=$name"
diff --git a/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CordappConfiguration.kt b/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CordappConfiguration.kt
index 57a1f96e6b..b288cb9514 100644
--- a/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CordappConfiguration.kt
+++ b/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CordappConfiguration.kt
@@ -1,5 +1,7 @@
 package net.corda.behave.node.configuration
 
+// TODO This is a ConfigurationTemplate but is never used as one. Therefore the private "applications" list is never used
+// and thus includeFinance isn't necessary either. Something is amiss.
 class CordappConfiguration(var apps: List<String> = emptyList(), val includeFinance: Boolean = false) : ConfigurationTemplate() {
 
     private val applications = apps + if (includeFinance) {
diff --git a/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CurrencyConfiguration.kt b/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CurrencyConfiguration.kt
index 16252650d2..301aad7d24 100644
--- a/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CurrencyConfiguration.kt
+++ b/experimental/behave/src/main/kotlin/net/corda/behave/node/configuration/CurrencyConfiguration.kt
@@ -7,6 +7,10 @@ class CurrencyConfiguration(private val issuableCurrencies: List<String>) : Conf
             if (issuableCurrencies.isEmpty()) {
                 ""
             } else {
+                // TODO This is no longer correct. issuableCurrencies is a config of the finance app and belongs
+                // in a separate .conf file for the app (in the config sub-directory, with a filename matching the CorDapp
+                // jar filename). It is no longer read in from the node conf file. There seem to be pieces missing in the
+                // behave framework to allow one to do this.
                 """
                 |custom : {
                 |   issuableCurrencies : [
diff --git a/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/helpers/Cash.kt b/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/helpers/Cash.kt
index 6930331f10..fbaec51f64 100644
--- a/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/helpers/Cash.kt
+++ b/experimental/behave/src/scenario/kotlin/net/corda/behave/scenarios/helpers/Cash.kt
@@ -7,9 +7,9 @@ import net.corda.core.messaging.startFlow
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
-import net.corda.finance.flows.CashConfigDataFlow
 import net.corda.finance.flows.CashIssueFlow
 import net.corda.finance.flows.CashPaymentFlow
+import net.corda.finance.internal.CashConfigDataFlow
 import java.util.*
 import java.util.concurrent.TimeUnit
 
diff --git a/finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt b/finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt
deleted file mode 100644
index 77316c148e..0000000000
--- a/finance/src/integration-test/kotlin/net/corda/finance/flows/test/CashConfigDataFlowTest.kt
+++ /dev/null
@@ -1,24 +0,0 @@
-package net.corda.finance.flows.test
-
-import net.corda.core.messaging.startFlow
-import net.corda.core.utilities.getOrThrow
-import net.corda.finance.EUR
-import net.corda.finance.USD
-import net.corda.finance.flows.CashConfigDataFlow
-import net.corda.testing.driver.DriverParameters
-import net.corda.testing.driver.driver
-import org.assertj.core.api.Assertions.assertThat
-import org.junit.Test
-
-class CashConfigDataFlowTest {
-    @Test
-    fun `issuable currencies are read in from node config`() {
-        driver(DriverParameters(
-                extraCordappPackagesToScan = listOf("net.corda.finance.flows"),
-                notarySpecs = emptyList())) {
-            val node = startNode(customOverrides = mapOf("custom" to mapOf("issuableCurrencies" to listOf("EUR", "USD")))).getOrThrow()
-            val config = node.rpc.startFlow(::CashConfigDataFlow).returnValue.getOrThrow()
-            assertThat(config.issuableCurrencies).containsExactly(EUR, USD)
-        }
-    }
-}
diff --git a/finance/src/main/kotlin/net/corda/finance/flows/CashConfigDataFlow.kt b/finance/src/main/kotlin/net/corda/finance/flows/CashConfigDataFlow.kt
deleted file mode 100644
index ac890bd517..0000000000
--- a/finance/src/main/kotlin/net/corda/finance/flows/CashConfigDataFlow.kt
+++ /dev/null
@@ -1,77 +0,0 @@
-package net.corda.finance.flows
-
-import co.paralleluniverse.fibers.Suspendable
-import com.typesafe.config.ConfigFactory
-import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.StartableByRPC
-import net.corda.core.internal.declaredField
-import net.corda.core.node.AppServiceHub
-import net.corda.core.node.services.CordaService
-import net.corda.core.serialization.CordaSerializable
-import net.corda.core.serialization.SingletonSerializeAsToken
-import net.corda.finance.CHF
-import net.corda.finance.EUR
-import net.corda.finance.GBP
-import net.corda.finance.USD
-import net.corda.finance.flows.ConfigHolder.Companion.supportedCurrencies
-import java.io.IOException
-import java.io.InputStream
-import java.nio.file.Files
-import java.nio.file.OpenOption
-import java.nio.file.Path
-import java.nio.file.Paths
-import java.util.*
-
-// TODO Until apps have access to their own config, we'll hack things by first getting the baseDirectory, read the node.conf
-// again to get our config and store it here for access by our flow
-@CordaService
-class ConfigHolder(services: AppServiceHub) : SingletonSerializeAsToken() {
-    companion object {
-        val supportedCurrencies = listOf(USD, GBP, CHF, EUR)
-
-        // TODO: In future releases, the Finance app should be fully decoupled from internal APIs in Core.
-        private operator fun Path.div(other: String): Path = resolve(other)
-        private operator fun String.div(other: String): Path = Paths.get(this) / other
-        private fun Path.inputStream(vararg options: OpenOption): InputStream = Files.newInputStream(this, *options)
-        private inline fun <R> Path.read(vararg options: OpenOption, block: (InputStream) -> R): R = inputStream(*options).use(block)
-    }
-
-    val issuableCurrencies: List<Currency>
-
-    init {
-        // Warning!! You are about to see a major hack!
-        val baseDirectory = services.declaredField<Any>("serviceHub").value
-                .let { it.javaClass.getMethod("getConfiguration").apply { isAccessible = true }.invoke(it) }
-                .let { it.javaClass.getMethod("getBaseDirectory").apply { isAccessible = true }.invoke(it) }
-                .let { it.javaClass.getMethod("toString").apply { isAccessible = true }.invoke(it) as String }
-
-        var issuableCurrenciesValue: List<Currency>
-        try {
-            val config = (baseDirectory / "node.conf").read { ConfigFactory.parseReader(it.reader()) }
-            if (config.hasPath("custom.issuableCurrencies")) {
-                issuableCurrenciesValue = config.getStringList("custom.issuableCurrencies").map { Currency.getInstance(it) }
-                require(supportedCurrencies.containsAll(issuableCurrenciesValue))
-            } else {
-                issuableCurrenciesValue = emptyList()
-            }
-        } catch (e: IOException) {
-            issuableCurrenciesValue = emptyList()
-        }
-        issuableCurrencies = issuableCurrenciesValue
-    }
-}
-
-/**
- * Flow to obtain cash cordapp app configuration.
- */
-@StartableByRPC
-class CashConfigDataFlow : FlowLogic<CashConfiguration>() {
-    @Suspendable
-    override fun call(): CashConfiguration {
-        val configHolder = serviceHub.cordaService(ConfigHolder::class.java)
-        return CashConfiguration(configHolder.issuableCurrencies, supportedCurrencies)
-    }
-}
-
-@CordaSerializable
-data class CashConfiguration(val issuableCurrencies: List<Currency>, val supportedCurrencies: List<Currency>)
diff --git a/finance/src/main/kotlin/net/corda/finance/internal/CashConfigDataFlow.kt b/finance/src/main/kotlin/net/corda/finance/internal/CashConfigDataFlow.kt
new file mode 100644
index 0000000000..3c2ab3c988
--- /dev/null
+++ b/finance/src/main/kotlin/net/corda/finance/internal/CashConfigDataFlow.kt
@@ -0,0 +1,48 @@
+package net.corda.finance.internal
+
+import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.StartableByRPC
+import net.corda.core.internal.uncheckedCast
+import net.corda.core.node.AppServiceHub
+import net.corda.core.node.services.CordaService
+import net.corda.core.serialization.CordaSerializable
+import net.corda.core.serialization.SingletonSerializeAsToken
+import net.corda.finance.CHF
+import net.corda.finance.EUR
+import net.corda.finance.GBP
+import net.corda.finance.USD
+import net.corda.finance.internal.ConfigHolder.Companion.supportedCurrencies
+import java.util.*
+
+@CordaService
+class ConfigHolder(services: AppServiceHub) : SingletonSerializeAsToken() {
+    companion object {
+        val supportedCurrencies = listOf(USD, GBP, CHF, EUR)
+    }
+
+    val issuableCurrencies: List<Currency>
+
+    init {
+        val issuableCurrenciesStringList: List<String> = uncheckedCast(services.getAppContext().config.get("issuableCurrencies"))
+        issuableCurrencies = issuableCurrenciesStringList.map(Currency::getInstance)
+        (issuableCurrencies - supportedCurrencies).let {
+            require(it.isEmpty()) { "$it are not supported currencies" }
+        }
+    }
+}
+
+/**
+ * Flow to obtain cash cordapp app configuration.
+ */
+@StartableByRPC
+class CashConfigDataFlow : FlowLogic<CashConfiguration>() {
+    @Suspendable
+    override fun call(): CashConfiguration {
+        val configHolder = serviceHub.cordaService(ConfigHolder::class.java)
+        return CashConfiguration(configHolder.issuableCurrencies, supportedCurrencies)
+    }
+}
+
+@CordaSerializable
+data class CashConfiguration(val issuableCurrencies: List<Currency>, val supportedCurrencies: List<Currency>)
diff --git a/finance/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt b/finance/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt
new file mode 100644
index 0000000000..669f1a2c9a
--- /dev/null
+++ b/finance/src/test/kotlin/net/corda/finance/internal/CashConfigDataFlowTest.kt
@@ -0,0 +1,29 @@
+package net.corda.finance.internal
+
+import net.corda.core.internal.packageName
+import net.corda.core.utilities.getOrThrow
+import net.corda.finance.EUR
+import net.corda.finance.USD
+import net.corda.testing.node.MockNetwork
+import net.corda.testing.node.MockNetworkParameters
+import net.corda.testing.node.MockNodeParameters
+import net.corda.testing.node.internal.cordappForPackages
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.After
+import org.junit.Test
+
+class CashConfigDataFlowTest {
+    private val mockNet = MockNetwork(emptyList(), MockNetworkParameters(threadPerNode = true))
+
+    @After
+    fun cleanUp() = mockNet.stopNodes()
+
+    @Test
+    fun `issuable currencies read in from cordapp config`() {
+        val node = mockNet.createNode(MockNodeParameters(additionalCordapps = listOf(
+                cordappForPackages(javaClass.packageName).withConfig(mapOf("issuableCurrencies" to listOf("EUR", "USD")))
+        )))
+        val config = node.startFlow(CashConfigDataFlow()).getOrThrow()
+        assertThat(config.issuableCurrencies).containsExactly(EUR, USD)
+    }
+}
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
index 169ba207ce..40e84e57fb 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowCheckpointVersionNodeStartupCheckTest.kt
@@ -69,12 +69,11 @@ class FlowCheckpointVersionNodeStartupCheckTest {
             // Create the CorDapp jar file manually first to get hold of the directory that will contain it so that we can
             // rename the filename later. The cordappDir, which acts as pointer to the jar file, does not get renamed.
             val cordappDir = TestCordappDirectories.getJarDirectory(cordapp)
-            val cordappJar = cordappDir.list().single()
+            val cordappJar = cordappDir.list().single { it.toString().endsWith(".jar") }
 
             createSuspendedFlowInBob(setOf(cordapp))
 
-            // Rename the jar file. TestCordappDirectories caches the location of the jar file but the use of the random
-            // UUID in the name means there's zero chance of contaminating another test.
+            // Rename the jar file.
             cordappJar.moveTo(cordappDir / "renamed-${cordappJar.fileName}")
 
             assertBobFailsToStartWithLogMessage(
@@ -88,13 +87,13 @@ class FlowCheckpointVersionNodeStartupCheckTest {
     fun `restart node with incompatible version of suspended flow due to different jar hash`() {
         driver(parametersForRestartingNodes()) {
             val originalCordapp = defaultCordapp.withName("different-jar-hash-test-${UUID.randomUUID()}")
-            val originalCordappJar = TestCordappDirectories.getJarDirectory(originalCordapp).list().single()
+            val originalCordappJar = TestCordappDirectories.getJarDirectory(originalCordapp).list().single { it.toString().endsWith(".jar") }
 
             createSuspendedFlowInBob(setOf(originalCordapp))
 
             // The vendor is part of the MANIFEST so changing it is sufficient to change the jar hash
             val modifiedCordapp = originalCordapp.withVendor("${originalCordapp.vendor}-modified")
-            val modifiedCordappJar = TestCordappDirectories.getJarDirectory(modifiedCordapp).list().single()
+            val modifiedCordappJar = TestCordappDirectories.getJarDirectory(modifiedCordapp).list().single { it.toString().endsWith(".jar") }
             modifiedCordappJar.moveTo(originalCordappJar, REPLACE_EXISTING)
 
             assertBobFailsToStartWithLogMessage(
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 4bee70d8c6..d8b9aa15a6 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -167,7 +167,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     val transactionStorage = makeTransactionStorage(configuration.transactionCacheSizeBytes).tokenize()
     val networkMapClient: NetworkMapClient? = configuration.networkServices?.let { NetworkMapClient(it.networkMapURL, versionInfo) }
     val attachments = NodeAttachmentService(metricRegistry, cacheFactory, database).tokenize()
-    val cordappProvider = CordappProviderImpl(cordappLoader, CordappConfigFileProvider(), attachments).tokenize()
+    val cordappProvider = CordappProviderImpl(cordappLoader, CordappConfigFileProvider(configuration.cordappDirectories), attachments).tokenize()
     @Suppress("LeakingThis")
     val keyManagementService = makeKeyManagementService(identityService).tokenize()
     val servicesForResolution = ServicesForResolutionImpl(identityService, attachments, cordappProvider, transactionStorage).also {
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProvider.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProvider.kt
index dbf4daf657..5a6e8377b6 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProvider.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProvider.kt
@@ -5,30 +5,26 @@ import com.typesafe.config.ConfigFactory
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.div
 import net.corda.core.internal.exists
-import net.corda.core.internal.isDirectory
+import net.corda.core.internal.noneOrSingle
 import net.corda.core.utilities.contextLogger
 import java.nio.file.Path
-import java.nio.file.Paths
 
-class CordappConfigFileProvider(private val configDir: Path = DEFAULT_CORDAPP_CONFIG_DIR) : CordappConfigProvider {
+class CordappConfigFileProvider(cordappDirectories: List<Path>) : CordappConfigProvider {
     companion object {
-        val DEFAULT_CORDAPP_CONFIG_DIR = Paths.get("cordapps") / "config"
-        const val CONFIG_EXT = ".conf"
-        val logger = contextLogger()
+        private val logger = contextLogger()
     }
 
-    init {
-        configDir.createDirectories()
-    }
+    private val configDirectories = cordappDirectories.map { (it / "config").createDirectories() }
 
     override fun getConfigByName(name: String): Config {
-        val configFile = configDir / "$name$CONFIG_EXT"
-        return if (configFile.exists()) {
-            check(!configFile.isDirectory()) { "${configFile.toAbsolutePath()} is a directory, expected a config file" }
-            logger.info("Found config for cordapp $name in ${configFile.toAbsolutePath()}")
+        // TODO There's nothing stopping the same CorDapp jar from occuring in different directories and thus causing
+        // conflicts. The cordappDirectories list config option should just be a single cordappDirectory
+        val configFile = configDirectories.map { it / "$name.conf" }.noneOrSingle { it.exists() }
+        return if (configFile != null) {
+            logger.info("Found config for cordapp $name in $configFile")
             ConfigFactory.parseFile(configFile.toFile())
         } else {
-            logger.info("No config found for cordapp $name in ${configFile.toAbsolutePath()}")
+            logger.info("No config found for cordapp $name in $configDirectories")
             ConfigFactory.empty()
         }
     }
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProviderTests.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProviderTests.kt
index f3ea03a72e..73829d5a8c 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProviderTests.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/CordappConfigFileProviderTests.kt
@@ -12,16 +12,16 @@ import java.nio.file.Paths
 
 class CordappConfigFileProviderTests {
     private companion object {
-        val cordappConfDir = Paths.get("build") / "tmp" / "cordapps" / "config"
+        val cordappDir = Paths.get("build") / "tmp" / "cordapps"
         const val cordappName = "test"
-        val cordappConfFile = cordappConfDir / "$cordappName.conf"
+        val cordappConfFile = cordappDir / "config" / "$cordappName.conf"
 
         val validConfig: Config = ConfigFactory.parseString("key=value")
         val alternateValidConfig: Config = ConfigFactory.parseString("key=alternateValue")
         const val invalidConfig = "Invalid"
     }
 
-    private val provider = CordappConfigFileProvider(cordappConfDir)
+    private val provider = CordappConfigFileProvider(listOf(cordappDir))
 
     @Test
     fun `test that config can be loaded`() {
diff --git a/samples/bank-of-corda-demo/build.gradle b/samples/bank-of-corda-demo/build.gradle
index 0990cc5987..135a51c921 100644
--- a/samples/bank-of-corda-demo/build.gradle
+++ b/samples/bank-of-corda-demo/build.gradle
@@ -56,9 +56,11 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
         webPort 10007
         rpcUsers = [[user: "bankUser", password: "test", permissions: ["ALL"]]]
         extraConfig = [
-                custom    : [issuableCurrencies: ["USD"]],
                 h2Settings: [address: "localhost:10017"]
         ]
+        cordapp(project(':finance')) {
+            config "issuableCurrencies = [ USD ]"
+        }
     }
     node {
         name "O=BigCorporation,L=New York,C=US"
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
index 6f881660c1..fed1f14e22 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/TestCordapp.kt
@@ -19,12 +19,15 @@ interface TestCordapp {
     /** Returns the version string, defaults to "1.0" if not specified. */
     val version: String
 
-    /** Returns the vendor string, defaults to "Corda" if not specified. */
+    /** Returns the vendor string, defaults to "test-vendor" if not specified. */
     val vendor: String
 
     /** Returns the target platform version, defaults to the current platform version if not specified. */
     val targetVersion: Int
 
+    /** Returns the config for this CorDapp, defaults to empty if not specified. */
+    val config: Map<String, Any>
+
     /** Returns the set of package names scanned for this test CorDapp. */
     val packages: Set<String>
 
@@ -43,6 +46,9 @@ interface TestCordapp {
     /** Return a copy of this [TestCordapp] but with the specified target platform version. */
     fun withTargetVersion(targetVersion: Int): TestCordapp
 
+    /** Returns a copy of this [TestCordapp] but with the specified CorDapp config. */
+    fun withConfig(config: Map<String, Any>): TestCordapp
+
     class Factory {
         companion object {
             @JvmStatic
@@ -57,9 +63,10 @@ interface TestCordapp {
                 return TestCordappImpl(
                         name = "test-cordapp",
                         version = "1.0",
-                        vendor = "Corda",
+                        vendor = "test-vendor",
                         title = "test-title",
                         targetVersion = PLATFORM_VERSION,
+                        config = emptyMap(),
                         packages = simplifyScanPackages(packageNames),
                         classes = emptySet()
                 )
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt
index 3cd553de39..354aebe183 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappDirectories.kt
@@ -1,9 +1,11 @@
 package net.corda.testing.node.internal
 
+import com.typesafe.config.ConfigValueFactory
 import net.corda.core.crypto.sha256
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.deleteRecursively
 import net.corda.core.internal.div
+import net.corda.core.internal.writeText
 import net.corda.core.utilities.debug
 import net.corda.core.utilities.loggerFor
 import net.corda.testing.node.TestCordapp
@@ -22,24 +24,28 @@ object TestCordappDirectories {
     fun getJarDirectory(cordapp: TestCordapp, cordappsDirectory: Path = defaultCordappsDirectory): Path {
         cordapp as TestCordappImpl
         return testCordappsCache.computeIfAbsent(cordapp) {
-            val cordappDir = (cordappsDirectory / UUID.randomUUID().toString()).createDirectories()
-            val uniqueScanString = if (cordapp.packages.size == 1 && cordapp.classes.isEmpty()) {
-                cordapp.packages.first()
-            } else {
-                "${cordapp.packages}${cordapp.classes.joinToString { it.name }}".toByteArray().sha256().toString()
+            val configString = ConfigValueFactory.fromMap(cordapp.config).toConfig().root().render()
+            val filename = cordapp.run {
+                val uniqueScanString = if (packages.size == 1 && classes.isEmpty() && config.isEmpty()) {
+                    packages.first()
+                } else {
+                    "$packages$classes$configString".toByteArray().sha256().toString()
+                }
+                "${name}_${vendor}_${title}_${version}_${targetVersion}_$uniqueScanString".replace(whitespace, "-")
             }
-            val jarFileName = cordapp.run { "${name}_${vendor}_${title}_${version}_${targetVersion}_$uniqueScanString.jar".replace(whitespace, "-") }
-            val jarFile = cordappDir / jarFileName
+            val cordappDir = cordappsDirectory / UUID.randomUUID().toString()
+            val configDir = (cordappDir / "config").createDirectories()
+            val jarFile = cordappDir / "$filename.jar"
             cordapp.packageAsJar(jarFile)
+            (configDir / "$filename.conf").writeText(configString)
             logger.debug { "$cordapp packaged into $jarFile" }
             cordappDir
         }
     }
 
     private val defaultCordappsDirectory: Path by lazy {
-        val cordappsDirectory = (Paths.get("build") / "tmp" / getTimestampAsDirectoryName() / "generated-test-cordapps").toAbsolutePath()
+        val cordappsDirectory = Paths.get("build").toAbsolutePath() / "generated-test-cordapps" / getTimestampAsDirectoryName()
         logger.info("Initialising generated test CorDapps directory in $cordappsDirectory")
-        cordappsDirectory.toFile().deleteOnExit()
         cordappsDirectory.deleteRecursively()
         cordappsDirectory.createDirectories()
     }
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
index 831198320c..c8e7ab626b 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/TestCordappImpl.kt
@@ -7,6 +7,7 @@ data class TestCordappImpl(override val name: String,
                            override val vendor: String,
                            override val title: String,
                            override val targetVersion: Int,
+                           override val config: Map<String, Any>,
                            override val packages: Set<String>,
                            val classes: Set<Class<*>>) : TestCordapp {
 
@@ -20,6 +21,8 @@ data class TestCordappImpl(override val name: String,
 
     override fun withTargetVersion(targetVersion: Int): TestCordappImpl = copy(targetVersion = targetVersion)
 
+    override fun withConfig(config: Map<String, Any>): TestCordappImpl = copy(config = config)
+
     fun withClasses(vararg classes: Class<*>): TestCordappImpl {
         return copy(classes = classes.filter { clazz -> packages.none { clazz.name.startsWith("$it.") } }.toSet())
     }
diff --git a/tools/demobench/src/main/kotlin/net/corda/demobench/explorer/Explorer.kt b/tools/demobench/src/main/kotlin/net/corda/demobench/explorer/Explorer.kt
index 4606621280..7baabdb8fe 100644
--- a/tools/demobench/src/main/kotlin/net/corda/demobench/explorer/Explorer.kt
+++ b/tools/demobench/src/main/kotlin/net/corda/demobench/explorer/Explorer.kt
@@ -85,7 +85,7 @@ class Explorer internal constructor(private val explorerController: ExplorerCont
         // Note: does not copy dependencies because we should soon be making all apps fat jars and dependencies implicit.
         //
         // TODO: Remove this code when serialisation has been upgraded.
-        val cordappsDir = config.explorerDir / NodeConfig.cordappDirName
+        val cordappsDir = config.explorerDir / NodeConfig.CORDAPP_DIR_NAME
         cordappsDir.createDirectories()
         config.cordappsDir.list {
             it.forEachOrdered { path ->
diff --git a/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeConfig.kt b/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeConfig.kt
index 9f63d8f38b..5ae40f6eb4 100644
--- a/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeConfig.kt
+++ b/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeConfig.kt
@@ -3,6 +3,7 @@ package net.corda.demobench.model
 import com.typesafe.config.*
 import com.typesafe.config.ConfigFactory.empty
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.VisibleForTesting
 import net.corda.core.internal.copyToDirectory
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.div
@@ -11,7 +12,7 @@ import net.corda.nodeapi.internal.config.User
 import net.corda.nodeapi.internal.config.toConfig
 import java.nio.file.Path
 import java.nio.file.StandardCopyOption
-import java.util.Properties
+import java.util.*
 
 /**
  * This is a subset of FullNodeConfiguration, containing only those configs which we need. The node uses reference.conf
@@ -38,33 +39,33 @@ data class NodeConfig(
     companion object {
         val renderOptions: ConfigRenderOptions = ConfigRenderOptions.defaults().setOriginComments(false)
         val defaultUser = user("guest")
-        const val cordappDirName = "cordapps"
+        const val CORDAPP_DIR_NAME = "cordapps"
     }
 
-    fun nodeConf(): Config {
+    @VisibleForTesting
+    internal fun nodeConf(): Config {
         val rpcSettings: ConfigObject = empty()
             .withValue("address", valueFor(rpcSettings.address.toString()))
             .withValue("adminAddress", valueFor(rpcSettings.adminAddress.toString()))
             .root()
-        val customMap: Map<String, Any> = HashMap<String, Any>().also {
-            if (issuableCurrencies.isNotEmpty()) {
-                it["issuableCurrencies"] = issuableCurrencies
-            }
-        }
-        val custom: ConfigObject = ConfigFactory.parseMap(customMap).root()
         return NodeConfigurationData(myLegalName, p2pAddress, this.rpcSettings.address, notary, h2port, rpcUsers, useTestClock, detectPublicIp, devMode)
             .toConfig()
             .withoutPath("rpcAddress")
             .withoutPath("rpcAdminAddress")
             .withValue("rpcSettings", rpcSettings)
-            .withOptionalValue("custom", custom)
     }
 
-    fun webServerConf() = WebServerConfigurationData(myLegalName, rpcSettings.address, webAddress, rpcUsers).asConfig()
+    @VisibleForTesting
+    internal fun webServerConf() = WebServerConfigurationData(myLegalName, rpcSettings.address, webAddress, rpcUsers).asConfig()
 
-    fun toNodeConfText() = nodeConf().render()
+    fun toNodeConfText(): String = nodeConf().render()
 
-    fun toWebServerConfText() = webServerConf().render()
+    fun toWebServerConfText(): String = webServerConf().render()
+
+    @VisibleForTesting
+    internal fun financeConf() = FinanceConfData(issuableCurrencies).toConfig()
+
+    fun toFinanceConfText(): String = financeConf().render()
 
     fun serialiseAsString(): String = toConfig().render()
 
@@ -92,6 +93,8 @@ private data class WebServerConfigurationData(
    fun asConfig() = toConfig()
 }
 
+private data class FinanceConfData(val issuableCurrencies: List<String>)
+
 /**
  * This is a subset of NotaryConfig. It implements [ExtraService] to avoid unnecessary copying.
  */
@@ -104,7 +107,7 @@ data class NodeConfigWrapper(val baseDir: Path, val nodeConfig: NodeConfig) : Ha
     val key: String = nodeConfig.myLegalName.organisation.toKey()
     val nodeDir: Path = baseDir / key
     val explorerDir: Path = baseDir / "$key-explorer"
-    override val cordappsDir: Path = nodeDir / NodeConfig.cordappDirName
+    override val cordappsDir: Path = nodeDir / NodeConfig.CORDAPP_DIR_NAME
     var state: NodeState = NodeState.STARTING
 
     fun install(cordapps: Collection<Path>) {
diff --git a/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeController.kt b/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeController.kt
index 05e1bdc3e3..09d12ebf03 100644
--- a/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeController.kt
+++ b/tools/demobench/src/main/kotlin/net/corda/demobench/model/NodeController.kt
@@ -112,18 +112,14 @@ class NodeController(check: atRuntime = ::checkExists) : Controller() {
         try {
             // Notary can be removed and then added again, that's why we need to perform this check.
             require((config.nodeConfig.notary != null).xor(notaryIdentity != null)) { "There must be exactly one notary in the network" }
-            config.nodeDir.createDirectories()
+            val cordappConfigDir = (config.cordappsDir / "config").createDirectories()
 
             // Install any built-in plugins into the working directory.
             cordappController.populate(config)
 
-            // Write this node's configuration file into its working directory.
-            val confFile = config.nodeDir / "node.conf"
-            confFile.writeText(config.nodeConfig.toNodeConfText())
-
-            // Write this node's configuration file into its working directory.
-            val webConfFile = config.nodeDir / "web-server.conf"
-            webConfFile.writeText(config.nodeConfig.toWebServerConfText())
+            (config.nodeDir / "node.conf").writeText(config.nodeConfig.toNodeConfText())
+            (config.nodeDir / "web-server.conf").writeText(config.nodeConfig.toWebServerConfText())
+            (cordappConfigDir / "${CordappController.FINANCE_CORDAPP_FILENAME}.conf").writeText(config.nodeConfig.toFinanceConfText())
 
             // Execute the Corda node
             val cordaEnv = System.getenv().toMutableMap().apply {
diff --git a/tools/demobench/src/main/kotlin/net/corda/demobench/plugin/CordappController.kt b/tools/demobench/src/main/kotlin/net/corda/demobench/plugin/CordappController.kt
index 66f844e885..b82d9c7779 100644
--- a/tools/demobench/src/main/kotlin/net/corda/demobench/plugin/CordappController.kt
+++ b/tools/demobench/src/main/kotlin/net/corda/demobench/plugin/CordappController.kt
@@ -12,10 +12,13 @@ import java.nio.file.StandardCopyOption
 import kotlin.streams.toList
 
 class CordappController : Controller() {
+    companion object {
+        const val FINANCE_CORDAPP_FILENAME = "corda-finance"
+    }
 
     private val jvm by inject<JVMConfig>()
-    private val cordappDir: Path = jvm.applicationDir.resolve(NodeConfig.cordappDirName)
-    private val finance: Path = cordappDir.resolve("corda-finance.jar")
+    private val cordappDir: Path = jvm.applicationDir / NodeConfig.CORDAPP_DIR_NAME
+    private val financeCordappJar: Path = cordappDir / "$FINANCE_CORDAPP_FILENAME.jar"
 
     /**
      * Install any built-in cordapps that this node requires.
@@ -25,8 +28,8 @@ class CordappController : Controller() {
         if (!config.cordappsDir.exists()) {
             config.cordappsDir.createDirectories()
         }
-        if (finance.exists()) {
-            finance.copyToDirectory(config.cordappsDir, StandardCopyOption.REPLACE_EXISTING)
+        if (financeCordappJar.exists()) {
+            financeCordappJar.copyToDirectory(config.cordappsDir, StandardCopyOption.REPLACE_EXISTING)
             log.info("Installed 'Finance' cordapp")
         }
     }
@@ -39,7 +42,7 @@ class CordappController : Controller() {
         if (!config.cordappsDir.isDirectory()) return emptyList()
         return config.cordappsDir.walk(1) { paths ->
             paths.filter(Path::isCordapp)
-                 .filter { !finance.endsWith(it.fileName) }
+                 .filter { !financeCordappJar.endsWith(it.fileName) }
                  .toList()
         }
     }
diff --git a/tools/demobench/src/main/kotlin/net/corda/demobench/profile/ProfileController.kt b/tools/demobench/src/main/kotlin/net/corda/demobench/profile/ProfileController.kt
index 7c034983b8..4c8bfeb02d 100644
--- a/tools/demobench/src/main/kotlin/net/corda/demobench/profile/ProfileController.kt
+++ b/tools/demobench/src/main/kotlin/net/corda/demobench/profile/ProfileController.kt
@@ -60,7 +60,7 @@ class ProfileController : Controller() {
                     log.info("Wrote: $file")
 
                     // Write all of the non-built-in cordapps.
-                    val cordappDir = (nodeDir / NodeConfig.cordappDirName).createDirectory()
+                    val cordappDir = (nodeDir / NodeConfig.CORDAPP_DIR_NAME).createDirectory()
                     cordappController.useCordappsFor(config).forEach {
                         val cordapp = it.copyToDirectory(cordappDir)
                         log.info("Wrote: $cordapp")
diff --git a/tools/demobench/src/test/kotlin/net/corda/demobench/model/NodeConfigTest.kt b/tools/demobench/src/test/kotlin/net/corda/demobench/model/NodeConfigTest.kt
index d044c63f14..e07f18331b 100644
--- a/tools/demobench/src/test/kotlin/net/corda/demobench/model/NodeConfigTest.kt
+++ b/tools/demobench/src/test/kotlin/net/corda/demobench/model/NodeConfigTest.kt
@@ -65,12 +65,7 @@ class NodeConfigTest {
                 issuableCurrencies = listOf("GBP")
         )
 
-        val nodeConfig = config.nodeConf()
-                .withValue("baseDirectory", valueFor(baseDir.toString()))
-                .withFallback(ConfigFactory.parseResources("reference.conf"))
-                .resolve()
-        val custom = nodeConfig.getConfig("custom")
-        assertEquals(listOf("GBP"), custom.getAnyRefList("issuableCurrencies"))
+        assertEquals(listOf("GBP"), config.financeConf().getStringList("issuableCurrencies"))
     }
 
     @Test
diff --git a/tools/explorer/src/main/kotlin/net/corda/explorer/ExplorerSimulation.kt b/tools/explorer/src/main/kotlin/net/corda/explorer/ExplorerSimulation.kt
index b44c2b7af4..fd4c43fcf9 100644
--- a/tools/explorer/src/main/kotlin/net/corda/explorer/ExplorerSimulation.kt
+++ b/tools/explorer/src/main/kotlin/net/corda/explorer/ExplorerSimulation.kt
@@ -18,14 +18,19 @@ import net.corda.core.utilities.getOrThrow
 import net.corda.finance.GBP
 import net.corda.finance.USD
 import net.corda.finance.contracts.asset.Cash
-import net.corda.finance.flows.*
+import net.corda.finance.flows.AbstractCashFlow
+import net.corda.finance.flows.CashExitFlow
 import net.corda.finance.flows.CashExitFlow.ExitRequest
+import net.corda.finance.flows.CashIssueAndPaymentFlow
 import net.corda.finance.flows.CashIssueAndPaymentFlow.IssueAndPaymentRequest
+import net.corda.finance.flows.CashPaymentFlow
+import net.corda.finance.internal.CashConfigDataFlow
 import net.corda.node.services.Permissions.Companion.startFlow
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.driver.*
 import net.corda.testing.node.User
+import net.corda.testing.node.internal.FINANCE_CORDAPP
 import java.time.Instant
 import java.util.*
 
@@ -63,16 +68,27 @@ class ExplorerSimulation(private val options: OptionSet) {
 
     private fun startDemoNodes() {
         val portAllocation = PortAllocation.Incremental(20000)
-        driver(DriverParameters(portAllocation = portAllocation, extraCordappPackagesToScan = listOf("net.corda.finance"), waitForAllNodesToFinish = true, jmxPolicy = JmxPolicy(true))) {
+        driver(DriverParameters(
+                portAllocation = portAllocation,
+                cordappsForAllNodes = listOf(FINANCE_CORDAPP),
+                waitForAllNodesToFinish = true,
+                jmxPolicy = JmxPolicy(true)
+        )) {
             // TODO : Supported flow should be exposed somehow from the node instead of set of ServiceInfo.
             val alice = startNode(providedName = ALICE_NAME, rpcUsers = listOf(user))
             val bob = startNode(providedName = BOB_NAME, rpcUsers = listOf(user))
             val ukBankName = CordaX500Name(organisation = "UK Bank Plc", locality = "London", country = "GB")
             val usaBankName = CordaX500Name(organisation = "USA Bank Corp", locality = "New York", country = "US")
-            val issuerGBP = startNode(providedName = ukBankName, rpcUsers = listOf(manager),
-                    customOverrides = mapOf("custom" to mapOf("issuableCurrencies" to listOf("GBP"))))
-            val issuerUSD = startNode(providedName = usaBankName, rpcUsers = listOf(manager),
-                    customOverrides = mapOf("custom" to mapOf("issuableCurrencies" to listOf("USD"))))
+            val issuerGBP = startNode(
+                    providedName = ukBankName,
+                    rpcUsers = listOf(manager),
+                    additionalCordapps = listOf(FINANCE_CORDAPP.withConfig(mapOf("issuableCurrencies" to listOf("GBP"))))
+            )
+            val issuerUSD = startNode(
+                    providedName = usaBankName,
+                    rpcUsers = listOf(manager),
+                    additionalCordapps = listOf(FINANCE_CORDAPP.withConfig(mapOf("issuableCurrencies" to listOf("USD"))))
+            )
 
             notaryNode = defaultNotaryNode.get()
             aliceNode = alice.get()
diff --git a/tools/explorer/src/main/kotlin/net/corda/explorer/model/IssuerModel.kt b/tools/explorer/src/main/kotlin/net/corda/explorer/model/IssuerModel.kt
index 56049a35ee..3226466630 100644
--- a/tools/explorer/src/main/kotlin/net/corda/explorer/model/IssuerModel.kt
+++ b/tools/explorer/src/main/kotlin/net/corda/explorer/model/IssuerModel.kt
@@ -7,7 +7,7 @@ import net.corda.client.jfx.utils.ChosenList
 import net.corda.client.jfx.utils.map
 import net.corda.core.messaging.startFlow
 import net.corda.core.utilities.getOrThrow
-import net.corda.finance.flows.CashConfigDataFlow
+import net.corda.finance.internal.CashConfigDataFlow
 import tornadofx.*
 import java.util.*
 

From 268b544b4b94fec0f9a9f2231afeedf0ded46a40 Mon Sep 17 00:00:00 2001
From: Lamar Thomas <38670842+r3ltsupport@users.noreply.github.com>
Date: Fri, 19 Oct 2018 15:23:48 -0400
Subject: [PATCH 76/83] fixed order of repudiation and information disclos

---
 docs/source/design/threat-model/corda-threat-model.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/design/threat-model/corda-threat-model.md b/docs/source/design/threat-model/corda-threat-model.md
index 83e5a1da1f..cbec1a1769 100644
--- a/docs/source/design/threat-model/corda-threat-model.md
+++ b/docs/source/design/threat-model/corda-threat-model.md
@@ -46,8 +46,8 @@ threats is the [STRIDE](https://en.wikipedia.org/wiki/STRIDE_(security)) framewo
 
 -   Spoofing
 -   Tampering
--   Information Disclosure
 -   Repudiation
+-   Information Disclosure
 -   Denial of Service
 -   Elevation of Privilege
 

From ce9f95ca86b613d462c4b77541e55ef92d83d21b Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <viktor.kolomeyko@r3.com>
Date: Tue, 23 Oct 2018 11:08:30 +0100
Subject: [PATCH 77/83] ENT-2610: Correct `withBaseDirectory` method (#4106)

Even though it is not used in OS, it is better to keep it in sync with Ent.
---
 .../corda/testing/internal/stubs/CertificateStoreStubs.kt  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt
index dfe21245f1..c93aeaeebe 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/stubs/CertificateStoreStubs.kt
@@ -55,9 +55,12 @@ class CertificateStoreStubs {
             }
 
             @JvmStatic
-            fun withBaseDirectory(baseDirectory: Path, certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME, keyStoreFileName: String = KeyStore.DEFAULT_STORE_FILE_NAME, keyStorePassword: String = KeyStore.DEFAULT_STORE_PASSWORD, trustStoreFileName: String = TrustStore.DEFAULT_STORE_FILE_NAME, trustStorePassword: String = TrustStore.DEFAULT_STORE_PASSWORD): MutualSslConfiguration {
+            fun withBaseDirectory(baseDirectory: Path, certificatesDirectoryName: String = DEFAULT_CERTIFICATES_DIRECTORY_NAME,
+                                  keyStoreFileName: String = KeyStore.DEFAULT_STORE_FILE_NAME, keyStorePassword: String = KeyStore.DEFAULT_STORE_PASSWORD,
+                                  keyPassword: String = keyStorePassword, trustStoreFileName: String = TrustStore.DEFAULT_STORE_FILE_NAME,
+                                  trustStorePassword: String = TrustStore.DEFAULT_STORE_PASSWORD): MutualSslConfiguration {
 
-                return withCertificatesDirectory(baseDirectory / certificatesDirectoryName, keyStoreFileName, keyStorePassword, trustStoreFileName, trustStorePassword)
+                return withCertificatesDirectory(baseDirectory / certificatesDirectoryName, keyStoreFileName, keyStorePassword, keyPassword, trustStoreFileName, trustStorePassword)
             }
         }
 

From b9aa23d3ac44eedbe1987d4a60002a5534592362 Mon Sep 17 00:00:00 2001
From: Rick Parker <rick.parker@r3.com>
Date: Tue, 23 Oct 2018 11:12:29 +0100
Subject: [PATCH 78/83] ENT-2431 Move some changes from enterprise to OS
 (#4101)

---
 .../main/kotlin/net/corda/node/utilities/NodeNamedCache.kt  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt b/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
index 5c963ac80d..5c2b9a1241 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
@@ -27,13 +27,13 @@ interface BindableNamedCacheFactory : NamedCacheFactory, SerializeAsToken {
     fun bindWithConfig(nodeConfiguration: NodeConfiguration): BindableNamedCacheFactory
 }
 
-open class DefaultNamedCacheFactory private constructor(private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : BindableNamedCacheFactory, SingletonSerializeAsToken() {
+open class DefaultNamedCacheFactory protected constructor(private val metricRegistry: MetricRegistry?, private val nodeConfiguration: NodeConfiguration?) : BindableNamedCacheFactory, SingletonSerializeAsToken() {
     constructor() : this(null, null)
 
     override fun bindWithMetrics(metricRegistry: MetricRegistry): BindableNamedCacheFactory = DefaultNamedCacheFactory(metricRegistry, this.nodeConfiguration)
     override fun bindWithConfig(nodeConfiguration: NodeConfiguration): BindableNamedCacheFactory = DefaultNamedCacheFactory(this.metricRegistry, nodeConfiguration)
 
-    protected fun <K, V> configuredForNamed(caffeine: Caffeine<K, V>, name: String): Caffeine<K, V> {
+    open protected fun <K, V> configuredForNamed(caffeine: Caffeine<K, V>, name: String): Caffeine<K, V> {
         return with(nodeConfiguration!!) {
             when {
                 name.startsWith("RPCSecurityManagerShiroCache_") -> with(security?.authService?.options?.cache!!) { caffeine.maximumSize(maxEntries).expireAfterWrite(expireAfterSecs, TimeUnit.SECONDS) }
@@ -77,5 +77,5 @@ open class DefaultNamedCacheFactory private constructor(private val metricRegist
         return configuredForNamed(caffeine, name).build<K, V>(loader)
     }
 
-    protected val defaultCacheSize = 1024L
+    open protected val defaultCacheSize = 1024L
 }
\ No newline at end of file

From f8ac35df25459651d47ef768ba18f945573ad4ad Mon Sep 17 00:00:00 2001
From: Joel Dudley <joel.dudley@r3cev.com>
Date: Tue, 23 Oct 2018 16:39:48 +0200
Subject: [PATCH 79/83] Update CONTRIBUTORS.md

---
 CONTRIBUTORS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 31cdf7d71c..aa4befbc67 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -180,7 +180,7 @@ see changes to this list.
 * Scott James
 * Sean Zhang (Wells Fargo)
 * Shams Asari (R3)
-* Shivan Sawant (Persistent Systems Limited)
+* Shivan Sawant
 * Siddhartha Sengupta (Tradewind Markets)
 * Simon Taylor (Barclays)
 * Sofus Mortensen (Digital Asset Holdings)

From 0919b01271b7b26c204879fe89429058358dc1de Mon Sep 17 00:00:00 2001
From: Stefano Franz <roastario@gmail.com>
Date: Tue, 23 Oct 2018 16:45:07 +0100
Subject: [PATCH 80/83] ENT-2509 - Make @InitiatedBy flows overridable via node
 config (#3960)

* first attempt at a flowManager

fix test breakages

add testing around registering subclasses

make flowManager a param of MockNode

extract interface
rename methods

more work around overriding flows

more test fixes

add sample project showing how to use flowOverrides

rebase

* make smallest possible changes to AttachmentSerializationTest and ReceiveAllFlowTests

* add some comments about how flow manager weights flows

* address review comments
add documentation

* address more review comments
---
 constants.properties                          |   2 +-
 .../net/corda/core/contracts/Attachment.kt    |   1 -
 .../core/contracts/AttachmentConstraint.kt    |   1 -
 .../core/internal/cordapp/CordappImpl.kt      |   2 +-
 .../core/transactions/TransactionBuilder.kt   |   5 +-
 .../net/corda/core/flows/FlowTestsUtils.kt    |  36 +--
 .../corda/core/flows/ReceiveAllFlowTests.kt   |  17 +-
 .../internal/JarSignatureCollectorTest.kt     |   1 -
 .../AttachmentSerializationTest.kt            |  15 +-
 docs/source/flow-overriding.rst               | 141 +++++++++++
 .../net/corda/node/flows/FlowOverrideTests.kt |  85 +++++++
 .../statemachine/FlowVersioningTest.kt        |  11 +-
 .../net/corda/node/internal/AbstractNode.kt   | 106 ++-------
 .../net/corda/node/internal/FlowManager.kt    | 222 ++++++++++++++++++
 .../node/internal/InitiatedFlowFactory.kt     |   2 +
 .../kotlin/net/corda/node/internal/Node.kt    |  19 +-
 .../cordapp/JarScanningCordappLoader.kt       |  24 +-
 .../node/services/config/NodeConfiguration.kt |   7 +-
 .../node/internal/FlowRegistrationTest.kt     |  42 +++-
 .../node/internal/NodeFlowManagerTest.kt      | 110 +++++++++
 .../net/corda/node/internal/NodeTest.kt       |   5 +-
 .../cordapp/JarScanningCordappLoaderTest.kt   |   4 +-
 .../config/NodeConfigurationImplTest.kt       |   7 +-
 .../statemachine/FlowFrameworkTests.kt        |  90 ++++---
 .../vault/VaultSoftLockManagerTest.kt         |  11 +-
 samples/trader-demo/build.gradle              |  14 ++
 .../net/corda/traderdemo/flow/BuyerFlow.kt    |  36 +--
 .../corda/traderdemo/flow/LoggingBuyerFlow.kt |  48 ++++
 .../kotlin/net/corda/testing/driver/Driver.kt |   3 +-
 .../net/corda/testing/driver/DriverDSL.kt     |  26 +-
 .../testing/driver/internal/DriverInternal.kt |   7 +-
 .../net/corda/testing/node/MockNetwork.kt     |  34 ++-
 .../testing/node/internal/DriverDSLImpl.kt    |  26 +-
 .../node/internal/InternalMockNetwork.kt      |  80 +++++--
 .../testing/node/internal/NodeBasedTest.kt    |  12 +-
 .../testing/internal/MockCordappProvider.kt   |   2 -
 36 files changed, 930 insertions(+), 324 deletions(-)
 create mode 100644 docs/source/flow-overriding.rst
 create mode 100644 node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt
 create mode 100644 node/src/main/kotlin/net/corda/node/internal/FlowManager.kt
 create mode 100644 node/src/test/kotlin/net/corda/node/internal/NodeFlowManagerTest.kt
 create mode 100644 samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/LoggingBuyerFlow.kt

diff --git a/constants.properties b/constants.properties
index 8fde90cd02..9ed2417171 100644
--- a/constants.properties
+++ b/constants.properties
@@ -1,4 +1,4 @@
-gradlePluginsVersion=4.0.32
+gradlePluginsVersion=4.0.33
 kotlinVersion=1.2.71
 # ***************************************************************#
 # When incrementing platformVersion make sure to update          #
diff --git a/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt b/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt
index d17d053e1f..0535f051e6 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/Attachment.kt
@@ -1,7 +1,6 @@
 package net.corda.core.contracts
 
 import net.corda.core.KeepForDJVM
-import net.corda.core.identity.Party
 import net.corda.core.internal.extractFile
 import net.corda.core.serialization.CordaSerializable
 import java.io.FileNotFoundException
diff --git a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
index 76ffc8a866..55be99325b 100644
--- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
@@ -3,7 +3,6 @@ package net.corda.core.contracts
 import net.corda.core.DoNotImplement
 import net.corda.core.KeepForDJVM
 import net.corda.core.contracts.AlwaysAcceptAttachmentConstraint.isSatisfiedBy
-import net.corda.core.crypto.CompositeKey
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.isFulfilledBy
 import net.corda.core.internal.AttachmentWithContext
diff --git a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
index 8ab16a5190..2d6075a5e3 100644
--- a/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/cordapp/CordappImpl.kt
@@ -43,7 +43,7 @@ data class CordappImpl(
      */
     override val cordappClasses: List<String> = run {
         val classList = rpcFlows + initiatedFlows + services + serializationWhitelists.map { javaClass } + notaryService
-         classList.mapNotNull { it?.name } + contractClassNames
+        classList.mapNotNull { it?.name } + contractClassNames
     }
 
     // TODO Why a seperate Info class and not just have the fields directly in CordappImpl?
diff --git a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
index 99c069de88..e52bda5456 100644
--- a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
+++ b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
@@ -5,7 +5,10 @@ import net.corda.core.CordaInternal
 import net.corda.core.DeleteForDJVM
 import net.corda.core.contracts.*
 import net.corda.core.cordapp.CordappProvider
-import net.corda.core.crypto.*
+import net.corda.core.crypto.CompositeKey
+import net.corda.core.crypto.SecureHash
+import net.corda.core.crypto.SignableData
+import net.corda.core.crypto.SignatureMetadata
 import net.corda.core.identity.Party
 import net.corda.core.internal.FlowStateMachine
 import net.corda.core.internal.ensureMinimumPlatformVersion
diff --git a/core/src/test/kotlin/net/corda/core/flows/FlowTestsUtils.kt b/core/src/test/kotlin/net/corda/core/flows/FlowTestsUtils.kt
index fbb2d3bad2..ea3b44a98b 100644
--- a/core/src/test/kotlin/net/corda/core/flows/FlowTestsUtils.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/FlowTestsUtils.kt
@@ -1,10 +1,13 @@
 package net.corda.core.flows
 
 import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.concurrent.CordaFuture
+import net.corda.core.toFuture
 import net.corda.core.utilities.UntrustworthyData
 import net.corda.core.utilities.unwrap
 import net.corda.node.internal.InitiatedFlowFactory
 import net.corda.testing.node.internal.TestStartedNode
+import rx.Observable
 import kotlin.reflect.KClass
 
 /**
@@ -34,20 +37,6 @@ class NoAnswer(private val closure: () -> Unit = {}) : FlowLogic<Unit>() {
     override fun call() = closure()
 }
 
-/**
- * Allows to register a flow of type [R] against an initiating flow of type [I].
- */
-inline fun <I : FlowLogic<*>, reified R : FlowLogic<*>> TestStartedNode.registerInitiatedFlow(initiatingFlowType: KClass<I>, crossinline construct: (session: FlowSession) -> R) {
-    registerFlowFactory(initiatingFlowType.java, InitiatedFlowFactory.Core { session -> construct(session) }, R::class.javaObjectType, true)
-}
-
-/**
- * Allows to register a flow of type [Answer] against an initiating flow of type [I], returning a valure of type [R].
- */
-inline fun <I : FlowLogic<*>, reified R : Any> TestStartedNode.registerAnswer(initiatingFlowType: KClass<I>, value: R) {
-    registerFlowFactory(initiatingFlowType.java, InitiatedFlowFactory.Core { session -> Answer(session, value) }, Answer::class.javaObjectType, true)
-}
-
 /**
  * Extracts data from a [Map[FlowSession, UntrustworthyData<Any>]] without performing checks and casting to [R].
  */
@@ -112,4 +101,23 @@ inline fun <reified R : Any> FlowLogic<*>.receiveAll(session: FlowSession, varar
 
 private fun Array<out Pair<FlowSession, Class<out Any>>>.enforceNoDuplicates() {
     require(this.size == this.toSet().size) { "A flow session can only appear once as argument." }
+}
+
+inline fun <reified P : FlowLogic<*>> TestStartedNode.registerCordappFlowFactory(
+        initiatingFlowClass: KClass<out FlowLogic<*>>,
+        initiatedFlowVersion: Int = 1,
+        noinline flowFactory: (FlowSession) -> P): CordaFuture<P> {
+
+    val observable = internals.registerInitiatedFlowFactory(
+            initiatingFlowClass.java,
+            P::class.java,
+            InitiatedFlowFactory.CorDapp(initiatedFlowVersion, "", flowFactory),
+            track = true)
+    return observable.toFuture()
+}
+
+fun <T : FlowLogic<*>> TestStartedNode.registerCoreFlowFactory(initiatingFlowClass: Class<out FlowLogic<*>>,
+                                                               initiatedFlowClass: Class<T>,
+                                                               flowFactory: (FlowSession) -> T , track: Boolean): Observable<T> {
+    return this.internals.registerInitiatedFlowFactory(initiatingFlowClass, initiatedFlowClass, InitiatedFlowFactory.Core(flowFactory), track)
 }
\ No newline at end of file
diff --git a/core/src/test/kotlin/net/corda/core/flows/ReceiveAllFlowTests.kt b/core/src/test/kotlin/net/corda/core/flows/ReceiveAllFlowTests.kt
index c546a06c20..ec56bb1237 100644
--- a/core/src/test/kotlin/net/corda/core/flows/ReceiveAllFlowTests.kt
+++ b/core/src/test/kotlin/net/corda/core/flows/ReceiveAllFlowTests.kt
@@ -2,16 +2,18 @@ package net.corda.core.flows
 
 import co.paralleluniverse.fibers.Suspendable
 import com.natpryce.hamkrest.assertion.assert
-import net.corda.testing.internal.matchers.flow.willReturn
 import net.corda.core.flows.mixins.WithMockNet
 import net.corda.core.identity.Party
 import net.corda.core.utilities.UntrustworthyData
 import net.corda.core.utilities.unwrap
 import net.corda.testing.core.singleIdentity
+import net.corda.testing.internal.matchers.flow.willReturn
 import net.corda.testing.node.internal.InternalMockNetwork
+import net.corda.testing.node.internal.TestStartedNode
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.AfterClass
 import org.junit.Test
+import kotlin.reflect.KClass
 
 
 class ReceiveMultipleFlowTests : WithMockNet {
@@ -43,7 +45,7 @@ class ReceiveMultipleFlowTests : WithMockNet {
             }
         }
 
-        nodes[1].registerInitiatedFlow(initiatingFlow::class) { session ->
+        nodes[1].registerCordappFlowFactory(initiatingFlow::class) { session ->
             object : FlowLogic<Unit>() {
                 @Suspendable
                 override fun call() {
@@ -123,4 +125,15 @@ class ReceiveMultipleFlowTests : WithMockNet {
             return double * string.length
         }
     }
+}
+
+private inline fun <reified T> TestStartedNode.registerAnswer(kClass: KClass<out FlowLogic<Any>>, value1: T) {
+    this.registerCordappFlowFactory(kClass) { session ->
+        object : FlowLogic<Unit>() {
+            @Suspendable
+            override fun call() {
+                session.send(value1!!)
+            }
+        }
+    }
 }
\ No newline at end of file
diff --git a/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt b/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
index 7f83f23a47..1a379a9f09 100644
--- a/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
+++ b/core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
@@ -8,7 +8,6 @@ import net.corda.core.JarSignatureTestUtils.updateJar
 import net.corda.core.identity.Party
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
-import net.corda.testing.core.CHARLIE_NAME
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.AfterClass
diff --git a/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt b/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt
index 3ba769ce88..c89e1d0c17 100644
--- a/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt
+++ b/core/src/test/kotlin/net/corda/core/serialization/AttachmentSerializationTest.kt
@@ -3,16 +3,12 @@ package net.corda.core.serialization
 import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.contracts.Attachment
 import net.corda.core.crypto.SecureHash
-import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.FlowSession
-import net.corda.core.flows.InitiatingFlow
-import net.corda.core.flows.TestNoSecurityDataVendingFlow
+import net.corda.core.flows.*
 import net.corda.core.identity.Party
 import net.corda.core.internal.FetchAttachmentsFlow
 import net.corda.core.internal.FetchDataFlow
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
-import net.corda.node.internal.InitiatedFlowFactory
 import net.corda.node.services.persistence.NodeAttachmentService
 import net.corda.nodeapi.internal.persistence.currentDBSession
 import net.corda.testing.core.ALICE_NAME
@@ -151,11 +147,10 @@ class AttachmentSerializationTest {
     }
 
     private fun launchFlow(clientLogic: ClientLogic, rounds: Int, sendData: Boolean = false) {
-        server.registerFlowFactory(
-                ClientLogic::class.java,
-                InitiatedFlowFactory.Core { ServerLogic(it, sendData) },
-                ServerLogic::class.java,
-                track = false)
+        server.registerCordappFlowFactory(
+                ClientLogic::class,
+                1
+        ) { ServerLogic(it, sendData) }
         client.services.startFlow(clientLogic)
         mockNet.runNetwork(rounds)
     }
diff --git a/docs/source/flow-overriding.rst b/docs/source/flow-overriding.rst
new file mode 100644
index 0000000000..273ff7fa03
--- /dev/null
+++ b/docs/source/flow-overriding.rst
@@ -0,0 +1,141 @@
+Configuring Responder Flows
+===========================
+
+A flow can be a fairly complex thing that interacts with many backend systems, and so it is likely that different users
+of a specific CordApp will require differences in how flows interact with their specific infrastructure.
+
+Corda supports this functionality by providing two mechanisms to modify the behaviour of apps in your node.
+
+Subclassing a Flow
+------------------
+
+If you have a workflow which is mostly common, but also requires slight alterations in specific situations, most developers would be familiar
+with refactoring into `Base` and `Sub` classes. A simple example is shown below.
+
+java
+~~~~
+
+   .. code-block:: java
+
+    @InitiatingFlow
+    public class Initiator extends FlowLogic<String> {
+        private final Party otherSide;
+
+        public Initiator(Party otherSide) {
+            this.otherSide = otherSide;
+        }
+
+        @Override
+        public String call() throws FlowException {
+            return initiateFlow(otherSide).receive(String.class).unwrap((it) -> it);
+        }
+    }
+
+    @InitiatedBy(Initiator.class)
+    public class BaseResponder extends FlowLogic<Void> {
+        private FlowSession counterpartySession;
+
+        public BaseResponder(FlowSession counterpartySession) {
+            super();
+            this.counterpartySession = counterpartySession;
+        }
+
+        @Override
+        public Void call() throws FlowException {
+            counterpartySession.send(getMessage());
+            return Void;
+        }
+
+
+        protected String getMessage() {
+            return "This Is the Legacy Responder";
+        }
+    }
+
+    public class SubResponder extends BaseResponder {
+
+        public SubResponder(FlowSession counterpartySession) {
+            super(counterpartySession);
+        }
+
+        @Override
+        protected String getMessage() {
+            return "This is the sub responder";
+        }
+    }
+
+
+
+kotlin
+~~~~~~
+
+    .. code-block:: kotlin
+
+        @InitiatedBy(Initiator::class)
+        open class BaseResponder(internal val otherSideSession: FlowSession) : FlowLogic<Unit>() {
+            @Suspendable
+            override fun call() {
+                otherSideSession.send(getMessage())
+            }
+            protected open fun getMessage() = "This Is the Legacy Responder"
+        }
+
+        @InitiatedBy(Initiator::class)
+        class SubResponder(otherSideSession: FlowSession) : BaseResponder(otherSideSession) {
+            override fun getMessage(): String {
+                return "This is the sub responder"
+            }
+        }
+
+
+
+
+
+Corda would detect that both ``BaseResponder`` and ``SubResponder`` are configured for responding to ``Initiator``.
+Corda will then calculate the hops to ``FlowLogic`` and select the implementation which is furthest distance, ie: the most subclassed implementation.
+In the above example, ``SubResponder`` would be selected as the default responder for ``Initiator``
+
+.. note:: The flows do not need to be within the same CordApp, or package, therefore to customise a shared app you obtained from a third party, you'd write your own CorDapp that subclasses the first."
+
+Overriding a flow via node configuration
+----------------------------------------
+
+Whilst the subclassing approach is likely to be useful for most applications, there is another mechanism to override this behaviour.
+This would be useful if for example, a specific CordApp user requires such a different responder that subclassing an existing flow
+would not be a good solution. In this case, it's possible to specify a hardcoded flow via the node configuration.
+
+The configuration section is named ``flowOverrides`` and it accepts an array of ``overrides``
+
+.. container:: codeset
+
+    .. code-block:: json
+
+        flowOverrides {
+            overrides=[
+                {
+                    initiator="net.corda.Initiator"
+                    responder="net.corda.BaseResponder"
+                }
+            ]
+        }
+
+The cordform plugin also provides a ``flowOverride`` method within the ``deployNodes`` block which can be used to override a flow. In the below example, we will override
+the ``SubResponder`` with ``BaseResponder``
+
+.. container:: codeset
+
+    .. code-block:: groovy
+
+        node {
+            name "O=Bank,L=London,C=GB"
+            p2pPort 10025
+            rpcUsers = ext.rpcUsers
+            rpcSettings {
+                address "localhost:10026"
+                adminAddress "localhost:10027"
+            }
+            extraConfig = ['h2Settings.address' : 'localhost:10035']
+            flowOverride("net.corda.Initiator", "net.corda.BaseResponder")
+        }
+
+This will generate the corresponding ``flowOverrides`` section and place it in the configuration for that node.
\ No newline at end of file
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt
new file mode 100644
index 0000000000..881daf18cf
--- /dev/null
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt
@@ -0,0 +1,85 @@
+package net.corda.node.flows
+
+import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.flows.*
+import net.corda.core.identity.Party
+import net.corda.core.messaging.startFlow
+import net.corda.core.utilities.getOrThrow
+import net.corda.core.utilities.unwrap
+import net.corda.testing.core.singleIdentity
+import net.corda.testing.driver.DriverParameters
+import net.corda.testing.driver.driver
+import net.corda.testing.node.internal.cordappForClasses
+import org.hamcrest.CoreMatchers.`is`
+import org.junit.Assert
+import org.junit.Test
+
+class FlowOverrideTests {
+
+    @StartableByRPC
+    @InitiatingFlow
+    class Ping(private val pongParty: Party) : FlowLogic<String>() {
+        @Suspendable
+        override fun call(): String {
+            val pongSession = initiateFlow(pongParty)
+            return pongSession.sendAndReceive<String>("PING").unwrap { it }
+        }
+    }
+
+    @InitiatedBy(Ping::class)
+    open class Pong(private val pingSession: FlowSession) : FlowLogic<Unit>() {
+        companion object {
+            val PONG = "PONG"
+        }
+
+        @Suspendable
+        override fun call() {
+            pingSession.send(PONG)
+        }
+    }
+
+    @InitiatedBy(Ping::class)
+    class Pong2(private val pingSession: FlowSession) : FlowLogic<Unit>() {
+        @Suspendable
+        override fun call() {
+            pingSession.send("PONGPONG")
+        }
+    }
+
+    @InitiatedBy(Ping::class)
+    class Pongiest(private val pingSession: FlowSession) : Pong(pingSession) {
+
+        companion object {
+            val GORGONZOLA = "Gorgonzola"
+        }
+
+        @Suspendable
+        override fun call() {
+            pingSession.send(GORGONZOLA)
+        }
+    }
+
+    private val nodeAClasses = setOf(Ping::class.java,
+            Pong::class.java, Pongiest::class.java)
+    private val nodeBClasses = setOf(Ping::class.java, Pong::class.java)
+
+    @Test
+    fun `should use the most "specific" implementation of a responding flow`() {
+        driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
+            val nodeA = startNode(additionalCordapps = setOf(cordappForClasses(*nodeAClasses.toTypedArray()))).getOrThrow()
+            val nodeB = startNode(additionalCordapps = setOf(cordappForClasses(*nodeBClasses.toTypedArray()))).getOrThrow()
+            Assert.assertThat(nodeB.rpc.startFlow(::Ping, nodeA.nodeInfo.singleIdentity()).returnValue.getOrThrow(), `is`(net.corda.node.flows.FlowOverrideTests.Pongiest.GORGONZOLA))
+        }
+    }
+
+    @Test
+    fun `should use the overriden implementation of a responding flow`() {
+        val flowOverrides = mapOf(Ping::class.java to Pong::class.java)
+        driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
+            val nodeA = startNode(additionalCordapps = setOf(cordappForClasses(*nodeAClasses.toTypedArray())), flowOverrides = flowOverrides).getOrThrow()
+            val nodeB = startNode(additionalCordapps = setOf(cordappForClasses(*nodeBClasses.toTypedArray()))).getOrThrow()
+            Assert.assertThat(nodeB.rpc.startFlow(::Ping, nodeA.nodeInfo.singleIdentity()).returnValue.getOrThrow(), `is`(net.corda.node.flows.FlowOverrideTests.Pong.PONG))
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/node/src/integration-test/kotlin/net/corda/node/services/statemachine/FlowVersioningTest.kt b/node/src/integration-test/kotlin/net/corda/node/services/statemachine/FlowVersioningTest.kt
index f4b3531b13..1248d75b4f 100644
--- a/node/src/integration-test/kotlin/net/corda/node/services/statemachine/FlowVersioningTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/services/statemachine/FlowVersioningTest.kt
@@ -7,10 +7,11 @@ import net.corda.core.flows.InitiatingFlow
 import net.corda.core.identity.Party
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
-import net.corda.testing.core.singleIdentity
-import net.corda.testing.node.internal.NodeBasedTest
+import net.corda.node.internal.NodeFlowManager
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
+import net.corda.testing.core.singleIdentity
+import net.corda.testing.node.internal.NodeBasedTest
 import net.corda.testing.node.internal.startFlow
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
@@ -18,9 +19,10 @@ import org.junit.Test
 class FlowVersioningTest : NodeBasedTest() {
     @Test
     fun `getFlowContext returns the platform version for core flows`() {
+        val bobFlowManager = NodeFlowManager()
         val alice = startNode(ALICE_NAME, platformVersion = 2)
-        val bob = startNode(BOB_NAME, platformVersion = 3)
-        bob.node.installCoreFlow(PretendInitiatingCoreFlow::class, ::PretendInitiatedCoreFlow)
+        val bob = startNode(BOB_NAME, platformVersion = 3, flowManager = bobFlowManager)
+        bobFlowManager.registerInitiatedCoreFlowFactory(PretendInitiatingCoreFlow::class, ::PretendInitiatedCoreFlow)
         val (alicePlatformVersionAccordingToBob, bobPlatformVersionAccordingToAlice) = alice.services.startFlow(
                 PretendInitiatingCoreFlow(bob.info.singleIdentity())).resultFuture.getOrThrow()
         assertThat(alicePlatformVersionAccordingToBob).isEqualTo(2)
@@ -45,4 +47,5 @@ class FlowVersioningTest : NodeBasedTest() {
         @Suspendable
         override fun call() = otherSideSession.send(otherSideSession.getCounterpartyFlowInfo().flowVersion)
     }
+
 }
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index d8b9aa15a6..2d12f73a9e 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -30,7 +30,10 @@ import net.corda.core.schemas.MappedSchema
 import net.corda.core.serialization.SerializationWhitelist
 import net.corda.core.serialization.SerializeAsToken
 import net.corda.core.serialization.SingletonSerializeAsToken
-import net.corda.core.utilities.*
+import net.corda.core.utilities.NetworkHostAndPort
+import net.corda.core.utilities.days
+import net.corda.core.utilities.getOrThrow
+import net.corda.core.utilities.minutes
 import net.corda.node.CordaClock
 import net.corda.node.SerialFilter
 import net.corda.node.VersionInfo
@@ -99,13 +102,10 @@ import java.time.Clock
 import java.time.Duration
 import java.time.format.DateTimeParseException
 import java.util.*
-import java.util.concurrent.ConcurrentHashMap
 import java.util.concurrent.ExecutorService
 import java.util.concurrent.Executors
 import java.util.concurrent.TimeUnit.MINUTES
 import java.util.concurrent.TimeUnit.SECONDS
-import kotlin.collections.set
-import kotlin.reflect.KClass
 import net.corda.core.crypto.generateKeyPair as cryptoGenerateKeyPair
 
 /**
@@ -120,11 +120,11 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
                                val platformClock: CordaClock,
                                cacheFactoryPrototype: BindableNamedCacheFactory,
                                protected val versionInfo: VersionInfo,
+                               protected val flowManager: FlowManager,
                                protected val serverThread: AffinityExecutor.ServiceAffinityExecutor,
                                private val busyNodeLatch: ReusableLatch = ReusableLatch()) : SingletonSerializeAsToken() {
 
     protected abstract val log: Logger
-
     @Suppress("LeakingThis")
     private var tokenizableServices: MutableList<Any>? = mutableListOf(platformClock, this)
 
@@ -211,7 +211,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     ).tokenize().closeOnStop()
 
     private val cordappServices = MutableClassToInstanceMap.create<SerializeAsToken>()
-    private val flowFactories = ConcurrentHashMap<Class<out FlowLogic<*>>, InitiatedFlowFactory<*>>()
     private val shutdownExecutor = Executors.newSingleThreadExecutor()
 
     protected abstract val transactionVerifierWorkerCount: Int
@@ -237,7 +236,8 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     private var _started: S? = null
 
     private fun <T : Any> T.tokenize(): T {
-        tokenizableServices?.add(this) ?: throw IllegalStateException("The tokenisable services list has already been finalised")
+        tokenizableServices?.add(this)
+                ?: throw IllegalStateException("The tokenisable services list has already been finalised")
         return this
     }
 
@@ -607,91 +607,27 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     }
 
     private fun registerCordappFlows() {
-        cordappLoader.cordapps.flatMap { it.initiatedFlows }
-                .forEach {
+        cordappLoader.cordapps.forEach { cordapp ->
+            cordapp.initiatedFlows.groupBy { it.requireAnnotation<InitiatedBy>().value.java }.forEach { initiator, responders ->
+                responders.forEach { responder ->
                     try {
-                        registerInitiatedFlowInternal(smm, it, track = false)
+                        flowManager.registerInitiatedFlow(initiator, responder)
                     } catch (e: NoSuchMethodException) {
-                        log.error("${it.name}, as an initiated flow, must have a constructor with a single parameter " +
+                        log.error("${responder.name}, as an initiated flow, must have a constructor with a single parameter " +
                                 "of type ${Party::class.java.name}")
-                    } catch (e: Exception) {
-                        log.error("Unable to register initiated flow ${it.name}", e)
+                        throw e
                     }
                 }
-    }
-
-    fun <T : FlowLogic<*>> registerInitiatedFlow(smm: StateMachineManager, initiatedFlowClass: Class<T>): Observable<T> {
-        return registerInitiatedFlowInternal(smm, initiatedFlowClass, track = true)
-    }
-
-    // TODO remove once not needed
-    private fun deprecatedFlowConstructorMessage(flowClass: Class<*>): String {
-        return "Installing flow factory for $flowClass accepting a ${Party::class.java.simpleName}, which is deprecated. " +
-                "It should accept a ${FlowSession::class.java.simpleName} instead"
-    }
-
-    private fun <F : FlowLogic<*>> registerInitiatedFlowInternal(smm: StateMachineManager, initiatedFlow: Class<F>, track: Boolean): Observable<F> {
-        val constructors = initiatedFlow.declaredConstructors.associateBy { it.parameterTypes.toList() }
-        val flowSessionCtor = constructors[listOf(FlowSession::class.java)]?.apply { isAccessible = true }
-        val ctor: (FlowSession) -> F = if (flowSessionCtor == null) {
-            // Try to fallback to a Party constructor
-            val partyCtor = constructors[listOf(Party::class.java)]?.apply { isAccessible = true }
-            if (partyCtor == null) {
-                throw IllegalArgumentException("$initiatedFlow must have a constructor accepting a ${FlowSession::class.java.name}")
-            } else {
-                log.warn(deprecatedFlowConstructorMessage(initiatedFlow))
             }
-            { flowSession: FlowSession -> uncheckedCast(partyCtor.newInstance(flowSession.counterparty)) }
-        } else {
-            { flowSession: FlowSession -> uncheckedCast(flowSessionCtor.newInstance(flowSession)) }
         }
-        val initiatingFlow = initiatedFlow.requireAnnotation<InitiatedBy>().value.java
-        val (version, classWithAnnotation) = initiatingFlow.flowVersionAndInitiatingClass
-        require(classWithAnnotation == initiatingFlow) {
-            "${InitiatedBy::class.java.name} must point to ${classWithAnnotation.name} and not ${initiatingFlow.name}"
-        }
-        val flowFactory = InitiatedFlowFactory.CorDapp(version, initiatedFlow.appName, ctor)
-        val observable = internalRegisterFlowFactory(smm, initiatingFlow, flowFactory, initiatedFlow, track)
-        log.info("Registered ${initiatingFlow.name} to initiate ${initiatedFlow.name} (version $version)")
-        return observable
-    }
-
-    protected fun <F : FlowLogic<*>> internalRegisterFlowFactory(smm: StateMachineManager,
-                                                                 initiatingFlowClass: Class<out FlowLogic<*>>,
-                                                                 flowFactory: InitiatedFlowFactory<F>,
-                                                                 initiatedFlowClass: Class<F>,
-                                                                 track: Boolean): Observable<F> {
-        val observable = if (track) {
-            smm.changes.filter { it is StateMachineManager.Change.Add }.map { it.logic }.ofType(initiatedFlowClass)
-        } else {
-            Observable.empty()
-        }
-        check(initiatingFlowClass !in flowFactories.keys) {
-            "$initiatingFlowClass is attempting to register multiple initiated flows"
-        }
-        flowFactories[initiatingFlowClass] = flowFactory
-        return observable
-    }
-
-    /**
-     * Installs a flow that's core to the Corda platform. Unlike CorDapp flows which are versioned individually using
-     * [InitiatingFlow.version], core flows have the same version as the node's platform version. To cater for backwards
-     * compatibility [flowFactory] provides a second parameter which is the platform version of the initiating party.
-     */
-    @VisibleForTesting
-    fun installCoreFlow(clientFlowClass: KClass<out FlowLogic<*>>, flowFactory: (FlowSession) -> FlowLogic<*>) {
-        require(clientFlowClass.java.flowVersionAndInitiatingClass.first == 1) {
-            "${InitiatingFlow::class.java.name}.version not applicable for core flows; their version is the node's platform version"
-        }
-        flowFactories[clientFlowClass.java] = InitiatedFlowFactory.Core(flowFactory)
-        log.debug { "Installed core flow ${clientFlowClass.java.name}" }
+        flowManager.validateRegistrations()
     }
 
     private fun installCoreFlows() {
-        installCoreFlow(FinalityFlow::class, ::FinalityHandler)
-        installCoreFlow(NotaryChangeFlow::class, ::NotaryChangeHandler)
-        installCoreFlow(ContractUpgradeFlow.Initiate::class, ::ContractUpgradeHandler)
-        installCoreFlow(SwapIdentitiesFlow::class, ::SwapIdentitiesHandler)
+        flowManager.registerInitiatedCoreFlowFactory(FinalityFlow::class, FinalityHandler::class, ::FinalityHandler)
+        flowManager.registerInitiatedCoreFlowFactory(NotaryChangeFlow::class, NotaryChangeHandler::class, ::NotaryChangeHandler)
+        flowManager.registerInitiatedCoreFlowFactory(ContractUpgradeFlow.Initiate::class, NotaryChangeHandler::class, ::ContractUpgradeHandler)
+        flowManager.registerInitiatedCoreFlowFactory(SwapIdentitiesFlow::class, SwapIdentitiesHandler::class, ::SwapIdentitiesHandler)
     }
 
     protected open fun makeTransactionStorage(transactionCacheSizeBytes: Long): WritableTransactionStorage {
@@ -781,7 +717,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             service.run {
                 tokenize()
                 runOnStop += ::stop
-                installCoreFlow(NotaryFlow.Client::class, ::createServiceFlow)
+                flowManager.registerInitiatedCoreFlowFactory(NotaryFlow.Client::class, ::createServiceFlow)
                 start()
             }
             return service
@@ -961,7 +897,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         }
 
         override fun getFlowFactory(initiatingFlowClass: Class<out FlowLogic<*>>): InitiatedFlowFactory<*>? {
-            return flowFactories[initiatingFlowClass]
+            return flowManager.getFlowFactoryForInitiatingFlow(initiatingFlowClass)
         }
 
         override fun jdbcSession(): Connection = database.createSession()
@@ -1066,4 +1002,4 @@ fun clientSslOptionsCompatibleWith(nodeRpcOptions: NodeRpcOptions): ClientRpcSsl
     }
     // Here we're using the node's RPC key store as the RPC client's trust store.
     return ClientRpcSslOptions(trustStorePath = nodeRpcOptions.sslConfig!!.keyStorePath, trustStorePassword = nodeRpcOptions.sslConfig!!.keyStorePassword)
-}
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/internal/FlowManager.kt b/node/src/main/kotlin/net/corda/node/internal/FlowManager.kt
new file mode 100644
index 0000000000..68aa8ff056
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/internal/FlowManager.kt
@@ -0,0 +1,222 @@
+package net.corda.node.internal
+
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.InitiatedBy
+import net.corda.core.flows.InitiatingFlow
+import net.corda.core.identity.Party
+import net.corda.core.internal.uncheckedCast
+import net.corda.core.utilities.contextLogger
+import net.corda.core.utilities.debug
+import net.corda.node.internal.classloading.requireAnnotation
+import net.corda.node.services.config.FlowOverrideConfig
+import net.corda.node.services.statemachine.appName
+import net.corda.node.services.statemachine.flowVersionAndInitiatingClass
+import javax.annotation.concurrent.ThreadSafe
+import kotlin.reflect.KClass
+
+/**
+ *
+ * This class is responsible for organising which flow should respond to a specific @InitiatingFlow
+ *
+ * There are two main ways to modify the behaviour of a cordapp with regards to responding with a different flow
+ *
+ *    1.) implementing a new subclass. For example, if we have a ResponderFlow similar to  @InitiatedBy(Sender) MyBaseResponder : FlowLogic
+ *        If we subclassed a new Flow with specific logic for DB2, it would be similar to IBMB2Responder() : MyBaseResponder
+ *        When these two flows are encountered by the classpath scan for @InitiatedBy, they will both be selected for responding to Sender
+ *        This implementation will sort them for responding in order of their "depth" from FlowLogic - see: FlowWeightComparator
+ *        So IBMB2Responder would win and it would be selected for responding
+ *
+ *    2.) It is possible to specify a flowOverride key in the node configuration. Say we configure a node to have
+ *        flowOverrides{
+ *          "Sender" = "MyBaseResponder"
+ *        }
+ *        In this case, FlowWeightComparator would detect that there is an override in action, and it will assign MyBaseResponder a maximum weight
+ *        This will result in MyBaseResponder being selected for responding to Sender
+ *
+ *
+ */
+interface FlowManager {
+
+    fun registerInitiatedCoreFlowFactory(initiatingFlowClass: KClass<out FlowLogic<*>>, flowFactory: (FlowSession) -> FlowLogic<*>)
+    fun registerInitiatedCoreFlowFactory(initiatingFlowClass: KClass<out FlowLogic<*>>, initiatedFlowClass: KClass<out FlowLogic<*>>?, flowFactory: (FlowSession) -> FlowLogic<*>)
+    fun registerInitiatedCoreFlowFactory(initiatingFlowClass: KClass<out FlowLogic<*>>, initiatedFlowClass: KClass<out FlowLogic<*>>?, flowFactory: InitiatedFlowFactory.Core<FlowLogic<*>>)
+
+    fun <F : FlowLogic<*>> registerInitiatedFlow(initiator: Class<out FlowLogic<*>>, responder: Class<F>)
+    fun <F : FlowLogic<*>> registerInitiatedFlow(responder: Class<F>)
+
+    fun getFlowFactoryForInitiatingFlow(initiatedFlowClass: Class<out FlowLogic<*>>): InitiatedFlowFactory<*>?
+
+    fun validateRegistrations()
+}
+
+@ThreadSafe
+open class NodeFlowManager(flowOverrides: FlowOverrideConfig? = null) : FlowManager {
+
+    private val flowFactories = HashMap<Class<out FlowLogic<*>>, MutableList<RegisteredFlowContainer>>()
+    private val flowOverrides = (flowOverrides
+            ?: FlowOverrideConfig()).overrides.map { it.initiator to it.responder }.toMutableMap()
+
+    companion object {
+        private val log = contextLogger()
+
+    }
+
+    @Synchronized
+    override fun getFlowFactoryForInitiatingFlow(initiatedFlowClass: Class<out FlowLogic<*>>): InitiatedFlowFactory<*>? {
+        return flowFactories[initiatedFlowClass]?.firstOrNull()?.flowFactory
+    }
+
+    @Synchronized
+    override fun <F : FlowLogic<*>> registerInitiatedFlow(responder: Class<F>) {
+        return registerInitiatedFlow(responder.requireAnnotation<InitiatedBy>().value.java, responder)
+    }
+
+    @Synchronized
+    override fun <F : FlowLogic<*>> registerInitiatedFlow(initiator: Class<out FlowLogic<*>>, responder: Class<F>) {
+        val constructors = responder.declaredConstructors.associateBy { it.parameterTypes.toList() }
+        val flowSessionCtor = constructors[listOf(FlowSession::class.java)]?.apply { isAccessible = true }
+        val ctor: (FlowSession) -> F = if (flowSessionCtor == null) {
+            // Try to fallback to a Party constructor
+            val partyCtor = constructors[listOf(Party::class.java)]?.apply { isAccessible = true }
+            if (partyCtor == null) {
+                throw IllegalArgumentException("$responder must have a constructor accepting a ${FlowSession::class.java.name}")
+            } else {
+                log.warn("Installing flow factory for $responder accepting a ${Party::class.java.simpleName}, which is deprecated. " +
+                        "It should accept a ${FlowSession::class.java.simpleName} instead")
+            }
+            { flowSession: FlowSession -> uncheckedCast(partyCtor.newInstance(flowSession.counterparty)) }
+        } else {
+            { flowSession: FlowSession -> uncheckedCast(flowSessionCtor.newInstance(flowSession)) }
+        }
+        val (version, classWithAnnotation) = initiator.flowVersionAndInitiatingClass
+        require(classWithAnnotation == initiator) {
+            "${InitiatedBy::class.java.name} must point to ${classWithAnnotation.name} and not ${initiator.name}"
+        }
+        val flowFactory = InitiatedFlowFactory.CorDapp(version, responder.appName, ctor)
+        registerInitiatedFlowFactory(initiator, flowFactory, responder)
+        log.info("Registered ${initiator.name} to initiate ${responder.name} (version $version)")
+    }
+
+    private fun <F : FlowLogic<*>> registerInitiatedFlowFactory(initiatingFlowClass: Class<out FlowLogic<*>>,
+                                                                flowFactory: InitiatedFlowFactory<F>,
+                                                                initiatedFlowClass: Class<F>?) {
+
+        check(flowFactory !is InitiatedFlowFactory.Core) { "This should only be used for Cordapp flows" }
+        val listOfFlowsForInitiator = flowFactories.computeIfAbsent(initiatingFlowClass) { mutableListOf() }
+        if (listOfFlowsForInitiator.isNotEmpty() && listOfFlowsForInitiator.first().type == FlowType.CORE) {
+            throw IllegalStateException("Attempting to register over an existing platform flow: $initiatingFlowClass")
+        }
+        synchronized(listOfFlowsForInitiator) {
+            val flowToAdd = RegisteredFlowContainer(initiatingFlowClass, initiatedFlowClass, flowFactory, FlowType.CORDAPP)
+            val flowWeightComparator = FlowWeightComparator(initiatingFlowClass, flowOverrides)
+            listOfFlowsForInitiator.add(flowToAdd)
+            listOfFlowsForInitiator.sortWith(flowWeightComparator)
+            if (listOfFlowsForInitiator.size > 1) {
+                log.warn("Multiple flows are registered for InitiatingFlow: $initiatingFlowClass, currently using: ${listOfFlowsForInitiator.first().initiatedFlowClass}")
+            }
+        }
+
+    }
+
+    // TODO Harmonise use of these methods - 99% of invocations come from tests.
+    @Synchronized
+    override fun registerInitiatedCoreFlowFactory(initiatingFlowClass: KClass<out FlowLogic<*>>, initiatedFlowClass: KClass<out FlowLogic<*>>?, flowFactory: (FlowSession) -> FlowLogic<*>) {
+        registerInitiatedCoreFlowFactory(initiatingFlowClass, initiatedFlowClass, InitiatedFlowFactory.Core(flowFactory))
+    }
+
+    @Synchronized
+    override fun registerInitiatedCoreFlowFactory(initiatingFlowClass: KClass<out FlowLogic<*>>, flowFactory: (FlowSession) -> FlowLogic<*>) {
+        registerInitiatedCoreFlowFactory(initiatingFlowClass, null, InitiatedFlowFactory.Core(flowFactory))
+    }
+
+    @Synchronized
+    override fun registerInitiatedCoreFlowFactory(initiatingFlowClass: KClass<out FlowLogic<*>>, initiatedFlowClass: KClass<out FlowLogic<*>>?, flowFactory: InitiatedFlowFactory.Core<FlowLogic<*>>) {
+        require(initiatingFlowClass.java.flowVersionAndInitiatingClass.first == 1) {
+            "${InitiatingFlow::class.java.name}.version not applicable for core flows; their version is the node's platform version"
+        }
+        flowFactories.computeIfAbsent(initiatingFlowClass.java) { mutableListOf() }.add(
+                RegisteredFlowContainer(
+                        initiatingFlowClass.java,
+                        initiatedFlowClass?.java,
+                        flowFactory,
+                        FlowType.CORE)
+        )
+        log.debug { "Installed core flow ${initiatingFlowClass.java.name}" }
+    }
+
+    // To verify the integrity of the current state, it is important that the tip of the responders is a unique weight
+    // if there are multiple flows with the same weight as the tip, it means that it is impossible to reliably pick one as the responder
+    private fun validateInvariants(toValidate: List<RegisteredFlowContainer>) {
+        val currentTip = toValidate.first()
+        val flowWeightComparator = FlowWeightComparator(currentTip.initiatingFlowClass, flowOverrides)
+        val equalWeightAsCurrentTip = toValidate.map { flowWeightComparator.compare(currentTip, it) to it }.filter { it.first == 0 }.map { it.second }
+        if (equalWeightAsCurrentTip.size > 1) {
+            val message = "Unable to determine which flow to use when responding to: ${currentTip.initiatingFlowClass.canonicalName}. ${equalWeightAsCurrentTip.map { it.initiatedFlowClass!!.canonicalName }} are all registered with equal weight."
+            throw IllegalStateException(message)
+        }
+    }
+
+    @Synchronized
+    override fun validateRegistrations() {
+        flowFactories.values.forEach {
+            validateInvariants(it)
+        }
+    }
+
+    private enum class FlowType {
+        CORE, CORDAPP
+    }
+
+    private data class RegisteredFlowContainer(val initiatingFlowClass: Class<out FlowLogic<*>>,
+                                               val initiatedFlowClass: Class<out FlowLogic<*>>?,
+                                               val flowFactory: InitiatedFlowFactory<FlowLogic<*>>,
+                                               val type: FlowType)
+
+    // this is used to sort the responding flows in order of "importance"
+    // the logic is as follows
+    // IF responder is a specific lambda (like for notary implementations / testing code) always return that responder
+    // ELSE IF responder is present in the overrides list, always return that responder
+    // ELSE compare responding flows by their depth from FlowLogic, always return the flow which is most specific (IE, has the most hops to FlowLogic)
+    private open class FlowWeightComparator(val initiatingFlowClass: Class<out FlowLogic<*>>, val flowOverrides: Map<String, String>) : Comparator<NodeFlowManager.RegisteredFlowContainer> {
+
+        override fun compare(o1: NodeFlowManager.RegisteredFlowContainer, o2: NodeFlowManager.RegisteredFlowContainer): Int {
+            if (o1.initiatedFlowClass == null && o2.initiatedFlowClass != null) {
+                return Int.MIN_VALUE
+            }
+            if (o1.initiatedFlowClass != null && o2.initiatedFlowClass == null) {
+                return Int.MAX_VALUE
+            }
+
+            if (o1.initiatedFlowClass == null && o2.initiatedFlowClass == null) {
+                return 0
+            }
+
+            val hopsTo1 = calculateHopsToFlowLogic(initiatingFlowClass, o1.initiatedFlowClass!!)
+            val hopsTo2 = calculateHopsToFlowLogic(initiatingFlowClass, o2.initiatedFlowClass!!)
+            return hopsTo1.compareTo(hopsTo2) * -1
+        }
+
+        private fun calculateHopsToFlowLogic(initiatingFlowClass: Class<out FlowLogic<*>>,
+                                             initiatedFlowClass: Class<out FlowLogic<*>>): Int {
+
+            val overriddenClassName = flowOverrides[initiatingFlowClass.canonicalName]
+            return if (overriddenClassName == initiatedFlowClass.canonicalName) {
+                Int.MAX_VALUE
+            } else {
+                var currentClass: Class<*> = initiatedFlowClass
+                var count = 0
+                while (currentClass != FlowLogic::class.java) {
+                    currentClass = currentClass.superclass
+                    count++
+                }
+                count;
+            }
+        }
+
+    }
+}
+
+private fun <X, Y> Iterable<Pair<X, Y>>.toMutableMap(): MutableMap<X, Y> {
+    return this.toMap(HashMap())
+}
diff --git a/node/src/main/kotlin/net/corda/node/internal/InitiatedFlowFactory.kt b/node/src/main/kotlin/net/corda/node/internal/InitiatedFlowFactory.kt
index 3b86147c4e..9d00e83a28 100644
--- a/node/src/main/kotlin/net/corda/node/internal/InitiatedFlowFactory.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/InitiatedFlowFactory.kt
@@ -4,10 +4,12 @@ import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.FlowSession
 
 sealed class InitiatedFlowFactory<out F : FlowLogic<*>> {
+
     protected abstract val factory: (FlowSession) -> F
     fun createFlow(initiatingFlowSession: FlowSession): F = factory(initiatingFlowSession)
 
     data class Core<out F : FlowLogic<*>>(override val factory: (FlowSession) -> F) : InitiatedFlowFactory<F>()
+
     data class CorDapp<out F : FlowLogic<*>>(val flowVersion: Int,
                                              val appName: String,
                                              override val factory: (FlowSession) -> F) : InitiatedFlowFactory<F>()
diff --git a/node/src/main/kotlin/net/corda/node/internal/Node.kt b/node/src/main/kotlin/net/corda/node/internal/Node.kt
index c6cad69913..27523d9ccb 100644
--- a/node/src/main/kotlin/net/corda/node/internal/Node.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/Node.kt
@@ -43,6 +43,7 @@ import net.corda.node.services.api.StartedNodeServices
 import net.corda.node.services.config.*
 import net.corda.node.services.messaging.*
 import net.corda.node.services.rpc.ArtemisRpcBroker
+import net.corda.node.services.statemachine.StateMachineManager
 import net.corda.node.utilities.*
 import net.corda.nodeapi.internal.ArtemisMessagingComponent.Companion.INTERNAL_SHELL_USER
 import net.corda.nodeapi.internal.ShutdownHook
@@ -56,7 +57,6 @@ import org.apache.commons.lang.SystemUtils
 import org.h2.jdbc.JdbcSQLException
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
-import rx.Observable
 import rx.Scheduler
 import rx.schedulers.Schedulers
 import java.net.BindException
@@ -72,8 +72,7 @@ import kotlin.system.exitProcess
 class NodeWithInfo(val node: Node, val info: NodeInfo) {
     val services: StartedNodeServices = object : StartedNodeServices, ServiceHubInternal by node.services, FlowStarter by node.flowStarter {}
     fun dispose() = node.stop()
-    fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>): Observable<T> =
-            node.registerInitiatedFlow(node.smm, initiatedFlowClass)
+    fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>) = node.registerInitiatedFlow(node.smm, initiatedFlowClass)
 }
 
 /**
@@ -85,12 +84,14 @@ class NodeWithInfo(val node: Node, val info: NodeInfo) {
 open class Node(configuration: NodeConfiguration,
                 versionInfo: VersionInfo,
                 private val initialiseSerialization: Boolean = true,
+                flowManager: FlowManager = NodeFlowManager(configuration.flowOverrides),
                 cacheFactoryPrototype: BindableNamedCacheFactory = DefaultNamedCacheFactory()
 ) : AbstractNode<NodeInfo>(
         configuration,
         createClock(configuration),
         cacheFactoryPrototype,
         versionInfo,
+        flowManager,
         // Under normal (non-test execution) it will always be "1"
         AffinityExecutor.ServiceAffinityExecutor("Node thread-${sameVmNodeCounter.incrementAndGet()}", 1)
 ) {
@@ -202,7 +203,8 @@ open class Node(configuration: NodeConfiguration,
         return P2PMessagingClient(
                 config = configuration,
                 versionInfo = versionInfo,
-                serverAddress = configuration.messagingServerAddress ?: NetworkHostAndPort("localhost", configuration.p2pAddress.port),
+                serverAddress = configuration.messagingServerAddress
+                        ?: NetworkHostAndPort("localhost", configuration.p2pAddress.port),
                 nodeExecutor = serverThread,
                 database = database,
                 networkMap = networkMapCache,
@@ -228,7 +230,8 @@ open class Node(configuration: NodeConfiguration,
         }
 
         val messageBroker = if (!configuration.messagingServerExternal) {
-            val brokerBindAddress = configuration.messagingServerAddress ?: NetworkHostAndPort("0.0.0.0", configuration.p2pAddress.port)
+            val brokerBindAddress = configuration.messagingServerAddress
+                    ?: NetworkHostAndPort("0.0.0.0", configuration.p2pAddress.port)
             ArtemisMessagingServer(configuration, brokerBindAddress, networkParameters.maxMessageSize)
         } else {
             null
@@ -442,7 +445,7 @@ open class Node(configuration: NodeConfiguration,
         }.build().start()
     }
 
-    private fun registerNewRelicReporter (registry: MetricRegistry) {
+    private fun registerNewRelicReporter(registry: MetricRegistry) {
         log.info("Registering New Relic JMX Reporter:")
         val reporter = NewRelicReporter.forRegistry(registry)
                 .name("New Relic Reporter")
@@ -504,4 +507,8 @@ open class Node(configuration: NodeConfiguration,
 
         log.info("Shutdown complete")
     }
+
+    fun <T : FlowLogic<*>> registerInitiatedFlow(smm: StateMachineManager, initiatedFlowClass: Class<T>) {
+        this.flowManager.registerInitiatedFlow(initiatedFlowClass)
+    }
 }
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index ac1badeafe..b1ba5f9f29 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -19,7 +19,6 @@ import net.corda.core.serialization.SerializeAsToken
 import net.corda.core.utilities.contextLogger
 import net.corda.node.VersionInfo
 import net.corda.node.cordapp.CordappLoader
-import net.corda.node.internal.classloading.requireAnnotation
 import net.corda.nodeapi.internal.coreContractClasses
 import net.corda.serialization.internal.DefaultWhitelist
 import org.apache.commons.collections4.map.LRUMap
@@ -148,17 +147,6 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
 
     private fun findInitiatedFlows(scanResult: RestrictedScanResult): List<Class<out FlowLogic<*>>> {
         return scanResult.getClassesWithAnnotation(FlowLogic::class, InitiatedBy::class)
-                // First group by the initiating flow class in case there are multiple mappings
-                .groupBy { it.requireAnnotation<InitiatedBy>().value.java }
-                .map { (initiatingFlow, initiatedFlows) ->
-                    val sorted = initiatedFlows.sortedWith(FlowTypeHierarchyComparator(initiatingFlow))
-                    if (sorted.size > 1) {
-                        logger.warn("${initiatingFlow.name} has been specified as the inititating flow by multiple flows " +
-                                "in the same type hierarchy: ${sorted.joinToString { it.name }}. Choosing the most " +
-                                "specific sub-type for registration: ${sorted[0].name}.")
-                    }
-                    sorted[0]
-                }
     }
 
     private fun Class<out FlowLogic<*>>.isUserInvokable(): Boolean {
@@ -209,17 +197,7 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
         }
     }
 
-    private class FlowTypeHierarchyComparator(val initiatingFlow: Class<out FlowLogic<*>>) : Comparator<Class<out FlowLogic<*>>> {
-        override fun compare(o1: Class<out FlowLogic<*>>, o2: Class<out FlowLogic<*>>): Int {
-            return when {
-                o1 == o2 -> 0
-                o1.isAssignableFrom(o2) -> 1
-                o2.isAssignableFrom(o1) -> -1
-                else -> throw IllegalArgumentException("${initiatingFlow.name} has been specified as the initiating flow by " +
-                        "both ${o1.name} and ${o2.name}")
-            }
-        }
-    }
+
 
     private fun <T : Any> loadClass(className: String, type: KClass<T>): Class<out T>? {
         return try {
diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
index eab762dcdd..3073d7574a 100644
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@@ -76,6 +76,7 @@ interface NodeConfiguration {
     val p2pSslOptions: MutualSslConfiguration
 
     val cordappDirectories: List<Path>
+    val flowOverrides: FlowOverrideConfig?
 
     fun validate(): List<String>
 
@@ -97,6 +98,9 @@ interface NodeConfiguration {
     }
 }
 
+data class FlowOverrideConfig(val overrides: List<FlowOverride> = listOf())
+data class FlowOverride(val initiator: String, val responder: String)
+
 /**
  * Currently registered JMX Reporters
  */
@@ -210,7 +214,8 @@ data class NodeConfigurationImpl(
         override val flowMonitorPeriodMillis: Duration = DEFAULT_FLOW_MONITOR_PERIOD_MILLIS,
         override val flowMonitorSuspensionLoggingThresholdMillis: Duration = DEFAULT_FLOW_MONITOR_SUSPENSION_LOGGING_THRESHOLD_MILLIS,
         override val cordappDirectories: List<Path> = listOf(baseDirectory / CORDAPPS_DIR_NAME_DEFAULT),
-        override val jmxReporterType: JmxReporterType? = JmxReporterType.JOLOKIA
+        override val jmxReporterType: JmxReporterType? = JmxReporterType.JOLOKIA,
+        override val flowOverrides: FlowOverrideConfig?
 ) : NodeConfiguration {
     companion object {
         private val logger = loggerFor<NodeConfigurationImpl>()
diff --git a/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt b/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt
index e6a9b5fd3e..8b59037248 100644
--- a/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/FlowRegistrationTest.kt
@@ -12,7 +12,6 @@ import net.corda.testing.core.singleIdentity
 import net.corda.testing.node.MockNetwork
 import net.corda.testing.node.MockNodeParameters
 import net.corda.testing.node.StartedMockNode
-import org.assertj.core.api.Assertions.assertThatIllegalStateException
 import org.junit.After
 import org.junit.Before
 import org.junit.Test
@@ -39,15 +38,15 @@ class FlowRegistrationTest {
     }
 
     @Test
-    fun `startup fails when two flows initiated by the same flow are registered`() {
+    fun `succeeds when a subclass of a flow initiated by the same flow is registered`() {
         // register the same flow twice to invoke the error without causing errors in other tests
-        responder.registerInitiatedFlow(Responder::class.java)
-        assertThatIllegalStateException().isThrownBy { responder.registerInitiatedFlow(Responder::class.java) }
+        responder.registerInitiatedFlow(Responder1::class.java)
+        responder.registerInitiatedFlow(Responder1Subclassed::class.java)
     }
 
     @Test
     fun `a single initiated flow can be registered without error`() {
-        responder.registerInitiatedFlow(Responder::class.java)
+        responder.registerInitiatedFlow(Responder1::class.java)
         val result = initiator.startFlow(Initiator(responder.info.singleIdentity()))
         mockNetwork.runNetwork()
         assertNotNull(result.get())
@@ -63,7 +62,38 @@ class Initiator(val party: Party) : FlowLogic<String>() {
 }
 
 @InitiatedBy(Initiator::class)
-private class Responder(val session: FlowSession) : FlowLogic<Unit>() {
+private open class Responder1(val session: FlowSession) : FlowLogic<Unit>() {
+    open fun getPayload(): String {
+        return "whats up"
+    }
+
+    @Suspendable
+    override fun call() {
+        session.receive<String>().unwrap { it }
+        session.send("What's up")
+    }
+}
+
+@InitiatedBy(Initiator::class)
+private open class Responder2(val session: FlowSession) : FlowLogic<Unit>() {
+    open fun getPayload(): String {
+        return "whats up"
+    }
+
+    @Suspendable
+    override fun call() {
+        session.receive<String>().unwrap { it }
+        session.send("What's up")
+    }
+}
+
+@InitiatedBy(Initiator::class)
+private class Responder1Subclassed(session: FlowSession) : Responder1(session) {
+
+    override fun getPayload(): String {
+        return "im subclassed! that's what's up!"
+    }
+
     @Suspendable
     override fun call() {
         session.receive<String>().unwrap { it }
diff --git a/node/src/test/kotlin/net/corda/node/internal/NodeFlowManagerTest.kt b/node/src/test/kotlin/net/corda/node/internal/NodeFlowManagerTest.kt
new file mode 100644
index 0000000000..25722ef295
--- /dev/null
+++ b/node/src/test/kotlin/net/corda/node/internal/NodeFlowManagerTest.kt
@@ -0,0 +1,110 @@
+package net.corda.node.internal
+
+import net.corda.core.flows.FlowLogic
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.InitiatedBy
+import net.corda.core.flows.InitiatingFlow
+import net.corda.node.services.config.FlowOverride
+import net.corda.node.services.config.FlowOverrideConfig
+import org.hamcrest.CoreMatchers.`is`
+import org.hamcrest.CoreMatchers.instanceOf
+import org.junit.Assert
+import org.junit.Test
+import org.mockito.Mockito
+import java.lang.IllegalStateException
+
+private val marker = "This is a special marker"
+
+class NodeFlowManagerTest {
+
+    @InitiatingFlow
+    class Init : FlowLogic<Unit>() {
+        override fun call() {
+            TODO("not implemented")
+        }
+    }
+
+    @InitiatedBy(Init::class)
+    open class Resp(val otherSesh: FlowSession) : FlowLogic<Unit>() {
+        override fun call() {
+            TODO("not implemented")
+        }
+
+    }
+
+    @InitiatedBy(Init::class)
+    class Resp2(val otherSesh: FlowSession) : FlowLogic<Unit>() {
+        override fun call() {
+            TODO("not implemented")
+        }
+
+    }
+
+    @InitiatedBy(Init::class)
+    open class RespSub(sesh: FlowSession) : Resp(sesh) {
+        override fun call() {
+            TODO("not implemented")
+        }
+
+    }
+
+    @InitiatedBy(Init::class)
+    class RespSubSub(sesh: FlowSession) : RespSub(sesh) {
+        override fun call() {
+            TODO("not implemented")
+        }
+
+    }
+
+
+    @Test(expected = IllegalStateException::class)
+    fun `should fail to validate if more than one registration with equal weight`() {
+        val nodeFlowManager = NodeFlowManager()
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, Resp::class.java)
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, Resp2::class.java)
+        nodeFlowManager.validateRegistrations()
+    }
+
+    @Test()
+    fun `should allow registration of flows with different weights`() {
+        val nodeFlowManager = NodeFlowManager()
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, Resp::class.java)
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, RespSub::class.java)
+        nodeFlowManager.validateRegistrations()
+        val factory = nodeFlowManager.getFlowFactoryForInitiatingFlow(Init::class.java)!!
+        val flow = factory.createFlow(Mockito.mock(FlowSession::class.java))
+        Assert.assertThat(flow, `is`(instanceOf(RespSub::class.java)))
+    }
+
+    @Test()
+    fun `should allow updating of registered responder at runtime`() {
+        val nodeFlowManager = NodeFlowManager()
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, Resp::class.java)
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, RespSub::class.java)
+        nodeFlowManager.validateRegistrations()
+        var factory = nodeFlowManager.getFlowFactoryForInitiatingFlow(Init::class.java)!!
+        var flow = factory.createFlow(Mockito.mock(FlowSession::class.java))
+        Assert.assertThat(flow, `is`(instanceOf(RespSub::class.java)))
+        // update
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, RespSubSub::class.java)
+        nodeFlowManager.validateRegistrations()
+
+        factory = nodeFlowManager.getFlowFactoryForInitiatingFlow(Init::class.java)!!
+        flow = factory.createFlow(Mockito.mock(FlowSession::class.java))
+        Assert.assertThat(flow, `is`(instanceOf(RespSubSub::class.java)))
+    }
+
+    @Test
+    fun `should allow an override to be specified`() {
+        val nodeFlowManager = NodeFlowManager(FlowOverrideConfig(listOf(FlowOverride(Init::class.qualifiedName!!, Resp::class.qualifiedName!!))))
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, Resp::class.java)
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, Resp2::class.java)
+        nodeFlowManager.registerInitiatedFlow(Init::class.java, RespSubSub::class.java)
+        nodeFlowManager.validateRegistrations()
+
+        val factory = nodeFlowManager.getFlowFactoryForInitiatingFlow(Init::class.java)!!
+        val flow = factory.createFlow(Mockito.mock(FlowSession::class.java))
+
+        Assert.assertThat(flow, `is`(instanceOf(Resp::class.java)))
+    }
+}
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt b/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt
index 48a266ce31..fd2e1db83f 100644
--- a/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/NodeTest.kt
@@ -149,7 +149,7 @@ class NodeTest {
         }
     }
 
-    private fun createConfig(nodeName: CordaX500Name): NodeConfiguration {
+    private fun createConfig(nodeName: CordaX500Name): NodeConfigurationImpl {
         val fakeAddress = NetworkHostAndPort("0.1.2.3", 456)
         return NodeConfigurationImpl(
                 baseDirectory = temporaryFolder.root.toPath(),
@@ -167,7 +167,8 @@ class NodeTest {
                 flowTimeout = FlowTimeoutConfiguration(timeout = Duration.ZERO, backoffBase = 1.0, maxRestartCount = 1),
                 rpcSettings = NodeRpcSettings(address = fakeAddress, adminAddress = null, ssl = null),
                 messagingServerAddress = null,
-                notary = null
+                notary = null,
+                flowOverrides = FlowOverrideConfig(listOf())
 
         )
     }
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
index 176bbfb5d8..9eba3d64ef 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
@@ -56,7 +56,7 @@ class JarScanningCordappLoaderTest {
 
         val actualCordapp = loader.cordapps.single()
         assertThat(actualCordapp.contractClassNames).isEqualTo(listOf(isolatedContractId))
-        assertThat(actualCordapp.initiatedFlows.single().name).isEqualTo("net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Acceptor")
+        assertThat(actualCordapp.initiatedFlows.first().name).isEqualTo("net.corda.finance.contracts.isolated.IsolatedDummyFlow\$Acceptor")
         assertThat(actualCordapp.rpcFlows).isEmpty()
         assertThat(actualCordapp.schedulableFlows).isEmpty()
         assertThat(actualCordapp.services).isEmpty()
@@ -74,7 +74,7 @@ class JarScanningCordappLoaderTest {
         assertThat(loader.cordapps).isNotEmpty
 
         val actualCordapp = loader.cordapps.single { !it.initiatedFlows.isEmpty() }
-        assertThat(actualCordapp.initiatedFlows).first().hasSameClassAs(DummyFlow::class.java)
+        assertThat(actualCordapp.initiatedFlows.first()).hasSameClassAs(DummyFlow::class.java)
         assertThat(actualCordapp.rpcFlows).first().hasSameClassAs(DummyRPCFlow::class.java)
         assertThat(actualCordapp.schedulableFlows).first().hasSameClassAs(DummySchedulableFlow::class.java)
     }
diff --git a/node/src/test/kotlin/net/corda/node/services/config/NodeConfigurationImplTest.kt b/node/src/test/kotlin/net/corda/node/services/config/NodeConfigurationImplTest.kt
index 27247b8eb5..a9e7da8a92 100644
--- a/node/src/test/kotlin/net/corda/node/services/config/NodeConfigurationImplTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/config/NodeConfigurationImplTest.kt
@@ -172,8 +172,8 @@ class NodeConfigurationImplTest {
 
         val errors = configuration.validate()
 
-        assertThat(errors).hasOnlyOneElementSatisfying {
-            error -> error.contains("Cannot configure both compatibilityZoneUrl and networkServices simultaneously")
+        assertThat(errors).hasOnlyOneElementSatisfying { error ->
+            error.contains("Cannot configure both compatibilityZoneUrl and networkServices simultaneously")
         }
     }
 
@@ -268,7 +268,8 @@ class NodeConfigurationImplTest {
                 noLocalShell = false,
                 rpcSettings = rpcSettings,
                 crlCheckSoftFail = true,
-                tlsCertCrlDistPoint = null
+                tlsCertCrlDistPoint = null,
+                flowOverrides = FlowOverrideConfig(listOf())
         )
     }
 }
diff --git a/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt b/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt
index 075d324e9f..d1517dc318 100644
--- a/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt
+++ b/node/src/test/kotlin/net/corda/node/services/statemachine/FlowFrameworkTests.kt
@@ -26,7 +26,6 @@ import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.ProgressTracker.Change
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
-import net.corda.node.internal.InitiatedFlowFactory
 import net.corda.node.services.persistence.checkpoints
 import net.corda.testing.contracts.DummyContract
 import net.corda.testing.contracts.DummyState
@@ -116,7 +115,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `exception while fiber suspended`() {
-        bobNode.registerFlowFactory(ReceiveFlow::class) { InitiatedSendFlow("Hello", it) }
+        bobNode.registerCordappFlowFactory(ReceiveFlow::class) { InitiatedSendFlow("Hello", it) }
         val flow = ReceiveFlow(bob)
         val fiber = aliceNode.services.startFlow(flow) as FlowStateMachineImpl
         // Before the flow runs change the suspend action to throw an exception
@@ -134,7 +133,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `both sides do a send as their first IO request`() {
-        bobNode.registerFlowFactory(PingPongFlow::class) { PingPongFlow(it, 20L) }
+        bobNode.registerCordappFlowFactory(PingPongFlow::class) { PingPongFlow(it, 20L) }
         aliceNode.services.startFlow(PingPongFlow(bob, 10L))
         mockNet.runNetwork()
 
@@ -151,7 +150,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `other side ends before doing expected send`() {
-        bobNode.registerFlowFactory(ReceiveFlow::class) { NoOpFlow() }
+        bobNode.registerCordappFlowFactory(ReceiveFlow::class) { NoOpFlow() }
         val resultFuture = aliceNode.services.startFlow(ReceiveFlow(bob)).resultFuture
         mockNet.runNetwork()
         assertThatExceptionOfType(UnexpectedFlowEndException::class.java).isThrownBy {
@@ -161,7 +160,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `receiving unexpected session end before entering sendAndReceive`() {
-        bobNode.registerFlowFactory(WaitForOtherSideEndBeforeSendAndReceive::class) { NoOpFlow() }
+        bobNode.registerCordappFlowFactory(WaitForOtherSideEndBeforeSendAndReceive::class) { NoOpFlow() }
         val sessionEndReceived = Semaphore(0)
         receivedSessionMessagesObservable().filter {
             it.message is ExistingSessionMessage && it.message.payload === EndSessionMessage
@@ -176,7 +175,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `FlowException thrown on other side`() {
-        val erroringFlow = bobNode.registerFlowFactory(ReceiveFlow::class) {
+        val erroringFlow = bobNode.registerCordappFlowFactory(ReceiveFlow::class) {
             ExceptionFlow { MyFlowException("Nothing useful") }
         }
         val erroringFlowSteps = erroringFlow.flatMap { it.progressSteps }
@@ -240,7 +239,7 @@ class FlowFrameworkTests {
             }
         }
 
-        bobNode.registerFlowFactory(AskForExceptionFlow::class) { ConditionalExceptionFlow(it, "Hello") }
+        bobNode.registerCordappFlowFactory(AskForExceptionFlow::class) { ConditionalExceptionFlow(it, "Hello") }
         val resultFuture = aliceNode.services.startFlow(RetryOnExceptionFlow(bob)).resultFuture
         mockNet.runNetwork()
         assertThat(resultFuture.getOrThrow()).isEqualTo("Hello")
@@ -248,7 +247,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `serialisation issue in counterparty`() {
-        bobNode.registerFlowFactory(ReceiveFlow::class) { InitiatedSendFlow(NonSerialisableData(1), it) }
+        bobNode.registerCordappFlowFactory(ReceiveFlow::class) { InitiatedSendFlow(NonSerialisableData(1), it) }
         val result = aliceNode.services.startFlow(ReceiveFlow(bob)).resultFuture
         mockNet.runNetwork()
         assertThatExceptionOfType(UnexpectedFlowEndException::class.java).isThrownBy {
@@ -258,7 +257,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `FlowException has non-serialisable object`() {
-        bobNode.registerFlowFactory(ReceiveFlow::class) {
+        bobNode.registerCordappFlowFactory(ReceiveFlow::class) {
             ExceptionFlow { NonSerialisableFlowException(NonSerialisableData(1)) }
         }
         val result = aliceNode.services.startFlow(ReceiveFlow(bob)).resultFuture
@@ -275,7 +274,7 @@ class FlowFrameworkTests {
                 .addCommand(dummyCommand(alice.owningKey))
         val stx = aliceNode.services.signInitialTransaction(ptx)
 
-        val committerFiber = aliceNode.registerFlowFactory(WaitingFlows.Waiter::class) {
+        val committerFiber = aliceNode.registerCordappFlowFactory(WaitingFlows.Waiter::class) {
             WaitingFlows.Committer(it)
         }.map { it.stateMachine }.map { uncheckedCast<FlowStateMachine<*>, FlowStateMachine<Any>>(it) }
         val waiterStx = bobNode.services.startFlow(WaitingFlows.Waiter(stx, alice)).resultFuture
@@ -290,7 +289,7 @@ class FlowFrameworkTests {
                 .addCommand(dummyCommand())
         val stx = aliceNode.services.signInitialTransaction(ptx)
 
-        aliceNode.registerFlowFactory(WaitingFlows.Waiter::class) {
+        aliceNode.registerCordappFlowFactory(WaitingFlows.Waiter::class) {
             WaitingFlows.Committer(it) { throw Exception("Error") }
         }
         val waiter = bobNode.services.startFlow(WaitingFlows.Waiter(stx, alice)).resultFuture
@@ -307,7 +306,7 @@ class FlowFrameworkTests {
                 .addCommand(dummyCommand(alice.owningKey))
         val stx = aliceNode.services.signInitialTransaction(ptx)
 
-        aliceNode.registerFlowFactory(VaultQueryFlow::class) {
+        aliceNode.registerCordappFlowFactory(VaultQueryFlow::class) {
             WaitingFlows.Committer(it)
         }
         val result = bobNode.services.startFlow(VaultQueryFlow(stx, alice)).resultFuture
@@ -318,7 +317,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `customised client flow`() {
-        val receiveFlowFuture = bobNode.registerFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it) }
+        val receiveFlowFuture = bobNode.registerCordappFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it) }
         aliceNode.services.startFlow(CustomSendFlow("Hello", bob)).resultFuture
         mockNet.runNetwork()
         assertThat(receiveFlowFuture.getOrThrow().receivedPayloads).containsOnly("Hello")
@@ -333,7 +332,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `upgraded initiating flow`() {
-        bobNode.registerFlowFactory(UpgradedFlow::class, initiatedFlowVersion = 1) { InitiatedSendFlow("Old initiated", it) }
+        bobNode.registerCordappFlowFactory(UpgradedFlow::class, initiatedFlowVersion = 1) { InitiatedSendFlow("Old initiated", it) }
         val result = aliceNode.services.startFlow(UpgradedFlow(bob)).resultFuture
         mockNet.runNetwork()
         assertThat(receivedSessionMessages).startsWith(
@@ -347,7 +346,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `upgraded initiated flow`() {
-        bobNode.registerFlowFactory(SendFlow::class, initiatedFlowVersion = 2) { UpgradedFlow(it) }
+        bobNode.registerCordappFlowFactory(SendFlow::class, initiatedFlowVersion = 2) { UpgradedFlow(it) }
         val initiatingFlow = SendFlow("Old initiating", bob)
         val flowInfo = aliceNode.services.startFlow(initiatingFlow).resultFuture
         mockNet.runNetwork()
@@ -387,7 +386,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `single inlined sub-flow`() {
-        bobNode.registerFlowFactory(SendAndReceiveFlow::class) { SingleInlinedSubFlow(it) }
+        bobNode.registerCordappFlowFactory(SendAndReceiveFlow::class) { SingleInlinedSubFlow(it) }
         val result = aliceNode.services.startFlow(SendAndReceiveFlow(bob, "Hello")).resultFuture
         mockNet.runNetwork()
         assertThat(result.getOrThrow()).isEqualTo("HelloHello")
@@ -395,7 +394,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `double inlined sub-flow`() {
-        bobNode.registerFlowFactory(SendAndReceiveFlow::class) { DoubleInlinedSubFlow(it) }
+        bobNode.registerCordappFlowFactory(SendAndReceiveFlow::class) { DoubleInlinedSubFlow(it) }
         val result = aliceNode.services.startFlow(SendAndReceiveFlow(bob, "Hello")).resultFuture
         mockNet.runNetwork()
         assertThat(result.getOrThrow()).isEqualTo("HelloHello")
@@ -403,7 +402,7 @@ class FlowFrameworkTests {
 
     @Test
     fun `non-FlowException thrown on other side`() {
-        val erroringFlowFuture = bobNode.registerFlowFactory(ReceiveFlow::class) {
+        val erroringFlowFuture = bobNode.registerCordappFlowFactory(ReceiveFlow::class) {
             ExceptionFlow { Exception("evil bug!") }
         }
         val erroringFlowSteps = erroringFlowFuture.flatMap { it.progressSteps }
@@ -507,8 +506,8 @@ class FlowFrameworkTripartyTests {
 
     @Test
     fun `sending to multiple parties`() {
-        bobNode.registerFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it).nonTerminating() }
-        charlieNode.registerFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it).nonTerminating() }
+        bobNode.registerCordappFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it).nonTerminating() }
+        charlieNode.registerCordappFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it).nonTerminating() }
         val payload = "Hello World"
         aliceNode.services.startFlow(SendFlow(payload, bob, charlie))
         mockNet.runNetwork()
@@ -538,8 +537,8 @@ class FlowFrameworkTripartyTests {
     fun `receiving from multiple parties`() {
         val bobPayload = "Test 1"
         val charliePayload = "Test 2"
-        bobNode.registerFlowFactory(ReceiveFlow::class) { InitiatedSendFlow(bobPayload, it) }
-        charlieNode.registerFlowFactory(ReceiveFlow::class) { InitiatedSendFlow(charliePayload, it) }
+        bobNode.registerCordappFlowFactory(ReceiveFlow::class) { InitiatedSendFlow(bobPayload, it) }
+        charlieNode.registerCordappFlowFactory(ReceiveFlow::class) { InitiatedSendFlow(charliePayload, it) }
         val multiReceiveFlow = ReceiveFlow(bob, charlie).nonTerminating()
         aliceNode.services.startFlow(multiReceiveFlow)
         aliceNode.internals.acceptableLiveFiberCountOnStop = 1
@@ -564,8 +563,8 @@ class FlowFrameworkTripartyTests {
 
     @Test
     fun `FlowException only propagated to parent`() {
-        charlieNode.registerFlowFactory(ReceiveFlow::class) { ExceptionFlow { MyFlowException("Chain") } }
-        bobNode.registerFlowFactory(ReceiveFlow::class) { ReceiveFlow(charlie) }
+        charlieNode.registerCordappFlowFactory(ReceiveFlow::class) { ExceptionFlow { MyFlowException("Chain") } }
+        bobNode.registerCordappFlowFactory(ReceiveFlow::class) { ReceiveFlow(charlie) }
         val receivingFiber = aliceNode.services.startFlow(ReceiveFlow(bob))
         mockNet.runNetwork()
         assertThatExceptionOfType(UnexpectedFlowEndException::class.java)
@@ -577,9 +576,9 @@ class FlowFrameworkTripartyTests {
         // Bob will send its payload and then block waiting for the receive from Alice. Meanwhile Alice will move
         // onto Charlie which will throw the exception
         val node2Fiber = bobNode
-                .registerFlowFactory(ReceiveFlow::class) { SendAndReceiveFlow(it, "Hello") }
+                .registerCordappFlowFactory(ReceiveFlow::class) { SendAndReceiveFlow(it, "Hello") }
                 .map { it.stateMachine }
-        charlieNode.registerFlowFactory(ReceiveFlow::class) { ExceptionFlow { MyFlowException("Nothing useful") } }
+        charlieNode.registerCordappFlowFactory(ReceiveFlow::class) { ExceptionFlow { MyFlowException("Nothing useful") } }
 
         val aliceFiber = aliceNode.services.startFlow(ReceiveFlow(bob, charlie)) as FlowStateMachineImpl
         mockNet.runNetwork()
@@ -630,6 +629,8 @@ class FlowFrameworkPersistenceTests {
     private lateinit var notaryIdentity: Party
     private lateinit var alice: Party
     private lateinit var bob: Party
+    private lateinit var aliceFlowManager: MockNodeFlowManager
+    private lateinit var bobFlowManager: MockNodeFlowManager
 
     @Before
     fun start() {
@@ -637,8 +638,11 @@ class FlowFrameworkPersistenceTests {
                 cordappsForAllNodes = cordappsForPackages("net.corda.finance.contracts", "net.corda.testing.contracts"),
                 servicePeerAllocationStrategy = RoundRobin()
         )
-        aliceNode = mockNet.createNode(InternalMockNodeParameters(legalName = ALICE_NAME))
-        bobNode = mockNet.createNode(InternalMockNodeParameters(legalName = BOB_NAME))
+        aliceFlowManager = MockNodeFlowManager()
+        bobFlowManager = MockNodeFlowManager()
+
+        aliceNode = mockNet.createNode(InternalMockNodeParameters(legalName = ALICE_NAME, flowManager = aliceFlowManager))
+        bobNode = mockNet.createNode(InternalMockNodeParameters(legalName = BOB_NAME, flowManager = bobFlowManager))
 
         receivedSessionMessagesObservable().forEach { receivedSessionMessages += it }
 
@@ -664,7 +668,7 @@ class FlowFrameworkPersistenceTests {
 
     @Test
     fun `flow restarted just after receiving payload`() {
-        bobNode.registerFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it).nonTerminating() }
+        bobNode.registerCordappFlowFactory(SendFlow::class) { InitiatedReceiveFlow(it).nonTerminating() }
         aliceNode.services.startFlow(SendFlow("Hello", bob))
 
         // We push through just enough messages to get only the payload sent
@@ -679,7 +683,7 @@ class FlowFrameworkPersistenceTests {
 
     @Test
     fun `flow loaded from checkpoint will respond to messages from before start`() {
-        aliceNode.registerFlowFactory(ReceiveFlow::class) { InitiatedSendFlow("Hello", it) }
+        aliceNode.registerCordappFlowFactory(ReceiveFlow::class) { InitiatedSendFlow("Hello", it) }
         bobNode.services.startFlow(ReceiveFlow(alice).nonTerminating()) // Prepare checkpointed receive flow
         val restoredFlow = bobNode.restartAndGetRestoredFlow<ReceiveFlow>()
         assertThat(restoredFlow.receivedPayloads[0]).isEqualTo("Hello")
@@ -694,7 +698,7 @@ class FlowFrameworkPersistenceTests {
         var sentCount = 0
         mockNet.messagingNetwork.sentMessages.toSessionTransfers().filter { it.isPayloadTransfer }.forEach { sentCount++ }
         val charlieNode = mockNet.createNode(InternalMockNodeParameters(legalName = CHARLIE_NAME))
-        val secondFlow = charlieNode.registerFlowFactory(PingPongFlow::class) { PingPongFlow(it, payload2) }
+        val secondFlow = charlieNode.registerCordappFlowFactory(PingPongFlow::class) { PingPongFlow(it, payload2) }
         mockNet.runNetwork()
         val charlie = charlieNode.info.singleIdentity()
 
@@ -802,23 +806,14 @@ private infix fun TestStartedNode.sent(message: SessionMessage): Pair<Int, Sessi
 private infix fun Pair<Int, SessionMessage>.to(node: TestStartedNode): SessionTransfer = SessionTransfer(first, second, node.network.myAddress)
 
 private data class SessionTransfer(val from: Int, val message: SessionMessage, val to: MessageRecipients) {
-    val isPayloadTransfer: Boolean get() =
-        message is ExistingSessionMessage && message.payload is DataSessionMessage ||
-                message is InitialSessionMessage && message.firstPayload != null
+    val isPayloadTransfer: Boolean
+        get() =
+            message is ExistingSessionMessage && message.payload is DataSessionMessage ||
+                    message is InitialSessionMessage && message.firstPayload != null
+
     override fun toString(): String = "$from sent $message to $to"
 }
 
-private inline fun <reified P : FlowLogic<*>> TestStartedNode.registerFlowFactory(
-        initiatingFlowClass: KClass<out FlowLogic<*>>,
-        initiatedFlowVersion: Int = 1,
-        noinline flowFactory: (FlowSession) -> P): CordaFuture<P> {
-    val observable = registerFlowFactory(
-            initiatingFlowClass.java,
-            InitiatedFlowFactory.CorDapp(initiatedFlowVersion, "", flowFactory),
-            P::class.java,
-            track = true)
-    return observable.toFuture()
-}
 
 private fun sessionInit(clientFlowClass: KClass<out FlowLogic<*>>, flowVersion: Int = 1, payload: Any? = null): InitialSessionMessage {
     return InitialSessionMessage(SessionId(0), 0, clientFlowClass.java.name, flowVersion, "", payload?.serialize())
@@ -1061,7 +1056,8 @@ private class SendAndReceiveFlow(val otherParty: Party, val payload: Any, val ot
     constructor(otherPartySession: FlowSession, payload: Any) : this(otherPartySession.counterparty, payload, otherPartySession)
 
     @Suspendable
-    override fun call(): Any = (otherPartySession ?: initiateFlow(otherParty)).sendAndReceive<Any>(payload).unwrap { it }
+    override fun call(): Any = (otherPartySession
+            ?: initiateFlow(otherParty)).sendAndReceive<Any>(payload).unwrap { it }
 }
 
 private class InlinedSendFlow(val payload: String, val otherPartySession: FlowSession) : FlowLogic<Unit>() {
@@ -1098,4 +1094,4 @@ private class ExceptionFlow<E : Exception>(val exception: () -> E) : FlowLogic<N
         exceptionThrown = exception()
         throw exceptionThrown
     }
-}
+}
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
index 5972fcf4df..2bbe01d5a8 100644
--- a/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/vault/VaultSoftLockManagerTest.kt
@@ -3,10 +3,7 @@ package net.corda.node.services.vault
 import co.paralleluniverse.fibers.Suspendable
 import com.nhaarman.mockito_kotlin.*
 import net.corda.core.contracts.*
-import net.corda.core.flows.FinalityFlow
-import net.corda.core.flows.FlowLogic
-import net.corda.core.flows.FlowSession
-import net.corda.core.flows.InitiatingFlow
+import net.corda.core.flows.*
 import net.corda.core.identity.AbstractParty
 import net.corda.core.internal.FlowStateMachine
 import net.corda.core.internal.packageName
@@ -23,14 +20,12 @@ import net.corda.core.utilities.NonEmptySet
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.getOrThrow
 import net.corda.core.utilities.unwrap
-import net.corda.node.internal.InitiatedFlowFactory
-import net.corda.node.services.api.SchemaService
 import net.corda.node.services.api.VaultServiceInternal
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.testing.core.singleIdentity
 import net.corda.testing.internal.rigorousMock
-import net.corda.testing.node.internal.cordappsForPackages
 import net.corda.testing.node.internal.InternalMockNetwork
+import net.corda.testing.node.internal.cordappsForPackages
 import net.corda.testing.node.internal.startFlow
 import org.junit.After
 import org.junit.Test
@@ -68,7 +63,7 @@ class NodePair(private val mockNet: InternalMockNetwork) {
         private set
 
     fun <T> communicate(clientLogic: AbstractClientLogic<T>, rebootClient: Boolean): FlowStateMachine<T> {
-        server.registerFlowFactory(AbstractClientLogic::class.java, InitiatedFlowFactory.Core { ServerLogic(it, serverRunning) }, ServerLogic::class.java, false)
+        server.registerCoreFlowFactory(AbstractClientLogic::class.java, ServerLogic::class.java, { ServerLogic(it, serverRunning) }, false)
         client.services.startFlow(clientLogic)
         while (!serverRunning.get()) mockNet.runNetwork(1)
         if (rebootClient) {
diff --git a/samples/trader-demo/build.gradle b/samples/trader-demo/build.gradle
index f8ffd4edf3..291f15d988 100644
--- a/samples/trader-demo/build.gradle
+++ b/samples/trader-demo/build.gradle
@@ -89,6 +89,20 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar', nodeTask,
         }
         extraConfig = ['h2Settings.address' : 'localhost:10017']
     }
+    
+    //All other nodes should be using LoggingBuyerFlow as it is a subclass of BuyerFlow
+    node {
+        name "O=LoggingBank,L=London,C=GB"
+        p2pPort 10025
+        cordapps = ["$project.group:finance:$corda_release_version"]
+        rpcUsers = ext.rpcUsers
+        rpcSettings {
+            address "localhost:10026"
+            adminAddress "localhost:10027"
+        }
+        extraConfig = ['h2Settings.address' : 'localhost:10035']
+        flowOverride("net.corda.traderdemo.flow.SellerFlow", "net.corda.traderdemo.flow.BuyerFlow")
+    }
 }
 
 task integrationTest(type: Test, dependsOn: []) {
diff --git a/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/BuyerFlow.kt b/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/BuyerFlow.kt
index 70cee50154..52a5a7c982 100644
--- a/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/BuyerFlow.kt
+++ b/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/BuyerFlow.kt
@@ -11,20 +11,17 @@ import net.corda.core.transactions.SignedTransaction
 import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.unwrap
 import net.corda.finance.contracts.CommercialPaper
-import net.corda.finance.contracts.getCashBalances
 import net.corda.finance.flows.TwoPartyTradeFlow
-import net.corda.traderdemo.TransactionGraphSearch
 import java.util.*
 
 @InitiatedBy(SellerFlow::class)
-class BuyerFlow(private val otherSideSession: FlowSession) : FlowLogic<Unit>() {
+open class BuyerFlow(private val otherSideSession: FlowSession) : FlowLogic<SignedTransaction>() {
 
     object STARTING_BUY : ProgressTracker.Step("Seller connected, purchasing commercial paper asset")
-
     override val progressTracker: ProgressTracker = ProgressTracker(STARTING_BUY)
 
     @Suspendable
-    override fun call() {
+    override fun call(): SignedTransaction {
         progressTracker.currentStep = STARTING_BUY
 
         // Receive the offered amount and automatically agree to it (in reality this would be a longer negotiation)
@@ -43,33 +40,6 @@ class BuyerFlow(private val otherSideSession: FlowSession) : FlowLogic<Unit>() {
         println("Purchase complete - we are a happy customer! Final transaction is: " +
                 "\n\n${Emoji.renderIfSupported(tradeTX.tx)}")
 
-        logIssuanceAttachment(tradeTX)
-        logBalance()
-    }
-
-    private fun logBalance() {
-        val balances = serviceHub.getCashBalances().entries.map { "${it.key.currencyCode} ${it.value}" }
-        println("Remaining balance: ${balances.joinToString()}")
-    }
-
-    private fun logIssuanceAttachment(tradeTX: SignedTransaction) {
-        // Find the original CP issuance.
-        // TODO: This is potentially very expensive, and requires transaction details we may no longer have once
-        //       SGX is enabled. Should be replaced with including the attachment on all transactions involving
-        //       the state.
-        val search = TransactionGraphSearch(serviceHub.validatedTransactions, listOf(tradeTX.tx),
-                TransactionGraphSearch.Query(withCommandOfType = CommercialPaper.Commands.Issue::class.java,
-                        followInputsOfType = CommercialPaper.State::class.java))
-        val cpIssuance = search.call().single()
-
-        // Buyer will fetch the attachment from the seller automatically when it resolves the transaction.
-
-        cpIssuance.attachments.first().let {
-            println("""
-
-The issuance of the commercial paper came with an attachment. You can find it in the attachments directory: $it.jar
-
-${Emoji.renderIfSupported(cpIssuance)}""")
-        }
+        return tradeTX
     }
 }
diff --git a/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/LoggingBuyerFlow.kt b/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/LoggingBuyerFlow.kt
new file mode 100644
index 0000000000..841b96f594
--- /dev/null
+++ b/samples/trader-demo/src/main/kotlin/net/corda/traderdemo/flow/LoggingBuyerFlow.kt
@@ -0,0 +1,48 @@
+package net.corda.traderdemo.flow
+
+import co.paralleluniverse.fibers.Suspendable
+import net.corda.core.flows.FlowSession
+import net.corda.core.flows.InitiatedBy
+import net.corda.core.internal.Emoji
+import net.corda.core.transactions.SignedTransaction
+import net.corda.finance.contracts.CommercialPaper
+import net.corda.finance.contracts.getCashBalances
+import net.corda.traderdemo.TransactionGraphSearch
+
+@InitiatedBy(SellerFlow::class)
+class LoggingBuyerFlow(private val otherSideSession: FlowSession) : BuyerFlow(otherSideSession) {
+
+    @Suspendable
+    override fun call(): SignedTransaction {
+        val tradeTX = super.call()
+        logIssuanceAttachment(tradeTX)
+        logBalance()
+        return tradeTX
+    }
+
+    private fun logBalance() {
+        val balances = serviceHub.getCashBalances().entries.map { "${it.key.currencyCode} ${it.value}" }
+        println("Remaining balance: ${balances.joinToString()}")
+    }
+
+    private fun logIssuanceAttachment(tradeTX: SignedTransaction) {
+        // Find the original CP issuance.
+        // TODO: This is potentially very expensive, and requires transaction details we may no longer have once
+        //       SGX is enabled. Should be replaced with including the attachment on all transactions involving
+        //       the state.
+        val search = TransactionGraphSearch(serviceHub.validatedTransactions, listOf(tradeTX.tx),
+                TransactionGraphSearch.Query(withCommandOfType = CommercialPaper.Commands.Issue::class.java,
+                        followInputsOfType = CommercialPaper.State::class.java))
+        val cpIssuance = search.call().single()
+
+        // Buyer will fetch the attachment from the seller automatically when it resolves the transaction.
+
+        cpIssuance.attachments.first().let {
+            println("""
+
+The issuance of the commercial paper came with an attachment. You can find it in the attachments directory: $it.jar
+
+${Emoji.renderIfSupported(cpIssuance)}""")
+        }
+    }
+}
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
index 793c6fd8bb..14d7037398 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
@@ -148,7 +148,8 @@ data class NodeParameters(
         val maximumHeapSize: String = "512m",
         val logLevel: String? = null,
         val additionalCordapps: Collection<TestCordapp> = emptySet(),
-        val regenerateCordappsOnStart: Boolean = false
+        val regenerateCordappsOnStart: Boolean = false,
+        val flowOverrides: Map<Class<out FlowLogic<*>>, Class<out FlowLogic<*>>> = emptyMap()
 ) {
     /**
      * Helper builder for configuring a [Node] from Java.
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt
index bd1bcb464a..6eb2e7a71a 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/DriverDSL.kt
@@ -2,6 +2,7 @@ package net.corda.testing.driver
 
 import net.corda.core.DoNotImplement
 import net.corda.core.concurrent.CordaFuture
+import net.corda.core.flows.FlowLogic
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.core.internal.concurrent.map
@@ -27,13 +28,14 @@ interface DriverDSL {
      * Returns the [NotaryHandle] for the single notary on the network. Throws if there are none or more than one.
      * @see notaryHandles
      */
-    val defaultNotaryHandle: NotaryHandle get() {
-        return when (notaryHandles.size) {
-            0 -> throw IllegalStateException("There are no notaries defined on the network")
-            1 -> notaryHandles[0]
-            else -> throw IllegalStateException("There is more than one notary defined on the network")
+    val defaultNotaryHandle: NotaryHandle
+        get() {
+            return when (notaryHandles.size) {
+                0 -> throw IllegalStateException("There are no notaries defined on the network")
+                1 -> notaryHandles[0]
+                else -> throw IllegalStateException("There is more than one notary defined on the network")
+            }
         }
-    }
 
     /**
      * Returns the identity of the single notary on the network. Throws if there are none or more than one.
@@ -47,11 +49,12 @@ interface DriverDSL {
      * @see defaultNotaryHandle
      * @see notaryHandles
      */
-    val defaultNotaryNode: CordaFuture<NodeHandle> get() {
-        return defaultNotaryHandle.nodeHandles.map {
-            it.singleOrNull() ?: throw IllegalStateException("Default notary is not a single node")
+    val defaultNotaryNode: CordaFuture<NodeHandle>
+        get() {
+            return defaultNotaryHandle.nodeHandles.map {
+                it.singleOrNull() ?: throw IllegalStateException("Default notary is not a single node")
+            }
         }
-    }
 
     /**
      * Start a node.
@@ -110,7 +113,8 @@ interface DriverDSL {
             startInSameProcess: Boolean? = defaultParameters.startInSameProcess,
             maximumHeapSize: String = defaultParameters.maximumHeapSize,
             additionalCordapps: Collection<TestCordapp> = defaultParameters.additionalCordapps,
-            regenerateCordappsOnStart: Boolean = defaultParameters.regenerateCordappsOnStart
+            regenerateCordappsOnStart: Boolean = defaultParameters.regenerateCordappsOnStart,
+            flowOverrides: Map<out Class<out FlowLogic<*>>, Class<out FlowLogic<*>>> = defaultParameters.flowOverrides
     ): CordaFuture<NodeHandle>
 
     /**
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/internal/DriverInternal.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/internal/DriverInternal.kt
index cf85d45e15..927314827a 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/driver/internal/DriverInternal.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/driver/internal/DriverInternal.kt
@@ -14,6 +14,7 @@ import net.corda.testing.driver.OutOfProcess
 import net.corda.testing.node.User
 import rx.Observable
 import java.nio.file.Path
+import javax.validation.constraints.NotNull
 
 interface NodeHandleInternal : NodeHandle {
     val configuration: NodeConfiguration
@@ -70,7 +71,11 @@ data class InProcessImpl(
     }
 
     override fun close() = stop()
-    override fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>): Observable<T> = node.registerInitiatedFlow(initiatedFlowClass)
+    @NotNull
+    override fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>): Observable<T> {
+        node.registerInitiatedFlow(initiatedFlowClass)
+        return Observable.empty()
+    }
 }
 
 val InProcess.internalServices: StartedNodeServices get() = services as StartedNodeServices
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
index 3c3ba57aa5..b3731f27ec 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNetwork.kt
@@ -206,11 +206,8 @@ class StartedMockNode private constructor(private val node: TestStartedNode) {
     fun <F : FlowLogic<*>> registerResponderFlow(initiatingFlowClass: Class<out FlowLogic<*>>,
                                                  flowFactory: ResponderFlowFactory<F>,
                                                  responderFlowClass: Class<F>): CordaFuture<F> =
-            node.registerFlowFactory(
-                    initiatingFlowClass,
-                    InitiatedFlowFactory.CorDapp(flowVersion = 0, appName = "", factory = flowFactory::invoke),
-                    responderFlowClass, true)
-                    .toFuture()
+
+            node.registerInitiatedFlow(initiatingFlowClass, responderFlowClass).toFuture()
 }
 
 /**
@@ -240,13 +237,12 @@ interface ResponderFlowFactory<F : FlowLogic<*>> {
  */
 inline fun <reified F : FlowLogic<*>> StartedMockNode.registerResponderFlow(
         initiatingFlowClass: Class<out FlowLogic<*>>,
-        noinline flowFactory: (FlowSession) -> F): Future<F> =
-        registerResponderFlow(
-                initiatingFlowClass,
-                object : ResponderFlowFactory<F> {
-                    override fun invoke(flowSession: FlowSession) = flowFactory(flowSession)
-                },
-                F::class.java)
+        noinline flowFactory: (FlowSession) -> F): Future<F> = registerResponderFlow(
+        initiatingFlowClass,
+        object : ResponderFlowFactory<F> {
+            override fun invoke(flowSession: FlowSession) = flowFactory(flowSession)
+        },
+        F::class.java)
 
 /**
  * A mock node brings up a suite of in-memory services in a fast manner suitable for unit testing.
@@ -302,13 +298,13 @@ open class MockNetwork(
     constructor(cordappPackages: List<String>, parameters: MockNetworkParameters = MockNetworkParameters()) : this(cordappPackages, defaultParameters = parameters)
 
     constructor(
-             cordappPackages: List<String>,
-             defaultParameters: MockNetworkParameters = MockNetworkParameters(),
-             networkSendManuallyPumped: Boolean = defaultParameters.networkSendManuallyPumped,
-             threadPerNode: Boolean = defaultParameters.threadPerNode,
-             servicePeerAllocationStrategy: InMemoryMessagingNetwork.ServicePeerAllocationStrategy = defaultParameters.servicePeerAllocationStrategy,
-             notarySpecs: List<MockNetworkNotarySpec> = defaultParameters.notarySpecs,
-             networkParameters: NetworkParameters = defaultParameters.networkParameters
+            cordappPackages: List<String>,
+            defaultParameters: MockNetworkParameters = MockNetworkParameters(),
+            networkSendManuallyPumped: Boolean = defaultParameters.networkSendManuallyPumped,
+            threadPerNode: Boolean = defaultParameters.threadPerNode,
+            servicePeerAllocationStrategy: InMemoryMessagingNetwork.ServicePeerAllocationStrategy = defaultParameters.servicePeerAllocationStrategy,
+            notarySpecs: List<MockNetworkNotarySpec> = defaultParameters.notarySpecs,
+            networkParameters: NetworkParameters = defaultParameters.networkParameters
     ) : this(emptyList(), defaultParameters, networkSendManuallyPumped, threadPerNode, servicePeerAllocationStrategy, notarySpecs, networkParameters, cordappsForAllNodes = cordappsForPackages(cordappPackages))
 
     private val internalMockNetwork: InternalMockNetwork = InternalMockNetwork(defaultParameters, networkSendManuallyPumped, threadPerNode, servicePeerAllocationStrategy, notarySpecs, networkParameters = networkParameters, cordappsForAllNodes = cordappsForAllNodes)
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index c722058ba3..ad2173c181 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -8,6 +8,7 @@ import com.typesafe.config.ConfigValueFactory
 import net.corda.client.rpc.internal.createCordaRPCClientWithSslAndClassLoader
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.concurrent.firstOf
+import net.corda.core.flows.FlowLogic
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.*
 import net.corda.core.internal.concurrent.*
@@ -37,7 +38,6 @@ import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.nodeapi.internal.network.NodeInfoFilesCopier
 import net.corda.serialization.internal.amqp.AbstractAMQPSerializationScheme
-import net.corda.testing.node.TestCordapp
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
 import net.corda.testing.core.DUMMY_BANK_A_NAME
@@ -50,6 +50,7 @@ import net.corda.testing.internal.setGlobalSerialization
 import net.corda.testing.internal.stubs.CertificateStoreStubs
 import net.corda.testing.node.ClusterSpec
 import net.corda.testing.node.NotarySpec
+import net.corda.testing.node.TestCordapp
 import net.corda.testing.node.User
 import net.corda.testing.node.internal.DriverDSLImpl.Companion.cordappsInCurrentAndAdditionalPackages
 import okhttp3.OkHttpClient
@@ -213,7 +214,8 @@ class DriverDSLImpl(
             startInSameProcess: Boolean?,
             maximumHeapSize: String,
             additionalCordapps: Collection<TestCordapp>,
-            regenerateCordappsOnStart: Boolean
+            regenerateCordappsOnStart: Boolean,
+            flowOverrides: Map<out Class<out FlowLogic<*>>, Class<out FlowLogic<*>>>
     ): CordaFuture<NodeHandle> {
         val p2pAddress = portAllocation.nextHostAndPort()
         // TODO: Derive name from the full picked name, don't just wrap the common name
@@ -230,7 +232,7 @@ class DriverDSLImpl(
         return registrationFuture.flatMap {
             networkMapAvailability.flatMap {
                 // But starting the node proper does require the network map
-                startRegisteredNode(name, it, rpcUsers, verifierType, customOverrides, startInSameProcess, maximumHeapSize, p2pAddress, additionalCordapps, regenerateCordappsOnStart)
+                startRegisteredNode(name, it, rpcUsers, verifierType, customOverrides, startInSameProcess, maximumHeapSize, p2pAddress, additionalCordapps, regenerateCordappsOnStart, flowOverrides)
             }
         }
     }
@@ -244,7 +246,8 @@ class DriverDSLImpl(
                                     maximumHeapSize: String = "512m",
                                     p2pAddress: NetworkHostAndPort = portAllocation.nextHostAndPort(),
                                     additionalCordapps: Collection<TestCordapp> = emptySet(),
-                                    regenerateCordappsOnStart: Boolean = false): CordaFuture<NodeHandle> {
+                                    regenerateCordappsOnStart: Boolean = false,
+                                    flowOverrides: Map<out Class<out FlowLogic<*>>, Class<out FlowLogic<*>>> = emptyMap()): CordaFuture<NodeHandle> {
         val rpcAddress = portAllocation.nextHostAndPort()
         val rpcAdminAddress = portAllocation.nextHostAndPort()
         val webAddress = portAllocation.nextHostAndPort()
@@ -258,14 +261,16 @@ class DriverDSLImpl(
                         "networkServices.networkMapURL" to compatibilityZone.networkMapURL().toString())
         }
 
+        val flowOverrideConfig = flowOverrides.entries.map { FlowOverride(it.key.canonicalName, it.value.canonicalName) }.let { FlowOverrideConfig(it) }
         val overrides = configOf(
-                "myLegalName" to name.toString(),
-                "p2pAddress" to p2pAddress.toString(),
+                NodeConfiguration::myLegalName.name to name.toString(),
+                NodeConfiguration::p2pAddress.name to p2pAddress.toString(),
                 "rpcSettings.address" to rpcAddress.toString(),
                 "rpcSettings.adminAddress" to rpcAdminAddress.toString(),
-                "useTestClock" to useTestClock,
-                "rpcUsers" to if (users.isEmpty()) defaultRpcUserList else users.map { it.toConfig().root().unwrapped() },
-                "verifierType" to verifierType.name
+                NodeConfiguration::useTestClock.name to useTestClock,
+                NodeConfiguration::rpcUsers.name to if (users.isEmpty()) defaultRpcUserList else users.map { it.toConfig().root().unwrapped() },
+                NodeConfiguration::verifierType.name to verifierType.name,
+                NodeConfiguration::flowOverrides.name to flowOverrideConfig.toConfig().root().unwrapped()
         ) + czUrlConfig + customOverrides
         val config = NodeConfig(ConfigHelper.loadConfig(
                 baseDirectory = baseDirectory(name),
@@ -516,8 +521,7 @@ class DriverDSLImpl(
                 localNetworkMap,
                 spec.rpcUsers,
                 spec.verifierType,
-                customOverrides = notaryConfig(clusterAddress)
-        )
+                customOverrides = notaryConfig(clusterAddress))
 
         // All other nodes will join the cluster
         val restNodeFutures = nodeNames.drop(1).map {
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
index d60f9f6ee1..f280cee72d 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/InternalMockNetwork.kt
@@ -30,6 +30,8 @@ import net.corda.core.utilities.seconds
 import net.corda.node.VersionInfo
 import net.corda.node.internal.AbstractNode
 import net.corda.node.internal.InitiatedFlowFactory
+import net.corda.node.internal.NodeFlowManager
+import net.corda.node.internal.cordapp.JarScanningCordappLoader
 import net.corda.node.services.api.FlowStarter
 import net.corda.node.services.api.ServiceHubInternal
 import net.corda.node.services.api.StartedNodeServices
@@ -51,7 +53,6 @@ import net.corda.nodeapi.internal.config.User
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.nodeapi.internal.persistence.CordaPersistence
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
-import net.corda.testing.node.TestCordapp
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.internal.rigorousMock
 import net.corda.testing.internal.setGlobalSerialization
@@ -79,7 +80,8 @@ data class MockNodeArgs(
         val network: InternalMockNetwork,
         val id: Int,
         val entropyRoot: BigInteger,
-        val version: VersionInfo = MOCK_VERSION_INFO
+        val version: VersionInfo = MOCK_VERSION_INFO,
+        val flowManager: MockNodeFlowManager = MockNodeFlowManager()
 )
 
 // TODO We don't need a parameters object as this is internal only
@@ -89,7 +91,8 @@ data class InternalMockNodeParameters(
         val entropyRoot: BigInteger = BigInteger.valueOf(random63BitValue()),
         val configOverrides: (NodeConfiguration) -> Any? = {},
         val version: VersionInfo = MOCK_VERSION_INFO,
-        val additionalCordapps: Collection<TestCordapp>? = null) {
+        val additionalCordapps: Collection<TestCordapp>? = null,
+        val flowManager: MockNodeFlowManager = MockNodeFlowManager()) {
     constructor(mockNodeParameters: MockNodeParameters) : this(
             mockNodeParameters.forcedID,
             mockNodeParameters.legalName,
@@ -132,12 +135,10 @@ interface TestStartedNode {
      * starts up for all [FlowLogic] classes it finds which are annotated with [InitiatedBy].
      * @return An [Observable] of the initiated flows started by counterparties.
      */
-    fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>): Observable<T>
+    fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>, track: Boolean = false): Observable<T>
+
+    fun <T : FlowLogic<*>> registerInitiatedFlow(initiatingFlowClass: Class<out FlowLogic<*>>, initiatedFlowClass: Class<T>, track: Boolean = false): Observable<T>
 
-    fun <F : FlowLogic<*>> registerFlowFactory(initiatingFlowClass: Class<out FlowLogic<*>>,
-                                               flowFactory: InitiatedFlowFactory<F>,
-                                               initiatedFlowClass: Class<F>,
-                                               track: Boolean): Observable<F>
 }
 
 open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNetworkParameters(),
@@ -202,7 +203,8 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
      */
     val defaultNotaryIdentity: Party
         get() {
-            return defaultNotaryNode.info.legalIdentities.singleOrNull() ?: throw IllegalStateException("Default notary has multiple identities")
+            return defaultNotaryNode.info.legalIdentities.singleOrNull()
+                    ?: throw IllegalStateException("Default notary has multiple identities")
         }
 
     /**
@@ -270,11 +272,12 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         }
     }
 
-    open class MockNode(args: MockNodeArgs) : AbstractNode<TestStartedNode>(
+    open class MockNode(args: MockNodeArgs, private val mockFlowManager: MockNodeFlowManager = args.flowManager) : AbstractNode<TestStartedNode>(
             args.config,
             TestClock(Clock.systemUTC()),
             DefaultNamedCacheFactory(),
             args.version,
+            mockFlowManager,
             args.network.getServerThread(args.id),
             args.network.busyLatch
     ) {
@@ -294,24 +297,28 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
                 override val rpcOps: CordaRPCOps,
                 override val notaryService: NotaryService?) : TestStartedNode {
 
-            override fun <F : FlowLogic<*>> registerFlowFactory(
-                    initiatingFlowClass: Class<out FlowLogic<*>>,
-                    flowFactory: InitiatedFlowFactory<F>,
-                    initiatedFlowClass: Class<F>,
-                    track: Boolean): Observable<F> =
-                    internals.internalRegisterFlowFactory(smm, initiatingFlowClass, flowFactory, initiatedFlowClass, track)
-
             override fun dispose() = internals.stop()
 
-            override fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>): Observable<T> =
-                    internals.registerInitiatedFlow(smm, initiatedFlowClass)
+            override fun <T : FlowLogic<*>> registerInitiatedFlow(initiatedFlowClass: Class<T>, track: Boolean): Observable<T> {
+                internals.flowManager.registerInitiatedFlow(initiatedFlowClass)
+                return smm.changes.filter { it is StateMachineManager.Change.Add }.map { it.logic }.ofType(initiatedFlowClass)
+            }
+
+            override fun <T : FlowLogic<*>> registerInitiatedFlow(initiatingFlowClass: Class<out FlowLogic<*>>, initiatedFlowClass: Class<T>, track: Boolean): Observable<T> {
+                internals.flowManager.registerInitiatedFlow(initiatingFlowClass, initiatedFlowClass)
+                return smm.changes.filter { it is StateMachineManager.Change.Add }.map { it.logic }.ofType(initiatedFlowClass)
+            }
+
+
         }
 
         val mockNet = args.network
         val id = args.id
+
         init {
             require(id >= 0) { "Node ID must be zero or positive, was passed: $id" }
         }
+
         private val entropyRoot = args.entropyRoot
         var counter = entropyRoot
         override val log get() = staticLog
@@ -333,7 +340,7 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
                     this,
                     attachments,
                     network as MockNodeMessagingService,
-                    object : StartedNodeServices, ServiceHubInternal by services, FlowStarter by flowStarter { },
+                    object : StartedNodeServices, ServiceHubInternal by services, FlowStarter by flowStarter {},
                     nodeInfo,
                     smm,
                     database,
@@ -417,8 +424,19 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         var acceptableLiveFiberCountOnStop: Int = 0
 
         override fun acceptableLiveFiberCountOnStop(): Int = acceptableLiveFiberCountOnStop
+
+        fun <T : FlowLogic<*>> registerInitiatedFlowFactory(initiatingFlowClass: Class<out FlowLogic<*>>, initiatedFlowClass: Class<T>, factory: InitiatedFlowFactory<T>, track: Boolean): Observable<T> {
+            mockFlowManager.registerTestingFactory(initiatingFlowClass, factory)
+            return if (track) {
+                smm.changes.filter { it is StateMachineManager.Change.Add }.map { it.logic }.ofType(initiatedFlowClass)
+            } else {
+                Observable.empty<T>()
+            }
+        }
     }
 
+
+
     fun createUnstartedNode(parameters: InternalMockNodeParameters = InternalMockNodeParameters()): MockNode {
         return createUnstartedNode(parameters, defaultFactory)
     }
@@ -453,7 +471,7 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
         val cordappDirectories = cordapps.map { TestCordappDirectories.getJarDirectory(it) }.distinct()
         doReturn(cordappDirectories).whenever(config).cordappDirectories
 
-        val node = nodeFactory(MockNodeArgs(config, this, id, parameters.entropyRoot, parameters.version))
+        val node = nodeFactory(MockNodeArgs(config, this, id, parameters.entropyRoot, parameters.version, flowManager = parameters.flowManager))
         _nodes += node
         if (start) {
             node.start()
@@ -482,8 +500,10 @@ open class InternalMockNetwork(defaultParameters: MockNetworkParameters = MockNe
      */
     @JvmOverloads
     fun runNetwork(rounds: Int = -1) {
-        check(!networkSendManuallyPumped) { "MockNetwork.runNetwork() should only be used when networkSendManuallyPumped == false. " +
-                "You can use MockNetwork.waitQuiescent() to wait for all the nodes to process all the messages on their queues instead." }
+        check(!networkSendManuallyPumped) {
+            "MockNetwork.runNetwork() should only be used when networkSendManuallyPumped == false. " +
+                    "You can use MockNetwork.waitQuiescent() to wait for all the nodes to process all the messages on their queues instead."
+        }
         fun pumpAll() = messagingNetwork.endpoints.map { it.pumpReceive(false) }
 
         if (rounds == -1) {
@@ -572,3 +592,17 @@ private fun mockNodeConfiguration(certificatesDirectory: Path): NodeConfiguratio
         doReturn(null).whenever(it).devModeOptions
     }
 }
+
+class MockNodeFlowManager : NodeFlowManager() {
+    val testingRegistrations = HashMap<Class<out FlowLogic<*>>, InitiatedFlowFactory<*>>()
+    override fun getFlowFactoryForInitiatingFlow(initiatedFlowClass: Class<out FlowLogic<*>>): InitiatedFlowFactory<*>? {
+        if (initiatedFlowClass in testingRegistrations) {
+            return testingRegistrations.get(initiatedFlowClass)
+        }
+        return super.getFlowFactoryForInitiatingFlow(initiatedFlowClass)
+    }
+
+    fun registerTestingFactory(initiator: Class<out FlowLogic<*>>, factory: InitiatedFlowFactory<*>) {
+        testingRegistrations.put(initiator, factory)
+    }
+}
\ No newline at end of file
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
index dae33f8c4b..a86abe6b9d 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
@@ -10,7 +10,9 @@ import net.corda.core.internal.div
 import net.corda.core.node.NodeInfo
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.VersionInfo
+import net.corda.node.internal.FlowManager
 import net.corda.node.internal.Node
+import net.corda.node.internal.NodeFlowManager
 import net.corda.node.internal.NodeWithInfo
 import net.corda.node.services.config.*
 import net.corda.nodeapi.internal.config.toConfig
@@ -87,7 +89,8 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
     fun startNode(legalName: CordaX500Name,
                   platformVersion: Int = PLATFORM_VERSION,
                   rpcUsers: List<User> = emptyList(),
-                  configOverrides: Map<String, Any> = emptyMap()): NodeWithInfo {
+                  configOverrides: Map<String, Any> = emptyMap(),
+                  flowManager: FlowManager = NodeFlowManager(FlowOverrideConfig())): NodeWithInfo {
         val baseDirectory = baseDirectory(legalName).createDirectories()
         val p2pAddress = configOverrides["p2pAddress"] ?: portAllocation.nextHostAndPort().toString()
         val config = ConfigHelper.loadConfig(
@@ -103,7 +106,8 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
                 ) + configOverrides
         )
 
-        val cordapps =  cordappsForPackages(getCallerPackage(NodeBasedTest::class)?.let { cordappPackages + it } ?: cordappPackages)
+        val cordapps = cordappsForPackages(getCallerPackage(NodeBasedTest::class)?.let { cordappPackages + it }
+                ?: cordappPackages)
 
         val existingCorDappDirectoriesOption = if (config.hasPath(NodeConfiguration.cordappDirectoriesKey)) config.getStringList(NodeConfiguration.cordappDirectoriesKey) else emptyList()
 
@@ -119,7 +123,7 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
         }
 
         defaultNetworkParameters.install(baseDirectory)
-        val node = InProcessNode(parsedConfig, MOCK_VERSION_INFO.copy(platformVersion = platformVersion))
+        val node = InProcessNode(parsedConfig, MOCK_VERSION_INFO.copy(platformVersion = platformVersion), flowManager = flowManager)
         val nodeInfo = node.start()
         val nodeWithInfo = NodeWithInfo(node, nodeInfo)
         nodes += nodeWithInfo
@@ -145,7 +149,7 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
     }
 }
 
-class InProcessNode(configuration: NodeConfiguration, versionInfo: VersionInfo) : Node(configuration, versionInfo, false) {
+class InProcessNode(configuration: NodeConfiguration, versionInfo: VersionInfo, flowManager: FlowManager = NodeFlowManager(configuration.flowOverrides)) : Node(configuration, versionInfo, false, flowManager = flowManager) {
 
     override fun start() : NodeInfo {
         check(isValidJavaVersion()) { "You are using a version of Java that is not supported (${SystemUtils.JAVA_VERSION}). Please upgrade to the latest version of Java 8." }
diff --git a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
index a6847b8fa2..1494a38715 100644
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
@@ -3,7 +3,6 @@ package net.corda.testing.internal
 import net.corda.core.contracts.ContractClassName
 import net.corda.core.cordapp.Cordapp
 import net.corda.core.crypto.SecureHash
-import net.corda.core.identity.Party
 import net.corda.core.internal.DEPLOYED_CORDAPP_UPLOADER
 import net.corda.core.internal.cordapp.CordappImpl
 import net.corda.core.node.services.AttachmentId
@@ -13,7 +12,6 @@ import net.corda.node.internal.cordapp.CordappProviderImpl
 import net.corda.testing.services.MockAttachmentStorage
 import java.nio.file.Paths
 import java.security.PublicKey
-import java.util.*
 
 class MockCordappProvider(
         cordappLoader: CordappLoader,

From 7e3aa7f30c01ba83de9dc48c04c8adafdc776eed Mon Sep 17 00:00:00 2001
From: szymonsztuka <szymon.sztuka@r3.com>
Date: Wed, 24 Oct 2018 10:53:39 +0100
Subject: [PATCH 81/83] CORDA-1915 node rejects CorDapps signed by our dev keys
 in prod mode (#4041)

Related to CORDA-1915 Signing CorDapp JARs - Corda node rejects CorDapps signed by our development keys when running in production mode. This prevents Cordapps signed by our dev key (by default) running in production (node devMode=false).
---
 .../core/internal/JarSignatureCollector.kt    |  12 ++++++++
 .../nodeapi/internal/KeyStoreConfigHelpers.kt |   2 ++
 .../net/corda/node/internal/AbstractNode.kt   |   5 +++-
 .../cordapp/JarScanningCordappLoader.kt       |  27 ++++++++++++++----
 .../cordapp/JarScanningCordappLoaderTest.kt   |  22 ++++++++++++++
 .../cordapp/signed/signed-by-dev-key.jar      | Bin 0 -> 22358 bytes
 .../cordapp/signed/signed-by-two-keys.jar     | Bin 0 -> 24454 bytes
 7 files changed, 62 insertions(+), 6 deletions(-)
 create mode 100644 node/src/test/resources/net/corda/node/internal/cordapp/signed/signed-by-dev-key.jar
 create mode 100644 node/src/test/resources/net/corda/node/internal/cordapp/signed/signed-by-two-keys.jar

diff --git a/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt b/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
index 963623e474..f7bece5b01 100644
--- a/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
@@ -28,6 +28,14 @@ object JarSignatureCollector {
 
     fun collectSigningParties(jar: JarInputStream): List<Party> = getSigners(jar).toPartiesOrderedByName()
 
+    /**
+     * Returns an ordered list of every [X509Certificate] which has signed every signable item in the given [JarInputStream].
+     *
+     * @param jar The open [JarInputStream] to collect signing parties from.
+     * @throws InvalidJarSignersException If the signer sets for any two signable items are different from each other.
+     */
+    fun collectCertificates(jar: JarInputStream): List<X509Certificate> = getSigners(jar).toCertificates()
+
     private fun getSigners(jar: JarInputStream): Set<CodeSigner> {
         val signerSets = jar.fileSignerSets
         if (signerSets.isEmpty()) return emptySet()
@@ -71,6 +79,10 @@ object JarSignatureCollector {
         (it.signerCertPath.certificates[0] as X509Certificate).publicKey
     }.sortedBy { it.hash} // Sorted for determinism.
 
+    private fun Set<CodeSigner>.toCertificates(): List<X509Certificate> = map {
+       it.signerCertPath.certificates[0] as X509Certificate
+    }.sortedBy { it.toString() } // Sorted for determinism.
+
     private val JarInputStream.entries get(): Sequence<JarEntry> = generateSequence(nextJarEntry) { nextJarEntry }
 }
 
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
index 03caed3ca2..d6cb0f5877 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt
@@ -99,6 +99,8 @@ const val DEV_CA_TRUST_STORE_FILE: String = "cordatruststore.jks"
 const val DEV_CA_TRUST_STORE_PASS: String = "trustpass"
 const val DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS: String = "trustpasskeypass"
 
+val DEV_CERTIFICATES: List<X509Certificate> get() = listOf(DEV_INTERMEDIATE_CA.certificate, DEV_ROOT_CA.certificate)
+
 // We need a class so that we can get hold of the class loader
 internal object DevCaHelper {
     fun loadDevCa(alias: String): CertificateAndKeyPair {
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 2d12f73a9e..99e9f50778 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -72,6 +72,7 @@ import net.corda.node.services.transactions.SimpleNotaryService
 import net.corda.node.services.upgrade.ContractUpgradeServiceImpl
 import net.corda.node.services.vault.NodeVaultService
 import net.corda.node.utilities.*
+import net.corda.nodeapi.internal.DEV_CERTIFICATES
 import net.corda.nodeapi.internal.NodeInfoAndSigned
 import net.corda.nodeapi.internal.SignedNodeInfo
 import net.corda.nodeapi.internal.config.CertificateStore
@@ -513,10 +514,12 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             // CorDapp will be generated.
             generatedCordapps += VirtualCordapp.generateSimpleNotaryCordapp(versionInfo)
         }
+        val blacklistedCerts = if (configuration.devMode) emptyList() else DEV_CERTIFICATES
         return JarScanningCordappLoader.fromDirectories(
                 configuration.cordappDirectories,
                 versionInfo,
-                extraCordapps = generatedCordapps
+                extraCordapps = generatedCordapps,
+                blacklistedCerts = blacklistedCerts
         )
     }
 
diff --git a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
index b1ba5f9f29..9bd47c564a 100644
--- a/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
@@ -26,6 +26,7 @@ import java.lang.reflect.Modifier
 import java.net.URL
 import java.net.URLClassLoader
 import java.nio.file.Path
+import java.security.cert.X509Certificate
 import java.util.*
 import java.util.jar.JarInputStream
 import kotlin.reflect.KClass
@@ -38,7 +39,8 @@ import kotlin.streams.toList
  */
 class JarScanningCordappLoader private constructor(private val cordappJarPaths: List<RestrictedURL>,
                                                    private val versionInfo: VersionInfo = VersionInfo.UNKNOWN,
-                                                   extraCordapps: List<CordappImpl>) : CordappLoaderTemplate() {
+                                                   extraCordapps: List<CordappImpl>,
+                                                   private val blacklistedCordappSigners: List<X509Certificate> = emptyList()) : CordappLoaderTemplate() {
 
     override val cordapps: List<CordappImpl> by lazy {
         loadCordapps() + extraCordapps
@@ -64,10 +66,11 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
          */
         fun fromDirectories(cordappDirs: Collection<Path>,
                             versionInfo: VersionInfo = VersionInfo.UNKNOWN,
-                            extraCordapps: List<CordappImpl> = emptyList()): JarScanningCordappLoader {
+                            extraCordapps: List<CordappImpl> = emptyList(),
+                            blacklistedCerts: List<X509Certificate> = emptyList()): JarScanningCordappLoader {
             logger.info("Looking for CorDapps in ${cordappDirs.distinct().joinToString(", ", "[", "]")}")
             val paths = cordappDirs.distinct().flatMap(this::jarUrlsInDirectory).map { it.restricted() }
-            return JarScanningCordappLoader(paths, versionInfo, extraCordapps)
+            return JarScanningCordappLoader(paths, versionInfo, extraCordapps, blacklistedCerts)
         }
 
         /**
@@ -75,9 +78,9 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
          *
          * @param scanJars Uses the JAR URLs provided for classpath scanning and Cordapp detection.
          */
-        fun fromJarUrls(scanJars: List<URL>, versionInfo: VersionInfo = VersionInfo.UNKNOWN, extraCordapps: List<CordappImpl> = emptyList()): JarScanningCordappLoader {
+        fun fromJarUrls(scanJars: List<URL>, versionInfo: VersionInfo = VersionInfo.UNKNOWN, extraCordapps: List<CordappImpl> = emptyList(), blacklistedCerts: List<X509Certificate> = emptyList()): JarScanningCordappLoader {
             val paths = scanJars.map { it.restricted() }
-            return JarScanningCordappLoader(paths, versionInfo, extraCordapps)
+            return JarScanningCordappLoader(paths, versionInfo, extraCordapps, blacklistedCerts)
         }
 
         private fun URL.restricted(rootPackageName: String? = null) = RestrictedURL(this, rootPackageName)
@@ -106,6 +109,20 @@ class JarScanningCordappLoader private constructor(private val cordappJarPaths:
                         true
                     }
                 }
+                .filter {
+                    if (blacklistedCordappSigners.isEmpty()) {
+                        true //Nothing blacklisted, no need to check
+                    } else {
+                        val certificates = it.jarPath.openStream().let(::JarInputStream).use(JarSignatureCollector::collectCertificates)
+                        if (certificates.isEmpty() || (certificates - blacklistedCordappSigners).isNotEmpty())
+                            true // Cordapp is not signed or it is signed by at least one non-blacklisted certificate
+                        else {
+                            logger.warn("Not loading CorDapp ${it.info.shortName} (${it.info.vendor}) as it is signed by development key(s) only: " +
+                                    "${certificates.intersect(blacklistedCordappSigners).map { it.publicKey }}.")
+                            false
+                        }
+                    }
+                }
         cordapps.forEach { CordappInfoResolver.register(it.cordappClasses, it.info) }
         return cordapps
     }
diff --git a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
index 9eba3d64ef..feb4e7b476 100644
--- a/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoaderTest.kt
@@ -6,6 +6,7 @@ import net.corda.core.internal.packageName
 import net.corda.node.VersionInfo
 import net.corda.testing.node.internal.TestCordappDirectories
 import net.corda.testing.node.internal.cordappForPackages
+import net.corda.nodeapi.internal.DEV_CERTIFICATES
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
 import java.nio.file.Paths
@@ -142,4 +143,25 @@ class JarScanningCordappLoaderTest {
         val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), VersionInfo.UNKNOWN.copy(platformVersion = 2))
         assertThat(loader.cordapps).hasSize(1)
     }
+
+    @Test
+    fun `cordapp classloader loads app signed by allowed certificate`() {
+        val jar = JarScanningCordappLoaderTest::class.java.getResource("signed/signed-by-dev-key.jar")!!
+        val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), blacklistedCerts = emptyList())
+        assertThat(loader.cordapps).hasSize(1)
+    }
+
+    @Test
+    fun `cordapp classloader does not load app signed by blacklisted certificate`() {
+        val jar = JarScanningCordappLoaderTest::class.java.getResource("signed/signed-by-dev-key.jar")!!
+        val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), blacklistedCerts = DEV_CERTIFICATES)
+        assertThat(loader.cordapps).hasSize(0)
+    }
+
+    @Test
+    fun `cordapp classloader loads app signed by both allowed and non-blacklisted certificate`() {
+        val jar = JarScanningCordappLoaderTest::class.java.getResource("signed/signed-by-two-keys.jar")!!
+        val loader = JarScanningCordappLoader.fromJarUrls(listOf(jar), blacklistedCerts = DEV_CERTIFICATES)
+        assertThat(loader.cordapps).hasSize(1)
+    }
 }
diff --git a/node/src/test/resources/net/corda/node/internal/cordapp/signed/signed-by-dev-key.jar b/node/src/test/resources/net/corda/node/internal/cordapp/signed/signed-by-dev-key.jar
new file mode 100644
index 0000000000000000000000000000000000000000..beb401a992b0a44b69c7487d199ed19b43cf885f
GIT binary patch
literal 22358
zcmbTc18^?imo}Oc+qP{xC$^oO;EiqDwr$(ViESq*wr%sC-^|>v=GJ`kubJD`Z&%mb
zwN`cSz1LdL^X#P{4FZY^1PKWVv<#4t1^Q11>fd`=Q58WtNjWhFSwT5TF;Qg|dRejT
zq_KnoDb$c>u@`vy4Wv;8Xbq$;Ahb{yATUu5G$_(EX3_-Mvjq;NRvYIBI_~ysdKP)R
z?r#AQ8blI=gs827BtqOCmp1%$n`pZ;U@aKIqg~cF*r#<mt{FQ}=7U+9izA|<Wx{~k
zY)lir<5$&KKT0T~)8CB!MW%tAy}Ed>5*@){9`Y1GX3}2U{sDYDBI2ODFr?ZCR*DHh
z)O*ka7>t;0mrEb%ECKdv@%A5ydHB-TOARfV)=@4KK;;OHwaz__&x|hiZ)@eY*|Na<
z)9}aTAnVn7-n_{RD~0DcpHBDYgh772<Y+XgzC`}-{evCoEbs=uhA)>wL;eiLoxW-r
zL(0G${OtFtpw9pF3O2tcS>gHVsV-m+xGHqhc0YXyGdk_sT$?h=Ab@<pd{s@=<7ov@
zpOl7=-fqMABVICZbxh8B(q6>1N;zuV)C%rUUX{=IyrZh@ren|WM)prajqO6lIX>Hk
z+(MH=MR?CU3jG}QjnBw=Wytqfy!Jk>@T{UA9Cns9M{RZUXOV8ls+4gChZ)b}AW2-q
zE>t;=R(IXqv_eU8fW9hAM^TL6r0%g+Sy$++E*&+sWHF{%z&@w}oJoQn_Jq1rB3<kL
z{IPWh8*HnK&odL!U9P(O&E>jEZhSl4u6MA>yZ`44cM~g#_QRMs$U&i(g_};4@d=Mf
zb=c#T0&isxkv%^s_&8z818L^YfOm#r8Gz0&w1rl#?;D>qM9fQe(lF^2{}D^9l1NDr
z=JcEV!<`c0?r^0J0Wll2(bt}-a+{OI;rjU0UQ+HJ$yWh?m2EEbmQYZjQJkpasdSHB
zu++%d$T2TwT4gJ@ynJtUI)2O+>$wiM478w|^#g<H;boikYx|B}aa<&4^Ya|kZX!=B
z#d%WV2-G^@bIgDq#k3_85z6*z!lCEQ&@!|=XA>zV;jA<YN4#TYuk+x&n_<0ydF=2M
zD2IJJ^#^dU$!{>F)nfh$RiB@dz7sXxw!3V#Kd~hQ7uyywe$Xw^5X%amk>Wg=m`E&u
zxHCnF6J)wTQJu@QEaq%F^k7vph_WKR8UhGratMPvJ}H;0Mb<0liUy&Rh^v@|Q)lGJ
zP|Sc2mj?+Hq#+>ByA9>UL4bhPz=41i{%3)xEGbSWEUzR&ulzR<bz%!7P(!YHPQQ18
zF*=AMb|B1{F~Z6y3596RWJ`O2p%Lq#5B8T4tglVjc>v6Ot`wyS9$U|RrQ;&Huno8a
zTSx{032sY(x4>l#N4kfV+oIN=_@tWhU`!4IFsRQ#v;(8lED|Q!)yzss_XjDS<$h?p
z+?ycMf>w3Q{c*nDr;7l^9Q557Xg7AL?&dAtb5aW1&N6mshk8<m-<<dB8T*ygYB4)b
z6Rwdwkm7;G<|K4hHAqaLSe;Kte?kqq1>8(ITke<PK_~+7nEK2E1eY-1-X9MiML{??
z&&%dBXA_&rWC?u;A&|L4G`A&h&>mpSe4U7{zCBl3^Q`%`J(4^r+4T)agh>bfeCted
zOV1q4xtxi@gd8Cg+kBh{3>y|wCMMvju*ADxDQVEO5N`WGTHHLK$gdN^o2SR&M)<wx
zOoY}$&!Z0EpYk9P9+;AjKrNZ+ReGkR#}41^r^GO<9$}(5MHF&%xt}=q?mx<f0(h9c
zwF-}AyBvpNze-ox%d~}F^CODIB!>7~K-jlcgj5h@1J$D*rf@HpOG+w}ZL@peFOlue
z!FPUa-NTAr+u-vMpm^!A_kAn7LRgRc34t%2jVpY8651oHTcMN4%1T9cA5Y6VrDt(m
zz#WQAGVHxD{U8a~#~Gh1oo3vg`MtwhgT&^r{Q#=g-KCSDRTsN&&1>)S28DNefFNYX
zt|)<Y%53enTO{#z5YxxG?#OF*v#$^hWzLEUQ%5(0kuz{hhWY0PqXS&&L9Ydq2-6g<
z6^>h{VScuLoP)OJiC)4P@^FpK98>Cd&!&9@X;rvxa*gtbSf@4Wo^7^a8FSw*Cub--
zs6$--sT7aQPiGyt<oTVU9k)%`u0C7s#vFH-p@S55U)lNgHMfZ4Of&lup_#&}XqVRF
zwt_lut!!9LC<nS`D~r4iY0*#W_tSO1=guFeK!Mulg*m^@D<&h#!ls3~rG5y5q^GAu
zwX<dwUe8x4EvuN-E!W?RB3X;b))xWnTPbMP<l*)aN7)5=Mej~=sn$hYPJV4(!jo{n
z;a<4@6J7io_oKLfql@|fM|6n_vzQrFo9r)I+?%~mPmE4C<%P42{QU)n$Ir!W`=v&+
z<WB`MC8r06$0zss;pE5J3!+GO3!<Qu3Zm?XfKAFo$;jY>?P{y#Oy7Cf^bQUGP;s43
z2~Hm)>{nR(nGnsD6r3(T%GE<jrr5_IK&DDWDbOR*w>lTM?uSA;HZ*{0WHoBq3$kZ-
zUq>FO5`YJE(0E_>dT?BPaNMWT2*ncYfioI@kDY;&hK+^gCz!-pixg%FbT~hIBmn|o
zcd0{2$IRC?HZd}FG0-2A@vNWowl1>YRDP;i)3e}dHQ|=7t`@-Id>knC0Ana_icZW0
zcPp+C_!iilG;PR{9#3t}qFB3fE!O@>KIhb}wW#A9A{_gPZk9+(5Q!NnG1Z>@?CQa2
z0psd0<8ib`ZAdk(3mXNN$0`8BXos~9n<R*<ijD<B#SU-HE~cjDVj{*F86FKrIi}x>
zphP-3`jQ*`#}7+_NF1?|C(s`z5%{`*KzBn2r$+v1o0(yh$;Cea<amHjDbf`ag06bu
z*XsB{QC|I7L#U(L*vyGx>La?AG;57E`q%aw5Qw(QiWWkpPDNDjAR>eeY)^i;Ap6B~
zUkAov5UdEI3sHZ>@K}F;@5U^Uc!PwP8om`JBs?Cv3jn@n(II&Bqrj@oyT3|56)WP$
zCy+xFqitM$fVhubgkyI=Y;0qGkw51OL_aVhLEFJG#v%F9kIh($V8-0;)}NOEt+k_5
zsVc>gkgDfqSNR-8<aUnFjC+*1pq^GZDfA0U7+#Y1uV}{!@p>7k#={<W*)6q?nB-=j
z1Og{ofc?Hq;IO%b`N1O(ABduCsB;3#fz5$HO|_|>lLRKqu%tZe9iiwrEi$+P+{!{e
zAr6KD42+?pIx-2#sJ_^RJ)A5cArr51{`cE{8W|cw7X4WK+u22Lt(Hc?BcYw}Pt5&x
zNf~IU5sa(&?xGK|t*Zy_Sh~y-^lY9#-J~vC-EZgMj}%{{wJcVhX0vYaM)J^?^9V}g
zLzJKTOylFddp0}cMWZ)OW4?+7H^mN69Zd}j%WB_?o_BVhNXx6{9|9@&VdFL{Q$_l{
zOBb$RO>Os~pj1<y+cm?sZ66FR2KR+*nN>%0oohu05Pz#11SHNyB%0jcc=QGPSJe*c
zKf_Lte>40Clmh>A`Fs5LWfJ-C)Bl549gQ7a%ngkl8U8mO#Qv`yY>b`g4Q(Ba0Q9cL
z2LJdqcA)=%-P5ZZ8z}$VUkX;vrsg(E#-`?uP7dy(Q9SU0jEExdSq8-qo?)}ZV8O)A
z(GU|-4Put}9o|4Bb5qAt8>e6dN+AjP=-k2Z&a5`~<(&NqMD$^$y8E%9=^bU$H?SQn
z3jA|}wkuCz8P_L)Nwzw+%cIz@H+D@QD-VsePn|cu|BNdV>P(#Z-&c?Mm%{`4_vznH
z`CknP^ncj=+voqUED`=cmIeSD%m0-*`hPXI`?mr9UwM)LZ@mcpeIa=h;eTfJ-zSdL
z5nxSf0dN86IXjtK>6tj&7&@8T+USY>#|<eXy`dGr(J@#_+ZI_6^$T9X9}KN-N%ulD
z@{*pEUTm9@e60uys-%Rh^W|rVapVAfBdCewhkAxt6#omzhvF~`P7A`)qS5h%tIc-0
z<MhYd=RSoWh8Z&V_;L-#lz2ZLG+J9DBfj)uH^9rq-QeOHS=yVZ<S|?$La@r1vn?vQ
z)VK(|lt#h!P%tP0%3e5s_-fT|&yzcr7C=#-A;KZ+v@poK1o_7X@igwd`>`1lif%1v
z(kcB=I{^v3azG>)2@4nuoY9rYm=w2&Hu3PGVs@`$o`t;YQHi=-4+;MA8;r+WXvyWx
zc(KlgDD>S}MS+eu5F&_;DKnS=O5El7I%R#@83k~C<lugBb6KP%=C3zQ-y-c6#wR4_
z8wb;G^BjVd0hrPXTI)Hh(bGO$_{nlD$$BR%br4?1aHIq)++zxw??yBtb>cSNrvL0=
zUFte5vm}Z-!}qO{kyd@LVb1mV?m)zK+N>0hE-7zz8|1KK^D{XED}5C+7yGLI5vmYw
zDSF7lYe1~<6)iJ&%7RAK3XsW1e)LLRviK4(b>w<sdNalgfm;o^5)8u293F+gALl(H
zNtGF!n8%I%Az*^gBaFI5vM$K<N}Hrqz0qgAak_K$Z$O;8MFV2t2M`eE-}Lm~XBfKw
z`Fi^I)zYP^<A|b)=_8lmvVcfP3t0?VjZ9=smw8v-LQLj`sWHE%52JRPWhFPjp1C=h
zBa3E&`-=7jRNILv9vU;viAUdgBVK;JYL&q*TJq2@`Q+7k%s2D?nbY(2b%_9kQ9o(7
zgys)$_esV<yIP7aS*Td8vCm#=qyZDng`vX66gEk&wIA5EnM$j!f~J{8G;Lc6e$i4X
zx>*jgEgNeIVnr7%#!Xn`ye}}B==Ckgj};{ON-v><T7}Km_P@j=XOdy^S{KgPYS1(P
zt)}l;V^5<clc_^yhAJj3F(#=y1sR=|OEbxSn6zq0XS=2?s{{Kdy<JKmWTE7EIZ72t
z#mlB+ey8Rf>=#s`*cgly-3U>QiY#a(9?ipsSuLKqnFKsx$R}+0PW>MC<)6JCFS(n~
zg%(Q)b*#PLbHS|eg7QTE1F(r5gQH^f({dJWkwlub$=5SU&>UFw7i!V;pqh@bfgqd_
z`>>^Fx;u#9XIh3V_zo<Dq*tKA_N~OEwnoXvDSuBMy9vA|E8PJ}Xvt}>uG#XI#1Li9
zV5E@vu=P7!agom8t2g??>y87%P++!>{<x|1E-3!T2tSisUFcH#kUiNxhRUqEe$*bo
zJL;D3dcqFAtrDi`lM?YNjzMs1R^Eykx6%OSz-88NjJ$H);Q7(rPt;+iK09~YI9Opd
zX>i>EAL^?lQ|Un?#}OZFbVy--Q!V`9u!*04c`L4AvbM7%nD*h1+7%nNI|lOwRQ}*-
zq9e8h&K|y6tJIo~4W<a29c837bgn((0jBf%x--X(V>m%vQ7kml$42!*JDB1seG5Rw
zui<1=`dyHaWWM%CI9VBz*x01yF?SSOr__Xs#FuB0UNn?BgXm_?X8V#5RBM`Dbc-;i
zI_~(2L|A$DoI|DhK8<(j`BbdaE1o917z7($9)gL+b8iOUlUQSe`&8!J{DrqVA0>e*
zg7Ie*w(P|RBj$37gs~03oLR$Hm2QSyx0}0n&}?#LoS6{hG4J$;34-@$8ZgQ{ea_eR
zE!mQ+Rh@Se&b8YClM89qIl=zo^tGbxrj~)Ok{RV6l?za|#>5BNWf37Gc1Gf!-0BFJ
z;Nvb+hk_FnOcY1jHu@YQb2^R1I`)Gy&-R2m(7MTKP794~jlJcJVf)?KnD7}bG*Z=K
zqAy5?9eA<B-=FiBrT8X)sFsPNYaU$cPP5UP5)0y(lX7Ca&P?n^u~v1}t?_N{H7hQf
zy`(o9l7UYP&Y^pD?5M!9@nQ+lU0$#g9~#Ih``%6${wPboyQ>0W{!BL!m7l9}dm@q@
zvd?t^zocZC<9LFB|3Gc<l{0LY9TYS&(+#T$%v+0#TqjKTh&EU83jiH7!^ijZCovQ-
zGy|~}_&_ngcg^zP`~tqN+P|pfyy2ytsVUo~D^Mcx6Z;9`_LC;y3nEY-d(JT9jRwa7
za}zMYJ>4}9ZkP$DWi&8=k8^j>&%VP(CP5T+j<IyRyYj+al54w%Z=EaJX5oxau<#iZ
z<dbj{oG^I;q@hHtNlF&OAe=RGqiRN(Y#+uHCeF%V@Tofgl1Mff*@pgQYS-0BgK7`L
zVIHn6t&iM#dx{J%VMGcGr6ZI`DYX&bMgx%ANTigUl)6Zike>X6`3G!hui)g*{KXQN
zf3d-TpD8*1=b4i9FRBu>Gj}9q`uCg}t!k}|t&Zw*6;MY^ClnoFzR<)3-ZWKl%9FB$
zXk7+MtF;i7OMi~0p3*USWl*yHf$|CR33lpKVv>;_vk?2Kn4QxB1Ii|u4!EA+n&D%Z
z;d;KC>GAyn+d=sltRoJ#O^fmDjRsGpD>QV?OkurRXm`<2y1V?z{H?;e#FN6&gA8H#
zQatbAmFYJ^VLg!0ZAaD`JypZ%JrVD0Px*^TRuMA<@2P1EsI@`O{WM1m&=h=Z@371Y
zy#08oRK1Tzof>d}XUW+=B4`$D;J^DM0T@CuZo562-3wzHq;=nG0v!;lahQ~E12{rg
zFL9!m=#A>3F-^uMDBwbcSlBcj+!q?>2E`ZwV{aMEa?`-JQpc>b#sqKM{T5BPr^3q(
z)l|dlS!=!wh*=aR2G2?^zMiL=DAH$vWjTsx)L!2>v=$6&SZ?gKJ4Ty?m2^o;HzDdt
z9Yn1myMZrZh<kX8+Dj`2uF{;pi-dhuTqPEFY|HtHe$6cMNit#B=9=FBeeFPf*l&i9
z^-ywSDPL@d<?!39=TOJq3<Ya=2?Vevl4a0+AdwqEw9#*ARvQ`$i9JFWVs5-j_dDR-
zfW|M?>Pk^8a-a&Lp<i_*pErD6LqZ?l6?4z1R*K9hZTzrSO>zWRIDwHzP1&L69C;R!
zhLQP`o8Kht;LdZ<rv^90kjtM*LHg|QZ2HQhxk+$>ZQ&}JeG}m${^s?^Ggo|Jvpn&G
z2ou|^&K!0hy2UJ}hBO^9sQ_W+(EURB;H$Y%=ASp^o74EQ`vorR^lIJA#iRL&_#WSA
zvPUzq<q>8@otYuC+EaUD<79wAw6yrwhD*Edt-<BC-D#Q7=MIFc@U3)28LV4O8(t#)
zSlB1VNXg!W!t)CN`T6FHv%0&~LC1f~`t_jb05>jCCD@~4&6*>qV*-a=k{NB};0fQA
zuK5~@B7BGBSRaw<aqiJW{Y_0f=`j3IGf2z#Rce;6s|pXd3kZk6B6Tok!CAK6oGP>&
z&U`IKTo&1*<cM1O>?@B6EPL_^_d>@$##qV=cCq2X7!5_`_T_-P%VD3?U8Dm6GJlS@
zyUi&kT;S%3<quQYJZ53~jzpz6(j1U(!Ik38q7wNhE(=4PcY{;N^CA%(8+NHMn+<69
zB6V=4FgV5NJ$v;CB~ymaNjQah4UKJ8tE93K!IQzHA6Wh%^Xl;^AIwEb{D^^k?%63x
zdU5w%p*rPth*a4YrpA)cMC2Sx)fc*%^PBwjxoLovUpU5WPFDU0Pm9njrb|E)$qL*N
zv`-ON#PtoL=UIEa|IG<4{(?sSXQ|U!qqoTT3-61!Kf`-R?Kq`=byTh52E_dhT=!<^
z6<~9~8-WUegD;7f_oi-F@EhTueDfpSU<c-JzVU?oSNVqKzvdfBM@MI4VSu9<sk)i5
zjV!><&fLb-@jp<!;<^;DBC3w|lw#)O)#?<zOQ1fq2MaJt{*NJrc?g2NvQS>GobV&F
zZB;=L5rSE9QPUESll*`we#^c!OTFp!_j?*YVJj4NGIh1}u2aU!A)}cFKHFZH$#WAN
z9r}rjH?2|W86YGjb*oX@&@t)C`Sv|)V?vp<Y4pQ9y$-aB&CdkWXQ=!V*)Y6jJfdK3
z@*r22^Poe$4pp5{oG_FE;Um~KagFU&>y)p>W0|Oa8A5+16q2xEq<&5!^JR<Up-7=_
z7Y{`~8bs#rH5q;88tW3s5H+Z=EPaFZL0FSda7O`aoFNpH)0qOWev$HH>aKFtqX_3T
z11@jBFUG1^86PRLHE7BYRAPl0h&QkJfc4!VCuhRsll%4?k%?V*DxIMuyW&*tS#43T
zQk6A5=ATTMVS?W|CZ7Hjb#Flj=hAyW$~^^22$%@ULG2U=;>UIJh^<aLtGCH?S~o;i
zhNTd(s(c#RaL!li;y?e5#NT~#B-;Ij*wlZS{C{6KNdDDCD%n~Y|HlL>>)0+xpz^WU
z8;k@cfK$?;o;3VONJ(h%O4>}CXU~j~(EQ1Us_Gp^J~rF#Je+X(@LT>}_$geRpH$=0
zLUB>t2X!w7MS+IjV%7Dki|ctZn}vfw;Pd@QuXPpkFBN9$=8rr&DcO7%>1M`@@d(J)
zd&_PLS;mmnx0n?aGWoJ<B~@o0n8)0uB#a4IVR300%%n=L=|+pfh6`S+D!y{YU;H5_
zW@Gnf(1FdfcfStBB4NXY?6dnOYZ;bvRq;Z?rwmV(U;@|T`}0}26n84B9b^|)-6b!N
zl20T;5<mSQb;vql<qSr}kOyGJnl3|Nj}3kb7vlKLVglW>!2Y&<^@Yqe)@QS@k$2OP
ztWt*_+K)--gEE@m;j|?lh_iC<E(n=HjR<}6-q?t*4y(hk9~<VRPt>}_kJV$`c#8oZ
zG6d^%Y^&G{XQcIwJvup5hUnQ*ul|(-XzM-~cM2{RFeY6iMjjmJ@r23{FNu}~u)ycT
zQCPcB{UMJ(@_fh2jCIH~ZDenSJ>OwqUt7;@bP$V~d3Z8ii7>wn>`~^OaBWM@o8fdz
zmpZ%S68jiERhE5cDA{L`Yc(Eejcbq`*@abNY%Xx6)xgsD+`%6>iDhNF<$()84<Wi|
z^K|4Wuo|+J<^%PSb~`7w6J1D@Zw7Fxx+Z%qUa}f9juzp$N{5%>#O0D{wtPOJAkD^!
zFz4CV;q~A&9aOAuOHg4Aj-M-HX`fe&UXD6*IE7nkQVAf(pI6$Mr>x0aprsB!%mHc9
zb(zeZ@8;{lMl94xriw-!QO(b&-1*)_M-TcMIkqBS+k5WQU2)@xWu<Yvg>PrIw%u^k
zGd_F=&`T$(nEzQek&}z=5tjqu#E;89DYe&fMf5baOL1A+f}BRO2>(#YDhF`YG}a4Q
zX6&n^w3jeMD@MVs;f3e3GT7Sf;*on``l5}PXEf93G4YD6a`C?+)I9a-!Es;N#{DGI
zz1~NNCZ-j~f+1B&-cyaJjSpJph%d`W>=Bjm2`{l|^EY>}cSNBTfnv#&2xb(X48eqM
zwhc~uhy5pKdYKa8VgF^a*8fsyL;0_v2Cy^#UkNO%|92PvNnQD?kNpLAq{6n=b^x2d
zg37;#Z?e*iJj!1c#YC&cxLN_4nDDCxn!GO9jtLW`jEIOTA+MaAFU_2%df{q1Zj<Ub
zL|`aUU7j3YW}(nG>2^wKa4?dz<GSlQ^V#s&^ZkDLnE=S8Zn&<z7*31aCNhu8NdU2w
zdZl!yP1*Utb9IA9^{^sbE?7<MxEC{m&z?L$;l##n<6<mjifCY`OGRr{9X7rB(c_2m
zjh9ip;pmz?HK1&<hQlHiU|GGy!LGu6k}c{#uQsd|)MvSh6gaCEEoa4Rrinrj-o~)M
z`PhzdB{rR^tsY8H_>gqv(Pabcm<lF7AJI}5z=@x2EWvveC0~~=#5sVakz4kJF6_)o
z`|1_`-pPsm#yg|Th<!A2oL)R<m#MzuLq9W;%cpxl!7?-nU27x|HPaZA-+7B+JKnrz
z!V05n)~@3ktTZ*aNeIQm)0LOv@E}P>aU61LRkUZ*WNd^v{$1z-|BPAkEiqkpBR_7k
zJr7-3Lbq^AhqNSGCBl+)odrm%rlQ-1Ehveii27cF-AmzBfJcRIPO)c0l_Wl8(BQ{1
zt0dM`4=*_2tByuXF`+1%y=st?zT5Z|aJm%_0=_E(F3Ir~{<8G=NVD1v7-aRjGxq38
z(xhWHu$76>i#tx->sP(q1LLA{nUkGVIMcH>E0&-C2z5Ji$!2elh0y3@>4yk1Ew5Sm
zd4%YAs@(rUro}l(N2?UJ4p#>%tzpwEy+ffP`OA)?&my3s=f^**xdtzwi|TLDi29e>
z4E6tTDgOHcEY^Vfg}dzjEui6&0*FWCR*$%BZf?OKZSuQHCf3G{h(j#%GbU+P4Bh+@
ztzojn(kMY{eOcseGr>1M5S_VVbG{Ky$AdY<rE+YR@gS4YB<WZ>wOV32-Qx0fJw;zv
zN0{*8Q+I#Vb?v?V+`a$pZOi|);VA&5pK698u~L#d&S|qG5smreHa@Cd4iEn(&U1K>
zeKfk;Su6<2n#DmLtukFVqV!2}JQY=&ua#G?E~h7>bE8y~%5DB~3=g>|gZ(>z3Ne8e
zOf5Ry$F$E`cKw>!Yr0mN{gM7)*xGX3t*gv4%rU=etv>%()VUE1*22C=VEoK+Rn)F_
zOg8s5S4;1b?g*ZAHpeH@a-9`}@k+}+4KTx>;}`GXUspdtoq=(Z;k(%YB_7#P@rmPb
zx3a>4KbtRqA+9LRJ2Cz7r^K#T8^NwZDZ9^J6=kmJjO1b0FWjh?)PHQ-Kc?kjQyD#$
zx#q0?t(iCO3hF|Rfn$0rqih@BCpq9S_6pV}H-i3)0g;B@DC<{D(%A+@RA&NGsUvxm
z*LPX(;}|o%Xf#ZBa^m8F8%oPr8xj<EpMa@5aO*=2sYVeA-3(1yDBsKj#AF9d$uUfp
zRE?Qyfw;}zL~Y(S9Hg#Nec<K5s0>n)di+}k8s-@7Pl3V(LDFrbTKT+zgpSrm0`uYS
zqNH3f6q=mn@x_KWli^YEBkM(2UOG5U#`(vA$asVILUZ)5ijgNB@bu(cR>o|0lj-zy
z`{Gu~2>e=1JK$FO>py~HCKo>!$|+q8Qe#{$OkmqzWqz;z*)6Xyjf&?jhUKtpXcV}f
z19;ZgqN}bj)IFQBHiMgklvHYAJ8+)MKi<*;%SN4od1z>wG#$!=S!^_SG^-{k#bfNn
z#RRrh!|JA}=?nn;r!XdeU2!H(s|m%nO^bvV_RbwZ8#7cF?n!NO&#8vOJHZU5MpX<F
z-WL4q(j`^!Eb`4OEUm2Ukl!gO2B~ig2KKP4LKnBs3U4EA4ncwaC2x&%BCnfy&CC@?
z3C9hsMsF#_crqf1=lv3lJUj(cPaGd2Xkj<oK=+LZLPrI14WBj76vUI>>$);5F&*_T
z$1DDDH{}L8P(-nk;i8sDrb*<4Av<;I2;M`<^*tYu-KfyAG2Q5J%+P2yNXMh=V7kGw
zDM@1}#z>5Ko2|dzKd!V$8$l~G7F@R6WWZv<If4SQ2Wq3Obe;Tmz&q@$L5R8-H7e<U
zo-jeAjmnPun}ngRlC^^*EZykzv+|k0rI(n4?NZ?)Q5LB!DIci(-C)c32x(GoY@8QH
zTJhz_3hK$d(pm>Hl@YtBJ(0vgWL0BBNV_thKkG!2TV|FXiwE6I=`=&1w6Vu0bn5ZN
zA7RR*+oIj&6FTYcSNP<0h2i{CPI>z0J!9uK2nGgwD(&SP9N;ysfpZpyH)<Do@muK5
z2KeV)Ra!On(n2>li^D-n^8jNa!GX_%;YJ7wpPxA|$Ue$>y3^&t5Hvl1TVq_^fCtz*
zuIVwC#U7RN6#BM@t|f)PyL(GS$Iw<%xSj~#fw7MMYS;TQBbpT?ZUc8;dOroWzkQo9
z{ffzwzm-1S14p-+4l_a9Ign1cv%@<9+6}=LI*^5Etz;&yv&OMIb6UJn0_Ylg=n~_j
zAV+4XzSM~~g!qQSoTfx$5(C<lImR2xUSs*lolYXR?43Fz+PCojcmmlz*jqzK<A5&?
ziWw(bYGgFmdzsjMD7@=oV~Y_Myc|1db`YEMJ*hPN6>v<fZD}x(jlbF_i9FBLV1}#K
z$XGh~pLD=vIk~2b0Zu~caiLm#81Gi3snf5%cTgoqU~#(jIu;WP)?-9=Zn*0#<|hD;
z=X_d*z8S%8KnMb(DHd&w$7M!CG*o2Q;O%S5<zzh_w_OQx9i3(iS!-cP_LQVwdxSvZ
z*cYvJLjW8$Kkfz?xJ=IuxP(f5Z5|s-pEFU}l{j=!>K%WCK<$9|4b#)1V;y5GH{s%q
zJ-e)Q`%Bx|-qlXWS=e_1rf~M#X1-&MBT+n?c(hQAZa2+pM^qHZ{o8v@K&1@^ghvX4
z^-wwG7q)NVe(g;wEd!US)ufa0HT5;Eu8q^O`xeFl?kRt`{Fu+xHP~8m<UXq*F99c)
z?uGF_*05VlmkIk78gnO#d*R??IcwhmOO#*mFSZX7r1=K%Y_f(Z>)zuVdFK~e{u#te
z+!KD@#Z9y!jKGp3>7bC}JTvjx@(aqVbO>QRKyCBG4>33zQxlRGEzRfZPNc;sU%(Kn
zjyihO5j6F)+Dg&%Eu5Ef&b~J5cC%B?<?WIACmwOg(9gDAY&x>+)H-Cb0y-v(-}oR@
zC(oj>el|xk?n^;zn(aBXZFgcQHR(*%k_)P==N=dsvhHKWesc~_8M`sf6?_g&%F$|6
z4XZ_^@W|4~^;uo>62;Y`h&sC!idb0Tp&^$m%7ffbKlWI!djz4Bv)rgHw;l!czh}Je
z3t^_6%nGFX2ghv$WlM=yDoIE?Rz~||YF2hyYGi_c2dK4^fQOtjuL_JQWvk{=MPT%y
zl-L@<ZO2*2$*6%K-iaTdhj|2l<lh-&DQoH?Fz9x1)Tmom%vWO9Y*pUNN0a<H<9f!P
zW0&lIs!)rsnLp<~!x?~6&8*a_%=Kpd^#_p~-Mnl!ld}TP(hSnEs5ume*lP*@54ajw
zk}Kc)U0f0QvgtN*jMVF80JOnGL+a`9klapDlSU-VTEWF~0vknE19T^Hpan7cEc^Rd
z{ssIdntn}Z$h!^E0Qz;%ZVU?WpJEZKxgnEVU>8hcAx_lgMz+Mq6dhe#BtF~nl`IA^
z6(kG}WcMN2$tKbED@@adbH|*cPiw#8EJ)w+J6iI+-QU*|gR^oJmed>5n7@@nEXP#v
z5(KPvJ?PdiXk?<&Z0t>><CSCiH2u~26e(GJ`bRO!aWFNGvo0>wK@&*PnbUM=_lpp?
z!8i=@>q#@6`=nF3lrYb`PcmCdJvz){tut#XK1)K`(bM807R6pa{R*cVu5Pdr!ArYr
zQ~YUdcI7dJ7Voh7u|*UjE$nHwpAtbxU@CFcXY@Z=4OrR$;2Z)qLIPvkW_3~8KON>!
z8TV|3m^OvxxO3U!I1Co4?ryLk5grSEOLRueut^j^u_>86o^y6&O!9YB*E@rIX5<Qa
zth3tm1dym=eo^+@ioIv2&i(D^FlA)@V7;>7<%`CUPB6!e#)>IrVvi0t-{9LgnbN<z
zMG?hUUOr-KMvdhmi=}x{?HfMHaiT<T575JqSRS;f+4%#Eu&2i5fmhmJf1~<K%96<%
zyGJyoHn)#}_vPc*02LegS2^uB0?2D^>Ky@f>bDqG4?`1$6P7Qshn`VehLf#a=<{M}
z;c0slKFrKcwx`<AgN6=md$-SLMZP(2dX2vdCm#9bg1NP~8ThrlxWVo)g4kB<tevwA
z4lewV1$d}s3j%zoVSFE;+V}>VUu7!gf#Cp4fJn#y+*h1VKu77802mFf!UasPtl!ux
z9YTTHCz-m$y&`h~n}hYsQKloJR<EzM5-Cdw>9dkJBACFm3=dg8tTfIbZH&?b74C&F
zaDV$o$IRm4`UN3m7nbBi;8qVdEEKc*JNg^oHa_><rbPoDx3j??^ylQgXkqaL0#|hL
zBs9VX+x`Pm;OLB~^T&7Ow_#p&-^k6kTMWKtu>6kuc=a&TEs*eY2dq1|9^#zEB5l|m
zb&Fn9^dgyPwbtCgF;mG3neGR^5Jt0&sfF{t^a|D4oLqMYm2vFK%(t*a<hq?7Hy#qh
z{yje~D#CtnQ!kN)Yvv224Mr}}6#IA^fpaO_uRXrK`Fo8}3piD5_&c})&QILtS-aSf
zcP*P`#Iy8bAJ|IM@>lV<P&P0i?5*l>i?6XnGYP&}9Gdtis<YQY#C7Ah1}>WZpve<!
zN31S9x?~ouCW-ojw5<RM0%{>Cj!SJaWuJ8|MUwk>b0nLsC;Xz^G_Yj2AA)0GxRMXZ
zjW-1VYsuO!7*SETB;}%H9&MFq@Ff8fc7({%A!qpr9QsHclffm5TXQO#7-PH|L)r@k
zYEqF1>BK+^_}oPrRb;+4<CCet+xe5QZn`b>T8YjCrSZ+n+s16i?T5o*XuY>%Mcn6^
z96s$QIdY!;`?X?+UFlZUjn$3HR%`3^Zd2QKSzFuf)@E-{PmdXX@8#|;ZP$|Lmb0l%
z$52(W<6{9P(JPx`88WlyuWD;iu7YHKGb13}A_{h5a(2fLNcPH;35Q=%ys{?`zMEJo
z&tYY6l^B&$ww0bDff@t(W=Z)}OA*ed3fH@8@>S1u%LDxKLA)Zoq<r;#!i^M|y|Hcv
zg%s?cp#N~ABEiMoL0BLlA)J3Ds{LQ~t^Z;A|B0pxTbUc%IQ?bn|4xs(G@vw8meIbh
zf$l>_{KC!$$@7uW1aW)wOk}KqnvoG{cLLb!W78pcv9?IAyM9Qvn_0?mWUkRQdoDCd
zwz5hGVkb(-X0p3%uQ#1`U&}s|)qi`lFoJ;4zrH=b?`*zb@jYib&b-dt9Zj+z@B{Bi
zDbm(WE^gW_HW+HPX|uc!tmPru>=ad(D$=tL!)-d9L%@Lv<+;_e7X|NUtm4?5Z&ixx
zfN=r$g|rOwU25YzTb-}0&@0R*l$_aF4_xR_AjVC$a<$|65!ba1HFyqqI=8Mb!7e~q
zmYDy}u++$E)v~c9#y?IEu<zD(wL%<qb{>Jt`>CH&y&bnR0pHazW{=$Nr?{2S4W8@4
zxr=Q-z~*$funCyB+P31d>B3sKSiNdbaokS#a^Gc+b@fzQRGV4?&vKq<g((}@h#9il
zv<LkN+!6z71f@T3-Dm@ZJj25U!7co;R*nqKlrjG?62=WJ1&S{6{$SQKB1<8fnAlGD
zsj$WTr|rA}?zfjGq9c?15bh*`-&F^#H<~%Ye9-$ZSH{kCgc(aB{|_-seFYYC9sh_F
zM*_;sJROWdVqOY@)E%XE`3#9QYQG7vafYPOfaAMqz81DPz*j@sRw3D5O>g2MM$Oa^
z7w3fCLX}9hzg_InEZjTz-fovx)Arw10vX3<n}MieuR2j2+{H_0+0|)HAN)=8o*_zQ
zd$1J9NhZ>?3f7Ui%?ea65Dl>bc%@5AyweOx$Wb-VU$jVdxM<X$N>p*eJ&;K`@@QCm
z-r%?GAH1`<kgoXU?UacyzaFawsPX2bo>U~ZpT40_%ME^Mv*6KX$cW*I)s~NNFGw${
zHbWGmK<Ue^31)k@uvIyaID=J!lo_T>>|Cs}O(p{53AR|wEx^>7B7a$@g>>ldj5c;Z
zL;+*dHIAIfuIRdu#gs}b;UxT!R2peUQCx0lHFFUFF!Z&+t5=5YxC6V#RIb9Vw>W}0
z^QvZx^GvWl7D)!W@z=yNpMjZpdco3cV7B7&nNJN%s-9(aqFNcrJf2;tt*>$P%c$lY
zZvS|bJx?ZL_UW{q&4*{`H9^aqB~@@CqCjPZnZ#Lwb<LC{DDGUSv1E$S$)RJnNS_O`
zmj1&>pNVYKzeME<qXjb?!0s=)wOKsEQl1zDtxH+wBxc9zsk=GsTAH4ArjJ&Fv}T2n
zcpB8fa`^kyxG3uc8^ps+7@KLqsJp6|um#W&A$NhOaZf9(D2TBiZsDn&jjp~KuZBKu
zerY~f*0vi%TK&7Rrd{hVk=%5PkI-q8+erZM;oGuT0~QRM!;Q_d<n$fY%BFhlO~&xm
zr8WXFq!BEDQ%m6%P-D-#v^oQ=qr2_(R0w4HS;jp$*;KHR#du5Bq07|d+?kI&R3GwU
zZ|kO#1QpJ-itTBnbc=sn7!Su8k3}&_%A-V1G^Qvams#S1Bs6jz9<b(2@pDniZ}q|?
zVVjsk-xSlv72~z@8Hqdsr6GdUB=b@+w(@2YV39GBV!^R^l_+m@e1%0|+87N`y$g93
zQJFgsXZPYCpZT{9*^$2K2Bb=1bVjXX(d&Cio5X!CPQ=;DSOecv*qcdJCr;4Zj05BL
z_Sw@XKB3_vE4;Cms%{^9#H^tWR^FTeZv-sY^=53{9q`DDjGWtP%y;ST%sUoH_Tf+l
zF%jlt4C0Wb#O}xf2RlqPiaH$ANhbBEwwSbZ--ZOaeBnE6j4i%fb5eVbwl1Vcs}bX~
zr2gK2k<!Xy^rR?c8dz|0Dja@d^K&&V9d#nNz*)pxfFrpOM(tG3^Eiq~5#%nu?BpZ3
z9(ad}yS37v0Nv9p)47J)13?z*xDoU(cz7fw0duY2HdelJ^D_0*5Jn^z7FY3tBtX+}
zw|}E*)9y8WtV^cf-i%AeE#aHu*$nhl^}>Bt<k>3s>6J<onb<Qw2jz(?I}b_};eChV
zCA8(?*2PO~ZLVsoQOw>4os2`5Ke6URUh81KO(iCdg|Jr|g5o7bl!Liol9`G++s$cX
zy9mNzE1h9!v0`Y7|FP$Q!hy=$&-ozL<F(0XU;zTYpy60zjI(cLy?n{<n#x<8CS{Y!
z#)6)z=?R;g^ux>J@6Pwa53t;VbMsM`?BIzF`dWfP!-fPO>|Cx9yz>scnfAMy1Rc$e
zt2$<Cw=AyY5AF?bV766VE_r3l!Q&fuG}9X}V){P-<0r-ja^G-*amC+t;n+j_7s%Ag
z=#xd0QOn^W^U@J|ed?-SSb8LHutLXo_eo?&b<Bk_G?i56Oje=QKkrzS>v|L)+vvNr
zO<-lewB%o-B2rd8R5(JM)(g|u6S7q#Rb_tgC9X1b)!9VG{khn(i2a>aeP<$y-vd>o
z$U#E$REospJ<2r8y1*=sDME{FfRU)l+}J$YkVQ@DBs4pE!k)IYsy;6?7arqq$FcAm
zM-yLWm3No%`6Y1?Sem{_@%VH+((DWELszuM3JF-Y8ZY~?I=bP$E8`+D7rAkS=aa6z
zax7Ns?imjD5D4)u|E_u6GuZ3Jtk8#k$O7~VbG=9Dk?x_qd$0bpf`O1ibSys7!Tj#8
z*pcZkj_`^eb6NYS8VOFe!{gnNi?ck<@T9j_sb=vx^dsgKS2YIg7lH%rfv4h;ho_=F
z{K!UjDT1>U{J~6dCzW*R_1#QD`x3M+_-^D^08PBNdGa6SL%fQJQ;-yBg13Mdl!|+E
z7%js-C%qw>_tPn%YaU4!9fr#~Yg^L{lbH=8c&wPd*)sX>jG^wlxrkHdNe!L-b++}m
zz6C0Rk27l~nJzY_+3NN3WCM@NnF!gBpCaJK%B%8LatX?#axB!5P7#S~0J00p#AvVd
zOs~~ER|*e~D@W&r+c-R_`mLN|4hyr`UkErv2YvFH2a-vIgdez{te*TMh>KBOJ4t-l
ziH7thg@~e~NYLB3l=$02$z+YOhJ6tU!CqUT6V%dD!Ibb3`x<Lns!H7ks5DoP`dB-S
z0pjRHe$-VDz3rHQ*ygOMf{Ol3w8E4JCDvdf2{80s<X`@xLWf%2u|<SPB0oli^rWT^
z9NE=&r4FRf9QQi=fo*WBX*GHB_asHysYP=*Lmn3y6p(R62Qb-19ELELMD7sB@dir5
z1P%y>nvuwgvU=6}3YO>{+>5h$grIGmKB1i6XCE;?Tnh|FBnR8&3QEs0qY}OpH4^ku
zUBV|`DWC8LWDmTkk>fgb>D}?d4nptbcTD`lu$AO@nt}iJi%;7eDhZb9!-^C4A+mY0
zxNo}PUUPapg)8)B$8qDQ%UyIN7}zEnY_n)u0j|zI-tEM%g#Bx96E?7@G;~nY(Wqi3
z;n8qMM$}S+OhO}s8;{VYXijm5J{KjzQR8kjNI4n4Iq_pAq0o}Dpn0P<YO)mS3TZfs
zT$~Prf$?;{X0u}G$y8SCfn$&A$X=~NvWM+VQ1zlF5e`G{V)oDTU!Nrs#qNZ@l(UM^
zKT9D)rR)ni!`Qam(x$m7;XU^O_LaEd>`+-OX^{|+!L~b@UgN8+H`Y&Gt|-{seJGUr
zp<U?PL(h=FT%HLXjzb=_hilJ@J5xSC+w(ZyiA)_kS7UkGsaf|&UczOHS3-05Ob_l@
zZTe@Zsu4qPP<{F|fsk@u$zG{6$k_MPU)X+-oAwZ;x@%Cv@3g*TgSK#T!&^<CCG;NA
z!d-NMHhpN?6Qv;5Nh9?!pDFmCD~1Q+A^?J2V<9;CV=CRQsXsFBOOePcEflA}sTc2j
z|1|A;oLSiWAWDnG-LW3z4mm?o-cY>+2IxQ&L$gzA6zV7T`$Ye6EDHUe(dW;FhNo;R
zKEn=iQ?}Tr6^Q>>9Xae{%X}5U&vY(dnH(it7%G?d!4`HaC!J)&dUZz|xfyY4fF#FA
zOnIm}dRB`#4KF2!XYilVrsIXuTV^84pt-`}N(fJLA{9sVh;kG~YPGpqQR-36&Sxwe
z+ty!<h?&1#C2wwMDsduzgZUs!;kA%{X4SfNYnZS*SXHr(Em0r9LY=zG;qxT#N*t@0
zkAk;q_(<nr%c(L`v_xO7DyxiKENgDI#8|E=i(af&tNqnsa$6y>snu*?_%^QV|Ejl{
z8K7RBZzP|URa^v>K4R!Jn|pfLb0H>&@^$w43Fk}T`!0_174B;v;d>oocSFG2l}W%<
z=5iAis0&fSG3Hn|-lqxST;&!+TIQ^9Vm)Ob`^oSRT}ka(F;e+US1A7_UE%v5Zsm~v
zTZ@O1vAwggqmu%_0bu<f?HzyA&*gEK(Y`mmr)w}U!5Ql~{g}-4{b7e)a0M*$B)hHx
zbnNP&yp2}y^z~gsCbNr+V+Xx|#|jW87yCr0G%MW`B}2zxmpkB=6TI0T)Rs}R@wu8X
zzmrC0F*Ivjxo>#pJa0H&f1LODena@(zu*msD!VRr8e_0J>#(@0ST8FaL;mh!Vn};_
zcwE&nWSwx=)SKU?Ki~LWxT+OC(ua9qZ7r`Hnen@POLu$eUJe%!lBU)$UNT_Et*$6n
zC>MCTqP4YqR@HF;y=vQhWHHUA<PufDt=D3`IeD%3TQ0%WA*HL_=6t%n8jD<=ZJ`Nw
ziix%#gU+=67wvq-V9C|w+gBDAj_s);wBjH#<SwZ2;3_lcK=B64QP|`}$j(-C*zN^`
z1zGlPu?Im^fDLy@V{QA|m0ns7I*epnq}L4lXe@`AeNYH0H({hkJ0|Kfl6KqWnbtf<
zSbC+^PJ<!N5xM5&Yrn<jo=wAg9d9sx7ApB0)*1~tuRM<>E0iuYNRBuIBk7RKs*i$o
zlM_>(GUi=Mc8Nv1MOuhs_AY}V9mjQ=yE*KBTfm4mdp9xBIAfb3m*{{>>$6k^fV<t=
zLX^!CI&x!l0qPA~*w#mS=DO{$U?GC`nI?7Ih*sUVJ%f|KJE0$QIMEFX3kna}gA`T*
z(*QCy{5MOQ9C1Kn(p9JGTC<EpTS!_t`Lrs^ab-A+6ZYNG75{+g%nUp4{ckjP99gAL
z9TSQ0I&qk{5H))4sB*)Zsz>)R?UwqRZYgTLA+mTW?!E*=cX;K^<q<}8_6V@e7(@1O
zF2&kYF=NB6AqUxhjzPM{j>=51kn(!+kpln2a|&PG5su*SOy>l_B0X|<X$hZ5?)w8f
zZ$pY&^fLE16t=F!5*uZXs+>ErZrN;Ghqigh@aD<hVY1Hnez*rH$7f1=ZS3ugR_J!m
zsz$1+Jz4vzWy}yQR8`z<W4Buk9D<Q&%Ni$!4^CDocI!a3qK>*!&G9W#1U7A7*(&qZ
zHsE|zC#$ew(ZkvFd(XpwD>JaExf6Wo<fr}zDS&|l^6#qzMBy-pCgG}n&EYNIJAHDj
zGZ-@AyF>`dx8Izf?`1#^p3J0Fpz?^QG-N-DOA(6s6X0bVe>+M^!55Q}6$F)#EC9&J
z#TW8VG5a_L!}a@16M^}?1;oZ}oJTj&(lc}UVYj75`3$y3<e@bQuB-Q+!CtC1<T<(K
z=z}Zp(&EEhbnKXxp)jODJBw<AHqR0kf)FMp?#i8tVr3gMbGs=fJAZBn_G9e|=g?f&
z7jIecpoWQ1Nr@LFZL}<&rdKhpAHo}uTckHkIO$X{@)!rFjjbi?IE*X^jD!ry&GCVF
z2(x-lGKtWcO1GZ!5qnG|H8UM9ov8>iXu=kbnDg0x#0}zTgQr_*yx+lhfuT$cmy~lE
zXHGBnBIBVJ7MV`*1>&5Gdbivq6?x9^xJgZqTMnU3v9oH~tHZ+LaSbeDOcXnBK5?aL
z^)SVH&H2pVS?~!xd>`y#>g9h4Qn*b}gEC-C?U;Fc1de6!e!siNe$jZ5H_`EE`Iri>
zKUPxywo1P2{Awo(Q(0nl_UtaRuTjo<`*f;dU8J6#=flbW!VD(nHw=3VKS>GOF9kJp
z0wN2Dc%dciOcB3+0pI$W=qwD!i<K=wD4G3=SD>=TyeoWUE8%^T;hQ>~G$Mkt2E~6f
zBxu5i;j32IkobkVw?uPcQ+;EUU7-8GrkG??UDhf$S6+e-*P^zlUTW4>UJ$<&@n(t2
zbSqJOi5~IwGl409gFFdCpntH4S#m##S=7*1#9h;`tN?kGcUZ<`52$?d;72=)GK7Tb
z8wmvF<byZ@<K1#^=y?wRHiW;ZH-k;vA&LW&A}as`r5M?sNs(}__Z;B#&hz2;A#~xI
zL@r1@xD+_}6S$WFEDAiHjey6Vp0bhU(RetcsK(tq8{tl`y6ByfthpZ}z@Y+NjzIn;
zxg-T5mcpyP{ATnv=oCqgMd(H64BWu-k6Q5^lTal}qVi|_*NNe;^0ZrOVYvVA`A9Rc
zo}}lk$)@t|lQkaK*cM^w<Kl#j#_~Hy;~-l+PQ)J(|MB)JI7ee+WFeA|Nt2kEsAbn7
zh;p@5j9#3@=OOf^9ph6Ndq1p1F3Zfak|*LptyD3sN8TpP=zxEC<IHf9rWTKw#*0%#
zPV?c$#((?vhV_T>*Z>6BcTH$4q*w5b@W%J7EGx>4&-S=!(l3B0N{0G(_#jdDJ%z}1
z@L@h3ATQ%FWki}|7mj^5dhv!Il6YIxfhp#Cs$pgb4zZL`n6>-yH>Fr?LHhLg<Xb$8
z_{8EQVupAhLK=$v;)0gRUaXtp9!e1Y?(`r^5V{CB`RO-_6<<Fa60hPWeQ`uxxKziY
zITE8{ApIXQAu@}>;(~aD{$z#IqmS5^E9m`YoBA)z9-_3ORm7)T5{tnevbSdu9F?AR
zOGwlD{jUg0Z^3j;jTJIf+ggA7l^sjYsk!N0I}t7eT;mvc`1HaNV|Y7Q`zQxe&IH_S
zT<8(17~L5D7(k38?lBj=U1z_2{Jv^TCr#T({TVR_r_YVRKS%(gGA1S$0tjdu?OzF(
z`2Q6N{GYbY|D#lT;b{JC<XBybqKF`w2sa$!BFC}a({_1+tnUI?SEEeas!m8Q;Sl0Y
z7<w8=7G`5{*=M#;J-fgZ&kC8t6#vxJ&`OzVafq1MyK)dd9ddA{ddQ<_dN6^Rxa;CD
zoJctQCD1FN>2d$Jm*e^IXkq(%HWBE`hyv?uz8ys}ZK(-8eSZEvKF!+nvCL#fQXjVO
zek}l9(&BV=^kmVUZ&!lSaD|zfdya?S-KNO3Eq8ZTAqUj^9LZ2io+qRcGu&b2)79B2
z%8aTjlV}!$2MG_4;2s|QO|0;Ec%<NXSZss>Q=<x&Q{}vG=HVHNGxXAkQr=uFBfsVL
zLP58v%@FH!^{Ql{saCU*{Ssj+Q*K^De43$%I1r}1t&mGBK!X62xq5ZfeKWlwEDmpO
z-aPR-y$PQwJKl;}QiIKX?GppVBjj2da%^R|&K1v?<nlyKOIpmpoIb#s)C!6R(}n!#
zVeli(B)&TcsgZBqsAxFfK-ndAp42b9Oj#k4QIW^i1b1D+IKjh6WmG81dNV;`X6Kq|
zKEyF9zbZa=EwBsP#gIU=pE<ET>Jv60WrsUX6P_bwhpoxqi?@*CtwGE|tF;}3(+^zk
z&Lw1Xxj)G+46qJ1kdCuVFo~VQziBze%*uhzNT|Us3Yeo2A^vjb9;|?xg2tZfuQP45
zv%;ikCT(KE?PO{|CN?5-G%;W*WO1r({mELs>hdf*x*R?L&20z4B!Ck+BL5hxhb(Yh
z&~^I*zyF+o%0Z8MpI$1_d{a(i7*#XKYu1sE;Fop~i5n8eE@j|{z8cCaS>bx)|I^8p
zheO%EZIbL^7?HiQ4H=c4h)K4Pb&w@w-?J~#YqF1J3aPBwjWxm>E!HeqN|qQqjc8<x
z!IW?2ecv)o@2~IoedqJf{rqvA*L`2deLQo_eP8F<6kj3`dy#Crp(B5wxceN}*})pX
zO2KM+I#(VFIe9ISY?rD0B6#H_TWp#A$B&1rWv#9pw)j(ko++|MXtzT=Gj1wCMBWQ$
zuwUYB5bOn%TV~fZ=zPm2awe*ik>*^DtbFT$QSwWx6KxN)$SByGiz95{`c`S3!8CL9
zK#nYC`qKi-s<G4~ax*j;vj`n~$o-*An~Az7W+xtJM!TIskgdGRk2tP)#VJN@{EZ>N
zN|naRfjf$OMZXmee<K&IyKEk(`+^<~S~I}SyLgLSOqNg!dN6bARBAo9K<VNB73W1-
z0N-9$H3EC_vqp+VgR4`G1%I871Zbu;C`wD^<^??mVFahlgSK*!2pxb(<WU6Q!mb)D
z1>_0$4m`pL%7>{bZp<b)iclNwK9$#`3bt&l-IyyaP%slM*F!oFYB_h!+aiN)`ZSh6
z7|Q{-p+1MRg*tnQC4J7C>fDOwQQ~&Foky2l=6EcOlG|-n3bN8`Uek@SRvuN>QP&;@
z(I`W{odzBSge59g<p|WsC-tWR*Z>@(Mj+L29x&94qmu81tVJ9G&hru(C{odm<k$jA
zb==m(sA|jl=gZjN**Vpe#_vWe=-(&=nR5x2>B3TiVjdN2TE8}BExaA@z^+^>jV$bq
z`>{&Vm_CG?OC0or^@(jEk&Sl#H=rXFSo<dZX3kZ?s4Gg)JgXLMtTD(U1z25+ar$^T
z(?!g(L7Gb-q>1uH;dF1HsOLLa0VIeq4AKn2>O_spoc`kYVRN%8t&2$r#Oo>4FSS`z
zQzD!Cv@N6l%|P?C0w>)xHx{FXW1G~pI%R&uSS42&)5Q5AFNgcHO)<J$vpz`QSdPlC
zdB6xX?h>Lvi3%x+GZ$|O6y$Ha#_lP`;~Mu&{gQA?4yIOz-L^D_vxaq#C5Y)gTE8h<
zX!P^?q}BDePds+XDU;Te!X&Z^E?pbn+eY4X7&aJTE_$uCc&S65;cDudY%26|Y*v<o
z(>Mys8HBi?H@z*_sGM_GrXc>d0O&cZAj>h16A2@AZ5+pGX)&wO*yISLX<=w%EDWIZ
z>1+a`kb(2QU|Bod?$WHhANc0Wau{!OT!hftE44y1hECT9ADlfNB(0;QCwj@0`a+uR
zux*0;ewVUuK$Z-5l24=`GhmQmGDzXiZgvbx#?eS=gAY3h4;~wW+pklV-iyfQD-FJU
z9Vfytuxri<;<9nRylS}9DOjSa?s3*B$cyGZ`<68{6cqGOTHwq}zYQ_JWp3VK?JdVr
zSs8gYW+^31+#iGBOXN%XGddv|a7QNq7;vSB9ie0n?~7U1l63ZR;DEG@bW*f0xka5e
zUzswRUB-?lsPy*a&#=o|O8KHAoO>D5>jocY@tixoL>>-~^HtUEyN^Qbzl=wBh$a5n
zzLAZ;64~dvK#6O5u`fE229VT{ecIrgtZ(i8m9MdRZ|sY2(M!R0&fBnO*S#Y7u7=X>
zci3U4MvRB6i|-xre9t%Y<kR5I9s^Wp&^Jb0ktz=kd^|Km4hDC|HCzNb@4v{{*?)7T
zyRvZjM8Kg|#MOL}nSF|6l<*GEP?RpmR1qMh=tDz$kFje6&!a-8oy613^4G&?(A%42
z8_d8Cc1zsUK7_6!fjlga%2OgRsIH2Za>_m|>a%d^c0gRxt|dsu{-NBUAa#kmdsAHT
zO0NgQ(4J`QSYYq6HA`-}uD477(h|E0^s_NxV45{$YB1tv_14ihzQ3(6qeAx~jsDj*
zB<+xf&n@ozvz8#+{Gu=M7$03wNnd)}gA+bX9q{*ALL%qx2S;pwXn6yc&w7Hno7l!m
zD;2EO{uUJ_>5Up#9pJu3UT17`)fC8E@=T%EX}Ie;6f7mCac+L>iCxMH%S=bEK{`rD
ztj%Rnx}#21810jUx~mafDP0Pk`ar*&C|xdh92jctl1ooEXPtk`Q%f--d`H*=O(Qwc
zWjfNmz~2r<8-_Ng_QdIJ#Zo<|@7^@6+cHJ3P{VVg^>y}*IjiQ+?tFyqEt!b(ZuwP-
zn@kCHJujO4SY!wbfu%Nva(B;M@ahqlGvZnIbHh+`ZBZeq&6TD(%NRZKjFY#J&%QoL
z9JqB#*OQn2NI;BbcvV_h0N~r!HSY43$ju|Jutr7Dat_7wwbE-GXrFyUFc{6MdF_xf
zQ>R`|tfIyk^_}>mN?)w@Jv^FQ;g{ig^%eudXSF7nimTQ|Zh7!fnhi;p7hRqNZvj!X
z6^JQ-t8MXdW<P_3<>3g#fc>zl;Y$j$9*x&sWeM+Mj&_Qvx}?M`bN<mFm2YU%3;(1)
z<oNmyJ;xy6PvIH`5fk-II?2qd8)q9IVl(4<KB>J!j5uU%1!*D6k&#1<k*Vsv&K?o`
zlN)-jY0aN2Sa9)A7m^Xf6XOr5-X9OBZBw)iZbI`dv}DLV+e$<{H5zS<%a(S7c?EA&
zN|#KBgj8=vG&cHIk(J-6ha^-ix7n;bReN5P;+Ztz+qwYpMfg&x`b|9ME8>_8Mn;Fv
z4>B81$XYG}cD-Q=zKwfc*-ELIm=}wS&S5=hl@#6Ov_Pq%@x}ak;UWO^56jTaydm*P
zRC^^{OJcZ}j*m5X^6`q?Es1d8Mb}u9tNM{Qh9R7ug*CJVSPdViJ>yU29V=Y|#gNmv
z<2Pi}A+E*eqZJ?l=m9AdV2Qcvn6-*Bxw^Tk5DI+-K9_MSqvA%bq@Gd`P`NrH@TlWc
zTvAS+Hm$Z?2IfxX1-c%&*H+D;J%HEijSJlC#-lx*x>4d{Gess|A5YqZL)97{`B5rA
zY!ww!Cf_%1a-hUmezRAU<fw4kkXB{1ZeND3MsbA+STKtR<ch{vwpW5@+}qxSQ+}4e
z*Lo6@q>8f-LNcY1EiLXFE#9O&<jovjscqF^m%mR1f!^p`D_8EGDdAE|YZYn)$@vS|
zC`VA_>K)^@YC)@pr$wLFZPJ~l=efYpJ$k;)GpY;+sGaU#JC>Zz%YfAm%~ITwv*<X7
zJruOSjV0Tfi=R)5UXy%&8+<ohPlD#v8gLzJQ^z?`3u<*Q1BR=K@|KQ13uLoi2(D&!
zYnA=VbJB`2C$0F?Dc+G8>Gds}xJZ`bS7iQ!lRS6qz#pm^*^HW^rWxnRygm8MJYLm%
zQ%^xoYL2#z4Rj|yO8D|9lOYfGP2qif>^D{%m?@W*#+#;5z_)=nxk{=(FV*)?+#wNh
zAciGfi3^FNynI3Y$%Oa}e~u%s^QAMo_Q^&|1qInD^l$O);}Y3gNN4?C>pUhC#%&?9
z_&xt{?Zrxw#LDT<X=@2x1Ii}6rIsx(B<n4jW$vwFxW4VdY?Y?POZ*t8!!Mez0s{`S
z2+reh4e@G}TQ`xjijWhVA>%{sv$wI4nW*0O*pS(Gl`PjC|KOVnYSKvFl~P$6p?MVZ
zEN{M9TrYiY`8I!+Z}WO!B4TD|lf}FvKq$6<BllQE)%vi2;DVotC0xpc|6Z!;d3Bea
z;aaMdHTEnfdeNH^Gd_o;Vp-k23gx?AX-2u4E*RIjr=QJ91>72S6)ls0<<E-bu$trc
zhe5qi+K(wvgI{Os;b8*1<&Rb?TVst=vw<8<(F6CVdB|BFnMi`G#}tch(fP`i4?1yP
zuk*o3Y%@nsR?|<-16&o~;|_ngXSQ*j!L{55BUNS>JF#~7`NxQrQX6%bQGN2@teP8?
zm4GqNlW8j5#V)0#6smA>w!A5ywVBB?_Fq|ZGFV|{Z@HjQ=&Mw=Cx)jljC~r4eXE%7
z%d_Zq{zg91(0K(qnnTST<!>9bI$7138m(C?|JVd8)@|!{5BsiW0;v~b>joZI*DlPW
zta%^iKW_G^T4e-9A-y%0?1pvkob`@Rpyix;Yz9kkbPH{Es2>mP>oBQqObFjlOHIg6
zaC8qH>d2E;@|-&-t>9DxQT|IhHqWamIKx0jW`qAfctxB15G&b%V<EAH8o{yfXZ-Mk
zA@VOIWgxbR`k5gXuQ>R@KxDi|%0O&v^D_e)Z$0%ZgBpaCfiUau4mSh?oC5^lb=E%^
zeiuftzd1k^aoBga8vGgj&&4Bljv<)e9AN!l<NrTaIHWlVIleEI;7N0Ue!9OMYJL}i
zpB51)@OKFWPn*B}X?_<+@S{1v`Jdwca;N!SFu{%H0HMDI|Km+V%0cWZLhzzFK+AvR
zAZp6`zd6&8CMOo^6B@t{0KgaHplW}u{+|W>lKk&O7E)?rO)f#{e*i`N_Wv)bNp=6E
zNr?5L1bOcP%GiHN^5azKU&Owo#Kh{jlLxH$k>By(5Fdz7NeKxY-*+@YRCj=B?q3KA
zjd!F3#0n?LgJ}HdB>sy>Qcsf3y?+<jk!B$769oN~p@Q$f%kb|zf%ro2=S|j)fBpT;
zNqP=Rr%Zf8NVpL^K#=_ZM*UAw{?q*+X)5C17s8R_0br`Xr24VdzE^}2|BWXj1LB`#
L{HW>*;q89_qAvRp

literal 0
HcmV?d00001

diff --git a/node/src/test/resources/net/corda/node/internal/cordapp/signed/signed-by-two-keys.jar b/node/src/test/resources/net/corda/node/internal/cordapp/signed/signed-by-two-keys.jar
new file mode 100644
index 0000000000000000000000000000000000000000..c5360a057637c1f66da5139e7e76c94ce5e4b9a2
GIT binary patch
literal 24454
zcmeFXbC4!qo-bTowr$&Xb=h`Rmu*{Jwr$(CZFbqV&9{Ct^X}b^y)&_M|K5xzGcxjt
zb0Ra(`F@l~P7(+h82|tr9AHULO!}<LKt>b@0ALjq0O0#7fV8j@KaIGI2%R*)jJSxf
zq7tpNNM^!lT%H7S(38kBEbThNh#aIELMH%9urmONFdGU4aS9`G9Q5ftn?kd-(>)Dm
z+Z8R7tZmm99}pEh5nNovW`6=ccDHj2?wWO^?J1xJ6#wB4^DFe@8V$#^EimK$4AuD|
zLBSHfUv(zBG0)M9a`bO<2!fMV`o01afA$`2oENe7KoECXG5}La&n;g+o^2sfU~VX4
z&3#MxxB$vs$bK|>^p=ao_f#f7JC#_w_xK!K$*aY>rgW<a=W&2ixcX|R?)oQsXS>(c
zQkzU^z`ZHhqf(%?N*yom#QEj?GprBCJ2U)%-#w%#RLDLAzHfa4?Wjz!`oD%Q7K4NS
z48)wgXc&P@LGAzS^DLvx{qPJlyCPcV`sty{XQp?V@2cr`@*HA#(z&rZX_$rwevkg5
zoUFsutVelV96EBd1?3BW!MNEzG2=mf9@8x0plMyrzfFEwI_>?2thAGgIn5p3Hvuua
z10Lh>WE*q?NemI@HRmAkbHpb$E$f9Y*L~s2>!{45f_7lYN!kp#+0~axvJInL$_W%|
zEQ5_Geibuc=_pdwWoN?@DZw7{vLqErK8&5R+e&FouA{Pe#KeNhh+-adze?{^9QdF+
z*ts0xO8e)J&0FX|8*N;!>7cGs<()4MmlaZ@o2fRP{SEHDKcCne7zxzxMuY+Oay?9(
zG{W?cI1I`|?k{9G%e(NbxdDMkag*){)3^HE({xLEsJsH3D5bhSu?d5O+$6_!6P~f}
z(S%Cz<YXa^t)%a6<Z!nK%QbNDnZWfvb`0fP>`eAoM<;gTGIt0*a=0rjv*|bZ{CxGI
z1Z9uKyR7`hhDL@CIZ;zeo7ttMyDL+%qc#{%HP|J<d0ou!XbktyTg;zZx2*DGLRlLh
zXTY}OIT}e$6Jm$JR(>C&`m{(UP3iCuHkae}-LD1~!EIR^2vKpT#SvJd?aR9z`)^%z
zYjupH2PXhotXs)H00WI%K@?UBdB>H#e~SBzS9#g&uvGuV6yslLSwQ<ivq(iKEqF?d
z^=ND?HV@>+5GIP3?hHY3Ce^f%wPD|lQAsDvjPPQhhc}&tAK3muzEml+Rz6!W0GU8o
z!6=wKEklB23V5(IfG792!UO*<yi7we>F-+mj}77b>^};RUrJn1m{#$->a?Qs#E^ro
zxK6&d1JT+E!nVOo8PP&Y$ngcJPNj=`03qRPAour{;H<8US-JEWd0fbf<J>o&c#6k_
zw4v*;`!^Bv{o-5~^<Mp#&>U#)mv0K1f8r9W%Yrc2^Fbj$1yJ{oOfiWWXI3&QB;4&M
zd6fP}+2Py(lH|9nS?Y`N@j6-1lg~okiGp-xmFQ~R<US)Nv*{>dm9(!VrfX%tTT9z3
zr&NjBb{uyJ=K>e?FEk^fv8+O10LJKeJp2=^-^J%@!rpYZ1Peswhr`fo=EuK?{`&TC
z@E{Dt#(q{Zmp&8UNFt5zjSq&%8Kk}?evNVuW$NQdaQWr2+?->@tLdKLLC&gcFf2&i
z|L03<f>UyOf7ba_7%J!xk<j}6%x}mbpFBPeTZt*w?NULFstJF~8{GW*9!Yi$AJ!~2
z20QHcv(|WUE#w^XAnpkl0{*@U@i4@qsZO~^Qfl<j?Osw8-O3?4l4DptN2lAdQ_tRm
zOt2moqnAehk#wiSVDxA43Tug`z)Nmep@`TZZxayfmXd%HoV34c#Qh}p#ZpmGd7@2b
zH|zzX?HTCykIg%1;VWxgE<7Yp9oF72MHeuuvEKrqi>G69pC9;kh^m&TMAFg{;ax{l
z(vGPaZ09fsLKAem&kR3^LUpmmW{aojx29XSnX3?3?6>ZLRk}L0;xuZa_pG?>oL?bu
zPWIshOj+f{5Kb7aTz3k@UiYJV+1DJnZLjy_A|cF}k)dj6rqQzcZ%EMpT%)yvD%|Td
zp%b8+z%;{fYSqon)Q+)HS3S~-Ie{OnvY4Suw03XUg%MYTYA04HzKe8NA@AB`8k8{h
z?y$25vjW@4<eo@yN&R%vf=Qg)9^7`_fbQ(I(X7vMa~|AJV)c=pYg=^<J4!dTD-xK_
zuZVPRE^NuG@zThIR)?^sX|y!YX_plKpnN-7`~B4M;{?E8^DIB>*IC&_SV_o~K$pZ1
zL7>#sq=+`=jQp#)3WX&l)0(B)J7EMXA?exzJ-cQys#RH-J@^q;es1C06Ksk#A?M>?
z8yB!doUhpDE^?A!;Jj*gBiP@}#rVx!|Gcyi|9fdEDDpFz>T~oDmHs)LeauXb%{1dj
z8rSwGP0EythzNQI?Xb*%u)>WfouHPAsDK7t2M>&ZN=rF_NlPjG-c!)%nHU%uYQ_Fc
zg8wk{Ez{cvHLqpbXWce5fHl%XGPZXC#DdtbfvSJmKPucm!nnn_{tes`pq_abu7IfL
zX|1Osnmw_v1jJ#dEeItD1Y{t{gaoDNPmaGd*E7=tKUTQ>PAWoTNCxCJx;`*64S;;4
zZ?11>*g|Pv!RmJE*8qk1Uhm*k1#)mZFmN-5Cus(M=HdJ-;i6DoI+hS;un7mvQS`x5
zZPjvMYdNSTv+`ln2O`Xkn{l2kcguc*Rlg!2va|#%339Rb<-?KR5J*>K>^~!LR3v8t
z^9jM$_3nAcm7{s<m^iNbC&&m<iq7gQ1)G&_>a)MsHO-5t96KCq>C!57?5mZGb)ed)
z?Va=B(cNEAVSb5;<|EUaiB`$S;#6~-zR3qAEqpF{UE8I-d|^+dPdlkdd`!kt7Npzy
zZef)WkJg|^yOUFCns1+R9x_YZ<m$vbJj1o#uuW{3OkTLui50P$dxMbUfLO?DFzLuU
zj15h0#V|!hb(}}OEjctb*4M5!&$q*untt8zMQuP$C`t-;3;#~_s^7oeqp2&oZrPDh
z`VL5=gUP>d%F}sdV<kGBI-?p>OaHY3wc^5*xaIYi`C2zkZ=!OY2Qe9nD9NVk{eq8`
z%ha61<(-P`unU~03UQNgriN>3`$B6o8&hjK$LXPUv?iIiTcGOWDHk0=R^#?(mwz@*
znX}C03HLkyx#Wvz)Z#;3r6kB4aYxjFod?b<Q4Ou-TwpxuRx2+ybB4oy(icx<bmiK3
zi@Ifm<;DG0Ql^`|S@XkzD9bBrxem1s677yLdfAg_>%oKvCuS7x=;GXGXkVI%Hl(NR
zo+IbbtGepM_|3(VXOhy_Wu@|HvilOZ`Bda3C2IEj{_<z)nngj%fb1mi1)D{C`6U_{
zi)Q<omlGPb)?@X;5yjGadw)%6EqqFhy|3G7Pvl%e*ogKB2O`T!9Ww(X_9pMc#pkLS
zUj}fJGWA{8y`tqCh<{Kqmf)pJ=32!yqwciTADVHNcXo7WtyEZc)Xz1RPGU>%)SOkV
zFZ-*Iwcgr86zBPAr>$QHP6@p>;)3o`+m#?4SW`A?S+4~~CffJ?%Gn1n26T80pEIv^
zFS8+ux6@ZTh-(cuU4>J!m1XKjMOfn?E)(NMce|_g`|iYV1MfLpmP>eTeD+%xA0C<w
z;bD<s5{*aoA5b0VabE$KuS>OML~hzTLA$||Jkaf`c-fRnf6D6*o)s@gZ+7b6U`)Om
zUu>LA(*#4`7dTsq3Zs)bEg$b%mCH<$*k(foXYyG0MsEenlkue2+~0zbhiRi>Sr3B_
zVckf+Q3VYACkP8RDKG%Q%=i9(Q06b?{2%Q7eez$Fv!b{tji9W8(EoDy|8n^Ma`^uP
zhyTy2OIYxm#Vd{X7R>KV-=@Y#rW$fWS%$xN|Ipakn62N*kxaRh{tSt!fuXU9y}z+?
zW9;~mB)j;Lkc#<{_JTkrq#~rGut9b-RkEgT-K~2DhkhuzOeF=Tj^g*pt^SOQ<VXli
z6&>N|CMS{arQ;(}CLrhQ7V2G@jamDRL_9j!k8Ef;V$uV&YkOBi>aXO71F&CzSMzt$
z?^UXYU<!1{8VS9_Ov6gS#K8E?pTJ&?5MlvvFgJ532BgR8TmzSio~vzSY-r-FuRAK`
zQ9J8pRbaQF_*k{7W6srV%qdw}$%n=M&|mBhLRZ)j8J`X6T3E*S#kVnGQkNw;mfV~{
zwtDGOsQI3F#;#p$Uc)|!Kl&5ZG@cqS96elYvMuq+#hu<9%Ef-#{cx4ifMQA;Isznz
znGcHI7Gn)Mfgf8L6$6NZ71oMXL`B8fScE-1G!le-RJR9Cfp}u%IXm#rZwxU4QTTc;
ze_yD0z^gnw?R71zD%r;^M!FFOXJ0>{qkbNRa2Iqin#%cKD`WiyIkl&C!44{;)5iwM
z52zZF%vGAGpIfg0K$=R+8gS)WWf46C@L*EV-MOLstmjL;?Pv!9&_eLe1btycqkVln
z>oWkNbz&kaxR&JLusEpBda&IK_JJesd6q3+eHFUN7-2s?0PG{^ZDMNuM7?Fg9J>6X
zqw8}EeA$=5`T*haTK1374oDAwY($d<(r0%y|Gd!CSUo(EsE`i|s(5O2k<F4vY-9UK
zyF;1{=x&CQKs_gi;wF0gjC2?mt(AhPKj?Oo-c)&yN^Inc!*it8v)hyMA2Jg&+kfEV
z0g{&vc8X)#x8CQgsx;AY6hmhk5|?GZ#TOo<Mg-M|S)R|u$3l~Xf--PWMI<5`(G@wj
zgOS#YOUEgnYkl2IAwhx5pdF2UJw5NK)=<lPz_%6riN4n+E(HlOjCL8@Rq!sdd3nzn
zO_N@Pn#uL2i`aRy>-7xuf$Vdnn#r=mbjB6dP!{rH4o+cgko-fJVQj2t*Lr)bVC1@C
z)JHz=y3ih?y`gS?N#$$7<JQ&#VQIzeoiFJwWXyVbvOu?I@!aLJq2(?Zm}1gnt7^!m
z<(;lc|1O^;z2cCjW3^x(>~Cy`bsml)^R20UK>iimLHuV;4fMB$e~}^JUx)AQpVQ=j
z5#tU<_ReMoMh<lUP7fmA{r`tk{*NB4jT~tWZ0rs7XkCo-|GH{qPy7G>Nvmq4ulTo1
za+XdeX4VQuCT0$f_HM!vT(JK1@Ir4H`i1u%Av1&^frO2bVB->XA{KY;UI0Y1lSh;5
zCm?tVL2<dLoPn@T%+`0M?0s<rv?0aXd(ptD?Ily!(Ctieyt4x~%a0*xSI7PdHd;1I
zBbYDOwhiyg_x06}9oIg8sR#t*=@_%`TaWseujgB00DM2nzx6^O|Iy}ekN<DAg!?Zo
z_4TYR{;lSy|Gl~G-(K*))r;&u?M2}GhGdNe{~Fc54;-<Bo)xjVp0l2glcSlXj<J)q
zfuos?wT{R?PKfDg4J`E>90C<IZ4mj9KVjv3K~QQIwa<maFKCHrMYiZkR|_B@ii$`&
zo__`zh4<6e0~?FKtEQPo@IC{*%MUSOHNh<|7#^LwSZ}2|OufH;?2-LOGezVaTdG2v
z6z#)-L}{s~$CW(j((`n7(?7pLl=LDfdI(hu<F7DcZ;41OHYxxurjoNc;139cuoKK3
zx?Hi{_27)A)+4J;6JnEgoFCv`1pi|Ve-d-n_0Wh8L9-e#;h1`$8Ha#c-Y*o0fB^^s
zO7B8oM2uZP9e;3NHnUqc$3)uspg>uwg8+N+1;XVeu;~11v`}MB5d3DOBu7K&4;H|}
zkRFH!A?o~em9#eHgrs+MXzzA@eNmtx;;S=6+a&24!XqH#69d&}{S<_drZ=e(u-biE
zrK5Q;|C8xTocUH-Vn4Ko?oa_*u-gPU*Og#c;@EYnMfb_ws@P>pYEc+@n&(R?Ev52K
z&5YyW&7Oecq){OjRb1BeCcu8%`e$MqM(PTBHs)pR14KT|V&tH?XTM1P3rc$Sq&bzc
zrCvG@>ER1y(ZaLe<e|&C$@M5V7<MK2av%^lV`v2KUX0hUI7NDNd=4k(JD)LJw;=K+
z(HcL)3w44*<$ABx`pNd?cX9>>&e@~}Hva<v0R0=D{yD<X{Lkmp-)BpwvX%pqGP<`+
zobx<9J~enDcqJl%6;1kWX%iudC%W3)sxFkuNrt6NKWqBNM3yv)G4>0}CqQ)vvS@JB
z6gv)W$F*qb)rw^rt8meMpZKF^#}Uu;+ecRS=jR0+09x&Y?IMb=o||_f7Ru#fWYK)t
zN|jyaVm%dza5fYLCc2<;VzpiWj`d_pWd$VF47^Fpa^SOuQo;37fKAD0Qvfrna3OZw
zD*IiY@pz9<UT!o$(PwHA4a5p`uBPt=Iw^w`gXfxH+Gd@OS*wb!N0l9whE%#1i7B#(
zpxCIm_9S>@N;cI5>p{Yb0gcV7rnDCHpVT%9zM%P{qooLC1SL=F_POn<Gmu{p@gk#8
z5;VgERZ7yp;W$+H>!#H>W~O4W_(31gq1&~)m=}L`yFF#DKjxb(z*I4ITW15AVfkeV
zeEXr}+XqHOXs2Y%UBd~~sS~fJ6Cl|zXwOw5X@S)pp#6c^!}g$yPqnw<zfLs_m~icx
z@QE*h1?`#%iERuMkCMKBT(;vl4VK#d;*jD~o}DwLP4PjB?12bDu_0@>*rGxmftRne
z2UqR;2El+V?R_zmshtqK4`IKJZ?qwc?Sgitd+EwEYWk47_1=&-1=r%XacvaPO&%2p
zSFrR0n=^8jO*s|%(fcnlTG4V!wFBoyc0Q1Y7<z5pY+|4VRU|>R`@JbI6HFur3>}8O
zF;T$<c}+BM14G7teh1Ci28o(Z;vkv_KdP6lS#Igf=8<^=BMA;!;@G=+sx6bN+SeJv
zthW^rR#7>23Huq&YHLm%){kKLv4t^Eh#%@z2W+7VD|F5E(tZskBGc{w1ts#dJ-|py
z5k*HQERDJ$**GT0mBl|l3H6{L&FV)svNzfl1tD8e?Vy^6Fw}6ymc>KMvSuA9)b^^q
zNzNr>oLq7>*haxwb93R1*PnUO`5Z?Z>E9(Y-sH}|)_5!MRp5<1A+cmG+#52MlEsa#
z|IV5*cv0%2%XYoKeFM%URm7SOLLBu<y&uPWd!hm%&(URnY1@=8%2?5QGiG1C={G)?
zWS-^kD@<K2*lK9%?<|^D{82s+VPizNpIH(XG;C`q>cOcBhYmXCJbA!BPR2lXsA;Xs
zCN!&6U#Mj_AoXO2uLY@{nBq8J-%{UGN*}V<g^3QE)<h*yDI)xgaL|quJ@oZ4cTtRM
z{D)$RFtY02x#lDjr6E2qhA|;4y7Sc7b_8QZTh$8J`cA#<ywOu~y)F^(B<~Eed)t-*
zBoikZAJzF8GycAgl)U%#Wd4t$<eQr^0Q%2VV`16Z3fD&h=|Q_}XV43Bx>>eIDA;%8
zIv*K>Ht7L=LsRXLD*v3-nD90HRQE_TrQd$Q1E#pR9==2dd<LdKHhk|$W_K<b?(Cm{
zR~38b)$G^Y)YDZZJ2ZI;1iwXo0=fRA^7{ny*TtMQNPDHivPa+0>*t*690N5-htV+X
z@5jZu-S1=FW+4$Hh&V%AyxCcP<}Av#*~PWW7H%<j!o{2ahzjtIyAF(-I0jHtAXFzN
ziJ}wCn7&pvB~P>qVF(dr=FR(1o_mfb83=Dd{WP)dtfxY@17b4^)s)mlY`!@`gcUO+
zhKA4*h$oj=k8PpSlUR=@7oU(gj~A1i_<;HgDK(d|a;Lww#KpHZ_~%H;_CH5T;%`;O
zZ)@g2%<y;2j8wK##8gH0zVxdhq!EY=Gn;Q<0Bx8oJK;)NgtsaIrq-B`$fi9*QB7)}
zxYRG&dPn*I`T#j`EHX|@jhc`Ckk8C&hXQ61Pu05`=a}Z9o91}Bo$mJe1ldM<AE+S=
zv`LBb=!pbPrpY&ONl#+FoNsehQ@FkO$@rzjyvUWr){O{e@LV`&@0tF4n9Qm_uFICB
zIdZa!*=s!3$&UONfwVk&5YA)6CO~tYirYz+h+aeBk)8b#GvL<4g+k>X3T3k2K8^)@
z-!Q*vpuX?UqnO?xf>F!O;mmFb!vMA0ZUb<?K$ZQ3Y>S=)WaT0|YLU)}4hq9WbetSE
zM3A|4!~R{qQFcI-At2_a{tPD-bTeht8go?OmTjwWsvQMRcCfk%PWNi#g<sTyFd=A0
zV&T;s#dv`(6ExFdEWPI1`hgXHNZnF>kL?l41hlwwLaH%Ack%#o70ESh5nasvYs79!
zAz+32+-*4Yi~I_qs6$KEPt+?$p%0>QgBF+6zOO5L%7Z>rT#WmoYYW*zTMYYF&+Y>)
zJ5wZ#p+z9QRiO<1u6?oWFoN|y3)AZ0U~tS~njkZy6`EGRH+`z#$(EP$BH{fNV0C@U
z!@1m{YieS;xGw0shSd@zhACqQ)hgn{*n)BNTq=t8-Dik1;8gUCADq0#A^W!;1Kw5G
zNd_Fg404jE2d7h)?u`xn<1F)+iL4uN@3Ge}Kb|;Z^BZLe?}ZpxX0&E8dr{42(A6Yq
z2#NXd%Lnh~O9x)e1k(S!Dqf$&j^534Sfy5Kr!O4NjmLKTM3Ow1iYyH?%4<yznpU6K
z85t$&=|@V6ey%&WY2WByY}uZa2z+dVxd`4!hLu3OMz!F?(~gFGpbZ!8j>|ng>mfc}
zf3jD0729k1Zd$$U7wlul#4825m#tc{1+<T2v5GUI4DUbUy3jOUL6C)R6CLToQ#{N*
zxU0UZXeJzl9;gRs_`FEW@N`z-V0Qvw;h857M9n)%*P2lTm%^B>Mu|!zx)&W%N}hh^
zFo0xEJYt_~*+m&ictS7K-5a4GDcwBpb9UPA5xWVs!-40{a(A^jMuqZSKQjGcD49dg
zPu&(P7e$x_(9XM*zg|!v{lI3Ti}9*+40>81fMLNb7G$vo?pmM>Ocw+t8@Xex942Q-
z^F9tGGpnMqsc05gG{k$<pZE=uJHWVdG{OUQUKBg5FPnXOLX=wAb(^nBeibB9vWc#?
zC@>yA%T)1+YU=bVdv#{wXZbr6Z6+%t_noUrU<TdUFM((o<`B}mfFtbc8s6iyE!Ow?
zm>PFpE%&3?@wDDcXzZE$*~^#it-X4TT(>f!T7Dhu?i!|RBluEpqu&dT0*;L*ft&lf
zW{3X^?k~Lgk*dE9^^G?k;QtD5sQx?Nh&wnq842n+m=dd+8d*#0+1i>}n>hSK#mlcr
z0Lmk4X->+gPh74{(mMO=Lb@{nBIW)Vl$!&?+bs#^=Ew>?G~H6>7ZSpo5fwHmazD=X
zo8-0VUA54eT6?>r`YmXQ#7d&7vetP*Up{C!UB_e712u7GjHN|8e*UU4A~_9!prC3w
zLLEFRSw7dcYh{Ell`@5TkfYO%Qnv9CXYvG*TO=KV(}+V5$VnRD;(Qixpwq6b6^s>v
zlqYxy-6E>CwPKa@xo{*E(I<uP%YZ}_GKA2_PGGiVel!>^(B<qd&qD>z__Zpf%UESq
z1RkUUF`A*Pzcv7E`~m8~XN5J0gmf~U2ht~0dPLb-s(cvcl%mh!_4|{)B3jB@!gLjq
z{2iH4ZW`>>GuCfyC&1AOKk@jk?OJGj$Bja3Fu}GknR7-{*t1w^Rfq8>19}MmSC+Ad
zFImlN!2X%!?vGLrz9KvZyi#CW`Tp23tsFwjla9(Q60PQSq2(b7c#I0~dKRp+<(k-!
zznS>k54L#QZ;4I$?d1PCaS;8hfmE=uH2TK?Dr(uxiy`wc+361l#DS92ARpKLh)arV
z@=VxBm}5;36I1`mf~@QnLOMFr<}?&{ao;NYCioaC%1f+vVJ^QQ>W#b`g(OGCYrf)g
z*~#%Vk;%k{$M^B}qsOX(@s|=KW#fAejf8Zrvt%Rv`B)fu^PNQ(nKXUS%4^gz5{Ya{
zrGl~(7t}-cVglMYw4kV@6na8A$5g#}e%(2@Wd%<u{V(32W7E;QQ%L{DncH6nBH_@X
z0(P0b6V-G}*~&OUp_2wD3Q+#5v3<Er9P-;`mG;u}D{kT!hl$5xLGd5I!L>*_pk?$&
zL=gL-MH()GppW!_3g%;Z&!7X`F+sQ5y!e1;8|ku`Tg$p?iC3sX4(>(8^+FiVZL`}D
z_QzPdb>#(3BZmb)dabX=R)*A|*^Lgd)5dGu;704vufIkC4jO=TIJA`QhSF2}L?0d>
zD1vowt5*KX(rf8D6LkzM<TD~(B}5z;<MMz=6D^9A)?<Rrg(0(Yruah|d+70oksfWI
zZc@+M41Kmu$GW<fU2iWEHGThRvK(f1<KL~wJ?_$ym^01pnksR6%OUbUa-t~xMpv}Q
zB-3m(+#FLUKD-01K;M|>Lam0O_OXrIe;m!saKi=ThZ;n1$Kv6@mS;I=Bgq5oE$Mnj
zXe&G)FWaccuI!TNxp2X3L_bo1<02Vaf)$fZqTclJh=ec`BgB|vSA)}y)v#Z-wk1Y^
zF)(%}kD+;1HgYlI#O4@kp-#bv7<*Q3YnHSsYmSmUbUzEALDOkGeYTUU106PBBc3cA
zc1STdt#s>i9T_>`W9ZO~cxC6YM{~)EC6bZC_8PjC(cE&)NlSnK<wq+SuVnUT$yi1v
zvRhOJh#fa3^SIbf!v)^M#5T!!aT9zB!94U`DWg=6qpH4Ez#?r=DXFc9E>b=MW)&wi
zmzmDSb_a*l9o+|I*etD)N{4}4WQBwG1+MC`M+b)U(kA97iT2eVTqGg2C<YX<QsS<1
zSaoc`5?gFZE_}DJly_*6d5f=^y`2LRwGaeTx>z8+;6xBQWTQ=B${X}wnCWRkfP?w%
zWUc;X(1!HiOHI$#?B5DlnE&rx{HJu~J0JTNcf^7=R<?T9-+{{C%QsPBS{CU$MKRWB
zGOCn=B*g!$f+Vd8v}Hg?Dj^`Ch|4J@<w-H)s+_-^irJtz3gR1#SCu8jm734@Nw}F*
z7#IjAZolfhN`Epq@_4&jdcp&6t{JK+Erih^wGPjraO8t8rd%%GZc%jF_gGoyQa&gP
zl?hZ4IqE?V<FO<4lRLJyT|Xa9nk4Ao?o`rPQH4%zd~pAvc<pHzYcR4ZOQ~0~P{n4R
ztY=ZV$i}L~d7LTiJEt<F5zuR~g5W=+5-DTJZK{rh7urI%xAD*hcPTQJtf?A|mw%sd
z>E3A#?T`#2Iv3Vd<HwGhX(Yyd7$IAeD!|^4p_X0ph$`sBO#R{+`qsgY`N}=5NRN3q
ze3V)^Yn!gR>`gm8oXw-XPsTJj0a<Ox7cpHQmD_QHW;52fYRn9!ZQ7>g5~wgauz?T3
z#nqXUWPdMCLUt5%Vp*_j-C$&hKK7OG4Euy$^d&Y`b1ge&yfp_|UPLp0LW8g<Tp`4i
zaFwB#Qb|Fx1)WzEK^F0~2)&!cEeDGX+n8j>f-FvWLZ`-yVOmb8t{R%R&r=zRl4ML)
zGILocBYC_2!RL4*8UT1(09cgeBlv0I{+?pF<2S(Ud28g}nV?R?sBa?`rW11%zuTvL
zvkSsO;XErnA$O`{Wm+gZ_a5we>YT~i77eD>%hU%JU{YGO{PPgr;Y6|TokW9ufQDKj
zWDTYUSW?ZpM{=7?P5hTFS+BWYd-spOW^)yeUnj*kX+-?XY=-iGI2Hds0Snb2eqk@U
zeetO|C+Wq)bE<}2G&VM&5jXt4OeECA4vT>=`E5khC?CA>BT~(Hk*Qvc*y^Id$$Fe;
zu0Jw;+4^ifl!gm^kVEOnH0@q0twG$Ocygu4WU9&e^J<c|rUpOm-Mi-Qu=C1m>#1w+
z%gcuMbKQdvKsVVGNo=_&dyL(BQ7jVu(RFM@vlJHgRg~*sKl5;8r=yS`oH>JyG*W4*
zW?12a=x8#cI#(m7R#iqvO6yvoDw)&l`3M$#K?<|gj{-i98bl>B)!U@kNqX&y(Q~R=
zlJ$Xhf5^&W%(b(`Bg7%MVzoB+SHzhi6vq6XyMOHTQANa#W>hBU6-QIgqV_P3WG34O
z!cvVTozZgB9u*+npQC55z+aa?ft>)c5@EYo^orawBVyynU~Z%Z{eL!I{DNOrm~&+K
z<4cZNt1^sPfmCvrxgyM1)e+9cs++%FE3W&{vUfzy#iBHFBz47J*{Ys1<^t?YiiTx!
zBc*5)+biC0Kl%dFA~THoiw>TO)-dB&RKn>xSwu%1La_sBgy&aD&%-DqtZ*b$S7Q9a
zzAIAGX$t}bXD^?L8({N&6|q_Y5zRDJN-)p#J=jD$RM8PshD4RAOP;9pH&C0k3<anv
zRqlJ*(<=fMB_Fj)K|&p&{K=C$$4j`WS1Fy-7t_*Mk7GR8SrC^Agg}w8I67bVVlX%?
zd|*Bg$w>vJN;`Ys7aFVcns1E!RW|&n1)7?8!%UyaYCM&iYFF4S9)??uZVT8<d-aEZ
z)cE}8d?~rJesYxaxiNIxi&X2%pPkY&lZaUELTEPIx_Z8=Sv`;1YE<QAx|$~w=0;F6
zprUdOOnde-*@qiyK<S7R5O+0o<AwuS5cBoM_D1D6g;=!Rm?;02N@(pQ6|H_f-$}HI
zUzhChQz`<{EmK0F`8~7ykVbTs`MVMuoU_Wou#Qjz$q{7(_&0e!JGF`BJPLer@{7yM
z+hw<l3V~`{0s-A^D^Nx4GD2I38-tLbf5}=Q9Ls8_UompTki&37s?b_U&>s(r<9Iy>
zA`VSL)e^=A@tfPu)X{vw1JO_bUBPC|F$8d>_P8t$iA_bk$#9F_-%h#$_ZN^Yr#Y+S
zkf;+lqDfDlIDmGOb9~MDW!B3ztxwh4AJNsD4$yFE+ncO2ZHQADh|m+l-(>2p^^GYk
zP=`@VjRux1HRv;$vkxPI?E+hCDqJPL?sE@0so^6pM2v|0p2dw5Xd<&>w-V9Slry&z
zg`^sue3U=&HuVs)v0TWV$4eu$B;*2=zUglo9U@G~jE-?bNy<O}SVlg+Q&??Bq%dR^
zwj&VR53i`N3u;s3@ns%Qa81w9VREOLE}o+6l{9kyfJ{C*|077Aa8t0ebW9`J^#Yr?
zCO4E@%q~m&v}@$l0!Bw?N1?fNjRm;M(SOE7_e$w3D|!RjQ3w09qfD*BTAc3+V}3AT
zVdiH<z~BF|KU5D!=KVA48PQuYM|-MN5R9t(do8PrD_}oM`xPzvlE{NXj$H57;FY-G
zS65Gw@F>c162~L{8z9EvcXquOHLPAn<l2Axsq>R>>&vGB{dXZr;+MjQoBzlb!$CT5
z8ymtgXJ%-Jo@QO3xfXanN;8SE%ZyR<_N)eX1RtuJ4yxGL2+*M^vJYkaH9oF^AiD{{
zs93)yd6v<-qUUHXVuz#94Qq$iu;vY{FAiU(H|FNx;h5eh8`-oYH6<d7%bis89t6(S
zkdgT?6Hb;bBrA~h*{(#2-7+XT#+D?A(E4}wNhHfPIgsX}F+7?I`X^OyqLftKSsyE|
z_$Xf`HiUaK+{E!$?;Eg!1E46)S`Cx2Ir9-bD<{lV2IHe1m&aU6nyx9{j$aTQy$J?&
zmHS0nT_i+!=fKTN(#1qA4X14pVhxRY6G?M^Q0Aog@3t_$_|Z>lt2#dzOkV7D5KyV^
zZBQ|#+Ugt@rd}t4l1ov@g5+D?Fuv-3(QAgs1BV*=XiofvYdcnH$+qW~)7{JM_S2BB
zICR0x*Nt3<DhGmC7STw7DD5t)mG+1Tpu5+%D!+1TG%)uhI;+7_@=r{k{JrYyW@<VP
z6UzxlqbtfQYHe%BCAUqqee4t7P}x!M%PWx8#PB_418zKa4()TJJ&YmOs7_<nOBBWq
zB)9y5hf?O=eWr-tfxlSZi4f-ML^Db1BCL9ju4SE`sd=a2FR+h!xfeE22GRVB4kZJE
z3Uf?FXG+h>FH^w;b@Zwm?|+EEP?;DLJ!_~xRdygOMEK|pGHa=#MjS#?KB+7hOx?hE
zDrW6zGH*3HW?kGIntk991`Ymf*}<eC$xN<66v?AuFmJ^LqBwpMj{a?ZDCM>oz@pxk
zMcr~Mf>f2tP$@pI%zWmKh9>PcTKId`{xNMQs<Dj6zCkfkg`#eypcocW@~AeWb55+V
zQW#!qr%WCLBQ!YZVp(y3^YO<n^Hn!Lgkpv(rN!n0zwXzx=UqP3l%r{$MBl)eHNSK*
z;c__<ar^Q}uT<6Yc2kv9V5^@>8xd&G8RH7ys6wW4Hbod(FH(_>A<R~cxr~$w5d5v^
z(OHOl;Ct?^eukpDHXNOHCtH=ORoPrQX4Pi-oopo0pHq$}%vo0PzQ;0^*s8fR&Qq*@
z80GYGjq+?S=3jr{IZ@3@cGB6)a4by09SRzQu?RgEasPm-fF!u^yxqnWkS>{QAx25O
zT=+rikJlxi3=PU`7c{7aGp**GFU7HtWz<1-Ao`mVlFqQcjpm-iZlLH^bp*Xx6ZE5A
z1?)s20sbizvYZ_>z5#SbClp{uUaDt_e@N2Own5;rDP7K>6H!7yV?%Tsl%8l1Zo5P`
zsXKGXI{dKuU6=vxGj>Z&y1UbQB{nc4LuNs_K84<@7-TW3gcHYSx#Lc=c1|S~kz#FU
zEE%g9&7<zC$|FzC<lQ%dR*HqLc9d~`t_mDSjLMjzMZH%5#|gq_fLlwP?$j%p%%OmO
z)^(iTRP5ev8f}$cRrXO7%!-;46Sg4o^6@)=vhMO4BObK4(<aH6+ImM8U0~rBqYqO^
zF5KLXYU?o`hzP12OLbcJgIS-cMGusXuS$S#bj!3RLi4BnEHeGBjR3=jz$|ArOAMR-
z0>$k$1~}Y9UaMF~*ffh+9t4Ym@xvK=d)fqVdu6Q?s7G41fcqM=b+;dpGWsWZpN+^{
zX7cR!iVhQc=6B{xb8enUG|4zK^hk`TVg}a8P_uQO_2Wt1+Z!ZdT*akBhDPLQE|O@f
zXXW0Z<19yV)HXjIG_j=t^Q!GXfN;Ai9PT*9eYMxhza%UetT4NUld7|O@wlJgkMxl-
z5r36Zf58F0R43o!Q6_(hP;}EZkU3)bAiC=qwxl`Q$OJzv6z89`HQ+)`Z)bX_4Bo40
zQMYw@f0X5#ai>=KDzW2`Ud)?Wd6|M<$%^Xl48e(PM$gzfNnv5b4w{1oTQtGJ1{=io
z>Qx$DL-Hz3Cf(ERWAG6O=!5!*((q|1+~5JCz?3<I=#=ysd8UHNQF<p*7P*zB&ttMN
ze>zCDhgIwJHkTu0C?I^46NUxinUvrl%7zrj=%<X5yCcIq<NNPzU2B<|-(Nk$1?@l+
z9rNAjK!*gQcYQ^E>A8;0KDB62fyQjF^9KAmek+(?I0nNOUN{a8v&OW02j@FHCFuC^
z75-(AQ`tLw{pA{ks~#x3?KW09#Bc*3_|y*V2C4%;Yra4oa!c8y6A`&UB3!94+keDR
zv`nJ?jw^uHXl-Kdv?sYtaXKs0)lOj)y*&LTC>FkE`<oL7fo|`P7aJLFFR-D9z}zMM
z8QdBzn_!Z4tOd`hnB~_l&+govTCh2cGA8UTOdk6OcH@j~bkLiI^%DGPYN0oDxk>4Z
z=xZ<w2mt10WvKb*XuPQyPc#-)>?6hL%K-eE(Q6$CRbRlwv6TZxCk{;_lSYGBZC=Wz
zpBNscfCSrxCW)f=nua{l-J2PL_2wgPL3RpABFqo|Q4nnLd&K(dJUuJ%>P{$OVb=u3
zf<!J&rAW|4J|b4Q@Zv!y*)S~Ha4h42MY0<+3hO8%oGJtAb2&<4p)kpKe=^wY1uA7k
zo))9yN&lO<<B%?zP1I_!jyQ#}jf<Q5Ooy%egCR(r*CToCr|B#n%|{thuD!d}Li-)b
zX65yj_3~ybtF<l@n>J}1o2}+XFAop*X<o0Tu1-ytqNk?Q$qk2KWs;*KJ_g}S>q03K
z)2Gi$D`AejL|#)v0PF%XRzgx%hj(z+^5b#)UlH8W$M-%P7)nneC9maZ<q|gK9zy<V
z{kf(IxfF|GP9}0!J1VjjPc=*Zys`n@LfphWwY`G%WavH7uKM|8tRKLCd7}dUg`ELt
z00053e-*0zU%p%a<@EoPO&7E@GqQI4cItn(N1bXAYD!BepH~2PLBqd8&IU+x5m5NC
zdvc7WtN<Dj;i<R%SZkwG!MHItiLN?-h_{(qNU^1_(lmO^H;6YgOZsERi%F-mI&ZBt
zoOE4DKatdac`?xg0nxs^KD=#jyj}7<WjIW~Oy3?(Fv0NxZcE5h*Gw#I*e=u=XtZcD
zz4fo=AXsk~R2IwAvJSy)IG%yQfC%KcR<jla?xn3@S)Xl|i)w*z0QLqo4e?xPVm(=&
zEico`&BYa++FJFWYmvdnOf++};ru47X&J2Z==X4HUR#8ohp;FzYfZCI%V^fHwjjhk
zO7*kr(sZ$eA8~RThROM<n^d_Kvpo*m**<EA*!Ej~Gp-9X+ns#})2^Sz@pgVgZ~Su0
zlEb<aW6gZ!vMtGBE7j9&hcVj4Lt#N>auGDcX}lS#q<=kX&~n2L_}za~1fU+6_N;lm
zMK9<H7A62@{*RSncyPLu*^l86PDlx0RH3(f)9ztuGU536HkuE)O~yYhXLT^Go*wWH
z46=jR6L7yT+o`=!%<$#{-hR2zccj8iTM+oZi&*H&F_~%kh9x=Rk*DWqp$!mnli?+A
zE40a`iLFxp9tRntO9=Kmx}D-_Vu{iFtV`L<C)us)i9bNAnjGX{AGe*a5UTXGjXs=#
zc>~?u>C|Z0`d&&P<<Mx|A5rL8BaDT;aN#7qGNtZ~yJ6NnNUmrHk_0}%K%7#>JUqKm
zhU^KXCejb9aAARSk|qv5qT=z38leUoh4MpzB1W(qJRwUK1%t;6^rr2ddnOy)1-G<~
zJRa)TLq$I&&RoQ!lGxVc7vxE){x3}?9GWyK5gd`~(qYbd$pz&`uzVy4U71z>Os^)E
z3a4QwkaD0BgQW58^A(nfcs*IXO(rvQ5LJfoUsfqW?b_QT^<DQ7fS5G(!^hIg+Rh|V
z#gYnGaX-Wrh8vOOm+G2Lo%!_WdYfQX%R{!^0NtX>SD@FL9Dtm-l`}=T#+e@q#Qj})
zt6~{XL5w{-p{dr<o3VM!CWpk8Pcu4@Ee)j}PA^r~R@wTbl(P=De!NPbB@!@tcUaBj
z!qW8^qomIe%Q+K}Au~fwU@bzsq>JMfcFb2<FobDk(Xg7Q&IVXX{^6lbN3`x+q;P@K
zfSU1R^%dUSC>&-gjSqm-Ca-Z6v1Rtq-WYNzPE9%0MJYm9wS<d5320|JXgx71$T-FX
za(5NPWSBSXswl*7(rXWsIfqxfqZX9sN81ZE_t4BlRo#eHK^-%@FdHao*@+^qY^|?q
z)A%-$8?LcoS}ii$ae6$sHmsF;^9GHfMy44ux(+HOlRb9EqqwRP>;7nxaOQx?#W3^8
z(Py0+9sX94U3NN3cv5{#WA5xMN|=Zu+(m1UB`Pv*jEC;Z_c_rwHIoVaa;F-Fc2pAD
zg+I=XhGL9HBN)VGk;2F8lN1n3EU<y%>NyVfnX@K&Iml%<d!Q09jm;ph3#nrYaoTtc
zg&qJ>;DM?Vxhd$Ixzq75Na%?%V3<6M6gS&HL&DIl4f`qH1Uw2T%<Ks>dvK3VeOm@?
ziC?w-k|oeOBGxcyb=@V6V?GwfV{D|X0Po1`OeHGg$EmKz0I_>|?P%j4QLqu^UYU!P
zw~pMSR#67ZuTKHj{g!Ha(l&4RxnzZg&urD^I<>dw9P-3_vB(1$@N>}yut<`kx1|9C
z?I-Jn?T={06S|d~jGMY{f&!dBaqZVf7v8McDLqD-=Tjq92yvN`TlbzNG&1Nt$nqKb
z=N%pMhaOpeyO<P@IFg!UEuhcC5S<Gmcc|vLABH9Ia~587@Zeqbzd^*@Sn7@g@2Zz*
zT|w*uAquo#^ZVxAKM)gvxYTYLDPFpIn*3H1gvT2aRq_PKLs4_Hd!=a6>@j($Nu=G{
zh)KjQ;+f>y@b^&m#D0?J+AQ_%kw_65-!(e}=87pf3y2rueuLn~x8dT{#))rktZ1o{
z&)fr^h(VP-w&FotZD+hmCM1jovr`y^;3kHbfjVc9nv6Kz$!cLa55Qt6o@Q#Yq-%)%
zv1^aShRof^elOAOxk0aQ4g@-{=1^pWwP$IybiwPA%w3owVV%yxgqp1G0iB)j!_)oy
z%lG^bknFrOvk~Xa!0~n3YP<o1x;SslY>r`^vv!>6w%e*WE%o-x8b(Uj435Ni&UG(9
zmKALdSw-}LqiZ)5lWPz{+CO?mkMwn<KB0JH@~t(Yn1g%gh?I(`69p3yOQAt?l3_Z%
zs>+@iIz+F~0!O!Z2_%O#jQLVj<rHTOmcf-jZ<!Qpy5%2QXgf8Hp`|}HWM3k}l2+W6
z*n%9_@>AF1GL^)YrGD_luh4bYSck{_Io~voZq2B?H5SJ0hA5C{BcggNMquz7VVGf_
zXB0&jqQ=xmi&tl?Zyc%1pd@z`m>D@{O<7z~ofDW1jk3RGn{UNZ$CX;)-l2bbj$Z(j
zq%Dv?IvEQ${X}`!7Ot{H0F<u8$$Y4cth?(>JCDystRLq3plK@~jn=q*f`L8&fWOVX
zZCvvR^n5nW_of{*2fjpK>sEN6xi9V7t^FvY!zU9SjSaUqyZsJ3(tSnYUQnYhsvnfY
zK}oi`yxOy|mZs<)b#}{D%s&QyM7>}uM}ho;v!~wokUw<ykhg;!Ue7FsbCQ7FpDyg6
zkSxBsosMf;gwzJz3IFt?iuE!}{G)h)Qx<jtlmv<Q>i3LPc4r2qVbJTSGf4GzGAVGy
zCC;QpcTr<yW0Gb(y>1AL5!E|WBKws#*p)LIcEUKJrnR@mvKG@jPl5M-YQ-Sc$-*#G
zxmKE}?_NF~CjI_X2-HY%Mb=U#PH{wri89<VEPhpw<eWS{(la&Pb0x=x%$@Dh!D;>`
z21lZHGpmrz+%)<Z92UWTuWb6hcmh8DJN5^&2k$WaLPY0w0uN@q0j+U9yzmGD<Q6tL
z?$%%;Nqw|IZ&+NQ=VtIYrKCh4Ic(UT+Ny@KLYF==)#ZaO#&*4*C@R5k%8L7*Hgvt{
z#*E3lvc7bb{G@vY=0E~55Y!#SU%tWu2O3?`1^5U;KZXT#BqsMASXFi;_9ajpc02k2
zt+6Yq)wyza#f91^g|pa$9v0~25V3{((OHG;2hkUWZsEsp`inyN_VETA5l9L$dQ^Jz
z7HRF>3NyI`AZ;8!AROOj9?;)i^7Mzr2ij!viqFs^;y&fo;&hRnL&smpA94Dn_dO{Q
zV>+~H-EczogKuTGjeSEf6=b&?0l(LaPgx%*@R#U9ixT$2vv@GMZ8&3JvAaKp%JpW(
zaN?%QoVUm6+r;Z{F{xYXU7o(b*@|8Y`c`4btz%HAX(6YgP()3@qF@gXt0V^)2ZssP
zAEHcBonQ}sEQp07$6Tusv(tUC<3>$Dpd@5Ka!0IJWysa!Q?V5|J01iA;%I%&WJJ-D
zC@tFoMjzIYyjTWh4%r$b>qJbz9R%G*?VaVmJc-4N+zNauW)z@)6oUs#*yXc_uxz@f
zOmULKdhF@hm1BppLS!(dgoA+x+H9wLj;%CbTRnEVAYpFxB9ZF`ccN|$K7j*rc*M0k
z47yVvtUk$aPkR4s%VB#XFmdQuiRNyjWZoNo4wWig4$j^+*}rAB?wh8lgb%((_U=^&
zK*)L_d7)4vVck`IX8A#C(oK-;rbZ6C-Ta&h+{DfaYdLiq*K<e>bKVKu@UCu0kOW^N
ziO|b<D(8D9AL@?{rx)lF4aUwJRqlF4`JR4Pj6hm$E<g1}xp3?Ar(w_i)ZES+UQ#IL
zmU%yW&<ULUn&R2tPYaR|l9gO7UpKzbJMxD^LGahKE^js@EO|@eDQ1wXqWK;*U+nwJ
z@Ifz2`U@X!x>M=$#0dWUV5zJ(rl4yn@dOLTiyO-D^{`_dI4N3u(tX9@lS<f0XfY`)
zo$s_J4L5|&5(7aR)g>B7Txg0Tu_&^8go7|bv-Rb&Lbq~eE`7=9mhM7W)ZEPqX=7bO
zkt69V)H_KMx4GmKv&M~U-MH=kijq}yk!n8%^5kU}j|XXI{Ak%+1gvG<dny-8R)wj&
z1?o~oNqP7}Nn@i0+EP_X<U*xN^{;m0n=-KtjYfTg*D-D17oClCKh?@yL)nas!UBlY
zVFSmR?307;a}gP&&(n_&7#}>JH&LX|P#?Q6pQ|9-Ydr4GbUcO<=j#Z6ZLl)7QHPqb
zUUe|13fCy&5+}K1t4V$754ykXN^<wIq0+ZqA^(?lh39|xDTnxPOFR^e?3|1o9Od-v
z^{oD}yyK7RnJo4a%GZY1R23RJD18n4Zw516U+5ucY(9$|@y<&>E!!FhFT-UVU0s);
ziOj;n=mD?RXg>VJLhmr8Muj_qM93)2QhV%DyjPq3>Jmy89v5TAH{$RNx<<82w{?%K
zr*(&`_p@%FFR<Tt&p7?UiY^NsMrh1VT1+lVR!ee6;H{kubSY2w4=Y**%;RqAI&)jJ
zXX~x`D;lB0z3BT^R<erWX|1K3+FOfvGT3@SDJpeiMg6v%s`4`VGX5va8k;+(747?w
zD>jXX=2I*R&JlT>I!#s^6IVK|GI1vMNu8zEXH#vJ7^JE!^9|UO4AgySG$ysbsOQQC
ziY_N!KQl0}Y)<4M<p&VKcYp;4Rv6j)3)h(rLng+9wl^C?cFyU{Niuf|-SHy)tT}_~
ztJ_vDbyBiWp~PFlJ*QbmqS-|30)mh^@x#^H(2<uAG+QoCHRjktQp+v3>kP0CN!2f2
z`ph?Wt?SlmxC3!BkV#)LR;ft2Ww|VvA+#ZZvP9|Vi3gomyydJK92s&H(QlJ7i_F{1
zQ-T~acjydg*sfCC%%JyL{Dw7Iy9f!!=vxdpg!`46pCrokINPkug;^{h!`DaVAzm>B
zZM-F?uUZcB=EJC;sFKGFsa1X2(%5;s;`-2s;$0yyAaD@fiJ`^N^}(Y<TbWX12>t34
zE<2Q08>Q@9f>KIJr<9S7%0r<XF>e<ydHYSKr&+o0T2b7vq!m82jKxB0M4?`TRA@OP
zN)4tf9^6JXn`*DSBq((TNn#~9d*ck;U==r(hUryV!$3Bo3|K=s<f~6aj0`ph?WOzJ
z259Qr%hN%EN^41n^L!7^$b7Vi*#bk;o#OZlbV%JK#k|8g@AhrI49KccOWa<OSUTg2
ztQFZRvTjMbq%&>oTjsz+8z*{(NIGKsVD2Ftp2+PqF}Kp1A=^AE>M1IArR^$~(1SFP
zm9e*sTyNB{@P?l(svPOw*_kC+t^8FA+G~o{$2N)KSTud4E6i3}0CSNYEklNc4`x#D
zJP!OWO+hASk8vRrAN%el^z_9LTQB3_1w-r`1S|T~hc<m~bxAQ!p-2R8<H5vVTiHL}
zN&xIV7>Ox>W#N&jNPZL+!xi$z!AjS+I!H*s7Lt(U1r!m@>yeO(&gY(>_p<Yc>h=}K
z1M+(DiHuo0jclN#rf2g)Z%K^s=x+|oLaO6kRqj54JXfsCvUAMR2A1KZ#D+L)*)l9a
zph*IE6jTRnoW{)uz)gtVmO2(hOV_7ocacqW{9Nbn!`KnbqPnUr+%)Gx4iTb|5G_bp
zZ(2A>t)O2!fYm28Ppunw)GDLrG73x?T}{-oAD-tM4jPo1<pFXRWcHX~5TY@WY(C*3
zbRSP>WH?wnRpO^pht3~1<FR{>8Nkv6O|?{eyM^rpK^h+_D&;UrpIYca#6iw4Fq!1>
z$2t@CYPwA*@R;Uum6#f{7(|(5W!A7$g@(rA=wCn^FLc^?<Ve=&W{CEj^`5&m=MlL7
z+TTUj$^GOfa~-Dyro)ujHuZA%A5G)_dUK2Zr1B(fpyAT+HsN1;C?{{VOuXp$Y$FI!
zT4Z+e=qj<RQp|e&aI9ippq!fH!OHza4<zI@2zd=XP72v81~za6An^-(rpE6`61{o`
z-TWEvBnZQektv2Rp80~4r?ktsBY0>d=5?IrlRT6#EQGZR!FxT(Z_I<{qmo}2|B1Z2
zNOf*qd2N`Pr+v>NpI}{C(kwGuT7(PJq_Ut|Y}!(q7rPktYJtpfBUX5U8us}!j=_(O
zGy#pTZ=irtd@q4f*uY1~P5pOC9^wf1kd*N*K<UK(k2WSnFfo%?A~5ucdr>(0+ohi1
zvn<{%FkfLWI_s7LBzp#VW<4~dLPR?TdHmU)Gd;&Qu6KubfpeDxQhv&TMgM`HfIV~|
z5umXwcwBb0<n>GsMnh@;Ungf77S-DIaZr)2p`}4;P`W`-hUQ2}BO%?L0|-jT5Tk&A
zbcYBCA_|CfNp~}Zlyr@N@-pWfWe$3L-skzxeAx40{nx(tzOQS~zVEeu*)PFXDfl~v
z#o5QKOs^Zr{GAI)m1vdWak=s6(JVe?1zT;~fh&YcypnMJ)vLxfLz+1|+>%8^Pu0Fc
zzb%{S6(no}LAd|??z1;e#2P--;a5NQP40*(uL`&Eb$11j@V-seUPzIRk$Ox(v%kF&
zl&U@1IuLP-TZe&xz7pmf$U2rM!y(J-yB7j~NA?wTZ9X(tDcRDdNHly;Gfy?4PT4-x
zbV0mja@FJ`dkHlIyN{5RlFr_i{o|SKEk0DU_C|EH)0ZL97(PK;pvlwTyL?1FzB3&b
zv3f?*L`hnwVNLY!cUh!1gBCMx8l@-g$G0j9!f*v(k%L>}7z{Jg&fHO(U9WnYaS8Ic
zKz#4_-?GX?XC`)cd_02k%61NZBuJ92$4?+q9vsj$pNsZ1nIj6Mfps?#1(Hf#WnMXD
zw7u29Pbj83#gP+U8m3S^Xhq1S8o)8cB*|pml#>a?Z-`S_`E(Ku-@uw5u`l~ZUPqsh
zJw|Y_&1l_J$8>ZkMX6plVS`~&HvcW0_2HdF9qmyjVuzB)PNTCnLS22`Fh?n2V=A*K
zJiNrLRx><D94CnLb)hFzDO6akY*7YL;!#FXE>ugx9F8>&PSAOcs2cXF*0NOwK_TBQ
z3B*4E^rEP!G;|b{8Is>ET+;mfPvA#c=Z}?2A4;9GLXNRv2unC)XP8N|Ff*mY+<o^0
zjIvrIyJDiwZH-R(VM;pcP7`lq`K%NQVW;PnY=`dHIlYor*g3a#v~}aVDxJeS=Qf-{
zE6vVsY<uY}6?^8`ojbLHCY?_f^&~z>=y>g()p8u}e;SxM?R|=}Vah_W+W(G7K4G|m
zG_k*b7n)#av7c|=BmV%Wes|oTRNi`JtZjJ^d<!PWYBI{hBhn`-4z|zss7izNs-#|d
zxJGEAt1KE^P9Ekw`qjhD6=KO&`<%X)Oq7tCnsyiO>XA&=QcG**Qj1J03%T|S93l0!
z`kuW*Orel<Q&wdwnWT)$?awL(*;OVKD`OkE0~IAY<pS&YUC)*J<z%}#vl#-g3#zh&
zW&E{i$$5&$+Q3tZuR>#}`}(b(ZYEaHaHl|RdE~YE!Q)@ah`fR~6*1aJTS`5s%^260
zHFXtbjIB8Q?XKHmijuoCf7)w0Nic`L4<szV)o+^Jl3}do{;dD{qm+C#l?X0XQ3rFX
z2|2STUZ(18lCgGEPgHtlH@W+RT_71RplRa)wOH;Zv^otuPv1el;yj6;6^YTo6O5nb
zuXyYumc?@PO2%3D&AZD&kFF~1xCc*-G{icF8cm=zCQ^>je!LbhK4sIz!zW0}MW-zw
zZPdpu#qbR*(o~4qg>|j3q12+>(UzR$_4NvFsv7QB00vVg7jt9oEMC`=H@Eo;#@r9@
zwvB`}Vu?7Sb4yT0v?}jM8v-PjGHbU{X&TmO*_;i5^Bf9Kt)`T;TZnZ6eR^GP(dyj~
zWb`B?gRusjJkTWi!jv^pUK3Hk6efjoSk;o<o8Q4p#WPS2*vQ#RNTAA^ESi20g>pnt
zEXBFONE-ISY-Qz2nUI0X6}`7iI0QlEEJrOIDd967Y$A>)_f89(?s++q2(OXL-)rk9
zW#bNR!^h+;7ZPdgRgd{#z|fSWfO46<KHuL6qG}M|=7l+rLqd^Ch;x%^O)?B)L>Pvd
zJO{mN21*=CF`BA;t;6stCB&8+in7s~?SD;7#WGZSqE8KAAc<*dP903Wq1p(6^a+P3
zt?7m<)!{4wx9^=SSUa&v#c)Z3lVFdo$GxFuD!kIOVYQ3}pgV3agTkdY<zn@!Y%I(5
z=qp{gfUrhzu)>{(x0TIVp_GD2O~q{fcL8iccu=~<Bk6!xpaaCo^C~_tJ3v}&cP`R`
z4MXkdorpZTmwt7{?tEd6s1AFva*@@5f>ry1agmo%x7;dlUBB0MsN0+;_wI32LARB>
zEVbCJNe+{YHoP_Kc^W<Sm}cWUIjITdAF;=YOYkJ_$|?>6F(p9XZj#^ue51rl)0xUe
zqI=>2qyUOhb)cjl4X2hPMG0M<kX|?xLi3@>lkH`55yb%se@meJx}>6zd$yq2lP}k6
z;^}R%nBA*cK=amKg6(iLU}$E}p5aGr;@m)wB$HzPcog40JF*h?&~B)$b-30iLxw{Z
zw%um>KH$~MaI+fKdde;4U=?w#EQ1C`xCT%!mZYp=-E!qhiuDcsDgi1c?;5na+}SQq
zc89@$91s}a7gP^|-wmD+yt!}jX>YGIzMX&tNbA7T!@rkTULX|rt||FVUvK@aC?)nR
zHGEy+gmhZo;JWTrjXN2v>ot^hS?Sc9M)^y{@^8SZ8p7yq^}XuA32Sdrv`O!Ra9xfD
zPiFe22jmVnXl%l3Wo1|!($_2Qk{cI>QkD}R6M+fFmQ-ufSVlK@rVUK{U)vv{qD60u
z`*Nk`$UK-hJ}i1_K74P4Fz=(nvP_FA?)|uJp*XEqVX3L+mJ^d&lwjy><=I2wYKiox
zf;ka^Ou+ZV%tT}q43Q(1O%&I#u-3Oi;4%J1+POZ}VF3W~&peUPTwKaT<`>Nn6PY;?
zH_nG2iUVlt!~I#dTcvY#aNBH>K3Ul(Mej@sOm(4%cYD{Hz?+!q-DJ|7L91$CVi*$0
z?%@g&+>518tG58hoM7@Ra$YfK9UvQmnC+k!KJ!nbEA;xq^n?w!_ehr#NM&U8$Clcc
zHs%6JS$iH!up{Oe`GKL94-ouZfQkEq+wKjwHEP;n#RH2%AwdyRLVoe}@W%t3GN`Mn
zu)E&L5DQBHCqSi>94f90=?+~};IncxrvNpKv|VmqwGF<hyD_6aw+5exywla04I>xP
z=XYK5x9Y-As2q5nO2d0|71fV3+*MMsJ8=?v`XOSe<wn%o=H0ZjEs;~I+h`{>b*Jo8
z@c=$Kp?6iTF{*}6U+JprkH`02^FA;)Qw9dqnmPv2-S@#hZ83q*jA#s(<v+XXFh&P^
z{dwSF=e<cE@HhOEJV}}p&TBr&!T}JglPW0^tJAvVFQ<Jf9VNNL3?7#nq4%@dV5gU3
zCRxAG3<WDu%;W)L^FCEIcWT)9(`4paeu=tCC}Qf1xpcUPvP($PLau)@a|*(K8Hwtf
zh3>%R39c-~LYp!34c=reJoE^UKGFvYnmrdDV8$r0v#SZu-{`W(9Xe(Y8~5y5GbG9=
zR&uiLSzRT+qqV7lIM7a=(Y`lgYtV1u8qw3#o%~YiIi~8@rXs8%IhRM&iF5iu<Ltcs
zh;<hwU_p06d=i5TK?`Iom4%Hr(aZnvQ$ru8Nb2kLr%_GBSo~fJ&Ha<Xd`^?STfNi|
zP%AZz?rW3K7SxJ%Sq`_GYH{-4kmFq#e{B-GK?G~bxR)?__ePWTvOr5EJL{55^yE`H
zuM&Ymt(i|aYf%El!q-TA46QS8Q05J@A2}$9`TKogwO_*In`+k{=~$$1)>=~YsgLUn
zS3U?se~;6#r(JoVy|jS=Ne@xId#XWMy1?^gMeBG~lY{oat&~G^hNb;|-t<bIT7Y*z
zT(u8%2kf?ECx@^)&5oPxItJANdJ%@M_$=iMeETeon1iC)uSrq8kFF~@(BfS62-Wv1
zjra8cd^>nRUEC0~chx4KS`4_Be);`&;RA{#ms2%P&Lv{`2bVMm+LY77#N@^?o<!h@
z?;D)j+t)Wj{(xk?(d%X9QJ5mgFWq5#WKV;pGbB))_s2Bn0m&rROXv*1#yI~Pq1(O4
zwPAl~ui3Dq+K0<JopK-BUqlXu;<eq7w2lp3qkLS&pRH!p1^KKxWbyF{4#fcAEo-?b
zo2Kj@Hebs9U7qUa@Rab*&(ed?5%bgoutHIBQP5CzP@HU+mAyax^scf^eEsH2qLYYs
zi!spQsfp+4W7j+?n#A<IYL@608<K@<52B#&)JLns(*$e-9KCi+1PW%oz03CetE=5h
zQHr0u0Y$!CYckq+C;dJz)**VzwQ&*T3Ux)3benobmq#(}RTSd4FhHm=C8WO$IC2UQ
zb*(;jOcRewS+84Ow({*<x)ZCk7VpWQH?f?(z?uipdaUoWmo>yOJ=t6WQQ#Wx!lonk
zntrt*{D{ksM9L;i^S)}3^Dv0gA-5bW2QKGgd93kSw`HT9DIat*W5QV|0c4YZD?}9J
zvDC{y30Ng8B{RGufhwyj$uha50+~;~p8V3ef=^i-Od?U{?}=ye?j$-rOA$*^IC=d^
z$!+XT;g1IOKAnJ%JJpNSI~t>%ZA!r$H(+_1jw_5tep=F1nQmwj&l}lUBv4N^YRu8r
z^}m^k@lm|A+!c_-H*8+h+6t!fWzr+$@W@~f)o(80gxNLq`Jru!JZofJkCr?!0~Zm*
zqpU8UsxLo8yW~XZSE6XpVv>D|4$^XN+b)*qfE7@Q$2YQ61BKn0j3oRoXDE|V8#F9Q
z`o)LbQmRp!#i6;4+cA2p$szc~37}%OXPYc0ffg68=#wgTAgtHI3%>+jq=us$%ttIl
zhivn`59EC6r_6=fx=peJH>#wZssJ|Hy&&<EW~VJ2t@R`|T=Xg<v~3jnO2cS?pB|t8
z`8w?gOkn50C_IQLzZJ!OV4CKM3FoIWd{XtA;92~66ekBd9sAZdP8c&FM)}dE@!pQ8
z%*g%B6x^(UZ=z!nVc&>PI0-VaFr6@~nOv)AV@mmZvf^Cdo?K$%AXz6$5T`0SLHpx2
z$LlE$7=5}0t(6S7l39%UYEDjCEKdJf`8ZdaLXnkfmthuxCjKFdPQ<ahpW<=}TU5#H
zX8d+!d#{8hZJ~Zc9p4+hdckK~>r~&41B}IIISSnHXZ@sfw@5s$5HT;DoK!_fqa8df
zniB&t?0HWNHO~dYgHk5Dn!~*321|%cEgsX&fNSJpj`;7aj$men)@Ci#b0{awuLaVl
zy4LS_MnPd;_K0*_JXpedb~DIcmhKEQF)zAl>O=T7>7T`E-;%ZdGF*Yau}z*zfW!XK
zALeq2KaAMUF;}F$RX*58dr_m(E`cXK4)AEyhW&*|t2=QKg~2?vdw`bXq~fc~lLKGp
z-averj*2t4N*cp7;?hVcYC?JwXK7H0GBx=)%f`j>9$~u*7Y|rcnpV23a~%?fOqb!z
zEC6i8#!jw$dZx2$ifdDBw9fy+By4K?%KH`njY1<?>rquyuhep9v=YF$17rN1j(qFF
z!po8n4$`a{mu=WIx7k<X^km|I7yVRPT3W4fq_5R(-X8xv6xJ`6?Mkz3d&@byNX=?P
zYcw5$FxcG~yft0g78fF4A@WKSext+K_8EMze5y#<+t`+KLRK+16|H>C*L_0gbJ?Ad
z$;$!<<1w~yyS6!}h)68TnO8aikruW-_2zFTJiA*o%c>*&cBSJYvm-6+e1=-G1jHTY
zc?Co*%Rv%<wvH{($}_`oQBaJ|-Un3_Q7;iAkZAvc7(RPrMA8qM3lebnyTf-@Dl+O3
z!Ad<B_^jjLhr@Sr>cwzmh8qGwbFRTNcI1WdGdd)4Jc31qoE|}XJC_JHQalp(?V<xR
zSLdG&33$J9kOp0JK;--m*g^1j&c%8*q#tAWUD!W|ZiF269hP&p1@PCsLtJ^p(2>D4
z2=>movVIx=zmRw?=0xQ9K2!t}=Uk7@8ln(@oZm$tfH>!>_&ee+JkIap5ICH3ZTutd
zPdLu+f)OyBbKN|<#fa1VE9sxXf1`0OdLTnh5Gb5;x%{gKQcc)@2gbRW9GMe<s6RVb
z<JowAJ%FE*|Fy<*(HglW7y%kM*ZSGM(*M)?B6i?n66AJOM0fGI^yz*|@?%lz7rn+8
zjgg!47|&hLj+hyKV|?EGdeIQ!@qI?0O)MlqnSL@v)csvFKyI+&LkdSh8T_>Y(tY}M
zf8WIn$YqL%My+!hvi|ZEf6DOdnSi{X_|Hk^&HtZ#FO)o9JZ0nsO2mfbxqy=Y$@=e$
t@^9Od7gHfW-ViIE=i*cNDb<gu_Wg>WojqkxP{__c_-E^>M%sv9{|5$S<B<RW

literal 0
HcmV?d00001


From 0ab644783e2dbd11ac7186c2debcac69d4e5e985 Mon Sep 17 00:00:00 2001
From: Anthony Keenan <anthony.keenan@r3.com>
Date: Wed, 24 Oct 2018 13:58:19 +0100
Subject: [PATCH 82/83] CORDA-1838: Add subcommands to node (#4091)

* Tidy up

* Add install-shell-extensions command

* Make cli tests use same version of picocli as everything else

* Remove initLogging from NodeStartup, it is ran earlier by CordaCLIWrapper

* Use picocli snapshot for testing

* Use RunLast() parser to invoke correct subcommands

* Deprecate old clear-network-map-cache parameter

* Restructure NodeStartup for commands

* Get rid of -c option since the flag method has been deprecated and that didn't exist in last release

* Update documentation

* Update backwards compatibility test

* Get all subcommands working

* Refactor sub commands into seperate classes

* Update docs and fix some tests

* Docs changes

* Fix merge conflicts with master

* Fix renamed parameters

* Fix test failure

* Fix compatibility tests

* Add missing compatibility test for blob inspector

* Remove blob inspector compatibility test as there are import conflicts

* Assorted doc fixes

* Addressing review comments

* More review comments

* Couple more bits

* Fix broken tests

* Fix compilation error

* More merge conflicts

* Make startup logging function a bit more sensible

* Fix broken shell extensions

* Make shell extensions work with subcommands

* Make sure parameters for deprecated options are carried through

* More review comments

* Adding some s's

* One last go

* Fix compilation error on Windows

* Revert logging changes

* Revert docs back to their original imperatively moody state
---
 build.gradle                                  |   2 +-
 docs/source/blob-inspector.rst                |  14 +-
 docs/source/changelog.rst                     |   6 +-
 .../cli-application-shell-extensions.rst      |   4 +-
 docs/source/cli-ux-guidelines.rst             |   7 +-
 docs/source/corda-configuration-file.rst      |   2 +-
 docs/source/network-bootstrapper.rst          |  13 +-
 docs/source/network-map.rst                   |   4 +-
 docs/source/running-a-node.rst                |  31 +-
 docs/source/shell.rst                         |  20 +-
 .../internal/network/NetworkBootstrapper.kt   |   2 +-
 .../net/corda/node/flows/FlowOverrideTests.kt |   2 +-
 node/src/main/kotlin/net/corda/node/Corda.kt  |   4 +-
 .../net/corda/node/NodeCmdLineOptions.kt      | 141 +++---
 .../net/corda/node/internal/AbstractNode.kt   |   2 +-
 .../kotlin/net/corda/node/internal/Node.kt    |  13 +-
 .../net/corda/node/internal/NodeStartup.kt    | 462 +++++++-----------
 .../subcommands/ClearNetworkCacheCli.kt       |  14 +
 .../subcommands/GenerateNodeInfoCli.kt        |  16 +
 .../subcommands/GenerateRpcSslCertsCli.kt     | 103 ++++
 .../subcommands/InitialRegistrationCli.kt     | 110 +++++
 ...et.corda.node.internal.NodeStartupCli.yml} |  10 -
 .../internal/NodeStartupCompatibilityTest.kt  |   2 +-
 .../corda/node/internal/NodeStartupTest.kt    |   9 +-
 .../testing/node/internal/DriverDSLImpl.kt    |   4 +-
 .../testing/node/internal/NodeBasedTest.kt    |   4 +-
 testing/test-cli/build.gradle                 |   2 +-
 tools/blobinspector/build.gradle              |   1 -
 .../net/corda/blobinspector/BlobInspector.kt  |   2 +-
 .../net.corda.blobinspector.BlobInspector.yml |  58 +++
 .../kotlin/net/corda/bootstrapper/Main.kt     |   2 +-
 ...bootstrapper.NetworkBootstrapperRunner.yml |   5 -
 .../net/corda/cliutils/CordaCliWrapper.kt     |  86 ++--
 .../cliutils/InstallShellExtensionsParser.kt  |  52 +-
 .../bootstrapper/notaries/NotaryCopier.kt     |   2 +-
 .../net.corda.tools.shell.StandaloneShell.yml |   5 -
 36 files changed, 716 insertions(+), 500 deletions(-)
 create mode 100644 node/src/main/kotlin/net/corda/node/internal/subcommands/ClearNetworkCacheCli.kt
 create mode 100644 node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateNodeInfoCli.kt
 create mode 100644 node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateRpcSslCertsCli.kt
 create mode 100644 node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt
 rename node/src/main/resources/{net.corda.node.internal.NodeStartup.yml => net.corda.node.internal.NodeStartupCli.yml} (92%)
 create mode 100644 tools/blobinspector/src/test/resources/net.corda.blobinspector.BlobInspector.yml

diff --git a/build.gradle b/build.gradle
index b5c9156435..41f3f98e69 100644
--- a/build.gradle
+++ b/build.gradle
@@ -70,7 +70,7 @@ buildscript {
     ext.snappy_version = '0.4'
     ext.class_graph_version = '4.2.12'
     ext.jcabi_manifests_version = '1.1'
-    ext.picocli_version = '3.5.2'
+    ext.picocli_version = '3.6.1'
 
     // Name of the IntelliJ SDK created for the deterministic Java rt.jar.
     // ext.deterministic_idea_sdk = '1.8 (Deterministic)'
diff --git a/docs/source/blob-inspector.rst b/docs/source/blob-inspector.rst
index fe58b63a3e..cffa40118b 100644
--- a/docs/source/blob-inspector.rst
+++ b/docs/source/blob-inspector.rst
@@ -98,9 +98,9 @@ The blob inspector can be started with the following command-line options:
 
 .. code-block:: shell
 
-    blob-inspector [-hvV] [--full-parties] [--install-shell-extensions] [--schema]
-                   [--format=type] [--input-format=type]
-                   [--logging-level=<loggingLevel>] [SOURCE]
+    blob-inspector [-hvV] [--full-parties] [--schema] [--format=type]
+                   [--input-format=type] [--logging-level=<loggingLevel>] SOURCE
+                   [COMMAND]
 
 * ``--format=type``: Output format. Possible values: [YAML, JSON]. Default: YAML.
 * ``--input-format=type``: Input format. If the file can't be decoded with the given value it's auto-detected, so you should
@@ -109,6 +109,10 @@ The blob inspector can be started with the following command-line options:
 * ``--schema``: Print the blob's schema first.
 * ``--verbose``, ``--log-to-console``, ``-v``: If set, prints logging to the console as well as to a file.
 * ``--logging-level=<loggingLevel>``: Enable logging at this level and higher. Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO.
-* ``--install-shell-extensions``: Install ``blob-inspector`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
 * ``--help``, ``-h``: Show this help message and exit.
-* ``--version``, ``-V``: Print version information and exit.
\ No newline at end of file
+* ``--version``, ``-V``: Print version information and exit.
+
+Sub-commands
+^^^^^^^^^^^^
+
+``install-shell-extensions``: Install ``blob-inspector`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
\ No newline at end of file
diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst
index eb81172b4a..48aca71439 100644
--- a/docs/source/changelog.rst
+++ b/docs/source/changelog.rst
@@ -1548,9 +1548,9 @@ New features in this release:
 
 * Testnet
 
-    * Permissioning infrastructure phase one is built out. The node now has a notion of developer mode vs normal
-      mode. In developer mode it works like M3 and the SSL certificates used by nodes running on your local
-      machine all self-sign using a developer key included in the source tree. When developer mode is not active,
+    * Permissioning infrastructure phase one is built out. The node now has a notion of development mode vs normal
+      mode. In development mode it works like M3 and the SSL certificates used by nodes running on your local
+      machine all self-sign using a developer key included in the source tree. When development mode is not active,
       the node won't start until it has a signed certificate. Such a certificate can be obtained by simply running
       an included command line utility which generates a CSR and submits it to a permissioning service, then waits
       for the signed certificate to be returned. Note that currently there is no public Corda testnet, so we are
diff --git a/docs/source/cli-application-shell-extensions.rst b/docs/source/cli-application-shell-extensions.rst
index 4c81ea6c07..ba765d73ed 100644
--- a/docs/source/cli-application-shell-extensions.rst
+++ b/docs/source/cli-application-shell-extensions.rst
@@ -10,7 +10,7 @@ Users of ``bash`` or ``zsh`` can install an alias and auto-completion for Corda
 
 .. code-block:: shell
 
-   java -jar <name-of-JAR>.jar --install-shell-extensions
+   java -jar <name-of-JAR>.jar install-shell-extensions
 
 Then, either restart your shell, or for ``bash`` users run:
 
@@ -34,7 +34,7 @@ For example, for the Corda node, install the shell extensions using
 
 .. code-block:: shell
 
-   java -jar corda-<version>.jar --install-shell-extensions
+   java -jar corda-<version>.jar install-shell-extensions
 
 And then run the node by running:
 
diff --git a/docs/source/cli-ux-guidelines.rst b/docs/source/cli-ux-guidelines.rst
index a4917b1620..41b3ac81df 100644
--- a/docs/source/cli-ux-guidelines.rst
+++ b/docs/source/cli-ux-guidelines.rst
@@ -50,8 +50,11 @@ Standard options
 * A ``--logging-level`` option should be provided which specifies the logging level to be used in any logging files. Acceptable values should be ``DEBUG``, ``TRACE``, ``INFO``, ``WARN`` and ``ERROR``.
 * ``--verbose`` and ``--log-to-console`` options should be provided (both equivalent) which specifies that logging output should be displayed in the console.
   A ``-v`` short option should also be provided.
-* A ``--install-shell-extensions`` option should be provided that creates and installs a bash completion file.
 
+Standard subcommands
+~~~~~~~~~~~~~~~~~~~~
+
+* An ``install-shell-extensions`` subcommand should be provided that creates and installs a bash completion file.
 
 Defaults
 ~~~~~~~~
@@ -94,7 +97,7 @@ In order to use it, create a class containing your command line options using th
         }
 
         class UsefulUtility : CordaCliWrapper(
-            "useful-utility", // the alias to be used for this utility in bash. When --install-shell-extensions is run
+            "useful-utility", // the alias to be used for this utility in bash. When install-shell-extensions is run
                               // you will be able to invoke this command by running <useful-utility --opts> from the command line
             "A command line utility that is super useful!" // A description of this utility to be displayed when --help is run
         ) {
diff --git a/docs/source/corda-configuration-file.rst b/docs/source/corda-configuration-file.rst
index 6f5fcf17b5..399b0bae78 100644
--- a/docs/source/corda-configuration-file.rst
+++ b/docs/source/corda-configuration-file.rst
@@ -125,7 +125,7 @@ absolute path to the node's base directory.
         .. note:: The RPC SSL certificate is used by RPC clients to authenticate the connection.
             The Node operator must provide RPC clients with a truststore containing the certificate they can trust.
             We advise Node operators to not use the P2P keystore for RPC.
-            The node ships with a command line argument "--just-generate-rpc-ssl-settings", which generates a secure keystore
+            The node can be run with the "generate-rpc-ssl-settings" command, which generates a secure keystore
             and truststore that can be used to secure the RPC connection. You can use this if you have no special requirements.
 
 
diff --git a/docs/source/network-bootstrapper.rst b/docs/source/network-bootstrapper.rst
index 4cc6ec559d..d8568e7ca9 100644
--- a/docs/source/network-bootstrapper.rst
+++ b/docs/source/network-bootstrapper.rst
@@ -255,14 +255,19 @@ The network bootstrapper can be started with the following command-line options:
 
 .. code-block:: shell
 
-    bootstrapper [-hvV] [--install-shell-extensions] [--no-copy] [--dir=<dir>]
-                 [--logging-level=<loggingLevel>]
+    bootstrapper [-hvV] [--no-copy] [--dir=<dir>] [--logging-level=<loggingLevel>]
+                 [--minimum-platform-version=<minimumPlatformVersion>] [COMMAND]
 
 * ``--dir=<dir>``: Root directory containing the node configuration files and CorDapp JARs that will form the test network.
   It may also contain existing node directories. Defaults to the current directory.
 * ``--no-copy``: Don't copy the CorDapp JARs into the nodes' "cordapps" directories.
 * ``--verbose``, ``--log-to-console``, ``-v``: If set, prints logging to the console as well as to a file.
 * ``--logging-level=<loggingLevel>``: Enable logging at this level and higher. Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO.
-* ``--install-shell-extensions``: Install ``bootstrapper`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
 * ``--help``, ``-h``: Show this help message and exit.
-* ``--version``, ``-V``: Print version information and exit.
\ No newline at end of file
+* ``--version``, ``-V``: Print version information and exit.
+* ``--minimum-platform-version``: The minimum platform version to use in the generated network-parameters.
+
+Sub-commands
+^^^^^^^^^^^^
+
+``install-shell-extensions``: Install ``bootstrapper`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
\ No newline at end of file
diff --git a/docs/source/network-map.rst b/docs/source/network-map.rst
index 3af6b5d6ce..2bda2ed9a8 100644
--- a/docs/source/network-map.rst
+++ b/docs/source/network-map.rst
@@ -63,7 +63,7 @@ be used to supplement or replace the HTTP network map. If the same node is adver
 latest one is taken.
 
 On startup the node generates its own signed node info file, filename of the format ``nodeInfo-${hash}``. It can also be
-generated using the ``--just-generate-node-info`` command line flag without starting the node. To create a simple network
+generated using the ``generate-node-info`` sub-command without starting the node. To create a simple network
 without the HTTP network map service simply place this file in the ``additional-node-infos`` directory of every node that's
 part of this network. For example, a simple way to do this is to use rsync.
 
@@ -192,7 +192,7 @@ you either need to run from the command line:
 
 .. code-block:: shell
 
-    java -jar corda.jar --clear-network-map-cache
+    java -jar corda.jar clear-network-cache
 
 or call RPC method `clearNetworkMapCache` (it can be invoked through the node's shell as `run clearNetworkMapCache`, for more information on
 how to log into node's shell see :doc:`shell`). As we are testing and hardening the implementation this step shouldn't be required.
diff --git a/docs/source/running-a-node.rst b/docs/source/running-a-node.rst
index 4a214b6845..849139bde9 100644
--- a/docs/source/running-a-node.rst
+++ b/docs/source/running-a-node.rst
@@ -48,25 +48,38 @@ Command-line options
 The node can optionally be started with the following command-line options:
 
 * ``--base-directory``, ``-b``: The node working directory where all the files are kept (default: ``.``).
-* ``--clear-network-map-cache``, ``-c``: Clears local copy of network map, on node startup it will be restored from server or file system.
 * ``--config-file``, ``-f``: The path to the config file. Defaults to ``node.conf``.
-* ``--dev-mode``, ``-d``: Runs the node in developer mode. Unsafe in production. Defaults to true on MacOS and desktop versions of Windows. False otherwise.
-* ``--initial-registration``: Start initial node registration with the compatibility zone to obtain a certificate from the Doorman.
-* ``--just-generate-node-info``: Perform the node start-up task necessary to generate its nodeInfo, save it to disk, then
-  quit.
-* ``--just-generate-rpc-ssl-settings``: Generate the ssl keystore and truststore for a secure RPC connection.
-* ``--network-root-truststore``, ``-t``: Network root trust store obtained from network operator.
-* ``--network-root-truststore-password``, ``-p``: Network root trust store password obtained from network operator.
+* ``--dev-mode``, ``-d``: Runs the node in development mode. Unsafe in production. Defaults to true on MacOS and desktop versions of Windows. False otherwise.
 * ``--no-local-shell``, ``-n``: Do not start the embedded shell locally.
 * ``--on-unknown-config-keys <[FAIL,WARN,INFO]>``: How to behave on unknown node configuration. Defaults to FAIL.
 * ``--sshd``: Enables SSH server for node administration.
 * ``--sshd-port``: Sets the port for the SSH server. If not supplied and SSH server is enabled, the port defaults to 2222.
 * ``--verbose``, ``--log-to-console``, ``-v``: If set, prints logging to the console as well as to a file.
 * ``--logging-level=<loggingLevel>``: Enable logging at this level and higher. Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO.
-* ``--install-shell-extensions``: Install ``corda`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
 * ``--help``, ``-h``: Show this help message and exit.
 * ``--version``, ``-V``: Print version information and exit.
 
+Sub-commands
+^^^^^^^^^^^^
+
+``bootstrap-raft-cluster``: Bootstraps Raft cluster. The node forms a single node cluster (ignoring otherwise configured peer
+addresses), acting as a seed for other nodes to join the cluster.
+
+``clear-network-cache``: Clears local copy of network map, on node startup it will be restored from server or file system.
+
+``initial-registration``: Starts initial node registration with the compatibility zone to obtain a certificate from the Doorman.
+
+Parameters:
+
+* ``--network-root-truststore``, ``-t`` **required**: Network root trust store obtained from network operator.
+* ``--network-root-truststore-password``, ``-p``: Network root trust store password obtained from network operator.
+
+``generate-node-info``: Performs the node start-up tasks necessary to generate the nodeInfo file, saves it to disk, then exits.
+
+``generate-rpc-ssl-settings``: Generates the SSL keystore and truststore for a secure RPC connection.
+
+``install-shell-extensions``: Install ``corda`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
+
 .. _enabling-remote-debugging:
 
 Enabling remote debugging
diff --git a/docs/source/shell.rst b/docs/source/shell.rst
index 43fc87aae5..ee570a48ba 100644
--- a/docs/source/shell.rst
+++ b/docs/source/shell.rst
@@ -105,28 +105,15 @@ Starting the standalone shell
 
 Run the following command from the terminal:
 
-Linux and MacOS
-^^^^^^^^^^^^^^^
-
 .. code:: bash
 
-    java -jar corda-tools-shell-cli-VERSION_NUMBER.jar [--config-file PATH | --cordpass-directory PATH --commands-directory PATH --host HOST --port PORT
-             --user USER --password PASSWORD --sshd-port PORT --sshd-hostkey-directory PATH --keystore-password PASSWORD
-             --keystore-file FILE --truststore-password PASSWORD --truststore-file FILE | --help]
-
-Windows
-^^^^^^^
-
-.. code:: bash
-
-    corda-shell [-hvV] [--install-shell-extensions]
-                [--logging-level=<loggingLevel>] [--password=<password>]
+    corda-shell [-hvV] [--logging-level=<loggingLevel>] [--password=<password>]
                 [--sshd-hostkey-directory=<sshdHostKeyDirectory>]
                 [--sshd-port=<sshdPort>] [--truststore-file=<trustStoreFile>]
                 [--truststore-password=<trustStorePassword>]
                 [--truststore-type=<trustStoreType>] [--user=<user>] [-a=<host>]
                 [-c=<cordappDirectory>] [-f=<configFile>] [-o=<commandsDirectory>]
-                [-p=<port>]
+                [-p=<port>] [COMMAND]
 
 Where:
 
@@ -144,10 +131,11 @@ Where:
 * ``--truststore-type=<trustStoreType>``: The type of the TrustStore (e.g. JKS).
 * ``--verbose``, ``--log-to-console``, ``-v``: If set, prints logging to the console as well as to a file.
 * ``--logging-level=<loggingLevel>``: Enable logging at this level and higher. Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO.
-* ``--install-shell-extensions``: Install ``corda-shell`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
 * ``--help``, ``-h``: Show this help message and exit.
 * ``--version``, ``-V``: Print version information and exit.
 
+Additionally, the ``install-shell-extensions`` subcommand can be used to install the ``corda-shell`` alias and auto completion for bash and zsh. See :doc:`cli-application-shell-extensions` for more info.
+
 The format of ``config-file``:
 
 .. code:: bash
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
index c581577c57..f9ed9e0f88 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkBootstrapper.kt
@@ -65,7 +65,7 @@ internal constructor(private val initSerEnv: Boolean,
                 "java",
                 "-jar",
                 "corda.jar",
-                "--just-generate-node-info"
+                "generate-node-info"
         )
 
         private const val LOGS_DIR_NAME = "logs"
diff --git a/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt b/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt
index 881daf18cf..b432de8a53 100644
--- a/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/flows/FlowOverrideTests.kt
@@ -64,7 +64,7 @@ class FlowOverrideTests {
     private val nodeBClasses = setOf(Ping::class.java, Pong::class.java)
 
     @Test
-    fun `should use the most "specific" implementation of a responding flow`() {
+    fun `should use the most specific implementation of a responding flow`() {
         driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
             val nodeA = startNode(additionalCordapps = setOf(cordappForClasses(*nodeAClasses.toTypedArray()))).getOrThrow()
             val nodeB = startNode(additionalCordapps = setOf(cordappForClasses(*nodeBClasses.toTypedArray()))).getOrThrow()
diff --git a/node/src/main/kotlin/net/corda/node/Corda.kt b/node/src/main/kotlin/net/corda/node/Corda.kt
index 62252de5a5..07940ee422 100644
--- a/node/src/main/kotlin/net/corda/node/Corda.kt
+++ b/node/src/main/kotlin/net/corda/node/Corda.kt
@@ -4,11 +4,11 @@
 package net.corda.node
 
 import net.corda.cliutils.start
-import net.corda.node.internal.NodeStartup
+import net.corda.node.internal.NodeStartupCli
 
 fun main(args: Array<String>) {
     // Pass the arguments to the Node factory. In the Enterprise edition, this line is modified to point to a subclass.
     // It will exit the process in case of startup failure and is not intended to be used by embedders. If you want
     // to embed Node in your own container, instantiate it directly and set up the configuration objects yourself.
-    NodeStartup().start(args)
+    NodeStartupCli().start(args)
 }
diff --git a/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt b/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt
index 4f4ba98c1a..66be04a34a 100644
--- a/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt
+++ b/node/src/main/kotlin/net/corda/node/NodeCmdLineOptions.kt
@@ -2,18 +2,18 @@ package net.corda.node
 
 import com.typesafe.config.Config
 import com.typesafe.config.ConfigFactory
+import com.typesafe.config.ConfigRenderOptions
 import net.corda.core.internal.div
-import net.corda.core.internal.exists
-import net.corda.core.utilities.Try
 import net.corda.node.services.config.ConfigHelper
 import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.services.config.NodeConfigurationImpl
 import net.corda.node.services.config.parseAsNodeConfiguration
 import net.corda.nodeapi.internal.config.UnknownConfigKeysPolicy
 import picocli.CommandLine.Option
 import java.nio.file.Path
 import java.nio.file.Paths
 
-class NodeCmdLineOptions {
+open class SharedNodeCmdLineOptions {
     @Option(
             names = ["-b", "--base-directory"],
             description = ["The node working directory where all the files are kept."]
@@ -27,6 +27,53 @@ class NodeCmdLineOptions {
     private var _configFile: Path? = null
     val configFile: Path get() = _configFile ?: (baseDirectory / "node.conf")
 
+    @Option(
+            names = ["--on-unknown-config-keys"],
+            description = ["How to behave on unknown node configuration. \${COMPLETION-CANDIDATES}"]
+    )
+    var unknownConfigKeysPolicy: UnknownConfigKeysPolicy = UnknownConfigKeysPolicy.FAIL
+
+    @Option(
+            names = ["-d", "--dev-mode"],
+            description = ["Runs the node in development mode. Unsafe for production."]
+    )
+    var devMode: Boolean? = null
+
+    open fun loadConfig(): NodeConfiguration {
+        return getRawConfig().parseAsNodeConfiguration(unknownConfigKeysPolicy::handle)
+    }
+
+    protected fun getRawConfig(): Config {
+        val rawConfig = ConfigHelper.loadConfig(
+                baseDirectory,
+                configFile
+        )
+        if (devMode == true) {
+            println("Config:\n${rawConfig.root().render(ConfigRenderOptions.defaults())}")
+        }
+        return rawConfig
+    }
+
+    fun copyFrom(other: SharedNodeCmdLineOptions) {
+        baseDirectory = other.baseDirectory
+        _configFile = other._configFile
+        unknownConfigKeysPolicy= other.unknownConfigKeysPolicy
+        devMode = other.devMode
+    }
+}
+
+class InitialRegistrationCmdLineOptions : SharedNodeCmdLineOptions() {
+    override fun loadConfig(): NodeConfiguration {
+        return getRawConfig().parseAsNodeConfiguration(unknownConfigKeysPolicy::handle).also { config ->
+            require(!config.devMode) { "Registration cannot occur in development mode" }
+            require(config.compatibilityZoneURL != null || config.networkServices != null) {
+                "compatibilityZoneURL or networkServices must be present in the node configuration file in registration mode."
+            }
+        }
+    }
+}
+
+open class NodeCmdLineOptions : SharedNodeCmdLineOptions() {
     @Option(
             names = ["--sshd"],
             description = ["If set, enables SSH server for node administration."]
@@ -45,84 +92,66 @@ class NodeCmdLineOptions {
     )
     var noLocalShell: Boolean = false
 
-    @Option(
-            names = ["--initial-registration"],
-            description = ["Start initial node registration with Corda network to obtain certificate from the permissioning server."]
-    )
-    var isRegistration: Boolean = false
-
-    @Option(
-            names = ["-t", "--network-root-truststore"],
-            description = ["Network root trust store obtained from network operator."]
-    )
-    private var _networkRootTrustStorePath: Path? = null
-    val networkRootTrustStorePath: Path get() = _networkRootTrustStorePath ?: baseDirectory / "certificates" / "network-root-truststore.jks"
-
-    @Option(
-            names = ["-p", "--network-root-truststore-password"],
-            description = ["Network root trust store password obtained from network operator."]
-    )
-    var networkRootTrustStorePassword: String? = null
-
-    @Option(
-            names = ["--on-unknown-config-keys"],
-            description = ["How to behave on unknown node configuration. \${COMPLETION-CANDIDATES}"]
-    )
-    var unknownConfigKeysPolicy: UnknownConfigKeysPolicy = UnknownConfigKeysPolicy.FAIL
-
-    @Option(
-            names = ["-d", "--dev-mode"],
-            description = ["Run the node in developer mode. Unsafe for production."]
-    )
-    var devMode: Boolean? = null
-
     @Option(
             names = ["--just-generate-node-info"],
-            description = ["Perform the node start-up task necessary to generate its node info, save it to disk, then quit"]
+            description = ["DEPRECATED. Performs the node start-up tasks necessary to generate the nodeInfo file, saves it to disk, then exits."],
+            hidden = true
     )
     var justGenerateNodeInfo: Boolean = false
 
     @Option(
             names = ["--just-generate-rpc-ssl-settings"],
-            description = ["Generate the SSL key and trust stores for a secure RPC connection."]
+            description = ["DEPRECATED. Generates the SSL key and trust stores for a secure RPC connection."],
+            hidden = true
     )
     var justGenerateRpcSslCerts: Boolean = false
 
     @Option(
-            names = ["-c", "--clear-network-map-cache"],
-            description = ["Clears local copy of network map, on node startup it will be restored from server or file system."]
+            names = ["--clear-network-map-cache"],
+            description = ["DEPRECATED. Clears local copy of network map, on node startup it will be restored from server or file system."],
+            hidden = true
     )
     var clearNetworkMapCache: Boolean = false
 
-    val nodeRegistrationOption: NodeRegistrationOption? by lazy {
-        if (isRegistration) {
-            requireNotNull(networkRootTrustStorePassword) { "Network root trust store password must be provided in registration mode using --network-root-truststore-password." }
-            require(networkRootTrustStorePath.exists()) { "Network root trust store path: '$networkRootTrustStorePath' doesn't exist" }
-            NodeRegistrationOption(networkRootTrustStorePath, networkRootTrustStorePassword!!)
-        } else {
-            null
-        }
-    }
+    @Option(
+            names = ["--initial-registration"],
+            description = ["DEPRECATED. Starts initial node registration with Corda network to obtain certificate from the permissioning server."],
+            hidden = true
+    )
+    var isRegistration: Boolean = false
 
-    fun loadConfig(): Pair<Config, Try<NodeConfiguration>> {
+    @Option(
+            names = ["-t", "--network-root-truststore"],
+            description = ["DEPRECATED. Network root trust store obtained from network operator."],
+            hidden = true
+    )
+    var networkRootTrustStorePathParameter: Path? = null
+
+    @Option(
+            names = ["-p", "--network-root-truststore-password"],
+            description = ["DEPRECATED. Network root trust store password obtained from network operator."],
+            hidden = true
+    )
+    var networkRootTrustStorePassword: String? = null
+
+    override fun loadConfig(): NodeConfiguration {
         val rawConfig = ConfigHelper.loadConfig(
                 baseDirectory,
                 configFile,
                 configOverrides = ConfigFactory.parseMap(mapOf("noLocalShell" to this.noLocalShell) +
                         if (sshdServer) mapOf("sshd" to mapOf("port" to sshdServerPort.toString())) else emptyMap<String, Any>() +
-                        if (devMode != null) mapOf("devMode" to this.devMode) else emptyMap())
+                                if (devMode != null) mapOf("devMode" to this.devMode) else emptyMap())
         )
-        return rawConfig to Try.on {
-            rawConfig.parseAsNodeConfiguration(unknownConfigKeysPolicy::handle).also { config ->
-                if (nodeRegistrationOption != null) {
-                    require(!config.devMode) { "Registration cannot occur in devMode" }
-                    require(config.compatibilityZoneURL != null || config.networkServices != null) {
-                        "compatibilityZoneURL or networkServices must be present in the node configuration file in registration mode."
-                    }
+        return rawConfig.parseAsNodeConfiguration(unknownConfigKeysPolicy::handle).also { config ->
+            if (isRegistration) {
+                require(!config.devMode) { "Registration cannot occur in development mode" }
+                require(config.compatibilityZoneURL != null || config.networkServices != null) {
+                    "compatibilityZoneURL or networkServices must be present in the node configuration file in registration mode."
                 }
             }
         }
     }
 }
 
+
 data class NodeRegistrationOption(val networkRootTrustStorePath: Path, val networkRootTrustStorePassword: String)
diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index 99e9f50778..aa6b5a16b8 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -661,7 +661,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
             requireNotNull(getCertificateStores()) {
                 "One or more keyStores (identity or TLS) or trustStore not found. " +
                         "Please either copy your existing keys and certificates from another node, " +
-                        "or if you don't have one yet, fill out the config file and run corda.jar --initial-registration. " +
+                        "or if you don't have one yet, fill out the config file and run corda.jar initial-registration. " +
                         "Read more at: https://docs.corda.net/permissioning.html"
             }
         } catch (e: KeyStoreException) {
diff --git a/node/src/main/kotlin/net/corda/node/internal/Node.kt b/node/src/main/kotlin/net/corda/node/internal/Node.kt
index 27523d9ccb..1794cc135c 100644
--- a/node/src/main/kotlin/net/corda/node/internal/Node.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/Node.kt
@@ -6,6 +6,7 @@ import com.codahale.metrics.MetricRegistry
 import com.palominolabs.metrics.newrelic.AllEnabledMetricAttributeFilter
 import com.palominolabs.metrics.newrelic.NewRelicReporter
 import net.corda.client.rpc.internal.serialization.amqp.AMQPClientSerializationScheme
+import net.corda.cliutils.ShellConstants
 import net.corda.core.concurrent.CordaFuture
 import net.corda.core.flows.FlowLogic
 import net.corda.core.identity.CordaX500Name
@@ -110,9 +111,13 @@ open class Node(configuration: NodeConfiguration,
             LoggerFactory.getLogger(loggerName).info(msg)
         }
 
+        fun printInRed(message: String) {
+            println("${ShellConstants.RED}$message${ShellConstants.RESET}")
+        }
+
         fun printWarning(message: String) {
             Emoji.renderIfSupported {
-                println("${Emoji.warningSign} ATTENTION: $message")
+                printInRed("${Emoji.warningSign} ATTENTION: $message")
             }
             staticLog.warn(message)
         }
@@ -132,13 +137,13 @@ open class Node(configuration: NodeConfiguration,
         // TODO: make this configurable.
         const val MAX_RPC_MESSAGE_SIZE = 10485760
 
-        fun isValidJavaVersion(): Boolean {
+        fun isInvalidJavaVersion(): Boolean {
             if (!hasMinimumJavaVersion()) {
                 println("You are using a version of Java that is not supported (${SystemUtils.JAVA_VERSION}). Please upgrade to the latest version of Java 8.")
                 println("Corda will now exit...")
-                return false
+                return true
             }
-            return true
+            return false
         }
 
         private fun hasMinimumJavaVersion(): Boolean {
diff --git a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
index f26af3380a..e74de238ca 100644
--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@@ -1,31 +1,24 @@
 package net.corda.node.internal
 
-import com.typesafe.config.Config
 import com.typesafe.config.ConfigException
-import com.typesafe.config.ConfigRenderOptions
 import io.netty.channel.unix.Errors
-import net.corda.cliutils.CordaCliWrapper
-import net.corda.cliutils.CordaVersionProvider
-import net.corda.cliutils.ExitCodes
+import net.corda.cliutils.*
 import net.corda.core.crypto.Crypto
 import net.corda.core.internal.*
 import net.corda.core.internal.concurrent.thenMatch
 import net.corda.core.internal.cordapp.CordappImpl
 import net.corda.core.internal.errors.AddressBindingException
 import net.corda.core.utilities.Try
+import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.loggerFor
 import net.corda.node.*
-import net.corda.node.internal.Node.Companion.isValidJavaVersion
+import net.corda.node.internal.Node.Companion.isInvalidJavaVersion
 import net.corda.node.internal.cordapp.MultipleCordappsForFlowException
+import net.corda.node.internal.subcommands.*
 import net.corda.node.services.config.NodeConfiguration
 import net.corda.node.services.config.shouldStartLocalShell
 import net.corda.node.services.config.shouldStartSSHDaemon
-import net.corda.node.utilities.createKeyPairAndSelfSignedTLSCertificate
-import net.corda.node.utilities.registration.HTTPNetworkRegistrationService
 import net.corda.node.utilities.registration.NodeRegistrationException
-import net.corda.node.utilities.registration.NodeRegistrationHelper
-import net.corda.node.utilities.saveToKeyStore
-import net.corda.node.utilities.saveToTrustStore
 import net.corda.nodeapi.internal.addShutdownHook
 import net.corda.nodeapi.internal.config.UnknownConfigurationKeysException
 import net.corda.nodeapi.internal.persistence.CouldNotCreateDataSourceException
@@ -33,10 +26,8 @@ import net.corda.nodeapi.internal.persistence.DatabaseIncompatibleException
 import net.corda.tools.shell.InteractiveShell
 import org.fusesource.jansi.Ansi
 import org.slf4j.bridge.SLF4JBridgeHandler
-import picocli.CommandLine.Mixin
+import picocli.CommandLine.*
 import sun.misc.VMSupport
-import java.io.Console
-import java.io.File
 import java.io.IOException
 import java.io.RandomAccessFile
 import java.lang.management.ManagementFactory
@@ -45,201 +36,145 @@ import java.nio.file.Path
 import java.time.DayOfWeek
 import java.time.ZonedDateTime
 import java.util.*
-import kotlin.system.exitProcess
 
-/** This class is responsible for starting a Node from command line arguments. */
-open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
+/** An interface that can be implemented to tell the node what to do once it's intitiated. */
+interface RunAfterNodeInitialisation {
+    fun run(node: Node)
+}
+
+/** Base class for subcommands to derive from that initialises the logs and provides standard options. */
+abstract class NodeCliCommand(alias: String, description: String, val startup: NodeStartup) : CliWrapperBase(alias, description), NodeStartupLogging {
     companion object {
-        private val logger by lazy { loggerFor<Node>() } // I guess this is lazy to allow for logging init, but why Node?
         const val LOGS_DIRECTORY_NAME = "logs"
-        const val LOGS_CAN_BE_FOUND_IN_STRING = "Logs can be found in"
-        private const val INITIAL_REGISTRATION_MARKER = ".initialregistration"
+    }
+
+    override fun initLogging() = this.initLogging(cmdLineOptions.baseDirectory)
+
+    @Mixin
+    val cmdLineOptions = SharedNodeCmdLineOptions()
+}
+
+/** Main corda entry point. */
+open class NodeStartupCli : CordaCliWrapper("corda", "Runs a Corda Node") {
+    val startup = NodeStartup()
+    private val networkCacheCli = ClearNetworkCacheCli(startup)
+    private val justGenerateNodeInfoCli = GenerateNodeInfoCli(startup)
+    private val justGenerateRpcSslCertsCli = GenerateRpcSslCertsCli(startup)
+    private val initialRegistrationCli = InitialRegistrationCli(startup)
+
+    override fun initLogging() = this.initLogging(cmdLineOptions.baseDirectory)
+
+    override fun additionalSubCommands() = setOf(networkCacheCli, justGenerateNodeInfoCli, justGenerateRpcSslCertsCli, initialRegistrationCli)
+
+    override fun runProgram(): Int {
+        return when {
+            InitialRegistration.checkRegistrationMode(cmdLineOptions.baseDirectory) -> {
+                println("Node was started before in `initial-registration` mode, but the registration was not completed.\nResuming registration.")
+                initialRegistrationCli.cmdLineOptions.copyFrom(cmdLineOptions)
+                initialRegistrationCli.runProgram()
+            }
+            //deal with legacy flags and redirect to subcommands
+            cmdLineOptions.isRegistration -> {
+                Node.printWarning("The --initial-registration flag has been deprecated and will be removed in a future version. Use the initial-registration command instead.")
+                requireNotNull(cmdLineOptions.networkRootTrustStorePassword) { "Network root trust store password must be provided in registration mode using --network-root-truststore-password." }
+                initialRegistrationCli.networkRootTrustStorePassword = cmdLineOptions.networkRootTrustStorePassword!!
+                initialRegistrationCli.networkRootTrustStorePathParameter = cmdLineOptions.networkRootTrustStorePathParameter
+                initialRegistrationCli.cmdLineOptions.copyFrom(cmdLineOptions)
+                initialRegistrationCli.runProgram()
+            }
+            cmdLineOptions.clearNetworkMapCache -> {
+                Node.printWarning("The --clear-network-map-cache flag has been deprecated and will be removed in a future version. Use the clear-network-cache command instead.")
+                networkCacheCli.cmdLineOptions.copyFrom(cmdLineOptions)
+                networkCacheCli.runProgram()
+            }
+            cmdLineOptions.justGenerateNodeInfo -> {
+                Node.printWarning("The --just-generate-node-info flag has been deprecated and will be removed in a future version. Use the generate-node-info command instead.")
+                justGenerateNodeInfoCli.cmdLineOptions.copyFrom(cmdLineOptions)
+                justGenerateNodeInfoCli.runProgram()
+            }
+            cmdLineOptions.justGenerateRpcSslCerts -> {
+                Node.printWarning("The --just-generate-rpc-ssl-settings flag has been deprecated and will be removed in a future version. Use the generate-rpc-ssl-settings command instead.")
+                justGenerateRpcSslCertsCli.cmdLineOptions.copyFrom(cmdLineOptions)
+                justGenerateRpcSslCertsCli.runProgram()
+            }
+            else -> startup.initialiseAndRun(cmdLineOptions, object : RunAfterNodeInitialisation {
+                val startupTime = System.currentTimeMillis()
+                override fun run(node: Node) = startup.startNode(node, startupTime)
+            })
+        }
     }
 
     @Mixin
     val cmdLineOptions = NodeCmdLineOptions()
+}
+
+/** This class provides a common set of functionality for starting a Node from command line arguments. */
+open class NodeStartup : NodeStartupLogging {
+    companion object {
+        private val logger by lazy { loggerFor<Node>() } // I guess this is lazy to allow for logging init, but why Node?
+        const val LOGS_DIRECTORY_NAME = "logs"
+        const val LOGS_CAN_BE_FOUND_IN_STRING = "Logs can be found in"
+    }
+
+    lateinit var cmdLineOptions: SharedNodeCmdLineOptions
+
+    fun initialiseAndRun(cmdLineOptions: SharedNodeCmdLineOptions, afterNodeInitialisation: RunAfterNodeInitialisation): Int {
+        this.cmdLineOptions = cmdLineOptions
 
-    /**
-     * @return exit code based on the success of the node startup. This value is intended to be the exit code of the process.
-     */
-    override fun runProgram(): Int {
-        val startTime = System.currentTimeMillis()
         // Step 1. Check for supported Java version.
-        if (!isValidJavaVersion()) return ExitCodes.FAILURE
+        if (isInvalidJavaVersion()) return ExitCodes.FAILURE
 
         // Step 2. We do the single node check before we initialise logging so that in case of a double-node start it
         // doesn't mess with the running node's logs.
         enforceSingleNodeIsRunning(cmdLineOptions.baseDirectory)
 
-        // Step 3. Initialise logging.
-        initLogging()
-
-        // Step 4. Register all cryptography [Provider]s.
+        // Step 3. Register all cryptography [Provider]s.
         // Required to install our [SecureRandom] before e.g., UUID asks for one.
-        // This needs to go after initLogging(netty clashes with our logging).
+        // This needs to go after initLogging(netty clashes with our logging)
         Crypto.registerProviders()
 
-        // Step 5. Print banner and basic node info.
+        // Step 4. Print banner and basic node info.
         val versionInfo = getVersionInfo()
         drawBanner(versionInfo)
         Node.printBasicNodeInfo(LOGS_CAN_BE_FOUND_IN_STRING, System.getProperty("log-path"))
 
-        // Step 6. Load and validate node configuration.
-        val configuration = (attempt { loadConfiguration() }.doOnException(handleConfigurationLoadingError(cmdLineOptions.configFile)) as? Try.Success)?.let(Try.Success<NodeConfiguration>::value) ?: return ExitCodes.FAILURE
+        // Step 5. Load and validate node configuration.
+        val configuration = (attempt { cmdLineOptions.loadConfig() }.doOnException(handleConfigurationLoadingError(cmdLineOptions.configFile)) as? Try.Success)?.let(Try.Success<NodeConfiguration>::value)
+                ?: return ExitCodes.FAILURE
         val errors = configuration.validate()
         if (errors.isNotEmpty()) {
             logger.error("Invalid node configuration. Errors were:${System.lineSeparator()}${errors.joinToString(System.lineSeparator())}")
             return ExitCodes.FAILURE
         }
 
-        // Step 7. Configuring special serialisation requirements, i.e., bft-smart relies on Java serialization.
-        attempt { banJavaSerialisation(configuration) }.doOnException { error -> error.logAsUnexpected("Exception while configuring serialisation") } as? Try.Success ?: return ExitCodes.FAILURE
+        // Step 6. Configuring special serialisation requirements, i.e., bft-smart relies on Java serialization.
+        attempt { banJavaSerialisation(configuration) }.doOnException { error -> error.logAsUnexpected("Exception while configuring serialisation") } as? Try.Success
+                ?: return ExitCodes.FAILURE
 
-        // Step 8. Any actions required before starting up the Corda network layer.
-        attempt { preNetworkRegistration(configuration) }.doOnException(handleRegistrationError) as? Try.Success ?: return ExitCodes.FAILURE
+        // Step 7. Any actions required before starting up the Corda network layer.
+        attempt { preNetworkRegistration(configuration) }.doOnException(::handleRegistrationError) as? Try.Success
+                ?: return ExitCodes.FAILURE
 
-        // Step 9. Check if in registration mode.
-        checkAndRunRegistrationMode(configuration, versionInfo)?.let {
-            return if (it) ExitCodes.SUCCESS
-            else ExitCodes.FAILURE
-        }
-
-        // Step 10. Log startup info.
+        // Step 8. Log startup info.
         logStartupInfo(versionInfo, configuration)
 
-        // Step 11. Start node: create the node, check for other command-line options, add extra logging etc.
-        attempt { startNode(configuration, versionInfo, startTime) }.doOnSuccess { logger.info("Node exiting successfully") }.doOnException(handleStartError) as? Try.Success ?: return ExitCodes.FAILURE
+        // Step 9. Start node: create the node, check for other command-line options, add extra logging etc.
+        attempt {
+            cmdLineOptions.baseDirectory.createDirectories()
+            afterNodeInitialisation.run(createNode(configuration, versionInfo))
+        }.doOnException(::handleStartError) as? Try.Success ?: return ExitCodes.FAILURE
 
         return ExitCodes.SUCCESS
     }
 
-    private fun checkAndRunRegistrationMode(configuration: NodeConfiguration, versionInfo: VersionInfo): Boolean? {
-        checkUnfinishedRegistration()
-        cmdLineOptions.nodeRegistrationOption?.let {
-            // Null checks for [compatibilityZoneURL], [rootTruststorePath] and [rootTruststorePassword] has been done in [CmdLineOptions.loadConfig]
-            attempt { registerWithNetwork(configuration, versionInfo, it) }.doOnException(handleRegistrationError) as? Try.Success
-                    ?: return false
-            // At this point the node registration was successful. We can delete the marker file.
-            deleteNodeRegistrationMarker(cmdLineOptions.baseDirectory)
-            return true
-        }
-        return null
-    }
-
-    // TODO: Reconsider if automatic re-registration should be applied when something failed during initial registration.
-    //      There might be cases where the node user should investigate what went wrong before registering again.
-    private fun checkUnfinishedRegistration() {
-        if (checkRegistrationMode() && !cmdLineOptions.isRegistration) {
-            println("Node was started before with `--initial-registration`, but the registration was not completed.\nResuming registration.")
-            // Pretend that the node was started with `--initial-registration` to help prevent user error.
-            cmdLineOptions.isRegistration = true
-        }
-    }
-
-    private fun <RESULT> attempt(action: () -> RESULT): Try<RESULT> = Try.on(action)
-
-    private fun Exception.isExpectedWhenStartingNode() = startNodeExpectedErrors.any { error -> error.isInstance(this) }
-
-    private val startNodeExpectedErrors = setOf(MultipleCordappsForFlowException::class, CheckpointIncompatibleException::class, AddressBindingException::class, NetworkParametersReader::class, DatabaseIncompatibleException::class)
-
-    private fun Exception.logAsExpected(message: String? = this.message, print: (String?) -> Unit = logger::error) = print(message)
-
-    private fun Exception.logAsUnexpected(message: String? = this.message, error: Exception = this, print: (String?, Throwable) -> Unit = logger::error) = print("$message${this.message?.let { ": $it" } ?: ""}", error)
-
-    private fun Exception.isOpenJdkKnownIssue() = message?.startsWith("Unknown named curve:") == true
-
-    private val handleRegistrationError = { error: Exception ->
-        when (error) {
-            is NodeRegistrationException -> error.logAsExpected("Issue with Node registration: ${error.message}")
-            else -> error.logAsUnexpected("Exception during node registration")
-        }
-    }
-
-    private val handleStartError = { error: Exception ->
-        when {
-            error.isExpectedWhenStartingNode() -> error.logAsExpected()
-            error is CouldNotCreateDataSourceException -> error.logAsUnexpected()
-            error is Errors.NativeIoException && error.message?.contains("Address already in use") == true -> error.logAsExpected("One of the ports required by the Corda node is already in use.")
-            error.isOpenJdkKnownIssue() -> error.logAsExpected("Exception during node startup - ${error.message}. This is a known OpenJDK issue on some Linux distributions, please use OpenJDK from zulu.org or Oracle JDK.")
-            else -> error.logAsUnexpected("Exception during node startup")
-        }
-    }
-
-    private fun handleConfigurationLoadingError(configFile: Path) = { error: Exception ->
-        when (error) {
-            is UnknownConfigurationKeysException -> error.logAsExpected()
-            is ConfigException.IO -> error.logAsExpected(configFileNotFoundMessage(configFile), ::println)
-            else -> error.logAsUnexpected("Unexpected error whilst reading node configuration")
-        }
-    }
-
-    private fun configFileNotFoundMessage(configFile: Path): String {
-        return """
-                Unable to load the node config file from '$configFile'.
-
-                Try setting the --base-directory flag to change which directory the node
-                is looking in, or use the --config-file flag to specify it explicitly.
-            """.trimIndent()
-    }
-
-    private fun loadConfiguration(): NodeConfiguration {
-        val (rawConfig, configurationResult) = loadConfigFile()
-        if (cmdLineOptions.devMode == true) {
-            println("Config:\n${rawConfig.root().render(ConfigRenderOptions.defaults())}")
-        }
-        return configurationResult.getOrThrow()
-    }
-
-    private fun checkRegistrationMode(): Boolean {
-        // If the node was started with `--initial-registration`, create marker file.
-        // We do this here to ensure the marker is created even if parsing the args with NodeArgsParser fails.
-        val marker = cmdLineOptions.baseDirectory / INITIAL_REGISTRATION_MARKER
-        if (!cmdLineOptions.isRegistration && !marker.exists()) {
-            return false
-        }
-        try {
-            marker.createFile()
-        } catch (e: Exception) {
-            logger.warn("Could not create marker file for `--initial-registration`.", e)
-        }
-        return true
-    }
-
-    private fun deleteNodeRegistrationMarker(baseDir: Path) {
-        try {
-            val marker = File((baseDir / INITIAL_REGISTRATION_MARKER).toUri())
-            if (marker.exists()) {
-                marker.delete()
-            }
-        } catch (e: Exception) {
-            e.logAsUnexpected("Could not delete the marker file that was created for `--initial-registration`.", print = logger::warn)
-        }
-    }
-
     protected open fun preNetworkRegistration(conf: NodeConfiguration) = Unit
 
-    protected open fun createNode(conf: NodeConfiguration, versionInfo: VersionInfo): Node = Node(conf, versionInfo)
+    open fun createNode(conf: NodeConfiguration, versionInfo: VersionInfo): Node = Node(conf, versionInfo)
 
-    protected open fun startNode(conf: NodeConfiguration, versionInfo: VersionInfo, startTime: Long) {
-        cmdLineOptions.baseDirectory.createDirectories()
-        val node = createNode(conf, versionInfo)
-        if (cmdLineOptions.clearNetworkMapCache) {
-            node.clearNetworkMapCache()
-            return
-        }
-        if (cmdLineOptions.justGenerateNodeInfo) {
-            // Perform the minimum required start-up logic to be able to write a nodeInfo to disk
-            node.generateAndSaveNodeInfo()
-            return
-        }
-        if (cmdLineOptions.justGenerateRpcSslCerts) {
-            generateRpcSslCertificates(conf)
-            return
-        }
-
-        if (conf.devMode) {
+    fun startNode(node: Node, startTime: Long) {
+        if (node.configuration.devMode) {
             Emoji.renderIfSupported {
-                Node.printWarning("This node is running in developer mode! ${Emoji.developer} This is not safe for production deployment.")
+                Node.printWarning("This node is running in development mode! ${Emoji.developer} This is not safe for production deployment.")
             }
         } else {
             logger.info("The Corda node is running in production mode. If this is a developer environment you can set 'devMode=true' in the node.conf file.")
@@ -256,7 +191,7 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
             Node.printBasicNodeInfo("Node for \"$name\" started up and registered in $elapsed sec")
 
             // Don't start the shell if there's no console attached.
-            if (conf.shouldStartLocalShell()) {
+            if (node.configuration.shouldStartLocalShell()) {
                 node.startupComplete.then {
                     try {
                         InteractiveShell.runLocalShell(node::stop)
@@ -265,8 +200,8 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
                     }
                 }
             }
-            if (conf.shouldStartSSHDaemon()) {
-                Node.printBasicNodeInfo("SSH server listening on port", conf.sshd!!.port.toString())
+            if (node.configuration.shouldStartSSHDaemon()) {
+                Node.printBasicNodeInfo("SSH server listening on port", node.configuration.sshd!!.port.toString())
             }
         },
                 { th ->
@@ -275,82 +210,6 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         node.run()
     }
 
-    private fun generateRpcSslCertificates(conf: NodeConfiguration) {
-        val (keyPair, cert) = createKeyPairAndSelfSignedTLSCertificate(conf.myLegalName.x500Principal)
-
-        val keyStorePath = conf.baseDirectory / "certificates" / "rpcsslkeystore.jks"
-        val trustStorePath = conf.baseDirectory / "certificates" / "export" / "rpcssltruststore.jks"
-
-        if (keyStorePath.exists() || trustStorePath.exists()) {
-            println("Found existing RPC SSL keystores. Command was already run. Exiting..")
-            exitProcess(0)
-        }
-
-        val console: Console? = System.console()
-
-        when (console) {
-            // In this case, the JVM is not connected to the console so we need to exit.
-            null -> {
-                println("Not connected to console. Exiting")
-                exitProcess(1)
-            }
-            // Otherwise we can proceed normally.
-            else -> {
-                while (true) {
-                    val keystorePassword1 = console.readPassword("Enter the RPC keystore password => ")
-                    // TODO: consider adding a password strength policy.
-                    if (keystorePassword1.isEmpty()) {
-                        println("The RPC keystore password cannot be an empty String.")
-                        continue
-                    }
-
-                    val keystorePassword2 = console.readPassword("Re-enter the RPC keystore password => ")
-                    if (!keystorePassword1.contentEquals(keystorePassword2)) {
-                        println("The RPC keystore passwords don't match.")
-                        continue
-                    }
-
-                    saveToKeyStore(keyStorePath, keyPair, cert, String(keystorePassword1), "rpcssl")
-                    println("The RPC keystore was saved to: $keyStorePath .")
-                    break
-                }
-
-                while (true) {
-                    val trustStorePassword1 = console.readPassword("Enter the RPC truststore password => ")
-                    // TODO: consider adding a password strength policy.
-                    if (trustStorePassword1.isEmpty()) {
-                        println("The RPC truststore password cannot be an empty String.")
-                        continue
-                    }
-
-                    val trustStorePassword2 = console.readPassword("Re-enter the RPC truststore password => ")
-                    if (!trustStorePassword1.contentEquals(trustStorePassword2)) {
-                        println("The RPC truststore passwords don't match.")
-                        continue
-                    }
-
-                    saveToTrustStore(trustStorePath, cert, String(trustStorePassword1), "rpcssl")
-                    println("The RPC truststore was saved to: $trustStorePath .")
-                    println("You need to distribute this file along with the password in a secure way to all RPC clients.")
-                    break
-                }
-
-                val dollar = '$'
-                println("""
-                            |
-                            |The SSL certificates for RPC were generated successfully.
-                            |
-                            |Add this snippet to the "rpcSettings" section of your node.conf:
-                            |       useSsl=true
-                            |       ssl {
-                            |           keyStorePath=$dollar{baseDirectory}/certificates/rpcsslkeystore.jks
-                            |           keyStorePassword=the_above_password
-                            |       }
-                            |""".trimMargin())
-            }
-        }
-    }
-
     protected open fun logStartupInfo(versionInfo: VersionInfo, conf: NodeConfiguration) {
         logger.info("Vendor: ${versionInfo.vendor}")
         logger.info("Release: ${versionInfo.releaseVersion}")
@@ -376,40 +235,12 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         logger.info(nodeStartedMessage)
     }
 
-    protected open fun registerWithNetwork(
-            conf: NodeConfiguration,
-            versionInfo: VersionInfo,
-            nodeRegistrationConfig: NodeRegistrationOption
-    ) {
-        println("\n" +
-                "******************************************************************\n" +
-                "*                                                                *\n" +
-                "*      Registering as a new participant with a Corda network     *\n" +
-                "*                                                                *\n" +
-                "******************************************************************\n")
-
-        NodeRegistrationHelper(conf,
-                HTTPNetworkRegistrationService(
-                        requireNotNull(conf.networkServices),
-                        versionInfo),
-                nodeRegistrationConfig).buildKeystore()
-
-        // Minimal changes to make registration tool create node identity.
-        // TODO: Move node identity generation logic from node to registration helper.
-        createNode(conf, getVersionInfo()).generateAndSaveNodeInfo()
-
-        println("Successfully registered Corda node with compatibility zone, node identity keys and certificates are stored in '${conf.certificatesDirectory}', it is advised to backup the private keys and certificates.")
-        println("Corda node will now terminate.")
-    }
-
-    protected open fun loadConfigFile(): Pair<Config, Try<NodeConfiguration>> = cmdLineOptions.loadConfig()
-
     protected open fun banJavaSerialisation(conf: NodeConfiguration) {
         // Note that in dev mode this filter can be overridden by a notary service implementation.
         SerialFilter.install(::defaultSerialFilter)
     }
 
-    protected open fun getVersionInfo(): VersionInfo {
+    open fun getVersionInfo(): VersionInfo {
         return VersionInfo(
                 PLATFORM_VERSION,
                 CordaVersionProvider.releaseVersion,
@@ -462,18 +293,6 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
         }
     }
 
-    override fun initLogging() {
-        val loggingLevel = loggingLevel.name.toLowerCase(Locale.ENGLISH)
-        System.setProperty("defaultLogLevel", loggingLevel) // These properties are referenced from the XML config file.
-        if (verbose) {
-            System.setProperty("consoleLogLevel", loggingLevel)
-            Node.renderBasicInfoToConsole = false
-        }
-        System.setProperty("log-path", (cmdLineOptions.baseDirectory / LOGS_DIRECTORY_NAME).toString())
-        SLF4JBridgeHandler.removeHandlersForRootLogger() // The default j.u.l config adds a ConsoleHandler.
-        SLF4JBridgeHandler.install()
-    }
-
     private fun lookupMachineNameAndMaybeWarn(): String {
         val start = System.currentTimeMillis()
         val hostName: String = InetAddress.getLocalHost().hostName
@@ -577,3 +396,66 @@ open class NodeStartup : CordaCliWrapper("corda", "Runs a Corda Node") {
     }
 }
 
+/** Provide some common logging methods for node startup commands. */
+interface NodeStartupLogging {
+    companion object {
+        val logger by lazy { contextLogger() }
+        val startupErrors = setOf(MultipleCordappsForFlowException::class, CheckpointIncompatibleException::class, AddressBindingException::class, NetworkParametersReader::class, DatabaseIncompatibleException::class)
+    }
+
+    fun <RESULT> attempt(action: () -> RESULT): Try<RESULT> = Try.on(action)
+
+    fun Exception.logAsExpected(message: String? = this.message, print: (String?) -> Unit = logger::error) = print(message)
+
+    fun Exception.logAsUnexpected(message: String? = this.message, error: Exception = this, print: (String?, Throwable) -> Unit = logger::error) = print("$message${this.message?.let { ": $it" } ?: ""}", error)
+
+    fun handleRegistrationError(error: Exception) {
+        when (error) {
+            is NodeRegistrationException -> error.logAsExpected("Issue with Node registration: ${error.message}")
+            else -> error.logAsUnexpected("Exception during node registration")
+        }
+    }
+
+    fun Exception.isOpenJdkKnownIssue() = message?.startsWith("Unknown named curve:") == true
+
+    fun Exception.isExpectedWhenStartingNode() = startupErrors.any { error -> error.isInstance(this) }
+
+    fun handleStartError(error: Exception) {
+        when {
+            error.isExpectedWhenStartingNode() -> error.logAsExpected()
+            error is CouldNotCreateDataSourceException -> error.logAsUnexpected()
+            error is Errors.NativeIoException && error.message?.contains("Address already in use") == true -> error.logAsExpected("One of the ports required by the Corda node is already in use.")
+            error.isOpenJdkKnownIssue() -> error.logAsExpected("Exception during node startup - ${error.message}. This is a known OpenJDK issue on some Linux distributions, please use OpenJDK from zulu.org or Oracle JDK.")
+            else -> error.logAsUnexpected("Exception during node startup")
+        }
+    }
+
+    fun handleConfigurationLoadingError(configFile: Path) = { error: Exception ->
+        when (error) {
+            is UnknownConfigurationKeysException -> error.logAsExpected()
+            is ConfigException.IO -> error.logAsExpected(configFileNotFoundMessage(configFile), ::println)
+            else -> error.logAsUnexpected("Unexpected error whilst reading node configuration")
+        }
+    }
+
+    private fun configFileNotFoundMessage(configFile: Path): String {
+        return """
+                Unable to load the node config file from '$configFile'.
+
+                Try setting the --base-directory flag to change which directory the node
+                is looking in, or use the --config-file flag to specify it explicitly.
+            """.trimIndent()
+    }
+}
+
+fun CliWrapperBase.initLogging(baseDirectory: Path) {
+    val loggingLevel = loggingLevel.name.toLowerCase(Locale.ENGLISH)
+    System.setProperty("defaultLogLevel", loggingLevel) // These properties are referenced from the XML config file.
+    if (verbose) {
+        System.setProperty("consoleLogLevel", loggingLevel)
+        Node.renderBasicInfoToConsole = false
+    }
+    System.setProperty("log-path", (baseDirectory / NodeCliCommand.LOGS_DIRECTORY_NAME).toString())
+    SLF4JBridgeHandler.removeHandlersForRootLogger() // The default j.u.l config adds a ConsoleHandler.
+    SLF4JBridgeHandler.install()
+}
diff --git a/node/src/main/kotlin/net/corda/node/internal/subcommands/ClearNetworkCacheCli.kt b/node/src/main/kotlin/net/corda/node/internal/subcommands/ClearNetworkCacheCli.kt
new file mode 100644
index 0000000000..224697d410
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/internal/subcommands/ClearNetworkCacheCli.kt
@@ -0,0 +1,14 @@
+package net.corda.node.internal.subcommands
+
+import net.corda.node.internal.Node
+import net.corda.node.internal.NodeCliCommand
+import net.corda.node.internal.NodeStartup
+import net.corda.node.internal.RunAfterNodeInitialisation
+
+class ClearNetworkCacheCli(startup: NodeStartup): NodeCliCommand("clear-network-cache", "Clears local copy of network map, on node startup it will be restored from server or file system.", startup) {
+    override fun runProgram(): Int {
+        return startup.initialiseAndRun(cmdLineOptions, object: RunAfterNodeInitialisation {
+            override fun run(node: Node) = node.clearNetworkMapCache()
+        })
+    }
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateNodeInfoCli.kt b/node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateNodeInfoCli.kt
new file mode 100644
index 0000000000..dc4b240bd8
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateNodeInfoCli.kt
@@ -0,0 +1,16 @@
+package net.corda.node.internal.subcommands
+
+import net.corda.node.internal.Node
+import net.corda.node.internal.NodeCliCommand
+import net.corda.node.internal.NodeStartup
+import net.corda.node.internal.RunAfterNodeInitialisation
+
+class GenerateNodeInfoCli(startup: NodeStartup): NodeCliCommand("generate-node-info", "Performs the node start-up tasks necessary to generate the nodeInfo file, saves it to disk, then exits.", startup) {
+    override fun runProgram(): Int {
+        return startup.initialiseAndRun(cmdLineOptions, object : RunAfterNodeInitialisation {
+            override fun run(node: Node) {
+                node.generateAndSaveNodeInfo()
+            }
+        })
+    }
+}
\ No newline at end of file
diff --git a/node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateRpcSslCertsCli.kt b/node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateRpcSslCertsCli.kt
new file mode 100644
index 0000000000..6174a2df2e
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/internal/subcommands/GenerateRpcSslCertsCli.kt
@@ -0,0 +1,103 @@
+package net.corda.node.internal.subcommands
+
+import net.corda.core.internal.div
+import net.corda.core.internal.exists
+import net.corda.node.internal.Node
+import net.corda.node.internal.NodeCliCommand
+import net.corda.node.internal.NodeStartup
+import net.corda.node.internal.RunAfterNodeInitialisation
+import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.utilities.createKeyPairAndSelfSignedTLSCertificate
+import net.corda.node.utilities.saveToKeyStore
+import net.corda.node.utilities.saveToTrustStore
+import java.io.Console
+import kotlin.system.exitProcess
+
+class GenerateRpcSslCertsCli(startup: NodeStartup): NodeCliCommand("generate-rpc-ssl-settings", "Generates the SSL key and trust stores for a secure RPC connection.", startup) {
+    override fun runProgram(): Int {
+        return startup.initialiseAndRun(cmdLineOptions, GenerateRpcSslCerts())
+    }
+}
+
+class GenerateRpcSslCerts: RunAfterNodeInitialisation {
+    override fun run(node: Node) {
+        generateRpcSslCertificates(node.configuration)
+    }
+
+    private fun generateRpcSslCertificates(conf: NodeConfiguration) {
+        val (keyPair, cert) = createKeyPairAndSelfSignedTLSCertificate(conf.myLegalName.x500Principal)
+
+        val keyStorePath = conf.baseDirectory / "certificates" / "rpcsslkeystore.jks"
+        val trustStorePath = conf.baseDirectory / "certificates" / "export" / "rpcssltruststore.jks"
+
+        if (keyStorePath.exists() || trustStorePath.exists()) {
+            println("Found existing RPC SSL keystores. Command was already run. Exiting.")
+            exitProcess(0)
+        }
+
+        val console: Console? = System.console()
+
+        when (console) {
+            // In this case, the JVM is not connected to the console so we need to exit.
+            null -> {
+                println("Not connected to console. Exiting.")
+                exitProcess(1)
+            }
+            // Otherwise we can proceed normally.
+            else -> {
+                while (true) {
+                    val keystorePassword1 = console.readPassword("Enter the RPC keystore password:")
+                    // TODO: consider adding a password strength policy.
+                    if (keystorePassword1.isEmpty()) {
+                        println("The RPC keystore password cannot be an empty String.")
+                        continue
+                    }
+
+                    val keystorePassword2 = console.readPassword("Re-enter the RPC keystore password:")
+                    if (!keystorePassword1.contentEquals(keystorePassword2)) {
+                        println("The RPC keystore passwords don't match.")
+                        continue
+                    }
+
+                    saveToKeyStore(keyStorePath, keyPair, cert, String(keystorePassword1), "rpcssl")
+                    println("The RPC keystore was saved to: $keyStorePath .")
+                    break
+                }
+
+                while (true) {
+                    val trustStorePassword1 = console.readPassword("Enter the RPC truststore password:")
+                    // TODO: consider adding a password strength policy.
+                    if (trustStorePassword1.isEmpty()) {
+                        println("The RPC truststore password cannot be an empty string.")
+                        continue
+                    }
+
+                    val trustStorePassword2 = console.readPassword("Re-enter the RPC truststore password:")
+                    if (!trustStorePassword1.contentEquals(trustStorePassword2)) {
+                        println("The RPC truststore passwords don't match.")
+                        continue
+                    }
+
+                    saveToTrustStore(trustStorePath, cert, String(trustStorePassword1), "rpcssl")
+                    println("The RPC truststore was saved to: $trustStorePath.")
+                    println("You need to distribute this file along with the password in a secure way to all RPC clients.")
+                    break
+                }
+
+                val dollar = '$'
+                println("""
+                            |
+                            |The SSL certificates for RPC were generated successfully.
+                            |
+                            |Add this snippet to the "rpcSettings" section of your node.conf:
+                            |       useSsl=true
+                            |       ssl {
+                            |           keyStorePath=$dollar{baseDirectory}/certificates/rpcsslkeystore.jks
+                            |           keyStorePassword=the_above_password
+                            |       }
+                            |""".trimMargin())
+            }
+        }
+    }
+
+}
diff --git a/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt b/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt
new file mode 100644
index 0000000000..33c9ac048c
--- /dev/null
+++ b/node/src/main/kotlin/net/corda/node/internal/subcommands/InitialRegistrationCli.kt
@@ -0,0 +1,110 @@
+package net.corda.node.internal.subcommands
+
+import net.corda.cliutils.CliWrapperBase
+import net.corda.core.internal.createFile
+import net.corda.core.internal.div
+import net.corda.core.internal.exists
+import net.corda.core.utilities.Try
+import net.corda.node.InitialRegistrationCmdLineOptions
+import net.corda.node.NodeRegistrationOption
+import net.corda.node.internal.*
+import net.corda.node.internal.NodeStartupLogging.Companion.logger
+import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.utilities.registration.HTTPNetworkRegistrationService
+import net.corda.node.utilities.registration.NodeRegistrationHelper
+import picocli.CommandLine.Mixin
+import picocli.CommandLine.Option
+import java.io.File
+import java.nio.file.Path
+
+class InitialRegistrationCli(val startup: NodeStartup): CliWrapperBase("initial-registration", "Starts initial node registration with Corda network to obtain certificate from the permissioning server.") {
+    @Option(names = ["-t", "--network-root-truststore"], description = ["Network root trust store obtained from network operator."])
+    var networkRootTrustStorePathParameter: Path? = null
+
+    @Option(names = ["-p", "--network-root-truststore-password"], description = ["Network root trust store password obtained from network operator."], required = true)
+    var networkRootTrustStorePassword: String = ""
+
+    override fun runProgram() : Int {
+        val networkRootTrustStorePath: Path = networkRootTrustStorePathParameter ?: cmdLineOptions.baseDirectory / "certificates" / "network-root-truststore.jks"
+        return startup.initialiseAndRun(cmdLineOptions, InitialRegistration(cmdLineOptions.baseDirectory, networkRootTrustStorePath, networkRootTrustStorePassword, startup))
+    }
+
+    override fun initLogging() = this.initLogging(cmdLineOptions.baseDirectory)
+
+    @Mixin
+    val cmdLineOptions = InitialRegistrationCmdLineOptions()
+}
+
+class InitialRegistration(val baseDirectory: Path, private val networkRootTrustStorePath: Path, networkRootTrustStorePassword: String, private val startup: NodeStartup) : RunAfterNodeInitialisation, NodeStartupLogging {
+    companion object {
+        private const val INITIAL_REGISTRATION_MARKER = ".initialregistration"
+
+        fun checkRegistrationMode(baseDirectory: Path): Boolean {
+            // If the node was started with `--initial-registration`, create marker file.
+            // We do this here to ensure the marker is created even if parsing the args with NodeArgsParser fails.
+            val marker = baseDirectory / INITIAL_REGISTRATION_MARKER
+            if (!marker.exists()) {
+                return false
+            }
+            try {
+                marker.createFile()
+            } catch (e: Exception) {
+                logger.warn("Could not create marker file for `initial-registration`.", e)
+            }
+            return true
+        }
+    }
+
+    private val nodeRegistration = NodeRegistrationOption(networkRootTrustStorePath, networkRootTrustStorePassword)
+
+    private fun registerWithNetwork(conf: NodeConfiguration) {
+        val versionInfo = startup.getVersionInfo()
+
+        println("\n" +
+                "******************************************************************\n" +
+                "*                                                                *\n" +
+                "*      Registering as a new participant with a Corda network     *\n" +
+                "*                                                                *\n" +
+                "******************************************************************\n")
+
+        NodeRegistrationHelper(conf,
+                HTTPNetworkRegistrationService(
+                        requireNotNull(conf.networkServices),
+                        versionInfo),
+                nodeRegistration).buildKeystore()
+
+        // Minimal changes to make registration tool create node identity.
+        // TODO: Move node identity generation logic from node to registration helper.
+        startup.createNode(conf, versionInfo).generateAndSaveNodeInfo()
+
+        println("Successfully registered Corda node with compatibility zone, node identity keys and certificates are stored in '${conf.certificatesDirectory}', it is advised to backup the private keys and certificates.")
+        println("Corda node will now terminate.")
+    }
+
+    private fun initialRegistration(config: NodeConfiguration) {
+        // Null checks for [compatibilityZoneURL], [rootTruststorePath] and [rootTruststorePassword] has been done in [CmdLineOptions.loadConfig]
+        attempt { registerWithNetwork(config) }.doOnException(this::handleRegistrationError) as? Try.Success
+        // At this point the node registration was successful. We can delete the marker file.
+        deleteNodeRegistrationMarker(baseDirectory)
+    }
+
+    private fun deleteNodeRegistrationMarker(baseDir: Path) {
+        try {
+            val marker = File((baseDir / INITIAL_REGISTRATION_MARKER).toUri())
+            if (marker.exists()) {
+                marker.delete()
+            }
+        } catch (e: Exception) {
+            e.logAsUnexpected( "Could not delete the marker file that was created for `initial-registration`.", print = logger::warn)
+        }
+    }
+
+    override fun run(node: Node) {
+        require(networkRootTrustStorePath.exists()) { "Network root trust store path: '$networkRootTrustStorePath' doesn't exist" }
+        if (checkRegistrationMode(baseDirectory)) {
+            println("Node was started before with `--initial-registration`, but the registration was not completed.\nResuming registration.")
+        }
+        initialRegistration(node.configuration)
+    }
+}
+
diff --git a/node/src/main/resources/net.corda.node.internal.NodeStartup.yml b/node/src/main/resources/net.corda.node.internal.NodeStartupCli.yml
similarity index 92%
rename from node/src/main/resources/net.corda.node.internal.NodeStartup.yml
rename to node/src/main/resources/net.corda.node.internal.NodeStartupCli.yml
index 28f0651a78..ea59505694 100644
--- a/node/src/main/resources/net.corda.node.internal.NodeStartup.yml
+++ b/node/src/main/resources/net.corda.node.internal.NodeStartupCli.yml
@@ -26,11 +26,6 @@
     required: false
     multiParam: false
     acceptableValues: []
-  - parameterName: "--install-shell-extensions"
-    parameterType: "boolean"
-    required: false
-    multiParam: false
-    acceptableValues: []
   - parameterName: "--just-generate-node-info"
     parameterType: "boolean"
     required: false
@@ -99,11 +94,6 @@
     required: false
     multiParam: true
     acceptableValues: []
-  - parameterName: "-c"
-    parameterType: "boolean"
-    required: false
-    multiParam: false
-    acceptableValues: []
   - parameterName: "-d"
     parameterType: "java.lang.Boolean"
     required: false
diff --git a/node/src/test/kotlin/net/corda/node/internal/NodeStartupCompatibilityTest.kt b/node/src/test/kotlin/net/corda/node/internal/NodeStartupCompatibilityTest.kt
index 283814b936..d7766ecb76 100644
--- a/node/src/test/kotlin/net/corda/node/internal/NodeStartupCompatibilityTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/NodeStartupCompatibilityTest.kt
@@ -2,4 +2,4 @@ package net.corda.node.internal
 
 import net.corda.testing.CliBackwardsCompatibleTest
 
-class NodeStartupCompatibilityTest : CliBackwardsCompatibleTest(NodeStartup::class.java)
\ No newline at end of file
+class NodeStartupCompatibilityTest : CliBackwardsCompatibleTest(NodeStartupCli::class.java)
\ No newline at end of file
diff --git a/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt b/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt
index ec1da7a226..976c1fec79 100644
--- a/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt
+++ b/node/src/test/kotlin/net/corda/node/internal/NodeStartupTest.kt
@@ -1,6 +1,8 @@
 package net.corda.node.internal
 
 import net.corda.core.internal.div
+import net.corda.node.InitialRegistrationCmdLineOptions
+import net.corda.node.internal.subcommands.InitialRegistrationCli
 import net.corda.nodeapi.internal.config.UnknownConfigKeysPolicy
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.BeforeClass
@@ -11,7 +13,7 @@ import java.nio.file.Path
 import java.nio.file.Paths
 
 class NodeStartupTest {
-    private val startup = NodeStartup()
+    private val startup = NodeStartupCli()
 
     companion object {
         private lateinit var workingDirectory: Path
@@ -30,7 +32,6 @@ class NodeStartupTest {
         assertThat(startup.cmdLineOptions.configFile).isEqualTo(workingDirectory / "node.conf")
         assertThat(startup.verbose).isEqualTo(false)
         assertThat(startup.loggingLevel).isEqualTo(Level.INFO)
-        assertThat(startup.cmdLineOptions.nodeRegistrationOption).isEqualTo(null)
         assertThat(startup.cmdLineOptions.noLocalShell).isEqualTo(false)
         assertThat(startup.cmdLineOptions.sshdServer).isEqualTo(false)
         assertThat(startup.cmdLineOptions.justGenerateNodeInfo).isEqualTo(false)
@@ -38,7 +39,7 @@ class NodeStartupTest {
         assertThat(startup.cmdLineOptions.unknownConfigKeysPolicy).isEqualTo(UnknownConfigKeysPolicy.FAIL)
         assertThat(startup.cmdLineOptions.devMode).isEqualTo(null)
         assertThat(startup.cmdLineOptions.clearNetworkMapCache).isEqualTo(false)
-        assertThat(startup.cmdLineOptions.networkRootTrustStorePath).isEqualTo(workingDirectory / "certificates" / "network-root-truststore.jks")
+        assertThat(startup.cmdLineOptions.networkRootTrustStorePathParameter).isEqualTo(null)
     }
 
     @Test
@@ -46,6 +47,6 @@ class NodeStartupTest {
         CommandLine.populateCommand(startup, "--base-directory", (workingDirectory / "another-base-dir").toString())
         assertThat(startup.cmdLineOptions.baseDirectory).isEqualTo(workingDirectory / "another-base-dir")
         assertThat(startup.cmdLineOptions.configFile).isEqualTo(workingDirectory / "another-base-dir" / "node.conf")
-        assertThat(startup.cmdLineOptions.networkRootTrustStorePath).isEqualTo(workingDirectory / "another-base-dir" / "certificates" / "network-root-truststore.jks")
+        assertThat(startup.cmdLineOptions.networkRootTrustStorePathParameter).isEqualTo(null)
     }
 }
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
index ad2173c181..18bc7da028 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/DriverDSLImpl.kt
@@ -322,7 +322,7 @@ class DriverDSLImpl(
         } else {
             startOutOfProcessMiniNode(
                     config,
-                    "--initial-registration",
+                    "initial-registration",
                     "--network-root-truststore=${rootTruststorePath.toAbsolutePath()}",
                     "--network-root-truststore-password=$rootTruststorePassword"
             ).map { config }
@@ -457,7 +457,7 @@ class DriverDSLImpl(
             } else {
                 // TODO The config we use here is uses a hardocded p2p port which changes when the node is run proper
                 // This causes two node info files to be generated.
-                startOutOfProcessMiniNode(config, "--just-generate-node-info").map {
+                startOutOfProcessMiniNode(config, "generate-node-info").map {
                     // Once done we have to read the signed node info file that's been generated
                     val nodeInfoFile = config.corda.baseDirectory.list { paths ->
                         paths.filter { it.fileName.toString().startsWith(NodeInfoFilesCopier.NODE_INFO_FILE_NAME_PREFIX) }.findFirst().get()
diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
index a86abe6b9d..21988565aa 100644
--- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
+++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/NodeBasedTest.kt
@@ -32,6 +32,7 @@ import rx.internal.schedulers.CachedThreadScheduler
 import java.nio.file.Path
 import java.util.concurrent.Executors
 import kotlin.concurrent.thread
+import kotlin.test.assertFalse
 
 // TODO Some of the logic here duplicates what's in the driver - the reason why it's not straightforward to replace it by
 // using DriverDSLImpl in `init()` and `stopAllNodes()` is because of the platform version passed to nodes (driver doesn't
@@ -150,9 +151,8 @@ abstract class NodeBasedTest(private val cordappPackages: List<String> = emptyLi
 }
 
 class InProcessNode(configuration: NodeConfiguration, versionInfo: VersionInfo, flowManager: FlowManager = NodeFlowManager(configuration.flowOverrides)) : Node(configuration, versionInfo, false, flowManager = flowManager) {
-
     override fun start() : NodeInfo {
-        check(isValidJavaVersion()) { "You are using a version of Java that is not supported (${SystemUtils.JAVA_VERSION}). Please upgrade to the latest version of Java 8." }
+        assertFalse(isInvalidJavaVersion(), "You are using a version of Java that is not supported (${SystemUtils.JAVA_VERSION}). Please upgrade to the latest version of Java 8." )
         return super.start()
     }
 
diff --git a/testing/test-cli/build.gradle b/testing/test-cli/build.gradle
index 462499bf64..3d32512119 100644
--- a/testing/test-cli/build.gradle
+++ b/testing/test-cli/build.gradle
@@ -2,7 +2,7 @@ apply plugin: 'java'
 apply plugin: 'kotlin'
 
 dependencies {
-    compile group: 'info.picocli', name: 'picocli', version: '3.0.1'
+    compile "info.picocli:picocli:$picocli_version"
     compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
     compile group: "com.fasterxml.jackson.dataformat", name: "jackson-dataformat-yaml", version: "2.9.0"
     compile group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.9.0"
diff --git a/tools/blobinspector/build.gradle b/tools/blobinspector/build.gradle
index a1f6f865ef..8c0045035d 100644
--- a/tools/blobinspector/build.gradle
+++ b/tools/blobinspector/build.gradle
@@ -14,7 +14,6 @@ dependencies {
         exclude module: 'node-api'
         exclude module: 'finance'
     }
-    testCompile project(':test-utils')
 }
 
 jar {
diff --git a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
index 8670989fd1..8d8e762ed7 100644
--- a/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
+++ b/tools/blobinspector/src/main/kotlin/net/corda/blobinspector/BlobInspector.kt
@@ -47,7 +47,7 @@ class BlobInspector : CordaCliWrapper("blob-inspector", "Convert AMQP serialised
             description = ["Display the owningKey and certPath properties of Party and PartyAndReference objects respectively"])
     private var fullParties: Boolean = false
 
-    @Option(names = ["--schema"], description = ["Print the blob's schema first"])
+    @Option(names = ["--schema"], description = ["Prints the blob's schema first"])
     private var schema: Boolean = false
 
     override fun runProgram() = run(System.out)
diff --git a/tools/blobinspector/src/test/resources/net.corda.blobinspector.BlobInspector.yml b/tools/blobinspector/src/test/resources/net.corda.blobinspector.BlobInspector.yml
new file mode 100644
index 0000000000..66b94ae7de
--- /dev/null
+++ b/tools/blobinspector/src/test/resources/net.corda.blobinspector.BlobInspector.yml
@@ -0,0 +1,58 @@
+- commandName: "<main class>"
+  positionalParams:
+  - parameterName: "0"
+    parameterType: "java.net.URL"
+    required: true
+    multiParam: false
+    acceptableValues: []
+  params:
+  - parameterName: "--format"
+    parameterType: "net.corda.blobinspector.OutputFormatType"
+    required: false
+    multiParam: false
+    acceptableValues:
+    - "YAML"
+    - "JSON"
+  - parameterName: "--full-parties"
+    parameterType: "boolean"
+    required: false
+    multiParam: false
+    acceptableValues: []
+  - parameterName: "--input-format"
+    parameterType: "net.corda.blobinspector.InputFormatType"
+    required: false
+    multiParam: false
+    acceptableValues:
+    - "BINARY"
+    - "HEX"
+    - "BASE64"
+  - parameterName: "--log-to-console"
+    parameterType: "boolean"
+    required: false
+    multiParam: false
+    acceptableValues: []
+  - parameterName: "--logging-level"
+    parameterType: "org.slf4j.event.Level"
+    required: false
+    multiParam: false
+    acceptableValues:
+    - "ERROR"
+    - "WARN"
+    - "INFO"
+    - "DEBUG"
+    - "TRACE"
+  - parameterName: "--schema"
+    parameterType: "boolean"
+    required: false
+    multiParam: false
+    acceptableValues: []
+  - parameterName: "--verbose"
+    parameterType: "boolean"
+    required: false
+    multiParam: false
+    acceptableValues: []
+  - parameterName: "-v"
+    parameterType: "boolean"
+    required: false
+    multiParam: false
+    acceptableValues: []
\ No newline at end of file
diff --git a/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt b/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
index e3a1967e2e..3436bdfaf3 100644
--- a/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
+++ b/tools/bootstrapper/src/main/kotlin/net/corda/bootstrapper/Main.kt
@@ -25,7 +25,7 @@ class NetworkBootstrapperRunner : CordaCliWrapper("bootstrapper", "Bootstrap a l
     @Option(names = ["--no-copy"], description = ["""Don't copy the CorDapp JARs into the nodes' "cordapps" directories."""])
     private var noCopy: Boolean = false
 
-    @Option(names = ["--minimum-platform-version"], description = ["The minimumPlatformVersion to use in the network-parameters"])
+    @Option(names = ["--minimum-platform-version"], description = ["The minimumPlatformVersion to use in the network-parameters."])
     private var minimumPlatformVersion = PLATFORM_VERSION
 
     override fun runProgram(): Int {
diff --git a/tools/bootstrapper/src/test/resources/net.corda.bootstrapper.NetworkBootstrapperRunner.yml b/tools/bootstrapper/src/test/resources/net.corda.bootstrapper.NetworkBootstrapperRunner.yml
index de9379b953..f8e50ac29b 100644
--- a/tools/bootstrapper/src/test/resources/net.corda.bootstrapper.NetworkBootstrapperRunner.yml
+++ b/tools/bootstrapper/src/test/resources/net.corda.bootstrapper.NetworkBootstrapperRunner.yml
@@ -6,11 +6,6 @@
     required: false
     multiParam: true
     acceptableValues: []
-  - parameterName: "--install-shell-extensions"
-    parameterType: "boolean"
-    required: false
-    multiParam: false
-    acceptableValues: []
   - parameterName: "--log-to-console"
     parameterType: "boolean"
     required: false
diff --git a/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt b/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt
index 5a35be8089..60fa089ff4 100644
--- a/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt
+++ b/tools/cliutils/src/main/kotlin/net/corda/cliutils/CordaCliWrapper.kt
@@ -69,57 +69,43 @@ fun CordaCliWrapper.start(args: Array<String>) {
     cmd.registerConverter(Path::class.java) { Paths.get(it).toAbsolutePath().normalize() }
     cmd.commandSpec.name(alias)
     cmd.commandSpec.usageMessage().description(description)
-    cmd.commandSpec.parser().collectErrors(true)
+    this.subCommands().forEach {
+        val subCommand = CommandLine(it)
+        it.args = args
+        subCommand.commandSpec.usageMessage().description(it.description)
+        cmd.commandSpec.addSubcommand(it.alias, subCommand)
+    }
+
     try {
         val defaultAnsiMode = if (CordaSystemUtils.isOsWindows()) {
             Help.Ansi.ON
         } else {
             Help.Ansi.AUTO
         }
-
-        val results = cmd.parse(*args)
-        val app = cmd.getCommand<CordaCliWrapper>()
-        if (cmd.isUsageHelpRequested) {
-            cmd.usage(System.out, defaultAnsiMode)
-            exitProcess(ExitCodes.SUCCESS)
-        }
-        if (cmd.isVersionHelpRequested) {
-            cmd.printVersionHelp(System.out, defaultAnsiMode)
-            exitProcess(ExitCodes.SUCCESS)
-        }
-        if (app.installShellExtensionsParser.installShellExtensions) {
-            System.out.println("Install shell extensions: ${app.installShellExtensionsParser.installShellExtensions}")
-            // ignore any parsing errors and run the program
-            exitProcess(app.call())
-        }
-        val allErrors = results.flatMap { it.parseResult?.errors() ?: emptyList() }
-        if (allErrors.any()) {
-            val parameterExceptions = allErrors.asSequence().filter { it is ParameterException }
-            if (parameterExceptions.any()) {
-                System.err.println("${ShellConstants.RED}${parameterExceptions.map{ it.message }.joinToString()}${ShellConstants.RESET}")
-                parameterExceptions.filter { it is UnmatchedArgumentException}.forEach { (it as UnmatchedArgumentException).printSuggestions(System.out) }
-                usage(cmd, System.out, defaultAnsiMode)
+        val results = cmd.parseWithHandlers(RunLast().useOut(System.out).useAnsi(defaultAnsiMode),
+                DefaultExceptionHandler<List<Any>>().useErr(System.err).useAnsi(defaultAnsiMode),
+                *args)
+        // If an error code has been returned, use this and exit
+        results?.firstOrNull()?.let {
+            if (it is Int) {
+                exitProcess(it)
+            } else {
                 exitProcess(ExitCodes.FAILURE)
             }
-            throw allErrors.first()
         }
-        exitProcess(app.call())
-    } catch (e: Exception) {
+        // If no results returned, picocli ran something without invoking the main program, e.g. --help or --version, so exit successfully
+        exitProcess(ExitCodes.SUCCESS)
+    } catch (e: ExecutionException) {
         val throwable = e.cause ?: e
         if (this.verbose) {
             throwable.printStackTrace()
         } else {
-            System.err.println("${ShellConstants.RED}${throwable.rootMessage ?: "Use --verbose for more details"}${ShellConstants.RESET}")
+            System.err.println("*ERROR*: ${throwable.rootMessage ?: "Use --verbose for more details"}")
         }
         exitProcess(ExitCodes.FAILURE)
     }
 }
 
-/**
- * Simple base class for handling help, version, verbose and logging-level commands.
- * As versionProvider information from the MANIFEST file is used. It can be overwritten by custom version providers (see: Node)
- * Picocli will prioritise versionProvider from the `@Command` annotation on the subclass, see: https://picocli.info/#_reuse_combinations
- */
 @Command(mixinStandardHelpOptions = true,
         versionProvider = CordaVersionProvider::class,
         sortOptions = false,
@@ -129,9 +115,9 @@ fun CordaCliWrapper.start(args: Array<String>) {
         parameterListHeading = "%n@|bold,underline Parameters|@:%n%n",
         optionListHeading = "%n@|bold,underline Options|@:%n%n",
         commandListHeading = "%n@|bold,underline Commands|@:%n%n")
-abstract class CordaCliWrapper(val alias: String, val description: String) : Callable<Int> {
+abstract class CliWrapperBase(val alias: String, val description: String) : Callable<Int> {
     companion object {
-        private val logger by lazy { loggerFor<CordaCliWrapper>() }
+        private val logger by lazy { contextLogger() }
     }
 
     // Raw args are provided for use in logging - this is a lateinit var rather than a constructor parameter as the class
@@ -148,9 +134,6 @@ abstract class CordaCliWrapper(val alias: String, val description: String) : Cal
     )
     var loggingLevel: Level = Level.INFO
 
-    @Mixin
-    lateinit var installShellExtensionsParser: InstallShellExtensionsParser
-
     // This needs to be called before loggers (See: NodeStartup.kt:51 logger called by lazy, initLogging happens before).
     // Node's logging is more rich. In corda configurations two properties, defaultLoggingLevel and consoleLogLevel, are usually used.
     open fun initLogging() {
@@ -169,7 +152,32 @@ abstract class CordaCliWrapper(val alias: String, val description: String) : Cal
     override fun call(): Int {
         initLogging()
         logger.info("Application Args: ${args.joinToString(" ")}")
-        installShellExtensionsParser.installOrUpdateShellExtensions(alias, this.javaClass.name)
+        return runProgram()
+    }
+}
+
+/**
+ * Simple base class for handling help, version, verbose and logging-level commands.
+ * As versionProvider information from the MANIFEST file is used. It can be overwritten by custom version providers (see: Node)
+ * Picocli will prioritise versionProvider from the `@Command` annotation on the subclass, see: https://picocli.info/#_reuse_combinations
+ */
+abstract class CordaCliWrapper(alias: String, description: String) : CliWrapperBase(alias, description) {
+    companion object {
+        private val logger by lazy { contextLogger() }
+    }
+
+    private val installShellExtensionsParser = InstallShellExtensionsParser(this)
+
+    protected open fun additionalSubCommands(): Set<CliWrapperBase> = emptySet()
+
+    fun subCommands(): Set<CliWrapperBase> {
+        return additionalSubCommands() + installShellExtensionsParser
+    }
+
+    override fun call(): Int {
+        initLogging()
+        logger.info("Application Args: ${args.joinToString(" ")}")
+        installShellExtensionsParser.updateShellExtensions()
         return runProgram()
     }
 }
diff --git a/tools/cliutils/src/main/kotlin/net/corda/cliutils/InstallShellExtensionsParser.kt b/tools/cliutils/src/main/kotlin/net/corda/cliutils/InstallShellExtensionsParser.kt
index cd271e1014..a9be0cbae0 100644
--- a/tools/cliutils/src/main/kotlin/net/corda/cliutils/InstallShellExtensionsParser.kt
+++ b/tools/cliutils/src/main/kotlin/net/corda/cliutils/InstallShellExtensionsParser.kt
@@ -2,13 +2,13 @@ package net.corda.cliutils
 
 import net.corda.core.internal.*
 import picocli.CommandLine
+import picocli.CommandLine.Command
 import java.nio.file.Path
 import java.nio.file.Paths
 import java.nio.file.StandardCopyOption
 import java.util.*
-import kotlin.system.exitProcess
 
-private class ShellExtensionsGenerator(val alias: String, val className: String) {
+private class ShellExtensionsGenerator(val parent: CordaCliWrapper) {
     private class SettingsFile(val filePath: Path) {
         private val lines: MutableList<String> by lazy { getFileLines() }
         var fileModified: Boolean = false
@@ -68,25 +68,27 @@ private class ShellExtensionsGenerator(val alias: String, val className: String)
     private fun jarVersion(alias: String) = "# $alias - Version: ${CordaVersionProvider.releaseVersion}, Revision: ${CordaVersionProvider.revision}"
     private fun getAutoCompleteFileLocation(alias: String) = userHome / ".completion" / alias
 
-    private fun generateAutoCompleteFile(alias: String, className: String) {
+    private fun generateAutoCompleteFile(alias: String) {
         println("Generating $alias auto completion file")
         val autoCompleteFile = getAutoCompleteFileLocation(alias)
         autoCompleteFile.parent.createDirectories()
-        picocli.AutoComplete.main("-f", "-n", alias, className, "-o", autoCompleteFile.toStringWithDeWindowsfication())
+        val hierarchy = CommandLine(parent)
+        parent.subCommands().forEach { hierarchy.addSubcommand(it.alias, it)}
 
-        // Append hash of file to autocomplete file
-        autoCompleteFile.toFile().appendText(jarVersion(alias))
+        val builder = StringBuilder(picocli.AutoComplete.bash(alias, hierarchy))
+        builder.append(jarVersion(alias))
+        autoCompleteFile.writeText(builder.toString())
     }
 
     fun installShellExtensions() {
         // Get jar location and generate alias command
-        val command = "alias $alias='java -jar \"${jarLocation.toStringWithDeWindowsfication()}\"'"
-        generateAutoCompleteFile(alias, className)
+        val command = "alias ${parent.alias}='java -jar \"${jarLocation.toStringWithDeWindowsfication()}\"'"
+        generateAutoCompleteFile(parent.alias)
 
         // Get bash settings file
         val bashSettingsFile = SettingsFile(userHome / ".bashrc")
         // Replace any existing alias. There can be only one.
-        bashSettingsFile.addOrReplaceIfStartsWith("alias $alias", command)
+        bashSettingsFile.addOrReplaceIfStartsWith("alias ${parent.alias}", command)
         val completionFileCommand = "for bcfile in ~/.completion/* ; do . \$bcfile; done"
         bashSettingsFile.addIfNotExists(completionFileCommand)
         bashSettingsFile.updateAndBackupIfNecessary()
@@ -95,17 +97,17 @@ private class ShellExtensionsGenerator(val alias: String, val className: String)
         val zshSettingsFile = SettingsFile(userHome / ".zshrc")
         zshSettingsFile.addIfNotExists("autoload -U +X compinit && compinit")
         zshSettingsFile.addIfNotExists("autoload -U +X bashcompinit && bashcompinit")
-        zshSettingsFile.addOrReplaceIfStartsWith("alias $alias", command)
+        zshSettingsFile.addOrReplaceIfStartsWith("alias ${parent.alias}", command)
         zshSettingsFile.addIfNotExists(completionFileCommand)
         zshSettingsFile.updateAndBackupIfNecessary()
 
-        println("Installation complete, $alias is available in bash with autocompletion. ")
-        println("Type `$alias <options>` from the commandline.")
+        println("Installation complete, ${parent.alias} is available in bash with autocompletion. ")
+        println("Type `${parent.alias} <options>` from the commandline.")
         println("Restart bash for this to take effect, or run `. ~/.bashrc` in bash or `. ~/.zshrc` in zsh to re-initialise your shell now")
     }
 
     fun checkForAutoCompleteUpdate() {
-        val autoCompleteFile = getAutoCompleteFileLocation(alias)
+        val autoCompleteFile = getAutoCompleteFileLocation(parent.alias)
 
         // If no autocomplete file, it hasn't been installed, so don't do anything
         if (!autoCompleteFile.exists()) return
@@ -113,25 +115,21 @@ private class ShellExtensionsGenerator(val alias: String, val className: String)
         var lastLine = ""
         autoCompleteFile.toFile().forEachLine { lastLine = it }
 
-        if (lastLine != jarVersion(alias)) {
+        if (lastLine != jarVersion(parent.alias)) {
             println("Old auto completion file detected... regenerating")
-            generateAutoCompleteFile(alias, className)
+            generateAutoCompleteFile(parent.alias)
             println("Restart bash for this to take effect, or run `. ~/.bashrc` to re-initialise bash now")
         }
     }
 }
 
-class InstallShellExtensionsParser {
-    @CommandLine.Option(names = ["--install-shell-extensions"], description = ["Install alias and autocompletion for bash and zsh"])
-    var installShellExtensions: Boolean = false
-
-    fun installOrUpdateShellExtensions(alias: String, className: String) {
-        val generator = ShellExtensionsGenerator(alias, className)
-        if (installShellExtensions) {
-            generator.installShellExtensions()
-            exitProcess(0)
-        } else {
-            generator.checkForAutoCompleteUpdate()
-        }
+@Command(helpCommand = true)
+class InstallShellExtensionsParser(private val cliWrapper: CordaCliWrapper) : CliWrapperBase("install-shell-extensions", "Install alias and autocompletion for bash and zsh") {
+    private val generator = ShellExtensionsGenerator(cliWrapper)
+    override fun runProgram(): Int {
+        generator.installShellExtensions()
+        return ExitCodes.SUCCESS
     }
+
+    fun updateShellExtensions() = generator.checkForAutoCompleteUpdate()
 }
\ No newline at end of file
diff --git a/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/notaries/NotaryCopier.kt b/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/notaries/NotaryCopier.kt
index e3b51b8e85..92af11ef76 100644
--- a/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/notaries/NotaryCopier.kt
+++ b/tools/network-bootstrapper/src/main/kotlin/net/corda/bootstrapper/notaries/NotaryCopier.kt
@@ -25,7 +25,7 @@ class NotaryCopier(val cacheDir: File) : NodeCopier(cacheDir) {
 
     fun generateNodeInfo(dirToGenerateFrom: File): File {
         val nodeInfoGeneratorProcess = ProcessBuilder()
-                .command(listOf("java", "-jar", "corda.jar", "--just-generate-node-info"))
+                .command(listOf("java", "-jar", "corda.jar", "generate-node-info"))
                 .directory(dirToGenerateFrom)
                 .inheritIO()
                 .start()
diff --git a/tools/shell-cli/src/test/resources/net.corda.tools.shell.StandaloneShell.yml b/tools/shell-cli/src/test/resources/net.corda.tools.shell.StandaloneShell.yml
index ce5ec0bab1..20a9fde8fb 100644
--- a/tools/shell-cli/src/test/resources/net.corda.tools.shell.StandaloneShell.yml
+++ b/tools/shell-cli/src/test/resources/net.corda.tools.shell.StandaloneShell.yml
@@ -21,11 +21,6 @@
     required: false
     multiParam: false
     acceptableValues: []
-  - parameterName: "--install-shell-extensions"
-    parameterType: "boolean"
-    required: false
-    multiParam: false
-    acceptableValues: []
   - parameterName: "--log-to-console"
     parameterType: "boolean"
     required: false

From 16453ebfcc15ba4013216f6f4ad80bf8426a4d72 Mon Sep 17 00:00:00 2001
From: bpaunescu <bogdan.paunescu@r3.com>
Date: Wed, 24 Oct 2018 14:36:01 +0100
Subject: [PATCH 83/83] update OWASP to latest version after kotlin update
 (#4109)

---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 41f3f98e69..7cfd603ad1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -49,7 +49,7 @@ buildscript {
     ext.rxjava_version = '1.3.8'
     ext.dokka_version = '0.9.17'
     ext.eddsa_version = '0.2.0'
-    ext.dependency_checker_version = '3.1.0'
+    ext.dependency_checker_version = '3.3.2'
     ext.commons_collections_version = '4.1'
     ext.beanutils_version = '1.9.3'
     ext.crash_version = 'cadb53544fbb3c0fb901445da614998a6a419488'