From b3c8e42deb1dc1412c021bb4f058957a82981d63 Mon Sep 17 00:00:00 2001
From: David Keeler <dkeeler@mozilla.com>
Date: Wed, 16 Apr 2014 09:31:27 -0700
Subject: [PATCH] bug 972753 - OCSP testing: delegated responses and including
 multiple certificates r=cviecco

---
 .../ssl/tests/unit/test_ocsp_stapling.js      |  19 ++++++++-
 .../manager/ssl/tests/unit/tlsserver/cert8.db | Bin 65536 -> 65536 bytes
 .../unit/tlsserver/cmd/OCSPStaplingServer.cpp |   8 ++++
 .../ssl/tests/unit/tlsserver/default-ee.der   | Bin 527 -> 527 bytes
 .../tests/unit/tlsserver/generate_certs.sh    |  24 +++++++++++
 .../manager/ssl/tests/unit/tlsserver/key3.db  | Bin 36864 -> 49152 bytes
 .../tests/unit/tlsserver/lib/OCSPCommon.cpp   |  19 ++++++++-
 .../ssl/tests/unit/tlsserver/lib/OCSPCommon.h |   6 ++-
 .../tests/unit/tlsserver/other-test-ca.der    | Bin 452 -> 452 bytes
 .../ssl/tests/unit/tlsserver/test-ca.der      | Bin 440 -> 440 bytes
 security/pkix/test/lib/pkixtestutil.cpp       |  40 +++++++++++++++++-
 security/pkix/test/lib/pkixtestutil.h         |   3 ++
 12 files changed, 114 insertions(+), 5 deletions(-)

diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling.js b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
index 9f4d821489ac..8dbd7e321ed8 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -127,6 +127,21 @@ function add_tests_in_mode(useMozillaPKIX, certDB, otherTestCA) {
                 true);
   add_ocsp_test("ocsp-stapling-noncritical-extension.example.com", Cr.NS_OK, true);
 
+  add_ocsp_test("ocsp-stapling-delegated-included.example.com", Cr.NS_OK, true);
+  add_ocsp_test("ocsp-stapling-delegated-included-last.example.com", Cr.NS_OK, true);
+  add_ocsp_test("ocsp-stapling-delegated-missing.example.com",
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_INVALID_SIGNING_CERT), true);
+  add_ocsp_test("ocsp-stapling-delegated-missing-multiple.example.com",
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_INVALID_SIGNING_CERT), true);
+  add_ocsp_test("ocsp-stapling-delegated-no-extKeyUsage.example.com",
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_INVALID_SIGNING_CERT), true);
+  add_ocsp_test("ocsp-stapling-delegated-from-intermediate.example.com",
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_INVALID_SIGNING_CERT), true);
+  add_ocsp_test("ocsp-stapling-delegated-keyUsage-crlSigning.example.com",
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_INVALID_SIGNING_CERT), true);
+  add_ocsp_test("ocsp-stapling-delegated-wrong-extKeyUsage.example.com",
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_INVALID_SIGNING_CERT), true);
+
   // ocsp-stapling-expired.example.com and
   // ocsp-stapling-expired-fresh-ca.example.com are handled in
   // test_ocsp_stapling_expired.js
@@ -138,10 +153,10 @@ function check_ocsp_stapling_telemetry() {
                     .getHistogramById("SSL_OCSP_STAPLING")
                     .snapshot();
   do_check_eq(histogram.counts[0], 2 * 0); // histogram bucket 0 is unused
-  do_check_eq(histogram.counts[1], 2 + 3); // 2 or 3 connections with a good response (bug 987426)
+  do_check_eq(histogram.counts[1], 4 + 5); // 4 or 5 connections with a good response (bug 987426)
   do_check_eq(histogram.counts[2], 2 * 17); // 17 connections with no stapled resp.
   do_check_eq(histogram.counts[3], 2 * 0); // 0 connections with an expired response
-  do_check_eq(histogram.counts[4], 13 + 11); // 13 or 11 connections with bad responses (bug 979070, bug 987426)
+  do_check_eq(histogram.counts[4], 19 + 17); // 19 or 17 connections with bad responses (bug 979070, bug 987426)
   run_next_test();
 }
 
diff --git a/security/manager/ssl/tests/unit/tlsserver/cert8.db b/security/manager/ssl/tests/unit/tlsserver/cert8.db
index 71cdb9d2dcec3a4bd2d866fdfac0eba5b245f3c8..13c101f2a27d1221b4e748c4c7db2194df5c5a57 100644
GIT binary patch
delta 10089
zcmbuF1yoe~+Qw%9Y3c6n7`i(o1?d)qp=0P~C;@34K%^w3K}rxwQDR7G1SF+F6p*eD
zIY-Yq_Z;v2?)R-(d##x@vuE%9ywCg2|M~3+4n_(NMoJU|YE_GONC8z~Kxto^Tsjvz
zLpoa;IT{3-x704w3e;CrlT<LOKq_O3c5-8i+9c_Aa@f^<Gy>obfEg4D+`Qhja}W`L
z2naw@*kTDYOfwKkk4Jz<2*k%DY(#vUpa1&FkCz|`9x;#zGNLXLB0jGU*xiFh+1bm&
z(awrS9_$FVvG4#}(P)9)Aui5VU^g0lHy39c8nBOtD%e-o-NFWzTS*0dHIMF~VAZay
zDLgV6+!Atdn!2iqeivS{sFaD`IeaM8Z(lWA|K-SmNO*O=+=JF}kCo>P&Tr;=u<>A}
z2rmNQkH{W3O1>hEEcYI}koq+v*ZFf|*ybAht9Eyvwl3?SRy8L&WsV$#=-rTlZQ#S%
zHymc^9c0VzQ)gcde8sOoXGA~*0)Y99AbMDP4jm8?wrGJ5^_~zZ*0=P487z9TP$;De
z`tUm<AS^0|aw-_l27$RHYn!?f@6pHgq%ru7o)WVbY8CED$52hhycu#9>3&%^Fo&bM
zfa}-b3(vR98e}-RV&TrE=SasG@{=*9rx*9#?>yOgcefh1g9LG4Fap9-5*7(ww{}nV
z#Umd{Xj1B6>$dw%#-A!`+u1mS-EIU__^BTla9tu9C?OO90Fe6sl>&_LzdR!9^|53?
zQalnMvERzhuLFkuhq^obR&FqjrJLjT3$b&y`NiRWHwIYl=LZ3(hyVZ(zzhKV^9d@t
zxj5k|J9~iLoWNFg*M<WCr~v?C7;OU$^uIFa_b<A3?;l_E{Yu3_qCCPN!QZZw`#&1|
zuFId?4VL}IMc#G!a|uy_03_+}58xO8=eqfZt~Zh28<6lv14{htxPNUxdLCL3^>61#
za&vw^E%Qg?!S0n(LTfauiV$SqiU1SmNRr&tHrID5mvDKj6+6|Gi^Buo$05*=`>Mik
z`L(G$Y4GTI@J8IGkSH^0gI+{*%%WVnjm#y*H}ykCk!a9|)xvTCGe4mNGUUtrG<NgP
zD7ZVBYve>1`iPmTitNPCYFe&t;VHR;>Eezl%#K&NmiKLDeb7z++Gl7teWsDk#een!
zxr-C!;ge`}f5;)N_c0Bmhl~gNYU<IIe3u^P%)6IG84WRxE%vhUQ!niKdIVhDIRqXV
z)s7w#j*Y$}sfeo<#${L_#1>^OoU5YYDM_fIN)VXJbYB_rfS<mr^l~&@iLAE3QPqfM
z3yViv<mAsq32sI@Gin?6X2&15`Z1<{YcK$i@VcSMNN@mve|-l)2moBa=}Gr%nY$k-
zk^HJqFs^(aSdJYfv>HKr0KzPSlB_+ZVVsIApgd4AB+40)_OUXO`N52E^g`LoPILpr
z^svII;gwqZHp|t_23lxZjI_Zr@@sa`J=^-*w-q=`Dzwq#+|v#NgcR<ClUDS;iwCyJ
zAIpde3%+JY4rph|L7qlULl0zJWat7gBXJ_6<eA|*)_hq~04Bi>EK{NM0f%!HEit3%
zbAoNvM@La5wi#J*BeDkE2SK~m&n7u+^G+k}IQKEI>r|QfXy5z4FEP4hUowf&!%Put
z`6k)f{g7oC&aba*^D#ETI&Ins)j|e1?xGwJRR(Gf#R=UODEB7Ho%Q2dC0uo&7ShHM
zB&GdCS*M7HyLgF260ZWBs>J|v0Ezyj77vJr_xG1Db!$E7RQ^KUpavW6*6K_%9dGd5
zJJ%qBwKK>NlUo42rl$1nTSb}#$&tKrJiU!uCb1Eey5Dq?m@iK?{Nr>@(QBUi<550#
zpi_~Q7Z4ib3}gYfhl|FZ0pw?gzD*>d;5dt+4vI`5W-`~3`ui=@e7QQr*dLm=&QrJ?
zbfiR1&pEvWuEBOnL!r{=LGH`N5Lx8_hqOVo+l!d*zyz;Y047%P4>0OUky;@8h3|{N
zGa*#9qg&9E=ZR5t^k7BCGc!eoP-zO}RG&d80R}aL78}c*A#aQ37+DHAg67(YO8GhK
z#RI$h%2k{ZI*CrmlE$+xqrD6n2I*vnU!Ro<hdZ?i?fN?KkO7Hd3kBr0(zc{P;@`y)
z`s;775Da3c4y{rCP=W6>Iae*!9S{RYM3D}c;daQaF?7QX9rI#Je2ky)GCeepBMMaz
zyJgv{9<?a881eAYR7%QtUVfF3FI+3re9OD_7S#iSR!;`Zwskp%1}Pq_>9G)rBL$Sr
zNa~=S#cJ}+y&5owQz~q>zHb=MCMr7!tEn4#LePki7^r$9mWA~l;*}KEf_h!l2izXE
zAnhIvV|wUDH04n896sW6j2KzfAznj$=xIuHIM3j5cMg-;qvAYs_{z$0w{29DkAiv`
zZn(qlMLq_PaY~4Aq^s#*2%X_bpO(3VxD2vN=eyLZAk%3HVbRCWaJCOw9x!lG#`9M=
z92~M@qVx4O17~2>CHS>k4%omSZTPQZ8NoEmd0}Oal+d=bz2b?!{OQjxuaeSL#gNIA
z`ko&%=_*d-;=8Y<Wi>QBlUO0t#fbCz@WB0D)GFEwmc>u{)_3$HJo*ox44Vd6R%Mo_
zn|rypRe5vXqfp>a9U$7;=ZdLUKUHxZJ21?Qa;z?K5%sdmDY&4lK2GZrmPQwr8-U}B
zI^LgXZX*D`gDE*hK#`?WL!H;#pm32lZrP8RT|EiLl^+)}kcUWfXq-x<WP<n<it(fJ
z#1UnS1r$o`RJlWl?#&i4AUF)kUk1iS;O?zE$a0brd?Lk5uf;Ksii&g?mw6%3gZPHK
z-$%5-KF`3T72%1)^Aw8A6vZ=p%q!e&m@~4ijr{IK=Un}RCZK8UU1#QhqgKL8N?552
z2s#`Cnj;u09N!G6kIaQwSh29bvmGVj8U6&8K&7Rjhfv)LnlwD#Hy6xTQlN}0vf)0U
zoXa^Qm-IRbH=!65^I*m?I%9Z;gmUt(QC5WY@w3y$Z;Iyv+nJjOSOd}u0CZSNJd4jp
zdaerEF8`y(F`qn5J86|yH9iQ8Ap37sWx#fr5hNV?9FOAb{l?FDNHMTitIQm%s%y<(
z4TCw~1-tZfY4`8?G+s=m<e?GbkdAuE0|}Z-2cg4-T_+fQb|TZgW{FcoBW2pL-2JIi
zfQu}6t92BE|6vlUVpgG6c~SDoklq2}oX?9BFXzQLTri#Y=lg*vezFnP27O1}?xV3J
zr7W^Ql3Fv@;Gb#<{<RSWjbJ!+EH@**0$6<*+@^vcU61jA?X)&JoQ@P?a}m#%bIL>W
z;W6uJOG(V=YGBp~x6>*t{H3ddFS}Tw<fli)ClfsVu!+@1aH~MwdM3Y%Wq~uo#|F){
zNp28l!lkx@bdtrSFz2ys5ZbYA{>db>rne83RBD^^%Rqvicx!p%N7m*hf<~Ue6<Cvd
z2sFy{%~Q!p?ud&FEmF!iSdY%ljoOn^eV?qcQz{cq$ae<OO8_GtGm>O>-s{9Jo<>i3
zO<Mua6W>g`MHYZOxS#pdJKqL`qSx4PS%8V@AJca0i(=@<<X0nOYzgsb{ndKH!fZMN
zG>}FkDCsG00zRKZ&-rt{X8xy)3^gCEM=yXTwap%4KS%s`wf;QfZ+po>#{%}MS*mEa
z#R+4FBU)?s68!+=Ir6z&02&1$H)#TP7ovIn?z2@bUeB#M;-s;sY&F3IOA1aW305DP
z{98ZD9BFwxdsc0uPq3h)3&<YJxA<_5OiX^PuF=rQrPLb3!c(%nkJUfrwX~nZ9sF|0
zT<vvfl@F41SNcN;_E3ElkQ_GT6$GWOF=M9rY(h#Jaxfz-jWZVUFu0U7*&+;%aZd-8
z)qeg0G7`7Je%{3z(P(#ku=zkgyOWWUNf4+NQmuhNQ{=_a0b48&@*Us&ux;p{FHd=f
z7?eWVfG(2Ch95wXZ}Em(G?ZG_St#|&zfq{$dJzAkgc;<k4xqw1;;gD2hvhn`4SGX<
z46MJK%G{3&7Vbj{%`Q54#Qna!NJ-}*2+6AH{Fc_?46*`oV?pbxnj(2j<f-B7a?C4Q
z*N<Y2SXHUVk~rumbeK*^a8q7BuMZUxy)<u|zBD2&Jq_U2Ee{%dAmTt|(o?rkE)2t-
z;<pe;kwDz_+*a_jk&-MSpEfbi5}N58Pva;o%8E)|lA=({0$RdoeZ!y-5^Pe+^u)d6
zFM%y^oCW`N%tQy?LQ6XYREB=NCsS*6@9lD(Ft|Zg@EXUYxxJ7#IH%A14o_T~IM2Q8
z3->j?Va-jch@kMybHJjKc8aIX5U{@_X&@v$A6lc9>0(P-cSV7JYtv~vUvZ1*AZSl+
z{C1Wg<NrpX(x4-H_F*v)7na~h3={LK{k34U4OBORmGD;HwO)KnZFlbLJGgGFfFvq8
zjA8UKN6}+<3I{UemLNP~MMrE$Pawq5Ffy<MIZ9cyR3*vj3X&tui;v+@feAZi7O#U0
z4v+kX2~Wo@R=0R4r_Oq%#|%iYe5Wt-jl!PlFq_JGhcHXb7@?WcW6_Nm3-DC)u0H-m
zdz*$BcmQknw}Nswls$S<EOoN9#B}&|nC~pA@&W4euEfIn5YkfQoK#7E<?X?eAz6eg
zYU^&7xhtlj&nTVugL2QDU0a9(2Q87==_*eY?9XI{v`Ii==fhsc^7paJ6-d|(q;W$}
zH3a;3c{n#J0On@8yP{?TpD7*|)Atz`$Lsd@DrieQy;Y1c>T#XQmG9~Ru9NNc$`;lW
z5c6y45}*_}18j`XcYBC$R2R@TD~F=C%;q27$G4gZlz6hV>PuZh0|(uiJozw))`dbO
z*1Jfi^@{aO)o+B!lTE7;=tmMw+lJOO2EtOQ;Om=aT-sU<Zk~|h&x>18RB3?e9Ul>8
zH#UTQEk(;5furwD8VlvX)#Gahs`WGW-wW(?HSTl}0%vc$MxE>Gu1^9$5Zxb{u=Mvq
zkFkw-?asVs^YP6jwlop)e%A6}gEg709#}Jtz1L@Bk@ORQY2i*2`61tQ5VSWtmGG&*
zC`HONz9}k`v2pd2YApUkdO?-tuGK=<GH-17_y(LPu8DJUt+lV9x5YvbiOuZQ=(Jzh
zrs$o6W!lOj;5f_-N(_^NwgZh|z~D!q4XQS(P%3dMCMs%*Bl22u7`Y88Bk43r2T383
zH4!BdfT)Wwk&uV*l)w(J64wr|dbkqz8m&+O$zT-bYCqO*B7gna5P?C>wV_Yb5BSfQ
zDDG#Z=&~wW2pUELht871IYKU7Bd*xv!%$M@k9d2Szib_*5IAN)GIx1(YQNDr+lUi>
z@u;dfM2RJn$XP6))p+4eD%ER)4Ne@L@-lD)JaX95Qd>}HDO)5;vU-RaC5M}c)*7bD
zC9ZKHxSYOUYq#jpt5;1SB?F{}X<6h!>3HK{qN3a{$C+G^A@<eYefKO%+#5co-yy9=
zT7N<sv*-L+)$l!I7BgDUr||A8rEx(nN{>y++v;x)mx;Hnq%e)vFMFN*^+$I0%x!9<
z89$xS?#*szez}DvA&P&3{b*6m{cSK4dE($<hhS{7LY>mV!Nc~YH|R6q!d)kkd%$Vf
zTs8&5wOqmG0x+y>*598wWykaXdkFA1F7iFBU850CBIEyx0sJeV0{;=t*8!~8!F>68
zQ~y1jll%zhhJQ*if2Cu8#U%edCAkUi75#?>izQLpdS9B#RA{auR0Uvl?QY$7cfN`8
zZIp_vdz4@9u1t%O#9hr6?bc&#^T5Iz7Pk&g$kY00cf-J^hPC<3d+<C~O>SQK+j8!*
zMHb5>(fG;i`AJ@<iCBgi>BsqdRkzOyiao5Xt%pnXT0bj>Qbc!Eh7A?6&fXeA$Nw$3
zQ-a80rdC`~L$2fv=R+A?$o@o{?hc1)k)+dSM@{x*%kj|+5=}8E+NgGqNpQIc<2jT6
zbim}>BHWpBV%E#q)nGTU##7PYxIiiiq3|=2j-Ehir>V##7Kx)7nY}Rw9kLp>L+#W`
zJEIuW`(*8&sRPCIbC`rf3nJ5fNVR=IrYMit1czEU9{w{2`Ui3ZB>6t^cvydhj{aen
z@4mU-%ah3T|6960oO67`Rli+3$MkpS5W~=X1XO<Mn*YkO-?0_U+lLL>ENgYYE_xVM
ziz`^wUt%3U@Z5GK8qxBWMOn7>Z8fB+cBQR4b%7{OMD}}ld{KgLbxRPib<HUF9+++n
z_4TnC&~7B-iS$<TV%YUej4aZMDcJ92V8J(Zga<8BnL8&F#iEhrOiCC$mRK^K*hXIC
z<!&%ykH*d?-+LRlQc3y*{pg?gj*r+UCEW_P+!gIeTkIswx~UEG6NW^$%K)K0Lv|;U
zt}j!3qE12b1WsY6a_g#-*oKxM+!D<568#z0SbdYZB7zTbed43LPe`}$aYGWPkYqFq
zE^3hF&&>?i?%3*EV3e1yuHh^hlxtDUUIO3Ci|b%gMS8vcaE0cPK*sV`jII2i&GKEe
zKchatb<VzCHbB24zyA`X{tX-c0{Z>!kbf9t0>E%>juB8OI#BF)hY<akE!w|y$^RWp
z-eC8~p-1$C6tB{91T;3^=6aO-%?uotU`n!=Sr0`E?4x_nyz2{$SA?9{C7^4*vwml3
z%KVxaddP4R@DU?#G!5`X(m`*<ws4+asImtBau>TmKXxYFVA4pPNN>g0L(X_Ko5^5J
zi<0a~gYpUe6Wk3Z(uP(?o@lz)U)X%_=M0viXZ&Ut91s=^r;!$#$y4o2m?wG<8&=Py
z{)sr`q0d?DekstXzs^QoHUf{Jb>g#0iP3h=^IkkXa}KOJjs=HhZ6}OT>gZ8?5#hSd
z#Zi(-**U!Re49{aCeZ1M`dc)9_<f5nB~;9qNXIb$bw#ESwIa4P5ggptvjkMgW0*7d
z?qw9nnEA6nrx0A3+y2=oe?_%GqVEHRgW*>L<*%RqK1;55@Far%-%ADl?#Sy~6aNdy
zi}0_&@~6RIh|eDUSo8hu4i3yUPv~aN*KDp(Fxp<OG)D7r8V@_R9y&C2XDaN|`l5;)
zv|Wn3<#Q64xfCfw5o<B~$nNq3MtqS(rNEgZ9s@Vu(q_v(7n1maLMDctF|h=pSO=zW
zy)l2<B-ldVG+;D2!Fw6~as&Tu-fIeNz2PrVsks_!m{SR)LIv?qPFFzbRo#K>H4wR%
zQww$B`Wz`iDY_V5)uc81Ufrqlp_B;2^F92WSDz*DA6}JX0AttnC77CIGX%z|F!n{W
zwv8K>^Fpblu_JxYtT7;D3imfMmAnC7O`{cYSf<Gw4d|Sq58L@G`L=ee+PrR0<vrf;
zP{<{_xU79_fF5xYioL4&d|`N~Q#(uZaaG547@N-}t<B1%LiiP%9M0E-&X-zNlrgl|
z!EiC3Wj2jBEi7Sw*7K!VEE*v--#MwBwOA2|bhr?`qF$bVNyhSeSzLB$b<WxoYFLZh
zt(tz>N{P0zLL0CJyl#mIZsV#-zq0X}Qwvirn>bY)vRE2xdZkABu-v}4QU*gMSsIsj
z%cYq6W|p4vetOS#uf{p{n&IX?kAbQ&d~tY*W<}*{zE;^yAh`j3X00d@mN9O~KI;{C
z=<q_;HmDg?EUMW7x+LL`rIrjD7K!k>MPR1W5_k|P(U|JCP-AT(D#Agyt{!x^!FW>f
zJ@Fi~v9pGH;J2Qp_SQhJtE%=|{8>EX-kmI&D@bB!!nkmm#$?stWtiAK@<AY|w!A>?
zXTbmNtUm{QtRi*jC(_JV<*i4@qW<QD3XYv_2yZD-p|V?yXP-!L)iLL+%`Y?!q+0s&
z20gZ9B$Xg)RTg0eF8z@dMXl@9u^jGFUSabusE@BgON)It5F|j%C14hXni!+-v5Zqr
zLn}^I!kAl3kNhY%jfko*@M5<ba~iT)jqY*CinfE#MDUESGwV!I6x7O@3PU0hL8g9w
zyD5C3eDpX2LlOd1<)NM><6+X!_HKbU9%>`db@nj~kD#1pEaIM3oE!rjXWZP0r?Zx7
z#CZMGw#$y#WX8O21&a|*9!Jv0F4TOB60v9UAUn&wdQf3D+))?N_q;))lOPbK&JBG&
zc@1gaiTn1^4EfgqW?*LRr()K>@Y_G>Bm|=`RfSe?_i_3^V8SCC{1~uP%9K>mx#hBp
z*qG9M^r1sseDICIdt+VEQruQrpxA(rG+6rM`JI>aP3X$e#$^3%l>xeo1Y3zLSLXSo
ze)NU5-O?Ix{dp)M5=Nfal}S5kfW9Cr-bo2$<e?Y;X0-gv$k_|dfgmI(B#!3f#OQN=
z6ccdjhTq!L%UkZ;-n8?4bQK4|Oks%M&Z5xh7P;TPtTiN7(TBKa-}@3<RQTSB=KT(N
z#hx*Ds;X|L4&%7jHt>CW;AzvTC>wQ4y~H@1uxlgnviqeIk`LS>uAz3Wpdwj;e*&iq
zZ+r>@nXQBFM@gYlSLZ}xqT3bNc&0QPc}p?F@quWyU(4uz^0mLS+c{@$m|+Dav;!*>
zJ@G0kj)IDDi`pt`LyCy%)PmCOtuk_oQXF3!g3d=y(Xf^Mb5;&j&4b9WOm49ePKEb7
zB3aKF6hg6#)QHw6XzSVQ@!pyP285#3WerT6X{*gq<^@v|RWQHY^~H}B*KBp4;jUsK
z?uE)%3)KhSLAt9}EU`^5U|WHo3VeDUPYGcdFPx!y&E%m%9D|HjEuW7gLQ<bOy#$z=
zHx*<#US6(*8^m|qxARZVA-d1f&F;I@myw+~($(!??=~m={=BV&Q)u%-{EbdjzY5b)
zytz1(m%;VuNo}8G@tJQH50^9@;VOZ4I`%UqpFs=-lc%M*#_0$j`LgxL*96j9I_ONu
zmHQt9ePJgr9DdC9?}Gi=Sw^rbSEd^j(o)S+Ntxj;CdM$A;korynLvNrQS$4dsKy%^
z&XJ8{T>Ie1oR80a(q|ub_F7ws67@2pHOQ8v9i?UL+xA;C>pZ1#8*9-^3hX|V&>>j*
z3bH_h11tn8Ed^&%+0u9GgN}!We3w*NUi!$Rh@@XkUDf2|ChNGJh}wJX&J4@U0)=i+
zNSxFQ^9G6y6?Klfh?#;K352v!POdK-^V;WF60Y;jSb0f2UCxDRMUwPxueU^aUgTw5
zRG6sW?!`9-!rscvS|{aVHz9vHdF^4-r!vBoXC{C}8O|Eu;Tqqc=D><Tw>FZ1=|X->
zJJnp9i%tdRV@GwIg3I`<ZZ0!}RM)avAFCMb1F>@hTiwtQ^cxzYQeFCI_5PIJgp6Pb
zFF`Qz8cJvi=O-$eny`Hny}$vRjUt{ky2E%JgxVzrjuB(y)BHms>0xe6Z|gKcL{OWa
zNQ={9ng5u4uslT>CaGUQA6Y{DTP<S_<^l8tS?>VbkI1bp9}EdwxX5Fyvj_7^7nt(5
zw4P!gQ{!;l<y)MTi6BMum9ZppXdcM^5Mae=U_%ECgiY0iLthgt-_4;h?2HFA1UC<_
ztKr^$Zn;kzk!xG4mA;h%IkwiVQ8hPZG2Hb`jWC23%rp@pdWLe&3L#;0a0Lze5gXdn
ztQ-xXpk?{;%pASnC%30aG(m4K?y(-8S*ppT(;iQ0B;07_(^7tAEuKa3dP_@Hr3vC)
z*3&Ob|4K(+5?E0?Tbuv0IseWngFP8<))DU$QZz{CrMNQQZ*jdXXAlzqrq@Az(uZSI
z_6D7PIzP&UOWpTrFDKnOFfnUL5g}~#r8mJ)<T*J|<<1z+EpiAc%caSqhi_gbI!j77
zJ<>+OpLzYvBq3x!XKwSG_E2&5laWberHI(6fOj5ec$&Twn^n5^qXVVZGpTt;-l@z0
zD{n>_h;3h2Hn77@0y~kzP!LkH)=4x<;Gjn^13qf3*SRE`YkJ1a{EE*7WijY>NKYGn
zJ+*~3isv%gI5ekwZBbVPNd`@PCH4**CCwz2g3Fy$a+abMPZF<(tP|NAWcqvLf>^C1
zaNE+>&*AH5;IIAs>BllHW(K$o1DMZJw1Q%RHnk?NBL0n9I8DSi;eL_3Y$|-5)=KP{
z)oqQ{Y`FwBv(b8LA-pKZ+QF{=LT;6z;;hT?<XLOM(MrnQGIC%={~Vc)_u=)e3>064
zF6S8m;Ik{ArUM0r{x8H~h#YIX>9HHGMWo4Je2Epf$W1xK*=0bKJ_h1ONq0ygAG30|
z!>sbEhDQi^1;6G!O9L|AkT$F~?wZViAzv%C)>K=Znd}CjoxJW0Z5<>+h^KWzuu(o5
z%}CBax7=R-H0vZgO>V#jF#6OOeZ`N+YErqrh~fGUjkhKE!~W){WJq^J&~UiG?)V4@
z`=fmnDpO<4Y4e*{8~XJfP03f`)D|by=CM(-b2$g&VNDkjb^~OU{J;=cb>ju%((xFq
zx{2pUL;l@jZ<@$qgv}Jt8qXwjYR<$EO>SsllEDHRV)?>ZW<we#Cg#fSU>B%%W7Ej!
zu}iAi!^78+^l;RZVe1uxhN!T6^ip>_rzsU-aE~#``B(Tkt)f}lY2$=aK6$<+AxkXb
zcknlBb&EUU&(G>nCK?&}&bnHlie{Id*C4}7MG!?UH__`;4Z|6*7FOL1g4)aoK3;cc
zHe9}(jV(xhEQ#wma5va#sNtiRcM=sDQY9n}%t^!QQ+1jnr`vHfgEZV;9*ZjJd50!)
znEt4l0AfN($pt?-cAaq)524f2S6KT-F!2BlBT!x1b!HerIFB92xyGvR347|G^H<Ut
zY^?<X<O!7k3Hi{6SEI$Qh1lUP9=2dNIhpH!$7Fw(&fJ*>me7LxUB<_S6tK1yp&Lbi
z{|na-RR#Wv9|erA6AA%Lvy~EBym(Inp0@v_f<pH;eh?1)LU-)Nesl$=j)o&$mVM-O
z0WfaINd<Ls3!uii#}(O7*Y~t@h_%1{K2egEtC@+G+>S`*-4?jni#iU<9)Wy6w7{XQ
za3TU!1B^-;{{kDerwo&ySD@xNMmcbLHhTA4AgZEM-lqc}yfZbTX5o@Ru^Ux=5|@P@
zJ7s_sx;AQt&a(L!9_;kckIxiRzK)ckHF@iGa5dDanC^BPd;Q9zgIqGU3U6WTDzdl5
zZEliRpiP@`F0RU@G*us7uQf0~9Kbo}xdGrR=FCN0JHq=^7}qhH9y;9fkgQEUmL3nV
u7&;>(KpkM-(Rnu2Z6_VnhyusL{Lah&5cNAU?`XrhQSv&<)qZZnm;N7s4N9v3

delta 6841
zcmaKvWmJ{x)`oc{MCtC9lvuPhNOyyal8`O|Nr6SD<V%QzASH;vVgb@Esq_M*8>B-T
z;oIAB_WnHMjJ^Lo^Y1n0yr26D3PKACLQ50_WZ~jnQh+1~Nc&<YGTzb!(B0A@@}wK6
z5S7xMsGzaQJ<vUw2n;hP0MnAi$sxkLk0AVzM@D2g0s?<L{u;rgR6&pqq=D5t4v11U
z4n85*=?t#sIS!H+R*-uzlQvb2#nFF&GOH5@4+ZV+Ny;BS=b>4Wr3lFO>KsWY&Oe)n
zf$~CgYDo2mTpv-t9E1z27wA1JI;KqIamwd6N{hX(04;}hSd}2TH3eToYw7|YYMUaZ
z2d^iYvtA5Ge$tc**RPpc*8tqWCh#4M%h@7mzm^7bhB-<l^Q!!Xw>OPEDYpsS)(W+c
zyFtr&qfAqVr9|h)!j*39q?Z*!sHhBoGa$3oZ-6h8$>r1A2o0($q8YkPF^kJ2wf)cM
ziAidx506{tMa)Oz+^t2;P8}T+=x~QqG)T&2B;PzH7CMY@>yVXW^ypJ!o7J8J%0M8E
z`VK(y2Nof)*HZDHxpC+7g1PoIu-2s=F9s3bp^H0IWI#M~k)rv_j2;Wq@Pk7jd|0&8
z-}2UbgD6~Oa|>cGspS9aqFeo1-B$hkH^s-innV!1n`$a$<EF~}feh}d9S@B%lgb`O
zttzP~+(rSb2<1RgG`CXy^(S{W^tVc$&qWYz{2ZFL`1sauS?A-EnvobiF<=)wu}Xsx
zJz~Kxk3&Y)F6GVMZ*|J0MHPn{Q1)4)hYhDcJtZA@Dw{WU8G=Kkd#BIy<e{gu&tn-X
zwjnE+7^HtEV<q_HA}K9n_Y=>=zyM{VhvS`4;lv#u0t=6=Ioz9z>Q;{JvpM^50j3Wq
z!8;DSAI$PlQoAEW7FpCA(AU+g>S;y+TLhLhCqVl5T9M)KLU{T9GlJ?i2C!O?BVLQ>
zaY!#qVZj&qaC)reR7H0v!;`TZLzCFn;8U@~p4qL^-IZE%$8_vxE^-?ajZtCQb;-)M
zIN}ZT0z8-PNtNDFk1||%Uv4H-pN=Ue5Hp!V+0LySBcm9CHoh=r%vO`I&L=qq)8#n{
z=MsL?ukmkXsyjLqS2f(EE&@8iz0wd^<>$<8huQ&w(G50;<w$e$rGpOgShIXxooPh5
zp_XIWT<{I1oo`9?4c^$94+(9#JulO7dxmg5#Hsy#d^O#&aqA@{OCGy#k+{foE0r9p
zhqkUunUZck_;9T3V4;#>)+|_Yugi!q_3P&+uWL4?v_j-j-FUBj5t9YSJ`H(56u4MO
zg^;$R0LXr0_4`GF&+XM=+2Hh9p@mDT^j&T<G0YfF90ckL=NVjTO;hoGFdJ1oXu>Ob
zeZmkDytZFF2jTF8BwVp69rW0e>aJ35xXtewB~=iq7Um|ZjAghX4di2W5~d*IeOQgr
z&o~0N-;{4Yi4zUOonOYf!tlO{R;GU#C;lv*h#FH1nO8}|bK(Q={DLLePQ}H@-DMMG
zKjpY-w8Qh=P%6bG4&vA~bnoJw6z7ty_~7H2VEkr<pUr*z=34e#Lk#lUsd2}Vgj?T!
z)UD<e+uy|QN8nXcW|8=r<+w;u)>P}AZ$_^8@s04{zqwWJzYQcuMGg##!CcSE*t$se
za^pk>@1`c_mffLwheZikfbbF`gpMN~@Yfj%|95-|8-ZG7eBcKs8W>U$jAoRXtr`+M
zs(z{lrEkoQT5Qm^Bd|&Ooa=#O!thi&l%z;QiI%%*H9!>lfaANO(ug0^)WPh#xU909
ztVvF1*Fmn2NU5<G2FoQT<!vUr!LAalJ(jmN5~2h5IW7!8e^^h1$1&JMT@#fv)8Z%M
z#C~|)Uo9#5`gXYU!V-uCm7F7B#w>3o&yFe)_K!Py&TgA1R3vNoZxpO>rRtI^!)?cF
z;>c73@-ccbiyzirPrW+|l#%`b@9+1q8r8F09^reoRHxZdYdvFfc{OEcuNk<tCRP!{
zQXVNO7AvT@D~65UY4P-v)V<yXPsd0#5uQSE5w9%Br~<JGkKz5iB{7q)z!XBmh4o)(
zB~;UZrLGXz0NqR`SFT{VHeH#KMaf&?9hG|21c+0XXtLDqbtK(JGgp_{`8iq6dfSWM
zFs{tojF3Z&96bZPTgotpB{vDjo<+6keIB#N*sJy73Kw;KdQ^DKDFVA5K6p~tlE#lE
z=NKIOtt76IHl_wI*UCt(M5eEf56*FGrLhRp%1~K>5zy#)7|gAc^~{|>e^)7#y2p6j
zipaGbRb&J1#|W+B%_J!lU~4sg#JARHVbtx-;%9j}sfvOIxb0HD&CJb2nMBpvF(uD3
zempOT(xX3bs@RpGhj5L1?<R;QpjEb<QnnS=f$7;b;_-!8D&jaN+=-Y#VkUo(Yp+LV
z0}gldRY(re0s;_bZbAP-3%`c#SH$P7NYDJhpu1GZR!}?jc4Nt5XO)@W(X2NRU#4*$
zHge;{>cvN5@ww`@+Ly304zMMbrr6?Wbe9L3O%r>%EAGYzuM=nMrc^kM3=n1>1b2j5
zCPSx}ypSwq>Kq=hdP*SXXX2q^`hx*m2Jh0rg8WPFO)CDAO>|s7N%}|nFyJoO=n)Ki
zXl;Xn@l$}=C~6=-fF+|nY=gIDjK|oF2$^6!)yE;J(i9d{2<8jdY8C4mcCfrGvzZcz
zD)OQADect5<LlErwE1#qeFvG*%7Algs&cmg_f8wukN$Dlu6hFT_eQhJh`GYEO9y+i
z_d1qjlr966(QtC;fa&EJikCtYbPWP1BAQ-^{T=Z_e_Z145s%{~3(J3Cf);a)%EGWT
zYVH7Zw<ynEVm*G7W*6D{!#mZEAhY%>XDrT<2Sr)pQj_uRRPj}l9^|!ynA8#*s#LNw
zi$Rr@8cehqiyh5HGL$dfOr~bfE>l`KnYDMgZV*PFndi?%a*wV7$8JisiV1XZs-QW)
z9Jm<L?frqi(6jg21JDGAy#ir(KFCoNxAxgZpeyouaqio6<#X_-t{qKh=|)Ayg|qWJ
zo!v&va!8Fg><{ekrbjbLrzKMb*4#ZY<ZQOq4Yir^m5HUbJ+YIeytImnlNK=eM0@bm
zIAiZw5D|**0K`8gnLm4vD4=glTivK7$e|@+J;NWb4c;s#mc8<Lcr6`>00+IF{}ot&
zV)`xJg^WORKW;G0hX$4#x?fwlkhpzO-6q1{e6~n3!0;r;{5e;rc{?}8yIb$U`&8hT
zcYWjB`d+`~Ab&!)Z>_b6lIcQctZa0s3q01I@S@Q_=Ou;KzI_{XpOYI~LH=vf4}*I#
z7V$xYF$>8sS!@vscg=S%6es5~{aQpyP?plq#26W@?zt&(Qm+F^AcJox%+RWkK1GH3
z(?bGyU-9sE8HZh=Q^+7Y+GRfN$2puJm*D%^=Iek;Tz!X^FmJy|(^J_)b<0mlWHYkn
zc-c7Lr-Ws;*$cc-5_ITC-;sQ!Ppqm~>5}-Wf^-@isI|DPdrx=W*d9*qAx0{An(7+8
zNq*dn<_Jw=rg8Eim!~Tc0an2TKQd6v5An~y80u($0c$69juOiMl!rNyB;HHBvK^d!
zBf3g`_<mu9-heMK#p2V3po*;2N!303Q~GoBEsYdfg{Li@xoc<M@01Z&<8P+n=A7>l
zvdb?OeMUms(hPM{9;JB~IK0mEvqv(j3f8yj$q8+z$Pk}L#Si}YAbwrbtB$rhhO=OU
z<yx>qVf07Bx4(P_3%iy=5_km!(3e6Jicq+Xb-%ewVDlGhbY1)8JC+;tW|Pxzk{W`w
zTsgZ>HzK-(=h_9Nrf$f(9Q5++4!F!K;~Zr<UuO^{h5>U?Eor0$m1flRm=Cg0i*f89
zc|Ub|0u2(PN1J*zfp3c6q^&W_2C|`SbbQQqJ;{5o{`2$}OYnuY#|vc*Jrn>Hlz~x#
zeg3ikj4lC2{VTxwvPTpsqU*}^i8p3CWDam1zkV>d1k2j-JScF(z;L_K+Y*1#i%O#)
zURb199yfQiSVOa=iiZ}GnP$Fh^Rh%jYJ1D6U`JRbRmd^o^X;13>(e|*V`uK})A{G*
zY9Rv(1aBdc?7TQ~Yp>hy4r#HD=p)|$DDPs&q0xmI621}r&#swW&mJkt=rOh4^4l~y
z1`LOW<goP3V@en9sST>pD7@mW%-&Gfrmy#xTSqJ1VItx&h-6C&nC&bCqI=EHgfjC&
zYYmf7KW~CRZ8L^z4`K}xDAI1Y>v<9-RZU^uHAs57_hK`YBTXFr?4gtw=S`R0A2O5m
zRYrbh>y~V0t^kXm8H@~+g0%xmAP^LdJx7~Q>r9JF>qCP}3m@^J0eMr|e>HzWFflbA
zyvlL-i|qeeliNGtUu2s^Hi&^I8kkh!CI!VGLw`7rKT@-Rks2sc<><!GcZPEF-zlAr
z8`J3;UJGlMy?$QkBL0+yvV)pdxr3P=mN=@GcZ9%MUBYrw!VrHQrk*pX`l>d7x@T7J
zGP}(Vp^op+U{^FsI|f~zw)g8B5)>;RSHlrl+VtDgy<qrCQwYp~+PMfAIU9x(VaZ|8
z`jJ=u4m*E><I1Q)z)3)2Zv@OwI5G${K(Zg1K6{JL_3ZXIwMFcs^2xWs04jM;FR#u*
z!#+t4Z;dLJ2m?m^841XaKE`=Ca=+O(Ddj53=gFMWUGG3FA(}Zu3bX`|G?gBQosf5a
z!lm&SM%yi$h$hr_nP-bYHMo#RfymCIz4K27Fp{qY8%nd>8&)?M)N!R^^M8wq`93d;
zLamM+_ilyckcuuh)$p9NQ;&7Asyj{JnlOIebRnD=m+!Gh&Py4Zoy5su6jFZWSK*EC
zR3KYkLk3jiKU!{XXSK}o%lMSfGh`)J{Q@TqB(OV=uPw%qrgSbY?gxcrGCukC4V4Jz
zRSBkfAREjph=ny`d=I56u`web9x8$;tr7}ep;3*6b~qvX{nekP2unh_lAK1SsaVRb
zGS{WE%uOAnZ496YHte*uc&ldIqU;6N2ui-Rv2T~5l9X#@33}_#9<b*SoZL&P6L$%q
zo#-sh-nQIXZ6-s73p|YaUXJX-*0R)h5Hi2O71!LGE(SUgWrb>gf1`hH*6-gaZm~LS
zP)^H3*RSm<zYm-89Dc=)&?nhZu6$oXrrJ;sIcQOu<HW}RB)g9*k=s*(i2J7+wwu(Y
z%jw5qn&yu_q0inUPE{(`rD|0b$U8ZNJIeYyWYdjd7q$%69ID6`9Iw9&A`R9%NLz70
zS?4UFx07SLx#MdVI&o^E`iC}egp<O7OmL<+3Rako-dQ8$L`AxauJ$!9wH(9fxY5Te
zYRpJi?K8cq#QqASx+yWsbklHy<8c?dymm)-MOgKY#(k{m+>l~P9aPT;nrRHkOWRva
z4KDOnPNw*=s|>#f&G+qJ^3jjr+qywGEHMD(_RqvsvP&s*uex4!tS`vTnipL4Eg)OS
z>;Waj%6s<zvZUWQJp!3ZRblH+{FU2=A`^-dF1ej?#Z_JNPi4T?0ac>3d$Ync%cJbH
z1tn5D67DW4VIwvwyV?na^$oG*4r{8cYDm8(v2Du@AM!LDOjs-%p&2>B2~T=Vw4{KT
zg6?Q@jPYTStHxnZ_~KJXw|9r=cTRo1b17d~B#U=gx!8-IZ3p2UGXM*}EGa(On|>J&
zZyY;(D$Me$T25a>1=<5v#;*#FdCmB2K<L2S%Muo<xfonwhxjkiv}C=7uh<l;ak1!-
zs?H+urAx`JR>BUV{nTALcl8{#uUyT$PY;=$MNFx<&6(`|CkYHBYx`;{QA~BI&Z%Dd
z^P$r|PD8V@^pZ8#;^fF|AOt252Ok*!rNz#>@PN>dG_anFV!nOLBeKQs7Paw@CTq`@
z@|Pk>fyL;2XB@}8>EVeKSOZ&SS$LI6-aW*)18!pY*eG;-&y^2DMROPn_8{KFO8_!~
zyUUjFdDwwDul8t?Jz=JhbjIt%kavCFz0YJ!ToHdfVxLVT^6o_|g=A>4)4V?~b1y@4
zBr0s52>AL(;UEFA%3WY@yoew6=m>UZEq^<__s;M*O*l_INjTUvIy7fc68CWJ$1>h3
zC3N0DEMSASB<77~BjbYdPeRb-dDOOwl-(in6GLG7;u1;Q1`Fnvvk;u(+~Gt2VBS?I
z)05IbD$P(=P7@JBGnAiNy1}%E@yZJmH&t6w5<op}&(uiu@#qo22VRsr{*~>2D&=pR
z^@mbcy0QE!97S@hyp=8T>nkhEgqKHA5EC}ERXKQDs3>M{DNv(8mhyn>L1)!R8~<b-
zHZgkE4n9EzagmQiA9VJ+W!z5abx_~(FQA<b6Ktk;u6>c_pGJSyks9w5s6i3ui=pr~
zh7>K9Xa(gyvY6uS!mQH^G9?e)0Q~|5ruYt-usM<+y+H7<!eQQt25k@jS~vMf$l5lc
zn>Na){a#|UYBJsa?gzn7b1AhG1SUkP4yt|{!M+f7#ocCIy1NANk9xu=r?*7b?P6>6
zV|^-w&vWw#nD6q3<Y89`L%(6aEj1>N72*>VR(5APslj0B*NFQT^K76au0)DDgpm2h
zDLt{9GHmf9q!8EI+UL2wyY;hQo#Xzm&Y=P?{hi)#{q_%f3Dpo#yov@^<eyo`REgfJ
z9uP|$z!kxO{3xcucpJ4w{$9XlApy;wCWW3DG%5_QJv%(1p7;^kZ?ATB&ZgDfPyRi^
zX<S~<Cr5#<c1R4pBEAUdPgV0;LRTeVE|wllPhTlse`P9X^>ah$d&3t;L2*+Uk|@#s
zjn|8vdixT*w^6>h_X3##Veng37>va}@?g3=twHaIZe<YcnlY6hmKeUE3{?>BIePDN
z#EsYcK#=h=p)onqGiEvJ5mYIt`2*hQygK2nKCR$Uud5f4ySA32LyY8-iZkPF$7aYW
z&VY#TjFnPi8<Sq-u>MQ7qLTPdeJXgfP2H4YpEcn(a<c}B5o5Ia?3%3ir@$;?4w3&a
z#~I|w{HsTldE?i-_13*V)2&VB+%}`|{l46cz>@@Q?d)h8tvjEMnP^#dRM;l{E5ETO
ziuVlY=^%UF`UjET@B4<0t4ue6t6YA9K!qFDj(l3VTankc>&X_4WVU=UU91ERId@@?
zn@u0z;ZiGc>ESLTmGXpyah=+d$_#uKgzCx^5v*7MpMOP}Rgco%-cbs7iBtUtQuGY1
z%1U+%a5f}+Ou%{4yD|n&J7IReV&<dvZU}2smWk%8`W!<>wCnlk7Ju&EvntNmB}JLd
zQC*fG2d^66ryHAhPR52hO9c2AgX*9qGm8xMrhH<IvL6w)--{E~ZYfMe61tf{eO|_S
zd4v6`=Ojiz7Q*CH#NV|3*PZYi$w2K=8dwYS)xE}(IfY}2c5z3kih!9$kL1h{sgh)1
zwG0NI{|ps6ZL3`w(7#N+aHe51BjZ!6IN!<eD@|u;g(nd-iEi4QL)}LYNICgWrTTlj
zr{r<&bH0?RmG^?oQEgt(M-0$ArJ@GWhetVX!d+#1pmk0CLQ6)Gm!8k1W2GZZfaqWD
z<eprLtTk}F+8EWwUR;;2i|5ay{GLDxw^3E*PS<SQPq=zZ`E4foEl-gWVn`*-xVmnq
zyUfV=YuE)H3u@cN^Xi9jg9pA@q77;ohKWyDwV&vzu<s^6s#pca$j@@*u062EsBdr@
zcv%w=A(bV>_%dUJ6A1wP2#gkhT|*WCEfC)D6Ls*U8H6|T{&kT53$3k@3M6TwhBdB8
z;ZJzabA2|lL;YNgg*&X`42xxlm?xk={Ny;o;MX1ztz|V<z9s3f*JF|;71_z6p^LeL
zt|%V0B{ubCS2kinL@&lUC@h{tV?N%~&coE4V<&L4jMhV@&}Fv0EAJx*o*FpzgHl?|
zw3<lUp111r_)RiPg&Bd%I7x@71&|KHn;@{LJwl3ND&cg)nGxLacwJsW4s~=l6$u7o
z0RTKsFv``%e5dz1QH_G$$$5S<3u*3<yd~jZmv`ZA9J$V8>Zxsv?H^-KrgRp1Y@(~u
z)b?eEnb-(th*g4ObyU!#T&RQEz7<C^@NtFz0^~)_qE`3a3xxt#*+5z6W`&{VN?*K5
z*B5ry?y@o{07}lE=*(T{!GvalKQSg3QG>0`!oP?vm9T<Z0cihBRmPJT)M}xDb(M7N
zBT%Q&L=ndaN}_Tfh*GS$#fo2Y`j70JxyhWQ_|wYFj}22m>+lQ|0~PI@SaF!;2nQdl
z@me-35*uy0mX$DSaXUK*dA@wIaKk4<75#jGf~SovNb8&VE)g^*gLER>_3~VS6dM0L
z_`w!`a^bS1`NNJTMwMy7C}o=rp#2wBr*B~cJ~r*uRZNWsCgE`HQMp==mhP|FtWwTq
z5#OglVMa;pPjiM%+Qh9L&pw<uq89X;*^BhF1aeSP%Tmw%jPnpMJ?J~$Ca7{<i_V4(
zHF|di?$$YqW0SC2qp)Bqu;d(0UhGI3UhxHz5bE?9ndmh#H$RWQJe!&+W_vJ#yYi=%
Y{y)?|#k8vx{})LaPg2BgE0Og70k=$XrvLx|

diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
index 1c6973b01763..f6b802bfd188 100644
--- a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
@@ -40,6 +40,14 @@ const OCSPHost sOCSPHosts[] =
   { "ocsp-stapling-skip-responseBytes.example.com", ORTSkipResponseBytes, nullptr },
   { "ocsp-stapling-critical-extension.example.com", ORTCriticalExtension, nullptr },
   { "ocsp-stapling-noncritical-extension.example.com", ORTNoncriticalExtension, nullptr },
+  { "ocsp-stapling-delegated-included.example.com", ORTDelegatedIncluded, "delegatedSigner" },
+  { "ocsp-stapling-delegated-included-last.example.com", ORTDelegatedIncludedLast, "delegatedSigner" },
+  { "ocsp-stapling-delegated-missing.example.com", ORTDelegatedMissing, "delegatedSigner" },
+  { "ocsp-stapling-delegated-missing-multiple.example.com", ORTDelegatedMissingMultiple, "delegatedSigner" },
+  { "ocsp-stapling-delegated-no-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerNoExtKeyUsage" },
+  { "ocsp-stapling-delegated-from-intermediate.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerFromIntermediate" },
+  { "ocsp-stapling-delegated-keyUsage-crlSigning.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerKeyUsageCrlSigning" },
+  { "ocsp-stapling-delegated-wrong-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerWrongExtKeyUsage" },
   { nullptr, ORTNull, nullptr }
 };
 
diff --git a/security/manager/ssl/tests/unit/tlsserver/default-ee.der b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
index 08e95118ebe1e389111c194c97c62e999371402e..ac98037be14fb900633475e38ad684a18ab943bf 100644
GIT binary patch
delta 296
zcmV+@0oVSI1djxeI~FlDF*h(XF*aHk4Ky?`Gch$WH!w3Xkx@H;)H8YP&@<Cj0KeTs
z2TbHDdxXm~=9~dNm*VDmAE_Y7Fh|$<*v<*Y2NpZZ;Tlr6Df>%$(k68(Qn~?p7>Xgk
z3A@xV4oa;v%i1O4>*j#G);~0&jpas4xRX}+_ZFVIxP$Pj37pc%3i8)mH=xK(j<U_M
zSDW+CHSWf`?!*-V-IELfgMS~PadTG~00KJm($-^pcnXVXhPiVm@@L$@*AGAz2J@Zd
z&bVe8XjWxVm@CS7>ERjU04Cr^yBqd1+J1k^o|YAvdpaDI+7n#}CR<yvm$42s_9He*
u<i_TvajSO^$kpk{7LB_t*XO>=rOLfwHUuhOx6|5sgX%g*_2eP1rvcSCGma4e

delta 296
zcmV+@0oVSI1djxeI~FiEF*q<YFg98j4Ky?`GcY$XI50CXkx@H;$(_+g8Hu>8RTSsj
z!a?v2LYO4Z;eVX$b?~Hd1_p8dRO&o*$O9clJf)^bu8rOD;I$p<OAiEso0eeWW_zhU
zKkMpjr0h3Jl{RaJ#sB4TnD(JQTWv1J_TF$9OoGcs5uY%JDKQO1<(R<-&rm1PRkNt{
zuEZ$~9aDc-5}G;zk&_GogMVK9-10|3R3pFtGiJPNeb9q~o+ioO2tcLoOwLRlMvO7A
zo##zaAh~=*<^-zjBNH!HhbWPK+{2{-iO690Hk+Y?wpWn@#psj$XPMBp@QYTD8J7Mo
uxi64DOI?3=wbdX*s5{#l(Yz|kDT5mM_`LeYtDBNlO40qDQ>o~i;{o6iQjTc=

diff --git a/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh b/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
index 43a546c1a49a..ef388bbdda77 100755
--- a/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
+++ b/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
@@ -114,6 +114,24 @@ function make_EE {
   SERIALNO=$(($SERIALNO + 1))
 }
 
+function make_delegated {
+  CERT_RESPONSES="n\n\ny\n"
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  CA="${3}"
+  EXTRA_ARGS="${4}"
+
+  echo -e "$CERT_RESPONSES" | $RUN_MOZILLA $CERTUTIL -d $OUTPUT_DIR -S \
+                                                     -n $NICKNAME \
+                                                     -s "$SUBJECT" \
+                                                     -c $CA \
+                                                     -t ",," \
+                                                     -m $SERIALNO \
+                                                     $COMMON_ARGS \
+                                                     $EXTRA_ARGS
+  SERIALNO=$(($SERIALNO + 1))
+}
+
 make_CA testCA 'CN=Test CA' test-ca.der
 make_CA otherCA 'CN=Other test CA' other-test-ca.der
 make_EE localhostAndExampleCom 'CN=Test End-entity' testCA "localhost,*.example.com"
@@ -147,6 +165,12 @@ NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE md5signature-expired 'CN=Test MD5Signatur
 make_EE inadequatekeyusage 'CN=Inadequate Key Usage Test End-entity' testCA "inadequatekeyusage.example.com" "--keyUsage crlSigning"
 make_EE selfsigned-inadequateEKU 'CN=Self-signed Inadequate EKU Test End-entity' unused "selfsigned-inadequateEKU.example.com" "--keyUsage keyEncipherment,dataEncipherment --extKeyUsage serverAuth" "-x"
 
+make_delegated delegatedSigner 'CN=Test Delegated Responder' testCA "--extKeyUsage ocspResponder"
+make_delegated invalidDelegatedSignerNoExtKeyUsage 'CN=Test Invalid Delegated Responder No extKeyUsage' testCA
+make_delegated invalidDelegatedSignerFromIntermediate 'CN=Test Invalid Delegated Responder From Intermediate' testINT "--extKeyUsage ocspResponder"
+make_delegated invalidDelegatedSignerKeyUsageCrlSigning 'CN=Test Invalid Delegated Responder keyUsage crlSigning' testCA "--keyUsage crlSigning"
+make_delegated invalidDelegatedSignerWrongExtKeyUsage 'CN=Test Invalid Delegated Responder Wrong extKeyUsage' testCA "--extKeyUsage codeSigning"
+
 make_INT self-signed-EE-with-cA-true 'CN=Test Self-signed End-entity with CA true' unused "-x -8 self-signed-end-entity-with-cA-true.example.com"
 
 cleanup
diff --git a/security/manager/ssl/tests/unit/tlsserver/key3.db b/security/manager/ssl/tests/unit/tlsserver/key3.db
index 6c315aa0415d4b6dfb182954a51df00b7e72cb1e..283e8fbf695d92175f5fbf07e07e409583ab716a 100644
GIT binary patch
literal 49152
zcmeFabF41gx97d=y=>d&-pjUa+qP}nwr$(SUfRpH{hnXH=XP$V(<lAMZQS&#WTxhm
zs?1r>C;8TxV~*4q0AMJ30000$001EK008iRbpc=i0093w{i^{${MCT}YJXh^0ROxF
z>-WF<cz-p(Bx|p|zs~<U{&mm4+P|*<Z#^LX%cK5po$`CKZvx*0z6pF2_$Kg8;G4iV
zfo}re1ilG;6Zj_ZpNaqofG^xQj5tgpWH4kR<Q6D7FwkE<KP)gguoGwx(7*a=Ks`WT
z-^VwB{~HMa|Fum;?+;W>PYwo687vz7^aBtE6cCsm0|Z$GzDz3IRAOjh5A2Jvqe4Ek
z%r_MX5D>&4$d`bIP$^`>hy?CD%KG9<-ZYa<A~xXOT-Z3AwT7z%a>lX$+=_nS2ALg-
zv3eD}e*WqS=^rMlGf~xE>m4(5HH3&v<69k2!#Icid!pzgDjJ~{?A9%6C*s_gmP~8<
z7#=-*IUXKN$ck1Tir_3A{X!7+apZo#WT-E<KA}$UG@x`Lz|#aRSD21*_KZX#<C35O
z7?Fvv2HdZ3yA)|J2*Vts^=?smrnAe_w)+5om`aW$ozqh}Cr!j<0Qv%8NG$=Ds`l21
z8)V~hQ)DsHB;vbYn{jGVNTNA--5$`b70G0OuroH>24ui!2`MS04-jQuCJqD~iijf!
z<W;hl?c1x_0%L!ltP4IAZce92{~po-6{N_8uPW9`3b-0d!<dSajLLSJ&}PNA@nz=Z
z^qN@RU-2LfQXc~5b1c@e6C-+5;3_Q@74@`AOc^CPGY0OhzDv41r{PNTxkRtER`Xnn
zC?h`Mg14egx^==lFzM)Y%A3!OVznMx?8@ww+)V43WB}t#eB>rM@9mW7EWrjgBk^B$
z+Vp$7Qp5k$yqskZ?48(IOmX6wS&;SRTYi+h4iH}wwWE-F^DKyWBO{jVcGBMZ^&x6L
z*mbERTnxXDqz;iw6xaT?KZPGGCdwh%BB&Rf^g{v3A6=5vSD#*@?kLLh3AQ_F5r|hU
z{|H)4;wRC4L}VrjP{tNg=UONrXt-e4%O%I8lFIVFOd^B4`LB>M1M=GG&v2y=|AT2t
zKK+j!?jdwo$oiez4pnkL{<}iFsEE43?7RkUu=(liI$K8yVro8tVYfub^-(f*T=+8~
z?Un$UY$bofRAEP3D2ZR?FFqCSpPejx^h-@?0-(d$f;JF+noJ#w#th7Pb*__r5k_3L
zzdwSS9)===mg1yvf!rm!CsxDfKzfnizB(^uB4~nYjAYvUa~lEpD6Y<%fL#=-j5NmQ
zBIvh}XN#9kJ)1-FZ1oJusRm3J&>80TjJO~O@QG}3LA_Vhp6_&73q*x*qDoBY9&omD
z->|ryUjj9;r#T$S;ML!V2SC7I2HN?5QN-uGw%-fCvz%w1KEO`#3IRYRBt?_Eo}}lA
zL*6ilwJ*Bn%bM|ux751=k<gpp*H-lXgKCmnen=_WZ9uAJ*xJ?7{WUj0Pubt9iTTB3
zbQ8{rXYR*#X#R5$!v>$>G=DIS0JQ9ce@clgLkbl4twFA2&UWyX4f&%E$2Pxu%fp@T
zvt^AkwA#ipe@^9sndFXtNVHME0dx&xXjk)CyIscMse5BG*Dc`?YX#S#2e+s9AVXTA
zaeOl)gbq(e?BPndAG=1$*`M%7w=fn?q)GD_DKL9%R|lBr`;Y_y0+-(ct^^1qSbhrc
zA?xN3fN<m;PXz`%`KuAUoa3k1nLIlEeICFAURZh7i^@9l2dyyj$CBcEuFC0jzHSf5
zz^^5s#rM|F>SFLM<`H>W_qdHmwvnjShWbJdK73&uLE$r_5p^0dp+W<+KV0_oGCAT_
zsnHzH8<vSrK4ei?<kd-ZfsdQKzb`hi6+;<LuHkIAJ2Ayf%wHh3*-B~2mldQUY?Fd^
z+ywD&72pqxt<Q^qv5ka<bfV+@acE&4E{DiT=poUY9$wcTx=VXo8ZrwC$a1Lwj{$%<
z=^aMYId+IsuOkA7$38(ez^-%k(zMcUiNkgi_B<Si0xad2>qxp;5p6`FTs9b#d4e61
z%6!tJxI&KA4F$;;JjN`LH_*MrmzE@M^&CrJy=K)PT3$OHyIHS&6o|{z;Pl|!b>f04
z5gi<D8j;4Rnn19=Xf=PHRmsFRcnlnIp=cwSAy9I>oVWGV_rz9U00wF@`n7ls$*#Go
zVI5;)5OyqLAfrY`H=bCF9N^Vt9noG<VI9>yNX$o!kU6XgQy2W0Xd7RNjivOY66w><
zP(%x7*IYfl(&#>wfXH}IMNTNG$Td}F7FH2novGr08X_vu*2Oax4I9L72}!QANefZ#
zH+INV14+MRbAv(46us1SLfYgL`bho#fk}a33KT7<<R%ARb+plijN0rly;-h~w?kD>
zPyagAd<+pp+p4;*f1+9BbAu;gb5x~71fc*HE;ryi)NB~`8Lm*xk$WcJC)KE|0gS6u
zUdg%^l2yD=s^yE%WY|_vsu{KRR(`fHgwg`IL9hv50NCQBCiV}iA(ziRmE#*ITBLi?
z_JR0f^0}*;_**sUzuR7EjAmqNqO%IFQ3fvHF-d5bR&{oVKHeZZj&w-9aP%nZm|jH=
znC*3;0{9vhC|=i?PCqG8aa0p4Gv2YITjJE#cg<Ecv`_{(nQ*QXNG@zF%i?7U^CDn1
z(ERIgc*vGNjXPUPNuFgxiE||vP>fk4TiUgcTvgB;RYl1wA71Z+94>^XGxqKl9@`Dp
z>BV``Mwa5ih^}@BXQ@t;LuIXYKIRb@26GOseW+uGq;Lk<q2;-3vG0x1o#J?6=r7Js
zjuYE*m_TGIu*QFhntw5fG+5(GN(E6&YpLug!yWpmTZMPCoeQ4h584zTDv+4_)q`z^
zrOj~)w?&k9eq7*Rako`O>M<?Ls;Z;yphF&;!k{wjORZh9#bJq87J);2rk54AIEgQ^
zC+L0kGxu(gHuQ>SsWsLe!LPmlxK2&p$`ulWp<i=cZ>GsJdES<w1b!2jg`&_TYm4?-
z^gig2-*osmxp?u_AP1{hJk%X=xt^;1_&JO((z>(7+00-I(`R6s+B25t$>p0K?=a20
zC|k7c2x}!Tq{nf>KKvzM{zI3R&I;yO{X(o%8~-`2z>EA*Nq8kWtO%Zur^dOQr0@}V
z{`7pO!02IG!s;tS6{=rJ)&tqSac@vnCMdyz;ej)^g||S}jbpvq4HhdKSQfsaC)imZ
zaF!4PGWLSjhkyxxTG$eab9EgjbIs6^TZTZD)@M&~-{Ts@!1mIeo^C`?JtHO%r>&;o
zn)A<e65=|-RZdaJ<4I8rQeNehWji*Pr_XkP{w^#CDB|dZX}<s`lJ$xA6Jd+|Ap*^X
z7wa1vsGK&`NyysK(=i16R_FSks%$C@W8XT$GR7Kd<DGsyvv)VQ>0=Ec5O(f4X!VU;
zVaJ;_c-vX~n4imrglJ|&$ZW)|^HZ0$Pf0rl66m?Z-U1l;(Gk?*2|q0}OONSQAD`Uk
zP+phx4$l~H*51Z>7gf<=-F|--s0XAel4%LJ_>pm~t3zrL!4l4EurSmy9>(tx{J=+h
z_y^UvHC!U0aZ!oGDd*$R-j-Cl3!(m-t+6&~q}b!py;P9n`^YI0lG=9GG{Wt{#XG%A
zLf7dE#h-C?pn<K?1_%$`p+^||fPJ=Y0~)h@6Ps<VouWW6L5Np4iN`HjxQ=QGtnmhi
z1R`g-w!&eas)XG>1WO8JqBY!2ptVt#P&JdlQHzip3WbY2fOgxfm#aKy@8f`HhGbV+
z#r;S>Gq?e(QENY}hEZmxk26O@S3H)kwt$*mVm!z1DjxjN6Zt8Zy__lm1RWC&<5LXZ
zT^+>$3ewBLuM^&D|9%5J8$ElZhD{&?D0)xeCAIUj!qH1dckg@{lyO<3XYnodDe~|(
z#Z;&JPJD3^InB*kaXZoQAb=>s#j6x=NHQE*v*5GJG&HN*fP%c%eB8TA_(wp^e*M$&
zjHgxMPwcjzyhS=TS%Y}xIHHN8{I^eCZSRh1<Pj8xje7ceSh6?+r(}DKK;jp%+0DKt
zZYG`(9fZ_)EDXMdOI!@JP2Rartoo_p<8jom(;gik3ChDx0to)8JDG@GzJP*oeKpfE
zs2y1itgvf13K9Z#z_vv%;}#Kt)1VurWi0Lt<Z_4HEZLuD0Sg9!t3)cavh{X@jAqn}
z3e5B*$&|b=G-u~|8gc`Ez}$V;JoqG{nSdk^{H2<r5_6UKl#d>OdI`_rgxxwHy+54e
zLsvPL+KnUu1Q5Am#X-uqi?J+G*O@)?jteuEqhUxOTgNxi6zVP6#RX%U{pEoq&R+|g
zS=Y-R6O$iXY1caIO*PQAU1}O7EeZSqjzQ^oC#EAV?pV(mtpd5i4(EZVEa$h+1if<5
zriVTce4zUGNR~?UvmuMlw~uYYcVA{%lVQU_Tlma_8PG|VW@=>Lnbhi?;-K(oV*O<4
ze7xdR|3Cs){&~x6O@)DhIk=e~rf)boRacL<N!AW}YzrY8g?O1WK2U894Ui+^kskVu
zBb+emxX8WTf|T3Mo~4kwgu>&R?^fowOCBhKblRX)Iy74N)(pPfPQvsy+~p&z{pm#N
z@!MIP6<i=M)_Jd<_^si8?En9#+Q#^P*lz;=O9}jgbzxJfIU;&P$=W1G0S8P^ya0Cw
zgZg_-_VHH2iNL~!S17sw)pzgCHdT0VL{r6?h!!BYI9s9hDY94zed|q8AI^LRNprnG
zmFfuea<y~Dmn-$#gB_{05m>5hj~IWc$#v&Yae;)~bJMQ+HhUq?4+@tDKA8!Hs$A>9
zP@`Tw$IU_Bte4^D-dokK0|C3Mi#)Z(5A;tGAq6|s5XJyb2npASc0Zxin9C%pMGXeP
zMe=L4ou^OUA&(q53hzjSTltZ|g9?!%bR+>)Q!TS1SII-wB9y(as&VdpnKspE$>V<S
z;B#r{gTk3@Kh~UOMqD?=1hyA%ZVlSCH`N6eaq+^>ZADBBb8;Z#)zEtB6KgKM6Pbf@
z@a+=>){=__|A?<$T`FYnuiTw9rX}c3mi_i4>IJ$TLi?1uF$*5^Gj0GXlWg}Hh6f!=
zPK4j5@MKm;T)VotQK47fJv^MVve0JA7QwQ(iC4z4QAZ)-nks~=ImfpHZmt7Q=5#$8
z!V87<iy`n?xGEZIx)Ja4zgO22l)b{BP~Aw7>PgjV$sb`@4|-~%qz2$flAFMj7>(E`
z^6UfAs03A(lgO6Rm<(an9A2>`-7=Oy^tHRnm8S=Xw%-);^L*oiq)-)__@|@5@|y9T
z?*%V_k^Ht%i-6DSr$bH#<>$iY(jppYS2xJ>M0C6xN$*S3nc@L}j#qCcqBuj{=>6J{
zK_8x^?`daVsaMtffjAg`K}5USMbZz!L9$%l6ZxIrB4Y0E&QboM@uiHJH1@#`0A>h-
z^knqjb@o3{ZTQKzhL04Jti{JimrcG2@%Vhl^eY##-Z9m;eANMyWT4lA;hKNMiF{*a
z75}HniLTu|Y*rtKU{h$#ezngzjAvIJLk&)b0|y83R)*8rwHUI>xh41YBfCs5AI<#9
zGlIEqJWc$&Yx-u;(73T7JL)(YWGjDJ>QidQo#~`8nPM8g{bHALoY%-Bmm>1+HN76>
zD1aVIjREU=GG+Qrv-k7ttlO>xd84Z!_^<SjwXgczyhKI&7j|>UoAo)qO}2kfP1S)3
zYzsYz#=Y-K#saNTC~6}e{okrF9%Y{4xnoQ;hX|icDK5Hi+^J6b;h)MOZZT9N3Dd*!
zZb-i)HINP7XPG<83Z)C1)|`i&1W>Gp3fqzB_9o^?6@7cQGYFX3y2Fpipm2uKsZYC{
zec8qu8@~kLV6hiP_CRXT?i!MJX3BKA+I^iwqTvRNm$*+JCFxPO%t7UV3{02eopYD9
zp^M@u>7i<(S+1PNI0tZUzV3p64HHg>uxD5#notT8<<Ob!rThn(?aT=|yMy~u#HfFr
zT4qB(iL{cj#|}<5I@SZoK51#$u~JY2EcDRoMl9D2qY!@!Nq{uWXYGTx`*TeqVJIPK
zW!_n78^*P1JMP!(wDxnIItj>bV*|tZWL792H&K)ANGq4>dqaVUlSRLN)+c{wp?{fy
zH98QBP0rJZ+!UKNV0g*UPr+2G1bf-VD#1x`BM5kRemTsRB%%2WSAfA2(smaxXyTu8
z^c6w@z{W3n8mS|PG|kHM1Ux_-RWi3w)eA<d>NI0B=j$XCI~}?vjD*f`Pq50*Gh7Sy
zXHDn(T<6lXAnSmzeiR9QiHP(<SeGP)0zGz(s^xjX-Iw`stB)LV1BYknN(7bF(+0)-
zL|=@Z7q{eZmjRsY95>aK;+fLX7MGdFn~l;z@>?Mst^l9Q@2Q#_Y?K3L7Ln|BTSKG!
z=Tb*4sh(aOnMZwE+p-rQ7D$+;%<18hYvokN5NzRm0=9=Fs%LdSHaa9z>wYJC52Z+G
zdYll49`tArvCH`f*U$aTs3v}{%_G{^Rp3np$AhavA-!>R1d0r(X+sB7D29J1-+gg_
z?BHjV)Q+D-GF#>lF$BS$xPwesskrJ;)$40W)T{?SoN(8Mory`3!Pw@Z&6qi(?XM(e
z<GfcM#Cw^5SFh-WBKlnrs!1#5mNrg9_zoDGH7g7haM<XAJR9<k1t>1E2oH*7i$VUW
z85Y#r5^K%P+YzP!j<nvEqZ#9Om%DX(uP|Ghoie`yCK?>M<~iW_hA8W{d|Iod6Yj-x
zoQcOcKOnwd^AD=|qaBD57x&@W;Q+_Rm@$dZG`&>$w`!I-+Rt#D?rQ|6%m{pF2*xL|
zYu3a&XATqx*rJkfWz_xXM#{D7@f5C`<ROdp44;K{7c#SI*La?N&zd3Fs21pGkJcu5
z@So(#(y6j{;4z^GWh|b+Y<AWTc&|^H#8$&`<nPi3w~TU|kJ*fdJ#_0=0ZFIh=gvUF
zU0qQSv-L<gZpA_}Z?%~&i6#)$Qo8H2j`7ofXYr@FAZ5Q)I`c&MI3fKB@57w674b7t
zc4}^*>cozHAPV1258cI&PG46*Y;3(Q2)ABr>E5q;(*j$vmR(6!T5CiJeUo0ZEe>i*
zb>$$I3pelNUu_?`U@12&ZL3Ru2`Bcx^wz405GXq{M(-cr%Sz^J78>6BCF<Z+#1-fz
zQ@+PkHB`^eD{0G0rsh51;76gD(gx{^SgcEok6739=3<+U6eMf%bI8az9Y>adC_l)$
z{U^Bb>u%G?4=DXr84lcB|E<i|hb~Nle*GVoDdpIKL<l+<r4EOycZL@bYS^}hqP#jQ
z#vR@yIDgXIdJ*tV%<*L~O1y{#uJV4z(q|!=uNGR_%j+=?0K6f`Ch`yJn~6B6xI~Tv
z1hx3y-pdN{F+^wb*uV1#muSjP1Vy|ho$_~Te3=FTJ3O#^&t`{YmR~SdF`cB;RW<d&
zV{1`^j|eqZ-)`jUEjMsqW35^4@|R-a5ZmnxN}<jjA)*p3VXM5l#2i9JJZ#A}^jk}1
zq)Nj4Dh5Gvq*R;OYyv6tDZp<QWvd!>_|ctI#9v_&%&LnS;jA>^$;lP(ff#E#EJMr{
z<YX@Ray#2T?;RQ0;fn)1BbKlBNpsELo;I}q=ZBXf&??KaY9ndRUO=sEoV*2Hq5VZ<
zTKWU?`!2RlMv@YRupX;g2;l5nTp+dIr(N(DRdfJ&()JVM7}?d?V-m7uhHd5zqhiB7
zp|uGo%9Uen{UdlJCRgrG5rIs#3kJ`)37k>v!kV+HB|w<PnY`p5p{|M@)HuT+m{0+P
zSjg@G30h8>57zzky9Toz$8qI4Y#u(me^8BdgA>n{Ve@UAE!8H(z{5x-uYU92s&UIe
zi}vSGB!Y{rHO}K0WrYR+^Y2bjZC>nIbWbdPsYNjko^e<l`55J6jgqXx-YB;p;<jE5
zJi3m1A!lOwMKX3@Dj(3&6Zs)N+~9Q-KURz^ITq1q1HcIG=b4__VW3!nb1u2WBNg30
zq4hj`Oi>HX(ib+*a^&sKXQt&6J&p`U=dxP^Hn23Bq0q#M+s~u8K-eYyhnbK?HYOK?
z*^f%>2h(q}YsB8tqPT09%=O`3_D_00ZcJ0Z3C&bHGFduT66u{61q<>Z0^<5n@}{Pb
zw;gQMyPSFuKvsq>1&HH1>>*m+>}#HeluM0KfRGKcXDR1XzjU^#@X=)l&;xUpvN5TX
z23C(kB*PO`0<tqc0W6a+06s|W9E}#)g~htA7tl!=4%+K|nkyRLTck3drmS?=Tw4_g
z3h<e{{m4r!UuR6&^-TSRA@h|ATT24EpQOU~_JMwJYzl@G@j^`bZrSGx>BYt$wURMo
z*8`v@OPQ=OckgeS$#|8o$3Z{3M#ZQ4i0Q`iQ{6)g=KA?jXhDUs*3B7-%^#?Mt}I}m
zT6OL9a7#E&CQ8G7<#Cqi!!H&`id#It#^OAO`szP`?&n_Uw}k(U@=Zz4#s)@Qqm#}4
zM4>7H4j(8n?U0JXCFXNS!7O%s&1(2Or9No);(67XJ~xy5jetdo7;cdkxefyz2$5CR
zt%Oeym0Ok!;Zf7k2d@aJPuHlX<-(jr(nIf+T%3sEt~Dc>HPnoWZuL{cijTK+B%QVI
z1E9Q^t=COKBURtcA_aYuX*+Zu^!IaS+6Pw&3A+%ezFVLdC#<@11-wp~f{5Yeoc<2z
z7oY#gL}7GY=uD7uoL+s;+imIcM8WTi#;>?^2@Wt!(TT!mQYGQ#JS2ys)U4Ll9IgWt
zCFm&URegtn&_l>-@|`^uV-b~L$H~W(IW13v+RVyyU1x`$S{E8QY$4|4Db%w&+K6VU
zS8=<=2er&l%epcfc4xEPq7R(9=hWe!yih*{rbdz2Ep?VVdyohIZw%^wKhrmXZvx*0
zz6pF2_$Kg8;G4iVfo}re1ilG;6Zj_ZA4}lBjsO40j{QB_H-T>g-vqu1d=vO4@J-;G
z!2cY9e~4r@Z<1)@`zijusWL-2!b%c*eltV<w@9WQmU_F^s*fj@gx=Wj4yzbm=9&z$
zSrRuT?SL|8<_x`7D(s?Q2IvV)bXgoS;c!ciOPbV(Aku#4Q?};zXHSl1FFGU_o>8}E
zJ$*~!2?{h--0)JQ8_na!lTVYpNv(7!tvLhfu`jgw09bl^p}d^Bg7v8%Gc<};a-CEQ
zNRKVMI4P+HSX&k(LFkX8`B{-Ro|dp+$dfICMvqf#TIHwL8A;7M^_LV?mnd;2Xm@9b
zKUdY$W(Hju=SiFPxvM6@u(ss@oc2M}6o*;{0CjDA<VV7`w14(45D$6)<|RH=KGoLj
zG$yC;5$^2n6j0_Yy)dZ9xd4asn5^#Aj(YR4z=iE|e&O{87W|R?D#Djg+~6M1Q#1FB
zhJ!p^R-9RhVcHXv2MIOKpF~Psl4y~r9BE%Wch}Xm!IwfuQnobN(?h)$u9fw>G*uy0
z`Psga{09>;RHqjz|E$RED5XVp`d+=8`7_kRly5OmcJc}n1d=M=a=qVUoEe$Wk948O
z8?gm=9B7a7Q8yr=-k;Sn6S8!}E7a-oIAvvn3f!sc^|5YOl?Ne@$wnfY?+@=s>@GmH
z^rmp!CdMNnwLz?oo~kMzxtgsV>5)z(ybkuQLlDMJ7n(YChTN%gWOWi?E+$f#LEjhk
zey)-+?h-z+%s_U?NHd>=^shoWN$<o%ZZ@c|i{KZmkUtk2VKMWDuK3>iWv(8)YReK2
zvi>iX6y-z@gD7QuH@oiiqLE6tYF8!Ek~!`vNyQLl!t-BAe{@zv9G+(Wcqc-KSodf4
z0F;Dj1n4M32Sl+El`Et9k5CCgnmQ+~sP71a52dPw;nC07D)G(LmF^0@OLh6h`#%v)
zW4EN{vdEnF=Q&oouTMRe!EjSm7|({Y+(Egl4@`JP3){Y!#X!jp7!Md|k+m`UJQBZn
zZb0WRqynUHTPPox7H<==)zptR-oO>9M6Rc+uBc0)Dj&Ex3TP~3ld2xc<6x$=ioFn}
zAe@k5w02uEgcG)1QM&2mPFH07gKCZw+TT&k#6SuS#g4W+O{@Csn&$pijl8ZFyG|Dl
z76*jm*GBrH=Z}@as<Z7ip$nAaXGf5cx**pz9bU%V*Vt09&DZAImDQcu)+vOES<oPd
zFb3GPS$)q#bkJ~WDMbIaK@Ph)tNWtIIGAKPvo#y!p$KA~mWU(GJXi4?OekvxB?_?V
zw?iH}>*5cAiSVsZl-uL<eiff<`9~-}_bY=KRO7iQ-41B;j7^(24b|pwkQP4RbEd^{
z<Re{e7!q=MQKbq0bO3_Q<zcs9!4ZH%xS|-K^6V{`V#Yo0R0F;B>8KvCkKLzg*h_Qy
z6!g7-SLB!}KbT3AJFbm`{Z7sn_F#dGM#A((yd(ovyi4tn8$N;WJ^4F=JFDj_7A2Ng
zDZh-(TWRKzPj?O$e%iKnf9Py_MuilspXiJr05U4OU+=^HBE6;u=*X|iXaMK`3iLmV
zv^Qgw=6IyE6g#|as_5BBunzHD&)hsKs<rK-Yo*2xlPbi2mV(SYm4^6@RRk9dhUn~W
zq~P&UtfZqlOXXcScSQR7W7S!uFn;@mh*dd}D!xLA8KoS7y=lp{S2s{0575Gc*tdJt
zcsvsN+FNI}ARb37i<h*^+Pq<%hLBdrk3yk#Tzlu2N2<umaaTMT0JVqK+q&vDv(sqE
zwm|W{yO%}Zv_Pry+r<Sk!Vwfo$dz_N510aWMJuXmqZ*4iUS2biP)xrUtk2TfQjI})
zYJ&fO)bN>>xXUE#dq<AwSm&<;K`<xuQG^Kcj2T=v48$=Elw9<hH~=Y(g|j)?axVxg
zmE(3nIh=L1n-9^Se!rebql?rXipx!Bq_!_`aT7V#uc%bTokoiQ#1KBllGLVhv~)32
zmhu?L5@`((_f6}?R;!S#R<`PRMm!@%fx&qL`RFY2>ecKK{1=@`W8;xx8q@vrsY4-H
z;kx#nn;}XfOMxH5){>Hz@(XI&+(zXyb<bS7L2>nwyPb$(dX5E%TX`5@e=quRJqdxI
zhTwT$?$lwO-qssYTO}uKHc!kUnuKP1!*+~-Ewielph-XhJizVz^@Uyq3>AzM<O2i`
zSPv*9@D&i`fBF7D>-*dP|2dQWeb@gP0{`&RXS#eu@yK+JSDcPnu?AsHEyeeL`}?Ke
zO3{jbW`-{SZ48OaL(k?Y8GK{?4<n)R%7EZ~QloNaBksHrX@w$V00aL$(vT`k3!oE2
z+1yJDTH!rjOR(3Yd3bs}6MP+}sF`G4oT}NR^A-;&*aXi~9U0&i2RyN~Ak>un>Q)^l
zmS!@5KfZ9CBAk3}l!rqfWup&&xYvl=m}`WM!Jtt7)yznDU_PSU7zCAA29WukL0Eua
zr_%6q?ELW7t$Tn0rC0qit07#BvSe-W=vp%1GHrT?td}cHak2W#-GIQ*gb~01BH<d1
z0}C-;H!b+?fdBA@si1%sRtyjLdNy<*uYN+4i<7<+F3A8k#+@7B{gsfBWC&(<uORMI
zW*>W>{0#+x03lL=K43<#sA;l6=g)UJy=245z5*XNi!QjhJy+Q{5gD*&iIvPBtTPb)
zu>JA{6|LLDX3B6iK%rD22S=Q?z)3zNBr@|l4}}fCr*amash7pQXVnZs69qYO34`CG
zm~0|~^2bi%8&Tvt<x%Bp2zq`T%f!U5D$`xFNy59$HfYxrS<P8;i;K@uHfNLTbnzWR
z2|mA35M+9KW<GsEf=z|B53`Au&V>X3_t(C27S!C#Bb&2nO+}Wz?#kL0nwTM^>k+?<
zw9Yqr;Lf0`#Vibe;thrsG`>QkpO<uZ*!u`RW*Kc9yoclVFlI<^%uFQoc1*f4ug1dN
zAVPN`?O~NzO*G~UYXM2>s$<61BgmZiO}v~niCXu+25xAcL)m(8n2BuOpW#5DLo{tH
zh_EjpoA6VN*=D)<*y!2Nr0auJoj&Scqe|sb0=IYNcpZaK*eZ)w*;NRb@kGq}dQvSs
zWrIWo?L5J&Po;pdvy(1s5<7b6l)JdXTH1+=8iH?ajD|rR0ySXr1l$Ns8=rs8=sNN>
zuxa%&Bf&1j+I8|9>NJJVLCDkkN_cP`BYC}>9)trMfa+Cb8~>05S?d!$Ym#CKr2(dr
zLu3kN?N=%Tf>YAQX42O>nVp!RR3$h`MEo^g!w79QwmiQ>z#(LQn*lp|qWE)KFPUs;
zC6*%`OhB`Y*m0LU(~5Gw4KeS81a2X6J5jFR>!1cB<>?<(LpJ^5adDlnGrZx#dv?O?
z800UT{kLl7qOGfsQYs@-EcGV~QkoBw42w;UAjhBTArrmJt?i+h>{Xn!smyKpu#7K0
zy!+)Iu2h?-Ag3eT^GGD%@N;$-&`0_`<;_Bnmcq|J(*PNnK2x%A+;CMXW?d}bjoow6
z=Z$xmID(Q=G%EA3$qR=7AY`EPQ5NIdVb1L;L1;^S(^sU*?NtflyaS^5SYISjAVA^D
zOEp%B-;3j<G?^LXb?a^c*b$QkKE7lt`8%4t@XJ!vf;l|lc!6M?H6|w+LmAF~fku?v
z^xWM4y!81k(GnV~p$wKq?k0_`U2$@J{zrNy{TKB1{0dUw2%xA0G8K1?x)E2N^g&tP
z@8fwTdkeNRE+xra9~Siw++!aX0rJna3-n>Rj@K)uxmB}Yx{|yPN1h^_uJHM1q${RU
zSo0We4yWo7W2gt2a@0i=E$gDytR?u{yUH{zuo1tTj0i&Ez~tnpNBeod1~tsi7Hz8S
z>njlv)gY(>--Y1qT=<BXTEtSt(VTBh-xh52m)R=ADeO+;r{@Wx;LrUd;`>olB7e2A
zRU@Cy?v{s9&DQ_Htp*Zt@tkOQRdK=p?W|;oPd>da5a9@9484pF&G0F~QBV!;laS`A
zF5z8css4K31c$jGfTFPY9*-#xmA7T+a$j0!9*GOg@2I!WH3b&we+0A15|Vy@K(p3^
zK1o`R-ot05q=TG;n6Goj)o!-lmlcT@a#?7pmmCob2ZV!2bdlU~S4+CjgN-G|tJy))
zPL;7_3#HOF5N0uxfgxhX`<aYC%I!{1989riBtvO!8b!JA_E=(mI+$hHL3}FN2r>Ly
zX3{kjm1+HpPEyhZSA0_jsbB_RszisRsZ&>|XrZrCbP<2!HzHhQv(N0B$XdYO@s7BF
zPah9m*F~HWSvg3CFzinDliBAgbaV+<4a=J)A~7A)?rGN@EePj>P$smQ1{xO%#~_Sb
zvj%hOijkg*mghoZjLSaM=Lu4OejB!e^4ygV&sM#0f>oJql{oODfD(&nOVfkhz(1(w
zKQ?O(Kx%VKe5JOVNIpl`xSiomh`bOVY|JN3<DnR^?0!Ry1DYV6`!B4!^LYjGg+qhM
z69*N@vQd0x$HmL-5(|92O~FZHt(UiauA`e1d1;&l=0V0vDP5Rgvhc(;Uac{UHheLo
zQeD;@wu%CM)M)J#T7#Hp(Cb&S)pueae?^u_ba#Z@<&?ukS^1ekzASm7*g@8cqIjfn
z<qb_Ma6{#j3Z;%i7;#6#)(eXw44G$vq!<aekE){0AO7=G{a%_S9AL9y3mw0Co>aM8
z^C4W^j}O`hqtz%yC;7NcZ}h_$FEf*d(;j2Ad*5f`K?8-)ry2*%V9Fgsay&##&|}>B
z73OMokhxN^EIzeE9FNEWtTM?1EUM=zaGTbebed+G-dQk;;6TU%xndSeszO;~X!<}$
zf{jc9gnwW7dD`9YSFeTn{+Mon*j-FrB*DB<<L|Krtuy)<PzG19%P<@DC|FHQS7f`B
z6E0wY8cc7^ckykZOx3NrA1gApL<}@C30jZa{_EYc9@#zw&D5H>^9XssTtAWpZ3XNB
z1hlLreUTLUqIMrYk-9<G3j9|h5&bMcsrm}T%&2wWD4C2H6eq|e$n#E6)CT}x)N+sO
zf)+cw>Ma%M?lPL?vn3^tFyYrx08U(!F)pJ5q#?lpEE?o{4XZTm2)=>%)=jc%@dZZG
z<j`jjiTp0GmaapIOBY|JA9{H;HxBmnn_XJj7s>YKYq(uIxYHF%17Jo)%jZ*RNf+Zs
zW(8IPx*D?{e9v9*2seI(mekerf~(mj4`FmOl_jEzLG&Po9q*v>kLzGUXzfMahmyir
z5h1T?ZIv)z1a=!7?Xb1U&)o1(FN82wAfsB0OwOxST;urt9arrjyJ?<uN|oM=`oAnt
zHOHF%RQ^nWTVvK^N#X*&aXJ@rH{szf!}_hMo5i+1w3JF+T#^-<yvu_vnPu<~s_`(p
z8bj!^rM?A35e}HOJu7w>gZSIl)Hmp*Y!4QIAeiCw*}IN2(U_;&T;$GfTUSwqHMq0`
zB-;uWyxY;e4E>O=O(49rzo6-xL9&n~VeqOU9R*+0gsM{s?}q$^3R?8De>55{(LcEH
zwp}Qj0bglLfPY#OYxK3+zG}8Fh~RYK%MWispg*s`i8+Jj4d8q}p|YQbkQ#WCF>O$m
zvVAhXLI14rUCDT<3xRBk7yQf(;{`&PK;Y9WYm1azgt&6Ptc9Vq_1fSaj2{A`R{^GW
zD*ew=&9Ih?{}z20ho97O<6YWn$4${f*To`g^{^yD^5R-ePy3KH4AUywvxlBrk}RC8
z5XlCaUc7%#<o2b)R9Yb?odzkkH?_SS1<CAo$Pk)yN5J4Z$Wj8^xzk7gY4;<(oUNQ;
zEZ7Y+v=2)BG%Rt>(-lYAjr^JvYV{@JDq%Pa_%Y&dQ``WtYY4LmxBSBoG1`12vdMe+
zZf;581niMW26y*B*ki{<6T_#UEOq8b$B$1QN=HxP;4rPy*!0`83AI;hC=$Scz$aQ5
z4n!jjT*gF>gftbWPPx|(&1>MrLu`B1@`gWry5goO9oR%V_X(Bh1awTU4W&D6mf%dP
z7Sb(1da$xI{f#8q@d@)jUF%?ChCQ424MEUsS&<>QM&SG(Rw_w@f^8j_ClfqMkle3r
z@#Jle2)>AoCF}kyKF8wfG<K}Ar_KmSDFC-}56F~y=3%+MWVSAkp17-&F21k{2bGg=
zo7o?rtDw87Nidc6k_3>t9|H%O?Z(xb8NSd;qQt!ittGpg0%(^A)IIPb&oIyO1GmL&
zxMy^VX{#5=Q})mm`((ra!I5d<Bf7D8kQn7q;#VUhIpszF>AT3}c0S9rpajsfDF80H
zPw5dj!E~4j$d$5t=!RE@KT0pM^0GP&ISh`<F}{N--$L;w;XY65L@D16=#Cyv&;!}A
zNDnJs#WeAoWcTdQw{w|?IX~(^SiChs`S}SoyS+8wx*RfdeiZ6<MT0GOR4TfDs!k>2
zZieM@xczbvWs_jgeE}}goMUnv$UzwO6`DY+eA>j)Mqkg8#zD{0@jL$if5vhBp7oo+
zH-T>g-vqu1d=vO4@b3xygQLS8rD(2~&U<wlp-7KV_LC$m%*5qyM+fz;hBMnb=t_ph
zV6Vn@QYLYMkPq~Xo00!dIhvVD6;=ntp|nD}>KwDG*qFBh_zFP&-L|l>9^6Zg&sBHK
zYh^U8eoG6(+jL~taun9+Z%uW{G_upRyR#41_5L>u<)L}Q6EnaVjqDahgG0O36^L%|
zQwRFV=N)(fGrt{IM7`nT$h`2k!Ddsc%#5kWmVghNFLn?d?(oldP)b_Y&Ne*m)KN*K
z!Q&MES921NC$D}=YRB=1gL=Me*h0`EP=c1ZhnyFGgZjq0wmr<ihh!O=uVou&yh^+U
zVnjQ)r(f(`htRG#@47VL<{>YG$2m8g#;vPS+5N-VTD|#m)p3keQl|kc8FBWSae7%;
zQ=WTFyrX3UD+G_yatIP8ZDYzbxLDS{P-igYIkv}H$Gn(;ljVK&HoBd4ds*7eKy4P!
zlj;6d;5yHLZ4y3=VJQ&jNg{^4a4MzCS+o_L!UkJw2nS#gBl<6Up<Z*2cq&|VT!bd*
z3kj|Auwz5y$?h`uT{o&BDpC5bo8fWdpf)Oaqgh#5NO}xaVLjMv`I0@x&`0GNw2l2#
zc)vXu6qrRilY&d3M^q24)lU4iI8HYJ$5Wu&lUoHmQ_uEZ)p|yQa<toHn<T^^RXoGu
z_S;Rk*ht5lr9mv|dO-$(_=k;b(VLe>9l2MJF)2)InLwFAbRLD!0<VjRs}gPs?ny2h
z3eT7>17nCQ_Sn;Q50k1NsKBHpMIScf!`;d}W9GTgwxdvMT+m3;LvW0O@U*A|=c();
z5V<N2d`AS?vw2uYm~vF1beOEK8f%_DK?<C%#12lCV+Mcf=r|${sx?qJP}toQyx?8K
zia5W9GL)Jsx(ON&eNsfs=?%}za?-e}p);Es;P#}>r`17D&gov&84V@&a)fRIK#nOk
zUL)R(cacV-4k)p34a~`&8c(Gi<g-}vFWmwRccNm`5nh>5m2Dps5a@j8FU>v-PZd@Q
z#FsML`5<TJ({RDYkj)R8DQ^%T+bH~(7xjyRP|~%3P>q%!(E?}EGgZxzgC@zvVf&Xk
zqsiZ@A?tNoLCC5D0(a-)9k9rRma7FcEe1HZ&G8SqjTR%0e!zdtraogoXr1l31c_6x
z%v(4pN_j?PW=D>}WT*Lw;qxYQ>_7VZ^eVYmkVI8VBauR>U0RYphE<}GsFl6hnne)i
zAX3%Jh{jlLNxRMRLiks=--;b6PueY4cjKi?2WcuJA6suzh+{w{!IM6r>){Mw(2s1W
z<?%23EjXO<>q0#c8fDMDT(l~Gl~Z-Iou|ZNT<YGQxF1tKoW^dmK~qS|10l_zq2*=`
z0!T>H0n@B82uGWgQY>}OMY-69Il&`B_J&>%p$SwpNoKtm_l3906Xz=dud-0^t?$jz
zgU<*6v3$ZsU!D|dU$n?O*rySgSncc-ilh&w21mv#>%*~pTGVvTjRo@tTv}L4r&GYM
z)W-FGQG-|uF_&o2+-_qYvb_pFqfzkhdRRgV4+L>XPepLA@1t_)uRu=us*@QJpS)Aq
z8YJ)%J6tID)ow&l%&zES^qok6a4EUXU2!KNk-^dJR<v9KMRhi7Ed0fP>#ux<9W8YB
zGr28~lzP`$)NkyNc!`>SWCbLX{P6b!_lNdEzt~^Sisdga6iS{Ye$$O6f}SCuX058x
z^?3x}i*yle(Okpe`<gbv4id&R2I=npWeQmoQ!YYOfSggwmPK%HEIDLyqO-y48oULq
ziydh)iz&)?i%_5lx|Wi5vth8owh94;6dYB{syzJ)^!TF2c~7keb&r@h#q+~Vzr6gU
zeZ{YIa?jiWHnXxYbYUo<D>xs@#Vci@t<S?v%2de8k=2|`)oFj<8wF7i3^5hmSR|L!
zB<8rUEo_s#s=R_vWp!%Ec~lpQSGNkV?$NhL9Ei6WTA%W@Av}-}!`9>@nkn~{0e>}~
z;<c+RV&Tv$Yo5;PFd?wf&ccm~qnLXytn_7>VKQO)u-&MerRg}6*~XyA8fc?c_GpEU
zo+jo~!GbqVZ{;V=Gru?FvuVN03Yn~nD=trRk9DIL@@2HKphlRnt|qIx(*e|f&Hs-K
zsSWn8{QrRH|9}4fe{Ye#``-lq-zM-6)+JJ>$M8?gUKB|o>S%0m2Qm&?dh6fT#mcP4
zlzL%3r0)P)-cc+|-PwtCc($1-Giw6^)@>2XV(WzIQ=Qj}$H!2oBGBQl2tW@BXyz$i
zR*|V&$Cm(t_qxDxE^3raRj~jw5)29I*v;;%G!mpuXv_0yRRE2FZZ>WVOl{CGw#f;)
z{riQ*jc|7}s`Qbc$ZU(CwzEaXuEnID#6Ct$j?wXMKQ&|uO@1Cx*U!rCB7|U>fOzfW
zJ2FPqAC)xm+HzCmZ8d21d$3SP@tlCTkvZ&~9*ODdN^)wWlF5*vY6BI%ye74<eD&(M
zEO^6dT#z`i6?sp|8Rf~aqZ&n?r?!Rs01Cp}#wC;+Jj1ugae8Nz!FDB4^YO@ITS5Iq
z+*`-%FWY!~&MLm6X2<2UmMuNLaEnDS=U)kuxaj0IaRJ9k8;zq|Z&^jTuax^oQY&{S
zE9g`FRt}O&2|%TiS8eG&vwWzl?NUp^IZc@vbdVD$Tdg{FH<MDpgOQ)HTB1(Q<p5ZH
zrh=cmn8^E*_k;qpjLP72{6Tjnb|2g)Tmw-I7IX@F*sM4<7vm1VCo0YR$rvLE!^WVw
zxf{h};l!PNUubB6^T29+d?>`Y_EtJ8fwF4TynMaJzM41mCXLe*B4o-RfDfi@-AZH!
zC%i=;Zx=`Qf)*IR1)fzY)`8yg?~gK`L?LO6v`Q<n_)5w2j-b);8qM|cQ|lH_vHW-7
z7WMbzn$c4zXhS$Kn5rP>+BNKPK3>_wjrxxvEnmd0LdO26tR9-wmPuuyG;H+_X~-F{
zna#P_O*i)ASh^dLn1oy$=_Odso!ZO8vmRfJn+6CRO#yjc5_LbxAeB91*{Wr*+`X+o
zl4+(u{VFv$S<Kitg4@H$j1)TyduI30MG>+bvIpwNf$-r!BYE3HN05TqGS>Z&RpsfL
z$e(sR<Kq^!m8{hZP_>y1!7k}O#*3tO;BgMvuEu-*@-HuSr3T`nCo3}|7pjj?4_wT6
zrBO4akwA$6B@J`OIaNok`#_95YtL=Xrcjro=4bCSdi#Z_@lPQeEcg+iGZ#bQD+gB=
zvjWdnnu52Czg5!-RSg_byccZCS>rVd15lR3r(B)-V5YHP0erK0hWmBvE;9}V<44{I
zk&IX}>~k8p+XoR<`C1-}Fdol4H~4Ti|LgPDDU;7g1k~zFlDAlvnYi;y3%;(Jb5K`Y
zMh3leO%m)q?fs)C+;ZaTT%7F$aP*c_tTDFx!RR!19f9}7TC(|m-yb(c$^9xQ&cF>4
z;t1;{8WSfu3LZi2EnIfyUi^pVzT3ozLoh-wy>98>&4u`m$(s#P2ae~jM3JMSok3Bw
z+@|aJrGdKCmsQ)BhiJ@NVOr1Za&iHGn5|UsQz*CM$NpsX2?By>15cjF(yC^LUlrG5
zz?}f2wv=BHe)=ZTk-2h7Q9R**DIy_HsDY{WXf0FDm#AECWn&xT+yIp#4rWGe@}x)E
zX$x7H_&6fCK7m!dj;W*e-H*P(t4uh;=L=N{1p-<r@7M&RHF|#h;#A*bWsK;BKv&+*
zSoiI7b%GygdgN>d@YQ{^Tj$t6_ko0sAU~_8XDGbAPd7xa97dhBTGcIvVl*zN6>=3(
z8y2t1QbO*Ymg*KWx2oO+OD3Zp?f9}nTw#EMSMngCDoh4WtEdqmTuS}Rfoe~L{Glt7
zW;A8g{!?iG@YfS}ynR%LuHFH0flJN!)orUpKwPom5RL9H5RpPIp(=>>8(6&E(Zas!
z;Xkh)QBb|h3&{FO!UKL93H{-D>H(re6~81EwfE|tpqQPD)K!~iMyz%@JM|RH2WDf4
zKo_*?Sy)t)9vu#FS_pvPpoxf|1Qa=WcCq*h<ygfBixZh7h>*`jC(zkPv}BBC2qeyO
z1KcF$#yi|^4#thznYzn~?pI-b7HqF<^(9f62VpazV!uM8uyIMw@C-vwcu;X)^>FO_
z#lVt8qnLVt6gOzt0}k%qDX1l6A3_2$={V+Tgk~;(Wfc+&`NOJ9q8=|3G*dMr_Ui&n
zv4u<Vt7=*k)ain6vnI!i!(2(bAw_b^b~~)o)smx)`v}&tHG7GGNK2M-ofEN`Rv{&)
z{e!Lft~K*rYv#Mw%y+Gs?^-k8wPyZ9YR&xj{{O$#|NDR2-~0ae-vs_Wfqz(&edquG
z&j0_N|NlGx|9AfX@BIJ&tMmVpl6Z?Z^*j#st>#<}7scy?CJA2ry=$iD-4!BDXGMMz
zX|ij*JIabBBW*mD!njqyF9Kn(Vw%e$juyq%g1*b8Zard?LZC>Y%<kBA55{M8IvhFm
z6XSYRHvEqY%^UX>Q;(HDwyf~X>xUVar!ti!%#N43(|`+gXhI7UM?Q}`cu4T^upNd&
z?~|KiBCa@bydO%lZ;#%OXa)?`AVFI<9SQoZ>jW>H(=q7~TZ5IcAA*z(<^^9f3dwqd
zi*+0eFHqr%;>Y{m!tGopo7z(3hAU}?21Y&tJK=DNaPEDqk_G&kw*Fv`c9NiW)O#Kw
zUi)y8fj7T;K(z?3*XUnAuo#X6F!e2yqtOQ+?dArH^xu%L*U~wc3Wb5pPM&Q9v3glv
zE1kC~RXYWwAuq8MwPNdjyfgo)IPTn7R_o?JutjdT7@Sv#MhG0kGlCoFok5Io%Xe_z
z%O2JYA!>Elf03BVq=6}Gx~;9e?YFRy0#&7ql&_mJ0+CKiEKx6W&!>6XBqJ`YsdJmZ
z{2W}*UDhQO#)f<uIu(z$1t>}$8Kg*HileS-gn2K+sc40Pa>>@1!$_|J^lWh?@=F%s
z465EBsDSON?J#~>rXIC1Gij1{8PA;VndpzfWH4Ewvv~>nR}TF~V@ahSBAdq??4ihr
ze47Vqj3R$Hlva~2VeB^I_f5yu&A{=q9FDvP-G;M`K3*#-m)mP_p|sFqExf~3C4NKN
zna?z$gJVu05W(+l8erI7TAnm%T%lbpIzb2Q_TA78*zvtuybS)yV0l7lOJP{j=Cx4O
zCORe2dE);h(q7&Y;^C#_%_s~y_VVWzJ0hgmhF=FeDwaSQjq}a@vAJKC<w>1*99*5e
zNlnG2{ho}oLszjDxI|#c@l0WVM4`Q3mau-({i^qKM}T6GN~&7mkhtn?SnVaJyXfg4
zNxA|HuxfG(Q_<ydzCr=q4QSYUodq!G%eCV{h<Ne}EdZGM=q5e##I6J*@yZQNh!#tW
znv;r;9>-OcQ$0=u!*(Mp?>xXTzjkgOnUVE6KPQ#sA696mE-4^mUbUFulDVX|v4C9$
z{b(wGs|Mew?RLHJrT<9_GDsdxg!gW6^J7lc$`cQG?EuQTI8Is<Qxf_EjJGsn=9&P5
zC^GW`7Ujhem8Pbk`+e(Eg=>>szEs!Ntt-df4ZgHj@Vr4)8{9uM(A~8RES=t6gI*a*
zVDES-WbnqS6waF#8{u@wnUB8LXnGR6(|kplLbzW63E?`~{o^bnnS-JV7Fz*cCS<Oc
z`py`JXQlbIH5pGwngR=RQPSw9=4tfZ@(T}|{4mh>W4x3gze<&xPH%}x_nEsqzB1@!
z&{?4oi}gpn1e{dwz#81@^BLxk4(kEbJV&7J>o3_9{$9HVGff2ENyp*K17sFNYTqFS
zBAy9MvLo0d;EIRLpKdG~RY`IzgX4VQVyvqTy<Z_HeRz$ENm`O-ue?t9LH)8^RpvXj
zI&yil$^NXRLl~cfiY$gPdEzFr(G4P>`<odES!^tWYz1;d)Y(fC8nY)IKqx>0l>i4n
z;n5q2h^k^MciTp5Z@F0sp|x+azm7POQg$J$X_=&P1h&esb?UXz;ZCKgw!<i-pS`vs
zd7=?$uM~&D3rImV!fElmNKV^UXEiO#!h<cD3$0T9;&^U|@m!^TvB-zB<UOdTb@1OO
ztAQE`2@t!5mEYJvAzs2NHQB~IZu%nDe#H~?^{n=kyc~uJWK@X^(N@D%IaCJSV&l7h
zAXwcG4NeXjRt6ed?!QOIFVXkeKlI=d_x3lAsh1Kgu9w~IGho_$PHeLmF!3g{&pY`i
z0@?6)FxJ_6rMctrDV@xXTn8ZOM!Cib{P}HB5X0=lR+y`g`|L*@(0l6T0;WA7TNBeW
zeOr=pC3Kj1Dc2-M=E6_euVehoG`C*5BgZwGdY4j#t@H!Q8-DadX|eh)yoyFq#*#40
zJmhx~VAQ3RIK;{sfF#W=ZAfd=MB30S#blojYMi{Cwx+zm<*!WXu2JpkCTg59mI8N3
zui3LeRAdNM=o&tcA`{6p;+2a7A6<C$+)*M*A_q`<+>%$uw5e5>OqtNlQEm<xfET!D
zxKp@hI951c7yuY?$Z-f{utd-;pkAOYpnvZHefPf!{AVNZ4>lpnB6ziQ8WzR~5gb#Y
zDG)9iq+;rCoA3u1J<4>$Cthl@Q{Z4g6JNv*Q~k}=Mu-qQ#{f4@-T5l*f?MVJudpIS
zPr!s?-v>=$$bteuZyAKeHZ;NcuRV6dQ^N9%WJtikF!kQ9@qTIdD`ioZxSQTh>gFx@
zhjw$?R84FI;-d*d(8?oZ$=ivfXCN>p28DQ|e$ctbh?QoG-6@)MpxC1sV}9kv!=s&M
zYk>LRd_sM3D%*UNhM2SCh<0%fC6=x*%?L5b4<WpNK7Es-QBp=)T#1_D0Cd6jt)6_A
zBC;~Ux}<zM<>vP0`}eLLs0Q!4PY3}phsybX%anMX1OI>R-Q`mpTfio8ba1!eF2OB$
za0UqO?l6$x790lmAVCIq3oe7ZORzw2*Wke&_SV+@vR`i1R_&Lqm;a#qSM{7e=k)1*
zJT0{lEHr0)KR?=bqNNkoKogMejyEf#l?s&V?f=SVd7SF9hR?N-eGy{>%2(8iI5p=^
zIJao@oZg{K;03g4Gixtl6#Ycgd*Mn2_^nl1<|_v9(Nos0he);Y#Mx|Ms*yI~%JVy>
zNl#H*QPtdc{8QX|hf&+nj%Us&Ldu9PH8})D7}B<b_3tBd4SmeePtiy0-`ZfP7(9=O
zY52Ib+CQ&fARk=`>-PYzO^UOcF}=NC%FN~$tw%de6$c_NmjY=u28YJfUo{K52sA{g
z)oHyGH;aNj5G~xN){Z)<kYHA3nHp1r_!7pXioPZaku+>D$cm#sLlW8nz%+U$*mqL0
ztAzd;KXGo``=CQ;@O+_Y&e5xQ5a0{q;Ug(i+#;gMR_zPuRYXcWZ&{tDDZnSOk*g=d
z)uYymKx%`CIX$mh^*w3I<xq3QNOu}d+JgwF0VgGTb)<hcaG9N7YnOOmI%IY$t_hvs
z=sHwvsYb<U;)E(L&;c3NN}`pt$-qG?-bu21S=n#W@T{Slq3ooQ=xkKHv-0PS?q*rU
zvG!S8`6sH^Foh4_p*=1`%BNRCJO@7n|F~7WobN6Pzl(icEje#QJLdWx(!6<eeNPG*
zqdpI|deEycV7wU4f3M2HEsY`NDp_K-^DYW6iKQUn>q9)IUPk&|!9@+mV^OJ_B?vVA
zL%Z_?7(^B|SRFi7{C*X23hzHs<LIE{Lp~=NduAW60M~RFn|hfL_HSy?f`pXPAITyj
zavp!(cp*VTFYzsC&y?m?<z!7^{`9H!+CASpPoiu$&LVX?73z(Bq?TG%bM4j7^jbj+
zz#OXKscA7;W8C1<zDarEk3>(9zGpvndBsozEa6iL_f$$V=d{=S!QFLCK~voavgHyv
zh)WYlXF{_FM~k#*Z%Q%gUrT^_*SVDjhQCbNW|Cl2v>%y{cSWu-J6}^eiR2z>F+AXa
zcv!Nw!c3ekI3MEJi4gC1%{?M%2561!ed?1Qz4LD5xHQ527h|uEe`n{NH&qS6?5n0~
z(+-QzEzs`|eg?v42cM}@cdq9qso#}3RTQyYjfFHXoIA?&fEd-3HaHOilv+9g<A+Rt
z_vhV^wwNA7R*oKCkDw|_e<iI)9}I&#s*ebQ`6IBGc}IlBbqScyR3JAwVE-oJadvq$
z`cz;d<?h~-Vw&|yrVc+M9V)n2b3uy%;fLfsbarK(JQgF{JHEVzt17k|m~1XTylumU
zGcg{C&QM~Wmu3Ll!Qg1GsBR;2pNw@BTWNlj1zT;|JiMZM)U8nx;!!2YDp(wEOHGwK
z8{|Ti7{NcmGNT)cV*=fKLRO*5bPCAS<A0ss_#p7kA%(`H;Om4xyXGY`g29X6DHyZF
z=7oAPu^P)Jqc_z7tms+6UsrziEac^w#akPu07rQS07byEN_lM4D@ga4X&I?L<CcUS
z;h|gpF4{hcpdzylpLFLjgv8wy#+#GR#_G^XAQ_%xwxy|ph6Pc!i-_Nei@e~O2b!e4
z{|x_&++N_y$1GyKqk4_tifjfcxFymIp^_@nk(!MSff5b5(~TE7h5Vl;O1yCEfD2x?
z7>reI-7hV*aN^@mjDko>8nY?}DS!|1<7HDqY+;a<>TpK$Wr3)T@`eFaUHJ6i;>GFR
z`Y&A;dzsDD0gz~M-5o#+3#Xb*BL;>HTUn(BYOE{d#+P44HiWoxwC@{im-L;4kN{r`
z3&6LBDHpJW3_<my-=rIaVMJhqOU^gOv8y}Vl1ccF)cjxmiY9RkYcDAzNPeDj>6^b}
z_U&$rcN!cr1j@=41hxpPr*hs<aj=5-YZ2=z5fn~*iIt!Ndz_^9l6F$uaMNDt;60PJ
zQeg5b9mFe|OAeY7e<3dkO#a0)<#+BSqptzk@&Fdm*nMc5&DGN=_!)VoBg(1yBD)QF
zed&m_Eh@cnvvyxzW2Zi7!!i53+q%xntWnFzRKSZoh-tt6?kMBVLQAzrcvC8%QP>|w
znJm5;<!RYIZl+q1=?gs;6E)9dN4B?T5o-ha)NR8S+qnBJ%uKx7FqZKF5OXlzB${sC
zQC-k(cBU;YC*v;dD<`C2uP{V@e6+Oemm#+hY<-4!h(%M`E-NHyVhI&0hMM4~V#Co#
z?h?%|bJlDL0q)!uZ2#t-uJ4pPBFD4i?F{3cvF8$X{#x@g!{dAs9>{LBvJm3)nF)IX
ziKyZC3fGRwlkFq5)KK-}piN$bsoNvkK;Q)3N36a&-1Ycp{eExEBcl(7oUhHQRPM&u
z>4Fb!+}Nl(d&UIV>cXgoZp`QhYH`#Vp#+<bj+>(H%U6o|N+dYTxy*N^&1#qqx8ZdZ
z2-LO{(Fzednmd)qG?JNPc;5~QIV8OLBy8XbLxsrYiRC63W_{Ey80m#Izjm4cN<?Lv
z6)~Lu8DDtsX@;&;n@llW5I6G#C8-S<tK#Hq`1l0TF5y#i=SFe}f1Iq|Yaa{vdpFn~
z+D6J`<|zMcrdKXryxm#22(!@(XiaDVtBJs5c02WbDU*!bxTmaSwD$O;L`NYb=ltU_
z($O`u<#RFbm*Bk(_0Oz1C`IL=l-I~U8Djyx;BTQ_9h^PMY}*tPb-|a0+J58K2PItl
zG&kR{;p(^OSbrH9JQUmzicfQ(dw?K(@SI)Rf*tlZ<vz30U}>^)bYgGcF_O4%z3K+6
zjN_;qk{-S`D}c_91wDcecG752_C)@V4Tgdv^)#$IN^DkTp3QlQFk%!h2@68o_VMfm
zUrRP!YZ|}*NDZf&`Gkhl@85<1bRq=a<q?80*@u6hHRNI$<r#L)7@XKyizhod488YF
zeO#|b!>9$Mh@k2E;6u!Tz+E8=@ZAFGF#jZ#v`_8hEDLH{;zs4UuMo5!4aKmEc!DoR
zPsvTtxRF5QgNMhBZ)i7%el5qMH#4ha5$%3xNFTzkv_mVmrgn_V9@8^4G3R1{xsJKN
zdpC}Sprdj-S%Q&FYY5iEiSNB-{j7Q57+`xwXUB8k+(0<i=C66F-pDMDP~d=X<5fZY
zv@AtE{m8Pc$E-qhu(LvyzQOx85H(b|lD<B!IL_md_T27(<x6&V@k)nDzd(v@Y}I^K
zNVPJ5N^tYvwa5)t<ghR1L;9b6JWrT^B8K5EW~Kl!J4PQ^gjan{ds$$R7wsNiozZW2
zm3tOpMh}iQBCk66X+S0n%CvknYmtXR%;b0xQj5o?vZ-R;Bh7h8F^zitGJ@h`emF<P
z69Hl3wij6EOPm?5AH@y5NN*m-49Q9q;{2`&VXYf16c?JK@aD*__0c6VY<BBRN-_Ka
zes~CaPo}Zuaa8{6fuovLO5v0p&+${**Q`Aq;koM`_tk*jySWo&>%LD7LKS+X2QI<k
z)<E`CBTL51^<|NQ1>$!SOyvez97eM!`Nb_tGX-3csRyB&M8|g_PnkHBiN3=FQ6x;Z
z$_La>(^F?kaJn$~6mrV?VqZVV-5CnXxI%WjIaQP`=6ty2I@JwmeoE5iX>Hpm2yPmF
zvZ%CO`S?`fyB)_8hTD`IjCM^7Uq8>9H6JWbzV99fIyKQe{Ao%JmjfN<dnmPWY3L*U
z`>kc9uU+WTH?l$wA^(}%?69zI5y%JssY}3zKR&fSjfn8PU!=`x7Q5Q|04aGGzkJsB
zqL!(K`dEY@W;(31{vzHRhBQ|?j~#|ehTlaTpT&`IU1#WVPo3NS2uhSNo5oxR#@~{$
zzmKzAX!Ge@k+@ZN%gL#=*1_M<)Pl*LEihYn0uYhjDXBEKvdeWwGjWw2Ut<1T{JM3S
z%K>hfGF5E(QR9gqKA0Zrgf-PzLkf=%3$lR=0ou1&QcA1?Bgqw+bcF*LVbGYv<ic(-
zV9^m_;TaIK_9G#;?T$9C%^0}f)SS#*T|FFKEZHn<tSoHdwXIxSKRY_W{qOVt-RPs}
z|G%y6-mdpe;7#C7;7#C7;7#C7;7#C7;7#CvuE2lnB$)bl=EqAT7Y-JDl62^La35Ex
zU;lR};bF#f5mvuae1?t7<iVzk1Z9E6aZj+9&<5tHx`)G70CJT89pepE8OMu9=u%p9
zh;v`GEZOh8(r_!5Q|ujtmyx`K&FtjEWp5<JfxVn&PAFo%B)$s^kFYZwv123~O9H*3
z<+=4|8uLfh1!b7;gXex^+BIY4rful>`pCI{n5pov2|tyD@ih^Kh_+9VAtw{5B>$!i
zzDtmhc*ViDhi42411uDin1;u#T~~#^@=C`h3A_5I_>(tlayshEfBB+6J!$>rx&|{H
zbJ4~}&6!UwjO(xk%^Cz5bKo%s1Mw5rFV{(;zSA6^Y^`=F6wwJ6dKio#IoC4NX%rxe
zBgScRj56_B^k%_XEHW3t#v8HcJi3Gmq$>`mdvDii%yOrTFxf06%vZ1QY{P{^0!AMl
z##fyf4E)}YIsMhY9BLdZ<5J91pin`*%hoJgV_r+m_waK^vQZ02@Ye9@k)k@kK9H!~
zY(jU6$*Y~A+I3ydG^}a4SQ#sAA^(c4)plil?`oHRoXc^4b#HcX&xGe<@Lmjkp3J)x
zf8+1U5i5{d1BJdGJ$<ha!En?(C7@_(a3W@8DFWZ4$n<cf`P1WQrAm*v*8IY4Ro>Ua
zBW#w-3@anjB)qh4m#l*6kwxdzMuXdE96v`d`YpltC|#V3_a}oXe~yhn7_CvjkV>8+
z9D%V(7_MZ_D3X_`U2jh@t;vAdux@uMM0ztM-jrKIP4#LWq4}%z9)oo3A)DYSc#qf1
zwljJFJ~?K%QzGR9d|HwJ(*h18_o3!*!n3?v(TxKo{cK^v({|#XdZo!PzG~lRuyTsQ
zCtASxt<#UPj?-Ts2igvkO@9^{xHYY#+R9k=$g2wcng@3TUO%MlsiG<mmu<>rq7F>o
z@c;Z$v)XueYfC7ww_f2!ZFljW>v5RZ*!lXve76KQ48{kZC3c2%R~#TUiB(M5LeKtG
zNc8=1pQWkC)w635<lm`iPb1Ho3m0`BSab{<y4uZZoZe5eGnum5H2xQ_k{<AXeE+Wq
zFb4e39YNmi{7v9Z;7#C7;Qy7tf6U3mW8zEl>&_>}Vxo(>A7AaoA`|uhos%v0rOTCz
zGA2dC*VN3CtOHS=2x}W0E=5(cmbdm~tFp5GX<gchkk>k~WBq(r42$2(_NDScaypt+
zY1W@e?4E*|z*!rEvjKF30Dsmuyic~pVL*{etgH99*^-y?j;l6>rDj_CXnzM*hC(o2
z4Ud3(x_7l;%0t>{<Heq)d+{sj%4zc0@s=0JG#*XEn8&&Z)2v@jv$On0L<a7gJW89V
zK*R~^heYjtlaNM@J!!$>X_w<%0pyZLI3NugMn_m-I%3wg)j#bzO*S_=EkL@e#2(Ag
zl<!pquAO8P!>Pf{Gp!pG3rwXVt3mLW!HeG2v44IS`*HHXo^M_K`GVp3S+UDwW)IZ7
zbN{{>K~==JS8N1bu|3_W747d*NWhdD5m6KpT=Ge8okex~P(a8?b27g=*vB81w<nRQ
zJ*>O<ECT=2Wn^cml%s|mi!F~;H}XL6H0@@!kUL*5t==y49+T6L-8feqVw^F0)?yhs
z)bXfv#%HMf(#F6kHbZ7;L$Q^F7Bfwbl_cxD3r{HZjWIlX3>Zc3lHYfy@~akkYnRTc
zGK>mralX>h4Vs>u$_0w!mbYuOJrYo0I93@Q<1$+zN1^elJWq?*`<phN%DebOHWS0;
znIP2XPvbOs<MX)qXe~4`V>Iy9;{41A?w#I(3Juiof8ZeEI_L5gUlEOc8E@Prfkb~d
zpijdS)+mX{<2~PyWwV*Bxhuh-umJL)CaadB>NMv#U&t@@Z<#Z(A4`&w*XqiDvovh3
z^5oGo8;@~u^0o~*)QfB%nxmXVaGbH}P!lPoILW;#)Y3?yWyC}IiSY$dC2tD*TZw}j
z?MYZ;j_sv4c;N<>>r`t>;3RtmVdK}{CAcUa{yDAQ!r`t34k*f(hWJg!!cmcWDGVce
zcYR82b{jG87O^fS%uG0-6%?8^s}S!ZaZL6~S;#06@?Y31uJ~Z=&3{b-cqxFen4Tcv
zoM!Hm5<cs|XDR?$h;r&WUJ-HST&-wg@5qer_SknWtyevb{wp=w_`sltfT-lLUb@08
z@7)S7Op1R~Q^4ixBg4)br?vg-LgEyGYAW+5XOzkwhNfJh!1Q5=8XZ)SQH)ezhEsrQ
z?L(^d;@()roUE_|Dw3>1%sIV69nv(pQ~5GBnO&tP%pAgLZPpoiI<fZ2qSb+WDvvY2
z`-)$fEFQMHk>KfiQN7U|lRo|-ixW%rQF*yidN(z#$W1%AFQq)~V<J9^Zc})K@?!Dd
zkGv87tgeiV^X*`+leI>yVqvdy;BJIZ3$wPUfLiH*5{uU`VH?kcPi6Z}N6tNefKyjv
zqOMNmQz?Ddu^7pm-W<{#vB1@-AuC`L^7B&*O+n5Cl-7&z4-Qe#xK04Ks((Z?qh`Gx
z0BgSfj3k{!_}g#gO)G&@oso{TeLe)fDC`{1(#>w2aH#X#H7^Sj6t()**gqC#cNhs$
zr3r(#^wHvId72_Z-;-_&8p_i;Ti;;RpRE=p%3E~;%EMzDU&Hms-`T{h`*W+_*S3|D
zL%rHD2t}2#HJE3>O;&O1S3^f5O#98(Vm&FKjgBIojS*^(WR)jIfvM<P-nI!Zcst=)
z*2fc>CKmk;<9(+k#Nbt@Neri`Mbc&NE74~XSY0*5*?2&E4`EDiL0}TzlzQMWLPG!I
zs1~}4R!4Z5tbJ?*q~_j||F^Dr_GNyTSbIWGsKY>N@zsNnUI{5CxL$UheWafz30D-x
zgm@pmMY)zB8%o#u8e?iQacaQeS^<(noIXY`r_Yrg7cGxWo^Sec<2-nsk0{Vu(-`>A
zOIfZPa8)be{CJ~!Vhnpc$9qjR*~+YxVdW<LDS&XWC6pXwcZ9lkTu4ypi#P{keT(r3
z6VqI3zwigXR?)c41hC!!6Eg$)C2ShNyZ*zXvYf65`W**7C$sH$+r}2wiMAKjX2~yN
z)6@I<RkPg>;kM60uarCM4J1r0J0g->dut%~0KIy^kV5)PCppUQF17Cw>_4r3VH^fE
z)!ya5mmkcG*sWs~tVv?1K(unL(!qISy<)mkWmzgO$`xXaW6N7<+}o4PYIP1V|8@Q*
zFAx^SG*|C^shyk#0U7mNXo|Auzp3#&Zg7;|XnSDTo4crDwm%)nSfkiYx10n856XE;
zkii}7i`{ffu0_21*XSenZM5mZMRZ%4`MukL!&c)W6%c%ynnN}I7Hx%Y)Jr+a(!w#|
z!;6%50A8hM)~#I5sg0pgx~^WIENo^4&30S2mZx$Xm`B)_D`NJn{HYNLhIv6Myze)g
z*gVQ7GDKV=n}$kP$Z~W1a&#0=2ZV>1liAyHPkoKqOT$h`d>H!l(GDN9njvJYV%h&p
zkI+3pp_TfbMk38-+}*h2lazc!d~uh@EM$c&obQ{kfwIa_j|{(!=Ivd>9r9`h%a$H`
zQpG$%gR3{IlH7h5=0N0JFbrvEl)31;G82`L7qTH=55D_g`3AO++NJxtL8?X(4nsgn
zO(zpc3)g?1GwF!$x)C9{KB0OwiPrM4lF$W9G1Kb^GPl^>`@2l)@O_3@;Ygi1c6#iB
za`$cWlf-q&f=@(82NsDIunmf#a5-H~rbY?y(P_Wf8b_kU2h5Jfda=N^$}WXi4g`ch
z4)*@C$(mu}L>ImzTft|qy#@QdPay1E7i1Sa)0sdX=YH^C56`j7a%Uk_k12dy%}7iL
zk?mbgGfzS{70|<hONdb${1(&<so`!Q6^IE>3}B3qL`)H*z`AU@OkD~FA>>1SFGQ4@
z9f=i=g6Q-7r^pRtUw+WpZ9?JgRhn>5{eKw4Jak4oT7pY0hmc)y=Cam8SJ)5yPl4Fj
zP!n@!j!AH+t7?$`3x@*oEx&r*y@?Wi9pI;4!^#=kV2L$XkWCD6s%fk76;k|EZ^I;A
zwkW%Jn7$XpreV*|Rs^XRLGfp)<}_t4*DbwzFPc7U@pJtMxb9)GU;{d#!i;mYx7<#{
z4PNVW_Q&6Ubedvt@ugK&6+iC<QpJh>%CErHK0q{#2_x6K(oA4{c~J3*)iOe@OY^}c
zPqd}^Br5%Zf0oUU$*LzrDCQAHdUfh*E&&PKK^S>La1K6`v7Xq+dxz@m^#<*7Y8{j>
P^D<#a4oJ^^c-jA7%6vg2

literal 36864
zcmeF(bBrZzpfBpS&1u`VZQHiZX&ckF?P=TYp0;h<cK7}E$#;`|a&P9ZeNM8^=}O*I
zt*n*8v+}DK1pqKq0{{R3AOHZ6SpWcpe-;5?00030nf*rrfcU2X|5N_?9su;80{-u3
zkbmZw{}jL^TkpMp=KnGM$8Y|l{KxPAw@wiMV^{yTZt{C$-vZwP-vZwP-vZwP-vZwP
z-vZwP-vZwP-va-w1RwzX;74I3VG<!xAa%huLCJxUfXRWszNc@2Z-M_L0Q}E*7<~Xx
z6+Jl^G-Zf*$P+9e3@9KlJq8F$_8-EkJ~S_h<kWK^rC6GwsJ=QnAV5Hn03g3$%325l
z^E*M3SvY9^(l}c?K}d7mn>=l1>WU|X9&8c|?=^~#6r?vVx`rmwW`2mr-BI@r!Hi7e
z0k5MhI%oymii_A{!l4|9a6_-q<k2;jvH^m5s|Fauj!UrIZg|U`b5$7b?Lu5=N?cF4
zp7V!r&h8V|lrA2<=<50c^CkJSah#Z?*cz=hso>`Exggt$W+8f5nT52@9C3#PPVxzn
zNNN2ywT|{`wOI^cyROzBnK8iazr~+d4P?kG;nx!CX9v_j2|KuFVMf;yEkpsTpen?~
zKQ>agN<SVur>jTvM2`$eBhw_CWPH{ENB`)2x(Ad&?2%yefJUWmEqi;uq(@Q&-o60-
zQ3)1POmHpA=pWHfjnw-oOjz?s8Jzqxo#>2J5CdH=V5TD&%6POO`evFYiN<1oUN~g`
z&S5nn^{D@%iN!d97F=o!9W|vsKkKZaM;FZMh^LyGi`6#&L_DI*YFj?b=XExFgXL7w
zoEYhvz}ZuOrW^t?QMvSk&l~{>DZKGYU#Sl*kW;7?PJdNxtdR#gR_Yb?Y&pr8+NYFB
zU=YlCGX5^)RnTQ9WFh524B{mYXRJf_4)y(6`-q+)#gAeHE2}n=1sdvY8;fAy)*59Q
z>&n1TS(p8Rq9wBj6cM(PBLYkuKUrA*(?n4%e859BTpI4qJw*tZ#z&jb<tQRHlxZ}j
z@^ZJv)imbF#Rw^6c<56vlA1}4@0_z|%A;P8M2#;=cH7zymJPwUs?$Gy2*XRz!_y0h
z=D9UVu6;X!-bVTAwXFA7Jcr<O?Kumn<0(c=35@z_V%IPVQ}s0<3tyBz;KKYuU5}8s
zEcCe62vbRs<@0Z<4vr%fKy_INtYGcJlFGn)n|XF=179>%F|2H*=*|8>S|*_1t5I``
z1JegVokH*SMYh~}IGBCdxDtIN_`b2T(s{S_u=_jE*5Y8?sX;Q?lTwjQ-q=Iy%CA{H
z=JhfNmTl(6v$%5_yQ>x+BU3C~RrAuY%sa;(mr5@L6F5a1e@RWNG&(i{MId`b+Kjf$
z)r1Kz2-ViVsVNoUP2(Q+s>+CR9rr&&lmDo>zSCB9rlC*=-!#>y*57w(l(!SR%--GE
z)_77Nid}cj&5MI3U7(jnh#6?j+v;uh1J|xwUVyM&EQZF^X!W$UUQGAVKv$cg%{VqI
zu{|Pn;#O8PQsXGxrLayeQx>0Ifr|iE=3ac1t62EB*?vt}P@e@pp0)NeD{#1M&rdA@
ztH?Hzh%ez47!mPr!BvsXwjb%YeH&;<GedMKIBc>4Awwk~7@*!gPiI`{L^C3^&0oF7
zzLLy+D-ul|3{-Jix=uHzLvgop^EAO$yJ1d@d+^#liB@xpSgh!l)M8Wh|Aj|Ou63Ok
zL)Zpu{nC!1$AE$wM%(RU(06T(g(_@U3y}>HnkU=<XOC=MwKEk%u4+tTy!DGjOw$jO
z;D>Rzn(mAg?23JI3Ct8?VI<$6)7eqlQ1GLoxAw!qg<R<oL~O7?`Y@k@c<!8qSqz{!
zfttc`PTWN@f!=I?sGGy?mQ1)))Yxx)3WP6v1n*YJPF#+4o9LAg4k+{q;a>)vehLjr
zdmjxr-QMu;s0~6U3Bvli>Q%0&j7M8)xV-T%T?ka0!<A5DDZ8Vpx|x8N;4*v+g!Q$;
z8r<23#9IDmje5<XltMfop3oGgvdrETK)m&!K5Lw>EoeL1Mb?4Q-TrFQq_KQB=6VT8
z_R@d2{Qcodat$WdntN7HFI>bF+F_oAh#<HJap<#QMJQ&l^^Q1^J>}^-_X5JJimn|L
zVDcyOmT$A<aYUHUi~W361mzm!B=?_Zx{CTrtyj8mufTeeVMQV{ev_v-G)l%5&-T$A
zl_z;J3`C|yQ9|RqH4!2mLzI#U8%<?DTC;WUoVyZmFigDwVW9&?lN5{Td!`K;=mcNi
z00vKU_InwAxg8+~OCF!nTkwi|MZWxzd6zMhIav`CWROFqhyQHAlF;g?xf)BOtvh#;
zt<bI+B9yP=3xjKCHVTpO;RJE`t#YUibfj`xX1@`FeDpE3YEYTuv8!0A-Z=A1nd{;&
zsgYzB?UU?1fXXnF+8xPU^zUkcr~NlIOSFn;h8Smk+g9?UE3GpKaq=6GC@e}Tn}mvH
zJNsGKE^oYnZaAPDKtFDZ$POpabma{ft;e=YEH}DWOQMXCLCfUO<H5*6FXZJgiSa1}
zlqYX#lTS_;A<(Iq8I8B2pHby9D@-@g@e^yu!Bk)~y~jU!)wYoHp)np$^p4AkPO6&+
zQht554A32a(6kGQnvB!R3=zJ;H*q9)cIt&N|L&Poz$q?m89E)k+D>4N`m_TT6-?`}
znhwTbwiyZPD|V@%xf**5`;`*r(s8A|d;iFCd_T<McIDHtRd4xjdrvo%A%%)`X-K;o
z3F5R7QYy=SK#HZ}u0b=~pVpF?7p~TkBDvQh#k&udkh!X)Ry%yk@X_XS+J3h?UnP~K
z8gBxO<I(GMNzxKo45UsyvKyuL3lP;etfPD~zU!ghH0<$3O1ma)$uLqsZy3|w)~<oo
zY);Ag4nOJhC(=;0p@;Ww*U_}qFDI+A8nCX{oPL@&TF8{%b37vnm@7sIa<eVRy6fDw
z04okE6-mx~t>CEeua$AqZBqeu=eStCYb2)_%14aerBI%9AhwO!D@`<M`_{P%&hq}J
zNZSiw`EDE+ZASQClr>j%*UYD{x)vUZO~0B%!7&SRbenJ~ojyK<2Nkg^@W3lGKbB4S
z><m1AYredE6{(WZsNoL-=|wj7P(2yXaVH1;+1{cEC>7YmVlwxq#juw33W|nTTX_?Q
z%#>)8+D)j@!;(~R<2kX7n)}_A){G+Do*KVV0o?^k>$`JfnRLZ%2g0GOmu;GL&L3um
zTnS&B$(C;~2j1#^{W~7H_O`{QRjV9HbjLD$WunY<W#eJGlU<pt*tsqe?B>+ly@UI+
z^Ny}I>8{ohrCTBdvn)0WzX>qV$`8gG_%kQ1U>LegQYs=@OyL=&p19$)!q@;-fakKq
z+EMPqjXioL+@|c^eoH!gTN`9so4}o76(?pk?}Pn|6MJr%sRYg6nu^W#Wh>&Ul?5-}
zTwiem>30?8CO>rhk<(vNLw|uk8#r)-&9s`20Nx)uVkY&I<loeE3v-v$pK9*ALU)xX
z41xenoVUTY>IKgYF6*Kmb~54y5U~Cv(PQ4#h4~PT0bJBrKch(2Yf`SAKY-T=$z&=_
z-a5suzu}@=Jh?K(_SifN08l#m$uPg6RJt)i6vX_elODj+WD?kS0fevhNFPDCF0O_C
zXE-#9a~g~9d+ze9^v*O#Tw?1^SAV5EcWFZ;mnbzt2>qLaTucbPW{ekz*$n$O<<s+@
z-8}+wAvNC$fJNhF<Bv?&lccKs+M`6TD20%(mK65_lOl<C$C`4oOi7fDhYP}$YL6#S
z@{^qOP<}*Zoe$Mv^+;W~Fv@tJoa%a0Q#k^aEYN2D_yvEXU455iv2_=LbBv-KPC}(b
zD|o1xa~R|-wH;|Zp!#``ZWNkzOllX@HU8`UJguEXg+=AKEq30qA%mjkL%dS`3^;pF
zozSezdLA!bgq(pAvL4(e9qX?Tp+jsz1N@nrG$!9yTOhGz5<#5Ya(N!g9~*8*nl8Fq
z8B<aej(_ZirVgLv(ztr}X*X0#%EAcoDq~`->wBHQBDG<sd{X&d0O9<K|I~$s;~Ncc
zScS7;qfE|2h4Ey%^V6Ua4=p+tz{abQ5L;RqYElBuc=QU@(&ey%$!|n!EprBxQOKi^
zfVV~64y^Dj0#yp2TufV>`glbiGE>Wp&gA<)Z5O!5Z7JgSkGxw#yUB;8lBP9PyVS9^
z4NoJ+c$G6R;mN`&5cH)TQ^gCKRQAd*6!E+<e;lT5@}+3xzIMIwKmzrD0eMq2+Tr$5
zP-Z4~lbE|C3yV>*L}>pg65M$mD<o&AKD~Z8s_*od(jHca@ovj!DK&b?l(8{_8zKR9
zJ3O%$$ql?}s@aM?duiz5VCsC@Mjazi&(^o6>DTY21<U_(n}otjICX1n-#EM+HJoIM
z`SY{MghO0st3N_0JkYi_!UE}~-7DJ@L;lL5N8^f`7DiNLBJN%l@|Quh-{h~YcwZqH
z4h%=Rd}pzxO$d)JjxvCqlqW7i0wYKVacb<tII#bz|1S-u3kLWD008cvF@XP8!x-N?
z`z`RlRNybQODN(rjBVof?@cMnrj0{bj<3~P@qcTVM3o#vxNtQKihft-DyZ7h+2!!m
zHd&D6Q9$}CpVBO#Pc-zKmEU`{Byxl!+wr@=l{eG{_vipVS)s41OF+b<F=6+tKh{03
zbXc5Bx1;o1o^}7^%3$w-oRD9U;h`SJJUn>aH*@fxjYc^@2dT}~@?Z-+qk%(G;D4R?
zlOs*>GTe%VxoM1vIZDiBa0-k2hV@@=AH}BdEF&{q236Tjjv(ngiA6F_8~YS*$e#Ck
zC>ANK(1F#16lv|qOW{Lb7$n9i-+>)gvl%vjP}9NawE%1>3j4*F<_k?3ZYx(&R?VV?
zrLd10@~wY;_MCU)lKr%VSa}cS#KPxLHeQQBz~U5u+Z{xb<7QpUB5I0YPqz4F&0V5@
zWE2xoA}=iIL+zG~6D%s>+vBKe9?&8$Buv-O1k5y*sE-}#8LEymfnHwEp~Y`<2ZVrZ
zdWx5>Y&Om4p>}N`)`5F*jHmb+7yeY^qfrmJ*aKP`g9DsvlLm=usNy=Pv{KdOSXfhs
zLFbO%+=rr>l~u_)$u4J3ue8AHI)aWINN4;hZEgej1FF8|SM)vw(H{EYGRTJ$X#SOL
zlS}w-`lA!T07BY+O~vRIjKHR^O0U$VyjLQ%qclv8i#q5JI9jB1OYU;AN|`^@G|4bo
zPZEXuVJDCIDXDQtZ<;iemU`hLy5=|l#x9>t1kTEA4k|qqXSE6QRP`WgkoTvyHT-9*
z3!|-R=~btbkhuA?tV?qcs_-nJh5MVEgWdFA>gF>ZfZ}7kl#Z`u^BvL~=(VTU$Ewmw
zn3+KAb{%PH6Joeor@~!J5=-l(dt9mNcEiUei?g1riHwmx)N>w0Fn#{R^Y668KNiFi
z!U+Y|>!w(48}y_#@Y{34w%ZiU5l!O;bDdzd3H0~_QHy28acMjDy*V|ADNn@2XFQ0O
zuh;XVGAlkam#A&*CTS`c_~x8dcgwV^dbBV6?RdzB48KfyILDwUU(^Q64`XYi2u#D?
zk*i2>5n^E@%2P)hczIL5ru$zEL;sQ*50v!t-}C7gV;}6NwwVG(DgY`I|E5N!OZA89
z?RHfQ$>BA!bm^v<4c{@?PC*h&UrZxr^285eFCu9Qx6~&n{u5D<7a0TfCt?IdBf&qA
z+zuc6yK$o}*$y@e0d^#KF)#%ad<(HII{X4lV4_eHaVzc&KD5=ypGT;RbMHyE;p$9c
z15?<uT$17+Rj3KXH4w6TmUA}f%B$l9mUTmVHZq$<VCqr_yy&>p*O6tN=t`TIRvXe|
zqIU4+7(-`n7q`jcxFduUAQ@ZS8;k~3KC}oREj4yP9t2FUq>DPZ+X<h5Y$71-^7ACG
zMNJ=ul(e2o#lo`@+{7BN_>nvHQ)6$w8t)R(Ibxvr<!JT+5YY$O9e2juvV3$1Z{ooI
zIs|Vg<+@2PmN3_t?<~D<blzIpE3_RNSd1w%bk#{PGD^V_-jG2QRV`CN-jS%ZMCI(y
z2reB|IEE-|{pg-Q5l&07NtK63K~>&$!)Z+-rESAaR$xH#P8O`-NbJHv;`eZX6$WaX
zN3QoXR_McPLAd)MY>q_HBB~NXJxfU^yBZ+cRg!9sUN_7SfJJ=dmAJ`g)VwK8Ioebg
z7%+!ZK4|h3t;lzn4G%lo)10TU-9?B=`4cy=m2bd4L&z;c`|#w<oN6?pjRwz;2piW+
z;c*$vLi@X{WqxObiGWFD&)=w)7IRC5@(Ys4p0h6f^v-cT0#7wv;ItjRg$2sPq{56q
zmEQ?%2r|`dpU=+^LLiq{pAv1rhju0rxxy4^7$7Uo!r^S*-PA<CZF_tvMg|a6buG*H
z`W<Qs7inoL{<&;jj^oX`?l9kUl%XGW=M8DHRSX43NT;i5|72TVT9-H~AK6)WBTl4k
z{xs;KN4^Amwm}Lsm27x9Eu%WAXop4al>-b>nwN<o-9iBeUd=ltsYHu4y<uZLWKtsK
zh%<7)hLE>fREq+~DCm^!DS&exyEF}e#v~CL+@3E<f9g7=iZy@V_4&0fuUk;TDDj*o
z#Ix_=v!u!c(|`AFFt?zCXKU+tU4$;+USQEyQ*X1+L$sOom((E8ap-|-w_$YnCA|ts
z_IBO3mBjy>8fcTg@GSwAqz=|HY7u(>h7HAqFz~x0=)ibd1kD7=LrU58&7{I*k@Zd^
zsY~^z?OXE~mbMYtgn@OB)|mze)6%XQpieUYBPtVfD^FuA35web^ij;lcUgvz!*eYb
zwrJGt<aNFepH1S4?7Y#YOhI`|m{KL9AB~iL-s%8|IEWnq(8t}=Vp=0>3mFfi$iOwI
zx2mulTg$3z5Hh#m>={xN2MQ^NOe+_<KIL^kJ?=LcwLNtO=#YCk6vFFSt(f?{haWCS
z=2gsTB9We|Nu-=i*){Mf&c(#I%S3+RGwN;x>AvxW^}V4F9$HA;u*uHXZZg0}gE7Dk
z0Pl}tmsM2=HvQhBS^eW5n>ty26-Nut<2CS9^$|E#v&{g8#1q+Zt4?@Rr22N@5YRi3
z^!&y2<S5#&H`wf89&ayd_*~+~mx)Vw_g38d5jgH(Wxy}V@H`HchCXHjj6F}agj+W<
z6!4xfp5TR41Id(jN9E25j8P?2a|YdN89(gmm=rPObOx(=pG6Mj{Hvi8j{9fVQEp5N
z<8mZp1eU+py4g`0znFkpD=<HRZ1z$P<Gr<NE8&bJj6CA!NTm#jaqL5fn(=tu{4~%I
z+XZ$z6x_5Xuuk(4YC7Qf<jgHK`pg-nhDKXEMN0zW5_GNH88I0tt0qguD&@@d6!Osd
zb}i7@7BGqKDWm<+$2!y0<mwdM3F}Xf_><ngi>_ao7zopIM60`xfDDCBFoD>mp===-
zFHG`b-e<i&yrUsclrLQ2jsWno`(6F<(jCWX+|{2+i4qS+8F&er=xkZLj<jHar$z4L
zSH8|XDM~PaQNhbrkX@WnK7|I+8r^j86qH#Bt4~D+wn_Zpw7Ognzo=pBf%mANYWWW2
z#7h0iv7!^S8F=3x2m<^Mu1YrODLv?8-pIwThs@BF_A!qfHZL{fs*$CNa$_au(i|34
zMIsbqmg(n5pxeWZDSgh;tB%#9ID_CeccI_F+&;r4@TsD>jZ=`ZA><eGYEbDO-0A+3
zn(r3ccMI*ih4%m3LVNp9*EqiyzXiSpz6HJoz6HJoz6HJoz6HJoz6HJoz6HJo{?8Qn
zzW@LK%>VWKsQzmO{xZ5u-wY+)4s)Jcfr)f-Ar3tmx;Q%X?=_iE(7?LG>?vPKqxGzA
zrTyMD(I0QB?xI8Xi#qGpqn+#gnKwnwh%s)yI!3zqL6TfBo+lN<l)ZIrsE;==qP}ae
zOnW2ZWx%j@<=oM5+69ohxaD;}dY>6f?;cva;&%@CjxMIE%8Ozkuk1qO?hXO2hpD-z
z<Eq)`@Dd*7=n0DAm}xk3LSossMRffWQa39Qv4<!yqHl2{K*O2Sqx^IGMJU{sD-a_<
zhDwV96{^i4_({+l!z!L7p}M)4l~-Dh*!k|CYAe&t7l1ZEJ}E)hA8!zmdF_WANsgXd
ze)S=vDqob+)zMiarGmZ}Do9R*^#B8>`wZVR1`z7k9Vhy_qRihB9FMIz`v|6$7kE_k
z(FJLAJ2qJg;4U#7Sq~~OiD!3f{M4_VlYlv@<+`Q{^LDfSgDo3W$AH@MyA3`}za8GL
z+zq+4Ij27G0h<V>&OU7@`DbgAi+tntiS8MpF4Zkv*07+E*K<<;b#4(}TJW<=!}F#Z
zxB>X9ck@LKdI-`;lKUE3wEdy-eZGs~=_jIvi}Nyt#Zu?^3(T&J@2@(6Ie%p?ORjDe
zvsu0gDvBcls-2|nb#GwwRQmN7Qd41ZchhiTJ2*}%FO7(BV`m*A6&WG@NX915T>x^9
zp0aHEJ#>~|qBPtw_)4rSc1E<p^VxQ@#eS$B>i#E%iH>jOG{Kfy%}Mska<?qNRWfF=
zZRH+DI0~Z+3O^znq|<hIbRgyg@w<2xZnb49>VTWQ>1jT(P@jZWk+^swPsJaI_L9XS
zFVbGZZTkI2r@(BPG|7Mo$>Fiy(;ivYWxbFpegj9=NuR(pBXLhe{VbH~?Z&i5MHKpU
zammS~Z?ziZ#A=^Z|Do9L-#~ZgC&DHwOuUx7+yG5EdJV9y7*!jXU=GPEa$`@2vm=Dz
zo#om;lY&z4wCS55!nz^7AVWn{2|Rus%qCN)Y+QVY8B1qfz@(WR0VS$YrO{_pwm>V#
zlB&_z;zOmNv%o+3zC@DgJRRCB#}};9xO^z<@R!tpU2fg8ojwa!gvP&g#_VBvtD$oK
zo0`0J86P%i|4IfCIJe6`u`|y*QFuW_RXiAbaA;FYvP|q_g9|dA2r@&me!Togj5ygm
z%bOH!OEOP^*3>>DKNF(2F{K7cY3<6c+O%J?F357XRE9E=Tly;iPF<q#w99<SQ#)ju
zwEYX~*&3)SyMtctMzdMOBo`dQ+(SE?VysS&bmBzpRtAciB;HD=`g~$t)2NI(3;I|<
zL2<y`SvT6AnpHX&Ie!-fwH92r1Nn7v?=4J{VazwyszoJTD=31v<OB4$^IPhLT!32R
zxGGjMJB&=9*wm{Pi|`v#;2vhou34F8hI|^|%J!F?@HxWKAjG~%n_hZ%eHcXw;NzKl
zH!=6PJnC=#(Uofsy$4(~3y5*OH5ZC6d06xuF*M2?w$ylay3%$d7BHB+=zmju#mfxk
zAzG;r`fB*pS*gkzw5z~QZAh$-Fb_D1Z+54i5??7@q7gW1Uky=x0$K_(_K|<!=9!Px
z6YZIShb|Mwd}+^n1{>4rq8bgCFuUAEbIN!;3j1*hHG=zYPqzr=EWb+K#}2LPY(ARi
zQ{_#T;zU{3F9WH?;zrjoSPAuLsh2|Dc6n@E(YMQFZ1MFO)gQQ?B(){LWW|O84>V`)
zgGHRRHIwkZWKBeM-YtCxsT<ImhK8c(W$<qDB@!ebSmG>~(n~JroBzn1P$yH^@_rtO
zwuJ5i-0RX8jm3E!(%@G(uCEc{9FV8l=qQX?iQC#NLlR6YZ~oH3HN5$Ge!&f-Di7F=
ztEa<^=jGx@{v@UaB94A^@Z4<NFK)>IjT(vCP|4H0XKUWIWy;Gp5__D)hk`pGeB6(}
z<>#D`x*CqYIZj$|dkMH($xzyqKp8EMEEq6MT2weL5{wVMn<VC_L7+a@sHPp!?f=Mi
zGqisC`(m$2-zo*h*jD&xu{|s(t0i8-43@hMpPBBpH?GDlj6Kbk!SgsC`*BVz28BpR
zgZ$Z~Jv5BK?`WJTZM^}NY%|W<A1}|EEf;A;rO~UKsO9#CTT1O1ySV=^sqy<5f@#?}
z+WCNSpR_k(vTp_+J^eQ|z=eh2vk{hu>SnHLgpC7|&Dbp0XBX2?0c8ncyU{BL#p<(i
z6&mC(h6(rXaTjdzv9%spE%)2Mj}(6@0#2i5LHl^j{l);d6w`4$G7(ovzjCDISaB|0
zJR=DvI-MObO%%Tow`jb;FS0&QuYVTg-u>O0T#1^jUA_s@XIB9Z@&-4}&;NylkU8~U
zhn4$d^@_3kh737|nFjcWK~5gS@w_12N#dd~bRt)$z-j3z`MD&O3%G|Qj^$To5M|@1
zOf!S3renF0(hZ{66*FVIoL8P?$m<y@h+Q(Ini|;#1G@|cIOfC?j8)}g$1H!^3AxKK
z4MfdrTUs9({Xvee>a)@qI~TJpPl>=Emmvo@h1-5L_1YppWHjT)_+IAwmpt?!QI02L
z?)l${TS7tl5T^Pr(yd^m+oYNb{*u$7c#g-Q<$EL2Jw7eENy(S)K?PP<uk8jgHzHpZ
zRo%Wc39QJR&g<LLPHa1c^ZKvNPIkA@CS*_(4v49eq5`?pQMS_Ha`E1hhOrQKv(!Z=
zpG?jy{90c)5fy`21y75QBE3|tZhj<!@P0~Bc2h^*8>c?gVir;uOl=Q#Cwm9P`sAhy
z)qS!rLwp9HTs2N_tNA`B1~}$iN0+nx2Rf%_vwdQ!e!{?zq=S@vnYS2a(MZ}Yf<!w6
zp*HopK8kD$fg&S#_ktEiq$ZV_R<g~qFzS9-b$Jj_P1^mXI|hJM%s{>UfP@0Q*GJaM
zNSb<%uSKaU1n^$ZS;I~h^hypIS*`B8%GWpha*d5RQs{g?d}^1*-3opxKGmAPKLW{9
zz*bprdQesd3m2L^6WTG}F@vld@h-{Tyl~0WL3*Pb3m#fC)tsquEQ;~i=JrRG)D3Lv
z2_$rnNg*dguCw9n&QjnOmhqkQINC}E&6rAFD8wMOwnbD~9!QZ%FL-otof#gv|44>~
z@Qolx(*1$>K$r3>oR^tPRB5*Jm)1?Oo$Sp}@V1_nL;ejY(Bn_HTuf(!c<w$UTMN#o
zGe7t{f~~)#CSf={)Ex(>pY1|s9OUbL1{4jO^54{yjO$tT>8e!!6l7=|T8#JY=$H@|
ziP(YxVD>m<O71&k3$xU4Qcpn;#X(RMjk<xw|3YqZQAZL_1~=cUFQYo|+Y&-)P6bya
z8?kLuDmh{l1+a_p!xim8Lc?n#r-fJ~$TlD`;Inn5Q7k|#nPgCY4!y*9%JHp3EJ~zJ
zcNicZL8g|O0ASOeM<+$8%)Q^?ugS&A6Ei`qZuh>5!UoeV32*igO)OMRW-+P#6atdf
zti(N*?5Cfy`L$IxQ0<!!C*bLRH;1H1!d@@LK+FS+SI5bucqtU?bd4rq*4XnC)ZNAB
zk?sKKVEJVb^v727D)Gsu*6W0P9E{&Z94iA)DjSPJsF`+Q0QU8t#G`~#PDl=FX<O`x
zp1?FMA|knT3qrR+k#}s5IB26=cIRa<uPcs7z+fZ_UvX3Ct6F;QX()brw4qh5vUpg}
zJE$xw8IjUx9G{^Z(69X3chH(SZUhS+r5>}hfLqb^4Hbt^jJi_jo_MTM#kJ1`hy9Z0
zNQh$_JXBACP9U(oJi{d_*7SFj!8&j$*$S>#^(rnmer)waH(Dg$DGQbJR`2ELw<$OV
zjR)C;a8UJRmff~)Rq)1eMhx@1P(l*&2djFfv^uZ5>P$8(t4Ll5i(nchy2`}Kkdka9
zSdtQ)ECS$F0CE5yOJJv=YSo7qwLL+-CDgk>vCL-5J-alc3cXQ}T2NIBbW($vtVGbB
za^seEjM9}#!tEH<z1k+DxXhNppSH6Ltzd17FrkoZJEA!@o4%D>;6aSm`wCn2)l=HY
zvD$4WjC&RrZ!D9h0~7;fwb%DxYVw0aKP|Z~NWXZ*Su;iYs|Xi-DJ=A1Wi!XV#_-lM
zXmVMC74RxF4a#!Z&LvxcW9Y3jIpg^*-b3+@I%x)UpP$jQ4||-4gJ?3o(gJS4vXxcg
zzc7O=cN}=EhPI_wujq6IVfI^tMPFJ*l(FDR5}7ZY+~N6Pc(nw1Hwdgojd<P{Om$Q}
z4=T`%I9A{8uAkwW_@R-KD}c#n-~e9WpW#p8o8ZggQ{d6z4PbVlsUXWC9zb0{yMeNR
zx`F;{`%&L(`xf{w6!^<Y|D{cm(~PKFhFK#YGo^)mJEdT*?BA2V&6eC{S*H-8${)Oy
z7$pmIRUi;Jw-+#-I<S(4&$tFNnQC6D(ciTE;9Y=9k&y#Jzv4ta@1+h%GicB#lP+fP
zWFQ+!o6b*7p(ObQRNov1AY5uG8GE;z39xqGI3U2>J2FzN7x24SfTVIT(T5!eW039#
zB*5o$taRP=ratKE9J-V<Ke*R@NkC-JK5OTlwa*su#T2N#<tHj}&WUSNBa@<jJSkuY
zg^Lyg6!6$P(s-{(v)+0;V}2$xaZN(bq_%DA)@pE!C-=|smP*<Y!+o|jJb*)Nj|g<+
z$Padga@-#{Ma?%ALq-bHO=shp6ldMWG@&5o&iyb5p%Ku58{3s3?;U}ndLTLXAVlPU
z<P~v6Az-CBIh#<_VAFanTpfm9hD+cRgcd{jio-#`ac&}TL=i*pzv0bsEQ+A@C%_x7
zm582WU(pAv9FOj>inWk`X>nBjl`v}o5d6;_g&u5eZA2{%Oo$b(irRM(RyvvCIC<(9
z3DNfZvBvdk8u{I*GY0mfvnm7mZuz{}0DO?k=62i~5w<@>&m4y2Bxa1AVG6hm_S2`i
zLji_Zb+W-k00)1(gutRtuWJ$>8Uk`p7|@MH^EP(B9`0ql#1~~X<@-rO-jkM2WwDwA
z*?9-k)&^_K^Yra3d_W3lL-*exmmHZ`zhr~rK|~+Qp@B?<DWB&ULfXDq$nS6wJh-Lr
zq+{}pMG~mM*B(6BqH-?`bj`b<Pu*QOCZMm3V;mXBllB}5`h!9rzK|}U=UjSARuW?F
z6L9rd0Q+nGdO>febwYsPdATZeyaY80e0$GJxMwn>20^HP1~Y6@8KI!TV{;j5UZ{N|
zCHKg`UYrz`cT)1`(PMHam)Jn4K4)zfnx!fD$wJf==p?LBoNTpN>AgVVZinokhZq9&
zC~J0%{d+g%E=W$Fy%}^J5+zBzN(rl5iaGD$rq)Wx%Q6dZ4yLGUvhhYzsPOL4(+|yG
z`8s*e65x=!4BuRs{1fP>Zs6jhw$vKl@lh~ZZN^_xQ>Li;!^_-kA{?O;kYwlRNXGI4
z=HJw`7=Zgm&OYZL_9tbY4wZ6=y;Z(Lj{V5@ESCiVd_X6=wxgfckG+DnxNGvSBt+71
zrG^ML#}iuS=+n#DacB-p9(nPBa#9*aqN#1qU3jUMziqvEbLtKKO`&$r%UYENxGAPr
zx!t&J#Ae-yna;UlFxht>hYJq@3J%GMTZkSa|6&N8EnV4>m~o0;<4+cC&kLHvrYhhC
zP}Of-gN7Thuo7UT2d(o%0ObDlc%W+aioZ+G8N0}@xy<<z5fVzLJ7!bFP88gPH^o?o
zcOHHibmwtZvVx8~JgF?z&3gC4VX5Qt!c4f=4#4yYzPr*was=4YQEC0uTPTe_b?JPu
zKPnAuq5kES&W=hbT-2fv3<|OgKqSQ%Y?rzJ3M9?-u#v}*)Pq1Z7`dpO+dhBS-XNMj
z*3)m>Iop0GR=<f@%_%#IKbJGzfj+}0ba~DYDyQ6(=UNjn^wPy?nzl2sm{mHFJlUm(
zekq<O7st;Nm(OU^9pjU8antHg_hMZ+lPhZskxslR{aaXy`uTc;zD8>{N<CL<C|3kk
zsB*X`)Jd4KU2uyK7hY)Ye&~ZxdbLE`nI)oKt#&aPBESEp$YY{Qaa1VHZ-qDW`Q(?B
zDIYcB4gPuzq2mWEh=sQq7+f_vZ#aMbCA2YJJ`&-i9kZB;1-mkJKMGbe*5rj+#$2hh
zv+RmP1!EBom>?z2V)2u*BwC|Bw2Gk*4GT<LeDc;yGtvf^lOpN4OM7N3XP(;Stui&h
z=xLN$BbisqSnki*F6cs6{~9y@(=b2*7xYv{d3H%AMFfC;hrH=zia|7N&!d+CEb5Fx
znkcO*!ajQ7`e;r}sMviKCY<e#p_dZIE5lp#?GuBhX!fP1r=5bGP&B~p@B$lHtGw0e
z#YEpW@|ud^I_*5j`gu#Z*x<QYjrmJEMleaaX=q>KXeU=@`bD@4@|eMCOOm{%+a-#a
zwIZ}N*9SF*!%fE#?Ky5Sg!zywa@kPumu?K+z!K|CF9wofg3eH2-z(&azoe#F$VzJ)
z9Ke{K1T2ik=F;-G^^ok})adR6-cA}oYF<*E6CBG3>B2?VP-};qWC-fr9%~!qF$m&B
z2tOkVgjcOHCr(@2+k4*dnu{wSdy3vS%Q+h`<1DDmv2xw}o`T5X@1#bXump{W+@LN@
zjW+o>>PSN=xd$F<Q)R#!I9QNA`*1}Rzz_R;jiZx#;1R8E7YibAW~zGc%@P<6D9@^R
z0T4G8_}&_V;WLq5XV$f>s&!0y`70wsiGe9SxF=)nBh=!7;7W25foZUpIP$?Z@7?{R
z<rF6jAeBTuIyD$n%df^lV(nDW1J|VXw!soWjv95qT$2Roml-i7mTaUG<8r(eJwd;=
z@Pl_iW>uUsY(?NhfQsjIRo_G6d`!)Nx*hQACww)~CPuiS9_>`F^BMdz2=qj2D<HC@
zGdqek+Axt#;{O3WlFn_TvF&W@!!Sh1g}oz5iUbgq;gVx-z`6hpRZgq=R?2Jf%u9i9
zotSM7D`gw>Xo!ua_!$&!fknL&=DT?4rWwWg=_>R}H*mz6AaCCL&Vu_iC>5I{&Kp;k
zM8i*UO_DAzo))P!Wa3*Jz)&<snpuI&sJA69b)~6D_Yz?)_=nKC*5*Fpo^6Nw>p&BH
z-@Hu0u|2WBMVg0Ke7S>tXFUdP<sq6rNe47=G|cv6KjJPqTPV1OMzxp5{8}lFiolQj
z{Gnr$WZqJs`zyOJT~Q7HiXK-kY(DhEO~s^N7+EGL(=5MhmB0j2t5*LAKMbDgy)fIk
zu1UfW7#YXn?Q*r$CC%eB;=1xG{i5)W#J!UInL@cd;!j^5zG1Pp8Ujl8U~%cmi6%3w
zVbti<pl{oidT3e5S^Lr6IAv-kb~>x2`^e7rBp`@gzj(1%Mhj65=&+1;1d2CJ2*E-n
zmn`8|*ujrdX49=05HFlWe3S&uqTr^dn+NR0`@m5P>9=Qc`9GsSPC~5bMU>sMMe&-Z
zxIn9;ivdTIq+NGFr4UI<_$O0R_DT*Tb%c#Rj#y9H#;sVmb$l0)V=dBMozGh>%HVUt
ze!@Zekg)wFHNK%I%Ge`pP-jpglfr?U2C2OmS^uU+S}{;Q!b5{(W+jX{HUULsP~vV)
z6#=hTa<`hi_UHhXaqqO0Ac48q0{5jApr(MWPTv!PSaL42MVQxIH!n6jb?Rluh_b1K
zCoyj$i@G;Y_K1$-$OpotwN!G@g6#)Bbx9+hU|JUpC>J7s#}**hb;;Vh1(|#n{F^@j
ztv_Y8RXh$~;Bv3LtZXM40&m^<a#NJ9opc@m#wa%l-YcENx!5Sr0m_bzT<Qa7iWaB6
z-OZ+PX7@jjBH=?34(E^VKtEsVpE43`i%2?;cW>N{T4viasOqoIF3EfB4-Ps-2@!;9
zw_^dl0AtYNqYGDtgUxEOZE9sybwee69f^RK13r`ml$Wvujk39|c3N!K7NnSFFpy}^
zx#gMzPjv1xb{u9}z4z16K9-_W8YOt*FlPtv4wN+R`rvqbr3WUYy7kw773v<+UvONz
zgw`KE*lM&;_ViRKaS4%T^jNoxz8I0-D^&HQ$L$3@3MH?QU}INaHJChh49`Pez|e`&
zW+k8G9poZ%+*bFEFYNFhc_d9~=oG-Ux&j9X%ayRn9x1mEZYBOGC}!9=r-kHLutwE_
z6nUOydOysatg<lo2^nwGYV%+x=>2CT3gjkC5~8BhUVmYTJHN*k=!&SL)3TwEOt68Q
zNYCO<c4Vm-vs8X^zgq^Hpl8evn*uFVcq6(V_V)IP)8vQ?5B-n-t1^g{C9mrRYms^Z
zsI{-y(rIw3sbV{S{_o4uRE}z#m^E3{5zac#I<7QL!i2SD@wU64bBE{tQYNc-=Oykv
z)c0;9AxX!i^?TLVLL3{vz)pz|E}Yy3dKHTdO=3Y|Oa)BhH49PkRx^vdI2$?@^efyD
z8gtx~pw|8<pxgAUiJm|SuQ98~z$j#e<H!RIY7ya*o=cK1dDX0t#c~ggDJw1v<#_p_
zL5-}yz)9dO!bwy;)C1S5HO(~dfmi4CT)2>jFOV2Iua<~w1U%bPM6IXHpVLT}*$&ZG
zpz*oT2hlv5p$Uu)vS=s?6eI2#4AzRA;3~znH(m^F*bCvm07amZ*qK?|85&sAI2l+w
z1ET<1&24DYa$&F1s{OXoB?iPE#9s>l_|LB<8~1ZM-p{Tg_+70?C?}J~Y;WM?<Ywn+
zOk-qjVq^uZYU1c*VP^~VKRy5dAMgJI`sbbh|MC3)e_=1}dsW{8|IG#dQjG}$)U~O_
zEH(w$EHevM!A-TuCmH-(jU6OiS5HF49)l$zt@HPj4GjBZ|1z4_bIkN!ODsV}tEPSA
zE!u4lvWX~o1%d=3<0UB-8(!>?E_6rr$^8@S_>c;{@<tmT+zcoxMG-0~PZ6<|q*1Y)
zCm`8f)owIWVn4--h|<aYvXugTP;G}HcEy4OhcP-(y;~`3`bpbQS!OFKgbDV<%%lx;
zGB-v@;fLm;Pmq#3&?HNWI$?uxH)g{yXW^mE6JEc>ErD@yhQNx!5OmYo{vg8`P{^Jk
z+doS2Y$(pO+^*!li}mFWZR=WgPO5TP!DZx-#|uPf7%e!cV5L;NL{g)El!RNez*ooL
z@U9&^9IBVgdFVKIf3Q*rEQ~k)JRYFU{go}lOX%O<l7QDI5)6*z21icgLrlbu5l3zk
zy)C8D_acz(T4&<hi);QwMG>|x`#uCvRfyhtOwL<zkqty`@Og6EE{`4r3%}hGqXm1b
z|7&tLB62*SVW+3a<o#h7y8C#Kr_XPsKFLgU$+sph{DQZcx4GYyn9MaqLEi!Ebn9Sj
z;Q^@H6SMTPI-zCstWxbb+$~ErQ!-qC&4KYSgy#6uV4JDl7?w@taPHZ=-S(<Wl1mFL
zEoo#_@XZvhH=nx`xkX!p=4}IKFwYAuP%c5))tmS!897>$><$J}8!<5E;Ujc&@F9fH
z^73kW0NBhTH+;;mKqy7A)%CLzifc6*T2aD?^Mdd9blv)-Z281MDLkI54R<s7C+U)6
z7!??KN++%IReU+~dV=`m+6<Nd<Rj%&bfZ+q)*)E*r~NOe7uKEFqsV7nRvesrUe{I-
zj+D3K2nuuVTH)~9jHuI~&MtC}QNc+|i7zOJB~mxW6oy_jn=sab<~)eSIPPJTy)*y#
zPtJYpo6@a4d{suDM1$rd7D*w#hdM}$NBn2~Q`tmZQN6DI+=C~#e2MzE`SjIVed^MB
zp<Pcg_nCm6WHrS^_GGt0%hU`Hiv>a{mew9+Vb-%m0hH&k=*jzX?)S!F8Ib)s*ez3N
zyTWq}&A&bW|A#5k>+Jm`v717q*&y;9RM_#p?%&iX)X2FojVR1S@eN<RWWJu*b+pn$
zD!;*}6{pq1I=ErohcLjEvM~mh=NrZB2S*qzh7v;XU`+ms$#y1cN$HVAJKejKIMRC5
zo8e=Fyy%)u)dPh(<{!fA*3qm%%^pCHF4|1M{OHhn-oa`&ZSA6YJ!RLBZD^Z$ju~Hd
zv`*>5wu#0u3vtvUntfbg+yj=*FTNK|I0n>eqQJ&s36gFIa8)ujry2V*6O&Uf$W(FI
zSdU_9@BikZ5HQR4D6`To&vjLZW_P>toRy>IM^>&%{1hp%dEh)A?tscjkqn)H+V8Z6
zD`SBr4;;;110Q@H?C5&6SNO9EtkQeAZ6=tk&FRTW!X~3y5SHtNa`%S@g)LZ7^DVPw
zCYlo15H%<@G=fz}fyx;b@<G>wKoX7A2MMl@`jWB0HI32(2n0zxtU_@gfnkhrq-|%W
zfA9@7mn5<&TRfPF+pI&=ZXkaomsR6A?ep<Qx_!YooFT>pWCy6pfZ%{8L=h*pg=Kfk
zvVLaIetL&*LZHxr{~tWHu-r&zqK{dP4ss)2OE~;h3sx!+K6aZzt1Y2cHuhHJTGQ_4
zmZ{>t-T~p3>bejqOkk=4MMHfG_*CIY1LdI+PO0>U6N2%k1z-=Ubri&_sbX%u%&#(1
zDf}%srx8MCdBPS{OPoU5No#R~tP|~7YiJndtu+No%RIupf!3lkb|QkTD5Xi}KgYwC
zZjD@ac78%v$GT$dN#`fiMS9dz6^8BWG!qZn!P@Z%0=PKEeW}hBcLw90`vr`P4Zn)C
z*2k=fK@J-tBeLukT+#*y3P|@J7RjJwe#R_`wT2q3v{nH$GWhKi?ss*HfE6*;jAYG-
zVuZI;sGuCJ^$A?V3Z@cI?)YY&yIdDKfPp!DDxY#Y4+G<fau*egRYh&wZa3nbO2LB!
zWF+hFntGP;@SUAn7oM|8Cb3$D41OIrq(0{HYT3~KdEB)BAssL#ikL$mO2Ggte304;
zJ|#~!qf%dbUo}7hi=*VLhLp}3_m{eczr<k+Iu;f-hT204<ep7g09ris-_-mbQ+&OR
zBWR_lHItB9!}bPm;0~)WRQ*{TS=)FhS2z|*8EjJX`QY(6B(JO_OqFz;6{Gyjl0l+x
z&d<&Pu}5Lo%;N(Ns>u~fvrLX)`OM^$C>xZE>o5)NN=KeSP(QI$qyJ_lj)vceU~9n9
zT+$DDM8VOvAI#?q>14=e!M(VyF<_07-OISnEjYxZ1*x*!3U6x?lVII$w!5|EVtoTa
z!Uy12Stf3#*sYszf=8;IL2(`(M9y{vXi3TnpeEdilhaR|lH@66vhRhT-Hr*ZKuI!u
z0qQ6l{|k{SypWCZ^3)RlpcA03YlDhPg;Sq_11LPxSs7?f8wP>wPyEF}G2kvocUitC
z<F08&Or-ST5cCcI>90RJ?lNo~=duj?nst2<yYjlTeH=O&fGDNe=+q@na`y{Ip@-q#
zu=TKt9Xm~ti|TZ;)Mx^Kl6&+;iBQlnSIZ)tnM9AtC{DC6V@8uI38dlo%!w2POC#dq
zBRnwiPoPno_?l6kM&Cfq3kB0k08Wxmm{Pb1F?$6>b0OJ>Cv4*TKm3Ry8zdjN#w$_T
zc5$QAcg~(U0VyO{%BPVjz?@5nw!y*||NLeiC(YfRoDW)7@HD<u0?QDe>fBolm_<aG
zj{Nczf7tnR4yzMS*8bp~GFr#6YYwt3b%%qAQfT!``e(d5&~0~1551dap9WH{;}c=>
zuxJJH6_u7{!5IadKu>PV<Z(?DuKF=(luWG-U7=T)ZxG*c!Pp(`4=wHSWg2(}`p#=(
zM08H|+lz}Y9{1En^%5&YK}l8`Ku|d__N7_OV=qtf`(~>P!%jykK<r_6DCjmF(7n()
z-1f!-E>@54Yh%!L`yL;{qT43Tpr$$SU<owbw4{x11O>f*3@BBz)eM10Z%DYj(OlIj
zujS>Cb|znFKdGz|#5t%Kci1V{^7w^N$QFn4FB`w0XjIwFXcu!Q9ev7kpW_N#CxIf{
z_1=NJN=kU?gt>c6elDE`WCaU`y21I+c+zTJMB91PK2C#_zoe$hKA<W0;>Blj<-xh{
zGFR|j<%RU$)JP4+>2ard%u%k)-p58DNo8iffrh!6KwtascHx&2QZ<rP#r8#3-3Jvi
zMy!#b9ZSGl7-MWCpvyZ^pt{4$U%X0kMZqVQ`uL)W;rtZBF>FmArIvc_-QypUy~La=
zaheb@G+`^wdf%Zq2T6&kn|~Z3_;IkvTFfgGf_2&(uvUUGZ{;;;#FA+Y2E2?J$y<kY
z6#=k774t+oZ=$PGZ|b5Axjr7W@jlk!4V;L>%`7NI(UR;gAX(_?=6SQ_|3-dxrnC-H
z6>r|+$aMwViQr>3jAb<phf{qkXoFv8%>D8wY^V=6ii)2~*M2-E(ng;YDHO?1XRgtG
zvH&hkqdVz+nr621gTq*<Ced;mzL@yyct4f*xE-1_&QwUK3qLSsR+;Ob`TD{_<JLxr
zdlLVRPqd2aq5k+z8QxOQIP|7w`=kN6l}rO;zk(b`XpD&R-seUW$wV&iH<`4V7R3je
zv7x7sKv957`Ngc6OXJ;;iM}$Cvor}5?b1;<34HzfXTBgoJ+7768o76)EZIyx(^!5~
z9EXf~1!4#Rg*uu)L~gvO(y?qZA4fFhF&e1tk82O^6@o(1kbo8U@PCF>*J@RG6Siex
z`IQ8s)K`nCdDp7C0l~kfyClsSXsWg{6c#$IE7%H-gm*LYL`8X1Gp#t1VF`DVcb9^r
zX^gW<aTjeOoogOd@E`VMt;x)P;$DR;U-*m`-@T+$u5!VS7i=_bOL$Dej<VP)9loJ+
z+_;AxKC7b5!Qe>WR2!16`=D|JPs5dfpUt6)u!azAthP1Uz`xHsRge-eF&%m!d%E;{
zN7;t-iQ2$7_RFSC&@uc(PJg_}MVO9zsvsLE>$|E4UIpQ-zq=Oa6fQ?jG@|7y@uc>e
zxzcqIcu4fZ71*4c#?WYiR~7RSGq)y#B@srN6qIH#>=Z-MJhrPSBb2ALv1E1eRNwk!
z6u=6%AH$&QLHCni(Z4{}$WB9B%(8oZ7DdyDw)ZDKWr{D_<<+O^>mZa|WeJloP3r~v
zAN~Ixm{FMj<{h-}-TxN&7WfwU7WfwU7WfwU7WfwU7WltN;4l4u#h8=1OjyyE>@Qog
z6k?!C<lXqmfBXNKVg{<9@*Q<uuA=v#S%;Olg-}0uVsQ>}<=lR`yz;Ne;kNPw1}OR*
zL4+vdbEX_fT0CC0Dqjn4_?r>vvJkYLqG&XJh3sv;X=o8znzZn84~4&L08KVJI#z2<
zMmXx^rf@P!5YSOGf~M{PX>|P(Q%vd3;zVG^LWwt}v*{ExCorXpXCh5PM7*1TWIu>3
z9>?PLGm_25Z7H7C4^A%QH~t}V;j^cy<t$Pw<Z7-7)qc|P&ccz(0O$^U-qV9f`CEbB
zhe{105<<K^q_lqn0MGR6tA68b96~bo5V!HN!kzKe{@__C&{0H+@U@Rng?^-g^><`{
zHayJz)I_UP;a4yIHKm}KZ?^aX*E`d;Hu!6=dAi;MW297h1Qm83z8J$2T9!<nyPV)e
zKO9l~Py$*t8~)v$Ifeie#j8+tAot31E9v@v?KJZ(E%ru{Ue-I@%sNfEIYh7fa*xD^
zRRs)%iK5r^<;AWo!}wO`$|m?Mh!cs5C<0KKt!Of@LH4$maT<p5-H|prn4t2JFo9+)
zJFo|zrRdi5H8ndaB%~T~43%Z*q84<F5x|=5YRzZ0I1GRjE6vX@i3en|)k;i|V7uts
z_R?~J=sz%2>|(>xIH0&-BqGfH%PRI!t^ydr4<g<i{bEz%#L|U)&2$O*wXVII&8||t
z_bm|lY`75yfC7uFNh&AXlC5e$^^_Ql&XXBq$q;dfZ=)PT`hF0lLjJVH`h=KU0h}um
z_92wVQ3HRrn`Z^Q_&iIE)P6Y$@Y3>2QinG?<<XkIZ4%~Nf<D8jKvrlh!}SB&IAiu8
z0yIf>0&l`HxdZ_ZA~J;K2?ouD=tBUHC)U@077LRx)O3j)?(OX&z21h=Ym<ZQ3)l7p
zazYIM25b~XPb8)x?ysvf^@>*{=fWrJV`LHK=BPw2SG@Wo;P8O22%N*T1@bhFc%0II
zFwW1k3ToV!6m9JzixKq`Of=^g8b}249stxr2}aJ=y0tU9xRa8%N}(uGbe}-b2I~E=
z|Nr;>|Nj@AGQJP>Ti{#ZTi{#Zf04jn+GJO;XEZZJOFBf+I}Ce#$?xhVr8fWXmCQD1
z$5N8}$Y@JEeWQ1u@mIyG+`KUv*@>QXIQ3X%?L@B#33p?fcA1e?MfJfq`hr^4Z23KZ
zhX~gq_l^_C>v}Do2F<NpgYxn<X&OugCRf_zL%BB`Z#+AfAJix!el$v}0C;Txs;4Md
zg4ud^^P%QYxmn}#smG;IIJduwCSGC5A3~8pLzcRWL<I^|upDnG3z&kmb7<b>h%qDE
zs$~1JH}BaBeoO6_weRg)w9M~<i_OkawnfZoX0-2mRrq*U$<(>Jjnwot;)u7=t@uiZ
zOP-yVCG2<3{E1A5Y_-L5!m*)#vhTbB_<#Dk??)&U01n`FoJ}su9%m~nqvW_dGS5!r
zB$2((PT`Df4o8H{d-e*^nVIK|B=QKy<0O^cS!ca|ct5{C;`7^g6nl6mpiblsd4d+l
zl~#=D^5#L0Gsf{NA>~!y#6kPW%*QE=`tgxWF^{Y>%4l;j6fUD;e?38E@{za%GoooI
z$EEAHxc*H6nP*)PUVj3m^u~+1s|f4CUv}=QWz2SdfdWVrJ)VnlDf%FRn04?#j_r!C
z;c&JW;=ELikhLplSsd%teCcYU@$3qo)#*b@?LT(_AIR&X5ysV43?1%IeL^lGRouAJ
z`V7&VX}vTT+>C@uwpZ9uGFuHXL_xLtbr7Pg(v}5W7}dwO#z0s8rB}F0q>M%(Ea!|@
zXu&KCr+GYLz;$STsl`B-Jd{9<cl-e$AW~&{95f<jU)0YEm4i6y!s9Q3;{Q(6(!|+9
z?6d3J^UMS{_I2X|<(;f(f6<r{9ZWi$3wk(su|ANye(SO?2G$&WLrbBSlcDw#R9H;x
z(r!#EPSP-q@-3RY^?;sEX!8(T^n9^)s!h4NlNdT_|8kRstzf@Z#j*WV=<f6^xb<xC
zEH1c7dx+!Jd-~}6WS2VqnX`xiOa~un&nNS92^l_5p%bDSv*;Qfg!oAmN=s_aZJ4%M
zsjmolPuTd$FcaCQnH7C4KDbv&ii}F7S7*7hnh@$E?B+Ow{Pi|5QEQw97Fi8mpGU9e
z??m;*JjEjCmV>7yYK?CMpxbyaC!MA5>g9-yx`IQh$N$1n<<|L>_Sb=Iicn!yOEmre
zs1ce#y9VYFBJU}|TMsS{0b0@;KmJpr*?MR=xl2!`>v6n-%HW9~VY0*F`2)&QAD{9-
zytiY45$vgL@E(r#E;;}95Q0+#cdU1G@S`ZWCSuC@J-de9<k5LED|B1Gs6uX*32JY%
z)}JJDtfg{xcV1M%k0vuiAc`C1aEK|9Hl)476ER18WK`UY7u(ruPnOg+cr9jtw~UQm
zKjhWQ{%Kd}0kRn#rnVGR*hv3|H}r?k!6ogdlMyvnafbompGf)ajYZlvl~~4iyFLFv
zq|mFlK@6cY4b$`n@;;X#Ae%F1s&?jO(vwtH2%1mLcxfbR82FnZq^0(ulF9>3?!u&E
z?~P3QBIVQ)343kE^Ft2sR8^zJu!(c9%c><ib4fF=K=2l$`$@OcLc{m(2~HfE%R1FK
zJ@aRgkQxo>chb_%eeI7wJJd^WTc_kJ__T`uxf><D7|Z<lb!#biiWuO%l2-SH2E~bI
zolRq2H8ub1xCweAnin+x_M2!MDB)~K3U^s~tw5bE$wp5b-BX%TeIYPE>8b4y_P5^v
zCFOiUT7Nfg-m{x@r3AVpGbDR`YYvsLqRpS{PM;oML^()B4SvEr{71NwWgc)Td?2Z?
z>Z>8ZYQn;Wp%LT*taKy#2IHRuce2<hoyN>1>T8^<y}we#1kjCT;#^hs<P=)aI*$xR
z8ZRRAW-R+MLrr2SYa5g2&jvbGYgOtzP^}5Ru02t%5&&_pw^i`zdpDCRYUe$~mCeOQ
zf?oo=Zwc;LS#Wdd<*C9Q`NJ=kpj|P>g7XVw5r+t0TweW}l2CdT;{L>>Yn|0%zs?(K
zL*B3Cr^?J!Qz}Ub_~}CYc6AsyT3`zXPKf`wctDp?L#1`(HN}b9(k7kKNPw3o?L96N
zx(ybn%vyQbZt?w;kXLS?{ML^$$*g+;Jhkb|osTYND^5BeD7^N7z?P+GU|4Snt0qSy
zv|1OlG_4ObMlr`uvt`RIAAScbNu0osqlNQJ!ep;83bnJk%^Eg|W_oxv2pmyIk3U%u
zDZr(nt=9pj|D&c|u<euQN}|-YnTKKlZa-%3(oNF*rv{dA&vKltAmWUPDN72-#*Ceh
zjXUB3h4ZyEZP!4+KtR!h=a9N4b`w1eO|NW*ykTCRaP82J_;bwL-KCFA`3(3Yr!&fd
z|7lUNB(KPH&S80wYE=FEVKN|STl2BCIC4|8z4=gvn?s$_-*RJZ$t7^CQhy@B%Z|o@
zD+tE?BfkIgU@DsmZ^2DN-)q^5?H$k3u*E8h*k5%?w7wrGH3(w0n;svd)q!@LyzQnW
zHEj=S!OxCc`li7H@tb-Y9h)1oEEqW!wSB#H<m7Ew@7i0-bpcM2IY))GS7P<rSAP?;
zEGg`fZCW-8Sk-`c=bx$qZ%Eg7G$g~Oj18~dH(gKhAlW$&_E`@?p#+f=7oD)YN&>o|
zadyT{I!PqbWs>@;Ud35qIx}Bo0Pty;I^+&0n@;XEXiq(UiL|*|V1G+9@^13!qJhJ9
zbI&`|^4n8xqrrf!{a{!S*jivXB5m(ENe*OiZoGe%LPl9MZEX>uMw!(0pTmV(0Z+{O
zLc?s2lmkg>&mwa(vKps=fzpp$-j!Q*Swb=A_gzT$Ld`aP^(d<>B@WX@H8<PJE$Yys
z7_Rcl^b&+99Z=V$Vi6AqE_$IKgL$Z`ZoFJ%EPu(x?AA)fp9&SHT*cQf@@Ct~x1_!!
z_aeKfnWO@p@|SAqbTh%VXCyyox)Zxi&=Gb>`?|c%pX@`T##n8&dUr2D@b#Do-P|&5
zN(C1aAsWF41_YF5@$;pi6s5*PzXw9_fp3tLlBb;|^6YiYQlGaxF;nC}V*o2Qlsk<?
z8P%mL^C)Emq`cd*uB|lzUCHJ<0<%#Kr2SFwBspkzmodV?6mH(nYFl{Iq+9%iv16a4
z`<tg%-4oUjKHm|5&5wpvVK1-Nq8k?nk+%<eTFIl9RP3?0fRr7VqEW-qM(*?K9Po$6
z3{a=qy2}yLe{$!#jM4#Ygh-gxVP%qeq1mbvtU%&hKNgM~74~{X6Db^<;JM!Ddv6Gd
U?;N?kY!gonLcx>aakh#70wQ22SpWb4

diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
index 16e8e2c5df1a..48c085735979 100644
--- a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
@@ -55,7 +55,9 @@ GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert,
     PrintPRError("CERT_FindCertIssuer failed");
     return nullptr;
   }
-  if (aORT == ORTGoodOtherCA) {
+  if (aORT == ORTGoodOtherCA || aORT == ORTDelegatedIncluded ||
+      aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissing ||
+      aORT == ORTDelegatedMissingMultiple) {
     context.signerCert = PK11_FindCertFromNickname(aAdditionalCertName,
                                                    nullptr);
     if (!context.signerCert) {
@@ -63,6 +65,21 @@ GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert,
       return nullptr;
     }
   }
+  if (aORT == ORTDelegatedIncluded) {
+    context.includedCertificates[0] =
+      CERT_DupCertificate(context.signerCert.get());
+  }
+  if (aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissingMultiple) {
+    context.includedCertificates[0] =
+      CERT_DupCertificate(context.issuerCert.get());
+    context.includedCertificates[1] = CERT_DupCertificate(context.cert.get());
+    context.includedCertificates[2] =
+      CERT_DupCertificate(context.issuerCert.get());
+    if (aORT != ORTDelegatedMissingMultiple) {
+      context.includedCertificates[3] =
+        CERT_DupCertificate(context.signerCert.get());
+    }
+  }
   switch (aORT) {
     case ORTMalformed:
       context.responseStatus = 1;
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
index 4aa908e60ac1..903402670d5b 100644
--- a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
@@ -31,7 +31,11 @@ enum OCSPResponseType
   ORTBadSignature,     // the response has a signature that does not verify
   ORTSkipResponseBytes, // the response does not include responseBytes
   ORTCriticalExtension, // the response includes a critical extension
-  ORTNoncriticalExtension // the response includes an extension that is not critical
+  ORTNoncriticalExtension, // the response includes an extension that is not critical
+  ORTDelegatedIncluded, // the response is signed by an included delegated responder
+  ORTDelegatedIncludedLast, // same, but multiple other certificates are included
+  ORTDelegatedMissing, // the response is signed by a not included delegated responder
+  ORTDelegatedMissingMultiple, // same, but multiple other certificates are included
 };
 
 struct OCSPHost
diff --git a/security/manager/ssl/tests/unit/tlsserver/other-test-ca.der b/security/manager/ssl/tests/unit/tlsserver/other-test-ca.der
index 749fbd317ab29f1bd8bbbcbc64460c3d17eb80f6..794fb9cec9b19319dd1bb2d5c66c335ed9e2cb31 100644
GIT binary patch
delta 318
zcmV-E0m1&n1H=OqFoFTVFoFRopaTK{0s;j9p5pk_krXi&F*PwaFf%bWS{Ds8G%zzU
zH8D3ZGcl1{Ie)TskqRFzkbzJye|?cy;0Xh);QO4om<$XI<?+tOFth3ET3V8CmR^PS
zxrZaj2>H=w<yg3ggHa<tPQ}_CMw7^N)IQ(06QI62ol}_A6+d{Qd8vWoD1=87>a$g-
z#mJ=lwg=X_B{TcRy?;ht{&gmM+IC7d2ScHdcH^=n`vJ3)6ag@QXWKTC=yNAo<o?}^
zrIwOD5p~T@fNjvY+;(@79vTF%aF}H+ASrmT`k+Hq#P{0-(ZQ^Y2tIX3AcxT-_q-Hv
zTpb-Q$ocqj+iX06B2rgH=kyfTVhIa<O+azm(E>Q4D-dq7WXqQ;md<YQ8QTw1;1mYd
QN_;&;f`$LnsBxwNgcvxGY5)KL

delta 318
zcmV-E0m1&n1H=OqFoFTVFoFRopaTK{0s;j9p3e2XkrXi&FgGzcFf%YVS{Ds8G%zzT
zH!(OcGcb``Ie)w3KM>Y;-YvyiXamKk3l7jqZGVd?Fkp`bE4ORWA$q}viBMzHuIfH&
z?#Eo5KZnC6PE!c%1xGxH>O0uX?L&s&IaG>mfP{_}PTr1nXmed)D(rsftR8bgrEc88
z#G$P!4@{HO^cp}rU9=NXX)&_J)c%qtuU-*u)D^-yVF8zu6ag@Qi0%>@ryDnySKHAJ
z)Q(dzH7ZR7aY{WQTQmWa^N(7fQwX9|n2<~vAZ%^k*PPX0YLe<be7K?ca$ASyFI{y}
zTMT@PU>8XDgY#TdO1!|#>?IUh4bLY%8RXJ6T&_049BID|PkutLeBUs1wct?32l+;%
QZ$o}VZM{a%y|8%!*NX;-ga7~l

diff --git a/security/manager/ssl/tests/unit/tlsserver/test-ca.der b/security/manager/ssl/tests/unit/tlsserver/test-ca.der
index d6c9665af2659b67ab7d5e15bca920f855e441c3..f4c4863a5bbaf2d78166add109fddaf57d25e2e2 100644
GIT binary patch
delta 319
zcmV-F0l@ya1GobeFoFTJFoFRcpaTK{0s;j9p5pk_krXQzF*PwaFf%bVS{Ds8G%zzU
zH8D3ZGch%hRx*F6;ZZ%vnDdvd990byeh|q0Rn)HYimfeFPi!KcYKPjT0gdi$N(k5M
z08B0NE{C|a%bCT{Da^rN7LihMUR+W`?m3)Jy~tj!wJaUUHKTe7ebDQK78D3r3$H<Y
zrDsf;B-icbe_#+=pvWUCBXb2X9;f;;na$XDoKJ||$UXr(lL!GYe|V7OH<E3eWkts6
zve5gUGbCc}$s^U<rX9J5K_OhicJ=?z#YUQP4G-x5bi^AzjIa{m)c=Rdy>i~yGBv+b
zCEks&Z>pA8$hK0=-_d+6-gW5!E~qV`1LyY=<ED+o)0%?O$%PufM2sU60O5k$K{X$I
RV8q4y*~e)>e!2(90SqGYlY9UG

delta 319
zcmV-F0l@ya1GobeFoFTJFoFRcpaTK{0s;j9p3e2XkrXQzFgGzcFf%YVS{Ds8G%zzT
zH!(OcGcY!hRx*FYslxBG1KI>Sv-9vsIz+1zlw&SCr+X}X(eGYyLG_e;9zovI&>2~{
z4^~HhM`&y(4JAYp&O%HvV!cNcTIg@AsUlD=ZE7}kdsyH8GC>=OaLXAlz!!i}*<kGx
zS)Q2|)}3$q_(m34j&Ok_>NAq1;yz$2!n`6%+BJwtW|;xOlL!GYe{9)=%XntNw6Y_+
z@LYwlQPM=VbH2vSohLtSUWVz~lQ$wh47c4^yipXt!ep!UYXhXnUTHbUzJ4ki977!4
z{f%=pUGT~C>k+bV<%ykt&%1ZTe(ktxJPZ{lWdJ4!Mkb!|*ZJ%|SNk%46%ta(T3l4S
RCB1No`uEt|rzj-R0pnA@jV%BG

diff --git a/security/pkix/test/lib/pkixtestutil.cpp b/security/pkix/test/lib/pkixtestutil.cpp
index f90bcbee0373..bbc78f019e15 100644
--- a/security/pkix/test/lib/pkixtestutil.cpp
+++ b/security/pkix/test/lib/pkixtestutil.cpp
@@ -131,6 +131,9 @@ OCSPResponseContext::OCSPResponseContext(PLArenaPool* arena,
   , responderIDType(ByKeyHash)
   , extensions(nullptr)
 {
+  for (size_t i = 0; i < MaxIncludedCertificates; i++) {
+    includedCertificates[i] = nullptr;
+  }
 }
 
 static SECItem* ResponseBytes(OCSPResponseContext& context);
@@ -141,6 +144,7 @@ static SECItem* KeyHash(OCSPResponseContext& context);
 static SECItem* SingleResponse(OCSPResponseContext& context);
 static SECItem* CertID(OCSPResponseContext& context);
 static SECItem* CertStatus(OCSPResponseContext& context);
+static SECItem* Certificates(OCSPResponseContext& context);
 
 static SECItem*
 EncodeNested(PLArenaPool* arena, uint8_t tag, SECItem* inner)
@@ -385,8 +389,22 @@ BasicOCSPResponse(OCSPResponseContext& context)
   if (!signatureNested) {
     return nullptr;
   }
+  SECItem* certificatesNested = nullptr;
+  if (context.includedCertificates[0]) {
+    SECItem* certificates = Certificates(context);
+    if (!certificates) {
+      return nullptr;
+    }
+    certificatesNested = EncodeNested(context.arena,
+                                      der::CONSTRUCTED |
+                                      der::CONTEXT_SPECIFIC |
+                                      0,
+                                      certificates);
+    if (!certificatesNested) {
+      return nullptr;
+    }
+  }
 
-  // TODO(bug 980538): certificates
   Output output;
   if (output.Add(tbsResponseData) != der::Success) {
     return nullptr;
@@ -397,6 +415,11 @@ BasicOCSPResponse(OCSPResponseContext& context)
   if (output.Add(signatureNested) != der::Success) {
     return nullptr;
   }
+  if (certificatesNested) {
+    if (output.Add(certificatesNested) != der::Success) {
+      return nullptr;
+    }
+  }
   return output.Squash(context.arena, der::SEQUENCE);
 }
 
@@ -704,4 +727,19 @@ CertStatus(OCSPResponseContext& context)
   return nullptr;
 }
 
+// SEQUENCE OF Certificate
+SECItem*
+Certificates(OCSPResponseContext& context)
+{
+  Output output;
+  for (size_t i = 0; i < context.MaxIncludedCertificates; i++) {
+    CERTCertificate* cert = context.includedCertificates[i].get();
+    if (!cert) {
+      break;
+    }
+    output.Add(&cert->derCert);
+  }
+  return output.Squash(context.arena, der::SEQUENCE);
+}
+
 } } } // namespace mozilla::pkix::test
diff --git a/security/pkix/test/lib/pkixtestutil.h b/security/pkix/test/lib/pkixtestutil.h
index 5873a0586bf8..4085f440d43e 100644
--- a/security/pkix/test/lib/pkixtestutil.h
+++ b/security/pkix/test/lib/pkixtestutil.h
@@ -46,6 +46,9 @@ public:
   uint8_t responseStatus; // See the OCSPResponseStatus enum in rfc 6960
   bool skipResponseBytes; // If true, don't include responseBytes
 
+  static const uint32_t MaxIncludedCertificates = 4;
+  pkix::ScopedCERTCertificate includedCertificates[MaxIncludedCertificates];
+
   // The following fields are on a per-SingleResponse basis. In the future we
   // may support including multiple SingleResponses per response.
   PRTime producedAt;